cobaltstrike | a32b6d4be3116b0cfdf60b5db83babe475a228431683efcef5592855386872b8

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 14:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

4cf9018066a3a6601940eae2c7ec3de1
SHA1

58bbedcf4888a2185c8c7c4806733644d968f996
SHA256

a32b6d4be3116b0cfdf60b5db83babe475a228431683efcef5592855386872b8
SHA512

cb110b24b351a43b04ad294cf8ecbedf24124e719afe0516f78fe4ef73823c16436b99e22c68739bfac4e6d5975744aaab81f5605f56fa41abe6e35938f1199e
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUr:T+q56utgpPF8u/7r

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
\Windows\system\deQofvd.exe	cobalt_reflective_dll
C:\Windows\system\NNofCtD.exe	cobalt_reflective_dll
C:\Windows\system\PuMJsmU.exe	cobalt_reflective_dll
C:\Windows\system\naySKDj.exe	cobalt_reflective_dll
C:\Windows\system\ctYzwen.exe	cobalt_reflective_dll
C:\Windows\system\mWHdWyw.exe	cobalt_reflective_dll
C:\Windows\system\JKKhZzR.exe	cobalt_reflective_dll
C:\Windows\system\Wdhllut.exe	cobalt_reflective_dll
\Windows\system\wJvHsPr.exe	cobalt_reflective_dll
C:\Windows\system\pFyCGLd.exe	cobalt_reflective_dll
C:\Windows\system\YGmcgYX.exe	cobalt_reflective_dll
C:\Windows\system\CHRDVhc.exe	cobalt_reflective_dll
\Windows\system\nzSFZVK.exe	cobalt_reflective_dll
C:\Windows\system\olfWPHA.exe	cobalt_reflective_dll
C:\Windows\system\PNzItEf.exe	cobalt_reflective_dll
C:\Windows\system\CqhqNEl.exe	cobalt_reflective_dll
C:\Windows\system\JtzjUcb.exe	cobalt_reflective_dll
C:\Windows\system\BYzWQEf.exe	cobalt_reflective_dll
C:\Windows\system\hiDcqKW.exe	cobalt_reflective_dll
C:\Windows\system\XJkDzcx.exe	cobalt_reflective_dll
C:\Windows\system\zXYqhlU.exe	cobalt_reflective_dll
C:\Windows\system\UwdEGIs.exe	cobalt_reflective_dll
C:\Windows\system\MObdqBD.exe	cobalt_reflective_dll
C:\Windows\system\SgWBPZp.exe	cobalt_reflective_dll
C:\Windows\system\JhMlOuB.exe	cobalt_reflective_dll
C:\Windows\system\tZaqUTK.exe	cobalt_reflective_dll
C:\Windows\system\DEasKXI.exe	cobalt_reflective_dll
C:\Windows\system\quYttsk.exe	cobalt_reflective_dll
C:\Windows\system\cqTNDSs.exe	cobalt_reflective_dll
C:\Windows\system\kALPolY.exe	cobalt_reflective_dll
C:\Windows\system\IJDCUfS.exe	cobalt_reflective_dll
C:\Windows\system\smLyeOm.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 57 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2184-0-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
\Windows\system\deQofvd.exe	xmrig
C:\Windows\system\NNofCtD.exe	xmrig
C:\Windows\system\PuMJsmU.exe	xmrig
behavioral1/memory/2032-21-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2404-20-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
C:\Windows\system\naySKDj.exe	xmrig
C:\Windows\system\ctYzwen.exe	xmrig
C:\Windows\system\mWHdWyw.exe	xmrig
C:\Windows\system\JKKhZzR.exe	xmrig
C:\Windows\system\Wdhllut.exe	xmrig
\Windows\system\wJvHsPr.exe	xmrig
C:\Windows\system\pFyCGLd.exe	xmrig
behavioral1/memory/2744-2007-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2768-2078-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2816-2015-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/1664-1998-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
C:\Windows\system\YGmcgYX.exe	xmrig
C:\Windows\system\CHRDVhc.exe	xmrig
\Windows\system\nzSFZVK.exe	xmrig
C:\Windows\system\olfWPHA.exe	xmrig
C:\Windows\system\PNzItEf.exe	xmrig
C:\Windows\system\CqhqNEl.exe	xmrig
C:\Windows\system\JtzjUcb.exe	xmrig
C:\Windows\system\BYzWQEf.exe	xmrig
C:\Windows\system\hiDcqKW.exe	xmrig
C:\Windows\system\XJkDzcx.exe	xmrig
C:\Windows\system\zXYqhlU.exe	xmrig
C:\Windows\system\UwdEGIs.exe	xmrig
C:\Windows\system\MObdqBD.exe	xmrig
C:\Windows\system\SgWBPZp.exe	xmrig
C:\Windows\system\JhMlOuB.exe	xmrig
C:\Windows\system\tZaqUTK.exe	xmrig
C:\Windows\system\DEasKXI.exe	xmrig
C:\Windows\system\quYttsk.exe	xmrig
C:\Windows\system\cqTNDSs.exe	xmrig
C:\Windows\system\kALPolY.exe	xmrig
C:\Windows\system\IJDCUfS.exe	xmrig
C:\Windows\system\smLyeOm.exe	xmrig
behavioral1/memory/2356-18-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2940-2239-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/3016-2322-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2796-2327-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2184-2724-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2404-2805-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2184-2886-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2184-2874-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2356-3293-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2032-3292-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2744-3298-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2768-3310-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/1664-3311-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2796-3309-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2816-3349-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2940-3315-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/3016-3308-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2404-3307-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

NNofCtD.exedeQofvd.exePuMJsmU.exenaySKDj.exesmLyeOm.exectYzwen.exeIJDCUfS.exemWHdWyw.exekALPolY.execqTNDSs.exeJKKhZzR.exeDEasKXI.exequYttsk.exetZaqUTK.exeWdhllut.exeJhMlOuB.exeSgWBPZp.exeMObdqBD.exeUwdEGIs.exezXYqhlU.exeXJkDzcx.exehiDcqKW.exeBYzWQEf.exeCqhqNEl.exeJtzjUcb.exePNzItEf.exewJvHsPr.exeolfWPHA.exenzSFZVK.exeCHRDVhc.exeYGmcgYX.exepFyCGLd.exeXlNmfnt.exelQMhZXq.exeAvSZQHe.exelpaLeXK.exefPZEWrT.exeRdOEGCx.exeKTHEDvQ.exejTLEuQG.exePRdZwNp.exelyecmiD.exemvyDwXl.exeYHZgVXi.exexSszNLg.exeRBRBGlQ.exeWbHdAqf.exeLIQLeUK.exeNlRXYud.exeyuZVJMz.exeCcxItlM.exeHEHGpET.exeXrNTTYG.exesHnHUZm.exerAbvJHx.exeOcLvGkt.exemhsDfwP.exeVBwfYFK.exeUWOWWaZ.exeNKIXceu.exezgZnota.exeadAZBeb.exeJMaWODD.exeIVdNJMS.exe

pid	process
2356	NNofCtD.exe
2404	deQofvd.exe
2032	PuMJsmU.exe
1664	naySKDj.exe
2744	smLyeOm.exe
2816	ctYzwen.exe
2768	IJDCUfS.exe
2940	mWHdWyw.exe
3016	kALPolY.exe
2796	cqTNDSs.exe
2652	JKKhZzR.exe
2504	DEasKXI.exe
2608	quYttsk.exe
2684	tZaqUTK.exe
2188	Wdhllut.exe
2296	JhMlOuB.exe
800	SgWBPZp.exe
2260	MObdqBD.exe
2600	UwdEGIs.exe
2716	zXYqhlU.exe
2972	XJkDzcx.exe
796	hiDcqKW.exe
2712	BYzWQEf.exe
2508	CqhqNEl.exe
1616	JtzjUcb.exe
1488	PNzItEf.exe
444	wJvHsPr.exe
1828	olfWPHA.exe
2408	nzSFZVK.exe
1904	CHRDVhc.exe
1900	YGmcgYX.exe
2360	pFyCGLd.exe
3048	XlNmfnt.exe
1132	lQMhZXq.exe
988	AvSZQHe.exe
1620	lpaLeXK.exe
1912	fPZEWrT.exe
1432	RdOEGCx.exe
1396	KTHEDvQ.exe
1672	jTLEuQG.exe
1060	PRdZwNp.exe
2016	lyecmiD.exe
844	mvyDwXl.exe
2044	YHZgVXi.exe
1780	xSszNLg.exe
1988	RBRBGlQ.exe
2696	WbHdAqf.exe
2980	LIQLeUK.exe
2096	NlRXYud.exe
1880	yuZVJMz.exe
572	CcxItlM.exe
892	HEHGpET.exe
1192	XrNTTYG.exe
2496	sHnHUZm.exe
1936	rAbvJHx.exe
2196	OcLvGkt.exe
1676	mhsDfwP.exe
1708	VBwfYFK.exe
2072	UWOWWaZ.exe
2452	NKIXceu.exe
2892	zgZnota.exe
2904	adAZBeb.exe
2240	JMaWODD.exe
2636	IVdNJMS.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe

pid	process
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 55 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2184-0-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
\Windows\system\deQofvd.exe	upx
C:\Windows\system\NNofCtD.exe	upx
C:\Windows\system\PuMJsmU.exe	upx
behavioral1/memory/2032-21-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2404-20-0x000000013F520000-0x000000013F874000-memory.dmp	upx
C:\Windows\system\naySKDj.exe	upx
C:\Windows\system\ctYzwen.exe	upx
C:\Windows\system\mWHdWyw.exe	upx
C:\Windows\system\JKKhZzR.exe	upx
C:\Windows\system\Wdhllut.exe	upx
\Windows\system\wJvHsPr.exe	upx
C:\Windows\system\pFyCGLd.exe	upx
behavioral1/memory/2744-2007-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2768-2078-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2816-2015-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/1664-1998-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
C:\Windows\system\YGmcgYX.exe	upx
C:\Windows\system\CHRDVhc.exe	upx
\Windows\system\nzSFZVK.exe	upx
C:\Windows\system\olfWPHA.exe	upx
C:\Windows\system\PNzItEf.exe	upx
C:\Windows\system\CqhqNEl.exe	upx
C:\Windows\system\JtzjUcb.exe	upx
C:\Windows\system\BYzWQEf.exe	upx
C:\Windows\system\hiDcqKW.exe	upx
C:\Windows\system\XJkDzcx.exe	upx
C:\Windows\system\zXYqhlU.exe	upx
C:\Windows\system\UwdEGIs.exe	upx
C:\Windows\system\MObdqBD.exe	upx
C:\Windows\system\SgWBPZp.exe	upx
C:\Windows\system\JhMlOuB.exe	upx
C:\Windows\system\tZaqUTK.exe	upx
C:\Windows\system\DEasKXI.exe	upx
C:\Windows\system\quYttsk.exe	upx
C:\Windows\system\cqTNDSs.exe	upx
C:\Windows\system\kALPolY.exe	upx
C:\Windows\system\IJDCUfS.exe	upx
C:\Windows\system\smLyeOm.exe	upx
behavioral1/memory/2356-18-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2940-2239-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/3016-2322-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2796-2327-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2184-2724-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2404-2805-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2356-3293-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2032-3292-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2744-3298-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2768-3310-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/1664-3311-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2796-3309-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2816-3349-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2940-3315-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/3016-3308-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2404-3307-0x000000013F520000-0x000000013F874000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\hiDcqKW.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MxkMDbW.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aWfwiDx.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FtWfbaZ.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\glKyRgO.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tRjisju.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eNOGLyA.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bDTWkgm.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MqlwzcY.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RbhOBer.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GtYVTWK.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZRHJjeZ.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ARswEpq.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KjPcRea.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YUYwuMD.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wgfkFvz.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hnXAphR.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pqosBIh.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PTsFyLG.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vqyPjnQ.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BauGYJA.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\upFldhi.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SGUaKZv.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ybrgchn.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NYfRHpj.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dJRjakn.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jtIFQCF.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yQHLWgy.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LAPfEsm.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XaZUBRM.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RMCvkHx.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HLvfGHc.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yQNDRpx.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FkNkRVL.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hCbPHdw.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\roVLXTa.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ODlWPOA.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nfZwbPF.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PxsUBZM.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KOMulLx.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IrayRuA.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WaUoGBk.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YsAHqLo.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tqEOlzl.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KyUTUbo.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IJDCUfS.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MTzvTQd.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\csSeWUI.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VXhgMYJ.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QSfJgfq.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hXOQqGl.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wgOVovE.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AjVSJEX.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hBzKpgH.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bopVCQL.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bdqPvMz.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oQVKtxI.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AvBQirr.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HrGSUHv.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GTkBOUb.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WRnbnPL.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xCuDWHK.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oOigIDm.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MIBRAjz.exe	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 2184 wrote to memory of 2356	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	NNofCtD.exe
PID 2184 wrote to memory of 2356	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	NNofCtD.exe
PID 2184 wrote to memory of 2356	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	NNofCtD.exe
PID 2184 wrote to memory of 2404	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	deQofvd.exe
PID 2184 wrote to memory of 2404	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	deQofvd.exe
PID 2184 wrote to memory of 2404	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	deQofvd.exe
PID 2184 wrote to memory of 2032	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	PuMJsmU.exe
PID 2184 wrote to memory of 2032	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	PuMJsmU.exe
PID 2184 wrote to memory of 2032	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	PuMJsmU.exe
PID 2184 wrote to memory of 1664	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	naySKDj.exe
PID 2184 wrote to memory of 1664	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	naySKDj.exe
PID 2184 wrote to memory of 1664	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	naySKDj.exe
PID 2184 wrote to memory of 2744	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	smLyeOm.exe
PID 2184 wrote to memory of 2744	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	smLyeOm.exe
PID 2184 wrote to memory of 2744	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	smLyeOm.exe
PID 2184 wrote to memory of 2816	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	ctYzwen.exe
PID 2184 wrote to memory of 2816	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	ctYzwen.exe
PID 2184 wrote to memory of 2816	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	ctYzwen.exe
PID 2184 wrote to memory of 2768	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	IJDCUfS.exe
PID 2184 wrote to memory of 2768	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	IJDCUfS.exe
PID 2184 wrote to memory of 2768	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	IJDCUfS.exe
PID 2184 wrote to memory of 2940	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	mWHdWyw.exe
PID 2184 wrote to memory of 2940	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	mWHdWyw.exe
PID 2184 wrote to memory of 2940	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	mWHdWyw.exe
PID 2184 wrote to memory of 3016	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	kALPolY.exe
PID 2184 wrote to memory of 3016	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	kALPolY.exe
PID 2184 wrote to memory of 3016	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	kALPolY.exe
PID 2184 wrote to memory of 2796	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	cqTNDSs.exe
PID 2184 wrote to memory of 2796	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	cqTNDSs.exe
PID 2184 wrote to memory of 2796	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	cqTNDSs.exe
PID 2184 wrote to memory of 2652	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	JKKhZzR.exe
PID 2184 wrote to memory of 2652	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	JKKhZzR.exe
PID 2184 wrote to memory of 2652	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	JKKhZzR.exe
PID 2184 wrote to memory of 2504	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	DEasKXI.exe
PID 2184 wrote to memory of 2504	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	DEasKXI.exe
PID 2184 wrote to memory of 2504	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	DEasKXI.exe
PID 2184 wrote to memory of 2608	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	quYttsk.exe
PID 2184 wrote to memory of 2608	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	quYttsk.exe
PID 2184 wrote to memory of 2608	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	quYttsk.exe
PID 2184 wrote to memory of 2684	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	tZaqUTK.exe
PID 2184 wrote to memory of 2684	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	tZaqUTK.exe
PID 2184 wrote to memory of 2684	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	tZaqUTK.exe
PID 2184 wrote to memory of 2188	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	Wdhllut.exe
PID 2184 wrote to memory of 2188	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	Wdhllut.exe
PID 2184 wrote to memory of 2188	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	Wdhllut.exe
PID 2184 wrote to memory of 2296	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	JhMlOuB.exe
PID 2184 wrote to memory of 2296	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	JhMlOuB.exe
PID 2184 wrote to memory of 2296	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	JhMlOuB.exe
PID 2184 wrote to memory of 800	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	SgWBPZp.exe
PID 2184 wrote to memory of 800	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	SgWBPZp.exe
PID 2184 wrote to memory of 800	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	SgWBPZp.exe
PID 2184 wrote to memory of 2260	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	MObdqBD.exe
PID 2184 wrote to memory of 2260	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	MObdqBD.exe
PID 2184 wrote to memory of 2260	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	MObdqBD.exe
PID 2184 wrote to memory of 2600	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	UwdEGIs.exe
PID 2184 wrote to memory of 2600	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	UwdEGIs.exe
PID 2184 wrote to memory of 2600	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	UwdEGIs.exe
PID 2184 wrote to memory of 2716	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	zXYqhlU.exe
PID 2184 wrote to memory of 2716	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	zXYqhlU.exe
PID 2184 wrote to memory of 2716	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	zXYqhlU.exe
PID 2184 wrote to memory of 2972	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	XJkDzcx.exe
PID 2184 wrote to memory of 2972	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	XJkDzcx.exe
PID 2184 wrote to memory of 2972	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	XJkDzcx.exe
PID 2184 wrote to memory of 796	2184	2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe	hiDcqKW.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-21_4cf9018066a3a6601940eae2c7ec3de1_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Windows\System\NNofCtD.exe
  C:\Windows\System\NNofCtD.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\deQofvd.exe
  C:\Windows\System\deQofvd.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\PuMJsmU.exe
  C:\Windows\System\PuMJsmU.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\naySKDj.exe
  C:\Windows\System\naySKDj.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\smLyeOm.exe
  C:\Windows\System\smLyeOm.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\ctYzwen.exe
  C:\Windows\System\ctYzwen.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\IJDCUfS.exe
  C:\Windows\System\IJDCUfS.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\mWHdWyw.exe
  C:\Windows\System\mWHdWyw.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\kALPolY.exe
  C:\Windows\System\kALPolY.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\cqTNDSs.exe
  C:\Windows\System\cqTNDSs.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\JKKhZzR.exe
  C:\Windows\System\JKKhZzR.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\DEasKXI.exe
  C:\Windows\System\DEasKXI.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\quYttsk.exe
  C:\Windows\System\quYttsk.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\tZaqUTK.exe
  C:\Windows\System\tZaqUTK.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\Wdhllut.exe
  C:\Windows\System\Wdhllut.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\JhMlOuB.exe
  C:\Windows\System\JhMlOuB.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\SgWBPZp.exe
  C:\Windows\System\SgWBPZp.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\MObdqBD.exe
  C:\Windows\System\MObdqBD.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\UwdEGIs.exe
  C:\Windows\System\UwdEGIs.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\zXYqhlU.exe
  C:\Windows\System\zXYqhlU.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\XJkDzcx.exe
  C:\Windows\System\XJkDzcx.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\hiDcqKW.exe
  C:\Windows\System\hiDcqKW.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\BYzWQEf.exe
  C:\Windows\System\BYzWQEf.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\CqhqNEl.exe
  C:\Windows\System\CqhqNEl.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\JtzjUcb.exe
  C:\Windows\System\JtzjUcb.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\wJvHsPr.exe
  C:\Windows\System\wJvHsPr.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\PNzItEf.exe
  C:\Windows\System\PNzItEf.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\nzSFZVK.exe
  C:\Windows\System\nzSFZVK.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\olfWPHA.exe
  C:\Windows\System\olfWPHA.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\CHRDVhc.exe
  C:\Windows\System\CHRDVhc.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\YGmcgYX.exe
  C:\Windows\System\YGmcgYX.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\pFyCGLd.exe
  C:\Windows\System\pFyCGLd.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\XlNmfnt.exe
  C:\Windows\System\XlNmfnt.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\lQMhZXq.exe
  C:\Windows\System\lQMhZXq.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\AvSZQHe.exe
  C:\Windows\System\AvSZQHe.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\lpaLeXK.exe
  C:\Windows\System\lpaLeXK.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\fPZEWrT.exe
  C:\Windows\System\fPZEWrT.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\RdOEGCx.exe
  C:\Windows\System\RdOEGCx.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\KTHEDvQ.exe
  C:\Windows\System\KTHEDvQ.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\jTLEuQG.exe
  C:\Windows\System\jTLEuQG.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\PRdZwNp.exe
  C:\Windows\System\PRdZwNp.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\lyecmiD.exe
  C:\Windows\System\lyecmiD.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\mvyDwXl.exe
  C:\Windows\System\mvyDwXl.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\YHZgVXi.exe
  C:\Windows\System\YHZgVXi.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\xSszNLg.exe
  C:\Windows\System\xSszNLg.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\RBRBGlQ.exe
  C:\Windows\System\RBRBGlQ.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\WbHdAqf.exe
  C:\Windows\System\WbHdAqf.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\LIQLeUK.exe
  C:\Windows\System\LIQLeUK.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\NlRXYud.exe
  C:\Windows\System\NlRXYud.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\yuZVJMz.exe
  C:\Windows\System\yuZVJMz.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\CcxItlM.exe
  C:\Windows\System\CcxItlM.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\HEHGpET.exe
  C:\Windows\System\HEHGpET.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\XrNTTYG.exe
  C:\Windows\System\XrNTTYG.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\sHnHUZm.exe
  C:\Windows\System\sHnHUZm.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\rAbvJHx.exe
  C:\Windows\System\rAbvJHx.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\OcLvGkt.exe
  C:\Windows\System\OcLvGkt.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\mhsDfwP.exe
  C:\Windows\System\mhsDfwP.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\VBwfYFK.exe
  C:\Windows\System\VBwfYFK.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\UWOWWaZ.exe
  C:\Windows\System\UWOWWaZ.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\NKIXceu.exe
  C:\Windows\System\NKIXceu.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\zgZnota.exe
  C:\Windows\System\zgZnota.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\adAZBeb.exe
  C:\Windows\System\adAZBeb.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\JMaWODD.exe
  C:\Windows\System\JMaWODD.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\IVdNJMS.exe
  C:\Windows\System\IVdNJMS.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\wHnMkmg.exe
  C:\Windows\System\wHnMkmg.exe
  2⤵
  PID:2728
- C:\Windows\System\cCJUezh.exe
  C:\Windows\System\cCJUezh.exe
  2⤵
  PID:2152
- C:\Windows\System\dQVzwPo.exe
  C:\Windows\System\dQVzwPo.exe
  2⤵
  PID:2248
- C:\Windows\System\Wbqqpoj.exe
  C:\Windows\System\Wbqqpoj.exe
  2⤵
  PID:984
- C:\Windows\System\wQXfRDd.exe
  C:\Windows\System\wQXfRDd.exe
  2⤵
  PID:2856
- C:\Windows\System\inoSMYB.exe
  C:\Windows\System\inoSMYB.exe
  2⤵
  PID:2124
- C:\Windows\System\qPqAMIF.exe
  C:\Windows\System\qPqAMIF.exe
  2⤵
  PID:1372
- C:\Windows\System\HrGSUHv.exe
  C:\Windows\System\HrGSUHv.exe
  2⤵
  PID:2956
- C:\Windows\System\fuNEsrj.exe
  C:\Windows\System\fuNEsrj.exe
  2⤵
  PID:2056
- C:\Windows\System\fbCtpjF.exe
  C:\Windows\System\fbCtpjF.exe
  2⤵
  PID:1208
- C:\Windows\System\WUyVOGJ.exe
  C:\Windows\System\WUyVOGJ.exe
  2⤵
  PID:1016
- C:\Windows\System\nVhPvsM.exe
  C:\Windows\System\nVhPvsM.exe
  2⤵
  PID:908
- C:\Windows\System\ssqLlCm.exe
  C:\Windows\System\ssqLlCm.exe
  2⤵
  PID:3040
- C:\Windows\System\ZNSsFFF.exe
  C:\Windows\System\ZNSsFFF.exe
  2⤵
  PID:2372
- C:\Windows\System\EdEtgKc.exe
  C:\Windows\System\EdEtgKc.exe
  2⤵
  PID:1964
- C:\Windows\System\ykJfzfG.exe
  C:\Windows\System\ykJfzfG.exe
  2⤵
  PID:1584
- C:\Windows\System\WWPCyhY.exe
  C:\Windows\System\WWPCyhY.exe
  2⤵
  PID:588
- C:\Windows\System\LxyIucy.exe
  C:\Windows\System\LxyIucy.exe
  2⤵
  PID:2012
- C:\Windows\System\FyVrVEQ.exe
  C:\Windows\System\FyVrVEQ.exe
  2⤵
  PID:928
- C:\Windows\System\wGDvuuY.exe
  C:\Windows\System\wGDvuuY.exe
  2⤵
  PID:884
- C:\Windows\System\bUpVTZx.exe
  C:\Windows\System\bUpVTZx.exe
  2⤵
  PID:1976
- C:\Windows\System\roVLXTa.exe
  C:\Windows\System\roVLXTa.exe
  2⤵
  PID:2524
- C:\Windows\System\hPZRWkh.exe
  C:\Windows\System\hPZRWkh.exe
  2⤵
  PID:1956
- C:\Windows\System\vcSCMRD.exe
  C:\Windows\System\vcSCMRD.exe
  2⤵
  PID:1196
- C:\Windows\System\pzPhRlt.exe
  C:\Windows\System\pzPhRlt.exe
  2⤵
  PID:1920
- C:\Windows\System\xhZvkVt.exe
  C:\Windows\System\xhZvkVt.exe
  2⤵
  PID:1940
- C:\Windows\System\BeuPgkh.exe
  C:\Windows\System\BeuPgkh.exe
  2⤵
  PID:2392
- C:\Windows\System\AgwBblE.exe
  C:\Windows\System\AgwBblE.exe
  2⤵
  PID:1608
- C:\Windows\System\fVPSDZz.exe
  C:\Windows\System\fVPSDZz.exe
  2⤵
  PID:1572
- C:\Windows\System\bAQhTum.exe
  C:\Windows\System\bAQhTum.exe
  2⤵
  PID:3020
- C:\Windows\System\LlDzEiA.exe
  C:\Windows\System\LlDzEiA.exe
  2⤵
  PID:2232
- C:\Windows\System\CFwtjbv.exe
  C:\Windows\System\CFwtjbv.exe
  2⤵
  PID:2924
- C:\Windows\System\cMCBhDI.exe
  C:\Windows\System\cMCBhDI.exe
  2⤵
  PID:2780
- C:\Windows\System\CuXBcNR.exe
  C:\Windows\System\CuXBcNR.exe
  2⤵
  PID:2952
- C:\Windows\System\ZPsmgvM.exe
  C:\Windows\System\ZPsmgvM.exe
  2⤵
  PID:2172
- C:\Windows\System\jsTAzto.exe
  C:\Windows\System\jsTAzto.exe
  2⤵
  PID:2860
- C:\Windows\System\phBlAVP.exe
  C:\Windows\System\phBlAVP.exe
  2⤵
  PID:1980
- C:\Windows\System\VIPgyTW.exe
  C:\Windows\System\VIPgyTW.exe
  2⤵
  PID:1244
- C:\Windows\System\pxViMgL.exe
  C:\Windows\System\pxViMgL.exe
  2⤵
  PID:3036
- C:\Windows\System\suhUJAk.exe
  C:\Windows\System\suhUJAk.exe
  2⤵
  PID:960
- C:\Windows\System\uWxWkDk.exe
  C:\Windows\System\uWxWkDk.exe
  2⤵
  PID:1772
- C:\Windows\System\eHgIusS.exe
  C:\Windows\System\eHgIusS.exe
  2⤵
  PID:1804
- C:\Windows\System\MmWwTnZ.exe
  C:\Windows\System\MmWwTnZ.exe
  2⤵
  PID:1392
- C:\Windows\System\MTzvTQd.exe
  C:\Windows\System\MTzvTQd.exe
  2⤵
  PID:2256
- C:\Windows\System\rmYURYE.exe
  C:\Windows\System\rmYURYE.exe
  2⤵
  PID:2528
- C:\Windows\System\pkNnETT.exe
  C:\Windows\System\pkNnETT.exe
  2⤵
  PID:2540
- C:\Windows\System\AUTGqAY.exe
  C:\Windows\System\AUTGqAY.exe
  2⤵
  PID:2480
- C:\Windows\System\aXAhhCQ.exe
  C:\Windows\System\aXAhhCQ.exe
  2⤵
  PID:1932
- C:\Windows\System\rrnSOjK.exe
  C:\Windows\System\rrnSOjK.exe
  2⤵
  PID:1908
- C:\Windows\System\VmGDBLU.exe
  C:\Windows\System\VmGDBLU.exe
  2⤵
  PID:3080
- C:\Windows\System\aUsxoQj.exe
  C:\Windows\System\aUsxoQj.exe
  2⤵
  PID:3104
- C:\Windows\System\rdLBxyN.exe
  C:\Windows\System\rdLBxyN.exe
  2⤵
  PID:3124
- C:\Windows\System\NzauVur.exe
  C:\Windows\System\NzauVur.exe
  2⤵
  PID:3144
- C:\Windows\System\AdRYsvk.exe
  C:\Windows\System\AdRYsvk.exe
  2⤵
  PID:3164
- C:\Windows\System\uKECDLb.exe
  C:\Windows\System\uKECDLb.exe
  2⤵
  PID:3184
- C:\Windows\System\rduNOFd.exe
  C:\Windows\System\rduNOFd.exe
  2⤵
  PID:3200
- C:\Windows\System\iXSgJKw.exe
  C:\Windows\System\iXSgJKw.exe
  2⤵
  PID:3224
- C:\Windows\System\wNlTnxA.exe
  C:\Windows\System\wNlTnxA.exe
  2⤵
  PID:3240
- C:\Windows\System\nbofPPA.exe
  C:\Windows\System\nbofPPA.exe
  2⤵
  PID:3260
- C:\Windows\System\CqErUBw.exe
  C:\Windows\System\CqErUBw.exe
  2⤵
  PID:3280
- C:\Windows\System\BlXyhaE.exe
  C:\Windows\System\BlXyhaE.exe
  2⤵
  PID:3304
- C:\Windows\System\rxWPAbF.exe
  C:\Windows\System\rxWPAbF.exe
  2⤵
  PID:3324
- C:\Windows\System\vIzjpmG.exe
  C:\Windows\System\vIzjpmG.exe
  2⤵
  PID:3344
- C:\Windows\System\CNeMANg.exe
  C:\Windows\System\CNeMANg.exe
  2⤵
  PID:3364
- C:\Windows\System\UQddZsF.exe
  C:\Windows\System\UQddZsF.exe
  2⤵
  PID:3380
- C:\Windows\System\ZvOmWEu.exe
  C:\Windows\System\ZvOmWEu.exe
  2⤵
  PID:3404
- C:\Windows\System\iWdmIOB.exe
  C:\Windows\System\iWdmIOB.exe
  2⤵
  PID:3424
- C:\Windows\System\GTkBOUb.exe
  C:\Windows\System\GTkBOUb.exe
  2⤵
  PID:3444
- C:\Windows\System\EOXheOV.exe
  C:\Windows\System\EOXheOV.exe
  2⤵
  PID:3460
- C:\Windows\System\sPSVPDD.exe
  C:\Windows\System\sPSVPDD.exe
  2⤵
  PID:3480
- C:\Windows\System\VIzarlx.exe
  C:\Windows\System\VIzarlx.exe
  2⤵
  PID:3500
- C:\Windows\System\qEKUPGc.exe
  C:\Windows\System\qEKUPGc.exe
  2⤵
  PID:3524
- C:\Windows\System\yyHMuGi.exe
  C:\Windows\System\yyHMuGi.exe
  2⤵
  PID:3540
- C:\Windows\System\ZgYuYKF.exe
  C:\Windows\System\ZgYuYKF.exe
  2⤵
  PID:3560
- C:\Windows\System\NDWXfuJ.exe
  C:\Windows\System\NDWXfuJ.exe
  2⤵
  PID:3580
- C:\Windows\System\jEBEiEH.exe
  C:\Windows\System\jEBEiEH.exe
  2⤵
  PID:3596
- C:\Windows\System\NhQqtyg.exe
  C:\Windows\System\NhQqtyg.exe
  2⤵
  PID:3624
- C:\Windows\System\BjtdwLo.exe
  C:\Windows\System\BjtdwLo.exe
  2⤵
  PID:3644
- C:\Windows\System\YzQoyKn.exe
  C:\Windows\System\YzQoyKn.exe
  2⤵
  PID:3660
- C:\Windows\System\azFRlNo.exe
  C:\Windows\System\azFRlNo.exe
  2⤵
  PID:3684
- C:\Windows\System\meCKYRz.exe
  C:\Windows\System\meCKYRz.exe
  2⤵
  PID:3704
- C:\Windows\System\prxxrSW.exe
  C:\Windows\System\prxxrSW.exe
  2⤵
  PID:3724
- C:\Windows\System\JkVaJpx.exe
  C:\Windows\System\JkVaJpx.exe
  2⤵
  PID:3740
- C:\Windows\System\OEIEqKI.exe
  C:\Windows\System\OEIEqKI.exe
  2⤵
  PID:3764
- C:\Windows\System\PDtFoUD.exe
  C:\Windows\System\PDtFoUD.exe
  2⤵
  PID:3780
- C:\Windows\System\WHcRLLC.exe
  C:\Windows\System\WHcRLLC.exe
  2⤵
  PID:3800
- C:\Windows\System\wsszSAH.exe
  C:\Windows\System\wsszSAH.exe
  2⤵
  PID:3824
- C:\Windows\System\bDTWkgm.exe
  C:\Windows\System\bDTWkgm.exe
  2⤵
  PID:3844
- C:\Windows\System\BsEisDL.exe
  C:\Windows\System\BsEisDL.exe
  2⤵
  PID:3864
- C:\Windows\System\xZKzZqg.exe
  C:\Windows\System\xZKzZqg.exe
  2⤵
  PID:3884
- C:\Windows\System\WftVrXi.exe
  C:\Windows\System\WftVrXi.exe
  2⤵
  PID:3900
- C:\Windows\System\pYPYxwK.exe
  C:\Windows\System\pYPYxwK.exe
  2⤵
  PID:3920
- C:\Windows\System\tNawhdN.exe
  C:\Windows\System\tNawhdN.exe
  2⤵
  PID:3944
- C:\Windows\System\VbsXogc.exe
  C:\Windows\System\VbsXogc.exe
  2⤵
  PID:3964
- C:\Windows\System\aGVueIU.exe
  C:\Windows\System\aGVueIU.exe
  2⤵
  PID:3988
- C:\Windows\System\upFldhi.exe
  C:\Windows\System\upFldhi.exe
  2⤵
  PID:4004
- C:\Windows\System\XusbFPD.exe
  C:\Windows\System\XusbFPD.exe
  2⤵
  PID:4028
- C:\Windows\System\boJhnyx.exe
  C:\Windows\System\boJhnyx.exe
  2⤵
  PID:4044
- C:\Windows\System\JfvElhw.exe
  C:\Windows\System\JfvElhw.exe
  2⤵
  PID:4064
- C:\Windows\System\pRJVcsi.exe
  C:\Windows\System\pRJVcsi.exe
  2⤵
  PID:4088
- C:\Windows\System\dUAcXCY.exe
  C:\Windows\System\dUAcXCY.exe
  2⤵
  PID:1860
- C:\Windows\System\iVicoft.exe
  C:\Windows\System\iVicoft.exe
  2⤵
  PID:2676
- C:\Windows\System\ssJHYGG.exe
  C:\Windows\System\ssJHYGG.exe
  2⤵
  PID:2968
- C:\Windows\System\uplkMOP.exe
  C:\Windows\System\uplkMOP.exe
  2⤵
  PID:1876
- C:\Windows\System\xNbuEqq.exe
  C:\Windows\System\xNbuEqq.exe
  2⤵
  PID:2024
- C:\Windows\System\FgOOfBC.exe
  C:\Windows\System\FgOOfBC.exe
  2⤵
  PID:1984
- C:\Windows\System\FMqqKQy.exe
  C:\Windows\System\FMqqKQy.exe
  2⤵
  PID:1752
- C:\Windows\System\hJiAwZA.exe
  C:\Windows\System\hJiAwZA.exe
  2⤵
  PID:1812
- C:\Windows\System\PaUqZTC.exe
  C:\Windows\System\PaUqZTC.exe
  2⤵
  PID:2100
- C:\Windows\System\uSCXUyC.exe
  C:\Windows\System\uSCXUyC.exe
  2⤵
  PID:2516
- C:\Windows\System\ZLQLHGx.exe
  C:\Windows\System\ZLQLHGx.exe
  2⤵
  PID:2080
- C:\Windows\System\HCskBNq.exe
  C:\Windows\System\HCskBNq.exe
  2⤵
  PID:3076
- C:\Windows\System\qMXXvFL.exe
  C:\Windows\System\qMXXvFL.exe
  2⤵
  PID:3092
- C:\Windows\System\OfWmyPL.exe
  C:\Windows\System\OfWmyPL.exe
  2⤵
  PID:3096
- C:\Windows\System\Jguvscr.exe
  C:\Windows\System\Jguvscr.exe
  2⤵
  PID:3140
- C:\Windows\System\PDkvkVW.exe
  C:\Windows\System\PDkvkVW.exe
  2⤵
  PID:3180
- C:\Windows\System\VSuyMeR.exe
  C:\Windows\System\VSuyMeR.exe
  2⤵
  PID:3236
- C:\Windows\System\dCpDbuO.exe
  C:\Windows\System\dCpDbuO.exe
  2⤵
  PID:3220
- C:\Windows\System\XmujxHV.exe
  C:\Windows\System\XmujxHV.exe
  2⤵
  PID:3312
- C:\Windows\System\PmNMWYn.exe
  C:\Windows\System\PmNMWYn.exe
  2⤵
  PID:3292
- C:\Windows\System\OmatKcm.exe
  C:\Windows\System\OmatKcm.exe
  2⤵
  PID:3352
- C:\Windows\System\lJarivg.exe
  C:\Windows\System\lJarivg.exe
  2⤵
  PID:3372
- C:\Windows\System\mhvIBuh.exe
  C:\Windows\System\mhvIBuh.exe
  2⤵
  PID:3432
- C:\Windows\System\IVeRatm.exe
  C:\Windows\System\IVeRatm.exe
  2⤵
  PID:3452
- C:\Windows\System\ODlWPOA.exe
  C:\Windows\System\ODlWPOA.exe
  2⤵
  PID:3496
- C:\Windows\System\hPWQSIC.exe
  C:\Windows\System\hPWQSIC.exe
  2⤵
  PID:3520
- C:\Windows\System\RvGIXes.exe
  C:\Windows\System\RvGIXes.exe
  2⤵
  PID:3536
- C:\Windows\System\zpnplwg.exe
  C:\Windows\System\zpnplwg.exe
  2⤵
  PID:3532
- C:\Windows\System\BCYwZKW.exe
  C:\Windows\System\BCYwZKW.exe
  2⤵
  PID:3636
- C:\Windows\System\sXaGuLB.exe
  C:\Windows\System\sXaGuLB.exe
  2⤵
  PID:3672
- C:\Windows\System\pIFHRng.exe
  C:\Windows\System\pIFHRng.exe
  2⤵
  PID:3712
- C:\Windows\System\LBPzJBC.exe
  C:\Windows\System\LBPzJBC.exe
  2⤵
  PID:3692
- C:\Windows\System\WByUjwz.exe
  C:\Windows\System\WByUjwz.exe
  2⤵
  PID:3748
- C:\Windows\System\vRieBRJ.exe
  C:\Windows\System\vRieBRJ.exe
  2⤵
  PID:3772
- C:\Windows\System\AKmmImD.exe
  C:\Windows\System\AKmmImD.exe
  2⤵
  PID:3832
- C:\Windows\System\MxkMDbW.exe
  C:\Windows\System\MxkMDbW.exe
  2⤵
  PID:3820
- C:\Windows\System\FQoLeoM.exe
  C:\Windows\System\FQoLeoM.exe
  2⤵
  PID:3852
- C:\Windows\System\iRGofUa.exe
  C:\Windows\System\iRGofUa.exe
  2⤵
  PID:3912
- C:\Windows\System\vpBKBpk.exe
  C:\Windows\System\vpBKBpk.exe
  2⤵
  PID:3932
- C:\Windows\System\AFzGRlx.exe
  C:\Windows\System\AFzGRlx.exe
  2⤵
  PID:4036
- C:\Windows\System\pnJjeox.exe
  C:\Windows\System\pnJjeox.exe
  2⤵
  PID:3980
- C:\Windows\System\yskxGya.exe
  C:\Windows\System\yskxGya.exe
  2⤵
  PID:4084
- C:\Windows\System\kjuCOqW.exe
  C:\Windows\System\kjuCOqW.exe
  2⤵
  PID:4024
- C:\Windows\System\lzFpXyj.exe
  C:\Windows\System\lzFpXyj.exe
  2⤵
  PID:2532
- C:\Windows\System\nQKCINu.exe
  C:\Windows\System\nQKCINu.exe
  2⤵
  PID:1028
- C:\Windows\System\ZCzCsKf.exe
  C:\Windows\System\ZCzCsKf.exe
  2⤵
  PID:1292
- C:\Windows\System\bThntxh.exe
  C:\Windows\System\bThntxh.exe
  2⤵
  PID:2592
- C:\Windows\System\pbLbYTH.exe
  C:\Windows\System\pbLbYTH.exe
  2⤵
  PID:712
- C:\Windows\System\gDJtFty.exe
  C:\Windows\System\gDJtFty.exe
  2⤵
  PID:2416
- C:\Windows\System\NxJWZYx.exe
  C:\Windows\System\NxJWZYx.exe
  2⤵
  PID:3120
- C:\Windows\System\lbhIJgd.exe
  C:\Windows\System\lbhIJgd.exe
  2⤵
  PID:2420
- C:\Windows\System\CuckNGa.exe
  C:\Windows\System\CuckNGa.exe
  2⤵
  PID:3300
- C:\Windows\System\tSPeDBs.exe
  C:\Windows\System\tSPeDBs.exe
  2⤵
  PID:3392
- C:\Windows\System\TZnYGBs.exe
  C:\Windows\System\TZnYGBs.exe
  2⤵
  PID:3088
- C:\Windows\System\WRnbnPL.exe
  C:\Windows\System\WRnbnPL.exe
  2⤵
  PID:3516
- C:\Windows\System\PtbiVsM.exe
  C:\Windows\System\PtbiVsM.exe
  2⤵
  PID:3256
- C:\Windows\System\BkGvfUn.exe
  C:\Windows\System\BkGvfUn.exe
  2⤵
  PID:3340
- C:\Windows\System\rsrXXZJ.exe
  C:\Windows\System\rsrXXZJ.exe
  2⤵
  PID:3680
- C:\Windows\System\XSYcPCB.exe
  C:\Windows\System\XSYcPCB.exe
  2⤵
  PID:3652
- C:\Windows\System\sduCXhr.exe
  C:\Windows\System\sduCXhr.exe
  2⤵
  PID:3412
- C:\Windows\System\OZccYDq.exe
  C:\Windows\System\OZccYDq.exe
  2⤵
  PID:3640
- C:\Windows\System\aLHXwsL.exe
  C:\Windows\System\aLHXwsL.exe
  2⤵
  PID:3612
- C:\Windows\System\ErQrCdy.exe
  C:\Windows\System\ErQrCdy.exe
  2⤵
  PID:3872
- C:\Windows\System\YopQXPj.exe
  C:\Windows\System\YopQXPj.exe
  2⤵
  PID:4000
- C:\Windows\System\NizACkO.exe
  C:\Windows\System\NizACkO.exe
  2⤵
  PID:3812
- C:\Windows\System\MsmrpcJ.exe
  C:\Windows\System\MsmrpcJ.exe
  2⤵
  PID:3972
- C:\Windows\System\fSnLyTB.exe
  C:\Windows\System\fSnLyTB.exe
  2⤵
  PID:3876
- C:\Windows\System\wsSWASo.exe
  C:\Windows\System\wsSWASo.exe
  2⤵
  PID:1856
- C:\Windows\System\lauBKFA.exe
  C:\Windows\System\lauBKFA.exe
  2⤵
  PID:1484
- C:\Windows\System\DxUgZPg.exe
  C:\Windows\System\DxUgZPg.exe
  2⤵
  PID:1056
- C:\Windows\System\EKxSakG.exe
  C:\Windows\System\EKxSakG.exe
  2⤵
  PID:1088
- C:\Windows\System\mSPpMCv.exe
  C:\Windows\System\mSPpMCv.exe
  2⤵
  PID:1692
- C:\Windows\System\eNHpqkF.exe
  C:\Windows\System\eNHpqkF.exe
  2⤵
  PID:3276
- C:\Windows\System\Dydvbcs.exe
  C:\Windows\System\Dydvbcs.exe
  2⤵
  PID:3288
- C:\Windows\System\QMPSOIp.exe
  C:\Windows\System\QMPSOIp.exe
  2⤵
  PID:3400
- C:\Windows\System\wJkICjP.exe
  C:\Windows\System\wJkICjP.exe
  2⤵
  PID:3132
- C:\Windows\System\pEgMrHf.exe
  C:\Windows\System\pEgMrHf.exe
  2⤵
  PID:3592
- C:\Windows\System\RvuaEGz.exe
  C:\Windows\System\RvuaEGz.exe
  2⤵
  PID:3396
- C:\Windows\System\mcoyVLq.exe
  C:\Windows\System\mcoyVLq.exe
  2⤵
  PID:4108
- C:\Windows\System\YUYwuMD.exe
  C:\Windows\System\YUYwuMD.exe
  2⤵
  PID:4128
- C:\Windows\System\MuaHTQx.exe
  C:\Windows\System\MuaHTQx.exe
  2⤵
  PID:4148
- C:\Windows\System\DUXuNdD.exe
  C:\Windows\System\DUXuNdD.exe
  2⤵
  PID:4168
- C:\Windows\System\bgaEVjG.exe
  C:\Windows\System\bgaEVjG.exe
  2⤵
  PID:4188
- C:\Windows\System\NXfNnAz.exe
  C:\Windows\System\NXfNnAz.exe
  2⤵
  PID:4204
- C:\Windows\System\PMrICxr.exe
  C:\Windows\System\PMrICxr.exe
  2⤵
  PID:4224
- C:\Windows\System\EtjRmDp.exe
  C:\Windows\System\EtjRmDp.exe
  2⤵
  PID:4240
- C:\Windows\System\DKtDPEE.exe
  C:\Windows\System\DKtDPEE.exe
  2⤵
  PID:4264
- C:\Windows\System\qpKSnVk.exe
  C:\Windows\System\qpKSnVk.exe
  2⤵
  PID:4284
- C:\Windows\System\pdWztwS.exe
  C:\Windows\System\pdWztwS.exe
  2⤵
  PID:4304
- C:\Windows\System\DjLlvKr.exe
  C:\Windows\System\DjLlvKr.exe
  2⤵
  PID:4328
- C:\Windows\System\DIyDrGK.exe
  C:\Windows\System\DIyDrGK.exe
  2⤵
  PID:4344
- C:\Windows\System\DZAPlpq.exe
  C:\Windows\System\DZAPlpq.exe
  2⤵
  PID:4364
- C:\Windows\System\WDADrMO.exe
  C:\Windows\System\WDADrMO.exe
  2⤵
  PID:4384
- C:\Windows\System\XICSelO.exe
  C:\Windows\System\XICSelO.exe
  2⤵
  PID:4404
- C:\Windows\System\nfZwbPF.exe
  C:\Windows\System\nfZwbPF.exe
  2⤵
  PID:4424
- C:\Windows\System\UWIskCB.exe
  C:\Windows\System\UWIskCB.exe
  2⤵
  PID:4444
- C:\Windows\System\qPpEMPa.exe
  C:\Windows\System\qPpEMPa.exe
  2⤵
  PID:4468
- C:\Windows\System\TFHqhkK.exe
  C:\Windows\System\TFHqhkK.exe
  2⤵
  PID:4484
- C:\Windows\System\YXKWAoe.exe
  C:\Windows\System\YXKWAoe.exe
  2⤵
  PID:4504
- C:\Windows\System\FSbQPqR.exe
  C:\Windows\System\FSbQPqR.exe
  2⤵
  PID:4524
- C:\Windows\System\pMiuizq.exe
  C:\Windows\System\pMiuizq.exe
  2⤵
  PID:4540
- C:\Windows\System\RDLjDPN.exe
  C:\Windows\System\RDLjDPN.exe
  2⤵
  PID:4560
- C:\Windows\System\YcsGbuw.exe
  C:\Windows\System\YcsGbuw.exe
  2⤵
  PID:4584
- C:\Windows\System\tUnaZKo.exe
  C:\Windows\System\tUnaZKo.exe
  2⤵
  PID:4600
- C:\Windows\System\PJOBfQr.exe
  C:\Windows\System\PJOBfQr.exe
  2⤵
  PID:4624
- C:\Windows\System\MjuwCog.exe
  C:\Windows\System\MjuwCog.exe
  2⤵
  PID:4648
- C:\Windows\System\deWvAaQ.exe
  C:\Windows\System\deWvAaQ.exe
  2⤵
  PID:4668
- C:\Windows\System\TqxKyJV.exe
  C:\Windows\System\TqxKyJV.exe
  2⤵
  PID:4688
- C:\Windows\System\MIcEvlg.exe
  C:\Windows\System\MIcEvlg.exe
  2⤵
  PID:4708
- C:\Windows\System\kUIJCkm.exe
  C:\Windows\System\kUIJCkm.exe
  2⤵
  PID:4728
- C:\Windows\System\MBNNqnq.exe
  C:\Windows\System\MBNNqnq.exe
  2⤵
  PID:4744
- C:\Windows\System\sxvCxkC.exe
  C:\Windows\System\sxvCxkC.exe
  2⤵
  PID:4768
- C:\Windows\System\caJnrcz.exe
  C:\Windows\System\caJnrcz.exe
  2⤵
  PID:4784
- C:\Windows\System\NsLaWJs.exe
  C:\Windows\System\NsLaWJs.exe
  2⤵
  PID:4808
- C:\Windows\System\iMcMudC.exe
  C:\Windows\System\iMcMudC.exe
  2⤵
  PID:4824
- C:\Windows\System\QNYfuWI.exe
  C:\Windows\System\QNYfuWI.exe
  2⤵
  PID:4844
- C:\Windows\System\PbnpQGZ.exe
  C:\Windows\System\PbnpQGZ.exe
  2⤵
  PID:4864
- C:\Windows\System\cufzwKO.exe
  C:\Windows\System\cufzwKO.exe
  2⤵
  PID:4888
- C:\Windows\System\QCsGkFj.exe
  C:\Windows\System\QCsGkFj.exe
  2⤵
  PID:4908
- C:\Windows\System\xhhzLAV.exe
  C:\Windows\System\xhhzLAV.exe
  2⤵
  PID:4924
- C:\Windows\System\McMbFpk.exe
  C:\Windows\System\McMbFpk.exe
  2⤵
  PID:4944
- C:\Windows\System\dbyHhXu.exe
  C:\Windows\System\dbyHhXu.exe
  2⤵
  PID:4964
- C:\Windows\System\PodpeYp.exe
  C:\Windows\System\PodpeYp.exe
  2⤵
  PID:4984
- C:\Windows\System\txesOnm.exe
  C:\Windows\System\txesOnm.exe
  2⤵
  PID:5000
- C:\Windows\System\ZHRdxPI.exe
  C:\Windows\System\ZHRdxPI.exe
  2⤵
  PID:5028
- C:\Windows\System\TJpKRNe.exe
  C:\Windows\System\TJpKRNe.exe
  2⤵
  PID:5048
- C:\Windows\System\CPurscG.exe
  C:\Windows\System\CPurscG.exe
  2⤵
  PID:5072
- C:\Windows\System\rKrjwSA.exe
  C:\Windows\System\rKrjwSA.exe
  2⤵
  PID:5092
- C:\Windows\System\nJGhmdv.exe
  C:\Windows\System\nJGhmdv.exe
  2⤵
  PID:5108
- C:\Windows\System\CNwRBJg.exe
  C:\Windows\System\CNwRBJg.exe
  2⤵
  PID:3896
- C:\Windows\System\kCyungv.exe
  C:\Windows\System\kCyungv.exe
  2⤵
  PID:3892
- C:\Windows\System\MbKFwYP.exe
  C:\Windows\System\MbKFwYP.exe
  2⤵
  PID:4080
- C:\Windows\System\BpDzmoK.exe
  C:\Windows\System\BpDzmoK.exe
  2⤵
  PID:4056
- C:\Windows\System\MqlwzcY.exe
  C:\Windows\System\MqlwzcY.exe
  2⤵
  PID:3796
- C:\Windows\System\etfSnKX.exe
  C:\Windows\System\etfSnKX.exe
  2⤵
  PID:4076
- C:\Windows\System\vwCNubl.exe
  C:\Windows\System\vwCNubl.exe
  2⤵
  PID:3960
- C:\Windows\System\QlOpYki.exe
  C:\Windows\System\QlOpYki.exe
  2⤵
  PID:3212
- C:\Windows\System\JLpBVXl.exe
  C:\Windows\System\JLpBVXl.exe
  2⤵
  PID:3476
- C:\Windows\System\vUAJAuZ.exe
  C:\Windows\System\vUAJAuZ.exe
  2⤵
  PID:3416
- C:\Windows\System\GFzObDd.exe
  C:\Windows\System\GFzObDd.exe
  2⤵
  PID:3668
- C:\Windows\System\sVfBNuv.exe
  C:\Windows\System\sVfBNuv.exe
  2⤵
  PID:3656
- C:\Windows\System\ooVbOEJ.exe
  C:\Windows\System\ooVbOEJ.exe
  2⤵
  PID:4164
- C:\Windows\System\ShhDukB.exe
  C:\Windows\System\ShhDukB.exe
  2⤵
  PID:4200
- C:\Windows\System\KLBhyLk.exe
  C:\Windows\System\KLBhyLk.exe
  2⤵
  PID:4276
- C:\Windows\System\WZddTVr.exe
  C:\Windows\System\WZddTVr.exe
  2⤵
  PID:4260
- C:\Windows\System\pleAhoc.exe
  C:\Windows\System\pleAhoc.exe
  2⤵
  PID:4320
- C:\Windows\System\pMPgsEY.exe
  C:\Windows\System\pMPgsEY.exe
  2⤵
  PID:4300
- C:\Windows\System\KYdGpPc.exe
  C:\Windows\System\KYdGpPc.exe
  2⤵
  PID:4360
- C:\Windows\System\kEHvcDf.exe
  C:\Windows\System\kEHvcDf.exe
  2⤵
  PID:4400
- C:\Windows\System\TeDQihs.exe
  C:\Windows\System\TeDQihs.exe
  2⤵
  PID:4376
- C:\Windows\System\ukSXqTQ.exe
  C:\Windows\System\ukSXqTQ.exe
  2⤵
  PID:4412
- C:\Windows\System\tEHHXeV.exe
  C:\Windows\System\tEHHXeV.exe
  2⤵
  PID:4512
- C:\Windows\System\EbuOUTh.exe
  C:\Windows\System\EbuOUTh.exe
  2⤵
  PID:4556
- C:\Windows\System\aFuEGvY.exe
  C:\Windows\System\aFuEGvY.exe
  2⤵
  PID:4640
- C:\Windows\System\zzYqqfc.exe
  C:\Windows\System\zzYqqfc.exe
  2⤵
  PID:4500
- C:\Windows\System\uZctnoa.exe
  C:\Windows\System\uZctnoa.exe
  2⤵
  PID:4576
- C:\Windows\System\waGtTym.exe
  C:\Windows\System\waGtTym.exe
  2⤵
  PID:4612
- C:\Windows\System\UEpjjJQ.exe
  C:\Windows\System\UEpjjJQ.exe
  2⤵
  PID:4656
- C:\Windows\System\IdgDJkf.exe
  C:\Windows\System\IdgDJkf.exe
  2⤵
  PID:4716
- C:\Windows\System\pMuIMLw.exe
  C:\Windows\System\pMuIMLw.exe
  2⤵
  PID:4700
- C:\Windows\System\KKPeHVY.exe
  C:\Windows\System\KKPeHVY.exe
  2⤵
  PID:4792
- C:\Windows\System\jDxCwnP.exe
  C:\Windows\System\jDxCwnP.exe
  2⤵
  PID:4832
- C:\Windows\System\lWMsCtU.exe
  C:\Windows\System\lWMsCtU.exe
  2⤵
  PID:4816
- C:\Windows\System\hnpCrIj.exe
  C:\Windows\System\hnpCrIj.exe
  2⤵
  PID:4860
- C:\Windows\System\iyNLjqQ.exe
  C:\Windows\System\iyNLjqQ.exe
  2⤵
  PID:4992
- C:\Windows\System\rowPMZR.exe
  C:\Windows\System\rowPMZR.exe
  2⤵
  PID:5036
- C:\Windows\System\jiCfTdK.exe
  C:\Windows\System\jiCfTdK.exe
  2⤵
  PID:5044
- C:\Windows\System\LZwhNoe.exe
  C:\Windows\System\LZwhNoe.exe
  2⤵
  PID:5020
- C:\Windows\System\IDWzFWm.exe
  C:\Windows\System\IDWzFWm.exe
  2⤵
  PID:5056
- C:\Windows\System\qHhWpjN.exe
  C:\Windows\System\qHhWpjN.exe
  2⤵
  PID:5064
- C:\Windows\System\CGzEuOu.exe
  C:\Windows\System\CGzEuOu.exe
  2⤵
  PID:3856
- C:\Windows\System\PxsUBZM.exe
  C:\Windows\System\PxsUBZM.exe
  2⤵
  PID:3808
- C:\Windows\System\OuUWAxS.exe
  C:\Windows\System\OuUWAxS.exe
  2⤵
  PID:4012
- C:\Windows\System\pLCcIdj.exe
  C:\Windows\System\pLCcIdj.exe
  2⤵
  PID:4072
- C:\Windows\System\vbAUAfR.exe
  C:\Windows\System\vbAUAfR.exe
  2⤵
  PID:3172
- C:\Windows\System\QpJkxdR.exe
  C:\Windows\System\QpJkxdR.exe
  2⤵
  PID:880
- C:\Windows\System\XOARput.exe
  C:\Windows\System\XOARput.exe
  2⤵
  PID:2500
- C:\Windows\System\GiTeWGL.exe
  C:\Windows\System\GiTeWGL.exe
  2⤵
  PID:4104
- C:\Windows\System\cAEEWBP.exe
  C:\Windows\System\cAEEWBP.exe
  2⤵
  PID:4272
- C:\Windows\System\MEwikcE.exe
  C:\Windows\System\MEwikcE.exe
  2⤵
  PID:4312
- C:\Windows\System\QOJjncS.exe
  C:\Windows\System\QOJjncS.exe
  2⤵
  PID:4216
- C:\Windows\System\gCPKbqS.exe
  C:\Windows\System\gCPKbqS.exe
  2⤵
  PID:4436
- C:\Windows\System\dsuuOKY.exe
  C:\Windows\System\dsuuOKY.exe
  2⤵
  PID:4392
- C:\Windows\System\dPZjktK.exe
  C:\Windows\System\dPZjktK.exe
  2⤵
  PID:2380
- C:\Windows\System\NEbocwa.exe
  C:\Windows\System\NEbocwa.exe
  2⤵
  PID:4532
- C:\Windows\System\JZcySom.exe
  C:\Windows\System\JZcySom.exe
  2⤵
  PID:4516
- C:\Windows\System\JsMdhGF.exe
  C:\Windows\System\JsMdhGF.exe
  2⤵
  PID:4636
- C:\Windows\System\FCifSEG.exe
  C:\Windows\System\FCifSEG.exe
  2⤵
  PID:4720
- C:\Windows\System\mjAsZHp.exe
  C:\Windows\System\mjAsZHp.exe
  2⤵
  PID:4804
- C:\Windows\System\csSeWUI.exe
  C:\Windows\System\csSeWUI.exe
  2⤵
  PID:4820
- C:\Windows\System\eoPAXUL.exe
  C:\Windows\System\eoPAXUL.exe
  2⤵
  PID:4736
- C:\Windows\System\DFCNkFN.exe
  C:\Windows\System\DFCNkFN.exe
  2⤵
  PID:4660
- C:\Windows\System\PoIvXYZ.exe
  C:\Windows\System\PoIvXYZ.exe
  2⤵
  PID:4280
- C:\Windows\System\EEPaTuC.exe
  C:\Windows\System\EEPaTuC.exe
  2⤵
  PID:5016
- C:\Windows\System\YEiYTiF.exe
  C:\Windows\System\YEiYTiF.exe
  2⤵
  PID:4936
- C:\Windows\System\jWuhNJz.exe
  C:\Windows\System\jWuhNJz.exe
  2⤵
  PID:5012
- C:\Windows\System\CjVQRHr.exe
  C:\Windows\System\CjVQRHr.exe
  2⤵
  PID:3472
- C:\Windows\System\DUqNujd.exe
  C:\Windows\System\DUqNujd.exe
  2⤵
  PID:3908
- C:\Windows\System\LgagVyV.exe
  C:\Windows\System\LgagVyV.exe
  2⤵
  PID:4880
- C:\Windows\System\SEGwPsf.exe
  C:\Windows\System\SEGwPsf.exe
  2⤵
  PID:1228
- C:\Windows\System\gBMbGpU.exe
  C:\Windows\System\gBMbGpU.exe
  2⤵
  PID:4124
- C:\Windows\System\LfzvZJn.exe
  C:\Windows\System\LfzvZJn.exe
  2⤵
  PID:4372
- C:\Windows\System\jZOHJFx.exe
  C:\Windows\System\jZOHJFx.exe
  2⤵
  PID:4452
- C:\Windows\System\YICQltN.exe
  C:\Windows\System\YICQltN.exe
  2⤵
  PID:4620
- C:\Windows\System\xUbwVAv.exe
  C:\Windows\System\xUbwVAv.exe
  2⤵
  PID:4776
- C:\Windows\System\BNZxRbR.exe
  C:\Windows\System\BNZxRbR.exe
  2⤵
  PID:4296
- C:\Windows\System\VpukIjH.exe
  C:\Windows\System\VpukIjH.exe
  2⤵
  PID:4632
- C:\Windows\System\AcsAdCF.exe
  C:\Windows\System\AcsAdCF.exe
  2⤵
  PID:4568
- C:\Windows\System\uFgYUPK.exe
  C:\Windows\System\uFgYUPK.exe
  2⤵
  PID:4972
- C:\Windows\System\kobhMDB.exe
  C:\Windows\System\kobhMDB.exe
  2⤵
  PID:4608
- C:\Windows\System\rrrPdlQ.exe
  C:\Windows\System\rrrPdlQ.exe
  2⤵
  PID:2620
- C:\Windows\System\pBDEPEu.exe
  C:\Windows\System\pBDEPEu.exe
  2⤵
  PID:4196
- C:\Windows\System\TpsZdtA.exe
  C:\Windows\System\TpsZdtA.exe
  2⤵
  PID:5132
- C:\Windows\System\cyPQrZc.exe
  C:\Windows\System\cyPQrZc.exe
  2⤵
  PID:5152
- C:\Windows\System\tSXsyBu.exe
  C:\Windows\System\tSXsyBu.exe
  2⤵
  PID:5172
- C:\Windows\System\ANVnKSR.exe
  C:\Windows\System\ANVnKSR.exe
  2⤵
  PID:5196
- C:\Windows\System\wdvGndW.exe
  C:\Windows\System\wdvGndW.exe
  2⤵
  PID:5216
- C:\Windows\System\OWSCEhE.exe
  C:\Windows\System\OWSCEhE.exe
  2⤵
  PID:5240
- C:\Windows\System\isEDrzq.exe
  C:\Windows\System\isEDrzq.exe
  2⤵
  PID:5260
- C:\Windows\System\PGERlyn.exe
  C:\Windows\System\PGERlyn.exe
  2⤵
  PID:5280
- C:\Windows\System\WvyunVl.exe
  C:\Windows\System\WvyunVl.exe
  2⤵
  PID:5300
- C:\Windows\System\jpgmhqg.exe
  C:\Windows\System\jpgmhqg.exe
  2⤵
  PID:5324
- C:\Windows\System\DnjvEYj.exe
  C:\Windows\System\DnjvEYj.exe
  2⤵
  PID:5344
- C:\Windows\System\oFiwooe.exe
  C:\Windows\System\oFiwooe.exe
  2⤵
  PID:5364
- C:\Windows\System\sZJwuxy.exe
  C:\Windows\System\sZJwuxy.exe
  2⤵
  PID:5380
- C:\Windows\System\UUWxFaP.exe
  C:\Windows\System\UUWxFaP.exe
  2⤵
  PID:5400
- C:\Windows\System\mnsavLV.exe
  C:\Windows\System\mnsavLV.exe
  2⤵
  PID:5420
- C:\Windows\System\HgOkNbq.exe
  C:\Windows\System\HgOkNbq.exe
  2⤵
  PID:5436
- C:\Windows\System\LTnwANt.exe
  C:\Windows\System\LTnwANt.exe
  2⤵
  PID:5460
- C:\Windows\System\wyRVZZL.exe
  C:\Windows\System\wyRVZZL.exe
  2⤵
  PID:5476
- C:\Windows\System\ZlBNSKF.exe
  C:\Windows\System\ZlBNSKF.exe
  2⤵
  PID:5500
- C:\Windows\System\GRzUrdv.exe
  C:\Windows\System\GRzUrdv.exe
  2⤵
  PID:5520
- C:\Windows\System\zxzLQzf.exe
  C:\Windows\System\zxzLQzf.exe
  2⤵
  PID:5540
- C:\Windows\System\ZyyPeKO.exe
  C:\Windows\System\ZyyPeKO.exe
  2⤵
  PID:5560
- C:\Windows\System\wBCDuCn.exe
  C:\Windows\System\wBCDuCn.exe
  2⤵
  PID:5584
- C:\Windows\System\lNzrJkg.exe
  C:\Windows\System\lNzrJkg.exe
  2⤵
  PID:5600
- C:\Windows\System\VfVPwOf.exe
  C:\Windows\System\VfVPwOf.exe
  2⤵
  PID:5620
- C:\Windows\System\uiKRHPZ.exe
  C:\Windows\System\uiKRHPZ.exe
  2⤵
  PID:5636
- C:\Windows\System\JunomZZ.exe
  C:\Windows\System\JunomZZ.exe
  2⤵
  PID:5656
- C:\Windows\System\tTYxXyT.exe
  C:\Windows\System\tTYxXyT.exe
  2⤵
  PID:5676
- C:\Windows\System\xKXJMJe.exe
  C:\Windows\System\xKXJMJe.exe
  2⤵
  PID:5696
- C:\Windows\System\PiVkQzJ.exe
  C:\Windows\System\PiVkQzJ.exe
  2⤵
  PID:5716
- C:\Windows\System\mhKaZyQ.exe
  C:\Windows\System\mhKaZyQ.exe
  2⤵
  PID:5736
- C:\Windows\System\yQHLWgy.exe
  C:\Windows\System\yQHLWgy.exe
  2⤵
  PID:5756
- C:\Windows\System\LHhZVjC.exe
  C:\Windows\System\LHhZVjC.exe
  2⤵
  PID:5776
- C:\Windows\System\ezzLSDX.exe
  C:\Windows\System\ezzLSDX.exe
  2⤵
  PID:5796
- C:\Windows\System\ZyrMDgX.exe
  C:\Windows\System\ZyrMDgX.exe
  2⤵
  PID:5816
- C:\Windows\System\IzriwpW.exe
  C:\Windows\System\IzriwpW.exe
  2⤵
  PID:5836
- C:\Windows\System\BwtCcAN.exe
  C:\Windows\System\BwtCcAN.exe
  2⤵
  PID:5856
- C:\Windows\System\NIfIBKi.exe
  C:\Windows\System\NIfIBKi.exe
  2⤵
  PID:5880
- C:\Windows\System\DCQgRxs.exe
  C:\Windows\System\DCQgRxs.exe
  2⤵
  PID:5900
- C:\Windows\System\TmujSiM.exe
  C:\Windows\System\TmujSiM.exe
  2⤵
  PID:5916
- C:\Windows\System\ClNXETP.exe
  C:\Windows\System\ClNXETP.exe
  2⤵
  PID:5940
- C:\Windows\System\urPrdRu.exe
  C:\Windows\System\urPrdRu.exe
  2⤵
  PID:5960
- C:\Windows\System\cgIHWnt.exe
  C:\Windows\System\cgIHWnt.exe
  2⤵
  PID:5976
- C:\Windows\System\obzhfMJ.exe
  C:\Windows\System\obzhfMJ.exe
  2⤵
  PID:5996
- C:\Windows\System\fWuSIVY.exe
  C:\Windows\System\fWuSIVY.exe
  2⤵
  PID:6024
- C:\Windows\System\AuwycPR.exe
  C:\Windows\System\AuwycPR.exe
  2⤵
  PID:6044
- C:\Windows\System\GsleZgy.exe
  C:\Windows\System\GsleZgy.exe
  2⤵
  PID:6060
- C:\Windows\System\gBJnTLx.exe
  C:\Windows\System\gBJnTLx.exe
  2⤵
  PID:6076
- C:\Windows\System\MWlsDew.exe
  C:\Windows\System\MWlsDew.exe
  2⤵
  PID:6100
- C:\Windows\System\RGGTJgQ.exe
  C:\Windows\System\RGGTJgQ.exe
  2⤵
  PID:6120
- C:\Windows\System\eHDLDMV.exe
  C:\Windows\System\eHDLDMV.exe
  2⤵
  PID:6140
- C:\Windows\System\RDgSimY.exe
  C:\Windows\System\RDgSimY.exe
  2⤵
  PID:4952
- C:\Windows\System\nuSxJoY.exe
  C:\Windows\System\nuSxJoY.exe
  2⤵
  PID:3272
- C:\Windows\System\mdqMckA.exe
  C:\Windows\System\mdqMckA.exe
  2⤵
  PID:3548
- C:\Windows\System\nFagkXI.exe
  C:\Windows\System\nFagkXI.exe
  2⤵
  PID:3556
- C:\Windows\System\kIxcDlq.exe
  C:\Windows\System\kIxcDlq.exe
  2⤵
  PID:5008
- C:\Windows\System\KqhGRye.exe
  C:\Windows\System\KqhGRye.exe
  2⤵
  PID:4872
- C:\Windows\System\wKrUAQu.exe
  C:\Windows\System\wKrUAQu.exe
  2⤵
  PID:3456
- C:\Windows\System\mOzfSIO.exe
  C:\Windows\System\mOzfSIO.exe
  2⤵
  PID:5144
- C:\Windows\System\TDMXCZl.exe
  C:\Windows\System\TDMXCZl.exe
  2⤵
  PID:5192
- C:\Windows\System\NRjslHz.exe
  C:\Windows\System\NRjslHz.exe
  2⤵
  PID:5184
- C:\Windows\System\nVNxpep.exe
  C:\Windows\System\nVNxpep.exe
  2⤵
  PID:4432
- C:\Windows\System\xTPNpth.exe
  C:\Windows\System\xTPNpth.exe
  2⤵
  PID:5168
- C:\Windows\System\zDgACnG.exe
  C:\Windows\System\zDgACnG.exe
  2⤵
  PID:5308
- C:\Windows\System\RNKGssQ.exe
  C:\Windows\System\RNKGssQ.exe
  2⤵
  PID:5208
- C:\Windows\System\fLaGhYv.exe
  C:\Windows\System\fLaGhYv.exe
  2⤵
  PID:5288
- C:\Windows\System\xcsCGIq.exe
  C:\Windows\System\xcsCGIq.exe
  2⤵
  PID:5392
- C:\Windows\System\BElFTSC.exe
  C:\Windows\System\BElFTSC.exe
  2⤵
  PID:5336
- C:\Windows\System\gziyQxI.exe
  C:\Windows\System\gziyQxI.exe
  2⤵
  PID:5516
- C:\Windows\System\yksANXU.exe
  C:\Windows\System\yksANXU.exe
  2⤵
  PID:5552
- C:\Windows\System\LXdAXHv.exe
  C:\Windows\System\LXdAXHv.exe
  2⤵
  PID:5592
- C:\Windows\System\qDoqnNp.exe
  C:\Windows\System\qDoqnNp.exe
  2⤵
  PID:5596
- C:\Windows\System\KOMulLx.exe
  C:\Windows\System\KOMulLx.exe
  2⤵
  PID:5664
- C:\Windows\System\pyGKgKu.exe
  C:\Windows\System\pyGKgKu.exe
  2⤵
  PID:5672
- C:\Windows\System\pqlsctJ.exe
  C:\Windows\System\pqlsctJ.exe
  2⤵
  PID:5568
- C:\Windows\System\LTsaaJw.exe
  C:\Windows\System\LTsaaJw.exe
  2⤵
  PID:5580
- C:\Windows\System\wgfkFvz.exe
  C:\Windows\System\wgfkFvz.exe
  2⤵
  PID:5792
- C:\Windows\System\SGUaKZv.exe
  C:\Windows\System\SGUaKZv.exe
  2⤵
  PID:5616
- C:\Windows\System\AWlzqoX.exe
  C:\Windows\System\AWlzqoX.exe
  2⤵
  PID:5828
- C:\Windows\System\nOnMrFD.exe
  C:\Windows\System\nOnMrFD.exe
  2⤵
  PID:5908
- C:\Windows\System\BJiczNC.exe
  C:\Windows\System\BJiczNC.exe
  2⤵
  PID:5684
- C:\Windows\System\DMNzLnX.exe
  C:\Windows\System\DMNzLnX.exe
  2⤵
  PID:5728
- C:\Windows\System\hkOlXFi.exe
  C:\Windows\System\hkOlXFi.exe
  2⤵
  PID:5808
- C:\Windows\System\xGIxoil.exe
  C:\Windows\System\xGIxoil.exe
  2⤵
  PID:5992
- C:\Windows\System\yzqUzRi.exe
  C:\Windows\System\yzqUzRi.exe
  2⤵
  PID:6040
- C:\Windows\System\EnoELpj.exe
  C:\Windows\System\EnoELpj.exe
  2⤵
  PID:5936
- C:\Windows\System\nRLiVfU.exe
  C:\Windows\System\nRLiVfU.exe
  2⤵
  PID:5924
- C:\Windows\System\ftJbyyS.exe
  C:\Windows\System\ftJbyyS.exe
  2⤵
  PID:4900
- C:\Windows\System\YtkfveQ.exe
  C:\Windows\System\YtkfveQ.exe
  2⤵
  PID:6012
- C:\Windows\System\spvTXvm.exe
  C:\Windows\System\spvTXvm.exe
  2⤵
  PID:5088
- C:\Windows\System\iVNdlVb.exe
  C:\Windows\System\iVNdlVb.exe
  2⤵
  PID:6084
- C:\Windows\System\OHiWYzF.exe
  C:\Windows\System\OHiWYzF.exe
  2⤵
  PID:4120
- C:\Windows\System\Jituoff.exe
  C:\Windows\System\Jituoff.exe
  2⤵
  PID:4140
- C:\Windows\System\RccaBAD.exe
  C:\Windows\System\RccaBAD.exe
  2⤵
  PID:2936
- C:\Windows\System\dpWAiTo.exe
  C:\Windows\System\dpWAiTo.exe
  2⤵
  PID:5188
- C:\Windows\System\UzaqFip.exe
  C:\Windows\System\UzaqFip.exe
  2⤵
  PID:5140
- C:\Windows\System\GmOVKJV.exe
  C:\Windows\System\GmOVKJV.exe
  2⤵
  PID:4764
- C:\Windows\System\Xzuxenu.exe
  C:\Windows\System\Xzuxenu.exe
  2⤵
  PID:5204
- C:\Windows\System\DEneGRL.exe
  C:\Windows\System\DEneGRL.exe
  2⤵
  PID:5268
- C:\Windows\System\pFOtyNb.exe
  C:\Windows\System\pFOtyNb.exe
  2⤵
  PID:5548
- C:\Windows\System\EFrCdED.exe
  C:\Windows\System\EFrCdED.exe
  2⤵
  PID:5352
- C:\Windows\System\SOwGjwe.exe
  C:\Windows\System\SOwGjwe.exe
  2⤵
  PID:5488
- C:\Windows\System\meKbdbj.exe
  C:\Windows\System\meKbdbj.exe
  2⤵
  PID:5528
- C:\Windows\System\gzhdTPf.exe
  C:\Windows\System\gzhdTPf.exe
  2⤵
  PID:5608
- C:\Windows\System\ApXQdsD.exe
  C:\Windows\System\ApXQdsD.exe
  2⤵
  PID:5868
- C:\Windows\System\sCbljoD.exe
  C:\Windows\System\sCbljoD.exe
  2⤵
  PID:5704
- C:\Windows\System\RNcmOTi.exe
  C:\Windows\System\RNcmOTi.exe
  2⤵
  PID:5744
- C:\Windows\System\tSCZNrZ.exe
  C:\Windows\System\tSCZNrZ.exe
  2⤵
  PID:5748
- C:\Windows\System\IdTyOoG.exe
  C:\Windows\System\IdTyOoG.exe
  2⤵
  PID:5932
- C:\Windows\System\gdDxPky.exe
  C:\Windows\System\gdDxPky.exe
  2⤵
  PID:5952
- C:\Windows\System\cGxGClb.exe
  C:\Windows\System\cGxGClb.exe
  2⤵
  PID:5768
- C:\Windows\System\UhIBNcM.exe
  C:\Windows\System\UhIBNcM.exe
  2⤵
  PID:6020
- C:\Windows\System\igHPrdd.exe
  C:\Windows\System\igHPrdd.exe
  2⤵
  PID:5852
- C:\Windows\System\KvKySXU.exe
  C:\Windows\System\KvKySXU.exe
  2⤵
  PID:6092
- C:\Windows\System\gulbmMv.exe
  C:\Windows\System\gulbmMv.exe
  2⤵
  PID:3192
- C:\Windows\System\QkjnsPF.exe
  C:\Windows\System\QkjnsPF.exe
  2⤵
  PID:848
- C:\Windows\System\gysZxOK.exe
  C:\Windows\System\gysZxOK.exe
  2⤵
  PID:2068
- C:\Windows\System\uhTQenE.exe
  C:\Windows\System\uhTQenE.exe
  2⤵
  PID:5128
- C:\Windows\System\MGbAqSn.exe
  C:\Windows\System\MGbAqSn.exe
  2⤵
  PID:5180
- C:\Windows\System\OzvxefZ.exe
  C:\Windows\System\OzvxefZ.exe
  2⤵
  PID:5236
- C:\Windows\System\XZlgrZZ.exe
  C:\Windows\System\XZlgrZZ.exe
  2⤵
  PID:5412
- C:\Windows\System\ifShwgx.exe
  C:\Windows\System\ifShwgx.exe
  2⤵
  PID:5252
- C:\Windows\System\mfrTRXD.exe
  C:\Windows\System\mfrTRXD.exe
  2⤵
  PID:5444
- C:\Windows\System\mompqoN.exe
  C:\Windows\System\mompqoN.exe
  2⤵
  PID:5292
- C:\Windows\System\CpJaPWm.exe
  C:\Windows\System\CpJaPWm.exe
  2⤵
  PID:5928
- C:\Windows\System\DIhwVZJ.exe
  C:\Windows\System\DIhwVZJ.exe
  2⤵
  PID:5708
- C:\Windows\System\heqXjGB.exe
  C:\Windows\System\heqXjGB.exe
  2⤵
  PID:2268
- C:\Windows\System\MAhhNwI.exe
  C:\Windows\System\MAhhNwI.exe
  2⤵
  PID:2412
- C:\Windows\System\NkemCan.exe
  C:\Windows\System\NkemCan.exe
  2⤵
  PID:6168
- C:\Windows\System\WwtsHIS.exe
  C:\Windows\System\WwtsHIS.exe
  2⤵
  PID:6188
- C:\Windows\System\RGtRTGz.exe
  C:\Windows\System\RGtRTGz.exe
  2⤵
  PID:6208
- C:\Windows\System\RFPHCfW.exe
  C:\Windows\System\RFPHCfW.exe
  2⤵
  PID:6228
- C:\Windows\System\mpmMAHA.exe
  C:\Windows\System\mpmMAHA.exe
  2⤵
  PID:6248
- C:\Windows\System\fFzhkFL.exe
  C:\Windows\System\fFzhkFL.exe
  2⤵
  PID:6268
- C:\Windows\System\MAUcqIX.exe
  C:\Windows\System\MAUcqIX.exe
  2⤵
  PID:6288
- C:\Windows\System\EPnwvfa.exe
  C:\Windows\System\EPnwvfa.exe
  2⤵
  PID:6308
- C:\Windows\System\BbzpqOD.exe
  C:\Windows\System\BbzpqOD.exe
  2⤵
  PID:6328
- C:\Windows\System\OntmfJd.exe
  C:\Windows\System\OntmfJd.exe
  2⤵
  PID:6348
- C:\Windows\System\qJYSARA.exe
  C:\Windows\System\qJYSARA.exe
  2⤵
  PID:6364
- C:\Windows\System\KsbYzSm.exe
  C:\Windows\System\KsbYzSm.exe
  2⤵
  PID:6388
- C:\Windows\System\LLAZFbl.exe
  C:\Windows\System\LLAZFbl.exe
  2⤵
  PID:6408
- C:\Windows\System\ELrvcQj.exe
  C:\Windows\System\ELrvcQj.exe
  2⤵
  PID:6428
- C:\Windows\System\uzMrFaw.exe
  C:\Windows\System\uzMrFaw.exe
  2⤵
  PID:6448
- C:\Windows\System\fHopltd.exe
  C:\Windows\System\fHopltd.exe
  2⤵
  PID:6468
- C:\Windows\System\cWmvtIm.exe
  C:\Windows\System\cWmvtIm.exe
  2⤵
  PID:6488
- C:\Windows\System\dhhDZfQ.exe
  C:\Windows\System\dhhDZfQ.exe
  2⤵
  PID:6508
- C:\Windows\System\RDwJseY.exe
  C:\Windows\System\RDwJseY.exe
  2⤵
  PID:6524
- C:\Windows\System\laimDwV.exe
  C:\Windows\System\laimDwV.exe
  2⤵
  PID:6548
- C:\Windows\System\WVCXfKX.exe
  C:\Windows\System\WVCXfKX.exe
  2⤵
  PID:6572
- C:\Windows\System\MrgDdoz.exe
  C:\Windows\System\MrgDdoz.exe
  2⤵
  PID:6596
- C:\Windows\System\ysNAOgo.exe
  C:\Windows\System\ysNAOgo.exe
  2⤵
  PID:6612
- C:\Windows\System\mYDZkVG.exe
  C:\Windows\System\mYDZkVG.exe
  2⤵
  PID:6632
- C:\Windows\System\gyMOAvZ.exe
  C:\Windows\System\gyMOAvZ.exe
  2⤵
  PID:6656
- C:\Windows\System\ysnujCH.exe
  C:\Windows\System\ysnujCH.exe
  2⤵
  PID:6672
- C:\Windows\System\hQnzoHm.exe
  C:\Windows\System\hQnzoHm.exe
  2⤵
  PID:6696
- C:\Windows\System\HpwdDQH.exe
  C:\Windows\System\HpwdDQH.exe
  2⤵
  PID:6716
- C:\Windows\System\sSrsUOb.exe
  C:\Windows\System\sSrsUOb.exe
  2⤵
  PID:6736
- C:\Windows\System\bUVaUpJ.exe
  C:\Windows\System\bUVaUpJ.exe
  2⤵
  PID:6756
- C:\Windows\System\MvjhioM.exe
  C:\Windows\System\MvjhioM.exe
  2⤵
  PID:6776
- C:\Windows\System\kXJlFiR.exe
  C:\Windows\System\kXJlFiR.exe
  2⤵
  PID:6796
- C:\Windows\System\ufhVtHd.exe
  C:\Windows\System\ufhVtHd.exe
  2⤵
  PID:6812
- C:\Windows\System\vktETsX.exe
  C:\Windows\System\vktETsX.exe
  2⤵
  PID:6828
- C:\Windows\System\QuAylAJ.exe
  C:\Windows\System\QuAylAJ.exe
  2⤵
  PID:6852
- C:\Windows\System\yZKKbCu.exe
  C:\Windows\System\yZKKbCu.exe
  2⤵
  PID:6872
- C:\Windows\System\xloiiJu.exe
  C:\Windows\System\xloiiJu.exe
  2⤵
  PID:6892
- C:\Windows\System\flOifyx.exe
  C:\Windows\System\flOifyx.exe
  2⤵
  PID:6908
- C:\Windows\System\BcOwLWR.exe
  C:\Windows\System\BcOwLWR.exe
  2⤵
  PID:6932
- C:\Windows\System\QsYIlex.exe
  C:\Windows\System\QsYIlex.exe
  2⤵
  PID:6948
- C:\Windows\System\eTbRlRQ.exe
  C:\Windows\System\eTbRlRQ.exe
  2⤵
  PID:6972
- C:\Windows\System\slLNrtR.exe
  C:\Windows\System\slLNrtR.exe
  2⤵
  PID:6988
- C:\Windows\System\RawTHaz.exe
  C:\Windows\System\RawTHaz.exe
  2⤵
  PID:7008
- C:\Windows\System\DQaNVGU.exe
  C:\Windows\System\DQaNVGU.exe
  2⤵
  PID:7024
- C:\Windows\System\FdgjkVY.exe
  C:\Windows\System\FdgjkVY.exe
  2⤵
  PID:7048
- C:\Windows\System\cnHstSk.exe
  C:\Windows\System\cnHstSk.exe
  2⤵
  PID:7068
- C:\Windows\System\vueqmvA.exe
  C:\Windows\System\vueqmvA.exe
  2⤵
  PID:7088
- C:\Windows\System\HUTtwLV.exe
  C:\Windows\System\HUTtwLV.exe
  2⤵
  PID:7104
- C:\Windows\System\VLKCjBZ.exe
  C:\Windows\System\VLKCjBZ.exe
  2⤵
  PID:7128
- C:\Windows\System\xJCWSQm.exe
  C:\Windows\System\xJCWSQm.exe
  2⤵
  PID:7148
- C:\Windows\System\YRWMdTy.exe
  C:\Windows\System\YRWMdTy.exe
  2⤵
  PID:7164
- C:\Windows\System\lmlbRNa.exe
  C:\Windows\System\lmlbRNa.exe
  2⤵
  PID:6052
- C:\Windows\System\MyxyVeR.exe
  C:\Windows\System\MyxyVeR.exe
  2⤵
  PID:3588
- C:\Windows\System\XfCPKmo.exe
  C:\Windows\System\XfCPKmo.exe
  2⤵
  PID:5276
- C:\Windows\System\xemIPMl.exe
  C:\Windows\System\xemIPMl.exe
  2⤵
  PID:6136
- C:\Windows\System\vfhPSzp.exe
  C:\Windows\System\vfhPSzp.exe
  2⤵
  PID:5340
- C:\Windows\System\KLeErkb.exe
  C:\Windows\System\KLeErkb.exe
  2⤵
  PID:5452
- C:\Windows\System\DwoTUaR.exe
  C:\Windows\System\DwoTUaR.exe
  2⤵
  PID:4336
- C:\Windows\System\hnXAphR.exe
  C:\Windows\System\hnXAphR.exe
  2⤵
  PID:5272
- C:\Windows\System\KvNGlUY.exe
  C:\Windows\System\KvNGlUY.exe
  2⤵
  PID:5652
- C:\Windows\System\qhfVCre.exe
  C:\Windows\System\qhfVCre.exe
  2⤵
  PID:6160
- C:\Windows\System\QZjSUIA.exe
  C:\Windows\System\QZjSUIA.exe
  2⤵
  PID:6216
- C:\Windows\System\kTOXJzo.exe
  C:\Windows\System\kTOXJzo.exe
  2⤵
  PID:6256
- C:\Windows\System\LyeiRkA.exe
  C:\Windows\System\LyeiRkA.exe
  2⤵
  PID:6240
- C:\Windows\System\pwIVTIe.exe
  C:\Windows\System\pwIVTIe.exe
  2⤵
  PID:6280
- C:\Windows\System\qtwcWTY.exe
  C:\Windows\System\qtwcWTY.exe
  2⤵
  PID:6340
- C:\Windows\System\rMJVFaW.exe
  C:\Windows\System\rMJVFaW.exe
  2⤵
  PID:6356
- C:\Windows\System\TxPgNLh.exe
  C:\Windows\System\TxPgNLh.exe
  2⤵
  PID:6396
- C:\Windows\System\XAFDGYu.exe
  C:\Windows\System\XAFDGYu.exe
  2⤵
  PID:6460
- C:\Windows\System\FfVxOvG.exe
  C:\Windows\System\FfVxOvG.exe
  2⤵
  PID:6500
- C:\Windows\System\izBPPZM.exe
  C:\Windows\System\izBPPZM.exe
  2⤵
  PID:6532
- C:\Windows\System\NcxTKPs.exe
  C:\Windows\System\NcxTKPs.exe
  2⤵
  PID:6520
- C:\Windows\System\yaccNEm.exe
  C:\Windows\System\yaccNEm.exe
  2⤵
  PID:6624
- C:\Windows\System\OgPsftu.exe
  C:\Windows\System\OgPsftu.exe
  2⤵
  PID:6664
- C:\Windows\System\NMZVhnR.exe
  C:\Windows\System\NMZVhnR.exe
  2⤵
  PID:6608
- C:\Windows\System\eXkIKgj.exe
  C:\Windows\System\eXkIKgj.exe
  2⤵
  PID:6708
- C:\Windows\System\ZeJyOac.exe
  C:\Windows\System\ZeJyOac.exe
  2⤵
  PID:6748
- C:\Windows\System\HagDuQW.exe
  C:\Windows\System\HagDuQW.exe
  2⤵
  PID:6820
- C:\Windows\System\BLEWFAg.exe
  C:\Windows\System\BLEWFAg.exe
  2⤵
  PID:6860
- C:\Windows\System\NxBHgKN.exe
  C:\Windows\System\NxBHgKN.exe
  2⤵
  PID:6728
- C:\Windows\System\nVQFhvO.exe
  C:\Windows\System\nVQFhvO.exe
  2⤵
  PID:6944
- C:\Windows\System\WnBUdFL.exe
  C:\Windows\System\WnBUdFL.exe
  2⤵
  PID:6804
- C:\Windows\System\OWRvyeV.exe
  C:\Windows\System\OWRvyeV.exe
  2⤵
  PID:7064
- C:\Windows\System\mcSGRGe.exe
  C:\Windows\System\mcSGRGe.exe
  2⤵
  PID:6848
- C:\Windows\System\SEBWUpx.exe
  C:\Windows\System\SEBWUpx.exe
  2⤵
  PID:6884
- C:\Windows\System\JAeCHTv.exe
  C:\Windows\System\JAeCHTv.exe
  2⤵
  PID:6928
- C:\Windows\System\GFBYWgF.exe
  C:\Windows\System\GFBYWgF.exe
  2⤵
  PID:6956
- C:\Windows\System\dwdTaSP.exe
  C:\Windows\System\dwdTaSP.exe
  2⤵
  PID:6996
- C:\Windows\System\ptKMMIx.exe
  C:\Windows\System\ptKMMIx.exe
  2⤵
  PID:7044
- C:\Windows\System\qTbSIXO.exe
  C:\Windows\System\qTbSIXO.exe
  2⤵
  PID:7076
- C:\Windows\System\XStzogL.exe
  C:\Windows\System\XStzogL.exe
  2⤵
  PID:7116
- C:\Windows\System\mypkJCA.exe
  C:\Windows\System\mypkJCA.exe
  2⤵
  PID:5372
- C:\Windows\System\dSBDZEg.exe
  C:\Windows\System\dSBDZEg.exe
  2⤵
  PID:6184
- C:\Windows\System\GjweCiC.exe
  C:\Windows\System\GjweCiC.exe
  2⤵
  PID:5844
- C:\Windows\System\xjuRoxT.exe
  C:\Windows\System\xjuRoxT.exe
  2⤵
  PID:3196
- C:\Windows\System\CePlBBM.exe
  C:\Windows\System\CePlBBM.exe
  2⤵
  PID:4760
- C:\Windows\System\GCyMHeM.exe
  C:\Windows\System\GCyMHeM.exe
  2⤵
  PID:6244
- C:\Windows\System\hRzIkMd.exe
  C:\Windows\System\hRzIkMd.exe
  2⤵
  PID:6204
- C:\Windows\System\LIQntRZ.exe
  C:\Windows\System\LIQntRZ.exe
  2⤵
  PID:6152
- C:\Windows\System\YUJHnPm.exe
  C:\Windows\System\YUJHnPm.exe
  2⤵
  PID:6440
- C:\Windows\System\VpJoEse.exe
  C:\Windows\System\VpJoEse.exe
  2⤵
  PID:6568
- C:\Windows\System\NPOFKgc.exe
  C:\Windows\System\NPOFKgc.exe
  2⤵
  PID:6792
- C:\Windows\System\VxDBjtf.exe
  C:\Windows\System\VxDBjtf.exe
  2⤵
  PID:6384
- C:\Windows\System\ypLnTHb.exe
  C:\Windows\System\ypLnTHb.exe
  2⤵
  PID:6464
- C:\Windows\System\pjQRABc.exe
  C:\Windows\System\pjQRABc.exe
  2⤵
  PID:6980
- C:\Windows\System\ztHhrER.exe
  C:\Windows\System\ztHhrER.exe
  2⤵
  PID:6836
- C:\Windows\System\orcZIjH.exe
  C:\Windows\System\orcZIjH.exe
  2⤵
  PID:6644
- C:\Windows\System\lQTvHmb.exe
  C:\Windows\System\lQTvHmb.exe
  2⤵
  PID:6920
- C:\Windows\System\UoRifVd.exe
  C:\Windows\System\UoRifVd.exe
  2⤵
  PID:6724
- C:\Windows\System\trFZuPt.exe
  C:\Windows\System\trFZuPt.exe
  2⤵
  PID:6968
- C:\Windows\System\qBKRIZM.exe
  C:\Windows\System\qBKRIZM.exe
  2⤵
  PID:6904
- C:\Windows\System\EIhVPkY.exe
  C:\Windows\System\EIhVPkY.exe
  2⤵
  PID:5160
- C:\Windows\System\RJjPEEl.exe
  C:\Windows\System\RJjPEEl.exe
  2⤵
  PID:7140
- C:\Windows\System\nHtUMvC.exe
  C:\Windows\System\nHtUMvC.exe
  2⤵
  PID:5956
- C:\Windows\System\nUfqlnX.exe
  C:\Windows\System\nUfqlnX.exe
  2⤵
  PID:7040
- C:\Windows\System\lvvmUWu.exe
  C:\Windows\System\lvvmUWu.exe
  2⤵
  PID:7080
- C:\Windows\System\PPKXiAG.exe
  C:\Windows\System\PPKXiAG.exe
  2⤵
  PID:6156
- C:\Windows\System\conxFCc.exe
  C:\Windows\System\conxFCc.exe
  2⤵
  PID:6424
- C:\Windows\System\kQDCSHL.exe
  C:\Windows\System\kQDCSHL.exe
  2⤵
  PID:6164
- C:\Windows\System\zXPWGmg.exe
  C:\Windows\System\zXPWGmg.exe
  2⤵
  PID:6196
- C:\Windows\System\JTxMzyK.exe
  C:\Windows\System\JTxMzyK.exe
  2⤵
  PID:6704
- C:\Windows\System\rpppmdP.exe
  C:\Windows\System\rpppmdP.exe
  2⤵
  PID:2812
- C:\Windows\System\iUmCNgN.exe
  C:\Windows\System\iUmCNgN.exe
  2⤵
  PID:6304
- C:\Windows\System\HBqqCTz.exe
  C:\Windows\System\HBqqCTz.exe
  2⤵
  PID:7060
- C:\Windows\System\BaZIpSs.exe
  C:\Windows\System\BaZIpSs.exe
  2⤵
  PID:6744
- C:\Windows\System\FlmzyEP.exe
  C:\Windows\System\FlmzyEP.exe
  2⤵
  PID:6880
- C:\Windows\System\hKnzwgc.exe
  C:\Windows\System\hKnzwgc.exe
  2⤵
  PID:1052
- C:\Windows\System\REuVeZZ.exe
  C:\Windows\System\REuVeZZ.exe
  2⤵
  PID:6620
- C:\Windows\System\aWfwiDx.exe
  C:\Windows\System\aWfwiDx.exe
  2⤵
  PID:4852
- C:\Windows\System\CGGoWQr.exe
  C:\Windows\System\CGGoWQr.exe
  2⤵
  PID:6220
- C:\Windows\System\QSMLvcm.exe
  C:\Windows\System\QSMLvcm.exe
  2⤵
  PID:6556
- C:\Windows\System\ZGsBOEk.exe
  C:\Windows\System\ZGsBOEk.exe
  2⤵
  PID:6320
- C:\Windows\System\qewjMCR.exe
  C:\Windows\System\qewjMCR.exe
  2⤵
  PID:2880
- C:\Windows\System\rQrMmNp.exe
  C:\Windows\System\rQrMmNp.exe
  2⤵
  PID:6592
- C:\Windows\System\gVXhnys.exe
  C:\Windows\System\gVXhnys.exe
  2⤵
  PID:7120
- C:\Windows\System\lRgoHFH.exe
  C:\Windows\System\lRgoHFH.exe
  2⤵
  PID:7156
- C:\Windows\System\PzmlbLw.exe
  C:\Windows\System\PzmlbLw.exe
  2⤵
  PID:6300
- C:\Windows\System\YiwbPvt.exe
  C:\Windows\System\YiwbPvt.exe
  2⤵
  PID:2996
- C:\Windows\System\fTjNWPf.exe
  C:\Windows\System\fTjNWPf.exe
  2⤵
  PID:1640
- C:\Windows\System\DQvkglI.exe
  C:\Windows\System\DQvkglI.exe
  2⤵
  PID:1636
- C:\Windows\System\dKRabKi.exe
  C:\Windows\System\dKRabKi.exe
  2⤵
  PID:560
- C:\Windows\System\njPmGrF.exe
  C:\Windows\System\njPmGrF.exe
  2⤵
  PID:2868
- C:\Windows\System\hcaxlGs.exe
  C:\Windows\System\hcaxlGs.exe
  2⤵
  PID:2788
- C:\Windows\System\tzRHAGC.exe
  C:\Windows\System\tzRHAGC.exe
  2⤵
  PID:2748
- C:\Windows\System\vhoaQnK.exe
  C:\Windows\System\vhoaQnK.exe
  2⤵
  PID:7184
- C:\Windows\System\pFAWASP.exe
  C:\Windows\System\pFAWASP.exe
  2⤵
  PID:7204
- C:\Windows\System\bKVJUHW.exe
  C:\Windows\System\bKVJUHW.exe
  2⤵
  PID:7220
- C:\Windows\System\XMMtRDO.exe
  C:\Windows\System\XMMtRDO.exe
  2⤵
  PID:7264
- C:\Windows\System\ADoGVSh.exe
  C:\Windows\System\ADoGVSh.exe
  2⤵
  PID:7280
- C:\Windows\System\TDlorir.exe
  C:\Windows\System\TDlorir.exe
  2⤵
  PID:7300
- C:\Windows\System\KgzYkFR.exe
  C:\Windows\System\KgzYkFR.exe
  2⤵
  PID:7316
- C:\Windows\System\ygmTYiu.exe
  C:\Windows\System\ygmTYiu.exe
  2⤵
  PID:7336
- C:\Windows\System\uiSpfsR.exe
  C:\Windows\System\uiSpfsR.exe
  2⤵
  PID:7356
- C:\Windows\System\JSSwKSP.exe
  C:\Windows\System\JSSwKSP.exe
  2⤵
  PID:7388
- C:\Windows\System\LWycFSq.exe
  C:\Windows\System\LWycFSq.exe
  2⤵
  PID:7408
- C:\Windows\System\dkLpKjx.exe
  C:\Windows\System\dkLpKjx.exe
  2⤵
  PID:7432
- C:\Windows\System\xLvoiAT.exe
  C:\Windows\System\xLvoiAT.exe
  2⤵
  PID:7460
- C:\Windows\System\GDstbkr.exe
  C:\Windows\System\GDstbkr.exe
  2⤵
  PID:7476
- C:\Windows\System\lRyoNCG.exe
  C:\Windows\System\lRyoNCG.exe
  2⤵
  PID:7492
- C:\Windows\System\oehrSdk.exe
  C:\Windows\System\oehrSdk.exe
  2⤵
  PID:7508
- C:\Windows\System\DIkiUoe.exe
  C:\Windows\System\DIkiUoe.exe
  2⤵
  PID:7532
- C:\Windows\System\KzphWSl.exe
  C:\Windows\System\KzphWSl.exe
  2⤵
  PID:7548
- C:\Windows\System\ZSbVegS.exe
  C:\Windows\System\ZSbVegS.exe
  2⤵
  PID:7588
- C:\Windows\System\eYQWpwV.exe
  C:\Windows\System\eYQWpwV.exe
  2⤵
  PID:7604
- C:\Windows\System\QCSiGKo.exe
  C:\Windows\System\QCSiGKo.exe
  2⤵
  PID:7620
- C:\Windows\System\XbMoojq.exe
  C:\Windows\System\XbMoojq.exe
  2⤵
  PID:7640
- C:\Windows\System\WfaVeYp.exe
  C:\Windows\System\WfaVeYp.exe
  2⤵
  PID:7656
- C:\Windows\System\zORQOWI.exe
  C:\Windows\System\zORQOWI.exe
  2⤵
  PID:7672
- C:\Windows\System\MCccxeU.exe
  C:\Windows\System\MCccxeU.exe
  2⤵
  PID:7688
- C:\Windows\System\kIyrUKu.exe
  C:\Windows\System\kIyrUKu.exe
  2⤵
  PID:7708
- C:\Windows\System\lsDMZuE.exe
  C:\Windows\System\lsDMZuE.exe
  2⤵
  PID:7724
- C:\Windows\System\QmDwJBe.exe
  C:\Windows\System\QmDwJBe.exe
  2⤵
  PID:7740
- C:\Windows\System\uXFpbWT.exe
  C:\Windows\System\uXFpbWT.exe
  2⤵
  PID:7756
- C:\Windows\System\LRdSddm.exe
  C:\Windows\System\LRdSddm.exe
  2⤵
  PID:7772
- C:\Windows\System\OFzjtrI.exe
  C:\Windows\System\OFzjtrI.exe
  2⤵
  PID:7788
- C:\Windows\System\sEXDzfk.exe
  C:\Windows\System\sEXDzfk.exe
  2⤵
  PID:7812
- C:\Windows\System\NhCYscZ.exe
  C:\Windows\System\NhCYscZ.exe
  2⤵
  PID:7828
- C:\Windows\System\fOkGqBn.exe
  C:\Windows\System\fOkGqBn.exe
  2⤵
  PID:7848
- C:\Windows\System\ZXDVueO.exe
  C:\Windows\System\ZXDVueO.exe
  2⤵
  PID:7872
- C:\Windows\System\LqQZGMK.exe
  C:\Windows\System\LqQZGMK.exe
  2⤵
  PID:7888
- C:\Windows\System\cHmiQkx.exe
  C:\Windows\System\cHmiQkx.exe
  2⤵
  PID:7904
- C:\Windows\System\xydqmFs.exe
  C:\Windows\System\xydqmFs.exe
  2⤵
  PID:7920
- C:\Windows\System\OEtgIWx.exe
  C:\Windows\System\OEtgIWx.exe
  2⤵
  PID:7936
- C:\Windows\System\iIQOvqv.exe
  C:\Windows\System\iIQOvqv.exe
  2⤵
  PID:7952
- C:\Windows\System\oNdfoZz.exe
  C:\Windows\System\oNdfoZz.exe
  2⤵
  PID:7968
- C:\Windows\System\ZnelUTb.exe
  C:\Windows\System\ZnelUTb.exe
  2⤵
  PID:7984
- C:\Windows\System\CGNVWyT.exe
  C:\Windows\System\CGNVWyT.exe
  2⤵
  PID:8000
- C:\Windows\System\EINpeva.exe
  C:\Windows\System\EINpeva.exe
  2⤵
  PID:8016
- C:\Windows\System\aSuJFjH.exe
  C:\Windows\System\aSuJFjH.exe
  2⤵
  PID:8032
- C:\Windows\System\rSbMpbm.exe
  C:\Windows\System\rSbMpbm.exe
  2⤵
  PID:8052
- C:\Windows\System\qnnlnRe.exe
  C:\Windows\System\qnnlnRe.exe
  2⤵
  PID:8072
- C:\Windows\System\CqKdrxE.exe
  C:\Windows\System\CqKdrxE.exe
  2⤵
  PID:8088
- C:\Windows\System\bLItYKj.exe
  C:\Windows\System\bLItYKj.exe
  2⤵
  PID:8104
- C:\Windows\System\wTcSCTc.exe
  C:\Windows\System\wTcSCTc.exe
  2⤵
  PID:8120
- C:\Windows\System\XcsKCgg.exe
  C:\Windows\System\XcsKCgg.exe
  2⤵
  PID:8144
- C:\Windows\System\rimwVJT.exe
  C:\Windows\System\rimwVJT.exe
  2⤵
  PID:8160
- C:\Windows\System\oNqxKDm.exe
  C:\Windows\System\oNqxKDm.exe
  2⤵
  PID:7396
- C:\Windows\System\OjQWxEY.exe
  C:\Windows\System\OjQWxEY.exe
  2⤵
  PID:2340
- C:\Windows\System\vgyPFrP.exe
  C:\Windows\System\vgyPFrP.exe
  2⤵
  PID:6768
- C:\Windows\System\LbGJcRZ.exe
  C:\Windows\System\LbGJcRZ.exe
  2⤵
  PID:7448
- C:\Windows\System\wjqynmJ.exe
  C:\Windows\System\wjqynmJ.exe
  2⤵
  PID:2872
- C:\Windows\System\EnhXUUl.exe
  C:\Windows\System\EnhXUUl.exe
  2⤵
  PID:7236
- C:\Windows\System\rOIrVxT.exe
  C:\Windows\System\rOIrVxT.exe
  2⤵
  PID:7288
- C:\Windows\System\FjTPBbh.exe
  C:\Windows\System\FjTPBbh.exe
  2⤵
  PID:7324
- C:\Windows\System\kBJGJtB.exe
  C:\Windows\System\kBJGJtB.exe
  2⤵
  PID:7372
- C:\Windows\System\XSLhwHL.exe
  C:\Windows\System\XSLhwHL.exe
  2⤵
  PID:7416
- C:\Windows\System\lMuirFg.exe
  C:\Windows\System\lMuirFg.exe
  2⤵
  PID:7468
- C:\Windows\System\kxRLBAa.exe
  C:\Windows\System\kxRLBAa.exe
  2⤵
  PID:696
- C:\Windows\System\DpBSizl.exe
  C:\Windows\System\DpBSizl.exe
  2⤵
  PID:2168
- C:\Windows\System\qIHtpIZ.exe
  C:\Windows\System\qIHtpIZ.exe
  2⤵
  PID:7612
- C:\Windows\System\alNlDzW.exe
  C:\Windows\System\alNlDzW.exe
  2⤵
  PID:7628
- C:\Windows\System\FqDDBxq.exe
  C:\Windows\System\FqDDBxq.exe
  2⤵
  PID:7632
- C:\Windows\System\gteYzFy.exe
  C:\Windows\System\gteYzFy.exe
  2⤵
  PID:7716
- C:\Windows\System\AZihaiO.exe
  C:\Windows\System\AZihaiO.exe
  2⤵
  PID:7748
- C:\Windows\System\gBOceKQ.exe
  C:\Windows\System\gBOceKQ.exe
  2⤵
  PID:7668
- C:\Windows\System\ONXbkHb.exe
  C:\Windows\System\ONXbkHb.exe
  2⤵
  PID:7860
- C:\Windows\System\ItfmUZU.exe
  C:\Windows\System\ItfmUZU.exe
  2⤵
  PID:2672
- C:\Windows\System\aORaEPm.exe
  C:\Windows\System\aORaEPm.exe
  2⤵
  PID:7736
- C:\Windows\System\yRDRGnP.exe
  C:\Windows\System\yRDRGnP.exe
  2⤵
  PID:7836
- C:\Windows\System\gReSFdN.exe
  C:\Windows\System\gReSFdN.exe
  2⤵
  PID:1364
- C:\Windows\System\MrMxEej.exe
  C:\Windows\System\MrMxEej.exe
  2⤵
  PID:7912
- C:\Windows\System\eiRzOiD.exe
  C:\Windows\System\eiRzOiD.exe
  2⤵
  PID:7996
- C:\Windows\System\PBUGFfB.exe
  C:\Windows\System\PBUGFfB.exe
  2⤵
  PID:8028
- C:\Windows\System\fuHFIkN.exe
  C:\Windows\System\fuHFIkN.exe
  2⤵
  PID:8060
- C:\Windows\System\hvUXLXl.exe
  C:\Windows\System\hvUXLXl.exe
  2⤵
  PID:8080
- C:\Windows\System\xgLrVqm.exe
  C:\Windows\System\xgLrVqm.exe
  2⤵
  PID:8112
- C:\Windows\System\idGMThx.exe
  C:\Windows\System\idGMThx.exe
  2⤵
  PID:8156
- C:\Windows\System\lbaNWhj.exe
  C:\Windows\System\lbaNWhj.exe
  2⤵
  PID:8180
- C:\Windows\System\JXCCJNM.exe
  C:\Windows\System\JXCCJNM.exe
  2⤵
  PID:6236
- C:\Windows\System\yxnucBx.exe
  C:\Windows\System\yxnucBx.exe
  2⤵
  PID:6712
- C:\Windows\System\LQjkQvC.exe
  C:\Windows\System\LQjkQvC.exe
  2⤵
  PID:2224
- C:\Windows\System\yvfaJvm.exe
  C:\Windows\System\yvfaJvm.exe
  2⤵
  PID:7172
- C:\Windows\System\AToyxLH.exe
  C:\Windows\System\AToyxLH.exe
  2⤵
  PID:5864
- C:\Windows\System\YThxRFJ.exe
  C:\Windows\System\YThxRFJ.exe
  2⤵
  PID:2720
- C:\Windows\System\NheksQL.exe
  C:\Windows\System\NheksQL.exe
  2⤵
  PID:6096
- C:\Windows\System\QCIJQJM.exe
  C:\Windows\System\QCIJQJM.exe
  2⤵
  PID:7272
- C:\Windows\System\KjlSbOT.exe
  C:\Windows\System\KjlSbOT.exe
  2⤵
  PID:7344
- C:\Windows\System\idqCvyi.exe
  C:\Windows\System\idqCvyi.exe
  2⤵
  PID:6840
- C:\Windows\System\fgJgQuI.exe
  C:\Windows\System\fgJgQuI.exe
  2⤵
  PID:600
- C:\Windows\System\msNqkUe.exe
  C:\Windows\System\msNqkUe.exe
  2⤵
  PID:1524
- C:\Windows\System\iTqYfEc.exe
  C:\Windows\System\iTqYfEc.exe
  2⤵
  PID:7260
- C:\Windows\System\SkXmpUe.exe
  C:\Windows\System\SkXmpUe.exe
  2⤵
  PID:7364
- C:\Windows\System\pLnWDuW.exe
  C:\Windows\System\pLnWDuW.exe
  2⤵
  PID:7384
- C:\Windows\System\RstbuaN.exe
  C:\Windows\System\RstbuaN.exe
  2⤵
  PID:7684
- C:\Windows\System\QoKTaqp.exe
  C:\Windows\System\QoKTaqp.exe
  2⤵
  PID:2948
- C:\Windows\System\EPMzior.exe
  C:\Windows\System\EPMzior.exe
  2⤵
  PID:7804
- C:\Windows\System\SKNgxtu.exe
  C:\Windows\System\SKNgxtu.exe
  2⤵
  PID:380
- C:\Windows\System\DIYvFFh.exe
  C:\Windows\System\DIYvFFh.exe
  2⤵
  PID:7796
- C:\Windows\System\cNYtpAt.exe
  C:\Windows\System\cNYtpAt.exe
  2⤵
  PID:7880
- C:\Windows\System\lAryCfo.exe
  C:\Windows\System\lAryCfo.exe
  2⤵
  PID:2396
- C:\Windows\System\UzoFcqy.exe
  C:\Windows\System\UzoFcqy.exe
  2⤵
  PID:7964
- C:\Windows\System\SuaPFmM.exe
  C:\Windows\System\SuaPFmM.exe
  2⤵
  PID:8044
- C:\Windows\System\iTzvlid.exe
  C:\Windows\System\iTzvlid.exe
  2⤵
  PID:8116
- C:\Windows\System\yCewAvA.exe
  C:\Windows\System\yCewAvA.exe
  2⤵
  PID:7020
- C:\Windows\System\kOArQDx.exe
  C:\Windows\System\kOArQDx.exe
  2⤵
  PID:6456
- C:\Windows\System\JYBHRSc.exe
  C:\Windows\System\JYBHRSc.exe
  2⤵
  PID:6444
- C:\Windows\System\RlPuVpl.exe
  C:\Windows\System\RlPuVpl.exe
  2⤵
  PID:7216
- C:\Windows\System\dgapvsu.exe
  C:\Windows\System\dgapvsu.exe
  2⤵
  PID:1852
- C:\Windows\System\pDXBxeU.exe
  C:\Windows\System\pDXBxeU.exe
  2⤵
  PID:7400
- C:\Windows\System\XovifuW.exe
  C:\Windows\System\XovifuW.exe
  2⤵
  PID:1476
- C:\Windows\System\YsADWhF.exe
  C:\Windows\System\YsADWhF.exe
  2⤵
  PID:7456
- C:\Windows\System\FtWfbaZ.exe
  C:\Windows\System\FtWfbaZ.exe
  2⤵
  PID:7380
- C:\Windows\System\bOYLScL.exe
  C:\Windows\System\bOYLScL.exe
  2⤵
  PID:2640
- C:\Windows\System\EAgwqHv.exe
  C:\Windows\System\EAgwqHv.exe
  2⤵
  PID:7572
- C:\Windows\System\ztDWeRe.exe
  C:\Windows\System\ztDWeRe.exe
  2⤵
  PID:7516
- C:\Windows\System\AxiNeiP.exe
  C:\Windows\System\AxiNeiP.exe
  2⤵
  PID:6480
- C:\Windows\System\iVQqbRU.exe
  C:\Windows\System\iVQqbRU.exe
  2⤵
  PID:7884
- C:\Windows\System\PENtQhF.exe
  C:\Windows\System\PENtQhF.exe
  2⤵
  PID:2844
- C:\Windows\System\iFdPodd.exe
  C:\Windows\System\iFdPodd.exe
  2⤵
  PID:7696
- C:\Windows\System\krFWyLu.exe
  C:\Windows\System\krFWyLu.exe
  2⤵
  PID:2964
- C:\Windows\System\ShzTQjU.exe
  C:\Windows\System\ShzTQjU.exe
  2⤵
  PID:7764
- C:\Windows\System\ijwEaFW.exe
  C:\Windows\System\ijwEaFW.exe
  2⤵
  PID:7932
- C:\Windows\System\pmkWOrA.exe
  C:\Windows\System\pmkWOrA.exe
  2⤵
  PID:8096
- C:\Windows\System\DSdpadp.exe
  C:\Windows\System\DSdpadp.exe
  2⤵
  PID:3488
- C:\Windows\System\vBZempD.exe
  C:\Windows\System\vBZempD.exe
  2⤵
  PID:7192
- C:\Windows\System\nGQYCXJ.exe
  C:\Windows\System\nGQYCXJ.exe
  2⤵
  PID:7680
- C:\Windows\System\fYEfpiJ.exe
  C:\Windows\System\fYEfpiJ.exe
  2⤵
  PID:8008
- C:\Windows\System\HwYZLJR.exe
  C:\Windows\System\HwYZLJR.exe
  2⤵
  PID:8188
- C:\Windows\System\JIfGtPv.exe
  C:\Windows\System\JIfGtPv.exe
  2⤵
  PID:2760
- C:\Windows\System\ktklArp.exe
  C:\Windows\System\ktklArp.exe
  2⤵
  PID:7252
- C:\Windows\System\eWSJkmc.exe
  C:\Windows\System\eWSJkmc.exe
  2⤵
  PID:7600
- C:\Windows\System\GmAubOW.exe
  C:\Windows\System\GmAubOW.exe
  2⤵
  PID:7784
- C:\Windows\System\kUEIMGh.exe
  C:\Windows\System\kUEIMGh.exe
  2⤵
  PID:7488
- C:\Windows\System\FEbuDTp.exe
  C:\Windows\System\FEbuDTp.exe
  2⤵
  PID:7424
- C:\Windows\System\hQwUHSx.exe
  C:\Windows\System\hQwUHSx.exe
  2⤵
  PID:2612
- C:\Windows\System\DStdksX.exe
  C:\Windows\System\DStdksX.exe
  2⤵
  PID:7844
- C:\Windows\System\VfwUbAH.exe
  C:\Windows\System\VfwUbAH.exe
  2⤵
  PID:7544
- C:\Windows\System\aiQFioF.exe
  C:\Windows\System\aiQFioF.exe
  2⤵
  PID:7200
- C:\Windows\System\jddvpCi.exe
  C:\Windows\System\jddvpCi.exe
  2⤵
  PID:7824
- C:\Windows\System\HVYzAsW.exe
  C:\Windows\System\HVYzAsW.exe
  2⤵
  PID:7768
- C:\Windows\System\VXhgMYJ.exe
  C:\Windows\System\VXhgMYJ.exe
  2⤵
  PID:6648
- C:\Windows\System\MENLtCm.exe
  C:\Windows\System\MENLtCm.exe
  2⤵
  PID:7704
- C:\Windows\System\hUiDRHB.exe
  C:\Windows\System\hUiDRHB.exe
  2⤵
  PID:6484
- C:\Windows\System\ilsjbUK.exe
  C:\Windows\System\ilsjbUK.exe
  2⤵
  PID:8208
- C:\Windows\System\RbhOBer.exe
  C:\Windows\System\RbhOBer.exe
  2⤵
  PID:8228
- C:\Windows\System\YtwxGei.exe
  C:\Windows\System\YtwxGei.exe
  2⤵
  PID:8244
- C:\Windows\System\ZhTcrES.exe
  C:\Windows\System\ZhTcrES.exe
  2⤵
  PID:8260
- C:\Windows\System\vHMNnju.exe
  C:\Windows\System\vHMNnju.exe
  2⤵
  PID:8276
- C:\Windows\System\HXopLrL.exe
  C:\Windows\System\HXopLrL.exe
  2⤵
  PID:8292
- C:\Windows\System\RpaYvVq.exe
  C:\Windows\System\RpaYvVq.exe
  2⤵
  PID:8308
- C:\Windows\System\xLFUgHY.exe
  C:\Windows\System\xLFUgHY.exe
  2⤵
  PID:8324
- C:\Windows\System\BbRJIQW.exe
  C:\Windows\System\BbRJIQW.exe
  2⤵
  PID:8340
- C:\Windows\System\QFtwWEP.exe
  C:\Windows\System\QFtwWEP.exe
  2⤵
  PID:8360
- C:\Windows\System\AIGWqTa.exe
  C:\Windows\System\AIGWqTa.exe
  2⤵
  PID:8384
- C:\Windows\System\XwwTVXD.exe
  C:\Windows\System\XwwTVXD.exe
  2⤵
  PID:8404
- C:\Windows\System\kKhPkGi.exe
  C:\Windows\System\kKhPkGi.exe
  2⤵
  PID:8420
- C:\Windows\System\kiTfhhU.exe
  C:\Windows\System\kiTfhhU.exe
  2⤵
  PID:8440
- C:\Windows\System\sPlnVAx.exe
  C:\Windows\System\sPlnVAx.exe
  2⤵
  PID:8456
- C:\Windows\System\ONKEZCz.exe
  C:\Windows\System\ONKEZCz.exe
  2⤵
  PID:8472
- C:\Windows\System\rCenlYx.exe
  C:\Windows\System\rCenlYx.exe
  2⤵
  PID:8488
- C:\Windows\System\ybrgchn.exe
  C:\Windows\System\ybrgchn.exe
  2⤵
  PID:8504
- C:\Windows\System\OgBGfGc.exe
  C:\Windows\System\OgBGfGc.exe
  2⤵
  PID:8520
- C:\Windows\System\RjPyAkO.exe
  C:\Windows\System\RjPyAkO.exe
  2⤵
  PID:8536
- C:\Windows\System\omcwBeX.exe
  C:\Windows\System\omcwBeX.exe
  2⤵
  PID:8552
- C:\Windows\System\xkqrqIP.exe
  C:\Windows\System\xkqrqIP.exe
  2⤵
  PID:8568
- C:\Windows\System\UqsFOCq.exe
  C:\Windows\System\UqsFOCq.exe
  2⤵
  PID:8592
- C:\Windows\System\FLveqbf.exe
  C:\Windows\System\FLveqbf.exe
  2⤵
  PID:8608
- C:\Windows\System\tLGCNHi.exe
  C:\Windows\System\tLGCNHi.exe
  2⤵
  PID:8796
- C:\Windows\System\SLGookn.exe
  C:\Windows\System\SLGookn.exe
  2⤵
  PID:8816
- C:\Windows\System\zKwRcCy.exe
  C:\Windows\System\zKwRcCy.exe
  2⤵
  PID:8840
- C:\Windows\System\AKjOMbj.exe
  C:\Windows\System\AKjOMbj.exe
  2⤵
  PID:8864
- C:\Windows\System\QSfJgfq.exe
  C:\Windows\System\QSfJgfq.exe
  2⤵
  PID:8880
- C:\Windows\System\uexqNnl.exe
  C:\Windows\System\uexqNnl.exe
  2⤵
  PID:8896
- C:\Windows\System\ufBUULc.exe
  C:\Windows\System\ufBUULc.exe
  2⤵
  PID:8912
- C:\Windows\System\Inmfait.exe
  C:\Windows\System\Inmfait.exe
  2⤵
  PID:8928
- C:\Windows\System\JoSIrVr.exe
  C:\Windows\System\JoSIrVr.exe
  2⤵
  PID:8944
- C:\Windows\System\nSnDGFl.exe
  C:\Windows\System\nSnDGFl.exe
  2⤵
  PID:8964
- C:\Windows\System\zJNTMzA.exe
  C:\Windows\System\zJNTMzA.exe
  2⤵
  PID:8980
- C:\Windows\System\GMjlcZH.exe
  C:\Windows\System\GMjlcZH.exe
  2⤵
  PID:8996
- C:\Windows\System\ODqLEPK.exe
  C:\Windows\System\ODqLEPK.exe
  2⤵
  PID:9012
- C:\Windows\System\wFZtLEo.exe
  C:\Windows\System\wFZtLEo.exe
  2⤵
  PID:9028
- C:\Windows\System\unMKCeF.exe
  C:\Windows\System\unMKCeF.exe
  2⤵
  PID:9044
- C:\Windows\System\OUohLMT.exe
  C:\Windows\System\OUohLMT.exe
  2⤵
  PID:9060
- C:\Windows\System\RiJPVnr.exe
  C:\Windows\System\RiJPVnr.exe
  2⤵
  PID:9076
- C:\Windows\System\Upuzvlr.exe
  C:\Windows\System\Upuzvlr.exe
  2⤵
  PID:9092
- C:\Windows\System\nlLnEnJ.exe
  C:\Windows\System\nlLnEnJ.exe
  2⤵
  PID:9108
- C:\Windows\System\ChJwtXL.exe
  C:\Windows\System\ChJwtXL.exe
  2⤵
  PID:9124
- C:\Windows\System\KhTqnrq.exe
  C:\Windows\System\KhTqnrq.exe
  2⤵
  PID:9140
- C:\Windows\System\EMtUvBu.exe
  C:\Windows\System\EMtUvBu.exe
  2⤵
  PID:9156
- C:\Windows\System\WpqsXmY.exe
  C:\Windows\System\WpqsXmY.exe
  2⤵
  PID:9188
- C:\Windows\System\FnBmwFq.exe
  C:\Windows\System\FnBmwFq.exe
  2⤵
  PID:9208
- C:\Windows\System\qagQTBM.exe
  C:\Windows\System\qagQTBM.exe
  2⤵
  PID:8252
- C:\Windows\System\sexboJi.exe
  C:\Windows\System\sexboJi.exe
  2⤵
  PID:8316
- C:\Windows\System\ZtgAwxx.exe
  C:\Windows\System\ZtgAwxx.exe
  2⤵
  PID:8352
- C:\Windows\System\BBPgmgy.exe
  C:\Windows\System\BBPgmgy.exe
  2⤵
  PID:8400
- C:\Windows\System\ZpOSifY.exe
  C:\Windows\System\ZpOSifY.exe
  2⤵
  PID:8432
- C:\Windows\System\wLIQivA.exe
  C:\Windows\System\wLIQivA.exe
  2⤵
  PID:8448
- C:\Windows\System\dpKNbFx.exe
  C:\Windows\System\dpKNbFx.exe
  2⤵
  PID:8484
- C:\Windows\System\ZdUnvBc.exe
  C:\Windows\System\ZdUnvBc.exe
  2⤵
  PID:8452
- C:\Windows\System\ZluFopb.exe
  C:\Windows\System\ZluFopb.exe
  2⤵
  PID:8564
- C:\Windows\System\oXtQMGN.exe
  C:\Windows\System\oXtQMGN.exe
  2⤵
  PID:8620
- C:\Windows\System\PCBOtDR.exe
  C:\Windows\System\PCBOtDR.exe
  2⤵
  PID:8652
- C:\Windows\System\ShUiJpQ.exe
  C:\Windows\System\ShUiJpQ.exe
  2⤵
  PID:8672
- C:\Windows\System\ArJHEsy.exe
  C:\Windows\System\ArJHEsy.exe
  2⤵
  PID:8692
- C:\Windows\System\zubSXSn.exe
  C:\Windows\System\zubSXSn.exe
  2⤵
  PID:8704
- C:\Windows\System\BfuIjjv.exe
  C:\Windows\System\BfuIjjv.exe
  2⤵
  PID:8720
- C:\Windows\System\INlxJXk.exe
  C:\Windows\System\INlxJXk.exe
  2⤵
  PID:8772
- C:\Windows\System\OQjrZGo.exe
  C:\Windows\System\OQjrZGo.exe
  2⤵
  PID:8756
- C:\Windows\System\gEBjoFI.exe
  C:\Windows\System\gEBjoFI.exe
  2⤵
  PID:8744
- C:\Windows\System\JWJaGff.exe
  C:\Windows\System\JWJaGff.exe
  2⤵
  PID:8728
- C:\Windows\System\SizgMGx.exe
  C:\Windows\System\SizgMGx.exe
  2⤵
  PID:8792
- C:\Windows\System\IrayRuA.exe
  C:\Windows\System\IrayRuA.exe
  2⤵
  PID:8824
- C:\Windows\System\IMOjHUt.exe
  C:\Windows\System\IMOjHUt.exe
  2⤵
  PID:8852
- C:\Windows\System\Cprrcdg.exe
  C:\Windows\System\Cprrcdg.exe
  2⤵
  PID:8888
- C:\Windows\System\iOEzxHv.exe
  C:\Windows\System\iOEzxHv.exe
  2⤵
  PID:8952
- C:\Windows\System\dPOfrKO.exe
  C:\Windows\System\dPOfrKO.exe
  2⤵
  PID:8908
- C:\Windows\System\efjzTzS.exe
  C:\Windows\System\efjzTzS.exe
  2⤵
  PID:9088
- C:\Windows\System\bUXvolj.exe
  C:\Windows\System\bUXvolj.exe
  2⤵
  PID:9084
- C:\Windows\System\dmsxpMV.exe
  C:\Windows\System\dmsxpMV.exe
  2⤵
  PID:8992
- C:\Windows\System\YtvwECV.exe
  C:\Windows\System\YtvwECV.exe
  2⤵
  PID:9104
- C:\Windows\System\CeaGPSk.exe
  C:\Windows\System\CeaGPSk.exe
  2⤵
  PID:840
- C:\Windows\System\TUyrrfr.exe
  C:\Windows\System\TUyrrfr.exe
  2⤵
  PID:8204
- C:\Windows\System\UaqOIMO.exe
  C:\Windows\System\UaqOIMO.exe
  2⤵
  PID:8288
- C:\Windows\System\GCtFWoE.exe
  C:\Windows\System\GCtFWoE.exe
  2⤵
  PID:6496
- C:\Windows\System\nFaztEw.exe
  C:\Windows\System\nFaztEw.exe
  2⤵
  PID:8300
- C:\Windows\System\xlZFWdJ.exe
  C:\Windows\System\xlZFWdJ.exe
  2⤵
  PID:8368
- C:\Windows\System\WIBWuzC.exe
  C:\Windows\System\WIBWuzC.exe
  2⤵
  PID:8380
- C:\Windows\System\mwoUBmI.exe
  C:\Windows\System\mwoUBmI.exe
  2⤵
  PID:8416
- C:\Windows\System\JyUZRoB.exe
  C:\Windows\System\JyUZRoB.exe
  2⤵
  PID:8500
- C:\Windows\System\AQPxiOv.exe
  C:\Windows\System\AQPxiOv.exe
  2⤵
  PID:8616
- C:\Windows\System\GEPjwzI.exe
  C:\Windows\System\GEPjwzI.exe
  2⤵
  PID:9168
- C:\Windows\System\dXMEJLv.exe
  C:\Windows\System\dXMEJLv.exe
  2⤵
  PID:8760
- C:\Windows\System\hXOQqGl.exe
  C:\Windows\System\hXOQqGl.exe
  2⤵
  PID:8860
- C:\Windows\System\TsnQfQu.exe
  C:\Windows\System\TsnQfQu.exe
  2⤵
  PID:8784
- C:\Windows\System\fxtRuDU.exe
  C:\Windows\System\fxtRuDU.exe
  2⤵
  PID:9148
- C:\Windows\System\OzsOakX.exe
  C:\Windows\System\OzsOakX.exe
  2⤵
  PID:8776
- C:\Windows\System\xMvIWdY.exe
  C:\Windows\System\xMvIWdY.exe
  2⤵
  PID:8804
- C:\Windows\System\fxYNXFp.exe
  C:\Windows\System\fxYNXFp.exe
  2⤵
  PID:9152
- C:\Windows\System\BSrPmhr.exe
  C:\Windows\System\BSrPmhr.exe
  2⤵
  PID:9020
- C:\Windows\System\uRvDKUk.exe
  C:\Windows\System\uRvDKUk.exe
  2⤵
  PID:8972
- C:\Windows\System\YUjVpuc.exe
  C:\Windows\System\YUjVpuc.exe
  2⤵
  PID:9196
- C:\Windows\System\lPiUHem.exe
  C:\Windows\System\lPiUHem.exe
  2⤵
  PID:9172
- C:\Windows\System\Birjkkc.exe
  C:\Windows\System\Birjkkc.exe
  2⤵
  PID:1036
- C:\Windows\System\OcCnXmX.exe
  C:\Windows\System\OcCnXmX.exe
  2⤵
  PID:8220
- C:\Windows\System\gkciPcp.exe
  C:\Windows\System\gkciPcp.exe
  2⤵
  PID:8428
- C:\Windows\System\NxlLKsM.exe
  C:\Windows\System\NxlLKsM.exe
  2⤵
  PID:8588
- C:\Windows\System\NYfRHpj.exe
  C:\Windows\System\NYfRHpj.exe
  2⤵
  PID:8332
- C:\Windows\System\TvSqwzR.exe
  C:\Windows\System\TvSqwzR.exe
  2⤵
  PID:8336
- C:\Windows\System\mbjJBgx.exe
  C:\Windows\System\mbjJBgx.exe
  2⤵
  PID:8712
- C:\Windows\System\aPtvKEZ.exe
  C:\Windows\System\aPtvKEZ.exe
  2⤵
  PID:8644
- C:\Windows\System\JeraqfN.exe
  C:\Windows\System\JeraqfN.exe
  2⤵
  PID:8668
- C:\Windows\System\vTthtEN.exe
  C:\Windows\System\vTthtEN.exe
  2⤵
  PID:8764
- C:\Windows\System\TIskzXe.exe
  C:\Windows\System\TIskzXe.exe
  2⤵
  PID:9068
- C:\Windows\System\GZqsKAP.exe
  C:\Windows\System\GZqsKAP.exe
  2⤵
  PID:9132
- C:\Windows\System\iqHXsLk.exe
  C:\Windows\System\iqHXsLk.exe
  2⤵
  PID:8988
- C:\Windows\System\uqeelZm.exe
  C:\Windows\System\uqeelZm.exe
  2⤵
  PID:8636
- C:\Windows\System\PBtshGw.exe
  C:\Windows\System\PBtshGw.exe
  2⤵
  PID:9184
- C:\Windows\System\pSQwNRb.exe
  C:\Windows\System\pSQwNRb.exe
  2⤵
  PID:8736
- C:\Windows\System\NrlKDZB.exe
  C:\Windows\System\NrlKDZB.exe
  2⤵
  PID:8240
- C:\Windows\System\mJUAKCr.exe
  C:\Windows\System\mJUAKCr.exe
  2⤵
  PID:8200
- C:\Windows\System\bDEZSuF.exe
  C:\Windows\System\bDEZSuF.exe
  2⤵
  PID:8272
- C:\Windows\System\XUrXezI.exe
  C:\Windows\System\XUrXezI.exe
  2⤵
  PID:7576
- C:\Windows\System\gBgsTph.exe
  C:\Windows\System\gBgsTph.exe
  2⤵
  PID:8696
- C:\Windows\System\TGNIYIT.exe
  C:\Windows\System\TGNIYIT.exe
  2⤵
  PID:8216
- C:\Windows\System\jCcIQwX.exe
  C:\Windows\System\jCcIQwX.exe
  2⤵
  PID:8836
- C:\Windows\System\bnWQhYo.exe
  C:\Windows\System\bnWQhYo.exe
  2⤵
  PID:8284
- C:\Windows\System\yDBdpsZ.exe
  C:\Windows\System\yDBdpsZ.exe
  2⤵
  PID:9236
- C:\Windows\System\XoWZkzB.exe
  C:\Windows\System\XoWZkzB.exe
  2⤵
  PID:9252
- C:\Windows\System\gBJkaFX.exe
  C:\Windows\System\gBJkaFX.exe
  2⤵
  PID:9292
- C:\Windows\System\JYcNksJ.exe
  C:\Windows\System\JYcNksJ.exe
  2⤵
  PID:9324
- C:\Windows\System\FeMtOpV.exe
  C:\Windows\System\FeMtOpV.exe
  2⤵
  PID:9340
- C:\Windows\System\UgLSNtR.exe
  C:\Windows\System\UgLSNtR.exe
  2⤵
  PID:9356
- C:\Windows\System\zveLths.exe
  C:\Windows\System\zveLths.exe
  2⤵
  PID:9376
- C:\Windows\System\UgmXszu.exe
  C:\Windows\System\UgmXszu.exe
  2⤵
  PID:9392
- C:\Windows\System\gNcQgXT.exe
  C:\Windows\System\gNcQgXT.exe
  2⤵
  PID:9444
- C:\Windows\System\UzUwRog.exe
  C:\Windows\System\UzUwRog.exe
  2⤵
  PID:9468
- C:\Windows\System\wCguzct.exe
  C:\Windows\System\wCguzct.exe
  2⤵
  PID:9484
- C:\Windows\System\jXchYdB.exe
  C:\Windows\System\jXchYdB.exe
  2⤵
  PID:9536
- C:\Windows\System\nKLXIlM.exe
  C:\Windows\System\nKLXIlM.exe
  2⤵
  PID:9628
- C:\Windows\System\pqosBIh.exe
  C:\Windows\System\pqosBIh.exe
  2⤵
  PID:9644
- C:\Windows\System\woiaSpM.exe
  C:\Windows\System\woiaSpM.exe
  2⤵
  PID:9660
- C:\Windows\System\aFDtmcq.exe
  C:\Windows\System\aFDtmcq.exe
  2⤵
  PID:9676
- C:\Windows\System\kSVqgkb.exe
  C:\Windows\System\kSVqgkb.exe
  2⤵
  PID:9692
- C:\Windows\System\vLxDIrg.exe
  C:\Windows\System\vLxDIrg.exe
  2⤵
  PID:9720
- C:\Windows\System\aWlaGth.exe
  C:\Windows\System\aWlaGth.exe
  2⤵
  PID:9736
- C:\Windows\System\fIpCftO.exe
  C:\Windows\System\fIpCftO.exe
  2⤵
  PID:9756
- C:\Windows\System\DPBCUFf.exe
  C:\Windows\System\DPBCUFf.exe
  2⤵
  PID:9776
- C:\Windows\System\mVtrakC.exe
  C:\Windows\System\mVtrakC.exe
  2⤵
  PID:9792
- C:\Windows\System\oODJaHw.exe
  C:\Windows\System\oODJaHw.exe
  2⤵
  PID:9808
- C:\Windows\System\CVkuGqD.exe
  C:\Windows\System\CVkuGqD.exe
  2⤵
  PID:9824
- C:\Windows\System\gywKKmO.exe
  C:\Windows\System\gywKKmO.exe
  2⤵
  PID:9840
- C:\Windows\System\zijIlAG.exe
  C:\Windows\System\zijIlAG.exe
  2⤵
  PID:9856
- C:\Windows\System\rDCdQmN.exe
  C:\Windows\System\rDCdQmN.exe
  2⤵
  PID:9872
- C:\Windows\System\bsgZUGw.exe
  C:\Windows\System\bsgZUGw.exe
  2⤵
  PID:9904
- C:\Windows\System\qJDoywS.exe
  C:\Windows\System\qJDoywS.exe
  2⤵
  PID:9932
- C:\Windows\System\yhAxIrR.exe
  C:\Windows\System\yhAxIrR.exe
  2⤵
  PID:9960
- C:\Windows\System\pIoHPrq.exe
  C:\Windows\System\pIoHPrq.exe
  2⤵
  PID:9980
- C:\Windows\System\KXxlfIP.exe
  C:\Windows\System\KXxlfIP.exe
  2⤵
  PID:9996
- C:\Windows\System\jCJbuKp.exe
  C:\Windows\System\jCJbuKp.exe
  2⤵
  PID:10012
- C:\Windows\System\LpAwBEP.exe
  C:\Windows\System\LpAwBEP.exe
  2⤵
  PID:10032
- C:\Windows\System\LLVDvyA.exe
  C:\Windows\System\LLVDvyA.exe
  2⤵
  PID:10052
- C:\Windows\System\oZuUhKz.exe
  C:\Windows\System\oZuUhKz.exe
  2⤵
  PID:10068
- C:\Windows\System\GtYVTWK.exe
  C:\Windows\System\GtYVTWK.exe
  2⤵
  PID:10120
- C:\Windows\System\DdGirLl.exe
  C:\Windows\System\DdGirLl.exe
  2⤵
  PID:10136
- C:\Windows\System\xAqjGcq.exe
  C:\Windows\System\xAqjGcq.exe
  2⤵
  PID:10156
- C:\Windows\System\mMumnvW.exe
  C:\Windows\System\mMumnvW.exe
  2⤵
  PID:10172
- C:\Windows\System\JaCgLPA.exe
  C:\Windows\System\JaCgLPA.exe
  2⤵
  PID:10200
- C:\Windows\System\xCuDWHK.exe
  C:\Windows\System\xCuDWHK.exe
  2⤵
  PID:10220
- C:\Windows\System\rIcgHfj.exe
  C:\Windows\System\rIcgHfj.exe
  2⤵
  PID:10236
- C:\Windows\System\FNkKprr.exe
  C:\Windows\System\FNkKprr.exe
  2⤵
  PID:9004
- C:\Windows\System\LIyqDAQ.exe
  C:\Windows\System\LIyqDAQ.exe
  2⤵
  PID:8812
- C:\Windows\System\KnlxVLq.exe
  C:\Windows\System\KnlxVLq.exe
  2⤵
  PID:9268
- C:\Windows\System\pDpryHf.exe
  C:\Windows\System\pDpryHf.exe
  2⤵
  PID:9280
- C:\Windows\System\rGoMdGz.exe
  C:\Windows\System\rGoMdGz.exe
  2⤵
  PID:9248
- C:\Windows\System\wOrnOPn.exe
  C:\Windows\System\wOrnOPn.exe
  2⤵
  PID:9312
- C:\Windows\System\oOigIDm.exe
  C:\Windows\System\oOigIDm.exe
  2⤵
  PID:9320
- C:\Windows\System\gkLAZzw.exe
  C:\Windows\System\gkLAZzw.exe
  2⤵
  PID:9408
- C:\Windows\System\OsYnMOZ.exe
  C:\Windows\System\OsYnMOZ.exe
  2⤵
  PID:9428
- C:\Windows\System\hNDZEeA.exe
  C:\Windows\System\hNDZEeA.exe
  2⤵
  PID:9404
- C:\Windows\System\rsqUjVo.exe
  C:\Windows\System\rsqUjVo.exe
  2⤵
  PID:9384
- C:\Windows\System\OjLHYcG.exe
  C:\Windows\System\OjLHYcG.exe
  2⤵
  PID:9464
- C:\Windows\System\XLbGPDa.exe
  C:\Windows\System\XLbGPDa.exe
  2⤵
  PID:9500
- C:\Windows\System\BapnbTr.exe
  C:\Windows\System\BapnbTr.exe
  2⤵
  PID:9564
- C:\Windows\System\ulynjcI.exe
  C:\Windows\System\ulynjcI.exe
  2⤵
  PID:9520
- C:\Windows\System\BXLgRXM.exe
  C:\Windows\System\BXLgRXM.exe
  2⤵
  PID:9528
- C:\Windows\System\plRkYBX.exe
  C:\Windows\System\plRkYBX.exe
  2⤵
  PID:9616
- C:\Windows\System\xaguLgk.exe
  C:\Windows\System\xaguLgk.exe
  2⤵
  PID:9640
- C:\Windows\System\KRxnBaR.exe
  C:\Windows\System\KRxnBaR.exe
  2⤵
  PID:9672
- C:\Windows\System\jTNXyZI.exe
  C:\Windows\System\jTNXyZI.exe
  2⤵
  PID:9712
- C:\Windows\System\ZvybBMY.exe
  C:\Windows\System\ZvybBMY.exe
  2⤵
  PID:9744
- C:\Windows\System\WLrCyPq.exe
  C:\Windows\System\WLrCyPq.exe
  2⤵
  PID:9804
- C:\Windows\System\ViaUNLZ.exe
  C:\Windows\System\ViaUNLZ.exe
  2⤵
  PID:9836
- C:\Windows\System\bYfEpvg.exe
  C:\Windows\System\bYfEpvg.exe
  2⤵
  PID:9880
- C:\Windows\System\TrYYDyy.exe
  C:\Windows\System\TrYYDyy.exe
  2⤵
  PID:9864
- C:\Windows\System\dfblrxP.exe
  C:\Windows\System\dfblrxP.exe
  2⤵
  PID:9948
- C:\Windows\System\NnQsgot.exe
  C:\Windows\System\NnQsgot.exe
  2⤵
  PID:9992
- C:\Windows\System\fgxuqMo.exe
  C:\Windows\System\fgxuqMo.exe
  2⤵
  PID:10060
- C:\Windows\System\ONKCldq.exe
  C:\Windows\System\ONKCldq.exe
  2⤵
  PID:9916
- C:\Windows\System\CmUjCdB.exe
  C:\Windows\System\CmUjCdB.exe
  2⤵
  PID:9924
- C:\Windows\System\efJQgEl.exe
  C:\Windows\System\efJQgEl.exe
  2⤵
  PID:10132
- C:\Windows\System\CXNDQGi.exe
  C:\Windows\System\CXNDQGi.exe
  2⤵
  PID:9972
- C:\Windows\System\egImuFq.exe
  C:\Windows\System\egImuFq.exe
  2⤵
  PID:10076
- C:\Windows\System\RmFQype.exe
  C:\Windows\System\RmFQype.exe
  2⤵
  PID:10092
- C:\Windows\System\anjxNOY.exe
  C:\Windows\System\anjxNOY.exe
  2⤵
  PID:10144
- C:\Windows\System\LAPfEsm.exe
  C:\Windows\System\LAPfEsm.exe
  2⤵
  PID:10180
- C:\Windows\System\fZHtqmT.exe
  C:\Windows\System\fZHtqmT.exe
  2⤵
  PID:10196
- C:\Windows\System\jFjnJwd.exe
  C:\Windows\System\jFjnJwd.exe
  2⤵
  PID:10228
- C:\Windows\System\VOunRIO.exe
  C:\Windows\System\VOunRIO.exe
  2⤵
  PID:8480
- C:\Windows\System\pmQjqbn.exe
  C:\Windows\System\pmQjqbn.exe
  2⤵
  PID:8468
- C:\Windows\System\waOBaEo.exe
  C:\Windows\System\waOBaEo.exe
  2⤵
  PID:9224
- C:\Windows\System\CVTilHK.exe
  C:\Windows\System\CVTilHK.exe
  2⤵
  PID:9332
- C:\Windows\System\XvnAAgj.exe
  C:\Windows\System\XvnAAgj.exe
  2⤵
  PID:9492
- C:\Windows\System\KApSJzA.exe
  C:\Windows\System\KApSJzA.exe
  2⤵
  PID:9592
- C:\Windows\System\xmIceFT.exe
  C:\Windows\System\xmIceFT.exe
  2⤵
  PID:9304
- C:\Windows\System\HnsQROe.exe
  C:\Windows\System\HnsQROe.exe
  2⤵
  PID:9440
- C:\Windows\System\OkvFiZa.exe
  C:\Windows\System\OkvFiZa.exe
  2⤵
  PID:9552
- C:\Windows\System\EhnmMWr.exe
  C:\Windows\System\EhnmMWr.exe
  2⤵
  PID:9584
- C:\Windows\System\cKfIGvZ.exe
  C:\Windows\System\cKfIGvZ.exe
  2⤵
  PID:9688
- C:\Windows\System\VaeDFwp.exe
  C:\Windows\System\VaeDFwp.exe
  2⤵
  PID:9232
- C:\Windows\System\DOZlZvx.exe
  C:\Windows\System\DOZlZvx.exe
  2⤵
  PID:9732
- C:\Windows\System\RAvSeZf.exe
  C:\Windows\System\RAvSeZf.exe
  2⤵
  PID:9820
- C:\Windows\System\shPbXOa.exe
  C:\Windows\System\shPbXOa.exe
  2⤵
  PID:9896
- C:\Windows\System\bhecFNq.exe
  C:\Windows\System\bhecFNq.exe
  2⤵
  PID:9900
- C:\Windows\System\KPYMIFP.exe
  C:\Windows\System\KPYMIFP.exe
  2⤵
  PID:10044
- C:\Windows\System\nmjXtZT.exe
  C:\Windows\System\nmjXtZT.exe
  2⤵
  PID:10112
- C:\Windows\System\GIUTePE.exe
  C:\Windows\System\GIUTePE.exe
  2⤵
  PID:9920
- C:\Windows\System\FkNkRVL.exe
  C:\Windows\System\FkNkRVL.exe
  2⤵
  PID:9352
- C:\Windows\System\piqcwWy.exe
  C:\Windows\System\piqcwWy.exe
  2⤵
  PID:9452
- C:\Windows\System\XaZUBRM.exe
  C:\Windows\System\XaZUBRM.exe
  2⤵
  PID:9668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BYzWQEf.exe

Filesize
6.0MB

MD5
bf35fb6fa9f85344a2c19986ac719832

SHA1
7dc52e7d2cf5b860fa975e5ac68dbfdc46ef26c9

SHA256
a3ec5196cf8ff7f3052010f0e29c6ed283a138c188519804ae97522c0c678555

SHA512
d55067f59d43c21b4bdfbec267bccf02358cd57b40e7ed1b34390abf7c8142af8567d7ad49e3464a3478b647ef96eac5a6c4aad57a8a789c86d8e7100f5b6243

Download Submit
C:\Windows\system\CHRDVhc.exe

Filesize
6.0MB

MD5
1c7d1973947da99722a12a9d9c81fee8

SHA1
a1abd54717280882ab76debde217d2b09d66daa6

SHA256
54d69b3e3b19e8c04d686a29f488b308714a103a376eca4387276a102dbebc57

SHA512
ca6f392572c3484a6c71984abbc617137ba459d3b840b03071a63bbe89cb672c8de07c64bc38565f7dff0e97a2b23eee119d03e8e7ddd8154d09fb54d4774f3a

Download Submit
C:\Windows\system\CqhqNEl.exe

Filesize
6.0MB

MD5
7b2a2871c3c3bb216f943b87ce25145e

SHA1
b40b1627a429a57092f5fbdbe74f75d2420dfaec

SHA256
ee3a13a981517d50734bdcb940136194306204b624deb2808f541db9d5db3ea4

SHA512
13fcdb751dec3c71034f3683a289227bf22a2094adbda0fbdd3a0abc16629f9b2a5c23dcc378a646fe17fb9eaa6536b523fdf87a6599d7ef581348a5752aa3e2

Download Submit
C:\Windows\system\DEasKXI.exe

Filesize
6.0MB

MD5
193a6ce300603ba10e75c67c33880f0a

SHA1
31bd5a52c2158f593d47c29c0483f3d859479b16

SHA256
0571d6bba665150d20b6fc7a0433f628a3731e4f5c4f1f67685504bab174e8ff

SHA512
6dcf802bd4ebc8b0caa7595133f39cff6a351785f0fc88cd5a48d21b34dec42f898ebc5d285c1465748bd6a4e1e24de7c18f0cc5be39ef192b0151a4f65f3aac

Download Submit
C:\Windows\system\IJDCUfS.exe

Filesize
6.0MB

MD5
54aeafde3f00825f95b90586409f693c

SHA1
d2778648d857fc64fd00ee5f6c4ccd43ea399fee

SHA256
58528849a622dd2d148d1f6e09d5edc6d871e37deea8d6ba9ff287d829aca8b7

SHA512
d5add979a2f365a24a17b3a98648e44c3dcbc0d9a087a4b586004ed4d4aafb51fd2fd353b592da4d4fa400311e38ddba935507877262357704d1f7f069881c30

Download Submit
C:\Windows\system\JKKhZzR.exe

Filesize
6.0MB

MD5
86d46390bf9e8eeaa3915f912960443b

SHA1
401d02d1742be4a247ebaa6bc3624ef9b40fa21a

SHA256
620b9e24344adc070bbb22c05c02960877b778d6cd09424013a1ca5a7b2c8837

SHA512
ac1874367ba6fe69e35c76ff35d294b5b43c3be4449de93a3df6f3d1fd4fd46064551ac1af61a87e3bd1acaec6727c8e330b6d7efc42fdf700b9420cc13e85b8

Download Submit
C:\Windows\system\JhMlOuB.exe

Filesize
6.0MB

MD5
ee10dc154aaf197e6fa0e2b2c7c519da

SHA1
06ee24b7bf1e6207292927c6a5991abc75181013

SHA256
11ab286bc09d095a4aed00dfaa9462bdb85267cd3a89e37db43c666cf34e7e55

SHA512
fd0dad654cdfeb9155a4e5c8cac1843b1629e16c311065607b974d1f1b4e69aeb8f17b91700348e88799c12651f7c43b95b74c676022b265ac4388a091b53600

Download Submit
C:\Windows\system\JtzjUcb.exe

Filesize
6.0MB

MD5
9ac0c5c94053f527170b5dd82a5b2de2

SHA1
90f89a202fd39b6403886d68dc37e32290178c3f

SHA256
469587180e68123d72078bbfccc46623d1b9c3b0cb83d36693db8a8c4186374c

SHA512
d82e435d5757cdcd41844aeebf34e2756f10311a6cfb904d876e80746f4d89bfd892c91afe69a7ff98276bb7a9ed52f396b56d597d0b9ccc568f556130cfb44e

Download Submit
C:\Windows\system\MObdqBD.exe

Filesize
6.0MB

MD5
357b2c7a482bd15a5835597be0a1872e

SHA1
5ed8dd1d48c9f3b5e129fa1114377f527e18aa08

SHA256
b982996f225cdef9a1ffbcd1f387037d3efcdb4f7a13152b4c448523573d18ab

SHA512
15f7b55f564020a43fee9a1b9f5e6e7a9f85d4f63e6bb2b369948ac35935cd2fcaf6ba6ec4a6fff5c1c4359ad551cdee8caff4e50f1ac2e849ae6c7e5f85d490

Download Submit
C:\Windows\system\NNofCtD.exe

Filesize
6.0MB

MD5
776b138ef5f9a9aa4552c87744e33400

SHA1
70f36bc5d1458636fd6f99eecafc6f1b073c3fc1

SHA256
373a5e1b5d3211b4ccb7fee4e34ce42d4561fc3ddb70ac2ee911131b2df10f00

SHA512
43bc8648f75d6449f70c7a899c5c7a3abc63931bb7da700a36342ff903c50f62a7f2327d027e5647d170c038c28b3f83e0c696965ed0c394d0c6c097dd2b8862

Download Submit
C:\Windows\system\PNzItEf.exe

Filesize
6.0MB

MD5
3cc3510c5c205d33cb227a2ec9d238aa

SHA1
8f384520068fbc5fa2f5c489c5eacf0aa0f2e3d4

SHA256
9d811797590efd0c19f8e40d3a805b53e2b9cb751e566c8a496e870e0c7ccde9

SHA512
8ce8dce322a48c08ae6fa3c1089cad498ac982a405092ef02fee1b9a4fc018d8a8418b404a65c1a2672f11e1073256f67587c8298057981a0c4c1c7e44487a23

Download Submit
C:\Windows\system\PuMJsmU.exe

Filesize
6.0MB

MD5
3e868bd1f686a364daaaefc5b179aafd

SHA1
81c83678a66f144ba2b3b37ecc5ab1c6bc1754ff

SHA256
6aff4cd3d0e9d2bfb1a24280bc76757f14bf3283b318c97ad4bc983f1a54ecb3

SHA512
e108d6aa6126b1319b4f9b1dda6a25572109c09ff581d5fa023d7591a8f9355cd9723a77c5265c3e7c3a644c7766a76c4f6953799b0b15f50af34882e34a6c11

Download Submit
C:\Windows\system\SgWBPZp.exe

Filesize
6.0MB

MD5
d66ad5bcbb859d22b758a84fc92d4d6d

SHA1
2a97df5b457c6ca2f52ca355c7011a994889534e

SHA256
948fc6e3d0cddcb1adbee733135bc49d02c4d9e3f4d47072e0a8c7a22ba07ad9

SHA512
191d8a41fae84ded508d2ccdf0591c03e60dab993277509a928e60b973653c11e45840c36edf3d1b97aa7e9f0ba63451aaddc75759311837d3e641b0a915f398

Download Submit
C:\Windows\system\UwdEGIs.exe

Filesize
6.0MB

MD5
191da4d6567e1365f19633db49c2b08a

SHA1
c40fd1dddda53b1010dcd8fab8301bc161ec79a6

SHA256
7380789fb3da46503e2566975d67b60192db4f7dbb1c5e965c8791014ede6b6e

SHA512
940eb9a7f0640fa7ae8fd1a367f2df335c1f426cec9d37ec2c917e2665535e66fdb44287daa0cdc8736d47f35979b5f9dc2d91ce6b5256e9d4479404610502b8

Download Submit
C:\Windows\system\Wdhllut.exe

Filesize
6.0MB

MD5
fa074740747779557d1192b13c84f6f4

SHA1
66d9c71bb325e9d98d392d4894a943bf6cacb80f

SHA256
1c157613775e17b143f9531f89ba9332b8a7823dcb733bff60383f13c67f93cc

SHA512
89808ce4a9a72f2812b5f642d6a4b1bba501ed07cadacdacefdc8f798717347c57b765514f8ec32b0e796becad95f63a2ae641c921439694b01ed70b76900fe1

Download Submit
C:\Windows\system\XJkDzcx.exe

Filesize
6.0MB

MD5
a51110058c1e8b7f597d7fa1b962b4c8

SHA1
2e3d2bc9f2ce9bc2967f3c375283aa01ff21e355

SHA256
3ddb61f9436512519bf4671ff0394a47581a2a2f1604c50192c3774cff8ec5fa

SHA512
dddad482af94ca7b5fc8e8890571aff5ae2e486e92ca42e9b13120ead51e2775f9080bea37d37477588f0310b2350b9f14ea8fe0fe168b6b70d8f8c19243e1ab

Download Submit
C:\Windows\system\YGmcgYX.exe

Filesize
6.0MB

MD5
434c7a86edbe4a120c0d06f3e7a036d4

SHA1
55e00421a96eb6146dbcfca70cd999a1de1cbf97

SHA256
c59db807b1726df9ef89b8eb10e812a72e35a47bde7c08206e538de1830b029e

SHA512
dcea5b63a38f1a6950eedcdd96eb6571f1fc3bca11030edecc185df0b647d68a7589744ae726565708226b6d86251610bc3eaa6fcf3ccbbaafa0eb3a42e01c37

Download Submit
C:\Windows\system\cqTNDSs.exe

Filesize
6.0MB

MD5
739860ed1a3fb0903f502838530faef3

SHA1
a63c25c6fcce98bc464f4f3dea18d723334cb6b0

SHA256
6ed02020cdacb0002a436f3eb7e00ae499bfc4344018a84a50640eee3fb1401a

SHA512
e8396a17c610ee4daaa7ac8dccdbef8a4f0d090da190b995d0964531c738b39475664f928b9d98bd401d9e0d7966abe30d38a0f314d6b18313ce19e5e81f0b7c

Download Submit
C:\Windows\system\ctYzwen.exe

Filesize
6.0MB

MD5
8d8b3b91f347178fc0865613fd7b9f64

SHA1
8b7577839ec719889db32ee927b8b4f4979f7f08

SHA256
dccac2d5a588eeb35d68606addc4860f1be2a9b365603e0174a5537407ed6d1a

SHA512
3f0900eb9768d5e3469ddba3d0f077776535924d5129bd173ee908719b9bd22a38e464a2c34983d309b9cd8bc4979ee36e9bec5c0c5a800eff06ffeff29db3f8

Download Submit
C:\Windows\system\hiDcqKW.exe

Filesize
6.0MB

MD5
636b603598829671ddce96ca4750fe0b

SHA1
b085dc0420f55f0aa643dc74f86fb4dd5189c5e0

SHA256
8421fb97d17d9e36251f1d07626eba8f2202b32ff6ae9078fa053c222f9dcbfa

SHA512
0faeab48a3e7c702aae43078a84bdaf491691fe96a2057dae568785bb02d982c9558db459636ad7ab2c1fc0bf8f2cb4fd01a8aa5323f70c4d128aa3dfcd2b339

Download Submit
C:\Windows\system\kALPolY.exe

Filesize
6.0MB

MD5
d1ee7fe1b3a4a3d7e7f3cbdf325fc785

SHA1
2b95de2bfda75aff69cc45573fad57c00e0c5bd6

SHA256
70f9bc6adcf7b93499e04202e3b742b739d049aadb0a0296a132ff37dfa07a9f

SHA512
7cb57c20940650799523d077d6b0be7d6b19723cd508e9dc955b309f3b74d8883f65c56d44b37ea2be63fa0cd394f742cfb881c1810a97cb111cad6b45af5a69

Download Submit
C:\Windows\system\mWHdWyw.exe

Filesize
6.0MB

MD5
e6e63b87f556f1db606f0f98d96c04cb

SHA1
e793328820d30fb43dfa319fd83280c6e37a8d83

SHA256
e833c352e6c828508251e6161d7714a7fc074b8f0c3cfdd3e2f8f46e25111456

SHA512
c80fb54dc19d4204c8e20db8b8e0a323f23ac0154c455e9c412cdb2fc72e01a4a114fb44744c3948c3021a1f6e46ce0133a9dff3276237266eabeefd1a2bf21e

Download Submit
C:\Windows\system\naySKDj.exe

Filesize
6.0MB

MD5
77d6d7c754d3d1a60d0a39f9c992fe8c

SHA1
fe04b48ab84c5e2a546619061884a22548b1fdea

SHA256
6874bb70d8a70a057fdd9a4858e30f8d19877c9b91bf4c9d96a7fa7d1c39388a

SHA512
6978b96afd74c304390b7ac1b7582cc8e36de5044a20ee5d36b5e56005f09a9edc08b58e06dded3b8d41abab45d81868c2f2a9ae300394d609bfcf7261d38719

Download Submit
C:\Windows\system\olfWPHA.exe

Filesize
6.0MB

MD5
58f51098b7b608f110287b52e776b707

SHA1
a06e2a6f09e3c011e704125196c6ef741bc9553d

SHA256
b4d3320ae7b678c4ef955b1c718dcd598105db0b513dfd1d291d8aeb214ffd60

SHA512
aa19c6fa8a89a30afd56ac62b19ce184bbd1403f0f146b00a74cfc048fa923b393a11ddc22ff1500b841d2d3b940ca6a9230ad7e9e8d586cbc99394639d5977d

Download Submit
C:\Windows\system\pFyCGLd.exe

Filesize
6.0MB

MD5
dedb7bfe6beb1c28804a7b1bd4e8a6f6

SHA1
0b7a1f4917f483f5ead873cc9e5085407cd99f41

SHA256
812c88096a4398d25635bc86cac9364a134b1c4e724c6e77a4ff2d665890ce07

SHA512
53fbfd4cfb462dadae5f6becbce5d4544d7ff919c05a760b70589db3e0a86ad2afe2d6b10eaa8a8d4c9569767a31ea07ad1d6b122679a1a352a7922010609592

Download Submit
C:\Windows\system\quYttsk.exe

Filesize
6.0MB

MD5
568405adcbdf5ef765c936d0d72c1177

SHA1
8af561dc22c6b54aaf2812794acac71ed028e5de

SHA256
980623771ce566b6812b155ba4ee56ce8c880730aecf287567a0b6fb9c6d65b5

SHA512
4ca254b8bb4917721681fa862162fd92f0a6bdd421a8531c2b00d4bf9d06d266c984b0001f7a139cd0993c42c02aca6c8eb4d97c787653989a8807f84463ca69

Download Submit
C:\Windows\system\smLyeOm.exe

Filesize
6.0MB

MD5
062b65bb8bdd8098f4fc6d75b2bbe13d

SHA1
23fee3bf6ecf9964e2f03d25e3c1589b5a21d2ce

SHA256
93c3e4f5e54e0ac4f9044112e26a929f1cc21d56a45e786b5911f5216ce59d53

SHA512
f203a8c66af39626b244ca68f97eabed4f9baf6a39b0756ccb78bd46632d170357123d63bcfb6d248d987b8746df189ce4288265769d9f63f3255d7726dc8be2

Download Submit
C:\Windows\system\tZaqUTK.exe

Filesize
6.0MB

MD5
7b7cba0d20f8e785d4b5be2a91960736

SHA1
db9e8bfc1b25207471d45c68e8ac529b8e18b760

SHA256
4d69d6ab1c55bd4ccb2fe31a90dd2fc7e0377daab40d93e9bbfac824eb49a6b9

SHA512
53ed26fd144707c8ceb8cec8865b549f89676942133383c9d1cf95d48119e89c546adeb9053a4c9b6be29795d4ae28b1d67ad377d49372b6548391c4ab4da3ab

Download Submit
C:\Windows\system\zXYqhlU.exe

Filesize
6.0MB

MD5
eef09e06543e6da943f2c714c62adc10

SHA1
4c9babe2156761ed2bfef747f0cee576a1344bf0

SHA256
aa980d7514795cdb009ad8da7ac58aebbdcb17f0299ee5cd1c4492065304add1

SHA512
6681ea012637ca5154164f2e36edf30cd26556bc1b6a0bd79a85568c764ec5bb9b888f8c2cec40d685dbd9fc2e4e70daa1cac62aa9dca44a3125cf9a2a62522e

Download Submit
\Windows\system\deQofvd.exe

Filesize
6.0MB

MD5
bbac978b1211d8429071c72c346adc67

SHA1
d4dff2d377202af6820bdb7071a04a899d66b4d0

SHA256
1a292e742da5ceb81d9736cdf2b5aa9b26a31217ea772549726931f60e1d7202

SHA512
8a6454f1599b10b7ee58e380d22b70de7fda6a66aa4d816f1e3f03bd6bc9bb062fadf918b4fae4f5bd460c79e2c3beee43d69853afd7b2ffc1641756cd10be1b

Download Submit
\Windows\system\nzSFZVK.exe

Filesize
6.0MB

MD5
fdc51ee8dfe9c474d80d08ebddc3bd25

SHA1
abea906f5421e44f665213c114d61db918a6e907

SHA256
967de69bc1cceb9fcf4d7b2ba4aebc1ee47274dbb0d598772080ba14bded60c6

SHA512
967a1b07df2bc25d201cc55977d51d4b34afb87dace984595f34bc21d9964b3e3239606a0f536cd5648e7983a4b706b42239e3ebff3437f7d205987210759fc0

Download Submit
\Windows\system\wJvHsPr.exe

Filesize
6.0MB

MD5
6c026a19f51dfa89abf84a0ba29c344c

SHA1
9e541419a07699ae12309748a19dbc3b15ec25fa

SHA256
cd69f135c8e9b0e9dfbf890091991811412a0477233e2c09cc612cf929d0d713

SHA512
78278a77ddebf27c6e7daeb0ea6543cb339d755477adf0f052132bcbbee617f05fb5204d8f643352bf112033f3ba1a4a08c74aad88e23886568630c87cbf5b51

Download Submit
memory/1664-1998-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/1664-3311-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2032-21-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2032-3292-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2184-2090-0x00000000021D0000-0x0000000002524000-memory.dmp

Filesize
3.3MB

Download
memory/2184-2910-0x00000000021D0000-0x0000000002524000-memory.dmp

Filesize
3.3MB

Download
memory/2184-2010-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2184-1-0x0000000000200000-0x0000000000210000-memory.dmp

Filesize
64KB

Download
memory/2184-17-0x00000000021D0000-0x0000000002524000-memory.dmp

Filesize
3.3MB

Download
memory/2184-0-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2184-2018-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2184-2000-0x00000000021D0000-0x0000000002524000-memory.dmp

Filesize
3.3MB

Download
memory/2184-1964-0x00000000021D0000-0x0000000002524000-memory.dmp

Filesize
3.3MB

Download
memory/2184-2868-0x00000000021D0000-0x0000000002524000-memory.dmp

Filesize
3.3MB

Download
memory/2184-2874-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2184-2884-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2184-2246-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2184-2324-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-2885-0x00000000021D0000-0x0000000002524000-memory.dmp

Filesize
3.3MB

Download
memory/2184-2331-0x00000000021D0000-0x0000000002524000-memory.dmp

Filesize
3.3MB

Download
memory/2184-2886-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2184-2725-0x00000000021D0000-0x0000000002524000-memory.dmp

Filesize
3.3MB

Download
memory/2184-2724-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2184-2817-0x00000000021D0000-0x0000000002524000-memory.dmp

Filesize
3.3MB

Download
memory/2184-2887-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-2807-0x00000000021D0000-0x0000000002524000-memory.dmp

Filesize
3.3MB

Download
memory/2356-3293-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2356-18-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2404-3307-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2404-2805-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2404-20-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2744-3298-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2744-2007-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2768-2078-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2768-3310-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3309-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-2327-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-2015-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2816-3349-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2940-2239-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-3315-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-2322-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/3016-3308-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download