cobaltstrike | 837a67764570283c17adf6a55b5161c885c7daaa09ba6b940c5183ff8637e234

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
31-01-2025 01:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

07db3b05bb198d5410077e9459b2df7d
SHA1

8cd9b0d548eb4e473613bcc6d9da82415881b4ec
SHA256

837a67764570283c17adf6a55b5161c885c7daaa09ba6b940c5183ff8637e234
SHA512

4a47992227a6c31e5ed5e1edb4fafdcc1a722ac99c2fcdd5fc14e6d4405a8fd0185fb361a8a9e4b04e279cb8b7c1994af8c8725ffeb5a62c5701753b7f8e101a
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUB:T+q56utgpPF8u/7B

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000f0000000139a5-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173b2-12.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173f6-11.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001746c-20.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019614-51.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019616-61.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001749c-57.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000017481-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017474-29.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019618-65.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016f97-68.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196ac-93.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001997c-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c38-110.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196e8-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d20-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3a-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a345-186.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42b-191.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a301-181.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0a1-176.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a067-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07b-171.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fb9-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f9f-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019da4-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019db8-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d44-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c36-106.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c53-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001966c-86.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962a-83.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2076-0-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/files/0x000f0000000139a5-3.dat	xmrig
behavioral1/files/0x00080000000173b2-12.dat	xmrig
behavioral1/memory/1428-15-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/1664-13-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/files/0x00070000000173f6-11.dat	xmrig
behavioral1/files/0x000700000001746c-20.dat	xmrig
behavioral1/memory/1900-35-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2700-40-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019614-51.dat	xmrig
behavioral1/memory/2012-64-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2076-62-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019616-61.dat	xmrig
behavioral1/memory/2812-60-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/2288-58-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/files/0x000900000001749c-57.dat	xmrig
behavioral1/memory/2848-50-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x0009000000017481-39.dat	xmrig
behavioral1/memory/2076-45-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2896-24-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/files/0x0007000000017474-29.dat	xmrig
behavioral1/files/0x0005000000019618-65.dat	xmrig
behavioral1/files/0x0009000000016f97-68.dat	xmrig
behavioral1/memory/2672-78-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/files/0x00050000000196ac-93.dat	xmrig
behavioral1/files/0x000500000001997c-100.dat	xmrig
behavioral1/files/0x0005000000019c38-110.dat	xmrig
behavioral1/files/0x00050000000196e8-126.dat	xmrig
behavioral1/files/0x0005000000019d20-134.dat	xmrig
behavioral1/files/0x0005000000019c3a-133.dat	xmrig
behavioral1/memory/2672-711-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2076-1245-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2076-370-0x0000000002430000-0x0000000002784000-memory.dmp	xmrig
behavioral1/files/0x000500000001a345-186.dat	xmrig
behavioral1/files/0x000500000001a42b-191.dat	xmrig
behavioral1/files/0x000500000001a301-181.dat	xmrig
behavioral1/files/0x000500000001a0a1-176.dat	xmrig
behavioral1/files/0x000500000001a067-166.dat	xmrig
behavioral1/files/0x000500000001a07b-171.dat	xmrig
behavioral1/files/0x0005000000019fb9-161.dat	xmrig
behavioral1/files/0x0005000000019f9f-156.dat	xmrig
behavioral1/files/0x0005000000019da4-146.dat	xmrig
behavioral1/files/0x0005000000019db8-151.dat	xmrig
behavioral1/files/0x0005000000019d44-141.dat	xmrig
behavioral1/memory/2700-119-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2076-109-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c36-106.dat	xmrig
behavioral1/memory/2848-125-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c53-124.dat	xmrig
behavioral1/memory/2084-96-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2076-92-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2896-103-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/1428-91-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/2592-90-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2556-89-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/files/0x000500000001966c-86.dat	xmrig
behavioral1/files/0x000500000001962a-83.dat	xmrig
behavioral1/memory/2076-73-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2896-4042-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/1900-4043-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2848-4044-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2288-4047-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2012-4048-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2812-4049-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1664	yYQirNB.exe
1428	ffwMGTV.exe
2896	CkeqIBr.exe
1900	viyalDr.exe
2700	IgzkIqa.exe
2848	rZZoPRt.exe
2288	hCUxkda.exe
2812	MnIMUym.exe
2012	feIOFgN.exe
2672	lcxtLEK.exe
2556	PoACWpi.exe
2592	LegUdJG.exe
2084	ONzNmeT.exe
792	kLvMcMz.exe
1368	vWoWmCb.exe
1728	FaQNljz.exe
2000	fOaWAZY.exe
1276	DiCgceL.exe
2780	YRFnJow.exe
1216	WSceMfq.exe
1036	BkAJjyz.exe
708	DUfidgg.exe
2444	QGiZFSc.exe
2004	pjgYGZV.exe
1496	ipbmsLB.exe
1856	QaPOWNy.exe
688	kGyPDfg.exe
1656	xxNapsb.exe
816	PEFrxBY.exe
552	fUqukbL.exe
852	cVxHcjS.exe
572	Xfqfrih.exe
1708	DtOFniG.exe
1960	SxdLitR.exe
2128	ykRPVDL.exe
2260	HnmWHrM.exe
3024	ujHFAHR.exe
3004	rJcrhGg.exe
1252	IVuZLjR.exe
2340	TEvdGzh.exe
1596	wCXNTTG.exe
796	OLCRukj.exe
3008	iPCvqTl.exe
888	RyRVTFd.exe
1604	tUEYHsk.exe
1888	JrvkUox.exe
2068	FwvUYSM.exe
1504	hYzEfmG.exe
2644	AqQLpke.exe
2276	qjUlyLK.exe
2668	uXZuRlz.exe
2088	wtCWqCq.exe
2760	ZwXzbki.exe
2692	WMtvOdJ.exe
1764	tOdrGPC.exe
2560	AsZzAof.exe
1756	VwNhHKA.exe
2680	vBZoegS.exe
2764	uQNrtGE.exe
1144	uWkOWSj.exe
3056	GvDsJME.exe
2804	uxrAKDU.exe
2396	grDVIho.exe
1448	mVWRUQf.exe

Loads dropped DLL 64 IoCs

pid	Process
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2076-0-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/files/0x000f0000000139a5-3.dat	upx
behavioral1/files/0x00080000000173b2-12.dat	upx
behavioral1/memory/1428-15-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/1664-13-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/files/0x00070000000173f6-11.dat	upx
behavioral1/files/0x000700000001746c-20.dat	upx
behavioral1/memory/1900-35-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2700-40-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/files/0x0005000000019614-51.dat	upx
behavioral1/memory/2012-64-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2076-62-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/files/0x0005000000019616-61.dat	upx
behavioral1/memory/2812-60-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2288-58-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/files/0x000900000001749c-57.dat	upx
behavioral1/memory/2848-50-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x0009000000017481-39.dat	upx
behavioral1/memory/2896-24-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/files/0x0007000000017474-29.dat	upx
behavioral1/files/0x0005000000019618-65.dat	upx
behavioral1/files/0x0009000000016f97-68.dat	upx
behavioral1/memory/2672-78-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/files/0x00050000000196ac-93.dat	upx
behavioral1/files/0x000500000001997c-100.dat	upx
behavioral1/files/0x0005000000019c38-110.dat	upx
behavioral1/files/0x00050000000196e8-126.dat	upx
behavioral1/files/0x0005000000019d20-134.dat	upx
behavioral1/files/0x0005000000019c3a-133.dat	upx
behavioral1/memory/2672-711-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2076-370-0x0000000002430000-0x0000000002784000-memory.dmp	upx
behavioral1/files/0x000500000001a345-186.dat	upx
behavioral1/files/0x000500000001a42b-191.dat	upx
behavioral1/files/0x000500000001a301-181.dat	upx
behavioral1/files/0x000500000001a0a1-176.dat	upx
behavioral1/files/0x000500000001a067-166.dat	upx
behavioral1/files/0x000500000001a07b-171.dat	upx
behavioral1/files/0x0005000000019fb9-161.dat	upx
behavioral1/files/0x0005000000019f9f-156.dat	upx
behavioral1/files/0x0005000000019da4-146.dat	upx
behavioral1/files/0x0005000000019db8-151.dat	upx
behavioral1/files/0x0005000000019d44-141.dat	upx
behavioral1/memory/2700-119-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/files/0x0005000000019c36-106.dat	upx
behavioral1/memory/2848-125-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x0005000000019c53-124.dat	upx
behavioral1/memory/2084-96-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2896-103-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/1428-91-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/2592-90-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2556-89-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/files/0x000500000001966c-86.dat	upx
behavioral1/files/0x000500000001962a-83.dat	upx
behavioral1/memory/2896-4042-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/1900-4043-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2848-4044-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2288-4047-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2012-4048-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2812-4049-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2672-4050-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2592-4051-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2556-4052-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2084-4053-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\GMRoClt.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XGNDSYN.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ClsMqQi.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mNRypyz.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bcDrOBK.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UYicwxT.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eWuRTrK.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zuwFGYq.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mqeGzSO.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pRqrCEW.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YULDCmw.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\znsyKNo.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nMXmItD.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eCiXugt.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NdNGpgl.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KqbtyXH.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GtgrlOv.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iTBqDTB.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eGptmkY.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LwNNWpC.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FwpNSPP.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jgXfeXe.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\prbTLhL.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iUEizAb.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xsarwaK.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uAzYfGx.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qJSnfFM.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\igZoezP.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bOuOqvG.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sKrLzkh.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KNYVYNO.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CzWpdBu.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CNNSQTz.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yxllmnh.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qrxVeKf.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kVCsLkH.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uzDpmqe.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JSlEWZW.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DqIGvxG.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TXeBmkK.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PJlDZae.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lZkRQiy.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hQvNCaC.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\arognGG.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QEFUrmz.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\psLhZzp.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NSnLMXm.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GKHusaC.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WMtvOdJ.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vBZoegS.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KQpSjZj.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jzzgGfu.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cZDJAmT.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HPqcVOv.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VdFpWFT.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uLPyNNo.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mmyamxf.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lwhmqGh.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\amLVkuy.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LwuzrhK.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sDRmiRT.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JtlwTUc.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ABWAbuE.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rTfKBsG.exe	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 1664	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2076 wrote to memory of 1664	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2076 wrote to memory of 1664	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2076 wrote to memory of 1428	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2076 wrote to memory of 1428	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2076 wrote to memory of 1428	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2076 wrote to memory of 2896	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2076 wrote to memory of 2896	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2076 wrote to memory of 2896	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2076 wrote to memory of 1900	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2076 wrote to memory of 1900	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2076 wrote to memory of 1900	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2076 wrote to memory of 2700	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2076 wrote to memory of 2700	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2076 wrote to memory of 2700	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2076 wrote to memory of 2848	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2076 wrote to memory of 2848	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2076 wrote to memory of 2848	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2076 wrote to memory of 2812	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2076 wrote to memory of 2812	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2076 wrote to memory of 2812	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2076 wrote to memory of 2288	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2076 wrote to memory of 2288	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2076 wrote to memory of 2288	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2076 wrote to memory of 2012	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2076 wrote to memory of 2012	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2076 wrote to memory of 2012	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2076 wrote to memory of 2672	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2076 wrote to memory of 2672	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2076 wrote to memory of 2672	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2076 wrote to memory of 2556	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2076 wrote to memory of 2556	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2076 wrote to memory of 2556	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2076 wrote to memory of 2592	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2076 wrote to memory of 2592	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2076 wrote to memory of 2592	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2076 wrote to memory of 2084	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2076 wrote to memory of 2084	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2076 wrote to memory of 2084	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2076 wrote to memory of 792	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2076 wrote to memory of 792	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2076 wrote to memory of 792	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2076 wrote to memory of 1276	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2076 wrote to memory of 1276	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2076 wrote to memory of 1276	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2076 wrote to memory of 1368	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2076 wrote to memory of 1368	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2076 wrote to memory of 1368	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2076 wrote to memory of 2780	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2076 wrote to memory of 2780	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2076 wrote to memory of 2780	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2076 wrote to memory of 1728	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2076 wrote to memory of 1728	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2076 wrote to memory of 1728	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2076 wrote to memory of 1216	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2076 wrote to memory of 1216	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2076 wrote to memory of 1216	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2076 wrote to memory of 2000	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2076 wrote to memory of 2000	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2076 wrote to memory of 2000	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2076 wrote to memory of 1036	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2076 wrote to memory of 1036	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2076 wrote to memory of 1036	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2076 wrote to memory of 708	2076	2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-31_07db3b05bb198d5410077e9459b2df7d_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Windows\System\yYQirNB.exe
  C:\Windows\System\yYQirNB.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\ffwMGTV.exe
  C:\Windows\System\ffwMGTV.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\CkeqIBr.exe
  C:\Windows\System\CkeqIBr.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\viyalDr.exe
  C:\Windows\System\viyalDr.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\IgzkIqa.exe
  C:\Windows\System\IgzkIqa.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\rZZoPRt.exe
  C:\Windows\System\rZZoPRt.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\MnIMUym.exe
  C:\Windows\System\MnIMUym.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\hCUxkda.exe
  C:\Windows\System\hCUxkda.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\feIOFgN.exe
  C:\Windows\System\feIOFgN.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\lcxtLEK.exe
  C:\Windows\System\lcxtLEK.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\PoACWpi.exe
  C:\Windows\System\PoACWpi.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\LegUdJG.exe
  C:\Windows\System\LegUdJG.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\ONzNmeT.exe
  C:\Windows\System\ONzNmeT.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\kLvMcMz.exe
  C:\Windows\System\kLvMcMz.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\DiCgceL.exe
  C:\Windows\System\DiCgceL.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\vWoWmCb.exe
  C:\Windows\System\vWoWmCb.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\YRFnJow.exe
  C:\Windows\System\YRFnJow.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\FaQNljz.exe
  C:\Windows\System\FaQNljz.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\WSceMfq.exe
  C:\Windows\System\WSceMfq.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\fOaWAZY.exe
  C:\Windows\System\fOaWAZY.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\BkAJjyz.exe
  C:\Windows\System\BkAJjyz.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\DUfidgg.exe
  C:\Windows\System\DUfidgg.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\QGiZFSc.exe
  C:\Windows\System\QGiZFSc.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\pjgYGZV.exe
  C:\Windows\System\pjgYGZV.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\ipbmsLB.exe
  C:\Windows\System\ipbmsLB.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\QaPOWNy.exe
  C:\Windows\System\QaPOWNy.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\kGyPDfg.exe
  C:\Windows\System\kGyPDfg.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\xxNapsb.exe
  C:\Windows\System\xxNapsb.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\PEFrxBY.exe
  C:\Windows\System\PEFrxBY.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\fUqukbL.exe
  C:\Windows\System\fUqukbL.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\cVxHcjS.exe
  C:\Windows\System\cVxHcjS.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\Xfqfrih.exe
  C:\Windows\System\Xfqfrih.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\DtOFniG.exe
  C:\Windows\System\DtOFniG.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\SxdLitR.exe
  C:\Windows\System\SxdLitR.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\ykRPVDL.exe
  C:\Windows\System\ykRPVDL.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\HnmWHrM.exe
  C:\Windows\System\HnmWHrM.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\ujHFAHR.exe
  C:\Windows\System\ujHFAHR.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\rJcrhGg.exe
  C:\Windows\System\rJcrhGg.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\IVuZLjR.exe
  C:\Windows\System\IVuZLjR.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\TEvdGzh.exe
  C:\Windows\System\TEvdGzh.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\wCXNTTG.exe
  C:\Windows\System\wCXNTTG.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\OLCRukj.exe
  C:\Windows\System\OLCRukj.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\iPCvqTl.exe
  C:\Windows\System\iPCvqTl.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\RyRVTFd.exe
  C:\Windows\System\RyRVTFd.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\tUEYHsk.exe
  C:\Windows\System\tUEYHsk.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\JrvkUox.exe
  C:\Windows\System\JrvkUox.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\FwvUYSM.exe
  C:\Windows\System\FwvUYSM.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\hYzEfmG.exe
  C:\Windows\System\hYzEfmG.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\qjUlyLK.exe
  C:\Windows\System\qjUlyLK.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\AqQLpke.exe
  C:\Windows\System\AqQLpke.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\wtCWqCq.exe
  C:\Windows\System\wtCWqCq.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\uXZuRlz.exe
  C:\Windows\System\uXZuRlz.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\WMtvOdJ.exe
  C:\Windows\System\WMtvOdJ.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\ZwXzbki.exe
  C:\Windows\System\ZwXzbki.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\tOdrGPC.exe
  C:\Windows\System\tOdrGPC.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\AsZzAof.exe
  C:\Windows\System\AsZzAof.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\vBZoegS.exe
  C:\Windows\System\vBZoegS.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\VwNhHKA.exe
  C:\Windows\System\VwNhHKA.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\uQNrtGE.exe
  C:\Windows\System\uQNrtGE.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\uWkOWSj.exe
  C:\Windows\System\uWkOWSj.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\uxrAKDU.exe
  C:\Windows\System\uxrAKDU.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\GvDsJME.exe
  C:\Windows\System\GvDsJME.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\grDVIho.exe
  C:\Windows\System\grDVIho.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\mVWRUQf.exe
  C:\Windows\System\mVWRUQf.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\fDOdmto.exe
  C:\Windows\System\fDOdmto.exe
  2⤵
  PID:704
- C:\Windows\System\socJTHs.exe
  C:\Windows\System\socJTHs.exe
  2⤵
  PID:2148
- C:\Windows\System\phNdPWu.exe
  C:\Windows\System\phNdPWu.exe
  2⤵
  PID:1676
- C:\Windows\System\DEhQcdd.exe
  C:\Windows\System\DEhQcdd.exe
  2⤵
  PID:112
- C:\Windows\System\AvfAbYv.exe
  C:\Windows\System\AvfAbYv.exe
  2⤵
  PID:2096
- C:\Windows\System\MqSrhxw.exe
  C:\Windows\System\MqSrhxw.exe
  2⤵
  PID:1164
- C:\Windows\System\KKJrbrI.exe
  C:\Windows\System\KKJrbrI.exe
  2⤵
  PID:2120
- C:\Windows\System\CltyfVh.exe
  C:\Windows\System\CltyfVh.exe
  2⤵
  PID:376
- C:\Windows\System\qzFvtZw.exe
  C:\Windows\System\qzFvtZw.exe
  2⤵
  PID:624
- C:\Windows\System\LRCwmWn.exe
  C:\Windows\System\LRCwmWn.exe
  2⤵
  PID:2408
- C:\Windows\System\jibNCqy.exe
  C:\Windows\System\jibNCqy.exe
  2⤵
  PID:280
- C:\Windows\System\Zynyidn.exe
  C:\Windows\System\Zynyidn.exe
  2⤵
  PID:316
- C:\Windows\System\KYNFwjl.exe
  C:\Windows\System\KYNFwjl.exe
  2⤵
  PID:3000
- C:\Windows\System\bIuEbvK.exe
  C:\Windows\System\bIuEbvK.exe
  2⤵
  PID:2480
- C:\Windows\System\JdZrLpX.exe
  C:\Windows\System\JdZrLpX.exe
  2⤵
  PID:1280
- C:\Windows\System\WtQVfIR.exe
  C:\Windows\System\WtQVfIR.exe
  2⤵
  PID:2868
- C:\Windows\System\ymjpTmg.exe
  C:\Windows\System\ymjpTmg.exe
  2⤵
  PID:2736
- C:\Windows\System\oZWhlNn.exe
  C:\Windows\System\oZWhlNn.exe
  2⤵
  PID:2140
- C:\Windows\System\zkjiDYX.exe
  C:\Windows\System\zkjiDYX.exe
  2⤵
  PID:2844
- C:\Windows\System\WTbSlok.exe
  C:\Windows\System\WTbSlok.exe
  2⤵
  PID:2604
- C:\Windows\System\PdPsyqj.exe
  C:\Windows\System\PdPsyqj.exe
  2⤵
  PID:1056
- C:\Windows\System\iyboimm.exe
  C:\Windows\System\iyboimm.exe
  2⤵
  PID:2824
- C:\Windows\System\UIfMlSI.exe
  C:\Windows\System\UIfMlSI.exe
  2⤵
  PID:1060
- C:\Windows\System\pRrdfgA.exe
  C:\Windows\System\pRrdfgA.exe
  2⤵
  PID:1200
- C:\Windows\System\PJlDZae.exe
  C:\Windows\System\PJlDZae.exe
  2⤵
  PID:1748
- C:\Windows\System\SSGxjrM.exe
  C:\Windows\System\SSGxjrM.exe
  2⤵
  PID:1484
- C:\Windows\System\MgxvBzh.exe
  C:\Windows\System\MgxvBzh.exe
  2⤵
  PID:2268
- C:\Windows\System\kQvMybb.exe
  C:\Windows\System\kQvMybb.exe
  2⤵
  PID:1012
- C:\Windows\System\ChoCNlt.exe
  C:\Windows\System\ChoCNlt.exe
  2⤵
  PID:2064
- C:\Windows\System\PdJuHJV.exe
  C:\Windows\System\PdJuHJV.exe
  2⤵
  PID:2292
- C:\Windows\System\POWpacT.exe
  C:\Windows\System\POWpacT.exe
  2⤵
  PID:1456
- C:\Windows\System\tTqEtmq.exe
  C:\Windows\System\tTqEtmq.exe
  2⤵
  PID:1916
- C:\Windows\System\PmxETNe.exe
  C:\Windows\System\PmxETNe.exe
  2⤵
  PID:2500
- C:\Windows\System\XIrRJkC.exe
  C:\Windows\System\XIrRJkC.exe
  2⤵
  PID:1984
- C:\Windows\System\OESqSPY.exe
  C:\Windows\System\OESqSPY.exe
  2⤵
  PID:768
- C:\Windows\System\CZOwUvi.exe
  C:\Windows\System\CZOwUvi.exe
  2⤵
  PID:2800
- C:\Windows\System\sampyWz.exe
  C:\Windows\System\sampyWz.exe
  2⤵
  PID:2456
- C:\Windows\System\ovtSXtl.exe
  C:\Windows\System\ovtSXtl.exe
  2⤵
  PID:1948
- C:\Windows\System\TIJWVUS.exe
  C:\Windows\System\TIJWVUS.exe
  2⤵
  PID:1912
- C:\Windows\System\syBXrzO.exe
  C:\Windows\System\syBXrzO.exe
  2⤵
  PID:284
- C:\Windows\System\VmDkjwM.exe
  C:\Windows\System\VmDkjwM.exe
  2⤵
  PID:2160
- C:\Windows\System\bcKKwXg.exe
  C:\Windows\System\bcKKwXg.exe
  2⤵
  PID:3080
- C:\Windows\System\VidFRdh.exe
  C:\Windows\System\VidFRdh.exe
  2⤵
  PID:3100
- C:\Windows\System\oSFNyZx.exe
  C:\Windows\System\oSFNyZx.exe
  2⤵
  PID:3116
- C:\Windows\System\xdLYOIo.exe
  C:\Windows\System\xdLYOIo.exe
  2⤵
  PID:3140
- C:\Windows\System\BQEftsn.exe
  C:\Windows\System\BQEftsn.exe
  2⤵
  PID:3156
- C:\Windows\System\vJaHjPF.exe
  C:\Windows\System\vJaHjPF.exe
  2⤵
  PID:3180
- C:\Windows\System\bfiaYlo.exe
  C:\Windows\System\bfiaYlo.exe
  2⤵
  PID:3200
- C:\Windows\System\MRZORAE.exe
  C:\Windows\System\MRZORAE.exe
  2⤵
  PID:3220
- C:\Windows\System\InPHvWg.exe
  C:\Windows\System\InPHvWg.exe
  2⤵
  PID:3236
- C:\Windows\System\NmmjnKd.exe
  C:\Windows\System\NmmjnKd.exe
  2⤵
  PID:3260
- C:\Windows\System\ghxdalx.exe
  C:\Windows\System\ghxdalx.exe
  2⤵
  PID:3276
- C:\Windows\System\XoAxZil.exe
  C:\Windows\System\XoAxZil.exe
  2⤵
  PID:3296
- C:\Windows\System\XgDBZgY.exe
  C:\Windows\System\XgDBZgY.exe
  2⤵
  PID:3316
- C:\Windows\System\XEgAgUZ.exe
  C:\Windows\System\XEgAgUZ.exe
  2⤵
  PID:3336
- C:\Windows\System\BnBJiKs.exe
  C:\Windows\System\BnBJiKs.exe
  2⤵
  PID:3356
- C:\Windows\System\FMpHeUP.exe
  C:\Windows\System\FMpHeUP.exe
  2⤵
  PID:3376
- C:\Windows\System\VlLbgdv.exe
  C:\Windows\System\VlLbgdv.exe
  2⤵
  PID:3392
- C:\Windows\System\tWulXbp.exe
  C:\Windows\System\tWulXbp.exe
  2⤵
  PID:3420
- C:\Windows\System\jQdCpBl.exe
  C:\Windows\System\jQdCpBl.exe
  2⤵
  PID:3440
- C:\Windows\System\qRYkrOk.exe
  C:\Windows\System\qRYkrOk.exe
  2⤵
  PID:3460
- C:\Windows\System\IGwSKWJ.exe
  C:\Windows\System\IGwSKWJ.exe
  2⤵
  PID:3480
- C:\Windows\System\zdAbegz.exe
  C:\Windows\System\zdAbegz.exe
  2⤵
  PID:3500
- C:\Windows\System\eVxVClg.exe
  C:\Windows\System\eVxVClg.exe
  2⤵
  PID:3516
- C:\Windows\System\HhNcaWZ.exe
  C:\Windows\System\HhNcaWZ.exe
  2⤵
  PID:3540
- C:\Windows\System\pKqHAas.exe
  C:\Windows\System\pKqHAas.exe
  2⤵
  PID:3556
- C:\Windows\System\prvqdZx.exe
  C:\Windows\System\prvqdZx.exe
  2⤵
  PID:3580
- C:\Windows\System\SvxmxDM.exe
  C:\Windows\System\SvxmxDM.exe
  2⤵
  PID:3600
- C:\Windows\System\pSYCZRo.exe
  C:\Windows\System\pSYCZRo.exe
  2⤵
  PID:3620
- C:\Windows\System\tFfWAFq.exe
  C:\Windows\System\tFfWAFq.exe
  2⤵
  PID:3640
- C:\Windows\System\ItSuTpn.exe
  C:\Windows\System\ItSuTpn.exe
  2⤵
  PID:3660
- C:\Windows\System\jNsBCgj.exe
  C:\Windows\System\jNsBCgj.exe
  2⤵
  PID:3680
- C:\Windows\System\hPrgbWy.exe
  C:\Windows\System\hPrgbWy.exe
  2⤵
  PID:3700
- C:\Windows\System\OaNIDbF.exe
  C:\Windows\System\OaNIDbF.exe
  2⤵
  PID:3720
- C:\Windows\System\AyZikoe.exe
  C:\Windows\System\AyZikoe.exe
  2⤵
  PID:3740
- C:\Windows\System\uZJkDxr.exe
  C:\Windows\System\uZJkDxr.exe
  2⤵
  PID:3756
- C:\Windows\System\KIuqZzC.exe
  C:\Windows\System\KIuqZzC.exe
  2⤵
  PID:3780
- C:\Windows\System\dBtUeqb.exe
  C:\Windows\System\dBtUeqb.exe
  2⤵
  PID:3796
- C:\Windows\System\Xfbafgy.exe
  C:\Windows\System\Xfbafgy.exe
  2⤵
  PID:3820
- C:\Windows\System\nwBivpj.exe
  C:\Windows\System\nwBivpj.exe
  2⤵
  PID:3840
- C:\Windows\System\fikrLCG.exe
  C:\Windows\System\fikrLCG.exe
  2⤵
  PID:3860
- C:\Windows\System\FZmqLCO.exe
  C:\Windows\System\FZmqLCO.exe
  2⤵
  PID:3880
- C:\Windows\System\AukcBww.exe
  C:\Windows\System\AukcBww.exe
  2⤵
  PID:3900
- C:\Windows\System\sycRUCn.exe
  C:\Windows\System\sycRUCn.exe
  2⤵
  PID:3916
- C:\Windows\System\ymppZlb.exe
  C:\Windows\System\ymppZlb.exe
  2⤵
  PID:3940
- C:\Windows\System\zgrOwhZ.exe
  C:\Windows\System\zgrOwhZ.exe
  2⤵
  PID:3960
- C:\Windows\System\fOAPxfH.exe
  C:\Windows\System\fOAPxfH.exe
  2⤵
  PID:3980
- C:\Windows\System\SDczzez.exe
  C:\Windows\System\SDczzez.exe
  2⤵
  PID:3996
- C:\Windows\System\LPeoPuG.exe
  C:\Windows\System\LPeoPuG.exe
  2⤵
  PID:4020
- C:\Windows\System\dfPacbr.exe
  C:\Windows\System\dfPacbr.exe
  2⤵
  PID:4040
- C:\Windows\System\tfJQKme.exe
  C:\Windows\System\tfJQKme.exe
  2⤵
  PID:4060
- C:\Windows\System\zGWGwOp.exe
  C:\Windows\System\zGWGwOp.exe
  2⤵
  PID:4076
- C:\Windows\System\ezGOcfP.exe
  C:\Windows\System\ezGOcfP.exe
  2⤵
  PID:2492
- C:\Windows\System\jvkWzMo.exe
  C:\Windows\System\jvkWzMo.exe
  2⤵
  PID:2948
- C:\Windows\System\ilkvFKn.exe
  C:\Windows\System\ilkvFKn.exe
  2⤵
  PID:2284
- C:\Windows\System\EkQACQH.exe
  C:\Windows\System\EkQACQH.exe
  2⤵
  PID:1952
- C:\Windows\System\HdHykBA.exe
  C:\Windows\System\HdHykBA.exe
  2⤵
  PID:2748
- C:\Windows\System\lwCQwiA.exe
  C:\Windows\System\lwCQwiA.exe
  2⤵
  PID:1640
- C:\Windows\System\GMRoClt.exe
  C:\Windows\System\GMRoClt.exe
  2⤵
  PID:2104
- C:\Windows\System\dCiGtMz.exe
  C:\Windows\System\dCiGtMz.exe
  2⤵
  PID:3092
- C:\Windows\System\beGafBQ.exe
  C:\Windows\System\beGafBQ.exe
  2⤵
  PID:3132
- C:\Windows\System\tQywXgP.exe
  C:\Windows\System\tQywXgP.exe
  2⤵
  PID:3108
- C:\Windows\System\quQrLeI.exe
  C:\Windows\System\quQrLeI.exe
  2⤵
  PID:3216
- C:\Windows\System\LwuzrhK.exe
  C:\Windows\System\LwuzrhK.exe
  2⤵
  PID:3256
- C:\Windows\System\VBrTLVh.exe
  C:\Windows\System\VBrTLVh.exe
  2⤵
  PID:3196
- C:\Windows\System\QaciBJt.exe
  C:\Windows\System\QaciBJt.exe
  2⤵
  PID:3324
- C:\Windows\System\QWGEjJl.exe
  C:\Windows\System\QWGEjJl.exe
  2⤵
  PID:3372
- C:\Windows\System\SESceBk.exe
  C:\Windows\System\SESceBk.exe
  2⤵
  PID:3308
- C:\Windows\System\qMBChjw.exe
  C:\Windows\System\qMBChjw.exe
  2⤵
  PID:3348
- C:\Windows\System\hXhAznU.exe
  C:\Windows\System\hXhAznU.exe
  2⤵
  PID:3384
- C:\Windows\System\sgkVfpJ.exe
  C:\Windows\System\sgkVfpJ.exe
  2⤵
  PID:3488
- C:\Windows\System\mPqikTe.exe
  C:\Windows\System\mPqikTe.exe
  2⤵
  PID:3436
- C:\Windows\System\UWrElyP.exe
  C:\Windows\System\UWrElyP.exe
  2⤵
  PID:3524
- C:\Windows\System\WKIWDHS.exe
  C:\Windows\System\WKIWDHS.exe
  2⤵
  PID:3508
- C:\Windows\System\zeJGeCA.exe
  C:\Windows\System\zeJGeCA.exe
  2⤵
  PID:3576
- C:\Windows\System\CCOQdXV.exe
  C:\Windows\System\CCOQdXV.exe
  2⤵
  PID:3592
- C:\Windows\System\gxxILaF.exe
  C:\Windows\System\gxxILaF.exe
  2⤵
  PID:2840
- C:\Windows\System\oeHGAFI.exe
  C:\Windows\System\oeHGAFI.exe
  2⤵
  PID:3688
- C:\Windows\System\IlwFjlq.exe
  C:\Windows\System\IlwFjlq.exe
  2⤵
  PID:3736
- C:\Windows\System\OwPYkbR.exe
  C:\Windows\System\OwPYkbR.exe
  2⤵
  PID:3732
- C:\Windows\System\TytNute.exe
  C:\Windows\System\TytNute.exe
  2⤵
  PID:3776
- C:\Windows\System\amMzjjx.exe
  C:\Windows\System\amMzjjx.exe
  2⤵
  PID:3748
- C:\Windows\System\FZCJDrf.exe
  C:\Windows\System\FZCJDrf.exe
  2⤵
  PID:3848
- C:\Windows\System\AhyZGUX.exe
  C:\Windows\System\AhyZGUX.exe
  2⤵
  PID:3836
- C:\Windows\System\OVLVzAj.exe
  C:\Windows\System\OVLVzAj.exe
  2⤵
  PID:3876
- C:\Windows\System\tkeEoFD.exe
  C:\Windows\System\tkeEoFD.exe
  2⤵
  PID:3936
- C:\Windows\System\YKuJuII.exe
  C:\Windows\System\YKuJuII.exe
  2⤵
  PID:3948
- C:\Windows\System\waaAicF.exe
  C:\Windows\System\waaAicF.exe
  2⤵
  PID:4016
- C:\Windows\System\bWsewYo.exe
  C:\Windows\System\bWsewYo.exe
  2⤵
  PID:4048
- C:\Windows\System\TUPfMHT.exe
  C:\Windows\System\TUPfMHT.exe
  2⤵
  PID:2108
- C:\Windows\System\OOvIDfE.exe
  C:\Windows\System\OOvIDfE.exe
  2⤵
  PID:4088
- C:\Windows\System\UKtUbHK.exe
  C:\Windows\System\UKtUbHK.exe
  2⤵
  PID:2652
- C:\Windows\System\vbsmChW.exe
  C:\Windows\System\vbsmChW.exe
  2⤵
  PID:2796
- C:\Windows\System\UXskwbd.exe
  C:\Windows\System\UXskwbd.exe
  2⤵
  PID:2116
- C:\Windows\System\oSEspDB.exe
  C:\Windows\System\oSEspDB.exe
  2⤵
  PID:1228
- C:\Windows\System\mqeGzSO.exe
  C:\Windows\System\mqeGzSO.exe
  2⤵
  PID:3124
- C:\Windows\System\yxllmnh.exe
  C:\Windows\System\yxllmnh.exe
  2⤵
  PID:3112
- C:\Windows\System\pEWfIua.exe
  C:\Windows\System\pEWfIua.exe
  2⤵
  PID:3164
- C:\Windows\System\OWlgaSS.exe
  C:\Windows\System\OWlgaSS.exe
  2⤵
  PID:3232
- C:\Windows\System\WWwWWBd.exe
  C:\Windows\System\WWwWWBd.exe
  2⤵
  PID:3400
- C:\Windows\System\MVAhtxQ.exe
  C:\Windows\System\MVAhtxQ.exe
  2⤵
  PID:3304
- C:\Windows\System\mbUsSGq.exe
  C:\Windows\System\mbUsSGq.exe
  2⤵
  PID:3452
- C:\Windows\System\IUeZAoK.exe
  C:\Windows\System\IUeZAoK.exe
  2⤵
  PID:3428
- C:\Windows\System\BohRPUx.exe
  C:\Windows\System\BohRPUx.exe
  2⤵
  PID:3432
- C:\Windows\System\TcKcwSL.exe
  C:\Windows\System\TcKcwSL.exe
  2⤵
  PID:3528
- C:\Windows\System\uFouxqG.exe
  C:\Windows\System\uFouxqG.exe
  2⤵
  PID:3628
- C:\Windows\System\fVQsPbh.exe
  C:\Windows\System\fVQsPbh.exe
  2⤵
  PID:3692
- C:\Windows\System\RMVfPuJ.exe
  C:\Windows\System\RMVfPuJ.exe
  2⤵
  PID:3652
- C:\Windows\System\yjhfPKM.exe
  C:\Windows\System\yjhfPKM.exe
  2⤵
  PID:3816
- C:\Windows\System\gDvrPNG.exe
  C:\Windows\System\gDvrPNG.exe
  2⤵
  PID:2428
- C:\Windows\System\FpSFbBr.exe
  C:\Windows\System\FpSFbBr.exe
  2⤵
  PID:3872
- C:\Windows\System\tqDzmix.exe
  C:\Windows\System\tqDzmix.exe
  2⤵
  PID:3976
- C:\Windows\System\ykAcHPg.exe
  C:\Windows\System\ykAcHPg.exe
  2⤵
  PID:3852
- C:\Windows\System\pMzZTOd.exe
  C:\Windows\System\pMzZTOd.exe
  2⤵
  PID:3956
- C:\Windows\System\cSsunrj.exe
  C:\Windows\System\cSsunrj.exe
  2⤵
  PID:3932
- C:\Windows\System\VOwLPhx.exe
  C:\Windows\System\VOwLPhx.exe
  2⤵
  PID:4084
- C:\Windows\System\DiSBCkp.exe
  C:\Windows\System\DiSBCkp.exe
  2⤵
  PID:2832
- C:\Windows\System\GtQKzji.exe
  C:\Windows\System\GtQKzji.exe
  2⤵
  PID:2996
- C:\Windows\System\jQucBoV.exe
  C:\Windows\System\jQucBoV.exe
  2⤵
  PID:3136
- C:\Windows\System\wREZuJp.exe
  C:\Windows\System\wREZuJp.exe
  2⤵
  PID:324
- C:\Windows\System\WTOEiRM.exe
  C:\Windows\System\WTOEiRM.exe
  2⤵
  PID:3188
- C:\Windows\System\UZUkiie.exe
  C:\Windows\System\UZUkiie.exe
  2⤵
  PID:968
- C:\Windows\System\URyrxqu.exe
  C:\Windows\System\URyrxqu.exe
  2⤵
  PID:3252
- C:\Windows\System\baaMcGV.exe
  C:\Windows\System\baaMcGV.exe
  2⤵
  PID:2632
- C:\Windows\System\YTVogyC.exe
  C:\Windows\System\YTVogyC.exe
  2⤵
  PID:2884
- C:\Windows\System\ALneQXI.exe
  C:\Windows\System\ALneQXI.exe
  2⤵
  PID:2248
- C:\Windows\System\QSMbzNd.exe
  C:\Windows\System\QSMbzNd.exe
  2⤵
  PID:3468
- C:\Windows\System\qrxVeKf.exe
  C:\Windows\System\qrxVeKf.exe
  2⤵
  PID:3616
- C:\Windows\System\IizlEjD.exe
  C:\Windows\System\IizlEjD.exe
  2⤵
  PID:3472
- C:\Windows\System\GtgrlOv.exe
  C:\Windows\System\GtgrlOv.exe
  2⤵
  PID:3568
- C:\Windows\System\hWFBdjx.exe
  C:\Windows\System\hWFBdjx.exe
  2⤵
  PID:3632
- C:\Windows\System\MJfAgSh.exe
  C:\Windows\System\MJfAgSh.exe
  2⤵
  PID:3772
- C:\Windows\System\hPsaqpg.exe
  C:\Windows\System\hPsaqpg.exe
  2⤵
  PID:2664
- C:\Windows\System\DNamOAW.exe
  C:\Windows\System\DNamOAW.exe
  2⤵
  PID:3752
- C:\Windows\System\RCbokfG.exe
  C:\Windows\System\RCbokfG.exe
  2⤵
  PID:3928
- C:\Windows\System\XfdPPzM.exe
  C:\Windows\System\XfdPPzM.exe
  2⤵
  PID:4032
- C:\Windows\System\UJdNrEl.exe
  C:\Windows\System\UJdNrEl.exe
  2⤵
  PID:3988
- C:\Windows\System\wcfGaaL.exe
  C:\Windows\System\wcfGaaL.exe
  2⤵
  PID:2588
- C:\Windows\System\qLSnBrX.exe
  C:\Windows\System\qLSnBrX.exe
  2⤵
  PID:3148
- C:\Windows\System\itXzxkP.exe
  C:\Windows\System\itXzxkP.exe
  2⤵
  PID:3168
- C:\Windows\System\jjASMhq.exe
  C:\Windows\System\jjASMhq.exe
  2⤵
  PID:2956
- C:\Windows\System\MTrAPzq.exe
  C:\Windows\System\MTrAPzq.exe
  2⤵
  PID:3036
- C:\Windows\System\XoXhbam.exe
  C:\Windows\System\XoXhbam.exe
  2⤵
  PID:2512
- C:\Windows\System\lZkRQiy.exe
  C:\Windows\System\lZkRQiy.exe
  2⤵
  PID:3416
- C:\Windows\System\MmFAQCj.exe
  C:\Windows\System\MmFAQCj.exe
  2⤵
  PID:3672
- C:\Windows\System\dnykzzH.exe
  C:\Windows\System\dnykzzH.exe
  2⤵
  PID:2808
- C:\Windows\System\KBDbUJk.exe
  C:\Windows\System\KBDbUJk.exe
  2⤵
  PID:4068
- C:\Windows\System\rBmcEFu.exe
  C:\Windows\System\rBmcEFu.exe
  2⤵
  PID:3656
- C:\Windows\System\kOEcDQX.exe
  C:\Windows\System\kOEcDQX.exe
  2⤵
  PID:2640
- C:\Windows\System\NdPZoFs.exe
  C:\Windows\System\NdPZoFs.exe
  2⤵
  PID:2744
- C:\Windows\System\NuQeTFP.exe
  C:\Windows\System\NuQeTFP.exe
  2⤵
  PID:3364
- C:\Windows\System\ukVEiOG.exe
  C:\Windows\System\ukVEiOG.exe
  2⤵
  PID:2036
- C:\Windows\System\ZhngDTt.exe
  C:\Windows\System\ZhngDTt.exe
  2⤵
  PID:2940
- C:\Windows\System\nXmgsvD.exe
  C:\Windows\System\nXmgsvD.exe
  2⤵
  PID:2708
- C:\Windows\System\lWicgnj.exe
  C:\Windows\System\lWicgnj.exe
  2⤵
  PID:3176
- C:\Windows\System\iTBqDTB.exe
  C:\Windows\System\iTBqDTB.exe
  2⤵
  PID:3064
- C:\Windows\System\igZoezP.exe
  C:\Windows\System\igZoezP.exe
  2⤵
  PID:4108
- C:\Windows\System\rkFqxZr.exe
  C:\Windows\System\rkFqxZr.exe
  2⤵
  PID:4136
- C:\Windows\System\EiRifqZ.exe
  C:\Windows\System\EiRifqZ.exe
  2⤵
  PID:4152
- C:\Windows\System\yvOcved.exe
  C:\Windows\System\yvOcved.exe
  2⤵
  PID:4168
- C:\Windows\System\DJjZKdD.exe
  C:\Windows\System\DJjZKdD.exe
  2⤵
  PID:4184
- C:\Windows\System\avRTAoY.exe
  C:\Windows\System\avRTAoY.exe
  2⤵
  PID:4200
- C:\Windows\System\lbAofOH.exe
  C:\Windows\System\lbAofOH.exe
  2⤵
  PID:4216
- C:\Windows\System\FHDDbro.exe
  C:\Windows\System\FHDDbro.exe
  2⤵
  PID:4232
- C:\Windows\System\zqpxgOq.exe
  C:\Windows\System\zqpxgOq.exe
  2⤵
  PID:4276
- C:\Windows\System\elEPgnH.exe
  C:\Windows\System\elEPgnH.exe
  2⤵
  PID:4308
- C:\Windows\System\LbVftFd.exe
  C:\Windows\System\LbVftFd.exe
  2⤵
  PID:4324
- C:\Windows\System\sFnRFZw.exe
  C:\Windows\System\sFnRFZw.exe
  2⤵
  PID:4360
- C:\Windows\System\ydItCGO.exe
  C:\Windows\System\ydItCGO.exe
  2⤵
  PID:4384
- C:\Windows\System\NPUOGZi.exe
  C:\Windows\System\NPUOGZi.exe
  2⤵
  PID:4404
- C:\Windows\System\CBqyTgi.exe
  C:\Windows\System\CBqyTgi.exe
  2⤵
  PID:4424
- C:\Windows\System\ZhOiPOw.exe
  C:\Windows\System\ZhOiPOw.exe
  2⤵
  PID:4440
- C:\Windows\System\YdIrHKI.exe
  C:\Windows\System\YdIrHKI.exe
  2⤵
  PID:4468
- C:\Windows\System\zKjkIFt.exe
  C:\Windows\System\zKjkIFt.exe
  2⤵
  PID:4484
- C:\Windows\System\jgXfeXe.exe
  C:\Windows\System\jgXfeXe.exe
  2⤵
  PID:4508
- C:\Windows\System\QVUxUtB.exe
  C:\Windows\System\QVUxUtB.exe
  2⤵
  PID:4524
- C:\Windows\System\EDnMbZt.exe
  C:\Windows\System\EDnMbZt.exe
  2⤵
  PID:4540
- C:\Windows\System\eGptmkY.exe
  C:\Windows\System\eGptmkY.exe
  2⤵
  PID:4556
- C:\Windows\System\raVjmeh.exe
  C:\Windows\System\raVjmeh.exe
  2⤵
  PID:4576
- C:\Windows\System\OlrIsqA.exe
  C:\Windows\System\OlrIsqA.exe
  2⤵
  PID:4604
- C:\Windows\System\VmllnAf.exe
  C:\Windows\System\VmllnAf.exe
  2⤵
  PID:4624
- C:\Windows\System\nFrlNza.exe
  C:\Windows\System\nFrlNza.exe
  2⤵
  PID:4644
- C:\Windows\System\AFrOmzB.exe
  C:\Windows\System\AFrOmzB.exe
  2⤵
  PID:4664
- C:\Windows\System\eCWkKYe.exe
  C:\Windows\System\eCWkKYe.exe
  2⤵
  PID:4688
- C:\Windows\System\AwROJCL.exe
  C:\Windows\System\AwROJCL.exe
  2⤵
  PID:4708
- C:\Windows\System\kuIXyaY.exe
  C:\Windows\System\kuIXyaY.exe
  2⤵
  PID:4728
- C:\Windows\System\fjpwvSr.exe
  C:\Windows\System\fjpwvSr.exe
  2⤵
  PID:4744
- C:\Windows\System\Admlkse.exe
  C:\Windows\System\Admlkse.exe
  2⤵
  PID:4760
- C:\Windows\System\ecJZoNb.exe
  C:\Windows\System\ecJZoNb.exe
  2⤵
  PID:4788
- C:\Windows\System\XxIgBLn.exe
  C:\Windows\System\XxIgBLn.exe
  2⤵
  PID:4804
- C:\Windows\System\KhnvFkA.exe
  C:\Windows\System\KhnvFkA.exe
  2⤵
  PID:4828
- C:\Windows\System\HvRUAGE.exe
  C:\Windows\System\HvRUAGE.exe
  2⤵
  PID:4848
- C:\Windows\System\WKTfnmE.exe
  C:\Windows\System\WKTfnmE.exe
  2⤵
  PID:4864
- C:\Windows\System\akriFpI.exe
  C:\Windows\System\akriFpI.exe
  2⤵
  PID:4880
- C:\Windows\System\PvCkBlS.exe
  C:\Windows\System\PvCkBlS.exe
  2⤵
  PID:4896
- C:\Windows\System\FMQTCsv.exe
  C:\Windows\System\FMQTCsv.exe
  2⤵
  PID:4912
- C:\Windows\System\oSinrhQ.exe
  C:\Windows\System\oSinrhQ.exe
  2⤵
  PID:4928
- C:\Windows\System\ByQTKpW.exe
  C:\Windows\System\ByQTKpW.exe
  2⤵
  PID:4944
- C:\Windows\System\oqaKvWS.exe
  C:\Windows\System\oqaKvWS.exe
  2⤵
  PID:4972
- C:\Windows\System\scGKRqv.exe
  C:\Windows\System\scGKRqv.exe
  2⤵
  PID:4992
- C:\Windows\System\zgPZtjl.exe
  C:\Windows\System\zgPZtjl.exe
  2⤵
  PID:5008
- C:\Windows\System\ToovJUJ.exe
  C:\Windows\System\ToovJUJ.exe
  2⤵
  PID:5044
- C:\Windows\System\rFUhHMa.exe
  C:\Windows\System\rFUhHMa.exe
  2⤵
  PID:5060
- C:\Windows\System\uIMxajX.exe
  C:\Windows\System\uIMxajX.exe
  2⤵
  PID:5076
- C:\Windows\System\DlZIVSz.exe
  C:\Windows\System\DlZIVSz.exe
  2⤵
  PID:5092
- C:\Windows\System\ErTIxhT.exe
  C:\Windows\System\ErTIxhT.exe
  2⤵
  PID:5108
- C:\Windows\System\OxvYEFP.exe
  C:\Windows\System\OxvYEFP.exe
  2⤵
  PID:2724
- C:\Windows\System\dHOMMMT.exe
  C:\Windows\System\dHOMMMT.exe
  2⤵
  PID:1720
- C:\Windows\System\EVpVPEq.exe
  C:\Windows\System\EVpVPEq.exe
  2⤵
  PID:3788
- C:\Windows\System\hmzXJOa.exe
  C:\Windows\System\hmzXJOa.exe
  2⤵
  PID:4176
- C:\Windows\System\YNrCbeF.exe
  C:\Windows\System\YNrCbeF.exe
  2⤵
  PID:4212
- C:\Windows\System\prbTLhL.exe
  C:\Windows\System\prbTLhL.exe
  2⤵
  PID:4248
- C:\Windows\System\jkUxxTf.exe
  C:\Windows\System\jkUxxTf.exe
  2⤵
  PID:4264
- C:\Windows\System\ZowSQxX.exe
  C:\Windows\System\ZowSQxX.exe
  2⤵
  PID:4124
- C:\Windows\System\SslzIKU.exe
  C:\Windows\System\SslzIKU.exe
  2⤵
  PID:848
- C:\Windows\System\OKHdBfQ.exe
  C:\Windows\System\OKHdBfQ.exe
  2⤵
  PID:4192
- C:\Windows\System\rXWySyN.exe
  C:\Windows\System\rXWySyN.exe
  2⤵
  PID:2584
- C:\Windows\System\nWWDyqz.exe
  C:\Windows\System\nWWDyqz.exe
  2⤵
  PID:2308
- C:\Windows\System\EyOWvuW.exe
  C:\Windows\System\EyOWvuW.exe
  2⤵
  PID:4304
- C:\Windows\System\eTNTjbv.exe
  C:\Windows\System\eTNTjbv.exe
  2⤵
  PID:4344
- C:\Windows\System\PptPxwl.exe
  C:\Windows\System\PptPxwl.exe
  2⤵
  PID:4376
- C:\Windows\System\ZvuYkTn.exe
  C:\Windows\System\ZvuYkTn.exe
  2⤵
  PID:4396
- C:\Windows\System\SkPwHND.exe
  C:\Windows\System\SkPwHND.exe
  2⤵
  PID:4420
- C:\Windows\System\wpAMjdt.exe
  C:\Windows\System\wpAMjdt.exe
  2⤵
  PID:4448
- C:\Windows\System\alGZXMD.exe
  C:\Windows\System\alGZXMD.exe
  2⤵
  PID:4464
- C:\Windows\System\EamQfxd.exe
  C:\Windows\System\EamQfxd.exe
  2⤵
  PID:2856
- C:\Windows\System\iUEizAb.exe
  C:\Windows\System\iUEizAb.exe
  2⤵
  PID:4504
- C:\Windows\System\nCWMohe.exe
  C:\Windows\System\nCWMohe.exe
  2⤵
  PID:4572
- C:\Windows\System\Mccfvas.exe
  C:\Windows\System\Mccfvas.exe
  2⤵
  PID:4588
- C:\Windows\System\ptLyvdH.exe
  C:\Windows\System\ptLyvdH.exe
  2⤵
  PID:4516
- C:\Windows\System\SZHdZaF.exe
  C:\Windows\System\SZHdZaF.exe
  2⤵
  PID:4620
- C:\Windows\System\oyevrSS.exe
  C:\Windows\System\oyevrSS.exe
  2⤵
  PID:4716
- C:\Windows\System\VxyGZbu.exe
  C:\Windows\System\VxyGZbu.exe
  2⤵
  PID:4772
- C:\Windows\System\hQvNCaC.exe
  C:\Windows\System\hQvNCaC.exe
  2⤵
  PID:1996
- C:\Windows\System\bJaQDfH.exe
  C:\Windows\System\bJaQDfH.exe
  2⤵
  PID:4796
- C:\Windows\System\pxjoVbN.exe
  C:\Windows\System\pxjoVbN.exe
  2⤵
  PID:4824
- C:\Windows\System\SggtHsV.exe
  C:\Windows\System\SggtHsV.exe
  2⤵
  PID:2732
- C:\Windows\System\GfHdZpn.exe
  C:\Windows\System\GfHdZpn.exe
  2⤵
  PID:4892
- C:\Windows\System\LwNNWpC.exe
  C:\Windows\System\LwNNWpC.exe
  2⤵
  PID:4924
- C:\Windows\System\YNktFyo.exe
  C:\Windows\System\YNktFyo.exe
  2⤵
  PID:2576
- C:\Windows\System\qexQAPb.exe
  C:\Windows\System\qexQAPb.exe
  2⤵
  PID:5056
- C:\Windows\System\lxhLnMr.exe
  C:\Windows\System\lxhLnMr.exe
  2⤵
  PID:5052
- C:\Windows\System\gaLJptW.exe
  C:\Windows\System\gaLJptW.exe
  2⤵
  PID:4984
- C:\Windows\System\eayZJTM.exe
  C:\Windows\System\eayZJTM.exe
  2⤵
  PID:1652
- C:\Windows\System\hSFevOR.exe
  C:\Windows\System\hSFevOR.exe
  2⤵
  PID:4904
- C:\Windows\System\wbzkQzM.exe
  C:\Windows\System\wbzkQzM.exe
  2⤵
  PID:4272
- C:\Windows\System\PoRylqz.exe
  C:\Windows\System\PoRylqz.exe
  2⤵
  PID:5068
- C:\Windows\System\UlzkYWL.exe
  C:\Windows\System\UlzkYWL.exe
  2⤵
  PID:5016
- C:\Windows\System\lHMfmrP.exe
  C:\Windows\System\lHMfmrP.exe
  2⤵
  PID:4148
- C:\Windows\System\pUWeevq.exe
  C:\Windows\System\pUWeevq.exe
  2⤵
  PID:4284
- C:\Windows\System\LpzWIQg.exe
  C:\Windows\System\LpzWIQg.exe
  2⤵
  PID:4288
- C:\Windows\System\cCiOgLl.exe
  C:\Windows\System\cCiOgLl.exe
  2⤵
  PID:4352
- C:\Windows\System\VKEmegl.exe
  C:\Windows\System\VKEmegl.exe
  2⤵
  PID:2328
- C:\Windows\System\kmCmEkY.exe
  C:\Windows\System\kmCmEkY.exe
  2⤵
  PID:3676
- C:\Windows\System\CvfiDfC.exe
  C:\Windows\System\CvfiDfC.exe
  2⤵
  PID:4340
- C:\Windows\System\FnopVca.exe
  C:\Windows\System\FnopVca.exe
  2⤵
  PID:4496
- C:\Windows\System\zJDFrJH.exe
  C:\Windows\System\zJDFrJH.exe
  2⤵
  PID:2152
- C:\Windows\System\iPXyPjm.exe
  C:\Windows\System\iPXyPjm.exe
  2⤵
  PID:4552
- C:\Windows\System\mNFwsBa.exe
  C:\Windows\System\mNFwsBa.exe
  2⤵
  PID:4584
- C:\Windows\System\YDlhGCo.exe
  C:\Windows\System\YDlhGCo.exe
  2⤵
  PID:4640
- C:\Windows\System\NqSmXUQ.exe
  C:\Windows\System\NqSmXUQ.exe
  2⤵
  PID:4432
- C:\Windows\System\SttULex.exe
  C:\Windows\System\SttULex.exe
  2⤵
  PID:4564
- C:\Windows\System\iedLXWn.exe
  C:\Windows\System\iedLXWn.exe
  2⤵
  PID:4740
- C:\Windows\System\XGNDSYN.exe
  C:\Windows\System\XGNDSYN.exe
  2⤵
  PID:4680
- C:\Windows\System\octupbz.exe
  C:\Windows\System\octupbz.exe
  2⤵
  PID:4780
- C:\Windows\System\QIAPDIP.exe
  C:\Windows\System\QIAPDIP.exe
  2⤵
  PID:536
- C:\Windows\System\YkNhlbN.exe
  C:\Windows\System\YkNhlbN.exe
  2⤵
  PID:4836
- C:\Windows\System\xsarwaK.exe
  C:\Windows\System\xsarwaK.exe
  2⤵
  PID:5004
- C:\Windows\System\IwMJQio.exe
  C:\Windows\System\IwMJQio.exe
  2⤵
  PID:4820
- C:\Windows\System\GJAlLEZ.exe
  C:\Windows\System\GJAlLEZ.exe
  2⤵
  PID:2892
- C:\Windows\System\kVCsLkH.exe
  C:\Windows\System\kVCsLkH.exe
  2⤵
  PID:4228
- C:\Windows\System\OxyULpQ.exe
  C:\Windows\System\OxyULpQ.exe
  2⤵
  PID:5028
- C:\Windows\System\HWCzXeA.exe
  C:\Windows\System\HWCzXeA.exe
  2⤵
  PID:2624
- C:\Windows\System\CwOwazp.exe
  C:\Windows\System\CwOwazp.exe
  2⤵
  PID:4132
- C:\Windows\System\PeZXdCz.exe
  C:\Windows\System\PeZXdCz.exe
  2⤵
  PID:1328
- C:\Windows\System\DQkSvXa.exe
  C:\Windows\System\DQkSvXa.exe
  2⤵
  PID:2772
- C:\Windows\System\XipnvQT.exe
  C:\Windows\System\XipnvQT.exe
  2⤵
  PID:4300
- C:\Windows\System\zqerSSs.exe
  C:\Windows\System\zqerSSs.exe
  2⤵
  PID:4392
- C:\Windows\System\hVjYLQL.exe
  C:\Windows\System\hVjYLQL.exe
  2⤵
  PID:3012
- C:\Windows\System\DYGEjel.exe
  C:\Windows\System\DYGEjel.exe
  2⤵
  PID:4548
- C:\Windows\System\PsNfXdi.exe
  C:\Windows\System\PsNfXdi.exe
  2⤵
  PID:4920
- C:\Windows\System\JXhkHDD.exe
  C:\Windows\System\JXhkHDD.exe
  2⤵
  PID:4840
- C:\Windows\System\pCwdukZ.exe
  C:\Windows\System\pCwdukZ.exe
  2⤵
  PID:4536
- C:\Windows\System\aNljscf.exe
  C:\Windows\System\aNljscf.exe
  2⤵
  PID:4224
- C:\Windows\System\oLnfTIr.exe
  C:\Windows\System\oLnfTIr.exe
  2⤵
  PID:5104
- C:\Windows\System\HpjiXaV.exe
  C:\Windows\System\HpjiXaV.exe
  2⤵
  PID:4120
- C:\Windows\System\klApQyE.exe
  C:\Windows\System\klApQyE.exe
  2⤵
  PID:4164
- C:\Windows\System\KobWeuQ.exe
  C:\Windows\System\KobWeuQ.exe
  2⤵
  PID:4784
- C:\Windows\System\FDQYuYl.exe
  C:\Windows\System\FDQYuYl.exe
  2⤵
  PID:5024
- C:\Windows\System\HmufdYL.exe
  C:\Windows\System\HmufdYL.exe
  2⤵
  PID:4888
- C:\Windows\System\LiCVmCI.exe
  C:\Windows\System\LiCVmCI.exe
  2⤵
  PID:4144
- C:\Windows\System\obhgqLi.exe
  C:\Windows\System\obhgqLi.exe
  2⤵
  PID:2168
- C:\Windows\System\RipDwwC.exe
  C:\Windows\System\RipDwwC.exe
  2⤵
  PID:4256
- C:\Windows\System\jjLdDWZ.exe
  C:\Windows\System\jjLdDWZ.exe
  2⤵
  PID:444
- C:\Windows\System\wlCmBIY.exe
  C:\Windows\System\wlCmBIY.exe
  2⤵
  PID:4676
- C:\Windows\System\lsonkNJ.exe
  C:\Windows\System\lsonkNJ.exe
  2⤵
  PID:5128
- C:\Windows\System\uvgqRpJ.exe
  C:\Windows\System\uvgqRpJ.exe
  2⤵
  PID:5152
- C:\Windows\System\uzDpmqe.exe
  C:\Windows\System\uzDpmqe.exe
  2⤵
  PID:5172
- C:\Windows\System\xKYJhuM.exe
  C:\Windows\System\xKYJhuM.exe
  2⤵
  PID:5188
- C:\Windows\System\TjoRYMB.exe
  C:\Windows\System\TjoRYMB.exe
  2⤵
  PID:5204
- C:\Windows\System\aPCcPuC.exe
  C:\Windows\System\aPCcPuC.exe
  2⤵
  PID:5224
- C:\Windows\System\ErIZQun.exe
  C:\Windows\System\ErIZQun.exe
  2⤵
  PID:5244
- C:\Windows\System\PQTazYZ.exe
  C:\Windows\System\PQTazYZ.exe
  2⤵
  PID:5260
- C:\Windows\System\KqpCGej.exe
  C:\Windows\System\KqpCGej.exe
  2⤵
  PID:5276
- C:\Windows\System\KanLzNM.exe
  C:\Windows\System\KanLzNM.exe
  2⤵
  PID:5296
- C:\Windows\System\QEvKgTV.exe
  C:\Windows\System\QEvKgTV.exe
  2⤵
  PID:5312
- C:\Windows\System\NUMwLiM.exe
  C:\Windows\System\NUMwLiM.exe
  2⤵
  PID:5328
- C:\Windows\System\paddYxS.exe
  C:\Windows\System\paddYxS.exe
  2⤵
  PID:5352
- C:\Windows\System\RKXlCHn.exe
  C:\Windows\System\RKXlCHn.exe
  2⤵
  PID:5372
- C:\Windows\System\UBiKstg.exe
  C:\Windows\System\UBiKstg.exe
  2⤵
  PID:5408
- C:\Windows\System\WirnASE.exe
  C:\Windows\System\WirnASE.exe
  2⤵
  PID:5424
- C:\Windows\System\zUteKrd.exe
  C:\Windows\System\zUteKrd.exe
  2⤵
  PID:5484
- C:\Windows\System\pdrcnhV.exe
  C:\Windows\System\pdrcnhV.exe
  2⤵
  PID:5500
- C:\Windows\System\TuOYlMw.exe
  C:\Windows\System\TuOYlMw.exe
  2⤵
  PID:5516
- C:\Windows\System\csyGJRq.exe
  C:\Windows\System\csyGJRq.exe
  2⤵
  PID:5536
- C:\Windows\System\bOuOqvG.exe
  C:\Windows\System\bOuOqvG.exe
  2⤵
  PID:5556
- C:\Windows\System\dxlCEEr.exe
  C:\Windows\System\dxlCEEr.exe
  2⤵
  PID:5572
- C:\Windows\System\pBDfEeb.exe
  C:\Windows\System\pBDfEeb.exe
  2⤵
  PID:5588
- C:\Windows\System\pLjBmIl.exe
  C:\Windows\System\pLjBmIl.exe
  2⤵
  PID:5616
- C:\Windows\System\skVLVkH.exe
  C:\Windows\System\skVLVkH.exe
  2⤵
  PID:5632
- C:\Windows\System\gmwqYxY.exe
  C:\Windows\System\gmwqYxY.exe
  2⤵
  PID:5652
- C:\Windows\System\EgqkBsA.exe
  C:\Windows\System\EgqkBsA.exe
  2⤵
  PID:5676
- C:\Windows\System\Scniffj.exe
  C:\Windows\System\Scniffj.exe
  2⤵
  PID:5700
- C:\Windows\System\LHyUThr.exe
  C:\Windows\System\LHyUThr.exe
  2⤵
  PID:5716
- C:\Windows\System\znsyKNo.exe
  C:\Windows\System\znsyKNo.exe
  2⤵
  PID:5736
- C:\Windows\System\ZfXENhO.exe
  C:\Windows\System\ZfXENhO.exe
  2⤵
  PID:5752
- C:\Windows\System\wbcVjGD.exe
  C:\Windows\System\wbcVjGD.exe
  2⤵
  PID:5772
- C:\Windows\System\jUeezUs.exe
  C:\Windows\System\jUeezUs.exe
  2⤵
  PID:5796
- C:\Windows\System\NgnWajX.exe
  C:\Windows\System\NgnWajX.exe
  2⤵
  PID:5812
- C:\Windows\System\tJRwrbG.exe
  C:\Windows\System\tJRwrbG.exe
  2⤵
  PID:5828
- C:\Windows\System\uXsKdBx.exe
  C:\Windows\System\uXsKdBx.exe
  2⤵
  PID:5856
- C:\Windows\System\LQroEVC.exe
  C:\Windows\System\LQroEVC.exe
  2⤵
  PID:5872
- C:\Windows\System\HsWajwR.exe
  C:\Windows\System\HsWajwR.exe
  2⤵
  PID:5900
- C:\Windows\System\MWkJGMm.exe
  C:\Windows\System\MWkJGMm.exe
  2⤵
  PID:5916
- C:\Windows\System\WcuHfPN.exe
  C:\Windows\System\WcuHfPN.exe
  2⤵
  PID:5932
- C:\Windows\System\EElSxlF.exe
  C:\Windows\System\EElSxlF.exe
  2⤵
  PID:5952
- C:\Windows\System\hOykwpP.exe
  C:\Windows\System\hOykwpP.exe
  2⤵
  PID:5980
- C:\Windows\System\oIfWOYo.exe
  C:\Windows\System\oIfWOYo.exe
  2⤵
  PID:5996
- C:\Windows\System\DLhJWMp.exe
  C:\Windows\System\DLhJWMp.exe
  2⤵
  PID:6012
- C:\Windows\System\YflUkxo.exe
  C:\Windows\System\YflUkxo.exe
  2⤵
  PID:6028
- C:\Windows\System\QdYXMwv.exe
  C:\Windows\System\QdYXMwv.exe
  2⤵
  PID:6044
- C:\Windows\System\tfAbwTQ.exe
  C:\Windows\System\tfAbwTQ.exe
  2⤵
  PID:6064
- C:\Windows\System\vYOEnmV.exe
  C:\Windows\System\vYOEnmV.exe
  2⤵
  PID:6088
- C:\Windows\System\tckZYkj.exe
  C:\Windows\System\tckZYkj.exe
  2⤵
  PID:6104
- C:\Windows\System\LPkgpyW.exe
  C:\Windows\System\LPkgpyW.exe
  2⤵
  PID:6132
- C:\Windows\System\YLuaALH.exe
  C:\Windows\System\YLuaALH.exe
  2⤵
  PID:1424
- C:\Windows\System\eUVGsFR.exe
  C:\Windows\System\eUVGsFR.exe
  2⤵
  PID:1992
- C:\Windows\System\VWyYvqp.exe
  C:\Windows\System\VWyYvqp.exe
  2⤵
  PID:4876
- C:\Windows\System\DyPSNOh.exe
  C:\Windows\System\DyPSNOh.exe
  2⤵
  PID:5184
- C:\Windows\System\zyhvIym.exe
  C:\Windows\System\zyhvIym.exe
  2⤵
  PID:5252
- C:\Windows\System\JYGmuqK.exe
  C:\Windows\System\JYGmuqK.exe
  2⤵
  PID:5292
- C:\Windows\System\RLqRzmn.exe
  C:\Windows\System\RLqRzmn.exe
  2⤵
  PID:5364
- C:\Windows\System\XkrftUd.exe
  C:\Windows\System\XkrftUd.exe
  2⤵
  PID:4260
- C:\Windows\System\IrPYiOx.exe
  C:\Windows\System\IrPYiOx.exe
  2⤵
  PID:5196
- C:\Windows\System\aJnFgaM.exe
  C:\Windows\System\aJnFgaM.exe
  2⤵
  PID:4412
- C:\Windows\System\lrUoiqY.exe
  C:\Windows\System\lrUoiqY.exe
  2⤵
  PID:5200
- C:\Windows\System\vNcoldE.exe
  C:\Windows\System\vNcoldE.exe
  2⤵
  PID:2888
- C:\Windows\System\dhHPMhc.exe
  C:\Windows\System\dhHPMhc.exe
  2⤵
  PID:5304
- C:\Windows\System\NESrSjJ.exe
  C:\Windows\System\NESrSjJ.exe
  2⤵
  PID:5448
- C:\Windows\System\oONkUCr.exe
  C:\Windows\System\oONkUCr.exe
  2⤵
  PID:4632
- C:\Windows\System\HASBbAm.exe
  C:\Windows\System\HASBbAm.exe
  2⤵
  PID:5340
- C:\Windows\System\EOirEUu.exe
  C:\Windows\System\EOirEUu.exe
  2⤵
  PID:5384
- C:\Windows\System\wLwjjjW.exe
  C:\Windows\System\wLwjjjW.exe
  2⤵
  PID:5476
- C:\Windows\System\NTazsSO.exe
  C:\Windows\System\NTazsSO.exe
  2⤵
  PID:5524
- C:\Windows\System\TvHZpSP.exe
  C:\Windows\System\TvHZpSP.exe
  2⤵
  PID:5568
- C:\Windows\System\NtYlUkg.exe
  C:\Windows\System\NtYlUkg.exe
  2⤵
  PID:5608
- C:\Windows\System\VapTJwa.exe
  C:\Windows\System\VapTJwa.exe
  2⤵
  PID:5644
- C:\Windows\System\NTdwVlS.exe
  C:\Windows\System\NTdwVlS.exe
  2⤵
  PID:5584
- C:\Windows\System\iimSrdS.exe
  C:\Windows\System\iimSrdS.exe
  2⤵
  PID:5660
- C:\Windows\System\pEPEUVg.exe
  C:\Windows\System\pEPEUVg.exe
  2⤵
  PID:5696
- C:\Windows\System\MNQBUhF.exe
  C:\Windows\System\MNQBUhF.exe
  2⤵
  PID:5760
- C:\Windows\System\nlItHvb.exe
  C:\Windows\System\nlItHvb.exe
  2⤵
  PID:5668
- C:\Windows\System\LccGwWZ.exe
  C:\Windows\System\LccGwWZ.exe
  2⤵
  PID:5748
- C:\Windows\System\UBCoSyz.exe
  C:\Windows\System\UBCoSyz.exe
  2⤵
  PID:5820
- C:\Windows\System\cXublne.exe
  C:\Windows\System\cXublne.exe
  2⤵
  PID:5808
- C:\Windows\System\IrGBfqH.exe
  C:\Windows\System\IrGBfqH.exe
  2⤵
  PID:5852
- C:\Windows\System\plvFmMq.exe
  C:\Windows\System\plvFmMq.exe
  2⤵
  PID:5892
- C:\Windows\System\jCUXjvm.exe
  C:\Windows\System\jCUXjvm.exe
  2⤵
  PID:5928
- C:\Windows\System\rcsEFNn.exe
  C:\Windows\System\rcsEFNn.exe
  2⤵
  PID:6080
- C:\Windows\System\mQXbOHl.exe
  C:\Windows\System\mQXbOHl.exe
  2⤵
  PID:5908
- C:\Windows\System\OYMPpsx.exe
  C:\Windows\System\OYMPpsx.exe
  2⤵
  PID:6120
- C:\Windows\System\BftwNQN.exe
  C:\Windows\System\BftwNQN.exe
  2⤵
  PID:6024
- C:\Windows\System\AezUPdS.exe
  C:\Windows\System\AezUPdS.exe
  2⤵
  PID:1160
- C:\Windows\System\IFwHAMk.exe
  C:\Windows\System\IFwHAMk.exe
  2⤵
  PID:2792
- C:\Windows\System\fSkfyNT.exe
  C:\Windows\System\fSkfyNT.exe
  2⤵
  PID:1660
- C:\Windows\System\fhaUhDi.exe
  C:\Windows\System\fhaUhDi.exe
  2⤵
  PID:2820
- C:\Windows\System\LGnOppw.exe
  C:\Windows\System\LGnOppw.exe
  2⤵
  PID:5288
- C:\Windows\System\dDHplMk.exe
  C:\Windows\System\dDHplMk.exe
  2⤵
  PID:5324
- C:\Windows\System\ypwQctk.exe
  C:\Windows\System\ypwQctk.exe
  2⤵
  PID:4244
- C:\Windows\System\MIZodgd.exe
  C:\Windows\System\MIZodgd.exe
  2⤵
  PID:5240
- C:\Windows\System\hkHyhbF.exe
  C:\Windows\System\hkHyhbF.exe
  2⤵
  PID:5116
- C:\Windows\System\kjluujT.exe
  C:\Windows\System\kjluujT.exe
  2⤵
  PID:4296
- C:\Windows\System\mWZNEcZ.exe
  C:\Windows\System\mWZNEcZ.exe
  2⤵
  PID:4656
- C:\Windows\System\MGtGPtg.exe
  C:\Windows\System\MGtGPtg.exe
  2⤵
  PID:5348
- C:\Windows\System\STtBwdc.exe
  C:\Windows\System\STtBwdc.exe
  2⤵
  PID:5492
- C:\Windows\System\gOhZYaJ.exe
  C:\Windows\System\gOhZYaJ.exe
  2⤵
  PID:1300
- C:\Windows\System\KEmqxxi.exe
  C:\Windows\System\KEmqxxi.exe
  2⤵
  PID:5712
- C:\Windows\System\sKRRegl.exe
  C:\Windows\System\sKRRegl.exe
  2⤵
  PID:5708
- C:\Windows\System\OaWdrrd.exe
  C:\Windows\System\OaWdrrd.exe
  2⤵
  PID:5964
- C:\Windows\System\skGpufT.exe
  C:\Windows\System\skGpufT.exe
  2⤵
  PID:5940
- C:\Windows\System\SBbpDpd.exe
  C:\Windows\System\SBbpDpd.exe
  2⤵
  PID:5868
- C:\Windows\System\DcmiqqH.exe
  C:\Windows\System\DcmiqqH.exe
  2⤵
  PID:6036
- C:\Windows\System\hOvZHJe.exe
  C:\Windows\System\hOvZHJe.exe
  2⤵
  PID:5688
- C:\Windows\System\zljqaHg.exe
  C:\Windows\System\zljqaHg.exe
  2⤵
  PID:5844
- C:\Windows\System\LJqNAjI.exe
  C:\Windows\System\LJqNAjI.exe
  2⤵
  PID:5912
- C:\Windows\System\ZWufIdl.exe
  C:\Windows\System\ZWufIdl.exe
  2⤵
  PID:6112
- C:\Windows\System\duoXBto.exe
  C:\Windows\System\duoXBto.exe
  2⤵
  PID:6140
- C:\Windows\System\MgjHJpp.exe
  C:\Windows\System\MgjHJpp.exe
  2⤵
  PID:4600
- C:\Windows\System\CAjglDP.exe
  C:\Windows\System\CAjglDP.exe
  2⤵
  PID:5440
- C:\Windows\System\YlmqApM.exe
  C:\Windows\System\YlmqApM.exe
  2⤵
  PID:5468
- C:\Windows\System\haokKPk.exe
  C:\Windows\System\haokKPk.exe
  2⤵
  PID:5136
- C:\Windows\System\PCOEbRh.exe
  C:\Windows\System\PCOEbRh.exe
  2⤵
  PID:4704
- C:\Windows\System\yaFmRzr.exe
  C:\Windows\System\yaFmRzr.exe
  2⤵
  PID:5268
- C:\Windows\System\OpXvZmc.exe
  C:\Windows\System\OpXvZmc.exe
  2⤵
  PID:5496
- C:\Windows\System\JTYvVci.exe
  C:\Windows\System\JTYvVci.exe
  2⤵
  PID:5624
- C:\Windows\System\ajmOMRL.exe
  C:\Windows\System\ajmOMRL.exe
  2⤵
  PID:5884
- C:\Windows\System\sDRmiRT.exe
  C:\Windows\System\sDRmiRT.exe
  2⤵
  PID:5552
- C:\Windows\System\RIzufqX.exe
  C:\Windows\System\RIzufqX.exe
  2⤵
  PID:6060
- C:\Windows\System\NECwZkR.exe
  C:\Windows\System\NECwZkR.exe
  2⤵
  PID:5180
- C:\Windows\System\FGHImqk.exe
  C:\Windows\System\FGHImqk.exe
  2⤵
  PID:6008
- C:\Windows\System\LRRzJwP.exe
  C:\Windows\System\LRRzJwP.exe
  2⤵
  PID:6124
- C:\Windows\System\hoGNmwy.exe
  C:\Windows\System\hoGNmwy.exe
  2⤵
  PID:5392
- C:\Windows\System\qCtwReY.exe
  C:\Windows\System\qCtwReY.exe
  2⤵
  PID:5948
- C:\Windows\System\LhHLPzq.exe
  C:\Windows\System\LhHLPzq.exe
  2⤵
  PID:1700
- C:\Windows\System\KTlNxjS.exe
  C:\Windows\System\KTlNxjS.exe
  2⤵
  PID:1976
- C:\Windows\System\IhKKltS.exe
  C:\Windows\System\IhKKltS.exe
  2⤵
  PID:5236
- C:\Windows\System\glevMng.exe
  C:\Windows\System\glevMng.exe
  2⤵
  PID:5456
- C:\Windows\System\dvrzVVe.exe
  C:\Windows\System\dvrzVVe.exe
  2⤵
  PID:5840
- C:\Windows\System\hcuPSco.exe
  C:\Windows\System\hcuPSco.exe
  2⤵
  PID:4988
- C:\Windows\System\tWVQZPA.exe
  C:\Windows\System\tWVQZPA.exe
  2⤵
  PID:6096
- C:\Windows\System\vDnPtlF.exe
  C:\Windows\System\vDnPtlF.exe
  2⤵
  PID:5548
- C:\Windows\System\tRjpEWy.exe
  C:\Windows\System\tRjpEWy.exe
  2⤵
  PID:4480
- C:\Windows\System\pcYpgpL.exe
  C:\Windows\System\pcYpgpL.exe
  2⤵
  PID:5040
- C:\Windows\System\KQpSjZj.exe
  C:\Windows\System\KQpSjZj.exe
  2⤵
  PID:5648
- C:\Windows\System\kQVQocr.exe
  C:\Windows\System\kQVQocr.exe
  2⤵
  PID:5864
- C:\Windows\System\IfcdMqG.exe
  C:\Windows\System\IfcdMqG.exe
  2⤵
  PID:6152
- C:\Windows\System\uqrgWEA.exe
  C:\Windows\System\uqrgWEA.exe
  2⤵
  PID:6172
- C:\Windows\System\ODiaEhj.exe
  C:\Windows\System\ODiaEhj.exe
  2⤵
  PID:6200
- C:\Windows\System\FWkCzgn.exe
  C:\Windows\System\FWkCzgn.exe
  2⤵
  PID:6216
- C:\Windows\System\CEBnqEJ.exe
  C:\Windows\System\CEBnqEJ.exe
  2⤵
  PID:6236
- C:\Windows\System\DwGRyjx.exe
  C:\Windows\System\DwGRyjx.exe
  2⤵
  PID:6252
- C:\Windows\System\AdoUpNY.exe
  C:\Windows\System\AdoUpNY.exe
  2⤵
  PID:6268
- C:\Windows\System\qMsfzDh.exe
  C:\Windows\System\qMsfzDh.exe
  2⤵
  PID:6300
- C:\Windows\System\LxviGEi.exe
  C:\Windows\System\LxviGEi.exe
  2⤵
  PID:6316
- C:\Windows\System\sIyuduj.exe
  C:\Windows\System\sIyuduj.exe
  2⤵
  PID:6332
- C:\Windows\System\sgeEIWY.exe
  C:\Windows\System\sgeEIWY.exe
  2⤵
  PID:6348
- C:\Windows\System\KfTqgyy.exe
  C:\Windows\System\KfTqgyy.exe
  2⤵
  PID:6384
- C:\Windows\System\lXuxjOK.exe
  C:\Windows\System\lXuxjOK.exe
  2⤵
  PID:6408
- C:\Windows\System\WhprZqg.exe
  C:\Windows\System\WhprZqg.exe
  2⤵
  PID:6424
- C:\Windows\System\XyxZRwA.exe
  C:\Windows\System\XyxZRwA.exe
  2⤵
  PID:6440
- C:\Windows\System\piQLutx.exe
  C:\Windows\System\piQLutx.exe
  2⤵
  PID:6460
- C:\Windows\System\CpwvcYc.exe
  C:\Windows\System\CpwvcYc.exe
  2⤵
  PID:6480
- C:\Windows\System\qXKEeMN.exe
  C:\Windows\System\qXKEeMN.exe
  2⤵
  PID:6508
- C:\Windows\System\jzzgGfu.exe
  C:\Windows\System\jzzgGfu.exe
  2⤵
  PID:6528
- C:\Windows\System\oPXyokZ.exe
  C:\Windows\System\oPXyokZ.exe
  2⤵
  PID:6544
- C:\Windows\System\OyWfVdJ.exe
  C:\Windows\System\OyWfVdJ.exe
  2⤵
  PID:6560
- C:\Windows\System\ZjMIPxt.exe
  C:\Windows\System\ZjMIPxt.exe
  2⤵
  PID:6576
- C:\Windows\System\YIPGeNG.exe
  C:\Windows\System\YIPGeNG.exe
  2⤵
  PID:6592
- C:\Windows\System\PXBeXIE.exe
  C:\Windows\System\PXBeXIE.exe
  2⤵
  PID:6608
- C:\Windows\System\EOaWiPy.exe
  C:\Windows\System\EOaWiPy.exe
  2⤵
  PID:6624
- C:\Windows\System\DpzzRdP.exe
  C:\Windows\System\DpzzRdP.exe
  2⤵
  PID:6640
- C:\Windows\System\oIpMsBe.exe
  C:\Windows\System\oIpMsBe.exe
  2⤵
  PID:6656
- C:\Windows\System\lKOMdAz.exe
  C:\Windows\System\lKOMdAz.exe
  2⤵
  PID:6672
- C:\Windows\System\gcwCPzE.exe
  C:\Windows\System\gcwCPzE.exe
  2⤵
  PID:6692
- C:\Windows\System\TCbBqVk.exe
  C:\Windows\System\TCbBqVk.exe
  2⤵
  PID:6708
- C:\Windows\System\TdvYJMW.exe
  C:\Windows\System\TdvYJMW.exe
  2⤵
  PID:6744
- C:\Windows\System\zQsbLFg.exe
  C:\Windows\System\zQsbLFg.exe
  2⤵
  PID:6768
- C:\Windows\System\iOAPezm.exe
  C:\Windows\System\iOAPezm.exe
  2⤵
  PID:6784
- C:\Windows\System\OhaEblM.exe
  C:\Windows\System\OhaEblM.exe
  2⤵
  PID:6800
- C:\Windows\System\VwouBcE.exe
  C:\Windows\System\VwouBcE.exe
  2⤵
  PID:6816
- C:\Windows\System\VPKTPJO.exe
  C:\Windows\System\VPKTPJO.exe
  2⤵
  PID:6832
- C:\Windows\System\ZYFTQwS.exe
  C:\Windows\System\ZYFTQwS.exe
  2⤵
  PID:6848
- C:\Windows\System\oNLYZUH.exe
  C:\Windows\System\oNLYZUH.exe
  2⤵
  PID:6864
- C:\Windows\System\NLXQjmo.exe
  C:\Windows\System\NLXQjmo.exe
  2⤵
  PID:6880
- C:\Windows\System\ZwUIOFA.exe
  C:\Windows\System\ZwUIOFA.exe
  2⤵
  PID:6896
- C:\Windows\System\QUfXzMA.exe
  C:\Windows\System\QUfXzMA.exe
  2⤵
  PID:6912
- C:\Windows\System\PqKHRGd.exe
  C:\Windows\System\PqKHRGd.exe
  2⤵
  PID:6928
- C:\Windows\System\JvsvsXd.exe
  C:\Windows\System\JvsvsXd.exe
  2⤵
  PID:6956
- C:\Windows\System\lTWXlex.exe
  C:\Windows\System\lTWXlex.exe
  2⤵
  PID:6972
- C:\Windows\System\wXYUEWK.exe
  C:\Windows\System\wXYUEWK.exe
  2⤵
  PID:6988
- C:\Windows\System\wVMYPKb.exe
  C:\Windows\System\wVMYPKb.exe
  2⤵
  PID:7004
- C:\Windows\System\oGNqOtR.exe
  C:\Windows\System\oGNqOtR.exe
  2⤵
  PID:7020
- C:\Windows\System\aMSgmpG.exe
  C:\Windows\System\aMSgmpG.exe
  2⤵
  PID:7036
- C:\Windows\System\HLGnwKb.exe
  C:\Windows\System\HLGnwKb.exe
  2⤵
  PID:7052
- C:\Windows\System\UOsEraR.exe
  C:\Windows\System\UOsEraR.exe
  2⤵
  PID:7068
- C:\Windows\System\BHnaZUm.exe
  C:\Windows\System\BHnaZUm.exe
  2⤵
  PID:7084
- C:\Windows\System\JOYEsSp.exe
  C:\Windows\System\JOYEsSp.exe
  2⤵
  PID:7100
- C:\Windows\System\QVLvxZd.exe
  C:\Windows\System\QVLvxZd.exe
  2⤵
  PID:7116
- C:\Windows\System\ZRnIFHH.exe
  C:\Windows\System\ZRnIFHH.exe
  2⤵
  PID:7132
- C:\Windows\System\gFdbqNL.exe
  C:\Windows\System\gFdbqNL.exe
  2⤵
  PID:7148
- C:\Windows\System\FMeVoRR.exe
  C:\Windows\System\FMeVoRR.exe
  2⤵
  PID:7164
- C:\Windows\System\JtlwTUc.exe
  C:\Windows\System\JtlwTUc.exe
  2⤵
  PID:6168
- C:\Windows\System\gNrvvJO.exe
  C:\Windows\System\gNrvvJO.exe
  2⤵
  PID:6212
- C:\Windows\System\FRiDrie.exe
  C:\Windows\System\FRiDrie.exe
  2⤵
  PID:5728
- C:\Windows\System\MftPlqi.exe
  C:\Windows\System\MftPlqi.exe
  2⤵
  PID:5512
- C:\Windows\System\iYbqiKi.exe
  C:\Windows\System\iYbqiKi.exe
  2⤵
  PID:6188
- C:\Windows\System\bcDrOBK.exe
  C:\Windows\System\bcDrOBK.exe
  2⤵
  PID:6228
- C:\Windows\System\lttragn.exe
  C:\Windows\System\lttragn.exe
  2⤵
  PID:6224
- C:\Windows\System\CDIFrkN.exe
  C:\Windows\System\CDIFrkN.exe
  2⤵
  PID:6280
- C:\Windows\System\BvLsmhH.exe
  C:\Windows\System\BvLsmhH.exe
  2⤵
  PID:6364
- C:\Windows\System\ekwIqte.exe
  C:\Windows\System\ekwIqte.exe
  2⤵
  PID:6400
- C:\Windows\System\vQmPYoa.exe
  C:\Windows\System\vQmPYoa.exe
  2⤵
  PID:6452
- C:\Windows\System\BcepZiZ.exe
  C:\Windows\System\BcepZiZ.exe
  2⤵
  PID:6496
- C:\Windows\System\VRNSpNK.exe
  C:\Windows\System\VRNSpNK.exe
  2⤵
  PID:6468
- C:\Windows\System\lqitWbm.exe
  C:\Windows\System\lqitWbm.exe
  2⤵
  PID:6520
- C:\Windows\System\BGmCxNj.exe
  C:\Windows\System\BGmCxNj.exe
  2⤵
  PID:6572
- C:\Windows\System\rhaoxov.exe
  C:\Windows\System\rhaoxov.exe
  2⤵
  PID:6636
- C:\Windows\System\wkAOvRe.exe
  C:\Windows\System\wkAOvRe.exe
  2⤵
  PID:6588
- C:\Windows\System\TgBahzq.exe
  C:\Windows\System\TgBahzq.exe
  2⤵
  PID:6648
- C:\Windows\System\arognGG.exe
  C:\Windows\System\arognGG.exe
  2⤵
  PID:6684
- C:\Windows\System\aHnMTJY.exe
  C:\Windows\System\aHnMTJY.exe
  2⤵
  PID:6716
- C:\Windows\System\HKpsFSA.exe
  C:\Windows\System\HKpsFSA.exe
  2⤵
  PID:6720
- C:\Windows\System\UGiIBgU.exe
  C:\Windows\System\UGiIBgU.exe
  2⤵
  PID:6728
- C:\Windows\System\UYicwxT.exe
  C:\Windows\System\UYicwxT.exe
  2⤵
  PID:6828
- C:\Windows\System\ZCsuCbu.exe
  C:\Windows\System\ZCsuCbu.exe
  2⤵
  PID:6736
- C:\Windows\System\fpWUpVx.exe
  C:\Windows\System\fpWUpVx.exe
  2⤵
  PID:6904
- C:\Windows\System\LGzemtF.exe
  C:\Windows\System\LGzemtF.exe
  2⤵
  PID:6948
- C:\Windows\System\IxRPvXB.exe
  C:\Windows\System\IxRPvXB.exe
  2⤵
  PID:6940
- C:\Windows\System\DBWycqc.exe
  C:\Windows\System\DBWycqc.exe
  2⤵
  PID:6196
- C:\Windows\System\pSmanBc.exe
  C:\Windows\System\pSmanBc.exe
  2⤵
  PID:6980
- C:\Windows\System\rWCfXDz.exe
  C:\Windows\System\rWCfXDz.exe
  2⤵
  PID:7080
- C:\Windows\System\ZGXEcwF.exe
  C:\Windows\System\ZGXEcwF.exe
  2⤵
  PID:6288
- C:\Windows\System\sseMUpA.exe
  C:\Windows\System\sseMUpA.exe
  2⤵
  PID:6160
- C:\Windows\System\UmkKAwV.exe
  C:\Windows\System\UmkKAwV.exe
  2⤵
  PID:7112
- C:\Windows\System\oTfOKQE.exe
  C:\Windows\System\oTfOKQE.exe
  2⤵
  PID:6312
- C:\Windows\System\DxejHGt.exe
  C:\Windows\System\DxejHGt.exe
  2⤵
  PID:6360
- C:\Windows\System\cZDJAmT.exe
  C:\Windows\System\cZDJAmT.exe
  2⤵
  PID:6392
- C:\Windows\System\WNZleee.exe
  C:\Windows\System\WNZleee.exe
  2⤵
  PID:6476
- C:\Windows\System\OKYFTqG.exe
  C:\Windows\System\OKYFTqG.exe
  2⤵
  PID:6492
- C:\Windows\System\sKrLzkh.exe
  C:\Windows\System\sKrLzkh.exe
  2⤵
  PID:6516
- C:\Windows\System\DYySVbW.exe
  C:\Windows\System\DYySVbW.exe
  2⤵
  PID:6620
- C:\Windows\System\kZZoqad.exe
  C:\Windows\System\kZZoqad.exe
  2⤵
  PID:6764
- C:\Windows\System\GiwFVxh.exe
  C:\Windows\System\GiwFVxh.exe
  2⤵
  PID:6584
- C:\Windows\System\oEOdrzG.exe
  C:\Windows\System\oEOdrzG.exe
  2⤵
  PID:6796
- C:\Windows\System\haRWedh.exe
  C:\Windows\System\haRWedh.exe
  2⤵
  PID:860
- C:\Windows\System\GxphbCs.exe
  C:\Windows\System\GxphbCs.exe
  2⤵
  PID:6872
- C:\Windows\System\tcScGqN.exe
  C:\Windows\System\tcScGqN.exe
  2⤵
  PID:6876
- C:\Windows\System\PaaHwGV.exe
  C:\Windows\System\PaaHwGV.exe
  2⤵
  PID:6924
- C:\Windows\System\uLPyNNo.exe
  C:\Windows\System\uLPyNNo.exe
  2⤵
  PID:7016
- C:\Windows\System\IxEOBzk.exe
  C:\Windows\System\IxEOBzk.exe
  2⤵
  PID:6996
- C:\Windows\System\VGcfcQE.exe
  C:\Windows\System\VGcfcQE.exe
  2⤵
  PID:7060
- C:\Windows\System\qUCXUNT.exe
  C:\Windows\System\qUCXUNT.exe
  2⤵
  PID:7124
- C:\Windows\System\LnhKGQm.exe
  C:\Windows\System\LnhKGQm.exe
  2⤵
  PID:6208
- C:\Windows\System\XMhYkSe.exe
  C:\Windows\System\XMhYkSe.exe
  2⤵
  PID:6192
- C:\Windows\System\kxTeeMK.exe
  C:\Windows\System\kxTeeMK.exe
  2⤵
  PID:6260
- C:\Windows\System\vhBMZnM.exe
  C:\Windows\System\vhBMZnM.exe
  2⤵
  PID:5508
- C:\Windows\System\oRZKpRL.exe
  C:\Windows\System\oRZKpRL.exe
  2⤵
  PID:7144
- C:\Windows\System\xvaqDHP.exe
  C:\Windows\System\xvaqDHP.exe
  2⤵
  PID:6380
- C:\Windows\System\SHSmZXE.exe
  C:\Windows\System\SHSmZXE.exe
  2⤵
  PID:6500
- C:\Windows\System\UwTztZE.exe
  C:\Windows\System\UwTztZE.exe
  2⤵
  PID:6756
- C:\Windows\System\vFMkdiA.exe
  C:\Windows\System\vFMkdiA.exe
  2⤵
  PID:6568
- C:\Windows\System\JNiJGnw.exe
  C:\Windows\System\JNiJGnw.exe
  2⤵
  PID:6552
- C:\Windows\System\Dquydbm.exe
  C:\Windows\System\Dquydbm.exe
  2⤵
  PID:6984
- C:\Windows\System\SauiebY.exe
  C:\Windows\System\SauiebY.exe
  2⤵
  PID:7032
- C:\Windows\System\QEFUrmz.exe
  C:\Windows\System\QEFUrmz.exe
  2⤵
  PID:7156
- C:\Windows\System\otrcyIk.exe
  C:\Windows\System\otrcyIk.exe
  2⤵
  PID:6964
- C:\Windows\System\kLStqZb.exe
  C:\Windows\System\kLStqZb.exe
  2⤵
  PID:6324
- C:\Windows\System\LcXmWCW.exe
  C:\Windows\System\LcXmWCW.exe
  2⤵
  PID:6436
- C:\Windows\System\QRPLLga.exe
  C:\Windows\System\QRPLLga.exe
  2⤵
  PID:6420
- C:\Windows\System\kvZCDRl.exe
  C:\Windows\System\kvZCDRl.exe
  2⤵
  PID:5444
- C:\Windows\System\YjaJtaH.exe
  C:\Windows\System\YjaJtaH.exe
  2⤵
  PID:4460
- C:\Windows\System\BrQBLhG.exe
  C:\Windows\System\BrQBLhG.exe
  2⤵
  PID:6812
- C:\Windows\System\kbaLFcv.exe
  C:\Windows\System\kbaLFcv.exe
  2⤵
  PID:6892
- C:\Windows\System\lBjTZma.exe
  C:\Windows\System\lBjTZma.exe
  2⤵
  PID:7180
- C:\Windows\System\nfPSagd.exe
  C:\Windows\System\nfPSagd.exe
  2⤵
  PID:7196
- C:\Windows\System\wIWEcTm.exe
  C:\Windows\System\wIWEcTm.exe
  2⤵
  PID:7212
- C:\Windows\System\sNdctpG.exe
  C:\Windows\System\sNdctpG.exe
  2⤵
  PID:7228
- C:\Windows\System\FSkOkoJ.exe
  C:\Windows\System\FSkOkoJ.exe
  2⤵
  PID:7244
- C:\Windows\System\pyJBQDR.exe
  C:\Windows\System\pyJBQDR.exe
  2⤵
  PID:7260
- C:\Windows\System\QzDeFMS.exe
  C:\Windows\System\QzDeFMS.exe
  2⤵
  PID:7280
- C:\Windows\System\UrqeiEI.exe
  C:\Windows\System\UrqeiEI.exe
  2⤵
  PID:7296
- C:\Windows\System\YflFiTH.exe
  C:\Windows\System\YflFiTH.exe
  2⤵
  PID:7312
- C:\Windows\System\ABWAbuE.exe
  C:\Windows\System\ABWAbuE.exe
  2⤵
  PID:7328
- C:\Windows\System\bxaoMmx.exe
  C:\Windows\System\bxaoMmx.exe
  2⤵
  PID:7344
- C:\Windows\System\WifWLIg.exe
  C:\Windows\System\WifWLIg.exe
  2⤵
  PID:7360
- C:\Windows\System\ylLtVGq.exe
  C:\Windows\System\ylLtVGq.exe
  2⤵
  PID:7436
- C:\Windows\System\gurjXGN.exe
  C:\Windows\System\gurjXGN.exe
  2⤵
  PID:7452
- C:\Windows\System\OXRkrcp.exe
  C:\Windows\System\OXRkrcp.exe
  2⤵
  PID:7472
- C:\Windows\System\hDaehoT.exe
  C:\Windows\System\hDaehoT.exe
  2⤵
  PID:7488
- C:\Windows\System\etzZKOx.exe
  C:\Windows\System\etzZKOx.exe
  2⤵
  PID:7504
- C:\Windows\System\iVlJFNq.exe
  C:\Windows\System\iVlJFNq.exe
  2⤵
  PID:7536
- C:\Windows\System\kRXyGgG.exe
  C:\Windows\System\kRXyGgG.exe
  2⤵
  PID:7588
- C:\Windows\System\NpGeKZo.exe
  C:\Windows\System\NpGeKZo.exe
  2⤵
  PID:7604
- C:\Windows\System\tXDzEoU.exe
  C:\Windows\System\tXDzEoU.exe
  2⤵
  PID:7624
- C:\Windows\System\hINdIis.exe
  C:\Windows\System\hINdIis.exe
  2⤵
  PID:7644
- C:\Windows\System\HJhvyiv.exe
  C:\Windows\System\HJhvyiv.exe
  2⤵
  PID:7660
- C:\Windows\System\XGKAJKM.exe
  C:\Windows\System\XGKAJKM.exe
  2⤵
  PID:7676
- C:\Windows\System\WXKCYmG.exe
  C:\Windows\System\WXKCYmG.exe
  2⤵
  PID:7720
- C:\Windows\System\vlNLNxe.exe
  C:\Windows\System\vlNLNxe.exe
  2⤵
  PID:7744
- C:\Windows\System\dpTdewK.exe
  C:\Windows\System\dpTdewK.exe
  2⤵
  PID:7768
- C:\Windows\System\aOHLcMF.exe
  C:\Windows\System\aOHLcMF.exe
  2⤵
  PID:7784
- C:\Windows\System\kiEltks.exe
  C:\Windows\System\kiEltks.exe
  2⤵
  PID:7800
- C:\Windows\System\lgtlUXe.exe
  C:\Windows\System\lgtlUXe.exe
  2⤵
  PID:7816
- C:\Windows\System\fgYobDV.exe
  C:\Windows\System\fgYobDV.exe
  2⤵
  PID:7832
- C:\Windows\System\QQPrDAR.exe
  C:\Windows\System\QQPrDAR.exe
  2⤵
  PID:7848
- C:\Windows\System\FfzlAXk.exe
  C:\Windows\System\FfzlAXk.exe
  2⤵
  PID:7864
- C:\Windows\System\YsQziPa.exe
  C:\Windows\System\YsQziPa.exe
  2⤵
  PID:7880
- C:\Windows\System\KTUYuLe.exe
  C:\Windows\System\KTUYuLe.exe
  2⤵
  PID:7896
- C:\Windows\System\kADFjKn.exe
  C:\Windows\System\kADFjKn.exe
  2⤵
  PID:7912
- C:\Windows\System\RvfsAqz.exe
  C:\Windows\System\RvfsAqz.exe
  2⤵
  PID:7928
- C:\Windows\System\uJqfZRR.exe
  C:\Windows\System\uJqfZRR.exe
  2⤵
  PID:7944
- C:\Windows\System\XtAcGIZ.exe
  C:\Windows\System\XtAcGIZ.exe
  2⤵
  PID:7960
- C:\Windows\System\AXYRAks.exe
  C:\Windows\System\AXYRAks.exe
  2⤵
  PID:7980
- C:\Windows\System\TxQVIsH.exe
  C:\Windows\System\TxQVIsH.exe
  2⤵
  PID:7996
- C:\Windows\System\wUITKdK.exe
  C:\Windows\System\wUITKdK.exe
  2⤵
  PID:8012
- C:\Windows\System\rTcflPQ.exe
  C:\Windows\System\rTcflPQ.exe
  2⤵
  PID:8028
- C:\Windows\System\IZDCFvV.exe
  C:\Windows\System\IZDCFvV.exe
  2⤵
  PID:8068
- C:\Windows\System\XejWyRe.exe
  C:\Windows\System\XejWyRe.exe
  2⤵
  PID:8088
- C:\Windows\System\OdKXOHu.exe
  C:\Windows\System\OdKXOHu.exe
  2⤵
  PID:8104
- C:\Windows\System\IoDfCnK.exe
  C:\Windows\System\IoDfCnK.exe
  2⤵
  PID:8120
- C:\Windows\System\jCSxIQE.exe
  C:\Windows\System\jCSxIQE.exe
  2⤵
  PID:8140
- C:\Windows\System\WOiMHNS.exe
  C:\Windows\System\WOiMHNS.exe
  2⤵
  PID:8156
- C:\Windows\System\MwJGqOD.exe
  C:\Windows\System\MwJGqOD.exe
  2⤵
  PID:8176
- C:\Windows\System\uAzYfGx.exe
  C:\Windows\System\uAzYfGx.exe
  2⤵
  PID:6556
- C:\Windows\System\VfPUrTi.exe
  C:\Windows\System\VfPUrTi.exe
  2⤵
  PID:7092
- C:\Windows\System\YueFbjT.exe
  C:\Windows\System\YueFbjT.exe
  2⤵
  PID:7140
- C:\Windows\System\stlRrgI.exe
  C:\Windows\System\stlRrgI.exe
  2⤵
  PID:7204
- C:\Windows\System\gkZehsM.exe
  C:\Windows\System\gkZehsM.exe
  2⤵
  PID:6944
- C:\Windows\System\LgJEaBt.exe
  C:\Windows\System\LgJEaBt.exe
  2⤵
  PID:7220
- C:\Windows\System\CQpIWQS.exe
  C:\Windows\System\CQpIWQS.exe
  2⤵
  PID:7028
- C:\Windows\System\tpzItvs.exe
  C:\Windows\System\tpzItvs.exe
  2⤵
  PID:7276
- C:\Windows\System\BAMMzyR.exe
  C:\Windows\System\BAMMzyR.exe
  2⤵
  PID:7340
- C:\Windows\System\cNOexqD.exe
  C:\Windows\System\cNOexqD.exe
  2⤵
  PID:7320
- C:\Windows\System\XbFPrut.exe
  C:\Windows\System\XbFPrut.exe
  2⤵
  PID:7380
- C:\Windows\System\MNtuBoy.exe
  C:\Windows\System\MNtuBoy.exe
  2⤵
  PID:7408
- C:\Windows\System\KNYVYNO.exe
  C:\Windows\System\KNYVYNO.exe
  2⤵
  PID:7432
- C:\Windows\System\PDRiTWO.exe
  C:\Windows\System\PDRiTWO.exe
  2⤵
  PID:7480
- C:\Windows\System\nTGNaiL.exe
  C:\Windows\System\nTGNaiL.exe
  2⤵
  PID:7464
- C:\Windows\System\RzwVpmw.exe
  C:\Windows\System\RzwVpmw.exe
  2⤵
  PID:7524
- C:\Windows\System\YmfZCLx.exe
  C:\Windows\System\YmfZCLx.exe
  2⤵
  PID:7552
- C:\Windows\System\zAkXDEJ.exe
  C:\Windows\System\zAkXDEJ.exe
  2⤵
  PID:7564
- C:\Windows\System\mYCwFSX.exe
  C:\Windows\System\mYCwFSX.exe
  2⤵
  PID:7596
- C:\Windows\System\NpdkYYq.exe
  C:\Windows\System\NpdkYYq.exe
  2⤵
  PID:7600
- C:\Windows\System\IgpQDmo.exe
  C:\Windows\System\IgpQDmo.exe
  2⤵
  PID:2320
- C:\Windows\System\PREryay.exe
  C:\Windows\System\PREryay.exe
  2⤵
  PID:7668
- C:\Windows\System\XomPtVH.exe
  C:\Windows\System\XomPtVH.exe
  2⤵
  PID:7684
- C:\Windows\System\aXuIIQj.exe
  C:\Windows\System\aXuIIQj.exe
  2⤵
  PID:7712
- C:\Windows\System\fWwXRyj.exe
  C:\Windows\System\fWwXRyj.exe
  2⤵
  PID:7700
- C:\Windows\System\tbYXsbG.exe
  C:\Windows\System\tbYXsbG.exe
  2⤵
  PID:7740
- C:\Windows\System\jFKQJrI.exe
  C:\Windows\System\jFKQJrI.exe
  2⤵
  PID:7760
- C:\Windows\System\QVIjVFF.exe
  C:\Windows\System\QVIjVFF.exe
  2⤵
  PID:7756
- C:\Windows\System\ZfWKguT.exe
  C:\Windows\System\ZfWKguT.exe
  2⤵
  PID:7904
- C:\Windows\System\fBOFHQI.exe
  C:\Windows\System\fBOFHQI.exe
  2⤵
  PID:7888
- C:\Windows\System\pDNZkEq.exe
  C:\Windows\System\pDNZkEq.exe
  2⤵
  PID:7824
- C:\Windows\System\RBmxksL.exe
  C:\Windows\System\RBmxksL.exe
  2⤵
  PID:7956
- C:\Windows\System\YUCQypd.exe
  C:\Windows\System\YUCQypd.exe
  2⤵
  PID:7992
- C:\Windows\System\rQNlEMy.exe
  C:\Windows\System\rQNlEMy.exe
  2⤵
  PID:7940
- C:\Windows\System\nMXmItD.exe
  C:\Windows\System\nMXmItD.exe
  2⤵
  PID:8036
- C:\Windows\System\lsoPmRz.exe
  C:\Windows\System\lsoPmRz.exe
  2⤵
  PID:8044
- C:\Windows\System\ythgOii.exe
  C:\Windows\System\ythgOii.exe
  2⤵
  PID:8056
- C:\Windows\System\rEnFVkA.exe
  C:\Windows\System\rEnFVkA.exe
  2⤵
  PID:8100
- C:\Windows\System\cwEJVZN.exe
  C:\Windows\System\cwEJVZN.exe
  2⤵
  PID:8112
- C:\Windows\System\LIBxjwH.exe
  C:\Windows\System\LIBxjwH.exe
  2⤵
  PID:8132
- C:\Windows\System\qPMULzK.exe
  C:\Windows\System\qPMULzK.exe
  2⤵
  PID:8168
- C:\Windows\System\POvwCOy.exe
  C:\Windows\System\POvwCOy.exe
  2⤵
  PID:6416
- C:\Windows\System\IIKPqhm.exe
  C:\Windows\System\IIKPqhm.exe
  2⤵
  PID:7172
- C:\Windows\System\PqSYfFJ.exe
  C:\Windows\System\PqSYfFJ.exe
  2⤵
  PID:7324
- C:\Windows\System\TTICEsY.exe
  C:\Windows\System\TTICEsY.exe
  2⤵
  PID:7336
- C:\Windows\System\mQVBsXf.exe
  C:\Windows\System\mQVBsXf.exe
  2⤵
  PID:6148
- C:\Windows\System\yQVpnoM.exe
  C:\Windows\System\yQVpnoM.exe
  2⤵
  PID:7236
- C:\Windows\System\DaCTvgj.exe
  C:\Windows\System\DaCTvgj.exe
  2⤵
  PID:7044
- C:\Windows\System\IZizPQw.exe
  C:\Windows\System\IZizPQw.exe
  2⤵
  PID:7424
- C:\Windows\System\SByjYzr.exe
  C:\Windows\System\SByjYzr.exe
  2⤵
  PID:7448
- C:\Windows\System\IivNxhJ.exe
  C:\Windows\System\IivNxhJ.exe
  2⤵
  PID:7512
- C:\Windows\System\xRSaUdr.exe
  C:\Windows\System\xRSaUdr.exe
  2⤵
  PID:7580
- C:\Windows\System\LRIiCZO.exe
  C:\Windows\System\LRIiCZO.exe
  2⤵
  PID:7696
- C:\Windows\System\kAUmdmk.exe
  C:\Windows\System\kAUmdmk.exe
  2⤵
  PID:7708
- C:\Windows\System\anSQFtP.exe
  C:\Windows\System\anSQFtP.exe
  2⤵
  PID:7632
- C:\Windows\System\EenqfcJ.exe
  C:\Windows\System\EenqfcJ.exe
  2⤵
  PID:7856
- C:\Windows\System\PxWOgOv.exe
  C:\Windows\System\PxWOgOv.exe
  2⤵
  PID:7860
- C:\Windows\System\hJWhkfW.exe
  C:\Windows\System\hJWhkfW.exe
  2⤵
  PID:7936
- C:\Windows\System\QwghXWe.exe
  C:\Windows\System\QwghXWe.exe
  2⤵
  PID:6344
- C:\Windows\System\cClZHeh.exe
  C:\Windows\System\cClZHeh.exe
  2⤵
  PID:7876
- C:\Windows\System\mQDoDKZ.exe
  C:\Windows\System\mQDoDKZ.exe
  2⤵
  PID:7792
- C:\Windows\System\cvieudi.exe
  C:\Windows\System\cvieudi.exe
  2⤵
  PID:8004
- C:\Windows\System\ibNusfO.exe
  C:\Windows\System\ibNusfO.exe
  2⤵
  PID:8096
- C:\Windows\System\lTXzzoq.exe
  C:\Windows\System\lTXzzoq.exe
  2⤵
  PID:8164
- C:\Windows\System\rqnkZHP.exe
  C:\Windows\System\rqnkZHP.exe
  2⤵
  PID:7352
- C:\Windows\System\inbDClB.exe
  C:\Windows\System\inbDClB.exe
  2⤵
  PID:7356
- C:\Windows\System\QgJqOKm.exe
  C:\Windows\System\QgJqOKm.exe
  2⤵
  PID:8184
- C:\Windows\System\YLXuKhk.exe
  C:\Windows\System\YLXuKhk.exe
  2⤵
  PID:7240
- C:\Windows\System\oaXsHoR.exe
  C:\Windows\System\oaXsHoR.exe
  2⤵
  PID:7516
- C:\Windows\System\UcoHbbP.exe
  C:\Windows\System\UcoHbbP.exe
  2⤵
  PID:2240
- C:\Windows\System\UWrfsxu.exe
  C:\Windows\System\UWrfsxu.exe
  2⤵
  PID:7388
- C:\Windows\System\UEypHYm.exe
  C:\Windows\System\UEypHYm.exe
  2⤵
  PID:8188
- C:\Windows\System\dUdmETx.exe
  C:\Windows\System\dUdmETx.exe
  2⤵
  PID:7920
- C:\Windows\System\GxkVBZe.exe
  C:\Windows\System\GxkVBZe.exe
  2⤵
  PID:8024
- C:\Windows\System\bvPSGqF.exe
  C:\Windows\System\bvPSGqF.exe
  2⤵
  PID:8084
- C:\Windows\System\QCAXSHj.exe
  C:\Windows\System\QCAXSHj.exe
  2⤵
  PID:7808
- C:\Windows\System\cofSjYN.exe
  C:\Windows\System\cofSjYN.exe
  2⤵
  PID:7556
- C:\Windows\System\wMTADXw.exe
  C:\Windows\System\wMTADXw.exe
  2⤵
  PID:7620
- C:\Windows\System\duuDHsm.exe
  C:\Windows\System\duuDHsm.exe
  2⤵
  PID:7288
- C:\Windows\System\ZkPCnqa.exe
  C:\Windows\System\ZkPCnqa.exe
  2⤵
  PID:8048
- C:\Windows\System\vkPVNAC.exe
  C:\Windows\System\vkPVNAC.exe
  2⤵
  PID:7764
- C:\Windows\System\kyWxNAm.exe
  C:\Windows\System\kyWxNAm.exe
  2⤵
  PID:8128
- C:\Windows\System\svhUluh.exe
  C:\Windows\System\svhUluh.exe
  2⤵
  PID:6072
- C:\Windows\System\kzJzcat.exe
  C:\Windows\System\kzJzcat.exe
  2⤵
  PID:5976
- C:\Windows\System\VvavVmn.exe
  C:\Windows\System\VvavVmn.exe
  2⤵
  PID:8204
- C:\Windows\System\HnUYSfV.exe
  C:\Windows\System\HnUYSfV.exe
  2⤵
  PID:8220
- C:\Windows\System\RzDWGBx.exe
  C:\Windows\System\RzDWGBx.exe
  2⤵
  PID:8236
- C:\Windows\System\cpUdNZB.exe
  C:\Windows\System\cpUdNZB.exe
  2⤵
  PID:8252
- C:\Windows\System\vpmmADb.exe
  C:\Windows\System\vpmmADb.exe
  2⤵
  PID:8268
- C:\Windows\System\DDkoWza.exe
  C:\Windows\System\DDkoWza.exe
  2⤵
  PID:8284
- C:\Windows\System\JasoMMG.exe
  C:\Windows\System\JasoMMG.exe
  2⤵
  PID:8300
- C:\Windows\System\AaBuhZL.exe
  C:\Windows\System\AaBuhZL.exe
  2⤵
  PID:8316
- C:\Windows\System\qvluAGq.exe
  C:\Windows\System\qvluAGq.exe
  2⤵
  PID:8332
- C:\Windows\System\SjNkAiJ.exe
  C:\Windows\System\SjNkAiJ.exe
  2⤵
  PID:8348
- C:\Windows\System\yvnFgHG.exe
  C:\Windows\System\yvnFgHG.exe
  2⤵
  PID:8364
- C:\Windows\System\mRtnyBc.exe
  C:\Windows\System\mRtnyBc.exe
  2⤵
  PID:8380
- C:\Windows\System\CWomMXz.exe
  C:\Windows\System\CWomMXz.exe
  2⤵
  PID:8396
- C:\Windows\System\HtZQDAv.exe
  C:\Windows\System\HtZQDAv.exe
  2⤵
  PID:8412
- C:\Windows\System\lGtmPhK.exe
  C:\Windows\System\lGtmPhK.exe
  2⤵
  PID:8428
- C:\Windows\System\xYHNapD.exe
  C:\Windows\System\xYHNapD.exe
  2⤵
  PID:8444
- C:\Windows\System\fCbraNZ.exe
  C:\Windows\System\fCbraNZ.exe
  2⤵
  PID:8464
- C:\Windows\System\JHbVUuI.exe
  C:\Windows\System\JHbVUuI.exe
  2⤵
  PID:8480
- C:\Windows\System\JvKpnFW.exe
  C:\Windows\System\JvKpnFW.exe
  2⤵
  PID:8496
- C:\Windows\System\EDQwMaJ.exe
  C:\Windows\System\EDQwMaJ.exe
  2⤵
  PID:8512
- C:\Windows\System\OMiVpPL.exe
  C:\Windows\System\OMiVpPL.exe
  2⤵
  PID:8528
- C:\Windows\System\nhsxgqN.exe
  C:\Windows\System\nhsxgqN.exe
  2⤵
  PID:8544
- C:\Windows\System\VThPjow.exe
  C:\Windows\System\VThPjow.exe
  2⤵
  PID:8560
- C:\Windows\System\IhzbjQZ.exe
  C:\Windows\System\IhzbjQZ.exe
  2⤵
  PID:8576
- C:\Windows\System\XeqvTwE.exe
  C:\Windows\System\XeqvTwE.exe
  2⤵
  PID:8592
- C:\Windows\System\NpqRcxB.exe
  C:\Windows\System\NpqRcxB.exe
  2⤵
  PID:8608
- C:\Windows\System\pvHNzSW.exe
  C:\Windows\System\pvHNzSW.exe
  2⤵
  PID:8624
- C:\Windows\System\PZCBiIH.exe
  C:\Windows\System\PZCBiIH.exe
  2⤵
  PID:8640
- C:\Windows\System\AmlFMdk.exe
  C:\Windows\System\AmlFMdk.exe
  2⤵
  PID:8656
- C:\Windows\System\zkdRbph.exe
  C:\Windows\System\zkdRbph.exe
  2⤵
  PID:8672
- C:\Windows\System\ZpWcdPr.exe
  C:\Windows\System\ZpWcdPr.exe
  2⤵
  PID:8688
- C:\Windows\System\nMKxlVr.exe
  C:\Windows\System\nMKxlVr.exe
  2⤵
  PID:8704
- C:\Windows\System\pRhehsv.exe
  C:\Windows\System\pRhehsv.exe
  2⤵
  PID:8720
- C:\Windows\System\shVNmyE.exe
  C:\Windows\System\shVNmyE.exe
  2⤵
  PID:8736
- C:\Windows\System\vMXWKmG.exe
  C:\Windows\System\vMXWKmG.exe
  2⤵
  PID:8752
- C:\Windows\System\CwIGbKM.exe
  C:\Windows\System\CwIGbKM.exe
  2⤵
  PID:8768
- C:\Windows\System\WxJkHiE.exe
  C:\Windows\System\WxJkHiE.exe
  2⤵
  PID:8784
- C:\Windows\System\JBYbJcx.exe
  C:\Windows\System\JBYbJcx.exe
  2⤵
  PID:8800
- C:\Windows\System\qHfGoyy.exe
  C:\Windows\System\qHfGoyy.exe
  2⤵
  PID:8816
- C:\Windows\System\YTMxxKS.exe
  C:\Windows\System\YTMxxKS.exe
  2⤵
  PID:8832
- C:\Windows\System\xsBDXwL.exe
  C:\Windows\System\xsBDXwL.exe
  2⤵
  PID:8848
- C:\Windows\System\tKLcvIX.exe
  C:\Windows\System\tKLcvIX.exe
  2⤵
  PID:8864
- C:\Windows\System\NTVgWeF.exe
  C:\Windows\System\NTVgWeF.exe
  2⤵
  PID:8880
- C:\Windows\System\eZLyKEl.exe
  C:\Windows\System\eZLyKEl.exe
  2⤵
  PID:8896
- C:\Windows\System\zTgABis.exe
  C:\Windows\System\zTgABis.exe
  2⤵
  PID:8912
- C:\Windows\System\GqzSarX.exe
  C:\Windows\System\GqzSarX.exe
  2⤵
  PID:8928
- C:\Windows\System\BWGRxPm.exe
  C:\Windows\System\BWGRxPm.exe
  2⤵
  PID:8944
- C:\Windows\System\sjWwiAu.exe
  C:\Windows\System\sjWwiAu.exe
  2⤵
  PID:8960
- C:\Windows\System\RZqnQGa.exe
  C:\Windows\System\RZqnQGa.exe
  2⤵
  PID:8984
- C:\Windows\System\eVdDgcJ.exe
  C:\Windows\System\eVdDgcJ.exe
  2⤵
  PID:9004
- C:\Windows\System\QLViyPI.exe
  C:\Windows\System\QLViyPI.exe
  2⤵
  PID:9020
- C:\Windows\System\vEbTMMY.exe
  C:\Windows\System\vEbTMMY.exe
  2⤵
  PID:9040
- C:\Windows\System\VSykjhs.exe
  C:\Windows\System\VSykjhs.exe
  2⤵
  PID:9056
- C:\Windows\System\cnnDiRA.exe
  C:\Windows\System\cnnDiRA.exe
  2⤵
  PID:9072
- C:\Windows\System\NcPGhEy.exe
  C:\Windows\System\NcPGhEy.exe
  2⤵
  PID:9104
- C:\Windows\System\qFckhmC.exe
  C:\Windows\System\qFckhmC.exe
  2⤵
  PID:9124
- C:\Windows\System\oIAlyZh.exe
  C:\Windows\System\oIAlyZh.exe
  2⤵
  PID:9148
- C:\Windows\System\pVnKnaj.exe
  C:\Windows\System\pVnKnaj.exe
  2⤵
  PID:9164
- C:\Windows\System\SpCdFan.exe
  C:\Windows\System\SpCdFan.exe
  2⤵
  PID:9180
- C:\Windows\System\FVEMMua.exe
  C:\Windows\System\FVEMMua.exe
  2⤵
  PID:9196
- C:\Windows\System\ZHIJhKR.exe
  C:\Windows\System\ZHIJhKR.exe
  2⤵
  PID:7952
- C:\Windows\System\ZnFDAwF.exe
  C:\Windows\System\ZnFDAwF.exe
  2⤵
  PID:7548
- C:\Windows\System\nmuhBtj.exe
  C:\Windows\System\nmuhBtj.exe
  2⤵
  PID:7392
- C:\Windows\System\uTltFMG.exe
  C:\Windows\System\uTltFMG.exe
  2⤵
  PID:8308
- C:\Windows\System\nFBsupS.exe
  C:\Windows\System\nFBsupS.exe
  2⤵
  PID:8344
- C:\Windows\System\YbakUmn.exe
  C:\Windows\System\YbakUmn.exe
  2⤵
  PID:8440
- C:\Windows\System\WtoDgJs.exe
  C:\Windows\System\WtoDgJs.exe
  2⤵
  PID:8264
- C:\Windows\System\wMQQxAQ.exe
  C:\Windows\System\wMQQxAQ.exe
  2⤵
  PID:8492
- C:\Windows\System\BSBdglV.exe
  C:\Windows\System\BSBdglV.exe
  2⤵
  PID:8292
- C:\Windows\System\dSpkdkE.exe
  C:\Windows\System\dSpkdkE.exe
  2⤵
  PID:8540
- C:\Windows\System\vnMCyvo.exe
  C:\Windows\System\vnMCyvo.exe
  2⤵
  PID:8572
- C:\Windows\System\qNOohNP.exe
  C:\Windows\System\qNOohNP.exe
  2⤵
  PID:8584
- C:\Windows\System\LwzrcNF.exe
  C:\Windows\System\LwzrcNF.exe
  2⤵
  PID:8620
- C:\Windows\System\GJJChTX.exe
  C:\Windows\System\GJJChTX.exe
  2⤵
  PID:8668
- C:\Windows\System\vehkdmA.exe
  C:\Windows\System\vehkdmA.exe
  2⤵
  PID:8700
- C:\Windows\System\wzFfDlJ.exe
  C:\Windows\System\wzFfDlJ.exe
  2⤵
  PID:8716
- C:\Windows\System\cKfouaq.exe
  C:\Windows\System\cKfouaq.exe
  2⤵
  PID:8764
- C:\Windows\System\eCZjQBq.exe
  C:\Windows\System\eCZjQBq.exe
  2⤵
  PID:8828
- C:\Windows\System\tlJQpom.exe
  C:\Windows\System\tlJQpom.exe
  2⤵
  PID:8860
- C:\Windows\System\sBWefWK.exe
  C:\Windows\System\sBWefWK.exe
  2⤵
  PID:8844
- C:\Windows\System\QvjLUTM.exe
  C:\Windows\System\QvjLUTM.exe
  2⤵
  PID:8920
- C:\Windows\System\zzZhiOU.exe
  C:\Windows\System\zzZhiOU.exe
  2⤵
  PID:8956
- C:\Windows\System\pRQjGNB.exe
  C:\Windows\System\pRQjGNB.exe
  2⤵
  PID:8972
- C:\Windows\System\qbAqpnn.exe
  C:\Windows\System\qbAqpnn.exe
  2⤵
  PID:9000
- C:\Windows\System\WDnPVvL.exe
  C:\Windows\System\WDnPVvL.exe
  2⤵
  PID:9096
- C:\Windows\System\uChlMGJ.exe
  C:\Windows\System\uChlMGJ.exe
  2⤵
  PID:1732
- C:\Windows\System\TOWkzmG.exe
  C:\Windows\System\TOWkzmG.exe
  2⤵
  PID:8876
- C:\Windows\System\gcNVAXP.exe
  C:\Windows\System\gcNVAXP.exe
  2⤵
  PID:8924
- C:\Windows\System\xaSglaw.exe
  C:\Windows\System\xaSglaw.exe
  2⤵
  PID:2264
- C:\Windows\System\hLtTges.exe
  C:\Windows\System\hLtTges.exe
  2⤵
  PID:8968
- C:\Windows\System\clpUkMO.exe
  C:\Windows\System\clpUkMO.exe
  2⤵
  PID:9036
- C:\Windows\System\QkVIVrp.exe
  C:\Windows\System\QkVIVrp.exe
  2⤵
  PID:9052
- C:\Windows\System\YQzuPvq.exe
  C:\Windows\System\YQzuPvq.exe
  2⤵
  PID:9088
- C:\Windows\System\PeQKjEK.exe
  C:\Windows\System\PeQKjEK.exe
  2⤵
  PID:9120
- C:\Windows\System\DkKksnG.exe
  C:\Windows\System\DkKksnG.exe
  2⤵
  PID:1712
- C:\Windows\System\tqybrFa.exe
  C:\Windows\System\tqybrFa.exe
  2⤵
  PID:7568
- C:\Windows\System\gfhAknU.exe
  C:\Windows\System\gfhAknU.exe
  2⤵
  PID:1524
- C:\Windows\System\iWYBKcF.exe
  C:\Windows\System\iWYBKcF.exe
  2⤵
  PID:8404
- C:\Windows\System\ATYHkoH.exe
  C:\Windows\System\ATYHkoH.exe
  2⤵
  PID:8392
- C:\Windows\System\sbnkGqf.exe
  C:\Windows\System\sbnkGqf.exe
  2⤵
  PID:8536
- C:\Windows\System\wIXTzaP.exe
  C:\Windows\System\wIXTzaP.exe
  2⤵
  PID:8228
- C:\Windows\System\YPLyLRC.exe
  C:\Windows\System\YPLyLRC.exe
  2⤵
  PID:8504
- C:\Windows\System\hmYBQQi.exe
  C:\Windows\System\hmYBQQi.exe
  2⤵
  PID:8424
- C:\Windows\System\gyAmlfB.exe
  C:\Windows\System\gyAmlfB.exe
  2⤵
  PID:8664
- C:\Windows\System\pRqrCEW.exe
  C:\Windows\System\pRqrCEW.exe
  2⤵
  PID:8796
- C:\Windows\System\XNKwjzR.exe
  C:\Windows\System\XNKwjzR.exe
  2⤵
  PID:8840
- C:\Windows\System\AxZCdum.exe
  C:\Windows\System\AxZCdum.exe
  2⤵
  PID:8696
- C:\Windows\System\IhNXovI.exe
  C:\Windows\System\IhNXovI.exe
  2⤵
  PID:8976
- C:\Windows\System\mrBzyRK.exe
  C:\Windows\System\mrBzyRK.exe
  2⤵
  PID:9064
- C:\Windows\System\NgHkTaz.exe
  C:\Windows\System\NgHkTaz.exe
  2⤵
  PID:8908
- C:\Windows\System\QBdejbB.exe
  C:\Windows\System\QBdejbB.exe
  2⤵
  PID:8892
- C:\Windows\System\eWuRTrK.exe
  C:\Windows\System\eWuRTrK.exe
  2⤵
  PID:8356
- C:\Windows\System\vAfEMXP.exe
  C:\Windows\System\vAfEMXP.exe
  2⤵
  PID:8728
- C:\Windows\System\xnUAzbo.exe
  C:\Windows\System\xnUAzbo.exe
  2⤵
  PID:8856
- C:\Windows\System\vynxmBV.exe
  C:\Windows\System\vynxmBV.exe
  2⤵
  PID:8952
- C:\Windows\System\UoXzwqu.exe
  C:\Windows\System\UoXzwqu.exe
  2⤵
  PID:8260
- C:\Windows\System\MTodjTY.exe
  C:\Windows\System\MTodjTY.exe
  2⤵
  PID:9084
- C:\Windows\System\EvyxApY.exe
  C:\Windows\System\EvyxApY.exe
  2⤵
  PID:8476
- C:\Windows\System\DOmcKFG.exe
  C:\Windows\System\DOmcKFG.exe
  2⤵
  PID:9012
- C:\Windows\System\MqHkIhQ.exe
  C:\Windows\System\MqHkIhQ.exe
  2⤵
  PID:8200
- C:\Windows\System\MArtUtN.exe
  C:\Windows\System\MArtUtN.exe
  2⤵
  PID:8616
- C:\Windows\System\wrhLSkJ.exe
  C:\Windows\System\wrhLSkJ.exe
  2⤵
  PID:8452
- C:\Windows\System\KyOmhgv.exe
  C:\Windows\System\KyOmhgv.exe
  2⤵
  PID:8460
- C:\Windows\System\nWQYIPV.exe
  C:\Windows\System\nWQYIPV.exe
  2⤵
  PID:8604
- C:\Windows\System\ClsMqQi.exe
  C:\Windows\System\ClsMqQi.exe
  2⤵
  PID:8588
- C:\Windows\System\xmowJlz.exe
  C:\Windows\System\xmowJlz.exe
  2⤵
  PID:8360
- C:\Windows\System\sGKsbzK.exe
  C:\Windows\System\sGKsbzK.exe
  2⤵
  PID:8520
- C:\Windows\System\YmNvsLG.exe
  C:\Windows\System\YmNvsLG.exe
  2⤵
  PID:9232
- C:\Windows\System\bFiKaWp.exe
  C:\Windows\System\bFiKaWp.exe
  2⤵
  PID:9248
- C:\Windows\System\KLHRRAB.exe
  C:\Windows\System\KLHRRAB.exe
  2⤵
  PID:9272
- C:\Windows\System\CGmtvty.exe
  C:\Windows\System\CGmtvty.exe
  2⤵
  PID:9292
- C:\Windows\System\tPSNomj.exe
  C:\Windows\System\tPSNomj.exe
  2⤵
  PID:9312
- C:\Windows\System\vTLjBUJ.exe
  C:\Windows\System\vTLjBUJ.exe
  2⤵
  PID:9336
- C:\Windows\System\ZjWsuRI.exe
  C:\Windows\System\ZjWsuRI.exe
  2⤵
  PID:9352
- C:\Windows\System\jhWpwZa.exe
  C:\Windows\System\jhWpwZa.exe
  2⤵
  PID:9368
- C:\Windows\System\HYcejqR.exe
  C:\Windows\System\HYcejqR.exe
  2⤵
  PID:9384
- C:\Windows\System\WBmeqGc.exe
  C:\Windows\System\WBmeqGc.exe
  2⤵
  PID:9400
- C:\Windows\System\btnpxjh.exe
  C:\Windows\System\btnpxjh.exe
  2⤵
  PID:9416
- C:\Windows\System\LEzwzqs.exe
  C:\Windows\System\LEzwzqs.exe
  2⤵
  PID:9472
- C:\Windows\System\fMgxPLK.exe
  C:\Windows\System\fMgxPLK.exe
  2⤵
  PID:9488
- C:\Windows\System\BBZyhdg.exe
  C:\Windows\System\BBZyhdg.exe
  2⤵
  PID:9512
- C:\Windows\System\BEZdWeC.exe
  C:\Windows\System\BEZdWeC.exe
  2⤵
  PID:9536
- C:\Windows\System\KILTjZN.exe
  C:\Windows\System\KILTjZN.exe
  2⤵
  PID:9552
- C:\Windows\System\GylTkbL.exe
  C:\Windows\System\GylTkbL.exe
  2⤵
  PID:9572
- C:\Windows\System\jAGNeXr.exe
  C:\Windows\System\jAGNeXr.exe
  2⤵
  PID:9592
- C:\Windows\System\KjhkHhQ.exe
  C:\Windows\System\KjhkHhQ.exe
  2⤵
  PID:9608
- C:\Windows\System\UtGyWpT.exe
  C:\Windows\System\UtGyWpT.exe
  2⤵
  PID:9632
- C:\Windows\System\psLhZzp.exe
  C:\Windows\System\psLhZzp.exe
  2⤵
  PID:9652
- C:\Windows\System\gNgAFjo.exe
  C:\Windows\System\gNgAFjo.exe
  2⤵
  PID:9668
- C:\Windows\System\giilYWk.exe
  C:\Windows\System\giilYWk.exe
  2⤵
  PID:9696
- C:\Windows\System\iGezSyt.exe
  C:\Windows\System\iGezSyt.exe
  2⤵
  PID:9712
- C:\Windows\System\ztmvqjw.exe
  C:\Windows\System\ztmvqjw.exe
  2⤵
  PID:9732
- C:\Windows\System\EyQoaIs.exe
  C:\Windows\System\EyQoaIs.exe
  2⤵
  PID:9752
- C:\Windows\System\mmyamxf.exe
  C:\Windows\System\mmyamxf.exe
  2⤵
  PID:9768
- C:\Windows\System\VpfTiTl.exe
  C:\Windows\System\VpfTiTl.exe
  2⤵
  PID:9800
- C:\Windows\System\iYlZTgG.exe
  C:\Windows\System\iYlZTgG.exe
  2⤵
  PID:9816
- C:\Windows\System\SWmvmJu.exe
  C:\Windows\System\SWmvmJu.exe
  2⤵
  PID:9836
- C:\Windows\System\yKTHoUs.exe
  C:\Windows\System\yKTHoUs.exe
  2⤵
  PID:9852
- C:\Windows\System\mJZCWeU.exe
  C:\Windows\System\mJZCWeU.exe
  2⤵
  PID:9876
- C:\Windows\System\qeudOTm.exe
  C:\Windows\System\qeudOTm.exe
  2⤵
  PID:9900
- C:\Windows\System\oEPjlnh.exe
  C:\Windows\System\oEPjlnh.exe
  2⤵
  PID:9920
- C:\Windows\System\NBWrJiF.exe
  C:\Windows\System\NBWrJiF.exe
  2⤵
  PID:9940
- C:\Windows\System\AxVVAPG.exe
  C:\Windows\System\AxVVAPG.exe
  2⤵
  PID:9956
- C:\Windows\System\UbEDBGK.exe
  C:\Windows\System\UbEDBGK.exe
  2⤵
  PID:9972
- C:\Windows\System\OGJJRqE.exe
  C:\Windows\System\OGJJRqE.exe
  2⤵
  PID:10004
- C:\Windows\System\qbKfyyi.exe
  C:\Windows\System\qbKfyyi.exe
  2⤵
  PID:10020
- C:\Windows\System\GSLpiln.exe
  C:\Windows\System\GSLpiln.exe
  2⤵
  PID:10036
- C:\Windows\System\rTfKBsG.exe
  C:\Windows\System\rTfKBsG.exe
  2⤵
  PID:10064
- C:\Windows\System\TvQNUbl.exe
  C:\Windows\System\TvQNUbl.exe
  2⤵
  PID:10080
- C:\Windows\System\fJUCWEO.exe
  C:\Windows\System\fJUCWEO.exe
  2⤵
  PID:10096
- C:\Windows\System\JvWfaad.exe
  C:\Windows\System\JvWfaad.exe
  2⤵
  PID:10112
- C:\Windows\System\AZhNqJv.exe
  C:\Windows\System\AZhNqJv.exe
  2⤵
  PID:10128
- C:\Windows\System\QtFrUgj.exe
  C:\Windows\System\QtFrUgj.exe
  2⤵
  PID:10144
- C:\Windows\System\XYrmdVl.exe
  C:\Windows\System\XYrmdVl.exe
  2⤵
  PID:10168
- C:\Windows\System\fAuIciZ.exe
  C:\Windows\System\fAuIciZ.exe
  2⤵
  PID:10188
- C:\Windows\System\sUhGSGk.exe
  C:\Windows\System\sUhGSGk.exe
  2⤵
  PID:10224
- C:\Windows\System\qYbzDyc.exe
  C:\Windows\System\qYbzDyc.exe
  2⤵
  PID:9220
- C:\Windows\System\JSlEWZW.exe
  C:\Windows\System\JSlEWZW.exe
  2⤵
  PID:9264
- C:\Windows\System\OPuHfAI.exe
  C:\Windows\System\OPuHfAI.exe
  2⤵
  PID:8556
- C:\Windows\System\aFwtTTI.exe
  C:\Windows\System\aFwtTTI.exe
  2⤵
  PID:9324
- C:\Windows\System\KiFSviz.exe
  C:\Windows\System\KiFSviz.exe
  2⤵
  PID:9380
- C:\Windows\System\MGFXwWa.exe
  C:\Windows\System\MGFXwWa.exe
  2⤵
  PID:9424
- C:\Windows\System\jsioDxy.exe
  C:\Windows\System\jsioDxy.exe
  2⤵
  PID:9436
- C:\Windows\System\NLXMxyD.exe
  C:\Windows\System\NLXMxyD.exe
  2⤵
  PID:9452
- C:\Windows\System\OhkjNjx.exe
  C:\Windows\System\OhkjNjx.exe
  2⤵
  PID:9484
- C:\Windows\System\AehBgZA.exe
  C:\Windows\System\AehBgZA.exe
  2⤵
  PID:9520
- C:\Windows\System\BaifGUV.exe
  C:\Windows\System\BaifGUV.exe
  2⤵
  PID:9544
- C:\Windows\System\SNhaUIw.exe
  C:\Windows\System\SNhaUIw.exe
  2⤵
  PID:9584
- C:\Windows\System\eGpnQbF.exe
  C:\Windows\System\eGpnQbF.exe
  2⤵
  PID:9644
- C:\Windows\System\QcMNKXW.exe
  C:\Windows\System\QcMNKXW.exe
  2⤵
  PID:9648
- C:\Windows\System\yffpdXp.exe
  C:\Windows\System\yffpdXp.exe
  2⤵
  PID:9680
- C:\Windows\System\sTRBHHX.exe
  C:\Windows\System\sTRBHHX.exe
  2⤵
  PID:9708
- C:\Windows\System\HltPxCN.exe
  C:\Windows\System\HltPxCN.exe
  2⤵
  PID:9528
- C:\Windows\System\pfFbOpA.exe
  C:\Windows\System\pfFbOpA.exe
  2⤵
  PID:9780
- C:\Windows\System\JVrCnCX.exe
  C:\Windows\System\JVrCnCX.exe
  2⤵
  PID:9808
- C:\Windows\System\zneDuSy.exe
  C:\Windows\System\zneDuSy.exe
  2⤵
  PID:9848
- C:\Windows\System\oqudTvE.exe
  C:\Windows\System\oqudTvE.exe
  2⤵
  PID:9868
- C:\Windows\System\BjrUvnH.exe
  C:\Windows\System\BjrUvnH.exe
  2⤵
  PID:9908
- C:\Windows\System\QnueAhp.exe
  C:\Windows\System\QnueAhp.exe
  2⤵
  PID:9932
- C:\Windows\System\khpcyod.exe
  C:\Windows\System\khpcyod.exe
  2⤵
  PID:9968
- C:\Windows\System\CvsDAeD.exe
  C:\Windows\System\CvsDAeD.exe
  2⤵
  PID:9992
- C:\Windows\System\NdclLxK.exe
  C:\Windows\System\NdclLxK.exe
  2⤵
  PID:10044
- C:\Windows\System\KJxOCCi.exe
  C:\Windows\System\KJxOCCi.exe
  2⤵
  PID:10060
- C:\Windows\System\zTqkKEr.exe
  C:\Windows\System\zTqkKEr.exe
  2⤵
  PID:10120
- C:\Windows\System\hbITyNI.exe
  C:\Windows\System\hbITyNI.exe
  2⤵
  PID:10156
- C:\Windows\System\DGFHJox.exe
  C:\Windows\System\DGFHJox.exe
  2⤵
  PID:10136
- C:\Windows\System\YzbILNF.exe
  C:\Windows\System\YzbILNF.exe
  2⤵
  PID:10180
- C:\Windows\System\rNpczce.exe
  C:\Windows\System\rNpczce.exe
  2⤵
  PID:10212
- C:\Windows\System\WnzZDiu.exe
  C:\Windows\System\WnzZDiu.exe
  2⤵
  PID:10236
- C:\Windows\System\zYPAIad.exe
  C:\Windows\System\zYPAIad.exe
  2⤵
  PID:9240
- C:\Windows\System\OEFEQmH.exe
  C:\Windows\System\OEFEQmH.exe
  2⤵
  PID:9360
- C:\Windows\System\utjFHtb.exe
  C:\Windows\System\utjFHtb.exe
  2⤵
  PID:9440
- C:\Windows\System\yyCluUQ.exe
  C:\Windows\System\yyCluUQ.exe
  2⤵
  PID:9464
- C:\Windows\System\dkTECPN.exe
  C:\Windows\System\dkTECPN.exe
  2⤵
  PID:9504
- C:\Windows\System\CroDQlT.exe
  C:\Windows\System\CroDQlT.exe
  2⤵
  PID:9560
- C:\Windows\System\xwoZZIy.exe
  C:\Windows\System\xwoZZIy.exe
  2⤵
  PID:9600
- C:\Windows\System\sLkxzvQ.exe
  C:\Windows\System\sLkxzvQ.exe
  2⤵
  PID:9664
- C:\Windows\System\xJxLIzN.exe
  C:\Windows\System\xJxLIzN.exe
  2⤵
  PID:9704
- C:\Windows\System\SMJWlHW.exe
  C:\Windows\System\SMJWlHW.exe
  2⤵
  PID:9728
- C:\Windows\System\BoojkLj.exe
  C:\Windows\System\BoojkLj.exe
  2⤵
  PID:9796
- C:\Windows\System\AOJMvAY.exe
  C:\Windows\System\AOJMvAY.exe
  2⤵
  PID:9864
- C:\Windows\System\pqyAmQd.exe
  C:\Windows\System\pqyAmQd.exe
  2⤵
  PID:9912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BkAJjyz.exe

Filesize
6.0MB

MD5
109d830579ba30dc20159d709274a162

SHA1
cb5cba4c18de542ee9b85fccf31b778e96377938

SHA256
dfb767c587622ee2fc4aa5b261fce7934dde2bfa265b9c57578f93d98071b71b

SHA512
8fd36228859d31b050f653a876bddcce4e7c4425bb5be52fac5d62344a4e4569dafa31f16b35cb7f33f0e6b62f77e84de68f994ccc8236b948d4c2a06401615c

Download Submit
C:\Windows\system\CkeqIBr.exe

Filesize
6.0MB

MD5
f716644232a81e29818ec7d4006eebe3

SHA1
49d91c92b35633209c4da7ff00258e8b7e74b752

SHA256
2cf79430f61d6c48abbe3a2060564625e5550cfc7751ce9206a963eb5055516d

SHA512
47e603058c210f9e546b9b91783761629c51b3827f0d612701f64ea39d245ba74765b8feb90a7d3236dd4b79ddb473652450319e223b3be21a430aee32384045

Download Submit
C:\Windows\system\DUfidgg.exe

Filesize
6.0MB

MD5
c8ff4a12d6fa70c537929a36b67ad6da

SHA1
4045644423c3a58eea252dcf695a93436338a621

SHA256
f0155b696db1dffe8ca9040cec3bc365edb16924f17d6677847d394c448227c5

SHA512
a4f4c1779813b1c8d289e7c505766ca241a8d4484b9e2920e94a0641937a52f09a8208691b7abed3def563639a7e666367740ee5afef15b17c00906d65f987f7

Download Submit
C:\Windows\system\DiCgceL.exe

Filesize
6.0MB

MD5
00d5de1c4c41e9155662c9bd7c766374

SHA1
ab688d5b8316ca4f73779dc2ed1201177003e4d8

SHA256
097a6072e5d5f3aed6158948b4044c35d527b1a95e4525481436464c006ea64a

SHA512
a796a339e76ab0aa211291be13080ad9e86c90aee6984743e90426508400af7d67e48827d6bfef0116656ac468731b055e0deb33041c4aa3887b5da68306f72b

Download Submit
C:\Windows\system\IgzkIqa.exe

Filesize
6.0MB

MD5
c2c5421541155ec4e96a14aa1cab07c2

SHA1
31c37c77ce7f71f1183bb51a933ad03e691aacb7

SHA256
37bf2c381e74776f0f51927a30d1e13903fe5500242e552a6b1efc9a10d441f5

SHA512
871895fbc44e242d45ca6c8e04079d1bfdf4a3db78321ddf8ea287c41516e1d3d778bc6d646e0c82232f2ef16f8965ecce84221344794424c7daff3a215d5ab6

Download Submit
C:\Windows\system\LegUdJG.exe

Filesize
6.0MB

MD5
fa3653c4820c93b5ca0a064dcdb2c1fe

SHA1
27b0ff8bd97c6de263835425b32cbc63be4eca98

SHA256
85dfa3834b08fa20c842dd3902010a7bc69b82e70fad3c53dc04ae6d0445cf11

SHA512
c1249aaca43e7a08318e99c8d37b526218c9c55b8b8980deeafac302b494da987aa1e9e6de9574c65ad7d40018fb1be1781811729e139bfb13c4ef6ad8107bf5

Download Submit
C:\Windows\system\MnIMUym.exe

Filesize
6.0MB

MD5
1d5bf2100328eb0963ce03fceed9de8d

SHA1
2d33fa0ba8e6dbc57b30665f56629dafa099656d

SHA256
67c87e016d16d9fbda7b5364fe5ba626b7ce94785461dd0c9ba11cc3c22428bd

SHA512
99485c2374ea277f36e0697f74e80fa23f94b3bcd508d19cdf4829041bfb98e52540655c0f871560bf4c054ff3644b460f44ab281e8ee150fcef66153db69314

Download Submit
C:\Windows\system\ONzNmeT.exe

Filesize
6.0MB

MD5
105478fd09213a2b3be160a3e57ffcbf

SHA1
2614c5fd00b959a1b4a077cbb439dba3747947ae

SHA256
e2361910ea37c93327b48d8bc4d022e38282f11e9e9adcaf69b85ff520a48d5d

SHA512
888eedb67aeafc9056961d14a9b3c0767e7e12e3d86aedbb4daaf63518a09a5e2d7e9faaeed935ae1005e1bd85784c77874d5ead877944dac60aea62c4d9acbd

Download Submit
C:\Windows\system\PEFrxBY.exe

Filesize
6.0MB

MD5
b474beb9428440a98a7efa81d457b994

SHA1
7504515b126973b479fad7ab4a3428505f49a6f2

SHA256
57fcc6c60e506d61b3ac251d9aaffd30e168e389c61435c5f9dc38f7d6de40e4

SHA512
68947f337e8909166425f47618525c4a60661bc009c5830436a5bcb7db1b4b336aa77c1fb5b98a2691788f238aa211b6c998061a3a8199dc31ee01d45827994b

Download Submit
C:\Windows\system\QGiZFSc.exe

Filesize
6.0MB

MD5
3ff8c53b062c3803ebd21518e26d862f

SHA1
2e8cd9d6cf192fd93abc4389d02b7e20ce662ab5

SHA256
54826124b9984f7445812c11e229a42874b2657983b2d3d0e212344162a61a24

SHA512
b418f2af9a9e636ca08a56680d675d0b40a0b7d139281fb4841c009b57170d29b72747b370ff305acfe3b456a4be87c68e916fe0ebe554d502d471702ff517aa

Download Submit
C:\Windows\system\QaPOWNy.exe

Filesize
6.0MB

MD5
68cec805d8736c89380ca126ac71f334

SHA1
ec2d0708ed74e7ab18d3b70bd9f50bedb9e7a472

SHA256
eb6739b9782871398d7854aec9353a50d8aeb06149292a58957ae85d59eaaa0b

SHA512
23dcdf68515243105eaa8b8c7a00671897bbb27ee552e4f248261b50355ee175a39a497f7d3f0686d4b5b373a93666bac3207ec97b02471dddc8c4d3c43a26e1

Download Submit
C:\Windows\system\WSceMfq.exe

Filesize
6.0MB

MD5
8cee599539a23e7e7a6d27d716ff72af

SHA1
147b9585d21cd31f64f018062d316a3bf28810f8

SHA256
3f4cbd6d76f95523c37b7321f793143e0ff58881ac557c0a1b2814bbb38ea979

SHA512
ce35846e9464c5bd690ca1616d8a816a2f3cfc8814fb6555c1d044dd74bb91455d90f98ae51f8d69a833e785cbeb2b697352842bc9c3d5b8c6fb48c1a697224e

Download Submit
C:\Windows\system\Xfqfrih.exe

Filesize
6.0MB

MD5
8ac014bbdb5c6905ec4a10e2051ec92f

SHA1
13643ff9d54af8a375c882b02a25e2f800aa54f6

SHA256
35f571ec3c217475b19e3ef45af429de4c2c9b378a16d67fcbc48ede3f1721fa

SHA512
24cf6b166b933d27b14ad75ab52330cdf946f9059ebd53486b2a3daad241c5e31a019e36d6ffe1780bcd0c4e2c81cf870a4beac24d4074b3558f3ec458d5df1e

Download Submit
C:\Windows\system\cVxHcjS.exe

Filesize
6.0MB

MD5
bf59fbdf8369655a59dd10da2c82a639

SHA1
8f485eaa943851be79f2acc9204306f2411bd8f8

SHA256
22bae685d38d15c1aaf41f3e02b5106066d086407ddf8a4f6cf0dc1be6d52c24

SHA512
63b2d74070b377130a5c2f9386d2b3f011b290781e4d2a010281e3c8f43a98ee0dd911258337469b54b3382c8383ce0bb6ee6ced9a366ff9b2c9feab1f415eff

Download Submit
C:\Windows\system\fOaWAZY.exe

Filesize
6.0MB

MD5
aa1f73e030b4e1055ee3173d95783144

SHA1
cb8fca7c44c9f686294ed707789d7a0b8c33fd95

SHA256
2ddae6f39c628a80eb76732b851f769a0c809c7eaa9d6c6d9f93e489ead71519

SHA512
59a683b6f84b389ef259ffa0313a5f4c251af21bfef20af5300c410e906ef3ca3a33d58408a0f2821b9727c1e63bc63320e82e308a3d738c6e266411094efd50

Download Submit
C:\Windows\system\fUqukbL.exe

Filesize
6.0MB

MD5
e6f8bead3b30f097431614561af8db53

SHA1
103d752cbb641e111ef8fc4d828ba6b49cf44029

SHA256
aad4de94938c584930ea16df765e729ee586d8f42dfc919035af37d86dcebc86

SHA512
12f751f7a7b3785e438bd45f7d11edbde1907b18db0c55a7f1d005561b5a895fd272d4d823fd8e4d91d3fa79b845abbecbda70a5f9fd3409626f99c9f3e1dd0a

Download Submit
C:\Windows\system\feIOFgN.exe

Filesize
6.0MB

MD5
b57e8d69491ee73d04afb820bf6744ad

SHA1
7cda413b208e76ac814d7f8770fe967d670f524e

SHA256
f5515b1d57b246ffc70bd1864f9e097346b9fe55c8c19d2a5effbc96a18d4384

SHA512
f6a22476ae4ecadb7e7c7511c6ae25695cdeeba9bd1d22b985d17060cf5be271305770bcf9597ee6aeb1450f828f4d889dd3cf92f2353a75a2cff76e222032de

Download Submit
C:\Windows\system\ffwMGTV.exe

Filesize
6.0MB

MD5
98742ed792689e233883fadeb7799165

SHA1
061d4852c4e602302c5127ddc53ac0ecf0e03ee3

SHA256
9b0b1afae54789394de08e4b851002c96564251da16f5d96ff56d65156e7e7eb

SHA512
640a2c64c357916cbb92cfe8d9c8cc48468240e7edae7dcb2bcb823f610aa35065338385a6dfc70a1069e7c71e61d4cf706f64499bf1aa7259c1d2c3d08d17e2

Download Submit
C:\Windows\system\hCUxkda.exe

Filesize
6.0MB

MD5
327fb26e33804d0873eeb198273ae55d

SHA1
529d027d5a5074cc05cc9dbb0fb0357b1ce4e1c8

SHA256
69cd90c5a108a05db215ca90eb2b2bce8a6304ff32ce9fdfddf14c534e9d097e

SHA512
0a9ee97b497071df26f014f58556f5d46ba191041534137984f8827b281dd820b09645af4ef84ff323e534332633fd1c9e9582ae713310905afb0acbe42c6a58

Download Submit
C:\Windows\system\ipbmsLB.exe

Filesize
6.0MB

MD5
1d8beb812cf95ef868a9fa91f6788553

SHA1
bc79b9535db2384ff43a52ec37e507b58908220e

SHA256
f00028b20cce274d89266c8c745153e590638f7e9f915c3ce29fadc4f592eb9c

SHA512
bb5f7d150c9bf81ea470cecabb5df300e488a645134b8b2f6186b897793017071449a990610824e1041225847192915cefe47ba3d31d1c587209d2ec6c91ce7d

Download Submit
C:\Windows\system\kGyPDfg.exe

Filesize
6.0MB

MD5
26e5813f392a84192d56f6786360f144

SHA1
eef91cbae411eeeb7e58764d8025b586c7866c83

SHA256
b3f87aaeab702a7699b9104db44f1d053842820e0585c6f828de117339fa4416

SHA512
0267c8914b433daaea24b080213e83e2d49ba883a892db827a9edd5306cc22776075c134089ade43c71175f6cce836a7856e6a2673f0ad432285c9daed8db2f6

Download Submit
C:\Windows\system\pjgYGZV.exe

Filesize
6.0MB

MD5
5a442bfbb0c90df3897b2cb52b85897b

SHA1
34c4caae6f993da09c71cbab1c3584fa2af08a74

SHA256
443dce47f8ca1659e302473ed55989f7ba99ddf6a61c9f5b3b4c1e880655fa82

SHA512
bb670169ab8d4f04318742a70cd2b51d879068d5e11b941d7bdfb5d3523eb936e8cb22bfc7089b5b2d6c68a4946d72e7ba90fb11bdaba391cf1933151ef29386

Download Submit
C:\Windows\system\rZZoPRt.exe

Filesize
6.0MB

MD5
483fbe6435f07528fb7e6e6970337f94

SHA1
c102452fb2a9f30987a40e76bce31c04057c4ca2

SHA256
d42d0328694d661a107be69078ca62b975512004b98741ebf2a112bfbab6d9df

SHA512
912658fa78b4351de27fb77e52b8257c70614c29043ef0d06b63cafe63046cc9e8e18c85524c533d294dd748e5d358dbb29c696a7f897ab8e850006dc6742364

Download Submit
C:\Windows\system\xxNapsb.exe

Filesize
6.0MB

MD5
bd58dfd3a53fdaed3dfc9acde3d2dba1

SHA1
aef8a2d85e6afa7f682effbc350d24da09efde98

SHA256
37d9d914a9186477778ca9dd8da608cdd889e31a2d126c570e1376e1b5f10a50

SHA512
7466fb789e9ec6c66599843a21489a6f32b8fad78d01e2c5ee182ae71f742954846fdc7eeb0ebd7d43a8c328d0916064c5f49a1b4cc62f9a8337ff08d5f72a32

Download Submit
\Windows\system\FaQNljz.exe

Filesize
6.0MB

MD5
28d33fbd8162cd9c9e45d46c31b57732

SHA1
bdd2736046b34cea713867bcfa25d370e7bdf52c

SHA256
a0447da8266aa4f9c669cedfd046d7a18addf6bac9e568db440fb8c8c15a4423

SHA512
0083365c4208844e369845e14cc579bb42f47f98cd6f23e4b04c7b62b9cde01aaedeb48992af6ae513252cf3eeb2222a9dc1c5894c158956a342263083b99b63

Download Submit
\Windows\system\PoACWpi.exe

Filesize
6.0MB

MD5
262b8b2e86759a0db93e49695d215edd

SHA1
0f18f0a87558c2ff5a7cea4782014d26d32b1ec3

SHA256
495ac90aba0cc4946f3ba1464d98df94ebd9be3e81103f253c52e341741e2d6a

SHA512
078847b956c8fdb35827c8ddba4f44c48152c553c42de093a3ff8108023c69abc8a0b3aaf9d9c212bb936463df2959a86639937290490411e0a2323d85ea8d60

Download Submit
\Windows\system\YRFnJow.exe

Filesize
6.0MB

MD5
eba651099cc8603e281a8b45db330e92

SHA1
af5fb6e0704c31fdfc04660726f10dc05a7a1f03

SHA256
ddb1f6c497a7d069cb56bd06df31dca3bc32057ce6deda59cb79b0ca3f41271e

SHA512
58edb40dc8503b6539d94d6bd53480cbbfc5a60c143f54dbb7959977bf466d619b9870374e5a2787a96f07ace322401cf33e4d6de7d58f7d3245ef26fea0da0c

Download Submit
\Windows\system\kLvMcMz.exe

Filesize
6.0MB

MD5
b263f59527cfe62d36effd6a6391d588

SHA1
8dc5b81e8be356a4341c6cb1ab0815e2d359958f

SHA256
c0c37d6b0ffb6a02fee45e8e7e9ac62e94984ae60d47d518bf1bfbc1c70d7a66

SHA512
49a5ff040cf8e1e834c8e141851ac5c308cdec4a1a16a9d4204f90412e967184f5b0ba629c9bc27933d76a82ed5b71de53671d81dae69eb22308357ee716779e

Download Submit
\Windows\system\lcxtLEK.exe

Filesize
6.0MB

MD5
389edf5063fdf4431874703692cd1f7d

SHA1
7e43da9f0d99514ebd3a2c42962ed29f6a18e46f

SHA256
3b13b223e83a1983b2b009283498b7da7eacba47d66f4a5ce768f5827ad478ae

SHA512
4a35cfebf0d2790c29675958a83b25d223b40c997d1622a32b1a911db13e5da828fec005c958ced0d426673bffabcf6a54a90027685a80575cb124f0da931cb6

Download Submit
\Windows\system\vWoWmCb.exe

Filesize
6.0MB

MD5
57b4bb154b01f68a15b8bf8c44c14f82

SHA1
86165603f6399c253cb5585e7e59fa23a0dbdc5e

SHA256
4e3fe9a7aedc919dd3ab631a1fd7746ee8c5de76547cc3562488c7f771c463b7

SHA512
9442189759ad531dc1b28a1d191921af3409d22d2b798e181b0fd84c81cd7b2370d7e2e2e2b21b2744791d2ab2fefaa0790e94b0692c955b78935287cb5db760

Download Submit
\Windows\system\viyalDr.exe

Filesize
6.0MB

MD5
bdd3b3e07f1f0c417436e6a5ef844293

SHA1
123ae5f68799bcdc6127fe539ebe529a8566aedc

SHA256
7737ea31cf33fcae41ad0d5cba6f5af5102a023c4d0fc30d307aa622aac81679

SHA512
9cf219046bebff1af6a61b89077087817b3150bf3077c144ef2eb34f6637b566a2ea3fc667193aeb0d5187df648e2d60a703c5e4346f66bb837d101058112202

Download Submit
\Windows\system\yYQirNB.exe

Filesize
6.0MB

MD5
070a105f6590c65c7eaa2f63e9e08f5b

SHA1
c8f61902f73cda35e9cee5023581c46d0eba95a5

SHA256
6715b9eca4672638b2cdc17314ec0a4a1323022b2dcd0f057f1c2db5e60c2ef8

SHA512
213cfabcb01b1e9723526dfd9981d57a9ab859b013b27445ee022417d5acbfe24eb422465ffe65195b434c442e32cd1a98c2ad84527d8d0c831b876f91c20445

Download Submit
memory/1428-91-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/1428-15-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/1664-13-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/1900-4043-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/1900-35-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2012-4048-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2012-64-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2076-1246-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2076-0-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-1245-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-370-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2076-1481-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2076-1712-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2076-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2076-8-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2076-73-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-33-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2076-45-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-82-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2076-55-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2076-56-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2076-54-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2076-87-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2076-109-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2076-52-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-92-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-62-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-112-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2084-96-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-4053-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2288-4047-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2288-58-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2556-4052-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2556-89-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2592-90-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2592-4051-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2672-4050-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-711-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-78-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-119-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-40-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-4049-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2812-60-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2848-4044-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-125-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-50-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-4042-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-24-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-103-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download