cobaltstrike | 6345794f79996a5ccae21516588f8ae914610e0d04b514c1341cd30d6d7fab5d

Analysis

max time kernel
148s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20/11/2024, 02:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

6fbf4e228d4bfc64909264044d358a75
SHA1

a2ead363efc30657979a827a34ccfdfecec08ef7
SHA256

6345794f79996a5ccae21516588f8ae914610e0d04b514c1341cd30d6d7fab5d
SHA512

f35b18f1ca4e1f281c66fea0cd2f1e4b129a20063e36e60e7f367560198de6a599b4239f449c84e693429eb2f68f4707d8e2df11d1ebcff15e2f5c9175cff13f
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU0:T+q56utgpPF8u/70

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d00000001225f-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017520-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018634-11.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018741-20.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001907c-25.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019080-29.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001919c-35.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000191ad-40.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf2-44.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cd5-54.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f57-73.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f71-79.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e6-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a447-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a445-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a463-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a452-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a454-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ed-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a423-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ea-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e8-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e4-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2b9-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2fc-104.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a05a-93.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a033-89.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a020-84.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d69-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cfc-59.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d5c-64.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c0b-49.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 55 IoCs

miner

resource	yara_rule
behavioral1/memory/2096-0-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x000d00000001225f-6.dat	xmrig
behavioral1/files/0x0008000000017520-10.dat	xmrig
behavioral1/files/0x0007000000018634-11.dat	xmrig
behavioral1/files/0x0006000000018741-20.dat	xmrig
behavioral1/files/0x000700000001907c-25.dat	xmrig
behavioral1/files/0x0007000000019080-29.dat	xmrig
behavioral1/files/0x000700000001919c-35.dat	xmrig
behavioral1/files/0x00070000000191ad-40.dat	xmrig
behavioral1/files/0x0005000000019bf2-44.dat	xmrig
behavioral1/files/0x0005000000019cd5-54.dat	xmrig
behavioral1/files/0x0005000000019f57-73.dat	xmrig
behavioral1/files/0x0005000000019f71-79.dat	xmrig
behavioral1/files/0x000500000001a3e6-114.dat	xmrig
behavioral1/files/0x000500000001a447-142.dat	xmrig
behavioral1/files/0x000500000001a445-153.dat	xmrig
behavioral1/memory/2808-1924-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2096-2005-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2692-2004-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2836-2006-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2096-2007-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2812-2134-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2584-2008-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2612-2209-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2576-2287-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2636-2323-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2096-2324-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/736-2359-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/files/0x000500000001a463-159.dat	xmrig
behavioral1/files/0x000500000001a452-144.dat	xmrig
behavioral1/files/0x000500000001a454-151.dat	xmrig
behavioral1/files/0x000500000001a3ed-129.dat	xmrig
behavioral1/files/0x000500000001a423-133.dat	xmrig
behavioral1/files/0x000500000001a3ea-124.dat	xmrig
behavioral1/files/0x000500000001a3e8-120.dat	xmrig
behavioral1/files/0x000500000001a3e4-110.dat	xmrig
behavioral1/files/0x000500000001a2b9-100.dat	xmrig
behavioral1/files/0x000500000001a2fc-104.dat	xmrig
behavioral1/files/0x000500000001a05a-93.dat	xmrig
behavioral1/files/0x000500000001a033-89.dat	xmrig
behavioral1/files/0x000500000001a020-84.dat	xmrig
behavioral1/files/0x0005000000019d69-70.dat	xmrig
behavioral1/files/0x0005000000019cfc-59.dat	xmrig
behavioral1/files/0x0005000000019d5c-64.dat	xmrig
behavioral1/files/0x0005000000019c0b-49.dat	xmrig
behavioral1/memory/2836-2603-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2636-2609-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2692-2618-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/736-2628-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2576-2629-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2812-2621-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2612-2607-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2584-2608-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2808-4598-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2096-5294-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2808	cXGICmt.exe
2940	pgUxKZf.exe
2692	CknrBTB.exe
2836	iJhonXS.exe
2584	GUMeGYj.exe
2812	ZOjNOVD.exe
2612	yfzSCFT.exe
2576	YaxHOQJ.exe
2636	fNjNXzg.exe
736	eNTQQtk.exe
1992	zKdHoIl.exe
1688	qLhcNNx.exe
2540	lLuCmiX.exe
1144	UDBCOOd.exe
844	yEZPRLp.exe
1316	hRIeFLC.exe
2188	jReEWFG.exe
1696	HUyIqeS.exe
2884	MfCBsvG.exe
1740	YjQfRLH.exe
972	BgjWVNU.exe
2268	VnFGBcE.exe
2440	NouClUJ.exe
2404	QbWzmVz.exe
2448	ISrrSUi.exe
1844	ijauQCh.exe
1588	gnjYNaw.exe
2352	ljuCFRQ.exe
1856	mdKRxFR.exe
2124	ZeoXrwt.exe
1976	kbThyUf.exe
2100	Apcdgiq.exe
2392	NtPgUHH.exe
1260	qDlwowK.exe
1804	SgdZIpv.exe
1092	RzHHZCH.exe
540	MpQJVZY.exe
944	OYrThKg.exe
1032	FgwIMCQ.exe
1996	UurrbkK.exe
2420	MkrkivG.exe
1644	bVMAdum.exe
1516	KaZgwdj.exe
1684	xmsuDxU.exe
3020	IMgXYsV.exe
1336	DFNPvCo.exe
2980	LcKbErz.exe
2976	absrtyM.exe
2084	sorlSln.exe
2488	NjDDeNN.exe
2532	VIwXhaG.exe
2076	mcUCtPh.exe
1760	WpnpEQw.exe
2320	rypydRI.exe
1412	LzurymP.exe
340	RvvfhZk.exe
1732	CAkUGfz.exe
2644	geLMiVE.exe
2480	lrSznNs.exe
1576	JczrhiY.exe
2720	kvwbmtK.exe
1544	yBApmeo.exe
2804	OzqeORj.exe
2792	rTcJTtL.exe

Loads dropped DLL 64 IoCs

pid	Process
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 52 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2096-0-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x000d00000001225f-6.dat	upx
behavioral1/files/0x0008000000017520-10.dat	upx
behavioral1/files/0x0007000000018634-11.dat	upx
behavioral1/files/0x0006000000018741-20.dat	upx
behavioral1/files/0x000700000001907c-25.dat	upx
behavioral1/files/0x0007000000019080-29.dat	upx
behavioral1/files/0x000700000001919c-35.dat	upx
behavioral1/files/0x00070000000191ad-40.dat	upx
behavioral1/files/0x0005000000019bf2-44.dat	upx
behavioral1/files/0x0005000000019cd5-54.dat	upx
behavioral1/files/0x0005000000019f57-73.dat	upx
behavioral1/files/0x0005000000019f71-79.dat	upx
behavioral1/files/0x000500000001a3e6-114.dat	upx
behavioral1/files/0x000500000001a447-142.dat	upx
behavioral1/files/0x000500000001a445-153.dat	upx
behavioral1/memory/2808-1924-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2692-2004-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2836-2006-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2812-2134-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2584-2008-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2612-2209-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2576-2287-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2636-2323-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/736-2359-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/files/0x000500000001a463-159.dat	upx
behavioral1/files/0x000500000001a452-144.dat	upx
behavioral1/files/0x000500000001a454-151.dat	upx
behavioral1/files/0x000500000001a3ed-129.dat	upx
behavioral1/files/0x000500000001a423-133.dat	upx
behavioral1/files/0x000500000001a3ea-124.dat	upx
behavioral1/files/0x000500000001a3e8-120.dat	upx
behavioral1/files/0x000500000001a3e4-110.dat	upx
behavioral1/files/0x000500000001a2b9-100.dat	upx
behavioral1/files/0x000500000001a2fc-104.dat	upx
behavioral1/files/0x000500000001a05a-93.dat	upx
behavioral1/files/0x000500000001a033-89.dat	upx
behavioral1/files/0x000500000001a020-84.dat	upx
behavioral1/files/0x0005000000019d69-70.dat	upx
behavioral1/files/0x0005000000019cfc-59.dat	upx
behavioral1/files/0x0005000000019d5c-64.dat	upx
behavioral1/files/0x0005000000019c0b-49.dat	upx
behavioral1/memory/2836-2603-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2636-2609-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2692-2618-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/736-2628-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2576-2629-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2812-2621-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2612-2607-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2584-2608-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2808-4598-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2096-5294-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\aSRUVqe.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eUFKuRk.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fGSNVhK.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MlPDCFH.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qPUitXU.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rxIMOVg.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BAYlHHj.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YDGChnK.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cZaEnhz.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aUROMrR.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MeoomPC.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvpOWRl.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pZLdKre.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KwJmeHb.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jhqqxjL.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wwkNCZP.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\evuGdQK.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WmOViNc.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DTacsWc.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fcUgPTU.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\APZSJXj.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QsZgPSy.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EByHdHE.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NVoHuJJ.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dsWZlqf.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nakQzIM.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nmhCkVE.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FXzibfY.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vkWwpUr.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jtxLReQ.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aMGyhVx.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IbVoEvf.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JsJYdHi.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EnJMZPF.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KSGRVfY.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kvKtnsd.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rIDXVmA.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jFXtaer.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BevxqUP.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\saGDskm.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LDPhsKt.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PGqawhD.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hmctzzC.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uhxkTGV.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sncqZFy.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IgdUtQp.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yERtsAV.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wpDlLSH.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gOAHwnE.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DoEvCtR.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KkpDWvr.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AHFTMXr.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hFfxlXp.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DktyLGs.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AHIUhZF.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\prqXhRX.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WKOnksP.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ITcXNpN.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZhsllLR.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yPcvqLN.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XOJgzcy.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aXQsMxG.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GOiucRR.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VdCGMob.exe	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 2808	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2096 wrote to memory of 2808	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2096 wrote to memory of 2808	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2096 wrote to memory of 2940	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2096 wrote to memory of 2940	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2096 wrote to memory of 2940	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2096 wrote to memory of 2692	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2096 wrote to memory of 2692	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2096 wrote to memory of 2692	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2096 wrote to memory of 2836	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2096 wrote to memory of 2836	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2096 wrote to memory of 2836	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2096 wrote to memory of 2584	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2096 wrote to memory of 2584	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2096 wrote to memory of 2584	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2096 wrote to memory of 2812	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2096 wrote to memory of 2812	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2096 wrote to memory of 2812	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2096 wrote to memory of 2612	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2096 wrote to memory of 2612	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2096 wrote to memory of 2612	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2096 wrote to memory of 2576	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2096 wrote to memory of 2576	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2096 wrote to memory of 2576	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2096 wrote to memory of 2636	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2096 wrote to memory of 2636	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2096 wrote to memory of 2636	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2096 wrote to memory of 736	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2096 wrote to memory of 736	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2096 wrote to memory of 736	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2096 wrote to memory of 1992	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2096 wrote to memory of 1992	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2096 wrote to memory of 1992	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2096 wrote to memory of 1688	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2096 wrote to memory of 1688	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2096 wrote to memory of 1688	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2096 wrote to memory of 2540	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2096 wrote to memory of 2540	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2096 wrote to memory of 2540	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2096 wrote to memory of 1144	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2096 wrote to memory of 1144	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2096 wrote to memory of 1144	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2096 wrote to memory of 844	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2096 wrote to memory of 844	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2096 wrote to memory of 844	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2096 wrote to memory of 1316	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2096 wrote to memory of 1316	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2096 wrote to memory of 1316	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2096 wrote to memory of 2188	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2096 wrote to memory of 2188	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2096 wrote to memory of 2188	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2096 wrote to memory of 1696	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2096 wrote to memory of 1696	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2096 wrote to memory of 1696	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2096 wrote to memory of 2884	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2096 wrote to memory of 2884	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2096 wrote to memory of 2884	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2096 wrote to memory of 1740	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2096 wrote to memory of 1740	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2096 wrote to memory of 1740	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2096 wrote to memory of 972	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2096 wrote to memory of 972	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2096 wrote to memory of 972	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2096 wrote to memory of 2268	2096	2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_6fbf4e228d4bfc64909264044d358a75_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Windows\System\cXGICmt.exe
  C:\Windows\System\cXGICmt.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\pgUxKZf.exe
  C:\Windows\System\pgUxKZf.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\CknrBTB.exe
  C:\Windows\System\CknrBTB.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\iJhonXS.exe
  C:\Windows\System\iJhonXS.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\GUMeGYj.exe
  C:\Windows\System\GUMeGYj.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\ZOjNOVD.exe
  C:\Windows\System\ZOjNOVD.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\yfzSCFT.exe
  C:\Windows\System\yfzSCFT.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\YaxHOQJ.exe
  C:\Windows\System\YaxHOQJ.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\fNjNXzg.exe
  C:\Windows\System\fNjNXzg.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\eNTQQtk.exe
  C:\Windows\System\eNTQQtk.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\zKdHoIl.exe
  C:\Windows\System\zKdHoIl.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\qLhcNNx.exe
  C:\Windows\System\qLhcNNx.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\lLuCmiX.exe
  C:\Windows\System\lLuCmiX.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\UDBCOOd.exe
  C:\Windows\System\UDBCOOd.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\yEZPRLp.exe
  C:\Windows\System\yEZPRLp.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\hRIeFLC.exe
  C:\Windows\System\hRIeFLC.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\jReEWFG.exe
  C:\Windows\System\jReEWFG.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\HUyIqeS.exe
  C:\Windows\System\HUyIqeS.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\MfCBsvG.exe
  C:\Windows\System\MfCBsvG.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\YjQfRLH.exe
  C:\Windows\System\YjQfRLH.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\BgjWVNU.exe
  C:\Windows\System\BgjWVNU.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\VnFGBcE.exe
  C:\Windows\System\VnFGBcE.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\NouClUJ.exe
  C:\Windows\System\NouClUJ.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\QbWzmVz.exe
  C:\Windows\System\QbWzmVz.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\ISrrSUi.exe
  C:\Windows\System\ISrrSUi.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\ijauQCh.exe
  C:\Windows\System\ijauQCh.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\gnjYNaw.exe
  C:\Windows\System\gnjYNaw.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\ZeoXrwt.exe
  C:\Windows\System\ZeoXrwt.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\ljuCFRQ.exe
  C:\Windows\System\ljuCFRQ.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\kbThyUf.exe
  C:\Windows\System\kbThyUf.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\mdKRxFR.exe
  C:\Windows\System\mdKRxFR.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\Apcdgiq.exe
  C:\Windows\System\Apcdgiq.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\NtPgUHH.exe
  C:\Windows\System\NtPgUHH.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\qDlwowK.exe
  C:\Windows\System\qDlwowK.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\SgdZIpv.exe
  C:\Windows\System\SgdZIpv.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\RzHHZCH.exe
  C:\Windows\System\RzHHZCH.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\MpQJVZY.exe
  C:\Windows\System\MpQJVZY.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\OYrThKg.exe
  C:\Windows\System\OYrThKg.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\FgwIMCQ.exe
  C:\Windows\System\FgwIMCQ.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\UurrbkK.exe
  C:\Windows\System\UurrbkK.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\MkrkivG.exe
  C:\Windows\System\MkrkivG.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\bVMAdum.exe
  C:\Windows\System\bVMAdum.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\KaZgwdj.exe
  C:\Windows\System\KaZgwdj.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\xmsuDxU.exe
  C:\Windows\System\xmsuDxU.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\IMgXYsV.exe
  C:\Windows\System\IMgXYsV.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\DFNPvCo.exe
  C:\Windows\System\DFNPvCo.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\LcKbErz.exe
  C:\Windows\System\LcKbErz.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\absrtyM.exe
  C:\Windows\System\absrtyM.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\sorlSln.exe
  C:\Windows\System\sorlSln.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\NjDDeNN.exe
  C:\Windows\System\NjDDeNN.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\VIwXhaG.exe
  C:\Windows\System\VIwXhaG.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\mcUCtPh.exe
  C:\Windows\System\mcUCtPh.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\WpnpEQw.exe
  C:\Windows\System\WpnpEQw.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\rypydRI.exe
  C:\Windows\System\rypydRI.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\LzurymP.exe
  C:\Windows\System\LzurymP.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\RvvfhZk.exe
  C:\Windows\System\RvvfhZk.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\CAkUGfz.exe
  C:\Windows\System\CAkUGfz.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\geLMiVE.exe
  C:\Windows\System\geLMiVE.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\lrSznNs.exe
  C:\Windows\System\lrSznNs.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\yBApmeo.exe
  C:\Windows\System\yBApmeo.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\JczrhiY.exe
  C:\Windows\System\JczrhiY.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\OzqeORj.exe
  C:\Windows\System\OzqeORj.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\kvwbmtK.exe
  C:\Windows\System\kvwbmtK.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\rTcJTtL.exe
  C:\Windows\System\rTcJTtL.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\wveJKtU.exe
  C:\Windows\System\wveJKtU.exe
  2⤵
  PID:2756
- C:\Windows\System\KkpDWvr.exe
  C:\Windows\System\KkpDWvr.exe
  2⤵
  PID:2600
- C:\Windows\System\VRSruYc.exe
  C:\Windows\System\VRSruYc.exe
  2⤵
  PID:1600
- C:\Windows\System\PNnLOOA.exe
  C:\Windows\System\PNnLOOA.exe
  2⤵
  PID:1676
- C:\Windows\System\xvhHMZn.exe
  C:\Windows\System\xvhHMZn.exe
  2⤵
  PID:2136
- C:\Windows\System\qKoPnEg.exe
  C:\Windows\System\qKoPnEg.exe
  2⤵
  PID:2256
- C:\Windows\System\uUWDcFC.exe
  C:\Windows\System\uUWDcFC.exe
  2⤵
  PID:1276
- C:\Windows\System\axaOSer.exe
  C:\Windows\System\axaOSer.exe
  2⤵
  PID:2852
- C:\Windows\System\APZSJXj.exe
  C:\Windows\System\APZSJXj.exe
  2⤵
  PID:572
- C:\Windows\System\ALpNicD.exe
  C:\Windows\System\ALpNicD.exe
  2⤵
  PID:1924
- C:\Windows\System\wYuMQRk.exe
  C:\Windows\System\wYuMQRk.exe
  2⤵
  PID:1896
- C:\Windows\System\xADsrAR.exe
  C:\Windows\System\xADsrAR.exe
  2⤵
  PID:2372
- C:\Windows\System\yywseCa.exe
  C:\Windows\System\yywseCa.exe
  2⤵
  PID:1868
- C:\Windows\System\BIvPgZu.exe
  C:\Windows\System\BIvPgZu.exe
  2⤵
  PID:1176
- C:\Windows\System\RCoDhGq.exe
  C:\Windows\System\RCoDhGq.exe
  2⤵
  PID:2180
- C:\Windows\System\HPchWTG.exe
  C:\Windows\System\HPchWTG.exe
  2⤵
  PID:2968
- C:\Windows\System\jtdXHKw.exe
  C:\Windows\System\jtdXHKw.exe
  2⤵
  PID:1964
- C:\Windows\System\gWQcsqu.exe
  C:\Windows\System\gWQcsqu.exe
  2⤵
  PID:268
- C:\Windows\System\JJPvEHv.exe
  C:\Windows\System\JJPvEHv.exe
  2⤵
  PID:604
- C:\Windows\System\MhTLTev.exe
  C:\Windows\System\MhTLTev.exe
  2⤵
  PID:2984
- C:\Windows\System\LdHobmf.exe
  C:\Windows\System\LdHobmf.exe
  2⤵
  PID:2056
- C:\Windows\System\ePRWTKl.exe
  C:\Windows\System\ePRWTKl.exe
  2⤵
  PID:2412
- C:\Windows\System\RndWwrE.exe
  C:\Windows\System\RndWwrE.exe
  2⤵
  PID:1708
- C:\Windows\System\etGvvlB.exe
  C:\Windows\System\etGvvlB.exe
  2⤵
  PID:1980
- C:\Windows\System\OgywlLC.exe
  C:\Windows\System\OgywlLC.exe
  2⤵
  PID:1900
- C:\Windows\System\xwpJrjx.exe
  C:\Windows\System\xwpJrjx.exe
  2⤵
  PID:2988
- C:\Windows\System\yRpXrxY.exe
  C:\Windows\System\yRpXrxY.exe
  2⤵
  PID:1876
- C:\Windows\System\KZzGOPu.exe
  C:\Windows\System\KZzGOPu.exe
  2⤵
  PID:684
- C:\Windows\System\WxolPuE.exe
  C:\Windows\System\WxolPuE.exe
  2⤵
  PID:2260
- C:\Windows\System\quZOlXN.exe
  C:\Windows\System\quZOlXN.exe
  2⤵
  PID:1132
- C:\Windows\System\VPYjOrV.exe
  C:\Windows\System\VPYjOrV.exe
  2⤵
  PID:876
- C:\Windows\System\JNTcIPp.exe
  C:\Windows\System\JNTcIPp.exe
  2⤵
  PID:2820
- C:\Windows\System\jXvHodT.exe
  C:\Windows\System\jXvHodT.exe
  2⤵
  PID:2492
- C:\Windows\System\OfgbMWI.exe
  C:\Windows\System\OfgbMWI.exe
  2⤵
  PID:1572
- C:\Windows\System\rtSEQnc.exe
  C:\Windows\System\rtSEQnc.exe
  2⤵
  PID:2248
- C:\Windows\System\kteBaAL.exe
  C:\Windows\System\kteBaAL.exe
  2⤵
  PID:1984
- C:\Windows\System\AdUgCRM.exe
  C:\Windows\System\AdUgCRM.exe
  2⤵
  PID:2696
- C:\Windows\System\VjUfdQX.exe
  C:\Windows\System\VjUfdQX.exe
  2⤵
  PID:568
- C:\Windows\System\Vatyagd.exe
  C:\Windows\System\Vatyagd.exe
  2⤵
  PID:2904
- C:\Windows\System\EFFKLzS.exe
  C:\Windows\System\EFFKLzS.exe
  2⤵
  PID:2936
- C:\Windows\System\NKvPItQ.exe
  C:\Windows\System\NKvPItQ.exe
  2⤵
  PID:2648
- C:\Windows\System\eDiTAHh.exe
  C:\Windows\System\eDiTAHh.exe
  2⤵
  PID:1620
- C:\Windows\System\oeBHiRG.exe
  C:\Windows\System\oeBHiRG.exe
  2⤵
  PID:2464
- C:\Windows\System\MMQDBlo.exe
  C:\Windows\System\MMQDBlo.exe
  2⤵
  PID:2340
- C:\Windows\System\fifBQBq.exe
  C:\Windows\System\fifBQBq.exe
  2⤵
  PID:888
- C:\Windows\System\AXhKlqs.exe
  C:\Windows\System\AXhKlqs.exe
  2⤵
  PID:884
- C:\Windows\System\PYxqQlR.exe
  C:\Windows\System\PYxqQlR.exe
  2⤵
  PID:2400
- C:\Windows\System\xyoYQeQ.exe
  C:\Windows\System\xyoYQeQ.exe
  2⤵
  PID:1792
- C:\Windows\System\qfrgCSu.exe
  C:\Windows\System\qfrgCSu.exe
  2⤵
  PID:2992
- C:\Windows\System\NxhYrlQ.exe
  C:\Windows\System\NxhYrlQ.exe
  2⤵
  PID:984
- C:\Windows\System\FNbxNTp.exe
  C:\Windows\System\FNbxNTp.exe
  2⤵
  PID:2504
- C:\Windows\System\TYUNumW.exe
  C:\Windows\System\TYUNumW.exe
  2⤵
  PID:968
- C:\Windows\System\hrigccv.exe
  C:\Windows\System\hrigccv.exe
  2⤵
  PID:2888
- C:\Windows\System\GRNpOCq.exe
  C:\Windows\System\GRNpOCq.exe
  2⤵
  PID:708
- C:\Windows\System\UmYcOwR.exe
  C:\Windows\System\UmYcOwR.exe
  2⤵
  PID:3040
- C:\Windows\System\yJQjqVt.exe
  C:\Windows\System\yJQjqVt.exe
  2⤵
  PID:744
- C:\Windows\System\DztaGUe.exe
  C:\Windows\System\DztaGUe.exe
  2⤵
  PID:2220
- C:\Windows\System\dQhlTgc.exe
  C:\Windows\System\dQhlTgc.exe
  2⤵
  PID:1668
- C:\Windows\System\sCbIXHw.exe
  C:\Windows\System\sCbIXHw.exe
  2⤵
  PID:2204
- C:\Windows\System\esZOibE.exe
  C:\Windows\System\esZOibE.exe
  2⤵
  PID:2932
- C:\Windows\System\JtKuegt.exe
  C:\Windows\System\JtKuegt.exe
  2⤵
  PID:3080
- C:\Windows\System\fmqEKtU.exe
  C:\Windows\System\fmqEKtU.exe
  2⤵
  PID:3096
- C:\Windows\System\wXvMuvc.exe
  C:\Windows\System\wXvMuvc.exe
  2⤵
  PID:3116
- C:\Windows\System\GoHixUi.exe
  C:\Windows\System\GoHixUi.exe
  2⤵
  PID:3144
- C:\Windows\System\wnGwFfV.exe
  C:\Windows\System\wnGwFfV.exe
  2⤵
  PID:3168
- C:\Windows\System\hfdbaSA.exe
  C:\Windows\System\hfdbaSA.exe
  2⤵
  PID:3188
- C:\Windows\System\BaUWzfT.exe
  C:\Windows\System\BaUWzfT.exe
  2⤵
  PID:3204
- C:\Windows\System\IJfpmcQ.exe
  C:\Windows\System\IJfpmcQ.exe
  2⤵
  PID:3228
- C:\Windows\System\qBBtGvM.exe
  C:\Windows\System\qBBtGvM.exe
  2⤵
  PID:3248
- C:\Windows\System\DktyLGs.exe
  C:\Windows\System\DktyLGs.exe
  2⤵
  PID:3268
- C:\Windows\System\VyRhzwy.exe
  C:\Windows\System\VyRhzwy.exe
  2⤵
  PID:3288
- C:\Windows\System\dIYRuiN.exe
  C:\Windows\System\dIYRuiN.exe
  2⤵
  PID:3308
- C:\Windows\System\RlMKsWJ.exe
  C:\Windows\System\RlMKsWJ.exe
  2⤵
  PID:3328
- C:\Windows\System\svyPjbn.exe
  C:\Windows\System\svyPjbn.exe
  2⤵
  PID:3348
- C:\Windows\System\HEGNfAL.exe
  C:\Windows\System\HEGNfAL.exe
  2⤵
  PID:3368
- C:\Windows\System\leLbGPg.exe
  C:\Windows\System\leLbGPg.exe
  2⤵
  PID:3388
- C:\Windows\System\sgRuuzF.exe
  C:\Windows\System\sgRuuzF.exe
  2⤵
  PID:3404
- C:\Windows\System\OGuzbve.exe
  C:\Windows\System\OGuzbve.exe
  2⤵
  PID:3424
- C:\Windows\System\TUvszNt.exe
  C:\Windows\System\TUvszNt.exe
  2⤵
  PID:3452
- C:\Windows\System\DQjIzBz.exe
  C:\Windows\System\DQjIzBz.exe
  2⤵
  PID:3468
- C:\Windows\System\DOhQinp.exe
  C:\Windows\System\DOhQinp.exe
  2⤵
  PID:3492
- C:\Windows\System\XEbZlSP.exe
  C:\Windows\System\XEbZlSP.exe
  2⤵
  PID:3512
- C:\Windows\System\jWrRcJg.exe
  C:\Windows\System\jWrRcJg.exe
  2⤵
  PID:3532
- C:\Windows\System\GsIWytt.exe
  C:\Windows\System\GsIWytt.exe
  2⤵
  PID:3552
- C:\Windows\System\ntJhNIT.exe
  C:\Windows\System\ntJhNIT.exe
  2⤵
  PID:3572
- C:\Windows\System\uhxkTGV.exe
  C:\Windows\System\uhxkTGV.exe
  2⤵
  PID:3592
- C:\Windows\System\yKdgYmB.exe
  C:\Windows\System\yKdgYmB.exe
  2⤵
  PID:3608
- C:\Windows\System\leJPoan.exe
  C:\Windows\System\leJPoan.exe
  2⤵
  PID:3632
- C:\Windows\System\TExQFKM.exe
  C:\Windows\System\TExQFKM.exe
  2⤵
  PID:3648
- C:\Windows\System\mQeYPUC.exe
  C:\Windows\System\mQeYPUC.exe
  2⤵
  PID:3672
- C:\Windows\System\uZKyQSh.exe
  C:\Windows\System\uZKyQSh.exe
  2⤵
  PID:3688
- C:\Windows\System\eMCYGdy.exe
  C:\Windows\System\eMCYGdy.exe
  2⤵
  PID:3708
- C:\Windows\System\xBNwPMw.exe
  C:\Windows\System\xBNwPMw.exe
  2⤵
  PID:3736
- C:\Windows\System\DZstpZB.exe
  C:\Windows\System\DZstpZB.exe
  2⤵
  PID:3756
- C:\Windows\System\XpzTtEY.exe
  C:\Windows\System\XpzTtEY.exe
  2⤵
  PID:3772
- C:\Windows\System\ITcXNpN.exe
  C:\Windows\System\ITcXNpN.exe
  2⤵
  PID:3796
- C:\Windows\System\IbIxdyd.exe
  C:\Windows\System\IbIxdyd.exe
  2⤵
  PID:3812
- C:\Windows\System\rZymYJn.exe
  C:\Windows\System\rZymYJn.exe
  2⤵
  PID:3836
- C:\Windows\System\KYNTJWh.exe
  C:\Windows\System\KYNTJWh.exe
  2⤵
  PID:3852
- C:\Windows\System\TRVuKJl.exe
  C:\Windows\System\TRVuKJl.exe
  2⤵
  PID:3872
- C:\Windows\System\OpzEyNN.exe
  C:\Windows\System\OpzEyNN.exe
  2⤵
  PID:3896
- C:\Windows\System\wrxWvGc.exe
  C:\Windows\System\wrxWvGc.exe
  2⤵
  PID:3916
- C:\Windows\System\IFKluht.exe
  C:\Windows\System\IFKluht.exe
  2⤵
  PID:3936
- C:\Windows\System\eyRSnDK.exe
  C:\Windows\System\eyRSnDK.exe
  2⤵
  PID:3952
- C:\Windows\System\RVZUsdl.exe
  C:\Windows\System\RVZUsdl.exe
  2⤵
  PID:3972
- C:\Windows\System\DRqfLpF.exe
  C:\Windows\System\DRqfLpF.exe
  2⤵
  PID:3996
- C:\Windows\System\XEQqrCS.exe
  C:\Windows\System\XEQqrCS.exe
  2⤵
  PID:4016
- C:\Windows\System\bmeWVhG.exe
  C:\Windows\System\bmeWVhG.exe
  2⤵
  PID:4036
- C:\Windows\System\AsRnLyA.exe
  C:\Windows\System\AsRnLyA.exe
  2⤵
  PID:4056
- C:\Windows\System\UayCFmH.exe
  C:\Windows\System\UayCFmH.exe
  2⤵
  PID:4072
- C:\Windows\System\jBNGhry.exe
  C:\Windows\System\jBNGhry.exe
  2⤵
  PID:996
- C:\Windows\System\BcOJLmV.exe
  C:\Windows\System\BcOJLmV.exe
  2⤵
  PID:2860
- C:\Windows\System\AmvgAHc.exe
  C:\Windows\System\AmvgAHc.exe
  2⤵
  PID:2280
- C:\Windows\System\DXSQARX.exe
  C:\Windows\System\DXSQARX.exe
  2⤵
  PID:812
- C:\Windows\System\ierAYNU.exe
  C:\Windows\System\ierAYNU.exe
  2⤵
  PID:788
- C:\Windows\System\bWgqQUd.exe
  C:\Windows\System\bWgqQUd.exe
  2⤵
  PID:1552
- C:\Windows\System\SVAMspX.exe
  C:\Windows\System\SVAMspX.exe
  2⤵
  PID:2452
- C:\Windows\System\syiWVaX.exe
  C:\Windows\System\syiWVaX.exe
  2⤵
  PID:2472
- C:\Windows\System\MnpfjAq.exe
  C:\Windows\System\MnpfjAq.exe
  2⤵
  PID:376
- C:\Windows\System\oxwLurZ.exe
  C:\Windows\System\oxwLurZ.exe
  2⤵
  PID:3088
- C:\Windows\System\doGajYg.exe
  C:\Windows\System\doGajYg.exe
  2⤵
  PID:1072
- C:\Windows\System\XSqTBQl.exe
  C:\Windows\System\XSqTBQl.exe
  2⤵
  PID:740
- C:\Windows\System\NUfxCuN.exe
  C:\Windows\System\NUfxCuN.exe
  2⤵
  PID:3128
- C:\Windows\System\uwvxruL.exe
  C:\Windows\System\uwvxruL.exe
  2⤵
  PID:3140
- C:\Windows\System\yFUFLfX.exe
  C:\Windows\System\yFUFLfX.exe
  2⤵
  PID:3216
- C:\Windows\System\ofXkbZk.exe
  C:\Windows\System\ofXkbZk.exe
  2⤵
  PID:3156
- C:\Windows\System\sYSbrLU.exe
  C:\Windows\System\sYSbrLU.exe
  2⤵
  PID:3264
- C:\Windows\System\VULTkdq.exe
  C:\Windows\System\VULTkdq.exe
  2⤵
  PID:3244
- C:\Windows\System\ARAQJcF.exe
  C:\Windows\System\ARAQJcF.exe
  2⤵
  PID:3344
- C:\Windows\System\xBMWCOV.exe
  C:\Windows\System\xBMWCOV.exe
  2⤵
  PID:3412
- C:\Windows\System\ipYBXmn.exe
  C:\Windows\System\ipYBXmn.exe
  2⤵
  PID:3316
- C:\Windows\System\ZTiBtYM.exe
  C:\Windows\System\ZTiBtYM.exe
  2⤵
  PID:3400
- C:\Windows\System\kmXCoGR.exe
  C:\Windows\System\kmXCoGR.exe
  2⤵
  PID:3436
- C:\Windows\System\HqzUvbT.exe
  C:\Windows\System\HqzUvbT.exe
  2⤵
  PID:3448
- C:\Windows\System\wuRWgCS.exe
  C:\Windows\System\wuRWgCS.exe
  2⤵
  PID:3508
- C:\Windows\System\dZeouzA.exe
  C:\Windows\System\dZeouzA.exe
  2⤵
  PID:3484
- C:\Windows\System\htkUNgB.exe
  C:\Windows\System\htkUNgB.exe
  2⤵
  PID:3560
- C:\Windows\System\tyJoUDX.exe
  C:\Windows\System\tyJoUDX.exe
  2⤵
  PID:3620
- C:\Windows\System\jcAeabv.exe
  C:\Windows\System\jcAeabv.exe
  2⤵
  PID:3604
- C:\Windows\System\blqTOYi.exe
  C:\Windows\System\blqTOYi.exe
  2⤵
  PID:3696
- C:\Windows\System\gJUsBZq.exe
  C:\Windows\System\gJUsBZq.exe
  2⤵
  PID:3680
- C:\Windows\System\OOpkQks.exe
  C:\Windows\System\OOpkQks.exe
  2⤵
  PID:3728
- C:\Windows\System\MrwUrun.exe
  C:\Windows\System\MrwUrun.exe
  2⤵
  PID:3748
- C:\Windows\System\QwgfnkU.exe
  C:\Windows\System\QwgfnkU.exe
  2⤵
  PID:3820
- C:\Windows\System\iEtruWw.exe
  C:\Windows\System\iEtruWw.exe
  2⤵
  PID:3824
- C:\Windows\System\gNmNdPk.exe
  C:\Windows\System\gNmNdPk.exe
  2⤵
  PID:3868
- C:\Windows\System\XOJgzcy.exe
  C:\Windows\System\XOJgzcy.exe
  2⤵
  PID:3904
- C:\Windows\System\VYpKTyy.exe
  C:\Windows\System\VYpKTyy.exe
  2⤵
  PID:3924
- C:\Windows\System\FIeDnvH.exe
  C:\Windows\System\FIeDnvH.exe
  2⤵
  PID:3988
- C:\Windows\System\DwrgAKf.exe
  C:\Windows\System\DwrgAKf.exe
  2⤵
  PID:4004
- C:\Windows\System\efFECBK.exe
  C:\Windows\System\efFECBK.exe
  2⤵
  PID:4008
- C:\Windows\System\GmKHggK.exe
  C:\Windows\System\GmKHggK.exe
  2⤵
  PID:2628
- C:\Windows\System\cVJBsgp.exe
  C:\Windows\System\cVJBsgp.exe
  2⤵
  PID:1800
- C:\Windows\System\BYqYOrT.exe
  C:\Windows\System\BYqYOrT.exe
  2⤵
  PID:2292
- C:\Windows\System\MdFZdIC.exe
  C:\Windows\System\MdFZdIC.exe
  2⤵
  PID:2356
- C:\Windows\System\FRiEceU.exe
  C:\Windows\System\FRiEceU.exe
  2⤵
  PID:2304
- C:\Windows\System\pRUQMoI.exe
  C:\Windows\System\pRUQMoI.exe
  2⤵
  PID:820
- C:\Windows\System\UOoKzdY.exe
  C:\Windows\System\UOoKzdY.exe
  2⤵
  PID:2176
- C:\Windows\System\opDhRgG.exe
  C:\Windows\System\opDhRgG.exe
  2⤵
  PID:1044
- C:\Windows\System\RBUCtku.exe
  C:\Windows\System\RBUCtku.exe
  2⤵
  PID:2572
- C:\Windows\System\OTtpEDq.exe
  C:\Windows\System\OTtpEDq.exe
  2⤵
  PID:3296
- C:\Windows\System\DruZEGX.exe
  C:\Windows\System\DruZEGX.exe
  2⤵
  PID:3180
- C:\Windows\System\yfKjJOP.exe
  C:\Windows\System\yfKjJOP.exe
  2⤵
  PID:3152
- C:\Windows\System\ZBSpXdh.exe
  C:\Windows\System\ZBSpXdh.exe
  2⤵
  PID:3336
- C:\Windows\System\JsJYdHi.exe
  C:\Windows\System\JsJYdHi.exe
  2⤵
  PID:3364
- C:\Windows\System\egwXfSI.exe
  C:\Windows\System\egwXfSI.exe
  2⤵
  PID:3548
- C:\Windows\System\HtlLYto.exe
  C:\Windows\System\HtlLYto.exe
  2⤵
  PID:3284
- C:\Windows\System\ubPVuxr.exe
  C:\Windows\System\ubPVuxr.exe
  2⤵
  PID:3584
- C:\Windows\System\VtKfOtV.exe
  C:\Windows\System\VtKfOtV.exe
  2⤵
  PID:3664
- C:\Windows\System\xyICuEB.exe
  C:\Windows\System\xyICuEB.exe
  2⤵
  PID:3600
- C:\Windows\System\EOWJUwe.exe
  C:\Windows\System\EOWJUwe.exe
  2⤵
  PID:3764
- C:\Windows\System\aGYQqEP.exe
  C:\Windows\System\aGYQqEP.exe
  2⤵
  PID:3912
- C:\Windows\System\rEmCnFr.exe
  C:\Windows\System\rEmCnFr.exe
  2⤵
  PID:3684
- C:\Windows\System\AacdLUN.exe
  C:\Windows\System\AacdLUN.exe
  2⤵
  PID:3780
- C:\Windows\System\bvitPkF.exe
  C:\Windows\System\bvitPkF.exe
  2⤵
  PID:3960
- C:\Windows\System\rKXSpnv.exe
  C:\Windows\System\rKXSpnv.exe
  2⤵
  PID:3968
- C:\Windows\System\VffmjSB.exe
  C:\Windows\System\VffmjSB.exe
  2⤵
  PID:3884
- C:\Windows\System\rfqkdHT.exe
  C:\Windows\System\rfqkdHT.exe
  2⤵
  PID:4012
- C:\Windows\System\RuLyTJJ.exe
  C:\Windows\System\RuLyTJJ.exe
  2⤵
  PID:4088
- C:\Windows\System\TwWZfxL.exe
  C:\Windows\System\TwWZfxL.exe
  2⤵
  PID:304
- C:\Windows\System\RqMbTvX.exe
  C:\Windows\System\RqMbTvX.exe
  2⤵
  PID:1568
- C:\Windows\System\OHbltpH.exe
  C:\Windows\System\OHbltpH.exe
  2⤵
  PID:2900
- C:\Windows\System\zkwwuMV.exe
  C:\Windows\System\zkwwuMV.exe
  2⤵
  PID:2080
- C:\Windows\System\MxqDuOr.exe
  C:\Windows\System\MxqDuOr.exe
  2⤵
  PID:3276
- C:\Windows\System\uhcpCAo.exe
  C:\Windows\System\uhcpCAo.exe
  2⤵
  PID:3224
- C:\Windows\System\WuBYVpr.exe
  C:\Windows\System\WuBYVpr.exe
  2⤵
  PID:3396
- C:\Windows\System\jhqqxjL.exe
  C:\Windows\System\jhqqxjL.exe
  2⤵
  PID:3420
- C:\Windows\System\BhBCCVg.exe
  C:\Windows\System\BhBCCVg.exe
  2⤵
  PID:3616
- C:\Windows\System\BVMknTa.exe
  C:\Windows\System\BVMknTa.exe
  2⤵
  PID:3860
- C:\Windows\System\pchqWDi.exe
  C:\Windows\System\pchqWDi.exe
  2⤵
  PID:3932
- C:\Windows\System\bOGJybj.exe
  C:\Windows\System\bOGJybj.exe
  2⤵
  PID:3744
- C:\Windows\System\zfzkGKj.exe
  C:\Windows\System\zfzkGKj.exe
  2⤵
  PID:2168
- C:\Windows\System\XYJjOAL.exe
  C:\Windows\System\XYJjOAL.exe
  2⤵
  PID:4052
- C:\Windows\System\bnmherb.exe
  C:\Windows\System\bnmherb.exe
  2⤵
  PID:3984
- C:\Windows\System\OMPZTbf.exe
  C:\Windows\System\OMPZTbf.exe
  2⤵
  PID:3440
- C:\Windows\System\ZSjDtky.exe
  C:\Windows\System\ZSjDtky.exe
  2⤵
  PID:4068
- C:\Windows\System\wXkMhfa.exe
  C:\Windows\System\wXkMhfa.exe
  2⤵
  PID:3524
- C:\Windows\System\remDePA.exe
  C:\Windows\System\remDePA.exe
  2⤵
  PID:4108
- C:\Windows\System\HSyEicU.exe
  C:\Windows\System\HSyEicU.exe
  2⤵
  PID:4124
- C:\Windows\System\wNCEdVs.exe
  C:\Windows\System\wNCEdVs.exe
  2⤵
  PID:4144
- C:\Windows\System\dSgsbdQ.exe
  C:\Windows\System\dSgsbdQ.exe
  2⤵
  PID:4164
- C:\Windows\System\UVPOtpY.exe
  C:\Windows\System\UVPOtpY.exe
  2⤵
  PID:4188
- C:\Windows\System\ckhLREU.exe
  C:\Windows\System\ckhLREU.exe
  2⤵
  PID:4208
- C:\Windows\System\qarRJpm.exe
  C:\Windows\System\qarRJpm.exe
  2⤵
  PID:4228
- C:\Windows\System\FVaHkYz.exe
  C:\Windows\System\FVaHkYz.exe
  2⤵
  PID:4248
- C:\Windows\System\luVwSYJ.exe
  C:\Windows\System\luVwSYJ.exe
  2⤵
  PID:4268
- C:\Windows\System\OwBuYHs.exe
  C:\Windows\System\OwBuYHs.exe
  2⤵
  PID:4288
- C:\Windows\System\rnteDIS.exe
  C:\Windows\System\rnteDIS.exe
  2⤵
  PID:4304
- C:\Windows\System\NzGVAhL.exe
  C:\Windows\System\NzGVAhL.exe
  2⤵
  PID:4324
- C:\Windows\System\jFXtaer.exe
  C:\Windows\System\jFXtaer.exe
  2⤵
  PID:4348
- C:\Windows\System\pBVaOIR.exe
  C:\Windows\System\pBVaOIR.exe
  2⤵
  PID:4368
- C:\Windows\System\zSXkBrm.exe
  C:\Windows\System\zSXkBrm.exe
  2⤵
  PID:4384
- C:\Windows\System\QaadoIQ.exe
  C:\Windows\System\QaadoIQ.exe
  2⤵
  PID:4408
- C:\Windows\System\yPseXdc.exe
  C:\Windows\System\yPseXdc.exe
  2⤵
  PID:4424
- C:\Windows\System\hNauuSM.exe
  C:\Windows\System\hNauuSM.exe
  2⤵
  PID:4448
- C:\Windows\System\tCRYoIm.exe
  C:\Windows\System\tCRYoIm.exe
  2⤵
  PID:4468
- C:\Windows\System\tjhNLZV.exe
  C:\Windows\System\tjhNLZV.exe
  2⤵
  PID:4488
- C:\Windows\System\WKxQAHZ.exe
  C:\Windows\System\WKxQAHZ.exe
  2⤵
  PID:4508
- C:\Windows\System\DweARbI.exe
  C:\Windows\System\DweARbI.exe
  2⤵
  PID:4528
- C:\Windows\System\xWzawKM.exe
  C:\Windows\System\xWzawKM.exe
  2⤵
  PID:4544
- C:\Windows\System\jgRDIYR.exe
  C:\Windows\System\jgRDIYR.exe
  2⤵
  PID:4564
- C:\Windows\System\kwoyfhK.exe
  C:\Windows\System\kwoyfhK.exe
  2⤵
  PID:4584
- C:\Windows\System\BevxqUP.exe
  C:\Windows\System\BevxqUP.exe
  2⤵
  PID:4600
- C:\Windows\System\LynphYP.exe
  C:\Windows\System\LynphYP.exe
  2⤵
  PID:4620
- C:\Windows\System\fcMDkKy.exe
  C:\Windows\System\fcMDkKy.exe
  2⤵
  PID:4640
- C:\Windows\System\bUcRDIT.exe
  C:\Windows\System\bUcRDIT.exe
  2⤵
  PID:4664
- C:\Windows\System\UNPnJAe.exe
  C:\Windows\System\UNPnJAe.exe
  2⤵
  PID:4688
- C:\Windows\System\fuSGSBR.exe
  C:\Windows\System\fuSGSBR.exe
  2⤵
  PID:4708
- C:\Windows\System\KKVjluk.exe
  C:\Windows\System\KKVjluk.exe
  2⤵
  PID:4728
- C:\Windows\System\IDXBcef.exe
  C:\Windows\System\IDXBcef.exe
  2⤵
  PID:4744
- C:\Windows\System\ZWMvHcK.exe
  C:\Windows\System\ZWMvHcK.exe
  2⤵
  PID:4764
- C:\Windows\System\PTtJdrt.exe
  C:\Windows\System\PTtJdrt.exe
  2⤵
  PID:4784
- C:\Windows\System\ZyNgBIv.exe
  C:\Windows\System\ZyNgBIv.exe
  2⤵
  PID:4808
- C:\Windows\System\cCWeZAK.exe
  C:\Windows\System\cCWeZAK.exe
  2⤵
  PID:4828
- C:\Windows\System\rWyMIHL.exe
  C:\Windows\System\rWyMIHL.exe
  2⤵
  PID:4848
- C:\Windows\System\kTHvdOe.exe
  C:\Windows\System\kTHvdOe.exe
  2⤵
  PID:4868
- C:\Windows\System\HwFMmku.exe
  C:\Windows\System\HwFMmku.exe
  2⤵
  PID:4884
- C:\Windows\System\vHGZeWR.exe
  C:\Windows\System\vHGZeWR.exe
  2⤵
  PID:4904
- C:\Windows\System\qyXGrRX.exe
  C:\Windows\System\qyXGrRX.exe
  2⤵
  PID:4920
- C:\Windows\System\nvWTelV.exe
  C:\Windows\System\nvWTelV.exe
  2⤵
  PID:4940
- C:\Windows\System\ucZfLgN.exe
  C:\Windows\System\ucZfLgN.exe
  2⤵
  PID:4960
- C:\Windows\System\APsBBiv.exe
  C:\Windows\System\APsBBiv.exe
  2⤵
  PID:4984
- C:\Windows\System\GsZBOhi.exe
  C:\Windows\System\GsZBOhi.exe
  2⤵
  PID:5000
- C:\Windows\System\PIMfEVA.exe
  C:\Windows\System\PIMfEVA.exe
  2⤵
  PID:5016
- C:\Windows\System\hiDzGKM.exe
  C:\Windows\System\hiDzGKM.exe
  2⤵
  PID:5036
- C:\Windows\System\gRBfnYd.exe
  C:\Windows\System\gRBfnYd.exe
  2⤵
  PID:5056
- C:\Windows\System\TPHbHXL.exe
  C:\Windows\System\TPHbHXL.exe
  2⤵
  PID:5076
- C:\Windows\System\ZonUWCN.exe
  C:\Windows\System\ZonUWCN.exe
  2⤵
  PID:5096
- C:\Windows\System\iwLxryL.exe
  C:\Windows\System\iwLxryL.exe
  2⤵
  PID:3444
- C:\Windows\System\vOvCSwR.exe
  C:\Windows\System\vOvCSwR.exe
  2⤵
  PID:3480
- C:\Windows\System\vGLDHAB.exe
  C:\Windows\System\vGLDHAB.exe
  2⤵
  PID:4032
- C:\Windows\System\sYUdXnM.exe
  C:\Windows\System\sYUdXnM.exe
  2⤵
  PID:3848
- C:\Windows\System\WjbYnYq.exe
  C:\Windows\System\WjbYnYq.exe
  2⤵
  PID:3944
- C:\Windows\System\KicmLlX.exe
  C:\Windows\System\KicmLlX.exe
  2⤵
  PID:3240
- C:\Windows\System\yBqYiqx.exe
  C:\Windows\System\yBqYiqx.exe
  2⤵
  PID:4104
- C:\Windows\System\yeFJvFw.exe
  C:\Windows\System\yeFJvFw.exe
  2⤵
  PID:3132
- C:\Windows\System\aAQhZXU.exe
  C:\Windows\System\aAQhZXU.exe
  2⤵
  PID:4140
- C:\Windows\System\vLeFFxi.exe
  C:\Windows\System\vLeFFxi.exe
  2⤵
  PID:4152
- C:\Windows\System\XBRYfdI.exe
  C:\Windows\System\XBRYfdI.exe
  2⤵
  PID:4224
- C:\Windows\System\JSMPuHK.exe
  C:\Windows\System\JSMPuHK.exe
  2⤵
  PID:4204
- C:\Windows\System\GrEGqsM.exe
  C:\Windows\System\GrEGqsM.exe
  2⤵
  PID:4300
- C:\Windows\System\fzZdKuE.exe
  C:\Windows\System\fzZdKuE.exe
  2⤵
  PID:4280
- C:\Windows\System\NcTdeQN.exe
  C:\Windows\System\NcTdeQN.exe
  2⤵
  PID:4376
- C:\Windows\System\AdgTjcU.exe
  C:\Windows\System\AdgTjcU.exe
  2⤵
  PID:4356
- C:\Windows\System\FINCDpm.exe
  C:\Windows\System\FINCDpm.exe
  2⤵
  PID:4360
- C:\Windows\System\JOgvNkR.exe
  C:\Windows\System\JOgvNkR.exe
  2⤵
  PID:4396
- C:\Windows\System\seRJfxZ.exe
  C:\Windows\System\seRJfxZ.exe
  2⤵
  PID:4460
- C:\Windows\System\orgydQQ.exe
  C:\Windows\System\orgydQQ.exe
  2⤵
  PID:4500
- C:\Windows\System\IAnxnpM.exe
  C:\Windows\System\IAnxnpM.exe
  2⤵
  PID:4484
- C:\Windows\System\RoyeiPp.exe
  C:\Windows\System\RoyeiPp.exe
  2⤵
  PID:4616
- C:\Windows\System\PheFTCX.exe
  C:\Windows\System\PheFTCX.exe
  2⤵
  PID:4560
- C:\Windows\System\XJLVzpM.exe
  C:\Windows\System\XJLVzpM.exe
  2⤵
  PID:4628
- C:\Windows\System\sLEJcnf.exe
  C:\Windows\System\sLEJcnf.exe
  2⤵
  PID:4656
- C:\Windows\System\fZnySJZ.exe
  C:\Windows\System\fZnySJZ.exe
  2⤵
  PID:4636
- C:\Windows\System\UbJVsJM.exe
  C:\Windows\System\UbJVsJM.exe
  2⤵
  PID:4716
- C:\Windows\System\lAZpZDk.exe
  C:\Windows\System\lAZpZDk.exe
  2⤵
  PID:4772
- C:\Windows\System\RUAyFqp.exe
  C:\Windows\System\RUAyFqp.exe
  2⤵
  PID:4776
- C:\Windows\System\mlvbDjb.exe
  C:\Windows\System\mlvbDjb.exe
  2⤵
  PID:4820
- C:\Windows\System\oUjXkea.exe
  C:\Windows\System\oUjXkea.exe
  2⤵
  PID:4892
- C:\Windows\System\pkAokoq.exe
  C:\Windows\System\pkAokoq.exe
  2⤵
  PID:4936
- C:\Windows\System\iOymRhb.exe
  C:\Windows\System\iOymRhb.exe
  2⤵
  PID:4880
- C:\Windows\System\YXenqcc.exe
  C:\Windows\System\YXenqcc.exe
  2⤵
  PID:4976
- C:\Windows\System\oivgBTy.exe
  C:\Windows\System\oivgBTy.exe
  2⤵
  PID:5024
- C:\Windows\System\gdguByQ.exe
  C:\Windows\System\gdguByQ.exe
  2⤵
  PID:4948
- C:\Windows\System\mGyrvOb.exe
  C:\Windows\System\mGyrvOb.exe
  2⤵
  PID:5088
- C:\Windows\System\ZXtTZMm.exe
  C:\Windows\System\ZXtTZMm.exe
  2⤵
  PID:5032
- C:\Windows\System\SwTYqeG.exe
  C:\Windows\System\SwTYqeG.exe
  2⤵
  PID:5108
- C:\Windows\System\HusAgRo.exe
  C:\Windows\System\HusAgRo.exe
  2⤵
  PID:3376
- C:\Windows\System\ILiDapR.exe
  C:\Windows\System\ILiDapR.exe
  2⤵
  PID:4028
- C:\Windows\System\SsOoKrs.exe
  C:\Windows\System\SsOoKrs.exe
  2⤵
  PID:4120
- C:\Windows\System\sDmyAaG.exe
  C:\Windows\System\sDmyAaG.exe
  2⤵
  PID:3544
- C:\Windows\System\ZZExmTz.exe
  C:\Windows\System\ZZExmTz.exe
  2⤵
  PID:1648
- C:\Windows\System\MkcDTSH.exe
  C:\Windows\System\MkcDTSH.exe
  2⤵
  PID:4276
- C:\Windows\System\FWOWbIY.exe
  C:\Windows\System\FWOWbIY.exe
  2⤵
  PID:4392
- C:\Windows\System\rsbZrui.exe
  C:\Windows\System\rsbZrui.exe
  2⤵
  PID:4476
- C:\Windows\System\uTFYAnY.exe
  C:\Windows\System\uTFYAnY.exe
  2⤵
  PID:4236
- C:\Windows\System\UpMTWxw.exe
  C:\Windows\System\UpMTWxw.exe
  2⤵
  PID:4436
- C:\Windows\System\GVtKbdk.exe
  C:\Windows\System\GVtKbdk.exe
  2⤵
  PID:4580
- C:\Windows\System\LWNYEDh.exe
  C:\Windows\System\LWNYEDh.exe
  2⤵
  PID:4652
- C:\Windows\System\mRSVSHE.exe
  C:\Windows\System\mRSVSHE.exe
  2⤵
  PID:4632
- C:\Windows\System\BLrnYJa.exe
  C:\Windows\System\BLrnYJa.exe
  2⤵
  PID:4704
- C:\Windows\System\eVBkvvs.exe
  C:\Windows\System\eVBkvvs.exe
  2⤵
  PID:4720
- C:\Windows\System\lKtBRIw.exe
  C:\Windows\System\lKtBRIw.exe
  2⤵
  PID:4816
- C:\Windows\System\gWoogZE.exe
  C:\Windows\System\gWoogZE.exe
  2⤵
  PID:4752
- C:\Windows\System\vrzumyf.exe
  C:\Windows\System\vrzumyf.exe
  2⤵
  PID:4760
- C:\Windows\System\HChFtao.exe
  C:\Windows\System\HChFtao.exe
  2⤵
  PID:4932
- C:\Windows\System\oKpPMnT.exe
  C:\Windows\System\oKpPMnT.exe
  2⤵
  PID:4844
- C:\Windows\System\DZOuzQA.exe
  C:\Windows\System\DZOuzQA.exe
  2⤵
  PID:4952
- C:\Windows\System\rZlTNSK.exe
  C:\Windows\System\rZlTNSK.exe
  2⤵
  PID:5052
- C:\Windows\System\xZUSaJa.exe
  C:\Windows\System\xZUSaJa.exe
  2⤵
  PID:3164
- C:\Windows\System\Wizxxhw.exe
  C:\Windows\System\Wizxxhw.exe
  2⤵
  PID:5068
- C:\Windows\System\paDdWTv.exe
  C:\Windows\System\paDdWTv.exe
  2⤵
  PID:1076
- C:\Windows\System\fniwJEN.exe
  C:\Windows\System\fniwJEN.exe
  2⤵
  PID:1632
- C:\Windows\System\eRDQifY.exe
  C:\Windows\System\eRDQifY.exe
  2⤵
  PID:4456
- C:\Windows\System\dZuFlzE.exe
  C:\Windows\System\dZuFlzE.exe
  2⤵
  PID:4132
- C:\Windows\System\HXjGdgf.exe
  C:\Windows\System\HXjGdgf.exe
  2⤵
  PID:4344
- C:\Windows\System\kxBICSW.exe
  C:\Windows\System\kxBICSW.exe
  2⤵
  PID:4416
- C:\Windows\System\qmfgBVj.exe
  C:\Windows\System\qmfgBVj.exe
  2⤵
  PID:4524
- C:\Windows\System\FyjFJkp.exe
  C:\Windows\System\FyjFJkp.exe
  2⤵
  PID:4552
- C:\Windows\System\iLSDwFa.exe
  C:\Windows\System\iLSDwFa.exe
  2⤵
  PID:4684
- C:\Windows\System\oxHIeBI.exe
  C:\Windows\System\oxHIeBI.exe
  2⤵
  PID:5136
- C:\Windows\System\IzUcrVp.exe
  C:\Windows\System\IzUcrVp.exe
  2⤵
  PID:5156
- C:\Windows\System\FqxYmcm.exe
  C:\Windows\System\FqxYmcm.exe
  2⤵
  PID:5176
- C:\Windows\System\EXilxVF.exe
  C:\Windows\System\EXilxVF.exe
  2⤵
  PID:5196
- C:\Windows\System\ZxycTvn.exe
  C:\Windows\System\ZxycTvn.exe
  2⤵
  PID:5216
- C:\Windows\System\KgtpYUH.exe
  C:\Windows\System\KgtpYUH.exe
  2⤵
  PID:5236
- C:\Windows\System\bXxQfcA.exe
  C:\Windows\System\bXxQfcA.exe
  2⤵
  PID:5256
- C:\Windows\System\FUCzGoR.exe
  C:\Windows\System\FUCzGoR.exe
  2⤵
  PID:5276
- C:\Windows\System\QXWuxlO.exe
  C:\Windows\System\QXWuxlO.exe
  2⤵
  PID:5296
- C:\Windows\System\vbrBRPD.exe
  C:\Windows\System\vbrBRPD.exe
  2⤵
  PID:5316
- C:\Windows\System\NrjKZEb.exe
  C:\Windows\System\NrjKZEb.exe
  2⤵
  PID:5336
- C:\Windows\System\taRAuPh.exe
  C:\Windows\System\taRAuPh.exe
  2⤵
  PID:5356
- C:\Windows\System\dfGcxCf.exe
  C:\Windows\System\dfGcxCf.exe
  2⤵
  PID:5376
- C:\Windows\System\oHvuoGj.exe
  C:\Windows\System\oHvuoGj.exe
  2⤵
  PID:5396
- C:\Windows\System\HYkncJp.exe
  C:\Windows\System\HYkncJp.exe
  2⤵
  PID:5416
- C:\Windows\System\lbxNeLr.exe
  C:\Windows\System\lbxNeLr.exe
  2⤵
  PID:5436
- C:\Windows\System\OtSKVsX.exe
  C:\Windows\System\OtSKVsX.exe
  2⤵
  PID:5456
- C:\Windows\System\YHNuJiF.exe
  C:\Windows\System\YHNuJiF.exe
  2⤵
  PID:5476
- C:\Windows\System\VlicOzg.exe
  C:\Windows\System\VlicOzg.exe
  2⤵
  PID:5496
- C:\Windows\System\OIkQyWJ.exe
  C:\Windows\System\OIkQyWJ.exe
  2⤵
  PID:5516
- C:\Windows\System\IcJsOtv.exe
  C:\Windows\System\IcJsOtv.exe
  2⤵
  PID:5536
- C:\Windows\System\dLWVuoa.exe
  C:\Windows\System\dLWVuoa.exe
  2⤵
  PID:5560
- C:\Windows\System\rUhdbCC.exe
  C:\Windows\System\rUhdbCC.exe
  2⤵
  PID:5580
- C:\Windows\System\vWpxvNn.exe
  C:\Windows\System\vWpxvNn.exe
  2⤵
  PID:5600
- C:\Windows\System\eHnKEwY.exe
  C:\Windows\System\eHnKEwY.exe
  2⤵
  PID:5620
- C:\Windows\System\vAufoyD.exe
  C:\Windows\System\vAufoyD.exe
  2⤵
  PID:5640
- C:\Windows\System\GDybNgh.exe
  C:\Windows\System\GDybNgh.exe
  2⤵
  PID:5660
- C:\Windows\System\eNSwAUe.exe
  C:\Windows\System\eNSwAUe.exe
  2⤵
  PID:5680
- C:\Windows\System\nPZLTQl.exe
  C:\Windows\System\nPZLTQl.exe
  2⤵
  PID:5700
- C:\Windows\System\QrOSwLV.exe
  C:\Windows\System\QrOSwLV.exe
  2⤵
  PID:5720
- C:\Windows\System\LvVEPEb.exe
  C:\Windows\System\LvVEPEb.exe
  2⤵
  PID:5740
- C:\Windows\System\cFYAnQK.exe
  C:\Windows\System\cFYAnQK.exe
  2⤵
  PID:5760
- C:\Windows\System\YDGChnK.exe
  C:\Windows\System\YDGChnK.exe
  2⤵
  PID:5780
- C:\Windows\System\GvuItrt.exe
  C:\Windows\System\GvuItrt.exe
  2⤵
  PID:5800
- C:\Windows\System\ynzuDWp.exe
  C:\Windows\System\ynzuDWp.exe
  2⤵
  PID:5820
- C:\Windows\System\mdOaQBT.exe
  C:\Windows\System\mdOaQBT.exe
  2⤵
  PID:5840
- C:\Windows\System\UIabCzG.exe
  C:\Windows\System\UIabCzG.exe
  2⤵
  PID:5860
- C:\Windows\System\uaeNIWo.exe
  C:\Windows\System\uaeNIWo.exe
  2⤵
  PID:5880
- C:\Windows\System\RcXJSvQ.exe
  C:\Windows\System\RcXJSvQ.exe
  2⤵
  PID:5900
- C:\Windows\System\mhvYugz.exe
  C:\Windows\System\mhvYugz.exe
  2⤵
  PID:5920
- C:\Windows\System\DVowBSo.exe
  C:\Windows\System\DVowBSo.exe
  2⤵
  PID:5936
- C:\Windows\System\xQEiRjq.exe
  C:\Windows\System\xQEiRjq.exe
  2⤵
  PID:5960
- C:\Windows\System\lZvfsxf.exe
  C:\Windows\System\lZvfsxf.exe
  2⤵
  PID:5980
- C:\Windows\System\vcKsNvl.exe
  C:\Windows\System\vcKsNvl.exe
  2⤵
  PID:6000
- C:\Windows\System\QJAaebb.exe
  C:\Windows\System\QJAaebb.exe
  2⤵
  PID:6020
- C:\Windows\System\ZhsllLR.exe
  C:\Windows\System\ZhsllLR.exe
  2⤵
  PID:6040
- C:\Windows\System\ncEGsyv.exe
  C:\Windows\System\ncEGsyv.exe
  2⤵
  PID:6060
- C:\Windows\System\PZNaRGX.exe
  C:\Windows\System\PZNaRGX.exe
  2⤵
  PID:6084
- C:\Windows\System\DrVvqqX.exe
  C:\Windows\System\DrVvqqX.exe
  2⤵
  PID:6104
- C:\Windows\System\rYBOYAS.exe
  C:\Windows\System\rYBOYAS.exe
  2⤵
  PID:6124
- C:\Windows\System\IbsWGaF.exe
  C:\Windows\System\IbsWGaF.exe
  2⤵
  PID:4800
- C:\Windows\System\qfqwTTW.exe
  C:\Windows\System\qfqwTTW.exe
  2⤵
  PID:4928
- C:\Windows\System\WnpPMkl.exe
  C:\Windows\System\WnpPMkl.exe
  2⤵
  PID:4912
- C:\Windows\System\CqnsvGa.exe
  C:\Windows\System\CqnsvGa.exe
  2⤵
  PID:5048
- C:\Windows\System\MPvUNGH.exe
  C:\Windows\System\MPvUNGH.exe
  2⤵
  PID:3660
- C:\Windows\System\JXpNNVr.exe
  C:\Windows\System\JXpNNVr.exe
  2⤵
  PID:4184
- C:\Windows\System\TQmRZRh.exe
  C:\Windows\System\TQmRZRh.exe
  2⤵
  PID:4200
- C:\Windows\System\bXbCZQU.exe
  C:\Windows\System\bXbCZQU.exe
  2⤵
  PID:4176
- C:\Windows\System\MspyimP.exe
  C:\Windows\System\MspyimP.exe
  2⤵
  PID:2780
- C:\Windows\System\hvDlJMM.exe
  C:\Windows\System\hvDlJMM.exe
  2⤵
  PID:4596
- C:\Windows\System\UiVMhVC.exe
  C:\Windows\System\UiVMhVC.exe
  2⤵
  PID:5124
- C:\Windows\System\teKtlBR.exe
  C:\Windows\System\teKtlBR.exe
  2⤵
  PID:5148
- C:\Windows\System\nzJtMxY.exe
  C:\Windows\System\nzJtMxY.exe
  2⤵
  PID:5192
- C:\Windows\System\tctcxad.exe
  C:\Windows\System\tctcxad.exe
  2⤵
  PID:5232
- C:\Windows\System\ejXBUuK.exe
  C:\Windows\System\ejXBUuK.exe
  2⤵
  PID:5248
- C:\Windows\System\rGWUqJp.exe
  C:\Windows\System\rGWUqJp.exe
  2⤵
  PID:5284
- C:\Windows\System\NuQcZcU.exe
  C:\Windows\System\NuQcZcU.exe
  2⤵
  PID:5324
- C:\Windows\System\feINyGz.exe
  C:\Windows\System\feINyGz.exe
  2⤵
  PID:5348
- C:\Windows\System\WTHmzqr.exe
  C:\Windows\System\WTHmzqr.exe
  2⤵
  PID:5368
- C:\Windows\System\hXynnmQ.exe
  C:\Windows\System\hXynnmQ.exe
  2⤵
  PID:5428
- C:\Windows\System\RjbJDvK.exe
  C:\Windows\System\RjbJDvK.exe
  2⤵
  PID:5452
- C:\Windows\System\MiqncOe.exe
  C:\Windows\System\MiqncOe.exe
  2⤵
  PID:5492
- C:\Windows\System\HTsNQTN.exe
  C:\Windows\System\HTsNQTN.exe
  2⤵
  PID:5552
- C:\Windows\System\LPhTpUK.exe
  C:\Windows\System\LPhTpUK.exe
  2⤵
  PID:5548
- C:\Windows\System\kIsECca.exe
  C:\Windows\System\kIsECca.exe
  2⤵
  PID:5576
- C:\Windows\System\rFrdlJp.exe
  C:\Windows\System\rFrdlJp.exe
  2⤵
  PID:5612
- C:\Windows\System\DcQzDxO.exe
  C:\Windows\System\DcQzDxO.exe
  2⤵
  PID:5672
- C:\Windows\System\ejpsvnD.exe
  C:\Windows\System\ejpsvnD.exe
  2⤵
  PID:5692
- C:\Windows\System\jQfUqju.exe
  C:\Windows\System\jQfUqju.exe
  2⤵
  PID:5756
- C:\Windows\System\NrpcUaX.exe
  C:\Windows\System\NrpcUaX.exe
  2⤵
  PID:5752
- C:\Windows\System\QHVSwAh.exe
  C:\Windows\System\QHVSwAh.exe
  2⤵
  PID:5792
- C:\Windows\System\IdSnloR.exe
  C:\Windows\System\IdSnloR.exe
  2⤵
  PID:5816
- C:\Windows\System\ECTvArs.exe
  C:\Windows\System\ECTvArs.exe
  2⤵
  PID:5868
- C:\Windows\System\XQwoyMg.exe
  C:\Windows\System\XQwoyMg.exe
  2⤵
  PID:5888
- C:\Windows\System\gIIeyES.exe
  C:\Windows\System\gIIeyES.exe
  2⤵
  PID:5916
- C:\Windows\System\wKFiNwn.exe
  C:\Windows\System\wKFiNwn.exe
  2⤵
  PID:5928
- C:\Windows\System\FiAyXQA.exe
  C:\Windows\System\FiAyXQA.exe
  2⤵
  PID:5976
- C:\Windows\System\jaISasx.exe
  C:\Windows\System\jaISasx.exe
  2⤵
  PID:6028
- C:\Windows\System\VYGUZCP.exe
  C:\Windows\System\VYGUZCP.exe
  2⤵
  PID:6068
- C:\Windows\System\lkRTlNX.exe
  C:\Windows\System\lkRTlNX.exe
  2⤵
  PID:6092
- C:\Windows\System\SAbzNGJ.exe
  C:\Windows\System\SAbzNGJ.exe
  2⤵
  PID:6116
- C:\Windows\System\QCcQdue.exe
  C:\Windows\System\QCcQdue.exe
  2⤵
  PID:4840
- C:\Windows\System\aUKqFMw.exe
  C:\Windows\System\aUKqFMw.exe
  2⤵
  PID:2104
- C:\Windows\System\sIIghsW.exe
  C:\Windows\System\sIIghsW.exe
  2⤵
  PID:5084
- C:\Windows\System\vnzvFlL.exe
  C:\Windows\System\vnzvFlL.exe
  2⤵
  PID:2828
- C:\Windows\System\TAPwCXJ.exe
  C:\Windows\System\TAPwCXJ.exe
  2⤵
  PID:4340
- C:\Windows\System\YPqOrYh.exe
  C:\Windows\System\YPqOrYh.exe
  2⤵
  PID:4420
- C:\Windows\System\gCMEjgQ.exe
  C:\Windows\System\gCMEjgQ.exe
  2⤵
  PID:5152
- C:\Windows\System\xmraaWG.exe
  C:\Windows\System\xmraaWG.exe
  2⤵
  PID:5172
- C:\Windows\System\nKJFria.exe
  C:\Windows\System\nKJFria.exe
  2⤵
  PID:5272
- C:\Windows\System\arCDYRK.exe
  C:\Windows\System\arCDYRK.exe
  2⤵
  PID:5268
- C:\Windows\System\zMrCCjO.exe
  C:\Windows\System\zMrCCjO.exe
  2⤵
  PID:5288
- C:\Windows\System\qYQPOve.exe
  C:\Windows\System\qYQPOve.exe
  2⤵
  PID:5432
- C:\Windows\System\MeAQcyT.exe
  C:\Windows\System\MeAQcyT.exe
  2⤵
  PID:5444
- C:\Windows\System\qlMEtnu.exe
  C:\Windows\System\qlMEtnu.exe
  2⤵
  PID:5488
- C:\Windows\System\yptuyzR.exe
  C:\Windows\System\yptuyzR.exe
  2⤵
  PID:2712
- C:\Windows\System\NDDvvDS.exe
  C:\Windows\System\NDDvvDS.exe
  2⤵
  PID:5632
- C:\Windows\System\oluydLI.exe
  C:\Windows\System\oluydLI.exe
  2⤵
  PID:5652
- C:\Windows\System\CavcAiA.exe
  C:\Windows\System\CavcAiA.exe
  2⤵
  PID:5728
- C:\Windows\System\LlQgVaN.exe
  C:\Windows\System\LlQgVaN.exe
  2⤵
  PID:5836
- C:\Windows\System\puHhRsR.exe
  C:\Windows\System\puHhRsR.exe
  2⤵
  PID:5848
- C:\Windows\System\TjYwZAP.exe
  C:\Windows\System\TjYwZAP.exe
  2⤵
  PID:5956
- C:\Windows\System\vgcuXuz.exe
  C:\Windows\System\vgcuXuz.exe
  2⤵
  PID:5972
- C:\Windows\System\SlzHjiA.exe
  C:\Windows\System\SlzHjiA.exe
  2⤵
  PID:6008
- C:\Windows\System\tAKpkmM.exe
  C:\Windows\System\tAKpkmM.exe
  2⤵
  PID:6072
- C:\Windows\System\NmyYNwr.exe
  C:\Windows\System\NmyYNwr.exe
  2⤵
  PID:6140
- C:\Windows\System\vAzvyWg.exe
  C:\Windows\System\vAzvyWg.exe
  2⤵
  PID:4996
- C:\Windows\System\rIDXVmA.exe
  C:\Windows\System\rIDXVmA.exe
  2⤵
  PID:3256
- C:\Windows\System\DNAuWGV.exe
  C:\Windows\System\DNAuWGV.exe
  2⤵
  PID:4444
- C:\Windows\System\MbKuYEm.exe
  C:\Windows\System\MbKuYEm.exe
  2⤵
  PID:4700
- C:\Windows\System\OOuwjFY.exe
  C:\Windows\System\OOuwjFY.exe
  2⤵
  PID:5212
- C:\Windows\System\lNcwdCA.exe
  C:\Windows\System\lNcwdCA.exe
  2⤵
  PID:5252
- C:\Windows\System\xSSUgHX.exe
  C:\Windows\System\xSSUgHX.exe
  2⤵
  PID:5328
- C:\Windows\System\DpkiWrg.exe
  C:\Windows\System\DpkiWrg.exe
  2⤵
  PID:5372
- C:\Windows\System\ihoHYiU.exe
  C:\Windows\System\ihoHYiU.exe
  2⤵
  PID:5512
- C:\Windows\System\FoHwOIB.exe
  C:\Windows\System\FoHwOIB.exe
  2⤵
  PID:5668
- C:\Windows\System\NybTGyO.exe
  C:\Windows\System\NybTGyO.exe
  2⤵
  PID:5732
- C:\Windows\System\YQbemAw.exe
  C:\Windows\System\YQbemAw.exe
  2⤵
  PID:5776
- C:\Windows\System\QnvhYLj.exe
  C:\Windows\System\QnvhYLj.exe
  2⤵
  PID:5944
- C:\Windows\System\UvNIwrp.exe
  C:\Windows\System\UvNIwrp.exe
  2⤵
  PID:5968
- C:\Windows\System\jhpgXJP.exe
  C:\Windows\System\jhpgXJP.exe
  2⤵
  PID:6112
- C:\Windows\System\mhznkfg.exe
  C:\Windows\System\mhznkfg.exe
  2⤵
  PID:2144
- C:\Windows\System\YsmErXn.exe
  C:\Windows\System\YsmErXn.exe
  2⤵
  PID:1464
- C:\Windows\System\bsDzwmk.exe
  C:\Windows\System\bsDzwmk.exe
  2⤵
  PID:4116
- C:\Windows\System\OgKNctv.exe
  C:\Windows\System\OgKNctv.exe
  2⤵
  PID:6156
- C:\Windows\System\ZLcrOUo.exe
  C:\Windows\System\ZLcrOUo.exe
  2⤵
  PID:6176
- C:\Windows\System\dYPtttf.exe
  C:\Windows\System\dYPtttf.exe
  2⤵
  PID:6196
- C:\Windows\System\pqtJMOx.exe
  C:\Windows\System\pqtJMOx.exe
  2⤵
  PID:6216
- C:\Windows\System\cnQSPBN.exe
  C:\Windows\System\cnQSPBN.exe
  2⤵
  PID:6232
- C:\Windows\System\rymMGKg.exe
  C:\Windows\System\rymMGKg.exe
  2⤵
  PID:6256
- C:\Windows\System\vRdKBoJ.exe
  C:\Windows\System\vRdKBoJ.exe
  2⤵
  PID:6276
- C:\Windows\System\AMXAgUj.exe
  C:\Windows\System\AMXAgUj.exe
  2⤵
  PID:6296
- C:\Windows\System\PNveasx.exe
  C:\Windows\System\PNveasx.exe
  2⤵
  PID:6312
- C:\Windows\System\azXAfyP.exe
  C:\Windows\System\azXAfyP.exe
  2⤵
  PID:6336
- C:\Windows\System\WHYMoPN.exe
  C:\Windows\System\WHYMoPN.exe
  2⤵
  PID:6356
- C:\Windows\System\NdRcTrN.exe
  C:\Windows\System\NdRcTrN.exe
  2⤵
  PID:6376
- C:\Windows\System\cJCiFrt.exe
  C:\Windows\System\cJCiFrt.exe
  2⤵
  PID:6396
- C:\Windows\System\UeADOFy.exe
  C:\Windows\System\UeADOFy.exe
  2⤵
  PID:6416
- C:\Windows\System\CriVSCJ.exe
  C:\Windows\System\CriVSCJ.exe
  2⤵
  PID:6436
- C:\Windows\System\uiOQvzu.exe
  C:\Windows\System\uiOQvzu.exe
  2⤵
  PID:6456
- C:\Windows\System\Yonklaa.exe
  C:\Windows\System\Yonklaa.exe
  2⤵
  PID:6476
- C:\Windows\System\AqaThIP.exe
  C:\Windows\System\AqaThIP.exe
  2⤵
  PID:6496
- C:\Windows\System\pvcsDkO.exe
  C:\Windows\System\pvcsDkO.exe
  2⤵
  PID:6516
- C:\Windows\System\XmmnfWT.exe
  C:\Windows\System\XmmnfWT.exe
  2⤵
  PID:6536
- C:\Windows\System\wbMPQVV.exe
  C:\Windows\System\wbMPQVV.exe
  2⤵
  PID:6556
- C:\Windows\System\CgvXPbF.exe
  C:\Windows\System\CgvXPbF.exe
  2⤵
  PID:6576
- C:\Windows\System\TLGywdM.exe
  C:\Windows\System\TLGywdM.exe
  2⤵
  PID:6596
- C:\Windows\System\TCGsfxy.exe
  C:\Windows\System\TCGsfxy.exe
  2⤵
  PID:6616
- C:\Windows\System\XQdgNFy.exe
  C:\Windows\System\XQdgNFy.exe
  2⤵
  PID:6636
- C:\Windows\System\stkfQgZ.exe
  C:\Windows\System\stkfQgZ.exe
  2⤵
  PID:6656
- C:\Windows\System\zpmdxUv.exe
  C:\Windows\System\zpmdxUv.exe
  2⤵
  PID:6676
- C:\Windows\System\rTtQlSy.exe
  C:\Windows\System\rTtQlSy.exe
  2⤵
  PID:6696
- C:\Windows\System\VdCGMob.exe
  C:\Windows\System\VdCGMob.exe
  2⤵
  PID:6720
- C:\Windows\System\nIIPZSM.exe
  C:\Windows\System\nIIPZSM.exe
  2⤵
  PID:6740
- C:\Windows\System\dCIICsG.exe
  C:\Windows\System\dCIICsG.exe
  2⤵
  PID:6756
- C:\Windows\System\LHlCSjU.exe
  C:\Windows\System\LHlCSjU.exe
  2⤵
  PID:6780
- C:\Windows\System\Pqabobm.exe
  C:\Windows\System\Pqabobm.exe
  2⤵
  PID:6800
- C:\Windows\System\cbEkNdf.exe
  C:\Windows\System\cbEkNdf.exe
  2⤵
  PID:6820
- C:\Windows\System\QjBdGuT.exe
  C:\Windows\System\QjBdGuT.exe
  2⤵
  PID:6840
- C:\Windows\System\QuhOXXd.exe
  C:\Windows\System\QuhOXXd.exe
  2⤵
  PID:6860
- C:\Windows\System\qQunqHa.exe
  C:\Windows\System\qQunqHa.exe
  2⤵
  PID:6880
- C:\Windows\System\pKIiGhG.exe
  C:\Windows\System\pKIiGhG.exe
  2⤵
  PID:6900
- C:\Windows\System\YGNrGfN.exe
  C:\Windows\System\YGNrGfN.exe
  2⤵
  PID:6920
- C:\Windows\System\xfJeLoA.exe
  C:\Windows\System\xfJeLoA.exe
  2⤵
  PID:6940
- C:\Windows\System\LiuukYF.exe
  C:\Windows\System\LiuukYF.exe
  2⤵
  PID:6960
- C:\Windows\System\xVypRuo.exe
  C:\Windows\System\xVypRuo.exe
  2⤵
  PID:6980
- C:\Windows\System\arwXKRY.exe
  C:\Windows\System\arwXKRY.exe
  2⤵
  PID:7000
- C:\Windows\System\pBEguOP.exe
  C:\Windows\System\pBEguOP.exe
  2⤵
  PID:7020
- C:\Windows\System\YzTgZTj.exe
  C:\Windows\System\YzTgZTj.exe
  2⤵
  PID:7040
- C:\Windows\System\zXWuJNa.exe
  C:\Windows\System\zXWuJNa.exe
  2⤵
  PID:7060
- C:\Windows\System\uUdbjmD.exe
  C:\Windows\System\uUdbjmD.exe
  2⤵
  PID:7080
- C:\Windows\System\nbIRaFF.exe
  C:\Windows\System\nbIRaFF.exe
  2⤵
  PID:7100
- C:\Windows\System\ogdOFdK.exe
  C:\Windows\System\ogdOFdK.exe
  2⤵
  PID:7120
- C:\Windows\System\MnVrSEf.exe
  C:\Windows\System\MnVrSEf.exe
  2⤵
  PID:7140
- C:\Windows\System\hZotewV.exe
  C:\Windows\System\hZotewV.exe
  2⤵
  PID:7160
- C:\Windows\System\ZdJyrtR.exe
  C:\Windows\System\ZdJyrtR.exe
  2⤵
  PID:5228
- C:\Windows\System\PHhqNFY.exe
  C:\Windows\System\PHhqNFY.exe
  2⤵
  PID:5464
- C:\Windows\System\hExiJxC.exe
  C:\Windows\System\hExiJxC.exe
  2⤵
  PID:5524
- C:\Windows\System\NMlTGXu.exe
  C:\Windows\System\NMlTGXu.exe
  2⤵
  PID:2680
- C:\Windows\System\bfXEWeJ.exe
  C:\Windows\System\bfXEWeJ.exe
  2⤵
  PID:1872
- C:\Windows\System\XeuGNFG.exe
  C:\Windows\System\XeuGNFG.exe
  2⤵
  PID:5896
- C:\Windows\System\uLTESvk.exe
  C:\Windows\System\uLTESvk.exe
  2⤵
  PID:6032
- C:\Windows\System\tjMWObn.exe
  C:\Windows\System\tjMWObn.exe
  2⤵
  PID:3752
- C:\Windows\System\KUcQtqT.exe
  C:\Windows\System\KUcQtqT.exe
  2⤵
  PID:6152
- C:\Windows\System\DrpMBHD.exe
  C:\Windows\System\DrpMBHD.exe
  2⤵
  PID:6204
- C:\Windows\System\YWzssGL.exe
  C:\Windows\System\YWzssGL.exe
  2⤵
  PID:6240
- C:\Windows\System\FggiLtE.exe
  C:\Windows\System\FggiLtE.exe
  2⤵
  PID:6248
- C:\Windows\System\mJEVDWW.exe
  C:\Windows\System\mJEVDWW.exe
  2⤵
  PID:6268
- C:\Windows\System\fSqyaSi.exe
  C:\Windows\System\fSqyaSi.exe
  2⤵
  PID:6332
- C:\Windows\System\ojNnvIf.exe
  C:\Windows\System\ojNnvIf.exe
  2⤵
  PID:6372
- C:\Windows\System\ruSgkGL.exe
  C:\Windows\System\ruSgkGL.exe
  2⤵
  PID:6404
- C:\Windows\System\wAwkLKB.exe
  C:\Windows\System\wAwkLKB.exe
  2⤵
  PID:6424
- C:\Windows\System\WeCbIEh.exe
  C:\Windows\System\WeCbIEh.exe
  2⤵
  PID:6448
- C:\Windows\System\UcGFliF.exe
  C:\Windows\System\UcGFliF.exe
  2⤵
  PID:6492
- C:\Windows\System\ZBAxipZ.exe
  C:\Windows\System\ZBAxipZ.exe
  2⤵
  PID:6528
- C:\Windows\System\OGGWzIV.exe
  C:\Windows\System\OGGWzIV.exe
  2⤵
  PID:6572
- C:\Windows\System\jrzazIj.exe
  C:\Windows\System\jrzazIj.exe
  2⤵
  PID:6584
- C:\Windows\System\dBgoJcg.exe
  C:\Windows\System\dBgoJcg.exe
  2⤵
  PID:1712
- C:\Windows\System\PgokKaA.exe
  C:\Windows\System\PgokKaA.exe
  2⤵
  PID:6624
- C:\Windows\System\fFzVeTP.exe
  C:\Windows\System\fFzVeTP.exe
  2⤵
  PID:6672
- C:\Windows\System\ecsdmtX.exe
  C:\Windows\System\ecsdmtX.exe
  2⤵
  PID:6728
- C:\Windows\System\oZVERBX.exe
  C:\Windows\System\oZVERBX.exe
  2⤵
  PID:2944
- C:\Windows\System\aVPblYl.exe
  C:\Windows\System\aVPblYl.exe
  2⤵
  PID:6776
- C:\Windows\System\ooGVmGo.exe
  C:\Windows\System\ooGVmGo.exe
  2⤵
  PID:6788
- C:\Windows\System\loDNxrC.exe
  C:\Windows\System\loDNxrC.exe
  2⤵
  PID:6828
- C:\Windows\System\HZfMXVi.exe
  C:\Windows\System\HZfMXVi.exe
  2⤵
  PID:6852
- C:\Windows\System\UCwmfES.exe
  C:\Windows\System\UCwmfES.exe
  2⤵
  PID:6896
- C:\Windows\System\EwOoDvE.exe
  C:\Windows\System\EwOoDvE.exe
  2⤵
  PID:6916
- C:\Windows\System\vGifaGL.exe
  C:\Windows\System\vGifaGL.exe
  2⤵
  PID:6976
- C:\Windows\System\rEXHrTP.exe
  C:\Windows\System\rEXHrTP.exe
  2⤵
  PID:2624
- C:\Windows\System\BmRHmvw.exe
  C:\Windows\System\BmRHmvw.exe
  2⤵
  PID:6992
- C:\Windows\System\uSCibMp.exe
  C:\Windows\System\uSCibMp.exe
  2⤵
  PID:7056
- C:\Windows\System\qvkvXAY.exe
  C:\Windows\System\qvkvXAY.exe
  2⤵
  PID:7052
- C:\Windows\System\iigDCeZ.exe
  C:\Windows\System\iigDCeZ.exe
  2⤵
  PID:7076
- C:\Windows\System\uggtinc.exe
  C:\Windows\System\uggtinc.exe
  2⤵
  PID:7116
- C:\Windows\System\kYhEWVe.exe
  C:\Windows\System\kYhEWVe.exe
  2⤵
  PID:7156
- C:\Windows\System\QbfaqvZ.exe
  C:\Windows\System\QbfaqvZ.exe
  2⤵
  PID:5352
- C:\Windows\System\MDcCnZA.exe
  C:\Windows\System\MDcCnZA.exe
  2⤵
  PID:5472
- C:\Windows\System\mUqwPpM.exe
  C:\Windows\System\mUqwPpM.exe
  2⤵
  PID:5772
- C:\Windows\System\DKrzjjj.exe
  C:\Windows\System\DKrzjjj.exe
  2⤵
  PID:5852
- C:\Windows\System\oJQdXas.exe
  C:\Windows\System\oJQdXas.exe
  2⤵
  PID:2740
- C:\Windows\System\xbfQypM.exe
  C:\Windows\System\xbfQypM.exe
  2⤵
  PID:2368
- C:\Windows\System\qmPtisW.exe
  C:\Windows\System\qmPtisW.exe
  2⤵
  PID:6208
- C:\Windows\System\oFDSrBp.exe
  C:\Windows\System\oFDSrBp.exe
  2⤵
  PID:6284
- C:\Windows\System\YRkHlMi.exe
  C:\Windows\System\YRkHlMi.exe
  2⤵
  PID:6292
- C:\Windows\System\dFNYCzC.exe
  C:\Windows\System\dFNYCzC.exe
  2⤵
  PID:6364
- C:\Windows\System\ddFHvEI.exe
  C:\Windows\System\ddFHvEI.exe
  2⤵
  PID:6408
- C:\Windows\System\rxqNLil.exe
  C:\Windows\System\rxqNLil.exe
  2⤵
  PID:316
- C:\Windows\System\cazeckB.exe
  C:\Windows\System\cazeckB.exe
  2⤵
  PID:6432
- C:\Windows\System\pxivFTd.exe
  C:\Windows\System\pxivFTd.exe
  2⤵
  PID:6504
- C:\Windows\System\JSFKbjd.exe
  C:\Windows\System\JSFKbjd.exe
  2⤵
  PID:6524
- C:\Windows\System\XRkFgGz.exe
  C:\Windows\System\XRkFgGz.exe
  2⤵
  PID:840
- C:\Windows\System\NdugOlv.exe
  C:\Windows\System\NdugOlv.exe
  2⤵
  PID:6592
- C:\Windows\System\ZYHqKdw.exe
  C:\Windows\System\ZYHqKdw.exe
  2⤵
  PID:6692
- C:\Windows\System\GINQMTr.exe
  C:\Windows\System\GINQMTr.exe
  2⤵
  PID:6688
- C:\Windows\System\fTZpPPw.exe
  C:\Windows\System\fTZpPPw.exe
  2⤵
  PID:1036
- C:\Windows\System\CUUgKzd.exe
  C:\Windows\System\CUUgKzd.exe
  2⤵
  PID:6812
- C:\Windows\System\ZtARESw.exe
  C:\Windows\System\ZtARESw.exe
  2⤵
  PID:6888
- C:\Windows\System\AiVwDSR.exe
  C:\Windows\System\AiVwDSR.exe
  2⤵
  PID:6872
- C:\Windows\System\iwMImVq.exe
  C:\Windows\System\iwMImVq.exe
  2⤵
  PID:6952
- C:\Windows\System\HHrUJMx.exe
  C:\Windows\System\HHrUJMx.exe
  2⤵
  PID:6996
- C:\Windows\System\yMfrKLP.exe
  C:\Windows\System\yMfrKLP.exe
  2⤵
  PID:7016
- C:\Windows\System\izNMQas.exe
  C:\Windows\System\izNMQas.exe
  2⤵
  PID:2212
- C:\Windows\System\WrZvibT.exe
  C:\Windows\System\WrZvibT.exe
  2⤵
  PID:7088
- C:\Windows\System\YPJMdkZ.exe
  C:\Windows\System\YPJMdkZ.exe
  2⤵
  PID:7072
- C:\Windows\System\FlfyhII.exe
  C:\Windows\System\FlfyhII.exe
  2⤵
  PID:1540
- C:\Windows\System\edBixhh.exe
  C:\Windows\System\edBixhh.exe
  2⤵
  PID:5952
- C:\Windows\System\uhlAOWI.exe
  C:\Windows\System\uhlAOWI.exe
  2⤵
  PID:4296
- C:\Windows\System\IosUTrr.exe
  C:\Windows\System\IosUTrr.exe
  2⤵
  PID:6172
- C:\Windows\System\ucXLqtQ.exe
  C:\Windows\System\ucXLqtQ.exe
  2⤵
  PID:6224
- C:\Windows\System\mIdtCYl.exe
  C:\Windows\System\mIdtCYl.exe
  2⤵
  PID:6324
- C:\Windows\System\LfDKTxP.exe
  C:\Windows\System\LfDKTxP.exe
  2⤵
  PID:6664
- C:\Windows\System\nmyZOeo.exe
  C:\Windows\System\nmyZOeo.exe
  2⤵
  PID:6668
- C:\Windows\System\gWZLcQe.exe
  C:\Windows\System\gWZLcQe.exe
  2⤵
  PID:6548
- C:\Windows\System\tCOxwJi.exe
  C:\Windows\System\tCOxwJi.exe
  2⤵
  PID:7032
- C:\Windows\System\sJKCJSS.exe
  C:\Windows\System\sJKCJSS.exe
  2⤵
  PID:6468
- C:\Windows\System\VYvpIfJ.exe
  C:\Windows\System\VYvpIfJ.exe
  2⤵
  PID:6908
- C:\Windows\System\YzSIRJB.exe
  C:\Windows\System\YzSIRJB.exe
  2⤵
  PID:2088
- C:\Windows\System\wgiAjPW.exe
  C:\Windows\System\wgiAjPW.exe
  2⤵
  PID:7132
- C:\Windows\System\fFaPLHi.exe
  C:\Windows\System\fFaPLHi.exe
  2⤵
  PID:1156
- C:\Windows\System\CLrdyAj.exe
  C:\Windows\System\CLrdyAj.exe
  2⤵
  PID:2568
- C:\Windows\System\yjwUuKW.exe
  C:\Windows\System\yjwUuKW.exe
  2⤵
  PID:6388
- C:\Windows\System\AKRLSLe.exe
  C:\Windows\System\AKRLSLe.exe
  2⤵
  PID:6564
- C:\Windows\System\bwoqwQQ.exe
  C:\Windows\System\bwoqwQQ.exe
  2⤵
  PID:6652
- C:\Windows\System\JWUkjzZ.exe
  C:\Windows\System\JWUkjzZ.exe
  2⤵
  PID:2380
- C:\Windows\System\cxujlQe.exe
  C:\Windows\System\cxujlQe.exe
  2⤵
  PID:1472
- C:\Windows\System\naiCIfi.exe
  C:\Windows\System\naiCIfi.exe
  2⤵
  PID:6936
- C:\Windows\System\KHkgGft.exe
  C:\Windows\System\KHkgGft.exe
  2⤵
  PID:7108
- C:\Windows\System\msfQvHc.exe
  C:\Windows\System\msfQvHc.exe
  2⤵
  PID:7152
- C:\Windows\System\XnDJdnB.exe
  C:\Windows\System\XnDJdnB.exe
  2⤵
  PID:1488
- C:\Windows\System\OrcfVYW.exe
  C:\Windows\System\OrcfVYW.exe
  2⤵
  PID:6188
- C:\Windows\System\eVgsoKi.exe
  C:\Windows\System\eVgsoKi.exe
  2⤵
  PID:6472
- C:\Windows\System\QXYblUo.exe
  C:\Windows\System\QXYblUo.exe
  2⤵
  PID:7048
- C:\Windows\System\tgXClik.exe
  C:\Windows\System\tgXClik.exe
  2⤵
  PID:6464
- C:\Windows\System\YvePUit.exe
  C:\Windows\System\YvePUit.exe
  2⤵
  PID:1616
- C:\Windows\System\cWiKgPm.exe
  C:\Windows\System\cWiKgPm.exe
  2⤵
  PID:7180
- C:\Windows\System\lqkULaA.exe
  C:\Windows\System\lqkULaA.exe
  2⤵
  PID:7196
- C:\Windows\System\iZvrIBe.exe
  C:\Windows\System\iZvrIBe.exe
  2⤵
  PID:7212
- C:\Windows\System\xJuAgtc.exe
  C:\Windows\System\xJuAgtc.exe
  2⤵
  PID:7228
- C:\Windows\System\DDoEfmi.exe
  C:\Windows\System\DDoEfmi.exe
  2⤵
  PID:7244
- C:\Windows\System\nfQvPzA.exe
  C:\Windows\System\nfQvPzA.exe
  2⤵
  PID:7268
- C:\Windows\System\rjRQwHP.exe
  C:\Windows\System\rjRQwHP.exe
  2⤵
  PID:7284
- C:\Windows\System\pkuVEGR.exe
  C:\Windows\System\pkuVEGR.exe
  2⤵
  PID:7304
- C:\Windows\System\CfNmCRW.exe
  C:\Windows\System\CfNmCRW.exe
  2⤵
  PID:7332
- C:\Windows\System\gRyeYbh.exe
  C:\Windows\System\gRyeYbh.exe
  2⤵
  PID:7352
- C:\Windows\System\EdssnGS.exe
  C:\Windows\System\EdssnGS.exe
  2⤵
  PID:7376
- C:\Windows\System\faRnbWg.exe
  C:\Windows\System\faRnbWg.exe
  2⤵
  PID:7392
- C:\Windows\System\BMEHkYS.exe
  C:\Windows\System\BMEHkYS.exe
  2⤵
  PID:7412
- C:\Windows\System\pAALzpn.exe
  C:\Windows\System\pAALzpn.exe
  2⤵
  PID:7432
- C:\Windows\System\hwcAmcl.exe
  C:\Windows\System\hwcAmcl.exe
  2⤵
  PID:7448
- C:\Windows\System\TYxuLan.exe
  C:\Windows\System\TYxuLan.exe
  2⤵
  PID:7472
- C:\Windows\System\AZcfYKR.exe
  C:\Windows\System\AZcfYKR.exe
  2⤵
  PID:7488
- C:\Windows\System\BgEvSrq.exe
  C:\Windows\System\BgEvSrq.exe
  2⤵
  PID:7504
- C:\Windows\System\vcKJxkf.exe
  C:\Windows\System\vcKJxkf.exe
  2⤵
  PID:7532
- C:\Windows\System\wrCXmgY.exe
  C:\Windows\System\wrCXmgY.exe
  2⤵
  PID:7576
- C:\Windows\System\yvaeyEX.exe
  C:\Windows\System\yvaeyEX.exe
  2⤵
  PID:7592
- C:\Windows\System\fnrLWoA.exe
  C:\Windows\System\fnrLWoA.exe
  2⤵
  PID:7608
- C:\Windows\System\PLBIhEt.exe
  C:\Windows\System\PLBIhEt.exe
  2⤵
  PID:7624
- C:\Windows\System\IGwEhJk.exe
  C:\Windows\System\IGwEhJk.exe
  2⤵
  PID:7640
- C:\Windows\System\aQDvzIu.exe
  C:\Windows\System\aQDvzIu.exe
  2⤵
  PID:7656
- C:\Windows\System\XNWUYVr.exe
  C:\Windows\System\XNWUYVr.exe
  2⤵
  PID:7672
- C:\Windows\System\pnsOeMG.exe
  C:\Windows\System\pnsOeMG.exe
  2⤵
  PID:7700
- C:\Windows\System\qPUitXU.exe
  C:\Windows\System\qPUitXU.exe
  2⤵
  PID:7724
- C:\Windows\System\dzefMig.exe
  C:\Windows\System\dzefMig.exe
  2⤵
  PID:7744
- C:\Windows\System\pGUKhUT.exe
  C:\Windows\System\pGUKhUT.exe
  2⤵
  PID:7760
- C:\Windows\System\vNSfwrn.exe
  C:\Windows\System\vNSfwrn.exe
  2⤵
  PID:7788
- C:\Windows\System\cAYcetz.exe
  C:\Windows\System\cAYcetz.exe
  2⤵
  PID:7816
- C:\Windows\System\kUHAVbj.exe
  C:\Windows\System\kUHAVbj.exe
  2⤵
  PID:7840
- C:\Windows\System\BBFYcBi.exe
  C:\Windows\System\BBFYcBi.exe
  2⤵
  PID:7856
- C:\Windows\System\WKAshJJ.exe
  C:\Windows\System\WKAshJJ.exe
  2⤵
  PID:7876
- C:\Windows\System\rgYgCPO.exe
  C:\Windows\System\rgYgCPO.exe
  2⤵
  PID:7892
- C:\Windows\System\LEVIbDf.exe
  C:\Windows\System\LEVIbDf.exe
  2⤵
  PID:7908
- C:\Windows\System\SBSVcjo.exe
  C:\Windows\System\SBSVcjo.exe
  2⤵
  PID:7924
- C:\Windows\System\QWcHRrx.exe
  C:\Windows\System\QWcHRrx.exe
  2⤵
  PID:7940
- C:\Windows\System\aiAPFAz.exe
  C:\Windows\System\aiAPFAz.exe
  2⤵
  PID:7960
- C:\Windows\System\BfuAxTH.exe
  C:\Windows\System\BfuAxTH.exe
  2⤵
  PID:7976
- C:\Windows\System\buLnsxg.exe
  C:\Windows\System\buLnsxg.exe
  2⤵
  PID:7996
- C:\Windows\System\uEzvkmC.exe
  C:\Windows\System\uEzvkmC.exe
  2⤵
  PID:8028
- C:\Windows\System\qXXDekv.exe
  C:\Windows\System\qXXDekv.exe
  2⤵
  PID:8044
- C:\Windows\System\nmmNDvH.exe
  C:\Windows\System\nmmNDvH.exe
  2⤵
  PID:8064
- C:\Windows\System\yhuoNXf.exe
  C:\Windows\System\yhuoNXf.exe
  2⤵
  PID:8080
- C:\Windows\System\YgrZvEr.exe
  C:\Windows\System\YgrZvEr.exe
  2⤵
  PID:8108
- C:\Windows\System\lSesjKD.exe
  C:\Windows\System\lSesjKD.exe
  2⤵
  PID:8124
- C:\Windows\System\wNaNFVt.exe
  C:\Windows\System\wNaNFVt.exe
  2⤵
  PID:8140
- C:\Windows\System\pTdZHma.exe
  C:\Windows\System\pTdZHma.exe
  2⤵
  PID:8164
- C:\Windows\System\UcTcAmU.exe
  C:\Windows\System\UcTcAmU.exe
  2⤵
  PID:1908
- C:\Windows\System\JZWHDEX.exe
  C:\Windows\System\JZWHDEX.exe
  2⤵
  PID:7236
- C:\Windows\System\duIraGX.exe
  C:\Windows\System\duIraGX.exe
  2⤵
  PID:7312
- C:\Windows\System\rArQDjY.exe
  C:\Windows\System\rArQDjY.exe
  2⤵
  PID:7068
- C:\Windows\System\HuchOrk.exe
  C:\Windows\System\HuchOrk.exe
  2⤵
  PID:7316
- C:\Windows\System\aSYsvfb.exe
  C:\Windows\System\aSYsvfb.exe
  2⤵
  PID:6608
- C:\Windows\System\XySBJUk.exe
  C:\Windows\System\XySBJUk.exe
  2⤵
  PID:7400
- C:\Windows\System\DGcxSed.exe
  C:\Windows\System\DGcxSed.exe
  2⤵
  PID:7340
- C:\Windows\System\GwNHCGB.exe
  C:\Windows\System\GwNHCGB.exe
  2⤵
  PID:6368
- C:\Windows\System\wVtNALE.exe
  C:\Windows\System\wVtNALE.exe
  2⤵
  PID:7192
- C:\Windows\System\uNZxvxQ.exe
  C:\Windows\System\uNZxvxQ.exe
  2⤵
  PID:7512
- C:\Windows\System\LEgPjmy.exe
  C:\Windows\System\LEgPjmy.exe
  2⤵
  PID:7520
- C:\Windows\System\pZkrAAb.exe
  C:\Windows\System\pZkrAAb.exe
  2⤵
  PID:7264
- C:\Windows\System\JMvfdHX.exe
  C:\Windows\System\JMvfdHX.exe
  2⤵
  PID:7424
- C:\Windows\System\SoKAgxm.exe
  C:\Windows\System\SoKAgxm.exe
  2⤵
  PID:7456
- C:\Windows\System\AHFTMXr.exe
  C:\Windows\System\AHFTMXr.exe
  2⤵
  PID:1916
- C:\Windows\System\YIMnlVD.exe
  C:\Windows\System\YIMnlVD.exe
  2⤵
  PID:7552
- C:\Windows\System\XSgRwbS.exe
  C:\Windows\System\XSgRwbS.exe
  2⤵
  PID:7584
- C:\Windows\System\LihYUQf.exe
  C:\Windows\System\LihYUQf.exe
  2⤵
  PID:7604
- C:\Windows\System\dDybxEL.exe
  C:\Windows\System\dDybxEL.exe
  2⤵
  PID:7696
- C:\Windows\System\rRWEyMZ.exe
  C:\Windows\System\rRWEyMZ.exe
  2⤵
  PID:7664
- C:\Windows\System\FgUVlxE.exe
  C:\Windows\System\FgUVlxE.exe
  2⤵
  PID:7716
- C:\Windows\System\ShZkXan.exe
  C:\Windows\System\ShZkXan.exe
  2⤵
  PID:7756
- C:\Windows\System\kqRlyAB.exe
  C:\Windows\System\kqRlyAB.exe
  2⤵
  PID:7804
- C:\Windows\System\sPUtQpE.exe
  C:\Windows\System\sPUtQpE.exe
  2⤵
  PID:7836
- C:\Windows\System\sXwDtCN.exe
  C:\Windows\System\sXwDtCN.exe
  2⤵
  PID:7868
- C:\Windows\System\dmULDow.exe
  C:\Windows\System\dmULDow.exe
  2⤵
  PID:7848
- C:\Windows\System\bTrvRlo.exe
  C:\Windows\System\bTrvRlo.exe
  2⤵
  PID:7888
- C:\Windows\System\xZDTNov.exe
  C:\Windows\System\xZDTNov.exe
  2⤵
  PID:7932
- C:\Windows\System\WJmlkij.exe
  C:\Windows\System\WJmlkij.exe
  2⤵
  PID:8060
- C:\Windows\System\RqXmuqs.exe
  C:\Windows\System\RqXmuqs.exe
  2⤵
  PID:8100
- C:\Windows\System\tXhTtRr.exe
  C:\Windows\System\tXhTtRr.exe
  2⤵
  PID:7920
- C:\Windows\System\yTLDAGK.exe
  C:\Windows\System\yTLDAGK.exe
  2⤵
  PID:8040
- C:\Windows\System\aADzKke.exe
  C:\Windows\System\aADzKke.exe
  2⤵
  PID:8036
- C:\Windows\System\GJmnXDI.exe
  C:\Windows\System\GJmnXDI.exe
  2⤵
  PID:6568
- C:\Windows\System\TMYvyhN.exe
  C:\Windows\System\TMYvyhN.exe
  2⤵
  PID:8180
- C:\Windows\System\gWHFBWU.exe
  C:\Windows\System\gWHFBWU.exe
  2⤵
  PID:7172
- C:\Windows\System\cMNtSEK.exe
  C:\Windows\System\cMNtSEK.exe
  2⤵
  PID:5532
- C:\Windows\System\putPUcb.exe
  C:\Windows\System\putPUcb.exe
  2⤵
  PID:7372
- C:\Windows\System\gzSOUOv.exe
  C:\Windows\System\gzSOUOv.exe
  2⤵
  PID:7564
- C:\Windows\System\KbQfDMw.exe
  C:\Windows\System\KbQfDMw.exe
  2⤵
  PID:6808
- C:\Windows\System\kiTpRXZ.exe
  C:\Windows\System\kiTpRXZ.exe
  2⤵
  PID:7680
- C:\Windows\System\VtmByAf.exe
  C:\Windows\System\VtmByAf.exe
  2⤵
  PID:7300
- C:\Windows\System\gpfQxaS.exe
  C:\Windows\System\gpfQxaS.exe
  2⤵
  PID:7464
- C:\Windows\System\rXJxEXG.exe
  C:\Windows\System\rXJxEXG.exe
  2⤵
  PID:8056
- C:\Windows\System\IUWQDyv.exe
  C:\Windows\System\IUWQDyv.exe
  2⤵
  PID:7620
- C:\Windows\System\OaOjJXX.exe
  C:\Windows\System\OaOjJXX.exe
  2⤵
  PID:7636
- C:\Windows\System\hceTgmq.exe
  C:\Windows\System\hceTgmq.exe
  2⤵
  PID:5608
- C:\Windows\System\AHBSQYz.exe
  C:\Windows\System\AHBSQYz.exe
  2⤵
  PID:7776
- C:\Windows\System\rwnUYsJ.exe
  C:\Windows\System\rwnUYsJ.exe
  2⤵
  PID:7900
- C:\Windows\System\SmfsMpK.exe
  C:\Windows\System\SmfsMpK.exe
  2⤵
  PID:7952
- C:\Windows\System\zYCtdtB.exe
  C:\Windows\System\zYCtdtB.exe
  2⤵
  PID:7992
- C:\Windows\System\tWaKOzU.exe
  C:\Windows\System\tWaKOzU.exe
  2⤵
  PID:6856
- C:\Windows\System\PQiuLtm.exe
  C:\Windows\System\PQiuLtm.exe
  2⤵
  PID:8024
- C:\Windows\System\qvxxsgd.exe
  C:\Windows\System\qvxxsgd.exe
  2⤵
  PID:8120
- C:\Windows\System\TQJrTYc.exe
  C:\Windows\System\TQJrTYc.exe
  2⤵
  PID:8176
- C:\Windows\System\tewMxRH.exe
  C:\Windows\System\tewMxRH.exe
  2⤵
  PID:7280
- C:\Windows\System\LQsglzH.exe
  C:\Windows\System\LQsglzH.exe
  2⤵
  PID:6164
- C:\Windows\System\jtxLReQ.exe
  C:\Windows\System\jtxLReQ.exe
  2⤵
  PID:6772
- C:\Windows\System\JJkCgZo.exe
  C:\Windows\System\JJkCgZo.exe
  2⤵
  PID:7516
- C:\Windows\System\rNspSpw.exe
  C:\Windows\System\rNspSpw.exe
  2⤵
  PID:8020
- C:\Windows\System\XnNDIal.exe
  C:\Windows\System\XnNDIal.exe
  2⤵
  PID:7568
- C:\Windows\System\tzreUan.exe
  C:\Windows\System\tzreUan.exe
  2⤵
  PID:7348
- C:\Windows\System\rMGglMw.exe
  C:\Windows\System\rMGglMw.exe
  2⤵
  PID:7544
- C:\Windows\System\IIgwtjn.exe
  C:\Windows\System\IIgwtjn.exe
  2⤵
  PID:7692
- C:\Windows\System\RFUqmcK.exe
  C:\Windows\System\RFUqmcK.exe
  2⤵
  PID:6832
- C:\Windows\System\tvOlPaW.exe
  C:\Windows\System\tvOlPaW.exe
  2⤵
  PID:7812
- C:\Windows\System\RgJDbgs.exe
  C:\Windows\System\RgJDbgs.exe
  2⤵
  PID:7688
- C:\Windows\System\GMvIedp.exe
  C:\Windows\System\GMvIedp.exe
  2⤵
  PID:8072
- C:\Windows\System\mVhnZBZ.exe
  C:\Windows\System\mVhnZBZ.exe
  2⤵
  PID:7176
- C:\Windows\System\kThwpsm.exe
  C:\Windows\System\kThwpsm.exe
  2⤵
  PID:7368
- C:\Windows\System\ENGhfoV.exe
  C:\Windows\System\ENGhfoV.exe
  2⤵
  PID:7328
- C:\Windows\System\VoNAISO.exe
  C:\Windows\System\VoNAISO.exe
  2⤵
  PID:7768
- C:\Windows\System\aMGyhVx.exe
  C:\Windows\System\aMGyhVx.exe
  2⤵
  PID:7808
- C:\Windows\System\jllNzGz.exe
  C:\Windows\System\jllNzGz.exe
  2⤵
  PID:7968
- C:\Windows\System\PQfzUGB.exe
  C:\Windows\System\PQfzUGB.exe
  2⤵
  PID:7632
- C:\Windows\System\lYdOIJg.exe
  C:\Windows\System\lYdOIJg.exe
  2⤵
  PID:8052
- C:\Windows\System\EUZoeUx.exe
  C:\Windows\System\EUZoeUx.exe
  2⤵
  PID:8132
- C:\Windows\System\IrHIkKJ.exe
  C:\Windows\System\IrHIkKJ.exe
  2⤵
  PID:7208
- C:\Windows\System\CFmUfbE.exe
  C:\Windows\System\CFmUfbE.exe
  2⤵
  PID:7480
- C:\Windows\System\bSMEGGF.exe
  C:\Windows\System\bSMEGGF.exe
  2⤵
  PID:7560
- C:\Windows\System\NEfgJIn.exe
  C:\Windows\System\NEfgJIn.exe
  2⤵
  PID:8012
- C:\Windows\System\tYYVcyo.exe
  C:\Windows\System\tYYVcyo.exe
  2⤵
  PID:8004
- C:\Windows\System\caoUZqG.exe
  C:\Windows\System\caoUZqG.exe
  2⤵
  PID:8156
- C:\Windows\System\yHoGudx.exe
  C:\Windows\System\yHoGudx.exe
  2⤵
  PID:7796
- C:\Windows\System\nsmixFD.exe
  C:\Windows\System\nsmixFD.exe
  2⤵
  PID:7828
- C:\Windows\System\QlUYlTu.exe
  C:\Windows\System\QlUYlTu.exe
  2⤵
  PID:8200
- C:\Windows\System\DQRRqMc.exe
  C:\Windows\System\DQRRqMc.exe
  2⤵
  PID:8216
- C:\Windows\System\rcGdYoz.exe
  C:\Windows\System\rcGdYoz.exe
  2⤵
  PID:8232
- C:\Windows\System\ZuzlCaY.exe
  C:\Windows\System\ZuzlCaY.exe
  2⤵
  PID:8248
- C:\Windows\System\tPecDRi.exe
  C:\Windows\System\tPecDRi.exe
  2⤵
  PID:8264
- C:\Windows\System\KossGRS.exe
  C:\Windows\System\KossGRS.exe
  2⤵
  PID:8280
- C:\Windows\System\orDzhjz.exe
  C:\Windows\System\orDzhjz.exe
  2⤵
  PID:8296
- C:\Windows\System\ouXxMfv.exe
  C:\Windows\System\ouXxMfv.exe
  2⤵
  PID:8316
- C:\Windows\System\ZMqsGBJ.exe
  C:\Windows\System\ZMqsGBJ.exe
  2⤵
  PID:8332
- C:\Windows\System\JvMpHei.exe
  C:\Windows\System\JvMpHei.exe
  2⤵
  PID:8360
- C:\Windows\System\eJICuhB.exe
  C:\Windows\System\eJICuhB.exe
  2⤵
  PID:8392
- C:\Windows\System\svyQsQC.exe
  C:\Windows\System\svyQsQC.exe
  2⤵
  PID:8408
- C:\Windows\System\xBaVlTR.exe
  C:\Windows\System\xBaVlTR.exe
  2⤵
  PID:8424
- C:\Windows\System\pEjmWuH.exe
  C:\Windows\System\pEjmWuH.exe
  2⤵
  PID:8440
- C:\Windows\System\pvKjfbK.exe
  C:\Windows\System\pvKjfbK.exe
  2⤵
  PID:8460
- C:\Windows\System\VJdSGgs.exe
  C:\Windows\System\VJdSGgs.exe
  2⤵
  PID:8476
- C:\Windows\System\gSZNbwu.exe
  C:\Windows\System\gSZNbwu.exe
  2⤵
  PID:8492
- C:\Windows\System\ALqaeKj.exe
  C:\Windows\System\ALqaeKj.exe
  2⤵
  PID:8508
- C:\Windows\System\MDSNwtD.exe
  C:\Windows\System\MDSNwtD.exe
  2⤵
  PID:8524
- C:\Windows\System\CNSnPHV.exe
  C:\Windows\System\CNSnPHV.exe
  2⤵
  PID:8540
- C:\Windows\System\cGdsDwm.exe
  C:\Windows\System\cGdsDwm.exe
  2⤵
  PID:8556
- C:\Windows\System\paafQQB.exe
  C:\Windows\System\paafQQB.exe
  2⤵
  PID:8572
- C:\Windows\System\bSdptqL.exe
  C:\Windows\System\bSdptqL.exe
  2⤵
  PID:8588
- C:\Windows\System\qAilEcw.exe
  C:\Windows\System\qAilEcw.exe
  2⤵
  PID:8604
- C:\Windows\System\vuxZClV.exe
  C:\Windows\System\vuxZClV.exe
  2⤵
  PID:8620
- C:\Windows\System\tdIXxuV.exe
  C:\Windows\System\tdIXxuV.exe
  2⤵
  PID:8636
- C:\Windows\System\MeoomPC.exe
  C:\Windows\System\MeoomPC.exe
  2⤵
  PID:8652
- C:\Windows\System\DFOqNcb.exe
  C:\Windows\System\DFOqNcb.exe
  2⤵
  PID:8668
- C:\Windows\System\LkgxYoB.exe
  C:\Windows\System\LkgxYoB.exe
  2⤵
  PID:8684
- C:\Windows\System\VfAuagX.exe
  C:\Windows\System\VfAuagX.exe
  2⤵
  PID:8700
- C:\Windows\System\iAcTJDF.exe
  C:\Windows\System\iAcTJDF.exe
  2⤵
  PID:8720
- C:\Windows\System\NsfdNMl.exe
  C:\Windows\System\NsfdNMl.exe
  2⤵
  PID:8744
- C:\Windows\System\GpuQlEy.exe
  C:\Windows\System\GpuQlEy.exe
  2⤵
  PID:8772
- C:\Windows\System\evDVkNl.exe
  C:\Windows\System\evDVkNl.exe
  2⤵
  PID:8788
- C:\Windows\System\KbAUURE.exe
  C:\Windows\System\KbAUURE.exe
  2⤵
  PID:8824
- C:\Windows\System\zDqcioG.exe
  C:\Windows\System\zDqcioG.exe
  2⤵
  PID:8852
- C:\Windows\System\QgnmeWj.exe
  C:\Windows\System\QgnmeWj.exe
  2⤵
  PID:8872
- C:\Windows\System\mwtsngX.exe
  C:\Windows\System\mwtsngX.exe
  2⤵
  PID:8888
- C:\Windows\System\mgmqTSs.exe
  C:\Windows\System\mgmqTSs.exe
  2⤵
  PID:8904
- C:\Windows\System\DnbrPAo.exe
  C:\Windows\System\DnbrPAo.exe
  2⤵
  PID:8924
- C:\Windows\System\ZGpVBOP.exe
  C:\Windows\System\ZGpVBOP.exe
  2⤵
  PID:8980
- C:\Windows\System\FvRhFpA.exe
  C:\Windows\System\FvRhFpA.exe
  2⤵
  PID:9012
- C:\Windows\System\dsYoRpj.exe
  C:\Windows\System\dsYoRpj.exe
  2⤵
  PID:9028
- C:\Windows\System\ASPOqvw.exe
  C:\Windows\System\ASPOqvw.exe
  2⤵
  PID:9044
- C:\Windows\System\aDOGUiu.exe
  C:\Windows\System\aDOGUiu.exe
  2⤵
  PID:9060
- C:\Windows\System\CfVPeKE.exe
  C:\Windows\System\CfVPeKE.exe
  2⤵
  PID:9080
- C:\Windows\System\doiCLJE.exe
  C:\Windows\System\doiCLJE.exe
  2⤵
  PID:9100
- C:\Windows\System\gogavcb.exe
  C:\Windows\System\gogavcb.exe
  2⤵
  PID:9116
- C:\Windows\System\EJQumLv.exe
  C:\Windows\System\EJQumLv.exe
  2⤵
  PID:9132
- C:\Windows\System\IFZSNaY.exe
  C:\Windows\System\IFZSNaY.exe
  2⤵
  PID:9164
- C:\Windows\System\zIlWccI.exe
  C:\Windows\System\zIlWccI.exe
  2⤵
  PID:9184
- C:\Windows\System\EYcUPqc.exe
  C:\Windows\System\EYcUPqc.exe
  2⤵
  PID:9200
- C:\Windows\System\enbaSIP.exe
  C:\Windows\System\enbaSIP.exe
  2⤵
  PID:7832
- C:\Windows\System\RPUwJjB.exe
  C:\Windows\System\RPUwJjB.exe
  2⤵
  PID:8224
- C:\Windows\System\xgQXvyJ.exe
  C:\Windows\System\xgQXvyJ.exe
  2⤵
  PID:8272
- C:\Windows\System\VjPoLXk.exe
  C:\Windows\System\VjPoLXk.exe
  2⤵
  PID:7444
- C:\Windows\System\ZblqHai.exe
  C:\Windows\System\ZblqHai.exe
  2⤵
  PID:8404
- C:\Windows\System\UUATrDA.exe
  C:\Windows\System\UUATrDA.exe
  2⤵
  PID:8448
- C:\Windows\System\UjKYaQY.exe
  C:\Windows\System\UjKYaQY.exe
  2⤵
  PID:8548
- C:\Windows\System\XIjGEny.exe
  C:\Windows\System\XIjGEny.exe
  2⤵
  PID:8600
- C:\Windows\System\IlTpgaO.exe
  C:\Windows\System\IlTpgaO.exe
  2⤵
  PID:8596
- C:\Windows\System\Zxbguif.exe
  C:\Windows\System\Zxbguif.exe
  2⤵
  PID:8676
- C:\Windows\System\wfCyfsc.exe
  C:\Windows\System\wfCyfsc.exe
  2⤵
  PID:8728
- C:\Windows\System\CiirBSy.exe
  C:\Windows\System\CiirBSy.exe
  2⤵
  PID:8764
- C:\Windows\System\jtBKlrd.exe
  C:\Windows\System\jtBKlrd.exe
  2⤵
  PID:8784
- C:\Windows\System\Wjywsjx.exe
  C:\Windows\System\Wjywsjx.exe
  2⤵
  PID:8844
- C:\Windows\System\ywDCrJW.exe
  C:\Windows\System\ywDCrJW.exe
  2⤵
  PID:8848
- C:\Windows\System\NFLFoFa.exe
  C:\Windows\System\NFLFoFa.exe
  2⤵
  PID:8816
- C:\Windows\System\YkvBWvM.exe
  C:\Windows\System\YkvBWvM.exe
  2⤵
  PID:8860
- C:\Windows\System\QBQsnGh.exe
  C:\Windows\System\QBQsnGh.exe
  2⤵
  PID:928
- C:\Windows\System\revyrdG.exe
  C:\Windows\System\revyrdG.exe
  2⤵
  PID:908
- C:\Windows\System\aipADps.exe
  C:\Windows\System\aipADps.exe
  2⤵
  PID:8956
- C:\Windows\System\RreswHt.exe
  C:\Windows\System\RreswHt.exe
  2⤵
  PID:8968
- C:\Windows\System\dMrldjP.exe
  C:\Windows\System\dMrldjP.exe
  2⤵
  PID:9020
- C:\Windows\System\MqPUdSR.exe
  C:\Windows\System\MqPUdSR.exe
  2⤵
  PID:9036
- C:\Windows\System\iPwMzil.exe
  C:\Windows\System\iPwMzil.exe
  2⤵
  PID:9108
- C:\Windows\System\kFsOxAH.exe
  C:\Windows\System\kFsOxAH.exe
  2⤵
  PID:9160
- C:\Windows\System\sncqZFy.exe
  C:\Windows\System\sncqZFy.exe
  2⤵
  PID:7428
- C:\Windows\System\aNaojPP.exe
  C:\Windows\System\aNaojPP.exe
  2⤵
  PID:8244
- C:\Windows\System\MlPDCFH.exe
  C:\Windows\System\MlPDCFH.exe
  2⤵
  PID:4592
- C:\Windows\System\GqACLKU.exe
  C:\Windows\System\GqACLKU.exe
  2⤵
  PID:8340
- C:\Windows\System\wzPlBMs.exe
  C:\Windows\System\wzPlBMs.exe
  2⤵
  PID:8356
- C:\Windows\System\wauyQHL.exe
  C:\Windows\System\wauyQHL.exe
  2⤵
  PID:8260
- C:\Windows\System\fuPqalk.exe
  C:\Windows\System\fuPqalk.exe
  2⤵
  PID:8420
- C:\Windows\System\saGDskm.exe
  C:\Windows\System\saGDskm.exe
  2⤵
  PID:8532
- C:\Windows\System\kvKtnsd.exe
  C:\Windows\System\kvKtnsd.exe
  2⤵
  PID:8452
- C:\Windows\System\zqFHhMa.exe
  C:\Windows\System\zqFHhMa.exe
  2⤵
  PID:8612
- C:\Windows\System\pCIykIl.exe
  C:\Windows\System\pCIykIl.exe
  2⤵
  PID:8696
- C:\Windows\System\EqtYOHl.exe
  C:\Windows\System\EqtYOHl.exe
  2⤵
  PID:8752
- C:\Windows\System\xmGBsRy.exe
  C:\Windows\System\xmGBsRy.exe
  2⤵
  PID:8868
- C:\Windows\System\KVeftAQ.exe
  C:\Windows\System\KVeftAQ.exe
  2⤵
  PID:8812
- C:\Windows\System\uDmiCwg.exe
  C:\Windows\System\uDmiCwg.exe
  2⤵
  PID:8896
- C:\Windows\System\hAYOTkJ.exe
  C:\Windows\System\hAYOTkJ.exe
  2⤵
  PID:9000
- C:\Windows\System\YwRruse.exe
  C:\Windows\System\YwRruse.exe
  2⤵
  PID:8948
- C:\Windows\System\OGDmhfS.exe
  C:\Windows\System\OGDmhfS.exe
  2⤵
  PID:9140
- C:\Windows\System\FYWgTfl.exe
  C:\Windows\System\FYWgTfl.exe
  2⤵
  PID:8920
- C:\Windows\System\aYKpYvq.exe
  C:\Windows\System\aYKpYvq.exe
  2⤵
  PID:9180
- C:\Windows\System\ZDCBjOu.exe
  C:\Windows\System\ZDCBjOu.exe
  2⤵
  PID:9148
- C:\Windows\System\oaGZsTq.exe
  C:\Windows\System\oaGZsTq.exe
  2⤵
  PID:8240
- C:\Windows\System\XvoplUf.exe
  C:\Windows\System\XvoplUf.exe
  2⤵
  PID:8292
- C:\Windows\System\gyDRzvG.exe
  C:\Windows\System\gyDRzvG.exe
  2⤵
  PID:8304
- C:\Windows\System\kfwDuri.exe
  C:\Windows\System\kfwDuri.exe
  2⤵
  PID:8344
- C:\Windows\System\ljVGZlm.exe
  C:\Windows\System\ljVGZlm.exe
  2⤵
  PID:8468
- C:\Windows\System\NnnObKP.exe
  C:\Windows\System\NnnObKP.exe
  2⤵
  PID:8568
- C:\Windows\System\FpvuQCe.exe
  C:\Windows\System\FpvuQCe.exe
  2⤵
  PID:8580
- C:\Windows\System\ifsILkD.exe
  C:\Windows\System\ifsILkD.exe
  2⤵
  PID:9096
- C:\Windows\System\cyCZdQH.exe
  C:\Windows\System\cyCZdQH.exe
  2⤵
  PID:8836
- C:\Windows\System\cdalRRA.exe
  C:\Windows\System\cdalRRA.exe
  2⤵
  PID:8736
- C:\Windows\System\hDCwhoe.exe
  C:\Windows\System\hDCwhoe.exe
  2⤵
  PID:9004
- C:\Windows\System\IWUXtuR.exe
  C:\Windows\System\IWUXtuR.exe
  2⤵
  PID:9056
- C:\Windows\System\DwGRRNS.exe
  C:\Windows\System\DwGRRNS.exe
  2⤵
  PID:8952
- C:\Windows\System\wdOVZMC.exe
  C:\Windows\System\wdOVZMC.exe
  2⤵
  PID:9128
- C:\Windows\System\YcMNhpi.exe
  C:\Windows\System\YcMNhpi.exe
  2⤵
  PID:9196
- C:\Windows\System\cGMKRyB.exe
  C:\Windows\System\cGMKRyB.exe
  2⤵
  PID:8376
- C:\Windows\System\CyPHlCB.exe
  C:\Windows\System\CyPHlCB.exe
  2⤵
  PID:9112
- C:\Windows\System\NOyZzKO.exe
  C:\Windows\System\NOyZzKO.exe
  2⤵
  PID:9192
- C:\Windows\System\zpYTtnH.exe
  C:\Windows\System\zpYTtnH.exe
  2⤵
  PID:8348
- C:\Windows\System\kVswmFR.exe
  C:\Windows\System\kVswmFR.exe
  2⤵
  PID:9224
- C:\Windows\System\RNKiXhf.exe
  C:\Windows\System\RNKiXhf.exe
  2⤵
  PID:9240
- C:\Windows\System\TROJTLn.exe
  C:\Windows\System\TROJTLn.exe
  2⤵
  PID:9256
- C:\Windows\System\CMDbjxO.exe
  C:\Windows\System\CMDbjxO.exe
  2⤵
  PID:9272
- C:\Windows\System\dsWZlqf.exe
  C:\Windows\System\dsWZlqf.exe
  2⤵
  PID:9292
- C:\Windows\System\GbjsCML.exe
  C:\Windows\System\GbjsCML.exe
  2⤵
  PID:9312
- C:\Windows\System\IZjFQiM.exe
  C:\Windows\System\IZjFQiM.exe
  2⤵
  PID:9328
- C:\Windows\System\ZdUmTLI.exe
  C:\Windows\System\ZdUmTLI.exe
  2⤵
  PID:9344
- C:\Windows\System\nmGtmaI.exe
  C:\Windows\System\nmGtmaI.exe
  2⤵
  PID:9364
- C:\Windows\System\zcpMmve.exe
  C:\Windows\System\zcpMmve.exe
  2⤵
  PID:9388
- C:\Windows\System\rPYgIUC.exe
  C:\Windows\System\rPYgIUC.exe
  2⤵
  PID:9404
- C:\Windows\System\pyOOHqh.exe
  C:\Windows\System\pyOOHqh.exe
  2⤵
  PID:9420
- C:\Windows\System\lkTxwOY.exe
  C:\Windows\System\lkTxwOY.exe
  2⤵
  PID:9440
- C:\Windows\System\IsCjmre.exe
  C:\Windows\System\IsCjmre.exe
  2⤵
  PID:9464
- C:\Windows\System\ByIrzzH.exe
  C:\Windows\System\ByIrzzH.exe
  2⤵
  PID:9484
- C:\Windows\System\UTzSVTU.exe
  C:\Windows\System\UTzSVTU.exe
  2⤵
  PID:9504
- C:\Windows\System\uVDRIEg.exe
  C:\Windows\System\uVDRIEg.exe
  2⤵
  PID:9524
- C:\Windows\System\ZawPqGA.exe
  C:\Windows\System\ZawPqGA.exe
  2⤵
  PID:9548
- C:\Windows\System\XpromIx.exe
  C:\Windows\System\XpromIx.exe
  2⤵
  PID:9564
- C:\Windows\System\NIfKogj.exe
  C:\Windows\System\NIfKogj.exe
  2⤵
  PID:9588
- C:\Windows\System\FHiXCeM.exe
  C:\Windows\System\FHiXCeM.exe
  2⤵
  PID:9608
- C:\Windows\System\QBhPjEV.exe
  C:\Windows\System\QBhPjEV.exe
  2⤵
  PID:9628
- C:\Windows\System\PAcGQAT.exe
  C:\Windows\System\PAcGQAT.exe
  2⤵
  PID:9644
- C:\Windows\System\yokgiua.exe
  C:\Windows\System\yokgiua.exe
  2⤵
  PID:9668
- C:\Windows\System\BhlyUxt.exe
  C:\Windows\System\BhlyUxt.exe
  2⤵
  PID:9684
- C:\Windows\System\GEKGFvy.exe
  C:\Windows\System\GEKGFvy.exe
  2⤵
  PID:9704
- C:\Windows\System\wMAchDu.exe
  C:\Windows\System\wMAchDu.exe
  2⤵
  PID:9720
- C:\Windows\System\IgdUtQp.exe
  C:\Windows\System\IgdUtQp.exe
  2⤵
  PID:9736
- C:\Windows\System\UJIlCqR.exe
  C:\Windows\System\UJIlCqR.exe
  2⤵
  PID:9756
- C:\Windows\System\WoVEVOH.exe
  C:\Windows\System\WoVEVOH.exe
  2⤵
  PID:9776
- C:\Windows\System\IEvEfbB.exe
  C:\Windows\System\IEvEfbB.exe
  2⤵
  PID:9792
- C:\Windows\System\JJjiBmO.exe
  C:\Windows\System\JJjiBmO.exe
  2⤵
  PID:9816
- C:\Windows\System\AydYCQx.exe
  C:\Windows\System\AydYCQx.exe
  2⤵
  PID:9836
- C:\Windows\System\nkCXRZo.exe
  C:\Windows\System\nkCXRZo.exe
  2⤵
  PID:9856
- C:\Windows\System\mwNCIwb.exe
  C:\Windows\System\mwNCIwb.exe
  2⤵
  PID:9876
- C:\Windows\System\doKyngI.exe
  C:\Windows\System\doKyngI.exe
  2⤵
  PID:9892
- C:\Windows\System\UVAORfq.exe
  C:\Windows\System\UVAORfq.exe
  2⤵
  PID:9916
- C:\Windows\System\dqSpSOM.exe
  C:\Windows\System\dqSpSOM.exe
  2⤵
  PID:9932
- C:\Windows\System\leHhymv.exe
  C:\Windows\System\leHhymv.exe
  2⤵
  PID:9948
- C:\Windows\System\FMqGDSm.exe
  C:\Windows\System\FMqGDSm.exe
  2⤵
  PID:9972
- C:\Windows\System\OtZUadN.exe
  C:\Windows\System\OtZUadN.exe
  2⤵
  PID:9988
- C:\Windows\System\uhSYHNY.exe
  C:\Windows\System\uhSYHNY.exe
  2⤵
  PID:10004
- C:\Windows\System\PXkbQkO.exe
  C:\Windows\System\PXkbQkO.exe
  2⤵
  PID:10020
- C:\Windows\System\aEMocOY.exe
  C:\Windows\System\aEMocOY.exe
  2⤵
  PID:10036
- C:\Windows\System\LQJXrWF.exe
  C:\Windows\System\LQJXrWF.exe
  2⤵
  PID:10052
- C:\Windows\System\BlfeDZI.exe
  C:\Windows\System\BlfeDZI.exe
  2⤵
  PID:10068
- C:\Windows\System\PgHYpAz.exe
  C:\Windows\System\PgHYpAz.exe
  2⤵
  PID:10084
- C:\Windows\System\NrSkPkG.exe
  C:\Windows\System\NrSkPkG.exe
  2⤵
  PID:10100
- C:\Windows\System\nwOKJAJ.exe
  C:\Windows\System\nwOKJAJ.exe
  2⤵
  PID:10116
- C:\Windows\System\TsEAKon.exe
  C:\Windows\System\TsEAKon.exe
  2⤵
  PID:10132
- C:\Windows\System\sRWeaCf.exe
  C:\Windows\System\sRWeaCf.exe
  2⤵
  PID:10148
- C:\Windows\System\ZqaxAcg.exe
  C:\Windows\System\ZqaxAcg.exe
  2⤵
  PID:10164
- C:\Windows\System\IQQpOLJ.exe
  C:\Windows\System\IQQpOLJ.exe
  2⤵
  PID:10180
- C:\Windows\System\hULxBdE.exe
  C:\Windows\System\hULxBdE.exe
  2⤵
  PID:10196
- C:\Windows\System\DcmuQqP.exe
  C:\Windows\System\DcmuQqP.exe
  2⤵
  PID:10212
- C:\Windows\System\tVUuprr.exe
  C:\Windows\System\tVUuprr.exe
  2⤵
  PID:8660
- C:\Windows\System\zHiPYim.exe
  C:\Windows\System\zHiPYim.exe
  2⤵
  PID:8992
- C:\Windows\System\ZKvLhQO.exe
  C:\Windows\System\ZKvLhQO.exe
  2⤵
  PID:8368
- C:\Windows\System\VmiEygq.exe
  C:\Windows\System\VmiEygq.exe
  2⤵
  PID:8372
- C:\Windows\System\kxlbOmo.exe
  C:\Windows\System\kxlbOmo.exe
  2⤵
  PID:9220
- C:\Windows\System\PxTDHuI.exe
  C:\Windows\System\PxTDHuI.exe
  2⤵
  PID:9284
- C:\Windows\System\yovhpSE.exe
  C:\Windows\System\yovhpSE.exe
  2⤵
  PID:8352
- C:\Windows\System\BYWohZG.exe
  C:\Windows\System\BYWohZG.exe
  2⤵
  PID:9252
- C:\Windows\System\RtXYXHs.exe
  C:\Windows\System\RtXYXHs.exe
  2⤵
  PID:9476
- C:\Windows\System\BPrZDZe.exe
  C:\Windows\System\BPrZDZe.exe
  2⤵
  PID:9396
- C:\Windows\System\wPGPUkJ.exe
  C:\Windows\System\wPGPUkJ.exe
  2⤵
  PID:9428
- C:\Windows\System\Prtafbv.exe
  C:\Windows\System\Prtafbv.exe
  2⤵
  PID:9604
- C:\Windows\System\KSGRVfY.exe
  C:\Windows\System\KSGRVfY.exe
  2⤵
  PID:9680
- C:\Windows\System\SFxVYzQ.exe
  C:\Windows\System\SFxVYzQ.exe
  2⤵
  PID:9024
- C:\Windows\System\ubnhasL.exe
  C:\Windows\System\ubnhasL.exe
  2⤵
  PID:9748
- C:\Windows\System\dbwiKAl.exe
  C:\Windows\System\dbwiKAl.exe
  2⤵
  PID:9784
- C:\Windows\System\sBznKpT.exe
  C:\Windows\System\sBznKpT.exe
  2⤵
  PID:9832
- C:\Windows\System\rqTKhgh.exe
  C:\Windows\System\rqTKhgh.exe
  2⤵
  PID:9900
- C:\Windows\System\IGRIGta.exe
  C:\Windows\System\IGRIGta.exe
  2⤵
  PID:9908
- C:\Windows\System\CwVNTjn.exe
  C:\Windows\System\CwVNTjn.exe
  2⤵
  PID:9236
- C:\Windows\System\CBsYSsB.exe
  C:\Windows\System\CBsYSsB.exe
  2⤵
  PID:9336
- C:\Windows\System\HydoVDX.exe
  C:\Windows\System\HydoVDX.exe
  2⤵
  PID:9956
- C:\Windows\System\HmJTdSP.exe
  C:\Windows\System\HmJTdSP.exe
  2⤵
  PID:9308
- C:\Windows\System\RXNQUYC.exe
  C:\Windows\System\RXNQUYC.exe
  2⤵
  PID:9812
- C:\Windows\System\iRdTzbg.exe
  C:\Windows\System\iRdTzbg.exe
  2⤵
  PID:9384
- C:\Windows\System\HgAdkgI.exe
  C:\Windows\System\HgAdkgI.exe
  2⤵
  PID:9452
- C:\Windows\System\DMNtjTc.exe
  C:\Windows\System\DMNtjTc.exe
  2⤵
  PID:9460
- C:\Windows\System\ZvnUVkM.exe
  C:\Windows\System\ZvnUVkM.exe
  2⤵
  PID:9544
- C:\Windows\System\hlQuxMl.exe
  C:\Windows\System\hlQuxMl.exe
  2⤵
  PID:9584
- C:\Windows\System\cWmHcZP.exe
  C:\Windows\System\cWmHcZP.exe
  2⤵
  PID:9624
- C:\Windows\System\CVVtgXG.exe
  C:\Windows\System\CVVtgXG.exe
  2⤵
  PID:9700
- C:\Windows\System\MCgGeEv.exe
  C:\Windows\System\MCgGeEv.exe
  2⤵
  PID:9772
- C:\Windows\System\BOzymqd.exe
  C:\Windows\System\BOzymqd.exe
  2⤵
  PID:9888
- C:\Windows\System\zOvKiuA.exe
  C:\Windows\System\zOvKiuA.exe
  2⤵
  PID:9960
- C:\Windows\System\xlLHEFs.exe
  C:\Windows\System\xlLHEFs.exe
  2⤵
  PID:10016
- C:\Windows\System\WKQJEji.exe
  C:\Windows\System\WKQJEji.exe
  2⤵
  PID:10000
- C:\Windows\System\VLFZAFQ.exe
  C:\Windows\System\VLFZAFQ.exe
  2⤵
  PID:10080
- C:\Windows\System\TQeEgwM.exe
  C:\Windows\System\TQeEgwM.exe
  2⤵
  PID:10172
- C:\Windows\System\aRnSwGk.exe
  C:\Windows\System\aRnSwGk.exe
  2⤵
  PID:10160
- C:\Windows\System\xPhsOYl.exe
  C:\Windows\System\xPhsOYl.exe
  2⤵
  PID:10124
- C:\Windows\System\gHlFtpo.exe
  C:\Windows\System\gHlFtpo.exe
  2⤵
  PID:10192
- C:\Windows\System\qNXHASC.exe
  C:\Windows\System\qNXHASC.exe
  2⤵
  PID:8212
- C:\Windows\System\dKgeMdF.exe
  C:\Windows\System\dKgeMdF.exe
  2⤵
  PID:10228
- C:\Windows\System\ANVLAFR.exe
  C:\Windows\System\ANVLAFR.exe
  2⤵
  PID:9400
- C:\Windows\System\hanhNkO.exe
  C:\Windows\System\hanhNkO.exe
  2⤵
  PID:9280
- C:\Windows\System\PJsdTBQ.exe
  C:\Windows\System\PJsdTBQ.exe
  2⤵
  PID:8972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\Apcdgiq.exe

Filesize
6.0MB

MD5
e6907183468480541b24638d7b31870a

SHA1
7c2d7604e2a0e4128baad152785f67a965ba985c

SHA256
8e74a1dad1a38e0f5e766ef6d40550dc7db36d319a06c68ca70d6755102d5c8b

SHA512
7ed2a360ac80dd737d6d0aed290293850483b25296a1c510140237eccd4a0300ce387954833e65794fb5c40ac99dc18a414c03c79a1603f4858464dc8ac65b3b

Download Submit
C:\Windows\system\BgjWVNU.exe

Filesize
6.0MB

MD5
822dde4a5b6f9f163a81bdc0ce53fc07

SHA1
47e8afabdf795d354e633eb5e6e65c9862ebe75e

SHA256
6ec3f6e8f36625daf74e08af6953a46caae35adf1357228f6faaf1ead94fbc94

SHA512
c177ae252c414b8ea7c876f2fc93061f79bbb8a48071637107dd6e92ed96f6463117a6b86057174376cf1420935446924be80419b911f34748a6710fa5a7c32a

Download Submit
C:\Windows\system\GUMeGYj.exe

Filesize
6.0MB

MD5
f265db8cc521cd2b5b83380dd483a7df

SHA1
fe4c86b8b17417c7156f3d62c0cf8e5e881cefa9

SHA256
9f9cc3cad5170d8328261295e5272fac678b5043db47dc38623d6922e553a2a1

SHA512
9ed4283ffc68bc68840d6674b40813ad772b5ecd00ca2b42f7f45f847f482b3840e17ca5ca8b931b46b77c558833f4b1fb4b442710bea66f708346da2afe44ed

Download Submit
C:\Windows\system\HUyIqeS.exe

Filesize
6.0MB

MD5
8b74380f73ecd362d00ee3f69a383d1a

SHA1
a9f5e93a9c925599f468881f35dbfec3aa139843

SHA256
eb75be9e1adc77128a6c0e66e1134889d2ad8f3e0f8dc336e0bc97c1ea4f682d

SHA512
22cbe2e118c1f729e5ffcb3f4d6d04e6d8541f4276cab1f2d065bf24965d3336f31bba4843529951e8adf67eb8a6d68c88064adacdb3b7d8050775944f739ba6

Download Submit
C:\Windows\system\ISrrSUi.exe

Filesize
6.0MB

MD5
dcf10d7278495230b38f02df1cf80fcd

SHA1
79103439ed941d8fa131a0848daf868475c75649

SHA256
f5e0e67e9524341d65bbee63acb03696503a9735b196d42733fb178e6a38566f

SHA512
c72ac2de53f6d4718f5f46d9773a15e10093db77ffa051a098d08a27eafc4f51785c2c710f944cfffce73b637a446b98e687116bdc47f2afceaf1028c794b5ac

Download Submit
C:\Windows\system\MfCBsvG.exe

Filesize
6.0MB

MD5
f392c54c1611cbaafe52898b1bbfaf96

SHA1
de5fb75ef3ee7c272b86765647f3f2fc51d3a2c2

SHA256
9b6576873d7cea3a13f053ea70a9b9f9278a97ac5a5b9c9d2c28d0ce73902587

SHA512
bc774fe6c78843f866d9217e66878543d732d548bc9064231e919c5d553fd146555217568276772841de90c7b4662f6a032f404c90ce16964b0c5671cf43ec0a

Download Submit
C:\Windows\system\NouClUJ.exe

Filesize
6.0MB

MD5
a067ffeecc6e1f0f68fef0d6fcf475a1

SHA1
b340d8a697804bdeec0e6bb5336acf944fe964a9

SHA256
e2b83086ecdc7a20b4ecc5ba6c707bdd39945c6044b313b39b0c34e4cbac6c79

SHA512
4b8e9249e387761bd17d9e63054546542cb2c014c31831b8823743085290dc720177b80eccb9524cc5ce83ce02bfc61d7652dc713419fd9df1fa00bd6aa0061d

Download Submit
C:\Windows\system\QbWzmVz.exe

Filesize
6.0MB

MD5
cfac06a306dfcd564a105c2ac9f622ea

SHA1
3fa7c4173e637c31211962bfaf1ff0f0778bbb3e

SHA256
92bdbdb53bfab7f716c09a6b7689cf4c17783a74a2b221fb513ddcdf32cccc64

SHA512
9f7ee600fb64200c4be8bbc88a7534dc3e8a44040d403581f47dac9f869d1c0b08a24d7a83c05fbdf9c3d07446cee563d7b75e526b65dfa8e0850e00901df0ba

Download Submit
C:\Windows\system\UDBCOOd.exe

Filesize
6.0MB

MD5
d0af76e299aafe72ede8e20e2fd982ab

SHA1
258fccdcc31cad14bb2f2f31b0dbf787452ed4cc

SHA256
846d133771d141509658584f2946583130d5aeabea92b11e4529c7ff8eb868e5

SHA512
a4f3974ce7a77c25cd37ffc8e2d6d0966fa4ecaf0da32a3893ce8d54920cb4dbf35afdbb60e20a4c3bb1f3874fc8812026bd7681394b0ea9176db1659531829e

Download Submit
C:\Windows\system\VnFGBcE.exe

Filesize
6.0MB

MD5
529f3326ded18c13b3ffef4d8c6b92ec

SHA1
a182b58da3143322d71a0de96a70823b5648243a

SHA256
e130098a469a272cd559f6851c4ce6d2d8b5f29aa391072a081c8ee7e76df45a

SHA512
39548e0b909d5e808f6eaadcbb9c73e9f7c166b2f4f0b4efe9eb76c03fb1ac46bf51224548adf91aa1826fcac6d1fd403161580d6371bbabe7d4fc077948cd24

Download Submit
C:\Windows\system\YaxHOQJ.exe

Filesize
6.0MB

MD5
31142730b9fff7cc51309710ad6e3cb1

SHA1
85eaf7a230b09f3b51aa8e71eda7f04e8f308a24

SHA256
1454d87dfaab2cabd0a3bf0e263a69751d04e68e42030fab8f6b5d020f28dce7

SHA512
507d30a6c9759aec36d6e61af2d44a3e3adb0581650226c3af247581615675891ad9cd476561e02a64282f174782c064fc5d5f5f06859ec8c0c80ad3aac42ef0

Download Submit
C:\Windows\system\YjQfRLH.exe

Filesize
6.0MB

MD5
3e5335397bd853d23851dd6668110b55

SHA1
9e6a09766384b0435f9eea36b68d13ac19e0fee1

SHA256
ad66a7537eb55ea382dcc306709d5a609326af2db596429533daff00aee48d8e

SHA512
27a7b17cc236db659e755ed31869fbb9b2889b36d96f9b92bd5c4d341f76ca71a1f7c9e8b8fb70b80f529074807a15a852483a24ca0b3b14b17a314b2e0938cd

Download Submit
C:\Windows\system\ZOjNOVD.exe

Filesize
6.0MB

MD5
a305d2343c3164159ee160d1736d3fd8

SHA1
397e22344aa4852802008e5a8bd5b5c295331d2a

SHA256
8af504cb8c70791f2edefee9f4c3a0f2013d768cdd4406c90e4a66882484d321

SHA512
f9a00f16be14610e3a0cbd0ec5f268dc4a6e62fc2fe8a1323b98d7136fb3ac789b6c035e137e81265774439583b67c42542a1c97fd37cd5eb90fbdc321d20d76

Download Submit
C:\Windows\system\ZeoXrwt.exe

Filesize
6.0MB

MD5
7936afe1e26b5c6c9ae25878bcc82158

SHA1
ad4bf53a6aa143018c0dc294056e9c3cdc948b07

SHA256
b87d35fe1acf429b5047f1b46f0d341d5e84cb9a89525fb973926effbefff5bb

SHA512
82f3ebb72481595fecfd4616fe43f9827ce44b6fbdf68aff1caa8897141854dc0e15b7e83900761d2e08825f2c27a7616f0b9402c3b312dd1a818c9a90973282

Download Submit
C:\Windows\system\cXGICmt.exe

Filesize
6.0MB

MD5
1a00599bdc01cc00a53d92a2a25bcc6d

SHA1
8991834df1ab18fa51eb9d326c0d0f0eec9892ec

SHA256
58be4febda07a6ef24cc16a88b6fc9867e68c7c9f599dc2788ccdddd8b0c6129

SHA512
8ce66e1e1cbf736eff9f4f175b4b2e05355bac2079994ed0ee06cfbc92457cc3bebcb1bcf244c7e9b0eccdccdd2938d65a3741c639fece420e27b83fd985bbe8

Download Submit
C:\Windows\system\eNTQQtk.exe

Filesize
6.0MB

MD5
6343b4f7d0225b880063d9c9e2bccf0a

SHA1
eb58f93015b2513acf5645e6a243064e88758fc8

SHA256
bfaf1df91333124a0b5c85e0c2c5c3829c974f164aa5877af85e188b14a12d87

SHA512
e85f618a59c92b9c0cc9dc6d6989fc49a0b4a87df8a05638e57914c128aeaa1852ab9dcd42800cb4a0a735ec3d91f3bd73d83fbc65f13700154e9f932058ad01

Download Submit
C:\Windows\system\fNjNXzg.exe

Filesize
6.0MB

MD5
f7bb487114897c480364bc41a943eb18

SHA1
82a1879627c6be05bbf5cb873f5a609ad4587d93

SHA256
0bc7debd9fa2770b0e282ef009e950c5a235e90602e15046013a598dcf382012

SHA512
e4a33768be42ba336c8f43ed8000728334faf0c6226b4bf467157de774c4af1e06a9ddb1db9e3dcf3d796ae53c5f25fdf8b1b0375306b86c60531a3c4ece3c6f

Download Submit
C:\Windows\system\gnjYNaw.exe

Filesize
6.0MB

MD5
c3c2088ee08a9dd91db5ce74331665ef

SHA1
43e5a704d52b8eaed0c3f971340568cc8e31bb3c

SHA256
52aa291573b3a4f170765a5bdb389ee3fc016b71eb6c0d96b3f3efab656b30b4

SHA512
2a10498624e9e1768d0534e41e0371539d40280feac624d70016675097181c3deac34d24b360c04ef28b16b7c4a330a0df97ed0b1954a5549d6362d6f5be5092

Download Submit
C:\Windows\system\hRIeFLC.exe

Filesize
6.0MB

MD5
30072e838339efde1cfc3348db1fe434

SHA1
b3ec4093c5952630f7083fba8722345370f288d4

SHA256
e0eb21f549321973788a37a626365ebf0decc4165100c3d3254d21eb262be494

SHA512
24787583a498244a1c80c3c25e0014513a15d4ffe469d264d89881c97946ea1cd6c5c16678d91a4cd44860076188bcbd7a97aafec903feb3de67a5bf61a13cbf

Download Submit
C:\Windows\system\iJhonXS.exe

Filesize
6.0MB

MD5
615c7f83d3a71ebe1f1cfee0cae9ed6e

SHA1
131532c62e6dc79be6424452500f36b11b549f13

SHA256
66c036fe4e3bbf65ebd2d873e129620ca0ff4d2f0e5d6f0f7f1f1d70326fa0a7

SHA512
c24ba3a81d9b85dfb88923e3ff87d04c764ab7ab8a4b3d6918aaf7e2fb0e625608c36078a25ce4a7b4a84828c146c0c4c8dd8d51bbb538e152b7fcd56d257c45

Download Submit
C:\Windows\system\ijauQCh.exe

Filesize
6.0MB

MD5
96b79f36eb4d40dd67272db94af8cd7a

SHA1
58f49762975336db633403daa1a85f1f1171cd55

SHA256
8e00d318c30b51be3c0e44acb3bf3b0be5cb5b8d3e5169fc104d7eeadf6773fa

SHA512
db23cd8f29e40798405a49b71773f75d6e8623ad57b5e9426ee2b964e4128c4d1a8392b3d932019553c0de7703527e9f8c2c15ff7fef87a2bc45355a78ed8299

Download Submit
C:\Windows\system\jReEWFG.exe

Filesize
6.0MB

MD5
cec2e46963d97ca02eee89d33f0726b3

SHA1
d97521e262df8db8265b2d4863eb91dce68009c3

SHA256
1d730fe145f48ac0bb80f4b42b596d13d771e8cda62854ef836478a060992988

SHA512
d3177140d3852c3509e8186e1626e4ba5d64654eadd947c96cfbaa0f0a7a44078f4b0f07150c5317c9183004c5dab4fa1c769067385dfe9e02ee58ca48721269

Download Submit
C:\Windows\system\lLuCmiX.exe

Filesize
6.0MB

MD5
69c8981d7e2dc05822f0d6b89be8ea3b

SHA1
5e9078578bef6c2431becb45fb264f7a81c6fe02

SHA256
3304ede5b25b83d80a68a6172083fce584ca45419c9fc30cabdefede46251706

SHA512
67dbca531025d23d1f90e638bb688a5fb801152513a1eb67a48b47ef1142dc5e3fda3ca82935b5c5c5cbb55eaeff0f874271f96974c090d9a316e296a99054b6

Download Submit
C:\Windows\system\ljuCFRQ.exe

Filesize
6.0MB

MD5
dd20b66f65909faba288cdb065784a3f

SHA1
21e33cf7ffbac411a33eff1bd61ea611a180931c

SHA256
e5eda5b60d6d83ff2e567d5fd10702948f5d696455023960cf26f2b41a713f3d

SHA512
43479cd3a4c8c53682600ad01909abf8bf7d6697a1b4959a3bce506a918d75b24e3710a7ae712f30123c737f5d2bdc62be54c8f551bf595fade0df4017578664

Download Submit
C:\Windows\system\mdKRxFR.exe

Filesize
6.0MB

MD5
c8dc257c71d4aaca17588eed2e7e2bdf

SHA1
1322ee621210a87e76d9c9c02c1666542c2b8bf1

SHA256
e80e42bef8069aa539eb744d115b1ec13546d784e78927dc4e96069bfc64629d

SHA512
7fa66f2d472ba2e10de983357cc74099b6cff4659c06874ca471ea38e205e6f41f4cd620df873efe9506730dde677322eecb3df4a3d38b25332e03ea39bf28b7

Download Submit
C:\Windows\system\pgUxKZf.exe

Filesize
6.0MB

MD5
510609fdddafb1d44aa8e68808b972b4

SHA1
87fe4add15ae137c7b640dc83ccfe88a14f5ff97

SHA256
94a26d9cb72b68cbfe353c2815cb466bebb11e45df6444d4fea5cc8167f6c560

SHA512
874952621a61109ff09c16f244e33136baf3700b8e0d063827ef5adbb9943b05a7826d6658864dd207fb0d1dd1b5940f2154f273d5a503caabf1910a805adf34

Download Submit
C:\Windows\system\qLhcNNx.exe

Filesize
6.0MB

MD5
1ca27de344dbbf0d17939391a7ec8efb

SHA1
21ab52d2940062db222dd8b77ad912f66f1bfc51

SHA256
c0834b3692e05a33d41f97a192aa3ad2da18071085e8056dbee21cf1b06d805f

SHA512
ae29bd7402b1630888b16605a0be91bfa32acaed8c104bf0fc3506bfd4f2f73192046c2c9b6ee27279310967a8b1000a23cf75a88f01f18237a3d92178a7f521

Download Submit
C:\Windows\system\yEZPRLp.exe

Filesize
6.0MB

MD5
7cd67f63b9d114fe3cdcbc3c8f720ad5

SHA1
f80420eace93a22f612ccca4567a46c13f795d3a

SHA256
3e09ea1b50c98f5e483c98d19543ae386edf737821eb3dedecb25c8161ac449e

SHA512
a676a5c1c8ec1764ef91f845e7304022ca8ea0352807027cc7b4943580a422a153d5b2c9682f1cdae66054f5f2887fda57117ba5a2c0ed2456ec8a05bc16628e

Download Submit
C:\Windows\system\yfzSCFT.exe

Filesize
6.0MB

MD5
ddc26f423190f2acc1cb1c22defbfd74

SHA1
77bcd64675c54e937cf9a94472886afb58559ebc

SHA256
9de9b757e619cb5e8b7c691b5dfab8967b408406dc3c859fd90d77810ec38e69

SHA512
4df11b92e540aa1b66d6871849099b200afed81ae32256f895a7a2f62db1c6c6383c22e425a1f5ea8e35e9ff5f5353f35c5cc435646b0fb9fcc4172d99e2f2b8

Download Submit
C:\Windows\system\zKdHoIl.exe

Filesize
6.0MB

MD5
1cdfab30ee2280b50d6a59a3afb79b19

SHA1
e746ffedc996e3f817baf35e6a22b04287c77644

SHA256
f95c3d9895fdf59615984243136e658d4219e9b94fc8eb2566e8fcadb9cb2b09

SHA512
3707830be1ec9af4b25bcd78fe5d04d9436e180d186f3d50c8e782558bd4ed8ba589111f6711f589c4a38d08ea54c3d15e49140842bc0a5155143a70a6d2ac46

Download Submit
\Windows\system\CknrBTB.exe

Filesize
6.0MB

MD5
09abe3cc7a70ded6b283aa35604a94c9

SHA1
41abaf417d4ff65c354bc33daef075a2b56a39ab

SHA256
97de702f38a573d5407b8345a8e58efaa991c98e126890f4184996e056181279

SHA512
46e47bc23bf96f7c9f11a0ae23699f31ab92a67676b97183fef2ff236613f3e9363eb54d80138e794c4ade9eb04cef10b9182e62be409b7ffdb813714f2293bd

Download Submit
\Windows\system\kbThyUf.exe

Filesize
6.0MB

MD5
d4ef28dbbf3560774605046053c218b7

SHA1
5acd1ad3140303cad3ebfa64dc8fc4ccbcf81fa9

SHA256
db6382b4dce3c81c69a8d930240c5b86868c6803aa02cb6d9823792d3261620e

SHA512
793fe692540df96e9cef0fab8db7a2006c6f5cdf7078e1c69f1d76066a631f62230ab6a45c5f1b4524337cd5736f7dfa97d8926f369618f8c23c53b74cd66b39

Download Submit
memory/736-2359-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/736-2628-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2096-0-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2096-1950-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2096-5294-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2096-2288-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2096-2011-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2096-2007-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2096-2136-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2096-2005-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2096-2234-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2096-1982-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2096-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2096-2324-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2576-2629-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2576-2287-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2584-2008-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2584-2608-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2612-2209-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2612-2607-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2636-2609-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-2323-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-2618-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2692-2004-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1924-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2808-4598-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2812-2134-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2812-2621-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2836-2603-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2836-2006-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download