cobaltstrike | 4cb213503922eb70b0a92430e63f16bdf72aef0e4161fe81166e3c8fb2dfd7bb

Analysis

max time kernel
150s
max time network
20s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-09-2024 08:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

c22cad5ae311b37e7817e2b4fe4b8054
SHA1

0c3a1c8a36fbad8f081ebd8cdebdf3ed459760d9
SHA256

4cb213503922eb70b0a92430e63f16bdf72aef0e4161fe81166e3c8fb2dfd7bb
SHA512

87695dc531ba089b8635858c1c6d6bf313707263a5b4ab6e7917dc81c2a19500a8d9d68fe2dd4419c56c81bb51bd878ce2682536de5f3ad493ea7604029d6272
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUO:T+q56utgpPF8u/7O

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x001500000000f6b0-3.dat	cobalt_reflective_dll
behavioral1/files/0x000e000000018dcf-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018ddd-17.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018dea-26.dat	cobalt_reflective_dll
behavioral1/files/0x002b000000018cf2-31.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018e46-41.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018ea1-58.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018e9f-68.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018e65-55.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018e96-51.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000192ad-71.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000192d3-75.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000192e3-89.dat	cobalt_reflective_dll
behavioral1/files/0x0004000000019319-95.dat	cobalt_reflective_dll
behavioral1/files/0x000400000001934f-105.dat	cobalt_reflective_dll
behavioral1/files/0x0004000000019380-112.dat	cobalt_reflective_dll
behavioral1/files/0x0004000000019393-117.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000193a5-122.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000193b6-125.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000193d5-132.dat	cobalt_reflective_dll
behavioral1/files/0x0004000000019329-101.dat	cobalt_reflective_dll
behavioral1/files/0x000400000001942a-135.dat	cobalt_reflective_dll
behavioral1/files/0x0004000000019461-140.dat	cobalt_reflective_dll
behavioral1/files/0x0004000000019481-153.dat	cobalt_reflective_dll
behavioral1/files/0x000400000001947d-149.dat	cobalt_reflective_dll
behavioral1/files/0x0004000000019489-161.dat	cobalt_reflective_dll
behavioral1/files/0x000400000001949e-163.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000194f0-177.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000194f7-180.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000194e8-171.dat	cobalt_reflective_dll
behavioral1/files/0x000400000001950e-186.dat	cobalt_reflective_dll
behavioral1/files/0x0004000000019510-189.dat	cobalt_reflective_dll
behavioral1/files/0x000400000001946b-147.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1568-0-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/files/0x001500000000f6b0-3.dat	xmrig
behavioral1/memory/1560-9-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/files/0x000e000000018dcf-10.dat	xmrig
behavioral1/memory/2268-16-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/files/0x0007000000018ddd-17.dat	xmrig
behavioral1/files/0x0007000000018dea-26.dat	xmrig
behavioral1/memory/2108-27-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2384-29-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/files/0x002b000000018cf2-31.dat	xmrig
behavioral1/memory/2772-36-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/1568-40-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/files/0x0006000000018e46-41.dat	xmrig
behavioral1/files/0x0007000000018ea1-58.dat	xmrig
behavioral1/memory/1568-64-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/1560-65-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/files/0x0008000000018e9f-68.dat	xmrig
behavioral1/memory/2564-70-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2704-67-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/files/0x0006000000018e65-55.dat	xmrig
behavioral1/memory/2576-66-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2792-63-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/1568-46-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/1568-72-0x0000000002320000-0x0000000002674000-memory.dmp	xmrig
behavioral1/files/0x0006000000018e96-51.dat	xmrig
behavioral1/memory/2672-49-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/files/0x00040000000192ad-71.dat	xmrig
behavioral1/files/0x00040000000192d3-75.dat	xmrig
behavioral1/memory/3036-83-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2384-84-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2592-85-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/files/0x00040000000192e3-89.dat	xmrig
behavioral1/memory/992-92-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/files/0x0004000000019319-95.dat	xmrig
behavioral1/memory/3060-104-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/files/0x000400000001934f-105.dat	xmrig
behavioral1/files/0x0004000000019380-112.dat	xmrig
behavioral1/files/0x0004000000019393-117.dat	xmrig
behavioral1/files/0x00040000000193a5-122.dat	xmrig
behavioral1/files/0x00040000000193b6-125.dat	xmrig
behavioral1/files/0x00040000000193d5-132.dat	xmrig
behavioral1/files/0x0004000000019329-101.dat	xmrig
behavioral1/files/0x000400000001942a-135.dat	xmrig
behavioral1/files/0x0004000000019461-140.dat	xmrig
behavioral1/files/0x0004000000019481-153.dat	xmrig
behavioral1/files/0x000400000001947d-149.dat	xmrig
behavioral1/files/0x0004000000019489-161.dat	xmrig
behavioral1/files/0x000400000001949e-163.dat	xmrig
behavioral1/files/0x00040000000194f0-177.dat	xmrig
behavioral1/files/0x00040000000194f7-180.dat	xmrig
behavioral1/files/0x00040000000194e8-171.dat	xmrig
behavioral1/files/0x000400000001950e-186.dat	xmrig
behavioral1/files/0x0004000000019510-189.dat	xmrig
behavioral1/memory/2564-184-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/1568-200-0x0000000002320000-0x0000000002674000-memory.dmp	xmrig
behavioral1/files/0x000400000001946b-147.dat	xmrig
behavioral1/memory/1560-1145-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2384-1167-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2108-1165-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2268-1148-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2772-1207-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2672-1213-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2704-1223-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2792-1222-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1560	QnLYeki.exe
2268	OVEZOHv.exe
2108	UBBoTIy.exe
2384	laEkFKx.exe
2772	DckPHeF.exe
2672	lhVDtaV.exe
2576	AxNNYxO.exe
2792	BrEMtiS.exe
2704	RKDROZd.exe
2564	XthxtzV.exe
3036	fdlYOQg.exe
2592	MHudwgy.exe
992	OcowgXZ.exe
3060	FEHDQbk.exe
2120	SUwWGlJ.exe
2276	WpwTMXh.exe
1340	ZFGxmOf.exe
1312	vRCfqBS.exe
2440	DXGvcyF.exe
584	mbxilBE.exe
2888	GMrseQE.exe
2904	Qohmxum.exe
2892	vsNxxxH.exe
2840	ifKEXNG.exe
964	JRJDRNV.exe
640	DEsJIaq.exe
944	XhtcrmF.exe
2968	eGBgOcQ.exe
2288	HpbhEhk.exe
2352	oJiJBAd.exe
1832	VaWMtJY.exe
1360	kYzBZXK.exe
1172	MUybpLn.exe
2872	bZsSech.exe
832	cXkpTio.exe
2448	Hicrjyf.exe
1744	qDCpfQV.exe
2492	HUdinmg.exe
1652	Ibnwbfj.exe
1764	KfxPgjI.exe
612	UrbeGbC.exe
1176	cALzkDG.exe
396	lVJdvYi.exe
1656	emOFNht.exe
2456	XbZRcsi.exe
2400	BGiYBcL.exe
888	XckVEoi.exe
2244	DypDXoW.exe
2472	JUHciGM.exe
2304	yUuLCVW.exe
1612	ZFZUSAs.exe
1616	dRdvZah.exe
2364	PTHVczV.exe
2212	xqZGUPQ.exe
2692	bYbGBWB.exe
2816	IoMlUKE.exe
2584	derGlMW.exe
2540	pgpqSLN.exe
1808	BJKJUTK.exe
3048	eJGNGDU.exe
2196	YguHIkd.exe
2356	zXSAhyw.exe
2640	XwPKyHO.exe
544	gNyHDgp.exe

Loads dropped DLL 64 IoCs

pid	Process
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1568-0-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/files/0x001500000000f6b0-3.dat	upx
behavioral1/memory/1560-9-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/files/0x000e000000018dcf-10.dat	upx
behavioral1/memory/2268-16-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/files/0x0007000000018ddd-17.dat	upx
behavioral1/files/0x0007000000018dea-26.dat	upx
behavioral1/memory/2108-27-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2384-29-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/files/0x002b000000018cf2-31.dat	upx
behavioral1/memory/2772-36-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/1568-40-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/files/0x0006000000018e46-41.dat	upx
behavioral1/files/0x0007000000018ea1-58.dat	upx
behavioral1/memory/1560-65-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/files/0x0008000000018e9f-68.dat	upx
behavioral1/memory/2564-70-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2704-67-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/files/0x0006000000018e65-55.dat	upx
behavioral1/memory/2576-66-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/2792-63-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x0006000000018e96-51.dat	upx
behavioral1/memory/2672-49-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/files/0x00040000000192ad-71.dat	upx
behavioral1/files/0x00040000000192d3-75.dat	upx
behavioral1/memory/3036-83-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2384-84-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2592-85-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x00040000000192e3-89.dat	upx
behavioral1/memory/992-92-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/files/0x0004000000019319-95.dat	upx
behavioral1/memory/3060-104-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/files/0x000400000001934f-105.dat	upx
behavioral1/files/0x0004000000019380-112.dat	upx
behavioral1/files/0x0004000000019393-117.dat	upx
behavioral1/files/0x00040000000193a5-122.dat	upx
behavioral1/files/0x00040000000193b6-125.dat	upx
behavioral1/files/0x00040000000193d5-132.dat	upx
behavioral1/files/0x0004000000019329-101.dat	upx
behavioral1/files/0x000400000001942a-135.dat	upx
behavioral1/files/0x0004000000019461-140.dat	upx
behavioral1/files/0x0004000000019481-153.dat	upx
behavioral1/files/0x000400000001947d-149.dat	upx
behavioral1/files/0x0004000000019489-161.dat	upx
behavioral1/files/0x000400000001949e-163.dat	upx
behavioral1/files/0x00040000000194f0-177.dat	upx
behavioral1/files/0x00040000000194f7-180.dat	upx
behavioral1/files/0x00040000000194e8-171.dat	upx
behavioral1/files/0x000400000001950e-186.dat	upx
behavioral1/files/0x0004000000019510-189.dat	upx
behavioral1/memory/2564-184-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x000400000001946b-147.dat	upx
behavioral1/memory/1560-1145-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2384-1167-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2108-1165-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2268-1148-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2772-1207-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2672-1213-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2704-1223-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2792-1222-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2576-1221-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/2564-1235-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/3036-1298-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2592-1307-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\HEBztjH.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bXMQulJ.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fxbMHzG.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\THAINkv.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YWjuWxL.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KbZpLgS.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IEJDKMI.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ajCDHdb.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kdCASNV.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RGnkaPA.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jMtkdTd.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EdljyYY.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Hicrjyf.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\etTuwLb.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jBOZKAY.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FZMJMjc.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cdaTdTj.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cZQXTCm.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KGoepDq.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NGgPYXm.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QuKsXWC.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UryVgMn.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oTciiyX.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iSBrhQy.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GbLljvl.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OFDrEAI.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yvfkpze.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IUnJDZT.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ScIlqhP.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eZeUlKz.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wFiFteI.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pWtYCaD.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cTkiflo.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ePlrMco.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\acjTKGm.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KxrXdEX.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SHHEyyU.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jfUeNPf.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SIOfYhv.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EuhKKXZ.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\taxFBUq.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IuQNJpZ.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AiBHKXZ.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JSWHVXU.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cHzQVbK.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uLSuewE.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZbISUHk.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pUxkvfA.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KfPdDfF.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SedzTog.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bUfgSiD.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wPWUdYU.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FWEayiL.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UBtLMMk.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uHIJtLJ.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MRlXhKt.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\snFTNWz.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jcGBqPC.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tkjhVSv.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yJdsAje.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QBKFsDX.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hkMzuVa.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZSGQuTC.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GzTaoEK.exe	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1568 wrote to memory of 1560	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1568 wrote to memory of 1560	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1568 wrote to memory of 1560	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1568 wrote to memory of 2268	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1568 wrote to memory of 2268	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1568 wrote to memory of 2268	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1568 wrote to memory of 2108	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1568 wrote to memory of 2108	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1568 wrote to memory of 2108	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1568 wrote to memory of 2384	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1568 wrote to memory of 2384	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1568 wrote to memory of 2384	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1568 wrote to memory of 2772	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1568 wrote to memory of 2772	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1568 wrote to memory of 2772	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1568 wrote to memory of 2672	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1568 wrote to memory of 2672	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1568 wrote to memory of 2672	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1568 wrote to memory of 2792	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1568 wrote to memory of 2792	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1568 wrote to memory of 2792	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1568 wrote to memory of 2576	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1568 wrote to memory of 2576	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1568 wrote to memory of 2576	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1568 wrote to memory of 2564	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1568 wrote to memory of 2564	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1568 wrote to memory of 2564	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1568 wrote to memory of 2704	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1568 wrote to memory of 2704	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1568 wrote to memory of 2704	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1568 wrote to memory of 2592	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1568 wrote to memory of 2592	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1568 wrote to memory of 2592	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1568 wrote to memory of 3036	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1568 wrote to memory of 3036	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1568 wrote to memory of 3036	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1568 wrote to memory of 992	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1568 wrote to memory of 992	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1568 wrote to memory of 992	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1568 wrote to memory of 3060	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1568 wrote to memory of 3060	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1568 wrote to memory of 3060	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1568 wrote to memory of 2120	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1568 wrote to memory of 2120	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1568 wrote to memory of 2120	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1568 wrote to memory of 2276	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1568 wrote to memory of 2276	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1568 wrote to memory of 2276	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1568 wrote to memory of 1340	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1568 wrote to memory of 1340	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1568 wrote to memory of 1340	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1568 wrote to memory of 1312	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1568 wrote to memory of 1312	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1568 wrote to memory of 1312	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1568 wrote to memory of 2440	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1568 wrote to memory of 2440	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1568 wrote to memory of 2440	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1568 wrote to memory of 584	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1568 wrote to memory of 584	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1568 wrote to memory of 584	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1568 wrote to memory of 2888	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1568 wrote to memory of 2888	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1568 wrote to memory of 2888	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1568 wrote to memory of 2904	1568	2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-22_c22cad5ae311b37e7817e2b4fe4b8054_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1568
- C:\Windows\System\QnLYeki.exe
  C:\Windows\System\QnLYeki.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\OVEZOHv.exe
  C:\Windows\System\OVEZOHv.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\UBBoTIy.exe
  C:\Windows\System\UBBoTIy.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\laEkFKx.exe
  C:\Windows\System\laEkFKx.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\DckPHeF.exe
  C:\Windows\System\DckPHeF.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\lhVDtaV.exe
  C:\Windows\System\lhVDtaV.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\BrEMtiS.exe
  C:\Windows\System\BrEMtiS.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\AxNNYxO.exe
  C:\Windows\System\AxNNYxO.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\XthxtzV.exe
  C:\Windows\System\XthxtzV.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\RKDROZd.exe
  C:\Windows\System\RKDROZd.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\MHudwgy.exe
  C:\Windows\System\MHudwgy.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\fdlYOQg.exe
  C:\Windows\System\fdlYOQg.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\OcowgXZ.exe
  C:\Windows\System\OcowgXZ.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\FEHDQbk.exe
  C:\Windows\System\FEHDQbk.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\SUwWGlJ.exe
  C:\Windows\System\SUwWGlJ.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\WpwTMXh.exe
  C:\Windows\System\WpwTMXh.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\ZFGxmOf.exe
  C:\Windows\System\ZFGxmOf.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\vRCfqBS.exe
  C:\Windows\System\vRCfqBS.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\DXGvcyF.exe
  C:\Windows\System\DXGvcyF.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\mbxilBE.exe
  C:\Windows\System\mbxilBE.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\GMrseQE.exe
  C:\Windows\System\GMrseQE.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\Qohmxum.exe
  C:\Windows\System\Qohmxum.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\vsNxxxH.exe
  C:\Windows\System\vsNxxxH.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\ifKEXNG.exe
  C:\Windows\System\ifKEXNG.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\DEsJIaq.exe
  C:\Windows\System\DEsJIaq.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\JRJDRNV.exe
  C:\Windows\System\JRJDRNV.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\XhtcrmF.exe
  C:\Windows\System\XhtcrmF.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\eGBgOcQ.exe
  C:\Windows\System\eGBgOcQ.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\HpbhEhk.exe
  C:\Windows\System\HpbhEhk.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\oJiJBAd.exe
  C:\Windows\System\oJiJBAd.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\VaWMtJY.exe
  C:\Windows\System\VaWMtJY.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\kYzBZXK.exe
  C:\Windows\System\kYzBZXK.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\bZsSech.exe
  C:\Windows\System\bZsSech.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\MUybpLn.exe
  C:\Windows\System\MUybpLn.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\cXkpTio.exe
  C:\Windows\System\cXkpTio.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\Hicrjyf.exe
  C:\Windows\System\Hicrjyf.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\HUdinmg.exe
  C:\Windows\System\HUdinmg.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\qDCpfQV.exe
  C:\Windows\System\qDCpfQV.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\Ibnwbfj.exe
  C:\Windows\System\Ibnwbfj.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\KfxPgjI.exe
  C:\Windows\System\KfxPgjI.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\UrbeGbC.exe
  C:\Windows\System\UrbeGbC.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\cALzkDG.exe
  C:\Windows\System\cALzkDG.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\lVJdvYi.exe
  C:\Windows\System\lVJdvYi.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\emOFNht.exe
  C:\Windows\System\emOFNht.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\XbZRcsi.exe
  C:\Windows\System\XbZRcsi.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\BGiYBcL.exe
  C:\Windows\System\BGiYBcL.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\DypDXoW.exe
  C:\Windows\System\DypDXoW.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\XckVEoi.exe
  C:\Windows\System\XckVEoi.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\JUHciGM.exe
  C:\Windows\System\JUHciGM.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\yUuLCVW.exe
  C:\Windows\System\yUuLCVW.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\ZFZUSAs.exe
  C:\Windows\System\ZFZUSAs.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\dRdvZah.exe
  C:\Windows\System\dRdvZah.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\PTHVczV.exe
  C:\Windows\System\PTHVczV.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\xqZGUPQ.exe
  C:\Windows\System\xqZGUPQ.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\bYbGBWB.exe
  C:\Windows\System\bYbGBWB.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\IoMlUKE.exe
  C:\Windows\System\IoMlUKE.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\pgpqSLN.exe
  C:\Windows\System\pgpqSLN.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\derGlMW.exe
  C:\Windows\System\derGlMW.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\BJKJUTK.exe
  C:\Windows\System\BJKJUTK.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\eJGNGDU.exe
  C:\Windows\System\eJGNGDU.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\YguHIkd.exe
  C:\Windows\System\YguHIkd.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\zXSAhyw.exe
  C:\Windows\System\zXSAhyw.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\XwPKyHO.exe
  C:\Windows\System\XwPKyHO.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\CiSBcjJ.exe
  C:\Windows\System\CiSBcjJ.exe
  2⤵
  PID:956
- C:\Windows\System\gNyHDgp.exe
  C:\Windows\System\gNyHDgp.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\QbtbqXM.exe
  C:\Windows\System\QbtbqXM.exe
  2⤵
  PID:2856
- C:\Windows\System\WtlohnT.exe
  C:\Windows\System\WtlohnT.exe
  2⤵
  PID:2628
- C:\Windows\System\ycLSznq.exe
  C:\Windows\System\ycLSznq.exe
  2⤵
  PID:1864
- C:\Windows\System\XkKzYon.exe
  C:\Windows\System\XkKzYon.exe
  2⤵
  PID:692
- C:\Windows\System\omrfnyt.exe
  C:\Windows\System\omrfnyt.exe
  2⤵
  PID:2988
- C:\Windows\System\OmhZBAk.exe
  C:\Windows\System\OmhZBAk.exe
  2⤵
  PID:2164
- C:\Windows\System\Uqfmtyx.exe
  C:\Windows\System\Uqfmtyx.exe
  2⤵
  PID:2344
- C:\Windows\System\vjSEivQ.exe
  C:\Windows\System\vjSEivQ.exe
  2⤵
  PID:804
- C:\Windows\System\bXMQulJ.exe
  C:\Windows\System\bXMQulJ.exe
  2⤵
  PID:108
- C:\Windows\System\jKzSvqe.exe
  C:\Windows\System\jKzSvqe.exe
  2⤵
  PID:2220
- C:\Windows\System\WXnZxZq.exe
  C:\Windows\System\WXnZxZq.exe
  2⤵
  PID:924
- C:\Windows\System\KLGDdeJ.exe
  C:\Windows\System\KLGDdeJ.exe
  2⤵
  PID:1140
- C:\Windows\System\bapGJTb.exe
  C:\Windows\System\bapGJTb.exe
  2⤵
  PID:980
- C:\Windows\System\ICEhsht.exe
  C:\Windows\System\ICEhsht.exe
  2⤵
  PID:1164
- C:\Windows\System\twhCkRp.exe
  C:\Windows\System\twhCkRp.exe
  2⤵
  PID:2908
- C:\Windows\System\npfAOLQ.exe
  C:\Windows\System\npfAOLQ.exe
  2⤵
  PID:1316
- C:\Windows\System\QwFwhNJ.exe
  C:\Windows\System\QwFwhNJ.exe
  2⤵
  PID:2560
- C:\Windows\System\ylSwHTi.exe
  C:\Windows\System\ylSwHTi.exe
  2⤵
  PID:952
- C:\Windows\System\oaYOspF.exe
  C:\Windows\System\oaYOspF.exe
  2⤵
  PID:1216
- C:\Windows\System\jsxxtMv.exe
  C:\Windows\System\jsxxtMv.exe
  2⤵
  PID:2964
- C:\Windows\System\xPHfSrg.exe
  C:\Windows\System\xPHfSrg.exe
  2⤵
  PID:1972
- C:\Windows\System\ePlrMco.exe
  C:\Windows\System\ePlrMco.exe
  2⤵
  PID:2720
- C:\Windows\System\MxGPaGH.exe
  C:\Windows\System\MxGPaGH.exe
  2⤵
  PID:2596
- C:\Windows\System\SFaCBbv.exe
  C:\Windows\System\SFaCBbv.exe
  2⤵
  PID:3068
- C:\Windows\System\OJEXVJI.exe
  C:\Windows\System\OJEXVJI.exe
  2⤵
  PID:1812
- C:\Windows\System\BGldHkt.exe
  C:\Windows\System\BGldHkt.exe
  2⤵
  PID:2780
- C:\Windows\System\cvpjRPp.exe
  C:\Windows\System\cvpjRPp.exe
  2⤵
  PID:2320
- C:\Windows\System\OZvGgkm.exe
  C:\Windows\System\OZvGgkm.exe
  2⤵
  PID:2180
- C:\Windows\System\VhiZyyz.exe
  C:\Windows\System\VhiZyyz.exe
  2⤵
  PID:1820
- C:\Windows\System\BPkwNpx.exe
  C:\Windows\System\BPkwNpx.exe
  2⤵
  PID:1076
- C:\Windows\System\cbdyIYr.exe
  C:\Windows\System\cbdyIYr.exe
  2⤵
  PID:376
- C:\Windows\System\thMgifS.exe
  C:\Windows\System\thMgifS.exe
  2⤵
  PID:876
- C:\Windows\System\hSoVpUD.exe
  C:\Windows\System\hSoVpUD.exe
  2⤵
  PID:2380
- C:\Windows\System\xSWRVeI.exe
  C:\Windows\System\xSWRVeI.exe
  2⤵
  PID:2620
- C:\Windows\System\jDvHgjq.exe
  C:\Windows\System\jDvHgjq.exe
  2⤵
  PID:1588
- C:\Windows\System\giuEWaS.exe
  C:\Windows\System\giuEWaS.exe
  2⤵
  PID:2272
- C:\Windows\System\fbnAhIu.exe
  C:\Windows\System\fbnAhIu.exe
  2⤵
  PID:2348
- C:\Windows\System\AiGSPah.exe
  C:\Windows\System\AiGSPah.exe
  2⤵
  PID:2680
- C:\Windows\System\YHIcNBh.exe
  C:\Windows\System\YHIcNBh.exe
  2⤵
  PID:2752
- C:\Windows\System\wKSHZoQ.exe
  C:\Windows\System\wKSHZoQ.exe
  2⤵
  PID:1212
- C:\Windows\System\fjacyly.exe
  C:\Windows\System\fjacyly.exe
  2⤵
  PID:2708
- C:\Windows\System\NahgoZr.exe
  C:\Windows\System\NahgoZr.exe
  2⤵
  PID:1712
- C:\Windows\System\xBbzmfP.exe
  C:\Windows\System\xBbzmfP.exe
  2⤵
  PID:2884
- C:\Windows\System\PaAUdUx.exe
  C:\Windows\System\PaAUdUx.exe
  2⤵
  PID:2336
- C:\Windows\System\PItMTGd.exe
  C:\Windows\System\PItMTGd.exe
  2⤵
  PID:2912
- C:\Windows\System\LuehoDr.exe
  C:\Windows\System\LuehoDr.exe
  2⤵
  PID:2528
- C:\Windows\System\aMEmTBy.exe
  C:\Windows\System\aMEmTBy.exe
  2⤵
  PID:2828
- C:\Windows\System\MFsuZqG.exe
  C:\Windows\System\MFsuZqG.exe
  2⤵
  PID:2928
- C:\Windows\System\xqmEYJM.exe
  C:\Windows\System\xqmEYJM.exe
  2⤵
  PID:1860
- C:\Windows\System\Gvelgln.exe
  C:\Windows\System\Gvelgln.exe
  2⤵
  PID:2044
- C:\Windows\System\FWEayiL.exe
  C:\Windows\System\FWEayiL.exe
  2⤵
  PID:1912
- C:\Windows\System\NFZUVpg.exe
  C:\Windows\System\NFZUVpg.exe
  2⤵
  PID:2012
- C:\Windows\System\AsIZMgE.exe
  C:\Windows\System\AsIZMgE.exe
  2⤵
  PID:1752
- C:\Windows\System\TvMJpvt.exe
  C:\Windows\System\TvMJpvt.exe
  2⤵
  PID:2324
- C:\Windows\System\ZSlsLzv.exe
  C:\Windows\System\ZSlsLzv.exe
  2⤵
  PID:868
- C:\Windows\System\buWYMid.exe
  C:\Windows\System\buWYMid.exe
  2⤵
  PID:1516
- C:\Windows\System\EbNArjZ.exe
  C:\Windows\System\EbNArjZ.exe
  2⤵
  PID:1400
- C:\Windows\System\oYBoBEG.exe
  C:\Windows\System\oYBoBEG.exe
  2⤵
  PID:2148
- C:\Windows\System\wgpNGjY.exe
  C:\Windows\System\wgpNGjY.exe
  2⤵
  PID:2524
- C:\Windows\System\mXWSsYO.exe
  C:\Windows\System\mXWSsYO.exe
  2⤵
  PID:2308
- C:\Windows\System\joEhbJN.exe
  C:\Windows\System\joEhbJN.exe
  2⤵
  PID:1776
- C:\Windows\System\JTZdRvJ.exe
  C:\Windows\System\JTZdRvJ.exe
  2⤵
  PID:1980
- C:\Windows\System\XGLIcyK.exe
  C:\Windows\System\XGLIcyK.exe
  2⤵
  PID:2956
- C:\Windows\System\XzKcGnT.exe
  C:\Windows\System\XzKcGnT.exe
  2⤵
  PID:1676
- C:\Windows\System\HwcBOgf.exe
  C:\Windows\System\HwcBOgf.exe
  2⤵
  PID:2296
- C:\Windows\System\RXUAeHB.exe
  C:\Windows\System\RXUAeHB.exe
  2⤵
  PID:1596
- C:\Windows\System\wnHtjHq.exe
  C:\Windows\System\wnHtjHq.exe
  2⤵
  PID:2156
- C:\Windows\System\tvmmVGG.exe
  C:\Windows\System\tvmmVGG.exe
  2⤵
  PID:2724
- C:\Windows\System\bdEBTFA.exe
  C:\Windows\System\bdEBTFA.exe
  2⤵
  PID:1380
- C:\Windows\System\OPnsCMJ.exe
  C:\Windows\System\OPnsCMJ.exe
  2⤵
  PID:1720
- C:\Windows\System\piAGBsA.exe
  C:\Windows\System\piAGBsA.exe
  2⤵
  PID:2124
- C:\Windows\System\mqrhOWu.exe
  C:\Windows\System\mqrhOWu.exe
  2⤵
  PID:2664
- C:\Windows\System\KEujlZV.exe
  C:\Windows\System\KEujlZV.exe
  2⤵
  PID:2876
- C:\Windows\System\YQPvmBH.exe
  C:\Windows\System\YQPvmBH.exe
  2⤵
  PID:2932
- C:\Windows\System\dLOPzFn.exe
  C:\Windows\System\dLOPzFn.exe
  2⤵
  PID:2040
- C:\Windows\System\VVnyjTi.exe
  C:\Windows\System\VVnyjTi.exe
  2⤵
  PID:1788
- C:\Windows\System\cwjPAdd.exe
  C:\Windows\System\cwjPAdd.exe
  2⤵
  PID:2020
- C:\Windows\System\lZBeDLU.exe
  C:\Windows\System\lZBeDLU.exe
  2⤵
  PID:2788
- C:\Windows\System\KaVdEYy.exe
  C:\Windows\System\KaVdEYy.exe
  2⤵
  PID:1760
- C:\Windows\System\IhrOEWX.exe
  C:\Windows\System\IhrOEWX.exe
  2⤵
  PID:1200
- C:\Windows\System\yZBVrRK.exe
  C:\Windows\System\yZBVrRK.exe
  2⤵
  PID:2396
- C:\Windows\System\JHcGVEf.exe
  C:\Windows\System\JHcGVEf.exe
  2⤵
  PID:960
- C:\Windows\System\JJTIkwx.exe
  C:\Windows\System\JJTIkwx.exe
  2⤵
  PID:536
- C:\Windows\System\ajCDHdb.exe
  C:\Windows\System\ajCDHdb.exe
  2⤵
  PID:2016
- C:\Windows\System\WQCBUDR.exe
  C:\Windows\System\WQCBUDR.exe
  2⤵
  PID:1992
- C:\Windows\System\paJwRHg.exe
  C:\Windows\System\paJwRHg.exe
  2⤵
  PID:2460
- C:\Windows\System\XGlDSfk.exe
  C:\Windows\System\XGlDSfk.exe
  2⤵
  PID:1988
- C:\Windows\System\APqsQYn.exe
  C:\Windows\System\APqsQYn.exe
  2⤵
  PID:1692
- C:\Windows\System\BEtSRSb.exe
  C:\Windows\System\BEtSRSb.exe
  2⤵
  PID:676
- C:\Windows\System\eKPaGYZ.exe
  C:\Windows\System\eKPaGYZ.exe
  2⤵
  PID:2764
- C:\Windows\System\tGevhcN.exe
  C:\Windows\System\tGevhcN.exe
  2⤵
  PID:1104
- C:\Windows\System\GsJNogN.exe
  C:\Windows\System\GsJNogN.exe
  2⤵
  PID:2880
- C:\Windows\System\WzSbYWP.exe
  C:\Windows\System\WzSbYWP.exe
  2⤵
  PID:940
- C:\Windows\System\dguZCpi.exe
  C:\Windows\System\dguZCpi.exe
  2⤵
  PID:2188
- C:\Windows\System\SQmvuhJ.exe
  C:\Windows\System\SQmvuhJ.exe
  2⤵
  PID:2136
- C:\Windows\System\iyEoMKR.exe
  C:\Windows\System\iyEoMKR.exe
  2⤵
  PID:2100
- C:\Windows\System\zmEHYSU.exe
  C:\Windows\System\zmEHYSU.exe
  2⤵
  PID:2700
- C:\Windows\System\foypmHQ.exe
  C:\Windows\System\foypmHQ.exe
  2⤵
  PID:856
- C:\Windows\System\OgYCjLL.exe
  C:\Windows\System\OgYCjLL.exe
  2⤵
  PID:2208
- C:\Windows\System\CfmpgIp.exe
  C:\Windows\System\CfmpgIp.exe
  2⤵
  PID:592
- C:\Windows\System\sQGdLrb.exe
  C:\Windows\System\sQGdLrb.exe
  2⤵
  PID:2604
- C:\Windows\System\wDimRtd.exe
  C:\Windows\System\wDimRtd.exe
  2⤵
  PID:2204
- C:\Windows\System\cHzQVbK.exe
  C:\Windows\System\cHzQVbK.exe
  2⤵
  PID:2088
- C:\Windows\System\WhVRVNJ.exe
  C:\Windows\System\WhVRVNJ.exe
  2⤵
  PID:2860
- C:\Windows\System\QiYpHYu.exe
  C:\Windows\System\QiYpHYu.exe
  2⤵
  PID:3064
- C:\Windows\System\TGEvRDs.exe
  C:\Windows\System\TGEvRDs.exe
  2⤵
  PID:1540
- C:\Windows\System\QJArQRz.exe
  C:\Windows\System\QJArQRz.exe
  2⤵
  PID:2000
- C:\Windows\System\gLmzSVA.exe
  C:\Windows\System\gLmzSVA.exe
  2⤵
  PID:2340
- C:\Windows\System\wfeqbmy.exe
  C:\Windows\System\wfeqbmy.exe
  2⤵
  PID:2236
- C:\Windows\System\bszhKxb.exe
  C:\Windows\System\bszhKxb.exe
  2⤵
  PID:2096
- C:\Windows\System\QQkDZyX.exe
  C:\Windows\System\QQkDZyX.exe
  2⤵
  PID:1028
- C:\Windows\System\LNlvCJT.exe
  C:\Windows\System\LNlvCJT.exe
  2⤵
  PID:1572
- C:\Windows\System\GbYBXWj.exe
  C:\Windows\System\GbYBXWj.exe
  2⤵
  PID:2508
- C:\Windows\System\UUSvmDv.exe
  C:\Windows\System\UUSvmDv.exe
  2⤵
  PID:2920
- C:\Windows\System\gwsXlwQ.exe
  C:\Windows\System\gwsXlwQ.exe
  2⤵
  PID:2776
- C:\Windows\System\tahwxRU.exe
  C:\Windows\System\tahwxRU.exe
  2⤵
  PID:2496
- C:\Windows\System\XjXvxwa.exe
  C:\Windows\System\XjXvxwa.exe
  2⤵
  PID:2976
- C:\Windows\System\xTSHXLA.exe
  C:\Windows\System\xTSHXLA.exe
  2⤵
  PID:3080
- C:\Windows\System\riJkuFm.exe
  C:\Windows\System\riJkuFm.exe
  2⤵
  PID:3096
- C:\Windows\System\xtcTTRR.exe
  C:\Windows\System\xtcTTRR.exe
  2⤵
  PID:3124
- C:\Windows\System\rzlpIOF.exe
  C:\Windows\System\rzlpIOF.exe
  2⤵
  PID:3140
- C:\Windows\System\paLbCCO.exe
  C:\Windows\System\paLbCCO.exe
  2⤵
  PID:3160
- C:\Windows\System\tTYKzzH.exe
  C:\Windows\System\tTYKzzH.exe
  2⤵
  PID:3176
- C:\Windows\System\OymYgsE.exe
  C:\Windows\System\OymYgsE.exe
  2⤵
  PID:3192
- C:\Windows\System\YOboiCR.exe
  C:\Windows\System\YOboiCR.exe
  2⤵
  PID:3212
- C:\Windows\System\iPMRViz.exe
  C:\Windows\System\iPMRViz.exe
  2⤵
  PID:3244
- C:\Windows\System\uxwDsCQ.exe
  C:\Windows\System\uxwDsCQ.exe
  2⤵
  PID:3268
- C:\Windows\System\eiSUbNY.exe
  C:\Windows\System\eiSUbNY.exe
  2⤵
  PID:3288
- C:\Windows\System\gkeHNqK.exe
  C:\Windows\System\gkeHNqK.exe
  2⤵
  PID:3320
- C:\Windows\System\WVxNbJv.exe
  C:\Windows\System\WVxNbJv.exe
  2⤵
  PID:3340
- C:\Windows\System\NPYacfh.exe
  C:\Windows\System\NPYacfh.exe
  2⤵
  PID:3356
- C:\Windows\System\EaVxlKF.exe
  C:\Windows\System\EaVxlKF.exe
  2⤵
  PID:3372
- C:\Windows\System\aZnRZoO.exe
  C:\Windows\System\aZnRZoO.exe
  2⤵
  PID:3396
- C:\Windows\System\CoVShMw.exe
  C:\Windows\System\CoVShMw.exe
  2⤵
  PID:3412
- C:\Windows\System\HpAmlPc.exe
  C:\Windows\System\HpAmlPc.exe
  2⤵
  PID:3428
- C:\Windows\System\NTlZasC.exe
  C:\Windows\System\NTlZasC.exe
  2⤵
  PID:3448
- C:\Windows\System\jIUaJjV.exe
  C:\Windows\System\jIUaJjV.exe
  2⤵
  PID:3472
- C:\Windows\System\WuVwtKV.exe
  C:\Windows\System\WuVwtKV.exe
  2⤵
  PID:3488
- C:\Windows\System\LPdcVwH.exe
  C:\Windows\System\LPdcVwH.exe
  2⤵
  PID:3504
- C:\Windows\System\gCeZItc.exe
  C:\Windows\System\gCeZItc.exe
  2⤵
  PID:3540
- C:\Windows\System\Kgehhjp.exe
  C:\Windows\System\Kgehhjp.exe
  2⤵
  PID:3556
- C:\Windows\System\nyDRoFh.exe
  C:\Windows\System\nyDRoFh.exe
  2⤵
  PID:3576
- C:\Windows\System\UCYYosv.exe
  C:\Windows\System\UCYYosv.exe
  2⤵
  PID:3596
- C:\Windows\System\dvtGnJR.exe
  C:\Windows\System\dvtGnJR.exe
  2⤵
  PID:3616
- C:\Windows\System\RqRStvH.exe
  C:\Windows\System\RqRStvH.exe
  2⤵
  PID:3640
- C:\Windows\System\zvVPzrG.exe
  C:\Windows\System\zvVPzrG.exe
  2⤵
  PID:3656
- C:\Windows\System\amXMJzH.exe
  C:\Windows\System\amXMJzH.exe
  2⤵
  PID:3676
- C:\Windows\System\jJWwJro.exe
  C:\Windows\System\jJWwJro.exe
  2⤵
  PID:3692
- C:\Windows\System\uqmGBOt.exe
  C:\Windows\System\uqmGBOt.exe
  2⤵
  PID:3712
- C:\Windows\System\gnNTLUi.exe
  C:\Windows\System\gnNTLUi.exe
  2⤵
  PID:3736
- C:\Windows\System\sOOaNiK.exe
  C:\Windows\System\sOOaNiK.exe
  2⤵
  PID:3756
- C:\Windows\System\ZrWVUoK.exe
  C:\Windows\System\ZrWVUoK.exe
  2⤵
  PID:3776
- C:\Windows\System\uWxhgHz.exe
  C:\Windows\System\uWxhgHz.exe
  2⤵
  PID:3796
- C:\Windows\System\HVcrtAV.exe
  C:\Windows\System\HVcrtAV.exe
  2⤵
  PID:3832
- C:\Windows\System\HOMNXVz.exe
  C:\Windows\System\HOMNXVz.exe
  2⤵
  PID:3852
- C:\Windows\System\gqCLktJ.exe
  C:\Windows\System\gqCLktJ.exe
  2⤵
  PID:3872
- C:\Windows\System\WSHgsGq.exe
  C:\Windows\System\WSHgsGq.exe
  2⤵
  PID:3888
- C:\Windows\System\kLppOvA.exe
  C:\Windows\System\kLppOvA.exe
  2⤵
  PID:3912
- C:\Windows\System\SlFUobT.exe
  C:\Windows\System\SlFUobT.exe
  2⤵
  PID:3928
- C:\Windows\System\zIhugLv.exe
  C:\Windows\System\zIhugLv.exe
  2⤵
  PID:3944
- C:\Windows\System\zRQNnAd.exe
  C:\Windows\System\zRQNnAd.exe
  2⤵
  PID:3964
- C:\Windows\System\LiJurxE.exe
  C:\Windows\System\LiJurxE.exe
  2⤵
  PID:3992
- C:\Windows\System\hLZqvvv.exe
  C:\Windows\System\hLZqvvv.exe
  2⤵
  PID:4008
- C:\Windows\System\CLsGbaR.exe
  C:\Windows\System\CLsGbaR.exe
  2⤵
  PID:4032
- C:\Windows\System\FGIIwNS.exe
  C:\Windows\System\FGIIwNS.exe
  2⤵
  PID:4048
- C:\Windows\System\jZbAJKb.exe
  C:\Windows\System\jZbAJKb.exe
  2⤵
  PID:4064
- C:\Windows\System\eSUFBnY.exe
  C:\Windows\System\eSUFBnY.exe
  2⤵
  PID:4080
- C:\Windows\System\FKdpaUk.exe
  C:\Windows\System\FKdpaUk.exe
  2⤵
  PID:2284
- C:\Windows\System\FoVHJtr.exe
  C:\Windows\System\FoVHJtr.exe
  2⤵
  PID:1968
- C:\Windows\System\itWHeSW.exe
  C:\Windows\System\itWHeSW.exe
  2⤵
  PID:3172
- C:\Windows\System\mmeVreG.exe
  C:\Windows\System\mmeVreG.exe
  2⤵
  PID:3104
- C:\Windows\System\eUCyzLs.exe
  C:\Windows\System\eUCyzLs.exe
  2⤵
  PID:3120
- C:\Windows\System\dnbuIpO.exe
  C:\Windows\System\dnbuIpO.exe
  2⤵
  PID:3188
- C:\Windows\System\SDtTqHl.exe
  C:\Windows\System\SDtTqHl.exe
  2⤵
  PID:3208
- C:\Windows\System\PqulCho.exe
  C:\Windows\System\PqulCho.exe
  2⤵
  PID:3316
- C:\Windows\System\etTuwLb.exe
  C:\Windows\System\etTuwLb.exe
  2⤵
  PID:3332
- C:\Windows\System\IzhWcsq.exe
  C:\Windows\System\IzhWcsq.exe
  2⤵
  PID:3388
- C:\Windows\System\MwkswTE.exe
  C:\Windows\System\MwkswTE.exe
  2⤵
  PID:3384
- C:\Windows\System\zzwSJSk.exe
  C:\Windows\System\zzwSJSk.exe
  2⤵
  PID:3436
- C:\Windows\System\jOYHBFB.exe
  C:\Windows\System\jOYHBFB.exe
  2⤵
  PID:3440
- C:\Windows\System\FgPWUzK.exe
  C:\Windows\System\FgPWUzK.exe
  2⤵
  PID:3484
- C:\Windows\System\QQhPiSh.exe
  C:\Windows\System\QQhPiSh.exe
  2⤵
  PID:3536
- C:\Windows\System\rKkDtsa.exe
  C:\Windows\System\rKkDtsa.exe
  2⤵
  PID:3548
- C:\Windows\System\SxepUqb.exe
  C:\Windows\System\SxepUqb.exe
  2⤵
  PID:3592
- C:\Windows\System\NzJLpqZ.exe
  C:\Windows\System\NzJLpqZ.exe
  2⤵
  PID:3636
- C:\Windows\System\YWjuWxL.exe
  C:\Windows\System\YWjuWxL.exe
  2⤵
  PID:3684
- C:\Windows\System\qvMhGBl.exe
  C:\Windows\System\qvMhGBl.exe
  2⤵
  PID:3668
- C:\Windows\System\TDoOMuO.exe
  C:\Windows\System\TDoOMuO.exe
  2⤵
  PID:3724
- C:\Windows\System\kaKGvoj.exe
  C:\Windows\System\kaKGvoj.exe
  2⤵
  PID:3744
- C:\Windows\System\vcTUzwn.exe
  C:\Windows\System\vcTUzwn.exe
  2⤵
  PID:3788
- C:\Windows\System\OTCuMvO.exe
  C:\Windows\System\OTCuMvO.exe
  2⤵
  PID:3820
- C:\Windows\System\BrjdOGv.exe
  C:\Windows\System\BrjdOGv.exe
  2⤵
  PID:3848
- C:\Windows\System\PXexzVt.exe
  C:\Windows\System\PXexzVt.exe
  2⤵
  PID:3896
- C:\Windows\System\FShdMbm.exe
  C:\Windows\System\FShdMbm.exe
  2⤵
  PID:3936
- C:\Windows\System\Wkiajqm.exe
  C:\Windows\System\Wkiajqm.exe
  2⤵
  PID:3924
- C:\Windows\System\BTTFZXJ.exe
  C:\Windows\System\BTTFZXJ.exe
  2⤵
  PID:4016
- C:\Windows\System\EZqnkGm.exe
  C:\Windows\System\EZqnkGm.exe
  2⤵
  PID:4004
- C:\Windows\System\VSchSjO.exe
  C:\Windows\System\VSchSjO.exe
  2⤵
  PID:4056
- C:\Windows\System\YIuvBvs.exe
  C:\Windows\System\YIuvBvs.exe
  2⤵
  PID:2280
- C:\Windows\System\HMvahRI.exe
  C:\Windows\System\HMvahRI.exe
  2⤵
  PID:3076
- C:\Windows\System\KYAucqT.exe
  C:\Windows\System\KYAucqT.exe
  2⤵
  PID:3136
- C:\Windows\System\aWGujzL.exe
  C:\Windows\System\aWGujzL.exe
  2⤵
  PID:3228
- C:\Windows\System\tJlHefx.exe
  C:\Windows\System\tJlHefx.exe
  2⤵
  PID:3280
- C:\Windows\System\eynJELa.exe
  C:\Windows\System\eynJELa.exe
  2⤵
  PID:3296
- C:\Windows\System\bEVDPwA.exe
  C:\Windows\System\bEVDPwA.exe
  2⤵
  PID:3352
- C:\Windows\System\gzmmrmg.exe
  C:\Windows\System\gzmmrmg.exe
  2⤵
  PID:3392
- C:\Windows\System\EuCInxU.exe
  C:\Windows\System\EuCInxU.exe
  2⤵
  PID:3496
- C:\Windows\System\uqfUwTu.exe
  C:\Windows\System\uqfUwTu.exe
  2⤵
  PID:3584
- C:\Windows\System\aeHjrdE.exe
  C:\Windows\System\aeHjrdE.exe
  2⤵
  PID:3608
- C:\Windows\System\GrNpVzh.exe
  C:\Windows\System\GrNpVzh.exe
  2⤵
  PID:3688
- C:\Windows\System\DfLaZIQ.exe
  C:\Windows\System\DfLaZIQ.exe
  2⤵
  PID:3728
- C:\Windows\System\lvoqLKl.exe
  C:\Windows\System\lvoqLKl.exe
  2⤵
  PID:3768
- C:\Windows\System\LNqQixP.exe
  C:\Windows\System\LNqQixP.exe
  2⤵
  PID:3812
- C:\Windows\System\iMjkfpS.exe
  C:\Windows\System\iMjkfpS.exe
  2⤵
  PID:3884
- C:\Windows\System\zRuSrxU.exe
  C:\Windows\System\zRuSrxU.exe
  2⤵
  PID:3960
- C:\Windows\System\zTiUaLD.exe
  C:\Windows\System\zTiUaLD.exe
  2⤵
  PID:3976
- C:\Windows\System\ITgBnSL.exe
  C:\Windows\System\ITgBnSL.exe
  2⤵
  PID:4000
- C:\Windows\System\PkkRXOr.exe
  C:\Windows\System\PkkRXOr.exe
  2⤵
  PID:3112
- C:\Windows\System\vfeeDOg.exe
  C:\Windows\System\vfeeDOg.exe
  2⤵
  PID:3240
- C:\Windows\System\QvdxYbZ.exe
  C:\Windows\System\QvdxYbZ.exe
  2⤵
  PID:2648
- C:\Windows\System\uSluqIg.exe
  C:\Windows\System\uSluqIg.exe
  2⤵
  PID:3512
- C:\Windows\System\napTfhu.exe
  C:\Windows\System\napTfhu.exe
  2⤵
  PID:3824
- C:\Windows\System\PJrqFPi.exe
  C:\Windows\System\PJrqFPi.exe
  2⤵
  PID:3424
- C:\Windows\System\oXqPhEz.exe
  C:\Windows\System\oXqPhEz.exe
  2⤵
  PID:3564
- C:\Windows\System\FYhoiMr.exe
  C:\Windows\System\FYhoiMr.exe
  2⤵
  PID:3652
- C:\Windows\System\UqKvvAR.exe
  C:\Windows\System\UqKvvAR.exe
  2⤵
  PID:3772
- C:\Windows\System\PbCdMtO.exe
  C:\Windows\System\PbCdMtO.exe
  2⤵
  PID:3312
- C:\Windows\System\kyNwUpB.exe
  C:\Windows\System\kyNwUpB.exe
  2⤵
  PID:3920
- C:\Windows\System\dOYdGyE.exe
  C:\Windows\System\dOYdGyE.exe
  2⤵
  PID:4020
- C:\Windows\System\KowIKaV.exe
  C:\Windows\System\KowIKaV.exe
  2⤵
  PID:4088
- C:\Windows\System\hQfBgMX.exe
  C:\Windows\System\hQfBgMX.exe
  2⤵
  PID:3364
- C:\Windows\System\PsynaLe.exe
  C:\Windows\System\PsynaLe.exe
  2⤵
  PID:3532
- C:\Windows\System\tUQolyB.exe
  C:\Windows\System\tUQolyB.exe
  2⤵
  PID:3624
- C:\Windows\System\TXqCOKY.exe
  C:\Windows\System\TXqCOKY.exe
  2⤵
  PID:3844
- C:\Windows\System\EpUNcqA.exe
  C:\Windows\System\EpUNcqA.exe
  2⤵
  PID:3904
- C:\Windows\System\jQllzaB.exe
  C:\Windows\System\jQllzaB.exe
  2⤵
  PID:3972
- C:\Windows\System\SUdMbPw.exe
  C:\Windows\System\SUdMbPw.exe
  2⤵
  PID:4076
- C:\Windows\System\NLAbTPu.exe
  C:\Windows\System\NLAbTPu.exe
  2⤵
  PID:3516
- C:\Windows\System\LQHyHFS.exe
  C:\Windows\System\LQHyHFS.exe
  2⤵
  PID:3328
- C:\Windows\System\lCmLHFl.exe
  C:\Windows\System\lCmLHFl.exe
  2⤵
  PID:3420
- C:\Windows\System\AmIoqTO.exe
  C:\Windows\System\AmIoqTO.exe
  2⤵
  PID:3500
- C:\Windows\System\abdyBnV.exe
  C:\Windows\System\abdyBnV.exe
  2⤵
  PID:3908
- C:\Windows\System\dvJfUMu.exe
  C:\Windows\System\dvJfUMu.exe
  2⤵
  PID:3672
- C:\Windows\System\ShSvEDi.exe
  C:\Windows\System\ShSvEDi.exe
  2⤵
  PID:4104
- C:\Windows\System\HWAEghW.exe
  C:\Windows\System\HWAEghW.exe
  2⤵
  PID:4132
- C:\Windows\System\GTVxPwN.exe
  C:\Windows\System\GTVxPwN.exe
  2⤵
  PID:4156
- C:\Windows\System\NRFbEJT.exe
  C:\Windows\System\NRFbEJT.exe
  2⤵
  PID:4172
- C:\Windows\System\XmNlHnQ.exe
  C:\Windows\System\XmNlHnQ.exe
  2⤵
  PID:4196
- C:\Windows\System\gNDMWge.exe
  C:\Windows\System\gNDMWge.exe
  2⤵
  PID:4212
- C:\Windows\System\wGayOmt.exe
  C:\Windows\System\wGayOmt.exe
  2⤵
  PID:4232
- C:\Windows\System\DlJvfvV.exe
  C:\Windows\System\DlJvfvV.exe
  2⤵
  PID:4248
- C:\Windows\System\pEdAnIA.exe
  C:\Windows\System\pEdAnIA.exe
  2⤵
  PID:4276
- C:\Windows\System\gyeyNoE.exe
  C:\Windows\System\gyeyNoE.exe
  2⤵
  PID:4292
- C:\Windows\System\oezhjmZ.exe
  C:\Windows\System\oezhjmZ.exe
  2⤵
  PID:4312
- C:\Windows\System\sNgynJp.exe
  C:\Windows\System\sNgynJp.exe
  2⤵
  PID:4336
- C:\Windows\System\XAdgWSt.exe
  C:\Windows\System\XAdgWSt.exe
  2⤵
  PID:4352
- C:\Windows\System\IBdcOat.exe
  C:\Windows\System\IBdcOat.exe
  2⤵
  PID:4372
- C:\Windows\System\BqLKcji.exe
  C:\Windows\System\BqLKcji.exe
  2⤵
  PID:4388
- C:\Windows\System\ejLnLce.exe
  C:\Windows\System\ejLnLce.exe
  2⤵
  PID:4408
- C:\Windows\System\oAXcUVt.exe
  C:\Windows\System\oAXcUVt.exe
  2⤵
  PID:4436
- C:\Windows\System\SviXZvt.exe
  C:\Windows\System\SviXZvt.exe
  2⤵
  PID:4452
- C:\Windows\System\EGkaMkv.exe
  C:\Windows\System\EGkaMkv.exe
  2⤵
  PID:4472
- C:\Windows\System\WBrwYph.exe
  C:\Windows\System\WBrwYph.exe
  2⤵
  PID:4492
- C:\Windows\System\ZaqlNCG.exe
  C:\Windows\System\ZaqlNCG.exe
  2⤵
  PID:4512
- C:\Windows\System\WimSmRN.exe
  C:\Windows\System\WimSmRN.exe
  2⤵
  PID:4528
- C:\Windows\System\kOmLZqC.exe
  C:\Windows\System\kOmLZqC.exe
  2⤵
  PID:4548
- C:\Windows\System\iAyNgUi.exe
  C:\Windows\System\iAyNgUi.exe
  2⤵
  PID:4572
- C:\Windows\System\hNkMYLx.exe
  C:\Windows\System\hNkMYLx.exe
  2⤵
  PID:4592
- C:\Windows\System\LSaKbwR.exe
  C:\Windows\System\LSaKbwR.exe
  2⤵
  PID:4608
- C:\Windows\System\lmtSfKz.exe
  C:\Windows\System\lmtSfKz.exe
  2⤵
  PID:4632
- C:\Windows\System\RWGzCAq.exe
  C:\Windows\System\RWGzCAq.exe
  2⤵
  PID:4660
- C:\Windows\System\WOysOES.exe
  C:\Windows\System\WOysOES.exe
  2⤵
  PID:4676
- C:\Windows\System\NBEoAtH.exe
  C:\Windows\System\NBEoAtH.exe
  2⤵
  PID:4696
- C:\Windows\System\atfnGAZ.exe
  C:\Windows\System\atfnGAZ.exe
  2⤵
  PID:4720
- C:\Windows\System\ziUuOVn.exe
  C:\Windows\System\ziUuOVn.exe
  2⤵
  PID:4736
- C:\Windows\System\hzJHxvy.exe
  C:\Windows\System\hzJHxvy.exe
  2⤵
  PID:4752
- C:\Windows\System\udbZpqP.exe
  C:\Windows\System\udbZpqP.exe
  2⤵
  PID:4768
- C:\Windows\System\sHkSJEu.exe
  C:\Windows\System\sHkSJEu.exe
  2⤵
  PID:4796
- C:\Windows\System\sshOKOP.exe
  C:\Windows\System\sshOKOP.exe
  2⤵
  PID:4816
- C:\Windows\System\kxrNNVb.exe
  C:\Windows\System\kxrNNVb.exe
  2⤵
  PID:4832
- C:\Windows\System\Ivhpxjc.exe
  C:\Windows\System\Ivhpxjc.exe
  2⤵
  PID:4848
- C:\Windows\System\YhqCpRl.exe
  C:\Windows\System\YhqCpRl.exe
  2⤵
  PID:4868
- C:\Windows\System\AZNptlM.exe
  C:\Windows\System\AZNptlM.exe
  2⤵
  PID:4900
- C:\Windows\System\CnDcXuC.exe
  C:\Windows\System\CnDcXuC.exe
  2⤵
  PID:4932
- C:\Windows\System\FDHnJas.exe
  C:\Windows\System\FDHnJas.exe
  2⤵
  PID:4952
- C:\Windows\System\OrRHdSW.exe
  C:\Windows\System\OrRHdSW.exe
  2⤵
  PID:4972
- C:\Windows\System\mUgbuIh.exe
  C:\Windows\System\mUgbuIh.exe
  2⤵
  PID:5000
- C:\Windows\System\Ibglwcz.exe
  C:\Windows\System\Ibglwcz.exe
  2⤵
  PID:5016
- C:\Windows\System\AaaGoBd.exe
  C:\Windows\System\AaaGoBd.exe
  2⤵
  PID:5036
- C:\Windows\System\rimXHAn.exe
  C:\Windows\System\rimXHAn.exe
  2⤵
  PID:5052
- C:\Windows\System\JMdWUWz.exe
  C:\Windows\System\JMdWUWz.exe
  2⤵
  PID:5080
- C:\Windows\System\jVZmumK.exe
  C:\Windows\System\jVZmumK.exe
  2⤵
  PID:5100
- C:\Windows\System\QugwSrI.exe
  C:\Windows\System\QugwSrI.exe
  2⤵
  PID:5116
- C:\Windows\System\NoKDZGV.exe
  C:\Windows\System\NoKDZGV.exe
  2⤵
  PID:4116
- C:\Windows\System\qhOOoCi.exe
  C:\Windows\System\qhOOoCi.exe
  2⤵
  PID:4120
- C:\Windows\System\hXLcCdr.exe
  C:\Windows\System\hXLcCdr.exe
  2⤵
  PID:4168
- C:\Windows\System\mAieOML.exe
  C:\Windows\System\mAieOML.exe
  2⤵
  PID:4188
- C:\Windows\System\pEBOGTL.exe
  C:\Windows\System\pEBOGTL.exe
  2⤵
  PID:4224
- C:\Windows\System\JkvHnhE.exe
  C:\Windows\System\JkvHnhE.exe
  2⤵
  PID:4264
- C:\Windows\System\gLDpLXe.exe
  C:\Windows\System\gLDpLXe.exe
  2⤵
  PID:4284
- C:\Windows\System\ufPIINB.exe
  C:\Windows\System\ufPIINB.exe
  2⤵
  PID:4332
- C:\Windows\System\fgvaKny.exe
  C:\Windows\System\fgvaKny.exe
  2⤵
  PID:4384
- C:\Windows\System\KcOPIKR.exe
  C:\Windows\System\KcOPIKR.exe
  2⤵
  PID:4360
- C:\Windows\System\rllSxZx.exe
  C:\Windows\System\rllSxZx.exe
  2⤵
  PID:4460
- C:\Windows\System\aVeRTXH.exe
  C:\Windows\System\aVeRTXH.exe
  2⤵
  PID:4484
- C:\Windows\System\GKkwyJD.exe
  C:\Windows\System\GKkwyJD.exe
  2⤵
  PID:4508
- C:\Windows\System\zdGKjcn.exe
  C:\Windows\System\zdGKjcn.exe
  2⤵
  PID:4520
- C:\Windows\System\vHKvEuU.exe
  C:\Windows\System\vHKvEuU.exe
  2⤵
  PID:4624
- C:\Windows\System\pIJUSmg.exe
  C:\Windows\System\pIJUSmg.exe
  2⤵
  PID:4604
- C:\Windows\System\EWNZJBw.exe
  C:\Windows\System\EWNZJBw.exe
  2⤵
  PID:4644
- C:\Windows\System\gKxvmaZ.exe
  C:\Windows\System\gKxvmaZ.exe
  2⤵
  PID:4684
- C:\Windows\System\QRxDbeH.exe
  C:\Windows\System\QRxDbeH.exe
  2⤵
  PID:4760
- C:\Windows\System\IfzayjH.exe
  C:\Windows\System\IfzayjH.exe
  2⤵
  PID:4780
- C:\Windows\System\GZgFejX.exe
  C:\Windows\System\GZgFejX.exe
  2⤵
  PID:4824
- C:\Windows\System\ngyDtkI.exe
  C:\Windows\System\ngyDtkI.exe
  2⤵
  PID:4864
- C:\Windows\System\SwsPmEM.exe
  C:\Windows\System\SwsPmEM.exe
  2⤵
  PID:4892
- C:\Windows\System\vIDnNzE.exe
  C:\Windows\System\vIDnNzE.exe
  2⤵
  PID:4920
- C:\Windows\System\EJvcEaz.exe
  C:\Windows\System\EJvcEaz.exe
  2⤵
  PID:4960
- C:\Windows\System\YZkeqUN.exe
  C:\Windows\System\YZkeqUN.exe
  2⤵
  PID:5028
- C:\Windows\System\hfzmvxZ.exe
  C:\Windows\System\hfzmvxZ.exe
  2⤵
  PID:4988
- C:\Windows\System\yijWITW.exe
  C:\Windows\System\yijWITW.exe
  2⤵
  PID:5064
- C:\Windows\System\ftRHwou.exe
  C:\Windows\System\ftRHwou.exe
  2⤵
  PID:5088
- C:\Windows\System\WfOjCtx.exe
  C:\Windows\System\WfOjCtx.exe
  2⤵
  PID:5108
- C:\Windows\System\AIeYIUO.exe
  C:\Windows\System\AIeYIUO.exe
  2⤵
  PID:4028
- C:\Windows\System\bKOdQDX.exe
  C:\Windows\System\bKOdQDX.exe
  2⤵
  PID:4220
- C:\Windows\System\nrYOcqq.exe
  C:\Windows\System\nrYOcqq.exe
  2⤵
  PID:4204
- C:\Windows\System\ZKvhDkG.exe
  C:\Windows\System\ZKvhDkG.exe
  2⤵
  PID:4272
- C:\Windows\System\faWfaxu.exe
  C:\Windows\System\faWfaxu.exe
  2⤵
  PID:4328
- C:\Windows\System\gXnJoWn.exe
  C:\Windows\System\gXnJoWn.exe
  2⤵
  PID:4364
- C:\Windows\System\XMktTFl.exe
  C:\Windows\System\XMktTFl.exe
  2⤵
  PID:4416
- C:\Windows\System\jwIwXFS.exe
  C:\Windows\System\jwIwXFS.exe
  2⤵
  PID:4488
- C:\Windows\System\NgXMAkQ.exe
  C:\Windows\System\NgXMAkQ.exe
  2⤵
  PID:4544
- C:\Windows\System\TluzUbe.exe
  C:\Windows\System\TluzUbe.exe
  2⤵
  PID:4568
- C:\Windows\System\VJsDwJL.exe
  C:\Windows\System\VJsDwJL.exe
  2⤵
  PID:4600
- C:\Windows\System\MgUvVXd.exe
  C:\Windows\System\MgUvVXd.exe
  2⤵
  PID:4728
- C:\Windows\System\uLSuewE.exe
  C:\Windows\System\uLSuewE.exe
  2⤵
  PID:4744
- C:\Windows\System\KvzSJue.exe
  C:\Windows\System\KvzSJue.exe
  2⤵
  PID:4840
- C:\Windows\System\ofQNjCh.exe
  C:\Windows\System\ofQNjCh.exe
  2⤵
  PID:4880
- C:\Windows\System\bCGoYFt.exe
  C:\Windows\System\bCGoYFt.exe
  2⤵
  PID:4908
- C:\Windows\System\fjFtKwd.exe
  C:\Windows\System\fjFtKwd.exe
  2⤵
  PID:4944
- C:\Windows\System\irRAmrj.exe
  C:\Windows\System\irRAmrj.exe
  2⤵
  PID:5060
- C:\Windows\System\pffcobU.exe
  C:\Windows\System\pffcobU.exe
  2⤵
  PID:3708
- C:\Windows\System\KdaizAX.exe
  C:\Windows\System\KdaizAX.exe
  2⤵
  PID:4112
- C:\Windows\System\cMtUSqa.exe
  C:\Windows\System\cMtUSqa.exe
  2⤵
  PID:4180
- C:\Windows\System\tOZUjoa.exe
  C:\Windows\System\tOZUjoa.exe
  2⤵
  PID:3464
- C:\Windows\System\KqTsytL.exe
  C:\Windows\System\KqTsytL.exe
  2⤵
  PID:4640
- C:\Windows\System\YtBOEzS.exe
  C:\Windows\System\YtBOEzS.exe
  2⤵
  PID:4928
- C:\Windows\System\puMeKug.exe
  C:\Windows\System\puMeKug.exe
  2⤵
  PID:4428
- C:\Windows\System\MByyiDX.exe
  C:\Windows\System\MByyiDX.exe
  2⤵
  PID:5076
- C:\Windows\System\wFiFteI.exe
  C:\Windows\System\wFiFteI.exe
  2⤵
  PID:4980
- C:\Windows\System\qaTRuxJ.exe
  C:\Windows\System\qaTRuxJ.exe
  2⤵
  PID:4100
- C:\Windows\System\zoDKMTU.exe
  C:\Windows\System\zoDKMTU.exe
  2⤵
  PID:4540
- C:\Windows\System\trpFGzA.exe
  C:\Windows\System\trpFGzA.exe
  2⤵
  PID:5072
- C:\Windows\System\kwYYveC.exe
  C:\Windows\System\kwYYveC.exe
  2⤵
  PID:4924
- C:\Windows\System\XecIlHD.exe
  C:\Windows\System\XecIlHD.exe
  2⤵
  PID:4380
- C:\Windows\System\kyHUKMr.exe
  C:\Windows\System\kyHUKMr.exe
  2⤵
  PID:4792
- C:\Windows\System\YwJqzyz.exe
  C:\Windows\System\YwJqzyz.exe
  2⤵
  PID:4916
- C:\Windows\System\IyNXWgE.exe
  C:\Windows\System\IyNXWgE.exe
  2⤵
  PID:4308
- C:\Windows\System\oVSjetm.exe
  C:\Windows\System\oVSjetm.exe
  2⤵
  PID:5012
- C:\Windows\System\ObVLhme.exe
  C:\Windows\System\ObVLhme.exe
  2⤵
  PID:4912
- C:\Windows\System\NfzkSMK.exe
  C:\Windows\System\NfzkSMK.exe
  2⤵
  PID:4260
- C:\Windows\System\JUDBlJX.exe
  C:\Windows\System\JUDBlJX.exe
  2⤵
  PID:4588
- C:\Windows\System\GVvHgTf.exe
  C:\Windows\System\GVvHgTf.exe
  2⤵
  PID:4984
- C:\Windows\System\INXNzUk.exe
  C:\Windows\System\INXNzUk.exe
  2⤵
  PID:4184
- C:\Windows\System\KCGTqes.exe
  C:\Windows\System\KCGTqes.exe
  2⤵
  PID:4876
- C:\Windows\System\ZeDfCWM.exe
  C:\Windows\System\ZeDfCWM.exe
  2⤵
  PID:4504
- C:\Windows\System\mMkdpck.exe
  C:\Windows\System\mMkdpck.exe
  2⤵
  PID:4500
- C:\Windows\System\MgRvEVR.exe
  C:\Windows\System\MgRvEVR.exe
  2⤵
  PID:4844
- C:\Windows\System\perDoxk.exe
  C:\Windows\System\perDoxk.exe
  2⤵
  PID:4584
- C:\Windows\System\XzfmnbC.exe
  C:\Windows\System\XzfmnbC.exe
  2⤵
  PID:3752
- C:\Windows\System\FnUUlXe.exe
  C:\Windows\System\FnUUlXe.exe
  2⤵
  PID:4692
- C:\Windows\System\pUtrLmr.exe
  C:\Windows\System\pUtrLmr.exe
  2⤵
  PID:4968
- C:\Windows\System\mUbNqWs.exe
  C:\Windows\System\mUbNqWs.exe
  2⤵
  PID:4656
- C:\Windows\System\lDCjdCh.exe
  C:\Windows\System\lDCjdCh.exe
  2⤵
  PID:5148
- C:\Windows\System\RnAPjZf.exe
  C:\Windows\System\RnAPjZf.exe
  2⤵
  PID:5164
- C:\Windows\System\UIxjZpp.exe
  C:\Windows\System\UIxjZpp.exe
  2⤵
  PID:5180
- C:\Windows\System\vkfYGmF.exe
  C:\Windows\System\vkfYGmF.exe
  2⤵
  PID:5196
- C:\Windows\System\lzoJxSe.exe
  C:\Windows\System\lzoJxSe.exe
  2⤵
  PID:5220
- C:\Windows\System\PwgVZsq.exe
  C:\Windows\System\PwgVZsq.exe
  2⤵
  PID:5244
- C:\Windows\System\jWOCBNz.exe
  C:\Windows\System\jWOCBNz.exe
  2⤵
  PID:5264
- C:\Windows\System\KbovnSG.exe
  C:\Windows\System\KbovnSG.exe
  2⤵
  PID:5280
- C:\Windows\System\UOwFrCK.exe
  C:\Windows\System\UOwFrCK.exe
  2⤵
  PID:5296
- C:\Windows\System\NFClMsV.exe
  C:\Windows\System\NFClMsV.exe
  2⤵
  PID:5328
- C:\Windows\System\nzGenYs.exe
  C:\Windows\System\nzGenYs.exe
  2⤵
  PID:5344
- C:\Windows\System\VPDxpWf.exe
  C:\Windows\System\VPDxpWf.exe
  2⤵
  PID:5364
- C:\Windows\System\SHkUEaP.exe
  C:\Windows\System\SHkUEaP.exe
  2⤵
  PID:5380
- C:\Windows\System\ezFVBtK.exe
  C:\Windows\System\ezFVBtK.exe
  2⤵
  PID:5400
- C:\Windows\System\CrcwCYA.exe
  C:\Windows\System\CrcwCYA.exe
  2⤵
  PID:5416
- C:\Windows\System\lefKIGX.exe
  C:\Windows\System\lefKIGX.exe
  2⤵
  PID:5436
- C:\Windows\System\pJVoRuk.exe
  C:\Windows\System\pJVoRuk.exe
  2⤵
  PID:5464
- C:\Windows\System\PaBCyTh.exe
  C:\Windows\System\PaBCyTh.exe
  2⤵
  PID:5492
- C:\Windows\System\YPmjiwE.exe
  C:\Windows\System\YPmjiwE.exe
  2⤵
  PID:5512
- C:\Windows\System\QIndmYm.exe
  C:\Windows\System\QIndmYm.exe
  2⤵
  PID:5528
- C:\Windows\System\geJLIKF.exe
  C:\Windows\System\geJLIKF.exe
  2⤵
  PID:5548
- C:\Windows\System\sxGlkdw.exe
  C:\Windows\System\sxGlkdw.exe
  2⤵
  PID:5568
- C:\Windows\System\gaQLQWo.exe
  C:\Windows\System\gaQLQWo.exe
  2⤵
  PID:5584
- C:\Windows\System\DxYnzxE.exe
  C:\Windows\System\DxYnzxE.exe
  2⤵
  PID:5600
- C:\Windows\System\ZGcvEUz.exe
  C:\Windows\System\ZGcvEUz.exe
  2⤵
  PID:5628
- C:\Windows\System\ZlxHfUF.exe
  C:\Windows\System\ZlxHfUF.exe
  2⤵
  PID:5644
- C:\Windows\System\ZFuOYrE.exe
  C:\Windows\System\ZFuOYrE.exe
  2⤵
  PID:5664
- C:\Windows\System\oEBUKUR.exe
  C:\Windows\System\oEBUKUR.exe
  2⤵
  PID:5684
- C:\Windows\System\kowjDJO.exe
  C:\Windows\System\kowjDJO.exe
  2⤵
  PID:5712
- C:\Windows\System\eXsxcsm.exe
  C:\Windows\System\eXsxcsm.exe
  2⤵
  PID:5736
- C:\Windows\System\SGTXWTb.exe
  C:\Windows\System\SGTXWTb.exe
  2⤵
  PID:5752
- C:\Windows\System\BBHJhjE.exe
  C:\Windows\System\BBHJhjE.exe
  2⤵
  PID:5768
- C:\Windows\System\iFivphk.exe
  C:\Windows\System\iFivphk.exe
  2⤵
  PID:5788
- C:\Windows\System\huKmxXX.exe
  C:\Windows\System\huKmxXX.exe
  2⤵
  PID:5804
- C:\Windows\System\kwHxJfD.exe
  C:\Windows\System\kwHxJfD.exe
  2⤵
  PID:5836
- C:\Windows\System\goYolOo.exe
  C:\Windows\System\goYolOo.exe
  2⤵
  PID:5852
- C:\Windows\System\rVXWHOL.exe
  C:\Windows\System\rVXWHOL.exe
  2⤵
  PID:5876
- C:\Windows\System\shppIdj.exe
  C:\Windows\System\shppIdj.exe
  2⤵
  PID:5892
- C:\Windows\System\RRHtkUi.exe
  C:\Windows\System\RRHtkUi.exe
  2⤵
  PID:5908
- C:\Windows\System\PwxrgDM.exe
  C:\Windows\System\PwxrgDM.exe
  2⤵
  PID:5936
- C:\Windows\System\ekvpnRN.exe
  C:\Windows\System\ekvpnRN.exe
  2⤵
  PID:5956
- C:\Windows\System\dvdfLoi.exe
  C:\Windows\System\dvdfLoi.exe
  2⤵
  PID:5972
- C:\Windows\System\nPWZPRN.exe
  C:\Windows\System\nPWZPRN.exe
  2⤵
  PID:5988
- C:\Windows\System\vXenzfw.exe
  C:\Windows\System\vXenzfw.exe
  2⤵
  PID:6016
- C:\Windows\System\SyxZmsd.exe
  C:\Windows\System\SyxZmsd.exe
  2⤵
  PID:6032
- C:\Windows\System\ZyPhzPN.exe
  C:\Windows\System\ZyPhzPN.exe
  2⤵
  PID:6052
- C:\Windows\System\DvcOfql.exe
  C:\Windows\System\DvcOfql.exe
  2⤵
  PID:6068
- C:\Windows\System\DmeNytA.exe
  C:\Windows\System\DmeNytA.exe
  2⤵
  PID:6092
- C:\Windows\System\aowygWJ.exe
  C:\Windows\System\aowygWJ.exe
  2⤵
  PID:6112
- C:\Windows\System\MwOMVSy.exe
  C:\Windows\System\MwOMVSy.exe
  2⤵
  PID:6132
- C:\Windows\System\opgfVGg.exe
  C:\Windows\System\opgfVGg.exe
  2⤵
  PID:5136
- C:\Windows\System\etWmNIl.exe
  C:\Windows\System\etWmNIl.exe
  2⤵
  PID:5188
- C:\Windows\System\bTLdQgM.exe
  C:\Windows\System\bTLdQgM.exe
  2⤵
  PID:5208
- C:\Windows\System\CqnmCJw.exe
  C:\Windows\System\CqnmCJw.exe
  2⤵
  PID:5256
- C:\Windows\System\ZSGQuTC.exe
  C:\Windows\System\ZSGQuTC.exe
  2⤵
  PID:5232
- C:\Windows\System\WXKfmJS.exe
  C:\Windows\System\WXKfmJS.exe
  2⤵
  PID:5308
- C:\Windows\System\zJIpxvZ.exe
  C:\Windows\System\zJIpxvZ.exe
  2⤵
  PID:5320
- C:\Windows\System\brBnRrk.exe
  C:\Windows\System\brBnRrk.exe
  2⤵
  PID:5376
- C:\Windows\System\pVVKsMn.exe
  C:\Windows\System\pVVKsMn.exe
  2⤵
  PID:5408
- C:\Windows\System\mziJYvu.exe
  C:\Windows\System\mziJYvu.exe
  2⤵
  PID:5452
- C:\Windows\System\FMzsrrZ.exe
  C:\Windows\System\FMzsrrZ.exe
  2⤵
  PID:5460
- C:\Windows\System\ejXHYak.exe
  C:\Windows\System\ejXHYak.exe
  2⤵
  PID:5484
- C:\Windows\System\pwLDlHy.exe
  C:\Windows\System\pwLDlHy.exe
  2⤵
  PID:5536
- C:\Windows\System\ThhKviP.exe
  C:\Windows\System\ThhKviP.exe
  2⤵
  PID:5560
- C:\Windows\System\WxTjPRJ.exe
  C:\Windows\System\WxTjPRJ.exe
  2⤵
  PID:5620
- C:\Windows\System\bIlTFEZ.exe
  C:\Windows\System\bIlTFEZ.exe
  2⤵
  PID:5596
- C:\Windows\System\cldSdbp.exe
  C:\Windows\System\cldSdbp.exe
  2⤵
  PID:5660
- C:\Windows\System\ensaRfw.exe
  C:\Windows\System\ensaRfw.exe
  2⤵
  PID:5672
- C:\Windows\System\qYXBEFR.exe
  C:\Windows\System\qYXBEFR.exe
  2⤵
  PID:5728
- C:\Windows\System\OJPliHK.exe
  C:\Windows\System\OJPliHK.exe
  2⤵
  PID:5764
- C:\Windows\System\TUbkfDA.exe
  C:\Windows\System\TUbkfDA.exe
  2⤵
  PID:5780
- C:\Windows\System\sOqByjP.exe
  C:\Windows\System\sOqByjP.exe
  2⤵
  PID:5824
- C:\Windows\System\UbWdwMh.exe
  C:\Windows\System\UbWdwMh.exe
  2⤵
  PID:5864
- C:\Windows\System\UUrVaGO.exe
  C:\Windows\System\UUrVaGO.exe
  2⤵
  PID:5924
- C:\Windows\System\gEmAYdK.exe
  C:\Windows\System\gEmAYdK.exe
  2⤵
  PID:5932
- C:\Windows\System\XemwHmZ.exe
  C:\Windows\System\XemwHmZ.exe
  2⤵
  PID:5952
- C:\Windows\System\LZrlHZw.exe
  C:\Windows\System\LZrlHZw.exe
  2⤵
  PID:6000
- C:\Windows\System\hxlRbIJ.exe
  C:\Windows\System\hxlRbIJ.exe
  2⤵
  PID:6040
- C:\Windows\System\JZAwlyf.exe
  C:\Windows\System\JZAwlyf.exe
  2⤵
  PID:6060
- C:\Windows\System\hYZMKYi.exe
  C:\Windows\System\hYZMKYi.exe
  2⤵
  PID:6076
- C:\Windows\System\nIrnUZN.exe
  C:\Windows\System\nIrnUZN.exe
  2⤵
  PID:6140
- C:\Windows\System\JVKroQH.exe
  C:\Windows\System\JVKroQH.exe
  2⤵
  PID:4884
- C:\Windows\System\BJLdfaS.exe
  C:\Windows\System\BJLdfaS.exe
  2⤵
  PID:5204
- C:\Windows\System\NLeVzMm.exe
  C:\Windows\System\NLeVzMm.exe
  2⤵
  PID:5236
- C:\Windows\System\aDRxpQC.exe
  C:\Windows\System\aDRxpQC.exe
  2⤵
  PID:5316
- C:\Windows\System\toYdTLF.exe
  C:\Windows\System\toYdTLF.exe
  2⤵
  PID:5336
- C:\Windows\System\oOlPPqd.exe
  C:\Windows\System\oOlPPqd.exe
  2⤵
  PID:5340
- C:\Windows\System\TyqQUOS.exe
  C:\Windows\System\TyqQUOS.exe
  2⤵
  PID:5432
- C:\Windows\System\IoddFxR.exe
  C:\Windows\System\IoddFxR.exe
  2⤵
  PID:5540
- C:\Windows\System\DOxWJqN.exe
  C:\Windows\System\DOxWJqN.exe
  2⤵
  PID:5556
- C:\Windows\System\ckWcoOc.exe
  C:\Windows\System\ckWcoOc.exe
  2⤵
  PID:5676
- C:\Windows\System\YElJyvd.exe
  C:\Windows\System\YElJyvd.exe
  2⤵
  PID:5696
- C:\Windows\System\OUydbJL.exe
  C:\Windows\System\OUydbJL.exe
  2⤵
  PID:5776
- C:\Windows\System\BlTnKOK.exe
  C:\Windows\System\BlTnKOK.exe
  2⤵
  PID:5744
- C:\Windows\System\rLEZfer.exe
  C:\Windows\System\rLEZfer.exe
  2⤵
  PID:5848
- C:\Windows\System\DtGQZCB.exe
  C:\Windows\System\DtGQZCB.exe
  2⤵
  PID:5920
- C:\Windows\System\DrqMfGs.exe
  C:\Windows\System\DrqMfGs.exe
  2⤵
  PID:5928
- C:\Windows\System\XNYKSHo.exe
  C:\Windows\System\XNYKSHo.exe
  2⤵
  PID:5980
- C:\Windows\System\cNCRJCn.exe
  C:\Windows\System\cNCRJCn.exe
  2⤵
  PID:6128
- C:\Windows\System\pWtYCaD.exe
  C:\Windows\System\pWtYCaD.exe
  2⤵
  PID:5128
- C:\Windows\System\doRDkYK.exe
  C:\Windows\System\doRDkYK.exe
  2⤵
  PID:5216
- C:\Windows\System\HnOmzCa.exe
  C:\Windows\System\HnOmzCa.exe
  2⤵
  PID:5304
- C:\Windows\System\YWNkWGl.exe
  C:\Windows\System\YWNkWGl.exe
  2⤵
  PID:5356
- C:\Windows\System\VFimgaI.exe
  C:\Windows\System\VFimgaI.exe
  2⤵
  PID:5508
- C:\Windows\System\XQJQPnh.exe
  C:\Windows\System\XQJQPnh.exe
  2⤵
  PID:5424
- C:\Windows\System\kXupKIz.exe
  C:\Windows\System\kXupKIz.exe
  2⤵
  PID:5592
- C:\Windows\System\CyaGGuA.exe
  C:\Windows\System\CyaGGuA.exe
  2⤵
  PID:5708
- C:\Windows\System\PKiiwbc.exe
  C:\Windows\System\PKiiwbc.exe
  2⤵
  PID:5732
- C:\Windows\System\GzVvlUk.exe
  C:\Windows\System\GzVvlUk.exe
  2⤵
  PID:5860
- C:\Windows\System\aeHQUNK.exe
  C:\Windows\System\aeHQUNK.exe
  2⤵
  PID:5968
- C:\Windows\System\LaDwDyg.exe
  C:\Windows\System\LaDwDyg.exe
  2⤵
  PID:6124
- C:\Windows\System\lmoXTfQ.exe
  C:\Windows\System\lmoXTfQ.exe
  2⤵
  PID:5176
- C:\Windows\System\XgIzAvN.exe
  C:\Windows\System\XgIzAvN.exe
  2⤵
  PID:5456
- C:\Windows\System\iXgZPzw.exe
  C:\Windows\System\iXgZPzw.exe
  2⤵
  PID:5700
- C:\Windows\System\sXzqnet.exe
  C:\Windows\System\sXzqnet.exe
  2⤵
  PID:5288
- C:\Windows\System\wOUoFaN.exe
  C:\Windows\System\wOUoFaN.exe
  2⤵
  PID:5624
- C:\Windows\System\mOiJLZB.exe
  C:\Windows\System\mOiJLZB.exe
  2⤵
  PID:5996
- C:\Windows\System\rlAqFBp.exe
  C:\Windows\System\rlAqFBp.exe
  2⤵
  PID:6100
- C:\Windows\System\wiUwBfl.exe
  C:\Windows\System\wiUwBfl.exe
  2⤵
  PID:5480
- C:\Windows\System\NECSsQj.exe
  C:\Windows\System\NECSsQj.exe
  2⤵
  PID:6152
- C:\Windows\System\saBaREc.exe
  C:\Windows\System\saBaREc.exe
  2⤵
  PID:6184
- C:\Windows\System\uVUlxUo.exe
  C:\Windows\System\uVUlxUo.exe
  2⤵
  PID:6200
- C:\Windows\System\erWAiin.exe
  C:\Windows\System\erWAiin.exe
  2⤵
  PID:6216
- C:\Windows\System\ZbISUHk.exe
  C:\Windows\System\ZbISUHk.exe
  2⤵
  PID:6240
- C:\Windows\System\ZvLCvYF.exe
  C:\Windows\System\ZvLCvYF.exe
  2⤵
  PID:6268
- C:\Windows\System\LbaVYTR.exe
  C:\Windows\System\LbaVYTR.exe
  2⤵
  PID:6284
- C:\Windows\System\PMrznVK.exe
  C:\Windows\System\PMrznVK.exe
  2⤵
  PID:6304
- C:\Windows\System\DTwcuAl.exe
  C:\Windows\System\DTwcuAl.exe
  2⤵
  PID:6320
- C:\Windows\System\WbpKOUU.exe
  C:\Windows\System\WbpKOUU.exe
  2⤵
  PID:6336
- C:\Windows\System\bzZDFFt.exe
  C:\Windows\System\bzZDFFt.exe
  2⤵
  PID:6364
- C:\Windows\System\IWfeOwl.exe
  C:\Windows\System\IWfeOwl.exe
  2⤵
  PID:6384
- C:\Windows\System\UfxIApT.exe
  C:\Windows\System\UfxIApT.exe
  2⤵
  PID:6400
- C:\Windows\System\ptVVXGS.exe
  C:\Windows\System\ptVVXGS.exe
  2⤵
  PID:6420
- C:\Windows\System\lbmzBRh.exe
  C:\Windows\System\lbmzBRh.exe
  2⤵
  PID:6448
- C:\Windows\System\kSynVap.exe
  C:\Windows\System\kSynVap.exe
  2⤵
  PID:6464
- C:\Windows\System\icAePsu.exe
  C:\Windows\System\icAePsu.exe
  2⤵
  PID:6484
- C:\Windows\System\PiIaaqi.exe
  C:\Windows\System\PiIaaqi.exe
  2⤵
  PID:6512
- C:\Windows\System\xKHREIU.exe
  C:\Windows\System\xKHREIU.exe
  2⤵
  PID:6532
- C:\Windows\System\JyWDqqu.exe
  C:\Windows\System\JyWDqqu.exe
  2⤵
  PID:6548
- C:\Windows\System\ONEXznk.exe
  C:\Windows\System\ONEXznk.exe
  2⤵
  PID:6572
- C:\Windows\System\mxAmiJS.exe
  C:\Windows\System\mxAmiJS.exe
  2⤵
  PID:6596
- C:\Windows\System\skmXSbg.exe
  C:\Windows\System\skmXSbg.exe
  2⤵
  PID:6612
- C:\Windows\System\CyDETYe.exe
  C:\Windows\System\CyDETYe.exe
  2⤵
  PID:6632
- C:\Windows\System\GaTVddX.exe
  C:\Windows\System\GaTVddX.exe
  2⤵
  PID:6652
- C:\Windows\System\kwpthzk.exe
  C:\Windows\System\kwpthzk.exe
  2⤵
  PID:6672
- C:\Windows\System\efpkmyv.exe
  C:\Windows\System\efpkmyv.exe
  2⤵
  PID:6688
- C:\Windows\System\BYwRRbR.exe
  C:\Windows\System\BYwRRbR.exe
  2⤵
  PID:6716
- C:\Windows\System\AuvhZsH.exe
  C:\Windows\System\AuvhZsH.exe
  2⤵
  PID:6732
- C:\Windows\System\jjHDGTD.exe
  C:\Windows\System\jjHDGTD.exe
  2⤵
  PID:6748
- C:\Windows\System\VLAjsFs.exe
  C:\Windows\System\VLAjsFs.exe
  2⤵
  PID:6772
- C:\Windows\System\pWjTBOe.exe
  C:\Windows\System\pWjTBOe.exe
  2⤵
  PID:6792
- C:\Windows\System\CRogCvC.exe
  C:\Windows\System\CRogCvC.exe
  2⤵
  PID:6812
- C:\Windows\System\Mbnxciu.exe
  C:\Windows\System\Mbnxciu.exe
  2⤵
  PID:6836
- C:\Windows\System\fKUmbpe.exe
  C:\Windows\System\fKUmbpe.exe
  2⤵
  PID:6852
- C:\Windows\System\vYoddjS.exe
  C:\Windows\System\vYoddjS.exe
  2⤵
  PID:6868
- C:\Windows\System\NkNruru.exe
  C:\Windows\System\NkNruru.exe
  2⤵
  PID:6896
- C:\Windows\System\NQinvLB.exe
  C:\Windows\System\NQinvLB.exe
  2⤵
  PID:6912
- C:\Windows\System\UVDciPc.exe
  C:\Windows\System\UVDciPc.exe
  2⤵
  PID:6932
- C:\Windows\System\VlrrWjP.exe
  C:\Windows\System\VlrrWjP.exe
  2⤵
  PID:6948
- C:\Windows\System\KhBZXMk.exe
  C:\Windows\System\KhBZXMk.exe
  2⤵
  PID:6968
- C:\Windows\System\QuKsXWC.exe
  C:\Windows\System\QuKsXWC.exe
  2⤵
  PID:6992
- C:\Windows\System\NohizFq.exe
  C:\Windows\System\NohizFq.exe
  2⤵
  PID:7008
- C:\Windows\System\AouKbJG.exe
  C:\Windows\System\AouKbJG.exe
  2⤵
  PID:7028
- C:\Windows\System\bedJnqn.exe
  C:\Windows\System\bedJnqn.exe
  2⤵
  PID:7048
- C:\Windows\System\EmadIfv.exe
  C:\Windows\System\EmadIfv.exe
  2⤵
  PID:7072
- C:\Windows\System\SpPNWJQ.exe
  C:\Windows\System\SpPNWJQ.exe
  2⤵
  PID:7096
- C:\Windows\System\kLdrQyJ.exe
  C:\Windows\System\kLdrQyJ.exe
  2⤵
  PID:7112
- C:\Windows\System\PqSfCMX.exe
  C:\Windows\System\PqSfCMX.exe
  2⤵
  PID:7128
- C:\Windows\System\wpQwshQ.exe
  C:\Windows\System\wpQwshQ.exe
  2⤵
  PID:7144
- C:\Windows\System\CTNzmCJ.exe
  C:\Windows\System\CTNzmCJ.exe
  2⤵
  PID:5324
- C:\Windows\System\cDadUSV.exe
  C:\Windows\System\cDadUSV.exe
  2⤵
  PID:6044
- C:\Windows\System\FIhhVtZ.exe
  C:\Windows\System\FIhhVtZ.exe
  2⤵
  PID:6164
- C:\Windows\System\nLcIUNV.exe
  C:\Windows\System\nLcIUNV.exe
  2⤵
  PID:5172
- C:\Windows\System\acAmVnO.exe
  C:\Windows\System\acAmVnO.exe
  2⤵
  PID:6172
- C:\Windows\System\VlpWvLT.exe
  C:\Windows\System\VlpWvLT.exe
  2⤵
  PID:6228
- C:\Windows\System\LDDLFUL.exe
  C:\Windows\System\LDDLFUL.exe
  2⤵
  PID:6248
- C:\Windows\System\ZkRmSnn.exe
  C:\Windows\System\ZkRmSnn.exe
  2⤵
  PID:5504
- C:\Windows\System\hgtHQGR.exe
  C:\Windows\System\hgtHQGR.exe
  2⤵
  PID:6300
- C:\Windows\System\tDLTWgA.exe
  C:\Windows\System\tDLTWgA.exe
  2⤵
  PID:6316
- C:\Windows\System\rHcurFO.exe
  C:\Windows\System\rHcurFO.exe
  2⤵
  PID:6380
- C:\Windows\System\TkvtpSW.exe
  C:\Windows\System\TkvtpSW.exe
  2⤵
  PID:6416
- C:\Windows\System\itqdbxP.exe
  C:\Windows\System\itqdbxP.exe
  2⤵
  PID:6436
- C:\Windows\System\gqosggJ.exe
  C:\Windows\System\gqosggJ.exe
  2⤵
  PID:6472
- C:\Windows\System\cnjXniW.exe
  C:\Windows\System\cnjXniW.exe
  2⤵
  PID:6504
- C:\Windows\System\BLvBKZu.exe
  C:\Windows\System\BLvBKZu.exe
  2⤵
  PID:6520
- C:\Windows\System\XPKzslx.exe
  C:\Windows\System\XPKzslx.exe
  2⤵
  PID:6584
- C:\Windows\System\DuIzWvL.exe
  C:\Windows\System\DuIzWvL.exe
  2⤵
  PID:6568
- C:\Windows\System\NqoYjIf.exe
  C:\Windows\System\NqoYjIf.exe
  2⤵
  PID:6628
- C:\Windows\System\vWdkHKV.exe
  C:\Windows\System\vWdkHKV.exe
  2⤵
  PID:6668
- C:\Windows\System\sBykjol.exe
  C:\Windows\System\sBykjol.exe
  2⤵
  PID:6708
- C:\Windows\System\iSBrhQy.exe
  C:\Windows\System\iSBrhQy.exe
  2⤵
  PID:6744
- C:\Windows\System\nvscTSy.exe
  C:\Windows\System\nvscTSy.exe
  2⤵
  PID:6756
- C:\Windows\System\rzYyDSB.exe
  C:\Windows\System\rzYyDSB.exe
  2⤵
  PID:6784
- C:\Windows\System\NFLXavF.exe
  C:\Windows\System\NFLXavF.exe
  2⤵
  PID:6800
- C:\Windows\System\ThVlFsa.exe
  C:\Windows\System\ThVlFsa.exe
  2⤵
  PID:6848
- C:\Windows\System\fBIGPdX.exe
  C:\Windows\System\fBIGPdX.exe
  2⤵
  PID:6884
- C:\Windows\System\GEpFdMu.exe
  C:\Windows\System\GEpFdMu.exe
  2⤵
  PID:6924
- C:\Windows\System\IKKjGfK.exe
  C:\Windows\System\IKKjGfK.exe
  2⤵
  PID:6984
- C:\Windows\System\zuoaKyz.exe
  C:\Windows\System\zuoaKyz.exe
  2⤵
  PID:6956
- C:\Windows\System\MOHEFIs.exe
  C:\Windows\System\MOHEFIs.exe
  2⤵
  PID:7056
- C:\Windows\System\SqLqufu.exe
  C:\Windows\System\SqLqufu.exe
  2⤵
  PID:7044
- C:\Windows\System\zruJtMS.exe
  C:\Windows\System\zruJtMS.exe
  2⤵
  PID:7120
- C:\Windows\System\dlvyHWF.exe
  C:\Windows\System\dlvyHWF.exe
  2⤵
  PID:7104
- C:\Windows\System\aDEWQJP.exe
  C:\Windows\System\aDEWQJP.exe
  2⤵
  PID:5812
- C:\Windows\System\SJUAYyh.exe
  C:\Windows\System\SJUAYyh.exe
  2⤵
  PID:6084
- C:\Windows\System\WQTsmUN.exe
  C:\Windows\System\WQTsmUN.exe
  2⤵
  PID:6008
- C:\Windows\System\JfgdEIF.exe
  C:\Windows\System\JfgdEIF.exe
  2⤵
  PID:6212
- C:\Windows\System\euGMimo.exe
  C:\Windows\System\euGMimo.exe
  2⤵
  PID:6196
- C:\Windows\System\tFghjdm.exe
  C:\Windows\System\tFghjdm.exe
  2⤵
  PID:6312
- C:\Windows\System\IUnJDZT.exe
  C:\Windows\System\IUnJDZT.exe
  2⤵
  PID:6352
- C:\Windows\System\KQGHVLQ.exe
  C:\Windows\System\KQGHVLQ.exe
  2⤵
  PID:6432
- C:\Windows\System\twHydBY.exe
  C:\Windows\System\twHydBY.exe
  2⤵
  PID:6480
- C:\Windows\System\wrQRmTl.exe
  C:\Windows\System\wrQRmTl.exe
  2⤵
  PID:6508
- C:\Windows\System\MAvqmva.exe
  C:\Windows\System\MAvqmva.exe
  2⤵
  PID:6544
- C:\Windows\System\UBtLMMk.exe
  C:\Windows\System\UBtLMMk.exe
  2⤵
  PID:6664
- C:\Windows\System\ssryCrJ.exe
  C:\Windows\System\ssryCrJ.exe
  2⤵
  PID:6680
- C:\Windows\System\evlbAVN.exe
  C:\Windows\System\evlbAVN.exe
  2⤵
  PID:6760
- C:\Windows\System\lIBbwtT.exe
  C:\Windows\System\lIBbwtT.exe
  2⤵
  PID:6788
- C:\Windows\System\quqsXUO.exe
  C:\Windows\System\quqsXUO.exe
  2⤵
  PID:6908
- C:\Windows\System\gmqVVgP.exe
  C:\Windows\System\gmqVVgP.exe
  2⤵
  PID:6944
- C:\Windows\System\hOOtGpc.exe
  C:\Windows\System\hOOtGpc.exe
  2⤵
  PID:7020
- C:\Windows\System\eBPTLLE.exe
  C:\Windows\System\eBPTLLE.exe
  2⤵
  PID:7004
- C:\Windows\System\yRpGitY.exe
  C:\Windows\System\yRpGitY.exe
  2⤵
  PID:7088
- C:\Windows\System\gXtgClW.exe
  C:\Windows\System\gXtgClW.exe
  2⤵
  PID:7124
- C:\Windows\System\EPPNdCe.exe
  C:\Windows\System\EPPNdCe.exe
  2⤵
  PID:7164
- C:\Windows\System\ymVafLg.exe
  C:\Windows\System\ymVafLg.exe
  2⤵
  PID:5612
- C:\Windows\System\TbiiPrf.exe
  C:\Windows\System\TbiiPrf.exe
  2⤵
  PID:6264
- C:\Windows\System\vurtMAL.exe
  C:\Windows\System\vurtMAL.exe
  2⤵
  PID:6296
- C:\Windows\System\prNAows.exe
  C:\Windows\System\prNAows.exe
  2⤵
  PID:6408
- C:\Windows\System\cVReQAB.exe
  C:\Windows\System\cVReQAB.exe
  2⤵
  PID:6560
- C:\Windows\System\VfQONLJ.exe
  C:\Windows\System\VfQONLJ.exe
  2⤵
  PID:6640
- C:\Windows\System\hJIfpCt.exe
  C:\Windows\System\hJIfpCt.exe
  2⤵
  PID:6704
- C:\Windows\System\FgDDKJB.exe
  C:\Windows\System\FgDDKJB.exe
  2⤵
  PID:6828
- C:\Windows\System\VJGhpYo.exe
  C:\Windows\System\VJGhpYo.exe
  2⤵
  PID:6888
- C:\Windows\System\TRHSvKd.exe
  C:\Windows\System\TRHSvKd.exe
  2⤵
  PID:6960
- C:\Windows\System\tpHIJDb.exe
  C:\Windows\System\tpHIJDb.exe
  2⤵
  PID:5796
- C:\Windows\System\WqFdSeK.exe
  C:\Windows\System\WqFdSeK.exe
  2⤵
  PID:6280
- C:\Windows\System\bexZlQs.exe
  C:\Windows\System\bexZlQs.exe
  2⤵
  PID:5984
- C:\Windows\System\BTmAWmL.exe
  C:\Windows\System\BTmAWmL.exe
  2⤵
  PID:6456
- C:\Windows\System\JBSgxwR.exe
  C:\Windows\System\JBSgxwR.exe
  2⤵
  PID:6556
- C:\Windows\System\OuCjVWx.exe
  C:\Windows\System\OuCjVWx.exe
  2⤵
  PID:6624
- C:\Windows\System\OdUkCxc.exe
  C:\Windows\System\OdUkCxc.exe
  2⤵
  PID:6844
- C:\Windows\System\QjvDvie.exe
  C:\Windows\System\QjvDvie.exe
  2⤵
  PID:7040
- C:\Windows\System\dqXEeRw.exe
  C:\Windows\System\dqXEeRw.exe
  2⤵
  PID:6256
- C:\Windows\System\SwIdvNw.exe
  C:\Windows\System\SwIdvNw.exe
  2⤵
  PID:7156
- C:\Windows\System\mmQminF.exe
  C:\Windows\System\mmQminF.exe
  2⤵
  PID:6428
- C:\Windows\System\qQTIaKN.exe
  C:\Windows\System\qQTIaKN.exe
  2⤵
  PID:6608
- C:\Windows\System\HTtpMUQ.exe
  C:\Windows\System\HTtpMUQ.exe
  2⤵
  PID:6780
- C:\Windows\System\OSxiVEL.exe
  C:\Windows\System\OSxiVEL.exe
  2⤵
  PID:6444
- C:\Windows\System\FjSdHAf.exe
  C:\Windows\System\FjSdHAf.exe
  2⤵
  PID:6500
- C:\Windows\System\TKipQLV.exe
  C:\Windows\System\TKipQLV.exe
  2⤵
  PID:6928
- C:\Windows\System\DUzGHin.exe
  C:\Windows\System\DUzGHin.exe
  2⤵
  PID:7024
- C:\Windows\System\XMBLCBG.exe
  C:\Windows\System\XMBLCBG.exe
  2⤵
  PID:6604
- C:\Windows\System\QkTiuEa.exe
  C:\Windows\System\QkTiuEa.exe
  2⤵
  PID:7204
- C:\Windows\System\DgbjyJo.exe
  C:\Windows\System\DgbjyJo.exe
  2⤵
  PID:7224
- C:\Windows\System\bPQiNDp.exe
  C:\Windows\System\bPQiNDp.exe
  2⤵
  PID:7240
- C:\Windows\System\qcnZWHR.exe
  C:\Windows\System\qcnZWHR.exe
  2⤵
  PID:7260
- C:\Windows\System\orcgqGh.exe
  C:\Windows\System\orcgqGh.exe
  2⤵
  PID:7284
- C:\Windows\System\aZTNRYb.exe
  C:\Windows\System\aZTNRYb.exe
  2⤵
  PID:7300
- C:\Windows\System\EWCtWho.exe
  C:\Windows\System\EWCtWho.exe
  2⤵
  PID:7320
- C:\Windows\System\QrwRnrg.exe
  C:\Windows\System\QrwRnrg.exe
  2⤵
  PID:7336
- C:\Windows\System\TCKqYTq.exe
  C:\Windows\System\TCKqYTq.exe
  2⤵
  PID:7356
- C:\Windows\System\HNMVbzB.exe
  C:\Windows\System\HNMVbzB.exe
  2⤵
  PID:7380
- C:\Windows\System\aRvYaTJ.exe
  C:\Windows\System\aRvYaTJ.exe
  2⤵
  PID:7400
- C:\Windows\System\pnvronU.exe
  C:\Windows\System\pnvronU.exe
  2⤵
  PID:7416
- C:\Windows\System\DbLZGJZ.exe
  C:\Windows\System\DbLZGJZ.exe
  2⤵
  PID:7432
- C:\Windows\System\xpkWohy.exe
  C:\Windows\System\xpkWohy.exe
  2⤵
  PID:7456
- C:\Windows\System\UryVgMn.exe
  C:\Windows\System\UryVgMn.exe
  2⤵
  PID:7476
- C:\Windows\System\YHOBiFs.exe
  C:\Windows\System\YHOBiFs.exe
  2⤵
  PID:7492
- C:\Windows\System\sWsCRNs.exe
  C:\Windows\System\sWsCRNs.exe
  2⤵
  PID:7524
- C:\Windows\System\peURCZZ.exe
  C:\Windows\System\peURCZZ.exe
  2⤵
  PID:7544
- C:\Windows\System\pKmhhta.exe
  C:\Windows\System\pKmhhta.exe
  2⤵
  PID:7560
- C:\Windows\System\KfvgrqP.exe
  C:\Windows\System\KfvgrqP.exe
  2⤵
  PID:7576
- C:\Windows\System\cAErYSc.exe
  C:\Windows\System\cAErYSc.exe
  2⤵
  PID:7592
- C:\Windows\System\BJRLnyV.exe
  C:\Windows\System\BJRLnyV.exe
  2⤵
  PID:7628
- C:\Windows\System\DphCdkq.exe
  C:\Windows\System\DphCdkq.exe
  2⤵
  PID:7644
- C:\Windows\System\cNjLtJU.exe
  C:\Windows\System\cNjLtJU.exe
  2⤵
  PID:7664
- C:\Windows\System\URgMSPr.exe
  C:\Windows\System\URgMSPr.exe
  2⤵
  PID:7684
- C:\Windows\System\VTxfeqn.exe
  C:\Windows\System\VTxfeqn.exe
  2⤵
  PID:7700
- C:\Windows\System\PdbSsRq.exe
  C:\Windows\System\PdbSsRq.exe
  2⤵
  PID:7724
- C:\Windows\System\dcsreYo.exe
  C:\Windows\System\dcsreYo.exe
  2⤵
  PID:7740
- C:\Windows\System\gipLtqp.exe
  C:\Windows\System\gipLtqp.exe
  2⤵
  PID:7756
- C:\Windows\System\zxwMPcB.exe
  C:\Windows\System\zxwMPcB.exe
  2⤵
  PID:7788
- C:\Windows\System\NEPQEXq.exe
  C:\Windows\System\NEPQEXq.exe
  2⤵
  PID:7804
- C:\Windows\System\ggscBdA.exe
  C:\Windows\System\ggscBdA.exe
  2⤵
  PID:7820
- C:\Windows\System\ojUMtav.exe
  C:\Windows\System\ojUMtav.exe
  2⤵
  PID:7836
- C:\Windows\System\fguIFox.exe
  C:\Windows\System\fguIFox.exe
  2⤵
  PID:7852
- C:\Windows\System\xKyuzmO.exe
  C:\Windows\System\xKyuzmO.exe
  2⤵
  PID:7872
- C:\Windows\System\jAxdkIN.exe
  C:\Windows\System\jAxdkIN.exe
  2⤵
  PID:7900
- C:\Windows\System\sDzbfbb.exe
  C:\Windows\System\sDzbfbb.exe
  2⤵
  PID:7920
- C:\Windows\System\RgXcUAr.exe
  C:\Windows\System\RgXcUAr.exe
  2⤵
  PID:7944
- C:\Windows\System\FZMJMjc.exe
  C:\Windows\System\FZMJMjc.exe
  2⤵
  PID:7960
- C:\Windows\System\MLwewhO.exe
  C:\Windows\System\MLwewhO.exe
  2⤵
  PID:7988
- C:\Windows\System\LuseXqB.exe
  C:\Windows\System\LuseXqB.exe
  2⤵
  PID:8004
- C:\Windows\System\ENGJqNl.exe
  C:\Windows\System\ENGJqNl.exe
  2⤵
  PID:8020
- C:\Windows\System\yVSkGiY.exe
  C:\Windows\System\yVSkGiY.exe
  2⤵
  PID:8036
- C:\Windows\System\JjHDPZY.exe
  C:\Windows\System\JjHDPZY.exe
  2⤵
  PID:8052
- C:\Windows\System\BzjLILb.exe
  C:\Windows\System\BzjLILb.exe
  2⤵
  PID:8088
- C:\Windows\System\hMxZvUA.exe
  C:\Windows\System\hMxZvUA.exe
  2⤵
  PID:8104
- C:\Windows\System\iGfrlrN.exe
  C:\Windows\System\iGfrlrN.exe
  2⤵
  PID:8124
- C:\Windows\System\nQYDINj.exe
  C:\Windows\System\nQYDINj.exe
  2⤵
  PID:8140
- C:\Windows\System\OqjieJN.exe
  C:\Windows\System\OqjieJN.exe
  2⤵
  PID:8156
- C:\Windows\System\WMBnuVg.exe
  C:\Windows\System\WMBnuVg.exe
  2⤵
  PID:8180
- C:\Windows\System\uFaIiLh.exe
  C:\Windows\System\uFaIiLh.exe
  2⤵
  PID:6492
- C:\Windows\System\GZrqSco.exe
  C:\Windows\System\GZrqSco.exe
  2⤵
  PID:7192
- C:\Windows\System\FpqWfaT.exe
  C:\Windows\System\FpqWfaT.exe
  2⤵
  PID:6260
- C:\Windows\System\QVsMemC.exe
  C:\Windows\System\QVsMemC.exe
  2⤵
  PID:7276
- C:\Windows\System\gVJDsiS.exe
  C:\Windows\System\gVJDsiS.exe
  2⤵
  PID:7292
- C:\Windows\System\CMuuhNr.exe
  C:\Windows\System\CMuuhNr.exe
  2⤵
  PID:7312
- C:\Windows\System\JoXBeBF.exe
  C:\Windows\System\JoXBeBF.exe
  2⤵
  PID:7348
- C:\Windows\System\OqoJkJC.exe
  C:\Windows\System\OqoJkJC.exe
  2⤵
  PID:7376
- C:\Windows\System\VQfLeEF.exe
  C:\Windows\System\VQfLeEF.exe
  2⤵
  PID:7412
- C:\Windows\System\uKoiqqr.exe
  C:\Windows\System\uKoiqqr.exe
  2⤵
  PID:7444
- C:\Windows\System\VOtbaPa.exe
  C:\Windows\System\VOtbaPa.exe
  2⤵
  PID:7500
- C:\Windows\System\fvZpryp.exe
  C:\Windows\System\fvZpryp.exe
  2⤵
  PID:7512
- C:\Windows\System\qpdhdxH.exe
  C:\Windows\System\qpdhdxH.exe
  2⤵
  PID:7540
- C:\Windows\System\EJhdohY.exe
  C:\Windows\System\EJhdohY.exe
  2⤵
  PID:7588
- C:\Windows\System\UgQyAjv.exe
  C:\Windows\System\UgQyAjv.exe
  2⤵
  PID:7612
- C:\Windows\System\qxTYrmp.exe
  C:\Windows\System\qxTYrmp.exe
  2⤵
  PID:7604
- C:\Windows\System\WwhfJfW.exe
  C:\Windows\System\WwhfJfW.exe
  2⤵
  PID:7656
- C:\Windows\System\KPjWOHD.exe
  C:\Windows\System\KPjWOHD.exe
  2⤵
  PID:7692
- C:\Windows\System\hrAQOyq.exe
  C:\Windows\System\hrAQOyq.exe
  2⤵
  PID:7764
- C:\Windows\System\oqSMLOq.exe
  C:\Windows\System\oqSMLOq.exe
  2⤵
  PID:7784
- C:\Windows\System\ymmHUuJ.exe
  C:\Windows\System\ymmHUuJ.exe
  2⤵
  PID:7848
- C:\Windows\System\TQpiwbq.exe
  C:\Windows\System\TQpiwbq.exe
  2⤵
  PID:7828
- C:\Windows\System\hQPacjt.exe
  C:\Windows\System\hQPacjt.exe
  2⤵
  PID:7928
- C:\Windows\System\VofRoqI.exe
  C:\Windows\System\VofRoqI.exe
  2⤵
  PID:7832
- C:\Windows\System\fRDDLdY.exe
  C:\Windows\System\fRDDLdY.exe
  2⤵
  PID:7956
- C:\Windows\System\bVPbzCR.exe
  C:\Windows\System\bVPbzCR.exe
  2⤵
  PID:7972
- C:\Windows\System\IerqynJ.exe
  C:\Windows\System\IerqynJ.exe
  2⤵
  PID:8076
- C:\Windows\System\FzGAAjH.exe
  C:\Windows\System\FzGAAjH.exe
  2⤵
  PID:8084
- C:\Windows\System\EYYEUUU.exe
  C:\Windows\System\EYYEUUU.exe
  2⤵
  PID:8152
- C:\Windows\System\MNjzMsg.exe
  C:\Windows\System\MNjzMsg.exe
  2⤵
  PID:7160
- C:\Windows\System\awDrpMT.exe
  C:\Windows\System\awDrpMT.exe
  2⤵
  PID:8100
- C:\Windows\System\vdveCzy.exe
  C:\Windows\System\vdveCzy.exe
  2⤵
  PID:8176
- C:\Windows\System\xUuYtUQ.exe
  C:\Windows\System\xUuYtUQ.exe
  2⤵
  PID:7220
- C:\Windows\System\eHrwtJm.exe
  C:\Windows\System\eHrwtJm.exe
  2⤵
  PID:7216
- C:\Windows\System\tofsVTx.exe
  C:\Windows\System\tofsVTx.exe
  2⤵
  PID:7308
- C:\Windows\System\BnlNjIx.exe
  C:\Windows\System\BnlNjIx.exe
  2⤵
  PID:7396
- C:\Windows\System\ntqTlsM.exe
  C:\Windows\System\ntqTlsM.exe
  2⤵
  PID:7424
- C:\Windows\System\hzpNRLX.exe
  C:\Windows\System\hzpNRLX.exe
  2⤵
  PID:7468
- C:\Windows\System\iwFEnOu.exe
  C:\Windows\System\iwFEnOu.exe
  2⤵
  PID:7504
- C:\Windows\System\QNAIjyK.exe
  C:\Windows\System\QNAIjyK.exe
  2⤵
  PID:7556
- C:\Windows\System\xSsAnDG.exe
  C:\Windows\System\xSsAnDG.exe
  2⤵
  PID:7672
- C:\Windows\System\fnPyBqI.exe
  C:\Windows\System\fnPyBqI.exe
  2⤵
  PID:7736
- C:\Windows\System\tvLXxIM.exe
  C:\Windows\System\tvLXxIM.exe
  2⤵
  PID:7708
- C:\Windows\System\RwjjhPH.exe
  C:\Windows\System\RwjjhPH.exe
  2⤵
  PID:7776
- C:\Windows\System\PRmivbk.exe
  C:\Windows\System\PRmivbk.exe
  2⤵
  PID:7844
- C:\Windows\System\sAYzwyE.exe
  C:\Windows\System\sAYzwyE.exe
  2⤵
  PID:7896
- C:\Windows\System\ataLuRF.exe
  C:\Windows\System\ataLuRF.exe
  2⤵
  PID:8012
- C:\Windows\System\jCJrEgD.exe
  C:\Windows\System\jCJrEgD.exe
  2⤵
  PID:8028
- C:\Windows\System\OOzaGJN.exe
  C:\Windows\System\OOzaGJN.exe
  2⤵
  PID:8120
- C:\Windows\System\qbnDpCn.exe
  C:\Windows\System\qbnDpCn.exe
  2⤵
  PID:8164
- C:\Windows\System\sXUPrnD.exe
  C:\Windows\System\sXUPrnD.exe
  2⤵
  PID:7184
- C:\Windows\System\rFJQzMl.exe
  C:\Windows\System\rFJQzMl.exe
  2⤵
  PID:7364
- C:\Windows\System\sfguILq.exe
  C:\Windows\System\sfguILq.exe
  2⤵
  PID:7464
- C:\Windows\System\JSYYToU.exe
  C:\Windows\System\JSYYToU.exe
  2⤵
  PID:7332
- C:\Windows\System\QsvXMwy.exe
  C:\Windows\System\QsvXMwy.exe
  2⤵
  PID:7640
- C:\Windows\System\tzrkGUv.exe
  C:\Windows\System\tzrkGUv.exe
  2⤵
  PID:7732
- C:\Windows\System\rKscxaf.exe
  C:\Windows\System\rKscxaf.exe
  2⤵
  PID:7392
- C:\Windows\System\FwIGsjX.exe
  C:\Windows\System\FwIGsjX.exe
  2⤵
  PID:8016
- C:\Windows\System\bIiJeUv.exe
  C:\Windows\System\bIiJeUv.exe
  2⤵
  PID:7064
- C:\Windows\System\acjTKGm.exe
  C:\Windows\System\acjTKGm.exe
  2⤵
  PID:7748
- C:\Windows\System\sBaXoUs.exe
  C:\Windows\System\sBaXoUs.exe
  2⤵
  PID:7888
- C:\Windows\System\WqWlxJp.exe
  C:\Windows\System\WqWlxJp.exe
  2⤵
  PID:8048
- C:\Windows\System\ebCWlkh.exe
  C:\Windows\System\ebCWlkh.exe
  2⤵
  PID:2116
- C:\Windows\System\FIHdYdt.exe
  C:\Windows\System\FIHdYdt.exe
  2⤵
  PID:7188
- C:\Windows\System\kpObdtv.exe
  C:\Windows\System\kpObdtv.exe
  2⤵
  PID:7720
- C:\Windows\System\eFmMgtj.exe
  C:\Windows\System\eFmMgtj.exe
  2⤵
  PID:7624
- C:\Windows\System\hwnbHAm.exe
  C:\Windows\System\hwnbHAm.exe
  2⤵
  PID:772
- C:\Windows\System\HIWLSWl.exe
  C:\Windows\System\HIWLSWl.exe
  2⤵
  PID:7552
- C:\Windows\System\YDFdmFs.exe
  C:\Windows\System\YDFdmFs.exe
  2⤵
  PID:7952
- C:\Windows\System\oTciiyX.exe
  C:\Windows\System\oTciiyX.exe
  2⤵
  PID:8168
- C:\Windows\System\EQOKAeT.exe
  C:\Windows\System\EQOKAeT.exe
  2⤵
  PID:8072
- C:\Windows\System\bjsZxtH.exe
  C:\Windows\System\bjsZxtH.exe
  2⤵
  PID:7488
- C:\Windows\System\uXaSWbs.exe
  C:\Windows\System\uXaSWbs.exe
  2⤵
  PID:2748
- C:\Windows\System\SjUvEQF.exe
  C:\Windows\System\SjUvEQF.exe
  2⤵
  PID:2732
- C:\Windows\System\vJXOEgY.exe
  C:\Windows\System\vJXOEgY.exe
  2⤵
  PID:7572
- C:\Windows\System\atYPLxY.exe
  C:\Windows\System\atYPLxY.exe
  2⤵
  PID:7716
- C:\Windows\System\TSZboJY.exe
  C:\Windows\System\TSZboJY.exe
  2⤵
  PID:7768
- C:\Windows\System\fxbMHzG.exe
  C:\Windows\System\fxbMHzG.exe
  2⤵
  PID:3004
- C:\Windows\System\buyovZK.exe
  C:\Windows\System\buyovZK.exe
  2⤵
  PID:7268
- C:\Windows\System\SBlModA.exe
  C:\Windows\System\SBlModA.exe
  2⤵
  PID:7940
- C:\Windows\System\FTnWWWj.exe
  C:\Windows\System\FTnWWWj.exe
  2⤵
  PID:7408
- C:\Windows\System\lCQkkeA.exe
  C:\Windows\System\lCQkkeA.exe
  2⤵
  PID:8200
- C:\Windows\System\kPqRBns.exe
  C:\Windows\System\kPqRBns.exe
  2⤵
  PID:8216
- C:\Windows\System\qoytjAQ.exe
  C:\Windows\System\qoytjAQ.exe
  2⤵
  PID:8232
- C:\Windows\System\qqZmFlj.exe
  C:\Windows\System\qqZmFlj.exe
  2⤵
  PID:8248
- C:\Windows\System\kRlKNsZ.exe
  C:\Windows\System\kRlKNsZ.exe
  2⤵
  PID:8264
- C:\Windows\System\iLxJShS.exe
  C:\Windows\System\iLxJShS.exe
  2⤵
  PID:8280
- C:\Windows\System\hZRMUpQ.exe
  C:\Windows\System\hZRMUpQ.exe
  2⤵
  PID:8296
- C:\Windows\System\PLkkTGe.exe
  C:\Windows\System\PLkkTGe.exe
  2⤵
  PID:8312
- C:\Windows\System\ZAUtMUh.exe
  C:\Windows\System\ZAUtMUh.exe
  2⤵
  PID:8328
- C:\Windows\System\noRKGqh.exe
  C:\Windows\System\noRKGqh.exe
  2⤵
  PID:8344
- C:\Windows\System\gmZJFYx.exe
  C:\Windows\System\gmZJFYx.exe
  2⤵
  PID:8360
- C:\Windows\System\irYnzSp.exe
  C:\Windows\System\irYnzSp.exe
  2⤵
  PID:8376
- C:\Windows\System\lGHAxxA.exe
  C:\Windows\System\lGHAxxA.exe
  2⤵
  PID:8392
- C:\Windows\System\vYGBabX.exe
  C:\Windows\System\vYGBabX.exe
  2⤵
  PID:8408
- C:\Windows\System\zOoqnOA.exe
  C:\Windows\System\zOoqnOA.exe
  2⤵
  PID:8428
- C:\Windows\System\PbXVviE.exe
  C:\Windows\System\PbXVviE.exe
  2⤵
  PID:8444
- C:\Windows\System\iLsmoEj.exe
  C:\Windows\System\iLsmoEj.exe
  2⤵
  PID:8460
- C:\Windows\System\cWFKBeD.exe
  C:\Windows\System\cWFKBeD.exe
  2⤵
  PID:8476
- C:\Windows\System\QDdKsdr.exe
  C:\Windows\System\QDdKsdr.exe
  2⤵
  PID:8492
- C:\Windows\System\ANWbRhr.exe
  C:\Windows\System\ANWbRhr.exe
  2⤵
  PID:8508
- C:\Windows\System\rbKsAPj.exe
  C:\Windows\System\rbKsAPj.exe
  2⤵
  PID:8524
- C:\Windows\System\lkrOCFM.exe
  C:\Windows\System\lkrOCFM.exe
  2⤵
  PID:8540
- C:\Windows\System\sRZIBja.exe
  C:\Windows\System\sRZIBja.exe
  2⤵
  PID:8556
- C:\Windows\System\GBBMEMs.exe
  C:\Windows\System\GBBMEMs.exe
  2⤵
  PID:8572
- C:\Windows\System\QWPayHI.exe
  C:\Windows\System\QWPayHI.exe
  2⤵
  PID:8588
- C:\Windows\System\XTsUdUf.exe
  C:\Windows\System\XTsUdUf.exe
  2⤵
  PID:8604
- C:\Windows\System\ClLsFZE.exe
  C:\Windows\System\ClLsFZE.exe
  2⤵
  PID:8620
- C:\Windows\System\PxUgFnT.exe
  C:\Windows\System\PxUgFnT.exe
  2⤵
  PID:8636
- C:\Windows\System\Zcodick.exe
  C:\Windows\System\Zcodick.exe
  2⤵
  PID:8652
- C:\Windows\System\zVMAAra.exe
  C:\Windows\System\zVMAAra.exe
  2⤵
  PID:8668
- C:\Windows\System\UATFCVK.exe
  C:\Windows\System\UATFCVK.exe
  2⤵
  PID:8684
- C:\Windows\System\LrNbaEP.exe
  C:\Windows\System\LrNbaEP.exe
  2⤵
  PID:8700
- C:\Windows\System\JnyfobH.exe
  C:\Windows\System\JnyfobH.exe
  2⤵
  PID:8716
- C:\Windows\System\lrooOhX.exe
  C:\Windows\System\lrooOhX.exe
  2⤵
  PID:8732
- C:\Windows\System\JoTSfDa.exe
  C:\Windows\System\JoTSfDa.exe
  2⤵
  PID:8748
- C:\Windows\System\BIiDPkw.exe
  C:\Windows\System\BIiDPkw.exe
  2⤵
  PID:8764
- C:\Windows\System\zJwbaIP.exe
  C:\Windows\System\zJwbaIP.exe
  2⤵
  PID:8780
- C:\Windows\System\yPvnGIv.exe
  C:\Windows\System\yPvnGIv.exe
  2⤵
  PID:8796
- C:\Windows\System\cZykSkZ.exe
  C:\Windows\System\cZykSkZ.exe
  2⤵
  PID:8812
- C:\Windows\System\YckutxY.exe
  C:\Windows\System\YckutxY.exe
  2⤵
  PID:8836
- C:\Windows\System\hKRLUpA.exe
  C:\Windows\System\hKRLUpA.exe
  2⤵
  PID:8852
- C:\Windows\System\DIAkYGP.exe
  C:\Windows\System\DIAkYGP.exe
  2⤵
  PID:8868
- C:\Windows\System\vliieLu.exe
  C:\Windows\System\vliieLu.exe
  2⤵
  PID:8884
- C:\Windows\System\xYriMSn.exe
  C:\Windows\System\xYriMSn.exe
  2⤵
  PID:8904
- C:\Windows\System\CmnKzrQ.exe
  C:\Windows\System\CmnKzrQ.exe
  2⤵
  PID:8920
- C:\Windows\System\xhZsBin.exe
  C:\Windows\System\xhZsBin.exe
  2⤵
  PID:8936
- C:\Windows\System\ZXAwnzL.exe
  C:\Windows\System\ZXAwnzL.exe
  2⤵
  PID:8952
- C:\Windows\System\sKTvGaV.exe
  C:\Windows\System\sKTvGaV.exe
  2⤵
  PID:8968
- C:\Windows\System\SaxbUyY.exe
  C:\Windows\System\SaxbUyY.exe
  2⤵
  PID:8988
- C:\Windows\System\TSmNXHz.exe
  C:\Windows\System\TSmNXHz.exe
  2⤵
  PID:9012
- C:\Windows\System\acINkRj.exe
  C:\Windows\System\acINkRj.exe
  2⤵
  PID:9028
- C:\Windows\System\qXIMPAA.exe
  C:\Windows\System\qXIMPAA.exe
  2⤵
  PID:9044
- C:\Windows\System\DqgPnMf.exe
  C:\Windows\System\DqgPnMf.exe
  2⤵
  PID:9064
- C:\Windows\System\KQTpwqo.exe
  C:\Windows\System\KQTpwqo.exe
  2⤵
  PID:9080
- C:\Windows\System\mDbVujV.exe
  C:\Windows\System\mDbVujV.exe
  2⤵
  PID:9096
- C:\Windows\System\kmNfoyK.exe
  C:\Windows\System\kmNfoyK.exe
  2⤵
  PID:9112
- C:\Windows\System\GlMXwwJ.exe
  C:\Windows\System\GlMXwwJ.exe
  2⤵
  PID:9128
- C:\Windows\System\mnrIuuU.exe
  C:\Windows\System\mnrIuuU.exe
  2⤵
  PID:9144
- C:\Windows\System\FFwbqKq.exe
  C:\Windows\System\FFwbqKq.exe
  2⤵
  PID:9160
- C:\Windows\System\SJECOum.exe
  C:\Windows\System\SJECOum.exe
  2⤵
  PID:9176
- C:\Windows\System\zJLjNJt.exe
  C:\Windows\System\zJLjNJt.exe
  2⤵
  PID:9192
- C:\Windows\System\GscZwuQ.exe
  C:\Windows\System\GscZwuQ.exe
  2⤵
  PID:9208
- C:\Windows\System\EwfhQNj.exe
  C:\Windows\System\EwfhQNj.exe
  2⤵
  PID:8208
- C:\Windows\System\QnRuaQe.exe
  C:\Windows\System\QnRuaQe.exe
  2⤵
  PID:8224
- C:\Windows\System\IqZpHoo.exe
  C:\Windows\System\IqZpHoo.exe
  2⤵
  PID:8244
- C:\Windows\System\MOPyMda.exe
  C:\Windows\System\MOPyMda.exe
  2⤵
  PID:8292
- C:\Windows\System\oEbskJc.exe
  C:\Windows\System\oEbskJc.exe
  2⤵
  PID:8352
- C:\Windows\System\gQOQOlV.exe
  C:\Windows\System\gQOQOlV.exe
  2⤵
  PID:8340
- C:\Windows\System\HBUPajo.exe
  C:\Windows\System\HBUPajo.exe
  2⤵
  PID:8388
- C:\Windows\System\DqfxNHm.exe
  C:\Windows\System\DqfxNHm.exe
  2⤵
  PID:8420
- C:\Windows\System\aWlAkuw.exe
  C:\Windows\System\aWlAkuw.exe
  2⤵
  PID:8452
- C:\Windows\System\YBWOcuq.exe
  C:\Windows\System\YBWOcuq.exe
  2⤵
  PID:8488
- C:\Windows\System\eUyNCKX.exe
  C:\Windows\System\eUyNCKX.exe
  2⤵
  PID:8504
- C:\Windows\System\QOKDKqC.exe
  C:\Windows\System\QOKDKqC.exe
  2⤵
  PID:8552
- C:\Windows\System\TZcfghr.exe
  C:\Windows\System\TZcfghr.exe
  2⤵
  PID:8584
- C:\Windows\System\xxTDegG.exe
  C:\Windows\System\xxTDegG.exe
  2⤵
  PID:8616
- C:\Windows\System\EuhKKXZ.exe
  C:\Windows\System\EuhKKXZ.exe
  2⤵
  PID:8632
- C:\Windows\System\UQRqFNz.exe
  C:\Windows\System\UQRqFNz.exe
  2⤵
  PID:8696
- C:\Windows\System\YnIvDWu.exe
  C:\Windows\System\YnIvDWu.exe
  2⤵
  PID:8712
- C:\Windows\System\uXgMyry.exe
  C:\Windows\System\uXgMyry.exe
  2⤵
  PID:8724
- C:\Windows\System\SBhHtuc.exe
  C:\Windows\System\SBhHtuc.exe
  2⤵
  PID:8760
- C:\Windows\System\pICEdZS.exe
  C:\Windows\System\pICEdZS.exe
  2⤵
  PID:8808
- C:\Windows\System\OgpcCWA.exe
  C:\Windows\System\OgpcCWA.exe
  2⤵
  PID:8824
- C:\Windows\System\jLAQAjS.exe
  C:\Windows\System\jLAQAjS.exe
  2⤵
  PID:8864
- C:\Windows\System\srFqCfX.exe
  C:\Windows\System\srFqCfX.exe
  2⤵
  PID:8892
- C:\Windows\System\zlVzTGd.exe
  C:\Windows\System\zlVzTGd.exe
  2⤵
  PID:8916
- C:\Windows\System\FkVxhtS.exe
  C:\Windows\System\FkVxhtS.exe
  2⤵
  PID:8932
- C:\Windows\System\HpDKOEm.exe
  C:\Windows\System\HpDKOEm.exe
  2⤵
  PID:8960
- C:\Windows\System\uHIJtLJ.exe
  C:\Windows\System\uHIJtLJ.exe
  2⤵
  PID:9008
- C:\Windows\System\THAINkv.exe
  C:\Windows\System\THAINkv.exe
  2⤵
  PID:9036
- C:\Windows\System\vHAbaGz.exe
  C:\Windows\System\vHAbaGz.exe
  2⤵
  PID:9072
- C:\Windows\System\EYYzbtz.exe
  C:\Windows\System\EYYzbtz.exe
  2⤵
  PID:9088
- C:\Windows\System\pbaQMDG.exe
  C:\Windows\System\pbaQMDG.exe
  2⤵
  PID:9152
- C:\Windows\System\MayLvzx.exe
  C:\Windows\System\MayLvzx.exe
  2⤵
  PID:9188
- C:\Windows\System\qYQcEMV.exe
  C:\Windows\System\qYQcEMV.exe
  2⤵
  PID:9168
- C:\Windows\System\TuIHcev.exe
  C:\Windows\System\TuIHcev.exe
  2⤵
  PID:9136
- C:\Windows\System\YwBFEmi.exe
  C:\Windows\System\YwBFEmi.exe
  2⤵
  PID:8196
- C:\Windows\System\QtKFlgz.exe
  C:\Windows\System\QtKFlgz.exe
  2⤵
  PID:8324
- C:\Windows\System\TMCWltu.exe
  C:\Windows\System\TMCWltu.exe
  2⤵
  PID:8336
- C:\Windows\System\vYfbCeq.exe
  C:\Windows\System\vYfbCeq.exe
  2⤵
  PID:8472
- C:\Windows\System\OexahdL.exe
  C:\Windows\System\OexahdL.exe
  2⤵
  PID:8520
- C:\Windows\System\DUsNWLO.exe
  C:\Windows\System\DUsNWLO.exe
  2⤵
  PID:8536
- C:\Windows\System\gtHzGRH.exe
  C:\Windows\System\gtHzGRH.exe
  2⤵
  PID:8596
- C:\Windows\System\MvPOjPw.exe
  C:\Windows\System\MvPOjPw.exe
  2⤵
  PID:8708
- C:\Windows\System\cBzWZWn.exe
  C:\Windows\System\cBzWZWn.exe
  2⤵
  PID:8788
- C:\Windows\System\dbcvRZo.exe
  C:\Windows\System\dbcvRZo.exe
  2⤵
  PID:8756
- C:\Windows\System\gvGYnbw.exe
  C:\Windows\System\gvGYnbw.exe
  2⤵
  PID:8848
- C:\Windows\System\OGnCilH.exe
  C:\Windows\System\OGnCilH.exe
  2⤵
  PID:8944
- C:\Windows\System\zyLcTBk.exe
  C:\Windows\System\zyLcTBk.exe
  2⤵
  PID:8964
- C:\Windows\System\gRpgjQk.exe
  C:\Windows\System\gRpgjQk.exe
  2⤵
  PID:9024
- C:\Windows\System\LiznISN.exe
  C:\Windows\System\LiznISN.exe
  2⤵
  PID:1100
- C:\Windows\System\URxFobB.exe
  C:\Windows\System\URxFobB.exe
  2⤵
  PID:8260
- C:\Windows\System\FEgdyaf.exe
  C:\Windows\System\FEgdyaf.exe
  2⤵
  PID:8404
- C:\Windows\System\mjkbfjE.exe
  C:\Windows\System\mjkbfjE.exe
  2⤵
  PID:8484
- C:\Windows\System\YhvZHbP.exe
  C:\Windows\System\YhvZHbP.exe
  2⤵
  PID:7892
- C:\Windows\System\ybWPQJn.exe
  C:\Windows\System\ybWPQJn.exe
  2⤵
  PID:1088
- C:\Windows\System\oDaDXnQ.exe
  C:\Windows\System\oDaDXnQ.exe
  2⤵
  PID:9060
- C:\Windows\System\UGbzqpY.exe
  C:\Windows\System\UGbzqpY.exe
  2⤵
  PID:8996
- C:\Windows\System\CSkWvlM.exe
  C:\Windows\System\CSkWvlM.exe
  2⤵
  PID:9108
- C:\Windows\System\BqJWvvL.exe
  C:\Windows\System\BqJWvvL.exe
  2⤵
  PID:2408
- C:\Windows\System\JAtomUA.exe
  C:\Windows\System\JAtomUA.exe
  2⤵
  PID:8548
- C:\Windows\System\ToaHHhk.exe
  C:\Windows\System\ToaHHhk.exe
  2⤵
  PID:8644
- C:\Windows\System\gVZpOLa.exe
  C:\Windows\System\gVZpOLa.exe
  2⤵
  PID:9104
- C:\Windows\System\WUKIMlg.exe
  C:\Windows\System\WUKIMlg.exe
  2⤵
  PID:9200
- C:\Windows\System\lrWGuxx.exe
  C:\Windows\System\lrWGuxx.exe
  2⤵
  PID:8772
- C:\Windows\System\NHHDeiY.exe
  C:\Windows\System\NHHDeiY.exe
  2⤵
  PID:8272
- C:\Windows\System\TCvOoaS.exe
  C:\Windows\System\TCvOoaS.exe
  2⤵
  PID:8468
- C:\Windows\System\ScIlqhP.exe
  C:\Windows\System\ScIlqhP.exe
  2⤵
  PID:9228
- C:\Windows\System\ywrlMty.exe
  C:\Windows\System\ywrlMty.exe
  2⤵
  PID:9248
- C:\Windows\System\uwWrjNq.exe
  C:\Windows\System\uwWrjNq.exe
  2⤵
  PID:9264
- C:\Windows\System\CMUOzAj.exe
  C:\Windows\System\CMUOzAj.exe
  2⤵
  PID:9284
- C:\Windows\System\XuLXjBo.exe
  C:\Windows\System\XuLXjBo.exe
  2⤵
  PID:9300
- C:\Windows\System\YYZbaOc.exe
  C:\Windows\System\YYZbaOc.exe
  2⤵
  PID:9324
- C:\Windows\System\YTSEuII.exe
  C:\Windows\System\YTSEuII.exe
  2⤵
  PID:9340
- C:\Windows\System\hSAPYId.exe
  C:\Windows\System\hSAPYId.exe
  2⤵
  PID:9364
- C:\Windows\System\cZQXTCm.exe
  C:\Windows\System\cZQXTCm.exe
  2⤵
  PID:9384
- C:\Windows\System\HmsniOE.exe
  C:\Windows\System\HmsniOE.exe
  2⤵
  PID:9408
- C:\Windows\System\ujxPFIv.exe
  C:\Windows\System\ujxPFIv.exe
  2⤵
  PID:9424
- C:\Windows\System\eesYoMP.exe
  C:\Windows\System\eesYoMP.exe
  2⤵
  PID:9440
- C:\Windows\System\dqEvdkV.exe
  C:\Windows\System\dqEvdkV.exe
  2⤵
  PID:9456
- C:\Windows\System\wxugeqj.exe
  C:\Windows\System\wxugeqj.exe
  2⤵
  PID:9472
- C:\Windows\System\pGxdmOd.exe
  C:\Windows\System\pGxdmOd.exe
  2⤵
  PID:9496
- C:\Windows\System\fvWULnJ.exe
  C:\Windows\System\fvWULnJ.exe
  2⤵
  PID:9516
- C:\Windows\System\AAWWPLf.exe
  C:\Windows\System\AAWWPLf.exe
  2⤵
  PID:9532
- C:\Windows\System\pIbCzoX.exe
  C:\Windows\System\pIbCzoX.exe
  2⤵
  PID:9548
- C:\Windows\System\PVxexWt.exe
  C:\Windows\System\PVxexWt.exe
  2⤵
  PID:9568
- C:\Windows\System\lNSFnZA.exe
  C:\Windows\System\lNSFnZA.exe
  2⤵
  PID:9584
- C:\Windows\System\kRtNvmX.exe
  C:\Windows\System\kRtNvmX.exe
  2⤵
  PID:9600
- C:\Windows\System\OSvxddU.exe
  C:\Windows\System\OSvxddU.exe
  2⤵
  PID:9616
- C:\Windows\System\JTwpNnQ.exe
  C:\Windows\System\JTwpNnQ.exe
  2⤵
  PID:9640
- C:\Windows\System\ZfApGwb.exe
  C:\Windows\System\ZfApGwb.exe
  2⤵
  PID:9656
- C:\Windows\System\AiBHKXZ.exe
  C:\Windows\System\AiBHKXZ.exe
  2⤵
  PID:9676
- C:\Windows\System\PMZJKry.exe
  C:\Windows\System\PMZJKry.exe
  2⤵
  PID:9692
- C:\Windows\System\lBqpsOc.exe
  C:\Windows\System\lBqpsOc.exe
  2⤵
  PID:9712
- C:\Windows\System\MuxFVmM.exe
  C:\Windows\System\MuxFVmM.exe
  2⤵
  PID:9728
- C:\Windows\System\nyDiEkg.exe
  C:\Windows\System\nyDiEkg.exe
  2⤵
  PID:9744
- C:\Windows\System\BxWbtHU.exe
  C:\Windows\System\BxWbtHU.exe
  2⤵
  PID:9784
- C:\Windows\System\NwGdRrv.exe
  C:\Windows\System\NwGdRrv.exe
  2⤵
  PID:9812
- C:\Windows\System\bkXjeLB.exe
  C:\Windows\System\bkXjeLB.exe
  2⤵
  PID:9840
- C:\Windows\System\LJbtgzm.exe
  C:\Windows\System\LJbtgzm.exe
  2⤵
  PID:9860
- C:\Windows\System\CetRSBw.exe
  C:\Windows\System\CetRSBw.exe
  2⤵
  PID:9900
- C:\Windows\System\JnHufwl.exe
  C:\Windows\System\JnHufwl.exe
  2⤵
  PID:9928
- C:\Windows\System\QNJYFLQ.exe
  C:\Windows\System\QNJYFLQ.exe
  2⤵
  PID:9948
- C:\Windows\System\TvyINey.exe
  C:\Windows\System\TvyINey.exe
  2⤵
  PID:9976
- C:\Windows\System\XnWIzff.exe
  C:\Windows\System\XnWIzff.exe
  2⤵
  PID:9992
- C:\Windows\System\YpdRUGA.exe
  C:\Windows\System\YpdRUGA.exe
  2⤵
  PID:10012
- C:\Windows\System\ScbHhDf.exe
  C:\Windows\System\ScbHhDf.exe
  2⤵
  PID:10028
- C:\Windows\System\vMcwrkf.exe
  C:\Windows\System\vMcwrkf.exe
  2⤵
  PID:10044
- C:\Windows\System\PBRUYai.exe
  C:\Windows\System\PBRUYai.exe
  2⤵
  PID:10060
- C:\Windows\System\cNjpTIi.exe
  C:\Windows\System\cNjpTIi.exe
  2⤵
  PID:10076
- C:\Windows\System\QXOYSmO.exe
  C:\Windows\System\QXOYSmO.exe
  2⤵
  PID:10096
- C:\Windows\System\CjOtptI.exe
  C:\Windows\System\CjOtptI.exe
  2⤵
  PID:10116
- C:\Windows\System\WVNKEBU.exe
  C:\Windows\System\WVNKEBU.exe
  2⤵
  PID:10132
- C:\Windows\System\SBmijVz.exe
  C:\Windows\System\SBmijVz.exe
  2⤵
  PID:10148
- C:\Windows\System\jvhamNY.exe
  C:\Windows\System\jvhamNY.exe
  2⤵
  PID:10168
- C:\Windows\System\IRjqUPj.exe
  C:\Windows\System\IRjqUPj.exe
  2⤵
  PID:10184
- C:\Windows\System\EkVtBYG.exe
  C:\Windows\System\EkVtBYG.exe
  2⤵
  PID:10200
- C:\Windows\System\jsExGRN.exe
  C:\Windows\System\jsExGRN.exe
  2⤵
  PID:10216
- C:\Windows\System\jgzqwoy.exe
  C:\Windows\System\jgzqwoy.exe
  2⤵
  PID:10236
- C:\Windows\System\sviWBms.exe
  C:\Windows\System\sviWBms.exe
  2⤵
  PID:9236
- C:\Windows\System\HvHoDAV.exe
  C:\Windows\System\HvHoDAV.exe
  2⤵
  PID:8828
- C:\Windows\System\CVxGNEf.exe
  C:\Windows\System\CVxGNEf.exe
  2⤵
  PID:9276
- C:\Windows\System\EUMTjNM.exe
  C:\Windows\System\EUMTjNM.exe
  2⤵
  PID:9292
- C:\Windows\System\FYqAscu.exe
  C:\Windows\System\FYqAscu.exe
  2⤵
  PID:9320
- C:\Windows\System\jUnstjW.exe
  C:\Windows\System\jUnstjW.exe
  2⤵
  PID:9332
- C:\Windows\System\mgIGgZt.exe
  C:\Windows\System\mgIGgZt.exe
  2⤵
  PID:9376
- C:\Windows\System\GbLljvl.exe
  C:\Windows\System\GbLljvl.exe
  2⤵
  PID:9400
- C:\Windows\System\wuyLJwT.exe
  C:\Windows\System\wuyLJwT.exe
  2⤵
  PID:9416
- C:\Windows\System\JhspgSN.exe
  C:\Windows\System\JhspgSN.exe
  2⤵
  PID:9452
- C:\Windows\System\bcXYyeM.exe
  C:\Windows\System\bcXYyeM.exe
  2⤵
  PID:9540
- C:\Windows\System\wzNfvYy.exe
  C:\Windows\System\wzNfvYy.exe
  2⤵
  PID:9528
- C:\Windows\System\sSwWFyD.exe
  C:\Windows\System\sSwWFyD.exe
  2⤵
  PID:9580
- C:\Windows\System\YPBaPin.exe
  C:\Windows\System\YPBaPin.exe
  2⤵
  PID:9632
- C:\Windows\System\tRQMVmV.exe
  C:\Windows\System\tRQMVmV.exe
  2⤵
  PID:9596
- C:\Windows\System\byypPnd.exe
  C:\Windows\System\byypPnd.exe
  2⤵
  PID:9636
- C:\Windows\System\IziWkLo.exe
  C:\Windows\System\IziWkLo.exe
  2⤵
  PID:9724
- C:\Windows\System\aulQCrg.exe
  C:\Windows\System\aulQCrg.exe
  2⤵
  PID:9736
- C:\Windows\System\VhVdcEB.exe
  C:\Windows\System\VhVdcEB.exe
  2⤵
  PID:9764
- C:\Windows\System\pFGrDDH.exe
  C:\Windows\System\pFGrDDH.exe
  2⤵
  PID:9768
- C:\Windows\System\TeLuPIf.exe
  C:\Windows\System\TeLuPIf.exe
  2⤵
  PID:9832
- C:\Windows\System\wRaUoac.exe
  C:\Windows\System\wRaUoac.exe
  2⤵
  PID:9848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AxNNYxO.exe

Filesize
6.0MB

MD5
3d7de8999bafc5e8e039cf03478c645e

SHA1
f5b7470eb509fea4df9ae300e6ee4f499aa8a691

SHA256
b26552fdad9251ce14a37260aab737c2d58abfb669fcb24ceacf2289ca49a965

SHA512
afa03fd73cfab9c963655a56f4d420777709090741360a7de47a096210726f7504b03e545d2c520410f032fa5f3ee960aa196cdb71473507108488e481b74c3f

Download Submit
C:\Windows\system\BrEMtiS.exe

Filesize
6.0MB

MD5
6e1fd643cd100878fd75d531179db209

SHA1
9874eaa44866bf15aff312f42008f8cc21ff7c40

SHA256
5e92cc5c83acc93c713961561d85331d259ff00847bbd4f69e95b80779ad7e6b

SHA512
576b72967ea5874b4fce9163dea7211c8514490e510858452babb16cc2d3159ec11787115694ba1567d5d47ead7c9b815a5e28c4384ed1845e1c1626fa5f6590

Download Submit
C:\Windows\system\DXGvcyF.exe

Filesize
6.0MB

MD5
98b237733dc1b53ca9a32e5d18e8f01a

SHA1
b60fd50f04f81268aca15682460721e146c731b0

SHA256
80070a60a49c7ba42cbca9393e8a0df6dc115af7f594e13567abc230ff61c0b4

SHA512
bbc95a39d002d3d76cb0116005b891014184bf7cfc98ed2f0e04b86ff7abfa498fee8286145c5efe23a6aaff6ec28401eaf841655e94bef283c67cdef85f8a63

Download Submit
C:\Windows\system\FEHDQbk.exe

Filesize
6.0MB

MD5
83d4bf521fcf4a6a222e32cac01b6fc3

SHA1
37fb40cd63abd6470cb09a987e84546bb926d539

SHA256
8e7733219e023a992f884a624be0cf77f005917c8e8a0f153d7d26d832b20957

SHA512
4ea70d39b2455cd8f12a11aa178db4602c7d784930f95ebde8f5d1c23c44e2f0ed9ba65691ab5109b9a915c2ec969db93c53740c6275fe2c9f43896506bdd7cd

Download Submit
C:\Windows\system\GMrseQE.exe

Filesize
6.0MB

MD5
84bcf6b1c1559f246aca153cf7b1e341

SHA1
d120044ace641a4fb3ec98246abafcd0165b2086

SHA256
a0c4dc879afea4e9128a7dd9366f4e4dc3a2f13ed9281cac0eacd0478784e54e

SHA512
ba633e96e81885946098a7deb2693fc551bff6aef0d0c14407e33f741be7519b7dc9ba6e540b71407375d7799150ab44032fb49dc874974db574aed887d5814f

Download Submit
C:\Windows\system\HpbhEhk.exe

Filesize
6.0MB

MD5
dcbd6ae09fa24aea0b6c9c222bc81e6b

SHA1
a03c376fd46ae2bd573ac14e92a01df1e618560f

SHA256
63439fd2561e36f9c8c63fc29764c76f6c7f558991f884ebe5fef6f282285ee6

SHA512
567ce915e9ab97f99fc71e4abf46a3d40727e82a4378ebc8f71343098c85728cba985d0e6d35a8a1e36517036ebc6431b76c33fa972955f2cfb726c587258181

Download Submit
C:\Windows\system\OcowgXZ.exe

Filesize
6.0MB

MD5
eb8186ec3d71f14532784ce162a4c0a5

SHA1
477f3469725928c262076936dfc034de9d9c11a8

SHA256
4fbf3ca657d00ff62aa411d47111271519603bc3af55f1f84cdd6d9cd5277fc0

SHA512
c4a91a1fdfdceb726871321a7112e3546c8f38915e70b43f7dcdfd6b974eeeb8e0c0628d3e9810fe1a97fc502e5f6388f5e5b688ce2c616453e3ab57a9ba5754

Download Submit
C:\Windows\system\SUwWGlJ.exe

Filesize
6.0MB

MD5
482a733f44fc90ab3bc4141b935954ba

SHA1
0e683e6c6b44d8dddf470a5a24b1b250d6525921

SHA256
2fd096d11c48cd8f17d3b001195d916c6242fc3b44db7085477e0bf44d8114d7

SHA512
7688c382778e8af951fdf9374ddb3aaa95ac9dfe98382ebb137c5562b054b52fc0976f040996cf0437db07f06e5e4e3d895fc43e1a0c70e1dec03cb8f8147bc3

Download Submit
C:\Windows\system\XhtcrmF.exe

Filesize
6.0MB

MD5
fe4af715cf1997c58ffc6ee94b302811

SHA1
e69c56e433760432444784772a6af64fb753052b

SHA256
f38be902138d11c83da166bd9e1cb7afd61315fe635da05bd85fb3bb58addc08

SHA512
2b39974dcd92ac453e3013f807e36fc4be158cfc9d50b8d2ecf1adedc107e5942f18bd3515c3eb63fe28032625c0f0b70664b458046b96e5cc7979ef4d11cde5

Download Submit
C:\Windows\system\XthxtzV.exe

Filesize
6.0MB

MD5
8e9ffb5799f15f513d22739a8d03c18c

SHA1
9681d9410418d59636e95cf566415d5c09770009

SHA256
85822ad3a60dc0d8a3379f44c553699ccfce891445e6dd19781e8e8de85ebacf

SHA512
1814de965ff2f5348bda3a7578ca1449d2cdbbf427613998d2410ab817a48d84aa3bdaabbce1913553a0fd4906ef965d0b71174804b7c782b2d7796679f1ad71

Download Submit
C:\Windows\system\ZFGxmOf.exe

Filesize
6.0MB

MD5
8d411da039a3fc0dc1244af35932de6b

SHA1
a9062a4e69461a337b7ea43e69ffae27b2701e39

SHA256
fdb371f55b97f58c28deeb7ac78745303fecc602a67e0f0eb930ed486e9c2c8b

SHA512
1e99fed8424829d572cf9e943b978acedae4707ed15a37e995a82d4c41a56f691ad14393df93202a817c80a2588073bc7dc62ac66aa3531b3d5f101d2fff1511

Download Submit
C:\Windows\system\ifKEXNG.exe

Filesize
6.0MB

MD5
f7ca3015bc5bb943c50a5e521da69d4f

SHA1
862d2328dfadfa5184334e40ced967ceae3f3486

SHA256
d308423c554c87997b2cc4a5f9b12bd3067d2fe8f8175bc84d7bdcb35f826122

SHA512
39ad3b0eaeb3d209c1002eb98ae457cb30705cf678b030e4dfc8200612a4ea7d32287ecd06e4df9a6a399bd3cc3cd8807e3385a0e70621053c5831e83fcccbdf

Download Submit
C:\Windows\system\laEkFKx.exe

Filesize
6.0MB

MD5
9b061cee7fac52f0e76e6891834d3467

SHA1
96f73ea8e3df19c7617d56fb7dd14af0d3d8742e

SHA256
b2026d5dc0f477327f9a19cd8343c484c15c06d9c60c6b259af58a7d7237a45a

SHA512
baed7c22edf9d1148d2c2929e04bc049fc7a6314bcd9deb196396c47bef8cca57fee11180d3b35ff8e1cf553a84c748af1368f6ed6c9add7725e52d6df2b2acb

Download Submit
C:\Windows\system\lhVDtaV.exe

Filesize
6.0MB

MD5
0afdd0ee3cbff22381ab2af664d5b295

SHA1
59c87690f67c8c8c5debf4fbd88b2083b925c452

SHA256
cf86a1c12aa5203ccb255d710e71a17e06f72572b05d09dae833fd52f5dc12f8

SHA512
8ad5b476c2600bd8b2821595ef34eb965c09b96e93f7a0337fd3673ec258c55c517e21af7843f4e5a5b6b105cca55a7e876ff39d18759f24213fca26288fb889

Download Submit
C:\Windows\system\oJiJBAd.exe

Filesize
6.0MB

MD5
6eec5b788ea8ec204efed6c66b29309c

SHA1
4f9a857b3fb00451bb785d3d4928cf7a42789eaa

SHA256
a242f3021cb34a6ad8b4524aa5623bbe21f690dfeee6f8a6469eab87d5b64350

SHA512
3dd722d988df3b9c6419c9b1070ec08dfb7fb1e1f6dfff3ca85be5b6d14a7287d00c783749d60fb4e703fd273145ec311e24aa9945c6d8680cbc6bcbe6f051a7

Download Submit
C:\Windows\system\vRCfqBS.exe

Filesize
6.0MB

MD5
37c1b084e20617ebd793be4474ff4629

SHA1
d9d6582e67fe1303fc6dea86a3ecc010328e3851

SHA256
2e97d5450156d25a8da268e9297a54bbfeb8329a8f1c39fde225c4415d0d45b0

SHA512
d8db0cd927aa05cb2485df324bd7d0ac9b692210eddab1f32385b70f20c35c01d3919dfe3e2bfd43c724d18fd62d27477f739e29b40b8aac95d8dd5f3bbf7ef1

Download Submit
\Windows\system\DEsJIaq.exe

Filesize
6.0MB

MD5
d274989cd329542bd814a05ea0a60217

SHA1
ad055e74bfaadb666a1c28cc52d874a38c87d9ca

SHA256
3d4dc66e5a7126610ba8dc72a082f20455d675c815f95a68f9d25475b11c5f50

SHA512
d394f8e6cd11d1139d6b4898f63760e549c28c30b33979543077708ba9e238f08c92c295edeb5a52b868599c348032dfc6545bc75595b04f87eeba6b2ef3e2ef

Download Submit
\Windows\system\DckPHeF.exe

Filesize
6.0MB

MD5
c10beb2a5ea6ea608c8aa4b5faad8cbe

SHA1
01391927db0242c76e6c2b17ef7c5976b79030f6

SHA256
102d28a28225a856c8c6cb8bca5528c9f9c4a72585c2044455b34569df82bfd5

SHA512
a42d9b923f56f159625643d3c14ae2c5c1f577ed4a5644acbce3ca73401293be4c1b932c9bdc298c64e2e473d40b6277ec9e4dff9c2fca49746559b2fa0258f1

Download Submit
\Windows\system\JRJDRNV.exe

Filesize
6.0MB

MD5
311a883960d4e8cdd5b81f50eabec6f1

SHA1
11e2aea7c61336727d151bea80793537d490dcbf

SHA256
44b47656f076deda88823da52e2d807b2d1369d0281a2978b8a5304849261eeb

SHA512
838f747b5612c6d66e3ea6db6e2096b1478df7c38c14c636a6607cdb217a83f5de2fa842e351eeb696fd22168889bb762fa228f4ce81bf66f9bcbf4e8646ab9a

Download Submit
\Windows\system\MHudwgy.exe

Filesize
6.0MB

MD5
66fda46d26801c5ca8431a64a01b02e8

SHA1
af30483454ec81945683e0ea09ce48dab9ef8cab

SHA256
7fe5b9a67f3fc2d78e16423da3f55a37a606714a2b55f3d4ecfeb8afe79c8b53

SHA512
4f081971da79bc1bdc46007f66ed0d31c9bc5e0995f7c21509f243c972a523b4c6e7ff6a863b5a253530b0d1aee1eaa86598e418952569b8fe337cd487ee092b

Download Submit
\Windows\system\OVEZOHv.exe

Filesize
6.0MB

MD5
440ac74987a3fa4956068f434d6fa415

SHA1
a5848534013a16da8e51346341f4f67dcaa9f154

SHA256
4e5d301c0e94957f20e3d25b6a34620e0cd5d198c65b82ea7d693773d827c6b1

SHA512
269c158bc0315561a706610d85d93ad78aceb25886dedaca46aece7d45f0a3f589341f7aff122ae4a2fcd2bd5e8aecaf9990f3cae4e46a18cc697943b36430d3

Download Submit
\Windows\system\QnLYeki.exe

Filesize
6.0MB

MD5
f0180f6daf0d5e8268150ef4ed8bcbe6

SHA1
91e1bf28f4018379e7b1255ee57a3d6bfc86f046

SHA256
96080920e6901c837b6871b618da11eea1432e7eedec5b31ab6db5de34cd898b

SHA512
7778a435d0528f6008a6d65a86bb157e4dcff08dd84e714a1b863dcd0e27371ae94e0ec1d87f29118791df6f4c5c4ce91b35b89eff52f7168e5a1f4539789a4e

Download Submit
\Windows\system\Qohmxum.exe

Filesize
6.0MB

MD5
cbfba55fe6ec176d313ed8e4010d978b

SHA1
2998a3c6b59d2b899f3488cf14c5b34dd035bf35

SHA256
33449571396f38f1a1ffbd0da426d57643618b825c2568e9067acba35279f6df

SHA512
8c1f9ac4c5c3f7e6a7c19926dc720337febf7f94975b0dc1ed53b0ffa8db0b0f73216d6bd9fe89726707cb6aadfb6bd0b291afc9aa6431b5fde1ef879a7b2867

Download Submit
\Windows\system\RKDROZd.exe

Filesize
6.0MB

MD5
53f612973f1c7fba788558e1898a8a86

SHA1
e7764a7600f7d070c78043c7366e0a29a213f1ee

SHA256
0bb19c4fc5fe584de7e67066cd253c6b1596587e425d295da9450220bfdda448

SHA512
53721a23f2af332e0be475331d519cf1dd8cf41330a3dd9cb79e527d00764c928311b250a1eabae123b2d712b5d959935f6eb83c2f4f6dee8ebfdfdc63b88124

Download Submit
\Windows\system\UBBoTIy.exe

Filesize
6.0MB

MD5
93e44f0dfcdb347b643c3d2d7ba6f009

SHA1
a96aa986b0ffdc2f947cda06a6c6b7ba8d4215a5

SHA256
88ad1606bb3727193b50767b934f3de84561b57eee46afd32ae64319edef7249

SHA512
8f02169b86a60841692705839d23d6d0e202fe4e8e68d167a43d5e60eaa24371a05be770f2b67b7f5152c7c1d4b4035d12c6e226d5a344a8aadf6f17e18cf880

Download Submit
\Windows\system\VaWMtJY.exe

Filesize
6.0MB

MD5
df1a369175b349ae7673639b86d0a723

SHA1
7e65b258ce4790836b37b4f946e751e85cbdbdde

SHA256
2d56bf33c13b9c2cf52e9a81e673d55d37053afbceeee2379c1693d1f167aebb

SHA512
bf3bb3c16b85166cce9ffacb005b450cec18a5a8751e1853347ca6e43671bbb2cfa12293612849aa5602147620aaafe8eacfd7e37bbcf6e4de98ada7081ec5f1

Download Submit
\Windows\system\WpwTMXh.exe

Filesize
6.0MB

MD5
4c4f84cd4c5679006742cc241f5fd403

SHA1
481dba3d720324136305e0d17e90ed6851808e40

SHA256
ee530b65fd25f3d015a949f0975e8ce045dd7c5d9c304e7ed80eedb9e977583b

SHA512
a6bf3780424afdeaefa3bfd6f8660ac75f86ffbdbff020a5945cd924b461812de9244a9199c5cb532416a0128a1df2c1ce9a51d6bedb93f588f64979a59eed71

Download Submit
\Windows\system\bZsSech.exe

Filesize
6.0MB

MD5
9d296c86a58922d77d3f35b75d754120

SHA1
3e6695abda8978f1e950f5c7c4c8cc04d5488fe4

SHA256
7c933c46b14f7395d342a46eea849e9661f6bd00c040a326c3c8ffcf2b763c3d

SHA512
3fdd97183f96a05a1a6186079d4bd2ec1ec76597ed71752fca19e7578e4d2c065fa4bab5fd87471882d8809819415859a8020161f90597582ce2554fe7f1b8e6

Download Submit
\Windows\system\eGBgOcQ.exe

Filesize
6.0MB

MD5
5717500cefe6f69f83efb5592a3481aa

SHA1
a491e2472144bd4d361ed8408884463cc62b5b51

SHA256
5315325eed05e588e498bd1307f6477908f788e6970cef236c4900bef4885613

SHA512
f9bd35041464dc1923ad3828cfd1082d0920401844d2d71efca78a4483ee78280511bfb7f8626f89b3c76f239f26135d618a64f3ac86c4827c356b4aa84efa7b

Download Submit
\Windows\system\fdlYOQg.exe

Filesize
6.0MB

MD5
3fdb0611f161bec0dcf709fe99564ca1

SHA1
82b9d014d277054ac55a3b00cd00012a9d620e4f

SHA256
d5bb7bb4f74efdae81821c6ce8b48f64e886e633c16ec62c9af64ca9b5728e50

SHA512
134f53efcffb3203a2fd1ce566a4856a2655448208cc465606bc8469d4ecb4f0c2847c8924a511e67046b30fe1149af229d6865f5cc012b18a03d7c279c00ad9

Download Submit
\Windows\system\kYzBZXK.exe

Filesize
6.0MB

MD5
4153060019b3491375adcd0d3f26a5e6

SHA1
5656406f60865d4a1a9ecbbd1ee2978239348c6c

SHA256
d049f9692937c4d76eb62ffb97f2ba465bf3e6edcace9da9f31c06cf9209a1e1

SHA512
8b93327f0e89bc894dc6acbe678907e1040caf37472cb2b665759d3a4333906e3c90a74e7f1dd2e22d11760baa5f6e0adc9fed40cd92e46fe5ca9abb93f37eb6

Download Submit
\Windows\system\mbxilBE.exe

Filesize
6.0MB

MD5
28099a9542bab2730c0a3e7bf509403e

SHA1
b91cf3f8eb401f4eec05b43f9ead41feb6f861a0

SHA256
c7555e18d6b0160dfab3895872d8afa65d278e23a7259b0efb5003789665c19e

SHA512
55406917bd45327e6deee1b2997408a20732c649db2f9d35b20d06deec437da78e8e56c5932eab402a5a275a25b4957ec63631ca2b5f91ea889d1a4694a473b0

Download Submit
\Windows\system\vsNxxxH.exe

Filesize
6.0MB

MD5
71ac0021bdb7cefac2a1d45bf2c818d2

SHA1
eded9fd41f6be90ac6cd7cb8e4d9869b16322b0c

SHA256
9d84c4bb665251421d9ec328932a4d3c103c47890d837de53f9bf4cea711906f

SHA512
16c8bb71caecb98128abd75a805e37784949d3a8777b926335fe63e23ce73c0405083dcfad399cfe49e0f6546a933ff128713ad068f17a339cfd0e435e325544

Download Submit
memory/992-92-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/992-1330-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/1560-65-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1560-9-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1560-1145-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1568-0-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/1568-201-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/1568-213-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/1568-103-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/1568-203-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/1568-72-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/1568-46-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/1568-202-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/1568-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1568-22-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/1568-200-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/1568-91-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/1568-64-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/1568-40-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/1568-7-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1568-82-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/1568-30-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/1568-14-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2108-1165-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2108-27-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2268-16-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2268-1148-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-29-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-84-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-1167-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-1235-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2564-70-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2564-184-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2576-66-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2576-1221-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2592-1307-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-85-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-1213-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2672-49-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2704-67-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2704-1223-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2772-1207-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2772-36-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2792-1222-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2792-63-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/3036-83-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/3036-1298-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/3060-104-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/3060-1357-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download