cobaltstrike | ae80362bda9142ac6254615d7c5d18f47b8f744c1913481cd33d4cde6776ebc9

Analysis

max time kernel
150s
max time network
130s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
16-11-2024 23:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b38af1b15557aa3fc06d9ce9997af23b
SHA1

c6f9b6e24a6d8804b263a93767e7cb31d6e6e7bd
SHA256

ae80362bda9142ac6254615d7c5d18f47b8f744c1913481cd33d4cde6776ebc9
SHA512

6a76acc601137fe672ad2b14da62f87980c526e6f803292b17e1cc9f169dda9345196440cf6b27dd91abfbe25ac0da7b8d3fde2fcc82c8e1c3c67621c65d8aa1
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUJ:T+q56utgpPF8u/7J

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000e000000015cbd-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017525-7.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018687-18.dat	cobalt_reflective_dll
behavioral1/files/0x000e00000001866e-13.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018c1a-33.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018792-37.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018c26-46.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001928c-54.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019353-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019356-76.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019397-96.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a5-107.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019426-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019442-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946b-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ff-172.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001963a-194.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019632-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019630-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952c-177.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194df-167.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ae-157.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c9-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946e-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019458-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-141.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944d-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019438-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019423-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001937b-91.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001936b-83.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000173fc-61.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2060-0-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/files/0x000e000000015cbd-3.dat	xmrig
behavioral1/files/0x0008000000017525-7.dat	xmrig
behavioral1/files/0x0006000000018687-18.dat	xmrig
behavioral1/files/0x000e00000001866e-13.dat	xmrig
behavioral1/files/0x0008000000018c1a-33.dat	xmrig
behavioral1/memory/1424-17-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x0006000000018792-37.dat	xmrig
behavioral1/memory/2908-39-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2732-41-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2648-42-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2060-28-0x0000000002320000-0x0000000002674000-memory.dmp	xmrig
behavioral1/memory/2644-47-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x0008000000018c26-46.dat	xmrig
behavioral1/memory/2060-44-0x0000000002320000-0x0000000002674000-memory.dmp	xmrig
behavioral1/memory/2408-36-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2684-55-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/files/0x000500000001928c-54.dat	xmrig
behavioral1/files/0x0005000000019353-69.dat	xmrig
behavioral1/memory/3028-70-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2528-63-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/files/0x0005000000019356-76.dat	xmrig
behavioral1/files/0x0005000000019397-96.dat	xmrig
behavioral1/files/0x00050000000193a5-107.dat	xmrig
behavioral1/files/0x0005000000019426-115.dat	xmrig
behavioral1/files/0x0005000000019442-128.dat	xmrig
behavioral1/files/0x000500000001946b-145.dat	xmrig
behavioral1/files/0x00050000000194ff-172.dat	xmrig
behavioral1/memory/264-625-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2860-513-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/1716-408-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/1044-298-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2060-238-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/files/0x000500000001963a-194.dat	xmrig
behavioral1/files/0x0005000000019632-189.dat	xmrig
behavioral1/memory/3028-187-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019630-183.dat	xmrig
behavioral1/files/0x000500000001952c-177.dat	xmrig
behavioral1/files/0x00050000000194df-167.dat	xmrig
behavioral1/files/0x00050000000194ae-157.dat	xmrig
behavioral1/files/0x00050000000194c9-162.dat	xmrig
behavioral1/files/0x000500000001946e-152.dat	xmrig
behavioral1/files/0x0005000000019458-138.dat	xmrig
behavioral1/files/0x000500000001945c-141.dat	xmrig
behavioral1/files/0x000500000001944d-131.dat	xmrig
behavioral1/files/0x0005000000019438-122.dat	xmrig
behavioral1/files/0x0005000000019423-112.dat	xmrig
behavioral1/memory/2860-93-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2684-92-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/files/0x000500000001937b-91.dat	xmrig
behavioral1/memory/264-100-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2528-99-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/1044-77-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/1716-85-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2644-84-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x000500000001936b-83.dat	xmrig
behavioral1/memory/2440-62-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x00090000000173fc-61.dat	xmrig
behavioral1/memory/1424-59-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2060-58-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2440-12-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2408-2590-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2732-2591-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2908-2592-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2440	tLDcozw.exe
1424	XOQQQFU.exe
2408	HHpjLdP.exe
2908	KfYmRlF.exe
2732	TyHvFsF.exe
2648	oqOyIpU.exe
2644	OfVLZvy.exe
2684	kuaqKqo.exe
2528	edHHdgd.exe
3028	XgHzNqU.exe
1044	hAmPXMy.exe
1716	pYIIWuC.exe
2860	pKSnijr.exe
264	lauZuJs.exe
2268	mdByiZm.exe
2616	hoYDoIi.exe
2832	qhmENyC.exe
1088	WmcMQUI.exe
1632	ETUzjCE.exe
1788	EnDuwLu.exe
2556	XCSGhQQ.exe
3048	tCFxemn.exe
1140	obKWQCE.exe
2940	WDmMrKG.exe
2096	iTVfQPE.exe
2132	sUCjsvO.exe
2896	cGHueDI.exe
1792	TIyITKy.exe
1500	fCtZbFg.exe
988	PmZIZTm.exe
748	mllCSfi.exe
340	kbZHquO.exe
2396	bRELtyO.exe
2112	gsAtGOt.exe
1740	VoCPoEj.exe
1712	hJyXbVU.exe
2316	rXbrcdx.exe
836	acJlNss.exe
696	PcFUblM.exe
2280	rYwHPFw.exe
2972	hJlztNi.exe
1260	qgrHSBQ.exe
984	yarXNgr.exe
2956	fraeDjl.exe
2984	VIzZbyf.exe
1972	cmfTyMf.exe
2420	DvxquPm.exe
888	mcOQdJp.exe
2008	PJKAXNz.exe
2916	wYkCqDZ.exe
1592	zpThSbz.exe
1588	DwBcpXE.exe
2596	lvIDXFm.exe
2608	jPfUDGi.exe
2524	Lnlcusd.exe
2704	CtQNjXR.exe
2512	xoivmXt.exe
2580	tbZGNKT.exe
2812	zTBQdOx.exe
532	UQUJJVi.exe
2856	ALtrEZt.exe
2584	MFUAhPk.exe
2348	iJwaiCi.exe
1232	TXcnBwf.exe

Loads dropped DLL 64 IoCs

pid	Process
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2060-0-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/files/0x000e000000015cbd-3.dat	upx
behavioral1/files/0x0008000000017525-7.dat	upx
behavioral1/files/0x0006000000018687-18.dat	upx
behavioral1/files/0x000e00000001866e-13.dat	upx
behavioral1/files/0x0008000000018c1a-33.dat	upx
behavioral1/memory/1424-17-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x0006000000018792-37.dat	upx
behavioral1/memory/2908-39-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2732-41-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2648-42-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2060-28-0x0000000002320000-0x0000000002674000-memory.dmp	upx
behavioral1/memory/2644-47-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x0008000000018c26-46.dat	upx
behavioral1/memory/2408-36-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2684-55-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/files/0x000500000001928c-54.dat	upx
behavioral1/files/0x0005000000019353-69.dat	upx
behavioral1/memory/3028-70-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2528-63-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/files/0x0005000000019356-76.dat	upx
behavioral1/files/0x0005000000019397-96.dat	upx
behavioral1/files/0x00050000000193a5-107.dat	upx
behavioral1/files/0x0005000000019426-115.dat	upx
behavioral1/files/0x0005000000019442-128.dat	upx
behavioral1/files/0x000500000001946b-145.dat	upx
behavioral1/files/0x00050000000194ff-172.dat	upx
behavioral1/memory/264-625-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2860-513-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/1716-408-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/1044-298-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/files/0x000500000001963a-194.dat	upx
behavioral1/files/0x0005000000019632-189.dat	upx
behavioral1/memory/3028-187-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/files/0x0005000000019630-183.dat	upx
behavioral1/files/0x000500000001952c-177.dat	upx
behavioral1/files/0x00050000000194df-167.dat	upx
behavioral1/files/0x00050000000194ae-157.dat	upx
behavioral1/files/0x00050000000194c9-162.dat	upx
behavioral1/files/0x000500000001946e-152.dat	upx
behavioral1/files/0x0005000000019458-138.dat	upx
behavioral1/files/0x000500000001945c-141.dat	upx
behavioral1/files/0x000500000001944d-131.dat	upx
behavioral1/files/0x0005000000019438-122.dat	upx
behavioral1/files/0x0005000000019423-112.dat	upx
behavioral1/memory/2860-93-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2684-92-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/files/0x000500000001937b-91.dat	upx
behavioral1/memory/264-100-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2528-99-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/1044-77-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/1716-85-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2644-84-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x000500000001936b-83.dat	upx
behavioral1/memory/2440-62-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x00090000000173fc-61.dat	upx
behavioral1/memory/1424-59-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2060-58-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2440-12-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2408-2590-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2732-2591-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2908-2592-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/1424-2594-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2644-2600-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\EjpFUwf.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uuooPip.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YrkNNQL.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gwGMBgX.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KFheoOS.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZDZOler.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DncOKtN.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GzndYTL.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dTAPaUk.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SpAQjsG.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NggUcsq.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qGbAnjm.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Nmokxeg.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CIgVNAK.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GrUQcoE.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GAWsiJb.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dBPwAea.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\otByNrY.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rOjPbgD.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XqbVhJV.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dIXbHrY.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AEfkLVL.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uKaEtjW.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KblrpHx.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qAHmINK.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MXqvVMu.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nyiFEYS.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dbldSue.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Efkzbyk.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PJtDhqr.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jGhNilC.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\plmlxoX.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aiVfYYP.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WCmQiXl.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fDIVVAk.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JtUrNuz.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GXnGcDD.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lYnlYLU.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HlTkspd.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ryLeOYZ.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\errKKYf.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RCAEEQl.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uATHqyj.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lqthTLk.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bREOaGs.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZGLEJuw.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nJgrYZh.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oUxJrSP.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oMxsmHi.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PGMYZrd.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jhfffRI.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yHvQxJe.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eRvHaPv.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PUxQByK.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AzHmpPf.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VBHkInR.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AbuTEQp.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ekAceRH.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hWpSaYM.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lpjwqWB.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\elZwAIp.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FHYVtpN.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RktAwfb.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FGnITqI.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 2440	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2060 wrote to memory of 2440	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2060 wrote to memory of 2440	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2060 wrote to memory of 1424	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2060 wrote to memory of 1424	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2060 wrote to memory of 1424	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2060 wrote to memory of 2908	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2060 wrote to memory of 2908	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2060 wrote to memory of 2908	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2060 wrote to memory of 2408	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2060 wrote to memory of 2408	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2060 wrote to memory of 2408	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2060 wrote to memory of 2648	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2060 wrote to memory of 2648	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2060 wrote to memory of 2648	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2060 wrote to memory of 2732	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2060 wrote to memory of 2732	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2060 wrote to memory of 2732	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2060 wrote to memory of 2644	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2060 wrote to memory of 2644	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2060 wrote to memory of 2644	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2060 wrote to memory of 2684	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2060 wrote to memory of 2684	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2060 wrote to memory of 2684	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2060 wrote to memory of 2528	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2060 wrote to memory of 2528	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2060 wrote to memory of 2528	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2060 wrote to memory of 3028	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2060 wrote to memory of 3028	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2060 wrote to memory of 3028	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2060 wrote to memory of 1044	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2060 wrote to memory of 1044	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2060 wrote to memory of 1044	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2060 wrote to memory of 1716	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2060 wrote to memory of 1716	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2060 wrote to memory of 1716	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2060 wrote to memory of 2860	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2060 wrote to memory of 2860	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2060 wrote to memory of 2860	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2060 wrote to memory of 264	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2060 wrote to memory of 264	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2060 wrote to memory of 264	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2060 wrote to memory of 2268	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2060 wrote to memory of 2268	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2060 wrote to memory of 2268	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2060 wrote to memory of 2616	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2060 wrote to memory of 2616	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2060 wrote to memory of 2616	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2060 wrote to memory of 2832	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2060 wrote to memory of 2832	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2060 wrote to memory of 2832	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2060 wrote to memory of 1088	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2060 wrote to memory of 1088	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2060 wrote to memory of 1088	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2060 wrote to memory of 1632	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2060 wrote to memory of 1632	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2060 wrote to memory of 1632	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2060 wrote to memory of 1788	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2060 wrote to memory of 1788	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2060 wrote to memory of 1788	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2060 wrote to memory of 2556	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2060 wrote to memory of 2556	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2060 wrote to memory of 2556	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2060 wrote to memory of 3048	2060	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Windows\System\tLDcozw.exe
  C:\Windows\System\tLDcozw.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\XOQQQFU.exe
  C:\Windows\System\XOQQQFU.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\KfYmRlF.exe
  C:\Windows\System\KfYmRlF.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\HHpjLdP.exe
  C:\Windows\System\HHpjLdP.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\oqOyIpU.exe
  C:\Windows\System\oqOyIpU.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\TyHvFsF.exe
  C:\Windows\System\TyHvFsF.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\OfVLZvy.exe
  C:\Windows\System\OfVLZvy.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\kuaqKqo.exe
  C:\Windows\System\kuaqKqo.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\edHHdgd.exe
  C:\Windows\System\edHHdgd.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\XgHzNqU.exe
  C:\Windows\System\XgHzNqU.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\hAmPXMy.exe
  C:\Windows\System\hAmPXMy.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\pYIIWuC.exe
  C:\Windows\System\pYIIWuC.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\pKSnijr.exe
  C:\Windows\System\pKSnijr.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\lauZuJs.exe
  C:\Windows\System\lauZuJs.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\mdByiZm.exe
  C:\Windows\System\mdByiZm.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\hoYDoIi.exe
  C:\Windows\System\hoYDoIi.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\qhmENyC.exe
  C:\Windows\System\qhmENyC.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\WmcMQUI.exe
  C:\Windows\System\WmcMQUI.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\ETUzjCE.exe
  C:\Windows\System\ETUzjCE.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\EnDuwLu.exe
  C:\Windows\System\EnDuwLu.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\XCSGhQQ.exe
  C:\Windows\System\XCSGhQQ.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\tCFxemn.exe
  C:\Windows\System\tCFxemn.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\obKWQCE.exe
  C:\Windows\System\obKWQCE.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\WDmMrKG.exe
  C:\Windows\System\WDmMrKG.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\iTVfQPE.exe
  C:\Windows\System\iTVfQPE.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\sUCjsvO.exe
  C:\Windows\System\sUCjsvO.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\cGHueDI.exe
  C:\Windows\System\cGHueDI.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\TIyITKy.exe
  C:\Windows\System\TIyITKy.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\fCtZbFg.exe
  C:\Windows\System\fCtZbFg.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\PmZIZTm.exe
  C:\Windows\System\PmZIZTm.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\mllCSfi.exe
  C:\Windows\System\mllCSfi.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\kbZHquO.exe
  C:\Windows\System\kbZHquO.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\bRELtyO.exe
  C:\Windows\System\bRELtyO.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\gsAtGOt.exe
  C:\Windows\System\gsAtGOt.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\VoCPoEj.exe
  C:\Windows\System\VoCPoEj.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\hJyXbVU.exe
  C:\Windows\System\hJyXbVU.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\rXbrcdx.exe
  C:\Windows\System\rXbrcdx.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\acJlNss.exe
  C:\Windows\System\acJlNss.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\PcFUblM.exe
  C:\Windows\System\PcFUblM.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\rYwHPFw.exe
  C:\Windows\System\rYwHPFw.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\hJlztNi.exe
  C:\Windows\System\hJlztNi.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\qgrHSBQ.exe
  C:\Windows\System\qgrHSBQ.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\yarXNgr.exe
  C:\Windows\System\yarXNgr.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\fraeDjl.exe
  C:\Windows\System\fraeDjl.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\VIzZbyf.exe
  C:\Windows\System\VIzZbyf.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\cmfTyMf.exe
  C:\Windows\System\cmfTyMf.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\DvxquPm.exe
  C:\Windows\System\DvxquPm.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\mcOQdJp.exe
  C:\Windows\System\mcOQdJp.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\PJKAXNz.exe
  C:\Windows\System\PJKAXNz.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\wYkCqDZ.exe
  C:\Windows\System\wYkCqDZ.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\zpThSbz.exe
  C:\Windows\System\zpThSbz.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\DwBcpXE.exe
  C:\Windows\System\DwBcpXE.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\lvIDXFm.exe
  C:\Windows\System\lvIDXFm.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\jPfUDGi.exe
  C:\Windows\System\jPfUDGi.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\Lnlcusd.exe
  C:\Windows\System\Lnlcusd.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\CtQNjXR.exe
  C:\Windows\System\CtQNjXR.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\xoivmXt.exe
  C:\Windows\System\xoivmXt.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\tbZGNKT.exe
  C:\Windows\System\tbZGNKT.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\zTBQdOx.exe
  C:\Windows\System\zTBQdOx.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\UQUJJVi.exe
  C:\Windows\System\UQUJJVi.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\ALtrEZt.exe
  C:\Windows\System\ALtrEZt.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\MFUAhPk.exe
  C:\Windows\System\MFUAhPk.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\iJwaiCi.exe
  C:\Windows\System\iJwaiCi.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\TXcnBwf.exe
  C:\Windows\System\TXcnBwf.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\bREOaGs.exe
  C:\Windows\System\bREOaGs.exe
  2⤵
  PID:1496
- C:\Windows\System\YSNYMDw.exe
  C:\Windows\System\YSNYMDw.exe
  2⤵
  PID:2496
- C:\Windows\System\NhZRfHO.exe
  C:\Windows\System\NhZRfHO.exe
  2⤵
  PID:2952
- C:\Windows\System\rRkLOxN.exe
  C:\Windows\System\rRkLOxN.exe
  2⤵
  PID:444
- C:\Windows\System\MdUEsLm.exe
  C:\Windows\System\MdUEsLm.exe
  2⤵
  PID:1132
- C:\Windows\System\otUXEGf.exe
  C:\Windows\System\otUXEGf.exe
  2⤵
  PID:1612
- C:\Windows\System\muJfIqz.exe
  C:\Windows\System\muJfIqz.exe
  2⤵
  PID:940
- C:\Windows\System\oMxsmHi.exe
  C:\Windows\System\oMxsmHi.exe
  2⤵
  PID:2184
- C:\Windows\System\VooaOVx.exe
  C:\Windows\System\VooaOVx.exe
  2⤵
  PID:3004
- C:\Windows\System\TesYDQf.exe
  C:\Windows\System\TesYDQf.exe
  2⤵
  PID:2020
- C:\Windows\System\tcUegyA.exe
  C:\Windows\System\tcUegyA.exe
  2⤵
  PID:2388
- C:\Windows\System\wXoZGwp.exe
  C:\Windows\System\wXoZGwp.exe
  2⤵
  PID:2976
- C:\Windows\System\FiIEwAZ.exe
  C:\Windows\System\FiIEwAZ.exe
  2⤵
  PID:2188
- C:\Windows\System\XtKlXRx.exe
  C:\Windows\System\XtKlXRx.exe
  2⤵
  PID:2380
- C:\Windows\System\CEjuvxJ.exe
  C:\Windows\System\CEjuvxJ.exe
  2⤵
  PID:1296
- C:\Windows\System\rauLkDv.exe
  C:\Windows\System\rauLkDv.exe
  2⤵
  PID:2424
- C:\Windows\System\oSxBbiX.exe
  C:\Windows\System\oSxBbiX.exe
  2⤵
  PID:2328
- C:\Windows\System\UInTazG.exe
  C:\Windows\System\UInTazG.exe
  2⤵
  PID:1580
- C:\Windows\System\mRJKoWt.exe
  C:\Windows\System\mRJKoWt.exe
  2⤵
  PID:2488
- C:\Windows\System\jrdrpmE.exe
  C:\Windows\System\jrdrpmE.exe
  2⤵
  PID:1940
- C:\Windows\System\PuxRiGr.exe
  C:\Windows\System\PuxRiGr.exe
  2⤵
  PID:2740
- C:\Windows\System\focEyOw.exe
  C:\Windows\System\focEyOw.exe
  2⤵
  PID:2880
- C:\Windows\System\tDNCBgE.exe
  C:\Windows\System\tDNCBgE.exe
  2⤵
  PID:1120
- C:\Windows\System\yjjknXy.exe
  C:\Windows\System\yjjknXy.exe
  2⤵
  PID:2852
- C:\Windows\System\SjQDHLm.exe
  C:\Windows\System\SjQDHLm.exe
  2⤵
  PID:1956
- C:\Windows\System\BaRIorM.exe
  C:\Windows\System\BaRIorM.exe
  2⤵
  PID:1508
- C:\Windows\System\ONsMqKp.exe
  C:\Windows\System\ONsMqKp.exe
  2⤵
  PID:1048
- C:\Windows\System\XwoGELQ.exe
  C:\Windows\System\XwoGELQ.exe
  2⤵
  PID:3000
- C:\Windows\System\gUNpjHZ.exe
  C:\Windows\System\gUNpjHZ.exe
  2⤵
  PID:2696
- C:\Windows\System\euTlUOi.exe
  C:\Windows\System\euTlUOi.exe
  2⤵
  PID:632
- C:\Windows\System\xToJCFu.exe
  C:\Windows\System\xToJCFu.exe
  2⤵
  PID:1528
- C:\Windows\System\BXoUPMM.exe
  C:\Windows\System\BXoUPMM.exe
  2⤵
  PID:1928
- C:\Windows\System\rAKvOyD.exe
  C:\Windows\System\rAKvOyD.exe
  2⤵
  PID:1692
- C:\Windows\System\kyjArrL.exe
  C:\Windows\System\kyjArrL.exe
  2⤵
  PID:2144
- C:\Windows\System\oMlgXRa.exe
  C:\Windows\System\oMlgXRa.exe
  2⤵
  PID:1000
- C:\Windows\System\YMSpEjH.exe
  C:\Windows\System\YMSpEjH.exe
  2⤵
  PID:1976
- C:\Windows\System\VCFRXVn.exe
  C:\Windows\System\VCFRXVn.exe
  2⤵
  PID:1556
- C:\Windows\System\aIHGDlI.exe
  C:\Windows\System\aIHGDlI.exe
  2⤵
  PID:2936
- C:\Windows\System\cucAYsl.exe
  C:\Windows\System\cucAYsl.exe
  2⤵
  PID:2748
- C:\Windows\System\mkpobOI.exe
  C:\Windows\System\mkpobOI.exe
  2⤵
  PID:772
- C:\Windows\System\MLUqwet.exe
  C:\Windows\System\MLUqwet.exe
  2⤵
  PID:2016
- C:\Windows\System\gLrdmgM.exe
  C:\Windows\System\gLrdmgM.exe
  2⤵
  PID:2148
- C:\Windows\System\rutixSG.exe
  C:\Windows\System\rutixSG.exe
  2⤵
  PID:1684
- C:\Windows\System\mppSzBY.exe
  C:\Windows\System\mppSzBY.exe
  2⤵
  PID:1204
- C:\Windows\System\ZGLEJuw.exe
  C:\Windows\System\ZGLEJuw.exe
  2⤵
  PID:3080
- C:\Windows\System\mACzwck.exe
  C:\Windows\System\mACzwck.exe
  2⤵
  PID:3100
- C:\Windows\System\RnbTZxr.exe
  C:\Windows\System\RnbTZxr.exe
  2⤵
  PID:3120
- C:\Windows\System\tKwpMpP.exe
  C:\Windows\System\tKwpMpP.exe
  2⤵
  PID:3140
- C:\Windows\System\vkpbhrf.exe
  C:\Windows\System\vkpbhrf.exe
  2⤵
  PID:3160
- C:\Windows\System\JodDgdO.exe
  C:\Windows\System\JodDgdO.exe
  2⤵
  PID:3180
- C:\Windows\System\gVCKAbH.exe
  C:\Windows\System\gVCKAbH.exe
  2⤵
  PID:3200
- C:\Windows\System\wdMXmdk.exe
  C:\Windows\System\wdMXmdk.exe
  2⤵
  PID:3220
- C:\Windows\System\mHnqSwn.exe
  C:\Windows\System\mHnqSwn.exe
  2⤵
  PID:3240
- C:\Windows\System\PeHtWJI.exe
  C:\Windows\System\PeHtWJI.exe
  2⤵
  PID:3260
- C:\Windows\System\UCKQkKN.exe
  C:\Windows\System\UCKQkKN.exe
  2⤵
  PID:3280
- C:\Windows\System\STjIMYE.exe
  C:\Windows\System\STjIMYE.exe
  2⤵
  PID:3300
- C:\Windows\System\abkOqzD.exe
  C:\Windows\System\abkOqzD.exe
  2⤵
  PID:3320
- C:\Windows\System\kRZXTLa.exe
  C:\Windows\System\kRZXTLa.exe
  2⤵
  PID:3340
- C:\Windows\System\qWRnXyz.exe
  C:\Windows\System\qWRnXyz.exe
  2⤵
  PID:3368
- C:\Windows\System\RrZCkfk.exe
  C:\Windows\System\RrZCkfk.exe
  2⤵
  PID:3388
- C:\Windows\System\IDTmAug.exe
  C:\Windows\System\IDTmAug.exe
  2⤵
  PID:3408
- C:\Windows\System\vstYBmA.exe
  C:\Windows\System\vstYBmA.exe
  2⤵
  PID:3428
- C:\Windows\System\YEITCmQ.exe
  C:\Windows\System\YEITCmQ.exe
  2⤵
  PID:3448
- C:\Windows\System\qiLiYjK.exe
  C:\Windows\System\qiLiYjK.exe
  2⤵
  PID:3468
- C:\Windows\System\qBXGHor.exe
  C:\Windows\System\qBXGHor.exe
  2⤵
  PID:3488
- C:\Windows\System\snulFTI.exe
  C:\Windows\System\snulFTI.exe
  2⤵
  PID:3508
- C:\Windows\System\HodcOvo.exe
  C:\Windows\System\HodcOvo.exe
  2⤵
  PID:3528
- C:\Windows\System\QeYVfBj.exe
  C:\Windows\System\QeYVfBj.exe
  2⤵
  PID:3548
- C:\Windows\System\wHqvBUp.exe
  C:\Windows\System\wHqvBUp.exe
  2⤵
  PID:3568
- C:\Windows\System\LVHlaxd.exe
  C:\Windows\System\LVHlaxd.exe
  2⤵
  PID:3588
- C:\Windows\System\DMrumRg.exe
  C:\Windows\System\DMrumRg.exe
  2⤵
  PID:3608
- C:\Windows\System\pvYHCKp.exe
  C:\Windows\System\pvYHCKp.exe
  2⤵
  PID:3624
- C:\Windows\System\QGqduqg.exe
  C:\Windows\System\QGqduqg.exe
  2⤵
  PID:3648
- C:\Windows\System\iZFzeYE.exe
  C:\Windows\System\iZFzeYE.exe
  2⤵
  PID:3672
- C:\Windows\System\sAGXRqo.exe
  C:\Windows\System\sAGXRqo.exe
  2⤵
  PID:3692
- C:\Windows\System\HABxnSk.exe
  C:\Windows\System\HABxnSk.exe
  2⤵
  PID:3712
- C:\Windows\System\AGSCrgZ.exe
  C:\Windows\System\AGSCrgZ.exe
  2⤵
  PID:3736
- C:\Windows\System\dfTEnGS.exe
  C:\Windows\System\dfTEnGS.exe
  2⤵
  PID:3756
- C:\Windows\System\FlOoRdj.exe
  C:\Windows\System\FlOoRdj.exe
  2⤵
  PID:3776
- C:\Windows\System\ohottIq.exe
  C:\Windows\System\ohottIq.exe
  2⤵
  PID:3796
- C:\Windows\System\nCdVxzp.exe
  C:\Windows\System\nCdVxzp.exe
  2⤵
  PID:3816
- C:\Windows\System\AbuTEQp.exe
  C:\Windows\System\AbuTEQp.exe
  2⤵
  PID:3840
- C:\Windows\System\zTtqCpE.exe
  C:\Windows\System\zTtqCpE.exe
  2⤵
  PID:3860
- C:\Windows\System\WYRwFbS.exe
  C:\Windows\System\WYRwFbS.exe
  2⤵
  PID:3880
- C:\Windows\System\aCrOPHc.exe
  C:\Windows\System\aCrOPHc.exe
  2⤵
  PID:3900
- C:\Windows\System\JIEqgzk.exe
  C:\Windows\System\JIEqgzk.exe
  2⤵
  PID:3920
- C:\Windows\System\rNJKkKA.exe
  C:\Windows\System\rNJKkKA.exe
  2⤵
  PID:3940
- C:\Windows\System\lYnlYLU.exe
  C:\Windows\System\lYnlYLU.exe
  2⤵
  PID:3960
- C:\Windows\System\XJEicLs.exe
  C:\Windows\System\XJEicLs.exe
  2⤵
  PID:3980
- C:\Windows\System\GsJmllY.exe
  C:\Windows\System\GsJmllY.exe
  2⤵
  PID:4000
- C:\Windows\System\DpUkpbw.exe
  C:\Windows\System\DpUkpbw.exe
  2⤵
  PID:4020
- C:\Windows\System\vNTOIMl.exe
  C:\Windows\System\vNTOIMl.exe
  2⤵
  PID:4044
- C:\Windows\System\vGlKLff.exe
  C:\Windows\System\vGlKLff.exe
  2⤵
  PID:4064
- C:\Windows\System\pgztJKG.exe
  C:\Windows\System\pgztJKG.exe
  2⤵
  PID:4084
- C:\Windows\System\FkZEGvT.exe
  C:\Windows\System\FkZEGvT.exe
  2⤵
  PID:2484
- C:\Windows\System\liTDstk.exe
  C:\Windows\System\liTDstk.exe
  2⤵
  PID:1332
- C:\Windows\System\cBNNaHA.exe
  C:\Windows\System\cBNNaHA.exe
  2⤵
  PID:1652
- C:\Windows\System\fotgMbD.exe
  C:\Windows\System\fotgMbD.exe
  2⤵
  PID:1824
- C:\Windows\System\uEfKycn.exe
  C:\Windows\System\uEfKycn.exe
  2⤵
  PID:2652
- C:\Windows\System\vmHxBJH.exe
  C:\Windows\System\vmHxBJH.exe
  2⤵
  PID:648
- C:\Windows\System\txXdbvQ.exe
  C:\Windows\System\txXdbvQ.exe
  2⤵
  PID:1436
- C:\Windows\System\XeXbkpM.exe
  C:\Windows\System\XeXbkpM.exe
  2⤵
  PID:2400
- C:\Windows\System\xLNCbrm.exe
  C:\Windows\System\xLNCbrm.exe
  2⤵
  PID:3108
- C:\Windows\System\HwpVDUK.exe
  C:\Windows\System\HwpVDUK.exe
  2⤵
  PID:3092
- C:\Windows\System\AoNMtAY.exe
  C:\Windows\System\AoNMtAY.exe
  2⤵
  PID:3156
- C:\Windows\System\IiUXihe.exe
  C:\Windows\System\IiUXihe.exe
  2⤵
  PID:3176
- C:\Windows\System\rfufprS.exe
  C:\Windows\System\rfufprS.exe
  2⤵
  PID:3228
- C:\Windows\System\qlRqCMv.exe
  C:\Windows\System\qlRqCMv.exe
  2⤵
  PID:3212
- C:\Windows\System\zsrWJFD.exe
  C:\Windows\System\zsrWJFD.exe
  2⤵
  PID:3252
- C:\Windows\System\gZmpiVp.exe
  C:\Windows\System\gZmpiVp.exe
  2⤵
  PID:3292
- C:\Windows\System\XpMHbjP.exe
  C:\Windows\System\XpMHbjP.exe
  2⤵
  PID:3332
- C:\Windows\System\rBGHnnT.exe
  C:\Windows\System\rBGHnnT.exe
  2⤵
  PID:3384
- C:\Windows\System\RsmNWJK.exe
  C:\Windows\System\RsmNWJK.exe
  2⤵
  PID:3416
- C:\Windows\System\dcKqTVk.exe
  C:\Windows\System\dcKqTVk.exe
  2⤵
  PID:3440
- C:\Windows\System\MBDNCws.exe
  C:\Windows\System\MBDNCws.exe
  2⤵
  PID:3460
- C:\Windows\System\CgMNVDb.exe
  C:\Windows\System\CgMNVDb.exe
  2⤵
  PID:3504
- C:\Windows\System\avuDZmA.exe
  C:\Windows\System\avuDZmA.exe
  2⤵
  PID:3536
- C:\Windows\System\gngRsLu.exe
  C:\Windows\System\gngRsLu.exe
  2⤵
  PID:3560
- C:\Windows\System\PDFMthd.exe
  C:\Windows\System\PDFMthd.exe
  2⤵
  PID:3580
- C:\Windows\System\Lddwtjc.exe
  C:\Windows\System\Lddwtjc.exe
  2⤵
  PID:3616
- C:\Windows\System\DMLJtLJ.exe
  C:\Windows\System\DMLJtLJ.exe
  2⤵
  PID:3680
- C:\Windows\System\GjglOKr.exe
  C:\Windows\System\GjglOKr.exe
  2⤵
  PID:3728
- C:\Windows\System\EptXhtb.exe
  C:\Windows\System\EptXhtb.exe
  2⤵
  PID:2796
- C:\Windows\System\uAjywUt.exe
  C:\Windows\System\uAjywUt.exe
  2⤵
  PID:3752
- C:\Windows\System\PEdJoRu.exe
  C:\Windows\System\PEdJoRu.exe
  2⤵
  PID:3792
- C:\Windows\System\CJgAYxn.exe
  C:\Windows\System\CJgAYxn.exe
  2⤵
  PID:3848
- C:\Windows\System\iiSTByP.exe
  C:\Windows\System\iiSTByP.exe
  2⤵
  PID:3852
- C:\Windows\System\DuaFrdr.exe
  C:\Windows\System\DuaFrdr.exe
  2⤵
  PID:3876
- C:\Windows\System\anDqqrW.exe
  C:\Windows\System\anDqqrW.exe
  2⤵
  PID:3916
- C:\Windows\System\HPCMzmL.exe
  C:\Windows\System\HPCMzmL.exe
  2⤵
  PID:3968
- C:\Windows\System\ACRdhNI.exe
  C:\Windows\System\ACRdhNI.exe
  2⤵
  PID:3996
- C:\Windows\System\CkKDrBY.exe
  C:\Windows\System\CkKDrBY.exe
  2⤵
  PID:4052
- C:\Windows\System\hmIbDTT.exe
  C:\Windows\System\hmIbDTT.exe
  2⤵
  PID:4056
- C:\Windows\System\OwkzGvP.exe
  C:\Windows\System\OwkzGvP.exe
  2⤵
  PID:1732
- C:\Windows\System\hIqsjBU.exe
  C:\Windows\System\hIqsjBU.exe
  2⤵
  PID:2372
- C:\Windows\System\OlCvasy.exe
  C:\Windows\System\OlCvasy.exe
  2⤵
  PID:2180
- C:\Windows\System\dhKycnS.exe
  C:\Windows\System\dhKycnS.exe
  2⤵
  PID:2104
- C:\Windows\System\HxFyFfW.exe
  C:\Windows\System\HxFyFfW.exe
  2⤵
  PID:688
- C:\Windows\System\JRforrh.exe
  C:\Windows\System\JRforrh.exe
  2⤵
  PID:2200
- C:\Windows\System\zQgkota.exe
  C:\Windows\System\zQgkota.exe
  2⤵
  PID:3096
- C:\Windows\System\hTAenND.exe
  C:\Windows\System\hTAenND.exe
  2⤵
  PID:3188
- C:\Windows\System\EqOzdSK.exe
  C:\Windows\System\EqOzdSK.exe
  2⤵
  PID:3216
- C:\Windows\System\OdDqzZa.exe
  C:\Windows\System\OdDqzZa.exe
  2⤵
  PID:3328
- C:\Windows\System\GzCLXnC.exe
  C:\Windows\System\GzCLXnC.exe
  2⤵
  PID:3396
- C:\Windows\System\zPuRFfZ.exe
  C:\Windows\System\zPuRFfZ.exe
  2⤵
  PID:3400
- C:\Windows\System\flAMLby.exe
  C:\Windows\System\flAMLby.exe
  2⤵
  PID:3444
- C:\Windows\System\zuxXJeg.exe
  C:\Windows\System\zuxXJeg.exe
  2⤵
  PID:3480
- C:\Windows\System\qxCLHLP.exe
  C:\Windows\System\qxCLHLP.exe
  2⤵
  PID:3584
- C:\Windows\System\jmWXJeX.exe
  C:\Windows\System\jmWXJeX.exe
  2⤵
  PID:3556
- C:\Windows\System\QfyohzT.exe
  C:\Windows\System\QfyohzT.exe
  2⤵
  PID:3660
- C:\Windows\System\WtrJnhA.exe
  C:\Windows\System\WtrJnhA.exe
  2⤵
  PID:3704
- C:\Windows\System\ekAceRH.exe
  C:\Windows\System\ekAceRH.exe
  2⤵
  PID:3784
- C:\Windows\System\BhGpUga.exe
  C:\Windows\System\BhGpUga.exe
  2⤵
  PID:2680
- C:\Windows\System\hCHAKNK.exe
  C:\Windows\System\hCHAKNK.exe
  2⤵
  PID:3896
- C:\Windows\System\WQIpWLt.exe
  C:\Windows\System\WQIpWLt.exe
  2⤵
  PID:3936
- C:\Windows\System\AaoCiCH.exe
  C:\Windows\System\AaoCiCH.exe
  2⤵
  PID:4032
- C:\Windows\System\FQonQFj.exe
  C:\Windows\System\FQonQFj.exe
  2⤵
  PID:4036
- C:\Windows\System\RAMklNJ.exe
  C:\Windows\System\RAMklNJ.exe
  2⤵
  PID:2988
- C:\Windows\System\uLXxABv.exe
  C:\Windows\System\uLXxABv.exe
  2⤵
  PID:2076
- C:\Windows\System\oyFzZLq.exe
  C:\Windows\System\oyFzZLq.exe
  2⤵
  PID:2480
- C:\Windows\System\eUmeZnx.exe
  C:\Windows\System\eUmeZnx.exe
  2⤵
  PID:3132
- C:\Windows\System\hrvhWQc.exe
  C:\Windows\System\hrvhWQc.exe
  2⤵
  PID:3136
- C:\Windows\System\qYwSBNS.exe
  C:\Windows\System\qYwSBNS.exe
  2⤵
  PID:3268
- C:\Windows\System\XhNIQXC.exe
  C:\Windows\System\XhNIQXC.exe
  2⤵
  PID:3352
- C:\Windows\System\oowuPXq.exe
  C:\Windows\System\oowuPXq.exe
  2⤵
  PID:3456
- C:\Windows\System\IGYKoan.exe
  C:\Windows\System\IGYKoan.exe
  2⤵
  PID:3520
- C:\Windows\System\jOTAdun.exe
  C:\Windows\System\jOTAdun.exe
  2⤵
  PID:3604
- C:\Windows\System\WZiUcFC.exe
  C:\Windows\System\WZiUcFC.exe
  2⤵
  PID:3644
- C:\Windows\System\VakwQFu.exe
  C:\Windows\System\VakwQFu.exe
  2⤵
  PID:3768
- C:\Windows\System\HlTkspd.exe
  C:\Windows\System\HlTkspd.exe
  2⤵
  PID:3888
- C:\Windows\System\OjPdFKU.exe
  C:\Windows\System\OjPdFKU.exe
  2⤵
  PID:4008
- C:\Windows\System\WcGwoaR.exe
  C:\Windows\System\WcGwoaR.exe
  2⤵
  PID:4080
- C:\Windows\System\zeCwNeg.exe
  C:\Windows\System\zeCwNeg.exe
  2⤵
  PID:2672
- C:\Windows\System\rvULNZF.exe
  C:\Windows\System\rvULNZF.exe
  2⤵
  PID:1704
- C:\Windows\System\ehtSgdn.exe
  C:\Windows\System\ehtSgdn.exe
  2⤵
  PID:3168
- C:\Windows\System\bgsSfLk.exe
  C:\Windows\System\bgsSfLk.exe
  2⤵
  PID:4108
- C:\Windows\System\eblaJQc.exe
  C:\Windows\System\eblaJQc.exe
  2⤵
  PID:4128
- C:\Windows\System\HViBCvT.exe
  C:\Windows\System\HViBCvT.exe
  2⤵
  PID:4152
- C:\Windows\System\DFlRRQX.exe
  C:\Windows\System\DFlRRQX.exe
  2⤵
  PID:4172
- C:\Windows\System\stGyDNy.exe
  C:\Windows\System\stGyDNy.exe
  2⤵
  PID:4188
- C:\Windows\System\JTYxWeM.exe
  C:\Windows\System\JTYxWeM.exe
  2⤵
  PID:4212
- C:\Windows\System\BXTYIiY.exe
  C:\Windows\System\BXTYIiY.exe
  2⤵
  PID:4232
- C:\Windows\System\WbOeJjI.exe
  C:\Windows\System\WbOeJjI.exe
  2⤵
  PID:4252
- C:\Windows\System\gMnBLkn.exe
  C:\Windows\System\gMnBLkn.exe
  2⤵
  PID:4272
- C:\Windows\System\FPMiuIG.exe
  C:\Windows\System\FPMiuIG.exe
  2⤵
  PID:4292
- C:\Windows\System\bCXUlvR.exe
  C:\Windows\System\bCXUlvR.exe
  2⤵
  PID:4312
- C:\Windows\System\QxpAUlR.exe
  C:\Windows\System\QxpAUlR.exe
  2⤵
  PID:4332
- C:\Windows\System\jHvSIFy.exe
  C:\Windows\System\jHvSIFy.exe
  2⤵
  PID:4352
- C:\Windows\System\JIOFuaF.exe
  C:\Windows\System\JIOFuaF.exe
  2⤵
  PID:4372
- C:\Windows\System\yYcbBhj.exe
  C:\Windows\System\yYcbBhj.exe
  2⤵
  PID:4392
- C:\Windows\System\ZaNqjix.exe
  C:\Windows\System\ZaNqjix.exe
  2⤵
  PID:4412
- C:\Windows\System\jiItnBq.exe
  C:\Windows\System\jiItnBq.exe
  2⤵
  PID:4432
- C:\Windows\System\SfFFAVx.exe
  C:\Windows\System\SfFFAVx.exe
  2⤵
  PID:4452
- C:\Windows\System\DQaUVOe.exe
  C:\Windows\System\DQaUVOe.exe
  2⤵
  PID:4472
- C:\Windows\System\HAQgmBR.exe
  C:\Windows\System\HAQgmBR.exe
  2⤵
  PID:4492
- C:\Windows\System\EFhAhxp.exe
  C:\Windows\System\EFhAhxp.exe
  2⤵
  PID:4512
- C:\Windows\System\OulpyNN.exe
  C:\Windows\System\OulpyNN.exe
  2⤵
  PID:4532
- C:\Windows\System\RlKoBCY.exe
  C:\Windows\System\RlKoBCY.exe
  2⤵
  PID:4556
- C:\Windows\System\XBXdeYd.exe
  C:\Windows\System\XBXdeYd.exe
  2⤵
  PID:4576
- C:\Windows\System\RjklEXN.exe
  C:\Windows\System\RjklEXN.exe
  2⤵
  PID:4596
- C:\Windows\System\CTnnJFg.exe
  C:\Windows\System\CTnnJFg.exe
  2⤵
  PID:4616
- C:\Windows\System\LYkHUPK.exe
  C:\Windows\System\LYkHUPK.exe
  2⤵
  PID:4636
- C:\Windows\System\BlfmmrU.exe
  C:\Windows\System\BlfmmrU.exe
  2⤵
  PID:4656
- C:\Windows\System\seseHLM.exe
  C:\Windows\System\seseHLM.exe
  2⤵
  PID:4676
- C:\Windows\System\tXRjzla.exe
  C:\Windows\System\tXRjzla.exe
  2⤵
  PID:4696
- C:\Windows\System\vwHgeOS.exe
  C:\Windows\System\vwHgeOS.exe
  2⤵
  PID:4716
- C:\Windows\System\nmWXXlU.exe
  C:\Windows\System\nmWXXlU.exe
  2⤵
  PID:4736
- C:\Windows\System\cyffpso.exe
  C:\Windows\System\cyffpso.exe
  2⤵
  PID:4756
- C:\Windows\System\zjizXcq.exe
  C:\Windows\System\zjizXcq.exe
  2⤵
  PID:4776
- C:\Windows\System\RQKiXUo.exe
  C:\Windows\System\RQKiXUo.exe
  2⤵
  PID:4796
- C:\Windows\System\tUoWcga.exe
  C:\Windows\System\tUoWcga.exe
  2⤵
  PID:4816
- C:\Windows\System\GjZqMPM.exe
  C:\Windows\System\GjZqMPM.exe
  2⤵
  PID:4836
- C:\Windows\System\beUqXyL.exe
  C:\Windows\System\beUqXyL.exe
  2⤵
  PID:4856
- C:\Windows\System\gwGMBgX.exe
  C:\Windows\System\gwGMBgX.exe
  2⤵
  PID:4876
- C:\Windows\System\qEDXXHj.exe
  C:\Windows\System\qEDXXHj.exe
  2⤵
  PID:4896
- C:\Windows\System\FBQAVCg.exe
  C:\Windows\System\FBQAVCg.exe
  2⤵
  PID:4916
- C:\Windows\System\PvSqzQH.exe
  C:\Windows\System\PvSqzQH.exe
  2⤵
  PID:4936
- C:\Windows\System\TtSYYHB.exe
  C:\Windows\System\TtSYYHB.exe
  2⤵
  PID:4956
- C:\Windows\System\LgUPjcj.exe
  C:\Windows\System\LgUPjcj.exe
  2⤵
  PID:4976
- C:\Windows\System\WMTNqnA.exe
  C:\Windows\System\WMTNqnA.exe
  2⤵
  PID:4996
- C:\Windows\System\ebfipdd.exe
  C:\Windows\System\ebfipdd.exe
  2⤵
  PID:5016
- C:\Windows\System\FKMzoZo.exe
  C:\Windows\System\FKMzoZo.exe
  2⤵
  PID:5036
- C:\Windows\System\nTjSVHn.exe
  C:\Windows\System\nTjSVHn.exe
  2⤵
  PID:5056
- C:\Windows\System\xqXMQwK.exe
  C:\Windows\System\xqXMQwK.exe
  2⤵
  PID:5076
- C:\Windows\System\BlhCKYW.exe
  C:\Windows\System\BlhCKYW.exe
  2⤵
  PID:5096
- C:\Windows\System\pZBEhcn.exe
  C:\Windows\System\pZBEhcn.exe
  2⤵
  PID:5116
- C:\Windows\System\pBWDqRe.exe
  C:\Windows\System\pBWDqRe.exe
  2⤵
  PID:3316
- C:\Windows\System\YPKrmpY.exe
  C:\Windows\System\YPKrmpY.exe
  2⤵
  PID:3564
- C:\Windows\System\KXlgjZh.exe
  C:\Windows\System\KXlgjZh.exe
  2⤵
  PID:3700
- C:\Windows\System\lgPMOPf.exe
  C:\Windows\System\lgPMOPf.exe
  2⤵
  PID:3824
- C:\Windows\System\RvTUlqD.exe
  C:\Windows\System\RvTUlqD.exe
  2⤵
  PID:3948
- C:\Windows\System\VBpwusz.exe
  C:\Windows\System\VBpwusz.exe
  2⤵
  PID:1816
- C:\Windows\System\uvYwDOA.exe
  C:\Windows\System\uvYwDOA.exe
  2⤵
  PID:3192
- C:\Windows\System\wNLFSmJ.exe
  C:\Windows\System\wNLFSmJ.exe
  2⤵
  PID:4100
- C:\Windows\System\PUwAmfQ.exe
  C:\Windows\System\PUwAmfQ.exe
  2⤵
  PID:4144
- C:\Windows\System\LZeuYBX.exe
  C:\Windows\System\LZeuYBX.exe
  2⤵
  PID:4196
- C:\Windows\System\rxNzlsa.exe
  C:\Windows\System\rxNzlsa.exe
  2⤵
  PID:4200
- C:\Windows\System\XoLosmV.exe
  C:\Windows\System\XoLosmV.exe
  2⤵
  PID:4224
- C:\Windows\System\JPpkkDX.exe
  C:\Windows\System\JPpkkDX.exe
  2⤵
  PID:4264
- C:\Windows\System\WWdmnKW.exe
  C:\Windows\System\WWdmnKW.exe
  2⤵
  PID:4324
- C:\Windows\System\dgNOvbq.exe
  C:\Windows\System\dgNOvbq.exe
  2⤵
  PID:4328
- C:\Windows\System\IiFuCHc.exe
  C:\Windows\System\IiFuCHc.exe
  2⤵
  PID:2792
- C:\Windows\System\sOSSFCg.exe
  C:\Windows\System\sOSSFCg.exe
  2⤵
  PID:4400
- C:\Windows\System\GRaDbEw.exe
  C:\Windows\System\GRaDbEw.exe
  2⤵
  PID:4404
- C:\Windows\System\GvVVuzd.exe
  C:\Windows\System\GvVVuzd.exe
  2⤵
  PID:4428
- C:\Windows\System\ThDqrxl.exe
  C:\Windows\System\ThDqrxl.exe
  2⤵
  PID:4480
- C:\Windows\System\ysUPPGH.exe
  C:\Windows\System\ysUPPGH.exe
  2⤵
  PID:4520
- C:\Windows\System\PalAGzy.exe
  C:\Windows\System\PalAGzy.exe
  2⤵
  PID:4552
- C:\Windows\System\vkfHSwL.exe
  C:\Windows\System\vkfHSwL.exe
  2⤵
  PID:4584
- C:\Windows\System\iothtOp.exe
  C:\Windows\System\iothtOp.exe
  2⤵
  PID:4608
- C:\Windows\System\TxYDXTw.exe
  C:\Windows\System\TxYDXTw.exe
  2⤵
  PID:4628
- C:\Windows\System\hgBsCHz.exe
  C:\Windows\System\hgBsCHz.exe
  2⤵
  PID:4672
- C:\Windows\System\FAzvbFZ.exe
  C:\Windows\System\FAzvbFZ.exe
  2⤵
  PID:4708
- C:\Windows\System\fpeEJgt.exe
  C:\Windows\System\fpeEJgt.exe
  2⤵
  PID:4764
- C:\Windows\System\gEWYrGi.exe
  C:\Windows\System\gEWYrGi.exe
  2⤵
  PID:4804
- C:\Windows\System\WaCLvSK.exe
  C:\Windows\System\WaCLvSK.exe
  2⤵
  PID:4808
- C:\Windows\System\nuVTgEj.exe
  C:\Windows\System\nuVTgEj.exe
  2⤵
  PID:4832
- C:\Windows\System\LsxVghw.exe
  C:\Windows\System\LsxVghw.exe
  2⤵
  PID:4884
- C:\Windows\System\dTAPaUk.exe
  C:\Windows\System\dTAPaUk.exe
  2⤵
  PID:4928
- C:\Windows\System\bgidmWR.exe
  C:\Windows\System\bgidmWR.exe
  2⤵
  PID:4964
- C:\Windows\System\FNBftQu.exe
  C:\Windows\System\FNBftQu.exe
  2⤵
  PID:4984
- C:\Windows\System\dtqEbtp.exe
  C:\Windows\System\dtqEbtp.exe
  2⤵
  PID:5008
- C:\Windows\System\uZuFfQR.exe
  C:\Windows\System\uZuFfQR.exe
  2⤵
  PID:5048
- C:\Windows\System\SiuPulR.exe
  C:\Windows\System\SiuPulR.exe
  2⤵
  PID:5072
- C:\Windows\System\vLCWlui.exe
  C:\Windows\System\vLCWlui.exe
  2⤵
  PID:3348
- C:\Windows\System\WfHBRyH.exe
  C:\Windows\System\WfHBRyH.exe
  2⤵
  PID:3496
- C:\Windows\System\ceUaGhw.exe
  C:\Windows\System\ceUaGhw.exe
  2⤵
  PID:3976
- C:\Windows\System\lpuosyO.exe
  C:\Windows\System\lpuosyO.exe
  2⤵
  PID:3952
- C:\Windows\System\gAKFMXj.exe
  C:\Windows\System\gAKFMXj.exe
  2⤵
  PID:2660
- C:\Windows\System\nAhByrq.exe
  C:\Windows\System\nAhByrq.exe
  2⤵
  PID:3196
- C:\Windows\System\dFOPeBN.exe
  C:\Windows\System\dFOPeBN.exe
  2⤵
  PID:4140
- C:\Windows\System\IVYwTQH.exe
  C:\Windows\System\IVYwTQH.exe
  2⤵
  PID:4228
- C:\Windows\System\ghnZplq.exe
  C:\Windows\System\ghnZplq.exe
  2⤵
  PID:4308
- C:\Windows\System\JOLFXzk.exe
  C:\Windows\System\JOLFXzk.exe
  2⤵
  PID:4304
- C:\Windows\System\pvTNsRZ.exe
  C:\Windows\System\pvTNsRZ.exe
  2⤵
  PID:3464
- C:\Windows\System\XDFEQfc.exe
  C:\Windows\System\XDFEQfc.exe
  2⤵
  PID:4444
- C:\Windows\System\GCJezVZ.exe
  C:\Windows\System\GCJezVZ.exe
  2⤵
  PID:2212
- C:\Windows\System\YGnQzpu.exe
  C:\Windows\System\YGnQzpu.exe
  2⤵
  PID:4508
- C:\Windows\System\mwcwDSC.exe
  C:\Windows\System\mwcwDSC.exe
  2⤵
  PID:4540
- C:\Windows\System\cdnJQIC.exe
  C:\Windows\System\cdnJQIC.exe
  2⤵
  PID:4592
- C:\Windows\System\NXLiwZo.exe
  C:\Windows\System\NXLiwZo.exe
  2⤵
  PID:4684
- C:\Windows\System\Lbwhmbu.exe
  C:\Windows\System\Lbwhmbu.exe
  2⤵
  PID:4692
- C:\Windows\System\HoHJMHb.exe
  C:\Windows\System\HoHJMHb.exe
  2⤵
  PID:4768
- C:\Windows\System\QQMzaBI.exe
  C:\Windows\System\QQMzaBI.exe
  2⤵
  PID:4812
- C:\Windows\System\NxSjvXk.exe
  C:\Windows\System\NxSjvXk.exe
  2⤵
  PID:4868
- C:\Windows\System\TKkMBYj.exe
  C:\Windows\System\TKkMBYj.exe
  2⤵
  PID:4912
- C:\Windows\System\FCJFoCX.exe
  C:\Windows\System\FCJFoCX.exe
  2⤵
  PID:4904
- C:\Windows\System\BqJavPD.exe
  C:\Windows\System\BqJavPD.exe
  2⤵
  PID:5052
- C:\Windows\System\EVJSqVu.exe
  C:\Windows\System\EVJSqVu.exe
  2⤵
  PID:3296
- C:\Windows\System\EoKnMyj.exe
  C:\Windows\System\EoKnMyj.exe
  2⤵
  PID:1964
- C:\Windows\System\uxOAXKk.exe
  C:\Windows\System\uxOAXKk.exe
  2⤵
  PID:5108
- C:\Windows\System\JLQlKgL.exe
  C:\Windows\System\JLQlKgL.exe
  2⤵
  PID:3932
- C:\Windows\System\uPyzZhz.exe
  C:\Windows\System\uPyzZhz.exe
  2⤵
  PID:2620
- C:\Windows\System\kssergd.exe
  C:\Windows\System\kssergd.exe
  2⤵
  PID:4464
- C:\Windows\System\RSNYkFq.exe
  C:\Windows\System\RSNYkFq.exe
  2⤵
  PID:4632
- C:\Windows\System\uetJoEq.exe
  C:\Windows\System\uetJoEq.exe
  2⤵
  PID:4732
- C:\Windows\System\UumYYsC.exe
  C:\Windows\System\UumYYsC.exe
  2⤵
  PID:4728
- C:\Windows\System\EESPcGU.exe
  C:\Windows\System\EESPcGU.exe
  2⤵
  PID:2744
- C:\Windows\System\DdksMyh.exe
  C:\Windows\System\DdksMyh.exe
  2⤵
  PID:4948
- C:\Windows\System\dIXbHrY.exe
  C:\Windows\System\dIXbHrY.exe
  2⤵
  PID:4932
- C:\Windows\System\RkYnyZW.exe
  C:\Windows\System\RkYnyZW.exe
  2⤵
  PID:5032
- C:\Windows\System\nPgpNmY.exe
  C:\Windows\System\nPgpNmY.exe
  2⤵
  PID:4092
- C:\Windows\System\xIyCCmy.exe
  C:\Windows\System\xIyCCmy.exe
  2⤵
  PID:4104
- C:\Windows\System\bpJQgKb.exe
  C:\Windows\System\bpJQgKb.exe
  2⤵
  PID:3036
- C:\Windows\System\MqrVgac.exe
  C:\Windows\System\MqrVgac.exe
  2⤵
  PID:2824
- C:\Windows\System\kaJnKRb.exe
  C:\Windows\System\kaJnKRb.exe
  2⤵
  PID:4168
- C:\Windows\System\AmnYtyS.exe
  C:\Windows\System\AmnYtyS.exe
  2⤵
  PID:1076
- C:\Windows\System\GWbSiiX.exe
  C:\Windows\System\GWbSiiX.exe
  2⤵
  PID:2140
- C:\Windows\System\OMrNUDo.exe
  C:\Windows\System\OMrNUDo.exe
  2⤵
  PID:4028
- C:\Windows\System\WsBrEEF.exe
  C:\Windows\System\WsBrEEF.exe
  2⤵
  PID:2568
- C:\Windows\System\WUAQzUm.exe
  C:\Windows\System\WUAQzUm.exe
  2⤵
  PID:2840
- C:\Windows\System\ElGrisA.exe
  C:\Windows\System\ElGrisA.exe
  2⤵
  PID:892
- C:\Windows\System\mcLbJVs.exe
  C:\Windows\System\mcLbJVs.exe
  2⤵
  PID:1620
- C:\Windows\System\PPPiurD.exe
  C:\Windows\System\PPPiurD.exe
  2⤵
  PID:2500
- C:\Windows\System\htvOPUw.exe
  C:\Windows\System\htvOPUw.exe
  2⤵
  PID:1924
- C:\Windows\System\AgkeWhP.exe
  C:\Windows\System\AgkeWhP.exe
  2⤵
  PID:2948
- C:\Windows\System\ndsCabf.exe
  C:\Windows\System\ndsCabf.exe
  2⤵
  PID:944
- C:\Windows\System\ooalAMw.exe
  C:\Windows\System\ooalAMw.exe
  2⤵
  PID:1640
- C:\Windows\System\tEgFNnk.exe
  C:\Windows\System\tEgFNnk.exe
  2⤵
  PID:2676
- C:\Windows\System\fqAWluE.exe
  C:\Windows\System\fqAWluE.exe
  2⤵
  PID:2540
- C:\Windows\System\UauMwzl.exe
  C:\Windows\System\UauMwzl.exe
  2⤵
  PID:2084
- C:\Windows\System\JtAPUWf.exe
  C:\Windows\System\JtAPUWf.exe
  2⤵
  PID:4468
- C:\Windows\System\GVenzgB.exe
  C:\Windows\System\GVenzgB.exe
  2⤵
  PID:4652
- C:\Windows\System\TQhkGGJ.exe
  C:\Windows\System\TQhkGGJ.exe
  2⤵
  PID:4664
- C:\Windows\System\ncKLkhs.exe
  C:\Windows\System\ncKLkhs.exe
  2⤵
  PID:1180
- C:\Windows\System\CGLDjIy.exe
  C:\Windows\System\CGLDjIy.exe
  2⤵
  PID:4792
- C:\Windows\System\pTXhjvw.exe
  C:\Windows\System\pTXhjvw.exe
  2⤵
  PID:5028
- C:\Windows\System\zRTDYtv.exe
  C:\Windows\System\zRTDYtv.exe
  2⤵
  PID:1616
- C:\Windows\System\Btqdbkc.exe
  C:\Windows\System\Btqdbkc.exe
  2⤵
  PID:3656
- C:\Windows\System\zjqERHa.exe
  C:\Windows\System\zjqERHa.exe
  2⤵
  PID:2504
- C:\Windows\System\lvMjeFu.exe
  C:\Windows\System\lvMjeFu.exe
  2⤵
  PID:3024
- C:\Windows\System\LfOEdVb.exe
  C:\Windows\System\LfOEdVb.exe
  2⤵
  PID:2552
- C:\Windows\System\RofMtDK.exe
  C:\Windows\System\RofMtDK.exe
  2⤵
  PID:2868
- C:\Windows\System\DBlYMAF.exe
  C:\Windows\System\DBlYMAF.exe
  2⤵
  PID:2992
- C:\Windows\System\DXcejCu.exe
  C:\Windows\System\DXcejCu.exe
  2⤵
  PID:2036
- C:\Windows\System\jMZSbhN.exe
  C:\Windows\System\jMZSbhN.exe
  2⤵
  PID:912
- C:\Windows\System\KFheoOS.exe
  C:\Windows\System\KFheoOS.exe
  2⤵
  PID:1708
- C:\Windows\System\IpJtwsW.exe
  C:\Windows\System\IpJtwsW.exe
  2⤵
  PID:4572
- C:\Windows\System\hdiuItW.exe
  C:\Windows\System\hdiuItW.exe
  2⤵
  PID:1996
- C:\Windows\System\ByfhWYs.exe
  C:\Windows\System\ByfhWYs.exe
  2⤵
  PID:4484
- C:\Windows\System\vnGLaGA.exe
  C:\Windows\System\vnGLaGA.exe
  2⤵
  PID:4848
- C:\Windows\System\JHibwWA.exe
  C:\Windows\System\JHibwWA.exe
  2⤵
  PID:2120
- C:\Windows\System\ujzIUNU.exe
  C:\Windows\System\ujzIUNU.exe
  2⤵
  PID:2416
- C:\Windows\System\gqmWTom.exe
  C:\Windows\System\gqmWTom.exe
  2⤵
  PID:1512
- C:\Windows\System\xqWeQJg.exe
  C:\Windows\System\xqWeQJg.exe
  2⤵
  PID:3732
- C:\Windows\System\GCGPVZN.exe
  C:\Windows\System\GCGPVZN.exe
  2⤵
  PID:4136
- C:\Windows\System\eIqmzxI.exe
  C:\Windows\System\eIqmzxI.exe
  2⤵
  PID:2468
- C:\Windows\System\PLSoATk.exe
  C:\Windows\System\PLSoATk.exe
  2⤵
  PID:1608
- C:\Windows\System\PkxwGMd.exe
  C:\Windows\System\PkxwGMd.exe
  2⤵
  PID:4988
- C:\Windows\System\UofIxAh.exe
  C:\Windows\System\UofIxAh.exe
  2⤵
  PID:4240
- C:\Windows\System\DnwcKsu.exe
  C:\Windows\System\DnwcKsu.exe
  2⤵
  PID:1316
- C:\Windows\System\ryLeOYZ.exe
  C:\Windows\System\ryLeOYZ.exe
  2⤵
  PID:2548
- C:\Windows\System\vCXpZuZ.exe
  C:\Windows\System\vCXpZuZ.exe
  2⤵
  PID:2536
- C:\Windows\System\izjfsRN.exe
  C:\Windows\System\izjfsRN.exe
  2⤵
  PID:2632
- C:\Windows\System\miDjQiL.exe
  C:\Windows\System\miDjQiL.exe
  2⤵
  PID:2768
- C:\Windows\System\vlzmxmZ.exe
  C:\Windows\System\vlzmxmZ.exe
  2⤵
  PID:2576
- C:\Windows\System\VuWrLkO.exe
  C:\Windows\System\VuWrLkO.exe
  2⤵
  PID:1600
- C:\Windows\System\TPmfrdE.exe
  C:\Windows\System\TPmfrdE.exe
  2⤵
  PID:4888
- C:\Windows\System\MTATaZK.exe
  C:\Windows\System\MTATaZK.exe
  2⤵
  PID:1984
- C:\Windows\System\VjwoXPf.exe
  C:\Windows\System\VjwoXPf.exe
  2⤵
  PID:4320
- C:\Windows\System\zDBKDmf.exe
  C:\Windows\System\zDBKDmf.exe
  2⤵
  PID:5148
- C:\Windows\System\jMlmkkI.exe
  C:\Windows\System\jMlmkkI.exe
  2⤵
  PID:5164
- C:\Windows\System\WKPSfTI.exe
  C:\Windows\System\WKPSfTI.exe
  2⤵
  PID:5188
- C:\Windows\System\zxdjtal.exe
  C:\Windows\System\zxdjtal.exe
  2⤵
  PID:5208
- C:\Windows\System\dOGJoAn.exe
  C:\Windows\System\dOGJoAn.exe
  2⤵
  PID:5224
- C:\Windows\System\kUzUELM.exe
  C:\Windows\System\kUzUELM.exe
  2⤵
  PID:5240
- C:\Windows\System\KzUqegF.exe
  C:\Windows\System\KzUqegF.exe
  2⤵
  PID:5264
- C:\Windows\System\wIqCyFl.exe
  C:\Windows\System\wIqCyFl.exe
  2⤵
  PID:5280
- C:\Windows\System\Ewmwvdi.exe
  C:\Windows\System\Ewmwvdi.exe
  2⤵
  PID:5308
- C:\Windows\System\SbrevBE.exe
  C:\Windows\System\SbrevBE.exe
  2⤵
  PID:5324
- C:\Windows\System\HDXLucu.exe
  C:\Windows\System\HDXLucu.exe
  2⤵
  PID:5344
- C:\Windows\System\CmWtwhA.exe
  C:\Windows\System\CmWtwhA.exe
  2⤵
  PID:5360
- C:\Windows\System\hkseWtg.exe
  C:\Windows\System\hkseWtg.exe
  2⤵
  PID:5388
- C:\Windows\System\RepAMPi.exe
  C:\Windows\System\RepAMPi.exe
  2⤵
  PID:5412
- C:\Windows\System\zZiISvA.exe
  C:\Windows\System\zZiISvA.exe
  2⤵
  PID:5428
- C:\Windows\System\MILDVoL.exe
  C:\Windows\System\MILDVoL.exe
  2⤵
  PID:5448
- C:\Windows\System\qhVmeuM.exe
  C:\Windows\System\qhVmeuM.exe
  2⤵
  PID:5472
- C:\Windows\System\UVRxvWW.exe
  C:\Windows\System\UVRxvWW.exe
  2⤵
  PID:5492
- C:\Windows\System\xVCnsDf.exe
  C:\Windows\System\xVCnsDf.exe
  2⤵
  PID:5512
- C:\Windows\System\PJtDhqr.exe
  C:\Windows\System\PJtDhqr.exe
  2⤵
  PID:5532
- C:\Windows\System\EuEdNXP.exe
  C:\Windows\System\EuEdNXP.exe
  2⤵
  PID:5548
- C:\Windows\System\OyDFJoi.exe
  C:\Windows\System\OyDFJoi.exe
  2⤵
  PID:5568
- C:\Windows\System\BWoWrfE.exe
  C:\Windows\System\BWoWrfE.exe
  2⤵
  PID:5600
- C:\Windows\System\nqRWfwr.exe
  C:\Windows\System\nqRWfwr.exe
  2⤵
  PID:5616
- C:\Windows\System\ORBgdKy.exe
  C:\Windows\System\ORBgdKy.exe
  2⤵
  PID:5636
- C:\Windows\System\uuDuwBo.exe
  C:\Windows\System\uuDuwBo.exe
  2⤵
  PID:5656
- C:\Windows\System\hoVVdzT.exe
  C:\Windows\System\hoVVdzT.exe
  2⤵
  PID:5680
- C:\Windows\System\foSGUjh.exe
  C:\Windows\System\foSGUjh.exe
  2⤵
  PID:5696
- C:\Windows\System\PsKTxVQ.exe
  C:\Windows\System\PsKTxVQ.exe
  2⤵
  PID:5720
- C:\Windows\System\naGZSvS.exe
  C:\Windows\System\naGZSvS.exe
  2⤵
  PID:5736
- C:\Windows\System\NMprKTP.exe
  C:\Windows\System\NMprKTP.exe
  2⤵
  PID:5752
- C:\Windows\System\aUUIfPW.exe
  C:\Windows\System\aUUIfPW.exe
  2⤵
  PID:5768
- C:\Windows\System\sxdbgyd.exe
  C:\Windows\System\sxdbgyd.exe
  2⤵
  PID:5800
- C:\Windows\System\PzhIXaf.exe
  C:\Windows\System\PzhIXaf.exe
  2⤵
  PID:5816
- C:\Windows\System\dsTJncC.exe
  C:\Windows\System\dsTJncC.exe
  2⤵
  PID:5832
- C:\Windows\System\pzXDHnA.exe
  C:\Windows\System\pzXDHnA.exe
  2⤵
  PID:5848
- C:\Windows\System\BFPkLtO.exe
  C:\Windows\System\BFPkLtO.exe
  2⤵
  PID:5868
- C:\Windows\System\UlfPdRE.exe
  C:\Windows\System\UlfPdRE.exe
  2⤵
  PID:5884
- C:\Windows\System\iLHsHWv.exe
  C:\Windows\System\iLHsHWv.exe
  2⤵
  PID:5900
- C:\Windows\System\BzxhXlz.exe
  C:\Windows\System\BzxhXlz.exe
  2⤵
  PID:5916
- C:\Windows\System\YbBCzrN.exe
  C:\Windows\System\YbBCzrN.exe
  2⤵
  PID:5940
- C:\Windows\System\xYRaxkl.exe
  C:\Windows\System\xYRaxkl.exe
  2⤵
  PID:5956
- C:\Windows\System\vIoQtqp.exe
  C:\Windows\System\vIoQtqp.exe
  2⤵
  PID:6000
- C:\Windows\System\bevdHwo.exe
  C:\Windows\System\bevdHwo.exe
  2⤵
  PID:6016
- C:\Windows\System\DzPpbtu.exe
  C:\Windows\System\DzPpbtu.exe
  2⤵
  PID:6036
- C:\Windows\System\yWelnTa.exe
  C:\Windows\System\yWelnTa.exe
  2⤵
  PID:6056
- C:\Windows\System\EPfbVDW.exe
  C:\Windows\System\EPfbVDW.exe
  2⤵
  PID:6076
- C:\Windows\System\UfxmgPA.exe
  C:\Windows\System\UfxmgPA.exe
  2⤵
  PID:6092
- C:\Windows\System\FGnITqI.exe
  C:\Windows\System\FGnITqI.exe
  2⤵
  PID:6112
- C:\Windows\System\kEfvFal.exe
  C:\Windows\System\kEfvFal.exe
  2⤵
  PID:6132
- C:\Windows\System\EokzOZg.exe
  C:\Windows\System\EokzOZg.exe
  2⤵
  PID:5136
- C:\Windows\System\zXWtYUE.exe
  C:\Windows\System\zXWtYUE.exe
  2⤵
  PID:1168
- C:\Windows\System\kjPmVLU.exe
  C:\Windows\System\kjPmVLU.exe
  2⤵
  PID:1220
- C:\Windows\System\XdLMEoH.exe
  C:\Windows\System\XdLMEoH.exe
  2⤵
  PID:5176
- C:\Windows\System\mHpGjfQ.exe
  C:\Windows\System\mHpGjfQ.exe
  2⤵
  PID:5220
- C:\Windows\System\peMyafZ.exe
  C:\Windows\System\peMyafZ.exe
  2⤵
  PID:5256
- C:\Windows\System\kuHmOXg.exe
  C:\Windows\System\kuHmOXg.exe
  2⤵
  PID:5288
- C:\Windows\System\CCIFcLJ.exe
  C:\Windows\System\CCIFcLJ.exe
  2⤵
  PID:5296
- C:\Windows\System\MjbMPYM.exe
  C:\Windows\System\MjbMPYM.exe
  2⤵
  PID:5300
- C:\Windows\System\aJUqjVi.exe
  C:\Windows\System\aJUqjVi.exe
  2⤵
  PID:5368
- C:\Windows\System\HetUNxy.exe
  C:\Windows\System\HetUNxy.exe
  2⤵
  PID:5424
- C:\Windows\System\fnCWdSi.exe
  C:\Windows\System\fnCWdSi.exe
  2⤵
  PID:5460
- C:\Windows\System\RqhVKVI.exe
  C:\Windows\System\RqhVKVI.exe
  2⤵
  PID:5464
- C:\Windows\System\vsLjShd.exe
  C:\Windows\System\vsLjShd.exe
  2⤵
  PID:5484
- C:\Windows\System\aKGTmEk.exe
  C:\Windows\System\aKGTmEk.exe
  2⤵
  PID:5540
- C:\Windows\System\EfnPbUF.exe
  C:\Windows\System\EfnPbUF.exe
  2⤵
  PID:5528
- C:\Windows\System\TvLYuSN.exe
  C:\Windows\System\TvLYuSN.exe
  2⤵
  PID:5592
- C:\Windows\System\ashuVxK.exe
  C:\Windows\System\ashuVxK.exe
  2⤵
  PID:5608
- C:\Windows\System\IRkUXZy.exe
  C:\Windows\System\IRkUXZy.exe
  2⤵
  PID:5664
- C:\Windows\System\NjDaKMq.exe
  C:\Windows\System\NjDaKMq.exe
  2⤵
  PID:5692
- C:\Windows\System\PfhqCbQ.exe
  C:\Windows\System\PfhqCbQ.exe
  2⤵
  PID:5744
- C:\Windows\System\SkGaEVM.exe
  C:\Windows\System\SkGaEVM.exe
  2⤵
  PID:5788
- C:\Windows\System\AXLRloX.exe
  C:\Windows\System\AXLRloX.exe
  2⤵
  PID:5856
- C:\Windows\System\DUWaVUS.exe
  C:\Windows\System\DUWaVUS.exe
  2⤵
  PID:5924
- C:\Windows\System\AEfkLVL.exe
  C:\Windows\System\AEfkLVL.exe
  2⤵
  PID:5912
- C:\Windows\System\ujzHwrm.exe
  C:\Windows\System\ujzHwrm.exe
  2⤵
  PID:5880
- C:\Windows\System\udJpFCa.exe
  C:\Windows\System\udJpFCa.exe
  2⤵
  PID:5972
- C:\Windows\System\NyKLTaC.exe
  C:\Windows\System\NyKLTaC.exe
  2⤵
  PID:5992
- C:\Windows\System\cNtzICm.exe
  C:\Windows\System\cNtzICm.exe
  2⤵
  PID:6008
- C:\Windows\System\bbQVOur.exe
  C:\Windows\System\bbQVOur.exe
  2⤵
  PID:6028
- C:\Windows\System\ypskGXU.exe
  C:\Windows\System\ypskGXU.exe
  2⤵
  PID:6104
- C:\Windows\System\SIKZxMP.exe
  C:\Windows\System\SIKZxMP.exe
  2⤵
  PID:6124
- C:\Windows\System\EtkFdAL.exe
  C:\Windows\System\EtkFdAL.exe
  2⤵
  PID:1772
- C:\Windows\System\rBADPMv.exe
  C:\Windows\System\rBADPMv.exe
  2⤵
  PID:5132
- C:\Windows\System\UDoyAok.exe
  C:\Windows\System\UDoyAok.exe
  2⤵
  PID:3988
- C:\Windows\System\plmlxoX.exe
  C:\Windows\System\plmlxoX.exe
  2⤵
  PID:5200
- C:\Windows\System\feaNzAF.exe
  C:\Windows\System\feaNzAF.exe
  2⤵
  PID:5352
- C:\Windows\System\pWiblQo.exe
  C:\Windows\System\pWiblQo.exe
  2⤵
  PID:5380
- C:\Windows\System\tyhPedX.exe
  C:\Windows\System\tyhPedX.exe
  2⤵
  PID:5400
- C:\Windows\System\GneOtyj.exe
  C:\Windows\System\GneOtyj.exe
  2⤵
  PID:5508
- C:\Windows\System\zTazEcL.exe
  C:\Windows\System\zTazEcL.exe
  2⤵
  PID:5576
- C:\Windows\System\klgkJgU.exe
  C:\Windows\System\klgkJgU.exe
  2⤵
  PID:5652
- C:\Windows\System\yjRZmvR.exe
  C:\Windows\System\yjRZmvR.exe
  2⤵
  PID:5556
- C:\Windows\System\ZjbWXya.exe
  C:\Windows\System\ZjbWXya.exe
  2⤵
  PID:5716
- C:\Windows\System\yawZwHa.exe
  C:\Windows\System\yawZwHa.exe
  2⤵
  PID:5524
- C:\Windows\System\PTgNfDL.exe
  C:\Windows\System\PTgNfDL.exe
  2⤵
  PID:5676
- C:\Windows\System\QrZkAUO.exe
  C:\Windows\System\QrZkAUO.exe
  2⤵
  PID:5784
- C:\Windows\System\GWPxZba.exe
  C:\Windows\System\GWPxZba.exe
  2⤵
  PID:5932
- C:\Windows\System\nBycwkb.exe
  C:\Windows\System\nBycwkb.exe
  2⤵
  PID:5984
- C:\Windows\System\semWlSU.exe
  C:\Windows\System\semWlSU.exe
  2⤵
  PID:6024
- C:\Windows\System\oevlWJA.exe
  C:\Windows\System\oevlWJA.exe
  2⤵
  PID:6052
- C:\Windows\System\uIalkWz.exe
  C:\Windows\System\uIalkWz.exe
  2⤵
  PID:6084
- C:\Windows\System\VUkxePf.exe
  C:\Windows\System\VUkxePf.exe
  2⤵
  PID:5336
- C:\Windows\System\RWoZLCE.exe
  C:\Windows\System\RWoZLCE.exe
  2⤵
  PID:6120
- C:\Windows\System\KTzhUMg.exe
  C:\Windows\System\KTzhUMg.exe
  2⤵
  PID:5124
- C:\Windows\System\WLixDpa.exe
  C:\Windows\System\WLixDpa.exe
  2⤵
  PID:5584
- C:\Windows\System\fvabvxF.exe
  C:\Windows\System\fvabvxF.exe
  2⤵
  PID:5480
- C:\Windows\System\yhZRfJj.exe
  C:\Windows\System\yhZRfJj.exe
  2⤵
  PID:5764
- C:\Windows\System\aEogkfg.exe
  C:\Windows\System\aEogkfg.exe
  2⤵
  PID:5372
- C:\Windows\System\sjBmtAc.exe
  C:\Windows\System\sjBmtAc.exe
  2⤵
  PID:5644
- C:\Windows\System\pSpaoeQ.exe
  C:\Windows\System\pSpaoeQ.exe
  2⤵
  PID:5688
- C:\Windows\System\CocGloQ.exe
  C:\Windows\System\CocGloQ.exe
  2⤵
  PID:5844
- C:\Windows\System\ZpxSEXk.exe
  C:\Windows\System\ZpxSEXk.exe
  2⤵
  PID:900
- C:\Windows\System\UHIHtUX.exe
  C:\Windows\System\UHIHtUX.exe
  2⤵
  PID:6068
- C:\Windows\System\koKFZPY.exe
  C:\Windows\System\koKFZPY.exe
  2⤵
  PID:5952
- C:\Windows\System\fSbAzSQ.exe
  C:\Windows\System\fSbAzSQ.exe
  2⤵
  PID:5252
- C:\Windows\System\Liwytbc.exe
  C:\Windows\System\Liwytbc.exe
  2⤵
  PID:5236
- C:\Windows\System\acIvVAo.exe
  C:\Windows\System\acIvVAo.exe
  2⤵
  PID:5908
- C:\Windows\System\OYPvWuj.exe
  C:\Windows\System\OYPvWuj.exe
  2⤵
  PID:5628
- C:\Windows\System\QqoAbcL.exe
  C:\Windows\System\QqoAbcL.exe
  2⤵
  PID:6160
- C:\Windows\System\BMwvWkL.exe
  C:\Windows\System\BMwvWkL.exe
  2⤵
  PID:6184
- C:\Windows\System\xlcoFfu.exe
  C:\Windows\System\xlcoFfu.exe
  2⤵
  PID:6204
- C:\Windows\System\uYDJtQP.exe
  C:\Windows\System\uYDJtQP.exe
  2⤵
  PID:6244
- C:\Windows\System\tXTVTPD.exe
  C:\Windows\System\tXTVTPD.exe
  2⤵
  PID:6264
- C:\Windows\System\jZtTFrY.exe
  C:\Windows\System\jZtTFrY.exe
  2⤵
  PID:6288
- C:\Windows\System\LaEFdzT.exe
  C:\Windows\System\LaEFdzT.exe
  2⤵
  PID:6304
- C:\Windows\System\uTzCxBX.exe
  C:\Windows\System\uTzCxBX.exe
  2⤵
  PID:6328
- C:\Windows\System\chdbqwl.exe
  C:\Windows\System\chdbqwl.exe
  2⤵
  PID:6348
- C:\Windows\System\xQZUCqd.exe
  C:\Windows\System\xQZUCqd.exe
  2⤵
  PID:6372
- C:\Windows\System\wzFdsmo.exe
  C:\Windows\System\wzFdsmo.exe
  2⤵
  PID:6388
- C:\Windows\System\fQOgpgb.exe
  C:\Windows\System\fQOgpgb.exe
  2⤵
  PID:6404
- C:\Windows\System\FFPcQcy.exe
  C:\Windows\System\FFPcQcy.exe
  2⤵
  PID:6428
- C:\Windows\System\GAWsiJb.exe
  C:\Windows\System\GAWsiJb.exe
  2⤵
  PID:6444
- C:\Windows\System\DkFUvVB.exe
  C:\Windows\System\DkFUvVB.exe
  2⤵
  PID:6460
- C:\Windows\System\NeSxHyC.exe
  C:\Windows\System\NeSxHyC.exe
  2⤵
  PID:6488
- C:\Windows\System\sLxjTkG.exe
  C:\Windows\System\sLxjTkG.exe
  2⤵
  PID:6508
- C:\Windows\System\OcCKVfY.exe
  C:\Windows\System\OcCKVfY.exe
  2⤵
  PID:6524
- C:\Windows\System\OFYLDcF.exe
  C:\Windows\System\OFYLDcF.exe
  2⤵
  PID:6540
- C:\Windows\System\ExXBxXG.exe
  C:\Windows\System\ExXBxXG.exe
  2⤵
  PID:6560
- C:\Windows\System\sjRjDun.exe
  C:\Windows\System\sjRjDun.exe
  2⤵
  PID:6576
- C:\Windows\System\yCdhkoN.exe
  C:\Windows\System\yCdhkoN.exe
  2⤵
  PID:6596
- C:\Windows\System\BdpCZdN.exe
  C:\Windows\System\BdpCZdN.exe
  2⤵
  PID:6612
- C:\Windows\System\zbepJxr.exe
  C:\Windows\System\zbepJxr.exe
  2⤵
  PID:6632
- C:\Windows\System\xyconJt.exe
  C:\Windows\System\xyconJt.exe
  2⤵
  PID:6652
- C:\Windows\System\LbpCpMH.exe
  C:\Windows\System\LbpCpMH.exe
  2⤵
  PID:6672
- C:\Windows\System\cfLyckG.exe
  C:\Windows\System\cfLyckG.exe
  2⤵
  PID:6688
- C:\Windows\System\lViIXPs.exe
  C:\Windows\System\lViIXPs.exe
  2⤵
  PID:6708
- C:\Windows\System\ovYyoHu.exe
  C:\Windows\System\ovYyoHu.exe
  2⤵
  PID:6728
- C:\Windows\System\bcgtIon.exe
  C:\Windows\System\bcgtIon.exe
  2⤵
  PID:6744
- C:\Windows\System\YLqPjAl.exe
  C:\Windows\System\YLqPjAl.exe
  2⤵
  PID:6768
- C:\Windows\System\pcVoFhZ.exe
  C:\Windows\System\pcVoFhZ.exe
  2⤵
  PID:6792
- C:\Windows\System\CuCZYDD.exe
  C:\Windows\System\CuCZYDD.exe
  2⤵
  PID:6812
- C:\Windows\System\oMjeNIs.exe
  C:\Windows\System\oMjeNIs.exe
  2⤵
  PID:6828
- C:\Windows\System\QwYDqVX.exe
  C:\Windows\System\QwYDqVX.exe
  2⤵
  PID:6848
- C:\Windows\System\UmwrnrZ.exe
  C:\Windows\System\UmwrnrZ.exe
  2⤵
  PID:6876
- C:\Windows\System\NkPwBwj.exe
  C:\Windows\System\NkPwBwj.exe
  2⤵
  PID:6892
- C:\Windows\System\DzwsrnQ.exe
  C:\Windows\System\DzwsrnQ.exe
  2⤵
  PID:6908
- C:\Windows\System\MHhPbxi.exe
  C:\Windows\System\MHhPbxi.exe
  2⤵
  PID:6924
- C:\Windows\System\UadKEnA.exe
  C:\Windows\System\UadKEnA.exe
  2⤵
  PID:6940
- C:\Windows\System\PSxEQOS.exe
  C:\Windows\System\PSxEQOS.exe
  2⤵
  PID:6960
- C:\Windows\System\YzisOGu.exe
  C:\Windows\System\YzisOGu.exe
  2⤵
  PID:6984
- C:\Windows\System\jypvIyS.exe
  C:\Windows\System\jypvIyS.exe
  2⤵
  PID:7000
- C:\Windows\System\AihAWaG.exe
  C:\Windows\System\AihAWaG.exe
  2⤵
  PID:7040
- C:\Windows\System\oejkNGg.exe
  C:\Windows\System\oejkNGg.exe
  2⤵
  PID:7056
- C:\Windows\System\RLqnmsT.exe
  C:\Windows\System\RLqnmsT.exe
  2⤵
  PID:7072
- C:\Windows\System\FoCGyvJ.exe
  C:\Windows\System\FoCGyvJ.exe
  2⤵
  PID:7088
- C:\Windows\System\uorSnUf.exe
  C:\Windows\System\uorSnUf.exe
  2⤵
  PID:7104
- C:\Windows\System\PqwbBma.exe
  C:\Windows\System\PqwbBma.exe
  2⤵
  PID:7120
- C:\Windows\System\yxGkoxX.exe
  C:\Windows\System\yxGkoxX.exe
  2⤵
  PID:5128
- C:\Windows\System\weyZJhU.exe
  C:\Windows\System\weyZJhU.exe
  2⤵
  PID:5876
- C:\Windows\System\yuTXJbb.exe
  C:\Windows\System\yuTXJbb.exe
  2⤵
  PID:5672
- C:\Windows\System\yuIbFWa.exe
  C:\Windows\System\yuIbFWa.exe
  2⤵
  PID:5864
- C:\Windows\System\zBcYGCF.exe
  C:\Windows\System\zBcYGCF.exe
  2⤵
  PID:5216
- C:\Windows\System\nHkbuOh.exe
  C:\Windows\System\nHkbuOh.exe
  2⤵
  PID:6212
- C:\Windows\System\EnpLOFd.exe
  C:\Windows\System\EnpLOFd.exe
  2⤵
  PID:6228
- C:\Windows\System\LZOLuyt.exe
  C:\Windows\System\LZOLuyt.exe
  2⤵
  PID:6240
- C:\Windows\System\aiVfYYP.exe
  C:\Windows\System\aiVfYYP.exe
  2⤵
  PID:6196
- C:\Windows\System\jGhNilC.exe
  C:\Windows\System\jGhNilC.exe
  2⤵
  PID:6272
- C:\Windows\System\joQhBrP.exe
  C:\Windows\System\joQhBrP.exe
  2⤵
  PID:6320
- C:\Windows\System\sHyXhdf.exe
  C:\Windows\System\sHyXhdf.exe
  2⤵
  PID:6344
- C:\Windows\System\ZdmDOKu.exe
  C:\Windows\System\ZdmDOKu.exe
  2⤵
  PID:6396
- C:\Windows\System\hgvFZIl.exe
  C:\Windows\System\hgvFZIl.exe
  2⤵
  PID:6420
- C:\Windows\System\HzHPQQt.exe
  C:\Windows\System\HzHPQQt.exe
  2⤵
  PID:6440
- C:\Windows\System\faYSQIr.exe
  C:\Windows\System\faYSQIr.exe
  2⤵
  PID:6416
- C:\Windows\System\isnjImO.exe
  C:\Windows\System\isnjImO.exe
  2⤵
  PID:6592
- C:\Windows\System\ukMIzaF.exe
  C:\Windows\System\ukMIzaF.exe
  2⤵
  PID:6628
- C:\Windows\System\NZGXRus.exe
  C:\Windows\System\NZGXRus.exe
  2⤵
  PID:6640
- C:\Windows\System\wXIPSKc.exe
  C:\Windows\System\wXIPSKc.exe
  2⤵
  PID:6496
- C:\Windows\System\upMalMA.exe
  C:\Windows\System\upMalMA.exe
  2⤵
  PID:6668
- C:\Windows\System\oiPTtJp.exe
  C:\Windows\System\oiPTtJp.exe
  2⤵
  PID:6740
- C:\Windows\System\zbfbald.exe
  C:\Windows\System\zbfbald.exe
  2⤵
  PID:6644
- C:\Windows\System\syHBvRC.exe
  C:\Windows\System\syHBvRC.exe
  2⤵
  PID:6820
- C:\Windows\System\izZAqYF.exe
  C:\Windows\System\izZAqYF.exe
  2⤵
  PID:6724
- C:\Windows\System\WvuXdeh.exe
  C:\Windows\System\WvuXdeh.exe
  2⤵
  PID:6760
- C:\Windows\System\hpYBWXD.exe
  C:\Windows\System\hpYBWXD.exe
  2⤵
  PID:6836
- C:\Windows\System\tcyKdDy.exe
  C:\Windows\System\tcyKdDy.exe
  2⤵
  PID:6868
- C:\Windows\System\TXjURGR.exe
  C:\Windows\System\TXjURGR.exe
  2⤵
  PID:6932
- C:\Windows\System\qblVfmz.exe
  C:\Windows\System\qblVfmz.exe
  2⤵
  PID:6976
- C:\Windows\System\XrOvgZg.exe
  C:\Windows\System\XrOvgZg.exe
  2⤵
  PID:7020
- C:\Windows\System\gmohnBJ.exe
  C:\Windows\System\gmohnBJ.exe
  2⤵
  PID:6888
- C:\Windows\System\LvaKUqw.exe
  C:\Windows\System\LvaKUqw.exe
  2⤵
  PID:7080
- C:\Windows\System\geehqfD.exe
  C:\Windows\System\geehqfD.exe
  2⤵
  PID:7100
- C:\Windows\System\yWGMkEX.exe
  C:\Windows\System\yWGMkEX.exe
  2⤵
  PID:7148
- C:\Windows\System\htBTlBn.exe
  C:\Windows\System\htBTlBn.exe
  2⤵
  PID:7164
- C:\Windows\System\JKxJMMu.exe
  C:\Windows\System\JKxJMMu.exe
  2⤵
  PID:6108
- C:\Windows\System\yNqIRJs.exe
  C:\Windows\System\yNqIRJs.exe
  2⤵
  PID:6336
- C:\Windows\System\RXRasYo.exe
  C:\Windows\System\RXRasYo.exe
  2⤵
  PID:6176
- C:\Windows\System\tBsARbh.exe
  C:\Windows\System\tBsARbh.exe
  2⤵
  PID:6156
- C:\Windows\System\IfcKmJn.exe
  C:\Windows\System\IfcKmJn.exe
  2⤵
  PID:6284
- C:\Windows\System\kKPsjBG.exe
  C:\Windows\System\kKPsjBG.exe
  2⤵
  PID:6256
- C:\Windows\System\hxYIFAc.exe
  C:\Windows\System\hxYIFAc.exe
  2⤵
  PID:6360
- C:\Windows\System\JqaMHtt.exe
  C:\Windows\System\JqaMHtt.exe
  2⤵
  PID:6436
- C:\Windows\System\cFfclaM.exe
  C:\Windows\System\cFfclaM.exe
  2⤵
  PID:6552
- C:\Windows\System\AnwMBwi.exe
  C:\Windows\System\AnwMBwi.exe
  2⤵
  PID:6556
- C:\Windows\System\DNOOadt.exe
  C:\Windows\System\DNOOadt.exe
  2⤵
  PID:6608
- C:\Windows\System\SzmsYrH.exe
  C:\Windows\System\SzmsYrH.exe
  2⤵
  PID:6664
- C:\Windows\System\UhnEbco.exe
  C:\Windows\System\UhnEbco.exe
  2⤵
  PID:6704
- C:\Windows\System\xttiUik.exe
  C:\Windows\System\xttiUik.exe
  2⤵
  PID:6904
- C:\Windows\System\bNFQHAA.exe
  C:\Windows\System\bNFQHAA.exe
  2⤵
  PID:6996
- C:\Windows\System\rJAMXBy.exe
  C:\Windows\System\rJAMXBy.exe
  2⤵
  PID:7052
- C:\Windows\System\AzLMRhp.exe
  C:\Windows\System\AzLMRhp.exe
  2⤵
  PID:7144
- C:\Windows\System\PZtvSRl.exe
  C:\Windows\System\PZtvSRl.exe
  2⤵
  PID:7036
- C:\Windows\System\KhMaHXW.exe
  C:\Windows\System\KhMaHXW.exe
  2⤵
  PID:6180
- C:\Windows\System\qlotpiS.exe
  C:\Windows\System\qlotpiS.exe
  2⤵
  PID:6756
- C:\Windows\System\IidbTMm.exe
  C:\Windows\System\IidbTMm.exe
  2⤵
  PID:6952
- C:\Windows\System\fWqKPfn.exe
  C:\Windows\System\fWqKPfn.exe
  2⤵
  PID:6972
- C:\Windows\System\AIbZlTb.exe
  C:\Windows\System\AIbZlTb.exe
  2⤵
  PID:6260
- C:\Windows\System\UoBxgtA.exe
  C:\Windows\System\UoBxgtA.exe
  2⤵
  PID:6168
- C:\Windows\System\VQlvmAM.exe
  C:\Windows\System\VQlvmAM.exe
  2⤵
  PID:6224
- C:\Windows\System\sGJDzAD.exe
  C:\Windows\System\sGJDzAD.exe
  2⤵
  PID:6720
- C:\Windows\System\aGzZrdD.exe
  C:\Windows\System\aGzZrdD.exe
  2⤵
  PID:6296
- C:\Windows\System\RlLNSIO.exe
  C:\Windows\System\RlLNSIO.exe
  2⤵
  PID:6412
- C:\Windows\System\OmIZuTl.exe
  C:\Windows\System\OmIZuTl.exe
  2⤵
  PID:6736
- C:\Windows\System\uGBhdXQ.exe
  C:\Windows\System\uGBhdXQ.exe
  2⤵
  PID:6840
- C:\Windows\System\cVsUYCP.exe
  C:\Windows\System\cVsUYCP.exe
  2⤵
  PID:7068
- C:\Windows\System\GtQpGTk.exe
  C:\Windows\System\GtQpGTk.exe
  2⤵
  PID:5828
- C:\Windows\System\bqXJMjf.exe
  C:\Windows\System\bqXJMjf.exe
  2⤵
  PID:7156
- C:\Windows\System\iMqatzS.exe
  C:\Windows\System\iMqatzS.exe
  2⤵
  PID:5796
- C:\Windows\System\XqagWlm.exe
  C:\Windows\System\XqagWlm.exe
  2⤵
  PID:7032
- C:\Windows\System\KGDFQHL.exe
  C:\Windows\System\KGDFQHL.exe
  2⤵
  PID:6276
- C:\Windows\System\sxibGJC.exe
  C:\Windows\System\sxibGJC.exe
  2⤵
  PID:7096
- C:\Windows\System\kFJToYD.exe
  C:\Windows\System\kFJToYD.exe
  2⤵
  PID:6532
- C:\Windows\System\wsFhGVT.exe
  C:\Windows\System\wsFhGVT.exe
  2⤵
  PID:6680
- C:\Windows\System\mqXgVLd.exe
  C:\Windows\System\mqXgVLd.exe
  2⤵
  PID:6648
- C:\Windows\System\JszEnTd.exe
  C:\Windows\System\JszEnTd.exe
  2⤵
  PID:6884
- C:\Windows\System\dfYKzMO.exe
  C:\Windows\System\dfYKzMO.exe
  2⤵
  PID:5384
- C:\Windows\System\QpdHxfa.exe
  C:\Windows\System\QpdHxfa.exe
  2⤵
  PID:6340
- C:\Windows\System\sbouONc.exe
  C:\Windows\System\sbouONc.exe
  2⤵
  PID:6584
- C:\Windows\System\QuXmprY.exe
  C:\Windows\System\QuXmprY.exe
  2⤵
  PID:6548
- C:\Windows\System\OkANiSx.exe
  C:\Windows\System\OkANiSx.exe
  2⤵
  PID:7048
- C:\Windows\System\kapDBae.exe
  C:\Windows\System\kapDBae.exe
  2⤵
  PID:7160
- C:\Windows\System\xKKgrhQ.exe
  C:\Windows\System\xKKgrhQ.exe
  2⤵
  PID:6968
- C:\Windows\System\IZyLRXl.exe
  C:\Windows\System\IZyLRXl.exe
  2⤵
  PID:6452
- C:\Windows\System\xdIATqi.exe
  C:\Windows\System\xdIATqi.exe
  2⤵
  PID:7140
- C:\Windows\System\SctSWVT.exe
  C:\Windows\System\SctSWVT.exe
  2⤵
  PID:6572
- C:\Windows\System\mTdQUdR.exe
  C:\Windows\System\mTdQUdR.exe
  2⤵
  PID:7176
- C:\Windows\System\bMTWwyR.exe
  C:\Windows\System\bMTWwyR.exe
  2⤵
  PID:7200
- C:\Windows\System\LDwTHFE.exe
  C:\Windows\System\LDwTHFE.exe
  2⤵
  PID:7216
- C:\Windows\System\umSizhI.exe
  C:\Windows\System\umSizhI.exe
  2⤵
  PID:7232
- C:\Windows\System\myvKRmu.exe
  C:\Windows\System\myvKRmu.exe
  2⤵
  PID:7248
- C:\Windows\System\qqYjyGp.exe
  C:\Windows\System\qqYjyGp.exe
  2⤵
  PID:7264
- C:\Windows\System\FZicdIk.exe
  C:\Windows\System\FZicdIk.exe
  2⤵
  PID:7284
- C:\Windows\System\eifUvUJ.exe
  C:\Windows\System\eifUvUJ.exe
  2⤵
  PID:7300
- C:\Windows\System\WGDUbgB.exe
  C:\Windows\System\WGDUbgB.exe
  2⤵
  PID:7336
- C:\Windows\System\uNQVyOA.exe
  C:\Windows\System\uNQVyOA.exe
  2⤵
  PID:7356
- C:\Windows\System\VYbFmgq.exe
  C:\Windows\System\VYbFmgq.exe
  2⤵
  PID:7376
- C:\Windows\System\rflDTPy.exe
  C:\Windows\System\rflDTPy.exe
  2⤵
  PID:7392
- C:\Windows\System\MJqXtks.exe
  C:\Windows\System\MJqXtks.exe
  2⤵
  PID:7408
- C:\Windows\System\KzMDpLl.exe
  C:\Windows\System\KzMDpLl.exe
  2⤵
  PID:7436
- C:\Windows\System\ILoVnoT.exe
  C:\Windows\System\ILoVnoT.exe
  2⤵
  PID:7460
- C:\Windows\System\BhlmqjJ.exe
  C:\Windows\System\BhlmqjJ.exe
  2⤵
  PID:7476
- C:\Windows\System\EVItQfn.exe
  C:\Windows\System\EVItQfn.exe
  2⤵
  PID:7496
- C:\Windows\System\mNEiCOR.exe
  C:\Windows\System\mNEiCOR.exe
  2⤵
  PID:7512
- C:\Windows\System\jhfffRI.exe
  C:\Windows\System\jhfffRI.exe
  2⤵
  PID:7532
- C:\Windows\System\omdtczI.exe
  C:\Windows\System\omdtczI.exe
  2⤵
  PID:7560
- C:\Windows\System\rwVxNLA.exe
  C:\Windows\System\rwVxNLA.exe
  2⤵
  PID:7576
- C:\Windows\System\wSRYTma.exe
  C:\Windows\System\wSRYTma.exe
  2⤵
  PID:7592
- C:\Windows\System\ldohgoa.exe
  C:\Windows\System\ldohgoa.exe
  2⤵
  PID:7608
- C:\Windows\System\jQxzWOA.exe
  C:\Windows\System\jQxzWOA.exe
  2⤵
  PID:7640
- C:\Windows\System\oXudkSd.exe
  C:\Windows\System\oXudkSd.exe
  2⤵
  PID:7656
- C:\Windows\System\MUsEPPk.exe
  C:\Windows\System\MUsEPPk.exe
  2⤵
  PID:7676
- C:\Windows\System\gjnlLRg.exe
  C:\Windows\System\gjnlLRg.exe
  2⤵
  PID:7696
- C:\Windows\System\hUKaPTB.exe
  C:\Windows\System\hUKaPTB.exe
  2⤵
  PID:7712
- C:\Windows\System\qFDzQnE.exe
  C:\Windows\System\qFDzQnE.exe
  2⤵
  PID:7732
- C:\Windows\System\HXWGElv.exe
  C:\Windows\System\HXWGElv.exe
  2⤵
  PID:7748
- C:\Windows\System\LxnVPoo.exe
  C:\Windows\System\LxnVPoo.exe
  2⤵
  PID:7768
- C:\Windows\System\kqZpIsc.exe
  C:\Windows\System\kqZpIsc.exe
  2⤵
  PID:7796
- C:\Windows\System\bkoWKBw.exe
  C:\Windows\System\bkoWKBw.exe
  2⤵
  PID:7816
- C:\Windows\System\OrmKaCa.exe
  C:\Windows\System\OrmKaCa.exe
  2⤵
  PID:7832
- C:\Windows\System\ZiTTPyv.exe
  C:\Windows\System\ZiTTPyv.exe
  2⤵
  PID:7848
- C:\Windows\System\rBFkgOJ.exe
  C:\Windows\System\rBFkgOJ.exe
  2⤵
  PID:7868
- C:\Windows\System\tFNdFcE.exe
  C:\Windows\System\tFNdFcE.exe
  2⤵
  PID:7884
- C:\Windows\System\TmYrWTL.exe
  C:\Windows\System\TmYrWTL.exe
  2⤵
  PID:7900
- C:\Windows\System\LXRiXpc.exe
  C:\Windows\System\LXRiXpc.exe
  2⤵
  PID:7936
- C:\Windows\System\kPhYlKy.exe
  C:\Windows\System\kPhYlKy.exe
  2⤵
  PID:7952
- C:\Windows\System\VxJtJUP.exe
  C:\Windows\System\VxJtJUP.exe
  2⤵
  PID:7972
- C:\Windows\System\eNWhroT.exe
  C:\Windows\System\eNWhroT.exe
  2⤵
  PID:7996
- C:\Windows\System\qxkbxPW.exe
  C:\Windows\System\qxkbxPW.exe
  2⤵
  PID:8016
- C:\Windows\System\lIhCUcc.exe
  C:\Windows\System\lIhCUcc.exe
  2⤵
  PID:8032
- C:\Windows\System\bKPFBoq.exe
  C:\Windows\System\bKPFBoq.exe
  2⤵
  PID:8048
- C:\Windows\System\aXzcDru.exe
  C:\Windows\System\aXzcDru.exe
  2⤵
  PID:8068
- C:\Windows\System\CHhUHBL.exe
  C:\Windows\System\CHhUHBL.exe
  2⤵
  PID:8088
- C:\Windows\System\vTBwdYS.exe
  C:\Windows\System\vTBwdYS.exe
  2⤵
  PID:8120
- C:\Windows\System\cUBpjeL.exe
  C:\Windows\System\cUBpjeL.exe
  2⤵
  PID:8140
- C:\Windows\System\bKKWzzp.exe
  C:\Windows\System\bKKWzzp.exe
  2⤵
  PID:8156
- C:\Windows\System\wpZbqVG.exe
  C:\Windows\System\wpZbqVG.exe
  2⤵
  PID:8184
- C:\Windows\System\cVeHbFE.exe
  C:\Windows\System\cVeHbFE.exe
  2⤵
  PID:6948
- C:\Windows\System\UXJZARM.exe
  C:\Windows\System\UXJZARM.exe
  2⤵
  PID:7188
- C:\Windows\System\czHbVeK.exe
  C:\Windows\System\czHbVeK.exe
  2⤵
  PID:7256
- C:\Windows\System\mQHushW.exe
  C:\Windows\System\mQHushW.exe
  2⤵
  PID:7296
- C:\Windows\System\VtEVAzD.exe
  C:\Windows\System\VtEVAzD.exe
  2⤵
  PID:7348
- C:\Windows\System\HUYrJNf.exe
  C:\Windows\System\HUYrJNf.exe
  2⤵
  PID:7320
- C:\Windows\System\bGBtZpm.exe
  C:\Windows\System\bGBtZpm.exe
  2⤵
  PID:7372
- C:\Windows\System\JrvTlUj.exe
  C:\Windows\System\JrvTlUj.exe
  2⤵
  PID:7384
- C:\Windows\System\ZvUzKgZ.exe
  C:\Windows\System\ZvUzKgZ.exe
  2⤵
  PID:7428
- C:\Windows\System\CHRtXNs.exe
  C:\Windows\System\CHRtXNs.exe
  2⤵
  PID:7448
- C:\Windows\System\MFlxmJg.exe
  C:\Windows\System\MFlxmJg.exe
  2⤵
  PID:7488
- C:\Windows\System\zGytDcC.exe
  C:\Windows\System\zGytDcC.exe
  2⤵
  PID:7528
- C:\Windows\System\JAYxpOE.exe
  C:\Windows\System\JAYxpOE.exe
  2⤵
  PID:7588
- C:\Windows\System\ipevWWS.exe
  C:\Windows\System\ipevWWS.exe
  2⤵
  PID:7600
- C:\Windows\System\gUWYxko.exe
  C:\Windows\System\gUWYxko.exe
  2⤵
  PID:7628
- C:\Windows\System\ngcsJBM.exe
  C:\Windows\System\ngcsJBM.exe
  2⤵
  PID:7664
- C:\Windows\System\CQoVUFf.exe
  C:\Windows\System\CQoVUFf.exe
  2⤵
  PID:7744
- C:\Windows\System\vCaSEeF.exe
  C:\Windows\System\vCaSEeF.exe
  2⤵
  PID:7684
- C:\Windows\System\YGgCDLO.exe
  C:\Windows\System\YGgCDLO.exe
  2⤵
  PID:7724
- C:\Windows\System\JUdHtla.exe
  C:\Windows\System\JUdHtla.exe
  2⤵
  PID:7764
- C:\Windows\System\eQecNrm.exe
  C:\Windows\System\eQecNrm.exe
  2⤵
  PID:7808
- C:\Windows\System\YmBcMdf.exe
  C:\Windows\System\YmBcMdf.exe
  2⤵
  PID:7876
- C:\Windows\System\kxDDWtk.exe
  C:\Windows\System\kxDDWtk.exe
  2⤵
  PID:7908
- C:\Windows\System\wNoVWzm.exe
  C:\Windows\System\wNoVWzm.exe
  2⤵
  PID:7928
- C:\Windows\System\zkwQfDu.exe
  C:\Windows\System\zkwQfDu.exe
  2⤵
  PID:7948
- C:\Windows\System\rfJxkHQ.exe
  C:\Windows\System\rfJxkHQ.exe
  2⤵
  PID:7992
- C:\Windows\System\GBPLqIq.exe
  C:\Windows\System\GBPLqIq.exe
  2⤵
  PID:8028
- C:\Windows\System\CIgVNAK.exe
  C:\Windows\System\CIgVNAK.exe
  2⤵
  PID:8040
- C:\Windows\System\hdqJCTh.exe
  C:\Windows\System\hdqJCTh.exe
  2⤵
  PID:8112
- C:\Windows\System\tgzfvVO.exe
  C:\Windows\System\tgzfvVO.exe
  2⤵
  PID:8152
- C:\Windows\System\BhisYzw.exe
  C:\Windows\System\BhisYzw.exe
  2⤵
  PID:8132
- C:\Windows\System\ggnXIPQ.exe
  C:\Windows\System\ggnXIPQ.exe
  2⤵
  PID:7184
- C:\Windows\System\BGRzgUX.exe
  C:\Windows\System\BGRzgUX.exe
  2⤵
  PID:7196
- C:\Windows\System\dpKVdWO.exe
  C:\Windows\System\dpKVdWO.exe
  2⤵
  PID:7344
- C:\Windows\System\ioYaZMW.exe
  C:\Windows\System\ioYaZMW.exe
  2⤵
  PID:7308
- C:\Windows\System\SxppjxK.exe
  C:\Windows\System\SxppjxK.exe
  2⤵
  PID:7456
- C:\Windows\System\PkJPBgb.exe
  C:\Windows\System\PkJPBgb.exe
  2⤵
  PID:7504
- C:\Windows\System\hwaqByU.exe
  C:\Windows\System\hwaqByU.exe
  2⤵
  PID:7556
- C:\Windows\System\BiLYOrI.exe
  C:\Windows\System\BiLYOrI.exe
  2⤵
  PID:7312
- C:\Windows\System\CkEWGjZ.exe
  C:\Windows\System\CkEWGjZ.exe
  2⤵
  PID:7620
- C:\Windows\System\xXbdQtv.exe
  C:\Windows\System\xXbdQtv.exe
  2⤵
  PID:7652
- C:\Windows\System\BvAVDQO.exe
  C:\Windows\System\BvAVDQO.exe
  2⤵
  PID:7688
- C:\Windows\System\YHMwXzH.exe
  C:\Windows\System\YHMwXzH.exe
  2⤵
  PID:7624
- C:\Windows\System\XfKXjMu.exe
  C:\Windows\System\XfKXjMu.exe
  2⤵
  PID:7856
- C:\Windows\System\PAbLIoZ.exe
  C:\Windows\System\PAbLIoZ.exe
  2⤵
  PID:7924
- C:\Windows\System\LEzUUxD.exe
  C:\Windows\System\LEzUUxD.exe
  2⤵
  PID:7892
- C:\Windows\System\EVUvkYd.exe
  C:\Windows\System\EVUvkYd.exe
  2⤵
  PID:7964
- C:\Windows\System\GrUQcoE.exe
  C:\Windows\System\GrUQcoE.exe
  2⤵
  PID:8012
- C:\Windows\System\HfvzALp.exe
  C:\Windows\System\HfvzALp.exe
  2⤵
  PID:8104
- C:\Windows\System\HsuYhsD.exe
  C:\Windows\System\HsuYhsD.exe
  2⤵
  PID:8008
- C:\Windows\System\IXapTwD.exe
  C:\Windows\System\IXapTwD.exe
  2⤵
  PID:7272
- C:\Windows\System\EJHdxnl.exe
  C:\Windows\System\EJHdxnl.exe
  2⤵
  PID:6684
- C:\Windows\System\eZhqOfR.exe
  C:\Windows\System\eZhqOfR.exe
  2⤵
  PID:7316
- C:\Windows\System\bEQmwaS.exe
  C:\Windows\System\bEQmwaS.exe
  2⤵
  PID:7444
- C:\Windows\System\UFeBPes.exe
  C:\Windows\System\UFeBPes.exe
  2⤵
  PID:7792
- C:\Windows\System\glXeFtR.exe
  C:\Windows\System\glXeFtR.exe
  2⤵
  PID:7540
- C:\Windows\System\MMlykgD.exe
  C:\Windows\System\MMlykgD.exe
  2⤵
  PID:7648
- C:\Windows\System\AFCpDZM.exe
  C:\Windows\System\AFCpDZM.exe
  2⤵
  PID:7756
- C:\Windows\System\rYuLjFo.exe
  C:\Windows\System\rYuLjFo.exe
  2⤵
  PID:8100
- C:\Windows\System\nxJegyX.exe
  C:\Windows\System\nxJegyX.exe
  2⤵
  PID:7960
- C:\Windows\System\TbFjvji.exe
  C:\Windows\System\TbFjvji.exe
  2⤵
  PID:8172
- C:\Windows\System\tpyaTMt.exe
  C:\Windows\System\tpyaTMt.exe
  2⤵
  PID:8176
- C:\Windows\System\GRiYHAL.exe
  C:\Windows\System\GRiYHAL.exe
  2⤵
  PID:7636
- C:\Windows\System\DklEFQW.exe
  C:\Windows\System\DklEFQW.exe
  2⤵
  PID:7352
- C:\Windows\System\zGTGRAo.exe
  C:\Windows\System\zGTGRAo.exe
  2⤵
  PID:7864
- C:\Windows\System\vuZZmcG.exe
  C:\Windows\System\vuZZmcG.exe
  2⤵
  PID:7760
- C:\Windows\System\CPHXHkl.exe
  C:\Windows\System\CPHXHkl.exe
  2⤵
  PID:8220
- C:\Windows\System\IPnJEpK.exe
  C:\Windows\System\IPnJEpK.exe
  2⤵
  PID:8240
- C:\Windows\System\jLhfxuI.exe
  C:\Windows\System\jLhfxuI.exe
  2⤵
  PID:8260
- C:\Windows\System\SgLtQqb.exe
  C:\Windows\System\SgLtQqb.exe
  2⤵
  PID:8276
- C:\Windows\System\WMNWHmT.exe
  C:\Windows\System\WMNWHmT.exe
  2⤵
  PID:8292
- C:\Windows\System\GDVeIdX.exe
  C:\Windows\System\GDVeIdX.exe
  2⤵
  PID:8316
- C:\Windows\System\hdyBfRi.exe
  C:\Windows\System\hdyBfRi.exe
  2⤵
  PID:8332
- C:\Windows\System\vFzAKMI.exe
  C:\Windows\System\vFzAKMI.exe
  2⤵
  PID:8356
- C:\Windows\System\PhSMEcZ.exe
  C:\Windows\System\PhSMEcZ.exe
  2⤵
  PID:8376
- C:\Windows\System\WGeIfee.exe
  C:\Windows\System\WGeIfee.exe
  2⤵
  PID:8400
- C:\Windows\System\kqhvaiF.exe
  C:\Windows\System\kqhvaiF.exe
  2⤵
  PID:8416
- C:\Windows\System\CGfAVSY.exe
  C:\Windows\System\CGfAVSY.exe
  2⤵
  PID:8432
- C:\Windows\System\bqTlszT.exe
  C:\Windows\System\bqTlszT.exe
  2⤵
  PID:8448
- C:\Windows\System\qINLsIK.exe
  C:\Windows\System\qINLsIK.exe
  2⤵
  PID:8476
- C:\Windows\System\sqySeDc.exe
  C:\Windows\System\sqySeDc.exe
  2⤵
  PID:8500
- C:\Windows\System\dLmAtxc.exe
  C:\Windows\System\dLmAtxc.exe
  2⤵
  PID:8516
- C:\Windows\System\cBwisnF.exe
  C:\Windows\System\cBwisnF.exe
  2⤵
  PID:8536
- C:\Windows\System\aimpdHC.exe
  C:\Windows\System\aimpdHC.exe
  2⤵
  PID:8560
- C:\Windows\System\zzWIpKP.exe
  C:\Windows\System\zzWIpKP.exe
  2⤵
  PID:8580
- C:\Windows\System\TNMyFoH.exe
  C:\Windows\System\TNMyFoH.exe
  2⤵
  PID:8596
- C:\Windows\System\QaUUlBv.exe
  C:\Windows\System\QaUUlBv.exe
  2⤵
  PID:8632
- C:\Windows\System\CbxbrkA.exe
  C:\Windows\System\CbxbrkA.exe
  2⤵
  PID:8648
- C:\Windows\System\eWairCr.exe
  C:\Windows\System\eWairCr.exe
  2⤵
  PID:8672
- C:\Windows\System\PnaGpLz.exe
  C:\Windows\System\PnaGpLz.exe
  2⤵
  PID:8688
- C:\Windows\System\UKGnQCM.exe
  C:\Windows\System\UKGnQCM.exe
  2⤵
  PID:8704
- C:\Windows\System\NrlEYMc.exe
  C:\Windows\System\NrlEYMc.exe
  2⤵
  PID:8724
- C:\Windows\System\mEOcJKB.exe
  C:\Windows\System\mEOcJKB.exe
  2⤵
  PID:8744
- C:\Windows\System\ZEJqDKe.exe
  C:\Windows\System\ZEJqDKe.exe
  2⤵
  PID:8776
- C:\Windows\System\lzuilRm.exe
  C:\Windows\System\lzuilRm.exe
  2⤵
  PID:8792
- C:\Windows\System\cIWRNDN.exe
  C:\Windows\System\cIWRNDN.exe
  2⤵
  PID:8812
- C:\Windows\System\JPyKIcz.exe
  C:\Windows\System\JPyKIcz.exe
  2⤵
  PID:8828
- C:\Windows\System\EjpFUwf.exe
  C:\Windows\System\EjpFUwf.exe
  2⤵
  PID:8872
- C:\Windows\System\rZKwMhI.exe
  C:\Windows\System\rZKwMhI.exe
  2⤵
  PID:8888
- C:\Windows\System\ETskUdi.exe
  C:\Windows\System\ETskUdi.exe
  2⤵
  PID:8908
- C:\Windows\System\HrjeCpe.exe
  C:\Windows\System\HrjeCpe.exe
  2⤵
  PID:8932
- C:\Windows\System\plsVDVi.exe
  C:\Windows\System\plsVDVi.exe
  2⤵
  PID:8948
- C:\Windows\System\TpfbPfL.exe
  C:\Windows\System\TpfbPfL.exe
  2⤵
  PID:8964
- C:\Windows\System\jqQwmDH.exe
  C:\Windows\System\jqQwmDH.exe
  2⤵
  PID:8980
- C:\Windows\System\MLXSOUP.exe
  C:\Windows\System\MLXSOUP.exe
  2⤵
  PID:9000
- C:\Windows\System\FSmeZFP.exe
  C:\Windows\System\FSmeZFP.exe
  2⤵
  PID:9036
- C:\Windows\System\IkhrMzE.exe
  C:\Windows\System\IkhrMzE.exe
  2⤵
  PID:9056
- C:\Windows\System\EnPweIc.exe
  C:\Windows\System\EnPweIc.exe
  2⤵
  PID:9072
- C:\Windows\System\zFfwLRe.exe
  C:\Windows\System\zFfwLRe.exe
  2⤵
  PID:9096
- C:\Windows\System\afpYnwM.exe
  C:\Windows\System\afpYnwM.exe
  2⤵
  PID:9116
- C:\Windows\System\KekIhLU.exe
  C:\Windows\System\KekIhLU.exe
  2⤵
  PID:9132
- C:\Windows\System\yzATVQy.exe
  C:\Windows\System\yzATVQy.exe
  2⤵
  PID:9148
- C:\Windows\System\nZcIAyb.exe
  C:\Windows\System\nZcIAyb.exe
  2⤵
  PID:9168
- C:\Windows\System\potmQDN.exe
  C:\Windows\System\potmQDN.exe
  2⤵
  PID:9192
- C:\Windows\System\gJgQZuJ.exe
  C:\Windows\System\gJgQZuJ.exe
  2⤵
  PID:7824
- C:\Windows\System\tKCitUa.exe
  C:\Windows\System\tKCitUa.exe
  2⤵
  PID:5964
- C:\Windows\System\VZODyMI.exe
  C:\Windows\System\VZODyMI.exe
  2⤵
  PID:7672
- C:\Windows\System\woJAIXO.exe
  C:\Windows\System\woJAIXO.exe
  2⤵
  PID:8084
- C:\Windows\System\OkgoNYR.exe
  C:\Windows\System\OkgoNYR.exe
  2⤵
  PID:7880
- C:\Windows\System\WIaiaZK.exe
  C:\Windows\System\WIaiaZK.exe
  2⤵
  PID:8216
- C:\Windows\System\ZDZOler.exe
  C:\Windows\System\ZDZOler.exe
  2⤵
  PID:8236
- C:\Windows\System\OusAMjN.exe
  C:\Windows\System\OusAMjN.exe
  2⤵
  PID:8304
- C:\Windows\System\SdUcbhu.exe
  C:\Windows\System\SdUcbhu.exe
  2⤵
  PID:8348
- C:\Windows\System\wdfLPQX.exe
  C:\Windows\System\wdfLPQX.exe
  2⤵
  PID:8384
- C:\Windows\System\sUTBfnC.exe
  C:\Windows\System\sUTBfnC.exe
  2⤵
  PID:8408
- C:\Windows\System\YXCorLx.exe
  C:\Windows\System\YXCorLx.exe
  2⤵
  PID:8460
- C:\Windows\System\OnpGdSM.exe
  C:\Windows\System\OnpGdSM.exe
  2⤵
  PID:8464
- C:\Windows\System\EfwSEVQ.exe
  C:\Windows\System\EfwSEVQ.exe
  2⤵
  PID:8532
- C:\Windows\System\AyPiYwR.exe
  C:\Windows\System\AyPiYwR.exe
  2⤵
  PID:8568
- C:\Windows\System\unSEiqj.exe
  C:\Windows\System\unSEiqj.exe
  2⤵
  PID:8604
- C:\Windows\System\iCjcOTR.exe
  C:\Windows\System\iCjcOTR.exe
  2⤵
  PID:8572
- C:\Windows\System\qJIcyCW.exe
  C:\Windows\System\qJIcyCW.exe
  2⤵
  PID:8656
- C:\Windows\System\mXQnSJF.exe
  C:\Windows\System\mXQnSJF.exe
  2⤵
  PID:8684
- C:\Windows\System\GxWMECR.exe
  C:\Windows\System\GxWMECR.exe
  2⤵
  PID:8712
- C:\Windows\System\bkWLcYE.exe
  C:\Windows\System\bkWLcYE.exe
  2⤵
  PID:8752
- C:\Windows\System\mqgTBsJ.exe
  C:\Windows\System\mqgTBsJ.exe
  2⤵
  PID:8772
- C:\Windows\System\PGMYZrd.exe
  C:\Windows\System\PGMYZrd.exe
  2⤵
  PID:8836
- C:\Windows\System\ZemLovf.exe
  C:\Windows\System\ZemLovf.exe
  2⤵
  PID:8852
- C:\Windows\System\kiAwepL.exe
  C:\Windows\System\kiAwepL.exe
  2⤵
  PID:8920
- C:\Windows\System\CjAThfK.exe
  C:\Windows\System\CjAThfK.exe
  2⤵
  PID:8896
- C:\Windows\System\AOQTSra.exe
  C:\Windows\System\AOQTSra.exe
  2⤵
  PID:8972
- C:\Windows\System\MAPbUsU.exe
  C:\Windows\System\MAPbUsU.exe
  2⤵
  PID:8992
- C:\Windows\System\CqWqqBG.exe
  C:\Windows\System\CqWqqBG.exe
  2⤵
  PID:9012
- C:\Windows\System\jQdWYAp.exe
  C:\Windows\System\jQdWYAp.exe
  2⤵
  PID:9048
- C:\Windows\System\tzXfRTm.exe
  C:\Windows\System\tzXfRTm.exe
  2⤵
  PID:9084
- C:\Windows\System\kLQyFdL.exe
  C:\Windows\System\kLQyFdL.exe
  2⤵
  PID:9104
- C:\Windows\System\HNQnqZe.exe
  C:\Windows\System\HNQnqZe.exe
  2⤵
  PID:9164
- C:\Windows\System\HeYnbET.exe
  C:\Windows\System\HeYnbET.exe
  2⤵
  PID:9180
- C:\Windows\System\csEyoNU.exe
  C:\Windows\System\csEyoNU.exe
  2⤵
  PID:9204
- C:\Windows\System\qFRwXKA.exe
  C:\Windows\System\qFRwXKA.exe
  2⤵
  PID:7896
- C:\Windows\System\gKrInJW.exe
  C:\Windows\System\gKrInJW.exe
  2⤵
  PID:7784
- C:\Windows\System\DNRBUDA.exe
  C:\Windows\System\DNRBUDA.exe
  2⤵
  PID:8204
- C:\Windows\System\XDAJUHv.exe
  C:\Windows\System\XDAJUHv.exe
  2⤵
  PID:8136
- C:\Windows\System\nisDNOy.exe
  C:\Windows\System\nisDNOy.exe
  2⤵
  PID:8212
- C:\Windows\System\tzAYbTb.exe
  C:\Windows\System\tzAYbTb.exe
  2⤵
  PID:8368
- C:\Windows\System\xskafMh.exe
  C:\Windows\System\xskafMh.exe
  2⤵
  PID:8440
- C:\Windows\System\XEjyvex.exe
  C:\Windows\System\XEjyvex.exe
  2⤵
  PID:8328
- C:\Windows\System\PHMmvYV.exe
  C:\Windows\System\PHMmvYV.exe
  2⤵
  PID:8512
- C:\Windows\System\pQfbZWL.exe
  C:\Windows\System\pQfbZWL.exe
  2⤵
  PID:8524
- C:\Windows\System\XjVjOGf.exe
  C:\Windows\System\XjVjOGf.exe
  2⤵
  PID:8588
- C:\Windows\System\jUaPBRJ.exe
  C:\Windows\System\jUaPBRJ.exe
  2⤵
  PID:8640
- C:\Windows\System\sjxnqrZ.exe
  C:\Windows\System\sjxnqrZ.exe
  2⤵
  PID:8788
- C:\Windows\System\DbvQnbz.exe
  C:\Windows\System\DbvQnbz.exe
  2⤵
  PID:8760
- C:\Windows\System\ywYynai.exe
  C:\Windows\System\ywYynai.exe
  2⤵
  PID:8840
- C:\Windows\System\oAeAROY.exe
  C:\Windows\System\oAeAROY.exe
  2⤵
  PID:8904
- C:\Windows\System\fWTFFeQ.exe
  C:\Windows\System\fWTFFeQ.exe
  2⤵
  PID:9008
- C:\Windows\System\lqtNkrK.exe
  C:\Windows\System\lqtNkrK.exe
  2⤵
  PID:9064
- C:\Windows\System\SIIXvYn.exe
  C:\Windows\System\SIIXvYn.exe
  2⤵
  PID:8988
- C:\Windows\System\mCWnoat.exe
  C:\Windows\System\mCWnoat.exe
  2⤵
  PID:8860
- C:\Windows\System\ZgmeaLA.exe
  C:\Windows\System\ZgmeaLA.exe
  2⤵
  PID:9112
- C:\Windows\System\PkPAcOH.exe
  C:\Windows\System\PkPAcOH.exe
  2⤵
  PID:7828
- C:\Windows\System\OFpEHUR.exe
  C:\Windows\System\OFpEHUR.exe
  2⤵
  PID:8268
- C:\Windows\System\sAwtsNy.exe
  C:\Windows\System\sAwtsNy.exe
  2⤵
  PID:9144
- C:\Windows\System\vLUFfdb.exe
  C:\Windows\System\vLUFfdb.exe
  2⤵
  PID:9016
- C:\Windows\System\BhqbwCq.exe
  C:\Windows\System\BhqbwCq.exe
  2⤵
  PID:8312
- C:\Windows\System\AosvzJu.exe
  C:\Windows\System\AosvzJu.exe
  2⤵
  PID:8444
- C:\Windows\System\tWFStPe.exe
  C:\Windows\System\tWFStPe.exe
  2⤵
  PID:8396
- C:\Windows\System\kDiIpfU.exe
  C:\Windows\System\kDiIpfU.exe
  2⤵
  PID:8576
- C:\Windows\System\WetAgHw.exe
  C:\Windows\System\WetAgHw.exe
  2⤵
  PID:8680
- C:\Windows\System\WlLvVyS.exe
  C:\Windows\System\WlLvVyS.exe
  2⤵
  PID:8740
- C:\Windows\System\IIVjYay.exe
  C:\Windows\System\IIVjYay.exe
  2⤵
  PID:9024
- C:\Windows\System\MAnXMhZ.exe
  C:\Windows\System\MAnXMhZ.exe
  2⤵
  PID:9200
- C:\Windows\System\otweCie.exe
  C:\Windows\System\otweCie.exe
  2⤵
  PID:8324
- C:\Windows\System\OkQsEXJ.exe
  C:\Windows\System\OkQsEXJ.exe
  2⤵
  PID:8824
- C:\Windows\System\OTpAmqZ.exe
  C:\Windows\System\OTpAmqZ.exe
  2⤵
  PID:8944
- C:\Windows\System\pifmjAe.exe
  C:\Windows\System\pifmjAe.exe
  2⤵
  PID:8864
- C:\Windows\System\hPDCwXj.exe
  C:\Windows\System\hPDCwXj.exe
  2⤵
  PID:8232
- C:\Windows\System\GjnfpeP.exe
  C:\Windows\System\GjnfpeP.exe
  2⤵
  PID:9044
- C:\Windows\System\yIXyevd.exe
  C:\Windows\System\yIXyevd.exe
  2⤵
  PID:8196
- C:\Windows\System\ClWavQS.exe
  C:\Windows\System\ClWavQS.exe
  2⤵
  PID:8552
- C:\Windows\System\KutuGjC.exe
  C:\Windows\System\KutuGjC.exe
  2⤵
  PID:8736
- C:\Windows\System\srPRoUz.exe
  C:\Windows\System\srPRoUz.exe
  2⤵
  PID:9068
- C:\Windows\System\MnjvLnf.exe
  C:\Windows\System\MnjvLnf.exe
  2⤵
  PID:8284
- C:\Windows\System\SntWdhU.exe
  C:\Windows\System\SntWdhU.exe
  2⤵
  PID:8844
- C:\Windows\System\pWGvClv.exe
  C:\Windows\System\pWGvClv.exe
  2⤵
  PID:8768
- C:\Windows\System\UwMtTnh.exe
  C:\Windows\System\UwMtTnh.exe
  2⤵
  PID:8592
- C:\Windows\System\aBIzBNB.exe
  C:\Windows\System\aBIzBNB.exe
  2⤵
  PID:8548
- C:\Windows\System\WWcRdIY.exe
  C:\Windows\System\WWcRdIY.exe
  2⤵
  PID:8628
- C:\Windows\System\bvNOLSx.exe
  C:\Windows\System\bvNOLSx.exe
  2⤵
  PID:7404
- C:\Windows\System\FySAdNk.exe
  C:\Windows\System\FySAdNk.exe
  2⤵
  PID:9232
- C:\Windows\System\AUyQQsi.exe
  C:\Windows\System\AUyQQsi.exe
  2⤵
  PID:9252
- C:\Windows\System\UZeRgTq.exe
  C:\Windows\System\UZeRgTq.exe
  2⤵
  PID:9268
- C:\Windows\System\UahVJpL.exe
  C:\Windows\System\UahVJpL.exe
  2⤵
  PID:9284
- C:\Windows\System\SCLophK.exe
  C:\Windows\System\SCLophK.exe
  2⤵
  PID:9300
- C:\Windows\System\JwkfVwa.exe
  C:\Windows\System\JwkfVwa.exe
  2⤵
  PID:9316
- C:\Windows\System\kKTOUQF.exe
  C:\Windows\System\kKTOUQF.exe
  2⤵
  PID:9332
- C:\Windows\System\hoLRXIs.exe
  C:\Windows\System\hoLRXIs.exe
  2⤵
  PID:9352
- C:\Windows\System\aZpmAHG.exe
  C:\Windows\System\aZpmAHG.exe
  2⤵
  PID:9368
- C:\Windows\System\kpQJNJe.exe
  C:\Windows\System\kpQJNJe.exe
  2⤵
  PID:9396
- C:\Windows\System\nJgrYZh.exe
  C:\Windows\System\nJgrYZh.exe
  2⤵
  PID:9416
- C:\Windows\System\wRHixdQ.exe
  C:\Windows\System\wRHixdQ.exe
  2⤵
  PID:9440
- C:\Windows\System\FQLDXCr.exe
  C:\Windows\System\FQLDXCr.exe
  2⤵
  PID:9460
- C:\Windows\System\ZoYcKtA.exe
  C:\Windows\System\ZoYcKtA.exe
  2⤵
  PID:9476
- C:\Windows\System\vhaIyNT.exe
  C:\Windows\System\vhaIyNT.exe
  2⤵
  PID:9496
- C:\Windows\System\ZMPQTBx.exe
  C:\Windows\System\ZMPQTBx.exe
  2⤵
  PID:9512
- C:\Windows\System\iDNhmdt.exe
  C:\Windows\System\iDNhmdt.exe
  2⤵
  PID:9528
- C:\Windows\System\WFBienL.exe
  C:\Windows\System\WFBienL.exe
  2⤵
  PID:9544
- C:\Windows\System\kekaYmt.exe
  C:\Windows\System\kekaYmt.exe
  2⤵
  PID:9560
- C:\Windows\System\hlnSCqt.exe
  C:\Windows\System\hlnSCqt.exe
  2⤵
  PID:9584
- C:\Windows\System\tmhUsgX.exe
  C:\Windows\System\tmhUsgX.exe
  2⤵
  PID:9604
- C:\Windows\System\BTpujGE.exe
  C:\Windows\System\BTpujGE.exe
  2⤵
  PID:9624
- C:\Windows\System\JfeUIYB.exe
  C:\Windows\System\JfeUIYB.exe
  2⤵
  PID:9644
- C:\Windows\System\laSHDkU.exe
  C:\Windows\System\laSHDkU.exe
  2⤵
  PID:9660
- C:\Windows\System\szEDRKE.exe
  C:\Windows\System\szEDRKE.exe
  2⤵
  PID:9676
- C:\Windows\System\tJpFfBY.exe
  C:\Windows\System\tJpFfBY.exe
  2⤵
  PID:9692
- C:\Windows\System\YybFCOm.exe
  C:\Windows\System\YybFCOm.exe
  2⤵
  PID:9712
- C:\Windows\System\RQopzEA.exe
  C:\Windows\System\RQopzEA.exe
  2⤵
  PID:9728
- C:\Windows\System\VaarBrp.exe
  C:\Windows\System\VaarBrp.exe
  2⤵
  PID:9748
- C:\Windows\System\GknJkMa.exe
  C:\Windows\System\GknJkMa.exe
  2⤵
  PID:9776
- C:\Windows\System\kLpRktR.exe
  C:\Windows\System\kLpRktR.exe
  2⤵
  PID:9792
- C:\Windows\System\ISVKDTo.exe
  C:\Windows\System\ISVKDTo.exe
  2⤵
  PID:9820
- C:\Windows\System\wCwnYEl.exe
  C:\Windows\System\wCwnYEl.exe
  2⤵
  PID:9836
- C:\Windows\System\CaeWnKw.exe
  C:\Windows\System\CaeWnKw.exe
  2⤵
  PID:9856
- C:\Windows\System\eQjCxsp.exe
  C:\Windows\System\eQjCxsp.exe
  2⤵
  PID:9876
- C:\Windows\System\QRvOpas.exe
  C:\Windows\System\QRvOpas.exe
  2⤵
  PID:9892
- C:\Windows\System\EupnXAD.exe
  C:\Windows\System\EupnXAD.exe
  2⤵
  PID:9924
- C:\Windows\System\dBPwAea.exe
  C:\Windows\System\dBPwAea.exe
  2⤵
  PID:9952
- C:\Windows\System\rbeivsz.exe
  C:\Windows\System\rbeivsz.exe
  2⤵
  PID:9968
- C:\Windows\System\hWpSaYM.exe
  C:\Windows\System\hWpSaYM.exe
  2⤵
  PID:9984
- C:\Windows\System\tAnASBM.exe
  C:\Windows\System\tAnASBM.exe
  2⤵
  PID:10004
- C:\Windows\System\WkuxfWH.exe
  C:\Windows\System\WkuxfWH.exe
  2⤵
  PID:10020
- C:\Windows\System\MQFYpvq.exe
  C:\Windows\System\MQFYpvq.exe
  2⤵
  PID:10036
- C:\Windows\System\LEqNffa.exe
  C:\Windows\System\LEqNffa.exe
  2⤵
  PID:10052
- C:\Windows\System\MihHuoC.exe
  C:\Windows\System\MihHuoC.exe
  2⤵
  PID:10068
- C:\Windows\System\otByNrY.exe
  C:\Windows\System\otByNrY.exe
  2⤵
  PID:10084
- C:\Windows\System\HEUDRCM.exe
  C:\Windows\System\HEUDRCM.exe
  2⤵
  PID:10100
- C:\Windows\System\XINPdsa.exe
  C:\Windows\System\XINPdsa.exe
  2⤵
  PID:10124
- C:\Windows\System\okFeqkF.exe
  C:\Windows\System\okFeqkF.exe
  2⤵
  PID:10148
- C:\Windows\System\IjcTokd.exe
  C:\Windows\System\IjcTokd.exe
  2⤵
  PID:10168
- C:\Windows\System\ITQTtin.exe
  C:\Windows\System\ITQTtin.exe
  2⤵
  PID:10184
- C:\Windows\System\mAslxTl.exe
  C:\Windows\System\mAslxTl.exe
  2⤵
  PID:10208
- C:\Windows\System\RrRiFkm.exe
  C:\Windows\System\RrRiFkm.exe
  2⤵
  PID:10224
- C:\Windows\System\MlpWAHA.exe
  C:\Windows\System\MlpWAHA.exe
  2⤵
  PID:8428
- C:\Windows\System\bbCPlUZ.exe
  C:\Windows\System\bbCPlUZ.exe
  2⤵
  PID:9220
- C:\Windows\System\XICyGNP.exe
  C:\Windows\System\XICyGNP.exe
  2⤵
  PID:9292
- C:\Windows\System\DXddJGJ.exe
  C:\Windows\System\DXddJGJ.exe
  2⤵
  PID:9264
- C:\Windows\System\yEuBTEb.exe
  C:\Windows\System\yEuBTEb.exe
  2⤵
  PID:9404
- C:\Windows\System\jQykPkh.exe
  C:\Windows\System\jQykPkh.exe
  2⤵
  PID:9408
- C:\Windows\System\DOhKaUX.exe
  C:\Windows\System\DOhKaUX.exe
  2⤵
  PID:9468
- C:\Windows\System\oGROfbc.exe
  C:\Windows\System\oGROfbc.exe
  2⤵
  PID:9536
- C:\Windows\System\Ohqyacw.exe
  C:\Windows\System\Ohqyacw.exe
  2⤵
  PID:9488
- C:\Windows\System\UImmuUe.exe
  C:\Windows\System\UImmuUe.exe
  2⤵
  PID:9568
- C:\Windows\System\AYyNBIV.exe
  C:\Windows\System\AYyNBIV.exe
  2⤵
  PID:9620
- C:\Windows\System\yujvbDo.exe
  C:\Windows\System\yujvbDo.exe
  2⤵
  PID:9688
- C:\Windows\System\vqrRrbw.exe
  C:\Windows\System\vqrRrbw.exe
  2⤵
  PID:9720
- C:\Windows\System\AWEKKmp.exe
  C:\Windows\System\AWEKKmp.exe
  2⤵
  PID:9636
- C:\Windows\System\bXyTBuJ.exe
  C:\Windows\System\bXyTBuJ.exe
  2⤵
  PID:9700
- C:\Windows\System\qAoRQsR.exe
  C:\Windows\System\qAoRQsR.exe
  2⤵
  PID:9760
- C:\Windows\System\bseriZu.exe
  C:\Windows\System\bseriZu.exe
  2⤵
  PID:9808
- C:\Windows\System\zQfSEqF.exe
  C:\Windows\System\zQfSEqF.exe
  2⤵
  PID:9784
- C:\Windows\System\pUNXqPS.exe
  C:\Windows\System\pUNXqPS.exe
  2⤵
  PID:9832
- C:\Windows\System\RSkwhsk.exe
  C:\Windows\System\RSkwhsk.exe
  2⤵
  PID:9868
- C:\Windows\System\OnERpxk.exe
  C:\Windows\System\OnERpxk.exe
  2⤵
  PID:9904
- C:\Windows\System\zRpTFVW.exe
  C:\Windows\System\zRpTFVW.exe
  2⤵
  PID:9916
- C:\Windows\System\xoyqRfs.exe
  C:\Windows\System\xoyqRfs.exe
  2⤵
  PID:9936
- C:\Windows\System\QwtuqYH.exe
  C:\Windows\System\QwtuqYH.exe
  2⤵
  PID:9960
- C:\Windows\System\PqZdqsj.exe
  C:\Windows\System\PqZdqsj.exe
  2⤵
  PID:10028
- C:\Windows\System\jqThlfc.exe
  C:\Windows\System\jqThlfc.exe
  2⤵
  PID:10064
- C:\Windows\System\PNdWNdr.exe
  C:\Windows\System\PNdWNdr.exe
  2⤵
  PID:10096
- C:\Windows\System\cdVutUM.exe
  C:\Windows\System\cdVutUM.exe
  2⤵
  PID:10136
- C:\Windows\System\MXqvVMu.exe
  C:\Windows\System\MXqvVMu.exe
  2⤵
  PID:10200
- C:\Windows\System\uxmVNZc.exe
  C:\Windows\System\uxmVNZc.exe
  2⤵
  PID:10216
- C:\Windows\System\PiUuCcM.exe
  C:\Windows\System\PiUuCcM.exe
  2⤵
  PID:9312
- C:\Windows\System\WozcUEA.exe
  C:\Windows\System\WozcUEA.exe
  2⤵
  PID:9240
- C:\Windows\System\YohWeqX.exe
  C:\Windows\System\YohWeqX.exe
  2⤵
  PID:9392
- C:\Windows\System\FjHzePm.exe
  C:\Windows\System\FjHzePm.exe
  2⤵
  PID:9448
- C:\Windows\System\HHmTEWh.exe
  C:\Windows\System\HHmTEWh.exe
  2⤵
  PID:9580
- C:\Windows\System\QemUIcG.exe
  C:\Windows\System\QemUIcG.exe
  2⤵
  PID:9504
- C:\Windows\System\QmpXlPF.exe
  C:\Windows\System\QmpXlPF.exe
  2⤵
  PID:9616
- C:\Windows\System\BPmepBW.exe
  C:\Windows\System\BPmepBW.exe
  2⤵
  PID:9656
- C:\Windows\System\KWxfbmW.exe
  C:\Windows\System\KWxfbmW.exe
  2⤵
  PID:9724
- C:\Windows\System\JPSbmIb.exe
  C:\Windows\System\JPSbmIb.exe
  2⤵
  PID:9800
- C:\Windows\System\Vxmuhuk.exe
  C:\Windows\System\Vxmuhuk.exe
  2⤵
  PID:9828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ETUzjCE.exe

Filesize
6.0MB

MD5
a60e35ad975442b08a9cb0a9d863c59a

SHA1
8ae49ba0ff8bdb71d2b7a120ec4a6e1de68b18b1

SHA256
b3458ec4ef71170bcc129bb67455193431a3e2f8221750a3b6ca74e344b5f81f

SHA512
3513282bc2cd7626eb99c16dbe968c1d5178f50d1fed153bf0c4018cbb53449bb4225240bbc7d9ca5ae424869eae8941ad55adb28d1197ab9e402f4668afb8a9

Download Submit
C:\Windows\system\EnDuwLu.exe

Filesize
6.0MB

MD5
7183bf0783cbaf428a37530bde2c4d1a

SHA1
871f5bbfa73c8558ab65c416129fccbff9078b09

SHA256
7edcbcfbac18110e1136237263d7873fb9a80400699a90a899330d5ee09d006a

SHA512
90ace0dbb5a20251e58062c0dabc1dd0a2b523ad3f902e56a07adb3324e878e09858167629b24503f2728c30b0092aab01ed952abaab9f56528f3c878541a233

Download Submit
C:\Windows\system\OfVLZvy.exe

Filesize
6.0MB

MD5
8c8dd5539b8896e986435d703b25e367

SHA1
c102274e3f0eede750d254766ff454230425963a

SHA256
519893c817a0dfb68803caefeec59d332b267c2ea8a254788e646d3c107999fd

SHA512
cf8de258c395db984db5ac3e9a38b250e1256b51ed0007e8848a7b7475f75a3c2392e73c6763f43f97b0b006d7b8bf40e50fabdabc32ef469c5f05464d48e38d

Download Submit
C:\Windows\system\PmZIZTm.exe

Filesize
6.0MB

MD5
b5765a6926e6757fdfbe8fca80e2855c

SHA1
5490deaf0b75e255144a78d774e678d438351575

SHA256
7fafee27846a79a1a880132cf2c3a60ef0a8b781aa8e57e2d0fc2320147199fe

SHA512
53227ed64678c7a50b6b1624d828e1d8ce1a3373fe76060dbcfb821aade6993d2f784d5e67e95cc265f1723fffcac250935e753fb3c3f1003b78b1d5cdcdbccd

Download Submit
C:\Windows\system\TIyITKy.exe

Filesize
6.0MB

MD5
3a359e5fb2eae9a2ae610a1783e4685b

SHA1
b03404de757683e2b601cf5ed817cae20a71efc6

SHA256
c2a2f6bb212cda69346d2ac8ac2a1d26b1c1b34bc39eab7114eb459ccdfe4e99

SHA512
04b761578edc73dc690af70c4e88ec17a5031822fb484582342deb9cfc05490331e15f60940cebb0b585467c8d1c40335fd76b40897c257e7842302ebc2955e5

Download Submit
C:\Windows\system\TyHvFsF.exe

Filesize
6.0MB

MD5
eb6dd1e374f41e052879436b909642ee

SHA1
77dd32e8a42380f38b8d568b9994c8923111a9b0

SHA256
ebdd0078f1882e8a016153f360339c6f2dd411c1090dcc49cc2496b4d57a7880

SHA512
52742432df21c687a341813ed93948c8601251741445111983ee82ccb60efb4f926c76c88b1ff8c5dc975b3274b00f4ade93f09bdc22739b0f60ba5fad8b034e

Download Submit
C:\Windows\system\WDmMrKG.exe

Filesize
6.0MB

MD5
97e8d74b2bd603ef4213d687296483ed

SHA1
233ddb05fbb26a2197b9a5c5dabee2580070fe29

SHA256
f8c6db8fb9d70e52bbeadd44eb9d87bd0b1113773c715e641ffb6dc4013bb1af

SHA512
97382904e541076ba925c3fcddc6074b4bc856a191301bd2a68dcb202291c3687f8bbade60f04df8ce6e25e84c45e073de741b78792890acda90473407ad591c

Download Submit
C:\Windows\system\WmcMQUI.exe

Filesize
6.0MB

MD5
6a201455e73d933cd04f478822c2391e

SHA1
5462bd4da92924a516a3fe99ffaca0f380ffcdc2

SHA256
2a8288ee6828695463047fffdcb699f7e512f9ad9ffab5ba642397da54f345bd

SHA512
b0ad563400f9fa3b39f36a84ab33c9ca91b241b22dd805c12c108a55da7583f2699100cadfea01b9495fe4857041d85ea45a2cfb69a56361780277e1ee54de4a

Download Submit
C:\Windows\system\XCSGhQQ.exe

Filesize
6.0MB

MD5
cc560c627a749b429c728ed2ced3cbab

SHA1
70b9cb161d69fa4f6bf9b5954ddfa62fec1ec799

SHA256
d918d9b0c290d14bae214fe0b896a2565b0b45d229413c5dabc4689f74e6efdb

SHA512
050732e4d49d9942320bc7db4dc4587378401151e84af7dc8cb855a93969bc90802a97a8e42ba6585edc60149ea39bf2ea2d81135781ac50871ae3fb2b6018b1

Download Submit
C:\Windows\system\XgHzNqU.exe

Filesize
6.0MB

MD5
eb588fa5208b1f60ac90a4229c9a0a9a

SHA1
8c44852bb24388b71dabd30b92fca6afbb7596c1

SHA256
741f1a5d4faf9e6ed5bfd2e45398ec5d8193b051fdec7d5fe60f11923251f926

SHA512
061b46fc523002a21bee5f098d406419f6728a6702f269de40c687091888a3071caf52b42d2221847390158b28aaf3617cab8d9fe9c7ac14d02c36129e73190f

Download Submit
C:\Windows\system\cGHueDI.exe

Filesize
6.0MB

MD5
65b7365a6bfb9dbfaca98f552cbe1fab

SHA1
374263255b616f726f9239bb697a142237369489

SHA256
3e1b60937cde748ead01a6d15189e9b31e269d66ddf583545e3c4d4d02ee4c03

SHA512
9eed4918e3b4bde9be88ce21b75fce76a3ab91849729c3cab8052c6120c916a320643dca04b51db0935d9ad8906a9b6070478db2d1cfcd67c010ac179d894250

Download Submit
C:\Windows\system\edHHdgd.exe

Filesize
6.0MB

MD5
13a805403b2e67bdb13afbafcb37f733

SHA1
dbd58c983fac27a472221b93071bef8900582ada

SHA256
bcbf8e3fb3071ceb065a26beb3066990b2d814c7c5791cc043e4dffcb30ab8bd

SHA512
cc2be79879b566d642cf83f6fe46c6a26f8e1b6cb85d5dbf0e7a1102a5e94a535b8cabf8f21abae5c34411a11c8c8c4f0ed8c11df345bea0e314934aafb4eb4d

Download Submit
C:\Windows\system\fCtZbFg.exe

Filesize
6.0MB

MD5
1aa1b926967f96e985b8df2edab20799

SHA1
49ae6c1053296648d7b8982ab6eeca3c3d6f8b3e

SHA256
5b6d5bb61e902b383cd950a5d6114b60d9a2444d44bbd90104c02dbb77e5b00a

SHA512
465718c8a68b98e9ccb540a548b35ee5a31555c14ed78b466f1c6974ca05d2ef19c95cdf05f7d5f73d867fb9400ffeeab3755414cca6cd68fe86d72e31f16159

Download Submit
C:\Windows\system\hAmPXMy.exe

Filesize
6.0MB

MD5
61b2b85cf4598e009d92a841c858f05b

SHA1
9574b483a1ebe11ffba47229d933ef59722db070

SHA256
1519dd64c97b30baddbbde7760ec9b3259118bae51417ee63a445f0bf9672fd3

SHA512
f8de05a1f290981176a900b53630b0b67bb462107664ac3f5f10280f1f2c654e90c17e8739066b91e033534b0e34e5229f3a13972a1de4c775f989de5213e637

Download Submit
C:\Windows\system\hoYDoIi.exe

Filesize
6.0MB

MD5
73c3aeff173d2fc15515524906969264

SHA1
05c2b6fd23d6405a1358a4c4782ac40f0348bfae

SHA256
48b1ebf3098030239b496406b6469a18f4f27ae639be49bfebf8023ed5793e7c

SHA512
8da21c908f23b384e673c310d589cbc8fd4c1a674cc8f0b28bb7aaa5f7dd9528571554295caa9d09c0026f53c8a9224ca4845c11d211aecd0e0f0285c96c7dbb

Download Submit
C:\Windows\system\iTVfQPE.exe

Filesize
6.0MB

MD5
1e519dc8f027584dd2a5057953d36b74

SHA1
28a78c68d72d1fdf81c44228fce6f2bbb3d09bc2

SHA256
94e4c04d8463ba1e4e967244e8bc4a1b0d4f9012d7b60c77625d29b7fe8d77f9

SHA512
b0ee67f10e7100ef03ec961601e332582ecd9cf78097131a559e171ff6acbc13205d9c616ac173a22e6f2585ec18351f6dfde938a4eea5c63d0edcbff5a5e37d

Download Submit
C:\Windows\system\kbZHquO.exe

Filesize
6.0MB

MD5
289836757e9c31b6b383f4153a7214c4

SHA1
98cd0469e602af0045a2d7e1d3a6867063e952c4

SHA256
fec8813b670af59a29eda4e80b00d671062affa37d5d76c526108779a57b4cf9

SHA512
4eb443b13978e5331205539b2851b23c95cd5a2aea79977d60c0c6f9c80fa3d78f93b72c8253b0641d6645d30bfce19a6cfef03d92d9ebd8cb2e15e78efbb95d

Download Submit
C:\Windows\system\kuaqKqo.exe

Filesize
6.0MB

MD5
e8dc7c541ffebcd0ef70a801249254db

SHA1
2fa102dfc29b23012c0c4bf52baf0fa924fd3bb9

SHA256
61649a623f0b1dc2a01dd395f1bc59b7ef3d4b830ae27437c9071c0b5b684104

SHA512
d67220edd5b29f73cfe07e0fbc9ab014a71ba50931999f3c02f6e404c21bf88966830341005930c81999185cee6ddf600cc4d1b439715c6c29b8e29605cad9fb

Download Submit
C:\Windows\system\mdByiZm.exe

Filesize
6.0MB

MD5
6ae8670bce4a2508a20a27dfb94d8323

SHA1
5e0cb9f77bbc164c1a8f21ac65fd15b137435a74

SHA256
6cd1a2834b7efb098904c02caabef56471f37b443e0be4fce0e6b2e2e1688d8d

SHA512
3585eeaf01df560006a26bf5b0d77fc5a04f05f77c9e95d74062f35a74524a099493fbf4a632d2a8f5c25e4d03604c96c4fbc210f0705f3e2beb98663e0432bc

Download Submit
C:\Windows\system\mllCSfi.exe

Filesize
6.0MB

MD5
a371a3217ae2e789b804cc9dcd2ad055

SHA1
e993f09a45d327bd5b1a6f6b71c3e5d5aa56f6bc

SHA256
0c3c2135c3de96c4420f12f043e3a5c36eec8e5f1b12ba2aec3b1e888fd86647

SHA512
b3c8ebbacf06b29a789ad41ae649fd882ff194454b27512a9fd72468665ee8dd0b37065f0d633fc1ee1d4f315532740eade7dbf746d55dbcf7e5f2cdcbe6230a

Download Submit
C:\Windows\system\oqOyIpU.exe

Filesize
6.0MB

MD5
05e4f6375bb115bd9dea53e88a964fef

SHA1
71c93be4b8dd17ce0d374df90c978e36f4b2818d

SHA256
4c16cec18d81909f5a18a83b06063e8b8a7272b745d32265be0d5dd48afa603f

SHA512
7ae617ef059c1e512d3f99ce6ecb4b16e22f9a330b5b008a0f5d2c5af318b117291d24e1376d4606947e765005adbf2c0957f96240cafb14d3d6950c012eae19

Download Submit
C:\Windows\system\pKSnijr.exe

Filesize
6.0MB

MD5
04db8c614f32a12b854babd05edaabed

SHA1
b7e1236551d4d0ac888dabb89a802023cc3dce9e

SHA256
191aaf6849134465e4832c485099329b5c37204499fef1cf4ab2939eff29b5f0

SHA512
b59898c8121022e44d1eb43e7cb2345739598591a9205505f380c02482b4890c51a9a6caae9b46d7b208c4343073706e69edc5709b84aed8760910497899947e

Download Submit
C:\Windows\system\pYIIWuC.exe

Filesize
6.0MB

MD5
be5d68d7e338f43d3286b9f9af90032e

SHA1
d7f361301cbef11d0b342a22ec31167a00c5a4e4

SHA256
baecf2bd3583e78837e13f4f3f13b86fdde8e28f3257c5a9b4953ea100197dbe

SHA512
9e68a21b6db593a245cd12274cdb3f8484546949d9b5574602bdeacb2edcd12b9538521f7bf5a4b5333d608076f77af3a952c0fc0967347690a32d3fd943a0e3

Download Submit
C:\Windows\system\sUCjsvO.exe

Filesize
6.0MB

MD5
f7c9297474514a517ddf69c0a96fcca7

SHA1
1582916825a371cd608b16b9cfb27579044e8457

SHA256
5d9f8b911f51407ff2fef72ea4441f7e79bfbfd7c58c8a5d4e3e49193e37a646

SHA512
d4555722e22e41ee0db6765ea99c87b2a3dbf4147307a1a7c4773abad5590fcda81f434b6d6f6dca44e7626766ed50116b329f8128d4feebe3164bd02babfb42

Download Submit
C:\Windows\system\tCFxemn.exe

Filesize
6.0MB

MD5
7cdfd65588555126ec3d1a95cbff2bf9

SHA1
fa8dddbf60b3cc32609dc5be177f14cb84e45c22

SHA256
380c36825b3269ccd4f19b7bf4d32856f28e8702d304735dfa66551cf4fcc01c

SHA512
afe7cc07479d0d24c0cd02d0203cb61f0e60c03cf2586f5d7a1ca64f6dc9cc62dcd2437b9ada5798e9e3cd17b8072e6c0dff3d6b72c11a751c5fa684d9b5a1d2

Download Submit
\Windows\system\HHpjLdP.exe

Filesize
6.0MB

MD5
eb00df9a311270dfbb2bbae8f521ff56

SHA1
4ffbf99da90c81c25110178fe1a7352fb212aff5

SHA256
749bccc73c5182f5c87e0f69a41cc5e845a897d9a4d22246644f5f278343de4a

SHA512
89c9c1a458866c607b56938445ede51dee44ecfa3e7d0c27eec43a4eff8f7bef07fbaf5858a3512d4e6c8aa2ed7e2755c26400a1ffb91363ea98860e2f037198

Download Submit
\Windows\system\KfYmRlF.exe

Filesize
6.0MB

MD5
d97ae8293e193f80754d7ced59d1b792

SHA1
ee6e491f403bb09672e7a125400a386b97ff285a

SHA256
3a757e1f22d95bc964ce83b7a9ba0667762550c6ae28bd6dc7c3f5e435f7d18c

SHA512
237168a7f80427ad9715db06b93fbb595426a0dd0b6e2d319eaa41dd95923752609757030739cfa79d5b09734f3063ad210563ae9523bbfa75179ea84e67c473

Download Submit
\Windows\system\XOQQQFU.exe

Filesize
6.0MB

MD5
08f3cb3d9de829bc2d8fa3f7fa28b684

SHA1
c7e2eafb82a0844433b9b98227182ba6b978819b

SHA256
a76f300ad532859b646ac215c9d76d55662379ce85301b51ba8ed5f1a30a6034

SHA512
299469641f648defb1eee8e0c912a180116ddd07cf28f684e8c503c2f9b37cdab04760527ef9ebede569444bb6db39a857567afd3da722019a91662dddf5d74d

Download Submit
\Windows\system\lauZuJs.exe

Filesize
6.0MB

MD5
642e10ea8a431b651377b320ceea9a49

SHA1
5a7bb64f7c36e4e1d72204cd69f7e1e574ff3e0d

SHA256
310ddfb459118edb049161ea87411584eea0d5d2aebb0814f5299d5e340fa3ab

SHA512
659958c9e2a3bd81dfefddbca7f3fac0d4c71698b45227f872a85899d8686a6b05475e2d5fd3716e3b8745c5206a2ffe5756d6f33e4b00c718faa78a63907e94

Download Submit
\Windows\system\obKWQCE.exe

Filesize
6.0MB

MD5
04dc9f19bfebbd9d8ffa987649575c27

SHA1
10aa6c0f496bad94a5712ddab249a522a2e513db

SHA256
e8fe066d5a296b2044cab97d6ae14f9ec840c97dd46ebba94185aa0187bbf635

SHA512
3db5649c79c9579bae8d832e0ec1676311015250080be1a8959c398c6118bb02a3654fea1bd32af6b37c65cf3a3b59c1ba81e83775265c524220fbc56ac0f710

Download Submit
\Windows\system\qhmENyC.exe

Filesize
6.0MB

MD5
bde6499efcd4602e38462b50a23c027a

SHA1
239ea8dc6b1bc56c3c498e6a9d072de881f6d465

SHA256
0ce3ad72f34ac8eaf888a9a147ebe3944e8aff0951eb804be7395f959ad6f948

SHA512
e97f2e5095f3cfb1434161a0f8540d13c1a8b4b9fbbb6ed7b1b4c4b75f899912d72e0456a9ecf55da09b6bfd34ac703419d6c6126406f035b8058b2eaf95f091

Download Submit
\Windows\system\tLDcozw.exe

Filesize
6.0MB

MD5
4e5f92871afcc3ce829a629ea5eb27d6

SHA1
65e2ba95db1235687655bd168ccc71649915f9e2

SHA256
95bfe126ae76bc3e772fd56230447856704a4d2d63538f9125647584813de859

SHA512
aae3394210b2cceddaa09f3a3af9efad62f7d3c0768335dcbf23a49699e7a44fc77a57311ff3b4a1f009128e1ba2fd74157b296d6f6236bedf2ffcf06e5c1a71

Download Submit
memory/264-100-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/264-625-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/264-2677-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/1044-298-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/1044-77-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/1044-2667-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/1424-59-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/1424-2594-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/1424-17-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/1716-85-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-408-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-2670-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-0-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2060-1-0x0000000000180000-0x0000000000190000-memory.dmp

Filesize
64KB

Download
memory/2060-469-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2060-74-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2060-568-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2060-690-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2060-348-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2060-38-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2060-51-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2060-67-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-21-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2060-32-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2060-105-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2060-104-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-58-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2060-40-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2060-238-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2060-44-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2060-89-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2060-81-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2060-28-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2408-2590-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2408-36-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2440-62-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2440-12-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2528-2647-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2528-63-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2528-99-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2644-84-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2644-47-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2644-2600-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2648-42-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2648-3657-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2684-2646-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2684-92-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2684-55-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2732-41-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-2591-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-93-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2860-513-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2860-2672-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2908-39-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2908-2592-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/3028-70-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-2651-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-187-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download