cobaltstrike | 7776fd3fb63c3c0e4f1286fd05071ecb999a672a3c10f3424c7905e724947639

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
28-01-2025 00:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

84df23c2838deabde7b48d4eb9834959
SHA1

449a2f1953cccd30c4838a9afb84d6387926adb8
SHA256

7776fd3fb63c3c0e4f1286fd05071ecb999a672a3c10f3424c7905e724947639
SHA512

b8281fc8bed74713a895c2e72a5e684d232300126b800dff8937d2604d915816cd46b6c1edbb8445e1a5fea9345fd42aafe6b5427d8fd757063e2120b80310a7
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU9:T+q56utgpPF8u/79

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00070000000120fc-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d42-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d46-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d4a-22.dat	cobalt_reflective_dll
behavioral1/files/0x0034000000016d17-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016dbc-40.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016dc0-47.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016dc8-53.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019581-64.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c0-68.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f7-71.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ff-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019601-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019603-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d40-192.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d18-187.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c36-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c32-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c50-182.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019999-161.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196ed-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001969b-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019659-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019605-137.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fe-118.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fd-113.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fb-107.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f9-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001955c-81.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000017021-75.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2296-0-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/files/0x00070000000120fc-3.dat	xmrig
behavioral1/memory/1684-8-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d42-9.dat	xmrig
behavioral1/memory/2712-14-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d46-11.dat	xmrig
behavioral1/memory/2848-19-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d4a-22.dat	xmrig
behavioral1/memory/2160-27-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/files/0x0034000000016d17-32.dat	xmrig
behavioral1/files/0x0007000000016dbc-40.dat	xmrig
behavioral1/memory/2748-43-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2296-33-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/1684-41-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2608-38-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/files/0x0007000000016dc0-47.dat	xmrig
behavioral1/memory/2712-52-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2628-51-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016dc8-53.dat	xmrig
behavioral1/files/0x0005000000019581-64.dat	xmrig
behavioral1/files/0x00050000000195c0-68.dat	xmrig
behavioral1/files/0x00050000000195f7-71.dat	xmrig
behavioral1/memory/664-95-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2208-92-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2608-91-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/484-89-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2412-84-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2616-83-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/824-101-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195ff-122.dat	xmrig
behavioral1/files/0x0005000000019601-128.dat	xmrig
behavioral1/files/0x0005000000019603-132.dat	xmrig
behavioral1/files/0x0005000000019615-142.dat	xmrig
behavioral1/files/0x0005000000019c34-173.dat	xmrig
behavioral1/files/0x0005000000019d40-192.dat	xmrig
behavioral1/memory/2296-922-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/824-823-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/664-663-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2412-502-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2616-501-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/484-412-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d18-187.dat	xmrig
behavioral1/files/0x0005000000019c36-177.dat	xmrig
behavioral1/files/0x0005000000019c32-167.dat	xmrig
behavioral1/files/0x0005000000019c50-182.dat	xmrig
behavioral1/files/0x0005000000019999-161.dat	xmrig
behavioral1/files/0x00050000000196ed-157.dat	xmrig
behavioral1/files/0x000500000001969b-152.dat	xmrig
behavioral1/files/0x0005000000019659-147.dat	xmrig
behavioral1/files/0x0005000000019605-137.dat	xmrig
behavioral1/files/0x00050000000195fe-118.dat	xmrig
behavioral1/files/0x00050000000195fd-113.dat	xmrig
behavioral1/files/0x00050000000195fb-107.dat	xmrig
behavioral1/memory/2296-105-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2296-104-0x0000000002420000-0x0000000002774000-memory.dmp	xmrig
behavioral1/files/0x00050000000195f9-100.dat	xmrig
behavioral1/files/0x000500000001955c-81.dat	xmrig
behavioral1/memory/1828-79-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2160-78-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/files/0x0009000000017021-75.dat	xmrig
behavioral1/memory/2848-59-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2712-3182-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/1684-3245-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2848-3268-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1684	rEITlus.exe
2712	aMpoean.exe
2848	kXyrwtp.exe
2160	sEKJUWb.exe
2608	YrVjUfy.exe
2748	wrmTwXT.exe
2628	AAEXMiA.exe
1828	vDKSXHa.exe
2616	detFHhC.exe
2412	WuDqNoM.exe
484	oBHvSdz.exe
2208	vzLHxAZ.exe
664	fotoirG.exe
824	BMNrSEg.exe
2956	WbVQdbK.exe
760	vdGEuWg.exe
1820	PIFsHyP.exe
2468	VTjHmbT.exe
1832	GHumfnB.exe
1688	qrefEWK.exe
1824	AZGrSlG.exe
1064	yyEfjWh.exe
1524	EgZloGL.exe
2812	TSQVesg.exe
2020	FApqAuH.exe
1028	wjCVCOe.exe
1060	kevQBQk.exe
2532	tynjzKb.exe
2668	eDczyOO.exe
2444	HMdLiGT.exe
2016	hSGYtKs.exe
2460	XEximcV.exe
2164	ukxnNvD.exe
1552	jTeFsdy.exe
3020	MFlbKjv.exe
628	LAFFyNw.exe
2416	YSSlmpc.exe
1796	DAKvqKL.exe
948	XQvjwTv.exe
108	CsBQEjX.exe
1980	TDVAwgk.exe
1384	FTnVgrD.exe
1672	Gajxhvq.exe
2500	EeqNWYO.exe
1932	wsnoVDa.exe
2452	oKhGhoM.exe
1108	HaSopJa.exe
2276	cEIPerZ.exe
1712	brGOeYm.exe
3016	qKxWPdF.exe
1244	LHGhtFq.exe
2988	KCymefV.exe
1468	TLEkaPe.exe
1756	OeAItnD.exe
3048	oZUpsbD.exe
1596	HddyqZI.exe
2508	oQieLfb.exe
2140	WGqjCoK.exe
2720	weLMzzm.exe
2996	QvYTukF.exe
2836	SQOOUps.exe
2896	evtbqhE.exe
2696	iHPpxOF.exe
2596	zSYwJxU.exe

Loads dropped DLL 64 IoCs

pid	Process
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2296-0-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/files/0x00070000000120fc-3.dat	upx
behavioral1/memory/1684-8-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x0008000000016d42-9.dat	upx
behavioral1/memory/2712-14-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/files/0x0008000000016d46-11.dat	upx
behavioral1/memory/2848-19-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/files/0x0008000000016d4a-22.dat	upx
behavioral1/memory/2160-27-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/files/0x0034000000016d17-32.dat	upx
behavioral1/files/0x0007000000016dbc-40.dat	upx
behavioral1/memory/2748-43-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2296-33-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/1684-41-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2608-38-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/files/0x0007000000016dc0-47.dat	upx
behavioral1/memory/2712-52-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2628-51-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/files/0x0007000000016dc8-53.dat	upx
behavioral1/files/0x0005000000019581-64.dat	upx
behavioral1/files/0x00050000000195c0-68.dat	upx
behavioral1/files/0x00050000000195f7-71.dat	upx
behavioral1/memory/664-95-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2208-92-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2608-91-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/484-89-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2412-84-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2616-83-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/824-101-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/files/0x00050000000195ff-122.dat	upx
behavioral1/files/0x0005000000019601-128.dat	upx
behavioral1/files/0x0005000000019603-132.dat	upx
behavioral1/files/0x0005000000019615-142.dat	upx
behavioral1/files/0x0005000000019c34-173.dat	upx
behavioral1/files/0x0005000000019d40-192.dat	upx
behavioral1/memory/824-823-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/664-663-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2412-502-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2616-501-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/484-412-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/files/0x0005000000019d18-187.dat	upx
behavioral1/files/0x0005000000019c36-177.dat	upx
behavioral1/files/0x0005000000019c32-167.dat	upx
behavioral1/files/0x0005000000019c50-182.dat	upx
behavioral1/files/0x0005000000019999-161.dat	upx
behavioral1/files/0x00050000000196ed-157.dat	upx
behavioral1/files/0x000500000001969b-152.dat	upx
behavioral1/files/0x0005000000019659-147.dat	upx
behavioral1/files/0x0005000000019605-137.dat	upx
behavioral1/files/0x00050000000195fe-118.dat	upx
behavioral1/files/0x00050000000195fd-113.dat	upx
behavioral1/files/0x00050000000195fb-107.dat	upx
behavioral1/files/0x00050000000195f9-100.dat	upx
behavioral1/files/0x000500000001955c-81.dat	upx
behavioral1/memory/1828-79-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2160-78-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/files/0x0009000000017021-75.dat	upx
behavioral1/memory/2848-59-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2712-3182-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/1684-3245-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2848-3268-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2160-3366-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2748-3382-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2608-3392-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\MYaTNQZ.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QOSsjZD.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KJPPYOV.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pviKkwe.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MQEhvzL.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fkmPmuM.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BYYeYZX.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LSjecWy.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pweEAqf.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oQieLfb.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\drpoKFr.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lPBVcqH.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TzRWXuY.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NFBDUWU.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FtOxuzD.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qzTOvSg.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JcYXIVa.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\detFHhC.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wfdfqsr.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rUzCENv.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tfitcqI.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WaJZGZM.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OCurbsZ.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vzLHxAZ.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AJVLHrM.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CFByIFL.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\umVASeh.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nRveqhM.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lCgHXfz.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DwnQaNT.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FfwQRIE.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FkWyltT.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MepeEbs.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\deKzNGJ.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wRJsiXD.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aZbJfxQ.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fvSKgNx.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GFgsbmg.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WBvHKZX.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gfuNSeM.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NnBRztE.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HZLgrfH.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XTDlgEE.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NLAxHtx.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\urzlMnA.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LVRxVSF.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LIjTyLY.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GJNeGwB.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DRLUuRy.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zwFVOXy.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FMdQKoG.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bxSoeQL.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PiFqSsR.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wTobUba.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BWwIZmI.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WOhrbHG.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OEDtyGz.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZXlFtGS.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RJNTErc.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mHUJver.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xqvtQwI.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tJYsAGG.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iIwPjME.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RemdsgG.exe	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 1684	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2296 wrote to memory of 1684	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2296 wrote to memory of 1684	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2296 wrote to memory of 2712	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2296 wrote to memory of 2712	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2296 wrote to memory of 2712	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2296 wrote to memory of 2848	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2296 wrote to memory of 2848	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2296 wrote to memory of 2848	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2296 wrote to memory of 2160	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2296 wrote to memory of 2160	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2296 wrote to memory of 2160	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2296 wrote to memory of 2608	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2296 wrote to memory of 2608	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2296 wrote to memory of 2608	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2296 wrote to memory of 2748	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2296 wrote to memory of 2748	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2296 wrote to memory of 2748	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2296 wrote to memory of 2628	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2296 wrote to memory of 2628	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2296 wrote to memory of 2628	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2296 wrote to memory of 2616	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2296 wrote to memory of 2616	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2296 wrote to memory of 2616	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2296 wrote to memory of 1828	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2296 wrote to memory of 1828	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2296 wrote to memory of 1828	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2296 wrote to memory of 2412	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2296 wrote to memory of 2412	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2296 wrote to memory of 2412	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2296 wrote to memory of 2208	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2296 wrote to memory of 2208	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2296 wrote to memory of 2208	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2296 wrote to memory of 484	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2296 wrote to memory of 484	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2296 wrote to memory of 484	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2296 wrote to memory of 664	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2296 wrote to memory of 664	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2296 wrote to memory of 664	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2296 wrote to memory of 824	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2296 wrote to memory of 824	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2296 wrote to memory of 824	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2296 wrote to memory of 2956	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2296 wrote to memory of 2956	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2296 wrote to memory of 2956	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2296 wrote to memory of 760	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2296 wrote to memory of 760	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2296 wrote to memory of 760	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2296 wrote to memory of 1820	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2296 wrote to memory of 1820	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2296 wrote to memory of 1820	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2296 wrote to memory of 2468	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2296 wrote to memory of 2468	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2296 wrote to memory of 2468	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2296 wrote to memory of 1832	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2296 wrote to memory of 1832	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2296 wrote to memory of 1832	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2296 wrote to memory of 1688	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2296 wrote to memory of 1688	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2296 wrote to memory of 1688	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2296 wrote to memory of 1824	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2296 wrote to memory of 1824	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2296 wrote to memory of 1824	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2296 wrote to memory of 1064	2296	2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-28_84df23c2838deabde7b48d4eb9834959_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Windows\System\rEITlus.exe
  C:\Windows\System\rEITlus.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\aMpoean.exe
  C:\Windows\System\aMpoean.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\kXyrwtp.exe
  C:\Windows\System\kXyrwtp.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\sEKJUWb.exe
  C:\Windows\System\sEKJUWb.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\YrVjUfy.exe
  C:\Windows\System\YrVjUfy.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\wrmTwXT.exe
  C:\Windows\System\wrmTwXT.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\AAEXMiA.exe
  C:\Windows\System\AAEXMiA.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\detFHhC.exe
  C:\Windows\System\detFHhC.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\vDKSXHa.exe
  C:\Windows\System\vDKSXHa.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\WuDqNoM.exe
  C:\Windows\System\WuDqNoM.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\vzLHxAZ.exe
  C:\Windows\System\vzLHxAZ.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\oBHvSdz.exe
  C:\Windows\System\oBHvSdz.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\fotoirG.exe
  C:\Windows\System\fotoirG.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\BMNrSEg.exe
  C:\Windows\System\BMNrSEg.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\WbVQdbK.exe
  C:\Windows\System\WbVQdbK.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\vdGEuWg.exe
  C:\Windows\System\vdGEuWg.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\PIFsHyP.exe
  C:\Windows\System\PIFsHyP.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\VTjHmbT.exe
  C:\Windows\System\VTjHmbT.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\GHumfnB.exe
  C:\Windows\System\GHumfnB.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\qrefEWK.exe
  C:\Windows\System\qrefEWK.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\AZGrSlG.exe
  C:\Windows\System\AZGrSlG.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\yyEfjWh.exe
  C:\Windows\System\yyEfjWh.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\EgZloGL.exe
  C:\Windows\System\EgZloGL.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\TSQVesg.exe
  C:\Windows\System\TSQVesg.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\FApqAuH.exe
  C:\Windows\System\FApqAuH.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\wjCVCOe.exe
  C:\Windows\System\wjCVCOe.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\kevQBQk.exe
  C:\Windows\System\kevQBQk.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\tynjzKb.exe
  C:\Windows\System\tynjzKb.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\eDczyOO.exe
  C:\Windows\System\eDczyOO.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\HMdLiGT.exe
  C:\Windows\System\HMdLiGT.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\hSGYtKs.exe
  C:\Windows\System\hSGYtKs.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\XEximcV.exe
  C:\Windows\System\XEximcV.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\ukxnNvD.exe
  C:\Windows\System\ukxnNvD.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\jTeFsdy.exe
  C:\Windows\System\jTeFsdy.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\MFlbKjv.exe
  C:\Windows\System\MFlbKjv.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\LAFFyNw.exe
  C:\Windows\System\LAFFyNw.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\YSSlmpc.exe
  C:\Windows\System\YSSlmpc.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\DAKvqKL.exe
  C:\Windows\System\DAKvqKL.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\XQvjwTv.exe
  C:\Windows\System\XQvjwTv.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\CsBQEjX.exe
  C:\Windows\System\CsBQEjX.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\TDVAwgk.exe
  C:\Windows\System\TDVAwgk.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\FTnVgrD.exe
  C:\Windows\System\FTnVgrD.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\Gajxhvq.exe
  C:\Windows\System\Gajxhvq.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\EeqNWYO.exe
  C:\Windows\System\EeqNWYO.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\wsnoVDa.exe
  C:\Windows\System\wsnoVDa.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\oKhGhoM.exe
  C:\Windows\System\oKhGhoM.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\HaSopJa.exe
  C:\Windows\System\HaSopJa.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\cEIPerZ.exe
  C:\Windows\System\cEIPerZ.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\brGOeYm.exe
  C:\Windows\System\brGOeYm.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\qKxWPdF.exe
  C:\Windows\System\qKxWPdF.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\LHGhtFq.exe
  C:\Windows\System\LHGhtFq.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\KCymefV.exe
  C:\Windows\System\KCymefV.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\TLEkaPe.exe
  C:\Windows\System\TLEkaPe.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\OeAItnD.exe
  C:\Windows\System\OeAItnD.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\oZUpsbD.exe
  C:\Windows\System\oZUpsbD.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\HddyqZI.exe
  C:\Windows\System\HddyqZI.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\oQieLfb.exe
  C:\Windows\System\oQieLfb.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\WGqjCoK.exe
  C:\Windows\System\WGqjCoK.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\weLMzzm.exe
  C:\Windows\System\weLMzzm.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\QvYTukF.exe
  C:\Windows\System\QvYTukF.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\SQOOUps.exe
  C:\Windows\System\SQOOUps.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\evtbqhE.exe
  C:\Windows\System\evtbqhE.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\iHPpxOF.exe
  C:\Windows\System\iHPpxOF.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\zSYwJxU.exe
  C:\Windows\System\zSYwJxU.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\cPHTQgT.exe
  C:\Windows\System\cPHTQgT.exe
  2⤵
  PID:2588
- C:\Windows\System\NIxTYjL.exe
  C:\Windows\System\NIxTYjL.exe
  2⤵
  PID:2952
- C:\Windows\System\QOSsjZD.exe
  C:\Windows\System\QOSsjZD.exe
  2⤵
  PID:2688
- C:\Windows\System\MepeEbs.exe
  C:\Windows\System\MepeEbs.exe
  2⤵
  PID:2920
- C:\Windows\System\wfdfqsr.exe
  C:\Windows\System\wfdfqsr.exe
  2⤵
  PID:1804
- C:\Windows\System\QYWLhVv.exe
  C:\Windows\System\QYWLhVv.exe
  2⤵
  PID:688
- C:\Windows\System\TXtRnnU.exe
  C:\Windows\System\TXtRnnU.exe
  2⤵
  PID:1152
- C:\Windows\System\pnNGaCg.exe
  C:\Windows\System\pnNGaCg.exe
  2⤵
  PID:2916
- C:\Windows\System\dLwTiAJ.exe
  C:\Windows\System\dLwTiAJ.exe
  2⤵
  PID:2116
- C:\Windows\System\KJvKuCJ.exe
  C:\Windows\System\KJvKuCJ.exe
  2⤵
  PID:2788
- C:\Windows\System\XGhWLWv.exe
  C:\Windows\System\XGhWLWv.exe
  2⤵
  PID:1972
- C:\Windows\System\VdsWKar.exe
  C:\Windows\System\VdsWKar.exe
  2⤵
  PID:2780
- C:\Windows\System\OEDtyGz.exe
  C:\Windows\System\OEDtyGz.exe
  2⤵
  PID:1960
- C:\Windows\System\hoPCeMn.exe
  C:\Windows\System\hoPCeMn.exe
  2⤵
  PID:2796
- C:\Windows\System\UBtRvVD.exe
  C:\Windows\System\UBtRvVD.exe
  2⤵
  PID:1032
- C:\Windows\System\xYDuaTg.exe
  C:\Windows\System\xYDuaTg.exe
  2⤵
  PID:2364
- C:\Windows\System\TLFuDQK.exe
  C:\Windows\System\TLFuDQK.exe
  2⤵
  PID:2992
- C:\Windows\System\BbHUUxp.exe
  C:\Windows\System\BbHUUxp.exe
  2⤵
  PID:2172
- C:\Windows\System\FBriwRH.exe
  C:\Windows\System\FBriwRH.exe
  2⤵
  PID:1560
- C:\Windows\System\XiMzPBY.exe
  C:\Windows\System\XiMzPBY.exe
  2⤵
  PID:1744
- C:\Windows\System\INJPOeN.exe
  C:\Windows\System\INJPOeN.exe
  2⤵
  PID:1148
- C:\Windows\System\VnyvuxJ.exe
  C:\Windows\System\VnyvuxJ.exe
  2⤵
  PID:1416
- C:\Windows\System\uXjtdUD.exe
  C:\Windows\System\uXjtdUD.exe
  2⤵
  PID:1724
- C:\Windows\System\sLYIdpY.exe
  C:\Windows\System\sLYIdpY.exe
  2⤵
  PID:1760
- C:\Windows\System\HYtSJnm.exe
  C:\Windows\System\HYtSJnm.exe
  2⤵
  PID:1548
- C:\Windows\System\ufztYCy.exe
  C:\Windows\System\ufztYCy.exe
  2⤵
  PID:1664
- C:\Windows\System\enmlZUN.exe
  C:\Windows\System\enmlZUN.exe
  2⤵
  PID:2156
- C:\Windows\System\hDCAGln.exe
  C:\Windows\System\hDCAGln.exe
  2⤵
  PID:1768
- C:\Windows\System\tbpyeVR.exe
  C:\Windows\System\tbpyeVR.exe
  2⤵
  PID:1008
- C:\Windows\System\rVhVVbu.exe
  C:\Windows\System\rVhVVbu.exe
  2⤵
  PID:832
- C:\Windows\System\xjMSkBl.exe
  C:\Windows\System\xjMSkBl.exe
  2⤵
  PID:988
- C:\Windows\System\pmZJVxq.exe
  C:\Windows\System\pmZJVxq.exe
  2⤵
  PID:2496
- C:\Windows\System\PYJrcbX.exe
  C:\Windows\System\PYJrcbX.exe
  2⤵
  PID:1608
- C:\Windows\System\zxjSDxp.exe
  C:\Windows\System\zxjSDxp.exe
  2⤵
  PID:1604
- C:\Windows\System\caZkDeH.exe
  C:\Windows\System\caZkDeH.exe
  2⤵
  PID:2404
- C:\Windows\System\iXomDQq.exe
  C:\Windows\System\iXomDQq.exe
  2⤵
  PID:1708
- C:\Windows\System\KXRkjzm.exe
  C:\Windows\System\KXRkjzm.exe
  2⤵
  PID:2828
- C:\Windows\System\vKvqbnA.exe
  C:\Windows\System\vKvqbnA.exe
  2⤵
  PID:2852
- C:\Windows\System\YONbFhy.exe
  C:\Windows\System\YONbFhy.exe
  2⤵
  PID:2736
- C:\Windows\System\rneKovH.exe
  C:\Windows\System\rneKovH.exe
  2⤵
  PID:2264
- C:\Windows\System\fSwQiEa.exe
  C:\Windows\System\fSwQiEa.exe
  2⤵
  PID:1508
- C:\Windows\System\YeSpgul.exe
  C:\Windows\System\YeSpgul.exe
  2⤵
  PID:580
- C:\Windows\System\AJVLHrM.exe
  C:\Windows\System\AJVLHrM.exe
  2⤵
  PID:3060
- C:\Windows\System\mFRrhmB.exe
  C:\Windows\System\mFRrhmB.exe
  2⤵
  PID:2060
- C:\Windows\System\LyGuGlE.exe
  C:\Windows\System\LyGuGlE.exe
  2⤵
  PID:1212
- C:\Windows\System\CiRLkYN.exe
  C:\Windows\System\CiRLkYN.exe
  2⤵
  PID:2800
- C:\Windows\System\oUftTil.exe
  C:\Windows\System\oUftTil.exe
  2⤵
  PID:1636
- C:\Windows\System\IUYsNJB.exe
  C:\Windows\System\IUYsNJB.exe
  2⤵
  PID:1844
- C:\Windows\System\WnyXrUO.exe
  C:\Windows\System\WnyXrUO.exe
  2⤵
  PID:1540
- C:\Windows\System\foKcVax.exe
  C:\Windows\System\foKcVax.exe
  2⤵
  PID:316
- C:\Windows\System\ujspwSi.exe
  C:\Windows\System\ujspwSi.exe
  2⤵
  PID:2856
- C:\Windows\System\DOkWqcI.exe
  C:\Windows\System\DOkWqcI.exe
  2⤵
  PID:2936
- C:\Windows\System\eHJbidV.exe
  C:\Windows\System\eHJbidV.exe
  2⤵
  PID:1556
- C:\Windows\System\IQKQAMz.exe
  C:\Windows\System\IQKQAMz.exe
  2⤵
  PID:2432
- C:\Windows\System\cgEmsSj.exe
  C:\Windows\System\cgEmsSj.exe
  2⤵
  PID:1260
- C:\Windows\System\xJGCGKO.exe
  C:\Windows\System\xJGCGKO.exe
  2⤵
  PID:1784
- C:\Windows\System\gzfEHKO.exe
  C:\Windows\System\gzfEHKO.exe
  2⤵
  PID:2212
- C:\Windows\System\uOyRkmC.exe
  C:\Windows\System\uOyRkmC.exe
  2⤵
  PID:1600
- C:\Windows\System\drpoKFr.exe
  C:\Windows\System\drpoKFr.exe
  2⤵
  PID:2664
- C:\Windows\System\ueYLrmx.exe
  C:\Windows\System\ueYLrmx.exe
  2⤵
  PID:2892
- C:\Windows\System\eqEhJIY.exe
  C:\Windows\System\eqEhJIY.exe
  2⤵
  PID:2860
- C:\Windows\System\sMrWXny.exe
  C:\Windows\System\sMrWXny.exe
  2⤵
  PID:2592
- C:\Windows\System\eBUTkvM.exe
  C:\Windows\System\eBUTkvM.exe
  2⤵
  PID:2740
- C:\Windows\System\jVLCPLl.exe
  C:\Windows\System\jVLCPLl.exe
  2⤵
  PID:536
- C:\Windows\System\INmEcud.exe
  C:\Windows\System\INmEcud.exe
  2⤵
  PID:1740
- C:\Windows\System\SUsMcDf.exe
  C:\Windows\System\SUsMcDf.exe
  2⤵
  PID:912
- C:\Windows\System\VFbySLw.exe
  C:\Windows\System\VFbySLw.exe
  2⤵
  PID:2552
- C:\Windows\System\TybCtZH.exe
  C:\Windows\System\TybCtZH.exe
  2⤵
  PID:1216
- C:\Windows\System\MMfIeIs.exe
  C:\Windows\System\MMfIeIs.exe
  2⤵
  PID:1884
- C:\Windows\System\XwHufcl.exe
  C:\Windows\System\XwHufcl.exe
  2⤵
  PID:2348
- C:\Windows\System\BQpXHtS.exe
  C:\Windows\System\BQpXHtS.exe
  2⤵
  PID:2380
- C:\Windows\System\ShwtIhx.exe
  C:\Windows\System\ShwtIhx.exe
  2⤵
  PID:2064
- C:\Windows\System\nZyNbZu.exe
  C:\Windows\System\nZyNbZu.exe
  2⤵
  PID:2324
- C:\Windows\System\zwFVOXy.exe
  C:\Windows\System\zwFVOXy.exe
  2⤵
  PID:2080
- C:\Windows\System\wmuvVOV.exe
  C:\Windows\System\wmuvVOV.exe
  2⤵
  PID:2708
- C:\Windows\System\APNWnMJ.exe
  C:\Windows\System\APNWnMJ.exe
  2⤵
  PID:1364
- C:\Windows\System\dUPohvT.exe
  C:\Windows\System\dUPohvT.exe
  2⤵
  PID:2644
- C:\Windows\System\ZbRavxH.exe
  C:\Windows\System\ZbRavxH.exe
  2⤵
  PID:1976
- C:\Windows\System\NRqmFEf.exe
  C:\Windows\System\NRqmFEf.exe
  2⤵
  PID:2392
- C:\Windows\System\EcSLdfo.exe
  C:\Windows\System\EcSLdfo.exe
  2⤵
  PID:692
- C:\Windows\System\uwmTBez.exe
  C:\Windows\System\uwmTBez.exe
  2⤵
  PID:3092
- C:\Windows\System\bfuaYpI.exe
  C:\Windows\System\bfuaYpI.exe
  2⤵
  PID:3108
- C:\Windows\System\iyGHNOt.exe
  C:\Windows\System\iyGHNOt.exe
  2⤵
  PID:3132
- C:\Windows\System\nMSSAUR.exe
  C:\Windows\System\nMSSAUR.exe
  2⤵
  PID:3152
- C:\Windows\System\VJpAORv.exe
  C:\Windows\System\VJpAORv.exe
  2⤵
  PID:3172
- C:\Windows\System\vOwrtAa.exe
  C:\Windows\System\vOwrtAa.exe
  2⤵
  PID:3192
- C:\Windows\System\wFywQXy.exe
  C:\Windows\System\wFywQXy.exe
  2⤵
  PID:3212
- C:\Windows\System\rResfVY.exe
  C:\Windows\System\rResfVY.exe
  2⤵
  PID:3232
- C:\Windows\System\lPBVcqH.exe
  C:\Windows\System\lPBVcqH.exe
  2⤵
  PID:3252
- C:\Windows\System\RHuGlwO.exe
  C:\Windows\System\RHuGlwO.exe
  2⤵
  PID:3272
- C:\Windows\System\REDcgev.exe
  C:\Windows\System\REDcgev.exe
  2⤵
  PID:3292
- C:\Windows\System\VGoqdQG.exe
  C:\Windows\System\VGoqdQG.exe
  2⤵
  PID:3312
- C:\Windows\System\mLoLlfX.exe
  C:\Windows\System\mLoLlfX.exe
  2⤵
  PID:3332
- C:\Windows\System\CFByIFL.exe
  C:\Windows\System\CFByIFL.exe
  2⤵
  PID:3352
- C:\Windows\System\VSFYAEd.exe
  C:\Windows\System\VSFYAEd.exe
  2⤵
  PID:3372
- C:\Windows\System\VuKafUU.exe
  C:\Windows\System\VuKafUU.exe
  2⤵
  PID:3392
- C:\Windows\System\vLEXRMR.exe
  C:\Windows\System\vLEXRMR.exe
  2⤵
  PID:3416
- C:\Windows\System\gfPXxEv.exe
  C:\Windows\System\gfPXxEv.exe
  2⤵
  PID:3436
- C:\Windows\System\xAMjcon.exe
  C:\Windows\System\xAMjcon.exe
  2⤵
  PID:3456
- C:\Windows\System\dQXLEIO.exe
  C:\Windows\System\dQXLEIO.exe
  2⤵
  PID:3480
- C:\Windows\System\dYKUQEH.exe
  C:\Windows\System\dYKUQEH.exe
  2⤵
  PID:3500
- C:\Windows\System\WvXludH.exe
  C:\Windows\System\WvXludH.exe
  2⤵
  PID:3516
- C:\Windows\System\PbQuAHQ.exe
  C:\Windows\System\PbQuAHQ.exe
  2⤵
  PID:3540
- C:\Windows\System\ATxuMhf.exe
  C:\Windows\System\ATxuMhf.exe
  2⤵
  PID:3560
- C:\Windows\System\qoIjBya.exe
  C:\Windows\System\qoIjBya.exe
  2⤵
  PID:3580
- C:\Windows\System\PeYmAIW.exe
  C:\Windows\System\PeYmAIW.exe
  2⤵
  PID:3600
- C:\Windows\System\basiBda.exe
  C:\Windows\System\basiBda.exe
  2⤵
  PID:3620
- C:\Windows\System\vzvolYa.exe
  C:\Windows\System\vzvolYa.exe
  2⤵
  PID:3640
- C:\Windows\System\XdKOXNz.exe
  C:\Windows\System\XdKOXNz.exe
  2⤵
  PID:3660
- C:\Windows\System\jMJdweF.exe
  C:\Windows\System\jMJdweF.exe
  2⤵
  PID:3680
- C:\Windows\System\VdntGbe.exe
  C:\Windows\System\VdntGbe.exe
  2⤵
  PID:3700
- C:\Windows\System\KJPPYOV.exe
  C:\Windows\System\KJPPYOV.exe
  2⤵
  PID:3720
- C:\Windows\System\FuTcdRg.exe
  C:\Windows\System\FuTcdRg.exe
  2⤵
  PID:3740
- C:\Windows\System\RPqLLOG.exe
  C:\Windows\System\RPqLLOG.exe
  2⤵
  PID:3756
- C:\Windows\System\PDcvCHa.exe
  C:\Windows\System\PDcvCHa.exe
  2⤵
  PID:3772
- C:\Windows\System\iqOJjGy.exe
  C:\Windows\System\iqOJjGy.exe
  2⤵
  PID:3796
- C:\Windows\System\lHAvSOn.exe
  C:\Windows\System\lHAvSOn.exe
  2⤵
  PID:3820
- C:\Windows\System\qwMIQmW.exe
  C:\Windows\System\qwMIQmW.exe
  2⤵
  PID:3836
- C:\Windows\System\LCUXJdt.exe
  C:\Windows\System\LCUXJdt.exe
  2⤵
  PID:3856
- C:\Windows\System\YdEDeVk.exe
  C:\Windows\System\YdEDeVk.exe
  2⤵
  PID:3880
- C:\Windows\System\SdhJocK.exe
  C:\Windows\System\SdhJocK.exe
  2⤵
  PID:3900
- C:\Windows\System\QCgFgZe.exe
  C:\Windows\System\QCgFgZe.exe
  2⤵
  PID:3920
- C:\Windows\System\mZJGBAA.exe
  C:\Windows\System\mZJGBAA.exe
  2⤵
  PID:3940
- C:\Windows\System\DpxmxdS.exe
  C:\Windows\System\DpxmxdS.exe
  2⤵
  PID:3960
- C:\Windows\System\cdVrZBp.exe
  C:\Windows\System\cdVrZBp.exe
  2⤵
  PID:3980
- C:\Windows\System\ZXlFtGS.exe
  C:\Windows\System\ZXlFtGS.exe
  2⤵
  PID:4004
- C:\Windows\System\tmixUwM.exe
  C:\Windows\System\tmixUwM.exe
  2⤵
  PID:4028
- C:\Windows\System\ZpwtBsq.exe
  C:\Windows\System\ZpwtBsq.exe
  2⤵
  PID:4048
- C:\Windows\System\IxKXltQ.exe
  C:\Windows\System\IxKXltQ.exe
  2⤵
  PID:4068
- C:\Windows\System\DVxTgBA.exe
  C:\Windows\System\DVxTgBA.exe
  2⤵
  PID:4092
- C:\Windows\System\LuXhIAe.exe
  C:\Windows\System\LuXhIAe.exe
  2⤵
  PID:892
- C:\Windows\System\RJbfsLM.exe
  C:\Windows\System\RJbfsLM.exe
  2⤵
  PID:2388
- C:\Windows\System\iWbbSzW.exe
  C:\Windows\System\iWbbSzW.exe
  2⤵
  PID:2864
- C:\Windows\System\CysIaEF.exe
  C:\Windows\System\CysIaEF.exe
  2⤵
  PID:1256
- C:\Windows\System\eMpskwT.exe
  C:\Windows\System\eMpskwT.exe
  2⤵
  PID:2184
- C:\Windows\System\tvEylfT.exe
  C:\Windows\System\tvEylfT.exe
  2⤵
  PID:1292
- C:\Windows\System\HGsGgDx.exe
  C:\Windows\System\HGsGgDx.exe
  2⤵
  PID:1800
- C:\Windows\System\RHaJGKY.exe
  C:\Windows\System\RHaJGKY.exe
  2⤵
  PID:3100
- C:\Windows\System\WPNBGaA.exe
  C:\Windows\System\WPNBGaA.exe
  2⤵
  PID:3168
- C:\Windows\System\zUhhtyV.exe
  C:\Windows\System\zUhhtyV.exe
  2⤵
  PID:3208
- C:\Windows\System\iVJxbXw.exe
  C:\Windows\System\iVJxbXw.exe
  2⤵
  PID:3240
- C:\Windows\System\jlncCqi.exe
  C:\Windows\System\jlncCqi.exe
  2⤵
  PID:3280
- C:\Windows\System\hLbWZnt.exe
  C:\Windows\System\hLbWZnt.exe
  2⤵
  PID:3264
- C:\Windows\System\RVjATuo.exe
  C:\Windows\System\RVjATuo.exe
  2⤵
  PID:3308
- C:\Windows\System\McOHvWS.exe
  C:\Windows\System\McOHvWS.exe
  2⤵
  PID:3344
- C:\Windows\System\OoCukUP.exe
  C:\Windows\System\OoCukUP.exe
  2⤵
  PID:3404
- C:\Windows\System\zVriRlb.exe
  C:\Windows\System\zVriRlb.exe
  2⤵
  PID:3452
- C:\Windows\System\aoAyRcc.exe
  C:\Windows\System\aoAyRcc.exe
  2⤵
  PID:3476
- C:\Windows\System\jFTbRLd.exe
  C:\Windows\System\jFTbRLd.exe
  2⤵
  PID:3508
- C:\Windows\System\IsejmEy.exe
  C:\Windows\System\IsejmEy.exe
  2⤵
  PID:3532
- C:\Windows\System\lCgHXfz.exe
  C:\Windows\System\lCgHXfz.exe
  2⤵
  PID:3556
- C:\Windows\System\OkpKEck.exe
  C:\Windows\System\OkpKEck.exe
  2⤵
  PID:3588
- C:\Windows\System\NlowUhK.exe
  C:\Windows\System\NlowUhK.exe
  2⤵
  PID:3652
- C:\Windows\System\CgXodlC.exe
  C:\Windows\System\CgXodlC.exe
  2⤵
  PID:3696
- C:\Windows\System\duSxFvs.exe
  C:\Windows\System\duSxFvs.exe
  2⤵
  PID:3668
- C:\Windows\System\IfnDKrj.exe
  C:\Windows\System\IfnDKrj.exe
  2⤵
  PID:3716
- C:\Windows\System\MQCVjYC.exe
  C:\Windows\System\MQCVjYC.exe
  2⤵
  PID:3748
- C:\Windows\System\kzpPpIH.exe
  C:\Windows\System\kzpPpIH.exe
  2⤵
  PID:3780
- C:\Windows\System\QcrVpPK.exe
  C:\Windows\System\QcrVpPK.exe
  2⤵
  PID:3828
- C:\Windows\System\xuaQIGl.exe
  C:\Windows\System\xuaQIGl.exe
  2⤵
  PID:3888
- C:\Windows\System\eZULuZi.exe
  C:\Windows\System\eZULuZi.exe
  2⤵
  PID:3936
- C:\Windows\System\iyBHOqK.exe
  C:\Windows\System\iyBHOqK.exe
  2⤵
  PID:3916
- C:\Windows\System\YqUYboX.exe
  C:\Windows\System\YqUYboX.exe
  2⤵
  PID:3948
- C:\Windows\System\vgGnQtU.exe
  C:\Windows\System\vgGnQtU.exe
  2⤵
  PID:4016
- C:\Windows\System\GeFZfcE.exe
  C:\Windows\System\GeFZfcE.exe
  2⤵
  PID:4064
- C:\Windows\System\ATQEWjx.exe
  C:\Windows\System\ATQEWjx.exe
  2⤵
  PID:4076
- C:\Windows\System\BCapIOb.exe
  C:\Windows\System\BCapIOb.exe
  2⤵
  PID:2964
- C:\Windows\System\fozoTiP.exe
  C:\Windows\System\fozoTiP.exe
  2⤵
  PID:1772
- C:\Windows\System\ccsidUs.exe
  C:\Windows\System\ccsidUs.exe
  2⤵
  PID:1592
- C:\Windows\System\bWrZLBb.exe
  C:\Windows\System\bWrZLBb.exe
  2⤵
  PID:992
- C:\Windows\System\YimkZuF.exe
  C:\Windows\System\YimkZuF.exe
  2⤵
  PID:3184
- C:\Windows\System\QDWduPW.exe
  C:\Windows\System\QDWduPW.exe
  2⤵
  PID:3080
- C:\Windows\System\sINojcG.exe
  C:\Windows\System\sINojcG.exe
  2⤵
  PID:3324
- C:\Windows\System\zdmdNsj.exe
  C:\Windows\System\zdmdNsj.exe
  2⤵
  PID:3180
- C:\Windows\System\UhotCBB.exe
  C:\Windows\System\UhotCBB.exe
  2⤵
  PID:3412
- C:\Windows\System\pivfmee.exe
  C:\Windows\System\pivfmee.exe
  2⤵
  PID:3328
- C:\Windows\System\HbEdcjs.exe
  C:\Windows\System\HbEdcjs.exe
  2⤵
  PID:3380
- C:\Windows\System\BmDcwwK.exe
  C:\Windows\System\BmDcwwK.exe
  2⤵
  PID:3572
- C:\Windows\System\NsezEFu.exe
  C:\Windows\System\NsezEFu.exe
  2⤵
  PID:3732
- C:\Windows\System\JPMcawO.exe
  C:\Windows\System\JPMcawO.exe
  2⤵
  PID:3536
- C:\Windows\System\asGNwRB.exe
  C:\Windows\System\asGNwRB.exe
  2⤵
  PID:3764
- C:\Windows\System\HEKHRwj.exe
  C:\Windows\System\HEKHRwj.exe
  2⤵
  PID:3708
- C:\Windows\System\BeZErxJ.exe
  C:\Windows\System\BeZErxJ.exe
  2⤵
  PID:3804
- C:\Windows\System\FWdyAPC.exe
  C:\Windows\System\FWdyAPC.exe
  2⤵
  PID:3816
- C:\Windows\System\AmjiDUR.exe
  C:\Windows\System\AmjiDUR.exe
  2⤵
  PID:3908
- C:\Windows\System\zbsuUcL.exe
  C:\Windows\System\zbsuUcL.exe
  2⤵
  PID:3976
- C:\Windows\System\FLbKyXG.exe
  C:\Windows\System\FLbKyXG.exe
  2⤵
  PID:3992
- C:\Windows\System\TWCZAxu.exe
  C:\Windows\System\TWCZAxu.exe
  2⤵
  PID:2888
- C:\Windows\System\ykLmNNK.exe
  C:\Windows\System\ykLmNNK.exe
  2⤵
  PID:1852
- C:\Windows\System\dxAIJZg.exe
  C:\Windows\System\dxAIJZg.exe
  2⤵
  PID:584
- C:\Windows\System\UCgOuaT.exe
  C:\Windows\System\UCgOuaT.exe
  2⤵
  PID:4088
- C:\Windows\System\EhyyOfc.exe
  C:\Windows\System\EhyyOfc.exe
  2⤵
  PID:636
- C:\Windows\System\yIqnYRi.exe
  C:\Windows\System\yIqnYRi.exe
  2⤵
  PID:1872
- C:\Windows\System\OrQHPaZ.exe
  C:\Windows\System\OrQHPaZ.exe
  2⤵
  PID:2176
- C:\Windows\System\OysqVrp.exe
  C:\Windows\System\OysqVrp.exe
  2⤵
  PID:3340
- C:\Windows\System\vOCTnxP.exe
  C:\Windows\System\vOCTnxP.exe
  2⤵
  PID:3432
- C:\Windows\System\xgZbKgD.exe
  C:\Windows\System\xgZbKgD.exe
  2⤵
  PID:3464
- C:\Windows\System\TPZzCJv.exe
  C:\Windows\System\TPZzCJv.exe
  2⤵
  PID:3548
- C:\Windows\System\yPCpLPi.exe
  C:\Windows\System\yPCpLPi.exe
  2⤵
  PID:3608
- C:\Windows\System\IaqIBAK.exe
  C:\Windows\System\IaqIBAK.exe
  2⤵
  PID:3848
- C:\Windows\System\PKeCHFi.exe
  C:\Windows\System\PKeCHFi.exe
  2⤵
  PID:3808
- C:\Windows\System\ksEKIsp.exe
  C:\Windows\System\ksEKIsp.exe
  2⤵
  PID:4024
- C:\Windows\System\dMpZmMy.exe
  C:\Windows\System\dMpZmMy.exe
  2⤵
  PID:3140
- C:\Windows\System\dsmEtdA.exe
  C:\Windows\System\dsmEtdA.exe
  2⤵
  PID:4080
- C:\Windows\System\XSBnxCV.exe
  C:\Windows\System\XSBnxCV.exe
  2⤵
  PID:3160
- C:\Windows\System\BFhfOVT.exe
  C:\Windows\System\BFhfOVT.exe
  2⤵
  PID:1812
- C:\Windows\System\IosqaTR.exe
  C:\Windows\System\IosqaTR.exe
  2⤵
  PID:3284
- C:\Windows\System\GKCYZTp.exe
  C:\Windows\System\GKCYZTp.exe
  2⤵
  PID:3592
- C:\Windows\System\pCrIjJX.exe
  C:\Windows\System\pCrIjJX.exe
  2⤵
  PID:3492
- C:\Windows\System\umVASeh.exe
  C:\Windows\System\umVASeh.exe
  2⤵
  PID:3428
- C:\Windows\System\SAinjHt.exe
  C:\Windows\System\SAinjHt.exe
  2⤵
  PID:3852
- C:\Windows\System\oTCUwlo.exe
  C:\Windows\System\oTCUwlo.exe
  2⤵
  PID:3864
- C:\Windows\System\OvgkfUs.exe
  C:\Windows\System\OvgkfUs.exe
  2⤵
  PID:4040
- C:\Windows\System\ZsoWrdk.exe
  C:\Windows\System\ZsoWrdk.exe
  2⤵
  PID:2336
- C:\Windows\System\QhLWMUe.exe
  C:\Windows\System\QhLWMUe.exe
  2⤵
  PID:1116
- C:\Windows\System\XbXKYFY.exe
  C:\Windows\System\XbXKYFY.exe
  2⤵
  PID:3360
- C:\Windows\System\otoitgU.exe
  C:\Windows\System\otoitgU.exe
  2⤵
  PID:3632
- C:\Windows\System\rtqMUZr.exe
  C:\Windows\System\rtqMUZr.exe
  2⤵
  PID:3968
- C:\Windows\System\zYsIOTd.exe
  C:\Windows\System\zYsIOTd.exe
  2⤵
  PID:4116
- C:\Windows\System\NHaHIId.exe
  C:\Windows\System\NHaHIId.exe
  2⤵
  PID:4136
- C:\Windows\System\bahlsfJ.exe
  C:\Windows\System\bahlsfJ.exe
  2⤵
  PID:4156
- C:\Windows\System\ukxgfEo.exe
  C:\Windows\System\ukxgfEo.exe
  2⤵
  PID:4176
- C:\Windows\System\eZtynMO.exe
  C:\Windows\System\eZtynMO.exe
  2⤵
  PID:4196
- C:\Windows\System\fawYlXu.exe
  C:\Windows\System\fawYlXu.exe
  2⤵
  PID:4216
- C:\Windows\System\chsqdDg.exe
  C:\Windows\System\chsqdDg.exe
  2⤵
  PID:4236
- C:\Windows\System\mKGIvOx.exe
  C:\Windows\System\mKGIvOx.exe
  2⤵
  PID:4256
- C:\Windows\System\EeDSurn.exe
  C:\Windows\System\EeDSurn.exe
  2⤵
  PID:4276
- C:\Windows\System\kHxbQil.exe
  C:\Windows\System\kHxbQil.exe
  2⤵
  PID:4296
- C:\Windows\System\DImxKCC.exe
  C:\Windows\System\DImxKCC.exe
  2⤵
  PID:4316
- C:\Windows\System\dlJiXSo.exe
  C:\Windows\System\dlJiXSo.exe
  2⤵
  PID:4336
- C:\Windows\System\XYJblep.exe
  C:\Windows\System\XYJblep.exe
  2⤵
  PID:4356
- C:\Windows\System\zlyHJqb.exe
  C:\Windows\System\zlyHJqb.exe
  2⤵
  PID:4376
- C:\Windows\System\RvsAaTg.exe
  C:\Windows\System\RvsAaTg.exe
  2⤵
  PID:4396
- C:\Windows\System\RuBJhst.exe
  C:\Windows\System\RuBJhst.exe
  2⤵
  PID:4420
- C:\Windows\System\FMurBxf.exe
  C:\Windows\System\FMurBxf.exe
  2⤵
  PID:4440
- C:\Windows\System\rqhdwej.exe
  C:\Windows\System\rqhdwej.exe
  2⤵
  PID:4460
- C:\Windows\System\DcbzVqw.exe
  C:\Windows\System\DcbzVqw.exe
  2⤵
  PID:4480
- C:\Windows\System\mpOOEma.exe
  C:\Windows\System\mpOOEma.exe
  2⤵
  PID:4500
- C:\Windows\System\DgFFDHK.exe
  C:\Windows\System\DgFFDHK.exe
  2⤵
  PID:4520
- C:\Windows\System\RXBVzgG.exe
  C:\Windows\System\RXBVzgG.exe
  2⤵
  PID:4540
- C:\Windows\System\zfgJAZK.exe
  C:\Windows\System\zfgJAZK.exe
  2⤵
  PID:4560
- C:\Windows\System\tynatVD.exe
  C:\Windows\System\tynatVD.exe
  2⤵
  PID:4580
- C:\Windows\System\YVbxATz.exe
  C:\Windows\System\YVbxATz.exe
  2⤵
  PID:4600
- C:\Windows\System\OsuDlMs.exe
  C:\Windows\System\OsuDlMs.exe
  2⤵
  PID:4620
- C:\Windows\System\beltFDw.exe
  C:\Windows\System\beltFDw.exe
  2⤵
  PID:4640
- C:\Windows\System\btsHYve.exe
  C:\Windows\System\btsHYve.exe
  2⤵
  PID:4660
- C:\Windows\System\qQmYiKb.exe
  C:\Windows\System\qQmYiKb.exe
  2⤵
  PID:4680
- C:\Windows\System\OsQjKro.exe
  C:\Windows\System\OsQjKro.exe
  2⤵
  PID:4700
- C:\Windows\System\dadqiYV.exe
  C:\Windows\System\dadqiYV.exe
  2⤵
  PID:4720
- C:\Windows\System\eRuVzpv.exe
  C:\Windows\System\eRuVzpv.exe
  2⤵
  PID:4740
- C:\Windows\System\tGkTekf.exe
  C:\Windows\System\tGkTekf.exe
  2⤵
  PID:4760
- C:\Windows\System\aFrTEGA.exe
  C:\Windows\System\aFrTEGA.exe
  2⤵
  PID:4780
- C:\Windows\System\OIsCAnf.exe
  C:\Windows\System\OIsCAnf.exe
  2⤵
  PID:4800
- C:\Windows\System\YVqWVll.exe
  C:\Windows\System\YVqWVll.exe
  2⤵
  PID:4820
- C:\Windows\System\FYqqYlL.exe
  C:\Windows\System\FYqqYlL.exe
  2⤵
  PID:4840
- C:\Windows\System\VqnRaRd.exe
  C:\Windows\System\VqnRaRd.exe
  2⤵
  PID:4856
- C:\Windows\System\EpqWvJZ.exe
  C:\Windows\System\EpqWvJZ.exe
  2⤵
  PID:4880
- C:\Windows\System\ahJdNGe.exe
  C:\Windows\System\ahJdNGe.exe
  2⤵
  PID:4900
- C:\Windows\System\WAIhNJn.exe
  C:\Windows\System\WAIhNJn.exe
  2⤵
  PID:4920
- C:\Windows\System\zHBGcNt.exe
  C:\Windows\System\zHBGcNt.exe
  2⤵
  PID:4940
- C:\Windows\System\JHBFMfR.exe
  C:\Windows\System\JHBFMfR.exe
  2⤵
  PID:4960
- C:\Windows\System\oKahsuD.exe
  C:\Windows\System\oKahsuD.exe
  2⤵
  PID:4980
- C:\Windows\System\NgbBuHy.exe
  C:\Windows\System\NgbBuHy.exe
  2⤵
  PID:5000
- C:\Windows\System\lmDcdXc.exe
  C:\Windows\System\lmDcdXc.exe
  2⤵
  PID:5020
- C:\Windows\System\uMcjTll.exe
  C:\Windows\System\uMcjTll.exe
  2⤵
  PID:5040
- C:\Windows\System\MtRyuRH.exe
  C:\Windows\System\MtRyuRH.exe
  2⤵
  PID:5060
- C:\Windows\System\RugPyFV.exe
  C:\Windows\System\RugPyFV.exe
  2⤵
  PID:5080
- C:\Windows\System\GWTyeZA.exe
  C:\Windows\System\GWTyeZA.exe
  2⤵
  PID:5100
- C:\Windows\System\iArfNjN.exe
  C:\Windows\System\iArfNjN.exe
  2⤵
  PID:3148
- C:\Windows\System\GYIlvQC.exe
  C:\Windows\System\GYIlvQC.exe
  2⤵
  PID:3188
- C:\Windows\System\KgVyEAr.exe
  C:\Windows\System\KgVyEAr.exe
  2⤵
  PID:3052
- C:\Windows\System\BQYBBGR.exe
  C:\Windows\System\BQYBBGR.exe
  2⤵
  PID:3128
- C:\Windows\System\xQEkDWK.exe
  C:\Windows\System\xQEkDWK.exe
  2⤵
  PID:4108
- C:\Windows\System\bIWDoKk.exe
  C:\Windows\System\bIWDoKk.exe
  2⤵
  PID:4152
- C:\Windows\System\dIYdtsP.exe
  C:\Windows\System\dIYdtsP.exe
  2⤵
  PID:4164
- C:\Windows\System\RJNTErc.exe
  C:\Windows\System\RJNTErc.exe
  2⤵
  PID:4204
- C:\Windows\System\OJXjozu.exe
  C:\Windows\System\OJXjozu.exe
  2⤵
  PID:4208
- C:\Windows\System\gfuNSeM.exe
  C:\Windows\System\gfuNSeM.exe
  2⤵
  PID:4268
- C:\Windows\System\DbxceZI.exe
  C:\Windows\System\DbxceZI.exe
  2⤵
  PID:4292
- C:\Windows\System\lnDsjdl.exe
  C:\Windows\System\lnDsjdl.exe
  2⤵
  PID:4348
- C:\Windows\System\PgNYPJo.exe
  C:\Windows\System\PgNYPJo.exe
  2⤵
  PID:4364
- C:\Windows\System\NnfyXjo.exe
  C:\Windows\System\NnfyXjo.exe
  2⤵
  PID:4372
- C:\Windows\System\xPfIOxD.exe
  C:\Windows\System\xPfIOxD.exe
  2⤵
  PID:4416
- C:\Windows\System\eGZsPce.exe
  C:\Windows\System\eGZsPce.exe
  2⤵
  PID:4472
- C:\Windows\System\rUzCENv.exe
  C:\Windows\System\rUzCENv.exe
  2⤵
  PID:4492
- C:\Windows\System\HgSIKAj.exe
  C:\Windows\System\HgSIKAj.exe
  2⤵
  PID:4548
- C:\Windows\System\nRveqhM.exe
  C:\Windows\System\nRveqhM.exe
  2⤵
  PID:4568
- C:\Windows\System\mDkxQKU.exe
  C:\Windows\System\mDkxQKU.exe
  2⤵
  PID:4576
- C:\Windows\System\JQzhpSV.exe
  C:\Windows\System\JQzhpSV.exe
  2⤵
  PID:4632
- C:\Windows\System\yWwKaBD.exe
  C:\Windows\System\yWwKaBD.exe
  2⤵
  PID:4652
- C:\Windows\System\lREBgQY.exe
  C:\Windows\System\lREBgQY.exe
  2⤵
  PID:4692
- C:\Windows\System\ghhaJbz.exe
  C:\Windows\System\ghhaJbz.exe
  2⤵
  PID:4728
- C:\Windows\System\yzpKozf.exe
  C:\Windows\System\yzpKozf.exe
  2⤵
  PID:4732
- C:\Windows\System\puHodBF.exe
  C:\Windows\System\puHodBF.exe
  2⤵
  PID:4796
- C:\Windows\System\TJchrOh.exe
  C:\Windows\System\TJchrOh.exe
  2⤵
  PID:4816
- C:\Windows\System\sTYQmZI.exe
  C:\Windows\System\sTYQmZI.exe
  2⤵
  PID:4848
- C:\Windows\System\lsgCoqy.exe
  C:\Windows\System\lsgCoqy.exe
  2⤵
  PID:4888
- C:\Windows\System\cnVwKeL.exe
  C:\Windows\System\cnVwKeL.exe
  2⤵
  PID:4892
- C:\Windows\System\AGErYTq.exe
  C:\Windows\System\AGErYTq.exe
  2⤵
  PID:4956
- C:\Windows\System\mHUJver.exe
  C:\Windows\System\mHUJver.exe
  2⤵
  PID:4976
- C:\Windows\System\OICUjTn.exe
  C:\Windows\System\OICUjTn.exe
  2⤵
  PID:5016
- C:\Windows\System\sTqqDtI.exe
  C:\Windows\System\sTqqDtI.exe
  2⤵
  PID:5036
- C:\Windows\System\lVOYGip.exe
  C:\Windows\System\lVOYGip.exe
  2⤵
  PID:5056
- C:\Windows\System\ieSZnhj.exe
  C:\Windows\System\ieSZnhj.exe
  2⤵
  PID:3868
- C:\Windows\System\jRBpVEe.exe
  C:\Windows\System\jRBpVEe.exe
  2⤵
  PID:3032
- C:\Windows\System\rTxmsRU.exe
  C:\Windows\System\rTxmsRU.exe
  2⤵
  PID:3040
- C:\Windows\System\sHhIPPv.exe
  C:\Windows\System\sHhIPPv.exe
  2⤵
  PID:4132
- C:\Windows\System\jDJJaTk.exe
  C:\Windows\System\jDJJaTk.exe
  2⤵
  PID:3656
- C:\Windows\System\KsTCykj.exe
  C:\Windows\System\KsTCykj.exe
  2⤵
  PID:4172
- C:\Windows\System\iiuFHKD.exe
  C:\Windows\System\iiuFHKD.exe
  2⤵
  PID:4244
- C:\Windows\System\fheYPnU.exe
  C:\Windows\System\fheYPnU.exe
  2⤵
  PID:4328
- C:\Windows\System\EGdtrGi.exe
  C:\Windows\System\EGdtrGi.exe
  2⤵
  PID:4432
- C:\Windows\System\BQTaLMY.exe
  C:\Windows\System\BQTaLMY.exe
  2⤵
  PID:4436
- C:\Windows\System\MUeeVsA.exe
  C:\Windows\System\MUeeVsA.exe
  2⤵
  PID:4488
- C:\Windows\System\GVOGiPh.exe
  C:\Windows\System\GVOGiPh.exe
  2⤵
  PID:4512
- C:\Windows\System\JTAtGPE.exe
  C:\Windows\System\JTAtGPE.exe
  2⤵
  PID:4612
- C:\Windows\System\CBWZRtv.exe
  C:\Windows\System\CBWZRtv.exe
  2⤵
  PID:4688
- C:\Windows\System\mwUEnVn.exe
  C:\Windows\System\mwUEnVn.exe
  2⤵
  PID:1572
- C:\Windows\System\qhUKosq.exe
  C:\Windows\System\qhUKosq.exe
  2⤵
  PID:4776
- C:\Windows\System\GDbVBeX.exe
  C:\Windows\System\GDbVBeX.exe
  2⤵
  PID:2648
- C:\Windows\System\oOBQcyb.exe
  C:\Windows\System\oOBQcyb.exe
  2⤵
  PID:4876
- C:\Windows\System\CzNsWgG.exe
  C:\Windows\System\CzNsWgG.exe
  2⤵
  PID:4916
- C:\Windows\System\smCChSt.exe
  C:\Windows\System\smCChSt.exe
  2⤵
  PID:4972
- C:\Windows\System\LlIKixg.exe
  C:\Windows\System\LlIKixg.exe
  2⤵
  PID:5008
- C:\Windows\System\iKrBdtO.exe
  C:\Windows\System\iKrBdtO.exe
  2⤵
  PID:5032
- C:\Windows\System\QMvminC.exe
  C:\Windows\System\QMvminC.exe
  2⤵
  PID:5116
- C:\Windows\System\PAIRXAx.exe
  C:\Windows\System\PAIRXAx.exe
  2⤵
  PID:3676
- C:\Windows\System\COdqTEO.exe
  C:\Windows\System\COdqTEO.exe
  2⤵
  PID:4232
- C:\Windows\System\AVmyPAm.exe
  C:\Windows\System\AVmyPAm.exe
  2⤵
  PID:672
- C:\Windows\System\JCQHqsc.exe
  C:\Windows\System\JCQHqsc.exe
  2⤵
  PID:796
- C:\Windows\System\rFVjwMD.exe
  C:\Windows\System\rFVjwMD.exe
  2⤵
  PID:4288
- C:\Windows\System\PDpMjRn.exe
  C:\Windows\System\PDpMjRn.exe
  2⤵
  PID:4556
- C:\Windows\System\uLfhxXq.exe
  C:\Windows\System\uLfhxXq.exe
  2⤵
  PID:1728
- C:\Windows\System\aOyzBvj.exe
  C:\Windows\System\aOyzBvj.exe
  2⤵
  PID:4496
- C:\Windows\System\PzihHxo.exe
  C:\Windows\System\PzihHxo.exe
  2⤵
  PID:4656
- C:\Windows\System\gTXvxVy.exe
  C:\Windows\System\gTXvxVy.exe
  2⤵
  PID:4792
- C:\Windows\System\FopftPn.exe
  C:\Windows\System\FopftPn.exe
  2⤵
  PID:4912
- C:\Windows\System\dnocJpT.exe
  C:\Windows\System\dnocJpT.exe
  2⤵
  PID:4932
- C:\Windows\System\SwjJSzK.exe
  C:\Windows\System\SwjJSzK.exe
  2⤵
  PID:4996
- C:\Windows\System\ptzNxVB.exe
  C:\Windows\System\ptzNxVB.exe
  2⤵
  PID:5108
- C:\Windows\System\jbDvsNR.exe
  C:\Windows\System\jbDvsNR.exe
  2⤵
  PID:4148
- C:\Windows\System\LJkIWUK.exe
  C:\Windows\System\LJkIWUK.exe
  2⤵
  PID:4332
- C:\Windows\System\pfAeZGv.exe
  C:\Windows\System\pfAeZGv.exe
  2⤵
  PID:4392
- C:\Windows\System\ALiDBvl.exe
  C:\Windows\System\ALiDBvl.exe
  2⤵
  PID:4552
- C:\Windows\System\RtZuiOi.exe
  C:\Windows\System\RtZuiOi.exe
  2⤵
  PID:4616
- C:\Windows\System\xqvtQwI.exe
  C:\Windows\System\xqvtQwI.exe
  2⤵
  PID:1480
- C:\Windows\System\NLhmiKF.exe
  C:\Windows\System\NLhmiKF.exe
  2⤵
  PID:2216
- C:\Windows\System\iEpzfym.exe
  C:\Windows\System\iEpzfym.exe
  2⤵
  PID:3628
- C:\Windows\System\knzRfym.exe
  C:\Windows\System\knzRfym.exe
  2⤵
  PID:2008
- C:\Windows\System\OCurbsZ.exe
  C:\Windows\System\OCurbsZ.exe
  2⤵
  PID:4284
- C:\Windows\System\TzRWXuY.exe
  C:\Windows\System\TzRWXuY.exe
  2⤵
  PID:4344
- C:\Windows\System\aNucfYq.exe
  C:\Windows\System\aNucfYq.exe
  2⤵
  PID:5136
- C:\Windows\System\eiXQeBc.exe
  C:\Windows\System\eiXQeBc.exe
  2⤵
  PID:5156
- C:\Windows\System\PrQPlmT.exe
  C:\Windows\System\PrQPlmT.exe
  2⤵
  PID:5176
- C:\Windows\System\reHqQYs.exe
  C:\Windows\System\reHqQYs.exe
  2⤵
  PID:5196
- C:\Windows\System\DRQhLZw.exe
  C:\Windows\System\DRQhLZw.exe
  2⤵
  PID:5216
- C:\Windows\System\dLGYprh.exe
  C:\Windows\System\dLGYprh.exe
  2⤵
  PID:5236
- C:\Windows\System\BdEBUNV.exe
  C:\Windows\System\BdEBUNV.exe
  2⤵
  PID:5256
- C:\Windows\System\TgKHWfH.exe
  C:\Windows\System\TgKHWfH.exe
  2⤵
  PID:5276
- C:\Windows\System\PyPumOI.exe
  C:\Windows\System\PyPumOI.exe
  2⤵
  PID:5296
- C:\Windows\System\hcdggqq.exe
  C:\Windows\System\hcdggqq.exe
  2⤵
  PID:5320
- C:\Windows\System\UhPTTXo.exe
  C:\Windows\System\UhPTTXo.exe
  2⤵
  PID:5340
- C:\Windows\System\EdoNSHN.exe
  C:\Windows\System\EdoNSHN.exe
  2⤵
  PID:5360
- C:\Windows\System\oAslXHg.exe
  C:\Windows\System\oAslXHg.exe
  2⤵
  PID:5380
- C:\Windows\System\SdvKFSu.exe
  C:\Windows\System\SdvKFSu.exe
  2⤵
  PID:5396
- C:\Windows\System\CsvBUFM.exe
  C:\Windows\System\CsvBUFM.exe
  2⤵
  PID:5420
- C:\Windows\System\ydTveOf.exe
  C:\Windows\System\ydTveOf.exe
  2⤵
  PID:5440
- C:\Windows\System\ctdnbNz.exe
  C:\Windows\System\ctdnbNz.exe
  2⤵
  PID:5460
- C:\Windows\System\aWikUHN.exe
  C:\Windows\System\aWikUHN.exe
  2⤵
  PID:5480
- C:\Windows\System\ugBoqHJ.exe
  C:\Windows\System\ugBoqHJ.exe
  2⤵
  PID:5500
- C:\Windows\System\mGOUmxg.exe
  C:\Windows\System\mGOUmxg.exe
  2⤵
  PID:5520
- C:\Windows\System\vQLvHoe.exe
  C:\Windows\System\vQLvHoe.exe
  2⤵
  PID:5540
- C:\Windows\System\yvjVuXR.exe
  C:\Windows\System\yvjVuXR.exe
  2⤵
  PID:5560
- C:\Windows\System\sNJwbHm.exe
  C:\Windows\System\sNJwbHm.exe
  2⤵
  PID:5576
- C:\Windows\System\yhbwgJW.exe
  C:\Windows\System\yhbwgJW.exe
  2⤵
  PID:5600
- C:\Windows\System\kwoFTgB.exe
  C:\Windows\System\kwoFTgB.exe
  2⤵
  PID:5620
- C:\Windows\System\xpaZxxp.exe
  C:\Windows\System\xpaZxxp.exe
  2⤵
  PID:5640
- C:\Windows\System\SHxEmCp.exe
  C:\Windows\System\SHxEmCp.exe
  2⤵
  PID:5660
- C:\Windows\System\ARTjJyP.exe
  C:\Windows\System\ARTjJyP.exe
  2⤵
  PID:5680
- C:\Windows\System\nEarcpf.exe
  C:\Windows\System\nEarcpf.exe
  2⤵
  PID:5700
- C:\Windows\System\kyjBiUx.exe
  C:\Windows\System\kyjBiUx.exe
  2⤵
  PID:5720
- C:\Windows\System\jSLOKqI.exe
  C:\Windows\System\jSLOKqI.exe
  2⤵
  PID:5740
- C:\Windows\System\FoSetcL.exe
  C:\Windows\System\FoSetcL.exe
  2⤵
  PID:5760
- C:\Windows\System\tdQyzFt.exe
  C:\Windows\System\tdQyzFt.exe
  2⤵
  PID:5784
- C:\Windows\System\wEerRbT.exe
  C:\Windows\System\wEerRbT.exe
  2⤵
  PID:5804
- C:\Windows\System\NDaVWpY.exe
  C:\Windows\System\NDaVWpY.exe
  2⤵
  PID:5824
- C:\Windows\System\OFbsfJA.exe
  C:\Windows\System\OFbsfJA.exe
  2⤵
  PID:5844
- C:\Windows\System\JbUsBZG.exe
  C:\Windows\System\JbUsBZG.exe
  2⤵
  PID:5864
- C:\Windows\System\YefqKmQ.exe
  C:\Windows\System\YefqKmQ.exe
  2⤵
  PID:5884
- C:\Windows\System\DdxYOuj.exe
  C:\Windows\System\DdxYOuj.exe
  2⤵
  PID:5904
- C:\Windows\System\MeUYkBq.exe
  C:\Windows\System\MeUYkBq.exe
  2⤵
  PID:5924
- C:\Windows\System\RLGhpJF.exe
  C:\Windows\System\RLGhpJF.exe
  2⤵
  PID:5944
- C:\Windows\System\tsoSxJG.exe
  C:\Windows\System\tsoSxJG.exe
  2⤵
  PID:5964
- C:\Windows\System\ooxBuSG.exe
  C:\Windows\System\ooxBuSG.exe
  2⤵
  PID:5984
- C:\Windows\System\xIJgqyq.exe
  C:\Windows\System\xIJgqyq.exe
  2⤵
  PID:6004
- C:\Windows\System\OyylCuI.exe
  C:\Windows\System\OyylCuI.exe
  2⤵
  PID:6024
- C:\Windows\System\zaaAvFb.exe
  C:\Windows\System\zaaAvFb.exe
  2⤵
  PID:6044
- C:\Windows\System\lWJJkLa.exe
  C:\Windows\System\lWJJkLa.exe
  2⤵
  PID:6060
- C:\Windows\System\YsXfrXm.exe
  C:\Windows\System\YsXfrXm.exe
  2⤵
  PID:6104
- C:\Windows\System\BidTMBL.exe
  C:\Windows\System\BidTMBL.exe
  2⤵
  PID:6124
- C:\Windows\System\AKaGUNn.exe
  C:\Windows\System\AKaGUNn.exe
  2⤵
  PID:6140
- C:\Windows\System\wutKhuK.exe
  C:\Windows\System\wutKhuK.exe
  2⤵
  PID:4836
- C:\Windows\System\odpeHdk.exe
  C:\Windows\System\odpeHdk.exe
  2⤵
  PID:5092
- C:\Windows\System\ZUmrUYc.exe
  C:\Windows\System\ZUmrUYc.exe
  2⤵
  PID:4228
- C:\Windows\System\yamZLps.exe
  C:\Windows\System\yamZLps.exe
  2⤵
  PID:5152
- C:\Windows\System\odDiziu.exe
  C:\Windows\System\odDiziu.exe
  2⤵
  PID:5192
- C:\Windows\System\eDTHpJJ.exe
  C:\Windows\System\eDTHpJJ.exe
  2⤵
  PID:5204
- C:\Windows\System\cZufPUi.exe
  C:\Windows\System\cZufPUi.exe
  2⤵
  PID:5228
- C:\Windows\System\mVVMrLO.exe
  C:\Windows\System\mVVMrLO.exe
  2⤵
  PID:5252
- C:\Windows\System\KloGdcx.exe
  C:\Windows\System\KloGdcx.exe
  2⤵
  PID:5292
- C:\Windows\System\lTpdAyD.exe
  C:\Windows\System\lTpdAyD.exe
  2⤵
  PID:5312
- C:\Windows\System\lsAPQIf.exe
  C:\Windows\System\lsAPQIf.exe
  2⤵
  PID:5352
- C:\Windows\System\KGVqGtm.exe
  C:\Windows\System\KGVqGtm.exe
  2⤵
  PID:5388
- C:\Windows\System\hLvXoqZ.exe
  C:\Windows\System\hLvXoqZ.exe
  2⤵
  PID:1676
- C:\Windows\System\eAfGIIC.exe
  C:\Windows\System\eAfGIIC.exe
  2⤵
  PID:5436
- C:\Windows\System\rznBYlg.exe
  C:\Windows\System\rznBYlg.exe
  2⤵
  PID:308
- C:\Windows\System\hmQixpl.exe
  C:\Windows\System\hmQixpl.exe
  2⤵
  PID:5488
- C:\Windows\System\iFnxjyi.exe
  C:\Windows\System\iFnxjyi.exe
  2⤵
  PID:5556
- C:\Windows\System\GLUxYvB.exe
  C:\Windows\System\GLUxYvB.exe
  2⤵
  PID:5552
- C:\Windows\System\lnEcLAz.exe
  C:\Windows\System\lnEcLAz.exe
  2⤵
  PID:5628
- C:\Windows\System\OLyQZlX.exe
  C:\Windows\System\OLyQZlX.exe
  2⤵
  PID:2764
- C:\Windows\System\bbeeYtD.exe
  C:\Windows\System\bbeeYtD.exe
  2⤵
  PID:5676
- C:\Windows\System\uKaVehX.exe
  C:\Windows\System\uKaVehX.exe
  2⤵
  PID:3956
- C:\Windows\System\yNRzhJN.exe
  C:\Windows\System\yNRzhJN.exe
  2⤵
  PID:2660
- C:\Windows\System\fXxhoXt.exe
  C:\Windows\System\fXxhoXt.exe
  2⤵
  PID:5728
- C:\Windows\System\RQrZqKi.exe
  C:\Windows\System\RQrZqKi.exe
  2⤵
  PID:5800
- C:\Windows\System\xYSlrfY.exe
  C:\Windows\System\xYSlrfY.exe
  2⤵
  PID:5796
- C:\Windows\System\BKjAJUY.exe
  C:\Windows\System\BKjAJUY.exe
  2⤵
  PID:5816
- C:\Windows\System\cHvzZki.exe
  C:\Windows\System\cHvzZki.exe
  2⤵
  PID:5880
- C:\Windows\System\zsIFJBv.exe
  C:\Windows\System\zsIFJBv.exe
  2⤵
  PID:2152
- C:\Windows\System\SbtCWWu.exe
  C:\Windows\System\SbtCWWu.exe
  2⤵
  PID:5912
- C:\Windows\System\roBCpHM.exe
  C:\Windows\System\roBCpHM.exe
  2⤵
  PID:5932
- C:\Windows\System\hmbnTfR.exe
  C:\Windows\System\hmbnTfR.exe
  2⤵
  PID:2316
- C:\Windows\System\uGrTcnK.exe
  C:\Windows\System\uGrTcnK.exe
  2⤵
  PID:5956
- C:\Windows\System\gVRCcPA.exe
  C:\Windows\System\gVRCcPA.exe
  2⤵
  PID:5980
- C:\Windows\System\SZqhKtS.exe
  C:\Windows\System\SZqhKtS.exe
  2⤵
  PID:6040
- C:\Windows\System\DmBKhZA.exe
  C:\Windows\System\DmBKhZA.exe
  2⤵
  PID:6036
- C:\Windows\System\VrzWtLX.exe
  C:\Windows\System\VrzWtLX.exe
  2⤵
  PID:6052
- C:\Windows\System\dcoLvon.exe
  C:\Windows\System\dcoLvon.exe
  2⤵
  PID:2816
- C:\Windows\System\JceiCYA.exe
  C:\Windows\System\JceiCYA.exe
  2⤵
  PID:2820
- C:\Windows\System\zQcFgHM.exe
  C:\Windows\System\zQcFgHM.exe
  2⤵
  PID:2944
- C:\Windows\System\pKdMera.exe
  C:\Windows\System\pKdMera.exe
  2⤵
  PID:5776
- C:\Windows\System\cRCRrSE.exe
  C:\Windows\System\cRCRrSE.exe
  2⤵
  PID:6132
- C:\Windows\System\PTjQIff.exe
  C:\Windows\System\PTjQIff.exe
  2⤵
  PID:5144
- C:\Windows\System\LceeOPO.exe
  C:\Windows\System\LceeOPO.exe
  2⤵
  PID:5168
- C:\Windows\System\YGebKjz.exe
  C:\Windows\System\YGebKjz.exe
  2⤵
  PID:5336
- C:\Windows\System\UKFOHgK.exe
  C:\Windows\System\UKFOHgK.exe
  2⤵
  PID:5476
- C:\Windows\System\sQDGkTv.exe
  C:\Windows\System\sQDGkTv.exe
  2⤵
  PID:4716
- C:\Windows\System\jWGlAud.exe
  C:\Windows\System\jWGlAud.exe
  2⤵
  PID:5532
- C:\Windows\System\IbWYGoJ.exe
  C:\Windows\System\IbWYGoJ.exe
  2⤵
  PID:5636
- C:\Windows\System\aMBbsrX.exe
  C:\Windows\System\aMBbsrX.exe
  2⤵
  PID:5232
- C:\Windows\System\DPMnpbm.exe
  C:\Windows\System\DPMnpbm.exe
  2⤵
  PID:5288
- C:\Windows\System\XnmJmmK.exe
  C:\Windows\System\XnmJmmK.exe
  2⤵
  PID:5748
- C:\Windows\System\lMKFbgR.exe
  C:\Windows\System\lMKFbgR.exe
  2⤵
  PID:5836
- C:\Windows\System\NzyEzzh.exe
  C:\Windows\System\NzyEzzh.exe
  2⤵
  PID:5940
- C:\Windows\System\pQJiugI.exe
  C:\Windows\System\pQJiugI.exe
  2⤵
  PID:6020
- C:\Windows\System\lijVBir.exe
  C:\Windows\System\lijVBir.exe
  2⤵
  PID:2612
- C:\Windows\System\jfwddmc.exe
  C:\Windows\System\jfwddmc.exe
  2⤵
  PID:5412
- C:\Windows\System\dnKCqWR.exe
  C:\Windows\System\dnKCqWR.exe
  2⤵
  PID:5616
- C:\Windows\System\ksrHCkC.exe
  C:\Windows\System\ksrHCkC.exe
  2⤵
  PID:2548
- C:\Windows\System\FaCRRSN.exe
  C:\Windows\System\FaCRRSN.exe
  2⤵
  PID:5588
- C:\Windows\System\npMSoQX.exe
  C:\Windows\System\npMSoQX.exe
  2⤵
  PID:5860
- C:\Windows\System\zHsikSn.exe
  C:\Windows\System\zHsikSn.exe
  2⤵
  PID:5960
- C:\Windows\System\bmJFqlY.exe
  C:\Windows\System\bmJFqlY.exe
  2⤵
  PID:820
- C:\Windows\System\urzlMnA.exe
  C:\Windows\System\urzlMnA.exe
  2⤵
  PID:5792
- C:\Windows\System\xqlKQCt.exe
  C:\Windows\System\xqlKQCt.exe
  2⤵
  PID:1516
- C:\Windows\System\HGtlmer.exe
  C:\Windows\System\HGtlmer.exe
  2⤵
  PID:5172
- C:\Windows\System\saAEbPJ.exe
  C:\Windows\System\saAEbPJ.exe
  2⤵
  PID:5408
- C:\Windows\System\FCDoehf.exe
  C:\Windows\System\FCDoehf.exe
  2⤵
  PID:4224
- C:\Windows\System\BcpfhRk.exe
  C:\Windows\System\BcpfhRk.exe
  2⤵
  PID:5472
- C:\Windows\System\CoHUGUw.exe
  C:\Windows\System\CoHUGUw.exe
  2⤵
  PID:3400
- C:\Windows\System\yWIKQgy.exe
  C:\Windows\System\yWIKQgy.exe
  2⤵
  PID:1964
- C:\Windows\System\BgKxYpQ.exe
  C:\Windows\System\BgKxYpQ.exe
  2⤵
  PID:1876
- C:\Windows\System\UtMplqC.exe
  C:\Windows\System\UtMplqC.exe
  2⤵
  PID:6076
- C:\Windows\System\nYiWhgI.exe
  C:\Windows\System\nYiWhgI.exe
  2⤵
  PID:2148
- C:\Windows\System\AmnSGru.exe
  C:\Windows\System\AmnSGru.exe
  2⤵
  PID:5672
- C:\Windows\System\uXBQTjZ.exe
  C:\Windows\System\uXBQTjZ.exe
  2⤵
  PID:5820
- C:\Windows\System\rPMCHfS.exe
  C:\Windows\System\rPMCHfS.exe
  2⤵
  PID:6204
- C:\Windows\System\cXmhLzO.exe
  C:\Windows\System\cXmhLzO.exe
  2⤵
  PID:6220
- C:\Windows\System\detvFEG.exe
  C:\Windows\System\detvFEG.exe
  2⤵
  PID:6236
- C:\Windows\System\gpsLsFI.exe
  C:\Windows\System\gpsLsFI.exe
  2⤵
  PID:6252
- C:\Windows\System\KLjQDFR.exe
  C:\Windows\System\KLjQDFR.exe
  2⤵
  PID:6272
- C:\Windows\System\yVgWvkZ.exe
  C:\Windows\System\yVgWvkZ.exe
  2⤵
  PID:6288
- C:\Windows\System\rwMKIIU.exe
  C:\Windows\System\rwMKIIU.exe
  2⤵
  PID:6304
- C:\Windows\System\UEsuAuB.exe
  C:\Windows\System\UEsuAuB.exe
  2⤵
  PID:6320
- C:\Windows\System\FYHXaHz.exe
  C:\Windows\System\FYHXaHz.exe
  2⤵
  PID:6336
- C:\Windows\System\UCxGAXF.exe
  C:\Windows\System\UCxGAXF.exe
  2⤵
  PID:6360
- C:\Windows\System\bdpUQvG.exe
  C:\Windows\System\bdpUQvG.exe
  2⤵
  PID:6376
- C:\Windows\System\VgJeCkl.exe
  C:\Windows\System\VgJeCkl.exe
  2⤵
  PID:6392
- C:\Windows\System\LvxwZYk.exe
  C:\Windows\System\LvxwZYk.exe
  2⤵
  PID:6408
- C:\Windows\System\zYTPTcf.exe
  C:\Windows\System\zYTPTcf.exe
  2⤵
  PID:6424
- C:\Windows\System\xQDzbqa.exe
  C:\Windows\System\xQDzbqa.exe
  2⤵
  PID:6440
- C:\Windows\System\jtgUsYJ.exe
  C:\Windows\System\jtgUsYJ.exe
  2⤵
  PID:6460
- C:\Windows\System\GWdkkLT.exe
  C:\Windows\System\GWdkkLT.exe
  2⤵
  PID:6480
- C:\Windows\System\FseYsbk.exe
  C:\Windows\System\FseYsbk.exe
  2⤵
  PID:6496
- C:\Windows\System\AoQCnkt.exe
  C:\Windows\System\AoQCnkt.exe
  2⤵
  PID:6512
- C:\Windows\System\elVCsUM.exe
  C:\Windows\System\elVCsUM.exe
  2⤵
  PID:6528
- C:\Windows\System\XEjolDM.exe
  C:\Windows\System\XEjolDM.exe
  2⤵
  PID:6544
- C:\Windows\System\YxBWFDx.exe
  C:\Windows\System\YxBWFDx.exe
  2⤵
  PID:6564
- C:\Windows\System\ccxyyrR.exe
  C:\Windows\System\ccxyyrR.exe
  2⤵
  PID:6580
- C:\Windows\System\ZStEfhn.exe
  C:\Windows\System\ZStEfhn.exe
  2⤵
  PID:6596
- C:\Windows\System\dvqzUhW.exe
  C:\Windows\System\dvqzUhW.exe
  2⤵
  PID:6612
- C:\Windows\System\fpWCafx.exe
  C:\Windows\System\fpWCafx.exe
  2⤵
  PID:6628
- C:\Windows\System\LcVJInu.exe
  C:\Windows\System\LcVJInu.exe
  2⤵
  PID:6644
- C:\Windows\System\lWCYAax.exe
  C:\Windows\System\lWCYAax.exe
  2⤵
  PID:6660
- C:\Windows\System\hCUVxbL.exe
  C:\Windows\System\hCUVxbL.exe
  2⤵
  PID:6676
- C:\Windows\System\gjzBMuP.exe
  C:\Windows\System\gjzBMuP.exe
  2⤵
  PID:6692
- C:\Windows\System\LVRxVSF.exe
  C:\Windows\System\LVRxVSF.exe
  2⤵
  PID:6708
- C:\Windows\System\razpVIb.exe
  C:\Windows\System\razpVIb.exe
  2⤵
  PID:6724
- C:\Windows\System\HxtkryU.exe
  C:\Windows\System\HxtkryU.exe
  2⤵
  PID:6740
- C:\Windows\System\SHLNWtw.exe
  C:\Windows\System\SHLNWtw.exe
  2⤵
  PID:6756
- C:\Windows\System\lDdLkoF.exe
  C:\Windows\System\lDdLkoF.exe
  2⤵
  PID:6772
- C:\Windows\System\mmOykoN.exe
  C:\Windows\System\mmOykoN.exe
  2⤵
  PID:6788
- C:\Windows\System\sDoNkCS.exe
  C:\Windows\System\sDoNkCS.exe
  2⤵
  PID:6804
- C:\Windows\System\ToZoxsh.exe
  C:\Windows\System\ToZoxsh.exe
  2⤵
  PID:6820
- C:\Windows\System\QNHxWMk.exe
  C:\Windows\System\QNHxWMk.exe
  2⤵
  PID:6836
- C:\Windows\System\UwXGAws.exe
  C:\Windows\System\UwXGAws.exe
  2⤵
  PID:6852
- C:\Windows\System\OeUhxYS.exe
  C:\Windows\System\OeUhxYS.exe
  2⤵
  PID:6868
- C:\Windows\System\MnDWDBm.exe
  C:\Windows\System\MnDWDBm.exe
  2⤵
  PID:6888
- C:\Windows\System\eHKZqVi.exe
  C:\Windows\System\eHKZqVi.exe
  2⤵
  PID:6904
- C:\Windows\System\YnBYRbH.exe
  C:\Windows\System\YnBYRbH.exe
  2⤵
  PID:6920
- C:\Windows\System\wvNLrai.exe
  C:\Windows\System\wvNLrai.exe
  2⤵
  PID:6936
- C:\Windows\System\JoViuJw.exe
  C:\Windows\System\JoViuJw.exe
  2⤵
  PID:6952
- C:\Windows\System\CBpLDWT.exe
  C:\Windows\System\CBpLDWT.exe
  2⤵
  PID:6968
- C:\Windows\System\ZTxkymG.exe
  C:\Windows\System\ZTxkymG.exe
  2⤵
  PID:6984
- C:\Windows\System\MzjqFRb.exe
  C:\Windows\System\MzjqFRb.exe
  2⤵
  PID:7000
- C:\Windows\System\imSUSlS.exe
  C:\Windows\System\imSUSlS.exe
  2⤵
  PID:7020
- C:\Windows\System\CLjVLTh.exe
  C:\Windows\System\CLjVLTh.exe
  2⤵
  PID:7040
- C:\Windows\System\SDQMlKI.exe
  C:\Windows\System\SDQMlKI.exe
  2⤵
  PID:7056
- C:\Windows\System\zvuQeZV.exe
  C:\Windows\System\zvuQeZV.exe
  2⤵
  PID:7072
- C:\Windows\System\HNXWgdi.exe
  C:\Windows\System\HNXWgdi.exe
  2⤵
  PID:7088
- C:\Windows\System\JOrNwjx.exe
  C:\Windows\System\JOrNwjx.exe
  2⤵
  PID:7104
- C:\Windows\System\WnyRrGe.exe
  C:\Windows\System\WnyRrGe.exe
  2⤵
  PID:7120
- C:\Windows\System\xyUVUFl.exe
  C:\Windows\System\xyUVUFl.exe
  2⤵
  PID:7136
- C:\Windows\System\uhmNwHW.exe
  C:\Windows\System\uhmNwHW.exe
  2⤵
  PID:7152
- C:\Windows\System\YFBSjWb.exe
  C:\Windows\System\YFBSjWb.exe
  2⤵
  PID:1096
- C:\Windows\System\pJeNXok.exe
  C:\Windows\System\pJeNXok.exe
  2⤵
  PID:1736
- C:\Windows\System\fiyVUDP.exe
  C:\Windows\System\fiyVUDP.exe
  2⤵
  PID:4752
- C:\Windows\System\GJCtGlX.exe
  C:\Windows\System\GJCtGlX.exe
  2⤵
  PID:5268
- C:\Windows\System\dcThdqE.exe
  C:\Windows\System\dcThdqE.exe
  2⤵
  PID:5548
- C:\Windows\System\KPfsEvI.exe
  C:\Windows\System\KPfsEvI.exe
  2⤵
  PID:5716
- C:\Windows\System\wBxEOqC.exe
  C:\Windows\System\wBxEOqC.exe
  2⤵
  PID:5708
- C:\Windows\System\adwsuTs.exe
  C:\Windows\System\adwsuTs.exe
  2⤵
  PID:5508
- C:\Windows\System\YuCnVaY.exe
  C:\Windows\System\YuCnVaY.exe
  2⤵
  PID:5712
- C:\Windows\System\FSQpsvV.exe
  C:\Windows\System\FSQpsvV.exe
  2⤵
  PID:5896
- C:\Windows\System\PuCRkbs.exe
  C:\Windows\System\PuCRkbs.exe
  2⤵
  PID:4968
- C:\Windows\System\jftQegy.exe
  C:\Windows\System\jftQegy.exe
  2⤵
  PID:5772
- C:\Windows\System\fIbchAP.exe
  C:\Windows\System\fIbchAP.exe
  2⤵
  PID:872
- C:\Windows\System\XqrJmFv.exe
  C:\Windows\System\XqrJmFv.exe
  2⤵
  PID:6120
- C:\Windows\System\xbNnIlZ.exe
  C:\Windows\System\xbNnIlZ.exe
  2⤵
  PID:6232
- C:\Windows\System\xFQaSZR.exe
  C:\Windows\System\xFQaSZR.exe
  2⤵
  PID:6296
- C:\Windows\System\YVLctwO.exe
  C:\Windows\System\YVLctwO.exe
  2⤵
  PID:1528
- C:\Windows\System\yIOPtmE.exe
  C:\Windows\System\yIOPtmE.exe
  2⤵
  PID:2528
- C:\Windows\System\GvtAGAC.exe
  C:\Windows\System\GvtAGAC.exe
  2⤵
  PID:6244
- C:\Windows\System\fhpWDBG.exe
  C:\Windows\System\fhpWDBG.exe
  2⤵
  PID:6312
- C:\Windows\System\QoKWrgy.exe
  C:\Windows\System\QoKWrgy.exe
  2⤵
  PID:6384
- C:\Windows\System\TwAovTI.exe
  C:\Windows\System\TwAovTI.exe
  2⤵
  PID:6400
- C:\Windows\System\pviKkwe.exe
  C:\Windows\System\pviKkwe.exe
  2⤵
  PID:6420
- C:\Windows\System\DsYqHBo.exe
  C:\Windows\System\DsYqHBo.exe
  2⤵
  PID:6504
- C:\Windows\System\dNhMXTu.exe
  C:\Windows\System\dNhMXTu.exe
  2⤵
  PID:6488
- C:\Windows\System\TyWQxlp.exe
  C:\Windows\System\TyWQxlp.exe
  2⤵
  PID:6556
- C:\Windows\System\BnBHdhh.exe
  C:\Windows\System\BnBHdhh.exe
  2⤵
  PID:6608
- C:\Windows\System\AZwolty.exe
  C:\Windows\System\AZwolty.exe
  2⤵
  PID:6672
- C:\Windows\System\OpEDrtt.exe
  C:\Windows\System\OpEDrtt.exe
  2⤵
  PID:6704
- C:\Windows\System\QjHoEsD.exe
  C:\Windows\System\QjHoEsD.exe
  2⤵
  PID:6656
- C:\Windows\System\VaBIPnQ.exe
  C:\Windows\System\VaBIPnQ.exe
  2⤵
  PID:6796
- C:\Windows\System\wpPhnru.exe
  C:\Windows\System\wpPhnru.exe
  2⤵
  PID:6832
- C:\Windows\System\WgnmxEd.exe
  C:\Windows\System\WgnmxEd.exe
  2⤵
  PID:6812
- C:\Windows\System\ZqBSlZI.exe
  C:\Windows\System\ZqBSlZI.exe
  2⤵
  PID:6752
- C:\Windows\System\rrZwExE.exe
  C:\Windows\System\rrZwExE.exe
  2⤵
  PID:6848
- C:\Windows\System\eoSukwR.exe
  C:\Windows\System\eoSukwR.exe
  2⤵
  PID:6896
- C:\Windows\System\eeiVfOC.exe
  C:\Windows\System\eeiVfOC.exe
  2⤵
  PID:6960
- C:\Windows\System\UBzKEAB.exe
  C:\Windows\System\UBzKEAB.exe
  2⤵
  PID:7028
- C:\Windows\System\qGsQRwL.exe
  C:\Windows\System\qGsQRwL.exe
  2⤵
  PID:7036
- C:\Windows\System\jWecurf.exe
  C:\Windows\System\jWecurf.exe
  2⤵
  PID:7100
- C:\Windows\System\TXcWYTT.exe
  C:\Windows\System\TXcWYTT.exe
  2⤵
  PID:6976
- C:\Windows\System\vpfzxAz.exe
  C:\Windows\System\vpfzxAz.exe
  2⤵
  PID:7084
- C:\Windows\System\JUnSivM.exe
  C:\Windows\System\JUnSivM.exe
  2⤵
  PID:7048
- C:\Windows\System\xBAvZDk.exe
  C:\Windows\System\xBAvZDk.exe
  2⤵
  PID:5752
- C:\Windows\System\EyTzFvM.exe
  C:\Windows\System\EyTzFvM.exe
  2⤵
  PID:5368
- C:\Windows\System\FSpMSpK.exe
  C:\Windows\System\FSpMSpK.exe
  2⤵
  PID:7144
- C:\Windows\System\CLKxswt.exe
  C:\Windows\System\CLKxswt.exe
  2⤵
  PID:4852
- C:\Windows\System\XZQBBgq.exe
  C:\Windows\System\XZQBBgq.exe
  2⤵
  PID:5348
- C:\Windows\System\ZBZBJNJ.exe
  C:\Windows\System\ZBZBJNJ.exe
  2⤵
  PID:5468
- C:\Windows\System\vaMmGCt.exe
  C:\Windows\System\vaMmGCt.exe
  2⤵
  PID:6372
- C:\Windows\System\GnNfZLp.exe
  C:\Windows\System\GnNfZLp.exe
  2⤵
  PID:264
- C:\Windows\System\ftnMlLT.exe
  C:\Windows\System\ftnMlLT.exe
  2⤵
  PID:5208
- C:\Windows\System\DwnQaNT.exe
  C:\Windows\System\DwnQaNT.exe
  2⤵
  PID:6352
- C:\Windows\System\dguYisA.exe
  C:\Windows\System\dguYisA.exe
  2⤵
  PID:6524
- C:\Windows\System\pruTIDM.exe
  C:\Windows\System\pruTIDM.exe
  2⤵
  PID:6624
- C:\Windows\System\cboyWxz.exe
  C:\Windows\System\cboyWxz.exe
  2⤵
  PID:6748
- C:\Windows\System\WkHWDQG.exe
  C:\Windows\System\WkHWDQG.exe
  2⤵
  PID:6996
- C:\Windows\System\DBqCsFe.exe
  C:\Windows\System\DBqCsFe.exe
  2⤵
  PID:6944
- C:\Windows\System\NFBDUWU.exe
  C:\Windows\System\NFBDUWU.exe
  2⤵
  PID:6916
- C:\Windows\System\kjDIGTx.exe
  C:\Windows\System\kjDIGTx.exe
  2⤵
  PID:6768
- C:\Windows\System\alOWVUm.exe
  C:\Windows\System\alOWVUm.exe
  2⤵
  PID:6688
- C:\Windows\System\QIEYAvR.exe
  C:\Windows\System\QIEYAvR.exe
  2⤵
  PID:6492
- C:\Windows\System\IOHeZlD.exe
  C:\Windows\System\IOHeZlD.exe
  2⤵
  PID:5596
- C:\Windows\System\oUJeoLy.exe
  C:\Windows\System\oUJeoLy.exe
  2⤵
  PID:1732
- C:\Windows\System\LIjTyLY.exe
  C:\Windows\System\LIjTyLY.exe
  2⤵
  PID:6468
- C:\Windows\System\DNXGGzG.exe
  C:\Windows\System\DNXGGzG.exe
  2⤵
  PID:6284
- C:\Windows\System\rHmnWGV.exe
  C:\Windows\System\rHmnWGV.exe
  2⤵
  PID:2188
- C:\Windows\System\yUABSQJ.exe
  C:\Windows\System\yUABSQJ.exe
  2⤵
  PID:6432
- C:\Windows\System\aQPbmWU.exe
  C:\Windows\System\aQPbmWU.exe
  2⤵
  PID:6356
- C:\Windows\System\cdXKkuU.exe
  C:\Windows\System\cdXKkuU.exe
  2⤵
  PID:6668
- C:\Windows\System\QeSvrBs.exe
  C:\Windows\System\QeSvrBs.exe
  2⤵
  PID:6880
- C:\Windows\System\TyHvbLI.exe
  C:\Windows\System\TyHvbLI.exe
  2⤵
  PID:6604
- C:\Windows\System\NyIcEui.exe
  C:\Windows\System\NyIcEui.exe
  2⤵
  PID:7016
- C:\Windows\System\mWVSqEU.exe
  C:\Windows\System\mWVSqEU.exe
  2⤵
  PID:1644
- C:\Windows\System\daTArHA.exe
  C:\Windows\System\daTArHA.exe
  2⤵
  PID:6716
- C:\Windows\System\WyVPDOn.exe
  C:\Windows\System\WyVPDOn.exe
  2⤵
  PID:6032
- C:\Windows\System\HTrRkNw.exe
  C:\Windows\System\HTrRkNw.exe
  2⤵
  PID:5696
- C:\Windows\System\PMJGUTy.exe
  C:\Windows\System\PMJGUTy.exe
  2⤵
  PID:6328
- C:\Windows\System\hVDTMjF.exe
  C:\Windows\System\hVDTMjF.exe
  2⤵
  PID:6992
- C:\Windows\System\xTnyytY.exe
  C:\Windows\System\xTnyytY.exe
  2⤵
  PID:6736
- C:\Windows\System\zmrAesP.exe
  C:\Windows\System\zmrAesP.exe
  2⤵
  PID:6368
- C:\Windows\System\CvzjtJV.exe
  C:\Windows\System\CvzjtJV.exe
  2⤵
  PID:6228
- C:\Windows\System\qPAWPPR.exe
  C:\Windows\System\qPAWPPR.exe
  2⤵
  PID:6828
- C:\Windows\System\DGqCpUx.exe
  C:\Windows\System\DGqCpUx.exe
  2⤵
  PID:6436
- C:\Windows\System\OSGQcvA.exe
  C:\Windows\System\OSGQcvA.exe
  2⤵
  PID:7032
- C:\Windows\System\QMCloxY.exe
  C:\Windows\System\QMCloxY.exe
  2⤵
  PID:7180
- C:\Windows\System\LTTIJmq.exe
  C:\Windows\System\LTTIJmq.exe
  2⤵
  PID:7196
- C:\Windows\System\tWVLbHu.exe
  C:\Windows\System\tWVLbHu.exe
  2⤵
  PID:7216
- C:\Windows\System\sXxMDJQ.exe
  C:\Windows\System\sXxMDJQ.exe
  2⤵
  PID:7232
- C:\Windows\System\atEesPv.exe
  C:\Windows\System\atEesPv.exe
  2⤵
  PID:7248
- C:\Windows\System\QDqjraz.exe
  C:\Windows\System\QDqjraz.exe
  2⤵
  PID:7264
- C:\Windows\System\izKDMij.exe
  C:\Windows\System\izKDMij.exe
  2⤵
  PID:7280
- C:\Windows\System\CRfPZEY.exe
  C:\Windows\System\CRfPZEY.exe
  2⤵
  PID:7296
- C:\Windows\System\NQYdQeq.exe
  C:\Windows\System\NQYdQeq.exe
  2⤵
  PID:7316
- C:\Windows\System\YjbRENw.exe
  C:\Windows\System\YjbRENw.exe
  2⤵
  PID:7332
- C:\Windows\System\ETMDpMx.exe
  C:\Windows\System\ETMDpMx.exe
  2⤵
  PID:7348
- C:\Windows\System\iKncOps.exe
  C:\Windows\System\iKncOps.exe
  2⤵
  PID:7364
- C:\Windows\System\VyAUDcK.exe
  C:\Windows\System\VyAUDcK.exe
  2⤵
  PID:7380
- C:\Windows\System\udkldWp.exe
  C:\Windows\System\udkldWp.exe
  2⤵
  PID:7396
- C:\Windows\System\UHPVnlb.exe
  C:\Windows\System\UHPVnlb.exe
  2⤵
  PID:7412
- C:\Windows\System\AhAFmmF.exe
  C:\Windows\System\AhAFmmF.exe
  2⤵
  PID:7428
- C:\Windows\System\qhcYJuK.exe
  C:\Windows\System\qhcYJuK.exe
  2⤵
  PID:7444
- C:\Windows\System\IujwccM.exe
  C:\Windows\System\IujwccM.exe
  2⤵
  PID:7464
- C:\Windows\System\HAsyAhQ.exe
  C:\Windows\System\HAsyAhQ.exe
  2⤵
  PID:7480
- C:\Windows\System\GIauCQp.exe
  C:\Windows\System\GIauCQp.exe
  2⤵
  PID:7496
- C:\Windows\System\vybkHoo.exe
  C:\Windows\System\vybkHoo.exe
  2⤵
  PID:7512
- C:\Windows\System\suxCySp.exe
  C:\Windows\System\suxCySp.exe
  2⤵
  PID:7528
- C:\Windows\System\sqMQwBH.exe
  C:\Windows\System\sqMQwBH.exe
  2⤵
  PID:7544
- C:\Windows\System\TGbUoiG.exe
  C:\Windows\System\TGbUoiG.exe
  2⤵
  PID:7560
- C:\Windows\System\ERCYPIt.exe
  C:\Windows\System\ERCYPIt.exe
  2⤵
  PID:7576
- C:\Windows\System\yyMtsBy.exe
  C:\Windows\System\yyMtsBy.exe
  2⤵
  PID:7592
- C:\Windows\System\VOmrTgL.exe
  C:\Windows\System\VOmrTgL.exe
  2⤵
  PID:7608
- C:\Windows\System\QZSrjoE.exe
  C:\Windows\System\QZSrjoE.exe
  2⤵
  PID:7624
- C:\Windows\System\oEnQNAF.exe
  C:\Windows\System\oEnQNAF.exe
  2⤵
  PID:7640
- C:\Windows\System\dbqkNUb.exe
  C:\Windows\System\dbqkNUb.exe
  2⤵
  PID:7656
- C:\Windows\System\qWuIHMf.exe
  C:\Windows\System\qWuIHMf.exe
  2⤵
  PID:7672
- C:\Windows\System\DKEwdow.exe
  C:\Windows\System\DKEwdow.exe
  2⤵
  PID:7688
- C:\Windows\System\OuESBtd.exe
  C:\Windows\System\OuESBtd.exe
  2⤵
  PID:7704
- C:\Windows\System\giRPkKU.exe
  C:\Windows\System\giRPkKU.exe
  2⤵
  PID:7720
- C:\Windows\System\BmRzHGy.exe
  C:\Windows\System\BmRzHGy.exe
  2⤵
  PID:7736
- C:\Windows\System\fliMnLr.exe
  C:\Windows\System\fliMnLr.exe
  2⤵
  PID:7752
- C:\Windows\System\mmcnnKm.exe
  C:\Windows\System\mmcnnKm.exe
  2⤵
  PID:7768
- C:\Windows\System\xPLEQqg.exe
  C:\Windows\System\xPLEQqg.exe
  2⤵
  PID:7784
- C:\Windows\System\eLJgfTM.exe
  C:\Windows\System\eLJgfTM.exe
  2⤵
  PID:7800
- C:\Windows\System\yaRWUFO.exe
  C:\Windows\System\yaRWUFO.exe
  2⤵
  PID:7816
- C:\Windows\System\LhrYcOV.exe
  C:\Windows\System\LhrYcOV.exe
  2⤵
  PID:7832
- C:\Windows\System\fBmLaOg.exe
  C:\Windows\System\fBmLaOg.exe
  2⤵
  PID:7848
- C:\Windows\System\mWliAkk.exe
  C:\Windows\System\mWliAkk.exe
  2⤵
  PID:7864
- C:\Windows\System\IbMeomZ.exe
  C:\Windows\System\IbMeomZ.exe
  2⤵
  PID:7880
- C:\Windows\System\MQEhvzL.exe
  C:\Windows\System\MQEhvzL.exe
  2⤵
  PID:7896
- C:\Windows\System\wVISLAi.exe
  C:\Windows\System\wVISLAi.exe
  2⤵
  PID:7912
- C:\Windows\System\sOVHQaj.exe
  C:\Windows\System\sOVHQaj.exe
  2⤵
  PID:7928
- C:\Windows\System\debxkyF.exe
  C:\Windows\System\debxkyF.exe
  2⤵
  PID:7944
- C:\Windows\System\LPCFXYH.exe
  C:\Windows\System\LPCFXYH.exe
  2⤵
  PID:7960
- C:\Windows\System\kVnMlhZ.exe
  C:\Windows\System\kVnMlhZ.exe
  2⤵
  PID:7976
- C:\Windows\System\qtKZdLb.exe
  C:\Windows\System\qtKZdLb.exe
  2⤵
  PID:7992
- C:\Windows\System\KXdvuNk.exe
  C:\Windows\System\KXdvuNk.exe
  2⤵
  PID:8008
- C:\Windows\System\GgJWFLa.exe
  C:\Windows\System\GgJWFLa.exe
  2⤵
  PID:8024
- C:\Windows\System\YmKEJBM.exe
  C:\Windows\System\YmKEJBM.exe
  2⤵
  PID:8040
- C:\Windows\System\WivRDHQ.exe
  C:\Windows\System\WivRDHQ.exe
  2⤵
  PID:8056
- C:\Windows\System\SgfnQCH.exe
  C:\Windows\System\SgfnQCH.exe
  2⤵
  PID:8072
- C:\Windows\System\APxhsMs.exe
  C:\Windows\System\APxhsMs.exe
  2⤵
  PID:8088
- C:\Windows\System\IxFrJen.exe
  C:\Windows\System\IxFrJen.exe
  2⤵
  PID:8104
- C:\Windows\System\FfHWftQ.exe
  C:\Windows\System\FfHWftQ.exe
  2⤵
  PID:8120
- C:\Windows\System\fkmPmuM.exe
  C:\Windows\System\fkmPmuM.exe
  2⤵
  PID:8136
- C:\Windows\System\dAQbago.exe
  C:\Windows\System\dAQbago.exe
  2⤵
  PID:8152
- C:\Windows\System\QMQKTpP.exe
  C:\Windows\System\QMQKTpP.exe
  2⤵
  PID:8168
- C:\Windows\System\NkJJniI.exe
  C:\Windows\System\NkJJniI.exe
  2⤵
  PID:8184
- C:\Windows\System\gzemZbd.exe
  C:\Windows\System\gzemZbd.exe
  2⤵
  PID:7244
- C:\Windows\System\yUSzVxD.exe
  C:\Windows\System\yUSzVxD.exe
  2⤵
  PID:7192
- C:\Windows\System\ghkyrZZ.exe
  C:\Windows\System\ghkyrZZ.exe
  2⤵
  PID:7272
- C:\Windows\System\xnHAMme.exe
  C:\Windows\System\xnHAMme.exe
  2⤵
  PID:7308
- C:\Windows\System\EROySiF.exe
  C:\Windows\System\EROySiF.exe
  2⤵
  PID:7340
- C:\Windows\System\dctDUNY.exe
  C:\Windows\System\dctDUNY.exe
  2⤵
  PID:7324
- C:\Windows\System\EncVeZc.exe
  C:\Windows\System\EncVeZc.exe
  2⤵
  PID:7540
- C:\Windows\System\pcFUmeU.exe
  C:\Windows\System\pcFUmeU.exe
  2⤵
  PID:7604
- C:\Windows\System\aUGnZzR.exe
  C:\Windows\System\aUGnZzR.exe
  2⤵
  PID:7360
- C:\Windows\System\KyyMPqZ.exe
  C:\Windows\System\KyyMPqZ.exe
  2⤵
  PID:7492
- C:\Windows\System\BPienNp.exe
  C:\Windows\System\BPienNp.exe
  2⤵
  PID:7552
- C:\Windows\System\joSdUhW.exe
  C:\Windows\System\joSdUhW.exe
  2⤵
  PID:7696
- C:\Windows\System\DkcQBDf.exe
  C:\Windows\System\DkcQBDf.exe
  2⤵
  PID:7680
- C:\Windows\System\kQjeSpx.exe
  C:\Windows\System\kQjeSpx.exe
  2⤵
  PID:7652
- C:\Windows\System\ZTBvmRz.exe
  C:\Windows\System\ZTBvmRz.exe
  2⤵
  PID:7744
- C:\Windows\System\QKmWZAh.exe
  C:\Windows\System\QKmWZAh.exe
  2⤵
  PID:7856
- C:\Windows\System\lfWpGXt.exe
  C:\Windows\System\lfWpGXt.exe
  2⤵
  PID:7920
- C:\Windows\System\qGYgWXw.exe
  C:\Windows\System\qGYgWXw.exe
  2⤵
  PID:7984
- C:\Windows\System\tVugJgv.exe
  C:\Windows\System\tVugJgv.exe
  2⤵
  PID:8048
- C:\Windows\System\LcbMisw.exe
  C:\Windows\System\LcbMisw.exe
  2⤵
  PID:8084
- C:\Windows\System\eVKMghH.exe
  C:\Windows\System\eVKMghH.exe
  2⤵
  PID:7872
- C:\Windows\System\zaQMGpi.exe
  C:\Windows\System\zaQMGpi.exe
  2⤵
  PID:8144
- C:\Windows\System\gFRfKMD.exe
  C:\Windows\System\gFRfKMD.exe
  2⤵
  PID:8064
- C:\Windows\System\MgDyaxS.exe
  C:\Windows\System\MgDyaxS.exe
  2⤵
  PID:8128
- C:\Windows\System\CRMpRSf.exe
  C:\Windows\System\CRMpRSf.exe
  2⤵
  PID:8176
- C:\Windows\System\rMFtzyH.exe
  C:\Windows\System\rMFtzyH.exe
  2⤵
  PID:7208
- C:\Windows\System\oQiECym.exe
  C:\Windows\System\oQiECym.exe
  2⤵
  PID:6280
- C:\Windows\System\GmjBiYH.exe
  C:\Windows\System\GmjBiYH.exe
  2⤵
  PID:7304
- C:\Windows\System\lhqexWg.exe
  C:\Windows\System\lhqexWg.exe
  2⤵
  PID:7052
- C:\Windows\System\dYqKhgb.exe
  C:\Windows\System\dYqKhgb.exe
  2⤵
  PID:7224
- C:\Windows\System\FtmGBPF.exe
  C:\Windows\System\FtmGBPF.exe
  2⤵
  PID:7472
- C:\Windows\System\ilUtgny.exe
  C:\Windows\System\ilUtgny.exe
  2⤵
  PID:7508
- C:\Windows\System\SKGzJgH.exe
  C:\Windows\System\SKGzJgH.exe
  2⤵
  PID:7392
- C:\Windows\System\ZpppgJb.exe
  C:\Windows\System\ZpppgJb.exe
  2⤵
  PID:7664
- C:\Windows\System\PrsCoJW.exe
  C:\Windows\System\PrsCoJW.exe
  2⤵
  PID:7456
- C:\Windows\System\FJjYAPr.exe
  C:\Windows\System\FJjYAPr.exe
  2⤵
  PID:7796
- C:\Windows\System\OUOxlJV.exe
  C:\Windows\System\OUOxlJV.exe
  2⤵
  PID:7776
- C:\Windows\System\sGpVImc.exe
  C:\Windows\System\sGpVImc.exe
  2⤵
  PID:7828
- C:\Windows\System\mdGvwlQ.exe
  C:\Windows\System\mdGvwlQ.exe
  2⤵
  PID:7732
- C:\Windows\System\SPFyGzb.exe
  C:\Windows\System\SPFyGzb.exe
  2⤵
  PID:7712
- C:\Windows\System\VHwyUbI.exe
  C:\Windows\System\VHwyUbI.exe
  2⤵
  PID:7648
- C:\Windows\System\LclGroY.exe
  C:\Windows\System\LclGroY.exe
  2⤵
  PID:8004
- C:\Windows\System\IaxjxMP.exe
  C:\Windows\System\IaxjxMP.exe
  2⤵
  PID:7440
- C:\Windows\System\bSwhaus.exe
  C:\Windows\System\bSwhaus.exe
  2⤵
  PID:7620
- C:\Windows\System\OjnDJIH.exe
  C:\Windows\System\OjnDJIH.exe
  2⤵
  PID:7892
- C:\Windows\System\NFRdJER.exe
  C:\Windows\System\NFRdJER.exe
  2⤵
  PID:352
- C:\Windows\System\qbYjbVs.exe
  C:\Windows\System\qbYjbVs.exe
  2⤵
  PID:8036
- C:\Windows\System\aWDaKbS.exe
  C:\Windows\System\aWDaKbS.exe
  2⤵
  PID:7908
- C:\Windows\System\cvSSicJ.exe
  C:\Windows\System\cvSSicJ.exe
  2⤵
  PID:8096
- C:\Windows\System\PNaqpIn.exe
  C:\Windows\System\PNaqpIn.exe
  2⤵
  PID:8180
- C:\Windows\System\KLEyAFz.exe
  C:\Windows\System\KLEyAFz.exe
  2⤵
  PID:7420
- C:\Windows\System\lXpzURg.exe
  C:\Windows\System\lXpzURg.exe
  2⤵
  PID:7520
- C:\Windows\System\BBkoTzX.exe
  C:\Windows\System\BBkoTzX.exe
  2⤵
  PID:7616
- C:\Windows\System\deKzNGJ.exe
  C:\Windows\System\deKzNGJ.exe
  2⤵
  PID:7956
- C:\Windows\System\UbjOiGT.exe
  C:\Windows\System\UbjOiGT.exe
  2⤵
  PID:7572
- C:\Windows\System\WaqorTW.exe
  C:\Windows\System\WaqorTW.exe
  2⤵
  PID:8204
- C:\Windows\System\IIkzJkl.exe
  C:\Windows\System\IIkzJkl.exe
  2⤵
  PID:8220
- C:\Windows\System\ePnFAfz.exe
  C:\Windows\System\ePnFAfz.exe
  2⤵
  PID:8236
- C:\Windows\System\iVzybuD.exe
  C:\Windows\System\iVzybuD.exe
  2⤵
  PID:8252
- C:\Windows\System\biTGBNz.exe
  C:\Windows\System\biTGBNz.exe
  2⤵
  PID:8268
- C:\Windows\System\IHqXNPS.exe
  C:\Windows\System\IHqXNPS.exe
  2⤵
  PID:8284
- C:\Windows\System\jotqogZ.exe
  C:\Windows\System\jotqogZ.exe
  2⤵
  PID:8300
- C:\Windows\System\zeHUqZK.exe
  C:\Windows\System\zeHUqZK.exe
  2⤵
  PID:8316
- C:\Windows\System\bbplPuY.exe
  C:\Windows\System\bbplPuY.exe
  2⤵
  PID:8332
- C:\Windows\System\IDeYlXP.exe
  C:\Windows\System\IDeYlXP.exe
  2⤵
  PID:8348
- C:\Windows\System\ddMPpcD.exe
  C:\Windows\System\ddMPpcD.exe
  2⤵
  PID:8364
- C:\Windows\System\thZrzVa.exe
  C:\Windows\System\thZrzVa.exe
  2⤵
  PID:8380
- C:\Windows\System\NnBRztE.exe
  C:\Windows\System\NnBRztE.exe
  2⤵
  PID:8396
- C:\Windows\System\VvdpAVz.exe
  C:\Windows\System\VvdpAVz.exe
  2⤵
  PID:8412
- C:\Windows\System\DEPcdxD.exe
  C:\Windows\System\DEPcdxD.exe
  2⤵
  PID:8428
- C:\Windows\System\GwxEzfi.exe
  C:\Windows\System\GwxEzfi.exe
  2⤵
  PID:8448
- C:\Windows\System\trGWrFR.exe
  C:\Windows\System\trGWrFR.exe
  2⤵
  PID:8464
- C:\Windows\System\dKtXtgQ.exe
  C:\Windows\System\dKtXtgQ.exe
  2⤵
  PID:8480
- C:\Windows\System\dBXlqZd.exe
  C:\Windows\System\dBXlqZd.exe
  2⤵
  PID:8500
- C:\Windows\System\OOqGSUd.exe
  C:\Windows\System\OOqGSUd.exe
  2⤵
  PID:8516
- C:\Windows\System\ZrgKprh.exe
  C:\Windows\System\ZrgKprh.exe
  2⤵
  PID:8532
- C:\Windows\System\JWsKwlb.exe
  C:\Windows\System\JWsKwlb.exe
  2⤵
  PID:8548
- C:\Windows\System\WEGzveP.exe
  C:\Windows\System\WEGzveP.exe
  2⤵
  PID:8564
- C:\Windows\System\GGgXirc.exe
  C:\Windows\System\GGgXirc.exe
  2⤵
  PID:8580
- C:\Windows\System\hOvcTCo.exe
  C:\Windows\System\hOvcTCo.exe
  2⤵
  PID:8604
- C:\Windows\System\uHwJgkE.exe
  C:\Windows\System\uHwJgkE.exe
  2⤵
  PID:8620
- C:\Windows\System\qmNylia.exe
  C:\Windows\System\qmNylia.exe
  2⤵
  PID:8636
- C:\Windows\System\dnmnrxE.exe
  C:\Windows\System\dnmnrxE.exe
  2⤵
  PID:8652
- C:\Windows\System\NkmuGYG.exe
  C:\Windows\System\NkmuGYG.exe
  2⤵
  PID:8668
- C:\Windows\System\vrgTFES.exe
  C:\Windows\System\vrgTFES.exe
  2⤵
  PID:8712
- C:\Windows\System\hkFArSL.exe
  C:\Windows\System\hkFArSL.exe
  2⤵
  PID:8728
- C:\Windows\System\oMEGxch.exe
  C:\Windows\System\oMEGxch.exe
  2⤵
  PID:8744
- C:\Windows\System\ZzoGPca.exe
  C:\Windows\System\ZzoGPca.exe
  2⤵
  PID:8760
- C:\Windows\System\vKoKmmx.exe
  C:\Windows\System\vKoKmmx.exe
  2⤵
  PID:8776
- C:\Windows\System\cgeIrHa.exe
  C:\Windows\System\cgeIrHa.exe
  2⤵
  PID:8792
- C:\Windows\System\aEsPYor.exe
  C:\Windows\System\aEsPYor.exe
  2⤵
  PID:8808
- C:\Windows\System\egZeblV.exe
  C:\Windows\System\egZeblV.exe
  2⤵
  PID:8824
- C:\Windows\System\SljfZmr.exe
  C:\Windows\System\SljfZmr.exe
  2⤵
  PID:8840
- C:\Windows\System\tXdLhIX.exe
  C:\Windows\System\tXdLhIX.exe
  2⤵
  PID:8856
- C:\Windows\System\qrsXrMw.exe
  C:\Windows\System\qrsXrMw.exe
  2⤵
  PID:8872
- C:\Windows\System\nLsogAS.exe
  C:\Windows\System\nLsogAS.exe
  2⤵
  PID:8888
- C:\Windows\System\wawHXRR.exe
  C:\Windows\System\wawHXRR.exe
  2⤵
  PID:8904
- C:\Windows\System\xkVGlbV.exe
  C:\Windows\System\xkVGlbV.exe
  2⤵
  PID:8920
- C:\Windows\System\hjkhylt.exe
  C:\Windows\System\hjkhylt.exe
  2⤵
  PID:8936
- C:\Windows\System\wBxUnFa.exe
  C:\Windows\System\wBxUnFa.exe
  2⤵
  PID:8952
- C:\Windows\System\trgTLim.exe
  C:\Windows\System\trgTLim.exe
  2⤵
  PID:8968
- C:\Windows\System\dMDSJcY.exe
  C:\Windows\System\dMDSJcY.exe
  2⤵
  PID:8984
- C:\Windows\System\AUgrHuI.exe
  C:\Windows\System\AUgrHuI.exe
  2⤵
  PID:9000
- C:\Windows\System\SMwdlci.exe
  C:\Windows\System\SMwdlci.exe
  2⤵
  PID:9016
- C:\Windows\System\cZgxZpo.exe
  C:\Windows\System\cZgxZpo.exe
  2⤵
  PID:9032
- C:\Windows\System\QzsxZIw.exe
  C:\Windows\System\QzsxZIw.exe
  2⤵
  PID:9048
- C:\Windows\System\czMnlqc.exe
  C:\Windows\System\czMnlqc.exe
  2⤵
  PID:9064
- C:\Windows\System\ndIMlAC.exe
  C:\Windows\System\ndIMlAC.exe
  2⤵
  PID:9080
- C:\Windows\System\JAQJatM.exe
  C:\Windows\System\JAQJatM.exe
  2⤵
  PID:9096
- C:\Windows\System\AtKgslq.exe
  C:\Windows\System\AtKgslq.exe
  2⤵
  PID:9112
- C:\Windows\System\yGSybAt.exe
  C:\Windows\System\yGSybAt.exe
  2⤵
  PID:9128
- C:\Windows\System\WuPwfyM.exe
  C:\Windows\System\WuPwfyM.exe
  2⤵
  PID:9144
- C:\Windows\System\CfTYWhv.exe
  C:\Windows\System\CfTYWhv.exe
  2⤵
  PID:9160
- C:\Windows\System\wRJsiXD.exe
  C:\Windows\System\wRJsiXD.exe
  2⤵
  PID:9176
- C:\Windows\System\YQybcSz.exe
  C:\Windows\System\YQybcSz.exe
  2⤵
  PID:9192
- C:\Windows\System\TvcMMCy.exe
  C:\Windows\System\TvcMMCy.exe
  2⤵
  PID:9208
- C:\Windows\System\svlCkjV.exe
  C:\Windows\System\svlCkjV.exe
  2⤵
  PID:1000
- C:\Windows\System\bSLGRxj.exe
  C:\Windows\System\bSLGRxj.exe
  2⤵
  PID:7240
- C:\Windows\System\VMfuvKr.exe
  C:\Windows\System\VMfuvKr.exe
  2⤵
  PID:8232
- C:\Windows\System\QbYUyef.exe
  C:\Windows\System\QbYUyef.exe
  2⤵
  PID:8296
- C:\Windows\System\JGMsQrQ.exe
  C:\Windows\System\JGMsQrQ.exe
  2⤵
  PID:8360
- C:\Windows\System\aDTTPhd.exe
  C:\Windows\System\aDTTPhd.exe
  2⤵
  PID:8424
- C:\Windows\System\EmtJaym.exe
  C:\Windows\System\EmtJaym.exe
  2⤵
  PID:8460
- C:\Windows\System\dsmpwvE.exe
  C:\Windows\System\dsmpwvE.exe
  2⤵
  PID:7292
- C:\Windows\System\mqJlHCj.exe
  C:\Windows\System\mqJlHCj.exe
  2⤵
  PID:8528
- C:\Windows\System\tyKhAkY.exe
  C:\Windows\System\tyKhAkY.exe
  2⤵
  PID:8592
- C:\Windows\System\WIEPgkc.exe
  C:\Windows\System\WIEPgkc.exe
  2⤵
  PID:8632
- C:\Windows\System\TmMCTpj.exe
  C:\Windows\System\TmMCTpj.exe
  2⤵
  PID:8212
- C:\Windows\System\EOeZJAA.exe
  C:\Windows\System\EOeZJAA.exe
  2⤵
  PID:7256
- C:\Windows\System\dicJkGP.exe
  C:\Windows\System\dicJkGP.exe
  2⤵
  PID:8440
- C:\Windows\System\oxbsbRR.exe
  C:\Windows\System\oxbsbRR.exe
  2⤵
  PID:8052
- C:\Windows\System\YNbBmVI.exe
  C:\Windows\System\YNbBmVI.exe
  2⤵
  PID:8576
- C:\Windows\System\nHXupng.exe
  C:\Windows\System\nHXupng.exe
  2⤵
  PID:8648
- C:\Windows\System\wkdBEMF.exe
  C:\Windows\System\wkdBEMF.exe
  2⤵
  PID:8248
- C:\Windows\System\xusdzbE.exe
  C:\Windows\System\xusdzbE.exe
  2⤵
  PID:8404
- C:\Windows\System\mOqqcSn.exe
  C:\Windows\System\mOqqcSn.exe
  2⤵
  PID:8340
- C:\Windows\System\iCACLUR.exe
  C:\Windows\System\iCACLUR.exe
  2⤵
  PID:8276
- C:\Windows\System\oweTATR.exe
  C:\Windows\System\oweTATR.exe
  2⤵
  PID:8688
- C:\Windows\System\GIRmqJb.exe
  C:\Windows\System\GIRmqJb.exe
  2⤵
  PID:8700
- C:\Windows\System\PSJfKJr.exe
  C:\Windows\System\PSJfKJr.exe
  2⤵
  PID:8736
- C:\Windows\System\JZyZeBq.exe
  C:\Windows\System\JZyZeBq.exe
  2⤵
  PID:8784
- C:\Windows\System\LbJctfy.exe
  C:\Windows\System\LbJctfy.exe
  2⤵
  PID:8848
- C:\Windows\System\EhVsNQm.exe
  C:\Windows\System\EhVsNQm.exe
  2⤵
  PID:8912
- C:\Windows\System\jaLIoXn.exe
  C:\Windows\System\jaLIoXn.exe
  2⤵
  PID:8980
- C:\Windows\System\dvOwCrK.exe
  C:\Windows\System\dvOwCrK.exe
  2⤵
  PID:9044
- C:\Windows\System\UUBdQxo.exe
  C:\Windows\System\UUBdQxo.exe
  2⤵
  PID:8832
- C:\Windows\System\kvBWVCA.exe
  C:\Windows\System\kvBWVCA.exe
  2⤵
  PID:8560
- C:\Windows\System\bFRPLcy.exe
  C:\Windows\System\bFRPLcy.exe
  2⤵
  PID:8016
- C:\Windows\System\lNEtZNl.exe
  C:\Windows\System\lNEtZNl.exe
  2⤵
  PID:7176
- C:\Windows\System\HmqMoYa.exe
  C:\Windows\System\HmqMoYa.exe
  2⤵
  PID:8244
- C:\Windows\System\uEwfTsP.exe
  C:\Windows\System\uEwfTsP.exe
  2⤵
  PID:7940
- C:\Windows\System\MmHffeR.exe
  C:\Windows\System\MmHffeR.exe
  2⤵
  PID:8436
- C:\Windows\System\kZwOlnW.exe
  C:\Windows\System\kZwOlnW.exe
  2⤵
  PID:8692
- C:\Windows\System\WYWRhKV.exe
  C:\Windows\System\WYWRhKV.exe
  2⤵
  PID:8752
- C:\Windows\System\bXmmILz.exe
  C:\Windows\System\bXmmILz.exe
  2⤵
  PID:8696
- C:\Windows\System\lFfLESU.exe
  C:\Windows\System\lFfLESU.exe
  2⤵
  PID:8804
- C:\Windows\System\lbzShoq.exe
  C:\Windows\System\lbzShoq.exe
  2⤵
  PID:8884
- C:\Windows\System\sxwQTdl.exe
  C:\Windows\System\sxwQTdl.exe
  2⤵
  PID:8868
- C:\Windows\System\sJjVpFr.exe
  C:\Windows\System\sJjVpFr.exe
  2⤵
  PID:8928
- C:\Windows\System\eDekkdt.exe
  C:\Windows\System\eDekkdt.exe
  2⤵
  PID:8992
- C:\Windows\System\xDrmqWk.exe
  C:\Windows\System\xDrmqWk.exe
  2⤵
  PID:9060
- C:\Windows\System\abqNtUX.exe
  C:\Windows\System\abqNtUX.exe
  2⤵
  PID:9088
- C:\Windows\System\GOnENxs.exe
  C:\Windows\System\GOnENxs.exe
  2⤵
  PID:9168
- C:\Windows\System\HZLgrfH.exe
  C:\Windows\System\HZLgrfH.exe
  2⤵
  PID:9156
- C:\Windows\System\iKZKwRQ.exe
  C:\Windows\System\iKZKwRQ.exe
  2⤵
  PID:8264
- C:\Windows\System\CRJaUaG.exe
  C:\Windows\System\CRJaUaG.exe
  2⤵
  PID:8328
- C:\Windows\System\vUspcqQ.exe
  C:\Windows\System\vUspcqQ.exe
  2⤵
  PID:7812
- C:\Windows\System\MRseDRe.exe
  C:\Windows\System\MRseDRe.exe
  2⤵
  PID:8196
- C:\Windows\System\tbzlDUW.exe
  C:\Windows\System\tbzlDUW.exe
  2⤵
  PID:8356
- C:\Windows\System\WKWKenr.exe
  C:\Windows\System\WKWKenr.exe
  2⤵
  PID:8664
- C:\Windows\System\wlQaCJD.exe
  C:\Windows\System\wlQaCJD.exe
  2⤵
  PID:8724
- C:\Windows\System\qCYXNCf.exe
  C:\Windows\System\qCYXNCf.exe
  2⤵
  PID:8960
- C:\Windows\System\lubRhoB.exe
  C:\Windows\System\lubRhoB.exe
  2⤵
  PID:9200
- C:\Windows\System\PPLPQzt.exe
  C:\Windows\System\PPLPQzt.exe
  2⤵
  PID:9124
- C:\Windows\System\KGialSP.exe
  C:\Windows\System\KGialSP.exe
  2⤵
  PID:8292
- C:\Windows\System\GmuaIoT.exe
  C:\Windows\System\GmuaIoT.exe
  2⤵
  PID:8684
- C:\Windows\System\bWrQfsn.exe
  C:\Windows\System\bWrQfsn.exe
  2⤵
  PID:9028
- C:\Windows\System\utucvgv.exe
  C:\Windows\System\utucvgv.exe
  2⤵
  PID:9136
- C:\Windows\System\NLboCkK.exe
  C:\Windows\System\NLboCkK.exe
  2⤵
  PID:7760
- C:\Windows\System\cynZGlD.exe
  C:\Windows\System\cynZGlD.exe
  2⤵
  PID:8344
- C:\Windows\System\huwWbiI.exe
  C:\Windows\System\huwWbiI.exe
  2⤵
  PID:8524
- C:\Windows\System\BYYeYZX.exe
  C:\Windows\System\BYYeYZX.exe
  2⤵
  PID:9188
- C:\Windows\System\syUfXtn.exe
  C:\Windows\System\syUfXtn.exe
  2⤵
  PID:6268
- C:\Windows\System\fMgHYfU.exe
  C:\Windows\System\fMgHYfU.exe
  2⤵
  PID:7404
- C:\Windows\System\JjhQDqm.exe
  C:\Windows\System\JjhQDqm.exe
  2⤵
  PID:7748
- C:\Windows\System\erenFuA.exe
  C:\Windows\System\erenFuA.exe
  2⤵
  PID:7728
- C:\Windows\System\IffzyPq.exe
  C:\Windows\System\IffzyPq.exe
  2⤵
  PID:8616
- C:\Windows\System\OcGEscX.exe
  C:\Windows\System\OcGEscX.exe
  2⤵
  PID:9184
- C:\Windows\System\SZVxAIJ.exe
  C:\Windows\System\SZVxAIJ.exe
  2⤵
  PID:9092
- C:\Windows\System\dsvoItl.exe
  C:\Windows\System\dsvoItl.exe
  2⤵
  PID:9104
- C:\Windows\System\rbLkKej.exe
  C:\Windows\System\rbLkKej.exe
  2⤵
  PID:9220
- C:\Windows\System\oaaFOXP.exe
  C:\Windows\System\oaaFOXP.exe
  2⤵
  PID:9236
- C:\Windows\System\LDOSeOK.exe
  C:\Windows\System\LDOSeOK.exe
  2⤵
  PID:9256
- C:\Windows\System\DgWhGmr.exe
  C:\Windows\System\DgWhGmr.exe
  2⤵
  PID:9272
- C:\Windows\System\HzMxNui.exe
  C:\Windows\System\HzMxNui.exe
  2⤵
  PID:9288
- C:\Windows\System\xmFFzqj.exe
  C:\Windows\System\xmFFzqj.exe
  2⤵
  PID:9304
- C:\Windows\System\GXbwGoe.exe
  C:\Windows\System\GXbwGoe.exe
  2⤵
  PID:9332
- C:\Windows\System\UyHBXVI.exe
  C:\Windows\System\UyHBXVI.exe
  2⤵
  PID:9352
- C:\Windows\System\oUtgfyC.exe
  C:\Windows\System\oUtgfyC.exe
  2⤵
  PID:9368
- C:\Windows\System\olLMDRY.exe
  C:\Windows\System\olLMDRY.exe
  2⤵
  PID:9388
- C:\Windows\System\nwQZVyM.exe
  C:\Windows\System\nwQZVyM.exe
  2⤵
  PID:9408
- C:\Windows\System\VsqvQPw.exe
  C:\Windows\System\VsqvQPw.exe
  2⤵
  PID:9424
- C:\Windows\System\pcUZkWn.exe
  C:\Windows\System\pcUZkWn.exe
  2⤵
  PID:9448
- C:\Windows\System\vrjcpIe.exe
  C:\Windows\System\vrjcpIe.exe
  2⤵
  PID:9468
- C:\Windows\System\FxHObTK.exe
  C:\Windows\System\FxHObTK.exe
  2⤵
  PID:9492
- C:\Windows\System\zhQxLBk.exe
  C:\Windows\System\zhQxLBk.exe
  2⤵
  PID:9508
- C:\Windows\System\fRZvrPw.exe
  C:\Windows\System\fRZvrPw.exe
  2⤵
  PID:9524
- C:\Windows\System\aDZWDGF.exe
  C:\Windows\System\aDZWDGF.exe
  2⤵
  PID:9616
- C:\Windows\System\ogQiGtF.exe
  C:\Windows\System\ogQiGtF.exe
  2⤵
  PID:9636
- C:\Windows\System\zqbaytW.exe
  C:\Windows\System\zqbaytW.exe
  2⤵
  PID:9668
- C:\Windows\System\iRxdtcG.exe
  C:\Windows\System\iRxdtcG.exe
  2⤵
  PID:9684
- C:\Windows\System\AyospFg.exe
  C:\Windows\System\AyospFg.exe
  2⤵
  PID:9700
- C:\Windows\System\VEmTUKz.exe
  C:\Windows\System\VEmTUKz.exe
  2⤵
  PID:9716
- C:\Windows\System\URXvnSC.exe
  C:\Windows\System\URXvnSC.exe
  2⤵
  PID:9732
- C:\Windows\System\JArplpV.exe
  C:\Windows\System\JArplpV.exe
  2⤵
  PID:9748
- C:\Windows\System\feMKzPR.exe
  C:\Windows\System\feMKzPR.exe
  2⤵
  PID:9764
- C:\Windows\System\oEdahps.exe
  C:\Windows\System\oEdahps.exe
  2⤵
  PID:9780
- C:\Windows\System\ipnjTkr.exe
  C:\Windows\System\ipnjTkr.exe
  2⤵
  PID:9796
- C:\Windows\System\XhZgxyw.exe
  C:\Windows\System\XhZgxyw.exe
  2⤵
  PID:9912
- C:\Windows\System\XxNffhm.exe
  C:\Windows\System\XxNffhm.exe
  2⤵
  PID:9968
- C:\Windows\System\tJFuYuK.exe
  C:\Windows\System\tJFuYuK.exe
  2⤵
  PID:10004
- C:\Windows\System\ySvoeuZ.exe
  C:\Windows\System\ySvoeuZ.exe
  2⤵
  PID:10024
- C:\Windows\System\MMdwWzy.exe
  C:\Windows\System\MMdwWzy.exe
  2⤵
  PID:10052
- C:\Windows\System\hzqCePB.exe
  C:\Windows\System\hzqCePB.exe
  2⤵
  PID:10072
- C:\Windows\System\FMdQKoG.exe
  C:\Windows\System\FMdQKoG.exe
  2⤵
  PID:10088
- C:\Windows\System\gwpdpHB.exe
  C:\Windows\System\gwpdpHB.exe
  2⤵
  PID:10104
- C:\Windows\System\SfnThHY.exe
  C:\Windows\System\SfnThHY.exe
  2⤵
  PID:10120
- C:\Windows\System\YfVQtGf.exe
  C:\Windows\System\YfVQtGf.exe
  2⤵
  PID:10136
- C:\Windows\System\LPYELPm.exe
  C:\Windows\System\LPYELPm.exe
  2⤵
  PID:10152
- C:\Windows\System\eMvCABj.exe
  C:\Windows\System\eMvCABj.exe
  2⤵
  PID:10168
- C:\Windows\System\gJeNBMo.exe
  C:\Windows\System\gJeNBMo.exe
  2⤵
  PID:10184
- C:\Windows\System\rffoMEB.exe
  C:\Windows\System\rffoMEB.exe
  2⤵
  PID:10200
- C:\Windows\System\xvfnuUb.exe
  C:\Windows\System\xvfnuUb.exe
  2⤵
  PID:10216
- C:\Windows\System\OqetOEP.exe
  C:\Windows\System\OqetOEP.exe
  2⤵
  PID:10232
- C:\Windows\System\XTDlgEE.exe
  C:\Windows\System\XTDlgEE.exe
  2⤵
  PID:9232
- C:\Windows\System\UugiKil.exe
  C:\Windows\System\UugiKil.exe
  2⤵
  PID:9268
- C:\Windows\System\KYBjnCD.exe
  C:\Windows\System\KYBjnCD.exe
  2⤵
  PID:9244
- C:\Windows\System\BMNFCya.exe
  C:\Windows\System\BMNFCya.exe
  2⤵
  PID:9296
- C:\Windows\System\gqlEvyh.exe
  C:\Windows\System\gqlEvyh.exe
  2⤵
  PID:9312
- C:\Windows\System\cEnfjle.exe
  C:\Windows\System\cEnfjle.exe
  2⤵
  PID:9380
- C:\Windows\System\XzrNFPm.exe
  C:\Windows\System\XzrNFPm.exe
  2⤵
  PID:9416
- C:\Windows\System\tZhumwH.exe
  C:\Windows\System\tZhumwH.exe
  2⤵
  PID:9436
- C:\Windows\System\pFBcECr.exe
  C:\Windows\System\pFBcECr.exe
  2⤵
  PID:9460
- C:\Windows\System\JcyyQsu.exe
  C:\Windows\System\JcyyQsu.exe
  2⤵
  PID:9504
- C:\Windows\System\bxSoeQL.exe
  C:\Windows\System\bxSoeQL.exe
  2⤵
  PID:8512
- C:\Windows\System\JxdNraN.exe
  C:\Windows\System\JxdNraN.exe
  2⤵
  PID:9544
- C:\Windows\System\LZgWhmn.exe
  C:\Windows\System\LZgWhmn.exe
  2⤵
  PID:9560
- C:\Windows\System\LSjecWy.exe
  C:\Windows\System\LSjecWy.exe
  2⤵
  PID:9576
- C:\Windows\System\YPJLICS.exe
  C:\Windows\System\YPJLICS.exe
  2⤵
  PID:9604
- C:\Windows\System\YxicuVL.exe
  C:\Windows\System\YxicuVL.exe
  2⤵
  PID:9648
- C:\Windows\System\gyiRbxp.exe
  C:\Windows\System\gyiRbxp.exe
  2⤵
  PID:9664
- C:\Windows\System\uLemGnY.exe
  C:\Windows\System\uLemGnY.exe
  2⤵
  PID:9676
- C:\Windows\System\WlQOkde.exe
  C:\Windows\System\WlQOkde.exe
  2⤵
  PID:9740
- C:\Windows\System\pvFKyfB.exe
  C:\Windows\System\pvFKyfB.exe
  2⤵
  PID:9760
- C:\Windows\System\lKwOOim.exe
  C:\Windows\System\lKwOOim.exe
  2⤵
  PID:9792
- C:\Windows\System\OqVOcvv.exe
  C:\Windows\System\OqVOcvv.exe
  2⤵
  PID:9844
- C:\Windows\System\lerqQIL.exe
  C:\Windows\System\lerqQIL.exe
  2⤵
  PID:9864
- C:\Windows\System\tffWLdv.exe
  C:\Windows\System\tffWLdv.exe
  2⤵
  PID:9880
- C:\Windows\System\kXKBrvN.exe
  C:\Windows\System\kXKBrvN.exe
  2⤵
  PID:9900
- C:\Windows\System\StkNhvr.exe
  C:\Windows\System\StkNhvr.exe
  2⤵
  PID:9920
- C:\Windows\System\yrdsdrM.exe
  C:\Windows\System\yrdsdrM.exe
  2⤵
  PID:9924
- C:\Windows\System\jzhZMya.exe
  C:\Windows\System\jzhZMya.exe
  2⤵
  PID:9952
- C:\Windows\System\FfwQRIE.exe
  C:\Windows\System\FfwQRIE.exe
  2⤵
  PID:10012
- C:\Windows\System\gaTHKMi.exe
  C:\Windows\System\gaTHKMi.exe
  2⤵
  PID:10112
- C:\Windows\System\HywMdcp.exe
  C:\Windows\System\HywMdcp.exe
  2⤵
  PID:10180
- C:\Windows\System\XtBgQiM.exe
  C:\Windows\System\XtBgQiM.exe
  2⤵
  PID:8944
- C:\Windows\System\kqsAqQi.exe
  C:\Windows\System\kqsAqQi.exe
  2⤵
  PID:9328
- C:\Windows\System\nuBokAU.exe
  C:\Windows\System\nuBokAU.exe
  2⤵
  PID:9348
- C:\Windows\System\zhRhDll.exe
  C:\Windows\System\zhRhDll.exe
  2⤵
  PID:9480
- C:\Windows\System\bVMlbQo.exe
  C:\Windows\System\bVMlbQo.exe
  2⤵
  PID:9540
- C:\Windows\System\guSAoBW.exe
  C:\Windows\System\guSAoBW.exe
  2⤵
  PID:9384
- C:\Windows\System\vhIlmUY.exe
  C:\Windows\System\vhIlmUY.exe
  2⤵
  PID:9980
- C:\Windows\System\xNjlSFO.exe
  C:\Windows\System\xNjlSFO.exe
  2⤵
  PID:9440
- C:\Windows\System\aZbJfxQ.exe
  C:\Windows\System\aZbJfxQ.exe
  2⤵
  PID:9588
- C:\Windows\System\cCFnujN.exe
  C:\Windows\System\cCFnujN.exe
  2⤵
  PID:10080
- C:\Windows\System\zZkoQmg.exe
  C:\Windows\System\zZkoQmg.exe
  2⤵
  PID:10084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AAEXMiA.exe

Filesize
6.0MB

MD5
bbd9b1eefe37236193d8a5524a03c27f

SHA1
7c5e522fc1e594b83508d8b417aea4e50b3d3519

SHA256
2a775cf456b00c7024a1b9181e31e562ced0e509b50797206d1a3024b0a2f44e

SHA512
bc7a378f30e7c434e12459203029dd0e0ac53a371050d83b3e40084fcaa90a95e8abcf52cc53958fe526cebd40c22b9ec38d87a54d123383a185ee75d73f4440

Download Submit
C:\Windows\system\AZGrSlG.exe

Filesize
6.0MB

MD5
d6f58c0762baeb5411e3066db34dab68

SHA1
015d359b33a7f67f4ce9f05a3b86515e3051aec1

SHA256
f8dacb5495c0f694bda3ff272238b2277063660598d34097efdec1ea846d6a58

SHA512
03b4dbc01f5ac10629b212dcbaf29e6232ee591096ed19c0d7894a7d8b504d0e04fd1b027c3c4b0777b4c32e3180f305874e6c671d6bb65b18c6513300fc7707

Download Submit
C:\Windows\system\BMNrSEg.exe

Filesize
6.0MB

MD5
b468da48cd7ec07b271590a017c25a44

SHA1
1ca82beada683012e73681372bc86fac1cb87bb9

SHA256
e3761e553b3ee35827ec09da1e696f4dfb55b28ac87b23f75ee61ca8c900c9b4

SHA512
89743480af2a8bbb57862a7142a188cb885479baa718ac30a1b3a0611f6f16eb0bdc0b3e0258eb1e722c282e491bb991699a2e650ccd23c3c07b144b239e8939

Download Submit
C:\Windows\system\EgZloGL.exe

Filesize
6.0MB

MD5
a96692c00744b39dad773e9523cf0a98

SHA1
531ed60a88d71fe685d1a20b17faa58d9edb3b81

SHA256
6d14312904057bafaba422f65e72fb2269b1ea53fcb1be3640fd41084e0b3f07

SHA512
41cad8e98b033e20335e3688b74d78bb7cfe2afbe185e655abd9c22bf53edc97878176d08de21b2817572b5dabbfa98fdb60d9b50f34b1a455da07c05d39b740

Download Submit
C:\Windows\system\FApqAuH.exe

Filesize
6.0MB

MD5
cb21b72f7e0f9c7f02380d49572bd67b

SHA1
d3e92fb47aecf7db6b02fc676ff769e11a0e1462

SHA256
0784f6918b2bceda8df6e0184e6a6feadf15b8e269238d0cc3dadc8571ca3f40

SHA512
0fbfc51b761c6f7937e616d9966c4fc256582abad4a3cc0c4acfdde8dd6c610f599dcc2056d1016f89f57a3a1bea363bc245ae40ac023c1c08ea9272fa16941b

Download Submit
C:\Windows\system\GHumfnB.exe

Filesize
6.0MB

MD5
12d7c118e7f119aa809ae718fffa28f5

SHA1
cbda815753bc22f12b21dc0dc2df4e555a82fe4f

SHA256
2ab4d9e65d7f2daa1d6b4bc1b4133c27eacf974f693735f0271de98a63838a52

SHA512
90c372cf0c84159eb7f8001d46c3b569a22c86fa848f3da3349fcb892889d48ea3b5e7bbc6ba56fcbcf7697ac2c9a8f62ac7bd286b4d0951ea1d6a8344be7683

Download Submit
C:\Windows\system\HMdLiGT.exe

Filesize
6.0MB

MD5
31d23244b0cab42e6a9d0c5d198aed96

SHA1
741cf72b77cf59fcde992c688f6e33d25b9ee8ba

SHA256
fb5a605ef05de371639ce0bd27dec6c8b1225c7e6f93cf669a5ee9094969277d

SHA512
1e4d4f94eefc386a90b73826276ac2586c57c38599573a194c079d4e83ab2ab08068e0a91075d0ad6b640ee74effc650f8c57463947a97e9c3972f566c0e7683

Download Submit
C:\Windows\system\PIFsHyP.exe

Filesize
6.0MB

MD5
0552704276e5b6f21f9b9e78d9785013

SHA1
3a3d99d1a10246d701f6c2b281c74b7eeeb042f0

SHA256
723474283cd8f66ec532423a2502fe626a9b79e341fd6cb81d3cc28cb14a14c6

SHA512
205c3f5682f8a9347c5e10cc09bd92d1f83f3ac5e226cead83f856fcfec2e2d009861fe426fd0b9cdd14dbece40dee573ff3f38c46a88bcc530e03dc03399036

Download Submit
C:\Windows\system\TSQVesg.exe

Filesize
6.0MB

MD5
65b09440c9cb5d78377eb49329cc12de

SHA1
e054998aa2969d705958d57ebd8d84460021c6f2

SHA256
e927ccb91a3604e3a145c39f6884ff910cc90dbf512c3ce9ad53ff7d19d8db47

SHA512
dda3064ddca774a6b055ccfda07281d9112459ee5f1f5b03cdab1f1c1389749e06aa0ebca416faef56f9cbe3a638145e7330292bc3dd7566021100a00ca3e42d

Download Submit
C:\Windows\system\VTjHmbT.exe

Filesize
6.0MB

MD5
5349f5d0bf6b197a02199a647bf32e6d

SHA1
38c6390f647df0eb009507bfb3c5f1151a69310b

SHA256
71a136f8b02d9791df602eb66952602da96d013b3f109fd7777977455470596f

SHA512
e5d0e145a077afe1dffa0ed4ccf64849d098f319fff521e0351fe44b7cd5811596e85ae2f7a80f541c13847fa2edc68ca45044968e7ea1f6879382d9c4282c23

Download Submit
C:\Windows\system\WbVQdbK.exe

Filesize
6.0MB

MD5
e122a947e3bb2e1481d4966612f1aee2

SHA1
0b17e156339eab38982503179f0107ebb45ffeb2

SHA256
9e7eab06e4ce0f3fc3040364c5b686111411493c4f21e0c4c60587c6e98a4e7c

SHA512
310d19f0e07a5737e66cf0299bcd4c0ce40f0e7fb4f4bee612057741a605b34df236e1c660c6097f22f85c1c2e455eb59a10d6811124fb51b9b6de5aef2dac6e

Download Submit
C:\Windows\system\WuDqNoM.exe

Filesize
6.0MB

MD5
b3163ea13dd39ddc4dd40a141c7ec838

SHA1
a395d976b5d66e8c1cf6a8d7c14c1c7b2f67c649

SHA256
437beca91a0db7377b2f941f1d4394cb1955400ced76361cfc00ff0763319003

SHA512
550b08d509934e1ec92cdb3453d5268d32476c4d9e6e20a580a0d3b7b905e21ad742ee9f2b071f66a04859c10c5a750bcfc8e2cacdbc2c6c3ecb6876bbca972f

Download Submit
C:\Windows\system\XEximcV.exe

Filesize
6.0MB

MD5
b520ec27f287bc95044849894bfe27f1

SHA1
c67f3e81976c780540d7972441e813e185bfbfee

SHA256
ef5d7bc0e4c2faa85f2275fd8265b84be808a893de490a4ebfc2f2e88cd7322a

SHA512
a2f21d48dccff9994085c2b03ce15aa3033de856fb0dc9ae597333f63569b0799f0d7db493d2b9c2c0dbd1e84f7335bdb995217d93156dde1bde995e9314b645

Download Submit
C:\Windows\system\YrVjUfy.exe

Filesize
6.0MB

MD5
e33395dce5b7a18e1b1790307e72e8cb

SHA1
7b51a6e5081ab2eb7e6f7e2bbd0c82945b0dcf15

SHA256
e96434d49a0c76ab65d92e25c4248e1c31502e73bb090d14d86e019a62df4d32

SHA512
2d21ed23cce074fbcdb72ffb58259eed67b2fdf9a9528b19b02b6e5d41b2cb22e4b05b12a601c05a246af1f5b7db0dc09d8f80be0ebcfdca0faebec696ef579d

Download Submit
C:\Windows\system\eDczyOO.exe

Filesize
6.0MB

MD5
e39e31fda7d7c537556af0b59c2c51c1

SHA1
aab392e6b800096ed1a3e00c6d3cad76509fe554

SHA256
fa99b6cd3a244348746cbf3e4bed8a98474aaeb3bb380033ca75707c6bd14256

SHA512
fd4e20ce162a5ecaf086d70a8e4c017c41f457e14a91f12c0520987f9543614fad07637da87b9e57ed9674c9635c5a85fbfc4cc48c8cd1de242b661047c93269

Download Submit
C:\Windows\system\hSGYtKs.exe

Filesize
6.0MB

MD5
214188a9b003c78358d8cda8aab6e43b

SHA1
613cd8d06ccac9f22d47ebe0a7fc7c8c8a92c2a9

SHA256
a3c055b16c12e84e378f52543015907f3f2b0b25d1812be5a79c3fc2738f7b99

SHA512
fc097d7eb92ef637f8909d3dab466ebed5a5f26731fecebafe1321af9bd9f4613c12d6750c0690450a1ece8ed4ac62853aa2f6efc215cff23d5df5adb91281b9

Download Submit
C:\Windows\system\kXyrwtp.exe

Filesize
6.0MB

MD5
edf4e3bb8059aa7fb655dac8a44cadb9

SHA1
a3eb40097940f297535d02ca2ad1bfb81fbd62cc

SHA256
d18854643d82fff69e8c18b4cbb0572031428e0bfb4433e21cc921a60e5a2226

SHA512
6d2ad29d98e7630e231f60aba12ddfb19778ef16dd69f1398794400e6e2bc7c2a9227efd8e43a464b34359690e789eb59131a10266374ad97f8c822fb498c33e

Download Submit
C:\Windows\system\kevQBQk.exe

Filesize
6.0MB

MD5
5f33ec25bf6fd8d56a814fb895d1a2be

SHA1
ba2f31b9123463a6792860b631207b45b1988327

SHA256
e4fedfed59d69cf73a7c1b69c4d5a5786eeec078014aef72f2f3f55c45cec4da

SHA512
3faac3a90e49fb83c9354f7cd3afbf0ca33edb633c2c794f531038955000117686a85407617286b2504b54d59a551ed06645868ed2592d4cfb25796fc6c59582

Download Submit
C:\Windows\system\qrefEWK.exe

Filesize
6.0MB

MD5
7769d6ee9482d788b75ee6b7195e8ba5

SHA1
b7f51e8c36a7c9d330ce95ae5a54e1c39e1d05fc

SHA256
349bd22a2b8229556ca5367fd718af7e047ab63b8722c22b6b906a2fab40ec34

SHA512
7e1de48173528863a9de5579ec70e42e43a4aada6bcf71d28070e5bcfce63b0c298da26667c378da0526fc4f4ec2db87752c78769cca39aebc6bf301c57c713c

Download Submit
C:\Windows\system\tynjzKb.exe

Filesize
6.0MB

MD5
82be411f1c9c8adc75ff94eabc1d0dca

SHA1
09307dd4afce1eda3422d811189e9b49c72667db

SHA256
98c650d606f729d25565b14c22f2a8b6d092b45c1c13f4352f76c54b3cb502bb

SHA512
fdf1721a5f6f5367a569d6f3c329a002a7868c6a5dc649759ae9bc94b568abf486b8bfbcd3f91b73e5e2399bb7632a4f5462f46b4aab3f0daf8f88da9f030534

Download Submit
C:\Windows\system\vDKSXHa.exe

Filesize
6.0MB

MD5
9ae08032c30351df0b7bdfcfae804d0a

SHA1
c9945a1b6c3af2dc4e03b41c929290024e87db82

SHA256
7cb7e742553178fba638dc95a278eff807b64e623381d53ea345981839d2fa17

SHA512
2c16d59e3c5b592b173a056069449311be43925acdc4179585b63bfff0159bd1e3201bd6d0326a292c6233273ab14261576a6360fccf781199ecc69e3143786c

Download Submit
C:\Windows\system\vdGEuWg.exe

Filesize
6.0MB

MD5
49367d0d62978dada813c4cbbb090d95

SHA1
891f4d7d28adc6b84efd7eef7cf46c4b8a92767d

SHA256
37040060a76a890c7ca729b4384bec68419226ea65711c958d79ef0fe47973e4

SHA512
7b4c200518baa9408f497d497c7bdff20da7ac627cbbca32216b642e2abb909427c7754340321a43762f6ddd5087b26e40f734476d3324e252c083e1f8f1f092

Download Submit
C:\Windows\system\wjCVCOe.exe

Filesize
6.0MB

MD5
ae49282b41d9c3234804d1e52511f863

SHA1
22dd470ddd8d026a1ce098dc64556768b496dd5c

SHA256
d000ae652d5410f7760a0d2b5358cd99a4739fe45390337967da0dd48cd064a0

SHA512
427bf783ddfbe2e6d6bb93d8e214e1f662c34c169ce4a5c7d8558c7525afc48a2e40c3f68a56f07537f67adc1b369f84d9fcf36a5eb687535415fd755641f040

Download Submit
C:\Windows\system\wrmTwXT.exe

Filesize
6.0MB

MD5
6f6b309a92ecaa0f7e5443da3be9109c

SHA1
85025846bcbe29efab596a56fca78f54e784ece5

SHA256
2b2480e811b86216b697afa87ecd62dc2fcdd951dbe9e2d1898de87ca7de4c31

SHA512
14c6cbc8e7e6dbdb8da4a7a9c2037df02afeae41beee3f2c2b791f1f08f8e1de1ee909675c408cd851a2ddd3674ac85bb22eb3bdf877032f0bcde39a61bc030d

Download Submit
C:\Windows\system\yyEfjWh.exe

Filesize
6.0MB

MD5
2e8904552c530fa903cda8f7320281e2

SHA1
07f5b0f96d39a08220f349d7cf6979ced5e5947b

SHA256
8940bf6ec2892d0344a997aae669897b10a1810c786cfdd7422c174fe812ee9e

SHA512
d10a2702a465ef3c7b2dff1724b6c9e0d974f60c637cec9e70c9848c6a8ebb3a8d943fdaac424396070b140be4130553fbb4ec4bde6abe74c6edd103784ef4de

Download Submit
\Windows\system\aMpoean.exe

Filesize
6.0MB

MD5
c80b505a004b1bb6ba16ef81242332e9

SHA1
8d2774561efac755dad17d907091754ee7a5b5b4

SHA256
24021a466b87f2a4f6ecbbfbde9d23eccd65f6f5a3799115e59dd296ef248375

SHA512
f35c895edd5fa4408b70beb4f8eb95b14888d12d344dfc0ae505a1aa5fbe97d8c3312d986a4c0f5697a9cfb3ca218197ac88522a9b23042b660b99a6c9a5509c

Download Submit
\Windows\system\detFHhC.exe

Filesize
6.0MB

MD5
293ee871b1b0cae7441735e6cc4d37d0

SHA1
857ed2f59df5aa705e2ae0370b80e7b04df89955

SHA256
0f1dccd7370d5e4bf41f713223a7012366660a9f1d9eb3bc7cfecfae601248fc

SHA512
480c5a36e4c06011f975def96059726c5c7391bbed7ddc4f2d225af4d28bf0ae81bba5e7bbb169b59cb929ba9c60296fda721e3c82b07318b348a48d3127f26b

Download Submit
\Windows\system\fotoirG.exe

Filesize
6.0MB

MD5
bd93e945f70b67c8caa4962a79983029

SHA1
0c31fece22905f2b9f8b3c5006c38a288e3ea8a8

SHA256
9565db76352ee0eb77e17a4b05fa7147b3423f0b8c98983c005279157ab4f926

SHA512
59da5ebe9287c64f9bbee04ace379554f5751cedc5dbf0388f321d8153034a6035d9aecda8e5324fb58202bc5c8d2a1e3f24d718330bca0be97b641c1a5ba92b

Download Submit
\Windows\system\oBHvSdz.exe

Filesize
6.0MB

MD5
fd1098dd86d0a2e9329f34ea296680a5

SHA1
d9e7335dd4ee1f0eba31cf67a1b67c91dcb22a23

SHA256
0977824241208e57569fb4a4410b8ba1dce48af579065c2172697eb4147f9195

SHA512
287556efceb8756a018320ffa9bb2b2f796d6dfa093f44e218d4ccd0111996bdd6c1a8e332505f4f77c73a1ae8b4bbb13be0f6c1fdb70555ae6dcf61d1e541f1

Download Submit
\Windows\system\rEITlus.exe

Filesize
6.0MB

MD5
9ac7f5aaea7ccc4237529a34603d8711

SHA1
a5887c038dc471de0c91daa984943d0766e5e6b4

SHA256
fe015c52591fe959c319d0dfb5d6142bc7ee83b3035a261df9303c507e407322

SHA512
4256ed3dc5bd4b05437867ca820498bb37946abb22d5188a4047566d7e69e13b183ebb9e88c93be92f275ca80501743eca9a37411dfdb84513f486dc01140fd7

Download Submit
\Windows\system\sEKJUWb.exe

Filesize
6.0MB

MD5
34f7e8f8f1771d82ae5e89be25bcf6a4

SHA1
34b3d5ebee6d626300d33e3995fad7a70811275d

SHA256
78b12d6b79720704e0e98c6e7a69a52288f8d0f213d416fab080c7447d4e69ac

SHA512
9500ae2455059fc5a762f0725c5561dfc3e9eeba3c0de888a8bf5f37ab36f66ab8b973cfdabe08d28df75f8560b5e7d38e36ca28fa5b945b2cd70c61b86c3cf1

Download Submit
\Windows\system\vzLHxAZ.exe

Filesize
6.0MB

MD5
df3b2b77d3e4bc13233853eb0a90f6d5

SHA1
1fda2c2c4e2ff254cf1ac223bab664806231709d

SHA256
bf29769df36b9ba23fcf4fb240ae91cde6dd9f296c28317f22eb98e39e28e055

SHA512
4178d0ea98c40c53a604ec2533ac57d6bbc4d3eade929a395a26b7e5a29026840768be1ca348e4978e6eed9be24e69af4f322f7b8e5b65d0af663302b06d597a

Download Submit
memory/484-3546-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/484-412-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/484-89-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/664-3559-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/664-95-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/664-663-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/824-823-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/824-3571-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/824-101-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-3245-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/1684-41-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/1684-8-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/1828-3549-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/1828-79-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2160-3366-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2160-78-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2160-27-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2208-92-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2208-3567-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-105-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-63-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2296-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2296-39-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2296-922-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-17-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2296-76-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-23-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2296-74-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-67-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2296-48-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2296-0-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-104-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2296-195-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2296-97-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-33-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-50-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-3535-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2412-84-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2412-502-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2608-38-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2608-91-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2608-3392-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2616-83-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2616-501-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2616-3560-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2628-51-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-3448-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3182-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2712-52-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2712-14-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3382-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-43-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-59-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2848-19-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2848-3268-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download