cobaltstrike | dfe8788da567a4ce086de4f46f4932354383b3b7562f54115c833aa88b03acdb

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-01-2025 03:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

02f2db0146043f897c0e07b0e9f9d851
SHA1

cc1ae2baf941092a34a9b2051a81c9b164448d4a
SHA256

dfe8788da567a4ce086de4f46f4932354383b3b7562f54115c833aa88b03acdb
SHA512

b74688f8831f96e5a8c7646c12f2d98d1ccb279da0d5bdbf2dc450660bea4870297cd0ab6b4b61e5fa099825e30c2926e8001b5129181d7e5f9f617c635461b5
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUL:T+q56utgpPF8u/7L

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012101-6.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174bf-7.dat	cobalt_reflective_dll
behavioral1/files/0x0016000000018657-9.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001867d-22.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001878d-31.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000191fd-46.dat	cobalt_reflective_dll
behavioral1/files/0x0032000000017474-79.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d20-71.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a067-118.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07b-123.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a301-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42f-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46a-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49c-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48c-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48e-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a434-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a431-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42b-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a345-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0a1-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fb9-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019db8-104.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f9f-108.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d44-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019da4-94.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c53-58.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3a-56.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000190c9-44.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000190c6-38.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2892-0-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x0007000000012101-6.dat	xmrig
behavioral1/files/0x00080000000174bf-7.dat	xmrig
behavioral1/memory/2836-14-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2820-15-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/files/0x0016000000018657-9.dat	xmrig
behavioral1/memory/2688-21-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/files/0x000700000001867d-22.dat	xmrig
behavioral1/memory/1904-27-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/files/0x000600000001878d-31.dat	xmrig
behavioral1/memory/2576-35-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/files/0x00080000000191fd-46.dat	xmrig
behavioral1/memory/2584-62-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/824-83-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/files/0x0032000000017474-79.dat	xmrig
behavioral1/files/0x0005000000019d20-71.dat	xmrig
behavioral1/files/0x000500000001a067-118.dat	xmrig
behavioral1/files/0x000500000001a07b-123.dat	xmrig
behavioral1/files/0x000500000001a301-133.dat	xmrig
behavioral1/files/0x000500000001a42f-153.dat	xmrig
behavioral1/files/0x000500000001a46a-168.dat	xmrig
behavioral1/files/0x000500000001a49a-183.dat	xmrig
behavioral1/memory/1848-438-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/1996-851-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2012-913-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2892-1171-0x0000000002210000-0x0000000002564000-memory.dmp	xmrig
behavioral1/memory/2584-317-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2768-316-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2468-315-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/files/0x000500000001a49c-188.dat	xmrig
behavioral1/files/0x000500000001a48c-174.dat	xmrig
behavioral1/files/0x000500000001a48e-177.dat	xmrig
behavioral1/files/0x000500000001a434-163.dat	xmrig
behavioral1/files/0x000500000001a431-158.dat	xmrig
behavioral1/files/0x000500000001a42d-149.dat	xmrig
behavioral1/files/0x000500000001a42b-143.dat	xmrig
behavioral1/files/0x000500000001a345-138.dat	xmrig
behavioral1/files/0x000500000001a0a1-128.dat	xmrig
behavioral1/files/0x0005000000019fb9-113.dat	xmrig
behavioral1/files/0x0005000000019db8-104.dat	xmrig
behavioral1/memory/1904-99-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019f9f-108.dat	xmrig
behavioral1/memory/1996-90-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d44-89.dat	xmrig
behavioral1/memory/2892-88-0x0000000002210000-0x0000000002564000-memory.dmp	xmrig
behavioral1/memory/2396-87-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2012-95-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/files/0x0005000000019da4-94.dat	xmrig
behavioral1/memory/2892-92-0x0000000002210000-0x0000000002564000-memory.dmp	xmrig
behavioral1/memory/3012-67-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2892-66-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/1848-64-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c53-58.dat	xmrig
behavioral1/memory/2768-57-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c3a-56.dat	xmrig
behavioral1/memory/2468-51-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/files/0x00070000000190c9-44.dat	xmrig
behavioral1/files/0x00070000000190c6-38.dat	xmrig
behavioral1/memory/2820-4036-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2688-4037-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/1904-4038-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2576-4039-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/3012-4040-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2768-4042-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2836	LlzrFOK.exe
2820	RJpjnlq.exe
2688	HVVdBjb.exe
1904	PMGzhEA.exe
2576	wpjINXf.exe
3012	FQnFavX.exe
2468	OTVsBGk.exe
2768	cCnemaj.exe
2584	tXWFiMj.exe
1848	fmEgalt.exe
824	BuWgMYe.exe
2396	zpEMQYX.exe
1996	GxLVENj.exe
2012	kkiEyUh.exe
2276	OaKcsvq.exe
920	SCvFvnO.exe
2616	rIIuJUC.exe
2252	uiPbBEV.exe
328	gLMPABA.exe
1968	kJRtXbe.exe
2300	KqojmGI.exe
2176	bpYHJca.exe
1936	WfOpPuf.exe
1412	imLiNFd.exe
1448	qXfdXQD.exe
2412	ssqsXPx.exe
828	LqeAAsz.exe
620	xHhmCzV.exe
2516	dfpxzsA.exe
912	ccNGqwZ.exe
2912	gLUrlou.exe
2428	soXLbDf.exe
348	jWumpEl.exe
1608	evoZJxz.exe
1032	MvUDJIH.exe
2308	PTIGUGp.exe
1784	zGeuRig.exe
2436	GaSYvkv.exe
2988	bwkciVF.exe
2464	tOPsorv.exe
2156	OKQuxNx.exe
2100	TfelzeL.exe
2064	kvKmWtk.exe
1468	ujyzIKX.exe
2508	lSkcZVc.exe
1096	kuNvOxY.exe
896	pMnbuzw.exe
1776	KZAtIOc.exe
2272	bIyFRmT.exe
3020	znFiIIQ.exe
1216	fRvninb.exe
1528	sUXMHal.exe
2812	RQlbwOh.exe
2568	aCXpjLB.exe
2720	XyxWhGv.exe
2620	nROhshy.exe
1668	cOnNwJd.exe
2244	LZIuYtL.exe
2124	FXanGtB.exe
2024	ZURkJze.exe
1696	kfdAusK.exe
2532	MsHmmnn.exe
1008	OEIcIse.exe
2116	sxLyFjG.exe

Loads dropped DLL 64 IoCs

pid	Process
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2892-0-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/files/0x0007000000012101-6.dat	upx
behavioral1/files/0x00080000000174bf-7.dat	upx
behavioral1/memory/2836-14-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2820-15-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/files/0x0016000000018657-9.dat	upx
behavioral1/memory/2688-21-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/files/0x000700000001867d-22.dat	upx
behavioral1/memory/1904-27-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/files/0x000600000001878d-31.dat	upx
behavioral1/memory/2576-35-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/files/0x00080000000191fd-46.dat	upx
behavioral1/memory/2584-62-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/824-83-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/files/0x0032000000017474-79.dat	upx
behavioral1/files/0x0005000000019d20-71.dat	upx
behavioral1/files/0x000500000001a067-118.dat	upx
behavioral1/files/0x000500000001a07b-123.dat	upx
behavioral1/files/0x000500000001a301-133.dat	upx
behavioral1/files/0x000500000001a42f-153.dat	upx
behavioral1/files/0x000500000001a46a-168.dat	upx
behavioral1/files/0x000500000001a49a-183.dat	upx
behavioral1/memory/1848-438-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/1996-851-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2012-913-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2584-317-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2768-316-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2468-315-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/files/0x000500000001a49c-188.dat	upx
behavioral1/files/0x000500000001a48c-174.dat	upx
behavioral1/files/0x000500000001a48e-177.dat	upx
behavioral1/files/0x000500000001a434-163.dat	upx
behavioral1/files/0x000500000001a431-158.dat	upx
behavioral1/files/0x000500000001a42d-149.dat	upx
behavioral1/files/0x000500000001a42b-143.dat	upx
behavioral1/files/0x000500000001a345-138.dat	upx
behavioral1/files/0x000500000001a0a1-128.dat	upx
behavioral1/files/0x0005000000019fb9-113.dat	upx
behavioral1/files/0x0005000000019db8-104.dat	upx
behavioral1/memory/1904-99-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/files/0x0005000000019f9f-108.dat	upx
behavioral1/memory/1996-90-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/files/0x0005000000019d44-89.dat	upx
behavioral1/memory/2396-87-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2012-95-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/files/0x0005000000019da4-94.dat	upx
behavioral1/memory/3012-67-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2892-66-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/1848-64-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/files/0x0005000000019c53-58.dat	upx
behavioral1/memory/2768-57-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x0005000000019c3a-56.dat	upx
behavioral1/memory/2468-51-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/files/0x00070000000190c9-44.dat	upx
behavioral1/files/0x00070000000190c6-38.dat	upx
behavioral1/memory/2820-4036-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2688-4037-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/1904-4038-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2576-4039-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/3012-4040-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2768-4042-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2468-4041-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/1848-4043-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2584-4044-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\nHxnhHQ.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xhEppeh.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KryOBgC.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ysIfrvj.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dEJuWbH.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BwumXkH.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\epMdgDQ.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pKpYlJw.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NyFwKGM.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YyCgyzX.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AeeNzrp.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iabxvAP.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YXgJnvd.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KxiZFMg.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PGZHBPU.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ceUeoml.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cXOSBsy.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Onhyycx.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\isWJZTH.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bIpGHqd.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YPIIuwr.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KkDyAya.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\soXLbDf.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cCnemaj.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BiAPpQt.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZHqQzcq.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZJgqKun.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MhnGyPk.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gcJQWFU.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JCVpXxy.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cXmeHTM.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TQjsHNo.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wqzBIHY.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GTlSsqc.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BUTdKEn.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZEWMjqy.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hAIWfUo.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ftufWWi.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FGramZF.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iivyNHL.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LRYgIwN.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ejbVlKJ.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gfeJDVH.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cOEnWko.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mTOHrCo.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ClmwJio.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GFZGUMg.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jURrcMz.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WbncKok.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wFBHkAo.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tzQLfDv.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rfcHDgV.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\adOToYu.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZplZyLd.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GNYRuRM.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\evoZJxz.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MOPUEcD.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qsLzTyk.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kXuiwBA.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dHlUyKS.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\znddNtC.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dEWJipx.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uBCWkQI.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vzITeTM.exe	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2892 wrote to memory of 2836	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2892 wrote to memory of 2836	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2892 wrote to memory of 2836	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2892 wrote to memory of 2820	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2892 wrote to memory of 2820	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2892 wrote to memory of 2820	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2892 wrote to memory of 2688	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2892 wrote to memory of 2688	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2892 wrote to memory of 2688	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2892 wrote to memory of 1904	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2892 wrote to memory of 1904	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2892 wrote to memory of 1904	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2892 wrote to memory of 2576	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2892 wrote to memory of 2576	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2892 wrote to memory of 2576	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2892 wrote to memory of 3012	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2892 wrote to memory of 3012	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2892 wrote to memory of 3012	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2892 wrote to memory of 2468	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2892 wrote to memory of 2468	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2892 wrote to memory of 2468	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2892 wrote to memory of 2768	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2892 wrote to memory of 2768	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2892 wrote to memory of 2768	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2892 wrote to memory of 2584	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2892 wrote to memory of 2584	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2892 wrote to memory of 2584	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2892 wrote to memory of 1848	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2892 wrote to memory of 1848	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2892 wrote to memory of 1848	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2892 wrote to memory of 824	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2892 wrote to memory of 824	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2892 wrote to memory of 824	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2892 wrote to memory of 2396	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2892 wrote to memory of 2396	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2892 wrote to memory of 2396	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2892 wrote to memory of 1996	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2892 wrote to memory of 1996	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2892 wrote to memory of 1996	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2892 wrote to memory of 2012	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2892 wrote to memory of 2012	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2892 wrote to memory of 2012	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2892 wrote to memory of 2276	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2892 wrote to memory of 2276	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2892 wrote to memory of 2276	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2892 wrote to memory of 920	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2892 wrote to memory of 920	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2892 wrote to memory of 920	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2892 wrote to memory of 2616	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2892 wrote to memory of 2616	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2892 wrote to memory of 2616	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2892 wrote to memory of 2252	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2892 wrote to memory of 2252	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2892 wrote to memory of 2252	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2892 wrote to memory of 328	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2892 wrote to memory of 328	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2892 wrote to memory of 328	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2892 wrote to memory of 1968	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2892 wrote to memory of 1968	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2892 wrote to memory of 1968	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2892 wrote to memory of 2300	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2892 wrote to memory of 2300	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2892 wrote to memory of 2300	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2892 wrote to memory of 2176	2892	2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-25_02f2db0146043f897c0e07b0e9f9d851_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Windows\System\LlzrFOK.exe
  C:\Windows\System\LlzrFOK.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\RJpjnlq.exe
  C:\Windows\System\RJpjnlq.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\HVVdBjb.exe
  C:\Windows\System\HVVdBjb.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\PMGzhEA.exe
  C:\Windows\System\PMGzhEA.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\wpjINXf.exe
  C:\Windows\System\wpjINXf.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\FQnFavX.exe
  C:\Windows\System\FQnFavX.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\OTVsBGk.exe
  C:\Windows\System\OTVsBGk.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\cCnemaj.exe
  C:\Windows\System\cCnemaj.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\tXWFiMj.exe
  C:\Windows\System\tXWFiMj.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\fmEgalt.exe
  C:\Windows\System\fmEgalt.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\BuWgMYe.exe
  C:\Windows\System\BuWgMYe.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\zpEMQYX.exe
  C:\Windows\System\zpEMQYX.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\GxLVENj.exe
  C:\Windows\System\GxLVENj.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\kkiEyUh.exe
  C:\Windows\System\kkiEyUh.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\OaKcsvq.exe
  C:\Windows\System\OaKcsvq.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\SCvFvnO.exe
  C:\Windows\System\SCvFvnO.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\rIIuJUC.exe
  C:\Windows\System\rIIuJUC.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\uiPbBEV.exe
  C:\Windows\System\uiPbBEV.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\gLMPABA.exe
  C:\Windows\System\gLMPABA.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\kJRtXbe.exe
  C:\Windows\System\kJRtXbe.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\KqojmGI.exe
  C:\Windows\System\KqojmGI.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\bpYHJca.exe
  C:\Windows\System\bpYHJca.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\WfOpPuf.exe
  C:\Windows\System\WfOpPuf.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\imLiNFd.exe
  C:\Windows\System\imLiNFd.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\qXfdXQD.exe
  C:\Windows\System\qXfdXQD.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\ssqsXPx.exe
  C:\Windows\System\ssqsXPx.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\LqeAAsz.exe
  C:\Windows\System\LqeAAsz.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\xHhmCzV.exe
  C:\Windows\System\xHhmCzV.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\dfpxzsA.exe
  C:\Windows\System\dfpxzsA.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\ccNGqwZ.exe
  C:\Windows\System\ccNGqwZ.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\gLUrlou.exe
  C:\Windows\System\gLUrlou.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\soXLbDf.exe
  C:\Windows\System\soXLbDf.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\jWumpEl.exe
  C:\Windows\System\jWumpEl.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\evoZJxz.exe
  C:\Windows\System\evoZJxz.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\MvUDJIH.exe
  C:\Windows\System\MvUDJIH.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\PTIGUGp.exe
  C:\Windows\System\PTIGUGp.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\zGeuRig.exe
  C:\Windows\System\zGeuRig.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\GaSYvkv.exe
  C:\Windows\System\GaSYvkv.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\bwkciVF.exe
  C:\Windows\System\bwkciVF.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\tOPsorv.exe
  C:\Windows\System\tOPsorv.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\OKQuxNx.exe
  C:\Windows\System\OKQuxNx.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\TfelzeL.exe
  C:\Windows\System\TfelzeL.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\kvKmWtk.exe
  C:\Windows\System\kvKmWtk.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\ujyzIKX.exe
  C:\Windows\System\ujyzIKX.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\lSkcZVc.exe
  C:\Windows\System\lSkcZVc.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\kuNvOxY.exe
  C:\Windows\System\kuNvOxY.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\pMnbuzw.exe
  C:\Windows\System\pMnbuzw.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\KZAtIOc.exe
  C:\Windows\System\KZAtIOc.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\bIyFRmT.exe
  C:\Windows\System\bIyFRmT.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\znFiIIQ.exe
  C:\Windows\System\znFiIIQ.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\fRvninb.exe
  C:\Windows\System\fRvninb.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\sUXMHal.exe
  C:\Windows\System\sUXMHal.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\RQlbwOh.exe
  C:\Windows\System\RQlbwOh.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\aCXpjLB.exe
  C:\Windows\System\aCXpjLB.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\XyxWhGv.exe
  C:\Windows\System\XyxWhGv.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\nROhshy.exe
  C:\Windows\System\nROhshy.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\cOnNwJd.exe
  C:\Windows\System\cOnNwJd.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\LZIuYtL.exe
  C:\Windows\System\LZIuYtL.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\FXanGtB.exe
  C:\Windows\System\FXanGtB.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\ZURkJze.exe
  C:\Windows\System\ZURkJze.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\kfdAusK.exe
  C:\Windows\System\kfdAusK.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\MsHmmnn.exe
  C:\Windows\System\MsHmmnn.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\OEIcIse.exe
  C:\Windows\System\OEIcIse.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\sxLyFjG.exe
  C:\Windows\System\sxLyFjG.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\SBMoWpl.exe
  C:\Windows\System\SBMoWpl.exe
  2⤵
  PID:3056
- C:\Windows\System\pFpOGZM.exe
  C:\Windows\System\pFpOGZM.exe
  2⤵
  PID:2088
- C:\Windows\System\wFqrAMT.exe
  C:\Windows\System\wFqrAMT.exe
  2⤵
  PID:1416
- C:\Windows\System\qqpcNUf.exe
  C:\Windows\System\qqpcNUf.exe
  2⤵
  PID:2060
- C:\Windows\System\aDumJfH.exe
  C:\Windows\System\aDumJfH.exe
  2⤵
  PID:2356
- C:\Windows\System\Onhyycx.exe
  C:\Windows\System\Onhyycx.exe
  2⤵
  PID:1224
- C:\Windows\System\KzJcYuz.exe
  C:\Windows\System\KzJcYuz.exe
  2⤵
  PID:1316
- C:\Windows\System\lTcwMqw.exe
  C:\Windows\System\lTcwMqw.exe
  2⤵
  PID:2260
- C:\Windows\System\fxPXajx.exe
  C:\Windows\System\fxPXajx.exe
  2⤵
  PID:1232
- C:\Windows\System\thqtWpK.exe
  C:\Windows\System\thqtWpK.exe
  2⤵
  PID:1984
- C:\Windows\System\wKGRjdJ.exe
  C:\Windows\System\wKGRjdJ.exe
  2⤵
  PID:2084
- C:\Windows\System\fHmnhNw.exe
  C:\Windows\System\fHmnhNw.exe
  2⤵
  PID:1872
- C:\Windows\System\OCfKTdQ.exe
  C:\Windows\System\OCfKTdQ.exe
  2⤵
  PID:2948
- C:\Windows\System\hpIYRrm.exe
  C:\Windows\System\hpIYRrm.exe
  2⤵
  PID:2872
- C:\Windows\System\NPdSoBi.exe
  C:\Windows\System\NPdSoBi.exe
  2⤵
  PID:1792
- C:\Windows\System\MdplDqr.exe
  C:\Windows\System\MdplDqr.exe
  2⤵
  PID:3000
- C:\Windows\System\jURrcMz.exe
  C:\Windows\System\jURrcMz.exe
  2⤵
  PID:1424
- C:\Windows\System\IGGpdap.exe
  C:\Windows\System\IGGpdap.exe
  2⤵
  PID:1440
- C:\Windows\System\mBqjWSU.exe
  C:\Windows\System\mBqjWSU.exe
  2⤵
  PID:2140
- C:\Windows\System\BFCTPiZ.exe
  C:\Windows\System\BFCTPiZ.exe
  2⤵
  PID:1532
- C:\Windows\System\hrxHXWQ.exe
  C:\Windows\System\hrxHXWQ.exe
  2⤵
  PID:2796
- C:\Windows\System\jXnPIFn.exe
  C:\Windows\System\jXnPIFn.exe
  2⤵
  PID:1676
- C:\Windows\System\PgUuCUN.exe
  C:\Windows\System\PgUuCUN.exe
  2⤵
  PID:2416
- C:\Windows\System\qsLzTyk.exe
  C:\Windows\System\qsLzTyk.exe
  2⤵
  PID:1612
- C:\Windows\System\oXFuWEI.exe
  C:\Windows\System\oXFuWEI.exe
  2⤵
  PID:2020
- C:\Windows\System\axAasdk.exe
  C:\Windows\System\axAasdk.exe
  2⤵
  PID:2900
- C:\Windows\System\qkmiVww.exe
  C:\Windows\System\qkmiVww.exe
  2⤵
  PID:1456
- C:\Windows\System\KGFZfNl.exe
  C:\Windows\System\KGFZfNl.exe
  2⤵
  PID:1584
- C:\Windows\System\PJpZvpO.exe
  C:\Windows\System\PJpZvpO.exe
  2⤵
  PID:2056
- C:\Windows\System\vdADAkm.exe
  C:\Windows\System\vdADAkm.exe
  2⤵
  PID:556
- C:\Windows\System\fITYUeU.exe
  C:\Windows\System\fITYUeU.exe
  2⤵
  PID:924
- C:\Windows\System\gjziKet.exe
  C:\Windows\System\gjziKet.exe
  2⤵
  PID:2908
- C:\Windows\System\FPZQleb.exe
  C:\Windows\System\FPZQleb.exe
  2⤵
  PID:1280
- C:\Windows\System\MOLSIVS.exe
  C:\Windows\System\MOLSIVS.exe
  2⤵
  PID:2932
- C:\Windows\System\gWyCENY.exe
  C:\Windows\System\gWyCENY.exe
  2⤵
  PID:1020
- C:\Windows\System\snpAuJb.exe
  C:\Windows\System\snpAuJb.exe
  2⤵
  PID:1720
- C:\Windows\System\adOToYu.exe
  C:\Windows\System\adOToYu.exe
  2⤵
  PID:564
- C:\Windows\System\FrgKvPp.exe
  C:\Windows\System\FrgKvPp.exe
  2⤵
  PID:2828
- C:\Windows\System\bIpGHqd.exe
  C:\Windows\System\bIpGHqd.exe
  2⤵
  PID:2880
- C:\Windows\System\BiAPpQt.exe
  C:\Windows\System\BiAPpQt.exe
  2⤵
  PID:2956
- C:\Windows\System\zRpSCwo.exe
  C:\Windows\System\zRpSCwo.exe
  2⤵
  PID:1880
- C:\Windows\System\KryOBgC.exe
  C:\Windows\System\KryOBgC.exe
  2⤵
  PID:1240
- C:\Windows\System\RILjnFB.exe
  C:\Windows\System\RILjnFB.exe
  2⤵
  PID:1852
- C:\Windows\System\iFkcbLu.exe
  C:\Windows\System\iFkcbLu.exe
  2⤵
  PID:1972
- C:\Windows\System\nScqNNp.exe
  C:\Windows\System\nScqNNp.exe
  2⤵
  PID:952
- C:\Windows\System\SvfNaoq.exe
  C:\Windows\System\SvfNaoq.exe
  2⤵
  PID:3048
- C:\Windows\System\OLYuSEP.exe
  C:\Windows\System\OLYuSEP.exe
  2⤵
  PID:2928
- C:\Windows\System\dNoYmno.exe
  C:\Windows\System\dNoYmno.exe
  2⤵
  PID:2888
- C:\Windows\System\gBFdvow.exe
  C:\Windows\System\gBFdvow.exe
  2⤵
  PID:1212
- C:\Windows\System\kXuiwBA.exe
  C:\Windows\System\kXuiwBA.exe
  2⤵
  PID:1640
- C:\Windows\System\cKRjgXY.exe
  C:\Windows\System\cKRjgXY.exe
  2⤵
  PID:1536
- C:\Windows\System\zSSzWfQ.exe
  C:\Windows\System\zSSzWfQ.exe
  2⤵
  PID:804
- C:\Windows\System\JyQabUI.exe
  C:\Windows\System\JyQabUI.exe
  2⤵
  PID:852
- C:\Windows\System\FetONTp.exe
  C:\Windows\System\FetONTp.exe
  2⤵
  PID:336
- C:\Windows\System\LbLdlRn.exe
  C:\Windows\System\LbLdlRn.exe
  2⤵
  PID:2980
- C:\Windows\System\OhdEXnR.exe
  C:\Windows\System\OhdEXnR.exe
  2⤵
  PID:1656
- C:\Windows\System\uJhtlas.exe
  C:\Windows\System\uJhtlas.exe
  2⤵
  PID:3092
- C:\Windows\System\mmkLsYA.exe
  C:\Windows\System\mmkLsYA.exe
  2⤵
  PID:3108
- C:\Windows\System\ptwdxbA.exe
  C:\Windows\System\ptwdxbA.exe
  2⤵
  PID:3132
- C:\Windows\System\GTlSsqc.exe
  C:\Windows\System\GTlSsqc.exe
  2⤵
  PID:3148
- C:\Windows\System\hAIWfUo.exe
  C:\Windows\System\hAIWfUo.exe
  2⤵
  PID:3172
- C:\Windows\System\rRnxFIR.exe
  C:\Windows\System\rRnxFIR.exe
  2⤵
  PID:3188
- C:\Windows\System\vahrWcM.exe
  C:\Windows\System\vahrWcM.exe
  2⤵
  PID:3212
- C:\Windows\System\EscEzcr.exe
  C:\Windows\System\EscEzcr.exe
  2⤵
  PID:3232
- C:\Windows\System\mhlSRqH.exe
  C:\Windows\System\mhlSRqH.exe
  2⤵
  PID:3252
- C:\Windows\System\ySYgmBQ.exe
  C:\Windows\System\ySYgmBQ.exe
  2⤵
  PID:3272
- C:\Windows\System\HuzgoRd.exe
  C:\Windows\System\HuzgoRd.exe
  2⤵
  PID:3292
- C:\Windows\System\drduSOh.exe
  C:\Windows\System\drduSOh.exe
  2⤵
  PID:3312
- C:\Windows\System\yKEuavo.exe
  C:\Windows\System\yKEuavo.exe
  2⤵
  PID:3332
- C:\Windows\System\zyRwtSz.exe
  C:\Windows\System\zyRwtSz.exe
  2⤵
  PID:3352
- C:\Windows\System\CXPhOZY.exe
  C:\Windows\System\CXPhOZY.exe
  2⤵
  PID:3372
- C:\Windows\System\FWEotbb.exe
  C:\Windows\System\FWEotbb.exe
  2⤵
  PID:3392
- C:\Windows\System\sQUxoiq.exe
  C:\Windows\System\sQUxoiq.exe
  2⤵
  PID:3412
- C:\Windows\System\SZYpdAD.exe
  C:\Windows\System\SZYpdAD.exe
  2⤵
  PID:3436
- C:\Windows\System\KYmmyXN.exe
  C:\Windows\System\KYmmyXN.exe
  2⤵
  PID:3456
- C:\Windows\System\nNRjdcU.exe
  C:\Windows\System\nNRjdcU.exe
  2⤵
  PID:3476
- C:\Windows\System\XZfBfhy.exe
  C:\Windows\System\XZfBfhy.exe
  2⤵
  PID:3496
- C:\Windows\System\ntuZtDJ.exe
  C:\Windows\System\ntuZtDJ.exe
  2⤵
  PID:3516
- C:\Windows\System\gLoyjgV.exe
  C:\Windows\System\gLoyjgV.exe
  2⤵
  PID:3536
- C:\Windows\System\cqtbeJy.exe
  C:\Windows\System\cqtbeJy.exe
  2⤵
  PID:3556
- C:\Windows\System\Honoehg.exe
  C:\Windows\System\Honoehg.exe
  2⤵
  PID:3576
- C:\Windows\System\rwzihPh.exe
  C:\Windows\System\rwzihPh.exe
  2⤵
  PID:3596
- C:\Windows\System\dInJVJF.exe
  C:\Windows\System\dInJVJF.exe
  2⤵
  PID:3620
- C:\Windows\System\lUgTZCf.exe
  C:\Windows\System\lUgTZCf.exe
  2⤵
  PID:3640
- C:\Windows\System\XClVEGB.exe
  C:\Windows\System\XClVEGB.exe
  2⤵
  PID:3656
- C:\Windows\System\QWEEtXv.exe
  C:\Windows\System\QWEEtXv.exe
  2⤵
  PID:3676
- C:\Windows\System\EhDzPbT.exe
  C:\Windows\System\EhDzPbT.exe
  2⤵
  PID:3700
- C:\Windows\System\oSyjeDo.exe
  C:\Windows\System\oSyjeDo.exe
  2⤵
  PID:3720
- C:\Windows\System\GWwBshd.exe
  C:\Windows\System\GWwBshd.exe
  2⤵
  PID:3740
- C:\Windows\System\mbejyuE.exe
  C:\Windows\System\mbejyuE.exe
  2⤵
  PID:3760
- C:\Windows\System\HrpXuTa.exe
  C:\Windows\System\HrpXuTa.exe
  2⤵
  PID:3780
- C:\Windows\System\rcBxfcS.exe
  C:\Windows\System\rcBxfcS.exe
  2⤵
  PID:3800
- C:\Windows\System\nsgTkOR.exe
  C:\Windows\System\nsgTkOR.exe
  2⤵
  PID:3820
- C:\Windows\System\NfUkseh.exe
  C:\Windows\System\NfUkseh.exe
  2⤵
  PID:3840
- C:\Windows\System\vwPbBSS.exe
  C:\Windows\System\vwPbBSS.exe
  2⤵
  PID:3860
- C:\Windows\System\qbiPCho.exe
  C:\Windows\System\qbiPCho.exe
  2⤵
  PID:3876
- C:\Windows\System\GtduHBw.exe
  C:\Windows\System\GtduHBw.exe
  2⤵
  PID:3900
- C:\Windows\System\xqCcflm.exe
  C:\Windows\System\xqCcflm.exe
  2⤵
  PID:3920
- C:\Windows\System\bmOMntj.exe
  C:\Windows\System\bmOMntj.exe
  2⤵
  PID:3940
- C:\Windows\System\lmLirOQ.exe
  C:\Windows\System\lmLirOQ.exe
  2⤵
  PID:3960
- C:\Windows\System\mVOOzpW.exe
  C:\Windows\System\mVOOzpW.exe
  2⤵
  PID:3976
- C:\Windows\System\EXqAEIy.exe
  C:\Windows\System\EXqAEIy.exe
  2⤵
  PID:4000
- C:\Windows\System\qEQaFBI.exe
  C:\Windows\System\qEQaFBI.exe
  2⤵
  PID:4020
- C:\Windows\System\YbAtDko.exe
  C:\Windows\System\YbAtDko.exe
  2⤵
  PID:4040
- C:\Windows\System\pPDHJxr.exe
  C:\Windows\System\pPDHJxr.exe
  2⤵
  PID:4060
- C:\Windows\System\AAlFCde.exe
  C:\Windows\System\AAlFCde.exe
  2⤵
  PID:4080
- C:\Windows\System\kiIjIoM.exe
  C:\Windows\System\kiIjIoM.exe
  2⤵
  PID:2868
- C:\Windows\System\GGkHYus.exe
  C:\Windows\System\GGkHYus.exe
  2⤵
  PID:2420
- C:\Windows\System\MQkmZYz.exe
  C:\Windows\System\MQkmZYz.exe
  2⤵
  PID:3064
- C:\Windows\System\gfeJDVH.exe
  C:\Windows\System\gfeJDVH.exe
  2⤵
  PID:1944
- C:\Windows\System\MdSOvay.exe
  C:\Windows\System\MdSOvay.exe
  2⤵
  PID:1680
- C:\Windows\System\qvuWDkR.exe
  C:\Windows\System\qvuWDkR.exe
  2⤵
  PID:3100
- C:\Windows\System\uLxuAQk.exe
  C:\Windows\System\uLxuAQk.exe
  2⤵
  PID:3168
- C:\Windows\System\DzLIwyJ.exe
  C:\Windows\System\DzLIwyJ.exe
  2⤵
  PID:3180
- C:\Windows\System\akqbDOp.exe
  C:\Windows\System\akqbDOp.exe
  2⤵
  PID:2556
- C:\Windows\System\xnvLHDO.exe
  C:\Windows\System\xnvLHDO.exe
  2⤵
  PID:3228
- C:\Windows\System\zKdIqZE.exe
  C:\Windows\System\zKdIqZE.exe
  2⤵
  PID:3268
- C:\Windows\System\tacLNIt.exe
  C:\Windows\System\tacLNIt.exe
  2⤵
  PID:3284
- C:\Windows\System\ovPMDyq.exe
  C:\Windows\System\ovPMDyq.exe
  2⤵
  PID:3324
- C:\Windows\System\DLchaIy.exe
  C:\Windows\System\DLchaIy.exe
  2⤵
  PID:3348
- C:\Windows\System\UkcNMAj.exe
  C:\Windows\System\UkcNMAj.exe
  2⤵
  PID:3400
- C:\Windows\System\nhkXLbv.exe
  C:\Windows\System\nhkXLbv.exe
  2⤵
  PID:2324
- C:\Windows\System\ndcZwAZ.exe
  C:\Windows\System\ndcZwAZ.exe
  2⤵
  PID:3484
- C:\Windows\System\zxuIgzG.exe
  C:\Windows\System\zxuIgzG.exe
  2⤵
  PID:3488
- C:\Windows\System\EibqjZw.exe
  C:\Windows\System\EibqjZw.exe
  2⤵
  PID:3512
- C:\Windows\System\SqTYeWK.exe
  C:\Windows\System\SqTYeWK.exe
  2⤵
  PID:2968
- C:\Windows\System\RAQtKTJ.exe
  C:\Windows\System\RAQtKTJ.exe
  2⤵
  PID:3552
- C:\Windows\System\blwkQhI.exe
  C:\Windows\System\blwkQhI.exe
  2⤵
  PID:3648
- C:\Windows\System\WUoQSIL.exe
  C:\Windows\System\WUoQSIL.exe
  2⤵
  PID:2712
- C:\Windows\System\pKpYlJw.exe
  C:\Windows\System\pKpYlJw.exe
  2⤵
  PID:3668
- C:\Windows\System\wRbzbtY.exe
  C:\Windows\System\wRbzbtY.exe
  2⤵
  PID:3712
- C:\Windows\System\jYhRZBt.exe
  C:\Windows\System\jYhRZBt.exe
  2⤵
  PID:3772
- C:\Windows\System\obpAXHO.exe
  C:\Windows\System\obpAXHO.exe
  2⤵
  PID:3816
- C:\Windows\System\kIWiJZf.exe
  C:\Windows\System\kIWiJZf.exe
  2⤵
  PID:3848
- C:\Windows\System\tymXRod.exe
  C:\Windows\System\tymXRod.exe
  2⤵
  PID:3896
- C:\Windows\System\LyMrDvz.exe
  C:\Windows\System\LyMrDvz.exe
  2⤵
  PID:3868
- C:\Windows\System\mGbYpUG.exe
  C:\Windows\System\mGbYpUG.exe
  2⤵
  PID:3916
- C:\Windows\System\QYhohnC.exe
  C:\Windows\System\QYhohnC.exe
  2⤵
  PID:3948
- C:\Windows\System\WjURZMW.exe
  C:\Windows\System\WjURZMW.exe
  2⤵
  PID:4016
- C:\Windows\System\rSpjvcw.exe
  C:\Windows\System\rSpjvcw.exe
  2⤵
  PID:3992
- C:\Windows\System\KqWijkB.exe
  C:\Windows\System\KqWijkB.exe
  2⤵
  PID:4056
- C:\Windows\System\Zxyzgwc.exe
  C:\Windows\System\Zxyzgwc.exe
  2⤵
  PID:4076
- C:\Windows\System\AztmrBO.exe
  C:\Windows\System\AztmrBO.exe
  2⤵
  PID:1692
- C:\Windows\System\uVahKke.exe
  C:\Windows\System\uVahKke.exe
  2⤵
  PID:444
- C:\Windows\System\iDORegQ.exe
  C:\Windows\System\iDORegQ.exe
  2⤵
  PID:3604
- C:\Windows\System\hoAeVrb.exe
  C:\Windows\System\hoAeVrb.exe
  2⤵
  PID:856
- C:\Windows\System\HWspTVk.exe
  C:\Windows\System\HWspTVk.exe
  2⤵
  PID:2664
- C:\Windows\System\GTLnNcd.exe
  C:\Windows\System\GTLnNcd.exe
  2⤵
  PID:3240
- C:\Windows\System\aKwXtiw.exe
  C:\Windows\System\aKwXtiw.exe
  2⤵
  PID:2564
- C:\Windows\System\OEhqcnL.exe
  C:\Windows\System\OEhqcnL.exe
  2⤵
  PID:3320
- C:\Windows\System\QNTZyln.exe
  C:\Windows\System\QNTZyln.exe
  2⤵
  PID:3380
- C:\Windows\System\YnYSZUV.exe
  C:\Windows\System\YnYSZUV.exe
  2⤵
  PID:3340
- C:\Windows\System\BJnjwAd.exe
  C:\Windows\System\BJnjwAd.exe
  2⤵
  PID:3424
- C:\Windows\System\wiGKfjl.exe
  C:\Windows\System\wiGKfjl.exe
  2⤵
  PID:3508
- C:\Windows\System\urvLfiJ.exe
  C:\Windows\System\urvLfiJ.exe
  2⤵
  PID:3612
- C:\Windows\System\EyHuYiF.exe
  C:\Windows\System\EyHuYiF.exe
  2⤵
  PID:3572
- C:\Windows\System\JRBsZaZ.exe
  C:\Windows\System\JRBsZaZ.exe
  2⤵
  PID:3592
- C:\Windows\System\UjtiCJL.exe
  C:\Windows\System\UjtiCJL.exe
  2⤵
  PID:3708
- C:\Windows\System\ysoGYvH.exe
  C:\Windows\System\ysoGYvH.exe
  2⤵
  PID:3732
- C:\Windows\System\BdEXGMY.exe
  C:\Windows\System\BdEXGMY.exe
  2⤵
  PID:3752
- C:\Windows\System\AeeNzrp.exe
  C:\Windows\System\AeeNzrp.exe
  2⤵
  PID:3788
- C:\Windows\System\vQXqvQT.exe
  C:\Windows\System\vQXqvQT.exe
  2⤵
  PID:3928
- C:\Windows\System\TwBgLGu.exe
  C:\Windows\System\TwBgLGu.exe
  2⤵
  PID:3872
- C:\Windows\System\Bdjtpkt.exe
  C:\Windows\System\Bdjtpkt.exe
  2⤵
  PID:3968
- C:\Windows\System\JHZkGve.exe
  C:\Windows\System\JHZkGve.exe
  2⤵
  PID:3984
- C:\Windows\System\zfuOkqW.exe
  C:\Windows\System\zfuOkqW.exe
  2⤵
  PID:576
- C:\Windows\System\erXmeyn.exe
  C:\Windows\System\erXmeyn.exe
  2⤵
  PID:888
- C:\Windows\System\BOfuFPN.exe
  C:\Windows\System\BOfuFPN.exe
  2⤵
  PID:3196
- C:\Windows\System\ewzQPLg.exe
  C:\Windows\System\ewzQPLg.exe
  2⤵
  PID:3088
- C:\Windows\System\fDcvwRU.exe
  C:\Windows\System\fDcvwRU.exe
  2⤵
  PID:3156
- C:\Windows\System\gvoFBnv.exe
  C:\Windows\System\gvoFBnv.exe
  2⤵
  PID:1948
- C:\Windows\System\iDZRrXV.exe
  C:\Windows\System\iDZRrXV.exe
  2⤵
  PID:3452
- C:\Windows\System\mjadhnn.exe
  C:\Windows\System\mjadhnn.exe
  2⤵
  PID:3504
- C:\Windows\System\iabxvAP.exe
  C:\Windows\System\iabxvAP.exe
  2⤵
  PID:3388
- C:\Windows\System\JWlCvZD.exe
  C:\Windows\System\JWlCvZD.exe
  2⤵
  PID:2636
- C:\Windows\System\FScLBIY.exe
  C:\Windows\System\FScLBIY.exe
  2⤵
  PID:3696
- C:\Windows\System\MUTcfSH.exe
  C:\Windows\System\MUTcfSH.exe
  2⤵
  PID:3852
- C:\Windows\System\waQBliI.exe
  C:\Windows\System\waQBliI.exe
  2⤵
  PID:3892
- C:\Windows\System\rMaJRdU.exe
  C:\Windows\System\rMaJRdU.exe
  2⤵
  PID:1276
- C:\Windows\System\AThrKLI.exe
  C:\Windows\System\AThrKLI.exe
  2⤵
  PID:3956
- C:\Windows\System\cveVxzJ.exe
  C:\Windows\System\cveVxzJ.exe
  2⤵
  PID:3044
- C:\Windows\System\kikRfjc.exe
  C:\Windows\System\kikRfjc.exe
  2⤵
  PID:3160
- C:\Windows\System\trQBTMc.exe
  C:\Windows\System\trQBTMc.exe
  2⤵
  PID:2144
- C:\Windows\System\ruiOhcQ.exe
  C:\Windows\System\ruiOhcQ.exe
  2⤵
  PID:3280
- C:\Windows\System\nHxnhHQ.exe
  C:\Windows\System\nHxnhHQ.exe
  2⤵
  PID:3544
- C:\Windows\System\uWaWDFL.exe
  C:\Windows\System\uWaWDFL.exe
  2⤵
  PID:3632
- C:\Windows\System\EmIVDRX.exe
  C:\Windows\System\EmIVDRX.exe
  2⤵
  PID:3584
- C:\Windows\System\NbIHGtz.exe
  C:\Windows\System\NbIHGtz.exe
  2⤵
  PID:3728
- C:\Windows\System\ZJkAQZh.exe
  C:\Windows\System\ZJkAQZh.exe
  2⤵
  PID:2652
- C:\Windows\System\dHlUyKS.exe
  C:\Windows\System\dHlUyKS.exe
  2⤵
  PID:4068
- C:\Windows\System\nmDpAbu.exe
  C:\Windows\System\nmDpAbu.exe
  2⤵
  PID:3208
- C:\Windows\System\EoMbOBn.exe
  C:\Windows\System\EoMbOBn.exe
  2⤵
  PID:2360
- C:\Windows\System\qjsvixv.exe
  C:\Windows\System\qjsvixv.exe
  2⤵
  PID:3308
- C:\Windows\System\TvuGUUG.exe
  C:\Windows\System\TvuGUUG.exe
  2⤵
  PID:3368
- C:\Windows\System\DNykieB.exe
  C:\Windows\System\DNykieB.exe
  2⤵
  PID:3688
- C:\Windows\System\yUQgaTp.exe
  C:\Windows\System\yUQgaTp.exe
  2⤵
  PID:2236
- C:\Windows\System\riKRwua.exe
  C:\Windows\System\riKRwua.exe
  2⤵
  PID:3664
- C:\Windows\System\xGBNIPv.exe
  C:\Windows\System\xGBNIPv.exe
  2⤵
  PID:2608
- C:\Windows\System\txiJzmh.exe
  C:\Windows\System\txiJzmh.exe
  2⤵
  PID:2940
- C:\Windows\System\jDSBlOo.exe
  C:\Windows\System\jDSBlOo.exe
  2⤵
  PID:1472
- C:\Windows\System\TvPPLvl.exe
  C:\Windows\System\TvPPLvl.exe
  2⤵
  PID:4028
- C:\Windows\System\tDZZYRD.exe
  C:\Windows\System\tDZZYRD.exe
  2⤵
  PID:2976
- C:\Windows\System\cgijwRQ.exe
  C:\Windows\System\cgijwRQ.exe
  2⤵
  PID:2028
- C:\Windows\System\PenZPVe.exe
  C:\Windows\System\PenZPVe.exe
  2⤵
  PID:4104
- C:\Windows\System\oAMiDDp.exe
  C:\Windows\System\oAMiDDp.exe
  2⤵
  PID:4120
- C:\Windows\System\zYLBpnp.exe
  C:\Windows\System\zYLBpnp.exe
  2⤵
  PID:4152
- C:\Windows\System\UfzuWDj.exe
  C:\Windows\System\UfzuWDj.exe
  2⤵
  PID:4208
- C:\Windows\System\XFttFin.exe
  C:\Windows\System\XFttFin.exe
  2⤵
  PID:4228
- C:\Windows\System\aOeHMlC.exe
  C:\Windows\System\aOeHMlC.exe
  2⤵
  PID:4248
- C:\Windows\System\FFnJSfa.exe
  C:\Windows\System\FFnJSfa.exe
  2⤵
  PID:4268
- C:\Windows\System\fAUVhQX.exe
  C:\Windows\System\fAUVhQX.exe
  2⤵
  PID:4284
- C:\Windows\System\vVDnvUy.exe
  C:\Windows\System\vVDnvUy.exe
  2⤵
  PID:4300
- C:\Windows\System\EcLimxT.exe
  C:\Windows\System\EcLimxT.exe
  2⤵
  PID:4320
- C:\Windows\System\LGIcyJB.exe
  C:\Windows\System\LGIcyJB.exe
  2⤵
  PID:4344
- C:\Windows\System\RZkvTIv.exe
  C:\Windows\System\RZkvTIv.exe
  2⤵
  PID:4360
- C:\Windows\System\zNZskwX.exe
  C:\Windows\System\zNZskwX.exe
  2⤵
  PID:4376
- C:\Windows\System\rzIHqNg.exe
  C:\Windows\System\rzIHqNg.exe
  2⤵
  PID:4396
- C:\Windows\System\MTqwVjM.exe
  C:\Windows\System\MTqwVjM.exe
  2⤵
  PID:4412
- C:\Windows\System\MGQGURS.exe
  C:\Windows\System\MGQGURS.exe
  2⤵
  PID:4428
- C:\Windows\System\ZANDXlL.exe
  C:\Windows\System\ZANDXlL.exe
  2⤵
  PID:4444
- C:\Windows\System\xfukWJG.exe
  C:\Windows\System\xfukWJG.exe
  2⤵
  PID:4460
- C:\Windows\System\vEMgixx.exe
  C:\Windows\System\vEMgixx.exe
  2⤵
  PID:4480
- C:\Windows\System\qTuuFWW.exe
  C:\Windows\System\qTuuFWW.exe
  2⤵
  PID:4524
- C:\Windows\System\TBZipaJ.exe
  C:\Windows\System\TBZipaJ.exe
  2⤵
  PID:4548
- C:\Windows\System\ePVEyug.exe
  C:\Windows\System\ePVEyug.exe
  2⤵
  PID:4564
- C:\Windows\System\UYbSWPR.exe
  C:\Windows\System\UYbSWPR.exe
  2⤵
  PID:4600
- C:\Windows\System\pLEDKGT.exe
  C:\Windows\System\pLEDKGT.exe
  2⤵
  PID:4616
- C:\Windows\System\TbDFRsc.exe
  C:\Windows\System\TbDFRsc.exe
  2⤵
  PID:4632
- C:\Windows\System\WbncKok.exe
  C:\Windows\System\WbncKok.exe
  2⤵
  PID:4648
- C:\Windows\System\XDDSqax.exe
  C:\Windows\System\XDDSqax.exe
  2⤵
  PID:4664
- C:\Windows\System\ylgKRMs.exe
  C:\Windows\System\ylgKRMs.exe
  2⤵
  PID:4692
- C:\Windows\System\AaRJbnW.exe
  C:\Windows\System\AaRJbnW.exe
  2⤵
  PID:4724
- C:\Windows\System\gyvxSnJ.exe
  C:\Windows\System\gyvxSnJ.exe
  2⤵
  PID:4740
- C:\Windows\System\JcJwaqD.exe
  C:\Windows\System\JcJwaqD.exe
  2⤵
  PID:4756
- C:\Windows\System\fMMKCiw.exe
  C:\Windows\System\fMMKCiw.exe
  2⤵
  PID:4772
- C:\Windows\System\ycDFkOh.exe
  C:\Windows\System\ycDFkOh.exe
  2⤵
  PID:4788
- C:\Windows\System\XAgmhOv.exe
  C:\Windows\System\XAgmhOv.exe
  2⤵
  PID:4804
- C:\Windows\System\IOYxtUH.exe
  C:\Windows\System\IOYxtUH.exe
  2⤵
  PID:4820
- C:\Windows\System\ncSTIzk.exe
  C:\Windows\System\ncSTIzk.exe
  2⤵
  PID:4836
- C:\Windows\System\vbJqLUj.exe
  C:\Windows\System\vbJqLUj.exe
  2⤵
  PID:4852
- C:\Windows\System\SsmfoxR.exe
  C:\Windows\System\SsmfoxR.exe
  2⤵
  PID:4868
- C:\Windows\System\zizJpCn.exe
  C:\Windows\System\zizJpCn.exe
  2⤵
  PID:4896
- C:\Windows\System\quNNAMg.exe
  C:\Windows\System\quNNAMg.exe
  2⤵
  PID:4920
- C:\Windows\System\rTvMXuY.exe
  C:\Windows\System\rTvMXuY.exe
  2⤵
  PID:4936
- C:\Windows\System\CaawwHP.exe
  C:\Windows\System\CaawwHP.exe
  2⤵
  PID:4984
- C:\Windows\System\nGRvfQW.exe
  C:\Windows\System\nGRvfQW.exe
  2⤵
  PID:5000
- C:\Windows\System\yKCJVMF.exe
  C:\Windows\System\yKCJVMF.exe
  2⤵
  PID:5016
- C:\Windows\System\kHrcQcP.exe
  C:\Windows\System\kHrcQcP.exe
  2⤵
  PID:5032
- C:\Windows\System\uRWYMxE.exe
  C:\Windows\System\uRWYMxE.exe
  2⤵
  PID:5048
- C:\Windows\System\bcDHqMU.exe
  C:\Windows\System\bcDHqMU.exe
  2⤵
  PID:5064
- C:\Windows\System\yenOaOG.exe
  C:\Windows\System\yenOaOG.exe
  2⤵
  PID:5080
- C:\Windows\System\OUfHLNS.exe
  C:\Windows\System\OUfHLNS.exe
  2⤵
  PID:5096
- C:\Windows\System\IHINpUj.exe
  C:\Windows\System\IHINpUj.exe
  2⤵
  PID:5112
- C:\Windows\System\YXgJnvd.exe
  C:\Windows\System\YXgJnvd.exe
  2⤵
  PID:3288
- C:\Windows\System\wPIJwpd.exe
  C:\Windows\System\wPIJwpd.exe
  2⤵
  PID:3616
- C:\Windows\System\jAiFQNH.exe
  C:\Windows\System\jAiFQNH.exe
  2⤵
  PID:2756
- C:\Windows\System\Sxpbfeb.exe
  C:\Windows\System\Sxpbfeb.exe
  2⤵
  PID:2372
- C:\Windows\System\btSMcLd.exe
  C:\Windows\System\btSMcLd.exe
  2⤵
  PID:4112
- C:\Windows\System\hoUdCBC.exe
  C:\Windows\System\hoUdCBC.exe
  2⤵
  PID:4172
- C:\Windows\System\GcfcSRA.exe
  C:\Windows\System\GcfcSRA.exe
  2⤵
  PID:2804
- C:\Windows\System\CShtKMm.exe
  C:\Windows\System\CShtKMm.exe
  2⤵
  PID:4192
- C:\Windows\System\rDYcVlt.exe
  C:\Windows\System\rDYcVlt.exe
  2⤵
  PID:1920
- C:\Windows\System\lHrsLpI.exe
  C:\Windows\System\lHrsLpI.exe
  2⤵
  PID:4092
- C:\Windows\System\drIqDdO.exe
  C:\Windows\System\drIqDdO.exe
  2⤵
  PID:2760
- C:\Windows\System\lEHfUQP.exe
  C:\Windows\System\lEHfUQP.exe
  2⤵
  PID:2388
- C:\Windows\System\LRslMzc.exe
  C:\Windows\System\LRslMzc.exe
  2⤵
  PID:4224
- C:\Windows\System\DzWrzmH.exe
  C:\Windows\System\DzWrzmH.exe
  2⤵
  PID:4240
- C:\Windows\System\sHxSxBI.exe
  C:\Windows\System\sHxSxBI.exe
  2⤵
  PID:2380
- C:\Windows\System\bUqFTlC.exe
  C:\Windows\System\bUqFTlC.exe
  2⤵
  PID:4316
- C:\Windows\System\ZHqQzcq.exe
  C:\Windows\System\ZHqQzcq.exe
  2⤵
  PID:4352
- C:\Windows\System\PmScjvo.exe
  C:\Windows\System\PmScjvo.exe
  2⤵
  PID:4420
- C:\Windows\System\qOPLVUx.exe
  C:\Windows\System\qOPLVUx.exe
  2⤵
  PID:4392
- C:\Windows\System\ywTWAjU.exe
  C:\Windows\System\ywTWAjU.exe
  2⤵
  PID:4408
- C:\Windows\System\sIylSrm.exe
  C:\Windows\System\sIylSrm.exe
  2⤵
  PID:4468
- C:\Windows\System\dxXbIWc.exe
  C:\Windows\System\dxXbIWc.exe
  2⤵
  PID:4440
- C:\Windows\System\VXtwjlW.exe
  C:\Windows\System\VXtwjlW.exe
  2⤵
  PID:2188
- C:\Windows\System\vgoZgLc.exe
  C:\Windows\System\vgoZgLc.exe
  2⤵
  PID:3116
- C:\Windows\System\wnXOpsT.exe
  C:\Windows\System\wnXOpsT.exe
  2⤵
  PID:4580
- C:\Windows\System\OYfSCoW.exe
  C:\Windows\System\OYfSCoW.exe
  2⤵
  PID:4532
- C:\Windows\System\LMeMrIL.exe
  C:\Windows\System\LMeMrIL.exe
  2⤵
  PID:4612
- C:\Windows\System\mNbLuzu.exe
  C:\Windows\System\mNbLuzu.exe
  2⤵
  PID:4608
- C:\Windows\System\qetcHXz.exe
  C:\Windows\System\qetcHXz.exe
  2⤵
  PID:4676
- C:\Windows\System\nGhrBjL.exe
  C:\Windows\System\nGhrBjL.exe
  2⤵
  PID:4624
- C:\Windows\System\jxptdOF.exe
  C:\Windows\System\jxptdOF.exe
  2⤵
  PID:4716
- C:\Windows\System\PPqvbtl.exe
  C:\Windows\System\PPqvbtl.exe
  2⤵
  PID:1992
- C:\Windows\System\KcbDRcW.exe
  C:\Windows\System\KcbDRcW.exe
  2⤵
  PID:4732
- C:\Windows\System\aiBqdDV.exe
  C:\Windows\System\aiBqdDV.exe
  2⤵
  PID:4796
- C:\Windows\System\XCRzRLn.exe
  C:\Windows\System\XCRzRLn.exe
  2⤵
  PID:4864
- C:\Windows\System\EbQEaKz.exe
  C:\Windows\System\EbQEaKz.exe
  2⤵
  PID:4748
- C:\Windows\System\TtXkSSh.exe
  C:\Windows\System\TtXkSSh.exe
  2⤵
  PID:4752
- C:\Windows\System\SElNiFJ.exe
  C:\Windows\System\SElNiFJ.exe
  2⤵
  PID:4928
- C:\Windows\System\cJZtoiL.exe
  C:\Windows\System\cJZtoiL.exe
  2⤵
  PID:4908
- C:\Windows\System\hYkjBsT.exe
  C:\Windows\System\hYkjBsT.exe
  2⤵
  PID:1520
- C:\Windows\System\GmBluAQ.exe
  C:\Windows\System\GmBluAQ.exe
  2⤵
  PID:4956
- C:\Windows\System\KvibFgx.exe
  C:\Windows\System\KvibFgx.exe
  2⤵
  PID:4976
- C:\Windows\System\pciblWF.exe
  C:\Windows\System\pciblWF.exe
  2⤵
  PID:2180
- C:\Windows\System\aHcEQxI.exe
  C:\Windows\System\aHcEQxI.exe
  2⤵
  PID:3808
- C:\Windows\System\ICGLUeW.exe
  C:\Windows\System\ICGLUeW.exe
  2⤵
  PID:5088
- C:\Windows\System\wkCiUIp.exe
  C:\Windows\System\wkCiUIp.exe
  2⤵
  PID:4388
- C:\Windows\System\rgqxvaI.exe
  C:\Windows\System\rgqxvaI.exe
  2⤵
  PID:2016
- C:\Windows\System\hbdzhgh.exe
  C:\Windows\System\hbdzhgh.exe
  2⤵
  PID:4372
- C:\Windows\System\CFbSRdN.exe
  C:\Windows\System\CFbSRdN.exe
  2⤵
  PID:4216
- C:\Windows\System\FdsQYCf.exe
  C:\Windows\System\FdsQYCf.exe
  2⤵
  PID:4260
- C:\Windows\System\TqYQhMw.exe
  C:\Windows\System\TqYQhMw.exe
  2⤵
  PID:4328
- C:\Windows\System\AFtWDeP.exe
  C:\Windows\System\AFtWDeP.exe
  2⤵
  PID:4456
- C:\Windows\System\AcpPaqw.exe
  C:\Windows\System\AcpPaqw.exe
  2⤵
  PID:4544
- C:\Windows\System\LJIdSzF.exe
  C:\Windows\System\LJIdSzF.exe
  2⤵
  PID:4512
- C:\Windows\System\bPHVaKn.exe
  C:\Windows\System\bPHVaKn.exe
  2⤵
  PID:2920
- C:\Windows\System\ziFdgQK.exe
  C:\Windows\System\ziFdgQK.exe
  2⤵
  PID:4876
- C:\Windows\System\fVXqyqX.exe
  C:\Windows\System\fVXqyqX.exe
  2⤵
  PID:2512
- C:\Windows\System\nFFziJW.exe
  C:\Windows\System\nFFziJW.exe
  2⤵
  PID:4684
- C:\Windows\System\MdLKHgv.exe
  C:\Windows\System\MdLKHgv.exe
  2⤵
  PID:4540
- C:\Windows\System\JbRTtgI.exe
  C:\Windows\System\JbRTtgI.exe
  2⤵
  PID:2736
- C:\Windows\System\KbMzmpK.exe
  C:\Windows\System\KbMzmpK.exe
  2⤵
  PID:4784
- C:\Windows\System\HalzSiG.exe
  C:\Windows\System\HalzSiG.exe
  2⤵
  PID:4892
- C:\Windows\System\wVUvSXp.exe
  C:\Windows\System\wVUvSXp.exe
  2⤵
  PID:4960
- C:\Windows\System\NCsRyvm.exe
  C:\Windows\System\NCsRyvm.exe
  2⤵
  PID:5008
- C:\Windows\System\HfcWbCf.exe
  C:\Windows\System\HfcWbCf.exe
  2⤵
  PID:5040
- C:\Windows\System\ecGGHUP.exe
  C:\Windows\System\ecGGHUP.exe
  2⤵
  PID:5076
- C:\Windows\System\oGguOBv.exe
  C:\Windows\System\oGguOBv.exe
  2⤵
  PID:3164
- C:\Windows\System\OTnXDqp.exe
  C:\Windows\System\OTnXDqp.exe
  2⤵
  PID:4176
- C:\Windows\System\wxuwbxB.exe
  C:\Windows\System\wxuwbxB.exe
  2⤵
  PID:2160
- C:\Windows\System\kbNIipM.exe
  C:\Windows\System\kbNIipM.exe
  2⤵
  PID:5092
- C:\Windows\System\VMHpAmz.exe
  C:\Windows\System\VMHpAmz.exe
  2⤵
  PID:4100
- C:\Windows\System\ysIfrvj.exe
  C:\Windows\System\ysIfrvj.exe
  2⤵
  PID:4188
- C:\Windows\System\gQgJwqj.exe
  C:\Windows\System\gQgJwqj.exe
  2⤵
  PID:1956
- C:\Windows\System\RpKUNmG.exe
  C:\Windows\System\RpKUNmG.exe
  2⤵
  PID:4236
- C:\Windows\System\hDdlCAi.exe
  C:\Windows\System\hDdlCAi.exe
  2⤵
  PID:4280
- C:\Windows\System\fFVfimd.exe
  C:\Windows\System\fFVfimd.exe
  2⤵
  PID:1888
- C:\Windows\System\MQbAkBu.exe
  C:\Windows\System\MQbAkBu.exe
  2⤵
  PID:4164
- C:\Windows\System\ubuSHaX.exe
  C:\Windows\System\ubuSHaX.exe
  2⤵
  PID:4384
- C:\Windows\System\YvlxRFd.exe
  C:\Windows\System\YvlxRFd.exe
  2⤵
  PID:4592
- C:\Windows\System\NtGfDfx.exe
  C:\Windows\System\NtGfDfx.exe
  2⤵
  PID:4644
- C:\Windows\System\fqJgcrK.exe
  C:\Windows\System\fqJgcrK.exe
  2⤵
  PID:4700
- C:\Windows\System\bMuNZdr.exe
  C:\Windows\System\bMuNZdr.exe
  2⤵
  PID:4932
- C:\Windows\System\iilYBFU.exe
  C:\Windows\System\iilYBFU.exe
  2⤵
  PID:5072
- C:\Windows\System\yyBCyjd.exe
  C:\Windows\System\yyBCyjd.exe
  2⤵
  PID:4572
- C:\Windows\System\AVIdzaE.exe
  C:\Windows\System\AVIdzaE.exe
  2⤵
  PID:4952
- C:\Windows\System\xXFrPhJ.exe
  C:\Windows\System\xXFrPhJ.exe
  2⤵
  PID:2200
- C:\Windows\System\qhrOdkF.exe
  C:\Windows\System\qhrOdkF.exe
  2⤵
  PID:4708
- C:\Windows\System\ZFwGNBq.exe
  C:\Windows\System\ZFwGNBq.exe
  2⤵
  PID:5056
- C:\Windows\System\uMIGehT.exe
  C:\Windows\System\uMIGehT.exe
  2⤵
  PID:1672
- C:\Windows\System\UDTKwqE.exe
  C:\Windows\System\UDTKwqE.exe
  2⤵
  PID:2472
- C:\Windows\System\qWRzLAD.exe
  C:\Windows\System\qWRzLAD.exe
  2⤵
  PID:4148
- C:\Windows\System\xvSgsTT.exe
  C:\Windows\System\xvSgsTT.exe
  2⤵
  PID:1952
- C:\Windows\System\nHLnJzw.exe
  C:\Windows\System\nHLnJzw.exe
  2⤵
  PID:4336
- C:\Windows\System\NLIuXxF.exe
  C:\Windows\System\NLIuXxF.exe
  2⤵
  PID:4404
- C:\Windows\System\QKOstUx.exe
  C:\Windows\System\QKOstUx.exe
  2⤵
  PID:2168
- C:\Windows\System\PJZkoIJ.exe
  C:\Windows\System\PJZkoIJ.exe
  2⤵
  PID:4008
- C:\Windows\System\SzYLBvB.exe
  C:\Windows\System\SzYLBvB.exe
  2⤵
  PID:2352
- C:\Windows\System\qlCbqZT.exe
  C:\Windows\System\qlCbqZT.exe
  2⤵
  PID:768
- C:\Windows\System\upAfZZH.exe
  C:\Windows\System\upAfZZH.exe
  2⤵
  PID:4848
- C:\Windows\System\CnJMRZV.exe
  C:\Windows\System\CnJMRZV.exe
  2⤵
  PID:4628
- C:\Windows\System\sEmyxUx.exe
  C:\Windows\System\sEmyxUx.exe
  2⤵
  PID:2280
- C:\Windows\System\UmWlyEQ.exe
  C:\Windows\System\UmWlyEQ.exe
  2⤵
  PID:5132
- C:\Windows\System\hekeZVw.exe
  C:\Windows\System\hekeZVw.exe
  2⤵
  PID:5148
- C:\Windows\System\zrtZQgn.exe
  C:\Windows\System\zrtZQgn.exe
  2⤵
  PID:5164
- C:\Windows\System\qNgGYLl.exe
  C:\Windows\System\qNgGYLl.exe
  2⤵
  PID:5180
- C:\Windows\System\vFsFgWY.exe
  C:\Windows\System\vFsFgWY.exe
  2⤵
  PID:5196
- C:\Windows\System\dYjbQch.exe
  C:\Windows\System\dYjbQch.exe
  2⤵
  PID:5212
- C:\Windows\System\Ioriscr.exe
  C:\Windows\System\Ioriscr.exe
  2⤵
  PID:5228
- C:\Windows\System\SyutSRv.exe
  C:\Windows\System\SyutSRv.exe
  2⤵
  PID:5244
- C:\Windows\System\zRPUpWI.exe
  C:\Windows\System\zRPUpWI.exe
  2⤵
  PID:5260
- C:\Windows\System\MUyeUIe.exe
  C:\Windows\System\MUyeUIe.exe
  2⤵
  PID:5276
- C:\Windows\System\CTRZVeY.exe
  C:\Windows\System\CTRZVeY.exe
  2⤵
  PID:5292
- C:\Windows\System\pXbcvFH.exe
  C:\Windows\System\pXbcvFH.exe
  2⤵
  PID:5308
- C:\Windows\System\ftufWWi.exe
  C:\Windows\System\ftufWWi.exe
  2⤵
  PID:5324
- C:\Windows\System\YSngzrm.exe
  C:\Windows\System\YSngzrm.exe
  2⤵
  PID:5340
- C:\Windows\System\mgCmdFn.exe
  C:\Windows\System\mgCmdFn.exe
  2⤵
  PID:5356
- C:\Windows\System\XjzYHNy.exe
  C:\Windows\System\XjzYHNy.exe
  2⤵
  PID:5372
- C:\Windows\System\OmpbtVr.exe
  C:\Windows\System\OmpbtVr.exe
  2⤵
  PID:5388
- C:\Windows\System\eDtLnzO.exe
  C:\Windows\System\eDtLnzO.exe
  2⤵
  PID:5404
- C:\Windows\System\FcDijEW.exe
  C:\Windows\System\FcDijEW.exe
  2⤵
  PID:5420
- C:\Windows\System\GgiCnOH.exe
  C:\Windows\System\GgiCnOH.exe
  2⤵
  PID:5436
- C:\Windows\System\IQBVgsl.exe
  C:\Windows\System\IQBVgsl.exe
  2⤵
  PID:5452
- C:\Windows\System\GGmmWsE.exe
  C:\Windows\System\GGmmWsE.exe
  2⤵
  PID:5468
- C:\Windows\System\MZFisoT.exe
  C:\Windows\System\MZFisoT.exe
  2⤵
  PID:5484
- C:\Windows\System\oVbiCbt.exe
  C:\Windows\System\oVbiCbt.exe
  2⤵
  PID:5500
- C:\Windows\System\ldquRGf.exe
  C:\Windows\System\ldquRGf.exe
  2⤵
  PID:5516
- C:\Windows\System\NyFwKGM.exe
  C:\Windows\System\NyFwKGM.exe
  2⤵
  PID:5532
- C:\Windows\System\gunTcqe.exe
  C:\Windows\System\gunTcqe.exe
  2⤵
  PID:5548
- C:\Windows\System\qONAcfs.exe
  C:\Windows\System\qONAcfs.exe
  2⤵
  PID:5564
- C:\Windows\System\Mhxnfph.exe
  C:\Windows\System\Mhxnfph.exe
  2⤵
  PID:5580
- C:\Windows\System\suBBIoK.exe
  C:\Windows\System\suBBIoK.exe
  2⤵
  PID:5596
- C:\Windows\System\CJmAFzC.exe
  C:\Windows\System\CJmAFzC.exe
  2⤵
  PID:5612
- C:\Windows\System\MDsSvzi.exe
  C:\Windows\System\MDsSvzi.exe
  2⤵
  PID:5628
- C:\Windows\System\OhVFNQc.exe
  C:\Windows\System\OhVFNQc.exe
  2⤵
  PID:5644
- C:\Windows\System\cPsmEMA.exe
  C:\Windows\System\cPsmEMA.exe
  2⤵
  PID:5660
- C:\Windows\System\gAqYhda.exe
  C:\Windows\System\gAqYhda.exe
  2⤵
  PID:5676
- C:\Windows\System\KxiZFMg.exe
  C:\Windows\System\KxiZFMg.exe
  2⤵
  PID:5692
- C:\Windows\System\CrFoNkn.exe
  C:\Windows\System\CrFoNkn.exe
  2⤵
  PID:5708
- C:\Windows\System\bGxqMWq.exe
  C:\Windows\System\bGxqMWq.exe
  2⤵
  PID:5724
- C:\Windows\System\hqcdTWt.exe
  C:\Windows\System\hqcdTWt.exe
  2⤵
  PID:5740
- C:\Windows\System\nloFgKS.exe
  C:\Windows\System\nloFgKS.exe
  2⤵
  PID:5756
- C:\Windows\System\GZlQzRN.exe
  C:\Windows\System\GZlQzRN.exe
  2⤵
  PID:5772
- C:\Windows\System\daisbgN.exe
  C:\Windows\System\daisbgN.exe
  2⤵
  PID:5788
- C:\Windows\System\JUxHXpE.exe
  C:\Windows\System\JUxHXpE.exe
  2⤵
  PID:5804
- C:\Windows\System\iYxQkXB.exe
  C:\Windows\System\iYxQkXB.exe
  2⤵
  PID:5820
- C:\Windows\System\LLIYnlh.exe
  C:\Windows\System\LLIYnlh.exe
  2⤵
  PID:5836
- C:\Windows\System\RLFECuw.exe
  C:\Windows\System\RLFECuw.exe
  2⤵
  PID:5852
- C:\Windows\System\jUpiXNF.exe
  C:\Windows\System\jUpiXNF.exe
  2⤵
  PID:5868
- C:\Windows\System\qvhbgee.exe
  C:\Windows\System\qvhbgee.exe
  2⤵
  PID:5884
- C:\Windows\System\HbSmWXI.exe
  C:\Windows\System\HbSmWXI.exe
  2⤵
  PID:5900
- C:\Windows\System\PiLEZcX.exe
  C:\Windows\System\PiLEZcX.exe
  2⤵
  PID:5920
- C:\Windows\System\dgEBXbA.exe
  C:\Windows\System\dgEBXbA.exe
  2⤵
  PID:5940
- C:\Windows\System\XguWGcb.exe
  C:\Windows\System\XguWGcb.exe
  2⤵
  PID:5964
- C:\Windows\System\VVfKXKd.exe
  C:\Windows\System\VVfKXKd.exe
  2⤵
  PID:5980
- C:\Windows\System\TVAEyjZ.exe
  C:\Windows\System\TVAEyjZ.exe
  2⤵
  PID:5996
- C:\Windows\System\AFepxgD.exe
  C:\Windows\System\AFepxgD.exe
  2⤵
  PID:6016
- C:\Windows\System\pRJFDqq.exe
  C:\Windows\System\pRJFDqq.exe
  2⤵
  PID:6032
- C:\Windows\System\MnPRtPt.exe
  C:\Windows\System\MnPRtPt.exe
  2⤵
  PID:6060
- C:\Windows\System\eiwHbMB.exe
  C:\Windows\System\eiwHbMB.exe
  2⤵
  PID:6080
- C:\Windows\System\lRMsBip.exe
  C:\Windows\System\lRMsBip.exe
  2⤵
  PID:6096
- C:\Windows\System\FDtbkdI.exe
  C:\Windows\System\FDtbkdI.exe
  2⤵
  PID:6116
- C:\Windows\System\mbwdWcN.exe
  C:\Windows\System\mbwdWcN.exe
  2⤵
  PID:6132
- C:\Windows\System\GtKRJiH.exe
  C:\Windows\System\GtKRJiH.exe
  2⤵
  PID:4996
- C:\Windows\System\FGramZF.exe
  C:\Windows\System\FGramZF.exe
  2⤵
  PID:5156
- C:\Windows\System\WNQSJGL.exe
  C:\Windows\System\WNQSJGL.exe
  2⤵
  PID:4832
- C:\Windows\System\pjmspbQ.exe
  C:\Windows\System\pjmspbQ.exe
  2⤵
  PID:4144
- C:\Windows\System\aTQUYSx.exe
  C:\Windows\System\aTQUYSx.exe
  2⤵
  PID:4332
- C:\Windows\System\eHctEgg.exe
  C:\Windows\System\eHctEgg.exe
  2⤵
  PID:5172
- C:\Windows\System\VDQngEK.exe
  C:\Windows\System\VDQngEK.exe
  2⤵
  PID:4912
- C:\Windows\System\TPsMxxb.exe
  C:\Windows\System\TPsMxxb.exe
  2⤵
  PID:5252
- C:\Windows\System\SZSmCyi.exe
  C:\Windows\System\SZSmCyi.exe
  2⤵
  PID:5208
- C:\Windows\System\KMOCVtt.exe
  C:\Windows\System\KMOCVtt.exe
  2⤵
  PID:5272
- C:\Windows\System\ywVxgMN.exe
  C:\Windows\System\ywVxgMN.exe
  2⤵
  PID:5316
- C:\Windows\System\lIIRvrI.exe
  C:\Windows\System\lIIRvrI.exe
  2⤵
  PID:5380
- C:\Windows\System\gzMzbHs.exe
  C:\Windows\System\gzMzbHs.exe
  2⤵
  PID:5444
- C:\Windows\System\xlIvpbk.exe
  C:\Windows\System\xlIvpbk.exe
  2⤵
  PID:5364
- C:\Windows\System\TVQDvyr.exe
  C:\Windows\System\TVQDvyr.exe
  2⤵
  PID:5512
- C:\Windows\System\JJKxewk.exe
  C:\Windows\System\JJKxewk.exe
  2⤵
  PID:5608
- C:\Windows\System\UIWnVic.exe
  C:\Windows\System\UIWnVic.exe
  2⤵
  PID:5588
- C:\Windows\System\kMgyglv.exe
  C:\Windows\System\kMgyglv.exe
  2⤵
  PID:5464
- C:\Windows\System\lkjnfEl.exe
  C:\Windows\System\lkjnfEl.exe
  2⤵
  PID:5428
- C:\Windows\System\TpufACL.exe
  C:\Windows\System\TpufACL.exe
  2⤵
  PID:5560
- C:\Windows\System\hqzebvT.exe
  C:\Windows\System\hqzebvT.exe
  2⤵
  PID:5656
- C:\Windows\System\uYIhrAg.exe
  C:\Windows\System\uYIhrAg.exe
  2⤵
  PID:5704
- C:\Windows\System\iivyNHL.exe
  C:\Windows\System\iivyNHL.exe
  2⤵
  PID:5736
- C:\Windows\System\inSbdJc.exe
  C:\Windows\System\inSbdJc.exe
  2⤵
  PID:5768
- C:\Windows\System\KPMhKfS.exe
  C:\Windows\System\KPMhKfS.exe
  2⤵
  PID:5784
- C:\Windows\System\Xueuefc.exe
  C:\Windows\System\Xueuefc.exe
  2⤵
  PID:5832
- C:\Windows\System\bDCbfIF.exe
  C:\Windows\System\bDCbfIF.exe
  2⤵
  PID:5844
- C:\Windows\System\CRTjRJx.exe
  C:\Windows\System\CRTjRJx.exe
  2⤵
  PID:5908
- C:\Windows\System\zSolxKt.exe
  C:\Windows\System\zSolxKt.exe
  2⤵
  PID:1864
- C:\Windows\System\GJwgRsP.exe
  C:\Windows\System\GJwgRsP.exe
  2⤵
  PID:6008
- C:\Windows\System\KJkbAtB.exe
  C:\Windows\System\KJkbAtB.exe
  2⤵
  PID:5992
- C:\Windows\System\aNxBODe.exe
  C:\Windows\System\aNxBODe.exe
  2⤵
  PID:6040
- C:\Windows\System\ZvNvizN.exe
  C:\Windows\System\ZvNvizN.exe
  2⤵
  PID:6056
- C:\Windows\System\ePWpVeP.exe
  C:\Windows\System\ePWpVeP.exe
  2⤵
  PID:6128
- C:\Windows\System\KuBTbRQ.exe
  C:\Windows\System\KuBTbRQ.exe
  2⤵
  PID:5128
- C:\Windows\System\aIFVhiw.exe
  C:\Windows\System\aIFVhiw.exe
  2⤵
  PID:6072
- C:\Windows\System\kyLAFUE.exe
  C:\Windows\System\kyLAFUE.exe
  2⤵
  PID:3796
- C:\Windows\System\sxPEKiW.exe
  C:\Windows\System\sxPEKiW.exe
  2⤵
  PID:4560
- C:\Windows\System\wFBHkAo.exe
  C:\Windows\System\wFBHkAo.exe
  2⤵
  PID:3568
- C:\Windows\System\qsWhbIs.exe
  C:\Windows\System\qsWhbIs.exe
  2⤵
  PID:5224
- C:\Windows\System\cOEnWko.exe
  C:\Windows\System\cOEnWko.exe
  2⤵
  PID:5332
- C:\Windows\System\TeVHGgh.exe
  C:\Windows\System\TeVHGgh.exe
  2⤵
  PID:5476
- C:\Windows\System\EfZFkbS.exe
  C:\Windows\System\EfZFkbS.exe
  2⤵
  PID:5304
- C:\Windows\System\MQrYuJb.exe
  C:\Windows\System\MQrYuJb.exe
  2⤵
  PID:5620
- C:\Windows\System\qpgocwk.exe
  C:\Windows\System\qpgocwk.exe
  2⤵
  PID:5432
- C:\Windows\System\LRcpraR.exe
  C:\Windows\System\LRcpraR.exe
  2⤵
  PID:5700
- C:\Windows\System\AablJxc.exe
  C:\Windows\System\AablJxc.exe
  2⤵
  PID:5720
- C:\Windows\System\EJGHqCH.exe
  C:\Windows\System\EJGHqCH.exe
  2⤵
  PID:5816
- C:\Windows\System\aNxmCfa.exe
  C:\Windows\System\aNxmCfa.exe
  2⤵
  PID:5976
- C:\Windows\System\btBeRYF.exe
  C:\Windows\System\btBeRYF.exe
  2⤵
  PID:6028
- C:\Windows\System\badwdsm.exe
  C:\Windows\System\badwdsm.exe
  2⤵
  PID:5960
- C:\Windows\System\zomgtUY.exe
  C:\Windows\System\zomgtUY.exe
  2⤵
  PID:5956
- C:\Windows\System\xXEPQug.exe
  C:\Windows\System\xXEPQug.exe
  2⤵
  PID:4292
- C:\Windows\System\fZLEotM.exe
  C:\Windows\System\fZLEotM.exe
  2⤵
  PID:6108
- C:\Windows\System\lttGUwu.exe
  C:\Windows\System\lttGUwu.exe
  2⤵
  PID:1304
- C:\Windows\System\awpnZUd.exe
  C:\Windows\System\awpnZUd.exe
  2⤵
  PID:5352
- C:\Windows\System\SRmoWuc.exe
  C:\Windows\System\SRmoWuc.exe
  2⤵
  PID:5572
- C:\Windows\System\Hqgjjbj.exe
  C:\Windows\System\Hqgjjbj.exe
  2⤵
  PID:5640
- C:\Windows\System\qsxihxJ.exe
  C:\Windows\System\qsxihxJ.exe
  2⤵
  PID:5396
- C:\Windows\System\GQxByYW.exe
  C:\Windows\System\GQxByYW.exe
  2⤵
  PID:5652
- C:\Windows\System\siHDzRM.exe
  C:\Windows\System\siHDzRM.exe
  2⤵
  PID:5876
- C:\Windows\System\aeVijQL.exe
  C:\Windows\System\aeVijQL.exe
  2⤵
  PID:6124
- C:\Windows\System\taEEUIi.exe
  C:\Windows\System\taEEUIi.exe
  2⤵
  PID:6048
- C:\Windows\System\ipeTHiN.exe
  C:\Windows\System\ipeTHiN.exe
  2⤵
  PID:5916
- C:\Windows\System\ZTQGKWN.exe
  C:\Windows\System\ZTQGKWN.exe
  2⤵
  PID:5524
- C:\Windows\System\nCGPxaR.exe
  C:\Windows\System\nCGPxaR.exe
  2⤵
  PID:5348
- C:\Windows\System\EvpYFIe.exe
  C:\Windows\System\EvpYFIe.exe
  2⤵
  PID:6156
- C:\Windows\System\IYNtReN.exe
  C:\Windows\System\IYNtReN.exe
  2⤵
  PID:6172
- C:\Windows\System\wMpOxtR.exe
  C:\Windows\System\wMpOxtR.exe
  2⤵
  PID:6188
- C:\Windows\System\PtOAUna.exe
  C:\Windows\System\PtOAUna.exe
  2⤵
  PID:6204
- C:\Windows\System\ZplZyLd.exe
  C:\Windows\System\ZplZyLd.exe
  2⤵
  PID:6220
- C:\Windows\System\rIOzBaR.exe
  C:\Windows\System\rIOzBaR.exe
  2⤵
  PID:6236
- C:\Windows\System\BIxUdsc.exe
  C:\Windows\System\BIxUdsc.exe
  2⤵
  PID:6252
- C:\Windows\System\EorOlfT.exe
  C:\Windows\System\EorOlfT.exe
  2⤵
  PID:6268
- C:\Windows\System\krPEerh.exe
  C:\Windows\System\krPEerh.exe
  2⤵
  PID:6284
- C:\Windows\System\MgXdxtJ.exe
  C:\Windows\System\MgXdxtJ.exe
  2⤵
  PID:6300
- C:\Windows\System\VGSpFwE.exe
  C:\Windows\System\VGSpFwE.exe
  2⤵
  PID:6316
- C:\Windows\System\uICTOsN.exe
  C:\Windows\System\uICTOsN.exe
  2⤵
  PID:6332
- C:\Windows\System\eHKylUL.exe
  C:\Windows\System\eHKylUL.exe
  2⤵
  PID:6352
- C:\Windows\System\zdnxJAt.exe
  C:\Windows\System\zdnxJAt.exe
  2⤵
  PID:6368
- C:\Windows\System\aznxXZg.exe
  C:\Windows\System\aznxXZg.exe
  2⤵
  PID:6384
- C:\Windows\System\HLkHeLu.exe
  C:\Windows\System\HLkHeLu.exe
  2⤵
  PID:6400
- C:\Windows\System\ByfyIWd.exe
  C:\Windows\System\ByfyIWd.exe
  2⤵
  PID:6416
- C:\Windows\System\jZiqXcz.exe
  C:\Windows\System\jZiqXcz.exe
  2⤵
  PID:6436
- C:\Windows\System\FVeFIMs.exe
  C:\Windows\System\FVeFIMs.exe
  2⤵
  PID:6452
- C:\Windows\System\xSomfPy.exe
  C:\Windows\System\xSomfPy.exe
  2⤵
  PID:6468
- C:\Windows\System\CYcfSKx.exe
  C:\Windows\System\CYcfSKx.exe
  2⤵
  PID:6484
- C:\Windows\System\vBETont.exe
  C:\Windows\System\vBETont.exe
  2⤵
  PID:6500
- C:\Windows\System\cjSmdtS.exe
  C:\Windows\System\cjSmdtS.exe
  2⤵
  PID:6516
- C:\Windows\System\yHwuJOl.exe
  C:\Windows\System\yHwuJOl.exe
  2⤵
  PID:6532
- C:\Windows\System\VkoqbEX.exe
  C:\Windows\System\VkoqbEX.exe
  2⤵
  PID:6548
- C:\Windows\System\JLuftIE.exe
  C:\Windows\System\JLuftIE.exe
  2⤵
  PID:6564
- C:\Windows\System\terkqJZ.exe
  C:\Windows\System\terkqJZ.exe
  2⤵
  PID:6580
- C:\Windows\System\lQpsDOa.exe
  C:\Windows\System\lQpsDOa.exe
  2⤵
  PID:6596
- C:\Windows\System\xsbiGlF.exe
  C:\Windows\System\xsbiGlF.exe
  2⤵
  PID:6612
- C:\Windows\System\dUvonUe.exe
  C:\Windows\System\dUvonUe.exe
  2⤵
  PID:6628
- C:\Windows\System\tWwHglJ.exe
  C:\Windows\System\tWwHglJ.exe
  2⤵
  PID:6644
- C:\Windows\System\vkMwnmq.exe
  C:\Windows\System\vkMwnmq.exe
  2⤵
  PID:6660
- C:\Windows\System\mTOHrCo.exe
  C:\Windows\System\mTOHrCo.exe
  2⤵
  PID:6676
- C:\Windows\System\sAvkCBG.exe
  C:\Windows\System\sAvkCBG.exe
  2⤵
  PID:6692
- C:\Windows\System\vdreeZU.exe
  C:\Windows\System\vdreeZU.exe
  2⤵
  PID:6708
- C:\Windows\System\jsbOAsf.exe
  C:\Windows\System\jsbOAsf.exe
  2⤵
  PID:6724
- C:\Windows\System\GNYRuRM.exe
  C:\Windows\System\GNYRuRM.exe
  2⤵
  PID:6744
- C:\Windows\System\fhQazGL.exe
  C:\Windows\System\fhQazGL.exe
  2⤵
  PID:6760
- C:\Windows\System\OYKCFOW.exe
  C:\Windows\System\OYKCFOW.exe
  2⤵
  PID:6776
- C:\Windows\System\VKyJLPD.exe
  C:\Windows\System\VKyJLPD.exe
  2⤵
  PID:6792
- C:\Windows\System\PTkXZgo.exe
  C:\Windows\System\PTkXZgo.exe
  2⤵
  PID:6808
- C:\Windows\System\ROknykT.exe
  C:\Windows\System\ROknykT.exe
  2⤵
  PID:6824
- C:\Windows\System\XIDEWea.exe
  C:\Windows\System\XIDEWea.exe
  2⤵
  PID:6840
- C:\Windows\System\jrqTEnG.exe
  C:\Windows\System\jrqTEnG.exe
  2⤵
  PID:6860
- C:\Windows\System\fYOSQsN.exe
  C:\Windows\System\fYOSQsN.exe
  2⤵
  PID:6876
- C:\Windows\System\kaGbnoA.exe
  C:\Windows\System\kaGbnoA.exe
  2⤵
  PID:6892
- C:\Windows\System\tmEbqTE.exe
  C:\Windows\System\tmEbqTE.exe
  2⤵
  PID:6908
- C:\Windows\System\UazgiQn.exe
  C:\Windows\System\UazgiQn.exe
  2⤵
  PID:6924
- C:\Windows\System\qQZYyOS.exe
  C:\Windows\System\qQZYyOS.exe
  2⤵
  PID:6940
- C:\Windows\System\aDZlolh.exe
  C:\Windows\System\aDZlolh.exe
  2⤵
  PID:6956
- C:\Windows\System\ePSrYeY.exe
  C:\Windows\System\ePSrYeY.exe
  2⤵
  PID:6972
- C:\Windows\System\nnFRWyC.exe
  C:\Windows\System\nnFRWyC.exe
  2⤵
  PID:6988
- C:\Windows\System\HkRfwik.exe
  C:\Windows\System\HkRfwik.exe
  2⤵
  PID:7004
- C:\Windows\System\wOgBFPE.exe
  C:\Windows\System\wOgBFPE.exe
  2⤵
  PID:7020
- C:\Windows\System\DfnzdZE.exe
  C:\Windows\System\DfnzdZE.exe
  2⤵
  PID:7036
- C:\Windows\System\fiKKkEB.exe
  C:\Windows\System\fiKKkEB.exe
  2⤵
  PID:7052
- C:\Windows\System\YCopUHF.exe
  C:\Windows\System\YCopUHF.exe
  2⤵
  PID:7068
- C:\Windows\System\uSGloZU.exe
  C:\Windows\System\uSGloZU.exe
  2⤵
  PID:7084
- C:\Windows\System\GusTFFK.exe
  C:\Windows\System\GusTFFK.exe
  2⤵
  PID:7100
- C:\Windows\System\UYBLUiO.exe
  C:\Windows\System\UYBLUiO.exe
  2⤵
  PID:7116
- C:\Windows\System\IYkmrBj.exe
  C:\Windows\System\IYkmrBj.exe
  2⤵
  PID:7132
- C:\Windows\System\SbaCHZo.exe
  C:\Windows\System\SbaCHZo.exe
  2⤵
  PID:7148
- C:\Windows\System\FjAmOHI.exe
  C:\Windows\System\FjAmOHI.exe
  2⤵
  PID:7164
- C:\Windows\System\iUOSyNB.exe
  C:\Windows\System\iUOSyNB.exe
  2⤵
  PID:6168
- C:\Windows\System\znddNtC.exe
  C:\Windows\System\znddNtC.exe
  2⤵
  PID:6104
- C:\Windows\System\xQfCuUP.exe
  C:\Windows\System\xQfCuUP.exe
  2⤵
  PID:4204
- C:\Windows\System\WVvJYFI.exe
  C:\Windows\System\WVvJYFI.exe
  2⤵
  PID:5508
- C:\Windows\System\zZwOvSu.exe
  C:\Windows\System\zZwOvSu.exe
  2⤵
  PID:6148
- C:\Windows\System\dnDDDDI.exe
  C:\Windows\System\dnDDDDI.exe
  2⤵
  PID:6292
- C:\Windows\System\MFoLiMu.exe
  C:\Windows\System\MFoLiMu.exe
  2⤵
  PID:6280
- C:\Windows\System\jpzwPyX.exe
  C:\Windows\System\jpzwPyX.exe
  2⤵
  PID:6308
- C:\Windows\System\GbVfETb.exe
  C:\Windows\System\GbVfETb.exe
  2⤵
  PID:6364
- C:\Windows\System\VrMKUFV.exe
  C:\Windows\System\VrMKUFV.exe
  2⤵
  PID:6396
- C:\Windows\System\WeGzvFP.exe
  C:\Windows\System\WeGzvFP.exe
  2⤵
  PID:6432
- C:\Windows\System\ClmwJio.exe
  C:\Windows\System\ClmwJio.exe
  2⤵
  PID:6492
- C:\Windows\System\dpDpilQ.exe
  C:\Windows\System\dpDpilQ.exe
  2⤵
  PID:6588
- C:\Windows\System\INFFOoi.exe
  C:\Windows\System\INFFOoi.exe
  2⤵
  PID:6592
- C:\Windows\System\uNJRpOy.exe
  C:\Windows\System\uNJRpOy.exe
  2⤵
  PID:6444
- C:\Windows\System\qgbNqrW.exe
  C:\Windows\System\qgbNqrW.exe
  2⤵
  PID:6508
- C:\Windows\System\ROQhFXc.exe
  C:\Windows\System\ROQhFXc.exe
  2⤵
  PID:6608
- C:\Windows\System\iziqaUi.exe
  C:\Windows\System\iziqaUi.exe
  2⤵
  PID:6684
- C:\Windows\System\ILBoOxZ.exe
  C:\Windows\System\ILBoOxZ.exe
  2⤵
  PID:6672
- C:\Windows\System\VnfRkyg.exe
  C:\Windows\System\VnfRkyg.exe
  2⤵
  PID:6640
- C:\Windows\System\HNMCKGi.exe
  C:\Windows\System\HNMCKGi.exe
  2⤵
  PID:6752
- C:\Windows\System\SyHkNDj.exe
  C:\Windows\System\SyHkNDj.exe
  2⤵
  PID:6816
- C:\Windows\System\JesKwLC.exe
  C:\Windows\System\JesKwLC.exe
  2⤵
  PID:6856
- C:\Windows\System\cceWdkW.exe
  C:\Windows\System\cceWdkW.exe
  2⤵
  PID:6836
- C:\Windows\System\BzHHnwN.exe
  C:\Windows\System\BzHHnwN.exe
  2⤵
  PID:6800
- C:\Windows\System\JCVpXxy.exe
  C:\Windows\System\JCVpXxy.exe
  2⤵
  PID:6888
- C:\Windows\System\CiBCVfJ.exe
  C:\Windows\System\CiBCVfJ.exe
  2⤵
  PID:6932
- C:\Windows\System\fKIyxdB.exe
  C:\Windows\System\fKIyxdB.exe
  2⤵
  PID:6980
- C:\Windows\System\ruNSEgV.exe
  C:\Windows\System\ruNSEgV.exe
  2⤵
  PID:7048
- C:\Windows\System\BiYuiHj.exe
  C:\Windows\System\BiYuiHj.exe
  2⤵
  PID:7060
- C:\Windows\System\notntSV.exe
  C:\Windows\System\notntSV.exe
  2⤵
  PID:7000
- C:\Windows\System\yyGCXLy.exe
  C:\Windows\System\yyGCXLy.exe
  2⤵
  PID:7064
- C:\Windows\System\noyCbkh.exe
  C:\Windows\System\noyCbkh.exe
  2⤵
  PID:6164
- C:\Windows\System\VmOSfHY.exe
  C:\Windows\System\VmOSfHY.exe
  2⤵
  PID:7160
- C:\Windows\System\EXlqOWR.exe
  C:\Windows\System\EXlqOWR.exe
  2⤵
  PID:7096
- C:\Windows\System\bDHtkAn.exe
  C:\Windows\System\bDHtkAn.exe
  2⤵
  PID:5268
- C:\Windows\System\oguPKAo.exe
  C:\Windows\System\oguPKAo.exe
  2⤵
  PID:6788
- C:\Windows\System\ocdMBEa.exe
  C:\Windows\System\ocdMBEa.exe
  2⤵
  PID:6868
- C:\Windows\System\raCklle.exe
  C:\Windows\System\raCklle.exe
  2⤵
  PID:7044
- C:\Windows\System\vnfDkvK.exe
  C:\Windows\System\vnfDkvK.exe
  2⤵
  PID:7080
- C:\Windows\System\sZUIOIx.exe
  C:\Windows\System\sZUIOIx.exe
  2⤵
  PID:5480
- C:\Windows\System\ZgnENIb.exe
  C:\Windows\System\ZgnENIb.exe
  2⤵
  PID:6248
- C:\Windows\System\XIJwSCT.exe
  C:\Windows\System\XIJwSCT.exe
  2⤵
  PID:552
- C:\Windows\System\ILjxDBr.exe
  C:\Windows\System\ILjxDBr.exe
  2⤵
  PID:6340
- C:\Windows\System\hvjrRjt.exe
  C:\Windows\System\hvjrRjt.exe
  2⤵
  PID:6524
- C:\Windows\System\WdSMiVa.exe
  C:\Windows\System\WdSMiVa.exe
  2⤵
  PID:6464
- C:\Windows\System\kICXmgv.exe
  C:\Windows\System\kICXmgv.exe
  2⤵
  PID:6720
- C:\Windows\System\OjyDjTI.exe
  C:\Windows\System\OjyDjTI.exe
  2⤵
  PID:6480
- C:\Windows\System\seOyAzk.exe
  C:\Windows\System\seOyAzk.exe
  2⤵
  PID:6756
- C:\Windows\System\zzrqvEk.exe
  C:\Windows\System\zzrqvEk.exe
  2⤵
  PID:6852
- C:\Windows\System\zsgEvyX.exe
  C:\Windows\System\zsgEvyX.exe
  2⤵
  PID:6872
- C:\Windows\System\AvxTrQs.exe
  C:\Windows\System\AvxTrQs.exe
  2⤵
  PID:7012
- C:\Windows\System\ZHmcAvQ.exe
  C:\Windows\System\ZHmcAvQ.exe
  2⤵
  PID:7028
- C:\Windows\System\dEWJipx.exe
  C:\Windows\System\dEWJipx.exe
  2⤵
  PID:7124
- C:\Windows\System\tzQLfDv.exe
  C:\Windows\System\tzQLfDv.exe
  2⤵
  PID:7156
- C:\Windows\System\yHDUFDJ.exe
  C:\Windows\System\yHDUFDJ.exe
  2⤵
  PID:6344
- C:\Windows\System\OGOBbyT.exe
  C:\Windows\System\OGOBbyT.exe
  2⤵
  PID:6184
- C:\Windows\System\FxrWuVS.exe
  C:\Windows\System\FxrWuVS.exe
  2⤵
  PID:6264
- C:\Windows\System\IKiXuxn.exe
  C:\Windows\System\IKiXuxn.exe
  2⤵
  PID:6360
- C:\Windows\System\YNxRJhz.exe
  C:\Windows\System\YNxRJhz.exe
  2⤵
  PID:6716
- C:\Windows\System\thRvmUe.exe
  C:\Windows\System\thRvmUe.exe
  2⤵
  PID:6460
- C:\Windows\System\QepckjI.exe
  C:\Windows\System\QepckjI.exe
  2⤵
  PID:6560
- C:\Windows\System\rwLuxWz.exe
  C:\Windows\System\rwLuxWz.exe
  2⤵
  PID:6704
- C:\Windows\System\IQwkfCI.exe
  C:\Windows\System\IQwkfCI.exe
  2⤵
  PID:5192
- C:\Windows\System\kTHJBqD.exe
  C:\Windows\System\kTHJBqD.exe
  2⤵
  PID:6920
- C:\Windows\System\IAAxieT.exe
  C:\Windows\System\IAAxieT.exe
  2⤵
  PID:6952
- C:\Windows\System\MxIUahP.exe
  C:\Windows\System\MxIUahP.exe
  2⤵
  PID:6324
- C:\Windows\System\gRjIFmL.exe
  C:\Windows\System\gRjIFmL.exe
  2⤵
  PID:6216
- C:\Windows\System\JCtmnNG.exe
  C:\Windows\System\JCtmnNG.exe
  2⤵
  PID:6652
- C:\Windows\System\pwfuVFC.exe
  C:\Windows\System\pwfuVFC.exe
  2⤵
  PID:6232
- C:\Windows\System\lhvHxtC.exe
  C:\Windows\System\lhvHxtC.exe
  2⤵
  PID:6448
- C:\Windows\System\bjTTeLg.exe
  C:\Windows\System\bjTTeLg.exe
  2⤵
  PID:6900
- C:\Windows\System\xSoUcxW.exe
  C:\Windows\System\xSoUcxW.exe
  2⤵
  PID:6832
- C:\Windows\System\buJeTHa.exe
  C:\Windows\System\buJeTHa.exe
  2⤵
  PID:1868
- C:\Windows\System\thowZmb.exe
  C:\Windows\System\thowZmb.exe
  2⤵
  PID:7184
- C:\Windows\System\nDzfCXD.exe
  C:\Windows\System\nDzfCXD.exe
  2⤵
  PID:7204
- C:\Windows\System\aIgPref.exe
  C:\Windows\System\aIgPref.exe
  2⤵
  PID:7228
- C:\Windows\System\zCOqsao.exe
  C:\Windows\System\zCOqsao.exe
  2⤵
  PID:7244
- C:\Windows\System\gQVSPtB.exe
  C:\Windows\System\gQVSPtB.exe
  2⤵
  PID:7268
- C:\Windows\System\tfDstEA.exe
  C:\Windows\System\tfDstEA.exe
  2⤵
  PID:7288
- C:\Windows\System\MYVTLot.exe
  C:\Windows\System\MYVTLot.exe
  2⤵
  PID:7304
- C:\Windows\System\aggOXGI.exe
  C:\Windows\System\aggOXGI.exe
  2⤵
  PID:7320
- C:\Windows\System\orjAqVw.exe
  C:\Windows\System\orjAqVw.exe
  2⤵
  PID:7336
- C:\Windows\System\ZJgqKun.exe
  C:\Windows\System\ZJgqKun.exe
  2⤵
  PID:7352
- C:\Windows\System\CButugv.exe
  C:\Windows\System\CButugv.exe
  2⤵
  PID:7368
- C:\Windows\System\mXzWWtX.exe
  C:\Windows\System\mXzWWtX.exe
  2⤵
  PID:7384
- C:\Windows\System\uENDfsq.exe
  C:\Windows\System\uENDfsq.exe
  2⤵
  PID:7400
- C:\Windows\System\OaWgBqM.exe
  C:\Windows\System\OaWgBqM.exe
  2⤵
  PID:7416
- C:\Windows\System\RXvEHbl.exe
  C:\Windows\System\RXvEHbl.exe
  2⤵
  PID:7432
- C:\Windows\System\baBSQhZ.exe
  C:\Windows\System\baBSQhZ.exe
  2⤵
  PID:7448
- C:\Windows\System\ZnSEdRm.exe
  C:\Windows\System\ZnSEdRm.exe
  2⤵
  PID:7464
- C:\Windows\System\RhmuPWv.exe
  C:\Windows\System\RhmuPWv.exe
  2⤵
  PID:7480
- C:\Windows\System\zFdriBu.exe
  C:\Windows\System\zFdriBu.exe
  2⤵
  PID:7496
- C:\Windows\System\dspXgid.exe
  C:\Windows\System\dspXgid.exe
  2⤵
  PID:7512
- C:\Windows\System\uXVTvNH.exe
  C:\Windows\System\uXVTvNH.exe
  2⤵
  PID:7528
- C:\Windows\System\GkzIiJN.exe
  C:\Windows\System\GkzIiJN.exe
  2⤵
  PID:7544
- C:\Windows\System\AhumRLX.exe
  C:\Windows\System\AhumRLX.exe
  2⤵
  PID:7560
- C:\Windows\System\BeYboEW.exe
  C:\Windows\System\BeYboEW.exe
  2⤵
  PID:7576
- C:\Windows\System\eXCuSwd.exe
  C:\Windows\System\eXCuSwd.exe
  2⤵
  PID:7592
- C:\Windows\System\PlJpwss.exe
  C:\Windows\System\PlJpwss.exe
  2⤵
  PID:7608
- C:\Windows\System\rasfMlA.exe
  C:\Windows\System\rasfMlA.exe
  2⤵
  PID:7624
- C:\Windows\System\GPsvTRw.exe
  C:\Windows\System\GPsvTRw.exe
  2⤵
  PID:7640
- C:\Windows\System\cuunWqc.exe
  C:\Windows\System\cuunWqc.exe
  2⤵
  PID:7656
- C:\Windows\System\eIcXbsr.exe
  C:\Windows\System\eIcXbsr.exe
  2⤵
  PID:7672
- C:\Windows\System\GsMsIPi.exe
  C:\Windows\System\GsMsIPi.exe
  2⤵
  PID:7688
- C:\Windows\System\AohQKgT.exe
  C:\Windows\System\AohQKgT.exe
  2⤵
  PID:7704
- C:\Windows\System\gNIhKwV.exe
  C:\Windows\System\gNIhKwV.exe
  2⤵
  PID:7720
- C:\Windows\System\VNgyuGs.exe
  C:\Windows\System\VNgyuGs.exe
  2⤵
  PID:7736
- C:\Windows\System\NIWdFot.exe
  C:\Windows\System\NIWdFot.exe
  2⤵
  PID:7752
- C:\Windows\System\RKCPFsV.exe
  C:\Windows\System\RKCPFsV.exe
  2⤵
  PID:7768
- C:\Windows\System\hBckQqC.exe
  C:\Windows\System\hBckQqC.exe
  2⤵
  PID:7784
- C:\Windows\System\yjzJTjN.exe
  C:\Windows\System\yjzJTjN.exe
  2⤵
  PID:7800
- C:\Windows\System\RrGsNDJ.exe
  C:\Windows\System\RrGsNDJ.exe
  2⤵
  PID:7816
- C:\Windows\System\JHxiRKb.exe
  C:\Windows\System\JHxiRKb.exe
  2⤵
  PID:7832
- C:\Windows\System\hipianK.exe
  C:\Windows\System\hipianK.exe
  2⤵
  PID:7848
- C:\Windows\System\ubhYcbe.exe
  C:\Windows\System\ubhYcbe.exe
  2⤵
  PID:7864
- C:\Windows\System\hAmWSDP.exe
  C:\Windows\System\hAmWSDP.exe
  2⤵
  PID:7880
- C:\Windows\System\vPQUeCR.exe
  C:\Windows\System\vPQUeCR.exe
  2⤵
  PID:7896
- C:\Windows\System\LYBaHag.exe
  C:\Windows\System\LYBaHag.exe
  2⤵
  PID:7912
- C:\Windows\System\oxecBFj.exe
  C:\Windows\System\oxecBFj.exe
  2⤵
  PID:7928
- C:\Windows\System\OKXlfyb.exe
  C:\Windows\System\OKXlfyb.exe
  2⤵
  PID:7944
- C:\Windows\System\IBprVTY.exe
  C:\Windows\System\IBprVTY.exe
  2⤵
  PID:7960
- C:\Windows\System\dsZQwdf.exe
  C:\Windows\System\dsZQwdf.exe
  2⤵
  PID:7976
- C:\Windows\System\mMUWvAD.exe
  C:\Windows\System\mMUWvAD.exe
  2⤵
  PID:7992
- C:\Windows\System\UbAVghk.exe
  C:\Windows\System\UbAVghk.exe
  2⤵
  PID:8008
- C:\Windows\System\QsoCgrz.exe
  C:\Windows\System\QsoCgrz.exe
  2⤵
  PID:8024
- C:\Windows\System\vlNqZcB.exe
  C:\Windows\System\vlNqZcB.exe
  2⤵
  PID:8040
- C:\Windows\System\ZnvNfWZ.exe
  C:\Windows\System\ZnvNfWZ.exe
  2⤵
  PID:8056
- C:\Windows\System\TZhprYM.exe
  C:\Windows\System\TZhprYM.exe
  2⤵
  PID:8072
- C:\Windows\System\QbWbOaJ.exe
  C:\Windows\System\QbWbOaJ.exe
  2⤵
  PID:8088
- C:\Windows\System\dEJuWbH.exe
  C:\Windows\System\dEJuWbH.exe
  2⤵
  PID:8104
- C:\Windows\System\eAToUCM.exe
  C:\Windows\System\eAToUCM.exe
  2⤵
  PID:8120
- C:\Windows\System\dphdHTc.exe
  C:\Windows\System\dphdHTc.exe
  2⤵
  PID:8136
- C:\Windows\System\hZPWShP.exe
  C:\Windows\System\hZPWShP.exe
  2⤵
  PID:8152
- C:\Windows\System\pJsIHaW.exe
  C:\Windows\System\pJsIHaW.exe
  2⤵
  PID:8168
- C:\Windows\System\pnbxlzt.exe
  C:\Windows\System\pnbxlzt.exe
  2⤵
  PID:8188
- C:\Windows\System\EZkiWct.exe
  C:\Windows\System\EZkiWct.exe
  2⤵
  PID:7200
- C:\Windows\System\kystxFN.exe
  C:\Windows\System\kystxFN.exe
  2⤵
  PID:7172
- C:\Windows\System\TuFHPib.exe
  C:\Windows\System\TuFHPib.exe
  2⤵
  PID:7220
- C:\Windows\System\UBITyAx.exe
  C:\Windows\System\UBITyAx.exe
  2⤵
  PID:7260
- C:\Windows\System\GwnrYCs.exe
  C:\Windows\System\GwnrYCs.exe
  2⤵
  PID:7296
- C:\Windows\System\OivXBiB.exe
  C:\Windows\System\OivXBiB.exe
  2⤵
  PID:7360
- C:\Windows\System\jaZHoxP.exe
  C:\Windows\System\jaZHoxP.exe
  2⤵
  PID:7428
- C:\Windows\System\tXpGrWD.exe
  C:\Windows\System\tXpGrWD.exe
  2⤵
  PID:7240
- C:\Windows\System\bGoCzzl.exe
  C:\Windows\System\bGoCzzl.exe
  2⤵
  PID:7440
- C:\Windows\System\YMJogcQ.exe
  C:\Windows\System\YMJogcQ.exe
  2⤵
  PID:7348
- C:\Windows\System\WMAjJCb.exe
  C:\Windows\System\WMAjJCb.exe
  2⤵
  PID:7456
- C:\Windows\System\pinbSgt.exe
  C:\Windows\System\pinbSgt.exe
  2⤵
  PID:7476
- C:\Windows\System\Tcofnfd.exe
  C:\Windows\System\Tcofnfd.exe
  2⤵
  PID:7524
- C:\Windows\System\SsLNtxb.exe
  C:\Windows\System\SsLNtxb.exe
  2⤵
  PID:7584
- C:\Windows\System\MYiMFHF.exe
  C:\Windows\System\MYiMFHF.exe
  2⤵
  PID:7536
- C:\Windows\System\zSFSZrj.exe
  C:\Windows\System\zSFSZrj.exe
  2⤵
  PID:7572
- C:\Windows\System\wvxzVgX.exe
  C:\Windows\System\wvxzVgX.exe
  2⤵
  PID:7636
- C:\Windows\System\zzxVIYC.exe
  C:\Windows\System\zzxVIYC.exe
  2⤵
  PID:7680
- C:\Windows\System\bpfgFXt.exe
  C:\Windows\System\bpfgFXt.exe
  2⤵
  PID:7744
- C:\Windows\System\XMGCieF.exe
  C:\Windows\System\XMGCieF.exe
  2⤵
  PID:7808
- C:\Windows\System\dqPvAaA.exe
  C:\Windows\System\dqPvAaA.exe
  2⤵
  PID:7824
- C:\Windows\System\NaIQkHq.exe
  C:\Windows\System\NaIQkHq.exe
  2⤵
  PID:7764
- C:\Windows\System\MNRTOGQ.exe
  C:\Windows\System\MNRTOGQ.exe
  2⤵
  PID:7860
- C:\Windows\System\AonMYut.exe
  C:\Windows\System\AonMYut.exe
  2⤵
  PID:7924
- C:\Windows\System\FcLeeRw.exe
  C:\Windows\System\FcLeeRw.exe
  2⤵
  PID:7828
- C:\Windows\System\EISSskU.exe
  C:\Windows\System\EISSskU.exe
  2⤵
  PID:7872
- C:\Windows\System\CUaofxq.exe
  C:\Windows\System\CUaofxq.exe
  2⤵
  PID:7936
- C:\Windows\System\vHMCKPd.exe
  C:\Windows\System\vHMCKPd.exe
  2⤵
  PID:8000
- C:\Windows\System\LCyJyZk.exe
  C:\Windows\System\LCyJyZk.exe
  2⤵
  PID:8064
- C:\Windows\System\oaPLnHg.exe
  C:\Windows\System\oaPLnHg.exe
  2⤵
  PID:8096
- C:\Windows\System\FGnqhFV.exe
  C:\Windows\System\FGnqhFV.exe
  2⤵
  PID:8160
- C:\Windows\System\PTrCeYl.exe
  C:\Windows\System\PTrCeYl.exe
  2⤵
  PID:8084
- C:\Windows\System\JSBgzHq.exe
  C:\Windows\System\JSBgzHq.exe
  2⤵
  PID:8176
- C:\Windows\System\uwWWiLI.exe
  C:\Windows\System\uwWWiLI.exe
  2⤵
  PID:8052
- C:\Windows\System\jLXHqas.exe
  C:\Windows\System\jLXHqas.exe
  2⤵
  PID:7212
- C:\Windows\System\CKPpnNb.exe
  C:\Windows\System\CKPpnNb.exe
  2⤵
  PID:7424
- C:\Windows\System\AjSSWDK.exe
  C:\Windows\System\AjSSWDK.exe
  2⤵
  PID:7328
- C:\Windows\System\EWBizMo.exe
  C:\Windows\System\EWBizMo.exe
  2⤵
  PID:7236
- C:\Windows\System\VBXGMOI.exe
  C:\Windows\System\VBXGMOI.exe
  2⤵
  PID:7344
- C:\Windows\System\XsPGoar.exe
  C:\Windows\System\XsPGoar.exe
  2⤵
  PID:7616
- C:\Windows\System\yGzHsQZ.exe
  C:\Windows\System\yGzHsQZ.exe
  2⤵
  PID:7716
- C:\Windows\System\TKSWCbb.exe
  C:\Windows\System\TKSWCbb.exe
  2⤵
  PID:7488
- C:\Windows\System\WqOKGfP.exe
  C:\Windows\System\WqOKGfP.exe
  2⤵
  PID:7556
- C:\Windows\System\cXmeHTM.exe
  C:\Windows\System\cXmeHTM.exe
  2⤵
  PID:7776
- C:\Windows\System\MrhboPg.exe
  C:\Windows\System\MrhboPg.exe
  2⤵
  PID:7796
- C:\Windows\System\qGYDcRh.exe
  C:\Windows\System\qGYDcRh.exe
  2⤵
  PID:7760
- C:\Windows\System\xhEppeh.exe
  C:\Windows\System\xhEppeh.exe
  2⤵
  PID:8036
- C:\Windows\System\nstSlqu.exe
  C:\Windows\System\nstSlqu.exe
  2⤵
  PID:8116
- C:\Windows\System\JqRtCMX.exe
  C:\Windows\System\JqRtCMX.exe
  2⤵
  PID:6576
- C:\Windows\System\BwumXkH.exe
  C:\Windows\System\BwumXkH.exe
  2⤵
  PID:7840
- C:\Windows\System\PnwDPZk.exe
  C:\Windows\System\PnwDPZk.exe
  2⤵
  PID:8020
- C:\Windows\System\cTwlQEC.exe
  C:\Windows\System\cTwlQEC.exe
  2⤵
  PID:6740
- C:\Windows\System\NaGueCC.exe
  C:\Windows\System\NaGueCC.exe
  2⤵
  PID:7316
- C:\Windows\System\cNfClBW.exe
  C:\Windows\System\cNfClBW.exe
  2⤵
  PID:7520
- C:\Windows\System\MFhrwEZ.exe
  C:\Windows\System\MFhrwEZ.exe
  2⤵
  PID:8204
- C:\Windows\System\EPFJoRP.exe
  C:\Windows\System\EPFJoRP.exe
  2⤵
  PID:8220
- C:\Windows\System\ejIhGER.exe
  C:\Windows\System\ejIhGER.exe
  2⤵
  PID:8236
- C:\Windows\System\twkguiQ.exe
  C:\Windows\System\twkguiQ.exe
  2⤵
  PID:8252
- C:\Windows\System\pAoODTZ.exe
  C:\Windows\System\pAoODTZ.exe
  2⤵
  PID:8268
- C:\Windows\System\osBdqPk.exe
  C:\Windows\System\osBdqPk.exe
  2⤵
  PID:8284
- C:\Windows\System\blIeARL.exe
  C:\Windows\System\blIeARL.exe
  2⤵
  PID:8300
- C:\Windows\System\KORSBiX.exe
  C:\Windows\System\KORSBiX.exe
  2⤵
  PID:8316
- C:\Windows\System\eptJvmw.exe
  C:\Windows\System\eptJvmw.exe
  2⤵
  PID:8332
- C:\Windows\System\FwDFkkI.exe
  C:\Windows\System\FwDFkkI.exe
  2⤵
  PID:8348
- C:\Windows\System\OMatbdf.exe
  C:\Windows\System\OMatbdf.exe
  2⤵
  PID:8364
- C:\Windows\System\GbHTcWJ.exe
  C:\Windows\System\GbHTcWJ.exe
  2⤵
  PID:8380
- C:\Windows\System\PxRxxNN.exe
  C:\Windows\System\PxRxxNN.exe
  2⤵
  PID:8396
- C:\Windows\System\KifTwUe.exe
  C:\Windows\System\KifTwUe.exe
  2⤵
  PID:8412
- C:\Windows\System\nGepVRp.exe
  C:\Windows\System\nGepVRp.exe
  2⤵
  PID:8428
- C:\Windows\System\pzKosPS.exe
  C:\Windows\System\pzKosPS.exe
  2⤵
  PID:8444
- C:\Windows\System\lpPxHsp.exe
  C:\Windows\System\lpPxHsp.exe
  2⤵
  PID:8460
- C:\Windows\System\MhnGyPk.exe
  C:\Windows\System\MhnGyPk.exe
  2⤵
  PID:8476
- C:\Windows\System\OEzpVTY.exe
  C:\Windows\System\OEzpVTY.exe
  2⤵
  PID:8492
- C:\Windows\System\YlOgaJs.exe
  C:\Windows\System\YlOgaJs.exe
  2⤵
  PID:8508
- C:\Windows\System\aGwhJpY.exe
  C:\Windows\System\aGwhJpY.exe
  2⤵
  PID:8524
- C:\Windows\System\FQzxwAO.exe
  C:\Windows\System\FQzxwAO.exe
  2⤵
  PID:8540
- C:\Windows\System\zwFPrEk.exe
  C:\Windows\System\zwFPrEk.exe
  2⤵
  PID:8556
- C:\Windows\System\OQxtrWe.exe
  C:\Windows\System\OQxtrWe.exe
  2⤵
  PID:8572
- C:\Windows\System\GFZGUMg.exe
  C:\Windows\System\GFZGUMg.exe
  2⤵
  PID:8588
- C:\Windows\System\VYuxZRu.exe
  C:\Windows\System\VYuxZRu.exe
  2⤵
  PID:8604
- C:\Windows\System\cWfRxGs.exe
  C:\Windows\System\cWfRxGs.exe
  2⤵
  PID:8620
- C:\Windows\System\BmrwtbM.exe
  C:\Windows\System\BmrwtbM.exe
  2⤵
  PID:8636
- C:\Windows\System\Gmbflwl.exe
  C:\Windows\System\Gmbflwl.exe
  2⤵
  PID:8652
- C:\Windows\System\OKyakje.exe
  C:\Windows\System\OKyakje.exe
  2⤵
  PID:8668
- C:\Windows\System\xYcBaHf.exe
  C:\Windows\System\xYcBaHf.exe
  2⤵
  PID:8684
- C:\Windows\System\BbgtapO.exe
  C:\Windows\System\BbgtapO.exe
  2⤵
  PID:8700
- C:\Windows\System\TQjsHNo.exe
  C:\Windows\System\TQjsHNo.exe
  2⤵
  PID:8716
- C:\Windows\System\YpHnHjN.exe
  C:\Windows\System\YpHnHjN.exe
  2⤵
  PID:8732
- C:\Windows\System\WwBuETw.exe
  C:\Windows\System\WwBuETw.exe
  2⤵
  PID:8748
- C:\Windows\System\sfHxdQI.exe
  C:\Windows\System\sfHxdQI.exe
  2⤵
  PID:8764
- C:\Windows\System\RHFKvSI.exe
  C:\Windows\System\RHFKvSI.exe
  2⤵
  PID:8780
- C:\Windows\System\HQRnTGN.exe
  C:\Windows\System\HQRnTGN.exe
  2⤵
  PID:8800
- C:\Windows\System\LDKVcpV.exe
  C:\Windows\System\LDKVcpV.exe
  2⤵
  PID:8816
- C:\Windows\System\ClTvIDc.exe
  C:\Windows\System\ClTvIDc.exe
  2⤵
  PID:8836
- C:\Windows\System\qJayxNV.exe
  C:\Windows\System\qJayxNV.exe
  2⤵
  PID:8852
- C:\Windows\System\ureMJpI.exe
  C:\Windows\System\ureMJpI.exe
  2⤵
  PID:8868
- C:\Windows\System\sBPlZMK.exe
  C:\Windows\System\sBPlZMK.exe
  2⤵
  PID:8884
- C:\Windows\System\VbmvXWG.exe
  C:\Windows\System\VbmvXWG.exe
  2⤵
  PID:8908
- C:\Windows\System\EqkFfkR.exe
  C:\Windows\System\EqkFfkR.exe
  2⤵
  PID:8924
- C:\Windows\System\LQanqRm.exe
  C:\Windows\System\LQanqRm.exe
  2⤵
  PID:8940
- C:\Windows\System\AkMabzJ.exe
  C:\Windows\System\AkMabzJ.exe
  2⤵
  PID:8956
- C:\Windows\System\HLQqzaG.exe
  C:\Windows\System\HLQqzaG.exe
  2⤵
  PID:8976
- C:\Windows\System\iFPAFLJ.exe
  C:\Windows\System\iFPAFLJ.exe
  2⤵
  PID:8992
- C:\Windows\System\rLGaRFO.exe
  C:\Windows\System\rLGaRFO.exe
  2⤵
  PID:9008
- C:\Windows\System\PGZHBPU.exe
  C:\Windows\System\PGZHBPU.exe
  2⤵
  PID:9024
- C:\Windows\System\mepgocE.exe
  C:\Windows\System\mepgocE.exe
  2⤵
  PID:9040
- C:\Windows\System\BcSZWiw.exe
  C:\Windows\System\BcSZWiw.exe
  2⤵
  PID:9056
- C:\Windows\System\aiJYYdR.exe
  C:\Windows\System\aiJYYdR.exe
  2⤵
  PID:9072
- C:\Windows\System\MwvOyDZ.exe
  C:\Windows\System\MwvOyDZ.exe
  2⤵
  PID:9088
- C:\Windows\System\MkEPZlf.exe
  C:\Windows\System\MkEPZlf.exe
  2⤵
  PID:9104
- C:\Windows\System\jtThRPh.exe
  C:\Windows\System\jtThRPh.exe
  2⤵
  PID:9124
- C:\Windows\System\hgirtfj.exe
  C:\Windows\System\hgirtfj.exe
  2⤵
  PID:9156
- C:\Windows\System\pVUzIXi.exe
  C:\Windows\System\pVUzIXi.exe
  2⤵
  PID:9200
- C:\Windows\System\hnOnmlk.exe
  C:\Windows\System\hnOnmlk.exe
  2⤵
  PID:1192
- C:\Windows\System\wYhpRVD.exe
  C:\Windows\System\wYhpRVD.exe
  2⤵
  PID:7984
- C:\Windows\System\nJsImix.exe
  C:\Windows\System\nJsImix.exe
  2⤵
  PID:8032
- C:\Windows\System\grLxUSm.exe
  C:\Windows\System\grLxUSm.exe
  2⤵
  PID:7380
- C:\Windows\System\oyHucgX.exe
  C:\Windows\System\oyHucgX.exe
  2⤵
  PID:8232
- C:\Windows\System\NJxcMxh.exe
  C:\Windows\System\NJxcMxh.exe
  2⤵
  PID:8248
- C:\Windows\System\ZBKXxgb.exe
  C:\Windows\System\ZBKXxgb.exe
  2⤵
  PID:8132
- C:\Windows\System\BMxSYmo.exe
  C:\Windows\System\BMxSYmo.exe
  2⤵
  PID:8324
- C:\Windows\System\pmJcfyt.exe
  C:\Windows\System\pmJcfyt.exe
  2⤵
  PID:8392
- C:\Windows\System\CWzQbMs.exe
  C:\Windows\System\CWzQbMs.exe
  2⤵
  PID:8456
- C:\Windows\System\OXgymaM.exe
  C:\Windows\System\OXgymaM.exe
  2⤵
  PID:8472
- C:\Windows\System\PjOeMjH.exe
  C:\Windows\System\PjOeMjH.exe
  2⤵
  PID:8344
- C:\Windows\System\KOQbaIa.exe
  C:\Windows\System\KOQbaIa.exe
  2⤵
  PID:8468
- C:\Windows\System\EcEgpDi.exe
  C:\Windows\System\EcEgpDi.exe
  2⤵
  PID:1504
- C:\Windows\System\jDJHbnP.exe
  C:\Windows\System\jDJHbnP.exe
  2⤵
  PID:8612
- C:\Windows\System\hWwgpYb.exe
  C:\Windows\System\hWwgpYb.exe
  2⤵
  PID:8644
- C:\Windows\System\LPNDTzR.exe
  C:\Windows\System\LPNDTzR.exe
  2⤵
  PID:8532
- C:\Windows\System\JmMisRI.exe
  C:\Windows\System\JmMisRI.exe
  2⤵
  PID:8596
- C:\Windows\System\rfMospa.exe
  C:\Windows\System\rfMospa.exe
  2⤵
  PID:8628
- C:\Windows\System\bisyCsk.exe
  C:\Windows\System\bisyCsk.exe
  2⤵
  PID:8696
- C:\Windows\System\cGOeZJF.exe
  C:\Windows\System\cGOeZJF.exe
  2⤵
  PID:8744
- C:\Windows\System\svhfMMa.exe
  C:\Windows\System\svhfMMa.exe
  2⤵
  PID:8724
- C:\Windows\System\IJMBhHd.exe
  C:\Windows\System\IJMBhHd.exe
  2⤵
  PID:8760
- C:\Windows\System\lVkxNJz.exe
  C:\Windows\System\lVkxNJz.exe
  2⤵
  PID:8660
- C:\Windows\System\vgpIPxi.exe
  C:\Windows\System\vgpIPxi.exe
  2⤵
  PID:8848
- C:\Windows\System\sHXNsRH.exe
  C:\Windows\System\sHXNsRH.exe
  2⤵
  PID:8880
- C:\Windows\System\FkEzgxf.exe
  C:\Windows\System\FkEzgxf.exe
  2⤵
  PID:8952
- C:\Windows\System\sFVeDak.exe
  C:\Windows\System\sFVeDak.exe
  2⤵
  PID:8892
- C:\Windows\System\HIFdCRg.exe
  C:\Windows\System\HIFdCRg.exe
  2⤵
  PID:9016
- C:\Windows\System\YxdAtHt.exe
  C:\Windows\System\YxdAtHt.exe
  2⤵
  PID:9068
- C:\Windows\System\SMnUlxz.exe
  C:\Windows\System\SMnUlxz.exe
  2⤵
  PID:8964
- C:\Windows\System\gBXljal.exe
  C:\Windows\System\gBXljal.exe
  2⤵
  PID:9084
- C:\Windows\System\FDxZWiT.exe
  C:\Windows\System\FDxZWiT.exe
  2⤵
  PID:9112
- C:\Windows\System\UTewyey.exe
  C:\Windows\System\UTewyey.exe
  2⤵
  PID:9168
- C:\Windows\System\sgzsDxq.exe
  C:\Windows\System\sgzsDxq.exe
  2⤵
  PID:9176
- C:\Windows\System\DkRuorP.exe
  C:\Windows\System\DkRuorP.exe
  2⤵
  PID:7956
- C:\Windows\System\RANsLBZ.exe
  C:\Windows\System\RANsLBZ.exe
  2⤵
  PID:7392
- C:\Windows\System\ShSOmRs.exe
  C:\Windows\System\ShSOmRs.exe
  2⤵
  PID:8216
- C:\Windows\System\CACMeXz.exe
  C:\Windows\System\CACMeXz.exe
  2⤵
  PID:7892
- C:\Windows\System\frcoNYj.exe
  C:\Windows\System\frcoNYj.exe
  2⤵
  PID:7252
- C:\Windows\System\XtEqRYV.exe
  C:\Windows\System\XtEqRYV.exe
  2⤵
  PID:7732
- C:\Windows\System\tYbiUWE.exe
  C:\Windows\System\tYbiUWE.exe
  2⤵
  PID:8260
- C:\Windows\System\bYGMSEY.exe
  C:\Windows\System\bYGMSEY.exe
  2⤵
  PID:9136
- C:\Windows\System\QuqNjow.exe
  C:\Windows\System\QuqNjow.exe
  2⤵
  PID:9152
- C:\Windows\System\JDskMdf.exe
  C:\Windows\System\JDskMdf.exe
  2⤵
  PID:8424
- C:\Windows\System\rEFCszE.exe
  C:\Windows\System\rEFCszE.exe
  2⤵
  PID:8452
- C:\Windows\System\LRYgIwN.exe
  C:\Windows\System\LRYgIwN.exe
  2⤵
  PID:8552
- C:\Windows\System\KTePxAU.exe
  C:\Windows\System\KTePxAU.exe
  2⤵
  PID:8340
- C:\Windows\System\LTencJK.exe
  C:\Windows\System\LTencJK.exe
  2⤵
  PID:6736
- C:\Windows\System\ffJZfhq.exe
  C:\Windows\System\ffJZfhq.exe
  2⤵
  PID:8680
- C:\Windows\System\JdrHXDI.exe
  C:\Windows\System\JdrHXDI.exe
  2⤵
  PID:8692
- C:\Windows\System\XvtFECc.exe
  C:\Windows\System\XvtFECc.exe
  2⤵
  PID:8864
- C:\Windows\System\KOYeBVj.exe
  C:\Windows\System\KOYeBVj.exe
  2⤵
  PID:8664
- C:\Windows\System\DdVDhWa.exe
  C:\Windows\System\DdVDhWa.exe
  2⤵
  PID:8916
- C:\Windows\System\QbRQune.exe
  C:\Windows\System\QbRQune.exe
  2⤵
  PID:9052
- C:\Windows\System\ApNYMUS.exe
  C:\Windows\System\ApNYMUS.exe
  2⤵
  PID:7664
- C:\Windows\System\zbgQpIG.exe
  C:\Windows\System\zbgQpIG.exe
  2⤵
  PID:7192
- C:\Windows\System\WjBGBRX.exe
  C:\Windows\System\WjBGBRX.exe
  2⤵
  PID:9032
- C:\Windows\System\FUonvtV.exe
  C:\Windows\System\FUonvtV.exe
  2⤵
  PID:9120
- C:\Windows\System\DKxAxqE.exe
  C:\Windows\System\DKxAxqE.exe
  2⤵
  PID:9100
- C:\Windows\System\PKeDbPZ.exe
  C:\Windows\System\PKeDbPZ.exe
  2⤵
  PID:8196
- C:\Windows\System\lxkygyg.exe
  C:\Windows\System\lxkygyg.exe
  2⤵
  PID:9144
- C:\Windows\System\EvTblgI.exe
  C:\Windows\System\EvTblgI.exe
  2⤵
  PID:8308
- C:\Windows\System\dIEErcw.exe
  C:\Windows\System\dIEErcw.exe
  2⤵
  PID:8500
- C:\Windows\System\GJpbVqO.exe
  C:\Windows\System\GJpbVqO.exe
  2⤵
  PID:8504
- C:\Windows\System\GzuyEYu.exe
  C:\Windows\System\GzuyEYu.exe
  2⤵
  PID:8616
- C:\Windows\System\pryjDdK.exe
  C:\Windows\System\pryjDdK.exe
  2⤵
  PID:8712
- C:\Windows\System\ZSvDGyK.exe
  C:\Windows\System\ZSvDGyK.exe
  2⤵
  PID:9184
- C:\Windows\System\trJvCJE.exe
  C:\Windows\System\trJvCJE.exe
  2⤵
  PID:7604
- C:\Windows\System\aRqyKwA.exe
  C:\Windows\System\aRqyKwA.exe
  2⤵
  PID:7376
- C:\Windows\System\UtCIOyH.exe
  C:\Windows\System\UtCIOyH.exe
  2⤵
  PID:8296
- C:\Windows\System\oteYYBD.exe
  C:\Windows\System\oteYYBD.exe
  2⤵
  PID:8312
- C:\Windows\System\PmQWwNW.exe
  C:\Windows\System\PmQWwNW.exe
  2⤵
  PID:8824
- C:\Windows\System\qataAsY.exe
  C:\Windows\System\qataAsY.exe
  2⤵
  PID:9196
- C:\Windows\System\wxrYXmH.exe
  C:\Windows\System\wxrYXmH.exe
  2⤵
  PID:8740
- C:\Windows\System\FXHRowE.exe
  C:\Windows\System\FXHRowE.exe
  2⤵
  PID:8796
- C:\Windows\System\rCQQlJp.exe
  C:\Windows\System\rCQQlJp.exe
  2⤵
  PID:8356
- C:\Windows\System\NbUulJO.exe
  C:\Windows\System\NbUulJO.exe
  2⤵
  PID:8520
- C:\Windows\System\rsKJDjg.exe
  C:\Windows\System\rsKJDjg.exe
  2⤵
  PID:9192
- C:\Windows\System\YPIIuwr.exe
  C:\Windows\System\YPIIuwr.exe
  2⤵
  PID:9232
- C:\Windows\System\qkyOWMv.exe
  C:\Windows\System\qkyOWMv.exe
  2⤵
  PID:9248
- C:\Windows\System\BUTdKEn.exe
  C:\Windows\System\BUTdKEn.exe
  2⤵
  PID:9268
- C:\Windows\System\FUJaHIm.exe
  C:\Windows\System\FUJaHIm.exe
  2⤵
  PID:9284
- C:\Windows\System\RzgiffI.exe
  C:\Windows\System\RzgiffI.exe
  2⤵
  PID:9300
- C:\Windows\System\winJwGI.exe
  C:\Windows\System\winJwGI.exe
  2⤵
  PID:9316
- C:\Windows\System\jItLXNC.exe
  C:\Windows\System\jItLXNC.exe
  2⤵
  PID:9332
- C:\Windows\System\nOojQUQ.exe
  C:\Windows\System\nOojQUQ.exe
  2⤵
  PID:9348
- C:\Windows\System\gmSWLRQ.exe
  C:\Windows\System\gmSWLRQ.exe
  2⤵
  PID:9364
- C:\Windows\System\fsgadVN.exe
  C:\Windows\System\fsgadVN.exe
  2⤵
  PID:9380
- C:\Windows\System\oxyMgYC.exe
  C:\Windows\System\oxyMgYC.exe
  2⤵
  PID:9396
- C:\Windows\System\ldKmuLO.exe
  C:\Windows\System\ldKmuLO.exe
  2⤵
  PID:9412
- C:\Windows\System\cIorwbR.exe
  C:\Windows\System\cIorwbR.exe
  2⤵
  PID:9428
- C:\Windows\System\vkZlUax.exe
  C:\Windows\System\vkZlUax.exe
  2⤵
  PID:9444
- C:\Windows\System\HtTrBjR.exe
  C:\Windows\System\HtTrBjR.exe
  2⤵
  PID:9460
- C:\Windows\System\dxkxWei.exe
  C:\Windows\System\dxkxWei.exe
  2⤵
  PID:9476
- C:\Windows\System\sUkVjIN.exe
  C:\Windows\System\sUkVjIN.exe
  2⤵
  PID:9492
- C:\Windows\System\HBdUPhX.exe
  C:\Windows\System\HBdUPhX.exe
  2⤵
  PID:9508
- C:\Windows\System\DToEyus.exe
  C:\Windows\System\DToEyus.exe
  2⤵
  PID:9524
- C:\Windows\System\vSWCVBx.exe
  C:\Windows\System\vSWCVBx.exe
  2⤵
  PID:9540
- C:\Windows\System\zWtVmHo.exe
  C:\Windows\System\zWtVmHo.exe
  2⤵
  PID:9556
- C:\Windows\System\mkDHpDM.exe
  C:\Windows\System\mkDHpDM.exe
  2⤵
  PID:9572
- C:\Windows\System\RTyUALH.exe
  C:\Windows\System\RTyUALH.exe
  2⤵
  PID:9588
- C:\Windows\System\Ppzgtga.exe
  C:\Windows\System\Ppzgtga.exe
  2⤵
  PID:9604
- C:\Windows\System\ceUeoml.exe
  C:\Windows\System\ceUeoml.exe
  2⤵
  PID:9620
- C:\Windows\System\UvHBiPb.exe
  C:\Windows\System\UvHBiPb.exe
  2⤵
  PID:9636
- C:\Windows\System\YKMsduc.exe
  C:\Windows\System\YKMsduc.exe
  2⤵
  PID:9652
- C:\Windows\System\clYOrDP.exe
  C:\Windows\System\clYOrDP.exe
  2⤵
  PID:9668
- C:\Windows\System\XOpTtjP.exe
  C:\Windows\System\XOpTtjP.exe
  2⤵
  PID:9684
- C:\Windows\System\vorCnsR.exe
  C:\Windows\System\vorCnsR.exe
  2⤵
  PID:9700
- C:\Windows\System\krtAlay.exe
  C:\Windows\System\krtAlay.exe
  2⤵
  PID:9716
- C:\Windows\System\jpFLDkG.exe
  C:\Windows\System\jpFLDkG.exe
  2⤵
  PID:9732
- C:\Windows\System\hQyRWll.exe
  C:\Windows\System\hQyRWll.exe
  2⤵
  PID:9748
- C:\Windows\System\bVQxpfK.exe
  C:\Windows\System\bVQxpfK.exe
  2⤵
  PID:9764
- C:\Windows\System\gChXcFk.exe
  C:\Windows\System\gChXcFk.exe
  2⤵
  PID:9780
- C:\Windows\System\ThRLzPh.exe
  C:\Windows\System\ThRLzPh.exe
  2⤵
  PID:9796
- C:\Windows\System\IfGaSNI.exe
  C:\Windows\System\IfGaSNI.exe
  2⤵
  PID:9816
- C:\Windows\System\JeSXtmX.exe
  C:\Windows\System\JeSXtmX.exe
  2⤵
  PID:9832
- C:\Windows\System\AATWfip.exe
  C:\Windows\System\AATWfip.exe
  2⤵
  PID:9848
- C:\Windows\System\stGpPpr.exe
  C:\Windows\System\stGpPpr.exe
  2⤵
  PID:9864
- C:\Windows\System\JEdteDj.exe
  C:\Windows\System\JEdteDj.exe
  2⤵
  PID:9880
- C:\Windows\System\zKTovci.exe
  C:\Windows\System\zKTovci.exe
  2⤵
  PID:9896
- C:\Windows\System\xQDXNgT.exe
  C:\Windows\System\xQDXNgT.exe
  2⤵
  PID:9916
- C:\Windows\System\LyByIXU.exe
  C:\Windows\System\LyByIXU.exe
  2⤵
  PID:9936
- C:\Windows\System\cClFTZQ.exe
  C:\Windows\System\cClFTZQ.exe
  2⤵
  PID:9968
- C:\Windows\System\dnZAsjq.exe
  C:\Windows\System\dnZAsjq.exe
  2⤵
  PID:9992
- C:\Windows\System\MxuHIPu.exe
  C:\Windows\System\MxuHIPu.exe
  2⤵
  PID:10008
- C:\Windows\System\qvWZisv.exe
  C:\Windows\System\qvWZisv.exe
  2⤵
  PID:10024
- C:\Windows\System\FyWPEqK.exe
  C:\Windows\System\FyWPEqK.exe
  2⤵
  PID:10040
- C:\Windows\System\RcraMOU.exe
  C:\Windows\System\RcraMOU.exe
  2⤵
  PID:10056
- C:\Windows\System\bjFRiWH.exe
  C:\Windows\System\bjFRiWH.exe
  2⤵
  PID:10072
- C:\Windows\System\wYNLKCz.exe
  C:\Windows\System\wYNLKCz.exe
  2⤵
  PID:10088
- C:\Windows\System\BLWwclE.exe
  C:\Windows\System\BLWwclE.exe
  2⤵
  PID:10112
- C:\Windows\System\JLgYRYo.exe
  C:\Windows\System\JLgYRYo.exe
  2⤵
  PID:10128
- C:\Windows\System\vIZNXpH.exe
  C:\Windows\System\vIZNXpH.exe
  2⤵
  PID:10144
- C:\Windows\System\KrCLfIp.exe
  C:\Windows\System\KrCLfIp.exe
  2⤵
  PID:10160
- C:\Windows\System\MiJKaqR.exe
  C:\Windows\System\MiJKaqR.exe
  2⤵
  PID:10176
- C:\Windows\System\vsHXNIB.exe
  C:\Windows\System\vsHXNIB.exe
  2⤵
  PID:10192
- C:\Windows\System\QPuFdMF.exe
  C:\Windows\System\QPuFdMF.exe
  2⤵
  PID:10208
- C:\Windows\System\rfcHDgV.exe
  C:\Windows\System\rfcHDgV.exe
  2⤵
  PID:10224
- C:\Windows\System\tgYKFVC.exe
  C:\Windows\System\tgYKFVC.exe
  2⤵
  PID:9004
- C:\Windows\System\fFdeibm.exe
  C:\Windows\System\fFdeibm.exe
  2⤵
  PID:9244
- C:\Windows\System\CJhGrJq.exe
  C:\Windows\System\CJhGrJq.exe
  2⤵
  PID:9228
- C:\Windows\System\SmLFGuy.exe
  C:\Windows\System\SmLFGuy.exe
  2⤵
  PID:9292
- C:\Windows\System\zhIlhKy.exe
  C:\Windows\System\zhIlhKy.exe
  2⤵
  PID:9308
- C:\Windows\System\LyGrlcu.exe
  C:\Windows\System\LyGrlcu.exe
  2⤵
  PID:9344
- C:\Windows\System\HjUTBGY.exe
  C:\Windows\System\HjUTBGY.exe
  2⤵
  PID:9360
- C:\Windows\System\acvhrYg.exe
  C:\Windows\System\acvhrYg.exe
  2⤵
  PID:9424
- C:\Windows\System\MqFcguN.exe
  C:\Windows\System\MqFcguN.exe
  2⤵
  PID:9440
- C:\Windows\System\bVdZNkZ.exe
  C:\Windows\System\bVdZNkZ.exe
  2⤵
  PID:9488
- C:\Windows\System\uBCWkQI.exe
  C:\Windows\System\uBCWkQI.exe
  2⤵
  PID:9520
- C:\Windows\System\oBrHLcQ.exe
  C:\Windows\System\oBrHLcQ.exe
  2⤵
  PID:9552
- C:\Windows\System\MuFzEGl.exe
  C:\Windows\System\MuFzEGl.exe
  2⤵
  PID:10232
- C:\Windows\System\myxqHlN.exe
  C:\Windows\System\myxqHlN.exe
  2⤵
  PID:10124
- C:\Windows\System\WkkyIbC.exe
  C:\Windows\System\WkkyIbC.exe
  2⤵
  PID:10184
- C:\Windows\System\SNZmGsJ.exe
  C:\Windows\System\SNZmGsJ.exe
  2⤵
  PID:10200
- C:\Windows\System\WZefQYA.exe
  C:\Windows\System\WZefQYA.exe
  2⤵
  PID:9696
- C:\Windows\System\kfqjThS.exe
  C:\Windows\System\kfqjThS.exe
  2⤵
  PID:9844
- C:\Windows\System\pkhnGsZ.exe
  C:\Windows\System\pkhnGsZ.exe
  2⤵
  PID:9892
- C:\Windows\System\SwXBaqh.exe
  C:\Windows\System\SwXBaqh.exe
  2⤵
  PID:9504
- C:\Windows\System\UOWCWPT.exe
  C:\Windows\System\UOWCWPT.exe
  2⤵
  PID:9296
- C:\Windows\System\cptOMzV.exe
  C:\Windows\System\cptOMzV.exe
  2⤵
  PID:9912
- C:\Windows\System\BcJaLbr.exe
  C:\Windows\System\BcJaLbr.exe
  2⤵
  PID:9712
- C:\Windows\System\RTZEpvI.exe
  C:\Windows\System\RTZEpvI.exe
  2⤵
  PID:10080
- C:\Windows\System\qtjLRuS.exe
  C:\Windows\System\qtjLRuS.exe
  2⤵
  PID:9988
- C:\Windows\System\eEDOmHx.exe
  C:\Windows\System\eEDOmHx.exe
  2⤵
  PID:9280
- C:\Windows\System\AULTvXU.exe
  C:\Windows\System\AULTvXU.exe
  2⤵
  PID:8372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BuWgMYe.exe

Filesize
6.0MB

MD5
a9c8f0056f21f6c30becf1b790124de0

SHA1
68ddc25dd7b38bf6c9ccb7c7eeea337478de0430

SHA256
c643b0613aa7db5e9ce0cf35e493f826073ed9100ddf1604a5fe284d38cfc387

SHA512
e162d63a3ea395a4d48a00584a58f104926a644a87a83324817b9235fa1534cdaaf41d1b08ad55734e744745074c9477333b81de2984297154977d4553c85dcb

Download Submit
C:\Windows\system\FQnFavX.exe

Filesize
6.0MB

MD5
e4b2a83ea234edc7c02c1f0dae41809e

SHA1
7cb12231cbc510c0694c2e13c5b7b5e73bc14b20

SHA256
4dff85fce9363a092b8906e4d601aa7650a2de16dc800e59be9724aebf8a07b6

SHA512
2ab6810f4f9c2df042d63b43f2714403e956971fd60091853f36f5a81f2218fe9d85874923ead499cf984e4b2db1ec41225f363d2e723d6e46d4939e74eb56f1

Download Submit
C:\Windows\system\GxLVENj.exe

Filesize
6.0MB

MD5
405099771bc94e606b9b660636519297

SHA1
39baa28745b67168baed28c5b0fbd11b0aee36f3

SHA256
ee83b70da93e8f478b847c213022bff0e0eec0eddc785fbf4d201e623ae9c309

SHA512
94cf3a547c95662a1d9d5a07d17821bd540f0f75ca4dacdc586b3d1b28b3afa31a6dfcae9f5f063a596ed682ea9ad9c36eba19bf80647e275f619e0b16c76335

Download Submit
C:\Windows\system\HVVdBjb.exe

Filesize
6.0MB

MD5
724e368ddfa50f13777fdcee7a935062

SHA1
f3aeabc1832b852dd023a26f13cdce44fe55d9f6

SHA256
8cfce3c64bb1112f7906ff86b5997b2661ace53b4956bf05c4f27810eb51c858

SHA512
73c2a97d281d416610efc9d417c67200599310f66f61127dc9362003741fe2f921a97c2ccf1ceff32d8093d0f243b331823033a4c0a04223b39778dc0cbaccf5

Download Submit
C:\Windows\system\KqojmGI.exe

Filesize
6.0MB

MD5
d172238d4520c49d239d3bde1d6fcc18

SHA1
a20fef6ff2488255ce30cf26412fe623820120b1

SHA256
33878a7ad2020f7de60b062f23d96fba0b50a8f2c8c6e9961ebfb5049377c10c

SHA512
daaa6fcbe1337661065fe8cd01841d6d3c49d1b55babe3741f8afdd3d9be32061ad7d82c1522e30000f3ac732d527ee6053b5c649d27d4b510fed089c72de3e5

Download Submit
C:\Windows\system\LlzrFOK.exe

Filesize
6.0MB

MD5
a66bd26c872fd9cdf30a2fa5990c36e8

SHA1
83054fac8c5050ede2d3b6503cd1f1384d9d90cd

SHA256
a5aca4fb10e99bae3e535145f47f0502514f12d3c6c825987307221b03e75546

SHA512
e90d7cb88146f1428f3e21b027dbd235f8addbd13d8a9d52e1d05e6fb315992ba4222437c5f50acb9782d3fab2c173572ed09e1be5029677309667a99c87a43a

Download Submit
C:\Windows\system\LqeAAsz.exe

Filesize
6.0MB

MD5
575ad9a0963ed493a340db839b22a289

SHA1
3acc42342a3eec5e3037c8881e81a6c5d040584a

SHA256
7334b2f8a3c4fd852409fda60a6d4b0ec03dec6c6540696f9e2eceabb93526d1

SHA512
ddaeab2cdc9d5154615660b08e85e631b665d8a7e0a5c7c60acf38ba98baa6e096e89a097d9d342c6c4dfb9e10f3490e4d86106ce291c328f8d692134e2a511d

Download Submit
C:\Windows\system\OTVsBGk.exe

Filesize
6.0MB

MD5
112a1d9fc6ddcfb1065314f421236da8

SHA1
933950d6a1f60fa23cb222f1179bb103e59f7683

SHA256
45688650b502689afdf51e44a7c986fbfc85052014dc9bc40b16fbb875da65ea

SHA512
e5123b37d29cb1a2a51edacadece325a470bd79207877a7eaf5d7091eb262fddff6c5615118006a811567b610283d97f0c3c3776f52865c8d5f8c294e3100390

Download Submit
C:\Windows\system\OaKcsvq.exe

Filesize
6.0MB

MD5
8f55841efa3012d999571aea4760ff48

SHA1
d68fc98ec86d1541240647f62b66bcfaca12c1ec

SHA256
7c188f0beb4186fcd1d548dc4251ef9512946ce3d33e7c63f6f672b5afc3dc64

SHA512
cece15c36e8817341d05e0e88a29d2d19e79b40d5bd253c040fef88b4106aa3cd11fdb309081989dbbb9daee4b346aacdba21b6e73d471c301401e49b04fbdbb

Download Submit
C:\Windows\system\SCvFvnO.exe

Filesize
6.0MB

MD5
530d58b9682cacfe53ed6a1590631b02

SHA1
a6ee40d6e95e0fb5f0ba47ff9f33f4bcc9ed603a

SHA256
f8e772af5bde3103beca4054d6a85297c32d34ddb80eba55875bed28a137935f

SHA512
f0deec16e9d4bb81e9ac48e393808ba1408fa721b8fabf220b9e33dd0e3c022f6e1c5b344339a2cf88f27ff06988f0a67afcb5e70f1f5815502842dba3963a25

Download Submit
C:\Windows\system\WfOpPuf.exe

Filesize
6.0MB

MD5
8d8593f06f3d0129e1ddf22632d0c6ee

SHA1
4d7c6d3deaa7ec2b5b8be2483371aacb32f0bdc6

SHA256
8b54080c2a45174760cd6e03c56a0b3569900bf077f727c72fbe3b4ddf9cbc20

SHA512
f3846194cf4a02e40c90089931f830f62061deccbdf0521e99df7fb2cc205d1470677301d2e58b3edcf973fa5bf50446b99f2c87b59d887cc99abd2c5411a88a

Download Submit
C:\Windows\system\bpYHJca.exe

Filesize
6.0MB

MD5
10e07f12631955010b7e8e241cc16a95

SHA1
2f926d1e09f9d9983f16cf72630ca4ed16d15108

SHA256
353047fb4de128f67ee86d24685a30f3215286a10cfa8782aeadf9d09218c045

SHA512
2dcf3db996798450225389039bb638b196ec92bae899f438ce15bbfb6ec5ff302553aca6f62f567c652e1e2954a59eadb280ed0bc99381d278a180bbafe3e27a

Download Submit
C:\Windows\system\ccNGqwZ.exe

Filesize
6.0MB

MD5
9be3db677bdee560964ea56708e88f27

SHA1
9665b3f98fc71a929eb3bfadb18236e550023c0a

SHA256
fd34c9806d256dbfd04f0a604d4f022132c5915e2a6a4c3a7ec8db7ae5e43fd1

SHA512
2189e2e7a19b3281b6cce862566132275b483ac31b6363213e27b03eca193238094a9f3a5ffad50afe3a7fbd6941a968fa69bf551c25b432c0247f3be1f61a9c

Download Submit
C:\Windows\system\dfpxzsA.exe

Filesize
6.0MB

MD5
a31909b250ed2400f34cfd741a2a721e

SHA1
8d2a81083cc40bb4e077616990c27b7a620ef8a4

SHA256
336e3a9fd8dd52ae8a9d619886beaed85c70d2c6304486e82f306d5ea87d80c5

SHA512
033fd9e3ef5983b52da6089cf4b5dff1591fc9c25426c08ef9fc8ab2b474ea833f0e6c4501f5dd3abf42c0a6ba36f29ac35946c67b75fdf94ed993cab5feb576

Download Submit
C:\Windows\system\gLMPABA.exe

Filesize
6.0MB

MD5
e95d635808b99a9216e5985725521ec5

SHA1
e81caa7c701176f1e95ee532ba2b7c02ab3bc24a

SHA256
be8fa0d9629728494309cd4dcf6d97cdc9d675afb97d458b318131c7ed2389c5

SHA512
1d8e23c52d9f130cdc4136cdf2bbf49bb2433e49463ac05dfbea86a4f703420c3e68f85deaa2381cd0c7dbffbdc64bd5520aa7b1a664b5f73b60bfaa6fb75fef

Download Submit
C:\Windows\system\gLUrlou.exe

Filesize
6.0MB

MD5
b87cf5749091f51eff10015bcc258415

SHA1
fda747a28fc1505671ca23f40232ac18b4abf1ba

SHA256
0af99f2305209f004cfde9307af42ccfc39ceeddfa7467518fd663f7bc2e3c5f

SHA512
89205626460a63fa7a97a97e977039cca49ceb2f6be2d819f578b59683330d17b58e834b195cccbb891d7a27d3a6b04131fc9eed935c1e3626252e92a05cf0f7

Download Submit
C:\Windows\system\imLiNFd.exe

Filesize
6.0MB

MD5
e78ed59a07fba0bb7a32a7f07a85a007

SHA1
8cee84866a1129f274f04fe25d1695f5829f2baa

SHA256
5b857556daa0ce91d3e334efda0e487d87b8702ab647c693b7fc69be17ee3eec

SHA512
96e6998537fa17b850a8ee93ebdcdce0480c0e64b3ce4bc6fc40297472099999cd8454cf9a50a8f1671daf372a062d9a7bbb88af07e17fdf5c6be18c62689282

Download Submit
C:\Windows\system\kJRtXbe.exe

Filesize
6.0MB

MD5
f4b0335f7725bd7854c95b19284146a3

SHA1
2102e93a4d307c54701746b7c409d2de51e4495d

SHA256
0cd19e145d7af85e7de5cbe7c13df53bbbe9b932ad33aa2f0c035aae802f0bbd

SHA512
c0af38dadd9f332ac5aaec6a649d29a91f15c4d907644c140bd051ef234a2e83ac3adcb18484ad7addd2487a8844a142ca9c565bd45842518de968966874d4fa

Download Submit
C:\Windows\system\kkiEyUh.exe

Filesize
6.0MB

MD5
7beb1b5e54616f3381ce385644a628ed

SHA1
9c7f0857a10732c184e8dabce92f77d03f1e8674

SHA256
0fb8e8e88f86fb5a815a5f6ae9b97ed7f3767058678b92718c813bab7d6174f1

SHA512
9df99a7e71ed966c2f241e59654eceaa0ae789202f3df2233ba4b81224940b231d17f70af21651587edf7c0afb435960c4b193973798784c71d31a6f291f9295

Download Submit
C:\Windows\system\qXfdXQD.exe

Filesize
6.0MB

MD5
73d25faec6dfd9d6afca2a12744efaf9

SHA1
3e6c623c7c22aaaa1ec97575311069aa9182aab2

SHA256
4c317b1c957b4ea10879f1bcaa6ae47676a398a9a871e48d980439f97eb490cc

SHA512
ee25f0f802b3f8db922017caf2f1825d3153023e3cf0dc20eae5138ba31a2020e66d8281af0affc2d7cf670dd57fae6dd98c47e35fe572f9f931aab5a8640cb2

Download Submit
C:\Windows\system\rIIuJUC.exe

Filesize
6.0MB

MD5
aba70d654f4b5bef1de24e66e65ecd0a

SHA1
bd36b91ada09e320a8797572985442cc167bdb87

SHA256
75d43c7da392a0fab137138f26761113e9ad931e9bc2625284eeb1ee15f161d5

SHA512
f17c58c699f16ab6d713306983661527d8c4f23bb3165861d60342e54d4d1406fd67eb9417c4ab036f22e26b54553b624f154f791855a5b9fcf6f123d1ce4bc0

Download Submit
C:\Windows\system\soXLbDf.exe

Filesize
6.0MB

MD5
a50efdb2517c3204f319d791cef386ed

SHA1
a89cf4e28f679ae7716abb24d4678d63ad312270

SHA256
f7a42ca3a71687712da5e36250eb375e0fd987d72da2c831cbc7bb8e41a4e86e

SHA512
76bdc924029ca1640e40fd83e8a897f71b5c8615d0b91c82d6be28a9883ff4dbce037a79e86bcb8057a069189206bd5de8d187b96f3795fc80dcdd3659708108

Download Submit
C:\Windows\system\ssqsXPx.exe

Filesize
6.0MB

MD5
98b4fc69c97c1e92b23435f6ee51ef19

SHA1
c5aa3a1476a14e87e81d0d9ec3a2c9c8adbbd7ff

SHA256
b8ab3fa8d09ff05208fd6b0f1c8b7fce6c4a25077082b151609f7a7be932cfd4

SHA512
1415fbd71f1b9581ad073b2a4a59760cbbdb68dc60cc912922ea6d40a7751268481c8cb34100ad2eeabafa4bace30396e14394cdfb943b89ea4e5d820ad800ae

Download Submit
C:\Windows\system\tXWFiMj.exe

Filesize
6.0MB

MD5
799861d0d5a9bf34e1a5288fd2c820a1

SHA1
21d72a5e6b430ebbfeb37c1a7ec3b6294bba5af3

SHA256
db31115710232660db357989466870ebc7728e6f1db103475d3f4dec6b21edba

SHA512
b03671bb4e0e36d7c8628b5982a2e93499bd5777490877ea8ab5f76f33f4cb91aceb1c44c6b043980f9139d66133a7a4ce9c56e75d83f9252529b471521877f4

Download Submit
C:\Windows\system\uiPbBEV.exe

Filesize
6.0MB

MD5
5cc5d5a9cff1d8f36fa1514db384a036

SHA1
b23e99cfff6f3718eb81938bb065db618fb5315a

SHA256
9ae87b83ed49e9c05a50f5277401d2ed8f926f08f09f0a52053cf0183df11496

SHA512
696680a8812b858c9bc5dd7265d3093b445412d66cbfd069c635031cde558259c8177690e87083f0adaa5ea96b702f1c81285803bda47a1d45a7033fad1fc0e2

Download Submit
C:\Windows\system\wpjINXf.exe

Filesize
6.0MB

MD5
db25da2dbac9adf9dac6f80b2301d930

SHA1
c3f9fa9e1159d2aa629cdb9d754fb0c6700ea550

SHA256
0b5519526238a56abced548268cee18b63ffec2d94c6c7b29289e1507ea179e8

SHA512
7a65a1e2ef5a85d4029965eca2e580934ed5885d9277477c1f48a3e83300dc16786a6db0e2949900369f67dbba43c56ed2187b20db2f7df6d38a47e56e1b7f74

Download Submit
C:\Windows\system\xHhmCzV.exe

Filesize
6.0MB

MD5
c9701a6e0c5ff2d7eb7b490995da6cd6

SHA1
d46d3b17e8f20404a7a882de804a26e267dba2e7

SHA256
64f65fb6ba8840d395337b5f7d74d92bcd54e18826955820e057d63590c1e814

SHA512
2ae36bdad5ee794e3cee4a893ad63c6fe10de307d640baa626f42d51a0d539f08486d1be349843341fb7678c153712b400bc5ab92e1891abb87e64eecfcc0693

Download Submit
C:\Windows\system\zpEMQYX.exe

Filesize
6.0MB

MD5
f56611b59f097cc4fc5b30109fd03067

SHA1
21e3299de1d3ac086c5ff27f0390b0869f7db2d0

SHA256
8362ab45097517f642e2b2a7e91b4a7e8f4ab48d7977e9887695bdcedfd44712

SHA512
13c3cb7d0d304567768a8289fc9eb4b53a5a10ad23e4c2ff1f5bbb2a7ce09223b3e7abd85efa49267c6bfa6f19b45479b5d93bc10e294baebb3636fcfb50ac84

Download Submit
\Windows\system\PMGzhEA.exe

Filesize
6.0MB

MD5
8c995cfdf4adfc9c1db05d8f270ef351

SHA1
90d094b9e83c35102c805a4705407ed51ceb028b

SHA256
884c1ade760d107b00194cbfebe175d5a5b957af44816579b07cf60acc1f8d34

SHA512
a624422878f576a84265609d3e67f551ab29728ecb24df9c090b0090c2363198b7410773f059962a297a19e71f1e2496e815c957b49b63c6b1a60b62de8fbae4

Download Submit
\Windows\system\RJpjnlq.exe

Filesize
6.0MB

MD5
906719e8b785b958e525135486d52d49

SHA1
9142e85e2ba0b8bbdc3da3a080067c2eaa15456d

SHA256
c702997ee5653bb5f7959238c1a522db447873fd06257543ee2be643f847950d

SHA512
c35b98f146fb1d76c6a26a192ab377806acd6a02bd7a627001e60f7100d2011cd74bfd98f4a47ef57a1d16a9d21f71fd3d03fe5178128d5e49b4b4fbd1543ef0

Download Submit
\Windows\system\cCnemaj.exe

Filesize
6.0MB

MD5
ec8791dfac78f099c8e90167d7ef6492

SHA1
0db531b71104b3e086c7315e6ac769e775277978

SHA256
5f78b9a694f572a916f323e5d97190ef0d8dba830120795eb98f6d3de8097aa8

SHA512
f7be59166c0a1af10201d24fe0c755c45eeb3a3350c3bd6390c095de21c4f0154828b22863b7d011969f2d91d698f04a6334d006061ed22939f9263f427ac73e

Download Submit
\Windows\system\fmEgalt.exe

Filesize
6.0MB

MD5
b63acaa18f2023fbb407add12cf95bb1

SHA1
cc9b77daa1abee80f9d06f0236e1e571e2978daf

SHA256
d2bb1d45498dc4fa1034e9b0a3c0f993e087d61af740a9c00de1394906363b17

SHA512
7386e5d9e09831830457817098508457648fa874fc0d6a5afab41a68859f9259e014dfcdfe2c52148868b79723e5180826df828db133545a193190a3f06d559e

Download Submit
memory/824-4045-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/824-83-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/1848-4043-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/1848-64-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/1848-438-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/1904-27-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/1904-99-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/1904-4038-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/1996-851-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/1996-4048-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/1996-90-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2012-95-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2012-913-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2012-4047-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2396-87-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2396-4046-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2468-51-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2468-4041-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2468-315-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2576-4039-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-35-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-62-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-317-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-4044-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-21-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2688-4037-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2768-4042-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2768-316-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2768-57-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2820-15-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-4036-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-14-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-81-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2892-100-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2892-730-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2892-76-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2892-78-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-80-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-45-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-10-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-1-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/2892-92-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2892-88-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2892-66-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2892-33-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2892-854-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2892-25-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-73-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2892-0-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2892-439-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2892-509-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2892-1171-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/3012-4040-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-67-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download