cobaltstrike | 7a0a42232bc0aeac9a948a6837b3b97981f6b17da9b32165da71cc52c76e598b

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02/02/2025, 15:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

af3980db163a878095d3319a060dbb1e
SHA1

38afeeb3cc2013e94dc4026f972cab18dbba74d9
SHA256

7a0a42232bc0aeac9a948a6837b3b97981f6b17da9b32165da71cc52c76e598b
SHA512

6bcfa0cdfded4316e073d5622d11712021bec7a1b9a02f7309383942cf0d351d35889d2e2d112a75e30ad9802a44071b455b648955a2d037a6d4936ab57799b2
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU0:T+q56utgpPF8u/70

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a0000000120d6-3.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015689-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015697-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ccf-33.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001660e-99.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cab-132.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df5-182.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016edc-192.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df8-186.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de9-177.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd9-172.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d73-160.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd5-165.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d68-152.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d22-142.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6f-157.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4c-147.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cf0-137.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ca0-127.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c89-122.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016b86-117.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016890-112.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016689-106.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000164de-91.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016399-83.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016141-81.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d0a-79.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d15-60.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000162e4-70.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ce4-38.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015cfd-47.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000156b8-27.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2680-0-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/files/0x000a0000000120d6-3.dat	xmrig
behavioral1/files/0x0009000000015689-8.dat	xmrig
behavioral1/files/0x0008000000015697-12.dat	xmrig
behavioral1/memory/2492-20-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2164-23-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2680-21-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015ccf-33.dat	xmrig
behavioral1/memory/2752-35-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2680-54-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2624-86-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/1084-95-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/files/0x000600000001660e-99.dat	xmrig
behavioral1/files/0x0006000000016cab-132.dat	xmrig
behavioral1/files/0x0006000000016df5-182.dat	xmrig
behavioral1/memory/1084-775-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2644-366-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/files/0x0006000000016edc-192.dat	xmrig
behavioral1/files/0x0006000000016df8-186.dat	xmrig
behavioral1/files/0x0006000000016de9-177.dat	xmrig
behavioral1/files/0x0006000000016dd9-172.dat	xmrig
behavioral1/files/0x0006000000016d73-160.dat	xmrig
behavioral1/files/0x0006000000016dd5-165.dat	xmrig
behavioral1/files/0x0006000000016d68-152.dat	xmrig
behavioral1/files/0x0006000000016d22-142.dat	xmrig
behavioral1/files/0x0006000000016d6f-157.dat	xmrig
behavioral1/files/0x0006000000016d4c-147.dat	xmrig
behavioral1/files/0x0006000000016cf0-137.dat	xmrig
behavioral1/files/0x0006000000016ca0-127.dat	xmrig
behavioral1/files/0x0006000000016c89-122.dat	xmrig
behavioral1/files/0x0006000000016b86-117.dat	xmrig
behavioral1/files/0x0006000000016890-112.dat	xmrig
behavioral1/files/0x0006000000016689-106.dat	xmrig
behavioral1/memory/1984-103-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2824-93-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/files/0x00060000000164de-91.dat	xmrig
behavioral1/memory/2892-88-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2656-87-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2752-85-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016399-83.dat	xmrig
behavioral1/files/0x0006000000016141-81.dat	xmrig
behavioral1/files/0x0008000000015d0a-79.dat	xmrig
behavioral1/memory/2804-76-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d15-60.dat	xmrig
behavioral1/memory/2824-40-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/2644-72-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/files/0x00060000000162e4-70.dat	xmrig
behavioral1/memory/2680-69-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2736-68-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/files/0x0007000000015ce4-38.dat	xmrig
behavioral1/memory/2716-50-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015cfd-47.dat	xmrig
behavioral1/memory/2804-29-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/files/0x00080000000156b8-27.dat	xmrig
behavioral1/memory/2480-18-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2480-4022-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2492-4024-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2644-4023-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/1084-4029-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2716-4028-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2752-4032-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/1984-4041-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2892-4043-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2656-4042-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2480	mTrPkAl.exe
2492	QQKzALL.exe
2164	nyuOLvZ.exe
2804	xdsWboy.exe
2752	QegKMfj.exe
2824	TzshDnZ.exe
2716	LGDmifN.exe
2736	CLaBsIx.exe
2644	KWsTqPJ.exe
2624	shImTzd.exe
2656	qOPHkwW.exe
2892	swtbDUt.exe
1084	pIHyGcP.exe
1984	RJDyHkd.exe
1640	torgEuk.exe
2864	FXXaPJP.exe
1048	zzzHgCu.exe
776	uOJYtkE.exe
2032	wzdLTqq.exe
760	mOsZqlP.exe
2500	GOvJRou.exe
2028	ZDwdKTz.exe
1760	yMBTsWR.exe
2168	FLCzqdw.exe
2104	GdxBckh.exe
2472	jjCXRgg.exe
448	ryUNfgu.exe
1108	RKCaxcd.exe
1620	bWCGfCk.exe
1148	oIGnUvf.exe
1344	NQhoNia.exe
3028	RQoOGmI.exe
2276	JnaItqT.exe
1668	MKrhOuN.exe
1544	pRrvyZF.exe
816	igJxhzb.exe
2976	nIzJxbq.exe
1732	ZlplcnA.exe
3036	bBSGJtY.exe
1840	FpusuEs.exe
528	PfewpeX.exe
1820	ubgBztB.exe
2052	QJWeEvA.exe
1384	FTjykae.exe
2072	CaNLViS.exe
552	QwYSHtk.exe
880	VMFpqtt.exe
1824	NFHLfuh.exe
1596	HMMsbhp.exe
2468	MdnoHQR.exe
2440	aQMVDWX.exe
2728	pDLCfma.exe
2708	LrqIFHk.exe
3000	oSCCLvd.exe
2632	SzFNWMh.exe
2816	sqeywwb.exe
2688	VbHdmKw.exe
2772	oFQMocK.exe
536	XpdeEfn.exe
2776	GyrGOIt.exe
796	uBAmVhz.exe
2912	aVANJWM.exe
3060	BrxKacG.exe
1492	nqhGvnz.exe

Loads dropped DLL 64 IoCs

pid	Process
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2680-0-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/files/0x000a0000000120d6-3.dat	upx
behavioral1/files/0x0009000000015689-8.dat	upx
behavioral1/files/0x0008000000015697-12.dat	upx
behavioral1/memory/2492-20-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2164-23-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/files/0x0007000000015ccf-33.dat	upx
behavioral1/memory/2752-35-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2680-54-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2624-86-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/1084-95-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/files/0x000600000001660e-99.dat	upx
behavioral1/files/0x0006000000016cab-132.dat	upx
behavioral1/files/0x0006000000016df5-182.dat	upx
behavioral1/memory/1084-775-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2644-366-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/files/0x0006000000016edc-192.dat	upx
behavioral1/files/0x0006000000016df8-186.dat	upx
behavioral1/files/0x0006000000016de9-177.dat	upx
behavioral1/files/0x0006000000016dd9-172.dat	upx
behavioral1/files/0x0006000000016d73-160.dat	upx
behavioral1/files/0x0006000000016dd5-165.dat	upx
behavioral1/files/0x0006000000016d68-152.dat	upx
behavioral1/files/0x0006000000016d22-142.dat	upx
behavioral1/files/0x0006000000016d6f-157.dat	upx
behavioral1/files/0x0006000000016d4c-147.dat	upx
behavioral1/files/0x0006000000016cf0-137.dat	upx
behavioral1/files/0x0006000000016ca0-127.dat	upx
behavioral1/files/0x0006000000016c89-122.dat	upx
behavioral1/files/0x0006000000016b86-117.dat	upx
behavioral1/files/0x0006000000016890-112.dat	upx
behavioral1/files/0x0006000000016689-106.dat	upx
behavioral1/memory/1984-103-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2824-93-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/files/0x00060000000164de-91.dat	upx
behavioral1/memory/2892-88-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2656-87-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2752-85-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/files/0x0006000000016399-83.dat	upx
behavioral1/files/0x0006000000016141-81.dat	upx
behavioral1/files/0x0008000000015d0a-79.dat	upx
behavioral1/memory/2804-76-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/files/0x0008000000015d15-60.dat	upx
behavioral1/memory/2824-40-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/2644-72-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/files/0x00060000000162e4-70.dat	upx
behavioral1/memory/2736-68-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/files/0x0007000000015ce4-38.dat	upx
behavioral1/memory/2716-50-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/files/0x0007000000015cfd-47.dat	upx
behavioral1/memory/2804-29-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/files/0x00080000000156b8-27.dat	upx
behavioral1/memory/2480-18-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2480-4022-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2492-4024-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2644-4023-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/1084-4029-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2716-4028-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2752-4032-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/1984-4041-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2892-4043-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2656-4042-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2824-4046-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/2804-4045-0x000000013FD20000-0x0000000140074000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\dylmDgr.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GXzHqHV.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aRhJmmz.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IKKwQAg.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XkjKUUv.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BPsgpDV.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SILrAes.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QFvMXeh.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HZrMJvP.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kJzezVA.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\csqlCZP.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bcwhGwW.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hxWvJPo.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KfnhAid.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NRgGHNi.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MUMeBmL.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YlxDUZC.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UZgYGFh.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yMBTsWR.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BrxKacG.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AgHHEti.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XJBDXiw.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oKQyozO.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vwaJyAa.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vGprqqc.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WVEItvW.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FfwhUjN.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cMPbgNr.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cfXrWfe.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yMhtBGg.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lORrukB.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mQNjVPK.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qvsAykL.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\etVGrJH.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jeoClau.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NlMZmWb.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VIDumkM.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kpdWdwW.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aVONnbu.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rAzWjQr.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UGXrKQi.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xHLSGLe.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WXgimzw.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fZlnCql.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XvQFmKM.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QliJZhn.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\shImTzd.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zeMPmqu.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qdWbYzE.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ENCUVRF.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uZxWaXn.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yYbBsUV.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kRMmUax.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yErbIid.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XdWXnPS.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\egDIZts.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XOvDfeL.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LkcwpOx.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dsqnMbC.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xHemduI.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vxuqYUB.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KumruEQ.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mgLtrir.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SYTCDGc.exe	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2680 wrote to memory of 2480	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2680 wrote to memory of 2480	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2680 wrote to memory of 2480	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2680 wrote to memory of 2492	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2680 wrote to memory of 2492	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2680 wrote to memory of 2492	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2680 wrote to memory of 2164	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2680 wrote to memory of 2164	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2680 wrote to memory of 2164	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2680 wrote to memory of 2804	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2680 wrote to memory of 2804	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2680 wrote to memory of 2804	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2680 wrote to memory of 2752	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2680 wrote to memory of 2752	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2680 wrote to memory of 2752	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2680 wrote to memory of 2824	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2680 wrote to memory of 2824	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2680 wrote to memory of 2824	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2680 wrote to memory of 2716	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2680 wrote to memory of 2716	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2680 wrote to memory of 2716	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2680 wrote to memory of 2624	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2680 wrote to memory of 2624	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2680 wrote to memory of 2624	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2680 wrote to memory of 2736	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2680 wrote to memory of 2736	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2680 wrote to memory of 2736	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2680 wrote to memory of 2656	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2680 wrote to memory of 2656	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2680 wrote to memory of 2656	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2680 wrote to memory of 2644	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2680 wrote to memory of 2644	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2680 wrote to memory of 2644	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2680 wrote to memory of 2892	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2680 wrote to memory of 2892	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2680 wrote to memory of 2892	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2680 wrote to memory of 1084	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2680 wrote to memory of 1084	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2680 wrote to memory of 1084	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2680 wrote to memory of 1984	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2680 wrote to memory of 1984	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2680 wrote to memory of 1984	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2680 wrote to memory of 1640	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2680 wrote to memory of 1640	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2680 wrote to memory of 1640	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2680 wrote to memory of 2864	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2680 wrote to memory of 2864	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2680 wrote to memory of 2864	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2680 wrote to memory of 1048	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2680 wrote to memory of 1048	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2680 wrote to memory of 1048	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2680 wrote to memory of 776	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2680 wrote to memory of 776	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2680 wrote to memory of 776	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2680 wrote to memory of 2032	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2680 wrote to memory of 2032	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2680 wrote to memory of 2032	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2680 wrote to memory of 760	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2680 wrote to memory of 760	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2680 wrote to memory of 760	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2680 wrote to memory of 2500	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2680 wrote to memory of 2500	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2680 wrote to memory of 2500	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2680 wrote to memory of 2028	2680	2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-02_af3980db163a878095d3319a060dbb1e_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2680
- C:\Windows\System\mTrPkAl.exe
  C:\Windows\System\mTrPkAl.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\QQKzALL.exe
  C:\Windows\System\QQKzALL.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\nyuOLvZ.exe
  C:\Windows\System\nyuOLvZ.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\xdsWboy.exe
  C:\Windows\System\xdsWboy.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\QegKMfj.exe
  C:\Windows\System\QegKMfj.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\TzshDnZ.exe
  C:\Windows\System\TzshDnZ.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\LGDmifN.exe
  C:\Windows\System\LGDmifN.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\shImTzd.exe
  C:\Windows\System\shImTzd.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\CLaBsIx.exe
  C:\Windows\System\CLaBsIx.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\qOPHkwW.exe
  C:\Windows\System\qOPHkwW.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\KWsTqPJ.exe
  C:\Windows\System\KWsTqPJ.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\swtbDUt.exe
  C:\Windows\System\swtbDUt.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\pIHyGcP.exe
  C:\Windows\System\pIHyGcP.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\RJDyHkd.exe
  C:\Windows\System\RJDyHkd.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\torgEuk.exe
  C:\Windows\System\torgEuk.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\FXXaPJP.exe
  C:\Windows\System\FXXaPJP.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\zzzHgCu.exe
  C:\Windows\System\zzzHgCu.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\uOJYtkE.exe
  C:\Windows\System\uOJYtkE.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\wzdLTqq.exe
  C:\Windows\System\wzdLTqq.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\mOsZqlP.exe
  C:\Windows\System\mOsZqlP.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\GOvJRou.exe
  C:\Windows\System\GOvJRou.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\ZDwdKTz.exe
  C:\Windows\System\ZDwdKTz.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\yMBTsWR.exe
  C:\Windows\System\yMBTsWR.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\FLCzqdw.exe
  C:\Windows\System\FLCzqdw.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\GdxBckh.exe
  C:\Windows\System\GdxBckh.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\ryUNfgu.exe
  C:\Windows\System\ryUNfgu.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\jjCXRgg.exe
  C:\Windows\System\jjCXRgg.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\RKCaxcd.exe
  C:\Windows\System\RKCaxcd.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\bWCGfCk.exe
  C:\Windows\System\bWCGfCk.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\oIGnUvf.exe
  C:\Windows\System\oIGnUvf.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\NQhoNia.exe
  C:\Windows\System\NQhoNia.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\RQoOGmI.exe
  C:\Windows\System\RQoOGmI.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\JnaItqT.exe
  C:\Windows\System\JnaItqT.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\MKrhOuN.exe
  C:\Windows\System\MKrhOuN.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\pRrvyZF.exe
  C:\Windows\System\pRrvyZF.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\igJxhzb.exe
  C:\Windows\System\igJxhzb.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\nIzJxbq.exe
  C:\Windows\System\nIzJxbq.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\ZlplcnA.exe
  C:\Windows\System\ZlplcnA.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\bBSGJtY.exe
  C:\Windows\System\bBSGJtY.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\FpusuEs.exe
  C:\Windows\System\FpusuEs.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\PfewpeX.exe
  C:\Windows\System\PfewpeX.exe
  2⤵
  - Executes dropped EXE
  PID:528
- C:\Windows\System\ubgBztB.exe
  C:\Windows\System\ubgBztB.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\QJWeEvA.exe
  C:\Windows\System\QJWeEvA.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\FTjykae.exe
  C:\Windows\System\FTjykae.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\CaNLViS.exe
  C:\Windows\System\CaNLViS.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\QwYSHtk.exe
  C:\Windows\System\QwYSHtk.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\VMFpqtt.exe
  C:\Windows\System\VMFpqtt.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\NFHLfuh.exe
  C:\Windows\System\NFHLfuh.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\HMMsbhp.exe
  C:\Windows\System\HMMsbhp.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\MdnoHQR.exe
  C:\Windows\System\MdnoHQR.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\aQMVDWX.exe
  C:\Windows\System\aQMVDWX.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\pDLCfma.exe
  C:\Windows\System\pDLCfma.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\LrqIFHk.exe
  C:\Windows\System\LrqIFHk.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\sqeywwb.exe
  C:\Windows\System\sqeywwb.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\oSCCLvd.exe
  C:\Windows\System\oSCCLvd.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\oFQMocK.exe
  C:\Windows\System\oFQMocK.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\SzFNWMh.exe
  C:\Windows\System\SzFNWMh.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\XpdeEfn.exe
  C:\Windows\System\XpdeEfn.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\VbHdmKw.exe
  C:\Windows\System\VbHdmKw.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\GyrGOIt.exe
  C:\Windows\System\GyrGOIt.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\uBAmVhz.exe
  C:\Windows\System\uBAmVhz.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\BrxKacG.exe
  C:\Windows\System\BrxKacG.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\aVANJWM.exe
  C:\Windows\System\aVANJWM.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\DAIbQBp.exe
  C:\Windows\System\DAIbQBp.exe
  2⤵
  PID:2324
- C:\Windows\System\nqhGvnz.exe
  C:\Windows\System\nqhGvnz.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\eOfRcVG.exe
  C:\Windows\System\eOfRcVG.exe
  2⤵
  PID:2868
- C:\Windows\System\OLGQJTC.exe
  C:\Windows\System\OLGQJTC.exe
  2⤵
  PID:468
- C:\Windows\System\OLBSIIW.exe
  C:\Windows\System\OLBSIIW.exe
  2⤵
  PID:1400
- C:\Windows\System\AUimgpL.exe
  C:\Windows\System\AUimgpL.exe
  2⤵
  PID:1700
- C:\Windows\System\fZlnCql.exe
  C:\Windows\System\fZlnCql.exe
  2⤵
  PID:1696
- C:\Windows\System\yBHIdUA.exe
  C:\Windows\System\yBHIdUA.exe
  2⤵
  PID:896
- C:\Windows\System\hvMzHYF.exe
  C:\Windows\System\hvMzHYF.exe
  2⤵
  PID:2456
- C:\Windows\System\XrvSlsU.exe
  C:\Windows\System\XrvSlsU.exe
  2⤵
  PID:1164
- C:\Windows\System\wlZSirp.exe
  C:\Windows\System\wlZSirp.exe
  2⤵
  PID:1888
- C:\Windows\System\mmRbJiF.exe
  C:\Windows\System\mmRbJiF.exe
  2⤵
  PID:1648
- C:\Windows\System\FAHakCN.exe
  C:\Windows\System\FAHakCN.exe
  2⤵
  PID:856
- C:\Windows\System\tPNnDHO.exe
  C:\Windows\System\tPNnDHO.exe
  2⤵
  PID:2288
- C:\Windows\System\YWBddWF.exe
  C:\Windows\System\YWBddWF.exe
  2⤵
  PID:1660
- C:\Windows\System\CtniHim.exe
  C:\Windows\System\CtniHim.exe
  2⤵
  PID:892
- C:\Windows\System\oOinzvl.exe
  C:\Windows\System\oOinzvl.exe
  2⤵
  PID:2540
- C:\Windows\System\IGaRiGT.exe
  C:\Windows\System\IGaRiGT.exe
  2⤵
  PID:2328
- C:\Windows\System\OFouKbs.exe
  C:\Windows\System\OFouKbs.exe
  2⤵
  PID:2724
- C:\Windows\System\sbirQFG.exe
  C:\Windows\System\sbirQFG.exe
  2⤵
  PID:1560
- C:\Windows\System\ZubGXIU.exe
  C:\Windows\System\ZubGXIU.exe
  2⤵
  PID:2320
- C:\Windows\System\rUvseaH.exe
  C:\Windows\System\rUvseaH.exe
  2⤵
  PID:1584
- C:\Windows\System\odFmrOi.exe
  C:\Windows\System\odFmrOi.exe
  2⤵
  PID:2484
- C:\Windows\System\SALVjQw.exe
  C:\Windows\System\SALVjQw.exe
  2⤵
  PID:1296
- C:\Windows\System\JCpMHLh.exe
  C:\Windows\System\JCpMHLh.exe
  2⤵
  PID:2928
- C:\Windows\System\EmbSoej.exe
  C:\Windows\System\EmbSoej.exe
  2⤵
  PID:2236
- C:\Windows\System\BqGsbsH.exe
  C:\Windows\System\BqGsbsH.exe
  2⤵
  PID:2016
- C:\Windows\System\OUzsTxC.exe
  C:\Windows\System\OUzsTxC.exe
  2⤵
  PID:2580
- C:\Windows\System\ezZOyMV.exe
  C:\Windows\System\ezZOyMV.exe
  2⤵
  PID:1792
- C:\Windows\System\xCyztms.exe
  C:\Windows\System\xCyztms.exe
  2⤵
  PID:908
- C:\Windows\System\THiaVHv.exe
  C:\Windows\System\THiaVHv.exe
  2⤵
  PID:1652
- C:\Windows\System\aRhJmmz.exe
  C:\Windows\System\aRhJmmz.exe
  2⤵
  PID:2356
- C:\Windows\System\CDhSpkW.exe
  C:\Windows\System\CDhSpkW.exe
  2⤵
  PID:800
- C:\Windows\System\IkLPfgg.exe
  C:\Windows\System\IkLPfgg.exe
  2⤵
  PID:1716
- C:\Windows\System\gLkMWIQ.exe
  C:\Windows\System\gLkMWIQ.exe
  2⤵
  PID:3092
- C:\Windows\System\kxProtS.exe
  C:\Windows\System\kxProtS.exe
  2⤵
  PID:3112
- C:\Windows\System\RdsNYGu.exe
  C:\Windows\System\RdsNYGu.exe
  2⤵
  PID:3132
- C:\Windows\System\VjzhLaw.exe
  C:\Windows\System\VjzhLaw.exe
  2⤵
  PID:3152
- C:\Windows\System\rVZThYo.exe
  C:\Windows\System\rVZThYo.exe
  2⤵
  PID:3172
- C:\Windows\System\uXDuyON.exe
  C:\Windows\System\uXDuyON.exe
  2⤵
  PID:3192
- C:\Windows\System\lHpqWNc.exe
  C:\Windows\System\lHpqWNc.exe
  2⤵
  PID:3212
- C:\Windows\System\HbLfXXM.exe
  C:\Windows\System\HbLfXXM.exe
  2⤵
  PID:3232
- C:\Windows\System\djcDriK.exe
  C:\Windows\System\djcDriK.exe
  2⤵
  PID:3252
- C:\Windows\System\UyYNiAu.exe
  C:\Windows\System\UyYNiAu.exe
  2⤵
  PID:3268
- C:\Windows\System\avtkqlQ.exe
  C:\Windows\System\avtkqlQ.exe
  2⤵
  PID:3288
- C:\Windows\System\VojiStG.exe
  C:\Windows\System\VojiStG.exe
  2⤵
  PID:3312
- C:\Windows\System\XJejaYp.exe
  C:\Windows\System\XJejaYp.exe
  2⤵
  PID:3332
- C:\Windows\System\DwPsDDP.exe
  C:\Windows\System\DwPsDDP.exe
  2⤵
  PID:3352
- C:\Windows\System\yErbIid.exe
  C:\Windows\System\yErbIid.exe
  2⤵
  PID:3372
- C:\Windows\System\eVViUQF.exe
  C:\Windows\System\eVViUQF.exe
  2⤵
  PID:3392
- C:\Windows\System\HSukMje.exe
  C:\Windows\System\HSukMje.exe
  2⤵
  PID:3412
- C:\Windows\System\ZDAeUVv.exe
  C:\Windows\System\ZDAeUVv.exe
  2⤵
  PID:3432
- C:\Windows\System\aZwLXnx.exe
  C:\Windows\System\aZwLXnx.exe
  2⤵
  PID:3452
- C:\Windows\System\iRvyHGn.exe
  C:\Windows\System\iRvyHGn.exe
  2⤵
  PID:3472
- C:\Windows\System\KNmvYlZ.exe
  C:\Windows\System\KNmvYlZ.exe
  2⤵
  PID:3492
- C:\Windows\System\YCwLiNt.exe
  C:\Windows\System\YCwLiNt.exe
  2⤵
  PID:3512
- C:\Windows\System\HSfmRyM.exe
  C:\Windows\System\HSfmRyM.exe
  2⤵
  PID:3532
- C:\Windows\System\TDfIffO.exe
  C:\Windows\System\TDfIffO.exe
  2⤵
  PID:3552
- C:\Windows\System\CyUFGVH.exe
  C:\Windows\System\CyUFGVH.exe
  2⤵
  PID:3572
- C:\Windows\System\VNltWdJ.exe
  C:\Windows\System\VNltWdJ.exe
  2⤵
  PID:3592
- C:\Windows\System\jkPMMcP.exe
  C:\Windows\System\jkPMMcP.exe
  2⤵
  PID:3612
- C:\Windows\System\rYEEfJk.exe
  C:\Windows\System\rYEEfJk.exe
  2⤵
  PID:3632
- C:\Windows\System\IJNbBpc.exe
  C:\Windows\System\IJNbBpc.exe
  2⤵
  PID:3652
- C:\Windows\System\wUbXEVF.exe
  C:\Windows\System\wUbXEVF.exe
  2⤵
  PID:3672
- C:\Windows\System\RnSniZt.exe
  C:\Windows\System\RnSniZt.exe
  2⤵
  PID:3696
- C:\Windows\System\stRypQY.exe
  C:\Windows\System\stRypQY.exe
  2⤵
  PID:3716
- C:\Windows\System\xKXSouy.exe
  C:\Windows\System\xKXSouy.exe
  2⤵
  PID:3736
- C:\Windows\System\DGRVzTb.exe
  C:\Windows\System\DGRVzTb.exe
  2⤵
  PID:3756
- C:\Windows\System\HpTCiew.exe
  C:\Windows\System\HpTCiew.exe
  2⤵
  PID:3776
- C:\Windows\System\mAQxNmQ.exe
  C:\Windows\System\mAQxNmQ.exe
  2⤵
  PID:3796
- C:\Windows\System\XvQFmKM.exe
  C:\Windows\System\XvQFmKM.exe
  2⤵
  PID:3816
- C:\Windows\System\wvJajme.exe
  C:\Windows\System\wvJajme.exe
  2⤵
  PID:3836
- C:\Windows\System\cMfuzhy.exe
  C:\Windows\System\cMfuzhy.exe
  2⤵
  PID:3856
- C:\Windows\System\gjYQsLO.exe
  C:\Windows\System\gjYQsLO.exe
  2⤵
  PID:3876
- C:\Windows\System\IySEVBl.exe
  C:\Windows\System\IySEVBl.exe
  2⤵
  PID:3896
- C:\Windows\System\gwZWFpr.exe
  C:\Windows\System\gwZWFpr.exe
  2⤵
  PID:3916
- C:\Windows\System\FNmiAKI.exe
  C:\Windows\System\FNmiAKI.exe
  2⤵
  PID:3936
- C:\Windows\System\eJmLZae.exe
  C:\Windows\System\eJmLZae.exe
  2⤵
  PID:3956
- C:\Windows\System\moghFew.exe
  C:\Windows\System\moghFew.exe
  2⤵
  PID:3976
- C:\Windows\System\KWhlLfb.exe
  C:\Windows\System\KWhlLfb.exe
  2⤵
  PID:3996
- C:\Windows\System\mLsTjpb.exe
  C:\Windows\System\mLsTjpb.exe
  2⤵
  PID:4016
- C:\Windows\System\alWguQy.exe
  C:\Windows\System\alWguQy.exe
  2⤵
  PID:4032
- C:\Windows\System\bVbXLVi.exe
  C:\Windows\System\bVbXLVi.exe
  2⤵
  PID:4056
- C:\Windows\System\hoyNGzC.exe
  C:\Windows\System\hoyNGzC.exe
  2⤵
  PID:4076
- C:\Windows\System\cWjYqYv.exe
  C:\Windows\System\cWjYqYv.exe
  2⤵
  PID:2556
- C:\Windows\System\fTatCvk.exe
  C:\Windows\System\fTatCvk.exe
  2⤵
  PID:2628
- C:\Windows\System\IHYQNyH.exe
  C:\Windows\System\IHYQNyH.exe
  2⤵
  PID:1152
- C:\Windows\System\ufqPALt.exe
  C:\Windows\System\ufqPALt.exe
  2⤵
  PID:2820
- C:\Windows\System\myTrIJf.exe
  C:\Windows\System\myTrIJf.exe
  2⤵
  PID:2616
- C:\Windows\System\lzykmyJ.exe
  C:\Windows\System\lzykmyJ.exe
  2⤵
  PID:1264
- C:\Windows\System\AgHHEti.exe
  C:\Windows\System\AgHHEti.exe
  2⤵
  PID:2696
- C:\Windows\System\zLWHFFy.exe
  C:\Windows\System\zLWHFFy.exe
  2⤵
  PID:1692
- C:\Windows\System\UwuOABM.exe
  C:\Windows\System\UwuOABM.exe
  2⤵
  PID:1776
- C:\Windows\System\hXyikia.exe
  C:\Windows\System\hXyikia.exe
  2⤵
  PID:2932
- C:\Windows\System\LhGytZR.exe
  C:\Windows\System\LhGytZR.exe
  2⤵
  PID:2024
- C:\Windows\System\yefvhPo.exe
  C:\Windows\System\yefvhPo.exe
  2⤵
  PID:3084
- C:\Windows\System\BTJhJJA.exe
  C:\Windows\System\BTJhJJA.exe
  2⤵
  PID:3104
- C:\Windows\System\LlezcMh.exe
  C:\Windows\System\LlezcMh.exe
  2⤵
  PID:3148
- C:\Windows\System\TVMPWRV.exe
  C:\Windows\System\TVMPWRV.exe
  2⤵
  PID:3180
- C:\Windows\System\sTmJKUM.exe
  C:\Windows\System\sTmJKUM.exe
  2⤵
  PID:3184
- C:\Windows\System\lYdtSiE.exe
  C:\Windows\System\lYdtSiE.exe
  2⤵
  PID:3244
- C:\Windows\System\MfFXOxQ.exe
  C:\Windows\System\MfFXOxQ.exe
  2⤵
  PID:3264
- C:\Windows\System\dYeyVja.exe
  C:\Windows\System\dYeyVja.exe
  2⤵
  PID:3308
- C:\Windows\System\RlJLANY.exe
  C:\Windows\System\RlJLANY.exe
  2⤵
  PID:3348
- C:\Windows\System\zeMPmqu.exe
  C:\Windows\System\zeMPmqu.exe
  2⤵
  PID:3380
- C:\Windows\System\ZqhXrCz.exe
  C:\Windows\System\ZqhXrCz.exe
  2⤵
  PID:3404
- C:\Windows\System\OFrgDyB.exe
  C:\Windows\System\OFrgDyB.exe
  2⤵
  PID:3424
- C:\Windows\System\bYGjAMa.exe
  C:\Windows\System\bYGjAMa.exe
  2⤵
  PID:3460
- C:\Windows\System\GbpieiZ.exe
  C:\Windows\System\GbpieiZ.exe
  2⤵
  PID:3528
- C:\Windows\System\SMfzTfO.exe
  C:\Windows\System\SMfzTfO.exe
  2⤵
  PID:3540
- C:\Windows\System\eKCRbRG.exe
  C:\Windows\System\eKCRbRG.exe
  2⤵
  PID:3580
- C:\Windows\System\iqTXLbQ.exe
  C:\Windows\System\iqTXLbQ.exe
  2⤵
  PID:3604
- C:\Windows\System\xWnbTpP.exe
  C:\Windows\System\xWnbTpP.exe
  2⤵
  PID:3648
- C:\Windows\System\ieAdcVE.exe
  C:\Windows\System\ieAdcVE.exe
  2⤵
  PID:3664
- C:\Windows\System\vVoyhJs.exe
  C:\Windows\System\vVoyhJs.exe
  2⤵
  PID:3732
- C:\Windows\System\tzktVLE.exe
  C:\Windows\System\tzktVLE.exe
  2⤵
  PID:3752
- C:\Windows\System\UTvZZSA.exe
  C:\Windows\System\UTvZZSA.exe
  2⤵
  PID:3784
- C:\Windows\System\DtwHiBS.exe
  C:\Windows\System\DtwHiBS.exe
  2⤵
  PID:3808
- C:\Windows\System\wNjpyFu.exe
  C:\Windows\System\wNjpyFu.exe
  2⤵
  PID:3852
- C:\Windows\System\fdzrIWB.exe
  C:\Windows\System\fdzrIWB.exe
  2⤵
  PID:3884
- C:\Windows\System\nCIffgr.exe
  C:\Windows\System\nCIffgr.exe
  2⤵
  PID:3908
- C:\Windows\System\CInpyHJ.exe
  C:\Windows\System\CInpyHJ.exe
  2⤵
  PID:3952
- C:\Windows\System\blbmwHQ.exe
  C:\Windows\System\blbmwHQ.exe
  2⤵
  PID:3984
- C:\Windows\System\TFasenc.exe
  C:\Windows\System\TFasenc.exe
  2⤵
  PID:4008
- C:\Windows\System\ZMorovD.exe
  C:\Windows\System\ZMorovD.exe
  2⤵
  PID:4052
- C:\Windows\System\bcwhGwW.exe
  C:\Windows\System\bcwhGwW.exe
  2⤵
  PID:4084
- C:\Windows\System\kvSFODA.exe
  C:\Windows\System\kvSFODA.exe
  2⤵
  PID:2244
- C:\Windows\System\vDrJbVk.exe
  C:\Windows\System\vDrJbVk.exe
  2⤵
  PID:2672
- C:\Windows\System\iAEQkEf.exe
  C:\Windows\System\iAEQkEf.exe
  2⤵
  PID:2788
- C:\Windows\System\ZAuKNHg.exe
  C:\Windows\System\ZAuKNHg.exe
  2⤵
  PID:2844
- C:\Windows\System\CMOOUPL.exe
  C:\Windows\System\CMOOUPL.exe
  2⤵
  PID:3020
- C:\Windows\System\mrQcCSi.exe
  C:\Windows\System\mrQcCSi.exe
  2⤵
  PID:2100
- C:\Windows\System\lzeDnte.exe
  C:\Windows\System\lzeDnte.exe
  2⤵
  PID:3080
- C:\Windows\System\mNkuhHq.exe
  C:\Windows\System\mNkuhHq.exe
  2⤵
  PID:3140
- C:\Windows\System\rAHUpgW.exe
  C:\Windows\System\rAHUpgW.exe
  2⤵
  PID:3200
- C:\Windows\System\XJDVeug.exe
  C:\Windows\System\XJDVeug.exe
  2⤵
  PID:3228
- C:\Windows\System\JphJTxw.exe
  C:\Windows\System\JphJTxw.exe
  2⤵
  PID:3284
- C:\Windows\System\RyjKdqX.exe
  C:\Windows\System\RyjKdqX.exe
  2⤵
  PID:3368
- C:\Windows\System\rMjQPrX.exe
  C:\Windows\System\rMjQPrX.exe
  2⤵
  PID:3420
- C:\Windows\System\fvgrGTd.exe
  C:\Windows\System\fvgrGTd.exe
  2⤵
  PID:3484
- C:\Windows\System\egufFAz.exe
  C:\Windows\System\egufFAz.exe
  2⤵
  PID:3508
- C:\Windows\System\GHmZuJT.exe
  C:\Windows\System\GHmZuJT.exe
  2⤵
  PID:3568
- C:\Windows\System\VBIJMAK.exe
  C:\Windows\System\VBIJMAK.exe
  2⤵
  PID:3640
- C:\Windows\System\bvjgCBc.exe
  C:\Windows\System\bvjgCBc.exe
  2⤵
  PID:3688
- C:\Windows\System\qBBeziv.exe
  C:\Windows\System\qBBeziv.exe
  2⤵
  PID:3744
- C:\Windows\System\PQzLxLN.exe
  C:\Windows\System\PQzLxLN.exe
  2⤵
  PID:3832
- C:\Windows\System\vLZSNqk.exe
  C:\Windows\System\vLZSNqk.exe
  2⤵
  PID:3888
- C:\Windows\System\JXVmvVQ.exe
  C:\Windows\System\JXVmvVQ.exe
  2⤵
  PID:3904
- C:\Windows\System\sVgagep.exe
  C:\Windows\System\sVgagep.exe
  2⤵
  PID:3968
- C:\Windows\System\VAABXrq.exe
  C:\Windows\System\VAABXrq.exe
  2⤵
  PID:4040
- C:\Windows\System\MQAGTZQ.exe
  C:\Windows\System\MQAGTZQ.exe
  2⤵
  PID:4088
- C:\Windows\System\BqxPzkX.exe
  C:\Windows\System\BqxPzkX.exe
  2⤵
  PID:2020
- C:\Windows\System\GMAttWq.exe
  C:\Windows\System\GMAttWq.exe
  2⤵
  PID:1036
- C:\Windows\System\crGDjfy.exe
  C:\Windows\System\crGDjfy.exe
  2⤵
  PID:2852
- C:\Windows\System\ScvUEVS.exe
  C:\Windows\System\ScvUEVS.exe
  2⤵
  PID:3088
- C:\Windows\System\OQtlDxj.exe
  C:\Windows\System\OQtlDxj.exe
  2⤵
  PID:4112
- C:\Windows\System\hZLTlwu.exe
  C:\Windows\System\hZLTlwu.exe
  2⤵
  PID:4132
- C:\Windows\System\wKBEGlA.exe
  C:\Windows\System\wKBEGlA.exe
  2⤵
  PID:4148
- C:\Windows\System\jngeTUj.exe
  C:\Windows\System\jngeTUj.exe
  2⤵
  PID:4164
- C:\Windows\System\jHiNCrX.exe
  C:\Windows\System\jHiNCrX.exe
  2⤵
  PID:4180
- C:\Windows\System\vQbOBCR.exe
  C:\Windows\System\vQbOBCR.exe
  2⤵
  PID:4196
- C:\Windows\System\XJBDXiw.exe
  C:\Windows\System\XJBDXiw.exe
  2⤵
  PID:4212
- C:\Windows\System\TRyMKZe.exe
  C:\Windows\System\TRyMKZe.exe
  2⤵
  PID:4252
- C:\Windows\System\SeQuBjL.exe
  C:\Windows\System\SeQuBjL.exe
  2⤵
  PID:4276
- C:\Windows\System\EsirCIG.exe
  C:\Windows\System\EsirCIG.exe
  2⤵
  PID:4292
- C:\Windows\System\ZhTjsvE.exe
  C:\Windows\System\ZhTjsvE.exe
  2⤵
  PID:4316
- C:\Windows\System\bjoJGQX.exe
  C:\Windows\System\bjoJGQX.exe
  2⤵
  PID:4336
- C:\Windows\System\cfYYNJD.exe
  C:\Windows\System\cfYYNJD.exe
  2⤵
  PID:4360
- C:\Windows\System\HqmfeKA.exe
  C:\Windows\System\HqmfeKA.exe
  2⤵
  PID:4376
- C:\Windows\System\WVEItvW.exe
  C:\Windows\System\WVEItvW.exe
  2⤵
  PID:4396
- C:\Windows\System\OYtAMqd.exe
  C:\Windows\System\OYtAMqd.exe
  2⤵
  PID:4416
- C:\Windows\System\kUOYqsP.exe
  C:\Windows\System\kUOYqsP.exe
  2⤵
  PID:4436
- C:\Windows\System\TbelQVR.exe
  C:\Windows\System\TbelQVR.exe
  2⤵
  PID:4452
- C:\Windows\System\pSDOROc.exe
  C:\Windows\System\pSDOROc.exe
  2⤵
  PID:4468
- C:\Windows\System\RDboXYN.exe
  C:\Windows\System\RDboXYN.exe
  2⤵
  PID:4492
- C:\Windows\System\pNIGoZo.exe
  C:\Windows\System\pNIGoZo.exe
  2⤵
  PID:4512
- C:\Windows\System\tJpolUF.exe
  C:\Windows\System\tJpolUF.exe
  2⤵
  PID:4540
- C:\Windows\System\FCjxZbS.exe
  C:\Windows\System\FCjxZbS.exe
  2⤵
  PID:4560
- C:\Windows\System\yOCDuWP.exe
  C:\Windows\System\yOCDuWP.exe
  2⤵
  PID:4580
- C:\Windows\System\kBuYbNH.exe
  C:\Windows\System\kBuYbNH.exe
  2⤵
  PID:4596
- C:\Windows\System\pkzPqzq.exe
  C:\Windows\System\pkzPqzq.exe
  2⤵
  PID:4616
- C:\Windows\System\GTcyVDv.exe
  C:\Windows\System\GTcyVDv.exe
  2⤵
  PID:4636
- C:\Windows\System\WkOHqyi.exe
  C:\Windows\System\WkOHqyi.exe
  2⤵
  PID:4656
- C:\Windows\System\TggZJwb.exe
  C:\Windows\System\TggZJwb.exe
  2⤵
  PID:4680
- C:\Windows\System\CWdCcpK.exe
  C:\Windows\System\CWdCcpK.exe
  2⤵
  PID:4700
- C:\Windows\System\AQrCEFj.exe
  C:\Windows\System\AQrCEFj.exe
  2⤵
  PID:4720
- C:\Windows\System\KSIXrZm.exe
  C:\Windows\System\KSIXrZm.exe
  2⤵
  PID:4740
- C:\Windows\System\cSPeaAP.exe
  C:\Windows\System\cSPeaAP.exe
  2⤵
  PID:4756
- C:\Windows\System\GxiqNzT.exe
  C:\Windows\System\GxiqNzT.exe
  2⤵
  PID:4776
- C:\Windows\System\IKKwQAg.exe
  C:\Windows\System\IKKwQAg.exe
  2⤵
  PID:4792
- C:\Windows\System\IdcsJjP.exe
  C:\Windows\System\IdcsJjP.exe
  2⤵
  PID:4808
- C:\Windows\System\uJMHTrv.exe
  C:\Windows\System\uJMHTrv.exe
  2⤵
  PID:4824
- C:\Windows\System\IWUNGLN.exe
  C:\Windows\System\IWUNGLN.exe
  2⤵
  PID:4852
- C:\Windows\System\vKXzfMD.exe
  C:\Windows\System\vKXzfMD.exe
  2⤵
  PID:4872
- C:\Windows\System\qfIgtzl.exe
  C:\Windows\System\qfIgtzl.exe
  2⤵
  PID:4888
- C:\Windows\System\EttuAxZ.exe
  C:\Windows\System\EttuAxZ.exe
  2⤵
  PID:4908
- C:\Windows\System\CcmFmGP.exe
  C:\Windows\System\CcmFmGP.exe
  2⤵
  PID:4928
- C:\Windows\System\NYEiynu.exe
  C:\Windows\System\NYEiynu.exe
  2⤵
  PID:4956
- C:\Windows\System\LloERTf.exe
  C:\Windows\System\LloERTf.exe
  2⤵
  PID:4972
- C:\Windows\System\ubTckvs.exe
  C:\Windows\System\ubTckvs.exe
  2⤵
  PID:4988
- C:\Windows\System\lljSoBz.exe
  C:\Windows\System\lljSoBz.exe
  2⤵
  PID:5008
- C:\Windows\System\eJrOEsf.exe
  C:\Windows\System\eJrOEsf.exe
  2⤵
  PID:5028
- C:\Windows\System\bcObCRl.exe
  C:\Windows\System\bcObCRl.exe
  2⤵
  PID:5052
- C:\Windows\System\NIWbukp.exe
  C:\Windows\System\NIWbukp.exe
  2⤵
  PID:5072
- C:\Windows\System\WIckgAM.exe
  C:\Windows\System\WIckgAM.exe
  2⤵
  PID:5100
- C:\Windows\System\YoBGrjV.exe
  C:\Windows\System\YoBGrjV.exe
  2⤵
  PID:3160
- C:\Windows\System\URyqxcb.exe
  C:\Windows\System\URyqxcb.exe
  2⤵
  PID:3100
- C:\Windows\System\MQvYreb.exe
  C:\Windows\System\MQvYreb.exe
  2⤵
  PID:3280
- C:\Windows\System\kpRrbHQ.exe
  C:\Windows\System\kpRrbHQ.exe
  2⤵
  PID:3220
- C:\Windows\System\YqtjtQf.exe
  C:\Windows\System\YqtjtQf.exe
  2⤵
  PID:3328
- C:\Windows\System\xCiAWkn.exe
  C:\Windows\System\xCiAWkn.exe
  2⤵
  PID:3448
- C:\Windows\System\LsfKpvT.exe
  C:\Windows\System\LsfKpvT.exe
  2⤵
  PID:3588
- C:\Windows\System\DYCsPFH.exe
  C:\Windows\System\DYCsPFH.exe
  2⤵
  PID:3708
- C:\Windows\System\huqPvEi.exe
  C:\Windows\System\huqPvEi.exe
  2⤵
  PID:3812
- C:\Windows\System\ZRJMipQ.exe
  C:\Windows\System\ZRJMipQ.exe
  2⤵
  PID:3772
- C:\Windows\System\ZpWitXz.exe
  C:\Windows\System\ZpWitXz.exe
  2⤵
  PID:4064
- C:\Windows\System\QEUKPPK.exe
  C:\Windows\System\QEUKPPK.exe
  2⤵
  PID:3912
- C:\Windows\System\WLDOVSS.exe
  C:\Windows\System\WLDOVSS.exe
  2⤵
  PID:4012
- C:\Windows\System\eJOTdcK.exe
  C:\Windows\System\eJOTdcK.exe
  2⤵
  PID:4100
- C:\Windows\System\IOrqCxA.exe
  C:\Windows\System\IOrqCxA.exe
  2⤵
  PID:4188
- C:\Windows\System\ThatgRL.exe
  C:\Windows\System\ThatgRL.exe
  2⤵
  PID:4236
- C:\Windows\System\oPftwQj.exe
  C:\Windows\System\oPftwQj.exe
  2⤵
  PID:4284
- C:\Windows\System\zxzfoRI.exe
  C:\Windows\System\zxzfoRI.exe
  2⤵
  PID:4328
- C:\Windows\System\kPpQdfp.exe
  C:\Windows\System\kPpQdfp.exe
  2⤵
  PID:4268
- C:\Windows\System\SnBOiDq.exe
  C:\Windows\System\SnBOiDq.exe
  2⤵
  PID:4312
- C:\Windows\System\SlVlcVn.exe
  C:\Windows\System\SlVlcVn.exe
  2⤵
  PID:4348
- C:\Windows\System\mnMUHaZ.exe
  C:\Windows\System\mnMUHaZ.exe
  2⤵
  PID:4444
- C:\Windows\System\OTtJrys.exe
  C:\Windows\System\OTtJrys.exe
  2⤵
  PID:4356
- C:\Windows\System\zDUpUUq.exe
  C:\Windows\System\zDUpUUq.exe
  2⤵
  PID:4488
- C:\Windows\System\VdFrDOC.exe
  C:\Windows\System\VdFrDOC.exe
  2⤵
  PID:4428
- C:\Windows\System\ianlaWs.exe
  C:\Windows\System\ianlaWs.exe
  2⤵
  PID:4520
- C:\Windows\System\fdMKIrF.exe
  C:\Windows\System\fdMKIrF.exe
  2⤵
  PID:4568
- C:\Windows\System\mgLtrir.exe
  C:\Windows\System\mgLtrir.exe
  2⤵
  PID:4612
- C:\Windows\System\LgpeNxv.exe
  C:\Windows\System\LgpeNxv.exe
  2⤵
  PID:4696
- C:\Windows\System\jFOSJRO.exe
  C:\Windows\System\jFOSJRO.exe
  2⤵
  PID:4588
- C:\Windows\System\bKecFjl.exe
  C:\Windows\System\bKecFjl.exe
  2⤵
  PID:4668
- C:\Windows\System\UyERNFo.exe
  C:\Windows\System\UyERNFo.exe
  2⤵
  PID:4736
- C:\Windows\System\qtltWsK.exe
  C:\Windows\System\qtltWsK.exe
  2⤵
  PID:4764
- C:\Windows\System\YUNnJcs.exe
  C:\Windows\System\YUNnJcs.exe
  2⤵
  PID:4832
- C:\Windows\System\XvSSkQb.exe
  C:\Windows\System\XvSSkQb.exe
  2⤵
  PID:4880
- C:\Windows\System\IlHhvHM.exe
  C:\Windows\System\IlHhvHM.exe
  2⤵
  PID:4968
- C:\Windows\System\JKApRav.exe
  C:\Windows\System\JKApRav.exe
  2⤵
  PID:5036
- C:\Windows\System\IkbGUzz.exe
  C:\Windows\System\IkbGUzz.exe
  2⤵
  PID:4752
- C:\Windows\System\lRgRsbe.exe
  C:\Windows\System\lRgRsbe.exe
  2⤵
  PID:4904
- C:\Windows\System\uJzGUxw.exe
  C:\Windows\System\uJzGUxw.exe
  2⤵
  PID:4864
- C:\Windows\System\rurIHFK.exe
  C:\Windows\System\rurIHFK.exe
  2⤵
  PID:5092
- C:\Windows\System\gGNGNVK.exe
  C:\Windows\System\gGNGNVK.exe
  2⤵
  PID:3408
- C:\Windows\System\XWpvrPF.exe
  C:\Windows\System\XWpvrPF.exe
  2⤵
  PID:4948
- C:\Windows\System\DtFstqr.exe
  C:\Windows\System\DtFstqr.exe
  2⤵
  PID:5068
- C:\Windows\System\ePRzTNh.exe
  C:\Windows\System\ePRzTNh.exe
  2⤵
  PID:5108
- C:\Windows\System\PopiySy.exe
  C:\Windows\System\PopiySy.exe
  2⤵
  PID:2620
- C:\Windows\System\mNSWaar.exe
  C:\Windows\System\mNSWaar.exe
  2⤵
  PID:4128
- C:\Windows\System\kpdWdwW.exe
  C:\Windows\System\kpdWdwW.exe
  2⤵
  PID:3564
- C:\Windows\System\UazKrmA.exe
  C:\Windows\System\UazKrmA.exe
  2⤵
  PID:3692
- C:\Windows\System\QOgfjhG.exe
  C:\Windows\System\QOgfjhG.exe
  2⤵
  PID:1040
- C:\Windows\System\lLCzpnd.exe
  C:\Windows\System\lLCzpnd.exe
  2⤵
  PID:3500
- C:\Windows\System\tmXUQWh.exe
  C:\Windows\System\tmXUQWh.exe
  2⤵
  PID:4324
- C:\Windows\System\Usmgfix.exe
  C:\Windows\System\Usmgfix.exe
  2⤵
  PID:4404
- C:\Windows\System\nHOSZIt.exe
  C:\Windows\System\nHOSZIt.exe
  2⤵
  PID:2792
- C:\Windows\System\XdWXnPS.exe
  C:\Windows\System\XdWXnPS.exe
  2⤵
  PID:4232
- C:\Windows\System\AoLXrhj.exe
  C:\Windows\System\AoLXrhj.exe
  2⤵
  PID:2756
- C:\Windows\System\aVONnbu.exe
  C:\Windows\System\aVONnbu.exe
  2⤵
  PID:4572
- C:\Windows\System\XSaAgQT.exe
  C:\Windows\System\XSaAgQT.exe
  2⤵
  PID:4672
- C:\Windows\System\JIMxEmk.exe
  C:\Windows\System\JIMxEmk.exe
  2⤵
  PID:4352
- C:\Windows\System\GindQNX.exe
  C:\Windows\System\GindQNX.exe
  2⤵
  PID:4432
- C:\Windows\System\sPTVlzG.exe
  C:\Windows\System\sPTVlzG.exe
  2⤵
  PID:4916
- C:\Windows\System\SidlZid.exe
  C:\Windows\System\SidlZid.exe
  2⤵
  PID:4508
- C:\Windows\System\NOzGuZh.exe
  C:\Windows\System\NOzGuZh.exe
  2⤵
  PID:4652
- C:\Windows\System\DfWKOFd.exe
  C:\Windows\System\DfWKOFd.exe
  2⤵
  PID:4628
- C:\Windows\System\pSHCdIk.exe
  C:\Windows\System\pSHCdIk.exe
  2⤵
  PID:4896
- C:\Windows\System\TOxEwts.exe
  C:\Windows\System\TOxEwts.exe
  2⤵
  PID:3128
- C:\Windows\System\EfzxJTu.exe
  C:\Windows\System\EfzxJTu.exe
  2⤵
  PID:3344
- C:\Windows\System\oKQyozO.exe
  C:\Windows\System\oKQyozO.exe
  2⤵
  PID:4788
- C:\Windows\System\uMZIAqc.exe
  C:\Windows\System\uMZIAqc.exe
  2⤵
  PID:3340
- C:\Windows\System\hvvRLtI.exe
  C:\Windows\System\hvvRLtI.exe
  2⤵
  PID:5064
- C:\Windows\System\TapkaFj.exe
  C:\Windows\System\TapkaFj.exe
  2⤵
  PID:3764
- C:\Windows\System\zfiQFmU.exe
  C:\Windows\System\zfiQFmU.exe
  2⤵
  PID:108
- C:\Windows\System\HWCFAkX.exe
  C:\Windows\System\HWCFAkX.exe
  2⤵
  PID:3296
- C:\Windows\System\dFXMfen.exe
  C:\Windows\System\dFXMfen.exe
  2⤵
  PID:3628
- C:\Windows\System\pzILkci.exe
  C:\Windows\System\pzILkci.exe
  2⤵
  PID:5136
- C:\Windows\System\gJoRwcg.exe
  C:\Windows\System\gJoRwcg.exe
  2⤵
  PID:5156
- C:\Windows\System\UWBiueJ.exe
  C:\Windows\System\UWBiueJ.exe
  2⤵
  PID:5176
- C:\Windows\System\sUReWfY.exe
  C:\Windows\System\sUReWfY.exe
  2⤵
  PID:5196
- C:\Windows\System\jyERoET.exe
  C:\Windows\System\jyERoET.exe
  2⤵
  PID:5216
- C:\Windows\System\hxWvJPo.exe
  C:\Windows\System\hxWvJPo.exe
  2⤵
  PID:5236
- C:\Windows\System\DmEcDHQ.exe
  C:\Windows\System\DmEcDHQ.exe
  2⤵
  PID:5256
- C:\Windows\System\fGnZOPQ.exe
  C:\Windows\System\fGnZOPQ.exe
  2⤵
  PID:5280
- C:\Windows\System\YbiEDyL.exe
  C:\Windows\System\YbiEDyL.exe
  2⤵
  PID:5300
- C:\Windows\System\csisizk.exe
  C:\Windows\System\csisizk.exe
  2⤵
  PID:5320
- C:\Windows\System\uZXifOg.exe
  C:\Windows\System\uZXifOg.exe
  2⤵
  PID:5340
- C:\Windows\System\ynJmDxF.exe
  C:\Windows\System\ynJmDxF.exe
  2⤵
  PID:5360
- C:\Windows\System\lORrukB.exe
  C:\Windows\System\lORrukB.exe
  2⤵
  PID:5376
- C:\Windows\System\vBIbARu.exe
  C:\Windows\System\vBIbARu.exe
  2⤵
  PID:5396
- C:\Windows\System\DzpUKAt.exe
  C:\Windows\System\DzpUKAt.exe
  2⤵
  PID:5420
- C:\Windows\System\ctzqoiM.exe
  C:\Windows\System\ctzqoiM.exe
  2⤵
  PID:5440
- C:\Windows\System\OelIVHz.exe
  C:\Windows\System\OelIVHz.exe
  2⤵
  PID:5456
- C:\Windows\System\SYTCDGc.exe
  C:\Windows\System\SYTCDGc.exe
  2⤵
  PID:5476
- C:\Windows\System\IyOQfJs.exe
  C:\Windows\System\IyOQfJs.exe
  2⤵
  PID:5496
- C:\Windows\System\bTCTJMt.exe
  C:\Windows\System\bTCTJMt.exe
  2⤵
  PID:5516
- C:\Windows\System\oVtKPaZ.exe
  C:\Windows\System\oVtKPaZ.exe
  2⤵
  PID:5536
- C:\Windows\System\FxHxjfK.exe
  C:\Windows\System\FxHxjfK.exe
  2⤵
  PID:5560
- C:\Windows\System\ZSXyoha.exe
  C:\Windows\System\ZSXyoha.exe
  2⤵
  PID:5580
- C:\Windows\System\jwcflOy.exe
  C:\Windows\System\jwcflOy.exe
  2⤵
  PID:5596
- C:\Windows\System\CFNLOVB.exe
  C:\Windows\System\CFNLOVB.exe
  2⤵
  PID:5616
- C:\Windows\System\agMgtJV.exe
  C:\Windows\System\agMgtJV.exe
  2⤵
  PID:5632
- C:\Windows\System\YGuGOgU.exe
  C:\Windows\System\YGuGOgU.exe
  2⤵
  PID:5656
- C:\Windows\System\fcWQpYA.exe
  C:\Windows\System\fcWQpYA.exe
  2⤵
  PID:5680
- C:\Windows\System\IqxQmUT.exe
  C:\Windows\System\IqxQmUT.exe
  2⤵
  PID:5700
- C:\Windows\System\oNZKBgI.exe
  C:\Windows\System\oNZKBgI.exe
  2⤵
  PID:5720
- C:\Windows\System\OjBFiXd.exe
  C:\Windows\System\OjBFiXd.exe
  2⤵
  PID:5740
- C:\Windows\System\zRWGdtY.exe
  C:\Windows\System\zRWGdtY.exe
  2⤵
  PID:5760
- C:\Windows\System\YUcazgm.exe
  C:\Windows\System\YUcazgm.exe
  2⤵
  PID:5780
- C:\Windows\System\uVQJXep.exe
  C:\Windows\System\uVQJXep.exe
  2⤵
  PID:5800
- C:\Windows\System\QzEKNWB.exe
  C:\Windows\System\QzEKNWB.exe
  2⤵
  PID:5820
- C:\Windows\System\mQNjVPK.exe
  C:\Windows\System\mQNjVPK.exe
  2⤵
  PID:5840
- C:\Windows\System\byNIzXV.exe
  C:\Windows\System\byNIzXV.exe
  2⤵
  PID:5860
- C:\Windows\System\qdWbYzE.exe
  C:\Windows\System\qdWbYzE.exe
  2⤵
  PID:5880
- C:\Windows\System\VbQnVJC.exe
  C:\Windows\System\VbQnVJC.exe
  2⤵
  PID:5900
- C:\Windows\System\IXgzWUr.exe
  C:\Windows\System\IXgzWUr.exe
  2⤵
  PID:5920
- C:\Windows\System\fhKDSkW.exe
  C:\Windows\System\fhKDSkW.exe
  2⤵
  PID:5940
- C:\Windows\System\fUSSjIO.exe
  C:\Windows\System\fUSSjIO.exe
  2⤵
  PID:5960
- C:\Windows\System\CtnmFue.exe
  C:\Windows\System\CtnmFue.exe
  2⤵
  PID:5980
- C:\Windows\System\faPZSrF.exe
  C:\Windows\System\faPZSrF.exe
  2⤵
  PID:6004
- C:\Windows\System\VrmKuCw.exe
  C:\Windows\System\VrmKuCw.exe
  2⤵
  PID:6024
- C:\Windows\System\RNxtCFa.exe
  C:\Windows\System\RNxtCFa.exe
  2⤵
  PID:6044
- C:\Windows\System\cHMCkjI.exe
  C:\Windows\System\cHMCkjI.exe
  2⤵
  PID:6064
- C:\Windows\System\oaoZdrS.exe
  C:\Windows\System\oaoZdrS.exe
  2⤵
  PID:6084
- C:\Windows\System\YZhpKHy.exe
  C:\Windows\System\YZhpKHy.exe
  2⤵
  PID:6104
- C:\Windows\System\egDIZts.exe
  C:\Windows\System\egDIZts.exe
  2⤵
  PID:6124
- C:\Windows\System\xlJicIN.exe
  C:\Windows\System\xlJicIN.exe
  2⤵
  PID:4228
- C:\Windows\System\jVPVLXa.exe
  C:\Windows\System\jVPVLXa.exe
  2⤵
  PID:4272
- C:\Windows\System\XOvDfeL.exe
  C:\Windows\System\XOvDfeL.exe
  2⤵
  PID:4160
- C:\Windows\System\MdiphnY.exe
  C:\Windows\System\MdiphnY.exe
  2⤵
  PID:4392
- C:\Windows\System\nStcPGl.exe
  C:\Windows\System\nStcPGl.exe
  2⤵
  PID:4172
- C:\Windows\System\KSQWobT.exe
  C:\Windows\System\KSQWobT.exe
  2⤵
  PID:4368
- C:\Windows\System\xjdyGfI.exe
  C:\Windows\System\xjdyGfI.exe
  2⤵
  PID:4920
- C:\Windows\System\WFONkYN.exe
  C:\Windows\System\WFONkYN.exe
  2⤵
  PID:4504
- C:\Windows\System\gNthVqs.exe
  C:\Windows\System\gNthVqs.exe
  2⤵
  PID:4716
- C:\Windows\System\QuGUBVG.exe
  C:\Windows\System\QuGUBVG.exe
  2⤵
  PID:5000
- C:\Windows\System\BuRBoip.exe
  C:\Windows\System\BuRBoip.exe
  2⤵
  PID:4664
- C:\Windows\System\GZGMgUI.exe
  C:\Windows\System\GZGMgUI.exe
  2⤵
  PID:4820
- C:\Windows\System\QQqQFDs.exe
  C:\Windows\System\QQqQFDs.exe
  2⤵
  PID:340
- C:\Windows\System\OdKsbll.exe
  C:\Windows\System\OdKsbll.exe
  2⤵
  PID:4068
- C:\Windows\System\WlUEhKZ.exe
  C:\Windows\System\WlUEhKZ.exe
  2⤵
  PID:1880
- C:\Windows\System\CcivaEa.exe
  C:\Windows\System\CcivaEa.exe
  2⤵
  PID:5192
- C:\Windows\System\DJUzpwH.exe
  C:\Windows\System\DJUzpwH.exe
  2⤵
  PID:5224
- C:\Windows\System\pRqOWqv.exe
  C:\Windows\System\pRqOWqv.exe
  2⤵
  PID:5172
- C:\Windows\System\prUTbTU.exe
  C:\Windows\System\prUTbTU.exe
  2⤵
  PID:5272
- C:\Windows\System\HIymgjD.exe
  C:\Windows\System\HIymgjD.exe
  2⤵
  PID:5248
- C:\Windows\System\oGoKyBu.exe
  C:\Windows\System\oGoKyBu.exe
  2⤵
  PID:5296
- C:\Windows\System\TvcHrYr.exe
  C:\Windows\System\TvcHrYr.exe
  2⤵
  PID:5352
- C:\Windows\System\BOgYuub.exe
  C:\Windows\System\BOgYuub.exe
  2⤵
  PID:5392
- C:\Windows\System\PDfZvDz.exe
  C:\Windows\System\PDfZvDz.exe
  2⤵
  PID:5404
- C:\Windows\System\NsqddtZ.exe
  C:\Windows\System\NsqddtZ.exe
  2⤵
  PID:5464
- C:\Windows\System\FgKHANi.exe
  C:\Windows\System\FgKHANi.exe
  2⤵
  PID:5504
- C:\Windows\System\qDIfBGc.exe
  C:\Windows\System\qDIfBGc.exe
  2⤵
  PID:5484
- C:\Windows\System\vDliOcA.exe
  C:\Windows\System\vDliOcA.exe
  2⤵
  PID:5556
- C:\Windows\System\KWgptlZ.exe
  C:\Windows\System\KWgptlZ.exe
  2⤵
  PID:5568
- C:\Windows\System\LnNPEov.exe
  C:\Windows\System\LnNPEov.exe
  2⤵
  PID:5572
- C:\Windows\System\VGYUEtj.exe
  C:\Windows\System\VGYUEtj.exe
  2⤵
  PID:5612
- C:\Windows\System\NmTuQlC.exe
  C:\Windows\System\NmTuQlC.exe
  2⤵
  PID:5644
- C:\Windows\System\KUJPXXg.exe
  C:\Windows\System\KUJPXXg.exe
  2⤵
  PID:5708
- C:\Windows\System\dfWCWrc.exe
  C:\Windows\System\dfWCWrc.exe
  2⤵
  PID:5748
- C:\Windows\System\jKLuCBR.exe
  C:\Windows\System\jKLuCBR.exe
  2⤵
  PID:5768
- C:\Windows\System\qHPaMiT.exe
  C:\Windows\System\qHPaMiT.exe
  2⤵
  PID:5792
- C:\Windows\System\eRQpuGX.exe
  C:\Windows\System\eRQpuGX.exe
  2⤵
  PID:5812
- C:\Windows\System\CHdwnBH.exe
  C:\Windows\System\CHdwnBH.exe
  2⤵
  PID:5856
- C:\Windows\System\RKatCbK.exe
  C:\Windows\System\RKatCbK.exe
  2⤵
  PID:5892
- C:\Windows\System\FPwhAjr.exe
  C:\Windows\System\FPwhAjr.exe
  2⤵
  PID:5948
- C:\Windows\System\EptUGXv.exe
  C:\Windows\System\EptUGXv.exe
  2⤵
  PID:5932
- C:\Windows\System\wqdRXoa.exe
  C:\Windows\System\wqdRXoa.exe
  2⤵
  PID:5972
- C:\Windows\System\OBxWoVp.exe
  C:\Windows\System\OBxWoVp.exe
  2⤵
  PID:2832
- C:\Windows\System\OOACTqD.exe
  C:\Windows\System\OOACTqD.exe
  2⤵
  PID:6060
- C:\Windows\System\HtCwFUZ.exe
  C:\Windows\System\HtCwFUZ.exe
  2⤵
  PID:6092
- C:\Windows\System\BLPGoHi.exe
  C:\Windows\System\BLPGoHi.exe
  2⤵
  PID:6132
- C:\Windows\System\slYlePm.exe
  C:\Windows\System\slYlePm.exe
  2⤵
  PID:4408
- C:\Windows\System\fHKUpjU.exe
  C:\Windows\System\fHKUpjU.exe
  2⤵
  PID:4208
- C:\Windows\System\LeLplRV.exe
  C:\Windows\System\LeLplRV.exe
  2⤵
  PID:2800
- C:\Windows\System\ktozDow.exe
  C:\Windows\System\ktozDow.exe
  2⤵
  PID:4748
- C:\Windows\System\icSuzTH.exe
  C:\Windows\System\icSuzTH.exe
  2⤵
  PID:5048
- C:\Windows\System\UsjMoUd.exe
  C:\Windows\System\UsjMoUd.exe
  2⤵
  PID:5004
- C:\Windows\System\tOoWcXE.exe
  C:\Windows\System\tOoWcXE.exe
  2⤵
  PID:4848
- C:\Windows\System\Vgykshg.exe
  C:\Windows\System\Vgykshg.exe
  2⤵
  PID:3844
- C:\Windows\System\TemsMPO.exe
  C:\Windows\System\TemsMPO.exe
  2⤵
  PID:5144
- C:\Windows\System\UHwWNWo.exe
  C:\Windows\System\UHwWNWo.exe
  2⤵
  PID:5168
- C:\Windows\System\kGsdmLG.exe
  C:\Windows\System\kGsdmLG.exe
  2⤵
  PID:5276
- C:\Windows\System\RSGzyLX.exe
  C:\Windows\System\RSGzyLX.exe
  2⤵
  PID:5208
- C:\Windows\System\wihcArX.exe
  C:\Windows\System\wihcArX.exe
  2⤵
  PID:5316
- C:\Windows\System\vBQRPvU.exe
  C:\Windows\System\vBQRPvU.exe
  2⤵
  PID:5384
- C:\Windows\System\tvhqBuW.exe
  C:\Windows\System\tvhqBuW.exe
  2⤵
  PID:5472
- C:\Windows\System\gicvIox.exe
  C:\Windows\System\gicvIox.exe
  2⤵
  PID:2884
- C:\Windows\System\YWMXudU.exe
  C:\Windows\System\YWMXudU.exe
  2⤵
  PID:5524
- C:\Windows\System\vwaJyAa.exe
  C:\Windows\System\vwaJyAa.exe
  2⤵
  PID:5668
- C:\Windows\System\DDVrNSK.exe
  C:\Windows\System\DDVrNSK.exe
  2⤵
  PID:5608
- C:\Windows\System\KefgmkI.exe
  C:\Windows\System\KefgmkI.exe
  2⤵
  PID:5652
- C:\Windows\System\QoDrETO.exe
  C:\Windows\System\QoDrETO.exe
  2⤵
  PID:5752
- C:\Windows\System\JwTwPjX.exe
  C:\Windows\System\JwTwPjX.exe
  2⤵
  PID:5868
- C:\Windows\System\LbdJEHG.exe
  C:\Windows\System\LbdJEHG.exe
  2⤵
  PID:5872
- C:\Windows\System\iFZxkEy.exe
  C:\Windows\System\iFZxkEy.exe
  2⤵
  PID:2924
- C:\Windows\System\SSUotMJ.exe
  C:\Windows\System\SSUotMJ.exe
  2⤵
  PID:5936
- C:\Windows\System\miIOhDh.exe
  C:\Windows\System\miIOhDh.exe
  2⤵
  PID:6020
- C:\Windows\System\ByODfgD.exe
  C:\Windows\System\ByODfgD.exe
  2⤵
  PID:6112
- C:\Windows\System\cihyDCl.exe
  C:\Windows\System\cihyDCl.exe
  2⤵
  PID:3684
- C:\Windows\System\uwdxemn.exe
  C:\Windows\System\uwdxemn.exe
  2⤵
  PID:4176
- C:\Windows\System\qvsAykL.exe
  C:\Windows\System\qvsAykL.exe
  2⤵
  PID:4460
- C:\Windows\System\abwHumj.exe
  C:\Windows\System\abwHumj.exe
  2⤵
  PID:4804
- C:\Windows\System\KpqhoeO.exe
  C:\Windows\System\KpqhoeO.exe
  2⤵
  PID:4936
- C:\Windows\System\SGwBVpS.exe
  C:\Windows\System\SGwBVpS.exe
  2⤵
  PID:6152
- C:\Windows\System\OpkMcoe.exe
  C:\Windows\System\OpkMcoe.exe
  2⤵
  PID:6172
- C:\Windows\System\NMpYukE.exe
  C:\Windows\System\NMpYukE.exe
  2⤵
  PID:6192
- C:\Windows\System\PTPqAts.exe
  C:\Windows\System\PTPqAts.exe
  2⤵
  PID:6212
- C:\Windows\System\JOzkZZB.exe
  C:\Windows\System\JOzkZZB.exe
  2⤵
  PID:6232
- C:\Windows\System\RQUdGRS.exe
  C:\Windows\System\RQUdGRS.exe
  2⤵
  PID:6252
- C:\Windows\System\WcnXVXI.exe
  C:\Windows\System\WcnXVXI.exe
  2⤵
  PID:6272
- C:\Windows\System\cfqmNZK.exe
  C:\Windows\System\cfqmNZK.exe
  2⤵
  PID:6292
- C:\Windows\System\fdoJcTf.exe
  C:\Windows\System\fdoJcTf.exe
  2⤵
  PID:6312
- C:\Windows\System\JPSJrHo.exe
  C:\Windows\System\JPSJrHo.exe
  2⤵
  PID:6332
- C:\Windows\System\FfRwcVV.exe
  C:\Windows\System\FfRwcVV.exe
  2⤵
  PID:6352
- C:\Windows\System\WXBflAw.exe
  C:\Windows\System\WXBflAw.exe
  2⤵
  PID:6372
- C:\Windows\System\lFDXwEv.exe
  C:\Windows\System\lFDXwEv.exe
  2⤵
  PID:6388
- C:\Windows\System\PtHWipW.exe
  C:\Windows\System\PtHWipW.exe
  2⤵
  PID:6416
- C:\Windows\System\wOzQcCz.exe
  C:\Windows\System\wOzQcCz.exe
  2⤵
  PID:6436
- C:\Windows\System\dofpeDB.exe
  C:\Windows\System\dofpeDB.exe
  2⤵
  PID:6456
- C:\Windows\System\UDHzpgS.exe
  C:\Windows\System\UDHzpgS.exe
  2⤵
  PID:6476
- C:\Windows\System\KxlcVQl.exe
  C:\Windows\System\KxlcVQl.exe
  2⤵
  PID:6496
- C:\Windows\System\HSteGSX.exe
  C:\Windows\System\HSteGSX.exe
  2⤵
  PID:6512
- C:\Windows\System\dlYxPBZ.exe
  C:\Windows\System\dlYxPBZ.exe
  2⤵
  PID:6536
- C:\Windows\System\xgUpcsn.exe
  C:\Windows\System\xgUpcsn.exe
  2⤵
  PID:6556
- C:\Windows\System\zVEbLnM.exe
  C:\Windows\System\zVEbLnM.exe
  2⤵
  PID:6576
- C:\Windows\System\WpIkTTN.exe
  C:\Windows\System\WpIkTTN.exe
  2⤵
  PID:6596
- C:\Windows\System\JbKVvSL.exe
  C:\Windows\System\JbKVvSL.exe
  2⤵
  PID:6616
- C:\Windows\System\RLHLEvz.exe
  C:\Windows\System\RLHLEvz.exe
  2⤵
  PID:6636
- C:\Windows\System\uxrCadt.exe
  C:\Windows\System\uxrCadt.exe
  2⤵
  PID:6656
- C:\Windows\System\QMlSwzK.exe
  C:\Windows\System\QMlSwzK.exe
  2⤵
  PID:6676
- C:\Windows\System\oJMAxVt.exe
  C:\Windows\System\oJMAxVt.exe
  2⤵
  PID:6696
- C:\Windows\System\ttpDCic.exe
  C:\Windows\System\ttpDCic.exe
  2⤵
  PID:6716
- C:\Windows\System\YlxDUZC.exe
  C:\Windows\System\YlxDUZC.exe
  2⤵
  PID:6736
- C:\Windows\System\bRqqEBD.exe
  C:\Windows\System\bRqqEBD.exe
  2⤵
  PID:6756
- C:\Windows\System\AcWvoiD.exe
  C:\Windows\System\AcWvoiD.exe
  2⤵
  PID:6776
- C:\Windows\System\ILYhfUJ.exe
  C:\Windows\System\ILYhfUJ.exe
  2⤵
  PID:6796
- C:\Windows\System\jmzWHeM.exe
  C:\Windows\System\jmzWHeM.exe
  2⤵
  PID:6816
- C:\Windows\System\aAoozeY.exe
  C:\Windows\System\aAoozeY.exe
  2⤵
  PID:6836
- C:\Windows\System\rAzWjQr.exe
  C:\Windows\System\rAzWjQr.exe
  2⤵
  PID:6856
- C:\Windows\System\XkjKUUv.exe
  C:\Windows\System\XkjKUUv.exe
  2⤵
  PID:6876
- C:\Windows\System\mbytyHN.exe
  C:\Windows\System\mbytyHN.exe
  2⤵
  PID:6896
- C:\Windows\System\bnDYzJP.exe
  C:\Windows\System\bnDYzJP.exe
  2⤵
  PID:6916
- C:\Windows\System\hIgBjUw.exe
  C:\Windows\System\hIgBjUw.exe
  2⤵
  PID:6936
- C:\Windows\System\iDcdhvS.exe
  C:\Windows\System\iDcdhvS.exe
  2⤵
  PID:6956
- C:\Windows\System\nEFRIXj.exe
  C:\Windows\System\nEFRIXj.exe
  2⤵
  PID:6976
- C:\Windows\System\OPeYIee.exe
  C:\Windows\System\OPeYIee.exe
  2⤵
  PID:6996
- C:\Windows\System\dXVYfBV.exe
  C:\Windows\System\dXVYfBV.exe
  2⤵
  PID:7016
- C:\Windows\System\aHzYbJT.exe
  C:\Windows\System\aHzYbJT.exe
  2⤵
  PID:7036
- C:\Windows\System\BdxJXSi.exe
  C:\Windows\System\BdxJXSi.exe
  2⤵
  PID:7056
- C:\Windows\System\kkFAOBC.exe
  C:\Windows\System\kkFAOBC.exe
  2⤵
  PID:7076
- C:\Windows\System\tpCFxZi.exe
  C:\Windows\System\tpCFxZi.exe
  2⤵
  PID:7096
- C:\Windows\System\LKNhMpl.exe
  C:\Windows\System\LKNhMpl.exe
  2⤵
  PID:7116
- C:\Windows\System\rSgUvqa.exe
  C:\Windows\System\rSgUvqa.exe
  2⤵
  PID:7136
- C:\Windows\System\kRlUxOL.exe
  C:\Windows\System\kRlUxOL.exe
  2⤵
  PID:7156
- C:\Windows\System\TUntVkr.exe
  C:\Windows\System\TUntVkr.exe
  2⤵
  PID:3428
- C:\Windows\System\mXpWUji.exe
  C:\Windows\System\mXpWUji.exe
  2⤵
  PID:5308
- C:\Windows\System\TdYETpV.exe
  C:\Windows\System\TdYETpV.exe
  2⤵
  PID:5356
- C:\Windows\System\eGlBmfV.exe
  C:\Windows\System\eGlBmfV.exe
  2⤵
  PID:5388
- C:\Windows\System\lwfoZmP.exe
  C:\Windows\System\lwfoZmP.exe
  2⤵
  PID:5436
- C:\Windows\System\EtkyDHd.exe
  C:\Windows\System\EtkyDHd.exe
  2⤵
  PID:5528
- C:\Windows\System\FoNJdrP.exe
  C:\Windows\System\FoNJdrP.exe
  2⤵
  PID:5712
- C:\Windows\System\vbhRtwp.exe
  C:\Windows\System\vbhRtwp.exe
  2⤵
  PID:5828
- C:\Windows\System\nIOyJJw.exe
  C:\Windows\System\nIOyJJw.exe
  2⤵
  PID:5836
- C:\Windows\System\gvQvwfe.exe
  C:\Windows\System\gvQvwfe.exe
  2⤵
  PID:2720
- C:\Windows\System\GtLqGil.exe
  C:\Windows\System\GtLqGil.exe
  2⤵
  PID:5988
- C:\Windows\System\qUSEYBn.exe
  C:\Windows\System\qUSEYBn.exe
  2⤵
  PID:6036
- C:\Windows\System\DMQuQcX.exe
  C:\Windows\System\DMQuQcX.exe
  2⤵
  PID:4304
- C:\Windows\System\rvxoDOD.exe
  C:\Windows\System\rvxoDOD.exe
  2⤵
  PID:4728
- C:\Windows\System\JjNrWIz.exe
  C:\Windows\System\JjNrWIz.exe
  2⤵
  PID:3168
- C:\Windows\System\YKGadNd.exe
  C:\Windows\System\YKGadNd.exe
  2⤵
  PID:6148
- C:\Windows\System\YzXIpjp.exe
  C:\Windows\System\YzXIpjp.exe
  2⤵
  PID:6188
- C:\Windows\System\bfWvAXr.exe
  C:\Windows\System\bfWvAXr.exe
  2⤵
  PID:6220
- C:\Windows\System\nCUxdsA.exe
  C:\Windows\System\nCUxdsA.exe
  2⤵
  PID:6268
- C:\Windows\System\oDKGcYk.exe
  C:\Windows\System\oDKGcYk.exe
  2⤵
  PID:6300
- C:\Windows\System\UjhCqdz.exe
  C:\Windows\System\UjhCqdz.exe
  2⤵
  PID:6304
- C:\Windows\System\gkwHPOu.exe
  C:\Windows\System\gkwHPOu.exe
  2⤵
  PID:6348
- C:\Windows\System\twEPQKC.exe
  C:\Windows\System\twEPQKC.exe
  2⤵
  PID:6412
- C:\Windows\System\hCGHqPY.exe
  C:\Windows\System\hCGHqPY.exe
  2⤵
  PID:6424
- C:\Windows\System\dLbhyfv.exe
  C:\Windows\System\dLbhyfv.exe
  2⤵
  PID:6448
- C:\Windows\System\ucEgDpU.exe
  C:\Windows\System\ucEgDpU.exe
  2⤵
  PID:6492
- C:\Windows\System\rbKidLj.exe
  C:\Windows\System\rbKidLj.exe
  2⤵
  PID:6532
- C:\Windows\System\clcOTTx.exe
  C:\Windows\System\clcOTTx.exe
  2⤵
  PID:6544
- C:\Windows\System\UGXrKQi.exe
  C:\Windows\System\UGXrKQi.exe
  2⤵
  PID:6568
- C:\Windows\System\kbEUEkh.exe
  C:\Windows\System\kbEUEkh.exe
  2⤵
  PID:6612
- C:\Windows\System\pFfNSLh.exe
  C:\Windows\System\pFfNSLh.exe
  2⤵
  PID:6632
- C:\Windows\System\xThurTF.exe
  C:\Windows\System\xThurTF.exe
  2⤵
  PID:6684
- C:\Windows\System\DsKltHy.exe
  C:\Windows\System\DsKltHy.exe
  2⤵
  PID:6724
- C:\Windows\System\cswTbRV.exe
  C:\Windows\System\cswTbRV.exe
  2⤵
  PID:6744
- C:\Windows\System\gTDeEuT.exe
  C:\Windows\System\gTDeEuT.exe
  2⤵
  PID:6768
- C:\Windows\System\vCwQJgZ.exe
  C:\Windows\System\vCwQJgZ.exe
  2⤵
  PID:6788
- C:\Windows\System\xSdrZRS.exe
  C:\Windows\System\xSdrZRS.exe
  2⤵
  PID:6852
- C:\Windows\System\ckOWtJL.exe
  C:\Windows\System\ckOWtJL.exe
  2⤵
  PID:6884
- C:\Windows\System\OYRZJuR.exe
  C:\Windows\System\OYRZJuR.exe
  2⤵
  PID:6904
- C:\Windows\System\wKalAZU.exe
  C:\Windows\System\wKalAZU.exe
  2⤵
  PID:6928
- C:\Windows\System\hZZKTMK.exe
  C:\Windows\System\hZZKTMK.exe
  2⤵
  PID:6972
- C:\Windows\System\GfbnwaU.exe
  C:\Windows\System\GfbnwaU.exe
  2⤵
  PID:7004
- C:\Windows\System\udisHhQ.exe
  C:\Windows\System\udisHhQ.exe
  2⤵
  PID:7024
- C:\Windows\System\pzxqomV.exe
  C:\Windows\System\pzxqomV.exe
  2⤵
  PID:7048
- C:\Windows\System\LxqZDwe.exe
  C:\Windows\System\LxqZDwe.exe
  2⤵
  PID:7092
- C:\Windows\System\hEyVBiQ.exe
  C:\Windows\System\hEyVBiQ.exe
  2⤵
  PID:7132
- C:\Windows\System\sbUeBaS.exe
  C:\Windows\System\sbUeBaS.exe
  2⤵
  PID:1728
- C:\Windows\System\IGXEDQm.exe
  C:\Windows\System\IGXEDQm.exe
  2⤵
  PID:5124
- C:\Windows\System\hZsQuEH.exe
  C:\Windows\System\hZsQuEH.exe
  2⤵
  PID:5372
- C:\Windows\System\OSTsJAY.exe
  C:\Windows\System\OSTsJAY.exe
  2⤵
  PID:5452
- C:\Windows\System\oqeMXvV.exe
  C:\Windows\System\oqeMXvV.exe
  2⤵
  PID:5604
- C:\Windows\System\bdhYmWg.exe
  C:\Windows\System\bdhYmWg.exe
  2⤵
  PID:5728
- C:\Windows\System\RYwTFIj.exe
  C:\Windows\System\RYwTFIj.exe
  2⤵
  PID:6000
- C:\Windows\System\tcXLMtY.exe
  C:\Windows\System\tcXLMtY.exe
  2⤵
  PID:6080
- C:\Windows\System\EXVGPYH.exe
  C:\Windows\System\EXVGPYH.exe
  2⤵
  PID:6076
- C:\Windows\System\YzaYlDp.exe
  C:\Windows\System\YzaYlDp.exe
  2⤵
  PID:6168
- C:\Windows\System\LurssIh.exe
  C:\Windows\System\LurssIh.exe
  2⤵
  PID:6164
- C:\Windows\System\uhMTrOV.exe
  C:\Windows\System\uhMTrOV.exe
  2⤵
  PID:6248
- C:\Windows\System\LUWOMfW.exe
  C:\Windows\System\LUWOMfW.exe
  2⤵
  PID:6308
- C:\Windows\System\JbABbkf.exe
  C:\Windows\System\JbABbkf.exe
  2⤵
  PID:6400
- C:\Windows\System\CVEXtVj.exe
  C:\Windows\System\CVEXtVj.exe
  2⤵
  PID:6396
- C:\Windows\System\vdCMlGV.exe
  C:\Windows\System\vdCMlGV.exe
  2⤵
  PID:6384
- C:\Windows\System\ByJyAFq.exe
  C:\Windows\System\ByJyAFq.exe
  2⤵
  PID:6524
- C:\Windows\System\CuGHzID.exe
  C:\Windows\System\CuGHzID.exe
  2⤵
  PID:6572
- C:\Windows\System\agjlhQD.exe
  C:\Windows\System\agjlhQD.exe
  2⤵
  PID:6624
- C:\Windows\System\rgfHdfE.exe
  C:\Windows\System\rgfHdfE.exe
  2⤵
  PID:6644
- C:\Windows\System\kPzAFlG.exe
  C:\Windows\System\kPzAFlG.exe
  2⤵
  PID:6664
- C:\Windows\System\aiMTREh.exe
  C:\Windows\System\aiMTREh.exe
  2⤵
  PID:6728
- C:\Windows\System\FvyIolI.exe
  C:\Windows\System\FvyIolI.exe
  2⤵
  PID:6792
- C:\Windows\System\VMBxyHg.exe
  C:\Windows\System\VMBxyHg.exe
  2⤵
  PID:2768
- C:\Windows\System\VUIMSud.exe
  C:\Windows\System\VUIMSud.exe
  2⤵
  PID:2572
- C:\Windows\System\ivtJUxz.exe
  C:\Windows\System\ivtJUxz.exe
  2⤵
  PID:6952
- C:\Windows\System\zEHubVa.exe
  C:\Windows\System\zEHubVa.exe
  2⤵
  PID:2960
- C:\Windows\System\loqcmTP.exe
  C:\Windows\System\loqcmTP.exe
  2⤵
  PID:112
- C:\Windows\System\aSPvsKy.exe
  C:\Windows\System\aSPvsKy.exe
  2⤵
  PID:7068
- C:\Windows\System\RqnEBUd.exe
  C:\Windows\System\RqnEBUd.exe
  2⤵
  PID:7084
- C:\Windows\System\EjikWIK.exe
  C:\Windows\System\EjikWIK.exe
  2⤵
  PID:7164
- C:\Windows\System\fEwenVz.exe
  C:\Windows\System\fEwenVz.exe
  2⤵
  PID:7148
- C:\Windows\System\FfwhUjN.exe
  C:\Windows\System\FfwhUjN.exe
  2⤵
  PID:5576
- C:\Windows\System\DoJEWco.exe
  C:\Windows\System\DoJEWco.exe
  2⤵
  PID:5628
- C:\Windows\System\GNmRywb.exe
  C:\Windows\System\GNmRywb.exe
  2⤵
  PID:5776
- C:\Windows\System\PJrpLZP.exe
  C:\Windows\System\PJrpLZP.exe
  2⤵
  PID:6032
- C:\Windows\System\uBICHlE.exe
  C:\Windows\System\uBICHlE.exe
  2⤵
  PID:4940
- C:\Windows\System\zcrYrtF.exe
  C:\Windows\System\zcrYrtF.exe
  2⤵
  PID:6288
- C:\Windows\System\xHemduI.exe
  C:\Windows\System\xHemduI.exe
  2⤵
  PID:6364
- C:\Windows\System\VaVdVXQ.exe
  C:\Windows\System\VaVdVXQ.exe
  2⤵
  PID:2796
- C:\Windows\System\vUugBlU.exe
  C:\Windows\System\vUugBlU.exe
  2⤵
  PID:6428
- C:\Windows\System\BckctiX.exe
  C:\Windows\System\BckctiX.exe
  2⤵
  PID:6520
- C:\Windows\System\etVGrJH.exe
  C:\Windows\System\etVGrJH.exe
  2⤵
  PID:6652
- C:\Windows\System\VZBhKye.exe
  C:\Windows\System\VZBhKye.exe
  2⤵
  PID:6824
- C:\Windows\System\Tgivxjr.exe
  C:\Windows\System\Tgivxjr.exe
  2⤵
  PID:6848
- C:\Windows\System\rAdebLg.exe
  C:\Windows\System\rAdebLg.exe
  2⤵
  PID:6932
- C:\Windows\System\jeoClau.exe
  C:\Windows\System\jeoClau.exe
  2⤵
  PID:6868
- C:\Windows\System\gKuBZfW.exe
  C:\Windows\System\gKuBZfW.exe
  2⤵
  PID:7072
- C:\Windows\System\iLDorhC.exe
  C:\Windows\System\iLDorhC.exe
  2⤵
  PID:7028
- C:\Windows\System\rsfDdRj.exe
  C:\Windows\System\rsfDdRj.exe
  2⤵
  PID:5552
- C:\Windows\System\nhGpyxx.exe
  C:\Windows\System\nhGpyxx.exe
  2⤵
  PID:5288
- C:\Windows\System\yijYajV.exe
  C:\Windows\System\yijYajV.exe
  2⤵
  PID:7188
- C:\Windows\System\CYWETqW.exe
  C:\Windows\System\CYWETqW.exe
  2⤵
  PID:7208
- C:\Windows\System\TKGgUAB.exe
  C:\Windows\System\TKGgUAB.exe
  2⤵
  PID:7228
- C:\Windows\System\coQVRSJ.exe
  C:\Windows\System\coQVRSJ.exe
  2⤵
  PID:7248
- C:\Windows\System\vsCxDEV.exe
  C:\Windows\System\vsCxDEV.exe
  2⤵
  PID:7268
- C:\Windows\System\zFuuoLe.exe
  C:\Windows\System\zFuuoLe.exe
  2⤵
  PID:7288
- C:\Windows\System\wQBkfBB.exe
  C:\Windows\System\wQBkfBB.exe
  2⤵
  PID:7312
- C:\Windows\System\FINOFHY.exe
  C:\Windows\System\FINOFHY.exe
  2⤵
  PID:7332
- C:\Windows\System\ajcBWmx.exe
  C:\Windows\System\ajcBWmx.exe
  2⤵
  PID:7352
- C:\Windows\System\IEMmMnM.exe
  C:\Windows\System\IEMmMnM.exe
  2⤵
  PID:7372
- C:\Windows\System\cecdPCZ.exe
  C:\Windows\System\cecdPCZ.exe
  2⤵
  PID:7392
- C:\Windows\System\iKDfwup.exe
  C:\Windows\System\iKDfwup.exe
  2⤵
  PID:7412
- C:\Windows\System\eoRzqBZ.exe
  C:\Windows\System\eoRzqBZ.exe
  2⤵
  PID:7428
- C:\Windows\System\oaPNjdY.exe
  C:\Windows\System\oaPNjdY.exe
  2⤵
  PID:7448
- C:\Windows\System\zgmpdMf.exe
  C:\Windows\System\zgmpdMf.exe
  2⤵
  PID:7468
- C:\Windows\System\IzoYRIg.exe
  C:\Windows\System\IzoYRIg.exe
  2⤵
  PID:7492
- C:\Windows\System\btSJGje.exe
  C:\Windows\System\btSJGje.exe
  2⤵
  PID:7512
- C:\Windows\System\DAyrpgv.exe
  C:\Windows\System\DAyrpgv.exe
  2⤵
  PID:7528
- C:\Windows\System\ihmINPJ.exe
  C:\Windows\System\ihmINPJ.exe
  2⤵
  PID:7548
- C:\Windows\System\CYJmZqx.exe
  C:\Windows\System\CYJmZqx.exe
  2⤵
  PID:7572
- C:\Windows\System\oUvlNNS.exe
  C:\Windows\System\oUvlNNS.exe
  2⤵
  PID:7592
- C:\Windows\System\nLgHelV.exe
  C:\Windows\System\nLgHelV.exe
  2⤵
  PID:7612
- C:\Windows\System\urqdohO.exe
  C:\Windows\System\urqdohO.exe
  2⤵
  PID:7632
- C:\Windows\System\THgWtCO.exe
  C:\Windows\System\THgWtCO.exe
  2⤵
  PID:7652
- C:\Windows\System\IxsZunv.exe
  C:\Windows\System\IxsZunv.exe
  2⤵
  PID:7672
- C:\Windows\System\hnlfMmC.exe
  C:\Windows\System\hnlfMmC.exe
  2⤵
  PID:7692
- C:\Windows\System\FAqFBah.exe
  C:\Windows\System\FAqFBah.exe
  2⤵
  PID:7712
- C:\Windows\System\fPTjKmH.exe
  C:\Windows\System\fPTjKmH.exe
  2⤵
  PID:7732
- C:\Windows\System\aJQzPtA.exe
  C:\Windows\System\aJQzPtA.exe
  2⤵
  PID:7752
- C:\Windows\System\uHlPxfc.exe
  C:\Windows\System\uHlPxfc.exe
  2⤵
  PID:7772
- C:\Windows\System\IaBOyHi.exe
  C:\Windows\System\IaBOyHi.exe
  2⤵
  PID:7788
- C:\Windows\System\bKZkMbg.exe
  C:\Windows\System\bKZkMbg.exe
  2⤵
  PID:7812
- C:\Windows\System\NrYrWaO.exe
  C:\Windows\System\NrYrWaO.exe
  2⤵
  PID:7832
- C:\Windows\System\ZoMOhOv.exe
  C:\Windows\System\ZoMOhOv.exe
  2⤵
  PID:7852
- C:\Windows\System\NRWDPUF.exe
  C:\Windows\System\NRWDPUF.exe
  2⤵
  PID:7868
- C:\Windows\System\AWLxByI.exe
  C:\Windows\System\AWLxByI.exe
  2⤵
  PID:7892
- C:\Windows\System\eSTlAxu.exe
  C:\Windows\System\eSTlAxu.exe
  2⤵
  PID:7912
- C:\Windows\System\YunArAJ.exe
  C:\Windows\System\YunArAJ.exe
  2⤵
  PID:7932
- C:\Windows\System\UvWMFjT.exe
  C:\Windows\System\UvWMFjT.exe
  2⤵
  PID:7952
- C:\Windows\System\WdrPlsY.exe
  C:\Windows\System\WdrPlsY.exe
  2⤵
  PID:7972
- C:\Windows\System\vLbzoGx.exe
  C:\Windows\System\vLbzoGx.exe
  2⤵
  PID:7992
- C:\Windows\System\nzQyQTG.exe
  C:\Windows\System\nzQyQTG.exe
  2⤵
  PID:8012
- C:\Windows\System\ymfWiWP.exe
  C:\Windows\System\ymfWiWP.exe
  2⤵
  PID:8032
- C:\Windows\System\dWiaaat.exe
  C:\Windows\System\dWiaaat.exe
  2⤵
  PID:8052
- C:\Windows\System\kQfKZqG.exe
  C:\Windows\System\kQfKZqG.exe
  2⤵
  PID:8072
- C:\Windows\System\wpspiyU.exe
  C:\Windows\System\wpspiyU.exe
  2⤵
  PID:8092
- C:\Windows\System\SCVTVdP.exe
  C:\Windows\System\SCVTVdP.exe
  2⤵
  PID:8112
- C:\Windows\System\zsQAzOT.exe
  C:\Windows\System\zsQAzOT.exe
  2⤵
  PID:8132
- C:\Windows\System\NlMZmWb.exe
  C:\Windows\System\NlMZmWb.exe
  2⤵
  PID:8152
- C:\Windows\System\wrpHOgU.exe
  C:\Windows\System\wrpHOgU.exe
  2⤵
  PID:8176
- C:\Windows\System\gHkEWao.exe
  C:\Windows\System\gHkEWao.exe
  2⤵
  PID:5512
- C:\Windows\System\mOXXiQM.exe
  C:\Windows\System\mOXXiQM.exe
  2⤵
  PID:5040
- C:\Windows\System\LkcwpOx.exe
  C:\Windows\System\LkcwpOx.exe
  2⤵
  PID:6204
- C:\Windows\System\bpuHGIU.exe
  C:\Windows\System\bpuHGIU.exe
  2⤵
  PID:2180
- C:\Windows\System\CRIdjTo.exe
  C:\Windows\System\CRIdjTo.exe
  2⤵
  PID:6452
- C:\Windows\System\CxWFQjV.exe
  C:\Windows\System\CxWFQjV.exe
  2⤵
  PID:6552
- C:\Windows\System\aMdwWLZ.exe
  C:\Windows\System\aMdwWLZ.exe
  2⤵
  PID:6832
- C:\Windows\System\rlHpowG.exe
  C:\Windows\System\rlHpowG.exe
  2⤵
  PID:2184
- C:\Windows\System\LqlBGXJ.exe
  C:\Windows\System\LqlBGXJ.exe
  2⤵
  PID:7052
- C:\Windows\System\iTeqxqF.exe
  C:\Windows\System\iTeqxqF.exe
  2⤵
  PID:5228
- C:\Windows\System\bpRzZWP.exe
  C:\Windows\System\bpRzZWP.exe
  2⤵
  PID:7196
- C:\Windows\System\NTHWUaM.exe
  C:\Windows\System\NTHWUaM.exe
  2⤵
  PID:7180
- C:\Windows\System\lELcWJn.exe
  C:\Windows\System\lELcWJn.exe
  2⤵
  PID:7240
- C:\Windows\System\hoKbXGJ.exe
  C:\Windows\System\hoKbXGJ.exe
  2⤵
  PID:7280
- C:\Windows\System\huyvFES.exe
  C:\Windows\System\huyvFES.exe
  2⤵
  PID:7296
- C:\Windows\System\DFXMsQs.exe
  C:\Windows\System\DFXMsQs.exe
  2⤵
  PID:7360
- C:\Windows\System\xHLSGLe.exe
  C:\Windows\System\xHLSGLe.exe
  2⤵
  PID:7344
- C:\Windows\System\wjBgMIu.exe
  C:\Windows\System\wjBgMIu.exe
  2⤵
  PID:7404
- C:\Windows\System\nEOZoND.exe
  C:\Windows\System\nEOZoND.exe
  2⤵
  PID:7440
- C:\Windows\System\rbXuLTx.exe
  C:\Windows\System\rbXuLTx.exe
  2⤵
  PID:7480
- C:\Windows\System\EGkYTfx.exe
  C:\Windows\System\EGkYTfx.exe
  2⤵
  PID:7520
- C:\Windows\System\Psthrui.exe
  C:\Windows\System\Psthrui.exe
  2⤵
  PID:7564
- C:\Windows\System\EQlGldv.exe
  C:\Windows\System\EQlGldv.exe
  2⤵
  PID:7560
- C:\Windows\System\iiohnXw.exe
  C:\Windows\System\iiohnXw.exe
  2⤵
  PID:7584
- C:\Windows\System\KbNTjGO.exe
  C:\Windows\System\KbNTjGO.exe
  2⤵
  PID:7628
- C:\Windows\System\VPyiXvE.exe
  C:\Windows\System\VPyiXvE.exe
  2⤵
  PID:7664
- C:\Windows\System\iMCQVHm.exe
  C:\Windows\System\iMCQVHm.exe
  2⤵
  PID:7700
- C:\Windows\System\umWbBrI.exe
  C:\Windows\System\umWbBrI.exe
  2⤵
  PID:7704
- C:\Windows\System\qFSGSNP.exe
  C:\Windows\System\qFSGSNP.exe
  2⤵
  PID:7744
- C:\Windows\System\arceZry.exe
  C:\Windows\System\arceZry.exe
  2⤵
  PID:7804
- C:\Windows\System\CuNprqp.exe
  C:\Windows\System\CuNprqp.exe
  2⤵
  PID:7840
- C:\Windows\System\ZWICGgl.exe
  C:\Windows\System\ZWICGgl.exe
  2⤵
  PID:1808
- C:\Windows\System\uCqtdfo.exe
  C:\Windows\System\uCqtdfo.exe
  2⤵
  PID:7884
- C:\Windows\System\rTnZnlP.exe
  C:\Windows\System\rTnZnlP.exe
  2⤵
  PID:7928
- C:\Windows\System\UgUEQSW.exe
  C:\Windows\System\UgUEQSW.exe
  2⤵
  PID:7964
- C:\Windows\System\QliJZhn.exe
  C:\Windows\System\QliJZhn.exe
  2⤵
  PID:7980
- C:\Windows\System\wLYiYlv.exe
  C:\Windows\System\wLYiYlv.exe
  2⤵
  PID:8004
- C:\Windows\System\eVNbXUs.exe
  C:\Windows\System\eVNbXUs.exe
  2⤵
  PID:8024
- C:\Windows\System\lXTBtbj.exe
  C:\Windows\System\lXTBtbj.exe
  2⤵
  PID:8088
- C:\Windows\System\sFFxmSY.exe
  C:\Windows\System\sFFxmSY.exe
  2⤵
  PID:8128
- C:\Windows\System\mKgLajw.exe
  C:\Windows\System\mKgLajw.exe
  2⤵
  PID:8160
- C:\Windows\System\cKkjaNy.exe
  C:\Windows\System\cKkjaNy.exe
  2⤵
  PID:4156
- C:\Windows\System\GwEPUKn.exe
  C:\Windows\System\GwEPUKn.exe
  2⤵
  PID:6368
- C:\Windows\System\wBlOGAT.exe
  C:\Windows\System\wBlOGAT.exe
  2⤵
  PID:6404
- C:\Windows\System\ubwBYMo.exe
  C:\Windows\System\ubwBYMo.exe
  2⤵
  PID:6672
- C:\Windows\System\iNClkmH.exe
  C:\Windows\System\iNClkmH.exe
  2⤵
  PID:6708
- C:\Windows\System\uDwRXRF.exe
  C:\Windows\System\uDwRXRF.exe
  2⤵
  PID:6968
- C:\Windows\System\TdRTfcS.exe
  C:\Windows\System\TdRTfcS.exe
  2⤵
  PID:7176
- C:\Windows\System\uMDTVzw.exe
  C:\Windows\System\uMDTVzw.exe
  2⤵
  PID:7216
- C:\Windows\System\YMUmxlb.exe
  C:\Windows\System\YMUmxlb.exe
  2⤵
  PID:7220
- C:\Windows\System\AfDZvpY.exe
  C:\Windows\System\AfDZvpY.exe
  2⤵
  PID:7328
- C:\Windows\System\BxhskXC.exe
  C:\Windows\System\BxhskXC.exe
  2⤵
  PID:7348
- C:\Windows\System\ayMdEYX.exe
  C:\Windows\System\ayMdEYX.exe
  2⤵
  PID:7488
- C:\Windows\System\DQCUjDz.exe
  C:\Windows\System\DQCUjDz.exe
  2⤵
  PID:7508
- C:\Windows\System\QzXdXWA.exe
  C:\Windows\System\QzXdXWA.exe
  2⤵
  PID:7608
- C:\Windows\System\rLKRqtC.exe
  C:\Windows\System\rLKRqtC.exe
  2⤵
  PID:7540
- C:\Windows\System\psWzQrW.exe
  C:\Windows\System\psWzQrW.exe
  2⤵
  PID:7648
- C:\Windows\System\aoTNoZa.exe
  C:\Windows\System\aoTNoZa.exe
  2⤵
  PID:7688
- C:\Windows\System\pIUmJUY.exe
  C:\Windows\System\pIUmJUY.exe
  2⤵
  PID:7800
- C:\Windows\System\dcyAAwY.exe
  C:\Windows\System\dcyAAwY.exe
  2⤵
  PID:7828
- C:\Windows\System\dfezrHJ.exe
  C:\Windows\System\dfezrHJ.exe
  2⤵
  PID:7820
- C:\Windows\System\qBdKhDs.exe
  C:\Windows\System\qBdKhDs.exe
  2⤵
  PID:7860
- C:\Windows\System\BPsgpDV.exe
  C:\Windows\System\BPsgpDV.exe
  2⤵
  PID:2988
- C:\Windows\System\vscJAgA.exe
  C:\Windows\System\vscJAgA.exe
  2⤵
  PID:8028
- C:\Windows\System\fzUzJDz.exe
  C:\Windows\System\fzUzJDz.exe
  2⤵
  PID:7984
- C:\Windows\System\SpGkRMn.exe
  C:\Windows\System\SpGkRMn.exe
  2⤵
  PID:8068
- C:\Windows\System\oOUfYWZ.exe
  C:\Windows\System\oOUfYWZ.exe
  2⤵
  PID:5912
- C:\Windows\System\yXeNrCp.exe
  C:\Windows\System\yXeNrCp.exe
  2⤵
  PID:6200
- C:\Windows\System\yPciniE.exe
  C:\Windows\System\yPciniE.exe
  2⤵
  PID:6772
- C:\Windows\System\XClPNFs.exe
  C:\Windows\System\XClPNFs.exe
  2⤵
  PID:6812
- C:\Windows\System\tVwaFDJ.exe
  C:\Windows\System\tVwaFDJ.exe
  2⤵
  PID:2496
- C:\Windows\System\nBqvJPY.exe
  C:\Windows\System\nBqvJPY.exe
  2⤵
  PID:7256
- C:\Windows\System\tRYfCjT.exe
  C:\Windows\System\tRYfCjT.exe
  2⤵
  PID:7308
- C:\Windows\System\NPpOQMg.exe
  C:\Windows\System\NPpOQMg.exe
  2⤵
  PID:7464
- C:\Windows\System\LsxFDMn.exe
  C:\Windows\System\LsxFDMn.exe
  2⤵
  PID:7384
- C:\Windows\System\mZeXWcg.exe
  C:\Windows\System\mZeXWcg.exe
  2⤵
  PID:7500
- C:\Windows\System\rFfyVTP.exe
  C:\Windows\System\rFfyVTP.exe
  2⤵
  PID:7724
- C:\Windows\System\SsdzFfa.exe
  C:\Windows\System\SsdzFfa.exe
  2⤵
  PID:7684
- C:\Windows\System\zOvlptw.exe
  C:\Windows\System\zOvlptw.exe
  2⤵
  PID:7904
- C:\Windows\System\laBMnLp.exe
  C:\Windows\System\laBMnLp.exe
  2⤵
  PID:7944
- C:\Windows\System\pdoDIDR.exe
  C:\Windows\System\pdoDIDR.exe
  2⤵
  PID:8108
- C:\Windows\System\oQPkhjf.exe
  C:\Windows\System\oQPkhjf.exe
  2⤵
  PID:2340
- C:\Windows\System\WXgimzw.exe
  C:\Windows\System\WXgimzw.exe
  2⤵
  PID:8196
- C:\Windows\System\VnORyjo.exe
  C:\Windows\System\VnORyjo.exe
  2⤵
  PID:8216
- C:\Windows\System\xrRZVWc.exe
  C:\Windows\System\xrRZVWc.exe
  2⤵
  PID:8236
- C:\Windows\System\TRrjdRm.exe
  C:\Windows\System\TRrjdRm.exe
  2⤵
  PID:8256
- C:\Windows\System\ErtxLQa.exe
  C:\Windows\System\ErtxLQa.exe
  2⤵
  PID:8272
- C:\Windows\System\tlBxtVz.exe
  C:\Windows\System\tlBxtVz.exe
  2⤵
  PID:8292
- C:\Windows\System\CiSPeWU.exe
  C:\Windows\System\CiSPeWU.exe
  2⤵
  PID:8308
- C:\Windows\System\MrdFExd.exe
  C:\Windows\System\MrdFExd.exe
  2⤵
  PID:8328
- C:\Windows\System\HoDLjeZ.exe
  C:\Windows\System\HoDLjeZ.exe
  2⤵
  PID:8344
- C:\Windows\System\SILrAes.exe
  C:\Windows\System\SILrAes.exe
  2⤵
  PID:8364
- C:\Windows\System\GukwAUv.exe
  C:\Windows\System\GukwAUv.exe
  2⤵
  PID:8380
- C:\Windows\System\CVPcUll.exe
  C:\Windows\System\CVPcUll.exe
  2⤵
  PID:8400
- C:\Windows\System\rwCjlli.exe
  C:\Windows\System\rwCjlli.exe
  2⤵
  PID:8416
- C:\Windows\System\gHAmVsd.exe
  C:\Windows\System\gHAmVsd.exe
  2⤵
  PID:8432
- C:\Windows\System\UZpWgkE.exe
  C:\Windows\System\UZpWgkE.exe
  2⤵
  PID:8452
- C:\Windows\System\syfRvOr.exe
  C:\Windows\System\syfRvOr.exe
  2⤵
  PID:8468
- C:\Windows\System\MvOwxhi.exe
  C:\Windows\System\MvOwxhi.exe
  2⤵
  PID:8488
- C:\Windows\System\cMPbgNr.exe
  C:\Windows\System\cMPbgNr.exe
  2⤵
  PID:8508
- C:\Windows\System\DKjcvKv.exe
  C:\Windows\System\DKjcvKv.exe
  2⤵
  PID:8524
- C:\Windows\System\GecewRP.exe
  C:\Windows\System\GecewRP.exe
  2⤵
  PID:8544
- C:\Windows\System\jemMdXU.exe
  C:\Windows\System\jemMdXU.exe
  2⤵
  PID:8560
- C:\Windows\System\SYCvOoe.exe
  C:\Windows\System\SYCvOoe.exe
  2⤵
  PID:8576
- C:\Windows\System\NKcUohA.exe
  C:\Windows\System\NKcUohA.exe
  2⤵
  PID:8600
- C:\Windows\System\dwZzrSM.exe
  C:\Windows\System\dwZzrSM.exe
  2⤵
  PID:8620
- C:\Windows\System\KyEwWwo.exe
  C:\Windows\System\KyEwWwo.exe
  2⤵
  PID:8636
- C:\Windows\System\UqLwMtD.exe
  C:\Windows\System\UqLwMtD.exe
  2⤵
  PID:8664
- C:\Windows\System\IWVlgKt.exe
  C:\Windows\System\IWVlgKt.exe
  2⤵
  PID:8692
- C:\Windows\System\oCzBPFy.exe
  C:\Windows\System\oCzBPFy.exe
  2⤵
  PID:8708
- C:\Windows\System\BdfSlQW.exe
  C:\Windows\System\BdfSlQW.exe
  2⤵
  PID:8724
- C:\Windows\System\RNXiIJQ.exe
  C:\Windows\System\RNXiIJQ.exe
  2⤵
  PID:8740
- C:\Windows\System\pSHdsiv.exe
  C:\Windows\System\pSHdsiv.exe
  2⤵
  PID:8756
- C:\Windows\System\QFvMXeh.exe
  C:\Windows\System\QFvMXeh.exe
  2⤵
  PID:8772
- C:\Windows\System\aNjyBSZ.exe
  C:\Windows\System\aNjyBSZ.exe
  2⤵
  PID:8792
- C:\Windows\System\jCSOJcj.exe
  C:\Windows\System\jCSOJcj.exe
  2⤵
  PID:8808
- C:\Windows\System\tNfCqBi.exe
  C:\Windows\System\tNfCqBi.exe
  2⤵
  PID:8828
- C:\Windows\System\aYIXhBw.exe
  C:\Windows\System\aYIXhBw.exe
  2⤵
  PID:8844
- C:\Windows\System\XgiWlQA.exe
  C:\Windows\System\XgiWlQA.exe
  2⤵
  PID:8872
- C:\Windows\System\bntNDGt.exe
  C:\Windows\System\bntNDGt.exe
  2⤵
  PID:8952
- C:\Windows\System\OAVrmtD.exe
  C:\Windows\System\OAVrmtD.exe
  2⤵
  PID:8976
- C:\Windows\System\HKBhUKL.exe
  C:\Windows\System\HKBhUKL.exe
  2⤵
  PID:8992
- C:\Windows\System\iIqXfgZ.exe
  C:\Windows\System\iIqXfgZ.exe
  2⤵
  PID:9012
- C:\Windows\System\csbabrR.exe
  C:\Windows\System\csbabrR.exe
  2⤵
  PID:9032
- C:\Windows\System\cQkzeLS.exe
  C:\Windows\System\cQkzeLS.exe
  2⤵
  PID:9052
- C:\Windows\System\DHNPPnK.exe
  C:\Windows\System\DHNPPnK.exe
  2⤵
  PID:9072
- C:\Windows\System\YmPKhUc.exe
  C:\Windows\System\YmPKhUc.exe
  2⤵
  PID:9092
- C:\Windows\System\CKXDYui.exe
  C:\Windows\System\CKXDYui.exe
  2⤵
  PID:9112
- C:\Windows\System\RJXVFrj.exe
  C:\Windows\System\RJXVFrj.exe
  2⤵
  PID:9136
- C:\Windows\System\jkSyiuB.exe
  C:\Windows\System\jkSyiuB.exe
  2⤵
  PID:9156
- C:\Windows\System\OXQfMPx.exe
  C:\Windows\System\OXQfMPx.exe
  2⤵
  PID:9172
- C:\Windows\System\GPFukwr.exe
  C:\Windows\System\GPFukwr.exe
  2⤵
  PID:9188
- C:\Windows\System\PcxUdGA.exe
  C:\Windows\System\PcxUdGA.exe
  2⤵
  PID:7408
- C:\Windows\System\PlAgzKH.exe
  C:\Windows\System\PlAgzKH.exe
  2⤵
  PID:7012
- C:\Windows\System\jHCSNHe.exe
  C:\Windows\System\jHCSNHe.exe
  2⤵
  PID:496
- C:\Windows\System\gRNSgoi.exe
  C:\Windows\System\gRNSgoi.exe
  2⤵
  PID:7780
- C:\Windows\System\GGarySS.exe
  C:\Windows\System\GGarySS.exe
  2⤵
  PID:7420
- C:\Windows\System\YntTUvW.exe
  C:\Windows\System\YntTUvW.exe
  2⤵
  PID:8080
- C:\Windows\System\rvOgWPG.exe
  C:\Windows\System\rvOgWPG.exe
  2⤵
  PID:8212
- C:\Windows\System\eoEuXdI.exe
  C:\Windows\System\eoEuXdI.exe
  2⤵
  PID:7620
- C:\Windows\System\RoccqmW.exe
  C:\Windows\System\RoccqmW.exe
  2⤵
  PID:8248
- C:\Windows\System\geDHTvY.exe
  C:\Windows\System\geDHTvY.exe
  2⤵
  PID:2216
- C:\Windows\System\LFENgib.exe
  C:\Windows\System\LFENgib.exe
  2⤵
  PID:5084
- C:\Windows\System\KqEBVxl.exe
  C:\Windows\System\KqEBVxl.exe
  2⤵
  PID:8224
- C:\Windows\System\DSoGzWx.exe
  C:\Windows\System\DSoGzWx.exe
  2⤵
  PID:8428
- C:\Windows\System\gGWgLkz.exe
  C:\Windows\System\gGWgLkz.exe
  2⤵
  PID:8268
- C:\Windows\System\CLzbbnw.exe
  C:\Windows\System\CLzbbnw.exe
  2⤵
  PID:8464
- C:\Windows\System\ZxJHanE.exe
  C:\Windows\System\ZxJHanE.exe
  2⤵
  PID:8444
- C:\Windows\System\xELSOmL.exe
  C:\Windows\System\xELSOmL.exe
  2⤵
  PID:8500
- C:\Windows\System\NhFfwnH.exe
  C:\Windows\System\NhFfwnH.exe
  2⤵
  PID:8440
- C:\Windows\System\CzovuLT.exe
  C:\Windows\System\CzovuLT.exe
  2⤵
  PID:8480
- C:\Windows\System\jbvRgca.exe
  C:\Windows\System\jbvRgca.exe
  2⤵
  PID:8572
- C:\Windows\System\AqSGudT.exe
  C:\Windows\System\AqSGudT.exe
  2⤵
  PID:8676
- C:\Windows\System\jqdRPtd.exe
  C:\Windows\System\jqdRPtd.exe
  2⤵
  PID:8684
- C:\Windows\System\grauqiU.exe
  C:\Windows\System\grauqiU.exe
  2⤵
  PID:8720
- C:\Windows\System\PYMmSzq.exe
  C:\Windows\System\PYMmSzq.exe
  2⤵
  PID:8764
- C:\Windows\System\VjybphR.exe
  C:\Windows\System\VjybphR.exe
  2⤵
  PID:8784
- C:\Windows\System\EkNcQka.exe
  C:\Windows\System\EkNcQka.exe
  2⤵
  PID:8816
- C:\Windows\System\rsyJOfP.exe
  C:\Windows\System\rsyJOfP.exe
  2⤵
  PID:8856
- C:\Windows\System\nwgbmHN.exe
  C:\Windows\System\nwgbmHN.exe
  2⤵
  PID:8860
- C:\Windows\System\JykpQrd.exe
  C:\Windows\System\JykpQrd.exe
  2⤵
  PID:8892
- C:\Windows\System\FsjBpdn.exe
  C:\Windows\System\FsjBpdn.exe
  2⤵
  PID:8904
- C:\Windows\System\EiqpkVx.exe
  C:\Windows\System\EiqpkVx.exe
  2⤵
  PID:8920
- C:\Windows\System\ptYXXRX.exe
  C:\Windows\System\ptYXXRX.exe
  2⤵
  PID:8936
- C:\Windows\System\RFLfxNq.exe
  C:\Windows\System\RFLfxNq.exe
  2⤵
  PID:8948
- C:\Windows\System\JbuotPo.exe
  C:\Windows\System\JbuotPo.exe
  2⤵
  PID:5020
- C:\Windows\System\EfLKsel.exe
  C:\Windows\System\EfLKsel.exe
  2⤵
  PID:2668
- C:\Windows\System\VtkvsDL.exe
  C:\Windows\System\VtkvsDL.exe
  2⤵
  PID:704
- C:\Windows\System\rsckuSu.exe
  C:\Windows\System\rsckuSu.exe
  2⤵
  PID:2120
- C:\Windows\System\GRINbgZ.exe
  C:\Windows\System\GRINbgZ.exe
  2⤵
  PID:9020
- C:\Windows\System\exypfMN.exe
  C:\Windows\System\exypfMN.exe
  2⤵
  PID:9040
- C:\Windows\System\LEdxRaA.exe
  C:\Windows\System\LEdxRaA.exe
  2⤵
  PID:9044
- C:\Windows\System\bCTSiyd.exe
  C:\Windows\System\bCTSiyd.exe
  2⤵
  PID:9196
- C:\Windows\System\rVukPbT.exe
  C:\Windows\System\rVukPbT.exe
  2⤵
  PID:9212
- C:\Windows\System\OIqmOCI.exe
  C:\Windows\System\OIqmOCI.exe
  2⤵
  PID:2740
- C:\Windows\System\qtHNuHW.exe
  C:\Windows\System\qtHNuHW.exe
  2⤵
  PID:2588
- C:\Windows\System\mdWqKJz.exe
  C:\Windows\System\mdWqKJz.exe
  2⤵
  PID:8188
- C:\Windows\System\gzmDHQj.exe
  C:\Windows\System\gzmDHQj.exe
  2⤵
  PID:5312
- C:\Windows\System\ECJMllE.exe
  C:\Windows\System\ECJMllE.exe
  2⤵
  PID:1028
- C:\Windows\System\wYLDzCm.exe
  C:\Windows\System\wYLDzCm.exe
  2⤵
  PID:1376
- C:\Windows\System\bsrXKRY.exe
  C:\Windows\System\bsrXKRY.exe
  2⤵
  PID:956
- C:\Windows\System\rPpgQbJ.exe
  C:\Windows\System\rPpgQbJ.exe
  2⤵
  PID:2980
- C:\Windows\System\IgNVYDh.exe
  C:\Windows\System\IgNVYDh.exe
  2⤵
  PID:7544
- C:\Windows\System\UrxlZAy.exe
  C:\Windows\System\UrxlZAy.exe
  2⤵
  PID:8204
- C:\Windows\System\BZuFciR.exe
  C:\Windows\System\BZuFciR.exe
  2⤵
  PID:7152
- C:\Windows\System\McYdCVb.exe
  C:\Windows\System\McYdCVb.exe
  2⤵
  PID:8244
- C:\Windows\System\XjlQPhO.exe
  C:\Windows\System\XjlQPhO.exe
  2⤵
  PID:8316
- C:\Windows\System\prLWqgo.exe
  C:\Windows\System\prLWqgo.exe
  2⤵
  PID:8264
- C:\Windows\System\UUDgkFC.exe
  C:\Windows\System\UUDgkFC.exe
  2⤵
  PID:8372
- C:\Windows\System\yHdyYPl.exe
  C:\Windows\System\yHdyYPl.exe
  2⤵
  PID:8140
- C:\Windows\System\ErdLEcM.exe
  C:\Windows\System\ErdLEcM.exe
  2⤵
  PID:8460
- C:\Windows\System\sPAiSdr.exe
  C:\Windows\System\sPAiSdr.exe
  2⤵
  PID:8588
- C:\Windows\System\dwJNJeJ.exe
  C:\Windows\System\dwJNJeJ.exe
  2⤵
  PID:8632
- C:\Windows\System\UiDRFSa.exe
  C:\Windows\System\UiDRFSa.exe
  2⤵
  PID:8700
- C:\Windows\System\UwmIurP.exe
  C:\Windows\System\UwmIurP.exe
  2⤵
  PID:8804
- C:\Windows\System\NVnRNZj.exe
  C:\Windows\System\NVnRNZj.exe
  2⤵
  PID:8868
- C:\Windows\System\rsIzhYb.exe
  C:\Windows\System\rsIzhYb.exe
  2⤵
  PID:8800
- C:\Windows\System\sNSHUrw.exe
  C:\Windows\System\sNSHUrw.exe
  2⤵
  PID:8888
- C:\Windows\System\KfnhAid.exe
  C:\Windows\System\KfnhAid.exe
  2⤵
  PID:2424
- C:\Windows\System\hZShxGO.exe
  C:\Windows\System\hZShxGO.exe
  2⤵
  PID:2840
- C:\Windows\System\psPaVdt.exe
  C:\Windows\System\psPaVdt.exe
  2⤵
  PID:8984
- C:\Windows\System\rWiUbMO.exe
  C:\Windows\System\rWiUbMO.exe
  2⤵
  PID:2860
- C:\Windows\System\DBYvUAk.exe
  C:\Windows\System\DBYvUAk.exe
  2⤵
  PID:9060
- C:\Windows\System\fNNwdJy.exe
  C:\Windows\System\fNNwdJy.exe
  2⤵
  PID:2848
- C:\Windows\System\gMvjhbv.exe
  C:\Windows\System\gMvjhbv.exe
  2⤵
  PID:1052
- C:\Windows\System\lxYRgLj.exe
  C:\Windows\System\lxYRgLj.exe
  2⤵
  PID:9144
- C:\Windows\System\ZxUMzOf.exe
  C:\Windows\System\ZxUMzOf.exe
  2⤵
  PID:9132
- C:\Windows\System\smcOkng.exe
  C:\Windows\System\smcOkng.exe
  2⤵
  PID:1676
- C:\Windows\System\nonAdMe.exe
  C:\Windows\System\nonAdMe.exe
  2⤵
  PID:2604
- C:\Windows\System\MvjRMza.exe
  C:\Windows\System\MvjRMza.exe
  2⤵
  PID:7708
- C:\Windows\System\uxglitY.exe
  C:\Windows\System\uxglitY.exe
  2⤵
  PID:7876
- C:\Windows\System\TAHDNay.exe
  C:\Windows\System\TAHDNay.exe
  2⤵
  PID:8300
- C:\Windows\System\atpQddQ.exe
  C:\Windows\System\atpQddQ.exe
  2⤵
  PID:8504
- C:\Windows\System\BCySidV.exe
  C:\Windows\System\BCySidV.exe
  2⤵
  PID:8340
- C:\Windows\System\OqKfNVB.exe
  C:\Windows\System\OqKfNVB.exe
  2⤵
  PID:8408
- C:\Windows\System\WgChmZD.exe
  C:\Windows\System\WgChmZD.exe
  2⤵
  PID:8656
- C:\Windows\System\UYBHOor.exe
  C:\Windows\System\UYBHOor.exe
  2⤵
  PID:8412
- C:\Windows\System\WWriRKB.exe
  C:\Windows\System\WWriRKB.exe
  2⤵
  PID:8716
- C:\Windows\System\ymVOPsS.exe
  C:\Windows\System\ymVOPsS.exe
  2⤵
  PID:8852
- C:\Windows\System\whgYBVR.exe
  C:\Windows\System\whgYBVR.exe
  2⤵
  PID:1816
- C:\Windows\System\ADOaHvb.exe
  C:\Windows\System\ADOaHvb.exe
  2⤵
  PID:2880
- C:\Windows\System\hxiGUSX.exe
  C:\Windows\System\hxiGUSX.exe
  2⤵
  PID:2948
- C:\Windows\System\oCiEbRC.exe
  C:\Windows\System\oCiEbRC.exe
  2⤵
  PID:8988
- C:\Windows\System\WFlBxLM.exe
  C:\Windows\System\WFlBxLM.exe
  2⤵
  PID:9080
- C:\Windows\System\EwWSHrv.exe
  C:\Windows\System\EwWSHrv.exe
  2⤵
  PID:9088
- C:\Windows\System\iqIWShp.exe
  C:\Windows\System\iqIWShp.exe
  2⤵
  PID:1160
- C:\Windows\System\EVqGCAr.exe
  C:\Windows\System\EVqGCAr.exe
  2⤵
  PID:2160
- C:\Windows\System\lsPyPEd.exe
  C:\Windows\System\lsPyPEd.exe
  2⤵
  PID:2956
- C:\Windows\System\wnAaQWt.exe
  C:\Windows\System\wnAaQWt.exe
  2⤵
  PID:584
- C:\Windows\System\RGwpPTx.exe
  C:\Windows\System\RGwpPTx.exe
  2⤵
  PID:2380
- C:\Windows\System\qakaYiI.exe
  C:\Windows\System\qakaYiI.exe
  2⤵
  PID:8284
- C:\Windows\System\rHDesQv.exe
  C:\Windows\System\rHDesQv.exe
  2⤵
  PID:2192
- C:\Windows\System\XHfWAPw.exe
  C:\Windows\System\XHfWAPw.exe
  2⤵
  PID:2636
- C:\Windows\System\caMqVrd.exe
  C:\Windows\System\caMqVrd.exe
  2⤵
  PID:8552
- C:\Windows\System\brNTOiw.exe
  C:\Windows\System\brNTOiw.exe
  2⤵
  PID:8932
- C:\Windows\System\nfqEbTq.exe
  C:\Windows\System\nfqEbTq.exe
  2⤵
  PID:8748
- C:\Windows\System\lpSjfMB.exe
  C:\Windows\System\lpSjfMB.exe
  2⤵
  PID:2564
- C:\Windows\System\BxJhDtp.exe
  C:\Windows\System\BxJhDtp.exe
  2⤵
  PID:9068
- C:\Windows\System\lpncsgO.exe
  C:\Windows\System\lpncsgO.exe
  2⤵
  PID:2088
- C:\Windows\System\cpLELiT.exe
  C:\Windows\System\cpLELiT.exe
  2⤵
  PID:9180
- C:\Windows\System\hWJJRDc.exe
  C:\Windows\System\hWJJRDc.exe
  2⤵
  PID:8288
- C:\Windows\System\sXDekbv.exe
  C:\Windows\System\sXDekbv.exe
  2⤵
  PID:9224
- C:\Windows\System\auUqDGn.exe
  C:\Windows\System\auUqDGn.exe
  2⤵
  PID:9240
- C:\Windows\System\MIWSQLX.exe
  C:\Windows\System\MIWSQLX.exe
  2⤵
  PID:9264
- C:\Windows\System\SKVBbCt.exe
  C:\Windows\System\SKVBbCt.exe
  2⤵
  PID:9280
- C:\Windows\System\OWyxjlc.exe
  C:\Windows\System\OWyxjlc.exe
  2⤵
  PID:9300
- C:\Windows\System\nJCLXVL.exe
  C:\Windows\System\nJCLXVL.exe
  2⤵
  PID:9316
- C:\Windows\System\BmvCKbT.exe
  C:\Windows\System\BmvCKbT.exe
  2⤵
  PID:9332
- C:\Windows\System\avnyaaz.exe
  C:\Windows\System\avnyaaz.exe
  2⤵
  PID:9348
- C:\Windows\System\ixseHle.exe
  C:\Windows\System\ixseHle.exe
  2⤵
  PID:9364
- C:\Windows\System\splGiol.exe
  C:\Windows\System\splGiol.exe
  2⤵
  PID:9380
- C:\Windows\System\UTzpgSX.exe
  C:\Windows\System\UTzpgSX.exe
  2⤵
  PID:9396
- C:\Windows\System\vgjmwgt.exe
  C:\Windows\System\vgjmwgt.exe
  2⤵
  PID:9412
- C:\Windows\System\DVHIKHN.exe
  C:\Windows\System\DVHIKHN.exe
  2⤵
  PID:9428
- C:\Windows\System\vxuqYUB.exe
  C:\Windows\System\vxuqYUB.exe
  2⤵
  PID:9444
- C:\Windows\System\XzGiqmA.exe
  C:\Windows\System\XzGiqmA.exe
  2⤵
  PID:9460
- C:\Windows\System\CZycgWM.exe
  C:\Windows\System\CZycgWM.exe
  2⤵
  PID:9476
- C:\Windows\System\GEhEDrG.exe
  C:\Windows\System\GEhEDrG.exe
  2⤵
  PID:9492
- C:\Windows\System\mppxfUZ.exe
  C:\Windows\System\mppxfUZ.exe
  2⤵
  PID:9508
- C:\Windows\System\FJEHnCb.exe
  C:\Windows\System\FJEHnCb.exe
  2⤵
  PID:9524
- C:\Windows\System\wtoeIEw.exe
  C:\Windows\System\wtoeIEw.exe
  2⤵
  PID:9540
- C:\Windows\System\UvwFePy.exe
  C:\Windows\System\UvwFePy.exe
  2⤵
  PID:9556
- C:\Windows\System\coXuApo.exe
  C:\Windows\System\coXuApo.exe
  2⤵
  PID:9576
- C:\Windows\System\NkcZgyO.exe
  C:\Windows\System\NkcZgyO.exe
  2⤵
  PID:9596
- C:\Windows\System\BAvnFrT.exe
  C:\Windows\System\BAvnFrT.exe
  2⤵
  PID:9612
- C:\Windows\System\HtdzoKO.exe
  C:\Windows\System\HtdzoKO.exe
  2⤵
  PID:9628
- C:\Windows\System\kesnESV.exe
  C:\Windows\System\kesnESV.exe
  2⤵
  PID:9644
- C:\Windows\System\zDaNzmt.exe
  C:\Windows\System\zDaNzmt.exe
  2⤵
  PID:9660
- C:\Windows\System\SziLLJo.exe
  C:\Windows\System\SziLLJo.exe
  2⤵
  PID:9676
- C:\Windows\System\ISVteDQ.exe
  C:\Windows\System\ISVteDQ.exe
  2⤵
  PID:9692
- C:\Windows\System\xvjKnhJ.exe
  C:\Windows\System\xvjKnhJ.exe
  2⤵
  PID:9708
- C:\Windows\System\ehBQyAa.exe
  C:\Windows\System\ehBQyAa.exe
  2⤵
  PID:9728
- C:\Windows\System\VPNsMaQ.exe
  C:\Windows\System\VPNsMaQ.exe
  2⤵
  PID:9744
- C:\Windows\System\pMUqzAI.exe
  C:\Windows\System\pMUqzAI.exe
  2⤵
  PID:9760
- C:\Windows\System\qotHfAK.exe
  C:\Windows\System\qotHfAK.exe
  2⤵
  PID:9780
- C:\Windows\System\LBgxFRF.exe
  C:\Windows\System\LBgxFRF.exe
  2⤵
  PID:9796
- C:\Windows\System\vFxvqlp.exe
  C:\Windows\System\vFxvqlp.exe
  2⤵
  PID:9816
- C:\Windows\System\LEyAJSx.exe
  C:\Windows\System\LEyAJSx.exe
  2⤵
  PID:9832
- C:\Windows\System\wtTzjbH.exe
  C:\Windows\System\wtTzjbH.exe
  2⤵
  PID:9848
- C:\Windows\System\BdujynH.exe
  C:\Windows\System\BdujynH.exe
  2⤵
  PID:9868
- C:\Windows\System\rjnoymt.exe
  C:\Windows\System\rjnoymt.exe
  2⤵
  PID:9888
- C:\Windows\System\GJaropz.exe
  C:\Windows\System\GJaropz.exe
  2⤵
  PID:9904
- C:\Windows\System\ThSWzQL.exe
  C:\Windows\System\ThSWzQL.exe
  2⤵
  PID:9920
- C:\Windows\System\ucfgYqZ.exe
  C:\Windows\System\ucfgYqZ.exe
  2⤵
  PID:9936
- C:\Windows\System\QjjaQjM.exe
  C:\Windows\System\QjjaQjM.exe
  2⤵
  PID:9952
- C:\Windows\System\XzSjgLy.exe
  C:\Windows\System\XzSjgLy.exe
  2⤵
  PID:9968
- C:\Windows\System\MRFWxrF.exe
  C:\Windows\System\MRFWxrF.exe
  2⤵
  PID:9984
- C:\Windows\System\ZlsPipq.exe
  C:\Windows\System\ZlsPipq.exe
  2⤵
  PID:10000
- C:\Windows\System\FAiCzuO.exe
  C:\Windows\System\FAiCzuO.exe
  2⤵
  PID:10016
- C:\Windows\System\rYTsknD.exe
  C:\Windows\System\rYTsknD.exe
  2⤵
  PID:10032
- C:\Windows\System\ELoXxDQ.exe
  C:\Windows\System\ELoXxDQ.exe
  2⤵
  PID:10048
- C:\Windows\System\KIWXODc.exe
  C:\Windows\System\KIWXODc.exe
  2⤵
  PID:10068
- C:\Windows\System\nNSdtoy.exe
  C:\Windows\System\nNSdtoy.exe
  2⤵
  PID:10084
- C:\Windows\System\AHhwZcw.exe
  C:\Windows\System\AHhwZcw.exe
  2⤵
  PID:10104
- C:\Windows\System\jKEFwUs.exe
  C:\Windows\System\jKEFwUs.exe
  2⤵
  PID:10120
- C:\Windows\System\GMYzqbT.exe
  C:\Windows\System\GMYzqbT.exe
  2⤵
  PID:10136
- C:\Windows\System\xcJnunI.exe
  C:\Windows\System\xcJnunI.exe
  2⤵
  PID:10152
- C:\Windows\System\ZHVJlhh.exe
  C:\Windows\System\ZHVJlhh.exe
  2⤵
  PID:10168
- C:\Windows\System\nEZlLBn.exe
  C:\Windows\System\nEZlLBn.exe
  2⤵
  PID:10184
- C:\Windows\System\aEZGBTm.exe
  C:\Windows\System\aEZGBTm.exe
  2⤵
  PID:10200
- C:\Windows\System\IMyiRLj.exe
  C:\Windows\System\IMyiRLj.exe
  2⤵
  PID:10216
- C:\Windows\System\dTTZPuo.exe
  C:\Windows\System\dTTZPuo.exe
  2⤵
  PID:10232
- C:\Windows\System\CAjRFJq.exe
  C:\Windows\System\CAjRFJq.exe
  2⤵
  PID:8648
- C:\Windows\System\qwVVmjH.exe
  C:\Windows\System\qwVVmjH.exe
  2⤵
  PID:1272
- C:\Windows\System\HwGXkRb.exe
  C:\Windows\System\HwGXkRb.exe
  2⤵
  PID:9220
- C:\Windows\System\tsZyVdr.exe
  C:\Windows\System\tsZyVdr.exe
  2⤵
  PID:9252
- C:\Windows\System\UekRbYd.exe
  C:\Windows\System\UekRbYd.exe
  2⤵
  PID:8912
- C:\Windows\System\laRsOcM.exe
  C:\Windows\System\laRsOcM.exe
  2⤵
  PID:8864
- C:\Windows\System\xYzofdt.exe
  C:\Windows\System\xYzofdt.exe
  2⤵
  PID:8360
- C:\Windows\System\cIBMRCk.exe
  C:\Windows\System\cIBMRCk.exe
  2⤵
  PID:8540
- C:\Windows\System\cfXrWfe.exe
  C:\Windows\System\cfXrWfe.exe
  2⤵
  PID:9324
- C:\Windows\System\iZabhMH.exe
  C:\Windows\System\iZabhMH.exe
  2⤵
  PID:9388
- C:\Windows\System\CUKRoKn.exe
  C:\Windows\System\CUKRoKn.exe
  2⤵
  PID:9344
- C:\Windows\System\nxZQxnc.exe
  C:\Windows\System\nxZQxnc.exe
  2⤵
  PID:9376
- C:\Windows\System\ioXtXJs.exe
  C:\Windows\System\ioXtXJs.exe
  2⤵
  PID:9424
- C:\Windows\System\FsKiXfs.exe
  C:\Windows\System\FsKiXfs.exe
  2⤵
  PID:9488
- C:\Windows\System\fklYqkX.exe
  C:\Windows\System\fklYqkX.exe
  2⤵
  PID:9552
- C:\Windows\System\LExcgvm.exe
  C:\Windows\System\LExcgvm.exe
  2⤵
  PID:9620
- C:\Windows\System\sVKjTvH.exe
  C:\Windows\System\sVKjTvH.exe
  2⤵
  PID:9684
- C:\Windows\System\DLVTxtX.exe
  C:\Windows\System\DLVTxtX.exe
  2⤵
  PID:9468
- C:\Windows\System\WIGqYcc.exe
  C:\Windows\System\WIGqYcc.exe
  2⤵
  PID:9532
- C:\Windows\System\HhYAeFN.exe
  C:\Windows\System\HhYAeFN.exe
  2⤵
  PID:9608
- C:\Windows\System\gdyDJue.exe
  C:\Windows\System\gdyDJue.exe
  2⤵
  PID:9700
- C:\Windows\System\IeVMFTV.exe
  C:\Windows\System\IeVMFTV.exe
  2⤵
  PID:9756
- C:\Windows\System\FNVSIdN.exe
  C:\Windows\System\FNVSIdN.exe
  2⤵
  PID:9828
- C:\Windows\System\qjcyEQh.exe
  C:\Windows\System\qjcyEQh.exe
  2⤵
  PID:9840
- C:\Windows\System\YrvHQgt.exe
  C:\Windows\System\YrvHQgt.exe
  2⤵
  PID:9772
- C:\Windows\System\WfTCtIp.exe
  C:\Windows\System\WfTCtIp.exe
  2⤵
  PID:10024
- C:\Windows\System\cCrAWBN.exe
  C:\Windows\System\cCrAWBN.exe
  2⤵
  PID:10040
- C:\Windows\System\bQspLDx.exe
  C:\Windows\System\bQspLDx.exe
  2⤵
  PID:10008
- C:\Windows\System\IkgkDui.exe
  C:\Windows\System\IkgkDui.exe
  2⤵
  PID:10132
- C:\Windows\System\NrNoZlh.exe
  C:\Windows\System\NrNoZlh.exe
  2⤵
  PID:10112
- C:\Windows\System\hdzPutJ.exe
  C:\Windows\System\hdzPutJ.exe
  2⤵
  PID:10192
- C:\Windows\System\FpUswWl.exe
  C:\Windows\System\FpUswWl.exe
  2⤵
  PID:10228
- C:\Windows\System\MXxCDBf.exe
  C:\Windows\System\MXxCDBf.exe
  2⤵
  PID:9248
- C:\Windows\System\xszGquw.exe
  C:\Windows\System\xszGquw.exe
  2⤵
  PID:10180
- C:\Windows\System\mQiorEz.exe
  C:\Windows\System\mQiorEz.exe
  2⤵
  PID:8644
- C:\Windows\System\pYWkYuR.exe
  C:\Windows\System\pYWkYuR.exe
  2⤵
  PID:1884
- C:\Windows\System\uODqiZg.exe
  C:\Windows\System\uODqiZg.exe
  2⤵
  PID:9340
- C:\Windows\System\ZTQLYMM.exe
  C:\Windows\System\ZTQLYMM.exe
  2⤵
  PID:9404
- C:\Windows\System\MtzyRys.exe
  C:\Windows\System\MtzyRys.exe
  2⤵
  PID:9436
- C:\Windows\System\sEZIAvR.exe
  C:\Windows\System\sEZIAvR.exe
  2⤵
  PID:9716
- C:\Windows\System\wDrZacD.exe
  C:\Windows\System\wDrZacD.exe
  2⤵
  PID:9652
- C:\Windows\System\IinsznT.exe
  C:\Windows\System\IinsznT.exe
  2⤵
  PID:9568
- C:\Windows\System\XUAuiIv.exe
  C:\Windows\System\XUAuiIv.exe
  2⤵
  PID:9724
- C:\Windows\System\uLiBGKB.exe
  C:\Windows\System\uLiBGKB.exe
  2⤵
  PID:9804
- C:\Windows\System\YbQrVCT.exe
  C:\Windows\System\YbQrVCT.exe
  2⤵
  PID:9672
- C:\Windows\System\SMSnzHO.exe
  C:\Windows\System\SMSnzHO.exe
  2⤵
  PID:9844
- C:\Windows\System\HDFLHgM.exe
  C:\Windows\System\HDFLHgM.exe
  2⤵
  PID:9900
- C:\Windows\System\nXRPQhp.exe
  C:\Windows\System\nXRPQhp.exe
  2⤵
  PID:9916
- C:\Windows\System\eqrDHEG.exe
  C:\Windows\System\eqrDHEG.exe
  2⤵
  PID:9992
- C:\Windows\System\ItbudEf.exe
  C:\Windows\System\ItbudEf.exe
  2⤵
  PID:9944
- C:\Windows\System\YVCtLlv.exe
  C:\Windows\System\YVCtLlv.exe
  2⤵
  PID:10080
- C:\Windows\System\pxLyliw.exe
  C:\Windows\System\pxLyliw.exe
  2⤵
  PID:9996
- C:\Windows\System\kRHpjpl.exe
  C:\Windows\System\kRHpjpl.exe
  2⤵
  PID:10092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CLaBsIx.exe

Filesize
6.0MB

MD5
636a503875e46cb33d974c7a50fe910c

SHA1
eee8c445d5cbd750af7f24b7a9e2a5aef3e5a078

SHA256
24ebd66457910a6c82d71e5cb6bdc63f1013315fb4e16b4c2213152234c83ce0

SHA512
5299678ad98cca13fd2dc80b69f759b24b7b46c4dfbf94ca5fe90ee6d983f0abd22703501ec1164d41f7b2b6cdba90b3e6c6047a316b36892f1ee0cd65313313

Download Submit
C:\Windows\system\FLCzqdw.exe

Filesize
6.0MB

MD5
07f35a748e67b6449580daa6dcc6b4f3

SHA1
494500dca13e44d25bf677edb06d6c97ddc7e6b7

SHA256
2b5eba8199db8322989bfa6b5bab5501a4a66a5af7377d92ad4c5f2a4eb5c96e

SHA512
a7580194264d451ffd040aa621af66b61e690fb479cbbe77bd3adb1d5ac78a878405f8bb216f7cc4c7ea8c7c694301219bf4355594c409fb2aec1c5025e96352

Download Submit
C:\Windows\system\FXXaPJP.exe

Filesize
6.0MB

MD5
00116d7c4f04af106b0b5d2c2032a7cd

SHA1
51b8a92c16b8fae3fc132ddf9716a3fa9af6d081

SHA256
e2461135b7507153623e0bd0d246fda017924b55e3493ae0eb55635ff1d20cb8

SHA512
a210095f4d1d8cdd3398233e92c6591acb3504cdd69409d684d9e4a4d902f53ae91a10c8ed8c1bbeb565fa0617e418745f691cb349a675c809238f7068f06fdf

Download Submit
C:\Windows\system\GOvJRou.exe

Filesize
6.0MB

MD5
b36e0523c73439c1d21294fbbc4fa038

SHA1
b34e7389485bae3aaeb4b2f93e846bf333fd07cd

SHA256
bb1ef9cb9e0b6819584790931ca8e68fa3a62a1a5afe4f68991ec3d814b2e197

SHA512
cd72e4c0fd4117cbbcbaa3814aeb31cbb73d33f8715d46769e6e77e404e93e6e1efeefccf06ddf8742811069f44bb036392d28382944d110b7e02f1bac38c143

Download Submit
C:\Windows\system\GdxBckh.exe

Filesize
6.0MB

MD5
4b11bc442289eb1c739a5ee3155f32a6

SHA1
0805f64f0aa1a32f6a750cc21c4ac3545683af79

SHA256
f74252c507610258761d14b0298b011aff6982d7c0fc9258adaa901ed89422da

SHA512
8736bfb84823ae9ea6444e02e42f8043f591bba6c905a002abfaeba7844eb5a77af1f104d4015983a47c54de43d83f89eb72ac42af6688036a19d25410dbf315

Download Submit
C:\Windows\system\KWsTqPJ.exe

Filesize
6.0MB

MD5
2d4743acee3a733a81d2a35144c63f14

SHA1
30df1d92211e53fcee7baf2943d7de30fef0f5a9

SHA256
08ca0eeff8944f132ae91c7d5c0d3b08a4935b8c9256152d654479688466f8a4

SHA512
d46d381031a5312e68d246f06b1f4f15774fea719814436b6c5d443d7258f7268ad6d23fa2dbf43b04062aaaa6b1e3285843f7902c6efdced2519d1aa05b9c0d

Download Submit
C:\Windows\system\LGDmifN.exe

Filesize
6.0MB

MD5
0d06e23629b7c99705f6361f015e7177

SHA1
2a75fec2d4d31c391cbae0ca90eca7b2e5ab97d2

SHA256
4bd8d2093da9313a47f729421e73dd6b944ac85ea09bd23e579d3843371a83ee

SHA512
ceb48ad091a9afccea852e198cccc5e9194fb33b1580d85dc366a2c9e760317df48681c5d9db9fae9f162569c31391ecd5b151f6f90803be28273f447796a4fe

Download Submit
C:\Windows\system\NQhoNia.exe

Filesize
6.0MB

MD5
8a34f8103c475e862b8d2f6792af9415

SHA1
b3de303846f49ee7a8f7d2051c72d3dfc636a793

SHA256
d99c5895e8fe9cc9ef2bdd5fa999f7cfdc3039f8172bc5e9585f8ea68d30b0e2

SHA512
5a9d2bc3fca3af99decdfd0c6dafcc271f185e741c97aac3609824c6d187315123e86e8889f7731187aad1660a1bbf1b6ab35e6d227779489981378752ab142d

Download Submit
C:\Windows\system\QQKzALL.exe

Filesize
6.0MB

MD5
0600a7ab5af918fe91b2941730350491

SHA1
c915d4a737a4a5073171c918979e30cc0b0a548a

SHA256
73bf2145be6d659078c63df526fa52d212f049ab268df70cf7fe7c61e162c590

SHA512
01a5bdf06c7ee9b1b387cab60bf4be126c3e3a624c9185f351ef2d5a111a1b9a92e0000b03704b37190fe76b91dc1d9069f1ac5e9292db8c2e00dc9550de5ee4

Download Submit
C:\Windows\system\QegKMfj.exe

Filesize
6.0MB

MD5
69e529552b895a37719a02d14c6c0afa

SHA1
011dee37718170a60edc36fa335ab0e9f9081734

SHA256
c92c7c6e94a5f8e893fe6a00a1233a9b76a49ee6c5d93aaa50f6fe1244c4b1c3

SHA512
d8a653c9566f15df61156b843884c0f20f84f68d212f550cfc48999a95a4e31450276f4322ab42b9a4842e763c81b14afed149df6948eb39dd3e40362cba2a38

Download Submit
C:\Windows\system\RJDyHkd.exe

Filesize
6.0MB

MD5
c90d7f14495fe4ac57a428bfb81f513e

SHA1
c2e8acc1159d344c8aa8cb843e7ca948d9a416d5

SHA256
8d38d9f963a20abd75e733aa8ff76649af69a0d394824a9993edb4f1fd1de07b

SHA512
2a0df08f4330b2f1d55f5abd7f38f18e6a2e9ff35a8305f4bc1221f0ce2b309412601998647d958994f3645437c37a79399f9ad0cc122d9dd5d2d04f7a52fb50

Download Submit
C:\Windows\system\RKCaxcd.exe

Filesize
6.0MB

MD5
9fe187de014fdfd991d97ddf1fe59a5b

SHA1
8589e42a6b7a6972f572be85803a8df153abd884

SHA256
ed814ae078abbcb05b53e9ced0a6d64bdfb16fe0879eac6756c724ee4f192b49

SHA512
70c9c3b24b62563cfffcc21b5ab57a37fa0431be64f54536c14e73b613bc0c31be674a2a92da579bbed312c63ceaa56241bd74d7ae786d6f9c9b8b7597a0c59c

Download Submit
C:\Windows\system\RQoOGmI.exe

Filesize
6.0MB

MD5
239acfcdd888daf4209ecf1f4ed979ef

SHA1
56064d586eae041fabc00c5521a2707d28858a20

SHA256
a58d605744934d559181b828fbbaaa5ed34cf19feff282a27afab22af9199eee

SHA512
df488e645f66bac2eacc728603ec58ca94b2ddfb12a82c5a095c0cdf604bc238c93a79c706c6860d0f60c65890a9a83a775e338c94b207b81d70467f7d3f5283

Download Submit
C:\Windows\system\TzshDnZ.exe

Filesize
6.0MB

MD5
7d507adb68b5a43d40005dc6f95d7658

SHA1
7263bc27ddb7d525f030ba460762e1a3d3faaba7

SHA256
af0ccdc7936c2ef2d9eb39c81685e4d9dd0909cdd2d6b1b6ccd9a01eb0d96689

SHA512
e869914df3bb62b33d1ecab0671fc8667d8852bb8dcc40c2ce0ee22bc05b693b4c10ae8e13a99c2c56852c5cc436e9700645368db8a8a72cbd3eea7791be8d53

Download Submit
C:\Windows\system\ZDwdKTz.exe

Filesize
6.0MB

MD5
33f1a2490aff8edf26bce590428d71da

SHA1
4b0677b433730345602b06875bfe03ec674690bb

SHA256
cf3cf426b8812f3ce017dd1a6d53bb917f6f6dd77dafb4b3f71b528a1da31944

SHA512
8c65856f5a8bc624c363dcb5ea6a97d6061bfbbbe91008b7af3907fc1d8ba261cb119dc64a76deab2d1da800f88516b78300e3959bcc51719fc414f3e93de49a

Download Submit
C:\Windows\system\bWCGfCk.exe

Filesize
6.0MB

MD5
a250be7552aa75f6396a1ef350aaac8b

SHA1
274975ce9600dab3933410a97dde743e0236dfa8

SHA256
80db1d73cd7d46d5840a2cc77bb1267533338c7ced0b1bf3500c3e8946a16a1f

SHA512
1bb3c19bf756cd619cda1f3f1d9bef89ee45a21552fa2423c1648acc085fbc14a10adbfecb960e291d89ffdcc651d1a66a504c32e1f6b723279396d9cac903f0

Download Submit
C:\Windows\system\jjCXRgg.exe

Filesize
6.0MB

MD5
0ac79afa221d03581b4a8f2224e7db5a

SHA1
abb2a128884f2da52166bb03f52f7da4bc3dab60

SHA256
f2991a4e684401deab928f1ec3655cbdcd1c53ec8f2163f41067697f8ea97f4d

SHA512
af0d39db4b692db7930659518b4e24fb2a43ef1d5a3ad2da4dc69bef04e444e7be7d56edcc0daaee45f35e8ec7b483d7e4575b7871bcdd5cf95ca0fd1c45ec7c

Download Submit
C:\Windows\system\mOsZqlP.exe

Filesize
6.0MB

MD5
474c2ee35a0cf70396699cd7df60bde3

SHA1
cec698663382f1e256fe4a4e433f625b0dac5137

SHA256
b9e66d9da07ddc46f19021c1afde37f3a47776a974ec5f8f4b3b20f4a34a155b

SHA512
14a072765a249e1973482c7972625cc45a5e38fe6a8ff4ce5863425bba3e354f8dadafc57d790f46df4c9846c635417f568a03733dec87e8560b35c9d4ba8538

Download Submit
C:\Windows\system\oIGnUvf.exe

Filesize
6.0MB

MD5
c93810fcf131876e8bb0ab2f9f10a993

SHA1
79721e16ca61a0c38824dd5a5877c93571cdf1a5

SHA256
f428d4ed015844d1f797e03d52d90e0c396da0d85e34ed95e7d514099b72d78c

SHA512
b66054ebe1ac1da9d03e5c086d763e7bda32db46f2e4bbe525ec34a419b5b546d5e1d4ea38b99907adabad2e91d7b91a2432ac34044b02610a252c2390374224

Download Submit
C:\Windows\system\pIHyGcP.exe

Filesize
6.0MB

MD5
2ab38a276fa4cf2a99ec21a9728d4854

SHA1
be3cae55cb35b15a318a635628a813fa9638f83b

SHA256
7181f239e6304169ef9be3406932cf4f896ac742894eaa3720bb49959213bb76

SHA512
b0bb327e71d78918d4b0ddb25e68171d0644781baddf5f6918a561927584a0ad15a462f869726e8503fb1d9dded5348132683ae6d63d6dfce361da1a55e4b583

Download Submit
C:\Windows\system\qOPHkwW.exe

Filesize
6.0MB

MD5
7bba04d1347d1b339285f2c044f437cc

SHA1
501a708e5f660d501cd2906d8a93072b77667666

SHA256
51673a08f62ed33c4ad0d23fac57ba825ebafd725bd92ca9b97726290dc5221f

SHA512
c38f526c352aa9233a3c3fa5a79411aaed16de0ba7df5b8483a9bb776a59872f42ac190691ba04cea00e676aaef70101f89e5d74a79c0014ac233fee54579b7b

Download Submit
C:\Windows\system\shImTzd.exe

Filesize
6.0MB

MD5
abd8e9904ca8f8babc114bd98f076de3

SHA1
9bada311e3eb3ca23009740dd668f4f807df9f40

SHA256
222eacc9282e0dc763e6388a7e857c8e524a2822bcc2834440fefb0e0f8a4050

SHA512
965365721e3243c551343b076a32f443618c7695c77769cc41ea81f9989ed9993dde03ea4fa2bc6deeef76e145918948a8b1a50f5c7aeb95526a03cab72e8349

Download Submit
C:\Windows\system\swtbDUt.exe

Filesize
6.0MB

MD5
7a64124e0447d5e5f07ac37504c867f4

SHA1
a7ffcd4c7732146c3c81fe0629930ff1a1aa8ce3

SHA256
a82f01c3151421ae4d15311985ace861f9ce593bbb194e7f8f6174b5a1a573f3

SHA512
18467dc5e0ffd436a145b5cb94bc4ae1c8fdb84e2e2dd7555a0d53d2b04b9883c7bce0a507ffa926bb0d0c9943ed3f119980c6c63c6054bbd2f0554ca737217e

Download Submit
C:\Windows\system\torgEuk.exe

Filesize
6.0MB

MD5
8e93ea21c49f759068315274580f4bb6

SHA1
acd87ec8a3c66772aeb4020f4de560c44ccb47b3

SHA256
0e456891c7a7f4fe3201e7e86a52cf1ec0d7bc11d4b91d505152c7d7c2201611

SHA512
34715291afb091ad23f5b96c20190779cd29fa0b8aa409a7f7aa2601bc28ba5ad603d5115c3487fe7ddf0f4d71bd0f78b17be2921c8056009e0c62dcaeceb41f

Download Submit
C:\Windows\system\uOJYtkE.exe

Filesize
6.0MB

MD5
a1cfff4a350c9b884d2ef396a8d9d24d

SHA1
45f773e1cf354d2059bbccf704acd1adec0f8d5c

SHA256
59a1778f21cc6f5b6cf8f5fe737f22857a8de60dbe9a8fc449cb2da890d8d7b2

SHA512
ec9e3566fac99545d8b800bce8d5f4bd2207e7398a0e182a566111f94eef14144b7c114a14843269bb334cf349bc88326751ab51b72effc527f4051aed72a01b

Download Submit
C:\Windows\system\wzdLTqq.exe

Filesize
6.0MB

MD5
9d6f9b6071fec4d52d2cf18a32776285

SHA1
15c98bdfb90d52d06f594fccd2c4be8f770c6a17

SHA256
e98369c9e06ec97ae95512234941e3c66e0d9f9b8e250b973080670dcbdce3c9

SHA512
53191ed2377d3227c1010f398de787ffccd86a7537fca803945988ac0954d43bdb401094adada3d90ea47b106e659402eb2d404c78747bd1b5a92adf8160b091

Download Submit
C:\Windows\system\xdsWboy.exe

Filesize
6.0MB

MD5
870dbb5135e8bbf3a86bd52960a778fb

SHA1
c1cdd96ff94807023fa8401da7486a5dbd85a215

SHA256
81e4a9bc9bcf8e5c3f2a381a0bfbed3e15e5ad8df12c2508416c9a7de328c895

SHA512
f74b8d85e1ea5005fdfe5301a0dbc473b617dcd7089322c62ffbfa341460f8e19c20aed95f3b17aa2349c725dc931e9177de8b358804fc4a05f81ce9089ae993

Download Submit
C:\Windows\system\yMBTsWR.exe

Filesize
6.0MB

MD5
1fc327f1971bfa4e67e632054bcca2a1

SHA1
a40cba5047be0fa8c744c29ed942ed440c370789

SHA256
a1f5ac860c10a1d743bdcfcb92603974d251515ba385b82dd47faa40ff99f8fb

SHA512
b6537fc0365f8677d7fd8ada4e5715532f1c1f174bc3a12d1784d32468fc4fb417db4728c20e77c8b9e77f2bcccbfe6fd038d3cf46cea4c9e7c0f7e01eec5fb2

Download Submit
C:\Windows\system\zzzHgCu.exe

Filesize
6.0MB

MD5
ceee28b9ff1cb0facea66591850b1c5f

SHA1
cfd16ac7c8c897e82721577dc9e7b5805a505270

SHA256
2ab1b431dfa497bbdf11b241a579125dc3b390bdda673141761a9cbd3fb25a92

SHA512
a4c75c5939a46f235dd4dc645cb498e9b726b6b9b280c1b5ed0c72fe11f10842a74e06ce16877678126f323c48e3035e1fc8fe8425e6bbc1aefe2869b5d7b764

Download Submit
\Windows\system\mTrPkAl.exe

Filesize
6.0MB

MD5
464dd87314e8e52510d5af02f8f1cfef

SHA1
9bd4b9dcf030d92eba2e407a519ceb8dfd69f2b5

SHA256
4083dc5ec9a8bb789bc06cebf98cc444633ad2fb2451644005241704a1911c53

SHA512
d629647a91e25ac59f439308463467acff3135bbd3a7dbff7f16a3730ef0f880cb44b5fbef7034458bad73ff52dba7273402c1882e2c834b122ba90a2dd19216

Download Submit
\Windows\system\nyuOLvZ.exe

Filesize
6.0MB

MD5
2492f95ce26b14f4edc2e85894e48d80

SHA1
86912ef6e8a3f0424a2b2e571369413e08f30ff6

SHA256
300c1ccedc76bcce446371fb3538b3a4c97f86e1cef92499b551efe6344a6054

SHA512
01ed8a3bd7f947d4915520c43bef584b24cd65fb7df865c88008c17e023124eaf52167f0577d856daa4e60b0816ef19f094874257520da6f977113b9fed04dd0

Download Submit
\Windows\system\ryUNfgu.exe

Filesize
6.0MB

MD5
4ee562600fb75388fb857addcf02e5b6

SHA1
0e89d043f222292d6bc2f879ce4ccb6a99342249

SHA256
da9f016254dad63cdb8c2a6dc0596805f2d7668cd175f4d044d3352c6904d067

SHA512
93a596f449d43e4b58598c412e235338f98d1758c1ba253c85c95a004136dc8d3b8a05ead98b63d426e009e679b47ca7a33013a9125813db9c356bebb9ef45dc

Download Submit
memory/1084-95-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/1084-4029-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/1084-775-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-103-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/1984-4041-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2164-23-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-18-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2480-4022-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2492-20-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2492-4024-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-86-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2624-4031-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2644-366-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2644-4023-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2644-72-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2656-4042-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-87-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-1031-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2680-774-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2680-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2680-16-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2680-77-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2680-22-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-94-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2680-21-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-102-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2680-71-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2680-109-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-69-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-39-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2680-57-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2680-252-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2680-54-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2680-49-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-478-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2680-34-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-0-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2680-28-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2716-50-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-4028-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-68-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2736-4030-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2752-35-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-85-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-4032-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-29-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2804-76-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2804-4045-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2824-40-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2824-93-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2824-4046-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2892-4043-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2892-88-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download