cobaltstrike | c2a975a8f758997177d36884191bf2178477dbf0ad5fe835a9268077ac1688e0

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-12-2024 04:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

9774893a8f72b2d37a82ff3ab8debdb8
SHA1

ee5f01b9fe7c3e6026551edbd50732cff0798346
SHA256

c2a975a8f758997177d36884191bf2178477dbf0ad5fe835a9268077ac1688e0
SHA512

4fa8169775a9bd8a3b7d6dc966a839825c615280b052fc9af94623bfafbaeffbd062107a78034467c43faa4001a2d9b6ffc3f9f28c3f5d1ba74fc0b007c75631
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUD:T+q56utgpPF8u/7D

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012270-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174b4-7.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017570-14.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000175f1-18.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000175f7-22.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018697-30.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019261-33.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939f-65.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d0-73.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f9-79.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ad-93.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019510-117.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952b-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019520-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019518-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019508-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019502-109.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e1-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d5-101.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c3-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019428-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019426-85.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193dc-77.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-69.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-61.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019358-57.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019354-53.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a1-49.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019299-45.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001927a-41.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019274-37.dat	cobalt_reflective_dll
behavioral1/files/0x0011000000018683-25.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 52 IoCs

miner

resource	yara_rule
behavioral1/memory/3068-0-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/files/0x000b000000012270-3.dat	xmrig
behavioral1/files/0x00080000000174b4-7.dat	xmrig
behavioral1/files/0x0007000000017570-14.dat	xmrig
behavioral1/files/0x00070000000175f1-18.dat	xmrig
behavioral1/files/0x00070000000175f7-22.dat	xmrig
behavioral1/files/0x0008000000018697-30.dat	xmrig
behavioral1/files/0x0006000000019261-33.dat	xmrig
behavioral1/files/0x000500000001939f-65.dat	xmrig
behavioral1/files/0x00050000000193d0-73.dat	xmrig
behavioral1/files/0x00050000000193f9-79.dat	xmrig
behavioral1/files/0x00050000000194ad-93.dat	xmrig
behavioral1/files/0x0005000000019510-117.dat	xmrig
behavioral1/memory/2804-2217-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2752-2160-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2848-2121-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2836-2084-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2332-2019-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2336-1953-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2780-1888-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/1732-1792-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2320-1692-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/files/0x000500000001952b-129.dat	xmrig
behavioral1/files/0x0005000000019520-125.dat	xmrig
behavioral1/files/0x0005000000019518-121.dat	xmrig
behavioral1/files/0x0005000000019508-113.dat	xmrig
behavioral1/files/0x0005000000019502-109.dat	xmrig
behavioral1/files/0x00050000000194e1-105.dat	xmrig
behavioral1/files/0x00050000000194d5-101.dat	xmrig
behavioral1/files/0x00050000000194c3-97.dat	xmrig
behavioral1/files/0x0005000000019428-89.dat	xmrig
behavioral1/files/0x0005000000019426-85.dat	xmrig
behavioral1/files/0x00050000000193dc-77.dat	xmrig
behavioral1/files/0x00050000000193cc-69.dat	xmrig
behavioral1/files/0x000500000001938e-61.dat	xmrig
behavioral1/files/0x0005000000019358-57.dat	xmrig
behavioral1/files/0x0005000000019354-53.dat	xmrig
behavioral1/files/0x00050000000192a1-49.dat	xmrig
behavioral1/files/0x0005000000019299-45.dat	xmrig
behavioral1/files/0x000500000001927a-41.dat	xmrig
behavioral1/files/0x0005000000019274-37.dat	xmrig
behavioral1/files/0x0011000000018683-25.dat	xmrig
behavioral1/memory/2752-3881-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/3068-3870-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/1732-3889-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2336-3888-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2836-3887-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2320-3907-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2780-3908-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2804-3914-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2332-3922-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2848-3921-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
348	XDljAva.exe
2320	eDfqHHJ.exe
1732	xonbpxS.exe
2780	GXbSVOg.exe
2336	lzWQZcm.exe
2332	mZIUmWU.exe
2836	QnFBkBE.exe
2848	CNhSahF.exe
2752	QIaVbEx.exe
2804	DpGZATp.exe
2812	zrrqzYZ.exe
2408	YQNlghC.exe
2316	CAgjUmz.exe
2764	kGiZtZR.exe
2596	vpqOkTQ.exe
2644	TAAbeNG.exe
2556	PdjZRaJ.exe
2224	TvcrKPc.exe
1428	yKPJpay.exe
320	oisVVeB.exe
532	MMrmdlP.exe
2800	BcBZdTj.exe
2132	wFtZtOr.exe
1960	tqPRhww.exe
1716	RJdRjwv.exe
2920	coIzuKU.exe
2912	mDFfbmf.exe
1424	nAZxjXN.exe
2932	DxcOBWi.exe
2956	ZCfSNkJ.exe
2992	lGZEuIg.exe
2324	UHElISY.exe
2144	EbEGyln.exe
1180	cwDMajs.exe
2996	xYgryqK.exe
1556	VrHCFCv.exe
1988	bfiFkcs.exe
2968	kkbAzEv.exe
2128	JaMimke.exe
1740	ezpQzHq.exe
3048	hzcvPTA.exe
2580	jtHCtTq.exe
1916	ebYmnTR.exe
1356	bimcMcG.exe
668	SgzElow.exe
2120	CZjWQeg.exe
816	mBaBCrt.exe
1376	SPhamyt.exe
1776	xLKXjvU.exe
3040	tYkJZVm.exe
1668	rLeXrrZ.exe
1548	EtdmPuD.exe
888	ugYhglL.exe
1088	JMkVPIC.exe
2268	CssJMsO.exe
2440	lUxcZNo.exe
1244	llRWCMx.exe
2288	GnxlRMi.exe
2092	kHGDlbZ.exe
2976	mvoYxCp.exe
2212	rgogdmG.exe
2252	ROdSdQS.exe
1236	YIprQba.exe
1944	znupbqN.exe

Loads dropped DLL 64 IoCs

pid	Process
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 52 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3068-0-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/files/0x000b000000012270-3.dat	upx
behavioral1/files/0x00080000000174b4-7.dat	upx
behavioral1/files/0x0007000000017570-14.dat	upx
behavioral1/files/0x00070000000175f1-18.dat	upx
behavioral1/files/0x00070000000175f7-22.dat	upx
behavioral1/files/0x0008000000018697-30.dat	upx
behavioral1/files/0x0006000000019261-33.dat	upx
behavioral1/files/0x000500000001939f-65.dat	upx
behavioral1/files/0x00050000000193d0-73.dat	upx
behavioral1/files/0x00050000000193f9-79.dat	upx
behavioral1/files/0x00050000000194ad-93.dat	upx
behavioral1/files/0x0005000000019510-117.dat	upx
behavioral1/memory/2804-2217-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2752-2160-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2848-2121-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2836-2084-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2332-2019-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2336-1953-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2780-1888-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/1732-1792-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2320-1692-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/files/0x000500000001952b-129.dat	upx
behavioral1/files/0x0005000000019520-125.dat	upx
behavioral1/files/0x0005000000019518-121.dat	upx
behavioral1/files/0x0005000000019508-113.dat	upx
behavioral1/files/0x0005000000019502-109.dat	upx
behavioral1/files/0x00050000000194e1-105.dat	upx
behavioral1/files/0x00050000000194d5-101.dat	upx
behavioral1/files/0x00050000000194c3-97.dat	upx
behavioral1/files/0x0005000000019428-89.dat	upx
behavioral1/files/0x0005000000019426-85.dat	upx
behavioral1/files/0x00050000000193dc-77.dat	upx
behavioral1/files/0x00050000000193cc-69.dat	upx
behavioral1/files/0x000500000001938e-61.dat	upx
behavioral1/files/0x0005000000019358-57.dat	upx
behavioral1/files/0x0005000000019354-53.dat	upx
behavioral1/files/0x00050000000192a1-49.dat	upx
behavioral1/files/0x0005000000019299-45.dat	upx
behavioral1/files/0x000500000001927a-41.dat	upx
behavioral1/files/0x0005000000019274-37.dat	upx
behavioral1/files/0x0011000000018683-25.dat	upx
behavioral1/memory/2752-3881-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/3068-3870-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/1732-3889-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2336-3888-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2836-3887-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2320-3907-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2780-3908-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2804-3914-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2332-3922-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2848-3921-0x000000013F700000-0x000000013FA54000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\MMrmdlP.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YZJgfjY.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DXOOSzk.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XxkgdYf.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TvnwDGY.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MTRUmfA.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WuJbcgq.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pOVDPAa.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\akTFgOl.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HRYwckM.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yWPLUgh.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eiBvtSQ.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uWLTCcg.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\znupbqN.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pWQCLQy.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AGwIZkB.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gfqxUcb.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xZzzGYy.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VkxqIDt.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XQBNjct.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rKyTkHB.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yGOsQHU.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aPhZZPb.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IYVlqEl.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FWDpxTV.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sLXgvko.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PJHlsKX.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aWtWPjO.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ryoycPd.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gsAzAab.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HiNBLDS.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XnqWwHb.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zcYFUwX.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kGhyLbH.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\esUNomc.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IPbqmAV.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vroLwHt.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jkrdWzW.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KdiRvvQ.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RrYohXv.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eDfqHHJ.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JqkXQSr.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fyzlemP.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hzsCVJW.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZpHBBKk.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RHBVStK.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nJTDePB.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gedttir.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IQDnyBv.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BtpvUPD.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\doeHkhS.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XQZhuJE.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qvjKNJY.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DrgTBGQ.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tDpBent.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EmtUOaF.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PaSBmAV.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AiaAqCj.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ahpRIQQ.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CaNHTYu.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NUlmWIH.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ELnNoTZ.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rklediL.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AUgQumQ.exe	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 348	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3068 wrote to memory of 348	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3068 wrote to memory of 348	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3068 wrote to memory of 2320	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3068 wrote to memory of 2320	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3068 wrote to memory of 2320	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3068 wrote to memory of 1732	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3068 wrote to memory of 1732	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3068 wrote to memory of 1732	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3068 wrote to memory of 2780	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3068 wrote to memory of 2780	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3068 wrote to memory of 2780	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3068 wrote to memory of 2336	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3068 wrote to memory of 2336	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3068 wrote to memory of 2336	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3068 wrote to memory of 2332	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3068 wrote to memory of 2332	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3068 wrote to memory of 2332	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3068 wrote to memory of 2836	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3068 wrote to memory of 2836	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3068 wrote to memory of 2836	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3068 wrote to memory of 2848	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3068 wrote to memory of 2848	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3068 wrote to memory of 2848	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3068 wrote to memory of 2752	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3068 wrote to memory of 2752	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3068 wrote to memory of 2752	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3068 wrote to memory of 2804	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3068 wrote to memory of 2804	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3068 wrote to memory of 2804	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3068 wrote to memory of 2812	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3068 wrote to memory of 2812	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3068 wrote to memory of 2812	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3068 wrote to memory of 2408	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3068 wrote to memory of 2408	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3068 wrote to memory of 2408	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3068 wrote to memory of 2316	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3068 wrote to memory of 2316	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3068 wrote to memory of 2316	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3068 wrote to memory of 2764	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3068 wrote to memory of 2764	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3068 wrote to memory of 2764	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3068 wrote to memory of 2596	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3068 wrote to memory of 2596	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3068 wrote to memory of 2596	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3068 wrote to memory of 2644	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3068 wrote to memory of 2644	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3068 wrote to memory of 2644	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3068 wrote to memory of 2556	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3068 wrote to memory of 2556	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3068 wrote to memory of 2556	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3068 wrote to memory of 2224	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3068 wrote to memory of 2224	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3068 wrote to memory of 2224	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3068 wrote to memory of 1428	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3068 wrote to memory of 1428	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3068 wrote to memory of 1428	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3068 wrote to memory of 320	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3068 wrote to memory of 320	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3068 wrote to memory of 320	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3068 wrote to memory of 532	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3068 wrote to memory of 532	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3068 wrote to memory of 532	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3068 wrote to memory of 2800	3068	2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-19_9774893a8f72b2d37a82ff3ab8debdb8_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Windows\System\XDljAva.exe
  C:\Windows\System\XDljAva.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\eDfqHHJ.exe
  C:\Windows\System\eDfqHHJ.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\xonbpxS.exe
  C:\Windows\System\xonbpxS.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\GXbSVOg.exe
  C:\Windows\System\GXbSVOg.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\lzWQZcm.exe
  C:\Windows\System\lzWQZcm.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\mZIUmWU.exe
  C:\Windows\System\mZIUmWU.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\QnFBkBE.exe
  C:\Windows\System\QnFBkBE.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\CNhSahF.exe
  C:\Windows\System\CNhSahF.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\QIaVbEx.exe
  C:\Windows\System\QIaVbEx.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\DpGZATp.exe
  C:\Windows\System\DpGZATp.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\zrrqzYZ.exe
  C:\Windows\System\zrrqzYZ.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\YQNlghC.exe
  C:\Windows\System\YQNlghC.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\CAgjUmz.exe
  C:\Windows\System\CAgjUmz.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\kGiZtZR.exe
  C:\Windows\System\kGiZtZR.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\vpqOkTQ.exe
  C:\Windows\System\vpqOkTQ.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\TAAbeNG.exe
  C:\Windows\System\TAAbeNG.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\PdjZRaJ.exe
  C:\Windows\System\PdjZRaJ.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\TvcrKPc.exe
  C:\Windows\System\TvcrKPc.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\yKPJpay.exe
  C:\Windows\System\yKPJpay.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\oisVVeB.exe
  C:\Windows\System\oisVVeB.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\MMrmdlP.exe
  C:\Windows\System\MMrmdlP.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\BcBZdTj.exe
  C:\Windows\System\BcBZdTj.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\wFtZtOr.exe
  C:\Windows\System\wFtZtOr.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\tqPRhww.exe
  C:\Windows\System\tqPRhww.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\RJdRjwv.exe
  C:\Windows\System\RJdRjwv.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\coIzuKU.exe
  C:\Windows\System\coIzuKU.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\mDFfbmf.exe
  C:\Windows\System\mDFfbmf.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\nAZxjXN.exe
  C:\Windows\System\nAZxjXN.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\DxcOBWi.exe
  C:\Windows\System\DxcOBWi.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\ZCfSNkJ.exe
  C:\Windows\System\ZCfSNkJ.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\lGZEuIg.exe
  C:\Windows\System\lGZEuIg.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\UHElISY.exe
  C:\Windows\System\UHElISY.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\EbEGyln.exe
  C:\Windows\System\EbEGyln.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\cwDMajs.exe
  C:\Windows\System\cwDMajs.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\xYgryqK.exe
  C:\Windows\System\xYgryqK.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\VrHCFCv.exe
  C:\Windows\System\VrHCFCv.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\bfiFkcs.exe
  C:\Windows\System\bfiFkcs.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\kkbAzEv.exe
  C:\Windows\System\kkbAzEv.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\JaMimke.exe
  C:\Windows\System\JaMimke.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\ezpQzHq.exe
  C:\Windows\System\ezpQzHq.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\hzcvPTA.exe
  C:\Windows\System\hzcvPTA.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\jtHCtTq.exe
  C:\Windows\System\jtHCtTq.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\ebYmnTR.exe
  C:\Windows\System\ebYmnTR.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\bimcMcG.exe
  C:\Windows\System\bimcMcG.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\SgzElow.exe
  C:\Windows\System\SgzElow.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\CZjWQeg.exe
  C:\Windows\System\CZjWQeg.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\mBaBCrt.exe
  C:\Windows\System\mBaBCrt.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\SPhamyt.exe
  C:\Windows\System\SPhamyt.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\xLKXjvU.exe
  C:\Windows\System\xLKXjvU.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\tYkJZVm.exe
  C:\Windows\System\tYkJZVm.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\rLeXrrZ.exe
  C:\Windows\System\rLeXrrZ.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\EtdmPuD.exe
  C:\Windows\System\EtdmPuD.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\ugYhglL.exe
  C:\Windows\System\ugYhglL.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\JMkVPIC.exe
  C:\Windows\System\JMkVPIC.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\CssJMsO.exe
  C:\Windows\System\CssJMsO.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\lUxcZNo.exe
  C:\Windows\System\lUxcZNo.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\llRWCMx.exe
  C:\Windows\System\llRWCMx.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\GnxlRMi.exe
  C:\Windows\System\GnxlRMi.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\kHGDlbZ.exe
  C:\Windows\System\kHGDlbZ.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\mvoYxCp.exe
  C:\Windows\System\mvoYxCp.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\rgogdmG.exe
  C:\Windows\System\rgogdmG.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\ROdSdQS.exe
  C:\Windows\System\ROdSdQS.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\YIprQba.exe
  C:\Windows\System\YIprQba.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\znupbqN.exe
  C:\Windows\System\znupbqN.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\svXhtHo.exe
  C:\Windows\System\svXhtHo.exe
  2⤵
  PID:1748
- C:\Windows\System\vWiAqEl.exe
  C:\Windows\System\vWiAqEl.exe
  2⤵
  PID:564
- C:\Windows\System\TMcpDZI.exe
  C:\Windows\System\TMcpDZI.exe
  2⤵
  PID:864
- C:\Windows\System\yozurSK.exe
  C:\Windows\System\yozurSK.exe
  2⤵
  PID:2680
- C:\Windows\System\qRkrTIq.exe
  C:\Windows\System\qRkrTIq.exe
  2⤵
  PID:2564
- C:\Windows\System\aLXlmiE.exe
  C:\Windows\System\aLXlmiE.exe
  2⤵
  PID:2348
- C:\Windows\System\Hobscbp.exe
  C:\Windows\System\Hobscbp.exe
  2⤵
  PID:1600
- C:\Windows\System\JTDmJBo.exe
  C:\Windows\System\JTDmJBo.exe
  2⤵
  PID:2368
- C:\Windows\System\SrXetML.exe
  C:\Windows\System\SrXetML.exe
  2⤵
  PID:2172
- C:\Windows\System\pWQCLQy.exe
  C:\Windows\System\pWQCLQy.exe
  2⤵
  PID:1300
- C:\Windows\System\iScuBxb.exe
  C:\Windows\System\iScuBxb.exe
  2⤵
  PID:2736
- C:\Windows\System\xGfnjfc.exe
  C:\Windows\System\xGfnjfc.exe
  2⤵
  PID:3032
- C:\Windows\System\LYVTBuD.exe
  C:\Windows\System\LYVTBuD.exe
  2⤵
  PID:284
- C:\Windows\System\ElrRppw.exe
  C:\Windows\System\ElrRppw.exe
  2⤵
  PID:2864
- C:\Windows\System\aCZDvpX.exe
  C:\Windows\System\aCZDvpX.exe
  2⤵
  PID:2652
- C:\Windows\System\rTvzyYI.exe
  C:\Windows\System\rTvzyYI.exe
  2⤵
  PID:2628
- C:\Windows\System\YavcxWX.exe
  C:\Windows\System\YavcxWX.exe
  2⤵
  PID:568
- C:\Windows\System\PoDTqmH.exe
  C:\Windows\System\PoDTqmH.exe
  2⤵
  PID:2308
- C:\Windows\System\MpPcOup.exe
  C:\Windows\System\MpPcOup.exe
  2⤵
  PID:2664
- C:\Windows\System\CVFpIZq.exe
  C:\Windows\System\CVFpIZq.exe
  2⤵
  PID:2004
- C:\Windows\System\PipjTmZ.exe
  C:\Windows\System\PipjTmZ.exe
  2⤵
  PID:1976
- C:\Windows\System\VqGsEwD.exe
  C:\Windows\System\VqGsEwD.exe
  2⤵
  PID:1908
- C:\Windows\System\wrubMWp.exe
  C:\Windows\System\wrubMWp.exe
  2⤵
  PID:2772
- C:\Windows\System\GVNIpKL.exe
  C:\Windows\System\GVNIpKL.exe
  2⤵
  PID:2160
- C:\Windows\System\wpVIQfe.exe
  C:\Windows\System\wpVIQfe.exe
  2⤵
  PID:2140
- C:\Windows\System\VCIkvBB.exe
  C:\Windows\System\VCIkvBB.exe
  2⤵
  PID:2272
- C:\Windows\System\sQzqHya.exe
  C:\Windows\System\sQzqHya.exe
  2⤵
  PID:2948
- C:\Windows\System\tzGydHw.exe
  C:\Windows\System\tzGydHw.exe
  2⤵
  PID:448
- C:\Windows\System\eOJVnAd.exe
  C:\Windows\System\eOJVnAd.exe
  2⤵
  PID:2576
- C:\Windows\System\qYHtRLN.exe
  C:\Windows\System\qYHtRLN.exe
  2⤵
  PID:948
- C:\Windows\System\jNLGDDj.exe
  C:\Windows\System\jNLGDDj.exe
  2⤵
  PID:1864
- C:\Windows\System\yuDilpc.exe
  C:\Windows\System\yuDilpc.exe
  2⤵
  PID:2492
- C:\Windows\System\XCrBGps.exe
  C:\Windows\System\XCrBGps.exe
  2⤵
  PID:1624
- C:\Windows\System\ggUZtBI.exe
  C:\Windows\System\ggUZtBI.exe
  2⤵
  PID:1632
- C:\Windows\System\aYUYsrE.exe
  C:\Windows\System\aYUYsrE.exe
  2⤵
  PID:760
- C:\Windows\System\iIVwCpt.exe
  C:\Windows\System\iIVwCpt.exe
  2⤵
  PID:1764
- C:\Windows\System\VnVREkC.exe
  C:\Windows\System\VnVREkC.exe
  2⤵
  PID:2260
- C:\Windows\System\mpEnKka.exe
  C:\Windows\System\mpEnKka.exe
  2⤵
  PID:1512
- C:\Windows\System\PIDRahH.exe
  C:\Windows\System\PIDRahH.exe
  2⤵
  PID:1796
- C:\Windows\System\vFenBxe.exe
  C:\Windows\System\vFenBxe.exe
  2⤵
  PID:964
- C:\Windows\System\bDgHxXz.exe
  C:\Windows\System\bDgHxXz.exe
  2⤵
  PID:296
- C:\Windows\System\xcedaLl.exe
  C:\Windows\System\xcedaLl.exe
  2⤵
  PID:2248
- C:\Windows\System\xMqaOPC.exe
  C:\Windows\System\xMqaOPC.exe
  2⤵
  PID:1820
- C:\Windows\System\QBhCzsp.exe
  C:\Windows\System\QBhCzsp.exe
  2⤵
  PID:1608
- C:\Windows\System\BYLHhRw.exe
  C:\Windows\System\BYLHhRw.exe
  2⤵
  PID:1492
- C:\Windows\System\aewKdZQ.exe
  C:\Windows\System\aewKdZQ.exe
  2⤵
  PID:2832
- C:\Windows\System\mSfcENn.exe
  C:\Windows\System\mSfcENn.exe
  2⤵
  PID:2632
- C:\Windows\System\XImWwky.exe
  C:\Windows\System\XImWwky.exe
  2⤵
  PID:2656
- C:\Windows\System\AGwIZkB.exe
  C:\Windows\System\AGwIZkB.exe
  2⤵
  PID:2480
- C:\Windows\System\vlzsUZt.exe
  C:\Windows\System\vlzsUZt.exe
  2⤵
  PID:1268
- C:\Windows\System\UGtgkHI.exe
  C:\Windows\System\UGtgkHI.exe
  2⤵
  PID:1320
- C:\Windows\System\YoAssxW.exe
  C:\Windows\System\YoAssxW.exe
  2⤵
  PID:2964
- C:\Windows\System\xdnfvdz.exe
  C:\Windows\System\xdnfvdz.exe
  2⤵
  PID:3004
- C:\Windows\System\iBLmsWa.exe
  C:\Windows\System\iBLmsWa.exe
  2⤵
  PID:740
- C:\Windows\System\ufmyrjR.exe
  C:\Windows\System\ufmyrjR.exe
  2⤵
  PID:2136
- C:\Windows\System\gfqxUcb.exe
  C:\Windows\System\gfqxUcb.exe
  2⤵
  PID:2692
- C:\Windows\System\UnBGbhS.exe
  C:\Windows\System\UnBGbhS.exe
  2⤵
  PID:1720
- C:\Windows\System\YoavjWq.exe
  C:\Windows\System\YoavjWq.exe
  2⤵
  PID:344
- C:\Windows\System\iatniCq.exe
  C:\Windows\System\iatniCq.exe
  2⤵
  PID:2400
- C:\Windows\System\XgSVfNF.exe
  C:\Windows\System\XgSVfNF.exe
  2⤵
  PID:2196
- C:\Windows\System\VuIhmpg.exe
  C:\Windows\System\VuIhmpg.exe
  2⤵
  PID:3084
- C:\Windows\System\acxoRZf.exe
  C:\Windows\System\acxoRZf.exe
  2⤵
  PID:3100
- C:\Windows\System\lZVDbOI.exe
  C:\Windows\System\lZVDbOI.exe
  2⤵
  PID:3116
- C:\Windows\System\NwKHlhn.exe
  C:\Windows\System\NwKHlhn.exe
  2⤵
  PID:3132
- C:\Windows\System\IxpVLHA.exe
  C:\Windows\System\IxpVLHA.exe
  2⤵
  PID:3148
- C:\Windows\System\RpuzoLZ.exe
  C:\Windows\System\RpuzoLZ.exe
  2⤵
  PID:3164
- C:\Windows\System\egMBtLK.exe
  C:\Windows\System\egMBtLK.exe
  2⤵
  PID:3180
- C:\Windows\System\Nbcbulz.exe
  C:\Windows\System\Nbcbulz.exe
  2⤵
  PID:3196
- C:\Windows\System\lcZUIjf.exe
  C:\Windows\System\lcZUIjf.exe
  2⤵
  PID:3212
- C:\Windows\System\lvOSoKy.exe
  C:\Windows\System\lvOSoKy.exe
  2⤵
  PID:3228
- C:\Windows\System\WreedeE.exe
  C:\Windows\System\WreedeE.exe
  2⤵
  PID:3244
- C:\Windows\System\YGbYjfT.exe
  C:\Windows\System\YGbYjfT.exe
  2⤵
  PID:3260
- C:\Windows\System\gsAzAab.exe
  C:\Windows\System\gsAzAab.exe
  2⤵
  PID:3276
- C:\Windows\System\wPxqtLH.exe
  C:\Windows\System\wPxqtLH.exe
  2⤵
  PID:3292
- C:\Windows\System\xZzzGYy.exe
  C:\Windows\System\xZzzGYy.exe
  2⤵
  PID:3308
- C:\Windows\System\pCKMHlo.exe
  C:\Windows\System\pCKMHlo.exe
  2⤵
  PID:3324
- C:\Windows\System\NQEwtli.exe
  C:\Windows\System\NQEwtli.exe
  2⤵
  PID:3340
- C:\Windows\System\gjvMrWB.exe
  C:\Windows\System\gjvMrWB.exe
  2⤵
  PID:3356
- C:\Windows\System\QXBHvXM.exe
  C:\Windows\System\QXBHvXM.exe
  2⤵
  PID:3372
- C:\Windows\System\GmREaOG.exe
  C:\Windows\System\GmREaOG.exe
  2⤵
  PID:3388
- C:\Windows\System\IhfvJwQ.exe
  C:\Windows\System\IhfvJwQ.exe
  2⤵
  PID:3404
- C:\Windows\System\zAYsgzq.exe
  C:\Windows\System\zAYsgzq.exe
  2⤵
  PID:3420
- C:\Windows\System\YZJgfjY.exe
  C:\Windows\System\YZJgfjY.exe
  2⤵
  PID:3436
- C:\Windows\System\XQBNjct.exe
  C:\Windows\System\XQBNjct.exe
  2⤵
  PID:3452
- C:\Windows\System\eVtJwqo.exe
  C:\Windows\System\eVtJwqo.exe
  2⤵
  PID:3468
- C:\Windows\System\cLrrEOi.exe
  C:\Windows\System\cLrrEOi.exe
  2⤵
  PID:3484
- C:\Windows\System\TEQQRIC.exe
  C:\Windows\System\TEQQRIC.exe
  2⤵
  PID:3500
- C:\Windows\System\ERWQQzh.exe
  C:\Windows\System\ERWQQzh.exe
  2⤵
  PID:3516
- C:\Windows\System\HoFknvE.exe
  C:\Windows\System\HoFknvE.exe
  2⤵
  PID:3532
- C:\Windows\System\LZjDbDT.exe
  C:\Windows\System\LZjDbDT.exe
  2⤵
  PID:3548
- C:\Windows\System\jxMTKvt.exe
  C:\Windows\System\jxMTKvt.exe
  2⤵
  PID:3564
- C:\Windows\System\qtACEQS.exe
  C:\Windows\System\qtACEQS.exe
  2⤵
  PID:3580
- C:\Windows\System\vwZFXBc.exe
  C:\Windows\System\vwZFXBc.exe
  2⤵
  PID:3596
- C:\Windows\System\DsfPhis.exe
  C:\Windows\System\DsfPhis.exe
  2⤵
  PID:3612
- C:\Windows\System\JCQIxOY.exe
  C:\Windows\System\JCQIxOY.exe
  2⤵
  PID:3628
- C:\Windows\System\hukYtIE.exe
  C:\Windows\System\hukYtIE.exe
  2⤵
  PID:3644
- C:\Windows\System\IQDnyBv.exe
  C:\Windows\System\IQDnyBv.exe
  2⤵
  PID:3660
- C:\Windows\System\MAYDyWN.exe
  C:\Windows\System\MAYDyWN.exe
  2⤵
  PID:3676
- C:\Windows\System\UZnutre.exe
  C:\Windows\System\UZnutre.exe
  2⤵
  PID:3692
- C:\Windows\System\XDMmHlM.exe
  C:\Windows\System\XDMmHlM.exe
  2⤵
  PID:3708
- C:\Windows\System\lEbbjic.exe
  C:\Windows\System\lEbbjic.exe
  2⤵
  PID:3724
- C:\Windows\System\jtFuXBH.exe
  C:\Windows\System\jtFuXBH.exe
  2⤵
  PID:3740
- C:\Windows\System\BtpvUPD.exe
  C:\Windows\System\BtpvUPD.exe
  2⤵
  PID:3756
- C:\Windows\System\FIVQPRh.exe
  C:\Windows\System\FIVQPRh.exe
  2⤵
  PID:3772
- C:\Windows\System\xeZgROk.exe
  C:\Windows\System\xeZgROk.exe
  2⤵
  PID:3788
- C:\Windows\System\tjYZpVV.exe
  C:\Windows\System\tjYZpVV.exe
  2⤵
  PID:3804
- C:\Windows\System\CdOgRxH.exe
  C:\Windows\System\CdOgRxH.exe
  2⤵
  PID:3820
- C:\Windows\System\wmQfrBC.exe
  C:\Windows\System\wmQfrBC.exe
  2⤵
  PID:3836
- C:\Windows\System\uJtfURf.exe
  C:\Windows\System\uJtfURf.exe
  2⤵
  PID:3852
- C:\Windows\System\FyFxbwW.exe
  C:\Windows\System\FyFxbwW.exe
  2⤵
  PID:3868
- C:\Windows\System\yxVOeQP.exe
  C:\Windows\System\yxVOeQP.exe
  2⤵
  PID:3884
- C:\Windows\System\yWMshJe.exe
  C:\Windows\System\yWMshJe.exe
  2⤵
  PID:3900
- C:\Windows\System\NgKBIyl.exe
  C:\Windows\System\NgKBIyl.exe
  2⤵
  PID:3916
- C:\Windows\System\SqrYyYA.exe
  C:\Windows\System\SqrYyYA.exe
  2⤵
  PID:3932
- C:\Windows\System\TOuXvaE.exe
  C:\Windows\System\TOuXvaE.exe
  2⤵
  PID:3948
- C:\Windows\System\qJSOeos.exe
  C:\Windows\System\qJSOeos.exe
  2⤵
  PID:3964
- C:\Windows\System\ySsiqIv.exe
  C:\Windows\System\ySsiqIv.exe
  2⤵
  PID:3980
- C:\Windows\System\TxWjnQH.exe
  C:\Windows\System\TxWjnQH.exe
  2⤵
  PID:3996
- C:\Windows\System\lRsXAGz.exe
  C:\Windows\System\lRsXAGz.exe
  2⤵
  PID:4012
- C:\Windows\System\pbZgLiJ.exe
  C:\Windows\System\pbZgLiJ.exe
  2⤵
  PID:4028
- C:\Windows\System\ifNJifI.exe
  C:\Windows\System\ifNJifI.exe
  2⤵
  PID:4044
- C:\Windows\System\iGiuFEB.exe
  C:\Windows\System\iGiuFEB.exe
  2⤵
  PID:4060
- C:\Windows\System\yKntvrb.exe
  C:\Windows\System\yKntvrb.exe
  2⤵
  PID:4076
- C:\Windows\System\wjAVbMn.exe
  C:\Windows\System\wjAVbMn.exe
  2⤵
  PID:4092
- C:\Windows\System\YInMGrY.exe
  C:\Windows\System\YInMGrY.exe
  2⤵
  PID:2472
- C:\Windows\System\ymoqKmr.exe
  C:\Windows\System\ymoqKmr.exe
  2⤵
  PID:1868
- C:\Windows\System\oakzQSs.exe
  C:\Windows\System\oakzQSs.exe
  2⤵
  PID:3024
- C:\Windows\System\JGMGvmq.exe
  C:\Windows\System\JGMGvmq.exe
  2⤵
  PID:1784
- C:\Windows\System\fKfOLsK.exe
  C:\Windows\System\fKfOLsK.exe
  2⤵
  PID:1992
- C:\Windows\System\IutMVqO.exe
  C:\Windows\System\IutMVqO.exe
  2⤵
  PID:2984
- C:\Windows\System\vFauZnY.exe
  C:\Windows\System\vFauZnY.exe
  2⤵
  PID:1812
- C:\Windows\System\YqEGqGF.exe
  C:\Windows\System\YqEGqGF.exe
  2⤵
  PID:1844
- C:\Windows\System\JbbLoYf.exe
  C:\Windows\System\JbbLoYf.exe
  2⤵
  PID:2528
- C:\Windows\System\XuVGzLa.exe
  C:\Windows\System\XuVGzLa.exe
  2⤵
  PID:3076
- C:\Windows\System\fxZoPWx.exe
  C:\Windows\System\fxZoPWx.exe
  2⤵
  PID:3096
- C:\Windows\System\tBlfJJn.exe
  C:\Windows\System\tBlfJJn.exe
  2⤵
  PID:3140
- C:\Windows\System\NkkTgwh.exe
  C:\Windows\System\NkkTgwh.exe
  2⤵
  PID:3172
- C:\Windows\System\wAgailt.exe
  C:\Windows\System\wAgailt.exe
  2⤵
  PID:3204
- C:\Windows\System\agwqSCu.exe
  C:\Windows\System\agwqSCu.exe
  2⤵
  PID:3236
- C:\Windows\System\JZtxrAO.exe
  C:\Windows\System\JZtxrAO.exe
  2⤵
  PID:3268
- C:\Windows\System\MRdLIOz.exe
  C:\Windows\System\MRdLIOz.exe
  2⤵
  PID:3300
- C:\Windows\System\TooTiPA.exe
  C:\Windows\System\TooTiPA.exe
  2⤵
  PID:3332
- C:\Windows\System\JqkXQSr.exe
  C:\Windows\System\JqkXQSr.exe
  2⤵
  PID:3364
- C:\Windows\System\dOMbpmp.exe
  C:\Windows\System\dOMbpmp.exe
  2⤵
  PID:3396
- C:\Windows\System\fyzlemP.exe
  C:\Windows\System\fyzlemP.exe
  2⤵
  PID:3444
- C:\Windows\System\IiwEWHa.exe
  C:\Windows\System\IiwEWHa.exe
  2⤵
  PID:3476
- C:\Windows\System\dxBJaYb.exe
  C:\Windows\System\dxBJaYb.exe
  2⤵
  PID:3508
- C:\Windows\System\DpilsvS.exe
  C:\Windows\System\DpilsvS.exe
  2⤵
  PID:3524
- C:\Windows\System\bwfZYcq.exe
  C:\Windows\System\bwfZYcq.exe
  2⤵
  PID:3572
- C:\Windows\System\uqgtJsW.exe
  C:\Windows\System\uqgtJsW.exe
  2⤵
  PID:3588
- C:\Windows\System\OMyJWmM.exe
  C:\Windows\System\OMyJWmM.exe
  2⤵
  PID:3620
- C:\Windows\System\HBYVmxg.exe
  C:\Windows\System\HBYVmxg.exe
  2⤵
  PID:3652
- C:\Windows\System\QVFPWHn.exe
  C:\Windows\System\QVFPWHn.exe
  2⤵
  PID:3700
- C:\Windows\System\uZTXGsM.exe
  C:\Windows\System\uZTXGsM.exe
  2⤵
  PID:3716
- C:\Windows\System\fzqdEUc.exe
  C:\Windows\System\fzqdEUc.exe
  2⤵
  PID:3748
- C:\Windows\System\WeKyQlp.exe
  C:\Windows\System\WeKyQlp.exe
  2⤵
  PID:3796
- C:\Windows\System\ECLubIz.exe
  C:\Windows\System\ECLubIz.exe
  2⤵
  PID:3812
- C:\Windows\System\PCGlPVA.exe
  C:\Windows\System\PCGlPVA.exe
  2⤵
  PID:3844
- C:\Windows\System\Gxqmwzk.exe
  C:\Windows\System\Gxqmwzk.exe
  2⤵
  PID:3876
- C:\Windows\System\mOvZrlA.exe
  C:\Windows\System\mOvZrlA.exe
  2⤵
  PID:3908
- C:\Windows\System\dAnBUyo.exe
  C:\Windows\System\dAnBUyo.exe
  2⤵
  PID:3940
- C:\Windows\System\aoeqnCV.exe
  C:\Windows\System\aoeqnCV.exe
  2⤵
  PID:3972
- C:\Windows\System\DiUjRBp.exe
  C:\Windows\System\DiUjRBp.exe
  2⤵
  PID:4004
- C:\Windows\System\rkqzyye.exe
  C:\Windows\System\rkqzyye.exe
  2⤵
  PID:4036
- C:\Windows\System\NGCDhKr.exe
  C:\Windows\System\NGCDhKr.exe
  2⤵
  PID:4068
- C:\Windows\System\SriEsOi.exe
  C:\Windows\System\SriEsOi.exe
  2⤵
  PID:2416
- C:\Windows\System\OYUlPJi.exe
  C:\Windows\System\OYUlPJi.exe
  2⤵
  PID:2820
- C:\Windows\System\QMCyETB.exe
  C:\Windows\System\QMCyETB.exe
  2⤵
  PID:1932
- C:\Windows\System\dzGoRbL.exe
  C:\Windows\System\dzGoRbL.exe
  2⤵
  PID:1852
- C:\Windows\System\lTQCEnU.exe
  C:\Windows\System\lTQCEnU.exe
  2⤵
  PID:1304
- C:\Windows\System\HTJwnSR.exe
  C:\Windows\System\HTJwnSR.exe
  2⤵
  PID:3080
- C:\Windows\System\rKyTkHB.exe
  C:\Windows\System\rKyTkHB.exe
  2⤵
  PID:3188
- C:\Windows\System\DSRNros.exe
  C:\Windows\System\DSRNros.exe
  2⤵
  PID:3208
- C:\Windows\System\EwuoyQG.exe
  C:\Windows\System\EwuoyQG.exe
  2⤵
  PID:3284
- C:\Windows\System\pQyHSjZ.exe
  C:\Windows\System\pQyHSjZ.exe
  2⤵
  PID:3336
- C:\Windows\System\mcJgSJu.exe
  C:\Windows\System\mcJgSJu.exe
  2⤵
  PID:3432
- C:\Windows\System\KpchcgS.exe
  C:\Windows\System\KpchcgS.exe
  2⤵
  PID:3464
- C:\Windows\System\ygeashn.exe
  C:\Windows\System\ygeashn.exe
  2⤵
  PID:3528
- C:\Windows\System\yiBbycr.exe
  C:\Windows\System\yiBbycr.exe
  2⤵
  PID:3592
- C:\Windows\System\QaFbJsJ.exe
  C:\Windows\System\QaFbJsJ.exe
  2⤵
  PID:3668
- C:\Windows\System\DcPbgNY.exe
  C:\Windows\System\DcPbgNY.exe
  2⤵
  PID:3720
- C:\Windows\System\iclKeST.exe
  C:\Windows\System\iclKeST.exe
  2⤵
  PID:3784
- C:\Windows\System\jqCAmyK.exe
  C:\Windows\System\jqCAmyK.exe
  2⤵
  PID:3848
- C:\Windows\System\bQnspeA.exe
  C:\Windows\System\bQnspeA.exe
  2⤵
  PID:3912
- C:\Windows\System\EmtUOaF.exe
  C:\Windows\System\EmtUOaF.exe
  2⤵
  PID:3976
- C:\Windows\System\SwzjtUR.exe
  C:\Windows\System\SwzjtUR.exe
  2⤵
  PID:4104
- C:\Windows\System\qqrQWTg.exe
  C:\Windows\System\qqrQWTg.exe
  2⤵
  PID:4120
- C:\Windows\System\sRCEAnk.exe
  C:\Windows\System\sRCEAnk.exe
  2⤵
  PID:4136
- C:\Windows\System\YWcAGvH.exe
  C:\Windows\System\YWcAGvH.exe
  2⤵
  PID:4152
- C:\Windows\System\hRMYJws.exe
  C:\Windows\System\hRMYJws.exe
  2⤵
  PID:4168
- C:\Windows\System\rdoOufz.exe
  C:\Windows\System\rdoOufz.exe
  2⤵
  PID:4184
- C:\Windows\System\SEQDbHc.exe
  C:\Windows\System\SEQDbHc.exe
  2⤵
  PID:4200
- C:\Windows\System\eNJizFe.exe
  C:\Windows\System\eNJizFe.exe
  2⤵
  PID:4216
- C:\Windows\System\xvmmpXm.exe
  C:\Windows\System\xvmmpXm.exe
  2⤵
  PID:4232
- C:\Windows\System\NjuJxnv.exe
  C:\Windows\System\NjuJxnv.exe
  2⤵
  PID:4248
- C:\Windows\System\drZCsrq.exe
  C:\Windows\System\drZCsrq.exe
  2⤵
  PID:4264
- C:\Windows\System\RvojEQb.exe
  C:\Windows\System\RvojEQb.exe
  2⤵
  PID:4280
- C:\Windows\System\UbsujZN.exe
  C:\Windows\System\UbsujZN.exe
  2⤵
  PID:4296
- C:\Windows\System\oSIinTI.exe
  C:\Windows\System\oSIinTI.exe
  2⤵
  PID:4312
- C:\Windows\System\vtREplf.exe
  C:\Windows\System\vtREplf.exe
  2⤵
  PID:4328
- C:\Windows\System\xqNuFLq.exe
  C:\Windows\System\xqNuFLq.exe
  2⤵
  PID:4344
- C:\Windows\System\pCFdquy.exe
  C:\Windows\System\pCFdquy.exe
  2⤵
  PID:4360
- C:\Windows\System\wVYiayV.exe
  C:\Windows\System\wVYiayV.exe
  2⤵
  PID:4376
- C:\Windows\System\MOMChwy.exe
  C:\Windows\System\MOMChwy.exe
  2⤵
  PID:4392
- C:\Windows\System\kzhgiKH.exe
  C:\Windows\System\kzhgiKH.exe
  2⤵
  PID:4408
- C:\Windows\System\lcxmVGR.exe
  C:\Windows\System\lcxmVGR.exe
  2⤵
  PID:4424
- C:\Windows\System\dfECLyg.exe
  C:\Windows\System\dfECLyg.exe
  2⤵
  PID:4440
- C:\Windows\System\ZvaXART.exe
  C:\Windows\System\ZvaXART.exe
  2⤵
  PID:4456
- C:\Windows\System\lOTDBMj.exe
  C:\Windows\System\lOTDBMj.exe
  2⤵
  PID:4472
- C:\Windows\System\bUZAjyl.exe
  C:\Windows\System\bUZAjyl.exe
  2⤵
  PID:4488
- C:\Windows\System\rmLVYvb.exe
  C:\Windows\System\rmLVYvb.exe
  2⤵
  PID:4504
- C:\Windows\System\OAfISrF.exe
  C:\Windows\System\OAfISrF.exe
  2⤵
  PID:4520
- C:\Windows\System\CcMvkMs.exe
  C:\Windows\System\CcMvkMs.exe
  2⤵
  PID:4536
- C:\Windows\System\nghPPPB.exe
  C:\Windows\System\nghPPPB.exe
  2⤵
  PID:4552
- C:\Windows\System\TeEWxMJ.exe
  C:\Windows\System\TeEWxMJ.exe
  2⤵
  PID:4568
- C:\Windows\System\HiNBLDS.exe
  C:\Windows\System\HiNBLDS.exe
  2⤵
  PID:4584
- C:\Windows\System\VmRFywp.exe
  C:\Windows\System\VmRFywp.exe
  2⤵
  PID:4600
- C:\Windows\System\WVqRoPG.exe
  C:\Windows\System\WVqRoPG.exe
  2⤵
  PID:4616
- C:\Windows\System\MOvpprr.exe
  C:\Windows\System\MOvpprr.exe
  2⤵
  PID:4632
- C:\Windows\System\GhcJBLr.exe
  C:\Windows\System\GhcJBLr.exe
  2⤵
  PID:4648
- C:\Windows\System\PhGhyOW.exe
  C:\Windows\System\PhGhyOW.exe
  2⤵
  PID:4664
- C:\Windows\System\FreDLGL.exe
  C:\Windows\System\FreDLGL.exe
  2⤵
  PID:4680
- C:\Windows\System\CkbTtLG.exe
  C:\Windows\System\CkbTtLG.exe
  2⤵
  PID:4696
- C:\Windows\System\zykHpYN.exe
  C:\Windows\System\zykHpYN.exe
  2⤵
  PID:4712
- C:\Windows\System\ZasTjQv.exe
  C:\Windows\System\ZasTjQv.exe
  2⤵
  PID:4728
- C:\Windows\System\VJmHPMN.exe
  C:\Windows\System\VJmHPMN.exe
  2⤵
  PID:4744
- C:\Windows\System\jAPooFj.exe
  C:\Windows\System\jAPooFj.exe
  2⤵
  PID:4760
- C:\Windows\System\CkhhOjp.exe
  C:\Windows\System\CkhhOjp.exe
  2⤵
  PID:4776
- C:\Windows\System\CMYYKOR.exe
  C:\Windows\System\CMYYKOR.exe
  2⤵
  PID:4792
- C:\Windows\System\BbjJTgX.exe
  C:\Windows\System\BbjJTgX.exe
  2⤵
  PID:4808
- C:\Windows\System\HWfTHLm.exe
  C:\Windows\System\HWfTHLm.exe
  2⤵
  PID:4824
- C:\Windows\System\hEFCYBN.exe
  C:\Windows\System\hEFCYBN.exe
  2⤵
  PID:4840
- C:\Windows\System\FTTXzgU.exe
  C:\Windows\System\FTTXzgU.exe
  2⤵
  PID:4856
- C:\Windows\System\DXOOSzk.exe
  C:\Windows\System\DXOOSzk.exe
  2⤵
  PID:4872
- C:\Windows\System\WihhwiO.exe
  C:\Windows\System\WihhwiO.exe
  2⤵
  PID:4888
- C:\Windows\System\mViMLJi.exe
  C:\Windows\System\mViMLJi.exe
  2⤵
  PID:4904
- C:\Windows\System\qQPttBo.exe
  C:\Windows\System\qQPttBo.exe
  2⤵
  PID:4920
- C:\Windows\System\FNLWHwZ.exe
  C:\Windows\System\FNLWHwZ.exe
  2⤵
  PID:4936
- C:\Windows\System\vZoUnbd.exe
  C:\Windows\System\vZoUnbd.exe
  2⤵
  PID:4952
- C:\Windows\System\LrbtObf.exe
  C:\Windows\System\LrbtObf.exe
  2⤵
  PID:4968
- C:\Windows\System\hpuYBDi.exe
  C:\Windows\System\hpuYBDi.exe
  2⤵
  PID:4984
- C:\Windows\System\nqOSIdf.exe
  C:\Windows\System\nqOSIdf.exe
  2⤵
  PID:5000
- C:\Windows\System\GTrVkUL.exe
  C:\Windows\System\GTrVkUL.exe
  2⤵
  PID:5016
- C:\Windows\System\FNIMacX.exe
  C:\Windows\System\FNIMacX.exe
  2⤵
  PID:5032
- C:\Windows\System\CuJqslw.exe
  C:\Windows\System\CuJqslw.exe
  2⤵
  PID:5048
- C:\Windows\System\VGUifCp.exe
  C:\Windows\System\VGUifCp.exe
  2⤵
  PID:5064
- C:\Windows\System\seEluXc.exe
  C:\Windows\System\seEluXc.exe
  2⤵
  PID:5080
- C:\Windows\System\BFDrKJD.exe
  C:\Windows\System\BFDrKJD.exe
  2⤵
  PID:5096
- C:\Windows\System\kIZDfJg.exe
  C:\Windows\System\kIZDfJg.exe
  2⤵
  PID:5112
- C:\Windows\System\bifmlWY.exe
  C:\Windows\System\bifmlWY.exe
  2⤵
  PID:4072
- C:\Windows\System\cXZgRNd.exe
  C:\Windows\System\cXZgRNd.exe
  2⤵
  PID:1680
- C:\Windows\System\XxkgdYf.exe
  C:\Windows\System\XxkgdYf.exe
  2⤵
  PID:1552
- C:\Windows\System\NGuKYuC.exe
  C:\Windows\System\NGuKYuC.exe
  2⤵
  PID:3108
- C:\Windows\System\vcctUOg.exe
  C:\Windows\System\vcctUOg.exe
  2⤵
  PID:3240
- C:\Windows\System\YaYJFYI.exe
  C:\Windows\System\YaYJFYI.exe
  2⤵
  PID:3352
- C:\Windows\System\AUumOCj.exe
  C:\Windows\System\AUumOCj.exe
  2⤵
  PID:3512
- C:\Windows\System\jLvmUnQ.exe
  C:\Windows\System\jLvmUnQ.exe
  2⤵
  PID:3608
- C:\Windows\System\mEGqcDP.exe
  C:\Windows\System\mEGqcDP.exe
  2⤵
  PID:3736
- C:\Windows\System\bZUdQZx.exe
  C:\Windows\System\bZUdQZx.exe
  2⤵
  PID:3864
- C:\Windows\System\uOqgCgF.exe
  C:\Windows\System\uOqgCgF.exe
  2⤵
  PID:3992
- C:\Windows\System\rEzZajY.exe
  C:\Windows\System\rEzZajY.exe
  2⤵
  PID:4116
- C:\Windows\System\FzHaoUF.exe
  C:\Windows\System\FzHaoUF.exe
  2⤵
  PID:4160
- C:\Windows\System\QBDnDoC.exe
  C:\Windows\System\QBDnDoC.exe
  2⤵
  PID:4176
- C:\Windows\System\SpnXdnv.exe
  C:\Windows\System\SpnXdnv.exe
  2⤵
  PID:4212
- C:\Windows\System\UYWOzKQ.exe
  C:\Windows\System\UYWOzKQ.exe
  2⤵
  PID:4256
- C:\Windows\System\XVQtiBY.exe
  C:\Windows\System\XVQtiBY.exe
  2⤵
  PID:4288
- C:\Windows\System\nmVMcNM.exe
  C:\Windows\System\nmVMcNM.exe
  2⤵
  PID:4320
- C:\Windows\System\pXrmUNV.exe
  C:\Windows\System\pXrmUNV.exe
  2⤵
  PID:4340
- C:\Windows\System\lNunXhr.exe
  C:\Windows\System\lNunXhr.exe
  2⤵
  PID:4372
- C:\Windows\System\iOCAOgR.exe
  C:\Windows\System\iOCAOgR.exe
  2⤵
  PID:4416
- C:\Windows\System\VAMtqWs.exe
  C:\Windows\System\VAMtqWs.exe
  2⤵
  PID:4436
- C:\Windows\System\qkGBlfS.exe
  C:\Windows\System\qkGBlfS.exe
  2⤵
  PID:4480
- C:\Windows\System\mhsJlsu.exe
  C:\Windows\System\mhsJlsu.exe
  2⤵
  PID:4500
- C:\Windows\System\imxXLDB.exe
  C:\Windows\System\imxXLDB.exe
  2⤵
  PID:4544
- C:\Windows\System\SLQCmMP.exe
  C:\Windows\System\SLQCmMP.exe
  2⤵
  PID:4576
- C:\Windows\System\BDEzdMG.exe
  C:\Windows\System\BDEzdMG.exe
  2⤵
  PID:4608
- C:\Windows\System\ZFyniYH.exe
  C:\Windows\System\ZFyniYH.exe
  2⤵
  PID:4640
- C:\Windows\System\clrMquC.exe
  C:\Windows\System\clrMquC.exe
  2⤵
  PID:4672
- C:\Windows\System\gLOKpcI.exe
  C:\Windows\System\gLOKpcI.exe
  2⤵
  PID:4704
- C:\Windows\System\lEASIfx.exe
  C:\Windows\System\lEASIfx.exe
  2⤵
  PID:4736
- C:\Windows\System\xYpQkJF.exe
  C:\Windows\System\xYpQkJF.exe
  2⤵
  PID:4768
- C:\Windows\System\kiewphg.exe
  C:\Windows\System\kiewphg.exe
  2⤵
  PID:4800
- C:\Windows\System\fhOChta.exe
  C:\Windows\System\fhOChta.exe
  2⤵
  PID:4820
- C:\Windows\System\UuqcAZf.exe
  C:\Windows\System\UuqcAZf.exe
  2⤵
  PID:4864
- C:\Windows\System\WgkyAyW.exe
  C:\Windows\System\WgkyAyW.exe
  2⤵
  PID:4896
- C:\Windows\System\TvnwDGY.exe
  C:\Windows\System\TvnwDGY.exe
  2⤵
  PID:4928
- C:\Windows\System\xkFQXlK.exe
  C:\Windows\System\xkFQXlK.exe
  2⤵
  PID:4960
- C:\Windows\System\OgrqqLV.exe
  C:\Windows\System\OgrqqLV.exe
  2⤵
  PID:4992
- C:\Windows\System\wQAVjKJ.exe
  C:\Windows\System\wQAVjKJ.exe
  2⤵
  PID:5012
- C:\Windows\System\hzsCVJW.exe
  C:\Windows\System\hzsCVJW.exe
  2⤵
  PID:5056
- C:\Windows\System\ZSgQzRG.exe
  C:\Windows\System\ZSgQzRG.exe
  2⤵
  PID:5088
- C:\Windows\System\AzwpYxP.exe
  C:\Windows\System\AzwpYxP.exe
  2⤵
  PID:4024
- C:\Windows\System\RnsDKkU.exe
  C:\Windows\System\RnsDKkU.exe
  2⤵
  PID:2768
- C:\Windows\System\XXJveHO.exe
  C:\Windows\System\XXJveHO.exe
  2⤵
  PID:3128
- C:\Windows\System\yGOsQHU.exe
  C:\Windows\System\yGOsQHU.exe
  2⤵
  PID:3384
- C:\Windows\System\SUDzQMB.exe
  C:\Windows\System\SUDzQMB.exe
  2⤵
  PID:3640
- C:\Windows\System\DpMuuqs.exe
  C:\Windows\System\DpMuuqs.exe
  2⤵
  PID:3832
- C:\Windows\System\ikaCjdo.exe
  C:\Windows\System\ikaCjdo.exe
  2⤵
  PID:4132
- C:\Windows\System\NxgQQcX.exe
  C:\Windows\System\NxgQQcX.exe
  2⤵
  PID:4196
- C:\Windows\System\nzVMOrG.exe
  C:\Windows\System\nzVMOrG.exe
  2⤵
  PID:4260
- C:\Windows\System\eXgOSlU.exe
  C:\Windows\System\eXgOSlU.exe
  2⤵
  PID:4324
- C:\Windows\System\KEkkstd.exe
  C:\Windows\System\KEkkstd.exe
  2⤵
  PID:4388
- C:\Windows\System\AoSZZwI.exe
  C:\Windows\System\AoSZZwI.exe
  2⤵
  PID:4452
- C:\Windows\System\FSAMtoU.exe
  C:\Windows\System\FSAMtoU.exe
  2⤵
  PID:4516
- C:\Windows\System\gfggIyU.exe
  C:\Windows\System\gfggIyU.exe
  2⤵
  PID:4580
- C:\Windows\System\VFJHYEX.exe
  C:\Windows\System\VFJHYEX.exe
  2⤵
  PID:4656
- C:\Windows\System\IFHxajW.exe
  C:\Windows\System\IFHxajW.exe
  2⤵
  PID:4720
- C:\Windows\System\JWblvxT.exe
  C:\Windows\System\JWblvxT.exe
  2⤵
  PID:4784
- C:\Windows\System\KBkikgp.exe
  C:\Windows\System\KBkikgp.exe
  2⤵
  PID:4848
- C:\Windows\System\nKgRRmd.exe
  C:\Windows\System\nKgRRmd.exe
  2⤵
  PID:4884
- C:\Windows\System\IUOxSBM.exe
  C:\Windows\System\IUOxSBM.exe
  2⤵
  PID:4976
- C:\Windows\System\xztXyKe.exe
  C:\Windows\System\xztXyKe.exe
  2⤵
  PID:5128
- C:\Windows\System\YEZlBhV.exe
  C:\Windows\System\YEZlBhV.exe
  2⤵
  PID:5144
- C:\Windows\System\VZlCkYM.exe
  C:\Windows\System\VZlCkYM.exe
  2⤵
  PID:5160
- C:\Windows\System\rkdGLqP.exe
  C:\Windows\System\rkdGLqP.exe
  2⤵
  PID:5176
- C:\Windows\System\NsGKoMU.exe
  C:\Windows\System\NsGKoMU.exe
  2⤵
  PID:5192
- C:\Windows\System\zNbSmgl.exe
  C:\Windows\System\zNbSmgl.exe
  2⤵
  PID:5208
- C:\Windows\System\ZNhWhSu.exe
  C:\Windows\System\ZNhWhSu.exe
  2⤵
  PID:5228
- C:\Windows\System\xygEVKL.exe
  C:\Windows\System\xygEVKL.exe
  2⤵
  PID:5244
- C:\Windows\System\YbHShbt.exe
  C:\Windows\System\YbHShbt.exe
  2⤵
  PID:5260
- C:\Windows\System\QAyBfOJ.exe
  C:\Windows\System\QAyBfOJ.exe
  2⤵
  PID:5276
- C:\Windows\System\cKvsTNL.exe
  C:\Windows\System\cKvsTNL.exe
  2⤵
  PID:5292
- C:\Windows\System\nEwTSNQ.exe
  C:\Windows\System\nEwTSNQ.exe
  2⤵
  PID:5308
- C:\Windows\System\OYXHiWB.exe
  C:\Windows\System\OYXHiWB.exe
  2⤵
  PID:5324
- C:\Windows\System\TdoxgEh.exe
  C:\Windows\System\TdoxgEh.exe
  2⤵
  PID:5340
- C:\Windows\System\RavhKrb.exe
  C:\Windows\System\RavhKrb.exe
  2⤵
  PID:5356
- C:\Windows\System\uXesthl.exe
  C:\Windows\System\uXesthl.exe
  2⤵
  PID:5372
- C:\Windows\System\mSUjYwn.exe
  C:\Windows\System\mSUjYwn.exe
  2⤵
  PID:5388
- C:\Windows\System\GzDNLKM.exe
  C:\Windows\System\GzDNLKM.exe
  2⤵
  PID:5404
- C:\Windows\System\zdxaIvq.exe
  C:\Windows\System\zdxaIvq.exe
  2⤵
  PID:5420
- C:\Windows\System\MTRUmfA.exe
  C:\Windows\System\MTRUmfA.exe
  2⤵
  PID:5436
- C:\Windows\System\ulyyhCB.exe
  C:\Windows\System\ulyyhCB.exe
  2⤵
  PID:5452
- C:\Windows\System\kMhDAyv.exe
  C:\Windows\System\kMhDAyv.exe
  2⤵
  PID:5468
- C:\Windows\System\STDSYMK.exe
  C:\Windows\System\STDSYMK.exe
  2⤵
  PID:5484
- C:\Windows\System\nyoUOvh.exe
  C:\Windows\System\nyoUOvh.exe
  2⤵
  PID:5500
- C:\Windows\System\dioJZvg.exe
  C:\Windows\System\dioJZvg.exe
  2⤵
  PID:5516
- C:\Windows\System\POECKbv.exe
  C:\Windows\System\POECKbv.exe
  2⤵
  PID:5532
- C:\Windows\System\nVrDGTs.exe
  C:\Windows\System\nVrDGTs.exe
  2⤵
  PID:5548
- C:\Windows\System\apfoTdW.exe
  C:\Windows\System\apfoTdW.exe
  2⤵
  PID:5564
- C:\Windows\System\KzlORxi.exe
  C:\Windows\System\KzlORxi.exe
  2⤵
  PID:5580
- C:\Windows\System\JSmoEyC.exe
  C:\Windows\System\JSmoEyC.exe
  2⤵
  PID:5596
- C:\Windows\System\XgEtfzJ.exe
  C:\Windows\System\XgEtfzJ.exe
  2⤵
  PID:5612
- C:\Windows\System\MOcqGbl.exe
  C:\Windows\System\MOcqGbl.exe
  2⤵
  PID:5628
- C:\Windows\System\rmFlbGQ.exe
  C:\Windows\System\rmFlbGQ.exe
  2⤵
  PID:5644
- C:\Windows\System\celynQj.exe
  C:\Windows\System\celynQj.exe
  2⤵
  PID:5660
- C:\Windows\System\XQBNtqq.exe
  C:\Windows\System\XQBNtqq.exe
  2⤵
  PID:5676
- C:\Windows\System\SpAFlpS.exe
  C:\Windows\System\SpAFlpS.exe
  2⤵
  PID:5692
- C:\Windows\System\SDczrBZ.exe
  C:\Windows\System\SDczrBZ.exe
  2⤵
  PID:5708
- C:\Windows\System\LhUJRdR.exe
  C:\Windows\System\LhUJRdR.exe
  2⤵
  PID:5724
- C:\Windows\System\omTMsgz.exe
  C:\Windows\System\omTMsgz.exe
  2⤵
  PID:5740
- C:\Windows\System\IwrhNTY.exe
  C:\Windows\System\IwrhNTY.exe
  2⤵
  PID:5756
- C:\Windows\System\SCJfXcO.exe
  C:\Windows\System\SCJfXcO.exe
  2⤵
  PID:5772
- C:\Windows\System\CUAGENc.exe
  C:\Windows\System\CUAGENc.exe
  2⤵
  PID:5788
- C:\Windows\System\WdlHjFX.exe
  C:\Windows\System\WdlHjFX.exe
  2⤵
  PID:5804
- C:\Windows\System\LdHFUut.exe
  C:\Windows\System\LdHFUut.exe
  2⤵
  PID:5820
- C:\Windows\System\yxrSOAT.exe
  C:\Windows\System\yxrSOAT.exe
  2⤵
  PID:5836
- C:\Windows\System\UaSjdcq.exe
  C:\Windows\System\UaSjdcq.exe
  2⤵
  PID:5852
- C:\Windows\System\JFawvyI.exe
  C:\Windows\System\JFawvyI.exe
  2⤵
  PID:5868
- C:\Windows\System\FliJiTF.exe
  C:\Windows\System\FliJiTF.exe
  2⤵
  PID:5884
- C:\Windows\System\NOCKanl.exe
  C:\Windows\System\NOCKanl.exe
  2⤵
  PID:5904
- C:\Windows\System\ByxtKYF.exe
  C:\Windows\System\ByxtKYF.exe
  2⤵
  PID:5920
- C:\Windows\System\GaxNTyE.exe
  C:\Windows\System\GaxNTyE.exe
  2⤵
  PID:5936
- C:\Windows\System\eNAcTBR.exe
  C:\Windows\System\eNAcTBR.exe
  2⤵
  PID:5952
- C:\Windows\System\XLEzLfP.exe
  C:\Windows\System\XLEzLfP.exe
  2⤵
  PID:5968
- C:\Windows\System\PaSBmAV.exe
  C:\Windows\System\PaSBmAV.exe
  2⤵
  PID:5984
- C:\Windows\System\qmBSzzU.exe
  C:\Windows\System\qmBSzzU.exe
  2⤵
  PID:6000
- C:\Windows\System\kqoSUlU.exe
  C:\Windows\System\kqoSUlU.exe
  2⤵
  PID:6016
- C:\Windows\System\sLXgvko.exe
  C:\Windows\System\sLXgvko.exe
  2⤵
  PID:6032
- C:\Windows\System\yjDXzjM.exe
  C:\Windows\System\yjDXzjM.exe
  2⤵
  PID:6048
- C:\Windows\System\kkqqTdi.exe
  C:\Windows\System\kkqqTdi.exe
  2⤵
  PID:6064
- C:\Windows\System\fvUjyNC.exe
  C:\Windows\System\fvUjyNC.exe
  2⤵
  PID:6080
- C:\Windows\System\ciyRyDW.exe
  C:\Windows\System\ciyRyDW.exe
  2⤵
  PID:6096
- C:\Windows\System\zRqQTlm.exe
  C:\Windows\System\zRqQTlm.exe
  2⤵
  PID:6112
- C:\Windows\System\QwnMweD.exe
  C:\Windows\System\QwnMweD.exe
  2⤵
  PID:6128
- C:\Windows\System\PhIgnvO.exe
  C:\Windows\System\PhIgnvO.exe
  2⤵
  PID:5024
- C:\Windows\System\KVRglPZ.exe
  C:\Windows\System\KVRglPZ.exe
  2⤵
  PID:5076
- C:\Windows\System\efRWhpg.exe
  C:\Windows\System\efRWhpg.exe
  2⤵
  PID:3064
- C:\Windows\System\YdYwyTA.exe
  C:\Windows\System\YdYwyTA.exe
  2⤵
  PID:3288
- C:\Windows\System\vKTaoKA.exe
  C:\Windows\System\vKTaoKA.exe
  2⤵
  PID:4100
- C:\Windows\System\iudFQqf.exe
  C:\Windows\System\iudFQqf.exe
  2⤵
  PID:4192
- C:\Windows\System\uujPLsN.exe
  C:\Windows\System\uujPLsN.exe
  2⤵
  PID:4304
- C:\Windows\System\ChZrHti.exe
  C:\Windows\System\ChZrHti.exe
  2⤵
  PID:4432
- C:\Windows\System\hpIDHFk.exe
  C:\Windows\System\hpIDHFk.exe
  2⤵
  PID:4560
- C:\Windows\System\gARYjYk.exe
  C:\Windows\System\gARYjYk.exe
  2⤵
  PID:4692
- C:\Windows\System\vXcsHVH.exe
  C:\Windows\System\vXcsHVH.exe
  2⤵
  PID:4832
- C:\Windows\System\UZCPQis.exe
  C:\Windows\System\UZCPQis.exe
  2⤵
  PID:4948
- C:\Windows\System\YXGPnEL.exe
  C:\Windows\System\YXGPnEL.exe
  2⤵
  PID:5140
- C:\Windows\System\dlAlPhQ.exe
  C:\Windows\System\dlAlPhQ.exe
  2⤵
  PID:5172
- C:\Windows\System\TbXadYV.exe
  C:\Windows\System\TbXadYV.exe
  2⤵
  PID:5204
- C:\Windows\System\bnWbpuU.exe
  C:\Windows\System\bnWbpuU.exe
  2⤵
  PID:5240
- C:\Windows\System\kfxJLoH.exe
  C:\Windows\System\kfxJLoH.exe
  2⤵
  PID:5272
- C:\Windows\System\TgWxCkz.exe
  C:\Windows\System\TgWxCkz.exe
  2⤵
  PID:5316
- C:\Windows\System\cGZPHjv.exe
  C:\Windows\System\cGZPHjv.exe
  2⤵
  PID:5348
- C:\Windows\System\vZBqWjE.exe
  C:\Windows\System\vZBqWjE.exe
  2⤵
  PID:5368
- C:\Windows\System\hqrRzjf.exe
  C:\Windows\System\hqrRzjf.exe
  2⤵
  PID:5400
- C:\Windows\System\unCtmHw.exe
  C:\Windows\System\unCtmHw.exe
  2⤵
  PID:5444
- C:\Windows\System\MUTYDqM.exe
  C:\Windows\System\MUTYDqM.exe
  2⤵
  PID:5464
- C:\Windows\System\WGlroUu.exe
  C:\Windows\System\WGlroUu.exe
  2⤵
  PID:5496
- C:\Windows\System\JUMSYFt.exe
  C:\Windows\System\JUMSYFt.exe
  2⤵
  PID:5540
- C:\Windows\System\pIIyFWT.exe
  C:\Windows\System\pIIyFWT.exe
  2⤵
  PID:5560
- C:\Windows\System\WuJbcgq.exe
  C:\Windows\System\WuJbcgq.exe
  2⤵
  PID:5604
- C:\Windows\System\ZpHBBKk.exe
  C:\Windows\System\ZpHBBKk.exe
  2⤵
  PID:5636
- C:\Windows\System\HTbEjDm.exe
  C:\Windows\System\HTbEjDm.exe
  2⤵
  PID:5668
- C:\Windows\System\nTmserr.exe
  C:\Windows\System\nTmserr.exe
  2⤵
  PID:5700
- C:\Windows\System\TopCMSY.exe
  C:\Windows\System\TopCMSY.exe
  2⤵
  PID:5732
- C:\Windows\System\JGWKpba.exe
  C:\Windows\System\JGWKpba.exe
  2⤵
  PID:5764
- C:\Windows\System\CcGFwgw.exe
  C:\Windows\System\CcGFwgw.exe
  2⤵
  PID:5800
- C:\Windows\System\zNoFesb.exe
  C:\Windows\System\zNoFesb.exe
  2⤵
  PID:5832
- C:\Windows\System\WehrPOH.exe
  C:\Windows\System\WehrPOH.exe
  2⤵
  PID:5864
- C:\Windows\System\GWSUxlE.exe
  C:\Windows\System\GWSUxlE.exe
  2⤵
  PID:5900
- C:\Windows\System\HFPqfgK.exe
  C:\Windows\System\HFPqfgK.exe
  2⤵
  PID:5932
- C:\Windows\System\bCTVsMR.exe
  C:\Windows\System\bCTVsMR.exe
  2⤵
  PID:5964
- C:\Windows\System\dZahuvF.exe
  C:\Windows\System\dZahuvF.exe
  2⤵
  PID:5996
- C:\Windows\System\gbHhfyc.exe
  C:\Windows\System\gbHhfyc.exe
  2⤵
  PID:6028
- C:\Windows\System\xiVdxuA.exe
  C:\Windows\System\xiVdxuA.exe
  2⤵
  PID:6060
- C:\Windows\System\nosSmHH.exe
  C:\Windows\System\nosSmHH.exe
  2⤵
  PID:6092
- C:\Windows\System\LyNDvVW.exe
  C:\Windows\System\LyNDvVW.exe
  2⤵
  PID:6124
- C:\Windows\System\wUzVJbj.exe
  C:\Windows\System\wUzVJbj.exe
  2⤵
  PID:5072
- C:\Windows\System\DJwDdnc.exe
  C:\Windows\System\DJwDdnc.exe
  2⤵
  PID:3256
- C:\Windows\System\SFOShLV.exe
  C:\Windows\System\SFOShLV.exe
  2⤵
  PID:4164
- C:\Windows\System\temdQoF.exe
  C:\Windows\System\temdQoF.exe
  2⤵
  PID:4420
- C:\Windows\System\RxoYRmX.exe
  C:\Windows\System\RxoYRmX.exe
  2⤵
  PID:4688
- C:\Windows\System\aPhZZPb.exe
  C:\Windows\System\aPhZZPb.exe
  2⤵
  PID:4944
- C:\Windows\System\JYMvfQt.exe
  C:\Windows\System\JYMvfQt.exe
  2⤵
  PID:5168
- C:\Windows\System\SCaEnXp.exe
  C:\Windows\System\SCaEnXp.exe
  2⤵
  PID:5236
- C:\Windows\System\rgZheak.exe
  C:\Windows\System\rgZheak.exe
  2⤵
  PID:5300
- C:\Windows\System\cqTuJhH.exe
  C:\Windows\System\cqTuJhH.exe
  2⤵
  PID:5364
- C:\Windows\System\bhPLhLv.exe
  C:\Windows\System\bhPLhLv.exe
  2⤵
  PID:5428
- C:\Windows\System\hynNlVR.exe
  C:\Windows\System\hynNlVR.exe
  2⤵
  PID:5492
- C:\Windows\System\lLPzrJQ.exe
  C:\Windows\System\lLPzrJQ.exe
  2⤵
  PID:5572
- C:\Windows\System\XnqWwHb.exe
  C:\Windows\System\XnqWwHb.exe
  2⤵
  PID:5624
- C:\Windows\System\cTUfceZ.exe
  C:\Windows\System\cTUfceZ.exe
  2⤵
  PID:5688
- C:\Windows\System\LHOqEfa.exe
  C:\Windows\System\LHOqEfa.exe
  2⤵
  PID:5752
- C:\Windows\System\pIZTQdG.exe
  C:\Windows\System\pIZTQdG.exe
  2⤵
  PID:5828
- C:\Windows\System\TCwOpNu.exe
  C:\Windows\System\TCwOpNu.exe
  2⤵
  PID:5892
- C:\Windows\System\mVRJlBG.exe
  C:\Windows\System\mVRJlBG.exe
  2⤵
  PID:5960
- C:\Windows\System\NtdzmBC.exe
  C:\Windows\System\NtdzmBC.exe
  2⤵
  PID:6024
- C:\Windows\System\IWPLUjD.exe
  C:\Windows\System\IWPLUjD.exe
  2⤵
  PID:6108
- C:\Windows\System\xgrsiOa.exe
  C:\Windows\System\xgrsiOa.exe
  2⤵
  PID:6160
- C:\Windows\System\wUfLjxc.exe
  C:\Windows\System\wUfLjxc.exe
  2⤵
  PID:6176
- C:\Windows\System\cMFMRPZ.exe
  C:\Windows\System\cMFMRPZ.exe
  2⤵
  PID:6192
- C:\Windows\System\teCwLiQ.exe
  C:\Windows\System\teCwLiQ.exe
  2⤵
  PID:6208
- C:\Windows\System\VdbgckW.exe
  C:\Windows\System\VdbgckW.exe
  2⤵
  PID:6224
- C:\Windows\System\XGrHlsc.exe
  C:\Windows\System\XGrHlsc.exe
  2⤵
  PID:6240
- C:\Windows\System\HjcKyDt.exe
  C:\Windows\System\HjcKyDt.exe
  2⤵
  PID:6260
- C:\Windows\System\RXZvGeI.exe
  C:\Windows\System\RXZvGeI.exe
  2⤵
  PID:6276
- C:\Windows\System\MXUBZEL.exe
  C:\Windows\System\MXUBZEL.exe
  2⤵
  PID:6296
- C:\Windows\System\qoaEkab.exe
  C:\Windows\System\qoaEkab.exe
  2⤵
  PID:6312
- C:\Windows\System\OdTikFk.exe
  C:\Windows\System\OdTikFk.exe
  2⤵
  PID:6336
- C:\Windows\System\RccEtVF.exe
  C:\Windows\System\RccEtVF.exe
  2⤵
  PID:6352
- C:\Windows\System\OzKBDyG.exe
  C:\Windows\System\OzKBDyG.exe
  2⤵
  PID:6368
- C:\Windows\System\XEBTlFm.exe
  C:\Windows\System\XEBTlFm.exe
  2⤵
  PID:6384
- C:\Windows\System\EFgFtHO.exe
  C:\Windows\System\EFgFtHO.exe
  2⤵
  PID:6400
- C:\Windows\System\pjOmGKn.exe
  C:\Windows\System\pjOmGKn.exe
  2⤵
  PID:6416
- C:\Windows\System\KyRZbHm.exe
  C:\Windows\System\KyRZbHm.exe
  2⤵
  PID:6432
- C:\Windows\System\aeHkPXb.exe
  C:\Windows\System\aeHkPXb.exe
  2⤵
  PID:6452
- C:\Windows\System\kPaqlAw.exe
  C:\Windows\System\kPaqlAw.exe
  2⤵
  PID:6548
- C:\Windows\System\xtizLqS.exe
  C:\Windows\System\xtizLqS.exe
  2⤵
  PID:6584
- C:\Windows\System\IZaEXSH.exe
  C:\Windows\System\IZaEXSH.exe
  2⤵
  PID:6704
- C:\Windows\System\ivJAEOU.exe
  C:\Windows\System\ivJAEOU.exe
  2⤵
  PID:6972
- C:\Windows\System\ckTTqhR.exe
  C:\Windows\System\ckTTqhR.exe
  2⤵
  PID:5748
- C:\Windows\System\oQeQIQb.exe
  C:\Windows\System\oQeQIQb.exe
  2⤵
  PID:6308
- C:\Windows\System\aMsUPPW.exe
  C:\Windows\System\aMsUPPW.exe
  2⤵
  PID:6408
- C:\Windows\System\tHiFfIS.exe
  C:\Windows\System\tHiFfIS.exe
  2⤵
  PID:6736
- C:\Windows\System\hhZLHtg.exe
  C:\Windows\System\hhZLHtg.exe
  2⤵
  PID:7280
- C:\Windows\System\gytIWzY.exe
  C:\Windows\System\gytIWzY.exe
  2⤵
  PID:7312
- C:\Windows\System\NTuaSlO.exe
  C:\Windows\System\NTuaSlO.exe
  2⤵
  PID:7332
- C:\Windows\System\PJHlsKX.exe
  C:\Windows\System\PJHlsKX.exe
  2⤵
  PID:7356
- C:\Windows\System\BvmOkJT.exe
  C:\Windows\System\BvmOkJT.exe
  2⤵
  PID:7376
- C:\Windows\System\DvvCjtZ.exe
  C:\Windows\System\DvvCjtZ.exe
  2⤵
  PID:7396
- C:\Windows\System\EtpwblN.exe
  C:\Windows\System\EtpwblN.exe
  2⤵
  PID:7420
- C:\Windows\System\jAFXsET.exe
  C:\Windows\System\jAFXsET.exe
  2⤵
  PID:7444
- C:\Windows\System\DJKoIqK.exe
  C:\Windows\System\DJKoIqK.exe
  2⤵
  PID:7464
- C:\Windows\System\PhxAfze.exe
  C:\Windows\System\PhxAfze.exe
  2⤵
  PID:7484
- C:\Windows\System\NGIwJaV.exe
  C:\Windows\System\NGIwJaV.exe
  2⤵
  PID:7504
- C:\Windows\System\bghTRVD.exe
  C:\Windows\System\bghTRVD.exe
  2⤵
  PID:7524
- C:\Windows\System\sfLeRfo.exe
  C:\Windows\System\sfLeRfo.exe
  2⤵
  PID:7540
- C:\Windows\System\MuINKlH.exe
  C:\Windows\System\MuINKlH.exe
  2⤵
  PID:7564
- C:\Windows\System\mzwJClO.exe
  C:\Windows\System\mzwJClO.exe
  2⤵
  PID:7584
- C:\Windows\System\hQCKwdY.exe
  C:\Windows\System\hQCKwdY.exe
  2⤵
  PID:7600
- C:\Windows\System\IAKzaty.exe
  C:\Windows\System\IAKzaty.exe
  2⤵
  PID:7616
- C:\Windows\System\rcUJlAY.exe
  C:\Windows\System\rcUJlAY.exe
  2⤵
  PID:7636
- C:\Windows\System\bucwdyT.exe
  C:\Windows\System\bucwdyT.exe
  2⤵
  PID:7652
- C:\Windows\System\yYFFKfW.exe
  C:\Windows\System\yYFFKfW.exe
  2⤵
  PID:7680
- C:\Windows\System\nfBZlBo.exe
  C:\Windows\System\nfBZlBo.exe
  2⤵
  PID:7704
- C:\Windows\System\oFGwcXF.exe
  C:\Windows\System\oFGwcXF.exe
  2⤵
  PID:7724
- C:\Windows\System\zsMRWFM.exe
  C:\Windows\System\zsMRWFM.exe
  2⤵
  PID:7744
- C:\Windows\System\myvpUMd.exe
  C:\Windows\System\myvpUMd.exe
  2⤵
  PID:7760
- C:\Windows\System\GIkCmCP.exe
  C:\Windows\System\GIkCmCP.exe
  2⤵
  PID:7784
- C:\Windows\System\BzkvcZI.exe
  C:\Windows\System\BzkvcZI.exe
  2⤵
  PID:7808
- C:\Windows\System\bzsyrvF.exe
  C:\Windows\System\bzsyrvF.exe
  2⤵
  PID:7828
- C:\Windows\System\aTnNknU.exe
  C:\Windows\System\aTnNknU.exe
  2⤵
  PID:7844
- C:\Windows\System\tTSXnde.exe
  C:\Windows\System\tTSXnde.exe
  2⤵
  PID:7864
- C:\Windows\System\PyEwPIP.exe
  C:\Windows\System\PyEwPIP.exe
  2⤵
  PID:7884
- C:\Windows\System\hLIKleP.exe
  C:\Windows\System\hLIKleP.exe
  2⤵
  PID:7904
- C:\Windows\System\ZVEiUre.exe
  C:\Windows\System\ZVEiUre.exe
  2⤵
  PID:7924
- C:\Windows\System\LBkkBln.exe
  C:\Windows\System\LBkkBln.exe
  2⤵
  PID:7944
- C:\Windows\System\SdKldHq.exe
  C:\Windows\System\SdKldHq.exe
  2⤵
  PID:7964
- C:\Windows\System\oNGqkUe.exe
  C:\Windows\System\oNGqkUe.exe
  2⤵
  PID:7992
- C:\Windows\System\YCwdWQp.exe
  C:\Windows\System\YCwdWQp.exe
  2⤵
  PID:8012
- C:\Windows\System\YOnUjnf.exe
  C:\Windows\System\YOnUjnf.exe
  2⤵
  PID:8032
- C:\Windows\System\ThTxhtl.exe
  C:\Windows\System\ThTxhtl.exe
  2⤵
  PID:8052
- C:\Windows\System\fetDeBB.exe
  C:\Windows\System\fetDeBB.exe
  2⤵
  PID:8068
- C:\Windows\System\oYzwQPT.exe
  C:\Windows\System\oYzwQPT.exe
  2⤵
  PID:8088
- C:\Windows\System\NIGFLYI.exe
  C:\Windows\System\NIGFLYI.exe
  2⤵
  PID:8108
- C:\Windows\System\ybnJrTR.exe
  C:\Windows\System\ybnJrTR.exe
  2⤵
  PID:8136
- C:\Windows\System\roqrHRc.exe
  C:\Windows\System\roqrHRc.exe
  2⤵
  PID:8160
- C:\Windows\System\qZuBojn.exe
  C:\Windows\System\qZuBojn.exe
  2⤵
  PID:8176
- C:\Windows\System\wdTyZhQ.exe
  C:\Windows\System\wdTyZhQ.exe
  2⤵
  PID:6836
- C:\Windows\System\sMuemfR.exe
  C:\Windows\System\sMuemfR.exe
  2⤵
  PID:6892
- C:\Windows\System\CXsulPw.exe
  C:\Windows\System\CXsulPw.exe
  2⤵
  PID:6916
- C:\Windows\System\oOZZgYm.exe
  C:\Windows\System\oOZZgYm.exe
  2⤵
  PID:6948
- C:\Windows\System\AiaAqCj.exe
  C:\Windows\System\AiaAqCj.exe
  2⤵
  PID:6696
- C:\Windows\System\bIDbJrK.exe
  C:\Windows\System\bIDbJrK.exe
  2⤵
  PID:6964
- C:\Windows\System\SUtECvJ.exe
  C:\Windows\System\SUtECvJ.exe
  2⤵
  PID:6248
- C:\Windows\System\gbjBkpx.exe
  C:\Windows\System\gbjBkpx.exe
  2⤵
  PID:6292
- C:\Windows\System\zcYFUwX.exe
  C:\Windows\System\zcYFUwX.exe
  2⤵
  PID:6324
- C:\Windows\System\ayKgnjD.exe
  C:\Windows\System\ayKgnjD.exe
  2⤵
  PID:6484
- C:\Windows\System\OocdYak.exe
  C:\Windows\System\OocdYak.exe
  2⤵
  PID:6508
- C:\Windows\System\FFeKHMn.exe
  C:\Windows\System\FFeKHMn.exe
  2⤵
  PID:6524
- C:\Windows\System\IqIAsOH.exe
  C:\Windows\System\IqIAsOH.exe
  2⤵
  PID:6544
- C:\Windows\System\jmitLIR.exe
  C:\Windows\System\jmitLIR.exe
  2⤵
  PID:6604
- C:\Windows\System\jsQUasP.exe
  C:\Windows\System\jsQUasP.exe
  2⤵
  PID:6624
- C:\Windows\System\UBRPEsj.exe
  C:\Windows\System\UBRPEsj.exe
  2⤵
  PID:6644
- C:\Windows\System\GdZYAie.exe
  C:\Windows\System\GdZYAie.exe
  2⤵
  PID:6468
- C:\Windows\System\qxABRJr.exe
  C:\Windows\System\qxABRJr.exe
  2⤵
  PID:6364
- C:\Windows\System\KvUiTWq.exe
  C:\Windows\System\KvUiTWq.exe
  2⤵
  PID:6668
- C:\Windows\System\nfiWZYd.exe
  C:\Windows\System\nfiWZYd.exe
  2⤵
  PID:7004
- C:\Windows\System\byynfTD.exe
  C:\Windows\System\byynfTD.exe
  2⤵
  PID:7040
- C:\Windows\System\YHhRDnc.exe
  C:\Windows\System\YHhRDnc.exe
  2⤵
  PID:7060
- C:\Windows\System\pSvSYNW.exe
  C:\Windows\System\pSvSYNW.exe
  2⤵
  PID:7076
- C:\Windows\System\NmIbExR.exe
  C:\Windows\System\NmIbExR.exe
  2⤵
  PID:7096
- C:\Windows\System\NyRInTi.exe
  C:\Windows\System\NyRInTi.exe
  2⤵
  PID:7112
- C:\Windows\System\kGhyLbH.exe
  C:\Windows\System\kGhyLbH.exe
  2⤵
  PID:7128
- C:\Windows\System\hkrzrvN.exe
  C:\Windows\System\hkrzrvN.exe
  2⤵
  PID:7152
- C:\Windows\System\FEBqVaO.exe
  C:\Windows\System\FEBqVaO.exe
  2⤵
  PID:6200
- C:\Windows\System\EiCZSqO.exe
  C:\Windows\System\EiCZSqO.exe
  2⤵
  PID:6236
- C:\Windows\System\JsSKdLQ.exe
  C:\Windows\System\JsSKdLQ.exe
  2⤵
  PID:5044
- C:\Windows\System\MEYAqWh.exe
  C:\Windows\System\MEYAqWh.exe
  2⤵
  PID:5156
- C:\Windows\System\esUNomc.exe
  C:\Windows\System\esUNomc.exe
  2⤵
  PID:5524
- C:\Windows\System\kdhCIGY.exe
  C:\Windows\System\kdhCIGY.exe
  2⤵
  PID:5948
- C:\Windows\System\qpAknEB.exe
  C:\Windows\System\qpAknEB.exe
  2⤵
  PID:4292
- C:\Windows\System\deawgNG.exe
  C:\Windows\System\deawgNG.exe
  2⤵
  PID:5332
- C:\Windows\System\sgWgqyd.exe
  C:\Windows\System\sgWgqyd.exe
  2⤵
  PID:5720
- C:\Windows\System\TILDPSw.exe
  C:\Windows\System\TILDPSw.exe
  2⤵
  PID:6712
- C:\Windows\System\bYuGQYx.exe
  C:\Windows\System\bYuGQYx.exe
  2⤵
  PID:6724
- C:\Windows\System\dvhxkIK.exe
  C:\Windows\System\dvhxkIK.exe
  2⤵
  PID:6376
- C:\Windows\System\UhFhcfY.exe
  C:\Windows\System\UhFhcfY.exe
  2⤵
  PID:6448
- C:\Windows\System\ikZGqKr.exe
  C:\Windows\System\ikZGqKr.exe
  2⤵
  PID:7288
- C:\Windows\System\XyDcQUN.exe
  C:\Windows\System\XyDcQUN.exe
  2⤵
  PID:7304
- C:\Windows\System\XOkdTzT.exe
  C:\Windows\System\XOkdTzT.exe
  2⤵
  PID:7340
- C:\Windows\System\YCxRMKt.exe
  C:\Windows\System\YCxRMKt.exe
  2⤵
  PID:7388
- C:\Windows\System\dFaTpnn.exe
  C:\Windows\System\dFaTpnn.exe
  2⤵
  PID:6764
- C:\Windows\System\ATVKmmY.exe
  C:\Windows\System\ATVKmmY.exe
  2⤵
  PID:6788
- C:\Windows\System\gBPjPMC.exe
  C:\Windows\System\gBPjPMC.exe
  2⤵
  PID:6816
- C:\Windows\System\obvgcpY.exe
  C:\Windows\System\obvgcpY.exe
  2⤵
  PID:7180
- C:\Windows\System\Jgvjowr.exe
  C:\Windows\System\Jgvjowr.exe
  2⤵
  PID:7200
- C:\Windows\System\gMWQZco.exe
  C:\Windows\System\gMWQZco.exe
  2⤵
  PID:7216
- C:\Windows\System\jlDpIpC.exe
  C:\Windows\System\jlDpIpC.exe
  2⤵
  PID:7240
- C:\Windows\System\oLtIPaQ.exe
  C:\Windows\System\oLtIPaQ.exe
  2⤵
  PID:7260
- C:\Windows\System\LRHCwDx.exe
  C:\Windows\System\LRHCwDx.exe
  2⤵
  PID:7320
- C:\Windows\System\RHBVStK.exe
  C:\Windows\System\RHBVStK.exe
  2⤵
  PID:7436
- C:\Windows\System\iiKBOpX.exe
  C:\Windows\System\iiKBOpX.exe
  2⤵
  PID:7364
- C:\Windows\System\MGYsIAq.exe
  C:\Windows\System\MGYsIAq.exe
  2⤵
  PID:7476
- C:\Windows\System\AvjjDtx.exe
  C:\Windows\System\AvjjDtx.exe
  2⤵
  PID:7552
- C:\Windows\System\FcbOgDm.exe
  C:\Windows\System\FcbOgDm.exe
  2⤵
  PID:7412
- C:\Windows\System\sbsBaBF.exe
  C:\Windows\System\sbsBaBF.exe
  2⤵
  PID:7492
- C:\Windows\System\swKClvn.exe
  C:\Windows\System\swKClvn.exe
  2⤵
  PID:7668
- C:\Windows\System\BTOxuDW.exe
  C:\Windows\System\BTOxuDW.exe
  2⤵
  PID:7500
- C:\Windows\System\dxpMGjR.exe
  C:\Windows\System\dxpMGjR.exe
  2⤵
  PID:7752
- C:\Windows\System\nYmzVoa.exe
  C:\Windows\System\nYmzVoa.exe
  2⤵
  PID:7804
- C:\Windows\System\VbEqHmV.exe
  C:\Windows\System\VbEqHmV.exe
  2⤵
  PID:7576
- C:\Windows\System\rrFVUxc.exe
  C:\Windows\System\rrFVUxc.exe
  2⤵
  PID:7876
- C:\Windows\System\ywbWIZz.exe
  C:\Windows\System\ywbWIZz.exe
  2⤵
  PID:7916
- C:\Windows\System\jFxfZUM.exe
  C:\Windows\System\jFxfZUM.exe
  2⤵
  PID:7700
- C:\Windows\System\UMyYXoV.exe
  C:\Windows\System\UMyYXoV.exe
  2⤵
  PID:7772
- C:\Windows\System\VhhatvE.exe
  C:\Windows\System\VhhatvE.exe
  2⤵
  PID:8000
- C:\Windows\System\ypFLPUb.exe
  C:\Windows\System\ypFLPUb.exe
  2⤵
  PID:7852
- C:\Windows\System\SlFQdWQ.exe
  C:\Windows\System\SlFQdWQ.exe
  2⤵
  PID:8028
- C:\Windows\System\YrIWlZG.exe
  C:\Windows\System\YrIWlZG.exe
  2⤵
  PID:7896
- C:\Windows\System\yIxDCoU.exe
  C:\Windows\System\yIxDCoU.exe
  2⤵
  PID:8096
- C:\Windows\System\iTixKRK.exe
  C:\Windows\System\iTixKRK.exe
  2⤵
  PID:7984
- C:\Windows\System\tYsASOE.exe
  C:\Windows\System\tYsASOE.exe
  2⤵
  PID:8048
- C:\Windows\System\OMTgmLo.exe
  C:\Windows\System\OMTgmLo.exe
  2⤵
  PID:8184
- C:\Windows\System\ahpRIQQ.exe
  C:\Windows\System\ahpRIQQ.exe
  2⤵
  PID:8080
- C:\Windows\System\HgwdqBz.exe
  C:\Windows\System\HgwdqBz.exe
  2⤵
  PID:8172
- C:\Windows\System\AoxyMkv.exe
  C:\Windows\System\AoxyMkv.exe
  2⤵
  PID:2728
- C:\Windows\System\hzZBocY.exe
  C:\Windows\System\hzZBocY.exe
  2⤵
  PID:2608
- C:\Windows\System\lftvQqS.exe
  C:\Windows\System\lftvQqS.exe
  2⤵
  PID:2060
- C:\Windows\System\awaBgLd.exe
  C:\Windows\System\awaBgLd.exe
  2⤵
  PID:6188
- C:\Windows\System\dEdXMqA.exe
  C:\Windows\System\dEdXMqA.exe
  2⤵
  PID:6968
- C:\Windows\System\acVMqrR.exe
  C:\Windows\System\acVMqrR.exe
  2⤵
  PID:6504
- C:\Windows\System\MqjjBRd.exe
  C:\Windows\System\MqjjBRd.exe
  2⤵
  PID:6532
- C:\Windows\System\tVbwKpY.exe
  C:\Windows\System\tVbwKpY.exe
  2⤵
  PID:6620
- C:\Windows\System\CXOrRgL.exe
  C:\Windows\System\CXOrRgL.exe
  2⤵
  PID:6476
- C:\Windows\System\QpasQJN.exe
  C:\Windows\System\QpasQJN.exe
  2⤵
  PID:6656
- C:\Windows\System\ueKIpkq.exe
  C:\Windows\System\ueKIpkq.exe
  2⤵
  PID:6520
- C:\Windows\System\kInioaS.exe
  C:\Windows\System\kInioaS.exe
  2⤵
  PID:5880
- C:\Windows\System\ymSxMhG.exe
  C:\Windows\System\ymSxMhG.exe
  2⤵
  PID:6332
- C:\Windows\System\YxefhUm.exe
  C:\Windows\System\YxefhUm.exe
  2⤵
  PID:6632
- C:\Windows\System\LKbVdvw.exe
  C:\Windows\System\LKbVdvw.exe
  2⤵
  PID:2152
- C:\Windows\System\MsuKuCD.exe
  C:\Windows\System\MsuKuCD.exe
  2⤵
  PID:6396
- C:\Windows\System\ACxRWNB.exe
  C:\Windows\System\ACxRWNB.exe
  2⤵
  PID:6984
- C:\Windows\System\QfzisES.exe
  C:\Windows\System\QfzisES.exe
  2⤵
  PID:7052
- C:\Windows\System\RTqztXo.exe
  C:\Windows\System\RTqztXo.exe
  2⤵
  PID:5136
- C:\Windows\System\YJlHZoE.exe
  C:\Windows\System\YJlHZoE.exe
  2⤵
  PID:5684
- C:\Windows\System\YMIvsqZ.exe
  C:\Windows\System\YMIvsqZ.exe
  2⤵
  PID:2312
- C:\Windows\System\EUkcfiX.exe
  C:\Windows\System\EUkcfiX.exe
  2⤵
  PID:7124
- C:\Windows\System\OOQqgAg.exe
  C:\Windows\System\OOQqgAg.exe
  2⤵
  PID:7164
- C:\Windows\System\RpXVfGD.exe
  C:\Windows\System\RpXVfGD.exe
  2⤵
  PID:5416
- C:\Windows\System\IYVlqEl.exe
  C:\Windows\System\IYVlqEl.exe
  2⤵
  PID:4056
- C:\Windows\System\qVwAzkU.exe
  C:\Windows\System\qVwAzkU.exe
  2⤵
  PID:4368
- C:\Windows\System\GqQRelj.exe
  C:\Windows\System\GqQRelj.exe
  2⤵
  PID:2176
- C:\Windows\System\MTlLVOf.exe
  C:\Windows\System\MTlLVOf.exe
  2⤵
  PID:5620
- C:\Windows\System\eQEceFU.exe
  C:\Windows\System\eQEceFU.exe
  2⤵
  PID:6344
- C:\Windows\System\rdBzWzm.exe
  C:\Windows\System\rdBzWzm.exe
  2⤵
  PID:6440
- C:\Windows\System\XxLViXV.exe
  C:\Windows\System\XxLViXV.exe
  2⤵
  PID:6412
- C:\Windows\System\hTnvPNZ.exe
  C:\Windows\System\hTnvPNZ.exe
  2⤵
  PID:7300
- C:\Windows\System\xPYSXAR.exe
  C:\Windows\System\xPYSXAR.exe
  2⤵
  PID:6760
- C:\Windows\System\dFyWRGW.exe
  C:\Windows\System\dFyWRGW.exe
  2⤵
  PID:6800
- C:\Windows\System\TKKQNtA.exe
  C:\Windows\System\TKKQNtA.exe
  2⤵
  PID:6784
- C:\Windows\System\IJMgxkH.exe
  C:\Windows\System\IJMgxkH.exe
  2⤵
  PID:7192
- C:\Windows\System\LlFUfJH.exe
  C:\Windows\System\LlFUfJH.exe
  2⤵
  PID:7208
- C:\Windows\System\DxBLmwl.exe
  C:\Windows\System\DxBLmwl.exe
  2⤵
  PID:7272
- C:\Windows\System\doeHkhS.exe
  C:\Windows\System\doeHkhS.exe
  2⤵
  PID:7248
- C:\Windows\System\BhCCpYS.exe
  C:\Windows\System\BhCCpYS.exe
  2⤵
  PID:7548
- C:\Windows\System\xqAYitr.exe
  C:\Windows\System\xqAYitr.exe
  2⤵
  PID:2852
- C:\Windows\System\QJDPrQJ.exe
  C:\Windows\System\QJDPrQJ.exe
  2⤵
  PID:7592
- C:\Windows\System\CaNHTYu.exe
  C:\Windows\System\CaNHTYu.exe
  2⤵
  PID:7460
- C:\Windows\System\Dhbgrys.exe
  C:\Windows\System\Dhbgrys.exe
  2⤵
  PID:7496
- C:\Windows\System\fayTwuo.exe
  C:\Windows\System\fayTwuo.exe
  2⤵
  PID:7660
- C:\Windows\System\ZNuSBhq.exe
  C:\Windows\System\ZNuSBhq.exe
  2⤵
  PID:7716
- C:\Windows\System\gwPOFKF.exe
  C:\Windows\System\gwPOFKF.exe
  2⤵
  PID:7612
- C:\Windows\System\obNgwJF.exe
  C:\Windows\System\obNgwJF.exe
  2⤵
  PID:7872
- C:\Windows\System\nZtKDCU.exe
  C:\Windows\System\nZtKDCU.exe
  2⤵
  PID:7688
- C:\Windows\System\HnTjPGU.exe
  C:\Windows\System\HnTjPGU.exe
  2⤵
  PID:7920
- C:\Windows\System\vSoshII.exe
  C:\Windows\System\vSoshII.exe
  2⤵
  PID:7956
- C:\Windows\System\vmUhyLs.exe
  C:\Windows\System\vmUhyLs.exe
  2⤵
  PID:8020
- C:\Windows\System\wbpgzRJ.exe
  C:\Windows\System\wbpgzRJ.exe
  2⤵
  PID:2896
- C:\Windows\System\xjhwxzp.exe
  C:\Windows\System\xjhwxzp.exe
  2⤵
  PID:7936
- C:\Windows\System\qXMYFBf.exe
  C:\Windows\System\qXMYFBf.exe
  2⤵
  PID:8044
- C:\Windows\System\uCdJJgU.exe
  C:\Windows\System\uCdJJgU.exe
  2⤵
  PID:7976
- C:\Windows\System\ULUbOMo.exe
  C:\Windows\System\ULUbOMo.exe
  2⤵
  PID:8148
- C:\Windows\System\TviGCrq.exe
  C:\Windows\System\TviGCrq.exe
  2⤵
  PID:2720
- C:\Windows\System\LUFHsOu.exe
  C:\Windows\System\LUFHsOu.exe
  2⤵
  PID:6912
- C:\Windows\System\FzSzaLb.exe
  C:\Windows\System\FzSzaLb.exe
  2⤵
  PID:2088
- C:\Windows\System\AHcXaDi.exe
  C:\Windows\System\AHcXaDi.exe
  2⤵
  PID:6884
- C:\Windows\System\ARWtlGI.exe
  C:\Windows\System\ARWtlGI.exe
  2⤵
  PID:6688
- C:\Windows\System\AOXiNYz.exe
  C:\Windows\System\AOXiNYz.exe
  2⤵
  PID:6284
- C:\Windows\System\ADAnwEp.exe
  C:\Windows\System\ADAnwEp.exe
  2⤵
  PID:6496
- C:\Windows\System\GlnOhzX.exe
  C:\Windows\System\GlnOhzX.exe
  2⤵
  PID:6612
- C:\Windows\System\iKUvycj.exe
  C:\Windows\System\iKUvycj.exe
  2⤵
  PID:1936
- C:\Windows\System\hpLPUVf.exe
  C:\Windows\System\hpLPUVf.exe
  2⤵
  PID:2884
- C:\Windows\System\eyHlwyB.exe
  C:\Windows\System\eyHlwyB.exe
  2⤵
  PID:6640
- C:\Windows\System\zAloWKw.exe
  C:\Windows\System\zAloWKw.exe
  2⤵
  PID:6204
- C:\Windows\System\vVxQeUg.exe
  C:\Windows\System\vVxQeUg.exe
  2⤵
  PID:2824
- C:\Windows\System\UUEKzwA.exe
  C:\Windows\System\UUEKzwA.exe
  2⤵
  PID:2708
- C:\Windows\System\gjnwByN.exe
  C:\Windows\System\gjnwByN.exe
  2⤵
  PID:6424
- C:\Windows\System\kEsxqFn.exe
  C:\Windows\System\kEsxqFn.exe
  2⤵
  PID:2988
- C:\Windows\System\lPvUSFX.exe
  C:\Windows\System\lPvUSFX.exe
  2⤵
  PID:6700
- C:\Windows\System\cOplajd.exe
  C:\Windows\System\cOplajd.exe
  2⤵
  PID:2808
- C:\Windows\System\XQZhuJE.exe
  C:\Windows\System\XQZhuJE.exe
  2⤵
  PID:5816
- C:\Windows\System\pOVDPAa.exe
  C:\Windows\System\pOVDPAa.exe
  2⤵
  PID:6120
- C:\Windows\System\EOOqAYR.exe
  C:\Windows\System\EOOqAYR.exe
  2⤵
  PID:6012
- C:\Windows\System\aIAtKQJ.exe
  C:\Windows\System\aIAtKQJ.exe
  2⤵
  PID:5480
- C:\Windows\System\RpzfSgd.exe
  C:\Windows\System\RpzfSgd.exe
  2⤵
  PID:6560
- C:\Windows\System\tNdRBai.exe
  C:\Windows\System\tNdRBai.exe
  2⤵
  PID:6752
- C:\Windows\System\ZsWflmv.exe
  C:\Windows\System\ZsWflmv.exe
  2⤵
  PID:2672
- C:\Windows\System\wXMJiTQ.exe
  C:\Windows\System\wXMJiTQ.exe
  2⤵
  PID:7232
- C:\Windows\System\AJaWMNa.exe
  C:\Windows\System\AJaWMNa.exe
  2⤵
  PID:7276
- C:\Windows\System\OhHWAXN.exe
  C:\Windows\System\OhHWAXN.exe
  2⤵
  PID:2732
- C:\Windows\System\mNcJesM.exe
  C:\Windows\System\mNcJesM.exe
  2⤵
  PID:6492
- C:\Windows\System\wrVKnGS.exe
  C:\Windows\System\wrVKnGS.exe
  2⤵
  PID:7028
- C:\Windows\System\MjiWAus.exe
  C:\Windows\System\MjiWAus.exe
  2⤵
  PID:4548
- C:\Windows\System\IyfazTV.exe
  C:\Windows\System\IyfazTV.exe
  2⤵
  PID:1752
- C:\Windows\System\jkoizOH.exe
  C:\Windows\System\jkoizOH.exe
  2⤵
  PID:7120
- C:\Windows\System\gBIFVvy.exe
  C:\Windows\System\gBIFVvy.exe
  2⤵
  PID:2952
- C:\Windows\System\dGUDDUv.exe
  C:\Windows\System\dGUDDUv.exe
  2⤵
  PID:6156
- C:\Windows\System\EcczmEL.exe
  C:\Windows\System\EcczmEL.exe
  2⤵
  PID:6992
- C:\Windows\System\MWziMLL.exe
  C:\Windows\System\MWziMLL.exe
  2⤵
  PID:6828
- C:\Windows\System\tTdSztx.exe
  C:\Windows\System\tTdSztx.exe
  2⤵
  PID:7456
- C:\Windows\System\GQcamwx.exe
  C:\Windows\System\GQcamwx.exe
  2⤵
  PID:7480
- C:\Windows\System\TeYDuOD.exe
  C:\Windows\System\TeYDuOD.exe
  2⤵
  PID:2904
- C:\Windows\System\FuOwEFa.exe
  C:\Windows\System\FuOwEFa.exe
  2⤵
  PID:1652
- C:\Windows\System\xgPnERZ.exe
  C:\Windows\System\xgPnERZ.exe
  2⤵
  PID:7532
- C:\Windows\System\oAdkZFQ.exe
  C:\Windows\System\oAdkZFQ.exe
  2⤵
  PID:2916
- C:\Windows\System\fhQPwRb.exe
  C:\Windows\System\fhQPwRb.exe
  2⤵
  PID:7572
- C:\Windows\System\YZeDLhC.exe
  C:\Windows\System\YZeDLhC.exe
  2⤵
  PID:7648
- C:\Windows\System\bGZspBo.exe
  C:\Windows\System\bGZspBo.exe
  2⤵
  PID:7960
- C:\Windows\System\OzqJfDT.exe
  C:\Windows\System\OzqJfDT.exe
  2⤵
  PID:7892
- C:\Windows\System\NUlmWIH.exe
  C:\Windows\System\NUlmWIH.exe
  2⤵
  PID:8076
- C:\Windows\System\KqHREpq.exe
  C:\Windows\System\KqHREpq.exe
  2⤵
  PID:7580
- C:\Windows\System\EAhtGzj.exe
  C:\Windows\System\EAhtGzj.exe
  2⤵
  PID:1480
- C:\Windows\System\rlbRIKN.exe
  C:\Windows\System\rlbRIKN.exe
  2⤵
  PID:6868
- C:\Windows\System\OEldoXE.exe
  C:\Windows\System\OEldoXE.exe
  2⤵
  PID:6472
- C:\Windows\System\UjxgHfK.exe
  C:\Windows\System\UjxgHfK.exe
  2⤵
  PID:576
- C:\Windows\System\KowBSJz.exe
  C:\Windows\System\KowBSJz.exe
  2⤵
  PID:7148
- C:\Windows\System\JqAmiKu.exe
  C:\Windows\System\JqAmiKu.exe
  2⤵
  PID:7084
- C:\Windows\System\lqSqjby.exe
  C:\Windows\System\lqSqjby.exe
  2⤵
  PID:2228
- C:\Windows\System\giqQhLC.exe
  C:\Windows\System\giqQhLC.exe
  2⤵
  PID:7348
- C:\Windows\System\kuuKBNw.exe
  C:\Windows\System\kuuKBNw.exe
  2⤵
  PID:5656
- C:\Windows\System\rzEsyCa.exe
  C:\Windows\System\rzEsyCa.exe
  2⤵
  PID:7308
- C:\Windows\System\Prediex.exe
  C:\Windows\System\Prediex.exe
  2⤵
  PID:6744
- C:\Windows\System\PPCWrAg.exe
  C:\Windows\System\PPCWrAg.exe
  2⤵
  PID:8128
- C:\Windows\System\RnjlmzU.exe
  C:\Windows\System\RnjlmzU.exe
  2⤵
  PID:8116
- C:\Windows\System\nwLsbqq.exe
  C:\Windows\System\nwLsbqq.exe
  2⤵
  PID:2688
- C:\Windows\System\WGZTrkn.exe
  C:\Windows\System\WGZTrkn.exe
  2⤵
  PID:1724
- C:\Windows\System\eInjAJI.exe
  C:\Windows\System\eInjAJI.exe
  2⤵
  PID:1156
- C:\Windows\System\hRuocHL.exe
  C:\Windows\System\hRuocHL.exe
  2⤵
  PID:8040
- C:\Windows\System\oNCXCCj.exe
  C:\Windows\System\oNCXCCj.exe
  2⤵
  PID:7068
- C:\Windows\System\ZwgCyxO.exe
  C:\Windows\System\ZwgCyxO.exe
  2⤵
  PID:6940
- C:\Windows\System\nJTDePB.exe
  C:\Windows\System\nJTDePB.exe
  2⤵
  PID:6684
- C:\Windows\System\FNtvfHY.exe
  C:\Windows\System\FNtvfHY.exe
  2⤵
  PID:2468
- C:\Windows\System\CWeKdBU.exe
  C:\Windows\System\CWeKdBU.exe
  2⤵
  PID:984
- C:\Windows\System\NSTAdwj.exe
  C:\Windows\System\NSTAdwj.exe
  2⤵
  PID:7268
- C:\Windows\System\JZgAlxA.exe
  C:\Windows\System\JZgAlxA.exe
  2⤵
  PID:7836
- C:\Windows\System\akTFgOl.exe
  C:\Windows\System\akTFgOl.exe
  2⤵
  PID:7740
- C:\Windows\System\paNtAZv.exe
  C:\Windows\System\paNtAZv.exe
  2⤵
  PID:6540
- C:\Windows\System\sTioFfa.exe
  C:\Windows\System\sTioFfa.exe
  2⤵
  PID:6936
- C:\Windows\System\syUVlUQ.exe
  C:\Windows\System\syUVlUQ.exe
  2⤵
  PID:7428
- C:\Windows\System\jNVhHIS.exe
  C:\Windows\System\jNVhHIS.exe
  2⤵
  PID:1756
- C:\Windows\System\HWKyvOZ.exe
  C:\Windows\System\HWKyvOZ.exe
  2⤵
  PID:8208
- C:\Windows\System\OCDiFJs.exe
  C:\Windows\System\OCDiFJs.exe
  2⤵
  PID:8228
- C:\Windows\System\ZvNFpuj.exe
  C:\Windows\System\ZvNFpuj.exe
  2⤵
  PID:8244
- C:\Windows\System\DXOEGcE.exe
  C:\Windows\System\DXOEGcE.exe
  2⤵
  PID:8260
- C:\Windows\System\pbwPVVH.exe
  C:\Windows\System\pbwPVVH.exe
  2⤵
  PID:8276
- C:\Windows\System\zWQtqAD.exe
  C:\Windows\System\zWQtqAD.exe
  2⤵
  PID:8292
- C:\Windows\System\dIrXCON.exe
  C:\Windows\System\dIrXCON.exe
  2⤵
  PID:8308
- C:\Windows\System\UahVvuU.exe
  C:\Windows\System\UahVvuU.exe
  2⤵
  PID:8324
- C:\Windows\System\aOfyhMM.exe
  C:\Windows\System\aOfyhMM.exe
  2⤵
  PID:8340
- C:\Windows\System\jYTFzuC.exe
  C:\Windows\System\jYTFzuC.exe
  2⤵
  PID:8356
- C:\Windows\System\eoZfTBp.exe
  C:\Windows\System\eoZfTBp.exe
  2⤵
  PID:8372
- C:\Windows\System\jbpVmik.exe
  C:\Windows\System\jbpVmik.exe
  2⤵
  PID:8392
- C:\Windows\System\gPHdIKq.exe
  C:\Windows\System\gPHdIKq.exe
  2⤵
  PID:8408
- C:\Windows\System\nMeEeRI.exe
  C:\Windows\System\nMeEeRI.exe
  2⤵
  PID:8424
- C:\Windows\System\YbKMlQa.exe
  C:\Windows\System\YbKMlQa.exe
  2⤵
  PID:8440
- C:\Windows\System\dfihnZy.exe
  C:\Windows\System\dfihnZy.exe
  2⤵
  PID:8456
- C:\Windows\System\XVDAVet.exe
  C:\Windows\System\XVDAVet.exe
  2⤵
  PID:8472
- C:\Windows\System\ZJHVrRA.exe
  C:\Windows\System\ZJHVrRA.exe
  2⤵
  PID:8488
- C:\Windows\System\HRYwckM.exe
  C:\Windows\System\HRYwckM.exe
  2⤵
  PID:8504
- C:\Windows\System\aIDUXHF.exe
  C:\Windows\System\aIDUXHF.exe
  2⤵
  PID:8520
- C:\Windows\System\FImprri.exe
  C:\Windows\System\FImprri.exe
  2⤵
  PID:8536
- C:\Windows\System\xTQFzoo.exe
  C:\Windows\System\xTQFzoo.exe
  2⤵
  PID:8552
- C:\Windows\System\hPMfqVn.exe
  C:\Windows\System\hPMfqVn.exe
  2⤵
  PID:8568
- C:\Windows\System\NMzOCLX.exe
  C:\Windows\System\NMzOCLX.exe
  2⤵
  PID:8584
- C:\Windows\System\FpkmdUi.exe
  C:\Windows\System\FpkmdUi.exe
  2⤵
  PID:8648
- C:\Windows\System\jiZhEOZ.exe
  C:\Windows\System\jiZhEOZ.exe
  2⤵
  PID:8668
- C:\Windows\System\IiutPQt.exe
  C:\Windows\System\IiutPQt.exe
  2⤵
  PID:8684
- C:\Windows\System\xPqIHvK.exe
  C:\Windows\System\xPqIHvK.exe
  2⤵
  PID:8700
- C:\Windows\System\SuIUOqD.exe
  C:\Windows\System\SuIUOqD.exe
  2⤵
  PID:8716
- C:\Windows\System\WeDBOSY.exe
  C:\Windows\System\WeDBOSY.exe
  2⤵
  PID:8732
- C:\Windows\System\SlSiEso.exe
  C:\Windows\System\SlSiEso.exe
  2⤵
  PID:8752
- C:\Windows\System\IrtVrxB.exe
  C:\Windows\System\IrtVrxB.exe
  2⤵
  PID:8768
- C:\Windows\System\ArAytMn.exe
  C:\Windows\System\ArAytMn.exe
  2⤵
  PID:8784
- C:\Windows\System\PynFRBE.exe
  C:\Windows\System\PynFRBE.exe
  2⤵
  PID:8800
- C:\Windows\System\kibbhml.exe
  C:\Windows\System\kibbhml.exe
  2⤵
  PID:8816
- C:\Windows\System\koIxoQt.exe
  C:\Windows\System\koIxoQt.exe
  2⤵
  PID:8832
- C:\Windows\System\THLpeyw.exe
  C:\Windows\System\THLpeyw.exe
  2⤵
  PID:8848
- C:\Windows\System\kQMfEJb.exe
  C:\Windows\System\kQMfEJb.exe
  2⤵
  PID:8864
- C:\Windows\System\sFtbpau.exe
  C:\Windows\System\sFtbpau.exe
  2⤵
  PID:8880
- C:\Windows\System\nOtJExn.exe
  C:\Windows\System\nOtJExn.exe
  2⤵
  PID:8900
- C:\Windows\System\buAGnmL.exe
  C:\Windows\System\buAGnmL.exe
  2⤵
  PID:8916
- C:\Windows\System\IQhnXnF.exe
  C:\Windows\System\IQhnXnF.exe
  2⤵
  PID:8932
- C:\Windows\System\QkBEgkp.exe
  C:\Windows\System\QkBEgkp.exe
  2⤵
  PID:8948
- C:\Windows\System\iKCVFSR.exe
  C:\Windows\System\iKCVFSR.exe
  2⤵
  PID:8964
- C:\Windows\System\vuOOqpP.exe
  C:\Windows\System\vuOOqpP.exe
  2⤵
  PID:8980
- C:\Windows\System\SpDlOdD.exe
  C:\Windows\System\SpDlOdD.exe
  2⤵
  PID:8996
- C:\Windows\System\erdqbYk.exe
  C:\Windows\System\erdqbYk.exe
  2⤵
  PID:9012
- C:\Windows\System\zOeBduL.exe
  C:\Windows\System\zOeBduL.exe
  2⤵
  PID:9028
- C:\Windows\System\dmvFzaj.exe
  C:\Windows\System\dmvFzaj.exe
  2⤵
  PID:9044
- C:\Windows\System\SJYgjTX.exe
  C:\Windows\System\SJYgjTX.exe
  2⤵
  PID:9060
- C:\Windows\System\AVZbYDL.exe
  C:\Windows\System\AVZbYDL.exe
  2⤵
  PID:9076
- C:\Windows\System\onufkvl.exe
  C:\Windows\System\onufkvl.exe
  2⤵
  PID:9092
- C:\Windows\System\VebQkdg.exe
  C:\Windows\System\VebQkdg.exe
  2⤵
  PID:9116
- C:\Windows\System\qpYEzTh.exe
  C:\Windows\System\qpYEzTh.exe
  2⤵
  PID:9132
- C:\Windows\System\TDiaHuq.exe
  C:\Windows\System\TDiaHuq.exe
  2⤵
  PID:9152
- C:\Windows\System\lfLjrIH.exe
  C:\Windows\System\lfLjrIH.exe
  2⤵
  PID:9168
- C:\Windows\System\eGqHylz.exe
  C:\Windows\System\eGqHylz.exe
  2⤵
  PID:9184
- C:\Windows\System\JcGXxQU.exe
  C:\Windows\System\JcGXxQU.exe
  2⤵
  PID:9200
- C:\Windows\System\YupiZuv.exe
  C:\Windows\System\YupiZuv.exe
  2⤵
  PID:8200
- C:\Windows\System\JvtsWJW.exe
  C:\Windows\System\JvtsWJW.exe
  2⤵
  PID:7516
- C:\Windows\System\nGcUeJY.exe
  C:\Windows\System\nGcUeJY.exe
  2⤵
  PID:8284
- C:\Windows\System\lgLIlYX.exe
  C:\Windows\System\lgLIlYX.exe
  2⤵
  PID:332
- C:\Windows\System\ioZEofD.exe
  C:\Windows\System\ioZEofD.exe
  2⤵
  PID:7824
- C:\Windows\System\VVbAvgS.exe
  C:\Windows\System\VVbAvgS.exe
  2⤵
  PID:8008
- C:\Windows\System\YmjBgMy.exe
  C:\Windows\System\YmjBgMy.exe
  2⤵
  PID:8268
- C:\Windows\System\zYdosQc.exe
  C:\Windows\System\zYdosQc.exe
  2⤵
  PID:7104
- C:\Windows\System\oTrUVkJ.exe
  C:\Windows\System\oTrUVkJ.exe
  2⤵
  PID:8224
- C:\Windows\System\ftFYSFs.exe
  C:\Windows\System\ftFYSFs.exe
  2⤵
  PID:8332
- C:\Windows\System\WZSeGFp.exe
  C:\Windows\System\WZSeGFp.exe
  2⤵
  PID:8288
- C:\Windows\System\VfXeXsL.exe
  C:\Windows\System\VfXeXsL.exe
  2⤵
  PID:8416
- C:\Windows\System\ELnNoTZ.exe
  C:\Windows\System\ELnNoTZ.exe
  2⤵
  PID:8420
- C:\Windows\System\BtSoyYV.exe
  C:\Windows\System\BtSoyYV.exe
  2⤵
  PID:8432
- C:\Windows\System\dYwOPDv.exe
  C:\Windows\System\dYwOPDv.exe
  2⤵
  PID:8496
- C:\Windows\System\LZLoMpW.exe
  C:\Windows\System\LZLoMpW.exe
  2⤵
  PID:8560
- C:\Windows\System\BXsPLsO.exe
  C:\Windows\System\BXsPLsO.exe
  2⤵
  PID:8484
- C:\Windows\System\YnIDNAV.exe
  C:\Windows\System\YnIDNAV.exe
  2⤵
  PID:8548
- C:\Windows\System\fYgjton.exe
  C:\Windows\System\fYgjton.exe
  2⤵
  PID:8596
- C:\Windows\System\jWhCoMV.exe
  C:\Windows\System\jWhCoMV.exe
  2⤵
  PID:8616
- C:\Windows\System\UlKkzDL.exe
  C:\Windows\System\UlKkzDL.exe
  2⤵
  PID:8628
- C:\Windows\System\FZrjcQo.exe
  C:\Windows\System\FZrjcQo.exe
  2⤵
  PID:8640
- C:\Windows\System\gADctwH.exe
  C:\Windows\System\gADctwH.exe
  2⤵
  PID:8728
- C:\Windows\System\YJFdLNo.exe
  C:\Windows\System\YJFdLNo.exe
  2⤵
  PID:8644
- C:\Windows\System\DJkeyby.exe
  C:\Windows\System\DJkeyby.exe
  2⤵
  PID:8760
- C:\Windows\System\qoUDoaR.exe
  C:\Windows\System\qoUDoaR.exe
  2⤵
  PID:8220
- C:\Windows\System\ssswbva.exe
  C:\Windows\System\ssswbva.exe
  2⤵
  PID:8860
- C:\Windows\System\pNozpwM.exe
  C:\Windows\System\pNozpwM.exe
  2⤵
  PID:8924
- C:\Windows\System\QxOZuGI.exe
  C:\Windows\System\QxOZuGI.exe
  2⤵
  PID:8808
- C:\Windows\System\VbdSCyY.exe
  C:\Windows\System\VbdSCyY.exe
  2⤵
  PID:8956
- C:\Windows\System\NjVoDUP.exe
  C:\Windows\System\NjVoDUP.exe
  2⤵
  PID:8872
- C:\Windows\System\gedttir.exe
  C:\Windows\System\gedttir.exe
  2⤵
  PID:9020
- C:\Windows\System\yxjWksV.exe
  C:\Windows\System\yxjWksV.exe
  2⤵
  PID:9052
- C:\Windows\System\ebEqJAw.exe
  C:\Windows\System\ebEqJAw.exe
  2⤵
  PID:9056
- C:\Windows\System\AWajNAh.exe
  C:\Windows\System\AWajNAh.exe
  2⤵
  PID:9084
- C:\Windows\System\gryndUb.exe
  C:\Windows\System\gryndUb.exe
  2⤵
  PID:9040
- C:\Windows\System\ZFMhUup.exe
  C:\Windows\System\ZFMhUup.exe
  2⤵
  PID:9108
- C:\Windows\System\LOsGPBE.exe
  C:\Windows\System\LOsGPBE.exe
  2⤵
  PID:9144
- C:\Windows\System\rnLgJnk.exe
  C:\Windows\System\rnLgJnk.exe
  2⤵
  PID:9160
- C:\Windows\System\NkUyclx.exe
  C:\Windows\System\NkUyclx.exe
  2⤵
  PID:6592
- C:\Windows\System\BhPVHQT.exe
  C:\Windows\System\BhPVHQT.exe
  2⤵
  PID:9208
- C:\Windows\System\Nswudfa.exe
  C:\Windows\System\Nswudfa.exe
  2⤵
  PID:7664
- C:\Windows\System\mUcxlvh.exe
  C:\Windows\System\mUcxlvh.exe
  2⤵
  PID:7932
- C:\Windows\System\BXgoNIM.exe
  C:\Windows\System\BXgoNIM.exe
  2⤵
  PID:8368
- C:\Windows\System\NcwgmNu.exe
  C:\Windows\System\NcwgmNu.exe
  2⤵
  PID:8400
- C:\Windows\System\gXegYed.exe
  C:\Windows\System\gXegYed.exe
  2⤵
  PID:8364
- C:\Windows\System\OynTSwE.exe
  C:\Windows\System\OynTSwE.exe
  2⤵
  PID:8532
- C:\Windows\System\sqiXCVP.exe
  C:\Windows\System\sqiXCVP.exe
  2⤵
  PID:8592
- C:\Windows\System\TwwAAmj.exe
  C:\Windows\System\TwwAAmj.exe
  2⤵
  PID:8604
- C:\Windows\System\JzANXAh.exe
  C:\Windows\System\JzANXAh.exe
  2⤵
  PID:8528
- C:\Windows\System\toncwOu.exe
  C:\Windows\System\toncwOu.exe
  2⤵
  PID:8660
- C:\Windows\System\EWPVEjX.exe
  C:\Windows\System\EWPVEjX.exe
  2⤵
  PID:8748
- C:\Windows\System\KfeLXDo.exe
  C:\Windows\System\KfeLXDo.exe
  2⤵
  PID:8780
- C:\Windows\System\pYBugqN.exe
  C:\Windows\System\pYBugqN.exe
  2⤵
  PID:9036
- C:\Windows\System\lZJwKWx.exe
  C:\Windows\System\lZJwKWx.exe
  2⤵
  PID:8792
- C:\Windows\System\DRljKYH.exe
  C:\Windows\System\DRljKYH.exe
  2⤵
  PID:8976
- C:\Windows\System\kcXitqB.exe
  C:\Windows\System\kcXitqB.exe
  2⤵
  PID:8844
- C:\Windows\System\UxwIfli.exe
  C:\Windows\System\UxwIfli.exe
  2⤵
  PID:9004
- C:\Windows\System\WqXsYJn.exe
  C:\Windows\System\WqXsYJn.exe
  2⤵
  PID:8236
- C:\Windows\System\WLUmGNR.exe
  C:\Windows\System\WLUmGNR.exe
  2⤵
  PID:8156
- C:\Windows\System\QNfIfoH.exe
  C:\Windows\System\QNfIfoH.exe
  2⤵
  PID:9176
- C:\Windows\System\RwpHvtB.exe
  C:\Windows\System\RwpHvtB.exe
  2⤵
  PID:1792
- C:\Windows\System\GCIKJUG.exe
  C:\Windows\System\GCIKJUG.exe
  2⤵
  PID:8468
- C:\Windows\System\DzCbDDU.exe
  C:\Windows\System\DzCbDDU.exe
  2⤵
  PID:7236
- C:\Windows\System\GGNiKUp.exe
  C:\Windows\System\GGNiKUp.exe
  2⤵
  PID:8452
- C:\Windows\System\MvOFvgj.exe
  C:\Windows\System\MvOFvgj.exe
  2⤵
  PID:7432
- C:\Windows\System\BnCDZpy.exe
  C:\Windows\System\BnCDZpy.exe
  2⤵
  PID:8856
- C:\Windows\System\sYooviN.exe
  C:\Windows\System\sYooviN.exe
  2⤵
  PID:8928
- C:\Windows\System\GvARhIn.exe
  C:\Windows\System\GvARhIn.exe
  2⤵
  PID:8664
- C:\Windows\System\WQgapVo.exe
  C:\Windows\System\WQgapVo.exe
  2⤵
  PID:8896
- C:\Windows\System\ampeIlm.exe
  C:\Windows\System\ampeIlm.exe
  2⤵
  PID:9196
- C:\Windows\System\orcvtpF.exe
  C:\Windows\System\orcvtpF.exe
  2⤵
  PID:7196
- C:\Windows\System\fxBYaHy.exe
  C:\Windows\System\fxBYaHy.exe
  2⤵
  PID:8972
- C:\Windows\System\dLHmwAA.exe
  C:\Windows\System\dLHmwAA.exe
  2⤵
  PID:8676
- C:\Windows\System\HVRkPHx.exe
  C:\Windows\System\HVRkPHx.exe
  2⤵
  PID:9192
- C:\Windows\System\SouHpxd.exe
  C:\Windows\System\SouHpxd.exe
  2⤵
  PID:9212
- C:\Windows\System\LOJAcTB.exe
  C:\Windows\System\LOJAcTB.exe
  2⤵
  PID:8348
- C:\Windows\System\NgHPeTI.exe
  C:\Windows\System\NgHPeTI.exe
  2⤵
  PID:8636
- C:\Windows\System\Ibkowom.exe
  C:\Windows\System\Ibkowom.exe
  2⤵
  PID:9140
- C:\Windows\System\LBxQEWP.exe
  C:\Windows\System\LBxQEWP.exe
  2⤵
  PID:9224
- C:\Windows\System\IhHrvpR.exe
  C:\Windows\System\IhHrvpR.exe
  2⤵
  PID:9240
- C:\Windows\System\Ckdrzgd.exe
  C:\Windows\System\Ckdrzgd.exe
  2⤵
  PID:9256
- C:\Windows\System\tvZBPSr.exe
  C:\Windows\System\tvZBPSr.exe
  2⤵
  PID:9272
- C:\Windows\System\HajgAzw.exe
  C:\Windows\System\HajgAzw.exe
  2⤵
  PID:9288
- C:\Windows\System\BghuRZx.exe
  C:\Windows\System\BghuRZx.exe
  2⤵
  PID:9304
- C:\Windows\System\QuRVuIR.exe
  C:\Windows\System\QuRVuIR.exe
  2⤵
  PID:9320
- C:\Windows\System\enwVkUh.exe
  C:\Windows\System\enwVkUh.exe
  2⤵
  PID:9336
- C:\Windows\System\vdZnZYo.exe
  C:\Windows\System\vdZnZYo.exe
  2⤵
  PID:9352
- C:\Windows\System\dTArxSD.exe
  C:\Windows\System\dTArxSD.exe
  2⤵
  PID:9368
- C:\Windows\System\uhzVUQt.exe
  C:\Windows\System\uhzVUQt.exe
  2⤵
  PID:9384
- C:\Windows\System\ezTRpbU.exe
  C:\Windows\System\ezTRpbU.exe
  2⤵
  PID:9400
- C:\Windows\System\lVElExx.exe
  C:\Windows\System\lVElExx.exe
  2⤵
  PID:9416
- C:\Windows\System\vjjZZRt.exe
  C:\Windows\System\vjjZZRt.exe
  2⤵
  PID:9432
- C:\Windows\System\gJXGbVu.exe
  C:\Windows\System\gJXGbVu.exe
  2⤵
  PID:9448
- C:\Windows\System\GOcTwGE.exe
  C:\Windows\System\GOcTwGE.exe
  2⤵
  PID:9464
- C:\Windows\System\erSOJQa.exe
  C:\Windows\System\erSOJQa.exe
  2⤵
  PID:9480
- C:\Windows\System\AWjzxwH.exe
  C:\Windows\System\AWjzxwH.exe
  2⤵
  PID:9496
- C:\Windows\System\IPbqmAV.exe
  C:\Windows\System\IPbqmAV.exe
  2⤵
  PID:9512
- C:\Windows\System\xZcxQfc.exe
  C:\Windows\System\xZcxQfc.exe
  2⤵
  PID:9528
- C:\Windows\System\dKRsVSp.exe
  C:\Windows\System\dKRsVSp.exe
  2⤵
  PID:9544
- C:\Windows\System\FKsLPXf.exe
  C:\Windows\System\FKsLPXf.exe
  2⤵
  PID:9560
- C:\Windows\System\qzHGXSN.exe
  C:\Windows\System\qzHGXSN.exe
  2⤵
  PID:9576
- C:\Windows\System\XTpQNOZ.exe
  C:\Windows\System\XTpQNOZ.exe
  2⤵
  PID:9592
- C:\Windows\System\xwaQtgS.exe
  C:\Windows\System\xwaQtgS.exe
  2⤵
  PID:9608
- C:\Windows\System\xyPGnfm.exe
  C:\Windows\System\xyPGnfm.exe
  2⤵
  PID:9624
- C:\Windows\System\HAzlZmA.exe
  C:\Windows\System\HAzlZmA.exe
  2⤵
  PID:9640
- C:\Windows\System\gcgBZwA.exe
  C:\Windows\System\gcgBZwA.exe
  2⤵
  PID:9656
- C:\Windows\System\eNXMfrX.exe
  C:\Windows\System\eNXMfrX.exe
  2⤵
  PID:9672
- C:\Windows\System\fshKaKS.exe
  C:\Windows\System\fshKaKS.exe
  2⤵
  PID:9688
- C:\Windows\System\XXYvoox.exe
  C:\Windows\System\XXYvoox.exe
  2⤵
  PID:9704
- C:\Windows\System\yHIKlhZ.exe
  C:\Windows\System\yHIKlhZ.exe
  2⤵
  PID:9724
- C:\Windows\System\plZHMNC.exe
  C:\Windows\System\plZHMNC.exe
  2⤵
  PID:9740
- C:\Windows\System\VWsLFgH.exe
  C:\Windows\System\VWsLFgH.exe
  2⤵
  PID:9756
- C:\Windows\System\WgwURGC.exe
  C:\Windows\System\WgwURGC.exe
  2⤵
  PID:9772
- C:\Windows\System\bNQNnOD.exe
  C:\Windows\System\bNQNnOD.exe
  2⤵
  PID:9788
- C:\Windows\System\FStguDd.exe
  C:\Windows\System\FStguDd.exe
  2⤵
  PID:9804
- C:\Windows\System\IBCGBAP.exe
  C:\Windows\System\IBCGBAP.exe
  2⤵
  PID:9820
- C:\Windows\System\ewBylmF.exe
  C:\Windows\System\ewBylmF.exe
  2⤵
  PID:9836
- C:\Windows\System\pJasZwP.exe
  C:\Windows\System\pJasZwP.exe
  2⤵
  PID:9852
- C:\Windows\System\JRUsYFW.exe
  C:\Windows\System\JRUsYFW.exe
  2⤵
  PID:9868
- C:\Windows\System\gOJhneJ.exe
  C:\Windows\System\gOJhneJ.exe
  2⤵
  PID:9884
- C:\Windows\System\BQMagCE.exe
  C:\Windows\System\BQMagCE.exe
  2⤵
  PID:9900
- C:\Windows\System\SsosESt.exe
  C:\Windows\System\SsosESt.exe
  2⤵
  PID:9916
- C:\Windows\System\lRcAapc.exe
  C:\Windows\System\lRcAapc.exe
  2⤵
  PID:9932
- C:\Windows\System\qvjKNJY.exe
  C:\Windows\System\qvjKNJY.exe
  2⤵
  PID:9948
- C:\Windows\System\DrgTBGQ.exe
  C:\Windows\System\DrgTBGQ.exe
  2⤵
  PID:9964
- C:\Windows\System\fftWUmZ.exe
  C:\Windows\System\fftWUmZ.exe
  2⤵
  PID:9980
- C:\Windows\System\VKVlpwN.exe
  C:\Windows\System\VKVlpwN.exe
  2⤵
  PID:9996
- C:\Windows\System\vARPJLM.exe
  C:\Windows\System\vARPJLM.exe
  2⤵
  PID:10012
- C:\Windows\System\NwosEVx.exe
  C:\Windows\System\NwosEVx.exe
  2⤵
  PID:10028
- C:\Windows\System\pAMRleH.exe
  C:\Windows\System\pAMRleH.exe
  2⤵
  PID:10044
- C:\Windows\System\nKVHKJW.exe
  C:\Windows\System\nKVHKJW.exe
  2⤵
  PID:10060
- C:\Windows\System\LjlzeYf.exe
  C:\Windows\System\LjlzeYf.exe
  2⤵
  PID:10076
- C:\Windows\System\XdOgwew.exe
  C:\Windows\System\XdOgwew.exe
  2⤵
  PID:10092
- C:\Windows\System\BDaRMFT.exe
  C:\Windows\System\BDaRMFT.exe
  2⤵
  PID:10108
- C:\Windows\System\uXepeZK.exe
  C:\Windows\System\uXepeZK.exe
  2⤵
  PID:10124
- C:\Windows\System\ZFPLcOE.exe
  C:\Windows\System\ZFPLcOE.exe
  2⤵
  PID:10140
- C:\Windows\System\TuTuWpk.exe
  C:\Windows\System\TuTuWpk.exe
  2⤵
  PID:10160
- C:\Windows\System\SkvmSEn.exe
  C:\Windows\System\SkvmSEn.exe
  2⤵
  PID:10176
- C:\Windows\System\lnygoKF.exe
  C:\Windows\System\lnygoKF.exe
  2⤵
  PID:10192
- C:\Windows\System\UmVOEOB.exe
  C:\Windows\System\UmVOEOB.exe
  2⤵
  PID:10208
- C:\Windows\System\EtoajTZ.exe
  C:\Windows\System\EtoajTZ.exe
  2⤵
  PID:10224
- C:\Windows\System\tWmQVct.exe
  C:\Windows\System\tWmQVct.exe
  2⤵
  PID:8812
- C:\Windows\System\VfKRwKv.exe
  C:\Windows\System\VfKRwKv.exe
  2⤵
  PID:9268
- C:\Windows\System\GBCmtJK.exe
  C:\Windows\System\GBCmtJK.exe
  2⤵
  PID:9328
- C:\Windows\System\NOUsoOS.exe
  C:\Windows\System\NOUsoOS.exe
  2⤵
  PID:9364
- C:\Windows\System\aNTWrye.exe
  C:\Windows\System\aNTWrye.exe
  2⤵
  PID:9428
- C:\Windows\System\FWDpxTV.exe
  C:\Windows\System\FWDpxTV.exe
  2⤵
  PID:8712
- C:\Windows\System\rklediL.exe
  C:\Windows\System\rklediL.exe
  2⤵
  PID:9248
- C:\Windows\System\GqmXVsw.exe
  C:\Windows\System\GqmXVsw.exe
  2⤵
  PID:5220
- C:\Windows\System\CLHlugO.exe
  C:\Windows\System\CLHlugO.exe
  2⤵
  PID:9440
- C:\Windows\System\wGHzHyP.exe
  C:\Windows\System\wGHzHyP.exe
  2⤵
  PID:9488
- C:\Windows\System\SkEUSaj.exe
  C:\Windows\System\SkEUSaj.exe
  2⤵
  PID:9504
- C:\Windows\System\QuMMwEZ.exe
  C:\Windows\System\QuMMwEZ.exe
  2⤵
  PID:9572
- C:\Windows\System\EpFLEUx.exe
  C:\Windows\System\EpFLEUx.exe
  2⤵
  PID:9604
- C:\Windows\System\vroLwHt.exe
  C:\Windows\System\vroLwHt.exe
  2⤵
  PID:9732
- C:\Windows\System\cuJvMTL.exe
  C:\Windows\System\cuJvMTL.exe
  2⤵
  PID:9800
- C:\Windows\System\SymiFZr.exe
  C:\Windows\System\SymiFZr.exe
  2⤵
  PID:9748
- C:\Windows\System\IeOMgrR.exe
  C:\Windows\System\IeOMgrR.exe
  2⤵
  PID:9784
- C:\Windows\System\FtqhYsp.exe
  C:\Windows\System\FtqhYsp.exe
  2⤵
  PID:9848
- C:\Windows\System\AxXfYNk.exe
  C:\Windows\System\AxXfYNk.exe
  2⤵
  PID:9912
- C:\Windows\System\XkhDeCX.exe
  C:\Windows\System\XkhDeCX.exe
  2⤵
  PID:9976
- C:\Windows\System\BjODlWG.exe
  C:\Windows\System\BjODlWG.exe
  2⤵
  PID:9864
- C:\Windows\System\xYcJaFk.exe
  C:\Windows\System\xYcJaFk.exe
  2⤵
  PID:9928
- C:\Windows\System\acqalCh.exe
  C:\Windows\System\acqalCh.exe
  2⤵
  PID:9992
- C:\Windows\System\UkfhRgE.exe
  C:\Windows\System\UkfhRgE.exe
  2⤵
  PID:10052
- C:\Windows\System\VkxqIDt.exe
  C:\Windows\System\VkxqIDt.exe
  2⤵
  PID:10056
- C:\Windows\System\KwrENZC.exe
  C:\Windows\System\KwrENZC.exe
  2⤵
  PID:10116
- C:\Windows\System\NqPrEaA.exe
  C:\Windows\System\NqPrEaA.exe
  2⤵
  PID:10132
- C:\Windows\System\OWHloey.exe
  C:\Windows\System\OWHloey.exe
  2⤵
  PID:10200
- C:\Windows\System\tmZxWKl.exe
  C:\Windows\System\tmZxWKl.exe
  2⤵
  PID:8304
- C:\Windows\System\dpClHPo.exe
  C:\Windows\System\dpClHPo.exe
  2⤵
  PID:9280
- C:\Windows\System\yowmeGy.exe
  C:\Windows\System\yowmeGy.exe
  2⤵
  PID:10152
- C:\Windows\System\OthdtSv.exe
  C:\Windows\System\OthdtSv.exe
  2⤵
  PID:9296
- C:\Windows\System\kYPCfcS.exe
  C:\Windows\System\kYPCfcS.exe
  2⤵
  PID:9460
- C:\Windows\System\jlzGRso.exe
  C:\Windows\System\jlzGRso.exe
  2⤵
  PID:9716
- C:\Windows\System\GwbzbPd.exe
  C:\Windows\System\GwbzbPd.exe
  2⤵
  PID:9568
- C:\Windows\System\vWOzCCa.exe
  C:\Windows\System\vWOzCCa.exe
  2⤵
  PID:9632
- C:\Windows\System\LYuuXAW.exe
  C:\Windows\System\LYuuXAW.exe
  2⤵
  PID:9736
- C:\Windows\System\JNObNrN.exe
  C:\Windows\System\JNObNrN.exe
  2⤵
  PID:9816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BcBZdTj.exe

Filesize
6.0MB

MD5
5c63173f047f13039dbc93fe3c818263

SHA1
63385b48e89f08fc22fb2797084eb4360ba83bc8

SHA256
3799108cb2e835f99dfb42caae452f7fbc68df6e270336743229ad3e2bc8897d

SHA512
ed7b6920ea1c8654f28db424a24701f588e4a7eca19c636bc20d758e9065d8df7f904c3fe893277a3f4091d61fb39fa2bfde42e5e7c57a797fd8a4343ab73335

Download Submit
C:\Windows\system\CAgjUmz.exe

Filesize
6.0MB

MD5
581e1afd04a61ba8aa07aeb2b063a2ba

SHA1
b4c8c5e1fe2cc89f39fb65729f7aba691d99baef

SHA256
eb09d204e660c0cdd15e8af777e6f9b9c1c1f80edf3476f437e8349557797ac9

SHA512
6571cea82024010bbed96c52f4096651f16278d58ca7a734e60e0c1659cc722c00f03d6c0292a3f8497b75cff41d2fb4d67eeb1acbcc24c14386a29e6a0a9f8e

Download Submit
C:\Windows\system\CNhSahF.exe

Filesize
6.0MB

MD5
701795f096290b70614464e718bc0896

SHA1
3ecef34dd754514cf4ec9736e610d0ae90063022

SHA256
7433200492674e7ffb9a91634807f8584262353e7edf9dc874ca916f8c0459c8

SHA512
000d02ea1ba41c48ad3e01a82675199675b41369273c0e6981a0cfac011ca9d0b27595c1af0d0e518716147f4c7545ece5788b650ad4e650f027c5ac0f784547

Download Submit
C:\Windows\system\DpGZATp.exe

Filesize
6.0MB

MD5
71702baa6d13a2336a38dff6a2e8c709

SHA1
5b74fd9db30aa2697bd8c471a93a6cdf26d2ba27

SHA256
b0c60fbf99a19dda64854a6c8de8f563ceb3fe595811002f71e65ea856268c13

SHA512
684f9dd95d398ac15aa8f410216b1b2c230f2ed203449a953de5ee10f23fa9fbbccb5835dbc2a2cd9e5effe78649b659cb2fefa37360b589b8538e4fe88af91e

Download Submit
C:\Windows\system\DxcOBWi.exe

Filesize
6.0MB

MD5
661d837146717428f2ca1496a499dcdd

SHA1
1e9e67c78d28a016316ea34900e0582f29351fb5

SHA256
0a4bc9ee7657e3a7a66dda67cb2982c03caa3b0aad8be80373fba1518dd47a46

SHA512
54801835818bc62b9ae603aba057adfd83841bca97722a34a17bed62f253a9fd1128e371e575a1c3ee167fd3514d7d23db3c89796541e0af31b39dbd7d8ad336

Download Submit
C:\Windows\system\GXbSVOg.exe

Filesize
6.0MB

MD5
d52846881ebef04d31fc198062dca76e

SHA1
e51cdecedf55a1fb3fccec8026793f85d9dbfb65

SHA256
76cc8632cce7579e8cff0ba6b9edec0b4c92f0614e26eb17417e9ef692847ce4

SHA512
1972b3cd2f6bcf69a85c24a9046b5adb07053bb639713a74d894467512e08d9ce21f5cbde3f0467e6a09eeacbb379ad84303557b72866f7549bba38de7d89a4d

Download Submit
C:\Windows\system\MMrmdlP.exe

Filesize
6.0MB

MD5
11477c2d950c3b8603989836a1be1a96

SHA1
983fbc1aa438fd7ef53a6f2fa656c67cdc00aeea

SHA256
17c7fb3ea68f6c25a54c3bcd1fcd219419ad17fb073f27164994598ec8ff6a0d

SHA512
a4c898b23994d96bc248cff9412e02f26f9415fade6899c44cca48b04aad4a59bde0c59b9a9203d351978e526bebd0eea431a82806e03c2c2ee78191f7e4b8e4

Download Submit
C:\Windows\system\PdjZRaJ.exe

Filesize
6.0MB

MD5
c6ab957a4a5ad5eec02027058472ee15

SHA1
543ebd7d9fba52a8b9e366b4b9b2683ba791ffce

SHA256
683214a670a95cc1473aadfcc83733d98c6bcc2a70105856775a856fd346a239

SHA512
5b5c78be213dcff1230f98c6ef6bcf18858119c94c3e85197c103789d49b52662721184b454abe0281018411ad18378ba3fbd0554bec5a71df106f5b50d5fad0

Download Submit
C:\Windows\system\QIaVbEx.exe

Filesize
6.0MB

MD5
6f79a474e05418212f12e47f8d63eab0

SHA1
0508fa3a2d933a7f8700aaf871c57f50c5e12a4b

SHA256
7166ef8deba5cb80a7c2b2952f289c61c6bbc048347b2dc0594c1411e472e72b

SHA512
3c4d3970d6a5dff66896375e9bab2e690961fc9364acbe1f4d5251a046f15cd683f269457dd44639efb5b6595ec0b1d22400fcc614f53102c24fbb2350f5df98

Download Submit
C:\Windows\system\QnFBkBE.exe

Filesize
6.0MB

MD5
22ecfbfc156f3ceb98545cfe5617708c

SHA1
445f3a6f8ef6c84b8dd5c2ec27b287c08a2fbc98

SHA256
eaa6b390f86138f990fe9bbb2993f465f4e084dc6164510bc796495c8010ca25

SHA512
1cd4723183fb8d831bc941b144637772f6d38d2bbfd2249984bf9a7cac36d6bc159404d53686092e8063955df101e81d418094fb18111b25e11914a0710e28b5

Download Submit
C:\Windows\system\RJdRjwv.exe

Filesize
6.0MB

MD5
bbb6243a19aa28193745d0a5bd57d987

SHA1
6ba051d65c77af59624160b36921275d7e65ac65

SHA256
7786ebe5e097f8646cac4e8d7baf8337a9080019c16e3b1322c943264a5bb420

SHA512
6487445e33728e9966d8e9ee4751a509c76cd8e1bd55dfa661808ddbbc043bd867cdd206661301e80e3932233cdc32948cd7d06b847d322244d1fb5beeb5cfb7

Download Submit
C:\Windows\system\TAAbeNG.exe

Filesize
6.0MB

MD5
0962c5a31dff811f21970429f2576ccc

SHA1
fe3319ff8965cb741763827c12aff9ace7deccb6

SHA256
8030f66a0059fe8d610f809e7dfba7a0f5d476011cc15553a2ebc6164963ba65

SHA512
ad7c9f021abf96b1f3aa4537a7cfd673fafa93abe98e1b77e779c339275ad89722f94dc6f1ea5aa0f2a592c5f2b29b8b150b72057e1e87f0f8b68752e51cc97b

Download Submit
C:\Windows\system\TvcrKPc.exe

Filesize
6.0MB

MD5
f0146fffc665bc5fd6a7a6a477a574f2

SHA1
b262cfabf0c4bc441e845cb7656dfe1ea9cb050f

SHA256
be4de287a7fcc16de32aef1c02555701d720ed21048d5042a5bee919e803841f

SHA512
ef1cd117a6dc7aa54b1fa6af1aac8e25015f47b124d37f6418141faa30167c544923796204845e925792a43944c24d5373855ab2c69efb2f831b6eae93284d87

Download Submit
C:\Windows\system\UHElISY.exe

Filesize
6.0MB

MD5
36bfceac09b7404875151b88cade5a29

SHA1
968b720a28d18090b1f3c736470229f3de3b73c2

SHA256
8d633a028775d30856568ed1dfeec01dbe79fefdff28a86cf09fd587350b0bd6

SHA512
6505ad9e51eab4ddbde2d2abb29a9a3e471473c6c70d7545b4f276610bc44a35645c2d359690563c522252dab69d8f15100765baaca5856d2082f7f9248b479d

Download Submit
C:\Windows\system\YQNlghC.exe

Filesize
6.0MB

MD5
8483da260d01bd80903dcae247f6923e

SHA1
bb7549c5a5846ac57c40f52f6695dc2718c7c271

SHA256
599f99de704f5dd339a4231964c2c1307b9eb14ead9ff48efe236283a55951a3

SHA512
564ff9996e226590adbe8500b2da63de128fa5e84197210ed02f9022f7358ef697c344bb3591c7aa66217a39abb2d8a25289ae108f6a4bf3fbd8f9631c90f61c

Download Submit
C:\Windows\system\ZCfSNkJ.exe

Filesize
6.0MB

MD5
fccf8885cc3e5c0abd3c71feb0792d05

SHA1
0c29eb9d00cae07acc9b24e918ca040b03dd6bcb

SHA256
a9e23d766c8557276d2a1092158ec79e9564b4e3e53518625f5a6c5285b0ad8b

SHA512
ae9daa0104965d0d5e446b564c7b15f40e6e5ce3c3112448438812e082fb617099f38e7798205cbfe74bdc5b778f5503a40e3a95c28b906139283888ff601b0b

Download Submit
C:\Windows\system\coIzuKU.exe

Filesize
6.0MB

MD5
4e00c69dd2002b9734c47e1a2badf413

SHA1
08785b787b2f4c5c7c07631832b427034aa5e2dd

SHA256
7cd21417436e1b8ab02fcc9d3b2d799c7315ed6238f276d1229c0e2cb19c834e

SHA512
0450532da3e5301242306540c46eca9fd278f4d91007e8932b3f1d5dfbade1300f2c9662523d0ed240819c05ca2873e084776b0c2fd3aa3ad825cbfd3d9b6328

Download Submit
C:\Windows\system\kGiZtZR.exe

Filesize
6.0MB

MD5
922484ddcd809cca972cfcc058650ab1

SHA1
6f1c3868cb59c981447f72c1741b128a58690353

SHA256
0b8384a9b20e5b26d006c9bdbc9c8c50532d10b8a1cdaa723d3d6e6e09518a68

SHA512
985f2557272112a8c72cdadf298b8460999ae0f6645d0697dcd0548d792d84e6da6b290603ac20d7dcff802ad6dc04827603ce81dce4d4d7294e5e8c080ed305

Download Submit
C:\Windows\system\lGZEuIg.exe

Filesize
6.0MB

MD5
083fff65e27d97b4e5fa9883c1aad888

SHA1
df5b61cac69f616c6203933d56e26b60a9bde84e

SHA256
d31a21eae97edee23267eb2abe2537e39b7c480419fab79275054db14a3e44fb

SHA512
bcecfe3789d0dddb4d187bc260b6c9e3afe88296f9870bd0bedaa93f99ff2fc8ccea95310b8e3cd491b91bfe4c05085b3b154bfc3f2f7423a290fec3aea95b65

Download Submit
C:\Windows\system\lzWQZcm.exe

Filesize
6.0MB

MD5
6f50b7e8fa12dba5117ecf32f1806fda

SHA1
eafdbd5bcdc3e229b23c4e4a29defd3e08cc1222

SHA256
09149cec48844ae4feb9367f8ca1ede3115492a72c87c831acd427d1f5d72959

SHA512
9b0c7babed0ad21b2b73f4cb2893c9b847860c84b3f84b8dcf4cdc99b455df540a5085545602d72a68335eaeb5bb73c29daa62ff7115c876f50010f441418e40

Download Submit
C:\Windows\system\mDFfbmf.exe

Filesize
6.0MB

MD5
7830c535d476a7b6e3272b8da8895d22

SHA1
3d02ff7cd8b20ad07dddf63a159c773a34d2bc0c

SHA256
2688dc05f97c20ef96a4832d3a8f37859bd4e31e029118a76934668232141eeb

SHA512
6334c517bd68aba098ef1cec55cb02dda62422f530963327228649f1dd535ccd3de8078b8743d9d88ae0d8b51f4d2299c1c308ebb0f2ce0a53bd1a772943b007

Download Submit
C:\Windows\system\mZIUmWU.exe

Filesize
6.0MB

MD5
1919185a7f0f52ca7714b3bdd18ba614

SHA1
9ba017b717f4036b0f65c3a855cc7e7465275d95

SHA256
398bbb5c0c65f652124f493790bc96ba416d27494fd66a03e3ef1e5a8a548862

SHA512
7adbdc48748008d526d6f9633005c875988fb98a0542dadc87a1ce7ec5e8aff46d2fd8b42920188278db63fa23f0a6112d8b7f12092415c6f96bb2b5ac3ff14a

Download Submit
C:\Windows\system\nAZxjXN.exe

Filesize
6.0MB

MD5
72c2fc4853ecaa2559618a1a693cc406

SHA1
12d2a96df7507ce4bcafc2a5d0ded22e56000773

SHA256
9b2fc4d9be5b5e09ed7a2ad330519697a0f12bcabe155bbcc81410d43010b542

SHA512
797c0c3e0d2f74947a6e4029ac298fd5b3ed53b7ee01181da58460654221be5fc3c75582ab1b81694da94cd7327b72b6cfc140880ce3d1128bd45877317b0053

Download Submit
C:\Windows\system\tqPRhww.exe

Filesize
6.0MB

MD5
a406538b29e2dbf3c34f092540d2aa71

SHA1
cf1522ead82cdf5a4462f83ce5f5e264a078d98e

SHA256
b6963a6b4f615fea9fcfed5a1456e07e823b36eec230d0407553595ce2bbb466

SHA512
31f31f39d484725a46dc6962a8f81393dfcdac64edd0671bde7d301cea0dee493035d30ccda97049021e305483f7af166269fedcb59734bf845e33f5903cd19d

Download Submit
C:\Windows\system\vpqOkTQ.exe

Filesize
6.0MB

MD5
af7e26a06051ce64cddb1f1f112953e5

SHA1
556255728cfa4a11bd55b50b633b0e18c4c25a09

SHA256
9683abe2105fd8255b791372186520c9c3611d8925aa127b40d45c0ccef54d0d

SHA512
49e887434d127c9f947c7dd9778cb23ac2d745714c698f10be732a9a5d74875018d2252be47be1076ec4896b6efeaa208517c053921b260e26a6541a4281424d

Download Submit
C:\Windows\system\wFtZtOr.exe

Filesize
6.0MB

MD5
f13ebb10f3d82186bc67ba6dcf9c80a5

SHA1
8f42ac8e91aa68f41a732b7cd2afe6e2dd7860e7

SHA256
660db7719869e09931a198dc9959aba2545a5b4b3865b60edc6f16ecf28dd70e

SHA512
639780d3f2face0a9168fa0eb16125c7736f5d5ccf2ed7baf7dff07f31205a79a8be7044320eec7ef84f0632f88d17eed8156c9cbdc736d8504505bf0ff9886d

Download Submit
C:\Windows\system\xonbpxS.exe

Filesize
6.0MB

MD5
396b8131d3a7822896eaeb12cbb8c881

SHA1
dfbf5f2f30d16f6f7daf5e874becc72e339a2c02

SHA256
abf8d4cf42e6a13f894921fb268507add2d00d641e5ed66d25533ff3f7fe9e1e

SHA512
786c7bdbeab2df7fbec855d044b6f9715494f49e361a311d7eefa9c3598d5adab03ad7373449a93b1d380dddb2fec8065f6eec8807189241f542bbe8a42bbfb4

Download Submit
C:\Windows\system\yKPJpay.exe

Filesize
6.0MB

MD5
92241aaa8a46ca1fdd49415b75a383d2

SHA1
4a89f681d9afb25031f21c280c55a4dea1ad8e82

SHA256
1459f970254da2e1f34004961e7a8656290d097e9e3702941a1767a1019e8b39

SHA512
feb2028fc30b3fbffaf827537648bf917b765a68b55e261480be47a451040d0527bdcce115d96a1e15594aeed2f1bc0ff55d858ca1cbdc5bb9462024d5decc97

Download Submit
C:\Windows\system\zrrqzYZ.exe

Filesize
6.0MB

MD5
ccf011b1d3bbb4f577f608de662a5e0d

SHA1
8a478e6fe6db5c22c1f5f108e293b472c3b5ee5d

SHA256
3402fa4831647ef183fe8cae6c014401642af9a3deb2c09b8261a4f859ba3cd1

SHA512
1058ed7835460d94ce01c7a377dfa192928c09ca397f8da70011f1a27fabd0fad4710b54b0a60e0598618906c75e96f62d38612e5d822c55051764a1cbca96ff

Download Submit
\Windows\system\XDljAva.exe

Filesize
6.0MB

MD5
697278ebf4beadbc4254138030b5c59a

SHA1
d534ed634119e823600456d2f97d9c2c4b45779b

SHA256
67d969ec98dc34b3ec148c173be9521e47852a2543cdcd0383ec8a0fae4c7af1

SHA512
bb201916f8c314410c4615bc982e3ad450e087c04a92a669ad286d98972fdfad967a77067c8196f0a5c4251e1903c8dd31ddfef2269b0279cb0aced3f77270a3

Download Submit
\Windows\system\eDfqHHJ.exe

Filesize
6.0MB

MD5
279f44ab761b09119d2fe36a81729468

SHA1
ead69482ccd8fd2de6fe0ebb1d54ff2b50bfd986

SHA256
01d4f7ed897e49c5c17cd1e547c9044f06002ca5b63ede77210cd587479b8665

SHA512
fb5b950102bf3de31df2daaa4b58ed3c2a12fc49a967ac42fcf77c59bd2b4e79eb8769a761446d293e403291dc1aac1e6416088aaf4b3cd16ca7369ef71baff0

Download Submit
\Windows\system\oisVVeB.exe

Filesize
6.0MB

MD5
70898b64481a2450d4b74a0670825308

SHA1
0d5d06f191bf9baa948bde17baa6f71f9219030d

SHA256
81e6af2d658669a256b9ea166f5751d16268e5aa47248498e0d967fc9a093605

SHA512
900757087c8e57707caa55141866e26d384ee4904b8c6138c77617616b14042aade6844fee468b22f7f60394ad88d57e3094d5bbf157f69763d42a5bb9834a31

Download Submit
memory/1732-1792-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/1732-3889-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2320-1692-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2320-3907-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2332-2019-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2332-3922-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2336-3888-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2336-1953-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2752-2160-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3881-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3908-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-1888-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-3914-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2804-2217-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2836-2084-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3887-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2848-2121-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2848-3921-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/3068-1954-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/3068-1375-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/3068-2086-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/3068-3870-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/3068-2163-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/3068-2122-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/3068-2020-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/3068-1699-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/3068-1889-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/3068-1793-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/3068-0-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download