cobaltstrike | 8a9376641e0d36ea3e3ab20944be2a6a6cc19ead79f7d41e0e88438a4b5f88da

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02/02/2025, 16:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

575f11de9b96fd4d16c816a2caea58be
SHA1

389502b84737e5515b2555fef24979a7bb180fc1
SHA256

8a9376641e0d36ea3e3ab20944be2a6a6cc19ead79f7d41e0e88438a4b5f88da
SHA512

0e3645ef6bcfea34631d5bc18bd723c6b710089b2b80938951411e394dc373d658de4294cff6dd16c356fe8fdd3cb9632a0f6043c05b929bcabe87fd88935ab7
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUP:T+q56utgpPF8u/7P

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001707f-7.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174b4-16.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000175f1-26.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174f8-23.dat	cobalt_reflective_dll
behavioral1/files/0x000e000000018683-43.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000175f7-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018697-50.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019358-106.dat	cobalt_reflective_dll
behavioral1/files/0x0034000000016df8-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019508-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952e-190.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019520-181.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952b-184.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019518-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019510-170.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019502-160.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d5-149.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ad-148.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e1-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019428-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019426-130.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c3-142.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f9-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193dc-116.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d0-111.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939f-109.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018706-60.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a1-56.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-87.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-81.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019354-80.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2228-0-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/files/0x000800000001707f-7.dat	xmrig
behavioral1/memory/2552-15-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/3012-12-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/files/0x00080000000174b4-16.dat	xmrig
behavioral1/memory/2696-22-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/files/0x00070000000175f1-26.dat	xmrig
behavioral1/files/0x00080000000174f8-23.dat	xmrig
behavioral1/memory/2228-40-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2228-44-0x0000000002350000-0x00000000026A4000-memory.dmp	xmrig
behavioral1/files/0x000e000000018683-43.dat	xmrig
behavioral1/memory/2056-42-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/files/0x00070000000175f7-39.dat	xmrig
behavioral1/memory/2544-38-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2528-35-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/files/0x0007000000018697-50.dat	xmrig
behavioral1/files/0x0005000000019358-106.dat	xmrig
behavioral1/files/0x0034000000016df8-120.dat	xmrig
behavioral1/files/0x0005000000019508-163.dat	xmrig
behavioral1/files/0x000500000001952e-190.dat	xmrig
behavioral1/memory/2228-1222-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/1364-1104-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2424-1017-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2476-552-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2228-551-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2524-550-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2228-475-0x0000000002350000-0x00000000026A4000-memory.dmp	xmrig
behavioral1/memory/2056-348-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2544-234-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/files/0x0005000000019520-181.dat	xmrig
behavioral1/files/0x000500000001952b-184.dat	xmrig
behavioral1/files/0x0005000000019518-174.dat	xmrig
behavioral1/files/0x0005000000019510-170.dat	xmrig
behavioral1/files/0x0005000000019502-160.dat	xmrig
behavioral1/files/0x00050000000194d5-149.dat	xmrig
behavioral1/files/0x00050000000194ad-148.dat	xmrig
behavioral1/files/0x00050000000194e1-155.dat	xmrig
behavioral1/files/0x0005000000019428-138.dat	xmrig
behavioral1/files/0x0005000000019426-130.dat	xmrig
behavioral1/files/0x00050000000194c3-142.dat	xmrig
behavioral1/files/0x00050000000193f9-125.dat	xmrig
behavioral1/files/0x00050000000193dc-116.dat	xmrig
behavioral1/files/0x00050000000193d0-111.dat	xmrig
behavioral1/files/0x000500000001939f-109.dat	xmrig
behavioral1/memory/2228-102-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2528-101-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/files/0x0007000000018706-60.dat	xmrig
behavioral1/files/0x00050000000192a1-56.dat	xmrig
behavioral1/memory/1364-99-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2424-97-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/1792-95-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2228-92-0x0000000002350000-0x00000000026A4000-memory.dmp	xmrig
behavioral1/memory/776-91-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2052-90-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/files/0x00050000000193cc-87.dat	xmrig
behavioral1/files/0x000500000001938e-81.dat	xmrig
behavioral1/files/0x0005000000019354-80.dat	xmrig
behavioral1/memory/2476-64-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2524-49-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/3012-3863-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/2696-3862-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2052-3868-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/1364-3869-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3012	NsMNGuh.exe
2552	zFZXJNV.exe
2696	TjQoPHX.exe
2528	LvkCDDs.exe
2544	VXIgUJD.exe
2056	vtVSRJC.exe
2524	uFoHARr.exe
2476	uEFfKxZ.exe
2052	vPZLgrt.exe
776	EuIHZkj.exe
1792	jIiyQyt.exe
2424	zabpNFk.exe
1364	HrsaNyx.exe
2204	cZCwjiC.exe
2156	aKKfQyc.exe
2332	bLhyJde.exe
2024	ZFDAdXl.exe
2148	FhZbcky.exe
1820	rVKOLca.exe
2360	Nswevzg.exe
2880	AJrMCNC.exe
2836	VnznVFA.exe
808	ERRPqeS.exe
3032	xyoWtKs.exe
2268	HQyhVKR.exe
2012	oznDvrj.exe
2472	BYtXfUq.exe
1052	NrUpMax.exe
956	vapGfwj.exe
2368	AsqUsth.exe
920	SYYvkSm.exe
1344	OjvugpZ.exe
1348	ypWQHPt.exe
1104	uoJKrNp.exe
264	SazSbPS.exe
688	hBWSxPN.exe
616	jwSFYpG.exe
2508	BMtCHCV.exe
2952	OThekQZ.exe
1980	hmRXcBk.exe
2856	bXItRzg.exe
1748	XnmGemG.exe
1988	nfIdagi.exe
1920	PIHmrjC.exe
1004	XyBfVUH.exe
896	yGSZrLX.exe
1736	AFiPGJx.exe
2948	uNfJryy.exe
1688	orfGraC.exe
2004	EWGQHaV.exe
1556	UMPEaUB.exe
1780	ACIrIIT.exe
1692	xWEuGgx.exe
2652	lerTINp.exe
2636	phVQPtc.exe
2600	wpiPtVs.exe
2912	uOCbeLj.exe
576	YuhmVjr.exe
1044	MHrPVgF.exe
2316	SWgwYcy.exe
2900	iLxjPCy.exe
1812	hUgWvRe.exe
2164	gpZKbNJ.exe
1760	tpFQHPM.exe

Loads dropped DLL 64 IoCs

pid	Process
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2228-0-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x0007000000012117-3.dat	upx
behavioral1/files/0x000800000001707f-7.dat	upx
behavioral1/memory/2552-15-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/3012-12-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/files/0x00080000000174b4-16.dat	upx
behavioral1/memory/2696-22-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/files/0x00070000000175f1-26.dat	upx
behavioral1/files/0x00080000000174f8-23.dat	upx
behavioral1/memory/2228-40-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x000e000000018683-43.dat	upx
behavioral1/memory/2056-42-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/files/0x00070000000175f7-39.dat	upx
behavioral1/memory/2544-38-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2528-35-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/files/0x0007000000018697-50.dat	upx
behavioral1/files/0x0005000000019358-106.dat	upx
behavioral1/files/0x0034000000016df8-120.dat	upx
behavioral1/files/0x0005000000019508-163.dat	upx
behavioral1/files/0x000500000001952e-190.dat	upx
behavioral1/memory/1364-1104-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2424-1017-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2476-552-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2524-550-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2056-348-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2544-234-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/files/0x0005000000019520-181.dat	upx
behavioral1/files/0x000500000001952b-184.dat	upx
behavioral1/files/0x0005000000019518-174.dat	upx
behavioral1/files/0x0005000000019510-170.dat	upx
behavioral1/files/0x0005000000019502-160.dat	upx
behavioral1/files/0x00050000000194d5-149.dat	upx
behavioral1/files/0x00050000000194ad-148.dat	upx
behavioral1/files/0x00050000000194e1-155.dat	upx
behavioral1/files/0x0005000000019428-138.dat	upx
behavioral1/files/0x0005000000019426-130.dat	upx
behavioral1/files/0x00050000000194c3-142.dat	upx
behavioral1/files/0x00050000000193f9-125.dat	upx
behavioral1/files/0x00050000000193dc-116.dat	upx
behavioral1/files/0x00050000000193d0-111.dat	upx
behavioral1/files/0x000500000001939f-109.dat	upx
behavioral1/memory/2528-101-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/files/0x0007000000018706-60.dat	upx
behavioral1/files/0x00050000000192a1-56.dat	upx
behavioral1/memory/1364-99-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2424-97-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/1792-95-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/776-91-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2052-90-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/files/0x00050000000193cc-87.dat	upx
behavioral1/files/0x000500000001938e-81.dat	upx
behavioral1/files/0x0005000000019354-80.dat	upx
behavioral1/memory/2476-64-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2524-49-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/3012-3863-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/2696-3862-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2052-3868-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/1364-3869-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/776-3867-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/1792-3866-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2476-3865-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2524-3864-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2424-3885-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2544-3988-0x000000013F630000-0x000000013F984000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\eNsqowm.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vXRdYZS.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vOKwXgi.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\orfGraC.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iorGusq.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hrOkRIR.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\othMiLy.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RuDBgeb.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eMNYGgO.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VOkcNEZ.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PBkAXcZ.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oHLIzJw.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wpiPtVs.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eTPGzpx.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BuzZSnS.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zETbIoO.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yyKoOUW.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mhsEazB.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fwraurF.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SJsRwHt.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DXsRoPO.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sDmGIrA.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LqDAIoI.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CnuhsjX.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ACNnWPV.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CfnwSkj.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\acLrjgj.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\biCZEYB.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EFtDEtb.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AOvOFGN.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gYBDleQ.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JIyDfrk.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HcUXJES.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Ebrqrms.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mERpNBQ.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TvcakjK.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ydIeKdJ.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QyMEdpH.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mTufrjM.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xmqJSWk.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jyPmijm.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BEIaWFC.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\POwMDya.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HQZBVBx.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LcWoOCU.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ClGpmnR.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oznDvrj.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fqiTWRm.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qQwXzoM.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MsfvSex.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QamEaBZ.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nEXPBJd.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wSVdiPx.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\loijJlb.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dAwlWTF.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\weVBZVZ.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vvMIPZB.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zFZXJNV.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\umGeRuP.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WmlZYpV.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SmytYmf.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZjvXFTa.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qgyXnsE.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vgmRNzy.exe	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 3012	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2228 wrote to memory of 3012	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2228 wrote to memory of 3012	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2228 wrote to memory of 2552	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2228 wrote to memory of 2552	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2228 wrote to memory of 2552	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2228 wrote to memory of 2696	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2228 wrote to memory of 2696	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2228 wrote to memory of 2696	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2228 wrote to memory of 2544	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2228 wrote to memory of 2544	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2228 wrote to memory of 2544	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2228 wrote to memory of 2528	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2228 wrote to memory of 2528	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2228 wrote to memory of 2528	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2228 wrote to memory of 2056	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2228 wrote to memory of 2056	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2228 wrote to memory of 2056	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2228 wrote to memory of 2524	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2228 wrote to memory of 2524	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2228 wrote to memory of 2524	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2228 wrote to memory of 2424	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2228 wrote to memory of 2424	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2228 wrote to memory of 2424	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2228 wrote to memory of 2476	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2228 wrote to memory of 2476	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2228 wrote to memory of 2476	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2228 wrote to memory of 1364	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2228 wrote to memory of 1364	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2228 wrote to memory of 1364	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2228 wrote to memory of 2052	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2228 wrote to memory of 2052	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2228 wrote to memory of 2052	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2228 wrote to memory of 2204	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2228 wrote to memory of 2204	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2228 wrote to memory of 2204	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2228 wrote to memory of 776	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2228 wrote to memory of 776	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2228 wrote to memory of 776	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2228 wrote to memory of 2156	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2228 wrote to memory of 2156	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2228 wrote to memory of 2156	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2228 wrote to memory of 1792	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2228 wrote to memory of 1792	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2228 wrote to memory of 1792	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2228 wrote to memory of 2332	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2228 wrote to memory of 2332	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2228 wrote to memory of 2332	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2228 wrote to memory of 2024	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2228 wrote to memory of 2024	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2228 wrote to memory of 2024	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2228 wrote to memory of 2148	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2228 wrote to memory of 2148	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2228 wrote to memory of 2148	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2228 wrote to memory of 1820	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2228 wrote to memory of 1820	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2228 wrote to memory of 1820	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2228 wrote to memory of 2360	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2228 wrote to memory of 2360	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2228 wrote to memory of 2360	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2228 wrote to memory of 2880	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2228 wrote to memory of 2880	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2228 wrote to memory of 2880	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2228 wrote to memory of 808	2228	2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-02_575f11de9b96fd4d16c816a2caea58be_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Windows\System\NsMNGuh.exe
  C:\Windows\System\NsMNGuh.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\zFZXJNV.exe
  C:\Windows\System\zFZXJNV.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\TjQoPHX.exe
  C:\Windows\System\TjQoPHX.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\VXIgUJD.exe
  C:\Windows\System\VXIgUJD.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\LvkCDDs.exe
  C:\Windows\System\LvkCDDs.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\vtVSRJC.exe
  C:\Windows\System\vtVSRJC.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\uFoHARr.exe
  C:\Windows\System\uFoHARr.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\zabpNFk.exe
  C:\Windows\System\zabpNFk.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\uEFfKxZ.exe
  C:\Windows\System\uEFfKxZ.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\HrsaNyx.exe
  C:\Windows\System\HrsaNyx.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\vPZLgrt.exe
  C:\Windows\System\vPZLgrt.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\cZCwjiC.exe
  C:\Windows\System\cZCwjiC.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\EuIHZkj.exe
  C:\Windows\System\EuIHZkj.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\aKKfQyc.exe
  C:\Windows\System\aKKfQyc.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\jIiyQyt.exe
  C:\Windows\System\jIiyQyt.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\bLhyJde.exe
  C:\Windows\System\bLhyJde.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\ZFDAdXl.exe
  C:\Windows\System\ZFDAdXl.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\FhZbcky.exe
  C:\Windows\System\FhZbcky.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\rVKOLca.exe
  C:\Windows\System\rVKOLca.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\Nswevzg.exe
  C:\Windows\System\Nswevzg.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\AJrMCNC.exe
  C:\Windows\System\AJrMCNC.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\ERRPqeS.exe
  C:\Windows\System\ERRPqeS.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\VnznVFA.exe
  C:\Windows\System\VnznVFA.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\xyoWtKs.exe
  C:\Windows\System\xyoWtKs.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\HQyhVKR.exe
  C:\Windows\System\HQyhVKR.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\oznDvrj.exe
  C:\Windows\System\oznDvrj.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\BYtXfUq.exe
  C:\Windows\System\BYtXfUq.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\NrUpMax.exe
  C:\Windows\System\NrUpMax.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\vapGfwj.exe
  C:\Windows\System\vapGfwj.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\AsqUsth.exe
  C:\Windows\System\AsqUsth.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\SYYvkSm.exe
  C:\Windows\System\SYYvkSm.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\OjvugpZ.exe
  C:\Windows\System\OjvugpZ.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\ypWQHPt.exe
  C:\Windows\System\ypWQHPt.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\uoJKrNp.exe
  C:\Windows\System\uoJKrNp.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\SazSbPS.exe
  C:\Windows\System\SazSbPS.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\hBWSxPN.exe
  C:\Windows\System\hBWSxPN.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\jwSFYpG.exe
  C:\Windows\System\jwSFYpG.exe
  2⤵
  - Executes dropped EXE
  PID:616
- C:\Windows\System\BMtCHCV.exe
  C:\Windows\System\BMtCHCV.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\OThekQZ.exe
  C:\Windows\System\OThekQZ.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\hmRXcBk.exe
  C:\Windows\System\hmRXcBk.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\bXItRzg.exe
  C:\Windows\System\bXItRzg.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\XnmGemG.exe
  C:\Windows\System\XnmGemG.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\nfIdagi.exe
  C:\Windows\System\nfIdagi.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\XyBfVUH.exe
  C:\Windows\System\XyBfVUH.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\PIHmrjC.exe
  C:\Windows\System\PIHmrjC.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\AFiPGJx.exe
  C:\Windows\System\AFiPGJx.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\yGSZrLX.exe
  C:\Windows\System\yGSZrLX.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\uNfJryy.exe
  C:\Windows\System\uNfJryy.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\orfGraC.exe
  C:\Windows\System\orfGraC.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\EWGQHaV.exe
  C:\Windows\System\EWGQHaV.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\UMPEaUB.exe
  C:\Windows\System\UMPEaUB.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\xWEuGgx.exe
  C:\Windows\System\xWEuGgx.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\ACIrIIT.exe
  C:\Windows\System\ACIrIIT.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\lerTINp.exe
  C:\Windows\System\lerTINp.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\phVQPtc.exe
  C:\Windows\System\phVQPtc.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\wpiPtVs.exe
  C:\Windows\System\wpiPtVs.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\uOCbeLj.exe
  C:\Windows\System\uOCbeLj.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\YuhmVjr.exe
  C:\Windows\System\YuhmVjr.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\MHrPVgF.exe
  C:\Windows\System\MHrPVgF.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\SWgwYcy.exe
  C:\Windows\System\SWgwYcy.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\iLxjPCy.exe
  C:\Windows\System\iLxjPCy.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\hUgWvRe.exe
  C:\Windows\System\hUgWvRe.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\gpZKbNJ.exe
  C:\Windows\System\gpZKbNJ.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\tpFQHPM.exe
  C:\Windows\System\tpFQHPM.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\ZrhAXCc.exe
  C:\Windows\System\ZrhAXCc.exe
  2⤵
  PID:816
- C:\Windows\System\flHvliF.exe
  C:\Windows\System\flHvliF.exe
  2⤵
  PID:1088
- C:\Windows\System\EIVOjFh.exe
  C:\Windows\System\EIVOjFh.exe
  2⤵
  PID:3036
- C:\Windows\System\RgcWJLi.exe
  C:\Windows\System\RgcWJLi.exe
  2⤵
  PID:1512
- C:\Windows\System\opAkMRL.exe
  C:\Windows\System\opAkMRL.exe
  2⤵
  PID:1832
- C:\Windows\System\TxQmChW.exe
  C:\Windows\System\TxQmChW.exe
  2⤵
  PID:1868
- C:\Windows\System\JpxISHF.exe
  C:\Windows\System\JpxISHF.exe
  2⤵
  PID:1752
- C:\Windows\System\brwFcVn.exe
  C:\Windows\System\brwFcVn.exe
  2⤵
  PID:908
- C:\Windows\System\gdUjucS.exe
  C:\Windows\System\gdUjucS.exe
  2⤵
  PID:2724
- C:\Windows\System\vyfdGSl.exe
  C:\Windows\System\vyfdGSl.exe
  2⤵
  PID:888
- C:\Windows\System\vkDDEeu.exe
  C:\Windows\System\vkDDEeu.exe
  2⤵
  PID:1300
- C:\Windows\System\BKvxvHm.exe
  C:\Windows\System\BKvxvHm.exe
  2⤵
  PID:2124
- C:\Windows\System\PcMSatN.exe
  C:\Windows\System\PcMSatN.exe
  2⤵
  PID:1528
- C:\Windows\System\ijjLDPU.exe
  C:\Windows\System\ijjLDPU.exe
  2⤵
  PID:568
- C:\Windows\System\iorGusq.exe
  C:\Windows\System\iorGusq.exe
  2⤵
  PID:2816
- C:\Windows\System\ciEyqzb.exe
  C:\Windows\System\ciEyqzb.exe
  2⤵
  PID:2828
- C:\Windows\System\dOFgYSY.exe
  C:\Windows\System\dOFgYSY.exe
  2⤵
  PID:3048
- C:\Windows\System\wwiZVoD.exe
  C:\Windows\System\wwiZVoD.exe
  2⤵
  PID:1700
- C:\Windows\System\SXZpzgf.exe
  C:\Windows\System\SXZpzgf.exe
  2⤵
  PID:1580
- C:\Windows\System\HeyIJBF.exe
  C:\Windows\System\HeyIJBF.exe
  2⤵
  PID:2560
- C:\Windows\System\jKtQYRB.exe
  C:\Windows\System\jKtQYRB.exe
  2⤵
  PID:2820
- C:\Windows\System\kTpViVh.exe
  C:\Windows\System\kTpViVh.exe
  2⤵
  PID:2144
- C:\Windows\System\qWdbXPa.exe
  C:\Windows\System\qWdbXPa.exe
  2⤵
  PID:2580
- C:\Windows\System\gSXNemp.exe
  C:\Windows\System\gSXNemp.exe
  2⤵
  PID:1628
- C:\Windows\System\rIsshBq.exe
  C:\Windows\System\rIsshBq.exe
  2⤵
  PID:2300
- C:\Windows\System\UNvCmDC.exe
  C:\Windows\System\UNvCmDC.exe
  2⤵
  PID:308
- C:\Windows\System\xhwiNPK.exe
  C:\Windows\System\xhwiNPK.exe
  2⤵
  PID:2344
- C:\Windows\System\gDcssbq.exe
  C:\Windows\System\gDcssbq.exe
  2⤵
  PID:2716
- C:\Windows\System\tPdDpNz.exe
  C:\Windows\System\tPdDpNz.exe
  2⤵
  PID:1480
- C:\Windows\System\WAoDbad.exe
  C:\Windows\System\WAoDbad.exe
  2⤵
  PID:1596
- C:\Windows\System\qfVRxXL.exe
  C:\Windows\System\qfVRxXL.exe
  2⤵
  PID:2612
- C:\Windows\System\dsZeOaK.exe
  C:\Windows\System\dsZeOaK.exe
  2⤵
  PID:1724
- C:\Windows\System\xejgsPh.exe
  C:\Windows\System\xejgsPh.exe
  2⤵
  PID:2100
- C:\Windows\System\LBwQYfG.exe
  C:\Windows\System\LBwQYfG.exe
  2⤵
  PID:2860
- C:\Windows\System\gPZYYih.exe
  C:\Windows\System\gPZYYih.exe
  2⤵
  PID:3084
- C:\Windows\System\gxeaLIB.exe
  C:\Windows\System\gxeaLIB.exe
  2⤵
  PID:3104
- C:\Windows\System\yMUvwio.exe
  C:\Windows\System\yMUvwio.exe
  2⤵
  PID:3128
- C:\Windows\System\fvozbeZ.exe
  C:\Windows\System\fvozbeZ.exe
  2⤵
  PID:3148
- C:\Windows\System\XkTisQV.exe
  C:\Windows\System\XkTisQV.exe
  2⤵
  PID:3164
- C:\Windows\System\VnCGseE.exe
  C:\Windows\System\VnCGseE.exe
  2⤵
  PID:3192
- C:\Windows\System\SpdEjTk.exe
  C:\Windows\System\SpdEjTk.exe
  2⤵
  PID:3208
- C:\Windows\System\JXECGNi.exe
  C:\Windows\System\JXECGNi.exe
  2⤵
  PID:3228
- C:\Windows\System\lRsdVxf.exe
  C:\Windows\System\lRsdVxf.exe
  2⤵
  PID:3248
- C:\Windows\System\STAzHfG.exe
  C:\Windows\System\STAzHfG.exe
  2⤵
  PID:3272
- C:\Windows\System\CFQzlVx.exe
  C:\Windows\System\CFQzlVx.exe
  2⤵
  PID:3292
- C:\Windows\System\FnIevcz.exe
  C:\Windows\System\FnIevcz.exe
  2⤵
  PID:3312
- C:\Windows\System\kBKHqZd.exe
  C:\Windows\System\kBKHqZd.exe
  2⤵
  PID:3328
- C:\Windows\System\hyNZDHy.exe
  C:\Windows\System\hyNZDHy.exe
  2⤵
  PID:3344
- C:\Windows\System\MTlcytu.exe
  C:\Windows\System\MTlcytu.exe
  2⤵
  PID:3360
- C:\Windows\System\QmvMKLE.exe
  C:\Windows\System\QmvMKLE.exe
  2⤵
  PID:3376
- C:\Windows\System\beWtDpY.exe
  C:\Windows\System\beWtDpY.exe
  2⤵
  PID:3392
- C:\Windows\System\viGtZOm.exe
  C:\Windows\System\viGtZOm.exe
  2⤵
  PID:3408
- C:\Windows\System\NFtPFzW.exe
  C:\Windows\System\NFtPFzW.exe
  2⤵
  PID:3424
- C:\Windows\System\kompIgp.exe
  C:\Windows\System\kompIgp.exe
  2⤵
  PID:3440
- C:\Windows\System\HpVnSlA.exe
  C:\Windows\System\HpVnSlA.exe
  2⤵
  PID:3468
- C:\Windows\System\bZTzrhG.exe
  C:\Windows\System\bZTzrhG.exe
  2⤵
  PID:3496
- C:\Windows\System\eiQtsPL.exe
  C:\Windows\System\eiQtsPL.exe
  2⤵
  PID:3536
- C:\Windows\System\NOXdviR.exe
  C:\Windows\System\NOXdviR.exe
  2⤵
  PID:3564
- C:\Windows\System\eyEbHBV.exe
  C:\Windows\System\eyEbHBV.exe
  2⤵
  PID:3580
- C:\Windows\System\iHkfLax.exe
  C:\Windows\System\iHkfLax.exe
  2⤵
  PID:3596
- C:\Windows\System\UPJiuXD.exe
  C:\Windows\System\UPJiuXD.exe
  2⤵
  PID:3612
- C:\Windows\System\kJIAccR.exe
  C:\Windows\System\kJIAccR.exe
  2⤵
  PID:3628
- C:\Windows\System\XammdTW.exe
  C:\Windows\System\XammdTW.exe
  2⤵
  PID:3644
- C:\Windows\System\ubZhcCR.exe
  C:\Windows\System\ubZhcCR.exe
  2⤵
  PID:3660
- C:\Windows\System\kDVpIeJ.exe
  C:\Windows\System\kDVpIeJ.exe
  2⤵
  PID:3684
- C:\Windows\System\EeiXUln.exe
  C:\Windows\System\EeiXUln.exe
  2⤵
  PID:3700
- C:\Windows\System\CNnmqJu.exe
  C:\Windows\System\CNnmqJu.exe
  2⤵
  PID:3728
- C:\Windows\System\znTmGkz.exe
  C:\Windows\System\znTmGkz.exe
  2⤵
  PID:3752
- C:\Windows\System\KYxfEgZ.exe
  C:\Windows\System\KYxfEgZ.exe
  2⤵
  PID:3768
- C:\Windows\System\USPUCAL.exe
  C:\Windows\System\USPUCAL.exe
  2⤵
  PID:3784
- C:\Windows\System\vvFMzVD.exe
  C:\Windows\System\vvFMzVD.exe
  2⤵
  PID:3800
- C:\Windows\System\bTdmirp.exe
  C:\Windows\System\bTdmirp.exe
  2⤵
  PID:3820
- C:\Windows\System\gvrWuyY.exe
  C:\Windows\System\gvrWuyY.exe
  2⤵
  PID:3840
- C:\Windows\System\aIYmAXR.exe
  C:\Windows\System\aIYmAXR.exe
  2⤵
  PID:3888
- C:\Windows\System\gEXMCqH.exe
  C:\Windows\System\gEXMCqH.exe
  2⤵
  PID:3908
- C:\Windows\System\BcwVPvQ.exe
  C:\Windows\System\BcwVPvQ.exe
  2⤵
  PID:3928
- C:\Windows\System\yZtJorW.exe
  C:\Windows\System\yZtJorW.exe
  2⤵
  PID:3948
- C:\Windows\System\lCGeWwZ.exe
  C:\Windows\System\lCGeWwZ.exe
  2⤵
  PID:3968
- C:\Windows\System\QhLSFuM.exe
  C:\Windows\System\QhLSFuM.exe
  2⤵
  PID:3988
- C:\Windows\System\lANqOHf.exe
  C:\Windows\System\lANqOHf.exe
  2⤵
  PID:4008
- C:\Windows\System\ksOfMBk.exe
  C:\Windows\System\ksOfMBk.exe
  2⤵
  PID:4024
- C:\Windows\System\kfZDxfI.exe
  C:\Windows\System\kfZDxfI.exe
  2⤵
  PID:4048
- C:\Windows\System\lRcMVKo.exe
  C:\Windows\System\lRcMVKo.exe
  2⤵
  PID:4064
- C:\Windows\System\YREUALr.exe
  C:\Windows\System\YREUALr.exe
  2⤵
  PID:4080
- C:\Windows\System\WmoQEzI.exe
  C:\Windows\System\WmoQEzI.exe
  2⤵
  PID:2092
- C:\Windows\System\eLptWbd.exe
  C:\Windows\System\eLptWbd.exe
  2⤵
  PID:1576
- C:\Windows\System\ZTSZANl.exe
  C:\Windows\System\ZTSZANl.exe
  2⤵
  PID:288
- C:\Windows\System\kCwUJHZ.exe
  C:\Windows\System\kCwUJHZ.exe
  2⤵
  PID:2152
- C:\Windows\System\JRUSFXd.exe
  C:\Windows\System\JRUSFXd.exe
  2⤵
  PID:2896
- C:\Windows\System\MQQtjJk.exe
  C:\Windows\System\MQQtjJk.exe
  2⤵
  PID:2260
- C:\Windows\System\ydnSWjm.exe
  C:\Windows\System\ydnSWjm.exe
  2⤵
  PID:2400
- C:\Windows\System\lBSngwQ.exe
  C:\Windows\System\lBSngwQ.exe
  2⤵
  PID:2808
- C:\Windows\System\rPRwSSO.exe
  C:\Windows\System\rPRwSSO.exe
  2⤵
  PID:2668
- C:\Windows\System\deihuTG.exe
  C:\Windows\System\deihuTG.exe
  2⤵
  PID:1756
- C:\Windows\System\gbmybkQ.exe
  C:\Windows\System\gbmybkQ.exe
  2⤵
  PID:2804
- C:\Windows\System\BkIEGkj.exe
  C:\Windows\System\BkIEGkj.exe
  2⤵
  PID:3096
- C:\Windows\System\mtbDBfj.exe
  C:\Windows\System\mtbDBfj.exe
  2⤵
  PID:1696
- C:\Windows\System\ndLLDqy.exe
  C:\Windows\System\ndLLDqy.exe
  2⤵
  PID:3184
- C:\Windows\System\qAAhXTv.exe
  C:\Windows\System\qAAhXTv.exe
  2⤵
  PID:3256
- C:\Windows\System\trUkIRz.exe
  C:\Windows\System\trUkIRz.exe
  2⤵
  PID:3300
- C:\Windows\System\CFwfzsO.exe
  C:\Windows\System\CFwfzsO.exe
  2⤵
  PID:3372
- C:\Windows\System\YXSXkNy.exe
  C:\Windows\System\YXSXkNy.exe
  2⤵
  PID:3476
- C:\Windows\System\uuoRPUq.exe
  C:\Windows\System\uuoRPUq.exe
  2⤵
  PID:3480
- C:\Windows\System\qrFpqRs.exe
  C:\Windows\System\qrFpqRs.exe
  2⤵
  PID:3120
- C:\Windows\System\nztSNPM.exe
  C:\Windows\System\nztSNPM.exe
  2⤵
  PID:3244
- C:\Windows\System\zPDzQNh.exe
  C:\Windows\System\zPDzQNh.exe
  2⤵
  PID:3288
- C:\Windows\System\ocuaCAH.exe
  C:\Windows\System\ocuaCAH.exe
  2⤵
  PID:3592
- C:\Windows\System\ryeSpBG.exe
  C:\Windows\System\ryeSpBG.exe
  2⤵
  PID:3692
- C:\Windows\System\ZmNkBQk.exe
  C:\Windows\System\ZmNkBQk.exe
  2⤵
  PID:3452
- C:\Windows\System\NDlgMyb.exe
  C:\Windows\System\NDlgMyb.exe
  2⤵
  PID:3324
- C:\Windows\System\FFdTIPn.exe
  C:\Windows\System\FFdTIPn.exe
  2⤵
  PID:3356
- C:\Windows\System\IqYtCGi.exe
  C:\Windows\System\IqYtCGi.exe
  2⤵
  PID:3520
- C:\Windows\System\eMNYGgO.exe
  C:\Windows\System\eMNYGgO.exe
  2⤵
  PID:3748
- C:\Windows\System\TsChzDi.exe
  C:\Windows\System\TsChzDi.exe
  2⤵
  PID:3812
- C:\Windows\System\SfeTdjS.exe
  C:\Windows\System\SfeTdjS.exe
  2⤵
  PID:3724
- C:\Windows\System\jQDqrsZ.exe
  C:\Windows\System\jQDqrsZ.exe
  2⤵
  PID:3796
- C:\Windows\System\jDfLMbY.exe
  C:\Windows\System\jDfLMbY.exe
  2⤵
  PID:3712
- C:\Windows\System\FjBLciJ.exe
  C:\Windows\System\FjBLciJ.exe
  2⤵
  PID:3604
- C:\Windows\System\jLMpKNV.exe
  C:\Windows\System\jLMpKNV.exe
  2⤵
  PID:3856
- C:\Windows\System\SgABjsM.exe
  C:\Windows\System\SgABjsM.exe
  2⤵
  PID:3884
- C:\Windows\System\JMeqyLk.exe
  C:\Windows\System\JMeqyLk.exe
  2⤵
  PID:3900
- C:\Windows\System\HSyZnmz.exe
  C:\Windows\System\HSyZnmz.exe
  2⤵
  PID:3940
- C:\Windows\System\BcuXTYs.exe
  C:\Windows\System\BcuXTYs.exe
  2⤵
  PID:3996
- C:\Windows\System\lhwcVJK.exe
  C:\Windows\System\lhwcVJK.exe
  2⤵
  PID:4044
- C:\Windows\System\mHdmsuM.exe
  C:\Windows\System\mHdmsuM.exe
  2⤵
  PID:4076
- C:\Windows\System\JkXRtnV.exe
  C:\Windows\System\JkXRtnV.exe
  2⤵
  PID:4056
- C:\Windows\System\ERCcDgI.exe
  C:\Windows\System\ERCcDgI.exe
  2⤵
  PID:1504
- C:\Windows\System\IZPDzjp.exe
  C:\Windows\System\IZPDzjp.exe
  2⤵
  PID:1672
- C:\Windows\System\MxVhhyr.exe
  C:\Windows\System\MxVhhyr.exe
  2⤵
  PID:1664
- C:\Windows\System\lBmcwat.exe
  C:\Windows\System\lBmcwat.exe
  2⤵
  PID:764
- C:\Windows\System\IZjSiXt.exe
  C:\Windows\System\IZjSiXt.exe
  2⤵
  PID:1068
- C:\Windows\System\XfRSAId.exe
  C:\Windows\System\XfRSAId.exe
  2⤵
  PID:3040
- C:\Windows\System\nSsDWVu.exe
  C:\Windows\System\nSsDWVu.exe
  2⤵
  PID:2780
- C:\Windows\System\XeERvcB.exe
  C:\Windows\System\XeERvcB.exe
  2⤵
  PID:3180
- C:\Windows\System\nWrKxrL.exe
  C:\Windows\System\nWrKxrL.exe
  2⤵
  PID:3220
- C:\Windows\System\cMMDlPm.exe
  C:\Windows\System\cMMDlPm.exe
  2⤵
  PID:3436
- C:\Windows\System\fmcUygf.exe
  C:\Windows\System\fmcUygf.exe
  2⤵
  PID:3432
- C:\Windows\System\eeFutun.exe
  C:\Windows\System\eeFutun.exe
  2⤵
  PID:3076
- C:\Windows\System\BIbVeHv.exe
  C:\Windows\System\BIbVeHv.exe
  2⤵
  PID:3240
- C:\Windows\System\zsIDEoe.exe
  C:\Windows\System\zsIDEoe.exe
  2⤵
  PID:3560
- C:\Windows\System\WRExlov.exe
  C:\Windows\System\WRExlov.exe
  2⤵
  PID:3448
- C:\Windows\System\RidcBos.exe
  C:\Windows\System\RidcBos.exe
  2⤵
  PID:3416
- C:\Windows\System\gpCkUAb.exe
  C:\Windows\System\gpCkUAb.exe
  2⤵
  PID:3780
- C:\Windows\System\qOSfrkT.exe
  C:\Windows\System\qOSfrkT.exe
  2⤵
  PID:3832
- C:\Windows\System\hcysIDd.exe
  C:\Windows\System\hcysIDd.exe
  2⤵
  PID:3716
- C:\Windows\System\jCcqXnI.exe
  C:\Windows\System\jCcqXnI.exe
  2⤵
  PID:3640
- C:\Windows\System\ouVAFhL.exe
  C:\Windows\System\ouVAFhL.exe
  2⤵
  PID:3868
- C:\Windows\System\XWFTPsC.exe
  C:\Windows\System\XWFTPsC.exe
  2⤵
  PID:3944
- C:\Windows\System\yWVFqvu.exe
  C:\Windows\System\yWVFqvu.exe
  2⤵
  PID:3964
- C:\Windows\System\dJnLdBq.exe
  C:\Windows\System\dJnLdBq.exe
  2⤵
  PID:3984
- C:\Windows\System\ievOiTN.exe
  C:\Windows\System\ievOiTN.exe
  2⤵
  PID:4092
- C:\Windows\System\jZSDCOI.exe
  C:\Windows\System\jZSDCOI.exe
  2⤵
  PID:2080
- C:\Windows\System\EgTmdsY.exe
  C:\Windows\System\EgTmdsY.exe
  2⤵
  PID:2292
- C:\Windows\System\MdthrhW.exe
  C:\Windows\System\MdthrhW.exe
  2⤵
  PID:444
- C:\Windows\System\bFkSZJs.exe
  C:\Windows\System\bFkSZJs.exe
  2⤵
  PID:3176
- C:\Windows\System\xscQZAP.exe
  C:\Windows\System\xscQZAP.exe
  2⤵
  PID:572
- C:\Windows\System\irSCkak.exe
  C:\Windows\System\irSCkak.exe
  2⤵
  PID:3156
- C:\Windows\System\HWKFhnB.exe
  C:\Windows\System\HWKFhnB.exe
  2⤵
  PID:3624
- C:\Windows\System\QMiuRdq.exe
  C:\Windows\System\QMiuRdq.exe
  2⤵
  PID:4116
- C:\Windows\System\UoTakQr.exe
  C:\Windows\System\UoTakQr.exe
  2⤵
  PID:4144
- C:\Windows\System\VluIqnp.exe
  C:\Windows\System\VluIqnp.exe
  2⤵
  PID:4164
- C:\Windows\System\oMkTlcB.exe
  C:\Windows\System\oMkTlcB.exe
  2⤵
  PID:4184
- C:\Windows\System\EAgQxJc.exe
  C:\Windows\System\EAgQxJc.exe
  2⤵
  PID:4204
- C:\Windows\System\JyKMapR.exe
  C:\Windows\System\JyKMapR.exe
  2⤵
  PID:4228
- C:\Windows\System\hYJLYcv.exe
  C:\Windows\System\hYJLYcv.exe
  2⤵
  PID:4244
- C:\Windows\System\uFPRNIJ.exe
  C:\Windows\System\uFPRNIJ.exe
  2⤵
  PID:4268
- C:\Windows\System\eixHnPd.exe
  C:\Windows\System\eixHnPd.exe
  2⤵
  PID:4288
- C:\Windows\System\SUocqtT.exe
  C:\Windows\System\SUocqtT.exe
  2⤵
  PID:4308
- C:\Windows\System\vgwLTPq.exe
  C:\Windows\System\vgwLTPq.exe
  2⤵
  PID:4324
- C:\Windows\System\pHvYYjz.exe
  C:\Windows\System\pHvYYjz.exe
  2⤵
  PID:4348
- C:\Windows\System\bVlIeAD.exe
  C:\Windows\System\bVlIeAD.exe
  2⤵
  PID:4368
- C:\Windows\System\yrAYAzw.exe
  C:\Windows\System\yrAYAzw.exe
  2⤵
  PID:4384
- C:\Windows\System\wzEnmhG.exe
  C:\Windows\System\wzEnmhG.exe
  2⤵
  PID:4404
- C:\Windows\System\mERpNBQ.exe
  C:\Windows\System\mERpNBQ.exe
  2⤵
  PID:4424
- C:\Windows\System\AHUejlf.exe
  C:\Windows\System\AHUejlf.exe
  2⤵
  PID:4444
- C:\Windows\System\HlwaWux.exe
  C:\Windows\System\HlwaWux.exe
  2⤵
  PID:4464
- C:\Windows\System\GzNTKOc.exe
  C:\Windows\System\GzNTKOc.exe
  2⤵
  PID:4484
- C:\Windows\System\jjmDGzn.exe
  C:\Windows\System\jjmDGzn.exe
  2⤵
  PID:4508
- C:\Windows\System\pokNGrP.exe
  C:\Windows\System\pokNGrP.exe
  2⤵
  PID:4524
- C:\Windows\System\lEMDyxM.exe
  C:\Windows\System\lEMDyxM.exe
  2⤵
  PID:4544
- C:\Windows\System\ApOEyGa.exe
  C:\Windows\System\ApOEyGa.exe
  2⤵
  PID:4564
- C:\Windows\System\IjjvbQH.exe
  C:\Windows\System\IjjvbQH.exe
  2⤵
  PID:4580
- C:\Windows\System\NLeFJMw.exe
  C:\Windows\System\NLeFJMw.exe
  2⤵
  PID:4596
- C:\Windows\System\SzPDdTA.exe
  C:\Windows\System\SzPDdTA.exe
  2⤵
  PID:4612
- C:\Windows\System\uwfxFuy.exe
  C:\Windows\System\uwfxFuy.exe
  2⤵
  PID:4640
- C:\Windows\System\ZqGSNkI.exe
  C:\Windows\System\ZqGSNkI.exe
  2⤵
  PID:4660
- C:\Windows\System\oeFUdtO.exe
  C:\Windows\System\oeFUdtO.exe
  2⤵
  PID:4688
- C:\Windows\System\JWjRcLf.exe
  C:\Windows\System\JWjRcLf.exe
  2⤵
  PID:4704
- C:\Windows\System\VSwKTqv.exe
  C:\Windows\System\VSwKTqv.exe
  2⤵
  PID:4720
- C:\Windows\System\MwNhGxW.exe
  C:\Windows\System\MwNhGxW.exe
  2⤵
  PID:4736
- C:\Windows\System\IBRtJAf.exe
  C:\Windows\System\IBRtJAf.exe
  2⤵
  PID:4752
- C:\Windows\System\ZfFhAWx.exe
  C:\Windows\System\ZfFhAWx.exe
  2⤵
  PID:4768
- C:\Windows\System\eMYAqJu.exe
  C:\Windows\System\eMYAqJu.exe
  2⤵
  PID:4792
- C:\Windows\System\xNoSmQG.exe
  C:\Windows\System\xNoSmQG.exe
  2⤵
  PID:4816
- C:\Windows\System\ztbLkak.exe
  C:\Windows\System\ztbLkak.exe
  2⤵
  PID:4840
- C:\Windows\System\eSyoSkw.exe
  C:\Windows\System\eSyoSkw.exe
  2⤵
  PID:4860
- C:\Windows\System\tUDTGIf.exe
  C:\Windows\System\tUDTGIf.exe
  2⤵
  PID:4884
- C:\Windows\System\VvhhkOn.exe
  C:\Windows\System\VvhhkOn.exe
  2⤵
  PID:4904
- C:\Windows\System\RnNHmEQ.exe
  C:\Windows\System\RnNHmEQ.exe
  2⤵
  PID:4924
- C:\Windows\System\wfwduYW.exe
  C:\Windows\System\wfwduYW.exe
  2⤵
  PID:4948
- C:\Windows\System\XElcjtU.exe
  C:\Windows\System\XElcjtU.exe
  2⤵
  PID:4964
- C:\Windows\System\CAYAMDN.exe
  C:\Windows\System\CAYAMDN.exe
  2⤵
  PID:4988
- C:\Windows\System\mkIPNWW.exe
  C:\Windows\System\mkIPNWW.exe
  2⤵
  PID:5012
- C:\Windows\System\fGaYMkW.exe
  C:\Windows\System\fGaYMkW.exe
  2⤵
  PID:5032
- C:\Windows\System\VKfRUFq.exe
  C:\Windows\System\VKfRUFq.exe
  2⤵
  PID:5052
- C:\Windows\System\QwXkcIH.exe
  C:\Windows\System\QwXkcIH.exe
  2⤵
  PID:5072
- C:\Windows\System\GSoQfyD.exe
  C:\Windows\System\GSoQfyD.exe
  2⤵
  PID:5088
- C:\Windows\System\XYpMTbN.exe
  C:\Windows\System\XYpMTbN.exe
  2⤵
  PID:5108
- C:\Windows\System\weaEwRb.exe
  C:\Windows\System\weaEwRb.exe
  2⤵
  PID:3656
- C:\Windows\System\jwterQu.exe
  C:\Windows\System\jwterQu.exe
  2⤵
  PID:3464
- C:\Windows\System\PDXxWlW.exe
  C:\Windows\System\PDXxWlW.exe
  2⤵
  PID:3652
- C:\Windows\System\UVVhFpr.exe
  C:\Windows\System\UVVhFpr.exe
  2⤵
  PID:3516
- C:\Windows\System\xKzOTUn.exe
  C:\Windows\System\xKzOTUn.exe
  2⤵
  PID:3720
- C:\Windows\System\otoUxLs.exe
  C:\Windows\System\otoUxLs.exe
  2⤵
  PID:3864
- C:\Windows\System\pafZQYC.exe
  C:\Windows\System\pafZQYC.exe
  2⤵
  PID:3608
- C:\Windows\System\DwpbNve.exe
  C:\Windows\System\DwpbNve.exe
  2⤵
  PID:3980
- C:\Windows\System\ilGZBeJ.exe
  C:\Windows\System\ilGZBeJ.exe
  2⤵
  PID:4072
- C:\Windows\System\UHUykiS.exe
  C:\Windows\System\UHUykiS.exe
  2⤵
  PID:2688
- C:\Windows\System\sRGnylS.exe
  C:\Windows\System\sRGnylS.exe
  2⤵
  PID:2672
- C:\Windows\System\GxQDBIX.exe
  C:\Windows\System\GxQDBIX.exe
  2⤵
  PID:2536
- C:\Windows\System\QqhdtTR.exe
  C:\Windows\System\QqhdtTR.exe
  2⤵
  PID:3404
- C:\Windows\System\nLacAnV.exe
  C:\Windows\System\nLacAnV.exe
  2⤵
  PID:4172
- C:\Windows\System\TgYwHZO.exe
  C:\Windows\System\TgYwHZO.exe
  2⤵
  PID:4216
- C:\Windows\System\HbkUktS.exe
  C:\Windows\System\HbkUktS.exe
  2⤵
  PID:4160
- C:\Windows\System\jgNIXSA.exe
  C:\Windows\System\jgNIXSA.exe
  2⤵
  PID:4200
- C:\Windows\System\NjSfwXA.exe
  C:\Windows\System\NjSfwXA.exe
  2⤵
  PID:4264
- C:\Windows\System\DEpLkph.exe
  C:\Windows\System\DEpLkph.exe
  2⤵
  PID:4332
- C:\Windows\System\mLfnExw.exe
  C:\Windows\System\mLfnExw.exe
  2⤵
  PID:4412
- C:\Windows\System\VMjrDia.exe
  C:\Windows\System\VMjrDia.exe
  2⤵
  PID:4276
- C:\Windows\System\fVDCeLY.exe
  C:\Windows\System\fVDCeLY.exe
  2⤵
  PID:4460
- C:\Windows\System\pkwTfao.exe
  C:\Windows\System\pkwTfao.exe
  2⤵
  PID:4356
- C:\Windows\System\vDQlhTY.exe
  C:\Windows\System\vDQlhTY.exe
  2⤵
  PID:4392
- C:\Windows\System\AOvOFGN.exe
  C:\Windows\System\AOvOFGN.exe
  2⤵
  PID:3572
- C:\Windows\System\jHMaSic.exe
  C:\Windows\System\jHMaSic.exe
  2⤵
  PID:4476
- C:\Windows\System\OzBivqh.exe
  C:\Windows\System\OzBivqh.exe
  2⤵
  PID:4536
- C:\Windows\System\nNkIyRG.exe
  C:\Windows\System\nNkIyRG.exe
  2⤵
  PID:4608
- C:\Windows\System\AnURuwH.exe
  C:\Windows\System\AnURuwH.exe
  2⤵
  PID:4520
- C:\Windows\System\GTpMaLV.exe
  C:\Windows\System\GTpMaLV.exe
  2⤵
  PID:4628
- C:\Windows\System\ZLlczKo.exe
  C:\Windows\System\ZLlczKo.exe
  2⤵
  PID:4588
- C:\Windows\System\OxZoVYb.exe
  C:\Windows\System\OxZoVYb.exe
  2⤵
  PID:4684
- C:\Windows\System\EEUsvAz.exe
  C:\Windows\System\EEUsvAz.exe
  2⤵
  PID:4848
- C:\Windows\System\LJnRraw.exe
  C:\Windows\System\LJnRraw.exe
  2⤵
  PID:4716
- C:\Windows\System\dBuEpUY.exe
  C:\Windows\System\dBuEpUY.exe
  2⤵
  PID:4784
- C:\Windows\System\BBLJBKx.exe
  C:\Windows\System\BBLJBKx.exe
  2⤵
  PID:4872
- C:\Windows\System\umGeRuP.exe
  C:\Windows\System\umGeRuP.exe
  2⤵
  PID:4916
- C:\Windows\System\xJkFnmW.exe
  C:\Windows\System\xJkFnmW.exe
  2⤵
  PID:4940
- C:\Windows\System\OgAIhHj.exe
  C:\Windows\System\OgAIhHj.exe
  2⤵
  PID:4976
- C:\Windows\System\WyaNpFU.exe
  C:\Windows\System\WyaNpFU.exe
  2⤵
  PID:4960
- C:\Windows\System\NacvnSV.exe
  C:\Windows\System\NacvnSV.exe
  2⤵
  PID:5040
- C:\Windows\System\PNwzSMg.exe
  C:\Windows\System\PNwzSMg.exe
  2⤵
  PID:5100
- C:\Windows\System\nLqxJoQ.exe
  C:\Windows\System\nLqxJoQ.exe
  2⤵
  PID:3284
- C:\Windows\System\cDKEWsa.exe
  C:\Windows\System\cDKEWsa.exe
  2⤵
  PID:4000
- C:\Windows\System\DtfnVQy.exe
  C:\Windows\System\DtfnVQy.exe
  2⤵
  PID:1740
- C:\Windows\System\NWyTUbw.exe
  C:\Windows\System\NWyTUbw.exe
  2⤵
  PID:3556
- C:\Windows\System\VjIszAz.exe
  C:\Windows\System\VjIszAz.exe
  2⤵
  PID:3736
- C:\Windows\System\OMNUzGk.exe
  C:\Windows\System\OMNUzGk.exe
  2⤵
  PID:3668
- C:\Windows\System\PpFZLwS.exe
  C:\Windows\System\PpFZLwS.exe
  2⤵
  PID:3200
- C:\Windows\System\mgaAjwe.exe
  C:\Windows\System\mgaAjwe.exe
  2⤵
  PID:4220
- C:\Windows\System\BQVcRPG.exe
  C:\Windows\System\BQVcRPG.exe
  2⤵
  PID:4260
- C:\Windows\System\ORbkEIg.exe
  C:\Windows\System\ORbkEIg.exe
  2⤵
  PID:3916
- C:\Windows\System\Spowsoi.exe
  C:\Windows\System\Spowsoi.exe
  2⤵
  PID:4500
- C:\Windows\System\gZRPdJc.exe
  C:\Windows\System\gZRPdJc.exe
  2⤵
  PID:1744
- C:\Windows\System\pVufslu.exe
  C:\Windows\System\pVufslu.exe
  2⤵
  PID:4104
- C:\Windows\System\VjNUaDJ.exe
  C:\Windows\System\VjNUaDJ.exe
  2⤵
  PID:4196
- C:\Windows\System\WOJqfCV.exe
  C:\Windows\System\WOJqfCV.exe
  2⤵
  PID:4672
- C:\Windows\System\WdIiFdV.exe
  C:\Windows\System\WdIiFdV.exe
  2⤵
  PID:4532
- C:\Windows\System\bvLylrg.exe
  C:\Windows\System\bvLylrg.exe
  2⤵
  PID:4592
- C:\Windows\System\tFgIdLD.exe
  C:\Windows\System\tFgIdLD.exe
  2⤵
  PID:4516
- C:\Windows\System\heHHBpd.exe
  C:\Windows\System\heHHBpd.exe
  2⤵
  PID:4764
- C:\Windows\System\wfUvLsr.exe
  C:\Windows\System\wfUvLsr.exe
  2⤵
  PID:4900
- C:\Windows\System\OANHibI.exe
  C:\Windows\System\OANHibI.exe
  2⤵
  PID:4828
- C:\Windows\System\FBZWAgi.exe
  C:\Windows\System\FBZWAgi.exe
  2⤵
  PID:4936
- C:\Windows\System\RFwPdTm.exe
  C:\Windows\System\RFwPdTm.exe
  2⤵
  PID:5096
- C:\Windows\System\fKyDRYw.exe
  C:\Windows\System\fKyDRYw.exe
  2⤵
  PID:4996
- C:\Windows\System\mTufrjM.exe
  C:\Windows\System\mTufrjM.exe
  2⤵
  PID:4920
- C:\Windows\System\LtMJEyw.exe
  C:\Windows\System\LtMJEyw.exe
  2⤵
  PID:3420
- C:\Windows\System\FVZQhvo.exe
  C:\Windows\System\FVZQhvo.exe
  2⤵
  PID:3920
- C:\Windows\System\wxVwhUo.exe
  C:\Windows\System\wxVwhUo.exe
  2⤵
  PID:5080
- C:\Windows\System\DslYyFg.exe
  C:\Windows\System\DslYyFg.exe
  2⤵
  PID:4128
- C:\Windows\System\KWGwCxj.exe
  C:\Windows\System\KWGwCxj.exe
  2⤵
  PID:4316
- C:\Windows\System\SrEiGOG.exe
  C:\Windows\System\SrEiGOG.exe
  2⤵
  PID:4240
- C:\Windows\System\MIMXQcC.exe
  C:\Windows\System\MIMXQcC.exe
  2⤵
  PID:4400
- C:\Windows\System\JoFFtef.exe
  C:\Windows\System\JoFFtef.exe
  2⤵
  PID:3896
- C:\Windows\System\ScEiCHA.exe
  C:\Windows\System\ScEiCHA.exe
  2⤵
  PID:4636
- C:\Windows\System\KBxsryS.exe
  C:\Windows\System\KBxsryS.exe
  2⤵
  PID:4624
- C:\Windows\System\mSphQjd.exe
  C:\Windows\System\mSphQjd.exe
  2⤵
  PID:4436
- C:\Windows\System\nYidxRu.exe
  C:\Windows\System\nYidxRu.exe
  2⤵
  PID:4320
- C:\Windows\System\DOfbSMl.exe
  C:\Windows\System\DOfbSMl.exe
  2⤵
  PID:4700
- C:\Windows\System\WLaSxct.exe
  C:\Windows\System\WLaSxct.exe
  2⤵
  PID:4440
- C:\Windows\System\JWNTebS.exe
  C:\Windows\System\JWNTebS.exe
  2⤵
  PID:4932
- C:\Windows\System\RnoWyzA.exe
  C:\Windows\System\RnoWyzA.exe
  2⤵
  PID:5128
- C:\Windows\System\mxuJGtt.exe
  C:\Windows\System\mxuJGtt.exe
  2⤵
  PID:5152
- C:\Windows\System\xzKIYVd.exe
  C:\Windows\System\xzKIYVd.exe
  2⤵
  PID:5168
- C:\Windows\System\JHqdvRx.exe
  C:\Windows\System\JHqdvRx.exe
  2⤵
  PID:5188
- C:\Windows\System\eTPGzpx.exe
  C:\Windows\System\eTPGzpx.exe
  2⤵
  PID:5212
- C:\Windows\System\TnuiaLd.exe
  C:\Windows\System\TnuiaLd.exe
  2⤵
  PID:5232
- C:\Windows\System\wGQAQxp.exe
  C:\Windows\System\wGQAQxp.exe
  2⤵
  PID:5252
- C:\Windows\System\JaTgusl.exe
  C:\Windows\System\JaTgusl.exe
  2⤵
  PID:5272
- C:\Windows\System\NQKhzRP.exe
  C:\Windows\System\NQKhzRP.exe
  2⤵
  PID:5288
- C:\Windows\System\iFgPJWR.exe
  C:\Windows\System\iFgPJWR.exe
  2⤵
  PID:5308
- C:\Windows\System\TvFNhgP.exe
  C:\Windows\System\TvFNhgP.exe
  2⤵
  PID:5328
- C:\Windows\System\PjrvXMl.exe
  C:\Windows\System\PjrvXMl.exe
  2⤵
  PID:5348
- C:\Windows\System\kMyZmbe.exe
  C:\Windows\System\kMyZmbe.exe
  2⤵
  PID:5368
- C:\Windows\System\yQUGxzY.exe
  C:\Windows\System\yQUGxzY.exe
  2⤵
  PID:5392
- C:\Windows\System\QiaAzGm.exe
  C:\Windows\System\QiaAzGm.exe
  2⤵
  PID:5408
- C:\Windows\System\HvWASWT.exe
  C:\Windows\System\HvWASWT.exe
  2⤵
  PID:5428
- C:\Windows\System\oxeEeHb.exe
  C:\Windows\System\oxeEeHb.exe
  2⤵
  PID:5448
- C:\Windows\System\nwKPYGT.exe
  C:\Windows\System\nwKPYGT.exe
  2⤵
  PID:5464
- C:\Windows\System\oDgQXna.exe
  C:\Windows\System\oDgQXna.exe
  2⤵
  PID:5480
- C:\Windows\System\oxIyvbq.exe
  C:\Windows\System\oxIyvbq.exe
  2⤵
  PID:5508
- C:\Windows\System\QnwRddQ.exe
  C:\Windows\System\QnwRddQ.exe
  2⤵
  PID:5528
- C:\Windows\System\RoLEDsK.exe
  C:\Windows\System\RoLEDsK.exe
  2⤵
  PID:5548
- C:\Windows\System\SpjEyEl.exe
  C:\Windows\System\SpjEyEl.exe
  2⤵
  PID:5568
- C:\Windows\System\lMuwpyb.exe
  C:\Windows\System\lMuwpyb.exe
  2⤵
  PID:5584
- C:\Windows\System\iUnPfEk.exe
  C:\Windows\System\iUnPfEk.exe
  2⤵
  PID:5604
- C:\Windows\System\YrbVVda.exe
  C:\Windows\System\YrbVVda.exe
  2⤵
  PID:5620
- C:\Windows\System\WwnhAQU.exe
  C:\Windows\System\WwnhAQU.exe
  2⤵
  PID:5636
- C:\Windows\System\IWynhAY.exe
  C:\Windows\System\IWynhAY.exe
  2⤵
  PID:5652
- C:\Windows\System\NLlmNgI.exe
  C:\Windows\System\NLlmNgI.exe
  2⤵
  PID:5668
- C:\Windows\System\EFarYYJ.exe
  C:\Windows\System\EFarYYJ.exe
  2⤵
  PID:5684
- C:\Windows\System\KXSgAqn.exe
  C:\Windows\System\KXSgAqn.exe
  2⤵
  PID:5704
- C:\Windows\System\fqiTWRm.exe
  C:\Windows\System\fqiTWRm.exe
  2⤵
  PID:5724
- C:\Windows\System\PsgOQxz.exe
  C:\Windows\System\PsgOQxz.exe
  2⤵
  PID:5740
- C:\Windows\System\NbSXeMB.exe
  C:\Windows\System\NbSXeMB.exe
  2⤵
  PID:5756
- C:\Windows\System\QOBRIip.exe
  C:\Windows\System\QOBRIip.exe
  2⤵
  PID:5772
- C:\Windows\System\mhsEazB.exe
  C:\Windows\System\mhsEazB.exe
  2⤵
  PID:5788
- C:\Windows\System\jxWJuOp.exe
  C:\Windows\System\jxWJuOp.exe
  2⤵
  PID:5804
- C:\Windows\System\KOffMLk.exe
  C:\Windows\System\KOffMLk.exe
  2⤵
  PID:5820
- C:\Windows\System\OHQkAHI.exe
  C:\Windows\System\OHQkAHI.exe
  2⤵
  PID:5836
- C:\Windows\System\WmlZYpV.exe
  C:\Windows\System\WmlZYpV.exe
  2⤵
  PID:5852
- C:\Windows\System\oWXpYli.exe
  C:\Windows\System\oWXpYli.exe
  2⤵
  PID:5868
- C:\Windows\System\BWNWmGB.exe
  C:\Windows\System\BWNWmGB.exe
  2⤵
  PID:5904
- C:\Windows\System\URJwEBP.exe
  C:\Windows\System\URJwEBP.exe
  2⤵
  PID:5920
- C:\Windows\System\DpgQbPt.exe
  C:\Windows\System\DpgQbPt.exe
  2⤵
  PID:5948
- C:\Windows\System\UgdBJzz.exe
  C:\Windows\System\UgdBJzz.exe
  2⤵
  PID:5964
- C:\Windows\System\SmytYmf.exe
  C:\Windows\System\SmytYmf.exe
  2⤵
  PID:5980
- C:\Windows\System\wyegNgL.exe
  C:\Windows\System\wyegNgL.exe
  2⤵
  PID:5996
- C:\Windows\System\rkpYpcJ.exe
  C:\Windows\System\rkpYpcJ.exe
  2⤵
  PID:6020
- C:\Windows\System\SnWJNrB.exe
  C:\Windows\System\SnWJNrB.exe
  2⤵
  PID:6036
- C:\Windows\System\wPGAPjG.exe
  C:\Windows\System\wPGAPjG.exe
  2⤵
  PID:6052
- C:\Windows\System\hodvmjH.exe
  C:\Windows\System\hodvmjH.exe
  2⤵
  PID:6068
- C:\Windows\System\CwZPWBY.exe
  C:\Windows\System\CwZPWBY.exe
  2⤵
  PID:6092
- C:\Windows\System\jgXgIhs.exe
  C:\Windows\System\jgXgIhs.exe
  2⤵
  PID:6108
- C:\Windows\System\eAvFJZv.exe
  C:\Windows\System\eAvFJZv.exe
  2⤵
  PID:6124
- C:\Windows\System\NnNGbbp.exe
  C:\Windows\System\NnNGbbp.exe
  2⤵
  PID:6140
- C:\Windows\System\UdiBxVM.exe
  C:\Windows\System\UdiBxVM.exe
  2⤵
  PID:4956
- C:\Windows\System\aDpgalj.exe
  C:\Windows\System\aDpgalj.exe
  2⤵
  PID:4880
- C:\Windows\System\oonrjOj.exe
  C:\Windows\System\oonrjOj.exe
  2⤵
  PID:4380
- C:\Windows\System\BrOcYeR.exe
  C:\Windows\System\BrOcYeR.exe
  2⤵
  PID:5048
- C:\Windows\System\WTmRjqn.exe
  C:\Windows\System\WTmRjqn.exe
  2⤵
  PID:4336
- C:\Windows\System\KrzYzNs.exe
  C:\Windows\System\KrzYzNs.exe
  2⤵
  PID:3268
- C:\Windows\System\OxGTCdW.exe
  C:\Windows\System\OxGTCdW.exe
  2⤵
  PID:4396
- C:\Windows\System\EpODuuv.exe
  C:\Windows\System\EpODuuv.exe
  2⤵
  PID:4296
- C:\Windows\System\CFRMyaa.exe
  C:\Windows\System\CFRMyaa.exe
  2⤵
  PID:4552
- C:\Windows\System\YCDvGGj.exe
  C:\Windows\System\YCDvGGj.exe
  2⤵
  PID:4560
- C:\Windows\System\UhVmQkb.exe
  C:\Windows\System\UhVmQkb.exe
  2⤵
  PID:4712
- C:\Windows\System\laGKLKY.exe
  C:\Windows\System\laGKLKY.exe
  2⤵
  PID:4892
- C:\Windows\System\WipXcPf.exe
  C:\Windows\System\WipXcPf.exe
  2⤵
  PID:5388
- C:\Windows\System\OwITLPy.exe
  C:\Windows\System\OwITLPy.exe
  2⤵
  PID:5456
- C:\Windows\System\QecnQYR.exe
  C:\Windows\System\QecnQYR.exe
  2⤵
  PID:5504
- C:\Windows\System\WTBhvPy.exe
  C:\Windows\System\WTBhvPy.exe
  2⤵
  PID:5544
- C:\Windows\System\XkacYKw.exe
  C:\Windows\System\XkacYKw.exe
  2⤵
  PID:5616
- C:\Windows\System\kxlxRPo.exe
  C:\Windows\System\kxlxRPo.exe
  2⤵
  PID:5680
- C:\Windows\System\bfSBknm.exe
  C:\Windows\System\bfSBknm.exe
  2⤵
  PID:5748
- C:\Windows\System\LeDhpmb.exe
  C:\Windows\System\LeDhpmb.exe
  2⤵
  PID:1624
- C:\Windows\System\nptvlRB.exe
  C:\Windows\System\nptvlRB.exe
  2⤵
  PID:5880
- C:\Windows\System\hrOkRIR.exe
  C:\Windows\System\hrOkRIR.exe
  2⤵
  PID:5900
- C:\Windows\System\VbfBYlA.exe
  C:\Windows\System\VbfBYlA.exe
  2⤵
  PID:5936
- C:\Windows\System\mekTzjj.exe
  C:\Windows\System\mekTzjj.exe
  2⤵
  PID:2176
- C:\Windows\System\DsNPrLe.exe
  C:\Windows\System\DsNPrLe.exe
  2⤵
  PID:6004
- C:\Windows\System\YRqpagW.exe
  C:\Windows\System\YRqpagW.exe
  2⤵
  PID:6048
- C:\Windows\System\PZYvHrW.exe
  C:\Windows\System\PZYvHrW.exe
  2⤵
  PID:2416
- C:\Windows\System\GsqDbqx.exe
  C:\Windows\System\GsqDbqx.exe
  2⤵
  PID:5200
- C:\Windows\System\JLjGcsr.exe
  C:\Windows\System\JLjGcsr.exe
  2⤵
  PID:5248
- C:\Windows\System\dzrxBsm.exe
  C:\Windows\System\dzrxBsm.exe
  2⤵
  PID:5356
- C:\Windows\System\BmVgbUw.exe
  C:\Windows\System\BmVgbUw.exe
  2⤵
  PID:3588
- C:\Windows\System\OBJPpDH.exe
  C:\Windows\System\OBJPpDH.exe
  2⤵
  PID:4604
- C:\Windows\System\ELqueVV.exe
  C:\Windows\System\ELqueVV.exe
  2⤵
  PID:5436
- C:\Windows\System\ZVqeTls.exe
  C:\Windows\System\ZVqeTls.exe
  2⤵
  PID:2660
- C:\Windows\System\HEDGAKn.exe
  C:\Windows\System\HEDGAKn.exe
  2⤵
  PID:5180
- C:\Windows\System\suwryZl.exe
  C:\Windows\System\suwryZl.exe
  2⤵
  PID:5160
- C:\Windows\System\GYVHepA.exe
  C:\Windows\System\GYVHepA.exe
  2⤵
  PID:5196
- C:\Windows\System\DEKbAjW.exe
  C:\Windows\System\DEKbAjW.exe
  2⤵
  PID:1264
- C:\Windows\System\FSLDTEK.exe
  C:\Windows\System\FSLDTEK.exe
  2⤵
  PID:5300
- C:\Windows\System\arWrmIR.exe
  C:\Windows\System\arWrmIR.exe
  2⤵
  PID:5380
- C:\Windows\System\ExmfeIc.exe
  C:\Windows\System\ExmfeIc.exe
  2⤵
  PID:5028
- C:\Windows\System\ODIsoNU.exe
  C:\Windows\System\ODIsoNU.exe
  2⤵
  PID:5136
- C:\Windows\System\yalhIzD.exe
  C:\Windows\System\yalhIzD.exe
  2⤵
  PID:3676
- C:\Windows\System\WqsLWiC.exe
  C:\Windows\System\WqsLWiC.exe
  2⤵
  PID:6136
- C:\Windows\System\mDSTgZL.exe
  C:\Windows\System\mDSTgZL.exe
  2⤵
  PID:6060
- C:\Windows\System\DfteEGl.exe
  C:\Windows\System\DfteEGl.exe
  2⤵
  PID:5960
- C:\Windows\System\LBePwVN.exe
  C:\Windows\System\LBePwVN.exe
  2⤵
  PID:5860
- C:\Windows\System\xpGcZTv.exe
  C:\Windows\System\xpGcZTv.exe
  2⤵
  PID:5768
- C:\Windows\System\LSjwGnQ.exe
  C:\Windows\System\LSjwGnQ.exe
  2⤵
  PID:5692
- C:\Windows\System\lIIBxFC.exe
  C:\Windows\System\lIIBxFC.exe
  2⤵
  PID:5600
- C:\Windows\System\UoufLtc.exe
  C:\Windows\System\UoufLtc.exe
  2⤵
  PID:5612
- C:\Windows\System\khMXqkv.exe
  C:\Windows\System\khMXqkv.exe
  2⤵
  PID:5844
- C:\Windows\System\gTjgWiQ.exe
  C:\Windows\System\gTjgWiQ.exe
  2⤵
  PID:5848
- C:\Windows\System\kugdBIP.exe
  C:\Windows\System\kugdBIP.exe
  2⤵
  PID:5416
- C:\Windows\System\MqUIWqP.exe
  C:\Windows\System\MqUIWqP.exe
  2⤵
  PID:5648
- C:\Windows\System\JdDsuFo.exe
  C:\Windows\System\JdDsuFo.exe
  2⤵
  PID:5812
- C:\Windows\System\TlZKwHh.exe
  C:\Windows\System\TlZKwHh.exe
  2⤵
  PID:6080
- C:\Windows\System\hPDwBNN.exe
  C:\Windows\System\hPDwBNN.exe
  2⤵
  PID:6012
- C:\Windows\System\QKzBmnK.exe
  C:\Windows\System\QKzBmnK.exe
  2⤵
  PID:5944
- C:\Windows\System\xevqdhB.exe
  C:\Windows\System\xevqdhB.exe
  2⤵
  PID:5204
- C:\Windows\System\SgHsGGa.exe
  C:\Windows\System\SgHsGGa.exe
  2⤵
  PID:4112
- C:\Windows\System\chcIqRk.exe
  C:\Windows\System\chcIqRk.exe
  2⤵
  PID:3308
- C:\Windows\System\qiBzWSS.exe
  C:\Windows\System\qiBzWSS.exe
  2⤵
  PID:5520
- C:\Windows\System\RQpMbfZ.exe
  C:\Windows\System\RQpMbfZ.exe
  2⤵
  PID:5524
- C:\Windows\System\YJUsNuO.exe
  C:\Windows\System\YJUsNuO.exe
  2⤵
  PID:2916
- C:\Windows\System\slmbipu.exe
  C:\Windows\System\slmbipu.exe
  2⤵
  PID:5228
- C:\Windows\System\rKVScFa.exe
  C:\Windows\System\rKVScFa.exe
  2⤵
  PID:2616
- C:\Windows\System\ANwhfIQ.exe
  C:\Windows\System\ANwhfIQ.exe
  2⤵
  PID:2460
- C:\Windows\System\ohrALhm.exe
  C:\Windows\System\ohrALhm.exe
  2⤵
  PID:5148
- C:\Windows\System\HDcyCMf.exe
  C:\Windows\System\HDcyCMf.exe
  2⤵
  PID:5140
- C:\Windows\System\GDePsYa.exe
  C:\Windows\System\GDePsYa.exe
  2⤵
  PID:6064
- C:\Windows\System\UomvzQS.exe
  C:\Windows\System\UomvzQS.exe
  2⤵
  PID:5988
- C:\Windows\System\wvWKcRC.exe
  C:\Windows\System\wvWKcRC.exe
  2⤵
  PID:5828
- C:\Windows\System\qRrDITV.exe
  C:\Windows\System\qRrDITV.exe
  2⤵
  PID:5732
- C:\Windows\System\kPANmHG.exe
  C:\Windows\System\kPANmHG.exe
  2⤵
  PID:5580
- C:\Windows\System\lsoUdIJ.exe
  C:\Windows\System\lsoUdIJ.exe
  2⤵
  PID:5876
- C:\Windows\System\lmKkRkW.exe
  C:\Windows\System\lmKkRkW.exe
  2⤵
  PID:5420
- C:\Windows\System\LflEDRN.exe
  C:\Windows\System\LflEDRN.exe
  2⤵
  PID:5536
- C:\Windows\System\hgAJlHc.exe
  C:\Windows\System\hgAJlHc.exe
  2⤵
  PID:6076
- C:\Windows\System\ZGVUWOA.exe
  C:\Windows\System\ZGVUWOA.exe
  2⤵
  PID:1496
- C:\Windows\System\ZjvXFTa.exe
  C:\Windows\System\ZjvXFTa.exe
  2⤵
  PID:5240
- C:\Windows\System\YpktZGc.exe
  C:\Windows\System\YpktZGc.exe
  2⤵
  PID:5404
- C:\Windows\System\jCMFbAY.exe
  C:\Windows\System\jCMFbAY.exe
  2⤵
  PID:4284
- C:\Windows\System\bxSmvZt.exe
  C:\Windows\System\bxSmvZt.exe
  2⤵
  PID:3924
- C:\Windows\System\Jgunqmi.exe
  C:\Windows\System\Jgunqmi.exe
  2⤵
  PID:2500
- C:\Windows\System\MYpNxcN.exe
  C:\Windows\System\MYpNxcN.exe
  2⤵
  PID:5700
- C:\Windows\System\BBEdxTv.exe
  C:\Windows\System\BBEdxTv.exe
  2⤵
  PID:4496
- C:\Windows\System\uPooMgi.exe
  C:\Windows\System\uPooMgi.exe
  2⤵
  PID:5916
- C:\Windows\System\vNBfHPT.exe
  C:\Windows\System\vNBfHPT.exe
  2⤵
  PID:5796
- C:\Windows\System\bBoGzmP.exe
  C:\Windows\System\bBoGzmP.exe
  2⤵
  PID:5564
- C:\Windows\System\GLtmauW.exe
  C:\Windows\System\GLtmauW.exe
  2⤵
  PID:5176
- C:\Windows\System\wYCLBfj.exe
  C:\Windows\System\wYCLBfj.exe
  2⤵
  PID:5540
- C:\Windows\System\VuxUwcR.exe
  C:\Windows\System\VuxUwcR.exe
  2⤵
  PID:5780
- C:\Windows\System\UJqEixZ.exe
  C:\Windows\System\UJqEixZ.exe
  2⤵
  PID:6044
- C:\Windows\System\pzQgeSF.exe
  C:\Windows\System\pzQgeSF.exe
  2⤵
  PID:6156
- C:\Windows\System\vsDVLdt.exe
  C:\Windows\System\vsDVLdt.exe
  2⤵
  PID:6176
- C:\Windows\System\WVzxEuK.exe
  C:\Windows\System\WVzxEuK.exe
  2⤵
  PID:6196
- C:\Windows\System\ttJpSQz.exe
  C:\Windows\System\ttJpSQz.exe
  2⤵
  PID:6216
- C:\Windows\System\wqPcTHl.exe
  C:\Windows\System\wqPcTHl.exe
  2⤵
  PID:6236
- C:\Windows\System\fwraurF.exe
  C:\Windows\System\fwraurF.exe
  2⤵
  PID:6256
- C:\Windows\System\hnYdAyK.exe
  C:\Windows\System\hnYdAyK.exe
  2⤵
  PID:6276
- C:\Windows\System\HnBGeCy.exe
  C:\Windows\System\HnBGeCy.exe
  2⤵
  PID:6296
- C:\Windows\System\XWSMFde.exe
  C:\Windows\System\XWSMFde.exe
  2⤵
  PID:6316
- C:\Windows\System\NFeETSh.exe
  C:\Windows\System\NFeETSh.exe
  2⤵
  PID:6336
- C:\Windows\System\RjkDFxF.exe
  C:\Windows\System\RjkDFxF.exe
  2⤵
  PID:6356
- C:\Windows\System\kpxMfDD.exe
  C:\Windows\System\kpxMfDD.exe
  2⤵
  PID:6376
- C:\Windows\System\paatCdz.exe
  C:\Windows\System\paatCdz.exe
  2⤵
  PID:6396
- C:\Windows\System\gvAqvnr.exe
  C:\Windows\System\gvAqvnr.exe
  2⤵
  PID:6416
- C:\Windows\System\sfXpJGP.exe
  C:\Windows\System\sfXpJGP.exe
  2⤵
  PID:6436
- C:\Windows\System\FfIxjJO.exe
  C:\Windows\System\FfIxjJO.exe
  2⤵
  PID:6456
- C:\Windows\System\sjePWlq.exe
  C:\Windows\System\sjePWlq.exe
  2⤵
  PID:6480
- C:\Windows\System\mpkChLk.exe
  C:\Windows\System\mpkChLk.exe
  2⤵
  PID:6500
- C:\Windows\System\DmKYxiK.exe
  C:\Windows\System\DmKYxiK.exe
  2⤵
  PID:6520
- C:\Windows\System\bfCVMDm.exe
  C:\Windows\System\bfCVMDm.exe
  2⤵
  PID:6540
- C:\Windows\System\kcpesrt.exe
  C:\Windows\System\kcpesrt.exe
  2⤵
  PID:6560
- C:\Windows\System\MwXehgX.exe
  C:\Windows\System\MwXehgX.exe
  2⤵
  PID:6580
- C:\Windows\System\DAlrCFc.exe
  C:\Windows\System\DAlrCFc.exe
  2⤵
  PID:6600
- C:\Windows\System\yRzYUsP.exe
  C:\Windows\System\yRzYUsP.exe
  2⤵
  PID:6620
- C:\Windows\System\CqXYWMe.exe
  C:\Windows\System\CqXYWMe.exe
  2⤵
  PID:6640
- C:\Windows\System\JRjvaSX.exe
  C:\Windows\System\JRjvaSX.exe
  2⤵
  PID:6660
- C:\Windows\System\LymgQXA.exe
  C:\Windows\System\LymgQXA.exe
  2⤵
  PID:6680
- C:\Windows\System\ZneDoEw.exe
  C:\Windows\System\ZneDoEw.exe
  2⤵
  PID:6700
- C:\Windows\System\BjoJaWf.exe
  C:\Windows\System\BjoJaWf.exe
  2⤵
  PID:6720
- C:\Windows\System\NJximxD.exe
  C:\Windows\System\NJximxD.exe
  2⤵
  PID:6740
- C:\Windows\System\heJvGqB.exe
  C:\Windows\System\heJvGqB.exe
  2⤵
  PID:6760
- C:\Windows\System\kPMKMVy.exe
  C:\Windows\System\kPMKMVy.exe
  2⤵
  PID:6780
- C:\Windows\System\arxCeVd.exe
  C:\Windows\System\arxCeVd.exe
  2⤵
  PID:6800
- C:\Windows\System\TvcakjK.exe
  C:\Windows\System\TvcakjK.exe
  2⤵
  PID:6820
- C:\Windows\System\lhHTXyr.exe
  C:\Windows\System\lhHTXyr.exe
  2⤵
  PID:6840
- C:\Windows\System\xwIWTvV.exe
  C:\Windows\System\xwIWTvV.exe
  2⤵
  PID:6860
- C:\Windows\System\WBqoRTn.exe
  C:\Windows\System\WBqoRTn.exe
  2⤵
  PID:6880
- C:\Windows\System\jPniwfm.exe
  C:\Windows\System\jPniwfm.exe
  2⤵
  PID:6900
- C:\Windows\System\FFTNSHS.exe
  C:\Windows\System\FFTNSHS.exe
  2⤵
  PID:6920
- C:\Windows\System\ClHfwrf.exe
  C:\Windows\System\ClHfwrf.exe
  2⤵
  PID:6940
- C:\Windows\System\mBwUtka.exe
  C:\Windows\System\mBwUtka.exe
  2⤵
  PID:6960
- C:\Windows\System\WAJNJye.exe
  C:\Windows\System\WAJNJye.exe
  2⤵
  PID:6980
- C:\Windows\System\tsMxUzd.exe
  C:\Windows\System\tsMxUzd.exe
  2⤵
  PID:7000
- C:\Windows\System\VnxtMOS.exe
  C:\Windows\System\VnxtMOS.exe
  2⤵
  PID:7020
- C:\Windows\System\ePxDoGW.exe
  C:\Windows\System\ePxDoGW.exe
  2⤵
  PID:7040
- C:\Windows\System\NuiTsQx.exe
  C:\Windows\System\NuiTsQx.exe
  2⤵
  PID:7060
- C:\Windows\System\OJvDTuK.exe
  C:\Windows\System\OJvDTuK.exe
  2⤵
  PID:7080
- C:\Windows\System\SnBCXDR.exe
  C:\Windows\System\SnBCXDR.exe
  2⤵
  PID:7096
- C:\Windows\System\OiJwYLv.exe
  C:\Windows\System\OiJwYLv.exe
  2⤵
  PID:7120
- C:\Windows\System\fSrOorA.exe
  C:\Windows\System\fSrOorA.exe
  2⤵
  PID:7140
- C:\Windows\System\UFconkA.exe
  C:\Windows\System\UFconkA.exe
  2⤵
  PID:7160
- C:\Windows\System\jNVODaH.exe
  C:\Windows\System\jNVODaH.exe
  2⤵
  PID:5304
- C:\Windows\System\gXdYekz.exe
  C:\Windows\System\gXdYekz.exe
  2⤵
  PID:5260
- C:\Windows\System\zojXkGy.exe
  C:\Windows\System\zojXkGy.exe
  2⤵
  PID:5496
- C:\Windows\System\pylUcaM.exe
  C:\Windows\System\pylUcaM.exe
  2⤵
  PID:2832
- C:\Windows\System\OeHasje.exe
  C:\Windows\System\OeHasje.exe
  2⤵
  PID:1564
- C:\Windows\System\tnSpgke.exe
  C:\Windows\System\tnSpgke.exe
  2⤵
  PID:4808
- C:\Windows\System\VOkcNEZ.exe
  C:\Windows\System\VOkcNEZ.exe
  2⤵
  PID:6116
- C:\Windows\System\LqDAIoI.exe
  C:\Windows\System\LqDAIoI.exe
  2⤵
  PID:6152
- C:\Windows\System\vEHXzes.exe
  C:\Windows\System\vEHXzes.exe
  2⤵
  PID:6172
- C:\Windows\System\GndDpCz.exe
  C:\Windows\System\GndDpCz.exe
  2⤵
  PID:6204
- C:\Windows\System\aYLztyI.exe
  C:\Windows\System\aYLztyI.exe
  2⤵
  PID:6264
- C:\Windows\System\nejlNoI.exe
  C:\Windows\System\nejlNoI.exe
  2⤵
  PID:6272
- C:\Windows\System\dAwlWTF.exe
  C:\Windows\System\dAwlWTF.exe
  2⤵
  PID:6304
- C:\Windows\System\FJoVCyB.exe
  C:\Windows\System\FJoVCyB.exe
  2⤵
  PID:6352
- C:\Windows\System\KczmuGt.exe
  C:\Windows\System\KczmuGt.exe
  2⤵
  PID:6392
- C:\Windows\System\BrpZxoL.exe
  C:\Windows\System\BrpZxoL.exe
  2⤵
  PID:1032
- C:\Windows\System\Exqxqxl.exe
  C:\Windows\System\Exqxqxl.exe
  2⤵
  PID:6412
- C:\Windows\System\rDWWerU.exe
  C:\Windows\System\rDWWerU.exe
  2⤵
  PID:6476
- C:\Windows\System\CSrdcch.exe
  C:\Windows\System\CSrdcch.exe
  2⤵
  PID:6488
- C:\Windows\System\zbudSeg.exe
  C:\Windows\System\zbudSeg.exe
  2⤵
  PID:6548
- C:\Windows\System\YAAEhdy.exe
  C:\Windows\System\YAAEhdy.exe
  2⤵
  PID:6536
- C:\Windows\System\RGGJUQq.exe
  C:\Windows\System\RGGJUQq.exe
  2⤵
  PID:6592
- C:\Windows\System\CxQbBXl.exe
  C:\Windows\System\CxQbBXl.exe
  2⤵
  PID:6612
- C:\Windows\System\jgTguPC.exe
  C:\Windows\System\jgTguPC.exe
  2⤵
  PID:6656
- C:\Windows\System\rTXjMGK.exe
  C:\Windows\System\rTXjMGK.exe
  2⤵
  PID:6708
- C:\Windows\System\SojsNkr.exe
  C:\Windows\System\SojsNkr.exe
  2⤵
  PID:6748
- C:\Windows\System\HGJJxWn.exe
  C:\Windows\System\HGJJxWn.exe
  2⤵
  PID:6752
- C:\Windows\System\AMnuKLz.exe
  C:\Windows\System\AMnuKLz.exe
  2⤵
  PID:6792
- C:\Windows\System\Sktbpld.exe
  C:\Windows\System\Sktbpld.exe
  2⤵
  PID:6808
- C:\Windows\System\lpYIOSq.exe
  C:\Windows\System\lpYIOSq.exe
  2⤵
  PID:6876
- C:\Windows\System\lCcDyqq.exe
  C:\Windows\System\lCcDyqq.exe
  2⤵
  PID:6908
- C:\Windows\System\MWeFLbE.exe
  C:\Windows\System\MWeFLbE.exe
  2⤵
  PID:6928
- C:\Windows\System\gYBDleQ.exe
  C:\Windows\System\gYBDleQ.exe
  2⤵
  PID:6932
- C:\Windows\System\jKYYhFK.exe
  C:\Windows\System\jKYYhFK.exe
  2⤵
  PID:6972
- C:\Windows\System\cOEFDOa.exe
  C:\Windows\System\cOEFDOa.exe
  2⤵
  PID:7016
- C:\Windows\System\MOmIGnd.exe
  C:\Windows\System\MOmIGnd.exe
  2⤵
  PID:7072
- C:\Windows\System\rKYSojd.exe
  C:\Windows\System\rKYSojd.exe
  2⤵
  PID:7052
- C:\Windows\System\nmrQAjT.exe
  C:\Windows\System\nmrQAjT.exe
  2⤵
  PID:7112
- C:\Windows\System\uPeIjyf.exe
  C:\Windows\System\uPeIjyf.exe
  2⤵
  PID:7136
- C:\Windows\System\HmQjvlL.exe
  C:\Windows\System\HmQjvlL.exe
  2⤵
  PID:5184
- C:\Windows\System\JuNbUwf.exe
  C:\Windows\System\JuNbUwf.exe
  2⤵
  PID:6104
- C:\Windows\System\dKbkVJo.exe
  C:\Windows\System\dKbkVJo.exe
  2⤵
  PID:5628
- C:\Windows\System\SWMOBOE.exe
  C:\Windows\System\SWMOBOE.exe
  2⤵
  PID:5004
- C:\Windows\System\KqSWvqI.exe
  C:\Windows\System\KqSWvqI.exe
  2⤵
  PID:5676
- C:\Windows\System\qQwXzoM.exe
  C:\Windows\System\qQwXzoM.exe
  2⤵
  PID:5888
- C:\Windows\System\yYuNvOm.exe
  C:\Windows\System\yYuNvOm.exe
  2⤵
  PID:6212
- C:\Windows\System\UISZBqF.exe
  C:\Windows\System\UISZBqF.exe
  2⤵
  PID:6308
- C:\Windows\System\RZIfvPj.exe
  C:\Windows\System\RZIfvPj.exe
  2⤵
  PID:6292
- C:\Windows\System\XBMfvXy.exe
  C:\Windows\System\XBMfvXy.exe
  2⤵
  PID:1312
- C:\Windows\System\GeuFqlZ.exe
  C:\Windows\System\GeuFqlZ.exe
  2⤵
  PID:6424
- C:\Windows\System\GVvcjZG.exe
  C:\Windows\System\GVvcjZG.exe
  2⤵
  PID:6448
- C:\Windows\System\EqHJWRo.exe
  C:\Windows\System\EqHJWRo.exe
  2⤵
  PID:6568
- C:\Windows\System\PIZablE.exe
  C:\Windows\System\PIZablE.exe
  2⤵
  PID:6528
- C:\Windows\System\yHyGApF.exe
  C:\Windows\System\yHyGApF.exe
  2⤵
  PID:6616
- C:\Windows\System\iuDabTj.exe
  C:\Windows\System\iuDabTj.exe
  2⤵
  PID:6688
- C:\Windows\System\mScsueb.exe
  C:\Windows\System\mScsueb.exe
  2⤵
  PID:6776
- C:\Windows\System\kFgfyia.exe
  C:\Windows\System\kFgfyia.exe
  2⤵
  PID:6832
- C:\Windows\System\uMpPLwb.exe
  C:\Windows\System\uMpPLwb.exe
  2⤵
  PID:6888
- C:\Windows\System\JYabCep.exe
  C:\Windows\System\JYabCep.exe
  2⤵
  PID:6892
- C:\Windows\System\WcfdUWb.exe
  C:\Windows\System\WcfdUWb.exe
  2⤵
  PID:6976
- C:\Windows\System\QBsEUQC.exe
  C:\Windows\System\QBsEUQC.exe
  2⤵
  PID:7032
- C:\Windows\System\PUXwtBA.exe
  C:\Windows\System\PUXwtBA.exe
  2⤵
  PID:7092
- C:\Windows\System\PolWwts.exe
  C:\Windows\System\PolWwts.exe
  2⤵
  PID:5324
- C:\Windows\System\vCHlwsB.exe
  C:\Windows\System\vCHlwsB.exe
  2⤵
  PID:5516
- C:\Windows\System\zpmzLgh.exe
  C:\Windows\System\zpmzLgh.exe
  2⤵
  PID:1308
- C:\Windows\System\kJhhlYz.exe
  C:\Windows\System\kJhhlYz.exe
  2⤵
  PID:1620
- C:\Windows\System\zGgxitn.exe
  C:\Windows\System\zGgxitn.exe
  2⤵
  PID:6188
- C:\Windows\System\EwsJSms.exe
  C:\Windows\System\EwsJSms.exe
  2⤵
  PID:2464
- C:\Windows\System\VqctIns.exe
  C:\Windows\System\VqctIns.exe
  2⤵
  PID:6328
- C:\Windows\System\lgAuBaP.exe
  C:\Windows\System\lgAuBaP.exe
  2⤵
  PID:6404
- C:\Windows\System\yDiPBQd.exe
  C:\Windows\System\yDiPBQd.exe
  2⤵
  PID:6608
- C:\Windows\System\kOKdcuc.exe
  C:\Windows\System\kOKdcuc.exe
  2⤵
  PID:6596
- C:\Windows\System\PvzWcfQ.exe
  C:\Windows\System\PvzWcfQ.exe
  2⤵
  PID:6796
- C:\Windows\System\JMUbZZW.exe
  C:\Windows\System\JMUbZZW.exe
  2⤵
  PID:6848
- C:\Windows\System\szBAbKh.exe
  C:\Windows\System\szBAbKh.exe
  2⤵
  PID:2704
- C:\Windows\System\uxsRBUF.exe
  C:\Windows\System\uxsRBUF.exe
  2⤵
  PID:7076
- C:\Windows\System\MmApugv.exe
  C:\Windows\System\MmApugv.exe
  2⤵
  PID:7028
- C:\Windows\System\eRlbRwE.exe
  C:\Windows\System\eRlbRwE.exe
  2⤵
  PID:7180
- C:\Windows\System\gRzJZrS.exe
  C:\Windows\System\gRzJZrS.exe
  2⤵
  PID:7200
- C:\Windows\System\bcYlhwO.exe
  C:\Windows\System\bcYlhwO.exe
  2⤵
  PID:7220
- C:\Windows\System\cocuVoe.exe
  C:\Windows\System\cocuVoe.exe
  2⤵
  PID:7236
- C:\Windows\System\hlnWhXY.exe
  C:\Windows\System\hlnWhXY.exe
  2⤵
  PID:7260
- C:\Windows\System\VnPZMaH.exe
  C:\Windows\System\VnPZMaH.exe
  2⤵
  PID:7280
- C:\Windows\System\HVmUIec.exe
  C:\Windows\System\HVmUIec.exe
  2⤵
  PID:7300
- C:\Windows\System\JqCJffc.exe
  C:\Windows\System\JqCJffc.exe
  2⤵
  PID:7320
- C:\Windows\System\jpsjKcM.exe
  C:\Windows\System\jpsjKcM.exe
  2⤵
  PID:7340
- C:\Windows\System\lWVObor.exe
  C:\Windows\System\lWVObor.exe
  2⤵
  PID:7364
- C:\Windows\System\IJXhqXS.exe
  C:\Windows\System\IJXhqXS.exe
  2⤵
  PID:7384
- C:\Windows\System\KJjsgzz.exe
  C:\Windows\System\KJjsgzz.exe
  2⤵
  PID:7400
- C:\Windows\System\lozyzeF.exe
  C:\Windows\System\lozyzeF.exe
  2⤵
  PID:7420
- C:\Windows\System\BuzZSnS.exe
  C:\Windows\System\BuzZSnS.exe
  2⤵
  PID:7440
- C:\Windows\System\SKrpoUd.exe
  C:\Windows\System\SKrpoUd.exe
  2⤵
  PID:7464
- C:\Windows\System\AGWYAgQ.exe
  C:\Windows\System\AGWYAgQ.exe
  2⤵
  PID:7484
- C:\Windows\System\mvWqkBB.exe
  C:\Windows\System\mvWqkBB.exe
  2⤵
  PID:7504
- C:\Windows\System\ulwLEOx.exe
  C:\Windows\System\ulwLEOx.exe
  2⤵
  PID:7524
- C:\Windows\System\oVoGuxg.exe
  C:\Windows\System\oVoGuxg.exe
  2⤵
  PID:7544
- C:\Windows\System\iqlcEPC.exe
  C:\Windows\System\iqlcEPC.exe
  2⤵
  PID:7564
- C:\Windows\System\DtlFqHJ.exe
  C:\Windows\System\DtlFqHJ.exe
  2⤵
  PID:7584
- C:\Windows\System\YEPmadx.exe
  C:\Windows\System\YEPmadx.exe
  2⤵
  PID:7604
- C:\Windows\System\LZbgpZb.exe
  C:\Windows\System\LZbgpZb.exe
  2⤵
  PID:7624
- C:\Windows\System\atNOYao.exe
  C:\Windows\System\atNOYao.exe
  2⤵
  PID:7644
- C:\Windows\System\OlxpMQN.exe
  C:\Windows\System\OlxpMQN.exe
  2⤵
  PID:7664
- C:\Windows\System\WagoIGw.exe
  C:\Windows\System\WagoIGw.exe
  2⤵
  PID:7684
- C:\Windows\System\wOsPXsc.exe
  C:\Windows\System\wOsPXsc.exe
  2⤵
  PID:7708
- C:\Windows\System\JIyDfrk.exe
  C:\Windows\System\JIyDfrk.exe
  2⤵
  PID:7728
- C:\Windows\System\OGCVFAv.exe
  C:\Windows\System\OGCVFAv.exe
  2⤵
  PID:7748
- C:\Windows\System\WgxnCVs.exe
  C:\Windows\System\WgxnCVs.exe
  2⤵
  PID:7768
- C:\Windows\System\MjDbvGl.exe
  C:\Windows\System\MjDbvGl.exe
  2⤵
  PID:7788
- C:\Windows\System\SumCNTM.exe
  C:\Windows\System\SumCNTM.exe
  2⤵
  PID:7804
- C:\Windows\System\bpYdDcX.exe
  C:\Windows\System\bpYdDcX.exe
  2⤵
  PID:7828
- C:\Windows\System\jbDAvpI.exe
  C:\Windows\System\jbDAvpI.exe
  2⤵
  PID:7848
- C:\Windows\System\aQKjSSO.exe
  C:\Windows\System\aQKjSSO.exe
  2⤵
  PID:7868
- C:\Windows\System\AvoQUAT.exe
  C:\Windows\System\AvoQUAT.exe
  2⤵
  PID:7888
- C:\Windows\System\AlxILrP.exe
  C:\Windows\System\AlxILrP.exe
  2⤵
  PID:7908
- C:\Windows\System\FqgWUoi.exe
  C:\Windows\System\FqgWUoi.exe
  2⤵
  PID:7928
- C:\Windows\System\othMiLy.exe
  C:\Windows\System\othMiLy.exe
  2⤵
  PID:7948
- C:\Windows\System\yhvYWXe.exe
  C:\Windows\System\yhvYWXe.exe
  2⤵
  PID:7968
- C:\Windows\System\icaAsQT.exe
  C:\Windows\System\icaAsQT.exe
  2⤵
  PID:7988
- C:\Windows\System\AKEahod.exe
  C:\Windows\System\AKEahod.exe
  2⤵
  PID:8008
- C:\Windows\System\UDQgmfp.exe
  C:\Windows\System\UDQgmfp.exe
  2⤵
  PID:8028
- C:\Windows\System\HSYWWfx.exe
  C:\Windows\System\HSYWWfx.exe
  2⤵
  PID:8048
- C:\Windows\System\wWVuVeB.exe
  C:\Windows\System\wWVuVeB.exe
  2⤵
  PID:8068
- C:\Windows\System\itjvKBX.exe
  C:\Windows\System\itjvKBX.exe
  2⤵
  PID:8092
- C:\Windows\System\HSCqGTx.exe
  C:\Windows\System\HSCqGTx.exe
  2⤵
  PID:8112
- C:\Windows\System\YQmUMNI.exe
  C:\Windows\System\YQmUMNI.exe
  2⤵
  PID:8132
- C:\Windows\System\RaWwdpE.exe
  C:\Windows\System\RaWwdpE.exe
  2⤵
  PID:8152
- C:\Windows\System\mQHafWi.exe
  C:\Windows\System\mQHafWi.exe
  2⤵
  PID:8172
- C:\Windows\System\dLXCjtt.exe
  C:\Windows\System\dLXCjtt.exe
  2⤵
  PID:7108
- C:\Windows\System\HodtBcT.exe
  C:\Windows\System\HodtBcT.exe
  2⤵
  PID:7088
- C:\Windows\System\imYZUPQ.exe
  C:\Windows\System\imYZUPQ.exe
  2⤵
  PID:6192
- C:\Windows\System\TsXovBb.exe
  C:\Windows\System\TsXovBb.exe
  2⤵
  PID:6224
- C:\Windows\System\sJSowKJ.exe
  C:\Windows\System\sJSowKJ.exe
  2⤵
  PID:6432
- C:\Windows\System\vzMaguM.exe
  C:\Windows\System\vzMaguM.exe
  2⤵
  PID:6468
- C:\Windows\System\ZRpTMNs.exe
  C:\Windows\System\ZRpTMNs.exe
  2⤵
  PID:2412
- C:\Windows\System\ctooqMn.exe
  C:\Windows\System\ctooqMn.exe
  2⤵
  PID:6696
- C:\Windows\System\QaKLyib.exe
  C:\Windows\System\QaKLyib.exe
  2⤵
  PID:7068
- C:\Windows\System\DFYwcDz.exe
  C:\Windows\System\DFYwcDz.exe
  2⤵
  PID:7116
- C:\Windows\System\avmCpzB.exe
  C:\Windows\System\avmCpzB.exe
  2⤵
  PID:3672
- C:\Windows\System\jbMpXDM.exe
  C:\Windows\System\jbMpXDM.exe
  2⤵
  PID:7212
- C:\Windows\System\MULjuDu.exe
  C:\Windows\System\MULjuDu.exe
  2⤵
  PID:7232
- C:\Windows\System\NlMITBB.exe
  C:\Windows\System\NlMITBB.exe
  2⤵
  PID:7296
- C:\Windows\System\CukdiDH.exe
  C:\Windows\System\CukdiDH.exe
  2⤵
  PID:7336
- C:\Windows\System\EIWzhAE.exe
  C:\Windows\System\EIWzhAE.exe
  2⤵
  PID:7380
- C:\Windows\System\ydIeKdJ.exe
  C:\Windows\System\ydIeKdJ.exe
  2⤵
  PID:7352
- C:\Windows\System\oUDHCcG.exe
  C:\Windows\System\oUDHCcG.exe
  2⤵
  PID:7396
- C:\Windows\System\YUEJhSG.exe
  C:\Windows\System\YUEJhSG.exe
  2⤵
  PID:7460
- C:\Windows\System\RcJWGad.exe
  C:\Windows\System\RcJWGad.exe
  2⤵
  PID:7472
- C:\Windows\System\FZWOith.exe
  C:\Windows\System\FZWOith.exe
  2⤵
  PID:7532
- C:\Windows\System\zSrwmlb.exe
  C:\Windows\System\zSrwmlb.exe
  2⤵
  PID:7516
- C:\Windows\System\FAuZGGZ.exe
  C:\Windows\System\FAuZGGZ.exe
  2⤵
  PID:7560
- C:\Windows\System\fcGCpBm.exe
  C:\Windows\System\fcGCpBm.exe
  2⤵
  PID:7596
- C:\Windows\System\uqkTbdU.exe
  C:\Windows\System\uqkTbdU.exe
  2⤵
  PID:7640
- C:\Windows\System\ZijtpqM.exe
  C:\Windows\System\ZijtpqM.exe
  2⤵
  PID:7704
- C:\Windows\System\mKCSyTk.exe
  C:\Windows\System\mKCSyTk.exe
  2⤵
  PID:7716
- C:\Windows\System\nVjmJpo.exe
  C:\Windows\System\nVjmJpo.exe
  2⤵
  PID:7740
- C:\Windows\System\XTBfigU.exe
  C:\Windows\System\XTBfigU.exe
  2⤵
  PID:7760
- C:\Windows\System\VSajiad.exe
  C:\Windows\System\VSajiad.exe
  2⤵
  PID:1612
- C:\Windows\System\UsaVMtP.exe
  C:\Windows\System\UsaVMtP.exe
  2⤵
  PID:7796
- C:\Windows\System\uauGpgG.exe
  C:\Windows\System\uauGpgG.exe
  2⤵
  PID:7840
- C:\Windows\System\NwqUkpX.exe
  C:\Windows\System\NwqUkpX.exe
  2⤵
  PID:7896
- C:\Windows\System\cLqjauP.exe
  C:\Windows\System\cLqjauP.exe
  2⤵
  PID:7936
- C:\Windows\System\eauRkYc.exe
  C:\Windows\System\eauRkYc.exe
  2⤵
  PID:7956
- C:\Windows\System\UmqjQeC.exe
  C:\Windows\System\UmqjQeC.exe
  2⤵
  PID:7960
- C:\Windows\System\hzPGSyK.exe
  C:\Windows\System\hzPGSyK.exe
  2⤵
  PID:7996
- C:\Windows\System\uVFVUJM.exe
  C:\Windows\System\uVFVUJM.exe
  2⤵
  PID:8056
- C:\Windows\System\MsfvSex.exe
  C:\Windows\System\MsfvSex.exe
  2⤵
  PID:8100
- C:\Windows\System\QDGXJiq.exe
  C:\Windows\System\QDGXJiq.exe
  2⤵
  PID:7348
- C:\Windows\System\oekLqFd.exe
  C:\Windows\System\oekLqFd.exe
  2⤵
  PID:8148
- C:\Windows\System\laoZwDd.exe
  C:\Windows\System\laoZwDd.exe
  2⤵
  PID:8184
- C:\Windows\System\iAghEzI.exe
  C:\Windows\System\iAghEzI.exe
  2⤵
  PID:5264
- C:\Windows\System\OVWdxxe.exe
  C:\Windows\System\OVWdxxe.exe
  2⤵
  PID:5864
- C:\Windows\System\lmyyUNo.exe
  C:\Windows\System\lmyyUNo.exe
  2⤵
  PID:6372
- C:\Windows\System\FOkUUxJ.exe
  C:\Windows\System\FOkUUxJ.exe
  2⤵
  PID:6496
- C:\Windows\System\PZXmRYz.exe
  C:\Windows\System\PZXmRYz.exe
  2⤵
  PID:6384
- C:\Windows\System\EDwdAww.exe
  C:\Windows\System\EDwdAww.exe
  2⤵
  PID:6956
- C:\Windows\System\LbEgCiQ.exe
  C:\Windows\System\LbEgCiQ.exe
  2⤵
  PID:6912
- C:\Windows\System\CnuhsjX.exe
  C:\Windows\System\CnuhsjX.exe
  2⤵
  PID:7256
- C:\Windows\System\choutYP.exe
  C:\Windows\System\choutYP.exe
  2⤵
  PID:7292
- C:\Windows\System\sWTtXgu.exe
  C:\Windows\System\sWTtXgu.exe
  2⤵
  PID:7308
- C:\Windows\System\TCWZqQt.exe
  C:\Windows\System\TCWZqQt.exe
  2⤵
  PID:7316
- C:\Windows\System\LMHhpdp.exe
  C:\Windows\System\LMHhpdp.exe
  2⤵
  PID:2084
- C:\Windows\System\qJLPLdA.exe
  C:\Windows\System\qJLPLdA.exe
  2⤵
  PID:7476
- C:\Windows\System\pgUkfQQ.exe
  C:\Windows\System\pgUkfQQ.exe
  2⤵
  PID:7576
- C:\Windows\System\NnWIEBF.exe
  C:\Windows\System\NnWIEBF.exe
  2⤵
  PID:2648
- C:\Windows\System\OAJpAzA.exe
  C:\Windows\System\OAJpAzA.exe
  2⤵
  PID:4136
- C:\Windows\System\cHPUczd.exe
  C:\Windows\System\cHPUczd.exe
  2⤵
  PID:7756
- C:\Windows\System\SussDuh.exe
  C:\Windows\System\SussDuh.exe
  2⤵
  PID:7816
- C:\Windows\System\SJsRwHt.exe
  C:\Windows\System\SJsRwHt.exe
  2⤵
  PID:7780
- C:\Windows\System\JdsmZNH.exe
  C:\Windows\System\JdsmZNH.exe
  2⤵
  PID:768
- C:\Windows\System\qPaoaeY.exe
  C:\Windows\System\qPaoaeY.exe
  2⤵
  PID:7920
- C:\Windows\System\WWHLuqt.exe
  C:\Windows\System\WWHLuqt.exe
  2⤵
  PID:8016
- C:\Windows\System\MwMsLwM.exe
  C:\Windows\System\MwMsLwM.exe
  2⤵
  PID:7916
- C:\Windows\System\aLVItlz.exe
  C:\Windows\System\aLVItlz.exe
  2⤵
  PID:8020
- C:\Windows\System\xDKsQmq.exe
  C:\Windows\System\xDKsQmq.exe
  2⤵
  PID:8040
- C:\Windows\System\TanjyvC.exe
  C:\Windows\System\TanjyvC.exe
  2⤵
  PID:8080
- C:\Windows\System\KrQKSZm.exe
  C:\Windows\System\KrQKSZm.exe
  2⤵
  PID:8004
- C:\Windows\System\jWwuMoR.exe
  C:\Windows\System\jWwuMoR.exe
  2⤵
  PID:672
- C:\Windows\System\xmqJSWk.exe
  C:\Windows\System\xmqJSWk.exe
  2⤵
  PID:8160
- C:\Windows\System\llpkPzx.exe
  C:\Windows\System\llpkPzx.exe
  2⤵
  PID:8188
- C:\Windows\System\dxjeysR.exe
  C:\Windows\System\dxjeysR.exe
  2⤵
  PID:3960
- C:\Windows\System\rDnoiDt.exe
  C:\Windows\System\rDnoiDt.exe
  2⤵
  PID:6464
- C:\Windows\System\ZsYrUeq.exe
  C:\Windows\System\ZsYrUeq.exe
  2⤵
  PID:2312
- C:\Windows\System\ppcvFTf.exe
  C:\Windows\System\ppcvFTf.exe
  2⤵
  PID:5488
- C:\Windows\System\MeeQrSh.exe
  C:\Windows\System\MeeQrSh.exe
  2⤵
  PID:7208
- C:\Windows\System\NJvNQpl.exe
  C:\Windows\System\NJvNQpl.exe
  2⤵
  PID:1712
- C:\Windows\System\iqfAVrU.exe
  C:\Windows\System\iqfAVrU.exe
  2⤵
  PID:7216
- C:\Windows\System\eBsbsZj.exe
  C:\Windows\System\eBsbsZj.exe
  2⤵
  PID:7456
- C:\Windows\System\xierBVb.exe
  C:\Windows\System\xierBVb.exe
  2⤵
  PID:4760
- C:\Windows\System\YmsNNOp.exe
  C:\Windows\System\YmsNNOp.exe
  2⤵
  PID:7700
- C:\Windows\System\xxkOERs.exe
  C:\Windows\System\xxkOERs.exe
  2⤵
  PID:1872
- C:\Windows\System\sxIQjLN.exe
  C:\Windows\System\sxIQjLN.exe
  2⤵
  PID:7824
- C:\Windows\System\pbxzQwX.exe
  C:\Windows\System\pbxzQwX.exe
  2⤵
  PID:7764
- C:\Windows\System\nnDaxHv.exe
  C:\Windows\System\nnDaxHv.exe
  2⤵
  PID:7736
- C:\Windows\System\cfFRoia.exe
  C:\Windows\System\cfFRoia.exe
  2⤵
  PID:268
- C:\Windows\System\aZJOLNK.exe
  C:\Windows\System\aZJOLNK.exe
  2⤵
  PID:7904
- C:\Windows\System\bvWSSAq.exe
  C:\Windows\System\bvWSSAq.exe
  2⤵
  PID:7980
- C:\Windows\System\QnVnYGE.exe
  C:\Windows\System\QnVnYGE.exe
  2⤵
  PID:2904
- C:\Windows\System\iNYRpEE.exe
  C:\Windows\System\iNYRpEE.exe
  2⤵
  PID:8180
- C:\Windows\System\WsrjKMO.exe
  C:\Windows\System\WsrjKMO.exe
  2⤵
  PID:6952
- C:\Windows\System\BhbQswQ.exe
  C:\Windows\System\BhbQswQ.exe
  2⤵
  PID:7436
- C:\Windows\System\MQNJFZz.exe
  C:\Windows\System\MQNJFZz.exe
  2⤵
  PID:1372
- C:\Windows\System\dNXgzLM.exe
  C:\Windows\System\dNXgzLM.exe
  2⤵
  PID:8140
- C:\Windows\System\TYUjmvz.exe
  C:\Windows\System\TYUjmvz.exe
  2⤵
  PID:5084
- C:\Windows\System\qzWvcbK.exe
  C:\Windows\System\qzWvcbK.exe
  2⤵
  PID:6736
- C:\Windows\System\yMVuVyb.exe
  C:\Windows\System\yMVuVyb.exe
  2⤵
  PID:7288
- C:\Windows\System\bJiXBRN.exe
  C:\Windows\System\bJiXBRN.exe
  2⤵
  PID:7416
- C:\Windows\System\djakglS.exe
  C:\Windows\System\djakglS.exe
  2⤵
  PID:7432
- C:\Windows\System\gKFLiDa.exe
  C:\Windows\System\gKFLiDa.exe
  2⤵
  PID:7692
- C:\Windows\System\hvgGoUl.exe
  C:\Windows\System\hvgGoUl.exe
  2⤵
  PID:1592
- C:\Windows\System\anfRfOk.exe
  C:\Windows\System\anfRfOk.exe
  2⤵
  PID:7964
- C:\Windows\System\QamEaBZ.exe
  C:\Windows\System\QamEaBZ.exe
  2⤵
  PID:7196
- C:\Windows\System\dlWUjwh.exe
  C:\Windows\System\dlWUjwh.exe
  2⤵
  PID:8200
- C:\Windows\System\BYyajYk.exe
  C:\Windows\System\BYyajYk.exe
  2⤵
  PID:8216
- C:\Windows\System\oHBssth.exe
  C:\Windows\System\oHBssth.exe
  2⤵
  PID:8232
- C:\Windows\System\ThVrDHx.exe
  C:\Windows\System\ThVrDHx.exe
  2⤵
  PID:8248
- C:\Windows\System\wKUZFwb.exe
  C:\Windows\System\wKUZFwb.exe
  2⤵
  PID:8264
- C:\Windows\System\NrkYLPb.exe
  C:\Windows\System\NrkYLPb.exe
  2⤵
  PID:8284
- C:\Windows\System\IUHflVK.exe
  C:\Windows\System\IUHflVK.exe
  2⤵
  PID:8300
- C:\Windows\System\msftVWG.exe
  C:\Windows\System\msftVWG.exe
  2⤵
  PID:8316
- C:\Windows\System\EGcGgcJ.exe
  C:\Windows\System\EGcGgcJ.exe
  2⤵
  PID:8388
- C:\Windows\System\kQRfCEV.exe
  C:\Windows\System\kQRfCEV.exe
  2⤵
  PID:8404
- C:\Windows\System\zriDyVw.exe
  C:\Windows\System\zriDyVw.exe
  2⤵
  PID:8420
- C:\Windows\System\IPmphqo.exe
  C:\Windows\System\IPmphqo.exe
  2⤵
  PID:8436
- C:\Windows\System\AoToCZe.exe
  C:\Windows\System\AoToCZe.exe
  2⤵
  PID:8452
- C:\Windows\System\nkPwQyC.exe
  C:\Windows\System\nkPwQyC.exe
  2⤵
  PID:8468
- C:\Windows\System\qGdecko.exe
  C:\Windows\System\qGdecko.exe
  2⤵
  PID:8484
- C:\Windows\System\XrjVVsd.exe
  C:\Windows\System\XrjVVsd.exe
  2⤵
  PID:8500
- C:\Windows\System\HQZBVBx.exe
  C:\Windows\System\HQZBVBx.exe
  2⤵
  PID:8516
- C:\Windows\System\JkPdVcZ.exe
  C:\Windows\System\JkPdVcZ.exe
  2⤵
  PID:8532
- C:\Windows\System\DNBAzgd.exe
  C:\Windows\System\DNBAzgd.exe
  2⤵
  PID:8548
- C:\Windows\System\rerKfAG.exe
  C:\Windows\System\rerKfAG.exe
  2⤵
  PID:8564
- C:\Windows\System\ACNnWPV.exe
  C:\Windows\System\ACNnWPV.exe
  2⤵
  PID:8580
- C:\Windows\System\xEATmRM.exe
  C:\Windows\System\xEATmRM.exe
  2⤵
  PID:8596
- C:\Windows\System\UTsmCxL.exe
  C:\Windows\System\UTsmCxL.exe
  2⤵
  PID:8612
- C:\Windows\System\FZaAhCM.exe
  C:\Windows\System\FZaAhCM.exe
  2⤵
  PID:8628
- C:\Windows\System\DlCDOFm.exe
  C:\Windows\System\DlCDOFm.exe
  2⤵
  PID:8644
- C:\Windows\System\iRKTQon.exe
  C:\Windows\System\iRKTQon.exe
  2⤵
  PID:8660
- C:\Windows\System\EnMZvdK.exe
  C:\Windows\System\EnMZvdK.exe
  2⤵
  PID:8676
- C:\Windows\System\EToPvGY.exe
  C:\Windows\System\EToPvGY.exe
  2⤵
  PID:8692
- C:\Windows\System\DLMyEcB.exe
  C:\Windows\System\DLMyEcB.exe
  2⤵
  PID:8708
- C:\Windows\System\drClUPm.exe
  C:\Windows\System\drClUPm.exe
  2⤵
  PID:8724
- C:\Windows\System\ezQwdNO.exe
  C:\Windows\System\ezQwdNO.exe
  2⤵
  PID:8740
- C:\Windows\System\QehWVWl.exe
  C:\Windows\System\QehWVWl.exe
  2⤵
  PID:8756
- C:\Windows\System\aBRVcPv.exe
  C:\Windows\System\aBRVcPv.exe
  2⤵
  PID:8772
- C:\Windows\System\DFmMSOm.exe
  C:\Windows\System\DFmMSOm.exe
  2⤵
  PID:8788
- C:\Windows\System\uuwnUQo.exe
  C:\Windows\System\uuwnUQo.exe
  2⤵
  PID:8816
- C:\Windows\System\owNiaos.exe
  C:\Windows\System\owNiaos.exe
  2⤵
  PID:8832
- C:\Windows\System\mRQEkpJ.exe
  C:\Windows\System\mRQEkpJ.exe
  2⤵
  PID:8848
- C:\Windows\System\iLGhxxB.exe
  C:\Windows\System\iLGhxxB.exe
  2⤵
  PID:8864
- C:\Windows\System\fFcTiul.exe
  C:\Windows\System\fFcTiul.exe
  2⤵
  PID:8880
- C:\Windows\System\uYpiHZf.exe
  C:\Windows\System\uYpiHZf.exe
  2⤵
  PID:8896
- C:\Windows\System\wKoVrKA.exe
  C:\Windows\System\wKoVrKA.exe
  2⤵
  PID:8912
- C:\Windows\System\EVZguNg.exe
  C:\Windows\System\EVZguNg.exe
  2⤵
  PID:8928
- C:\Windows\System\hYwygUM.exe
  C:\Windows\System\hYwygUM.exe
  2⤵
  PID:8944
- C:\Windows\System\fpVKlSJ.exe
  C:\Windows\System\fpVKlSJ.exe
  2⤵
  PID:8960
- C:\Windows\System\jyPmijm.exe
  C:\Windows\System\jyPmijm.exe
  2⤵
  PID:8976
- C:\Windows\System\CCLWkMA.exe
  C:\Windows\System\CCLWkMA.exe
  2⤵
  PID:8992
- C:\Windows\System\OJeMgXe.exe
  C:\Windows\System\OJeMgXe.exe
  2⤵
  PID:9008
- C:\Windows\System\QyMEdpH.exe
  C:\Windows\System\QyMEdpH.exe
  2⤵
  PID:9024
- C:\Windows\System\pXSZEZn.exe
  C:\Windows\System\pXSZEZn.exe
  2⤵
  PID:9040
- C:\Windows\System\IYUpaEL.exe
  C:\Windows\System\IYUpaEL.exe
  2⤵
  PID:9056
- C:\Windows\System\QWezPxl.exe
  C:\Windows\System\QWezPxl.exe
  2⤵
  PID:9072
- C:\Windows\System\RKNxJyq.exe
  C:\Windows\System\RKNxJyq.exe
  2⤵
  PID:9088
- C:\Windows\System\WUgrePZ.exe
  C:\Windows\System\WUgrePZ.exe
  2⤵
  PID:9104
- C:\Windows\System\tQqdAiu.exe
  C:\Windows\System\tQqdAiu.exe
  2⤵
  PID:9120
- C:\Windows\System\PupTzrk.exe
  C:\Windows\System\PupTzrk.exe
  2⤵
  PID:9136
- C:\Windows\System\roJmYZp.exe
  C:\Windows\System\roJmYZp.exe
  2⤵
  PID:9152
- C:\Windows\System\nROCCqE.exe
  C:\Windows\System\nROCCqE.exe
  2⤵
  PID:9168
- C:\Windows\System\ggMRnoO.exe
  C:\Windows\System\ggMRnoO.exe
  2⤵
  PID:9184
- C:\Windows\System\GttDrSn.exe
  C:\Windows\System\GttDrSn.exe
  2⤵
  PID:9200
- C:\Windows\System\BEIaWFC.exe
  C:\Windows\System\BEIaWFC.exe
  2⤵
  PID:8120
- C:\Windows\System\GqzjmQA.exe
  C:\Windows\System\GqzjmQA.exe
  2⤵
  PID:6648
- C:\Windows\System\GGaPQGA.exe
  C:\Windows\System\GGaPQGA.exe
  2⤵
  PID:2432
- C:\Windows\System\YNYQdoz.exe
  C:\Windows\System\YNYQdoz.exe
  2⤵
  PID:2020
- C:\Windows\System\yqKQDrS.exe
  C:\Windows\System\yqKQDrS.exe
  2⤵
  PID:8024
- C:\Windows\System\GUINSUD.exe
  C:\Windows\System\GUINSUD.exe
  2⤵
  PID:7856
- C:\Windows\System\GGWZYUv.exe
  C:\Windows\System\GGWZYUv.exe
  2⤵
  PID:8228
- C:\Windows\System\YcVpoqL.exe
  C:\Windows\System\YcVpoqL.exe
  2⤵
  PID:8296
- C:\Windows\System\Qpxaajy.exe
  C:\Windows\System\Qpxaajy.exe
  2⤵
  PID:7572
- C:\Windows\System\WIahaKH.exe
  C:\Windows\System\WIahaKH.exe
  2⤵
  PID:340
- C:\Windows\System\EKcMqle.exe
  C:\Windows\System\EKcMqle.exe
  2⤵
  PID:2452
- C:\Windows\System\EAIdTcw.exe
  C:\Windows\System\EAIdTcw.exe
  2⤵
  PID:1152
- C:\Windows\System\wESvrEN.exe
  C:\Windows\System\wESvrEN.exe
  2⤵
  PID:7244
- C:\Windows\System\JIBABwC.exe
  C:\Windows\System\JIBABwC.exe
  2⤵
  PID:8244
- C:\Windows\System\eQgyuGD.exe
  C:\Windows\System\eQgyuGD.exe
  2⤵
  PID:8308
- C:\Windows\System\PPeucRj.exe
  C:\Windows\System\PPeucRj.exe
  2⤵
  PID:8328
- C:\Windows\System\PLDhQOF.exe
  C:\Windows\System\PLDhQOF.exe
  2⤵
  PID:8344
- C:\Windows\System\YsDvnyg.exe
  C:\Windows\System\YsDvnyg.exe
  2⤵
  PID:8360
- C:\Windows\System\gOumvLw.exe
  C:\Windows\System\gOumvLw.exe
  2⤵
  PID:2844
- C:\Windows\System\LCofPgD.exe
  C:\Windows\System\LCofPgD.exe
  2⤵
  PID:8400
- C:\Windows\System\AfZAPgD.exe
  C:\Windows\System\AfZAPgD.exe
  2⤵
  PID:8464
- C:\Windows\System\NPFzfPH.exe
  C:\Windows\System\NPFzfPH.exe
  2⤵
  PID:8528
- C:\Windows\System\sxWCnii.exe
  C:\Windows\System\sxWCnii.exe
  2⤵
  PID:8592
- C:\Windows\System\cEyDWZj.exe
  C:\Windows\System\cEyDWZj.exe
  2⤵
  PID:8656
- C:\Windows\System\YLHAOlG.exe
  C:\Windows\System\YLHAOlG.exe
  2⤵
  PID:8416
- C:\Windows\System\wUyHoGL.exe
  C:\Windows\System\wUyHoGL.exe
  2⤵
  PID:8480
- C:\Windows\System\PYIHDdF.exe
  C:\Windows\System\PYIHDdF.exe
  2⤵
  PID:8544
- C:\Windows\System\KcacHtZ.exe
  C:\Windows\System\KcacHtZ.exe
  2⤵
  PID:8608
- C:\Windows\System\FtBbFCN.exe
  C:\Windows\System\FtBbFCN.exe
  2⤵
  PID:2956
- C:\Windows\System\aBqHkLH.exe
  C:\Windows\System\aBqHkLH.exe
  2⤵
  PID:8796
- C:\Windows\System\nzEDZdO.exe
  C:\Windows\System\nzEDZdO.exe
  2⤵
  PID:8684
- C:\Windows\System\AUkRPni.exe
  C:\Windows\System\AUkRPni.exe
  2⤵
  PID:8780
- C:\Windows\System\sMiHavF.exe
  C:\Windows\System\sMiHavF.exe
  2⤵
  PID:8752
- C:\Windows\System\WIQpHSR.exe
  C:\Windows\System\WIQpHSR.exe
  2⤵
  PID:8812
- C:\Windows\System\pRwHAxd.exe
  C:\Windows\System\pRwHAxd.exe
  2⤵
  PID:8860
- C:\Windows\System\yrXzbyo.exe
  C:\Windows\System\yrXzbyo.exe
  2⤵
  PID:8924
- C:\Windows\System\NdoPiJy.exe
  C:\Windows\System\NdoPiJy.exe
  2⤵
  PID:8988
- C:\Windows\System\TrUBQYT.exe
  C:\Windows\System\TrUBQYT.exe
  2⤵
  PID:9052
- C:\Windows\System\cWvFcqb.exe
  C:\Windows\System\cWvFcqb.exe
  2⤵
  PID:9116
- C:\Windows\System\FCMpYxn.exe
  C:\Windows\System\FCMpYxn.exe
  2⤵
  PID:9180
- C:\Windows\System\HewRxqh.exe
  C:\Windows\System\HewRxqh.exe
  2⤵
  PID:9160
- C:\Windows\System\GGpSFfa.exe
  C:\Windows\System\GGpSFfa.exe
  2⤵
  PID:2692
- C:\Windows\System\CfnwSkj.exe
  C:\Windows\System\CfnwSkj.exe
  2⤵
  PID:8844
- C:\Windows\System\MUynZOk.exe
  C:\Windows\System\MUynZOk.exe
  2⤵
  PID:8936
- C:\Windows\System\scSAvRg.exe
  C:\Windows\System\scSAvRg.exe
  2⤵
  PID:8972
- C:\Windows\System\HyUongA.exe
  C:\Windows\System\HyUongA.exe
  2⤵
  PID:9036
- C:\Windows\System\wLLXpax.exe
  C:\Windows\System\wLLXpax.exe
  2⤵
  PID:9196
- C:\Windows\System\zsCowKh.exe
  C:\Windows\System\zsCowKh.exe
  2⤵
  PID:2980
- C:\Windows\System\LcWoOCU.exe
  C:\Windows\System\LcWoOCU.exe
  2⤵
  PID:8292
- C:\Windows\System\nXFAEOr.exe
  C:\Windows\System\nXFAEOr.exe
  2⤵
  PID:7652
- C:\Windows\System\Wntdcxe.exe
  C:\Windows\System\Wntdcxe.exe
  2⤵
  PID:7884
- C:\Windows\System\oLAtGeg.exe
  C:\Windows\System\oLAtGeg.exe
  2⤵
  PID:8336
- C:\Windows\System\biCZEYB.exe
  C:\Windows\System\biCZEYB.exe
  2⤵
  PID:2192
- C:\Windows\System\PSKtono.exe
  C:\Windows\System\PSKtono.exe
  2⤵
  PID:8396
- C:\Windows\System\DkPkKXV.exe
  C:\Windows\System\DkPkKXV.exe
  2⤵
  PID:8496
- C:\Windows\System\HciLyev.exe
  C:\Windows\System\HciLyev.exe
  2⤵
  PID:8372
- C:\Windows\System\EcTTWVK.exe
  C:\Windows\System\EcTTWVK.exe
  2⤵
  PID:8588
- C:\Windows\System\RuDBgeb.exe
  C:\Windows\System\RuDBgeb.exe
  2⤵
  PID:8240
- C:\Windows\System\opQVnkK.exe
  C:\Windows\System\opQVnkK.exe
  2⤵
  PID:8764
- C:\Windows\System\JqIzSws.exe
  C:\Windows\System\JqIzSws.exe
  2⤵
  PID:8412
- C:\Windows\System\wVtBNOV.exe
  C:\Windows\System\wVtBNOV.exe
  2⤵
  PID:8668
- C:\Windows\System\BzAqWrZ.exe
  C:\Windows\System\BzAqWrZ.exe
  2⤵
  PID:8720
- C:\Windows\System\qYBiefF.exe
  C:\Windows\System\qYBiefF.exe
  2⤵
  PID:8828
- C:\Windows\System\kzDedCS.exe
  C:\Windows\System\kzDedCS.exe
  2⤵
  PID:8920
- C:\Windows\System\ClGpmnR.exe
  C:\Windows\System\ClGpmnR.exe
  2⤵
  PID:9084
- C:\Windows\System\KIEtGwK.exe
  C:\Windows\System\KIEtGwK.exe
  2⤵
  PID:9096
- C:\Windows\System\lzXhknn.exe
  C:\Windows\System\lzXhknn.exe
  2⤵
  PID:9192
- C:\Windows\System\bvqISXA.exe
  C:\Windows\System\bvqISXA.exe
  2⤵
  PID:9212
- C:\Windows\System\eQsiJaH.exe
  C:\Windows\System\eQsiJaH.exe
  2⤵
  PID:7372
- C:\Windows\System\DboHYid.exe
  C:\Windows\System\DboHYid.exe
  2⤵
  PID:8060
- C:\Windows\System\izksvsZ.exe
  C:\Windows\System\izksvsZ.exe
  2⤵
  PID:2892
- C:\Windows\System\zHUtAEn.exe
  C:\Windows\System\zHUtAEn.exe
  2⤵
  PID:8560
- C:\Windows\System\lhuaYdy.exe
  C:\Windows\System\lhuaYdy.exe
  2⤵
  PID:8076
- C:\Windows\System\FrTBrYZ.exe
  C:\Windows\System\FrTBrYZ.exe
  2⤵
  PID:8624
- C:\Windows\System\kefRhrz.exe
  C:\Windows\System\kefRhrz.exe
  2⤵
  PID:8768
- C:\Windows\System\pDiLHtl.exe
  C:\Windows\System\pDiLHtl.exe
  2⤵
  PID:8892
- C:\Windows\System\vMUIkSt.exe
  C:\Windows\System\vMUIkSt.exe
  2⤵
  PID:9128
- C:\Windows\System\mqsrQFu.exe
  C:\Windows\System\mqsrQFu.exe
  2⤵
  PID:8688
- C:\Windows\System\JIReZqU.exe
  C:\Windows\System\JIReZqU.exe
  2⤵
  PID:8128
- C:\Windows\System\OMuMiZy.exe
  C:\Windows\System\OMuMiZy.exe
  2⤵
  PID:8640
- C:\Windows\System\LahGGLC.exe
  C:\Windows\System\LahGGLC.exe
  2⤵
  PID:7132
- C:\Windows\System\ZeFkrer.exe
  C:\Windows\System\ZeFkrer.exe
  2⤵
  PID:8352
- C:\Windows\System\IVYquwS.exe
  C:\Windows\System\IVYquwS.exe
  2⤵
  PID:9112
- C:\Windows\System\LqYbhlZ.exe
  C:\Windows\System\LqYbhlZ.exe
  2⤵
  PID:8312
- C:\Windows\System\CyjeqvF.exe
  C:\Windows\System\CyjeqvF.exe
  2⤵
  PID:9220
- C:\Windows\System\zzqxwGx.exe
  C:\Windows\System\zzqxwGx.exe
  2⤵
  PID:9236
- C:\Windows\System\gxnfkHG.exe
  C:\Windows\System\gxnfkHG.exe
  2⤵
  PID:9252
- C:\Windows\System\OJKkFpt.exe
  C:\Windows\System\OJKkFpt.exe
  2⤵
  PID:9268
- C:\Windows\System\FuduiWF.exe
  C:\Windows\System\FuduiWF.exe
  2⤵
  PID:9284
- C:\Windows\System\JwhzSBl.exe
  C:\Windows\System\JwhzSBl.exe
  2⤵
  PID:9300
- C:\Windows\System\wuCWcoQ.exe
  C:\Windows\System\wuCWcoQ.exe
  2⤵
  PID:9316
- C:\Windows\System\jQiKbAK.exe
  C:\Windows\System\jQiKbAK.exe
  2⤵
  PID:9332
- C:\Windows\System\AweoxWU.exe
  C:\Windows\System\AweoxWU.exe
  2⤵
  PID:9348
- C:\Windows\System\qgObDCA.exe
  C:\Windows\System\qgObDCA.exe
  2⤵
  PID:9364
- C:\Windows\System\vxwQrzM.exe
  C:\Windows\System\vxwQrzM.exe
  2⤵
  PID:9380
- C:\Windows\System\KOAgfBg.exe
  C:\Windows\System\KOAgfBg.exe
  2⤵
  PID:9396
- C:\Windows\System\hsJQbih.exe
  C:\Windows\System\hsJQbih.exe
  2⤵
  PID:9412
- C:\Windows\System\Tbqndlm.exe
  C:\Windows\System\Tbqndlm.exe
  2⤵
  PID:9428
- C:\Windows\System\XRZjMGh.exe
  C:\Windows\System\XRZjMGh.exe
  2⤵
  PID:9444
- C:\Windows\System\XKIfzca.exe
  C:\Windows\System\XKIfzca.exe
  2⤵
  PID:9460
- C:\Windows\System\dGqnzro.exe
  C:\Windows\System\dGqnzro.exe
  2⤵
  PID:9476
- C:\Windows\System\cqQJuDH.exe
  C:\Windows\System\cqQJuDH.exe
  2⤵
  PID:9492
- C:\Windows\System\oDVSAHC.exe
  C:\Windows\System\oDVSAHC.exe
  2⤵
  PID:9508
- C:\Windows\System\eovXUqP.exe
  C:\Windows\System\eovXUqP.exe
  2⤵
  PID:9524
- C:\Windows\System\OgbBFiJ.exe
  C:\Windows\System\OgbBFiJ.exe
  2⤵
  PID:9540
- C:\Windows\System\BoaiaBo.exe
  C:\Windows\System\BoaiaBo.exe
  2⤵
  PID:9556
- C:\Windows\System\nMbBbYS.exe
  C:\Windows\System\nMbBbYS.exe
  2⤵
  PID:9572
- C:\Windows\System\lnNgSbD.exe
  C:\Windows\System\lnNgSbD.exe
  2⤵
  PID:9588
- C:\Windows\System\odlkHAu.exe
  C:\Windows\System\odlkHAu.exe
  2⤵
  PID:9604
- C:\Windows\System\PSFTMAr.exe
  C:\Windows\System\PSFTMAr.exe
  2⤵
  PID:9620
- C:\Windows\System\UcHHuBW.exe
  C:\Windows\System\UcHHuBW.exe
  2⤵
  PID:9636
- C:\Windows\System\SqvWzkn.exe
  C:\Windows\System\SqvWzkn.exe
  2⤵
  PID:9652
- C:\Windows\System\HcUXJES.exe
  C:\Windows\System\HcUXJES.exe
  2⤵
  PID:9668
- C:\Windows\System\xNVsLIw.exe
  C:\Windows\System\xNVsLIw.exe
  2⤵
  PID:9684
- C:\Windows\System\xlrHTRB.exe
  C:\Windows\System\xlrHTRB.exe
  2⤵
  PID:9700
- C:\Windows\System\bxOKHea.exe
  C:\Windows\System\bxOKHea.exe
  2⤵
  PID:9716
- C:\Windows\System\tTDECbI.exe
  C:\Windows\System\tTDECbI.exe
  2⤵
  PID:9732
- C:\Windows\System\hqoGprn.exe
  C:\Windows\System\hqoGprn.exe
  2⤵
  PID:9748
- C:\Windows\System\XQwPPUz.exe
  C:\Windows\System\XQwPPUz.exe
  2⤵
  PID:9764
- C:\Windows\System\tACeuiq.exe
  C:\Windows\System\tACeuiq.exe
  2⤵
  PID:9780
- C:\Windows\System\rZzudRU.exe
  C:\Windows\System\rZzudRU.exe
  2⤵
  PID:9796
- C:\Windows\System\iszRGRa.exe
  C:\Windows\System\iszRGRa.exe
  2⤵
  PID:9812
- C:\Windows\System\pMoOqtr.exe
  C:\Windows\System\pMoOqtr.exe
  2⤵
  PID:9828
- C:\Windows\System\KdwIjLK.exe
  C:\Windows\System\KdwIjLK.exe
  2⤵
  PID:9848
- C:\Windows\System\kgUpbYu.exe
  C:\Windows\System\kgUpbYu.exe
  2⤵
  PID:9864
- C:\Windows\System\SFvONhl.exe
  C:\Windows\System\SFvONhl.exe
  2⤵
  PID:9880
- C:\Windows\System\ILHjokW.exe
  C:\Windows\System\ILHjokW.exe
  2⤵
  PID:9896
- C:\Windows\System\POwMDya.exe
  C:\Windows\System\POwMDya.exe
  2⤵
  PID:9912
- C:\Windows\System\aFuINnD.exe
  C:\Windows\System\aFuINnD.exe
  2⤵
  PID:9928
- C:\Windows\System\cotWvQW.exe
  C:\Windows\System\cotWvQW.exe
  2⤵
  PID:9944
- C:\Windows\System\nyQvslU.exe
  C:\Windows\System\nyQvslU.exe
  2⤵
  PID:9960
- C:\Windows\System\CJBUdgh.exe
  C:\Windows\System\CJBUdgh.exe
  2⤵
  PID:9988
- C:\Windows\System\cfWjeMq.exe
  C:\Windows\System\cfWjeMq.exe
  2⤵
  PID:10012
- C:\Windows\System\QhhiLZb.exe
  C:\Windows\System\QhhiLZb.exe
  2⤵
  PID:10028
- C:\Windows\System\fUuocLy.exe
  C:\Windows\System\fUuocLy.exe
  2⤵
  PID:10044
- C:\Windows\System\zAjfgdn.exe
  C:\Windows\System\zAjfgdn.exe
  2⤵
  PID:10060
- C:\Windows\System\eNsqowm.exe
  C:\Windows\System\eNsqowm.exe
  2⤵
  PID:10076
- C:\Windows\System\WJCnRGP.exe
  C:\Windows\System\WJCnRGP.exe
  2⤵
  PID:10092
- C:\Windows\System\HYlmkow.exe
  C:\Windows\System\HYlmkow.exe
  2⤵
  PID:10108
- C:\Windows\System\yayumIe.exe
  C:\Windows\System\yayumIe.exe
  2⤵
  PID:10124
- C:\Windows\System\gfZbefC.exe
  C:\Windows\System\gfZbefC.exe
  2⤵
  PID:10144
- C:\Windows\System\ojbrZAw.exe
  C:\Windows\System\ojbrZAw.exe
  2⤵
  PID:10172
- C:\Windows\System\rgwmxvp.exe
  C:\Windows\System\rgwmxvp.exe
  2⤵
  PID:10188
- C:\Windows\System\nPdFAZH.exe
  C:\Windows\System\nPdFAZH.exe
  2⤵
  PID:10228
- C:\Windows\System\DFYIqiJ.exe
  C:\Windows\System\DFYIqiJ.exe
  2⤵
  PID:9032
- C:\Windows\System\wFnogGT.exe
  C:\Windows\System\wFnogGT.exe
  2⤵
  PID:8448
- C:\Windows\System\auZdyQm.exe
  C:\Windows\System\auZdyQm.exe
  2⤵
  PID:8800
- C:\Windows\System\UlORsNP.exe
  C:\Windows\System\UlORsNP.exe
  2⤵
  PID:2380
- C:\Windows\System\zePzsmR.exe
  C:\Windows\System\zePzsmR.exe
  2⤵
  PID:9248
- C:\Windows\System\RqkAnXi.exe
  C:\Windows\System\RqkAnXi.exe
  2⤵
  PID:9292
- C:\Windows\System\wBQNHJs.exe
  C:\Windows\System\wBQNHJs.exe
  2⤵
  PID:9324
- C:\Windows\System\TgpckRJ.exe
  C:\Windows\System\TgpckRJ.exe
  2⤵
  PID:9308
- C:\Windows\System\aqHmwGP.exe
  C:\Windows\System\aqHmwGP.exe
  2⤵
  PID:9376
- C:\Windows\System\tiwAorJ.exe
  C:\Windows\System\tiwAorJ.exe
  2⤵
  PID:9420
- C:\Windows\System\yyEDRnX.exe
  C:\Windows\System\yyEDRnX.exe
  2⤵
  PID:9484
- C:\Windows\System\BLDGJnu.exe
  C:\Windows\System\BLDGJnu.exe
  2⤵
  PID:9404
- C:\Windows\System\lYTUoJn.exe
  C:\Windows\System\lYTUoJn.exe
  2⤵
  PID:9536
- C:\Windows\System\BAQjIQL.exe
  C:\Windows\System\BAQjIQL.exe
  2⤵
  PID:9472
- C:\Windows\System\LuQBIfB.exe
  C:\Windows\System\LuQBIfB.exe
  2⤵
  PID:9564
- C:\Windows\System\SzTBDPe.exe
  C:\Windows\System\SzTBDPe.exe
  2⤵
  PID:9600
- C:\Windows\System\KwJGDKl.exe
  C:\Windows\System\KwJGDKl.exe
  2⤵
  PID:9664
- C:\Windows\System\qIcjsmh.exe
  C:\Windows\System\qIcjsmh.exe
  2⤵
  PID:9728
- C:\Windows\System\ciFJZLq.exe
  C:\Windows\System\ciFJZLq.exe
  2⤵
  PID:9612
- C:\Windows\System\AaOLlAy.exe
  C:\Windows\System\AaOLlAy.exe
  2⤵
  PID:9836
- C:\Windows\System\yEwlRFv.exe
  C:\Windows\System\yEwlRFv.exe
  2⤵
  PID:9680
- C:\Windows\System\Boymqbx.exe
  C:\Windows\System\Boymqbx.exe
  2⤵
  PID:9840
- C:\Windows\System\RwHIXzd.exe
  C:\Windows\System\RwHIXzd.exe
  2⤵
  PID:9628
- C:\Windows\System\WrleVHM.exe
  C:\Windows\System\WrleVHM.exe
  2⤵
  PID:9856
- C:\Windows\System\NRQaAwU.exe
  C:\Windows\System\NRQaAwU.exe
  2⤵
  PID:9876
- C:\Windows\System\dAVyPGD.exe
  C:\Windows\System\dAVyPGD.exe
  2⤵
  PID:8460
- C:\Windows\System\znXNIWq.exe
  C:\Windows\System\znXNIWq.exe
  2⤵
  PID:9936
- C:\Windows\System\OGNaaSN.exe
  C:\Windows\System\OGNaaSN.exe
  2⤵
  PID:9952
- C:\Windows\System\TFkPfne.exe
  C:\Windows\System\TFkPfne.exe
  2⤵
  PID:9844
- C:\Windows\System\KZHrUuZ.exe
  C:\Windows\System\KZHrUuZ.exe
  2⤵
  PID:10024
- C:\Windows\System\dGkfpZK.exe
  C:\Windows\System\dGkfpZK.exe
  2⤵
  PID:10056
- C:\Windows\System\omUSbBS.exe
  C:\Windows\System\omUSbBS.exe
  2⤵
  PID:10084
- C:\Windows\System\rrUPGEP.exe
  C:\Windows\System\rrUPGEP.exe
  2⤵
  PID:10132
- C:\Windows\System\KVZPlZP.exe
  C:\Windows\System\KVZPlZP.exe
  2⤵
  PID:10152
- C:\Windows\System\OZgzjBe.exe
  C:\Windows\System\OZgzjBe.exe
  2⤵
  PID:10184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AJrMCNC.exe

Filesize
6.0MB

MD5
9e6b78e5db0a04dbade3ef47dddbe142

SHA1
bc56b8a073493a8a92b72a915025f0b83fd843b1

SHA256
9898ddc3f680da105a54c8dd74c06896d012e2130122f99c776e200d3e79bdc6

SHA512
00c3bab922bb250f9f0d91abdb22a881acb34ac6f9662704c0f9c0223803ec1cdcd022b638ff82266782aaf9b9975c10f2b6764b1608b1efaa5931bb280a2c9e

Download Submit
C:\Windows\system\AsqUsth.exe

Filesize
6.0MB

MD5
942689ddbfb81358dbd286e3d1b7bd86

SHA1
965671791f58da88a316d0c9e0d513863b33b9e0

SHA256
774c3a9f6688c9f4691267d475847438adeeafd7092e573383e425facffd4e3b

SHA512
c66fc385080b3e7dd39a6fcc322b4bf32397ddb9d59b7aa7ec740c6de6ece9f227ddc4d9eb646b2513e4eaaeb499039d2c79722500f332e84a55e67c74204368

Download Submit
C:\Windows\system\ERRPqeS.exe

Filesize
6.0MB

MD5
75730cc8d161f232f97f3cd2fcc49a83

SHA1
1d52351c4a1b78daf07e8bd4c850ab8d9f9ea58e

SHA256
a5773c2b038965098fd54760e43d455099baaa54026e7eb55a829001bb931ef2

SHA512
7b26407053d0493c4f9607d248dda8ffef20ef4574b3293bdfdf0010b849d93f46c03bb8a03d9ccbb387ce6d11813a2e27b5a9e97398895e229799b1e36e263e

Download Submit
C:\Windows\system\EuIHZkj.exe

Filesize
6.0MB

MD5
0045e7abb5d83134eabfd278906189ae

SHA1
119dc986864432e473a3cd8e3972e04e983f4992

SHA256
5eb6b1550b4806d402a331a2536b6757b10444d1094489a309ad19315e7f6837

SHA512
0ac9553e85db21c7de127ffa0cdd3977c39baaec070491aa41acf6950805d03ee0f20bd43be5dadf6d6153c0d3f98305d6fbc6bfeb4a8befba99c1362886aafd

Download Submit
C:\Windows\system\FhZbcky.exe

Filesize
6.0MB

MD5
b5eb6be5399fa10f981017f471b919b2

SHA1
33cf96254b1a35aa6be85b3e5efb1b5c435ed11f

SHA256
a3329302fc01bf44fc890a58c40aea1fde709c7a361932051cf4df77d1f607ff

SHA512
192fcdab905739bbd1d25e09891236410372e445c2d0e7780dffa64583a72c83609bb808ae3f42fccd871c5f66caf516720da64e7ecd67be48ad8caa454bfe06

Download Submit
C:\Windows\system\HQyhVKR.exe

Filesize
6.0MB

MD5
94c3deddfeb5fce304366294d644a90e

SHA1
70beec17412084060ae4c386106cc787c5595b08

SHA256
ed1a3ca5e16b4220024acb1fab2a8cdbe9515fadc52a88e145f25f9c38297890

SHA512
715a80e58de59590a5440f93d87eba9313a788023aa88f2dd4ff5313df50eed0cad8cf527c7afbafde735bef5958789c21ddd23a5cafd57874d8d098a52a5f91

Download Submit
C:\Windows\system\NrUpMax.exe

Filesize
6.0MB

MD5
4b134646f940d27ab2429e236823e708

SHA1
7aed884c04a42ff646efc54a8c286088cbcc73ec

SHA256
0edc0fb55d40e4b4ca7533523e1864e22ede170f88e8aef80f018911247f1f31

SHA512
9f582f02b61acd1e01f75a02d4abea688ab0d7918a13e721a80ff7a94983ff44482b520286f62d23d33912a92321d56135b42710f454ebf682fa82ac7118c572

Download Submit
C:\Windows\system\Nswevzg.exe

Filesize
6.0MB

MD5
62dd24a5b9c15f076104e04363aba691

SHA1
2fb8f8c4b4aa4a400fab7e468e9c7bd699c4f7be

SHA256
202d988ef503340846f6edc3cf52b3e4ebc9b0c3cc768058763a2e858e1d0279

SHA512
b9fbdf37c9cc7716109d93540c5c7f33535097788facbc57b0c38703379bf8f3db3cee600cc2b79563e1fdf1a53ec82992e94628457b8ec9878d5bffb5d2925d

Download Submit
C:\Windows\system\OjvugpZ.exe

Filesize
6.0MB

MD5
02f8c142833e594e513109599ef4b976

SHA1
540ead56c7e52881e36dbfe38d8a9f9bed7ddc04

SHA256
4f581b4257864af9abbbe2d1fa0f6a5112d7c90ceede0c3719fda778e5bae139

SHA512
75cf47f30a89c4a6d91268ea03f6caa9cbc50eda7c0b6accf6a2d8efaae5e8a0f846398d4995196a14e2a9d6dfb50ef9ff7aefdff39f2583e3af3fe841813c82

Download Submit
C:\Windows\system\SYYvkSm.exe

Filesize
6.0MB

MD5
2fdbda1197ecf7ca8a62c28ae9ff4c81

SHA1
a69039a0214747b5de956d15367e72fa2c2b8130

SHA256
28ab25678b456ab6763d873497d7f478f94604f324fead374c2d61e7ea3935c8

SHA512
31cbe3941058cc33d29f64cddb4cc07b110e166271ca6ea886970bdc6f6edb44f8db7e9d423ccfa2067c87078538623fd1148ec6cb260154ed75bcf4669f98ba

Download Submit
C:\Windows\system\VnznVFA.exe

Filesize
6.0MB

MD5
587f283fc40b5b928607dc14cf10fcde

SHA1
197a654e0b73f7b3eaa4d97f9fb40bdfe09eb19e

SHA256
fd14f9a3c81a220de803468d76f38722c110faa634106a69e5102a9182d10ee8

SHA512
074976789bf71b697821c1fdb08a1bc711a005616c37e2d677417a01086282e033d55cd1ebb6bc52b7f12c467ee4016937071ebfc1625ea89e8e146417465c54

Download Submit
C:\Windows\system\ZFDAdXl.exe

Filesize
6.0MB

MD5
149d0dc442f70d778d627023bacf5558

SHA1
cc1dfa1ac1ef578489f47a3761d86f87196639a1

SHA256
88ca2768163deef7ff68aaed75d3bc9884a90d1464b16742d5ca53cd277d282c

SHA512
3fa8eb0d194fb947e583cd37853e0f7dc8cad211a3d30304a7ecb7a176d7af10bc84048ee7ac5bc1dc072ac89e7940a1be1574d37bb8565a89fb76d2e29f82f0

Download Submit
C:\Windows\system\aKKfQyc.exe

Filesize
6.0MB

MD5
8b1db4087f3b245415cfad1d2410ba1a

SHA1
8906ed137b010056edb85e67d8dc9c43cf062bcd

SHA256
64b301f5dea041d2f446920899bd53908bbacfed5222a390dd41e1b4dfe3cf70

SHA512
6816f548d9e1351c8db3c10ea71083864ee5339f4c3f68ee86ac6daa20d9a1338d5a88fc867ad1e804cdfd34099b2f63158c48950d52ec21b87370e12c0ea31e

Download Submit
C:\Windows\system\bLhyJde.exe

Filesize
6.0MB

MD5
f922ab901aa95ad8ca057715b924a1d4

SHA1
e124ccf965eb48c60a9cbe18490cc91bfe643f55

SHA256
2f166f1893268aa6c9009d9b7c7ef98e32285c74722afb97bf2881f8f9431a38

SHA512
0d378132c97eeda62f95976ea4135e9f685731ca196071e019ae431913e4ed49c595309885c28a085b64f988a999d7aa75a9371953883f63ce8ae36b1b03b4fd

Download Submit
C:\Windows\system\cZCwjiC.exe

Filesize
6.0MB

MD5
42a05029a7c3433c0aa14541fc2b150d

SHA1
59016e4973d25b6f299ba9a8faad291898def8c8

SHA256
6788c499c99bc1e46eec8c1341df9453a444aa009ff3591c5e14ccd264e2d2b2

SHA512
76cecbd96cd54180c4c35ac30b669095d8c658ca3d38ad535a02e522598bccbd565b97d683007801775d3ef5dbc80213c469ee7fa409d6521d465cdc2d36d0c6

Download Submit
C:\Windows\system\jIiyQyt.exe

Filesize
6.0MB

MD5
646b7768ca73d855e260a1e6117759d1

SHA1
27e05151311cbb6cae5c099ce9934e1501550783

SHA256
22dff3ac83f444a32cfc98e9734afa83c97579463e31ea3a02211ac47c620b7d

SHA512
73009f63dd3ef924f73d1ed4fb2d47d2172077c87f723ffc3357eb0de4bce7dccef71fd48872140c4610028d12913b8ab5b56a6f8a5c9a0f8121fc3956c4a422

Download Submit
C:\Windows\system\oznDvrj.exe

Filesize
6.0MB

MD5
23f0bb6774657cd93f3ddf35094ed5dc

SHA1
423e4da05f12618ecae69f46559130c7427ca1c2

SHA256
afc3e0b1aad03225a25919e92d686767be7c1dd186342559437cc6df2037d971

SHA512
47c96d0c06e41910112c8192bd30719d44591472f3a5fd7d93dfb2bd1e7cc9127162e204dcca7a4a25956898b960df24d6a29eade21ba06cc820dc3b5e607c9a

Download Submit
C:\Windows\system\rVKOLca.exe

Filesize
6.0MB

MD5
f31822220677e9a5b76b0848fb3c5c82

SHA1
0082c7f59f881162991e5c1c379ff981f8e126ed

SHA256
e7adc83422f2b8d94c0937285dd7075df452dca7cf71741d75d0430c059ef97a

SHA512
a1ddfa8299b9f176b1603991b47dcb8d3d7211f7355b565da4f77780d616e073ef3199f39f94020f1ab08c5de3db2138865537a34f78e0d52aa89cf5fadf44e1

Download Submit
C:\Windows\system\uEFfKxZ.exe

Filesize
6.0MB

MD5
734afaf5cfc42e6403c61149284ca74d

SHA1
d450dc4a79bde41ecfbab967d45f8bb77e091bad

SHA256
3603576202eab20507bb9aa651b6d69e997aaca075577989ff31adc68cb5396d

SHA512
077fa1a4db646ca536de32f0611ac32d4600dc26bc85612ea9e733ed59ec8698dd2e029adc2d452cde614490b34279584796bf0722f12506a91f74736c7f79f7

Download Submit
C:\Windows\system\vPZLgrt.exe

Filesize
6.0MB

MD5
00c370e1c89e6b586f4f1f356934d7cf

SHA1
6fe409401d21044082a41b3a3afea550322988fb

SHA256
b37dfd836fd6fbee76325507dd0b956da79d764c4f06bee356e78366e9547481

SHA512
e967ea95f1c0287965119a43235bc50fd222958f4e02b9ae673e2eb3d05c2c3e99df094c5a9532711ea894b62263898e02315674022067ae32e7b391d32e54e2

Download Submit
C:\Windows\system\vapGfwj.exe

Filesize
6.0MB

MD5
23dfd1637af1e41513214c5618852ba3

SHA1
42f0457cf39edb1255cbf516775e62cf4f776035

SHA256
4fcabf66cff0f257d5e59e151faa580bc4684beeffc7ad5e424fb45b13e997c6

SHA512
f94ee4c079404a623e7e4bac8623382f1def25b12d14fc0c29bae91f715e5534ca478071e0210f13df702c7528a5a4ea850a979aec334ab53ba341613a145213

Download Submit
C:\Windows\system\vtVSRJC.exe

Filesize
6.0MB

MD5
9a55fcd6f7adfa85722830b87ac72683

SHA1
0148c38f0dd93fbff92dd10d542abf2fcf354447

SHA256
859bae6d23c4d2db4125e0c92eb1a367dc47267565b068164483d4d6ae54dd3b

SHA512
e9e5d7d580346e9492d9ba5ac65be10fd2b2ed73278067ebc03da1643247e3c92471a3dedfbefbf363c86d63e21a6d0deaf68b66715d423d19ae22f1ae5499ea

Download Submit
C:\Windows\system\xyoWtKs.exe

Filesize
6.0MB

MD5
20e8cf8c0850ad99a4b8dd299b48c35a

SHA1
1a0567ccb492f94034da4aa62b975523ab606c1e

SHA256
ffb69a9ffbdf45bc98cf4122552274b425ff9561bd91d8818ac1d160e4c86bc1

SHA512
16e95b07a8ae6e7ca12ba439973769db9a13377bd72a3c9ccc476d54121dc010b7cfd13b7c75085078c4e3611b1149eb702c4a19d38f105b6823afa228a212c2

Download Submit
\Windows\system\BYtXfUq.exe

Filesize
6.0MB

MD5
6f96982cc8cc1b053a436af32b324b1d

SHA1
ee0c9845f1b3abadb61faef1d2ac3b2e52b2456a

SHA256
9c28dd02048ffa2ca4459e981213727d9e3a6115a05eea448e5463ae458d2ba3

SHA512
45911664450a17e057afb3213930fea7ce732f81ce41bcde1d00840b153a1593c75200c1936de127a5335b2dd0619bd6413942d548068c4c708d8d85e7da5ccc

Download Submit
\Windows\system\HrsaNyx.exe

Filesize
6.0MB

MD5
9ef6f7e21646c1723bfef3f906bda155

SHA1
a08989da004a3bae48ab9936b89f6aaace6cee3d

SHA256
c68140edbec86cb962cffea0400e0a2e30e0e63be857fb5c947b2c36809fe0c0

SHA512
1ff0868ce5f66d7d29a594756a3d1635fff31d5a64a1bd4385f343bce8a6d7e5bd3212dd454d4b1126a24f7e204d881683cd660af8aa966f4d6b33c6651c1d13

Download Submit
\Windows\system\LvkCDDs.exe

Filesize
6.0MB

MD5
dd87bdd0f6e6eac83bdfcb98d531f640

SHA1
ad84b473dd96ea4ef82e0b4796dba75abf054c6c

SHA256
d6ca211cf040f3ab63d71b3b4a3e1107feda1c4635954004be987b35b6d24af0

SHA512
c0425918ae2a18856c225b1b753845f99395bd6f6b69ad5d1e36efec5ce3abd124fe7622617d113b5a405e01a081812bcd956cbf725b525c88ad2384876061d7

Download Submit
\Windows\system\NsMNGuh.exe

Filesize
6.0MB

MD5
16de587f6236a1c5941abfb8e7180bf1

SHA1
449961e99f896e54b8f8aadbce2216943ce46301

SHA256
fd8fef8c0bb76e8def1a8970eb09ec9b49d9ed1c7120a484b89cc47555d13d29

SHA512
3b83c26056b7b22db12190f780a61aa9c83ed6d306d3437e89e926471346ba8aab6fc55fdbbf6eb691881dd38d2354e00712b8c20a88ecad1b0de8afb349c6b0

Download Submit
\Windows\system\TjQoPHX.exe

Filesize
6.0MB

MD5
d0d8db5e70f8ed524f03568458a5606c

SHA1
fe53ccdb7a4079d3d4702eec251c0d69223d90bf

SHA256
25ee4a3b705603bd77f0242815d0acfe000e2fc3231b51d237ee3002ac7cb4a0

SHA512
ff66036ee3123b6031ca5298ef62e835c0f8fe17652f41121431f6129d35e092ec990cc8c0dca927050fe7c0374496ed7da8c5d1bfdebec81070f84d690ccddb

Download Submit
\Windows\system\VXIgUJD.exe

Filesize
6.0MB

MD5
d25aa0f434d8be1d2512be2179d28b9f

SHA1
a57857d86dd3adf4e71cb8acc64febc4d4283385

SHA256
7f2214de67602dbf2e3bddfa45c7267b067f0e140fbc58bf165547b046f6ffd5

SHA512
1ec930a9f74800360caf07c3f51fa6205c671b85dd06ef584d1226c13225b514bf7604916769ca695ea66f9a883c7a04ded27889be556613fe82c61eb10885c5

Download Submit
\Windows\system\uFoHARr.exe

Filesize
6.0MB

MD5
e99a1008151b4280fe1f8ec6e3a99419

SHA1
2ed2db2b5f1ff34733f9083cbcaf97721717ac5f

SHA256
138b2d3fe27ebae3979c1a5f9ef1a50227a078ba78639ad89690e3532a04dc88

SHA512
73378121d523a8e964afbe1ddcecfd063c3e0098b8540647ef594f7c89ed9ac2c49b8029cdb88f3a234f93378cc735b40fe05e4162453df0889920b448c6dc2f

Download Submit
\Windows\system\zFZXJNV.exe

Filesize
6.0MB

MD5
eef6a4ac94042fd0d7ebab481c375706

SHA1
12a24583e6ae79985e466480503376776efe7653

SHA256
e177267ab12d6328a1e247027d95cd098bd26be05bafb29a7f0775294faf955c

SHA512
764ee1d5233a0f7e3663836472a4765a8a72ce72f0b26589b21294aa6fac1cb8c645cdf2c98a6746a205e753e82ee87dc294eabcbc3b8414aac49003da134e58

Download Submit
\Windows\system\zabpNFk.exe

Filesize
6.0MB

MD5
4d84ef7d35b05d1cebcec107dbee954b

SHA1
74ee21b829325660dab3958dd1f2af494a6083c7

SHA256
894769f2fd1944fb7b9b3c9a1672ac166f6dd37b5595614f155d68a064fe544e

SHA512
034ed9bb29b48d39a7d9e29dee33f77ece5cb5862a4957c7f7a3b80451337cea85f63ddcefb3e1596ff1938d2f9ca43433bfa1b3fc1010fa10123754d01b3610

Download Submit
memory/776-91-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/776-3867-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/1364-1104-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/1364-99-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/1364-3869-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/1792-95-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/1792-3866-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2052-90-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2052-3868-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2056-348-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-42-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-4230-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-85-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-86-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2228-21-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2228-94-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2228-14-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-40-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2228-0-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2228-44-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-475-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-102-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2228-32-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-34-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-59-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2228-551-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2228-48-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-74-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-659-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-92-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-772-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-773-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2228-89-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2228-88-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2228-898-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-1222-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2228-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2424-3885-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2424-97-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2424-1017-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2476-3865-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2476-64-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2476-552-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2524-3864-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-49-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-550-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-35-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-101-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2544-234-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2544-3988-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2544-38-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2552-15-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2552-3902-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3862-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2696-22-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/3012-12-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/3012-3863-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download