cobaltstrike | f35d1d85d6c1cf8c58c67fcad9116ad814d1ebcd3dfd82452a5288f1970f8a3a

Analysis

max time kernel
149s
max time network
120s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 18:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

c2faf880e52763b5a95a6f87143457e3
SHA1

947b1260bb7a0a426bbc2ebd33d255f94fb0e67e
SHA256

f35d1d85d6c1cf8c58c67fcad9116ad814d1ebcd3dfd82452a5288f1970f8a3a
SHA512

7463735d0ce99ce6dd992d3e7b2f6195bce43668a158087b8e2b2a6cb6ff4eac53fa7805150da8c2d1ab2cecc9cf497f47a3282171331b440b0246238093d416
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUd:T+q56utgpPF8u/7d

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012263-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d27-10.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d1f-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d42-20.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d66-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d4a-33.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016dbc-45.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001955c-65.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c0-84.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ff-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019605-143.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196ed-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d40-197.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d18-193.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c50-187.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c36-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c32-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019999-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001969b-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019659-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019603-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019601-134.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fe-124.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fd-119.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fb-113.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f9-104.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f7-94.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019581-70.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d0e-79.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016dc0-57.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/956-0-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/files/0x000c000000012263-3.dat	xmrig
behavioral1/memory/956-6-0x0000000002440000-0x0000000002794000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d27-10.dat	xmrig
behavioral1/files/0x0009000000016d1f-8.dat	xmrig
behavioral1/files/0x0008000000016d42-20.dat	xmrig
behavioral1/memory/980-19-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/2372-27-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2276-17-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2776-35-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/1972-37-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d66-39.dat	xmrig
behavioral1/memory/2900-44-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/956-34-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d4a-33.dat	xmrig
behavioral1/memory/956-24-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016dbc-45.dat	xmrig
behavioral1/memory/2276-53-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001955c-65.dat	xmrig
behavioral1/files/0x00050000000195c0-84.dat	xmrig
behavioral1/memory/2264-85-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2756-88-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195ff-128.dat	xmrig
behavioral1/files/0x0005000000019605-143.dat	xmrig
behavioral1/files/0x00050000000196ed-163.dat	xmrig
behavioral1/memory/1712-726-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/1800-881-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2756-526-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2264-432-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d40-197.dat	xmrig
behavioral1/files/0x0005000000019d18-193.dat	xmrig
behavioral1/files/0x0005000000019c50-187.dat	xmrig
behavioral1/files/0x0005000000019c36-183.dat	xmrig
behavioral1/files/0x0005000000019c34-179.dat	xmrig
behavioral1/files/0x0005000000019c32-173.dat	xmrig
behavioral1/files/0x0005000000019999-168.dat	xmrig
behavioral1/files/0x000500000001969b-158.dat	xmrig
behavioral1/files/0x0005000000019659-153.dat	xmrig
behavioral1/files/0x0005000000019615-148.dat	xmrig
behavioral1/files/0x0005000000019603-138.dat	xmrig
behavioral1/files/0x0005000000019601-134.dat	xmrig
behavioral1/files/0x00050000000195fe-124.dat	xmrig
behavioral1/files/0x00050000000195fd-119.dat	xmrig
behavioral1/files/0x00050000000195fb-113.dat	xmrig
behavioral1/memory/2644-110-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/956-109-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/1800-106-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2656-105-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195f9-104.dat	xmrig
behavioral1/memory/1712-96-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2768-95-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/files/0x00050000000195f7-94.dat	xmrig
behavioral1/memory/956-73-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/files/0x0005000000019581-70.dat	xmrig
behavioral1/memory/2900-87-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2776-83-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2944-82-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d0e-79.dat	xmrig
behavioral1/memory/2644-78-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2372-69-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2656-59-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/980-58-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/files/0x0009000000016dc0-57.dat	xmrig
behavioral1/memory/956-54-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1972	ZqHTdvV.exe
2276	KuAhbDY.exe
980	LrLmeCN.exe
2372	zmDKmji.exe
2776	CfxMyuE.exe
2900	naePnNw.exe
2768	dBiVvgF.exe
2656	mkJdJTF.exe
2644	XUDUlBE.exe
2944	kHAxGaO.exe
2264	IzDFcCG.exe
2756	zkYdybS.exe
1712	anzEqWw.exe
1800	aMeQueo.exe
1960	bRValQc.exe
1596	geTpPnM.exe
2700	NfyyDxI.exe
1692	OpDFThc.exe
1328	RPWBAjk.exe
268	UfSvvFZ.exe
272	mzufpYP.exe
2984	fdUdqxe.exe
2996	cZsagmJ.exe
3000	tOAVrvb.exe
2420	AyzYPxd.exe
2576	PUiyGhP.exe
3024	OSdcEtG.exe
1368	zAPmOag.exe
1736	SFhsjBp.exe
2980	gRhizIv.exe
1376	RDReVwn.exe
2464	AFhgsLk.exe
2040	cspAqEK.exe
1252	AGtvAgm.exe
768	bsEIHkR.exe
604	WfKSjbX.exe
752	vBwOAwR.exe
2364	ZjSBltf.exe
1548	Rwzygel.exe
2508	dTZChBK.exe
2052	DTgryAu.exe
2176	sqzDkiQ.exe
1648	bDmnhly.exe
2100	lOiupww.exe
3048	DFDOufi.exe
2496	VOuThfA.exe
1268	goWnHee.exe
2348	vwaYVqq.exe
1264	ZxoQgpX.exe
888	UFaNBNT.exe
2208	XoKurYp.exe
2448	zpieJBx.exe
1588	lbkclYW.exe
624	VuAVkgL.exe
1980	acjgPgl.exe
1028	xgiQPoo.exe
3056	MUnSlhU.exe
2300	RAAzOLk.exe
2808	SWOowHL.exe
2696	lWSvzOo.exe
1808	DnbUzgT.exe
1884	xsLvkFP.exe
1740	KWuobBC.exe
2280	NGqptNY.exe

Loads dropped DLL 64 IoCs

pid	Process
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/956-0-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/files/0x000c000000012263-3.dat	upx
behavioral1/memory/956-6-0x0000000002440000-0x0000000002794000-memory.dmp	upx
behavioral1/files/0x0008000000016d27-10.dat	upx
behavioral1/files/0x0009000000016d1f-8.dat	upx
behavioral1/files/0x0008000000016d42-20.dat	upx
behavioral1/memory/980-19-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/2372-27-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2276-17-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2776-35-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/1972-37-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/files/0x0007000000016d66-39.dat	upx
behavioral1/memory/2900-44-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/956-34-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/files/0x0007000000016d4a-33.dat	upx
behavioral1/files/0x0007000000016dbc-45.dat	upx
behavioral1/memory/2276-53-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/files/0x000500000001955c-65.dat	upx
behavioral1/files/0x00050000000195c0-84.dat	upx
behavioral1/memory/2264-85-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2756-88-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/files/0x00050000000195ff-128.dat	upx
behavioral1/files/0x0005000000019605-143.dat	upx
behavioral1/files/0x00050000000196ed-163.dat	upx
behavioral1/memory/1712-726-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/1800-881-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2756-526-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2264-432-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/files/0x0005000000019d40-197.dat	upx
behavioral1/files/0x0005000000019d18-193.dat	upx
behavioral1/files/0x0005000000019c50-187.dat	upx
behavioral1/files/0x0005000000019c36-183.dat	upx
behavioral1/files/0x0005000000019c34-179.dat	upx
behavioral1/files/0x0005000000019c32-173.dat	upx
behavioral1/files/0x0005000000019999-168.dat	upx
behavioral1/files/0x000500000001969b-158.dat	upx
behavioral1/files/0x0005000000019659-153.dat	upx
behavioral1/files/0x0005000000019615-148.dat	upx
behavioral1/files/0x0005000000019603-138.dat	upx
behavioral1/files/0x0005000000019601-134.dat	upx
behavioral1/files/0x00050000000195fe-124.dat	upx
behavioral1/files/0x00050000000195fd-119.dat	upx
behavioral1/files/0x00050000000195fb-113.dat	upx
behavioral1/memory/2644-110-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/1800-106-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2656-105-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/files/0x00050000000195f9-104.dat	upx
behavioral1/memory/1712-96-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2768-95-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/files/0x00050000000195f7-94.dat	upx
behavioral1/files/0x0005000000019581-70.dat	upx
behavioral1/memory/2900-87-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2776-83-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2944-82-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/files/0x0009000000016d0e-79.dat	upx
behavioral1/memory/2644-78-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2372-69-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2656-59-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/980-58-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/files/0x0009000000016dc0-57.dat	upx
behavioral1/memory/2768-50-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2372-3378-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2276-3375-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2900-3395-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\NsTucTz.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EFaMnCL.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AGQfYIX.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jtkIADl.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CNoGdYk.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\adhmJLN.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UlVyNEz.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bCvhfZt.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fWtdjyw.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PSpyHfE.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IjOPXXr.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cspAqEK.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RPRgDAU.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jMVscrO.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EJPvPua.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bYfksQT.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FfIJMXZ.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PqxYglQ.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DcPFLDg.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BfLIHfk.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rlquMqq.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NEwKHle.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HxBqFFV.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GuRPtlY.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uJVmGHD.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bTRTdqu.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nHrVgaC.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\smbDWBf.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VLEXhBz.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZHphSRf.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sPoleOk.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZAQCffB.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SRlwQox.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Uadanql.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xFpANDK.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RPWBAjk.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\giLRyVK.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SuMopXc.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KXVSWdS.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IifkFSr.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qFFbaNG.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QWErYBj.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jBYpPpj.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kZxfckp.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HnLlanM.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FMNqrKM.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QuKYdVT.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\crQSniU.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bvMhrxa.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FrUukmP.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wvBwqXY.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eqnSiAu.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hfVRjas.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JPXyECZ.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\laNYwdA.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fonSwtj.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZBDiggS.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fgAjqaz.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YXyoYFY.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pVkrUtq.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\giXvRqi.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pXWegEr.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Rwzygel.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rtjHiDx.exe	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 956 wrote to memory of 1972	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 956 wrote to memory of 1972	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 956 wrote to memory of 1972	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 956 wrote to memory of 2276	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 956 wrote to memory of 2276	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 956 wrote to memory of 2276	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 956 wrote to memory of 980	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 956 wrote to memory of 980	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 956 wrote to memory of 980	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 956 wrote to memory of 2372	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 956 wrote to memory of 2372	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 956 wrote to memory of 2372	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 956 wrote to memory of 2776	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 956 wrote to memory of 2776	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 956 wrote to memory of 2776	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 956 wrote to memory of 2900	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 956 wrote to memory of 2900	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 956 wrote to memory of 2900	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 956 wrote to memory of 2768	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 956 wrote to memory of 2768	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 956 wrote to memory of 2768	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 956 wrote to memory of 2656	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 956 wrote to memory of 2656	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 956 wrote to memory of 2656	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 956 wrote to memory of 2944	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 956 wrote to memory of 2944	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 956 wrote to memory of 2944	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 956 wrote to memory of 2644	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 956 wrote to memory of 2644	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 956 wrote to memory of 2644	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 956 wrote to memory of 2756	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 956 wrote to memory of 2756	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 956 wrote to memory of 2756	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 956 wrote to memory of 2264	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 956 wrote to memory of 2264	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 956 wrote to memory of 2264	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 956 wrote to memory of 1712	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 956 wrote to memory of 1712	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 956 wrote to memory of 1712	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 956 wrote to memory of 1800	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 956 wrote to memory of 1800	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 956 wrote to memory of 1800	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 956 wrote to memory of 1960	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 956 wrote to memory of 1960	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 956 wrote to memory of 1960	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 956 wrote to memory of 1596	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 956 wrote to memory of 1596	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 956 wrote to memory of 1596	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 956 wrote to memory of 2700	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 956 wrote to memory of 2700	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 956 wrote to memory of 2700	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 956 wrote to memory of 1692	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 956 wrote to memory of 1692	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 956 wrote to memory of 1692	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 956 wrote to memory of 1328	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 956 wrote to memory of 1328	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 956 wrote to memory of 1328	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 956 wrote to memory of 268	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 956 wrote to memory of 268	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 956 wrote to memory of 268	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 956 wrote to memory of 272	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 956 wrote to memory of 272	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 956 wrote to memory of 272	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 956 wrote to memory of 2984	956	2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_c2faf880e52763b5a95a6f87143457e3_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:956
- C:\Windows\System\ZqHTdvV.exe
  C:\Windows\System\ZqHTdvV.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\KuAhbDY.exe
  C:\Windows\System\KuAhbDY.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\LrLmeCN.exe
  C:\Windows\System\LrLmeCN.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\zmDKmji.exe
  C:\Windows\System\zmDKmji.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\CfxMyuE.exe
  C:\Windows\System\CfxMyuE.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\naePnNw.exe
  C:\Windows\System\naePnNw.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\dBiVvgF.exe
  C:\Windows\System\dBiVvgF.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\mkJdJTF.exe
  C:\Windows\System\mkJdJTF.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\kHAxGaO.exe
  C:\Windows\System\kHAxGaO.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\XUDUlBE.exe
  C:\Windows\System\XUDUlBE.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\zkYdybS.exe
  C:\Windows\System\zkYdybS.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\IzDFcCG.exe
  C:\Windows\System\IzDFcCG.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\anzEqWw.exe
  C:\Windows\System\anzEqWw.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\aMeQueo.exe
  C:\Windows\System\aMeQueo.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\bRValQc.exe
  C:\Windows\System\bRValQc.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\geTpPnM.exe
  C:\Windows\System\geTpPnM.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\NfyyDxI.exe
  C:\Windows\System\NfyyDxI.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\OpDFThc.exe
  C:\Windows\System\OpDFThc.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\RPWBAjk.exe
  C:\Windows\System\RPWBAjk.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\UfSvvFZ.exe
  C:\Windows\System\UfSvvFZ.exe
  2⤵
  - Executes dropped EXE
  PID:268
- C:\Windows\System\mzufpYP.exe
  C:\Windows\System\mzufpYP.exe
  2⤵
  - Executes dropped EXE
  PID:272
- C:\Windows\System\fdUdqxe.exe
  C:\Windows\System\fdUdqxe.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\cZsagmJ.exe
  C:\Windows\System\cZsagmJ.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\tOAVrvb.exe
  C:\Windows\System\tOAVrvb.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\AyzYPxd.exe
  C:\Windows\System\AyzYPxd.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\PUiyGhP.exe
  C:\Windows\System\PUiyGhP.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\OSdcEtG.exe
  C:\Windows\System\OSdcEtG.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\zAPmOag.exe
  C:\Windows\System\zAPmOag.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\SFhsjBp.exe
  C:\Windows\System\SFhsjBp.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\gRhizIv.exe
  C:\Windows\System\gRhizIv.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\RDReVwn.exe
  C:\Windows\System\RDReVwn.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\AFhgsLk.exe
  C:\Windows\System\AFhgsLk.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\cspAqEK.exe
  C:\Windows\System\cspAqEK.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\AGtvAgm.exe
  C:\Windows\System\AGtvAgm.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\bsEIHkR.exe
  C:\Windows\System\bsEIHkR.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\WfKSjbX.exe
  C:\Windows\System\WfKSjbX.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\vBwOAwR.exe
  C:\Windows\System\vBwOAwR.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\ZjSBltf.exe
  C:\Windows\System\ZjSBltf.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\Rwzygel.exe
  C:\Windows\System\Rwzygel.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\dTZChBK.exe
  C:\Windows\System\dTZChBK.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\DTgryAu.exe
  C:\Windows\System\DTgryAu.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\sqzDkiQ.exe
  C:\Windows\System\sqzDkiQ.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\bDmnhly.exe
  C:\Windows\System\bDmnhly.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\lOiupww.exe
  C:\Windows\System\lOiupww.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\DFDOufi.exe
  C:\Windows\System\DFDOufi.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\VOuThfA.exe
  C:\Windows\System\VOuThfA.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\goWnHee.exe
  C:\Windows\System\goWnHee.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\vwaYVqq.exe
  C:\Windows\System\vwaYVqq.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\ZxoQgpX.exe
  C:\Windows\System\ZxoQgpX.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\UFaNBNT.exe
  C:\Windows\System\UFaNBNT.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\XoKurYp.exe
  C:\Windows\System\XoKurYp.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\zpieJBx.exe
  C:\Windows\System\zpieJBx.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\lbkclYW.exe
  C:\Windows\System\lbkclYW.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\VuAVkgL.exe
  C:\Windows\System\VuAVkgL.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\acjgPgl.exe
  C:\Windows\System\acjgPgl.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\xgiQPoo.exe
  C:\Windows\System\xgiQPoo.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\MUnSlhU.exe
  C:\Windows\System\MUnSlhU.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\RAAzOLk.exe
  C:\Windows\System\RAAzOLk.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\SWOowHL.exe
  C:\Windows\System\SWOowHL.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\lWSvzOo.exe
  C:\Windows\System\lWSvzOo.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\DnbUzgT.exe
  C:\Windows\System\DnbUzgT.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\xsLvkFP.exe
  C:\Windows\System\xsLvkFP.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\KWuobBC.exe
  C:\Windows\System\KWuobBC.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\NGqptNY.exe
  C:\Windows\System\NGqptNY.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\NzkLYFk.exe
  C:\Windows\System\NzkLYFk.exe
  2⤵
  PID:1444
- C:\Windows\System\DPbiLIl.exe
  C:\Windows\System\DPbiLIl.exe
  2⤵
  PID:2008
- C:\Windows\System\tYNcCoz.exe
  C:\Windows\System\tYNcCoz.exe
  2⤵
  PID:3012
- C:\Windows\System\RhxCWzV.exe
  C:\Windows\System\RhxCWzV.exe
  2⤵
  PID:2112
- C:\Windows\System\AliivzP.exe
  C:\Windows\System\AliivzP.exe
  2⤵
  PID:2360
- C:\Windows\System\klrPglz.exe
  C:\Windows\System\klrPglz.exe
  2⤵
  PID:1768
- C:\Windows\System\hnUWsWx.exe
  C:\Windows\System\hnUWsWx.exe
  2⤵
  PID:1432
- C:\Windows\System\rboXVMi.exe
  C:\Windows\System\rboXVMi.exe
  2⤵
  PID:1348
- C:\Windows\System\ABGdFTs.exe
  C:\Windows\System\ABGdFTs.exe
  2⤵
  PID:1576
- C:\Windows\System\YhFBSaj.exe
  C:\Windows\System\YhFBSaj.exe
  2⤵
  PID:912
- C:\Windows\System\TYffswi.exe
  C:\Windows\System\TYffswi.exe
  2⤵
  PID:1040
- C:\Windows\System\PmwFRRx.exe
  C:\Windows\System\PmwFRRx.exe
  2⤵
  PID:2580
- C:\Windows\System\NEwKHle.exe
  C:\Windows\System\NEwKHle.exe
  2⤵
  PID:1760
- C:\Windows\System\RLfvGNN.exe
  C:\Windows\System\RLfvGNN.exe
  2⤵
  PID:2152
- C:\Windows\System\wuGZsla.exe
  C:\Windows\System\wuGZsla.exe
  2⤵
  PID:1744
- C:\Windows\System\BratTNe.exe
  C:\Windows\System\BratTNe.exe
  2⤵
  PID:2060
- C:\Windows\System\vGAWBrY.exe
  C:\Windows\System\vGAWBrY.exe
  2⤵
  PID:2428
- C:\Windows\System\KHzxnBk.exe
  C:\Windows\System\KHzxnBk.exe
  2⤵
  PID:2444
- C:\Windows\System\MuwYiOR.exe
  C:\Windows\System\MuwYiOR.exe
  2⤵
  PID:1944
- C:\Windows\System\lOwiXHj.exe
  C:\Windows\System\lOwiXHj.exe
  2⤵
  PID:1788
- C:\Windows\System\aNUrMDP.exe
  C:\Windows\System\aNUrMDP.exe
  2⤵
  PID:2296
- C:\Windows\System\SODyiZu.exe
  C:\Windows\System\SODyiZu.exe
  2⤵
  PID:1704
- C:\Windows\System\nSQgIuU.exe
  C:\Windows\System\nSQgIuU.exe
  2⤵
  PID:2784
- C:\Windows\System\JyFpazj.exe
  C:\Windows\System\JyFpazj.exe
  2⤵
  PID:1976
- C:\Windows\System\nejBewa.exe
  C:\Windows\System\nejBewa.exe
  2⤵
  PID:2720
- C:\Windows\System\DTmAWqd.exe
  C:\Windows\System\DTmAWqd.exe
  2⤵
  PID:2636
- C:\Windows\System\dHjqjep.exe
  C:\Windows\System\dHjqjep.exe
  2⤵
  PID:1496
- C:\Windows\System\JeKUejS.exe
  C:\Windows\System\JeKUejS.exe
  2⤵
  PID:1048
- C:\Windows\System\bmEgbYg.exe
  C:\Windows\System\bmEgbYg.exe
  2⤵
  PID:840
- C:\Windows\System\WnMSelT.exe
  C:\Windows\System\WnMSelT.exe
  2⤵
  PID:1668
- C:\Windows\System\giLRyVK.exe
  C:\Windows\System\giLRyVK.exe
  2⤵
  PID:1828
- C:\Windows\System\iqcPXcA.exe
  C:\Windows\System\iqcPXcA.exe
  2⤵
  PID:2672
- C:\Windows\System\GniWIxS.exe
  C:\Windows\System\GniWIxS.exe
  2⤵
  PID:696
- C:\Windows\System\bTRTdqu.exe
  C:\Windows\System\bTRTdqu.exe
  2⤵
  PID:1240
- C:\Windows\System\JPXyECZ.exe
  C:\Windows\System\JPXyECZ.exe
  2⤵
  PID:2120
- C:\Windows\System\FsUWmWL.exe
  C:\Windows\System\FsUWmWL.exe
  2⤵
  PID:1676
- C:\Windows\System\eogmzzt.exe
  C:\Windows\System\eogmzzt.exe
  2⤵
  PID:740
- C:\Windows\System\TRQQZUb.exe
  C:\Windows\System\TRQQZUb.exe
  2⤵
  PID:2032
- C:\Windows\System\kCnAdJR.exe
  C:\Windows\System\kCnAdJR.exe
  2⤵
  PID:960
- C:\Windows\System\teSYWTZ.exe
  C:\Windows\System\teSYWTZ.exe
  2⤵
  PID:2232
- C:\Windows\System\vJAknnQ.exe
  C:\Windows\System\vJAknnQ.exe
  2⤵
  PID:1568
- C:\Windows\System\uwcvWpU.exe
  C:\Windows\System\uwcvWpU.exe
  2⤵
  PID:2876
- C:\Windows\System\UAcEZwm.exe
  C:\Windows\System\UAcEZwm.exe
  2⤵
  PID:3040
- C:\Windows\System\QeuvrNK.exe
  C:\Windows\System\QeuvrNK.exe
  2⤵
  PID:2664
- C:\Windows\System\JJCHbyC.exe
  C:\Windows\System\JJCHbyC.exe
  2⤵
  PID:2356
- C:\Windows\System\gRunaXM.exe
  C:\Windows\System\gRunaXM.exe
  2⤵
  PID:632
- C:\Windows\System\bzPdtFZ.exe
  C:\Windows\System\bzPdtFZ.exe
  2⤵
  PID:2016
- C:\Windows\System\tOXCAHR.exe
  C:\Windows\System\tOXCAHR.exe
  2⤵
  PID:3096
- C:\Windows\System\ATlDNjI.exe
  C:\Windows\System\ATlDNjI.exe
  2⤵
  PID:3116
- C:\Windows\System\ezvQsCd.exe
  C:\Windows\System\ezvQsCd.exe
  2⤵
  PID:3136
- C:\Windows\System\NCtxJsI.exe
  C:\Windows\System\NCtxJsI.exe
  2⤵
  PID:3156
- C:\Windows\System\SuMopXc.exe
  C:\Windows\System\SuMopXc.exe
  2⤵
  PID:3176
- C:\Windows\System\ZzNmqyb.exe
  C:\Windows\System\ZzNmqyb.exe
  2⤵
  PID:3196
- C:\Windows\System\FefAjkA.exe
  C:\Windows\System\FefAjkA.exe
  2⤵
  PID:3216
- C:\Windows\System\laNYwdA.exe
  C:\Windows\System\laNYwdA.exe
  2⤵
  PID:3236
- C:\Windows\System\fQYNPxa.exe
  C:\Windows\System\fQYNPxa.exe
  2⤵
  PID:3256
- C:\Windows\System\upNUBiI.exe
  C:\Windows\System\upNUBiI.exe
  2⤵
  PID:3276
- C:\Windows\System\WpYCEWv.exe
  C:\Windows\System\WpYCEWv.exe
  2⤵
  PID:3296
- C:\Windows\System\XNLAwXn.exe
  C:\Windows\System\XNLAwXn.exe
  2⤵
  PID:3316
- C:\Windows\System\KgwpERB.exe
  C:\Windows\System\KgwpERB.exe
  2⤵
  PID:3336
- C:\Windows\System\LwDZkPB.exe
  C:\Windows\System\LwDZkPB.exe
  2⤵
  PID:3356
- C:\Windows\System\LbBIJTK.exe
  C:\Windows\System\LbBIJTK.exe
  2⤵
  PID:3376
- C:\Windows\System\PbcmzqT.exe
  C:\Windows\System\PbcmzqT.exe
  2⤵
  PID:3396
- C:\Windows\System\cVhlxsk.exe
  C:\Windows\System\cVhlxsk.exe
  2⤵
  PID:3412
- C:\Windows\System\gtBtiBx.exe
  C:\Windows\System\gtBtiBx.exe
  2⤵
  PID:3436
- C:\Windows\System\BXceQCD.exe
  C:\Windows\System\BXceQCD.exe
  2⤵
  PID:3456
- C:\Windows\System\yLiOvPw.exe
  C:\Windows\System\yLiOvPw.exe
  2⤵
  PID:3476
- C:\Windows\System\aUIpUdl.exe
  C:\Windows\System\aUIpUdl.exe
  2⤵
  PID:3496
- C:\Windows\System\YqKsklj.exe
  C:\Windows\System\YqKsklj.exe
  2⤵
  PID:3516
- C:\Windows\System\IpJpjDA.exe
  C:\Windows\System\IpJpjDA.exe
  2⤵
  PID:3536
- C:\Windows\System\cSeUHTs.exe
  C:\Windows\System\cSeUHTs.exe
  2⤵
  PID:3556
- C:\Windows\System\OGyFmTo.exe
  C:\Windows\System\OGyFmTo.exe
  2⤵
  PID:3576
- C:\Windows\System\bcYfHIt.exe
  C:\Windows\System\bcYfHIt.exe
  2⤵
  PID:3596
- C:\Windows\System\CVNDKbL.exe
  C:\Windows\System\CVNDKbL.exe
  2⤵
  PID:3616
- C:\Windows\System\NLlyrGT.exe
  C:\Windows\System\NLlyrGT.exe
  2⤵
  PID:3636
- C:\Windows\System\pWmDgIP.exe
  C:\Windows\System\pWmDgIP.exe
  2⤵
  PID:3656
- C:\Windows\System\JfEDVhU.exe
  C:\Windows\System\JfEDVhU.exe
  2⤵
  PID:3680
- C:\Windows\System\YCCYEXx.exe
  C:\Windows\System\YCCYEXx.exe
  2⤵
  PID:3700
- C:\Windows\System\tsTCVQH.exe
  C:\Windows\System\tsTCVQH.exe
  2⤵
  PID:3720
- C:\Windows\System\DnrWLwq.exe
  C:\Windows\System\DnrWLwq.exe
  2⤵
  PID:3736
- C:\Windows\System\AiyZdwP.exe
  C:\Windows\System\AiyZdwP.exe
  2⤵
  PID:3760
- C:\Windows\System\eYycuXw.exe
  C:\Windows\System\eYycuXw.exe
  2⤵
  PID:3780
- C:\Windows\System\xgwPQab.exe
  C:\Windows\System\xgwPQab.exe
  2⤵
  PID:3800
- C:\Windows\System\qqGDVxI.exe
  C:\Windows\System\qqGDVxI.exe
  2⤵
  PID:3820
- C:\Windows\System\HlsPDow.exe
  C:\Windows\System\HlsPDow.exe
  2⤵
  PID:3840
- C:\Windows\System\bddVnRd.exe
  C:\Windows\System\bddVnRd.exe
  2⤵
  PID:3860
- C:\Windows\System\JMwAWxF.exe
  C:\Windows\System\JMwAWxF.exe
  2⤵
  PID:3880
- C:\Windows\System\DdwydFL.exe
  C:\Windows\System\DdwydFL.exe
  2⤵
  PID:3900
- C:\Windows\System\dITNLOl.exe
  C:\Windows\System\dITNLOl.exe
  2⤵
  PID:3920
- C:\Windows\System\NZeGXck.exe
  C:\Windows\System\NZeGXck.exe
  2⤵
  PID:3940
- C:\Windows\System\XYURRMu.exe
  C:\Windows\System\XYURRMu.exe
  2⤵
  PID:3964
- C:\Windows\System\iZycxzC.exe
  C:\Windows\System\iZycxzC.exe
  2⤵
  PID:3980
- C:\Windows\System\enhpknY.exe
  C:\Windows\System\enhpknY.exe
  2⤵
  PID:4004
- C:\Windows\System\cnJNDZR.exe
  C:\Windows\System\cnJNDZR.exe
  2⤵
  PID:4024
- C:\Windows\System\rSVqduI.exe
  C:\Windows\System\rSVqduI.exe
  2⤵
  PID:4044
- C:\Windows\System\CeptJtx.exe
  C:\Windows\System\CeptJtx.exe
  2⤵
  PID:4064
- C:\Windows\System\fEHHVZA.exe
  C:\Windows\System\fEHHVZA.exe
  2⤵
  PID:4084
- C:\Windows\System\APXvphG.exe
  C:\Windows\System\APXvphG.exe
  2⤵
  PID:3068
- C:\Windows\System\wSBYAGl.exe
  C:\Windows\System\wSBYAGl.exe
  2⤵
  PID:1532
- C:\Windows\System\ICQPbBx.exe
  C:\Windows\System\ICQPbBx.exe
  2⤵
  PID:1388
- C:\Windows\System\HzbCiwt.exe
  C:\Windows\System\HzbCiwt.exe
  2⤵
  PID:2596
- C:\Windows\System\ZXulfip.exe
  C:\Windows\System\ZXulfip.exe
  2⤵
  PID:3036
- C:\Windows\System\PabQYQv.exe
  C:\Windows\System\PabQYQv.exe
  2⤵
  PID:1816
- C:\Windows\System\bYduGWG.exe
  C:\Windows\System\bYduGWG.exe
  2⤵
  PID:2436
- C:\Windows\System\WYFOtxo.exe
  C:\Windows\System\WYFOtxo.exe
  2⤵
  PID:2804
- C:\Windows\System\ReEaxpU.exe
  C:\Windows\System\ReEaxpU.exe
  2⤵
  PID:1896
- C:\Windows\System\ewdNdcQ.exe
  C:\Windows\System\ewdNdcQ.exe
  2⤵
  PID:3108
- C:\Windows\System\OKWGfhs.exe
  C:\Windows\System\OKWGfhs.exe
  2⤵
  PID:3088
- C:\Windows\System\AdfVIbD.exe
  C:\Windows\System\AdfVIbD.exe
  2⤵
  PID:3144
- C:\Windows\System\aSGakLf.exe
  C:\Windows\System\aSGakLf.exe
  2⤵
  PID:3184
- C:\Windows\System\GkpYIof.exe
  C:\Windows\System\GkpYIof.exe
  2⤵
  PID:3232
- C:\Windows\System\AUYVaxV.exe
  C:\Windows\System\AUYVaxV.exe
  2⤵
  PID:3272
- C:\Windows\System\XhsQgwI.exe
  C:\Windows\System\XhsQgwI.exe
  2⤵
  PID:3284
- C:\Windows\System\uvTszUH.exe
  C:\Windows\System\uvTszUH.exe
  2⤵
  PID:3308
- C:\Windows\System\hUvYGdc.exe
  C:\Windows\System\hUvYGdc.exe
  2⤵
  PID:3344
- C:\Windows\System\VhuMhQO.exe
  C:\Windows\System\VhuMhQO.exe
  2⤵
  PID:3372
- C:\Windows\System\XpcAmFo.exe
  C:\Windows\System\XpcAmFo.exe
  2⤵
  PID:3432
- C:\Windows\System\NzSyvXo.exe
  C:\Windows\System\NzSyvXo.exe
  2⤵
  PID:3444
- C:\Windows\System\nBgNemF.exe
  C:\Windows\System\nBgNemF.exe
  2⤵
  PID:3504
- C:\Windows\System\fPdFGQs.exe
  C:\Windows\System\fPdFGQs.exe
  2⤵
  PID:3492
- C:\Windows\System\goIIaWu.exe
  C:\Windows\System\goIIaWu.exe
  2⤵
  PID:3548
- C:\Windows\System\dwTKrnm.exe
  C:\Windows\System\dwTKrnm.exe
  2⤵
  PID:3588
- C:\Windows\System\djjpsMb.exe
  C:\Windows\System\djjpsMb.exe
  2⤵
  PID:3628
- C:\Windows\System\kQiacCB.exe
  C:\Windows\System\kQiacCB.exe
  2⤵
  PID:3644
- C:\Windows\System\UIKiEXD.exe
  C:\Windows\System\UIKiEXD.exe
  2⤵
  PID:3708
- C:\Windows\System\oCvcjtM.exe
  C:\Windows\System\oCvcjtM.exe
  2⤵
  PID:3712
- C:\Windows\System\ciSyBRO.exe
  C:\Windows\System\ciSyBRO.exe
  2⤵
  PID:3748
- C:\Windows\System\lamSFMB.exe
  C:\Windows\System\lamSFMB.exe
  2⤵
  PID:3768
- C:\Windows\System\DcGNFFg.exe
  C:\Windows\System\DcGNFFg.exe
  2⤵
  PID:3808
- C:\Windows\System\xyoPgWO.exe
  C:\Windows\System\xyoPgWO.exe
  2⤵
  PID:3876
- C:\Windows\System\ERGsXDf.exe
  C:\Windows\System\ERGsXDf.exe
  2⤵
  PID:3872
- C:\Windows\System\jRXinPF.exe
  C:\Windows\System\jRXinPF.exe
  2⤵
  PID:3912
- C:\Windows\System\VuIWRIb.exe
  C:\Windows\System\VuIWRIb.exe
  2⤵
  PID:3936
- C:\Windows\System\LqbJwlr.exe
  C:\Windows\System\LqbJwlr.exe
  2⤵
  PID:3972
- C:\Windows\System\fOUxvYO.exe
  C:\Windows\System\fOUxvYO.exe
  2⤵
  PID:4036
- C:\Windows\System\nLXXCmr.exe
  C:\Windows\System\nLXXCmr.exe
  2⤵
  PID:4052
- C:\Windows\System\GXLvNAo.exe
  C:\Windows\System\GXLvNAo.exe
  2⤵
  PID:2172
- C:\Windows\System\KoUxKaM.exe
  C:\Windows\System\KoUxKaM.exe
  2⤵
  PID:448
- C:\Windows\System\ENJFgJV.exe
  C:\Windows\System\ENJFgJV.exe
  2⤵
  PID:1124
- C:\Windows\System\LHlfFmQ.exe
  C:\Windows\System\LHlfFmQ.exe
  2⤵
  PID:1284
- C:\Windows\System\PqehuHL.exe
  C:\Windows\System\PqehuHL.exe
  2⤵
  PID:2752
- C:\Windows\System\ibAYzob.exe
  C:\Windows\System\ibAYzob.exe
  2⤵
  PID:1700
- C:\Windows\System\CfxVzuy.exe
  C:\Windows\System\CfxVzuy.exe
  2⤵
  PID:2240
- C:\Windows\System\bSierpe.exe
  C:\Windows\System\bSierpe.exe
  2⤵
  PID:3128
- C:\Windows\System\ZIctGtw.exe
  C:\Windows\System\ZIctGtw.exe
  2⤵
  PID:3164
- C:\Windows\System\ZgPMZSl.exe
  C:\Windows\System\ZgPMZSl.exe
  2⤵
  PID:3252
- C:\Windows\System\YRoqJHB.exe
  C:\Windows\System\YRoqJHB.exe
  2⤵
  PID:3328
- C:\Windows\System\TzprBSL.exe
  C:\Windows\System\TzprBSL.exe
  2⤵
  PID:3388
- C:\Windows\System\OVXvlBW.exe
  C:\Windows\System\OVXvlBW.exe
  2⤵
  PID:3420
- C:\Windows\System\NwlRezG.exe
  C:\Windows\System\NwlRezG.exe
  2⤵
  PID:3408
- C:\Windows\System\DrMOlby.exe
  C:\Windows\System\DrMOlby.exe
  2⤵
  PID:3544
- C:\Windows\System\ikybEwj.exe
  C:\Windows\System\ikybEwj.exe
  2⤵
  PID:3584
- C:\Windows\System\fUYWNgf.exe
  C:\Windows\System\fUYWNgf.exe
  2⤵
  PID:3668
- C:\Windows\System\RCQTLnc.exe
  C:\Windows\System\RCQTLnc.exe
  2⤵
  PID:3752
- C:\Windows\System\GALsPHP.exe
  C:\Windows\System\GALsPHP.exe
  2⤵
  PID:3772
- C:\Windows\System\ndntVHJ.exe
  C:\Windows\System\ndntVHJ.exe
  2⤵
  PID:3792
- C:\Windows\System\qWVyQwF.exe
  C:\Windows\System\qWVyQwF.exe
  2⤵
  PID:3960
- C:\Windows\System\hHBairS.exe
  C:\Windows\System\hHBairS.exe
  2⤵
  PID:3896
- C:\Windows\System\eXARaNB.exe
  C:\Windows\System\eXARaNB.exe
  2⤵
  PID:4000
- C:\Windows\System\TlGcCEi.exe
  C:\Windows\System\TlGcCEi.exe
  2⤵
  PID:4080
- C:\Windows\System\UttCCYB.exe
  C:\Windows\System\UttCCYB.exe
  2⤵
  PID:1536
- C:\Windows\System\HJIoRFb.exe
  C:\Windows\System\HJIoRFb.exe
  2⤵
  PID:2132
- C:\Windows\System\pouysOS.exe
  C:\Windows\System\pouysOS.exe
  2⤵
  PID:2288
- C:\Windows\System\vhzftuS.exe
  C:\Windows\System\vhzftuS.exe
  2⤵
  PID:2744
- C:\Windows\System\lJhmMml.exe
  C:\Windows\System\lJhmMml.exe
  2⤵
  PID:3204
- C:\Windows\System\WHUlWQm.exe
  C:\Windows\System\WHUlWQm.exe
  2⤵
  PID:3084
- C:\Windows\System\iGExJOA.exe
  C:\Windows\System\iGExJOA.exe
  2⤵
  PID:3208
- C:\Windows\System\eFPoNLz.exe
  C:\Windows\System\eFPoNLz.exe
  2⤵
  PID:3384
- C:\Windows\System\AZyXhPu.exe
  C:\Windows\System\AZyXhPu.exe
  2⤵
  PID:3472
- C:\Windows\System\azXKjnF.exe
  C:\Windows\System\azXKjnF.exe
  2⤵
  PID:3532
- C:\Windows\System\volCBKa.exe
  C:\Windows\System\volCBKa.exe
  2⤵
  PID:3624
- C:\Windows\System\kAXnMRf.exe
  C:\Windows\System\kAXnMRf.exe
  2⤵
  PID:3728
- C:\Windows\System\cPizddU.exe
  C:\Windows\System\cPizddU.exe
  2⤵
  PID:3856
- C:\Windows\System\oXDiJiJ.exe
  C:\Windows\System\oXDiJiJ.exe
  2⤵
  PID:3852
- C:\Windows\System\ktLmNmE.exe
  C:\Windows\System\ktLmNmE.exe
  2⤵
  PID:3988
- C:\Windows\System\xxDfzAR.exe
  C:\Windows\System\xxDfzAR.exe
  2⤵
  PID:4076
- C:\Windows\System\SlHMswj.exe
  C:\Windows\System\SlHMswj.exe
  2⤵
  PID:2460
- C:\Windows\System\zfiMucW.exe
  C:\Windows\System\zfiMucW.exe
  2⤵
  PID:2964
- C:\Windows\System\qhzbTjl.exe
  C:\Windows\System\qhzbTjl.exe
  2⤵
  PID:3104
- C:\Windows\System\IEJfcNi.exe
  C:\Windows\System\IEJfcNi.exe
  2⤵
  PID:3124
- C:\Windows\System\bKreDVu.exe
  C:\Windows\System\bKreDVu.exe
  2⤵
  PID:3404
- C:\Windows\System\MFWmghb.exe
  C:\Windows\System\MFWmghb.exe
  2⤵
  PID:3508
- C:\Windows\System\osXMXdA.exe
  C:\Windows\System\osXMXdA.exe
  2⤵
  PID:3568
- C:\Windows\System\BJRStPc.exe
  C:\Windows\System\BJRStPc.exe
  2⤵
  PID:3676
- C:\Windows\System\WoDPJxr.exe
  C:\Windows\System\WoDPJxr.exe
  2⤵
  PID:2788
- C:\Windows\System\pTAiwha.exe
  C:\Windows\System\pTAiwha.exe
  2⤵
  PID:3020
- C:\Windows\System\dZJKIxE.exe
  C:\Windows\System\dZJKIxE.exe
  2⤵
  PID:2416
- C:\Windows\System\tVxtgrj.exe
  C:\Windows\System\tVxtgrj.exe
  2⤵
  PID:4112
- C:\Windows\System\fvXafgi.exe
  C:\Windows\System\fvXafgi.exe
  2⤵
  PID:4132
- C:\Windows\System\tDrqmNQ.exe
  C:\Windows\System\tDrqmNQ.exe
  2⤵
  PID:4152
- C:\Windows\System\UeqEkgR.exe
  C:\Windows\System\UeqEkgR.exe
  2⤵
  PID:4172
- C:\Windows\System\zPtfMla.exe
  C:\Windows\System\zPtfMla.exe
  2⤵
  PID:4192
- C:\Windows\System\yUwjJPH.exe
  C:\Windows\System\yUwjJPH.exe
  2⤵
  PID:4212
- C:\Windows\System\PBaLTTe.exe
  C:\Windows\System\PBaLTTe.exe
  2⤵
  PID:4236
- C:\Windows\System\MDAGDwe.exe
  C:\Windows\System\MDAGDwe.exe
  2⤵
  PID:4252
- C:\Windows\System\wvExgJz.exe
  C:\Windows\System\wvExgJz.exe
  2⤵
  PID:4272
- C:\Windows\System\RWNslZs.exe
  C:\Windows\System\RWNslZs.exe
  2⤵
  PID:4296
- C:\Windows\System\iIWMiSV.exe
  C:\Windows\System\iIWMiSV.exe
  2⤵
  PID:4316
- C:\Windows\System\FfTMsHy.exe
  C:\Windows\System\FfTMsHy.exe
  2⤵
  PID:4336
- C:\Windows\System\NkONRfe.exe
  C:\Windows\System\NkONRfe.exe
  2⤵
  PID:4356
- C:\Windows\System\tUyhePK.exe
  C:\Windows\System\tUyhePK.exe
  2⤵
  PID:4376
- C:\Windows\System\cfKXCKV.exe
  C:\Windows\System\cfKXCKV.exe
  2⤵
  PID:4396
- C:\Windows\System\dGpYWVj.exe
  C:\Windows\System\dGpYWVj.exe
  2⤵
  PID:4416
- C:\Windows\System\hhMejGf.exe
  C:\Windows\System\hhMejGf.exe
  2⤵
  PID:4436
- C:\Windows\System\zMHPjlm.exe
  C:\Windows\System\zMHPjlm.exe
  2⤵
  PID:4456
- C:\Windows\System\ItANoQY.exe
  C:\Windows\System\ItANoQY.exe
  2⤵
  PID:4476
- C:\Windows\System\mXsSekQ.exe
  C:\Windows\System\mXsSekQ.exe
  2⤵
  PID:4496
- C:\Windows\System\ZUFTSCi.exe
  C:\Windows\System\ZUFTSCi.exe
  2⤵
  PID:4516
- C:\Windows\System\qKEkNMc.exe
  C:\Windows\System\qKEkNMc.exe
  2⤵
  PID:4536
- C:\Windows\System\xPjHPmb.exe
  C:\Windows\System\xPjHPmb.exe
  2⤵
  PID:4556
- C:\Windows\System\sWBpVeo.exe
  C:\Windows\System\sWBpVeo.exe
  2⤵
  PID:4576
- C:\Windows\System\gVYMKtp.exe
  C:\Windows\System\gVYMKtp.exe
  2⤵
  PID:4596
- C:\Windows\System\GEEjzAc.exe
  C:\Windows\System\GEEjzAc.exe
  2⤵
  PID:4616
- C:\Windows\System\CcxwGJK.exe
  C:\Windows\System\CcxwGJK.exe
  2⤵
  PID:4636
- C:\Windows\System\wAyHaUB.exe
  C:\Windows\System\wAyHaUB.exe
  2⤵
  PID:4656
- C:\Windows\System\ydTQHQZ.exe
  C:\Windows\System\ydTQHQZ.exe
  2⤵
  PID:4676
- C:\Windows\System\MgaiZpM.exe
  C:\Windows\System\MgaiZpM.exe
  2⤵
  PID:4696
- C:\Windows\System\iLUBnYQ.exe
  C:\Windows\System\iLUBnYQ.exe
  2⤵
  PID:4716
- C:\Windows\System\uWtvkHo.exe
  C:\Windows\System\uWtvkHo.exe
  2⤵
  PID:4736
- C:\Windows\System\cbQlKxX.exe
  C:\Windows\System\cbQlKxX.exe
  2⤵
  PID:4756
- C:\Windows\System\QBrfjdn.exe
  C:\Windows\System\QBrfjdn.exe
  2⤵
  PID:4776
- C:\Windows\System\BEDhDhR.exe
  C:\Windows\System\BEDhDhR.exe
  2⤵
  PID:4796
- C:\Windows\System\AeQDEnh.exe
  C:\Windows\System\AeQDEnh.exe
  2⤵
  PID:4816
- C:\Windows\System\bXhqjEH.exe
  C:\Windows\System\bXhqjEH.exe
  2⤵
  PID:4836
- C:\Windows\System\ZMgjaSl.exe
  C:\Windows\System\ZMgjaSl.exe
  2⤵
  PID:4860
- C:\Windows\System\YvUJUKl.exe
  C:\Windows\System\YvUJUKl.exe
  2⤵
  PID:4880
- C:\Windows\System\HRCMIAr.exe
  C:\Windows\System\HRCMIAr.exe
  2⤵
  PID:4900
- C:\Windows\System\aiABsrx.exe
  C:\Windows\System\aiABsrx.exe
  2⤵
  PID:4920
- C:\Windows\System\NRhKmdv.exe
  C:\Windows\System\NRhKmdv.exe
  2⤵
  PID:4940
- C:\Windows\System\XvMunNV.exe
  C:\Windows\System\XvMunNV.exe
  2⤵
  PID:4960
- C:\Windows\System\soOlkbM.exe
  C:\Windows\System\soOlkbM.exe
  2⤵
  PID:4980
- C:\Windows\System\ApcCtAs.exe
  C:\Windows\System\ApcCtAs.exe
  2⤵
  PID:5000
- C:\Windows\System\vuYOWfn.exe
  C:\Windows\System\vuYOWfn.exe
  2⤵
  PID:5020
- C:\Windows\System\YvYucxz.exe
  C:\Windows\System\YvYucxz.exe
  2⤵
  PID:5040
- C:\Windows\System\JiMLUBl.exe
  C:\Windows\System\JiMLUBl.exe
  2⤵
  PID:5060
- C:\Windows\System\iicznTy.exe
  C:\Windows\System\iicznTy.exe
  2⤵
  PID:5080
- C:\Windows\System\rMkxisN.exe
  C:\Windows\System\rMkxisN.exe
  2⤵
  PID:5100
- C:\Windows\System\WqpdGHx.exe
  C:\Windows\System\WqpdGHx.exe
  2⤵
  PID:4092
- C:\Windows\System\OkyaLXT.exe
  C:\Windows\System\OkyaLXT.exe
  2⤵
  PID:3264
- C:\Windows\System\vxYeAcS.exe
  C:\Windows\System\vxYeAcS.exe
  2⤵
  PID:3092
- C:\Windows\System\xCLVaTM.exe
  C:\Windows\System\xCLVaTM.exe
  2⤵
  PID:2936
- C:\Windows\System\uGjPoEC.exe
  C:\Windows\System\uGjPoEC.exe
  2⤵
  PID:3836
- C:\Windows\System\dUSHLiX.exe
  C:\Windows\System\dUSHLiX.exe
  2⤵
  PID:4120
- C:\Windows\System\mdFHEAu.exe
  C:\Windows\System\mdFHEAu.exe
  2⤵
  PID:4124
- C:\Windows\System\orHAmCc.exe
  C:\Windows\System\orHAmCc.exe
  2⤵
  PID:4164
- C:\Windows\System\XEasgDY.exe
  C:\Windows\System\XEasgDY.exe
  2⤵
  PID:4140
- C:\Windows\System\FNKuwga.exe
  C:\Windows\System\FNKuwga.exe
  2⤵
  PID:4244
- C:\Windows\System\NyTzvoP.exe
  C:\Windows\System\NyTzvoP.exe
  2⤵
  PID:4292
- C:\Windows\System\TMfHObb.exe
  C:\Windows\System\TMfHObb.exe
  2⤵
  PID:4332
- C:\Windows\System\jlUqqwz.exe
  C:\Windows\System\jlUqqwz.exe
  2⤵
  PID:4312
- C:\Windows\System\CxGvbAO.exe
  C:\Windows\System\CxGvbAO.exe
  2⤵
  PID:4372
- C:\Windows\System\pbgqncV.exe
  C:\Windows\System\pbgqncV.exe
  2⤵
  PID:4344
- C:\Windows\System\AtLjviC.exe
  C:\Windows\System\AtLjviC.exe
  2⤵
  PID:4444
- C:\Windows\System\GNeGYdv.exe
  C:\Windows\System\GNeGYdv.exe
  2⤵
  PID:4448
- C:\Windows\System\QDOZVOF.exe
  C:\Windows\System\QDOZVOF.exe
  2⤵
  PID:4472
- C:\Windows\System\bDrTTkY.exe
  C:\Windows\System\bDrTTkY.exe
  2⤵
  PID:4512
- C:\Windows\System\VRDTstH.exe
  C:\Windows\System\VRDTstH.exe
  2⤵
  PID:4528
- C:\Windows\System\mqHAPBm.exe
  C:\Windows\System\mqHAPBm.exe
  2⤵
  PID:4568
- C:\Windows\System\tLkoKGt.exe
  C:\Windows\System\tLkoKGt.exe
  2⤵
  PID:4608
- C:\Windows\System\sqsuClg.exe
  C:\Windows\System\sqsuClg.exe
  2⤵
  PID:4648
- C:\Windows\System\pMcWgXe.exe
  C:\Windows\System\pMcWgXe.exe
  2⤵
  PID:4664
- C:\Windows\System\VkqolHG.exe
  C:\Windows\System\VkqolHG.exe
  2⤵
  PID:4724
- C:\Windows\System\bdbZsCN.exe
  C:\Windows\System\bdbZsCN.exe
  2⤵
  PID:4744
- C:\Windows\System\dAoPYpK.exe
  C:\Windows\System\dAoPYpK.exe
  2⤵
  PID:4748
- C:\Windows\System\bTjJMli.exe
  C:\Windows\System\bTjJMli.exe
  2⤵
  PID:4792
- C:\Windows\System\PdbhagP.exe
  C:\Windows\System\PdbhagP.exe
  2⤵
  PID:4824
- C:\Windows\System\sueXrai.exe
  C:\Windows\System\sueXrai.exe
  2⤵
  PID:4896
- C:\Windows\System\jkzWrWF.exe
  C:\Windows\System\jkzWrWF.exe
  2⤵
  PID:4928
- C:\Windows\System\AJqhjcO.exe
  C:\Windows\System\AJqhjcO.exe
  2⤵
  PID:4916
- C:\Windows\System\tZsFDwz.exe
  C:\Windows\System\tZsFDwz.exe
  2⤵
  PID:4956
- C:\Windows\System\qsjlUVc.exe
  C:\Windows\System\qsjlUVc.exe
  2⤵
  PID:4992
- C:\Windows\System\QuKYdVT.exe
  C:\Windows\System\QuKYdVT.exe
  2⤵
  PID:5048
- C:\Windows\System\zGAUSTu.exe
  C:\Windows\System\zGAUSTu.exe
  2⤵
  PID:5032
- C:\Windows\System\TGqLBbh.exe
  C:\Windows\System\TGqLBbh.exe
  2⤵
  PID:5092
- C:\Windows\System\pRKAGJc.exe
  C:\Windows\System\pRKAGJc.exe
  2⤵
  PID:3332
- C:\Windows\System\AsgkpNp.exe
  C:\Windows\System\AsgkpNp.exe
  2⤵
  PID:3288
- C:\Windows\System\wfUEwIH.exe
  C:\Windows\System\wfUEwIH.exe
  2⤵
  PID:3632
- C:\Windows\System\GemeNCB.exe
  C:\Windows\System\GemeNCB.exe
  2⤵
  PID:1448
- C:\Windows\System\BJQFxxe.exe
  C:\Windows\System\BJQFxxe.exe
  2⤵
  PID:4108
- C:\Windows\System\hiLhVhD.exe
  C:\Windows\System\hiLhVhD.exe
  2⤵
  PID:4188
- C:\Windows\System\NNYnvEn.exe
  C:\Windows\System\NNYnvEn.exe
  2⤵
  PID:4208
- C:\Windows\System\cKzvqRl.exe
  C:\Windows\System\cKzvqRl.exe
  2⤵
  PID:4280
- C:\Windows\System\cltuRZi.exe
  C:\Windows\System\cltuRZi.exe
  2⤵
  PID:4348
- C:\Windows\System\EBOXKbw.exe
  C:\Windows\System\EBOXKbw.exe
  2⤵
  PID:4288
- C:\Windows\System\XTxAmcp.exe
  C:\Windows\System\XTxAmcp.exe
  2⤵
  PID:4492
- C:\Windows\System\WDBWRnr.exe
  C:\Windows\System\WDBWRnr.exe
  2⤵
  PID:1948
- C:\Windows\System\mxwLPVL.exe
  C:\Windows\System\mxwLPVL.exe
  2⤵
  PID:4428
- C:\Windows\System\HZylsNa.exe
  C:\Windows\System\HZylsNa.exe
  2⤵
  PID:4612
- C:\Windows\System\dMXaLgH.exe
  C:\Windows\System\dMXaLgH.exe
  2⤵
  PID:4552
- C:\Windows\System\SVmNftn.exe
  C:\Windows\System\SVmNftn.exe
  2⤵
  PID:4632
- C:\Windows\System\ktwLrHR.exe
  C:\Windows\System\ktwLrHR.exe
  2⤵
  PID:4712
- C:\Windows\System\ATtBxXD.exe
  C:\Windows\System\ATtBxXD.exe
  2⤵
  PID:4808
- C:\Windows\System\adXjXxV.exe
  C:\Windows\System\adXjXxV.exe
  2⤵
  PID:4844
- C:\Windows\System\sxMqZkI.exe
  C:\Windows\System\sxMqZkI.exe
  2⤵
  PID:4856
- C:\Windows\System\GDcwczy.exe
  C:\Windows\System\GDcwczy.exe
  2⤵
  PID:4872
- C:\Windows\System\uJLIwCe.exe
  C:\Windows\System\uJLIwCe.exe
  2⤵
  PID:4968
- C:\Windows\System\xpmXBXv.exe
  C:\Windows\System\xpmXBXv.exe
  2⤵
  PID:5028
- C:\Windows\System\EjkGuVR.exe
  C:\Windows\System\EjkGuVR.exe
  2⤵
  PID:336
- C:\Windows\System\YgBIrkw.exe
  C:\Windows\System\YgBIrkw.exe
  2⤵
  PID:1056
- C:\Windows\System\rCqcosH.exe
  C:\Windows\System\rCqcosH.exe
  2⤵
  PID:3248
- C:\Windows\System\zRNLqUA.exe
  C:\Windows\System\zRNLqUA.exe
  2⤵
  PID:5116
- C:\Windows\System\XufJuck.exe
  C:\Windows\System\XufJuck.exe
  2⤵
  PID:4104
- C:\Windows\System\UvBYHkY.exe
  C:\Windows\System\UvBYHkY.exe
  2⤵
  PID:3832
- C:\Windows\System\ngAxVJr.exe
  C:\Windows\System\ngAxVJr.exe
  2⤵
  PID:4224
- C:\Windows\System\jwblZhk.exe
  C:\Windows\System\jwblZhk.exe
  2⤵
  PID:4328
- C:\Windows\System\rvDfiez.exe
  C:\Windows\System\rvDfiez.exe
  2⤵
  PID:1480
- C:\Windows\System\hHUeMCh.exe
  C:\Windows\System\hHUeMCh.exe
  2⤵
  PID:2412
- C:\Windows\System\EqVKxLD.exe
  C:\Windows\System\EqVKxLD.exe
  2⤵
  PID:4452
- C:\Windows\System\vnrSyxT.exe
  C:\Windows\System\vnrSyxT.exe
  2⤵
  PID:4548
- C:\Windows\System\xMoMxTA.exe
  C:\Windows\System\xMoMxTA.exe
  2⤵
  PID:4604
- C:\Windows\System\unOBMqP.exe
  C:\Windows\System\unOBMqP.exe
  2⤵
  PID:4628
- C:\Windows\System\qGTRFJY.exe
  C:\Windows\System\qGTRFJY.exe
  2⤵
  PID:4804
- C:\Windows\System\EasacIG.exe
  C:\Windows\System\EasacIG.exe
  2⤵
  PID:2748
- C:\Windows\System\yOiifsQ.exe
  C:\Windows\System\yOiifsQ.exe
  2⤵
  PID:4868
- C:\Windows\System\NhKYOAY.exe
  C:\Windows\System\NhKYOAY.exe
  2⤵
  PID:1164
- C:\Windows\System\FOdBrTA.exe
  C:\Windows\System\FOdBrTA.exe
  2⤵
  PID:2688
- C:\Windows\System\CiFZmqH.exe
  C:\Windows\System\CiFZmqH.exe
  2⤵
  PID:5072
- C:\Windows\System\eIHQTDo.exe
  C:\Windows\System\eIHQTDo.exe
  2⤵
  PID:544
- C:\Windows\System\gRKMDDB.exe
  C:\Windows\System\gRKMDDB.exe
  2⤵
  PID:580
- C:\Windows\System\IRAICIv.exe
  C:\Windows\System\IRAICIv.exe
  2⤵
  PID:4324
- C:\Windows\System\jQKBLKT.exe
  C:\Windows\System\jQKBLKT.exe
  2⤵
  PID:2064
- C:\Windows\System\nXalFbi.exe
  C:\Windows\System\nXalFbi.exe
  2⤵
  PID:4352
- C:\Windows\System\cbgPhWq.exe
  C:\Windows\System\cbgPhWq.exe
  2⤵
  PID:4704
- C:\Windows\System\YaqJKQT.exe
  C:\Windows\System\YaqJKQT.exe
  2⤵
  PID:4888
- C:\Windows\System\UhyRnBg.exe
  C:\Windows\System\UhyRnBg.exe
  2⤵
  PID:1804
- C:\Windows\System\vcCLrae.exe
  C:\Windows\System\vcCLrae.exe
  2⤵
  PID:5016
- C:\Windows\System\tdMYlvm.exe
  C:\Windows\System\tdMYlvm.exe
  2⤵
  PID:4932
- C:\Windows\System\HTEBnMa.exe
  C:\Windows\System\HTEBnMa.exe
  2⤵
  PID:4592
- C:\Windows\System\hqTjgqd.exe
  C:\Windows\System\hqTjgqd.exe
  2⤵
  PID:5088
- C:\Windows\System\MNevpeF.exe
  C:\Windows\System\MNevpeF.exe
  2⤵
  PID:4016
- C:\Windows\System\AtjWMsy.exe
  C:\Windows\System\AtjWMsy.exe
  2⤵
  PID:1236
- C:\Windows\System\sFQdNVJ.exe
  C:\Windows\System\sFQdNVJ.exe
  2⤵
  PID:2676
- C:\Windows\System\LtxfnJO.exe
  C:\Windows\System\LtxfnJO.exe
  2⤵
  PID:5136
- C:\Windows\System\OJAWvOd.exe
  C:\Windows\System\OJAWvOd.exe
  2⤵
  PID:5152
- C:\Windows\System\hOyeakT.exe
  C:\Windows\System\hOyeakT.exe
  2⤵
  PID:5168
- C:\Windows\System\lPpdcxN.exe
  C:\Windows\System\lPpdcxN.exe
  2⤵
  PID:5184
- C:\Windows\System\CSUDAlo.exe
  C:\Windows\System\CSUDAlo.exe
  2⤵
  PID:5200
- C:\Windows\System\iDLrzZM.exe
  C:\Windows\System\iDLrzZM.exe
  2⤵
  PID:5216
- C:\Windows\System\xvFsqGx.exe
  C:\Windows\System\xvFsqGx.exe
  2⤵
  PID:5232
- C:\Windows\System\UotJhzE.exe
  C:\Windows\System\UotJhzE.exe
  2⤵
  PID:5248
- C:\Windows\System\csbUyJm.exe
  C:\Windows\System\csbUyJm.exe
  2⤵
  PID:5264
- C:\Windows\System\fxDloSu.exe
  C:\Windows\System\fxDloSu.exe
  2⤵
  PID:5280
- C:\Windows\System\OIqqRkm.exe
  C:\Windows\System\OIqqRkm.exe
  2⤵
  PID:5368
- C:\Windows\System\cmFavEV.exe
  C:\Windows\System\cmFavEV.exe
  2⤵
  PID:5384
- C:\Windows\System\OUrrmTQ.exe
  C:\Windows\System\OUrrmTQ.exe
  2⤵
  PID:5400
- C:\Windows\System\FppBFIr.exe
  C:\Windows\System\FppBFIr.exe
  2⤵
  PID:5416
- C:\Windows\System\MqQGKXl.exe
  C:\Windows\System\MqQGKXl.exe
  2⤵
  PID:5432
- C:\Windows\System\MxIEvkn.exe
  C:\Windows\System\MxIEvkn.exe
  2⤵
  PID:5448
- C:\Windows\System\pcgpVQk.exe
  C:\Windows\System\pcgpVQk.exe
  2⤵
  PID:5464
- C:\Windows\System\SGsRtvQ.exe
  C:\Windows\System\SGsRtvQ.exe
  2⤵
  PID:5480
- C:\Windows\System\vplURBP.exe
  C:\Windows\System\vplURBP.exe
  2⤵
  PID:5496
- C:\Windows\System\utKohTB.exe
  C:\Windows\System\utKohTB.exe
  2⤵
  PID:5512
- C:\Windows\System\tZCvBcM.exe
  C:\Windows\System\tZCvBcM.exe
  2⤵
  PID:5528
- C:\Windows\System\aNrKmcO.exe
  C:\Windows\System\aNrKmcO.exe
  2⤵
  PID:5544
- C:\Windows\System\hgsdWLz.exe
  C:\Windows\System\hgsdWLz.exe
  2⤵
  PID:5560
- C:\Windows\System\RaDAISY.exe
  C:\Windows\System\RaDAISY.exe
  2⤵
  PID:5576
- C:\Windows\System\tkNLcDH.exe
  C:\Windows\System\tkNLcDH.exe
  2⤵
  PID:5592
- C:\Windows\System\UUgkmbc.exe
  C:\Windows\System\UUgkmbc.exe
  2⤵
  PID:5608
- C:\Windows\System\knmoWea.exe
  C:\Windows\System\knmoWea.exe
  2⤵
  PID:5624
- C:\Windows\System\zTFmDqV.exe
  C:\Windows\System\zTFmDqV.exe
  2⤵
  PID:5640
- C:\Windows\System\ydFXdtt.exe
  C:\Windows\System\ydFXdtt.exe
  2⤵
  PID:5656
- C:\Windows\System\OhSWXSg.exe
  C:\Windows\System\OhSWXSg.exe
  2⤵
  PID:5672
- C:\Windows\System\BVlWNlM.exe
  C:\Windows\System\BVlWNlM.exe
  2⤵
  PID:5688
- C:\Windows\System\EbgguVr.exe
  C:\Windows\System\EbgguVr.exe
  2⤵
  PID:5704
- C:\Windows\System\wxdVuxW.exe
  C:\Windows\System\wxdVuxW.exe
  2⤵
  PID:5720
- C:\Windows\System\MuOYTkx.exe
  C:\Windows\System\MuOYTkx.exe
  2⤵
  PID:5736
- C:\Windows\System\lYSdNbl.exe
  C:\Windows\System\lYSdNbl.exe
  2⤵
  PID:5752
- C:\Windows\System\JGTQZIp.exe
  C:\Windows\System\JGTQZIp.exe
  2⤵
  PID:5768
- C:\Windows\System\djQfyqS.exe
  C:\Windows\System\djQfyqS.exe
  2⤵
  PID:5784
- C:\Windows\System\FsVvQlc.exe
  C:\Windows\System\FsVvQlc.exe
  2⤵
  PID:5800
- C:\Windows\System\bNIKjLg.exe
  C:\Windows\System\bNIKjLg.exe
  2⤵
  PID:5816
- C:\Windows\System\yJefdIA.exe
  C:\Windows\System\yJefdIA.exe
  2⤵
  PID:5832
- C:\Windows\System\oOVlhNT.exe
  C:\Windows\System\oOVlhNT.exe
  2⤵
  PID:5848
- C:\Windows\System\jhdbTPC.exe
  C:\Windows\System\jhdbTPC.exe
  2⤵
  PID:5864
- C:\Windows\System\HTjLZXj.exe
  C:\Windows\System\HTjLZXj.exe
  2⤵
  PID:5880
- C:\Windows\System\QZDKeMc.exe
  C:\Windows\System\QZDKeMc.exe
  2⤵
  PID:5896
- C:\Windows\System\Udhfslv.exe
  C:\Windows\System\Udhfslv.exe
  2⤵
  PID:5912
- C:\Windows\System\TGjasty.exe
  C:\Windows\System\TGjasty.exe
  2⤵
  PID:5928
- C:\Windows\System\qXIaoND.exe
  C:\Windows\System\qXIaoND.exe
  2⤵
  PID:5944
- C:\Windows\System\ZOZGtlb.exe
  C:\Windows\System\ZOZGtlb.exe
  2⤵
  PID:5960
- C:\Windows\System\ibiuZKE.exe
  C:\Windows\System\ibiuZKE.exe
  2⤵
  PID:5976
- C:\Windows\System\lwABTVo.exe
  C:\Windows\System\lwABTVo.exe
  2⤵
  PID:5992
- C:\Windows\System\XwsofTL.exe
  C:\Windows\System\XwsofTL.exe
  2⤵
  PID:6008
- C:\Windows\System\rXwdAIm.exe
  C:\Windows\System\rXwdAIm.exe
  2⤵
  PID:6024
- C:\Windows\System\ovvdJaV.exe
  C:\Windows\System\ovvdJaV.exe
  2⤵
  PID:6040
- C:\Windows\System\enIuckj.exe
  C:\Windows\System\enIuckj.exe
  2⤵
  PID:6056
- C:\Windows\System\UKiNkiS.exe
  C:\Windows\System\UKiNkiS.exe
  2⤵
  PID:6072
- C:\Windows\System\HTEmYjx.exe
  C:\Windows\System\HTEmYjx.exe
  2⤵
  PID:6088
- C:\Windows\System\QuTbitj.exe
  C:\Windows\System\QuTbitj.exe
  2⤵
  PID:6104
- C:\Windows\System\pKfQqUI.exe
  C:\Windows\System\pKfQqUI.exe
  2⤵
  PID:6120
- C:\Windows\System\GBJijgO.exe
  C:\Windows\System\GBJijgO.exe
  2⤵
  PID:6136
- C:\Windows\System\aNHvOYP.exe
  C:\Windows\System\aNHvOYP.exe
  2⤵
  PID:1612
- C:\Windows\System\uuxTZqD.exe
  C:\Windows\System\uuxTZqD.exe
  2⤵
  PID:4812
- C:\Windows\System\PBwVLtE.exe
  C:\Windows\System\PBwVLtE.exe
  2⤵
  PID:4768
- C:\Windows\System\bwaOUwu.exe
  C:\Windows\System\bwaOUwu.exe
  2⤵
  PID:4432
- C:\Windows\System\cyoWszc.exe
  C:\Windows\System\cyoWszc.exe
  2⤵
  PID:4972
- C:\Windows\System\fYRxenI.exe
  C:\Windows\System\fYRxenI.exe
  2⤵
  PID:4168
- C:\Windows\System\HGtyZsG.exe
  C:\Windows\System\HGtyZsG.exe
  2⤵
  PID:5192
- C:\Windows\System\MNLBrLB.exe
  C:\Windows\System\MNLBrLB.exe
  2⤵
  PID:5256
- C:\Windows\System\AyfuiCb.exe
  C:\Windows\System\AyfuiCb.exe
  2⤵
  PID:5296
- C:\Windows\System\qERkEOr.exe
  C:\Windows\System\qERkEOr.exe
  2⤵
  PID:5312
- C:\Windows\System\TsnLchX.exe
  C:\Windows\System\TsnLchX.exe
  2⤵
  PID:5332
- C:\Windows\System\GdKQdUO.exe
  C:\Windows\System\GdKQdUO.exe
  2⤵
  PID:5148
- C:\Windows\System\raGpTYK.exe
  C:\Windows\System\raGpTYK.exe
  2⤵
  PID:1336
- C:\Windows\System\GEcZCTO.exe
  C:\Windows\System\GEcZCTO.exe
  2⤵
  PID:5748
- C:\Windows\System\LddqOCl.exe
  C:\Windows\System\LddqOCl.exe
  2⤵
  PID:5780
- C:\Windows\System\uIOxjrZ.exe
  C:\Windows\System\uIOxjrZ.exe
  2⤵
  PID:5812
- C:\Windows\System\OxSwwDp.exe
  C:\Windows\System\OxSwwDp.exe
  2⤵
  PID:5844
- C:\Windows\System\iLTlnRV.exe
  C:\Windows\System\iLTlnRV.exe
  2⤵
  PID:5860
- C:\Windows\System\HrpAMMJ.exe
  C:\Windows\System\HrpAMMJ.exe
  2⤵
  PID:5904
- C:\Windows\System\mWetCLM.exe
  C:\Windows\System\mWetCLM.exe
  2⤵
  PID:5956
- C:\Windows\System\sabidLU.exe
  C:\Windows\System\sabidLU.exe
  2⤵
  PID:6016
- C:\Windows\System\fUrrcFH.exe
  C:\Windows\System\fUrrcFH.exe
  2⤵
  PID:6032
- C:\Windows\System\ZTrvWCz.exe
  C:\Windows\System\ZTrvWCz.exe
  2⤵
  PID:6048
- C:\Windows\System\crXorFj.exe
  C:\Windows\System\crXorFj.exe
  2⤵
  PID:6080
- C:\Windows\System\SJVcdrk.exe
  C:\Windows\System\SJVcdrk.exe
  2⤵
  PID:3148
- C:\Windows\System\lvPLSQT.exe
  C:\Windows\System\lvPLSQT.exe
  2⤵
  PID:6132
- C:\Windows\System\jQznMFm.exe
  C:\Windows\System\jQznMFm.exe
  2⤵
  PID:4688
- C:\Windows\System\dLcIUkj.exe
  C:\Windows\System\dLcIUkj.exe
  2⤵
  PID:3364
- C:\Windows\System\aBtMdcL.exe
  C:\Windows\System\aBtMdcL.exe
  2⤵
  PID:584
- C:\Windows\System\KblwVFC.exe
  C:\Windows\System\KblwVFC.exe
  2⤵
  PID:5224
- C:\Windows\System\UIyAndY.exe
  C:\Windows\System\UIyAndY.exe
  2⤵
  PID:2704
- C:\Windows\System\REuKlRy.exe
  C:\Windows\System\REuKlRy.exe
  2⤵
  PID:5308
- C:\Windows\System\kBtERTE.exe
  C:\Windows\System\kBtERTE.exe
  2⤵
  PID:5352
- C:\Windows\System\nOhwoXH.exe
  C:\Windows\System\nOhwoXH.exe
  2⤵
  PID:5292
- C:\Windows\System\lurzDMr.exe
  C:\Windows\System\lurzDMr.exe
  2⤵
  PID:5320
- C:\Windows\System\ghDzsbA.exe
  C:\Windows\System\ghDzsbA.exe
  2⤵
  PID:5208
- C:\Windows\System\Ihkqyxl.exe
  C:\Windows\System\Ihkqyxl.exe
  2⤵
  PID:5272
- C:\Windows\System\wsDQtDi.exe
  C:\Windows\System\wsDQtDi.exe
  2⤵
  PID:1996
- C:\Windows\System\YEqtCUZ.exe
  C:\Windows\System\YEqtCUZ.exe
  2⤵
  PID:5380
- C:\Windows\System\yeCDAhg.exe
  C:\Windows\System\yeCDAhg.exe
  2⤵
  PID:3112
- C:\Windows\System\hcxztQM.exe
  C:\Windows\System\hcxztQM.exe
  2⤵
  PID:5440
- C:\Windows\System\ygNfhHb.exe
  C:\Windows\System\ygNfhHb.exe
  2⤵
  PID:5456
- C:\Windows\System\ZBvjdxm.exe
  C:\Windows\System\ZBvjdxm.exe
  2⤵
  PID:5472
- C:\Windows\System\HrfKjhr.exe
  C:\Windows\System\HrfKjhr.exe
  2⤵
  PID:5536
- C:\Windows\System\vxspRJf.exe
  C:\Windows\System\vxspRJf.exe
  2⤵
  PID:5568
- C:\Windows\System\iQpPblw.exe
  C:\Windows\System\iQpPblw.exe
  2⤵
  PID:5604
- C:\Windows\System\ljwbUqz.exe
  C:\Windows\System\ljwbUqz.exe
  2⤵
  PID:1952
- C:\Windows\System\rDpDcTJ.exe
  C:\Windows\System\rDpDcTJ.exe
  2⤵
  PID:5652
- C:\Windows\System\pMtPAEi.exe
  C:\Windows\System\pMtPAEi.exe
  2⤵
  PID:5684
- C:\Windows\System\sereusr.exe
  C:\Windows\System\sereusr.exe
  2⤵
  PID:5764
- C:\Windows\System\KCPqEHp.exe
  C:\Windows\System\KCPqEHp.exe
  2⤵
  PID:5828
- C:\Windows\System\wdeXuQf.exe
  C:\Windows\System\wdeXuQf.exe
  2⤵
  PID:5936
- C:\Windows\System\AADasjc.exe
  C:\Windows\System\AADasjc.exe
  2⤵
  PID:6116
- C:\Windows\System\weeTzYN.exe
  C:\Windows\System\weeTzYN.exe
  2⤵
  PID:6004
- C:\Windows\System\JCyrdiz.exe
  C:\Windows\System\JCyrdiz.exe
  2⤵
  PID:5304
- C:\Windows\System\isKbpmn.exe
  C:\Windows\System\isKbpmn.exe
  2⤵
  PID:5328
- C:\Windows\System\IZmDmGm.exe
  C:\Windows\System\IZmDmGm.exe
  2⤵
  PID:5444
- C:\Windows\System\ioPkQum.exe
  C:\Windows\System\ioPkQum.exe
  2⤵
  PID:5584
- C:\Windows\System\KVRLCFV.exe
  C:\Windows\System\KVRLCFV.exe
  2⤵
  PID:1892
- C:\Windows\System\qEuoGEU.exe
  C:\Windows\System\qEuoGEU.exe
  2⤵
  PID:5636
- C:\Windows\System\qdfFvki.exe
  C:\Windows\System\qdfFvki.exe
  2⤵
  PID:5892
- C:\Windows\System\leGKZSG.exe
  C:\Windows\System\leGKZSG.exe
  2⤵
  PID:5924
- C:\Windows\System\LckTTKB.exe
  C:\Windows\System\LckTTKB.exe
  2⤵
  PID:4848
- C:\Windows\System\HzGFXkZ.exe
  C:\Windows\System\HzGFXkZ.exe
  2⤵
  PID:4184
- C:\Windows\System\LndGwxB.exe
  C:\Windows\System\LndGwxB.exe
  2⤵
  PID:2684
- C:\Windows\System\nYTqYxY.exe
  C:\Windows\System\nYTqYxY.exe
  2⤵
  PID:5508
- C:\Windows\System\vcoPSyQ.exe
  C:\Windows\System\vcoPSyQ.exe
  2⤵
  PID:6064
- C:\Windows\System\yFsxkkn.exe
  C:\Windows\System\yFsxkkn.exe
  2⤵
  PID:6148
- C:\Windows\System\NpKFNpS.exe
  C:\Windows\System\NpKFNpS.exe
  2⤵
  PID:6164
- C:\Windows\System\RfFIiKq.exe
  C:\Windows\System\RfFIiKq.exe
  2⤵
  PID:6180
- C:\Windows\System\npnwdEh.exe
  C:\Windows\System\npnwdEh.exe
  2⤵
  PID:6196
- C:\Windows\System\rSgDJdR.exe
  C:\Windows\System\rSgDJdR.exe
  2⤵
  PID:6212
- C:\Windows\System\gdUPnQb.exe
  C:\Windows\System\gdUPnQb.exe
  2⤵
  PID:6228
- C:\Windows\System\FXrTpSq.exe
  C:\Windows\System\FXrTpSq.exe
  2⤵
  PID:6244
- C:\Windows\System\aLRTtJP.exe
  C:\Windows\System\aLRTtJP.exe
  2⤵
  PID:6260
- C:\Windows\System\YuKTgLH.exe
  C:\Windows\System\YuKTgLH.exe
  2⤵
  PID:6276
- C:\Windows\System\yAgbPwe.exe
  C:\Windows\System\yAgbPwe.exe
  2⤵
  PID:6292
- C:\Windows\System\FwMZTrf.exe
  C:\Windows\System\FwMZTrf.exe
  2⤵
  PID:6308
- C:\Windows\System\CNoGdYk.exe
  C:\Windows\System\CNoGdYk.exe
  2⤵
  PID:6324
- C:\Windows\System\SNRKjge.exe
  C:\Windows\System\SNRKjge.exe
  2⤵
  PID:6340
- C:\Windows\System\RLJVNow.exe
  C:\Windows\System\RLJVNow.exe
  2⤵
  PID:6356
- C:\Windows\System\aczlFiE.exe
  C:\Windows\System\aczlFiE.exe
  2⤵
  PID:6372
- C:\Windows\System\mrkWeNU.exe
  C:\Windows\System\mrkWeNU.exe
  2⤵
  PID:6388
- C:\Windows\System\lhexOkM.exe
  C:\Windows\System\lhexOkM.exe
  2⤵
  PID:6404
- C:\Windows\System\bETKJbR.exe
  C:\Windows\System\bETKJbR.exe
  2⤵
  PID:6420
- C:\Windows\System\ETUUqTb.exe
  C:\Windows\System\ETUUqTb.exe
  2⤵
  PID:6436
- C:\Windows\System\UpnCFFJ.exe
  C:\Windows\System\UpnCFFJ.exe
  2⤵
  PID:6476
- C:\Windows\System\gaZmkUt.exe
  C:\Windows\System\gaZmkUt.exe
  2⤵
  PID:6496
- C:\Windows\System\nHmLgfo.exe
  C:\Windows\System\nHmLgfo.exe
  2⤵
  PID:6628
- C:\Windows\System\wqQYovt.exe
  C:\Windows\System\wqQYovt.exe
  2⤵
  PID:6644
- C:\Windows\System\Wjptufm.exe
  C:\Windows\System\Wjptufm.exe
  2⤵
  PID:6660
- C:\Windows\System\SoNzyeK.exe
  C:\Windows\System\SoNzyeK.exe
  2⤵
  PID:6684
- C:\Windows\System\vikynZN.exe
  C:\Windows\System\vikynZN.exe
  2⤵
  PID:6704
- C:\Windows\System\ZsDlNFy.exe
  C:\Windows\System\ZsDlNFy.exe
  2⤵
  PID:6724
- C:\Windows\System\HJPOTfy.exe
  C:\Windows\System\HJPOTfy.exe
  2⤵
  PID:6748
- C:\Windows\System\yeaTqCY.exe
  C:\Windows\System\yeaTqCY.exe
  2⤵
  PID:6764
- C:\Windows\System\IaobHcY.exe
  C:\Windows\System\IaobHcY.exe
  2⤵
  PID:6784
- C:\Windows\System\wcNwcMG.exe
  C:\Windows\System\wcNwcMG.exe
  2⤵
  PID:6804
- C:\Windows\System\ufbDTTH.exe
  C:\Windows\System\ufbDTTH.exe
  2⤵
  PID:6840
- C:\Windows\System\hIkRBiZ.exe
  C:\Windows\System\hIkRBiZ.exe
  2⤵
  PID:6860
- C:\Windows\System\NgziwoO.exe
  C:\Windows\System\NgziwoO.exe
  2⤵
  PID:6880
- C:\Windows\System\YFXKUDW.exe
  C:\Windows\System\YFXKUDW.exe
  2⤵
  PID:6900
- C:\Windows\System\UQiUSSj.exe
  C:\Windows\System\UQiUSSj.exe
  2⤵
  PID:6916
- C:\Windows\System\aNgARnJ.exe
  C:\Windows\System\aNgARnJ.exe
  2⤵
  PID:6936
- C:\Windows\System\uUJfhsv.exe
  C:\Windows\System\uUJfhsv.exe
  2⤵
  PID:6952
- C:\Windows\System\LdDBVif.exe
  C:\Windows\System\LdDBVif.exe
  2⤵
  PID:6972
- C:\Windows\System\iAGHCWU.exe
  C:\Windows\System\iAGHCWU.exe
  2⤵
  PID:6992
- C:\Windows\System\ZHphSRf.exe
  C:\Windows\System\ZHphSRf.exe
  2⤵
  PID:7012
- C:\Windows\System\gGuCIdk.exe
  C:\Windows\System\gGuCIdk.exe
  2⤵
  PID:7028
- C:\Windows\System\adhmJLN.exe
  C:\Windows\System\adhmJLN.exe
  2⤵
  PID:7044
- C:\Windows\System\qDnKVkX.exe
  C:\Windows\System\qDnKVkX.exe
  2⤵
  PID:7060
- C:\Windows\System\iwfdESx.exe
  C:\Windows\System\iwfdESx.exe
  2⤵
  PID:7076
- C:\Windows\System\flGRMFE.exe
  C:\Windows\System\flGRMFE.exe
  2⤵
  PID:7092
- C:\Windows\System\wTeTFPp.exe
  C:\Windows\System\wTeTFPp.exe
  2⤵
  PID:7108
- C:\Windows\System\iIJzUnE.exe
  C:\Windows\System\iIJzUnE.exe
  2⤵
  PID:7124
- C:\Windows\System\giRVALH.exe
  C:\Windows\System\giRVALH.exe
  2⤵
  PID:7140
- C:\Windows\System\fWZfVPz.exe
  C:\Windows\System\fWZfVPz.exe
  2⤵
  PID:7160
- C:\Windows\System\bFYhNPg.exe
  C:\Windows\System\bFYhNPg.exe
  2⤵
  PID:4364
- C:\Windows\System\EUMYlSo.exe
  C:\Windows\System\EUMYlSo.exe
  2⤵
  PID:5664
- C:\Windows\System\MdQAUBz.exe
  C:\Windows\System\MdQAUBz.exe
  2⤵
  PID:6208
- C:\Windows\System\jVfEQNv.exe
  C:\Windows\System\jVfEQNv.exe
  2⤵
  PID:5492
- C:\Windows\System\nhAsFUV.exe
  C:\Windows\System\nhAsFUV.exe
  2⤵
  PID:6096
- C:\Windows\System\sTVAAfQ.exe
  C:\Windows\System\sTVAAfQ.exe
  2⤵
  PID:5620
- C:\Windows\System\yRNDgnm.exe
  C:\Windows\System\yRNDgnm.exe
  2⤵
  PID:5700
- C:\Windows\System\ZheLcpx.exe
  C:\Windows\System\ZheLcpx.exe
  2⤵
  PID:6364
- C:\Windows\System\oRsBzMe.exe
  C:\Windows\System\oRsBzMe.exe
  2⤵
  PID:6428
- C:\Windows\System\gsjolHc.exe
  C:\Windows\System\gsjolHc.exe
  2⤵
  PID:6492
- C:\Windows\System\gRFLxPu.exe
  C:\Windows\System\gRFLxPu.exe
  2⤵
  PID:5212
- C:\Windows\System\NrRoVUT.exe
  C:\Windows\System\NrRoVUT.exe
  2⤵
  PID:6160
- C:\Windows\System\UaxKpQa.exe
  C:\Windows\System\UaxKpQa.exe
  2⤵
  PID:6252
- C:\Windows\System\tfLCIMs.exe
  C:\Windows\System\tfLCIMs.exe
  2⤵
  PID:6320
- C:\Windows\System\LCAVIOc.exe
  C:\Windows\System\LCAVIOc.exe
  2⤵
  PID:6068
- C:\Windows\System\wBweHNC.exe
  C:\Windows\System\wBweHNC.exe
  2⤵
  PID:5128
- C:\Windows\System\RcjidiM.exe
  C:\Windows\System\RcjidiM.exe
  2⤵
  PID:5392
- C:\Windows\System\nVuwOEL.exe
  C:\Windows\System\nVuwOEL.exe
  2⤵
  PID:6348
- C:\Windows\System\xURCxrw.exe
  C:\Windows\System\xURCxrw.exe
  2⤵
  PID:6448
- C:\Windows\System\aHPlJIC.exe
  C:\Windows\System\aHPlJIC.exe
  2⤵
  PID:6468
- C:\Windows\System\IPmgEpz.exe
  C:\Windows\System\IPmgEpz.exe
  2⤵
  PID:3016
- C:\Windows\System\maaoKDY.exe
  C:\Windows\System\maaoKDY.exe
  2⤵
  PID:2972
- C:\Windows\System\UCxbnLm.exe
  C:\Windows\System\UCxbnLm.exe
  2⤵
  PID:6516
- C:\Windows\System\xoSHEYt.exe
  C:\Windows\System\xoSHEYt.exe
  2⤵
  PID:6556
- C:\Windows\System\NmfqjzU.exe
  C:\Windows\System\NmfqjzU.exe
  2⤵
  PID:6584
- C:\Windows\System\lgrbtKd.exe
  C:\Windows\System\lgrbtKd.exe
  2⤵
  PID:6600
- C:\Windows\System\lnKBIlm.exe
  C:\Windows\System\lnKBIlm.exe
  2⤵
  PID:6616
- C:\Windows\System\mMTrypt.exe
  C:\Windows\System\mMTrypt.exe
  2⤵
  PID:6656
- C:\Windows\System\OWLjJLe.exe
  C:\Windows\System\OWLjJLe.exe
  2⤵
  PID:6692
- C:\Windows\System\XnClgzr.exe
  C:\Windows\System\XnClgzr.exe
  2⤵
  PID:6740
- C:\Windows\System\hoVkRqJ.exe
  C:\Windows\System\hoVkRqJ.exe
  2⤵
  PID:2660
- C:\Windows\System\enHRfZo.exe
  C:\Windows\System\enHRfZo.exe
  2⤵
  PID:6812
- C:\Windows\System\OJjCUKI.exe
  C:\Windows\System\OJjCUKI.exe
  2⤵
  PID:2200
- C:\Windows\System\PEociCy.exe
  C:\Windows\System\PEociCy.exe
  2⤵
  PID:2728
- C:\Windows\System\tGPCWGR.exe
  C:\Windows\System\tGPCWGR.exe
  2⤵
  PID:6872
- C:\Windows\System\aJmKAxt.exe
  C:\Windows\System\aJmKAxt.exe
  2⤵
  PID:6908
- C:\Windows\System\mqtkPRe.exe
  C:\Windows\System\mqtkPRe.exe
  2⤵
  PID:6960
- C:\Windows\System\LwFubqP.exe
  C:\Windows\System\LwFubqP.exe
  2⤵
  PID:7004
- C:\Windows\System\MleyYlX.exe
  C:\Windows\System\MleyYlX.exe
  2⤵
  PID:7100
- C:\Windows\System\QgYvfRl.exe
  C:\Windows\System\QgYvfRl.exe
  2⤵
  PID:236
- C:\Windows\System\JAZSppX.exe
  C:\Windows\System\JAZSppX.exe
  2⤵
  PID:5600
- C:\Windows\System\yAuCkDH.exe
  C:\Windows\System\yAuCkDH.exe
  2⤵
  PID:7148
- C:\Windows\System\KNexxDx.exe
  C:\Windows\System\KNexxDx.exe
  2⤵
  PID:5364
- C:\Windows\System\NeVusXN.exe
  C:\Windows\System\NeVusXN.exe
  2⤵
  PID:2588
- C:\Windows\System\BXqFBQo.exe
  C:\Windows\System\BXqFBQo.exe
  2⤵
  PID:6980
- C:\Windows\System\RPRgDAU.exe
  C:\Windows\System\RPRgDAU.exe
  2⤵
  PID:7052
- C:\Windows\System\TDnKrLv.exe
  C:\Windows\System\TDnKrLv.exe
  2⤵
  PID:6240
- C:\Windows\System\AlYoTiG.exe
  C:\Windows\System\AlYoTiG.exe
  2⤵
  PID:5556
- C:\Windows\System\XTHlLfP.exe
  C:\Windows\System\XTHlLfP.exe
  2⤵
  PID:5796
- C:\Windows\System\csbFQjl.exe
  C:\Windows\System\csbFQjl.exe
  2⤵
  PID:6220
- C:\Windows\System\mRmWkQy.exe
  C:\Windows\System\mRmWkQy.exe
  2⤵
  PID:1036
- C:\Windows\System\sgEyASf.exe
  C:\Windows\System\sgEyASf.exe
  2⤵
  PID:2892
- C:\Windows\System\gkCxnJh.exe
  C:\Windows\System\gkCxnJh.exe
  2⤵
  PID:6444
- C:\Windows\System\diNsWUT.exe
  C:\Windows\System\diNsWUT.exe
  2⤵
  PID:6156
- C:\Windows\System\AKZVYRL.exe
  C:\Windows\System\AKZVYRL.exe
  2⤵
  PID:2340
- C:\Windows\System\UBViUQk.exe
  C:\Windows\System\UBViUQk.exe
  2⤵
  PID:6576
- C:\Windows\System\TFOpXCK.exe
  C:\Windows\System\TFOpXCK.exe
  2⤵
  PID:6528
- C:\Windows\System\XnmGFdZ.exe
  C:\Windows\System\XnmGFdZ.exe
  2⤵
  PID:6608
- C:\Windows\System\SneNGRN.exe
  C:\Windows\System\SneNGRN.exe
  2⤵
  PID:6544
- C:\Windows\System\iGJzdIj.exe
  C:\Windows\System\iGJzdIj.exe
  2⤵
  PID:6596
- C:\Windows\System\vipGGNi.exe
  C:\Windows\System\vipGGNi.exe
  2⤵
  PID:6668
- C:\Windows\System\EBmMofb.exe
  C:\Windows\System\EBmMofb.exe
  2⤵
  PID:6696
- C:\Windows\System\pqDfpIY.exe
  C:\Windows\System\pqDfpIY.exe
  2⤵
  PID:6760
- C:\Windows\System\yufbIby.exe
  C:\Windows\System\yufbIby.exe
  2⤵
  PID:6792
- C:\Windows\System\oDJauPX.exe
  C:\Windows\System\oDJauPX.exe
  2⤵
  PID:6848
- C:\Windows\System\vEPqfRo.exe
  C:\Windows\System\vEPqfRo.exe
  2⤵
  PID:6876
- C:\Windows\System\ucvUtyR.exe
  C:\Windows\System\ucvUtyR.exe
  2⤵
  PID:7036
- C:\Windows\System\DQmZVhI.exe
  C:\Windows\System\DQmZVhI.exe
  2⤵
  PID:7072
- C:\Windows\System\DkiXTpz.exe
  C:\Windows\System\DkiXTpz.exe
  2⤵
  PID:7156
- C:\Windows\System\TxXClfb.exe
  C:\Windows\System\TxXClfb.exe
  2⤵
  PID:7088
- C:\Windows\System\gtTGyjx.exe
  C:\Windows\System\gtTGyjx.exe
  2⤵
  PID:5872
- C:\Windows\System\bpWHSBv.exe
  C:\Windows\System\bpWHSBv.exe
  2⤵
  PID:5552
- C:\Windows\System\FXljhYT.exe
  C:\Windows\System\FXljhYT.exe
  2⤵
  PID:5288
- C:\Windows\System\JxdPVjW.exe
  C:\Windows\System\JxdPVjW.exe
  2⤵
  PID:348
- C:\Windows\System\UJUylBi.exe
  C:\Windows\System\UJUylBi.exe
  2⤵
  PID:6268
- C:\Windows\System\FPsDXne.exe
  C:\Windows\System\FPsDXne.exe
  2⤵
  PID:6456
- C:\Windows\System\AmhpryQ.exe
  C:\Windows\System\AmhpryQ.exe
  2⤵
  PID:1696
- C:\Windows\System\IYRtVvZ.exe
  C:\Windows\System\IYRtVvZ.exe
  2⤵
  PID:6968
- C:\Windows\System\KWXNHdW.exe
  C:\Windows\System\KWXNHdW.exe
  2⤵
  PID:6532
- C:\Windows\System\kZrxvld.exe
  C:\Windows\System\kZrxvld.exe
  2⤵
  PID:2880
- C:\Windows\System\ihLpTfP.exe
  C:\Windows\System\ihLpTfP.exe
  2⤵
  PID:1340
- C:\Windows\System\HBFypbU.exe
  C:\Windows\System\HBFypbU.exe
  2⤵
  PID:5476
- C:\Windows\System\bigoqba.exe
  C:\Windows\System\bigoqba.exe
  2⤵
  PID:6316
- C:\Windows\System\tBJaSsC.exe
  C:\Windows\System\tBJaSsC.exe
  2⤵
  PID:6384
- C:\Windows\System\vohLpPj.exe
  C:\Windows\System\vohLpPj.exe
  2⤵
  PID:6416
- C:\Windows\System\wUKASGp.exe
  C:\Windows\System\wUKASGp.exe
  2⤵
  PID:2160
- C:\Windows\System\KVPjJEI.exe
  C:\Windows\System\KVPjJEI.exe
  2⤵
  PID:6756
- C:\Windows\System\zRJRjHy.exe
  C:\Windows\System\zRJRjHy.exe
  2⤵
  PID:7180
- C:\Windows\System\HcQfmom.exe
  C:\Windows\System\HcQfmom.exe
  2⤵
  PID:7196
- C:\Windows\System\svPTgaJ.exe
  C:\Windows\System\svPTgaJ.exe
  2⤵
  PID:7212
- C:\Windows\System\QaLujhV.exe
  C:\Windows\System\QaLujhV.exe
  2⤵
  PID:7232
- C:\Windows\System\EgLUeUG.exe
  C:\Windows\System\EgLUeUG.exe
  2⤵
  PID:7364
- C:\Windows\System\hRNnDCm.exe
  C:\Windows\System\hRNnDCm.exe
  2⤵
  PID:7380
- C:\Windows\System\ueabdKI.exe
  C:\Windows\System\ueabdKI.exe
  2⤵
  PID:7400
- C:\Windows\System\vZjcgNe.exe
  C:\Windows\System\vZjcgNe.exe
  2⤵
  PID:7416
- C:\Windows\System\kngumCx.exe
  C:\Windows\System\kngumCx.exe
  2⤵
  PID:7440
- C:\Windows\System\GHavRXR.exe
  C:\Windows\System\GHavRXR.exe
  2⤵
  PID:7464
- C:\Windows\System\OARokvR.exe
  C:\Windows\System\OARokvR.exe
  2⤵
  PID:7480
- C:\Windows\System\EfHkWzR.exe
  C:\Windows\System\EfHkWzR.exe
  2⤵
  PID:7496
- C:\Windows\System\neRWfrz.exe
  C:\Windows\System\neRWfrz.exe
  2⤵
  PID:7512
- C:\Windows\System\hMMqQGN.exe
  C:\Windows\System\hMMqQGN.exe
  2⤵
  PID:7528
- C:\Windows\System\VNVjpes.exe
  C:\Windows\System\VNVjpes.exe
  2⤵
  PID:7544
- C:\Windows\System\BhRtpWo.exe
  C:\Windows\System\BhRtpWo.exe
  2⤵
  PID:7572
- C:\Windows\System\AnAOoph.exe
  C:\Windows\System\AnAOoph.exe
  2⤵
  PID:7588
- C:\Windows\System\ScwOtvE.exe
  C:\Windows\System\ScwOtvE.exe
  2⤵
  PID:7612
- C:\Windows\System\tXZoLKm.exe
  C:\Windows\System\tXZoLKm.exe
  2⤵
  PID:7632
- C:\Windows\System\aeMCJGE.exe
  C:\Windows\System\aeMCJGE.exe
  2⤵
  PID:7660
- C:\Windows\System\cRGQxgK.exe
  C:\Windows\System\cRGQxgK.exe
  2⤵
  PID:7676
- C:\Windows\System\FfIJMXZ.exe
  C:\Windows\System\FfIJMXZ.exe
  2⤵
  PID:7692
- C:\Windows\System\ZKClOlN.exe
  C:\Windows\System\ZKClOlN.exe
  2⤵
  PID:7724
- C:\Windows\System\mEukkQB.exe
  C:\Windows\System\mEukkQB.exe
  2⤵
  PID:7744
- C:\Windows\System\UqdcIfI.exe
  C:\Windows\System\UqdcIfI.exe
  2⤵
  PID:7760
- C:\Windows\System\Hbdsllw.exe
  C:\Windows\System\Hbdsllw.exe
  2⤵
  PID:7776
- C:\Windows\System\AtAwMMx.exe
  C:\Windows\System\AtAwMMx.exe
  2⤵
  PID:7796
- C:\Windows\System\Wfsrkwp.exe
  C:\Windows\System\Wfsrkwp.exe
  2⤵
  PID:7824
- C:\Windows\System\VetWztA.exe
  C:\Windows\System\VetWztA.exe
  2⤵
  PID:7840
- C:\Windows\System\cbqrTXS.exe
  C:\Windows\System\cbqrTXS.exe
  2⤵
  PID:7856
- C:\Windows\System\ecGgunL.exe
  C:\Windows\System\ecGgunL.exe
  2⤵
  PID:7872
- C:\Windows\System\cpIZvXd.exe
  C:\Windows\System\cpIZvXd.exe
  2⤵
  PID:7892
- C:\Windows\System\cIAjqPD.exe
  C:\Windows\System\cIAjqPD.exe
  2⤵
  PID:7912
- C:\Windows\System\aQPMZuY.exe
  C:\Windows\System\aQPMZuY.exe
  2⤵
  PID:7928
- C:\Windows\System\MFrRWFW.exe
  C:\Windows\System\MFrRWFW.exe
  2⤵
  PID:7956
- C:\Windows\System\VDtouiD.exe
  C:\Windows\System\VDtouiD.exe
  2⤵
  PID:7972
- C:\Windows\System\sazgpPi.exe
  C:\Windows\System\sazgpPi.exe
  2⤵
  PID:7988
- C:\Windows\System\KNMfBex.exe
  C:\Windows\System\KNMfBex.exe
  2⤵
  PID:8004
- C:\Windows\System\UeaMTtA.exe
  C:\Windows\System\UeaMTtA.exe
  2⤵
  PID:8020
- C:\Windows\System\ghskCxq.exe
  C:\Windows\System\ghskCxq.exe
  2⤵
  PID:8044
- C:\Windows\System\YbHVgOH.exe
  C:\Windows\System\YbHVgOH.exe
  2⤵
  PID:8072
- C:\Windows\System\jMVscrO.exe
  C:\Windows\System\jMVscrO.exe
  2⤵
  PID:8088
- C:\Windows\System\pwCTqoS.exe
  C:\Windows\System\pwCTqoS.exe
  2⤵
  PID:8104
- C:\Windows\System\QHvpcvp.exe
  C:\Windows\System\QHvpcvp.exe
  2⤵
  PID:8120
- C:\Windows\System\QvofuDe.exe
  C:\Windows\System\QvofuDe.exe
  2⤵
  PID:8136
- C:\Windows\System\jUhEDuY.exe
  C:\Windows\System\jUhEDuY.exe
  2⤵
  PID:8156
- C:\Windows\System\UhbvGjD.exe
  C:\Windows\System\UhbvGjD.exe
  2⤵
  PID:8176
- C:\Windows\System\vIsxjEc.exe
  C:\Windows\System\vIsxjEc.exe
  2⤵
  PID:6712
- C:\Windows\System\tnyYHIf.exe
  C:\Windows\System\tnyYHIf.exe
  2⤵
  PID:6552
- C:\Windows\System\EkMvGgl.exe
  C:\Windows\System\EkMvGgl.exe
  2⤵
  PID:7068
- C:\Windows\System\dbxVaqu.exe
  C:\Windows\System\dbxVaqu.exe
  2⤵
  PID:6824
- C:\Windows\System\kKbEayB.exe
  C:\Windows\System\kKbEayB.exe
  2⤵
  PID:1936
- C:\Windows\System\KFmqQYy.exe
  C:\Windows\System\KFmqQYy.exe
  2⤵
  PID:6396
- C:\Windows\System\crQSniU.exe
  C:\Windows\System\crQSniU.exe
  2⤵
  PID:6412
- C:\Windows\System\dItHOXr.exe
  C:\Windows\System\dItHOXr.exe
  2⤵
  PID:7136
- C:\Windows\System\XhQISMF.exe
  C:\Windows\System\XhQISMF.exe
  2⤵
  PID:6612
- C:\Windows\System\XLmutXz.exe
  C:\Windows\System\XLmutXz.exe
  2⤵
  PID:7188
- C:\Windows\System\dcishtv.exe
  C:\Windows\System\dcishtv.exe
  2⤵
  PID:6380
- C:\Windows\System\CbRHNxn.exe
  C:\Windows\System\CbRHNxn.exe
  2⤵
  PID:7248
- C:\Windows\System\EqXUJaa.exe
  C:\Windows\System\EqXUJaa.exe
  2⤵
  PID:5144
- C:\Windows\System\eFqYLpP.exe
  C:\Windows\System\eFqYLpP.exe
  2⤵
  PID:5588
- C:\Windows\System\ZOQlQsp.exe
  C:\Windows\System\ZOQlQsp.exe
  2⤵
  PID:1092
- C:\Windows\System\HpYBOBr.exe
  C:\Windows\System\HpYBOBr.exe
  2⤵
  PID:7256
- C:\Windows\System\ynnDEbQ.exe
  C:\Windows\System\ynnDEbQ.exe
  2⤵
  PID:7284
- C:\Windows\System\tzleckW.exe
  C:\Windows\System\tzleckW.exe
  2⤵
  PID:7320
- C:\Windows\System\PdAEGDh.exe
  C:\Windows\System\PdAEGDh.exe
  2⤵
  PID:7340
- C:\Windows\System\mvIBsmz.exe
  C:\Windows\System\mvIBsmz.exe
  2⤵
  PID:7356
- C:\Windows\System\nWdCnYO.exe
  C:\Windows\System\nWdCnYO.exe
  2⤵
  PID:7376
- C:\Windows\System\QwHiGIg.exe
  C:\Windows\System\QwHiGIg.exe
  2⤵
  PID:7388
- C:\Windows\System\kBvKmdl.exe
  C:\Windows\System\kBvKmdl.exe
  2⤵
  PID:7428
- C:\Windows\System\mBJmOWo.exe
  C:\Windows\System\mBJmOWo.exe
  2⤵
  PID:7520
- C:\Windows\System\zuPQXtg.exe
  C:\Windows\System\zuPQXtg.exe
  2⤵
  PID:7560
- C:\Windows\System\yACIDit.exe
  C:\Windows\System\yACIDit.exe
  2⤵
  PID:7536
- C:\Windows\System\XnyVOQH.exe
  C:\Windows\System\XnyVOQH.exe
  2⤵
  PID:7656
- C:\Windows\System\kBPGsjD.exe
  C:\Windows\System\kBPGsjD.exe
  2⤵
  PID:7508
- C:\Windows\System\sRPlLrG.exe
  C:\Windows\System\sRPlLrG.exe
  2⤵
  PID:7688
- C:\Windows\System\aeyFBTZ.exe
  C:\Windows\System\aeyFBTZ.exe
  2⤵
  PID:7740
- C:\Windows\System\fSeSfOz.exe
  C:\Windows\System\fSeSfOz.exe
  2⤵
  PID:7712
- C:\Windows\System\BtTNJHO.exe
  C:\Windows\System\BtTNJHO.exe
  2⤵
  PID:7816
- C:\Windows\System\eADEyIm.exe
  C:\Windows\System\eADEyIm.exe
  2⤵
  PID:7880
- C:\Windows\System\cHZffzW.exe
  C:\Windows\System\cHZffzW.exe
  2⤵
  PID:7996
- C:\Windows\System\xfTQUSB.exe
  C:\Windows\System\xfTQUSB.exe
  2⤵
  PID:8036
- C:\Windows\System\jkRYvtA.exe
  C:\Windows\System\jkRYvtA.exe
  2⤵
  PID:8112
- C:\Windows\System\azOpXRi.exe
  C:\Windows\System\azOpXRi.exe
  2⤵
  PID:8184
- C:\Windows\System\IDxbmhI.exe
  C:\Windows\System\IDxbmhI.exe
  2⤵
  PID:7116
- C:\Windows\System\wheLFep.exe
  C:\Windows\System\wheLFep.exe
  2⤵
  PID:7056
- C:\Windows\System\PYmBdkf.exe
  C:\Windows\System\PYmBdkf.exe
  2⤵
  PID:6868
- C:\Windows\System\wxvatyg.exe
  C:\Windows\System\wxvatyg.exe
  2⤵
  PID:5344
- C:\Windows\System\rtjHiDx.exe
  C:\Windows\System\rtjHiDx.exe
  2⤵
  PID:6176
- C:\Windows\System\JmduXgy.exe
  C:\Windows\System\JmduXgy.exe
  2⤵
  PID:7268
- C:\Windows\System\rgKeFsL.exe
  C:\Windows\System\rgKeFsL.exe
  2⤵
  PID:7336
- C:\Windows\System\GpbCabW.exe
  C:\Windows\System\GpbCabW.exe
  2⤵
  PID:6832
- C:\Windows\System\CoJxVpR.exe
  C:\Windows\System\CoJxVpR.exe
  2⤵
  PID:7784
- C:\Windows\System\gwWQYMC.exe
  C:\Windows\System\gwWQYMC.exe
  2⤵
  PID:7936
- C:\Windows\System\IMlZykX.exe
  C:\Windows\System\IMlZykX.exe
  2⤵
  PID:7948
- C:\Windows\System\fjVaUin.exe
  C:\Windows\System\fjVaUin.exe
  2⤵
  PID:7540
- C:\Windows\System\QlAGNYV.exe
  C:\Windows\System\QlAGNYV.exe
  2⤵
  PID:1280
- C:\Windows\System\njyTmDH.exe
  C:\Windows\System\njyTmDH.exe
  2⤵
  PID:4228
- C:\Windows\System\gITKdcS.exe
  C:\Windows\System\gITKdcS.exe
  2⤵
  PID:7848
- C:\Windows\System\DbxcvvP.exe
  C:\Windows\System\DbxcvvP.exe
  2⤵
  PID:8012
- C:\Windows\System\ytbioLS.exe
  C:\Windows\System\ytbioLS.exe
  2⤵
  PID:8056
- C:\Windows\System\dWhbBCQ.exe
  C:\Windows\System\dWhbBCQ.exe
  2⤵
  PID:8096
- C:\Windows\System\dykRKoB.exe
  C:\Windows\System\dykRKoB.exe
  2⤵
  PID:7348
- C:\Windows\System\dcICPco.exe
  C:\Windows\System\dcICPco.exe
  2⤵
  PID:2044
- C:\Windows\System\usSRCsa.exe
  C:\Windows\System\usSRCsa.exe
  2⤵
  PID:8148
- C:\Windows\System\zYnKcWS.exe
  C:\Windows\System\zYnKcWS.exe
  2⤵
  PID:6776
- C:\Windows\System\XqzOiFr.exe
  C:\Windows\System\XqzOiFr.exe
  2⤵
  PID:7608
- C:\Windows\System\BgjIATs.exe
  C:\Windows\System\BgjIATs.exe
  2⤵
  PID:7504
- C:\Windows\System\wolFmlI.exe
  C:\Windows\System\wolFmlI.exe
  2⤵
  PID:7900
- C:\Windows\System\bdYbpGj.exe
  C:\Windows\System\bdYbpGj.exe
  2⤵
  PID:7492
- C:\Windows\System\vcXJTlD.exe
  C:\Windows\System\vcXJTlD.exe
  2⤵
  PID:7804
- C:\Windows\System\HDPIoKw.exe
  C:\Windows\System\HDPIoKw.exe
  2⤵
  PID:7920
- C:\Windows\System\zdkQYqm.exe
  C:\Windows\System\zdkQYqm.exe
  2⤵
  PID:8080
- C:\Windows\System\ooKCzZT.exe
  C:\Windows\System\ooKCzZT.exe
  2⤵
  PID:7224
- C:\Windows\System\ySBgFYS.exe
  C:\Windows\System\ySBgFYS.exe
  2⤵
  PID:1032
- C:\Windows\System\DErYMLO.exe
  C:\Windows\System\DErYMLO.exe
  2⤵
  PID:7864
- C:\Windows\System\GvytoaS.exe
  C:\Windows\System\GvytoaS.exe
  2⤵
  PID:7644
- C:\Windows\System\HBtNNCf.exe
  C:\Windows\System\HBtNNCf.exe
  2⤵
  PID:7584
- C:\Windows\System\gYgWLch.exe
  C:\Windows\System\gYgWLch.exe
  2⤵
  PID:7272
- C:\Windows\System\NPodsKc.exe
  C:\Windows\System\NPodsKc.exe
  2⤵
  PID:7944
- C:\Windows\System\KDOKQpr.exe
  C:\Windows\System\KDOKQpr.exe
  2⤵
  PID:7768
- C:\Windows\System\KvwjDFb.exe
  C:\Windows\System\KvwjDFb.exe
  2⤵
  PID:7604
- C:\Windows\System\hCVRjbB.exe
  C:\Windows\System\hCVRjbB.exe
  2⤵
  PID:7668
- C:\Windows\System\ODOmGxJ.exe
  C:\Windows\System\ODOmGxJ.exe
  2⤵
  PID:8064
- C:\Windows\System\ZEhiPch.exe
  C:\Windows\System\ZEhiPch.exe
  2⤵
  PID:8168
- C:\Windows\System\yaBUklu.exe
  C:\Windows\System\yaBUklu.exe
  2⤵
  PID:6856
- C:\Windows\System\MBFRiey.exe
  C:\Windows\System\MBFRiey.exe
  2⤵
  PID:6796
- C:\Windows\System\TMmUhGA.exe
  C:\Windows\System\TMmUhGA.exe
  2⤵
  PID:7456
- C:\Windows\System\eytMSxx.exe
  C:\Windows\System\eytMSxx.exe
  2⤵
  PID:2828
- C:\Windows\System\lZqpRnw.exe
  C:\Windows\System\lZqpRnw.exe
  2⤵
  PID:7968
- C:\Windows\System\sURlhpc.exe
  C:\Windows\System\sURlhpc.exe
  2⤵
  PID:5424
- C:\Windows\System\ZPPbyTa.exe
  C:\Windows\System\ZPPbyTa.exe
  2⤵
  PID:7832
- C:\Windows\System\SOIAdZS.exe
  C:\Windows\System\SOIAdZS.exe
  2⤵
  PID:7304
- C:\Windows\System\CzGOnGq.exe
  C:\Windows\System\CzGOnGq.exe
  2⤵
  PID:7472
- C:\Windows\System\JyPhrvi.exe
  C:\Windows\System\JyPhrvi.exe
  2⤵
  PID:2652
- C:\Windows\System\xWmgmyy.exe
  C:\Windows\System\xWmgmyy.exe
  2⤵
  PID:7980
- C:\Windows\System\sPoleOk.exe
  C:\Windows\System\sPoleOk.exe
  2⤵
  PID:8028
- C:\Windows\System\GvaLDLR.exe
  C:\Windows\System\GvaLDLR.exe
  2⤵
  PID:8164
- C:\Windows\System\Kbxudek.exe
  C:\Windows\System\Kbxudek.exe
  2⤵
  PID:7396
- C:\Windows\System\jscbCqj.exe
  C:\Windows\System\jscbCqj.exe
  2⤵
  PID:7132
- C:\Windows\System\SZStHwz.exe
  C:\Windows\System\SZStHwz.exe
  2⤵
  PID:3292
- C:\Windows\System\suiEXJI.exe
  C:\Windows\System\suiEXJI.exe
  2⤵
  PID:7952
- C:\Windows\System\ecrTKNV.exe
  C:\Windows\System\ecrTKNV.exe
  2⤵
  PID:7888
- C:\Windows\System\OuzXvWk.exe
  C:\Windows\System\OuzXvWk.exe
  2⤵
  PID:7332
- C:\Windows\System\jtTibRv.exe
  C:\Windows\System\jtTibRv.exe
  2⤵
  PID:7852
- C:\Windows\System\qUclrSs.exe
  C:\Windows\System\qUclrSs.exe
  2⤵
  PID:7964
- C:\Windows\System\NalLxmM.exe
  C:\Windows\System\NalLxmM.exe
  2⤵
  PID:7244
- C:\Windows\System\ReYuiLK.exe
  C:\Windows\System\ReYuiLK.exe
  2⤵
  PID:6800
- C:\Windows\System\OBiayDz.exe
  C:\Windows\System\OBiayDz.exe
  2⤵
  PID:7788
- C:\Windows\System\ErtLDPr.exe
  C:\Windows\System\ErtLDPr.exe
  2⤵
  PID:7720
- C:\Windows\System\vNAeEXp.exe
  C:\Windows\System\vNAeEXp.exe
  2⤵
  PID:7176
- C:\Windows\System\zIyYpyY.exe
  C:\Windows\System\zIyYpyY.exe
  2⤵
  PID:7228
- C:\Windows\System\tpZnauQ.exe
  C:\Windows\System\tpZnauQ.exe
  2⤵
  PID:7624
- C:\Windows\System\ggstcIN.exe
  C:\Windows\System\ggstcIN.exe
  2⤵
  PID:7984
- C:\Windows\System\pHdVgqg.exe
  C:\Windows\System\pHdVgqg.exe
  2⤵
  PID:6896
- C:\Windows\System\VJnXNhm.exe
  C:\Windows\System\VJnXNhm.exe
  2⤵
  PID:8208
- C:\Windows\System\GdPNDeL.exe
  C:\Windows\System\GdPNDeL.exe
  2⤵
  PID:8232
- C:\Windows\System\IOOSTsI.exe
  C:\Windows\System\IOOSTsI.exe
  2⤵
  PID:8248
- C:\Windows\System\kowahlY.exe
  C:\Windows\System\kowahlY.exe
  2⤵
  PID:8268
- C:\Windows\System\ablCSKR.exe
  C:\Windows\System\ablCSKR.exe
  2⤵
  PID:8284
- C:\Windows\System\fCpwWMZ.exe
  C:\Windows\System\fCpwWMZ.exe
  2⤵
  PID:8300
- C:\Windows\System\dkIjWqb.exe
  C:\Windows\System\dkIjWqb.exe
  2⤵
  PID:8320
- C:\Windows\System\osBJZLw.exe
  C:\Windows\System\osBJZLw.exe
  2⤵
  PID:8340
- C:\Windows\System\tZKzeLi.exe
  C:\Windows\System\tZKzeLi.exe
  2⤵
  PID:8356
- C:\Windows\System\jzqIIBn.exe
  C:\Windows\System\jzqIIBn.exe
  2⤵
  PID:8372
- C:\Windows\System\HsiQPBI.exe
  C:\Windows\System\HsiQPBI.exe
  2⤵
  PID:8396
- C:\Windows\System\UlVyNEz.exe
  C:\Windows\System\UlVyNEz.exe
  2⤵
  PID:8420
- C:\Windows\System\PBeEPcz.exe
  C:\Windows\System\PBeEPcz.exe
  2⤵
  PID:8436
- C:\Windows\System\EvLrtJc.exe
  C:\Windows\System\EvLrtJc.exe
  2⤵
  PID:8464
- C:\Windows\System\ELUwZNz.exe
  C:\Windows\System\ELUwZNz.exe
  2⤵
  PID:8480
- C:\Windows\System\IBbXpWP.exe
  C:\Windows\System\IBbXpWP.exe
  2⤵
  PID:8504
- C:\Windows\System\WykOGeK.exe
  C:\Windows\System\WykOGeK.exe
  2⤵
  PID:8524
- C:\Windows\System\pZwHmpH.exe
  C:\Windows\System\pZwHmpH.exe
  2⤵
  PID:8540
- C:\Windows\System\OUQEUFV.exe
  C:\Windows\System\OUQEUFV.exe
  2⤵
  PID:8556
- C:\Windows\System\DHFbTMM.exe
  C:\Windows\System\DHFbTMM.exe
  2⤵
  PID:8584
- C:\Windows\System\SgsswJZ.exe
  C:\Windows\System\SgsswJZ.exe
  2⤵
  PID:8604
- C:\Windows\System\MZKiEDg.exe
  C:\Windows\System\MZKiEDg.exe
  2⤵
  PID:8636
- C:\Windows\System\BHuZEwp.exe
  C:\Windows\System\BHuZEwp.exe
  2⤵
  PID:8652
- C:\Windows\System\BCJCOtc.exe
  C:\Windows\System\BCJCOtc.exe
  2⤵
  PID:8672
- C:\Windows\System\mIculWS.exe
  C:\Windows\System\mIculWS.exe
  2⤵
  PID:8688
- C:\Windows\System\vEFoxpz.exe
  C:\Windows\System\vEFoxpz.exe
  2⤵
  PID:8716
- C:\Windows\System\SAyqstV.exe
  C:\Windows\System\SAyqstV.exe
  2⤵
  PID:8736
- C:\Windows\System\wyJBEeU.exe
  C:\Windows\System\wyJBEeU.exe
  2⤵
  PID:8756
- C:\Windows\System\BUjlSsI.exe
  C:\Windows\System\BUjlSsI.exe
  2⤵
  PID:8776
- C:\Windows\System\IzLLRWO.exe
  C:\Windows\System\IzLLRWO.exe
  2⤵
  PID:8800
- C:\Windows\System\kpBWwZk.exe
  C:\Windows\System\kpBWwZk.exe
  2⤵
  PID:8816
- C:\Windows\System\XmyenrR.exe
  C:\Windows\System\XmyenrR.exe
  2⤵
  PID:8832
- C:\Windows\System\ypyeAXi.exe
  C:\Windows\System\ypyeAXi.exe
  2⤵
  PID:8852
- C:\Windows\System\BDbrzYH.exe
  C:\Windows\System\BDbrzYH.exe
  2⤵
  PID:8884
- C:\Windows\System\gGOixdZ.exe
  C:\Windows\System\gGOixdZ.exe
  2⤵
  PID:8900
- C:\Windows\System\HxBqFFV.exe
  C:\Windows\System\HxBqFFV.exe
  2⤵
  PID:8916
- C:\Windows\System\ZdfonvN.exe
  C:\Windows\System\ZdfonvN.exe
  2⤵
  PID:8932
- C:\Windows\System\bOmpShj.exe
  C:\Windows\System\bOmpShj.exe
  2⤵
  PID:8948
- C:\Windows\System\kUXzrUc.exe
  C:\Windows\System\kUXzrUc.exe
  2⤵
  PID:8972
- C:\Windows\System\SDrnEvH.exe
  C:\Windows\System\SDrnEvH.exe
  2⤵
  PID:8992
- C:\Windows\System\TiWbJgR.exe
  C:\Windows\System\TiWbJgR.exe
  2⤵
  PID:9008
- C:\Windows\System\JMZKcLt.exe
  C:\Windows\System\JMZKcLt.exe
  2⤵
  PID:9024
- C:\Windows\System\cZpFaby.exe
  C:\Windows\System\cZpFaby.exe
  2⤵
  PID:9040
- C:\Windows\System\ceDADGE.exe
  C:\Windows\System\ceDADGE.exe
  2⤵
  PID:9060
- C:\Windows\System\oFXogtC.exe
  C:\Windows\System\oFXogtC.exe
  2⤵
  PID:9092
- C:\Windows\System\lSrkCJu.exe
  C:\Windows\System\lSrkCJu.exe
  2⤵
  PID:9108
- C:\Windows\System\OpAdDDE.exe
  C:\Windows\System\OpAdDDE.exe
  2⤵
  PID:9124
- C:\Windows\System\jvlMscH.exe
  C:\Windows\System\jvlMscH.exe
  2⤵
  PID:9152
- C:\Windows\System\iRBortG.exe
  C:\Windows\System\iRBortG.exe
  2⤵
  PID:9168
- C:\Windows\System\cwdZZWr.exe
  C:\Windows\System\cwdZZWr.exe
  2⤵
  PID:9184
- C:\Windows\System\KHucNEf.exe
  C:\Windows\System\KHucNEf.exe
  2⤵
  PID:9200
- C:\Windows\System\iObgSFU.exe
  C:\Windows\System\iObgSFU.exe
  2⤵
  PID:7288
- C:\Windows\System\HjarzKn.exe
  C:\Windows\System\HjarzKn.exe
  2⤵
  PID:8380
- C:\Windows\System\CPVrqiW.exe
  C:\Windows\System\CPVrqiW.exe
  2⤵
  PID:8432
- C:\Windows\System\xFQiVTP.exe
  C:\Windows\System\xFQiVTP.exe
  2⤵
  PID:8472
- C:\Windows\System\OYmEJHL.exe
  C:\Windows\System\OYmEJHL.exe
  2⤵
  PID:8516
- C:\Windows\System\ICTdXgt.exe
  C:\Windows\System\ICTdXgt.exe
  2⤵
  PID:8460
- C:\Windows\System\aleiuTW.exe
  C:\Windows\System\aleiuTW.exe
  2⤵
  PID:8592
- C:\Windows\System\vbEprww.exe
  C:\Windows\System\vbEprww.exe
  2⤵
  PID:8256
- C:\Windows\System\cRRjeEN.exe
  C:\Windows\System\cRRjeEN.exe
  2⤵
  PID:8364
- C:\Windows\System\PTEmlDA.exe
  C:\Windows\System\PTEmlDA.exe
  2⤵
  PID:8408
- C:\Windows\System\nJAOcNG.exe
  C:\Windows\System\nJAOcNG.exe
  2⤵
  PID:8496
- C:\Windows\System\tSmZKVY.exe
  C:\Windows\System\tSmZKVY.exe
  2⤵
  PID:8500
- C:\Windows\System\jAAbxwA.exe
  C:\Windows\System\jAAbxwA.exe
  2⤵
  PID:8628
- C:\Windows\System\DVwaOyZ.exe
  C:\Windows\System\DVwaOyZ.exe
  2⤵
  PID:8684
- C:\Windows\System\LNZJdhZ.exe
  C:\Windows\System\LNZJdhZ.exe
  2⤵
  PID:8704
- C:\Windows\System\jFLfDvZ.exe
  C:\Windows\System\jFLfDvZ.exe
  2⤵
  PID:8724
- C:\Windows\System\ajMOsgh.exe
  C:\Windows\System\ajMOsgh.exe
  2⤵
  PID:8768
- C:\Windows\System\YnMSDPI.exe
  C:\Windows\System\YnMSDPI.exe
  2⤵
  PID:8788
- C:\Windows\System\WtenxYj.exe
  C:\Windows\System\WtenxYj.exe
  2⤵
  PID:8840
- C:\Windows\System\NlMWbNP.exe
  C:\Windows\System\NlMWbNP.exe
  2⤵
  PID:8848
- C:\Windows\System\zBrWLUF.exe
  C:\Windows\System\zBrWLUF.exe
  2⤵
  PID:8892
- C:\Windows\System\vVDHHKg.exe
  C:\Windows\System\vVDHHKg.exe
  2⤵
  PID:8412
- C:\Windows\System\dUYTboE.exe
  C:\Windows\System\dUYTboE.exe
  2⤵
  PID:8964
- C:\Windows\System\hffciYg.exe
  C:\Windows\System\hffciYg.exe
  2⤵
  PID:9032
- C:\Windows\System\VnlDDVd.exe
  C:\Windows\System\VnlDDVd.exe
  2⤵
  PID:9084
- C:\Windows\System\PWXfXhC.exe
  C:\Windows\System\PWXfXhC.exe
  2⤵
  PID:9164
- C:\Windows\System\tUorGdB.exe
  C:\Windows\System\tUorGdB.exe
  2⤵
  PID:8944
- C:\Windows\System\UCzeRJt.exe
  C:\Windows\System\UCzeRJt.exe
  2⤵
  PID:9052
- C:\Windows\System\ZRtbRFm.exe
  C:\Windows\System\ZRtbRFm.exe
  2⤵
  PID:9016
- C:\Windows\System\eRaOCUG.exe
  C:\Windows\System\eRaOCUG.exe
  2⤵
  PID:9144
- C:\Windows\System\zZSFqRX.exe
  C:\Windows\System\zZSFqRX.exe
  2⤵
  PID:8204
- C:\Windows\System\ajIjpPe.exe
  C:\Windows\System\ajIjpPe.exe
  2⤵
  PID:8316
- C:\Windows\System\dMFwrAW.exe
  C:\Windows\System\dMFwrAW.exe
  2⤵
  PID:8392
- C:\Windows\System\ihBDIdG.exe
  C:\Windows\System\ihBDIdG.exe
  2⤵
  PID:8328
- C:\Windows\System\tWMeBEU.exe
  C:\Windows\System\tWMeBEU.exe
  2⤵
  PID:8220
- C:\Windows\System\JSlQAAU.exe
  C:\Windows\System\JSlQAAU.exe
  2⤵
  PID:8228
- C:\Windows\System\JkLxoNI.exe
  C:\Windows\System\JkLxoNI.exe
  2⤵
  PID:8572
- C:\Windows\System\hIqmrpF.exe
  C:\Windows\System\hIqmrpF.exe
  2⤵
  PID:8444
- C:\Windows\System\lwuLAJg.exe
  C:\Windows\System\lwuLAJg.exe
  2⤵
  PID:8612
- C:\Windows\System\NswFdXF.exe
  C:\Windows\System\NswFdXF.exe
  2⤵
  PID:8632
- C:\Windows\System\ucJNItL.exe
  C:\Windows\System\ucJNItL.exe
  2⤵
  PID:8708
- C:\Windows\System\uZJFQbh.exe
  C:\Windows\System\uZJFQbh.exe
  2⤵
  PID:8752
- C:\Windows\System\WMgnjaX.exe
  C:\Windows\System\WMgnjaX.exe
  2⤵
  PID:8808
- C:\Windows\System\cbIhtbi.exe
  C:\Windows\System\cbIhtbi.exe
  2⤵
  PID:8876
- C:\Windows\System\ZkbFRyE.exe
  C:\Windows\System\ZkbFRyE.exe
  2⤵
  PID:8912
- C:\Windows\System\HlHUovK.exe
  C:\Windows\System\HlHUovK.exe
  2⤵
  PID:8956
- C:\Windows\System\HMUZWFm.exe
  C:\Windows\System\HMUZWFm.exe
  2⤵
  PID:9072
- C:\Windows\System\VMDZgXg.exe
  C:\Windows\System\VMDZgXg.exe
  2⤵
  PID:9076
- C:\Windows\System\DfbfIwl.exe
  C:\Windows\System\DfbfIwl.exe
  2⤵
  PID:9056
- C:\Windows\System\ugXNXUW.exe
  C:\Windows\System\ugXNXUW.exe
  2⤵
  PID:9176
- C:\Windows\System\wHIPrxL.exe
  C:\Windows\System\wHIPrxL.exe
  2⤵
  PID:8312
- C:\Windows\System\JqjspWw.exe
  C:\Windows\System\JqjspWw.exe
  2⤵
  PID:8428
- C:\Windows\System\TPVrpgB.exe
  C:\Windows\System\TPVrpgB.exe
  2⤵
  PID:8648
- C:\Windows\System\tJmcrkm.exe
  C:\Windows\System\tJmcrkm.exe
  2⤵
  PID:8764
- C:\Windows\System\ShohXXV.exe
  C:\Windows\System\ShohXXV.exe
  2⤵
  PID:9000
- C:\Windows\System\edRKyrN.exe
  C:\Windows\System\edRKyrN.exe
  2⤵
  PID:9136
- C:\Windows\System\ueWvnBS.exe
  C:\Windows\System\ueWvnBS.exe
  2⤵
  PID:8552
- C:\Windows\System\dzgIlMZ.exe
  C:\Windows\System\dzgIlMZ.exe
  2⤵
  PID:8224
- C:\Windows\System\GjSaUja.exe
  C:\Windows\System\GjSaUja.exe
  2⤵
  PID:8576
- C:\Windows\System\tXpzfMg.exe
  C:\Windows\System\tXpzfMg.exe
  2⤵
  PID:9196
- C:\Windows\System\oPAUJFo.exe
  C:\Windows\System\oPAUJFo.exe
  2⤵
  PID:8660
- C:\Windows\System\ICTzhuw.exe
  C:\Windows\System\ICTzhuw.exe
  2⤵
  PID:8812
- C:\Windows\System\PButTNT.exe
  C:\Windows\System\PButTNT.exe
  2⤵
  PID:9208
- C:\Windows\System\mofuphJ.exe
  C:\Windows\System\mofuphJ.exe
  2⤵
  PID:8988
- C:\Windows\System\OnEeZtY.exe
  C:\Windows\System\OnEeZtY.exe
  2⤵
  PID:9088
- C:\Windows\System\CLAyHfG.exe
  C:\Windows\System\CLAyHfG.exe
  2⤵
  PID:8828
- C:\Windows\System\JLjeSKc.exe
  C:\Windows\System\JLjeSKc.exe
  2⤵
  PID:9180
- C:\Windows\System\hRuQzqq.exe
  C:\Windows\System\hRuQzqq.exe
  2⤵
  PID:8696
- C:\Windows\System\QQLmOrF.exe
  C:\Windows\System\QQLmOrF.exe
  2⤵
  PID:8680
- C:\Windows\System\ODnOWlT.exe
  C:\Windows\System\ODnOWlT.exe
  2⤵
  PID:8532
- C:\Windows\System\DVFRSfy.exe
  C:\Windows\System\DVFRSfy.exe
  2⤵
  PID:8568
- C:\Windows\System\tAoixMH.exe
  C:\Windows\System\tAoixMH.exe
  2⤵
  PID:8580
- C:\Windows\System\eQQpUWQ.exe
  C:\Windows\System\eQQpUWQ.exe
  2⤵
  PID:8748
- C:\Windows\System\pdxFYFt.exe
  C:\Windows\System\pdxFYFt.exe
  2⤵
  PID:9132
- C:\Windows\System\FbUfXiH.exe
  C:\Windows\System\FbUfXiH.exe
  2⤵
  PID:8960
- C:\Windows\System\oLacGvE.exe
  C:\Windows\System\oLacGvE.exe
  2⤵
  PID:9224
- C:\Windows\System\VacfPVq.exe
  C:\Windows\System\VacfPVq.exe
  2⤵
  PID:9244
- C:\Windows\System\BTtbNqK.exe
  C:\Windows\System\BTtbNqK.exe
  2⤵
  PID:9264
- C:\Windows\System\OgYFWMc.exe
  C:\Windows\System\OgYFWMc.exe
  2⤵
  PID:9284
- C:\Windows\System\xiFepVN.exe
  C:\Windows\System\xiFepVN.exe
  2⤵
  PID:9300
- C:\Windows\System\JdcLnsv.exe
  C:\Windows\System\JdcLnsv.exe
  2⤵
  PID:9320
- C:\Windows\System\jyFzMio.exe
  C:\Windows\System\jyFzMio.exe
  2⤵
  PID:9336
- C:\Windows\System\ZVMFNTt.exe
  C:\Windows\System\ZVMFNTt.exe
  2⤵
  PID:9356
- C:\Windows\System\DZjZrKj.exe
  C:\Windows\System\DZjZrKj.exe
  2⤵
  PID:9376
- C:\Windows\System\GMOSPtU.exe
  C:\Windows\System\GMOSPtU.exe
  2⤵
  PID:9408
- C:\Windows\System\FRpKRYB.exe
  C:\Windows\System\FRpKRYB.exe
  2⤵
  PID:9428
- C:\Windows\System\ttxBNUy.exe
  C:\Windows\System\ttxBNUy.exe
  2⤵
  PID:9448
- C:\Windows\System\yvpavFC.exe
  C:\Windows\System\yvpavFC.exe
  2⤵
  PID:9464
- C:\Windows\System\TsjBgzk.exe
  C:\Windows\System\TsjBgzk.exe
  2⤵
  PID:9484
- C:\Windows\System\xmupmDW.exe
  C:\Windows\System\xmupmDW.exe
  2⤵
  PID:9500
- C:\Windows\System\tZWBlJs.exe
  C:\Windows\System\tZWBlJs.exe
  2⤵
  PID:9520
- C:\Windows\System\tTZNdXL.exe
  C:\Windows\System\tTZNdXL.exe
  2⤵
  PID:9536
- C:\Windows\System\yyfgGkL.exe
  C:\Windows\System\yyfgGkL.exe
  2⤵
  PID:9552
- C:\Windows\System\uRELnNl.exe
  C:\Windows\System\uRELnNl.exe
  2⤵
  PID:9572
- C:\Windows\System\DAqbJTL.exe
  C:\Windows\System\DAqbJTL.exe
  2⤵
  PID:9588
- C:\Windows\System\oPFBvcd.exe
  C:\Windows\System\oPFBvcd.exe
  2⤵
  PID:9612
- C:\Windows\System\VxwuKtQ.exe
  C:\Windows\System\VxwuKtQ.exe
  2⤵
  PID:9632
- C:\Windows\System\fFobMPM.exe
  C:\Windows\System\fFobMPM.exe
  2⤵
  PID:9648
- C:\Windows\System\tIbpwXz.exe
  C:\Windows\System\tIbpwXz.exe
  2⤵
  PID:9664
- C:\Windows\System\qrvgUVw.exe
  C:\Windows\System\qrvgUVw.exe
  2⤵
  PID:9680
- C:\Windows\System\MqIDMpT.exe
  C:\Windows\System\MqIDMpT.exe
  2⤵
  PID:9696
- C:\Windows\System\zBMVmfG.exe
  C:\Windows\System\zBMVmfG.exe
  2⤵
  PID:9712
- C:\Windows\System\lziXsGG.exe
  C:\Windows\System\lziXsGG.exe
  2⤵
  PID:9736
- C:\Windows\System\riaHjFn.exe
  C:\Windows\System\riaHjFn.exe
  2⤵
  PID:9756
- C:\Windows\System\hNoQzWf.exe
  C:\Windows\System\hNoQzWf.exe
  2⤵
  PID:9772
- C:\Windows\System\FAhRVnS.exe
  C:\Windows\System\FAhRVnS.exe
  2⤵
  PID:9796
- C:\Windows\System\AbClTlP.exe
  C:\Windows\System\AbClTlP.exe
  2⤵
  PID:9816
- C:\Windows\System\pHOQiVA.exe
  C:\Windows\System\pHOQiVA.exe
  2⤵
  PID:9836
- C:\Windows\System\HyWxotG.exe
  C:\Windows\System\HyWxotG.exe
  2⤵
  PID:9856
- C:\Windows\System\LFQcSvp.exe
  C:\Windows\System\LFQcSvp.exe
  2⤵
  PID:9876
- C:\Windows\System\vdrUNDV.exe
  C:\Windows\System\vdrUNDV.exe
  2⤵
  PID:9896
- C:\Windows\System\BLeHhpk.exe
  C:\Windows\System\BLeHhpk.exe
  2⤵
  PID:9920
- C:\Windows\System\xhUIqIh.exe
  C:\Windows\System\xhUIqIh.exe
  2⤵
  PID:9940
- C:\Windows\System\IfitILw.exe
  C:\Windows\System\IfitILw.exe
  2⤵
  PID:9956
- C:\Windows\System\gGqgqfR.exe
  C:\Windows\System\gGqgqfR.exe
  2⤵
  PID:9980
- C:\Windows\System\LcFSHVx.exe
  C:\Windows\System\LcFSHVx.exe
  2⤵
  PID:9996
- C:\Windows\System\wcgCUoS.exe
  C:\Windows\System\wcgCUoS.exe
  2⤵
  PID:10012
- C:\Windows\System\iCekqkx.exe
  C:\Windows\System\iCekqkx.exe
  2⤵
  PID:10036
- C:\Windows\System\RdGvJPx.exe
  C:\Windows\System\RdGvJPx.exe
  2⤵
  PID:10056
- C:\Windows\System\XhVZsya.exe
  C:\Windows\System\XhVZsya.exe
  2⤵
  PID:10076
- C:\Windows\System\EJPvPua.exe
  C:\Windows\System\EJPvPua.exe
  2⤵
  PID:10104
- C:\Windows\System\ztiBnle.exe
  C:\Windows\System\ztiBnle.exe
  2⤵
  PID:10128
- C:\Windows\System\blOpQLp.exe
  C:\Windows\System\blOpQLp.exe
  2⤵
  PID:10164
- C:\Windows\System\oYMWOKI.exe
  C:\Windows\System\oYMWOKI.exe
  2⤵
  PID:10184
- C:\Windows\System\NlpyUGp.exe
  C:\Windows\System\NlpyUGp.exe
  2⤵
  PID:10204
- C:\Windows\System\GpNENXE.exe
  C:\Windows\System\GpNENXE.exe
  2⤵
  PID:10220
- C:\Windows\System\YOSJMub.exe
  C:\Windows\System\YOSJMub.exe
  2⤵
  PID:10236
- C:\Windows\System\nckbiih.exe
  C:\Windows\System\nckbiih.exe
  2⤵
  PID:8456
- C:\Windows\System\BfxgtjZ.exe
  C:\Windows\System\BfxgtjZ.exe
  2⤵
  PID:9252
- C:\Windows\System\ubMiehn.exe
  C:\Windows\System\ubMiehn.exe
  2⤵
  PID:9276
- C:\Windows\System\zLDPPhE.exe
  C:\Windows\System\zLDPPhE.exe
  2⤵
  PID:9328
- C:\Windows\System\jEDpNZy.exe
  C:\Windows\System\jEDpNZy.exe
  2⤵
  PID:9368
- C:\Windows\System\kmGDFmi.exe
  C:\Windows\System\kmGDFmi.exe
  2⤵
  PID:9352
- C:\Windows\System\UxjmLMk.exe
  C:\Windows\System\UxjmLMk.exe
  2⤵
  PID:9424
- C:\Windows\System\SfGMtFy.exe
  C:\Windows\System\SfGMtFy.exe
  2⤵
  PID:9404
- C:\Windows\System\PGhEcCd.exe
  C:\Windows\System\PGhEcCd.exe
  2⤵
  PID:9560
- C:\Windows\System\HLyGxRN.exe
  C:\Windows\System\HLyGxRN.exe
  2⤵
  PID:9608
- C:\Windows\System\tOEXPIT.exe
  C:\Windows\System\tOEXPIT.exe
  2⤵
  PID:9676
- C:\Windows\System\fPkdkHO.exe
  C:\Windows\System\fPkdkHO.exe
  2⤵
  PID:9748
- C:\Windows\System\YvmnnOd.exe
  C:\Windows\System\YvmnnOd.exe
  2⤵
  PID:9828
- C:\Windows\System\HpxZThn.exe
  C:\Windows\System\HpxZThn.exe
  2⤵
  PID:9904
- C:\Windows\System\fiSfJiC.exe
  C:\Windows\System\fiSfJiC.exe
  2⤵
  PID:9988
- C:\Windows\System\qrfdLRQ.exe
  C:\Windows\System\qrfdLRQ.exe
  2⤵
  PID:10032
- C:\Windows\System\QzkvJjH.exe
  C:\Windows\System\QzkvJjH.exe
  2⤵
  PID:9720
- C:\Windows\System\JuuRFFS.exe
  C:\Windows\System\JuuRFFS.exe
  2⤵
  PID:9620
- C:\Windows\System\IBREcxc.exe
  C:\Windows\System\IBREcxc.exe
  2⤵
  PID:9516
- C:\Windows\System\bCvhfZt.exe
  C:\Windows\System\bCvhfZt.exe
  2⤵
  PID:9580
- C:\Windows\System\CYhBSXt.exe
  C:\Windows\System\CYhBSXt.exe
  2⤵
  PID:9724
- C:\Windows\System\JLNjcle.exe
  C:\Windows\System\JLNjcle.exe
  2⤵
  PID:10124
- C:\Windows\System\SSUrVNI.exe
  C:\Windows\System\SSUrVNI.exe
  2⤵
  PID:10180
- C:\Windows\System\GYwvnpV.exe
  C:\Windows\System\GYwvnpV.exe
  2⤵
  PID:9220
- C:\Windows\System\PsYWiuP.exe
  C:\Windows\System\PsYWiuP.exe
  2⤵
  PID:9844
- C:\Windows\System\jMnSCun.exe
  C:\Windows\System\jMnSCun.exe
  2⤵
  PID:9292
- C:\Windows\System\cQMceWX.exe
  C:\Windows\System\cQMceWX.exe
  2⤵
  PID:9932
- C:\Windows\System\OnIldHm.exe
  C:\Windows\System\OnIldHm.exe
  2⤵
  PID:10008
- C:\Windows\System\cQKzglh.exe
  C:\Windows\System\cQKzglh.exe
  2⤵
  PID:9388
- C:\Windows\System\PIGzZSO.exe
  C:\Windows\System\PIGzZSO.exe
  2⤵
  PID:9472
- C:\Windows\System\GCjvphH.exe
  C:\Windows\System\GCjvphH.exe
  2⤵
  PID:9792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AFhgsLk.exe

Filesize
6.1MB

MD5
8e245aa31afae796877895844982dfaf

SHA1
dfb5d49ea26a820f6f5cc153db2437e6f719ff65

SHA256
42254511a159a8928f29389317f569d045a02220437b42e36f53b57366556817

SHA512
a7141852565908a9aff7a8e641f78f2149e892c1bb772ae94813cb89178d64d1c33fc229f62a84966a318875b881c8693625bb26f3d6a651a4e953ad7c36cc4a

Download Submit
C:\Windows\system\AyzYPxd.exe

Filesize
6.1MB

MD5
d88c5a135f7ce8dec9c094367863f645

SHA1
ce07129575d79fa1a8d459db2e1d96d2bdc71101

SHA256
0882cfa9368b01946bb9618533fe1b74143248029cbdcd41fb05798e9df0ba8e

SHA512
ef12f62bba3b9d6edbce686cc49ad964b25c78d43522306b81211cc0fd95e8a1bd6f860ddd0a7b2194ea92cf92086d22a6fc79fbdfad9ad729cb2e3cf5dca1f3

Download Submit
C:\Windows\system\CfxMyuE.exe

Filesize
6.0MB

MD5
cb08ab18b51f6d03a475c2cda1953d31

SHA1
d296497e5c35a084e2d491251b7093ab7b02646f

SHA256
22ca86887ca0ce57678f5df738d8739c43951f7dcb4435a5181b89e3a651f159

SHA512
78d56fdd43e51d0fafefa70e0b4a8d790ed23433fa861db264dd7744cb0998c83e7c812c46e9db03837793129815a017bb9f354a278da17618151eadfcad3206

Download Submit
C:\Windows\system\IzDFcCG.exe

Filesize
6.0MB

MD5
97b686799e69f586245f9820bb0286b3

SHA1
2dba4f7af1df85c2a1d97e5339cc7270e9ff609b

SHA256
319fbb459f7d6a372399d557fb42c393a1063998c854c82b661a561a56203c45

SHA512
053e2b6a0520c09ba0bf3fb90d2ddf164f9c7a86597e7debfacd08db63232a319a29a16b6e36b47a824663aaa46b89a9ef5b1e5a07a9f6afea57fb0a7099dd05

Download Submit
C:\Windows\system\LrLmeCN.exe

Filesize
6.0MB

MD5
5565106c19584af1d6ecdcc0883804af

SHA1
89b806c8afbe47103f8f35b2cb8a10a947c9c110

SHA256
02d14329cae54de95b06d424b8dc83e9fc42cf3203d59ce01e3c0548ff4344c2

SHA512
5128f9d959211e0c74442dc578387fcd5783de44a53f695f89d2eb5c3fcf0a68a4f80a85ae845073049530926d19cd29859b8ba0fd86d6f7babd246eed3aa048

Download Submit
C:\Windows\system\NfyyDxI.exe

Filesize
6.0MB

MD5
1c45a10887345e07ea034aaf5e6f5515

SHA1
42018935dafca6f5875b5fcccda83b40f21901a1

SHA256
fba466604fc4c8341b0264f1966cf83c698fc7e9399bd8c3a4226f9cacc2eed9

SHA512
4245ee5ed27bb6e1d5b712b832954174ee0645c49b2b47ce26f4f7739a8c1d2579a716a5155429a6914742d2048702277fa67b9206db64d5164d8bc38dda2cc1

Download Submit
C:\Windows\system\OSdcEtG.exe

Filesize
6.1MB

MD5
9d4669787ad54ddd8f5454b30ab78082

SHA1
9872369269c5ae1f90900a620a6398d8b3e14fe8

SHA256
b67436daee7d74fc0321e7333819e1bc0ff58c9849d7d1bae03035f8a163526a

SHA512
e71dbc25c5608cc28655843b84eadc7ebd474fd5595d9061612f6dc99c72743fd0917b4a85b7a9a5728894f0d2e41193d53bf6eef3130e0ca95422ffd34d2b14

Download Submit
C:\Windows\system\OpDFThc.exe

Filesize
6.0MB

MD5
c311d61ba675ea9f14acbe53cda3bb0f

SHA1
d5fb4837633e33463a8bd452728426cf3e86ac9d

SHA256
45dfd7f853ecd1ba2cac638cd48b6b8ee6df4f3512affc01e1d67dd8fa464ad2

SHA512
955b9a85284ac753c7da71507d9c17af0c5f09fe91fd31f9e6a8a2a9eabb662d94b34e47b8519ad10b159fbf44f5a9319df105d3fbfebe5763588aa0578c8b4b

Download Submit
C:\Windows\system\PUiyGhP.exe

Filesize
6.1MB

MD5
62ec1b769f7d610e9d76e45a34c5ad1e

SHA1
39d5bccdba15f52aff71489908ace26c06aefe85

SHA256
717addc8c3dced7b753bf0eee0996135f0bfb10bab8b4c287aa4438d2cfe7917

SHA512
de2cd115d3782e8a51183b54652637aa4cf5f9a792268b79121960ff7731b56ef80d658c9163975a2b80d4fad8290bde266a9d1224dda984a524ec22e7c0d9af

Download Submit
C:\Windows\system\RDReVwn.exe

Filesize
6.1MB

MD5
e9ae4bff231ef7c620165f686f8d702b

SHA1
21b501966434c9942ca454c6f435a0814c356d39

SHA256
4f0fd40a520e7b832c03f05bfa68e4a997317a4dc945337560a97fed3fa422e2

SHA512
c90a58534df757a68f0bb1dcbc1d29b185b1cc638fae333be595a604f1158af013132d14b5142683de3ff7e482e69e1e5895985538a701c43286af86faacba02

Download Submit
C:\Windows\system\RPWBAjk.exe

Filesize
6.0MB

MD5
5ba2a7f70de7287d45e16d14f8ad5d0a

SHA1
19407b5a32199570b1e9256636daf9516a7e46d8

SHA256
480af5fa4ec3e2e30fc52853a8855408f5a0ce8ccf3634b0aaa986eb1e3b71f4

SHA512
5e56ba052884d718e83b4da7a45dcc5ae429996336d3f66efbe7076f85603b4b8fab314a449219d3b1cfc54c56228f5d75c42536db2d624f69cf4ffc90d6a634

Download Submit
C:\Windows\system\SFhsjBp.exe

Filesize
6.1MB

MD5
d8d3bdfdc95153d0d956f7d69ace4141

SHA1
83355d0838b871841834e1a2118d3d0444841a7a

SHA256
170246997ab4770959e5b98ccfd2233488f7198ec778a79f073ab3c01ef27dcc

SHA512
8c0908ae52c6ca0730c288eef86c280d231a59feae9c428d7926b69522fe0d984d20051129911937e95aba687d52e0fc044e70c317817ddeff07f031d63c7edc

Download Submit
C:\Windows\system\UfSvvFZ.exe

Filesize
6.0MB

MD5
84df6ab86dfa6889ae54e4e0ab7fdb87

SHA1
2a2f093201fcc7873cb1f34621738fd5bc2194aa

SHA256
217fe48d888d2923585196668d80b864c9097f3a0cd57f88b2fe3b9dbf1a1ddc

SHA512
4b5ceb6d65db2e2ed376759ce441f798618a57b5588eca511f1209c6aeef539ddb3b29689bfa55413b5c4945a58a35b1baa0fee9d55bf4dfa59c34b3b9001d26

Download Submit
C:\Windows\system\aMeQueo.exe

Filesize
6.0MB

MD5
e5a030951184a1be1b16b10539e233df

SHA1
fadc5b5966c605bc70ea4bba12b5526bd944d6c1

SHA256
6809ff68c14e9b87e7386298a1df9d93625c851318588ea23486933178c7335b

SHA512
030d98815ddb4a8c5eff8d960ad658004763667de0d0affaf4e9b20a1792560ce503a2d1696900a0e9c4104cabf323fba9ab733163819a43e6f48aef28a48378

Download Submit
C:\Windows\system\anzEqWw.exe

Filesize
6.0MB

MD5
8f48ed2b071dd31617955ed81ddbf0af

SHA1
c6b4cacf6a289628e8f28934cecf860dad8a248a

SHA256
aee51e6c76760c195441af90abf79cabfc43bf91012762bb9f106d883d7ccc5e

SHA512
9435bd7101923a09988a0d62057e9cf1932665bdbdf751ec60864f86474e1fbe987894e9854c2fc53935bbb01b1f7e6cb4a7ffa9138fb617437348914a628a92

Download Submit
C:\Windows\system\bRValQc.exe

Filesize
6.0MB

MD5
a3fb6f46bb8c811a7aedfdffddbae532

SHA1
29e7459bbb12a8b99731a1be5209a85b5347920d

SHA256
08ad0563a691d608be2898e585dc9b51e3d8355425d81f4cc1bbcfd90bd97986

SHA512
ea4272b4f1cc7ccbd6c5c4cc6567072d6ad0fd123b4ae85c525d506254921c33b65ecc182e17d85b31b612cfb958f7f324d4cd744ef375c0959afa4ca645b6b5

Download Submit
C:\Windows\system\cZsagmJ.exe

Filesize
6.1MB

MD5
e5649f452203cd6e49b523dd5f859c3b

SHA1
664f6a0e79ed2a604469dfb749b357058856bfb5

SHA256
bf7336e195f3be0c8fe697d492e465ea6f9d56713b491e639ecbc1bd3652c682

SHA512
3b933fdbb72cc9aacd115dfe140c443c8effc17266ed2b5173e224396cdb519e3140ed666b0c5b6099011f3d6efcbe769365d3b28dfabd37a4366fccabe68991

Download Submit
C:\Windows\system\fdUdqxe.exe

Filesize
6.0MB

MD5
56e229bae34dd1e31b07b19306b9f7e0

SHA1
2938e4d2db945fa0aa88e52e040be6a70cc57a29

SHA256
a3cff49819398c2e02256f4e11df7a0d068f2448a8bde19d0ca468a282ba2926

SHA512
1269b567f6f71a5665aa7e10c0b7c0845fc72c63fd5360da30d017f018f06f7737a62cc40dfbb39854fbe5d1511dfe88e3afcf78a76d2ade0f1ab9e3222219f5

Download Submit
C:\Windows\system\gRhizIv.exe

Filesize
6.1MB

MD5
27bdf14578b5f145e298cc95608d545a

SHA1
8438e4c0509a3ab7c107c6dff6bdcb7f2c861e7b

SHA256
90721f9191bda1f016b7517d25fba3dc7079be910130928d8d2bf5109c18ee1f

SHA512
c2375400ab72eceb2d474c84ca401af02f9f19181cc2d12ced7946f2dd829690317f8bb53f1dc3fb4cf9f2fdceb7b25c490c762bb788edaecaf4325746bf10a3

Download Submit
C:\Windows\system\geTpPnM.exe

Filesize
6.0MB

MD5
8e21c29b2c754b1bc4b26c122f1951b7

SHA1
2e0788f862ad27a2570fa684e70966eeac161341

SHA256
388095de2a0bed51fccf5651bfa2d3d2896e859ed6209cc963d57e55f9751862

SHA512
4f0ed7a17db9d3f862ef6e649b2759775cec4f67d34a5cd3977f6c8061570be65ae7d42e98efee3726cbe29fa223c2734df13b7c0280945d4fe348adf783913e

Download Submit
C:\Windows\system\kHAxGaO.exe

Filesize
6.0MB

MD5
2b87964b6e03854991a5ffdf867e4773

SHA1
f7ab1d63e6e09ed3baf46c06e5fa28a1e02b4928

SHA256
8c815c2aa25a1e364a68aa2797da1d23e6e8133f4ab4e4e80954f96b733497ed

SHA512
20c24fb9c9d715ed13b71226c58533c01cf8cd56f7f31664a8cb9df9e440689f0044547b732935c3f0cb06d75dd6f2c0271b9d2625fa4a197792d9317c32e0b7

Download Submit
C:\Windows\system\mkJdJTF.exe

Filesize
6.0MB

MD5
1e456aa1f30d9c4c3ffedd28b7eb69be

SHA1
e8f0d902b1fadac57f28eb2dcdb908f088252929

SHA256
051f7b6dc33beee1bb780b83a0c8dfc5af5bfc328782d7f2e6203302c49940d8

SHA512
0a4c7fd1e89daf24d6b1b7035c98b554b24a9cd28d1e3602e547af2dc4840ebbe6733d4cd45cf99214209f65d1cedc069d41a92eaf3c95d303cc7fbbd1cebac6

Download Submit
C:\Windows\system\mzufpYP.exe

Filesize
6.0MB

MD5
20a4f8711bdc83285df56a775790ef39

SHA1
3b1685f13f703e2763771634a58204ecebba0985

SHA256
f04cf33b788094dd198aa388f83b04e23058404b82dfee444a97cda73c8cf820

SHA512
c8c5305b1a945bc180a36fdaaa389e6b55e605864b86fba26a81e2e75b0ff287b83efb38b6ec9f9a698bb4582c4c79f3ac12f11fef7d8188ec108b6d9ad61aaf

Download Submit
C:\Windows\system\naePnNw.exe

Filesize
6.0MB

MD5
e8b98e4d0c4d551589813b93a9dd1b52

SHA1
017d266a1ecf1f665df66d67cea0c80d405aac00

SHA256
a27d53ddd8b78176b2b00d96ce24ae6e18e756f508b4283b1eca234ffa0952c5

SHA512
53c52b0031c80f9f32c21b208433c33b31daa459473abbd92c468b0169eba7f98bb4d545f543b8cb45541e9d1ff26774044ffc0a1eed003245ffb0f19ac2334d

Download Submit
C:\Windows\system\tOAVrvb.exe

Filesize
6.1MB

MD5
f2772d5d8bad3b48155224a5a4e4ccc5

SHA1
49adc68199a0f4f3af60c8a2d08a0bd6d9a5ec82

SHA256
f5d7a912bc4979bc731b085d2da51fe31ab7a7235008470c0af3a546f13df829

SHA512
71aba3352ace54b8c679e845e1b693aba79ffe428ecb7f40855e459fe4900517b2db8f314b9b9d3f663be816f90cf1ba219ba6097821f3479b2ba337cd15394b

Download Submit
C:\Windows\system\wwiPkkn.exe

Filesize
8B

MD5
4cff11d7a63b8eda00b8212eb73a61a6

SHA1
55212ccbd9de958423f1cb94b8b389d82140d27f

SHA256
3b12337388462d596724179cdce820569844bbc48886e6121bcf67be780279cb

SHA512
53c56096c560c0ee3c5d21d73a1c1995262abc0ce37d00af3bd2404d0acc56897f05f101b26927846d3f0bfb68c4ead4d47e00ef4f1aa04a15656d0c3c91c15f

Download Submit
C:\Windows\system\zAPmOag.exe

Filesize
6.1MB

MD5
0804c107508963c18555d6b17fb87983

SHA1
f348078ce2e22bb2f100f39a19c8e3dfdbf6f0ff

SHA256
d71fd686f3d6098aee1f5efd0521a511b4dd20e86a9388e28847115a47970225

SHA512
b95463fed94694336ec1c9ccac5d1b585fe3e35ebe9d80d4b472001586b2a048e0e4394a3149d4e9b31a506dab299667ca89daeb4b5897148f5aa8be60a71b5c

Download Submit
\Windows\system\KuAhbDY.exe

Filesize
6.0MB

MD5
44deddd5ca7c44b30b7007beea38be9f

SHA1
4868ec64a4385a2faf4e20c4df47ccfff36105f2

SHA256
b58c6f4293772694bfacef49a6f00ce69240cc896e853020637685b1f73fcaad

SHA512
e201c6040ebcecaa0f101f11ea793c59c9c5d812d393d9eb317e7ee099696b9fc0f10c24a60157a67582c745fa6412420cf1743df0498bcb85aaf082ff30661a

Download Submit
\Windows\system\XUDUlBE.exe

Filesize
6.0MB

MD5
9e266c3f1a1d648dfccd557884985784

SHA1
da2f28438e38a3b5b169b0994cc5386fed7f0a08

SHA256
a47d13800dd8a5db9e348151c7b28be6b603ce07c236a9519456261967ff2892

SHA512
db5028f451cd7b27a6e8d6183ca430fe27f531ab0492befa5d34b6b862429af35ba9dab65a3d872a92309d50450bdedb2e0ee655db24ee46265fad538a932f90

Download Submit
\Windows\system\ZqHTdvV.exe

Filesize
6.0MB

MD5
57f2485448198f7ca6a66b51009d02e1

SHA1
0a007fd4a5bf0cb02472e11bc1c6ec9e95e24377

SHA256
239c684868d104aff8737e0ee9cd58cf20593a91d36d3b1d12ac1ceedd2ddd57

SHA512
25c1216e09080f4b8e5259b63fb23ed142892589b6e42ecd2edcc62639543850fb1caa249d74365c2573128d6d9f9b812a9f1ba9c75b685848592a95267c30e6

Download Submit
\Windows\system\dBiVvgF.exe

Filesize
6.0MB

MD5
4d428c4914624a9f0c27b69993e473de

SHA1
b3b336c54d3a6969cd7b3b9c0fd0d32168f77cb2

SHA256
dbb1d0be7dd9008be54eb749ff5447d370787df9357bbdd0ace584c76b10fd90

SHA512
b50e7c8fab1c33f4fe9dd2ce409dd76d90e3cd2a6c5ca4638468ca3450b68b93dafbf5131cad39d4ec3ed747a6feb717b3b3fd325b5784fea818ec064a4de6b7

Download Submit
\Windows\system\zkYdybS.exe

Filesize
6.0MB

MD5
53e8d05463a9dbb18d3631337d88748d

SHA1
af4a4b8d4240981ac5b4b617b9ba2184715ee434

SHA256
3d39c3fddc00e58687a26ab3e6532df47af8b54e3f3bbf3070d7f6f4bd4b457e

SHA512
2c0cdc745355c2fb692ae4b6fab536f3ec0bb27722b9b008e2b3d07141f2e11eedbd6796cc9a5df106b70dcb74ee07273ce4d4e9d8ba240294184580416bf5cd

Download Submit
\Windows\system\zmDKmji.exe

Filesize
6.0MB

MD5
cc0c5a5aff62899e4429d96e90147193

SHA1
a7f5a777f6e27198eaa703951078d10ba83b82d0

SHA256
89210df3f9204944858de153645bd42d876e0f2946893dc62a0212c060a881c4

SHA512
bf350b83b4b04e74068a85ba39d5d0ee341cf17cc8f3404f0fc6047eac0e8b55675f236fbc9b712c18400e807cbc747e652389918082390e98a07bfbfb4e6625

Download Submit
memory/956-54-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/956-34-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/956-101-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/956-6-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/956-73-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/956-81-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/956-0-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/956-64-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/956-100-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/956-781-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/956-24-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/956-15-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/956-29-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/956-109-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/956-40-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/956-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/956-46-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/956-974-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/956-306-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/956-624-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/956-111-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/956-92-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/980-19-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/980-3411-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/980-58-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/1712-3454-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/1712-96-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/1712-726-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/1800-3470-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/1800-106-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/1800-881-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/1972-3425-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/1972-37-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-432-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2264-85-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2264-3465-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2276-17-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-53-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-3375-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-27-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-69-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-3378-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-78-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2644-3453-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2644-110-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2656-3452-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-59-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-105-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-3455-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-88-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-526-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-50-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2768-95-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2768-3456-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2776-83-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2776-3407-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2776-35-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2900-87-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-3395-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-44-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-82-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-3476-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download