cobaltstrike | b1a802404e31cc83c862a31071252513b0efc94964c6493afbacf54f57b2c82a

Analysis

max time kernel
126s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 04:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

acf29bbbe9ed9939347e11a4807ee76a
SHA1

138fbb35dfca68c3252e085b3d2480703480a917
SHA256

b1a802404e31cc83c862a31071252513b0efc94964c6493afbacf54f57b2c82a
SHA512

d34e4ec8ba99c9883432c8f036df215971a09d4ecddfee4e6a1ec6dd053805fcf57b841a0ec94cb187379b7dffcb0a7be0531131101ed9ce597acda0e3cb45f7
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUn:T+q56utgpPF8u/7n

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
C:\Windows\System\rrMsAOJ.exe	cobalt_reflective_dll
C:\Windows\System\YfhDXlM.exe	cobalt_reflective_dll
C:\Windows\System\LdUuJmK.exe	cobalt_reflective_dll
C:\Windows\System\zgFlFTz.exe	cobalt_reflective_dll
C:\Windows\System\LvijbjQ.exe	cobalt_reflective_dll
C:\Windows\System\dQRFHfI.exe	cobalt_reflective_dll
C:\Windows\System\ZiSgEWw.exe	cobalt_reflective_dll
C:\Windows\System\lKIXBiJ.exe	cobalt_reflective_dll
C:\Windows\System\EPWilsi.exe	cobalt_reflective_dll
C:\Windows\System\qlIiBmu.exe	cobalt_reflective_dll
C:\Windows\System\nkgYyLc.exe	cobalt_reflective_dll
C:\Windows\System\PDETAPM.exe	cobalt_reflective_dll
C:\Windows\System\pTlipVL.exe	cobalt_reflective_dll
C:\Windows\System\izVgGQa.exe	cobalt_reflective_dll
C:\Windows\System\cOYbLNV.exe	cobalt_reflective_dll
C:\Windows\System\izDBZON.exe	cobalt_reflective_dll
C:\Windows\System\fiIqYTN.exe	cobalt_reflective_dll
C:\Windows\System\VEfiDBN.exe	cobalt_reflective_dll
C:\Windows\System\HAYPQNG.exe	cobalt_reflective_dll
C:\Windows\System\dNrQSDF.exe	cobalt_reflective_dll
C:\Windows\System\mHqIonC.exe	cobalt_reflective_dll
C:\Windows\System\NGtOAbu.exe	cobalt_reflective_dll
C:\Windows\System\YzrTeST.exe	cobalt_reflective_dll
C:\Windows\System\eDLUwVB.exe	cobalt_reflective_dll
C:\Windows\System\HjMAXDh.exe	cobalt_reflective_dll
C:\Windows\System\PUUwIug.exe	cobalt_reflective_dll
C:\Windows\System\SASxKna.exe	cobalt_reflective_dll
C:\Windows\System\IIdiuqa.exe	cobalt_reflective_dll
C:\Windows\System\XKyRdIk.exe	cobalt_reflective_dll
C:\Windows\System\aDgMTuJ.exe	cobalt_reflective_dll
C:\Windows\System\wxrPjhG.exe	cobalt_reflective_dll
C:\Windows\System\KXLQitu.exe	cobalt_reflective_dll
C:\Windows\System\OEPaYKn.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/4892-0-0x00007FF7E5150000-0x00007FF7E54A4000-memory.dmp	xmrig
C:\Windows\System\rrMsAOJ.exe	xmrig
behavioral2/memory/1640-7-0x00007FF604550000-0x00007FF6048A4000-memory.dmp	xmrig
C:\Windows\System\YfhDXlM.exe	xmrig
behavioral2/memory/4260-20-0x00007FF6832C0000-0x00007FF683614000-memory.dmp	xmrig
C:\Windows\System\LdUuJmK.exe	xmrig
behavioral2/memory/4472-37-0x00007FF68D390000-0x00007FF68D6E4000-memory.dmp	xmrig
C:\Windows\System\zgFlFTz.exe	xmrig
C:\Windows\System\LvijbjQ.exe	xmrig
C:\Windows\System\dQRFHfI.exe	xmrig
C:\Windows\System\ZiSgEWw.exe	xmrig
C:\Windows\System\lKIXBiJ.exe	xmrig
C:\Windows\System\EPWilsi.exe	xmrig
C:\Windows\System\qlIiBmu.exe	xmrig
C:\Windows\System\nkgYyLc.exe	xmrig
behavioral2/memory/3360-413-0x00007FF651BF0000-0x00007FF651F44000-memory.dmp	xmrig
behavioral2/memory/3208-811-0x00007FF786090000-0x00007FF7863E4000-memory.dmp	xmrig
behavioral2/memory/4520-821-0x00007FF6342D0000-0x00007FF634624000-memory.dmp	xmrig
behavioral2/memory/5084-824-0x00007FF6416F0000-0x00007FF641A44000-memory.dmp	xmrig
behavioral2/memory/2736-823-0x00007FF786EF0000-0x00007FF787244000-memory.dmp	xmrig
behavioral2/memory/4000-822-0x00007FF78A330000-0x00007FF78A684000-memory.dmp	xmrig
behavioral2/memory/3668-820-0x00007FF759A90000-0x00007FF759DE4000-memory.dmp	xmrig
behavioral2/memory/1388-819-0x00007FF7D9B00000-0x00007FF7D9E54000-memory.dmp	xmrig
behavioral2/memory/1592-818-0x00007FF602660000-0x00007FF6029B4000-memory.dmp	xmrig
behavioral2/memory/1772-817-0x00007FF6F49A0000-0x00007FF6F4CF4000-memory.dmp	xmrig
behavioral2/memory/1656-816-0x00007FF7A47D0000-0x00007FF7A4B24000-memory.dmp	xmrig
behavioral2/memory/4544-815-0x00007FF641CF0000-0x00007FF642044000-memory.dmp	xmrig
behavioral2/memory/3296-814-0x00007FF606530000-0x00007FF606884000-memory.dmp	xmrig
behavioral2/memory/3084-813-0x00007FF6D8090000-0x00007FF6D83E4000-memory.dmp	xmrig
behavioral2/memory/4844-812-0x00007FF760FC0000-0x00007FF761314000-memory.dmp	xmrig
behavioral2/memory/4564-810-0x00007FF686230000-0x00007FF686584000-memory.dmp	xmrig
behavioral2/memory/2128-809-0x00007FF740560000-0x00007FF7408B4000-memory.dmp	xmrig
behavioral2/memory/4024-808-0x00007FF7BCB80000-0x00007FF7BCED4000-memory.dmp	xmrig
behavioral2/memory/2888-807-0x00007FF702F10000-0x00007FF703264000-memory.dmp	xmrig
behavioral2/memory/772-806-0x00007FF7325F0000-0x00007FF732944000-memory.dmp	xmrig
behavioral2/memory/2336-805-0x00007FF7CA370000-0x00007FF7CA6C4000-memory.dmp	xmrig
behavioral2/memory/2324-799-0x00007FF663240000-0x00007FF663594000-memory.dmp	xmrig
behavioral2/memory/3992-798-0x00007FF7CAC40000-0x00007FF7CAF94000-memory.dmp	xmrig
C:\Windows\System\PDETAPM.exe	xmrig
C:\Windows\System\pTlipVL.exe	xmrig
C:\Windows\System\izVgGQa.exe	xmrig
C:\Windows\System\cOYbLNV.exe	xmrig
C:\Windows\System\izDBZON.exe	xmrig
C:\Windows\System\fiIqYTN.exe	xmrig
C:\Windows\System\VEfiDBN.exe	xmrig
C:\Windows\System\HAYPQNG.exe	xmrig
C:\Windows\System\dNrQSDF.exe	xmrig
C:\Windows\System\mHqIonC.exe	xmrig
C:\Windows\System\NGtOAbu.exe	xmrig
C:\Windows\System\YzrTeST.exe	xmrig
C:\Windows\System\eDLUwVB.exe	xmrig
C:\Windows\System\HjMAXDh.exe	xmrig
C:\Windows\System\PUUwIug.exe	xmrig
C:\Windows\System\SASxKna.exe	xmrig
C:\Windows\System\IIdiuqa.exe	xmrig
C:\Windows\System\XKyRdIk.exe	xmrig
C:\Windows\System\aDgMTuJ.exe	xmrig
behavioral2/memory/2992-42-0x00007FF6947A0000-0x00007FF694AF4000-memory.dmp	xmrig
C:\Windows\System\wxrPjhG.exe	xmrig
behavioral2/memory/1176-29-0x00007FF7A2E70000-0x00007FF7A31C4000-memory.dmp	xmrig
C:\Windows\System\KXLQitu.exe	xmrig
behavioral2/memory/3508-16-0x00007FF73BAA0000-0x00007FF73BDF4000-memory.dmp	xmrig
C:\Windows\System\OEPaYKn.exe	xmrig
behavioral2/memory/4892-953-0x00007FF7E5150000-0x00007FF7E54A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

rrMsAOJ.exeOEPaYKn.exeYfhDXlM.exeKXLQitu.exeLdUuJmK.exewxrPjhG.exeXKyRdIk.exezgFlFTz.exeaDgMTuJ.exeIIdiuqa.exeSASxKna.exeLvijbjQ.exedQRFHfI.exePUUwIug.exeZiSgEWw.exeHjMAXDh.exelKIXBiJ.exeeDLUwVB.exeYzrTeST.exeNGtOAbu.exemHqIonC.exeEPWilsi.exedNrQSDF.exeHAYPQNG.exeVEfiDBN.exefiIqYTN.exeqlIiBmu.exeizDBZON.execOYbLNV.exeizVgGQa.exepTlipVL.exenkgYyLc.exePDETAPM.exeHitOhRy.exeLeydITm.exeLyffGQB.exeXPqOIbJ.exefWgWAWf.exemqVyFWO.exeSwHFFNt.exePXjVDbw.exeKmHfKcE.exeowZrbmB.exeLPAwytd.exeadYWVpX.exeYWDXpgQ.exerXXRDKw.exeVdGhrSd.exeYoEEYjC.exehMuaMGT.exezCmcamN.exeUgvPACl.exekXdcpLs.exerVPydQF.execBLFWXy.exetbAxCEX.exeZZhCVCk.exeSYGZFzI.exeVBsuaXz.exeBMVwJUL.exeYWhmXFT.exeLYqXbsR.exeXtuBXEN.execzsUspz.exe

pid	process
1640	rrMsAOJ.exe
3508	OEPaYKn.exe
4260	YfhDXlM.exe
1176	KXLQitu.exe
4472	LdUuJmK.exe
2992	wxrPjhG.exe
4000	XKyRdIk.exe
2736	zgFlFTz.exe
3360	aDgMTuJ.exe
5084	IIdiuqa.exe
3992	SASxKna.exe
2324	LvijbjQ.exe
2336	dQRFHfI.exe
772	PUUwIug.exe
2888	ZiSgEWw.exe
4024	HjMAXDh.exe
2128	lKIXBiJ.exe
4564	eDLUwVB.exe
3208	YzrTeST.exe
4844	NGtOAbu.exe
3084	mHqIonC.exe
3296	EPWilsi.exe
4544	dNrQSDF.exe
1656	HAYPQNG.exe
1772	VEfiDBN.exe
1592	fiIqYTN.exe
1388	qlIiBmu.exe
3668	izDBZON.exe
4520	cOYbLNV.exe
2084	izVgGQa.exe
2840	pTlipVL.exe
4884	nkgYyLc.exe
2052	PDETAPM.exe
1532	HitOhRy.exe
1692	LeydITm.exe
3128	LyffGQB.exe
1584	XPqOIbJ.exe
3684	fWgWAWf.exe
2928	mqVyFWO.exe
1044	SwHFFNt.exe
5020	PXjVDbw.exe
1456	KmHfKcE.exe
3928	owZrbmB.exe
3520	LPAwytd.exe
1716	adYWVpX.exe
4388	YWDXpgQ.exe
1580	rXXRDKw.exe
60	VdGhrSd.exe
3160	YoEEYjC.exe
3168	hMuaMGT.exe
2060	zCmcamN.exe
1060	UgvPACl.exe
1792	kXdcpLs.exe
4340	rVPydQF.exe
3572	cBLFWXy.exe
4360	tbAxCEX.exe
1600	ZZhCVCk.exe
1976	SYGZFzI.exe
3920	VBsuaXz.exe
3596	BMVwJUL.exe
4308	YWhmXFT.exe
4132	LYqXbsR.exe
4720	XtuBXEN.exe
1764	czsUspz.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4892-0-0x00007FF7E5150000-0x00007FF7E54A4000-memory.dmp	upx
C:\Windows\System\rrMsAOJ.exe	upx
behavioral2/memory/1640-7-0x00007FF604550000-0x00007FF6048A4000-memory.dmp	upx
C:\Windows\System\YfhDXlM.exe	upx
behavioral2/memory/4260-20-0x00007FF6832C0000-0x00007FF683614000-memory.dmp	upx
C:\Windows\System\LdUuJmK.exe	upx
behavioral2/memory/4472-37-0x00007FF68D390000-0x00007FF68D6E4000-memory.dmp	upx
C:\Windows\System\zgFlFTz.exe	upx
C:\Windows\System\LvijbjQ.exe	upx
C:\Windows\System\dQRFHfI.exe	upx
C:\Windows\System\ZiSgEWw.exe	upx
C:\Windows\System\lKIXBiJ.exe	upx
C:\Windows\System\EPWilsi.exe	upx
C:\Windows\System\qlIiBmu.exe	upx
C:\Windows\System\nkgYyLc.exe	upx
behavioral2/memory/3360-413-0x00007FF651BF0000-0x00007FF651F44000-memory.dmp	upx
behavioral2/memory/3208-811-0x00007FF786090000-0x00007FF7863E4000-memory.dmp	upx
behavioral2/memory/4520-821-0x00007FF6342D0000-0x00007FF634624000-memory.dmp	upx
behavioral2/memory/5084-824-0x00007FF6416F0000-0x00007FF641A44000-memory.dmp	upx
behavioral2/memory/2736-823-0x00007FF786EF0000-0x00007FF787244000-memory.dmp	upx
behavioral2/memory/4000-822-0x00007FF78A330000-0x00007FF78A684000-memory.dmp	upx
behavioral2/memory/3668-820-0x00007FF759A90000-0x00007FF759DE4000-memory.dmp	upx
behavioral2/memory/1388-819-0x00007FF7D9B00000-0x00007FF7D9E54000-memory.dmp	upx
behavioral2/memory/1592-818-0x00007FF602660000-0x00007FF6029B4000-memory.dmp	upx
behavioral2/memory/1772-817-0x00007FF6F49A0000-0x00007FF6F4CF4000-memory.dmp	upx
behavioral2/memory/1656-816-0x00007FF7A47D0000-0x00007FF7A4B24000-memory.dmp	upx
behavioral2/memory/4544-815-0x00007FF641CF0000-0x00007FF642044000-memory.dmp	upx
behavioral2/memory/3296-814-0x00007FF606530000-0x00007FF606884000-memory.dmp	upx
behavioral2/memory/3084-813-0x00007FF6D8090000-0x00007FF6D83E4000-memory.dmp	upx
behavioral2/memory/4844-812-0x00007FF760FC0000-0x00007FF761314000-memory.dmp	upx
behavioral2/memory/4564-810-0x00007FF686230000-0x00007FF686584000-memory.dmp	upx
behavioral2/memory/2128-809-0x00007FF740560000-0x00007FF7408B4000-memory.dmp	upx
behavioral2/memory/4024-808-0x00007FF7BCB80000-0x00007FF7BCED4000-memory.dmp	upx
behavioral2/memory/2888-807-0x00007FF702F10000-0x00007FF703264000-memory.dmp	upx
behavioral2/memory/772-806-0x00007FF7325F0000-0x00007FF732944000-memory.dmp	upx
behavioral2/memory/2336-805-0x00007FF7CA370000-0x00007FF7CA6C4000-memory.dmp	upx
behavioral2/memory/2324-799-0x00007FF663240000-0x00007FF663594000-memory.dmp	upx
behavioral2/memory/3992-798-0x00007FF7CAC40000-0x00007FF7CAF94000-memory.dmp	upx
C:\Windows\System\PDETAPM.exe	upx
C:\Windows\System\pTlipVL.exe	upx
C:\Windows\System\izVgGQa.exe	upx
C:\Windows\System\cOYbLNV.exe	upx
C:\Windows\System\izDBZON.exe	upx
C:\Windows\System\fiIqYTN.exe	upx
C:\Windows\System\VEfiDBN.exe	upx
C:\Windows\System\HAYPQNG.exe	upx
C:\Windows\System\dNrQSDF.exe	upx
C:\Windows\System\mHqIonC.exe	upx
C:\Windows\System\NGtOAbu.exe	upx
C:\Windows\System\YzrTeST.exe	upx
C:\Windows\System\eDLUwVB.exe	upx
C:\Windows\System\HjMAXDh.exe	upx
C:\Windows\System\PUUwIug.exe	upx
C:\Windows\System\SASxKna.exe	upx
C:\Windows\System\IIdiuqa.exe	upx
C:\Windows\System\XKyRdIk.exe	upx
C:\Windows\System\aDgMTuJ.exe	upx
behavioral2/memory/2992-42-0x00007FF6947A0000-0x00007FF694AF4000-memory.dmp	upx
C:\Windows\System\wxrPjhG.exe	upx
behavioral2/memory/1176-29-0x00007FF7A2E70000-0x00007FF7A31C4000-memory.dmp	upx
C:\Windows\System\KXLQitu.exe	upx
behavioral2/memory/3508-16-0x00007FF73BAA0000-0x00007FF73BDF4000-memory.dmp	upx
C:\Windows\System\OEPaYKn.exe	upx
behavioral2/memory/4892-953-0x00007FF7E5150000-0x00007FF7E54A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\HjMAXDh.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ahznCRi.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MwqLsjz.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XPqOIbJ.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NQQdOtY.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AEwuJYa.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dzyvBll.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hYQOfmU.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qVWfUOZ.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gPjmiXQ.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NReFrGN.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OiHxcQP.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rPkwMaA.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iRHeEAE.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VyTsZLc.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vaDcvFx.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PIfTjBE.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZpwUOIg.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nWXbVTY.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qPaBPfw.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UgvPACl.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VtzGXBb.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BPyIJkW.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eBxyLEi.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eWvZRTZ.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LAhhCHl.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HFEPJQX.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hRbBkRZ.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aVGJTvF.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NwFUEuo.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UOjVOcX.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JPVQmeC.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oeBdsvL.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zNTvqej.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BCkejeq.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YZzmLMe.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BcrIhet.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oWdLzKT.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KXLQitu.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pAviTpF.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\objEYWg.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OnhNvbn.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GhbBZvA.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eCIyQbD.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PGLrBNK.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UzFsjap.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EuUptOY.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LUivxIB.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WbxDPkS.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nLZbprW.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EsFsFGw.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pmqNJip.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kacKBOk.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\izDBZON.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LWWHyzU.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tnAYOtD.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nZJxafU.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KoLHDPG.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\paUpuJc.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WbRhaCK.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IWTgzqr.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zOaLGPD.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ifZyyEO.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cihPjqR.exe	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 4892 wrote to memory of 1640	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	rrMsAOJ.exe
PID 4892 wrote to memory of 1640	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	rrMsAOJ.exe
PID 4892 wrote to memory of 3508	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	OEPaYKn.exe
PID 4892 wrote to memory of 3508	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	OEPaYKn.exe
PID 4892 wrote to memory of 4260	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	YfhDXlM.exe
PID 4892 wrote to memory of 4260	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	YfhDXlM.exe
PID 4892 wrote to memory of 1176	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	KXLQitu.exe
PID 4892 wrote to memory of 1176	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	KXLQitu.exe
PID 4892 wrote to memory of 4472	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	LdUuJmK.exe
PID 4892 wrote to memory of 4472	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	LdUuJmK.exe
PID 4892 wrote to memory of 2992	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	wxrPjhG.exe
PID 4892 wrote to memory of 2992	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	wxrPjhG.exe
PID 4892 wrote to memory of 4000	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	XKyRdIk.exe
PID 4892 wrote to memory of 4000	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	XKyRdIk.exe
PID 4892 wrote to memory of 2736	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	zgFlFTz.exe
PID 4892 wrote to memory of 2736	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	zgFlFTz.exe
PID 4892 wrote to memory of 3360	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	aDgMTuJ.exe
PID 4892 wrote to memory of 3360	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	aDgMTuJ.exe
PID 4892 wrote to memory of 5084	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	IIdiuqa.exe
PID 4892 wrote to memory of 5084	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	IIdiuqa.exe
PID 4892 wrote to memory of 3992	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	SASxKna.exe
PID 4892 wrote to memory of 3992	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	SASxKna.exe
PID 4892 wrote to memory of 2324	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	LvijbjQ.exe
PID 4892 wrote to memory of 2324	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	LvijbjQ.exe
PID 4892 wrote to memory of 2336	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	dQRFHfI.exe
PID 4892 wrote to memory of 2336	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	dQRFHfI.exe
PID 4892 wrote to memory of 772	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	PUUwIug.exe
PID 4892 wrote to memory of 772	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	PUUwIug.exe
PID 4892 wrote to memory of 2888	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	ZiSgEWw.exe
PID 4892 wrote to memory of 2888	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	ZiSgEWw.exe
PID 4892 wrote to memory of 4024	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	HjMAXDh.exe
PID 4892 wrote to memory of 4024	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	HjMAXDh.exe
PID 4892 wrote to memory of 2128	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	lKIXBiJ.exe
PID 4892 wrote to memory of 2128	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	lKIXBiJ.exe
PID 4892 wrote to memory of 4564	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	eDLUwVB.exe
PID 4892 wrote to memory of 4564	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	eDLUwVB.exe
PID 4892 wrote to memory of 3208	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	YzrTeST.exe
PID 4892 wrote to memory of 3208	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	YzrTeST.exe
PID 4892 wrote to memory of 4844	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	NGtOAbu.exe
PID 4892 wrote to memory of 4844	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	NGtOAbu.exe
PID 4892 wrote to memory of 3084	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	mHqIonC.exe
PID 4892 wrote to memory of 3084	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	mHqIonC.exe
PID 4892 wrote to memory of 3296	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	EPWilsi.exe
PID 4892 wrote to memory of 3296	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	EPWilsi.exe
PID 4892 wrote to memory of 4544	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	dNrQSDF.exe
PID 4892 wrote to memory of 4544	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	dNrQSDF.exe
PID 4892 wrote to memory of 1656	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	HAYPQNG.exe
PID 4892 wrote to memory of 1656	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	HAYPQNG.exe
PID 4892 wrote to memory of 1772	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	VEfiDBN.exe
PID 4892 wrote to memory of 1772	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	VEfiDBN.exe
PID 4892 wrote to memory of 1592	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	fiIqYTN.exe
PID 4892 wrote to memory of 1592	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	fiIqYTN.exe
PID 4892 wrote to memory of 1388	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	qlIiBmu.exe
PID 4892 wrote to memory of 1388	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	qlIiBmu.exe
PID 4892 wrote to memory of 3668	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	izDBZON.exe
PID 4892 wrote to memory of 3668	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	izDBZON.exe
PID 4892 wrote to memory of 4520	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	cOYbLNV.exe
PID 4892 wrote to memory of 4520	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	cOYbLNV.exe
PID 4892 wrote to memory of 2084	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	izVgGQa.exe
PID 4892 wrote to memory of 2084	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	izVgGQa.exe
PID 4892 wrote to memory of 2840	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	pTlipVL.exe
PID 4892 wrote to memory of 2840	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	pTlipVL.exe
PID 4892 wrote to memory of 4884	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	nkgYyLc.exe
PID 4892 wrote to memory of 4884	4892	2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe	nkgYyLc.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-21_acf29bbbe9ed9939347e11a4807ee76a_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4892
- C:\Windows\System\rrMsAOJ.exe
  C:\Windows\System\rrMsAOJ.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\OEPaYKn.exe
  C:\Windows\System\OEPaYKn.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\YfhDXlM.exe
  C:\Windows\System\YfhDXlM.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\KXLQitu.exe
  C:\Windows\System\KXLQitu.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\LdUuJmK.exe
  C:\Windows\System\LdUuJmK.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\wxrPjhG.exe
  C:\Windows\System\wxrPjhG.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\XKyRdIk.exe
  C:\Windows\System\XKyRdIk.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System\zgFlFTz.exe
  C:\Windows\System\zgFlFTz.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\aDgMTuJ.exe
  C:\Windows\System\aDgMTuJ.exe
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Windows\System\IIdiuqa.exe
  C:\Windows\System\IIdiuqa.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\SASxKna.exe
  C:\Windows\System\SASxKna.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\LvijbjQ.exe
  C:\Windows\System\LvijbjQ.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\dQRFHfI.exe
  C:\Windows\System\dQRFHfI.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\PUUwIug.exe
  C:\Windows\System\PUUwIug.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\ZiSgEWw.exe
  C:\Windows\System\ZiSgEWw.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\HjMAXDh.exe
  C:\Windows\System\HjMAXDh.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\lKIXBiJ.exe
  C:\Windows\System\lKIXBiJ.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\eDLUwVB.exe
  C:\Windows\System\eDLUwVB.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\YzrTeST.exe
  C:\Windows\System\YzrTeST.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\NGtOAbu.exe
  C:\Windows\System\NGtOAbu.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\mHqIonC.exe
  C:\Windows\System\mHqIonC.exe
  2⤵
  - Executes dropped EXE
  PID:3084
- C:\Windows\System\EPWilsi.exe
  C:\Windows\System\EPWilsi.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\dNrQSDF.exe
  C:\Windows\System\dNrQSDF.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\HAYPQNG.exe
  C:\Windows\System\HAYPQNG.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\VEfiDBN.exe
  C:\Windows\System\VEfiDBN.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\fiIqYTN.exe
  C:\Windows\System\fiIqYTN.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\qlIiBmu.exe
  C:\Windows\System\qlIiBmu.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\izDBZON.exe
  C:\Windows\System\izDBZON.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\cOYbLNV.exe
  C:\Windows\System\cOYbLNV.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\izVgGQa.exe
  C:\Windows\System\izVgGQa.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\pTlipVL.exe
  C:\Windows\System\pTlipVL.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\nkgYyLc.exe
  C:\Windows\System\nkgYyLc.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\PDETAPM.exe
  C:\Windows\System\PDETAPM.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\HitOhRy.exe
  C:\Windows\System\HitOhRy.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\LeydITm.exe
  C:\Windows\System\LeydITm.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\LyffGQB.exe
  C:\Windows\System\LyffGQB.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\XPqOIbJ.exe
  C:\Windows\System\XPqOIbJ.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\fWgWAWf.exe
  C:\Windows\System\fWgWAWf.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\mqVyFWO.exe
  C:\Windows\System\mqVyFWO.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\SwHFFNt.exe
  C:\Windows\System\SwHFFNt.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\PXjVDbw.exe
  C:\Windows\System\PXjVDbw.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\KmHfKcE.exe
  C:\Windows\System\KmHfKcE.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\owZrbmB.exe
  C:\Windows\System\owZrbmB.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\LPAwytd.exe
  C:\Windows\System\LPAwytd.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\adYWVpX.exe
  C:\Windows\System\adYWVpX.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\YWDXpgQ.exe
  C:\Windows\System\YWDXpgQ.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\rXXRDKw.exe
  C:\Windows\System\rXXRDKw.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\VdGhrSd.exe
  C:\Windows\System\VdGhrSd.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\YoEEYjC.exe
  C:\Windows\System\YoEEYjC.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\hMuaMGT.exe
  C:\Windows\System\hMuaMGT.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System\zCmcamN.exe
  C:\Windows\System\zCmcamN.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\UgvPACl.exe
  C:\Windows\System\UgvPACl.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\kXdcpLs.exe
  C:\Windows\System\kXdcpLs.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\rVPydQF.exe
  C:\Windows\System\rVPydQF.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\cBLFWXy.exe
  C:\Windows\System\cBLFWXy.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System\tbAxCEX.exe
  C:\Windows\System\tbAxCEX.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\ZZhCVCk.exe
  C:\Windows\System\ZZhCVCk.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\SYGZFzI.exe
  C:\Windows\System\SYGZFzI.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\VBsuaXz.exe
  C:\Windows\System\VBsuaXz.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\BMVwJUL.exe
  C:\Windows\System\BMVwJUL.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\YWhmXFT.exe
  C:\Windows\System\YWhmXFT.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System\LYqXbsR.exe
  C:\Windows\System\LYqXbsR.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System\XtuBXEN.exe
  C:\Windows\System\XtuBXEN.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\czsUspz.exe
  C:\Windows\System\czsUspz.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\uceOCYM.exe
  C:\Windows\System\uceOCYM.exe
  2⤵
  PID:1128
- C:\Windows\System\qkjLkxE.exe
  C:\Windows\System\qkjLkxE.exe
  2⤵
  PID:2140
- C:\Windows\System\OAzYTNz.exe
  C:\Windows\System\OAzYTNz.exe
  2⤵
  PID:2900
- C:\Windows\System\WBZiSnB.exe
  C:\Windows\System\WBZiSnB.exe
  2⤵
  PID:4496
- C:\Windows\System\RxsGMrG.exe
  C:\Windows\System\RxsGMrG.exe
  2⤵
  PID:652
- C:\Windows\System\eOnqfPx.exe
  C:\Windows\System\eOnqfPx.exe
  2⤵
  PID:3280
- C:\Windows\System\oIaSiHt.exe
  C:\Windows\System\oIaSiHt.exe
  2⤵
  PID:3924
- C:\Windows\System\BNwoYsd.exe
  C:\Windows\System\BNwoYsd.exe
  2⤵
  PID:3692
- C:\Windows\System\KXBIwJR.exe
  C:\Windows\System\KXBIwJR.exe
  2⤵
  PID:1892
- C:\Windows\System\PlKVdnq.exe
  C:\Windows\System\PlKVdnq.exe
  2⤵
  PID:1240
- C:\Windows\System\XzgBgoH.exe
  C:\Windows\System\XzgBgoH.exe
  2⤵
  PID:3308
- C:\Windows\System\ndMYSxL.exe
  C:\Windows\System\ndMYSxL.exe
  2⤵
  PID:1348
- C:\Windows\System\dyrDjQh.exe
  C:\Windows\System\dyrDjQh.exe
  2⤵
  PID:4596
- C:\Windows\System\JTCHekC.exe
  C:\Windows\System\JTCHekC.exe
  2⤵
  PID:2028
- C:\Windows\System\UZAJHsQ.exe
  C:\Windows\System\UZAJHsQ.exe
  2⤵
  PID:2784
- C:\Windows\System\LVmsaOS.exe
  C:\Windows\System\LVmsaOS.exe
  2⤵
  PID:4524
- C:\Windows\System\FwhHXda.exe
  C:\Windows\System\FwhHXda.exe
  2⤵
  PID:5036
- C:\Windows\System\RPhbiRy.exe
  C:\Windows\System\RPhbiRy.exe
  2⤵
  PID:5100
- C:\Windows\System\jmxLaFl.exe
  C:\Windows\System\jmxLaFl.exe
  2⤵
  PID:880
- C:\Windows\System\IiFzSQC.exe
  C:\Windows\System\IiFzSQC.exe
  2⤵
  PID:4052
- C:\Windows\System\fvbxAwW.exe
  C:\Windows\System\fvbxAwW.exe
  2⤵
  PID:1120
- C:\Windows\System\AEJGVeO.exe
  C:\Windows\System\AEJGVeO.exe
  2⤵
  PID:1316
- C:\Windows\System\ARsoBPN.exe
  C:\Windows\System\ARsoBPN.exe
  2⤵
  PID:1508
- C:\Windows\System\BmJcxnA.exe
  C:\Windows\System\BmJcxnA.exe
  2⤵
  PID:488
- C:\Windows\System\DVohJOP.exe
  C:\Windows\System\DVohJOP.exe
  2⤵
  PID:1448
- C:\Windows\System\KcIYqTx.exe
  C:\Windows\System\KcIYqTx.exe
  2⤵
  PID:2340
- C:\Windows\System\EWtgeqU.exe
  C:\Windows\System\EWtgeqU.exe
  2⤵
  PID:3792
- C:\Windows\System\pmOsZRw.exe
  C:\Windows\System\pmOsZRw.exe
  2⤵
  PID:2184
- C:\Windows\System\EttvOjj.exe
  C:\Windows\System\EttvOjj.exe
  2⤵
  PID:3660
- C:\Windows\System\DzUxZPv.exe
  C:\Windows\System\DzUxZPv.exe
  2⤵
  PID:1828
- C:\Windows\System\mfuYsjh.exe
  C:\Windows\System\mfuYsjh.exe
  2⤵
  PID:1460
- C:\Windows\System\uJTZiPM.exe
  C:\Windows\System\uJTZiPM.exe
  2⤵
  PID:2508
- C:\Windows\System\qTWuzAB.exe
  C:\Windows\System\qTWuzAB.exe
  2⤵
  PID:2040
- C:\Windows\System\vdPhgUO.exe
  C:\Windows\System\vdPhgUO.exe
  2⤵
  PID:5152
- C:\Windows\System\zmeXqIY.exe
  C:\Windows\System\zmeXqIY.exe
  2⤵
  PID:5176
- C:\Windows\System\ECrFwGm.exe
  C:\Windows\System\ECrFwGm.exe
  2⤵
  PID:5216
- C:\Windows\System\YRtacDi.exe
  C:\Windows\System\YRtacDi.exe
  2⤵
  PID:5232
- C:\Windows\System\ORQuBnr.exe
  C:\Windows\System\ORQuBnr.exe
  2⤵
  PID:5260
- C:\Windows\System\ahtSuqQ.exe
  C:\Windows\System\ahtSuqQ.exe
  2⤵
  PID:5280
- C:\Windows\System\GAlFyxy.exe
  C:\Windows\System\GAlFyxy.exe
  2⤵
  PID:5316
- C:\Windows\System\pDDowHk.exe
  C:\Windows\System\pDDowHk.exe
  2⤵
  PID:5344
- C:\Windows\System\ggMpVgE.exe
  C:\Windows\System\ggMpVgE.exe
  2⤵
  PID:5372
- C:\Windows\System\ppLiNhv.exe
  C:\Windows\System\ppLiNhv.exe
  2⤵
  PID:5400
- C:\Windows\System\KFtTMnB.exe
  C:\Windows\System\KFtTMnB.exe
  2⤵
  PID:5436
- C:\Windows\System\jHESAPP.exe
  C:\Windows\System\jHESAPP.exe
  2⤵
  PID:5468
- C:\Windows\System\YtJdzTa.exe
  C:\Windows\System\YtJdzTa.exe
  2⤵
  PID:5492
- C:\Windows\System\clWbLjS.exe
  C:\Windows\System\clWbLjS.exe
  2⤵
  PID:5524
- C:\Windows\System\ZVoVLbQ.exe
  C:\Windows\System\ZVoVLbQ.exe
  2⤵
  PID:5552
- C:\Windows\System\dIikSpR.exe
  C:\Windows\System\dIikSpR.exe
  2⤵
  PID:5572
- C:\Windows\System\uIOPMtL.exe
  C:\Windows\System\uIOPMtL.exe
  2⤵
  PID:5588
- C:\Windows\System\scuaYSK.exe
  C:\Windows\System\scuaYSK.exe
  2⤵
  PID:5604
- C:\Windows\System\waAZbPa.exe
  C:\Windows\System\waAZbPa.exe
  2⤵
  PID:5624
- C:\Windows\System\hMiBZDR.exe
  C:\Windows\System\hMiBZDR.exe
  2⤵
  PID:5664
- C:\Windows\System\zNTvqej.exe
  C:\Windows\System\zNTvqej.exe
  2⤵
  PID:5684
- C:\Windows\System\eZnEboC.exe
  C:\Windows\System\eZnEboC.exe
  2⤵
  PID:5700
- C:\Windows\System\pgQYxuN.exe
  C:\Windows\System\pgQYxuN.exe
  2⤵
  PID:5748
- C:\Windows\System\JmdvOkP.exe
  C:\Windows\System\JmdvOkP.exe
  2⤵
  PID:5764
- C:\Windows\System\psOHLJB.exe
  C:\Windows\System\psOHLJB.exe
  2⤵
  PID:5804
- C:\Windows\System\WbpIUxO.exe
  C:\Windows\System\WbpIUxO.exe
  2⤵
  PID:5852
- C:\Windows\System\SkqaMge.exe
  C:\Windows\System\SkqaMge.exe
  2⤵
  PID:5896
- C:\Windows\System\ZgQQQLY.exe
  C:\Windows\System\ZgQQQLY.exe
  2⤵
  PID:5936
- C:\Windows\System\ahznCRi.exe
  C:\Windows\System\ahznCRi.exe
  2⤵
  PID:5952
- C:\Windows\System\UzFsjap.exe
  C:\Windows\System\UzFsjap.exe
  2⤵
  PID:5992
- C:\Windows\System\eWvZRTZ.exe
  C:\Windows\System\eWvZRTZ.exe
  2⤵
  PID:6008
- C:\Windows\System\bFJaKVL.exe
  C:\Windows\System\bFJaKVL.exe
  2⤵
  PID:6036
- C:\Windows\System\UGDsRXH.exe
  C:\Windows\System\UGDsRXH.exe
  2⤵
  PID:6064
- C:\Windows\System\jzmwriw.exe
  C:\Windows\System\jzmwriw.exe
  2⤵
  PID:6092
- C:\Windows\System\rvqxQNA.exe
  C:\Windows\System\rvqxQNA.exe
  2⤵
  PID:6108
- C:\Windows\System\SYjGUhZ.exe
  C:\Windows\System\SYjGUhZ.exe
  2⤵
  PID:6136
- C:\Windows\System\GgFyeHv.exe
  C:\Windows\System\GgFyeHv.exe
  2⤵
  PID:3332
- C:\Windows\System\nAJpPEC.exe
  C:\Windows\System\nAJpPEC.exe
  2⤵
  PID:2788
- C:\Windows\System\DZAGoRd.exe
  C:\Windows\System\DZAGoRd.exe
  2⤵
  PID:4440
- C:\Windows\System\ygkNECJ.exe
  C:\Windows\System\ygkNECJ.exe
  2⤵
  PID:5144
- C:\Windows\System\dUDUwOz.exe
  C:\Windows\System\dUDUwOz.exe
  2⤵
  PID:5240
- C:\Windows\System\AFSwqed.exe
  C:\Windows\System\AFSwqed.exe
  2⤵
  PID:5288
- C:\Windows\System\gLUikZH.exe
  C:\Windows\System\gLUikZH.exe
  2⤵
  PID:6184
- C:\Windows\System\NDGeZKk.exe
  C:\Windows\System\NDGeZKk.exe
  2⤵
  PID:6216
- C:\Windows\System\lHrsIoM.exe
  C:\Windows\System\lHrsIoM.exe
  2⤵
  PID:6244
- C:\Windows\System\RNkXhQM.exe
  C:\Windows\System\RNkXhQM.exe
  2⤵
  PID:6272
- C:\Windows\System\SNsMWCd.exe
  C:\Windows\System\SNsMWCd.exe
  2⤵
  PID:6300
- C:\Windows\System\PhgsLWD.exe
  C:\Windows\System\PhgsLWD.exe
  2⤵
  PID:6328
- C:\Windows\System\TKfSCMC.exe
  C:\Windows\System\TKfSCMC.exe
  2⤵
  PID:6356
- C:\Windows\System\uUfrKqh.exe
  C:\Windows\System\uUfrKqh.exe
  2⤵
  PID:6376
- C:\Windows\System\pbshSUN.exe
  C:\Windows\System\pbshSUN.exe
  2⤵
  PID:6412
- C:\Windows\System\zqnmVHQ.exe
  C:\Windows\System\zqnmVHQ.exe
  2⤵
  PID:6428
- C:\Windows\System\xOavErP.exe
  C:\Windows\System\xOavErP.exe
  2⤵
  PID:6444
- C:\Windows\System\dRTBCup.exe
  C:\Windows\System\dRTBCup.exe
  2⤵
  PID:6472
- C:\Windows\System\vaDcvFx.exe
  C:\Windows\System\vaDcvFx.exe
  2⤵
  PID:6496
- C:\Windows\System\CykwWJO.exe
  C:\Windows\System\CykwWJO.exe
  2⤵
  PID:6532
- C:\Windows\System\tZIGpTk.exe
  C:\Windows\System\tZIGpTk.exe
  2⤵
  PID:6564
- C:\Windows\System\stTWomc.exe
  C:\Windows\System\stTWomc.exe
  2⤵
  PID:6616
- C:\Windows\System\IiqMPrm.exe
  C:\Windows\System\IiqMPrm.exe
  2⤵
  PID:6656
- C:\Windows\System\TGisRuG.exe
  C:\Windows\System\TGisRuG.exe
  2⤵
  PID:6676
- C:\Windows\System\wExoMlY.exe
  C:\Windows\System\wExoMlY.exe
  2⤵
  PID:6704
- C:\Windows\System\UbyEmsP.exe
  C:\Windows\System\UbyEmsP.exe
  2⤵
  PID:6732
- C:\Windows\System\stGpMXv.exe
  C:\Windows\System\stGpMXv.exe
  2⤵
  PID:6760
- C:\Windows\System\PnnKRkO.exe
  C:\Windows\System\PnnKRkO.exe
  2⤵
  PID:6788
- C:\Windows\System\vvJQLHI.exe
  C:\Windows\System\vvJQLHI.exe
  2⤵
  PID:6804
- C:\Windows\System\iNyJZhM.exe
  C:\Windows\System\iNyJZhM.exe
  2⤵
  PID:6832
- C:\Windows\System\uzstsHw.exe
  C:\Windows\System\uzstsHw.exe
  2⤵
  PID:6860
- C:\Windows\System\FJxuEjy.exe
  C:\Windows\System\FJxuEjy.exe
  2⤵
  PID:6888
- C:\Windows\System\fBTDejM.exe
  C:\Windows\System\fBTDejM.exe
  2⤵
  PID:6904
- C:\Windows\System\TtHbOpJ.exe
  C:\Windows\System\TtHbOpJ.exe
  2⤵
  PID:6932
- C:\Windows\System\ZQGipzR.exe
  C:\Windows\System\ZQGipzR.exe
  2⤵
  PID:6948
- C:\Windows\System\NwFUEuo.exe
  C:\Windows\System\NwFUEuo.exe
  2⤵
  PID:6976
- C:\Windows\System\KdJsmYu.exe
  C:\Windows\System\KdJsmYu.exe
  2⤵
  PID:7020
- C:\Windows\System\AQGpsmT.exe
  C:\Windows\System\AQGpsmT.exe
  2⤵
  PID:7040
- C:\Windows\System\dcIEqlF.exe
  C:\Windows\System\dcIEqlF.exe
  2⤵
  PID:7080
- C:\Windows\System\YCpqEdV.exe
  C:\Windows\System\YCpqEdV.exe
  2⤵
  PID:7100
- C:\Windows\System\uJoUkRw.exe
  C:\Windows\System\uJoUkRw.exe
  2⤵
  PID:7148
- C:\Windows\System\dPDijuE.exe
  C:\Windows\System\dPDijuE.exe
  2⤵
  PID:6924
- C:\Windows\System\zWatgmU.exe
  C:\Windows\System\zWatgmU.exe
  2⤵
  PID:6896
- C:\Windows\System\fQujcRg.exe
  C:\Windows\System\fQujcRg.exe
  2⤵
  PID:6800
- C:\Windows\System\BirAmae.exe
  C:\Windows\System\BirAmae.exe
  2⤵
  PID:6744
- C:\Windows\System\NunXYzl.exe
  C:\Windows\System\NunXYzl.exe
  2⤵
  PID:6684
- C:\Windows\System\oZcgpin.exe
  C:\Windows\System\oZcgpin.exe
  2⤵
  PID:6612
- C:\Windows\System\wcyaTbM.exe
  C:\Windows\System\wcyaTbM.exe
  2⤵
  PID:6580
- C:\Windows\System\NReFrGN.exe
  C:\Windows\System\NReFrGN.exe
  2⤵
  PID:6492
- C:\Windows\System\lqibYoD.exe
  C:\Windows\System\lqibYoD.exe
  2⤵
  PID:6396
- C:\Windows\System\UELWKNU.exe
  C:\Windows\System\UELWKNU.exe
  2⤵
  PID:6340
- C:\Windows\System\GMslXpW.exe
  C:\Windows\System\GMslXpW.exe
  2⤵
  PID:6296
- C:\Windows\System\HKeUvsh.exe
  C:\Windows\System\HKeUvsh.exe
  2⤵
  PID:6208
- C:\Windows\System\vwHCjgv.exe
  C:\Windows\System\vwHCjgv.exe
  2⤵
  PID:6160
- C:\Windows\System\LAhhCHl.exe
  C:\Windows\System\LAhhCHl.exe
  2⤵
  PID:5204
- C:\Windows\System\aZTKejm.exe
  C:\Windows\System\aZTKejm.exe
  2⤵
  PID:2680
- C:\Windows\System\OiHxcQP.exe
  C:\Windows\System\OiHxcQP.exe
  2⤵
  PID:6104
- C:\Windows\System\rWNcvmS.exe
  C:\Windows\System\rWNcvmS.exe
  2⤵
  PID:6056
- C:\Windows\System\rcKVXuR.exe
  C:\Windows\System\rcKVXuR.exe
  2⤵
  PID:6000
- C:\Windows\System\cvvLWAS.exe
  C:\Windows\System\cvvLWAS.exe
  2⤵
  PID:5964
- C:\Windows\System\tbIYTnR.exe
  C:\Windows\System\tbIYTnR.exe
  2⤵
  PID:5836
- C:\Windows\System\HFEPJQX.exe
  C:\Windows\System\HFEPJQX.exe
  2⤵
  PID:5728
- C:\Windows\System\dyRRuhw.exe
  C:\Windows\System\dyRRuhw.exe
  2⤵
  PID:5672
- C:\Windows\System\iOjSREq.exe
  C:\Windows\System\iOjSREq.exe
  2⤵
  PID:5616
- C:\Windows\System\PWMEQiW.exe
  C:\Windows\System\PWMEQiW.exe
  2⤵
  PID:5560
- C:\Windows\System\mECFeoI.exe
  C:\Windows\System\mECFeoI.exe
  2⤵
  PID:5516
- C:\Windows\System\owAwtTD.exe
  C:\Windows\System\owAwtTD.exe
  2⤵
  PID:5460
- C:\Windows\System\kNdEbnx.exe
  C:\Windows\System\kNdEbnx.exe
  2⤵
  PID:4552
- C:\Windows\System\WroeJUS.exe
  C:\Windows\System\WroeJUS.exe
  2⤵
  PID:5424
- C:\Windows\System\TupPuRm.exe
  C:\Windows\System\TupPuRm.exe
  2⤵
  PID:5360
- C:\Windows\System\KbmlRvn.exe
  C:\Windows\System\KbmlRvn.exe
  2⤵
  PID:6996
- C:\Windows\System\beJMEIJ.exe
  C:\Windows\System\beJMEIJ.exe
  2⤵
  PID:7096
- C:\Windows\System\hTpOdnj.exe
  C:\Windows\System\hTpOdnj.exe
  2⤵
  PID:6912
- C:\Windows\System\LWWHyzU.exe
  C:\Windows\System\LWWHyzU.exe
  2⤵
  PID:6844
- C:\Windows\System\MwqLsjz.exe
  C:\Windows\System\MwqLsjz.exe
  2⤵
  PID:6664
- C:\Windows\System\OEdjXKo.exe
  C:\Windows\System\OEdjXKo.exe
  2⤵
  PID:6528
- C:\Windows\System\sABcCxw.exe
  C:\Windows\System\sABcCxw.exe
  2⤵
  PID:6364
- C:\Windows\System\wRRvoLb.exe
  C:\Windows\System\wRRvoLb.exe
  2⤵
  PID:6172
- C:\Windows\System\iwoJmzV.exe
  C:\Windows\System\iwoJmzV.exe
  2⤵
  PID:440
- C:\Windows\System\SzUXYxd.exe
  C:\Windows\System\SzUXYxd.exe
  2⤵
  PID:6028
- C:\Windows\System\LFyGiTD.exe
  C:\Windows\System\LFyGiTD.exe
  2⤵
  PID:5972
- C:\Windows\System\nKkTyTi.exe
  C:\Windows\System\nKkTyTi.exe
  2⤵
  PID:5716
- C:\Windows\System\EGhwbUz.exe
  C:\Windows\System\EGhwbUz.exe
  2⤵
  PID:5580
- C:\Windows\System\uQyeCTB.exe
  C:\Windows\System\uQyeCTB.exe
  2⤵
  PID:5480
- C:\Windows\System\rZYzBcd.exe
  C:\Windows\System\rZYzBcd.exe
  2⤵
  PID:4784
- C:\Windows\System\ZQwcHWL.exe
  C:\Windows\System\ZQwcHWL.exe
  2⤵
  PID:7012
- C:\Windows\System\sKIWpvh.exe
  C:\Windows\System\sKIWpvh.exe
  2⤵
  PID:7116
- C:\Windows\System\imrreuA.exe
  C:\Windows\System\imrreuA.exe
  2⤵
  PID:4072
- C:\Windows\System\vqwteGe.exe
  C:\Windows\System\vqwteGe.exe
  2⤵
  PID:6560
- C:\Windows\System\jAMxLcN.exe
  C:\Windows\System\jAMxLcN.exe
  2⤵
  PID:5844
- C:\Windows\System\FoltfcM.exe
  C:\Windows\System\FoltfcM.exe
  2⤵
  PID:5620
- C:\Windows\System\VnVVuTr.exe
  C:\Windows\System\VnVVuTr.exe
  2⤵
  PID:7204
- C:\Windows\System\ivoSEnB.exe
  C:\Windows\System\ivoSEnB.exe
  2⤵
  PID:7220
- C:\Windows\System\vOeLFDe.exe
  C:\Windows\System\vOeLFDe.exe
  2⤵
  PID:7240
- C:\Windows\System\QgcmXCx.exe
  C:\Windows\System\QgcmXCx.exe
  2⤵
  PID:7276
- C:\Windows\System\VUkqOoo.exe
  C:\Windows\System\VUkqOoo.exe
  2⤵
  PID:7292
- C:\Windows\System\YactmRw.exe
  C:\Windows\System\YactmRw.exe
  2⤵
  PID:7320
- C:\Windows\System\hhKyNKa.exe
  C:\Windows\System\hhKyNKa.exe
  2⤵
  PID:7360
- C:\Windows\System\oRwmFdy.exe
  C:\Windows\System\oRwmFdy.exe
  2⤵
  PID:7400
- C:\Windows\System\hGtOTIo.exe
  C:\Windows\System\hGtOTIo.exe
  2⤵
  PID:7416
- C:\Windows\System\GtKGjdn.exe
  C:\Windows\System\GtKGjdn.exe
  2⤵
  PID:7452
- C:\Windows\System\vSEsVDU.exe
  C:\Windows\System\vSEsVDU.exe
  2⤵
  PID:7472
- C:\Windows\System\KPheGgB.exe
  C:\Windows\System\KPheGgB.exe
  2⤵
  PID:7488
- C:\Windows\System\oxeWJMV.exe
  C:\Windows\System\oxeWJMV.exe
  2⤵
  PID:7504
- C:\Windows\System\VqWBpav.exe
  C:\Windows\System\VqWBpav.exe
  2⤵
  PID:7532
- C:\Windows\System\YKCCuBH.exe
  C:\Windows\System\YKCCuBH.exe
  2⤵
  PID:7560
- C:\Windows\System\tnAYOtD.exe
  C:\Windows\System\tnAYOtD.exe
  2⤵
  PID:7604
- C:\Windows\System\WVwOCoP.exe
  C:\Windows\System\WVwOCoP.exe
  2⤵
  PID:7628
- C:\Windows\System\EfjYJef.exe
  C:\Windows\System\EfjYJef.exe
  2⤵
  PID:7648
- C:\Windows\System\UafdYMa.exe
  C:\Windows\System\UafdYMa.exe
  2⤵
  PID:7664
- C:\Windows\System\rotRPox.exe
  C:\Windows\System\rotRPox.exe
  2⤵
  PID:7680
- C:\Windows\System\fnHWjAl.exe
  C:\Windows\System\fnHWjAl.exe
  2⤵
  PID:7932
- C:\Windows\System\wWqFmRc.exe
  C:\Windows\System\wWqFmRc.exe
  2⤵
  PID:7956
- C:\Windows\System\ebqhobf.exe
  C:\Windows\System\ebqhobf.exe
  2⤵
  PID:8012
- C:\Windows\System\OHXoIom.exe
  C:\Windows\System\OHXoIom.exe
  2⤵
  PID:8040
- C:\Windows\System\xvlmzEZ.exe
  C:\Windows\System\xvlmzEZ.exe
  2⤵
  PID:8072
- C:\Windows\System\ljSJYDX.exe
  C:\Windows\System\ljSJYDX.exe
  2⤵
  PID:8136
- C:\Windows\System\uQYMefz.exe
  C:\Windows\System\uQYMefz.exe
  2⤵
  PID:5412
- C:\Windows\System\qIbRYcM.exe
  C:\Windows\System\qIbRYcM.exe
  2⤵
  PID:6632
- C:\Windows\System\iwGESPj.exe
  C:\Windows\System\iwGESPj.exe
  2⤵
  PID:5692
- C:\Windows\System\bUVoVeA.exe
  C:\Windows\System\bUVoVeA.exe
  2⤵
  PID:7216
- C:\Windows\System\jVsaZZK.exe
  C:\Windows\System\jVsaZZK.exe
  2⤵
  PID:7284
- C:\Windows\System\IQRVDpT.exe
  C:\Windows\System\IQRVDpT.exe
  2⤵
  PID:7348
- C:\Windows\System\KirbhZF.exe
  C:\Windows\System\KirbhZF.exe
  2⤵
  PID:7432
- C:\Windows\System\qfEYuzg.exe
  C:\Windows\System\qfEYuzg.exe
  2⤵
  PID:7500
- C:\Windows\System\uuuTvft.exe
  C:\Windows\System\uuuTvft.exe
  2⤵
  PID:7580
- C:\Windows\System\YZWrjLw.exe
  C:\Windows\System\YZWrjLw.exe
  2⤵
  PID:7656
- C:\Windows\System\mWOFkPw.exe
  C:\Windows\System\mWOFkPw.exe
  2⤵
  PID:7776
- C:\Windows\System\Bpqzywc.exe
  C:\Windows\System\Bpqzywc.exe
  2⤵
  PID:4516
- C:\Windows\System\XAUDlGB.exe
  C:\Windows\System\XAUDlGB.exe
  2⤵
  PID:4464
- C:\Windows\System\gJsasBz.exe
  C:\Windows\System\gJsasBz.exe
  2⤵
  PID:3860
- C:\Windows\System\PbJNqhB.exe
  C:\Windows\System\PbJNqhB.exe
  2⤵
  PID:1804
- C:\Windows\System\uPWoHcU.exe
  C:\Windows\System\uPWoHcU.exe
  2⤵
  PID:3108
- C:\Windows\System\RtANnYJ.exe
  C:\Windows\System\RtANnYJ.exe
  2⤵
  PID:1916
- C:\Windows\System\FaiSNIP.exe
  C:\Windows\System\FaiSNIP.exe
  2⤵
  PID:4476
- C:\Windows\System\pUMVLbZ.exe
  C:\Windows\System\pUMVLbZ.exe
  2⤵
  PID:392
- C:\Windows\System\LsGiNBp.exe
  C:\Windows\System\LsGiNBp.exe
  2⤵
  PID:7808
- C:\Windows\System\ebnobok.exe
  C:\Windows\System\ebnobok.exe
  2⤵
  PID:7896
- C:\Windows\System\CSMKXkj.exe
  C:\Windows\System\CSMKXkj.exe
  2⤵
  PID:4500
- C:\Windows\System\KjUEJMR.exe
  C:\Windows\System\KjUEJMR.exe
  2⤵
  PID:1144
- C:\Windows\System\hYQOfmU.exe
  C:\Windows\System\hYQOfmU.exe
  2⤵
  PID:7892
- C:\Windows\System\dosCjMv.exe
  C:\Windows\System\dosCjMv.exe
  2⤵
  PID:7920
- C:\Windows\System\RBjnkwk.exe
  C:\Windows\System\RBjnkwk.exe
  2⤵
  PID:4572
- C:\Windows\System\czwfUVX.exe
  C:\Windows\System\czwfUVX.exe
  2⤵
  PID:8008
- C:\Windows\System\PIfTjBE.exe
  C:\Windows\System\PIfTjBE.exe
  2⤵
  PID:8132
- C:\Windows\System\OMvsiLW.exe
  C:\Windows\System\OMvsiLW.exe
  2⤵
  PID:6848
- C:\Windows\System\wbDgrww.exe
  C:\Windows\System\wbDgrww.exe
  2⤵
  PID:7180
- C:\Windows\System\rvFNxng.exe
  C:\Windows\System\rvFNxng.exe
  2⤵
  PID:7308
- C:\Windows\System\AcsLTJM.exe
  C:\Windows\System\AcsLTJM.exe
  2⤵
  PID:7484
- C:\Windows\System\ohqdgIH.exe
  C:\Windows\System\ohqdgIH.exe
  2⤵
  PID:7596
- C:\Windows\System\GXVCqKo.exe
  C:\Windows\System\GXVCqKo.exe
  2⤵
  PID:544
- C:\Windows\System\DEkfwKI.exe
  C:\Windows\System\DEkfwKI.exe
  2⤵
  PID:1560
- C:\Windows\System\TQNzSFT.exe
  C:\Windows\System\TQNzSFT.exe
  2⤵
  PID:908
- C:\Windows\System\ThjkveX.exe
  C:\Windows\System\ThjkveX.exe
  2⤵
  PID:32
- C:\Windows\System\JOBJLNw.exe
  C:\Windows\System\JOBJLNw.exe
  2⤵
  PID:4172
- C:\Windows\System\MxCVjYQ.exe
  C:\Windows\System\MxCVjYQ.exe
  2⤵
  PID:3440
- C:\Windows\System\MKGwKLz.exe
  C:\Windows\System\MKGwKLz.exe
  2⤵
  PID:7852
- C:\Windows\System\IWTgzqr.exe
  C:\Windows\System\IWTgzqr.exe
  2⤵
  PID:3268
- C:\Windows\System\UOjVOcX.exe
  C:\Windows\System\UOjVOcX.exe
  2⤵
  PID:8060
- C:\Windows\System\EuUptOY.exe
  C:\Windows\System\EuUptOY.exe
  2⤵
  PID:7268
- C:\Windows\System\HwXyBeZ.exe
  C:\Windows\System\HwXyBeZ.exe
  2⤵
  PID:7672
- C:\Windows\System\cuIPPhQ.exe
  C:\Windows\System\cuIPPhQ.exe
  2⤵
  PID:2936
- C:\Windows\System\CKSpSgd.exe
  C:\Windows\System\CKSpSgd.exe
  2⤵
  PID:2296
- C:\Windows\System\eskFRQY.exe
  C:\Windows\System\eskFRQY.exe
  2⤵
  PID:860
- C:\Windows\System\KrLvqnR.exe
  C:\Windows\System\KrLvqnR.exe
  2⤵
  PID:564
- C:\Windows\System\tXreKAo.exe
  C:\Windows\System\tXreKAo.exe
  2⤵
  PID:5632
- C:\Windows\System\EUQKafN.exe
  C:\Windows\System\EUQKafN.exe
  2⤵
  PID:2904
- C:\Windows\System\nOrlzzY.exe
  C:\Windows\System\nOrlzzY.exe
  2⤵
  PID:7460
- C:\Windows\System\ZjBkkZF.exe
  C:\Windows\System\ZjBkkZF.exe
  2⤵
  PID:1148
- C:\Windows\System\fSoQgtZ.exe
  C:\Windows\System\fSoQgtZ.exe
  2⤵
  PID:8200
- C:\Windows\System\GGPqCMj.exe
  C:\Windows\System\GGPqCMj.exe
  2⤵
  PID:8232
- C:\Windows\System\DuFASey.exe
  C:\Windows\System\DuFASey.exe
  2⤵
  PID:8264
- C:\Windows\System\ezQYVgu.exe
  C:\Windows\System\ezQYVgu.exe
  2⤵
  PID:8320
- C:\Windows\System\ndjuOuF.exe
  C:\Windows\System\ndjuOuF.exe
  2⤵
  PID:8356
- C:\Windows\System\GsBXXNX.exe
  C:\Windows\System\GsBXXNX.exe
  2⤵
  PID:8396
- C:\Windows\System\tUYenyp.exe
  C:\Windows\System\tUYenyp.exe
  2⤵
  PID:8424
- C:\Windows\System\oUJDJbD.exe
  C:\Windows\System\oUJDJbD.exe
  2⤵
  PID:8452
- C:\Windows\System\TdwUHII.exe
  C:\Windows\System\TdwUHII.exe
  2⤵
  PID:8480
- C:\Windows\System\QkbVoYF.exe
  C:\Windows\System\QkbVoYF.exe
  2⤵
  PID:8508
- C:\Windows\System\ZOAMiio.exe
  C:\Windows\System\ZOAMiio.exe
  2⤵
  PID:8524
- C:\Windows\System\ljrmWnL.exe
  C:\Windows\System\ljrmWnL.exe
  2⤵
  PID:8564
- C:\Windows\System\teSBDmg.exe
  C:\Windows\System\teSBDmg.exe
  2⤵
  PID:8596
- C:\Windows\System\yaHsIpj.exe
  C:\Windows\System\yaHsIpj.exe
  2⤵
  PID:8632
- C:\Windows\System\ViVhKPW.exe
  C:\Windows\System\ViVhKPW.exe
  2⤵
  PID:8652
- C:\Windows\System\tWqBxXG.exe
  C:\Windows\System\tWqBxXG.exe
  2⤵
  PID:8680
- C:\Windows\System\YFNGfue.exe
  C:\Windows\System\YFNGfue.exe
  2⤵
  PID:8716
- C:\Windows\System\naUZglz.exe
  C:\Windows\System\naUZglz.exe
  2⤵
  PID:8740
- C:\Windows\System\uKwbfmc.exe
  C:\Windows\System\uKwbfmc.exe
  2⤵
  PID:8756
- C:\Windows\System\qRZIirK.exe
  C:\Windows\System\qRZIirK.exe
  2⤵
  PID:8796
- C:\Windows\System\JlJGzmY.exe
  C:\Windows\System\JlJGzmY.exe
  2⤵
  PID:8844
- C:\Windows\System\VxmbrML.exe
  C:\Windows\System\VxmbrML.exe
  2⤵
  PID:8868
- C:\Windows\System\YVqIrrV.exe
  C:\Windows\System\YVqIrrV.exe
  2⤵
  PID:8884
- C:\Windows\System\ddzMegH.exe
  C:\Windows\System\ddzMegH.exe
  2⤵
  PID:8932
- C:\Windows\System\JJNHHnb.exe
  C:\Windows\System\JJNHHnb.exe
  2⤵
  PID:8968
- C:\Windows\System\QZgnbox.exe
  C:\Windows\System\QZgnbox.exe
  2⤵
  PID:9016
- C:\Windows\System\PtODQfJ.exe
  C:\Windows\System\PtODQfJ.exe
  2⤵
  PID:9068
- C:\Windows\System\KzbhXgz.exe
  C:\Windows\System\KzbhXgz.exe
  2⤵
  PID:9108
- C:\Windows\System\LXGPysW.exe
  C:\Windows\System\LXGPysW.exe
  2⤵
  PID:9156
- C:\Windows\System\mHQFooX.exe
  C:\Windows\System\mHQFooX.exe
  2⤵
  PID:9172
- C:\Windows\System\RoHiQrq.exe
  C:\Windows\System\RoHiQrq.exe
  2⤵
  PID:9188
- C:\Windows\System\hyQMcdj.exe
  C:\Windows\System\hyQMcdj.exe
  2⤵
  PID:680
- C:\Windows\System\WBlXesZ.exe
  C:\Windows\System\WBlXesZ.exe
  2⤵
  PID:452
- C:\Windows\System\yGvRTCk.exe
  C:\Windows\System\yGvRTCk.exe
  2⤵
  PID:8348
- C:\Windows\System\eDeeDFz.exe
  C:\Windows\System\eDeeDFz.exe
  2⤵
  PID:8420
- C:\Windows\System\oTigSUK.exe
  C:\Windows\System\oTigSUK.exe
  2⤵
  PID:4268
- C:\Windows\System\xOehXah.exe
  C:\Windows\System\xOehXah.exe
  2⤵
  PID:8536
- C:\Windows\System\trwCqMc.exe
  C:\Windows\System\trwCqMc.exe
  2⤵
  PID:8620
- C:\Windows\System\ddZDglz.exe
  C:\Windows\System\ddZDglz.exe
  2⤵
  PID:8696
- C:\Windows\System\LUvezeZ.exe
  C:\Windows\System\LUvezeZ.exe
  2⤵
  PID:8736
- C:\Windows\System\mqhWMyr.exe
  C:\Windows\System\mqhWMyr.exe
  2⤵
  PID:8788
- C:\Windows\System\fYVzJUb.exe
  C:\Windows\System\fYVzJUb.exe
  2⤵
  PID:7704
- C:\Windows\System\yLPKwmn.exe
  C:\Windows\System\yLPKwmn.exe
  2⤵
  PID:8852
- C:\Windows\System\MtNgRIl.exe
  C:\Windows\System\MtNgRIl.exe
  2⤵
  PID:8912
- C:\Windows\System\ioMihGG.exe
  C:\Windows\System\ioMihGG.exe
  2⤵
  PID:8896
- C:\Windows\System\UhUbCoT.exe
  C:\Windows\System\UhUbCoT.exe
  2⤵
  PID:2376
- C:\Windows\System\rpFOova.exe
  C:\Windows\System\rpFOova.exe
  2⤵
  PID:9044
- C:\Windows\System\rHknCLl.exe
  C:\Windows\System\rHknCLl.exe
  2⤵
  PID:9152
- C:\Windows\System\JPVQmeC.exe
  C:\Windows\System\JPVQmeC.exe
  2⤵
  PID:9184
- C:\Windows\System\UOkhILp.exe
  C:\Windows\System\UOkhILp.exe
  2⤵
  PID:8224
- C:\Windows\System\QudKSnO.exe
  C:\Windows\System\QudKSnO.exe
  2⤵
  PID:8412
- C:\Windows\System\yAxxEMc.exe
  C:\Windows\System\yAxxEMc.exe
  2⤵
  PID:8504
- C:\Windows\System\AtcsZxl.exe
  C:\Windows\System\AtcsZxl.exe
  2⤵
  PID:8648
- C:\Windows\System\pAviTpF.exe
  C:\Windows\System\pAviTpF.exe
  2⤵
  PID:7992
- C:\Windows\System\micABIV.exe
  C:\Windows\System\micABIV.exe
  2⤵
  PID:8880
- C:\Windows\System\rqgLOmq.exe
  C:\Windows\System\rqgLOmq.exe
  2⤵
  PID:560
- C:\Windows\System\YPYxJjS.exe
  C:\Windows\System\YPYxJjS.exe
  2⤵
  PID:9132
- C:\Windows\System\yJIwEzz.exe
  C:\Windows\System\yJIwEzz.exe
  2⤵
  PID:8276
- C:\Windows\System\xqgiurA.exe
  C:\Windows\System\xqgiurA.exe
  2⤵
  PID:8588
- C:\Windows\System\FfxRmJy.exe
  C:\Windows\System\FfxRmJy.exe
  2⤵
  PID:2952
- C:\Windows\System\qiSghiX.exe
  C:\Windows\System\qiSghiX.exe
  2⤵
  PID:9120
- C:\Windows\System\LUivxIB.exe
  C:\Windows\System\LUivxIB.exe
  2⤵
  PID:8776
- C:\Windows\System\CWwUfDI.exe
  C:\Windows\System\CWwUfDI.exe
  2⤵
  PID:3456
- C:\Windows\System\mpvYbGo.exe
  C:\Windows\System\mpvYbGo.exe
  2⤵
  PID:9224
- C:\Windows\System\QejYNZv.exe
  C:\Windows\System\QejYNZv.exe
  2⤵
  PID:9252
- C:\Windows\System\CstBiVK.exe
  C:\Windows\System\CstBiVK.exe
  2⤵
  PID:9280
- C:\Windows\System\AkDDZae.exe
  C:\Windows\System\AkDDZae.exe
  2⤵
  PID:9308
- C:\Windows\System\HZQbauj.exe
  C:\Windows\System\HZQbauj.exe
  2⤵
  PID:9336
- C:\Windows\System\QSUygkq.exe
  C:\Windows\System\QSUygkq.exe
  2⤵
  PID:9380
- C:\Windows\System\uknLWgN.exe
  C:\Windows\System\uknLWgN.exe
  2⤵
  PID:9400
- C:\Windows\System\VoNuckO.exe
  C:\Windows\System\VoNuckO.exe
  2⤵
  PID:9428
- C:\Windows\System\JqiSCfW.exe
  C:\Windows\System\JqiSCfW.exe
  2⤵
  PID:9464
- C:\Windows\System\aQlZRIM.exe
  C:\Windows\System\aQlZRIM.exe
  2⤵
  PID:9504
- C:\Windows\System\MwzCUlL.exe
  C:\Windows\System\MwzCUlL.exe
  2⤵
  PID:9544
- C:\Windows\System\CuJvcSj.exe
  C:\Windows\System\CuJvcSj.exe
  2⤵
  PID:9576
- C:\Windows\System\xBvatHR.exe
  C:\Windows\System\xBvatHR.exe
  2⤵
  PID:9612
- C:\Windows\System\bjIqpSc.exe
  C:\Windows\System\bjIqpSc.exe
  2⤵
  PID:9632
- C:\Windows\System\cQpMsva.exe
  C:\Windows\System\cQpMsva.exe
  2⤵
  PID:9660
- C:\Windows\System\XKMKEQf.exe
  C:\Windows\System\XKMKEQf.exe
  2⤵
  PID:9688
- C:\Windows\System\xZUIZar.exe
  C:\Windows\System\xZUIZar.exe
  2⤵
  PID:9716
- C:\Windows\System\eVUncmX.exe
  C:\Windows\System\eVUncmX.exe
  2⤵
  PID:9744
- C:\Windows\System\SwsgxdB.exe
  C:\Windows\System\SwsgxdB.exe
  2⤵
  PID:9772
- C:\Windows\System\rOAGEVU.exe
  C:\Windows\System\rOAGEVU.exe
  2⤵
  PID:9800
- C:\Windows\System\BOOwAZh.exe
  C:\Windows\System\BOOwAZh.exe
  2⤵
  PID:9828
- C:\Windows\System\qbbkcpC.exe
  C:\Windows\System\qbbkcpC.exe
  2⤵
  PID:9856
- C:\Windows\System\CWzIyEb.exe
  C:\Windows\System\CWzIyEb.exe
  2⤵
  PID:9884
- C:\Windows\System\uKevUYQ.exe
  C:\Windows\System\uKevUYQ.exe
  2⤵
  PID:9900
- C:\Windows\System\daNryjm.exe
  C:\Windows\System\daNryjm.exe
  2⤵
  PID:9928
- C:\Windows\System\cvlgwPN.exe
  C:\Windows\System\cvlgwPN.exe
  2⤵
  PID:9952
- C:\Windows\System\yLcQkIm.exe
  C:\Windows\System\yLcQkIm.exe
  2⤵
  PID:9996
- C:\Windows\System\YEOLMnh.exe
  C:\Windows\System\YEOLMnh.exe
  2⤵
  PID:10032
- C:\Windows\System\wBoqjcd.exe
  C:\Windows\System\wBoqjcd.exe
  2⤵
  PID:10068
- C:\Windows\System\bsBFRYF.exe
  C:\Windows\System\bsBFRYF.exe
  2⤵
  PID:10096
- C:\Windows\System\bMEdDfj.exe
  C:\Windows\System\bMEdDfj.exe
  2⤵
  PID:10124
- C:\Windows\System\VTGbqrW.exe
  C:\Windows\System\VTGbqrW.exe
  2⤵
  PID:10156
- C:\Windows\System\NsZvigW.exe
  C:\Windows\System\NsZvigW.exe
  2⤵
  PID:10184
- C:\Windows\System\wsSUZjN.exe
  C:\Windows\System\wsSUZjN.exe
  2⤵
  PID:10208
- C:\Windows\System\BpdnsII.exe
  C:\Windows\System\BpdnsII.exe
  2⤵
  PID:9128
- C:\Windows\System\RPlekNE.exe
  C:\Windows\System\RPlekNE.exe
  2⤵
  PID:9268
- C:\Windows\System\XhVlWmW.exe
  C:\Windows\System\XhVlWmW.exe
  2⤵
  PID:9328
- C:\Windows\System\xntrZhJ.exe
  C:\Windows\System\xntrZhJ.exe
  2⤵
  PID:9392
- C:\Windows\System\aizrzSs.exe
  C:\Windows\System\aizrzSs.exe
  2⤵
  PID:9440
- C:\Windows\System\yDOXGpm.exe
  C:\Windows\System\yDOXGpm.exe
  2⤵
  PID:9536
- C:\Windows\System\FFdKXea.exe
  C:\Windows\System\FFdKXea.exe
  2⤵
  PID:9588
- C:\Windows\System\nZJxafU.exe
  C:\Windows\System\nZJxafU.exe
  2⤵
  PID:9644
- C:\Windows\System\JbbeYBT.exe
  C:\Windows\System\JbbeYBT.exe
  2⤵
  PID:9708
- C:\Windows\System\JHnctQK.exe
  C:\Windows\System\JHnctQK.exe
  2⤵
  PID:9764
- C:\Windows\System\UQJslOY.exe
  C:\Windows\System\UQJslOY.exe
  2⤵
  PID:9812
- C:\Windows\System\XaCfwET.exe
  C:\Windows\System\XaCfwET.exe
  2⤵
  PID:9892
- C:\Windows\System\wXtylAH.exe
  C:\Windows\System\wXtylAH.exe
  2⤵
  PID:9944
- C:\Windows\System\zBCRAAe.exe
  C:\Windows\System\zBCRAAe.exe
  2⤵
  PID:10004
- C:\Windows\System\ZqphxYy.exe
  C:\Windows\System\ZqphxYy.exe
  2⤵
  PID:10080
- C:\Windows\System\vGSGdGc.exe
  C:\Windows\System\vGSGdGc.exe
  2⤵
  PID:10144
- C:\Windows\System\OoPoGmw.exe
  C:\Windows\System\OoPoGmw.exe
  2⤵
  PID:10204
- C:\Windows\System\mxeKRiz.exe
  C:\Windows\System\mxeKRiz.exe
  2⤵
  PID:9164
- C:\Windows\System\iYbzUyX.exe
  C:\Windows\System\iYbzUyX.exe
  2⤵
  PID:9424
- C:\Windows\System\XewdtVu.exe
  C:\Windows\System\XewdtVu.exe
  2⤵
  PID:5324
- C:\Windows\System\MnBwAMD.exe
  C:\Windows\System\MnBwAMD.exe
  2⤵
  PID:9700
- C:\Windows\System\fVUmjGS.exe
  C:\Windows\System\fVUmjGS.exe
  2⤵
  PID:5860
- C:\Windows\System\chQPsAv.exe
  C:\Windows\System\chQPsAv.exe
  2⤵
  PID:5908
- C:\Windows\System\OpGFxwb.exe
  C:\Windows\System\OpGFxwb.exe
  2⤵
  PID:10108
- C:\Windows\System\areTzbe.exe
  C:\Windows\System\areTzbe.exe
  2⤵
  PID:9248
- C:\Windows\System\BCbNncQ.exe
  C:\Windows\System\BCbNncQ.exe
  2⤵
  PID:9684
- C:\Windows\System\TDaJWcF.exe
  C:\Windows\System\TDaJWcF.exe
  2⤵
  PID:9876
- C:\Windows\System\uUxeFZn.exe
  C:\Windows\System\uUxeFZn.exe
  2⤵
  PID:10200
- C:\Windows\System\HyZHnYR.exe
  C:\Windows\System\HyZHnYR.exe
  2⤵
  PID:9824
- C:\Windows\System\PIOXrMT.exe
  C:\Windows\System\PIOXrMT.exe
  2⤵
  PID:6076
- C:\Windows\System\NgnWBmT.exe
  C:\Windows\System\NgnWBmT.exe
  2⤵
  PID:10272
- C:\Windows\System\CbxyRLm.exe
  C:\Windows\System\CbxyRLm.exe
  2⤵
  PID:10324
- C:\Windows\System\JQPfrdb.exe
  C:\Windows\System\JQPfrdb.exe
  2⤵
  PID:10356
- C:\Windows\System\HvIMAFd.exe
  C:\Windows\System\HvIMAFd.exe
  2⤵
  PID:10400
- C:\Windows\System\viFGUlD.exe
  C:\Windows\System\viFGUlD.exe
  2⤵
  PID:10432
- C:\Windows\System\ZCNvEsF.exe
  C:\Windows\System\ZCNvEsF.exe
  2⤵
  PID:10488
- C:\Windows\System\TODVVWX.exe
  C:\Windows\System\TODVVWX.exe
  2⤵
  PID:10536
- C:\Windows\System\tuqJXXK.exe
  C:\Windows\System\tuqJXXK.exe
  2⤵
  PID:10588
- C:\Windows\System\LFhrfmh.exe
  C:\Windows\System\LFhrfmh.exe
  2⤵
  PID:10612
- C:\Windows\System\iLgvHaZ.exe
  C:\Windows\System\iLgvHaZ.exe
  2⤵
  PID:10660
- C:\Windows\System\QKMTRef.exe
  C:\Windows\System\QKMTRef.exe
  2⤵
  PID:10696
- C:\Windows\System\YCMsxtK.exe
  C:\Windows\System\YCMsxtK.exe
  2⤵
  PID:10736
- C:\Windows\System\kGQmNsK.exe
  C:\Windows\System\kGQmNsK.exe
  2⤵
  PID:10760
- C:\Windows\System\wCmuRHS.exe
  C:\Windows\System\wCmuRHS.exe
  2⤵
  PID:10832
- C:\Windows\System\SatRuRF.exe
  C:\Windows\System\SatRuRF.exe
  2⤵
  PID:10848
- C:\Windows\System\EJPaHSu.exe
  C:\Windows\System\EJPaHSu.exe
  2⤵
  PID:10864
- C:\Windows\System\pBggnYN.exe
  C:\Windows\System\pBggnYN.exe
  2⤵
  PID:10880
- C:\Windows\System\JSlKoRD.exe
  C:\Windows\System\JSlKoRD.exe
  2⤵
  PID:10936
- C:\Windows\System\sEHXMme.exe
  C:\Windows\System\sEHXMme.exe
  2⤵
  PID:10960
- C:\Windows\System\FbXiVGb.exe
  C:\Windows\System\FbXiVGb.exe
  2⤵
  PID:10996
- C:\Windows\System\zOaLGPD.exe
  C:\Windows\System\zOaLGPD.exe
  2⤵
  PID:11028
- C:\Windows\System\rcmqeli.exe
  C:\Windows\System\rcmqeli.exe
  2⤵
  PID:11064
- C:\Windows\System\xHaopPn.exe
  C:\Windows\System\xHaopPn.exe
  2⤵
  PID:11092
- C:\Windows\System\LumleRt.exe
  C:\Windows\System\LumleRt.exe
  2⤵
  PID:11164
- C:\Windows\System\SfNHgxV.exe
  C:\Windows\System\SfNHgxV.exe
  2⤵
  PID:11188
- C:\Windows\System\YOaqQta.exe
  C:\Windows\System\YOaqQta.exe
  2⤵
  PID:11204
- C:\Windows\System\rcMJBdw.exe
  C:\Windows\System\rcMJBdw.exe
  2⤵
  PID:11244
- C:\Windows\System\vcXQset.exe
  C:\Windows\System\vcXQset.exe
  2⤵
  PID:11260
- C:\Windows\System\GNaTcFh.exe
  C:\Windows\System\GNaTcFh.exe
  2⤵
  PID:4088
- C:\Windows\System\LXQyKJT.exe
  C:\Windows\System\LXQyKJT.exe
  2⤵
  PID:10412
- C:\Windows\System\Oqjfwoj.exe
  C:\Windows\System\Oqjfwoj.exe
  2⤵
  PID:9940
- C:\Windows\System\QlWYqsb.exe
  C:\Windows\System\QlWYqsb.exe
  2⤵
  PID:10516
- C:\Windows\System\uvEXzCJ.exe
  C:\Windows\System\uvEXzCJ.exe
  2⤵
  PID:6324
- C:\Windows\System\ifZyyEO.exe
  C:\Windows\System\ifZyyEO.exe
  2⤵
  PID:6388
- C:\Windows\System\IvUFKYq.exe
  C:\Windows\System\IvUFKYq.exe
  2⤵
  PID:1816
- C:\Windows\System\ogzTcrO.exe
  C:\Windows\System\ogzTcrO.exe
  2⤵
  PID:10576
- C:\Windows\System\xVsamFp.exe
  C:\Windows\System\xVsamFp.exe
  2⤵
  PID:10648
- C:\Windows\System\POoBDoH.exe
  C:\Windows\System\POoBDoH.exe
  2⤵
  PID:10680
- C:\Windows\System\IuwVXDA.exe
  C:\Windows\System\IuwVXDA.exe
  2⤵
  PID:10724
- C:\Windows\System\lyjKljj.exe
  C:\Windows\System\lyjKljj.exe
  2⤵
  PID:10784
- C:\Windows\System\guprxQD.exe
  C:\Windows\System\guprxQD.exe
  2⤵
  PID:10824
- C:\Windows\System\FZurDbN.exe
  C:\Windows\System\FZurDbN.exe
  2⤵
  PID:224
- C:\Windows\System\iJZUUXq.exe
  C:\Windows\System\iJZUUXq.exe
  2⤵
  PID:10924
- C:\Windows\System\ewiYWRS.exe
  C:\Windows\System\ewiYWRS.exe
  2⤵
  PID:10972
- C:\Windows\System\uHSbJeG.exe
  C:\Windows\System\uHSbJeG.exe
  2⤵
  PID:2076
- C:\Windows\System\QPUvMAl.exe
  C:\Windows\System\QPUvMAl.exe
  2⤵
  PID:6868
- C:\Windows\System\BCkejeq.exe
  C:\Windows\System\BCkejeq.exe
  2⤵
  PID:11080
- C:\Windows\System\GHDTlSI.exe
  C:\Windows\System\GHDTlSI.exe
  2⤵
  PID:10640
- C:\Windows\System\ZmxwzDY.exe
  C:\Windows\System\ZmxwzDY.exe
  2⤵
  PID:10812
- C:\Windows\System\niIOugn.exe
  C:\Windows\System\niIOugn.exe
  2⤵
  PID:10628
- C:\Windows\System\rKLPKJC.exe
  C:\Windows\System\rKLPKJC.exe
  2⤵
  PID:7016
- C:\Windows\System\MItXXjt.exe
  C:\Windows\System\MItXXjt.exe
  2⤵
  PID:7112
- C:\Windows\System\ebSnNgv.exe
  C:\Windows\System\ebSnNgv.exe
  2⤵
  PID:6852
- C:\Windows\System\dmdBVOt.exe
  C:\Windows\System\dmdBVOt.exe
  2⤵
  PID:6596
- C:\Windows\System\LDOoMyl.exe
  C:\Windows\System\LDOoMyl.exe
  2⤵
  PID:6556
- C:\Windows\System\QCkwJOs.exe
  C:\Windows\System\QCkwJOs.exe
  2⤵
  PID:6212
- C:\Windows\System\eYxYQdg.exe
  C:\Windows\System\eYxYQdg.exe
  2⤵
  PID:5304
- C:\Windows\System\xoTDRol.exe
  C:\Windows\System\xoTDRol.exe
  2⤵
  PID:6048
- C:\Windows\System\BTFhfkw.exe
  C:\Windows\System\BTFhfkw.exe
  2⤵
  PID:5388
- C:\Windows\System\SqHVicE.exe
  C:\Windows\System\SqHVicE.exe
  2⤵
  PID:7124
- C:\Windows\System\gJMWYkR.exe
  C:\Windows\System\gJMWYkR.exe
  2⤵
  PID:6776
- C:\Windows\System\ykcXukd.exe
  C:\Windows\System\ykcXukd.exe
  2⤵
  PID:6816
- C:\Windows\System\cIzfYiV.exe
  C:\Windows\System\cIzfYiV.exe
  2⤵
  PID:7136
- C:\Windows\System\QpDRRZL.exe
  C:\Windows\System\QpDRRZL.exe
  2⤵
  PID:2932
- C:\Windows\System\cHhKCtt.exe
  C:\Windows\System\cHhKCtt.exe
  2⤵
  PID:4404
- C:\Windows\System\VlZZsLp.exe
  C:\Windows\System\VlZZsLp.exe
  2⤵
  PID:2428
- C:\Windows\System\HPyMKvW.exe
  C:\Windows\System\HPyMKvW.exe
  2⤵
  PID:1320
- C:\Windows\System\jCnyFnd.exe
  C:\Windows\System\jCnyFnd.exe
  2⤵
  PID:3664
- C:\Windows\System\XCCZoEA.exe
  C:\Windows\System\XCCZoEA.exe
  2⤵
  PID:4032
- C:\Windows\System\tYeuJDv.exe
  C:\Windows\System\tYeuJDv.exe
  2⤵
  PID:3180
- C:\Windows\System\SXVsTjR.exe
  C:\Windows\System\SXVsTjR.exe
  2⤵
  PID:1324
- C:\Windows\System\xPzAuzo.exe
  C:\Windows\System\xPzAuzo.exe
  2⤵
  PID:11176
- C:\Windows\System\LluercM.exe
  C:\Windows\System\LluercM.exe
  2⤵
  PID:11200
- C:\Windows\System\WbxDPkS.exe
  C:\Windows\System\WbxDPkS.exe
  2⤵
  PID:11228
- C:\Windows\System\zfYjAEh.exe
  C:\Windows\System\zfYjAEh.exe
  2⤵
  PID:10256
- C:\Windows\System\nLZbprW.exe
  C:\Windows\System\nLZbprW.exe
  2⤵
  PID:10388
- C:\Windows\System\aSANGqg.exe
  C:\Windows\System\aSANGqg.exe
  2⤵
  PID:10464
- C:\Windows\System\URcSdxy.exe
  C:\Windows\System\URcSdxy.exe
  2⤵
  PID:10284
- C:\Windows\System\hRbBkRZ.exe
  C:\Windows\System\hRbBkRZ.exe
  2⤵
  PID:6372
- C:\Windows\System\kvPbHho.exe
  C:\Windows\System\kvPbHho.exe
  2⤵
  PID:10584
- C:\Windows\System\PdjmtFj.exe
  C:\Windows\System\PdjmtFj.exe
  2⤵
  PID:4996
- C:\Windows\System\lkhajGs.exe
  C:\Windows\System\lkhajGs.exe
  2⤵
  PID:2892
- C:\Windows\System\ZanukEI.exe
  C:\Windows\System\ZanukEI.exe
  2⤵
  PID:2272
- C:\Windows\System\gsrYIbr.exe
  C:\Windows\System\gsrYIbr.exe
  2⤵
  PID:10876
- C:\Windows\System\QcDhypr.exe
  C:\Windows\System\QcDhypr.exe
  2⤵
  PID:3408
- C:\Windows\System\HbJwuWk.exe
  C:\Windows\System\HbJwuWk.exe
  2⤵
  PID:3704
- C:\Windows\System\ZpwUOIg.exe
  C:\Windows\System\ZpwUOIg.exe
  2⤵
  PID:3228
- C:\Windows\System\qVWfUOZ.exe
  C:\Windows\System\qVWfUOZ.exe
  2⤵
  PID:11104
- C:\Windows\System\NQQdOtY.exe
  C:\Windows\System\NQQdOtY.exe
  2⤵
  PID:10704
- C:\Windows\System\JNhfPOA.exe
  C:\Windows\System\JNhfPOA.exe
  2⤵
  PID:7164
- C:\Windows\System\MQZlAed.exe
  C:\Windows\System\MQZlAed.exe
  2⤵
  PID:5136
- C:\Windows\System\KoLHDPG.exe
  C:\Windows\System\KoLHDPG.exe
  2⤵
  PID:6540
- C:\Windows\System\HdIDHDL.exe
  C:\Windows\System\HdIDHDL.exe
  2⤵
  PID:6368
- C:\Windows\System\eBwPrbO.exe
  C:\Windows\System\eBwPrbO.exe
  2⤵
  PID:5760
- C:\Windows\System\dAInNfn.exe
  C:\Windows\System\dAInNfn.exe
  2⤵
  PID:7008
- C:\Windows\System\ydNMWmD.exe
  C:\Windows\System\ydNMWmD.exe
  2⤵
  PID:5276
- C:\Windows\System\YHhqweg.exe
  C:\Windows\System\YHhqweg.exe
  2⤵
  PID:5796
- C:\Windows\System\mnJqPky.exe
  C:\Windows\System\mnJqPky.exe
  2⤵
  PID:10580
- C:\Windows\System\SnyWBXW.exe
  C:\Windows\System\SnyWBXW.exe
  2⤵
  PID:8304
- C:\Windows\System\YtjzDwD.exe
  C:\Windows\System\YtjzDwD.exe
  2⤵
  PID:5396
- C:\Windows\System\BYfbEhF.exe
  C:\Windows\System\BYfbEhF.exe
  2⤵
  PID:8288
- C:\Windows\System\QobvSkw.exe
  C:\Windows\System\QobvSkw.exe
  2⤵
  PID:11100
- C:\Windows\System\DWvhHfQ.exe
  C:\Windows\System\DWvhHfQ.exe
  2⤵
  PID:3356
- C:\Windows\System\odhValR.exe
  C:\Windows\System\odhValR.exe
  2⤵
  PID:5064
- C:\Windows\System\EwLzHBQ.exe
  C:\Windows\System\EwLzHBQ.exe
  2⤵
  PID:5520
- C:\Windows\System\hZetfVm.exe
  C:\Windows\System\hZetfVm.exe
  2⤵
  PID:5536
- C:\Windows\System\ipcLdJQ.exe
  C:\Windows\System\ipcLdJQ.exe
  2⤵
  PID:11256
- C:\Windows\System\vVulucp.exe
  C:\Windows\System\vVulucp.exe
  2⤵
  PID:10332
- C:\Windows\System\TkDbfWt.exe
  C:\Windows\System\TkDbfWt.exe
  2⤵
  PID:10444
- C:\Windows\System\ADeLQHC.exe
  C:\Windows\System\ADeLQHC.exe
  2⤵
  PID:1824
- C:\Windows\System\PBZMtkF.exe
  C:\Windows\System\PBZMtkF.exe
  2⤵
  PID:3328
- C:\Windows\System\TwlxkBR.exe
  C:\Windows\System\TwlxkBR.exe
  2⤵
  PID:4696
- C:\Windows\System\dXmwkJS.exe
  C:\Windows\System\dXmwkJS.exe
  2⤵
  PID:11004
- C:\Windows\System\YCUXLAy.exe
  C:\Windows\System\YCUXLAy.exe
  2⤵
  PID:212
- C:\Windows\System\ImrJCpJ.exe
  C:\Windows\System\ImrJCpJ.exe
  2⤵
  PID:5212
- C:\Windows\System\EEXFoiD.exe
  C:\Windows\System\EEXFoiD.exe
  2⤵
  PID:5912
- C:\Windows\System\QIBkMna.exe
  C:\Windows\System\QIBkMna.exe
  2⤵
  PID:2560
- C:\Windows\System\PImcrHS.exe
  C:\Windows\System\PImcrHS.exe
  2⤵
  PID:5680
- C:\Windows\System\zvFNrSD.exe
  C:\Windows\System\zvFNrSD.exe
  2⤵
  PID:8824
- C:\Windows\System\vKlaIeY.exe
  C:\Windows\System\vKlaIeY.exe
  2⤵
  PID:5872
- C:\Windows\System\lIdDfYl.exe
  C:\Windows\System\lIdDfYl.exe
  2⤵
  PID:8832
- C:\Windows\System\wjpaASH.exe
  C:\Windows\System\wjpaASH.exe
  2⤵
  PID:3828
- C:\Windows\System\XOXvZFT.exe
  C:\Windows\System\XOXvZFT.exe
  2⤵
  PID:3252
- C:\Windows\System\oCSLlvx.exe
  C:\Windows\System\oCSLlvx.exe
  2⤵
  PID:11252
- C:\Windows\System\tpmufIM.exe
  C:\Windows\System\tpmufIM.exe
  2⤵
  PID:4888
- C:\Windows\System\ocnscgm.exe
  C:\Windows\System\ocnscgm.exe
  2⤵
  PID:2260
- C:\Windows\System\yyaSwbi.exe
  C:\Windows\System\yyaSwbi.exe
  2⤵
  PID:10980
- C:\Windows\System\PJUrgDm.exe
  C:\Windows\System\PJUrgDm.exe
  2⤵
  PID:7056
- C:\Windows\System\RjtjWbc.exe
  C:\Windows\System\RjtjWbc.exe
  2⤵
  PID:5784
- C:\Windows\System\hnTBHWH.exe
  C:\Windows\System\hnTBHWH.exe
  2⤵
  PID:5292
- C:\Windows\System\ANFOyNj.exe
  C:\Windows\System\ANFOyNj.exe
  2⤵
  PID:3784
- C:\Windows\System\AGzaSnl.exe
  C:\Windows\System\AGzaSnl.exe
  2⤵
  PID:5840
- C:\Windows\System\ZAHLAAk.exe
  C:\Windows\System\ZAHLAAk.exe
  2⤵
  PID:5916
- C:\Windows\System\YZzmLMe.exe
  C:\Windows\System\YZzmLMe.exe
  2⤵
  PID:5188
- C:\Windows\System\uGZpPqT.exe
  C:\Windows\System\uGZpPqT.exe
  2⤵
  PID:4036
- C:\Windows\System\vPwjHfs.exe
  C:\Windows\System\vPwjHfs.exe
  2⤵
  PID:6088
- C:\Windows\System\zBBGnAH.exe
  C:\Windows\System\zBBGnAH.exe
  2⤵
  PID:6148
- C:\Windows\System\QTLhjDb.exe
  C:\Windows\System\QTLhjDb.exe
  2⤵
  PID:5792
- C:\Windows\System\ZXxnkuV.exe
  C:\Windows\System\ZXxnkuV.exe
  2⤵
  PID:5816
- C:\Windows\System\XRQvMrB.exe
  C:\Windows\System\XRQvMrB.exe
  2⤵
  PID:6268
- C:\Windows\System\PoZQAIN.exe
  C:\Windows\System\PoZQAIN.exe
  2⤵
  PID:6292
- C:\Windows\System\LFSCKzY.exe
  C:\Windows\System\LFSCKzY.exe
  2⤵
  PID:6156
- C:\Windows\System\GhbBZvA.exe
  C:\Windows\System\GhbBZvA.exe
  2⤵
  PID:11196
- C:\Windows\System\Qfumwwn.exe
  C:\Windows\System\Qfumwwn.exe
  2⤵
  PID:1476
- C:\Windows\System\GyXaSgZ.exe
  C:\Windows\System\GyXaSgZ.exe
  2⤵
  PID:5928
- C:\Windows\System\rGaoRyl.exe
  C:\Windows\System\rGaoRyl.exe
  2⤵
  PID:11284
- C:\Windows\System\BcrIhet.exe
  C:\Windows\System\BcrIhet.exe
  2⤵
  PID:11312
- C:\Windows\System\IOdbjyv.exe
  C:\Windows\System\IOdbjyv.exe
  2⤵
  PID:11340
- C:\Windows\System\YZwbbkZ.exe
  C:\Windows\System\YZwbbkZ.exe
  2⤵
  PID:11372
- C:\Windows\System\JVEpucQ.exe
  C:\Windows\System\JVEpucQ.exe
  2⤵
  PID:11400
- C:\Windows\System\CcEzXAc.exe
  C:\Windows\System\CcEzXAc.exe
  2⤵
  PID:11428
- C:\Windows\System\inTspNC.exe
  C:\Windows\System\inTspNC.exe
  2⤵
  PID:11456
- C:\Windows\System\BLEJLrf.exe
  C:\Windows\System\BLEJLrf.exe
  2⤵
  PID:11484
- C:\Windows\System\bgLFmBq.exe
  C:\Windows\System\bgLFmBq.exe
  2⤵
  PID:11512
- C:\Windows\System\oeBdsvL.exe
  C:\Windows\System\oeBdsvL.exe
  2⤵
  PID:11540
- C:\Windows\System\PhdwqrK.exe
  C:\Windows\System\PhdwqrK.exe
  2⤵
  PID:11568
- C:\Windows\System\vWijCmv.exe
  C:\Windows\System\vWijCmv.exe
  2⤵
  PID:11596
- C:\Windows\System\QhDEqRM.exe
  C:\Windows\System\QhDEqRM.exe
  2⤵
  PID:11624
- C:\Windows\System\mvCglKQ.exe
  C:\Windows\System\mvCglKQ.exe
  2⤵
  PID:11652
- C:\Windows\System\TUVfnUh.exe
  C:\Windows\System\TUVfnUh.exe
  2⤵
  PID:11680
- C:\Windows\System\vfUmvpb.exe
  C:\Windows\System\vfUmvpb.exe
  2⤵
  PID:11712
- C:\Windows\System\aggjreD.exe
  C:\Windows\System\aggjreD.exe
  2⤵
  PID:11744
- C:\Windows\System\LSJHZQh.exe
  C:\Windows\System\LSJHZQh.exe
  2⤵
  PID:11764
- C:\Windows\System\hEpXegZ.exe
  C:\Windows\System\hEpXegZ.exe
  2⤵
  PID:11792
- C:\Windows\System\ZpujnBs.exe
  C:\Windows\System\ZpujnBs.exe
  2⤵
  PID:11820
- C:\Windows\System\BAqkXFe.exe
  C:\Windows\System\BAqkXFe.exe
  2⤵
  PID:11848
- C:\Windows\System\bHsfpiJ.exe
  C:\Windows\System\bHsfpiJ.exe
  2⤵
  PID:11876
- C:\Windows\System\GymXHzy.exe
  C:\Windows\System\GymXHzy.exe
  2⤵
  PID:11904
- C:\Windows\System\pqbgbAh.exe
  C:\Windows\System\pqbgbAh.exe
  2⤵
  PID:11932
- C:\Windows\System\lqMaiiD.exe
  C:\Windows\System\lqMaiiD.exe
  2⤵
  PID:11960
- C:\Windows\System\uYmYzwH.exe
  C:\Windows\System\uYmYzwH.exe
  2⤵
  PID:11992
- C:\Windows\System\ifINlth.exe
  C:\Windows\System\ifINlth.exe
  2⤵
  PID:12016
- C:\Windows\System\MLgpmSH.exe
  C:\Windows\System\MLgpmSH.exe
  2⤵
  PID:12044
- C:\Windows\System\HhlnCYq.exe
  C:\Windows\System\HhlnCYq.exe
  2⤵
  PID:12076
- C:\Windows\System\CBgwpoR.exe
  C:\Windows\System\CBgwpoR.exe
  2⤵
  PID:12104
- C:\Windows\System\wkjfkIr.exe
  C:\Windows\System\wkjfkIr.exe
  2⤵
  PID:12132
- C:\Windows\System\ykCjpdk.exe
  C:\Windows\System\ykCjpdk.exe
  2⤵
  PID:12160
- C:\Windows\System\iSjiGnB.exe
  C:\Windows\System\iSjiGnB.exe
  2⤵
  PID:12188
- C:\Windows\System\EcLDAWP.exe
  C:\Windows\System\EcLDAWP.exe
  2⤵
  PID:12216
- C:\Windows\System\lEKdkxY.exe
  C:\Windows\System\lEKdkxY.exe
  2⤵
  PID:12244
- C:\Windows\System\eApUDmM.exe
  C:\Windows\System\eApUDmM.exe
  2⤵
  PID:12272
- C:\Windows\System\ndTHSpR.exe
  C:\Windows\System\ndTHSpR.exe
  2⤵
  PID:11296
- C:\Windows\System\pYdklpK.exe
  C:\Windows\System\pYdklpK.exe
  2⤵
  PID:6468
- C:\Windows\System\mNJzJDr.exe
  C:\Windows\System\mNJzJDr.exe
  2⤵
  PID:6484
- C:\Windows\System\txTTGWj.exe
  C:\Windows\System\txTTGWj.exe
  2⤵
  PID:6488
- C:\Windows\System\RvendvW.exe
  C:\Windows\System\RvendvW.exe
  2⤵
  PID:6584
- C:\Windows\System\tUOZbzB.exe
  C:\Windows\System\tUOZbzB.exe
  2⤵
  PID:6544
- C:\Windows\System\rrXHiAW.exe
  C:\Windows\System\rrXHiAW.exe
  2⤵
  PID:6668
- C:\Windows\System\oQUCAZK.exe
  C:\Windows\System\oQUCAZK.exe
  2⤵
  PID:11580
- C:\Windows\System\qpfgglA.exe
  C:\Windows\System\qpfgglA.exe
  2⤵
  PID:11636
- C:\Windows\System\ixMmzXG.exe
  C:\Windows\System\ixMmzXG.exe
  2⤵
  PID:11692
- C:\Windows\System\uDCJIlf.exe
  C:\Windows\System\uDCJIlf.exe
  2⤵
  PID:11732
- C:\Windows\System\CnXKRvH.exe
  C:\Windows\System\CnXKRvH.exe
  2⤵
  PID:11788
- C:\Windows\System\eufQocW.exe
  C:\Windows\System\eufQocW.exe
  2⤵
  PID:11840
- C:\Windows\System\xdwGfkm.exe
  C:\Windows\System\xdwGfkm.exe
  2⤵
  PID:11360
- C:\Windows\System\aWqvqWp.exe
  C:\Windows\System\aWqvqWp.exe
  2⤵
  PID:11944
- C:\Windows\System\bhkxuJd.exe
  C:\Windows\System\bhkxuJd.exe
  2⤵
  PID:12008
- C:\Windows\System\rxEhSpk.exe
  C:\Windows\System\rxEhSpk.exe
  2⤵
  PID:12068
- C:\Windows\System\XpfQffO.exe
  C:\Windows\System\XpfQffO.exe
  2⤵
  PID:12152
- C:\Windows\System\ARSxZkq.exe
  C:\Windows\System\ARSxZkq.exe
  2⤵
  PID:12212
- C:\Windows\System\ZBOkheS.exe
  C:\Windows\System\ZBOkheS.exe
  2⤵
  PID:12284
- C:\Windows\System\EsFsFGw.exe
  C:\Windows\System\EsFsFGw.exe
  2⤵
  PID:11380
- C:\Windows\System\yVVTAxY.exe
  C:\Windows\System\yVVTAxY.exe
  2⤵
  PID:6636
- C:\Windows\System\NXuNnyx.exe
  C:\Windows\System\NXuNnyx.exe
  2⤵
  PID:11536
- C:\Windows\System\LpKXEjb.exe
  C:\Windows\System\LpKXEjb.exe
  2⤵
  PID:11672
- C:\Windows\System\KdxtNOU.exe
  C:\Windows\System\KdxtNOU.exe
  2⤵
  PID:11784
- C:\Windows\System\IVBsRtM.exe
  C:\Windows\System\IVBsRtM.exe
  2⤵
  PID:11888
- C:\Windows\System\GSKuHLc.exe
  C:\Windows\System\GSKuHLc.exe
  2⤵
  PID:12000
- C:\Windows\System\mguDKav.exe
  C:\Windows\System\mguDKav.exe
  2⤵
  PID:12200
- C:\Windows\System\tFagvYO.exe
  C:\Windows\System\tFagvYO.exe
  2⤵
  PID:11368
- C:\Windows\System\kHaGrtg.exe
  C:\Windows\System\kHaGrtg.exe
  2⤵
  PID:11620
- C:\Windows\System\RZqEwjz.exe
  C:\Windows\System\RZqEwjz.exe
  2⤵
  PID:11872
- C:\Windows\System\rYWRhER.exe
  C:\Windows\System\rYWRhER.exe
  2⤵
  PID:12264
- C:\Windows\System\bxvmfai.exe
  C:\Windows\System\bxvmfai.exe
  2⤵
  PID:11608
- C:\Windows\System\kjmizuw.exe
  C:\Windows\System\kjmizuw.exe
  2⤵
  PID:11324
- C:\Windows\System\MHLVukK.exe
  C:\Windows\System\MHLVukK.exe
  2⤵
  PID:12180
- C:\Windows\System\KWLaDJn.exe
  C:\Windows\System\KWLaDJn.exe
  2⤵
  PID:12312
- C:\Windows\System\aVGJTvF.exe
  C:\Windows\System\aVGJTvF.exe
  2⤵
  PID:12340
- C:\Windows\System\XrCAtxw.exe
  C:\Windows\System\XrCAtxw.exe
  2⤵
  PID:12368
- C:\Windows\System\oWdLzKT.exe
  C:\Windows\System\oWdLzKT.exe
  2⤵
  PID:12396
- C:\Windows\System\WncbzdR.exe
  C:\Windows\System\WncbzdR.exe
  2⤵
  PID:12424
- C:\Windows\System\Zwekusv.exe
  C:\Windows\System\Zwekusv.exe
  2⤵
  PID:12452
- C:\Windows\System\EWHbrnR.exe
  C:\Windows\System\EWHbrnR.exe
  2⤵
  PID:12480
- C:\Windows\System\HmFzaPR.exe
  C:\Windows\System\HmFzaPR.exe
  2⤵
  PID:12520
- C:\Windows\System\fzpTOeS.exe
  C:\Windows\System\fzpTOeS.exe
  2⤵
  PID:12540
- C:\Windows\System\cpiimUg.exe
  C:\Windows\System\cpiimUg.exe
  2⤵
  PID:12568
- C:\Windows\System\HwYoLBt.exe
  C:\Windows\System\HwYoLBt.exe
  2⤵
  PID:12596
- C:\Windows\System\cyZmDeD.exe
  C:\Windows\System\cyZmDeD.exe
  2⤵
  PID:12624
- C:\Windows\System\JtFTsOo.exe
  C:\Windows\System\JtFTsOo.exe
  2⤵
  PID:12652
- C:\Windows\System\ZopFFOX.exe
  C:\Windows\System\ZopFFOX.exe
  2⤵
  PID:12680
- C:\Windows\System\gInWKDl.exe
  C:\Windows\System\gInWKDl.exe
  2⤵
  PID:12708
- C:\Windows\System\bBwRNaF.exe
  C:\Windows\System\bBwRNaF.exe
  2⤵
  PID:12736
- C:\Windows\System\bxNubKz.exe
  C:\Windows\System\bxNubKz.exe
  2⤵
  PID:12772
- C:\Windows\System\rPkwMaA.exe
  C:\Windows\System\rPkwMaA.exe
  2⤵
  PID:12792
- C:\Windows\System\EaJejzQ.exe
  C:\Windows\System\EaJejzQ.exe
  2⤵
  PID:12820
- C:\Windows\System\eqNlLVB.exe
  C:\Windows\System\eqNlLVB.exe
  2⤵
  PID:12848
- C:\Windows\System\UZFoeoD.exe
  C:\Windows\System\UZFoeoD.exe
  2⤵
  PID:12876
- C:\Windows\System\thzySFn.exe
  C:\Windows\System\thzySFn.exe
  2⤵
  PID:12904
- C:\Windows\System\nOWVFeB.exe
  C:\Windows\System\nOWVFeB.exe
  2⤵
  PID:12936
- C:\Windows\System\hiIIJoQ.exe
  C:\Windows\System\hiIIJoQ.exe
  2⤵
  PID:12960
- C:\Windows\System\FKMPEFW.exe
  C:\Windows\System\FKMPEFW.exe
  2⤵
  PID:12988
- C:\Windows\System\BgHWlhk.exe
  C:\Windows\System\BgHWlhk.exe
  2⤵
  PID:13028
- C:\Windows\System\SJWkfLf.exe
  C:\Windows\System\SJWkfLf.exe
  2⤵
  PID:13044
- C:\Windows\System\ChcDHNz.exe
  C:\Windows\System\ChcDHNz.exe
  2⤵
  PID:13076
- C:\Windows\System\fvYoMyD.exe
  C:\Windows\System\fvYoMyD.exe
  2⤵
  PID:13104
- C:\Windows\System\LZcGOjW.exe
  C:\Windows\System\LZcGOjW.exe
  2⤵
  PID:13132
- C:\Windows\System\zRAFbXo.exe
  C:\Windows\System\zRAFbXo.exe
  2⤵
  PID:13160
- C:\Windows\System\TXtUjgr.exe
  C:\Windows\System\TXtUjgr.exe
  2⤵
  PID:13188
- C:\Windows\System\WSqdjLQ.exe
  C:\Windows\System\WSqdjLQ.exe
  2⤵
  PID:13216
- C:\Windows\System\TgwSiGs.exe
  C:\Windows\System\TgwSiGs.exe
  2⤵
  PID:13244
- C:\Windows\System\loBOfeF.exe
  C:\Windows\System\loBOfeF.exe
  2⤵
  PID:13272
- C:\Windows\System\TlqAPsq.exe
  C:\Windows\System\TlqAPsq.exe
  2⤵
  PID:13300
- C:\Windows\System\HOedBmB.exe
  C:\Windows\System\HOedBmB.exe
  2⤵
  PID:12332
- C:\Windows\System\DGWEUmJ.exe
  C:\Windows\System\DGWEUmJ.exe
  2⤵
  PID:12388
- C:\Windows\System\ydUktZT.exe
  C:\Windows\System\ydUktZT.exe
  2⤵
  PID:2424
- C:\Windows\System\AEwuJYa.exe
  C:\Windows\System\AEwuJYa.exe
  2⤵
  PID:12492
- C:\Windows\System\BcXSjCb.exe
  C:\Windows\System\BcXSjCb.exe
  2⤵
  PID:324
- C:\Windows\System\oFdIBRR.exe
  C:\Windows\System\oFdIBRR.exe
  2⤵
  PID:12592
- C:\Windows\System\sQTvBzE.exe
  C:\Windows\System\sQTvBzE.exe
  2⤵
  PID:12636
- C:\Windows\System\NwEadcJ.exe
  C:\Windows\System\NwEadcJ.exe
  2⤵
  PID:12700
- C:\Windows\System\DIardOV.exe
  C:\Windows\System\DIardOV.exe
  2⤵
  PID:12760
- C:\Windows\System\cMVwrWU.exe
  C:\Windows\System\cMVwrWU.exe
  2⤵
  PID:2772
- C:\Windows\System\ooIUOAo.exe
  C:\Windows\System\ooIUOAo.exe
  2⤵
  PID:12872
- C:\Windows\System\linfsRm.exe
  C:\Windows\System\linfsRm.exe
  2⤵
  PID:12928
- C:\Windows\System\XjtDWke.exe
  C:\Windows\System\XjtDWke.exe
  2⤵
  PID:13000
- C:\Windows\System\UyIxvnC.exe
  C:\Windows\System\UyIxvnC.exe
  2⤵
  PID:13012
- C:\Windows\System\SOGCGVc.exe
  C:\Windows\System\SOGCGVc.exe
  2⤵
  PID:13036
- C:\Windows\System\bOltZgV.exe
  C:\Windows\System\bOltZgV.exe
  2⤵
  PID:13088
- C:\Windows\System\GATdRjk.exe
  C:\Windows\System\GATdRjk.exe
  2⤵
  PID:5756
- C:\Windows\System\DrrURlu.exe
  C:\Windows\System\DrrURlu.exe
  2⤵
  PID:5656
- C:\Windows\System\jyqsIVE.exe
  C:\Windows\System\jyqsIVE.exe
  2⤵
  PID:13228
- C:\Windows\System\AQmNGEI.exe
  C:\Windows\System\AQmNGEI.exe
  2⤵
  PID:5392
- C:\Windows\System\farOVGG.exe
  C:\Windows\System\farOVGG.exe
  2⤵
  PID:5336
- C:\Windows\System\FBgZbuv.exe
  C:\Windows\System\FBgZbuv.exe
  2⤵
  PID:12420
- C:\Windows\System\qurXPUR.exe
  C:\Windows\System\qurXPUR.exe
  2⤵
  PID:12528
- C:\Windows\System\wgomFbb.exe
  C:\Windows\System\wgomFbb.exe
  2⤵
  PID:928
- C:\Windows\System\iOXDwAk.exe
  C:\Windows\System\iOXDwAk.exe
  2⤵
  PID:6264
- C:\Windows\System\dZjrGxK.exe
  C:\Windows\System\dZjrGxK.exe
  2⤵
  PID:12756
- C:\Windows\System\jPOsVvF.exe
  C:\Windows\System\jPOsVvF.exe
  2⤵
  PID:12812
- C:\Windows\System\lZAKIHz.exe
  C:\Windows\System\lZAKIHz.exe
  2⤵
  PID:12868
- C:\Windows\System\ARYJeNK.exe
  C:\Windows\System\ARYJeNK.exe
  2⤵
  PID:13008
- C:\Windows\System\fJcasIj.exe
  C:\Windows\System\fJcasIj.exe
  2⤵
  PID:7256
- C:\Windows\System\tDHzPQj.exe
  C:\Windows\System\tDHzPQj.exe
  2⤵
  PID:13128
- C:\Windows\System\jEnzvTQ.exe
  C:\Windows\System\jEnzvTQ.exe
  2⤵
  PID:7356
- C:\Windows\System\MeKSJtl.exe
  C:\Windows\System\MeKSJtl.exe
  2⤵
  PID:7072
- C:\Windows\System\eqKkDYJ.exe
  C:\Windows\System\eqKkDYJ.exe
  2⤵
  PID:12580
- C:\Windows\System\nGysJyB.exe
  C:\Windows\System\nGysJyB.exe
  2⤵
  PID:5272
- C:\Windows\System\ryoSeOf.exe
  C:\Windows\System\ryoSeOf.exe
  2⤵
  PID:12732
- C:\Windows\System\VFlTECp.exe
  C:\Windows\System\VFlTECp.exe
  2⤵
  PID:7976
- C:\Windows\System\PjRvBzN.exe
  C:\Windows\System\PjRvBzN.exe
  2⤵
  PID:8028
- C:\Windows\System\uMjgljf.exe
  C:\Windows\System\uMjgljf.exe
  2⤵
  PID:7540
- C:\Windows\System\ESPacrh.exe
  C:\Windows\System\ESPacrh.exe
  2⤵
  PID:8068
- C:\Windows\System\XcVCFgj.exe
  C:\Windows\System\XcVCFgj.exe
  2⤵
  PID:7624
- C:\Windows\System\AJwdQMS.exe
  C:\Windows\System\AJwdQMS.exe
  2⤵
  PID:7372
- C:\Windows\System\biNPjOm.exe
  C:\Windows\System\biNPjOm.exe
  2⤵
  PID:5268
- C:\Windows\System\TApDFyr.exe
  C:\Windows\System\TApDFyr.exe
  2⤵
  PID:7428
- C:\Windows\System\axCyOfY.exe
  C:\Windows\System\axCyOfY.exe
  2⤵
  PID:7300
- C:\Windows\System\WxvUysd.exe
  C:\Windows\System\WxvUysd.exe
  2⤵
  PID:12860
- C:\Windows\System\amYvHbk.exe
  C:\Windows\System\amYvHbk.exe
  2⤵
  PID:7236
- C:\Windows\System\rFsUUsJ.exe
  C:\Windows\System\rFsUUsJ.exe
  2⤵
  PID:7828
- C:\Windows\System\Xeemrth.exe
  C:\Windows\System\Xeemrth.exe
  2⤵
  PID:7796
- C:\Windows\System\OFqpqTG.exe
  C:\Windows\System\OFqpqTG.exe
  2⤵
  PID:7676
- C:\Windows\System\MfNIAkQ.exe
  C:\Windows\System\MfNIAkQ.exe
  2⤵
  PID:13100
- C:\Windows\System\gLOxnxa.exe
  C:\Windows\System\gLOxnxa.exe
  2⤵
  PID:2676
- C:\Windows\System\pEEYLSV.exe
  C:\Windows\System\pEEYLSV.exe
  2⤵
  PID:7384
- C:\Windows\System\FdSRDaX.exe
  C:\Windows\System\FdSRDaX.exe
  2⤵
  PID:7780
- C:\Windows\System\klXSPxl.exe
  C:\Windows\System\klXSPxl.exe
  2⤵
  PID:3184
- C:\Windows\System\NDUmKlh.exe
  C:\Windows\System\NDUmKlh.exe
  2⤵
  PID:1880
- C:\Windows\System\XBnHNTE.exe
  C:\Windows\System\XBnHNTE.exe
  2⤵
  PID:7176
- C:\Windows\System\dYqtfGO.exe
  C:\Windows\System\dYqtfGO.exe
  2⤵
  PID:7760
- C:\Windows\System\LgBbjvf.exe
  C:\Windows\System\LgBbjvf.exe
  2⤵
  PID:640
- C:\Windows\System\sKOAWeG.exe
  C:\Windows\System\sKOAWeG.exe
  2⤵
  PID:7856
- C:\Windows\System\NAMRQie.exe
  C:\Windows\System\NAMRQie.exe
  2⤵
  PID:7832
- C:\Windows\System\eBxyLEi.exe
  C:\Windows\System\eBxyLEi.exe
  2⤵
  PID:13072
- C:\Windows\System\xDsLzJL.exe
  C:\Windows\System\xDsLzJL.exe
  2⤵
  PID:8152
- C:\Windows\System\QkvnDej.exe
  C:\Windows\System\QkvnDej.exe
  2⤵
  PID:4772
- C:\Windows\System\wLIYwYa.exe
  C:\Windows\System\wLIYwYa.exe
  2⤵
  PID:1400
- C:\Windows\System\ONmoucY.exe
  C:\Windows\System\ONmoucY.exe
  2⤵
  PID:7524
- C:\Windows\System\seibHik.exe
  C:\Windows\System\seibHik.exe
  2⤵
  PID:7344
- C:\Windows\System\pwqzzIs.exe
  C:\Windows\System\pwqzzIs.exe
  2⤵
  PID:2232
- C:\Windows\System\JGaYMrK.exe
  C:\Windows\System\JGaYMrK.exe
  2⤵
  PID:13328
- C:\Windows\System\khBxNYF.exe
  C:\Windows\System\khBxNYF.exe
  2⤵
  PID:13356
- C:\Windows\System\nxSrczz.exe
  C:\Windows\System\nxSrczz.exe
  2⤵
  PID:13384
- C:\Windows\System\BJjzjIR.exe
  C:\Windows\System\BJjzjIR.exe
  2⤵
  PID:13420
- C:\Windows\System\DiXwdIn.exe
  C:\Windows\System\DiXwdIn.exe
  2⤵
  PID:13440
- C:\Windows\System\FtTaMIx.exe
  C:\Windows\System\FtTaMIx.exe
  2⤵
  PID:13468
- C:\Windows\System\UlOVdrP.exe
  C:\Windows\System\UlOVdrP.exe
  2⤵
  PID:13496
- C:\Windows\System\oCtIEks.exe
  C:\Windows\System\oCtIEks.exe
  2⤵
  PID:13524
- C:\Windows\System\XFzYTol.exe
  C:\Windows\System\XFzYTol.exe
  2⤵
  PID:13552
- C:\Windows\System\hZpIcXj.exe
  C:\Windows\System\hZpIcXj.exe
  2⤵
  PID:13580
- C:\Windows\System\ZpTRpFf.exe
  C:\Windows\System\ZpTRpFf.exe
  2⤵
  PID:13608
- C:\Windows\System\jyTCVoR.exe
  C:\Windows\System\jyTCVoR.exe
  2⤵
  PID:13636
- C:\Windows\System\xScLGHz.exe
  C:\Windows\System\xScLGHz.exe
  2⤵
  PID:13664
- C:\Windows\System\sLuTllH.exe
  C:\Windows\System\sLuTllH.exe
  2⤵
  PID:13696
- C:\Windows\System\DMUODnT.exe
  C:\Windows\System\DMUODnT.exe
  2⤵
  PID:13720
- C:\Windows\System\lAmIbMq.exe
  C:\Windows\System\lAmIbMq.exe
  2⤵
  PID:13748
- C:\Windows\System\pdqyvJE.exe
  C:\Windows\System\pdqyvJE.exe
  2⤵
  PID:13776
- C:\Windows\System\pRvAbps.exe
  C:\Windows\System\pRvAbps.exe
  2⤵
  PID:13804
- C:\Windows\System\YLXwfJo.exe
  C:\Windows\System\YLXwfJo.exe
  2⤵
  PID:13832
- C:\Windows\System\LgZjBGn.exe
  C:\Windows\System\LgZjBGn.exe
  2⤵
  PID:13860
- C:\Windows\System\DzwIAtg.exe
  C:\Windows\System\DzwIAtg.exe
  2⤵
  PID:13904
- C:\Windows\System\leGfuQR.exe
  C:\Windows\System\leGfuQR.exe
  2⤵
  PID:13920
- C:\Windows\System\oXAPPfN.exe
  C:\Windows\System\oXAPPfN.exe
  2⤵
  PID:13948
- C:\Windows\System\hyofPAn.exe
  C:\Windows\System\hyofPAn.exe
  2⤵
  PID:13976
- C:\Windows\System\fFLVRvG.exe
  C:\Windows\System\fFLVRvG.exe
  2⤵
  PID:14008
- C:\Windows\System\lTshTDq.exe
  C:\Windows\System\lTshTDq.exe
  2⤵
  PID:14032
- C:\Windows\System\mhQCrQQ.exe
  C:\Windows\System\mhQCrQQ.exe
  2⤵
  PID:14060
- C:\Windows\System\nbLUbjh.exe
  C:\Windows\System\nbLUbjh.exe
  2⤵
  PID:14088
- C:\Windows\System\NgwBcxY.exe
  C:\Windows\System\NgwBcxY.exe
  2⤵
  PID:14120
- C:\Windows\System\NWiHRMh.exe
  C:\Windows\System\NWiHRMh.exe
  2⤵
  PID:14144
- C:\Windows\System\wrriysG.exe
  C:\Windows\System\wrriysG.exe
  2⤵
  PID:14172
- C:\Windows\System\JVEcaWo.exe
  C:\Windows\System\JVEcaWo.exe
  2⤵
  PID:14200
- C:\Windows\System\HfarNpF.exe
  C:\Windows\System\HfarNpF.exe
  2⤵
  PID:14228
- C:\Windows\System\vBWKWez.exe
  C:\Windows\System\vBWKWez.exe
  2⤵
  PID:14256
- C:\Windows\System\UXaQhtA.exe
  C:\Windows\System\UXaQhtA.exe
  2⤵
  PID:14284
- C:\Windows\System\JWTHziQ.exe
  C:\Windows\System\JWTHziQ.exe
  2⤵
  PID:14312
- C:\Windows\System\EhgxzCU.exe
  C:\Windows\System\EhgxzCU.exe
  2⤵
  PID:13320
- C:\Windows\System\eCIyQbD.exe
  C:\Windows\System\eCIyQbD.exe
  2⤵
  PID:13368
- C:\Windows\System\zdtGzpb.exe
  C:\Windows\System\zdtGzpb.exe
  2⤵
  PID:13432
- C:\Windows\System\eJrEGWS.exe
  C:\Windows\System\eJrEGWS.exe
  2⤵
  PID:7068
- C:\Windows\System\OBkcEyG.exe
  C:\Windows\System\OBkcEyG.exe
  2⤵
  PID:7744
- C:\Windows\System\WQzxeNP.exe
  C:\Windows\System\WQzxeNP.exe
  2⤵
  PID:3604
- C:\Windows\System\XFTflwV.exe
  C:\Windows\System\XFTflwV.exe
  2⤵
  PID:13604
- C:\Windows\System\tVEIMSx.exe
  C:\Windows\System\tVEIMSx.exe
  2⤵
  PID:8052
- C:\Windows\System\FNDYewZ.exe
  C:\Windows\System\FNDYewZ.exe
  2⤵
  PID:13684
- C:\Windows\System\yHQbndQ.exe
  C:\Windows\System\yHQbndQ.exe
  2⤵
  PID:7972
- C:\Windows\System\qlzlOfY.exe
  C:\Windows\System\qlzlOfY.exe
  2⤵
  PID:13768
- C:\Windows\System\OLUtWyf.exe
  C:\Windows\System\OLUtWyf.exe
  2⤵
  PID:13816
- C:\Windows\System\JoewwvH.exe
  C:\Windows\System\JoewwvH.exe
  2⤵
  PID:8240
- C:\Windows\System\CEDkJNy.exe
  C:\Windows\System\CEDkJNy.exe
  2⤵
  PID:13880
- C:\Windows\System\lozaILV.exe
  C:\Windows\System\lozaILV.exe
  2⤵
  PID:13932
- C:\Windows\System\xFpXfrr.exe
  C:\Windows\System\xFpXfrr.exe
  2⤵
  PID:13972
- C:\Windows\System\iRHeEAE.exe
  C:\Windows\System\iRHeEAE.exe
  2⤵
  PID:14024
- C:\Windows\System\PtzbdWv.exe
  C:\Windows\System\PtzbdWv.exe
  2⤵
  PID:14072
- C:\Windows\System\cihPjqR.exe
  C:\Windows\System\cihPjqR.exe
  2⤵
  PID:14128
- C:\Windows\System\wdjZuEP.exe
  C:\Windows\System\wdjZuEP.exe
  2⤵
  PID:14156
- C:\Windows\System\ZmtqgEv.exe
  C:\Windows\System\ZmtqgEv.exe
  2⤵
  PID:14192
- C:\Windows\System\yrYHeZp.exe
  C:\Windows\System\yrYHeZp.exe
  2⤵
  PID:14240
- C:\Windows\System\rEnANZX.exe
  C:\Windows\System\rEnANZX.exe
  2⤵
  PID:14280
- C:\Windows\System\Dvzresk.exe
  C:\Windows\System\Dvzresk.exe
  2⤵
  PID:5056
- C:\Windows\System\BSWPrfy.exe
  C:\Windows\System\BSWPrfy.exe
  2⤵
  PID:8780
- C:\Windows\System\FaFjQXd.exe
  C:\Windows\System\FaFjQXd.exe
  2⤵
  PID:8804
- C:\Windows\System\bvGgAGh.exe
  C:\Windows\System\bvGgAGh.exe
  2⤵
  PID:7424
- C:\Windows\System\RiAnTNH.exe
  C:\Windows\System\RiAnTNH.exe
  2⤵
  PID:8904
- C:\Windows\System\CgXklrq.exe
  C:\Windows\System\CgXklrq.exe
  2⤵
  PID:8940
- C:\Windows\System\ESQwYWQ.exe
  C:\Windows\System\ESQwYWQ.exe
  2⤵
  PID:3140
- C:\Windows\System\VJpfooh.exe
  C:\Windows\System\VJpfooh.exe
  2⤵
  PID:3912
- C:\Windows\System\uMIWoGx.exe
  C:\Windows\System\uMIWoGx.exe
  2⤵
  PID:13872
- C:\Windows\System\yvxhaCz.exe
  C:\Windows\System\yvxhaCz.exe
  2⤵
  PID:8404
- C:\Windows\System\sEEUvrR.exe
  C:\Windows\System\sEEUvrR.exe
  2⤵
  PID:14056
- C:\Windows\System\UivZyoF.exe
  C:\Windows\System\UivZyoF.exe
  2⤵
  PID:8560
- C:\Windows\System\ToDRxWE.exe
  C:\Windows\System\ToDRxWE.exe
  2⤵
  PID:8604
- C:\Windows\System\QnWbGCN.exe
  C:\Windows\System\QnWbGCN.exe
  2⤵
  PID:14276
- C:\Windows\System\QwxcExx.exe
  C:\Windows\System\QwxcExx.exe
  2⤵
  PID:13396
- C:\Windows\System\QcMbmGc.exe
  C:\Windows\System\QcMbmGc.exe
  2⤵
  PID:13676
- C:\Windows\System\vavBdXp.exe
  C:\Windows\System\vavBdXp.exe
  2⤵
  PID:8976
- C:\Windows\System\PnesFMc.exe
  C:\Windows\System\PnesFMc.exe
  2⤵
  PID:8476
- C:\Windows\System\wWNJzSB.exe
  C:\Windows\System\wWNJzSB.exe
  2⤵
  PID:8668
- C:\Windows\System\EGNdgof.exe
  C:\Windows\System\EGNdgof.exe
  2⤵
  PID:14108
- C:\Windows\System\wjqicCu.exe
  C:\Windows\System\wjqicCu.exe
  2⤵
  PID:14220
- C:\Windows\System\tQXsYvm.exe
  C:\Windows\System\tQXsYvm.exe
  2⤵
  PID:8808
- C:\Windows\System\rqtZxId.exe
  C:\Windows\System\rqtZxId.exe
  2⤵
  PID:13564
- C:\Windows\System\YPTJpFd.exe
  C:\Windows\System\YPTJpFd.exe
  2⤵
  PID:13656
- C:\Windows\System\kVkEcvs.exe
  C:\Windows\System\kVkEcvs.exe
  2⤵
  PID:1396
- C:\Windows\System\wSWBdPT.exe
  C:\Windows\System\wSWBdPT.exe
  2⤵
  PID:9136
- C:\Windows\System\sXaruYx.exe
  C:\Windows\System\sXaruYx.exe
  2⤵
  PID:8332
- C:\Windows\System\tkYQkNe.exe
  C:\Windows\System\tkYQkNe.exe
  2⤵
  PID:14324
- C:\Windows\System\JGNfwkx.exe
  C:\Windows\System\JGNfwkx.exe
  2⤵
  PID:8948
- C:\Windows\System\HacriNW.exe
  C:\Windows\System\HacriNW.exe
  2⤵
  PID:8316
- C:\Windows\System\vNqxqto.exe
  C:\Windows\System\vNqxqto.exe
  2⤵
  PID:9140
- C:\Windows\System\autsjAk.exe
  C:\Windows\System\autsjAk.exe
  2⤵
  PID:8944
- C:\Windows\System\sWakytC.exe
  C:\Windows\System\sWakytC.exe
  2⤵
  PID:8732
- C:\Windows\System\poCPgik.exe
  C:\Windows\System\poCPgik.exe
  2⤵
  PID:8828
- C:\Windows\System\EdVeYVD.exe
  C:\Windows\System\EdVeYVD.exe
  2⤵
  PID:8708
- C:\Windows\System\VtzGXBb.exe
  C:\Windows\System\VtzGXBb.exe
  2⤵
  PID:9180
- C:\Windows\System\fugKoTO.exe
  C:\Windows\System\fugKoTO.exe
  2⤵
  PID:8440
- C:\Windows\System\npqyZeU.exe
  C:\Windows\System\npqyZeU.exe
  2⤵
  PID:9232
- C:\Windows\System\gMiiKvI.exe
  C:\Windows\System\gMiiKvI.exe
  2⤵
  PID:14356
- C:\Windows\System\FoqgKgL.exe
  C:\Windows\System\FoqgKgL.exe
  2⤵
  PID:14384
- C:\Windows\System\evqeOse.exe
  C:\Windows\System\evqeOse.exe
  2⤵
  PID:14412
- C:\Windows\System\xRkUvZf.exe
  C:\Windows\System\xRkUvZf.exe
  2⤵
  PID:14440
- C:\Windows\System\XZTdJGa.exe
  C:\Windows\System\XZTdJGa.exe
  2⤵
  PID:14468
- C:\Windows\System\zESiGxT.exe
  C:\Windows\System\zESiGxT.exe
  2⤵
  PID:14496
- C:\Windows\System\EkRhkDX.exe
  C:\Windows\System\EkRhkDX.exe
  2⤵
  PID:14524
- C:\Windows\System\kaxXtAc.exe
  C:\Windows\System\kaxXtAc.exe
  2⤵
  PID:14552
- C:\Windows\System\DLiUSBx.exe
  C:\Windows\System\DLiUSBx.exe
  2⤵
  PID:14580
- C:\Windows\System\HSSkQxt.exe
  C:\Windows\System\HSSkQxt.exe
  2⤵
  PID:14608
- C:\Windows\System\lWjuoSx.exe
  C:\Windows\System\lWjuoSx.exe
  2⤵
  PID:14636
- C:\Windows\System\OQUxxrj.exe
  C:\Windows\System\OQUxxrj.exe
  2⤵
  PID:14664
- C:\Windows\System\NPzpGkP.exe
  C:\Windows\System\NPzpGkP.exe
  2⤵
  PID:14692
- C:\Windows\System\KEjXTKR.exe
  C:\Windows\System\KEjXTKR.exe
  2⤵
  PID:14720
- C:\Windows\System\ghOByIK.exe
  C:\Windows\System\ghOByIK.exe
  2⤵
  PID:14748
- C:\Windows\System\DTWRhCe.exe
  C:\Windows\System\DTWRhCe.exe
  2⤵
  PID:14776
- C:\Windows\System\JfeGJWi.exe
  C:\Windows\System\JfeGJWi.exe
  2⤵
  PID:14804
- C:\Windows\System\hlrLKeQ.exe
  C:\Windows\System\hlrLKeQ.exe
  2⤵
  PID:14832
- C:\Windows\System\XIVOQIB.exe
  C:\Windows\System\XIVOQIB.exe
  2⤵
  PID:14860
- C:\Windows\System\FTKoIid.exe
  C:\Windows\System\FTKoIid.exe
  2⤵
  PID:14888
- C:\Windows\System\gEdYpuT.exe
  C:\Windows\System\gEdYpuT.exe
  2⤵
  PID:14920
- C:\Windows\System\mSedpTg.exe
  C:\Windows\System\mSedpTg.exe
  2⤵
  PID:14948
- C:\Windows\System\HWkkrEi.exe
  C:\Windows\System\HWkkrEi.exe
  2⤵
  PID:14976
- C:\Windows\System\elXdTBR.exe
  C:\Windows\System\elXdTBR.exe
  2⤵
  PID:15004
- C:\Windows\System\IyJPgwc.exe
  C:\Windows\System\IyJPgwc.exe
  2⤵
  PID:15032
- C:\Windows\System\BVKYkde.exe
  C:\Windows\System\BVKYkde.exe
  2⤵
  PID:15060
- C:\Windows\System\qykVJjO.exe
  C:\Windows\System\qykVJjO.exe
  2⤵
  PID:15088
- C:\Windows\System\JftJYCo.exe
  C:\Windows\System\JftJYCo.exe
  2⤵
  PID:15116
- C:\Windows\System\kSRCYWY.exe
  C:\Windows\System\kSRCYWY.exe
  2⤵
  PID:15144
- C:\Windows\System\fFJDjgK.exe
  C:\Windows\System\fFJDjgK.exe
  2⤵
  PID:15172
- C:\Windows\System\QvOrfSo.exe
  C:\Windows\System\QvOrfSo.exe
  2⤵
  PID:15200
- C:\Windows\System\QzpBgqh.exe
  C:\Windows\System\QzpBgqh.exe
  2⤵
  PID:15228
- C:\Windows\System\CHEhqWH.exe
  C:\Windows\System\CHEhqWH.exe
  2⤵
  PID:15256
- C:\Windows\System\KMBSuFB.exe
  C:\Windows\System\KMBSuFB.exe
  2⤵
  PID:15284
- C:\Windows\System\ZXIOhIC.exe
  C:\Windows\System\ZXIOhIC.exe
  2⤵
  PID:15312
- C:\Windows\System\YaydkRN.exe
  C:\Windows\System\YaydkRN.exe
  2⤵
  PID:15340
- C:\Windows\System\nXCiKrg.exe
  C:\Windows\System\nXCiKrg.exe
  2⤵
  PID:14352
- C:\Windows\System\FrKmmAQ.exe
  C:\Windows\System\FrKmmAQ.exe
  2⤵
  PID:14380
- C:\Windows\System\NVlGQib.exe
  C:\Windows\System\NVlGQib.exe
  2⤵
  PID:14452
- C:\Windows\System\uTQzdjd.exe
  C:\Windows\System\uTQzdjd.exe
  2⤵
  PID:9344
- C:\Windows\System\jvKmDyO.exe
  C:\Windows\System\jvKmDyO.exe
  2⤵
  PID:14544
- C:\Windows\System\JstFLwq.exe
  C:\Windows\System\JstFLwq.exe
  2⤵
  PID:14604
- C:\Windows\System\JHJegUF.exe
  C:\Windows\System\JHJegUF.exe
  2⤵
  PID:14656
- C:\Windows\System\jjXmFpM.exe
  C:\Windows\System\jjXmFpM.exe
  2⤵
  PID:14684
- C:\Windows\System\uQcPSja.exe
  C:\Windows\System\uQcPSja.exe
  2⤵
  PID:14740
- C:\Windows\System\aREeRoI.exe
  C:\Windows\System\aREeRoI.exe
  2⤵
  PID:9556
- C:\Windows\System\PYSALAg.exe
  C:\Windows\System\PYSALAg.exe
  2⤵
  PID:9608
- C:\Windows\System\hdKQoHd.exe
  C:\Windows\System\hdKQoHd.exe
  2⤵
  PID:14872
- C:\Windows\System\GviDLFv.exe
  C:\Windows\System\GviDLFv.exe
  2⤵
  PID:9668
- C:\Windows\System\opzNrjR.exe
  C:\Windows\System\opzNrjR.exe
  2⤵
  PID:9696
- C:\Windows\System\SSFESrc.exe
  C:\Windows\System\SSFESrc.exe
  2⤵
  PID:14996
- C:\Windows\System\IQExUBQ.exe
  C:\Windows\System\IQExUBQ.exe
  2⤵
  PID:9788
- C:\Windows\System\TRJLctM.exe
  C:\Windows\System\TRJLctM.exe
  2⤵
  PID:9808
- C:\Windows\System\gCaWJuj.exe
  C:\Windows\System\gCaWJuj.exe
  2⤵
  PID:15112
- C:\Windows\System\EtiKOyJ.exe
  C:\Windows\System\EtiKOyJ.exe
  2⤵
  PID:15168
- C:\Windows\System\kjEDvxe.exe
  C:\Windows\System\kjEDvxe.exe
  2⤵
  PID:15224
- C:\Windows\System\vMmAAef.exe
  C:\Windows\System\vMmAAef.exe
  2⤵
  PID:9984
- C:\Windows\System\VFqONQJ.exe
  C:\Windows\System\VFqONQJ.exe
  2⤵
  PID:10016
- C:\Windows\System\OSuJbSr.exe
  C:\Windows\System\OSuJbSr.exe
  2⤵
  PID:15324
- C:\Windows\System\VHZdOzf.exe
  C:\Windows\System\VHZdOzf.exe
  2⤵
  PID:10076
- C:\Windows\System\RSlhwub.exe
  C:\Windows\System\RSlhwub.exe
  2⤵
  PID:10132
- C:\Windows\System\vrUnixp.exe
  C:\Windows\System\vrUnixp.exe
  2⤵
  PID:10168
- C:\Windows\System\EbtUfEX.exe
  C:\Windows\System\EbtUfEX.exe
  2⤵
  PID:14508
- C:\Windows\System\sxYuwus.exe
  C:\Windows\System\sxYuwus.exe
  2⤵
  PID:14600
- C:\Windows\System\TQTfWrO.exe
  C:\Windows\System\TQTfWrO.exe
  2⤵
  PID:9456
- C:\Windows\System\GIxncPM.exe
  C:\Windows\System\GIxncPM.exe
  2⤵
  PID:9348
- C:\Windows\System\OgWzghV.exe
  C:\Windows\System\OgWzghV.exe
  2⤵
  PID:9592
- C:\Windows\System\ksUGogR.exe
  C:\Windows\System\ksUGogR.exe
  2⤵
  PID:9552
- C:\Windows\System\LaPZvOL.exe
  C:\Windows\System\LaPZvOL.exe
  2⤵
  PID:14932
- C:\Windows\System\lgqoUBQ.exe
  C:\Windows\System\lgqoUBQ.exe
  2⤵
  PID:14988
- C:\Windows\System\SaXhilD.exe
  C:\Windows\System\SaXhilD.exe
  2⤵
  PID:15100
- C:\Windows\System\LQUVuJS.exe
  C:\Windows\System\LQUVuJS.exe
  2⤵
  PID:15164
- C:\Windows\System\BvGphTq.exe
  C:\Windows\System\BvGphTq.exe
  2⤵
  PID:9872
- C:\Windows\System\eCBLonv.exe
  C:\Windows\System\eCBLonv.exe
  2⤵
  PID:4940
- C:\Windows\System\ZzYxiRB.exe
  C:\Windows\System\ZzYxiRB.exe
  2⤵
  PID:15304
- C:\Windows\System\eAuyqTn.exe
  C:\Windows\System\eAuyqTn.exe
  2⤵
  PID:10176
- C:\Windows\System\UeWfhgN.exe
  C:\Windows\System\UeWfhgN.exe
  2⤵
  PID:9388
- C:\Windows\System\LXJbDvx.exe
  C:\Windows\System\LXJbDvx.exe
  2⤵
  PID:9784
- C:\Windows\System\celpnWP.exe
  C:\Windows\System\celpnWP.exe
  2⤵
  PID:10180
- C:\Windows\System\aIEDdHk.exe
  C:\Windows\System\aIEDdHk.exe
  2⤵
  PID:14592
- C:\Windows\System\kbXRUjh.exe
  C:\Windows\System\kbXRUjh.exe
  2⤵
  PID:9360
- C:\Windows\System\FwYDZWk.exe
  C:\Windows\System\FwYDZWk.exe
  2⤵
  PID:5384
- C:\Windows\System\dnHanPw.exe
  C:\Windows\System\dnHanPw.exe
  2⤵
  PID:9604
- C:\Windows\System\KACbRFN.exe
  C:\Windows\System\KACbRFN.exe
  2⤵
  PID:9816
- C:\Windows\System\guHeNLI.exe
  C:\Windows\System\guHeNLI.exe
  2⤵
  PID:10064
- C:\Windows\System\ViNkLAT.exe
  C:\Windows\System\ViNkLAT.exe
  2⤵
  PID:4828
- C:\Windows\System\ymZMxHb.exe
  C:\Windows\System\ymZMxHb.exe
  2⤵
  PID:10104
- C:\Windows\System\XRHNxgD.exe
  C:\Windows\System\XRHNxgD.exe
  2⤵
  PID:14460
- C:\Windows\System\mFsoiyG.exe
  C:\Windows\System\mFsoiyG.exe
  2⤵
  PID:10136
- C:\Windows\System\aXlwdum.exe
  C:\Windows\System\aXlwdum.exe
  2⤵
  PID:14828
- C:\Windows\System\bHQdGaD.exe
  C:\Windows\System\bHQdGaD.exe
  2⤵
  PID:15028
- C:\Windows\System\UGtLscq.exe
  C:\Windows\System\UGtLscq.exe
  2⤵
  PID:7592
- C:\Windows\System\pMcVrFC.exe
  C:\Windows\System\pMcVrFC.exe
  2⤵
  PID:9564
- C:\Windows\System\FcjjvjQ.exe
  C:\Windows\System\FcjjvjQ.exe
  2⤵
  PID:15156
- C:\Windows\System\kFflyXL.exe
  C:\Windows\System\kFflyXL.exe
  2⤵
  PID:14816
- C:\Windows\System\ysnOfqn.exe
  C:\Windows\System\ysnOfqn.exe
  2⤵
  PID:1468
- C:\Windows\System\paMZHfB.exe
  C:\Windows\System\paMZHfB.exe
  2⤵
  PID:9288
- C:\Windows\System\ksOhCVs.exe
  C:\Windows\System\ksOhCVs.exe
  2⤵
  PID:10712
- C:\Windows\System\eEuzpKL.exe
  C:\Windows\System\eEuzpKL.exe
  2⤵
  PID:10828
- C:\Windows\System\kghsWkZ.exe
  C:\Windows\System\kghsWkZ.exe
  2⤵
  PID:15368
- C:\Windows\System\jcFyqrh.exe
  C:\Windows\System\jcFyqrh.exe
  2⤵
  PID:15396
- C:\Windows\System\EljgzRx.exe
  C:\Windows\System\EljgzRx.exe
  2⤵
  PID:15424
- C:\Windows\System\NltNoKY.exe
  C:\Windows\System\NltNoKY.exe
  2⤵
  PID:15452
- C:\Windows\System\CEqlfDM.exe
  C:\Windows\System\CEqlfDM.exe
  2⤵
  PID:15480
- C:\Windows\System\HZQCMSc.exe
  C:\Windows\System\HZQCMSc.exe
  2⤵
  PID:15508
- C:\Windows\System\mOIDAUE.exe
  C:\Windows\System\mOIDAUE.exe
  2⤵
  PID:15544
- C:\Windows\System\DKABflS.exe
  C:\Windows\System\DKABflS.exe
  2⤵
  PID:15564
- C:\Windows\System\RYYZrOl.exe
  C:\Windows\System\RYYZrOl.exe
  2⤵
  PID:15592
- C:\Windows\System\bJCJLAm.exe
  C:\Windows\System\bJCJLAm.exe
  2⤵
  PID:15620
- C:\Windows\System\sHBCYKB.exe
  C:\Windows\System\sHBCYKB.exe
  2⤵
  PID:15648
- C:\Windows\System\foLmgVc.exe
  C:\Windows\System\foLmgVc.exe
  2⤵
  PID:15676
- C:\Windows\System\RSDJoIf.exe
  C:\Windows\System\RSDJoIf.exe
  2⤵
  PID:15704
- C:\Windows\System\DFhkSvm.exe
  C:\Windows\System\DFhkSvm.exe
  2⤵
  PID:15736
- C:\Windows\System\cfIrNFi.exe
  C:\Windows\System\cfIrNFi.exe
  2⤵
  PID:15768
- C:\Windows\System\objEYWg.exe
  C:\Windows\System\objEYWg.exe
  2⤵
  PID:15792
- C:\Windows\System\lnprUid.exe
  C:\Windows\System\lnprUid.exe
  2⤵
  PID:15820
- C:\Windows\System\PpPqdra.exe
  C:\Windows\System\PpPqdra.exe
  2⤵
  PID:15860
- C:\Windows\System\ABpCYqF.exe
  C:\Windows\System\ABpCYqF.exe
  2⤵
  PID:15888
- C:\Windows\System\pgAQuZc.exe
  C:\Windows\System\pgAQuZc.exe
  2⤵
  PID:15916
- C:\Windows\System\GYDCFFX.exe
  C:\Windows\System\GYDCFFX.exe
  2⤵
  PID:15944
- C:\Windows\System\OnhNvbn.exe
  C:\Windows\System\OnhNvbn.exe
  2⤵
  PID:15972
- C:\Windows\System\SKJeBEP.exe
  C:\Windows\System\SKJeBEP.exe
  2⤵
  PID:16000
- C:\Windows\System\zJLQmMY.exe
  C:\Windows\System\zJLQmMY.exe
  2⤵
  PID:16028
- C:\Windows\System\nOnIuam.exe
  C:\Windows\System\nOnIuam.exe
  2⤵
  PID:16056
- C:\Windows\System\YQcjxrh.exe
  C:\Windows\System\YQcjxrh.exe
  2⤵
  PID:16084
- C:\Windows\System\eThFHPp.exe
  C:\Windows\System\eThFHPp.exe
  2⤵
  PID:16112
- C:\Windows\System\eWRnRsM.exe
  C:\Windows\System\eWRnRsM.exe
  2⤵
  PID:16140
- C:\Windows\System\gElfeYY.exe
  C:\Windows\System\gElfeYY.exe
  2⤵
  PID:16168
- C:\Windows\System\ldlzJlv.exe
  C:\Windows\System\ldlzJlv.exe
  2⤵
  PID:16196
- C:\Windows\System\DckOQqp.exe
  C:\Windows\System\DckOQqp.exe
  2⤵
  PID:16224
- C:\Windows\System\urgDLXN.exe
  C:\Windows\System\urgDLXN.exe
  2⤵
  PID:16252
- C:\Windows\System\FktUaAF.exe
  C:\Windows\System\FktUaAF.exe
  2⤵
  PID:16296
- C:\Windows\System\dnNMibt.exe
  C:\Windows\System\dnNMibt.exe
  2⤵
  PID:16316
- C:\Windows\System\wJfsWeu.exe
  C:\Windows\System\wJfsWeu.exe
  2⤵
  PID:16344
- C:\Windows\System\exBjALL.exe
  C:\Windows\System\exBjALL.exe
  2⤵
  PID:16372
- C:\Windows\System\VXnlvCN.exe
  C:\Windows\System\VXnlvCN.exe
  2⤵
  PID:15392
- C:\Windows\System\rDQTuTL.exe
  C:\Windows\System\rDQTuTL.exe
  2⤵
  PID:15464
- C:\Windows\System\tyGLucX.exe
  C:\Windows\System\tyGLucX.exe
  2⤵
  PID:15728
- C:\Windows\System\efHlFFI.exe
  C:\Windows\System\efHlFFI.exe
  2⤵
  PID:15760
- C:\Windows\System\DIYuAFM.exe
  C:\Windows\System\DIYuAFM.exe
  2⤵
  PID:11148
- C:\Windows\System\zGlWcYp.exe
  C:\Windows\System\zGlWcYp.exe
  2⤵
  PID:15840
- C:\Windows\System\cbqYmrC.exe
  C:\Windows\System\cbqYmrC.exe
  2⤵
  PID:7952
- C:\Windows\System\EOiUhuG.exe
  C:\Windows\System\EOiUhuG.exe
  2⤵
  PID:15900
- C:\Windows\System\PIgONvy.exe
  C:\Windows\System\PIgONvy.exe
  2⤵
  PID:15964
- C:\Windows\System\WhxmbMs.exe
  C:\Windows\System\WhxmbMs.exe
  2⤵
  PID:16020
- C:\Windows\System\QJhISey.exe
  C:\Windows\System\QJhISey.exe
  2⤵
  PID:16080
- C:\Windows\System\fhdMcqf.exe
  C:\Windows\System\fhdMcqf.exe
  2⤵
  PID:16152
- C:\Windows\System\awJszsP.exe
  C:\Windows\System\awJszsP.exe
  2⤵
  PID:15724
- C:\Windows\System\zukyDpx.exe
  C:\Windows\System\zukyDpx.exe
  2⤵
  PID:8340
- C:\Windows\System\IFcOeCi.exe
  C:\Windows\System\IFcOeCi.exe
  2⤵
  PID:16336
- C:\Windows\System\GqCrgCR.exe
  C:\Windows\System\GqCrgCR.exe
  2⤵
  PID:15388
- C:\Windows\System\ofOYyHJ.exe
  C:\Windows\System\ofOYyHJ.exe
  2⤵
  PID:15716
- C:\Windows\System\fgZwkyn.exe
  C:\Windows\System\fgZwkyn.exe
  2⤵
  PID:7548
- C:\Windows\System\bVZdhsS.exe
  C:\Windows\System\bVZdhsS.exe
  2⤵
  PID:15940
- C:\Windows\System\zmkwOpm.exe
  C:\Windows\System\zmkwOpm.exe
  2⤵
  PID:16076
- C:\Windows\System\oVNYium.exe
  C:\Windows\System\oVNYium.exe
  2⤵
  PID:16312
- C:\Windows\System\RilDDSY.exe
  C:\Windows\System\RilDDSY.exe
  2⤵
  PID:15556
- C:\Windows\System\CmHMjcZ.exe
  C:\Windows\System\CmHMjcZ.exe
  2⤵
  PID:7408
- C:\Windows\System\slwiWvK.exe
  C:\Windows\System\slwiWvK.exe
  2⤵
  PID:15640
- C:\Windows\System\FIIwJVj.exe
  C:\Windows\System\FIIwJVj.exe
  2⤵
  PID:15644
- C:\Windows\System\hHbNxek.exe
  C:\Windows\System\hHbNxek.exe
  2⤵
  PID:15832
- C:\Windows\System\xzdaQOO.exe
  C:\Windows\System\xzdaQOO.exe
  2⤵
  PID:9124
- C:\Windows\System\QwJXPtR.exe
  C:\Windows\System\QwJXPtR.exe
  2⤵
  PID:16048
- C:\Windows\System\iSMEiaL.exe
  C:\Windows\System\iSMEiaL.exe
  2⤵
  PID:9212
- C:\Windows\System\JFmlCpl.exe
  C:\Windows\System\JFmlCpl.exe
  2⤵
  PID:15436
- C:\Windows\System\PGLrBNK.exe
  C:\Windows\System\PGLrBNK.exe
  2⤵
  PID:15552
- C:\Windows\System\iHpMGbN.exe
  C:\Windows\System\iHpMGbN.exe
  2⤵
  PID:15632
- C:\Windows\System\bchfJaI.exe
  C:\Windows\System\bchfJaI.exe
  2⤵
  PID:15816
- C:\Windows\System\BPyIJkW.exe
  C:\Windows\System\BPyIJkW.exe
  2⤵
  PID:15804
- C:\Windows\System\qPaBPfw.exe
  C:\Windows\System\qPaBPfw.exe
  2⤵
  PID:16192
- C:\Windows\System\FOpUXFP.exe
  C:\Windows\System\FOpUXFP.exe
  2⤵
  PID:8208
- C:\Windows\System\ErHQmYg.exe
  C:\Windows\System\ErHQmYg.exe
  2⤵
  PID:8364
- C:\Windows\System\XeLgzHK.exe
  C:\Windows\System\XeLgzHK.exe
  2⤵
  PID:15848
- C:\Windows\System\ozxBsJu.exe
  C:\Windows\System\ozxBsJu.exe
  2⤵
  PID:4124
- C:\Windows\System\xYdiPZL.exe
  C:\Windows\System\xYdiPZL.exe
  2⤵
  PID:15748
- C:\Windows\System\mkdjpII.exe
  C:\Windows\System\mkdjpII.exe
  2⤵
  PID:16304
- C:\Windows\System\fHiRplE.exe
  C:\Windows\System\fHiRplE.exe
  2⤵
  PID:7840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\EPWilsi.exe

Filesize
6.0MB

MD5
a74662a581e780adb2191b64aee22619

SHA1
08de83cfc2ab90d27afbaf1163c454e9a5133c45

SHA256
94927776de0825d7b8f3f023e5067c55b88424274745980a340ad5d66648682e

SHA512
b6c1c4a3a0b740b618708d1ced83017a9b31673ca8d0ac4d4df51f0ce90308aa87a7520c1b42d2a336e3ff735162fafaf808bf78afbc039e10f4b0e70e3971dc

Download Submit
C:\Windows\System\HAYPQNG.exe

Filesize
6.0MB

MD5
286cae08d53697a520cd81ae6680a140

SHA1
0be331fbfd02d41dc0979959a6ab32940f3f7026

SHA256
41f0e84221541f3636f283faee197b8ddd5c8b8cae5c8188e3dec45680f527cb

SHA512
3e0a4a71caea06c1755f97e93b893caf23f8373f7059d0a65a9e433739b99e77bfaba5d71d4e7b90ccc355e19c93fc9c44a8c2e5b31c78894353d93f0a47f2f1

Download Submit
C:\Windows\System\HjMAXDh.exe

Filesize
6.0MB

MD5
496d9a48fb4f28e16b082778af8d7f4f

SHA1
9520373b34699d438186b4fe563a400d1bcbab91

SHA256
dd53d1b92615115e7bc27a1d90fb94b44ffa9593293057c48d677730121f8854

SHA512
67f59236e9e8aa3391c8d5ebb2aaee146dba34d30ceebd712c51706a523fcf633f6c7376983138dc83139501e00525efb2233dd380069b9ab86bd9f9f086763a

Download Submit
C:\Windows\System\IIdiuqa.exe

Filesize
6.0MB

MD5
3d80012f8cdc315f5a66df1c09b3bb1d

SHA1
fa9aa3fb49a4e42a4382c565a35a336ded3ec4c4

SHA256
ea1be6252ffb3d1c0d6f0a560c483641f4cb61a0f5a578ddddd6d1cd13a6cacd

SHA512
b3ae39c4fcd32727f05296cac5eb2830f2551713250e8260a277fc96e2ad534de325011bafd48735360864f0fac21101244d1f588f6c6d636048b5b4735de0c8

Download Submit
C:\Windows\System\KXLQitu.exe

Filesize
6.0MB

MD5
459e1a7524475702dbfa2ebf4637b6c2

SHA1
41ae176f25b40011063dcaa4e5d45ffc71306a72

SHA256
c3d96484cc7e93e9ebbef87792edb92b8487816664b573a48e866d9bd200123c

SHA512
ee1e923f73ac89456af72e0aa109bb63ac8250efc5e7fdcb77d5ccb0b570f638f3dd4f15e816a92760c39b9fface8167e524aa1d7205e1878a8fc12000b9610b

Download Submit
C:\Windows\System\LdUuJmK.exe

Filesize
6.0MB

MD5
3ee2a527ec00ea0b186af9d7c3368763

SHA1
a55d62e4f96d68cfd4b88bba3e0140f761078bcc

SHA256
4b9260ef71e1a1eca7d8495a52547494914165ccbc7081b17e0c32b1dbbacd22

SHA512
97389d2334409d13969774ecab58e738f87c39d6dc7939da031cffcb28947382971785b6c0014d7a5321b11dfeab6a96b3f63b9bdc999d3a63f15f16c371537c

Download Submit
C:\Windows\System\LvijbjQ.exe

Filesize
6.0MB

MD5
4a71a677fb3cbe7d3d0c1c7049266a05

SHA1
d9f61aac8304336519a47ea087f0f0df48976ca5

SHA256
65a51903857f25bd1c4e410d14bf51565e5d00d76127acc5878763c85e565d9a

SHA512
52bbf021373cbf23f3da4edbeb3989c00be58e1a00614e939785b9d7ea20d2ab392195d45dc76fb5eb31654d8af40f7543b31e77deff5dd8a446292c959d702c

Download Submit
C:\Windows\System\NGtOAbu.exe

Filesize
6.0MB

MD5
698390a0e349de6807118e11e9b8a79c

SHA1
5dd2126458c8c9b04a0fd5deb64603494236bcbe

SHA256
94412713fe661419883bbbb27c1c45a51b4011411b53e9167dcd91d54440dd30

SHA512
b7fbdb4784fa1c1adca457645310a054e1f1c06ea27b8b0d1d5f94997a85f50289e23ee9778dd1e49c405c9a04df6c46e81b30ff976fb862ee403e5ec9f625e4

Download Submit
C:\Windows\System\OEPaYKn.exe

Filesize
6.0MB

MD5
77ff7dfc9b60b9cb01b8697b525c80b9

SHA1
6dd1793bb4a90a5f1f4a554be1b575aa9eec0936

SHA256
b8dc1faa750bc8055b76eac24e57627d6e35dff0473d882c3de5a04be7e04250

SHA512
80666b541b9ce964f6870b4a99948d86cb83333d09184544cd1bfbfb1bc5940ad3ee1862bc479e5447f27e9c8e1a36b56868bcc0d6fb9f3645b1ad5f06e70bc3

Download Submit
C:\Windows\System\PDETAPM.exe

Filesize
6.0MB

MD5
9302986215d8e73259d6ae258cd050f2

SHA1
89b0e999f5b36769bb49ffd26713990bab1e41c4

SHA256
e57fa31cbbc8749884da54b4d0855d460a0f3022143c5b49c3c028bc65fdf7b8

SHA512
6c09bb591a076caab73bdb4b5cabe0819ba51fee211e1bcb6d042bb2fb5b49a6cf29257fd8db93231371a17c2bd45379e859da92fceab86ac359f97fa1d8114c

Download Submit
C:\Windows\System\PUUwIug.exe

Filesize
6.0MB

MD5
b1a434629500f88834ec0283ece8a0af

SHA1
ae6ee644c468258736396898f2fd47c5fe09962a

SHA256
b27e90891d2fd69db4101526e28f439a140873125c56bb553759edfb907b9668

SHA512
59978111f077ecee5b53fb592a9737f4706f5299787b99b34f4a986b32e59354a31aa4596cab2048fd576529568c816b5aefca1c6c4b8fa926491f1486fba918

Download Submit
C:\Windows\System\SASxKna.exe

Filesize
6.0MB

MD5
c18fae02222bff6e398a0383dc0b9be8

SHA1
595b4d4c0a4903378bf673479ca1385c61b5869f

SHA256
950091f1e9cc22e1bfce2551b0331f8ffdc99dbfbdaf283931fa58468db73fe7

SHA512
8c056d44de714cd3905926227f9def4ea2542ca39e2bf7c79793ae05ef510a6bfa58d28c2fa41ad3ecb626a93447b2e04d72c63426c7d65523a737c6b94e621b

Download Submit
C:\Windows\System\VEfiDBN.exe

Filesize
6.0MB

MD5
d8ff772f595490c601119f9928222371

SHA1
e8bc5ae5a9650cf0682a1c18bf7c96efc98a91b8

SHA256
751efcad2050c0636ed414baf04e0e076737b52548b686a28acc0ac009c5007d

SHA512
a49a656b06b25a14a2aae291cf2fc9eb342efb8fd4de8cbe171d93886829deb8074b0cf1ce8488391f813f39c9cb67ecba6b5502f74870fdf9ef3bd5f01ade2f

Download Submit
C:\Windows\System\XKyRdIk.exe

Filesize
6.0MB

MD5
751b3b13dfb9e458ad75cdb71cfc1b0f

SHA1
6865d951eb1c58773a6ae1b588e26e53e32a4598

SHA256
6f89824bb141c123aa0d3dab01f6be412679b6410b50b9ca1464450b553b25dd

SHA512
d1ab571142ca9f53fd4365b3d5f0e04ec3f56e3769409bc8d9f981dfc02fb92cd2d0053db59148a22e5f001e65d6c4270af55f1070205de9dbf21a475c35ba0b

Download Submit
C:\Windows\System\YfhDXlM.exe

Filesize
6.0MB

MD5
c666a85ac7ddd9584bf28bab9a07d736

SHA1
f47d2922ba209524c225ac84e4369a51bfc13322

SHA256
59a466e6833436cfe253a1197cebe851ea8fef5ab188ae5791d48128c12e2dfd

SHA512
e21f997705d73d43e0f5f86fe4c2e222368594c0b67994afb4e6565197a2cf0413da7f4b110cc0d3503f252b56e1490f5aefb599ef8ea6faf37ba90f840f13b7

Download Submit
C:\Windows\System\YzrTeST.exe

Filesize
6.0MB

MD5
1a76c2124c2a6b81d4a8b47bfaef8704

SHA1
e22d86319058abd16b429cb59a661f1ce58c23be

SHA256
9f94e9239cd43e14df5f4d993d261bc09affa39522c1381fcf2b054e2d0662c2

SHA512
4ba18f40a827a214e10e5b6d73dbf813b64b5a7fc60d573e7903004b38ea186a4d53f53aa7bf3034d4f57080f96ea89ad65816ee8ce9cc22cf9540ffb216a36e

Download Submit
C:\Windows\System\ZiSgEWw.exe

Filesize
6.0MB

MD5
da880501dc90211d621c6f403f7e9573

SHA1
45903f866a6acd9e4bce1fa6cd319c222c7db9a6

SHA256
4b0679d66de09c1eb1050b6faf09a1a04caf30507425ff1310dc686099c4847c

SHA512
da131cdf18f9195d7b512f08fc5eb96a39d12ed9cc44eb9e2d376c883d692af707a33b464fee1e5e391ddcaf416bf9ea9e4f337f4dfa4cd5df874f1eb3ec2e8c

Download Submit
C:\Windows\System\aDgMTuJ.exe

Filesize
6.0MB

MD5
f016ec178b36abae5731aefddc595651

SHA1
e1c80432d98eb532bb2146636f6b5a727f046463

SHA256
5ce8fb2bed948f49565376a3b337988a1a667bb9d2609c381f352b03b6095ddd

SHA512
c56d05480e364c8a0e3b915de360f05c2299b216c9f392d34fde9392039ee8930ca85fb09f5c00b65d639d6fa3402dbbb4729633eb5bfe4a8e9ced214dd20752

Download Submit
C:\Windows\System\cOYbLNV.exe

Filesize
6.0MB

MD5
fc023f712b274856e56a97ce574fcc96

SHA1
052174e1ef3f5a008080f3d6d27badd358c5334d

SHA256
e22922e892330a947e9de5195c2b301aa43ea9042a087f6474d12fe33e5e9126

SHA512
3cc656d8ec138f014728db4151215b513e04d2d2c4117116ab7d63a479f0c7ed6df3e3808fbcd0a248179c345cb601373f4f4c4d405618585d35701c1565ad0c

Download Submit
C:\Windows\System\dNrQSDF.exe

Filesize
6.0MB

MD5
be44cd335f6e4463ee811df4b53f2333

SHA1
79e91da73926341a1b4619578dcf10ad0cd95152

SHA256
c04f8f6caa1c405d066e132d3025783f947182198a9ad4fd915765f2f116e1f5

SHA512
8e8b0e97ae166b8c71df427a4f58a8f3781ee0755c92fbfc131d025f856f04b5187b27be24d021d6344954d776618bf4846cc408d13a0ff59e36acd0048cdfa1

Download Submit
C:\Windows\System\dQRFHfI.exe

Filesize
6.0MB

MD5
5f3570bc594b6a7d3ef1944bbcde7a83

SHA1
e67706588d03b1589623741e3a4bd05783d22136

SHA256
f02fb3d66df31b0d29cb39d024079ae13fe141a6d90110bfd9524b326ba1886c

SHA512
b84f26af7e40b99714a8d876ef2260caf9f51ee8615b4227bc99fe2ad6823d9863341666d2e458dd510ef27dd2a74b3807048d2d17593135f0b448d3a04f72ca

Download Submit
C:\Windows\System\eDLUwVB.exe

Filesize
6.0MB

MD5
076821c18f70389c37bd445b21cf2ee8

SHA1
6325b0fe0f13100be9e846028325f59da4a03ad4

SHA256
f880181e3ae0bc0de21a3725a65e2d6ff530272ff8fad0050668343f098583d4

SHA512
f9c5a67891fd5cf80dc713dd297c5f3dc77233428bccaccc8bea672be1f092a733299b39ed1bdbf8c9197358a4811f034f7511995c4f20f7e869d3b0cf1bad4f

Download Submit
C:\Windows\System\fiIqYTN.exe

Filesize
6.0MB

MD5
b8381f4661efac738dc8ae9a7b2836dc

SHA1
10ae364768720de2e4e05bbc12c2031ed3eb5c86

SHA256
36acd9bdeef3a852d70f62920f35736286996fc8b29ee6851b6fc7c1a2d4299a

SHA512
54d6e128c1c46bcb103cab003853a0c9e4af3a705896169712d2c3bcd8dd3f9fc977db4c2477d72d7e8e96b4fd820efa7b1da3fe019eb676b61a01d8ae5f1add

Download Submit
C:\Windows\System\izDBZON.exe

Filesize
6.0MB

MD5
42969b39ce4f5ae1cb41a15eaff642a0

SHA1
b602c669ee59fe5ae40a26c67e3e0f3ebc591cfc

SHA256
1ced437e805cbb90712681b5427cb4515f259f50480f16100318125b85a22cf1

SHA512
4fd473f0f2679fa0413bf3196b0e976fe1aa3040732967c622171ffcdc2ce48bf390b3981f2eaabb42bb38145e170fc7d50677a9855f2144e41516ce38609933

Download Submit
C:\Windows\System\izVgGQa.exe

Filesize
6.0MB

MD5
e37a16076fde88c3c7db5bbd4f08a525

SHA1
7a28e2452b161cc31dc41d4b3afcc8d5588950bf

SHA256
ab1702e63c7fda3e16ca7866afa90dcde1f017ec3ac1191daba1a4fbfb3f5191

SHA512
ffb7e2d8ada9948cd15fc9d5f8e0b4bae656dcf63e1fc89fecb9f53acbf7aadba71b0df290a8e6603d5f02a25c936c2708a46dae7870952e64921cfadec01048

Download Submit
C:\Windows\System\lKIXBiJ.exe

Filesize
6.0MB

MD5
f91b92aeb122f0db6de23f9a2ce33c88

SHA1
1f1df9580e966c18013c2b4e6d61f27abefef2d2

SHA256
0bfc931248dd4eb1b5eb720201e6cf6f6c9066aaea8f1fd22d1ed7e7265a8ff8

SHA512
6a5702409b0f72b83ae1777eb34820b95ad80e3cdbf2aefc11d5b7983cf670973ac94cd8fb5ba511667154d5e3e8db88dc8c8f99a7dd7ff828df4620d0cf3692

Download Submit
C:\Windows\System\mHqIonC.exe

Filesize
6.0MB

MD5
132f2f931fdb4afe72d3821edbd3f32e

SHA1
9f4b6b84dc837914ce363fdaf70e21756900eb37

SHA256
c8dbb2837dcfb9ffda1237255d162ba2e8f9d7746780657f1e52adf23ef73ca3

SHA512
71ea3008b8834d8105e8245eca958b462b7a9bd526c896993c04890e6cac529dc59bff6f86dc1c0352c86c89576349a2cb1bb9b7c911770302c9607f4cbd5df7

Download Submit
C:\Windows\System\nkgYyLc.exe

Filesize
6.0MB

MD5
7e3666ae86c03528531cf185c357c5b5

SHA1
c108426ca8c21a7d639907137618f37eeb85ccff

SHA256
358fa7582a1f85c1154f53e1a1faca1d054d18ea077212b560d785d8ab9804c4

SHA512
a9e977b86081d06fd2c38c548b64b90915adf60b988fb0f88fcf63303164da14b720bc54af023777a6cab40ef752860028c73d3987baf3c80c47a976e1e4467e

Download Submit
C:\Windows\System\pTlipVL.exe

Filesize
6.0MB

MD5
7c2f61f8300672a16915ccbe8c224284

SHA1
cdaec7500195a4f60f87e2db6e8414b4b61a672c

SHA256
3d5a6eabc2b52897ef80480d9292387379a32e726a365432e6847b6e66401cb3

SHA512
cd6797a36813123cc66b5e6a577896ac73174ec17b4d590acd536743a7c37c135a7f055119d3b1aafab016089493d59b3d7aba33de51a9dd7d91cce8eea3b85f

Download Submit
C:\Windows\System\qlIiBmu.exe

Filesize
6.0MB

MD5
113a9c80553ebe91e666473daac16ce6

SHA1
08be19fb4f2e323ac87969729d904e2fff52e165

SHA256
cfaa7f7e7da9587509188f87b14eb720910b7e19288968cfb41f96da4206121d

SHA512
7182991fb6d776eb91f43a817e08c6f2c71dca6caf4099526fda53988c4f5512adace539d04c76382588010982f5524d52cce29a872d52c1e802a6685b8dad5a

Download Submit
C:\Windows\System\rrMsAOJ.exe

Filesize
6.0MB

MD5
c906192606d5e8e7913cd99540a1b244

SHA1
19c03c834a25512ade22955d8e79aa396d80e1d3

SHA256
0ef83ddae871a69cfb9ea37fa65c4b8df27e66adc8d2a730658d76a4b296911b

SHA512
6a775ed61a805bd5a1301b4d858743511400df92e86f155f43dac50bad577047e076348c845b92b801324ba3f5d5f85291f3b952668e856d224a3349895b2769

Download Submit
C:\Windows\System\wxrPjhG.exe

Filesize
6.0MB

MD5
4849f03cf2e6487cfc897cac921a6eef

SHA1
e617d953efb5b5039b005e2ce961ce9b7750c72b

SHA256
6fd67afcdf2a732eddbcfeb9e04d76b6b0f7642af00bbfad76f0de479f1bf38c

SHA512
c30efb05e62b24b0b2ba0ba6895152e6b26a50f6a935df62ac194777a434864894ccd7fc750316bf6c8d57160d4251765f941ec9f2f1bb875a8abf42bd058360

Download Submit
C:\Windows\System\zgFlFTz.exe

Filesize
6.0MB

MD5
431ac4650cb79871b450986978bede31

SHA1
f6192470beb5781a5a3dd62e156038fcadccfd81

SHA256
d5e60767ccc0371cb78cf1d0603723fae16ded23c327bacddbff5ad24fa4cc7c

SHA512
aaf6e4b9570ee04979b183191681434ec2081ce81688a5c162fe9b5f44d36cc43ef2e31e61c9c79ab2a30c3c783b6c1a4851ed907d76d86d2c813c0702813eff

Download Submit
memory/772-1416-0x00007FF7325F0000-0x00007FF732944000-memory.dmp

Filesize
3.3MB

Download
memory/772-806-0x00007FF7325F0000-0x00007FF732944000-memory.dmp

Filesize
3.3MB

Download
memory/1176-29-0x00007FF7A2E70000-0x00007FF7A31C4000-memory.dmp

Filesize
3.3MB

Download
memory/1176-1392-0x00007FF7A2E70000-0x00007FF7A31C4000-memory.dmp

Filesize
3.3MB

Download
memory/1176-1101-0x00007FF7A2E70000-0x00007FF7A31C4000-memory.dmp

Filesize
3.3MB

Download
memory/1388-1473-0x00007FF7D9B00000-0x00007FF7D9E54000-memory.dmp

Filesize
3.3MB

Download
memory/1388-819-0x00007FF7D9B00000-0x00007FF7D9E54000-memory.dmp

Filesize
3.3MB

Download
memory/1592-818-0x00007FF602660000-0x00007FF6029B4000-memory.dmp

Filesize
3.3MB

Download
memory/1592-1477-0x00007FF602660000-0x00007FF6029B4000-memory.dmp

Filesize
3.3MB

Download
memory/1640-7-0x00007FF604550000-0x00007FF6048A4000-memory.dmp

Filesize
3.3MB

Download
memory/1640-1375-0x00007FF604550000-0x00007FF6048A4000-memory.dmp

Filesize
3.3MB

Download
memory/1640-1014-0x00007FF604550000-0x00007FF6048A4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-816-0x00007FF7A47D0000-0x00007FF7A4B24000-memory.dmp

Filesize
3.3MB

Download
memory/1656-1468-0x00007FF7A47D0000-0x00007FF7A4B24000-memory.dmp

Filesize
3.3MB

Download
memory/1772-817-0x00007FF6F49A0000-0x00007FF6F4CF4000-memory.dmp

Filesize
3.3MB

Download
memory/1772-1472-0x00007FF6F49A0000-0x00007FF6F4CF4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-1441-0x00007FF740560000-0x00007FF7408B4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-809-0x00007FF740560000-0x00007FF7408B4000-memory.dmp

Filesize
3.3MB

Download
memory/2324-799-0x00007FF663240000-0x00007FF663594000-memory.dmp

Filesize
3.3MB

Download
memory/2324-1421-0x00007FF663240000-0x00007FF663594000-memory.dmp

Filesize
3.3MB

Download
memory/2336-805-0x00007FF7CA370000-0x00007FF7CA6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2336-1417-0x00007FF7CA370000-0x00007FF7CA6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-1424-0x00007FF786EF0000-0x00007FF787244000-memory.dmp

Filesize
3.3MB

Download
memory/2736-823-0x00007FF786EF0000-0x00007FF787244000-memory.dmp

Filesize
3.3MB

Download
memory/2888-807-0x00007FF702F10000-0x00007FF703264000-memory.dmp

Filesize
3.3MB

Download
memory/2888-1429-0x00007FF702F10000-0x00007FF703264000-memory.dmp

Filesize
3.3MB

Download
memory/2992-42-0x00007FF6947A0000-0x00007FF694AF4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-1396-0x00007FF6947A0000-0x00007FF694AF4000-memory.dmp

Filesize
3.3MB

Download
memory/3084-813-0x00007FF6D8090000-0x00007FF6D83E4000-memory.dmp

Filesize
3.3MB

Download
memory/3084-1455-0x00007FF6D8090000-0x00007FF6D83E4000-memory.dmp

Filesize
3.3MB

Download
memory/3208-1440-0x00007FF786090000-0x00007FF7863E4000-memory.dmp

Filesize
3.3MB

Download
memory/3208-811-0x00007FF786090000-0x00007FF7863E4000-memory.dmp

Filesize
3.3MB

Download
memory/3296-1460-0x00007FF606530000-0x00007FF606884000-memory.dmp

Filesize
3.3MB

Download
memory/3296-814-0x00007FF606530000-0x00007FF606884000-memory.dmp

Filesize
3.3MB

Download
memory/3360-1209-0x00007FF651BF0000-0x00007FF651F44000-memory.dmp

Filesize
3.3MB

Download
memory/3360-1425-0x00007FF651BF0000-0x00007FF651F44000-memory.dmp

Filesize
3.3MB

Download
memory/3360-413-0x00007FF651BF0000-0x00007FF651F44000-memory.dmp

Filesize
3.3MB

Download
memory/3508-1378-0x00007FF73BAA0000-0x00007FF73BDF4000-memory.dmp

Filesize
3.3MB

Download
memory/3508-1068-0x00007FF73BAA0000-0x00007FF73BDF4000-memory.dmp

Filesize
3.3MB

Download
memory/3508-16-0x00007FF73BAA0000-0x00007FF73BDF4000-memory.dmp

Filesize
3.3MB

Download
memory/3668-820-0x00007FF759A90000-0x00007FF759DE4000-memory.dmp

Filesize
3.3MB

Download
memory/3668-1481-0x00007FF759A90000-0x00007FF759DE4000-memory.dmp

Filesize
3.3MB

Download
memory/3992-798-0x00007FF7CAC40000-0x00007FF7CAF94000-memory.dmp

Filesize
3.3MB

Download
memory/3992-1420-0x00007FF7CAC40000-0x00007FF7CAF94000-memory.dmp

Filesize
3.3MB

Download
memory/4000-1423-0x00007FF78A330000-0x00007FF78A684000-memory.dmp

Filesize
3.3MB

Download
memory/4000-822-0x00007FF78A330000-0x00007FF78A684000-memory.dmp

Filesize
3.3MB

Download
memory/4024-1433-0x00007FF7BCB80000-0x00007FF7BCED4000-memory.dmp

Filesize
3.3MB

Download
memory/4024-808-0x00007FF7BCB80000-0x00007FF7BCED4000-memory.dmp

Filesize
3.3MB

Download
memory/4260-1069-0x00007FF6832C0000-0x00007FF683614000-memory.dmp

Filesize
3.3MB

Download
memory/4260-1388-0x00007FF6832C0000-0x00007FF683614000-memory.dmp

Filesize
3.3MB

Download
memory/4260-20-0x00007FF6832C0000-0x00007FF683614000-memory.dmp

Filesize
3.3MB

Download
memory/4472-1405-0x00007FF68D390000-0x00007FF68D6E4000-memory.dmp

Filesize
3.3MB

Download
memory/4472-1158-0x00007FF68D390000-0x00007FF68D6E4000-memory.dmp

Filesize
3.3MB

Download
memory/4472-37-0x00007FF68D390000-0x00007FF68D6E4000-memory.dmp

Filesize
3.3MB

Download
memory/4520-1484-0x00007FF6342D0000-0x00007FF634624000-memory.dmp

Filesize
3.3MB

Download
memory/4520-821-0x00007FF6342D0000-0x00007FF634624000-memory.dmp

Filesize
3.3MB

Download
memory/4544-815-0x00007FF641CF0000-0x00007FF642044000-memory.dmp

Filesize
3.3MB

Download
memory/4544-1461-0x00007FF641CF0000-0x00007FF642044000-memory.dmp

Filesize
3.3MB

Download
memory/4564-810-0x00007FF686230000-0x00007FF686584000-memory.dmp

Filesize
3.3MB

Download
memory/4564-1437-0x00007FF686230000-0x00007FF686584000-memory.dmp

Filesize
3.3MB

Download
memory/4844-812-0x00007FF760FC0000-0x00007FF761314000-memory.dmp

Filesize
3.3MB

Download
memory/4844-1447-0x00007FF760FC0000-0x00007FF761314000-memory.dmp

Filesize
3.3MB

Download
memory/4892-0-0x00007FF7E5150000-0x00007FF7E54A4000-memory.dmp

Filesize
3.3MB

Download
memory/4892-1-0x0000017722020000-0x0000017722030000-memory.dmp

Filesize
64KB

Download
memory/4892-953-0x00007FF7E5150000-0x00007FF7E54A4000-memory.dmp

Filesize
3.3MB

Download
memory/5084-1422-0x00007FF6416F0000-0x00007FF641A44000-memory.dmp

Filesize
3.3MB

Download
memory/5084-824-0x00007FF6416F0000-0x00007FF641A44000-memory.dmp

Filesize
3.3MB

Download