cobaltstrike | e51eafa2376dac566e2da68cb832df7c6981f15b442724faab760da6f415f16e

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-11-2024 12:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

13ef835f09292171c958468969ec0a2b
SHA1

1634443b8c42dd9bf71b5de3826883025d37411a
SHA256

e51eafa2376dac566e2da68cb832df7c6981f15b442724faab760da6f415f16e
SHA512

e2a1c7ead09bd084170f903d54626ba97aa8e2dc9f0e4f24c547959a33bd20d7f25afb5bb9c79b709a2569fa4129728ab1770300c4508f5f12c5309fe3feb99d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU1:T+q56utgpPF8u/71

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
\Windows\system\GOYazwX.exe	cobalt_reflective_dll
C:\Windows\system\EIICttC.exe	cobalt_reflective_dll
C:\Windows\system\NXpqWil.exe	cobalt_reflective_dll
C:\Windows\system\mMcdgpe.exe	cobalt_reflective_dll
C:\Windows\system\TWlcxap.exe	cobalt_reflective_dll
C:\Windows\system\cGGfvhb.exe	cobalt_reflective_dll
C:\Windows\system\eGXtovH.exe	cobalt_reflective_dll
C:\Windows\system\svajtks.exe	cobalt_reflective_dll
C:\Windows\system\RMOxHmp.exe	cobalt_reflective_dll
C:\Windows\system\oFHdiIT.exe	cobalt_reflective_dll
C:\Windows\system\xgdLDky.exe	cobalt_reflective_dll
C:\Windows\system\PaVbekH.exe	cobalt_reflective_dll
C:\Windows\system\FkiKpmQ.exe	cobalt_reflective_dll
C:\Windows\system\oLiVDoh.exe	cobalt_reflective_dll
C:\Windows\system\jzdFyEZ.exe	cobalt_reflective_dll
C:\Windows\system\VswOSiQ.exe	cobalt_reflective_dll
C:\Windows\system\oxQdPEu.exe	cobalt_reflective_dll
C:\Windows\system\iTNNupD.exe	cobalt_reflective_dll
C:\Windows\system\EzndfWH.exe	cobalt_reflective_dll
C:\Windows\system\GHGWbsc.exe	cobalt_reflective_dll
C:\Windows\system\NHtBUEs.exe	cobalt_reflective_dll
C:\Windows\system\vhHqhjA.exe	cobalt_reflective_dll
C:\Windows\system\cPzVRTr.exe	cobalt_reflective_dll
C:\Windows\system\NPDRQIQ.exe	cobalt_reflective_dll
C:\Windows\system\YcRAjZV.exe	cobalt_reflective_dll
C:\Windows\system\ejipjwU.exe	cobalt_reflective_dll
C:\Windows\system\kYmpcqm.exe	cobalt_reflective_dll
C:\Windows\system\pSKAyHz.exe	cobalt_reflective_dll
C:\Windows\system\QtojZaa.exe	cobalt_reflective_dll
C:\Windows\system\vKUoFIf.exe	cobalt_reflective_dll
C:\Windows\system\GBneiSG.exe	cobalt_reflective_dll
C:\Windows\system\kasGyrH.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 63 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/1964-0-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
\Windows\system\GOYazwX.exe	xmrig
behavioral1/memory/2896-15-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2724-14-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
C:\Windows\system\EIICttC.exe	xmrig
C:\Windows\system\NXpqWil.exe	xmrig
behavioral1/memory/2648-22-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
C:\Windows\system\mMcdgpe.exe	xmrig
behavioral1/memory/2640-29-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
C:\Windows\system\TWlcxap.exe	xmrig
behavioral1/memory/2544-35-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
C:\Windows\system\cGGfvhb.exe	xmrig
behavioral1/memory/2568-44-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/1964-42-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
C:\Windows\system\eGXtovH.exe	xmrig
C:\Windows\system\svajtks.exe	xmrig
behavioral1/memory/2320-58-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/2552-51-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
C:\Windows\system\RMOxHmp.exe	xmrig
behavioral1/memory/2084-85-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/3016-86-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/2376-87-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2240-84-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
C:\Windows\system\oFHdiIT.exe	xmrig
C:\Windows\system\xgdLDky.exe	xmrig
C:\Windows\system\PaVbekH.exe	xmrig
C:\Windows\system\FkiKpmQ.exe	xmrig
behavioral1/memory/1964-97-0x0000000002370000-0x00000000026C4000-memory.dmp	xmrig
behavioral1/memory/2816-100-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/2212-94-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
C:\Windows\system\oLiVDoh.exe	xmrig
C:\Windows\system\jzdFyEZ.exe	xmrig
C:\Windows\system\VswOSiQ.exe	xmrig
C:\Windows\system\oxQdPEu.exe	xmrig
C:\Windows\system\iTNNupD.exe	xmrig
C:\Windows\system\EzndfWH.exe	xmrig
C:\Windows\system\GHGWbsc.exe	xmrig
C:\Windows\system\NHtBUEs.exe	xmrig
behavioral1/memory/2816-1307-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
C:\Windows\system\vhHqhjA.exe	xmrig
C:\Windows\system\cPzVRTr.exe	xmrig
C:\Windows\system\NPDRQIQ.exe	xmrig
C:\Windows\system\YcRAjZV.exe	xmrig
C:\Windows\system\ejipjwU.exe	xmrig
C:\Windows\system\kYmpcqm.exe	xmrig
C:\Windows\system\pSKAyHz.exe	xmrig
C:\Windows\system\QtojZaa.exe	xmrig
C:\Windows\system\vKUoFIf.exe	xmrig
C:\Windows\system\GBneiSG.exe	xmrig
C:\Windows\system\kasGyrH.exe	xmrig
behavioral1/memory/2896-4041-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2648-4042-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2640-4043-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2544-4044-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2568-4045-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2552-4046-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2320-4047-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/3016-4048-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/2240-4049-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/2084-4050-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2376-4051-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2212-4052-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2816-4053-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

EIICttC.exeGOYazwX.exeNXpqWil.exemMcdgpe.exeTWlcxap.execGGfvhb.exeeGXtovH.exesvajtks.exePaVbekH.exexgdLDky.exeRMOxHmp.exeoFHdiIT.exeoLiVDoh.exeFkiKpmQ.exejzdFyEZ.exeVswOSiQ.exekasGyrH.exeoxQdPEu.exeGBneiSG.exeiTNNupD.exevKUoFIf.exeQtojZaa.exekYmpcqm.exepSKAyHz.exeYcRAjZV.exeEzndfWH.exeNPDRQIQ.exeejipjwU.exevhHqhjA.execPzVRTr.exeGHGWbsc.exeNHtBUEs.exeFSPAlNN.exegEDsubz.exenjswhVR.exebAtiIwu.exeEkucRId.exeCeRpnen.exeDWhimJK.exeNRAdUCe.exeNblVpZd.exeHhxmakB.exenEVciFt.exeoubMTjU.exeUQlMyrW.exeIgxwFbb.exerPBPOqZ.exezKZfnOu.exeEULQNhX.exeWKfaVpL.exewxzAxsm.exesBWCzUT.exeCQiZAJA.exeeNvEBxS.exexqvQOtt.exetKERQbX.exeoyGWcSK.exePzUiHCn.exeEGfyoJT.exesgvYxWE.exexlJoqfy.exesuKFglm.exeqTFHqZo.exeKcdjLOn.exe

pid	process
2724	EIICttC.exe
2896	GOYazwX.exe
2648	NXpqWil.exe
2640	mMcdgpe.exe
2544	TWlcxap.exe
2568	cGGfvhb.exe
2552	eGXtovH.exe
2320	svajtks.exe
3016	PaVbekH.exe
2376	xgdLDky.exe
2240	RMOxHmp.exe
2084	oFHdiIT.exe
2212	oLiVDoh.exe
2816	FkiKpmQ.exe
2264	jzdFyEZ.exe
2832	VswOSiQ.exe
2960	kasGyrH.exe
2864	oxQdPEu.exe
1052	GBneiSG.exe
592	iTNNupD.exe
2624	vKUoFIf.exe
2396	QtojZaa.exe
1872	kYmpcqm.exe
1456	pSKAyHz.exe
2476	YcRAjZV.exe
2912	EzndfWH.exe
2916	NPDRQIQ.exe
1836	ejipjwU.exe
1868	vhHqhjA.exe
1336	cPzVRTr.exe
1524	GHGWbsc.exe
108	NHtBUEs.exe
3056	FSPAlNN.exe
2384	gEDsubz.exe
1788	njswhVR.exe
980	bAtiIwu.exe
2620	EkucRId.exe
2072	CeRpnen.exe
1744	DWhimJK.exe
2464	NRAdUCe.exe
2436	NblVpZd.exe
1792	HhxmakB.exe
2112	nEVciFt.exe
2348	oubMTjU.exe
1492	UQlMyrW.exe
2456	IgxwFbb.exe
2056	rPBPOqZ.exe
2428	zKZfnOu.exe
2604	EULQNhX.exe
896	WKfaVpL.exe
1392	wxzAxsm.exe
484	sBWCzUT.exe
1588	CQiZAJA.exe
1596	eNvEBxS.exe
2748	xqvQOtt.exe
2528	tKERQbX.exe
2696	oyGWcSK.exe
2244	PzUiHCn.exe
2052	EGfyoJT.exe
3012	sgvYxWE.exe
1516	xlJoqfy.exe
2860	suKFglm.exe
1740	qTFHqZo.exe
2840	KcdjLOn.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe

pid	process
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1964-0-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
\Windows\system\GOYazwX.exe	upx
behavioral1/memory/2896-15-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2724-14-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
C:\Windows\system\EIICttC.exe	upx
C:\Windows\system\NXpqWil.exe	upx
behavioral1/memory/2648-22-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
C:\Windows\system\mMcdgpe.exe	upx
behavioral1/memory/2640-29-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
C:\Windows\system\TWlcxap.exe	upx
behavioral1/memory/2544-35-0x000000013F120000-0x000000013F474000-memory.dmp	upx
C:\Windows\system\cGGfvhb.exe	upx
behavioral1/memory/1964-43-0x0000000002370000-0x00000000026C4000-memory.dmp	upx
behavioral1/memory/2568-44-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/1964-42-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
C:\Windows\system\eGXtovH.exe	upx
C:\Windows\system\svajtks.exe	upx
behavioral1/memory/2320-58-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/2552-51-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
C:\Windows\system\RMOxHmp.exe	upx
behavioral1/memory/2084-85-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/3016-86-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/2376-87-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2240-84-0x000000013F030000-0x000000013F384000-memory.dmp	upx
C:\Windows\system\oFHdiIT.exe	upx
C:\Windows\system\xgdLDky.exe	upx
C:\Windows\system\PaVbekH.exe	upx
C:\Windows\system\FkiKpmQ.exe	upx
behavioral1/memory/2816-100-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/2212-94-0x000000013F340000-0x000000013F694000-memory.dmp	upx
C:\Windows\system\oLiVDoh.exe	upx
C:\Windows\system\jzdFyEZ.exe	upx
C:\Windows\system\VswOSiQ.exe	upx
C:\Windows\system\oxQdPEu.exe	upx
C:\Windows\system\iTNNupD.exe	upx
C:\Windows\system\EzndfWH.exe	upx
C:\Windows\system\GHGWbsc.exe	upx
C:\Windows\system\NHtBUEs.exe	upx
behavioral1/memory/2816-1307-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
C:\Windows\system\vhHqhjA.exe	upx
C:\Windows\system\cPzVRTr.exe	upx
C:\Windows\system\NPDRQIQ.exe	upx
C:\Windows\system\YcRAjZV.exe	upx
C:\Windows\system\ejipjwU.exe	upx
C:\Windows\system\kYmpcqm.exe	upx
C:\Windows\system\pSKAyHz.exe	upx
C:\Windows\system\QtojZaa.exe	upx
C:\Windows\system\vKUoFIf.exe	upx
C:\Windows\system\GBneiSG.exe	upx
C:\Windows\system\kasGyrH.exe	upx
behavioral1/memory/2896-4041-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2648-4042-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2640-4043-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2544-4044-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2568-4045-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2552-4046-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2320-4047-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/3016-4048-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/2240-4049-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/2084-4050-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2376-4051-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2212-4052-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2816-4053-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\oLiVDoh.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nstpeNU.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kBPyqOz.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mLUZlIk.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mFidryD.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BPDwNnC.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JHClddl.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lFzTSNn.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SvXaHrJ.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yclUqTH.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jnlTOtl.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jiBXPVX.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\glFTlJZ.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AxAyZFO.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rdozrjy.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PYjlLkj.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yLniodr.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GknmfgY.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GBNKITY.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TngGRBL.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YPckNTO.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YpSxSQY.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZrBWnlp.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QnsrHOd.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kemthyZ.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pTKMpMG.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\boDmgly.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AFhahrZ.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fYGotfP.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CKyWwHl.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UMlvPDs.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ClBcgxC.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\flBDhbv.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xOzjIAZ.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\taZVCww.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kUThDQb.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SnXKeue.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\meUyibK.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FnTAosN.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CeRpnen.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qTFHqZo.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wCRLgBF.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lwgDWFr.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RFOUheF.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SlZsBRD.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YkzhcUF.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VswOSiQ.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QhGPoIb.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YahANKj.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\osZzqgU.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yzBJuZA.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uaRqBaC.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pmrjWhv.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KMcWYCc.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KsPYlRn.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKYOMsz.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GBneiSG.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VjXgvIb.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eLgnQCf.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lWBjvwF.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lRbSsmX.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tvLhjIa.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hpvAsEy.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AjypeBe.exe	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 1964 wrote to memory of 2724	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	EIICttC.exe
PID 1964 wrote to memory of 2724	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	EIICttC.exe
PID 1964 wrote to memory of 2724	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	EIICttC.exe
PID 1964 wrote to memory of 2896	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	GOYazwX.exe
PID 1964 wrote to memory of 2896	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	GOYazwX.exe
PID 1964 wrote to memory of 2896	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	GOYazwX.exe
PID 1964 wrote to memory of 2648	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	NXpqWil.exe
PID 1964 wrote to memory of 2648	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	NXpqWil.exe
PID 1964 wrote to memory of 2648	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	NXpqWil.exe
PID 1964 wrote to memory of 2640	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	mMcdgpe.exe
PID 1964 wrote to memory of 2640	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	mMcdgpe.exe
PID 1964 wrote to memory of 2640	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	mMcdgpe.exe
PID 1964 wrote to memory of 2544	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	TWlcxap.exe
PID 1964 wrote to memory of 2544	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	TWlcxap.exe
PID 1964 wrote to memory of 2544	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	TWlcxap.exe
PID 1964 wrote to memory of 2568	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	cGGfvhb.exe
PID 1964 wrote to memory of 2568	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	cGGfvhb.exe
PID 1964 wrote to memory of 2568	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	cGGfvhb.exe
PID 1964 wrote to memory of 2552	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	eGXtovH.exe
PID 1964 wrote to memory of 2552	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	eGXtovH.exe
PID 1964 wrote to memory of 2552	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	eGXtovH.exe
PID 1964 wrote to memory of 2320	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	svajtks.exe
PID 1964 wrote to memory of 2320	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	svajtks.exe
PID 1964 wrote to memory of 2320	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	svajtks.exe
PID 1964 wrote to memory of 3016	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	PaVbekH.exe
PID 1964 wrote to memory of 3016	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	PaVbekH.exe
PID 1964 wrote to memory of 3016	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	PaVbekH.exe
PID 1964 wrote to memory of 2240	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	RMOxHmp.exe
PID 1964 wrote to memory of 2240	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	RMOxHmp.exe
PID 1964 wrote to memory of 2240	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	RMOxHmp.exe
PID 1964 wrote to memory of 2376	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	xgdLDky.exe
PID 1964 wrote to memory of 2376	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	xgdLDky.exe
PID 1964 wrote to memory of 2376	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	xgdLDky.exe
PID 1964 wrote to memory of 2084	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	oFHdiIT.exe
PID 1964 wrote to memory of 2084	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	oFHdiIT.exe
PID 1964 wrote to memory of 2084	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	oFHdiIT.exe
PID 1964 wrote to memory of 2212	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	oLiVDoh.exe
PID 1964 wrote to memory of 2212	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	oLiVDoh.exe
PID 1964 wrote to memory of 2212	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	oLiVDoh.exe
PID 1964 wrote to memory of 2816	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	FkiKpmQ.exe
PID 1964 wrote to memory of 2816	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	FkiKpmQ.exe
PID 1964 wrote to memory of 2816	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	FkiKpmQ.exe
PID 1964 wrote to memory of 2264	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	jzdFyEZ.exe
PID 1964 wrote to memory of 2264	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	jzdFyEZ.exe
PID 1964 wrote to memory of 2264	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	jzdFyEZ.exe
PID 1964 wrote to memory of 2832	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	VswOSiQ.exe
PID 1964 wrote to memory of 2832	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	VswOSiQ.exe
PID 1964 wrote to memory of 2832	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	VswOSiQ.exe
PID 1964 wrote to memory of 2960	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	kasGyrH.exe
PID 1964 wrote to memory of 2960	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	kasGyrH.exe
PID 1964 wrote to memory of 2960	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	kasGyrH.exe
PID 1964 wrote to memory of 2864	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	oxQdPEu.exe
PID 1964 wrote to memory of 2864	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	oxQdPEu.exe
PID 1964 wrote to memory of 2864	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	oxQdPEu.exe
PID 1964 wrote to memory of 1052	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	GBneiSG.exe
PID 1964 wrote to memory of 1052	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	GBneiSG.exe
PID 1964 wrote to memory of 1052	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	GBneiSG.exe
PID 1964 wrote to memory of 592	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	iTNNupD.exe
PID 1964 wrote to memory of 592	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	iTNNupD.exe
PID 1964 wrote to memory of 592	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	iTNNupD.exe
PID 1964 wrote to memory of 2624	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	vKUoFIf.exe
PID 1964 wrote to memory of 2624	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	vKUoFIf.exe
PID 1964 wrote to memory of 2624	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	vKUoFIf.exe
PID 1964 wrote to memory of 2396	1964	2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe	QtojZaa.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-23_13ef835f09292171c958468969ec0a2b_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Windows\System\EIICttC.exe
  C:\Windows\System\EIICttC.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\GOYazwX.exe
  C:\Windows\System\GOYazwX.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\NXpqWil.exe
  C:\Windows\System\NXpqWil.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\mMcdgpe.exe
  C:\Windows\System\mMcdgpe.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\TWlcxap.exe
  C:\Windows\System\TWlcxap.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\cGGfvhb.exe
  C:\Windows\System\cGGfvhb.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\eGXtovH.exe
  C:\Windows\System\eGXtovH.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\svajtks.exe
  C:\Windows\System\svajtks.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\PaVbekH.exe
  C:\Windows\System\PaVbekH.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\RMOxHmp.exe
  C:\Windows\System\RMOxHmp.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\xgdLDky.exe
  C:\Windows\System\xgdLDky.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\oFHdiIT.exe
  C:\Windows\System\oFHdiIT.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\oLiVDoh.exe
  C:\Windows\System\oLiVDoh.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\FkiKpmQ.exe
  C:\Windows\System\FkiKpmQ.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\jzdFyEZ.exe
  C:\Windows\System\jzdFyEZ.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\VswOSiQ.exe
  C:\Windows\System\VswOSiQ.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\kasGyrH.exe
  C:\Windows\System\kasGyrH.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\oxQdPEu.exe
  C:\Windows\System\oxQdPEu.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\GBneiSG.exe
  C:\Windows\System\GBneiSG.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\iTNNupD.exe
  C:\Windows\System\iTNNupD.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\vKUoFIf.exe
  C:\Windows\System\vKUoFIf.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\QtojZaa.exe
  C:\Windows\System\QtojZaa.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\kYmpcqm.exe
  C:\Windows\System\kYmpcqm.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\pSKAyHz.exe
  C:\Windows\System\pSKAyHz.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\YcRAjZV.exe
  C:\Windows\System\YcRAjZV.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\EzndfWH.exe
  C:\Windows\System\EzndfWH.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\NPDRQIQ.exe
  C:\Windows\System\NPDRQIQ.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\ejipjwU.exe
  C:\Windows\System\ejipjwU.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\vhHqhjA.exe
  C:\Windows\System\vhHqhjA.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\cPzVRTr.exe
  C:\Windows\System\cPzVRTr.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\GHGWbsc.exe
  C:\Windows\System\GHGWbsc.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\NHtBUEs.exe
  C:\Windows\System\NHtBUEs.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\FSPAlNN.exe
  C:\Windows\System\FSPAlNN.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\gEDsubz.exe
  C:\Windows\System\gEDsubz.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\njswhVR.exe
  C:\Windows\System\njswhVR.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\bAtiIwu.exe
  C:\Windows\System\bAtiIwu.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\EkucRId.exe
  C:\Windows\System\EkucRId.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\CeRpnen.exe
  C:\Windows\System\CeRpnen.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\DWhimJK.exe
  C:\Windows\System\DWhimJK.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\NRAdUCe.exe
  C:\Windows\System\NRAdUCe.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\NblVpZd.exe
  C:\Windows\System\NblVpZd.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\HhxmakB.exe
  C:\Windows\System\HhxmakB.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\nEVciFt.exe
  C:\Windows\System\nEVciFt.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\oubMTjU.exe
  C:\Windows\System\oubMTjU.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\UQlMyrW.exe
  C:\Windows\System\UQlMyrW.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\IgxwFbb.exe
  C:\Windows\System\IgxwFbb.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\rPBPOqZ.exe
  C:\Windows\System\rPBPOqZ.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\zKZfnOu.exe
  C:\Windows\System\zKZfnOu.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\EULQNhX.exe
  C:\Windows\System\EULQNhX.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\WKfaVpL.exe
  C:\Windows\System\WKfaVpL.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\wxzAxsm.exe
  C:\Windows\System\wxzAxsm.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\sBWCzUT.exe
  C:\Windows\System\sBWCzUT.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\CQiZAJA.exe
  C:\Windows\System\CQiZAJA.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\eNvEBxS.exe
  C:\Windows\System\eNvEBxS.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\xqvQOtt.exe
  C:\Windows\System\xqvQOtt.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\tKERQbX.exe
  C:\Windows\System\tKERQbX.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\oyGWcSK.exe
  C:\Windows\System\oyGWcSK.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\PzUiHCn.exe
  C:\Windows\System\PzUiHCn.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\EGfyoJT.exe
  C:\Windows\System\EGfyoJT.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\sgvYxWE.exe
  C:\Windows\System\sgvYxWE.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\xlJoqfy.exe
  C:\Windows\System\xlJoqfy.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\suKFglm.exe
  C:\Windows\System\suKFglm.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\qTFHqZo.exe
  C:\Windows\System\qTFHqZo.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\KcdjLOn.exe
  C:\Windows\System\KcdjLOn.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\CKyWwHl.exe
  C:\Windows\System\CKyWwHl.exe
  2⤵
  PID:1664
- C:\Windows\System\aBkdcSj.exe
  C:\Windows\System\aBkdcSj.exe
  2⤵
  PID:2536
- C:\Windows\System\EOAyeIm.exe
  C:\Windows\System\EOAyeIm.exe
  2⤵
  PID:2412
- C:\Windows\System\FDYSsuv.exe
  C:\Windows\System\FDYSsuv.exe
  2⤵
  PID:2972
- C:\Windows\System\rmJGizQ.exe
  C:\Windows\System\rmJGizQ.exe
  2⤵
  PID:320
- C:\Windows\System\FfYVblV.exe
  C:\Windows\System\FfYVblV.exe
  2⤵
  PID:2892
- C:\Windows\System\LKZODUl.exe
  C:\Windows\System\LKZODUl.exe
  2⤵
  PID:2236
- C:\Windows\System\jiBXPVX.exe
  C:\Windows\System\jiBXPVX.exe
  2⤵
  PID:2944
- C:\Windows\System\RWFWMGZ.exe
  C:\Windows\System\RWFWMGZ.exe
  2⤵
  PID:2116
- C:\Windows\System\dIefbbW.exe
  C:\Windows\System\dIefbbW.exe
  2⤵
  PID:1060
- C:\Windows\System\rNDgebb.exe
  C:\Windows\System\rNDgebb.exe
  2⤵
  PID:2032
- C:\Windows\System\vHtuSny.exe
  C:\Windows\System\vHtuSny.exe
  2⤵
  PID:1800
- C:\Windows\System\uEETOkf.exe
  C:\Windows\System\uEETOkf.exe
  2⤵
  PID:1620
- C:\Windows\System\WjxqYeA.exe
  C:\Windows\System\WjxqYeA.exe
  2⤵
  PID:1540
- C:\Windows\System\ujDWHQg.exe
  C:\Windows\System\ujDWHQg.exe
  2⤵
  PID:3028
- C:\Windows\System\WKUpGRt.exe
  C:\Windows\System\WKUpGRt.exe
  2⤵
  PID:2728
- C:\Windows\System\TveWiIR.exe
  C:\Windows\System\TveWiIR.exe
  2⤵
  PID:2676
- C:\Windows\System\VsXZvSz.exe
  C:\Windows\System\VsXZvSz.exe
  2⤵
  PID:1236
- C:\Windows\System\bxjcPmX.exe
  C:\Windows\System\bxjcPmX.exe
  2⤵
  PID:3032
- C:\Windows\System\xOkwojE.exe
  C:\Windows\System\xOkwojE.exe
  2⤵
  PID:1960
- C:\Windows\System\VcaWlJu.exe
  C:\Windows\System\VcaWlJu.exe
  2⤵
  PID:2364
- C:\Windows\System\nFDVVhe.exe
  C:\Windows\System\nFDVVhe.exe
  2⤵
  PID:2360
- C:\Windows\System\kjRHZzT.exe
  C:\Windows\System\kjRHZzT.exe
  2⤵
  PID:1700
- C:\Windows\System\VwMNINT.exe
  C:\Windows\System\VwMNINT.exe
  2⤵
  PID:1796
- C:\Windows\System\NYuFfTb.exe
  C:\Windows\System\NYuFfTb.exe
  2⤵
  PID:1780
- C:\Windows\System\ZDSVfAW.exe
  C:\Windows\System\ZDSVfAW.exe
  2⤵
  PID:2664
- C:\Windows\System\UMlvPDs.exe
  C:\Windows\System\UMlvPDs.exe
  2⤵
  PID:2792
- C:\Windows\System\dQILYHq.exe
  C:\Windows\System\dQILYHq.exe
  2⤵
  PID:2660
- C:\Windows\System\dNvwbvz.exe
  C:\Windows\System\dNvwbvz.exe
  2⤵
  PID:2880
- C:\Windows\System\wesGFbS.exe
  C:\Windows\System\wesGFbS.exe
  2⤵
  PID:2772
- C:\Windows\System\YZHXtLB.exe
  C:\Windows\System\YZHXtLB.exe
  2⤵
  PID:2160
- C:\Windows\System\pXewqCl.exe
  C:\Windows\System\pXewqCl.exe
  2⤵
  PID:2652
- C:\Windows\System\EAQLnXX.exe
  C:\Windows\System\EAQLnXX.exe
  2⤵
  PID:2524
- C:\Windows\System\TYPuvTk.exe
  C:\Windows\System\TYPuvTk.exe
  2⤵
  PID:1228
- C:\Windows\System\IiGbhBr.exe
  C:\Windows\System\IiGbhBr.exe
  2⤵
  PID:2508
- C:\Windows\System\kiflbCW.exe
  C:\Windows\System\kiflbCW.exe
  2⤵
  PID:1696
- C:\Windows\System\AuUTYRX.exe
  C:\Windows\System\AuUTYRX.exe
  2⤵
  PID:2144
- C:\Windows\System\xzuBaPc.exe
  C:\Windows\System\xzuBaPc.exe
  2⤵
  PID:2940
- C:\Windows\System\PubjOsN.exe
  C:\Windows\System\PubjOsN.exe
  2⤵
  PID:2900
- C:\Windows\System\PsiMOJx.exe
  C:\Windows\System\PsiMOJx.exe
  2⤵
  PID:2372
- C:\Windows\System\XBJgYtw.exe
  C:\Windows\System\XBJgYtw.exe
  2⤵
  PID:916
- C:\Windows\System\UTlVQJY.exe
  C:\Windows\System\UTlVQJY.exe
  2⤵
  PID:856
- C:\Windows\System\NXIOKSw.exe
  C:\Windows\System\NXIOKSw.exe
  2⤵
  PID:1668
- C:\Windows\System\rpwtPAc.exe
  C:\Windows\System\rpwtPAc.exe
  2⤵
  PID:2140
- C:\Windows\System\MaRtRpM.exe
  C:\Windows\System\MaRtRpM.exe
  2⤵
  PID:2496
- C:\Windows\System\xkBsAJs.exe
  C:\Windows\System\xkBsAJs.exe
  2⤵
  PID:960
- C:\Windows\System\YKNGNyL.exe
  C:\Windows\System\YKNGNyL.exe
  2⤵
  PID:1356
- C:\Windows\System\VvKvIYl.exe
  C:\Windows\System\VvKvIYl.exe
  2⤵
  PID:2188
- C:\Windows\System\pZvSHiU.exe
  C:\Windows\System\pZvSHiU.exe
  2⤵
  PID:2800
- C:\Windows\System\FtutoYJ.exe
  C:\Windows\System\FtutoYJ.exe
  2⤵
  PID:1640
- C:\Windows\System\fiWNRhS.exe
  C:\Windows\System\fiWNRhS.exe
  2⤵
  PID:2300
- C:\Windows\System\RzKrgjM.exe
  C:\Windows\System\RzKrgjM.exe
  2⤵
  PID:276
- C:\Windows\System\BMwXwwt.exe
  C:\Windows\System\BMwXwwt.exe
  2⤵
  PID:2200
- C:\Windows\System\rVkAAxG.exe
  C:\Windows\System\rVkAAxG.exe
  2⤵
  PID:380
- C:\Windows\System\UjSlwwY.exe
  C:\Windows\System\UjSlwwY.exe
  2⤵
  PID:1440
- C:\Windows\System\vIxUZNb.exe
  C:\Windows\System\vIxUZNb.exe
  2⤵
  PID:1784
- C:\Windows\System\NPfyJCh.exe
  C:\Windows\System\NPfyJCh.exe
  2⤵
  PID:2560
- C:\Windows\System\GBNKITY.exe
  C:\Windows\System\GBNKITY.exe
  2⤵
  PID:2784
- C:\Windows\System\cNFpogJ.exe
  C:\Windows\System\cNFpogJ.exe
  2⤵
  PID:1096
- C:\Windows\System\GntWLLL.exe
  C:\Windows\System\GntWLLL.exe
  2⤵
  PID:1636
- C:\Windows\System\GCJVjRh.exe
  C:\Windows\System\GCJVjRh.exe
  2⤵
  PID:1720
- C:\Windows\System\PGneRfv.exe
  C:\Windows\System\PGneRfv.exe
  2⤵
  PID:1852
- C:\Windows\System\pVJKebE.exe
  C:\Windows\System\pVJKebE.exe
  2⤵
  PID:552
- C:\Windows\System\fXkaZci.exe
  C:\Windows\System\fXkaZci.exe
  2⤵
  PID:1952
- C:\Windows\System\WjUqsBT.exe
  C:\Windows\System\WjUqsBT.exe
  2⤵
  PID:776
- C:\Windows\System\YivGQLU.exe
  C:\Windows\System\YivGQLU.exe
  2⤵
  PID:2448
- C:\Windows\System\rZuUBlo.exe
  C:\Windows\System\rZuUBlo.exe
  2⤵
  PID:2516
- C:\Windows\System\QgZHpDy.exe
  C:\Windows\System\QgZHpDy.exe
  2⤵
  PID:1724
- C:\Windows\System\LTLODAY.exe
  C:\Windows\System\LTLODAY.exe
  2⤵
  PID:1748
- C:\Windows\System\hErnRyB.exe
  C:\Windows\System\hErnRyB.exe
  2⤵
  PID:1296
- C:\Windows\System\jQPWXiB.exe
  C:\Windows\System\jQPWXiB.exe
  2⤵
  PID:2820
- C:\Windows\System\ICjpdtG.exe
  C:\Windows\System\ICjpdtG.exe
  2⤵
  PID:2956
- C:\Windows\System\atNpgoC.exe
  C:\Windows\System\atNpgoC.exe
  2⤵
  PID:1980
- C:\Windows\System\bBIHDWT.exe
  C:\Windows\System\bBIHDWT.exe
  2⤵
  PID:1252
- C:\Windows\System\OCXSkwh.exe
  C:\Windows\System\OCXSkwh.exe
  2⤵
  PID:1656
- C:\Windows\System\SsiDner.exe
  C:\Windows\System\SsiDner.exe
  2⤵
  PID:2592
- C:\Windows\System\JSkmtgh.exe
  C:\Windows\System\JSkmtgh.exe
  2⤵
  PID:880
- C:\Windows\System\KcgllHG.exe
  C:\Windows\System\KcgllHG.exe
  2⤵
  PID:1880
- C:\Windows\System\NRlHtsZ.exe
  C:\Windows\System\NRlHtsZ.exe
  2⤵
  PID:2788
- C:\Windows\System\YuOtMfq.exe
  C:\Windows\System\YuOtMfq.exe
  2⤵
  PID:272
- C:\Windows\System\lmsWeRi.exe
  C:\Windows\System\lmsWeRi.exe
  2⤵
  PID:872
- C:\Windows\System\DHwWiON.exe
  C:\Windows\System\DHwWiON.exe
  2⤵
  PID:2060
- C:\Windows\System\FuJgXNI.exe
  C:\Windows\System\FuJgXNI.exe
  2⤵
  PID:2752
- C:\Windows\System\QUSWwqH.exe
  C:\Windows\System\QUSWwqH.exe
  2⤵
  PID:2644
- C:\Windows\System\BruJPYt.exe
  C:\Windows\System\BruJPYt.exe
  2⤵
  PID:2780
- C:\Windows\System\aoZfXKN.exe
  C:\Windows\System\aoZfXKN.exe
  2⤵
  PID:1992
- C:\Windows\System\OFQQaQT.exe
  C:\Windows\System\OFQQaQT.exe
  2⤵
  PID:2152
- C:\Windows\System\CrQvoUv.exe
  C:\Windows\System\CrQvoUv.exe
  2⤵
  PID:2828
- C:\Windows\System\NKXQcac.exe
  C:\Windows\System\NKXQcac.exe
  2⤵
  PID:2764
- C:\Windows\System\cErKuot.exe
  C:\Windows\System\cErKuot.exe
  2⤵
  PID:1924
- C:\Windows\System\sZwnQQX.exe
  C:\Windows\System\sZwnQQX.exe
  2⤵
  PID:1956
- C:\Windows\System\KhjpyKj.exe
  C:\Windows\System\KhjpyKj.exe
  2⤵
  PID:2656
- C:\Windows\System\MaxowjK.exe
  C:\Windows\System\MaxowjK.exe
  2⤵
  PID:3076
- C:\Windows\System\zvIjTsI.exe
  C:\Windows\System\zvIjTsI.exe
  2⤵
  PID:3096
- C:\Windows\System\QOtAnOc.exe
  C:\Windows\System\QOtAnOc.exe
  2⤵
  PID:3112
- C:\Windows\System\uVCDyDK.exe
  C:\Windows\System\uVCDyDK.exe
  2⤵
  PID:3128
- C:\Windows\System\yoUlxdg.exe
  C:\Windows\System\yoUlxdg.exe
  2⤵
  PID:3168
- C:\Windows\System\MZtCfJA.exe
  C:\Windows\System\MZtCfJA.exe
  2⤵
  PID:3188
- C:\Windows\System\qaDYbfF.exe
  C:\Windows\System\qaDYbfF.exe
  2⤵
  PID:3204
- C:\Windows\System\pLxPLYj.exe
  C:\Windows\System\pLxPLYj.exe
  2⤵
  PID:3220
- C:\Windows\System\pxLwrgc.exe
  C:\Windows\System\pxLwrgc.exe
  2⤵
  PID:3240
- C:\Windows\System\HWqdyUf.exe
  C:\Windows\System\HWqdyUf.exe
  2⤵
  PID:3256
- C:\Windows\System\zOBbLEW.exe
  C:\Windows\System\zOBbLEW.exe
  2⤵
  PID:3272
- C:\Windows\System\akOkAeN.exe
  C:\Windows\System\akOkAeN.exe
  2⤵
  PID:3288
- C:\Windows\System\MdtCReK.exe
  C:\Windows\System\MdtCReK.exe
  2⤵
  PID:3304
- C:\Windows\System\OSYCoXv.exe
  C:\Windows\System\OSYCoXv.exe
  2⤵
  PID:3320
- C:\Windows\System\pbFlGbU.exe
  C:\Windows\System\pbFlGbU.exe
  2⤵
  PID:3336
- C:\Windows\System\OLiGIqn.exe
  C:\Windows\System\OLiGIqn.exe
  2⤵
  PID:3352
- C:\Windows\System\BEofTOe.exe
  C:\Windows\System\BEofTOe.exe
  2⤵
  PID:3376
- C:\Windows\System\ozcPxMj.exe
  C:\Windows\System\ozcPxMj.exe
  2⤵
  PID:3412
- C:\Windows\System\tUxxiCv.exe
  C:\Windows\System\tUxxiCv.exe
  2⤵
  PID:3428
- C:\Windows\System\LQkIQSw.exe
  C:\Windows\System\LQkIQSw.exe
  2⤵
  PID:3456
- C:\Windows\System\MzfAyIj.exe
  C:\Windows\System\MzfAyIj.exe
  2⤵
  PID:3472
- C:\Windows\System\mFidryD.exe
  C:\Windows\System\mFidryD.exe
  2⤵
  PID:3488
- C:\Windows\System\fHrclND.exe
  C:\Windows\System\fHrclND.exe
  2⤵
  PID:3504
- C:\Windows\System\qxvPuyW.exe
  C:\Windows\System\qxvPuyW.exe
  2⤵
  PID:3528
- C:\Windows\System\KpBztDP.exe
  C:\Windows\System\KpBztDP.exe
  2⤵
  PID:3544
- C:\Windows\System\vHckMOD.exe
  C:\Windows\System\vHckMOD.exe
  2⤵
  PID:3560
- C:\Windows\System\LaquiYc.exe
  C:\Windows\System\LaquiYc.exe
  2⤵
  PID:3576
- C:\Windows\System\PPMFhmM.exe
  C:\Windows\System\PPMFhmM.exe
  2⤵
  PID:3592
- C:\Windows\System\oHwBWLS.exe
  C:\Windows\System\oHwBWLS.exe
  2⤵
  PID:3616
- C:\Windows\System\NgHhRbl.exe
  C:\Windows\System\NgHhRbl.exe
  2⤵
  PID:3636
- C:\Windows\System\NVypTZu.exe
  C:\Windows\System\NVypTZu.exe
  2⤵
  PID:3660
- C:\Windows\System\kdIgNNd.exe
  C:\Windows\System\kdIgNNd.exe
  2⤵
  PID:3684
- C:\Windows\System\sfeswxZ.exe
  C:\Windows\System\sfeswxZ.exe
  2⤵
  PID:3700
- C:\Windows\System\SwvqrKt.exe
  C:\Windows\System\SwvqrKt.exe
  2⤵
  PID:3716
- C:\Windows\System\IpZFTXC.exe
  C:\Windows\System\IpZFTXC.exe
  2⤵
  PID:3732
- C:\Windows\System\gbcjbMd.exe
  C:\Windows\System\gbcjbMd.exe
  2⤵
  PID:3748
- C:\Windows\System\qnaSFgL.exe
  C:\Windows\System\qnaSFgL.exe
  2⤵
  PID:3772
- C:\Windows\System\zasdHGV.exe
  C:\Windows\System\zasdHGV.exe
  2⤵
  PID:3860
- C:\Windows\System\MlmXLUC.exe
  C:\Windows\System\MlmXLUC.exe
  2⤵
  PID:3876
- C:\Windows\System\iHxbkaO.exe
  C:\Windows\System\iHxbkaO.exe
  2⤵
  PID:3892
- C:\Windows\System\pUHsbnf.exe
  C:\Windows\System\pUHsbnf.exe
  2⤵
  PID:3928
- C:\Windows\System\tHZtTUL.exe
  C:\Windows\System\tHZtTUL.exe
  2⤵
  PID:3944
- C:\Windows\System\DkalxAH.exe
  C:\Windows\System\DkalxAH.exe
  2⤵
  PID:3968
- C:\Windows\System\KCaRaoh.exe
  C:\Windows\System\KCaRaoh.exe
  2⤵
  PID:3988
- C:\Windows\System\vvVDKbd.exe
  C:\Windows\System\vvVDKbd.exe
  2⤵
  PID:4004
- C:\Windows\System\uuQtRkA.exe
  C:\Windows\System\uuQtRkA.exe
  2⤵
  PID:4024
- C:\Windows\System\yYJWdPK.exe
  C:\Windows\System\yYJWdPK.exe
  2⤵
  PID:4040
- C:\Windows\System\IzEHwui.exe
  C:\Windows\System\IzEHwui.exe
  2⤵
  PID:4056
- C:\Windows\System\pAKTeic.exe
  C:\Windows\System\pAKTeic.exe
  2⤵
  PID:4072
- C:\Windows\System\RsIdmEK.exe
  C:\Windows\System\RsIdmEK.exe
  2⤵
  PID:4092
- C:\Windows\System\rqXLgcU.exe
  C:\Windows\System\rqXLgcU.exe
  2⤵
  PID:3108
- C:\Windows\System\XCKzKUj.exe
  C:\Windows\System\XCKzKUj.exe
  2⤵
  PID:2192
- C:\Windows\System\fcHWojA.exe
  C:\Windows\System\fcHWojA.exe
  2⤵
  PID:3120
- C:\Windows\System\CbIFYar.exe
  C:\Windows\System\CbIFYar.exe
  2⤵
  PID:3196
- C:\Windows\System\gAFWmuV.exe
  C:\Windows\System\gAFWmuV.exe
  2⤵
  PID:3200
- C:\Windows\System\GZcptxY.exe
  C:\Windows\System\GZcptxY.exe
  2⤵
  PID:3264
- C:\Windows\System\Crnydpx.exe
  C:\Windows\System\Crnydpx.exe
  2⤵
  PID:3300
- C:\Windows\System\PGExyPd.exe
  C:\Windows\System\PGExyPd.exe
  2⤵
  PID:3368
- C:\Windows\System\MtfYVnw.exe
  C:\Windows\System\MtfYVnw.exe
  2⤵
  PID:3540
- C:\Windows\System\EuSncLM.exe
  C:\Windows\System\EuSncLM.exe
  2⤵
  PID:3604
- C:\Windows\System\EEIgbpi.exe
  C:\Windows\System\EEIgbpi.exe
  2⤵
  PID:3648
- C:\Windows\System\UZDtpvQ.exe
  C:\Windows\System\UZDtpvQ.exe
  2⤵
  PID:3692
- C:\Windows\System\ZfuIlxz.exe
  C:\Windows\System\ZfuIlxz.exe
  2⤵
  PID:3252
- C:\Windows\System\PEhmJXO.exe
  C:\Windows\System\PEhmJXO.exe
  2⤵
  PID:3348
- C:\Windows\System\tLyJEQF.exe
  C:\Windows\System\tLyJEQF.exe
  2⤵
  PID:3768
- C:\Windows\System\svAXVxf.exe
  C:\Windows\System\svAXVxf.exe
  2⤵
  PID:3396
- C:\Windows\System\sywcrKO.exe
  C:\Windows\System\sywcrKO.exe
  2⤵
  PID:3444
- C:\Windows\System\FbPtZWL.exe
  C:\Windows\System\FbPtZWL.exe
  2⤵
  PID:3520
- C:\Windows\System\TngGRBL.exe
  C:\Windows\System\TngGRBL.exe
  2⤵
  PID:3584
- C:\Windows\System\pKBUhaJ.exe
  C:\Windows\System\pKBUhaJ.exe
  2⤵
  PID:3632
- C:\Windows\System\JjOChAP.exe
  C:\Windows\System\JjOChAP.exe
  2⤵
  PID:3712
- C:\Windows\System\kWMZYSP.exe
  C:\Windows\System\kWMZYSP.exe
  2⤵
  PID:3856
- C:\Windows\System\fdsysXu.exe
  C:\Windows\System\fdsysXu.exe
  2⤵
  PID:3908
- C:\Windows\System\AJLIvOg.exe
  C:\Windows\System\AJLIvOg.exe
  2⤵
  PID:2848
- C:\Windows\System\CswShRV.exe
  C:\Windows\System\CswShRV.exe
  2⤵
  PID:3904
- C:\Windows\System\jkBHgms.exe
  C:\Windows\System\jkBHgms.exe
  2⤵
  PID:3964
- C:\Windows\System\kMdsLcW.exe
  C:\Windows\System\kMdsLcW.exe
  2⤵
  PID:4064
- C:\Windows\System\ClBcgxC.exe
  C:\Windows\System\ClBcgxC.exe
  2⤵
  PID:1496
- C:\Windows\System\mjNRYyn.exe
  C:\Windows\System\mjNRYyn.exe
  2⤵
  PID:3984
- C:\Windows\System\zEEfzkz.exe
  C:\Windows\System\zEEfzkz.exe
  2⤵
  PID:4052
- C:\Windows\System\wCRLgBF.exe
  C:\Windows\System\wCRLgBF.exe
  2⤵
  PID:3144
- C:\Windows\System\DkHKLPg.exe
  C:\Windows\System\DkHKLPg.exe
  2⤵
  PID:2844
- C:\Windows\System\wARXgPt.exe
  C:\Windows\System\wARXgPt.exe
  2⤵
  PID:3084
- C:\Windows\System\jCRrDSz.exe
  C:\Windows\System\jCRrDSz.exe
  2⤵
  PID:3296
- C:\Windows\System\oBTpGnA.exe
  C:\Windows\System\oBTpGnA.exe
  2⤵
  PID:3424
- C:\Windows\System\MdhzRiN.exe
  C:\Windows\System\MdhzRiN.exe
  2⤵
  PID:3164
- C:\Windows\System\RFDtMoM.exe
  C:\Windows\System\RFDtMoM.exe
  2⤵
  PID:3572
- C:\Windows\System\VEXTRhu.exe
  C:\Windows\System\VEXTRhu.exe
  2⤵
  PID:3760
- C:\Windows\System\HjABkAU.exe
  C:\Windows\System\HjABkAU.exe
  2⤵
  PID:3316
- C:\Windows\System\ysNjFPP.exe
  C:\Windows\System\ysNjFPP.exe
  2⤵
  PID:3312
- C:\Windows\System\IrBmpJT.exe
  C:\Windows\System\IrBmpJT.exe
  2⤵
  PID:3624
- C:\Windows\System\wHpAUCI.exe
  C:\Windows\System\wHpAUCI.exe
  2⤵
  PID:3676
- C:\Windows\System\rFpEFlK.exe
  C:\Windows\System\rFpEFlK.exe
  2⤵
  PID:3516
- C:\Windows\System\WkjZJJi.exe
  C:\Windows\System\WkjZJJi.exe
  2⤵
  PID:3852
- C:\Windows\System\LlxTuoc.exe
  C:\Windows\System\LlxTuoc.exe
  2⤵
  PID:3884
- C:\Windows\System\kpDVBUl.exe
  C:\Windows\System\kpDVBUl.exe
  2⤵
  PID:3956
- C:\Windows\System\XQdAEYY.exe
  C:\Windows\System\XQdAEYY.exe
  2⤵
  PID:4000
- C:\Windows\System\fZXGyCy.exe
  C:\Windows\System\fZXGyCy.exe
  2⤵
  PID:2420
- C:\Windows\System\VoNPpfb.exe
  C:\Windows\System\VoNPpfb.exe
  2⤵
  PID:2304
- C:\Windows\System\YMKdIDY.exe
  C:\Windows\System\YMKdIDY.exe
  2⤵
  PID:4084
- C:\Windows\System\dVlFkzt.exe
  C:\Windows\System\dVlFkzt.exe
  2⤵
  PID:3364
- C:\Windows\System\DUDBGdS.exe
  C:\Windows\System\DUDBGdS.exe
  2⤵
  PID:3092
- C:\Windows\System\ieIQtHo.exe
  C:\Windows\System\ieIQtHo.exe
  2⤵
  PID:3236
- C:\Windows\System\PaGvnxt.exe
  C:\Windows\System\PaGvnxt.exe
  2⤵
  PID:3612
- C:\Windows\System\QWmfaYz.exe
  C:\Windows\System\QWmfaYz.exe
  2⤵
  PID:3248
- C:\Windows\System\nAAiPDT.exe
  C:\Windows\System\nAAiPDT.exe
  2⤵
  PID:3656
- C:\Windows\System\dEkNzzb.exe
  C:\Windows\System\dEkNzzb.exe
  2⤵
  PID:3744
- C:\Windows\System\xafyKtd.exe
  C:\Windows\System\xafyKtd.exe
  2⤵
  PID:3600
- C:\Windows\System\WvNxsTW.exe
  C:\Windows\System\WvNxsTW.exe
  2⤵
  PID:3512
- C:\Windows\System\WAGIbtR.exe
  C:\Windows\System\WAGIbtR.exe
  2⤵
  PID:3888
- C:\Windows\System\HzZnlSw.exe
  C:\Windows\System\HzZnlSw.exe
  2⤵
  PID:3900
- C:\Windows\System\WpegTbo.exe
  C:\Windows\System\WpegTbo.exe
  2⤵
  PID:2488
- C:\Windows\System\mnqynjC.exe
  C:\Windows\System\mnqynjC.exe
  2⤵
  PID:4112
- C:\Windows\System\fTTINho.exe
  C:\Windows\System\fTTINho.exe
  2⤵
  PID:4132
- C:\Windows\System\glFTlJZ.exe
  C:\Windows\System\glFTlJZ.exe
  2⤵
  PID:4148
- C:\Windows\System\DeYTKsk.exe
  C:\Windows\System\DeYTKsk.exe
  2⤵
  PID:4164
- C:\Windows\System\nphtmGg.exe
  C:\Windows\System\nphtmGg.exe
  2⤵
  PID:4184
- C:\Windows\System\vMxqxQR.exe
  C:\Windows\System\vMxqxQR.exe
  2⤵
  PID:4204
- C:\Windows\System\EyoKJii.exe
  C:\Windows\System\EyoKJii.exe
  2⤵
  PID:4220
- C:\Windows\System\PQHiPZk.exe
  C:\Windows\System\PQHiPZk.exe
  2⤵
  PID:4248
- C:\Windows\System\kHvtxiB.exe
  C:\Windows\System\kHvtxiB.exe
  2⤵
  PID:4268
- C:\Windows\System\TOjqSIY.exe
  C:\Windows\System\TOjqSIY.exe
  2⤵
  PID:4296
- C:\Windows\System\SMHolWE.exe
  C:\Windows\System\SMHolWE.exe
  2⤵
  PID:4316
- C:\Windows\System\zuekTME.exe
  C:\Windows\System\zuekTME.exe
  2⤵
  PID:4352
- C:\Windows\System\CHdjmRS.exe
  C:\Windows\System\CHdjmRS.exe
  2⤵
  PID:4368
- C:\Windows\System\WPlmWEM.exe
  C:\Windows\System\WPlmWEM.exe
  2⤵
  PID:4384
- C:\Windows\System\QyOzVDm.exe
  C:\Windows\System\QyOzVDm.exe
  2⤵
  PID:4404
- C:\Windows\System\PFwAZEz.exe
  C:\Windows\System\PFwAZEz.exe
  2⤵
  PID:4420
- C:\Windows\System\qBAQjRB.exe
  C:\Windows\System\qBAQjRB.exe
  2⤵
  PID:4436
- C:\Windows\System\altbJjF.exe
  C:\Windows\System\altbJjF.exe
  2⤵
  PID:4452
- C:\Windows\System\HwyUzWW.exe
  C:\Windows\System\HwyUzWW.exe
  2⤵
  PID:4468
- C:\Windows\System\stGcokZ.exe
  C:\Windows\System\stGcokZ.exe
  2⤵
  PID:4488
- C:\Windows\System\XQIgaAU.exe
  C:\Windows\System\XQIgaAU.exe
  2⤵
  PID:4504
- C:\Windows\System\kMrnbum.exe
  C:\Windows\System\kMrnbum.exe
  2⤵
  PID:4564
- C:\Windows\System\yYTGKER.exe
  C:\Windows\System\yYTGKER.exe
  2⤵
  PID:4580
- C:\Windows\System\bLqfKpp.exe
  C:\Windows\System\bLqfKpp.exe
  2⤵
  PID:4596
- C:\Windows\System\Tpgqtcf.exe
  C:\Windows\System\Tpgqtcf.exe
  2⤵
  PID:4612
- C:\Windows\System\YlcDWFM.exe
  C:\Windows\System\YlcDWFM.exe
  2⤵
  PID:4636
- C:\Windows\System\IACRweW.exe
  C:\Windows\System\IACRweW.exe
  2⤵
  PID:4656
- C:\Windows\System\INlbMJc.exe
  C:\Windows\System\INlbMJc.exe
  2⤵
  PID:4672
- C:\Windows\System\fdpWZGo.exe
  C:\Windows\System\fdpWZGo.exe
  2⤵
  PID:4704
- C:\Windows\System\ORcRYtu.exe
  C:\Windows\System\ORcRYtu.exe
  2⤵
  PID:4720
- C:\Windows\System\HImUWDn.exe
  C:\Windows\System\HImUWDn.exe
  2⤵
  PID:4736
- C:\Windows\System\EvuPGvR.exe
  C:\Windows\System\EvuPGvR.exe
  2⤵
  PID:4752
- C:\Windows\System\cZYokrT.exe
  C:\Windows\System\cZYokrT.exe
  2⤵
  PID:4768
- C:\Windows\System\lIThmXr.exe
  C:\Windows\System\lIThmXr.exe
  2⤵
  PID:4784
- C:\Windows\System\PORZnsh.exe
  C:\Windows\System\PORZnsh.exe
  2⤵
  PID:4800
- C:\Windows\System\gxcXJZv.exe
  C:\Windows\System\gxcXJZv.exe
  2⤵
  PID:4816
- C:\Windows\System\ipwSfio.exe
  C:\Windows\System\ipwSfio.exe
  2⤵
  PID:4832
- C:\Windows\System\nihiVFX.exe
  C:\Windows\System\nihiVFX.exe
  2⤵
  PID:4848
- C:\Windows\System\cTszlpd.exe
  C:\Windows\System\cTszlpd.exe
  2⤵
  PID:4908
- C:\Windows\System\PusDZqJ.exe
  C:\Windows\System\PusDZqJ.exe
  2⤵
  PID:4924
- C:\Windows\System\eyxomvS.exe
  C:\Windows\System\eyxomvS.exe
  2⤵
  PID:4940
- C:\Windows\System\YXGaQpx.exe
  C:\Windows\System\YXGaQpx.exe
  2⤵
  PID:4960
- C:\Windows\System\ZQQqpCA.exe
  C:\Windows\System\ZQQqpCA.exe
  2⤵
  PID:4976
- C:\Windows\System\ZHgkrYp.exe
  C:\Windows\System\ZHgkrYp.exe
  2⤵
  PID:4992
- C:\Windows\System\lWzzZzD.exe
  C:\Windows\System\lWzzZzD.exe
  2⤵
  PID:5012
- C:\Windows\System\cIOKQZE.exe
  C:\Windows\System\cIOKQZE.exe
  2⤵
  PID:5032
- C:\Windows\System\ibmLnSm.exe
  C:\Windows\System\ibmLnSm.exe
  2⤵
  PID:5056
- C:\Windows\System\oMqyyfT.exe
  C:\Windows\System\oMqyyfT.exe
  2⤵
  PID:5072
- C:\Windows\System\rznOXOo.exe
  C:\Windows\System\rznOXOo.exe
  2⤵
  PID:5100
- C:\Windows\System\AREaXqR.exe
  C:\Windows\System\AREaXqR.exe
  2⤵
  PID:3940
- C:\Windows\System\tBFoxPO.exe
  C:\Windows\System\tBFoxPO.exe
  2⤵
  PID:3148
- C:\Windows\System\cNHlYMs.exe
  C:\Windows\System\cNHlYMs.exe
  2⤵
  PID:3728
- C:\Windows\System\fxXkvsN.exe
  C:\Windows\System\fxXkvsN.exe
  2⤵
  PID:2760
- C:\Windows\System\YCwvrxz.exe
  C:\Windows\System\YCwvrxz.exe
  2⤵
  PID:3500
- C:\Windows\System\VMMntjy.exe
  C:\Windows\System\VMMntjy.exe
  2⤵
  PID:3836
- C:\Windows\System\vjSTwQi.exe
  C:\Windows\System\vjSTwQi.exe
  2⤵
  PID:2256
- C:\Windows\System\AZGQMZL.exe
  C:\Windows\System\AZGQMZL.exe
  2⤵
  PID:4020
- C:\Windows\System\FIfDoSy.exe
  C:\Windows\System\FIfDoSy.exe
  2⤵
  PID:1012
- C:\Windows\System\uSPUvOC.exe
  C:\Windows\System\uSPUvOC.exe
  2⤵
  PID:4156
- C:\Windows\System\ZcDxhZh.exe
  C:\Windows\System\ZcDxhZh.exe
  2⤵
  PID:4180
- C:\Windows\System\lWBjvwF.exe
  C:\Windows\System\lWBjvwF.exe
  2⤵
  PID:4200
- C:\Windows\System\fyqtPQb.exe
  C:\Windows\System\fyqtPQb.exe
  2⤵
  PID:2356
- C:\Windows\System\WXguEGy.exe
  C:\Windows\System\WXguEGy.exe
  2⤵
  PID:4260
- C:\Windows\System\mqjPzgz.exe
  C:\Windows\System\mqjPzgz.exe
  2⤵
  PID:4308
- C:\Windows\System\BSoyHmg.exe
  C:\Windows\System\BSoyHmg.exe
  2⤵
  PID:4240
- C:\Windows\System\kozaMUZ.exe
  C:\Windows\System\kozaMUZ.exe
  2⤵
  PID:4496
- C:\Windows\System\ofLPuHB.exe
  C:\Windows\System\ofLPuHB.exe
  2⤵
  PID:4332
- C:\Windows\System\ZPUEWiy.exe
  C:\Windows\System\ZPUEWiy.exe
  2⤵
  PID:4276
- C:\Windows\System\nwcAKlH.exe
  C:\Windows\System\nwcAKlH.exe
  2⤵
  PID:4412
- C:\Windows\System\UhhEpQb.exe
  C:\Windows\System\UhhEpQb.exe
  2⤵
  PID:4524
- C:\Windows\System\lwgDWFr.exe
  C:\Windows\System\lwgDWFr.exe
  2⤵
  PID:4540
- C:\Windows\System\vxOsmyd.exe
  C:\Windows\System\vxOsmyd.exe
  2⤵
  PID:4548
- C:\Windows\System\zQVNtcI.exe
  C:\Windows\System\zQVNtcI.exe
  2⤵
  PID:4556
- C:\Windows\System\fJCnvqZ.exe
  C:\Windows\System\fJCnvqZ.exe
  2⤵
  PID:4516
- C:\Windows\System\GCWUypi.exe
  C:\Windows\System\GCWUypi.exe
  2⤵
  PID:4588
- C:\Windows\System\jOoYhrx.exe
  C:\Windows\System\jOoYhrx.exe
  2⤵
  PID:4680
- C:\Windows\System\XiiZvqV.exe
  C:\Windows\System\XiiZvqV.exe
  2⤵
  PID:4624
- C:\Windows\System\ECMUKAj.exe
  C:\Windows\System\ECMUKAj.exe
  2⤵
  PID:4668
- C:\Windows\System\wasTYVK.exe
  C:\Windows\System\wasTYVK.exe
  2⤵
  PID:4748
- C:\Windows\System\SxPkfRy.exe
  C:\Windows\System\SxPkfRy.exe
  2⤵
  PID:4764
- C:\Windows\System\BMZRSsg.exe
  C:\Windows\System\BMZRSsg.exe
  2⤵
  PID:4828
- C:\Windows\System\qyFruKN.exe
  C:\Windows\System\qyFruKN.exe
  2⤵
  PID:4856
- C:\Windows\System\VQMsxPf.exe
  C:\Windows\System\VQMsxPf.exe
  2⤵
  PID:4872
- C:\Windows\System\FFIENxm.exe
  C:\Windows\System\FFIENxm.exe
  2⤵
  PID:4892
- C:\Windows\System\LAhMIdP.exe
  C:\Windows\System\LAhMIdP.exe
  2⤵
  PID:4936
- C:\Windows\System\faXQtkz.exe
  C:\Windows\System\faXQtkz.exe
  2⤵
  PID:5004
- C:\Windows\System\bSurySr.exe
  C:\Windows\System\bSurySr.exe
  2⤵
  PID:5040
- C:\Windows\System\RklRhtZ.exe
  C:\Windows\System\RklRhtZ.exe
  2⤵
  PID:5080
- C:\Windows\System\vWxAInd.exe
  C:\Windows\System\vWxAInd.exe
  2⤵
  PID:5096
- C:\Windows\System\bBRCZUJ.exe
  C:\Windows\System\bBRCZUJ.exe
  2⤵
  PID:3552
- C:\Windows\System\JEhgwzx.exe
  C:\Windows\System\JEhgwzx.exe
  2⤵
  PID:5108
- C:\Windows\System\XHEQXqb.exe
  C:\Windows\System\XHEQXqb.exe
  2⤵
  PID:5028
- C:\Windows\System\tVmkdJA.exe
  C:\Windows\System\tVmkdJA.exe
  2⤵
  PID:3408
- C:\Windows\System\QKiGmgl.exe
  C:\Windows\System\QKiGmgl.exe
  2⤵
  PID:2708
- C:\Windows\System\CCSIbLb.exe
  C:\Windows\System\CCSIbLb.exe
  2⤵
  PID:3156
- C:\Windows\System\INzuPTa.exe
  C:\Windows\System\INzuPTa.exe
  2⤵
  PID:1484
- C:\Windows\System\BBRjrUC.exe
  C:\Windows\System\BBRjrUC.exe
  2⤵
  PID:1200
- C:\Windows\System\WPHjnQV.exe
  C:\Windows\System\WPHjnQV.exe
  2⤵
  PID:4304
- C:\Windows\System\YEyezaY.exe
  C:\Windows\System\YEyezaY.exe
  2⤵
  PID:4216
- C:\Windows\System\ONZFCyy.exe
  C:\Windows\System\ONZFCyy.exe
  2⤵
  PID:4428
- C:\Windows\System\DPszqxi.exe
  C:\Windows\System\DPszqxi.exe
  2⤵
  PID:4460
- C:\Windows\System\HQQspTp.exe
  C:\Windows\System\HQQspTp.exe
  2⤵
  PID:4536
- C:\Windows\System\MysPWNC.exe
  C:\Windows\System\MysPWNC.exe
  2⤵
  PID:2020
- C:\Windows\System\BjkunPB.exe
  C:\Windows\System\BjkunPB.exe
  2⤵
  PID:4576
- C:\Windows\System\OFQFXts.exe
  C:\Windows\System\OFQFXts.exe
  2⤵
  PID:4572
- C:\Windows\System\BKjVQId.exe
  C:\Windows\System\BKjVQId.exe
  2⤵
  PID:4484
- C:\Windows\System\lPUungu.exe
  C:\Windows\System\lPUungu.exe
  2⤵
  PID:4512
- C:\Windows\System\ggVioJl.exe
  C:\Windows\System\ggVioJl.exe
  2⤵
  PID:4716
- C:\Windows\System\WSAyTyT.exe
  C:\Windows\System\WSAyTyT.exe
  2⤵
  PID:4864
- C:\Windows\System\DFPJmtB.exe
  C:\Windows\System\DFPJmtB.exe
  2⤵
  PID:4552
- C:\Windows\System\SolUMvw.exe
  C:\Windows\System\SolUMvw.exe
  2⤵
  PID:4808
- C:\Windows\System\COUXsSH.exe
  C:\Windows\System\COUXsSH.exe
  2⤵
  PID:4844
- C:\Windows\System\QWyBxyT.exe
  C:\Windows\System\QWyBxyT.exe
  2⤵
  PID:4904
- C:\Windows\System\nnZhsnu.exe
  C:\Windows\System\nnZhsnu.exe
  2⤵
  PID:4916
- C:\Windows\System\lJuupwn.exe
  C:\Windows\System\lJuupwn.exe
  2⤵
  PID:5008
- C:\Windows\System\lqGePkb.exe
  C:\Windows\System\lqGePkb.exe
  2⤵
  PID:5000
- C:\Windows\System\QhGPoIb.exe
  C:\Windows\System\QhGPoIb.exe
  2⤵
  PID:5088
- C:\Windows\System\yNYDQhc.exe
  C:\Windows\System\yNYDQhc.exe
  2⤵
  PID:5064
- C:\Windows\System\hyKvlbY.exe
  C:\Windows\System\hyKvlbY.exe
  2⤵
  PID:5020
- C:\Windows\System\jOXKyIS.exe
  C:\Windows\System\jOXKyIS.exe
  2⤵
  PID:3708
- C:\Windows\System\JYpatfb.exe
  C:\Windows\System\JYpatfb.exe
  2⤵
  PID:4236
- C:\Windows\System\iresaRO.exe
  C:\Windows\System\iresaRO.exe
  2⤵
  PID:1676
- C:\Windows\System\TKRCoym.exe
  C:\Windows\System\TKRCoym.exe
  2⤵
  PID:4432
- C:\Windows\System\ieRNYYw.exe
  C:\Windows\System\ieRNYYw.exe
  2⤵
  PID:4328
- C:\Windows\System\bfetkxy.exe
  C:\Windows\System\bfetkxy.exe
  2⤵
  PID:4604
- C:\Windows\System\VtwUnqI.exe
  C:\Windows\System\VtwUnqI.exe
  2⤵
  PID:4796
- C:\Windows\System\xPkfqKQ.exe
  C:\Windows\System\xPkfqKQ.exe
  2⤵
  PID:288
- C:\Windows\System\ttePxqJ.exe
  C:\Windows\System\ttePxqJ.exe
  2⤵
  PID:3480
- C:\Windows\System\AOIItgn.exe
  C:\Windows\System\AOIItgn.exe
  2⤵
  PID:1100
- C:\Windows\System\ZMPhRLX.exe
  C:\Windows\System\ZMPhRLX.exe
  2⤵
  PID:4880
- C:\Windows\System\foVqVtu.exe
  C:\Windows\System\foVqVtu.exe
  2⤵
  PID:4100
- C:\Windows\System\TByzpub.exe
  C:\Windows\System\TByzpub.exe
  2⤵
  PID:4160
- C:\Windows\System\KuCfjRg.exe
  C:\Windows\System\KuCfjRg.exe
  2⤵
  PID:4700
- C:\Windows\System\zjjMdbx.exe
  C:\Windows\System\zjjMdbx.exe
  2⤵
  PID:4984
- C:\Windows\System\fInNyuI.exe
  C:\Windows\System\fInNyuI.exe
  2⤵
  PID:4360
- C:\Windows\System\eFIZWTV.exe
  C:\Windows\System\eFIZWTV.exe
  2⤵
  PID:4288
- C:\Windows\System\AdmHges.exe
  C:\Windows\System\AdmHges.exe
  2⤵
  PID:4176
- C:\Windows\System\pyRjhJQ.exe
  C:\Windows\System\pyRjhJQ.exe
  2⤵
  PID:4464
- C:\Windows\System\xKKQYle.exe
  C:\Windows\System\xKKQYle.exe
  2⤵
  PID:4120
- C:\Windows\System\ZvckqiO.exe
  C:\Windows\System\ZvckqiO.exe
  2⤵
  PID:3496
- C:\Windows\System\YPckNTO.exe
  C:\Windows\System\YPckNTO.exe
  2⤵
  PID:4392
- C:\Windows\System\jtesCTe.exe
  C:\Windows\System\jtesCTe.exe
  2⤵
  PID:4608
- C:\Windows\System\wOcumZO.exe
  C:\Windows\System\wOcumZO.exe
  2⤵
  PID:4232
- C:\Windows\System\gQGVBnP.exe
  C:\Windows\System\gQGVBnP.exe
  2⤵
  PID:3924
- C:\Windows\System\kbIHgFw.exe
  C:\Windows\System\kbIHgFw.exe
  2⤵
  PID:2332
- C:\Windows\System\RRyGwJn.exe
  C:\Windows\System\RRyGwJn.exe
  2⤵
  PID:4324
- C:\Windows\System\SMivMwz.exe
  C:\Windows\System\SMivMwz.exe
  2⤵
  PID:4396
- C:\Windows\System\HlArKYE.exe
  C:\Windows\System\HlArKYE.exe
  2⤵
  PID:5048
- C:\Windows\System\hHKhPaw.exe
  C:\Windows\System\hHKhPaw.exe
  2⤵
  PID:3404
- C:\Windows\System\gZuCBtF.exe
  C:\Windows\System\gZuCBtF.exe
  2⤵
  PID:3104
- C:\Windows\System\aQDnObR.exe
  C:\Windows\System\aQDnObR.exe
  2⤵
  PID:5144
- C:\Windows\System\liseWFg.exe
  C:\Windows\System\liseWFg.exe
  2⤵
  PID:5164
- C:\Windows\System\tQBnXZP.exe
  C:\Windows\System\tQBnXZP.exe
  2⤵
  PID:5180
- C:\Windows\System\SnichIt.exe
  C:\Windows\System\SnichIt.exe
  2⤵
  PID:5212
- C:\Windows\System\VGYCyGb.exe
  C:\Windows\System\VGYCyGb.exe
  2⤵
  PID:5228
- C:\Windows\System\uRFnIGf.exe
  C:\Windows\System\uRFnIGf.exe
  2⤵
  PID:5244
- C:\Windows\System\iMCxyci.exe
  C:\Windows\System\iMCxyci.exe
  2⤵
  PID:5260
- C:\Windows\System\KzpSzNo.exe
  C:\Windows\System\KzpSzNo.exe
  2⤵
  PID:5276
- C:\Windows\System\fczVjab.exe
  C:\Windows\System\fczVjab.exe
  2⤵
  PID:5296
- C:\Windows\System\rNOJBLV.exe
  C:\Windows\System\rNOJBLV.exe
  2⤵
  PID:5316
- C:\Windows\System\ryoESnc.exe
  C:\Windows\System\ryoESnc.exe
  2⤵
  PID:5348
- C:\Windows\System\awuywZU.exe
  C:\Windows\System\awuywZU.exe
  2⤵
  PID:5364
- C:\Windows\System\JQmXsVY.exe
  C:\Windows\System\JQmXsVY.exe
  2⤵
  PID:5380
- C:\Windows\System\BdJpHmC.exe
  C:\Windows\System\BdJpHmC.exe
  2⤵
  PID:5396
- C:\Windows\System\rddDFZN.exe
  C:\Windows\System\rddDFZN.exe
  2⤵
  PID:5412
- C:\Windows\System\AmNuMsn.exe
  C:\Windows\System\AmNuMsn.exe
  2⤵
  PID:5428
- C:\Windows\System\wONVqXQ.exe
  C:\Windows\System\wONVqXQ.exe
  2⤵
  PID:5444
- C:\Windows\System\dDBxSUs.exe
  C:\Windows\System\dDBxSUs.exe
  2⤵
  PID:5464
- C:\Windows\System\OpuAsym.exe
  C:\Windows\System\OpuAsym.exe
  2⤵
  PID:5484
- C:\Windows\System\JasXUjT.exe
  C:\Windows\System\JasXUjT.exe
  2⤵
  PID:5516
- C:\Windows\System\kUQteuf.exe
  C:\Windows\System\kUQteuf.exe
  2⤵
  PID:5556
- C:\Windows\System\AxAyZFO.exe
  C:\Windows\System\AxAyZFO.exe
  2⤵
  PID:5572
- C:\Windows\System\OsZglmd.exe
  C:\Windows\System\OsZglmd.exe
  2⤵
  PID:5592
- C:\Windows\System\qquOPrn.exe
  C:\Windows\System\qquOPrn.exe
  2⤵
  PID:5608
- C:\Windows\System\HbKXDPS.exe
  C:\Windows\System\HbKXDPS.exe
  2⤵
  PID:5624
- C:\Windows\System\keonzne.exe
  C:\Windows\System\keonzne.exe
  2⤵
  PID:5640
- C:\Windows\System\iJMWmdP.exe
  C:\Windows\System\iJMWmdP.exe
  2⤵
  PID:5656
- C:\Windows\System\ecOcrUV.exe
  C:\Windows\System\ecOcrUV.exe
  2⤵
  PID:5680
- C:\Windows\System\roGfvSi.exe
  C:\Windows\System\roGfvSi.exe
  2⤵
  PID:5700
- C:\Windows\System\XMuJFXb.exe
  C:\Windows\System\XMuJFXb.exe
  2⤵
  PID:5728
- C:\Windows\System\QatFxGf.exe
  C:\Windows\System\QatFxGf.exe
  2⤵
  PID:5756
- C:\Windows\System\GYFUgfd.exe
  C:\Windows\System\GYFUgfd.exe
  2⤵
  PID:5772
- C:\Windows\System\exuNcFK.exe
  C:\Windows\System\exuNcFK.exe
  2⤵
  PID:5792
- C:\Windows\System\FEYNpJj.exe
  C:\Windows\System\FEYNpJj.exe
  2⤵
  PID:5808
- C:\Windows\System\DIeeKhL.exe
  C:\Windows\System\DIeeKhL.exe
  2⤵
  PID:5824
- C:\Windows\System\yBpYZWV.exe
  C:\Windows\System\yBpYZWV.exe
  2⤵
  PID:5856
- C:\Windows\System\XGIAGvw.exe
  C:\Windows\System\XGIAGvw.exe
  2⤵
  PID:5872
- C:\Windows\System\MIAnZtM.exe
  C:\Windows\System\MIAnZtM.exe
  2⤵
  PID:5888
- C:\Windows\System\XnSShzB.exe
  C:\Windows\System\XnSShzB.exe
  2⤵
  PID:5908
- C:\Windows\System\YJpMunS.exe
  C:\Windows\System\YJpMunS.exe
  2⤵
  PID:5928
- C:\Windows\System\qTfFoQu.exe
  C:\Windows\System\qTfFoQu.exe
  2⤵
  PID:5948
- C:\Windows\System\gPYKrBt.exe
  C:\Windows\System\gPYKrBt.exe
  2⤵
  PID:5968
- C:\Windows\System\lLufPAm.exe
  C:\Windows\System\lLufPAm.exe
  2⤵
  PID:5996
- C:\Windows\System\FWmCXKE.exe
  C:\Windows\System\FWmCXKE.exe
  2⤵
  PID:6012
- C:\Windows\System\SnIRhoq.exe
  C:\Windows\System\SnIRhoq.exe
  2⤵
  PID:6028
- C:\Windows\System\fHSnHmR.exe
  C:\Windows\System\fHSnHmR.exe
  2⤵
  PID:6044
- C:\Windows\System\QTtNdqb.exe
  C:\Windows\System\QTtNdqb.exe
  2⤵
  PID:6060
- C:\Windows\System\KdzKrNH.exe
  C:\Windows\System\KdzKrNH.exe
  2⤵
  PID:6076
- C:\Windows\System\ngUaOVR.exe
  C:\Windows\System\ngUaOVR.exe
  2⤵
  PID:6096
- C:\Windows\System\EoHGfJH.exe
  C:\Windows\System\EoHGfJH.exe
  2⤵
  PID:6116
- C:\Windows\System\dLYqeSA.exe
  C:\Windows\System\dLYqeSA.exe
  2⤵
  PID:6132
- C:\Windows\System\XWMrhxd.exe
  C:\Windows\System\XWMrhxd.exe
  2⤵
  PID:4348
- C:\Windows\System\IdCTbqA.exe
  C:\Windows\System\IdCTbqA.exe
  2⤵
  PID:4684
- C:\Windows\System\PtaneKL.exe
  C:\Windows\System\PtaneKL.exe
  2⤵
  PID:3652
- C:\Windows\System\vuJVzJV.exe
  C:\Windows\System\vuJVzJV.exe
  2⤵
  PID:5140
- C:\Windows\System\gJiOFcq.exe
  C:\Windows\System\gJiOFcq.exe
  2⤵
  PID:5152
- C:\Windows\System\mLeZvIK.exe
  C:\Windows\System\mLeZvIK.exe
  2⤵
  PID:2288
- C:\Windows\System\GmllBar.exe
  C:\Windows\System\GmllBar.exe
  2⤵
  PID:5192
- C:\Windows\System\RzMzolw.exe
  C:\Windows\System\RzMzolw.exe
  2⤵
  PID:5328
- C:\Windows\System\nYvJQhz.exe
  C:\Windows\System\nYvJQhz.exe
  2⤵
  PID:5340
- C:\Windows\System\qyFeIKy.exe
  C:\Windows\System\qyFeIKy.exe
  2⤵
  PID:5404
- C:\Windows\System\eFOSeqV.exe
  C:\Windows\System\eFOSeqV.exe
  2⤵
  PID:5440
- C:\Windows\System\fAPFvgI.exe
  C:\Windows\System\fAPFvgI.exe
  2⤵
  PID:2368
- C:\Windows\System\apmqwoy.exe
  C:\Windows\System\apmqwoy.exe
  2⤵
  PID:5420
- C:\Windows\System\uTCrYGc.exe
  C:\Windows\System\uTCrYGc.exe
  2⤵
  PID:5504
- C:\Windows\System\RQLqHiY.exe
  C:\Windows\System\RQLqHiY.exe
  2⤵
  PID:5356
- C:\Windows\System\oirEBqp.exe
  C:\Windows\System\oirEBqp.exe
  2⤵
  PID:1816
- C:\Windows\System\LUHKbRS.exe
  C:\Windows\System\LUHKbRS.exe
  2⤵
  PID:5548
- C:\Windows\System\gGaYYVr.exe
  C:\Windows\System\gGaYYVr.exe
  2⤵
  PID:5584
- C:\Windows\System\jUIwlpb.exe
  C:\Windows\System\jUIwlpb.exe
  2⤵
  PID:5632
- C:\Windows\System\uRXmgsj.exe
  C:\Windows\System\uRXmgsj.exe
  2⤵
  PID:5604
- C:\Windows\System\CFbPYVs.exe
  C:\Windows\System\CFbPYVs.exe
  2⤵
  PID:5708
- C:\Windows\System\UPDIKAj.exe
  C:\Windows\System\UPDIKAj.exe
  2⤵
  PID:5672
- C:\Windows\System\tcIQTYe.exe
  C:\Windows\System\tcIQTYe.exe
  2⤵
  PID:5788
- C:\Windows\System\aLqGXlv.exe
  C:\Windows\System\aLqGXlv.exe
  2⤵
  PID:5724
- C:\Windows\System\FsaLPPi.exe
  C:\Windows\System\FsaLPPi.exe
  2⤵
  PID:5800
- C:\Windows\System\VjXgvIb.exe
  C:\Windows\System\VjXgvIb.exe
  2⤵
  PID:5844
- C:\Windows\System\xtWiqZx.exe
  C:\Windows\System\xtWiqZx.exe
  2⤵
  PID:5832
- C:\Windows\System\jJajueH.exe
  C:\Windows\System\jJajueH.exe
  2⤵
  PID:2180
- C:\Windows\System\yBkXSfW.exe
  C:\Windows\System\yBkXSfW.exe
  2⤵
  PID:964
- C:\Windows\System\fqZsdsF.exe
  C:\Windows\System\fqZsdsF.exe
  2⤵
  PID:5940
- C:\Windows\System\RFOUheF.exe
  C:\Windows\System\RFOUheF.exe
  2⤵
  PID:5988
- C:\Windows\System\MFNocCc.exe
  C:\Windows\System\MFNocCc.exe
  2⤵
  PID:6020
- C:\Windows\System\Qaxlifr.exe
  C:\Windows\System\Qaxlifr.exe
  2⤵
  PID:6072
- C:\Windows\System\edUkVxD.exe
  C:\Windows\System\edUkVxD.exe
  2⤵
  PID:1032
- C:\Windows\System\yvqzZzX.exe
  C:\Windows\System\yvqzZzX.exe
  2⤵
  PID:5160
- C:\Windows\System\FFrpsyB.exe
  C:\Windows\System\FFrpsyB.exe
  2⤵
  PID:5204
- C:\Windows\System\wNLsXvE.exe
  C:\Windows\System\wNLsXvE.exe
  2⤵
  PID:4840
- C:\Windows\System\emZIetc.exe
  C:\Windows\System\emZIetc.exe
  2⤵
  PID:5208
- C:\Windows\System\dInaTcG.exe
  C:\Windows\System\dInaTcG.exe
  2⤵
  PID:5256
- C:\Windows\System\elcxmfv.exe
  C:\Windows\System\elcxmfv.exe
  2⤵
  PID:5220
- C:\Windows\System\YAffXim.exe
  C:\Windows\System\YAffXim.exe
  2⤵
  PID:5460
- C:\Windows\System\ZNPntpD.exe
  C:\Windows\System\ZNPntpD.exe
  2⤵
  PID:5496
- C:\Windows\System\HTZeXcj.exe
  C:\Windows\System\HTZeXcj.exe
  2⤵
  PID:5568
- C:\Windows\System\TPnngoS.exe
  C:\Windows\System\TPnngoS.exe
  2⤵
  PID:5360
- C:\Windows\System\GIhvbsL.exe
  C:\Windows\System\GIhvbsL.exe
  2⤵
  PID:5308
- C:\Windows\System\BsYhOCp.exe
  C:\Windows\System\BsYhOCp.exe
  2⤵
  PID:5544
- C:\Windows\System\vRBftaS.exe
  C:\Windows\System\vRBftaS.exe
  2⤵
  PID:5696
- C:\Windows\System\SlZsBRD.exe
  C:\Windows\System\SlZsBRD.exe
  2⤵
  PID:5736
- C:\Windows\System\dpQkhuN.exe
  C:\Windows\System\dpQkhuN.exe
  2⤵
  PID:5748
- C:\Windows\System\mgfCpsx.exe
  C:\Windows\System\mgfCpsx.exe
  2⤵
  PID:5720
- C:\Windows\System\gruLCBI.exe
  C:\Windows\System\gruLCBI.exe
  2⤵
  PID:5768
- C:\Windows\System\jqvaodb.exe
  C:\Windows\System\jqvaodb.exe
  2⤵
  PID:5868
- C:\Windows\System\lRbSsmX.exe
  C:\Windows\System\lRbSsmX.exe
  2⤵
  PID:5992
- C:\Windows\System\wMwBklo.exe
  C:\Windows\System\wMwBklo.exe
  2⤵
  PID:316
- C:\Windows\System\GjatiYv.exe
  C:\Windows\System\GjatiYv.exe
  2⤵
  PID:6052
- C:\Windows\System\LwDlNQt.exe
  C:\Windows\System\LwDlNQt.exe
  2⤵
  PID:6088
- C:\Windows\System\PMeYaPH.exe
  C:\Windows\System\PMeYaPH.exe
  2⤵
  PID:5172
- C:\Windows\System\DVjEuAf.exe
  C:\Windows\System\DVjEuAf.exe
  2⤵
  PID:5480
- C:\Windows\System\kWNJUzz.exe
  C:\Windows\System\kWNJUzz.exe
  2⤵
  PID:5336
- C:\Windows\System\lmwDoXY.exe
  C:\Windows\System\lmwDoXY.exe
  2⤵
  PID:5284
- C:\Windows\System\zFFFRRG.exe
  C:\Windows\System\zFFFRRG.exe
  2⤵
  PID:5616
- C:\Windows\System\cUarlwL.exe
  C:\Windows\System\cUarlwL.exe
  2⤵
  PID:2964
- C:\Windows\System\BGGqRsP.exe
  C:\Windows\System\BGGqRsP.exe
  2⤵
  PID:5600
- C:\Windows\System\QONvgdE.exe
  C:\Windows\System\QONvgdE.exe
  2⤵
  PID:5716
- C:\Windows\System\QxjHplU.exe
  C:\Windows\System\QxjHplU.exe
  2⤵
  PID:5864
- C:\Windows\System\KnGNEYw.exe
  C:\Windows\System\KnGNEYw.exe
  2⤵
  PID:5900
- C:\Windows\System\rgPDpKo.exe
  C:\Windows\System\rgPDpKo.exe
  2⤵
  PID:5692
- C:\Windows\System\qFTjDAy.exe
  C:\Windows\System\qFTjDAy.exe
  2⤵
  PID:5896
- C:\Windows\System\iZIhvEC.exe
  C:\Windows\System\iZIhvEC.exe
  2⤵
  PID:6084
- C:\Windows\System\dMjXohr.exe
  C:\Windows\System\dMjXohr.exe
  2⤵
  PID:5436
- C:\Windows\System\yqZMplI.exe
  C:\Windows\System\yqZMplI.exe
  2⤵
  PID:5372
- C:\Windows\System\HEbVcAA.exe
  C:\Windows\System\HEbVcAA.exe
  2⤵
  PID:5848
- C:\Windows\System\VkoXQpe.exe
  C:\Windows\System\VkoXQpe.exe
  2⤵
  PID:6108
- C:\Windows\System\NywcKVO.exe
  C:\Windows\System\NywcKVO.exe
  2⤵
  PID:6112
- C:\Windows\System\emGoRLb.exe
  C:\Windows\System\emGoRLb.exe
  2⤵
  PID:5540
- C:\Windows\System\wUPBdqh.exe
  C:\Windows\System\wUPBdqh.exe
  2⤵
  PID:5836
- C:\Windows\System\pdpIDKb.exe
  C:\Windows\System\pdpIDKb.exe
  2⤵
  PID:5636
- C:\Windows\System\vbIKiEe.exe
  C:\Windows\System\vbIKiEe.exe
  2⤵
  PID:5472
- C:\Windows\System\xweDWkq.exe
  C:\Windows\System\xweDWkq.exe
  2⤵
  PID:5976
- C:\Windows\System\EVLGGeX.exe
  C:\Windows\System\EVLGGeX.exe
  2⤵
  PID:2092
- C:\Windows\System\MPggmuO.exe
  C:\Windows\System\MPggmuO.exe
  2⤵
  PID:5688
- C:\Windows\System\nlReUgA.exe
  C:\Windows\System\nlReUgA.exe
  2⤵
  PID:2740
- C:\Windows\System\lThjuKv.exe
  C:\Windows\System\lThjuKv.exe
  2⤵
  PID:5492
- C:\Windows\System\exHGotN.exe
  C:\Windows\System\exHGotN.exe
  2⤵
  PID:6160
- C:\Windows\System\rUKJPHg.exe
  C:\Windows\System\rUKJPHg.exe
  2⤵
  PID:6180
- C:\Windows\System\uDNJwgU.exe
  C:\Windows\System\uDNJwgU.exe
  2⤵
  PID:6196
- C:\Windows\System\OeCHfVh.exe
  C:\Windows\System\OeCHfVh.exe
  2⤵
  PID:6216
- C:\Windows\System\asNeINO.exe
  C:\Windows\System\asNeINO.exe
  2⤵
  PID:6240
- C:\Windows\System\PeCwOam.exe
  C:\Windows\System\PeCwOam.exe
  2⤵
  PID:6264
- C:\Windows\System\ogUIWYz.exe
  C:\Windows\System\ogUIWYz.exe
  2⤵
  PID:6284
- C:\Windows\System\PvGZVuV.exe
  C:\Windows\System\PvGZVuV.exe
  2⤵
  PID:6300
- C:\Windows\System\WLvzTcD.exe
  C:\Windows\System\WLvzTcD.exe
  2⤵
  PID:6324
- C:\Windows\System\doBBcMk.exe
  C:\Windows\System\doBBcMk.exe
  2⤵
  PID:6340
- C:\Windows\System\KzbhEgb.exe
  C:\Windows\System\KzbhEgb.exe
  2⤵
  PID:6364
- C:\Windows\System\IirmWxs.exe
  C:\Windows\System\IirmWxs.exe
  2⤵
  PID:6384
- C:\Windows\System\wqnaCoq.exe
  C:\Windows\System\wqnaCoq.exe
  2⤵
  PID:6408
- C:\Windows\System\XYiGZvh.exe
  C:\Windows\System\XYiGZvh.exe
  2⤵
  PID:6428
- C:\Windows\System\HnYrqRA.exe
  C:\Windows\System\HnYrqRA.exe
  2⤵
  PID:6448
- C:\Windows\System\kiReksU.exe
  C:\Windows\System\kiReksU.exe
  2⤵
  PID:6468
- C:\Windows\System\flBDhbv.exe
  C:\Windows\System\flBDhbv.exe
  2⤵
  PID:6484
- C:\Windows\System\qjCgjLK.exe
  C:\Windows\System\qjCgjLK.exe
  2⤵
  PID:6512
- C:\Windows\System\NybCACS.exe
  C:\Windows\System\NybCACS.exe
  2⤵
  PID:6532
- C:\Windows\System\ZSGmYml.exe
  C:\Windows\System\ZSGmYml.exe
  2⤵
  PID:6552
- C:\Windows\System\qSeCSrD.exe
  C:\Windows\System\qSeCSrD.exe
  2⤵
  PID:6568
- C:\Windows\System\tmAZExW.exe
  C:\Windows\System\tmAZExW.exe
  2⤵
  PID:6588
- C:\Windows\System\CBcMZwW.exe
  C:\Windows\System\CBcMZwW.exe
  2⤵
  PID:6604
- C:\Windows\System\onSAvEb.exe
  C:\Windows\System\onSAvEb.exe
  2⤵
  PID:6620
- C:\Windows\System\WqqlACK.exe
  C:\Windows\System\WqqlACK.exe
  2⤵
  PID:6636
- C:\Windows\System\oZywBTY.exe
  C:\Windows\System\oZywBTY.exe
  2⤵
  PID:6652
- C:\Windows\System\osVKbRf.exe
  C:\Windows\System\osVKbRf.exe
  2⤵
  PID:6672
- C:\Windows\System\XdKlqgk.exe
  C:\Windows\System\XdKlqgk.exe
  2⤵
  PID:6692
- C:\Windows\System\PSafQMb.exe
  C:\Windows\System\PSafQMb.exe
  2⤵
  PID:6708
- C:\Windows\System\XjnbWQA.exe
  C:\Windows\System\XjnbWQA.exe
  2⤵
  PID:6724
- C:\Windows\System\okmwhSs.exe
  C:\Windows\System\okmwhSs.exe
  2⤵
  PID:6764
- C:\Windows\System\cnGUhnQ.exe
  C:\Windows\System\cnGUhnQ.exe
  2⤵
  PID:6780
- C:\Windows\System\izAqwkG.exe
  C:\Windows\System\izAqwkG.exe
  2⤵
  PID:6824
- C:\Windows\System\qGEVNkR.exe
  C:\Windows\System\qGEVNkR.exe
  2⤵
  PID:6840
- C:\Windows\System\HunPEAa.exe
  C:\Windows\System\HunPEAa.exe
  2⤵
  PID:6856
- C:\Windows\System\rGQjnIT.exe
  C:\Windows\System\rGQjnIT.exe
  2⤵
  PID:6876
- C:\Windows\System\RKxXBFA.exe
  C:\Windows\System\RKxXBFA.exe
  2⤵
  PID:6892
- C:\Windows\System\tjnNKMv.exe
  C:\Windows\System\tjnNKMv.exe
  2⤵
  PID:6908
- C:\Windows\System\YyJWIgv.exe
  C:\Windows\System\YyJWIgv.exe
  2⤵
  PID:6928
- C:\Windows\System\KCZBNwV.exe
  C:\Windows\System\KCZBNwV.exe
  2⤵
  PID:6952
- C:\Windows\System\BQvUstf.exe
  C:\Windows\System\BQvUstf.exe
  2⤵
  PID:6968
- C:\Windows\System\FAdmmoQ.exe
  C:\Windows\System\FAdmmoQ.exe
  2⤵
  PID:7004
- C:\Windows\System\JtzjLpM.exe
  C:\Windows\System\JtzjLpM.exe
  2⤵
  PID:7020
- C:\Windows\System\muFClnx.exe
  C:\Windows\System\muFClnx.exe
  2⤵
  PID:7036
- C:\Windows\System\wpLSwWd.exe
  C:\Windows\System\wpLSwWd.exe
  2⤵
  PID:7056
- C:\Windows\System\gOOajBK.exe
  C:\Windows\System\gOOajBK.exe
  2⤵
  PID:7072
- C:\Windows\System\qHqcZqW.exe
  C:\Windows\System\qHqcZqW.exe
  2⤵
  PID:7096
- C:\Windows\System\AyBcAwN.exe
  C:\Windows\System\AyBcAwN.exe
  2⤵
  PID:7112
- C:\Windows\System\kihMlDN.exe
  C:\Windows\System\kihMlDN.exe
  2⤵
  PID:7128
- C:\Windows\System\EToyMvt.exe
  C:\Windows\System\EToyMvt.exe
  2⤵
  PID:7164
- C:\Windows\System\uqheXZz.exe
  C:\Windows\System\uqheXZz.exe
  2⤵
  PID:6156
- C:\Windows\System\uscTXZI.exe
  C:\Windows\System\uscTXZI.exe
  2⤵
  PID:6224
- C:\Windows\System\yRZUfas.exe
  C:\Windows\System\yRZUfas.exe
  2⤵
  PID:6276
- C:\Windows\System\uMZddai.exe
  C:\Windows\System\uMZddai.exe
  2⤵
  PID:6312
- C:\Windows\System\POnaMwE.exe
  C:\Windows\System\POnaMwE.exe
  2⤵
  PID:6248
- C:\Windows\System\fgsPXGt.exe
  C:\Windows\System\fgsPXGt.exe
  2⤵
  PID:5580
- C:\Windows\System\AatAvJN.exe
  C:\Windows\System\AatAvJN.exe
  2⤵
  PID:2452
- C:\Windows\System\tOdDEDZ.exe
  C:\Windows\System\tOdDEDZ.exe
  2⤵
  PID:6356
- C:\Windows\System\hXriqxx.exe
  C:\Windows\System\hXriqxx.exe
  2⤵
  PID:6296
- C:\Windows\System\jHRTuqr.exe
  C:\Windows\System\jHRTuqr.exe
  2⤵
  PID:6400
- C:\Windows\System\JUBbKYi.exe
  C:\Windows\System\JUBbKYi.exe
  2⤵
  PID:6436
- C:\Windows\System\YpSxSQY.exe
  C:\Windows\System\YpSxSQY.exe
  2⤵
  PID:6480
- C:\Windows\System\QvkvMEU.exe
  C:\Windows\System\QvkvMEU.exe
  2⤵
  PID:6416
- C:\Windows\System\IHwrhZD.exe
  C:\Windows\System\IHwrhZD.exe
  2⤵
  PID:6460
- C:\Windows\System\JQIOQyu.exe
  C:\Windows\System\JQIOQyu.exe
  2⤵
  PID:6500
- C:\Windows\System\NnAKSFE.exe
  C:\Windows\System\NnAKSFE.exe
  2⤵
  PID:6528
- C:\Windows\System\FnlzhGI.exe
  C:\Windows\System\FnlzhGI.exe
  2⤵
  PID:6584
- C:\Windows\System\bDVVpPi.exe
  C:\Windows\System\bDVVpPi.exe
  2⤵
  PID:6632
- C:\Windows\System\MvjcMYp.exe
  C:\Windows\System\MvjcMYp.exe
  2⤵
  PID:6740
- C:\Windows\System\tfHVTpk.exe
  C:\Windows\System\tfHVTpk.exe
  2⤵
  PID:6736
- C:\Windows\System\CsEIvgC.exe
  C:\Windows\System\CsEIvgC.exe
  2⤵
  PID:6688
- C:\Windows\System\hFvKjeF.exe
  C:\Windows\System\hFvKjeF.exe
  2⤵
  PID:6772
- C:\Windows\System\ngwaSWx.exe
  C:\Windows\System\ngwaSWx.exe
  2⤵
  PID:6796
- C:\Windows\System\KpUxABP.exe
  C:\Windows\System\KpUxABP.exe
  2⤵
  PID:944
- C:\Windows\System\WsrHxCM.exe
  C:\Windows\System\WsrHxCM.exe
  2⤵
  PID:6888
- C:\Windows\System\GNBUgVN.exe
  C:\Windows\System\GNBUgVN.exe
  2⤵
  PID:6920
- C:\Windows\System\ooiWkFo.exe
  C:\Windows\System\ooiWkFo.exe
  2⤵
  PID:6960
- C:\Windows\System\ARMPNcC.exe
  C:\Windows\System\ARMPNcC.exe
  2⤵
  PID:6904
- C:\Windows\System\XNgtkGz.exe
  C:\Windows\System\XNgtkGz.exe
  2⤵
  PID:6836
- C:\Windows\System\TtruSvG.exe
  C:\Windows\System\TtruSvG.exe
  2⤵
  PID:7000
- C:\Windows\System\hfPsDkH.exe
  C:\Windows\System\hfPsDkH.exe
  2⤵
  PID:6808
- C:\Windows\System\ZPXihFk.exe
  C:\Windows\System\ZPXihFk.exe
  2⤵
  PID:7084
- C:\Windows\System\amSOdtx.exe
  C:\Windows\System\amSOdtx.exe
  2⤵
  PID:7064
- C:\Windows\System\QSOpPIZ.exe
  C:\Windows\System\QSOpPIZ.exe
  2⤵
  PID:7152
- C:\Windows\System\oQuMYWP.exe
  C:\Windows\System\oQuMYWP.exe
  2⤵
  PID:5564
- C:\Windows\System\WfFfusv.exe
  C:\Windows\System\WfFfusv.exe
  2⤵
  PID:6236
- C:\Windows\System\qMcbabo.exe
  C:\Windows\System\qMcbabo.exe
  2⤵
  PID:6348
- C:\Windows\System\tjiAfCn.exe
  C:\Windows\System\tjiAfCn.exe
  2⤵
  PID:6212
- C:\Windows\System\vkyKpSB.exe
  C:\Windows\System\vkyKpSB.exe
  2⤵
  PID:6172
- C:\Windows\System\muqGiBW.exe
  C:\Windows\System\muqGiBW.exe
  2⤵
  PID:6004
- C:\Windows\System\VZfZPHS.exe
  C:\Windows\System\VZfZPHS.exe
  2⤵
  PID:6292
- C:\Windows\System\HvzfwXE.exe
  C:\Windows\System\HvzfwXE.exe
  2⤵
  PID:6440
- C:\Windows\System\UsRgVBn.exe
  C:\Windows\System\UsRgVBn.exe
  2⤵
  PID:6504
- C:\Windows\System\NhHeVaB.exe
  C:\Windows\System\NhHeVaB.exe
  2⤵
  PID:6600
- C:\Windows\System\xvBxWkN.exe
  C:\Windows\System\xvBxWkN.exe
  2⤵
  PID:6720
- C:\Windows\System\WEBbYQB.exe
  C:\Windows\System\WEBbYQB.exe
  2⤵
  PID:6208
- C:\Windows\System\drleNro.exe
  C:\Windows\System\drleNro.exe
  2⤵
  PID:6648
- C:\Windows\System\BUbuuFr.exe
  C:\Windows\System\BUbuuFr.exe
  2⤵
  PID:6816
- C:\Windows\System\PtIKfGh.exe
  C:\Windows\System\PtIKfGh.exe
  2⤵
  PID:6884
- C:\Windows\System\uAnNxox.exe
  C:\Windows\System\uAnNxox.exe
  2⤵
  PID:6944
- C:\Windows\System\tdaAIOH.exe
  C:\Windows\System\tdaAIOH.exe
  2⤵
  PID:6984
- C:\Windows\System\SyTyUZq.exe
  C:\Windows\System\SyTyUZq.exe
  2⤵
  PID:7088
- C:\Windows\System\kFkPTZB.exe
  C:\Windows\System\kFkPTZB.exe
  2⤵
  PID:6976
- C:\Windows\System\RKgLsrv.exe
  C:\Windows\System\RKgLsrv.exe
  2⤵
  PID:7136
- C:\Windows\System\kUWVVHk.exe
  C:\Windows\System\kUWVVHk.exe
  2⤵
  PID:7160
- C:\Windows\System\wFbpiGb.exe
  C:\Windows\System\wFbpiGb.exe
  2⤵
  PID:5652
- C:\Windows\System\kXPwMES.exe
  C:\Windows\System\kXPwMES.exe
  2⤵
  PID:5980
- C:\Windows\System\ZRlSZHR.exe
  C:\Windows\System\ZRlSZHR.exe
  2⤵
  PID:2108
- C:\Windows\System\ldkiwWd.exe
  C:\Windows\System\ldkiwWd.exe
  2⤵
  PID:6732
- C:\Windows\System\nqedNTt.exe
  C:\Windows\System\nqedNTt.exe
  2⤵
  PID:6524
- C:\Windows\System\OSumIEH.exe
  C:\Windows\System\OSumIEH.exe
  2⤵
  PID:6548
- C:\Windows\System\KaColtS.exe
  C:\Windows\System\KaColtS.exe
  2⤵
  PID:6580
- C:\Windows\System\Vhndjvq.exe
  C:\Windows\System\Vhndjvq.exe
  2⤵
  PID:6788
- C:\Windows\System\YkzhcUF.exe
  C:\Windows\System\YkzhcUF.exe
  2⤵
  PID:6872
- C:\Windows\System\bdGaqgY.exe
  C:\Windows\System\bdGaqgY.exe
  2⤵
  PID:6940
- C:\Windows\System\NGjKuuV.exe
  C:\Windows\System\NGjKuuV.exe
  2⤵
  PID:7080
- C:\Windows\System\vzsNRys.exe
  C:\Windows\System\vzsNRys.exe
  2⤵
  PID:7052
- C:\Windows\System\xOzjIAZ.exe
  C:\Windows\System\xOzjIAZ.exe
  2⤵
  PID:5956
- C:\Windows\System\RPBIchw.exe
  C:\Windows\System\RPBIchw.exe
  2⤵
  PID:6256
- C:\Windows\System\azYwcUv.exe
  C:\Windows\System\azYwcUv.exe
  2⤵
  PID:6716
- C:\Windows\System\bDKbTlD.exe
  C:\Windows\System\bDKbTlD.exe
  2⤵
  PID:6192
- C:\Windows\System\bEoYNyr.exe
  C:\Windows\System\bEoYNyr.exe
  2⤵
  PID:6396
- C:\Windows\System\osZzqgU.exe
  C:\Windows\System\osZzqgU.exe
  2⤵
  PID:6996
- C:\Windows\System\sYESaVy.exe
  C:\Windows\System\sYESaVy.exe
  2⤵
  PID:6660
- C:\Windows\System\DIxQtMY.exe
  C:\Windows\System\DIxQtMY.exe
  2⤵
  PID:7176
- C:\Windows\System\nyvSnXA.exe
  C:\Windows\System\nyvSnXA.exe
  2⤵
  PID:7200
- C:\Windows\System\BQoAWdK.exe
  C:\Windows\System\BQoAWdK.exe
  2⤵
  PID:7252
- C:\Windows\System\ZcNAnkY.exe
  C:\Windows\System\ZcNAnkY.exe
  2⤵
  PID:7272
- C:\Windows\System\aNxCCcp.exe
  C:\Windows\System\aNxCCcp.exe
  2⤵
  PID:7288
- C:\Windows\System\EnMLktc.exe
  C:\Windows\System\EnMLktc.exe
  2⤵
  PID:7308
- C:\Windows\System\GcvTFIJ.exe
  C:\Windows\System\GcvTFIJ.exe
  2⤵
  PID:7324
- C:\Windows\System\mKXfjKN.exe
  C:\Windows\System\mKXfjKN.exe
  2⤵
  PID:7340
- C:\Windows\System\ilnDaOR.exe
  C:\Windows\System\ilnDaOR.exe
  2⤵
  PID:7364
- C:\Windows\System\qXXOFhc.exe
  C:\Windows\System\qXXOFhc.exe
  2⤵
  PID:7384
- C:\Windows\System\YahANKj.exe
  C:\Windows\System\YahANKj.exe
  2⤵
  PID:7404
- C:\Windows\System\FnTAosN.exe
  C:\Windows\System\FnTAosN.exe
  2⤵
  PID:7420
- C:\Windows\System\oUZhCRW.exe
  C:\Windows\System\oUZhCRW.exe
  2⤵
  PID:7440
- C:\Windows\System\zpqOMMR.exe
  C:\Windows\System\zpqOMMR.exe
  2⤵
  PID:7456
- C:\Windows\System\UqtDKHG.exe
  C:\Windows\System\UqtDKHG.exe
  2⤵
  PID:7476
- C:\Windows\System\fbCRPFV.exe
  C:\Windows\System\fbCRPFV.exe
  2⤵
  PID:7496
- C:\Windows\System\NCAvdIr.exe
  C:\Windows\System\NCAvdIr.exe
  2⤵
  PID:7516
- C:\Windows\System\ZoxIPaQ.exe
  C:\Windows\System\ZoxIPaQ.exe
  2⤵
  PID:7532
- C:\Windows\System\nlgPcjV.exe
  C:\Windows\System\nlgPcjV.exe
  2⤵
  PID:7552
- C:\Windows\System\wZLNLFP.exe
  C:\Windows\System\wZLNLFP.exe
  2⤵
  PID:7600
- C:\Windows\System\dQhQxOB.exe
  C:\Windows\System\dQhQxOB.exe
  2⤵
  PID:7616
- C:\Windows\System\KbjJHZa.exe
  C:\Windows\System\KbjJHZa.exe
  2⤵
  PID:7632
- C:\Windows\System\cnsLdnv.exe
  C:\Windows\System\cnsLdnv.exe
  2⤵
  PID:7648
- C:\Windows\System\fwhQSHc.exe
  C:\Windows\System\fwhQSHc.exe
  2⤵
  PID:7668
- C:\Windows\System\DiJnavj.exe
  C:\Windows\System\DiJnavj.exe
  2⤵
  PID:7688
- C:\Windows\System\JCaAtYb.exe
  C:\Windows\System\JCaAtYb.exe
  2⤵
  PID:7704
- C:\Windows\System\pxqLoAP.exe
  C:\Windows\System\pxqLoAP.exe
  2⤵
  PID:7728
- C:\Windows\System\IQTOqHn.exe
  C:\Windows\System\IQTOqHn.exe
  2⤵
  PID:7748
- C:\Windows\System\AktHcqy.exe
  C:\Windows\System\AktHcqy.exe
  2⤵
  PID:7772
- C:\Windows\System\eEAxKJs.exe
  C:\Windows\System\eEAxKJs.exe
  2⤵
  PID:7792
- C:\Windows\System\rOQpyfB.exe
  C:\Windows\System\rOQpyfB.exe
  2⤵
  PID:7812
- C:\Windows\System\KjRYcKp.exe
  C:\Windows\System\KjRYcKp.exe
  2⤵
  PID:7840
- C:\Windows\System\PSiPytM.exe
  C:\Windows\System\PSiPytM.exe
  2⤵
  PID:7856
- C:\Windows\System\dJjlElM.exe
  C:\Windows\System\dJjlElM.exe
  2⤵
  PID:7876
- C:\Windows\System\VxYdxPQ.exe
  C:\Windows\System\VxYdxPQ.exe
  2⤵
  PID:7900
- C:\Windows\System\FBtHmQV.exe
  C:\Windows\System\FBtHmQV.exe
  2⤵
  PID:7920
- C:\Windows\System\KJKCHgI.exe
  C:\Windows\System\KJKCHgI.exe
  2⤵
  PID:7936
- C:\Windows\System\xeUJdcl.exe
  C:\Windows\System\xeUJdcl.exe
  2⤵
  PID:7952
- C:\Windows\System\AUHbhbn.exe
  C:\Windows\System\AUHbhbn.exe
  2⤵
  PID:7972
- C:\Windows\System\aIdeLxW.exe
  C:\Windows\System\aIdeLxW.exe
  2⤵
  PID:7996
- C:\Windows\System\SUJybZG.exe
  C:\Windows\System\SUJybZG.exe
  2⤵
  PID:8012
- C:\Windows\System\PjHiiHo.exe
  C:\Windows\System\PjHiiHo.exe
  2⤵
  PID:8036
- C:\Windows\System\vnDpQaZ.exe
  C:\Windows\System\vnDpQaZ.exe
  2⤵
  PID:8060
- C:\Windows\System\ZrBWnlp.exe
  C:\Windows\System\ZrBWnlp.exe
  2⤵
  PID:8088
- C:\Windows\System\TDlqUqX.exe
  C:\Windows\System\TDlqUqX.exe
  2⤵
  PID:8104
- C:\Windows\System\siYJNKG.exe
  C:\Windows\System\siYJNKG.exe
  2⤵
  PID:8120
- C:\Windows\System\ouYjQeY.exe
  C:\Windows\System\ouYjQeY.exe
  2⤵
  PID:8140
- C:\Windows\System\giYpPHw.exe
  C:\Windows\System\giYpPHw.exe
  2⤵
  PID:8156
- C:\Windows\System\LWjkade.exe
  C:\Windows\System\LWjkade.exe
  2⤵
  PID:8188
- C:\Windows\System\mlywlpn.exe
  C:\Windows\System\mlywlpn.exe
  2⤵
  PID:6704
- C:\Windows\System\NXqLMQd.exe
  C:\Windows\System\NXqLMQd.exe
  2⤵
  PID:7208
- C:\Windows\System\taZVCww.exe
  C:\Windows\System\taZVCww.exe
  2⤵
  PID:7212
- C:\Windows\System\RfpReLN.exe
  C:\Windows\System\RfpReLN.exe
  2⤵
  PID:6916
- C:\Windows\System\tvLhjIa.exe
  C:\Windows\System\tvLhjIa.exe
  2⤵
  PID:7240
- C:\Windows\System\lwsNXNk.exe
  C:\Windows\System\lwsNXNk.exe
  2⤵
  PID:7196
- C:\Windows\System\CqvJCXB.exe
  C:\Windows\System\CqvJCXB.exe
  2⤵
  PID:6756
- C:\Windows\System\ohFffdM.exe
  C:\Windows\System\ohFffdM.exe
  2⤵
  PID:6492
- C:\Windows\System\IjwEYax.exe
  C:\Windows\System\IjwEYax.exe
  2⤵
  PID:6832
- C:\Windows\System\moJBotv.exe
  C:\Windows\System\moJBotv.exe
  2⤵
  PID:7348
- C:\Windows\System\NeyaQMN.exe
  C:\Windows\System\NeyaQMN.exe
  2⤵
  PID:7392
- C:\Windows\System\mvXpINu.exe
  C:\Windows\System\mvXpINu.exe
  2⤵
  PID:7464
- C:\Windows\System\ViFStkl.exe
  C:\Windows\System\ViFStkl.exe
  2⤵
  PID:7544
- C:\Windows\System\AOZCduG.exe
  C:\Windows\System\AOZCduG.exe
  2⤵
  PID:7372
- C:\Windows\System\hIMtolD.exe
  C:\Windows\System\hIMtolD.exe
  2⤵
  PID:7304
- C:\Windows\System\GZkoQUP.exe
  C:\Windows\System\GZkoQUP.exe
  2⤵
  PID:7608
- C:\Windows\System\phRyxeS.exe
  C:\Windows\System\phRyxeS.exe
  2⤵
  PID:7716
- C:\Windows\System\BPDwNnC.exe
  C:\Windows\System\BPDwNnC.exe
  2⤵
  PID:7720
- C:\Windows\System\iRcsZJU.exe
  C:\Windows\System\iRcsZJU.exe
  2⤵
  PID:7756
- C:\Windows\System\nxKhcnG.exe
  C:\Windows\System\nxKhcnG.exe
  2⤵
  PID:7700
- C:\Windows\System\xQiHFno.exe
  C:\Windows\System\xQiHFno.exe
  2⤵
  PID:7488
- C:\Windows\System\UtodBYd.exe
  C:\Windows\System\UtodBYd.exe
  2⤵
  PID:7564
- C:\Windows\System\xHSMShL.exe
  C:\Windows\System\xHSMShL.exe
  2⤵
  PID:7660
- C:\Windows\System\CVkQgic.exe
  C:\Windows\System\CVkQgic.exe
  2⤵
  PID:7788
- C:\Windows\System\hNbSsdG.exe
  C:\Windows\System\hNbSsdG.exe
  2⤵
  PID:7780
- C:\Windows\System\czSPkPO.exe
  C:\Windows\System\czSPkPO.exe
  2⤵
  PID:7848
- C:\Windows\System\yOBoYVV.exe
  C:\Windows\System\yOBoYVV.exe
  2⤵
  PID:7872
- C:\Windows\System\IaWUvEM.exe
  C:\Windows\System\IaWUvEM.exe
  2⤵
  PID:7960
- C:\Windows\System\yzBJuZA.exe
  C:\Windows\System\yzBJuZA.exe
  2⤵
  PID:7944
- C:\Windows\System\KpehJmg.exe
  C:\Windows\System\KpehJmg.exe
  2⤵
  PID:8056
- C:\Windows\System\boDmgly.exe
  C:\Windows\System\boDmgly.exe
  2⤵
  PID:8068
- C:\Windows\System\cdwGGiC.exe
  C:\Windows\System\cdwGGiC.exe
  2⤵
  PID:8028
- C:\Windows\System\NmjsBUp.exe
  C:\Windows\System\NmjsBUp.exe
  2⤵
  PID:8096
- C:\Windows\System\toAMkgk.exe
  C:\Windows\System\toAMkgk.exe
  2⤵
  PID:8136
- C:\Windows\System\ZitkTOo.exe
  C:\Windows\System\ZitkTOo.exe
  2⤵
  PID:8184
- C:\Windows\System\FTrslJC.exe
  C:\Windows\System\FTrslJC.exe
  2⤵
  PID:7228
- C:\Windows\System\bMsOgQk.exe
  C:\Windows\System\bMsOgQk.exe
  2⤵
  PID:6680
- C:\Windows\System\XUkuUfa.exe
  C:\Windows\System\XUkuUfa.exe
  2⤵
  PID:7400
- C:\Windows\System\syherWl.exe
  C:\Windows\System\syherWl.exe
  2⤵
  PID:7016
- C:\Windows\System\fUhYvTg.exe
  C:\Windows\System\fUhYvTg.exe
  2⤵
  PID:7336
- C:\Windows\System\AggFpxg.exe
  C:\Windows\System\AggFpxg.exe
  2⤵
  PID:7172
- C:\Windows\System\nBnirFZ.exe
  C:\Windows\System\nBnirFZ.exe
  2⤵
  PID:7284
- C:\Windows\System\kBSdYHf.exe
  C:\Windows\System\kBSdYHf.exe
  2⤵
  PID:7268
- C:\Windows\System\QnsrHOd.exe
  C:\Windows\System\QnsrHOd.exe
  2⤵
  PID:7508
- C:\Windows\System\vScjadW.exe
  C:\Windows\System\vScjadW.exe
  2⤵
  PID:7712
- C:\Windows\System\BoLDRXE.exe
  C:\Windows\System\BoLDRXE.exe
  2⤵
  PID:7764
- C:\Windows\System\cjCpgmh.exe
  C:\Windows\System\cjCpgmh.exe
  2⤵
  PID:7588
- C:\Windows\System\bNmrSwx.exe
  C:\Windows\System\bNmrSwx.exe
  2⤵
  PID:7808
- C:\Windows\System\pfyDhwG.exe
  C:\Windows\System\pfyDhwG.exe
  2⤵
  PID:7568
- C:\Windows\System\YBQycXN.exe
  C:\Windows\System\YBQycXN.exe
  2⤵
  PID:7656
- C:\Windows\System\FKTWXmx.exe
  C:\Windows\System\FKTWXmx.exe
  2⤵
  PID:7828
- C:\Windows\System\marxeVm.exe
  C:\Windows\System\marxeVm.exe
  2⤵
  PID:7908
- C:\Windows\System\ddrVUSn.exe
  C:\Windows\System\ddrVUSn.exe
  2⤵
  PID:7988
- C:\Windows\System\ercOSqC.exe
  C:\Windows\System\ercOSqC.exe
  2⤵
  PID:7980
- C:\Windows\System\YnQMHXQ.exe
  C:\Windows\System\YnQMHXQ.exe
  2⤵
  PID:8128
- C:\Windows\System\NIGNYLi.exe
  C:\Windows\System\NIGNYLi.exe
  2⤵
  PID:6868
- C:\Windows\System\yjsWauT.exe
  C:\Windows\System\yjsWauT.exe
  2⤵
  PID:8072
- C:\Windows\System\JfTqhVD.exe
  C:\Windows\System\JfTqhVD.exe
  2⤵
  PID:7192
- C:\Windows\System\XNUaUpj.exe
  C:\Windows\System\XNUaUpj.exe
  2⤵
  PID:1560
- C:\Windows\System\tVNikmJ.exe
  C:\Windows\System\tVNikmJ.exe
  2⤵
  PID:8116
- C:\Windows\System\ZPGHDNZ.exe
  C:\Windows\System\ZPGHDNZ.exe
  2⤵
  PID:7188
- C:\Windows\System\ZNfbbTO.exe
  C:\Windows\System\ZNfbbTO.exe
  2⤵
  PID:6700
- C:\Windows\System\yuIAmow.exe
  C:\Windows\System\yuIAmow.exe
  2⤵
  PID:7696
- C:\Windows\System\enIQUSW.exe
  C:\Windows\System\enIQUSW.exe
  2⤵
  PID:7832
- C:\Windows\System\rSlCafT.exe
  C:\Windows\System\rSlCafT.exe
  2⤵
  PID:7644
- C:\Windows\System\XfrxAcW.exe
  C:\Windows\System\XfrxAcW.exe
  2⤵
  PID:7736
- C:\Windows\System\dHSXqSZ.exe
  C:\Windows\System\dHSXqSZ.exe
  2⤵
  PID:7892
- C:\Windows\System\kUThDQb.exe
  C:\Windows\System\kUThDQb.exe
  2⤵
  PID:8004
- C:\Windows\System\YueCNWu.exe
  C:\Windows\System\YueCNWu.exe
  2⤵
  PID:8176
- C:\Windows\System\pMpwAJx.exe
  C:\Windows\System\pMpwAJx.exe
  2⤵
  PID:7044
- C:\Windows\System\TozHUBX.exe
  C:\Windows\System\TozHUBX.exe
  2⤵
  PID:6544
- C:\Windows\System\SIVjzGN.exe
  C:\Windows\System\SIVjzGN.exe
  2⤵
  PID:7484
- C:\Windows\System\KimhRFE.exe
  C:\Windows\System\KimhRFE.exe
  2⤵
  PID:8024
- C:\Windows\System\SzEKGSI.exe
  C:\Windows\System\SzEKGSI.exe
  2⤵
  PID:7280
- C:\Windows\System\eNLiMHw.exe
  C:\Windows\System\eNLiMHw.exe
  2⤵
  PID:7412
- C:\Windows\System\rRcEhOV.exe
  C:\Windows\System\rRcEhOV.exe
  2⤵
  PID:7884
- C:\Windows\System\NBYLoUf.exe
  C:\Windows\System\NBYLoUf.exe
  2⤵
  PID:7360
- C:\Windows\System\OwaPjqB.exe
  C:\Windows\System\OwaPjqB.exe
  2⤵
  PID:8132
- C:\Windows\System\ITvQbde.exe
  C:\Windows\System\ITvQbde.exe
  2⤵
  PID:7436
- C:\Windows\System\uiYlNeB.exe
  C:\Windows\System\uiYlNeB.exe
  2⤵
  PID:7396
- C:\Windows\System\KDriMFi.exe
  C:\Windows\System\KDriMFi.exe
  2⤵
  PID:7896
- C:\Windows\System\wAiFKNM.exe
  C:\Windows\System\wAiFKNM.exe
  2⤵
  PID:7300
- C:\Windows\System\JHClddl.exe
  C:\Windows\System\JHClddl.exe
  2⤵
  PID:7684
- C:\Windows\System\fjjUQmh.exe
  C:\Windows\System\fjjUQmh.exe
  2⤵
  PID:7264
- C:\Windows\System\CZKUNMk.exe
  C:\Windows\System\CZKUNMk.exe
  2⤵
  PID:7628
- C:\Windows\System\vDakYCW.exe
  C:\Windows\System\vDakYCW.exe
  2⤵
  PID:8084
- C:\Windows\System\zLltPpq.exe
  C:\Windows\System\zLltPpq.exe
  2⤵
  PID:6176
- C:\Windows\System\DxwOGKH.exe
  C:\Windows\System\DxwOGKH.exe
  2⤵
  PID:8196
- C:\Windows\System\sGAqQuK.exe
  C:\Windows\System\sGAqQuK.exe
  2⤵
  PID:8212
- C:\Windows\System\YHEygKY.exe
  C:\Windows\System\YHEygKY.exe
  2⤵
  PID:8232
- C:\Windows\System\IexhYti.exe
  C:\Windows\System\IexhYti.exe
  2⤵
  PID:8248
- C:\Windows\System\rHcutcV.exe
  C:\Windows\System\rHcutcV.exe
  2⤵
  PID:8268
- C:\Windows\System\SgHeMVL.exe
  C:\Windows\System\SgHeMVL.exe
  2⤵
  PID:8288
- C:\Windows\System\ecoMcdS.exe
  C:\Windows\System\ecoMcdS.exe
  2⤵
  PID:8304
- C:\Windows\System\HLtThnu.exe
  C:\Windows\System\HLtThnu.exe
  2⤵
  PID:8344
- C:\Windows\System\wIGKxaI.exe
  C:\Windows\System\wIGKxaI.exe
  2⤵
  PID:8360
- C:\Windows\System\cmhIFfc.exe
  C:\Windows\System\cmhIFfc.exe
  2⤵
  PID:8380
- C:\Windows\System\zFRtVSm.exe
  C:\Windows\System\zFRtVSm.exe
  2⤵
  PID:8400
- C:\Windows\System\cLdizFy.exe
  C:\Windows\System\cLdizFy.exe
  2⤵
  PID:8424
- C:\Windows\System\IqlcKwA.exe
  C:\Windows\System\IqlcKwA.exe
  2⤵
  PID:8444
- C:\Windows\System\aVAtwSO.exe
  C:\Windows\System\aVAtwSO.exe
  2⤵
  PID:8464
- C:\Windows\System\bfaTPLp.exe
  C:\Windows\System\bfaTPLp.exe
  2⤵
  PID:8492
- C:\Windows\System\RGVkFGg.exe
  C:\Windows\System\RGVkFGg.exe
  2⤵
  PID:8512
- C:\Windows\System\kMcrfyA.exe
  C:\Windows\System\kMcrfyA.exe
  2⤵
  PID:8528
- C:\Windows\System\VhZiXiA.exe
  C:\Windows\System\VhZiXiA.exe
  2⤵
  PID:8544
- C:\Windows\System\pLoFIuY.exe
  C:\Windows\System\pLoFIuY.exe
  2⤵
  PID:8560
- C:\Windows\System\CXYKdRr.exe
  C:\Windows\System\CXYKdRr.exe
  2⤵
  PID:8576
- C:\Windows\System\rdozrjy.exe
  C:\Windows\System\rdozrjy.exe
  2⤵
  PID:8596
- C:\Windows\System\lFSWcas.exe
  C:\Windows\System\lFSWcas.exe
  2⤵
  PID:8616
- C:\Windows\System\dLIPKQP.exe
  C:\Windows\System\dLIPKQP.exe
  2⤵
  PID:8632
- C:\Windows\System\VxomKmv.exe
  C:\Windows\System\VxomKmv.exe
  2⤵
  PID:8652
- C:\Windows\System\cpLVdll.exe
  C:\Windows\System\cpLVdll.exe
  2⤵
  PID:8676
- C:\Windows\System\QZCRTgB.exe
  C:\Windows\System\QZCRTgB.exe
  2⤵
  PID:8712
- C:\Windows\System\nkzOpEI.exe
  C:\Windows\System\nkzOpEI.exe
  2⤵
  PID:8728
- C:\Windows\System\OpcZbja.exe
  C:\Windows\System\OpcZbja.exe
  2⤵
  PID:8744
- C:\Windows\System\mOIfqeu.exe
  C:\Windows\System\mOIfqeu.exe
  2⤵
  PID:8764
- C:\Windows\System\XQkzxiK.exe
  C:\Windows\System\XQkzxiK.exe
  2⤵
  PID:8780
- C:\Windows\System\dgkCuIt.exe
  C:\Windows\System\dgkCuIt.exe
  2⤵
  PID:8796
- C:\Windows\System\pMPEUZx.exe
  C:\Windows\System\pMPEUZx.exe
  2⤵
  PID:8812
- C:\Windows\System\wkZPtvV.exe
  C:\Windows\System\wkZPtvV.exe
  2⤵
  PID:8836
- C:\Windows\System\kNESzZA.exe
  C:\Windows\System\kNESzZA.exe
  2⤵
  PID:8872
- C:\Windows\System\WGCHEfc.exe
  C:\Windows\System\WGCHEfc.exe
  2⤵
  PID:8888
- C:\Windows\System\lzhwdcN.exe
  C:\Windows\System\lzhwdcN.exe
  2⤵
  PID:8908
- C:\Windows\System\pxMeoCU.exe
  C:\Windows\System\pxMeoCU.exe
  2⤵
  PID:8928
- C:\Windows\System\cCnGtig.exe
  C:\Windows\System\cCnGtig.exe
  2⤵
  PID:8944
- C:\Windows\System\IQVdRvY.exe
  C:\Windows\System\IQVdRvY.exe
  2⤵
  PID:8960
- C:\Windows\System\rJzjOqj.exe
  C:\Windows\System\rJzjOqj.exe
  2⤵
  PID:8976
- C:\Windows\System\uJzNlGz.exe
  C:\Windows\System\uJzNlGz.exe
  2⤵
  PID:8992
- C:\Windows\System\celEAng.exe
  C:\Windows\System\celEAng.exe
  2⤵
  PID:9008
- C:\Windows\System\RuPNGYt.exe
  C:\Windows\System\RuPNGYt.exe
  2⤵
  PID:9024
- C:\Windows\System\PpRTZHf.exe
  C:\Windows\System\PpRTZHf.exe
  2⤵
  PID:9040
- C:\Windows\System\DYVNcqC.exe
  C:\Windows\System\DYVNcqC.exe
  2⤵
  PID:9056
- C:\Windows\System\vVWmDjq.exe
  C:\Windows\System\vVWmDjq.exe
  2⤵
  PID:9108
- C:\Windows\System\tYgWAYC.exe
  C:\Windows\System\tYgWAYC.exe
  2⤵
  PID:9132
- C:\Windows\System\gBXBinv.exe
  C:\Windows\System\gBXBinv.exe
  2⤵
  PID:9148
- C:\Windows\System\KwulaOh.exe
  C:\Windows\System\KwulaOh.exe
  2⤵
  PID:9164
- C:\Windows\System\wozhvAV.exe
  C:\Windows\System\wozhvAV.exe
  2⤵
  PID:9180
- C:\Windows\System\YBnCtsT.exe
  C:\Windows\System\YBnCtsT.exe
  2⤵
  PID:9200
- C:\Windows\System\YmlQbNK.exe
  C:\Windows\System\YmlQbNK.exe
  2⤵
  PID:7820
- C:\Windows\System\DOSZoTV.exe
  C:\Windows\System\DOSZoTV.exe
  2⤵
  PID:8228
- C:\Windows\System\hAKsKbt.exe
  C:\Windows\System\hAKsKbt.exe
  2⤵
  PID:8296
- C:\Windows\System\sLuykth.exe
  C:\Windows\System\sLuykth.exe
  2⤵
  PID:8240
- C:\Windows\System\HMLPoOv.exe
  C:\Windows\System\HMLPoOv.exe
  2⤵
  PID:8324
- C:\Windows\System\gEbPOmg.exe
  C:\Windows\System\gEbPOmg.exe
  2⤵
  PID:8352
- C:\Windows\System\egROwSR.exe
  C:\Windows\System\egROwSR.exe
  2⤵
  PID:8396
- C:\Windows\System\iBuUzoB.exe
  C:\Windows\System\iBuUzoB.exe
  2⤵
  PID:8436
- C:\Windows\System\UiKHNjl.exe
  C:\Windows\System\UiKHNjl.exe
  2⤵
  PID:8476
- C:\Windows\System\ucZHFOS.exe
  C:\Windows\System\ucZHFOS.exe
  2⤵
  PID:8500
- C:\Windows\System\pDczUQs.exe
  C:\Windows\System\pDczUQs.exe
  2⤵
  PID:8556
- C:\Windows\System\vOiJJbj.exe
  C:\Windows\System\vOiJJbj.exe
  2⤵
  PID:8592
- C:\Windows\System\bCsaEyk.exe
  C:\Windows\System\bCsaEyk.exe
  2⤵
  PID:8568
- C:\Windows\System\hKbeWfb.exe
  C:\Windows\System\hKbeWfb.exe
  2⤵
  PID:8604
- C:\Windows\System\KClhxAV.exe
  C:\Windows\System\KClhxAV.exe
  2⤵
  PID:8612
- C:\Windows\System\KBlgRtL.exe
  C:\Windows\System\KBlgRtL.exe
  2⤵
  PID:8700
- C:\Windows\System\jHbwKrC.exe
  C:\Windows\System\jHbwKrC.exe
  2⤵
  PID:8724
- C:\Windows\System\CbawVBr.exe
  C:\Windows\System\CbawVBr.exe
  2⤵
  PID:8792
- C:\Windows\System\nTbQtIu.exe
  C:\Windows\System\nTbQtIu.exe
  2⤵
  PID:8804
- C:\Windows\System\nstpeNU.exe
  C:\Windows\System\nstpeNU.exe
  2⤵
  PID:8844
- C:\Windows\System\RFXHMNj.exe
  C:\Windows\System\RFXHMNj.exe
  2⤵
  PID:8856
- C:\Windows\System\MUewTCX.exe
  C:\Windows\System\MUewTCX.exe
  2⤵
  PID:8860
- C:\Windows\System\SGXEtmJ.exe
  C:\Windows\System\SGXEtmJ.exe
  2⤵
  PID:8952
- C:\Windows\System\cBJSAtC.exe
  C:\Windows\System\cBJSAtC.exe
  2⤵
  PID:9048
- C:\Windows\System\wVDZNTc.exe
  C:\Windows\System\wVDZNTc.exe
  2⤵
  PID:9116
- C:\Windows\System\OKnMhUV.exe
  C:\Windows\System\OKnMhUV.exe
  2⤵
  PID:8940
- C:\Windows\System\avmdzKx.exe
  C:\Windows\System\avmdzKx.exe
  2⤵
  PID:9000
- C:\Windows\System\YdmhcZo.exe
  C:\Windows\System\YdmhcZo.exe
  2⤵
  PID:9124
- C:\Windows\System\UABlrfp.exe
  C:\Windows\System\UABlrfp.exe
  2⤵
  PID:9080
- C:\Windows\System\WEEQCLF.exe
  C:\Windows\System\WEEQCLF.exe
  2⤵
  PID:9100
- C:\Windows\System\uIXmRIy.exe
  C:\Windows\System\uIXmRIy.exe
  2⤵
  PID:9144
- C:\Windows\System\VUxnJsa.exe
  C:\Windows\System\VUxnJsa.exe
  2⤵
  PID:6056
- C:\Windows\System\EtMUtOU.exe
  C:\Windows\System\EtMUtOU.exe
  2⤵
  PID:8204
- C:\Windows\System\dxfTtpx.exe
  C:\Windows\System\dxfTtpx.exe
  2⤵
  PID:8356
- C:\Windows\System\dRTOyPW.exe
  C:\Windows\System\dRTOyPW.exe
  2⤵
  PID:8320
- C:\Windows\System\jynMPxu.exe
  C:\Windows\System\jynMPxu.exe
  2⤵
  PID:8416
- C:\Windows\System\WtCaNzM.exe
  C:\Windows\System\WtCaNzM.exe
  2⤵
  PID:8488
- C:\Windows\System\WpDQrde.exe
  C:\Windows\System\WpDQrde.exe
  2⤵
  PID:8672
- C:\Windows\System\GoeSCpK.exe
  C:\Windows\System\GoeSCpK.exe
  2⤵
  PID:8684
- C:\Windows\System\hujZjRu.exe
  C:\Windows\System\hujZjRu.exe
  2⤵
  PID:8508
- C:\Windows\System\UILXjDD.exe
  C:\Windows\System\UILXjDD.exe
  2⤵
  PID:8644
- C:\Windows\System\tlNeMIE.exe
  C:\Windows\System\tlNeMIE.exe
  2⤵
  PID:8788
- C:\Windows\System\DcDnGpk.exe
  C:\Windows\System\DcDnGpk.exe
  2⤵
  PID:8896
- C:\Windows\System\ChhTZBQ.exe
  C:\Windows\System\ChhTZBQ.exe
  2⤵
  PID:8852
- C:\Windows\System\udmBbor.exe
  C:\Windows\System\udmBbor.exe
  2⤵
  PID:8988
- C:\Windows\System\kemthyZ.exe
  C:\Windows\System\kemthyZ.exe
  2⤵
  PID:8900
- C:\Windows\System\WydJgho.exe
  C:\Windows\System\WydJgho.exe
  2⤵
  PID:9176
- C:\Windows\System\SshDvbG.exe
  C:\Windows\System\SshDvbG.exe
  2⤵
  PID:8408
- C:\Windows\System\ZyAIdOA.exe
  C:\Windows\System\ZyAIdOA.exe
  2⤵
  PID:8904
- C:\Windows\System\lscWGTO.exe
  C:\Windows\System\lscWGTO.exe
  2⤵
  PID:9160
- C:\Windows\System\bJCTFqj.exe
  C:\Windows\System\bJCTFqj.exe
  2⤵
  PID:9104
- C:\Windows\System\nlkpfxS.exe
  C:\Windows\System\nlkpfxS.exe
  2⤵
  PID:9196
- C:\Windows\System\fyHJbIL.exe
  C:\Windows\System\fyHJbIL.exe
  2⤵
  PID:8316
- C:\Windows\System\zzsQtRM.exe
  C:\Windows\System\zzsQtRM.exe
  2⤵
  PID:8588
- C:\Windows\System\LRRhICs.exe
  C:\Windows\System\LRRhICs.exe
  2⤵
  PID:8692
- C:\Windows\System\hHUGxlS.exe
  C:\Windows\System\hHUGxlS.exe
  2⤵
  PID:8828
- C:\Windows\System\NDGxXih.exe
  C:\Windows\System\NDGxXih.exe
  2⤵
  PID:8736
- C:\Windows\System\QOEsTwg.exe
  C:\Windows\System\QOEsTwg.exe
  2⤵
  PID:8916
- C:\Windows\System\fVZXvbn.exe
  C:\Windows\System\fVZXvbn.exe
  2⤵
  PID:9036
- C:\Windows\System\TpRlrdj.exe
  C:\Windows\System\TpRlrdj.exe
  2⤵
  PID:8280
- C:\Windows\System\zRveRmW.exe
  C:\Windows\System\zRveRmW.exe
  2⤵
  PID:8368
- C:\Windows\System\fUukRpq.exe
  C:\Windows\System\fUukRpq.exe
  2⤵
  PID:8968
- C:\Windows\System\wgthilI.exe
  C:\Windows\System\wgthilI.exe
  2⤵
  PID:8456
- C:\Windows\System\mJLbpDg.exe
  C:\Windows\System\mJLbpDg.exe
  2⤵
  PID:9156
- C:\Windows\System\GnSjYpx.exe
  C:\Windows\System\GnSjYpx.exe
  2⤵
  PID:8884
- C:\Windows\System\DawnZFT.exe
  C:\Windows\System\DawnZFT.exe
  2⤵
  PID:8284
- C:\Windows\System\vIpgvVf.exe
  C:\Windows\System\vIpgvVf.exe
  2⤵
  PID:9016
- C:\Windows\System\ISFikrk.exe
  C:\Windows\System\ISFikrk.exe
  2⤵
  PID:8536
- C:\Windows\System\dcHxRPS.exe
  C:\Windows\System\dcHxRPS.exe
  2⤵
  PID:8332
- C:\Windows\System\arMrGJj.exe
  C:\Windows\System\arMrGJj.exe
  2⤵
  PID:8472
- C:\Windows\System\KLjZGLp.exe
  C:\Windows\System\KLjZGLp.exe
  2⤵
  PID:8460
- C:\Windows\System\fYGotfP.exe
  C:\Windows\System\fYGotfP.exe
  2⤵
  PID:8920
- C:\Windows\System\hpvAsEy.exe
  C:\Windows\System\hpvAsEy.exe
  2⤵
  PID:8388
- C:\Windows\System\BguNvet.exe
  C:\Windows\System\BguNvet.exe
  2⤵
  PID:8572
- C:\Windows\System\ZhVvPOx.exe
  C:\Windows\System\ZhVvPOx.exe
  2⤵
  PID:9224
- C:\Windows\System\IZVsCvA.exe
  C:\Windows\System\IZVsCvA.exe
  2⤵
  PID:9256
- C:\Windows\System\XsDODnr.exe
  C:\Windows\System\XsDODnr.exe
  2⤵
  PID:9272
- C:\Windows\System\gvbIhDD.exe
  C:\Windows\System\gvbIhDD.exe
  2⤵
  PID:9288
- C:\Windows\System\XwKUUmN.exe
  C:\Windows\System\XwKUUmN.exe
  2⤵
  PID:9312
- C:\Windows\System\sivuHxp.exe
  C:\Windows\System\sivuHxp.exe
  2⤵
  PID:9328
- C:\Windows\System\PYjlLkj.exe
  C:\Windows\System\PYjlLkj.exe
  2⤵
  PID:9344
- C:\Windows\System\bVnVpeU.exe
  C:\Windows\System\bVnVpeU.exe
  2⤵
  PID:9364
- C:\Windows\System\Butshtm.exe
  C:\Windows\System\Butshtm.exe
  2⤵
  PID:9380
- C:\Windows\System\JRHrjVG.exe
  C:\Windows\System\JRHrjVG.exe
  2⤵
  PID:9400
- C:\Windows\System\fWdnHzj.exe
  C:\Windows\System\fWdnHzj.exe
  2⤵
  PID:9420
- C:\Windows\System\qtAUtLK.exe
  C:\Windows\System\qtAUtLK.exe
  2⤵
  PID:9436
- C:\Windows\System\rbxnnLs.exe
  C:\Windows\System\rbxnnLs.exe
  2⤵
  PID:9460
- C:\Windows\System\gEeafdE.exe
  C:\Windows\System\gEeafdE.exe
  2⤵
  PID:9480
- C:\Windows\System\FTzZvMe.exe
  C:\Windows\System\FTzZvMe.exe
  2⤵
  PID:9500
- C:\Windows\System\LaanMdw.exe
  C:\Windows\System\LaanMdw.exe
  2⤵
  PID:9516
- C:\Windows\System\XNyXVZX.exe
  C:\Windows\System\XNyXVZX.exe
  2⤵
  PID:9540
- C:\Windows\System\vVgJJtP.exe
  C:\Windows\System\vVgJJtP.exe
  2⤵
  PID:9564
- C:\Windows\System\HFRqPts.exe
  C:\Windows\System\HFRqPts.exe
  2⤵
  PID:9584
- C:\Windows\System\hULyAbZ.exe
  C:\Windows\System\hULyAbZ.exe
  2⤵
  PID:9600
- C:\Windows\System\uaRqBaC.exe
  C:\Windows\System\uaRqBaC.exe
  2⤵
  PID:9628
- C:\Windows\System\RAflAnS.exe
  C:\Windows\System\RAflAnS.exe
  2⤵
  PID:9648
- C:\Windows\System\DlJcEKA.exe
  C:\Windows\System\DlJcEKA.exe
  2⤵
  PID:9668
- C:\Windows\System\aEnesHq.exe
  C:\Windows\System\aEnesHq.exe
  2⤵
  PID:9684
- C:\Windows\System\JVpxDyg.exe
  C:\Windows\System\JVpxDyg.exe
  2⤵
  PID:9720
- C:\Windows\System\RxgvTsO.exe
  C:\Windows\System\RxgvTsO.exe
  2⤵
  PID:9740
- C:\Windows\System\RZHCZpO.exe
  C:\Windows\System\RZHCZpO.exe
  2⤵
  PID:9756
- C:\Windows\System\RGZBJvv.exe
  C:\Windows\System\RGZBJvv.exe
  2⤵
  PID:9776
- C:\Windows\System\bnCruuq.exe
  C:\Windows\System\bnCruuq.exe
  2⤵
  PID:9792
- C:\Windows\System\JqngiqF.exe
  C:\Windows\System\JqngiqF.exe
  2⤵
  PID:9812
- C:\Windows\System\HvnCZBQ.exe
  C:\Windows\System\HvnCZBQ.exe
  2⤵
  PID:9828
- C:\Windows\System\jKjoKPN.exe
  C:\Windows\System\jKjoKPN.exe
  2⤵
  PID:9852
- C:\Windows\System\bFlgWnP.exe
  C:\Windows\System\bFlgWnP.exe
  2⤵
  PID:9868
- C:\Windows\System\QiZvoMD.exe
  C:\Windows\System\QiZvoMD.exe
  2⤵
  PID:9884
- C:\Windows\System\dDxlmsA.exe
  C:\Windows\System\dDxlmsA.exe
  2⤵
  PID:9908
- C:\Windows\System\aLduIId.exe
  C:\Windows\System\aLduIId.exe
  2⤵
  PID:9928
- C:\Windows\System\aFCkPyN.exe
  C:\Windows\System\aFCkPyN.exe
  2⤵
  PID:9956
- C:\Windows\System\podTgfL.exe
  C:\Windows\System\podTgfL.exe
  2⤵
  PID:9972
- C:\Windows\System\FhVOICX.exe
  C:\Windows\System\FhVOICX.exe
  2⤵
  PID:9988
- C:\Windows\System\oeMFBZK.exe
  C:\Windows\System\oeMFBZK.exe
  2⤵
  PID:10012
- C:\Windows\System\osjCJpW.exe
  C:\Windows\System\osjCJpW.exe
  2⤵
  PID:10036
- C:\Windows\System\MByOTpl.exe
  C:\Windows\System\MByOTpl.exe
  2⤵
  PID:10052
- C:\Windows\System\OazzRLW.exe
  C:\Windows\System\OazzRLW.exe
  2⤵
  PID:10072
- C:\Windows\System\ymPsQCl.exe
  C:\Windows\System\ymPsQCl.exe
  2⤵
  PID:10088
- C:\Windows\System\yWSWEPD.exe
  C:\Windows\System\yWSWEPD.exe
  2⤵
  PID:10104
- C:\Windows\System\RHpOmrx.exe
  C:\Windows\System\RHpOmrx.exe
  2⤵
  PID:10124
- C:\Windows\System\RVedQAi.exe
  C:\Windows\System\RVedQAi.exe
  2⤵
  PID:10144
- C:\Windows\System\duOrrnM.exe
  C:\Windows\System\duOrrnM.exe
  2⤵
  PID:10160
- C:\Windows\System\daulnVH.exe
  C:\Windows\System\daulnVH.exe
  2⤵
  PID:10176
- C:\Windows\System\uDxKiNA.exe
  C:\Windows\System\uDxKiNA.exe
  2⤵
  PID:10200
- C:\Windows\System\dQfbmem.exe
  C:\Windows\System\dQfbmem.exe
  2⤵
  PID:10216
- C:\Windows\System\FdMhHKD.exe
  C:\Windows\System\FdMhHKD.exe
  2⤵
  PID:10232
- C:\Windows\System\HwvZiVJ.exe
  C:\Windows\System\HwvZiVJ.exe
  2⤵
  PID:9212
- C:\Windows\System\EMSiyeT.exe
  C:\Windows\System\EMSiyeT.exe
  2⤵
  PID:9268
- C:\Windows\System\OQZYJUz.exe
  C:\Windows\System\OQZYJUz.exe
  2⤵
  PID:9360
- C:\Windows\System\CcZEikb.exe
  C:\Windows\System\CcZEikb.exe
  2⤵
  PID:9428
- C:\Windows\System\GtqloCp.exe
  C:\Windows\System\GtqloCp.exe
  2⤵
  PID:9476
- C:\Windows\System\NPJHYrj.exe
  C:\Windows\System\NPJHYrj.exe
  2⤵
  PID:9552
- C:\Windows\System\yLniodr.exe
  C:\Windows\System\yLniodr.exe
  2⤵
  PID:9596
- C:\Windows\System\aSSVtvG.exe
  C:\Windows\System\aSSVtvG.exe
  2⤵
  PID:9376
- C:\Windows\System\UFdkJsU.exe
  C:\Windows\System\UFdkJsU.exe
  2⤵
  PID:9448
- C:\Windows\System\PxuPVzc.exe
  C:\Windows\System\PxuPVzc.exe
  2⤵
  PID:9340
- C:\Windows\System\zJjdGTP.exe
  C:\Windows\System\zJjdGTP.exe
  2⤵
  PID:9576
- C:\Windows\System\imILuDD.exe
  C:\Windows\System\imILuDD.exe
  2⤵
  PID:9620
- C:\Windows\System\xIDtwzN.exe
  C:\Windows\System\xIDtwzN.exe
  2⤵
  PID:9676
- C:\Windows\System\adCgOKF.exe
  C:\Windows\System\adCgOKF.exe
  2⤵
  PID:9664
- C:\Windows\System\zIKWbdd.exe
  C:\Windows\System\zIKWbdd.exe
  2⤵
  PID:9704
- C:\Windows\System\IltDEWz.exe
  C:\Windows\System\IltDEWz.exe
  2⤵
  PID:9244
- C:\Windows\System\PZKDbJA.exe
  C:\Windows\System\PZKDbJA.exe
  2⤵
  PID:9768
- C:\Windows\System\RaYEqVM.exe
  C:\Windows\System\RaYEqVM.exe
  2⤵
  PID:9800
- C:\Windows\System\khavAsQ.exe
  C:\Windows\System\khavAsQ.exe
  2⤵
  PID:9876
- C:\Windows\System\UaduaAT.exe
  C:\Windows\System\UaduaAT.exe
  2⤵
  PID:9860
- C:\Windows\System\kKRBEed.exe
  C:\Windows\System\kKRBEed.exe
  2⤵
  PID:9924
- C:\Windows\System\kOMTfTd.exe
  C:\Windows\System\kOMTfTd.exe
  2⤵
  PID:9936
- C:\Windows\System\kJXXMyV.exe
  C:\Windows\System\kJXXMyV.exe
  2⤵
  PID:9996
- C:\Windows\System\lChFyIZ.exe
  C:\Windows\System\lChFyIZ.exe
  2⤵
  PID:10080
- C:\Windows\System\gsbamzx.exe
  C:\Windows\System\gsbamzx.exe
  2⤵
  PID:10184
- C:\Windows\System\PFvCsFI.exe
  C:\Windows\System\PFvCsFI.exe
  2⤵
  PID:10224
- C:\Windows\System\fGqszTP.exe
  C:\Windows\System\fGqszTP.exe
  2⤵
  PID:10136
- C:\Windows\System\DgUBMKl.exe
  C:\Windows\System\DgUBMKl.exe
  2⤵
  PID:10064
- C:\Windows\System\ZQEaCbO.exe
  C:\Windows\System\ZQEaCbO.exe
  2⤵
  PID:9980
- C:\Windows\System\mtcjFIG.exe
  C:\Windows\System\mtcjFIG.exe
  2⤵
  PID:9232
- C:\Windows\System\ZZNjtvC.exe
  C:\Windows\System\ZZNjtvC.exe
  2⤵
  PID:9236
- C:\Windows\System\GlsKZJG.exe
  C:\Windows\System\GlsKZJG.exe
  2⤵
  PID:9252
- C:\Windows\System\heTyyVI.exe
  C:\Windows\System\heTyyVI.exe
  2⤵
  PID:9396
- C:\Windows\System\jWcfrvA.exe
  C:\Windows\System\jWcfrvA.exe
  2⤵
  PID:9296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\EIICttC.exe

Filesize
6.0MB

MD5
41e1f09d90f4d74223595644e1ee9ac4

SHA1
769d0f989ddd3d5eb63dcf482a03c98b594971df

SHA256
2336cf0fe2f65e1a0667740f2803cd30f7d78494c788779ac5a6449cd4e94ee2

SHA512
f1752c777af07d96b76f6335673d87d6d4d6665224805e6d086a0e5bc96bb14b0f54b6c2dedaa4b9ab4260f2a90fbe8cb22c0b4bb590a0b698004036694f54ba

Download Submit
C:\Windows\system\EzndfWH.exe

Filesize
6.0MB

MD5
3f17fbc0b4ea935219906791f7e7af6a

SHA1
ec45cfc6179eec3b41f1da487c8387506ce22e43

SHA256
36bc2158cda57c7b04bb21a521ff6c80428c320bc140505379ff2822fb8ffc8f

SHA512
0c4b66ee00b4e822f0d655f475918199872fac7d6af6903ad56d26f339f861fdc6d422a12a80391e8618433272aa03b8dda4345ec1202aa31c2702865a8ab218

Download Submit
C:\Windows\system\FkiKpmQ.exe

Filesize
6.0MB

MD5
114d3943024e0ad5d0b8bf4490bf1154

SHA1
24feb9586c273e7fc98e984ec31ceec9f1daa2c2

SHA256
a7828585c9e1cfb2fe7cee7d0f8d5cf74c30a26a4ff2833ff323e624ff711a5b

SHA512
2405aaeaff15cebf9148a75a692ae28f5bad5489542e10b33001764e08b19d364ecfbaa735f8e395f17640785dbfb946cc7720c09202467e6fbbec8dc49c85b7

Download Submit
C:\Windows\system\GBneiSG.exe

Filesize
6.0MB

MD5
a6d4b442c03334186528503d0d8db1f9

SHA1
c15391d62c9d424c5996f57ae24cc786de231445

SHA256
794e8f7454016568ff863b321041b1b9a07825b957a2bcde2f3fafee13d51f87

SHA512
3db573d5db73831f2d5766d80e296a2e33c42ddbee55302ccc9d5de106559569ca1be8b0eedb7d648d2d1e4e61c3a04400b4deb56e688ca9d0b250a357d1b9ef

Download Submit
C:\Windows\system\GHGWbsc.exe

Filesize
6.0MB

MD5
3b040cc3ad7e9c7dfb03e8c936f01754

SHA1
06fab8797a1faa96d8dfb4cf93294bba2c206c9a

SHA256
819363db3ac0878396829bb11ff24690349c2d7914b93452d0e2ddf0e194ea47

SHA512
28a10dc1d005e2384fc1a2821aeeb43bef7f44e0f09f6865f53d8a17fa3f6361d50bed3449b3d6cb7a463d3d7e0a53e57a5d5c12964fa36e5747c052a8dfbbb4

Download Submit
C:\Windows\system\NHtBUEs.exe

Filesize
6.0MB

MD5
1e5d132175d727c83af320c449822deb

SHA1
200deb162f3f1b0e17fdc3dcdbaec1e18696f9ed

SHA256
f3ae1f7cc24f56885db39cf47d8473061512d2cb868c9f71b0c2a8532efd55a4

SHA512
a12c36d99f375bb793540c4c59f85ed021f85a58cb983eecb25192d20926ac600f5554a35afc5364b79b249bb0240161b012bac62f011ede3a9e3f0b4d9b804e

Download Submit
C:\Windows\system\NPDRQIQ.exe

Filesize
6.0MB

MD5
7a26dad6835b00d76372d7d0e6e3ab24

SHA1
1dfcd529600cef4b59411580cebddcf290a0d1a5

SHA256
53f95821479e2cc6c4b748c120dc5c869d1f2b8e7660fd4e5b90f781ecaeaed1

SHA512
79dccc222cc335c15d70ff0a607efd2d9ba90776a8b66b7fd360198c25c2c07bb66a4f51bd0cdcc9a5d9d7f4f196d9c8bc5504ee7c39acc8e3e7373d345b6cd7

Download Submit
C:\Windows\system\NXpqWil.exe

Filesize
6.0MB

MD5
89ff9cbba8ac12c60c57ad028fbde7f0

SHA1
c750da1ff99d98fbc27da2c3d7fb6effeb92fab3

SHA256
93d5d3c890d3a9f8e11c39478f38e9c913a0735d575fd50d45c51d4ac9a58329

SHA512
0a048ad05fa42fb32cfdfae2020e0eb1d78f9712977646ea61668f2372e359d5a6f5163fa600849f55c2ed59fb8764ae417822da53d3f6d4332383d2500a3f69

Download Submit
C:\Windows\system\PaVbekH.exe

Filesize
6.0MB

MD5
4e589819581c410453896e92d1776606

SHA1
0debb31244f68899fb139e632859e35ce805e65b

SHA256
4556e2b37b725dc6389108b77fc9d932bcc49dccefb4be8e140d2d125ef43b2f

SHA512
bf7116f8f44848ea351d89fa67f1d3940c70e5d46a247510f54d621d83f132ffd4311d82d3f777c1f8560ea051df44e6789b9d3e48223e9ab1fdb6768f1be8d9

Download Submit
C:\Windows\system\QtojZaa.exe

Filesize
6.0MB

MD5
088b4893975c5deb67db3bd44063ea29

SHA1
f49e991591fd7f6581e5b0f1de3b15a1e465de45

SHA256
215ad3366566f43964d744ca9043dbeb62d320acaa5ee49b0af4025751b65eb4

SHA512
88abc42bfc87c138f0cd7a3ce9fb0d16f96d9e5f5e034890179be4882adf8a2d48dfa49e64c073f11c1836b7685d00c67ead2b316d83acc52bf98053499afc38

Download Submit
C:\Windows\system\RMOxHmp.exe

Filesize
6.0MB

MD5
b24fd83c694046a11b27da4f24dd35ca

SHA1
94a425c078977fa4efb2e0c787d24a22c561b894

SHA256
f6270913d0c8d3892cbbb4c9be7d24eab5fe93ccf14eb65be17ea89ae7d07e30

SHA512
465502e843003c48fe178b5d6fd18e1948341044521dedd7ec56419794ed4b59772b46504b93a63e78947ab31be959e19af80932e576813e927d2e92529da870

Download Submit
C:\Windows\system\TWlcxap.exe

Filesize
6.0MB

MD5
7e11aa685c6f3572ab816870c3fdbd09

SHA1
086bfc496d194bcc2042cbcb85f3fbbcf8ec4873

SHA256
7c3e7f5ab88134b94d04bf1678a4a0c20e2d450391a7b6542bc66009b4d9c83c

SHA512
708ab6149880a890f1632962ccc60393f3a9c403d218ac2f6d13b10b27d0f8092d5a55499e7c50c00a2ce7d761db15567b66b28c0813e04eff24ac887a6cdd16

Download Submit
C:\Windows\system\VswOSiQ.exe

Filesize
6.0MB

MD5
52a533517b66cbb6f1a40e8830e11481

SHA1
d272ddd686367f2ec7af3cc0b56429ba6440a2e0

SHA256
2015f3b8310bf664cbe711ff907248b6f03fa436db548a8485d374a2b6e63a0b

SHA512
cd31f35f9b28494a26e3fef3ed2ead86a34a3beb586c6e3df11b5b21f0eddc777c2a7410ae480c9741946df27df8063c9edfdc4f925becc29f5a36bb44f71fab

Download Submit
C:\Windows\system\YcRAjZV.exe

Filesize
6.0MB

MD5
b179a04c7f98f1214a02d1a86644dcd9

SHA1
4595217f144deb8572278695afd0578c4687c5c3

SHA256
81337be0b83da7e251d849def41f4c0ae5aa38db9975f8f1fed3199f98a2b14a

SHA512
5d1bbea2a758e0276873293f12be9eeca21f5a54c1a656c0c7e790829d260c84b252aae1ea51549edddf89819ef382154e49dc10c1e571ea33d70e1aede257f4

Download Submit
C:\Windows\system\cGGfvhb.exe

Filesize
6.0MB

MD5
4a7cc884816c71acc8b630653fa3af49

SHA1
f9d2fad193ae024c07cbd6d18bd2b8cd69e7e593

SHA256
e3d6a90ad34767a3eb22c6480bc304e426d0742560a2deb8193cad2d5227091a

SHA512
8092cd002143d41d5f117675c58e1d3d0224e3d793a993beae41694a687688f493e2d5c72ecbb4ae62da3e175d6825a8b6866575b4725d6ac9b63d95f18e0e65

Download Submit
C:\Windows\system\cPzVRTr.exe

Filesize
6.0MB

MD5
c6036e56690bd9caeefb936e12490853

SHA1
b209ed59ad8666a26a057a95a460ae46e265fff2

SHA256
a56fe59ef8741c3ed32904674698a04c306f3af03da36a8fcf089a112a1ab573

SHA512
d973d12e29404a8a7429cbe2ed2844082e8c3831c0cbadfcf901bddfda92c429845f5feb3e721860fc57fe01688ae563bad7724cace8c4af83b4140b4ae2dcd6

Download Submit
C:\Windows\system\eGXtovH.exe

Filesize
6.0MB

MD5
96553c42b45d557a54557a8e5989328f

SHA1
93247b2f7fdebcf801b89c96365783d5d9e6bc36

SHA256
321c1e2f50c696d40b45f96eedd9a59801364c3ed8ad371fa7c1c3379f4c4408

SHA512
24af9e81cc10421f1ed55cc5ca9da101e139f2aa376f135b9e32de72f2ab421d91516f2abe20b6354780089aaf64db7903116c0feb08347421731c5907a1132f

Download Submit
C:\Windows\system\ejipjwU.exe

Filesize
6.0MB

MD5
c158bca9eed72c89977ffd829a6de404

SHA1
8617d2ca0990497fd59764497ad2ce015abedbb7

SHA256
9ff67342d16dc01fa93df4fe49747e12e7ce63727d958e4acfbc30a26d280b21

SHA512
f4f9c0ede9cbaf978ed49a84dd7469a56f87209142c407abbeb15c792a1b90ec38bb5f03df8810eebfa5a1fe60ad7fa749aa726d789cdcf9bcbf7f4f85fe2b5f

Download Submit
C:\Windows\system\iTNNupD.exe

Filesize
6.0MB

MD5
98be4f91460f9ed6e55088d1caafd869

SHA1
c1049cf6e27de79bd6df47f6e17c9da0933975f7

SHA256
dbc067cd214c384ec7cc7911f5c9a8a63d9d2e9499bb853628e6efe5e174fe6f

SHA512
04a5a3e1dc520631f00376cf559fefeb39b4dd5ca399b7b9abf20f2f32e3bea93e670012cac27d37d1397ebde62d62e1b03da65453d126167612841fc9baaaf5

Download Submit
C:\Windows\system\jzdFyEZ.exe

Filesize
6.0MB

MD5
87335c7263d2cd7666095bbdc7e4f3a6

SHA1
e556982bb3501c94952cd6a0d7ea4a3641593088

SHA256
63e74ea9273ea29a5d568e01c130fa62cad9fca45befcdd65fd111e2b63409c3

SHA512
15b03e6410a5d611b299adcc9346951b590edac8583275649cc355bd45dfb7cad106d836b4a76c5d7f54afe52737588f534a7f3b8d0d302cb0a80c1752a870e5

Download Submit
C:\Windows\system\kYmpcqm.exe

Filesize
6.0MB

MD5
9fee2e10e8e3b532eb86930743acb486

SHA1
e47cbb25ca73473c398ee3e2cdea9562b3bd4f0c

SHA256
640ecbd5c1895176d82bb7219ef0ea1459e443f818c4b55e17beb8de89f30698

SHA512
3421eb2621bc90469e755c156b75441ac79cb44c07900ad3a0660cead8d513e3a3623ba7bf0a0e872fbfcac659cc03c6a26cf1396a74f454ebf79105bbc611c9

Download Submit
C:\Windows\system\kasGyrH.exe

Filesize
6.0MB

MD5
226e98c4ec3ad956d544c92d3588ad7e

SHA1
03d86e97d191947e8e2f111a1c0e8075d475e18b

SHA256
1d7d10eea206137b692a2c104daeed7d1880ef16555fdeee20d0cc3ee48432c1

SHA512
68a02e68d4f163a267e1299ba3a08cb2e43af73dac86084db5ddc8fa795698c4af5e1b90af0eaeeda97193296ca572e692b2645f4bee22131e1b2a081d3a88ee

Download Submit
C:\Windows\system\mMcdgpe.exe

Filesize
6.0MB

MD5
1c53ada092039707f31a2634ca3c8bb2

SHA1
2fc62724fde64300c71227828f31ca30c2a63e97

SHA256
c5a47134b4e2c01134566f3fd3b735e32239e9167c45322b72da43e601f2b4ce

SHA512
c5d487b24fb41408c5a323bc797e50cc28e8761ad7e34bdb67bdf5ecb897cf3af261e5163151ead9c3743d9e7c830ec0d31ca5319e688b63169e2a4260951ba2

Download Submit
C:\Windows\system\oFHdiIT.exe

Filesize
6.0MB

MD5
b7c712c402f2ad0ffb92514b29755c51

SHA1
329477f5f5042902755eb6fc84aa093bacb522f4

SHA256
218ab22b469f89b5b62d0fe9be32c79691ae8fb67f7fbcd6cff603d673d0ff42

SHA512
4d6264b50639dff2b62ca0985ec8fffff7c78a6e280bea2dc5f3a73f99a5422b05d08db6cfa1785a9e97d90829c38fad1519ea34dd5728ab3d61f4a8da2ac63b

Download Submit
C:\Windows\system\oLiVDoh.exe

Filesize
6.0MB

MD5
5259555c492237787e2a3770ee1da299

SHA1
4a2c92007a9b420eb818d92c81823df945f7d3b3

SHA256
759862a0083a1e25d5896000b925364de7230b1baffd23ac493a3583824c686d

SHA512
37f09e6e470c14634948624c7cd22c9f601601afbd2d58c9880efc9932f8b5fbf263fd1c4212541300d8e3c6abb232bc71ca466d3c29bfc0eddc221e2ce1a58b

Download Submit
C:\Windows\system\oxQdPEu.exe

Filesize
6.0MB

MD5
91cff352769445d8067f9cdb9ae8fd92

SHA1
c2224a33a013c6d3536c600d62b66fdffad1ca2d

SHA256
eb7d4053f800f2532a6445f07c663539bb703a86542bb9dfd0d177cd8553555e

SHA512
86822a38600a9a399428380d343b55f39770e9cfed9e416bdd5cddf6abff71f7a7eb56f32b4ae43cc5a21fc356ee441a81b64dee868667881facf0937cd6ff49

Download Submit
C:\Windows\system\pSKAyHz.exe

Filesize
6.0MB

MD5
b02759128db822fe0facc32f611d331a

SHA1
cab02eabe1aaddfaac55f0c273e09fd31ed3e4cb

SHA256
dfeb1d451991cb32a6ac0624194e5f4b53d2f85ff2ca6c332e28284b57afef61

SHA512
c3f733d91d5a771964ba8a31bed3692b301b5589051dca4b0ec0977db5222a73e573769a774b882928386408c1b31eb36bc7a7661e9c0fd617c8a37b54726ba7

Download Submit
C:\Windows\system\svajtks.exe

Filesize
6.0MB

MD5
08dfda1e74781b65b42c068e8a5592f0

SHA1
eadfc9e819e9b288d97b28208620920b66106a26

SHA256
465f5485194fc2b79e63ec39e4011c53f35198cb0704d8131b69d5a307f63932

SHA512
97168f010af38a68ee70fdc20ba731ea2fa415a35a7f14a5c4d7e303148408f87648ab853350e08f5ef79c27655e06c66a0ffed12bde08d26538c3ca826b287f

Download Submit
C:\Windows\system\vKUoFIf.exe

Filesize
6.0MB

MD5
71c22e35e81b3018adbaae5915952496

SHA1
50c35e8594e7f8c54037269e48170ae18a1130fe

SHA256
85bea548d19897d79c8979327f1eef797edd24d007e57438919f0c8baa0450ad

SHA512
cfb485f3daa0a3f7a96b9d27685a7387efd67334f4fb158630ac86f0065fa101ad1042bd35535cc5e2c79c0b28a53897b97d8642b4e44efea590d98d45ec159a

Download Submit
C:\Windows\system\vhHqhjA.exe

Filesize
6.0MB

MD5
5e5b7a28d82b23f674e06e3eebe37386

SHA1
9e30c34df3bc74efa907d0eb877e83a9dbe8fa01

SHA256
72be4ad7b895c8e5f7344b1f4fdea9823e7f5135168032977e92801e39e4b680

SHA512
202800bde8befd4e7f07e76db54831911f388e10e35a933b3a3e54cd170babe2ee36005ebf6a38d49297247316c6b40cc344fe1f9b037713632f977125da60e5

Download Submit
C:\Windows\system\xgdLDky.exe

Filesize
6.0MB

MD5
6fee388fba9081c21330216f850069dc

SHA1
7a656e19b2eddd97bc19d32783c481f4d6bc1589

SHA256
47f9cef07defd7da250a57340091627529c926ec679112c41c49d358fdfc1aee

SHA512
9270528bbb8ac768fe36ae05f0f5fd6c01e7411b555a226b56e74464ff45c43afa93fa28b42e1ed0152b221404598ad77d5fb9bac871b83e482ca4106c93ca32

Download Submit
\Windows\system\GOYazwX.exe

Filesize
6.0MB

MD5
eec416aeb29f54c716656ed2a7c9bfd8

SHA1
9d8b8b118605b36ba06affe78ac2e7ba1f0a9b20

SHA256
08c073ba537dfb97e3d3754052346e0ed5b1aa94248e19338cf94ba4af919508

SHA512
af574bcf7a323e0f3bc45a84439eb50186f764a0df9069b1d8980db00577285115449e36f04d8aabdb40e7d292a055db73b9f8d2d179c7770c7d82927cc06932

Download Submit
memory/1964-1-0x0000000000200000-0x0000000000210000-memory.dmp

Filesize
64KB

Download
memory/1964-448-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-83-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-1089-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-7-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-72-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-71-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-93-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/1964-28-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-97-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-1544-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-274-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-54-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-108-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-107-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/1964-0-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/1964-50-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/1964-42-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/1964-75-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/1964-43-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-40-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/1964-80-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/1964-20-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-778-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2084-4050-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2084-85-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2212-94-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2212-4052-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2240-4049-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2240-84-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2320-4047-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2320-58-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2376-4051-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2376-87-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2544-4044-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2544-35-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2552-51-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2552-4046-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2568-44-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2568-4045-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2640-4043-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2640-29-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2648-4042-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2648-22-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2724-14-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-100-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-1307-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-4053-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-4041-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2896-15-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/3016-86-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-4048-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download