cobaltstrike | c5a155f0b53653e4b28a586a6e901e30b2438012ad5c51e5ef9bd6c933140f5a

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
16-11-2024 00:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

4e9740deed18fb7e11423ba22ae6f520
SHA1

182d9076fa3b521fd82a5ea684ea2a1e83fa6153
SHA256

c5a155f0b53653e4b28a586a6e901e30b2438012ad5c51e5ef9bd6c933140f5a
SHA512

3c51345ac633c35c0a134cbe4a3f9719c89bc5f1d77675edb1be36a0333839e1da2c0251bf4fe67fa05ec8ded77403dd8d44d18f7a8715d239f4af60593935b5
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUx:T+q56utgpPF8u/7x

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012118-6.dat	cobalt_reflective_dll
behavioral1/files/0x00340000000191f6-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019259-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019268-25.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001926c-30.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019275-37.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019278-46.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001929a-47.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d7-56.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950e-73.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194df-65.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019319-54.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019513-88.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001953e-95.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197c2-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c6c-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001964b-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a074-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a06a-180.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0ab-187.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f58-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a301-190.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cbe-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c85-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019b0f-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019a72-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f6e-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d8c-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c87-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019642-106.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019b0d-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001964a-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019640-105.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2668-0-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012118-6.dat	xmrig
behavioral1/files/0x00340000000191f6-8.dat	xmrig
behavioral1/files/0x0007000000019259-15.dat	xmrig
behavioral1/files/0x0007000000019268-25.dat	xmrig
behavioral1/memory/2692-29-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/files/0x000700000001926c-30.dat	xmrig
behavioral1/memory/2668-27-0x0000000002380000-0x00000000026D4000-memory.dmp	xmrig
behavioral1/memory/2700-26-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2804-14-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2724-13-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2836-36-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/files/0x0006000000019275-37.dat	xmrig
behavioral1/files/0x0006000000019278-46.dat	xmrig
behavioral1/files/0x000600000001929a-47.dat	xmrig
behavioral1/memory/2404-72-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x00050000000194d7-56.dat	xmrig
behavioral1/memory/2668-81-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2488-80-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2668-79-0x0000000002380000-0x00000000026D4000-memory.dmp	xmrig
behavioral1/memory/2004-78-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2668-76-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/3048-75-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/files/0x000500000001950e-73.dat	xmrig
behavioral1/memory/3056-70-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194df-65.dat	xmrig
behavioral1/memory/2608-61-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/files/0x0006000000019319-54.dat	xmrig
behavioral1/memory/2668-41-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/2668-38-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2692-86-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/1648-87-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019513-88.dat	xmrig
behavioral1/files/0x000500000001953e-95.dat	xmrig
behavioral1/files/0x00050000000197c2-117.dat	xmrig
behavioral1/files/0x0005000000019c6c-139.dat	xmrig
behavioral1/files/0x000500000001964b-129.dat	xmrig
behavioral1/files/0x000500000001a074-184.dat	xmrig
behavioral1/files/0x000500000001a06a-180.dat	xmrig
behavioral1/files/0x000500000001a0ab-187.dat	xmrig
behavioral1/files/0x0005000000019f58-171.dat	xmrig
behavioral1/files/0x000500000001a301-190.dat	xmrig
behavioral1/files/0x0005000000019cbe-168.dat	xmrig
behavioral1/files/0x0005000000019c85-159.dat	xmrig
behavioral1/files/0x0005000000019b0f-149.dat	xmrig
behavioral1/files/0x0005000000019a72-147.dat	xmrig
behavioral1/files/0x0005000000019f6e-174.dat	xmrig
behavioral1/files/0x0005000000019d8c-162.dat	xmrig
behavioral1/files/0x0005000000019c87-152.dat	xmrig
behavioral1/files/0x0005000000019642-106.dat	xmrig
behavioral1/files/0x0005000000019b0d-133.dat	xmrig
behavioral1/memory/2876-101-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/files/0x000500000001964a-112.dat	xmrig
behavioral1/memory/2836-100-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/files/0x0005000000019640-105.dat	xmrig
behavioral1/memory/2376-94-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2724-3543-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/3056-3985-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2700-3986-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2488-3988-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2836-3989-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/3048-3990-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2404-3996-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2804-3997-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2724	cATBbEO.exe
2804	gcJdWJc.exe
2700	UXxDfGi.exe
2692	jzuLLCk.exe
2836	FysiMXU.exe
2608	Eqixhih.exe
3056	AmBHjwS.exe
2404	SEnnvHS.exe
3048	hCZFOsW.exe
2488	QMKuhrR.exe
2004	SFRkmNG.exe
1648	bbpqeOQ.exe
2376	qwhqqiy.exe
2876	weioDSh.exe
2892	XTwzDQX.exe
300	tTHdfik.exe
2188	zFBhile.exe
1692	xPrkfWy.exe
2816	WHSgbXC.exe
1008	oGRwEVL.exe
2200	ZSWEWAY.exe
1036	fiOazBU.exe
604	BoEsiiX.exe
1776	LdUdHkJ.exe
2196	ecvCJwF.exe
928	XFfoOjH.exe
1588	hecrXwz.exe
2992	SufETsJ.exe
2192	RqzjdIQ.exe
328	ZnvTkGR.exe
112	gHVeOOe.exe
1732	IPXVnfj.exe
1932	fhVRmBN.exe
1308	RyQgUDv.exe
2332	owZLpbb.exe
376	MsWPwmz.exe
1552	pBQYeJv.exe
1720	vRjONrR.exe
2024	HBOaOeV.exe
304	bqfgTDS.exe
2860	AZVTErU.exe
2300	pfyRJCW.exe
1828	BOWGYTk.exe
2492	PeMuLqY.exe
2080	QQrIuZa.exe
1636	gNQCDBg.exe
1688	WMXwtxV.exe
2324	CmpYugq.exe
2544	lIzpVlW.exe
1744	cDhDhWN.exe
2320	YdbnjaS.exe
1044	SWrMqpp.exe
2288	bNCSfNk.exe
1576	xSmkVGM.exe
2380	KfdlRZI.exe
2808	OyIshcZ.exe
2764	iRxyqYT.exe
2956	RTDeUOj.exe
2604	sRnJRWL.exe
2580	yReglck.exe
1676	WuWPoCI.exe
1492	qFawIAs.exe
1260	qimZpDD.exe
2856	fWXQtdr.exe

Loads dropped DLL 64 IoCs

pid	Process
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2668-0-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/files/0x0007000000012118-6.dat	upx
behavioral1/files/0x00340000000191f6-8.dat	upx
behavioral1/files/0x0007000000019259-15.dat	upx
behavioral1/files/0x0007000000019268-25.dat	upx
behavioral1/memory/2692-29-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/files/0x000700000001926c-30.dat	upx
behavioral1/memory/2700-26-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2804-14-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2724-13-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2836-36-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/files/0x0006000000019275-37.dat	upx
behavioral1/files/0x0006000000019278-46.dat	upx
behavioral1/files/0x000600000001929a-47.dat	upx
behavioral1/memory/2404-72-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/files/0x00050000000194d7-56.dat	upx
behavioral1/memory/2488-80-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2004-78-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/3048-75-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/files/0x000500000001950e-73.dat	upx
behavioral1/memory/3056-70-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/files/0x00050000000194df-65.dat	upx
behavioral1/memory/2608-61-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/files/0x0006000000019319-54.dat	upx
behavioral1/memory/2668-38-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2692-86-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/1648-87-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/files/0x0005000000019513-88.dat	upx
behavioral1/files/0x000500000001953e-95.dat	upx
behavioral1/files/0x00050000000197c2-117.dat	upx
behavioral1/files/0x0005000000019c6c-139.dat	upx
behavioral1/files/0x000500000001964b-129.dat	upx
behavioral1/files/0x000500000001a074-184.dat	upx
behavioral1/files/0x000500000001a06a-180.dat	upx
behavioral1/files/0x000500000001a0ab-187.dat	upx
behavioral1/files/0x0005000000019f58-171.dat	upx
behavioral1/files/0x000500000001a301-190.dat	upx
behavioral1/files/0x0005000000019cbe-168.dat	upx
behavioral1/files/0x0005000000019c85-159.dat	upx
behavioral1/files/0x0005000000019b0f-149.dat	upx
behavioral1/files/0x0005000000019a72-147.dat	upx
behavioral1/files/0x0005000000019f6e-174.dat	upx
behavioral1/files/0x0005000000019d8c-162.dat	upx
behavioral1/files/0x0005000000019c87-152.dat	upx
behavioral1/files/0x0005000000019642-106.dat	upx
behavioral1/files/0x0005000000019b0d-133.dat	upx
behavioral1/memory/2876-101-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/files/0x000500000001964a-112.dat	upx
behavioral1/memory/2836-100-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/files/0x0005000000019640-105.dat	upx
behavioral1/memory/2376-94-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2724-3543-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/3056-3985-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2700-3986-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2488-3988-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2836-3989-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/3048-3990-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2404-3996-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2804-3997-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2692-4000-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2004-3999-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2608-3998-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2376-4002-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/1648-4001-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\fBWXeXw.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dDKrzQW.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dRPmQvb.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xRZrKdZ.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OjZhNiN.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KqaKXuN.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hDYApwq.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xzaZpYh.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iEeyVIM.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qoDtNNE.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uHmpeOv.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jrgWuXo.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vPJiaWO.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pstQaWk.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BvtfkEK.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xrNOcaa.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lffwWfx.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qPOmiOu.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKLwtKt.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PCoUWZk.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XvpJIdM.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GaWtMlM.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZnIsABB.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WnWmPXJ.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NRCIoxr.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KQPWxRd.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mtCBrZV.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hviqsCP.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uWbMbDe.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IjmygyU.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tOQswWY.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ifYntcc.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XDbOjEi.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\acMUCdt.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bIXizdY.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WamAecN.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nWrXUEr.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UrDKIRI.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mQAdjxP.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NvqsuAW.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gUmlTFa.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GNmRWqe.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hpKrJJJ.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jImFcKg.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aOffsVD.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\udQwzPy.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ifgrSHU.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UestnoG.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HmiNhfh.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\USGvlcx.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JCxsTaz.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kkRfaRH.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qONatDr.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\chzfitk.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iCYGNtN.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qcmlnli.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oGRwEVL.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zaFBUfO.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uhwXLiy.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lKSQffP.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QVQDLAE.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FAdgocA.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EroMZue.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FysiMXU.exe	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2668 wrote to memory of 2724	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2668 wrote to memory of 2724	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2668 wrote to memory of 2724	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2668 wrote to memory of 2804	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2668 wrote to memory of 2804	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2668 wrote to memory of 2804	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2668 wrote to memory of 2700	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2668 wrote to memory of 2700	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2668 wrote to memory of 2700	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2668 wrote to memory of 2692	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2668 wrote to memory of 2692	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2668 wrote to memory of 2692	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2668 wrote to memory of 2836	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2668 wrote to memory of 2836	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2668 wrote to memory of 2836	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2668 wrote to memory of 2608	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2668 wrote to memory of 2608	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2668 wrote to memory of 2608	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2668 wrote to memory of 3056	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2668 wrote to memory of 3056	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2668 wrote to memory of 3056	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2668 wrote to memory of 2404	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2668 wrote to memory of 2404	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2668 wrote to memory of 2404	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2668 wrote to memory of 3048	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2668 wrote to memory of 3048	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2668 wrote to memory of 3048	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2668 wrote to memory of 2004	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2668 wrote to memory of 2004	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2668 wrote to memory of 2004	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2668 wrote to memory of 2488	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2668 wrote to memory of 2488	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2668 wrote to memory of 2488	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2668 wrote to memory of 1648	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2668 wrote to memory of 1648	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2668 wrote to memory of 1648	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2668 wrote to memory of 2376	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2668 wrote to memory of 2376	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2668 wrote to memory of 2376	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2668 wrote to memory of 2876	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2668 wrote to memory of 2876	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2668 wrote to memory of 2876	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2668 wrote to memory of 2892	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2668 wrote to memory of 2892	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2668 wrote to memory of 2892	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2668 wrote to memory of 1692	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2668 wrote to memory of 1692	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2668 wrote to memory of 1692	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2668 wrote to memory of 300	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2668 wrote to memory of 300	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2668 wrote to memory of 300	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2668 wrote to memory of 2816	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2668 wrote to memory of 2816	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2668 wrote to memory of 2816	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2668 wrote to memory of 2188	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2668 wrote to memory of 2188	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2668 wrote to memory of 2188	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2668 wrote to memory of 1036	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2668 wrote to memory of 1036	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2668 wrote to memory of 1036	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2668 wrote to memory of 1008	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2668 wrote to memory of 1008	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2668 wrote to memory of 1008	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2668 wrote to memory of 604	2668	2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-16_4e9740deed18fb7e11423ba22ae6f520_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2668
- C:\Windows\System\cATBbEO.exe
  C:\Windows\System\cATBbEO.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\gcJdWJc.exe
  C:\Windows\System\gcJdWJc.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\UXxDfGi.exe
  C:\Windows\System\UXxDfGi.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\jzuLLCk.exe
  C:\Windows\System\jzuLLCk.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\FysiMXU.exe
  C:\Windows\System\FysiMXU.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\Eqixhih.exe
  C:\Windows\System\Eqixhih.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\AmBHjwS.exe
  C:\Windows\System\AmBHjwS.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\SEnnvHS.exe
  C:\Windows\System\SEnnvHS.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\hCZFOsW.exe
  C:\Windows\System\hCZFOsW.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\SFRkmNG.exe
  C:\Windows\System\SFRkmNG.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\QMKuhrR.exe
  C:\Windows\System\QMKuhrR.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\bbpqeOQ.exe
  C:\Windows\System\bbpqeOQ.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\qwhqqiy.exe
  C:\Windows\System\qwhqqiy.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\weioDSh.exe
  C:\Windows\System\weioDSh.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\XTwzDQX.exe
  C:\Windows\System\XTwzDQX.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\xPrkfWy.exe
  C:\Windows\System\xPrkfWy.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\tTHdfik.exe
  C:\Windows\System\tTHdfik.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\WHSgbXC.exe
  C:\Windows\System\WHSgbXC.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\zFBhile.exe
  C:\Windows\System\zFBhile.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\fiOazBU.exe
  C:\Windows\System\fiOazBU.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\oGRwEVL.exe
  C:\Windows\System\oGRwEVL.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\BoEsiiX.exe
  C:\Windows\System\BoEsiiX.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\ZSWEWAY.exe
  C:\Windows\System\ZSWEWAY.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\ecvCJwF.exe
  C:\Windows\System\ecvCJwF.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\LdUdHkJ.exe
  C:\Windows\System\LdUdHkJ.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\hecrXwz.exe
  C:\Windows\System\hecrXwz.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\XFfoOjH.exe
  C:\Windows\System\XFfoOjH.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\SufETsJ.exe
  C:\Windows\System\SufETsJ.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\RqzjdIQ.exe
  C:\Windows\System\RqzjdIQ.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\ZnvTkGR.exe
  C:\Windows\System\ZnvTkGR.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\gHVeOOe.exe
  C:\Windows\System\gHVeOOe.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\RyQgUDv.exe
  C:\Windows\System\RyQgUDv.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\IPXVnfj.exe
  C:\Windows\System\IPXVnfj.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\owZLpbb.exe
  C:\Windows\System\owZLpbb.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\fhVRmBN.exe
  C:\Windows\System\fhVRmBN.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\pBQYeJv.exe
  C:\Windows\System\pBQYeJv.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\MsWPwmz.exe
  C:\Windows\System\MsWPwmz.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\vRjONrR.exe
  C:\Windows\System\vRjONrR.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\HBOaOeV.exe
  C:\Windows\System\HBOaOeV.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\bqfgTDS.exe
  C:\Windows\System\bqfgTDS.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\AZVTErU.exe
  C:\Windows\System\AZVTErU.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\BOWGYTk.exe
  C:\Windows\System\BOWGYTk.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\pfyRJCW.exe
  C:\Windows\System\pfyRJCW.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\PeMuLqY.exe
  C:\Windows\System\PeMuLqY.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\QQrIuZa.exe
  C:\Windows\System\QQrIuZa.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\WMXwtxV.exe
  C:\Windows\System\WMXwtxV.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\gNQCDBg.exe
  C:\Windows\System\gNQCDBg.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\cDhDhWN.exe
  C:\Windows\System\cDhDhWN.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\CmpYugq.exe
  C:\Windows\System\CmpYugq.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\SWrMqpp.exe
  C:\Windows\System\SWrMqpp.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\lIzpVlW.exe
  C:\Windows\System\lIzpVlW.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\bNCSfNk.exe
  C:\Windows\System\bNCSfNk.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\YdbnjaS.exe
  C:\Windows\System\YdbnjaS.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\xSmkVGM.exe
  C:\Windows\System\xSmkVGM.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\KfdlRZI.exe
  C:\Windows\System\KfdlRZI.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\OyIshcZ.exe
  C:\Windows\System\OyIshcZ.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\iRxyqYT.exe
  C:\Windows\System\iRxyqYT.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\RTDeUOj.exe
  C:\Windows\System\RTDeUOj.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\sRnJRWL.exe
  C:\Windows\System\sRnJRWL.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\yReglck.exe
  C:\Windows\System\yReglck.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\WuWPoCI.exe
  C:\Windows\System\WuWPoCI.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\qimZpDD.exe
  C:\Windows\System\qimZpDD.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\qFawIAs.exe
  C:\Windows\System\qFawIAs.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\rkitNVC.exe
  C:\Windows\System\rkitNVC.exe
  2⤵
  PID:2540
- C:\Windows\System\fWXQtdr.exe
  C:\Windows\System\fWXQtdr.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\DTzyOyU.exe
  C:\Windows\System\DTzyOyU.exe
  2⤵
  PID:1132
- C:\Windows\System\NkHnlCB.exe
  C:\Windows\System\NkHnlCB.exe
  2⤵
  PID:2644
- C:\Windows\System\DDhTFBY.exe
  C:\Windows\System\DDhTFBY.exe
  2⤵
  PID:2068
- C:\Windows\System\QymCnVC.exe
  C:\Windows\System\QymCnVC.exe
  2⤵
  PID:792
- C:\Windows\System\uwfePXQ.exe
  C:\Windows\System\uwfePXQ.exe
  2⤵
  PID:2372
- C:\Windows\System\dDKrzQW.exe
  C:\Windows\System\dDKrzQW.exe
  2⤵
  PID:1988
- C:\Windows\System\BjYmFCg.exe
  C:\Windows\System\BjYmFCg.exe
  2⤵
  PID:2160
- C:\Windows\System\USroJEJ.exe
  C:\Windows\System\USroJEJ.exe
  2⤵
  PID:2224
- C:\Windows\System\jYClFin.exe
  C:\Windows\System\jYClFin.exe
  2⤵
  PID:2216
- C:\Windows\System\SJpOppo.exe
  C:\Windows\System\SJpOppo.exe
  2⤵
  PID:2140
- C:\Windows\System\uQyIZxR.exe
  C:\Windows\System\uQyIZxR.exe
  2⤵
  PID:2304
- C:\Windows\System\FMbyyVg.exe
  C:\Windows\System\FMbyyVg.exe
  2⤵
  PID:1664
- C:\Windows\System\muRZTux.exe
  C:\Windows\System\muRZTux.exe
  2⤵
  PID:1408
- C:\Windows\System\yJtiypa.exe
  C:\Windows\System\yJtiypa.exe
  2⤵
  PID:1764
- C:\Windows\System\vxXOZEq.exe
  C:\Windows\System\vxXOZEq.exe
  2⤵
  PID:1884
- C:\Windows\System\FeBftph.exe
  C:\Windows\System\FeBftph.exe
  2⤵
  PID:1792
- C:\Windows\System\lbxqRSA.exe
  C:\Windows\System\lbxqRSA.exe
  2⤵
  PID:860
- C:\Windows\System\pZWrcJx.exe
  C:\Windows\System\pZWrcJx.exe
  2⤵
  PID:1712
- C:\Windows\System\udQwzPy.exe
  C:\Windows\System\udQwzPy.exe
  2⤵
  PID:1104
- C:\Windows\System\latorUr.exe
  C:\Windows\System\latorUr.exe
  2⤵
  PID:1780
- C:\Windows\System\MviVYMv.exe
  C:\Windows\System\MviVYMv.exe
  2⤵
  PID:2660
- C:\Windows\System\sJJSmnU.exe
  C:\Windows\System\sJJSmnU.exe
  2⤵
  PID:576
- C:\Windows\System\hxPKVRG.exe
  C:\Windows\System\hxPKVRG.exe
  2⤵
  PID:2072
- C:\Windows\System\MIBBLPZ.exe
  C:\Windows\System\MIBBLPZ.exe
  2⤵
  PID:1600
- C:\Windows\System\DbdMJEU.exe
  C:\Windows\System\DbdMJEU.exe
  2⤵
  PID:1768
- C:\Windows\System\tmDGFAN.exe
  C:\Windows\System\tmDGFAN.exe
  2⤵
  PID:1604
- C:\Windows\System\bdqYryP.exe
  C:\Windows\System\bdqYryP.exe
  2⤵
  PID:2788
- C:\Windows\System\fzJMTYT.exe
  C:\Windows\System\fzJMTYT.exe
  2⤵
  PID:2908
- C:\Windows\System\xNclcYe.exe
  C:\Windows\System\xNclcYe.exe
  2⤵
  PID:2396
- C:\Windows\System\ozTZoat.exe
  C:\Windows\System\ozTZoat.exe
  2⤵
  PID:2620
- C:\Windows\System\Cxylnql.exe
  C:\Windows\System\Cxylnql.exe
  2⤵
  PID:2400
- C:\Windows\System\noXZaYO.exe
  C:\Windows\System\noXZaYO.exe
  2⤵
  PID:2572
- C:\Windows\System\hHpQAqu.exe
  C:\Windows\System\hHpQAqu.exe
  2⤵
  PID:1496
- C:\Windows\System\hjZEmMC.exe
  C:\Windows\System\hjZEmMC.exe
  2⤵
  PID:2268
- C:\Windows\System\opDmCxk.exe
  C:\Windows\System\opDmCxk.exe
  2⤵
  PID:1624
- C:\Windows\System\ZrUJisi.exe
  C:\Windows\System\ZrUJisi.exe
  2⤵
  PID:2220
- C:\Windows\System\VDxaZhy.exe
  C:\Windows\System\VDxaZhy.exe
  2⤵
  PID:2256
- C:\Windows\System\totvVtt.exe
  C:\Windows\System\totvVtt.exe
  2⤵
  PID:1848
- C:\Windows\System\jaeCfQu.exe
  C:\Windows\System\jaeCfQu.exe
  2⤵
  PID:2100
- C:\Windows\System\FoGmmbn.exe
  C:\Windows\System\FoGmmbn.exe
  2⤵
  PID:600
- C:\Windows\System\FLOczft.exe
  C:\Windows\System\FLOczft.exe
  2⤵
  PID:2012
- C:\Windows\System\dvFCVMW.exe
  C:\Windows\System\dvFCVMW.exe
  2⤵
  PID:2148
- C:\Windows\System\wRQRtUE.exe
  C:\Windows\System\wRQRtUE.exe
  2⤵
  PID:1672
- C:\Windows\System\kQCcAdG.exe
  C:\Windows\System\kQCcAdG.exe
  2⤵
  PID:2352
- C:\Windows\System\CeECAsV.exe
  C:\Windows\System\CeECAsV.exe
  2⤵
  PID:652
- C:\Windows\System\qsJUPoV.exe
  C:\Windows\System\qsJUPoV.exe
  2⤵
  PID:3004
- C:\Windows\System\JclWAsC.exe
  C:\Windows\System\JclWAsC.exe
  2⤵
  PID:1944
- C:\Windows\System\OMPQEfd.exe
  C:\Windows\System\OMPQEfd.exe
  2⤵
  PID:1596
- C:\Windows\System\SDfCrxT.exe
  C:\Windows\System\SDfCrxT.exe
  2⤵
  PID:3060
- C:\Windows\System\JJlXNsc.exe
  C:\Windows\System\JJlXNsc.exe
  2⤵
  PID:2772
- C:\Windows\System\qIJDIjH.exe
  C:\Windows\System\qIJDIjH.exe
  2⤵
  PID:2696
- C:\Windows\System\EojZKJG.exe
  C:\Windows\System\EojZKJG.exe
  2⤵
  PID:2840
- C:\Windows\System\BNFAwFN.exe
  C:\Windows\System\BNFAwFN.exe
  2⤵
  PID:2972
- C:\Windows\System\nIbHQuU.exe
  C:\Windows\System\nIbHQuU.exe
  2⤵
  PID:692
- C:\Windows\System\SQabvzo.exe
  C:\Windows\System\SQabvzo.exe
  2⤵
  PID:864
- C:\Windows\System\NxUSNdu.exe
  C:\Windows\System\NxUSNdu.exe
  2⤵
  PID:2384
- C:\Windows\System\iSkRSGd.exe
  C:\Windows\System\iSkRSGd.exe
  2⤵
  PID:448
- C:\Windows\System\aUbIoLS.exe
  C:\Windows\System\aUbIoLS.exe
  2⤵
  PID:468
- C:\Windows\System\JCDwAJB.exe
  C:\Windows\System\JCDwAJB.exe
  2⤵
  PID:2368
- C:\Windows\System\BvtfkEK.exe
  C:\Windows\System\BvtfkEK.exe
  2⤵
  PID:3084
- C:\Windows\System\MmiIIET.exe
  C:\Windows\System\MmiIIET.exe
  2⤵
  PID:3100
- C:\Windows\System\SoVVDAF.exe
  C:\Windows\System\SoVVDAF.exe
  2⤵
  PID:3124
- C:\Windows\System\jGIYRMw.exe
  C:\Windows\System\jGIYRMw.exe
  2⤵
  PID:3152
- C:\Windows\System\DPMShsA.exe
  C:\Windows\System\DPMShsA.exe
  2⤵
  PID:3168
- C:\Windows\System\lIJqCrW.exe
  C:\Windows\System\lIJqCrW.exe
  2⤵
  PID:3188
- C:\Windows\System\DOpZrWV.exe
  C:\Windows\System\DOpZrWV.exe
  2⤵
  PID:3208
- C:\Windows\System\CDFQdZb.exe
  C:\Windows\System\CDFQdZb.exe
  2⤵
  PID:3224
- C:\Windows\System\UrLdCTp.exe
  C:\Windows\System\UrLdCTp.exe
  2⤵
  PID:3240
- C:\Windows\System\pCOcYKL.exe
  C:\Windows\System\pCOcYKL.exe
  2⤵
  PID:3256
- C:\Windows\System\doUMsCl.exe
  C:\Windows\System\doUMsCl.exe
  2⤵
  PID:3272
- C:\Windows\System\asYoMlc.exe
  C:\Windows\System\asYoMlc.exe
  2⤵
  PID:3300
- C:\Windows\System\gXvcLSw.exe
  C:\Windows\System\gXvcLSw.exe
  2⤵
  PID:3332
- C:\Windows\System\SYJIIyi.exe
  C:\Windows\System\SYJIIyi.exe
  2⤵
  PID:3348
- C:\Windows\System\CdkhhaA.exe
  C:\Windows\System\CdkhhaA.exe
  2⤵
  PID:3368
- C:\Windows\System\Bxworuh.exe
  C:\Windows\System\Bxworuh.exe
  2⤵
  PID:3388
- C:\Windows\System\NdMhuLO.exe
  C:\Windows\System\NdMhuLO.exe
  2⤵
  PID:3408
- C:\Windows\System\sWtnkvs.exe
  C:\Windows\System\sWtnkvs.exe
  2⤵
  PID:3428
- C:\Windows\System\hIAyrdt.exe
  C:\Windows\System\hIAyrdt.exe
  2⤵
  PID:3448
- C:\Windows\System\bFmykeM.exe
  C:\Windows\System\bFmykeM.exe
  2⤵
  PID:3468
- C:\Windows\System\hULqEFS.exe
  C:\Windows\System\hULqEFS.exe
  2⤵
  PID:3484
- C:\Windows\System\XpXfrkM.exe
  C:\Windows\System\XpXfrkM.exe
  2⤵
  PID:3504
- C:\Windows\System\BzFcOFx.exe
  C:\Windows\System\BzFcOFx.exe
  2⤵
  PID:3524
- C:\Windows\System\MsIjVWq.exe
  C:\Windows\System\MsIjVWq.exe
  2⤵
  PID:3540
- C:\Windows\System\MUhLzDb.exe
  C:\Windows\System\MUhLzDb.exe
  2⤵
  PID:3556
- C:\Windows\System\ohqAEVV.exe
  C:\Windows\System\ohqAEVV.exe
  2⤵
  PID:3572
- C:\Windows\System\ynNQkrI.exe
  C:\Windows\System\ynNQkrI.exe
  2⤵
  PID:3588
- C:\Windows\System\uzbwOND.exe
  C:\Windows\System\uzbwOND.exe
  2⤵
  PID:3604
- C:\Windows\System\duPCZTM.exe
  C:\Windows\System\duPCZTM.exe
  2⤵
  PID:3620
- C:\Windows\System\PJlxvXF.exe
  C:\Windows\System\PJlxvXF.exe
  2⤵
  PID:3636
- C:\Windows\System\JnjXNAB.exe
  C:\Windows\System\JnjXNAB.exe
  2⤵
  PID:3664
- C:\Windows\System\IvmVBSv.exe
  C:\Windows\System\IvmVBSv.exe
  2⤵
  PID:3680
- C:\Windows\System\DGOPRUg.exe
  C:\Windows\System\DGOPRUg.exe
  2⤵
  PID:3704
- C:\Windows\System\pPTsysu.exe
  C:\Windows\System\pPTsysu.exe
  2⤵
  PID:3720
- C:\Windows\System\oGjZxOT.exe
  C:\Windows\System\oGjZxOT.exe
  2⤵
  PID:3744
- C:\Windows\System\NKENLNz.exe
  C:\Windows\System\NKENLNz.exe
  2⤵
  PID:3764
- C:\Windows\System\OVlzfoA.exe
  C:\Windows\System\OVlzfoA.exe
  2⤵
  PID:3784
- C:\Windows\System\DFYHqIy.exe
  C:\Windows\System\DFYHqIy.exe
  2⤵
  PID:3800
- C:\Windows\System\tesRuSJ.exe
  C:\Windows\System\tesRuSJ.exe
  2⤵
  PID:3816
- C:\Windows\System\PdAiveo.exe
  C:\Windows\System\PdAiveo.exe
  2⤵
  PID:3832
- C:\Windows\System\lTUBhWV.exe
  C:\Windows\System\lTUBhWV.exe
  2⤵
  PID:3848
- C:\Windows\System\wcHqSUC.exe
  C:\Windows\System\wcHqSUC.exe
  2⤵
  PID:3864
- C:\Windows\System\YiVgZuv.exe
  C:\Windows\System\YiVgZuv.exe
  2⤵
  PID:3880
- C:\Windows\System\KQvDvEs.exe
  C:\Windows\System\KQvDvEs.exe
  2⤵
  PID:3896
- C:\Windows\System\nqAWDrs.exe
  C:\Windows\System\nqAWDrs.exe
  2⤵
  PID:3912
- C:\Windows\System\DihoyLo.exe
  C:\Windows\System\DihoyLo.exe
  2⤵
  PID:3928
- C:\Windows\System\MlMqCFL.exe
  C:\Windows\System\MlMqCFL.exe
  2⤵
  PID:3964
- C:\Windows\System\RfQlasc.exe
  C:\Windows\System\RfQlasc.exe
  2⤵
  PID:3984
- C:\Windows\System\ZqdWqdr.exe
  C:\Windows\System\ZqdWqdr.exe
  2⤵
  PID:4004
- C:\Windows\System\WkCIAgw.exe
  C:\Windows\System\WkCIAgw.exe
  2⤵
  PID:4028
- C:\Windows\System\VZUCdol.exe
  C:\Windows\System\VZUCdol.exe
  2⤵
  PID:4048
- C:\Windows\System\lPEUGSw.exe
  C:\Windows\System\lPEUGSw.exe
  2⤵
  PID:4068
- C:\Windows\System\SiOyhUj.exe
  C:\Windows\System\SiOyhUj.exe
  2⤵
  PID:4088
- C:\Windows\System\gmDJLeB.exe
  C:\Windows\System\gmDJLeB.exe
  2⤵
  PID:1040
- C:\Windows\System\CbyHCCq.exe
  C:\Windows\System\CbyHCCq.exe
  2⤵
  PID:2596
- C:\Windows\System\walRzMq.exe
  C:\Windows\System\walRzMq.exe
  2⤵
  PID:2112
- C:\Windows\System\iNbBSDn.exe
  C:\Windows\System\iNbBSDn.exe
  2⤵
  PID:1644
- C:\Windows\System\pYlRBad.exe
  C:\Windows\System\pYlRBad.exe
  2⤵
  PID:3136
- C:\Windows\System\ngFNBRE.exe
  C:\Windows\System\ngFNBRE.exe
  2⤵
  PID:3140
- C:\Windows\System\wfjdxhA.exe
  C:\Windows\System\wfjdxhA.exe
  2⤵
  PID:3176
- C:\Windows\System\BBhvahF.exe
  C:\Windows\System\BBhvahF.exe
  2⤵
  PID:3112
- C:\Windows\System\BQknYZf.exe
  C:\Windows\System\BQknYZf.exe
  2⤵
  PID:3216
- C:\Windows\System\NYOSIvq.exe
  C:\Windows\System\NYOSIvq.exe
  2⤵
  PID:3284
- C:\Windows\System\QOathcV.exe
  C:\Windows\System\QOathcV.exe
  2⤵
  PID:3204
- C:\Windows\System\ePQqNaS.exe
  C:\Windows\System\ePQqNaS.exe
  2⤵
  PID:3196
- C:\Windows\System\ZWfXxzL.exe
  C:\Windows\System\ZWfXxzL.exe
  2⤵
  PID:3344
- C:\Windows\System\CDpYJNp.exe
  C:\Windows\System\CDpYJNp.exe
  2⤵
  PID:3420
- C:\Windows\System\lhmFILv.exe
  C:\Windows\System\lhmFILv.exe
  2⤵
  PID:3496
- C:\Windows\System\SfeqHAH.exe
  C:\Windows\System\SfeqHAH.exe
  2⤵
  PID:3564
- C:\Windows\System\NCeYvvE.exe
  C:\Windows\System\NCeYvvE.exe
  2⤵
  PID:3324
- C:\Windows\System\EKlFtKq.exe
  C:\Windows\System\EKlFtKq.exe
  2⤵
  PID:3632
- C:\Windows\System\RWPiwbJ.exe
  C:\Windows\System\RWPiwbJ.exe
  2⤵
  PID:3364
- C:\Windows\System\jyDTxgd.exe
  C:\Windows\System\jyDTxgd.exe
  2⤵
  PID:3756
- C:\Windows\System\nXZzXbU.exe
  C:\Windows\System\nXZzXbU.exe
  2⤵
  PID:3828
- C:\Windows\System\ikvCQlH.exe
  C:\Windows\System\ikvCQlH.exe
  2⤵
  PID:3356
- C:\Windows\System\KrDYWrQ.exe
  C:\Windows\System\KrDYWrQ.exe
  2⤵
  PID:3400
- C:\Windows\System\nOvgOWR.exe
  C:\Windows\System\nOvgOWR.exe
  2⤵
  PID:3980
- C:\Windows\System\ABUtbeN.exe
  C:\Windows\System\ABUtbeN.exe
  2⤵
  PID:3476
- C:\Windows\System\ohpOOby.exe
  C:\Windows\System\ohpOOby.exe
  2⤵
  PID:2456
- C:\Windows\System\QdvAehU.exe
  C:\Windows\System\QdvAehU.exe
  2⤵
  PID:3512
- C:\Windows\System\wEhPjsu.exe
  C:\Windows\System\wEhPjsu.exe
  2⤵
  PID:3548
- C:\Windows\System\yqdWUyX.exe
  C:\Windows\System\yqdWUyX.exe
  2⤵
  PID:3616
- C:\Windows\System\ANPavOj.exe
  C:\Windows\System\ANPavOj.exe
  2⤵
  PID:3648
- C:\Windows\System\KTttnsu.exe
  C:\Windows\System\KTttnsu.exe
  2⤵
  PID:3732
- C:\Windows\System\BpTOmmt.exe
  C:\Windows\System\BpTOmmt.exe
  2⤵
  PID:3688
- C:\Windows\System\OwYWyWl.exe
  C:\Windows\System\OwYWyWl.exe
  2⤵
  PID:3840
- C:\Windows\System\rCPLMFT.exe
  C:\Windows\System\rCPLMFT.exe
  2⤵
  PID:3908
- C:\Windows\System\SmADZAK.exe
  C:\Windows\System\SmADZAK.exe
  2⤵
  PID:3948
- C:\Windows\System\BTIcPFs.exe
  C:\Windows\System\BTIcPFs.exe
  2⤵
  PID:4036
- C:\Windows\System\DcDHHbG.exe
  C:\Windows\System\DcDHHbG.exe
  2⤵
  PID:4084
- C:\Windows\System\tGzKpND.exe
  C:\Windows\System\tGzKpND.exe
  2⤵
  PID:2844
- C:\Windows\System\JkidiCK.exe
  C:\Windows\System\JkidiCK.exe
  2⤵
  PID:3772
- C:\Windows\System\PYubVSz.exe
  C:\Windows\System\PYubVSz.exe
  2⤵
  PID:2704
- C:\Windows\System\kZBsOSw.exe
  C:\Windows\System\kZBsOSw.exe
  2⤵
  PID:1536
- C:\Windows\System\EjdWQgi.exe
  C:\Windows\System\EjdWQgi.exe
  2⤵
  PID:3116
- C:\Windows\System\hpQqhzX.exe
  C:\Windows\System\hpQqhzX.exe
  2⤵
  PID:3040
- C:\Windows\System\VOCJjXe.exe
  C:\Windows\System\VOCJjXe.exe
  2⤵
  PID:1528
- C:\Windows\System\FoSgmhB.exe
  C:\Windows\System\FoSgmhB.exe
  2⤵
  PID:3132
- C:\Windows\System\kErGzhB.exe
  C:\Windows\System\kErGzhB.exe
  2⤵
  PID:3464
- C:\Windows\System\CclEikv.exe
  C:\Windows\System\CclEikv.exe
  2⤵
  PID:3600
- C:\Windows\System\FGwomFB.exe
  C:\Windows\System\FGwomFB.exe
  2⤵
  PID:3280
- C:\Windows\System\EoTBYnk.exe
  C:\Windows\System\EoTBYnk.exe
  2⤵
  PID:3380
- C:\Windows\System\aCKpaPU.exe
  C:\Windows\System\aCKpaPU.exe
  2⤵
  PID:3920
- C:\Windows\System\PwyqnQM.exe
  C:\Windows\System\PwyqnQM.exe
  2⤵
  PID:3312
- C:\Windows\System\KkgUQra.exe
  C:\Windows\System\KkgUQra.exe
  2⤵
  PID:3860
- C:\Windows\System\viYLKSu.exe
  C:\Windows\System\viYLKSu.exe
  2⤵
  PID:3716
- C:\Windows\System\LZXaAEZ.exe
  C:\Windows\System\LZXaAEZ.exe
  2⤵
  PID:4016
- C:\Windows\System\vEUDIVb.exe
  C:\Windows\System\vEUDIVb.exe
  2⤵
  PID:3444
- C:\Windows\System\pgcnGSt.exe
  C:\Windows\System\pgcnGSt.exe
  2⤵
  PID:1992
- C:\Windows\System\wGDbZjU.exe
  C:\Windows\System\wGDbZjU.exe
  2⤵
  PID:2988
- C:\Windows\System\VpJFiml.exe
  C:\Windows\System\VpJFiml.exe
  2⤵
  PID:3740
- C:\Windows\System\yVqpkKy.exe
  C:\Windows\System\yVqpkKy.exe
  2⤵
  PID:3696
- C:\Windows\System\luTvUcx.exe
  C:\Windows\System\luTvUcx.exe
  2⤵
  PID:3944
- C:\Windows\System\yNWXrqK.exe
  C:\Windows\System\yNWXrqK.exe
  2⤵
  PID:4044
- C:\Windows\System\sLgcZix.exe
  C:\Windows\System\sLgcZix.exe
  2⤵
  PID:3960
- C:\Windows\System\yENIxDv.exe
  C:\Windows\System\yENIxDv.exe
  2⤵
  PID:1564
- C:\Windows\System\HfCgbzo.exe
  C:\Windows\System\HfCgbzo.exe
  2⤵
  PID:2448
- C:\Windows\System\cihgYeU.exe
  C:\Windows\System\cihgYeU.exe
  2⤵
  PID:2020
- C:\Windows\System\ZEZxuTK.exe
  C:\Windows\System\ZEZxuTK.exe
  2⤵
  PID:1652
- C:\Windows\System\CkuHkOz.exe
  C:\Windows\System\CkuHkOz.exe
  2⤵
  PID:3164
- C:\Windows\System\veWUjpN.exe
  C:\Windows\System\veWUjpN.exe
  2⤵
  PID:3096
- C:\Windows\System\oaHmZpk.exe
  C:\Windows\System\oaHmZpk.exe
  2⤵
  PID:3676
- C:\Windows\System\owtgsaa.exe
  C:\Windows\System\owtgsaa.exe
  2⤵
  PID:3316
- C:\Windows\System\gMLZEHF.exe
  C:\Windows\System\gMLZEHF.exe
  2⤵
  PID:2052
- C:\Windows\System\wpGppyK.exe
  C:\Windows\System\wpGppyK.exe
  2⤵
  PID:3340
- C:\Windows\System\uWbMbDe.exe
  C:\Windows\System\uWbMbDe.exe
  2⤵
  PID:1736
- C:\Windows\System\WuwmLbj.exe
  C:\Windows\System\WuwmLbj.exe
  2⤵
  PID:2980
- C:\Windows\System\HemDMMt.exe
  C:\Windows\System\HemDMMt.exe
  2⤵
  PID:4040
- C:\Windows\System\VIpzxIK.exe
  C:\Windows\System\VIpzxIK.exe
  2⤵
  PID:4012
- C:\Windows\System\cVgbkbK.exe
  C:\Windows\System\cVgbkbK.exe
  2⤵
  PID:2780
- C:\Windows\System\eJKHdAE.exe
  C:\Windows\System\eJKHdAE.exe
  2⤵
  PID:1708
- C:\Windows\System\tuOJYNQ.exe
  C:\Windows\System\tuOJYNQ.exe
  2⤵
  PID:3268
- C:\Windows\System\JwKenSK.exe
  C:\Windows\System\JwKenSK.exe
  2⤵
  PID:1808
- C:\Windows\System\yuCBHrg.exe
  C:\Windows\System\yuCBHrg.exe
  2⤵
  PID:2612
- C:\Windows\System\HTBFUeg.exe
  C:\Windows\System\HTBFUeg.exe
  2⤵
  PID:3672
- C:\Windows\System\tNdIMme.exe
  C:\Windows\System\tNdIMme.exe
  2⤵
  PID:3532
- C:\Windows\System\IejsQxT.exe
  C:\Windows\System\IejsQxT.exe
  2⤵
  PID:4064
- C:\Windows\System\KAOfUFV.exe
  C:\Windows\System\KAOfUFV.exe
  2⤵
  PID:3796
- C:\Windows\System\rsTMeaQ.exe
  C:\Windows\System\rsTMeaQ.exe
  2⤵
  PID:3760
- C:\Windows\System\cIZjclR.exe
  C:\Windows\System\cIZjclR.exe
  2⤵
  PID:3992
- C:\Windows\System\jetFUPO.exe
  C:\Windows\System\jetFUPO.exe
  2⤵
  PID:3736
- C:\Windows\System\zIyNuie.exe
  C:\Windows\System\zIyNuie.exe
  2⤵
  PID:4112
- C:\Windows\System\okmangE.exe
  C:\Windows\System\okmangE.exe
  2⤵
  PID:4128
- C:\Windows\System\vIcMIiu.exe
  C:\Windows\System\vIcMIiu.exe
  2⤵
  PID:4148
- C:\Windows\System\AUYXvtO.exe
  C:\Windows\System\AUYXvtO.exe
  2⤵
  PID:4168
- C:\Windows\System\YhwVpvM.exe
  C:\Windows\System\YhwVpvM.exe
  2⤵
  PID:4192
- C:\Windows\System\nTDUAAT.exe
  C:\Windows\System\nTDUAAT.exe
  2⤵
  PID:4208
- C:\Windows\System\DqmvhNi.exe
  C:\Windows\System\DqmvhNi.exe
  2⤵
  PID:4228
- C:\Windows\System\OLQiSOY.exe
  C:\Windows\System\OLQiSOY.exe
  2⤵
  PID:4248
- C:\Windows\System\nWrXUEr.exe
  C:\Windows\System\nWrXUEr.exe
  2⤵
  PID:4268
- C:\Windows\System\MfhlzMR.exe
  C:\Windows\System\MfhlzMR.exe
  2⤵
  PID:4284
- C:\Windows\System\tUycjvR.exe
  C:\Windows\System\tUycjvR.exe
  2⤵
  PID:4308
- C:\Windows\System\gUagcDX.exe
  C:\Windows\System\gUagcDX.exe
  2⤵
  PID:4328
- C:\Windows\System\XxxWLaz.exe
  C:\Windows\System\XxxWLaz.exe
  2⤵
  PID:4352
- C:\Windows\System\EwxuHtV.exe
  C:\Windows\System\EwxuHtV.exe
  2⤵
  PID:4368
- C:\Windows\System\SxsxveR.exe
  C:\Windows\System\SxsxveR.exe
  2⤵
  PID:4384
- C:\Windows\System\FRKlrFo.exe
  C:\Windows\System\FRKlrFo.exe
  2⤵
  PID:4404
- C:\Windows\System\UrDKIRI.exe
  C:\Windows\System\UrDKIRI.exe
  2⤵
  PID:4428
- C:\Windows\System\EwPvoTv.exe
  C:\Windows\System\EwPvoTv.exe
  2⤵
  PID:4444
- C:\Windows\System\WzWsnWm.exe
  C:\Windows\System\WzWsnWm.exe
  2⤵
  PID:4468
- C:\Windows\System\BIlWqrF.exe
  C:\Windows\System\BIlWqrF.exe
  2⤵
  PID:4488
- C:\Windows\System\RBGZQhE.exe
  C:\Windows\System\RBGZQhE.exe
  2⤵
  PID:4508
- C:\Windows\System\sGVzctZ.exe
  C:\Windows\System\sGVzctZ.exe
  2⤵
  PID:4528
- C:\Windows\System\hwJNWGU.exe
  C:\Windows\System\hwJNWGU.exe
  2⤵
  PID:4544
- C:\Windows\System\pugzbYS.exe
  C:\Windows\System\pugzbYS.exe
  2⤵
  PID:4568
- C:\Windows\System\zEtNjES.exe
  C:\Windows\System\zEtNjES.exe
  2⤵
  PID:4584
- C:\Windows\System\nNfMCFl.exe
  C:\Windows\System\nNfMCFl.exe
  2⤵
  PID:4600
- C:\Windows\System\iLRORJP.exe
  C:\Windows\System\iLRORJP.exe
  2⤵
  PID:4624
- C:\Windows\System\yTzaYwU.exe
  C:\Windows\System\yTzaYwU.exe
  2⤵
  PID:4656
- C:\Windows\System\aSJJldM.exe
  C:\Windows\System\aSJJldM.exe
  2⤵
  PID:4676
- C:\Windows\System\xzaZpYh.exe
  C:\Windows\System\xzaZpYh.exe
  2⤵
  PID:4692
- C:\Windows\System\ZBkhYcr.exe
  C:\Windows\System\ZBkhYcr.exe
  2⤵
  PID:4708
- C:\Windows\System\ONQQiqJ.exe
  C:\Windows\System\ONQQiqJ.exe
  2⤵
  PID:4728
- C:\Windows\System\WwQINbW.exe
  C:\Windows\System\WwQINbW.exe
  2⤵
  PID:4752
- C:\Windows\System\kiRCzOg.exe
  C:\Windows\System\kiRCzOg.exe
  2⤵
  PID:4768
- C:\Windows\System\bHZKtpk.exe
  C:\Windows\System\bHZKtpk.exe
  2⤵
  PID:4788
- C:\Windows\System\WLsOTLB.exe
  C:\Windows\System\WLsOTLB.exe
  2⤵
  PID:4812
- C:\Windows\System\eiuPnpL.exe
  C:\Windows\System\eiuPnpL.exe
  2⤵
  PID:4836
- C:\Windows\System\PshcDNX.exe
  C:\Windows\System\PshcDNX.exe
  2⤵
  PID:4856
- C:\Windows\System\SGuToQg.exe
  C:\Windows\System\SGuToQg.exe
  2⤵
  PID:4876
- C:\Windows\System\bMvykXc.exe
  C:\Windows\System\bMvykXc.exe
  2⤵
  PID:4896
- C:\Windows\System\XAvVsGh.exe
  C:\Windows\System\XAvVsGh.exe
  2⤵
  PID:4912
- C:\Windows\System\rVpzuMv.exe
  C:\Windows\System\rVpzuMv.exe
  2⤵
  PID:4932
- C:\Windows\System\xygdXWj.exe
  C:\Windows\System\xygdXWj.exe
  2⤵
  PID:4952
- C:\Windows\System\JaLNHPk.exe
  C:\Windows\System\JaLNHPk.exe
  2⤵
  PID:4972
- C:\Windows\System\EvREPib.exe
  C:\Windows\System\EvREPib.exe
  2⤵
  PID:4988
- C:\Windows\System\BsicVMX.exe
  C:\Windows\System\BsicVMX.exe
  2⤵
  PID:5004
- C:\Windows\System\bDfgeFH.exe
  C:\Windows\System\bDfgeFH.exe
  2⤵
  PID:5024
- C:\Windows\System\UkZoXEf.exe
  C:\Windows\System\UkZoXEf.exe
  2⤵
  PID:5044
- C:\Windows\System\lDtTlyL.exe
  C:\Windows\System\lDtTlyL.exe
  2⤵
  PID:5068
- C:\Windows\System\GKZBnWG.exe
  C:\Windows\System\GKZBnWG.exe
  2⤵
  PID:5088
- C:\Windows\System\adfdBVX.exe
  C:\Windows\System\adfdBVX.exe
  2⤵
  PID:5112
- C:\Windows\System\yOaHBAQ.exe
  C:\Windows\System\yOaHBAQ.exe
  2⤵
  PID:3776
- C:\Windows\System\aUXYJxj.exe
  C:\Windows\System\aUXYJxj.exe
  2⤵
  PID:3480
- C:\Windows\System\mbwOSZC.exe
  C:\Windows\System\mbwOSZC.exe
  2⤵
  PID:3012
- C:\Windows\System\bRSYgDh.exe
  C:\Windows\System\bRSYgDh.exe
  2⤵
  PID:1948
- C:\Windows\System\tAevaOc.exe
  C:\Windows\System\tAevaOc.exe
  2⤵
  PID:3752
- C:\Windows\System\TralcPV.exe
  C:\Windows\System\TralcPV.exe
  2⤵
  PID:3160
- C:\Windows\System\MjgXKRP.exe
  C:\Windows\System\MjgXKRP.exe
  2⤵
  PID:3552
- C:\Windows\System\QYhTbzm.exe
  C:\Windows\System\QYhTbzm.exe
  2⤵
  PID:4176
- C:\Windows\System\ysZnrOx.exe
  C:\Windows\System\ysZnrOx.exe
  2⤵
  PID:4216
- C:\Windows\System\dVMTcVF.exe
  C:\Windows\System\dVMTcVF.exe
  2⤵
  PID:4260
- C:\Windows\System\fosvGlw.exe
  C:\Windows\System\fosvGlw.exe
  2⤵
  PID:4204
- C:\Windows\System\XiLxfbU.exe
  C:\Windows\System\XiLxfbU.exe
  2⤵
  PID:4304
- C:\Windows\System\bxszQad.exe
  C:\Windows\System\bxszQad.exe
  2⤵
  PID:4376
- C:\Windows\System\RpPsppk.exe
  C:\Windows\System\RpPsppk.exe
  2⤵
  PID:4412
- C:\Windows\System\akaRXAw.exe
  C:\Windows\System\akaRXAw.exe
  2⤵
  PID:4464
- C:\Windows\System\nkdpcEz.exe
  C:\Windows\System\nkdpcEz.exe
  2⤵
  PID:4504
- C:\Windows\System\byXRcyM.exe
  C:\Windows\System\byXRcyM.exe
  2⤵
  PID:4400
- C:\Windows\System\iUTNthF.exe
  C:\Windows\System\iUTNthF.exe
  2⤵
  PID:4576
- C:\Windows\System\aQhlHkf.exe
  C:\Windows\System\aQhlHkf.exe
  2⤵
  PID:4440
- C:\Windows\System\JjSTYav.exe
  C:\Windows\System\JjSTYav.exe
  2⤵
  PID:4516
- C:\Windows\System\mvJrLmK.exe
  C:\Windows\System\mvJrLmK.exe
  2⤵
  PID:4616
- C:\Windows\System\LErkzyS.exe
  C:\Windows\System\LErkzyS.exe
  2⤵
  PID:4560
- C:\Windows\System\yiFShjd.exe
  C:\Windows\System\yiFShjd.exe
  2⤵
  PID:4632
- C:\Windows\System\zaFBUfO.exe
  C:\Windows\System\zaFBUfO.exe
  2⤵
  PID:4700
- C:\Windows\System\tGwjIVr.exe
  C:\Windows\System\tGwjIVr.exe
  2⤵
  PID:4748
- C:\Windows\System\XHoPufn.exe
  C:\Windows\System\XHoPufn.exe
  2⤵
  PID:4780
- C:\Windows\System\LmVOPKe.exe
  C:\Windows\System\LmVOPKe.exe
  2⤵
  PID:4828
- C:\Windows\System\NdBfHZO.exe
  C:\Windows\System\NdBfHZO.exe
  2⤵
  PID:4868
- C:\Windows\System\WynobHs.exe
  C:\Windows\System\WynobHs.exe
  2⤵
  PID:4944
- C:\Windows\System\SGZmiLZ.exe
  C:\Windows\System\SGZmiLZ.exe
  2⤵
  PID:4984
- C:\Windows\System\TSXXALy.exe
  C:\Windows\System\TSXXALy.exe
  2⤵
  PID:3440
- C:\Windows\System\gweSvmA.exe
  C:\Windows\System\gweSvmA.exe
  2⤵
  PID:5016
- C:\Windows\System\YfwpwhF.exe
  C:\Windows\System\YfwpwhF.exe
  2⤵
  PID:4884
- C:\Windows\System\JiQyMlN.exe
  C:\Windows\System\JiQyMlN.exe
  2⤵
  PID:4920
- C:\Windows\System\YYARXyp.exe
  C:\Windows\System\YYARXyp.exe
  2⤵
  PID:5104
- C:\Windows\System\PFsVyYX.exe
  C:\Windows\System\PFsVyYX.exe
  2⤵
  PID:4964
- C:\Windows\System\cWRGiEF.exe
  C:\Windows\System\cWRGiEF.exe
  2⤵
  PID:3956
- C:\Windows\System\UmWsOCZ.exe
  C:\Windows\System\UmWsOCZ.exe
  2⤵
  PID:3384
- C:\Windows\System\ldMlnqL.exe
  C:\Windows\System\ldMlnqL.exe
  2⤵
  PID:5040
- C:\Windows\System\mppvAGA.exe
  C:\Windows\System\mppvAGA.exe
  2⤵
  PID:4104
- C:\Windows\System\AkRirIH.exe
  C:\Windows\System\AkRirIH.exe
  2⤵
  PID:5084
- C:\Windows\System\FLDkxyJ.exe
  C:\Windows\System\FLDkxyJ.exe
  2⤵
  PID:3824
- C:\Windows\System\oolwUSx.exe
  C:\Windows\System\oolwUSx.exe
  2⤵
  PID:3536
- C:\Windows\System\iEeyVIM.exe
  C:\Windows\System\iEeyVIM.exe
  2⤵
  PID:4300
- C:\Windows\System\wSimpMZ.exe
  C:\Windows\System\wSimpMZ.exe
  2⤵
  PID:1544
- C:\Windows\System\TYlMEKg.exe
  C:\Windows\System\TYlMEKg.exe
  2⤵
  PID:3700
- C:\Windows\System\ZpJqUag.exe
  C:\Windows\System\ZpJqUag.exe
  2⤵
  PID:4188
- C:\Windows\System\RkJHgGN.exe
  C:\Windows\System\RkJHgGN.exe
  2⤵
  PID:4496
- C:\Windows\System\KiIUaWB.exe
  C:\Windows\System\KiIUaWB.exe
  2⤵
  PID:4164
- C:\Windows\System\XXYjSyj.exe
  C:\Windows\System\XXYjSyj.exe
  2⤵
  PID:4424
- C:\Windows\System\GNDscmU.exe
  C:\Windows\System\GNDscmU.exe
  2⤵
  PID:4460
- C:\Windows\System\cyakLBd.exe
  C:\Windows\System\cyakLBd.exe
  2⤵
  PID:4484
- C:\Windows\System\oheJrkA.exe
  C:\Windows\System\oheJrkA.exe
  2⤵
  PID:4556
- C:\Windows\System\PrnoxxP.exe
  C:\Windows\System\PrnoxxP.exe
  2⤵
  PID:1572
- C:\Windows\System\zxTXrVF.exe
  C:\Windows\System\zxTXrVF.exe
  2⤵
  PID:4620
- C:\Windows\System\wYIlljv.exe
  C:\Windows\System\wYIlljv.exe
  2⤵
  PID:4608
- C:\Windows\System\RLQFzMw.exe
  C:\Windows\System\RLQFzMw.exe
  2⤵
  PID:4596
- C:\Windows\System\sgpWqMQ.exe
  C:\Windows\System\sgpWqMQ.exe
  2⤵
  PID:4764
- C:\Windows\System\qsoUtEQ.exe
  C:\Windows\System\qsoUtEQ.exe
  2⤵
  PID:4720
- C:\Windows\System\DLJyFmf.exe
  C:\Windows\System\DLJyFmf.exe
  2⤵
  PID:4800
- C:\Windows\System\UntfKwT.exe
  C:\Windows\System\UntfKwT.exe
  2⤵
  PID:5020
- C:\Windows\System\eFiMYUA.exe
  C:\Windows\System\eFiMYUA.exe
  2⤵
  PID:4832
- C:\Windows\System\UMaeHhF.exe
  C:\Windows\System\UMaeHhF.exe
  2⤵
  PID:4948
- C:\Windows\System\uUaXtxt.exe
  C:\Windows\System\uUaXtxt.exe
  2⤵
  PID:4808
- C:\Windows\System\meCOmty.exe
  C:\Windows\System\meCOmty.exe
  2⤵
  PID:2936
- C:\Windows\System\EOLqBlU.exe
  C:\Windows\System\EOLqBlU.exe
  2⤵
  PID:5096
- C:\Windows\System\qZIiWYP.exe
  C:\Windows\System\qZIiWYP.exe
  2⤵
  PID:4124
- C:\Windows\System\YRlFAZE.exe
  C:\Windows\System\YRlFAZE.exe
  2⤵
  PID:5036
- C:\Windows\System\orQYWzx.exe
  C:\Windows\System\orQYWzx.exe
  2⤵
  PID:2904
- C:\Windows\System\RGEPRuX.exe
  C:\Windows\System\RGEPRuX.exe
  2⤵
  PID:4256
- C:\Windows\System\AkazZjI.exe
  C:\Windows\System\AkazZjI.exe
  2⤵
  PID:4456
- C:\Windows\System\YSBrsyp.exe
  C:\Windows\System\YSBrsyp.exe
  2⤵
  PID:4536
- C:\Windows\System\HgnUnGl.exe
  C:\Windows\System\HgnUnGl.exe
  2⤵
  PID:4392
- C:\Windows\System\QZfchGw.exe
  C:\Windows\System\QZfchGw.exe
  2⤵
  PID:2412
- C:\Windows\System\ozWTEak.exe
  C:\Windows\System\ozWTEak.exe
  2⤵
  PID:4668
- C:\Windows\System\VhztGQr.exe
  C:\Windows\System\VhztGQr.exe
  2⤵
  PID:4652
- C:\Windows\System\bkUNurg.exe
  C:\Windows\System\bkUNurg.exe
  2⤵
  PID:4684
- C:\Windows\System\sYXtVsS.exe
  C:\Windows\System\sYXtVsS.exe
  2⤵
  PID:4744
- C:\Windows\System\yeRCUAt.exe
  C:\Windows\System\yeRCUAt.exe
  2⤵
  PID:4740
- C:\Windows\System\ifgrSHU.exe
  C:\Windows\System\ifgrSHU.exe
  2⤵
  PID:1748
- C:\Windows\System\EKAOAHP.exe
  C:\Windows\System\EKAOAHP.exe
  2⤵
  PID:5060
- C:\Windows\System\UKHuvtJ.exe
  C:\Windows\System\UKHuvtJ.exe
  2⤵
  PID:5064
- C:\Windows\System\VoUgFee.exe
  C:\Windows\System\VoUgFee.exe
  2⤵
  PID:4244
- C:\Windows\System\WiaifOZ.exe
  C:\Windows\System\WiaifOZ.exe
  2⤵
  PID:3148
- C:\Windows\System\PUsxfZr.exe
  C:\Windows\System\PUsxfZr.exe
  2⤵
  PID:4476
- C:\Windows\System\FNRGuXe.exe
  C:\Windows\System\FNRGuXe.exe
  2⤵
  PID:1628
- C:\Windows\System\HOxxMip.exe
  C:\Windows\System\HOxxMip.exe
  2⤵
  PID:4552
- C:\Windows\System\aHJmOZA.exe
  C:\Windows\System\aHJmOZA.exe
  2⤵
  PID:4960
- C:\Windows\System\tOQswWY.exe
  C:\Windows\System\tOQswWY.exe
  2⤵
  PID:2360
- C:\Windows\System\HYQHLWq.exe
  C:\Windows\System\HYQHLWq.exe
  2⤵
  PID:5132
- C:\Windows\System\WTdvuFa.exe
  C:\Windows\System\WTdvuFa.exe
  2⤵
  PID:5148
- C:\Windows\System\HKBksgk.exe
  C:\Windows\System\HKBksgk.exe
  2⤵
  PID:5164
- C:\Windows\System\AvpjmqI.exe
  C:\Windows\System\AvpjmqI.exe
  2⤵
  PID:5180
- C:\Windows\System\nfyNpFb.exe
  C:\Windows\System\nfyNpFb.exe
  2⤵
  PID:5196
- C:\Windows\System\UeLmMRC.exe
  C:\Windows\System\UeLmMRC.exe
  2⤵
  PID:5212
- C:\Windows\System\RpTpmoZ.exe
  C:\Windows\System\RpTpmoZ.exe
  2⤵
  PID:5228
- C:\Windows\System\wgdvHsX.exe
  C:\Windows\System\wgdvHsX.exe
  2⤵
  PID:5244
- C:\Windows\System\KiWTnke.exe
  C:\Windows\System\KiWTnke.exe
  2⤵
  PID:5260
- C:\Windows\System\pSwXMxw.exe
  C:\Windows\System\pSwXMxw.exe
  2⤵
  PID:5276
- C:\Windows\System\eYfTmpS.exe
  C:\Windows\System\eYfTmpS.exe
  2⤵
  PID:5292
- C:\Windows\System\oRXBguI.exe
  C:\Windows\System\oRXBguI.exe
  2⤵
  PID:5308
- C:\Windows\System\cSSZlrC.exe
  C:\Windows\System\cSSZlrC.exe
  2⤵
  PID:5324
- C:\Windows\System\tznBAGq.exe
  C:\Windows\System\tznBAGq.exe
  2⤵
  PID:5340
- C:\Windows\System\WfeNGyJ.exe
  C:\Windows\System\WfeNGyJ.exe
  2⤵
  PID:5356
- C:\Windows\System\QHWBnAv.exe
  C:\Windows\System\QHWBnAv.exe
  2⤵
  PID:5372
- C:\Windows\System\gvTLDgO.exe
  C:\Windows\System\gvTLDgO.exe
  2⤵
  PID:5388
- C:\Windows\System\IauQNlM.exe
  C:\Windows\System\IauQNlM.exe
  2⤵
  PID:5404
- C:\Windows\System\phgWiHS.exe
  C:\Windows\System\phgWiHS.exe
  2⤵
  PID:5420
- C:\Windows\System\afsciPH.exe
  C:\Windows\System\afsciPH.exe
  2⤵
  PID:5436
- C:\Windows\System\xtwrIoX.exe
  C:\Windows\System\xtwrIoX.exe
  2⤵
  PID:5452
- C:\Windows\System\IezNJyS.exe
  C:\Windows\System\IezNJyS.exe
  2⤵
  PID:5468
- C:\Windows\System\eNOKRYh.exe
  C:\Windows\System\eNOKRYh.exe
  2⤵
  PID:5484
- C:\Windows\System\EqDZMgD.exe
  C:\Windows\System\EqDZMgD.exe
  2⤵
  PID:5500
- C:\Windows\System\TbPATdK.exe
  C:\Windows\System\TbPATdK.exe
  2⤵
  PID:5516
- C:\Windows\System\GxGgqpF.exe
  C:\Windows\System\GxGgqpF.exe
  2⤵
  PID:5532
- C:\Windows\System\oXFcOVM.exe
  C:\Windows\System\oXFcOVM.exe
  2⤵
  PID:5548
- C:\Windows\System\YdBdkoG.exe
  C:\Windows\System\YdBdkoG.exe
  2⤵
  PID:5564
- C:\Windows\System\CtjaioN.exe
  C:\Windows\System\CtjaioN.exe
  2⤵
  PID:5580
- C:\Windows\System\QqgpUOJ.exe
  C:\Windows\System\QqgpUOJ.exe
  2⤵
  PID:5596
- C:\Windows\System\XBwxAWZ.exe
  C:\Windows\System\XBwxAWZ.exe
  2⤵
  PID:5612
- C:\Windows\System\QCUUwBu.exe
  C:\Windows\System\QCUUwBu.exe
  2⤵
  PID:5628
- C:\Windows\System\ptOSkLc.exe
  C:\Windows\System\ptOSkLc.exe
  2⤵
  PID:5644
- C:\Windows\System\HbjZveI.exe
  C:\Windows\System\HbjZveI.exe
  2⤵
  PID:5660
- C:\Windows\System\dRPmQvb.exe
  C:\Windows\System\dRPmQvb.exe
  2⤵
  PID:5676
- C:\Windows\System\kCWqEyO.exe
  C:\Windows\System\kCWqEyO.exe
  2⤵
  PID:5696
- C:\Windows\System\tVLZexX.exe
  C:\Windows\System\tVLZexX.exe
  2⤵
  PID:5712
- C:\Windows\System\DTtHDMm.exe
  C:\Windows\System\DTtHDMm.exe
  2⤵
  PID:5728
- C:\Windows\System\pfxXGVK.exe
  C:\Windows\System\pfxXGVK.exe
  2⤵
  PID:5744
- C:\Windows\System\roNzzZe.exe
  C:\Windows\System\roNzzZe.exe
  2⤵
  PID:5760
- C:\Windows\System\vhMgCmI.exe
  C:\Windows\System\vhMgCmI.exe
  2⤵
  PID:5776
- C:\Windows\System\byoztAb.exe
  C:\Windows\System\byoztAb.exe
  2⤵
  PID:5792
- C:\Windows\System\ePvxkys.exe
  C:\Windows\System\ePvxkys.exe
  2⤵
  PID:5808
- C:\Windows\System\oPXOVxK.exe
  C:\Windows\System\oPXOVxK.exe
  2⤵
  PID:5824
- C:\Windows\System\NvqsuAW.exe
  C:\Windows\System\NvqsuAW.exe
  2⤵
  PID:5840
- C:\Windows\System\tyvnsiV.exe
  C:\Windows\System\tyvnsiV.exe
  2⤵
  PID:5856
- C:\Windows\System\cQrrnyg.exe
  C:\Windows\System\cQrrnyg.exe
  2⤵
  PID:5872
- C:\Windows\System\KpoRuaW.exe
  C:\Windows\System\KpoRuaW.exe
  2⤵
  PID:5888
- C:\Windows\System\shXxkyb.exe
  C:\Windows\System\shXxkyb.exe
  2⤵
  PID:5904
- C:\Windows\System\iCyTksW.exe
  C:\Windows\System\iCyTksW.exe
  2⤵
  PID:5920
- C:\Windows\System\tvzopRQ.exe
  C:\Windows\System\tvzopRQ.exe
  2⤵
  PID:5936
- C:\Windows\System\rieMmdi.exe
  C:\Windows\System\rieMmdi.exe
  2⤵
  PID:5952
- C:\Windows\System\KwedteW.exe
  C:\Windows\System\KwedteW.exe
  2⤵
  PID:5968
- C:\Windows\System\EBzatAL.exe
  C:\Windows\System\EBzatAL.exe
  2⤵
  PID:5984
- C:\Windows\System\OtrGWpv.exe
  C:\Windows\System\OtrGWpv.exe
  2⤵
  PID:6000
- C:\Windows\System\bfdGFHv.exe
  C:\Windows\System\bfdGFHv.exe
  2⤵
  PID:6016
- C:\Windows\System\LMwbPSL.exe
  C:\Windows\System\LMwbPSL.exe
  2⤵
  PID:6032
- C:\Windows\System\tIUCROs.exe
  C:\Windows\System\tIUCROs.exe
  2⤵
  PID:6048
- C:\Windows\System\tuArWKI.exe
  C:\Windows\System\tuArWKI.exe
  2⤵
  PID:6064
- C:\Windows\System\kkRfaRH.exe
  C:\Windows\System\kkRfaRH.exe
  2⤵
  PID:6080
- C:\Windows\System\IHSYtbw.exe
  C:\Windows\System\IHSYtbw.exe
  2⤵
  PID:6096
- C:\Windows\System\OIMLbsL.exe
  C:\Windows\System\OIMLbsL.exe
  2⤵
  PID:6112
- C:\Windows\System\JgOdnxM.exe
  C:\Windows\System\JgOdnxM.exe
  2⤵
  PID:6128
- C:\Windows\System\yIoYBLW.exe
  C:\Windows\System\yIoYBLW.exe
  2⤵
  PID:2640
- C:\Windows\System\klJFanI.exe
  C:\Windows\System\klJFanI.exe
  2⤵
  PID:4940
- C:\Windows\System\VwXcLpJ.exe
  C:\Windows\System\VwXcLpJ.exe
  2⤵
  PID:4144
- C:\Windows\System\jVQbBjT.exe
  C:\Windows\System\jVQbBjT.exe
  2⤵
  PID:2744
- C:\Windows\System\qvVvnSW.exe
  C:\Windows\System\qvVvnSW.exe
  2⤵
  PID:4688
- C:\Windows\System\BeebMqv.exe
  C:\Windows\System\BeebMqv.exe
  2⤵
  PID:4480
- C:\Windows\System\DIOAgUE.exe
  C:\Windows\System\DIOAgUE.exe
  2⤵
  PID:5188
- C:\Windows\System\TaFFece.exe
  C:\Windows\System\TaFFece.exe
  2⤵
  PID:5176
- C:\Windows\System\bHyIaat.exe
  C:\Windows\System\bHyIaat.exe
  2⤵
  PID:5204
- C:\Windows\System\qKuiPAR.exe
  C:\Windows\System\qKuiPAR.exe
  2⤵
  PID:5236
- C:\Windows\System\xrNOcaa.exe
  C:\Windows\System\xrNOcaa.exe
  2⤵
  PID:5288
- C:\Windows\System\YlQUmiG.exe
  C:\Windows\System\YlQUmiG.exe
  2⤵
  PID:5300
- C:\Windows\System\METuYlC.exe
  C:\Windows\System\METuYlC.exe
  2⤵
  PID:5336
- C:\Windows\System\xgBKgPf.exe
  C:\Windows\System\xgBKgPf.exe
  2⤵
  PID:5368
- C:\Windows\System\fWeMgaq.exe
  C:\Windows\System\fWeMgaq.exe
  2⤵
  PID:5396
- C:\Windows\System\upEgnHl.exe
  C:\Windows\System\upEgnHl.exe
  2⤵
  PID:5444
- C:\Windows\System\WHrTacg.exe
  C:\Windows\System\WHrTacg.exe
  2⤵
  PID:5460
- C:\Windows\System\DGXGMAS.exe
  C:\Windows\System\DGXGMAS.exe
  2⤵
  PID:5464
- C:\Windows\System\DWgsUey.exe
  C:\Windows\System\DWgsUey.exe
  2⤵
  PID:5492
- C:\Windows\System\OjGwvCC.exe
  C:\Windows\System\OjGwvCC.exe
  2⤵
  PID:5544
- C:\Windows\System\kbEPZgk.exe
  C:\Windows\System\kbEPZgk.exe
  2⤵
  PID:5576
- C:\Windows\System\uEfIMXY.exe
  C:\Windows\System\uEfIMXY.exe
  2⤵
  PID:5640
- C:\Windows\System\mAtSidE.exe
  C:\Windows\System\mAtSidE.exe
  2⤵
  PID:5588
- C:\Windows\System\gRAQsFU.exe
  C:\Windows\System\gRAQsFU.exe
  2⤵
  PID:5624
- C:\Windows\System\RIWsTWx.exe
  C:\Windows\System\RIWsTWx.exe
  2⤵
  PID:1272
- C:\Windows\System\APHqOZc.exe
  C:\Windows\System\APHqOZc.exe
  2⤵
  PID:5740
- C:\Windows\System\VRTWndJ.exe
  C:\Windows\System\VRTWndJ.exe
  2⤵
  PID:5720
- C:\Windows\System\WvoTNtj.exe
  C:\Windows\System\WvoTNtj.exe
  2⤵
  PID:2420
- C:\Windows\System\BJyCjtg.exe
  C:\Windows\System\BJyCjtg.exe
  2⤵
  PID:5724
- C:\Windows\System\fsSLHKd.exe
  C:\Windows\System\fsSLHKd.exe
  2⤵
  PID:5804
- C:\Windows\System\UVczdOR.exe
  C:\Windows\System\UVczdOR.exe
  2⤵
  PID:5832
- C:\Windows\System\CdCFqOP.exe
  C:\Windows\System\CdCFqOP.exe
  2⤵
  PID:960
- C:\Windows\System\YPThIqw.exe
  C:\Windows\System\YPThIqw.exe
  2⤵
  PID:5852
- C:\Windows\System\pmjlEZQ.exe
  C:\Windows\System\pmjlEZQ.exe
  2⤵
  PID:540
- C:\Windows\System\EKgXGxP.exe
  C:\Windows\System\EKgXGxP.exe
  2⤵
  PID:1640
- C:\Windows\System\aZAlbYF.exe
  C:\Windows\System\aZAlbYF.exe
  2⤵
  PID:5932
- C:\Windows\System\QIgGruE.exe
  C:\Windows\System\QIgGruE.exe
  2⤵
  PID:5964
- C:\Windows\System\OeijNvb.exe
  C:\Windows\System\OeijNvb.exe
  2⤵
  PID:6024
- C:\Windows\System\BPglbug.exe
  C:\Windows\System\BPglbug.exe
  2⤵
  PID:6012
- C:\Windows\System\dNKjiQa.exe
  C:\Windows\System\dNKjiQa.exe
  2⤵
  PID:6008
- C:\Windows\System\PkYnsFH.exe
  C:\Windows\System\PkYnsFH.exe
  2⤵
  PID:6092
- C:\Windows\System\dSXWSRg.exe
  C:\Windows\System\dSXWSRg.exe
  2⤵
  PID:6124
- C:\Windows\System\vvCcptf.exe
  C:\Windows\System\vvCcptf.exe
  2⤵
  PID:6140
- C:\Windows\System\jCwfMrp.exe
  C:\Windows\System\jCwfMrp.exe
  2⤵
  PID:4140
- C:\Windows\System\MFbxBut.exe
  C:\Windows\System\MFbxBut.exe
  2⤵
  PID:4848
- C:\Windows\System\rxmrDHe.exe
  C:\Windows\System\rxmrDHe.exe
  2⤵
  PID:5140
- C:\Windows\System\MynFKgA.exe
  C:\Windows\System\MynFKgA.exe
  2⤵
  PID:5224
- C:\Windows\System\IWWkAYl.exe
  C:\Windows\System\IWWkAYl.exe
  2⤵
  PID:2536
- C:\Windows\System\AQXQKOP.exe
  C:\Windows\System\AQXQKOP.exe
  2⤵
  PID:5380
- C:\Windows\System\vUYbGmw.exe
  C:\Windows\System\vUYbGmw.exe
  2⤵
  PID:5412
- C:\Windows\System\fBWXeXw.exe
  C:\Windows\System\fBWXeXw.exe
  2⤵
  PID:5480
- C:\Windows\System\IaFBIxm.exe
  C:\Windows\System\IaFBIxm.exe
  2⤵
  PID:5524
- C:\Windows\System\bYYrMFL.exe
  C:\Windows\System\bYYrMFL.exe
  2⤵
  PID:5608
- C:\Windows\System\GeMAUlQ.exe
  C:\Windows\System\GeMAUlQ.exe
  2⤵
  PID:5560
- C:\Windows\System\xihUary.exe
  C:\Windows\System\xihUary.exe
  2⤵
  PID:2132
- C:\Windows\System\NgktcAG.exe
  C:\Windows\System\NgktcAG.exe
  2⤵
  PID:5652
- C:\Windows\System\ICNFynh.exe
  C:\Windows\System\ICNFynh.exe
  2⤵
  PID:5784
- C:\Windows\System\difgNSt.exe
  C:\Windows\System\difgNSt.exe
  2⤵
  PID:2664
- C:\Windows\System\gIhSabO.exe
  C:\Windows\System\gIhSabO.exe
  2⤵
  PID:2588
- C:\Windows\System\fASDmCp.exe
  C:\Windows\System\fASDmCp.exe
  2⤵
  PID:5896
- C:\Windows\System\xoyCqTu.exe
  C:\Windows\System\xoyCqTu.exe
  2⤵
  PID:5916
- C:\Windows\System\qDPckQW.exe
  C:\Windows\System\qDPckQW.exe
  2⤵
  PID:5976
- C:\Windows\System\voiklKq.exe
  C:\Windows\System\voiklKq.exe
  2⤵
  PID:6040
- C:\Windows\System\QokYaOf.exe
  C:\Windows\System\QokYaOf.exe
  2⤵
  PID:6072
- C:\Windows\System\OLeXuzl.exe
  C:\Windows\System\OLeXuzl.exe
  2⤵
  PID:4324
- C:\Windows\System\wxoPfRp.exe
  C:\Windows\System\wxoPfRp.exe
  2⤵
  PID:2252
- C:\Windows\System\wwCmqbg.exe
  C:\Windows\System\wwCmqbg.exe
  2⤵
  PID:5128
- C:\Windows\System\wRfSaij.exe
  C:\Windows\System\wRfSaij.exe
  2⤵
  PID:2184
- C:\Windows\System\dficxEo.exe
  C:\Windows\System\dficxEo.exe
  2⤵
  PID:2120
- C:\Windows\System\VGpHmPP.exe
  C:\Windows\System\VGpHmPP.exe
  2⤵
  PID:5316
- C:\Windows\System\QUUgIeS.exe
  C:\Windows\System\QUUgIeS.exe
  2⤵
  PID:5304
- C:\Windows\System\diEZFpJ.exe
  C:\Windows\System\diEZFpJ.exe
  2⤵
  PID:5636
- C:\Windows\System\IDKnhzF.exe
  C:\Windows\System\IDKnhzF.exe
  2⤵
  PID:5656
- C:\Windows\System\LerNeNA.exe
  C:\Windows\System\LerNeNA.exe
  2⤵
  PID:5996
- C:\Windows\System\qkTqZRn.exe
  C:\Windows\System\qkTqZRn.exe
  2⤵
  PID:2036
- C:\Windows\System\TrBEyfo.exe
  C:\Windows\System\TrBEyfo.exe
  2⤵
  PID:5540
- C:\Windows\System\YTzHhPX.exe
  C:\Windows\System\YTzHhPX.exe
  2⤵
  PID:5692
- C:\Windows\System\QzvYDDm.exe
  C:\Windows\System\QzvYDDm.exe
  2⤵
  PID:5928
- C:\Windows\System\AvkZZaP.exe
  C:\Windows\System\AvkZZaP.exe
  2⤵
  PID:3044
- C:\Windows\System\eCMvJaE.exe
  C:\Windows\System\eCMvJaE.exe
  2⤵
  PID:6136
- C:\Windows\System\LEyfOHz.exe
  C:\Windows\System\LEyfOHz.exe
  2⤵
  PID:1660
- C:\Windows\System\zyRfLll.exe
  C:\Windows\System\zyRfLll.exe
  2⤵
  PID:4540
- C:\Windows\System\mnQBSgo.exe
  C:\Windows\System\mnQBSgo.exe
  2⤵
  PID:2564
- C:\Windows\System\aTOZUkC.exe
  C:\Windows\System\aTOZUkC.exe
  2⤵
  PID:5864
- C:\Windows\System\qnJzzrV.exe
  C:\Windows\System\qnJzzrV.exe
  2⤵
  PID:5736
- C:\Windows\System\JxRQDNl.exe
  C:\Windows\System\JxRQDNl.exe
  2⤵
  PID:1364
- C:\Windows\System\ZYmivkM.exe
  C:\Windows\System\ZYmivkM.exe
  2⤵
  PID:5836
- C:\Windows\System\SlwkdKC.exe
  C:\Windows\System\SlwkdKC.exe
  2⤵
  PID:484
- C:\Windows\System\zwHSuoh.exe
  C:\Windows\System\zwHSuoh.exe
  2⤵
  PID:5284
- C:\Windows\System\oiMInzy.exe
  C:\Windows\System\oiMInzy.exe
  2⤵
  PID:6148
- C:\Windows\System\lxoMuPs.exe
  C:\Windows\System\lxoMuPs.exe
  2⤵
  PID:6164
- C:\Windows\System\XvpJIdM.exe
  C:\Windows\System\XvpJIdM.exe
  2⤵
  PID:6180
- C:\Windows\System\OtErFDs.exe
  C:\Windows\System\OtErFDs.exe
  2⤵
  PID:6196
- C:\Windows\System\agsbUgv.exe
  C:\Windows\System\agsbUgv.exe
  2⤵
  PID:6212
- C:\Windows\System\ulIeRZm.exe
  C:\Windows\System\ulIeRZm.exe
  2⤵
  PID:6228
- C:\Windows\System\htxbSls.exe
  C:\Windows\System\htxbSls.exe
  2⤵
  PID:6244
- C:\Windows\System\vlFphKA.exe
  C:\Windows\System\vlFphKA.exe
  2⤵
  PID:6260
- C:\Windows\System\RqmibUj.exe
  C:\Windows\System\RqmibUj.exe
  2⤵
  PID:6276
- C:\Windows\System\WApdAet.exe
  C:\Windows\System\WApdAet.exe
  2⤵
  PID:6292
- C:\Windows\System\JmQmWsv.exe
  C:\Windows\System\JmQmWsv.exe
  2⤵
  PID:6308
- C:\Windows\System\kWzjJve.exe
  C:\Windows\System\kWzjJve.exe
  2⤵
  PID:6324
- C:\Windows\System\yRxRMjg.exe
  C:\Windows\System\yRxRMjg.exe
  2⤵
  PID:6340
- C:\Windows\System\tpVnzUX.exe
  C:\Windows\System\tpVnzUX.exe
  2⤵
  PID:6356
- C:\Windows\System\dTfXEIl.exe
  C:\Windows\System\dTfXEIl.exe
  2⤵
  PID:6372
- C:\Windows\System\FJJdpdd.exe
  C:\Windows\System\FJJdpdd.exe
  2⤵
  PID:6388
- C:\Windows\System\gUmlTFa.exe
  C:\Windows\System\gUmlTFa.exe
  2⤵
  PID:6404
- C:\Windows\System\QERDLVi.exe
  C:\Windows\System\QERDLVi.exe
  2⤵
  PID:6420
- C:\Windows\System\CwYkNPz.exe
  C:\Windows\System\CwYkNPz.exe
  2⤵
  PID:6436
- C:\Windows\System\sgQEIsf.exe
  C:\Windows\System\sgQEIsf.exe
  2⤵
  PID:6452
- C:\Windows\System\EVCtQJM.exe
  C:\Windows\System\EVCtQJM.exe
  2⤵
  PID:6468
- C:\Windows\System\qoDtNNE.exe
  C:\Windows\System\qoDtNNE.exe
  2⤵
  PID:6484
- C:\Windows\System\UzmRAkq.exe
  C:\Windows\System\UzmRAkq.exe
  2⤵
  PID:6500
- C:\Windows\System\LUihmZa.exe
  C:\Windows\System\LUihmZa.exe
  2⤵
  PID:6516
- C:\Windows\System\qzyxytd.exe
  C:\Windows\System\qzyxytd.exe
  2⤵
  PID:6532
- C:\Windows\System\kXYdvAx.exe
  C:\Windows\System\kXYdvAx.exe
  2⤵
  PID:6548
- C:\Windows\System\UqndXKV.exe
  C:\Windows\System\UqndXKV.exe
  2⤵
  PID:6564
- C:\Windows\System\fmzXlaT.exe
  C:\Windows\System\fmzXlaT.exe
  2⤵
  PID:6580
- C:\Windows\System\sliFoSu.exe
  C:\Windows\System\sliFoSu.exe
  2⤵
  PID:6596
- C:\Windows\System\DJhVLeC.exe
  C:\Windows\System\DJhVLeC.exe
  2⤵
  PID:6612
- C:\Windows\System\xeSZEYM.exe
  C:\Windows\System\xeSZEYM.exe
  2⤵
  PID:6628
- C:\Windows\System\cqYyvCf.exe
  C:\Windows\System\cqYyvCf.exe
  2⤵
  PID:6644
- C:\Windows\System\YHHHNez.exe
  C:\Windows\System\YHHHNez.exe
  2⤵
  PID:6660
- C:\Windows\System\QsHiCxO.exe
  C:\Windows\System\QsHiCxO.exe
  2⤵
  PID:6676
- C:\Windows\System\qgvKttq.exe
  C:\Windows\System\qgvKttq.exe
  2⤵
  PID:6692
- C:\Windows\System\afYRcCU.exe
  C:\Windows\System\afYRcCU.exe
  2⤵
  PID:6708
- C:\Windows\System\mwufvoO.exe
  C:\Windows\System\mwufvoO.exe
  2⤵
  PID:6724
- C:\Windows\System\SpDDELK.exe
  C:\Windows\System\SpDDELK.exe
  2⤵
  PID:6740
- C:\Windows\System\jkLnOJt.exe
  C:\Windows\System\jkLnOJt.exe
  2⤵
  PID:6756
- C:\Windows\System\sUscKXV.exe
  C:\Windows\System\sUscKXV.exe
  2⤵
  PID:6772
- C:\Windows\System\xpvimhR.exe
  C:\Windows\System\xpvimhR.exe
  2⤵
  PID:6788
- C:\Windows\System\QRqoejF.exe
  C:\Windows\System\QRqoejF.exe
  2⤵
  PID:6804
- C:\Windows\System\InQuzQp.exe
  C:\Windows\System\InQuzQp.exe
  2⤵
  PID:6820
- C:\Windows\System\vTXxKAR.exe
  C:\Windows\System\vTXxKAR.exe
  2⤵
  PID:6836
- C:\Windows\System\ATfOpMo.exe
  C:\Windows\System\ATfOpMo.exe
  2⤵
  PID:6852
- C:\Windows\System\zZubYEN.exe
  C:\Windows\System\zZubYEN.exe
  2⤵
  PID:6868
- C:\Windows\System\iWQiKsE.exe
  C:\Windows\System\iWQiKsE.exe
  2⤵
  PID:6884
- C:\Windows\System\mhpJYJN.exe
  C:\Windows\System\mhpJYJN.exe
  2⤵
  PID:6900
- C:\Windows\System\YJVoHoS.exe
  C:\Windows\System\YJVoHoS.exe
  2⤵
  PID:6916
- C:\Windows\System\WkzGYFn.exe
  C:\Windows\System\WkzGYFn.exe
  2⤵
  PID:6932
- C:\Windows\System\FXBffLz.exe
  C:\Windows\System\FXBffLz.exe
  2⤵
  PID:6952
- C:\Windows\System\YpdIxJn.exe
  C:\Windows\System\YpdIxJn.exe
  2⤵
  PID:6968
- C:\Windows\System\GUYmeri.exe
  C:\Windows\System\GUYmeri.exe
  2⤵
  PID:6984
- C:\Windows\System\vBUlalZ.exe
  C:\Windows\System\vBUlalZ.exe
  2⤵
  PID:7000
- C:\Windows\System\aXMuJGC.exe
  C:\Windows\System\aXMuJGC.exe
  2⤵
  PID:7016
- C:\Windows\System\tkNmSim.exe
  C:\Windows\System\tkNmSim.exe
  2⤵
  PID:7032
- C:\Windows\System\WoQzfMr.exe
  C:\Windows\System\WoQzfMr.exe
  2⤵
  PID:7048
- C:\Windows\System\ifYntcc.exe
  C:\Windows\System\ifYntcc.exe
  2⤵
  PID:7064
- C:\Windows\System\bYVoZGw.exe
  C:\Windows\System\bYVoZGw.exe
  2⤵
  PID:7080
- C:\Windows\System\FGzDCPB.exe
  C:\Windows\System\FGzDCPB.exe
  2⤵
  PID:7096
- C:\Windows\System\WTquTuk.exe
  C:\Windows\System\WTquTuk.exe
  2⤵
  PID:7112
- C:\Windows\System\LqmAsjk.exe
  C:\Windows\System\LqmAsjk.exe
  2⤵
  PID:7128
- C:\Windows\System\otoMRaz.exe
  C:\Windows\System\otoMRaz.exe
  2⤵
  PID:7144
- C:\Windows\System\jhYixRq.exe
  C:\Windows\System\jhYixRq.exe
  2⤵
  PID:7160
- C:\Windows\System\VNrWnbr.exe
  C:\Windows\System\VNrWnbr.exe
  2⤵
  PID:5708
- C:\Windows\System\psjGHaa.exe
  C:\Windows\System\psjGHaa.exe
  2⤵
  PID:6160
- C:\Windows\System\tmphsgy.exe
  C:\Windows\System\tmphsgy.exe
  2⤵
  PID:5428
- C:\Windows\System\fkfgYcU.exe
  C:\Windows\System\fkfgYcU.exe
  2⤵
  PID:6208
- C:\Windows\System\faxBJaR.exe
  C:\Windows\System\faxBJaR.exe
  2⤵
  PID:6268
- C:\Windows\System\frrxjNF.exe
  C:\Windows\System\frrxjNF.exe
  2⤵
  PID:5688
- C:\Windows\System\IZwpwxc.exe
  C:\Windows\System\IZwpwxc.exe
  2⤵
  PID:6220
- C:\Windows\System\kUvImGJ.exe
  C:\Windows\System\kUvImGJ.exe
  2⤵
  PID:1968
- C:\Windows\System\GuHDnQo.exe
  C:\Windows\System\GuHDnQo.exe
  2⤵
  PID:6252
- C:\Windows\System\HGwYEkS.exe
  C:\Windows\System\HGwYEkS.exe
  2⤵
  PID:6320
- C:\Windows\System\WFzatkz.exe
  C:\Windows\System\WFzatkz.exe
  2⤵
  PID:6428
- C:\Windows\System\dvbFVJK.exe
  C:\Windows\System\dvbFVJK.exe
  2⤵
  PID:6444
- C:\Windows\System\cFrtXwi.exe
  C:\Windows\System\cFrtXwi.exe
  2⤵
  PID:6480
- C:\Windows\System\ElSHTNX.exe
  C:\Windows\System\ElSHTNX.exe
  2⤵
  PID:6496
- C:\Windows\System\xhGcMKv.exe
  C:\Windows\System\xhGcMKv.exe
  2⤵
  PID:6508
- C:\Windows\System\FHlKukA.exe
  C:\Windows\System\FHlKukA.exe
  2⤵
  PID:6560
- C:\Windows\System\HZzlHLg.exe
  C:\Windows\System\HZzlHLg.exe
  2⤵
  PID:6624
- C:\Windows\System\VUZhUKH.exe
  C:\Windows\System\VUZhUKH.exe
  2⤵
  PID:6572
- C:\Windows\System\WaLohvy.exe
  C:\Windows\System\WaLohvy.exe
  2⤵
  PID:6668
- C:\Windows\System\cauwxft.exe
  C:\Windows\System\cauwxft.exe
  2⤵
  PID:6748
- C:\Windows\System\PnBWNXS.exe
  C:\Windows\System\PnBWNXS.exe
  2⤵
  PID:6604
- C:\Windows\System\WrZQMSJ.exe
  C:\Windows\System\WrZQMSJ.exe
  2⤵
  PID:6736
- C:\Windows\System\McrjJdW.exe
  C:\Windows\System\McrjJdW.exe
  2⤵
  PID:6832
- C:\Windows\System\wDQCugX.exe
  C:\Windows\System\wDQCugX.exe
  2⤵
  PID:6876
- C:\Windows\System\GaWtMlM.exe
  C:\Windows\System\GaWtMlM.exe
  2⤵
  PID:6880
- C:\Windows\System\OFjDRLt.exe
  C:\Windows\System\OFjDRLt.exe
  2⤵
  PID:6800
- C:\Windows\System\mkskuhV.exe
  C:\Windows\System\mkskuhV.exe
  2⤵
  PID:6928
- C:\Windows\System\bHwYbxC.exe
  C:\Windows\System\bHwYbxC.exe
  2⤵
  PID:6948
- C:\Windows\System\wWGhAwJ.exe
  C:\Windows\System\wWGhAwJ.exe
  2⤵
  PID:6992
- C:\Windows\System\QlhFdoT.exe
  C:\Windows\System\QlhFdoT.exe
  2⤵
  PID:7012
- C:\Windows\System\tfxxTGx.exe
  C:\Windows\System\tfxxTGx.exe
  2⤵
  PID:7072
- C:\Windows\System\pcvWwBn.exe
  C:\Windows\System\pcvWwBn.exe
  2⤵
  PID:7088
- C:\Windows\System\XsYajtv.exe
  C:\Windows\System\XsYajtv.exe
  2⤵
  PID:7028
- C:\Windows\System\IXSzMuS.exe
  C:\Windows\System\IXSzMuS.exe
  2⤵
  PID:920
- C:\Windows\System\XFHIREx.exe
  C:\Windows\System\XFHIREx.exe
  2⤵
  PID:6224
- C:\Windows\System\nCEZRLx.exe
  C:\Windows\System\nCEZRLx.exe
  2⤵
  PID:2144
- C:\Windows\System\xvZQCjH.exe
  C:\Windows\System\xvZQCjH.exe
  2⤵
  PID:6120
- C:\Windows\System\LcLlgdH.exe
  C:\Windows\System\LcLlgdH.exe
  2⤵
  PID:6172
- C:\Windows\System\PAQThKT.exe
  C:\Windows\System\PAQThKT.exe
  2⤵
  PID:6384
- C:\Windows\System\gKloXnT.exe
  C:\Windows\System\gKloXnT.exe
  2⤵
  PID:6380
- C:\Windows\System\BBgtcyd.exe
  C:\Windows\System\BBgtcyd.exe
  2⤵
  PID:6620
- C:\Windows\System\LQznuIe.exe
  C:\Windows\System\LQznuIe.exe
  2⤵
  PID:6716
- C:\Windows\System\WPlKYVL.exe
  C:\Windows\System\WPlKYVL.exe
  2⤵
  PID:6608
- C:\Windows\System\FeWjVKB.exe
  C:\Windows\System\FeWjVKB.exe
  2⤵
  PID:6540
- C:\Windows\System\ZXETooj.exe
  C:\Windows\System\ZXETooj.exe
  2⤵
  PID:6780
- C:\Windows\System\wnewopu.exe
  C:\Windows\System\wnewopu.exe
  2⤵
  PID:6828
- C:\Windows\System\MtFPBdR.exe
  C:\Windows\System\MtFPBdR.exe
  2⤵
  PID:6892
- C:\Windows\System\DsrxfKv.exe
  C:\Windows\System\DsrxfKv.exe
  2⤵
  PID:6944
- C:\Windows\System\hQUNGtD.exe
  C:\Windows\System\hQUNGtD.exe
  2⤵
  PID:7076
- C:\Windows\System\HgLfWvi.exe
  C:\Windows\System\HgLfWvi.exe
  2⤵
  PID:7024
- C:\Windows\System\xJzQPzm.exe
  C:\Windows\System\xJzQPzm.exe
  2⤵
  PID:7108
- C:\Windows\System\oHkCbma.exe
  C:\Windows\System\oHkCbma.exe
  2⤵
  PID:6192
- C:\Windows\System\qONatDr.exe
  C:\Windows\System\qONatDr.exe
  2⤵
  PID:6284
- C:\Windows\System\XRYvYEd.exe
  C:\Windows\System\XRYvYEd.exe
  2⤵
  PID:6524
- C:\Windows\System\GQmzgYo.exe
  C:\Windows\System\GQmzgYo.exe
  2⤵
  PID:6352
- C:\Windows\System\phqAWNX.exe
  C:\Windows\System\phqAWNX.exe
  2⤵
  PID:6400
- C:\Windows\System\mrAJOBw.exe
  C:\Windows\System\mrAJOBw.exe
  2⤵
  PID:6684
- C:\Windows\System\xHNtzmz.exe
  C:\Windows\System\xHNtzmz.exe
  2⤵
  PID:6464
- C:\Windows\System\WvYmWoy.exe
  C:\Windows\System\WvYmWoy.exe
  2⤵
  PID:6816
- C:\Windows\System\rZaQUFn.exe
  C:\Windows\System\rZaQUFn.exe
  2⤵
  PID:5880
- C:\Windows\System\OnyrbHM.exe
  C:\Windows\System\OnyrbHM.exe
  2⤵
  PID:6492
- C:\Windows\System\jpNhKly.exe
  C:\Windows\System\jpNhKly.exe
  2⤵
  PID:6812
- C:\Windows\System\aYisuzY.exe
  C:\Windows\System\aYisuzY.exe
  2⤵
  PID:7104
- C:\Windows\System\KAIxsqw.exe
  C:\Windows\System\KAIxsqw.exe
  2⤵
  PID:7172
- C:\Windows\System\OAuOsAH.exe
  C:\Windows\System\OAuOsAH.exe
  2⤵
  PID:7188
- C:\Windows\System\FHjFawz.exe
  C:\Windows\System\FHjFawz.exe
  2⤵
  PID:7204
- C:\Windows\System\hepDzzl.exe
  C:\Windows\System\hepDzzl.exe
  2⤵
  PID:7220
- C:\Windows\System\ljDzqif.exe
  C:\Windows\System\ljDzqif.exe
  2⤵
  PID:7236
- C:\Windows\System\KuJBGEI.exe
  C:\Windows\System\KuJBGEI.exe
  2⤵
  PID:7252
- C:\Windows\System\FPkSQQh.exe
  C:\Windows\System\FPkSQQh.exe
  2⤵
  PID:7268
- C:\Windows\System\LhhrYuD.exe
  C:\Windows\System\LhhrYuD.exe
  2⤵
  PID:7284
- C:\Windows\System\XuHVLiv.exe
  C:\Windows\System\XuHVLiv.exe
  2⤵
  PID:7300
- C:\Windows\System\LdQlNiR.exe
  C:\Windows\System\LdQlNiR.exe
  2⤵
  PID:7316
- C:\Windows\System\RUHzWFy.exe
  C:\Windows\System\RUHzWFy.exe
  2⤵
  PID:7332
- C:\Windows\System\dVthVMo.exe
  C:\Windows\System\dVthVMo.exe
  2⤵
  PID:7348
- C:\Windows\System\RkFzDue.exe
  C:\Windows\System\RkFzDue.exe
  2⤵
  PID:7364
- C:\Windows\System\nQsQOwh.exe
  C:\Windows\System\nQsQOwh.exe
  2⤵
  PID:7380
- C:\Windows\System\IjmygyU.exe
  C:\Windows\System\IjmygyU.exe
  2⤵
  PID:7396
- C:\Windows\System\ZOqKWlk.exe
  C:\Windows\System\ZOqKWlk.exe
  2⤵
  PID:7416
- C:\Windows\System\jUROPGN.exe
  C:\Windows\System\jUROPGN.exe
  2⤵
  PID:7432
- C:\Windows\System\edAutrw.exe
  C:\Windows\System\edAutrw.exe
  2⤵
  PID:7448
- C:\Windows\System\eIycnkA.exe
  C:\Windows\System\eIycnkA.exe
  2⤵
  PID:7464
- C:\Windows\System\CvOuKLb.exe
  C:\Windows\System\CvOuKLb.exe
  2⤵
  PID:7480
- C:\Windows\System\ksKAEli.exe
  C:\Windows\System\ksKAEli.exe
  2⤵
  PID:7496
- C:\Windows\System\Tqfxysu.exe
  C:\Windows\System\Tqfxysu.exe
  2⤵
  PID:7512
- C:\Windows\System\UwrigvL.exe
  C:\Windows\System\UwrigvL.exe
  2⤵
  PID:7528
- C:\Windows\System\xQRmxUo.exe
  C:\Windows\System\xQRmxUo.exe
  2⤵
  PID:7544
- C:\Windows\System\kGyUOSw.exe
  C:\Windows\System\kGyUOSw.exe
  2⤵
  PID:7560
- C:\Windows\System\uQWofiH.exe
  C:\Windows\System\uQWofiH.exe
  2⤵
  PID:7576
- C:\Windows\System\sDXVagw.exe
  C:\Windows\System\sDXVagw.exe
  2⤵
  PID:7592
- C:\Windows\System\DIYylhP.exe
  C:\Windows\System\DIYylhP.exe
  2⤵
  PID:7608
- C:\Windows\System\IgCtkWI.exe
  C:\Windows\System\IgCtkWI.exe
  2⤵
  PID:7624
- C:\Windows\System\aBaThle.exe
  C:\Windows\System\aBaThle.exe
  2⤵
  PID:7640
- C:\Windows\System\rjErKSi.exe
  C:\Windows\System\rjErKSi.exe
  2⤵
  PID:7656
- C:\Windows\System\JMJWnyJ.exe
  C:\Windows\System\JMJWnyJ.exe
  2⤵
  PID:7672
- C:\Windows\System\ZQosSMT.exe
  C:\Windows\System\ZQosSMT.exe
  2⤵
  PID:7688
- C:\Windows\System\OJaawxy.exe
  C:\Windows\System\OJaawxy.exe
  2⤵
  PID:7704
- C:\Windows\System\UCKBFgc.exe
  C:\Windows\System\UCKBFgc.exe
  2⤵
  PID:7720
- C:\Windows\System\PIGbArQ.exe
  C:\Windows\System\PIGbArQ.exe
  2⤵
  PID:7736
- C:\Windows\System\IlQirOK.exe
  C:\Windows\System\IlQirOK.exe
  2⤵
  PID:7752
- C:\Windows\System\lffwWfx.exe
  C:\Windows\System\lffwWfx.exe
  2⤵
  PID:7772
- C:\Windows\System\PMPtflK.exe
  C:\Windows\System\PMPtflK.exe
  2⤵
  PID:7788
- C:\Windows\System\mbxUCYU.exe
  C:\Windows\System\mbxUCYU.exe
  2⤵
  PID:7804
- C:\Windows\System\SLxSIKR.exe
  C:\Windows\System\SLxSIKR.exe
  2⤵
  PID:7820
- C:\Windows\System\KEKtjZr.exe
  C:\Windows\System\KEKtjZr.exe
  2⤵
  PID:7836
- C:\Windows\System\nchzbvW.exe
  C:\Windows\System\nchzbvW.exe
  2⤵
  PID:7852
- C:\Windows\System\aQxwSTj.exe
  C:\Windows\System\aQxwSTj.exe
  2⤵
  PID:7868
- C:\Windows\System\sdatmxs.exe
  C:\Windows\System\sdatmxs.exe
  2⤵
  PID:7884
- C:\Windows\System\zktXEgr.exe
  C:\Windows\System\zktXEgr.exe
  2⤵
  PID:7900
- C:\Windows\System\fsWYJec.exe
  C:\Windows\System\fsWYJec.exe
  2⤵
  PID:7916
- C:\Windows\System\foIBiHW.exe
  C:\Windows\System\foIBiHW.exe
  2⤵
  PID:7932
- C:\Windows\System\nlkYSqK.exe
  C:\Windows\System\nlkYSqK.exe
  2⤵
  PID:7948
- C:\Windows\System\eKIFrUb.exe
  C:\Windows\System\eKIFrUb.exe
  2⤵
  PID:7964
- C:\Windows\System\woVBqOJ.exe
  C:\Windows\System\woVBqOJ.exe
  2⤵
  PID:7980
- C:\Windows\System\DUVzoqH.exe
  C:\Windows\System\DUVzoqH.exe
  2⤵
  PID:7996
- C:\Windows\System\VwQZzgw.exe
  C:\Windows\System\VwQZzgw.exe
  2⤵
  PID:8012
- C:\Windows\System\YmABVGN.exe
  C:\Windows\System\YmABVGN.exe
  2⤵
  PID:8028
- C:\Windows\System\OXsclvB.exe
  C:\Windows\System\OXsclvB.exe
  2⤵
  PID:8044
- C:\Windows\System\jQpAMkk.exe
  C:\Windows\System\jQpAMkk.exe
  2⤵
  PID:8060
- C:\Windows\System\ULvAaLl.exe
  C:\Windows\System\ULvAaLl.exe
  2⤵
  PID:8076
- C:\Windows\System\OtZDnME.exe
  C:\Windows\System\OtZDnME.exe
  2⤵
  PID:8092
- C:\Windows\System\tuIQbli.exe
  C:\Windows\System\tuIQbli.exe
  2⤵
  PID:8108
- C:\Windows\System\swNjIlm.exe
  C:\Windows\System\swNjIlm.exe
  2⤵
  PID:8124
- C:\Windows\System\GIzqXlN.exe
  C:\Windows\System\GIzqXlN.exe
  2⤵
  PID:8140
- C:\Windows\System\vsVnIkd.exe
  C:\Windows\System\vsVnIkd.exe
  2⤵
  PID:8156
- C:\Windows\System\lFMFvzd.exe
  C:\Windows\System\lFMFvzd.exe
  2⤵
  PID:8172
- C:\Windows\System\UXYGqVk.exe
  C:\Windows\System\UXYGqVk.exe
  2⤵
  PID:8188
- C:\Windows\System\yIPbYST.exe
  C:\Windows\System\yIPbYST.exe
  2⤵
  PID:7152
- C:\Windows\System\TaeCgvJ.exe
  C:\Windows\System\TaeCgvJ.exe
  2⤵
  PID:6556
- C:\Windows\System\BuAxjef.exe
  C:\Windows\System\BuAxjef.exe
  2⤵
  PID:7940
- C:\Windows\System\UXEoXVO.exe
  C:\Windows\System\UXEoXVO.exe
  2⤵
  PID:8008
- C:\Windows\System\iRkiJZd.exe
  C:\Windows\System\iRkiJZd.exe
  2⤵
  PID:8036
- C:\Windows\System\oDFtoRE.exe
  C:\Windows\System\oDFtoRE.exe
  2⤵
  PID:7476
- C:\Windows\System\RsFOpii.exe
  C:\Windows\System\RsFOpii.exe
  2⤵
  PID:7568
- C:\Windows\System\nMECqlR.exe
  C:\Windows\System\nMECqlR.exe
  2⤵
  PID:7668
- C:\Windows\System\wJXZsRG.exe
  C:\Windows\System\wJXZsRG.exe
  2⤵
  PID:7732
- C:\Windows\System\TQuDOix.exe
  C:\Windows\System\TQuDOix.exe
  2⤵
  PID:7828
- C:\Windows\System\uhwXLiy.exe
  C:\Windows\System\uhwXLiy.exe
  2⤵
  PID:7896
- C:\Windows\System\OPfOkry.exe
  C:\Windows\System\OPfOkry.exe
  2⤵
  PID:7960
- C:\Windows\System\GZDmPMs.exe
  C:\Windows\System\GZDmPMs.exe
  2⤵
  PID:8132
- C:\Windows\System\tLkpNYF.exe
  C:\Windows\System\tLkpNYF.exe
  2⤵
  PID:7232
- C:\Windows\System\SmNrUvW.exe
  C:\Windows\System\SmNrUvW.exe
  2⤵
  PID:7248
- C:\Windows\System\RPPpKec.exe
  C:\Windows\System\RPPpKec.exe
  2⤵
  PID:7328
- C:\Windows\System\rNsggZi.exe
  C:\Windows\System\rNsggZi.exe
  2⤵
  PID:7340
- C:\Windows\System\pyzHJEA.exe
  C:\Windows\System\pyzHJEA.exe
  2⤵
  PID:7456
- C:\Windows\System\zzUgHEg.exe
  C:\Windows\System\zzUgHEg.exe
  2⤵
  PID:7812
- C:\Windows\System\zZfjiiA.exe
  C:\Windows\System\zZfjiiA.exe
  2⤵
  PID:7296
- C:\Windows\System\FNiJlse.exe
  C:\Windows\System\FNiJlse.exe
  2⤵
  PID:7344
- C:\Windows\System\emUfcxe.exe
  C:\Windows\System\emUfcxe.exe
  2⤵
  PID:7524
- C:\Windows\System\XDbOjEi.exe
  C:\Windows\System\XDbOjEi.exe
  2⤵
  PID:7684
- C:\Windows\System\RgJJGdz.exe
  C:\Windows\System\RgJJGdz.exe
  2⤵
  PID:7908
- C:\Windows\System\eMKaiMu.exe
  C:\Windows\System\eMKaiMu.exe
  2⤵
  PID:7844
- C:\Windows\System\OCUBupt.exe
  C:\Windows\System\OCUBupt.exe
  2⤵
  PID:7648
- C:\Windows\System\hwQllWW.exe
  C:\Windows\System\hwQllWW.exe
  2⤵
  PID:7976
- C:\Windows\System\CGTOlcx.exe
  C:\Windows\System\CGTOlcx.exe
  2⤵
  PID:7444
- C:\Windows\System\pxpHGsi.exe
  C:\Windows\System\pxpHGsi.exe
  2⤵
  PID:7540
- C:\Windows\System\nNlwNZz.exe
  C:\Windows\System\nNlwNZz.exe
  2⤵
  PID:8072
- C:\Windows\System\MTZAQsd.exe
  C:\Windows\System\MTZAQsd.exe
  2⤵
  PID:7892
- C:\Windows\System\yxvcOsI.exe
  C:\Windows\System\yxvcOsI.exe
  2⤵
  PID:7768
- C:\Windows\System\HZhJrex.exe
  C:\Windows\System\HZhJrex.exe
  2⤵
  PID:7992
- C:\Windows\System\FhhqXHZ.exe
  C:\Windows\System\FhhqXHZ.exe
  2⤵
  PID:8024
- C:\Windows\System\QUwvjfW.exe
  C:\Windows\System\QUwvjfW.exe
  2⤵
  PID:8120
- C:\Windows\System\xYtuMNJ.exe
  C:\Windows\System\xYtuMNJ.exe
  2⤵
  PID:6912
- C:\Windows\System\GDOPMqy.exe
  C:\Windows\System\GDOPMqy.exe
  2⤵
  PID:7264
- C:\Windows\System\zmIbZFY.exe
  C:\Windows\System\zmIbZFY.exe
  2⤵
  PID:7488
- C:\Windows\System\ouxgKmV.exe
  C:\Windows\System\ouxgKmV.exe
  2⤵
  PID:7552
- C:\Windows\System\liQZuIE.exe
  C:\Windows\System\liQZuIE.exe
  2⤵
  PID:7780
- C:\Windows\System\acMUCdt.exe
  C:\Windows\System\acMUCdt.exe
  2⤵
  PID:7200
- C:\Windows\System\bPdClat.exe
  C:\Windows\System\bPdClat.exe
  2⤵
  PID:7536
- C:\Windows\System\LDYTOrt.exe
  C:\Windows\System\LDYTOrt.exe
  2⤵
  PID:7716
- C:\Windows\System\QbEkzAT.exe
  C:\Windows\System\QbEkzAT.exe
  2⤵
  PID:8136
- C:\Windows\System\DHzsaeW.exe
  C:\Windows\System\DHzsaeW.exe
  2⤵
  PID:7392
- C:\Windows\System\sKEibDg.exe
  C:\Windows\System\sKEibDg.exe
  2⤵
  PID:7424
- C:\Windows\System\hukLiSm.exe
  C:\Windows\System\hukLiSm.exe
  2⤵
  PID:7556
- C:\Windows\System\FPHQxvG.exe
  C:\Windows\System\FPHQxvG.exe
  2⤵
  PID:7584
- C:\Windows\System\UkASCyC.exe
  C:\Windows\System\UkASCyC.exe
  2⤵
  PID:8068
- C:\Windows\System\zUxDiYC.exe
  C:\Windows\System\zUxDiYC.exe
  2⤵
  PID:8052
- C:\Windows\System\tfYnrXK.exe
  C:\Windows\System\tfYnrXK.exe
  2⤵
  PID:8104
- C:\Windows\System\oZahVGK.exe
  C:\Windows\System\oZahVGK.exe
  2⤵
  PID:8152
- C:\Windows\System\FWJpKoy.exe
  C:\Windows\System\FWJpKoy.exe
  2⤵
  PID:7620
- C:\Windows\System\QPLaYRB.exe
  C:\Windows\System\QPLaYRB.exe
  2⤵
  PID:7360
- C:\Windows\System\zfSgiNr.exe
  C:\Windows\System\zfSgiNr.exe
  2⤵
  PID:7972
- C:\Windows\System\XklFftA.exe
  C:\Windows\System\XklFftA.exe
  2⤵
  PID:6964
- C:\Windows\System\lTTDGhY.exe
  C:\Windows\System\lTTDGhY.exe
  2⤵
  PID:8056
- C:\Windows\System\WrHiSkQ.exe
  C:\Windows\System\WrHiSkQ.exe
  2⤵
  PID:7280
- C:\Windows\System\RBnnwms.exe
  C:\Windows\System\RBnnwms.exe
  2⤵
  PID:8040
- C:\Windows\System\saeWVKD.exe
  C:\Windows\System\saeWVKD.exe
  2⤵
  PID:6960
- C:\Windows\System\wfMMZqW.exe
  C:\Windows\System\wfMMZqW.exe
  2⤵
  PID:7680
- C:\Windows\System\uDsGMBz.exe
  C:\Windows\System\uDsGMBz.exe
  2⤵
  PID:7412
- C:\Windows\System\lUxXZUd.exe
  C:\Windows\System\lUxXZUd.exe
  2⤵
  PID:8208
- C:\Windows\System\mWskrOW.exe
  C:\Windows\System\mWskrOW.exe
  2⤵
  PID:8224
- C:\Windows\System\pCRnXeY.exe
  C:\Windows\System\pCRnXeY.exe
  2⤵
  PID:8240
- C:\Windows\System\sEUCdsg.exe
  C:\Windows\System\sEUCdsg.exe
  2⤵
  PID:8256
- C:\Windows\System\xsuRnfq.exe
  C:\Windows\System\xsuRnfq.exe
  2⤵
  PID:8272
- C:\Windows\System\lKSQffP.exe
  C:\Windows\System\lKSQffP.exe
  2⤵
  PID:8288
- C:\Windows\System\rvWFXSa.exe
  C:\Windows\System\rvWFXSa.exe
  2⤵
  PID:8304
- C:\Windows\System\LGHTqJK.exe
  C:\Windows\System\LGHTqJK.exe
  2⤵
  PID:8320
- C:\Windows\System\sTFUqwI.exe
  C:\Windows\System\sTFUqwI.exe
  2⤵
  PID:8336
- C:\Windows\System\urTGuOn.exe
  C:\Windows\System\urTGuOn.exe
  2⤵
  PID:8352
- C:\Windows\System\gdlHNYG.exe
  C:\Windows\System\gdlHNYG.exe
  2⤵
  PID:8368
- C:\Windows\System\QXiuBUd.exe
  C:\Windows\System\QXiuBUd.exe
  2⤵
  PID:8384
- C:\Windows\System\smKMVSI.exe
  C:\Windows\System\smKMVSI.exe
  2⤵
  PID:8400
- C:\Windows\System\FbbyAZu.exe
  C:\Windows\System\FbbyAZu.exe
  2⤵
  PID:8416
- C:\Windows\System\LNztSjS.exe
  C:\Windows\System\LNztSjS.exe
  2⤵
  PID:8432
- C:\Windows\System\lpzZlLH.exe
  C:\Windows\System\lpzZlLH.exe
  2⤵
  PID:8448
- C:\Windows\System\jbzjlMh.exe
  C:\Windows\System\jbzjlMh.exe
  2⤵
  PID:8464
- C:\Windows\System\yrZYktM.exe
  C:\Windows\System\yrZYktM.exe
  2⤵
  PID:8480
- C:\Windows\System\hRRhKzt.exe
  C:\Windows\System\hRRhKzt.exe
  2⤵
  PID:8496
- C:\Windows\System\sFjhErP.exe
  C:\Windows\System\sFjhErP.exe
  2⤵
  PID:8512
- C:\Windows\System\wKkxySr.exe
  C:\Windows\System\wKkxySr.exe
  2⤵
  PID:8528
- C:\Windows\System\ewsyLdD.exe
  C:\Windows\System\ewsyLdD.exe
  2⤵
  PID:8544
- C:\Windows\System\FGEvxQR.exe
  C:\Windows\System\FGEvxQR.exe
  2⤵
  PID:8560
- C:\Windows\System\XFdUGpY.exe
  C:\Windows\System\XFdUGpY.exe
  2⤵
  PID:8576
- C:\Windows\System\ezzFaku.exe
  C:\Windows\System\ezzFaku.exe
  2⤵
  PID:8592
- C:\Windows\System\uYhRyPU.exe
  C:\Windows\System\uYhRyPU.exe
  2⤵
  PID:8608
- C:\Windows\System\qPOmiOu.exe
  C:\Windows\System\qPOmiOu.exe
  2⤵
  PID:8628
- C:\Windows\System\OgrqiCS.exe
  C:\Windows\System\OgrqiCS.exe
  2⤵
  PID:8644
- C:\Windows\System\HhGMSmj.exe
  C:\Windows\System\HhGMSmj.exe
  2⤵
  PID:8676
- C:\Windows\System\iBZMwmF.exe
  C:\Windows\System\iBZMwmF.exe
  2⤵
  PID:8692
- C:\Windows\System\FhZurkz.exe
  C:\Windows\System\FhZurkz.exe
  2⤵
  PID:8708
- C:\Windows\System\dHbYZWm.exe
  C:\Windows\System\dHbYZWm.exe
  2⤵
  PID:8728
- C:\Windows\System\ncqcade.exe
  C:\Windows\System\ncqcade.exe
  2⤵
  PID:8784
- C:\Windows\System\CJxSzjq.exe
  C:\Windows\System\CJxSzjq.exe
  2⤵
  PID:8804
- C:\Windows\System\ywMNFUg.exe
  C:\Windows\System\ywMNFUg.exe
  2⤵
  PID:8860
- C:\Windows\System\QolbLuS.exe
  C:\Windows\System\QolbLuS.exe
  2⤵
  PID:8940
- C:\Windows\System\YWKlvkj.exe
  C:\Windows\System\YWKlvkj.exe
  2⤵
  PID:8996
- C:\Windows\System\tiWXorj.exe
  C:\Windows\System\tiWXorj.exe
  2⤵
  PID:9024
- C:\Windows\System\fZBJLkU.exe
  C:\Windows\System\fZBJLkU.exe
  2⤵
  PID:9040
- C:\Windows\System\kBYQJgE.exe
  C:\Windows\System\kBYQJgE.exe
  2⤵
  PID:9056
- C:\Windows\System\cuHCqqe.exe
  C:\Windows\System\cuHCqqe.exe
  2⤵
  PID:9072
- C:\Windows\System\VBkcXie.exe
  C:\Windows\System\VBkcXie.exe
  2⤵
  PID:9088
- C:\Windows\System\lsSrvEN.exe
  C:\Windows\System\lsSrvEN.exe
  2⤵
  PID:9104
- C:\Windows\System\gFxrFsZ.exe
  C:\Windows\System\gFxrFsZ.exe
  2⤵
  PID:9120
- C:\Windows\System\XRhhwdD.exe
  C:\Windows\System\XRhhwdD.exe
  2⤵
  PID:9136
- C:\Windows\System\ZvGsxAB.exe
  C:\Windows\System\ZvGsxAB.exe
  2⤵
  PID:9152
- C:\Windows\System\FVacbAY.exe
  C:\Windows\System\FVacbAY.exe
  2⤵
  PID:9172
- C:\Windows\System\ILHrmva.exe
  C:\Windows\System\ILHrmva.exe
  2⤵
  PID:9192
- C:\Windows\System\FZOYCru.exe
  C:\Windows\System\FZOYCru.exe
  2⤵
  PID:9208
- C:\Windows\System\DxobTkd.exe
  C:\Windows\System\DxobTkd.exe
  2⤵
  PID:8204
- C:\Windows\System\HkAWFCn.exe
  C:\Windows\System\HkAWFCn.exe
  2⤵
  PID:8168
- C:\Windows\System\gWgdvFx.exe
  C:\Windows\System\gWgdvFx.exe
  2⤵
  PID:7356
- C:\Windows\System\eWoOnKL.exe
  C:\Windows\System\eWoOnKL.exe
  2⤵
  PID:8216
- C:\Windows\System\uXfyukh.exe
  C:\Windows\System\uXfyukh.exe
  2⤵
  PID:8280
- C:\Windows\System\CCXNeRi.exe
  C:\Windows\System\CCXNeRi.exe
  2⤵
  PID:8284
- C:\Windows\System\SLNuQnt.exe
  C:\Windows\System\SLNuQnt.exe
  2⤵
  PID:8332
- C:\Windows\System\GETGgre.exe
  C:\Windows\System\GETGgre.exe
  2⤵
  PID:8392
- C:\Windows\System\swGoIoa.exe
  C:\Windows\System\swGoIoa.exe
  2⤵
  PID:8376
- C:\Windows\System\ctykyvQ.exe
  C:\Windows\System\ctykyvQ.exe
  2⤵
  PID:8424
- C:\Windows\System\SYjVMle.exe
  C:\Windows\System\SYjVMle.exe
  2⤵
  PID:8488
- C:\Windows\System\ZnIsABB.exe
  C:\Windows\System\ZnIsABB.exe
  2⤵
  PID:8472
- C:\Windows\System\maOwPmR.exe
  C:\Windows\System\maOwPmR.exe
  2⤵
  PID:8440
- C:\Windows\System\vRbPFhn.exe
  C:\Windows\System\vRbPFhn.exe
  2⤵
  PID:8552
- C:\Windows\System\wUhTBZj.exe
  C:\Windows\System\wUhTBZj.exe
  2⤵
  PID:8620
- C:\Windows\System\HIGoTyX.exe
  C:\Windows\System\HIGoTyX.exe
  2⤵
  PID:8572
- C:\Windows\System\FwduTvo.exe
  C:\Windows\System\FwduTvo.exe
  2⤵
  PID:8624
- C:\Windows\System\yOKObeV.exe
  C:\Windows\System\yOKObeV.exe
  2⤵
  PID:8672
- C:\Windows\System\qSTUBqZ.exe
  C:\Windows\System\qSTUBqZ.exe
  2⤵
  PID:8748
- C:\Windows\System\JyJusBt.exe
  C:\Windows\System\JyJusBt.exe
  2⤵
  PID:8760
- C:\Windows\System\MfDfrNV.exe
  C:\Windows\System\MfDfrNV.exe
  2⤵
  PID:8776
- C:\Windows\System\BVadTpD.exe
  C:\Windows\System\BVadTpD.exe
  2⤵
  PID:8720
- C:\Windows\System\xDRjDhx.exe
  C:\Windows\System\xDRjDhx.exe
  2⤵
  PID:8740
- C:\Windows\System\hrRBUiL.exe
  C:\Windows\System\hrRBUiL.exe
  2⤵
  PID:8824
- C:\Windows\System\WFTKUYD.exe
  C:\Windows\System\WFTKUYD.exe
  2⤵
  PID:8840
- C:\Windows\System\NcPwLKr.exe
  C:\Windows\System\NcPwLKr.exe
  2⤵
  PID:8796
- C:\Windows\System\VFGJxfL.exe
  C:\Windows\System\VFGJxfL.exe
  2⤵
  PID:8868
- C:\Windows\System\uKBxGXm.exe
  C:\Windows\System\uKBxGXm.exe
  2⤵
  PID:8880
- C:\Windows\System\vYzpbUu.exe
  C:\Windows\System\vYzpbUu.exe
  2⤵
  PID:8900
- C:\Windows\System\bhEdCMv.exe
  C:\Windows\System\bhEdCMv.exe
  2⤵
  PID:8916
- C:\Windows\System\zIdwEil.exe
  C:\Windows\System\zIdwEil.exe
  2⤵
  PID:8936
- C:\Windows\System\WFdpuAq.exe
  C:\Windows\System\WFdpuAq.exe
  2⤵
  PID:8956
- C:\Windows\System\KrsLRJm.exe
  C:\Windows\System\KrsLRJm.exe
  2⤵
  PID:8972
- C:\Windows\System\iuipAQN.exe
  C:\Windows\System\iuipAQN.exe
  2⤵
  PID:8984
- C:\Windows\System\bhIPMnN.exe
  C:\Windows\System\bhIPMnN.exe
  2⤵
  PID:9004
- C:\Windows\System\RxUKrhS.exe
  C:\Windows\System\RxUKrhS.exe
  2⤵
  PID:9020
- C:\Windows\System\bWbtYAf.exe
  C:\Windows\System\bWbtYAf.exe
  2⤵
  PID:9100
- C:\Windows\System\uHmpeOv.exe
  C:\Windows\System\uHmpeOv.exe
  2⤵
  PID:9084
- C:\Windows\System\qBIHjif.exe
  C:\Windows\System\qBIHjif.exe
  2⤵
  PID:9148
- C:\Windows\System\OVWDCoH.exe
  C:\Windows\System\OVWDCoH.exe
  2⤵
  PID:9164
- C:\Windows\System\OnTxQeo.exe
  C:\Windows\System\OnTxQeo.exe
  2⤵
  PID:9204
- C:\Windows\System\zbgZCLq.exe
  C:\Windows\System\zbgZCLq.exe
  2⤵
  PID:7760
- C:\Windows\System\ypnIQZy.exe
  C:\Windows\System\ypnIQZy.exe
  2⤵
  PID:7880
- C:\Windows\System\BhRxpvQ.exe
  C:\Windows\System\BhRxpvQ.exe
  2⤵
  PID:8328
- C:\Windows\System\ZdzesFB.exe
  C:\Windows\System\ZdzesFB.exe
  2⤵
  PID:7604
- C:\Windows\System\GNmRWqe.exe
  C:\Windows\System\GNmRWqe.exe
  2⤵
  PID:8568
- C:\Windows\System\uGgeWGa.exe
  C:\Windows\System\uGgeWGa.exe
  2⤵
  PID:8232
- C:\Windows\System\gDKikms.exe
  C:\Windows\System\gDKikms.exe
  2⤵
  PID:8348
- C:\Windows\System\bJlNmow.exe
  C:\Windows\System\bJlNmow.exe
  2⤵
  PID:8752
- C:\Windows\System\chzfitk.exe
  C:\Windows\System\chzfitk.exe
  2⤵
  PID:8460
- C:\Windows\System\AsmsKbr.exe
  C:\Windows\System\AsmsKbr.exe
  2⤵
  PID:8476
- C:\Windows\System\MvChivX.exe
  C:\Windows\System\MvChivX.exe
  2⤵
  PID:8820
- C:\Windows\System\qSjzwou.exe
  C:\Windows\System\qSjzwou.exe
  2⤵
  PID:8736
- C:\Windows\System\dSRboQK.exe
  C:\Windows\System\dSRboQK.exe
  2⤵
  PID:8800
- C:\Windows\System\jfLEdWJ.exe
  C:\Windows\System\jfLEdWJ.exe
  2⤵
  PID:8636
- C:\Windows\System\efPCZFb.exe
  C:\Windows\System\efPCZFb.exe
  2⤵
  PID:8892
- C:\Windows\System\ZfpiiVh.exe
  C:\Windows\System\ZfpiiVh.exe
  2⤵
  PID:8948
- C:\Windows\System\VdkGIWL.exe
  C:\Windows\System\VdkGIWL.exe
  2⤵
  PID:7956
- C:\Windows\System\ZbmhzUR.exe
  C:\Windows\System\ZbmhzUR.exe
  2⤵
  PID:8364
- C:\Windows\System\bIXizdY.exe
  C:\Windows\System\bIXizdY.exe
  2⤵
  PID:8716
- C:\Windows\System\fprCHIU.exe
  C:\Windows\System\fprCHIU.exe
  2⤵
  PID:8848
- C:\Windows\System\YHtAHQM.exe
  C:\Windows\System\YHtAHQM.exe
  2⤵
  PID:8952
- C:\Windows\System\xRZrKdZ.exe
  C:\Windows\System\xRZrKdZ.exe
  2⤵
  PID:9052
- C:\Windows\System\aKbAHOH.exe
  C:\Windows\System\aKbAHOH.exe
  2⤵
  PID:9116
- C:\Windows\System\WTevmoD.exe
  C:\Windows\System\WTevmoD.exe
  2⤵
  PID:8964
- C:\Windows\System\RGqpVdp.exe
  C:\Windows\System\RGqpVdp.exe
  2⤵
  PID:9096
- C:\Windows\System\qbPsClG.exe
  C:\Windows\System\qbPsClG.exe
  2⤵
  PID:8316
- C:\Windows\System\EMlhumn.exe
  C:\Windows\System\EMlhumn.exe
  2⤵
  PID:7228
- C:\Windows\System\WnWmPXJ.exe
  C:\Windows\System\WnWmPXJ.exe
  2⤵
  PID:8524
- C:\Windows\System\ijmxlQq.exe
  C:\Windows\System\ijmxlQq.exe
  2⤵
  PID:8444
- C:\Windows\System\WjawsVj.exe
  C:\Windows\System\WjawsVj.exe
  2⤵
  PID:8640
- C:\Windows\System\EqcDtdq.exe
  C:\Windows\System\EqcDtdq.exe
  2⤵
  PID:8268
- C:\Windows\System\trQCHVM.exe
  C:\Windows\System\trQCHVM.exe
  2⤵
  PID:8812
- C:\Windows\System\FNkUfUB.exe
  C:\Windows\System\FNkUfUB.exe
  2⤵
  PID:8264
- C:\Windows\System\uVTtvBc.exe
  C:\Windows\System\uVTtvBc.exe
  2⤵
  PID:9068
- C:\Windows\System\lqCEyZF.exe
  C:\Windows\System\lqCEyZF.exe
  2⤵
  PID:8924
- C:\Windows\System\OjZhNiN.exe
  C:\Windows\System\OjZhNiN.exe
  2⤵
  PID:8380
- C:\Windows\System\uOuXTZq.exe
  C:\Windows\System\uOuXTZq.exe
  2⤵
  PID:8888
- C:\Windows\System\gKOadMr.exe
  C:\Windows\System\gKOadMr.exe
  2⤵
  PID:9012
- C:\Windows\System\fdhHhOt.exe
  C:\Windows\System\fdhHhOt.exe
  2⤵
  PID:9080
- C:\Windows\System\nSvJlvZ.exe
  C:\Windows\System\nSvJlvZ.exe
  2⤵
  PID:9220
- C:\Windows\System\ZcmcTVM.exe
  C:\Windows\System\ZcmcTVM.exe
  2⤵
  PID:9236
- C:\Windows\System\zPnBzNR.exe
  C:\Windows\System\zPnBzNR.exe
  2⤵
  PID:9252
- C:\Windows\System\VbRAsoq.exe
  C:\Windows\System\VbRAsoq.exe
  2⤵
  PID:9268
- C:\Windows\System\NeHgbat.exe
  C:\Windows\System\NeHgbat.exe
  2⤵
  PID:9284
- C:\Windows\System\XqaOhJW.exe
  C:\Windows\System\XqaOhJW.exe
  2⤵
  PID:9300
- C:\Windows\System\hpKrJJJ.exe
  C:\Windows\System\hpKrJJJ.exe
  2⤵
  PID:9316
- C:\Windows\System\rxDtOff.exe
  C:\Windows\System\rxDtOff.exe
  2⤵
  PID:9332
- C:\Windows\System\CjNvpoL.exe
  C:\Windows\System\CjNvpoL.exe
  2⤵
  PID:9348
- C:\Windows\System\tHoEsIi.exe
  C:\Windows\System\tHoEsIi.exe
  2⤵
  PID:9364
- C:\Windows\System\HfImYLg.exe
  C:\Windows\System\HfImYLg.exe
  2⤵
  PID:9380
- C:\Windows\System\hWNbglO.exe
  C:\Windows\System\hWNbglO.exe
  2⤵
  PID:9396
- C:\Windows\System\CTamTOs.exe
  C:\Windows\System\CTamTOs.exe
  2⤵
  PID:9412
- C:\Windows\System\EwmGZPj.exe
  C:\Windows\System\EwmGZPj.exe
  2⤵
  PID:9428
- C:\Windows\System\QFzFARl.exe
  C:\Windows\System\QFzFARl.exe
  2⤵
  PID:9444
- C:\Windows\System\LhpzTLT.exe
  C:\Windows\System\LhpzTLT.exe
  2⤵
  PID:9460
- C:\Windows\System\TDlAvbc.exe
  C:\Windows\System\TDlAvbc.exe
  2⤵
  PID:9476
- C:\Windows\System\wFODBCN.exe
  C:\Windows\System\wFODBCN.exe
  2⤵
  PID:9496
- C:\Windows\System\bUqaGlG.exe
  C:\Windows\System\bUqaGlG.exe
  2⤵
  PID:9512
- C:\Windows\System\yLSAuqv.exe
  C:\Windows\System\yLSAuqv.exe
  2⤵
  PID:9528
- C:\Windows\System\rcOxlCw.exe
  C:\Windows\System\rcOxlCw.exe
  2⤵
  PID:9544
- C:\Windows\System\bXygmOA.exe
  C:\Windows\System\bXygmOA.exe
  2⤵
  PID:9560
- C:\Windows\System\AfHBlFn.exe
  C:\Windows\System\AfHBlFn.exe
  2⤵
  PID:9576
- C:\Windows\System\MwIDyju.exe
  C:\Windows\System\MwIDyju.exe
  2⤵
  PID:9592
- C:\Windows\System\HWaPwgD.exe
  C:\Windows\System\HWaPwgD.exe
  2⤵
  PID:9608
- C:\Windows\System\ESSKrcE.exe
  C:\Windows\System\ESSKrcE.exe
  2⤵
  PID:9624
- C:\Windows\System\iCYGNtN.exe
  C:\Windows\System\iCYGNtN.exe
  2⤵
  PID:9640
- C:\Windows\System\bVeqCeb.exe
  C:\Windows\System\bVeqCeb.exe
  2⤵
  PID:9656
- C:\Windows\System\eQnZMfP.exe
  C:\Windows\System\eQnZMfP.exe
  2⤵
  PID:9672
- C:\Windows\System\vMclXNN.exe
  C:\Windows\System\vMclXNN.exe
  2⤵
  PID:9688
- C:\Windows\System\NDcPOVD.exe
  C:\Windows\System\NDcPOVD.exe
  2⤵
  PID:9708
- C:\Windows\System\UziPyqv.exe
  C:\Windows\System\UziPyqv.exe
  2⤵
  PID:9724
- C:\Windows\System\vtdwHOE.exe
  C:\Windows\System\vtdwHOE.exe
  2⤵
  PID:9740
- C:\Windows\System\pTRIUml.exe
  C:\Windows\System\pTRIUml.exe
  2⤵
  PID:9756
- C:\Windows\System\PDJXHJf.exe
  C:\Windows\System\PDJXHJf.exe
  2⤵
  PID:9772
- C:\Windows\System\FJnNPEK.exe
  C:\Windows\System\FJnNPEK.exe
  2⤵
  PID:9788
- C:\Windows\System\jfKSkaa.exe
  C:\Windows\System\jfKSkaa.exe
  2⤵
  PID:9804
- C:\Windows\System\rsGSHdT.exe
  C:\Windows\System\rsGSHdT.exe
  2⤵
  PID:9820
- C:\Windows\System\XCZfRgL.exe
  C:\Windows\System\XCZfRgL.exe
  2⤵
  PID:9836
- C:\Windows\System\SOHVxda.exe
  C:\Windows\System\SOHVxda.exe
  2⤵
  PID:9852
- C:\Windows\System\pxXqkmS.exe
  C:\Windows\System\pxXqkmS.exe
  2⤵
  PID:9872
- C:\Windows\System\oMkHKQe.exe
  C:\Windows\System\oMkHKQe.exe
  2⤵
  PID:9944
- C:\Windows\System\SlEfvxI.exe
  C:\Windows\System\SlEfvxI.exe
  2⤵
  PID:9968
- C:\Windows\System\DapAtXc.exe
  C:\Windows\System\DapAtXc.exe
  2⤵
  PID:9984
- C:\Windows\System\sFnCpEI.exe
  C:\Windows\System\sFnCpEI.exe
  2⤵
  PID:10004
- C:\Windows\System\jImFcKg.exe
  C:\Windows\System\jImFcKg.exe
  2⤵
  PID:10020
- C:\Windows\System\goWKqkx.exe
  C:\Windows\System\goWKqkx.exe
  2⤵
  PID:10036
- C:\Windows\System\epfykGa.exe
  C:\Windows\System\epfykGa.exe
  2⤵
  PID:10068
- C:\Windows\System\BsxYcsx.exe
  C:\Windows\System\BsxYcsx.exe
  2⤵
  PID:10084
- C:\Windows\System\MSAbFtB.exe
  C:\Windows\System\MSAbFtB.exe
  2⤵
  PID:9228
- C:\Windows\System\LowDYGj.exe
  C:\Windows\System\LowDYGj.exe
  2⤵
  PID:9388
- C:\Windows\System\lSPJCcS.exe
  C:\Windows\System\lSPJCcS.exe
  2⤵
  PID:9344
- C:\Windows\System\NBAUAxO.exe
  C:\Windows\System\NBAUAxO.exe
  2⤵
  PID:9440
- C:\Windows\System\jbTrdgJ.exe
  C:\Windows\System\jbTrdgJ.exe
  2⤵
  PID:9420
- C:\Windows\System\IiGeMLF.exe
  C:\Windows\System\IiGeMLF.exe
  2⤵
  PID:9492
- C:\Windows\System\HHzzTqn.exe
  C:\Windows\System\HHzzTqn.exe
  2⤵
  PID:9504
- C:\Windows\System\OpouAHt.exe
  C:\Windows\System\OpouAHt.exe
  2⤵
  PID:9524
- C:\Windows\System\kStnDMf.exe
  C:\Windows\System\kStnDMf.exe
  2⤵
  PID:9584
- C:\Windows\System\WGdatNx.exe
  C:\Windows\System\WGdatNx.exe
  2⤵
  PID:9652
- C:\Windows\System\pbNaLDg.exe
  C:\Windows\System\pbNaLDg.exe
  2⤵
  PID:9568
- C:\Windows\System\oiDUuyd.exe
  C:\Windows\System\oiDUuyd.exe
  2⤵
  PID:940
- C:\Windows\System\ZfnPHbg.exe
  C:\Windows\System\ZfnPHbg.exe
  2⤵
  PID:9716
- C:\Windows\System\WamAecN.exe
  C:\Windows\System\WamAecN.exe
  2⤵
  PID:9780
- C:\Windows\System\mBsZHDw.exe
  C:\Windows\System\mBsZHDw.exe
  2⤵
  PID:9604
- C:\Windows\System\qHTZxMJ.exe
  C:\Windows\System\qHTZxMJ.exe
  2⤵
  PID:9668
- C:\Windows\System\aTugSwr.exe
  C:\Windows\System\aTugSwr.exe
  2⤵
  PID:9736
- C:\Windows\System\FEUErLk.exe
  C:\Windows\System\FEUErLk.exe
  2⤵
  PID:9800
- C:\Windows\System\uQbyiaT.exe
  C:\Windows\System\uQbyiaT.exe
  2⤵
  PID:9848
- C:\Windows\System\wKKMfHy.exe
  C:\Windows\System\wKKMfHy.exe
  2⤵
  PID:9892
- C:\Windows\System\dLUMlbF.exe
  C:\Windows\System\dLUMlbF.exe
  2⤵
  PID:9908
- C:\Windows\System\XBSQvpN.exe
  C:\Windows\System\XBSQvpN.exe
  2⤵
  PID:9924
- C:\Windows\System\wlcfMkA.exe
  C:\Windows\System\wlcfMkA.exe
  2⤵
  PID:9864
- C:\Windows\System\idTBYex.exe
  C:\Windows\System\idTBYex.exe
  2⤵
  PID:9868
- C:\Windows\System\mpQSimh.exe
  C:\Windows\System\mpQSimh.exe
  2⤵
  PID:9952
- C:\Windows\System\ghfKxup.exe
  C:\Windows\System\ghfKxup.exe
  2⤵
  PID:10000
- C:\Windows\System\LqnyFZW.exe
  C:\Windows\System\LqnyFZW.exe
  2⤵
  PID:10080
- C:\Windows\System\wcwqnvy.exe
  C:\Windows\System\wcwqnvy.exe
  2⤵
  PID:10064
- C:\Windows\System\qjBPRgL.exe
  C:\Windows\System\qjBPRgL.exe
  2⤵
  PID:10100
- C:\Windows\System\OXHVAjC.exe
  C:\Windows\System\OXHVAjC.exe
  2⤵
  PID:10116
- C:\Windows\System\ynhKcie.exe
  C:\Windows\System\ynhKcie.exe
  2⤵
  PID:10132
- C:\Windows\System\zCilUHp.exe
  C:\Windows\System\zCilUHp.exe
  2⤵
  PID:10148
- C:\Windows\System\dJCsXmj.exe
  C:\Windows\System\dJCsXmj.exe
  2⤵
  PID:10164
- C:\Windows\System\KbRSvNy.exe
  C:\Windows\System\KbRSvNy.exe
  2⤵
  PID:10180
- C:\Windows\System\sJUCUVQ.exe
  C:\Windows\System\sJUCUVQ.exe
  2⤵
  PID:10196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AmBHjwS.exe

Filesize
6.0MB

MD5
afb13f3896a6bc5da6159e7943abeb26

SHA1
456c6b1a33b8cbe1c96c720d2e46545c62cc0cd7

SHA256
ce43819611cca7d1eb7586bf6218020294e1c33739c292e1d811e4d53a112827

SHA512
e3087bfcfbd24d97c3a033d475e0b895f2e43b4d678091a648a3c4663be3f8814c4b4e7cce84d4f751c8e05fa2797926b8ad1cbdad75c4c0c403503f06b2fb04

Download Submit
C:\Windows\system\BoEsiiX.exe

Filesize
6.0MB

MD5
fa433c37fb157f45197646159a6d82bb

SHA1
7200a60934fb99273690a587ece64b7cc1c681a0

SHA256
570825838d2c98918eecfdbb1afa892d10171ceb77df7588d77c01601991e21a

SHA512
25e7f92b4e9635e17767b3b19fbffd5b699674012b82ee6db52f32bb58796f1c2bea78002b88e736d1b45ea7e3cfd8e3fe63149e75aea9f175b9ab095476ed47

Download Submit
C:\Windows\system\LdUdHkJ.exe

Filesize
6.0MB

MD5
55a1b6a978e56d11205042b4bbb476dc

SHA1
01d38022ab4d6c8a75990dde319959a217c4715e

SHA256
bebfd5b1210b83c9c6a50f27a25c3400d36b834c4117cdb20648db8fa2a19c3f

SHA512
3a6df311ece40f004ced4087e91ce62e35cc158310fb1f681b14d9d72c36ef205edce55ee0371ba13b63f924757c1ca57924d0b30346fc5cf4be2d763d6a0ee7

Download Submit
C:\Windows\system\QMKuhrR.exe

Filesize
6.0MB

MD5
0d86fed46f006255b6e1ecf9594a8491

SHA1
a1eb1a932de7cc9df8e0f1bcb5491dae6c3bd4b9

SHA256
c6474e90de8a19bad7869c0c120891fd217ac7e88d3299f5877b00a0ecf88907

SHA512
c2a84735bc458f7974bd46875e3ba2a0b797d9329e4a4af1265d32aa0ff897907ebecd409a4ad3aa59434bc58eb365339975e3bf38650621e560712f215b3405

Download Submit
C:\Windows\system\RqzjdIQ.exe

Filesize
6.0MB

MD5
3c89f21ce00e300bcc4cbff515a463ce

SHA1
bc2532e1a15ccdd94e051e1fd790fd3ef97fc775

SHA256
2df465a0e5422ae9e5e48c742876f212d9aefec06b09ed363c76dc5a8a69a1c8

SHA512
8622985c1c496a5128465304784e93ac611a7fe08df3d2ebe2ea8d26ec988cab2041cc3fdce2032de8388f342354e795855765004a2f9225d29f659ed76d4665

Download Submit
C:\Windows\system\SufETsJ.exe

Filesize
6.0MB

MD5
155fab0dd37dd676fed1ee069e2556e2

SHA1
cade24505ea8edcd342a875012bfcf33a1246b02

SHA256
f63300e530d6f7f37771038f73c1949342beac57b80808f104d83f98c62ca6f1

SHA512
8b5c48e2b1aa4f2eb67670f2710794da7d4665112bddf787f286e9c848f3d3986b750807bc5a82225d8fa221dc9ab859d84d827a95b2c070ebf61ad14785ac77

Download Submit
C:\Windows\system\WHSgbXC.exe

Filesize
6.0MB

MD5
74fd0a56d0425097844c8f4c9d4d3e55

SHA1
45a6aca9de89d071e69fd92561ff81abe0f0e5a2

SHA256
5e5b7168805e6b13a04f41aed95b0a56b48875cc5b5bfc5712e871107347b8b1

SHA512
03cf40c790ab6bfcecefe494aedb07ec9377a9f198101a6b59875d143fe9c1bab4d8ce42e7d5a84c556616fd27cda22ccd505c6f0a20b6a59366c843efc31ea9

Download Submit
C:\Windows\system\XFfoOjH.exe

Filesize
6.0MB

MD5
81fa64c5fe96aadb257adbaa9982f37f

SHA1
2da6a22bdb724115ed6e613c2d10024d4415231d

SHA256
b6f60de6da51ba2f9d1a42e5ad3d1199e419735622d3f49f140c2e31e05ce1f4

SHA512
8845775c8f2d4bd374b48bdfd8d031b48696a7b31472dcb3a65cb1e90dbcfaea22b71334e51e96461eff593dc06a217b9cc69e9ab8c150f8b83440564ded71fa

Download Submit
C:\Windows\system\XTwzDQX.exe

Filesize
6.0MB

MD5
9419da45bdc645ab72677959199b85c8

SHA1
40ca8f9ab460954e67e1c506cba62ec1418dee42

SHA256
9db04b797818173c87b837d8563018a576cab93194a549de394720e7bc898bf1

SHA512
8e2abdb905ace9f0fd14b5e92794b82b69f1d79e32fb993356b26d7d35c51c709d4750c57071edf5e33b88b1c56dd46bdeec9852c0acc712e8566a1f4aa51997

Download Submit
C:\Windows\system\ZnvTkGR.exe

Filesize
6.0MB

MD5
f22497e2efe3f63906394c7ef3ac09b4

SHA1
b3b1a2803bfa0adde699e152e1daa918d8c71088

SHA256
752afa54c59aca4ec43f7c74165655e23950d58ca08bec3fcc249aaf84e9a731

SHA512
b2a7ae76b465281919568fb5f18cec8224197ef9d4a311e00ae4ec2ed3df8c5479e2aa11b3cca839c6aaf41b4be9b34add89237545a0de0bd7433da59b4a64d0

Download Submit
C:\Windows\system\cATBbEO.exe

Filesize
6.0MB

MD5
a0072b824b56038cdf32a21f8966abb3

SHA1
f9b22dd3ce0905f80e83c345b60436aa512a7eca

SHA256
c6b46ed45bc5d560c056fef3e10024ebba3f66cf73e773fa2ca261206ea99c28

SHA512
5dba1fc1754528aa6a8f84ece300a11d5e9b0eb0d885440229d34e94dc6edc8222c8fb8b0a68f54dcb2f3b1aa7f785718acdcfb066ad373927deeefcd1b95441

Download Submit
C:\Windows\system\ecvCJwF.exe

Filesize
6.0MB

MD5
99a77c5cbdb21984bdc6915e641223b5

SHA1
275fe887d7a6d5203c8322aa7694cbe2194dc584

SHA256
dc987b5031b6c4b77bedace143d7481bdf1bfd09e8221e6c5e21f85939fe2a40

SHA512
5ae60d86d7e125cd7a3854d74939482dd06e023201c8c52594755bfddecc37a6fdf4e870edc61f2412572c92ae6c7fecf985101b5b2a01f542c37050b3987534

Download Submit
C:\Windows\system\fiOazBU.exe

Filesize
6.0MB

MD5
d76b6bf13231f44b466b70b0555e8ef4

SHA1
03c241e60a38d842319daea8b37bba5f7e120e56

SHA256
9095019b017974e6ad32a26c34e2af5eb563bf13eaf3d454086a278109c045a9

SHA512
c8c50ce9dc61f2900696406d30c3b2da99c0acc9cb3cf9688453eb432041e8f8bd4025955bfef24da2c20da4577029c66f0bfea66584102027424bb8c3f54d98

Download Submit
C:\Windows\system\gHVeOOe.exe

Filesize
6.0MB

MD5
f6c42733581988a4c37b8570820959ee

SHA1
920140d497c042de77d9230a8dc148d174b66711

SHA256
2e802d85b04aa1a87ecb184dcab95ee03d820dcef060da92f8e0f7e86686586a

SHA512
5774e4f2061c97f39d57b1d8e2d7315ad167f4240747767b82870fca4a648ca6b014fc4e8d3757f569c82f2149222257bff017aa7a0bb1a968282f12430b7473

Download Submit
C:\Windows\system\hCZFOsW.exe

Filesize
6.0MB

MD5
a837c0243c6e4b5b93f0ecfbddaeaca3

SHA1
2f2476960204c3fe6b674c27a2848c2fa7d8548e

SHA256
5dd611aa3e030766a57371d4f0ba0933bd8908d7b01504eb3b8c18a841f73678

SHA512
a17abe867f14e13a831ca4c9ded58c8eb98941e24314f8a668cb08a87dfcee6b104b8dda50a867159e59cc5f68a17de300177529f3a12f6ca2ed427168950493

Download Submit
C:\Windows\system\hecrXwz.exe

Filesize
6.0MB

MD5
22f246b9898e085ad97738b890a6b77f

SHA1
b774ca739bf65278a8b103466a2b729bdf2dbf11

SHA256
76da4584ec69989ab5638a5641e142b407cb93cf369bbca7402379c38951fe28

SHA512
02e685e25145465ef9cb871658e100ed0e260b3e02e7e030e09398fffadeffb34a42fe2abacc6ff229eaed8771cb501e735411f3656ef6bd91589218feede136

Download Submit
C:\Windows\system\jzuLLCk.exe

Filesize
6.0MB

MD5
8c7060d418c49ff24af24451f2f33426

SHA1
6f9e03cbb398de5a807ef73dcbf59e9d103dad30

SHA256
88314f140ab280fab597aeeb8952a09a1414100847cabddf765974cb8a7e2011

SHA512
1ce6688ffd5c09ecf8386174cf79d8ae47912e3934c33c74ebfd5ead5c4b87a9d7fee0f4ce40e555d5c782c4d5574ff68e0aab49125b3ea0fd7b3b9f9cdc001b

Download Submit
C:\Windows\system\oGRwEVL.exe

Filesize
6.0MB

MD5
e04a3e7a01bcf4027c69bc3f31a42e93

SHA1
e8d1e6431c96721e9f83bb69b7b5ee0f69c2ed77

SHA256
7ee053e9acfda8174b12dd17eed25b6b06096e9c7f3ef06b640d9329e0aca3d9

SHA512
7428b34da8e91a612d62527fbfa030089de7c558f6f9bff79ccb78316d449317027d2d52b0fd2c692cdf085c0cd3e501ee4df0d332b0b423b144442cc1091559

Download Submit
C:\Windows\system\tTHdfik.exe

Filesize
6.0MB

MD5
6abb88294a058b8726adfdb3cc03cfb6

SHA1
f75ff22bbd4ae7cfd852cc58339f098821c8a1eb

SHA256
f7b95e1761f51b18f80fe3037e9586e03791c76170cf1317cbd1e71e40579ed3

SHA512
87133b0655ccdbc48723b1215900a090a4b206206496620b47912faf68900d39f067c80cdd0cb8635317bdf1468082badff9e798b39180b04c98befc42b5cc98

Download Submit
\Windows\system\Eqixhih.exe

Filesize
6.0MB

MD5
f216190c01a25e35a6e00143554fdad5

SHA1
7cba8015e30783a2b2e1cca4aab5a9631d47ec09

SHA256
866f8227ae9825e27fe36eba2b0a95e06536425939ecdeb684c1bd32c0423800

SHA512
dbfd9c8c83e9a7213424dda674d83c22d8115d80ed7d8be554e62bdd6a7ba3445f2a63acd90b35c71590655cbdded779f4f0a51f2312518ff62c830a1b34c0d8

Download Submit
\Windows\system\FysiMXU.exe

Filesize
6.0MB

MD5
1b7e331f5e3c38bb132ff68877860185

SHA1
6aae73bd87e3841e31249cc5e4b28071fef02501

SHA256
e7f8e63133a22ec028fecae97b35184be30e7973931a2d7abafeaf74d0dccb56

SHA512
dedc28e37d9b569af7202af807fb23fb2106b21c233b3f6c66c255e765e2f386a8d0bdd8f513561b939ebf0fe932b5b11bbec627eb784259c90d22396b9631f1

Download Submit
\Windows\system\IPXVnfj.exe

Filesize
6.0MB

MD5
dbddd7673d4cfb380ff8a2745a0fc78b

SHA1
55a0d5bdd6d74a10017731c926a09b8a28fbf29b

SHA256
6d177f18262c54073683b609eeda8e2aed53085040d9cddc116d8a0df172a361

SHA512
4210b6d37fd9e5a4e7a06340f30b6f85381b9894b25e861b98e8e3485576cd56c93faa89c046104e7b6f454f00f032c4a94b14889098023319a86de3d428d77e

Download Submit
\Windows\system\RyQgUDv.exe

Filesize
6.0MB

MD5
8bcbd751b6c7c402b284a606d0437a7d

SHA1
1f2e2b59af6da5d7fd0931146cc075d32a93e554

SHA256
967d0478b2a12b0a65fa11ae09e46991d1a4728d9080fdaa0ef58d37543e6959

SHA512
e2e8a36a323e057bfefde0ec3e6ed14856deabb158d3ffbde38da4e57efa0267e41b46470e0f39a09cf2a3717e971bd248ae6519e1a55b99fb29e7e26d232be9

Download Submit
\Windows\system\SEnnvHS.exe

Filesize
6.0MB

MD5
7e4966f57f029c999dadbf5c21157926

SHA1
6c35a12af2896c51d4d0f827a7c7e2cf6caa57cd

SHA256
9af57041c1b44b0e119f78867435caaa028a1becb52c3be7c60e51eb6bb827f2

SHA512
ff4933c3eaeb056236dfa45baec787342653b85824150b6da77a7817309c913a626ca81b36e47c3b004de147573393c5a14e1e46c848fed99940aae077387f84

Download Submit
\Windows\system\SFRkmNG.exe

Filesize
6.0MB

MD5
c1cd98ced40ec23002d8a6f75dc39dee

SHA1
e1505f9ad5ade4ebcd3f80497465eacfcd50809c

SHA256
407b969e9e620337065af7c7adf9aed31bd5c7067f2f94960a737046f42beb0b

SHA512
323fbff0eb14b878a81512e9c1aa6c63699034ba37c98e2367e1e5482ac44be6e3411120d8525b77ee2b090b5b6cef2eefeda90844c5ffb290d00fd2ea9dfe7e

Download Submit
\Windows\system\UXxDfGi.exe

Filesize
6.0MB

MD5
9fd03bc881ed5370e90d0992b37b3634

SHA1
3b3dcf4940fa54533d5fa896c928e6c7a4e773ff

SHA256
8ccd7930fe90edd82df9623081d6174ccd13c456e52ac4094b032064e4054125

SHA512
39923ae27215d86461e10be4c82e967e7ae18bd9071b8bfd0a22c76d090680f90456f1dc0bf32bcecbde34cf19c71f2457e7fa6b7c34505a5cb1a52780ebfb7a

Download Submit
\Windows\system\ZSWEWAY.exe

Filesize
6.0MB

MD5
ebcd6ffdc0395b8bf7ca7340256be5c9

SHA1
c275d4f43798f995159d9a47f0533b735e37685c

SHA256
9bbd65399f628c758ac370389472ad5759f342402e19be2244de4b296be43b64

SHA512
99289801344a57f101448f55f3ef88b2a10f271d9507214e4b93dd44be662b1caf229f4935c7463bedafa8efc95d73719f881e965277dea18f68e2103ae69e26

Download Submit
\Windows\system\bbpqeOQ.exe

Filesize
6.0MB

MD5
7bd8472fc7ff44a5a827da8da99a6598

SHA1
c6b8bcff834e2856210f17f6d7547c0bf109d2ab

SHA256
7cb502a7a821f39d12b9bf378fa67b694167a675fa157f49ba2bb3af0f6fdc5f

SHA512
bcab4717fae66ddb92d101d6638ebd5d452de389310bb647bbd49080bf7ab3853ed8a1b8caff0bc93978f8168dfac22545340012f86fa494fa21591e8359b0ef

Download Submit
\Windows\system\gcJdWJc.exe

Filesize
6.0MB

MD5
f618184223237f5a7d5d7a8ad9926776

SHA1
a678dc0a28fd102fcd4774443b2a1eb086e97cf6

SHA256
5be34a4c374478c1e727185ce496f511220022847ef80bcd88034673884e39a1

SHA512
f2b3eaad92b76b0a3f76792221cb9ffcbf1f0e3c904cca2f5af5f9c61a55bd94b86eed914aeaac40e6354486a809e7a3fcebba8cacd5d06b95769a3f0822f077

Download Submit
\Windows\system\qwhqqiy.exe

Filesize
6.0MB

MD5
e9ae9c322985bcf3f0b00fd21fc16d84

SHA1
e0ea715c2339617cd2d96601ff34ca356c255916

SHA256
82f1d4d4b13e3c0af300011965b64307156b3e0ae871bc4f89cf249a737c1ae0

SHA512
a0301e31e8a704dd9d37fc34fbec57ae20db2651bfcf2fe7c6378c26117adff84b02bac0cfa57fe0f63bdb1cab46f20817009b4d4b847c207bbb192836a08abe

Download Submit
\Windows\system\weioDSh.exe

Filesize
6.0MB

MD5
5cb39ec7f354bb4b697ff508c72515a5

SHA1
6c82953db9b65c626666cb56a6620a94fede1482

SHA256
e1a8b6d72f84a2fc726d2bb01a761ced076cb136ab31a69b08277170b07d8976

SHA512
2f30e51cdb639f691f8a6d9afd3a2333761ec3ec614d4d7437e730f4bc2c21c2ef24908192bcf2f651962ad5ed45e8752b88b96dcf1730a121d7c7c010548eff

Download Submit
\Windows\system\xPrkfWy.exe

Filesize
6.0MB

MD5
f1d8eeb971f0b659859597835f0a488f

SHA1
9bb8e85617af9ce7099effcb2588482cd1128c8c

SHA256
b9f824393e73f59fd13753fcc7817bcb094eff2ea14a6d86517c955f0f36538f

SHA512
1ba2011950b0f152fdfd5d8ec9cd589b8c62c75a8099b27076692c02f549ad3019a1bd305e4f54462dfb8fa2810afe2fd16d8234e575b4f933b85ec3a409e84d

Download Submit
\Windows\system\zFBhile.exe

Filesize
6.0MB

MD5
e81b1607b3937539aaefaf007e2df879

SHA1
ecb1511150341bfddd9f81cae47fccd23d0b7d39

SHA256
6cf7cdd086f2291a4ad4e928b01a7fed9b9094b7bc88ec84b6f2698f93f49ef5

SHA512
83ba00484387f0be80aca07ca62b9cdbb4ee3ef72c96721698b2c32c0228d4934b5f356940cab881ba938c6af90b75f944accf0f6764683b35b59ded0643bec9

Download Submit
memory/1648-4001-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1648-87-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2004-3999-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2004-78-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-94-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-4002-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-72-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2404-3996-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2488-80-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2488-3988-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2608-61-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2608-3998-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2668-1474-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2668-0-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-74-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2668-18-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2668-76-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-77-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-79-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-71-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2668-81-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-91-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2668-31-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-96-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2668-23-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-41-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2668-27-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-38-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-86-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2692-4000-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2692-29-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2700-26-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-3986-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-13-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-3543-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-3997-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2804-14-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2836-100-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3989-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2836-36-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2876-101-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2876-4003-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/3048-3990-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/3048-75-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/3056-3985-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/3056-70-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download