cobaltstrike | eb8913c23a5baf317f5ed9ee19e18eacd232be4dd51cc090dd20fc196328350e

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01/03/2025, 00:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

a936d2f6c47892805db7a0216cde576d
SHA1

ca5da1886781bd0244fc7bb34341ce40ccb14bf5
SHA256

eb8913c23a5baf317f5ed9ee19e18eacd232be4dd51cc090dd20fc196328350e
SHA512

cb831c2a07cbd52b05015bb2f8e3952dde92e00366c2086b6541e0aa272ade0b33c7a5c6c84f177961da9cbc1a9f28a3a4741ffa1ab6a4535c3510b8c2fc959f
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUY:T+q56utgpPF8u/7Y

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012280-3.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001939f-11.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193d0-10.dat	cobalt_reflective_dll
behavioral1/files/0x0032000000019354-20.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193f9-25.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019426-37.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019428-44.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000194c3-52.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194d5-58.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019647-61.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001964f-76.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019a85-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019650-83.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019b18-109.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019b16-104.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c8f-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cc8-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d98-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f62-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a448-191.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a447-185.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a444-176.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a446-181.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a30e-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a340-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b4-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07f-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a077-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f77-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c91-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c79-114.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197e4-102.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2716-0-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/files/0x000b000000012280-3.dat	xmrig
behavioral1/files/0x000700000001939f-11.dat	xmrig
behavioral1/memory/2284-15-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2716-6-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/files/0x00070000000193d0-10.dat	xmrig
behavioral1/files/0x0032000000019354-20.dat	xmrig
behavioral1/memory/2828-28-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/files/0x00060000000193f9-25.dat	xmrig
behavioral1/memory/2620-35-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2716-34-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/3036-32-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019426-37.dat	xmrig
behavioral1/memory/2848-38-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/1908-42-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x0006000000019428-44.dat	xmrig
behavioral1/memory/2284-49-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2748-51-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/files/0x00070000000194c3-52.dat	xmrig
behavioral1/memory/772-57-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/files/0x00060000000194d5-58.dat	xmrig
behavioral1/files/0x0005000000019647-61.dat	xmrig
behavioral1/memory/1716-79-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/1908-77-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x000500000001964f-76.dat	xmrig
behavioral1/memory/1308-75-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2620-72-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/1220-71-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/files/0x0005000000019a85-90.dat	xmrig
behavioral1/files/0x0005000000019650-83.dat	xmrig
behavioral1/files/0x0005000000019b18-109.dat	xmrig
behavioral1/files/0x0005000000019b16-104.dat	xmrig
behavioral1/files/0x0005000000019c8f-119.dat	xmrig
behavioral1/files/0x0005000000019cc8-129.dat	xmrig
behavioral1/files/0x0005000000019d98-134.dat	xmrig
behavioral1/files/0x0005000000019f62-139.dat	xmrig
behavioral1/memory/1308-507-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2716-985-0x00000000023F0000-0x0000000002744000-memory.dmp	xmrig
behavioral1/memory/1608-1054-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/1716-576-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2716-289-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a448-191.dat	xmrig
behavioral1/files/0x000500000001a447-185.dat	xmrig
behavioral1/files/0x000500000001a444-176.dat	xmrig
behavioral1/files/0x000500000001a446-181.dat	xmrig
behavioral1/files/0x000500000001a30e-164.dat	xmrig
behavioral1/files/0x000500000001a340-169.dat	xmrig
behavioral1/files/0x000500000001a0b4-159.dat	xmrig
behavioral1/files/0x000500000001a07f-154.dat	xmrig
behavioral1/files/0x000500000001a077-149.dat	xmrig
behavioral1/files/0x0005000000019f77-144.dat	xmrig
behavioral1/files/0x0005000000019c91-124.dat	xmrig
behavioral1/files/0x0005000000019c79-114.dat	xmrig
behavioral1/memory/1608-103-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/files/0x00050000000197e4-102.dat	xmrig
behavioral1/memory/2888-101-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2104-89-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/2284-3711-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2848-3719-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2828-3789-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/3036-3797-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2620-3810-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/1908-3843-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2748-3915-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2848	raGARCn.exe
2284	GHAujPY.exe
2828	iXTYzYY.exe
3036	uIuomAU.exe
2620	IivwDzc.exe
1908	TJajSjx.exe
2748	SmtZRAh.exe
772	wzlqbsN.exe
1220	cPhOXkV.exe
1308	pJCrXHQ.exe
1716	FqGgTip.exe
2104	mdjpFrz.exe
2888	xDqPIvQ.exe
1608	AOZaFKA.exe
492	qLodSgU.exe
1152	pCaeSpf.exe
2812	EIrVhsY.exe
2880	nMqxzLn.exe
2912	ZjxsLUU.exe
2472	SiokdAz.exe
2064	COSLhHs.exe
1724	UmDigVA.exe
3068	rtxopKw.exe
2392	tuDYcml.exe
2228	HvkFheI.exe
2136	LpcZbtp.exe
2312	VXbiZIn.exe
2428	cxoDlca.exe
1412	bKIEHiO.exe
1796	hIGOFbW.exe
2424	RDsqctX.exe
2096	XLIuDdJ.exe
688	aZSRuZf.exe
1316	dVLdzyq.exe
1040	AmDGHuv.exe
1804	SUngmho.exe
1500	qnCOyOL.exe
764	nBYgSmw.exe
1644	yWEaeUc.exe
1848	FNNPlOU.exe
1936	yShEgvt.exe
960	DRFlWxW.exe
2368	nXXivXt.exe
2380	hdypJef.exe
1920	RDOZyJC.exe
1712	OqJVvtk.exe
2532	OHhUcLn.exe
2292	sTLJlYE.exe
1160	nyvLOUV.exe
1676	VjmyWFD.exe
868	QcjFPmm.exe
1556	jSlrqKB.exe
2060	LOZMWGF.exe
1528	FIMQLlk.exe
2808	tqoZFCB.exe
2700	WtIgtcm.exe
2736	WwZswwF.exe
2692	MRTqkdK.exe
2712	daXqStr.exe
2568	ScAZgMJ.exe
2588	rQSYwsO.exe
2824	HkuoowP.exe
1660	WaUOyCi.exe
2616	tbBYpBb.exe

Loads dropped DLL 64 IoCs

pid	Process
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2716-0-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/files/0x000b000000012280-3.dat	upx
behavioral1/files/0x000700000001939f-11.dat	upx
behavioral1/memory/2284-15-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2716-6-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/files/0x00070000000193d0-10.dat	upx
behavioral1/files/0x0032000000019354-20.dat	upx
behavioral1/memory/2828-28-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/files/0x00060000000193f9-25.dat	upx
behavioral1/memory/2620-35-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2716-34-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/3036-32-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/files/0x0006000000019426-37.dat	upx
behavioral1/memory/2848-38-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/1908-42-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x0006000000019428-44.dat	upx
behavioral1/memory/2284-49-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2748-51-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/files/0x00070000000194c3-52.dat	upx
behavioral1/memory/772-57-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/files/0x00060000000194d5-58.dat	upx
behavioral1/files/0x0005000000019647-61.dat	upx
behavioral1/memory/1716-79-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/1908-77-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x000500000001964f-76.dat	upx
behavioral1/memory/1308-75-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2620-72-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/1220-71-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/files/0x0005000000019a85-90.dat	upx
behavioral1/files/0x0005000000019650-83.dat	upx
behavioral1/files/0x0005000000019b18-109.dat	upx
behavioral1/files/0x0005000000019b16-104.dat	upx
behavioral1/files/0x0005000000019c8f-119.dat	upx
behavioral1/files/0x0005000000019cc8-129.dat	upx
behavioral1/files/0x0005000000019d98-134.dat	upx
behavioral1/files/0x0005000000019f62-139.dat	upx
behavioral1/memory/1308-507-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/1608-1054-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/1716-576-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/files/0x000500000001a448-191.dat	upx
behavioral1/files/0x000500000001a447-185.dat	upx
behavioral1/files/0x000500000001a444-176.dat	upx
behavioral1/files/0x000500000001a446-181.dat	upx
behavioral1/files/0x000500000001a30e-164.dat	upx
behavioral1/files/0x000500000001a340-169.dat	upx
behavioral1/files/0x000500000001a0b4-159.dat	upx
behavioral1/files/0x000500000001a07f-154.dat	upx
behavioral1/files/0x000500000001a077-149.dat	upx
behavioral1/files/0x0005000000019f77-144.dat	upx
behavioral1/files/0x0005000000019c91-124.dat	upx
behavioral1/files/0x0005000000019c79-114.dat	upx
behavioral1/memory/1608-103-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/files/0x00050000000197e4-102.dat	upx
behavioral1/memory/2888-101-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2104-89-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2284-3711-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2848-3719-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2828-3789-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/3036-3797-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2620-3810-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/1908-3843-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2748-3915-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/772-3930-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/1220-3976-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\KocSJqx.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uRwEIVz.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sJXGaEK.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OjOhJhg.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iZxuKAd.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KlUsUtL.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QaOANxP.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wNCqDJA.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cxoDlca.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WwZswwF.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DNmMzXq.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZCthcvb.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LhVHmwR.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CcCCbjT.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cxDXjHn.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PdduHan.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lUuYGUB.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RPsofzn.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lfsifqQ.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BNeVmCm.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vITKhbE.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RDsqctX.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zZIAHci.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZImRppg.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uDHfhdx.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LdEpNjQ.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NtdjmMz.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rtxopKw.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dJkGQwY.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BtOFHHM.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UolEMlI.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vwvmZWb.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aWqnPgL.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mvJUHhs.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Msgtjxx.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kbfrDks.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SKFyiiE.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jKdJFkr.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OZApDVJ.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OVmDdLT.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xdTNrDY.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rYKGjkw.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CdDIsKU.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iiyKDMq.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fwHSzGc.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VfzeJPj.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TrrQkeX.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zqogVhB.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KQmzwgy.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fhNdzGd.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dECkjVI.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\daXqStr.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rcgDDrc.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sMsIchX.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\boQyMMh.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FjSoDMy.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YEamZpk.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\peolFUE.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LTTDzGd.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pwXfMKs.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wYMDQkX.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZjxsLUU.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EDXyXwl.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XkLwMUp.exe	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2716 wrote to memory of 2848	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2716 wrote to memory of 2848	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2716 wrote to memory of 2848	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2716 wrote to memory of 2284	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2716 wrote to memory of 2284	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2716 wrote to memory of 2284	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2716 wrote to memory of 2828	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2716 wrote to memory of 2828	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2716 wrote to memory of 2828	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2716 wrote to memory of 3036	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2716 wrote to memory of 3036	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2716 wrote to memory of 3036	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2716 wrote to memory of 2620	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2716 wrote to memory of 2620	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2716 wrote to memory of 2620	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2716 wrote to memory of 1908	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2716 wrote to memory of 1908	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2716 wrote to memory of 1908	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2716 wrote to memory of 2748	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2716 wrote to memory of 2748	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2716 wrote to memory of 2748	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2716 wrote to memory of 772	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2716 wrote to memory of 772	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2716 wrote to memory of 772	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2716 wrote to memory of 1308	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2716 wrote to memory of 1308	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2716 wrote to memory of 1308	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2716 wrote to memory of 1220	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2716 wrote to memory of 1220	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2716 wrote to memory of 1220	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2716 wrote to memory of 1716	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2716 wrote to memory of 1716	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2716 wrote to memory of 1716	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2716 wrote to memory of 2104	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2716 wrote to memory of 2104	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2716 wrote to memory of 2104	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2716 wrote to memory of 1608	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2716 wrote to memory of 1608	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2716 wrote to memory of 1608	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2716 wrote to memory of 2888	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2716 wrote to memory of 2888	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2716 wrote to memory of 2888	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2716 wrote to memory of 492	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2716 wrote to memory of 492	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2716 wrote to memory of 492	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2716 wrote to memory of 1152	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2716 wrote to memory of 1152	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2716 wrote to memory of 1152	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2716 wrote to memory of 2812	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2716 wrote to memory of 2812	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2716 wrote to memory of 2812	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2716 wrote to memory of 2880	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2716 wrote to memory of 2880	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2716 wrote to memory of 2880	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2716 wrote to memory of 2912	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2716 wrote to memory of 2912	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2716 wrote to memory of 2912	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2716 wrote to memory of 2472	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2716 wrote to memory of 2472	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2716 wrote to memory of 2472	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2716 wrote to memory of 2064	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2716 wrote to memory of 2064	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2716 wrote to memory of 2064	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2716 wrote to memory of 1724	2716	2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-01_a936d2f6c47892805db7a0216cde576d_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2716
- C:\Windows\System\raGARCn.exe
  C:\Windows\System\raGARCn.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\GHAujPY.exe
  C:\Windows\System\GHAujPY.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\iXTYzYY.exe
  C:\Windows\System\iXTYzYY.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\uIuomAU.exe
  C:\Windows\System\uIuomAU.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\IivwDzc.exe
  C:\Windows\System\IivwDzc.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\TJajSjx.exe
  C:\Windows\System\TJajSjx.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\SmtZRAh.exe
  C:\Windows\System\SmtZRAh.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\wzlqbsN.exe
  C:\Windows\System\wzlqbsN.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\pJCrXHQ.exe
  C:\Windows\System\pJCrXHQ.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\cPhOXkV.exe
  C:\Windows\System\cPhOXkV.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\FqGgTip.exe
  C:\Windows\System\FqGgTip.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\mdjpFrz.exe
  C:\Windows\System\mdjpFrz.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\AOZaFKA.exe
  C:\Windows\System\AOZaFKA.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\xDqPIvQ.exe
  C:\Windows\System\xDqPIvQ.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\qLodSgU.exe
  C:\Windows\System\qLodSgU.exe
  2⤵
  - Executes dropped EXE
  PID:492
- C:\Windows\System\pCaeSpf.exe
  C:\Windows\System\pCaeSpf.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\EIrVhsY.exe
  C:\Windows\System\EIrVhsY.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\nMqxzLn.exe
  C:\Windows\System\nMqxzLn.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\ZjxsLUU.exe
  C:\Windows\System\ZjxsLUU.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\SiokdAz.exe
  C:\Windows\System\SiokdAz.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\COSLhHs.exe
  C:\Windows\System\COSLhHs.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\UmDigVA.exe
  C:\Windows\System\UmDigVA.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\rtxopKw.exe
  C:\Windows\System\rtxopKw.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\tuDYcml.exe
  C:\Windows\System\tuDYcml.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\HvkFheI.exe
  C:\Windows\System\HvkFheI.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\LpcZbtp.exe
  C:\Windows\System\LpcZbtp.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\VXbiZIn.exe
  C:\Windows\System\VXbiZIn.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\cxoDlca.exe
  C:\Windows\System\cxoDlca.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\bKIEHiO.exe
  C:\Windows\System\bKIEHiO.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\hIGOFbW.exe
  C:\Windows\System\hIGOFbW.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\RDsqctX.exe
  C:\Windows\System\RDsqctX.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\XLIuDdJ.exe
  C:\Windows\System\XLIuDdJ.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\aZSRuZf.exe
  C:\Windows\System\aZSRuZf.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\dVLdzyq.exe
  C:\Windows\System\dVLdzyq.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\AmDGHuv.exe
  C:\Windows\System\AmDGHuv.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\SUngmho.exe
  C:\Windows\System\SUngmho.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\qnCOyOL.exe
  C:\Windows\System\qnCOyOL.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\nBYgSmw.exe
  C:\Windows\System\nBYgSmw.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\yWEaeUc.exe
  C:\Windows\System\yWEaeUc.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\FNNPlOU.exe
  C:\Windows\System\FNNPlOU.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\yShEgvt.exe
  C:\Windows\System\yShEgvt.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\DRFlWxW.exe
  C:\Windows\System\DRFlWxW.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\nXXivXt.exe
  C:\Windows\System\nXXivXt.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\hdypJef.exe
  C:\Windows\System\hdypJef.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\RDOZyJC.exe
  C:\Windows\System\RDOZyJC.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\OqJVvtk.exe
  C:\Windows\System\OqJVvtk.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\OHhUcLn.exe
  C:\Windows\System\OHhUcLn.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\sTLJlYE.exe
  C:\Windows\System\sTLJlYE.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\nyvLOUV.exe
  C:\Windows\System\nyvLOUV.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\VjmyWFD.exe
  C:\Windows\System\VjmyWFD.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\QcjFPmm.exe
  C:\Windows\System\QcjFPmm.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\jSlrqKB.exe
  C:\Windows\System\jSlrqKB.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\LOZMWGF.exe
  C:\Windows\System\LOZMWGF.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\FIMQLlk.exe
  C:\Windows\System\FIMQLlk.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\tqoZFCB.exe
  C:\Windows\System\tqoZFCB.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\WtIgtcm.exe
  C:\Windows\System\WtIgtcm.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\WwZswwF.exe
  C:\Windows\System\WwZswwF.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\MRTqkdK.exe
  C:\Windows\System\MRTqkdK.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\daXqStr.exe
  C:\Windows\System\daXqStr.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\ScAZgMJ.exe
  C:\Windows\System\ScAZgMJ.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\rQSYwsO.exe
  C:\Windows\System\rQSYwsO.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\HkuoowP.exe
  C:\Windows\System\HkuoowP.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\WaUOyCi.exe
  C:\Windows\System\WaUOyCi.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\tbBYpBb.exe
  C:\Windows\System\tbBYpBb.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\CzGKAUd.exe
  C:\Windows\System\CzGKAUd.exe
  2⤵
  PID:3008
- C:\Windows\System\IFoxCYq.exe
  C:\Windows\System\IFoxCYq.exe
  2⤵
  PID:3020
- C:\Windows\System\boKEtDv.exe
  C:\Windows\System\boKEtDv.exe
  2⤵
  PID:2100
- C:\Windows\System\YHgjyFW.exe
  C:\Windows\System\YHgjyFW.exe
  2⤵
  PID:2152
- C:\Windows\System\ozOPXfW.exe
  C:\Windows\System\ozOPXfW.exe
  2⤵
  PID:1852
- C:\Windows\System\MDRQmQZ.exe
  C:\Windows\System\MDRQmQZ.exe
  2⤵
  PID:1752
- C:\Windows\System\cszZhjN.exe
  C:\Windows\System\cszZhjN.exe
  2⤵
  PID:1612
- C:\Windows\System\AEmQMeW.exe
  C:\Windows\System\AEmQMeW.exe
  2⤵
  PID:1880
- C:\Windows\System\JDIKSgh.exe
  C:\Windows\System\JDIKSgh.exe
  2⤵
  PID:1576
- C:\Windows\System\rwReFrB.exe
  C:\Windows\System\rwReFrB.exe
  2⤵
  PID:1976
- C:\Windows\System\xSQoRfZ.exe
  C:\Windows\System\xSQoRfZ.exe
  2⤵
  PID:2956
- C:\Windows\System\xCTglcF.exe
  C:\Windows\System\xCTglcF.exe
  2⤵
  PID:2260
- C:\Windows\System\WGODPvd.exe
  C:\Windows\System\WGODPvd.exe
  2⤵
  PID:1048
- C:\Windows\System\mMCMzOb.exe
  C:\Windows\System\mMCMzOb.exe
  2⤵
  PID:2036
- C:\Windows\System\yknUgIa.exe
  C:\Windows\System\yknUgIa.exe
  2⤵
  PID:3040
- C:\Windows\System\LFgFAIu.exe
  C:\Windows\System\LFgFAIu.exe
  2⤵
  PID:2180
- C:\Windows\System\FlAQtCm.exe
  C:\Windows\System\FlAQtCm.exe
  2⤵
  PID:1860
- C:\Windows\System\CveRaNz.exe
  C:\Windows\System\CveRaNz.exe
  2⤵
  PID:1620
- C:\Windows\System\pqaUQmf.exe
  C:\Windows\System\pqaUQmf.exe
  2⤵
  PID:1000
- C:\Windows\System\tLlHJKv.exe
  C:\Windows\System\tLlHJKv.exe
  2⤵
  PID:1888
- C:\Windows\System\aWrmPCL.exe
  C:\Windows\System\aWrmPCL.exe
  2⤵
  PID:876
- C:\Windows\System\YTzoVvk.exe
  C:\Windows\System\YTzoVvk.exe
  2⤵
  PID:2960
- C:\Windows\System\VfFzLKt.exe
  C:\Windows\System\VfFzLKt.exe
  2⤵
  PID:292
- C:\Windows\System\LjUnodA.exe
  C:\Windows\System\LjUnodA.exe
  2⤵
  PID:1248
- C:\Windows\System\vmkquQT.exe
  C:\Windows\System\vmkquQT.exe
  2⤵
  PID:2316
- C:\Windows\System\YjoDmZj.exe
  C:\Windows\System\YjoDmZj.exe
  2⤵
  PID:1420
- C:\Windows\System\DNmMzXq.exe
  C:\Windows\System\DNmMzXq.exe
  2⤵
  PID:1680
- C:\Windows\System\rqqbUSU.exe
  C:\Windows\System\rqqbUSU.exe
  2⤵
  PID:2968
- C:\Windows\System\mqMWhIR.exe
  C:\Windows\System\mqMWhIR.exe
  2⤵
  PID:352
- C:\Windows\System\WacZTbR.exe
  C:\Windows\System\WacZTbR.exe
  2⤵
  PID:1496
- C:\Windows\System\dMTKcpY.exe
  C:\Windows\System\dMTKcpY.exe
  2⤵
  PID:2840
- C:\Windows\System\KFMNIMZ.exe
  C:\Windows\System\KFMNIMZ.exe
  2⤵
  PID:2580
- C:\Windows\System\AQSTKSa.exe
  C:\Windows\System\AQSTKSa.exe
  2⤵
  PID:2636
- C:\Windows\System\YRtVPfj.exe
  C:\Windows\System\YRtVPfj.exe
  2⤵
  PID:2204
- C:\Windows\System\dlsLfwx.exe
  C:\Windows\System\dlsLfwx.exe
  2⤵
  PID:2148
- C:\Windows\System\QBxjaUb.exe
  C:\Windows\System\QBxjaUb.exe
  2⤵
  PID:2868
- C:\Windows\System\UUPcOPx.exe
  C:\Windows\System\UUPcOPx.exe
  2⤵
  PID:532
- C:\Windows\System\MDbBCVN.exe
  C:\Windows\System\MDbBCVN.exe
  2⤵
  PID:1108
- C:\Windows\System\BQkYIrD.exe
  C:\Windows\System\BQkYIrD.exe
  2⤵
  PID:2176
- C:\Windows\System\yIreUEn.exe
  C:\Windows\System\yIreUEn.exe
  2⤵
  PID:2540
- C:\Windows\System\PPBpJwR.exe
  C:\Windows\System\PPBpJwR.exe
  2⤵
  PID:2132
- C:\Windows\System\IuRZQNt.exe
  C:\Windows\System\IuRZQNt.exe
  2⤵
  PID:2900
- C:\Windows\System\XwsxVmp.exe
  C:\Windows\System\XwsxVmp.exe
  2⤵
  PID:1736
- C:\Windows\System\eFHZUff.exe
  C:\Windows\System\eFHZUff.exe
  2⤵
  PID:2112
- C:\Windows\System\rVcqatV.exe
  C:\Windows\System\rVcqatV.exe
  2⤵
  PID:1628
- C:\Windows\System\RmnMhol.exe
  C:\Windows\System\RmnMhol.exe
  2⤵
  PID:2200
- C:\Windows\System\WtTTnpl.exe
  C:\Windows\System\WtTTnpl.exe
  2⤵
  PID:372
- C:\Windows\System\svcrTsX.exe
  C:\Windows\System\svcrTsX.exe
  2⤵
  PID:1072
- C:\Windows\System\khoyGlr.exe
  C:\Windows\System\khoyGlr.exe
  2⤵
  PID:2500
- C:\Windows\System\uADDaDy.exe
  C:\Windows\System\uADDaDy.exe
  2⤵
  PID:1652
- C:\Windows\System\sFZWtTQ.exe
  C:\Windows\System\sFZWtTQ.exe
  2⤵
  PID:2924
- C:\Windows\System\SEGhOzZ.exe
  C:\Windows\System\SEGhOzZ.exe
  2⤵
  PID:2516
- C:\Windows\System\JGRycaA.exe
  C:\Windows\System\JGRycaA.exe
  2⤵
  PID:1300
- C:\Windows\System\cvEypFg.exe
  C:\Windows\System\cvEypFg.exe
  2⤵
  PID:1900
- C:\Windows\System\TUTtKGR.exe
  C:\Windows\System\TUTtKGR.exe
  2⤵
  PID:1520
- C:\Windows\System\EgeknOv.exe
  C:\Windows\System\EgeknOv.exe
  2⤵
  PID:2836
- C:\Windows\System\gKbrEOu.exe
  C:\Windows\System\gKbrEOu.exe
  2⤵
  PID:2916
- C:\Windows\System\EYLUvrc.exe
  C:\Windows\System\EYLUvrc.exe
  2⤵
  PID:2220
- C:\Windows\System\PwlTQWG.exe
  C:\Windows\System\PwlTQWG.exe
  2⤵
  PID:2572
- C:\Windows\System\SREDZLu.exe
  C:\Windows\System\SREDZLu.exe
  2⤵
  PID:1424
- C:\Windows\System\jazfjxn.exe
  C:\Windows\System\jazfjxn.exe
  2⤵
  PID:2012
- C:\Windows\System\SteRhlN.exe
  C:\Windows\System\SteRhlN.exe
  2⤵
  PID:1272
- C:\Windows\System\ZUbWmoI.exe
  C:\Windows\System\ZUbWmoI.exe
  2⤵
  PID:2952
- C:\Windows\System\KBxyNtc.exe
  C:\Windows\System\KBxyNtc.exe
  2⤵
  PID:2248
- C:\Windows\System\kHSLADt.exe
  C:\Windows\System\kHSLADt.exe
  2⤵
  PID:1120
- C:\Windows\System\IMLuztZ.exe
  C:\Windows\System\IMLuztZ.exe
  2⤵
  PID:1476
- C:\Windows\System\UdsyHkz.exe
  C:\Windows\System\UdsyHkz.exe
  2⤵
  PID:2416
- C:\Windows\System\eBCvnma.exe
  C:\Windows\System\eBCvnma.exe
  2⤵
  PID:2772
- C:\Windows\System\EYSMuRw.exe
  C:\Windows\System\EYSMuRw.exe
  2⤵
  PID:376
- C:\Windows\System\pHANXKb.exe
  C:\Windows\System\pHANXKb.exe
  2⤵
  PID:464
- C:\Windows\System\wFZlaaP.exe
  C:\Windows\System\wFZlaaP.exe
  2⤵
  PID:2592
- C:\Windows\System\KFBDgnT.exe
  C:\Windows\System\KFBDgnT.exe
  2⤵
  PID:2068
- C:\Windows\System\FbzNORJ.exe
  C:\Windows\System\FbzNORJ.exe
  2⤵
  PID:2864
- C:\Windows\System\bhEIPhM.exe
  C:\Windows\System\bhEIPhM.exe
  2⤵
  PID:1980
- C:\Windows\System\nUtBuEt.exe
  C:\Windows\System\nUtBuEt.exe
  2⤵
  PID:1940
- C:\Windows\System\vOzCmtU.exe
  C:\Windows\System\vOzCmtU.exe
  2⤵
  PID:2412
- C:\Windows\System\FXBGLfW.exe
  C:\Windows\System\FXBGLfW.exe
  2⤵
  PID:1704
- C:\Windows\System\LUOVgOX.exe
  C:\Windows\System\LUOVgOX.exe
  2⤵
  PID:1448
- C:\Windows\System\KLhbTMp.exe
  C:\Windows\System\KLhbTMp.exe
  2⤵
  PID:1524
- C:\Windows\System\PIEqBtV.exe
  C:\Windows\System\PIEqBtV.exe
  2⤵
  PID:3076
- C:\Windows\System\KpmiCNR.exe
  C:\Windows\System\KpmiCNR.exe
  2⤵
  PID:3096
- C:\Windows\System\DydDDSU.exe
  C:\Windows\System\DydDDSU.exe
  2⤵
  PID:3120
- C:\Windows\System\WtMqfGP.exe
  C:\Windows\System\WtMqfGP.exe
  2⤵
  PID:3140
- C:\Windows\System\fKqFqxQ.exe
  C:\Windows\System\fKqFqxQ.exe
  2⤵
  PID:3160
- C:\Windows\System\eraPVIS.exe
  C:\Windows\System\eraPVIS.exe
  2⤵
  PID:3180
- C:\Windows\System\EDXyXwl.exe
  C:\Windows\System\EDXyXwl.exe
  2⤵
  PID:3200
- C:\Windows\System\hlBkyyI.exe
  C:\Windows\System\hlBkyyI.exe
  2⤵
  PID:3220
- C:\Windows\System\RFPhAHD.exe
  C:\Windows\System\RFPhAHD.exe
  2⤵
  PID:3240
- C:\Windows\System\SXNLVTf.exe
  C:\Windows\System\SXNLVTf.exe
  2⤵
  PID:3260
- C:\Windows\System\XinctgZ.exe
  C:\Windows\System\XinctgZ.exe
  2⤵
  PID:3280
- C:\Windows\System\PkDcBNR.exe
  C:\Windows\System\PkDcBNR.exe
  2⤵
  PID:3300
- C:\Windows\System\kbfrDks.exe
  C:\Windows\System\kbfrDks.exe
  2⤵
  PID:3320
- C:\Windows\System\fzbqasE.exe
  C:\Windows\System\fzbqasE.exe
  2⤵
  PID:3340
- C:\Windows\System\zGqYGwK.exe
  C:\Windows\System\zGqYGwK.exe
  2⤵
  PID:3360
- C:\Windows\System\LvTuEhj.exe
  C:\Windows\System\LvTuEhj.exe
  2⤵
  PID:3380
- C:\Windows\System\BEDOQFG.exe
  C:\Windows\System\BEDOQFG.exe
  2⤵
  PID:3404
- C:\Windows\System\uVqQqHb.exe
  C:\Windows\System\uVqQqHb.exe
  2⤵
  PID:3424
- C:\Windows\System\gONGGuE.exe
  C:\Windows\System\gONGGuE.exe
  2⤵
  PID:3444
- C:\Windows\System\gQOmapD.exe
  C:\Windows\System\gQOmapD.exe
  2⤵
  PID:3464
- C:\Windows\System\JAbeALg.exe
  C:\Windows\System\JAbeALg.exe
  2⤵
  PID:3484
- C:\Windows\System\jWTXQeg.exe
  C:\Windows\System\jWTXQeg.exe
  2⤵
  PID:3504
- C:\Windows\System\kRStcls.exe
  C:\Windows\System\kRStcls.exe
  2⤵
  PID:3524
- C:\Windows\System\gABiMbI.exe
  C:\Windows\System\gABiMbI.exe
  2⤵
  PID:3544
- C:\Windows\System\orAnFYy.exe
  C:\Windows\System\orAnFYy.exe
  2⤵
  PID:3564
- C:\Windows\System\wvyZoaA.exe
  C:\Windows\System\wvyZoaA.exe
  2⤵
  PID:3584
- C:\Windows\System\zEKZhsp.exe
  C:\Windows\System\zEKZhsp.exe
  2⤵
  PID:3604
- C:\Windows\System\fqTNpkJ.exe
  C:\Windows\System\fqTNpkJ.exe
  2⤵
  PID:3624
- C:\Windows\System\xJZZQJm.exe
  C:\Windows\System\xJZZQJm.exe
  2⤵
  PID:3644
- C:\Windows\System\HsUWEME.exe
  C:\Windows\System\HsUWEME.exe
  2⤵
  PID:3664
- C:\Windows\System\PdufQYN.exe
  C:\Windows\System\PdufQYN.exe
  2⤵
  PID:3684
- C:\Windows\System\iiyKDMq.exe
  C:\Windows\System\iiyKDMq.exe
  2⤵
  PID:3704
- C:\Windows\System\ePQnEnK.exe
  C:\Windows\System\ePQnEnK.exe
  2⤵
  PID:3724
- C:\Windows\System\gWNccqk.exe
  C:\Windows\System\gWNccqk.exe
  2⤵
  PID:3744
- C:\Windows\System\PxPeRbN.exe
  C:\Windows\System\PxPeRbN.exe
  2⤵
  PID:3764
- C:\Windows\System\WPFgWXN.exe
  C:\Windows\System\WPFgWXN.exe
  2⤵
  PID:3784
- C:\Windows\System\zFojnFo.exe
  C:\Windows\System\zFojnFo.exe
  2⤵
  PID:3808
- C:\Windows\System\BXnSxpv.exe
  C:\Windows\System\BXnSxpv.exe
  2⤵
  PID:3828
- C:\Windows\System\XIIEcpP.exe
  C:\Windows\System\XIIEcpP.exe
  2⤵
  PID:3848
- C:\Windows\System\lJJhwPq.exe
  C:\Windows\System\lJJhwPq.exe
  2⤵
  PID:3868
- C:\Windows\System\TMimZPg.exe
  C:\Windows\System\TMimZPg.exe
  2⤵
  PID:3888
- C:\Windows\System\teWqBqN.exe
  C:\Windows\System\teWqBqN.exe
  2⤵
  PID:3908
- C:\Windows\System\NfpLoUf.exe
  C:\Windows\System\NfpLoUf.exe
  2⤵
  PID:3928
- C:\Windows\System\VHVyppt.exe
  C:\Windows\System\VHVyppt.exe
  2⤵
  PID:3948
- C:\Windows\System\FNYRDKR.exe
  C:\Windows\System\FNYRDKR.exe
  2⤵
  PID:3968
- C:\Windows\System\lliYBhp.exe
  C:\Windows\System\lliYBhp.exe
  2⤵
  PID:3988
- C:\Windows\System\MJySaOx.exe
  C:\Windows\System\MJySaOx.exe
  2⤵
  PID:4004
- C:\Windows\System\fwHSzGc.exe
  C:\Windows\System\fwHSzGc.exe
  2⤵
  PID:4028
- C:\Windows\System\wYHWhfc.exe
  C:\Windows\System\wYHWhfc.exe
  2⤵
  PID:4048
- C:\Windows\System\CubdVaU.exe
  C:\Windows\System\CubdVaU.exe
  2⤵
  PID:4068
- C:\Windows\System\BYcgEsT.exe
  C:\Windows\System\BYcgEsT.exe
  2⤵
  PID:4088
- C:\Windows\System\jenaMNL.exe
  C:\Windows\System\jenaMNL.exe
  2⤵
  PID:2016
- C:\Windows\System\aOwqKMA.exe
  C:\Windows\System\aOwqKMA.exe
  2⤵
  PID:1732
- C:\Windows\System\GyZCQOT.exe
  C:\Windows\System\GyZCQOT.exe
  2⤵
  PID:1276
- C:\Windows\System\QiHeisA.exe
  C:\Windows\System\QiHeisA.exe
  2⤵
  PID:1292
- C:\Windows\System\cIzpEqX.exe
  C:\Windows\System\cIzpEqX.exe
  2⤵
  PID:3084
- C:\Windows\System\wHbNQDw.exe
  C:\Windows\System\wHbNQDw.exe
  2⤵
  PID:3088
- C:\Windows\System\briHsbD.exe
  C:\Windows\System\briHsbD.exe
  2⤵
  PID:3132
- C:\Windows\System\AEYMHNc.exe
  C:\Windows\System\AEYMHNc.exe
  2⤵
  PID:3152
- C:\Windows\System\yCDMuSR.exe
  C:\Windows\System\yCDMuSR.exe
  2⤵
  PID:3212
- C:\Windows\System\cpjDBnx.exe
  C:\Windows\System\cpjDBnx.exe
  2⤵
  PID:3248
- C:\Windows\System\hMhevpk.exe
  C:\Windows\System\hMhevpk.exe
  2⤵
  PID:3288
- C:\Windows\System\HCayCOG.exe
  C:\Windows\System\HCayCOG.exe
  2⤵
  PID:3272
- C:\Windows\System\pFsuApD.exe
  C:\Windows\System\pFsuApD.exe
  2⤵
  PID:3316
- C:\Windows\System\LdXMWFd.exe
  C:\Windows\System\LdXMWFd.exe
  2⤵
  PID:3348
- C:\Windows\System\SDXIUtz.exe
  C:\Windows\System\SDXIUtz.exe
  2⤵
  PID:568
- C:\Windows\System\plyzcqM.exe
  C:\Windows\System\plyzcqM.exe
  2⤵
  PID:3432
- C:\Windows\System\IFpxelP.exe
  C:\Windows\System\IFpxelP.exe
  2⤵
  PID:3440
- C:\Windows\System\swbTPVk.exe
  C:\Windows\System\swbTPVk.exe
  2⤵
  PID:3496
- C:\Windows\System\AMwKOsR.exe
  C:\Windows\System\AMwKOsR.exe
  2⤵
  PID:3536
- C:\Windows\System\SCbrffZ.exe
  C:\Windows\System\SCbrffZ.exe
  2⤵
  PID:3552
- C:\Windows\System\ItWCDUF.exe
  C:\Windows\System\ItWCDUF.exe
  2⤵
  PID:3556
- C:\Windows\System\xLfrQrC.exe
  C:\Windows\System\xLfrQrC.exe
  2⤵
  PID:3600
- C:\Windows\System\ULizEGt.exe
  C:\Windows\System\ULizEGt.exe
  2⤵
  PID:3632
- C:\Windows\System\SKFyiiE.exe
  C:\Windows\System\SKFyiiE.exe
  2⤵
  PID:3700
- C:\Windows\System\UfixKNU.exe
  C:\Windows\System\UfixKNU.exe
  2⤵
  PID:3732
- C:\Windows\System\dCRjQza.exe
  C:\Windows\System\dCRjQza.exe
  2⤵
  PID:3712
- C:\Windows\System\opzMZfE.exe
  C:\Windows\System\opzMZfE.exe
  2⤵
  PID:3760
- C:\Windows\System\aRZvShy.exe
  C:\Windows\System\aRZvShy.exe
  2⤵
  PID:3792
- C:\Windows\System\hoPuGuI.exe
  C:\Windows\System\hoPuGuI.exe
  2⤵
  PID:3836
- C:\Windows\System\mLUloga.exe
  C:\Windows\System\mLUloga.exe
  2⤵
  PID:3896
- C:\Windows\System\zpLFspX.exe
  C:\Windows\System\zpLFspX.exe
  2⤵
  PID:3944
- C:\Windows\System\lIfCdRQ.exe
  C:\Windows\System\lIfCdRQ.exe
  2⤵
  PID:3976
- C:\Windows\System\rsbLgMR.exe
  C:\Windows\System\rsbLgMR.exe
  2⤵
  PID:3956
- C:\Windows\System\ZCthcvb.exe
  C:\Windows\System\ZCthcvb.exe
  2⤵
  PID:3996
- C:\Windows\System\zYBYNEO.exe
  C:\Windows\System\zYBYNEO.exe
  2⤵
  PID:4036
- C:\Windows\System\jZJWHeC.exe
  C:\Windows\System\jZJWHeC.exe
  2⤵
  PID:304
- C:\Windows\System\teRvkvQ.exe
  C:\Windows\System\teRvkvQ.exe
  2⤵
  PID:1672
- C:\Windows\System\ToOBKft.exe
  C:\Windows\System\ToOBKft.exe
  2⤵
  PID:2976
- C:\Windows\System\keiBUxp.exe
  C:\Windows\System\keiBUxp.exe
  2⤵
  PID:2732
- C:\Windows\System\vfyQJeI.exe
  C:\Windows\System\vfyQJeI.exe
  2⤵
  PID:2548
- C:\Windows\System\UAVucYl.exe
  C:\Windows\System\UAVucYl.exe
  2⤵
  PID:3148
- C:\Windows\System\UWTRdHS.exe
  C:\Windows\System\UWTRdHS.exe
  2⤵
  PID:3232
- C:\Windows\System\wbiXSWY.exe
  C:\Windows\System\wbiXSWY.exe
  2⤵
  PID:3312
- C:\Windows\System\FrEdhYb.exe
  C:\Windows\System\FrEdhYb.exe
  2⤵
  PID:3356
- C:\Windows\System\kxAgYfZ.exe
  C:\Windows\System\kxAgYfZ.exe
  2⤵
  PID:3796
- C:\Windows\System\VnJgEsG.exe
  C:\Windows\System\VnJgEsG.exe
  2⤵
  PID:3436
- C:\Windows\System\YNfWDML.exe
  C:\Windows\System\YNfWDML.exe
  2⤵
  PID:3116
- C:\Windows\System\GrJuHuX.exe
  C:\Windows\System\GrJuHuX.exe
  2⤵
  PID:3532
- C:\Windows\System\lJzVitz.exe
  C:\Windows\System\lJzVitz.exe
  2⤵
  PID:3516
- C:\Windows\System\QEVRGzd.exe
  C:\Windows\System\QEVRGzd.exe
  2⤵
  PID:3620
- C:\Windows\System\tggbKby.exe
  C:\Windows\System\tggbKby.exe
  2⤵
  PID:3696
- C:\Windows\System\RYgNIGY.exe
  C:\Windows\System\RYgNIGY.exe
  2⤵
  PID:3660
- C:\Windows\System\qsnQTsu.exe
  C:\Windows\System\qsnQTsu.exe
  2⤵
  PID:3804
- C:\Windows\System\bhIRVeu.exe
  C:\Windows\System\bhIRVeu.exe
  2⤵
  PID:3856
- C:\Windows\System\wFtQvxa.exe
  C:\Windows\System\wFtQvxa.exe
  2⤵
  PID:3844
- C:\Windows\System\jWZABfZ.exe
  C:\Windows\System\jWZABfZ.exe
  2⤵
  PID:3980
- C:\Windows\System\hvnWSbR.exe
  C:\Windows\System\hvnWSbR.exe
  2⤵
  PID:4056
- C:\Windows\System\InAarRu.exe
  C:\Windows\System\InAarRu.exe
  2⤵
  PID:4020
- C:\Windows\System\zdIeTnu.exe
  C:\Windows\System\zdIeTnu.exe
  2⤵
  PID:696
- C:\Windows\System\ZPOeFzU.exe
  C:\Windows\System\ZPOeFzU.exe
  2⤵
  PID:2272
- C:\Windows\System\kXeRGyX.exe
  C:\Windows\System\kXeRGyX.exe
  2⤵
  PID:3168
- C:\Windows\System\XkLwMUp.exe
  C:\Windows\System\XkLwMUp.exe
  2⤵
  PID:3188
- C:\Windows\System\qPbdzGc.exe
  C:\Windows\System\qPbdzGc.exe
  2⤵
  PID:3372
- C:\Windows\System\acIAExS.exe
  C:\Windows\System\acIAExS.exe
  2⤵
  PID:3268
- C:\Windows\System\jZNYXkD.exe
  C:\Windows\System\jZNYXkD.exe
  2⤵
  PID:3416
- C:\Windows\System\lpyoOaZ.exe
  C:\Windows\System\lpyoOaZ.exe
  2⤵
  PID:3480
- C:\Windows\System\olWaVBV.exe
  C:\Windows\System\olWaVBV.exe
  2⤵
  PID:3476
- C:\Windows\System\PnGiZvC.exe
  C:\Windows\System\PnGiZvC.exe
  2⤵
  PID:3592
- C:\Windows\System\jGCQkTi.exe
  C:\Windows\System\jGCQkTi.exe
  2⤵
  PID:3776
- C:\Windows\System\QqqsCNF.exe
  C:\Windows\System\QqqsCNF.exe
  2⤵
  PID:3820
- C:\Windows\System\oogtGej.exe
  C:\Windows\System\oogtGej.exe
  2⤵
  PID:3960
- C:\Windows\System\qjzxLTL.exe
  C:\Windows\System\qjzxLTL.exe
  2⤵
  PID:4016
- C:\Windows\System\uIwYlQK.exe
  C:\Windows\System\uIwYlQK.exe
  2⤵
  PID:4064
- C:\Windows\System\oWDNwuR.exe
  C:\Windows\System\oWDNwuR.exe
  2⤵
  PID:3192
- C:\Windows\System\PiwIPmd.exe
  C:\Windows\System\PiwIPmd.exe
  2⤵
  PID:3228
- C:\Windows\System\VfzeJPj.exe
  C:\Windows\System\VfzeJPj.exe
  2⤵
  PID:3512
- C:\Windows\System\nyvEiqP.exe
  C:\Windows\System\nyvEiqP.exe
  2⤵
  PID:3560
- C:\Windows\System\BqvoFUU.exe
  C:\Windows\System\BqvoFUU.exe
  2⤵
  PID:2560
- C:\Windows\System\dABqglf.exe
  C:\Windows\System\dABqglf.exe
  2⤵
  PID:628
- C:\Windows\System\IZMIQER.exe
  C:\Windows\System\IZMIQER.exe
  2⤵
  PID:3716
- C:\Windows\System\PdduHan.exe
  C:\Windows\System\PdduHan.exe
  2⤵
  PID:2652
- C:\Windows\System\MRwhqeq.exe
  C:\Windows\System\MRwhqeq.exe
  2⤵
  PID:1504
- C:\Windows\System\LZLehTF.exe
  C:\Windows\System\LZLehTF.exe
  2⤵
  PID:3376
- C:\Windows\System\TrrQkeX.exe
  C:\Windows\System\TrrQkeX.exe
  2⤵
  PID:4100
- C:\Windows\System\vQaXwJc.exe
  C:\Windows\System\vQaXwJc.exe
  2⤵
  PID:4120
- C:\Windows\System\KGWEKFW.exe
  C:\Windows\System\KGWEKFW.exe
  2⤵
  PID:4140
- C:\Windows\System\RRrLlWF.exe
  C:\Windows\System\RRrLlWF.exe
  2⤵
  PID:4160
- C:\Windows\System\auESeyf.exe
  C:\Windows\System\auESeyf.exe
  2⤵
  PID:4180
- C:\Windows\System\nrrchsb.exe
  C:\Windows\System\nrrchsb.exe
  2⤵
  PID:4200
- C:\Windows\System\pkwayfK.exe
  C:\Windows\System\pkwayfK.exe
  2⤵
  PID:4220
- C:\Windows\System\vvRnQtA.exe
  C:\Windows\System\vvRnQtA.exe
  2⤵
  PID:4240
- C:\Windows\System\dDHpHjb.exe
  C:\Windows\System\dDHpHjb.exe
  2⤵
  PID:4260
- C:\Windows\System\yZGhRYE.exe
  C:\Windows\System\yZGhRYE.exe
  2⤵
  PID:4280
- C:\Windows\System\YzXxKbz.exe
  C:\Windows\System\YzXxKbz.exe
  2⤵
  PID:4300
- C:\Windows\System\XggCCrU.exe
  C:\Windows\System\XggCCrU.exe
  2⤵
  PID:4320
- C:\Windows\System\AnfaCJR.exe
  C:\Windows\System\AnfaCJR.exe
  2⤵
  PID:4340
- C:\Windows\System\oxKZaSH.exe
  C:\Windows\System\oxKZaSH.exe
  2⤵
  PID:4360
- C:\Windows\System\gyzAcEh.exe
  C:\Windows\System\gyzAcEh.exe
  2⤵
  PID:4380
- C:\Windows\System\sLVrSxA.exe
  C:\Windows\System\sLVrSxA.exe
  2⤵
  PID:4400
- C:\Windows\System\tIIlPYh.exe
  C:\Windows\System\tIIlPYh.exe
  2⤵
  PID:4420
- C:\Windows\System\lUuYGUB.exe
  C:\Windows\System\lUuYGUB.exe
  2⤵
  PID:4440
- C:\Windows\System\LVTxSss.exe
  C:\Windows\System\LVTxSss.exe
  2⤵
  PID:4464
- C:\Windows\System\fXPxlAE.exe
  C:\Windows\System\fXPxlAE.exe
  2⤵
  PID:4484
- C:\Windows\System\rigsEFE.exe
  C:\Windows\System\rigsEFE.exe
  2⤵
  PID:4504
- C:\Windows\System\bPRWrCW.exe
  C:\Windows\System\bPRWrCW.exe
  2⤵
  PID:4524
- C:\Windows\System\hfxUXWh.exe
  C:\Windows\System\hfxUXWh.exe
  2⤵
  PID:4544
- C:\Windows\System\OkSxiOQ.exe
  C:\Windows\System\OkSxiOQ.exe
  2⤵
  PID:4564
- C:\Windows\System\xjmXGWj.exe
  C:\Windows\System\xjmXGWj.exe
  2⤵
  PID:4584
- C:\Windows\System\WHTyqrO.exe
  C:\Windows\System\WHTyqrO.exe
  2⤵
  PID:4604
- C:\Windows\System\NRVOzkB.exe
  C:\Windows\System\NRVOzkB.exe
  2⤵
  PID:4628
- C:\Windows\System\rcgDDrc.exe
  C:\Windows\System\rcgDDrc.exe
  2⤵
  PID:4648
- C:\Windows\System\ZxpgJcm.exe
  C:\Windows\System\ZxpgJcm.exe
  2⤵
  PID:4668
- C:\Windows\System\YjbmhVm.exe
  C:\Windows\System\YjbmhVm.exe
  2⤵
  PID:4688
- C:\Windows\System\UCCCRyY.exe
  C:\Windows\System\UCCCRyY.exe
  2⤵
  PID:4708
- C:\Windows\System\jGeydQu.exe
  C:\Windows\System\jGeydQu.exe
  2⤵
  PID:4728
- C:\Windows\System\uqUOGQX.exe
  C:\Windows\System\uqUOGQX.exe
  2⤵
  PID:4748
- C:\Windows\System\nmufLDs.exe
  C:\Windows\System\nmufLDs.exe
  2⤵
  PID:4768
- C:\Windows\System\FWMrlMr.exe
  C:\Windows\System\FWMrlMr.exe
  2⤵
  PID:4788
- C:\Windows\System\PTzGPyC.exe
  C:\Windows\System\PTzGPyC.exe
  2⤵
  PID:4808
- C:\Windows\System\STYvNcc.exe
  C:\Windows\System\STYvNcc.exe
  2⤵
  PID:4828
- C:\Windows\System\uHPztHQ.exe
  C:\Windows\System\uHPztHQ.exe
  2⤵
  PID:4848
- C:\Windows\System\VAADLVd.exe
  C:\Windows\System\VAADLVd.exe
  2⤵
  PID:4876
- C:\Windows\System\itDyjAg.exe
  C:\Windows\System\itDyjAg.exe
  2⤵
  PID:4896
- C:\Windows\System\hUraVKo.exe
  C:\Windows\System\hUraVKo.exe
  2⤵
  PID:4920
- C:\Windows\System\ZBaUpCj.exe
  C:\Windows\System\ZBaUpCj.exe
  2⤵
  PID:4940
- C:\Windows\System\LhVHmwR.exe
  C:\Windows\System\LhVHmwR.exe
  2⤵
  PID:4960
- C:\Windows\System\yfEqqPn.exe
  C:\Windows\System\yfEqqPn.exe
  2⤵
  PID:4980
- C:\Windows\System\BMlJPdV.exe
  C:\Windows\System\BMlJPdV.exe
  2⤵
  PID:5000
- C:\Windows\System\NcFbCtz.exe
  C:\Windows\System\NcFbCtz.exe
  2⤵
  PID:5020
- C:\Windows\System\caZXeRA.exe
  C:\Windows\System\caZXeRA.exe
  2⤵
  PID:5040
- C:\Windows\System\wIJjpnD.exe
  C:\Windows\System\wIJjpnD.exe
  2⤵
  PID:5060
- C:\Windows\System\xbudKvT.exe
  C:\Windows\System\xbudKvT.exe
  2⤵
  PID:5080
- C:\Windows\System\FLIfwQK.exe
  C:\Windows\System\FLIfwQK.exe
  2⤵
  PID:5100
- C:\Windows\System\RxMgIJH.exe
  C:\Windows\System\RxMgIJH.exe
  2⤵
  PID:2160
- C:\Windows\System\tVnTeiB.exe
  C:\Windows\System\tVnTeiB.exe
  2⤵
  PID:3772
- C:\Windows\System\WmcUycT.exe
  C:\Windows\System\WmcUycT.exe
  2⤵
  PID:3936
- C:\Windows\System\vYbOzEO.exe
  C:\Windows\System\vYbOzEO.exe
  2⤵
  PID:2140
- C:\Windows\System\vCziBhm.exe
  C:\Windows\System\vCziBhm.exe
  2⤵
  PID:4108
- C:\Windows\System\aYZHRez.exe
  C:\Windows\System\aYZHRez.exe
  2⤵
  PID:4136
- C:\Windows\System\XXfqxMm.exe
  C:\Windows\System\XXfqxMm.exe
  2⤵
  PID:4168
- C:\Windows\System\spFmoMl.exe
  C:\Windows\System\spFmoMl.exe
  2⤵
  PID:4172
- C:\Windows\System\vjuughQ.exe
  C:\Windows\System\vjuughQ.exe
  2⤵
  PID:4236
- C:\Windows\System\kwWDwyd.exe
  C:\Windows\System\kwWDwyd.exe
  2⤵
  PID:4252
- C:\Windows\System\weNXrhe.exe
  C:\Windows\System\weNXrhe.exe
  2⤵
  PID:4296
- C:\Windows\System\kumRMCf.exe
  C:\Windows\System\kumRMCf.exe
  2⤵
  PID:4356
- C:\Windows\System\owievLy.exe
  C:\Windows\System\owievLy.exe
  2⤵
  PID:4332
- C:\Windows\System\vIFEkBc.exe
  C:\Windows\System\vIFEkBc.exe
  2⤵
  PID:4376
- C:\Windows\System\wTvtSiX.exe
  C:\Windows\System\wTvtSiX.exe
  2⤵
  PID:4432
- C:\Windows\System\NtvDbEl.exe
  C:\Windows\System\NtvDbEl.exe
  2⤵
  PID:4472
- C:\Windows\System\gFgufHt.exe
  C:\Windows\System\gFgufHt.exe
  2⤵
  PID:4492
- C:\Windows\System\qfYLDHI.exe
  C:\Windows\System\qfYLDHI.exe
  2⤵
  PID:4516
- C:\Windows\System\ECFPChh.exe
  C:\Windows\System\ECFPChh.exe
  2⤵
  PID:4560
- C:\Windows\System\qDjUwef.exe
  C:\Windows\System\qDjUwef.exe
  2⤵
  PID:4596
- C:\Windows\System\QMaxxMM.exe
  C:\Windows\System\QMaxxMM.exe
  2⤵
  PID:4616
- C:\Windows\System\jJOYnFD.exe
  C:\Windows\System\jJOYnFD.exe
  2⤵
  PID:4656
- C:\Windows\System\OPGaNan.exe
  C:\Windows\System\OPGaNan.exe
  2⤵
  PID:4696
- C:\Windows\System\VjOslaW.exe
  C:\Windows\System\VjOslaW.exe
  2⤵
  PID:4700
- C:\Windows\System\qwkjzHs.exe
  C:\Windows\System\qwkjzHs.exe
  2⤵
  PID:4744
- C:\Windows\System\qhAGSyI.exe
  C:\Windows\System\qhAGSyI.exe
  2⤵
  PID:4784
- C:\Windows\System\nyGUXxK.exe
  C:\Windows\System\nyGUXxK.exe
  2⤵
  PID:4820
- C:\Windows\System\muSZKnJ.exe
  C:\Windows\System\muSZKnJ.exe
  2⤵
  PID:4872
- C:\Windows\System\iFimRFF.exe
  C:\Windows\System\iFimRFF.exe
  2⤵
  PID:2212
- C:\Windows\System\PDrXuIX.exe
  C:\Windows\System\PDrXuIX.exe
  2⤵
  PID:4928
- C:\Windows\System\WdHlUxL.exe
  C:\Windows\System\WdHlUxL.exe
  2⤵
  PID:4948
- C:\Windows\System\xQusheN.exe
  C:\Windows\System\xQusheN.exe
  2⤵
  PID:4972
- C:\Windows\System\sGRKKQg.exe
  C:\Windows\System\sGRKKQg.exe
  2⤵
  PID:5016
- C:\Windows\System\qrotQwZ.exe
  C:\Windows\System\qrotQwZ.exe
  2⤵
  PID:5028
- C:\Windows\System\NiIifQg.exe
  C:\Windows\System\NiIifQg.exe
  2⤵
  PID:5096
- C:\Windows\System\LOzjtIu.exe
  C:\Windows\System\LOzjtIu.exe
  2⤵
  PID:2884
- C:\Windows\System\KGgHWiF.exe
  C:\Windows\System\KGgHWiF.exe
  2⤵
  PID:5112
- C:\Windows\System\tEsJSlr.exe
  C:\Windows\System\tEsJSlr.exe
  2⤵
  PID:3860
- C:\Windows\System\VSJJFbl.exe
  C:\Windows\System\VSJJFbl.exe
  2⤵
  PID:4196
- C:\Windows\System\ibyIBbV.exe
  C:\Windows\System\ibyIBbV.exe
  2⤵
  PID:4132
- C:\Windows\System\aSKDdnd.exe
  C:\Windows\System\aSKDdnd.exe
  2⤵
  PID:4256
- C:\Windows\System\pxGtguf.exe
  C:\Windows\System\pxGtguf.exe
  2⤵
  PID:4348
- C:\Windows\System\iRqsVkN.exe
  C:\Windows\System\iRqsVkN.exe
  2⤵
  PID:4392
- C:\Windows\System\RXVukBg.exe
  C:\Windows\System\RXVukBg.exe
  2⤵
  PID:4336
- C:\Windows\System\ffIHGpl.exe
  C:\Windows\System\ffIHGpl.exe
  2⤵
  PID:4408
- C:\Windows\System\lNbffHp.exe
  C:\Windows\System\lNbffHp.exe
  2⤵
  PID:1452
- C:\Windows\System\enEesao.exe
  C:\Windows\System\enEesao.exe
  2⤵
  PID:4600
- C:\Windows\System\KLldYtl.exe
  C:\Windows\System\KLldYtl.exe
  2⤵
  PID:4540
- C:\Windows\System\zYaOoJg.exe
  C:\Windows\System\zYaOoJg.exe
  2⤵
  PID:4640
- C:\Windows\System\FIDLrnA.exe
  C:\Windows\System\FIDLrnA.exe
  2⤵
  PID:4720
- C:\Windows\System\GYkPoQb.exe
  C:\Windows\System\GYkPoQb.exe
  2⤵
  PID:4804
- C:\Windows\System\ofSbcCk.exe
  C:\Windows\System\ofSbcCk.exe
  2⤵
  PID:4760
- C:\Windows\System\GEAsdSy.exe
  C:\Windows\System\GEAsdSy.exe
  2⤵
  PID:4912
- C:\Windows\System\rWBwTHS.exe
  C:\Windows\System\rWBwTHS.exe
  2⤵
  PID:4888
- C:\Windows\System\IIQCdpv.exe
  C:\Windows\System\IIQCdpv.exe
  2⤵
  PID:4936
- C:\Windows\System\whmbKmy.exe
  C:\Windows\System\whmbKmy.exe
  2⤵
  PID:4996
- C:\Windows\System\RmJoPGe.exe
  C:\Windows\System\RmJoPGe.exe
  2⤵
  PID:5068
- C:\Windows\System\MpZOTAP.exe
  C:\Windows\System\MpZOTAP.exe
  2⤵
  PID:4024
- C:\Windows\System\pKdIOgs.exe
  C:\Windows\System\pKdIOgs.exe
  2⤵
  PID:2108
- C:\Windows\System\nDjspRE.exe
  C:\Windows\System\nDjspRE.exe
  2⤵
  PID:3308
- C:\Windows\System\OHzoAMw.exe
  C:\Windows\System\OHzoAMw.exe
  2⤵
  PID:4112
- C:\Windows\System\ZPuyQAS.exe
  C:\Windows\System\ZPuyQAS.exe
  2⤵
  PID:4116
- C:\Windows\System\SitMrPl.exe
  C:\Windows\System\SitMrPl.exe
  2⤵
  PID:4288
- C:\Windows\System\CKjFuGx.exe
  C:\Windows\System\CKjFuGx.exe
  2⤵
  PID:4388
- C:\Windows\System\upDrElk.exe
  C:\Windows\System\upDrElk.exe
  2⤵
  PID:4412
- C:\Windows\System\RQSMzKJ.exe
  C:\Windows\System\RQSMzKJ.exe
  2⤵
  PID:4644
- C:\Windows\System\ambljgT.exe
  C:\Windows\System\ambljgT.exe
  2⤵
  PID:4572
- C:\Windows\System\hfoesSb.exe
  C:\Windows\System\hfoesSb.exe
  2⤵
  PID:4676
- C:\Windows\System\mMDGjZW.exe
  C:\Windows\System\mMDGjZW.exe
  2⤵
  PID:4660
- C:\Windows\System\RYEcqAt.exe
  C:\Windows\System\RYEcqAt.exe
  2⤵
  PID:4664
- C:\Windows\System\MRcZmrL.exe
  C:\Windows\System\MRcZmrL.exe
  2⤵
  PID:4836
- C:\Windows\System\YTQAAnO.exe
  C:\Windows\System\YTQAAnO.exe
  2⤵
  PID:4908
- C:\Windows\System\nieteJc.exe
  C:\Windows\System\nieteJc.exe
  2⤵
  PID:2280
- C:\Windows\System\VeMcWvZ.exe
  C:\Windows\System\VeMcWvZ.exe
  2⤵
  PID:5076
- C:\Windows\System\OIcPxYj.exe
  C:\Windows\System\OIcPxYj.exe
  2⤵
  PID:2448
- C:\Windows\System\NIBlABw.exe
  C:\Windows\System\NIBlABw.exe
  2⤵
  PID:1756
- C:\Windows\System\eyQzUdp.exe
  C:\Windows\System\eyQzUdp.exe
  2⤵
  PID:1932
- C:\Windows\System\crMvuhY.exe
  C:\Windows\System\crMvuhY.exe
  2⤵
  PID:552
- C:\Windows\System\cRQhJaB.exe
  C:\Windows\System\cRQhJaB.exe
  2⤵
  PID:3176
- C:\Windows\System\uBXTnTM.exe
  C:\Windows\System\uBXTnTM.exe
  2⤵
  PID:1376
- C:\Windows\System\LVTewPd.exe
  C:\Windows\System\LVTewPd.exe
  2⤵
  PID:4248
- C:\Windows\System\FuZyWcp.exe
  C:\Windows\System\FuZyWcp.exe
  2⤵
  PID:2040
- C:\Windows\System\HsdixeI.exe
  C:\Windows\System\HsdixeI.exe
  2⤵
  PID:4448
- C:\Windows\System\DAEyyam.exe
  C:\Windows\System\DAEyyam.exe
  2⤵
  PID:2684
- C:\Windows\System\CXsLxJs.exe
  C:\Windows\System\CXsLxJs.exe
  2⤵
  PID:2076
- C:\Windows\System\UFJmIcr.exe
  C:\Windows\System\UFJmIcr.exe
  2⤵
  PID:2964
- C:\Windows\System\zqogVhB.exe
  C:\Windows\System\zqogVhB.exe
  2⤵
  PID:2612
- C:\Windows\System\olSimFF.exe
  C:\Windows\System\olSimFF.exe
  2⤵
  PID:2876
- C:\Windows\System\aOwDcHw.exe
  C:\Windows\System\aOwDcHw.exe
  2⤵
  PID:4988
- C:\Windows\System\ophOLKV.exe
  C:\Windows\System\ophOLKV.exe
  2⤵
  PID:2820
- C:\Windows\System\AxmYPXf.exe
  C:\Windows\System\AxmYPXf.exe
  2⤵
  PID:916
- C:\Windows\System\ckNTSDv.exe
  C:\Windows\System\ckNTSDv.exe
  2⤵
  PID:4396
- C:\Windows\System\jTkXwjy.exe
  C:\Windows\System\jTkXwjy.exe
  2⤵
  PID:4480
- C:\Windows\System\qfPRhqZ.exe
  C:\Windows\System\qfPRhqZ.exe
  2⤵
  PID:3720
- C:\Windows\System\rRvQjEu.exe
  C:\Windows\System\rRvQjEu.exe
  2⤵
  PID:4328
- C:\Windows\System\nSLQNUf.exe
  C:\Windows\System\nSLQNUf.exe
  2⤵
  PID:4536
- C:\Windows\System\ntuNYrc.exe
  C:\Windows\System\ntuNYrc.exe
  2⤵
  PID:4452
- C:\Windows\System\zJOMjMc.exe
  C:\Windows\System\zJOMjMc.exe
  2⤵
  PID:4776
- C:\Windows\System\UrKtgVI.exe
  C:\Windows\System\UrKtgVI.exe
  2⤵
  PID:4892
- C:\Windows\System\nnrBeov.exe
  C:\Windows\System\nnrBeov.exe
  2⤵
  PID:5048
- C:\Windows\System\iYKdjSY.exe
  C:\Windows\System\iYKdjSY.exe
  2⤵
  PID:4192
- C:\Windows\System\KKkbpLb.exe
  C:\Windows\System\KKkbpLb.exe
  2⤵
  PID:5140
- C:\Windows\System\nAMKIOt.exe
  C:\Windows\System\nAMKIOt.exe
  2⤵
  PID:5160
- C:\Windows\System\eTlBmoD.exe
  C:\Windows\System\eTlBmoD.exe
  2⤵
  PID:5184
- C:\Windows\System\RNqdzAN.exe
  C:\Windows\System\RNqdzAN.exe
  2⤵
  PID:5200
- C:\Windows\System\ygoBySU.exe
  C:\Windows\System\ygoBySU.exe
  2⤵
  PID:5216
- C:\Windows\System\EEHddXh.exe
  C:\Windows\System\EEHddXh.exe
  2⤵
  PID:5236
- C:\Windows\System\ATaHpHq.exe
  C:\Windows\System\ATaHpHq.exe
  2⤵
  PID:5256
- C:\Windows\System\taNAsBp.exe
  C:\Windows\System\taNAsBp.exe
  2⤵
  PID:5272
- C:\Windows\System\ZcxpJUF.exe
  C:\Windows\System\ZcxpJUF.exe
  2⤵
  PID:5288
- C:\Windows\System\BzVSYoT.exe
  C:\Windows\System\BzVSYoT.exe
  2⤵
  PID:5304
- C:\Windows\System\AWvXXNb.exe
  C:\Windows\System\AWvXXNb.exe
  2⤵
  PID:5324
- C:\Windows\System\nyyCOUy.exe
  C:\Windows\System\nyyCOUy.exe
  2⤵
  PID:5344
- C:\Windows\System\yjaIxAn.exe
  C:\Windows\System\yjaIxAn.exe
  2⤵
  PID:5360
- C:\Windows\System\vGrBfza.exe
  C:\Windows\System\vGrBfza.exe
  2⤵
  PID:5428
- C:\Windows\System\rhuotID.exe
  C:\Windows\System\rhuotID.exe
  2⤵
  PID:5444
- C:\Windows\System\JSREHjG.exe
  C:\Windows\System\JSREHjG.exe
  2⤵
  PID:5460
- C:\Windows\System\AAZDyiQ.exe
  C:\Windows\System\AAZDyiQ.exe
  2⤵
  PID:5496
- C:\Windows\System\bmERLoo.exe
  C:\Windows\System\bmERLoo.exe
  2⤵
  PID:5512
- C:\Windows\System\TMqdEbv.exe
  C:\Windows\System\TMqdEbv.exe
  2⤵
  PID:5528
- C:\Windows\System\vkQGPPX.exe
  C:\Windows\System\vkQGPPX.exe
  2⤵
  PID:5544
- C:\Windows\System\GDOxUmG.exe
  C:\Windows\System\GDOxUmG.exe
  2⤵
  PID:5568
- C:\Windows\System\PkOpvaf.exe
  C:\Windows\System\PkOpvaf.exe
  2⤵
  PID:5588
- C:\Windows\System\iLLyqwk.exe
  C:\Windows\System\iLLyqwk.exe
  2⤵
  PID:5604
- C:\Windows\System\faimANv.exe
  C:\Windows\System\faimANv.exe
  2⤵
  PID:5628
- C:\Windows\System\bUubzLh.exe
  C:\Windows\System\bUubzLh.exe
  2⤵
  PID:5644
- C:\Windows\System\avpPqAm.exe
  C:\Windows\System\avpPqAm.exe
  2⤵
  PID:5672
- C:\Windows\System\KQmzwgy.exe
  C:\Windows\System\KQmzwgy.exe
  2⤵
  PID:5688
- C:\Windows\System\BphjkXK.exe
  C:\Windows\System\BphjkXK.exe
  2⤵
  PID:5704
- C:\Windows\System\IOGRZbr.exe
  C:\Windows\System\IOGRZbr.exe
  2⤵
  PID:5720
- C:\Windows\System\obgTwrn.exe
  C:\Windows\System\obgTwrn.exe
  2⤵
  PID:5736
- C:\Windows\System\NALolsj.exe
  C:\Windows\System\NALolsj.exe
  2⤵
  PID:5764
- C:\Windows\System\jxkaqeA.exe
  C:\Windows\System\jxkaqeA.exe
  2⤵
  PID:5784
- C:\Windows\System\qHmfXFz.exe
  C:\Windows\System\qHmfXFz.exe
  2⤵
  PID:5800
- C:\Windows\System\piJcEFz.exe
  C:\Windows\System\piJcEFz.exe
  2⤵
  PID:5836
- C:\Windows\System\sLgZVyw.exe
  C:\Windows\System\sLgZVyw.exe
  2⤵
  PID:5856
- C:\Windows\System\QFFaTjk.exe
  C:\Windows\System\QFFaTjk.exe
  2⤵
  PID:5872
- C:\Windows\System\OjOhJhg.exe
  C:\Windows\System\OjOhJhg.exe
  2⤵
  PID:5888
- C:\Windows\System\MuNeKmZ.exe
  C:\Windows\System\MuNeKmZ.exe
  2⤵
  PID:5904
- C:\Windows\System\ginnzyw.exe
  C:\Windows\System\ginnzyw.exe
  2⤵
  PID:5924
- C:\Windows\System\knJrirF.exe
  C:\Windows\System\knJrirF.exe
  2⤵
  PID:5940
- C:\Windows\System\TyCYwIY.exe
  C:\Windows\System\TyCYwIY.exe
  2⤵
  PID:5956
- C:\Windows\System\LuQNdYi.exe
  C:\Windows\System\LuQNdYi.exe
  2⤵
  PID:5972
- C:\Windows\System\GfUbYXp.exe
  C:\Windows\System\GfUbYXp.exe
  2⤵
  PID:5988
- C:\Windows\System\vGgXfJQ.exe
  C:\Windows\System\vGgXfJQ.exe
  2⤵
  PID:6008
- C:\Windows\System\ExOlPuU.exe
  C:\Windows\System\ExOlPuU.exe
  2⤵
  PID:6032
- C:\Windows\System\PGGvCvL.exe
  C:\Windows\System\PGGvCvL.exe
  2⤵
  PID:6048
- C:\Windows\System\sCwiMBm.exe
  C:\Windows\System\sCwiMBm.exe
  2⤵
  PID:6064
- C:\Windows\System\LJbWnCT.exe
  C:\Windows\System\LJbWnCT.exe
  2⤵
  PID:6116
- C:\Windows\System\HEVWAVb.exe
  C:\Windows\System\HEVWAVb.exe
  2⤵
  PID:6136
- C:\Windows\System\XYDZNdw.exe
  C:\Windows\System\XYDZNdw.exe
  2⤵
  PID:2092
- C:\Windows\System\vxSgtFf.exe
  C:\Windows\System\vxSgtFf.exe
  2⤵
  PID:2708
- C:\Windows\System\AgdUohV.exe
  C:\Windows\System\AgdUohV.exe
  2⤵
  PID:1740
- C:\Windows\System\CfCFFGZ.exe
  C:\Windows\System\CfCFFGZ.exe
  2⤵
  PID:5124
- C:\Windows\System\iZxuKAd.exe
  C:\Windows\System\iZxuKAd.exe
  2⤵
  PID:1760
- C:\Windows\System\pquWZti.exe
  C:\Windows\System\pquWZti.exe
  2⤵
  PID:5132
- C:\Windows\System\grvRQqG.exe
  C:\Windows\System\grvRQqG.exe
  2⤵
  PID:5176
- C:\Windows\System\HrxRWDg.exe
  C:\Windows\System\HrxRWDg.exe
  2⤵
  PID:5244
- C:\Windows\System\OUCHqPI.exe
  C:\Windows\System\OUCHqPI.exe
  2⤵
  PID:5284
- C:\Windows\System\RPsofzn.exe
  C:\Windows\System\RPsofzn.exe
  2⤵
  PID:5356
- C:\Windows\System\yvpmpEz.exe
  C:\Windows\System\yvpmpEz.exe
  2⤵
  PID:5296
- C:\Windows\System\jubWLpV.exe
  C:\Windows\System\jubWLpV.exe
  2⤵
  PID:5336
- C:\Windows\System\YEamZpk.exe
  C:\Windows\System\YEamZpk.exe
  2⤵
  PID:5264
- C:\Windows\System\JrZRyGc.exe
  C:\Windows\System\JrZRyGc.exe
  2⤵
  PID:5472
- C:\Windows\System\RshDQDp.exe
  C:\Windows\System\RshDQDp.exe
  2⤵
  PID:5412
- C:\Windows\System\vMGHrPX.exe
  C:\Windows\System\vMGHrPX.exe
  2⤵
  PID:5488
- C:\Windows\System\BczjVlf.exe
  C:\Windows\System\BczjVlf.exe
  2⤵
  PID:5452
- C:\Windows\System\FgQKfmS.exe
  C:\Windows\System\FgQKfmS.exe
  2⤵
  PID:5552
- C:\Windows\System\EAIBzsV.exe
  C:\Windows\System\EAIBzsV.exe
  2⤵
  PID:5600
- C:\Windows\System\iKSmCyk.exe
  C:\Windows\System\iKSmCyk.exe
  2⤵
  PID:5508
- C:\Windows\System\vFJIksE.exe
  C:\Windows\System\vFJIksE.exe
  2⤵
  PID:5620
- C:\Windows\System\jnNNCEx.exe
  C:\Windows\System\jnNNCEx.exe
  2⤵
  PID:5536
- C:\Windows\System\GArcLCm.exe
  C:\Windows\System\GArcLCm.exe
  2⤵
  PID:5716
- C:\Windows\System\ygOxiAZ.exe
  C:\Windows\System\ygOxiAZ.exe
  2⤵
  PID:5664
- C:\Windows\System\IdutIsl.exe
  C:\Windows\System\IdutIsl.exe
  2⤵
  PID:5732
- C:\Windows\System\aIehutL.exe
  C:\Windows\System\aIehutL.exe
  2⤵
  PID:5780
- C:\Windows\System\klxkHGs.exe
  C:\Windows\System\klxkHGs.exe
  2⤵
  PID:5792
- C:\Windows\System\fpNAAmJ.exe
  C:\Windows\System\fpNAAmJ.exe
  2⤵
  PID:5828
- C:\Windows\System\BEEQYRB.exe
  C:\Windows\System\BEEQYRB.exe
  2⤵
  PID:5880
- C:\Windows\System\frJeGsD.exe
  C:\Windows\System\frJeGsD.exe
  2⤵
  PID:5896
- C:\Windows\System\MDtcrNf.exe
  C:\Windows\System\MDtcrNf.exe
  2⤵
  PID:6028
- C:\Windows\System\Henobmm.exe
  C:\Windows\System\Henobmm.exe
  2⤵
  PID:5936
- C:\Windows\System\oTpAmUf.exe
  C:\Windows\System\oTpAmUf.exe
  2⤵
  PID:6084
- C:\Windows\System\sRaLChq.exe
  C:\Windows\System\sRaLChq.exe
  2⤵
  PID:6004
- C:\Windows\System\nCEquOk.exe
  C:\Windows\System\nCEquOk.exe
  2⤵
  PID:6092
- C:\Windows\System\LynFLpL.exe
  C:\Windows\System\LynFLpL.exe
  2⤵
  PID:6108
- C:\Windows\System\Zaafjyf.exe
  C:\Windows\System\Zaafjyf.exe
  2⤵
  PID:6128
- C:\Windows\System\HsBuqld.exe
  C:\Windows\System\HsBuqld.exe
  2⤵
  PID:4704
- C:\Windows\System\rDdbESI.exe
  C:\Windows\System\rDdbESI.exe
  2⤵
  PID:4952
- C:\Windows\System\yRrRYtY.exe
  C:\Windows\System\yRrRYtY.exe
  2⤵
  PID:5128
- C:\Windows\System\NHsaWSp.exe
  C:\Windows\System\NHsaWSp.exe
  2⤵
  PID:5332
- C:\Windows\System\NlVEMQl.exe
  C:\Windows\System\NlVEMQl.exe
  2⤵
  PID:5352
- C:\Windows\System\KHxIfrk.exe
  C:\Windows\System\KHxIfrk.exe
  2⤵
  PID:5380
- C:\Windows\System\uiBlcIv.exe
  C:\Windows\System\uiBlcIv.exe
  2⤵
  PID:5168
- C:\Windows\System\aErbZcj.exe
  C:\Windows\System\aErbZcj.exe
  2⤵
  PID:5400
- C:\Windows\System\dJkGQwY.exe
  C:\Windows\System\dJkGQwY.exe
  2⤵
  PID:5504
- C:\Windows\System\oNImiHk.exe
  C:\Windows\System\oNImiHk.exe
  2⤵
  PID:5424
- C:\Windows\System\AEBLbQx.exe
  C:\Windows\System\AEBLbQx.exe
  2⤵
  PID:5820
- C:\Windows\System\kuerYZw.exe
  C:\Windows\System\kuerYZw.exe
  2⤵
  PID:5852
- C:\Windows\System\qivKkeV.exe
  C:\Windows\System\qivKkeV.exe
  2⤵
  PID:5952
- C:\Windows\System\GUKIXNs.exe
  C:\Windows\System\GUKIXNs.exe
  2⤵
  PID:5612
- C:\Windows\System\peolFUE.exe
  C:\Windows\System\peolFUE.exe
  2⤵
  PID:5700
- C:\Windows\System\gxJdCPG.exe
  C:\Windows\System\gxJdCPG.exe
  2⤵
  PID:5984
- C:\Windows\System\YtTmpOh.exe
  C:\Windows\System\YtTmpOh.exe
  2⤵
  PID:5808
- C:\Windows\System\EevrOuU.exe
  C:\Windows\System\EevrOuU.exe
  2⤵
  PID:5912
- C:\Windows\System\ayCnUJs.exe
  C:\Windows\System\ayCnUJs.exe
  2⤵
  PID:6072
- C:\Windows\System\FmFculQ.exe
  C:\Windows\System\FmFculQ.exe
  2⤵
  PID:6076
- C:\Windows\System\VoRbKfF.exe
  C:\Windows\System\VoRbKfF.exe
  2⤵
  PID:5152
- C:\Windows\System\ljYmurs.exe
  C:\Windows\System\ljYmurs.exe
  2⤵
  PID:836
- C:\Windows\System\KWXnExc.exe
  C:\Windows\System\KWXnExc.exe
  2⤵
  PID:5932
- C:\Windows\System\sIydfRq.exe
  C:\Windows\System\sIydfRq.exe
  2⤵
  PID:5072
- C:\Windows\System\zcCYEvS.exe
  C:\Windows\System\zcCYEvS.exe
  2⤵
  PID:5056
- C:\Windows\System\IxFzdpz.exe
  C:\Windows\System\IxFzdpz.exe
  2⤵
  PID:5232
- C:\Windows\System\KlUsUtL.exe
  C:\Windows\System\KlUsUtL.exe
  2⤵
  PID:5484
- C:\Windows\System\usOZPqi.exe
  C:\Windows\System\usOZPqi.exe
  2⤵
  PID:5652
- C:\Windows\System\gczeQFD.exe
  C:\Windows\System\gczeQFD.exe
  2⤵
  PID:5636
- C:\Windows\System\aiNfDCr.exe
  C:\Windows\System\aiNfDCr.exe
  2⤵
  PID:5712
- C:\Windows\System\ygHQhbL.exe
  C:\Windows\System\ygHQhbL.exe
  2⤵
  PID:5916
- C:\Windows\System\QmpxAXS.exe
  C:\Windows\System\QmpxAXS.exe
  2⤵
  PID:5224
- C:\Windows\System\CpOjHZQ.exe
  C:\Windows\System\CpOjHZQ.exe
  2⤵
  PID:5436
- C:\Windows\System\buqdYpY.exe
  C:\Windows\System\buqdYpY.exe
  2⤵
  PID:5420
- C:\Windows\System\BJauEKP.exe
  C:\Windows\System\BJauEKP.exe
  2⤵
  PID:6156
- C:\Windows\System\BtOFHHM.exe
  C:\Windows\System\BtOFHHM.exe
  2⤵
  PID:6176
- C:\Windows\System\SrdYtOp.exe
  C:\Windows\System\SrdYtOp.exe
  2⤵
  PID:6200
- C:\Windows\System\rzGUyID.exe
  C:\Windows\System\rzGUyID.exe
  2⤵
  PID:6216
- C:\Windows\System\XCEVJDJ.exe
  C:\Windows\System\XCEVJDJ.exe
  2⤵
  PID:6264
- C:\Windows\System\qJglkrU.exe
  C:\Windows\System\qJglkrU.exe
  2⤵
  PID:6284
- C:\Windows\System\kBJTdEg.exe
  C:\Windows\System\kBJTdEg.exe
  2⤵
  PID:6304
- C:\Windows\System\LjvwTpw.exe
  C:\Windows\System\LjvwTpw.exe
  2⤵
  PID:6320
- C:\Windows\System\SXbQlSw.exe
  C:\Windows\System\SXbQlSw.exe
  2⤵
  PID:6348
- C:\Windows\System\ybSEnto.exe
  C:\Windows\System\ybSEnto.exe
  2⤵
  PID:6364
- C:\Windows\System\rFzjCQc.exe
  C:\Windows\System\rFzjCQc.exe
  2⤵
  PID:6396
- C:\Windows\System\xgAafud.exe
  C:\Windows\System\xgAafud.exe
  2⤵
  PID:6416
- C:\Windows\System\RPwqmXB.exe
  C:\Windows\System\RPwqmXB.exe
  2⤵
  PID:6432
- C:\Windows\System\jKdJFkr.exe
  C:\Windows\System\jKdJFkr.exe
  2⤵
  PID:6460
- C:\Windows\System\rVNGCXv.exe
  C:\Windows\System\rVNGCXv.exe
  2⤵
  PID:6480
- C:\Windows\System\Phxwfze.exe
  C:\Windows\System\Phxwfze.exe
  2⤵
  PID:6496
- C:\Windows\System\gxtSmHR.exe
  C:\Windows\System\gxtSmHR.exe
  2⤵
  PID:6520
- C:\Windows\System\ZSyRyoY.exe
  C:\Windows\System\ZSyRyoY.exe
  2⤵
  PID:6536
- C:\Windows\System\fVlmvZa.exe
  C:\Windows\System\fVlmvZa.exe
  2⤵
  PID:6556
- C:\Windows\System\SlVUMXi.exe
  C:\Windows\System\SlVUMXi.exe
  2⤵
  PID:6572
- C:\Windows\System\OZApDVJ.exe
  C:\Windows\System\OZApDVJ.exe
  2⤵
  PID:6588
- C:\Windows\System\BPiBAFo.exe
  C:\Windows\System\BPiBAFo.exe
  2⤵
  PID:6604
- C:\Windows\System\cJyWOvD.exe
  C:\Windows\System\cJyWOvD.exe
  2⤵
  PID:6620
- C:\Windows\System\CbiTgwz.exe
  C:\Windows\System\CbiTgwz.exe
  2⤵
  PID:6640
- C:\Windows\System\nNzzYic.exe
  C:\Windows\System\nNzzYic.exe
  2⤵
  PID:6660
- C:\Windows\System\BDyuLtQ.exe
  C:\Windows\System\BDyuLtQ.exe
  2⤵
  PID:6676
- C:\Windows\System\JtzBaML.exe
  C:\Windows\System\JtzBaML.exe
  2⤵
  PID:6716
- C:\Windows\System\sxrwlAF.exe
  C:\Windows\System\sxrwlAF.exe
  2⤵
  PID:6736
- C:\Windows\System\zZIAHci.exe
  C:\Windows\System\zZIAHci.exe
  2⤵
  PID:6752
- C:\Windows\System\YawfPwa.exe
  C:\Windows\System\YawfPwa.exe
  2⤵
  PID:6768
- C:\Windows\System\VFNkWNh.exe
  C:\Windows\System\VFNkWNh.exe
  2⤵
  PID:6784
- C:\Windows\System\SXksVHH.exe
  C:\Windows\System\SXksVHH.exe
  2⤵
  PID:6800
- C:\Windows\System\mzmJZaL.exe
  C:\Windows\System\mzmJZaL.exe
  2⤵
  PID:6816
- C:\Windows\System\biUYrMO.exe
  C:\Windows\System\biUYrMO.exe
  2⤵
  PID:6832
- C:\Windows\System\kgYmhbC.exe
  C:\Windows\System\kgYmhbC.exe
  2⤵
  PID:6848
- C:\Windows\System\DArPRWO.exe
  C:\Windows\System\DArPRWO.exe
  2⤵
  PID:6872
- C:\Windows\System\nBQBYSq.exe
  C:\Windows\System\nBQBYSq.exe
  2⤵
  PID:6892
- C:\Windows\System\CPxQoAX.exe
  C:\Windows\System\CPxQoAX.exe
  2⤵
  PID:6908
- C:\Windows\System\LTTDzGd.exe
  C:\Windows\System\LTTDzGd.exe
  2⤵
  PID:6924
- C:\Windows\System\IjtOHNG.exe
  C:\Windows\System\IjtOHNG.exe
  2⤵
  PID:6940
- C:\Windows\System\glHxljL.exe
  C:\Windows\System\glHxljL.exe
  2⤵
  PID:6988
- C:\Windows\System\uMDFQVA.exe
  C:\Windows\System\uMDFQVA.exe
  2⤵
  PID:7008
- C:\Windows\System\cUKGbfX.exe
  C:\Windows\System\cUKGbfX.exe
  2⤵
  PID:7024
- C:\Windows\System\xkiVuQg.exe
  C:\Windows\System\xkiVuQg.exe
  2⤵
  PID:7044
- C:\Windows\System\EYWpyrH.exe
  C:\Windows\System\EYWpyrH.exe
  2⤵
  PID:7060
- C:\Windows\System\dkmbhzM.exe
  C:\Windows\System\dkmbhzM.exe
  2⤵
  PID:7076
- C:\Windows\System\JVwvDRB.exe
  C:\Windows\System\JVwvDRB.exe
  2⤵
  PID:7096
- C:\Windows\System\YMRvOuQ.exe
  C:\Windows\System\YMRvOuQ.exe
  2⤵
  PID:7112
- C:\Windows\System\vfYfjeE.exe
  C:\Windows\System\vfYfjeE.exe
  2⤵
  PID:7128
- C:\Windows\System\ismrRol.exe
  C:\Windows\System\ismrRol.exe
  2⤵
  PID:7144
- C:\Windows\System\jEfKlof.exe
  C:\Windows\System\jEfKlof.exe
  2⤵
  PID:7160
- C:\Windows\System\ThySMuc.exe
  C:\Windows\System\ThySMuc.exe
  2⤵
  PID:5760
- C:\Windows\System\HiVVicc.exe
  C:\Windows\System\HiVVicc.exe
  2⤵
  PID:6104
- C:\Windows\System\ubshHTi.exe
  C:\Windows\System\ubshHTi.exe
  2⤵
  PID:5480
- C:\Windows\System\vnlXnDO.exe
  C:\Windows\System\vnlXnDO.exe
  2⤵
  PID:5576
- C:\Windows\System\fwIZIwW.exe
  C:\Windows\System\fwIZIwW.exe
  2⤵
  PID:5948
- C:\Windows\System\iuJnWgs.exe
  C:\Windows\System\iuJnWgs.exe
  2⤵
  PID:5208
- C:\Windows\System\lTpmqLm.exe
  C:\Windows\System\lTpmqLm.exe
  2⤵
  PID:6240
- C:\Windows\System\MVrvhqN.exe
  C:\Windows\System\MVrvhqN.exe
  2⤵
  PID:5340
- C:\Windows\System\hqyotxI.exe
  C:\Windows\System\hqyotxI.exe
  2⤵
  PID:6328
- C:\Windows\System\iIRPxoX.exe
  C:\Windows\System\iIRPxoX.exe
  2⤵
  PID:6340
- C:\Windows\System\IsISVZg.exe
  C:\Windows\System\IsISVZg.exe
  2⤵
  PID:6316
- C:\Windows\System\QprNgwP.exe
  C:\Windows\System\QprNgwP.exe
  2⤵
  PID:6272
- C:\Windows\System\ublGycd.exe
  C:\Windows\System\ublGycd.exe
  2⤵
  PID:6380
- C:\Windows\System\fLoxMIq.exe
  C:\Windows\System\fLoxMIq.exe
  2⤵
  PID:6424
- C:\Windows\System\fBqbEMu.exe
  C:\Windows\System\fBqbEMu.exe
  2⤵
  PID:6448
- C:\Windows\System\eOqHYPR.exe
  C:\Windows\System\eOqHYPR.exe
  2⤵
  PID:6468
- C:\Windows\System\FHpoySr.exe
  C:\Windows\System\FHpoySr.exe
  2⤵
  PID:6492
- C:\Windows\System\iomfoRH.exe
  C:\Windows\System\iomfoRH.exe
  2⤵
  PID:6516
- C:\Windows\System\EMFdDps.exe
  C:\Windows\System\EMFdDps.exe
  2⤵
  PID:6568
- C:\Windows\System\wfzzXjt.exe
  C:\Windows\System\wfzzXjt.exe
  2⤵
  PID:6552
- C:\Windows\System\ZhSijPZ.exe
  C:\Windows\System\ZhSijPZ.exe
  2⤵
  PID:6684
- C:\Windows\System\eqxqxrM.exe
  C:\Windows\System\eqxqxrM.exe
  2⤵
  PID:6656
- C:\Windows\System\qsBMSZv.exe
  C:\Windows\System\qsBMSZv.exe
  2⤵
  PID:6632
- C:\Windows\System\ggjXKDv.exe
  C:\Windows\System\ggjXKDv.exe
  2⤵
  PID:6728
- C:\Windows\System\qsGJOfV.exe
  C:\Windows\System\qsGJOfV.exe
  2⤵
  PID:6796
- C:\Windows\System\XOHJshB.exe
  C:\Windows\System\XOHJshB.exe
  2⤵
  PID:6864
- C:\Windows\System\AwbTinn.exe
  C:\Windows\System\AwbTinn.exe
  2⤵
  PID:6932
- C:\Windows\System\ZHoYYNO.exe
  C:\Windows\System\ZHoYYNO.exe
  2⤵
  PID:6916
- C:\Windows\System\yUvrwBT.exe
  C:\Windows\System\yUvrwBT.exe
  2⤵
  PID:6840
- C:\Windows\System\HuGSRZt.exe
  C:\Windows\System\HuGSRZt.exe
  2⤵
  PID:7104
- C:\Windows\System\uqjclom.exe
  C:\Windows\System\uqjclom.exe
  2⤵
  PID:6088
- C:\Windows\System\CEZjAjv.exe
  C:\Windows\System\CEZjAjv.exe
  2⤵
  PID:7040
- C:\Windows\System\lJwlHKw.exe
  C:\Windows\System\lJwlHKw.exe
  2⤵
  PID:5320
- C:\Windows\System\sMsIchX.exe
  C:\Windows\System\sMsIchX.exe
  2⤵
  PID:6968
- C:\Windows\System\GaPgovL.exe
  C:\Windows\System\GaPgovL.exe
  2⤵
  PID:7016
- C:\Windows\System\bIxkREf.exe
  C:\Windows\System\bIxkREf.exe
  2⤵
  PID:7156
- C:\Windows\System\DJfbaXc.exe
  C:\Windows\System\DJfbaXc.exe
  2⤵
  PID:6196
- C:\Windows\System\QgRzlkq.exe
  C:\Windows\System\QgRzlkq.exe
  2⤵
  PID:5596
- C:\Windows\System\FdXQYHD.exe
  C:\Windows\System\FdXQYHD.exe
  2⤵
  PID:5864
- C:\Windows\System\tEfaQTu.exe
  C:\Windows\System\tEfaQTu.exe
  2⤵
  PID:6100
- C:\Windows\System\ycrrCxO.exe
  C:\Windows\System\ycrrCxO.exe
  2⤵
  PID:5640
- C:\Windows\System\OqJyXMz.exe
  C:\Windows\System\OqJyXMz.exe
  2⤵
  PID:5656
- C:\Windows\System\JxwtiKK.exe
  C:\Windows\System\JxwtiKK.exe
  2⤵
  PID:6256
- C:\Windows\System\LbjLEge.exe
  C:\Windows\System\LbjLEge.exe
  2⤵
  PID:6276
- C:\Windows\System\AerMUlw.exe
  C:\Windows\System\AerMUlw.exe
  2⤵
  PID:6388
- C:\Windows\System\QtArVlO.exe
  C:\Windows\System\QtArVlO.exe
  2⤵
  PID:6452
- C:\Windows\System\prMaqbR.exe
  C:\Windows\System\prMaqbR.exe
  2⤵
  PID:6600
- C:\Windows\System\FtDWvgB.exe
  C:\Windows\System\FtDWvgB.exe
  2⤵
  PID:6412
- C:\Windows\System\xDQkDII.exe
  C:\Windows\System\xDQkDII.exe
  2⤵
  PID:6504
- C:\Windows\System\XLAVFpP.exe
  C:\Windows\System\XLAVFpP.exe
  2⤵
  PID:6688
- C:\Windows\System\nxcXSOH.exe
  C:\Windows\System\nxcXSOH.exe
  2⤵
  PID:6764
- C:\Windows\System\hZJlNjy.exe
  C:\Windows\System\hZJlNjy.exe
  2⤵
  PID:6860
- C:\Windows\System\GUipuXC.exe
  C:\Windows\System\GUipuXC.exe
  2⤵
  PID:6780
- C:\Windows\System\UKmgDDG.exe
  C:\Windows\System\UKmgDDG.exe
  2⤵
  PID:6612
- C:\Windows\System\glAXWFB.exe
  C:\Windows\System\glAXWFB.exe
  2⤵
  PID:6812
- C:\Windows\System\oMWOTkU.exe
  C:\Windows\System\oMWOTkU.exe
  2⤵
  PID:7000
- C:\Windows\System\BtTClfh.exe
  C:\Windows\System\BtTClfh.exe
  2⤵
  PID:6920
- C:\Windows\System\apJscrn.exe
  C:\Windows\System\apJscrn.exe
  2⤵
  PID:7140
- C:\Windows\System\eshmcQt.exe
  C:\Windows\System\eshmcQt.exe
  2⤵
  PID:7092
- C:\Windows\System\LVcWHKC.exe
  C:\Windows\System\LVcWHKC.exe
  2⤵
  PID:5728
- C:\Windows\System\LovCEOL.exe
  C:\Windows\System\LovCEOL.exe
  2⤵
  PID:6192
- C:\Windows\System\cZMxqkY.exe
  C:\Windows\System\cZMxqkY.exe
  2⤵
  PID:5520
- C:\Windows\System\yRHqsSP.exe
  C:\Windows\System\yRHqsSP.exe
  2⤵
  PID:6300
- C:\Windows\System\IjMdROO.exe
  C:\Windows\System\IjMdROO.exe
  2⤵
  PID:6208
- C:\Windows\System\fEtINJE.exe
  C:\Windows\System\fEtINJE.exe
  2⤵
  PID:6252
- C:\Windows\System\vMWnSch.exe
  C:\Windows\System\vMWnSch.exe
  2⤵
  PID:6376
- C:\Windows\System\ZDkiynR.exe
  C:\Windows\System\ZDkiynR.exe
  2⤵
  PID:6668
- C:\Windows\System\AmnPmOC.exe
  C:\Windows\System\AmnPmOC.exe
  2⤵
  PID:6584
- C:\Windows\System\KuryZrn.exe
  C:\Windows\System\KuryZrn.exe
  2⤵
  PID:6700
- C:\Windows\System\UolEMlI.exe
  C:\Windows\System\UolEMlI.exe
  2⤵
  PID:6880
- C:\Windows\System\uItFKBp.exe
  C:\Windows\System\uItFKBp.exe
  2⤵
  PID:7036
- C:\Windows\System\UtMAbjO.exe
  C:\Windows\System\UtMAbjO.exe
  2⤵
  PID:5280
- C:\Windows\System\KZCeWjh.exe
  C:\Windows\System\KZCeWjh.exe
  2⤵
  PID:6172
- C:\Windows\System\YiSpCOl.exe
  C:\Windows\System\YiSpCOl.exe
  2⤵
  PID:6532
- C:\Windows\System\VqlUtid.exe
  C:\Windows\System\VqlUtid.exe
  2⤵
  PID:6248
- C:\Windows\System\zRalEiG.exe
  C:\Windows\System\zRalEiG.exe
  2⤵
  PID:6976
- C:\Windows\System\YosqhJP.exe
  C:\Windows\System\YosqhJP.exe
  2⤵
  PID:6776
- C:\Windows\System\LNRVLcZ.exe
  C:\Windows\System\LNRVLcZ.exe
  2⤵
  PID:7136
- C:\Windows\System\ILOkfhH.exe
  C:\Windows\System\ILOkfhH.exe
  2⤵
  PID:6472
- C:\Windows\System\hXXdxXL.exe
  C:\Windows\System\hXXdxXL.exe
  2⤵
  PID:6652
- C:\Windows\System\gkfmcED.exe
  C:\Windows\System\gkfmcED.exe
  2⤵
  PID:6628
- C:\Windows\System\kFrUoAC.exe
  C:\Windows\System\kFrUoAC.exe
  2⤵
  PID:6228
- C:\Windows\System\bbvPRMR.exe
  C:\Windows\System\bbvPRMR.exe
  2⤵
  PID:6888
- C:\Windows\System\mVEggSv.exe
  C:\Windows\System\mVEggSv.exe
  2⤵
  PID:6980
- C:\Windows\System\FtZXoBB.exe
  C:\Windows\System\FtZXoBB.exe
  2⤵
  PID:6952
- C:\Windows\System\uKKfYnI.exe
  C:\Windows\System\uKKfYnI.exe
  2⤵
  PID:6508
- C:\Windows\System\FEUPCef.exe
  C:\Windows\System\FEUPCef.exe
  2⤵
  PID:7088
- C:\Windows\System\spKLTvZ.exe
  C:\Windows\System\spKLTvZ.exe
  2⤵
  PID:5376
- C:\Windows\System\daPBULa.exe
  C:\Windows\System\daPBULa.exe
  2⤵
  PID:7180
- C:\Windows\System\lktZjTC.exe
  C:\Windows\System\lktZjTC.exe
  2⤵
  PID:7196
- C:\Windows\System\LqYfOoH.exe
  C:\Windows\System\LqYfOoH.exe
  2⤵
  PID:7212
- C:\Windows\System\kdJjChl.exe
  C:\Windows\System\kdJjChl.exe
  2⤵
  PID:7228
- C:\Windows\System\hWpCewr.exe
  C:\Windows\System\hWpCewr.exe
  2⤵
  PID:7244
- C:\Windows\System\bbiaHpR.exe
  C:\Windows\System\bbiaHpR.exe
  2⤵
  PID:7292
- C:\Windows\System\KocSJqx.exe
  C:\Windows\System\KocSJqx.exe
  2⤵
  PID:7308
- C:\Windows\System\ddgTLtC.exe
  C:\Windows\System\ddgTLtC.exe
  2⤵
  PID:7324
- C:\Windows\System\BCZYOMK.exe
  C:\Windows\System\BCZYOMK.exe
  2⤵
  PID:7340
- C:\Windows\System\uZQUDho.exe
  C:\Windows\System\uZQUDho.exe
  2⤵
  PID:7356
- C:\Windows\System\nSOEPNj.exe
  C:\Windows\System\nSOEPNj.exe
  2⤵
  PID:7372
- C:\Windows\System\ugGcLQT.exe
  C:\Windows\System\ugGcLQT.exe
  2⤵
  PID:7388
- C:\Windows\System\vacJBnk.exe
  C:\Windows\System\vacJBnk.exe
  2⤵
  PID:7404
- C:\Windows\System\CtZoQlJ.exe
  C:\Windows\System\CtZoQlJ.exe
  2⤵
  PID:7420
- C:\Windows\System\ItdGqlU.exe
  C:\Windows\System\ItdGqlU.exe
  2⤵
  PID:7436
- C:\Windows\System\EVQuGvQ.exe
  C:\Windows\System\EVQuGvQ.exe
  2⤵
  PID:7456
- C:\Windows\System\RFGULwk.exe
  C:\Windows\System\RFGULwk.exe
  2⤵
  PID:7472
- C:\Windows\System\cqDEJky.exe
  C:\Windows\System\cqDEJky.exe
  2⤵
  PID:7488
- C:\Windows\System\OmiwcCy.exe
  C:\Windows\System\OmiwcCy.exe
  2⤵
  PID:7560
- C:\Windows\System\nqMUSBH.exe
  C:\Windows\System\nqMUSBH.exe
  2⤵
  PID:7584
- C:\Windows\System\RAyYjQc.exe
  C:\Windows\System\RAyYjQc.exe
  2⤵
  PID:7600
- C:\Windows\System\eoQyEyl.exe
  C:\Windows\System\eoQyEyl.exe
  2⤵
  PID:7620
- C:\Windows\System\VzoDVyy.exe
  C:\Windows\System\VzoDVyy.exe
  2⤵
  PID:7636
- C:\Windows\System\eefvyhX.exe
  C:\Windows\System\eefvyhX.exe
  2⤵
  PID:7652
- C:\Windows\System\NmuOzhq.exe
  C:\Windows\System\NmuOzhq.exe
  2⤵
  PID:7668
- C:\Windows\System\vzsMXEV.exe
  C:\Windows\System\vzsMXEV.exe
  2⤵
  PID:7704
- C:\Windows\System\VYuEIHs.exe
  C:\Windows\System\VYuEIHs.exe
  2⤵
  PID:7720
- C:\Windows\System\VosBCrP.exe
  C:\Windows\System\VosBCrP.exe
  2⤵
  PID:7736
- C:\Windows\System\MjnTpuh.exe
  C:\Windows\System\MjnTpuh.exe
  2⤵
  PID:7752
- C:\Windows\System\lhImoPE.exe
  C:\Windows\System\lhImoPE.exe
  2⤵
  PID:7784
- C:\Windows\System\dcpxAud.exe
  C:\Windows\System\dcpxAud.exe
  2⤵
  PID:7800
- C:\Windows\System\YXpalev.exe
  C:\Windows\System\YXpalev.exe
  2⤵
  PID:7816
- C:\Windows\System\jyqmGYR.exe
  C:\Windows\System\jyqmGYR.exe
  2⤵
  PID:7832
- C:\Windows\System\HITzHAe.exe
  C:\Windows\System\HITzHAe.exe
  2⤵
  PID:7852
- C:\Windows\System\ZxPOSBP.exe
  C:\Windows\System\ZxPOSBP.exe
  2⤵
  PID:7872
- C:\Windows\System\euuKzqP.exe
  C:\Windows\System\euuKzqP.exe
  2⤵
  PID:7896
- C:\Windows\System\KvBNXPI.exe
  C:\Windows\System\KvBNXPI.exe
  2⤵
  PID:7912
- C:\Windows\System\LrmlIKI.exe
  C:\Windows\System\LrmlIKI.exe
  2⤵
  PID:7928
- C:\Windows\System\VYQIViU.exe
  C:\Windows\System\VYQIViU.exe
  2⤵
  PID:7944
- C:\Windows\System\VgJrHks.exe
  C:\Windows\System\VgJrHks.exe
  2⤵
  PID:7972
- C:\Windows\System\sfjQNql.exe
  C:\Windows\System\sfjQNql.exe
  2⤵
  PID:7992
- C:\Windows\System\uxQcrMo.exe
  C:\Windows\System\uxQcrMo.exe
  2⤵
  PID:8008
- C:\Windows\System\ZImRppg.exe
  C:\Windows\System\ZImRppg.exe
  2⤵
  PID:8032
- C:\Windows\System\iWLqkHi.exe
  C:\Windows\System\iWLqkHi.exe
  2⤵
  PID:8048
- C:\Windows\System\EeSuzzZ.exe
  C:\Windows\System\EeSuzzZ.exe
  2⤵
  PID:8064
- C:\Windows\System\zauLhhx.exe
  C:\Windows\System\zauLhhx.exe
  2⤵
  PID:8080
- C:\Windows\System\eoodTDN.exe
  C:\Windows\System\eoodTDN.exe
  2⤵
  PID:8096
- C:\Windows\System\OMkFNxo.exe
  C:\Windows\System\OMkFNxo.exe
  2⤵
  PID:8112
- C:\Windows\System\PuQCCgr.exe
  C:\Windows\System\PuQCCgr.exe
  2⤵
  PID:8132
- C:\Windows\System\SvHbFBC.exe
  C:\Windows\System\SvHbFBC.exe
  2⤵
  PID:8148
- C:\Windows\System\khZglhX.exe
  C:\Windows\System\khZglhX.exe
  2⤵
  PID:8172
- C:\Windows\System\AGcLnbx.exe
  C:\Windows\System\AGcLnbx.exe
  2⤵
  PID:8188
- C:\Windows\System\lajSlCn.exe
  C:\Windows\System\lajSlCn.exe
  2⤵
  PID:7192
- C:\Windows\System\UscHWTQ.exe
  C:\Windows\System\UscHWTQ.exe
  2⤵
  PID:7264
- C:\Windows\System\IVSyvih.exe
  C:\Windows\System\IVSyvih.exe
  2⤵
  PID:7284
- C:\Windows\System\DSVTfZs.exe
  C:\Windows\System\DSVTfZs.exe
  2⤵
  PID:7256
- C:\Windows\System\QRGFGrj.exe
  C:\Windows\System\QRGFGrj.exe
  2⤵
  PID:7336
- C:\Windows\System\ZZltFIo.exe
  C:\Windows\System\ZZltFIo.exe
  2⤵
  PID:7432
- C:\Windows\System\gycamXt.exe
  C:\Windows\System\gycamXt.exe
  2⤵
  PID:7348
- C:\Windows\System\ghWqpzI.exe
  C:\Windows\System\ghWqpzI.exe
  2⤵
  PID:7412
- C:\Windows\System\xAEDiVG.exe
  C:\Windows\System\xAEDiVG.exe
  2⤵
  PID:7484
- C:\Windows\System\EqRRjKV.exe
  C:\Windows\System\EqRRjKV.exe
  2⤵
  PID:7536
- C:\Windows\System\bjTHQnm.exe
  C:\Windows\System\bjTHQnm.exe
  2⤵
  PID:7504
- C:\Windows\System\ASGzhbp.exe
  C:\Windows\System\ASGzhbp.exe
  2⤵
  PID:7552
- C:\Windows\System\pDpbdZC.exe
  C:\Windows\System\pDpbdZC.exe
  2⤵
  PID:7572
- C:\Windows\System\ddQTymW.exe
  C:\Windows\System\ddQTymW.exe
  2⤵
  PID:7612
- C:\Windows\System\iNDIewW.exe
  C:\Windows\System\iNDIewW.exe
  2⤵
  PID:7664
- C:\Windows\System\LcQUEYU.exe
  C:\Windows\System\LcQUEYU.exe
  2⤵
  PID:7688
- C:\Windows\System\uiHJSvd.exe
  C:\Windows\System\uiHJSvd.exe
  2⤵
  PID:7716
- C:\Windows\System\JSrNocp.exe
  C:\Windows\System\JSrNocp.exe
  2⤵
  PID:7728
- C:\Windows\System\RVJgzwH.exe
  C:\Windows\System\RVJgzwH.exe
  2⤵
  PID:7772
- C:\Windows\System\zifITHL.exe
  C:\Windows\System\zifITHL.exe
  2⤵
  PID:7812
- C:\Windows\System\PXYlvIc.exe
  C:\Windows\System\PXYlvIc.exe
  2⤵
  PID:7792
- C:\Windows\System\DqAfixa.exe
  C:\Windows\System\DqAfixa.exe
  2⤵
  PID:7892
- C:\Windows\System\qXEekNK.exe
  C:\Windows\System\qXEekNK.exe
  2⤵
  PID:7868
- C:\Windows\System\XdZZkvr.exe
  C:\Windows\System\XdZZkvr.exe
  2⤵
  PID:7864
- C:\Windows\System\nmxUuwe.exe
  C:\Windows\System\nmxUuwe.exe
  2⤵
  PID:7964
- C:\Windows\System\FRfsmgT.exe
  C:\Windows\System\FRfsmgT.exe
  2⤵
  PID:8040
- C:\Windows\System\aZOHmoD.exe
  C:\Windows\System\aZOHmoD.exe
  2⤵
  PID:8016
- C:\Windows\System\qNdPlfz.exe
  C:\Windows\System\qNdPlfz.exe
  2⤵
  PID:7988
- C:\Windows\System\dRjXDSp.exe
  C:\Windows\System\dRjXDSp.exe
  2⤵
  PID:8028
- C:\Windows\System\igQGRNs.exe
  C:\Windows\System\igQGRNs.exe
  2⤵
  PID:7188
- C:\Windows\System\ZrethEV.exe
  C:\Windows\System\ZrethEV.exe
  2⤵
  PID:7204
- C:\Windows\System\chXnXFc.exe
  C:\Windows\System\chXnXFc.exe
  2⤵
  PID:8120
- C:\Windows\System\eUVssnt.exe
  C:\Windows\System\eUVssnt.exe
  2⤵
  PID:6332
- C:\Windows\System\erKzGHg.exe
  C:\Windows\System\erKzGHg.exe
  2⤵
  PID:6512
- C:\Windows\System\FRgQBGW.exe
  C:\Windows\System\FRgQBGW.exe
  2⤵
  PID:7208
- C:\Windows\System\SNyrKXO.exe
  C:\Windows\System\SNyrKXO.exe
  2⤵
  PID:7396
- C:\Windows\System\xOHOOUQ.exe
  C:\Windows\System\xOHOOUQ.exe
  2⤵
  PID:7480
- C:\Windows\System\JikzLca.exe
  C:\Windows\System\JikzLca.exe
  2⤵
  PID:7528
- C:\Windows\System\IcieobE.exe
  C:\Windows\System\IcieobE.exe
  2⤵
  PID:7468
- C:\Windows\System\mIqzihY.exe
  C:\Windows\System\mIqzihY.exe
  2⤵
  PID:7568
- C:\Windows\System\aKkSKuh.exe
  C:\Windows\System\aKkSKuh.exe
  2⤵
  PID:7660
- C:\Windows\System\EDwktRH.exe
  C:\Windows\System\EDwktRH.exe
  2⤵
  PID:7748
- C:\Windows\System\lOfKoAL.exe
  C:\Windows\System\lOfKoAL.exe
  2⤵
  PID:7700
- C:\Windows\System\zBJRXZo.exe
  C:\Windows\System\zBJRXZo.exe
  2⤵
  PID:7884
- C:\Windows\System\NoQDbLC.exe
  C:\Windows\System\NoQDbLC.exe
  2⤵
  PID:8004
- C:\Windows\System\nqiqUpX.exe
  C:\Windows\System\nqiqUpX.exe
  2⤵
  PID:8144
- C:\Windows\System\dSjtaYZ.exe
  C:\Windows\System\dSjtaYZ.exe
  2⤵
  PID:7844
- C:\Windows\System\jzHMBNI.exe
  C:\Windows\System\jzHMBNI.exe
  2⤵
  PID:7956
- C:\Windows\System\fRQXfAP.exe
  C:\Windows\System\fRQXfAP.exe
  2⤵
  PID:7252
- C:\Windows\System\fJfykms.exe
  C:\Windows\System\fJfykms.exe
  2⤵
  PID:8020
- C:\Windows\System\cmpmDWj.exe
  C:\Windows\System\cmpmDWj.exe
  2⤵
  PID:8156
- C:\Windows\System\knfthno.exe
  C:\Windows\System\knfthno.exe
  2⤵
  PID:7280
- C:\Windows\System\avzqsaR.exe
  C:\Windows\System\avzqsaR.exe
  2⤵
  PID:7516
- C:\Windows\System\wQKxwNx.exe
  C:\Windows\System\wQKxwNx.exe
  2⤵
  PID:6964
- C:\Windows\System\fZiuOjg.exe
  C:\Windows\System\fZiuOjg.exe
  2⤵
  PID:7380
- C:\Windows\System\tnapkPv.exe
  C:\Windows\System\tnapkPv.exe
  2⤵
  PID:7628
- C:\Windows\System\ddlOGcW.exe
  C:\Windows\System\ddlOGcW.exe
  2⤵
  PID:7648
- C:\Windows\System\GlZjNEx.exe
  C:\Windows\System\GlZjNEx.exe
  2⤵
  PID:7808
- C:\Windows\System\eDLsROj.exe
  C:\Windows\System\eDLsROj.exe
  2⤵
  PID:8072
- C:\Windows\System\QhJdZoJ.exe
  C:\Windows\System\QhJdZoJ.exe
  2⤵
  PID:8160
- C:\Windows\System\uLwPajE.exe
  C:\Windows\System\uLwPajE.exe
  2⤵
  PID:7272
- C:\Windows\System\LPRBxYI.exe
  C:\Windows\System\LPRBxYI.exe
  2⤵
  PID:7452
- C:\Windows\System\zIaufjV.exe
  C:\Windows\System\zIaufjV.exe
  2⤵
  PID:7540
- C:\Windows\System\ZcoreSE.exe
  C:\Windows\System\ZcoreSE.exe
  2⤵
  PID:5980
- C:\Windows\System\pUzhvIe.exe
  C:\Windows\System\pUzhvIe.exe
  2⤵
  PID:7780
- C:\Windows\System\foFrzJI.exe
  C:\Windows\System\foFrzJI.exe
  2⤵
  PID:8140
- C:\Windows\System\LEeOkVR.exe
  C:\Windows\System\LEeOkVR.exe
  2⤵
  PID:6760
- C:\Windows\System\FFOBBrq.exe
  C:\Windows\System\FFOBBrq.exe
  2⤵
  PID:8024
- C:\Windows\System\lfsifqQ.exe
  C:\Windows\System\lfsifqQ.exe
  2⤵
  PID:6744
- C:\Windows\System\VHfibwo.exe
  C:\Windows\System\VHfibwo.exe
  2⤵
  PID:7608
- C:\Windows\System\KfnDiAS.exe
  C:\Windows\System\KfnDiAS.exe
  2⤵
  PID:7500
- C:\Windows\System\ExjvAjt.exe
  C:\Windows\System\ExjvAjt.exe
  2⤵
  PID:7908
- C:\Windows\System\jxDrVxu.exe
  C:\Windows\System\jxDrVxu.exe
  2⤵
  PID:8208
- C:\Windows\System\QkqkJnN.exe
  C:\Windows\System\QkqkJnN.exe
  2⤵
  PID:8232
- C:\Windows\System\VkjWuVH.exe
  C:\Windows\System\VkjWuVH.exe
  2⤵
  PID:8276
- C:\Windows\System\adCyEEP.exe
  C:\Windows\System\adCyEEP.exe
  2⤵
  PID:8296
- C:\Windows\System\CGGftCf.exe
  C:\Windows\System\CGGftCf.exe
  2⤵
  PID:8320
- C:\Windows\System\dQaODJE.exe
  C:\Windows\System\dQaODJE.exe
  2⤵
  PID:8344
- C:\Windows\System\PYoXcie.exe
  C:\Windows\System\PYoXcie.exe
  2⤵
  PID:8360
- C:\Windows\System\MwajAmv.exe
  C:\Windows\System\MwajAmv.exe
  2⤵
  PID:8380
- C:\Windows\System\vJCnyTN.exe
  C:\Windows\System\vJCnyTN.exe
  2⤵
  PID:8452
- C:\Windows\System\DtWphNK.exe
  C:\Windows\System\DtWphNK.exe
  2⤵
  PID:8468
- C:\Windows\System\vwvmZWb.exe
  C:\Windows\System\vwvmZWb.exe
  2⤵
  PID:8484
- C:\Windows\System\QVffcyy.exe
  C:\Windows\System\QVffcyy.exe
  2⤵
  PID:8508
- C:\Windows\System\FidHgfL.exe
  C:\Windows\System\FidHgfL.exe
  2⤵
  PID:8536
- C:\Windows\System\vVHiyPy.exe
  C:\Windows\System\vVHiyPy.exe
  2⤵
  PID:8552
- C:\Windows\System\awXpRTS.exe
  C:\Windows\System\awXpRTS.exe
  2⤵
  PID:8572
- C:\Windows\System\JqyUJQo.exe
  C:\Windows\System\JqyUJQo.exe
  2⤵
  PID:8600
- C:\Windows\System\lUSaXpG.exe
  C:\Windows\System\lUSaXpG.exe
  2⤵
  PID:8616
- C:\Windows\System\urEFEKu.exe
  C:\Windows\System\urEFEKu.exe
  2⤵
  PID:8632
- C:\Windows\System\DvYMzjd.exe
  C:\Windows\System\DvYMzjd.exe
  2⤵
  PID:8652
- C:\Windows\System\kYlDeIB.exe
  C:\Windows\System\kYlDeIB.exe
  2⤵
  PID:8688
- C:\Windows\System\DPSnCbf.exe
  C:\Windows\System\DPSnCbf.exe
  2⤵
  PID:8704
- C:\Windows\System\OVmDdLT.exe
  C:\Windows\System\OVmDdLT.exe
  2⤵
  PID:8728
- C:\Windows\System\NxYDJpZ.exe
  C:\Windows\System\NxYDJpZ.exe
  2⤵
  PID:8748
- C:\Windows\System\TNHvbnZ.exe
  C:\Windows\System\TNHvbnZ.exe
  2⤵
  PID:8764
- C:\Windows\System\NCknyvh.exe
  C:\Windows\System\NCknyvh.exe
  2⤵
  PID:8780
- C:\Windows\System\DvuJTyg.exe
  C:\Windows\System\DvuJTyg.exe
  2⤵
  PID:8804
- C:\Windows\System\smgNjXz.exe
  C:\Windows\System\smgNjXz.exe
  2⤵
  PID:8828
- C:\Windows\System\daCfINg.exe
  C:\Windows\System\daCfINg.exe
  2⤵
  PID:8844
- C:\Windows\System\XWdkthz.exe
  C:\Windows\System\XWdkthz.exe
  2⤵
  PID:8864
- C:\Windows\System\boQyMMh.exe
  C:\Windows\System\boQyMMh.exe
  2⤵
  PID:8880
- C:\Windows\System\dNryoJl.exe
  C:\Windows\System\dNryoJl.exe
  2⤵
  PID:8900
- C:\Windows\System\oEmKpmu.exe
  C:\Windows\System\oEmKpmu.exe
  2⤵
  PID:8916
- C:\Windows\System\WydscKw.exe
  C:\Windows\System\WydscKw.exe
  2⤵
  PID:8932
- C:\Windows\System\sTexMVF.exe
  C:\Windows\System\sTexMVF.exe
  2⤵
  PID:8952
- C:\Windows\System\jzMHtHz.exe
  C:\Windows\System\jzMHtHz.exe
  2⤵
  PID:8972
- C:\Windows\System\BtFQHMn.exe
  C:\Windows\System\BtFQHMn.exe
  2⤵
  PID:8988
- C:\Windows\System\RrHFzuu.exe
  C:\Windows\System\RrHFzuu.exe
  2⤵
  PID:9004
- C:\Windows\System\XXNIdnq.exe
  C:\Windows\System\XXNIdnq.exe
  2⤵
  PID:9024
- C:\Windows\System\LAVkWCP.exe
  C:\Windows\System\LAVkWCP.exe
  2⤵
  PID:9044
- C:\Windows\System\wVdQHGZ.exe
  C:\Windows\System\wVdQHGZ.exe
  2⤵
  PID:9064
- C:\Windows\System\jRaxAyk.exe
  C:\Windows\System\jRaxAyk.exe
  2⤵
  PID:9084
- C:\Windows\System\IdllEJl.exe
  C:\Windows\System\IdllEJl.exe
  2⤵
  PID:9100
- C:\Windows\System\hzKEJTw.exe
  C:\Windows\System\hzKEJTw.exe
  2⤵
  PID:9116
- C:\Windows\System\DCADlKi.exe
  C:\Windows\System\DCADlKi.exe
  2⤵
  PID:9136
- C:\Windows\System\lLVtnIZ.exe
  C:\Windows\System\lLVtnIZ.exe
  2⤵
  PID:9160
- C:\Windows\System\OuAJTrx.exe
  C:\Windows\System\OuAJTrx.exe
  2⤵
  PID:9208
- C:\Windows\System\lGZsfjA.exe
  C:\Windows\System\lGZsfjA.exe
  2⤵
  PID:8224
- C:\Windows\System\iReXUub.exe
  C:\Windows\System\iReXUub.exe
  2⤵
  PID:7680
- C:\Windows\System\pKAKaWq.exe
  C:\Windows\System\pKAKaWq.exe
  2⤵
  PID:8204
- C:\Windows\System\fJzxoNS.exe
  C:\Windows\System\fJzxoNS.exe
  2⤵
  PID:8248
- C:\Windows\System\pwXfMKs.exe
  C:\Windows\System\pwXfMKs.exe
  2⤵
  PID:8284
- C:\Windows\System\JNGByTL.exe
  C:\Windows\System\JNGByTL.exe
  2⤵
  PID:8332
- C:\Windows\System\iNWGwRS.exe
  C:\Windows\System\iNWGwRS.exe
  2⤵
  PID:8316
- C:\Windows\System\zZjCNUx.exe
  C:\Windows\System\zZjCNUx.exe
  2⤵
  PID:8372
- C:\Windows\System\AwVNJHX.exe
  C:\Windows\System\AwVNJHX.exe
  2⤵
  PID:8396
- C:\Windows\System\AyucLsX.exe
  C:\Windows\System\AyucLsX.exe
  2⤵
  PID:8460
- C:\Windows\System\AEmsNqi.exe
  C:\Windows\System\AEmsNqi.exe
  2⤵
  PID:8504
- C:\Windows\System\uRwEIVz.exe
  C:\Windows\System\uRwEIVz.exe
  2⤵
  PID:8520
- C:\Windows\System\ufXrqcM.exe
  C:\Windows\System\ufXrqcM.exe
  2⤵
  PID:8564
- C:\Windows\System\JywztlH.exe
  C:\Windows\System\JywztlH.exe
  2⤵
  PID:8588
- C:\Windows\System\XiLADrc.exe
  C:\Windows\System\XiLADrc.exe
  2⤵
  PID:8628
- C:\Windows\System\EIRfqJm.exe
  C:\Windows\System\EIRfqJm.exe
  2⤵
  PID:8664
- C:\Windows\System\ZzgOWbD.exe
  C:\Windows\System\ZzgOWbD.exe
  2⤵
  PID:8700
- C:\Windows\System\UBmwnRX.exe
  C:\Windows\System\UBmwnRX.exe
  2⤵
  PID:8736
- C:\Windows\System\txmHlhf.exe
  C:\Windows\System\txmHlhf.exe
  2⤵
  PID:8760
- C:\Windows\System\AxdKKnm.exe
  C:\Windows\System\AxdKKnm.exe
  2⤵
  PID:8800
- C:\Windows\System\RgGlKAO.exe
  C:\Windows\System\RgGlKAO.exe
  2⤵
  PID:8820
- C:\Windows\System\QaOANxP.exe
  C:\Windows\System\QaOANxP.exe
  2⤵
  PID:8888
- C:\Windows\System\EwUhYGM.exe
  C:\Windows\System\EwUhYGM.exe
  2⤵
  PID:8960
- C:\Windows\System\keJoGVQ.exe
  C:\Windows\System\keJoGVQ.exe
  2⤵
  PID:9108
- C:\Windows\System\dduoVXy.exe
  C:\Windows\System\dduoVXy.exe
  2⤵
  PID:9148
- C:\Windows\System\qcJzvHu.exe
  C:\Windows\System\qcJzvHu.exe
  2⤵
  PID:8948
- C:\Windows\System\zLAtcPD.exe
  C:\Windows\System\zLAtcPD.exe
  2⤵
  PID:8940
- C:\Windows\System\PRwWsJG.exe
  C:\Windows\System\PRwWsJG.exe
  2⤵
  PID:9020
- C:\Windows\System\QqwLMdV.exe
  C:\Windows\System\QqwLMdV.exe
  2⤵
  PID:9080
- C:\Windows\System\RObDTGv.exe
  C:\Windows\System\RObDTGv.exe
  2⤵
  PID:9128
- C:\Windows\System\RsAfExF.exe
  C:\Windows\System\RsAfExF.exe
  2⤵
  PID:9184
- C:\Windows\System\qOMogFl.exe
  C:\Windows\System\qOMogFl.exe
  2⤵
  PID:7448
- C:\Windows\System\QPgeOhi.exe
  C:\Windows\System\QPgeOhi.exe
  2⤵
  PID:8200
- C:\Windows\System\YnRAQAM.exe
  C:\Windows\System\YnRAQAM.exe
  2⤵
  PID:8268
- C:\Windows\System\rQLXyTQ.exe
  C:\Windows\System\rQLXyTQ.exe
  2⤵
  PID:8388
- C:\Windows\System\vZfLgyJ.exe
  C:\Windows\System\vZfLgyJ.exe
  2⤵
  PID:8244
- C:\Windows\System\DfdhNfV.exe
  C:\Windows\System\DfdhNfV.exe
  2⤵
  PID:8544
- C:\Windows\System\wNCqDJA.exe
  C:\Windows\System\wNCqDJA.exe
  2⤵
  PID:8528
- C:\Windows\System\xJsFUmd.exe
  C:\Windows\System\xJsFUmd.exe
  2⤵
  PID:8500
- C:\Windows\System\WMsRmZZ.exe
  C:\Windows\System\WMsRmZZ.exe
  2⤵
  PID:8596
- C:\Windows\System\mfVzoJl.exe
  C:\Windows\System\mfVzoJl.exe
  2⤵
  PID:8672
- C:\Windows\System\auiFegy.exe
  C:\Windows\System\auiFegy.exe
  2⤵
  PID:8744
- C:\Windows\System\QYQOVUX.exe
  C:\Windows\System\QYQOVUX.exe
  2⤵
  PID:8720
- C:\Windows\System\lgYKPwv.exe
  C:\Windows\System\lgYKPwv.exe
  2⤵
  PID:8724
- C:\Windows\System\yGRlSQz.exe
  C:\Windows\System\yGRlSQz.exe
  2⤵
  PID:8812
- C:\Windows\System\LvpWygc.exe
  C:\Windows\System\LvpWygc.exe
  2⤵
  PID:8792
- C:\Windows\System\OjeLfCV.exe
  C:\Windows\System\OjeLfCV.exe
  2⤵
  PID:9000
- C:\Windows\System\cUwkBVq.exe
  C:\Windows\System\cUwkBVq.exe
  2⤵
  PID:8872
- C:\Windows\System\ayfIbWK.exe
  C:\Windows\System\ayfIbWK.exe
  2⤵
  PID:8912
- C:\Windows\System\bRwTjKv.exe
  C:\Windows\System\bRwTjKv.exe
  2⤵
  PID:8908
- C:\Windows\System\VmeFGvE.exe
  C:\Windows\System\VmeFGvE.exe
  2⤵
  PID:9168
- C:\Windows\System\IDGTmQI.exe
  C:\Windows\System\IDGTmQI.exe
  2⤵
  PID:8492
- C:\Windows\System\yCyvXSl.exe
  C:\Windows\System\yCyvXSl.exe
  2⤵
  PID:8560
- C:\Windows\System\fcRzYgU.exe
  C:\Windows\System\fcRzYgU.exe
  2⤵
  PID:8288
- C:\Windows\System\NihVtzL.exe
  C:\Windows\System\NihVtzL.exe
  2⤵
  PID:8644
- C:\Windows\System\hufWkxT.exe
  C:\Windows\System\hufWkxT.exe
  2⤵
  PID:8860
- C:\Windows\System\hGFCBjJ.exe
  C:\Windows\System\hGFCBjJ.exe
  2⤵
  PID:8968
- C:\Windows\System\rAFxUBP.exe
  C:\Windows\System\rAFxUBP.exe
  2⤵
  PID:9040
- C:\Windows\System\bkFfWZD.exe
  C:\Windows\System\bkFfWZD.exe
  2⤵
  PID:8696
- C:\Windows\System\OpepPyN.exe
  C:\Windows\System\OpepPyN.exe
  2⤵
  PID:9172
- C:\Windows\System\CqAVZwX.exe
  C:\Windows\System\CqAVZwX.exe
  2⤵
  PID:9196
- C:\Windows\System\dHSgaWf.exe
  C:\Windows\System\dHSgaWf.exe
  2⤵
  PID:8228
- C:\Windows\System\tAyNUNi.exe
  C:\Windows\System\tAyNUNi.exe
  2⤵
  PID:8292
- C:\Windows\System\OzWSbJf.exe
  C:\Windows\System\OzWSbJf.exe
  2⤵
  PID:8392
- C:\Windows\System\tRpAupY.exe
  C:\Windows\System\tRpAupY.exe
  2⤵
  PID:8824
- C:\Windows\System\DvgWnTo.exe
  C:\Windows\System\DvgWnTo.exe
  2⤵
  PID:8448
- C:\Windows\System\gqvOPAL.exe
  C:\Windows\System\gqvOPAL.exe
  2⤵
  PID:8660
- C:\Windows\System\ZdHYapn.exe
  C:\Windows\System\ZdHYapn.exe
  2⤵
  PID:9096
- C:\Windows\System\fcnVVWT.exe
  C:\Windows\System\fcnVVWT.exe
  2⤵
  PID:9204
- C:\Windows\System\JnDcVnM.exe
  C:\Windows\System\JnDcVnM.exe
  2⤵
  PID:8524
- C:\Windows\System\DHafGGA.exe
  C:\Windows\System\DHafGGA.exe
  2⤵
  PID:8856
- C:\Windows\System\GaRfntI.exe
  C:\Windows\System\GaRfntI.exe
  2⤵
  PID:8896
- C:\Windows\System\RhfuCGB.exe
  C:\Windows\System\RhfuCGB.exe
  2⤵
  PID:9124
- C:\Windows\System\YZSOccP.exe
  C:\Windows\System\YZSOccP.exe
  2⤵
  PID:6808
- C:\Windows\System\aOmjlZR.exe
  C:\Windows\System\aOmjlZR.exe
  2⤵
  PID:9060
- C:\Windows\System\nCFLwMT.exe
  C:\Windows\System\nCFLwMT.exe
  2⤵
  PID:8756
- C:\Windows\System\TYLXCzR.exe
  C:\Windows\System\TYLXCzR.exe
  2⤵
  PID:8216
- C:\Windows\System\JleMbQS.exe
  C:\Windows\System\JleMbQS.exe
  2⤵
  PID:9072
- C:\Windows\System\fhNdzGd.exe
  C:\Windows\System\fhNdzGd.exe
  2⤵
  PID:9220
- C:\Windows\System\OLPXOaG.exe
  C:\Windows\System\OLPXOaG.exe
  2⤵
  PID:9240
- C:\Windows\System\xJrisZQ.exe
  C:\Windows\System\xJrisZQ.exe
  2⤵
  PID:9256
- C:\Windows\System\GWrMdWk.exe
  C:\Windows\System\GWrMdWk.exe
  2⤵
  PID:9280
- C:\Windows\System\CcCCbjT.exe
  C:\Windows\System\CcCCbjT.exe
  2⤵
  PID:9296
- C:\Windows\System\tkmEuNb.exe
  C:\Windows\System\tkmEuNb.exe
  2⤵
  PID:9312
- C:\Windows\System\NLabewQ.exe
  C:\Windows\System\NLabewQ.exe
  2⤵
  PID:9328
- C:\Windows\System\ZiaTGPK.exe
  C:\Windows\System\ZiaTGPK.exe
  2⤵
  PID:9348
- C:\Windows\System\IcpQXws.exe
  C:\Windows\System\IcpQXws.exe
  2⤵
  PID:9376
- C:\Windows\System\aXoeFGv.exe
  C:\Windows\System\aXoeFGv.exe
  2⤵
  PID:9396
- C:\Windows\System\AlkKiHG.exe
  C:\Windows\System\AlkKiHG.exe
  2⤵
  PID:9416
- C:\Windows\System\BNeVmCm.exe
  C:\Windows\System\BNeVmCm.exe
  2⤵
  PID:9432
- C:\Windows\System\GnjHLsc.exe
  C:\Windows\System\GnjHLsc.exe
  2⤵
  PID:9452
- C:\Windows\System\jJECrfb.exe
  C:\Windows\System\jJECrfb.exe
  2⤵
  PID:9468
- C:\Windows\System\MragVRG.exe
  C:\Windows\System\MragVRG.exe
  2⤵
  PID:9496
- C:\Windows\System\obGiSma.exe
  C:\Windows\System\obGiSma.exe
  2⤵
  PID:9512
- C:\Windows\System\dECkjVI.exe
  C:\Windows\System\dECkjVI.exe
  2⤵
  PID:9532
- C:\Windows\System\AuYOuje.exe
  C:\Windows\System\AuYOuje.exe
  2⤵
  PID:9548
- C:\Windows\System\KZYRNsO.exe
  C:\Windows\System\KZYRNsO.exe
  2⤵
  PID:9564
- C:\Windows\System\UOPSXzR.exe
  C:\Windows\System\UOPSXzR.exe
  2⤵
  PID:9584
- C:\Windows\System\EshlhFp.exe
  C:\Windows\System\EshlhFp.exe
  2⤵
  PID:9608
- C:\Windows\System\WjbYASc.exe
  C:\Windows\System\WjbYASc.exe
  2⤵
  PID:9624
- C:\Windows\System\vrvBoPi.exe
  C:\Windows\System\vrvBoPi.exe
  2⤵
  PID:9640
- C:\Windows\System\gRriewa.exe
  C:\Windows\System\gRriewa.exe
  2⤵
  PID:9656
- C:\Windows\System\RMjsVET.exe
  C:\Windows\System\RMjsVET.exe
  2⤵
  PID:9692
- C:\Windows\System\ZLypNgR.exe
  C:\Windows\System\ZLypNgR.exe
  2⤵
  PID:9708
- C:\Windows\System\gSLBWTq.exe
  C:\Windows\System\gSLBWTq.exe
  2⤵
  PID:9724
- C:\Windows\System\inPwlYI.exe
  C:\Windows\System\inPwlYI.exe
  2⤵
  PID:9740
- C:\Windows\System\ycYsNxq.exe
  C:\Windows\System\ycYsNxq.exe
  2⤵
  PID:9756
- C:\Windows\System\AWsfOsj.exe
  C:\Windows\System\AWsfOsj.exe
  2⤵
  PID:9772
- C:\Windows\System\DQJdyCh.exe
  C:\Windows\System\DQJdyCh.exe
  2⤵
  PID:9788
- C:\Windows\System\omtdOHt.exe
  C:\Windows\System\omtdOHt.exe
  2⤵
  PID:9812
- C:\Windows\System\aUNYMNw.exe
  C:\Windows\System\aUNYMNw.exe
  2⤵
  PID:9832
- C:\Windows\System\AiIqAvy.exe
  C:\Windows\System\AiIqAvy.exe
  2⤵
  PID:9848
- C:\Windows\System\RwuzRtP.exe
  C:\Windows\System\RwuzRtP.exe
  2⤵
  PID:9904
- C:\Windows\System\EakFYgt.exe
  C:\Windows\System\EakFYgt.exe
  2⤵
  PID:9920
- C:\Windows\System\IIUeOcj.exe
  C:\Windows\System\IIUeOcj.exe
  2⤵
  PID:9940
- C:\Windows\System\yEZOsCr.exe
  C:\Windows\System\yEZOsCr.exe
  2⤵
  PID:9964
- C:\Windows\System\DEEPXKB.exe
  C:\Windows\System\DEEPXKB.exe
  2⤵
  PID:9980
- C:\Windows\System\HhRdeIw.exe
  C:\Windows\System\HhRdeIw.exe
  2⤵
  PID:9996
- C:\Windows\System\nmprbqc.exe
  C:\Windows\System\nmprbqc.exe
  2⤵
  PID:10020
- C:\Windows\System\HQqEwcO.exe
  C:\Windows\System\HQqEwcO.exe
  2⤵
  PID:10036
- C:\Windows\System\ApzpfmT.exe
  C:\Windows\System\ApzpfmT.exe
  2⤵
  PID:10060
- C:\Windows\System\ePsgEgA.exe
  C:\Windows\System\ePsgEgA.exe
  2⤵
  PID:10080
- C:\Windows\System\BSrgSAR.exe
  C:\Windows\System\BSrgSAR.exe
  2⤵
  PID:10096
- C:\Windows\System\WNpsqOS.exe
  C:\Windows\System\WNpsqOS.exe
  2⤵
  PID:10116
- C:\Windows\System\iodFPrp.exe
  C:\Windows\System\iodFPrp.exe
  2⤵
  PID:10136
- C:\Windows\System\OiwhQnx.exe
  C:\Windows\System\OiwhQnx.exe
  2⤵
  PID:10152
- C:\Windows\System\qOwsZRD.exe
  C:\Windows\System\qOwsZRD.exe
  2⤵
  PID:10172
- C:\Windows\System\KvEdxIL.exe
  C:\Windows\System\KvEdxIL.exe
  2⤵
  PID:10192
- C:\Windows\System\CIUClCY.exe
  C:\Windows\System\CIUClCY.exe
  2⤵
  PID:10216
- C:\Windows\System\WxFnCvI.exe
  C:\Windows\System\WxFnCvI.exe
  2⤵
  PID:10232
- C:\Windows\System\ulLRhqe.exe
  C:\Windows\System\ulLRhqe.exe
  2⤵
  PID:9236
- C:\Windows\System\FGEtHUI.exe
  C:\Windows\System\FGEtHUI.exe
  2⤵
  PID:9264
- C:\Windows\System\sLOXmTn.exe
  C:\Windows\System\sLOXmTn.exe
  2⤵
  PID:9276
- C:\Windows\System\wYMDQkX.exe
  C:\Windows\System\wYMDQkX.exe
  2⤵
  PID:9364
- C:\Windows\System\xWlFfxq.exe
  C:\Windows\System\xWlFfxq.exe
  2⤵
  PID:9340
- C:\Windows\System\NiDLzOI.exe
  C:\Windows\System\NiDLzOI.exe
  2⤵
  PID:9424
- C:\Windows\System\IiCNekT.exe
  C:\Windows\System\IiCNekT.exe
  2⤵
  PID:9476
- C:\Windows\System\JIMeIHq.exe
  C:\Windows\System\JIMeIHq.exe
  2⤵
  PID:9492
- C:\Windows\System\IAiBhcS.exe
  C:\Windows\System\IAiBhcS.exe
  2⤵
  PID:9528
- C:\Windows\System\oAtXvSz.exe
  C:\Windows\System\oAtXvSz.exe
  2⤵
  PID:9600
- C:\Windows\System\srAryYU.exe
  C:\Windows\System\srAryYU.exe
  2⤵
  PID:9580
- C:\Windows\System\IMsNpsv.exe
  C:\Windows\System\IMsNpsv.exe
  2⤵
  PID:9508
- C:\Windows\System\XpVqVRy.exe
  C:\Windows\System\XpVqVRy.exe
  2⤵
  PID:9664
- C:\Windows\System\ohuOMsJ.exe
  C:\Windows\System\ohuOMsJ.exe
  2⤵
  PID:9672
- C:\Windows\System\uHMUSSJ.exe
  C:\Windows\System\uHMUSSJ.exe
  2⤵
  PID:9752
- C:\Windows\System\BkidqtG.exe
  C:\Windows\System\BkidqtG.exe
  2⤵
  PID:9860
- C:\Windows\System\OBxtJot.exe
  C:\Windows\System\OBxtJot.exe
  2⤵
  PID:9764
- C:\Windows\System\UTpZZTQ.exe
  C:\Windows\System\UTpZZTQ.exe
  2⤵
  PID:9648
- C:\Windows\System\cgqNMID.exe
  C:\Windows\System\cgqNMID.exe
  2⤵
  PID:9872
- C:\Windows\System\BxSFBSe.exe
  C:\Windows\System\BxSFBSe.exe
  2⤵
  PID:9844
- C:\Windows\System\UYQggpN.exe
  C:\Windows\System\UYQggpN.exe
  2⤵
  PID:9900
- C:\Windows\System\bWHTJIj.exe
  C:\Windows\System\bWHTJIj.exe
  2⤵
  PID:9948
- C:\Windows\System\cnLmWmL.exe
  C:\Windows\System\cnLmWmL.exe
  2⤵
  PID:9956
- C:\Windows\System\uPqhfHN.exe
  C:\Windows\System\uPqhfHN.exe
  2⤵
  PID:10012
- C:\Windows\System\IGOMniq.exe
  C:\Windows\System\IGOMniq.exe
  2⤵
  PID:10056
- C:\Windows\System\BGSbcVs.exe
  C:\Windows\System\BGSbcVs.exe
  2⤵
  PID:10124
- C:\Windows\System\bGflPZs.exe
  C:\Windows\System\bGflPZs.exe
  2⤵
  PID:10168
- C:\Windows\System\LpOcDXQ.exe
  C:\Windows\System\LpOcDXQ.exe
  2⤵
  PID:10076
- C:\Windows\System\LIlvxIH.exe
  C:\Windows\System\LIlvxIH.exe
  2⤵
  PID:10188
- C:\Windows\System\ddcIWWh.exe
  C:\Windows\System\ddcIWWh.exe
  2⤵
  PID:10212
- C:\Windows\System\dUquHDa.exe
  C:\Windows\System\dUquHDa.exe
  2⤵
  PID:9268
- C:\Windows\System\pdTJkcS.exe
  C:\Windows\System\pdTJkcS.exe
  2⤵
  PID:9252
- C:\Windows\System\PeuimgT.exe
  C:\Windows\System\PeuimgT.exe
  2⤵
  PID:9360
- C:\Windows\System\qaWFDvz.exe
  C:\Windows\System\qaWFDvz.exe
  2⤵
  PID:9404
- C:\Windows\System\ltBgspq.exe
  C:\Windows\System\ltBgspq.exe
  2⤵
  PID:9444
- C:\Windows\System\mfpJGju.exe
  C:\Windows\System\mfpJGju.exe
  2⤵
  PID:9464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AOZaFKA.exe

Filesize
6.0MB

MD5
96d042c4d5f980417720b8d43154089d

SHA1
e7dcbea9682b88d6ded1d154a6ba0ac1f905190f

SHA256
de0a022fabbbd070a1cba7f791d034952f31f286668eb17161562468e8efc0bc

SHA512
d996ccbf6a8e88831d87d2bcef00c7eb5a771bc5f5159fb9dd55e2d0211310d0580bf7cfbc412a6cf5f57e3d5136627e3d4031a3fc23f8eed97ceeaf4913a6bc

Download Submit
C:\Windows\system\COSLhHs.exe

Filesize
6.0MB

MD5
46e50d34872a74f9fc5a7fff7cae5492

SHA1
88a9e13b071eddd8ecda805ef6b76f90165b5874

SHA256
cc8d1d95535a054c2c7df02627f7f081a058607bef4e62e0f8eac8dd434a4c89

SHA512
d4fc664ef4911e7e4c71a9cc867677dd3ab2627fc56d72431498857a0544091b76c9c55c592f8aefe282641f786e146b7d68436aa7555203318fe91447ff73b8

Download Submit
C:\Windows\system\EIrVhsY.exe

Filesize
6.0MB

MD5
eb9af36860552c291df7be3fe0fc5d81

SHA1
11cf5ece2b302051c9b96f3e770e8d31d1bef1a0

SHA256
0e66eba236eb299084acb2ab88f7fb7c62e96233f776b2b3314bbd12e07c81a1

SHA512
779258619149dfdbd8bd3249eeef1e894aed9e3fb1dea35aebd2465f08cd27eb373455cf33441b467caf35f195d412e4a20e039edca16add4714e86dc66bae0d

Download Submit
C:\Windows\system\FqGgTip.exe

Filesize
6.0MB

MD5
018a9352816cf3bb0e861da165a9feb9

SHA1
f05a540ac8d589b413f8b1f2589d76152369c7c6

SHA256
62c3a133480dae1641fe292bc74c2c4a2f4fd86fb62de7ee1ac9b5f9c5f1cd00

SHA512
03550caf0ea5b8238950aa68eb5f11bd8f354ed76ee27ff7ee1ad6492cb9de04a38c5765981dcf5615d55c48b408b1224302aeb18dbf78af8b23985b2fdcdf28

Download Submit
C:\Windows\system\GHAujPY.exe

Filesize
6.0MB

MD5
326ba1449d2570fbb3cc42801ac6f914

SHA1
8b150714dc45ca40624005bfe5a5250f3f0cc409

SHA256
79112f8c0cc1a455b451b8c0df058fd024b3ef4e38917c670d96bf20f35a26c2

SHA512
c6e6e673c676c056c255335567f0e671545ec32a4e4c9ad91958bf3d1f2de5bf7bf059ba444bfa38a146935b4ae51ee4a8cd0440c7501b62cf8d23b50e828bc5

Download Submit
C:\Windows\system\HvkFheI.exe

Filesize
6.0MB

MD5
7abafabd75f33313d1e1d62a36771c48

SHA1
a43fac218f33e09ad49f4a277b2bd6127946ce49

SHA256
0c961049dd0bc474032c6eccfd5ba54aa221782c3a90065451497d0901f5117c

SHA512
c53b88b9e561e219cb3a174fd25c8659c7f5757515064f03b0ee1dc055902845deb2fe8a7e11efa2c8d58a5318aed49c4c2894fcd94331d2dfd362d8f3cfd981

Download Submit
C:\Windows\system\LpcZbtp.exe

Filesize
6.0MB

MD5
4277a12e8fa884f7d525a7b64b405552

SHA1
5492db275febee61c0f8f3cb18b4290c52e2f416

SHA256
b08f1d67fdd6fd31499a179cbdf5819cff4ba33a64d98e94d801bfd8dd3c1a85

SHA512
86909d73e6a61321b8eebf0e2fbc420eecdce4d0a28eb1c71d4a3dc1f451b81ec7fd4e5bd88e8e407a5f2ba77fafaa887cb0c7ba1674cb8e36d11928afab42f6

Download Submit
C:\Windows\system\RDsqctX.exe

Filesize
6.0MB

MD5
28acc5ae60556a30f36db75c3105c1f1

SHA1
eff9d1852c499e09faf95166aabe524a0a6be543

SHA256
ac5d4a7d88a415202d199f0570afa0c8c465cae64a58ab12362ea571a78bebc0

SHA512
edd56a7be68b2909b2f0c36cc1367e63d0e7de264641c1beeeeb949320fce8520f71f534be6c3889cff130072bdbb5815c2f728567699f2dfd1a737c7e48106b

Download Submit
C:\Windows\system\SiokdAz.exe

Filesize
6.0MB

MD5
0a61720c39008e418bec61290387a450

SHA1
12314fc17b6c098ee2d701b27bd081cd3bc36d13

SHA256
c9bd506c498777489ef7b20d1af91a98ff0493b2c22daaa43015ef9ba579e1b9

SHA512
572cb11dc43bba9f34e8712b2d7918881ae11fb4f39c15c78056d8c4ad59ce0b2a6d4a18aaaf365b679a99ec680cb4074cd0640f078031e6caa7f38198d31455

Download Submit
C:\Windows\system\UmDigVA.exe

Filesize
6.0MB

MD5
f6d446ed6fdec33cc6637c7ba74e3bb7

SHA1
7f15329e92a670a6f905ff3f8c8818b763aac893

SHA256
a478a0741aee06b736f03d7fbd3a22f992677c1eafa69f7ce71e046d611cc44f

SHA512
321564853ca6f13f6ccc875c6e44d84ddcf77ad3287ca6fefd545a37a85f142033c02c27077a1d8da7afcb23c8d69a1a6f773cca3f05a407a7f58350b91fb246

Download Submit
C:\Windows\system\VXbiZIn.exe

Filesize
6.0MB

MD5
0240b17e0806086459ec985aac5cb22e

SHA1
7ade18fd48a362c08d42a1fce9151cabacc628aa

SHA256
e8698b446b064be46073fea6d6ea2ce98a1e8adda2f109ac93b0eec92b59bbfd

SHA512
b27140b7886365f046a9743c26626c1e58bed2cb4b11a3df6565a8f59e862fbdce201596688e1fd36e4fdfc2b7a284542a83cc341c5b05b018b575f10af9d7fc

Download Submit
C:\Windows\system\XLIuDdJ.exe

Filesize
6.0MB

MD5
b91c6c3e352af991f31fdbc0d9540b5f

SHA1
bd68af83b1c520af8bf930d31aee6978b35c852d

SHA256
723d5bda3f5291c1b04d7e56b8a65d84d93e9f4cc9b652a6037291d312029050

SHA512
a788a59348200ac7dabb59d37163553390c80f8270fa678f743c16ad4520761873720e51b054619f48de15c2c14f13b61a4a3dfb301f1c74ad1c2c3bf5c6b1d4

Download Submit
C:\Windows\system\ZjxsLUU.exe

Filesize
6.0MB

MD5
a93bb67ebebfd126b5dc4d1ee66bcc2a

SHA1
6067cb032d5bddb753f9381add1d030fe4608e1c

SHA256
9e51603229c1893d86ced4c3319eafa74eb3e25d9be2890791da93c5180804e0

SHA512
4b668f28886e8b9be4489a0eabbb848b5ff5ea56c2edbadec28b59332f1035a358cbfe36fdc880ca562aea16f288c4a93b0e5125e3c23f1244c03bf0f22c7b33

Download Submit
C:\Windows\system\bKIEHiO.exe

Filesize
6.0MB

MD5
43a80a1ebe37017b5871fcd3e73e9d66

SHA1
a8ce7348548539d496441e9a9af1353c4164f280

SHA256
e05c0f054ef10c4a536b517a2a835fe40acf4ccd280d11e90ba94ff0a7b3f34f

SHA512
a87be00df9a591e62e45b0474e30ae44c7cf3a443c9945496e0e1f49a5051de680102db7aa69423aa30d88cf74e159293ed0949a92f6fc08dd8f1c61616479e6

Download Submit
C:\Windows\system\cxoDlca.exe

Filesize
6.0MB

MD5
bd39a615c790d367a5140d8e0ea1fe0e

SHA1
ebc365f0d9239d66fedf97b30d455e24a2a28248

SHA256
0746c9433c08f9bf31488bc16cb90c68ea5532465fca4426fcb556b19106f1a2

SHA512
f5f19e9f9cce68bee7dc536d8061ac224f6c7456362f784112f5b2894748d65f4269bed847b854a6c629bd20e45c9bceb9d6e77bb52f50b07018c404b905a8a4

Download Submit
C:\Windows\system\hIGOFbW.exe

Filesize
6.0MB

MD5
b842e93dadfece1f32937f459ea99b40

SHA1
9dc751d2a975cfcde376054881a5b5b6d5809b85

SHA256
4cdd6d3d3e864532e1337044ee3ccf4d200c0f0b1268466913d40c1776746947

SHA512
c562bbfa7c1510561f2247e2449ad86407320f71cce039ada014797e5bbb082da98897a5a0fb8aef8ba8de1e777005479b4be57d84cbfd05c7ac3054312ca987

Download Submit
C:\Windows\system\iXTYzYY.exe

Filesize
6.0MB

MD5
12b1242526e12e9704f3b08797574b59

SHA1
01d82ed63bfcedb2d500662fd8bd17b5daf074a2

SHA256
79ab2584ab4159fe58e2ef97138d0f1042fac89fb99a24a6f1c82c322a3aed85

SHA512
e4b30b83f3501d2bf68bf5584a6579cc3598e2871a893fd24a2b7d0baaf74b5c92c37cd36478d8a6cb2621c253b362fbdccf4098396f4f5ad39a65e90e77ffdc

Download Submit
C:\Windows\system\mdjpFrz.exe

Filesize
6.0MB

MD5
2888631a0fa972ded197d90b6237a9cb

SHA1
fa77b6944b2a55862bd7ff6e484a66d31b81592c

SHA256
660b28ed648639e22d8aaf099df990e4e90d7c4b65dce6e0c49ad3ff31055acc

SHA512
fb6e8495d37c0ba86f9fd9b739c2bd6da252fffe8b36f381bc011091e5847d3b69258159d98585d06ac7c34b95bf0c7d74b8a58875f47289f7371c0db09a1eb7

Download Submit
C:\Windows\system\nMqxzLn.exe

Filesize
6.0MB

MD5
ba6a5bcc19f3fd4b7baa56a6968f40c1

SHA1
342e2e1237a77e076dc8579695462773848a6a85

SHA256
1106d6a174504b3ca2eb1f13cad48ad4557fa530fc612a351765e614b327be7e

SHA512
4fd5a4ccebe822a98b0fc47fcde7d02cc5a24a0fe5b7bdb214162ba284f9a41c2569a9ec33d2ee3eea98603104b3cdca42d0fe57ef02c5ac13da46b499d4849b

Download Submit
C:\Windows\system\pCaeSpf.exe

Filesize
6.0MB

MD5
ac5c6d45bb1a275abfca86f9743d375b

SHA1
ab655d81e996359edf335945672b755add982476

SHA256
f0c3d66c30e8c9886c286a84886d40a238e4100e49d310c68f5eda879b423b47

SHA512
58d55c8bfb8d286771cf858939c20d2dfb4542a0350a2551ba34c0cbefabe6da502cf4f46e36f64a938ff062a4d36f97cc3b8bc6d82b311a8f30b484684c407b

Download Submit
C:\Windows\system\qLodSgU.exe

Filesize
6.0MB

MD5
957e61663065861674bc0ebc1dbc6b2f

SHA1
aea523d104b51f01f35f293b420e92f4844cfe96

SHA256
328198310870ca37bcec9f0ff5d53e45c889d601f9ced692819a7c614a205f75

SHA512
36fe9075e436f1c11530313d9fd5231a34c2a6bb1ba7df718ff282acda965671af01ebb6c965d283bcaac6080d8e72bff4488f9d468aa4d9a7d2d431f1d17741

Download Submit
C:\Windows\system\rtxopKw.exe

Filesize
6.0MB

MD5
9fa4a6a350e37635e7507c30d3e058a9

SHA1
889843dfaab3369a93fb2256037f1ee457df532a

SHA256
93438a43f3493fe9ae8c33002b8abbf2545cf6b4f6b9c8b1b4f0e34477fd6c8e

SHA512
1894ca4dcade02236a32851c1c06c6d4cc75a29d94dab75e64ccbc4a61c26a09a8dc7bc712a9981b43e0e985ef493ec69569c128ae1362918da38719606e808c

Download Submit
C:\Windows\system\tuDYcml.exe

Filesize
6.0MB

MD5
e6209620979ee9e09da6c7a20fde4ec7

SHA1
818299791ee07364d15cfb03ede5ea1f2e19d31a

SHA256
9cd0158f4482f3710e5c315d283bc068ceac94e085d0b22321d9d932895c7a57

SHA512
668286eb33140988927f1000af3b5e3713611bb64ba40bd11d4836f475bf8ecddabd52c59403ed8f7bdc203d5d4a93ff8c3192929b85983763671a0c5d1caa0d

Download Submit
\Windows\system\IivwDzc.exe

Filesize
6.0MB

MD5
6d09ab856f9a00a0ad29563c6efbdcaf

SHA1
24cdcd7c19708e3ca16b473ef0abd9a21eef3c2b

SHA256
914a60dddc4e327e61f8837f3acc918053fb37fc73fd2bba297032fc3a1af777

SHA512
ac3307f073bf0322c37792b1b3b0c85852010887ac279a209eef1bc7076d210423c50db92ea95ffcd93c7835d634a4dd93b19b5ffd7af0eb4dcd2f0b8f6033b5

Download Submit
\Windows\system\SmtZRAh.exe

Filesize
6.0MB

MD5
606a76bc28585a8d3b4da6a03672942e

SHA1
cb84e76c9d8b72314551eca641c9612176fb5472

SHA256
1f4525126f9eea7876ebfb9b6c56ee2bc20c67b8353b9fbab1666dcc27e8bd4e

SHA512
4d7cadec1d293ae3e408b833aaf88cb10a0487db0a211a70c7fce0a4b18de7dc204a4cd132d7d9041b9bd5753300f30d5d4a2951b18648022b5c7555a6532b01

Download Submit
\Windows\system\TJajSjx.exe

Filesize
6.0MB

MD5
006691adba630d977f8eadac09c67a46

SHA1
94c099a572265f8229ac6cd7aa1a88e9144fa618

SHA256
04ffbecfe6fa58df817b7e3b520fd08816e1ebe8be7cca1f43b4b1050edc0130

SHA512
9aa102294b1c7134056103082824cb1ca9fb6bf05b8caa018de2bdf4ccd3cf5fef2acf0617d62e0335abb5c5552894e2ae0e0dd26f79205733a8de9908b33191

Download Submit
\Windows\system\cPhOXkV.exe

Filesize
6.0MB

MD5
b2555e965909518ee50674cbbfedbbf2

SHA1
ef7d7e67e82c744a969ec9d7b3936b45daa81536

SHA256
6716774a94194cbca650b97d14ca165df256fd622dae19035e49e2c30d7ec6a2

SHA512
9113e235cd9a745d22dcccd63623c35f118d6e8f28cd7948490dbc8d8d4f1cfb85177628e49e7fd11e87b551ff814d24d27480fba960e560e84248aaaa7c0768

Download Submit
\Windows\system\pJCrXHQ.exe

Filesize
6.0MB

MD5
6fd94e6b54689d382256e1e106c4ac47

SHA1
7bba211ecd80e7b9cd7eac59caaee8b7c7b78017

SHA256
cb80eb2edbe9ab832c5bb94728769c8411169d1ccba74d6c16140b914a5780ca

SHA512
41b388ecb0117fd64b90e94176d790b86d7d5a997d4355a4546e63bfb80e776606882b0eecb91b5e68f257e8813e330651fcdba9f367616540a574e8e0a48cb8

Download Submit
\Windows\system\raGARCn.exe

Filesize
6.0MB

MD5
f1f1958ab895788d190d89f0a8e0feb3

SHA1
dd7771f35dc8af7307181723048dcc8d2b2e971f

SHA256
31a99ca11352eea9721f6307a6ae2f98fd644396473eb58e1edc8ed498f469c6

SHA512
38292e054ac04523e7af7999976137821aeebb2b343f28adc4276ba006a1f8edd1689a984458042a5ecfbebc63e97b7197b018224dced9292c4eb41a4ff5236b

Download Submit
\Windows\system\uIuomAU.exe

Filesize
6.0MB

MD5
b42f9dfb107378bc708b0f5168c5d8cb

SHA1
a9f7397ae576e3181d503c065333c3e9b9e0d640

SHA256
50b7d98e9e7a70776848b09dd3c1b6fd32e03cf69dde3c797c105f20a7526543

SHA512
f1a03293e22f22217b950a3e84963cebd7cabb866114387cceb9e7b52d21403e1555d3cc5bdf582a4e9eb29de60d9bb8dc99b744921d296445f98cde36014c26

Download Submit
\Windows\system\wzlqbsN.exe

Filesize
6.0MB

MD5
1e7d17a97f948cc3b89d287d2c869270

SHA1
ed0d926c79e1a5941e1737cee83d951427841b50

SHA256
4a4ee3fcf0b09b48ec3a5fa280e6bcb25b6da78a9f5944a0835d909eccb8b55d

SHA512
8e1e498f49a901b60c045052fcbeea5174317681a99a2fff83f6a08f8b6a7e4da66b3b8ef3bd5931f9e34104bd9fbdc85f44e2922a97131368d2d9659a25a2c9

Download Submit
\Windows\system\xDqPIvQ.exe

Filesize
6.0MB

MD5
922057efc835108868dddba23b1d17c7

SHA1
8fdc14c5faa8c30e3e53f147e052d57e7b2474d8

SHA256
04c86f87b4593b269e9c7ca281a520322c06bb286884a0b600cbf5273bac7b69

SHA512
a7051952ff76948947919a32a4b6ca9aea704ff5bc6a7210ffb08d9824c744e5e098d5cab7b37f6a6e10e55fb5326e39c4d2d6333a2afb3a17fee80f137fa44f

Download Submit
memory/772-3930-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/772-57-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/1220-71-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/1220-3976-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/1308-4019-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/1308-75-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/1308-507-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/1608-4059-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/1608-1054-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/1608-103-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/1716-79-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-576-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-4002-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1908-77-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/1908-3843-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/1908-42-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2104-89-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2284-3711-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2284-15-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2284-49-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2620-3810-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-35-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-72-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-67-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2716-100-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2716-175-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2716-24-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-6-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2716-13-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2716-34-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2716-289-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-681-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2716-791-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2716-985-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2716-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2716-48-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2716-70-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-99-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2716-93-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-31-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-82-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2716-0-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3915-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2748-51-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2828-3789-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2828-28-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2848-38-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2848-3719-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2888-101-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/3036-3797-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/3036-32-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download