cobaltstrike | fdc5cbda91d48513219bbe83115006ea361d9dd915cc958cec81d3f1fd151b8c

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-01-2025 17:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

faafdbc4278232097c3af77497daa349
SHA1

721431599f50ca14bfe271f6a30c992a67615936
SHA256

fdc5cbda91d48513219bbe83115006ea361d9dd915cc958cec81d3f1fd151b8c
SHA512

156876354b11692cbb6b929816e480a5a6dd6acae40dad0efdd36d1807a823d5913c4220129dd04e43c34dfe408275cfd65d856b46f1e09f21efa11292dd2aea
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUE:T+q56utgpPF8u/7E

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001739a-13.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173aa-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017403-36.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d9-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001942f-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019620-194.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-185.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e4-179.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d8-170.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019539-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001947e-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019403-149.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193df-139.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019401-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-129.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c4-124.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193be-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019389-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-109.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019277-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-92.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019271-86.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-78.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924c-70.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001748f-63.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017409-48.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001747b-56.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173fb-34.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016f9c-16.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1960-0-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/memory/2212-7-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/files/0x000800000001739a-13.dat	xmrig
behavioral1/files/0x00080000000173aa-23.dat	xmrig
behavioral1/memory/2004-24-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x0007000000017403-36.dat	xmrig
behavioral1/memory/2232-41-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2212-52-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/2812-58-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2308-64-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2092-72-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2872-80-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2308-102-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/files/0x00050000000193d9-134.dat	xmrig
behavioral1/files/0x000500000001942f-154.dat	xmrig
behavioral1/files/0x000500000001961f-189.dat	xmrig
behavioral1/memory/2092-213-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2872-323-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/1708-363-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2604-365-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/1960-366-0x0000000002270000-0x00000000025C4000-memory.dmp	xmrig
behavioral1/memory/3052-367-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/1960-368-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019620-194.dat	xmrig
behavioral1/files/0x000500000001961b-185.dat	xmrig
behavioral1/files/0x00050000000195e4-179.dat	xmrig
behavioral1/files/0x00050000000194d8-170.dat	xmrig
behavioral1/files/0x0005000000019539-174.dat	xmrig
behavioral1/files/0x0005000000019441-160.dat	xmrig
behavioral1/files/0x000500000001947e-164.dat	xmrig
behavioral1/files/0x0005000000019403-149.dat	xmrig
behavioral1/files/0x00050000000193df-139.dat	xmrig
behavioral1/files/0x0005000000019401-145.dat	xmrig
behavioral1/files/0x00050000000193cc-129.dat	xmrig
behavioral1/files/0x00050000000193c4-124.dat	xmrig
behavioral1/files/0x00050000000193be-119.dat	xmrig
behavioral1/files/0x0005000000019389-114.dat	xmrig
behavioral1/files/0x0005000000019382-109.dat	xmrig
behavioral1/memory/1960-107-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/1960-106-0x0000000002270000-0x00000000025C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019277-101.dat	xmrig
behavioral1/memory/1960-99-0x0000000002270000-0x00000000025C4000-memory.dmp	xmrig
behavioral1/memory/1960-98-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2604-94-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2812-93-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/files/0x0005000000019273-92.dat	xmrig
behavioral1/memory/1708-88-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2716-87-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x0005000000019271-86.dat	xmrig
behavioral1/memory/2232-79-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/files/0x000500000001926b-78.dat	xmrig
behavioral1/memory/2508-71-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/files/0x000500000001924c-70.dat	xmrig
behavioral1/files/0x000800000001748f-63.dat	xmrig
behavioral1/memory/2716-49-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x0007000000017409-48.dat	xmrig
behavioral1/files/0x000900000001747b-56.dat	xmrig
behavioral1/memory/1960-53-0x0000000002270000-0x00000000025C4000-memory.dmp	xmrig
behavioral1/memory/1960-40-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2508-35-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/files/0x00070000000173fb-34.dat	xmrig
behavioral1/memory/1960-33-0x0000000002270000-0x00000000025C4000-memory.dmp	xmrig
behavioral1/memory/2112-32-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2212	XvQoyRD.exe
2004	oLmhnNe.exe
2024	EXJGlNV.exe
2112	fRPWYVq.exe
2508	IgmrSfl.exe
2232	UsUBRcj.exe
2716	ymrzBcH.exe
2812	gkzeHzD.exe
2308	nsrglqu.exe
2092	XqrOVwU.exe
2872	TQQjNIa.exe
1708	kalyrCK.exe
2604	ZnsSwPX.exe
3052	KZDnZEG.exe
2356	CIOFSqP.exe
1732	XicNUrc.exe
1988	hdxObfa.exe
2384	PyekvSV.exe
308	BuPLJnN.exe
1236	hQiRFPv.exe
1688	DXbBLzt.exe
1752	XbJQGWC.exe
1148	jicJLFY.exe
1792	VbvRKmv.exe
2896	ajHseRp.exe
2452	jLfivXh.exe
1476	znKTTGN.exe
1080	KvxzCWN.exe
2104	EOivAUA.exe
2868	wrPkJFd.exe
608	fShltZO.exe
2540	aPWCcod.exe
1748	MLMrTXb.exe
764	xHxUbev.exe
1728	xUUQkSx.exe
1260	TUUhAKV.exe
2908	hCokDgn.exe
2156	tmMlthu.exe
2136	zCNEjLk.exe
2536	kFAWJRF.exe
1660	xWkUItM.exe
2352	nksYBEe.exe
2748	POsrFFb.exe
1304	yarLUnx.exe
872	MfWnpTU.exe
884	bVJRhTI.exe
2268	DgnzpZU.exe
2236	eDGLCXt.exe
1584	eaJrZpk.exe
1592	ySwuRrX.exe
2056	xGDaAoy.exe
1980	DOzgLKW.exe
2204	rVNurme.exe
2244	dPOPPng.exe
2728	jzVhlVW.exe
2608	OsHVCwt.exe
2744	ZVIKzXe.exe
2644	FAUlRmA.exe
1488	lYRsByB.exe
396	pKcQZeQ.exe
1404	UZaMfHm.exe
2560	IZgUkRE.exe
2040	NjqpJQx.exe
1912	vkRrWHE.exe

Loads dropped DLL 64 IoCs

pid	Process
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1960-0-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/files/0x0007000000012117-3.dat	upx
behavioral1/memory/2212-7-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/files/0x000800000001739a-13.dat	upx
behavioral1/files/0x00080000000173aa-23.dat	upx
behavioral1/memory/2004-24-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/files/0x0007000000017403-36.dat	upx
behavioral1/memory/2232-41-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2212-52-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/2812-58-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2308-64-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2092-72-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2872-80-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2308-102-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/files/0x00050000000193d9-134.dat	upx
behavioral1/files/0x000500000001942f-154.dat	upx
behavioral1/files/0x000500000001961f-189.dat	upx
behavioral1/memory/2092-213-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2872-323-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/1708-363-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2604-365-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/3052-367-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/files/0x0005000000019620-194.dat	upx
behavioral1/files/0x000500000001961b-185.dat	upx
behavioral1/files/0x00050000000195e4-179.dat	upx
behavioral1/files/0x00050000000194d8-170.dat	upx
behavioral1/files/0x0005000000019539-174.dat	upx
behavioral1/files/0x0005000000019441-160.dat	upx
behavioral1/files/0x000500000001947e-164.dat	upx
behavioral1/files/0x0005000000019403-149.dat	upx
behavioral1/files/0x00050000000193df-139.dat	upx
behavioral1/files/0x0005000000019401-145.dat	upx
behavioral1/files/0x00050000000193cc-129.dat	upx
behavioral1/files/0x00050000000193c4-124.dat	upx
behavioral1/files/0x00050000000193be-119.dat	upx
behavioral1/files/0x0005000000019389-114.dat	upx
behavioral1/files/0x0005000000019382-109.dat	upx
behavioral1/files/0x0005000000019277-101.dat	upx
behavioral1/memory/2604-94-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2812-93-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/files/0x0005000000019273-92.dat	upx
behavioral1/memory/1708-88-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2716-87-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x0005000000019271-86.dat	upx
behavioral1/memory/2232-79-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/files/0x000500000001926b-78.dat	upx
behavioral1/memory/2508-71-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/files/0x000500000001924c-70.dat	upx
behavioral1/files/0x000800000001748f-63.dat	upx
behavioral1/memory/2716-49-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x0007000000017409-48.dat	upx
behavioral1/files/0x000900000001747b-56.dat	upx
behavioral1/memory/1960-40-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2508-35-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/files/0x00070000000173fb-34.dat	upx
behavioral1/memory/2112-32-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2024-30-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/files/0x0009000000016f9c-16.dat	upx
behavioral1/memory/2212-2772-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/2004-2773-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2024-2774-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2232-2781-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2508-2784-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2112-2783-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\fnHWmuh.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gBYCxsQ.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SwFWxqI.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YxNLBOl.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pNmSvog.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yFShsPV.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wakrihK.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wdYsIdK.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EgluMhD.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tmaufhW.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wmzZTZW.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OOvAnvq.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uGkMzvZ.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kvnuVtd.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EqpTCJU.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZcFWgou.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QFSBQYP.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lTwugwF.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CEruPoV.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FskNrEn.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oAdkIhd.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KBzpUKW.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hKtptct.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dRhVsZF.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IXFBFmw.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XqrOVwU.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ovFgDhD.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BqtJUnP.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MzkCapR.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IHJpghk.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wUxADkX.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IDmVbcz.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MDJNkmf.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KqcjxFh.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LbJgdoD.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QWhQOmr.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aPHDkPO.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PvYXFzO.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TObogjI.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tqjZpva.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YSCZMix.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vWgXcCV.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iUspeOu.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xOoJHiE.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wQdrplN.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pebvTRe.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BwfEsyp.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XaLKFSp.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dBGrgdN.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NpHBeTK.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HBhwokm.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VsravfL.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zMAOfPS.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MLMrTXb.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\txmAzWL.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FDITBxD.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gMezXnM.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zCOyQPA.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YPmRNEU.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bZKGnNt.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IvMNSnk.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XozzOHJ.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UugGbOh.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UYxytHE.exe	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 2212	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1960 wrote to memory of 2212	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1960 wrote to memory of 2212	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1960 wrote to memory of 2004	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1960 wrote to memory of 2004	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1960 wrote to memory of 2004	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1960 wrote to memory of 2112	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1960 wrote to memory of 2112	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1960 wrote to memory of 2112	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1960 wrote to memory of 2024	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1960 wrote to memory of 2024	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1960 wrote to memory of 2024	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1960 wrote to memory of 2508	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1960 wrote to memory of 2508	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1960 wrote to memory of 2508	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1960 wrote to memory of 2232	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1960 wrote to memory of 2232	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1960 wrote to memory of 2232	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1960 wrote to memory of 2716	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1960 wrote to memory of 2716	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1960 wrote to memory of 2716	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1960 wrote to memory of 2812	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1960 wrote to memory of 2812	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1960 wrote to memory of 2812	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1960 wrote to memory of 2308	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1960 wrote to memory of 2308	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1960 wrote to memory of 2308	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1960 wrote to memory of 2092	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1960 wrote to memory of 2092	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1960 wrote to memory of 2092	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1960 wrote to memory of 2872	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1960 wrote to memory of 2872	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1960 wrote to memory of 2872	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1960 wrote to memory of 1708	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1960 wrote to memory of 1708	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1960 wrote to memory of 1708	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1960 wrote to memory of 2604	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1960 wrote to memory of 2604	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1960 wrote to memory of 2604	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1960 wrote to memory of 3052	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1960 wrote to memory of 3052	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1960 wrote to memory of 3052	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1960 wrote to memory of 2356	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1960 wrote to memory of 2356	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1960 wrote to memory of 2356	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1960 wrote to memory of 1732	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1960 wrote to memory of 1732	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1960 wrote to memory of 1732	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1960 wrote to memory of 1988	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1960 wrote to memory of 1988	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1960 wrote to memory of 1988	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1960 wrote to memory of 2384	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1960 wrote to memory of 2384	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1960 wrote to memory of 2384	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1960 wrote to memory of 308	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1960 wrote to memory of 308	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1960 wrote to memory of 308	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1960 wrote to memory of 1236	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1960 wrote to memory of 1236	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1960 wrote to memory of 1236	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1960 wrote to memory of 1688	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1960 wrote to memory of 1688	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1960 wrote to memory of 1688	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1960 wrote to memory of 1752	1960	2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-29_faafdbc4278232097c3af77497daa349_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Windows\System\XvQoyRD.exe
  C:\Windows\System\XvQoyRD.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\oLmhnNe.exe
  C:\Windows\System\oLmhnNe.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\fRPWYVq.exe
  C:\Windows\System\fRPWYVq.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\EXJGlNV.exe
  C:\Windows\System\EXJGlNV.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\IgmrSfl.exe
  C:\Windows\System\IgmrSfl.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\UsUBRcj.exe
  C:\Windows\System\UsUBRcj.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\ymrzBcH.exe
  C:\Windows\System\ymrzBcH.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\gkzeHzD.exe
  C:\Windows\System\gkzeHzD.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\nsrglqu.exe
  C:\Windows\System\nsrglqu.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\XqrOVwU.exe
  C:\Windows\System\XqrOVwU.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\TQQjNIa.exe
  C:\Windows\System\TQQjNIa.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\kalyrCK.exe
  C:\Windows\System\kalyrCK.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\ZnsSwPX.exe
  C:\Windows\System\ZnsSwPX.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\KZDnZEG.exe
  C:\Windows\System\KZDnZEG.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\CIOFSqP.exe
  C:\Windows\System\CIOFSqP.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\XicNUrc.exe
  C:\Windows\System\XicNUrc.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\hdxObfa.exe
  C:\Windows\System\hdxObfa.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\PyekvSV.exe
  C:\Windows\System\PyekvSV.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\BuPLJnN.exe
  C:\Windows\System\BuPLJnN.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\hQiRFPv.exe
  C:\Windows\System\hQiRFPv.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\DXbBLzt.exe
  C:\Windows\System\DXbBLzt.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\XbJQGWC.exe
  C:\Windows\System\XbJQGWC.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\jicJLFY.exe
  C:\Windows\System\jicJLFY.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\VbvRKmv.exe
  C:\Windows\System\VbvRKmv.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\ajHseRp.exe
  C:\Windows\System\ajHseRp.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\jLfivXh.exe
  C:\Windows\System\jLfivXh.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\znKTTGN.exe
  C:\Windows\System\znKTTGN.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\KvxzCWN.exe
  C:\Windows\System\KvxzCWN.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\EOivAUA.exe
  C:\Windows\System\EOivAUA.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\wrPkJFd.exe
  C:\Windows\System\wrPkJFd.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\fShltZO.exe
  C:\Windows\System\fShltZO.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\aPWCcod.exe
  C:\Windows\System\aPWCcod.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\MLMrTXb.exe
  C:\Windows\System\MLMrTXb.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\xHxUbev.exe
  C:\Windows\System\xHxUbev.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\xUUQkSx.exe
  C:\Windows\System\xUUQkSx.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\TUUhAKV.exe
  C:\Windows\System\TUUhAKV.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\hCokDgn.exe
  C:\Windows\System\hCokDgn.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\tmMlthu.exe
  C:\Windows\System\tmMlthu.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\zCNEjLk.exe
  C:\Windows\System\zCNEjLk.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\kFAWJRF.exe
  C:\Windows\System\kFAWJRF.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\xWkUItM.exe
  C:\Windows\System\xWkUItM.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\nksYBEe.exe
  C:\Windows\System\nksYBEe.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\POsrFFb.exe
  C:\Windows\System\POsrFFb.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\yarLUnx.exe
  C:\Windows\System\yarLUnx.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\MfWnpTU.exe
  C:\Windows\System\MfWnpTU.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\bVJRhTI.exe
  C:\Windows\System\bVJRhTI.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\DgnzpZU.exe
  C:\Windows\System\DgnzpZU.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\eDGLCXt.exe
  C:\Windows\System\eDGLCXt.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\eaJrZpk.exe
  C:\Windows\System\eaJrZpk.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\ySwuRrX.exe
  C:\Windows\System\ySwuRrX.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\xGDaAoy.exe
  C:\Windows\System\xGDaAoy.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\DOzgLKW.exe
  C:\Windows\System\DOzgLKW.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\rVNurme.exe
  C:\Windows\System\rVNurme.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\dPOPPng.exe
  C:\Windows\System\dPOPPng.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\jzVhlVW.exe
  C:\Windows\System\jzVhlVW.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\OsHVCwt.exe
  C:\Windows\System\OsHVCwt.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\ZVIKzXe.exe
  C:\Windows\System\ZVIKzXe.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\FAUlRmA.exe
  C:\Windows\System\FAUlRmA.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\lYRsByB.exe
  C:\Windows\System\lYRsByB.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\pKcQZeQ.exe
  C:\Windows\System\pKcQZeQ.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\UZaMfHm.exe
  C:\Windows\System\UZaMfHm.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\IZgUkRE.exe
  C:\Windows\System\IZgUkRE.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\NjqpJQx.exe
  C:\Windows\System\NjqpJQx.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\vkRrWHE.exe
  C:\Windows\System\vkRrWHE.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\vWqXHxt.exe
  C:\Windows\System\vWqXHxt.exe
  2⤵
  PID:1800
- C:\Windows\System\bZfjLqn.exe
  C:\Windows\System\bZfjLqn.exe
  2⤵
  PID:1308
- C:\Windows\System\jdzDBPA.exe
  C:\Windows\System\jdzDBPA.exe
  2⤵
  PID:1504
- C:\Windows\System\WXGjLWM.exe
  C:\Windows\System\WXGjLWM.exe
  2⤵
  PID:2160
- C:\Windows\System\MIbNTAj.exe
  C:\Windows\System\MIbNTAj.exe
  2⤵
  PID:1084
- C:\Windows\System\OUqvMoD.exe
  C:\Windows\System\OUqvMoD.exe
  2⤵
  PID:2296
- C:\Windows\System\CAoWwfy.exe
  C:\Windows\System\CAoWwfy.exe
  2⤵
  PID:2428
- C:\Windows\System\NybBlSb.exe
  C:\Windows\System\NybBlSb.exe
  2⤵
  PID:848
- C:\Windows\System\rEPcDXl.exe
  C:\Windows\System\rEPcDXl.exe
  2⤵
  PID:888
- C:\Windows\System\jtYiuKo.exe
  C:\Windows\System\jtYiuKo.exe
  2⤵
  PID:2788
- C:\Windows\System\ScSuRtL.exe
  C:\Windows\System\ScSuRtL.exe
  2⤵
  PID:2188
- C:\Windows\System\NQmUwYK.exe
  C:\Windows\System\NQmUwYK.exe
  2⤵
  PID:1636
- C:\Windows\System\iMeVfeA.exe
  C:\Windows\System\iMeVfeA.exe
  2⤵
  PID:2396
- C:\Windows\System\HJaZBAm.exe
  C:\Windows\System\HJaZBAm.exe
  2⤵
  PID:2132
- C:\Windows\System\dlsQprJ.exe
  C:\Windows\System\dlsQprJ.exe
  2⤵
  PID:2300
- C:\Windows\System\sWITOsa.exe
  C:\Windows\System\sWITOsa.exe
  2⤵
  PID:2484
- C:\Windows\System\ssSfRqo.exe
  C:\Windows\System\ssSfRqo.exe
  2⤵
  PID:1264
- C:\Windows\System\jSjaphK.exe
  C:\Windows\System\jSjaphK.exe
  2⤵
  PID:2060
- C:\Windows\System\YioWJsU.exe
  C:\Windows\System\YioWJsU.exe
  2⤵
  PID:2688
- C:\Windows\System\uKQSihn.exe
  C:\Windows\System\uKQSihn.exe
  2⤵
  PID:2288
- C:\Windows\System\Ginzcby.exe
  C:\Windows\System\Ginzcby.exe
  2⤵
  PID:2572
- C:\Windows\System\EUqJClS.exe
  C:\Windows\System\EUqJClS.exe
  2⤵
  PID:236
- C:\Windows\System\LhmYUPY.exe
  C:\Windows\System\LhmYUPY.exe
  2⤵
  PID:624
- C:\Windows\System\CPjgZPf.exe
  C:\Windows\System\CPjgZPf.exe
  2⤵
  PID:1712
- C:\Windows\System\ihHASyw.exe
  C:\Windows\System\ihHASyw.exe
  2⤵
  PID:1940
- C:\Windows\System\ptZUjka.exe
  C:\Windows\System\ptZUjka.exe
  2⤵
  PID:1528
- C:\Windows\System\ondnRSI.exe
  C:\Windows\System\ondnRSI.exe
  2⤵
  PID:564
- C:\Windows\System\ACWksMC.exe
  C:\Windows\System\ACWksMC.exe
  2⤵
  PID:1648
- C:\Windows\System\qZHTQsJ.exe
  C:\Windows\System\qZHTQsJ.exe
  2⤵
  PID:2320
- C:\Windows\System\OxzVCVZ.exe
  C:\Windows\System\OxzVCVZ.exe
  2⤵
  PID:1692
- C:\Windows\System\VXqOIpb.exe
  C:\Windows\System\VXqOIpb.exe
  2⤵
  PID:2712
- C:\Windows\System\GdVwyRC.exe
  C:\Windows\System\GdVwyRC.exe
  2⤵
  PID:2772
- C:\Windows\System\ltqhLyy.exe
  C:\Windows\System\ltqhLyy.exe
  2⤵
  PID:1992
- C:\Windows\System\wYXCQcX.exe
  C:\Windows\System\wYXCQcX.exe
  2⤵
  PID:3064
- C:\Windows\System\ETNxFMl.exe
  C:\Windows\System\ETNxFMl.exe
  2⤵
  PID:2464
- C:\Windows\System\caxadPF.exe
  C:\Windows\System\caxadPF.exe
  2⤵
  PID:844
- C:\Windows\System\eYosirF.exe
  C:\Windows\System\eYosirF.exe
  2⤵
  PID:2304
- C:\Windows\System\IZOOXtc.exe
  C:\Windows\System\IZOOXtc.exe
  2⤵
  PID:2256
- C:\Windows\System\SUFtPrm.exe
  C:\Windows\System\SUFtPrm.exe
  2⤵
  PID:2280
- C:\Windows\System\rqaReZj.exe
  C:\Windows\System\rqaReZj.exe
  2⤵
  PID:2852
- C:\Windows\System\RrqeLoC.exe
  C:\Windows\System\RrqeLoC.exe
  2⤵
  PID:2584
- C:\Windows\System\AhdWNET.exe
  C:\Windows\System\AhdWNET.exe
  2⤵
  PID:576
- C:\Windows\System\jMerXdJ.exe
  C:\Windows\System\jMerXdJ.exe
  2⤵
  PID:1544
- C:\Windows\System\acmVmuh.exe
  C:\Windows\System\acmVmuh.exe
  2⤵
  PID:1796
- C:\Windows\System\sidOgKD.exe
  C:\Windows\System\sidOgKD.exe
  2⤵
  PID:2940
- C:\Windows\System\TOfcRtf.exe
  C:\Windows\System\TOfcRtf.exe
  2⤵
  PID:1932
- C:\Windows\System\fkNdGmP.exe
  C:\Windows\System\fkNdGmP.exe
  2⤵
  PID:1356
- C:\Windows\System\UVGsuPo.exe
  C:\Windows\System\UVGsuPo.exe
  2⤵
  PID:2952
- C:\Windows\System\DwynyDo.exe
  C:\Windows\System\DwynyDo.exe
  2⤵
  PID:2648
- C:\Windows\System\wCGFiKr.exe
  C:\Windows\System\wCGFiKr.exe
  2⤵
  PID:1296
- C:\Windows\System\nuOVACo.exe
  C:\Windows\System\nuOVACo.exe
  2⤵
  PID:1400
- C:\Windows\System\BjRsyjH.exe
  C:\Windows\System\BjRsyjH.exe
  2⤵
  PID:1388
- C:\Windows\System\zxMmqtj.exe
  C:\Windows\System\zxMmqtj.exe
  2⤵
  PID:324
- C:\Windows\System\MGDiuah.exe
  C:\Windows\System\MGDiuah.exe
  2⤵
  PID:1140
- C:\Windows\System\fLZiDtJ.exe
  C:\Windows\System\fLZiDtJ.exe
  2⤵
  PID:2032
- C:\Windows\System\JkpEsOH.exe
  C:\Windows\System\JkpEsOH.exe
  2⤵
  PID:2860
- C:\Windows\System\uLjKcSx.exe
  C:\Windows\System\uLjKcSx.exe
  2⤵
  PID:988
- C:\Windows\System\LcpRrJG.exe
  C:\Windows\System\LcpRrJG.exe
  2⤵
  PID:1424
- C:\Windows\System\ShLzNYk.exe
  C:\Windows\System\ShLzNYk.exe
  2⤵
  PID:2732
- C:\Windows\System\uqLznVo.exe
  C:\Windows\System\uqLznVo.exe
  2⤵
  PID:1776
- C:\Windows\System\dMJgbMh.exe
  C:\Windows\System\dMJgbMh.exe
  2⤵
  PID:852
- C:\Windows\System\FYmrWuY.exe
  C:\Windows\System\FYmrWuY.exe
  2⤵
  PID:952
- C:\Windows\System\hvTBCQI.exe
  C:\Windows\System\hvTBCQI.exe
  2⤵
  PID:532
- C:\Windows\System\EnzwRHy.exe
  C:\Windows\System\EnzwRHy.exe
  2⤵
  PID:2724
- C:\Windows\System\hGxoaJC.exe
  C:\Windows\System\hGxoaJC.exe
  2⤵
  PID:1672
- C:\Windows\System\kpWtgZF.exe
  C:\Windows\System\kpWtgZF.exe
  2⤵
  PID:2492
- C:\Windows\System\pPyDpJy.exe
  C:\Windows\System\pPyDpJy.exe
  2⤵
  PID:2084
- C:\Windows\System\gRLajGY.exe
  C:\Windows\System\gRLajGY.exe
  2⤵
  PID:2964
- C:\Windows\System\mYHqsdl.exe
  C:\Windows\System\mYHqsdl.exe
  2⤵
  PID:2704
- C:\Windows\System\GNRrOjD.exe
  C:\Windows\System\GNRrOjD.exe
  2⤵
  PID:2168
- C:\Windows\System\xDGIJQo.exe
  C:\Windows\System\xDGIJQo.exe
  2⤵
  PID:2500
- C:\Windows\System\zjOgeuQ.exe
  C:\Windows\System\zjOgeuQ.exe
  2⤵
  PID:2764
- C:\Windows\System\TysSvHv.exe
  C:\Windows\System\TysSvHv.exe
  2⤵
  PID:2756
- C:\Windows\System\lTwugwF.exe
  C:\Windows\System\lTwugwF.exe
  2⤵
  PID:1696
- C:\Windows\System\qQPIsAS.exe
  C:\Windows\System\qQPIsAS.exe
  2⤵
  PID:824
- C:\Windows\System\xXDbyVN.exe
  C:\Windows\System\xXDbyVN.exe
  2⤵
  PID:1560
- C:\Windows\System\tfHHZHK.exe
  C:\Windows\System\tfHHZHK.exe
  2⤵
  PID:1640
- C:\Windows\System\sfadGYN.exe
  C:\Windows\System\sfadGYN.exe
  2⤵
  PID:2680
- C:\Windows\System\ykfpdId.exe
  C:\Windows\System\ykfpdId.exe
  2⤵
  PID:1168
- C:\Windows\System\TKvqTnR.exe
  C:\Windows\System\TKvqTnR.exe
  2⤵
  PID:648
- C:\Windows\System\XRXPsQA.exe
  C:\Windows\System\XRXPsQA.exe
  2⤵
  PID:264
- C:\Windows\System\wGSBelQ.exe
  C:\Windows\System\wGSBelQ.exe
  2⤵
  PID:2196
- C:\Windows\System\weZKUus.exe
  C:\Windows\System\weZKUus.exe
  2⤵
  PID:1360
- C:\Windows\System\uiCaQOZ.exe
  C:\Windows\System\uiCaQOZ.exe
  2⤵
  PID:2616
- C:\Windows\System\TTFdpps.exe
  C:\Windows\System\TTFdpps.exe
  2⤵
  PID:2700
- C:\Windows\System\dVQHwXJ.exe
  C:\Windows\System\dVQHwXJ.exe
  2⤵
  PID:1060
- C:\Windows\System\ztUGelu.exe
  C:\Windows\System\ztUGelu.exe
  2⤵
  PID:1720
- C:\Windows\System\ovFgDhD.exe
  C:\Windows\System\ovFgDhD.exe
  2⤵
  PID:1512
- C:\Windows\System\PosNgKH.exe
  C:\Windows\System\PosNgKH.exe
  2⤵
  PID:2096
- C:\Windows\System\AzWGeFU.exe
  C:\Windows\System\AzWGeFU.exe
  2⤵
  PID:2816
- C:\Windows\System\NmuHirU.exe
  C:\Windows\System\NmuHirU.exe
  2⤵
  PID:2736
- C:\Windows\System\pebvTRe.exe
  C:\Windows\System\pebvTRe.exe
  2⤵
  PID:2640
- C:\Windows\System\VXYjouO.exe
  C:\Windows\System\VXYjouO.exe
  2⤵
  PID:544
- C:\Windows\System\PMrJFEl.exe
  C:\Windows\System\PMrJFEl.exe
  2⤵
  PID:2400
- C:\Windows\System\TCraUAj.exe
  C:\Windows\System\TCraUAj.exe
  2⤵
  PID:2660
- C:\Windows\System\gGPjYgU.exe
  C:\Windows\System\gGPjYgU.exe
  2⤵
  PID:336
- C:\Windows\System\dHlJltN.exe
  C:\Windows\System\dHlJltN.exe
  2⤵
  PID:1644
- C:\Windows\System\zIXDwnP.exe
  C:\Windows\System\zIXDwnP.exe
  2⤵
  PID:2472
- C:\Windows\System\VhpSCnx.exe
  C:\Windows\System\VhpSCnx.exe
  2⤵
  PID:1432
- C:\Windows\System\PqLMIfj.exe
  C:\Windows\System\PqLMIfj.exe
  2⤵
  PID:2684
- C:\Windows\System\YRjYZDX.exe
  C:\Windows\System\YRjYZDX.exe
  2⤵
  PID:1944
- C:\Windows\System\HUZOkUw.exe
  C:\Windows\System\HUZOkUw.exe
  2⤵
  PID:1808
- C:\Windows\System\ZAdABef.exe
  C:\Windows\System\ZAdABef.exe
  2⤵
  PID:3076
- C:\Windows\System\QDqwniG.exe
  C:\Windows\System\QDqwniG.exe
  2⤵
  PID:3092
- C:\Windows\System\gmlZAaP.exe
  C:\Windows\System\gmlZAaP.exe
  2⤵
  PID:3108
- C:\Windows\System\roMMcKY.exe
  C:\Windows\System\roMMcKY.exe
  2⤵
  PID:3132
- C:\Windows\System\McCoYis.exe
  C:\Windows\System\McCoYis.exe
  2⤵
  PID:3156
- C:\Windows\System\ywCONwz.exe
  C:\Windows\System\ywCONwz.exe
  2⤵
  PID:3172
- C:\Windows\System\KZHcbrz.exe
  C:\Windows\System\KZHcbrz.exe
  2⤵
  PID:3192
- C:\Windows\System\Mthpryt.exe
  C:\Windows\System\Mthpryt.exe
  2⤵
  PID:3212
- C:\Windows\System\nNUxRyc.exe
  C:\Windows\System\nNUxRyc.exe
  2⤵
  PID:3236
- C:\Windows\System\XaANywT.exe
  C:\Windows\System\XaANywT.exe
  2⤵
  PID:3252
- C:\Windows\System\DTouwcW.exe
  C:\Windows\System\DTouwcW.exe
  2⤵
  PID:3268
- C:\Windows\System\txmAzWL.exe
  C:\Windows\System\txmAzWL.exe
  2⤵
  PID:3284
- C:\Windows\System\mNsZPFW.exe
  C:\Windows\System\mNsZPFW.exe
  2⤵
  PID:3308
- C:\Windows\System\ruIfbUn.exe
  C:\Windows\System\ruIfbUn.exe
  2⤵
  PID:3328
- C:\Windows\System\toduRGw.exe
  C:\Windows\System\toduRGw.exe
  2⤵
  PID:3344
- C:\Windows\System\WeZoeop.exe
  C:\Windows\System\WeZoeop.exe
  2⤵
  PID:3360
- C:\Windows\System\bAWMGjT.exe
  C:\Windows\System\bAWMGjT.exe
  2⤵
  PID:3376
- C:\Windows\System\PUUIyMW.exe
  C:\Windows\System\PUUIyMW.exe
  2⤵
  PID:3392
- C:\Windows\System\iDelWLO.exe
  C:\Windows\System\iDelWLO.exe
  2⤵
  PID:3472
- C:\Windows\System\DnJpYUA.exe
  C:\Windows\System\DnJpYUA.exe
  2⤵
  PID:3500
- C:\Windows\System\VGcxswA.exe
  C:\Windows\System\VGcxswA.exe
  2⤵
  PID:3524
- C:\Windows\System\bjHXYrf.exe
  C:\Windows\System\bjHXYrf.exe
  2⤵
  PID:3540
- C:\Windows\System\jxPDrWx.exe
  C:\Windows\System\jxPDrWx.exe
  2⤵
  PID:3556
- C:\Windows\System\rfwgKnr.exe
  C:\Windows\System\rfwgKnr.exe
  2⤵
  PID:3576
- C:\Windows\System\VZhcBTd.exe
  C:\Windows\System\VZhcBTd.exe
  2⤵
  PID:3600
- C:\Windows\System\riodtAk.exe
  C:\Windows\System\riodtAk.exe
  2⤵
  PID:3624
- C:\Windows\System\onkfPDK.exe
  C:\Windows\System\onkfPDK.exe
  2⤵
  PID:3644
- C:\Windows\System\KRUaABs.exe
  C:\Windows\System\KRUaABs.exe
  2⤵
  PID:3660
- C:\Windows\System\xlLEiRY.exe
  C:\Windows\System\xlLEiRY.exe
  2⤵
  PID:3676
- C:\Windows\System\ejlbkFY.exe
  C:\Windows\System\ejlbkFY.exe
  2⤵
  PID:3692
- C:\Windows\System\FrVYVQU.exe
  C:\Windows\System\FrVYVQU.exe
  2⤵
  PID:3712
- C:\Windows\System\TfEJlms.exe
  C:\Windows\System\TfEJlms.exe
  2⤵
  PID:3728
- C:\Windows\System\ETlIUBc.exe
  C:\Windows\System\ETlIUBc.exe
  2⤵
  PID:3764
- C:\Windows\System\rnnSuoR.exe
  C:\Windows\System\rnnSuoR.exe
  2⤵
  PID:3780
- C:\Windows\System\CdVyZLH.exe
  C:\Windows\System\CdVyZLH.exe
  2⤵
  PID:3796
- C:\Windows\System\wUzqZBq.exe
  C:\Windows\System\wUzqZBq.exe
  2⤵
  PID:3816
- C:\Windows\System\dOWPTAl.exe
  C:\Windows\System\dOWPTAl.exe
  2⤵
  PID:3832
- C:\Windows\System\ZTJFyhf.exe
  C:\Windows\System\ZTJFyhf.exe
  2⤵
  PID:3852
- C:\Windows\System\qBWegUQ.exe
  C:\Windows\System\qBWegUQ.exe
  2⤵
  PID:3876
- C:\Windows\System\oaSvVva.exe
  C:\Windows\System\oaSvVva.exe
  2⤵
  PID:3892
- C:\Windows\System\QHCoawg.exe
  C:\Windows\System\QHCoawg.exe
  2⤵
  PID:3916
- C:\Windows\System\PtNcVCI.exe
  C:\Windows\System\PtNcVCI.exe
  2⤵
  PID:3936
- C:\Windows\System\dONpJFE.exe
  C:\Windows\System\dONpJFE.exe
  2⤵
  PID:3960
- C:\Windows\System\zZnILGb.exe
  C:\Windows\System\zZnILGb.exe
  2⤵
  PID:4000
- C:\Windows\System\SEAaHFl.exe
  C:\Windows\System\SEAaHFl.exe
  2⤵
  PID:4016
- C:\Windows\System\VLVIkiW.exe
  C:\Windows\System\VLVIkiW.exe
  2⤵
  PID:4032
- C:\Windows\System\CcqTtwW.exe
  C:\Windows\System\CcqTtwW.exe
  2⤵
  PID:4052
- C:\Windows\System\tnGsbUm.exe
  C:\Windows\System\tnGsbUm.exe
  2⤵
  PID:4080
- C:\Windows\System\HuXpuFP.exe
  C:\Windows\System\HuXpuFP.exe
  2⤵
  PID:3084
- C:\Windows\System\VySsgPk.exe
  C:\Windows\System\VySsgPk.exe
  2⤵
  PID:2832
- C:\Windows\System\bFeBXZU.exe
  C:\Windows\System\bFeBXZU.exe
  2⤵
  PID:944
- C:\Windows\System\pgRYVne.exe
  C:\Windows\System\pgRYVne.exe
  2⤵
  PID:3244
- C:\Windows\System\BUGUvVo.exe
  C:\Windows\System\BUGUvVo.exe
  2⤵
  PID:3324
- C:\Windows\System\enapJEA.exe
  C:\Windows\System\enapJEA.exe
  2⤵
  PID:3356
- C:\Windows\System\mAzKDIF.exe
  C:\Windows\System\mAzKDIF.exe
  2⤵
  PID:2708
- C:\Windows\System\cNDfFbT.exe
  C:\Windows\System\cNDfFbT.exe
  2⤵
  PID:1760
- C:\Windows\System\paWreze.exe
  C:\Windows\System\paWreze.exe
  2⤵
  PID:2856
- C:\Windows\System\gjDWVLb.exe
  C:\Windows\System\gjDWVLb.exe
  2⤵
  PID:3144
- C:\Windows\System\abcbBPS.exe
  C:\Windows\System\abcbBPS.exe
  2⤵
  PID:3424
- C:\Windows\System\BMfJvvL.exe
  C:\Windows\System\BMfJvvL.exe
  2⤵
  PID:3220
- C:\Windows\System\QvPiaQe.exe
  C:\Windows\System\QvPiaQe.exe
  2⤵
  PID:3440
- C:\Windows\System\TLWIMSc.exe
  C:\Windows\System\TLWIMSc.exe
  2⤵
  PID:3304
- C:\Windows\System\Mxsoboe.exe
  C:\Windows\System\Mxsoboe.exe
  2⤵
  PID:3408
- C:\Windows\System\BptPpWn.exe
  C:\Windows\System\BptPpWn.exe
  2⤵
  PID:3496
- C:\Windows\System\UkWhgxT.exe
  C:\Windows\System\UkWhgxT.exe
  2⤵
  PID:3568
- C:\Windows\System\bmxDzUJ.exe
  C:\Windows\System\bmxDzUJ.exe
  2⤵
  PID:3616
- C:\Windows\System\DFdaiLz.exe
  C:\Windows\System\DFdaiLz.exe
  2⤵
  PID:3592
- C:\Windows\System\Dzxenxd.exe
  C:\Windows\System\Dzxenxd.exe
  2⤵
  PID:3636
- C:\Windows\System\LcUkxsf.exe
  C:\Windows\System\LcUkxsf.exe
  2⤵
  PID:3704
- C:\Windows\System\CYyRdqU.exe
  C:\Windows\System\CYyRdqU.exe
  2⤵
  PID:3744
- C:\Windows\System\BHkXZpQ.exe
  C:\Windows\System\BHkXZpQ.exe
  2⤵
  PID:3752
- C:\Windows\System\AAnEnma.exe
  C:\Windows\System\AAnEnma.exe
  2⤵
  PID:3772
- C:\Windows\System\uLwbhWp.exe
  C:\Windows\System\uLwbhWp.exe
  2⤵
  PID:3840
- C:\Windows\System\EqFJJae.exe
  C:\Windows\System\EqFJJae.exe
  2⤵
  PID:3740
- C:\Windows\System\obnbItm.exe
  C:\Windows\System\obnbItm.exe
  2⤵
  PID:3932
- C:\Windows\System\KsdfsIg.exe
  C:\Windows\System\KsdfsIg.exe
  2⤵
  PID:3976
- C:\Windows\System\bLIpagB.exe
  C:\Windows\System\bLIpagB.exe
  2⤵
  PID:3828
- C:\Windows\System\QFzQmsi.exe
  C:\Windows\System\QFzQmsi.exe
  2⤵
  PID:3872
- C:\Windows\System\sCCeLvf.exe
  C:\Windows\System\sCCeLvf.exe
  2⤵
  PID:3912
- C:\Windows\System\dWkYxFQ.exe
  C:\Windows\System\dWkYxFQ.exe
  2⤵
  PID:3956
- C:\Windows\System\jdPdrGT.exe
  C:\Windows\System\jdPdrGT.exe
  2⤵
  PID:4008
- C:\Windows\System\OOvAnvq.exe
  C:\Windows\System\OOvAnvq.exe
  2⤵
  PID:4064
- C:\Windows\System\ikWSaUm.exe
  C:\Windows\System\ikWSaUm.exe
  2⤵
  PID:4072
- C:\Windows\System\NZnVlRS.exe
  C:\Windows\System\NZnVlRS.exe
  2⤵
  PID:3120
- C:\Windows\System\lCDgekk.exe
  C:\Windows\System\lCDgekk.exe
  2⤵
  PID:3280
- C:\Windows\System\cMDhmEx.exe
  C:\Windows\System\cMDhmEx.exe
  2⤵
  PID:3368
- C:\Windows\System\zerzKpy.exe
  C:\Windows\System\zerzKpy.exe
  2⤵
  PID:3180
- C:\Windows\System\nsfODfs.exe
  C:\Windows\System\nsfODfs.exe
  2⤵
  PID:1684
- C:\Windows\System\kfIwClR.exe
  C:\Windows\System\kfIwClR.exe
  2⤵
  PID:3420
- C:\Windows\System\TALFgGr.exe
  C:\Windows\System\TALFgGr.exe
  2⤵
  PID:3260
- C:\Windows\System\uibNhkU.exe
  C:\Windows\System\uibNhkU.exe
  2⤵
  PID:3404
- C:\Windows\System\WIAUTlf.exe
  C:\Windows\System\WIAUTlf.exe
  2⤵
  PID:3608
- C:\Windows\System\uSHhtCA.exe
  C:\Windows\System\uSHhtCA.exe
  2⤵
  PID:3884
- C:\Windows\System\vfsXLUG.exe
  C:\Windows\System\vfsXLUG.exe
  2⤵
  PID:3972
- C:\Windows\System\GFeLxPD.exe
  C:\Windows\System\GFeLxPD.exe
  2⤵
  PID:3948
- C:\Windows\System\DWQOJcx.exe
  C:\Windows\System\DWQOJcx.exe
  2⤵
  PID:4088
- C:\Windows\System\CIpiItD.exe
  C:\Windows\System\CIpiItD.exe
  2⤵
  PID:3320
- C:\Windows\System\lugGrKK.exe
  C:\Windows\System\lugGrKK.exe
  2⤵
  PID:2292
- C:\Windows\System\piUNUhq.exe
  C:\Windows\System\piUNUhq.exe
  2⤵
  PID:3824
- C:\Windows\System\GMEeKqU.exe
  C:\Windows\System\GMEeKqU.exe
  2⤵
  PID:4024
- C:\Windows\System\wAMpVBQ.exe
  C:\Windows\System\wAMpVBQ.exe
  2⤵
  PID:3520
- C:\Windows\System\FskNrEn.exe
  C:\Windows\System\FskNrEn.exe
  2⤵
  PID:3684
- C:\Windows\System\ovQlqnD.exe
  C:\Windows\System\ovQlqnD.exe
  2⤵
  PID:3168
- C:\Windows\System\EjPIKVO.exe
  C:\Windows\System\EjPIKVO.exe
  2⤵
  PID:3140
- C:\Windows\System\FIiBZPW.exe
  C:\Windows\System\FIiBZPW.exe
  2⤵
  PID:3300
- C:\Windows\System\VmJnKmk.exe
  C:\Windows\System\VmJnKmk.exe
  2⤵
  PID:3452
- C:\Windows\System\PdgFMJG.exe
  C:\Windows\System\PdgFMJG.exe
  2⤵
  PID:3484
- C:\Windows\System\bSPTvUG.exe
  C:\Windows\System\bSPTvUG.exe
  2⤵
  PID:3632
- C:\Windows\System\KCxaaiv.exe
  C:\Windows\System\KCxaaiv.exe
  2⤵
  PID:3788
- C:\Windows\System\owlIpNi.exe
  C:\Windows\System\owlIpNi.exe
  2⤵
  PID:3864
- C:\Windows\System\SzZdeMk.exe
  C:\Windows\System\SzZdeMk.exe
  2⤵
  PID:3760
- C:\Windows\System\dbZPQte.exe
  C:\Windows\System\dbZPQte.exe
  2⤵
  PID:3672
- C:\Windows\System\iBXfUVD.exe
  C:\Windows\System\iBXfUVD.exe
  2⤵
  PID:3148
- C:\Windows\System\bsycufO.exe
  C:\Windows\System\bsycufO.exe
  2⤵
  PID:3564
- C:\Windows\System\XeoLPXz.exe
  C:\Windows\System\XeoLPXz.exe
  2⤵
  PID:3924
- C:\Windows\System\LEXCIHd.exe
  C:\Windows\System\LEXCIHd.exe
  2⤵
  PID:3232
- C:\Windows\System\KqtRLZJ.exe
  C:\Windows\System\KqtRLZJ.exe
  2⤵
  PID:3552
- C:\Windows\System\uGkMzvZ.exe
  C:\Windows\System\uGkMzvZ.exe
  2⤵
  PID:4068
- C:\Windows\System\FcgimQg.exe
  C:\Windows\System\FcgimQg.exe
  2⤵
  PID:3908
- C:\Windows\System\VyEXHEk.exe
  C:\Windows\System\VyEXHEk.exe
  2⤵
  PID:3296
- C:\Windows\System\ikZXeJr.exe
  C:\Windows\System\ikZXeJr.exe
  2⤵
  PID:3536
- C:\Windows\System\hKOAGIC.exe
  C:\Windows\System\hKOAGIC.exe
  2⤵
  PID:4120
- C:\Windows\System\dYokeEN.exe
  C:\Windows\System\dYokeEN.exe
  2⤵
  PID:4140
- C:\Windows\System\MuYLfER.exe
  C:\Windows\System\MuYLfER.exe
  2⤵
  PID:4160
- C:\Windows\System\wLlTdVw.exe
  C:\Windows\System\wLlTdVw.exe
  2⤵
  PID:4180
- C:\Windows\System\yhMjWMz.exe
  C:\Windows\System\yhMjWMz.exe
  2⤵
  PID:4240
- C:\Windows\System\iNNIFaK.exe
  C:\Windows\System\iNNIFaK.exe
  2⤵
  PID:4256
- C:\Windows\System\DzliRrR.exe
  C:\Windows\System\DzliRrR.exe
  2⤵
  PID:4272
- C:\Windows\System\CiwoWSJ.exe
  C:\Windows\System\CiwoWSJ.exe
  2⤵
  PID:4288
- C:\Windows\System\fJHmgPB.exe
  C:\Windows\System\fJHmgPB.exe
  2⤵
  PID:4304
- C:\Windows\System\eaxyWnh.exe
  C:\Windows\System\eaxyWnh.exe
  2⤵
  PID:4320
- C:\Windows\System\hQCEGMD.exe
  C:\Windows\System\hQCEGMD.exe
  2⤵
  PID:4344
- C:\Windows\System\YUqRFsL.exe
  C:\Windows\System\YUqRFsL.exe
  2⤵
  PID:4360
- C:\Windows\System\ZOTaUOs.exe
  C:\Windows\System\ZOTaUOs.exe
  2⤵
  PID:4376
- C:\Windows\System\CQzyzQd.exe
  C:\Windows\System\CQzyzQd.exe
  2⤵
  PID:4392
- C:\Windows\System\TtziEGh.exe
  C:\Windows\System\TtziEGh.exe
  2⤵
  PID:4408
- C:\Windows\System\tzAPjgc.exe
  C:\Windows\System\tzAPjgc.exe
  2⤵
  PID:4424
- C:\Windows\System\blFuQRn.exe
  C:\Windows\System\blFuQRn.exe
  2⤵
  PID:4440
- C:\Windows\System\fkCCNNq.exe
  C:\Windows\System\fkCCNNq.exe
  2⤵
  PID:4460
- C:\Windows\System\CZCewKZ.exe
  C:\Windows\System\CZCewKZ.exe
  2⤵
  PID:4484
- C:\Windows\System\pJDtQtR.exe
  C:\Windows\System\pJDtQtR.exe
  2⤵
  PID:4504
- C:\Windows\System\NBXjOOH.exe
  C:\Windows\System\NBXjOOH.exe
  2⤵
  PID:4524
- C:\Windows\System\JHECxBe.exe
  C:\Windows\System\JHECxBe.exe
  2⤵
  PID:4544
- C:\Windows\System\WpPeZZh.exe
  C:\Windows\System\WpPeZZh.exe
  2⤵
  PID:4572
- C:\Windows\System\qINXFva.exe
  C:\Windows\System\qINXFva.exe
  2⤵
  PID:4592
- C:\Windows\System\HLgAUAm.exe
  C:\Windows\System\HLgAUAm.exe
  2⤵
  PID:4608
- C:\Windows\System\xCndzgx.exe
  C:\Windows\System\xCndzgx.exe
  2⤵
  PID:4624
- C:\Windows\System\gjYWqHW.exe
  C:\Windows\System\gjYWqHW.exe
  2⤵
  PID:4640
- C:\Windows\System\vNVyBKl.exe
  C:\Windows\System\vNVyBKl.exe
  2⤵
  PID:4656
- C:\Windows\System\QzYqFNF.exe
  C:\Windows\System\QzYqFNF.exe
  2⤵
  PID:4672
- C:\Windows\System\tSSvgab.exe
  C:\Windows\System\tSSvgab.exe
  2⤵
  PID:4696
- C:\Windows\System\EGLvaOA.exe
  C:\Windows\System\EGLvaOA.exe
  2⤵
  PID:4716
- C:\Windows\System\bXvvJuj.exe
  C:\Windows\System\bXvvJuj.exe
  2⤵
  PID:4732
- C:\Windows\System\GhWKzxX.exe
  C:\Windows\System\GhWKzxX.exe
  2⤵
  PID:4748
- C:\Windows\System\sdMUVtJ.exe
  C:\Windows\System\sdMUVtJ.exe
  2⤵
  PID:4764
- C:\Windows\System\kKPOSfO.exe
  C:\Windows\System\kKPOSfO.exe
  2⤵
  PID:4784
- C:\Windows\System\RqNqtRz.exe
  C:\Windows\System\RqNqtRz.exe
  2⤵
  PID:4800
- C:\Windows\System\IsfQEdb.exe
  C:\Windows\System\IsfQEdb.exe
  2⤵
  PID:4816
- C:\Windows\System\AmFRBEL.exe
  C:\Windows\System\AmFRBEL.exe
  2⤵
  PID:4832
- C:\Windows\System\XbAEsAw.exe
  C:\Windows\System\XbAEsAw.exe
  2⤵
  PID:4848
- C:\Windows\System\wqByqot.exe
  C:\Windows\System\wqByqot.exe
  2⤵
  PID:4864
- C:\Windows\System\ksqtySp.exe
  C:\Windows\System\ksqtySp.exe
  2⤵
  PID:4880
- C:\Windows\System\LHephfL.exe
  C:\Windows\System\LHephfL.exe
  2⤵
  PID:4896
- C:\Windows\System\YvAjuoP.exe
  C:\Windows\System\YvAjuoP.exe
  2⤵
  PID:4912
- C:\Windows\System\dEdMLfl.exe
  C:\Windows\System\dEdMLfl.exe
  2⤵
  PID:4928
- C:\Windows\System\MCTDCSK.exe
  C:\Windows\System\MCTDCSK.exe
  2⤵
  PID:4944
- C:\Windows\System\UcJUzaa.exe
  C:\Windows\System\UcJUzaa.exe
  2⤵
  PID:4960
- C:\Windows\System\TgJOYRd.exe
  C:\Windows\System\TgJOYRd.exe
  2⤵
  PID:4976
- C:\Windows\System\eOikaBa.exe
  C:\Windows\System\eOikaBa.exe
  2⤵
  PID:4992
- C:\Windows\System\ZfMOCod.exe
  C:\Windows\System\ZfMOCod.exe
  2⤵
  PID:5008
- C:\Windows\System\lIIrsMe.exe
  C:\Windows\System\lIIrsMe.exe
  2⤵
  PID:5024
- C:\Windows\System\SnqCXzG.exe
  C:\Windows\System\SnqCXzG.exe
  2⤵
  PID:5040
- C:\Windows\System\LbxyoLR.exe
  C:\Windows\System\LbxyoLR.exe
  2⤵
  PID:5056
- C:\Windows\System\bTyesMU.exe
  C:\Windows\System\bTyesMU.exe
  2⤵
  PID:5072
- C:\Windows\System\AaHPldM.exe
  C:\Windows\System\AaHPldM.exe
  2⤵
  PID:5088
- C:\Windows\System\REBcfVp.exe
  C:\Windows\System\REBcfVp.exe
  2⤵
  PID:5104
- C:\Windows\System\Vkzjrzl.exe
  C:\Windows\System\Vkzjrzl.exe
  2⤵
  PID:3204
- C:\Windows\System\aJtxOwx.exe
  C:\Windows\System\aJtxOwx.exe
  2⤵
  PID:3928
- C:\Windows\System\qpLvCdd.exe
  C:\Windows\System\qpLvCdd.exe
  2⤵
  PID:3184
- C:\Windows\System\YnrEOTp.exe
  C:\Windows\System\YnrEOTp.exe
  2⤵
  PID:4148
- C:\Windows\System\JemFjxW.exe
  C:\Windows\System\JemFjxW.exe
  2⤵
  PID:4200
- C:\Windows\System\qBXWQlo.exe
  C:\Windows\System\qBXWQlo.exe
  2⤵
  PID:3808
- C:\Windows\System\OwcGMBT.exe
  C:\Windows\System\OwcGMBT.exe
  2⤵
  PID:1332
- C:\Windows\System\FJGNbxT.exe
  C:\Windows\System\FJGNbxT.exe
  2⤵
  PID:4136
- C:\Windows\System\HeUkDaz.exe
  C:\Windows\System\HeUkDaz.exe
  2⤵
  PID:3700
- C:\Windows\System\UpTfmKZ.exe
  C:\Windows\System\UpTfmKZ.exe
  2⤵
  PID:4196
- C:\Windows\System\VWZehEE.exe
  C:\Windows\System\VWZehEE.exe
  2⤵
  PID:4224
- C:\Windows\System\IQBSCfD.exe
  C:\Windows\System\IQBSCfD.exe
  2⤵
  PID:4300
- C:\Windows\System\hTQwwcO.exe
  C:\Windows\System\hTQwwcO.exe
  2⤵
  PID:4332
- C:\Windows\System\VdcoxBJ.exe
  C:\Windows\System\VdcoxBJ.exe
  2⤵
  PID:4372
- C:\Windows\System\NLPsjVb.exe
  C:\Windows\System\NLPsjVb.exe
  2⤵
  PID:4432
- C:\Windows\System\RClEawZ.exe
  C:\Windows\System\RClEawZ.exe
  2⤵
  PID:4480
- C:\Windows\System\QYTZsnO.exe
  C:\Windows\System\QYTZsnO.exe
  2⤵
  PID:4248
- C:\Windows\System\dfXZbDS.exe
  C:\Windows\System\dfXZbDS.exe
  2⤵
  PID:4564
- C:\Windows\System\AoqnMGm.exe
  C:\Windows\System\AoqnMGm.exe
  2⤵
  PID:4284
- C:\Windows\System\UNxLYFK.exe
  C:\Windows\System\UNxLYFK.exe
  2⤵
  PID:4388
- C:\Windows\System\uOOSdtI.exe
  C:\Windows\System\uOOSdtI.exe
  2⤵
  PID:4452
- C:\Windows\System\gcMZoia.exe
  C:\Windows\System\gcMZoia.exe
  2⤵
  PID:4500
- C:\Windows\System\pZBxoxL.exe
  C:\Windows\System\pZBxoxL.exe
  2⤵
  PID:4604
- C:\Windows\System\HvfxHwr.exe
  C:\Windows\System\HvfxHwr.exe
  2⤵
  PID:4580
- C:\Windows\System\oLNVLeF.exe
  C:\Windows\System\oLNVLeF.exe
  2⤵
  PID:4352
- C:\Windows\System\jkvzKxM.exe
  C:\Windows\System\jkvzKxM.exe
  2⤵
  PID:4724
- C:\Windows\System\rOGPpQg.exe
  C:\Windows\System\rOGPpQg.exe
  2⤵
  PID:4620
- C:\Windows\System\TVGVYyA.exe
  C:\Windows\System\TVGVYyA.exe
  2⤵
  PID:4684
- C:\Windows\System\lBodSzV.exe
  C:\Windows\System\lBodSzV.exe
  2⤵
  PID:4744
- C:\Windows\System\qXksEEi.exe
  C:\Windows\System\qXksEEi.exe
  2⤵
  PID:4808
- C:\Windows\System\AMOSHpu.exe
  C:\Windows\System\AMOSHpu.exe
  2⤵
  PID:4872
- C:\Windows\System\oszmOEt.exe
  C:\Windows\System\oszmOEt.exe
  2⤵
  PID:4792
- C:\Windows\System\lQcslvI.exe
  C:\Windows\System\lQcslvI.exe
  2⤵
  PID:4756
- C:\Windows\System\JsEVJNT.exe
  C:\Windows\System\JsEVJNT.exe
  2⤵
  PID:4940
- C:\Windows\System\sdsaLDb.exe
  C:\Windows\System\sdsaLDb.exe
  2⤵
  PID:5004
- C:\Windows\System\pfUCmKW.exe
  C:\Windows\System\pfUCmKW.exe
  2⤵
  PID:4952
- C:\Windows\System\qHKpmVT.exe
  C:\Windows\System\qHKpmVT.exe
  2⤵
  PID:4824
- C:\Windows\System\IDmVbcz.exe
  C:\Windows\System\IDmVbcz.exe
  2⤵
  PID:5016
- C:\Windows\System\QdvDXXt.exe
  C:\Windows\System\QdvDXXt.exe
  2⤵
  PID:5096
- C:\Windows\System\wVjGOpr.exe
  C:\Windows\System\wVjGOpr.exe
  2⤵
  PID:3412
- C:\Windows\System\lQrUlvh.exe
  C:\Windows\System\lQrUlvh.exe
  2⤵
  PID:5084
- C:\Windows\System\tBqvZWr.exe
  C:\Windows\System\tBqvZWr.exe
  2⤵
  PID:4104
- C:\Windows\System\tSBCbQN.exe
  C:\Windows\System\tSBCbQN.exe
  2⤵
  PID:4192
- C:\Windows\System\UgRBhmT.exe
  C:\Windows\System\UgRBhmT.exe
  2⤵
  PID:4128
- C:\Windows\System\tdGvEUg.exe
  C:\Windows\System\tdGvEUg.exe
  2⤵
  PID:4264
- C:\Windows\System\ctrMaiS.exe
  C:\Windows\System\ctrMaiS.exe
  2⤵
  PID:4176
- C:\Windows\System\ZyPrIWs.exe
  C:\Windows\System\ZyPrIWs.exe
  2⤵
  PID:4468
- C:\Windows\System\WEFtHcq.exe
  C:\Windows\System\WEFtHcq.exe
  2⤵
  PID:4316
- C:\Windows\System\itKNpqV.exe
  C:\Windows\System\itKNpqV.exe
  2⤵
  PID:4636
- C:\Windows\System\QBoAezI.exe
  C:\Windows\System\QBoAezI.exe
  2⤵
  PID:4712
- C:\Windows\System\tRJQYgz.exe
  C:\Windows\System\tRJQYgz.exe
  2⤵
  PID:4252
- C:\Windows\System\JaurOvi.exe
  C:\Windows\System\JaurOvi.exe
  2⤵
  PID:4536
- C:\Windows\System\kMUnJSt.exe
  C:\Windows\System\kMUnJSt.exe
  2⤵
  PID:4740
- C:\Windows\System\vNWsXnD.exe
  C:\Windows\System\vNWsXnD.exe
  2⤵
  PID:4776
- C:\Windows\System\ezwHFvP.exe
  C:\Windows\System\ezwHFvP.exe
  2⤵
  PID:4840
- C:\Windows\System\Smvjcmi.exe
  C:\Windows\System\Smvjcmi.exe
  2⤵
  PID:4796
- C:\Windows\System\XaLKFSp.exe
  C:\Windows\System\XaLKFSp.exe
  2⤵
  PID:4972
- C:\Windows\System\KPtxfHK.exe
  C:\Windows\System\KPtxfHK.exe
  2⤵
  PID:4984
- C:\Windows\System\ihYjmHe.exe
  C:\Windows\System\ihYjmHe.exe
  2⤵
  PID:5100
- C:\Windows\System\pTjdDoq.exe
  C:\Windows\System\pTjdDoq.exe
  2⤵
  PID:5068
- C:\Windows\System\GHAimCn.exe
  C:\Windows\System\GHAimCn.exe
  2⤵
  PID:4156
- C:\Windows\System\eQLGZlJ.exe
  C:\Windows\System\eQLGZlJ.exe
  2⤵
  PID:4212
- C:\Windows\System\QgsmtLY.exe
  C:\Windows\System\QgsmtLY.exe
  2⤵
  PID:4172
- C:\Windows\System\khZDTDm.exe
  C:\Windows\System\khZDTDm.exe
  2⤵
  PID:4420
- C:\Windows\System\wdYsIdK.exe
  C:\Windows\System\wdYsIdK.exe
  2⤵
  PID:4328
- C:\Windows\System\ntSNHOU.exe
  C:\Windows\System\ntSNHOU.exe
  2⤵
  PID:4520
- C:\Windows\System\FMGVCFS.exe
  C:\Windows\System\FMGVCFS.exe
  2⤵
  PID:4904
- C:\Windows\System\dBGrgdN.exe
  C:\Windows\System\dBGrgdN.exe
  2⤵
  PID:4920
- C:\Windows\System\xWCiPrE.exe
  C:\Windows\System\xWCiPrE.exe
  2⤵
  PID:5036
- C:\Windows\System\advyiWq.exe
  C:\Windows\System\advyiWq.exe
  2⤵
  PID:3804
- C:\Windows\System\QmfqvfI.exe
  C:\Windows\System\QmfqvfI.exe
  2⤵
  PID:4048
- C:\Windows\System\VIVVIdZ.exe
  C:\Windows\System\VIVVIdZ.exe
  2⤵
  PID:4560
- C:\Windows\System\npYUmKh.exe
  C:\Windows\System\npYUmKh.exe
  2⤵
  PID:4652
- C:\Windows\System\dfbnTBO.exe
  C:\Windows\System\dfbnTBO.exe
  2⤵
  PID:4368
- C:\Windows\System\AVKnprM.exe
  C:\Windows\System\AVKnprM.exe
  2⤵
  PID:4228
- C:\Windows\System\uZUQcWC.exe
  C:\Windows\System\uZUQcWC.exe
  2⤵
  PID:4232
- C:\Windows\System\QtXmLcp.exe
  C:\Windows\System\QtXmLcp.exe
  2⤵
  PID:4888
- C:\Windows\System\bloiCFu.exe
  C:\Windows\System\bloiCFu.exe
  2⤵
  PID:4556
- C:\Windows\System\eZdhQeY.exe
  C:\Windows\System\eZdhQeY.exe
  2⤵
  PID:4516
- C:\Windows\System\eCDPcHM.exe
  C:\Windows\System\eCDPcHM.exe
  2⤵
  PID:5136
- C:\Windows\System\mMqlEiS.exe
  C:\Windows\System\mMqlEiS.exe
  2⤵
  PID:5152
- C:\Windows\System\ZslJrtn.exe
  C:\Windows\System\ZslJrtn.exe
  2⤵
  PID:5168
- C:\Windows\System\CXcDoAt.exe
  C:\Windows\System\CXcDoAt.exe
  2⤵
  PID:5184
- C:\Windows\System\NpHBeTK.exe
  C:\Windows\System\NpHBeTK.exe
  2⤵
  PID:5200
- C:\Windows\System\ZzoLMKR.exe
  C:\Windows\System\ZzoLMKR.exe
  2⤵
  PID:5216
- C:\Windows\System\zsSXRdG.exe
  C:\Windows\System\zsSXRdG.exe
  2⤵
  PID:5232
- C:\Windows\System\eYJoFOl.exe
  C:\Windows\System\eYJoFOl.exe
  2⤵
  PID:5248
- C:\Windows\System\hCrPwCo.exe
  C:\Windows\System\hCrPwCo.exe
  2⤵
  PID:5264
- C:\Windows\System\yFShsPV.exe
  C:\Windows\System\yFShsPV.exe
  2⤵
  PID:5280
- C:\Windows\System\FpIUkiF.exe
  C:\Windows\System\FpIUkiF.exe
  2⤵
  PID:5296
- C:\Windows\System\KNSKqaQ.exe
  C:\Windows\System\KNSKqaQ.exe
  2⤵
  PID:5312
- C:\Windows\System\NBxsADy.exe
  C:\Windows\System\NBxsADy.exe
  2⤵
  PID:5328
- C:\Windows\System\jMktAqe.exe
  C:\Windows\System\jMktAqe.exe
  2⤵
  PID:5344
- C:\Windows\System\qWpMfCB.exe
  C:\Windows\System\qWpMfCB.exe
  2⤵
  PID:5368
- C:\Windows\System\oLiekyC.exe
  C:\Windows\System\oLiekyC.exe
  2⤵
  PID:5388
- C:\Windows\System\hobcVis.exe
  C:\Windows\System\hobcVis.exe
  2⤵
  PID:5404
- C:\Windows\System\zJbbXyY.exe
  C:\Windows\System\zJbbXyY.exe
  2⤵
  PID:5420
- C:\Windows\System\ZAKNJMg.exe
  C:\Windows\System\ZAKNJMg.exe
  2⤵
  PID:5436
- C:\Windows\System\bBtpHtH.exe
  C:\Windows\System\bBtpHtH.exe
  2⤵
  PID:5452
- C:\Windows\System\AHyrlnn.exe
  C:\Windows\System\AHyrlnn.exe
  2⤵
  PID:5468
- C:\Windows\System\oAdkIhd.exe
  C:\Windows\System\oAdkIhd.exe
  2⤵
  PID:5484
- C:\Windows\System\LocaWvt.exe
  C:\Windows\System\LocaWvt.exe
  2⤵
  PID:5504
- C:\Windows\System\hfjTVaY.exe
  C:\Windows\System\hfjTVaY.exe
  2⤵
  PID:5520
- C:\Windows\System\YVQYAuQ.exe
  C:\Windows\System\YVQYAuQ.exe
  2⤵
  PID:5540
- C:\Windows\System\HygzWKw.exe
  C:\Windows\System\HygzWKw.exe
  2⤵
  PID:5560
- C:\Windows\System\rlylHrz.exe
  C:\Windows\System\rlylHrz.exe
  2⤵
  PID:5576
- C:\Windows\System\ePmmejv.exe
  C:\Windows\System\ePmmejv.exe
  2⤵
  PID:5592
- C:\Windows\System\hEqPkXY.exe
  C:\Windows\System\hEqPkXY.exe
  2⤵
  PID:5608
- C:\Windows\System\DziwPsB.exe
  C:\Windows\System\DziwPsB.exe
  2⤵
  PID:5624
- C:\Windows\System\dQQGyiY.exe
  C:\Windows\System\dQQGyiY.exe
  2⤵
  PID:5640
- C:\Windows\System\CxEtkBK.exe
  C:\Windows\System\CxEtkBK.exe
  2⤵
  PID:5656
- C:\Windows\System\xDOTxra.exe
  C:\Windows\System\xDOTxra.exe
  2⤵
  PID:5676
- C:\Windows\System\UhjdyjE.exe
  C:\Windows\System\UhjdyjE.exe
  2⤵
  PID:5692
- C:\Windows\System\XucLtxD.exe
  C:\Windows\System\XucLtxD.exe
  2⤵
  PID:5208
- C:\Windows\System\HBhwokm.exe
  C:\Windows\System\HBhwokm.exe
  2⤵
  PID:5240
- C:\Windows\System\ffDYSQi.exe
  C:\Windows\System\ffDYSQi.exe
  2⤵
  PID:5324
- C:\Windows\System\ZHmqLWv.exe
  C:\Windows\System\ZHmqLWv.exe
  2⤵
  PID:5272
- C:\Windows\System\RZvSVwP.exe
  C:\Windows\System\RZvSVwP.exe
  2⤵
  PID:5340
- C:\Windows\System\lOWqJxL.exe
  C:\Windows\System\lOWqJxL.exe
  2⤵
  PID:5304
- C:\Windows\System\RaSxNdW.exe
  C:\Windows\System\RaSxNdW.exe
  2⤵
  PID:5416
- C:\Windows\System\nGdNhbq.exe
  C:\Windows\System\nGdNhbq.exe
  2⤵
  PID:5464
- C:\Windows\System\NGVRLnI.exe
  C:\Windows\System\NGVRLnI.exe
  2⤵
  PID:5480
- C:\Windows\System\jjxhaMH.exe
  C:\Windows\System\jjxhaMH.exe
  2⤵
  PID:5528
- C:\Windows\System\TyQxuVw.exe
  C:\Windows\System\TyQxuVw.exe
  2⤵
  PID:5536
- C:\Windows\System\qudyMdr.exe
  C:\Windows\System\qudyMdr.exe
  2⤵
  PID:5604
- C:\Windows\System\UxMdbmJ.exe
  C:\Windows\System\UxMdbmJ.exe
  2⤵
  PID:5556
- C:\Windows\System\thjkYWk.exe
  C:\Windows\System\thjkYWk.exe
  2⤵
  PID:5588
- C:\Windows\System\ncBIptu.exe
  C:\Windows\System\ncBIptu.exe
  2⤵
  PID:5708
- C:\Windows\System\uGJUqWt.exe
  C:\Windows\System\uGJUqWt.exe
  2⤵
  PID:5728
- C:\Windows\System\OUxdrmT.exe
  C:\Windows\System\OUxdrmT.exe
  2⤵
  PID:5744
- C:\Windows\System\bZKGnNt.exe
  C:\Windows\System\bZKGnNt.exe
  2⤵
  PID:5760
- C:\Windows\System\NKEWSQG.exe
  C:\Windows\System\NKEWSQG.exe
  2⤵
  PID:5776
- C:\Windows\System\PcUvipb.exe
  C:\Windows\System\PcUvipb.exe
  2⤵
  PID:5796
- C:\Windows\System\ZzIUOHP.exe
  C:\Windows\System\ZzIUOHP.exe
  2⤵
  PID:5812
- C:\Windows\System\fsUqgGF.exe
  C:\Windows\System\fsUqgGF.exe
  2⤵
  PID:5868
- C:\Windows\System\lhkLDcd.exe
  C:\Windows\System\lhkLDcd.exe
  2⤵
  PID:5892
- C:\Windows\System\bOFiyhm.exe
  C:\Windows\System\bOFiyhm.exe
  2⤵
  PID:5908
- C:\Windows\System\nUOGuxb.exe
  C:\Windows\System\nUOGuxb.exe
  2⤵
  PID:5928
- C:\Windows\System\fdgybBg.exe
  C:\Windows\System\fdgybBg.exe
  2⤵
  PID:4616
- C:\Windows\System\qZCCnrd.exe
  C:\Windows\System\qZCCnrd.exe
  2⤵
  PID:5956
- C:\Windows\System\tPEzOpo.exe
  C:\Windows\System\tPEzOpo.exe
  2⤵
  PID:5972
- C:\Windows\System\dPVDtUJ.exe
  C:\Windows\System\dPVDtUJ.exe
  2⤵
  PID:6008
- C:\Windows\System\xuxVNzm.exe
  C:\Windows\System\xuxVNzm.exe
  2⤵
  PID:6028
- C:\Windows\System\vbNpdWq.exe
  C:\Windows\System\vbNpdWq.exe
  2⤵
  PID:6048
- C:\Windows\System\rBNGGpQ.exe
  C:\Windows\System\rBNGGpQ.exe
  2⤵
  PID:6068
- C:\Windows\System\GsjAKvt.exe
  C:\Windows\System\GsjAKvt.exe
  2⤵
  PID:6088
- C:\Windows\System\YvqhlOP.exe
  C:\Windows\System\YvqhlOP.exe
  2⤵
  PID:6104
- C:\Windows\System\YIfEHyy.exe
  C:\Windows\System\YIfEHyy.exe
  2⤵
  PID:6128
- C:\Windows\System\ncBcIlD.exe
  C:\Windows\System\ncBcIlD.exe
  2⤵
  PID:4856
- C:\Windows\System\ZxRKwPi.exe
  C:\Windows\System\ZxRKwPi.exe
  2⤵
  PID:5164
- C:\Windows\System\sOUIKsg.exe
  C:\Windows\System\sOUIKsg.exe
  2⤵
  PID:5148
- C:\Windows\System\kitnGvb.exe
  C:\Windows\System\kitnGvb.exe
  2⤵
  PID:5704
- C:\Windows\System\sMgoDiY.exe
  C:\Windows\System\sMgoDiY.exe
  2⤵
  PID:5260
- C:\Windows\System\FKjWylj.exe
  C:\Windows\System\FKjWylj.exe
  2⤵
  PID:5364
- C:\Windows\System\lCrwEfD.exe
  C:\Windows\System\lCrwEfD.exe
  2⤵
  PID:5448
- C:\Windows\System\eorAHZe.exe
  C:\Windows\System\eorAHZe.exe
  2⤵
  PID:5664
- C:\Windows\System\iDneWfo.exe
  C:\Windows\System\iDneWfo.exe
  2⤵
  PID:5276
- C:\Windows\System\KBzpUKW.exe
  C:\Windows\System\KBzpUKW.exe
  2⤵
  PID:5652
- C:\Windows\System\yycbJwj.exe
  C:\Windows\System\yycbJwj.exe
  2⤵
  PID:5768
- C:\Windows\System\dWIcyAp.exe
  C:\Windows\System\dWIcyAp.exe
  2⤵
  PID:5716
- C:\Windows\System\NDPsuVb.exe
  C:\Windows\System\NDPsuVb.exe
  2⤵
  PID:5824
- C:\Windows\System\qPPaZUO.exe
  C:\Windows\System\qPPaZUO.exe
  2⤵
  PID:5756
- C:\Windows\System\ungqSaK.exe
  C:\Windows\System\ungqSaK.exe
  2⤵
  PID:5648
- C:\Windows\System\kKHnZEA.exe
  C:\Windows\System\kKHnZEA.exe
  2⤵
  PID:5496
- C:\Windows\System\OszvVqY.exe
  C:\Windows\System\OszvVqY.exe
  2⤵
  PID:5848
- C:\Windows\System\mynNapV.exe
  C:\Windows\System\mynNapV.exe
  2⤵
  PID:5864
- C:\Windows\System\HgaweWH.exe
  C:\Windows\System\HgaweWH.exe
  2⤵
  PID:5888
- C:\Windows\System\TnlXkTs.exe
  C:\Windows\System\TnlXkTs.exe
  2⤵
  PID:5904
- C:\Windows\System\RRRkqVP.exe
  C:\Windows\System\RRRkqVP.exe
  2⤵
  PID:6016
- C:\Windows\System\ejEKNyJ.exe
  C:\Windows\System\ejEKNyJ.exe
  2⤵
  PID:6044
- C:\Windows\System\rWEHXNg.exe
  C:\Windows\System\rWEHXNg.exe
  2⤵
  PID:6064
- C:\Windows\System\bTxNukt.exe
  C:\Windows\System\bTxNukt.exe
  2⤵
  PID:6100
- C:\Windows\System\TRMipmL.exe
  C:\Windows\System\TRMipmL.exe
  2⤵
  PID:5132
- C:\Windows\System\AYpCvdI.exe
  C:\Windows\System\AYpCvdI.exe
  2⤵
  PID:5192
- C:\Windows\System\SEbACRs.exe
  C:\Windows\System\SEbACRs.exe
  2⤵
  PID:4692
- C:\Windows\System\nnZYUKV.exe
  C:\Windows\System\nnZYUKV.exe
  2⤵
  PID:5788
- C:\Windows\System\BnFkpMB.exe
  C:\Windows\System\BnFkpMB.exe
  2⤵
  PID:5384
- C:\Windows\System\LiGncsb.exe
  C:\Windows\System\LiGncsb.exe
  2⤵
  PID:5532
- C:\Windows\System\YZCDuLs.exe
  C:\Windows\System\YZCDuLs.exe
  2⤵
  PID:5700
- C:\Windows\System\eMiFRuG.exe
  C:\Windows\System\eMiFRuG.exe
  2⤵
  PID:5568
- C:\Windows\System\HdGRkcZ.exe
  C:\Windows\System\HdGRkcZ.exe
  2⤵
  PID:5724
- C:\Windows\System\PvYXFzO.exe
  C:\Windows\System\PvYXFzO.exe
  2⤵
  PID:5876
- C:\Windows\System\iAaZGcV.exe
  C:\Windows\System\iAaZGcV.exe
  2⤵
  PID:5400
- C:\Windows\System\zCOyQPA.exe
  C:\Windows\System\zCOyQPA.exe
  2⤵
  PID:5996
- C:\Windows\System\efTLiaC.exe
  C:\Windows\System\efTLiaC.exe
  2⤵
  PID:5900
- C:\Windows\System\xxUEGIj.exe
  C:\Windows\System\xxUEGIj.exe
  2⤵
  PID:6084
- C:\Windows\System\bqGOXFI.exe
  C:\Windows\System\bqGOXFI.exe
  2⤵
  PID:5288
- C:\Windows\System\GluYBMd.exe
  C:\Windows\System\GluYBMd.exe
  2⤵
  PID:5516
- C:\Windows\System\kAhDJaz.exe
  C:\Windows\System\kAhDJaz.exe
  2⤵
  PID:5460
- C:\Windows\System\hvvNbxj.exe
  C:\Windows\System\hvvNbxj.exe
  2⤵
  PID:5880
- C:\Windows\System\QFRDHTh.exe
  C:\Windows\System\QFRDHTh.exe
  2⤵
  PID:6124
- C:\Windows\System\BwfEsyp.exe
  C:\Windows\System\BwfEsyp.exe
  2⤵
  PID:5636
- C:\Windows\System\sxLnOuU.exe
  C:\Windows\System\sxLnOuU.exe
  2⤵
  PID:5740
- C:\Windows\System\iToiPOc.exe
  C:\Windows\System\iToiPOc.exe
  2⤵
  PID:5980
- C:\Windows\System\KvPcDAj.exe
  C:\Windows\System\KvPcDAj.exe
  2⤵
  PID:6024
- C:\Windows\System\WHQkHoU.exe
  C:\Windows\System\WHQkHoU.exe
  2⤵
  PID:4336
- C:\Windows\System\CehVpZO.exe
  C:\Windows\System\CehVpZO.exe
  2⤵
  PID:5924
- C:\Windows\System\AKFYXWm.exe
  C:\Windows\System\AKFYXWm.exe
  2⤵
  PID:5228
- C:\Windows\System\AlcvyDC.exe
  C:\Windows\System\AlcvyDC.exe
  2⤵
  PID:6112
- C:\Windows\System\YjMjrOU.exe
  C:\Windows\System\YjMjrOU.exe
  2⤵
  PID:6120
- C:\Windows\System\rUXKArm.exe
  C:\Windows\System\rUXKArm.exe
  2⤵
  PID:5844
- C:\Windows\System\fkTFCaV.exe
  C:\Windows\System\fkTFCaV.exe
  2⤵
  PID:5936
- C:\Windows\System\pCvnDDm.exe
  C:\Windows\System\pCvnDDm.exe
  2⤵
  PID:6036
- C:\Windows\System\UMGFhNF.exe
  C:\Windows\System\UMGFhNF.exe
  2⤵
  PID:6040
- C:\Windows\System\IEckMvF.exe
  C:\Windows\System\IEckMvF.exe
  2⤵
  PID:6164
- C:\Windows\System\HtrmNbn.exe
  C:\Windows\System\HtrmNbn.exe
  2⤵
  PID:6184
- C:\Windows\System\huDOKWk.exe
  C:\Windows\System\huDOKWk.exe
  2⤵
  PID:6208
- C:\Windows\System\fZzFHHa.exe
  C:\Windows\System\fZzFHHa.exe
  2⤵
  PID:6232
- C:\Windows\System\QjiGGHt.exe
  C:\Windows\System\QjiGGHt.exe
  2⤵
  PID:6248
- C:\Windows\System\BPDcgbL.exe
  C:\Windows\System\BPDcgbL.exe
  2⤵
  PID:6264
- C:\Windows\System\VchRrOM.exe
  C:\Windows\System\VchRrOM.exe
  2⤵
  PID:6288
- C:\Windows\System\pGaLoLX.exe
  C:\Windows\System\pGaLoLX.exe
  2⤵
  PID:6304
- C:\Windows\System\CXtNSpZ.exe
  C:\Windows\System\CXtNSpZ.exe
  2⤵
  PID:6320
- C:\Windows\System\XvcghAg.exe
  C:\Windows\System\XvcghAg.exe
  2⤵
  PID:6336
- C:\Windows\System\bgqXKIk.exe
  C:\Windows\System\bgqXKIk.exe
  2⤵
  PID:6356
- C:\Windows\System\KHDEmGx.exe
  C:\Windows\System\KHDEmGx.exe
  2⤵
  PID:6376
- C:\Windows\System\JMfhzhZ.exe
  C:\Windows\System\JMfhzhZ.exe
  2⤵
  PID:6392
- C:\Windows\System\iiVrfMq.exe
  C:\Windows\System\iiVrfMq.exe
  2⤵
  PID:6428
- C:\Windows\System\LzVvQvF.exe
  C:\Windows\System\LzVvQvF.exe
  2⤵
  PID:6448
- C:\Windows\System\ohKTegS.exe
  C:\Windows\System\ohKTegS.exe
  2⤵
  PID:6476
- C:\Windows\System\nlAezoG.exe
  C:\Windows\System\nlAezoG.exe
  2⤵
  PID:6492
- C:\Windows\System\WuGZbRV.exe
  C:\Windows\System\WuGZbRV.exe
  2⤵
  PID:6512
- C:\Windows\System\qMiEVnM.exe
  C:\Windows\System\qMiEVnM.exe
  2⤵
  PID:6532
- C:\Windows\System\acKrkoV.exe
  C:\Windows\System\acKrkoV.exe
  2⤵
  PID:6548
- C:\Windows\System\rvTLTzs.exe
  C:\Windows\System\rvTLTzs.exe
  2⤵
  PID:6564
- C:\Windows\System\uwTmYFZ.exe
  C:\Windows\System\uwTmYFZ.exe
  2⤵
  PID:6584
- C:\Windows\System\UBfSGjj.exe
  C:\Windows\System\UBfSGjj.exe
  2⤵
  PID:6600
- C:\Windows\System\yUaYwnW.exe
  C:\Windows\System\yUaYwnW.exe
  2⤵
  PID:6616
- C:\Windows\System\bvXHmVc.exe
  C:\Windows\System\bvXHmVc.exe
  2⤵
  PID:6632
- C:\Windows\System\ZaimAOf.exe
  C:\Windows\System\ZaimAOf.exe
  2⤵
  PID:6672
- C:\Windows\System\LdHYbmH.exe
  C:\Windows\System\LdHYbmH.exe
  2⤵
  PID:6688
- C:\Windows\System\StDcpmX.exe
  C:\Windows\System\StDcpmX.exe
  2⤵
  PID:6708
- C:\Windows\System\rFTXqvY.exe
  C:\Windows\System\rFTXqvY.exe
  2⤵
  PID:6724
- C:\Windows\System\KRxreij.exe
  C:\Windows\System\KRxreij.exe
  2⤵
  PID:6740
- C:\Windows\System\PmjbSiX.exe
  C:\Windows\System\PmjbSiX.exe
  2⤵
  PID:6764
- C:\Windows\System\wqqcbuv.exe
  C:\Windows\System\wqqcbuv.exe
  2⤵
  PID:6780
- C:\Windows\System\kdpPTVR.exe
  C:\Windows\System\kdpPTVR.exe
  2⤵
  PID:6800
- C:\Windows\System\QibIWLM.exe
  C:\Windows\System\QibIWLM.exe
  2⤵
  PID:6816
- C:\Windows\System\zBZLRWO.exe
  C:\Windows\System\zBZLRWO.exe
  2⤵
  PID:6836
- C:\Windows\System\azEbJvO.exe
  C:\Windows\System\azEbJvO.exe
  2⤵
  PID:6860
- C:\Windows\System\tqjZpva.exe
  C:\Windows\System\tqjZpva.exe
  2⤵
  PID:6880
- C:\Windows\System\UYMHCcg.exe
  C:\Windows\System\UYMHCcg.exe
  2⤵
  PID:6896
- C:\Windows\System\tvPABls.exe
  C:\Windows\System\tvPABls.exe
  2⤵
  PID:6932
- C:\Windows\System\EgluMhD.exe
  C:\Windows\System\EgluMhD.exe
  2⤵
  PID:6948
- C:\Windows\System\jSVUwek.exe
  C:\Windows\System\jSVUwek.exe
  2⤵
  PID:6964
- C:\Windows\System\pJttzGT.exe
  C:\Windows\System\pJttzGT.exe
  2⤵
  PID:6984
- C:\Windows\System\MBxluUf.exe
  C:\Windows\System\MBxluUf.exe
  2⤵
  PID:7000
- C:\Windows\System\BQuVdBh.exe
  C:\Windows\System\BQuVdBh.exe
  2⤵
  PID:7020
- C:\Windows\System\CSmWOht.exe
  C:\Windows\System\CSmWOht.exe
  2⤵
  PID:7036
- C:\Windows\System\XuePBqu.exe
  C:\Windows\System\XuePBqu.exe
  2⤵
  PID:7056
- C:\Windows\System\bOAkyFf.exe
  C:\Windows\System\bOAkyFf.exe
  2⤵
  PID:7076
- C:\Windows\System\TObogjI.exe
  C:\Windows\System\TObogjI.exe
  2⤵
  PID:7116
- C:\Windows\System\MFMfyMT.exe
  C:\Windows\System\MFMfyMT.exe
  2⤵
  PID:7136
- C:\Windows\System\XHmkNcY.exe
  C:\Windows\System\XHmkNcY.exe
  2⤵
  PID:7156
- C:\Windows\System\ItaahwD.exe
  C:\Windows\System\ItaahwD.exe
  2⤵
  PID:5752
- C:\Windows\System\PltdVGW.exe
  C:\Windows\System\PltdVGW.exe
  2⤵
  PID:5968
- C:\Windows\System\CBmfICo.exe
  C:\Windows\System\CBmfICo.exe
  2⤵
  PID:6160
- C:\Windows\System\MwVHicN.exe
  C:\Windows\System\MwVHicN.exe
  2⤵
  PID:6152
- C:\Windows\System\DeAwfSM.exe
  C:\Windows\System\DeAwfSM.exe
  2⤵
  PID:6216
- C:\Windows\System\YmXfsJm.exe
  C:\Windows\System\YmXfsJm.exe
  2⤵
  PID:6228
- C:\Windows\System\IjFiHaW.exe
  C:\Windows\System\IjFiHaW.exe
  2⤵
  PID:6260
- C:\Windows\System\KyXWCpg.exe
  C:\Windows\System\KyXWCpg.exe
  2⤵
  PID:6328
- C:\Windows\System\rtnrHIg.exe
  C:\Windows\System\rtnrHIg.exe
  2⤵
  PID:6368
- C:\Windows\System\XWIChzK.exe
  C:\Windows\System\XWIChzK.exe
  2⤵
  PID:6424
- C:\Windows\System\CidpUEk.exe
  C:\Windows\System\CidpUEk.exe
  2⤵
  PID:6404
- C:\Windows\System\YXzFhtr.exe
  C:\Windows\System\YXzFhtr.exe
  2⤵
  PID:6440
- C:\Windows\System\vNaOYzv.exe
  C:\Windows\System\vNaOYzv.exe
  2⤵
  PID:6500
- C:\Windows\System\zWhHycp.exe
  C:\Windows\System\zWhHycp.exe
  2⤵
  PID:6544
- C:\Windows\System\wcaKiud.exe
  C:\Windows\System\wcaKiud.exe
  2⤵
  PID:6524
- C:\Windows\System\EZNMPdH.exe
  C:\Windows\System\EZNMPdH.exe
  2⤵
  PID:6608
- C:\Windows\System\ftZTGCP.exe
  C:\Windows\System\ftZTGCP.exe
  2⤵
  PID:6596
- C:\Windows\System\fViXKsx.exe
  C:\Windows\System\fViXKsx.exe
  2⤵
  PID:6660
- C:\Windows\System\ESiYvQY.exe
  C:\Windows\System\ESiYvQY.exe
  2⤵
  PID:6668
- C:\Windows\System\BZJsOYm.exe
  C:\Windows\System\BZJsOYm.exe
  2⤵
  PID:6700
- C:\Windows\System\lWgXXWj.exe
  C:\Windows\System\lWgXXWj.exe
  2⤵
  PID:6848
- C:\Windows\System\PcretwU.exe
  C:\Windows\System\PcretwU.exe
  2⤵
  PID:6824
- C:\Windows\System\yabvlDE.exe
  C:\Windows\System\yabvlDE.exe
  2⤵
  PID:6876
- C:\Windows\System\sKcDblc.exe
  C:\Windows\System\sKcDblc.exe
  2⤵
  PID:6716
- C:\Windows\System\BRGmGFM.exe
  C:\Windows\System\BRGmGFM.exe
  2⤵
  PID:6892
- C:\Windows\System\YpFgQxi.exe
  C:\Windows\System\YpFgQxi.exe
  2⤵
  PID:6976
- C:\Windows\System\DhWYxot.exe
  C:\Windows\System\DhWYxot.exe
  2⤵
  PID:7016
- C:\Windows\System\lJOhkJW.exe
  C:\Windows\System\lJOhkJW.exe
  2⤵
  PID:7084
- C:\Windows\System\ZaLlmeR.exe
  C:\Windows\System\ZaLlmeR.exe
  2⤵
  PID:7104
- C:\Windows\System\bChroVz.exe
  C:\Windows\System\bChroVz.exe
  2⤵
  PID:6924
- C:\Windows\System\qicHbTF.exe
  C:\Windows\System\qicHbTF.exe
  2⤵
  PID:6992
- C:\Windows\System\JoBPfLz.exe
  C:\Windows\System\JoBPfLz.exe
  2⤵
  PID:7064
- C:\Windows\System\jlScdbO.exe
  C:\Windows\System\jlScdbO.exe
  2⤵
  PID:5356
- C:\Windows\System\iEAjckI.exe
  C:\Windows\System\iEAjckI.exe
  2⤵
  PID:6312
- C:\Windows\System\IvMNSnk.exe
  C:\Windows\System\IvMNSnk.exe
  2⤵
  PID:6300
- C:\Windows\System\aOJDPjQ.exe
  C:\Windows\System\aOJDPjQ.exe
  2⤵
  PID:5792
- C:\Windows\System\RlCYoSL.exe
  C:\Windows\System\RlCYoSL.exe
  2⤵
  PID:6200
- C:\Windows\System\pVFdWyY.exe
  C:\Windows\System\pVFdWyY.exe
  2⤵
  PID:6400
- C:\Windows\System\VyGSGko.exe
  C:\Windows\System\VyGSGko.exe
  2⤵
  PID:6416
- C:\Windows\System\YSCZMix.exe
  C:\Windows\System\YSCZMix.exe
  2⤵
  PID:6504
- C:\Windows\System\FETpwoL.exe
  C:\Windows\System\FETpwoL.exe
  2⤵
  PID:6464
- C:\Windows\System\NBqgQdA.exe
  C:\Windows\System\NBqgQdA.exe
  2⤵
  PID:6560
- C:\Windows\System\AHBIxws.exe
  C:\Windows\System\AHBIxws.exe
  2⤵
  PID:6472
- C:\Windows\System\piEpTrh.exe
  C:\Windows\System\piEpTrh.exe
  2⤵
  PID:6812
- C:\Windows\System\fnHWmuh.exe
  C:\Windows\System\fnHWmuh.exe
  2⤵
  PID:6792
- C:\Windows\System\ewSDdaW.exe
  C:\Windows\System\ewSDdaW.exe
  2⤵
  PID:6460
- C:\Windows\System\TlFxsYo.exe
  C:\Windows\System\TlFxsYo.exe
  2⤵
  PID:6748
- C:\Windows\System\vARcPAV.exe
  C:\Windows\System\vARcPAV.exe
  2⤵
  PID:7048
- C:\Windows\System\tmaufhW.exe
  C:\Windows\System\tmaufhW.exe
  2⤵
  PID:7100
- C:\Windows\System\YVTYHvL.exe
  C:\Windows\System\YVTYHvL.exe
  2⤵
  PID:7092
- C:\Windows\System\xRnfrCQ.exe
  C:\Windows\System\xRnfrCQ.exe
  2⤵
  PID:6956
- C:\Windows\System\vWgXcCV.exe
  C:\Windows\System\vWgXcCV.exe
  2⤵
  PID:6220
- C:\Windows\System\eOVkGeu.exe
  C:\Windows\System\eOVkGeu.exe
  2⤵
  PID:7124
- C:\Windows\System\ujBHzpB.exe
  C:\Windows\System\ujBHzpB.exe
  2⤵
  PID:6244
- C:\Windows\System\kSrkIen.exe
  C:\Windows\System\kSrkIen.exe
  2⤵
  PID:6436
- C:\Windows\System\CJwCyQf.exe
  C:\Windows\System\CJwCyQf.exe
  2⤵
  PID:6856
- C:\Windows\System\EqDcyOp.exe
  C:\Windows\System\EqDcyOp.exe
  2⤵
  PID:6684
- C:\Windows\System\GjrCbxZ.exe
  C:\Windows\System\GjrCbxZ.exe
  2⤵
  PID:6412
- C:\Windows\System\tdKIrSW.exe
  C:\Windows\System\tdKIrSW.exe
  2⤵
  PID:6592
- C:\Windows\System\HTGbUNh.exe
  C:\Windows\System\HTGbUNh.exe
  2⤵
  PID:1000
- C:\Windows\System\TPnBHQx.exe
  C:\Windows\System\TPnBHQx.exe
  2⤵
  PID:6916
- C:\Windows\System\BnPEWAb.exe
  C:\Windows\System\BnPEWAb.exe
  2⤵
  PID:7032
- C:\Windows\System\pSJMTDg.exe
  C:\Windows\System\pSJMTDg.exe
  2⤵
  PID:6872
- C:\Windows\System\MDJNkmf.exe
  C:\Windows\System\MDJNkmf.exe
  2⤵
  PID:6408
- C:\Windows\System\qPpUjPO.exe
  C:\Windows\System\qPpUjPO.exe
  2⤵
  PID:6352
- C:\Windows\System\hIYhsFC.exe
  C:\Windows\System\hIYhsFC.exe
  2⤵
  PID:6696
- C:\Windows\System\jaZZPEc.exe
  C:\Windows\System\jaZZPEc.exe
  2⤵
  PID:6628
- C:\Windows\System\UlUwpKm.exe
  C:\Windows\System\UlUwpKm.exe
  2⤵
  PID:6276
- C:\Windows\System\BmGzCHH.exe
  C:\Windows\System\BmGzCHH.exe
  2⤵
  PID:6364
- C:\Windows\System\JxgCkXB.exe
  C:\Windows\System\JxgCkXB.exe
  2⤵
  PID:6772
- C:\Windows\System\qvfHGED.exe
  C:\Windows\System\qvfHGED.exe
  2⤵
  PID:7108
- C:\Windows\System\FvBmHyN.exe
  C:\Windows\System\FvBmHyN.exe
  2⤵
  PID:6680
- C:\Windows\System\UYEUfPX.exe
  C:\Windows\System\UYEUfPX.exe
  2⤵
  PID:6944
- C:\Windows\System\VKtCJkX.exe
  C:\Windows\System\VKtCJkX.exe
  2⤵
  PID:7192
- C:\Windows\System\lGHlBBZ.exe
  C:\Windows\System\lGHlBBZ.exe
  2⤵
  PID:7216
- C:\Windows\System\flqYzMm.exe
  C:\Windows\System\flqYzMm.exe
  2⤵
  PID:7252
- C:\Windows\System\JIiDDLW.exe
  C:\Windows\System\JIiDDLW.exe
  2⤵
  PID:7268
- C:\Windows\System\ofnSHEa.exe
  C:\Windows\System\ofnSHEa.exe
  2⤵
  PID:7284
- C:\Windows\System\WnzwbXn.exe
  C:\Windows\System\WnzwbXn.exe
  2⤵
  PID:7300
- C:\Windows\System\hObPXpq.exe
  C:\Windows\System\hObPXpq.exe
  2⤵
  PID:7316
- C:\Windows\System\KHkgqzj.exe
  C:\Windows\System\KHkgqzj.exe
  2⤵
  PID:7336
- C:\Windows\System\DlqHbsP.exe
  C:\Windows\System\DlqHbsP.exe
  2⤵
  PID:7352
- C:\Windows\System\kTMQuEi.exe
  C:\Windows\System\kTMQuEi.exe
  2⤵
  PID:7368
- C:\Windows\System\HPmAMmu.exe
  C:\Windows\System\HPmAMmu.exe
  2⤵
  PID:7384
- C:\Windows\System\KqcjxFh.exe
  C:\Windows\System\KqcjxFh.exe
  2⤵
  PID:7400
- C:\Windows\System\OoPhlKe.exe
  C:\Windows\System\OoPhlKe.exe
  2⤵
  PID:7420
- C:\Windows\System\pskAjJk.exe
  C:\Windows\System\pskAjJk.exe
  2⤵
  PID:7444
- C:\Windows\System\hvZNHcv.exe
  C:\Windows\System\hvZNHcv.exe
  2⤵
  PID:7460
- C:\Windows\System\rRFGuHN.exe
  C:\Windows\System\rRFGuHN.exe
  2⤵
  PID:7480
- C:\Windows\System\VpwfToJ.exe
  C:\Windows\System\VpwfToJ.exe
  2⤵
  PID:7496
- C:\Windows\System\LzSAFdk.exe
  C:\Windows\System\LzSAFdk.exe
  2⤵
  PID:7512
- C:\Windows\System\RTpOhTy.exe
  C:\Windows\System\RTpOhTy.exe
  2⤵
  PID:7528
- C:\Windows\System\qiuExpg.exe
  C:\Windows\System\qiuExpg.exe
  2⤵
  PID:7548
- C:\Windows\System\IXebqqI.exe
  C:\Windows\System\IXebqqI.exe
  2⤵
  PID:7564
- C:\Windows\System\mWzvIWt.exe
  C:\Windows\System\mWzvIWt.exe
  2⤵
  PID:7580
- C:\Windows\System\kIRqJRY.exe
  C:\Windows\System\kIRqJRY.exe
  2⤵
  PID:7608
- C:\Windows\System\WtodFst.exe
  C:\Windows\System\WtodFst.exe
  2⤵
  PID:7628
- C:\Windows\System\pNfyyvl.exe
  C:\Windows\System\pNfyyvl.exe
  2⤵
  PID:7664
- C:\Windows\System\NZOwqPX.exe
  C:\Windows\System\NZOwqPX.exe
  2⤵
  PID:7680
- C:\Windows\System\JiSgOus.exe
  C:\Windows\System\JiSgOus.exe
  2⤵
  PID:7728
- C:\Windows\System\yOHPjNO.exe
  C:\Windows\System\yOHPjNO.exe
  2⤵
  PID:7748
- C:\Windows\System\GphOxDv.exe
  C:\Windows\System\GphOxDv.exe
  2⤵
  PID:7764
- C:\Windows\System\MzkCapR.exe
  C:\Windows\System\MzkCapR.exe
  2⤵
  PID:7780
- C:\Windows\System\JwHeKVB.exe
  C:\Windows\System\JwHeKVB.exe
  2⤵
  PID:7796
- C:\Windows\System\YPmRNEU.exe
  C:\Windows\System\YPmRNEU.exe
  2⤵
  PID:7816
- C:\Windows\System\XmZJNzL.exe
  C:\Windows\System\XmZJNzL.exe
  2⤵
  PID:7832
- C:\Windows\System\EVAcBYu.exe
  C:\Windows\System\EVAcBYu.exe
  2⤵
  PID:7848
- C:\Windows\System\IeCbjlQ.exe
  C:\Windows\System\IeCbjlQ.exe
  2⤵
  PID:7868
- C:\Windows\System\mJTmgGC.exe
  C:\Windows\System\mJTmgGC.exe
  2⤵
  PID:7884
- C:\Windows\System\BxhKGbm.exe
  C:\Windows\System\BxhKGbm.exe
  2⤵
  PID:7928
- C:\Windows\System\QcvfmNU.exe
  C:\Windows\System\QcvfmNU.exe
  2⤵
  PID:7944
- C:\Windows\System\yUwTqhW.exe
  C:\Windows\System\yUwTqhW.exe
  2⤵
  PID:7960
- C:\Windows\System\lChdcAa.exe
  C:\Windows\System\lChdcAa.exe
  2⤵
  PID:7980
- C:\Windows\System\NpnPjfi.exe
  C:\Windows\System\NpnPjfi.exe
  2⤵
  PID:7996
- C:\Windows\System\duLkfze.exe
  C:\Windows\System\duLkfze.exe
  2⤵
  PID:8016
- C:\Windows\System\ILmeGsw.exe
  C:\Windows\System\ILmeGsw.exe
  2⤵
  PID:8032
- C:\Windows\System\KuLxZvP.exe
  C:\Windows\System\KuLxZvP.exe
  2⤵
  PID:8048
- C:\Windows\System\jNRgxWr.exe
  C:\Windows\System\jNRgxWr.exe
  2⤵
  PID:8064
- C:\Windows\System\DSnDcbf.exe
  C:\Windows\System\DSnDcbf.exe
  2⤵
  PID:8080
- C:\Windows\System\HWbVrde.exe
  C:\Windows\System\HWbVrde.exe
  2⤵
  PID:8096
- C:\Windows\System\GBTMNsU.exe
  C:\Windows\System\GBTMNsU.exe
  2⤵
  PID:8128
- C:\Windows\System\kTQBnxY.exe
  C:\Windows\System\kTQBnxY.exe
  2⤵
  PID:8144
- C:\Windows\System\jOSkNfy.exe
  C:\Windows\System\jOSkNfy.exe
  2⤵
  PID:8168
- C:\Windows\System\wakrihK.exe
  C:\Windows\System\wakrihK.exe
  2⤵
  PID:8184
- C:\Windows\System\qyOwNqx.exe
  C:\Windows\System\qyOwNqx.exe
  2⤵
  PID:6388
- C:\Windows\System\xWqgAGu.exe
  C:\Windows\System\xWqgAGu.exe
  2⤵
  PID:7188
- C:\Windows\System\cFBBPQe.exe
  C:\Windows\System\cFBBPQe.exe
  2⤵
  PID:6920
- C:\Windows\System\sJlwVEp.exe
  C:\Windows\System\sJlwVEp.exe
  2⤵
  PID:6520
- C:\Windows\System\eNjXgDx.exe
  C:\Windows\System\eNjXgDx.exe
  2⤵
  PID:7224
- C:\Windows\System\yPviAQZ.exe
  C:\Windows\System\yPviAQZ.exe
  2⤵
  PID:7244
- C:\Windows\System\sQZuQle.exe
  C:\Windows\System\sQZuQle.exe
  2⤵
  PID:6296
- C:\Windows\System\RVGRPuZ.exe
  C:\Windows\System\RVGRPuZ.exe
  2⤵
  PID:7248
- C:\Windows\System\GQVQSvJ.exe
  C:\Windows\System\GQVQSvJ.exe
  2⤵
  PID:7380
- C:\Windows\System\fXINkmg.exe
  C:\Windows\System\fXINkmg.exe
  2⤵
  PID:7456
- C:\Windows\System\jSsRzXM.exe
  C:\Windows\System\jSsRzXM.exe
  2⤵
  PID:7524
- C:\Windows\System\epIRZHk.exe
  C:\Windows\System\epIRZHk.exe
  2⤵
  PID:7592
- C:\Windows\System\ueIBcTC.exe
  C:\Windows\System\ueIBcTC.exe
  2⤵
  PID:7292
- C:\Windows\System\bXDlmba.exe
  C:\Windows\System\bXDlmba.exe
  2⤵
  PID:7428
- C:\Windows\System\vLHssBt.exe
  C:\Windows\System\vLHssBt.exe
  2⤵
  PID:7392
- C:\Windows\System\APnImhF.exe
  C:\Windows\System\APnImhF.exe
  2⤵
  PID:7468
- C:\Windows\System\SRWycqM.exe
  C:\Windows\System\SRWycqM.exe
  2⤵
  PID:7508
- C:\Windows\System\yUHJgpU.exe
  C:\Windows\System\yUHJgpU.exe
  2⤵
  PID:7616
- C:\Windows\System\VqiqwIZ.exe
  C:\Windows\System\VqiqwIZ.exe
  2⤵
  PID:7264
- C:\Windows\System\lwzQctU.exe
  C:\Windows\System\lwzQctU.exe
  2⤵
  PID:7656
- C:\Windows\System\rpvRuxL.exe
  C:\Windows\System\rpvRuxL.exe
  2⤵
  PID:7696
- C:\Windows\System\WrKJePz.exe
  C:\Windows\System\WrKJePz.exe
  2⤵
  PID:7672
- C:\Windows\System\EgWuCjX.exe
  C:\Windows\System\EgWuCjX.exe
  2⤵
  PID:7740
- C:\Windows\System\HriEGxi.exe
  C:\Windows\System\HriEGxi.exe
  2⤵
  PID:7760
- C:\Windows\System\OPhZVLu.exe
  C:\Windows\System\OPhZVLu.exe
  2⤵
  PID:7840
- C:\Windows\System\soeYdSZ.exe
  C:\Windows\System\soeYdSZ.exe
  2⤵
  PID:7940
- C:\Windows\System\gBYCxsQ.exe
  C:\Windows\System\gBYCxsQ.exe
  2⤵
  PID:8004
- C:\Windows\System\WQaVJLJ.exe
  C:\Windows\System\WQaVJLJ.exe
  2⤵
  PID:8104
- C:\Windows\System\AvLyNCT.exe
  C:\Windows\System\AvLyNCT.exe
  2⤵
  PID:8108
- C:\Windows\System\KBULIVq.exe
  C:\Windows\System\KBULIVq.exe
  2⤵
  PID:8152
- C:\Windows\System\QOKzORB.exe
  C:\Windows\System\QOKzORB.exe
  2⤵
  PID:6468
- C:\Windows\System\DwbgFWO.exe
  C:\Windows\System\DwbgFWO.exe
  2⤵
  PID:7504
- C:\Windows\System\gbKyGiq.exe
  C:\Windows\System\gbKyGiq.exe
  2⤵
  PID:7324
- C:\Windows\System\LGWDsVy.exe
  C:\Windows\System\LGWDsVy.exe
  2⤵
  PID:8088
- C:\Windows\System\wNwMUnV.exe
  C:\Windows\System\wNwMUnV.exe
  2⤵
  PID:7692
- C:\Windows\System\WYiohGf.exe
  C:\Windows\System\WYiohGf.exe
  2⤵
  PID:6556
- C:\Windows\System\SwFWxqI.exe
  C:\Windows\System\SwFWxqI.exe
  2⤵
  PID:7972
- C:\Windows\System\kvnuVtd.exe
  C:\Windows\System\kvnuVtd.exe
  2⤵
  PID:7916
- C:\Windows\System\GggSoOc.exe
  C:\Windows\System\GggSoOc.exe
  2⤵
  PID:7028
- C:\Windows\System\RxtJtCw.exe
  C:\Windows\System\RxtJtCw.exe
  2⤵
  PID:7432
- C:\Windows\System\nUAFYCT.exe
  C:\Windows\System\nUAFYCT.exe
  2⤵
  PID:7644
- C:\Windows\System\xBtISBL.exe
  C:\Windows\System\xBtISBL.exe
  2⤵
  PID:7992
- C:\Windows\System\iUspeOu.exe
  C:\Windows\System\iUspeOu.exe
  2⤵
  PID:8092
- C:\Windows\System\fvIWxsv.exe
  C:\Windows\System\fvIWxsv.exe
  2⤵
  PID:6004
- C:\Windows\System\ZVfupou.exe
  C:\Windows\System\ZVfupou.exe
  2⤵
  PID:7588
- C:\Windows\System\ZslBfQe.exe
  C:\Windows\System\ZslBfQe.exe
  2⤵
  PID:7648
- C:\Windows\System\RlINLrr.exe
  C:\Windows\System\RlINLrr.exe
  2⤵
  PID:7756
- C:\Windows\System\agWkrwQ.exe
  C:\Windows\System\agWkrwQ.exe
  2⤵
  PID:8072
- C:\Windows\System\VcLsbYZ.exe
  C:\Windows\System\VcLsbYZ.exe
  2⤵
  PID:7864
- C:\Windows\System\CJPhGYa.exe
  C:\Windows\System\CJPhGYa.exe
  2⤵
  PID:7280
- C:\Windows\System\KysVaIk.exe
  C:\Windows\System\KysVaIk.exe
  2⤵
  PID:7412
- C:\Windows\System\koELaYx.exe
  C:\Windows\System\koELaYx.exe
  2⤵
  PID:7596
- C:\Windows\System\DUnYKda.exe
  C:\Windows\System\DUnYKda.exe
  2⤵
  PID:7792
- C:\Windows\System\ChUdRSj.exe
  C:\Windows\System\ChUdRSj.exe
  2⤵
  PID:8124
- C:\Windows\System\lYDvgAi.exe
  C:\Windows\System\lYDvgAi.exe
  2⤵
  PID:7904
- C:\Windows\System\rvPjHIS.exe
  C:\Windows\System\rvPjHIS.exe
  2⤵
  PID:7688
- C:\Windows\System\mXKcpur.exe
  C:\Windows\System\mXKcpur.exe
  2⤵
  PID:7416
- C:\Windows\System\puPVKcm.exe
  C:\Windows\System\puPVKcm.exe
  2⤵
  PID:7924
- C:\Windows\System\MYWzIRI.exe
  C:\Windows\System\MYWzIRI.exe
  2⤵
  PID:7988
- C:\Windows\System\LYaStVf.exe
  C:\Windows\System\LYaStVf.exe
  2⤵
  PID:8060
- C:\Windows\System\dkGcsQA.exe
  C:\Windows\System\dkGcsQA.exe
  2⤵
  PID:7212
- C:\Windows\System\EcSDRkd.exe
  C:\Windows\System\EcSDRkd.exe
  2⤵
  PID:7712
- C:\Windows\System\VYXWRvJ.exe
  C:\Windows\System\VYXWRvJ.exe
  2⤵
  PID:7828
- C:\Windows\System\jFdGgLz.exe
  C:\Windows\System\jFdGgLz.exe
  2⤵
  PID:7376
- C:\Windows\System\JZaIBjk.exe
  C:\Windows\System\JZaIBjk.exe
  2⤵
  PID:7344
- C:\Windows\System\uJHUGRr.exe
  C:\Windows\System\uJHUGRr.exe
  2⤵
  PID:7724
- C:\Windows\System\dQYCKBV.exe
  C:\Windows\System\dQYCKBV.exe
  2⤵
  PID:8120
- C:\Windows\System\cwWxXEu.exe
  C:\Windows\System\cwWxXEu.exe
  2⤵
  PID:7912
- C:\Windows\System\fZbeyvA.exe
  C:\Windows\System\fZbeyvA.exe
  2⤵
  PID:8028
- C:\Windows\System\vYbuOdq.exe
  C:\Windows\System\vYbuOdq.exe
  2⤵
  PID:7956
- C:\Windows\System\gbKonqv.exe
  C:\Windows\System\gbKonqv.exe
  2⤵
  PID:7708
- C:\Windows\System\MPvqGrP.exe
  C:\Windows\System\MPvqGrP.exe
  2⤵
  PID:7452
- C:\Windows\System\bCkXELu.exe
  C:\Windows\System\bCkXELu.exe
  2⤵
  PID:7812
- C:\Windows\System\CgDxgXw.exe
  C:\Windows\System\CgDxgXw.exe
  2⤵
  PID:7640
- C:\Windows\System\plsPJDd.exe
  C:\Windows\System\plsPJDd.exe
  2⤵
  PID:7276
- C:\Windows\System\YwQJhfK.exe
  C:\Windows\System\YwQJhfK.exe
  2⤵
  PID:7936
- C:\Windows\System\WbjKsDa.exe
  C:\Windows\System\WbjKsDa.exe
  2⤵
  PID:8180
- C:\Windows\System\NepOtWD.exe
  C:\Windows\System\NepOtWD.exe
  2⤵
  PID:6736
- C:\Windows\System\lmDwxHb.exe
  C:\Windows\System\lmDwxHb.exe
  2⤵
  PID:7920
- C:\Windows\System\yDPMwrB.exe
  C:\Windows\System\yDPMwrB.exe
  2⤵
  PID:7328
- C:\Windows\System\vHTEicl.exe
  C:\Windows\System\vHTEicl.exe
  2⤵
  PID:8116
- C:\Windows\System\WvacoUH.exe
  C:\Windows\System\WvacoUH.exe
  2⤵
  PID:7576
- C:\Windows\System\yjxUBLz.exe
  C:\Windows\System\yjxUBLz.exe
  2⤵
  PID:8200
- C:\Windows\System\JfDQrEg.exe
  C:\Windows\System\JfDQrEg.exe
  2⤵
  PID:8216
- C:\Windows\System\ipMaVUs.exe
  C:\Windows\System\ipMaVUs.exe
  2⤵
  PID:8236
- C:\Windows\System\lybijGe.exe
  C:\Windows\System\lybijGe.exe
  2⤵
  PID:8252
- C:\Windows\System\HTBWgqS.exe
  C:\Windows\System\HTBWgqS.exe
  2⤵
  PID:8272
- C:\Windows\System\wLNAnpz.exe
  C:\Windows\System\wLNAnpz.exe
  2⤵
  PID:8296
- C:\Windows\System\ZwfqGAJ.exe
  C:\Windows\System\ZwfqGAJ.exe
  2⤵
  PID:8312
- C:\Windows\System\rjUPNbU.exe
  C:\Windows\System\rjUPNbU.exe
  2⤵
  PID:8332
- C:\Windows\System\WNKPylp.exe
  C:\Windows\System\WNKPylp.exe
  2⤵
  PID:8368
- C:\Windows\System\uDcDUcG.exe
  C:\Windows\System\uDcDUcG.exe
  2⤵
  PID:8384
- C:\Windows\System\GWPmoiJ.exe
  C:\Windows\System\GWPmoiJ.exe
  2⤵
  PID:8400
- C:\Windows\System\PXoZCRP.exe
  C:\Windows\System\PXoZCRP.exe
  2⤵
  PID:8428
- C:\Windows\System\wrDNJlh.exe
  C:\Windows\System\wrDNJlh.exe
  2⤵
  PID:8444
- C:\Windows\System\fBLyVKo.exe
  C:\Windows\System\fBLyVKo.exe
  2⤵
  PID:8464
- C:\Windows\System\UBaqZvS.exe
  C:\Windows\System\UBaqZvS.exe
  2⤵
  PID:8488
- C:\Windows\System\rYBjFMw.exe
  C:\Windows\System\rYBjFMw.exe
  2⤵
  PID:8504
- C:\Windows\System\zXANzRe.exe
  C:\Windows\System\zXANzRe.exe
  2⤵
  PID:8532
- C:\Windows\System\UtTgWCR.exe
  C:\Windows\System\UtTgWCR.exe
  2⤵
  PID:8548
- C:\Windows\System\wSVgYWA.exe
  C:\Windows\System\wSVgYWA.exe
  2⤵
  PID:8564
- C:\Windows\System\HuXFSiv.exe
  C:\Windows\System\HuXFSiv.exe
  2⤵
  PID:8584
- C:\Windows\System\mfTNbtU.exe
  C:\Windows\System\mfTNbtU.exe
  2⤵
  PID:8616
- C:\Windows\System\CEruPoV.exe
  C:\Windows\System\CEruPoV.exe
  2⤵
  PID:8632
- C:\Windows\System\AnVleHn.exe
  C:\Windows\System\AnVleHn.exe
  2⤵
  PID:8652
- C:\Windows\System\lDDJQEs.exe
  C:\Windows\System\lDDJQEs.exe
  2⤵
  PID:8668
- C:\Windows\System\ZwflFZh.exe
  C:\Windows\System\ZwflFZh.exe
  2⤵
  PID:8684
- C:\Windows\System\caGXNFQ.exe
  C:\Windows\System\caGXNFQ.exe
  2⤵
  PID:8700
- C:\Windows\System\nBXfopg.exe
  C:\Windows\System\nBXfopg.exe
  2⤵
  PID:8728
- C:\Windows\System\Pbezvgv.exe
  C:\Windows\System\Pbezvgv.exe
  2⤵
  PID:8752
- C:\Windows\System\hyspCZi.exe
  C:\Windows\System\hyspCZi.exe
  2⤵
  PID:8768
- C:\Windows\System\xvOarlp.exe
  C:\Windows\System\xvOarlp.exe
  2⤵
  PID:8784
- C:\Windows\System\UNNNoZf.exe
  C:\Windows\System\UNNNoZf.exe
  2⤵
  PID:8800
- C:\Windows\System\BYvcOzX.exe
  C:\Windows\System\BYvcOzX.exe
  2⤵
  PID:8816
- C:\Windows\System\yTcrjDx.exe
  C:\Windows\System\yTcrjDx.exe
  2⤵
  PID:8832
- C:\Windows\System\uuMyPnP.exe
  C:\Windows\System\uuMyPnP.exe
  2⤵
  PID:8876
- C:\Windows\System\LKrrzvz.exe
  C:\Windows\System\LKrrzvz.exe
  2⤵
  PID:8892
- C:\Windows\System\rSRIgPP.exe
  C:\Windows\System\rSRIgPP.exe
  2⤵
  PID:8908
- C:\Windows\System\ETMxPwY.exe
  C:\Windows\System\ETMxPwY.exe
  2⤵
  PID:8928
- C:\Windows\System\LvLPIAx.exe
  C:\Windows\System\LvLPIAx.exe
  2⤵
  PID:8960
- C:\Windows\System\tiOSHZW.exe
  C:\Windows\System\tiOSHZW.exe
  2⤵
  PID:8976
- C:\Windows\System\laYCsjG.exe
  C:\Windows\System\laYCsjG.exe
  2⤵
  PID:8996
- C:\Windows\System\uWEDjYJ.exe
  C:\Windows\System\uWEDjYJ.exe
  2⤵
  PID:9016
- C:\Windows\System\jbeBacC.exe
  C:\Windows\System\jbeBacC.exe
  2⤵
  PID:9040
- C:\Windows\System\qRXMXAp.exe
  C:\Windows\System\qRXMXAp.exe
  2⤵
  PID:9056
- C:\Windows\System\daJmgyU.exe
  C:\Windows\System\daJmgyU.exe
  2⤵
  PID:9072
- C:\Windows\System\LnEvzqG.exe
  C:\Windows\System\LnEvzqG.exe
  2⤵
  PID:9096
- C:\Windows\System\UPlayys.exe
  C:\Windows\System\UPlayys.exe
  2⤵
  PID:9124
- C:\Windows\System\YSqgSbu.exe
  C:\Windows\System\YSqgSbu.exe
  2⤵
  PID:9144
- C:\Windows\System\eDfMHBL.exe
  C:\Windows\System\eDfMHBL.exe
  2⤵
  PID:9164
- C:\Windows\System\rytzSHo.exe
  C:\Windows\System\rytzSHo.exe
  2⤵
  PID:9180
- C:\Windows\System\wQkIrzB.exe
  C:\Windows\System\wQkIrzB.exe
  2⤵
  PID:9204
- C:\Windows\System\idPSyaF.exe
  C:\Windows\System\idPSyaF.exe
  2⤵
  PID:8208
- C:\Windows\System\EhjImuV.exe
  C:\Windows\System\EhjImuV.exe
  2⤵
  PID:8196
- C:\Windows\System\okPlnyO.exe
  C:\Windows\System\okPlnyO.exe
  2⤵
  PID:8248
- C:\Windows\System\wxvbQZP.exe
  C:\Windows\System\wxvbQZP.exe
  2⤵
  PID:8320
- C:\Windows\System\Lmsczdp.exe
  C:\Windows\System\Lmsczdp.exe
  2⤵
  PID:8264
- C:\Windows\System\nEQUHYh.exe
  C:\Windows\System\nEQUHYh.exe
  2⤵
  PID:8340
- C:\Windows\System\hqqwiYI.exe
  C:\Windows\System\hqqwiYI.exe
  2⤵
  PID:8352
- C:\Windows\System\VhscOSe.exe
  C:\Windows\System\VhscOSe.exe
  2⤵
  PID:8380
- C:\Windows\System\rMALflP.exe
  C:\Windows\System\rMALflP.exe
  2⤵
  PID:8436
- C:\Windows\System\upgpWIc.exe
  C:\Windows\System\upgpWIc.exe
  2⤵
  PID:8480
- C:\Windows\System\DlbfnVM.exe
  C:\Windows\System\DlbfnVM.exe
  2⤵
  PID:8484
- C:\Windows\System\yLygxae.exe
  C:\Windows\System\yLygxae.exe
  2⤵
  PID:8528
- C:\Windows\System\EqpTCJU.exe
  C:\Windows\System\EqpTCJU.exe
  2⤵
  PID:8560
- C:\Windows\System\EeTjobW.exe
  C:\Windows\System\EeTjobW.exe
  2⤵
  PID:8604
- C:\Windows\System\FoJKVHi.exe
  C:\Windows\System\FoJKVHi.exe
  2⤵
  PID:8640
- C:\Windows\System\VsravfL.exe
  C:\Windows\System\VsravfL.exe
  2⤵
  PID:8648
- C:\Windows\System\yNwfLdl.exe
  C:\Windows\System\yNwfLdl.exe
  2⤵
  PID:8696
- C:\Windows\System\LGNIFbj.exe
  C:\Windows\System\LGNIFbj.exe
  2⤵
  PID:8716
- C:\Windows\System\iywoAXE.exe
  C:\Windows\System\iywoAXE.exe
  2⤵
  PID:8808
- C:\Windows\System\fmaUsmZ.exe
  C:\Windows\System\fmaUsmZ.exe
  2⤵
  PID:8792
- C:\Windows\System\MTFwpMv.exe
  C:\Windows\System\MTFwpMv.exe
  2⤵
  PID:8856
- C:\Windows\System\PsEzkpo.exe
  C:\Windows\System\PsEzkpo.exe
  2⤵
  PID:8872
- C:\Windows\System\Jcjlzmj.exe
  C:\Windows\System\Jcjlzmj.exe
  2⤵
  PID:8904
- C:\Windows\System\WGirppF.exe
  C:\Windows\System\WGirppF.exe
  2⤵
  PID:8940
- C:\Windows\System\qrGSync.exe
  C:\Windows\System\qrGSync.exe
  2⤵
  PID:8968
- C:\Windows\System\jmhyOtO.exe
  C:\Windows\System\jmhyOtO.exe
  2⤵
  PID:8992
- C:\Windows\System\TVZEqYg.exe
  C:\Windows\System\TVZEqYg.exe
  2⤵
  PID:9032
- C:\Windows\System\VIfkszt.exe
  C:\Windows\System\VIfkszt.exe
  2⤵
  PID:8952
- C:\Windows\System\BoLkpbt.exe
  C:\Windows\System\BoLkpbt.exe
  2⤵
  PID:9080
- C:\Windows\System\xOmXOZA.exe
  C:\Windows\System\xOmXOZA.exe
  2⤵
  PID:9112
- C:\Windows\System\QIauikL.exe
  C:\Windows\System\QIauikL.exe
  2⤵
  PID:9152
- C:\Windows\System\yktfVxS.exe
  C:\Windows\System\yktfVxS.exe
  2⤵
  PID:9176
- C:\Windows\System\MLYxSvR.exe
  C:\Windows\System\MLYxSvR.exe
  2⤵
  PID:9200
- C:\Windows\System\WiYOESw.exe
  C:\Windows\System\WiYOESw.exe
  2⤵
  PID:8228
- C:\Windows\System\qEjzYqX.exe
  C:\Windows\System\qEjzYqX.exe
  2⤵
  PID:8292
- C:\Windows\System\mBsvwmv.exe
  C:\Windows\System\mBsvwmv.exe
  2⤵
  PID:8348
- C:\Windows\System\EDXDOvd.exe
  C:\Windows\System\EDXDOvd.exe
  2⤵
  PID:8496
- C:\Windows\System\zRMStcx.exe
  C:\Windows\System\zRMStcx.exe
  2⤵
  PID:8524
- C:\Windows\System\RvJZYpv.exe
  C:\Windows\System\RvJZYpv.exe
  2⤵
  PID:8596
- C:\Windows\System\BHJLAKw.exe
  C:\Windows\System\BHJLAKw.exe
  2⤵
  PID:8664
- C:\Windows\System\ElGgYIv.exe
  C:\Windows\System\ElGgYIv.exe
  2⤵
  PID:8712
- C:\Windows\System\UTTfkAa.exe
  C:\Windows\System\UTTfkAa.exe
  2⤵
  PID:8776
- C:\Windows\System\wbxPLbh.exe
  C:\Windows\System\wbxPLbh.exe
  2⤵
  PID:8972
- C:\Windows\System\egnoOSy.exe
  C:\Windows\System\egnoOSy.exe
  2⤵
  PID:9052
- C:\Windows\System\qivPzKI.exe
  C:\Windows\System\qivPzKI.exe
  2⤵
  PID:8136
- C:\Windows\System\xCOTCLE.exe
  C:\Windows\System\xCOTCLE.exe
  2⤵
  PID:8328
- C:\Windows\System\PHGxXPj.exe
  C:\Windows\System\PHGxXPj.exe
  2⤵
  PID:9132
- C:\Windows\System\rNhvSkn.exe
  C:\Windows\System\rNhvSkn.exe
  2⤵
  PID:9024
- C:\Windows\System\gwaubuB.exe
  C:\Windows\System\gwaubuB.exe
  2⤵
  PID:9116
- C:\Windows\System\nNXOZwW.exe
  C:\Windows\System\nNXOZwW.exe
  2⤵
  PID:8364
- C:\Windows\System\jcWUrDO.exe
  C:\Windows\System\jcWUrDO.exe
  2⤵
  PID:8392
- C:\Windows\System\YxNLBOl.exe
  C:\Windows\System\YxNLBOl.exe
  2⤵
  PID:8556
- C:\Windows\System\EJSpjPn.exe
  C:\Windows\System\EJSpjPn.exe
  2⤵
  PID:8740
- C:\Windows\System\qNDUZwK.exe
  C:\Windows\System\qNDUZwK.exe
  2⤵
  PID:8840
- C:\Windows\System\KHYTugP.exe
  C:\Windows\System\KHYTugP.exe
  2⤵
  PID:8844
- C:\Windows\System\fATaPjJ.exe
  C:\Windows\System\fATaPjJ.exe
  2⤵
  PID:8948
- C:\Windows\System\BqLMlGO.exe
  C:\Windows\System\BqLMlGO.exe
  2⤵
  PID:9108
- C:\Windows\System\JugkdLr.exe
  C:\Windows\System\JugkdLr.exe
  2⤵
  PID:8852
- C:\Windows\System\dDKFiZS.exe
  C:\Windows\System\dDKFiZS.exe
  2⤵
  PID:8924
- C:\Windows\System\akIfDxT.exe
  C:\Windows\System\akIfDxT.exe
  2⤵
  PID:8956
- C:\Windows\System\WgTltPK.exe
  C:\Windows\System\WgTltPK.exe
  2⤵
  PID:9008
- C:\Windows\System\WcxEbXZ.exe
  C:\Windows\System\WcxEbXZ.exe
  2⤵
  PID:8260
- C:\Windows\System\znpAVbb.exe
  C:\Windows\System\znpAVbb.exe
  2⤵
  PID:8572
- C:\Windows\System\AhCRNur.exe
  C:\Windows\System\AhCRNur.exe
  2⤵
  PID:8720
- C:\Windows\System\GUMZXBm.exe
  C:\Windows\System\GUMZXBm.exe
  2⤵
  PID:8676
- C:\Windows\System\wgcQvdU.exe
  C:\Windows\System\wgcQvdU.exe
  2⤵
  PID:9104
- C:\Windows\System\whNIthU.exe
  C:\Windows\System\whNIthU.exe
  2⤵
  PID:8868
- C:\Windows\System\LbJgdoD.exe
  C:\Windows\System\LbJgdoD.exe
  2⤵
  PID:9084
- C:\Windows\System\HysHcTD.exe
  C:\Windows\System\HysHcTD.exe
  2⤵
  PID:8288
- C:\Windows\System\ezowuPa.exe
  C:\Windows\System\ezowuPa.exe
  2⤵
  PID:8420
- C:\Windows\System\GPXWLvP.exe
  C:\Windows\System\GPXWLvP.exe
  2⤵
  PID:8780
- C:\Windows\System\hKtptct.exe
  C:\Windows\System\hKtptct.exe
  2⤵
  PID:7876
- C:\Windows\System\GLgESsU.exe
  C:\Windows\System\GLgESsU.exe
  2⤵
  PID:8888
- C:\Windows\System\PqPGoMP.exe
  C:\Windows\System\PqPGoMP.exe
  2⤵
  PID:8424
- C:\Windows\System\ktFkDyE.exe
  C:\Windows\System\ktFkDyE.exe
  2⤵
  PID:8744
- C:\Windows\System\Mqrwqeg.exe
  C:\Windows\System\Mqrwqeg.exe
  2⤵
  PID:8748
- C:\Windows\System\wmzZTZW.exe
  C:\Windows\System\wmzZTZW.exe
  2⤵
  PID:8944
- C:\Windows\System\XQPXcAp.exe
  C:\Windows\System\XQPXcAp.exe
  2⤵
  PID:9068
- C:\Windows\System\JHpcpIm.exe
  C:\Windows\System\JHpcpIm.exe
  2⤵
  PID:8212
- C:\Windows\System\gBdBhUl.exe
  C:\Windows\System\gBdBhUl.exe
  2⤵
  PID:9228
- C:\Windows\System\creYSOj.exe
  C:\Windows\System\creYSOj.exe
  2⤵
  PID:9248
- C:\Windows\System\qXnlAMb.exe
  C:\Windows\System\qXnlAMb.exe
  2⤵
  PID:9268
- C:\Windows\System\VngoNot.exe
  C:\Windows\System\VngoNot.exe
  2⤵
  PID:9284
- C:\Windows\System\zIakcRH.exe
  C:\Windows\System\zIakcRH.exe
  2⤵
  PID:9312
- C:\Windows\System\zDnhZkf.exe
  C:\Windows\System\zDnhZkf.exe
  2⤵
  PID:9328
- C:\Windows\System\pNmSvog.exe
  C:\Windows\System\pNmSvog.exe
  2⤵
  PID:9344
- C:\Windows\System\aezbHZp.exe
  C:\Windows\System\aezbHZp.exe
  2⤵
  PID:9368
- C:\Windows\System\arVOwpq.exe
  C:\Windows\System\arVOwpq.exe
  2⤵
  PID:9392
- C:\Windows\System\XXPWQBj.exe
  C:\Windows\System\XXPWQBj.exe
  2⤵
  PID:9408
- C:\Windows\System\buXsgDH.exe
  C:\Windows\System\buXsgDH.exe
  2⤵
  PID:9428
- C:\Windows\System\zLDxcxF.exe
  C:\Windows\System\zLDxcxF.exe
  2⤵
  PID:9448
- C:\Windows\System\obYybJY.exe
  C:\Windows\System\obYybJY.exe
  2⤵
  PID:9464
- C:\Windows\System\plgZLmX.exe
  C:\Windows\System\plgZLmX.exe
  2⤵
  PID:9484
- C:\Windows\System\diNTXzL.exe
  C:\Windows\System\diNTXzL.exe
  2⤵
  PID:9500
- C:\Windows\System\DZoUlYJ.exe
  C:\Windows\System\DZoUlYJ.exe
  2⤵
  PID:9524
- C:\Windows\System\XozzOHJ.exe
  C:\Windows\System\XozzOHJ.exe
  2⤵
  PID:9556
- C:\Windows\System\ZcFWgou.exe
  C:\Windows\System\ZcFWgou.exe
  2⤵
  PID:9576
- C:\Windows\System\IHJpghk.exe
  C:\Windows\System\IHJpghk.exe
  2⤵
  PID:9592
- C:\Windows\System\BPHfXug.exe
  C:\Windows\System\BPHfXug.exe
  2⤵
  PID:9608
- C:\Windows\System\LOwVaem.exe
  C:\Windows\System\LOwVaem.exe
  2⤵
  PID:9636
- C:\Windows\System\wsSrgmq.exe
  C:\Windows\System\wsSrgmq.exe
  2⤵
  PID:9656
- C:\Windows\System\Tevouli.exe
  C:\Windows\System\Tevouli.exe
  2⤵
  PID:9672
- C:\Windows\System\flppGqP.exe
  C:\Windows\System\flppGqP.exe
  2⤵
  PID:9688
- C:\Windows\System\itwdkFK.exe
  C:\Windows\System\itwdkFK.exe
  2⤵
  PID:9704
- C:\Windows\System\hZzFbvr.exe
  C:\Windows\System\hZzFbvr.exe
  2⤵
  PID:9720
- C:\Windows\System\UYJpjyh.exe
  C:\Windows\System\UYJpjyh.exe
  2⤵
  PID:9736
- C:\Windows\System\zGKPWXV.exe
  C:\Windows\System\zGKPWXV.exe
  2⤵
  PID:9764
- C:\Windows\System\gMsDFxw.exe
  C:\Windows\System\gMsDFxw.exe
  2⤵
  PID:9780
- C:\Windows\System\clhALGT.exe
  C:\Windows\System\clhALGT.exe
  2⤵
  PID:9800
- C:\Windows\System\ULTmOkO.exe
  C:\Windows\System\ULTmOkO.exe
  2⤵
  PID:9828
- C:\Windows\System\SCvrrMp.exe
  C:\Windows\System\SCvrrMp.exe
  2⤵
  PID:9848
- C:\Windows\System\wdzuTNW.exe
  C:\Windows\System\wdzuTNW.exe
  2⤵
  PID:9864
- C:\Windows\System\ToUOLGv.exe
  C:\Windows\System\ToUOLGv.exe
  2⤵
  PID:9880
- C:\Windows\System\bYalHkn.exe
  C:\Windows\System\bYalHkn.exe
  2⤵
  PID:9900
- C:\Windows\System\tBEtZli.exe
  C:\Windows\System\tBEtZli.exe
  2⤵
  PID:9920
- C:\Windows\System\sGywZlK.exe
  C:\Windows\System\sGywZlK.exe
  2⤵
  PID:9940
- C:\Windows\System\rVzHUUr.exe
  C:\Windows\System\rVzHUUr.exe
  2⤵
  PID:9964
- C:\Windows\System\FkZlKVD.exe
  C:\Windows\System\FkZlKVD.exe
  2⤵
  PID:9980
- C:\Windows\System\MLbXYtx.exe
  C:\Windows\System\MLbXYtx.exe
  2⤵
  PID:10008
- C:\Windows\System\GpQqnAG.exe
  C:\Windows\System\GpQqnAG.exe
  2⤵
  PID:10024
- C:\Windows\System\ZKisPtU.exe
  C:\Windows\System\ZKisPtU.exe
  2⤵
  PID:10040
- C:\Windows\System\BuQXLzz.exe
  C:\Windows\System\BuQXLzz.exe
  2⤵
  PID:10056
- C:\Windows\System\mxFJASg.exe
  C:\Windows\System\mxFJASg.exe
  2⤵
  PID:10076
- C:\Windows\System\qApzMmq.exe
  C:\Windows\System\qApzMmq.exe
  2⤵
  PID:10104
- C:\Windows\System\kfBkWVN.exe
  C:\Windows\System\kfBkWVN.exe
  2⤵
  PID:10124
- C:\Windows\System\lYSkUtT.exe
  C:\Windows\System\lYSkUtT.exe
  2⤵
  PID:10156
- C:\Windows\System\BfPFPsM.exe
  C:\Windows\System\BfPFPsM.exe
  2⤵
  PID:10172
- C:\Windows\System\zowIgbc.exe
  C:\Windows\System\zowIgbc.exe
  2⤵
  PID:10188
- C:\Windows\System\VCNFvpP.exe
  C:\Windows\System\VCNFvpP.exe
  2⤵
  PID:10204
- C:\Windows\System\oICGesh.exe
  C:\Windows\System\oICGesh.exe
  2⤵
  PID:10228
- C:\Windows\System\rcIVxTA.exe
  C:\Windows\System\rcIVxTA.exe
  2⤵
  PID:9240
- C:\Windows\System\GDZOusg.exe
  C:\Windows\System\GDZOusg.exe
  2⤵
  PID:9256
- C:\Windows\System\CEZUHjP.exe
  C:\Windows\System\CEZUHjP.exe
  2⤵
  PID:9280
- C:\Windows\System\WlPXNPo.exe
  C:\Windows\System\WlPXNPo.exe
  2⤵
  PID:9336
- C:\Windows\System\FWyYzze.exe
  C:\Windows\System\FWyYzze.exe
  2⤵
  PID:9364
- C:\Windows\System\GZTsetT.exe
  C:\Windows\System\GZTsetT.exe
  2⤵
  PID:9424
- C:\Windows\System\mOixFpu.exe
  C:\Windows\System\mOixFpu.exe
  2⤵
  PID:9444
- C:\Windows\System\YwTxYUU.exe
  C:\Windows\System\YwTxYUU.exe
  2⤵
  PID:9496
- C:\Windows\System\dLmHIOi.exe
  C:\Windows\System\dLmHIOi.exe
  2⤵
  PID:9476
- C:\Windows\System\HkboTPq.exe
  C:\Windows\System\HkboTPq.exe
  2⤵
  PID:9536
- C:\Windows\System\vruxuEy.exe
  C:\Windows\System\vruxuEy.exe
  2⤵
  PID:9548
- C:\Windows\System\YNiiLxi.exe
  C:\Windows\System\YNiiLxi.exe
  2⤵
  PID:9588
- C:\Windows\System\vGHmoGX.exe
  C:\Windows\System\vGHmoGX.exe
  2⤵
  PID:9644
- C:\Windows\System\bsDbdgF.exe
  C:\Windows\System\bsDbdgF.exe
  2⤵
  PID:9700
- C:\Windows\System\YJLGoxa.exe
  C:\Windows\System\YJLGoxa.exe
  2⤵
  PID:9680
- C:\Windows\System\zdKbWnO.exe
  C:\Windows\System\zdKbWnO.exe
  2⤵
  PID:9684
- C:\Windows\System\rltTosM.exe
  C:\Windows\System\rltTosM.exe
  2⤵
  PID:9760
- C:\Windows\System\OZcdgUK.exe
  C:\Windows\System\OZcdgUK.exe
  2⤵
  PID:9860
- C:\Windows\System\OgKEjGe.exe
  C:\Windows\System\OgKEjGe.exe
  2⤵
  PID:9844
- C:\Windows\System\pJvCZgF.exe
  C:\Windows\System\pJvCZgF.exe
  2⤵
  PID:9752
- C:\Windows\System\MotdctU.exe
  C:\Windows\System\MotdctU.exe
  2⤵
  PID:9796
- C:\Windows\System\NRhikgP.exe
  C:\Windows\System\NRhikgP.exe
  2⤵
  PID:10016
- C:\Windows\System\Ojseypv.exe
  C:\Windows\System\Ojseypv.exe
  2⤵
  PID:9988
- C:\Windows\System\qvVZzRn.exe
  C:\Windows\System\qvVZzRn.exe
  2⤵
  PID:10096
- C:\Windows\System\CbaNomJ.exe
  C:\Windows\System\CbaNomJ.exe
  2⤵
  PID:9952
- C:\Windows\System\wARAaFD.exe
  C:\Windows\System\wARAaFD.exe
  2⤵
  PID:10036
- C:\Windows\System\YOuLGcn.exe
  C:\Windows\System\YOuLGcn.exe
  2⤵
  PID:10116
- C:\Windows\System\WSsQrak.exe
  C:\Windows\System\WSsQrak.exe
  2⤵
  PID:10140
- C:\Windows\System\fIvNLqs.exe
  C:\Windows\System\fIvNLqs.exe
  2⤵
  PID:10180
- C:\Windows\System\QFSBQYP.exe
  C:\Windows\System\QFSBQYP.exe
  2⤵
  PID:10220
- C:\Windows\System\UDsEmHU.exe
  C:\Windows\System\UDsEmHU.exe
  2⤵
  PID:9308
- C:\Windows\System\ReDXyjC.exe
  C:\Windows\System\ReDXyjC.exe
  2⤵
  PID:9292
- C:\Windows\System\xOoJHiE.exe
  C:\Windows\System\xOoJHiE.exe
  2⤵
  PID:9352
- C:\Windows\System\haOKWrd.exe
  C:\Windows\System\haOKWrd.exe
  2⤵
  PID:9420
- C:\Windows\System\biNSEVW.exe
  C:\Windows\System\biNSEVW.exe
  2⤵
  PID:9520
- C:\Windows\System\wppCWkA.exe
  C:\Windows\System\wppCWkA.exe
  2⤵
  PID:9460
- C:\Windows\System\nWIxQAP.exe
  C:\Windows\System\nWIxQAP.exe
  2⤵
  PID:9620
- C:\Windows\System\uhYtxcX.exe
  C:\Windows\System\uhYtxcX.exe
  2⤵
  PID:9572
- C:\Windows\System\RbqDNYn.exe
  C:\Windows\System\RbqDNYn.exe
  2⤵
  PID:9664
- C:\Windows\System\dCrmEcW.exe
  C:\Windows\System\dCrmEcW.exe
  2⤵
  PID:9744
- C:\Windows\System\WnRlCrh.exe
  C:\Windows\System\WnRlCrh.exe
  2⤵
  PID:9824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BuPLJnN.exe

Filesize
6.0MB

MD5
134d417888e5c9bb7fd1c9acd0a7a56a

SHA1
4d5ef3d927054215a360452fee3ac7bc76a0aadd

SHA256
0ddfd23ebcd68337b69ff5ff235c1fe37289f3c222c40966cb4a444a232b0028

SHA512
413f0e010125ef7dbd19fabc579dec0a7d9bef244a3ace3c4d8bc8f772e002ded6a3dcd953bd2de7231c82e206d460187d863e367631f149749e9cf0111d25b2

Download Submit
C:\Windows\system\CIOFSqP.exe

Filesize
6.0MB

MD5
83d485117bf6b42964a718825c64ca40

SHA1
759f6ac94c939392978770598ffadb11f8817fc1

SHA256
ca62c6101081ae79d09033decdadd637cf6feea61f666881494d089355e8f356

SHA512
cf277395027de268790f35545ef928e4f829a0032dc7c7f2eeb0275be7a39a92db3cffcb722eaa12c15af782d503832f4a17164060119a75a26f16295b35d714

Download Submit
C:\Windows\system\DXbBLzt.exe

Filesize
6.0MB

MD5
85c617d42370f5227e90d1a91ca7bccf

SHA1
097b639afb8c84c0f8f721c76afcadb93c7bcb7d

SHA256
7e0087beae8ec1a0e4ba5ae6e64afea8281e525483c330d22bfa36bcef07e8aa

SHA512
72c018167d5b876d46298837784c0753bd2d91876322526d7ce670dee4541b8ef17c3f27a09b42b01fba89c486bab9c6b51899020824b6a9fdfc616455a9a9a9

Download Submit
C:\Windows\system\EOivAUA.exe

Filesize
6.0MB

MD5
93c0a708af4409ae50af292cf48a388b

SHA1
6760f718ce115cd15f3d13608f0ac0e2040851e2

SHA256
0a997c008656ab2b57299d53476239f80f360320d31d03e7a0282d4e944cec40

SHA512
026981ebec55fb6431a2c8113abb2a855cf311b074b09bd8e7cc372c29f45c18e14bb76ea75bb08403cae9e4ebcb3e979ab0b653f48cf26e525782015d4e2c47

Download Submit
C:\Windows\system\EXJGlNV.exe

Filesize
6.0MB

MD5
c382684e7db5547566103e18eb7540c5

SHA1
c33c10e82661da363b5e1378130d800aa5d6f0ea

SHA256
c1ababaf104f1ea4e59e70e722a8c2927943ff21fdd2e456930bfc6297ad5dd2

SHA512
982185016bb7a447e7b38ec4a0fa863054787251a4f0b186f6695d7950832841739c8ae820981cb4d1dd435dec971207efe8ed4bf55849b0f6b0c7d303a222b9

Download Submit
C:\Windows\system\IgmrSfl.exe

Filesize
6.0MB

MD5
f86873677fbb10b2686abbc3dfbf76c3

SHA1
2e6e6fac084e3421430928fccdba15d27a451217

SHA256
3498bc20fe95a7ad8ec8a271fb3fe6cd3d50437ad2d262d91ed1f08ec8e1afe9

SHA512
53d9ba0f826633131eba186d812a3467ac995a29a5c38031dde009d9e7a0fa100f4c46131474405c60c140946654c267f0eb65ea7574be7017caa78aba95c411

Download Submit
C:\Windows\system\KZDnZEG.exe

Filesize
6.0MB

MD5
fd285dc4ffdaac76dfe12629221b4f6e

SHA1
aa918b87f2fbf312c4f0829f72db6e3cc5328b4e

SHA256
877a5e9b1b0bd7027a9fb07ec02aa68fd1083e8e76321a44a1be27796d388046

SHA512
48a6a657af585eaf34073638b475b37d6cf71cc8cdf387af2f47dccb82193de27c2b71df7de3551540aa1bfa6500e56cd0aaacdfaf6d57ada432ac9cf8eab63c

Download Submit
C:\Windows\system\KvxzCWN.exe

Filesize
6.0MB

MD5
1b4314bc7545fc476c40307ad9540532

SHA1
de211a60e1022fd4e1fd818d05e7696a56b967f6

SHA256
ee70542fa7e43ac3286b695b312f359fee1c6afcf34a23c06a30be304a3c50fa

SHA512
a25a91397c05756c14cedd6544d79aa6b685a0d747218b42d20474eaa2fec7d4019a7cc52b61b43d4fc0d69ae6aae452d7886d81c65f697290d6390a35cc6470

Download Submit
C:\Windows\system\PyekvSV.exe

Filesize
6.0MB

MD5
92b5b40884aa676c453fbb13a3037029

SHA1
1f212a0fa1271fa763e033f08b602b07dbd28566

SHA256
8563d6eca8069990f74cd690d6d02e201b8002b5693d8a965f5c9f73a79ae7f4

SHA512
4eb4f6eb92171a50ab08da934455d47716c2f6417f375eb7226b7e121046a399f730265543bc8750ea0c7f60ea39727bdfac568a6efc85f8e66aa8359c549ef7

Download Submit
C:\Windows\system\TQQjNIa.exe

Filesize
6.0MB

MD5
3b971adf41f90d5ce45eb635d620aa67

SHA1
107e602567de2468d6c1f03a4eb2ad10125f6f5f

SHA256
1ca2af9959c3cdb7db7a5db11915218b2e129ad3e9c76718a2f119682d7c52e6

SHA512
40e3042cc6ef9d43be07deb621d5146587b8c8ba33ed0e81b785b4b2b21c90a74600d19a0b02ef88385ce5e8341341a66ca7d378b9827c8eec740656bed60a1c

Download Submit
C:\Windows\system\VbvRKmv.exe

Filesize
6.0MB

MD5
1492a1072a7532b08082ce99a8ccf029

SHA1
0e52353128e4cf92ed657664daf034b43947b55d

SHA256
636b8e80e20f92f4aedbac85cfd11cc05d2d5564cff61e99715c7ce82c09e239

SHA512
dac8bf37130c4f84d349e124a14a9447306a05d561fd68ed8fefbfe72fc4112e59a72f33db1d1618733426deedf3435777fd5c112db763f2539d199be1e61ec8

Download Submit
C:\Windows\system\XbJQGWC.exe

Filesize
6.0MB

MD5
2c57dd7c232187d5cfb9b8393390641d

SHA1
fb03d84860522385b588beceee1e752f668893ac

SHA256
af1162b84cb4447a01ce2616cde1b32c5cbf5302dd85fb91a13389a32de160be

SHA512
3a84b90cd239ae915268efb16d34797d5cf0e15c87cabcf6b1a15ccc53cdcb85e105cca69b244b8f5421ffe19b53dca7abb01e1d253ed98b68904e81fe76316e

Download Submit
C:\Windows\system\XicNUrc.exe

Filesize
6.0MB

MD5
5660312a481a7a85d88f98c1deee8289

SHA1
505575080f81f011987d09263338716d19af7e47

SHA256
1a1be1e5cccf529a23d13ba42f435f49cfa5ca82a78188040433d16cdd220327

SHA512
591a126a8e1a72c385705e1d708c7df6340c7fe42113a795ba07a8c6fe86875077b13438f8a8d352efdfe32e9c24c2a0df959afe47976f8eaf9e05ab0f8d3cc7

Download Submit
C:\Windows\system\XqrOVwU.exe

Filesize
6.0MB

MD5
5aefb90e79d84ca1172fc84633a79299

SHA1
f11e6da0a2cdd111daf349c37c37eae161652401

SHA256
4d401cd3330a8daaa0acaab9ede5a166152d6f3097572e4ea8332676d2e16f44

SHA512
b6f23698903281098c496adf4098ca05bd47f55cb45f74bb4c5337a30ab56f533f7a98269de2b1124445c2c078d3972c5bd0a21e0967cc0a912701244061178d

Download Submit
C:\Windows\system\ZnsSwPX.exe

Filesize
6.0MB

MD5
860a5bf0265de6ec430ed2ef2aae0b41

SHA1
d73907f30ccc6eecaa5ffce8d8f70e80311974b7

SHA256
63d425ec2baf0fe4a419bfe65275f8103261811eaab5a78b6277bbe13f32b451

SHA512
cf8da96b1c4877c4bf8d7fb12551d684ace24cadbf7870a20ff18f2a310f83b0015470c13a50ea7e8fc0403d3a313a125fb0c8950e0d1f90608fbc43aabe7596

Download Submit
C:\Windows\system\aPWCcod.exe

Filesize
6.0MB

MD5
79eb68bf77d1e785276620d304ac8b3c

SHA1
7f275a0bafcd17775be7d801808d7aff85802595

SHA256
23a53d70857a67d1b9a7df67e0c9fe7066e37e25af3b7e69b2b46b4252dcc514

SHA512
bae0c2c63b90773cfa580cf0f67f8c79d72f882435c4ce4c4cbf0ac6fbd8b644cc677df8341080c4f8c5565732accb55bc54ac9bfc90a76e73b2d4201a7ca159

Download Submit
C:\Windows\system\ajHseRp.exe

Filesize
6.0MB

MD5
bcfef707f592c3f7240c1ec5c3429a18

SHA1
ce6f88c367ffdfbab04b46fc9d74ebf992449fd0

SHA256
5af65313691de25d07ca5109a555b3ade98fb871ab45820b012f3e1d98cfa6cd

SHA512
b438695c402fc3d00997c231a71227c8426c4c553aafaaeb7a268de89e51276484a205c80677dc4b0054c92e1e9ad60d66246ab0ee76594ed747fda08ee87a8b

Download Submit
C:\Windows\system\fShltZO.exe

Filesize
6.0MB

MD5
1f35d42fff2f8e6cc9aa61809314c5e1

SHA1
bac3ef997b69e24a5284942ffad621feb6b44a37

SHA256
0d2988b2db3311a430290584e10c40662e632708ef9d1769077975d377e1014b

SHA512
bddb38791985b7d0f9db1b6a794b2d5bd89d5498ac1f6911877a921cdbbbb2bebc99cc0218fde336a7b0e7d9104f78e7e793b3788a545b5d9b013e6c385f90f4

Download Submit
C:\Windows\system\gkzeHzD.exe

Filesize
6.0MB

MD5
38718b8df91ff174ac0909a934b92780

SHA1
cb9df084c63b1890df2b682e335e67235ac77a90

SHA256
238e8c0326936e1c40690b6d5ca57c0cf093c91f3ab1ebe469aa9be4382a2e99

SHA512
0b88172e950b2665bc271789e90b54ca38a3bbf22ee204a5fb28f70ef1e34267e0adb2216ae4dfe2441c6f541889724ad620a2296092cc14d9e277dbc9e27ccf

Download Submit
C:\Windows\system\hQiRFPv.exe

Filesize
6.0MB

MD5
4e3cf2328a029b4ac942c7f974d6ef75

SHA1
5b80014a9d9e092c3f23040d2b81cfc0d70a9507

SHA256
18448bace5e568cc6801a2a5d17b06b510a51159489ed97d4b447f99b5b7fe25

SHA512
09904a872aacbb33ed177ec2fd3fc61c6c5717c69642a1bf6705e060db936e215c55d1142a3b3e316abfb6d35f885433ea140d846a63329acb3fd3f7632062a4

Download Submit
C:\Windows\system\hdxObfa.exe

Filesize
6.0MB

MD5
b2f62ce7212df83b5e264bd4e72c2735

SHA1
79712a83c299701231ce2093427b5b6a2890bab8

SHA256
d51560b5eb7e88fbad51ff823f7da5e3af5942c227710e074c8cca317ccdd713

SHA512
ef2445dc80f21345757b9026e1ea89a1257e85cfd291a405f07bf849411c5e8073cb42640cfb4aea066a744f34a801f1212505028a782c1885f09588392b3837

Download Submit
C:\Windows\system\jLfivXh.exe

Filesize
6.0MB

MD5
eb0ae7f0906070e5fe3deaeaa9c28934

SHA1
27bd50897067e9a85898fae85d8f2f460c1564bc

SHA256
3c95963c3f45453d43bf00da2d5d2719dcfb345314195063d3a8a0683deb5bda

SHA512
1739ac30e613d66c5ab75e26f783ce613e4c7d5242d6e34292c6c0da91cbcacac3562de61672da6f548aa259850bf5031bd9f54db4dfe617a1f4ea4b2f47d074

Download Submit
C:\Windows\system\jicJLFY.exe

Filesize
6.0MB

MD5
46c1d1610b77e5ce30dfa689f6a88d4c

SHA1
5c82db569c1b318b2ecd6be89a5cb69194e89139

SHA256
1b4411e21a0ef0b91f621befc9c367859cff0bc1addb664bb8d696434f17135b

SHA512
40b18630d220d9d4d74db06ab67e4664d319d9732ed35217bd8a75e225c7281523ef4aad80ecf9a167957b0c0838e28f1e4ec9363d6c00bf146759a265340535

Download Submit
C:\Windows\system\kalyrCK.exe

Filesize
6.0MB

MD5
b249b7fe7762d333c9fcdcb6b3ccd802

SHA1
1ba9640f1c4425d9b5d73f2a3dba52e31488d40e

SHA256
e678f9a8dae0a0f29f446795bf75ff230d3408dbbd022c297d35b4172d9bc3f0

SHA512
9a8550daaf6496963f28744d8857111bfd8834aeacd1ae763f72f1c26b5c1d8a0c2f183eb50d2362ae468a5bbb915060c18cc775eefaa721bac314126db0813b

Download Submit
C:\Windows\system\nsrglqu.exe

Filesize
6.0MB

MD5
f6c27dab0fcf8510a3a63d23547eba07

SHA1
ded4f7501c272a5be55c7e5e81b6691c2c03eb24

SHA256
135a283d7856f68f90b0839db68dfa022ea0b196c79d81513c1fbc6e4c1375da

SHA512
fa98a7628d3f16617934aa83a48a30e2f28e9d6e9b18bc3a482088c394d923bdf07174b031c544b397ba4ffa1e3b6add94a7a8e36d7e9e652cb4559abe46de3f

Download Submit
C:\Windows\system\oLmhnNe.exe

Filesize
6.0MB

MD5
e2ca2133248db425dcfa393b89565101

SHA1
80acfa69ce5c0da309ea9584977346a3b9f9b700

SHA256
3b861028d28719cb6e3b9184494dcefc919d47565a314bda5f1c2f718d1c75a3

SHA512
03633a9b12c2ea16a8be1309af590313e124d144ced588ba590886a3c93db167105955cf14d7b5473b72383495b3020dc0b614f7d05eb773886d3e36096c4966

Download Submit
C:\Windows\system\wrPkJFd.exe

Filesize
6.0MB

MD5
05bed82f5af77cace8c57702b9dd04bb

SHA1
5c8b3ab498c4235558a1b1e29ca29d3e4ff77681

SHA256
6a245a22dc8066640595b7f0698a3c4aae2d86817b998e40c44c6689027f92d2

SHA512
51fbb9848cf72ff1be06ed49aeb7c625bc9235ec65690608e71a610faa52ccb8933cb579cc81b51333ab0b127d042be5d843a9dca7bd03a9114af72195f784d7

Download Submit
C:\Windows\system\ymrzBcH.exe

Filesize
6.0MB

MD5
262d482d7c8710b0247455d3720f70d1

SHA1
ab67c03207a2b3113e651a635b98f11403fef9f5

SHA256
4b8db144e2ab9be08150b1a4b71d7e4ac25fa37b55537afe7a12d057bcae90c1

SHA512
3187cbc464ea33367ecd55865674e7c77fbad87a3ecd55c5375e12a0b4acc6c7e28c7c352f386767f90b5d82006c772fb28ee9f5c32e90f6eafff76f8640f371

Download Submit
C:\Windows\system\znKTTGN.exe

Filesize
6.0MB

MD5
e631614847e6e9c2bfc366bd863e48b1

SHA1
9d66004df281aaa62286f886fd6917e5f8b4372c

SHA256
33b22f273201b60619c015c03603059762eca954920e1dde3be1cedaad30ead3

SHA512
e2e290a1e454b0581c7e5b7d6ca098a13025028c29995a07dc92eff69c24c88a81fd7a8bd7615e716955d4d4ce8adcd533198a3cec7912ac83ac9c513ddd5850

Download Submit
\Windows\system\UsUBRcj.exe

Filesize
6.0MB

MD5
16f04b40f6df53230807a5df4991828b

SHA1
220dcc65a82ad5e27669bc675190d5d1bfb3dd5b

SHA256
53d451ce991a0d6135111c05bcc24a729314075ae56732ca7805de4cba2c16d3

SHA512
ef34fbe961bfdca0e68db9bbd2ea4f646de2310db7f8f51c48020bb5e4cbfba09bee4259e8937d88bf9065d334759930530c11c134fec142a14fb5f48bfa5f50

Download Submit
\Windows\system\XvQoyRD.exe

Filesize
6.0MB

MD5
b3dbb72de1aec135d8976be632f1a3e3

SHA1
e27df85f8bdadda3d4befd99753da80888229fa9

SHA256
e67e7427639900976664fb23bd781cb15938f2620e2c8c5179536ad2f175767b

SHA512
0889fafdb3becbac74bb061505264604fe8f1abfba272b7d4cd74a21de14bed980eaad55f1892e1a4893131300ab876b07092a466c8aa883d9c9a65cf88abcd5

Download Submit
\Windows\system\fRPWYVq.exe

Filesize
6.0MB

MD5
02de8d73eb80dff4fd09441f5ca7c167

SHA1
2108672174feae858269fe2dc4db47d0c938406e

SHA256
106f52eca691ac316144f1c0d65864b37eea9624218c027f033f3049417b12d9

SHA512
e0c452c85ee801ef301a50bcd86ec4b72b0c81170c2476c81468def8fb5393f714579288b967fdff6181939f255c5e727652744071076d3af1424bcc9964ad12

Download Submit
memory/1708-88-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2797-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-363-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-107-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-21-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-368-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/1960-366-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-40-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-364-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-53-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-0-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-106-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-17-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-99-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-98-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/1960-57-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-243-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-61-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/1960-12-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-37-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-68-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-33-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-76-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2004-24-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2004-2773-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-30-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-2774-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2092-72-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2092-213-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2092-2793-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-32-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2112-2783-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2212-7-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-52-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-2772-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-41-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2232-79-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2232-2781-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2308-102-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2308-2802-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2308-64-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2508-2784-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2508-71-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2508-35-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2604-94-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2604-365-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2604-2803-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2716-49-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2716-87-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2716-2799-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2812-58-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2812-2800-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2812-93-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2872-2796-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2872-323-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2872-80-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/3052-367-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/3052-2798-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download