cobaltstrike | 3cef93eb62ccf4d9ade7878f2269e35de6c73321674809bc77ed2e1070ffcf01

Analysis

max time kernel
126s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-11-2024 13:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

5ef19ccae67881294e2e23b300f4afb5
SHA1

8bcb5c4b9fe59c7b95e268076dd65415c6ef76ad
SHA256

3cef93eb62ccf4d9ade7878f2269e35de6c73321674809bc77ed2e1070ffcf01
SHA512

a8041694a2b6b133424d9d6cafe947ec4c87cc98a2aaaa6e327e559b36469eb2958a33804118c4c45176e67cb2460fdf7b456ad5b8cb5effc479df0d1ae0059a
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUg:T+q56utgpPF8u/7g

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
behavioral1/files/0x0007000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016a66-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c51-27.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c4a-25.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c3a-10.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941e-189.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b4-184.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c2-182.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019350-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878f-160.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019023-156.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ea-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018683-144.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174cc-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018728-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001873d-122.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ee-117.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186fd-113.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e4-108.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019427-192.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e1-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019282-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925e-164.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a5-149.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017488-78.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018784-134.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d18-69.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018676-95.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017492-94.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173a9-76.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d06-54.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d0e-61.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cec-47.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cc8-39.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2880-0-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-6.dat	xmrig
behavioral1/files/0x0009000000016a66-8.dat	xmrig
behavioral1/files/0x0008000000016c51-27.dat	xmrig
behavioral1/memory/2536-31-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2064-26-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c4a-25.dat	xmrig
behavioral1/files/0x0008000000016c3a-10.dat	xmrig
behavioral1/memory/756-444-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/632-442-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2880-441-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2688-440-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/files/0x000500000001941e-189.dat	xmrig
behavioral1/files/0x00050000000193b4-184.dat	xmrig
behavioral1/files/0x00050000000193c2-182.dat	xmrig
behavioral1/files/0x0005000000019350-176.dat	xmrig
behavioral1/files/0x0005000000019261-169.dat	xmrig
behavioral1/files/0x000500000001878f-160.dat	xmrig
behavioral1/files/0x0006000000019023-156.dat	xmrig
behavioral1/files/0x00050000000186ea-146.dat	xmrig
behavioral1/files/0x0005000000018683-144.dat	xmrig
behavioral1/files/0x00060000000174cc-141.dat	xmrig
behavioral1/files/0x0005000000018728-124.dat	xmrig
behavioral1/files/0x000500000001873d-122.dat	xmrig
behavioral1/files/0x00050000000186ee-117.dat	xmrig
behavioral1/memory/756-116-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/files/0x00050000000186fd-113.dat	xmrig
behavioral1/files/0x00050000000186e4-108.dat	xmrig
behavioral1/memory/2880-90-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/files/0x0005000000019427-192.dat	xmrig
behavioral1/files/0x00050000000193e1-186.dat	xmrig
behavioral1/files/0x0005000000019282-174.dat	xmrig
behavioral1/files/0x000500000001925e-164.dat	xmrig
behavioral1/files/0x00050000000187a5-149.dat	xmrig
behavioral1/memory/2880-82-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2768-81-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x0006000000017488-78.dat	xmrig
behavioral1/files/0x0005000000018784-134.dat	xmrig
behavioral1/memory/2612-72-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d18-69.dat	xmrig
behavioral1/memory/2880-121-0x00000000021D0000-0x0000000002524000-memory.dmp	xmrig
behavioral1/memory/2880-112-0x00000000021D0000-0x0000000002524000-memory.dmp	xmrig
behavioral1/memory/632-97-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/files/0x000d000000018676-95.dat	xmrig
behavioral1/files/0x0006000000017492-94.dat	xmrig
behavioral1/memory/2688-86-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/files/0x00070000000173a9-76.dat	xmrig
behavioral1/memory/2880-65-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2884-57-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d06-54.dat	xmrig
behavioral1/memory/2748-64-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d0e-61.dat	xmrig
behavioral1/memory/3068-50-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cec-47.dat	xmrig
behavioral1/memory/2768-42-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cc8-39.dat	xmrig
behavioral1/memory/2136-36-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/1740-33-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2284-32-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2064-2804-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2612-2821-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2748-2820-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/1740-2825-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/632-2852-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

IaVrqTW.exebyjMmkn.exezdRgxMX.exeVsBXpqT.exeQQHqqlI.exebvQxSLz.exeRLJkRUT.exerOMUtZp.exeFvnTkuc.exeJffeHRV.exepaDXArr.exejbMXjdw.exevjqqWlF.exeLQbMfdV.exetmArTLF.exeDFIrFsk.exewPUIiZy.exelaExqam.exeRuNUdYa.exegxnurQa.exenRJHfjn.exemvXPXlI.exeqmAKbwM.exeApZguup.exeuXOqWuJ.exebnhbZIW.execXNiIRz.exemixZVNR.exeLdYOszK.exeIzQckxP.exevLpEyhq.exeNuFuret.exerjryNWs.exeXtODoLW.exeqOxGMCb.exernOLmds.exehJiNSgt.exeETNxrlV.exeNHUVcvi.exeuiMilNC.exeEPGwFfB.exejnfiQAj.exehdYEDKO.exesASSPLT.exeaZDQGTQ.exenhitEkG.exexCfkCLN.exeKUQBzQI.exejvXkakp.exeXoEfeJD.exerincOqS.exeMGeIkUz.exevlKcznu.exefrHyPIn.exekmVxWJt.exepkBXkqH.exeXBAIKGg.exeXarIGzn.exeYliobJc.exelFNkfMc.exeRucmvfc.exeCpgelln.exejvtKHCf.exeoAASNGY.exe

pid	Process
1740	IaVrqTW.exe
2064	byjMmkn.exe
2536	zdRgxMX.exe
2284	VsBXpqT.exe
2136	QQHqqlI.exe
2768	bvQxSLz.exe
3068	RLJkRUT.exe
2884	rOMUtZp.exe
2748	FvnTkuc.exe
2612	JffeHRV.exe
2688	paDXArr.exe
756	jbMXjdw.exe
632	vjqqWlF.exe
2904	LQbMfdV.exe
1412	tmArTLF.exe
2928	DFIrFsk.exe
3044	wPUIiZy.exe
2364	laExqam.exe
2012	RuNUdYa.exe
1956	gxnurQa.exe
656	nRJHfjn.exe
2384	mvXPXlI.exe
2976	qmAKbwM.exe
2940	ApZguup.exe
2248	uXOqWuJ.exe
2120	bnhbZIW.exe
2104	cXNiIRz.exe
2272	mixZVNR.exe
1540	LdYOszK.exe
1704	IzQckxP.exe
1692	vLpEyhq.exe
2472	NuFuret.exe
892	rjryNWs.exe
1964	XtODoLW.exe
2172	qOxGMCb.exe
3024	rnOLmds.exe
2524	hJiNSgt.exe
524	ETNxrlV.exe
884	NHUVcvi.exe
2076	uiMilNC.exe
2520	EPGwFfB.exe
1720	jnfiQAj.exe
2792	hdYEDKO.exe
2280	sASSPLT.exe
2724	aZDQGTQ.exe
2936	nhitEkG.exe
896	xCfkCLN.exe
2208	KUQBzQI.exe
1608	jvXkakp.exe
3012	XoEfeJD.exe
1640	rincOqS.exe
2300	MGeIkUz.exe
2332	vlKcznu.exe
1732	frHyPIn.exe
1652	kmVxWJt.exe
2132	pkBXkqH.exe
388	XBAIKGg.exe
924	XarIGzn.exe
764	YliobJc.exe
2168	lFNkfMc.exe
2416	Rucmvfc.exe
680	Cpgelln.exe
2556	jvtKHCf.exe
1940	oAASNGY.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe

pid	Process
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2880-0-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/files/0x0007000000012117-6.dat	upx
behavioral1/files/0x0009000000016a66-8.dat	upx
behavioral1/files/0x0008000000016c51-27.dat	upx
behavioral1/memory/2536-31-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2064-26-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x0007000000016c4a-25.dat	upx
behavioral1/files/0x0008000000016c3a-10.dat	upx
behavioral1/memory/756-444-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/632-442-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2688-440-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/files/0x000500000001941e-189.dat	upx
behavioral1/files/0x00050000000193b4-184.dat	upx
behavioral1/files/0x00050000000193c2-182.dat	upx
behavioral1/files/0x0005000000019350-176.dat	upx
behavioral1/files/0x0005000000019261-169.dat	upx
behavioral1/files/0x000500000001878f-160.dat	upx
behavioral1/files/0x0006000000019023-156.dat	upx
behavioral1/files/0x00050000000186ea-146.dat	upx
behavioral1/files/0x0005000000018683-144.dat	upx
behavioral1/files/0x00060000000174cc-141.dat	upx
behavioral1/files/0x0005000000018728-124.dat	upx
behavioral1/files/0x000500000001873d-122.dat	upx
behavioral1/files/0x00050000000186ee-117.dat	upx
behavioral1/memory/756-116-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/files/0x00050000000186fd-113.dat	upx
behavioral1/files/0x00050000000186e4-108.dat	upx
behavioral1/files/0x0005000000019427-192.dat	upx
behavioral1/files/0x00050000000193e1-186.dat	upx
behavioral1/files/0x0005000000019282-174.dat	upx
behavioral1/files/0x000500000001925e-164.dat	upx
behavioral1/files/0x00050000000187a5-149.dat	upx
behavioral1/memory/2768-81-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x0006000000017488-78.dat	upx
behavioral1/files/0x0005000000018784-134.dat	upx
behavioral1/memory/2612-72-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/files/0x0008000000016d18-69.dat	upx
behavioral1/memory/632-97-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/files/0x000d000000018676-95.dat	upx
behavioral1/files/0x0006000000017492-94.dat	upx
behavioral1/memory/2688-86-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/files/0x00070000000173a9-76.dat	upx
behavioral1/memory/2880-65-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2884-57-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/files/0x0007000000016d06-54.dat	upx
behavioral1/memory/2748-64-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/files/0x0008000000016d0e-61.dat	upx
behavioral1/memory/3068-50-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/files/0x0007000000016cec-47.dat	upx
behavioral1/memory/2768-42-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x0007000000016cc8-39.dat	upx
behavioral1/memory/2136-36-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/1740-33-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2284-32-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2064-2804-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2612-2821-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2748-2820-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/1740-2825-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/632-2852-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/756-2854-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2688-2853-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2768-2819-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2536-2818-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2284-2817-0x000000013F020000-0x000000013F374000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	Process
File created	C:\Windows\System\aZDQGTQ.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AJYmbHF.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rnQVtaj.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VxSFAlA.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YXOSyuy.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WzJTfdg.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hCgAzep.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lnBxWAU.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yajzFXI.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hloPjFr.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ESazYEj.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dSdKxjA.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jFxLQlq.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iltNbLs.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CeLgWzy.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MbKPIlV.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hsayMoE.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YuEWdOk.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nZCTpmX.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PTEemKi.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LAzyUbK.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NMZfahx.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cFWFSjf.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MqULIYR.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yulENSe.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TnAcwAq.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QHpZvnL.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\heTuSLP.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SuhHbds.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mttmdpE.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tkMSxrA.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xKjAZHu.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cavZPZa.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uZZdFQy.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\msufpvv.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DEpaQZA.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HShUZAx.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PVPYrMl.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ohYcUPy.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KPRFQhW.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mjIFQhE.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jRQvQjY.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vOyvQxK.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MxdZurv.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qmAKbwM.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PHqefuA.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dyStJpG.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CjXqofC.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\noBDaaO.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RkiVJRk.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LUIfXbS.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NsRFWRk.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uDrvTFR.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tkRupwM.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bUryySx.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qupScLF.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pfOisgP.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JPPTfVZ.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vTMwGvJ.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kyCmqMe.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Cpgelln.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cNrysQW.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lnGMRnR.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RXGIGRd.exe	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	Process	procid_target
PID 2880 wrote to memory of 1740	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2880 wrote to memory of 1740	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2880 wrote to memory of 1740	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2880 wrote to memory of 2064	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2880 wrote to memory of 2064	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2880 wrote to memory of 2064	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2880 wrote to memory of 2536	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2880 wrote to memory of 2536	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2880 wrote to memory of 2536	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2880 wrote to memory of 2284	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2880 wrote to memory of 2284	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2880 wrote to memory of 2284	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2880 wrote to memory of 2136	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2880 wrote to memory of 2136	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2880 wrote to memory of 2136	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2880 wrote to memory of 2768	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2880 wrote to memory of 2768	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2880 wrote to memory of 2768	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2880 wrote to memory of 3068	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2880 wrote to memory of 3068	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2880 wrote to memory of 3068	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2880 wrote to memory of 2884	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2880 wrote to memory of 2884	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2880 wrote to memory of 2884	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2880 wrote to memory of 2748	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2880 wrote to memory of 2748	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2880 wrote to memory of 2748	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2880 wrote to memory of 2612	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2880 wrote to memory of 2612	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2880 wrote to memory of 2612	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2880 wrote to memory of 2688	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2880 wrote to memory of 2688	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2880 wrote to memory of 2688	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2880 wrote to memory of 2364	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2880 wrote to memory of 2364	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2880 wrote to memory of 2364	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2880 wrote to memory of 756	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2880 wrote to memory of 756	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2880 wrote to memory of 756	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2880 wrote to memory of 2012	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2880 wrote to memory of 2012	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2880 wrote to memory of 2012	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2880 wrote to memory of 632	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2880 wrote to memory of 632	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2880 wrote to memory of 632	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2880 wrote to memory of 1956	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2880 wrote to memory of 1956	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2880 wrote to memory of 1956	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2880 wrote to memory of 2904	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2880 wrote to memory of 2904	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2880 wrote to memory of 2904	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2880 wrote to memory of 656	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2880 wrote to memory of 656	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2880 wrote to memory of 656	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2880 wrote to memory of 1412	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2880 wrote to memory of 1412	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2880 wrote to memory of 1412	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2880 wrote to memory of 2976	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2880 wrote to memory of 2976	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2880 wrote to memory of 2976	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2880 wrote to memory of 2928	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2880 wrote to memory of 2928	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2880 wrote to memory of 2928	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2880 wrote to memory of 2940	2880	2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_5ef19ccae67881294e2e23b300f4afb5_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Windows\System\IaVrqTW.exe
  C:\Windows\System\IaVrqTW.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\byjMmkn.exe
  C:\Windows\System\byjMmkn.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\zdRgxMX.exe
  C:\Windows\System\zdRgxMX.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\VsBXpqT.exe
  C:\Windows\System\VsBXpqT.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\QQHqqlI.exe
  C:\Windows\System\QQHqqlI.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\bvQxSLz.exe
  C:\Windows\System\bvQxSLz.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\RLJkRUT.exe
  C:\Windows\System\RLJkRUT.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\rOMUtZp.exe
  C:\Windows\System\rOMUtZp.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\FvnTkuc.exe
  C:\Windows\System\FvnTkuc.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\JffeHRV.exe
  C:\Windows\System\JffeHRV.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\paDXArr.exe
  C:\Windows\System\paDXArr.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\laExqam.exe
  C:\Windows\System\laExqam.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\jbMXjdw.exe
  C:\Windows\System\jbMXjdw.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\RuNUdYa.exe
  C:\Windows\System\RuNUdYa.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\vjqqWlF.exe
  C:\Windows\System\vjqqWlF.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\gxnurQa.exe
  C:\Windows\System\gxnurQa.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\LQbMfdV.exe
  C:\Windows\System\LQbMfdV.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\nRJHfjn.exe
  C:\Windows\System\nRJHfjn.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\tmArTLF.exe
  C:\Windows\System\tmArTLF.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\qmAKbwM.exe
  C:\Windows\System\qmAKbwM.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\DFIrFsk.exe
  C:\Windows\System\DFIrFsk.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\ApZguup.exe
  C:\Windows\System\ApZguup.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\wPUIiZy.exe
  C:\Windows\System\wPUIiZy.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\uXOqWuJ.exe
  C:\Windows\System\uXOqWuJ.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\mvXPXlI.exe
  C:\Windows\System\mvXPXlI.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\cXNiIRz.exe
  C:\Windows\System\cXNiIRz.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\bnhbZIW.exe
  C:\Windows\System\bnhbZIW.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\MGeIkUz.exe
  C:\Windows\System\MGeIkUz.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\mixZVNR.exe
  C:\Windows\System\mixZVNR.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\vlKcznu.exe
  C:\Windows\System\vlKcznu.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\LdYOszK.exe
  C:\Windows\System\LdYOszK.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\frHyPIn.exe
  C:\Windows\System\frHyPIn.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\IzQckxP.exe
  C:\Windows\System\IzQckxP.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\kmVxWJt.exe
  C:\Windows\System\kmVxWJt.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\vLpEyhq.exe
  C:\Windows\System\vLpEyhq.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\pkBXkqH.exe
  C:\Windows\System\pkBXkqH.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\NuFuret.exe
  C:\Windows\System\NuFuret.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\XBAIKGg.exe
  C:\Windows\System\XBAIKGg.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\rjryNWs.exe
  C:\Windows\System\rjryNWs.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\XarIGzn.exe
  C:\Windows\System\XarIGzn.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\XtODoLW.exe
  C:\Windows\System\XtODoLW.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\YliobJc.exe
  C:\Windows\System\YliobJc.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\qOxGMCb.exe
  C:\Windows\System\qOxGMCb.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\lFNkfMc.exe
  C:\Windows\System\lFNkfMc.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\rnOLmds.exe
  C:\Windows\System\rnOLmds.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\Rucmvfc.exe
  C:\Windows\System\Rucmvfc.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\hJiNSgt.exe
  C:\Windows\System\hJiNSgt.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\Cpgelln.exe
  C:\Windows\System\Cpgelln.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\ETNxrlV.exe
  C:\Windows\System\ETNxrlV.exe
  2⤵
  - Executes dropped EXE
  PID:524
- C:\Windows\System\jvtKHCf.exe
  C:\Windows\System\jvtKHCf.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\NHUVcvi.exe
  C:\Windows\System\NHUVcvi.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\oAASNGY.exe
  C:\Windows\System\oAASNGY.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\uiMilNC.exe
  C:\Windows\System\uiMilNC.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\hFMtNbJ.exe
  C:\Windows\System\hFMtNbJ.exe
  2⤵
  PID:1648
- C:\Windows\System\EPGwFfB.exe
  C:\Windows\System\EPGwFfB.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\JqfcXep.exe
  C:\Windows\System\JqfcXep.exe
  2⤵
  PID:1500
- C:\Windows\System\jnfiQAj.exe
  C:\Windows\System\jnfiQAj.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\YEVmGPt.exe
  C:\Windows\System\YEVmGPt.exe
  2⤵
  PID:1636
- C:\Windows\System\hdYEDKO.exe
  C:\Windows\System\hdYEDKO.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\jwoLVsm.exe
  C:\Windows\System\jwoLVsm.exe
  2⤵
  PID:2460
- C:\Windows\System\sASSPLT.exe
  C:\Windows\System\sASSPLT.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\FhIwbOD.exe
  C:\Windows\System\FhIwbOD.exe
  2⤵
  PID:2648
- C:\Windows\System\aZDQGTQ.exe
  C:\Windows\System\aZDQGTQ.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\fmzREQR.exe
  C:\Windows\System\fmzREQR.exe
  2⤵
  PID:780
- C:\Windows\System\nhitEkG.exe
  C:\Windows\System\nhitEkG.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\nDIflcr.exe
  C:\Windows\System\nDIflcr.exe
  2⤵
  PID:2624
- C:\Windows\System\xCfkCLN.exe
  C:\Windows\System\xCfkCLN.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\DwJKNHl.exe
  C:\Windows\System\DwJKNHl.exe
  2⤵
  PID:1612
- C:\Windows\System\KUQBzQI.exe
  C:\Windows\System\KUQBzQI.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\JPrKMVj.exe
  C:\Windows\System\JPrKMVj.exe
  2⤵
  PID:1792
- C:\Windows\System\jvXkakp.exe
  C:\Windows\System\jvXkakp.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\PpZiZco.exe
  C:\Windows\System\PpZiZco.exe
  2⤵
  PID:1924
- C:\Windows\System\XoEfeJD.exe
  C:\Windows\System\XoEfeJD.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\mZnMEHH.exe
  C:\Windows\System\mZnMEHH.exe
  2⤵
  PID:1204
- C:\Windows\System\rincOqS.exe
  C:\Windows\System\rincOqS.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\aQLiPOL.exe
  C:\Windows\System\aQLiPOL.exe
  2⤵
  PID:2264
- C:\Windows\System\MpeKACl.exe
  C:\Windows\System\MpeKACl.exe
  2⤵
  PID:2852
- C:\Windows\System\hTTEjXA.exe
  C:\Windows\System\hTTEjXA.exe
  2⤵
  PID:2516
- C:\Windows\System\DeKpWFA.exe
  C:\Windows\System\DeKpWFA.exe
  2⤵
  PID:2328
- C:\Windows\System\LaUDDJI.exe
  C:\Windows\System\LaUDDJI.exe
  2⤵
  PID:344
- C:\Windows\System\JhEvqUE.exe
  C:\Windows\System\JhEvqUE.exe
  2⤵
  PID:3080
- C:\Windows\System\mMgXbhk.exe
  C:\Windows\System\mMgXbhk.exe
  2⤵
  PID:3100
- C:\Windows\System\zHKiPfl.exe
  C:\Windows\System\zHKiPfl.exe
  2⤵
  PID:3116
- C:\Windows\System\etlLHkX.exe
  C:\Windows\System\etlLHkX.exe
  2⤵
  PID:3140
- C:\Windows\System\OdDjBwg.exe
  C:\Windows\System\OdDjBwg.exe
  2⤵
  PID:3156
- C:\Windows\System\KbMNeGc.exe
  C:\Windows\System\KbMNeGc.exe
  2⤵
  PID:3176
- C:\Windows\System\nBjROPr.exe
  C:\Windows\System\nBjROPr.exe
  2⤵
  PID:3192
- C:\Windows\System\NFxaDfR.exe
  C:\Windows\System\NFxaDfR.exe
  2⤵
  PID:3212
- C:\Windows\System\pTtQxTz.exe
  C:\Windows\System\pTtQxTz.exe
  2⤵
  PID:3228
- C:\Windows\System\cYcGSCW.exe
  C:\Windows\System\cYcGSCW.exe
  2⤵
  PID:3252
- C:\Windows\System\VNtOlrz.exe
  C:\Windows\System\VNtOlrz.exe
  2⤵
  PID:3276
- C:\Windows\System\xkNqoKf.exe
  C:\Windows\System\xkNqoKf.exe
  2⤵
  PID:3292
- C:\Windows\System\diCtbAL.exe
  C:\Windows\System\diCtbAL.exe
  2⤵
  PID:3316
- C:\Windows\System\wgoGAMU.exe
  C:\Windows\System\wgoGAMU.exe
  2⤵
  PID:3340
- C:\Windows\System\fhMlOYr.exe
  C:\Windows\System\fhMlOYr.exe
  2⤵
  PID:3360
- C:\Windows\System\bwurndG.exe
  C:\Windows\System\bwurndG.exe
  2⤵
  PID:3376
- C:\Windows\System\YcLaQge.exe
  C:\Windows\System\YcLaQge.exe
  2⤵
  PID:3392
- C:\Windows\System\PoxwEwU.exe
  C:\Windows\System\PoxwEwU.exe
  2⤵
  PID:3408
- C:\Windows\System\LaiwSTL.exe
  C:\Windows\System\LaiwSTL.exe
  2⤵
  PID:3424
- C:\Windows\System\cVjcPYh.exe
  C:\Windows\System\cVjcPYh.exe
  2⤵
  PID:3440
- C:\Windows\System\QuPguub.exe
  C:\Windows\System\QuPguub.exe
  2⤵
  PID:3456
- C:\Windows\System\lmdffOA.exe
  C:\Windows\System\lmdffOA.exe
  2⤵
  PID:3484
- C:\Windows\System\talAaZu.exe
  C:\Windows\System\talAaZu.exe
  2⤵
  PID:3504
- C:\Windows\System\WDfGiMm.exe
  C:\Windows\System\WDfGiMm.exe
  2⤵
  PID:3520
- C:\Windows\System\DlubXiC.exe
  C:\Windows\System\DlubXiC.exe
  2⤵
  PID:3536
- C:\Windows\System\dfiUVXL.exe
  C:\Windows\System\dfiUVXL.exe
  2⤵
  PID:3552
- C:\Windows\System\cmmVDmg.exe
  C:\Windows\System\cmmVDmg.exe
  2⤵
  PID:3568
- C:\Windows\System\ZDLSnPq.exe
  C:\Windows\System\ZDLSnPq.exe
  2⤵
  PID:3584
- C:\Windows\System\uDrvTFR.exe
  C:\Windows\System\uDrvTFR.exe
  2⤵
  PID:3600
- C:\Windows\System\gBSLtSv.exe
  C:\Windows\System\gBSLtSv.exe
  2⤵
  PID:3616
- C:\Windows\System\uhnrYpu.exe
  C:\Windows\System\uhnrYpu.exe
  2⤵
  PID:3632
- C:\Windows\System\xlypyKD.exe
  C:\Windows\System\xlypyKD.exe
  2⤵
  PID:3648
- C:\Windows\System\fBsXhGa.exe
  C:\Windows\System\fBsXhGa.exe
  2⤵
  PID:3672
- C:\Windows\System\vXjydHH.exe
  C:\Windows\System\vXjydHH.exe
  2⤵
  PID:3688
- C:\Windows\System\VRpdTuq.exe
  C:\Windows\System\VRpdTuq.exe
  2⤵
  PID:3716
- C:\Windows\System\cNrysQW.exe
  C:\Windows\System\cNrysQW.exe
  2⤵
  PID:3732
- C:\Windows\System\FfXdThr.exe
  C:\Windows\System\FfXdThr.exe
  2⤵
  PID:3748
- C:\Windows\System\bbhmXda.exe
  C:\Windows\System\bbhmXda.exe
  2⤵
  PID:3764
- C:\Windows\System\SkpXNdP.exe
  C:\Windows\System\SkpXNdP.exe
  2⤵
  PID:3780
- C:\Windows\System\BBVUPWc.exe
  C:\Windows\System\BBVUPWc.exe
  2⤵
  PID:3960
- C:\Windows\System\Yuxkxem.exe
  C:\Windows\System\Yuxkxem.exe
  2⤵
  PID:3976
- C:\Windows\System\QxsRFdn.exe
  C:\Windows\System\QxsRFdn.exe
  2⤵
  PID:4000
- C:\Windows\System\KYlhkyU.exe
  C:\Windows\System\KYlhkyU.exe
  2⤵
  PID:4016
- C:\Windows\System\XYDTlev.exe
  C:\Windows\System\XYDTlev.exe
  2⤵
  PID:4032
- C:\Windows\System\KulbpBd.exe
  C:\Windows\System\KulbpBd.exe
  2⤵
  PID:4060
- C:\Windows\System\lnGMRnR.exe
  C:\Windows\System\lnGMRnR.exe
  2⤵
  PID:4080
- C:\Windows\System\OaobOGT.exe
  C:\Windows\System\OaobOGT.exe
  2⤵
  PID:2380
- C:\Windows\System\fbuAJPF.exe
  C:\Windows\System\fbuAJPF.exe
  2⤵
  PID:352
- C:\Windows\System\fznytRb.exe
  C:\Windows\System\fznytRb.exe
  2⤵
  PID:1212
- C:\Windows\System\TPiKnhF.exe
  C:\Windows\System\TPiKnhF.exe
  2⤵
  PID:1988
- C:\Windows\System\veyslRJ.exe
  C:\Windows\System\veyslRJ.exe
  2⤵
  PID:2628
- C:\Windows\System\ryLvGjR.exe
  C:\Windows\System\ryLvGjR.exe
  2⤵
  PID:2760
- C:\Windows\System\xYCGnQA.exe
  C:\Windows\System\xYCGnQA.exe
  2⤵
  PID:2500
- C:\Windows\System\hBBdGfN.exe
  C:\Windows\System\hBBdGfN.exe
  2⤵
  PID:2900
- C:\Windows\System\EMUirPY.exe
  C:\Windows\System\EMUirPY.exe
  2⤵
  PID:1524
- C:\Windows\System\wgAxUYR.exe
  C:\Windows\System\wgAxUYR.exe
  2⤵
  PID:872
- C:\Windows\System\HfMBpQQ.exe
  C:\Windows\System\HfMBpQQ.exe
  2⤵
  PID:492
- C:\Windows\System\zTQuTeU.exe
  C:\Windows\System\zTQuTeU.exe
  2⤵
  PID:2236
- C:\Windows\System\iltNbLs.exe
  C:\Windows\System\iltNbLs.exe
  2⤵
  PID:2968
- C:\Windows\System\pptZwpF.exe
  C:\Windows\System\pptZwpF.exe
  2⤵
  PID:2636
- C:\Windows\System\GfSbUhl.exe
  C:\Windows\System\GfSbUhl.exe
  2⤵
  PID:1868
- C:\Windows\System\nlQHReo.exe
  C:\Windows\System\nlQHReo.exe
  2⤵
  PID:2924
- C:\Windows\System\xjhXWEg.exe
  C:\Windows\System\xjhXWEg.exe
  2⤵
  PID:2680
- C:\Windows\System\CeLgWzy.exe
  C:\Windows\System\CeLgWzy.exe
  2⤵
  PID:3092
- C:\Windows\System\pLNhmPT.exe
  C:\Windows\System\pLNhmPT.exe
  2⤵
  PID:3164
- C:\Windows\System\EecrtVw.exe
  C:\Windows\System\EecrtVw.exe
  2⤵
  PID:3204
- C:\Windows\System\NviRQVk.exe
  C:\Windows\System\NviRQVk.exe
  2⤵
  PID:3244
- C:\Windows\System\DeqPEQD.exe
  C:\Windows\System\DeqPEQD.exe
  2⤵
  PID:3332
- C:\Windows\System\yqegMRg.exe
  C:\Windows\System\yqegMRg.exe
  2⤵
  PID:3404
- C:\Windows\System\FOmEPKs.exe
  C:\Windows\System\FOmEPKs.exe
  2⤵
  PID:1908
- C:\Windows\System\YtCVuxS.exe
  C:\Windows\System\YtCVuxS.exe
  2⤵
  PID:3112
- C:\Windows\System\rGyKnCn.exe
  C:\Windows\System\rGyKnCn.exe
  2⤵
  PID:3476
- C:\Windows\System\lcyzmNS.exe
  C:\Windows\System\lcyzmNS.exe
  2⤵
  PID:3516
- C:\Windows\System\EtRvzlB.exe
  C:\Windows\System\EtRvzlB.exe
  2⤵
  PID:3608
- C:\Windows\System\yEKujbX.exe
  C:\Windows\System\yEKujbX.exe
  2⤵
  PID:3188
- C:\Windows\System\teoMwYY.exe
  C:\Windows\System\teoMwYY.exe
  2⤵
  PID:3300
- C:\Windows\System\tVwXcVo.exe
  C:\Windows\System\tVwXcVo.exe
  2⤵
  PID:3684
- C:\Windows\System\nZCTpmX.exe
  C:\Windows\System\nZCTpmX.exe
  2⤵
  PID:3356
- C:\Windows\System\EzvIYBJ.exe
  C:\Windows\System\EzvIYBJ.exe
  2⤵
  PID:3760
- C:\Windows\System\XKqVBhr.exe
  C:\Windows\System\XKqVBhr.exe
  2⤵
  PID:3664
- C:\Windows\System\BShGYPm.exe
  C:\Windows\System\BShGYPm.exe
  2⤵
  PID:3712
- C:\Windows\System\BXlYxIj.exe
  C:\Windows\System\BXlYxIj.exe
  2⤵
  PID:3776
- C:\Windows\System\YcohscX.exe
  C:\Windows\System\YcohscX.exe
  2⤵
  PID:2860
- C:\Windows\System\BPDJVar.exe
  C:\Windows\System\BPDJVar.exe
  2⤵
  PID:2808
- C:\Windows\System\mVxfOjs.exe
  C:\Windows\System\mVxfOjs.exe
  2⤵
  PID:2892
- C:\Windows\System\GAxOLSw.exe
  C:\Windows\System\GAxOLSw.exe
  2⤵
  PID:2700
- C:\Windows\System\cByPrgi.exe
  C:\Windows\System\cByPrgi.exe
  2⤵
  PID:2036
- C:\Windows\System\pkkGowv.exe
  C:\Windows\System\pkkGowv.exe
  2⤵
  PID:2216
- C:\Windows\System\mzSHRkn.exe
  C:\Windows\System\mzSHRkn.exe
  2⤵
  PID:864
- C:\Windows\System\XRgpeUi.exe
  C:\Windows\System\XRgpeUi.exe
  2⤵
  PID:3816
- C:\Windows\System\PRARJMr.exe
  C:\Windows\System\PRARJMr.exe
  2⤵
  PID:2956
- C:\Windows\System\HWZbcGB.exe
  C:\Windows\System\HWZbcGB.exe
  2⤵
  PID:2356
- C:\Windows\System\qnlDqTF.exe
  C:\Windows\System\qnlDqTF.exe
  2⤵
  PID:408
- C:\Windows\System\COeQMwn.exe
  C:\Windows\System\COeQMwn.exe
  2⤵
  PID:2736
- C:\Windows\System\FCUIqph.exe
  C:\Windows\System\FCUIqph.exe
  2⤵
  PID:2632
- C:\Windows\System\QJNdyRS.exe
  C:\Windows\System\QJNdyRS.exe
  2⤵
  PID:1776
- C:\Windows\System\cAysTHA.exe
  C:\Windows\System\cAysTHA.exe
  2⤵
  PID:1268
- C:\Windows\System\QwhDWmi.exe
  C:\Windows\System\QwhDWmi.exe
  2⤵
  PID:1948
- C:\Windows\System\NnbFzjh.exe
  C:\Windows\System\NnbFzjh.exe
  2⤵
  PID:2908
- C:\Windows\System\jyqVyCM.exe
  C:\Windows\System\jyqVyCM.exe
  2⤵
  PID:2112
- C:\Windows\System\sDbgXMw.exe
  C:\Windows\System\sDbgXMw.exe
  2⤵
  PID:3592
- C:\Windows\System\fLoBSGx.exe
  C:\Windows\System\fLoBSGx.exe
  2⤵
  PID:3060
- C:\Windows\System\OeGQlLu.exe
  C:\Windows\System\OeGQlLu.exe
  2⤵
  PID:3388
- C:\Windows\System\SIIQGsi.exe
  C:\Windows\System\SIIQGsi.exe
  2⤵
  PID:3656
- C:\Windows\System\MCNdrcL.exe
  C:\Windows\System\MCNdrcL.exe
  2⤵
  PID:3560
- C:\Windows\System\AKJgjlj.exe
  C:\Windows\System\AKJgjlj.exe
  2⤵
  PID:3452
- C:\Windows\System\MCiPXvO.exe
  C:\Windows\System\MCiPXvO.exe
  2⤵
  PID:3892
- C:\Windows\System\SypJtAp.exe
  C:\Windows\System\SypJtAp.exe
  2⤵
  PID:3920
- C:\Windows\System\LPhscdG.exe
  C:\Windows\System\LPhscdG.exe
  2⤵
  PID:3940
- C:\Windows\System\XifOWBQ.exe
  C:\Windows\System\XifOWBQ.exe
  2⤵
  PID:3956
- C:\Windows\System\BUIouhA.exe
  C:\Windows\System\BUIouhA.exe
  2⤵
  PID:3988
- C:\Windows\System\XkiEMTE.exe
  C:\Windows\System\XkiEMTE.exe
  2⤵
  PID:4040
- C:\Windows\System\aaTpDCq.exe
  C:\Windows\System\aaTpDCq.exe
  2⤵
  PID:4028
- C:\Windows\System\ALSaGBg.exe
  C:\Windows\System\ALSaGBg.exe
  2⤵
  PID:4056
- C:\Windows\System\puHaKsV.exe
  C:\Windows\System\puHaKsV.exe
  2⤵
  PID:1276
- C:\Windows\System\dNROGGG.exe
  C:\Windows\System\dNROGGG.exe
  2⤵
  PID:2712
- C:\Windows\System\XHpPUyz.exe
  C:\Windows\System\XHpPUyz.exe
  2⤵
  PID:1688
- C:\Windows\System\vsriBFw.exe
  C:\Windows\System\vsriBFw.exe
  2⤵
  PID:2640
- C:\Windows\System\GTVnwOk.exe
  C:\Windows\System\GTVnwOk.exe
  2⤵
  PID:1016
- C:\Windows\System\ZPfQBDG.exe
  C:\Windows\System\ZPfQBDG.exe
  2⤵
  PID:2316
- C:\Windows\System\VcMJcWV.exe
  C:\Windows\System\VcMJcWV.exe
  2⤵
  PID:1056
- C:\Windows\System\AlCWhrJ.exe
  C:\Windows\System\AlCWhrJ.exe
  2⤵
  PID:2876
- C:\Windows\System\sJIfSZN.exe
  C:\Windows\System\sJIfSZN.exe
  2⤵
  PID:3132
- C:\Windows\System\mDKfNnE.exe
  C:\Windows\System\mDKfNnE.exe
  2⤵
  PID:3436
- C:\Windows\System\XAqfqud.exe
  C:\Windows\System\XAqfqud.exe
  2⤵
  PID:3472
- C:\Windows\System\wpMhwsB.exe
  C:\Windows\System\wpMhwsB.exe
  2⤵
  PID:3272
- C:\Windows\System\NJnPSuJ.exe
  C:\Windows\System\NJnPSuJ.exe
  2⤵
  PID:3312
- C:\Windows\System\tiCXqyW.exe
  C:\Windows\System\tiCXqyW.exe
  2⤵
  PID:3772
- C:\Windows\System\PQMpCqg.exe
  C:\Windows\System\PQMpCqg.exe
  2⤵
  PID:3236
- C:\Windows\System\ucGcdGr.exe
  C:\Windows\System\ucGcdGr.exe
  2⤵
  PID:3700
- C:\Windows\System\YHrKEQr.exe
  C:\Windows\System\YHrKEQr.exe
  2⤵
  PID:3468
- C:\Windows\System\LhaRIXZ.exe
  C:\Windows\System\LhaRIXZ.exe
  2⤵
  PID:3264
- C:\Windows\System\dyStJpG.exe
  C:\Windows\System\dyStJpG.exe
  2⤵
  PID:2812
- C:\Windows\System\ffTbkul.exe
  C:\Windows\System\ffTbkul.exe
  2⤵
  PID:2844
- C:\Windows\System\faDgGfJ.exe
  C:\Windows\System\faDgGfJ.exe
  2⤵
  PID:2684
- C:\Windows\System\uqHKwjZ.exe
  C:\Windows\System\uqHKwjZ.exe
  2⤵
  PID:3808
- C:\Windows\System\oLyeYiv.exe
  C:\Windows\System\oLyeYiv.exe
  2⤵
  PID:2672
- C:\Windows\System\EaqhmFf.exe
  C:\Windows\System\EaqhmFf.exe
  2⤵
  PID:2820
- C:\Windows\System\jKlOoJl.exe
  C:\Windows\System\jKlOoJl.exe
  2⤵
  PID:2988
- C:\Windows\System\rPKDEuL.exe
  C:\Windows\System\rPKDEuL.exe
  2⤵
  PID:3624
- C:\Windows\System\FoaheIp.exe
  C:\Windows\System\FoaheIp.exe
  2⤵
  PID:3492
- C:\Windows\System\criPDPv.exe
  C:\Windows\System\criPDPv.exe
  2⤵
  PID:3916
- C:\Windows\System\UeRQKBw.exe
  C:\Windows\System\UeRQKBw.exe
  2⤵
  PID:4068
- C:\Windows\System\nejDZSv.exe
  C:\Windows\System\nejDZSv.exe
  2⤵
  PID:1896
- C:\Windows\System\tOvtIBD.exe
  C:\Windows\System\tOvtIBD.exe
  2⤵
  PID:2352
- C:\Windows\System\wdzIHOU.exe
  C:\Windows\System\wdzIHOU.exe
  2⤵
  PID:2420
- C:\Windows\System\oSXGsNS.exe
  C:\Windows\System\oSXGsNS.exe
  2⤵
  PID:3844
- C:\Windows\System\gDOLQLr.exe
  C:\Windows\System\gDOLQLr.exe
  2⤵
  PID:2840
- C:\Windows\System\tQVqBZc.exe
  C:\Windows\System\tQVqBZc.exe
  2⤵
  PID:820
- C:\Windows\System\uMsasph.exe
  C:\Windows\System\uMsasph.exe
  2⤵
  PID:3532
- C:\Windows\System\yfyyNHL.exe
  C:\Windows\System\yfyyNHL.exe
  2⤵
  PID:3932
- C:\Windows\System\YxKJIlU.exe
  C:\Windows\System\YxKJIlU.exe
  2⤵
  PID:4052
- C:\Windows\System\zOpMwuR.exe
  C:\Windows\System\zOpMwuR.exe
  2⤵
  PID:1008
- C:\Windows\System\QnyfsWo.exe
  C:\Windows\System\QnyfsWo.exe
  2⤵
  PID:2896
- C:\Windows\System\pwEFVnK.exe
  C:\Windows\System\pwEFVnK.exe
  2⤵
  PID:1196
- C:\Windows\System\Pzdzlho.exe
  C:\Windows\System\Pzdzlho.exe
  2⤵
  PID:4048
- C:\Windows\System\maQQzyc.exe
  C:\Windows\System\maQQzyc.exe
  2⤵
  PID:1936
- C:\Windows\System\tpdXuuV.exe
  C:\Windows\System\tpdXuuV.exe
  2⤵
  PID:2964
- C:\Windows\System\ylbUMOw.exe
  C:\Windows\System\ylbUMOw.exe
  2⤵
  PID:2424
- C:\Windows\System\cBOKXiA.exe
  C:\Windows\System\cBOKXiA.exe
  2⤵
  PID:2912
- C:\Windows\System\DeDDJvg.exe
  C:\Windows\System\DeDDJvg.exe
  2⤵
  PID:3928
- C:\Windows\System\gntURiF.exe
  C:\Windows\System\gntURiF.exe
  2⤵
  PID:3416
- C:\Windows\System\xFiZSpf.exe
  C:\Windows\System\xFiZSpf.exe
  2⤵
  PID:3984
- C:\Windows\System\nSDjpfA.exe
  C:\Windows\System\nSDjpfA.exe
  2⤵
  PID:2960
- C:\Windows\System\wzsLlAR.exe
  C:\Windows\System\wzsLlAR.exe
  2⤵
  PID:844
- C:\Windows\System\mRPeFQY.exe
  C:\Windows\System\mRPeFQY.exe
  2⤵
  PID:1592
- C:\Windows\System\caTsppG.exe
  C:\Windows\System\caTsppG.exe
  2⤵
  PID:604
- C:\Windows\System\LaEhfbo.exe
  C:\Windows\System\LaEhfbo.exe
  2⤵
  PID:3152
- C:\Windows\System\RfpZxJM.exe
  C:\Windows\System\RfpZxJM.exe
  2⤵
  PID:1788
- C:\Windows\System\oCrgfiz.exe
  C:\Windows\System\oCrgfiz.exe
  2⤵
  PID:1120
- C:\Windows\System\lsNuNtO.exe
  C:\Windows\System\lsNuNtO.exe
  2⤵
  PID:2164
- C:\Windows\System\LpDKdxM.exe
  C:\Windows\System\LpDKdxM.exe
  2⤵
  PID:3564
- C:\Windows\System\dUzTivF.exe
  C:\Windows\System\dUzTivF.exe
  2⤵
  PID:1708
- C:\Windows\System\TXnewSV.exe
  C:\Windows\System\TXnewSV.exe
  2⤵
  PID:1300
- C:\Windows\System\mNAQaHS.exe
  C:\Windows\System\mNAQaHS.exe
  2⤵
  PID:1312
- C:\Windows\System\nBkdhla.exe
  C:\Windows\System\nBkdhla.exe
  2⤵
  PID:3268
- C:\Windows\System\yulENSe.exe
  C:\Windows\System\yulENSe.exe
  2⤵
  PID:3724
- C:\Windows\System\MbKPIlV.exe
  C:\Windows\System\MbKPIlV.exe
  2⤵
  PID:3184
- C:\Windows\System\bGQLBgf.exe
  C:\Windows\System\bGQLBgf.exe
  2⤵
  PID:1224
- C:\Windows\System\RCagjNQ.exe
  C:\Windows\System\RCagjNQ.exe
  2⤵
  PID:2744
- C:\Windows\System\yiqAENB.exe
  C:\Windows\System\yiqAENB.exe
  2⤵
  PID:2772
- C:\Windows\System\DFjCImc.exe
  C:\Windows\System\DFjCImc.exe
  2⤵
  PID:1960
- C:\Windows\System\bXIXJAF.exe
  C:\Windows\System\bXIXJAF.exe
  2⤵
  PID:3972
- C:\Windows\System\mSoVdub.exe
  C:\Windows\System\mSoVdub.exe
  2⤵
  PID:3108
- C:\Windows\System\dySMPow.exe
  C:\Windows\System\dySMPow.exe
  2⤵
  PID:3076
- C:\Windows\System\anNSwqk.exe
  C:\Windows\System\anNSwqk.exe
  2⤵
  PID:2404
- C:\Windows\System\LDgyalB.exe
  C:\Windows\System\LDgyalB.exe
  2⤵
  PID:2192
- C:\Windows\System\FLCYeql.exe
  C:\Windows\System\FLCYeql.exe
  2⤵
  PID:2456
- C:\Windows\System\NlwVPwv.exe
  C:\Windows\System\NlwVPwv.exe
  2⤵
  PID:3936
- C:\Windows\System\uOvNmuz.exe
  C:\Windows\System\uOvNmuz.exe
  2⤵
  PID:3336
- C:\Windows\System\EIoyiIr.exe
  C:\Windows\System\EIoyiIr.exe
  2⤵
  PID:4072
- C:\Windows\System\AyzORQa.exe
  C:\Windows\System\AyzORQa.exe
  2⤵
  PID:3704
- C:\Windows\System\DqnUKUS.exe
  C:\Windows\System\DqnUKUS.exe
  2⤵
  PID:3400
- C:\Windows\System\RuAiLCt.exe
  C:\Windows\System\RuAiLCt.exe
  2⤵
  PID:2040
- C:\Windows\System\GydbiFo.exe
  C:\Windows\System\GydbiFo.exe
  2⤵
  PID:868
- C:\Windows\System\YVdWluT.exe
  C:\Windows\System\YVdWluT.exe
  2⤵
  PID:3908
- C:\Windows\System\plcehmM.exe
  C:\Windows\System\plcehmM.exe
  2⤵
  PID:3628
- C:\Windows\System\atPIspH.exe
  C:\Windows\System\atPIspH.exe
  2⤵
  PID:4108
- C:\Windows\System\wQHFzcm.exe
  C:\Windows\System\wQHFzcm.exe
  2⤵
  PID:4128
- C:\Windows\System\hTGcEdu.exe
  C:\Windows\System\hTGcEdu.exe
  2⤵
  PID:4144
- C:\Windows\System\ojleaXV.exe
  C:\Windows\System\ojleaXV.exe
  2⤵
  PID:4164
- C:\Windows\System\oiYnvEM.exe
  C:\Windows\System\oiYnvEM.exe
  2⤵
  PID:4180
- C:\Windows\System\doADOoA.exe
  C:\Windows\System\doADOoA.exe
  2⤵
  PID:4196
- C:\Windows\System\WNDSgjX.exe
  C:\Windows\System\WNDSgjX.exe
  2⤵
  PID:4216
- C:\Windows\System\tDunjdY.exe
  C:\Windows\System\tDunjdY.exe
  2⤵
  PID:4232
- C:\Windows\System\rnGFkAc.exe
  C:\Windows\System\rnGFkAc.exe
  2⤵
  PID:4252
- C:\Windows\System\KQqQgld.exe
  C:\Windows\System\KQqQgld.exe
  2⤵
  PID:4272
- C:\Windows\System\sHJCMJX.exe
  C:\Windows\System\sHJCMJX.exe
  2⤵
  PID:4288
- C:\Windows\System\CjXqofC.exe
  C:\Windows\System\CjXqofC.exe
  2⤵
  PID:4304
- C:\Windows\System\SeaRQmZ.exe
  C:\Windows\System\SeaRQmZ.exe
  2⤵
  PID:4324
- C:\Windows\System\objAKRI.exe
  C:\Windows\System\objAKRI.exe
  2⤵
  PID:4340
- C:\Windows\System\hhFFHIj.exe
  C:\Windows\System\hhFFHIj.exe
  2⤵
  PID:4408
- C:\Windows\System\jvaaFSg.exe
  C:\Windows\System\jvaaFSg.exe
  2⤵
  PID:4424
- C:\Windows\System\viOCRgQ.exe
  C:\Windows\System\viOCRgQ.exe
  2⤵
  PID:4440
- C:\Windows\System\CCtXyBs.exe
  C:\Windows\System\CCtXyBs.exe
  2⤵
  PID:4456
- C:\Windows\System\LpFivfz.exe
  C:\Windows\System\LpFivfz.exe
  2⤵
  PID:4472
- C:\Windows\System\XfDRDYd.exe
  C:\Windows\System\XfDRDYd.exe
  2⤵
  PID:4488
- C:\Windows\System\BgeVdxV.exe
  C:\Windows\System\BgeVdxV.exe
  2⤵
  PID:4508
- C:\Windows\System\IXouDcg.exe
  C:\Windows\System\IXouDcg.exe
  2⤵
  PID:4528
- C:\Windows\System\JuhBOfl.exe
  C:\Windows\System\JuhBOfl.exe
  2⤵
  PID:4544
- C:\Windows\System\qJNOyXq.exe
  C:\Windows\System\qJNOyXq.exe
  2⤵
  PID:4588
- C:\Windows\System\TxcktQH.exe
  C:\Windows\System\TxcktQH.exe
  2⤵
  PID:4604
- C:\Windows\System\GSaeiGh.exe
  C:\Windows\System\GSaeiGh.exe
  2⤵
  PID:4624
- C:\Windows\System\jMDjLIB.exe
  C:\Windows\System\jMDjLIB.exe
  2⤵
  PID:4644
- C:\Windows\System\cYXmjjQ.exe
  C:\Windows\System\cYXmjjQ.exe
  2⤵
  PID:4664
- C:\Windows\System\ZLrKTMu.exe
  C:\Windows\System\ZLrKTMu.exe
  2⤵
  PID:4680
- C:\Windows\System\yqzurFM.exe
  C:\Windows\System\yqzurFM.exe
  2⤵
  PID:4700
- C:\Windows\System\afXvEMd.exe
  C:\Windows\System\afXvEMd.exe
  2⤵
  PID:4728
- C:\Windows\System\UemvheY.exe
  C:\Windows\System\UemvheY.exe
  2⤵
  PID:4744
- C:\Windows\System\PINKzNN.exe
  C:\Windows\System\PINKzNN.exe
  2⤵
  PID:4760
- C:\Windows\System\IALfSKD.exe
  C:\Windows\System\IALfSKD.exe
  2⤵
  PID:4776
- C:\Windows\System\tkRupwM.exe
  C:\Windows\System\tkRupwM.exe
  2⤵
  PID:4792
- C:\Windows\System\FbEPLdL.exe
  C:\Windows\System\FbEPLdL.exe
  2⤵
  PID:4812
- C:\Windows\System\tKGcGtZ.exe
  C:\Windows\System\tKGcGtZ.exe
  2⤵
  PID:4828
- C:\Windows\System\nWZpIKa.exe
  C:\Windows\System\nWZpIKa.exe
  2⤵
  PID:4848
- C:\Windows\System\WCbCRCg.exe
  C:\Windows\System\WCbCRCg.exe
  2⤵
  PID:4868
- C:\Windows\System\jhJuuOU.exe
  C:\Windows\System\jhJuuOU.exe
  2⤵
  PID:4884
- C:\Windows\System\pSDpVmz.exe
  C:\Windows\System\pSDpVmz.exe
  2⤵
  PID:4932
- C:\Windows\System\AzqbLlt.exe
  C:\Windows\System\AzqbLlt.exe
  2⤵
  PID:4948
- C:\Windows\System\kBzPZpj.exe
  C:\Windows\System\kBzPZpj.exe
  2⤵
  PID:4964
- C:\Windows\System\BELoQqH.exe
  C:\Windows\System\BELoQqH.exe
  2⤵
  PID:4980
- C:\Windows\System\tOXsQYd.exe
  C:\Windows\System\tOXsQYd.exe
  2⤵
  PID:5000
- C:\Windows\System\GZjqDjd.exe
  C:\Windows\System\GZjqDjd.exe
  2⤵
  PID:5016
- C:\Windows\System\jofNkck.exe
  C:\Windows\System\jofNkck.exe
  2⤵
  PID:5036
- C:\Windows\System\Nwnfauy.exe
  C:\Windows\System\Nwnfauy.exe
  2⤵
  PID:5052
- C:\Windows\System\lwrRPrx.exe
  C:\Windows\System\lwrRPrx.exe
  2⤵
  PID:5072
- C:\Windows\System\qZrljOg.exe
  C:\Windows\System\qZrljOg.exe
  2⤵
  PID:5112
- C:\Windows\System\PTtBeMq.exe
  C:\Windows\System\PTtBeMq.exe
  2⤵
  PID:2448
- C:\Windows\System\kRQKqOc.exe
  C:\Windows\System\kRQKqOc.exe
  2⤵
  PID:4140
- C:\Windows\System\PgJSaKu.exe
  C:\Windows\System\PgJSaKu.exe
  2⤵
  PID:4208
- C:\Windows\System\NmxJNDt.exe
  C:\Windows\System\NmxJNDt.exe
  2⤵
  PID:4248
- C:\Windows\System\nQyIPMa.exe
  C:\Windows\System\nQyIPMa.exe
  2⤵
  PID:4316
- C:\Windows\System\jtrnhTV.exe
  C:\Windows\System\jtrnhTV.exe
  2⤵
  PID:4360
- C:\Windows\System\rtdoFcK.exe
  C:\Windows\System\rtdoFcK.exe
  2⤵
  PID:4376
- C:\Windows\System\kGFrKae.exe
  C:\Windows\System\kGFrKae.exe
  2⤵
  PID:3308
- C:\Windows\System\YlBtGqV.exe
  C:\Windows\System\YlBtGqV.exe
  2⤵
  PID:4228
- C:\Windows\System\uJkVXSe.exe
  C:\Windows\System\uJkVXSe.exe
  2⤵
  PID:2756
- C:\Windows\System\MHQELyC.exe
  C:\Windows\System\MHQELyC.exe
  2⤵
  PID:4400
- C:\Windows\System\oREQeYx.exe
  C:\Windows\System\oREQeYx.exe
  2⤵
  PID:4296
- C:\Windows\System\gHvOypy.exe
  C:\Windows\System\gHvOypy.exe
  2⤵
  PID:4120
- C:\Windows\System\YlfxugF.exe
  C:\Windows\System\YlfxugF.exe
  2⤵
  PID:4468
- C:\Windows\System\YJbnNLu.exe
  C:\Windows\System\YJbnNLu.exe
  2⤵
  PID:4504
- C:\Windows\System\gtPhbhX.exe
  C:\Windows\System\gtPhbhX.exe
  2⤵
  PID:4156
- C:\Windows\System\JjWVapq.exe
  C:\Windows\System\JjWVapq.exe
  2⤵
  PID:4264
- C:\Windows\System\TRQuIjY.exe
  C:\Windows\System\TRQuIjY.exe
  2⤵
  PID:4552
- C:\Windows\System\VuIBjvl.exe
  C:\Windows\System\VuIBjvl.exe
  2⤵
  PID:4452
- C:\Windows\System\rRwkKFx.exe
  C:\Windows\System\rRwkKFx.exe
  2⤵
  PID:4640
- C:\Windows\System\wJXjQQg.exe
  C:\Windows\System\wJXjQQg.exe
  2⤵
  PID:4708
- C:\Windows\System\heTuSLP.exe
  C:\Windows\System\heTuSLP.exe
  2⤵
  PID:4692
- C:\Windows\System\sQBRuUy.exe
  C:\Windows\System\sQBRuUy.exe
  2⤵
  PID:4716
- C:\Windows\System\GqqGetG.exe
  C:\Windows\System\GqqGetG.exe
  2⤵
  PID:4784
- C:\Windows\System\wPoaglF.exe
  C:\Windows\System\wPoaglF.exe
  2⤵
  PID:4856
- C:\Windows\System\OCWKAlp.exe
  C:\Windows\System\OCWKAlp.exe
  2⤵
  PID:4896
- C:\Windows\System\pvqfLfN.exe
  C:\Windows\System\pvqfLfN.exe
  2⤵
  PID:4912
- C:\Windows\System\FocDfei.exe
  C:\Windows\System\FocDfei.exe
  2⤵
  PID:4804
- C:\Windows\System\QYXZqdB.exe
  C:\Windows\System\QYXZqdB.exe
  2⤵
  PID:4836
- C:\Windows\System\uRcOcMn.exe
  C:\Windows\System\uRcOcMn.exe
  2⤵
  PID:4880
- C:\Windows\System\SibEKbw.exe
  C:\Windows\System\SibEKbw.exe
  2⤵
  PID:4988
- C:\Windows\System\fTjqgHX.exe
  C:\Windows\System\fTjqgHX.exe
  2⤵
  PID:5028
- C:\Windows\System\SlBnLMS.exe
  C:\Windows\System\SlBnLMS.exe
  2⤵
  PID:5068
- C:\Windows\System\wRQkKlt.exe
  C:\Windows\System\wRQkKlt.exe
  2⤵
  PID:4940
- C:\Windows\System\fhTkQOp.exe
  C:\Windows\System\fhTkQOp.exe
  2⤵
  PID:4972
- C:\Windows\System\vVKXPSV.exe
  C:\Windows\System\vVKXPSV.exe
  2⤵
  PID:4284
- C:\Windows\System\ySEtAdQ.exe
  C:\Windows\System\ySEtAdQ.exe
  2⤵
  PID:4392
- C:\Windows\System\ufCgTRr.exe
  C:\Windows\System\ufCgTRr.exe
  2⤵
  PID:3464
- C:\Windows\System\XXeNzFL.exe
  C:\Windows\System\XXeNzFL.exe
  2⤵
  PID:5048
- C:\Windows\System\boEelpL.exe
  C:\Windows\System\boEelpL.exe
  2⤵
  PID:4192
- C:\Windows\System\OnyxdHR.exe
  C:\Windows\System\OnyxdHR.exe
  2⤵
  PID:4332
- C:\Windows\System\sVGitTi.exe
  C:\Windows\System\sVGitTi.exe
  2⤵
  PID:4564
- C:\Windows\System\OOJFKIf.exe
  C:\Windows\System\OOJFKIf.exe
  2⤵
  PID:4396
- C:\Windows\System\aXQgyiY.exe
  C:\Windows\System\aXQgyiY.exe
  2⤵
  PID:4464
- C:\Windows\System\TZjCjBz.exe
  C:\Windows\System\TZjCjBz.exe
  2⤵
  PID:4480
- C:\Windows\System\HVNAbdu.exe
  C:\Windows\System\HVNAbdu.exe
  2⤵
  PID:4572
- C:\Windows\System\eBJNqlb.exe
  C:\Windows\System\eBJNqlb.exe
  2⤵
  PID:4580
- C:\Windows\System\nPSAGjy.exe
  C:\Windows\System\nPSAGjy.exe
  2⤵
  PID:4632
- C:\Windows\System\SqkJybc.exe
  C:\Windows\System\SqkJybc.exe
  2⤵
  PID:4524
- C:\Windows\System\nnZAZyi.exe
  C:\Windows\System\nnZAZyi.exe
  2⤵
  PID:4900
- C:\Windows\System\xmeyKqX.exe
  C:\Windows\System\xmeyKqX.exe
  2⤵
  PID:5064
- C:\Windows\System\xrucloN.exe
  C:\Windows\System\xrucloN.exe
  2⤵
  PID:4388
- C:\Windows\System\iBzRtXa.exe
  C:\Windows\System\iBzRtXa.exe
  2⤵
  PID:4420
- C:\Windows\System\JhNhsbe.exe
  C:\Windows\System\JhNhsbe.exe
  2⤵
  PID:4772
- C:\Windows\System\NeNPDSK.exe
  C:\Windows\System\NeNPDSK.exe
  2⤵
  PID:2392
- C:\Windows\System\hCgAzep.exe
  C:\Windows\System\hCgAzep.exe
  2⤵
  PID:4824
- C:\Windows\System\UNeBqqz.exe
  C:\Windows\System\UNeBqqz.exe
  2⤵
  PID:4724
- C:\Windows\System\SUwcalR.exe
  C:\Windows\System\SUwcalR.exe
  2⤵
  PID:4860
- C:\Windows\System\WReaFsp.exe
  C:\Windows\System\WReaFsp.exe
  2⤵
  PID:2864
- C:\Windows\System\MALlWbm.exe
  C:\Windows\System\MALlWbm.exe
  2⤵
  PID:4204
- C:\Windows\System\UwGFVqA.exe
  C:\Windows\System\UwGFVqA.exe
  2⤵
  PID:4500
- C:\Windows\System\DytxiZe.exe
  C:\Windows\System\DytxiZe.exe
  2⤵
  PID:2400
- C:\Windows\System\ugFnOvf.exe
  C:\Windows\System\ugFnOvf.exe
  2⤵
  PID:4756
- C:\Windows\System\nQButAf.exe
  C:\Windows\System\nQButAf.exe
  2⤵
  PID:4600
- C:\Windows\System\hdwnqvw.exe
  C:\Windows\System\hdwnqvw.exe
  2⤵
  PID:4996
- C:\Windows\System\gzozNDp.exe
  C:\Windows\System\gzozNDp.exe
  2⤵
  PID:4768
- C:\Windows\System\dUvkSog.exe
  C:\Windows\System\dUvkSog.exe
  2⤵
  PID:4436
- C:\Windows\System\UMvZeWz.exe
  C:\Windows\System\UMvZeWz.exe
  2⤵
  PID:4612
- C:\Windows\System\GTYucVl.exe
  C:\Windows\System\GTYucVl.exe
  2⤵
  PID:5044
- C:\Windows\System\dqXKdAe.exe
  C:\Windows\System\dqXKdAe.exe
  2⤵
  PID:4740
- C:\Windows\System\OymuExy.exe
  C:\Windows\System\OymuExy.exe
  2⤵
  PID:4620
- C:\Windows\System\yFsLCLD.exe
  C:\Windows\System\yFsLCLD.exe
  2⤵
  PID:4844
- C:\Windows\System\bogpxHn.exe
  C:\Windows\System\bogpxHn.exe
  2⤵
  PID:4876
- C:\Windows\System\GzZhvDq.exe
  C:\Windows\System\GzZhvDq.exe
  2⤵
  PID:4496
- C:\Windows\System\LwJYeBm.exe
  C:\Windows\System\LwJYeBm.exe
  2⤵
  PID:4928
- C:\Windows\System\XoQukkE.exe
  C:\Windows\System\XoQukkE.exe
  2⤵
  PID:5108
- C:\Windows\System\iGIsDrj.exe
  C:\Windows\System\iGIsDrj.exe
  2⤵
  PID:3040
- C:\Windows\System\YkTAVkZ.exe
  C:\Windows\System\YkTAVkZ.exe
  2⤵
  PID:4556
- C:\Windows\System\wnppuqv.exe
  C:\Windows\System\wnppuqv.exe
  2⤵
  PID:4300
- C:\Windows\System\RjRwsmq.exe
  C:\Windows\System\RjRwsmq.exe
  2⤵
  PID:4660
- C:\Windows\System\UyjQCSJ.exe
  C:\Windows\System\UyjQCSJ.exe
  2⤵
  PID:4560
- C:\Windows\System\cxFoisc.exe
  C:\Windows\System\cxFoisc.exe
  2⤵
  PID:4800
- C:\Windows\System\GSxpEtk.exe
  C:\Windows\System\GSxpEtk.exe
  2⤵
  PID:5128
- C:\Windows\System\lKWihsZ.exe
  C:\Windows\System\lKWihsZ.exe
  2⤵
  PID:5144
- C:\Windows\System\wyWrMoC.exe
  C:\Windows\System\wyWrMoC.exe
  2⤵
  PID:5160
- C:\Windows\System\BcuyfuQ.exe
  C:\Windows\System\BcuyfuQ.exe
  2⤵
  PID:5192
- C:\Windows\System\offEYwV.exe
  C:\Windows\System\offEYwV.exe
  2⤵
  PID:5212
- C:\Windows\System\IzdzJsV.exe
  C:\Windows\System\IzdzJsV.exe
  2⤵
  PID:5232
- C:\Windows\System\prBGXDL.exe
  C:\Windows\System\prBGXDL.exe
  2⤵
  PID:5252
- C:\Windows\System\QLBtFua.exe
  C:\Windows\System\QLBtFua.exe
  2⤵
  PID:5268
- C:\Windows\System\kkXxUCc.exe
  C:\Windows\System\kkXxUCc.exe
  2⤵
  PID:5288
- C:\Windows\System\pdTmxhi.exe
  C:\Windows\System\pdTmxhi.exe
  2⤵
  PID:5308
- C:\Windows\System\idwMRtg.exe
  C:\Windows\System\idwMRtg.exe
  2⤵
  PID:5328
- C:\Windows\System\RjnYJvw.exe
  C:\Windows\System\RjnYJvw.exe
  2⤵
  PID:5344
- C:\Windows\System\MPTBDZM.exe
  C:\Windows\System\MPTBDZM.exe
  2⤵
  PID:5360
- C:\Windows\System\DNZxZZf.exe
  C:\Windows\System\DNZxZZf.exe
  2⤵
  PID:5408
- C:\Windows\System\aQysKBI.exe
  C:\Windows\System\aQysKBI.exe
  2⤵
  PID:5424
- C:\Windows\System\XVwWtim.exe
  C:\Windows\System\XVwWtim.exe
  2⤵
  PID:5440
- C:\Windows\System\hGNoJJA.exe
  C:\Windows\System\hGNoJJA.exe
  2⤵
  PID:5460
- C:\Windows\System\lHxFJfl.exe
  C:\Windows\System\lHxFJfl.exe
  2⤵
  PID:5476
- C:\Windows\System\kYWFNur.exe
  C:\Windows\System\kYWFNur.exe
  2⤵
  PID:5496
- C:\Windows\System\qltXzhY.exe
  C:\Windows\System\qltXzhY.exe
  2⤵
  PID:5512
- C:\Windows\System\NjTASKb.exe
  C:\Windows\System\NjTASKb.exe
  2⤵
  PID:5532
- C:\Windows\System\fcJuLge.exe
  C:\Windows\System\fcJuLge.exe
  2⤵
  PID:5548
- C:\Windows\System\GKRnFVh.exe
  C:\Windows\System\GKRnFVh.exe
  2⤵
  PID:5588
- C:\Windows\System\tvVOMGR.exe
  C:\Windows\System\tvVOMGR.exe
  2⤵
  PID:5604
- C:\Windows\System\rtAsjdP.exe
  C:\Windows\System\rtAsjdP.exe
  2⤵
  PID:5620
- C:\Windows\System\TsDTvZn.exe
  C:\Windows\System\TsDTvZn.exe
  2⤵
  PID:5636
- C:\Windows\System\WKOHmNS.exe
  C:\Windows\System\WKOHmNS.exe
  2⤵
  PID:5656
- C:\Windows\System\jYWZsKE.exe
  C:\Windows\System\jYWZsKE.exe
  2⤵
  PID:5672
- C:\Windows\System\vwpbSdC.exe
  C:\Windows\System\vwpbSdC.exe
  2⤵
  PID:5688
- C:\Windows\System\fwEIfbZ.exe
  C:\Windows\System\fwEIfbZ.exe
  2⤵
  PID:5708
- C:\Windows\System\PvXfJvC.exe
  C:\Windows\System\PvXfJvC.exe
  2⤵
  PID:5728
- C:\Windows\System\fSOvDRH.exe
  C:\Windows\System\fSOvDRH.exe
  2⤵
  PID:5744
- C:\Windows\System\CKILkog.exe
  C:\Windows\System\CKILkog.exe
  2⤵
  PID:5768
- C:\Windows\System\ygclFDC.exe
  C:\Windows\System\ygclFDC.exe
  2⤵
  PID:5784
- C:\Windows\System\uVayGro.exe
  C:\Windows\System\uVayGro.exe
  2⤵
  PID:5832
- C:\Windows\System\DhapYpc.exe
  C:\Windows\System\DhapYpc.exe
  2⤵
  PID:5848
- C:\Windows\System\swfEFuS.exe
  C:\Windows\System\swfEFuS.exe
  2⤵
  PID:5864
- C:\Windows\System\QUVYzbK.exe
  C:\Windows\System\QUVYzbK.exe
  2⤵
  PID:5880
- C:\Windows\System\dkLTWsO.exe
  C:\Windows\System\dkLTWsO.exe
  2⤵
  PID:5896
- C:\Windows\System\pKEOFUg.exe
  C:\Windows\System\pKEOFUg.exe
  2⤵
  PID:5912
- C:\Windows\System\nYVUhNX.exe
  C:\Windows\System\nYVUhNX.exe
  2⤵
  PID:5928
- C:\Windows\System\TnAcwAq.exe
  C:\Windows\System\TnAcwAq.exe
  2⤵
  PID:5948
- C:\Windows\System\zuwTGIt.exe
  C:\Windows\System\zuwTGIt.exe
  2⤵
  PID:5968
- C:\Windows\System\KodRUqN.exe
  C:\Windows\System\KodRUqN.exe
  2⤵
  PID:5984
- C:\Windows\System\oCDXhzX.exe
  C:\Windows\System\oCDXhzX.exe
  2⤵
  PID:6032
- C:\Windows\System\KZSaWFE.exe
  C:\Windows\System\KZSaWFE.exe
  2⤵
  PID:6048
- C:\Windows\System\uOQBbgK.exe
  C:\Windows\System\uOQBbgK.exe
  2⤵
  PID:6064
- C:\Windows\System\WFgaMsD.exe
  C:\Windows\System\WFgaMsD.exe
  2⤵
  PID:6084
- C:\Windows\System\SFVlgoV.exe
  C:\Windows\System\SFVlgoV.exe
  2⤵
  PID:6100
- C:\Windows\System\nWjNKjl.exe
  C:\Windows\System\nWjNKjl.exe
  2⤵
  PID:6116
- C:\Windows\System\woOSOOl.exe
  C:\Windows\System\woOSOOl.exe
  2⤵
  PID:6136
- C:\Windows\System\oFIRgvm.exe
  C:\Windows\System\oFIRgvm.exe
  2⤵
  PID:4448
- C:\Windows\System\zxzmfpf.exe
  C:\Windows\System\zxzmfpf.exe
  2⤵
  PID:5140
- C:\Windows\System\zVDSrwI.exe
  C:\Windows\System\zVDSrwI.exe
  2⤵
  PID:5184
- C:\Windows\System\DOZeyRg.exe
  C:\Windows\System\DOZeyRg.exe
  2⤵
  PID:4808
- C:\Windows\System\FxBIkQP.exe
  C:\Windows\System\FxBIkQP.exe
  2⤵
  PID:5200
- C:\Windows\System\CYnbGtt.exe
  C:\Windows\System\CYnbGtt.exe
  2⤵
  PID:5244
- C:\Windows\System\mLxFIKT.exe
  C:\Windows\System\mLxFIKT.exe
  2⤵
  PID:5284
- C:\Windows\System\DLoQwxV.exe
  C:\Windows\System\DLoQwxV.exe
  2⤵
  PID:5296
- C:\Windows\System\YmHULSU.exe
  C:\Windows\System\YmHULSU.exe
  2⤵
  PID:5260
- C:\Windows\System\eiLmIUl.exe
  C:\Windows\System\eiLmIUl.exe
  2⤵
  PID:5336
- C:\Windows\System\BandoaW.exe
  C:\Windows\System\BandoaW.exe
  2⤵
  PID:5384
- C:\Windows\System\LpFTkOj.exe
  C:\Windows\System\LpFTkOj.exe
  2⤵
  PID:5400
- C:\Windows\System\fGKtADy.exe
  C:\Windows\System\fGKtADy.exe
  2⤵
  PID:5448
- C:\Windows\System\KNfJbUf.exe
  C:\Windows\System\KNfJbUf.exe
  2⤵
  PID:5520
- C:\Windows\System\eXUUqgF.exe
  C:\Windows\System\eXUUqgF.exe
  2⤵
  PID:5556
- C:\Windows\System\SpxJlIt.exe
  C:\Windows\System\SpxJlIt.exe
  2⤵
  PID:5576
- C:\Windows\System\tKVHqAd.exe
  C:\Windows\System\tKVHqAd.exe
  2⤵
  PID:5468
- C:\Windows\System\VUEuakO.exe
  C:\Windows\System\VUEuakO.exe
  2⤵
  PID:5584
- C:\Windows\System\AJYmbHF.exe
  C:\Windows\System\AJYmbHF.exe
  2⤵
  PID:5796
- C:\Windows\System\hyKrXCY.exe
  C:\Windows\System\hyKrXCY.exe
  2⤵
  PID:5600
- C:\Windows\System\klLqdfs.exe
  C:\Windows\System\klLqdfs.exe
  2⤵
  PID:5632
- C:\Windows\System\HJlcLyO.exe
  C:\Windows\System\HJlcLyO.exe
  2⤵
  PID:5700
- C:\Windows\System\mVyaeBm.exe
  C:\Windows\System\mVyaeBm.exe
  2⤵
  PID:5776
- C:\Windows\System\mjIFQhE.exe
  C:\Windows\System\mjIFQhE.exe
  2⤵
  PID:5856
- C:\Windows\System\UIXNkYF.exe
  C:\Windows\System\UIXNkYF.exe
  2⤵
  PID:5920
- C:\Windows\System\PRuwETC.exe
  C:\Windows\System\PRuwETC.exe
  2⤵
  PID:5844
- C:\Windows\System\KVBujed.exe
  C:\Windows\System\KVBujed.exe
  2⤵
  PID:5936
- C:\Windows\System\xzFzult.exe
  C:\Windows\System\xzFzult.exe
  2⤵
  PID:5876
- C:\Windows\System\ljgWFbR.exe
  C:\Windows\System\ljgWFbR.exe
  2⤵
  PID:5940
- C:\Windows\System\CWooMhC.exe
  C:\Windows\System\CWooMhC.exe
  2⤵
  PID:6060
- C:\Windows\System\wItIFMQ.exe
  C:\Windows\System\wItIFMQ.exe
  2⤵
  PID:6132
- C:\Windows\System\NTLTiLP.exe
  C:\Windows\System\NTLTiLP.exe
  2⤵
  PID:5172
- C:\Windows\System\OPELMrX.exe
  C:\Windows\System\OPELMrX.exe
  2⤵
  PID:5240
- C:\Windows\System\RIDFFbx.exe
  C:\Windows\System\RIDFFbx.exe
  2⤵
  PID:5392
- C:\Windows\System\UJZQWva.exe
  C:\Windows\System\UJZQWva.exe
  2⤵
  PID:5452
- C:\Windows\System\ywKqzAs.exe
  C:\Windows\System\ywKqzAs.exe
  2⤵
  PID:5504
- C:\Windows\System\RXGIGRd.exe
  C:\Windows\System\RXGIGRd.exe
  2⤵
  PID:5276
- C:\Windows\System\ArpEHke.exe
  C:\Windows\System\ArpEHke.exe
  2⤵
  PID:5124
- C:\Windows\System\bUryySx.exe
  C:\Windows\System\bUryySx.exe
  2⤵
  PID:5612
- C:\Windows\System\zMvvGhn.exe
  C:\Windows\System\zMvvGhn.exe
  2⤵
  PID:4012
- C:\Windows\System\fKXXfRE.exe
  C:\Windows\System\fKXXfRE.exe
  2⤵
  PID:5152
- C:\Windows\System\asdDVNi.exe
  C:\Windows\System\asdDVNi.exe
  2⤵
  PID:5368
- C:\Windows\System\OiCDgrh.exe
  C:\Windows\System\OiCDgrh.exe
  2⤵
  PID:5404
- C:\Windows\System\pIwvLhw.exe
  C:\Windows\System\pIwvLhw.exe
  2⤵
  PID:5760
- C:\Windows\System\duLNZNt.exe
  C:\Windows\System\duLNZNt.exe
  2⤵
  PID:5644
- C:\Windows\System\vJGWFwk.exe
  C:\Windows\System\vJGWFwk.exe
  2⤵
  PID:5596
- C:\Windows\System\dcXJXsz.exe
  C:\Windows\System\dcXJXsz.exe
  2⤵
  PID:5800
- C:\Windows\System\fHsheHA.exe
  C:\Windows\System\fHsheHA.exe
  2⤵
  PID:5764
- C:\Windows\System\iJYaudk.exe
  C:\Windows\System\iJYaudk.exe
  2⤵
  PID:5960
- C:\Windows\System\tIELPKL.exe
  C:\Windows\System\tIELPKL.exe
  2⤵
  PID:6004
- C:\Windows\System\OOxnAIF.exe
  C:\Windows\System\OOxnAIF.exe
  2⤵
  PID:5892
- C:\Windows\System\asxCThR.exe
  C:\Windows\System\asxCThR.exe
  2⤵
  PID:996
- C:\Windows\System\OtQKTDU.exe
  C:\Windows\System\OtQKTDU.exe
  2⤵
  PID:6000
- C:\Windows\System\ACabDZh.exe
  C:\Windows\System\ACabDZh.exe
  2⤵
  PID:4348
- C:\Windows\System\GViZYLt.exe
  C:\Windows\System\GViZYLt.exe
  2⤵
  PID:6096
- C:\Windows\System\nNOgvKo.exe
  C:\Windows\System\nNOgvKo.exe
  2⤵
  PID:6040
- C:\Windows\System\xpmdMEo.exe
  C:\Windows\System\xpmdMEo.exe
  2⤵
  PID:836
- C:\Windows\System\RRQSQfb.exe
  C:\Windows\System\RRQSQfb.exe
  2⤵
  PID:5372
- C:\Windows\System\rkKsQuu.exe
  C:\Windows\System\rkKsQuu.exe
  2⤵
  PID:5176
- C:\Windows\System\cftrfGS.exe
  C:\Windows\System\cftrfGS.exe
  2⤵
  PID:6108
- C:\Windows\System\jqLQnMe.exe
  C:\Windows\System\jqLQnMe.exe
  2⤵
  PID:5280
- C:\Windows\System\YZlkopR.exe
  C:\Windows\System\YZlkopR.exe
  2⤵
  PID:5684
- C:\Windows\System\iDvureK.exe
  C:\Windows\System\iDvureK.exe
  2⤵
  PID:5720
- C:\Windows\System\YmeWXPW.exe
  C:\Windows\System\YmeWXPW.exe
  2⤵
  PID:5840
- C:\Windows\System\iBuZZwx.exe
  C:\Windows\System\iBuZZwx.exe
  2⤵
  PID:5996
- C:\Windows\System\WRutayB.exe
  C:\Windows\System\WRutayB.exe
  2⤵
  PID:6056
- C:\Windows\System\SkgvTpH.exe
  C:\Windows\System\SkgvTpH.exe
  2⤵
  PID:5908
- C:\Windows\System\vcKchZQ.exe
  C:\Windows\System\vcKchZQ.exe
  2⤵
  PID:5320
- C:\Windows\System\BuEBoVm.exe
  C:\Windows\System\BuEBoVm.exe
  2⤵
  PID:6044
- C:\Windows\System\FUynRHQ.exe
  C:\Windows\System\FUynRHQ.exe
  2⤵
  PID:5580
- C:\Windows\System\UBjgmyt.exe
  C:\Windows\System\UBjgmyt.exe
  2⤵
  PID:5180
- C:\Windows\System\piTYeXE.exe
  C:\Windows\System\piTYeXE.exe
  2⤵
  PID:5808
- C:\Windows\System\kcSEfGO.exe
  C:\Windows\System\kcSEfGO.exe
  2⤵
  PID:5696
- C:\Windows\System\ajzlRVz.exe
  C:\Windows\System\ajzlRVz.exe
  2⤵
  PID:6112
- C:\Windows\System\rnQVtaj.exe
  C:\Windows\System\rnQVtaj.exe
  2⤵
  PID:6016
- C:\Windows\System\HAAzhyx.exe
  C:\Windows\System\HAAzhyx.exe
  2⤵
  PID:5628
- C:\Windows\System\MVZMzPA.exe
  C:\Windows\System\MVZMzPA.exe
  2⤵
  PID:5824
- C:\Windows\System\HYyRVcI.exe
  C:\Windows\System\HYyRVcI.exe
  2⤵
  PID:4752
- C:\Windows\System\pDUoxqP.exe
  C:\Windows\System\pDUoxqP.exe
  2⤵
  PID:5964
- C:\Windows\System\bqmOFMN.exe
  C:\Windows\System\bqmOFMN.exe
  2⤵
  PID:6156
- C:\Windows\System\ZTBobSF.exe
  C:\Windows\System\ZTBobSF.exe
  2⤵
  PID:6176
- C:\Windows\System\lXZLQPk.exe
  C:\Windows\System\lXZLQPk.exe
  2⤵
  PID:6192
- C:\Windows\System\WxBsaaK.exe
  C:\Windows\System\WxBsaaK.exe
  2⤵
  PID:6208
- C:\Windows\System\OddVWLQ.exe
  C:\Windows\System\OddVWLQ.exe
  2⤵
  PID:6224
- C:\Windows\System\nRkSKIq.exe
  C:\Windows\System\nRkSKIq.exe
  2⤵
  PID:6240
- C:\Windows\System\aJxbAUD.exe
  C:\Windows\System\aJxbAUD.exe
  2⤵
  PID:6256
- C:\Windows\System\XRvjJLh.exe
  C:\Windows\System\XRvjJLh.exe
  2⤵
  PID:6272
- C:\Windows\System\LoPdQUt.exe
  C:\Windows\System\LoPdQUt.exe
  2⤵
  PID:6288
- C:\Windows\System\fhdgazV.exe
  C:\Windows\System\fhdgazV.exe
  2⤵
  PID:6304
- C:\Windows\System\tuhvhMt.exe
  C:\Windows\System\tuhvhMt.exe
  2⤵
  PID:6320
- C:\Windows\System\OTtBNGL.exe
  C:\Windows\System\OTtBNGL.exe
  2⤵
  PID:6336
- C:\Windows\System\dGEGxSl.exe
  C:\Windows\System\dGEGxSl.exe
  2⤵
  PID:6352
- C:\Windows\System\dymlEnF.exe
  C:\Windows\System\dymlEnF.exe
  2⤵
  PID:6368
- C:\Windows\System\EtgBZnQ.exe
  C:\Windows\System\EtgBZnQ.exe
  2⤵
  PID:6384
- C:\Windows\System\IiSnPsH.exe
  C:\Windows\System\IiSnPsH.exe
  2⤵
  PID:6400
- C:\Windows\System\kgbHgct.exe
  C:\Windows\System\kgbHgct.exe
  2⤵
  PID:6420
- C:\Windows\System\rkVvgqi.exe
  C:\Windows\System\rkVvgqi.exe
  2⤵
  PID:6436
- C:\Windows\System\fryBUjQ.exe
  C:\Windows\System\fryBUjQ.exe
  2⤵
  PID:6452
- C:\Windows\System\wMkIExj.exe
  C:\Windows\System\wMkIExj.exe
  2⤵
  PID:6468
- C:\Windows\System\uqQakYR.exe
  C:\Windows\System\uqQakYR.exe
  2⤵
  PID:6484
- C:\Windows\System\GQHYRve.exe
  C:\Windows\System\GQHYRve.exe
  2⤵
  PID:6500
- C:\Windows\System\VxSFAlA.exe
  C:\Windows\System\VxSFAlA.exe
  2⤵
  PID:6516
- C:\Windows\System\swvdwor.exe
  C:\Windows\System\swvdwor.exe
  2⤵
  PID:6532
- C:\Windows\System\zbkCxwM.exe
  C:\Windows\System\zbkCxwM.exe
  2⤵
  PID:6548
- C:\Windows\System\UMmyvhE.exe
  C:\Windows\System\UMmyvhE.exe
  2⤵
  PID:6568
- C:\Windows\System\zRnKcoM.exe
  C:\Windows\System\zRnKcoM.exe
  2⤵
  PID:6584
- C:\Windows\System\ruWwVvD.exe
  C:\Windows\System\ruWwVvD.exe
  2⤵
  PID:6600
- C:\Windows\System\ONGPyNN.exe
  C:\Windows\System\ONGPyNN.exe
  2⤵
  PID:6616
- C:\Windows\System\hsayMoE.exe
  C:\Windows\System\hsayMoE.exe
  2⤵
  PID:6636
- C:\Windows\System\ILBoQFT.exe
  C:\Windows\System\ILBoQFT.exe
  2⤵
  PID:6652
- C:\Windows\System\zAPLjHc.exe
  C:\Windows\System\zAPLjHc.exe
  2⤵
  PID:6668
- C:\Windows\System\OjxEvjp.exe
  C:\Windows\System\OjxEvjp.exe
  2⤵
  PID:6684
- C:\Windows\System\EEPkufP.exe
  C:\Windows\System\EEPkufP.exe
  2⤵
  PID:6700
- C:\Windows\System\PtUtpxB.exe
  C:\Windows\System\PtUtpxB.exe
  2⤵
  PID:6720
- C:\Windows\System\xDsUZMQ.exe
  C:\Windows\System\xDsUZMQ.exe
  2⤵
  PID:6736
- C:\Windows\System\feJGrXO.exe
  C:\Windows\System\feJGrXO.exe
  2⤵
  PID:6752
- C:\Windows\System\xdiCWaq.exe
  C:\Windows\System\xdiCWaq.exe
  2⤵
  PID:6768
- C:\Windows\System\ZcYvcWK.exe
  C:\Windows\System\ZcYvcWK.exe
  2⤵
  PID:6784
- C:\Windows\System\lnBxWAU.exe
  C:\Windows\System\lnBxWAU.exe
  2⤵
  PID:6800
- C:\Windows\System\yajzFXI.exe
  C:\Windows\System\yajzFXI.exe
  2⤵
  PID:6816
- C:\Windows\System\pqgSmjJ.exe
  C:\Windows\System\pqgSmjJ.exe
  2⤵
  PID:6836
- C:\Windows\System\MDYnQGN.exe
  C:\Windows\System\MDYnQGN.exe
  2⤵
  PID:6852
- C:\Windows\System\eZFtWHp.exe
  C:\Windows\System\eZFtWHp.exe
  2⤵
  PID:6868
- C:\Windows\System\lMbmlmG.exe
  C:\Windows\System\lMbmlmG.exe
  2⤵
  PID:6888
- C:\Windows\System\GEFMzkO.exe
  C:\Windows\System\GEFMzkO.exe
  2⤵
  PID:6904
- C:\Windows\System\WEWbmEM.exe
  C:\Windows\System\WEWbmEM.exe
  2⤵
  PID:6920
- C:\Windows\System\BAdIyai.exe
  C:\Windows\System\BAdIyai.exe
  2⤵
  PID:6936
- C:\Windows\System\pOaktAE.exe
  C:\Windows\System\pOaktAE.exe
  2⤵
  PID:6956
- C:\Windows\System\wEBSLuT.exe
  C:\Windows\System\wEBSLuT.exe
  2⤵
  PID:6972
- C:\Windows\System\AupOZyR.exe
  C:\Windows\System\AupOZyR.exe
  2⤵
  PID:6988
- C:\Windows\System\nERHEhr.exe
  C:\Windows\System\nERHEhr.exe
  2⤵
  PID:7004
- C:\Windows\System\nqsqzWg.exe
  C:\Windows\System\nqsqzWg.exe
  2⤵
  PID:7020
- C:\Windows\System\MIeNxBK.exe
  C:\Windows\System\MIeNxBK.exe
  2⤵
  PID:7036
- C:\Windows\System\oYWYyKu.exe
  C:\Windows\System\oYWYyKu.exe
  2⤵
  PID:7056
- C:\Windows\System\jizITLi.exe
  C:\Windows\System\jizITLi.exe
  2⤵
  PID:7072
- C:\Windows\System\tuGSnAg.exe
  C:\Windows\System\tuGSnAg.exe
  2⤵
  PID:7088
- C:\Windows\System\tyFZUPr.exe
  C:\Windows\System\tyFZUPr.exe
  2⤵
  PID:7108
- C:\Windows\System\teHLmef.exe
  C:\Windows\System\teHLmef.exe
  2⤵
  PID:7124
- C:\Windows\System\eKUXCVF.exe
  C:\Windows\System\eKUXCVF.exe
  2⤵
  PID:7140
- C:\Windows\System\vCRvLNR.exe
  C:\Windows\System\vCRvLNR.exe
  2⤵
  PID:7156
- C:\Windows\System\YuEWdOk.exe
  C:\Windows\System\YuEWdOk.exe
  2⤵
  PID:5888
- C:\Windows\System\IDWPBLN.exe
  C:\Windows\System\IDWPBLN.exe
  2⤵
  PID:5956
- C:\Windows\System\PHFECeR.exe
  C:\Windows\System\PHFECeR.exe
  2⤵
  PID:6200
- C:\Windows\System\ZgXOyAK.exe
  C:\Windows\System\ZgXOyAK.exe
  2⤵
  PID:6216
- C:\Windows\System\mEHyyrg.exe
  C:\Windows\System\mEHyyrg.exe
  2⤵
  PID:6284
- C:\Windows\System\PTEemKi.exe
  C:\Windows\System\PTEemKi.exe
  2⤵
  PID:6348
- C:\Windows\System\fiWIRkA.exe
  C:\Windows\System\fiWIRkA.exe
  2⤵
  PID:6412
- C:\Windows\System\HYxLzuj.exe
  C:\Windows\System\HYxLzuj.exe
  2⤵
  PID:6444
- C:\Windows\System\ruQdboG.exe
  C:\Windows\System\ruQdboG.exe
  2⤵
  PID:6508
- C:\Windows\System\RoZfDog.exe
  C:\Windows\System\RoZfDog.exe
  2⤵
  PID:6540
- C:\Windows\System\clZMyea.exe
  C:\Windows\System\clZMyea.exe
  2⤵
  PID:6296
- C:\Windows\System\vRpIvXz.exe
  C:\Windows\System\vRpIvXz.exe
  2⤵
  PID:6364
- C:\Windows\System\SqLjFYQ.exe
  C:\Windows\System\SqLjFYQ.exe
  2⤵
  PID:6464
- C:\Windows\System\pcebjxN.exe
  C:\Windows\System\pcebjxN.exe
  2⤵
  PID:6556
- C:\Windows\System\sakPbTf.exe
  C:\Windows\System\sakPbTf.exe
  2⤵
  PID:6580
- C:\Windows\System\pkFROFs.exe
  C:\Windows\System\pkFROFs.exe
  2⤵
  PID:6648
- C:\Windows\System\Dvszrju.exe
  C:\Windows\System\Dvszrju.exe
  2⤵
  PID:6716
- C:\Windows\System\GdGSoDA.exe
  C:\Windows\System\GdGSoDA.exe
  2⤵
  PID:6776
- C:\Windows\System\HqAnEFA.exe
  C:\Windows\System\HqAnEFA.exe
  2⤵
  PID:6592
- C:\Windows\System\VHfnGEb.exe
  C:\Windows\System\VHfnGEb.exe
  2⤵
  PID:6632
- C:\Windows\System\rhDoWjU.exe
  C:\Windows\System\rhDoWjU.exe
  2⤵
  PID:6848
- C:\Windows\System\UvsYzHM.exe
  C:\Windows\System\UvsYzHM.exe
  2⤵
  PID:6880
- C:\Windows\System\upHAvgG.exe
  C:\Windows\System\upHAvgG.exe
  2⤵
  PID:6760
- C:\Windows\System\SrTWuim.exe
  C:\Windows\System\SrTWuim.exe
  2⤵
  PID:6828
- C:\Windows\System\anHPgRo.exe
  C:\Windows\System\anHPgRo.exe
  2⤵
  PID:6896
- C:\Windows\System\qupScLF.exe
  C:\Windows\System\qupScLF.exe
  2⤵
  PID:6932
- C:\Windows\System\hMWOHMP.exe
  C:\Windows\System\hMWOHMP.exe
  2⤵
  PID:7044
- C:\Windows\System\cEQzYnX.exe
  C:\Windows\System\cEQzYnX.exe
  2⤵
  PID:6996
- C:\Windows\System\QqClafH.exe
  C:\Windows\System\QqClafH.exe
  2⤵
  PID:7032
- C:\Windows\System\aVgHMrC.exe
  C:\Windows\System\aVgHMrC.exe
  2⤵
  PID:7084
- C:\Windows\System\mESQOCS.exe
  C:\Windows\System\mESQOCS.exe
  2⤵
  PID:7068
- C:\Windows\System\MFZEDmt.exe
  C:\Windows\System\MFZEDmt.exe
  2⤵
  PID:7136
- C:\Windows\System\QDodaDc.exe
  C:\Windows\System\QDodaDc.exe
  2⤵
  PID:5528
- C:\Windows\System\BayEUoG.exe
  C:\Windows\System\BayEUoG.exe
  2⤵
  PID:6344
- C:\Windows\System\lIJtdjT.exe
  C:\Windows\System\lIJtdjT.exe
  2⤵
  PID:6392
- C:\Windows\System\YsNMYOT.exe
  C:\Windows\System\YsNMYOT.exe
  2⤵
  PID:6496
- C:\Windows\System\DrDGQWa.exe
  C:\Windows\System\DrDGQWa.exe
  2⤵
  PID:6280
- C:\Windows\System\EsrhHks.exe
  C:\Windows\System\EsrhHks.exe
  2⤵
  PID:6232
- C:\Windows\System\LBiUWUR.exe
  C:\Windows\System\LBiUWUR.exe
  2⤵
  PID:6480
- C:\Windows\System\ktRvleX.exe
  C:\Windows\System\ktRvleX.exe
  2⤵
  PID:6432
- C:\Windows\System\PIogVsM.exe
  C:\Windows\System\PIogVsM.exe
  2⤵
  PID:6564
- C:\Windows\System\PRXUiUy.exe
  C:\Windows\System\PRXUiUy.exe
  2⤵
  PID:6748
- C:\Windows\System\kQhrqyJ.exe
  C:\Windows\System\kQhrqyJ.exe
  2⤵
  PID:6808
- C:\Windows\System\nJDhOgA.exe
  C:\Windows\System\nJDhOgA.exe
  2⤵
  PID:6876
- C:\Windows\System\ACrPypq.exe
  C:\Windows\System\ACrPypq.exe
  2⤵
  PID:6928
- C:\Windows\System\QtXPPFf.exe
  C:\Windows\System\QtXPPFf.exe
  2⤵
  PID:6732
- C:\Windows\System\YDMsQzV.exe
  C:\Windows\System\YDMsQzV.exe
  2⤵
  PID:6864
- C:\Windows\System\HYGaVrN.exe
  C:\Windows\System\HYGaVrN.exe
  2⤵
  PID:6948
- C:\Windows\System\HYaPmwU.exe
  C:\Windows\System\HYaPmwU.exe
  2⤵
  PID:7148
- C:\Windows\System\wbAzvpq.exe
  C:\Windows\System\wbAzvpq.exe
  2⤵
  PID:7152
- C:\Windows\System\xdDGIEV.exe
  C:\Windows\System\xdDGIEV.exe
  2⤵
  PID:6268
- C:\Windows\System\NEFoDYP.exe
  C:\Windows\System\NEFoDYP.exe
  2⤵
  PID:6148
- C:\Windows\System\rHubMFw.exe
  C:\Windows\System\rHubMFw.exe
  2⤵
  PID:6612
- C:\Windows\System\ntnCQRJ.exe
  C:\Windows\System\ntnCQRJ.exe
  2⤵
  PID:6408
- C:\Windows\System\mttmdpE.exe
  C:\Windows\System\mttmdpE.exe
  2⤵
  PID:6664
- C:\Windows\System\HzwoyJa.exe
  C:\Windows\System\HzwoyJa.exe
  2⤵
  PID:7016
- C:\Windows\System\RIIsmxn.exe
  C:\Windows\System\RIIsmxn.exe
  2⤵
  PID:6980
- C:\Windows\System\LAzyUbK.exe
  C:\Windows\System\LAzyUbK.exe
  2⤵
  PID:6680
- C:\Windows\System\GcPVNxu.exe
  C:\Windows\System\GcPVNxu.exe
  2⤵
  PID:6792
- C:\Windows\System\IEQiBtp.exe
  C:\Windows\System\IEQiBtp.exe
  2⤵
  PID:7104
- C:\Windows\System\tHhSYZc.exe
  C:\Windows\System\tHhSYZc.exe
  2⤵
  PID:7080
- C:\Windows\System\pyqognY.exe
  C:\Windows\System\pyqognY.exe
  2⤵
  PID:7172
- C:\Windows\System\MnbFYQt.exe
  C:\Windows\System\MnbFYQt.exe
  2⤵
  PID:7188
- C:\Windows\System\zUKQHRZ.exe
  C:\Windows\System\zUKQHRZ.exe
  2⤵
  PID:7204
- C:\Windows\System\pAezMIB.exe
  C:\Windows\System\pAezMIB.exe
  2⤵
  PID:7220
- C:\Windows\System\hlntTOd.exe
  C:\Windows\System\hlntTOd.exe
  2⤵
  PID:7244
- C:\Windows\System\JKHAdPa.exe
  C:\Windows\System\JKHAdPa.exe
  2⤵
  PID:7260
- C:\Windows\System\qIjQjrV.exe
  C:\Windows\System\qIjQjrV.exe
  2⤵
  PID:7276
- C:\Windows\System\ehSsMBm.exe
  C:\Windows\System\ehSsMBm.exe
  2⤵
  PID:7292
- C:\Windows\System\rgDIAJO.exe
  C:\Windows\System\rgDIAJO.exe
  2⤵
  PID:7312
- C:\Windows\System\BNOQXBz.exe
  C:\Windows\System\BNOQXBz.exe
  2⤵
  PID:7328
- C:\Windows\System\sqeqert.exe
  C:\Windows\System\sqeqert.exe
  2⤵
  PID:7344
- C:\Windows\System\FFfasUY.exe
  C:\Windows\System\FFfasUY.exe
  2⤵
  PID:7588
- C:\Windows\System\hkrYIpX.exe
  C:\Windows\System\hkrYIpX.exe
  2⤵
  PID:7612
- C:\Windows\System\ZUrKxAn.exe
  C:\Windows\System\ZUrKxAn.exe
  2⤵
  PID:7872
- C:\Windows\System\RFrxbyD.exe
  C:\Windows\System\RFrxbyD.exe
  2⤵
  PID:7888
- C:\Windows\System\uODzmuj.exe
  C:\Windows\System\uODzmuj.exe
  2⤵
  PID:7908
- C:\Windows\System\XnnCYmT.exe
  C:\Windows\System\XnnCYmT.exe
  2⤵
  PID:7924
- C:\Windows\System\lDiEljj.exe
  C:\Windows\System\lDiEljj.exe
  2⤵
  PID:7940
- C:\Windows\System\IuSxJNb.exe
  C:\Windows\System\IuSxJNb.exe
  2⤵
  PID:7956
- C:\Windows\System\TqAjPLk.exe
  C:\Windows\System\TqAjPLk.exe
  2⤵
  PID:7972
- C:\Windows\System\YYcglII.exe
  C:\Windows\System\YYcglII.exe
  2⤵
  PID:7988
- C:\Windows\System\WbzAfDJ.exe
  C:\Windows\System\WbzAfDJ.exe
  2⤵
  PID:8004
- C:\Windows\System\ALRVUor.exe
  C:\Windows\System\ALRVUor.exe
  2⤵
  PID:8020
- C:\Windows\System\kFmOipB.exe
  C:\Windows\System\kFmOipB.exe
  2⤵
  PID:8036
- C:\Windows\System\SJFtrSR.exe
  C:\Windows\System\SJFtrSR.exe
  2⤵
  PID:8052
- C:\Windows\System\KDUpOtp.exe
  C:\Windows\System\KDUpOtp.exe
  2⤵
  PID:8068
- C:\Windows\System\qZPnvmG.exe
  C:\Windows\System\qZPnvmG.exe
  2⤵
  PID:8084
- C:\Windows\System\EbZtXHM.exe
  C:\Windows\System\EbZtXHM.exe
  2⤵
  PID:8100
- C:\Windows\System\IABAGSB.exe
  C:\Windows\System\IABAGSB.exe
  2⤵
  PID:8124
- C:\Windows\System\yPdDtGv.exe
  C:\Windows\System\yPdDtGv.exe
  2⤵
  PID:8140
- C:\Windows\System\IvULsxq.exe
  C:\Windows\System\IvULsxq.exe
  2⤵
  PID:8156
- C:\Windows\System\UPDNLqF.exe
  C:\Windows\System\UPDNLqF.exe
  2⤵
  PID:8172
- C:\Windows\System\oWVnnWu.exe
  C:\Windows\System\oWVnnWu.exe
  2⤵
  PID:8188
- C:\Windows\System\jPoyTlm.exe
  C:\Windows\System\jPoyTlm.exe
  2⤵
  PID:6164
- C:\Windows\System\yJNNHdc.exe
  C:\Windows\System\yJNNHdc.exe
  2⤵
  PID:6576
- C:\Windows\System\UgqLRxJ.exe
  C:\Windows\System\UgqLRxJ.exe
  2⤵
  PID:6168
- C:\Windows\System\KUMMDBT.exe
  C:\Windows\System\KUMMDBT.exe
  2⤵
  PID:7232
- C:\Windows\System\jbboxtl.exe
  C:\Windows\System\jbboxtl.exe
  2⤵
  PID:7180
- C:\Windows\System\PuMEklS.exe
  C:\Windows\System\PuMEklS.exe
  2⤵
  PID:7216
- C:\Windows\System\VtwoZXj.exe
  C:\Windows\System\VtwoZXj.exe
  2⤵
  PID:7272
- C:\Windows\System\zMZcOaB.exe
  C:\Windows\System\zMZcOaB.exe
  2⤵
  PID:7288
- C:\Windows\System\eJEjDoL.exe
  C:\Windows\System\eJEjDoL.exe
  2⤵
  PID:7336
- C:\Windows\System\BTGcRsb.exe
  C:\Windows\System\BTGcRsb.exe
  2⤵
  PID:7368
- C:\Windows\System\GswcoZM.exe
  C:\Windows\System\GswcoZM.exe
  2⤵
  PID:7384
- C:\Windows\System\gfbRSYd.exe
  C:\Windows\System\gfbRSYd.exe
  2⤵
  PID:7404
- C:\Windows\System\nVzNYyZ.exe
  C:\Windows\System\nVzNYyZ.exe
  2⤵
  PID:7428
- C:\Windows\System\KRqaYBq.exe
  C:\Windows\System\KRqaYBq.exe
  2⤵
  PID:7452
- C:\Windows\System\fKfBhbm.exe
  C:\Windows\System\fKfBhbm.exe
  2⤵
  PID:7468
- C:\Windows\System\Laqavgv.exe
  C:\Windows\System\Laqavgv.exe
  2⤵
  PID:7488
- C:\Windows\System\HqlmLmO.exe
  C:\Windows\System\HqlmLmO.exe
  2⤵
  PID:7508
- C:\Windows\System\hXyPTzP.exe
  C:\Windows\System\hXyPTzP.exe
  2⤵
  PID:7528
- C:\Windows\System\CJTEKri.exe
  C:\Windows\System\CJTEKri.exe
  2⤵
  PID:7540
- C:\Windows\System\XSPHprH.exe
  C:\Windows\System\XSPHprH.exe
  2⤵
  PID:7564
- C:\Windows\System\oVzdgjv.exe
  C:\Windows\System\oVzdgjv.exe
  2⤵
  PID:7580
- C:\Windows\System\oLXwhIA.exe
  C:\Windows\System\oLXwhIA.exe
  2⤵
  PID:7604
- C:\Windows\System\mRjhfbZ.exe
  C:\Windows\System\mRjhfbZ.exe
  2⤵
  PID:7632
- C:\Windows\System\BCIRIRX.exe
  C:\Windows\System\BCIRIRX.exe
  2⤵
  PID:7700
- C:\Windows\System\nEoPyEa.exe
  C:\Windows\System\nEoPyEa.exe
  2⤵
  PID:7668
- C:\Windows\System\fwRwYCo.exe
  C:\Windows\System\fwRwYCo.exe
  2⤵
  PID:7692
- C:\Windows\System\QJMNvYQ.exe
  C:\Windows\System\QJMNvYQ.exe
  2⤵
  PID:7720
- C:\Windows\System\vnCcJRe.exe
  C:\Windows\System\vnCcJRe.exe
  2⤵
  PID:7744
- C:\Windows\System\mhBeOqy.exe
  C:\Windows\System\mhBeOqy.exe
  2⤵
  PID:7760
- C:\Windows\System\YQEqqRD.exe
  C:\Windows\System\YQEqqRD.exe
  2⤵
  PID:7776
- C:\Windows\System\yIrcaSn.exe
  C:\Windows\System\yIrcaSn.exe
  2⤵
  PID:7796
- C:\Windows\System\MQQrmoK.exe
  C:\Windows\System\MQQrmoK.exe
  2⤵
  PID:7812
- C:\Windows\System\VtdYpXF.exe
  C:\Windows\System\VtdYpXF.exe
  2⤵
  PID:7828
- C:\Windows\System\bWNmyuX.exe
  C:\Windows\System\bWNmyuX.exe
  2⤵
  PID:7844
- C:\Windows\System\FQXCiCi.exe
  C:\Windows\System\FQXCiCi.exe
  2⤵
  PID:7880
- C:\Windows\System\PCpvTgk.exe
  C:\Windows\System\PCpvTgk.exe
  2⤵
  PID:7896
- C:\Windows\System\UuSVyyy.exe
  C:\Windows\System\UuSVyyy.exe
  2⤵
  PID:7948
- C:\Windows\System\MymRgRd.exe
  C:\Windows\System\MymRgRd.exe
  2⤵
  PID:7904
- C:\Windows\System\fNSHjlz.exe
  C:\Windows\System\fNSHjlz.exe
  2⤵
  PID:7936
- C:\Windows\System\dcpIfLH.exe
  C:\Windows\System\dcpIfLH.exe
  2⤵
  PID:8028
- C:\Windows\System\ypYRnrM.exe
  C:\Windows\System\ypYRnrM.exe
  2⤵
  PID:8096
- C:\Windows\System\CcIhTxj.exe
  C:\Windows\System\CcIhTxj.exe
  2⤵
  PID:8080
- C:\Windows\System\qeFudHu.exe
  C:\Windows\System\qeFudHu.exe
  2⤵
  PID:8112
- C:\Windows\System\ISVpcEu.exe
  C:\Windows\System\ISVpcEu.exe
  2⤵
  PID:8152
- C:\Windows\System\aHTceiX.exe
  C:\Windows\System\aHTceiX.exe
  2⤵
  PID:6844
- C:\Windows\System\ySTVGAn.exe
  C:\Windows\System\ySTVGAn.exe
  2⤵
  PID:7212
- C:\Windows\System\xqwfquE.exe
  C:\Windows\System\xqwfquE.exe
  2⤵
  PID:7324
- C:\Windows\System\zJvYWih.exe
  C:\Windows\System\zJvYWih.exe
  2⤵
  PID:6860
- C:\Windows\System\INbjwOx.exe
  C:\Windows\System\INbjwOx.exe
  2⤵
  PID:6964
- C:\Windows\System\kQByGXk.exe
  C:\Windows\System\kQByGXk.exe
  2⤵
  PID:7268
- C:\Windows\System\xaIePWT.exe
  C:\Windows\System\xaIePWT.exe
  2⤵
  PID:7364
- C:\Windows\System\XSQbNXX.exe
  C:\Windows\System\XSQbNXX.exe
  2⤵
  PID:7440
- C:\Windows\System\mjUZvgU.exe
  C:\Windows\System\mjUZvgU.exe
  2⤵
  PID:7388
- C:\Windows\System\BlrRWno.exe
  C:\Windows\System\BlrRWno.exe
  2⤵
  PID:7480
- C:\Windows\System\hdCcYSt.exe
  C:\Windows\System\hdCcYSt.exe
  2⤵
  PID:7424
- C:\Windows\System\nlypWhj.exe
  C:\Windows\System\nlypWhj.exe
  2⤵
  PID:7496
- C:\Windows\System\IHViNea.exe
  C:\Windows\System\IHViNea.exe
  2⤵
  PID:7548
- C:\Windows\System\uZZdFQy.exe
  C:\Windows\System\uZZdFQy.exe
  2⤵
  PID:7596
- C:\Windows\System\wFDCeMc.exe
  C:\Windows\System\wFDCeMc.exe
  2⤵
  PID:7572
- C:\Windows\System\VhuKOoF.exe
  C:\Windows\System\VhuKOoF.exe
  2⤵
  PID:7644
- C:\Windows\System\gVRsVlC.exe
  C:\Windows\System\gVRsVlC.exe
  2⤵
  PID:7648
- C:\Windows\System\pfOisgP.exe
  C:\Windows\System\pfOisgP.exe
  2⤵
  PID:7728
- C:\Windows\System\xkxRmbm.exe
  C:\Windows\System\xkxRmbm.exe
  2⤵
  PID:7768
- C:\Windows\System\UwoxTEa.exe
  C:\Windows\System\UwoxTEa.exe
  2⤵
  PID:7716
- C:\Windows\System\msufpvv.exe
  C:\Windows\System\msufpvv.exe
  2⤵
  PID:7792
- C:\Windows\System\EAmnRhz.exe
  C:\Windows\System\EAmnRhz.exe
  2⤵
  PID:7660
- C:\Windows\System\brCMobE.exe
  C:\Windows\System\brCMobE.exe
  2⤵
  PID:7820
- C:\Windows\System\btrtAPM.exe
  C:\Windows\System\btrtAPM.exe
  2⤵
  PID:7852
- C:\Windows\System\OqvrTRL.exe
  C:\Windows\System\OqvrTRL.exe
  2⤵
  PID:3708
- C:\Windows\System\BHTSlnS.exe
  C:\Windows\System\BHTSlnS.exe
  2⤵
  PID:7856
- C:\Windows\System\kXiocic.exe
  C:\Windows\System\kXiocic.exe
  2⤵
  PID:7932
- C:\Windows\System\kaWuIES.exe
  C:\Windows\System\kaWuIES.exe
  2⤵
  PID:8148
- C:\Windows\System\ciEwkjC.exe
  C:\Windows\System\ciEwkjC.exe
  2⤵
  PID:7048
- C:\Windows\System\GwVOrWy.exe
  C:\Windows\System\GwVOrWy.exe
  2⤵
  PID:7400
- C:\Windows\System\oFwXTSR.exe
  C:\Windows\System\oFwXTSR.exe
  2⤵
  PID:7464
- C:\Windows\System\KTFmJaX.exe
  C:\Windows\System\KTFmJaX.exe
  2⤵
  PID:7600
- C:\Windows\System\CeJosIp.exe
  C:\Windows\System\CeJosIp.exe
  2⤵
  PID:8064
- C:\Windows\System\HzshGhN.exe
  C:\Windows\System\HzshGhN.exe
  2⤵
  PID:7284
- C:\Windows\System\vGooScF.exe
  C:\Windows\System\vGooScF.exe
  2⤵
  PID:8108
- C:\Windows\System\FALPnuo.exe
  C:\Windows\System\FALPnuo.exe
  2⤵
  PID:7352
- C:\Windows\System\dcSLBmw.exe
  C:\Windows\System\dcSLBmw.exe
  2⤵
  PID:7460
- C:\Windows\System\LXogrrU.exe
  C:\Windows\System\LXogrrU.exe
  2⤵
  PID:7532
- C:\Windows\System\LMulWCu.exe
  C:\Windows\System\LMulWCu.exe
  2⤵
  PID:7740
- C:\Windows\System\NlTYWKT.exe
  C:\Windows\System\NlTYWKT.exe
  2⤵
  PID:7712
- C:\Windows\System\jdcFZQM.exe
  C:\Windows\System\jdcFZQM.exe
  2⤵
  PID:7824
- C:\Windows\System\IHZhHvh.exe
  C:\Windows\System\IHZhHvh.exe
  2⤵
  PID:8016
- C:\Windows\System\lXmLEuo.exe
  C:\Windows\System\lXmLEuo.exe
  2⤵
  PID:7788
- C:\Windows\System\gJsejIe.exe
  C:\Windows\System\gJsejIe.exe
  2⤵
  PID:7236
- C:\Windows\System\qlTTjDB.exe
  C:\Windows\System\qlTTjDB.exe
  2⤵
  PID:7552
- C:\Windows\System\bgLbHoE.exe
  C:\Windows\System\bgLbHoE.exe
  2⤵
  PID:6900
- C:\Windows\System\pMINsfA.exe
  C:\Windows\System\pMINsfA.exe
  2⤵
  PID:7708
- C:\Windows\System\OlJDRxl.exe
  C:\Windows\System\OlJDRxl.exe
  2⤵
  PID:6332
- C:\Windows\System\htEEVgE.exe
  C:\Windows\System\htEEVgE.exe
  2⤵
  PID:8044
- C:\Windows\System\LZAUkVC.exe
  C:\Windows\System\LZAUkVC.exe
  2⤵
  PID:8204
- C:\Windows\System\KpdnLUa.exe
  C:\Windows\System\KpdnLUa.exe
  2⤵
  PID:8220
- C:\Windows\System\ovtpLIK.exe
  C:\Windows\System\ovtpLIK.exe
  2⤵
  PID:8236
- C:\Windows\System\nQzbqBf.exe
  C:\Windows\System\nQzbqBf.exe
  2⤵
  PID:8252
- C:\Windows\System\jLQoDxV.exe
  C:\Windows\System\jLQoDxV.exe
  2⤵
  PID:8268
- C:\Windows\System\WJXURAZ.exe
  C:\Windows\System\WJXURAZ.exe
  2⤵
  PID:8284
- C:\Windows\System\MgNyVjq.exe
  C:\Windows\System\MgNyVjq.exe
  2⤵
  PID:8304
- C:\Windows\System\esWzRTp.exe
  C:\Windows\System\esWzRTp.exe
  2⤵
  PID:8320
- C:\Windows\System\ZdEMVzJ.exe
  C:\Windows\System\ZdEMVzJ.exe
  2⤵
  PID:8336
- C:\Windows\System\YtHuxyz.exe
  C:\Windows\System\YtHuxyz.exe
  2⤵
  PID:8352
- C:\Windows\System\NMZfahx.exe
  C:\Windows\System\NMZfahx.exe
  2⤵
  PID:8368
- C:\Windows\System\kTGmeMN.exe
  C:\Windows\System\kTGmeMN.exe
  2⤵
  PID:8384
- C:\Windows\System\jtPdqoL.exe
  C:\Windows\System\jtPdqoL.exe
  2⤵
  PID:8400
- C:\Windows\System\hpKUiWF.exe
  C:\Windows\System\hpKUiWF.exe
  2⤵
  PID:8416
- C:\Windows\System\cZZHulw.exe
  C:\Windows\System\cZZHulw.exe
  2⤵
  PID:8432
- C:\Windows\System\jxtHafv.exe
  C:\Windows\System\jxtHafv.exe
  2⤵
  PID:8452
- C:\Windows\System\IMHUGSN.exe
  C:\Windows\System\IMHUGSN.exe
  2⤵
  PID:8468
- C:\Windows\System\xaFkwLo.exe
  C:\Windows\System\xaFkwLo.exe
  2⤵
  PID:8484
- C:\Windows\System\VDGBoqJ.exe
  C:\Windows\System\VDGBoqJ.exe
  2⤵
  PID:8504
- C:\Windows\System\AKDRWNI.exe
  C:\Windows\System\AKDRWNI.exe
  2⤵
  PID:8520
- C:\Windows\System\xJtYlnB.exe
  C:\Windows\System\xJtYlnB.exe
  2⤵
  PID:8536
- C:\Windows\System\pobwHIf.exe
  C:\Windows\System\pobwHIf.exe
  2⤵
  PID:8556
- C:\Windows\System\pNIeXUx.exe
  C:\Windows\System\pNIeXUx.exe
  2⤵
  PID:8572
- C:\Windows\System\ByVnqBr.exe
  C:\Windows\System\ByVnqBr.exe
  2⤵
  PID:8588
- C:\Windows\System\odcEAOe.exe
  C:\Windows\System\odcEAOe.exe
  2⤵
  PID:8604
- C:\Windows\System\mxjqkPI.exe
  C:\Windows\System\mxjqkPI.exe
  2⤵
  PID:8620
- C:\Windows\System\mydMSIz.exe
  C:\Windows\System\mydMSIz.exe
  2⤵
  PID:8636
- C:\Windows\System\ZhVlcXH.exe
  C:\Windows\System\ZhVlcXH.exe
  2⤵
  PID:8652
- C:\Windows\System\fGTvaPA.exe
  C:\Windows\System\fGTvaPA.exe
  2⤵
  PID:8668
- C:\Windows\System\LlphBNq.exe
  C:\Windows\System\LlphBNq.exe
  2⤵
  PID:8684
- C:\Windows\System\HFgqYrT.exe
  C:\Windows\System\HFgqYrT.exe
  2⤵
  PID:8700
- C:\Windows\System\NIWKfGQ.exe
  C:\Windows\System\NIWKfGQ.exe
  2⤵
  PID:8716
- C:\Windows\System\ppfzYKB.exe
  C:\Windows\System\ppfzYKB.exe
  2⤵
  PID:8732
- C:\Windows\System\qIEGYGf.exe
  C:\Windows\System\qIEGYGf.exe
  2⤵
  PID:8748
- C:\Windows\System\hJnPzSo.exe
  C:\Windows\System\hJnPzSo.exe
  2⤵
  PID:8764
- C:\Windows\System\TazbWxd.exe
  C:\Windows\System\TazbWxd.exe
  2⤵
  PID:8788
- C:\Windows\System\OzQRNno.exe
  C:\Windows\System\OzQRNno.exe
  2⤵
  PID:8804
- C:\Windows\System\nryTbFj.exe
  C:\Windows\System\nryTbFj.exe
  2⤵
  PID:8820
- C:\Windows\System\hujWALn.exe
  C:\Windows\System\hujWALn.exe
  2⤵
  PID:8836
- C:\Windows\System\IMcjIWj.exe
  C:\Windows\System\IMcjIWj.exe
  2⤵
  PID:8852
- C:\Windows\System\hloPjFr.exe
  C:\Windows\System\hloPjFr.exe
  2⤵
  PID:8868
- C:\Windows\System\nxOHAiI.exe
  C:\Windows\System\nxOHAiI.exe
  2⤵
  PID:8884
- C:\Windows\System\YivSrJp.exe
  C:\Windows\System\YivSrJp.exe
  2⤵
  PID:8900
- C:\Windows\System\EJIwZWS.exe
  C:\Windows\System\EJIwZWS.exe
  2⤵
  PID:8916
- C:\Windows\System\UudcUDA.exe
  C:\Windows\System\UudcUDA.exe
  2⤵
  PID:8932
- C:\Windows\System\gondynf.exe
  C:\Windows\System\gondynf.exe
  2⤵
  PID:8948
- C:\Windows\System\zkrkiFQ.exe
  C:\Windows\System\zkrkiFQ.exe
  2⤵
  PID:8964
- C:\Windows\System\ayhTLDM.exe
  C:\Windows\System\ayhTLDM.exe
  2⤵
  PID:8980
- C:\Windows\System\LGpXEBa.exe
  C:\Windows\System\LGpXEBa.exe
  2⤵
  PID:8996
- C:\Windows\System\XFnvYCb.exe
  C:\Windows\System\XFnvYCb.exe
  2⤵
  PID:9012
- C:\Windows\System\gDInSsG.exe
  C:\Windows\System\gDInSsG.exe
  2⤵
  PID:9028
- C:\Windows\System\JXJufhU.exe
  C:\Windows\System\JXJufhU.exe
  2⤵
  PID:9044
- C:\Windows\System\VSqNJmE.exe
  C:\Windows\System\VSqNJmE.exe
  2⤵
  PID:9060
- C:\Windows\System\ahALmFb.exe
  C:\Windows\System\ahALmFb.exe
  2⤵
  PID:9076
- C:\Windows\System\frsWMkb.exe
  C:\Windows\System\frsWMkb.exe
  2⤵
  PID:9092
- C:\Windows\System\rUKhFTJ.exe
  C:\Windows\System\rUKhFTJ.exe
  2⤵
  PID:9108
- C:\Windows\System\SWZydqs.exe
  C:\Windows\System\SWZydqs.exe
  2⤵
  PID:9124
- C:\Windows\System\scqKoCL.exe
  C:\Windows\System\scqKoCL.exe
  2⤵
  PID:9140
- C:\Windows\System\qtjirCK.exe
  C:\Windows\System\qtjirCK.exe
  2⤵
  PID:9156
- C:\Windows\System\PfENROd.exe
  C:\Windows\System\PfENROd.exe
  2⤵
  PID:9172
- C:\Windows\System\ANKsloo.exe
  C:\Windows\System\ANKsloo.exe
  2⤵
  PID:9188
- C:\Windows\System\ZdSTlGM.exe
  C:\Windows\System\ZdSTlGM.exe
  2⤵
  PID:9204
- C:\Windows\System\mMWSyzj.exe
  C:\Windows\System\mMWSyzj.exe
  2⤵
  PID:7476
- C:\Windows\System\odgPOAO.exe
  C:\Windows\System\odgPOAO.exe
  2⤵
  PID:7444
- C:\Windows\System\EYLkqRv.exe
  C:\Windows\System\EYLkqRv.exe
  2⤵
  PID:7628
- C:\Windows\System\LVdmpHs.exe
  C:\Windows\System\LVdmpHs.exe
  2⤵
  PID:7984
- C:\Windows\System\XEWihYq.exe
  C:\Windows\System\XEWihYq.exe
  2⤵
  PID:7520
- C:\Windows\System\beTUIzl.exe
  C:\Windows\System\beTUIzl.exe
  2⤵
  PID:8228
- C:\Windows\System\noBDaaO.exe
  C:\Windows\System\noBDaaO.exe
  2⤵
  PID:8292
- C:\Windows\System\aMnoQCK.exe
  C:\Windows\System\aMnoQCK.exe
  2⤵
  PID:8360
- C:\Windows\System\GttedAf.exe
  C:\Windows\System\GttedAf.exe
  2⤵
  PID:8424
- C:\Windows\System\RfINvZX.exe
  C:\Windows\System\RfINvZX.exe
  2⤵
  PID:8464
- C:\Windows\System\AOtmmBr.exe
  C:\Windows\System\AOtmmBr.exe
  2⤵
  PID:8528
- C:\Windows\System\lQFXxZr.exe
  C:\Windows\System\lQFXxZr.exe
  2⤵
  PID:8316
- C:\Windows\System\oDlMEWV.exe
  C:\Windows\System\oDlMEWV.exe
  2⤵
  PID:8244
- C:\Windows\System\xfEVVco.exe
  C:\Windows\System\xfEVVco.exe
  2⤵
  PID:8548
- C:\Windows\System\MCjqwuz.exe
  C:\Windows\System\MCjqwuz.exe
  2⤵
  PID:8276
- C:\Windows\System\RFzZLhC.exe
  C:\Windows\System\RFzZLhC.exe
  2⤵
  PID:8380
- C:\Windows\System\ALGutHx.exe
  C:\Windows\System\ALGutHx.exe
  2⤵
  PID:8444
- C:\Windows\System\JPPTfVZ.exe
  C:\Windows\System\JPPTfVZ.exe
  2⤵
  PID:8632
- C:\Windows\System\EJOhKQM.exe
  C:\Windows\System\EJOhKQM.exe
  2⤵
  PID:8612
- C:\Windows\System\ZtQxYyw.exe
  C:\Windows\System\ZtQxYyw.exe
  2⤵
  PID:8692
- C:\Windows\System\xggUiyl.exe
  C:\Windows\System\xggUiyl.exe
  2⤵
  PID:8676
- C:\Windows\System\DfaKFUk.exe
  C:\Windows\System\DfaKFUk.exe
  2⤵
  PID:8756
- C:\Windows\System\dmnKrkR.exe
  C:\Windows\System\dmnKrkR.exe
  2⤵
  PID:8796
- C:\Windows\System\LLtEjPo.exe
  C:\Windows\System\LLtEjPo.exe
  2⤵
  PID:8772
- C:\Windows\System\YXOSyuy.exe
  C:\Windows\System\YXOSyuy.exe
  2⤵
  PID:8832
- C:\Windows\System\xKwKrJl.exe
  C:\Windows\System\xKwKrJl.exe
  2⤵
  PID:8876
- C:\Windows\System\aSUGqNp.exe
  C:\Windows\System\aSUGqNp.exe
  2⤵
  PID:8892
- C:\Windows\System\nQyCTfm.exe
  C:\Windows\System\nQyCTfm.exe
  2⤵
  PID:8928
- C:\Windows\System\OdEVCuv.exe
  C:\Windows\System\OdEVCuv.exe
  2⤵
  PID:8956
- C:\Windows\System\LgUnsAO.exe
  C:\Windows\System\LgUnsAO.exe
  2⤵
  PID:8976
- C:\Windows\System\LuSyZMV.exe
  C:\Windows\System\LuSyZMV.exe
  2⤵
  PID:8992
- C:\Windows\System\HfBHUmZ.exe
  C:\Windows\System\HfBHUmZ.exe
  2⤵
  PID:9084
- C:\Windows\System\pRzhBPh.exe
  C:\Windows\System\pRzhBPh.exe
  2⤵
  PID:9036
- C:\Windows\System\nGpBbQl.exe
  C:\Windows\System\nGpBbQl.exe
  2⤵
  PID:9072
- C:\Windows\System\jRQvQjY.exe
  C:\Windows\System\jRQvQjY.exe
  2⤵
  PID:9148
- C:\Windows\System\aIoQvPO.exe
  C:\Windows\System\aIoQvPO.exe
  2⤵
  PID:9196
- C:\Windows\System\FKFinYL.exe
  C:\Windows\System\FKFinYL.exe
  2⤵
  PID:7360
- C:\Windows\System\nfHxATA.exe
  C:\Windows\System\nfHxATA.exe
  2⤵
  PID:7556
- C:\Windows\System\tWktmvZ.exe
  C:\Windows\System\tWktmvZ.exe
  2⤵
  PID:9164
- C:\Windows\System\elBdaiQ.exe
  C:\Windows\System\elBdaiQ.exe
  2⤵
  PID:8300
- C:\Windows\System\yPMlJFO.exe
  C:\Windows\System\yPMlJFO.exe
  2⤵
  PID:7840
- C:\Windows\System\TjCguRT.exe
  C:\Windows\System\TjCguRT.exe
  2⤵
  PID:8496
- C:\Windows\System\LsZeQzO.exe
  C:\Windows\System\LsZeQzO.exe
  2⤵
  PID:8348
- C:\Windows\System\iuDgvwD.exe
  C:\Windows\System\iuDgvwD.exe
  2⤵
  PID:8440
- C:\Windows\System\JrCxuDF.exe
  C:\Windows\System\JrCxuDF.exe
  2⤵
  PID:8328
- C:\Windows\System\umCCqsP.exe
  C:\Windows\System\umCCqsP.exe
  2⤵
  PID:8212
- C:\Windows\System\dzeTGVh.exe
  C:\Windows\System\dzeTGVh.exe
  2⤵
  PID:8580
- C:\Windows\System\GNdNpUO.exe
  C:\Windows\System\GNdNpUO.exe
  2⤵
  PID:8760
- C:\Windows\System\RIfXxOF.exe
  C:\Windows\System\RIfXxOF.exe
  2⤵
  PID:8800
- C:\Windows\System\taGfXAK.exe
  C:\Windows\System\taGfXAK.exe
  2⤵
  PID:8864
- C:\Windows\System\UzlvSwv.exe
  C:\Windows\System\UzlvSwv.exe
  2⤵
  PID:9052
- C:\Windows\System\LECfhWk.exe
  C:\Windows\System\LECfhWk.exe
  2⤵
  PID:9008
- C:\Windows\System\lZvZqVi.exe
  C:\Windows\System\lZvZqVi.exe
  2⤵
  PID:8908
- C:\Windows\System\bPwQKgw.exe
  C:\Windows\System\bPwQKgw.exe
  2⤵
  PID:9104
- C:\Windows\System\XkasSOT.exe
  C:\Windows\System\XkasSOT.exe
  2⤵
  PID:9184
- C:\Windows\System\IPahuTR.exe
  C:\Windows\System\IPahuTR.exe
  2⤵
  PID:8512
- C:\Windows\System\WkPgJrR.exe
  C:\Windows\System\WkPgJrR.exe
  2⤵
  PID:8396
- C:\Windows\System\rDiKvTA.exe
  C:\Windows\System\rDiKvTA.exe
  2⤵
  PID:8264
- C:\Windows\System\nOUBHQn.exe
  C:\Windows\System\nOUBHQn.exe
  2⤵
  PID:8724
- C:\Windows\System\nunKVdV.exe
  C:\Windows\System\nunKVdV.exe
  2⤵
  PID:8728
- C:\Windows\System\uvNJvwT.exe
  C:\Windows\System\uvNJvwT.exe
  2⤵
  PID:8924
- C:\Windows\System\PXBaSdr.exe
  C:\Windows\System\PXBaSdr.exe
  2⤵
  PID:9020
- C:\Windows\System\EsGFlVT.exe
  C:\Windows\System\EsGFlVT.exe
  2⤵
  PID:7376
- C:\Windows\System\qnksmhh.exe
  C:\Windows\System\qnksmhh.exe
  2⤵
  PID:8596
- C:\Windows\System\axQOtfh.exe
  C:\Windows\System\axQOtfh.exe
  2⤵
  PID:8816
- C:\Windows\System\EJZqhJS.exe
  C:\Windows\System\EJZqhJS.exe
  2⤵
  PID:8392
- C:\Windows\System\HpNrUcw.exe
  C:\Windows\System\HpNrUcw.exe
  2⤵
  PID:8664
- C:\Windows\System\wBWrhgx.exe
  C:\Windows\System\wBWrhgx.exe
  2⤵
  PID:9228
- C:\Windows\System\QHpZvnL.exe
  C:\Windows\System\QHpZvnL.exe
  2⤵
  PID:9244
- C:\Windows\System\SprbJNd.exe
  C:\Windows\System\SprbJNd.exe
  2⤵
  PID:9260
- C:\Windows\System\XNfyThu.exe
  C:\Windows\System\XNfyThu.exe
  2⤵
  PID:9280
- C:\Windows\System\ERhXwjr.exe
  C:\Windows\System\ERhXwjr.exe
  2⤵
  PID:9296
- C:\Windows\System\rtrGzuA.exe
  C:\Windows\System\rtrGzuA.exe
  2⤵
  PID:9312
- C:\Windows\System\MBigqoE.exe
  C:\Windows\System\MBigqoE.exe
  2⤵
  PID:9328
- C:\Windows\System\BMxjwju.exe
  C:\Windows\System\BMxjwju.exe
  2⤵
  PID:9344
- C:\Windows\System\WPUgPGp.exe
  C:\Windows\System\WPUgPGp.exe
  2⤵
  PID:9360
- C:\Windows\System\YzgFHnp.exe
  C:\Windows\System\YzgFHnp.exe
  2⤵
  PID:9376
- C:\Windows\System\oVIbcZv.exe
  C:\Windows\System\oVIbcZv.exe
  2⤵
  PID:9392
- C:\Windows\System\mvoPbVi.exe
  C:\Windows\System\mvoPbVi.exe
  2⤵
  PID:9408
- C:\Windows\System\omixMfv.exe
  C:\Windows\System\omixMfv.exe
  2⤵
  PID:9424
- C:\Windows\System\MFYxrXt.exe
  C:\Windows\System\MFYxrXt.exe
  2⤵
  PID:9440
- C:\Windows\System\ylKDfpW.exe
  C:\Windows\System\ylKDfpW.exe
  2⤵
  PID:9456
- C:\Windows\System\jCIVWxU.exe
  C:\Windows\System\jCIVWxU.exe
  2⤵
  PID:9472
- C:\Windows\System\JotfuyD.exe
  C:\Windows\System\JotfuyD.exe
  2⤵
  PID:9488
- C:\Windows\System\UyNaERP.exe
  C:\Windows\System\UyNaERP.exe
  2⤵
  PID:9504
- C:\Windows\System\oPkJjnx.exe
  C:\Windows\System\oPkJjnx.exe
  2⤵
  PID:9520
- C:\Windows\System\pqNIezE.exe
  C:\Windows\System\pqNIezE.exe
  2⤵
  PID:9536
- C:\Windows\System\gUrvLNX.exe
  C:\Windows\System\gUrvLNX.exe
  2⤵
  PID:9552
- C:\Windows\System\OYJLsWa.exe
  C:\Windows\System\OYJLsWa.exe
  2⤵
  PID:9568
- C:\Windows\System\FdgRyKG.exe
  C:\Windows\System\FdgRyKG.exe
  2⤵
  PID:9664
- C:\Windows\System\BpjmYIq.exe
  C:\Windows\System\BpjmYIq.exe
  2⤵
  PID:9680
- C:\Windows\System\gLFCjQj.exe
  C:\Windows\System\gLFCjQj.exe
  2⤵
  PID:9696
- C:\Windows\System\hFOJisx.exe
  C:\Windows\System\hFOJisx.exe
  2⤵
  PID:9712
- C:\Windows\System\AVKPDYW.exe
  C:\Windows\System\AVKPDYW.exe
  2⤵
  PID:9728
- C:\Windows\System\opPFWqy.exe
  C:\Windows\System\opPFWqy.exe
  2⤵
  PID:9744
- C:\Windows\System\VusXUCJ.exe
  C:\Windows\System\VusXUCJ.exe
  2⤵
  PID:9760
- C:\Windows\System\zZQWzGC.exe
  C:\Windows\System\zZQWzGC.exe
  2⤵
  PID:9776
- C:\Windows\System\UDlVxVh.exe
  C:\Windows\System\UDlVxVh.exe
  2⤵
  PID:9792
- C:\Windows\System\fyrVoQY.exe
  C:\Windows\System\fyrVoQY.exe
  2⤵
  PID:9808
- C:\Windows\System\DEpaQZA.exe
  C:\Windows\System\DEpaQZA.exe
  2⤵
  PID:9824
- C:\Windows\System\zGORTxH.exe
  C:\Windows\System\zGORTxH.exe
  2⤵
  PID:9840
- C:\Windows\System\oMeaJJB.exe
  C:\Windows\System\oMeaJJB.exe
  2⤵
  PID:9860
- C:\Windows\System\bYwkHgE.exe
  C:\Windows\System\bYwkHgE.exe
  2⤵
  PID:9880
- C:\Windows\System\DwLRNXm.exe
  C:\Windows\System\DwLRNXm.exe
  2⤵
  PID:9912
- C:\Windows\System\grijEkQ.exe
  C:\Windows\System\grijEkQ.exe
  2⤵
  PID:9928
- C:\Windows\System\KcNxjOC.exe
  C:\Windows\System\KcNxjOC.exe
  2⤵
  PID:9944
- C:\Windows\System\HShUZAx.exe
  C:\Windows\System\HShUZAx.exe
  2⤵
  PID:9960
- C:\Windows\System\xnktorB.exe
  C:\Windows\System\xnktorB.exe
  2⤵
  PID:9976
- C:\Windows\System\luJLoYq.exe
  C:\Windows\System\luJLoYq.exe
  2⤵
  PID:10044
- C:\Windows\System\ecADIyB.exe
  C:\Windows\System\ecADIyB.exe
  2⤵
  PID:10060
- C:\Windows\System\nHMHvFN.exe
  C:\Windows\System\nHMHvFN.exe
  2⤵
  PID:10076
- C:\Windows\System\CIacRAW.exe
  C:\Windows\System\CIacRAW.exe
  2⤵
  PID:10092
- C:\Windows\System\zfHbhRM.exe
  C:\Windows\System\zfHbhRM.exe
  2⤵
  PID:10108
- C:\Windows\System\dJokWuH.exe
  C:\Windows\System\dJokWuH.exe
  2⤵
  PID:10124
- C:\Windows\System\sepCgTZ.exe
  C:\Windows\System\sepCgTZ.exe
  2⤵
  PID:10140
- C:\Windows\System\vrnboTU.exe
  C:\Windows\System\vrnboTU.exe
  2⤵
  PID:10156
- C:\Windows\System\tYeefKu.exe
  C:\Windows\System\tYeefKu.exe
  2⤵
  PID:10176
- C:\Windows\System\rtOFlKa.exe
  C:\Windows\System\rtOFlKa.exe
  2⤵
  PID:10192
- C:\Windows\System\ujjndbS.exe
  C:\Windows\System\ujjndbS.exe
  2⤵
  PID:10208
- C:\Windows\System\jbrpmZY.exe
  C:\Windows\System\jbrpmZY.exe
  2⤵
  PID:10224
- C:\Windows\System\lOCLQDX.exe
  C:\Windows\System\lOCLQDX.exe
  2⤵
  PID:8648
- C:\Windows\System\nKWLIdP.exe
  C:\Windows\System\nKWLIdP.exe
  2⤵
  PID:9368
- C:\Windows\System\pPbXCfk.exe
  C:\Windows\System\pPbXCfk.exe
  2⤵
  PID:8712
- C:\Windows\System\aOZuRsm.exe
  C:\Windows\System\aOZuRsm.exe
  2⤵
  PID:9500
- C:\Windows\System\kObaeeh.exe
  C:\Windows\System\kObaeeh.exe
  2⤵
  PID:9532
- C:\Windows\System\ZpEyHrp.exe
  C:\Windows\System\ZpEyHrp.exe
  2⤵
  PID:8940
- C:\Windows\System\lUnHTdB.exe
  C:\Windows\System\lUnHTdB.exe
  2⤵
  PID:9256
- C:\Windows\System\BjRAEHs.exe
  C:\Windows\System\BjRAEHs.exe
  2⤵
  PID:9388
- C:\Windows\System\mTXbPcd.exe
  C:\Windows\System\mTXbPcd.exe
  2⤵
  PID:9132
- C:\Windows\System\wVfumgW.exe
  C:\Windows\System\wVfumgW.exe
  2⤵
  PID:9544
- C:\Windows\System\ETqBWvP.exe
  C:\Windows\System\ETqBWvP.exe
  2⤵
  PID:9576
- C:\Windows\System\xhcbAPN.exe
  C:\Windows\System\xhcbAPN.exe
  2⤵
  PID:9324
- C:\Windows\System\PfAHSWu.exe
  C:\Windows\System\PfAHSWu.exe
  2⤵
  PID:9416
- C:\Windows\System\CFuiPOO.exe
  C:\Windows\System\CFuiPOO.exe
  2⤵
  PID:9580
- C:\Windows\System\oNinuNK.exe
  C:\Windows\System\oNinuNK.exe
  2⤵
  PID:9604
- C:\Windows\System\kbPFDsN.exe
  C:\Windows\System\kbPFDsN.exe
  2⤵
  PID:9628
- C:\Windows\System\pyirseH.exe
  C:\Windows\System\pyirseH.exe
  2⤵
  PID:9708
- C:\Windows\System\feiYwGF.exe
  C:\Windows\System\feiYwGF.exe
  2⤵
  PID:9788
- C:\Windows\System\AsYSJoe.exe
  C:\Windows\System\AsYSJoe.exe
  2⤵
  PID:10020
- C:\Windows\System\IOoZnQz.exe
  C:\Windows\System\IOoZnQz.exe
  2⤵
  PID:10056
- C:\Windows\System\zdjYSIX.exe
  C:\Windows\System\zdjYSIX.exe
  2⤵
  PID:10084
- C:\Windows\System\iwjzEtI.exe
  C:\Windows\System\iwjzEtI.exe
  2⤵
  PID:10120
- C:\Windows\System\svjtZxk.exe
  C:\Windows\System\svjtZxk.exe
  2⤵
  PID:10136
- C:\Windows\System\dmJrSJi.exe
  C:\Windows\System\dmJrSJi.exe
  2⤵
  PID:10164
- C:\Windows\System\wGDtjQU.exe
  C:\Windows\System\wGDtjQU.exe
  2⤵
  PID:10168
- C:\Windows\System\kiTQRSL.exe
  C:\Windows\System\kiTQRSL.exe
  2⤵
  PID:10204
- C:\Windows\System\EuZDbKV.exe
  C:\Windows\System\EuZDbKV.exe
  2⤵
  PID:9340
- C:\Windows\System\paiGyNB.exe
  C:\Windows\System\paiGyNB.exe
  2⤵
  PID:9496
- C:\Windows\System\kyCmqMe.exe
  C:\Windows\System\kyCmqMe.exe
  2⤵
  PID:9152
- C:\Windows\System\AAiHypv.exe
  C:\Windows\System\AAiHypv.exe
  2⤵
  PID:9448
- C:\Windows\System\CeEfIny.exe
  C:\Windows\System\CeEfIny.exe
  2⤵
  PID:9548
- C:\Windows\System\Wbzkrar.exe
  C:\Windows\System\Wbzkrar.exe
  2⤵
  PID:8332
- C:\Windows\System\xppUMfZ.exe
  C:\Windows\System\xppUMfZ.exe
  2⤵
  PID:9356
- C:\Windows\System\tjUNchD.exe
  C:\Windows\System\tjUNchD.exe
  2⤵
  PID:9596
- C:\Windows\System\PNBdbSb.exe
  C:\Windows\System\PNBdbSb.exe
  2⤵
  PID:9640
- C:\Windows\System\xqWaabk.exe
  C:\Windows\System\xqWaabk.exe
  2⤵
  PID:9756
- C:\Windows\System\GgLodmc.exe
  C:\Windows\System\GgLodmc.exe
  2⤵
  PID:9648
- C:\Windows\System\SvPGTMv.exe
  C:\Windows\System\SvPGTMv.exe
  2⤵
  PID:9656
- C:\Windows\System\EIVGtCR.exe
  C:\Windows\System\EIVGtCR.exe
  2⤵
  PID:9672
- C:\Windows\System\yGDifiS.exe
  C:\Windows\System\yGDifiS.exe
  2⤵
  PID:9800
- C:\Windows\System\xQhjYdy.exe
  C:\Windows\System\xQhjYdy.exe
  2⤵
  PID:9336
- C:\Windows\System\qZuFNml.exe
  C:\Windows\System\qZuFNml.exe
  2⤵
  PID:9856
- C:\Windows\System\yhyGglJ.exe
  C:\Windows\System\yhyGglJ.exe
  2⤵
  PID:9308
- C:\Windows\System\srQJoIO.exe
  C:\Windows\System\srQJoIO.exe
  2⤵
  PID:9920
- C:\Windows\System\PHqefuA.exe
  C:\Windows\System\PHqefuA.exe
  2⤵
  PID:8476
- C:\Windows\System\Egtqfui.exe
  C:\Windows\System\Egtqfui.exe
  2⤵
  PID:9952
- C:\Windows\System\FmmhFLz.exe
  C:\Windows\System\FmmhFLz.exe
  2⤵
  PID:9936
- C:\Windows\System\KiccEoF.exe
  C:\Windows\System\KiccEoF.exe
  2⤵
  PID:9996
- C:\Windows\System\OvKbyVp.exe
  C:\Windows\System\OvKbyVp.exe
  2⤵
  PID:9600
- C:\Windows\System\dmVHeMk.exe
  C:\Windows\System\dmVHeMk.exe
  2⤵
  PID:10016
- C:\Windows\System\RAEJztC.exe
  C:\Windows\System\RAEJztC.exe
  2⤵
  PID:10032
- C:\Windows\System\dAbjHof.exe
  C:\Windows\System\dAbjHof.exe
  2⤵
  PID:10088
- C:\Windows\System\ereHbIY.exe
  C:\Windows\System\ereHbIY.exe
  2⤵
  PID:10232
- C:\Windows\System\YQlDpYY.exe
  C:\Windows\System\YQlDpYY.exe
  2⤵
  PID:10068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DFIrFsk.exe

Filesize
6.0MB

MD5
c72803de8b06a3a0aa597695a7c76d98

SHA1
64583ffcea374241261bb737f161202b24aecfb7

SHA256
8ae755282e0e8b33a1db64e60213b868e04df7fb98a50922122ffe5d8c8cfef9

SHA512
a95e94c0a4f9a4c4133f204ad61c0e0804acb532a54e33e42f9de1529b9105bcb870ddc5423917d6c743a392ef95e4123b0047e02f7d28e02e3c2c1e85c30ea7

Download Submit
C:\Windows\system\FvnTkuc.exe

Filesize
6.0MB

MD5
4f6f9e4b459720638ebc1fd379508ce4

SHA1
52e7e14e1f6caf3edf1651ff83da63b2f9c7f5e0

SHA256
58296cca95f08750db83fa3a3a33dd332cef1930977ce578fcb1ac9b627ac722

SHA512
cd266bfe0db55648395c58a0fbf332117b6bfb2f71a6aae20120af2a8d209f9c47f1671dbfb5173ce796c49046a7b74be44f6affcfc64badc9043a7c1ddae023

Download Submit
C:\Windows\system\IaVrqTW.exe

Filesize
6.0MB

MD5
945313812dc0189dada4ed9c16d56a2b

SHA1
c973b097f47e0a64f7aefa54f07a50e84f560a6c

SHA256
eff100e05e11e720e61d6f6bd897a2f558608d84bcb2bcc7aa1cb8aa8fdc5010

SHA512
2d1228f98ffe2f535cbc65f9e3112b4d1739ef758783478b36d32ddba9d92379d001a7f7c768dc5417e3ad4d557933ac01012f2ee0f1502abf0a205c987d57a2

Download Submit
C:\Windows\system\JffeHRV.exe

Filesize
6.0MB

MD5
3e14093e9d3547ec573413a2262a169a

SHA1
8f2112311e55a542f2580acfaf8bebddb49e822a

SHA256
a844678a271783ac49b5cde2537f00f684e95aa44b72dfcf54f49bda31169dd3

SHA512
8cc4ebf30d6abccb6974766694fa626f3bd1a5e467222464791809b01933fa96a21c90255002631b499dc116d6ac8d6b759b86a2a51f8de490136f332e63b6b3

Download Submit
C:\Windows\system\LQbMfdV.exe

Filesize
6.0MB

MD5
91897de87072e1128ad162096d8e77d4

SHA1
c8211c8454ccf4ffe8c2e0a4605fdb2e3605c1a6

SHA256
c77c3fc96ff5fe458642c240de581a01ea831f88fd95230527427e9e658b84b8

SHA512
18103f7e8431fe5cda76c2fef1a5dae1bba54019a908be47e4657dc9bcd9b734f55b475d0a5131616a057e4816d6a11c42558fab32fa96f9952226f0a281ef3d

Download Submit
C:\Windows\system\LdYOszK.exe

Filesize
6.0MB

MD5
c82288dd22ac0e5933283f6656db5e3d

SHA1
db9f0177840c2dbf4a1feed91871135d3a99dc63

SHA256
f71708ef0b87d34c2f3596f60b7c15b95088baa66ff69ccf99c706d6c293af30

SHA512
8c22b24f0e0bb4822b53f83618e47a22d5f7c02fa74f286176b2745dad9d5851613318f9714c37aeb8924889005b7da15bdca91fd47a570fb991d81c9eb01519

Download Submit
C:\Windows\system\QQHqqlI.exe

Filesize
6.0MB

MD5
9f43e4e16bb51e813d2647ffb7df062d

SHA1
481012458450823d3e62cd2cd6cf9551a6fb724c

SHA256
e7d9c973f4557f465528542ffcc3af266cc206ba2d91d0e2ebb005cc48cb4a83

SHA512
393ef30f166e4e89bec5eef395186b5dd6cf26d5d3a0b160c037057c2931080867eea99f2faabe5360149af7bf50b58501f0c1f9161519ff4e39b538980dae1f

Download Submit
C:\Windows\system\RLJkRUT.exe

Filesize
6.0MB

MD5
5cf68cbee8da46968c651c8b35b41363

SHA1
c7ad3d52f956c52be8eb08f040c8d2118b28cbe3

SHA256
09490d6dcae7ce133c3019478fef320551e8b8295d65543e4fd826be8e06edfa

SHA512
de87c7d711fae972d099cbe827a1cac85349cd8b992e8598bd227e1b23c56b699f7221381a6492a6c5f1e3fb4e8ff7ba3de4edb71fc29e564cdc1d63dea8b336

Download Submit
C:\Windows\system\RuNUdYa.exe

Filesize
6.0MB

MD5
35d94a0cffaa79a499fd47fa291ad3c4

SHA1
f75972f38a3bd5de2b952f906dace9bf6977224a

SHA256
b7d437d67f2592af461c7de6845813008e9e352d03ea1c6347bdcef2605957bf

SHA512
e6aa45813b88751478de12a67268abd6b5aad6984055511039aacb7e7075919ec3a6093f1d06bb277a54dfd2c854c399853b5be199ebe1fb7add7b8ca954c2b6

Download Submit
C:\Windows\system\VsBXpqT.exe

Filesize
6.0MB

MD5
71542474e2c9d5237096e9c45ad0df88

SHA1
b3efa7701e0ae5c9e9eee9c90a340a3b42dcd110

SHA256
77a01258953bf437dc75ba17b222fc235a12a31f29a3ef3f78a4947909461e04

SHA512
4c80ab656e18f5d546bd1907c746594dadd97c87ddede15e663e2c7cf1d2b13320d884cb042b5a453f446c6718d033eac9b9fbbd6d9bb3c2f0c084daa5d23b9f

Download Submit
C:\Windows\system\bnhbZIW.exe

Filesize
6.0MB

MD5
a2946bd4daf9c6fb4dfda90857a8bc82

SHA1
52b72bc465ac9a43a707649876dd37936403c5ed

SHA256
e9d4a99a9e67f9b7e87c7b128a902ab4fed53d3a1a388a282b402bd2881489c8

SHA512
ff05ac12bc51c90fa7d061a9fe40b454c5f33301d071ed38fffa5600d6fd07b6dc6bfbe91d97aab34c011f4b2901aeb111c1eef482d065a8d1d59d1abdb318e3

Download Submit
C:\Windows\system\bvQxSLz.exe

Filesize
6.0MB

MD5
4f71c790d63a35b8d3fbab3a7f508c88

SHA1
d04ee357c40cc8e9831f770ab4cec87fef39f348

SHA256
cab5e2faaa3e59527c088239866ab101d942726cda51983332df7a434c8cc926

SHA512
bb97cad0a96c4f5587297d0110b7d634412142f257f74c3fa80f1ea7a7cbd20f214d8b3e10811d8a99031df91c6faa7ebd672e97e29d63bf313030d6a01b81ce

Download Submit
C:\Windows\system\gxnurQa.exe

Filesize
6.0MB

MD5
65a42b08a983351973dc4e1b2fa31d1a

SHA1
26014509166fc7d2b7ae59e4fbbe99225dcfcfb9

SHA256
1ac208d2159dba65dfec0aabda88153ba67925dec3b43c3dab3d6837b0a22aec

SHA512
e77c986badcfa93b45e582434054412d51bc4b09b517cefa506407eed9eb988475c13808ea131f6465850c47f9e8a0e60246ca5e26822274ecd1121b6486639c

Download Submit
C:\Windows\system\jbMXjdw.exe

Filesize
6.0MB

MD5
409704bf367dc679129fd882385f0f81

SHA1
d355bb35e32c10715fdd8b22006fc3acb2cf83e8

SHA256
ef1e068c7f3d0e7181b367de1ed497dfb56fbde67656f59342196a6db4183bd8

SHA512
5264adcb9792d41dba3226c0922c1768247812c689337658e10c882a2718defa4a52d8ef6dfd256c967bca0dcf8f8ba6f7f6da8ee4cf41e5f06daa960d1c2b23

Download Submit
C:\Windows\system\mixZVNR.exe

Filesize
6.0MB

MD5
9575ec8681149bcf60bdf249243e8601

SHA1
e7de607afbd81b058c7bac9e10f8a31779adba54

SHA256
39d2ab3a070693f00cd7a16df6cb8f43fe5b9a4556849a012e431d492d0af5b4

SHA512
4259639bf4aa682dca2b9dba9cf36af5de96d93f04c4f834cca8c76f06751be0fa463234f4ecf106af3f8f72bc74f243fba7d7ba74e33953243ecea5df89a871

Download Submit
C:\Windows\system\mvXPXlI.exe

Filesize
6.0MB

MD5
5012bd0b56eeb87bbbecd8fb6b24f719

SHA1
4ee33c381d069bd6885ad64beb8cfd1d199651c8

SHA256
0426cf5422e2a26df36b53b9d0851c74f1203a98ca3e501094b44f04782d5dcd

SHA512
8e7ad85614fa5375404e265c4fd2e9334e2377320b05919f9d5c2cebceebe360fea9bb4a3256c34ddb68f43cbf90b421f4146dd6be6c818783d46886c13b502e

Download Submit
C:\Windows\system\nRJHfjn.exe

Filesize
6.0MB

MD5
b03288c1e5372535eedc31d3d4bfcb21

SHA1
95be8973a1122779f68bf6880e4120f30e2915c8

SHA256
ab8cfdb3eba61e488f5bc6044f6470878b0b22a815e7a5585becfdc586ab9b55

SHA512
8caf70db18701271470ff49ef341143ef058b83b34152ec72caab948b8a2b9d3e01655ff0a4bd836215c97d039967d698af350a92820f96ff8bf3e25eb193d67

Download Submit
C:\Windows\system\paDXArr.exe

Filesize
6.0MB

MD5
3aff11fd2fde760975c0893050ebfec9

SHA1
9555f798c249e1531d70f5b72c730b7d63a245ed

SHA256
39fa83e5603beddd58278ec546c3d26a83d96945d1d5f5ad541738b2ba26628b

SHA512
7890be7af397e571ff48e3b9523d202d2b2bb3b61847079072b2c10175ce6dc0bd2507f32e62d276cc0cd90f670b447a332fa81d339fee51938be02ebc3afd27

Download Submit
C:\Windows\system\rOMUtZp.exe

Filesize
6.0MB

MD5
c02f6140cecc46746429826f06d1bf6b

SHA1
6cce77c0fb4440713f74ad2ac602b7b6d4ffd045

SHA256
a857b74006661ff2d074387b7003f668722e7198a100c6adbf6d1dcfebd197c3

SHA512
6a4b4847f21cfe4b257d11f15bf765ab4664ba323ffedb68d8cc525a0124fd55b46e904235f16f83de53babee79b44b570e477826313c4969ef171b137fff751

Download Submit
C:\Windows\system\tmArTLF.exe

Filesize
6.0MB

MD5
3e356a81e4e0fe06265c929164c60dfc

SHA1
7e36fac73e1fead84f6c8c10bd16eb4c6aeca9fb

SHA256
ff7f583485222760cec349fd6cdb8a90472acca22f531fbb0d58d984145e18a2

SHA512
a67118b214acb896db96e5b86c863995865ddc9681510c7f6fb2c36e849bef156b69339c4e774c957522154a53f6cc0f76cc8380d093928e979e0bf159869afa

Download Submit
C:\Windows\system\uXOqWuJ.exe

Filesize
6.0MB

MD5
6f03f0349a6e7f85d24ce5f4074e46a4

SHA1
5d8ae2749b34f819eb0e98240750c016ae03b333

SHA256
0e06f7cfb690ed72347f078683271e452553d9272ce91f234cccfde95c0c4cb5

SHA512
16d17adff1a6a66f319997b0c0c46bb79a64759d508ca6c3af7933f0ade9492ac46b6302145227b0ab4678d7012c2b643a6d6ab976592170a2c405c8eff9bda6

Download Submit
C:\Windows\system\vjqqWlF.exe

Filesize
6.0MB

MD5
1cfee29917a40cd495306ebce4bb9331

SHA1
0ff615430c931120c06548cd989fef3b21f13ad0

SHA256
d56a128f70afb3342fd99f97ee223077df9c61cbe41e5472535fe5500efce86b

SHA512
de18ce2c3644022492172f41add4c64f7fda24fc9dfa374737a2828530bf1874d90d6b316190b67cfecec93200bcb94058ef09d062f754b430e0afa2f8c53be2

Download Submit
C:\Windows\system\wPUIiZy.exe

Filesize
6.0MB

MD5
1afbb917f806cd79fc757dfde2a7e753

SHA1
fc2c345abd9d06bd62f1dbda98fff44095cfabe8

SHA256
3d2e57856151ab661179c21a93e62d116b6aa91a0068de57702b9316557146a4

SHA512
87a1f3df78504a7db87057a5c154b5deea3d550d996f8a2308d923560afb71e57a9f5d49e25636beea17fb9542a5cf45985fe2b2e40ea1956665b43fec01ac58

Download Submit
C:\Windows\system\zdRgxMX.exe

Filesize
6.0MB

MD5
ea41991ac622ecff49f70949a30a85e3

SHA1
cfba015dfe21872cc7f7d7770f8c4d8dd6af1f6e

SHA256
9a4754d48a06e68f8b2508caa531a185de7cc5a20320b014134851c7598add60

SHA512
50ea0967cca63b450182c062041baa7451f28d67f7740a340fbcd029ac29cf10f482febbf7bc5bd237ffae4dea1f7357fbddd3f8428d1f8c38322afd1e93d1e0

Download Submit
\Windows\system\ApZguup.exe

Filesize
6.0MB

MD5
a09e638417f39ecc9f35f17bfc21d1a8

SHA1
cc29c94187335a70016da85e2924395462fe6cdc

SHA256
5621ed687649791a5196969c174c98397ec23c66755dfa07074a18c3f00e0eca

SHA512
27acf99e68770188bbfea09f9849a5bf4da23bb06b701d19972a3d577e25de8854d084b10415fdad158101b4ecabaa7d05bba40cb672ae8fe062a261c46d54c1

Download Submit
\Windows\system\IzQckxP.exe

Filesize
6.0MB

MD5
7bafccb26b78fee7ebba0750ffac53be

SHA1
2d79854866ea2728e5971af7e0261a131be53993

SHA256
9e8f90ad2dd882c8d7cf75e571c74b8de90e90d5cd06ad6bfb2b3561f9a5d48b

SHA512
8aa63175636a137a6dde2cb16ea08303958901d1223b37a01bdd705b351fc07e7d72879598546c58cc4e5bb85df7e5545754e4f428bd8a6f5293ffeaee3d2a32

Download Submit
\Windows\system\MGeIkUz.exe

Filesize
6.0MB

MD5
d58540f097e5d683988860958389bcc2

SHA1
0954043c76f94bd60da51c3048ddc8e27c5be64c

SHA256
1a5c8adafd311d027be51f80c015151a38409a8d3a5565969a2a552026b369e2

SHA512
d55b37850526ee7ec89e48f65f7fd2d139dd4f06925d8762ac077f43b759a5b019fb010547e9f19824da561412607d6f3efd841996996426e144bfcd934c8612

Download Submit
\Windows\system\byjMmkn.exe

Filesize
6.0MB

MD5
942aa95194650deb5933ce64a79bda15

SHA1
d26592793ccacf1b01fd35093ae173d83ae9db6e

SHA256
3ca7a3c1202c7a5a519a24e3ed34e816faaad85c64129f89851c3d69d130e945

SHA512
4fd309684d964023365cff36085bae9f061b3ce839aad83852468c55eaf0c6496b2b0b5408a3d9696d569a8238b7b5d92d9377f811de97b4d946d1cf6e3a775a

Download Submit
\Windows\system\cXNiIRz.exe

Filesize
6.0MB

MD5
03aac7c93891c8c1ed3c7e9a9a6bc89c

SHA1
a06311be1d9112d29aea8149f6eaec89b35af911

SHA256
046ae98832c1c6c580bfe83e980db1bb183ccb6b0ecf4fb283f80ebc1549f6ea

SHA512
2321e4b85c857d33e59da050a5b711093c0386a4d665bc392000427f94fd65f61140849ef21c36bfc9487dd2c4afbfbe21ce548e9f0a2023c4663ba51487a949

Download Submit
\Windows\system\frHyPIn.exe

Filesize
6.0MB

MD5
2e84fe91dc4914de2ce693e18c07d5cb

SHA1
e78b8fc7a2d8f6aa2e6cd5c0d364e7efb667b5a9

SHA256
9d55d44c4fd370de4840afc34bba9c2586c9868f5fc7252db636b158e534b52c

SHA512
1d24902b9c6221781472e4e07a0bcfd6f37d25595d6e5ca8c693d579219fdc02d89fa8566a6052ba70b421b979737f3c4f47e31fc17cf02da9d703f87cfa3d13

Download Submit
\Windows\system\kmVxWJt.exe

Filesize
6.0MB

MD5
bfe67247072f2cdbf6498c24a975b59c

SHA1
a9af4bbc68d466f74bc5353e3aa749a2459acbc9

SHA256
d55a29dcb50af5c4703f6bce9c994c2f808d7702841b408113f327087c3385bf

SHA512
759a7a08e543d08e80b98314ba917fe49a25c472129af6bd0da578264d1aecec6b71da8ef200d58b81ddb15317ab30246b7053f0d45cdc98d42a55d76713b553

Download Submit
\Windows\system\laExqam.exe

Filesize
6.0MB

MD5
975bf1fb2e7182a77696bc0eda140a0e

SHA1
80faf3151a8dbd381a8e3859f532df3908d1f8f1

SHA256
3d453e8f3a07df9581803ffbfd48be304867c3faf685c591647663610ee1e35e

SHA512
c7d6706e8cbd3eb9bdbac0eeaf72003e857fbae108ea589c462fafe4e867da0f10a88975fa6171fab3989bcabf2204e43057d47894496bd69d074ba64a073ec2

Download Submit
\Windows\system\qmAKbwM.exe

Filesize
6.0MB

MD5
ea4df457ed16cb13cddbc639eac80cdf

SHA1
235298f1ed349b1bd22868db5a7bd08d77fd7388

SHA256
7cf432a92b8b979212ce3a836953bad911ef90cd610f97df9c8769fab00d3e37

SHA512
255406529818ac1572d382a4bede93b713d03cdebc809d8c8085f47431a8849c4e1713ce4bf9e91ed2d4bbe05a84c5d67dc83c165c5e16fc68c011a272efc4c1

Download Submit
\Windows\system\vLpEyhq.exe

Filesize
6.0MB

MD5
8ff4bb4ef0ee89eb8482755a07a5b5e3

SHA1
41e5a19c207d40fecbc1be95a5cac95768b0b481

SHA256
4e12086fa72b0fb97611d433581db7ba66132f039136fa5346984edd25b8bec9

SHA512
0602e330cc8e5ec0d2494fa617cc3704da2009d303e9f017344869e433d4941435337b0ad15366fa67b735819fa03df89893a64b2b3ce9e9b49ead4e767d2d49

Download Submit
\Windows\system\vlKcznu.exe

Filesize
6.0MB

MD5
32c7f3990b9ba79380135e7163ccf1b5

SHA1
c6ea3be84526065e8e06b8de20a1711c7cf61457

SHA256
050a31df7edd4fd792928d3283ff9787524f14bf46f194f599dd05338530293c

SHA512
8cea75ae013ccbd4107e232a0bdd5f0fe0d0acbf09fbee777a349104c1a39c1887fe3a716c37ef6f330b6bd9fa8b66430ef6b7f560151ee4795e06779cd22e71

Download Submit
memory/632-442-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/632-97-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/632-2852-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/756-444-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/756-116-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/756-2854-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/1740-2825-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/1740-33-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2064-26-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2064-2804-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2136-2816-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2136-36-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2284-32-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2284-2817-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2536-2818-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-31-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-72-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2612-2821-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2688-440-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2688-2853-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2688-86-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2748-64-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2748-2820-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2768-42-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2768-2819-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2768-81-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2880-0-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2880-71-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2880-28-0x00000000021D0000-0x0000000002524000-memory.dmp

Filesize
3.3MB

Download
memory/2880-101-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-49-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2880-96-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-443-0x00000000021D0000-0x0000000002524000-memory.dmp

Filesize
3.3MB

Download
memory/2880-41-0x00000000021D0000-0x0000000002524000-memory.dmp

Filesize
3.3MB

Download
memory/2880-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2880-112-0x00000000021D0000-0x0000000002524000-memory.dmp

Filesize
3.3MB

Download
memory/2880-35-0x00000000021D0000-0x0000000002524000-memory.dmp

Filesize
3.3MB

Download
memory/2880-34-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2880-121-0x00000000021D0000-0x0000000002524000-memory.dmp

Filesize
3.3MB

Download
memory/2880-63-0x00000000021D0000-0x0000000002524000-memory.dmp

Filesize
3.3MB

Download
memory/2880-73-0x00000000021D0000-0x0000000002524000-memory.dmp

Filesize
3.3MB

Download
memory/2880-441-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2880-18-0x00000000021D0000-0x0000000002524000-memory.dmp

Filesize
3.3MB

Download
memory/2880-65-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2880-56-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2880-82-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2880-439-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2880-90-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2880-438-0x00000000021D0000-0x0000000002524000-memory.dmp

Filesize
3.3MB

Download
memory/2884-57-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2884-2815-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/3068-50-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/3068-2824-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download