cobaltstrike | 4e70bbf3e7555febacaa5156be48d008d46b2b89e90fe388c0de156244c55619

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 10:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

acbc248e43d15d0e543e626b12b3af81
SHA1

12a2051d333c4440afe361661d427ed0fabc7907
SHA256

4e70bbf3e7555febacaa5156be48d008d46b2b89e90fe388c0de156244c55619
SHA512

d1cbeaaaa9ca8bfc7d2b8b94448f207f2213e988e3b7316ee582b1e129ec46dd257a5288d066ac7f3f15172f120a292f2e3403eb49a17839655446bffb0d20ed
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUb:T+q56utgpPF8u/7b

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d0e-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d18-15.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d21-23.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d5e-58.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186fd-92.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e1-170.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-190.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019431-184.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019427-180.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941e-175.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c2-165.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b4-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019350-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019334-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019282-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001873d-126.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019023-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878f-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925e-131.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a5-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018784-116.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ea-84.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018728-99.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ee-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e4-76.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018683-67.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d42-53.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d3a-46.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c9d-40.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d31-32.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1968-0-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-6.dat	xmrig
behavioral1/files/0x0008000000016d0e-8.dat	xmrig
behavioral1/files/0x0008000000016d18-15.dat	xmrig
behavioral1/memory/2052-21-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d21-23.dat	xmrig
behavioral1/memory/2312-20-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2520-17-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2188-28-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2736-41-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d5e-58.dat	xmrig
behavioral1/memory/2668-63-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2644-71-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/files/0x00050000000186fd-92.dat	xmrig
behavioral1/files/0x0005000000019261-140.dat	xmrig
behavioral1/files/0x00050000000193e1-170.dat	xmrig
behavioral1/memory/2644-490-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/980-869-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/1128-999-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/1248-1216-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/308-693-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/1968-488-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/memory/2668-245-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/files/0x0005000000019441-190.dat	xmrig
behavioral1/files/0x0005000000019431-184.dat	xmrig
behavioral1/files/0x0005000000019427-180.dat	xmrig
behavioral1/files/0x000500000001941e-175.dat	xmrig
behavioral1/files/0x00050000000193c2-165.dat	xmrig
behavioral1/files/0x00050000000193b4-160.dat	xmrig
behavioral1/files/0x0005000000019350-155.dat	xmrig
behavioral1/files/0x0005000000019334-150.dat	xmrig
behavioral1/files/0x0005000000019282-145.dat	xmrig
behavioral1/files/0x000500000001873d-126.dat	xmrig
behavioral1/files/0x0006000000019023-124.dat	xmrig
behavioral1/files/0x000500000001878f-112.dat	xmrig
behavioral1/files/0x000500000001925e-131.dat	xmrig
behavioral1/files/0x00050000000187a5-119.dat	xmrig
behavioral1/memory/980-85-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/files/0x0005000000018784-116.dat	xmrig
behavioral1/files/0x00050000000186ea-84.dat	xmrig
behavioral1/memory/1248-103-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/1128-100-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/files/0x0005000000018728-99.dat	xmrig
behavioral1/files/0x00050000000186ee-90.dat	xmrig
behavioral1/memory/2736-80-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/308-79-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2764-69-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/2188-68-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/files/0x00050000000186e4-76.dat	xmrig
behavioral1/files/0x0005000000018683-67.dat	xmrig
behavioral1/memory/1572-57-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/2520-55-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d42-53.dat	xmrig
behavioral1/memory/2900-49-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/1968-48-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d3a-46.dat	xmrig
behavioral1/files/0x0008000000016c9d-40.dat	xmrig
behavioral1/memory/2764-37-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d31-32.dat	xmrig
behavioral1/memory/2312-3631-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2052-3654-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2520-3638-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2736-3714-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2764-3728-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2052	ProoLia.exe
2520	eaLPvPx.exe
2312	VmRAtXK.exe
2188	htozBRF.exe
2764	eTBdezE.exe
2736	oGrsaee.exe
2900	aWElAFG.exe
1572	aMjUxgJ.exe
2668	QPXhZqz.exe
2644	lsVKOce.exe
308	VZZdJgu.exe
980	RaznKPW.exe
1128	skOIsdC.exe
1248	boqoWnG.exe
1700	pZuFjqD.exe
2000	AQrwVPo.exe
272	twozqkI.exe
2360	ynCowDc.exe
3048	ItbWzPo.exe
1888	sXTHkQc.exe
2912	mHxnnJx.exe
352	vWpmpDM.exe
2156	pZPFytq.exe
2132	dgycVhK.exe
684	hNmrzcz.exe
2100	GbkMusA.exe
608	jfTqDHP.exe
1048	XZwMmrf.exe
1548	WJOUiGV.exe
680	TJnglzg.exe
408	SbxMnzw.exe
2492	XnuYOQz.exe
1944	qOcNSED.exe
948	qKiTkMz.exe
344	NHaOvAt.exe
2196	scFQnpw.exe
1784	uDglfLD.exe
1192	OHcKGcD.exe
860	tIIDYkS.exe
1620	dZJNWtv.exe
656	HdLcjyr.exe
2480	NpsKYxi.exe
2348	lGkDSQY.exe
2152	RLixAmH.exe
2076	HDrsFrG.exe
1456	mKEEORV.exe
1764	dVImXaw.exe
276	KdEJNwh.exe
2280	gzPDmqq.exe
1768	phQAbdt.exe
1416	JtWsXZd.exe
2392	uHYFZPD.exe
3040	eIVveYj.exe
1492	JCYkYvf.exe
1628	heNqukA.exe
2524	jzyVpWM.exe
2356	bEJPrOQ.exe
2824	wzoVJuL.exe
2620	JunxxIb.exe
2180	myfPyIC.exe
2720	cCyYfQN.exe
2608	ZJdUIos.exe
2144	zLQGgfs.exe
2956	eYaXBOo.exe

Loads dropped DLL 64 IoCs

pid	Process
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1968-0-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/files/0x0007000000012117-6.dat	upx
behavioral1/files/0x0008000000016d0e-8.dat	upx
behavioral1/files/0x0008000000016d18-15.dat	upx
behavioral1/memory/2052-21-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/files/0x0008000000016d21-23.dat	upx
behavioral1/memory/2312-20-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2520-17-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2188-28-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2736-41-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/files/0x0009000000016d5e-58.dat	upx
behavioral1/memory/2668-63-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2644-71-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/files/0x00050000000186fd-92.dat	upx
behavioral1/files/0x0005000000019261-140.dat	upx
behavioral1/files/0x00050000000193e1-170.dat	upx
behavioral1/memory/2644-490-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/980-869-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/1128-999-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/1248-1216-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/308-693-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2668-245-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/files/0x0005000000019441-190.dat	upx
behavioral1/files/0x0005000000019431-184.dat	upx
behavioral1/files/0x0005000000019427-180.dat	upx
behavioral1/files/0x000500000001941e-175.dat	upx
behavioral1/files/0x00050000000193c2-165.dat	upx
behavioral1/files/0x00050000000193b4-160.dat	upx
behavioral1/files/0x0005000000019350-155.dat	upx
behavioral1/files/0x0005000000019334-150.dat	upx
behavioral1/files/0x0005000000019282-145.dat	upx
behavioral1/files/0x000500000001873d-126.dat	upx
behavioral1/files/0x0006000000019023-124.dat	upx
behavioral1/files/0x000500000001878f-112.dat	upx
behavioral1/files/0x000500000001925e-131.dat	upx
behavioral1/files/0x00050000000187a5-119.dat	upx
behavioral1/memory/980-85-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/files/0x0005000000018784-116.dat	upx
behavioral1/files/0x00050000000186ea-84.dat	upx
behavioral1/memory/1248-103-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/1128-100-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/files/0x0005000000018728-99.dat	upx
behavioral1/files/0x00050000000186ee-90.dat	upx
behavioral1/memory/2736-80-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/308-79-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2764-69-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2188-68-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/files/0x00050000000186e4-76.dat	upx
behavioral1/files/0x0005000000018683-67.dat	upx
behavioral1/memory/1572-57-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2520-55-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/files/0x0007000000016d42-53.dat	upx
behavioral1/memory/2900-49-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/1968-48-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/files/0x0007000000016d3a-46.dat	upx
behavioral1/files/0x0008000000016c9d-40.dat	upx
behavioral1/memory/2764-37-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/files/0x0007000000016d31-32.dat	upx
behavioral1/memory/2312-3631-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2052-3654-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2520-3638-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2736-3714-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2764-3728-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2900-3727-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\tYTeCkB.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xDblyQv.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TXtQEKi.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MXeWGiM.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pyhrGBC.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WhPiNan.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TmiharX.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uDxpuBT.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cYwcPhZ.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fjvxjtx.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\suwBurK.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uTAbHhV.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JbnFbuF.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rsCsNDq.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sjNACWy.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TeAECaw.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AKBgAcW.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Wzptliq.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dmJVxGW.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NJEDqTp.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sCKGiHE.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Trcvegz.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tDZDYBu.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZTpjbSP.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZYfygKx.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xYdvLJf.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hIgFfXa.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\akwNXST.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wsAnSwn.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mOqwmGD.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RqUfMRN.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZsnUPOu.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PjAIJZN.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nLnvXqy.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wWafQJi.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mnizcRN.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RrxOnkv.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hxgQgVR.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UReDXUt.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NktAfAt.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IjAANOv.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lHAmYpv.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PKQWaxB.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\phYbANH.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HiefJuQ.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PDPLHDQ.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\unskAFn.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YMAqNry.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LsvKXCy.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZkvJiDh.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RPnRgnG.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hrnkXLZ.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zbWTOJi.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WMtoMkZ.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FheeehR.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NZsWRBd.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JBcEpZm.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kUlgzeI.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GkujnRA.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vnkKMIQ.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZrHkbgU.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vaLENvY.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RIIljyv.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vprUhvv.exe	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 2052	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1968 wrote to memory of 2052	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1968 wrote to memory of 2052	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1968 wrote to memory of 2520	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1968 wrote to memory of 2520	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1968 wrote to memory of 2520	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1968 wrote to memory of 2312	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1968 wrote to memory of 2312	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1968 wrote to memory of 2312	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1968 wrote to memory of 2188	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1968 wrote to memory of 2188	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1968 wrote to memory of 2188	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1968 wrote to memory of 2764	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1968 wrote to memory of 2764	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1968 wrote to memory of 2764	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1968 wrote to memory of 2736	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1968 wrote to memory of 2736	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1968 wrote to memory of 2736	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1968 wrote to memory of 2900	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1968 wrote to memory of 2900	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1968 wrote to memory of 2900	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1968 wrote to memory of 1572	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1968 wrote to memory of 1572	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1968 wrote to memory of 1572	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1968 wrote to memory of 2668	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1968 wrote to memory of 2668	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1968 wrote to memory of 2668	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1968 wrote to memory of 2644	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1968 wrote to memory of 2644	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1968 wrote to memory of 2644	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1968 wrote to memory of 308	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1968 wrote to memory of 308	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1968 wrote to memory of 308	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1968 wrote to memory of 980	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1968 wrote to memory of 980	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1968 wrote to memory of 980	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1968 wrote to memory of 1128	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1968 wrote to memory of 1128	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1968 wrote to memory of 1128	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1968 wrote to memory of 272	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1968 wrote to memory of 272	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1968 wrote to memory of 272	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1968 wrote to memory of 1248	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1968 wrote to memory of 1248	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1968 wrote to memory of 1248	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1968 wrote to memory of 2360	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1968 wrote to memory of 2360	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1968 wrote to memory of 2360	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1968 wrote to memory of 1700	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1968 wrote to memory of 1700	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1968 wrote to memory of 1700	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1968 wrote to memory of 1888	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1968 wrote to memory of 1888	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1968 wrote to memory of 1888	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1968 wrote to memory of 2000	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1968 wrote to memory of 2000	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1968 wrote to memory of 2000	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1968 wrote to memory of 2912	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1968 wrote to memory of 2912	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1968 wrote to memory of 2912	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1968 wrote to memory of 3048	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1968 wrote to memory of 3048	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1968 wrote to memory of 3048	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1968 wrote to memory of 352	1968	2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_acbc248e43d15d0e543e626b12b3af81_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Windows\System\ProoLia.exe
  C:\Windows\System\ProoLia.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\eaLPvPx.exe
  C:\Windows\System\eaLPvPx.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\VmRAtXK.exe
  C:\Windows\System\VmRAtXK.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\htozBRF.exe
  C:\Windows\System\htozBRF.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\eTBdezE.exe
  C:\Windows\System\eTBdezE.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\oGrsaee.exe
  C:\Windows\System\oGrsaee.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\aWElAFG.exe
  C:\Windows\System\aWElAFG.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\aMjUxgJ.exe
  C:\Windows\System\aMjUxgJ.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\QPXhZqz.exe
  C:\Windows\System\QPXhZqz.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\lsVKOce.exe
  C:\Windows\System\lsVKOce.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\VZZdJgu.exe
  C:\Windows\System\VZZdJgu.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\RaznKPW.exe
  C:\Windows\System\RaznKPW.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\skOIsdC.exe
  C:\Windows\System\skOIsdC.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\twozqkI.exe
  C:\Windows\System\twozqkI.exe
  2⤵
  - Executes dropped EXE
  PID:272
- C:\Windows\System\boqoWnG.exe
  C:\Windows\System\boqoWnG.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\ynCowDc.exe
  C:\Windows\System\ynCowDc.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\pZuFjqD.exe
  C:\Windows\System\pZuFjqD.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\sXTHkQc.exe
  C:\Windows\System\sXTHkQc.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\AQrwVPo.exe
  C:\Windows\System\AQrwVPo.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\mHxnnJx.exe
  C:\Windows\System\mHxnnJx.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\ItbWzPo.exe
  C:\Windows\System\ItbWzPo.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\vWpmpDM.exe
  C:\Windows\System\vWpmpDM.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\pZPFytq.exe
  C:\Windows\System\pZPFytq.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\dgycVhK.exe
  C:\Windows\System\dgycVhK.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\hNmrzcz.exe
  C:\Windows\System\hNmrzcz.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\GbkMusA.exe
  C:\Windows\System\GbkMusA.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\jfTqDHP.exe
  C:\Windows\System\jfTqDHP.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\XZwMmrf.exe
  C:\Windows\System\XZwMmrf.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\WJOUiGV.exe
  C:\Windows\System\WJOUiGV.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\TJnglzg.exe
  C:\Windows\System\TJnglzg.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\SbxMnzw.exe
  C:\Windows\System\SbxMnzw.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\XnuYOQz.exe
  C:\Windows\System\XnuYOQz.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\qOcNSED.exe
  C:\Windows\System\qOcNSED.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\qKiTkMz.exe
  C:\Windows\System\qKiTkMz.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\NHaOvAt.exe
  C:\Windows\System\NHaOvAt.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\scFQnpw.exe
  C:\Windows\System\scFQnpw.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\uDglfLD.exe
  C:\Windows\System\uDglfLD.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\OHcKGcD.exe
  C:\Windows\System\OHcKGcD.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\tIIDYkS.exe
  C:\Windows\System\tIIDYkS.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\dZJNWtv.exe
  C:\Windows\System\dZJNWtv.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\HdLcjyr.exe
  C:\Windows\System\HdLcjyr.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\NpsKYxi.exe
  C:\Windows\System\NpsKYxi.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\lGkDSQY.exe
  C:\Windows\System\lGkDSQY.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\RLixAmH.exe
  C:\Windows\System\RLixAmH.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\HDrsFrG.exe
  C:\Windows\System\HDrsFrG.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\mKEEORV.exe
  C:\Windows\System\mKEEORV.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\dVImXaw.exe
  C:\Windows\System\dVImXaw.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\KdEJNwh.exe
  C:\Windows\System\KdEJNwh.exe
  2⤵
  - Executes dropped EXE
  PID:276
- C:\Windows\System\gzPDmqq.exe
  C:\Windows\System\gzPDmqq.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\phQAbdt.exe
  C:\Windows\System\phQAbdt.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\JtWsXZd.exe
  C:\Windows\System\JtWsXZd.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\uHYFZPD.exe
  C:\Windows\System\uHYFZPD.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\eIVveYj.exe
  C:\Windows\System\eIVveYj.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\JCYkYvf.exe
  C:\Windows\System\JCYkYvf.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\heNqukA.exe
  C:\Windows\System\heNqukA.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\jzyVpWM.exe
  C:\Windows\System\jzyVpWM.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\bEJPrOQ.exe
  C:\Windows\System\bEJPrOQ.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\wzoVJuL.exe
  C:\Windows\System\wzoVJuL.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\JunxxIb.exe
  C:\Windows\System\JunxxIb.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\myfPyIC.exe
  C:\Windows\System\myfPyIC.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\cCyYfQN.exe
  C:\Windows\System\cCyYfQN.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\ZJdUIos.exe
  C:\Windows\System\ZJdUIos.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\zLQGgfs.exe
  C:\Windows\System\zLQGgfs.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\eYaXBOo.exe
  C:\Windows\System\eYaXBOo.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\eIHthiB.exe
  C:\Windows\System\eIHthiB.exe
  2⤵
  PID:2924
- C:\Windows\System\fjvxjtx.exe
  C:\Windows\System\fjvxjtx.exe
  2⤵
  PID:2712
- C:\Windows\System\FlovEjR.exe
  C:\Windows\System\FlovEjR.exe
  2⤵
  PID:2512
- C:\Windows\System\ljtSsBw.exe
  C:\Windows\System\ljtSsBw.exe
  2⤵
  PID:2368
- C:\Windows\System\suwBurK.exe
  C:\Windows\System\suwBurK.exe
  2⤵
  PID:1540
- C:\Windows\System\hEAxiHy.exe
  C:\Windows\System\hEAxiHy.exe
  2⤵
  PID:1876
- C:\Windows\System\NGjuWGX.exe
  C:\Windows\System\NGjuWGX.exe
  2⤵
  PID:2324
- C:\Windows\System\RtLejBx.exe
  C:\Windows\System\RtLejBx.exe
  2⤵
  PID:628
- C:\Windows\System\EQaKTGH.exe
  C:\Windows\System\EQaKTGH.exe
  2⤵
  PID:2372
- C:\Windows\System\OpWRiAF.exe
  C:\Windows\System\OpWRiAF.exe
  2⤵
  PID:2084
- C:\Windows\System\xKQSrwk.exe
  C:\Windows\System\xKQSrwk.exe
  2⤵
  PID:1104
- C:\Windows\System\dLzzpda.exe
  C:\Windows\System\dLzzpda.exe
  2⤵
  PID:1464
- C:\Windows\System\Wzptliq.exe
  C:\Windows\System\Wzptliq.exe
  2⤵
  PID:1736
- C:\Windows\System\GGkvSIw.exe
  C:\Windows\System\GGkvSIw.exe
  2⤵
  PID:284
- C:\Windows\System\eAHXamV.exe
  C:\Windows\System\eAHXamV.exe
  2⤵
  PID:1008
- C:\Windows\System\iQJNgqA.exe
  C:\Windows\System\iQJNgqA.exe
  2⤵
  PID:1576
- C:\Windows\System\PzaEyEB.exe
  C:\Windows\System\PzaEyEB.exe
  2⤵
  PID:924
- C:\Windows\System\fGWhroK.exe
  C:\Windows\System\fGWhroK.exe
  2⤵
  PID:2120
- C:\Windows\System\LjqEqnb.exe
  C:\Windows\System\LjqEqnb.exe
  2⤵
  PID:1296
- C:\Windows\System\iZESQYl.exe
  C:\Windows\System\iZESQYl.exe
  2⤵
  PID:2740
- C:\Windows\System\KJJUtLT.exe
  C:\Windows\System\KJJUtLT.exe
  2⤵
  PID:564
- C:\Windows\System\Opvuumu.exe
  C:\Windows\System\Opvuumu.exe
  2⤵
  PID:1256
- C:\Windows\System\zEgiGFe.exe
  C:\Windows\System\zEgiGFe.exe
  2⤵
  PID:868
- C:\Windows\System\gOxwztD.exe
  C:\Windows\System\gOxwztD.exe
  2⤵
  PID:2696
- C:\Windows\System\lNnjPrz.exe
  C:\Windows\System\lNnjPrz.exe
  2⤵
  PID:1644
- C:\Windows\System\JupbqjN.exe
  C:\Windows\System\JupbqjN.exe
  2⤵
  PID:1524
- C:\Windows\System\wefTuqY.exe
  C:\Windows\System\wefTuqY.exe
  2⤵
  PID:2908
- C:\Windows\System\DhqkPqj.exe
  C:\Windows\System\DhqkPqj.exe
  2⤵
  PID:2960
- C:\Windows\System\zdBErif.exe
  C:\Windows\System\zdBErif.exe
  2⤵
  PID:2888
- C:\Windows\System\ARZUeVk.exe
  C:\Windows\System\ARZUeVk.exe
  2⤵
  PID:2112
- C:\Windows\System\OQHasoW.exe
  C:\Windows\System\OQHasoW.exe
  2⤵
  PID:1712
- C:\Windows\System\MobTwgE.exe
  C:\Windows\System\MobTwgE.exe
  2⤵
  PID:2004
- C:\Windows\System\beKZsue.exe
  C:\Windows\System\beKZsue.exe
  2⤵
  PID:2928
- C:\Windows\System\btWqkIY.exe
  C:\Windows\System\btWqkIY.exe
  2⤵
  PID:1996
- C:\Windows\System\hIgFfXa.exe
  C:\Windows\System\hIgFfXa.exe
  2⤵
  PID:1656
- C:\Windows\System\iqJFVuX.exe
  C:\Windows\System\iqJFVuX.exe
  2⤵
  PID:2164
- C:\Windows\System\CxtbeWV.exe
  C:\Windows\System\CxtbeWV.exe
  2⤵
  PID:3020
- C:\Windows\System\aNIeqbn.exe
  C:\Windows\System\aNIeqbn.exe
  2⤵
  PID:2304
- C:\Windows\System\VrUZLxQ.exe
  C:\Windows\System\VrUZLxQ.exe
  2⤵
  PID:2968
- C:\Windows\System\zvtLxNY.exe
  C:\Windows\System\zvtLxNY.exe
  2⤵
  PID:2248
- C:\Windows\System\YdjaHVV.exe
  C:\Windows\System\YdjaHVV.exe
  2⤵
  PID:2944
- C:\Windows\System\YaPyqVc.exe
  C:\Windows\System\YaPyqVc.exe
  2⤵
  PID:2268
- C:\Windows\System\uNeObMY.exe
  C:\Windows\System\uNeObMY.exe
  2⤵
  PID:3056
- C:\Windows\System\qWXuQHR.exe
  C:\Windows\System\qWXuQHR.exe
  2⤵
  PID:2432
- C:\Windows\System\kgKsojO.exe
  C:\Windows\System\kgKsojO.exe
  2⤵
  PID:1760
- C:\Windows\System\gztJepn.exe
  C:\Windows\System\gztJepn.exe
  2⤵
  PID:2388
- C:\Windows\System\StAjTaX.exe
  C:\Windows\System\StAjTaX.exe
  2⤵
  PID:3080
- C:\Windows\System\kUlgzeI.exe
  C:\Windows\System\kUlgzeI.exe
  2⤵
  PID:3100
- C:\Windows\System\xdSVcxU.exe
  C:\Windows\System\xdSVcxU.exe
  2⤵
  PID:3124
- C:\Windows\System\KtDiXrI.exe
  C:\Windows\System\KtDiXrI.exe
  2⤵
  PID:3152
- C:\Windows\System\jpyAgwZ.exe
  C:\Windows\System\jpyAgwZ.exe
  2⤵
  PID:3168
- C:\Windows\System\hNyvOoM.exe
  C:\Windows\System\hNyvOoM.exe
  2⤵
  PID:3188
- C:\Windows\System\uTAbHhV.exe
  C:\Windows\System\uTAbHhV.exe
  2⤵
  PID:3208
- C:\Windows\System\PGBLZjW.exe
  C:\Windows\System\PGBLZjW.exe
  2⤵
  PID:3224
- C:\Windows\System\wTPXvkD.exe
  C:\Windows\System\wTPXvkD.exe
  2⤵
  PID:3240
- C:\Windows\System\eLBVgsX.exe
  C:\Windows\System\eLBVgsX.exe
  2⤵
  PID:3256
- C:\Windows\System\XWzAdgT.exe
  C:\Windows\System\XWzAdgT.exe
  2⤵
  PID:3272
- C:\Windows\System\NBLKDRH.exe
  C:\Windows\System\NBLKDRH.exe
  2⤵
  PID:3288
- C:\Windows\System\MkZwGrS.exe
  C:\Windows\System\MkZwGrS.exe
  2⤵
  PID:3304
- C:\Windows\System\uESXkXw.exe
  C:\Windows\System\uESXkXw.exe
  2⤵
  PID:3320
- C:\Windows\System\VgADAen.exe
  C:\Windows\System\VgADAen.exe
  2⤵
  PID:3336
- C:\Windows\System\OAAgiiC.exe
  C:\Windows\System\OAAgiiC.exe
  2⤵
  PID:3352
- C:\Windows\System\istPENW.exe
  C:\Windows\System\istPENW.exe
  2⤵
  PID:3368
- C:\Windows\System\gUBoVuj.exe
  C:\Windows\System\gUBoVuj.exe
  2⤵
  PID:3384
- C:\Windows\System\ShBjqKI.exe
  C:\Windows\System\ShBjqKI.exe
  2⤵
  PID:3400
- C:\Windows\System\YzCgwAg.exe
  C:\Windows\System\YzCgwAg.exe
  2⤵
  PID:3420
- C:\Windows\System\EnnttsX.exe
  C:\Windows\System\EnnttsX.exe
  2⤵
  PID:3448
- C:\Windows\System\RGoaCEb.exe
  C:\Windows\System\RGoaCEb.exe
  2⤵
  PID:3476
- C:\Windows\System\akwNXST.exe
  C:\Windows\System\akwNXST.exe
  2⤵
  PID:3496
- C:\Windows\System\HPUgdHy.exe
  C:\Windows\System\HPUgdHy.exe
  2⤵
  PID:3516
- C:\Windows\System\iTcYLrH.exe
  C:\Windows\System\iTcYLrH.exe
  2⤵
  PID:3580
- C:\Windows\System\TtjLfPH.exe
  C:\Windows\System\TtjLfPH.exe
  2⤵
  PID:3604
- C:\Windows\System\unskAFn.exe
  C:\Windows\System\unskAFn.exe
  2⤵
  PID:3620
- C:\Windows\System\DUTfade.exe
  C:\Windows\System\DUTfade.exe
  2⤵
  PID:3648
- C:\Windows\System\TRoyDAc.exe
  C:\Windows\System\TRoyDAc.exe
  2⤵
  PID:3668
- C:\Windows\System\rUGpzom.exe
  C:\Windows\System\rUGpzom.exe
  2⤵
  PID:3684
- C:\Windows\System\aVBegcA.exe
  C:\Windows\System\aVBegcA.exe
  2⤵
  PID:3700
- C:\Windows\System\QdrBInx.exe
  C:\Windows\System\QdrBInx.exe
  2⤵
  PID:3720
- C:\Windows\System\dlnflgl.exe
  C:\Windows\System\dlnflgl.exe
  2⤵
  PID:3736
- C:\Windows\System\SWUGRVu.exe
  C:\Windows\System\SWUGRVu.exe
  2⤵
  PID:3752
- C:\Windows\System\KloFopL.exe
  C:\Windows\System\KloFopL.exe
  2⤵
  PID:3768
- C:\Windows\System\sjgSPeO.exe
  C:\Windows\System\sjgSPeO.exe
  2⤵
  PID:3788
- C:\Windows\System\UReDXUt.exe
  C:\Windows\System\UReDXUt.exe
  2⤵
  PID:3812
- C:\Windows\System\rzOvGve.exe
  C:\Windows\System\rzOvGve.exe
  2⤵
  PID:3832
- C:\Windows\System\TbeSQQF.exe
  C:\Windows\System\TbeSQQF.exe
  2⤵
  PID:3848
- C:\Windows\System\jZcDybh.exe
  C:\Windows\System\jZcDybh.exe
  2⤵
  PID:3880
- C:\Windows\System\TryUQwy.exe
  C:\Windows\System\TryUQwy.exe
  2⤵
  PID:3896
- C:\Windows\System\HwAECVX.exe
  C:\Windows\System\HwAECVX.exe
  2⤵
  PID:3916
- C:\Windows\System\RGeVKoP.exe
  C:\Windows\System\RGeVKoP.exe
  2⤵
  PID:3932
- C:\Windows\System\PMqRmbF.exe
  C:\Windows\System\PMqRmbF.exe
  2⤵
  PID:3952
- C:\Windows\System\EwuHBOG.exe
  C:\Windows\System\EwuHBOG.exe
  2⤵
  PID:3968
- C:\Windows\System\TIKJqdz.exe
  C:\Windows\System\TIKJqdz.exe
  2⤵
  PID:3984
- C:\Windows\System\IdLflaW.exe
  C:\Windows\System\IdLflaW.exe
  2⤵
  PID:4012
- C:\Windows\System\tmhZiSN.exe
  C:\Windows\System\tmhZiSN.exe
  2⤵
  PID:4040
- C:\Windows\System\IBrZIzx.exe
  C:\Windows\System\IBrZIzx.exe
  2⤵
  PID:4056
- C:\Windows\System\bDgqnEO.exe
  C:\Windows\System\bDgqnEO.exe
  2⤵
  PID:4084
- C:\Windows\System\TofCpWh.exe
  C:\Windows\System\TofCpWh.exe
  2⤵
  PID:1956
- C:\Windows\System\oalUqSI.exe
  C:\Windows\System\oalUqSI.exe
  2⤵
  PID:2872
- C:\Windows\System\rjPoQqt.exe
  C:\Windows\System\rjPoQqt.exe
  2⤵
  PID:2612
- C:\Windows\System\idvpDuC.exe
  C:\Windows\System\idvpDuC.exe
  2⤵
  PID:2420
- C:\Windows\System\dWztRXJ.exe
  C:\Windows\System\dWztRXJ.exe
  2⤵
  PID:532
- C:\Windows\System\bwjYoEr.exe
  C:\Windows\System\bwjYoEr.exe
  2⤵
  PID:1684
- C:\Windows\System\SjTABAO.exe
  C:\Windows\System\SjTABAO.exe
  2⤵
  PID:1680
- C:\Windows\System\sclIuZE.exe
  C:\Windows\System\sclIuZE.exe
  2⤵
  PID:2212
- C:\Windows\System\GGRVSrQ.exe
  C:\Windows\System\GGRVSrQ.exe
  2⤵
  PID:2104
- C:\Windows\System\KciHBzg.exe
  C:\Windows\System\KciHBzg.exe
  2⤵
  PID:3132
- C:\Windows\System\iMHgFhH.exe
  C:\Windows\System\iMHgFhH.exe
  2⤵
  PID:3180
- C:\Windows\System\wazxIis.exe
  C:\Windows\System\wazxIis.exe
  2⤵
  PID:1568
- C:\Windows\System\kfddbzp.exe
  C:\Windows\System\kfddbzp.exe
  2⤵
  PID:644
- C:\Windows\System\LgFjWKR.exe
  C:\Windows\System\LgFjWKR.exe
  2⤵
  PID:3216
- C:\Windows\System\oGzbxRX.exe
  C:\Windows\System\oGzbxRX.exe
  2⤵
  PID:3252
- C:\Windows\System\deKraCe.exe
  C:\Windows\System\deKraCe.exe
  2⤵
  PID:3312
- C:\Windows\System\OPDpprC.exe
  C:\Windows\System\OPDpprC.exe
  2⤵
  PID:2952
- C:\Windows\System\jUODAfy.exe
  C:\Windows\System\jUODAfy.exe
  2⤵
  PID:2256
- C:\Windows\System\QQWvrPn.exe
  C:\Windows\System\QQWvrPn.exe
  2⤵
  PID:3112
- C:\Windows\System\xzTybkw.exe
  C:\Windows\System\xzTybkw.exe
  2⤵
  PID:3408
- C:\Windows\System\JtQTxOO.exe
  C:\Windows\System\JtQTxOO.exe
  2⤵
  PID:3464
- C:\Windows\System\WOMbkGp.exe
  C:\Windows\System\WOMbkGp.exe
  2⤵
  PID:3160
- C:\Windows\System\FJnqXyt.exe
  C:\Windows\System\FJnqXyt.exe
  2⤵
  PID:3592
- C:\Windows\System\QaZtDSD.exe
  C:\Windows\System\QaZtDSD.exe
  2⤵
  PID:3440
- C:\Windows\System\YtXPdAp.exe
  C:\Windows\System\YtXPdAp.exe
  2⤵
  PID:3392
- C:\Windows\System\RXaWeNq.exe
  C:\Windows\System\RXaWeNq.exe
  2⤵
  PID:3300
- C:\Windows\System\xpyOkOw.exe
  C:\Windows\System\xpyOkOw.exe
  2⤵
  PID:3232
- C:\Windows\System\PuHWBVu.exe
  C:\Windows\System\PuHWBVu.exe
  2⤵
  PID:3556
- C:\Windows\System\GkujnRA.exe
  C:\Windows\System\GkujnRA.exe
  2⤵
  PID:3576
- C:\Windows\System\QQZOEWY.exe
  C:\Windows\System\QQZOEWY.exe
  2⤵
  PID:3612
- C:\Windows\System\iKEwjaR.exe
  C:\Windows\System\iKEwjaR.exe
  2⤵
  PID:3748
- C:\Windows\System\FnEhDiN.exe
  C:\Windows\System\FnEhDiN.exe
  2⤵
  PID:3828
- C:\Windows\System\Ursvzbj.exe
  C:\Windows\System\Ursvzbj.exe
  2⤵
  PID:3808
- C:\Windows\System\PxSpCIU.exe
  C:\Windows\System\PxSpCIU.exe
  2⤵
  PID:3840
- C:\Windows\System\KIFsGBH.exe
  C:\Windows\System\KIFsGBH.exe
  2⤵
  PID:3800
- C:\Windows\System\XlBMEVn.exe
  C:\Windows\System\XlBMEVn.exe
  2⤵
  PID:3728
- C:\Windows\System\XwzxJPm.exe
  C:\Windows\System\XwzxJPm.exe
  2⤵
  PID:3948
- C:\Windows\System\fCdVAyW.exe
  C:\Windows\System\fCdVAyW.exe
  2⤵
  PID:4036
- C:\Windows\System\DNopzxn.exe
  C:\Windows\System\DNopzxn.exe
  2⤵
  PID:4080
- C:\Windows\System\ILXIgOf.exe
  C:\Windows\System\ILXIgOf.exe
  2⤵
  PID:2444
- C:\Windows\System\AOboZuH.exe
  C:\Windows\System\AOboZuH.exe
  2⤵
  PID:3052
- C:\Windows\System\TuURLWB.exe
  C:\Windows\System\TuURLWB.exe
  2⤵
  PID:3092
- C:\Windows\System\pmvObVG.exe
  C:\Windows\System\pmvObVG.exe
  2⤵
  PID:3892
- C:\Windows\System\RPnRgnG.exe
  C:\Windows\System\RPnRgnG.exe
  2⤵
  PID:3964
- C:\Windows\System\NpcGUDQ.exe
  C:\Windows\System\NpcGUDQ.exe
  2⤵
  PID:3096
- C:\Windows\System\YRAotkp.exe
  C:\Windows\System\YRAotkp.exe
  2⤵
  PID:1776
- C:\Windows\System\iyQJPMR.exe
  C:\Windows\System\iyQJPMR.exe
  2⤵
  PID:1512
- C:\Windows\System\ZgzqrBC.exe
  C:\Windows\System\ZgzqrBC.exe
  2⤵
  PID:3076
- C:\Windows\System\hosAVQp.exe
  C:\Windows\System\hosAVQp.exe
  2⤵
  PID:1308
- C:\Windows\System\scLjwzo.exe
  C:\Windows\System\scLjwzo.exe
  2⤵
  PID:3508
- C:\Windows\System\tRtfOeI.exe
  C:\Windows\System\tRtfOeI.exe
  2⤵
  PID:2476
- C:\Windows\System\ixqVmUC.exe
  C:\Windows\System\ixqVmUC.exe
  2⤵
  PID:3148
- C:\Windows\System\MQYrwqg.exe
  C:\Windows\System\MQYrwqg.exe
  2⤵
  PID:3376
- C:\Windows\System\AxaOFjp.exe
  C:\Windows\System\AxaOFjp.exe
  2⤵
  PID:3200
- C:\Windows\System\wPzTydL.exe
  C:\Windows\System\wPzTydL.exe
  2⤵
  PID:3144
- C:\Windows\System\RovUXdU.exe
  C:\Windows\System\RovUXdU.exe
  2⤵
  PID:3220
- C:\Windows\System\nnnoEAw.exe
  C:\Windows\System\nnnoEAw.exe
  2⤵
  PID:3488
- C:\Windows\System\RVkHQgG.exe
  C:\Windows\System\RVkHQgG.exe
  2⤵
  PID:3328
- C:\Windows\System\EgqzeKz.exe
  C:\Windows\System\EgqzeKz.exe
  2⤵
  PID:3548
- C:\Windows\System\tdNchyc.exe
  C:\Windows\System\tdNchyc.exe
  2⤵
  PID:3268
- C:\Windows\System\pXdaBjc.exe
  C:\Windows\System\pXdaBjc.exe
  2⤵
  PID:3236
- C:\Windows\System\UcfHdax.exe
  C:\Windows\System\UcfHdax.exe
  2⤵
  PID:3572
- C:\Windows\System\uDxpuBT.exe
  C:\Windows\System\uDxpuBT.exe
  2⤵
  PID:3664
- C:\Windows\System\NapMLhr.exe
  C:\Windows\System\NapMLhr.exe
  2⤵
  PID:3872
- C:\Windows\System\nyJBgdY.exe
  C:\Windows\System\nyJBgdY.exe
  2⤵
  PID:3732
- C:\Windows\System\TuJFscp.exe
  C:\Windows\System\TuJFscp.exe
  2⤵
  PID:4020
- C:\Windows\System\VheifCK.exe
  C:\Windows\System\VheifCK.exe
  2⤵
  PID:3844
- C:\Windows\System\WJjKoxe.exe
  C:\Windows\System\WJjKoxe.exe
  2⤵
  PID:2680
- C:\Windows\System\TBtSqrD.exe
  C:\Windows\System\TBtSqrD.exe
  2⤵
  PID:4008
- C:\Windows\System\wsAnSwn.exe
  C:\Windows\System\wsAnSwn.exe
  2⤵
  PID:1404
- C:\Windows\System\JbnFbuF.exe
  C:\Windows\System\JbnFbuF.exe
  2⤵
  PID:3504
- C:\Windows\System\lQGwLVp.exe
  C:\Windows\System\lQGwLVp.exe
  2⤵
  PID:1780
- C:\Windows\System\JruyckC.exe
  C:\Windows\System\JruyckC.exe
  2⤵
  PID:4112
- C:\Windows\System\kCFjVoX.exe
  C:\Windows\System\kCFjVoX.exe
  2⤵
  PID:4132
- C:\Windows\System\ytJaQiU.exe
  C:\Windows\System\ytJaQiU.exe
  2⤵
  PID:4152
- C:\Windows\System\juFdKcC.exe
  C:\Windows\System\juFdKcC.exe
  2⤵
  PID:4168
- C:\Windows\System\fZlFvcO.exe
  C:\Windows\System\fZlFvcO.exe
  2⤵
  PID:4184
- C:\Windows\System\vaLENvY.exe
  C:\Windows\System\vaLENvY.exe
  2⤵
  PID:4208
- C:\Windows\System\HvfoTPi.exe
  C:\Windows\System\HvfoTPi.exe
  2⤵
  PID:4248
- C:\Windows\System\ZXfZDCd.exe
  C:\Windows\System\ZXfZDCd.exe
  2⤵
  PID:4284
- C:\Windows\System\ouimeEE.exe
  C:\Windows\System\ouimeEE.exe
  2⤵
  PID:4300
- C:\Windows\System\nqlLprF.exe
  C:\Windows\System\nqlLprF.exe
  2⤵
  PID:4320
- C:\Windows\System\MNheezE.exe
  C:\Windows\System\MNheezE.exe
  2⤵
  PID:4336
- C:\Windows\System\uqubOmR.exe
  C:\Windows\System\uqubOmR.exe
  2⤵
  PID:4360
- C:\Windows\System\TljCnEM.exe
  C:\Windows\System\TljCnEM.exe
  2⤵
  PID:4376
- C:\Windows\System\qrhMPnE.exe
  C:\Windows\System\qrhMPnE.exe
  2⤵
  PID:4404
- C:\Windows\System\SzpzCzL.exe
  C:\Windows\System\SzpzCzL.exe
  2⤵
  PID:4420
- C:\Windows\System\dLUJMpq.exe
  C:\Windows\System\dLUJMpq.exe
  2⤵
  PID:4440
- C:\Windows\System\OUVjlMQ.exe
  C:\Windows\System\OUVjlMQ.exe
  2⤵
  PID:4460
- C:\Windows\System\wDWyWaW.exe
  C:\Windows\System\wDWyWaW.exe
  2⤵
  PID:4480
- C:\Windows\System\mRwwXHz.exe
  C:\Windows\System\mRwwXHz.exe
  2⤵
  PID:4504
- C:\Windows\System\RVWhydA.exe
  C:\Windows\System\RVWhydA.exe
  2⤵
  PID:4520
- C:\Windows\System\xshyXwS.exe
  C:\Windows\System\xshyXwS.exe
  2⤵
  PID:4544
- C:\Windows\System\vsANhCz.exe
  C:\Windows\System\vsANhCz.exe
  2⤵
  PID:4560
- C:\Windows\System\ERdguZE.exe
  C:\Windows\System\ERdguZE.exe
  2⤵
  PID:4580
- C:\Windows\System\ZoDdtst.exe
  C:\Windows\System\ZoDdtst.exe
  2⤵
  PID:4604
- C:\Windows\System\XJiZCYf.exe
  C:\Windows\System\XJiZCYf.exe
  2⤵
  PID:4628
- C:\Windows\System\iyaHZEf.exe
  C:\Windows\System\iyaHZEf.exe
  2⤵
  PID:4648
- C:\Windows\System\jnsiRrF.exe
  C:\Windows\System\jnsiRrF.exe
  2⤵
  PID:4664
- C:\Windows\System\zBdMMxn.exe
  C:\Windows\System\zBdMMxn.exe
  2⤵
  PID:4680
- C:\Windows\System\PzPUgAX.exe
  C:\Windows\System\PzPUgAX.exe
  2⤵
  PID:4696
- C:\Windows\System\DeBrRvm.exe
  C:\Windows\System\DeBrRvm.exe
  2⤵
  PID:4712
- C:\Windows\System\ePxWKDk.exe
  C:\Windows\System\ePxWKDk.exe
  2⤵
  PID:4732
- C:\Windows\System\cYwcPhZ.exe
  C:\Windows\System\cYwcPhZ.exe
  2⤵
  PID:4748
- C:\Windows\System\ItVmAio.exe
  C:\Windows\System\ItVmAio.exe
  2⤵
  PID:4772
- C:\Windows\System\mbpvikS.exe
  C:\Windows\System\mbpvikS.exe
  2⤵
  PID:4792
- C:\Windows\System\JHbWBSm.exe
  C:\Windows\System\JHbWBSm.exe
  2⤵
  PID:4808
- C:\Windows\System\ptJGUkP.exe
  C:\Windows\System\ptJGUkP.exe
  2⤵
  PID:4824
- C:\Windows\System\YMAqNry.exe
  C:\Windows\System\YMAqNry.exe
  2⤵
  PID:4844
- C:\Windows\System\ItWhqrp.exe
  C:\Windows\System\ItWhqrp.exe
  2⤵
  PID:4860
- C:\Windows\System\fLEpEbY.exe
  C:\Windows\System\fLEpEbY.exe
  2⤵
  PID:4884
- C:\Windows\System\WkmPiJJ.exe
  C:\Windows\System\WkmPiJJ.exe
  2⤵
  PID:4908
- C:\Windows\System\yziItaw.exe
  C:\Windows\System\yziItaw.exe
  2⤵
  PID:4924
- C:\Windows\System\kKavzus.exe
  C:\Windows\System\kKavzus.exe
  2⤵
  PID:4972
- C:\Windows\System\JgpVWke.exe
  C:\Windows\System\JgpVWke.exe
  2⤵
  PID:4992
- C:\Windows\System\ZdPNJHz.exe
  C:\Windows\System\ZdPNJHz.exe
  2⤵
  PID:5008
- C:\Windows\System\EIGYqUK.exe
  C:\Windows\System\EIGYqUK.exe
  2⤵
  PID:5028
- C:\Windows\System\HuaCTKo.exe
  C:\Windows\System\HuaCTKo.exe
  2⤵
  PID:5048
- C:\Windows\System\OUWUzdf.exe
  C:\Windows\System\OUWUzdf.exe
  2⤵
  PID:5072
- C:\Windows\System\uzfTovs.exe
  C:\Windows\System\uzfTovs.exe
  2⤵
  PID:5092
- C:\Windows\System\udKGxfM.exe
  C:\Windows\System\udKGxfM.exe
  2⤵
  PID:5112
- C:\Windows\System\qNBZDty.exe
  C:\Windows\System\qNBZDty.exe
  2⤵
  PID:2504
- C:\Windows\System\erBTkiR.exe
  C:\Windows\System\erBTkiR.exe
  2⤵
  PID:3656
- C:\Windows\System\ACtBfCM.exe
  C:\Windows\System\ACtBfCM.exe
  2⤵
  PID:3860
- C:\Windows\System\QbURtNL.exe
  C:\Windows\System\QbURtNL.exe
  2⤵
  PID:2288
- C:\Windows\System\vagArlK.exe
  C:\Windows\System\vagArlK.exe
  2⤵
  PID:2808
- C:\Windows\System\WKxbwqC.exe
  C:\Windows\System\WKxbwqC.exe
  2⤵
  PID:3380
- C:\Windows\System\jOKmVWG.exe
  C:\Windows\System\jOKmVWG.exe
  2⤵
  PID:4052
- C:\Windows\System\QIKCDrb.exe
  C:\Windows\System\QIKCDrb.exe
  2⤵
  PID:3992
- C:\Windows\System\dItvwCl.exe
  C:\Windows\System\dItvwCl.exe
  2⤵
  PID:3120
- C:\Windows\System\VGdLSCt.exe
  C:\Windows\System\VGdLSCt.exe
  2⤵
  PID:2800
- C:\Windows\System\EhaQESN.exe
  C:\Windows\System\EhaQESN.exe
  2⤵
  PID:3644
- C:\Windows\System\JsnbzhT.exe
  C:\Windows\System\JsnbzhT.exe
  2⤵
  PID:4124
- C:\Windows\System\Awagjyj.exe
  C:\Windows\System\Awagjyj.exe
  2⤵
  PID:3332
- C:\Windows\System\ITGEfjb.exe
  C:\Windows\System\ITGEfjb.exe
  2⤵
  PID:4196
- C:\Windows\System\JLOACzU.exe
  C:\Windows\System\JLOACzU.exe
  2⤵
  PID:4148
- C:\Windows\System\dxRExfh.exe
  C:\Windows\System\dxRExfh.exe
  2⤵
  PID:3744
- C:\Windows\System\wSNCOjr.exe
  C:\Windows\System\wSNCOjr.exe
  2⤵
  PID:3248
- C:\Windows\System\AUKXwXo.exe
  C:\Windows\System\AUKXwXo.exe
  2⤵
  PID:4004
- C:\Windows\System\jANLIAo.exe
  C:\Windows\System\jANLIAo.exe
  2⤵
  PID:4228
- C:\Windows\System\pxwMdWK.exe
  C:\Windows\System\pxwMdWK.exe
  2⤵
  PID:4236
- C:\Windows\System\MlLprWq.exe
  C:\Windows\System\MlLprWq.exe
  2⤵
  PID:4280
- C:\Windows\System\DpqOsfO.exe
  C:\Windows\System\DpqOsfO.exe
  2⤵
  PID:4316
- C:\Windows\System\kbQfYfy.exe
  C:\Windows\System\kbQfYfy.exe
  2⤵
  PID:4352
- C:\Windows\System\YCXZynX.exe
  C:\Windows\System\YCXZynX.exe
  2⤵
  PID:4400
- C:\Windows\System\uGYXkcu.exe
  C:\Windows\System\uGYXkcu.exe
  2⤵
  PID:4468
- C:\Windows\System\kqxFjMX.exe
  C:\Windows\System\kqxFjMX.exe
  2⤵
  PID:4372
- C:\Windows\System\sJHqprd.exe
  C:\Windows\System\sJHqprd.exe
  2⤵
  PID:4496
- C:\Windows\System\hUfNXrl.exe
  C:\Windows\System\hUfNXrl.exe
  2⤵
  PID:4672
- C:\Windows\System\PUhzdEL.exe
  C:\Windows\System\PUhzdEL.exe
  2⤵
  PID:4740
- C:\Windows\System\dmJVxGW.exe
  C:\Windows\System\dmJVxGW.exe
  2⤵
  PID:4532
- C:\Windows\System\SfLIWlr.exe
  C:\Windows\System\SfLIWlr.exe
  2⤵
  PID:4788
- C:\Windows\System\KQNxUKa.exe
  C:\Windows\System\KQNxUKa.exe
  2⤵
  PID:4568
- C:\Windows\System\SeltAUZ.exe
  C:\Windows\System\SeltAUZ.exe
  2⤵
  PID:4852
- C:\Windows\System\KXKBEMN.exe
  C:\Windows\System\KXKBEMN.exe
  2⤵
  PID:4724
- C:\Windows\System\NoQPpov.exe
  C:\Windows\System\NoQPpov.exe
  2⤵
  PID:4936
- C:\Windows\System\saLwvYD.exe
  C:\Windows\System\saLwvYD.exe
  2⤵
  PID:4960
- C:\Windows\System\sIejlzh.exe
  C:\Windows\System\sIejlzh.exe
  2⤵
  PID:5036
- C:\Windows\System\GUQJfPu.exe
  C:\Windows\System\GUQJfPu.exe
  2⤵
  PID:5088
- C:\Windows\System\UcSBVZv.exe
  C:\Windows\System\UcSBVZv.exe
  2⤵
  PID:3780
- C:\Windows\System\rsCsNDq.exe
  C:\Windows\System\rsCsNDq.exe
  2⤵
  PID:4876
- C:\Windows\System\YOysFxY.exe
  C:\Windows\System\YOysFxY.exe
  2⤵
  PID:4832
- C:\Windows\System\XVPDJKC.exe
  C:\Windows\System\XVPDJKC.exe
  2⤵
  PID:4728
- C:\Windows\System\bSmtccK.exe
  C:\Windows\System\bSmtccK.exe
  2⤵
  PID:3108
- C:\Windows\System\qQjDEGb.exe
  C:\Windows\System\qQjDEGb.exe
  2⤵
  PID:2316
- C:\Windows\System\pKreGCT.exe
  C:\Windows\System\pKreGCT.exe
  2⤵
  PID:4200
- C:\Windows\System\KONeMnM.exe
  C:\Windows\System\KONeMnM.exe
  2⤵
  PID:4176
- C:\Windows\System\fkIACsS.exe
  C:\Windows\System\fkIACsS.exe
  2⤵
  PID:3568
- C:\Windows\System\JuVVjZp.exe
  C:\Windows\System\JuVVjZp.exe
  2⤵
  PID:5056
- C:\Windows\System\MaDYxXh.exe
  C:\Windows\System\MaDYxXh.exe
  2⤵
  PID:3908
- C:\Windows\System\FmfhsxB.exe
  C:\Windows\System\FmfhsxB.exe
  2⤵
  PID:3764
- C:\Windows\System\FZKhbkn.exe
  C:\Windows\System\FZKhbkn.exe
  2⤵
  PID:5108
- C:\Windows\System\FKrNLPS.exe
  C:\Windows\System\FKrNLPS.exe
  2⤵
  PID:3360
- C:\Windows\System\SWXEKGK.exe
  C:\Windows\System\SWXEKGK.exe
  2⤵
  PID:2452
- C:\Windows\System\KlRTNJE.exe
  C:\Windows\System\KlRTNJE.exe
  2⤵
  PID:892
- C:\Windows\System\bDhWGSF.exe
  C:\Windows\System\bDhWGSF.exe
  2⤵
  PID:3636
- C:\Windows\System\tbCKITO.exe
  C:\Windows\System\tbCKITO.exe
  2⤵
  PID:2236
- C:\Windows\System\igazSFr.exe
  C:\Windows\System\igazSFr.exe
  2⤵
  PID:4308
- C:\Windows\System\cGBoYHW.exe
  C:\Windows\System\cGBoYHW.exe
  2⤵
  PID:4384
- C:\Windows\System\Fcfnnmo.exe
  C:\Windows\System\Fcfnnmo.exe
  2⤵
  PID:4192
- C:\Windows\System\WCwdEDS.exe
  C:\Windows\System\WCwdEDS.exe
  2⤵
  PID:4556
- C:\Windows\System\ngZYosj.exe
  C:\Windows\System\ngZYosj.exe
  2⤵
  PID:4704
- C:\Windows\System\BJkTbsI.exe
  C:\Windows\System\BJkTbsI.exe
  2⤵
  PID:4820
- C:\Windows\System\ecaSvoW.exe
  C:\Windows\System\ecaSvoW.exe
  2⤵
  PID:5000
- C:\Windows\System\afPoKgx.exe
  C:\Windows\System\afPoKgx.exe
  2⤵
  PID:3820
- C:\Windows\System\hHKquTs.exe
  C:\Windows\System\hHKquTs.exe
  2⤵
  PID:4636
- C:\Windows\System\AdlivfG.exe
  C:\Windows\System\AdlivfG.exe
  2⤵
  PID:4492
- C:\Windows\System\osfTsgx.exe
  C:\Windows\System\osfTsgx.exe
  2⤵
  PID:4892
- C:\Windows\System\WvbjSrh.exe
  C:\Windows\System\WvbjSrh.exe
  2⤵
  PID:4092
- C:\Windows\System\wpqOtRC.exe
  C:\Windows\System\wpqOtRC.exe
  2⤵
  PID:4164
- C:\Windows\System\fajHelh.exe
  C:\Windows\System\fajHelh.exe
  2⤵
  PID:4244
- C:\Windows\System\UuPUfJT.exe
  C:\Windows\System\UuPUfJT.exe
  2⤵
  PID:4948
- C:\Windows\System\aHRUNrv.exe
  C:\Windows\System\aHRUNrv.exe
  2⤵
  PID:5080
- C:\Windows\System\rZSnhBP.exe
  C:\Windows\System\rZSnhBP.exe
  2⤵
  PID:4756
- C:\Windows\System\JlodSPD.exe
  C:\Windows\System\JlodSPD.exe
  2⤵
  PID:4428
- C:\Windows\System\nOewnmh.exe
  C:\Windows\System\nOewnmh.exe
  2⤵
  PID:4412
- C:\Windows\System\NJEDqTp.exe
  C:\Windows\System\NJEDqTp.exe
  2⤵
  PID:4452
- C:\Windows\System\Ednikfs.exe
  C:\Windows\System\Ednikfs.exe
  2⤵
  PID:3660
- C:\Windows\System\cQnMjKm.exe
  C:\Windows\System\cQnMjKm.exe
  2⤵
  PID:4128
- C:\Windows\System\oDHsKhq.exe
  C:\Windows\System\oDHsKhq.exe
  2⤵
  PID:5064
- C:\Windows\System\KPBMhJY.exe
  C:\Windows\System\KPBMhJY.exe
  2⤵
  PID:4108
- C:\Windows\System\odkFkiN.exe
  C:\Windows\System\odkFkiN.exe
  2⤵
  PID:4656
- C:\Windows\System\pjEMpSF.exe
  C:\Windows\System\pjEMpSF.exe
  2⤵
  PID:5136
- C:\Windows\System\wKzHNfX.exe
  C:\Windows\System\wKzHNfX.exe
  2⤵
  PID:5160
- C:\Windows\System\eMcgcBj.exe
  C:\Windows\System\eMcgcBj.exe
  2⤵
  PID:5180
- C:\Windows\System\aoJJdLh.exe
  C:\Windows\System\aoJJdLh.exe
  2⤵
  PID:5196
- C:\Windows\System\okWmXWq.exe
  C:\Windows\System\okWmXWq.exe
  2⤵
  PID:5212
- C:\Windows\System\fdlhjEa.exe
  C:\Windows\System\fdlhjEa.exe
  2⤵
  PID:5228
- C:\Windows\System\RLqKlNN.exe
  C:\Windows\System\RLqKlNN.exe
  2⤵
  PID:5244
- C:\Windows\System\xpLfMVG.exe
  C:\Windows\System\xpLfMVG.exe
  2⤵
  PID:5264
- C:\Windows\System\WYNPlNX.exe
  C:\Windows\System\WYNPlNX.exe
  2⤵
  PID:5296
- C:\Windows\System\nCCHHXi.exe
  C:\Windows\System\nCCHHXi.exe
  2⤵
  PID:5324
- C:\Windows\System\VVzrZio.exe
  C:\Windows\System\VVzrZio.exe
  2⤵
  PID:5352
- C:\Windows\System\mOqwmGD.exe
  C:\Windows\System\mOqwmGD.exe
  2⤵
  PID:5368
- C:\Windows\System\kVTIWMA.exe
  C:\Windows\System\kVTIWMA.exe
  2⤵
  PID:5388
- C:\Windows\System\CGfXtta.exe
  C:\Windows\System\CGfXtta.exe
  2⤵
  PID:5412
- C:\Windows\System\eNsUWep.exe
  C:\Windows\System\eNsUWep.exe
  2⤵
  PID:5432
- C:\Windows\System\sjNACWy.exe
  C:\Windows\System\sjNACWy.exe
  2⤵
  PID:5452
- C:\Windows\System\SsLaGdd.exe
  C:\Windows\System\SsLaGdd.exe
  2⤵
  PID:5472
- C:\Windows\System\FoTmMKp.exe
  C:\Windows\System\FoTmMKp.exe
  2⤵
  PID:5492
- C:\Windows\System\yiaChxa.exe
  C:\Windows\System\yiaChxa.exe
  2⤵
  PID:5512
- C:\Windows\System\hWNFIvo.exe
  C:\Windows\System\hWNFIvo.exe
  2⤵
  PID:5532
- C:\Windows\System\asBHcXp.exe
  C:\Windows\System\asBHcXp.exe
  2⤵
  PID:5556
- C:\Windows\System\GTBIGwP.exe
  C:\Windows\System\GTBIGwP.exe
  2⤵
  PID:5576
- C:\Windows\System\InDdSkm.exe
  C:\Windows\System\InDdSkm.exe
  2⤵
  PID:5596
- C:\Windows\System\BFvNGDv.exe
  C:\Windows\System\BFvNGDv.exe
  2⤵
  PID:5616
- C:\Windows\System\TGKgmmg.exe
  C:\Windows\System\TGKgmmg.exe
  2⤵
  PID:5632
- C:\Windows\System\UHSoHBy.exe
  C:\Windows\System\UHSoHBy.exe
  2⤵
  PID:5656
- C:\Windows\System\IUblyog.exe
  C:\Windows\System\IUblyog.exe
  2⤵
  PID:5676
- C:\Windows\System\YATnRVX.exe
  C:\Windows\System\YATnRVX.exe
  2⤵
  PID:5696
- C:\Windows\System\vCXbhNl.exe
  C:\Windows\System\vCXbhNl.exe
  2⤵
  PID:5716
- C:\Windows\System\aKNQGFI.exe
  C:\Windows\System\aKNQGFI.exe
  2⤵
  PID:5736
- C:\Windows\System\KCLecGq.exe
  C:\Windows\System\KCLecGq.exe
  2⤵
  PID:5756
- C:\Windows\System\BoEpmXP.exe
  C:\Windows\System\BoEpmXP.exe
  2⤵
  PID:5776
- C:\Windows\System\YDzEkLt.exe
  C:\Windows\System\YDzEkLt.exe
  2⤵
  PID:5796
- C:\Windows\System\jBFRdCI.exe
  C:\Windows\System\jBFRdCI.exe
  2⤵
  PID:5816
- C:\Windows\System\iiLcmsc.exe
  C:\Windows\System\iiLcmsc.exe
  2⤵
  PID:5836
- C:\Windows\System\crKMVTn.exe
  C:\Windows\System\crKMVTn.exe
  2⤵
  PID:5856
- C:\Windows\System\qgxKEhg.exe
  C:\Windows\System\qgxKEhg.exe
  2⤵
  PID:5876
- C:\Windows\System\jIBGfsE.exe
  C:\Windows\System\jIBGfsE.exe
  2⤵
  PID:5896
- C:\Windows\System\QkgNzaR.exe
  C:\Windows\System\QkgNzaR.exe
  2⤵
  PID:5916
- C:\Windows\System\YIFvDQn.exe
  C:\Windows\System\YIFvDQn.exe
  2⤵
  PID:5936
- C:\Windows\System\WOWOWqA.exe
  C:\Windows\System\WOWOWqA.exe
  2⤵
  PID:5956
- C:\Windows\System\fJhKRWN.exe
  C:\Windows\System\fJhKRWN.exe
  2⤵
  PID:5976
- C:\Windows\System\YjmRsPY.exe
  C:\Windows\System\YjmRsPY.exe
  2⤵
  PID:5996
- C:\Windows\System\ASVMJQf.exe
  C:\Windows\System\ASVMJQf.exe
  2⤵
  PID:6016
- C:\Windows\System\mGzgmxM.exe
  C:\Windows\System\mGzgmxM.exe
  2⤵
  PID:6036
- C:\Windows\System\FUOpGbC.exe
  C:\Windows\System\FUOpGbC.exe
  2⤵
  PID:6056
- C:\Windows\System\buLdREG.exe
  C:\Windows\System\buLdREG.exe
  2⤵
  PID:6076
- C:\Windows\System\sngDXtY.exe
  C:\Windows\System\sngDXtY.exe
  2⤵
  PID:6096
- C:\Windows\System\MRZRXNV.exe
  C:\Windows\System\MRZRXNV.exe
  2⤵
  PID:6116
- C:\Windows\System\RqUfMRN.exe
  C:\Windows\System\RqUfMRN.exe
  2⤵
  PID:6136
- C:\Windows\System\YgiJZex.exe
  C:\Windows\System\YgiJZex.exe
  2⤵
  PID:4456
- C:\Windows\System\eBLNqFT.exe
  C:\Windows\System\eBLNqFT.exe
  2⤵
  PID:4780
- C:\Windows\System\GWLxWnM.exe
  C:\Windows\System\GWLxWnM.exe
  2⤵
  PID:4840
- C:\Windows\System\wQNBnvS.exe
  C:\Windows\System\wQNBnvS.exe
  2⤵
  PID:3428
- C:\Windows\System\iHiIDun.exe
  C:\Windows\System\iHiIDun.exe
  2⤵
  PID:4436
- C:\Windows\System\PJGQqxD.exe
  C:\Windows\System\PJGQqxD.exe
  2⤵
  PID:4640
- C:\Windows\System\cTbqAVm.exe
  C:\Windows\System\cTbqAVm.exe
  2⤵
  PID:4980
- C:\Windows\System\LkhaCZR.exe
  C:\Windows\System\LkhaCZR.exe
  2⤵
  PID:5040
- C:\Windows\System\RAjIGqK.exe
  C:\Windows\System\RAjIGqK.exe
  2⤵
  PID:4512
- C:\Windows\System\BaLKfPs.exe
  C:\Windows\System\BaLKfPs.exe
  2⤵
  PID:4024
- C:\Windows\System\WahemUN.exe
  C:\Windows\System\WahemUN.exe
  2⤵
  PID:4764
- C:\Windows\System\hrnkXLZ.exe
  C:\Windows\System\hrnkXLZ.exe
  2⤵
  PID:4988
- C:\Windows\System\dfAqMFa.exe
  C:\Windows\System\dfAqMFa.exe
  2⤵
  PID:2116
- C:\Windows\System\HWcAndC.exe
  C:\Windows\System\HWcAndC.exe
  2⤵
  PID:5128
- C:\Windows\System\CfqVIBU.exe
  C:\Windows\System\CfqVIBU.exe
  2⤵
  PID:5192
- C:\Windows\System\eYnMtRm.exe
  C:\Windows\System\eYnMtRm.exe
  2⤵
  PID:5224
- C:\Windows\System\KxAfXAe.exe
  C:\Windows\System\KxAfXAe.exe
  2⤵
  PID:5204
- C:\Windows\System\JAlSxLM.exe
  C:\Windows\System\JAlSxLM.exe
  2⤵
  PID:5208
- C:\Windows\System\zrJMurK.exe
  C:\Windows\System\zrJMurK.exe
  2⤵
  PID:5240
- C:\Windows\System\oBnKLmT.exe
  C:\Windows\System\oBnKLmT.exe
  2⤵
  PID:5348
- C:\Windows\System\CsgsnGI.exe
  C:\Windows\System\CsgsnGI.exe
  2⤵
  PID:5396
- C:\Windows\System\OiarKHr.exe
  C:\Windows\System\OiarKHr.exe
  2⤵
  PID:5448
- C:\Windows\System\gGaFEzu.exe
  C:\Windows\System\gGaFEzu.exe
  2⤵
  PID:5428
- C:\Windows\System\TeDtMxf.exe
  C:\Windows\System\TeDtMxf.exe
  2⤵
  PID:5484
- C:\Windows\System\cBYpLWp.exe
  C:\Windows\System\cBYpLWp.exe
  2⤵
  PID:5504
- C:\Windows\System\uhuTuUO.exe
  C:\Windows\System\uhuTuUO.exe
  2⤵
  PID:5544
- C:\Windows\System\FhLWbcD.exe
  C:\Windows\System\FhLWbcD.exe
  2⤵
  PID:5592
- C:\Windows\System\gnzZNOr.exe
  C:\Windows\System\gnzZNOr.exe
  2⤵
  PID:5644
- C:\Windows\System\QWwVnNQ.exe
  C:\Windows\System\QWwVnNQ.exe
  2⤵
  PID:5664
- C:\Windows\System\QXUjmpx.exe
  C:\Windows\System\QXUjmpx.exe
  2⤵
  PID:5688
- C:\Windows\System\UUpuAPL.exe
  C:\Windows\System\UUpuAPL.exe
  2⤵
  PID:5732
- C:\Windows\System\HBdWOes.exe
  C:\Windows\System\HBdWOes.exe
  2⤵
  PID:5748
- C:\Windows\System\LtJUJSX.exe
  C:\Windows\System\LtJUJSX.exe
  2⤵
  PID:5792
- C:\Windows\System\jkbCyCT.exe
  C:\Windows\System\jkbCyCT.exe
  2⤵
  PID:5844
- C:\Windows\System\bkRnEDw.exe
  C:\Windows\System\bkRnEDw.exe
  2⤵
  PID:5852
- C:\Windows\System\IgRDsjx.exe
  C:\Windows\System\IgRDsjx.exe
  2⤵
  PID:5872
- C:\Windows\System\eHLsrNx.exe
  C:\Windows\System\eHLsrNx.exe
  2⤵
  PID:5908
- C:\Windows\System\BSjVJVw.exe
  C:\Windows\System\BSjVJVw.exe
  2⤵
  PID:5964
- C:\Windows\System\FFpFoCp.exe
  C:\Windows\System\FFpFoCp.exe
  2⤵
  PID:5968
- C:\Windows\System\DZPFAdW.exe
  C:\Windows\System\DZPFAdW.exe
  2⤵
  PID:5988
- C:\Windows\System\FPjvcbX.exe
  C:\Windows\System\FPjvcbX.exe
  2⤵
  PID:6028
- C:\Windows\System\EhZuYuE.exe
  C:\Windows\System\EhZuYuE.exe
  2⤵
  PID:1244
- C:\Windows\System\JmnyWmC.exe
  C:\Windows\System\JmnyWmC.exe
  2⤵
  PID:2972
- C:\Windows\System\jjyscuJ.exe
  C:\Windows\System\jjyscuJ.exe
  2⤵
  PID:6132
- C:\Windows\System\ZoGlVWC.exe
  C:\Windows\System\ZoGlVWC.exe
  2⤵
  PID:4488
- C:\Windows\System\pNemgWP.exe
  C:\Windows\System\pNemgWP.exe
  2⤵
  PID:4076
- C:\Windows\System\WLzrpzz.exe
  C:\Windows\System\WLzrpzz.exe
  2⤵
  PID:4612
- C:\Windows\System\GOSvvnk.exe
  C:\Windows\System\GOSvvnk.exe
  2⤵
  PID:4904
- C:\Windows\System\ytXTrlh.exe
  C:\Windows\System\ytXTrlh.exe
  2⤵
  PID:5016
- C:\Windows\System\IBwGPCf.exe
  C:\Windows\System\IBwGPCf.exe
  2⤵
  PID:4232
- C:\Windows\System\zcHebgQ.exe
  C:\Windows\System\zcHebgQ.exe
  2⤵
  PID:3196
- C:\Windows\System\CIkBOKw.exe
  C:\Windows\System\CIkBOKw.exe
  2⤵
  PID:4100
- C:\Windows\System\ANpuIsH.exe
  C:\Windows\System\ANpuIsH.exe
  2⤵
  PID:4600
- C:\Windows\System\tnEeZFu.exe
  C:\Windows\System\tnEeZFu.exe
  2⤵
  PID:5020
- C:\Windows\System\btGAhqs.exe
  C:\Windows\System\btGAhqs.exe
  2⤵
  PID:5292
- C:\Windows\System\uqizuWS.exe
  C:\Windows\System\uqizuWS.exe
  2⤵
  PID:5276
- C:\Windows\System\xiEBFjY.exe
  C:\Windows\System\xiEBFjY.exe
  2⤵
  PID:5380
- C:\Windows\System\iNINIKi.exe
  C:\Windows\System\iNINIKi.exe
  2⤵
  PID:5468
- C:\Windows\System\nREuoJZ.exe
  C:\Windows\System\nREuoJZ.exe
  2⤵
  PID:5480
- C:\Windows\System\nPKXHqA.exe
  C:\Windows\System\nPKXHqA.exe
  2⤵
  PID:5528
- C:\Windows\System\NugmgyP.exe
  C:\Windows\System\NugmgyP.exe
  2⤵
  PID:5584
- C:\Windows\System\zbWTOJi.exe
  C:\Windows\System\zbWTOJi.exe
  2⤵
  PID:5668
- C:\Windows\System\QINfhMW.exe
  C:\Windows\System\QINfhMW.exe
  2⤵
  PID:5712
- C:\Windows\System\bFfMgpu.exe
  C:\Windows\System\bFfMgpu.exe
  2⤵
  PID:5764
- C:\Windows\System\xVhvJdH.exe
  C:\Windows\System\xVhvJdH.exe
  2⤵
  PID:5404
- C:\Windows\System\hlufFDk.exe
  C:\Windows\System\hlufFDk.exe
  2⤵
  PID:5884
- C:\Windows\System\NCKcFXP.exe
  C:\Windows\System\NCKcFXP.exe
  2⤵
  PID:5888
- C:\Windows\System\OFmijzH.exe
  C:\Windows\System\OFmijzH.exe
  2⤵
  PID:2820
- C:\Windows\System\DMtNzMy.exe
  C:\Windows\System\DMtNzMy.exe
  2⤵
  PID:5972
- C:\Windows\System\LvSwBid.exe
  C:\Windows\System\LvSwBid.exe
  2⤵
  PID:6048
- C:\Windows\System\eTqurHc.exe
  C:\Windows\System\eTqurHc.exe
  2⤵
  PID:6084
- C:\Windows\System\YOddbqJ.exe
  C:\Windows\System\YOddbqJ.exe
  2⤵
  PID:1732
- C:\Windows\System\UOFDTpE.exe
  C:\Windows\System\UOFDTpE.exe
  2⤵
  PID:4552
- C:\Windows\System\AAkMpNl.exe
  C:\Windows\System\AAkMpNl.exe
  2⤵
  PID:4616
- C:\Windows\System\olSyYxY.exe
  C:\Windows\System\olSyYxY.exe
  2⤵
  PID:4768
- C:\Windows\System\LxEvJjD.exe
  C:\Windows\System\LxEvJjD.exe
  2⤵
  PID:1708
- C:\Windows\System\UGZJjpl.exe
  C:\Windows\System\UGZJjpl.exe
  2⤵
  PID:5148
- C:\Windows\System\ZunGQyV.exe
  C:\Windows\System\ZunGQyV.exe
  2⤵
  PID:5284
- C:\Windows\System\afsVDQO.exe
  C:\Windows\System\afsVDQO.exe
  2⤵
  PID:5340
- C:\Windows\System\arpzMpU.exe
  C:\Windows\System\arpzMpU.exe
  2⤵
  PID:5440
- C:\Windows\System\ayQlEzM.exe
  C:\Windows\System\ayQlEzM.exe
  2⤵
  PID:5500
- C:\Windows\System\BwzIJme.exe
  C:\Windows\System\BwzIJme.exe
  2⤵
  PID:6160
- C:\Windows\System\KrqYRju.exe
  C:\Windows\System\KrqYRju.exe
  2⤵
  PID:6180
- C:\Windows\System\phYbANH.exe
  C:\Windows\System\phYbANH.exe
  2⤵
  PID:6200
- C:\Windows\System\RBDMkhr.exe
  C:\Windows\System\RBDMkhr.exe
  2⤵
  PID:6220
- C:\Windows\System\amqikGX.exe
  C:\Windows\System\amqikGX.exe
  2⤵
  PID:6240
- C:\Windows\System\hGCCshA.exe
  C:\Windows\System\hGCCshA.exe
  2⤵
  PID:6260
- C:\Windows\System\ocyVtuo.exe
  C:\Windows\System\ocyVtuo.exe
  2⤵
  PID:6280
- C:\Windows\System\TkQvOms.exe
  C:\Windows\System\TkQvOms.exe
  2⤵
  PID:6300
- C:\Windows\System\KYMflnq.exe
  C:\Windows\System\KYMflnq.exe
  2⤵
  PID:6320
- C:\Windows\System\bGywHwm.exe
  C:\Windows\System\bGywHwm.exe
  2⤵
  PID:6340
- C:\Windows\System\CfiTbfu.exe
  C:\Windows\System\CfiTbfu.exe
  2⤵
  PID:6360
- C:\Windows\System\vELwDjX.exe
  C:\Windows\System\vELwDjX.exe
  2⤵
  PID:6380
- C:\Windows\System\EWglPsL.exe
  C:\Windows\System\EWglPsL.exe
  2⤵
  PID:6400
- C:\Windows\System\deAHEGz.exe
  C:\Windows\System\deAHEGz.exe
  2⤵
  PID:6420
- C:\Windows\System\yKlsXtr.exe
  C:\Windows\System\yKlsXtr.exe
  2⤵
  PID:6440
- C:\Windows\System\IDwupQO.exe
  C:\Windows\System\IDwupQO.exe
  2⤵
  PID:6460
- C:\Windows\System\zODEvsS.exe
  C:\Windows\System\zODEvsS.exe
  2⤵
  PID:6480
- C:\Windows\System\QdqdigL.exe
  C:\Windows\System\QdqdigL.exe
  2⤵
  PID:6500
- C:\Windows\System\QcsqYHp.exe
  C:\Windows\System\QcsqYHp.exe
  2⤵
  PID:6520
- C:\Windows\System\NktAfAt.exe
  C:\Windows\System\NktAfAt.exe
  2⤵
  PID:6540
- C:\Windows\System\UpUZUHT.exe
  C:\Windows\System\UpUZUHT.exe
  2⤵
  PID:6560
- C:\Windows\System\XChdrOz.exe
  C:\Windows\System\XChdrOz.exe
  2⤵
  PID:6580
- C:\Windows\System\qQLDmvW.exe
  C:\Windows\System\qQLDmvW.exe
  2⤵
  PID:6600
- C:\Windows\System\ZNbBgzd.exe
  C:\Windows\System\ZNbBgzd.exe
  2⤵
  PID:6620
- C:\Windows\System\xEunGRQ.exe
  C:\Windows\System\xEunGRQ.exe
  2⤵
  PID:6640
- C:\Windows\System\EnlKleP.exe
  C:\Windows\System\EnlKleP.exe
  2⤵
  PID:6660
- C:\Windows\System\sCKGiHE.exe
  C:\Windows\System\sCKGiHE.exe
  2⤵
  PID:6680
- C:\Windows\System\eOlZBxA.exe
  C:\Windows\System\eOlZBxA.exe
  2⤵
  PID:6700
- C:\Windows\System\pcEKfvo.exe
  C:\Windows\System\pcEKfvo.exe
  2⤵
  PID:6720
- C:\Windows\System\kWLlHHo.exe
  C:\Windows\System\kWLlHHo.exe
  2⤵
  PID:6740
- C:\Windows\System\inqzYOl.exe
  C:\Windows\System\inqzYOl.exe
  2⤵
  PID:6760
- C:\Windows\System\RXjNwvT.exe
  C:\Windows\System\RXjNwvT.exe
  2⤵
  PID:6780
- C:\Windows\System\hsTdAkY.exe
  C:\Windows\System\hsTdAkY.exe
  2⤵
  PID:6800
- C:\Windows\System\BgjAgVc.exe
  C:\Windows\System\BgjAgVc.exe
  2⤵
  PID:6820
- C:\Windows\System\dPsoBJn.exe
  C:\Windows\System\dPsoBJn.exe
  2⤵
  PID:6840
- C:\Windows\System\inHlNxC.exe
  C:\Windows\System\inHlNxC.exe
  2⤵
  PID:6860
- C:\Windows\System\RIIljyv.exe
  C:\Windows\System\RIIljyv.exe
  2⤵
  PID:6880
- C:\Windows\System\ESmFqvu.exe
  C:\Windows\System\ESmFqvu.exe
  2⤵
  PID:6904
- C:\Windows\System\mQEeNYf.exe
  C:\Windows\System\mQEeNYf.exe
  2⤵
  PID:6924
- C:\Windows\System\JQaQfwe.exe
  C:\Windows\System\JQaQfwe.exe
  2⤵
  PID:6944
- C:\Windows\System\qNZojLW.exe
  C:\Windows\System\qNZojLW.exe
  2⤵
  PID:6964
- C:\Windows\System\NoUauEC.exe
  C:\Windows\System\NoUauEC.exe
  2⤵
  PID:6984
- C:\Windows\System\xwdlxCp.exe
  C:\Windows\System\xwdlxCp.exe
  2⤵
  PID:7004
- C:\Windows\System\JCMuOgE.exe
  C:\Windows\System\JCMuOgE.exe
  2⤵
  PID:7024
- C:\Windows\System\wQnrlkn.exe
  C:\Windows\System\wQnrlkn.exe
  2⤵
  PID:7044
- C:\Windows\System\nVVZHXR.exe
  C:\Windows\System\nVVZHXR.exe
  2⤵
  PID:7064
- C:\Windows\System\SIjDKTH.exe
  C:\Windows\System\SIjDKTH.exe
  2⤵
  PID:7084
- C:\Windows\System\sEsENdL.exe
  C:\Windows\System\sEsENdL.exe
  2⤵
  PID:7104
- C:\Windows\System\ZaWmUop.exe
  C:\Windows\System\ZaWmUop.exe
  2⤵
  PID:7124
- C:\Windows\System\pceEQqq.exe
  C:\Windows\System\pceEQqq.exe
  2⤵
  PID:7144
- C:\Windows\System\lkofJDb.exe
  C:\Windows\System\lkofJDb.exe
  2⤵
  PID:7164
- C:\Windows\System\kVekWEW.exe
  C:\Windows\System\kVekWEW.exe
  2⤵
  PID:5612
- C:\Windows\System\akjUmHO.exe
  C:\Windows\System\akjUmHO.exe
  2⤵
  PID:5752
- C:\Windows\System\vSWiPSj.exe
  C:\Windows\System\vSWiPSj.exe
  2⤵
  PID:5808
- C:\Windows\System\yFoSIlR.exe
  C:\Windows\System\yFoSIlR.exe
  2⤵
  PID:2756
- C:\Windows\System\qXbfFBB.exe
  C:\Windows\System\qXbfFBB.exe
  2⤵
  PID:5948
- C:\Windows\System\nLnvXqy.exe
  C:\Windows\System\nLnvXqy.exe
  2⤵
  PID:6004
- C:\Windows\System\YwSbhIT.exe
  C:\Windows\System\YwSbhIT.exe
  2⤵
  PID:6108
- C:\Windows\System\fGlaQvr.exe
  C:\Windows\System\fGlaQvr.exe
  2⤵
  PID:2456
- C:\Windows\System\BrIakaF.exe
  C:\Windows\System\BrIakaF.exe
  2⤵
  PID:4868
- C:\Windows\System\icvgBbu.exe
  C:\Windows\System\icvgBbu.exe
  2⤵
  PID:5220
- C:\Windows\System\gdWZUFi.exe
  C:\Windows\System\gdWZUFi.exe
  2⤵
  PID:5288
- C:\Windows\System\aDFvegP.exe
  C:\Windows\System\aDFvegP.exe
  2⤵
  PID:5384
- C:\Windows\System\coYHmsQ.exe
  C:\Windows\System\coYHmsQ.exe
  2⤵
  PID:5464
- C:\Windows\System\fdTZLUp.exe
  C:\Windows\System\fdTZLUp.exe
  2⤵
  PID:6172
- C:\Windows\System\vnpRCmW.exe
  C:\Windows\System\vnpRCmW.exe
  2⤵
  PID:6212
- C:\Windows\System\xHazGgt.exe
  C:\Windows\System\xHazGgt.exe
  2⤵
  PID:2660
- C:\Windows\System\lIlFAPm.exe
  C:\Windows\System\lIlFAPm.exe
  2⤵
  PID:2724
- C:\Windows\System\ytmwPtx.exe
  C:\Windows\System\ytmwPtx.exe
  2⤵
  PID:6316
- C:\Windows\System\dtunZkX.exe
  C:\Windows\System\dtunZkX.exe
  2⤵
  PID:6348
- C:\Windows\System\PufCwFR.exe
  C:\Windows\System\PufCwFR.exe
  2⤵
  PID:6368
- C:\Windows\System\VWIxnDt.exe
  C:\Windows\System\VWIxnDt.exe
  2⤵
  PID:1972
- C:\Windows\System\EEYRLyy.exe
  C:\Windows\System\EEYRLyy.exe
  2⤵
  PID:6428
- C:\Windows\System\SHLtRyB.exe
  C:\Windows\System\SHLtRyB.exe
  2⤵
  PID:6448
- C:\Windows\System\zNyZRhL.exe
  C:\Windows\System\zNyZRhL.exe
  2⤵
  PID:996
- C:\Windows\System\fLXMHIK.exe
  C:\Windows\System\fLXMHIK.exe
  2⤵
  PID:6492
- C:\Windows\System\ijMPoIe.exe
  C:\Windows\System\ijMPoIe.exe
  2⤵
  PID:6528
- C:\Windows\System\eyKedeh.exe
  C:\Windows\System\eyKedeh.exe
  2⤵
  PID:6552
- C:\Windows\System\ZsnUPOu.exe
  C:\Windows\System\ZsnUPOu.exe
  2⤵
  PID:6572
- C:\Windows\System\bMHTeeP.exe
  C:\Windows\System\bMHTeeP.exe
  2⤵
  PID:6616
- C:\Windows\System\spNkEUh.exe
  C:\Windows\System\spNkEUh.exe
  2⤵
  PID:6648
- C:\Windows\System\zjmhghP.exe
  C:\Windows\System\zjmhghP.exe
  2⤵
  PID:6672
- C:\Windows\System\MfkwYXg.exe
  C:\Windows\System\MfkwYXg.exe
  2⤵
  PID:6692
- C:\Windows\System\BOuCGNx.exe
  C:\Windows\System\BOuCGNx.exe
  2⤵
  PID:6756
- C:\Windows\System\fcsNBzt.exe
  C:\Windows\System\fcsNBzt.exe
  2⤵
  PID:6776
- C:\Windows\System\bLkRIvg.exe
  C:\Windows\System\bLkRIvg.exe
  2⤵
  PID:6808
- C:\Windows\System\jXlfGIu.exe
  C:\Windows\System\jXlfGIu.exe
  2⤵
  PID:6852
- C:\Windows\System\hNYKQXR.exe
  C:\Windows\System\hNYKQXR.exe
  2⤵
  PID:6900
- C:\Windows\System\rzwVbMB.exe
  C:\Windows\System\rzwVbMB.exe
  2⤵
  PID:6932
- C:\Windows\System\tUBgIZI.exe
  C:\Windows\System\tUBgIZI.exe
  2⤵
  PID:6956
- C:\Windows\System\gxfJKtE.exe
  C:\Windows\System\gxfJKtE.exe
  2⤵
  PID:7000
- C:\Windows\System\zlNHkyB.exe
  C:\Windows\System\zlNHkyB.exe
  2⤵
  PID:7016
- C:\Windows\System\XemmXYU.exe
  C:\Windows\System\XemmXYU.exe
  2⤵
  PID:7052
- C:\Windows\System\QfDKuHb.exe
  C:\Windows\System\QfDKuHb.exe
  2⤵
  PID:7100
- C:\Windows\System\nRDIXtO.exe
  C:\Windows\System\nRDIXtO.exe
  2⤵
  PID:7096
- C:\Windows\System\HbfbXds.exe
  C:\Windows\System\HbfbXds.exe
  2⤵
  PID:7156
- C:\Windows\System\zncfAhy.exe
  C:\Windows\System\zncfAhy.exe
  2⤵
  PID:2728
- C:\Windows\System\MJFYNxR.exe
  C:\Windows\System\MJFYNxR.exe
  2⤵
  PID:2540
- C:\Windows\System\uQrqCNg.exe
  C:\Windows\System\uQrqCNg.exe
  2⤵
  PID:5904
- C:\Windows\System\YOgthAp.exe
  C:\Windows\System\YOgthAp.exe
  2⤵
  PID:4920
- C:\Windows\System\kArwjHh.exe
  C:\Windows\System\kArwjHh.exe
  2⤵
  PID:3944
- C:\Windows\System\jubaIBW.exe
  C:\Windows\System\jubaIBW.exe
  2⤵
  PID:5332
- C:\Windows\System\XyQWkpY.exe
  C:\Windows\System\XyQWkpY.exe
  2⤵
  PID:5172
- C:\Windows\System\pJFcmpW.exe
  C:\Windows\System\pJFcmpW.exe
  2⤵
  PID:6188
- C:\Windows\System\iRsdhTy.exe
  C:\Windows\System\iRsdhTy.exe
  2⤵
  PID:6236
- C:\Windows\System\VbefOhz.exe
  C:\Windows\System\VbefOhz.exe
  2⤵
  PID:6268
- C:\Windows\System\FsVGoij.exe
  C:\Windows\System\FsVGoij.exe
  2⤵
  PID:6296
- C:\Windows\System\tPVDSDJ.exe
  C:\Windows\System\tPVDSDJ.exe
  2⤵
  PID:6328
- C:\Windows\System\IVdPFpZ.exe
  C:\Windows\System\IVdPFpZ.exe
  2⤵
  PID:6408
- C:\Windows\System\ShhvLTz.exe
  C:\Windows\System\ShhvLTz.exe
  2⤵
  PID:1960
- C:\Windows\System\bFmEsgU.exe
  C:\Windows\System\bFmEsgU.exe
  2⤵
  PID:2184
- C:\Windows\System\HWjdLmt.exe
  C:\Windows\System\HWjdLmt.exe
  2⤵
  PID:6596
- C:\Windows\System\bodymsO.exe
  C:\Windows\System\bodymsO.exe
  2⤵
  PID:6628
- C:\Windows\System\jihfVYl.exe
  C:\Windows\System\jihfVYl.exe
  2⤵
  PID:6708
- C:\Windows\System\COJnwME.exe
  C:\Windows\System\COJnwME.exe
  2⤵
  PID:6668
- C:\Windows\System\XrJRFXC.exe
  C:\Windows\System\XrJRFXC.exe
  2⤵
  PID:6748
- C:\Windows\System\AMAfLEw.exe
  C:\Windows\System\AMAfLEw.exe
  2⤵
  PID:6848
- C:\Windows\System\TYlmMiV.exe
  C:\Windows\System\TYlmMiV.exe
  2⤵
  PID:6828
- C:\Windows\System\dRBRTcJ.exe
  C:\Windows\System\dRBRTcJ.exe
  2⤵
  PID:6920
- C:\Windows\System\fqOOpVM.exe
  C:\Windows\System\fqOOpVM.exe
  2⤵
  PID:6976
- C:\Windows\System\EKtErKL.exe
  C:\Windows\System\EKtErKL.exe
  2⤵
  PID:7012
- C:\Windows\System\xYvhBlq.exe
  C:\Windows\System\xYvhBlq.exe
  2⤵
  PID:7120
- C:\Windows\System\WWOYoXN.exe
  C:\Windows\System\WWOYoXN.exe
  2⤵
  PID:5608
- C:\Windows\System\noixhXE.exe
  C:\Windows\System\noixhXE.exe
  2⤵
  PID:5692
- C:\Windows\System\eCXWcYB.exe
  C:\Windows\System\eCXWcYB.exe
  2⤵
  PID:5992
- C:\Windows\System\GWZpiuE.exe
  C:\Windows\System\GWZpiuE.exe
  2⤵
  PID:5364
- C:\Windows\System\ILoFbBe.exe
  C:\Windows\System\ILoFbBe.exe
  2⤵
  PID:5144
- C:\Windows\System\uCYJuMZ.exe
  C:\Windows\System\uCYJuMZ.exe
  2⤵
  PID:6148
- C:\Windows\System\VzaPJIZ.exe
  C:\Windows\System\VzaPJIZ.exe
  2⤵
  PID:6208
- C:\Windows\System\dobDqjn.exe
  C:\Windows\System\dobDqjn.exe
  2⤵
  PID:6232
- C:\Windows\System\YXofJgx.exe
  C:\Windows\System\YXofJgx.exe
  2⤵
  PID:1616
- C:\Windows\System\nCZQzkd.exe
  C:\Windows\System\nCZQzkd.exe
  2⤵
  PID:6432
- C:\Windows\System\leJDwhR.exe
  C:\Windows\System\leJDwhR.exe
  2⤵
  PID:6556
- C:\Windows\System\UeDgjEE.exe
  C:\Windows\System\UeDgjEE.exe
  2⤵
  PID:6652
- C:\Windows\System\iNnheLT.exe
  C:\Windows\System\iNnheLT.exe
  2⤵
  PID:5804
- C:\Windows\System\pOBGgNh.exe
  C:\Windows\System\pOBGgNh.exe
  2⤵
  PID:6888
- C:\Windows\System\DcmctLG.exe
  C:\Windows\System\DcmctLG.exe
  2⤵
  PID:6832
- C:\Windows\System\yNpbTak.exe
  C:\Windows\System\yNpbTak.exe
  2⤵
  PID:7020
- C:\Windows\System\LunqZcv.exe
  C:\Windows\System\LunqZcv.exe
  2⤵
  PID:7176
- C:\Windows\System\wqmCBDR.exe
  C:\Windows\System\wqmCBDR.exe
  2⤵
  PID:7196
- C:\Windows\System\IPIwTxf.exe
  C:\Windows\System\IPIwTxf.exe
  2⤵
  PID:7212
- C:\Windows\System\WGcmcSt.exe
  C:\Windows\System\WGcmcSt.exe
  2⤵
  PID:7236
- C:\Windows\System\KGTiKzZ.exe
  C:\Windows\System\KGTiKzZ.exe
  2⤵
  PID:7256
- C:\Windows\System\dvLrtle.exe
  C:\Windows\System\dvLrtle.exe
  2⤵
  PID:7276
- C:\Windows\System\KVdlTjo.exe
  C:\Windows\System\KVdlTjo.exe
  2⤵
  PID:7292
- C:\Windows\System\nZIumQy.exe
  C:\Windows\System\nZIumQy.exe
  2⤵
  PID:7316
- C:\Windows\System\yYQeuYk.exe
  C:\Windows\System\yYQeuYk.exe
  2⤵
  PID:7336
- C:\Windows\System\DYAJcNx.exe
  C:\Windows\System\DYAJcNx.exe
  2⤵
  PID:7356
- C:\Windows\System\YBNUrnA.exe
  C:\Windows\System\YBNUrnA.exe
  2⤵
  PID:7376
- C:\Windows\System\vyQphFD.exe
  C:\Windows\System\vyQphFD.exe
  2⤵
  PID:7392
- C:\Windows\System\pvFkdsT.exe
  C:\Windows\System\pvFkdsT.exe
  2⤵
  PID:7416
- C:\Windows\System\Trcvegz.exe
  C:\Windows\System\Trcvegz.exe
  2⤵
  PID:7436
- C:\Windows\System\GqZhLEm.exe
  C:\Windows\System\GqZhLEm.exe
  2⤵
  PID:7456
- C:\Windows\System\CeXLyaR.exe
  C:\Windows\System\CeXLyaR.exe
  2⤵
  PID:7476
- C:\Windows\System\SJpfDoX.exe
  C:\Windows\System\SJpfDoX.exe
  2⤵
  PID:7496
- C:\Windows\System\xEzOTVO.exe
  C:\Windows\System\xEzOTVO.exe
  2⤵
  PID:7516
- C:\Windows\System\ZbApEWC.exe
  C:\Windows\System\ZbApEWC.exe
  2⤵
  PID:7536
- C:\Windows\System\ncfQHgc.exe
  C:\Windows\System\ncfQHgc.exe
  2⤵
  PID:7556
- C:\Windows\System\BITHalL.exe
  C:\Windows\System\BITHalL.exe
  2⤵
  PID:7576
- C:\Windows\System\cRMhjhb.exe
  C:\Windows\System\cRMhjhb.exe
  2⤵
  PID:7592
- C:\Windows\System\WfstLNb.exe
  C:\Windows\System\WfstLNb.exe
  2⤵
  PID:7608
- C:\Windows\System\dKOGNkh.exe
  C:\Windows\System\dKOGNkh.exe
  2⤵
  PID:7636
- C:\Windows\System\jUjUoFn.exe
  C:\Windows\System\jUjUoFn.exe
  2⤵
  PID:7656
- C:\Windows\System\ANrDbaU.exe
  C:\Windows\System\ANrDbaU.exe
  2⤵
  PID:7676
- C:\Windows\System\DKfeJtf.exe
  C:\Windows\System\DKfeJtf.exe
  2⤵
  PID:7692
- C:\Windows\System\CxbKqXJ.exe
  C:\Windows\System\CxbKqXJ.exe
  2⤵
  PID:7716
- C:\Windows\System\pVboCwp.exe
  C:\Windows\System\pVboCwp.exe
  2⤵
  PID:7740
- C:\Windows\System\fIDyWnF.exe
  C:\Windows\System\fIDyWnF.exe
  2⤵
  PID:7760
- C:\Windows\System\wOFTuCW.exe
  C:\Windows\System\wOFTuCW.exe
  2⤵
  PID:7780
- C:\Windows\System\GQGaaxV.exe
  C:\Windows\System\GQGaaxV.exe
  2⤵
  PID:7796
- C:\Windows\System\Biubgjs.exe
  C:\Windows\System\Biubgjs.exe
  2⤵
  PID:7812
- C:\Windows\System\LJtmjWe.exe
  C:\Windows\System\LJtmjWe.exe
  2⤵
  PID:7836
- C:\Windows\System\LsvKXCy.exe
  C:\Windows\System\LsvKXCy.exe
  2⤵
  PID:7860
- C:\Windows\System\LEqkQXO.exe
  C:\Windows\System\LEqkQXO.exe
  2⤵
  PID:7880
- C:\Windows\System\UFLyoTh.exe
  C:\Windows\System\UFLyoTh.exe
  2⤵
  PID:7900
- C:\Windows\System\xeSimXi.exe
  C:\Windows\System\xeSimXi.exe
  2⤵
  PID:7920
- C:\Windows\System\darQrqT.exe
  C:\Windows\System\darQrqT.exe
  2⤵
  PID:7940
- C:\Windows\System\VMyDmch.exe
  C:\Windows\System\VMyDmch.exe
  2⤵
  PID:7960
- C:\Windows\System\KSbTUNQ.exe
  C:\Windows\System\KSbTUNQ.exe
  2⤵
  PID:7980
- C:\Windows\System\PFOnDIC.exe
  C:\Windows\System\PFOnDIC.exe
  2⤵
  PID:8000
- C:\Windows\System\NukClLJ.exe
  C:\Windows\System\NukClLJ.exe
  2⤵
  PID:8020
- C:\Windows\System\LApiuCd.exe
  C:\Windows\System\LApiuCd.exe
  2⤵
  PID:8040
- C:\Windows\System\OpcRidC.exe
  C:\Windows\System\OpcRidC.exe
  2⤵
  PID:8060
- C:\Windows\System\bQgZZHx.exe
  C:\Windows\System\bQgZZHx.exe
  2⤵
  PID:8080
- C:\Windows\System\SyQXXEw.exe
  C:\Windows\System\SyQXXEw.exe
  2⤵
  PID:8100
- C:\Windows\System\HAWKtqJ.exe
  C:\Windows\System\HAWKtqJ.exe
  2⤵
  PID:8120
- C:\Windows\System\tYTeCkB.exe
  C:\Windows\System\tYTeCkB.exe
  2⤵
  PID:8140
- C:\Windows\System\uSpVFiT.exe
  C:\Windows\System\uSpVFiT.exe
  2⤵
  PID:8160
- C:\Windows\System\tpzrYKG.exe
  C:\Windows\System\tpzrYKG.exe
  2⤵
  PID:8180
- C:\Windows\System\vprUhvv.exe
  C:\Windows\System\vprUhvv.exe
  2⤵
  PID:7136
- C:\Windows\System\zcgtQVF.exe
  C:\Windows\System\zcgtQVF.exe
  2⤵
  PID:5892
- C:\Windows\System\PuteiqR.exe
  C:\Windows\System\PuteiqR.exe
  2⤵
  PID:5400
- C:\Windows\System\ZZbGyrg.exe
  C:\Windows\System\ZZbGyrg.exe
  2⤵
  PID:1908
- C:\Windows\System\UyKgmHX.exe
  C:\Windows\System\UyKgmHX.exe
  2⤵
  PID:3512
- C:\Windows\System\KymjVcH.exe
  C:\Windows\System\KymjVcH.exe
  2⤵
  PID:6416
- C:\Windows\System\ZmvFGTY.exe
  C:\Windows\System\ZmvFGTY.exe
  2⤵
  PID:6548
- C:\Windows\System\zedluRT.exe
  C:\Windows\System\zedluRT.exe
  2⤵
  PID:6532
- C:\Windows\System\yiQpiMU.exe
  C:\Windows\System\yiQpiMU.exe
  2⤵
  PID:6916
- C:\Windows\System\TMFOgkk.exe
  C:\Windows\System\TMFOgkk.exe
  2⤵
  PID:6732
- C:\Windows\System\hAJOHTC.exe
  C:\Windows\System\hAJOHTC.exe
  2⤵
  PID:7172
- C:\Windows\System\zZOFVna.exe
  C:\Windows\System\zZOFVna.exe
  2⤵
  PID:7208
- C:\Windows\System\MfynVtc.exe
  C:\Windows\System\MfynVtc.exe
  2⤵
  PID:7248
- C:\Windows\System\PeHTKPR.exe
  C:\Windows\System\PeHTKPR.exe
  2⤵
  PID:7224
- C:\Windows\System\qajergl.exe
  C:\Windows\System\qajergl.exe
  2⤵
  PID:7328
- C:\Windows\System\tBwZfmv.exe
  C:\Windows\System\tBwZfmv.exe
  2⤵
  PID:7364
- C:\Windows\System\dEDpziM.exe
  C:\Windows\System\dEDpziM.exe
  2⤵
  PID:7400
- C:\Windows\System\tSJNkhg.exe
  C:\Windows\System\tSJNkhg.exe
  2⤵
  PID:7404
- C:\Windows\System\DISQUFY.exe
  C:\Windows\System\DISQUFY.exe
  2⤵
  PID:7484
- C:\Windows\System\xezoygP.exe
  C:\Windows\System\xezoygP.exe
  2⤵
  PID:7604
- C:\Windows\System\BMkVaFa.exe
  C:\Windows\System\BMkVaFa.exe
  2⤵
  PID:7588
- C:\Windows\System\IMQEYWr.exe
  C:\Windows\System\IMQEYWr.exe
  2⤵
  PID:7628
- C:\Windows\System\tmUuJMR.exe
  C:\Windows\System\tmUuJMR.exe
  2⤵
  PID:7724
- C:\Windows\System\NkmbyHC.exe
  C:\Windows\System\NkmbyHC.exe
  2⤵
  PID:7728
- C:\Windows\System\ibogIsg.exe
  C:\Windows\System\ibogIsg.exe
  2⤵
  PID:7748
- C:\Windows\System\szHDXan.exe
  C:\Windows\System\szHDXan.exe
  2⤵
  PID:7804
- C:\Windows\System\lNtnpFv.exe
  C:\Windows\System\lNtnpFv.exe
  2⤵
  PID:7852
- C:\Windows\System\LHkSvUT.exe
  C:\Windows\System\LHkSvUT.exe
  2⤵
  PID:7832
- C:\Windows\System\pRANbKW.exe
  C:\Windows\System\pRANbKW.exe
  2⤵
  PID:7872
- C:\Windows\System\UtCtpwN.exe
  C:\Windows\System\UtCtpwN.exe
  2⤵
  PID:7936
- C:\Windows\System\VYofswb.exe
  C:\Windows\System\VYofswb.exe
  2⤵
  PID:7948
- C:\Windows\System\OqyoKxy.exe
  C:\Windows\System\OqyoKxy.exe
  2⤵
  PID:2536
- C:\Windows\System\WGARQuD.exe
  C:\Windows\System\WGARQuD.exe
  2⤵
  PID:8016
- C:\Windows\System\FjIrkdZ.exe
  C:\Windows\System\FjIrkdZ.exe
  2⤵
  PID:8048
- C:\Windows\System\hjEikcs.exe
  C:\Windows\System\hjEikcs.exe
  2⤵
  PID:8096
- C:\Windows\System\ucCqKbs.exe
  C:\Windows\System\ucCqKbs.exe
  2⤵
  PID:8092
- C:\Windows\System\CkQhwVe.exe
  C:\Windows\System\CkQhwVe.exe
  2⤵
  PID:8112
- C:\Windows\System\WuntCaw.exe
  C:\Windows\System\WuntCaw.exe
  2⤵
  PID:8148
- C:\Windows\System\ZdUKSef.exe
  C:\Windows\System\ZdUKSef.exe
  2⤵
  PID:8188
- C:\Windows\System\sEvHLMi.exe
  C:\Windows\System\sEvHLMi.exe
  2⤵
  PID:6064
- C:\Windows\System\kaobyFt.exe
  C:\Windows\System\kaobyFt.exe
  2⤵
  PID:7732
- C:\Windows\System\wdojbmf.exe
  C:\Windows\System\wdojbmf.exe
  2⤵
  PID:6152
- C:\Windows\System\xWidnqB.exe
  C:\Windows\System\xWidnqB.exe
  2⤵
  PID:6476
- C:\Windows\System\ufIHOTa.exe
  C:\Windows\System\ufIHOTa.exe
  2⤵
  PID:6636
- C:\Windows\System\YsAucHO.exe
  C:\Windows\System\YsAucHO.exe
  2⤵
  PID:7204
- C:\Windows\System\ALqcdZW.exe
  C:\Windows\System\ALqcdZW.exe
  2⤵
  PID:6992
- C:\Windows\System\iTLPOTs.exe
  C:\Windows\System\iTLPOTs.exe
  2⤵
  PID:7312
- C:\Windows\System\SWKVxPU.exe
  C:\Windows\System\SWKVxPU.exe
  2⤵
  PID:7388
- C:\Windows\System\DFahNIz.exe
  C:\Windows\System\DFahNIz.exe
  2⤵
  PID:7332
- C:\Windows\System\jnDqMxO.exe
  C:\Windows\System\jnDqMxO.exe
  2⤵
  PID:7492
- C:\Windows\System\CNOiGZE.exe
  C:\Windows\System\CNOiGZE.exe
  2⤵
  PID:7672
- C:\Windows\System\FFiwcqR.exe
  C:\Windows\System\FFiwcqR.exe
  2⤵
  PID:7668
- C:\Windows\System\dvlYejl.exe
  C:\Windows\System\dvlYejl.exe
  2⤵
  PID:7788
- C:\Windows\System\tlJipjh.exe
  C:\Windows\System\tlJipjh.exe
  2⤵
  PID:7876
- C:\Windows\System\pAqXjAC.exe
  C:\Windows\System\pAqXjAC.exe
  2⤵
  PID:7932
- C:\Windows\System\JTBhJKj.exe
  C:\Windows\System\JTBhJKj.exe
  2⤵
  PID:2548
- C:\Windows\System\JrxtJLH.exe
  C:\Windows\System\JrxtJLH.exe
  2⤵
  PID:7752
- C:\Windows\System\wWafQJi.exe
  C:\Windows\System\wWafQJi.exe
  2⤵
  PID:8088
- C:\Windows\System\WtfDjsU.exe
  C:\Windows\System\WtfDjsU.exe
  2⤵
  PID:7928
- C:\Windows\System\VXSraNR.exe
  C:\Windows\System\VXSraNR.exe
  2⤵
  PID:2300
- C:\Windows\System\GBkcjhg.exe
  C:\Windows\System\GBkcjhg.exe
  2⤵
  PID:7968
- C:\Windows\System\aNIoIef.exe
  C:\Windows\System\aNIoIef.exe
  2⤵
  PID:8012
- C:\Windows\System\OMnjEMX.exe
  C:\Windows\System\OMnjEMX.exe
  2⤵
  PID:6696
- C:\Windows\System\TInIApp.exe
  C:\Windows\System\TInIApp.exe
  2⤵
  PID:6952
- C:\Windows\System\onaPhlS.exe
  C:\Windows\System\onaPhlS.exe
  2⤵
  PID:6496
- C:\Windows\System\jCXuLwt.exe
  C:\Windows\System\jCXuLwt.exe
  2⤵
  PID:7092
- C:\Windows\System\PkZPTsb.exe
  C:\Windows\System\PkZPTsb.exe
  2⤵
  PID:7664
- C:\Windows\System\GcpTGoX.exe
  C:\Windows\System\GcpTGoX.exe
  2⤵
  PID:6768
- C:\Windows\System\gAIugSU.exe
  C:\Windows\System\gAIugSU.exe
  2⤵
  PID:1748
- C:\Windows\System\LEAijNT.exe
  C:\Windows\System\LEAijNT.exe
  2⤵
  PID:7284
- C:\Windows\System\IqXDLtb.exe
  C:\Windows\System\IqXDLtb.exe
  2⤵
  PID:2616
- C:\Windows\System\gMlikSz.exe
  C:\Windows\System\gMlikSz.exe
  2⤵
  PID:2532
- C:\Windows\System\LsVhvhx.exe
  C:\Windows\System\LsVhvhx.exe
  2⤵
  PID:7652
- C:\Windows\System\VEwkJfy.exe
  C:\Windows\System\VEwkJfy.exe
  2⤵
  PID:2936
- C:\Windows\System\FhiWruW.exe
  C:\Windows\System\FhiWruW.exe
  2⤵
  PID:7308
- C:\Windows\System\JjIUxRW.exe
  C:\Windows\System\JjIUxRW.exe
  2⤵
  PID:2672
- C:\Windows\System\mPZkVnL.exe
  C:\Windows\System\mPZkVnL.exe
  2⤵
  PID:4264
- C:\Windows\System\ZFrvobM.exe
  C:\Windows\System\ZFrvobM.exe
  2⤵
  PID:2700
- C:\Windows\System\STSrzdE.exe
  C:\Windows\System\STSrzdE.exe
  2⤵
  PID:2468
- C:\Windows\System\iqwCNYx.exe
  C:\Windows\System\iqwCNYx.exe
  2⤵
  PID:2636
- C:\Windows\System\nxRofEt.exe
  C:\Windows\System\nxRofEt.exe
  2⤵
  PID:1692
- C:\Windows\System\oldVdDX.exe
  C:\Windows\System\oldVdDX.exe
  2⤵
  PID:2148
- C:\Windows\System\wJZsJtc.exe
  C:\Windows\System\wJZsJtc.exe
  2⤵
  PID:8108
- C:\Windows\System\hrDUkEz.exe
  C:\Windows\System\hrDUkEz.exe
  2⤵
  PID:7228
- C:\Windows\System\vvmpZGh.exe
  C:\Windows\System\vvmpZGh.exe
  2⤵
  PID:7452
- C:\Windows\System\laQJMwH.exe
  C:\Windows\System\laQJMwH.exe
  2⤵
  PID:8136
- C:\Windows\System\JSbJJte.exe
  C:\Windows\System\JSbJJte.exe
  2⤵
  PID:7956
- C:\Windows\System\NCTJyVh.exe
  C:\Windows\System\NCTJyVh.exe
  2⤵
  PID:7648
- C:\Windows\System\EbgnwrH.exe
  C:\Windows\System\EbgnwrH.exe
  2⤵
  PID:7820
- C:\Windows\System\kgTgJXY.exe
  C:\Windows\System\kgTgJXY.exe
  2⤵
  PID:7620
- C:\Windows\System\CYazlct.exe
  C:\Windows\System\CYazlct.exe
  2⤵
  PID:2996
- C:\Windows\System\wEgtBKE.exe
  C:\Windows\System\wEgtBKE.exe
  2⤵
  PID:6276
- C:\Windows\System\UcSLbQw.exe
  C:\Windows\System\UcSLbQw.exe
  2⤵
  PID:2088
- C:\Windows\System\ifjbAgM.exe
  C:\Windows\System\ifjbAgM.exe
  2⤵
  PID:6872
- C:\Windows\System\VZiapJp.exe
  C:\Windows\System\VZiapJp.exe
  2⤵
  PID:6608
- C:\Windows\System\OwkrKIJ.exe
  C:\Windows\System\OwkrKIJ.exe
  2⤵
  PID:4296
- C:\Windows\System\sjMZXFs.exe
  C:\Windows\System\sjMZXFs.exe
  2⤵
  PID:5308
- C:\Windows\System\VHklRbm.exe
  C:\Windows\System\VHklRbm.exe
  2⤵
  PID:7232
- C:\Windows\System\MrtziJP.exe
  C:\Windows\System\MrtziJP.exe
  2⤵
  PID:7244
- C:\Windows\System\ExeEPbm.exe
  C:\Windows\System\ExeEPbm.exe
  2⤵
  PID:2008
- C:\Windows\System\NLtuCxW.exe
  C:\Windows\System\NLtuCxW.exe
  2⤵
  PID:2124
- C:\Windows\System\ZwXySvE.exe
  C:\Windows\System\ZwXySvE.exe
  2⤵
  PID:7704
- C:\Windows\System\zNXfHBr.exe
  C:\Windows\System\zNXfHBr.exe
  2⤵
  PID:7992
- C:\Windows\System\xDblyQv.exe
  C:\Windows\System\xDblyQv.exe
  2⤵
  PID:7488
- C:\Windows\System\MWVecBY.exe
  C:\Windows\System\MWVecBY.exe
  2⤵
  PID:2684
- C:\Windows\System\JpuQUbE.exe
  C:\Windows\System\JpuQUbE.exe
  2⤵
  PID:7708
- C:\Windows\System\RyZbKBk.exe
  C:\Windows\System\RyZbKBk.exe
  2⤵
  PID:7756
- C:\Windows\System\upiQFPW.exe
  C:\Windows\System\upiQFPW.exe
  2⤵
  PID:8204
- C:\Windows\System\zWgxusH.exe
  C:\Windows\System\zWgxusH.exe
  2⤵
  PID:8228
- C:\Windows\System\qDuxAjH.exe
  C:\Windows\System\qDuxAjH.exe
  2⤵
  PID:8244
- C:\Windows\System\utYFYmy.exe
  C:\Windows\System\utYFYmy.exe
  2⤵
  PID:8288
- C:\Windows\System\kmUMNtx.exe
  C:\Windows\System\kmUMNtx.exe
  2⤵
  PID:8304
- C:\Windows\System\zZbNQqj.exe
  C:\Windows\System\zZbNQqj.exe
  2⤵
  PID:8320
- C:\Windows\System\XJEfPGs.exe
  C:\Windows\System\XJEfPGs.exe
  2⤵
  PID:8336
- C:\Windows\System\zTRhYQd.exe
  C:\Windows\System\zTRhYQd.exe
  2⤵
  PID:8352
- C:\Windows\System\lULpzWO.exe
  C:\Windows\System\lULpzWO.exe
  2⤵
  PID:8368
- C:\Windows\System\WLGbtVI.exe
  C:\Windows\System\WLGbtVI.exe
  2⤵
  PID:8420
- C:\Windows\System\kbkxotN.exe
  C:\Windows\System\kbkxotN.exe
  2⤵
  PID:8436
- C:\Windows\System\fwMEvnP.exe
  C:\Windows\System\fwMEvnP.exe
  2⤵
  PID:8452
- C:\Windows\System\wCWLlVA.exe
  C:\Windows\System\wCWLlVA.exe
  2⤵
  PID:8468
- C:\Windows\System\PFBoFQn.exe
  C:\Windows\System\PFBoFQn.exe
  2⤵
  PID:8484
- C:\Windows\System\CHVehXD.exe
  C:\Windows\System\CHVehXD.exe
  2⤵
  PID:8500
- C:\Windows\System\xQuZxjh.exe
  C:\Windows\System\xQuZxjh.exe
  2⤵
  PID:8516
- C:\Windows\System\NQuZcka.exe
  C:\Windows\System\NQuZcka.exe
  2⤵
  PID:8532
- C:\Windows\System\nfHvhLI.exe
  C:\Windows\System\nfHvhLI.exe
  2⤵
  PID:8548
- C:\Windows\System\nkyVIoj.exe
  C:\Windows\System\nkyVIoj.exe
  2⤵
  PID:8564
- C:\Windows\System\vvKfCka.exe
  C:\Windows\System\vvKfCka.exe
  2⤵
  PID:8580
- C:\Windows\System\ZFIUPQq.exe
  C:\Windows\System\ZFIUPQq.exe
  2⤵
  PID:8596
- C:\Windows\System\DYoNSMy.exe
  C:\Windows\System\DYoNSMy.exe
  2⤵
  PID:8612
- C:\Windows\System\IcwVClw.exe
  C:\Windows\System\IcwVClw.exe
  2⤵
  PID:8628
- C:\Windows\System\KOeIenQ.exe
  C:\Windows\System\KOeIenQ.exe
  2⤵
  PID:8644
- C:\Windows\System\EreeRYv.exe
  C:\Windows\System\EreeRYv.exe
  2⤵
  PID:8660
- C:\Windows\System\FrLRCfZ.exe
  C:\Windows\System\FrLRCfZ.exe
  2⤵
  PID:8676
- C:\Windows\System\UNmpJrW.exe
  C:\Windows\System\UNmpJrW.exe
  2⤵
  PID:8692
- C:\Windows\System\tDZDYBu.exe
  C:\Windows\System\tDZDYBu.exe
  2⤵
  PID:8712
- C:\Windows\System\YpZfgQd.exe
  C:\Windows\System\YpZfgQd.exe
  2⤵
  PID:8728
- C:\Windows\System\YOmIMXJ.exe
  C:\Windows\System\YOmIMXJ.exe
  2⤵
  PID:8744
- C:\Windows\System\EQqgVZz.exe
  C:\Windows\System\EQqgVZz.exe
  2⤵
  PID:8760
- C:\Windows\System\vdzuYiL.exe
  C:\Windows\System\vdzuYiL.exe
  2⤵
  PID:8776
- C:\Windows\System\bFVMITm.exe
  C:\Windows\System\bFVMITm.exe
  2⤵
  PID:8792
- C:\Windows\System\qWbvAzr.exe
  C:\Windows\System\qWbvAzr.exe
  2⤵
  PID:8808
- C:\Windows\System\SmbEfsW.exe
  C:\Windows\System\SmbEfsW.exe
  2⤵
  PID:8824
- C:\Windows\System\WYnyPIs.exe
  C:\Windows\System\WYnyPIs.exe
  2⤵
  PID:8840
- C:\Windows\System\VGZfDDh.exe
  C:\Windows\System\VGZfDDh.exe
  2⤵
  PID:8856
- C:\Windows\System\MwYuJab.exe
  C:\Windows\System\MwYuJab.exe
  2⤵
  PID:8872
- C:\Windows\System\ECzcKzT.exe
  C:\Windows\System\ECzcKzT.exe
  2⤵
  PID:8888
- C:\Windows\System\QolbjKF.exe
  C:\Windows\System\QolbjKF.exe
  2⤵
  PID:8904
- C:\Windows\System\GgOftbi.exe
  C:\Windows\System\GgOftbi.exe
  2⤵
  PID:8920
- C:\Windows\System\mnizcRN.exe
  C:\Windows\System\mnizcRN.exe
  2⤵
  PID:8936
- C:\Windows\System\yIQqhry.exe
  C:\Windows\System\yIQqhry.exe
  2⤵
  PID:8952
- C:\Windows\System\aiEVVRq.exe
  C:\Windows\System\aiEVVRq.exe
  2⤵
  PID:8968
- C:\Windows\System\YLMrnvb.exe
  C:\Windows\System\YLMrnvb.exe
  2⤵
  PID:9012
- C:\Windows\System\CCwKBLk.exe
  C:\Windows\System\CCwKBLk.exe
  2⤵
  PID:9032
- C:\Windows\System\tmWSxHg.exe
  C:\Windows\System\tmWSxHg.exe
  2⤵
  PID:9048
- C:\Windows\System\ajDHfWF.exe
  C:\Windows\System\ajDHfWF.exe
  2⤵
  PID:9184
- C:\Windows\System\nlnqDze.exe
  C:\Windows\System\nlnqDze.exe
  2⤵
  PID:9204
- C:\Windows\System\hoXcONJ.exe
  C:\Windows\System\hoXcONJ.exe
  2⤵
  PID:3008
- C:\Windows\System\WMtoMkZ.exe
  C:\Windows\System\WMtoMkZ.exe
  2⤵
  PID:7448
- C:\Windows\System\viTeAcz.exe
  C:\Windows\System\viTeAcz.exe
  2⤵
  PID:8216
- C:\Windows\System\ZkvJiDh.exe
  C:\Windows\System\ZkvJiDh.exe
  2⤵
  PID:8252
- C:\Windows\System\RrxOnkv.exe
  C:\Windows\System\RrxOnkv.exe
  2⤵
  PID:1632
- C:\Windows\System\rgqpCvX.exe
  C:\Windows\System\rgqpCvX.exe
  2⤵
  PID:1388
- C:\Windows\System\XJFHZuQ.exe
  C:\Windows\System\XJFHZuQ.exe
  2⤵
  PID:4068
- C:\Windows\System\yrsnkHv.exe
  C:\Windows\System\yrsnkHv.exe
  2⤵
  PID:2880
- C:\Windows\System\ICzUswL.exe
  C:\Windows\System\ICzUswL.exe
  2⤵
  PID:748
- C:\Windows\System\DfAzMRx.exe
  C:\Windows\System\DfAzMRx.exe
  2⤵
  PID:8296
- C:\Windows\System\WPgyjLq.exe
  C:\Windows\System\WPgyjLq.exe
  2⤵
  PID:8376
- C:\Windows\System\sKrWPku.exe
  C:\Windows\System\sKrWPku.exe
  2⤵
  PID:8328
- C:\Windows\System\tcmWOZJ.exe
  C:\Windows\System\tcmWOZJ.exe
  2⤵
  PID:8392
- C:\Windows\System\iqrLruW.exe
  C:\Windows\System\iqrLruW.exe
  2⤵
  PID:8416
- C:\Windows\System\Nmgcptk.exe
  C:\Windows\System\Nmgcptk.exe
  2⤵
  PID:8444
- C:\Windows\System\rUNLQpa.exe
  C:\Windows\System\rUNLQpa.exe
  2⤵
  PID:8560
- C:\Windows\System\TweJHoF.exe
  C:\Windows\System\TweJHoF.exe
  2⤵
  PID:8624
- C:\Windows\System\zFrhzOq.exe
  C:\Windows\System\zFrhzOq.exe
  2⤵
  PID:8508
- C:\Windows\System\nRmgJtr.exe
  C:\Windows\System\nRmgJtr.exe
  2⤵
  PID:8576
- C:\Windows\System\NdauagY.exe
  C:\Windows\System\NdauagY.exe
  2⤵
  PID:8668
- C:\Windows\System\FQwJMEl.exe
  C:\Windows\System\FQwJMEl.exe
  2⤵
  PID:8688
- C:\Windows\System\wkDDtxd.exe
  C:\Windows\System\wkDDtxd.exe
  2⤵
  PID:8756
- C:\Windows\System\SLRBKPY.exe
  C:\Windows\System\SLRBKPY.exe
  2⤵
  PID:8800
- C:\Windows\System\bYvgGQM.exe
  C:\Windows\System\bYvgGQM.exe
  2⤵
  PID:8788
- C:\Windows\System\gfNgbBg.exe
  C:\Windows\System\gfNgbBg.exe
  2⤵
  PID:8852
- C:\Windows\System\CgGMDZX.exe
  C:\Windows\System\CgGMDZX.exe
  2⤵
  PID:8768
- C:\Windows\System\yUHYagL.exe
  C:\Windows\System\yUHYagL.exe
  2⤵
  PID:8868
- C:\Windows\System\LkEtvxX.exe
  C:\Windows\System\LkEtvxX.exe
  2⤵
  PID:8912
- C:\Windows\System\wRpavuS.exe
  C:\Windows\System\wRpavuS.exe
  2⤵
  PID:8960
- C:\Windows\System\aBqXpEI.exe
  C:\Windows\System\aBqXpEI.exe
  2⤵
  PID:8980
- C:\Windows\System\mCRaRmQ.exe
  C:\Windows\System\mCRaRmQ.exe
  2⤵
  PID:8996
- C:\Windows\System\SKMEFmn.exe
  C:\Windows\System\SKMEFmn.exe
  2⤵
  PID:9028
- C:\Windows\System\kBBdCPz.exe
  C:\Windows\System\kBBdCPz.exe
  2⤵
  PID:9008
- C:\Windows\System\TmnCpzq.exe
  C:\Windows\System\TmnCpzq.exe
  2⤵
  PID:9072
- C:\Windows\System\hyIkjvu.exe
  C:\Windows\System\hyIkjvu.exe
  2⤵
  PID:9092
- C:\Windows\System\pxsBmke.exe
  C:\Windows\System\pxsBmke.exe
  2⤵
  PID:9104
- C:\Windows\System\RbfrlrM.exe
  C:\Windows\System\RbfrlrM.exe
  2⤵
  PID:9120
- C:\Windows\System\ybTCEVg.exe
  C:\Windows\System\ybTCEVg.exe
  2⤵
  PID:9140
- C:\Windows\System\Uursmem.exe
  C:\Windows\System\Uursmem.exe
  2⤵
  PID:9156
- C:\Windows\System\fQlzMPy.exe
  C:\Windows\System\fQlzMPy.exe
  2⤵
  PID:9180
- C:\Windows\System\rzRmfHa.exe
  C:\Windows\System\rzRmfHa.exe
  2⤵
  PID:9200
- C:\Windows\System\PYEQhdm.exe
  C:\Windows\System\PYEQhdm.exe
  2⤵
  PID:8052
- C:\Windows\System\bABhkQa.exe
  C:\Windows\System\bABhkQa.exe
  2⤵
  PID:768
- C:\Windows\System\HRZAxGi.exe
  C:\Windows\System\HRZAxGi.exe
  2⤵
  PID:804
- C:\Windows\System\TRzzLxH.exe
  C:\Windows\System\TRzzLxH.exe
  2⤵
  PID:1556
- C:\Windows\System\UxmdYKF.exe
  C:\Windows\System\UxmdYKF.exe
  2⤵
  PID:3016
- C:\Windows\System\ocImmmD.exe
  C:\Windows\System\ocImmmD.exe
  2⤵
  PID:8332
- C:\Windows\System\qcbemyT.exe
  C:\Windows\System\qcbemyT.exe
  2⤵
  PID:8492
- C:\Windows\System\qjWUHGO.exe
  C:\Windows\System\qjWUHGO.exe
  2⤵
  PID:8408
- C:\Windows\System\vtoTjxq.exe
  C:\Windows\System\vtoTjxq.exe
  2⤵
  PID:8480
- C:\Windows\System\spzDCtY.exe
  C:\Windows\System\spzDCtY.exe
  2⤵
  PID:8636
- C:\Windows\System\nklvWmb.exe
  C:\Windows\System\nklvWmb.exe
  2⤵
  PID:8724
- C:\Windows\System\MizAHIs.exe
  C:\Windows\System\MizAHIs.exe
  2⤵
  PID:8652
- C:\Windows\System\yPkgRpq.exe
  C:\Windows\System\yPkgRpq.exe
  2⤵
  PID:9172
- C:\Windows\System\HlFeeQJ.exe
  C:\Windows\System\HlFeeQJ.exe
  2⤵
  PID:9164
- C:\Windows\System\lTmKdYu.exe
  C:\Windows\System\lTmKdYu.exe
  2⤵
  PID:7772
- C:\Windows\System\HQgPGat.exe
  C:\Windows\System\HQgPGat.exe
  2⤵
  PID:8196
- C:\Windows\System\ZTpjbSP.exe
  C:\Windows\System\ZTpjbSP.exe
  2⤵
  PID:3024
- C:\Windows\System\EiTTsoT.exe
  C:\Windows\System\EiTTsoT.exe
  2⤵
  PID:2940
- C:\Windows\System\OjBlZJP.exe
  C:\Windows\System\OjBlZJP.exe
  2⤵
  PID:988
- C:\Windows\System\OskMHLM.exe
  C:\Windows\System\OskMHLM.exe
  2⤵
  PID:2296
- C:\Windows\System\EIqOdhh.exe
  C:\Windows\System\EIqOdhh.exe
  2⤵
  PID:3064
- C:\Windows\System\tggDBCL.exe
  C:\Windows\System\tggDBCL.exe
  2⤵
  PID:8836
- C:\Windows\System\HTwYwan.exe
  C:\Windows\System\HTwYwan.exe
  2⤵
  PID:8280
- C:\Windows\System\fpWOMRH.exe
  C:\Windows\System\fpWOMRH.exe
  2⤵
  PID:8864
- C:\Windows\System\ZPeYiyZ.exe
  C:\Windows\System\ZPeYiyZ.exe
  2⤵
  PID:8932
- C:\Windows\System\asisbbg.exe
  C:\Windows\System\asisbbg.exe
  2⤵
  PID:9020
- C:\Windows\System\PPdjoUk.exe
  C:\Windows\System\PPdjoUk.exe
  2⤵
  PID:9124
- C:\Windows\System\lCSdATF.exe
  C:\Windows\System\lCSdATF.exe
  2⤵
  PID:9096
- C:\Windows\System\qpmGVzZ.exe
  C:\Windows\System\qpmGVzZ.exe
  2⤵
  PID:9196
- C:\Windows\System\pjmHBIo.exe
  C:\Windows\System\pjmHBIo.exe
  2⤵
  PID:2744
- C:\Windows\System\mNgMkwx.exe
  C:\Windows\System\mNgMkwx.exe
  2⤵
  PID:8256
- C:\Windows\System\FygsUJI.exe
  C:\Windows\System\FygsUJI.exe
  2⤵
  PID:8684
- C:\Windows\System\YSYkqkt.exe
  C:\Windows\System\YSYkqkt.exe
  2⤵
  PID:8592
- C:\Windows\System\mIgKuby.exe
  C:\Windows\System\mIgKuby.exe
  2⤵
  PID:8556
- C:\Windows\System\vnkKMIQ.exe
  C:\Windows\System\vnkKMIQ.exe
  2⤵
  PID:9080
- C:\Windows\System\oljdJhj.exe
  C:\Windows\System\oljdJhj.exe
  2⤵
  PID:7848
- C:\Windows\System\Fnyfqoc.exe
  C:\Windows\System\Fnyfqoc.exe
  2⤵
  PID:8236
- C:\Windows\System\gzbimJD.exe
  C:\Windows\System\gzbimJD.exe
  2⤵
  PID:8848
- C:\Windows\System\FbTIpKn.exe
  C:\Windows\System\FbTIpKn.exe
  2⤵
  PID:8704
- C:\Windows\System\wHKOjiP.exe
  C:\Windows\System\wHKOjiP.exe
  2⤵
  PID:8820
- C:\Windows\System\XSzIopP.exe
  C:\Windows\System\XSzIopP.exe
  2⤵
  PID:8948
- C:\Windows\System\FheeehR.exe
  C:\Windows\System\FheeehR.exe
  2⤵
  PID:9148
- C:\Windows\System\FLJsEUt.exe
  C:\Windows\System\FLJsEUt.exe
  2⤵
  PID:8708
- C:\Windows\System\PZdRCPV.exe
  C:\Windows\System\PZdRCPV.exe
  2⤵
  PID:8884
- C:\Windows\System\SLdburr.exe
  C:\Windows\System\SLdburr.exe
  2⤵
  PID:8300
- C:\Windows\System\dqJIObd.exe
  C:\Windows\System\dqJIObd.exe
  2⤵
  PID:8992
- C:\Windows\System\ulQFbkN.exe
  C:\Windows\System\ulQFbkN.exe
  2⤵
  PID:9056
- C:\Windows\System\vRHXUwM.exe
  C:\Windows\System\vRHXUwM.exe
  2⤵
  PID:9228
- C:\Windows\System\TfkOsYD.exe
  C:\Windows\System\TfkOsYD.exe
  2⤵
  PID:9252
- C:\Windows\System\XllIVQo.exe
  C:\Windows\System\XllIVQo.exe
  2⤵
  PID:9268
- C:\Windows\System\wttHqSI.exe
  C:\Windows\System\wttHqSI.exe
  2⤵
  PID:9288
- C:\Windows\System\sbJAZhy.exe
  C:\Windows\System\sbJAZhy.exe
  2⤵
  PID:9312
- C:\Windows\System\bEyWZTR.exe
  C:\Windows\System\bEyWZTR.exe
  2⤵
  PID:9328
- C:\Windows\System\zygEmCK.exe
  C:\Windows\System\zygEmCK.exe
  2⤵
  PID:9356
- C:\Windows\System\YZolanp.exe
  C:\Windows\System\YZolanp.exe
  2⤵
  PID:9376
- C:\Windows\System\XElkZuv.exe
  C:\Windows\System\XElkZuv.exe
  2⤵
  PID:9392
- C:\Windows\System\WLlrDry.exe
  C:\Windows\System\WLlrDry.exe
  2⤵
  PID:9416
- C:\Windows\System\BLsOQYa.exe
  C:\Windows\System\BLsOQYa.exe
  2⤵
  PID:9432
- C:\Windows\System\ZbJcKdf.exe
  C:\Windows\System\ZbJcKdf.exe
  2⤵
  PID:9456
- C:\Windows\System\DFupAXd.exe
  C:\Windows\System\DFupAXd.exe
  2⤵
  PID:9476
- C:\Windows\System\uKQYpEb.exe
  C:\Windows\System\uKQYpEb.exe
  2⤵
  PID:9496
- C:\Windows\System\tEIkvaC.exe
  C:\Windows\System\tEIkvaC.exe
  2⤵
  PID:9512
- C:\Windows\System\DIDZxUC.exe
  C:\Windows\System\DIDZxUC.exe
  2⤵
  PID:9536
- C:\Windows\System\PvNVfyP.exe
  C:\Windows\System\PvNVfyP.exe
  2⤵
  PID:9556
- C:\Windows\System\axTuyYF.exe
  C:\Windows\System\axTuyYF.exe
  2⤵
  PID:9576
- C:\Windows\System\uuQcnSK.exe
  C:\Windows\System\uuQcnSK.exe
  2⤵
  PID:9596
- C:\Windows\System\NEqVTNM.exe
  C:\Windows\System\NEqVTNM.exe
  2⤵
  PID:9616
- C:\Windows\System\KIQOHAz.exe
  C:\Windows\System\KIQOHAz.exe
  2⤵
  PID:9632
- C:\Windows\System\JHEISBz.exe
  C:\Windows\System\JHEISBz.exe
  2⤵
  PID:9648
- C:\Windows\System\ZdttNvp.exe
  C:\Windows\System\ZdttNvp.exe
  2⤵
  PID:9664
- C:\Windows\System\fAgxPdD.exe
  C:\Windows\System\fAgxPdD.exe
  2⤵
  PID:9696
- C:\Windows\System\AszSIsW.exe
  C:\Windows\System\AszSIsW.exe
  2⤵
  PID:9712
- C:\Windows\System\TQFTEvs.exe
  C:\Windows\System\TQFTEvs.exe
  2⤵
  PID:9732
- C:\Windows\System\KEsdspQ.exe
  C:\Windows\System\KEsdspQ.exe
  2⤵
  PID:9756
- C:\Windows\System\dteaXqP.exe
  C:\Windows\System\dteaXqP.exe
  2⤵
  PID:9772
- C:\Windows\System\LCOlLjT.exe
  C:\Windows\System\LCOlLjT.exe
  2⤵
  PID:9792
- C:\Windows\System\UIjhovm.exe
  C:\Windows\System\UIjhovm.exe
  2⤵
  PID:9812
- C:\Windows\System\dqxBayv.exe
  C:\Windows\System\dqxBayv.exe
  2⤵
  PID:9832
- C:\Windows\System\AKBgAcW.exe
  C:\Windows\System\AKBgAcW.exe
  2⤵
  PID:9848
- C:\Windows\System\ZRxIyaN.exe
  C:\Windows\System\ZRxIyaN.exe
  2⤵
  PID:9868
- C:\Windows\System\HydfKWy.exe
  C:\Windows\System\HydfKWy.exe
  2⤵
  PID:9896
- C:\Windows\System\XjgvJVD.exe
  C:\Windows\System\XjgvJVD.exe
  2⤵
  PID:9916
- C:\Windows\System\PxnqlAN.exe
  C:\Windows\System\PxnqlAN.exe
  2⤵
  PID:9940
- C:\Windows\System\dcoeGkN.exe
  C:\Windows\System\dcoeGkN.exe
  2⤵
  PID:9956
- C:\Windows\System\TXtQEKi.exe
  C:\Windows\System\TXtQEKi.exe
  2⤵
  PID:9980
- C:\Windows\System\HwRCxas.exe
  C:\Windows\System\HwRCxas.exe
  2⤵
  PID:10000
- C:\Windows\System\IqUIPgF.exe
  C:\Windows\System\IqUIPgF.exe
  2⤵
  PID:10016
- C:\Windows\System\yqzKSvF.exe
  C:\Windows\System\yqzKSvF.exe
  2⤵
  PID:10036
- C:\Windows\System\cVsNQIq.exe
  C:\Windows\System\cVsNQIq.exe
  2⤵
  PID:10056
- C:\Windows\System\yLvjJcC.exe
  C:\Windows\System\yLvjJcC.exe
  2⤵
  PID:10076
- C:\Windows\System\IdAMvxU.exe
  C:\Windows\System\IdAMvxU.exe
  2⤵
  PID:10100
- C:\Windows\System\UPTdCIk.exe
  C:\Windows\System\UPTdCIk.exe
  2⤵
  PID:10116
- C:\Windows\System\CrARYZj.exe
  C:\Windows\System\CrARYZj.exe
  2⤵
  PID:10136
- C:\Windows\System\tePnmGp.exe
  C:\Windows\System\tePnmGp.exe
  2⤵
  PID:10152
- C:\Windows\System\PNaXThD.exe
  C:\Windows\System\PNaXThD.exe
  2⤵
  PID:10168
- C:\Windows\System\jyviABl.exe
  C:\Windows\System\jyviABl.exe
  2⤵
  PID:10188
- C:\Windows\System\YbEkRfO.exe
  C:\Windows\System\YbEkRfO.exe
  2⤵
  PID:10208
- C:\Windows\System\kXBwVyF.exe
  C:\Windows\System\kXBwVyF.exe
  2⤵
  PID:10224
- C:\Windows\System\NnwDXRo.exe
  C:\Windows\System\NnwDXRo.exe
  2⤵
  PID:9224
- C:\Windows\System\uRgQZiI.exe
  C:\Windows\System\uRgQZiI.exe
  2⤵
  PID:9248
- C:\Windows\System\ZFEpDkO.exe
  C:\Windows\System\ZFEpDkO.exe
  2⤵
  PID:9280
- C:\Windows\System\mwyzoTw.exe
  C:\Windows\System\mwyzoTw.exe
  2⤵
  PID:9320
- C:\Windows\System\MXeWGiM.exe
  C:\Windows\System\MXeWGiM.exe
  2⤵
  PID:9340
- C:\Windows\System\PaBpCnV.exe
  C:\Windows\System\PaBpCnV.exe
  2⤵
  PID:9384
- C:\Windows\System\WSwbqBq.exe
  C:\Windows\System\WSwbqBq.exe
  2⤵
  PID:9404
- C:\Windows\System\YuJRGJL.exe
  C:\Windows\System\YuJRGJL.exe
  2⤵
  PID:9444
- C:\Windows\System\AHgBfso.exe
  C:\Windows\System\AHgBfso.exe
  2⤵
  PID:9484
- C:\Windows\System\oZyRwOL.exe
  C:\Windows\System\oZyRwOL.exe
  2⤵
  PID:9508
- C:\Windows\System\hrRCHYN.exe
  C:\Windows\System\hrRCHYN.exe
  2⤵
  PID:9548
- C:\Windows\System\uEZKaIM.exe
  C:\Windows\System\uEZKaIM.exe
  2⤵
  PID:9568
- C:\Windows\System\aConwXj.exe
  C:\Windows\System\aConwXj.exe
  2⤵
  PID:9592
- C:\Windows\System\kSOLQVc.exe
  C:\Windows\System\kSOLQVc.exe
  2⤵
  PID:9628
- C:\Windows\System\vETItNF.exe
  C:\Windows\System\vETItNF.exe
  2⤵
  PID:9680
- C:\Windows\System\FKdvSrx.exe
  C:\Windows\System\FKdvSrx.exe
  2⤵
  PID:9704
- C:\Windows\System\VRmgeMT.exe
  C:\Windows\System\VRmgeMT.exe
  2⤵
  PID:9752
- C:\Windows\System\LxdVJwZ.exe
  C:\Windows\System\LxdVJwZ.exe
  2⤵
  PID:9788
- C:\Windows\System\RHcPrpa.exe
  C:\Windows\System\RHcPrpa.exe
  2⤵
  PID:9820
- C:\Windows\System\LNPsciB.exe
  C:\Windows\System\LNPsciB.exe
  2⤵
  PID:9876
- C:\Windows\System\AonYRSa.exe
  C:\Windows\System\AonYRSa.exe
  2⤵
  PID:9860
- C:\Windows\System\evLEUfn.exe
  C:\Windows\System\evLEUfn.exe
  2⤵
  PID:9908
- C:\Windows\System\UibTGfd.exe
  C:\Windows\System\UibTGfd.exe
  2⤵
  PID:9932
- C:\Windows\System\tzGjPsa.exe
  C:\Windows\System\tzGjPsa.exe
  2⤵
  PID:9952
- C:\Windows\System\gkmAfqv.exe
  C:\Windows\System\gkmAfqv.exe
  2⤵
  PID:10008
- C:\Windows\System\LRZSxcX.exe
  C:\Windows\System\LRZSxcX.exe
  2⤵
  PID:10048
- C:\Windows\System\qanEZFj.exe
  C:\Windows\System\qanEZFj.exe
  2⤵
  PID:10088
- C:\Windows\System\epxQVbJ.exe
  C:\Windows\System\epxQVbJ.exe
  2⤵
  PID:10132
- C:\Windows\System\hmaYukK.exe
  C:\Windows\System\hmaYukK.exe
  2⤵
  PID:10032
- C:\Windows\System\jIrqWrE.exe
  C:\Windows\System\jIrqWrE.exe
  2⤵
  PID:10236
- C:\Windows\System\gaVscgh.exe
  C:\Windows\System\gaVscgh.exe
  2⤵
  PID:10184
- C:\Windows\System\lBQpRal.exe
  C:\Windows\System\lBQpRal.exe
  2⤵
  PID:10176
- C:\Windows\System\TxSFPRN.exe
  C:\Windows\System\TxSFPRN.exe
  2⤵
  PID:8344
- C:\Windows\System\ctBZIwl.exe
  C:\Windows\System\ctBZIwl.exe
  2⤵
  PID:9264
- C:\Windows\System\YiddfPZ.exe
  C:\Windows\System\YiddfPZ.exe
  2⤵
  PID:9388
- C:\Windows\System\UJSzxIl.exe
  C:\Windows\System\UJSzxIl.exe
  2⤵
  PID:9368
- C:\Windows\System\lgjWzyk.exe
  C:\Windows\System\lgjWzyk.exe
  2⤵
  PID:9296
- C:\Windows\System\DVbaxMa.exe
  C:\Windows\System\DVbaxMa.exe
  2⤵
  PID:9572
- C:\Windows\System\OQmSSRJ.exe
  C:\Windows\System\OQmSSRJ.exe
  2⤵
  PID:9660
- C:\Windows\System\GDsZusU.exe
  C:\Windows\System\GDsZusU.exe
  2⤵
  PID:9676
- C:\Windows\System\BpGulKF.exe
  C:\Windows\System\BpGulKF.exe
  2⤵
  PID:9740
- C:\Windows\System\udhvYHY.exe
  C:\Windows\System\udhvYHY.exe
  2⤵
  PID:9780
- C:\Windows\System\UzrdOfO.exe
  C:\Windows\System\UzrdOfO.exe
  2⤵
  PID:9892
- C:\Windows\System\ucBIbtP.exe
  C:\Windows\System\ucBIbtP.exe
  2⤵
  PID:9992
- C:\Windows\System\xJubere.exe
  C:\Windows\System\xJubere.exe
  2⤵
  PID:10068
- C:\Windows\System\sbbDKxV.exe
  C:\Windows\System\sbbDKxV.exe
  2⤵
  PID:9304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AQrwVPo.exe

Filesize
6.0MB

MD5
3cacab0274ca1b7c19a1731b78b275c6

SHA1
c9a66e0b06c6254803c8e970e0c9cd8dbb0f9fc1

SHA256
3bbec3b9d13daa746f488c333f3106947c7e91e5915d7539b45d6f1721b6c6a0

SHA512
9b5b5a21119a3479c3f5818ae91ab447edd3bbf269978c7d30de5b3413b8e814800da8ff638226534f0b087f99a15bc2f789ac08618ebdb429b41456d18110a2

Download Submit
C:\Windows\system\GbkMusA.exe

Filesize
6.0MB

MD5
51979a25b6512e627c9d14a55dd2ea00

SHA1
2dab36efc9742972e6d6788873c1fe1de2cd7e10

SHA256
f938932a82814bd3c25bf722324dbf1f819dabb7511353a2b5d44caec22c6f72

SHA512
c6c3738a300effdbe9facfccf24e259819f163efec0b571ad38ee199741a8532b9ea468e9ff762eaeb860f45161ff37c6dc5f2ca2bba04264decefaa1cfda9f5

Download Submit
C:\Windows\system\ItbWzPo.exe

Filesize
6.0MB

MD5
09c4d73d47221db4757ad187becda925

SHA1
c38db092e4498c4b25b24593ba8438125be2d2cd

SHA256
824a50de596beca84362922fbb2c83df9b1d063ab46cbb5224a9ce1c788e39f8

SHA512
5d1e158b5a166c4add6da8e5b51df1e4ce816346c38b260978951ca31d971ecaef8d6e171efaf18f8a1b9bd05778e20382c74fa32905ee7e3c34562fdc1d8fef

Download Submit
C:\Windows\system\ProoLia.exe

Filesize
6.0MB

MD5
3cbcc1b9103c9c4bd714f54d3c5249a6

SHA1
8ff41d4e7895919673334cd742c27649d13d1cc7

SHA256
c34b45c8e29dde93e87a443bec6f917a2acb8209ecab2857be37e972d4e81ef5

SHA512
f20da2af011509368805b85071053f9469dc80d54bbe52af947a011cfe0bf819a83908e07fb7e62d0ceb9d8b38074f05cd372cbbfe55c3657d8bcffc348a57c4

Download Submit
C:\Windows\system\RaznKPW.exe

Filesize
6.0MB

MD5
5f5703c21a4e28a63bf7a2f7504ac64b

SHA1
aeae640b4a0b1ced8e6742ee510ac5519bf298db

SHA256
25130e223e9ec2785c7302221c9901e4c0602178b663d7ad5a61d86fb0d8665b

SHA512
72a7b6fda839a2c97422c55810e37c9e77316da39bf19ce178e5721b0d0cab9d99015270eae410b9fe02dafe830276d82ed3b448ca43649ff4e647073adb944a

Download Submit
C:\Windows\system\SbxMnzw.exe

Filesize
6.0MB

MD5
0d6523b1c7496ec1c2df313bd0baf4c1

SHA1
f6a787c00833b502a95057c3087dce6a0356fd52

SHA256
fd75630173ff499aade40232aa97d3a10326c61aaeee3df16edc7697bd387a64

SHA512
4721d03b98473d01dc02ade5b7dea7815fcc0ed0ec15a90b01e18bc363ea9f4acef5288183c252343192db202ed47d7eae74fdd3a4e71831d0e7e6ec7f4c2fee

Download Submit
C:\Windows\system\TJnglzg.exe

Filesize
6.0MB

MD5
c956f8359d96d9989373dea7155bb982

SHA1
96438b5bb9764ca5eb3310f396ac3fca681c7f20

SHA256
c801719b4a8b7dc67e3145defe57434f800ac7b376f3a0e427778e2a3fb19777

SHA512
d31fa0027b315eeed5d30dd978a49d54155cef488a5716821e6534ebf51c7979adfa2ba62c35e7b7143bb00a0774ecee0866be184da18cf1d6c3729925afcca1

Download Submit
C:\Windows\system\VZZdJgu.exe

Filesize
6.0MB

MD5
d184e220ff253364a45a6ee001f5e6d9

SHA1
16c14337059f759f0d0b0ab944bf369618c8ae3c

SHA256
9616b1c41efdf8cef337087d2587e7126a184a40b90e7f97411380ffbec36d79

SHA512
647fc050dac10bccf0beaeaeea1dd91518cc17e22039469d34efdf5b63de80d10ddd1bd9748023944025833d7df6972999ba735d5f4c8c71bf0f88fe8ad7ee26

Download Submit
C:\Windows\system\VmRAtXK.exe

Filesize
6.0MB

MD5
4a4e3c3be31446a667d7f17afed08583

SHA1
ce7cd830a3f90a4d94d697fa619ee1701aaf70b4

SHA256
65c961a281d401fa5ffa3cf0d8fe0c19396e28f143e6deb60df68aa89cbcd9e9

SHA512
be56c266a929189804ae0300962ce66e58200c046954e990f48909bcb205fae4c78bacca2c899392b857088804e1dbd42d7e2bd2b1022ec4e6edb161301b501c

Download Submit
C:\Windows\system\WJOUiGV.exe

Filesize
6.0MB

MD5
5ccbf00d93739ff555ed534207627c14

SHA1
21c45096c514c1e7e047c8d10f215e21bb4f8583

SHA256
43ca42158eeeb812a3e17798ff85a646468fa3a654827410a12a34ec62ead028

SHA512
8ccc499bbab49f14cdc49d4a2d38747b65029626ba1afa341056d8663304dcd061600e2e6fee1c707b7bf30c7d0bc76305b2183aa8d9dde79cb8b5f19ff5f687

Download Submit
C:\Windows\system\XZwMmrf.exe

Filesize
6.0MB

MD5
02b2caa19a5f7054c2340eac917bfbc5

SHA1
6d669983929885cfb269b2971fc50931e459699e

SHA256
0e4bff18e7f6e27204719f3dba5ddf06a863fb78431f953a675c551b176cc6c8

SHA512
e7e55f151aac74744151f21f0bad12933687ba482ffd08b3c5de430d43ba5f5c9e83fcce321e30dafe160a95251baa9fa829ac3e1c615107632f95da4128440b

Download Submit
C:\Windows\system\XnuYOQz.exe

Filesize
6.0MB

MD5
eda3a2994a61ec967f6ab0f13416fedd

SHA1
04fc85c8c60a0da03979242047c27e58f656fcc3

SHA256
8d5a4ff26eab38d5e373b1f8403fd230249719b3e60173d25421d75de9408d4e

SHA512
cd10edbf02e606a9cf5054926860524d49729eb84d73480fe8815837f6de989c282a3536d4988f886b6a9f8df40d11bf502df3d716dc2568646f09c658d89edc

Download Submit
C:\Windows\system\aMjUxgJ.exe

Filesize
6.0MB

MD5
a27bc8a018e0443be01c70109e48aa82

SHA1
52a6e1d78fc707ed3d3e27414855b596b43b0101

SHA256
f966d53f214f785de14299ed5fc78741729d85837c30137693d1da8a42c6286d

SHA512
9982d090d6392c30532847e872769a8c02a86351bd0e7aad4d4e561ba334d76e5cf3d334e4529b7a90939d0f4de9f2d9acea0005596381d21fce591a8d6fc55b

Download Submit
C:\Windows\system\aWElAFG.exe

Filesize
6.0MB

MD5
68a63f6433bb8fd8c467f46b89cb70c5

SHA1
27d414ba3dacca66e522896f2ddfca371d2de3be

SHA256
7dc1cb2d301cf694c804c6d1199f5d3e480a27db67e54609c5ec36d2671bae5f

SHA512
5c68be24cd62b84ce3c6486471d3cd20f1693689eca2d47a32d868a86d52fb11962be97c1cfdc98823c5be2876b76acb7aa3df4f762ce3a0925413715ee641dc

Download Submit
C:\Windows\system\boqoWnG.exe

Filesize
6.0MB

MD5
8512f1810a7dbc6e7ccbbe777589b0e7

SHA1
79d893b5a305854ff2ed870c8ede09e8971e03cc

SHA256
9b65de4c395cd37af618b02d1afb6d071e636ca7e822ffd2304c45776b8c552e

SHA512
9a3a0d32fa822660ee51005cef30e26e442759b147148c6fdfb5865c28fdbfbff9238854a4fc1c5f9b6640bbf55a91d7afbd173b0dd1f127092ea010acc85f27

Download Submit
C:\Windows\system\dgycVhK.exe

Filesize
6.0MB

MD5
86ebe05032e44d4746850543c298bf3f

SHA1
2910a50a205f1f790c43d8a40a6bcf96637db1bd

SHA256
0af359a541683a5650cb4e59d465e21145d66b5746b26cc7bcd7a8b583962f4c

SHA512
4a346cf518a9624c27d3021a54b68f3c65625ca35d31b065f324121b776cebd6cb8d738699cbf513c2f97359b75e89d9335a80020353683a75e7bf7c7c23c2e9

Download Submit
C:\Windows\system\eTBdezE.exe

Filesize
6.0MB

MD5
fa6bcdfe3a40795a3418cb6bf5034b41

SHA1
ef5c6604875c60e686e3c8e2a231b6d18cab84e9

SHA256
6fda2e896643b5353b92dca1aa4738f3debcbc6dfb806012577a366dd63cd3a8

SHA512
9c3f6b5e3810463aef62dccb02171f0af1b4264583222e99a49c33876fb1aa2dc35042f6d0d7e2476ef569ce042f102ccc5a0bdd1db94c764be35da78c3ba83e

Download Submit
C:\Windows\system\hNmrzcz.exe

Filesize
6.0MB

MD5
604ded2fb0effe29b00e2f935aea54d9

SHA1
7a56033190f5633ad69c8a5812f8274962a294b8

SHA256
481fb798a757c9973cb5eaa8a88d36a3c09d9209b14e731ea938668aa9bb0f01

SHA512
b623d554a6bd53b7abd5fbc7afe72edeb93e6b548b23b6a2e5a38a8af0d2010b67cc7164aab16be7a60b608256ee542423287dcdb0ecd923851f1ad57f54d985

Download Submit
C:\Windows\system\jfTqDHP.exe

Filesize
6.0MB

MD5
4c7993822e0f48cad9875c7b150d0c54

SHA1
36e49b43f4fa393999362dd9054e246355fd7214

SHA256
c09cf307297a5873905f7af25073ecfccd22de982972340101833318487058e6

SHA512
a8170dfd1d9c78ec257d670f749461df975a6b57981d9f48658a3d8b06ed0fa165863a21defc495a765bcfa5fd35887ba1623fb54fe74fdb25757315be8f960c

Download Submit
C:\Windows\system\lsVKOce.exe

Filesize
6.0MB

MD5
6460bb881e90def876ff12128a7f7047

SHA1
70eb098879175c6df7e986e7aec61d28ee1980d6

SHA256
9405dc1ebeff8926f15cd7290e7b0588c98a9d673df3f5db4ae538623fb75b67

SHA512
c2bda52d4e2e2000348db790082d65e128c7e743b7a55ce685ca78d26d02b8687e8b20d83ef61f2c57c9a7ce28c5a45ed3e0687d4eb1fe692d3b934c0b661d2b

Download Submit
C:\Windows\system\oGrsaee.exe

Filesize
6.0MB

MD5
86ec4e86972492586dbd492ba2fded47

SHA1
a0fc581a006152d1d378fbd36913cfef9af9603b

SHA256
8c71fba0300d542051d3547a25d12dc4c57009ef93ec595cedb2b02f2514cb0a

SHA512
db6568395032fd5e6d653d5e9984db0e1d4f16a64ff7f70cc9929f642a2266b7de4c1cab5f678c4499a16e4f0cef4b72627aa206d455960d5918e23271a32a9d

Download Submit
C:\Windows\system\pZPFytq.exe

Filesize
6.0MB

MD5
90da66c1ceea66707dc35c93517f8ac0

SHA1
cb5a554209e444b09ab99f4162c4ff8e1b48c9d1

SHA256
7dc76d52f7b062ea2c8a84b74fb61fe0e6c98917ea52041c974b61c836fa1eda

SHA512
7dc6901d4f550a006ec1dca35587b3b85abf4470ec9d1742c289bb2dc4fdaa63662023317b0481927dbeac1d57ba31d7f794faa74d6366a9f34a0684c47e6938

Download Submit
C:\Windows\system\pZuFjqD.exe

Filesize
6.0MB

MD5
731888a0859ffc80c196e77f730cf2df

SHA1
79299cbce61a633df187d13bf65c282250bfb934

SHA256
b1423c437c6aa385e98b0e3fa89f35cd134076d1d56e515192e87d28292186d1

SHA512
16d0b8bf68a5059f556bd3c35aacb9f494e3779089a12f0dec531c75b68823221339b3d97b3a9f54fd829494c292de8d324276362d3eb392e98be90f78b191e9

Download Submit
C:\Windows\system\skOIsdC.exe

Filesize
6.0MB

MD5
f70b88e9ec1b943d51053b7d76eaf693

SHA1
e4ebb99b4b7a5a1ccef30c3c7ad549689c913e99

SHA256
c2ab73aeeb8da2df6952a80bc01e478bd581f1b5f521cba131cfb8e354b1deb3

SHA512
51138e6536b029a5b35faaa04b857bec4c050c0fc9140c86f83e1fd1f54af189f9037fd66c07e07f1c52451c06638d33eff0e09fa8e58aef6e3dfbd998321aca

Download Submit
C:\Windows\system\vWpmpDM.exe

Filesize
6.0MB

MD5
036ee1ab0e17e39291263328029c2207

SHA1
4f56a140b52b2ff84cd59bffa56fc654bf56c8a9

SHA256
b8896cb8c53525734df0aa9fc544bd6bd5990aa90f11cd3d8aabf103fd839152

SHA512
78b9685bd4af47d6b6186836203538b3228580019872f653f77de456c474de05127bbbde7d92562f24f74c605576ac774d1db81267e1a76c434522dd822c5ded

Download Submit
C:\Windows\system\ynCowDc.exe

Filesize
6.0MB

MD5
6b061f0127870223b4f110f841b7bdcc

SHA1
e73681d1c44b98374faecac73f1a8de9b177b31a

SHA256
a66f8ae566d80752bf2c07d9a2979172327ab8225230ba21b4644a9d27f65189

SHA512
5634d068bcce07dfa260e6734116b30a5371ca7f3973f5c27d62d21ba1045365309750287c072f1e4f14eb33f3f5304e07b5c621297d3665b22f7a0633bbb1c9

Download Submit
\Windows\system\QPXhZqz.exe

Filesize
6.0MB

MD5
6fd1a7a35b79159741e07a8259efaf01

SHA1
a9c957a068eb4b07c7c8453685f6e816039b0f67

SHA256
3f27fbd2e4589b6ee35d32fbe5cf17490cd9024075401f3ce922203ccccbe527

SHA512
bb8ad75eed20104c6ea486250568ef5211d46f35d3cb93ec5292e164cfa639d3f9b1ca55023662ab52f6769ffc71b244ca08753487544da0db79d1ea0bf646be

Download Submit
\Windows\system\eaLPvPx.exe

Filesize
6.0MB

MD5
83d90ce70d7b52dbb95e556015169c43

SHA1
45bdb542d986cfb88d8c08f02202940ef7c78083

SHA256
eb8c6bdb085ca9971ac8d1aac92aee923a05e0c2712e61a91e2e353173bb4782

SHA512
894b4222ef8841e2425c0c276e03a41c16c9921af253dd79f00968c9ac9dfe42e0d4f2af449a2fc6bcc67ec523976fc48cab8698f7486f0085eeb98075c44dd3

Download Submit
\Windows\system\htozBRF.exe

Filesize
6.0MB

MD5
4f00a756e75a19e91b59acc3f3fab6a9

SHA1
c4d64ef105a100244893bb8bf13ae497de281a27

SHA256
0db4fd1841a5dc93daa1053ccd2bb03f21267b9fedf3b73f90411c6aefd48b00

SHA512
656af1783e77df5800f7fabfb60c559dad97c4fb2a46fd93eec27d17a119344b0b07f72a2425938e397156b4115fffe53d134182e554079cf2645d216d658f48

Download Submit
\Windows\system\mHxnnJx.exe

Filesize
6.0MB

MD5
2dab158d6a5610ea977d76241f7a007a

SHA1
a1cdc42478796deea6826e3f58e7708cf4c23ca2

SHA256
720dcf2e0296f16ae896bd6a58d86d43e943b64464ef92770e3986656afca90f

SHA512
7d887c79272d495dbc0f4fff229e9782346362b9948bc79953230628e30cd91f06b2dd8237c637adb0ff572211ee41e8311819cae75e30e3719a6a93526cdb46

Download Submit
\Windows\system\sXTHkQc.exe

Filesize
6.0MB

MD5
c4dca9f665ab32dc83490ee8a8ba8e43

SHA1
93194008f45e9a9fe76e9af3ebd9813a21794037

SHA256
d0bda395bae8240c44c5ef75a314610957699d1de161a8c3c69eb41b60c183c4

SHA512
e123a2fba3d37f32f9d6fd66b3aa1384a7776be3ee9fcb743c5bac7774f7ba024ce767989abdb9b80487ae1d5a919b33ee55410ba85416d171a33196575df052

Download Submit
\Windows\system\twozqkI.exe

Filesize
6.0MB

MD5
687ddfb4e1e52b4bdd4ef343223cb067

SHA1
f12451c76bc01fc5c6ccd617d1384d41e9966d02

SHA256
c9b490a98da9e358b9206465cba9d64b5f636514fe78b395e1b41e67433b6963

SHA512
67eb1e08bbad6c09be16676570ef4f90aaf30f4435a7a7b78053f8bbea8b542a9383a390c4f4095e85aad6d8225e1082671624ebafa0d79fe43a4581641cab7c

Download Submit
memory/308-693-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/308-79-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/308-3756-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/980-85-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/980-869-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/980-3777-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/1128-999-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1128-3776-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1128-100-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1248-103-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/1248-3778-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/1248-1216-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/1572-3726-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/1572-57-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/1968-62-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/1968-33-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/1968-0-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-102-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-101-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/1968-1215-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-488-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-97-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-22-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-692-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/1968-48-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-78-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/1968-70-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-56-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-39-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-19-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-24-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-244-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/1968-998-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2052-21-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2052-3654-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2188-28-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2188-68-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2188-4334-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-3631-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2312-20-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2520-3638-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2520-17-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2520-55-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2644-490-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2644-71-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2644-3757-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2668-245-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2668-3755-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2668-63-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3714-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-41-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-80-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3728-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2764-69-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2764-37-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2900-3727-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-49-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download