cobaltstrike | c2ba61f695298c1581bd72f6d067759a092f306b3047e60d6b2cfef8805c07ca

Analysis

max time kernel
126s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
30-01-2025 22:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

751e8de78201414f8d562d85430ff1e5
SHA1

b6f9996e73d840939f19ab832c1f7304301eefb4
SHA256

c2ba61f695298c1581bd72f6d067759a092f306b3047e60d6b2cfef8805c07ca
SHA512

39f83432dbdbf6833e0588aabd7cb762e88350d502a4192086af32f0a93023a0c8077b22634b1788465d015b0069895c147f2be0e59584243ceb223f752dcbcd
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUr:T+q56utgpPF8u/7r

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000900000001225f-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c03-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c7c-15.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000016cbc-27.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017355-33.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019345-39.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001937b-51.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a8-63.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f0-75.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-87.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958b-91.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c2-95.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-104.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d0-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e0-160.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ce-150.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ca-113.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195cc-131.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c8-112.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-107.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c4-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001948d-83.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-79.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e6-71.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d1-67.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-59.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-55.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019371-47.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019369-43.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cc4-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cb2-24.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ca5-20.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2976-0-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/files/0x000900000001225f-6.dat	xmrig
behavioral1/files/0x0008000000016c03-8.dat	xmrig
behavioral1/files/0x0007000000016c7c-15.dat	xmrig
behavioral1/files/0x000a000000016cbc-27.dat	xmrig
behavioral1/files/0x0008000000017355-33.dat	xmrig
behavioral1/files/0x0005000000019345-39.dat	xmrig
behavioral1/files/0x000500000001937b-51.dat	xmrig
behavioral1/files/0x00050000000193a8-63.dat	xmrig
behavioral1/files/0x00050000000193f0-75.dat	xmrig
behavioral1/files/0x00050000000194e2-87.dat	xmrig
behavioral1/files/0x000500000001958b-91.dat	xmrig
behavioral1/files/0x00050000000195c2-95.dat	xmrig
behavioral1/files/0x00050000000195c6-104.dat	xmrig
behavioral1/files/0x00050000000195d0-155.dat	xmrig
behavioral1/memory/2928-615-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2976-634-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2976-1588-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2308-741-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2580-633-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2976-632-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2552-631-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2976-630-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2596-629-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2692-627-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2572-625-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/2828-623-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2716-621-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2688-619-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2752-617-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2416-613-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2116-611-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2216-609-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/files/0x00050000000195e0-160.dat	xmrig
behavioral1/files/0x00050000000195ce-150.dat	xmrig
behavioral1/files/0x00050000000195ca-113.dat	xmrig
behavioral1/files/0x00050000000195cc-131.dat	xmrig
behavioral1/files/0x00050000000195c8-112.dat	xmrig
behavioral1/files/0x00050000000195c7-107.dat	xmrig
behavioral1/files/0x00050000000195c4-100.dat	xmrig
behavioral1/files/0x000500000001948d-83.dat	xmrig
behavioral1/files/0x000500000001945c-79.dat	xmrig
behavioral1/files/0x00050000000193e6-71.dat	xmrig
behavioral1/files/0x00050000000193d1-67.dat	xmrig
behavioral1/files/0x000500000001938e-59.dat	xmrig
behavioral1/files/0x0005000000019382-55.dat	xmrig
behavioral1/files/0x0005000000019371-47.dat	xmrig
behavioral1/files/0x0005000000019369-43.dat	xmrig
behavioral1/files/0x0009000000016cc4-32.dat	xmrig
behavioral1/files/0x0007000000016cb2-24.dat	xmrig
behavioral1/files/0x0007000000016ca5-20.dat	xmrig
behavioral1/memory/2688-3216-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2928-3215-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2752-3230-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2116-3247-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2572-3298-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/2596-3283-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2580-3268-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2716-3265-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2828-3214-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2416-3213-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2552-3212-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2216-3210-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2692-3209-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2308	yJfYaDQ.exe
2216	kpdChRq.exe
2116	ZDNYyhV.exe
2416	NAGdNEf.exe
2928	jQEVYPi.exe
2752	hNgdher.exe
2688	FsvDrMU.exe
2716	pfLuSoO.exe
2828	DFfoHua.exe
2572	FOkfVtQ.exe
2692	kZVLNUp.exe
2596	BuIBPpr.exe
2552	yiJHjGk.exe
2580	mGZSvOm.exe
536	pLcbOVM.exe
580	zoExfYr.exe
1536	IPxJoNW.exe
1836	xhQxbcB.exe
892	lTMGIbI.exe
2536	YQkWrzw.exe
1996	YZjWbnV.exe
2368	ZyUdITf.exe
2020	qbIRmsC.exe
1724	JtdFbhH.exe
1912	QuibBQW.exe
2232	wPWSSjo.exe
2588	uavXEUc.exe
2384	CLhAfPX.exe
2420	BbVTPpf.exe
1300	AAygHjS.exe
780	QwWlnyi.exe
1036	FgpKYFI.exe
2104	FqvXiCg.exe
1680	MxQADJT.exe
1532	UROyPfn.exe
1740	QrDyQzI.exe
2180	ePYcKdF.exe
1780	qiJwBfT.exe
1088	WNnIKSo.exe
2344	VRxejlV.exe
1716	tcUliCC.exe
1980	AbvEZND.exe
2272	wLfCjoh.exe
2096	pShXxEk.exe
2028	KuGxmtZ.exe
1472	qGeYYeV.exe
1000	sqWERTb.exe
1568	WEYWuWq.exe
2204	QInYMzS.exe
2336	IZkkFoV.exe
1052	gujbmyz.exe
1788	BsEDyiu.exe
1356	NhgTJKY.exe
1324	vHvmPUU.exe
1596	wCOosoL.exe
2340	AXAJrve.exe
2912	HlrQhFa.exe
2696	ocoJsoF.exe
2664	oxQwYVz.exe
2824	BgAkwZo.exe
2576	YyJmZtT.exe
2624	PSCfwEK.exe
2600	AXKxxvt.exe
2840	DEnVqpq.exe

Loads dropped DLL 64 IoCs

pid	Process
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2976-0-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/files/0x000900000001225f-6.dat	upx
behavioral1/files/0x0008000000016c03-8.dat	upx
behavioral1/files/0x0007000000016c7c-15.dat	upx
behavioral1/files/0x000a000000016cbc-27.dat	upx
behavioral1/files/0x0008000000017355-33.dat	upx
behavioral1/files/0x0005000000019345-39.dat	upx
behavioral1/files/0x000500000001937b-51.dat	upx
behavioral1/files/0x00050000000193a8-63.dat	upx
behavioral1/files/0x00050000000193f0-75.dat	upx
behavioral1/files/0x00050000000194e2-87.dat	upx
behavioral1/files/0x000500000001958b-91.dat	upx
behavioral1/files/0x00050000000195c2-95.dat	upx
behavioral1/files/0x00050000000195c6-104.dat	upx
behavioral1/files/0x00050000000195d0-155.dat	upx
behavioral1/memory/2928-615-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2976-1588-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2308-741-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2580-633-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2552-631-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2596-629-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2692-627-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2572-625-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/2828-623-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2716-621-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2688-619-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2752-617-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2416-613-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2116-611-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2216-609-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/files/0x00050000000195e0-160.dat	upx
behavioral1/files/0x00050000000195ce-150.dat	upx
behavioral1/files/0x00050000000195ca-113.dat	upx
behavioral1/files/0x00050000000195cc-131.dat	upx
behavioral1/files/0x00050000000195c8-112.dat	upx
behavioral1/files/0x00050000000195c7-107.dat	upx
behavioral1/files/0x00050000000195c4-100.dat	upx
behavioral1/files/0x000500000001948d-83.dat	upx
behavioral1/files/0x000500000001945c-79.dat	upx
behavioral1/files/0x00050000000193e6-71.dat	upx
behavioral1/files/0x00050000000193d1-67.dat	upx
behavioral1/files/0x000500000001938e-59.dat	upx
behavioral1/files/0x0005000000019382-55.dat	upx
behavioral1/files/0x0005000000019371-47.dat	upx
behavioral1/files/0x0005000000019369-43.dat	upx
behavioral1/files/0x0009000000016cc4-32.dat	upx
behavioral1/files/0x0007000000016cb2-24.dat	upx
behavioral1/files/0x0007000000016ca5-20.dat	upx
behavioral1/memory/2688-3216-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2928-3215-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2752-3230-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2116-3247-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2572-3298-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/2596-3283-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2580-3268-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2716-3265-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2828-3214-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2416-3213-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2552-3212-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2216-3210-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2692-3209-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2308-3211-0x000000013F810000-0x000000013FB64000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\DNXdtyU.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YXFying.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pSterIt.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IboGTwd.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CmOkBYC.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NCYOjSS.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jxhSInB.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jzLakxo.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MLrMUjV.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IzXtNPk.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JAqHTrU.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qKecSkM.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mXWQHqt.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BRToFaT.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xzrlUoP.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TJvoROn.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sIwrHYW.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yFZxvYu.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\krpSBSH.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\txkXANO.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KDaLemN.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jCKtxYj.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SLwWhxR.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MJskPKw.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gbuXwdT.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\INPXgEk.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\utgwXsz.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tzVvFXF.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wfjITXP.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uihnlwz.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SClRyyw.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SJparad.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QnbHTAR.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PWvtQOx.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UkRavSZ.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XJlVPBB.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZFlpkuk.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DThvvYs.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bBhgfQf.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IwTVCAJ.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oEAzBHM.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RKTNpyG.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FJyVNCt.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YZjWbnV.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yDoqvtt.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rFFZlns.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BGPjGRX.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xwykNxq.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xwrOZRf.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TEUNfVZ.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KkxBrUz.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PyyJGEg.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DVYzFtQ.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aKcqImg.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nJYdoDW.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mqbDTjr.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XaKLiFh.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PMLdgsF.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sqpInpM.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pCluWaf.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cdzqMBC.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CpsLWgz.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UFwYWYu.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Uornynm.exe	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 2308	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2976 wrote to memory of 2308	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2976 wrote to memory of 2308	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2976 wrote to memory of 2216	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2976 wrote to memory of 2216	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2976 wrote to memory of 2216	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2976 wrote to memory of 2116	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2976 wrote to memory of 2116	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2976 wrote to memory of 2116	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2976 wrote to memory of 2416	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2976 wrote to memory of 2416	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2976 wrote to memory of 2416	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2976 wrote to memory of 2928	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2976 wrote to memory of 2928	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2976 wrote to memory of 2928	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2976 wrote to memory of 2752	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2976 wrote to memory of 2752	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2976 wrote to memory of 2752	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2976 wrote to memory of 2688	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2976 wrote to memory of 2688	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2976 wrote to memory of 2688	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2976 wrote to memory of 2716	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2976 wrote to memory of 2716	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2976 wrote to memory of 2716	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2976 wrote to memory of 2828	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2976 wrote to memory of 2828	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2976 wrote to memory of 2828	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2976 wrote to memory of 2572	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2976 wrote to memory of 2572	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2976 wrote to memory of 2572	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2976 wrote to memory of 2692	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2976 wrote to memory of 2692	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2976 wrote to memory of 2692	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2976 wrote to memory of 2596	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2976 wrote to memory of 2596	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2976 wrote to memory of 2596	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2976 wrote to memory of 2552	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2976 wrote to memory of 2552	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2976 wrote to memory of 2552	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2976 wrote to memory of 2580	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2976 wrote to memory of 2580	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2976 wrote to memory of 2580	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2976 wrote to memory of 536	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2976 wrote to memory of 536	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2976 wrote to memory of 536	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2976 wrote to memory of 580	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2976 wrote to memory of 580	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2976 wrote to memory of 580	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2976 wrote to memory of 1536	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2976 wrote to memory of 1536	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2976 wrote to memory of 1536	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2976 wrote to memory of 1836	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2976 wrote to memory of 1836	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2976 wrote to memory of 1836	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2976 wrote to memory of 892	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2976 wrote to memory of 892	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2976 wrote to memory of 892	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2976 wrote to memory of 2536	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2976 wrote to memory of 2536	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2976 wrote to memory of 2536	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2976 wrote to memory of 1996	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2976 wrote to memory of 1996	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2976 wrote to memory of 1996	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2976 wrote to memory of 2368	2976	2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-30_751e8de78201414f8d562d85430ff1e5_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Windows\System\yJfYaDQ.exe
  C:\Windows\System\yJfYaDQ.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\kpdChRq.exe
  C:\Windows\System\kpdChRq.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\ZDNYyhV.exe
  C:\Windows\System\ZDNYyhV.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\NAGdNEf.exe
  C:\Windows\System\NAGdNEf.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\jQEVYPi.exe
  C:\Windows\System\jQEVYPi.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\hNgdher.exe
  C:\Windows\System\hNgdher.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\FsvDrMU.exe
  C:\Windows\System\FsvDrMU.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\pfLuSoO.exe
  C:\Windows\System\pfLuSoO.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\DFfoHua.exe
  C:\Windows\System\DFfoHua.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\FOkfVtQ.exe
  C:\Windows\System\FOkfVtQ.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\kZVLNUp.exe
  C:\Windows\System\kZVLNUp.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\BuIBPpr.exe
  C:\Windows\System\BuIBPpr.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\yiJHjGk.exe
  C:\Windows\System\yiJHjGk.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\mGZSvOm.exe
  C:\Windows\System\mGZSvOm.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\pLcbOVM.exe
  C:\Windows\System\pLcbOVM.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\zoExfYr.exe
  C:\Windows\System\zoExfYr.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\IPxJoNW.exe
  C:\Windows\System\IPxJoNW.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\xhQxbcB.exe
  C:\Windows\System\xhQxbcB.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\lTMGIbI.exe
  C:\Windows\System\lTMGIbI.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\YQkWrzw.exe
  C:\Windows\System\YQkWrzw.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\YZjWbnV.exe
  C:\Windows\System\YZjWbnV.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\ZyUdITf.exe
  C:\Windows\System\ZyUdITf.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\qbIRmsC.exe
  C:\Windows\System\qbIRmsC.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\JtdFbhH.exe
  C:\Windows\System\JtdFbhH.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\QuibBQW.exe
  C:\Windows\System\QuibBQW.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\wPWSSjo.exe
  C:\Windows\System\wPWSSjo.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\uavXEUc.exe
  C:\Windows\System\uavXEUc.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\BbVTPpf.exe
  C:\Windows\System\BbVTPpf.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\CLhAfPX.exe
  C:\Windows\System\CLhAfPX.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\AAygHjS.exe
  C:\Windows\System\AAygHjS.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\QwWlnyi.exe
  C:\Windows\System\QwWlnyi.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\FgpKYFI.exe
  C:\Windows\System\FgpKYFI.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\FqvXiCg.exe
  C:\Windows\System\FqvXiCg.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\MxQADJT.exe
  C:\Windows\System\MxQADJT.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\UROyPfn.exe
  C:\Windows\System\UROyPfn.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\QrDyQzI.exe
  C:\Windows\System\QrDyQzI.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\ePYcKdF.exe
  C:\Windows\System\ePYcKdF.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\qiJwBfT.exe
  C:\Windows\System\qiJwBfT.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\WNnIKSo.exe
  C:\Windows\System\WNnIKSo.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\VRxejlV.exe
  C:\Windows\System\VRxejlV.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\tcUliCC.exe
  C:\Windows\System\tcUliCC.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\AbvEZND.exe
  C:\Windows\System\AbvEZND.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\wLfCjoh.exe
  C:\Windows\System\wLfCjoh.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\KuGxmtZ.exe
  C:\Windows\System\KuGxmtZ.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\pShXxEk.exe
  C:\Windows\System\pShXxEk.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\qGeYYeV.exe
  C:\Windows\System\qGeYYeV.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\sqWERTb.exe
  C:\Windows\System\sqWERTb.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\WEYWuWq.exe
  C:\Windows\System\WEYWuWq.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\QInYMzS.exe
  C:\Windows\System\QInYMzS.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\IZkkFoV.exe
  C:\Windows\System\IZkkFoV.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\gujbmyz.exe
  C:\Windows\System\gujbmyz.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\BsEDyiu.exe
  C:\Windows\System\BsEDyiu.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\NhgTJKY.exe
  C:\Windows\System\NhgTJKY.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\vHvmPUU.exe
  C:\Windows\System\vHvmPUU.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\wCOosoL.exe
  C:\Windows\System\wCOosoL.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\AXAJrve.exe
  C:\Windows\System\AXAJrve.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\HlrQhFa.exe
  C:\Windows\System\HlrQhFa.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\ocoJsoF.exe
  C:\Windows\System\ocoJsoF.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\oxQwYVz.exe
  C:\Windows\System\oxQwYVz.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\BgAkwZo.exe
  C:\Windows\System\BgAkwZo.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\YyJmZtT.exe
  C:\Windows\System\YyJmZtT.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\PSCfwEK.exe
  C:\Windows\System\PSCfwEK.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\AXKxxvt.exe
  C:\Windows\System\AXKxxvt.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\KpRFKEX.exe
  C:\Windows\System\KpRFKEX.exe
  2⤵
  PID:756
- C:\Windows\System\DEnVqpq.exe
  C:\Windows\System\DEnVqpq.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\XxldNTB.exe
  C:\Windows\System\XxldNTB.exe
  2⤵
  PID:2152
- C:\Windows\System\NPKVpFG.exe
  C:\Windows\System\NPKVpFG.exe
  2⤵
  PID:1824
- C:\Windows\System\qbBLVOL.exe
  C:\Windows\System\qbBLVOL.exe
  2⤵
  PID:1196
- C:\Windows\System\HZORlWc.exe
  C:\Windows\System\HZORlWc.exe
  2⤵
  PID:2136
- C:\Windows\System\PMLdgsF.exe
  C:\Windows\System\PMLdgsF.exe
  2⤵
  PID:1524
- C:\Windows\System\CZGQevq.exe
  C:\Windows\System\CZGQevq.exe
  2⤵
  PID:2052
- C:\Windows\System\OlLamqD.exe
  C:\Windows\System\OlLamqD.exe
  2⤵
  PID:2528
- C:\Windows\System\VTuihbG.exe
  C:\Windows\System\VTuihbG.exe
  2⤵
  PID:2392
- C:\Windows\System\GqWKUbj.exe
  C:\Windows\System\GqWKUbj.exe
  2⤵
  PID:2872
- C:\Windows\System\FlqIOJe.exe
  C:\Windows\System\FlqIOJe.exe
  2⤵
  PID:1308
- C:\Windows\System\eJwkoQg.exe
  C:\Windows\System\eJwkoQg.exe
  2⤵
  PID:832
- C:\Windows\System\nbgqdSZ.exe
  C:\Windows\System\nbgqdSZ.exe
  2⤵
  PID:1200
- C:\Windows\System\YXFying.exe
  C:\Windows\System\YXFying.exe
  2⤵
  PID:1528
- C:\Windows\System\ssPHhaW.exe
  C:\Windows\System\ssPHhaW.exe
  2⤵
  PID:2124
- C:\Windows\System\nGnEPhI.exe
  C:\Windows\System\nGnEPhI.exe
  2⤵
  PID:1540
- C:\Windows\System\KXHPEYQ.exe
  C:\Windows\System\KXHPEYQ.exe
  2⤵
  PID:1704
- C:\Windows\System\IWhBlfJ.exe
  C:\Windows\System\IWhBlfJ.exe
  2⤵
  PID:684
- C:\Windows\System\jjzJDDt.exe
  C:\Windows\System\jjzJDDt.exe
  2⤵
  PID:1756
- C:\Windows\System\UmeiFcd.exe
  C:\Windows\System\UmeiFcd.exe
  2⤵
  PID:2084
- C:\Windows\System\riwRxrV.exe
  C:\Windows\System\riwRxrV.exe
  2⤵
  PID:860
- C:\Windows\System\MFYVGrM.exe
  C:\Windows\System\MFYVGrM.exe
  2⤵
  PID:1184
- C:\Windows\System\oJNQmCx.exe
  C:\Windows\System\oJNQmCx.exe
  2⤵
  PID:888
- C:\Windows\System\SFFpFJP.exe
  C:\Windows\System\SFFpFJP.exe
  2⤵
  PID:1840
- C:\Windows\System\AybbXhL.exe
  C:\Windows\System\AybbXhL.exe
  2⤵
  PID:2836
- C:\Windows\System\thtzLkW.exe
  C:\Windows\System\thtzLkW.exe
  2⤵
  PID:2684
- C:\Windows\System\pSterIt.exe
  C:\Windows\System\pSterIt.exe
  2⤵
  PID:2784
- C:\Windows\System\zNIAhuM.exe
  C:\Windows\System\zNIAhuM.exe
  2⤵
  PID:2804
- C:\Windows\System\KtbcblP.exe
  C:\Windows\System\KtbcblP.exe
  2⤵
  PID:3040
- C:\Windows\System\kjJVvlo.exe
  C:\Windows\System\kjJVvlo.exe
  2⤵
  PID:2092
- C:\Windows\System\MSGtVof.exe
  C:\Windows\System\MSGtVof.exe
  2⤵
  PID:772
- C:\Windows\System\YSbgNna.exe
  C:\Windows\System\YSbgNna.exe
  2⤵
  PID:2820
- C:\Windows\System\idTvIRz.exe
  C:\Windows\System\idTvIRz.exe
  2⤵
  PID:2844
- C:\Windows\System\Ndevhdk.exe
  C:\Windows\System\Ndevhdk.exe
  2⤵
  PID:2948
- C:\Windows\System\iOZLbtO.exe
  C:\Windows\System\iOZLbtO.exe
  2⤵
  PID:1576
- C:\Windows\System\BqPWVhV.exe
  C:\Windows\System\BqPWVhV.exe
  2⤵
  PID:1072
- C:\Windows\System\iHiBbMI.exe
  C:\Windows\System\iHiBbMI.exe
  2⤵
  PID:2532
- C:\Windows\System\YRdaNKZ.exe
  C:\Windows\System\YRdaNKZ.exe
  2⤵
  PID:1544
- C:\Windows\System\JXpiAca.exe
  C:\Windows\System\JXpiAca.exe
  2⤵
  PID:2472
- C:\Windows\System\QMztxVN.exe
  C:\Windows\System\QMztxVN.exe
  2⤵
  PID:1368
- C:\Windows\System\pENMfml.exe
  C:\Windows\System\pENMfml.exe
  2⤵
  PID:2884
- C:\Windows\System\XNFsYCa.exe
  C:\Windows\System\XNFsYCa.exe
  2⤵
  PID:2964
- C:\Windows\System\hngRwdP.exe
  C:\Windows\System\hngRwdP.exe
  2⤵
  PID:2992
- C:\Windows\System\FwGtjSx.exe
  C:\Windows\System\FwGtjSx.exe
  2⤵
  PID:1784
- C:\Windows\System\DotpGxo.exe
  C:\Windows\System\DotpGxo.exe
  2⤵
  PID:1692
- C:\Windows\System\WpVMuBO.exe
  C:\Windows\System\WpVMuBO.exe
  2⤵
  PID:2796
- C:\Windows\System\LMOTKwu.exe
  C:\Windows\System\LMOTKwu.exe
  2⤵
  PID:2676
- C:\Windows\System\lkvyCrP.exe
  C:\Windows\System\lkvyCrP.exe
  2⤵
  PID:2076
- C:\Windows\System\HslXxUi.exe
  C:\Windows\System\HslXxUi.exe
  2⤵
  PID:588
- C:\Windows\System\gDmgNec.exe
  C:\Windows\System\gDmgNec.exe
  2⤵
  PID:1620
- C:\Windows\System\rGbKWTL.exe
  C:\Windows\System\rGbKWTL.exe
  2⤵
  PID:908
- C:\Windows\System\xlWtRoF.exe
  C:\Windows\System\xlWtRoF.exe
  2⤵
  PID:1208
- C:\Windows\System\MJskPKw.exe
  C:\Windows\System\MJskPKw.exe
  2⤵
  PID:944
- C:\Windows\System\vykNCcy.exe
  C:\Windows\System\vykNCcy.exe
  2⤵
  PID:1732
- C:\Windows\System\NamfPRq.exe
  C:\Windows\System\NamfPRq.exe
  2⤵
  PID:1020
- C:\Windows\System\ibChHIN.exe
  C:\Windows\System\ibChHIN.exe
  2⤵
  PID:1060
- C:\Windows\System\cSfICoh.exe
  C:\Windows\System\cSfICoh.exe
  2⤵
  PID:2080
- C:\Windows\System\MhHLeAQ.exe
  C:\Windows\System\MhHLeAQ.exe
  2⤵
  PID:3008
- C:\Windows\System\xnyVgtZ.exe
  C:\Windows\System\xnyVgtZ.exe
  2⤵
  PID:2200
- C:\Windows\System\SXBxthA.exe
  C:\Windows\System\SXBxthA.exe
  2⤵
  PID:3076
- C:\Windows\System\pNBZQcu.exe
  C:\Windows\System\pNBZQcu.exe
  2⤵
  PID:3096
- C:\Windows\System\YizRTSk.exe
  C:\Windows\System\YizRTSk.exe
  2⤵
  PID:3120
- C:\Windows\System\clTwoeo.exe
  C:\Windows\System\clTwoeo.exe
  2⤵
  PID:3140
- C:\Windows\System\PWvtQOx.exe
  C:\Windows\System\PWvtQOx.exe
  2⤵
  PID:3160
- C:\Windows\System\NmEXYNP.exe
  C:\Windows\System\NmEXYNP.exe
  2⤵
  PID:3176
- C:\Windows\System\ZqRsJwQ.exe
  C:\Windows\System\ZqRsJwQ.exe
  2⤵
  PID:3200
- C:\Windows\System\wxiMrRo.exe
  C:\Windows\System\wxiMrRo.exe
  2⤵
  PID:3220
- C:\Windows\System\blVELlZ.exe
  C:\Windows\System\blVELlZ.exe
  2⤵
  PID:3240
- C:\Windows\System\KorwmBH.exe
  C:\Windows\System\KorwmBH.exe
  2⤵
  PID:3260
- C:\Windows\System\NKTWccR.exe
  C:\Windows\System\NKTWccR.exe
  2⤵
  PID:3280
- C:\Windows\System\vxaywAT.exe
  C:\Windows\System\vxaywAT.exe
  2⤵
  PID:3300
- C:\Windows\System\hFXFGbW.exe
  C:\Windows\System\hFXFGbW.exe
  2⤵
  PID:3316
- C:\Windows\System\ShmFRDQ.exe
  C:\Windows\System\ShmFRDQ.exe
  2⤵
  PID:3340
- C:\Windows\System\dqDbeYn.exe
  C:\Windows\System\dqDbeYn.exe
  2⤵
  PID:3360
- C:\Windows\System\lQPQGSh.exe
  C:\Windows\System\lQPQGSh.exe
  2⤵
  PID:3380
- C:\Windows\System\TxGILQX.exe
  C:\Windows\System\TxGILQX.exe
  2⤵
  PID:3400
- C:\Windows\System\GxdwwNc.exe
  C:\Windows\System\GxdwwNc.exe
  2⤵
  PID:3416
- C:\Windows\System\lYrLDZp.exe
  C:\Windows\System\lYrLDZp.exe
  2⤵
  PID:3440
- C:\Windows\System\TqfUjhv.exe
  C:\Windows\System\TqfUjhv.exe
  2⤵
  PID:3456
- C:\Windows\System\yROlTeJ.exe
  C:\Windows\System\yROlTeJ.exe
  2⤵
  PID:3480
- C:\Windows\System\FWyZGWA.exe
  C:\Windows\System\FWyZGWA.exe
  2⤵
  PID:3496
- C:\Windows\System\kpopbbL.exe
  C:\Windows\System\kpopbbL.exe
  2⤵
  PID:3512
- C:\Windows\System\YMcPRmY.exe
  C:\Windows\System\YMcPRmY.exe
  2⤵
  PID:3532
- C:\Windows\System\cjBBBGB.exe
  C:\Windows\System\cjBBBGB.exe
  2⤵
  PID:3548
- C:\Windows\System\EFgwLnl.exe
  C:\Windows\System\EFgwLnl.exe
  2⤵
  PID:3580
- C:\Windows\System\zluqyQR.exe
  C:\Windows\System\zluqyQR.exe
  2⤵
  PID:3600
- C:\Windows\System\LTEjAyj.exe
  C:\Windows\System\LTEjAyj.exe
  2⤵
  PID:3620
- C:\Windows\System\sqpInpM.exe
  C:\Windows\System\sqpInpM.exe
  2⤵
  PID:3640
- C:\Windows\System\ISmrzum.exe
  C:\Windows\System\ISmrzum.exe
  2⤵
  PID:3656
- C:\Windows\System\tIviZwW.exe
  C:\Windows\System\tIviZwW.exe
  2⤵
  PID:3676
- C:\Windows\System\lDLQDQf.exe
  C:\Windows\System\lDLQDQf.exe
  2⤵
  PID:3700
- C:\Windows\System\CaEpcdZ.exe
  C:\Windows\System\CaEpcdZ.exe
  2⤵
  PID:3720
- C:\Windows\System\AkoLwSY.exe
  C:\Windows\System\AkoLwSY.exe
  2⤵
  PID:3736
- C:\Windows\System\fJNDBem.exe
  C:\Windows\System\fJNDBem.exe
  2⤵
  PID:3760
- C:\Windows\System\AcgfqoA.exe
  C:\Windows\System\AcgfqoA.exe
  2⤵
  PID:3776
- C:\Windows\System\hlFRWQU.exe
  C:\Windows\System\hlFRWQU.exe
  2⤵
  PID:3800
- C:\Windows\System\kPFnPRO.exe
  C:\Windows\System\kPFnPRO.exe
  2⤵
  PID:3816
- C:\Windows\System\HLHVfsJ.exe
  C:\Windows\System\HLHVfsJ.exe
  2⤵
  PID:3840
- C:\Windows\System\iYqtYqb.exe
  C:\Windows\System\iYqtYqb.exe
  2⤵
  PID:3864
- C:\Windows\System\uknOYlZ.exe
  C:\Windows\System\uknOYlZ.exe
  2⤵
  PID:3880
- C:\Windows\System\oATFILI.exe
  C:\Windows\System\oATFILI.exe
  2⤵
  PID:3900
- C:\Windows\System\vHeWXmT.exe
  C:\Windows\System\vHeWXmT.exe
  2⤵
  PID:3916
- C:\Windows\System\ktjhxsK.exe
  C:\Windows\System\ktjhxsK.exe
  2⤵
  PID:3932
- C:\Windows\System\wNoPrQn.exe
  C:\Windows\System\wNoPrQn.exe
  2⤵
  PID:3948
- C:\Windows\System\xHbnyRP.exe
  C:\Windows\System\xHbnyRP.exe
  2⤵
  PID:3964
- C:\Windows\System\llyHzrL.exe
  C:\Windows\System\llyHzrL.exe
  2⤵
  PID:3980
- C:\Windows\System\cIIadyq.exe
  C:\Windows\System\cIIadyq.exe
  2⤵
  PID:3996
- C:\Windows\System\kVamlNo.exe
  C:\Windows\System\kVamlNo.exe
  2⤵
  PID:4016
- C:\Windows\System\HfYzSKt.exe
  C:\Windows\System\HfYzSKt.exe
  2⤵
  PID:4032
- C:\Windows\System\eLthLav.exe
  C:\Windows\System\eLthLav.exe
  2⤵
  PID:4048
- C:\Windows\System\uRzPUAE.exe
  C:\Windows\System\uRzPUAE.exe
  2⤵
  PID:4068
- C:\Windows\System\OWVMiTZ.exe
  C:\Windows\System\OWVMiTZ.exe
  2⤵
  PID:4084
- C:\Windows\System\BLAsYqw.exe
  C:\Windows\System\BLAsYqw.exe
  2⤵
  PID:2156
- C:\Windows\System\imDTFPE.exe
  C:\Windows\System\imDTFPE.exe
  2⤵
  PID:448
- C:\Windows\System\RgevnAs.exe
  C:\Windows\System\RgevnAs.exe
  2⤵
  PID:2852
- C:\Windows\System\JLOLZnb.exe
  C:\Windows\System\JLOLZnb.exe
  2⤵
  PID:400
- C:\Windows\System\sGkgBGB.exe
  C:\Windows\System\sGkgBGB.exe
  2⤵
  PID:1064
- C:\Windows\System\OZKtPyw.exe
  C:\Windows\System\OZKtPyw.exe
  2⤵
  PID:3084
- C:\Windows\System\KWjPlgX.exe
  C:\Windows\System\KWjPlgX.exe
  2⤵
  PID:3148
- C:\Windows\System\NBjXriY.exe
  C:\Windows\System\NBjXriY.exe
  2⤵
  PID:3128
- C:\Windows\System\aIMguUY.exe
  C:\Windows\System\aIMguUY.exe
  2⤵
  PID:3508
- C:\Windows\System\brsUUQU.exe
  C:\Windows\System\brsUUQU.exe
  2⤵
  PID:3524
- C:\Windows\System\dbXQYVr.exe
  C:\Windows\System\dbXQYVr.exe
  2⤵
  PID:3560
- C:\Windows\System\jWECgOJ.exe
  C:\Windows\System\jWECgOJ.exe
  2⤵
  PID:3520
- C:\Windows\System\oaAHmfK.exe
  C:\Windows\System\oaAHmfK.exe
  2⤵
  PID:3596
- C:\Windows\System\uXCPkRO.exe
  C:\Windows\System\uXCPkRO.exe
  2⤵
  PID:3616
- C:\Windows\System\kjyESDq.exe
  C:\Windows\System\kjyESDq.exe
  2⤵
  PID:3612
- C:\Windows\System\DYdzxzo.exe
  C:\Windows\System\DYdzxzo.exe
  2⤵
  PID:3708
- C:\Windows\System\KUbOAev.exe
  C:\Windows\System\KUbOAev.exe
  2⤵
  PID:3712
- C:\Windows\System\UxgJJxM.exe
  C:\Windows\System\UxgJJxM.exe
  2⤵
  PID:3756
- C:\Windows\System\ywlaxIP.exe
  C:\Windows\System\ywlaxIP.exe
  2⤵
  PID:3784
- C:\Windows\System\gbuXwdT.exe
  C:\Windows\System\gbuXwdT.exe
  2⤵
  PID:3808
- C:\Windows\System\DIoFPQY.exe
  C:\Windows\System\DIoFPQY.exe
  2⤵
  PID:3836
- C:\Windows\System\gMJsrJV.exe
  C:\Windows\System\gMJsrJV.exe
  2⤵
  PID:3876
- C:\Windows\System\MZXJQDv.exe
  C:\Windows\System\MZXJQDv.exe
  2⤵
  PID:3972
- C:\Windows\System\vvGKWAK.exe
  C:\Windows\System\vvGKWAK.exe
  2⤵
  PID:4040
- C:\Windows\System\oGnxbQC.exe
  C:\Windows\System\oGnxbQC.exe
  2⤵
  PID:1032
- C:\Windows\System\eJYDtsp.exe
  C:\Windows\System\eJYDtsp.exe
  2⤵
  PID:2072
- C:\Windows\System\zorDTSM.exe
  C:\Windows\System\zorDTSM.exe
  2⤵
  PID:1364
- C:\Windows\System\AUNdsFm.exe
  C:\Windows\System\AUNdsFm.exe
  2⤵
  PID:2780
- C:\Windows\System\etydeAI.exe
  C:\Windows\System\etydeAI.exe
  2⤵
  PID:4092
- C:\Windows\System\HkVIKNN.exe
  C:\Windows\System\HkVIKNN.exe
  2⤵
  PID:3852
- C:\Windows\System\PHNyaNv.exe
  C:\Windows\System\PHNyaNv.exe
  2⤵
  PID:3860
- C:\Windows\System\SxcYgzv.exe
  C:\Windows\System\SxcYgzv.exe
  2⤵
  PID:4028
- C:\Windows\System\XRpMWRU.exe
  C:\Windows\System\XRpMWRU.exe
  2⤵
  PID:2352
- C:\Windows\System\EhXWFqJ.exe
  C:\Windows\System\EhXWFqJ.exe
  2⤵
  PID:3112
- C:\Windows\System\zWFsYFf.exe
  C:\Windows\System\zWFsYFf.exe
  2⤵
  PID:3956
- C:\Windows\System\UkRavSZ.exe
  C:\Windows\System\UkRavSZ.exe
  2⤵
  PID:4100
- C:\Windows\System\HZAkJOH.exe
  C:\Windows\System\HZAkJOH.exe
  2⤵
  PID:4120
- C:\Windows\System\nEEMtjU.exe
  C:\Windows\System\nEEMtjU.exe
  2⤵
  PID:4136
- C:\Windows\System\CRzfdbo.exe
  C:\Windows\System\CRzfdbo.exe
  2⤵
  PID:4156
- C:\Windows\System\ZNnmBcO.exe
  C:\Windows\System\ZNnmBcO.exe
  2⤵
  PID:4172
- C:\Windows\System\fZBgheg.exe
  C:\Windows\System\fZBgheg.exe
  2⤵
  PID:4188
- C:\Windows\System\CtQcbom.exe
  C:\Windows\System\CtQcbom.exe
  2⤵
  PID:4204
- C:\Windows\System\AlAUHbC.exe
  C:\Windows\System\AlAUHbC.exe
  2⤵
  PID:4220
- C:\Windows\System\pvBvqtw.exe
  C:\Windows\System\pvBvqtw.exe
  2⤵
  PID:4236
- C:\Windows\System\ouNMMrW.exe
  C:\Windows\System\ouNMMrW.exe
  2⤵
  PID:4252
- C:\Windows\System\vDGRoEn.exe
  C:\Windows\System\vDGRoEn.exe
  2⤵
  PID:4268
- C:\Windows\System\QyTQxar.exe
  C:\Windows\System\QyTQxar.exe
  2⤵
  PID:4284
- C:\Windows\System\XyaMAeE.exe
  C:\Windows\System\XyaMAeE.exe
  2⤵
  PID:4344
- C:\Windows\System\BJlkAwb.exe
  C:\Windows\System\BJlkAwb.exe
  2⤵
  PID:4440
- C:\Windows\System\IzXtNPk.exe
  C:\Windows\System\IzXtNPk.exe
  2⤵
  PID:4460
- C:\Windows\System\kkmPgfJ.exe
  C:\Windows\System\kkmPgfJ.exe
  2⤵
  PID:4476
- C:\Windows\System\PKFDGKs.exe
  C:\Windows\System\PKFDGKs.exe
  2⤵
  PID:4492
- C:\Windows\System\QLjjyxl.exe
  C:\Windows\System\QLjjyxl.exe
  2⤵
  PID:4508
- C:\Windows\System\hBIdaUM.exe
  C:\Windows\System\hBIdaUM.exe
  2⤵
  PID:4524
- C:\Windows\System\TLXskim.exe
  C:\Windows\System\TLXskim.exe
  2⤵
  PID:4540
- C:\Windows\System\unQPFTF.exe
  C:\Windows\System\unQPFTF.exe
  2⤵
  PID:4556
- C:\Windows\System\UqvjDUs.exe
  C:\Windows\System\UqvjDUs.exe
  2⤵
  PID:4572
- C:\Windows\System\uayUSQd.exe
  C:\Windows\System\uayUSQd.exe
  2⤵
  PID:4588
- C:\Windows\System\BXsGlGv.exe
  C:\Windows\System\BXsGlGv.exe
  2⤵
  PID:4604
- C:\Windows\System\jlLDNhC.exe
  C:\Windows\System\jlLDNhC.exe
  2⤵
  PID:4620
- C:\Windows\System\JAqHTrU.exe
  C:\Windows\System\JAqHTrU.exe
  2⤵
  PID:4636
- C:\Windows\System\ltXvVpf.exe
  C:\Windows\System\ltXvVpf.exe
  2⤵
  PID:4652
- C:\Windows\System\dSpnZxm.exe
  C:\Windows\System\dSpnZxm.exe
  2⤵
  PID:4668
- C:\Windows\System\lFPVXQA.exe
  C:\Windows\System\lFPVXQA.exe
  2⤵
  PID:4688
- C:\Windows\System\opBpUKV.exe
  C:\Windows\System\opBpUKV.exe
  2⤵
  PID:4708
- C:\Windows\System\mzvoJEW.exe
  C:\Windows\System\mzvoJEW.exe
  2⤵
  PID:4744
- C:\Windows\System\BrIrTli.exe
  C:\Windows\System\BrIrTli.exe
  2⤵
  PID:4768
- C:\Windows\System\FnLagwU.exe
  C:\Windows\System\FnLagwU.exe
  2⤵
  PID:4792
- C:\Windows\System\CZfCzhr.exe
  C:\Windows\System\CZfCzhr.exe
  2⤵
  PID:4808
- C:\Windows\System\aIldned.exe
  C:\Windows\System\aIldned.exe
  2⤵
  PID:4824
- C:\Windows\System\ThlXkTc.exe
  C:\Windows\System\ThlXkTc.exe
  2⤵
  PID:4840
- C:\Windows\System\rFToPWp.exe
  C:\Windows\System\rFToPWp.exe
  2⤵
  PID:4860
- C:\Windows\System\UNNxfSO.exe
  C:\Windows\System\UNNxfSO.exe
  2⤵
  PID:4876
- C:\Windows\System\sWJryXt.exe
  C:\Windows\System\sWJryXt.exe
  2⤵
  PID:4892
- C:\Windows\System\yQQVbEn.exe
  C:\Windows\System\yQQVbEn.exe
  2⤵
  PID:4908
- C:\Windows\System\slokcFk.exe
  C:\Windows\System\slokcFk.exe
  2⤵
  PID:4932
- C:\Windows\System\xwykNxq.exe
  C:\Windows\System\xwykNxq.exe
  2⤵
  PID:4948
- C:\Windows\System\kHZWaSC.exe
  C:\Windows\System\kHZWaSC.exe
  2⤵
  PID:4972
- C:\Windows\System\wRBsqZT.exe
  C:\Windows\System\wRBsqZT.exe
  2⤵
  PID:4988
- C:\Windows\System\xzxwuUw.exe
  C:\Windows\System\xzxwuUw.exe
  2⤵
  PID:5004
- C:\Windows\System\carlftq.exe
  C:\Windows\System\carlftq.exe
  2⤵
  PID:5020
- C:\Windows\System\ehClqOy.exe
  C:\Windows\System\ehClqOy.exe
  2⤵
  PID:5036
- C:\Windows\System\xxbXgKI.exe
  C:\Windows\System\xxbXgKI.exe
  2⤵
  PID:5052
- C:\Windows\System\hVEeikU.exe
  C:\Windows\System\hVEeikU.exe
  2⤵
  PID:5068
- C:\Windows\System\qFLQAGO.exe
  C:\Windows\System\qFLQAGO.exe
  2⤵
  PID:5084
- C:\Windows\System\qWbyccL.exe
  C:\Windows\System\qWbyccL.exe
  2⤵
  PID:5100
- C:\Windows\System\NcaZCQP.exe
  C:\Windows\System\NcaZCQP.exe
  2⤵
  PID:5116
- C:\Windows\System\emsCmRs.exe
  C:\Windows\System\emsCmRs.exe
  2⤵
  PID:3492
- C:\Windows\System\qPVZHCm.exe
  C:\Windows\System\qPVZHCm.exe
  2⤵
  PID:3628
- C:\Windows\System\Rxrecpr.exe
  C:\Windows\System\Rxrecpr.exe
  2⤵
  PID:3752
- C:\Windows\System\UOGwQmR.exe
  C:\Windows\System\UOGwQmR.exe
  2⤵
  PID:3896
- C:\Windows\System\FORasMc.exe
  C:\Windows\System\FORasMc.exe
  2⤵
  PID:2100
- C:\Windows\System\tzaYlvx.exe
  C:\Windows\System\tzaYlvx.exe
  2⤵
  PID:3436
- C:\Windows\System\BcdiTSY.exe
  C:\Windows\System\BcdiTSY.exe
  2⤵
  PID:3408
- C:\Windows\System\KngAUbi.exe
  C:\Windows\System\KngAUbi.exe
  2⤵
  PID:3504
- C:\Windows\System\crlvgHn.exe
  C:\Windows\System\crlvgHn.exe
  2⤵
  PID:3992
- C:\Windows\System\SQusQpD.exe
  C:\Windows\System\SQusQpD.exe
  2⤵
  PID:3544
- C:\Windows\System\tjUbwMV.exe
  C:\Windows\System\tjUbwMV.exe
  2⤵
  PID:4132
- C:\Windows\System\fPRvmIk.exe
  C:\Windows\System\fPRvmIk.exe
  2⤵
  PID:3452
- C:\Windows\System\wJbfGEL.exe
  C:\Windows\System\wJbfGEL.exe
  2⤵
  PID:4260
- C:\Windows\System\ZjeIkCC.exe
  C:\Windows\System\ZjeIkCC.exe
  2⤵
  PID:4300
- C:\Windows\System\mqAitDq.exe
  C:\Windows\System\mqAitDq.exe
  2⤵
  PID:3696
- C:\Windows\System\tSkIHaY.exe
  C:\Windows\System\tSkIHaY.exe
  2⤵
  PID:3924
- C:\Windows\System\AypWPOS.exe
  C:\Windows\System\AypWPOS.exe
  2⤵
  PID:4144
- C:\Windows\System\zLdJujC.exe
  C:\Windows\System\zLdJujC.exe
  2⤵
  PID:4244
- C:\Windows\System\mTwpZTY.exe
  C:\Windows\System\mTwpZTY.exe
  2⤵
  PID:4180
- C:\Windows\System\UJbfmuC.exe
  C:\Windows\System\UJbfmuC.exe
  2⤵
  PID:3960
- C:\Windows\System\YfzOWOD.exe
  C:\Windows\System\YfzOWOD.exe
  2⤵
  PID:3132
- C:\Windows\System\PtwwxDG.exe
  C:\Windows\System\PtwwxDG.exe
  2⤵
  PID:4080
- C:\Windows\System\ztYhWcz.exe
  C:\Windows\System\ztYhWcz.exe
  2⤵
  PID:3832
- C:\Windows\System\kwXXitm.exe
  C:\Windows\System\kwXXitm.exe
  2⤵
  PID:3716
- C:\Windows\System\UgOSJuN.exe
  C:\Windows\System\UgOSJuN.exe
  2⤵
  PID:4320
- C:\Windows\System\vOxuAsA.exe
  C:\Windows\System\vOxuAsA.exe
  2⤵
  PID:4340
- C:\Windows\System\bsPMDRY.exe
  C:\Windows\System\bsPMDRY.exe
  2⤵
  PID:4484
- C:\Windows\System\kKeedzQ.exe
  C:\Windows\System\kKeedzQ.exe
  2⤵
  PID:4548
- C:\Windows\System\ccDMtJi.exe
  C:\Windows\System\ccDMtJi.exe
  2⤵
  PID:4396
- C:\Windows\System\KTWwfbv.exe
  C:\Windows\System\KTWwfbv.exe
  2⤵
  PID:4420
- C:\Windows\System\oCjyMIx.exe
  C:\Windows\System\oCjyMIx.exe
  2⤵
  PID:3572
- C:\Windows\System\GYAslZF.exe
  C:\Windows\System\GYAslZF.exe
  2⤵
  PID:4468
- C:\Windows\System\zPMOrqR.exe
  C:\Windows\System\zPMOrqR.exe
  2⤵
  PID:4564
- C:\Windows\System\sNETWis.exe
  C:\Windows\System\sNETWis.exe
  2⤵
  PID:4600
- C:\Windows\System\QtxVtwI.exe
  C:\Windows\System\QtxVtwI.exe
  2⤵
  PID:4664
- C:\Windows\System\oEHMmGg.exe
  C:\Windows\System\oEHMmGg.exe
  2⤵
  PID:4760
- C:\Windows\System\aCmkMbs.exe
  C:\Windows\System\aCmkMbs.exe
  2⤵
  PID:4804
- C:\Windows\System\FeERIXf.exe
  C:\Windows\System\FeERIXf.exe
  2⤵
  PID:3116
- C:\Windows\System\dLVaVRp.exe
  C:\Windows\System\dLVaVRp.exe
  2⤵
  PID:4228
- C:\Windows\System\RCxXbzO.exe
  C:\Windows\System\RCxXbzO.exe
  2⤵
  PID:4116
- C:\Windows\System\zmTJvHU.exe
  C:\Windows\System\zmTJvHU.exe
  2⤵
  PID:5108
- C:\Windows\System\CkqDvjR.exe
  C:\Windows\System\CkqDvjR.exe
  2⤵
  PID:5076
- C:\Windows\System\omuPBAw.exe
  C:\Windows\System\omuPBAw.exe
  2⤵
  PID:5016
- C:\Windows\System\XYaysGR.exe
  C:\Windows\System\XYaysGR.exe
  2⤵
  PID:4872
- C:\Windows\System\VkxOZqo.exe
  C:\Windows\System\VkxOZqo.exe
  2⤵
  PID:3448
- C:\Windows\System\XepeOoT.exe
  C:\Windows\System\XepeOoT.exe
  2⤵
  PID:4196
- C:\Windows\System\dORNQnx.exe
  C:\Windows\System\dORNQnx.exe
  2⤵
  PID:3912
- C:\Windows\System\EkoYyVo.exe
  C:\Windows\System\EkoYyVo.exe
  2⤵
  PID:4456
- C:\Windows\System\vriIErj.exe
  C:\Windows\System\vriIErj.exe
  2⤵
  PID:4676
- C:\Windows\System\CJUjHGD.exe
  C:\Windows\System\CJUjHGD.exe
  2⤵
  PID:3944
- C:\Windows\System\uclVYGj.exe
  C:\Windows\System\uclVYGj.exe
  2⤵
  PID:2412
- C:\Windows\System\KonhbKf.exe
  C:\Windows\System\KonhbKf.exe
  2⤵
  PID:4728
- C:\Windows\System\pzAfHRK.exe
  C:\Windows\System\pzAfHRK.exe
  2⤵
  PID:4732
- C:\Windows\System\lUHbIkM.exe
  C:\Windows\System\lUHbIkM.exe
  2⤵
  PID:4724
- C:\Windows\System\qKqtrxK.exe
  C:\Windows\System\qKqtrxK.exe
  2⤵
  PID:4820
- C:\Windows\System\MWCtMtI.exe
  C:\Windows\System\MWCtMtI.exe
  2⤵
  PID:4916
- C:\Windows\System\hBsbYxW.exe
  C:\Windows\System\hBsbYxW.exe
  2⤵
  PID:4968
- C:\Windows\System\ivXxXmI.exe
  C:\Windows\System\ivXxXmI.exe
  2⤵
  PID:5028
- C:\Windows\System\WffXmao.exe
  C:\Windows\System\WffXmao.exe
  2⤵
  PID:5096
- C:\Windows\System\yDoqvtt.exe
  C:\Windows\System\yDoqvtt.exe
  2⤵
  PID:4356
- C:\Windows\System\bDfhTjg.exe
  C:\Windows\System\bDfhTjg.exe
  2⤵
  PID:4388
- C:\Windows\System\blmXqYU.exe
  C:\Windows\System\blmXqYU.exe
  2⤵
  PID:4584
- C:\Windows\System\VbXRHBV.exe
  C:\Windows\System\VbXRHBV.exe
  2⤵
  PID:4504
- C:\Windows\System\OLplqGp.exe
  C:\Windows\System\OLplqGp.exe
  2⤵
  PID:3848
- C:\Windows\System\cTdwrdS.exe
  C:\Windows\System\cTdwrdS.exe
  2⤵
  PID:4660
- C:\Windows\System\IzAaJva.exe
  C:\Windows\System\IzAaJva.exe
  2⤵
  PID:4752
- C:\Windows\System\myaUUND.exe
  C:\Windows\System\myaUUND.exe
  2⤵
  PID:4704
- C:\Windows\System\qlxsVxz.exe
  C:\Windows\System\qlxsVxz.exe
  2⤵
  PID:3088
- C:\Windows\System\GguMNpp.exe
  C:\Windows\System\GguMNpp.exe
  2⤵
  PID:3636
- C:\Windows\System\Kywysln.exe
  C:\Windows\System\Kywysln.exe
  2⤵
  PID:4984
- C:\Windows\System\vjqZnVT.exe
  C:\Windows\System\vjqZnVT.exe
  2⤵
  PID:2268
- C:\Windows\System\hXUfveA.exe
  C:\Windows\System\hXUfveA.exe
  2⤵
  PID:4904
- C:\Windows\System\BftUdqs.exe
  C:\Windows\System\BftUdqs.exe
  2⤵
  PID:3032
- C:\Windows\System\xCRMQzd.exe
  C:\Windows\System\xCRMQzd.exe
  2⤵
  PID:3668
- C:\Windows\System\QbNimuC.exe
  C:\Windows\System\QbNimuC.exe
  2⤵
  PID:4716
- C:\Windows\System\mBHdNGC.exe
  C:\Windows\System\mBHdNGC.exe
  2⤵
  PID:3772
- C:\Windows\System\ItdRBrV.exe
  C:\Windows\System\ItdRBrV.exe
  2⤵
  PID:4788
- C:\Windows\System\kXAmWMK.exe
  C:\Windows\System\kXAmWMK.exe
  2⤵
  PID:5092
- C:\Windows\System\eFdFopg.exe
  C:\Windows\System\eFdFopg.exe
  2⤵
  PID:4472
- C:\Windows\System\UbJtUiv.exe
  C:\Windows\System\UbJtUiv.exe
  2⤵
  PID:4384
- C:\Windows\System\JMKWyBG.exe
  C:\Windows\System\JMKWyBG.exe
  2⤵
  PID:4416
- C:\Windows\System\ziHPVVy.exe
  C:\Windows\System\ziHPVVy.exe
  2⤵
  PID:5132
- C:\Windows\System\kLIEbyD.exe
  C:\Windows\System\kLIEbyD.exe
  2⤵
  PID:5148
- C:\Windows\System\rLqkCwT.exe
  C:\Windows\System\rLqkCwT.exe
  2⤵
  PID:5164
- C:\Windows\System\TzTpAhR.exe
  C:\Windows\System\TzTpAhR.exe
  2⤵
  PID:5184
- C:\Windows\System\sdjfufa.exe
  C:\Windows\System\sdjfufa.exe
  2⤵
  PID:5208
- C:\Windows\System\vHzcmau.exe
  C:\Windows\System\vHzcmau.exe
  2⤵
  PID:5228
- C:\Windows\System\ZlwWlGg.exe
  C:\Windows\System\ZlwWlGg.exe
  2⤵
  PID:5252
- C:\Windows\System\PddLbHz.exe
  C:\Windows\System\PddLbHz.exe
  2⤵
  PID:5272
- C:\Windows\System\tvOotdY.exe
  C:\Windows\System\tvOotdY.exe
  2⤵
  PID:5300
- C:\Windows\System\DfumywN.exe
  C:\Windows\System\DfumywN.exe
  2⤵
  PID:5320
- C:\Windows\System\vFMhOHM.exe
  C:\Windows\System\vFMhOHM.exe
  2⤵
  PID:5336
- C:\Windows\System\lJHOTmg.exe
  C:\Windows\System\lJHOTmg.exe
  2⤵
  PID:5356
- C:\Windows\System\ilkEpJK.exe
  C:\Windows\System\ilkEpJK.exe
  2⤵
  PID:5376
- C:\Windows\System\vkrvoJQ.exe
  C:\Windows\System\vkrvoJQ.exe
  2⤵
  PID:5400
- C:\Windows\System\pJeMpWL.exe
  C:\Windows\System\pJeMpWL.exe
  2⤵
  PID:5416
- C:\Windows\System\xJLYhQq.exe
  C:\Windows\System\xJLYhQq.exe
  2⤵
  PID:5440
- C:\Windows\System\NrNlTRE.exe
  C:\Windows\System\NrNlTRE.exe
  2⤵
  PID:5460
- C:\Windows\System\INPXgEk.exe
  C:\Windows\System\INPXgEk.exe
  2⤵
  PID:5480
- C:\Windows\System\GecyTpO.exe
  C:\Windows\System\GecyTpO.exe
  2⤵
  PID:5500
- C:\Windows\System\VKyrsDw.exe
  C:\Windows\System\VKyrsDw.exe
  2⤵
  PID:5516
- C:\Windows\System\DOIaMzo.exe
  C:\Windows\System\DOIaMzo.exe
  2⤵
  PID:5536
- C:\Windows\System\RkkZAHv.exe
  C:\Windows\System\RkkZAHv.exe
  2⤵
  PID:5560
- C:\Windows\System\gKVkswq.exe
  C:\Windows\System\gKVkswq.exe
  2⤵
  PID:5576
- C:\Windows\System\SxrPQfd.exe
  C:\Windows\System\SxrPQfd.exe
  2⤵
  PID:5596
- C:\Windows\System\ZSJdhyR.exe
  C:\Windows\System\ZSJdhyR.exe
  2⤵
  PID:5612
- C:\Windows\System\QGJiyov.exe
  C:\Windows\System\QGJiyov.exe
  2⤵
  PID:5636
- C:\Windows\System\ezKXZCy.exe
  C:\Windows\System\ezKXZCy.exe
  2⤵
  PID:5652
- C:\Windows\System\KEgiYin.exe
  C:\Windows\System\KEgiYin.exe
  2⤵
  PID:5676
- C:\Windows\System\RtGqAjj.exe
  C:\Windows\System\RtGqAjj.exe
  2⤵
  PID:5692
- C:\Windows\System\lBfHQGQ.exe
  C:\Windows\System\lBfHQGQ.exe
  2⤵
  PID:5716
- C:\Windows\System\dPEaWYP.exe
  C:\Windows\System\dPEaWYP.exe
  2⤵
  PID:5736
- C:\Windows\System\BOAbMrS.exe
  C:\Windows\System\BOAbMrS.exe
  2⤵
  PID:5756
- C:\Windows\System\klkxYkr.exe
  C:\Windows\System\klkxYkr.exe
  2⤵
  PID:5776
- C:\Windows\System\byoFbxy.exe
  C:\Windows\System\byoFbxy.exe
  2⤵
  PID:5792
- C:\Windows\System\cwOQDAR.exe
  C:\Windows\System\cwOQDAR.exe
  2⤵
  PID:5808
- C:\Windows\System\CZOTRfH.exe
  C:\Windows\System\CZOTRfH.exe
  2⤵
  PID:5824
- C:\Windows\System\XlLxnaH.exe
  C:\Windows\System\XlLxnaH.exe
  2⤵
  PID:5848
- C:\Windows\System\sGUOLFQ.exe
  C:\Windows\System\sGUOLFQ.exe
  2⤵
  PID:5872
- C:\Windows\System\trzqVbH.exe
  C:\Windows\System\trzqVbH.exe
  2⤵
  PID:5888
- C:\Windows\System\XcztGdY.exe
  C:\Windows\System\XcztGdY.exe
  2⤵
  PID:5920
- C:\Windows\System\kctuWZq.exe
  C:\Windows\System\kctuWZq.exe
  2⤵
  PID:5940
- C:\Windows\System\wjrcPKo.exe
  C:\Windows\System\wjrcPKo.exe
  2⤵
  PID:5956
- C:\Windows\System\ekcsuXc.exe
  C:\Windows\System\ekcsuXc.exe
  2⤵
  PID:5972
- C:\Windows\System\wsEWBRr.exe
  C:\Windows\System\wsEWBRr.exe
  2⤵
  PID:5988
- C:\Windows\System\GtokAqQ.exe
  C:\Windows\System\GtokAqQ.exe
  2⤵
  PID:6004
- C:\Windows\System\gQXoITa.exe
  C:\Windows\System\gQXoITa.exe
  2⤵
  PID:6020
- C:\Windows\System\HiSyddL.exe
  C:\Windows\System\HiSyddL.exe
  2⤵
  PID:6040
- C:\Windows\System\XJlVPBB.exe
  C:\Windows\System\XJlVPBB.exe
  2⤵
  PID:6056
- C:\Windows\System\qfIDFcZ.exe
  C:\Windows\System\qfIDFcZ.exe
  2⤵
  PID:6072
- C:\Windows\System\utgwXsz.exe
  C:\Windows\System\utgwXsz.exe
  2⤵
  PID:6104
- C:\Windows\System\zGuCeUC.exe
  C:\Windows\System\zGuCeUC.exe
  2⤵
  PID:6140
- C:\Windows\System\bGhrpEN.exe
  C:\Windows\System\bGhrpEN.exe
  2⤵
  PID:4400
- C:\Windows\System\yziGibC.exe
  C:\Windows\System\yziGibC.exe
  2⤵
  PID:2736
- C:\Windows\System\dSYAVWI.exe
  C:\Windows\System\dSYAVWI.exe
  2⤵
  PID:3928
- C:\Windows\System\tzVvFXF.exe
  C:\Windows\System\tzVvFXF.exe
  2⤵
  PID:4836
- C:\Windows\System\cklTKpx.exe
  C:\Windows\System\cklTKpx.exe
  2⤵
  PID:4296
- C:\Windows\System\IYsgezK.exe
  C:\Windows\System\IYsgezK.exe
  2⤵
  PID:3472
- C:\Windows\System\xUVDxEk.exe
  C:\Windows\System\xUVDxEk.exe
  2⤵
  PID:4832
- C:\Windows\System\bQteMIZ.exe
  C:\Windows\System\bQteMIZ.exe
  2⤵
  PID:4248
- C:\Windows\System\hphrhwe.exe
  C:\Windows\System\hphrhwe.exe
  2⤵
  PID:4816
- C:\Windows\System\GUoqpfj.exe
  C:\Windows\System\GUoqpfj.exe
  2⤵
  PID:5064
- C:\Windows\System\yKfFcVU.exe
  C:\Windows\System\yKfFcVU.exe
  2⤵
  PID:4516
- C:\Windows\System\sIwrHYW.exe
  C:\Windows\System\sIwrHYW.exe
  2⤵
  PID:4360
- C:\Windows\System\YEeTMLU.exe
  C:\Windows\System\YEeTMLU.exe
  2⤵
  PID:5144
- C:\Windows\System\EctShVe.exe
  C:\Windows\System\EctShVe.exe
  2⤵
  PID:5220
- C:\Windows\System\QluNWkq.exe
  C:\Windows\System\QluNWkq.exe
  2⤵
  PID:5264
- C:\Windows\System\ALptjGp.exe
  C:\Windows\System\ALptjGp.exe
  2⤵
  PID:4412
- C:\Windows\System\OzrBFSC.exe
  C:\Windows\System\OzrBFSC.exe
  2⤵
  PID:5192
- C:\Windows\System\mEYQbzb.exe
  C:\Windows\System\mEYQbzb.exe
  2⤵
  PID:5244
- C:\Windows\System\rwAJkxU.exe
  C:\Windows\System\rwAJkxU.exe
  2⤵
  PID:5312
- C:\Windows\System\piLafId.exe
  C:\Windows\System\piLafId.exe
  2⤵
  PID:5240
- C:\Windows\System\JSPuNPy.exe
  C:\Windows\System\JSPuNPy.exe
  2⤵
  PID:5384
- C:\Windows\System\zEJHtoz.exe
  C:\Windows\System\zEJHtoz.exe
  2⤵
  PID:5388
- C:\Windows\System\ygfGYBw.exe
  C:\Windows\System\ygfGYBw.exe
  2⤵
  PID:5292
- C:\Windows\System\HaqWLjp.exe
  C:\Windows\System\HaqWLjp.exe
  2⤵
  PID:5476
- C:\Windows\System\HGgpicA.exe
  C:\Windows\System\HGgpicA.exe
  2⤵
  PID:5332
- C:\Windows\System\YhtKmOT.exe
  C:\Windows\System\YhtKmOT.exe
  2⤵
  PID:5408
- C:\Windows\System\ekENKIG.exe
  C:\Windows\System\ekENKIG.exe
  2⤵
  PID:5548
- C:\Windows\System\wtdlGMc.exe
  C:\Windows\System\wtdlGMc.exe
  2⤵
  PID:5488
- C:\Windows\System\OkkYQuM.exe
  C:\Windows\System\OkkYQuM.exe
  2⤵
  PID:5816
- C:\Windows\System\NhcGytq.exe
  C:\Windows\System\NhcGytq.exe
  2⤵
  PID:5868
- C:\Windows\System\nvQdcnd.exe
  C:\Windows\System\nvQdcnd.exe
  2⤵
  PID:5532
- C:\Windows\System\hOJRdou.exe
  C:\Windows\System\hOJRdou.exe
  2⤵
  PID:5644
- C:\Windows\System\AVLJPsE.exe
  C:\Windows\System\AVLJPsE.exe
  2⤵
  PID:5912
- C:\Windows\System\DYUqRru.exe
  C:\Windows\System\DYUqRru.exe
  2⤵
  PID:5980
- C:\Windows\System\qZBsBiA.exe
  C:\Windows\System\qZBsBiA.exe
  2⤵
  PID:5684
- C:\Windows\System\AOTSzpV.exe
  C:\Windows\System\AOTSzpV.exe
  2⤵
  PID:5732
- C:\Windows\System\IhCwJyY.exe
  C:\Windows\System\IhCwJyY.exe
  2⤵
  PID:5840
- C:\Windows\System\QHJBUPg.exe
  C:\Windows\System\QHJBUPg.exe
  2⤵
  PID:5800
- C:\Windows\System\vwqzyIU.exe
  C:\Windows\System\vwqzyIU.exe
  2⤵
  PID:6080
- C:\Windows\System\hfOzepX.exe
  C:\Windows\System\hfOzepX.exe
  2⤵
  PID:6084
- C:\Windows\System\OkMWSYF.exe
  C:\Windows\System\OkMWSYF.exe
  2⤵
  PID:4004
- C:\Windows\System\CVqDrVR.exe
  C:\Windows\System\CVqDrVR.exe
  2⤵
  PID:5044
- C:\Windows\System\daBhVeC.exe
  C:\Windows\System\daBhVeC.exe
  2⤵
  PID:4884
- C:\Windows\System\npSwsBl.exe
  C:\Windows\System\npSwsBl.exe
  2⤵
  PID:4648
- C:\Windows\System\mGizBDz.exe
  C:\Windows\System\mGizBDz.exe
  2⤵
  PID:5156
- C:\Windows\System\SJewkXv.exe
  C:\Windows\System\SJewkXv.exe
  2⤵
  PID:6068
- C:\Windows\System\KjWYlXf.exe
  C:\Windows\System\KjWYlXf.exe
  2⤵
  PID:5316
- C:\Windows\System\oijCoKw.exe
  C:\Windows\System\oijCoKw.exe
  2⤵
  PID:5936
- C:\Windows\System\wqCPMfc.exe
  C:\Windows\System\wqCPMfc.exe
  2⤵
  PID:2328
- C:\Windows\System\DcqNmLT.exe
  C:\Windows\System\DcqNmLT.exe
  2⤵
  PID:5968
- C:\Windows\System\qsPWUTa.exe
  C:\Windows\System\qsPWUTa.exe
  2⤵
  PID:6124
- C:\Windows\System\WsGgPqq.exe
  C:\Windows\System\WsGgPqq.exe
  2⤵
  PID:5508
- C:\Windows\System\EAYdIhc.exe
  C:\Windows\System\EAYdIhc.exe
  2⤵
  PID:5708
- C:\Windows\System\mIdXXJe.exe
  C:\Windows\System\mIdXXJe.exe
  2⤵
  PID:5124
- C:\Windows\System\UNSkvql.exe
  C:\Windows\System\UNSkvql.exe
  2⤵
  PID:5424
- C:\Windows\System\fdzINIn.exe
  C:\Windows\System\fdzINIn.exe
  2⤵
  PID:5368
- C:\Windows\System\KMZzWAx.exe
  C:\Windows\System\KMZzWAx.exe
  2⤵
  PID:5452
- C:\Windows\System\TgNbtDd.exe
  C:\Windows\System\TgNbtDd.exe
  2⤵
  PID:5180
- C:\Windows\System\vFJVjLC.exe
  C:\Windows\System\vFJVjLC.exe
  2⤵
  PID:5080
- C:\Windows\System\NYwLlWg.exe
  C:\Windows\System\NYwLlWg.exe
  2⤵
  PID:4012
- C:\Windows\System\dBotElG.exe
  C:\Windows\System\dBotElG.exe
  2⤵
  PID:2548
- C:\Windows\System\IXudfcP.exe
  C:\Windows\System\IXudfcP.exe
  2⤵
  PID:5568
- C:\Windows\System\HKVCGQt.exe
  C:\Windows\System\HKVCGQt.exe
  2⤵
  PID:5784
- C:\Windows\System\NFaHDLK.exe
  C:\Windows\System\NFaHDLK.exe
  2⤵
  PID:5904
- C:\Windows\System\IboGTwd.exe
  C:\Windows\System\IboGTwd.exe
  2⤵
  PID:5768
- C:\Windows\System\LZAKdAb.exe
  C:\Windows\System\LZAKdAb.exe
  2⤵
  PID:6052
- C:\Windows\System\XhzkokV.exe
  C:\Windows\System\XhzkokV.exe
  2⤵
  PID:3940
- C:\Windows\System\JjHbRiW.exe
  C:\Windows\System\JjHbRiW.exe
  2⤵
  PID:5948
- C:\Windows\System\EbzlSoE.exe
  C:\Windows\System\EbzlSoE.exe
  2⤵
  PID:5216
- C:\Windows\System\zJMmKtS.exe
  C:\Windows\System\zJMmKtS.exe
  2⤵
  PID:5392
- C:\Windows\System\pnwUDKX.exe
  C:\Windows\System\pnwUDKX.exe
  2⤵
  PID:3744
- C:\Windows\System\eFSlTKd.exe
  C:\Windows\System\eFSlTKd.exe
  2⤵
  PID:5632
- C:\Windows\System\iZODziu.exe
  C:\Windows\System\iZODziu.exe
  2⤵
  PID:5884
- C:\Windows\System\CnUJApx.exe
  C:\Windows\System\CnUJApx.exe
  2⤵
  PID:5664
- C:\Windows\System\Wsqpfmw.exe
  C:\Windows\System\Wsqpfmw.exe
  2⤵
  PID:5700
- C:\Windows\System\bkkVQUn.exe
  C:\Windows\System\bkkVQUn.exe
  2⤵
  PID:6132
- C:\Windows\System\SlhLDYj.exe
  C:\Windows\System\SlhLDYj.exe
  2⤵
  PID:3608
- C:\Windows\System\glplsrd.exe
  C:\Windows\System\glplsrd.exe
  2⤵
  PID:5280
- C:\Windows\System\GMICEKs.exe
  C:\Windows\System\GMICEKs.exe
  2⤵
  PID:2932
- C:\Windows\System\foCrTAt.exe
  C:\Windows\System\foCrTAt.exe
  2⤵
  PID:4376
- C:\Windows\System\SuhpPlS.exe
  C:\Windows\System\SuhpPlS.exe
  2⤵
  PID:1976
- C:\Windows\System\rDdkkSm.exe
  C:\Windows\System\rDdkkSm.exe
  2⤵
  PID:5528
- C:\Windows\System\YYFqtVW.exe
  C:\Windows\System\YYFqtVW.exe
  2⤵
  PID:6048
- C:\Windows\System\uWeaGgV.exe
  C:\Windows\System\uWeaGgV.exe
  2⤵
  PID:5552
- C:\Windows\System\kaQcnra.exe
  C:\Windows\System\kaQcnra.exe
  2⤵
  PID:5556
- C:\Windows\System\ZsoTfVJ.exe
  C:\Windows\System\ZsoTfVJ.exe
  2⤵
  PID:5932
- C:\Windows\System\cqgJHnz.exe
  C:\Windows\System\cqgJHnz.exe
  2⤵
  PID:4168
- C:\Windows\System\GVHiAOn.exe
  C:\Windows\System\GVHiAOn.exe
  2⤵
  PID:5492
- C:\Windows\System\VOqQMIU.exe
  C:\Windows\System\VOqQMIU.exe
  2⤵
  PID:2364
- C:\Windows\System\MquPAHk.exe
  C:\Windows\System\MquPAHk.exe
  2⤵
  PID:5624
- C:\Windows\System\JlmPfxI.exe
  C:\Windows\System\JlmPfxI.exe
  2⤵
  PID:2032
- C:\Windows\System\gpxPGAp.exe
  C:\Windows\System\gpxPGAp.exe
  2⤵
  PID:5964
- C:\Windows\System\NxNrXzb.exe
  C:\Windows\System\NxNrXzb.exe
  2⤵
  PID:4960
- C:\Windows\System\hyYFUAc.exe
  C:\Windows\System\hyYFUAc.exe
  2⤵
  PID:1468
- C:\Windows\System\TbJJfaj.exe
  C:\Windows\System\TbJJfaj.exe
  2⤵
  PID:5012
- C:\Windows\System\HMRQyub.exe
  C:\Windows\System\HMRQyub.exe
  2⤵
  PID:5608
- C:\Windows\System\EQxVErD.exe
  C:\Windows\System\EQxVErD.exe
  2⤵
  PID:2224
- C:\Windows\System\ejKpraB.exe
  C:\Windows\System\ejKpraB.exe
  2⤵
  PID:3216
- C:\Windows\System\qmncrvF.exe
  C:\Windows\System\qmncrvF.exe
  2⤵
  PID:2620
- C:\Windows\System\ztNNIND.exe
  C:\Windows\System\ztNNIND.exe
  2⤵
  PID:5836
- C:\Windows\System\kDAnWlj.exe
  C:\Windows\System\kDAnWlj.exe
  2⤵
  PID:6120
- C:\Windows\System\zQWMZpa.exe
  C:\Windows\System\zQWMZpa.exe
  2⤵
  PID:5544
- C:\Windows\System\csnqPjW.exe
  C:\Windows\System\csnqPjW.exe
  2⤵
  PID:5880
- C:\Windows\System\BZMNLha.exe
  C:\Windows\System\BZMNLha.exe
  2⤵
  PID:2772
- C:\Windows\System\HbKEZLf.exe
  C:\Windows\System\HbKEZLf.exe
  2⤵
  PID:6028
- C:\Windows\System\BnVsCDE.exe
  C:\Windows\System\BnVsCDE.exe
  2⤵
  PID:2360
- C:\Windows\System\FnpXtwP.exe
  C:\Windows\System\FnpXtwP.exe
  2⤵
  PID:5372
- C:\Windows\System\onMfwMy.exe
  C:\Windows\System\onMfwMy.exe
  2⤵
  PID:3268
- C:\Windows\System\cNXXaeY.exe
  C:\Windows\System\cNXXaeY.exe
  2⤵
  PID:5588
- C:\Windows\System\hEwUSHh.exe
  C:\Windows\System\hEwUSHh.exe
  2⤵
  PID:572
- C:\Windows\System\rRwSXpY.exe
  C:\Windows\System\rRwSXpY.exe
  2⤵
  PID:5204
- C:\Windows\System\iKMGcsE.exe
  C:\Windows\System\iKMGcsE.exe
  2⤵
  PID:6096
- C:\Windows\System\Fjefpkb.exe
  C:\Windows\System\Fjefpkb.exe
  2⤵
  PID:320
- C:\Windows\System\whZcNIY.exe
  C:\Windows\System\whZcNIY.exe
  2⤵
  PID:2644
- C:\Windows\System\wfjITXP.exe
  C:\Windows\System\wfjITXP.exe
  2⤵
  PID:6116
- C:\Windows\System\uQCjYvw.exe
  C:\Windows\System\uQCjYvw.exe
  2⤵
  PID:3172
- C:\Windows\System\KTBpelV.exe
  C:\Windows\System\KTBpelV.exe
  2⤵
  PID:5456
- C:\Windows\System\EoZBKmC.exe
  C:\Windows\System\EoZBKmC.exe
  2⤵
  PID:3276
- C:\Windows\System\WAJmUdn.exe
  C:\Windows\System\WAJmUdn.exe
  2⤵
  PID:3388
- C:\Windows\System\DFObsCM.exe
  C:\Windows\System\DFObsCM.exe
  2⤵
  PID:3352
- C:\Windows\System\kNQcFxm.exe
  C:\Windows\System\kNQcFxm.exe
  2⤵
  PID:3788
- C:\Windows\System\DYRpvYn.exe
  C:\Windows\System\DYRpvYn.exe
  2⤵
  PID:4336
- C:\Windows\System\GRMtJQJ.exe
  C:\Windows\System\GRMtJQJ.exe
  2⤵
  PID:4452
- C:\Windows\System\uGmNshk.exe
  C:\Windows\System\uGmNshk.exe
  2⤵
  PID:5788
- C:\Windows\System\NnDnRED.exe
  C:\Windows\System\NnDnRED.exe
  2⤵
  PID:6000
- C:\Windows\System\DiIAQBF.exe
  C:\Windows\System\DiIAQBF.exe
  2⤵
  PID:1148
- C:\Windows\System\TdZMOLs.exe
  C:\Windows\System\TdZMOLs.exe
  2⤵
  PID:3348
- C:\Windows\System\yRuLVSE.exe
  C:\Windows\System\yRuLVSE.exe
  2⤵
  PID:3324
- C:\Windows\System\aIlWbdf.exe
  C:\Windows\System\aIlWbdf.exe
  2⤵
  PID:3396
- C:\Windows\System\DVYzFtQ.exe
  C:\Windows\System\DVYzFtQ.exe
  2⤵
  PID:3192
- C:\Windows\System\OgIFKME.exe
  C:\Windows\System\OgIFKME.exe
  2⤵
  PID:5856
- C:\Windows\System\cySQbKB.exe
  C:\Windows\System\cySQbKB.exe
  2⤵
  PID:3000
- C:\Windows\System\zQNyLPA.exe
  C:\Windows\System\zQNyLPA.exe
  2⤵
  PID:6156
- C:\Windows\System\CmOkBYC.exe
  C:\Windows\System\CmOkBYC.exe
  2⤵
  PID:6172
- C:\Windows\System\rjeTyLr.exe
  C:\Windows\System\rjeTyLr.exe
  2⤵
  PID:6188
- C:\Windows\System\Uornynm.exe
  C:\Windows\System\Uornynm.exe
  2⤵
  PID:6204
- C:\Windows\System\yUQuseB.exe
  C:\Windows\System\yUQuseB.exe
  2⤵
  PID:6220
- C:\Windows\System\gDDHWPp.exe
  C:\Windows\System\gDDHWPp.exe
  2⤵
  PID:6236
- C:\Windows\System\eRiGsZP.exe
  C:\Windows\System\eRiGsZP.exe
  2⤵
  PID:6252
- C:\Windows\System\fYlFrts.exe
  C:\Windows\System\fYlFrts.exe
  2⤵
  PID:6268
- C:\Windows\System\xwrOZRf.exe
  C:\Windows\System\xwrOZRf.exe
  2⤵
  PID:6284
- C:\Windows\System\oeKVZLv.exe
  C:\Windows\System\oeKVZLv.exe
  2⤵
  PID:6300
- C:\Windows\System\yFZxvYu.exe
  C:\Windows\System\yFZxvYu.exe
  2⤵
  PID:6316
- C:\Windows\System\xWehTdx.exe
  C:\Windows\System\xWehTdx.exe
  2⤵
  PID:6332
- C:\Windows\System\RxQOrBV.exe
  C:\Windows\System\RxQOrBV.exe
  2⤵
  PID:6348
- C:\Windows\System\WlpuNJu.exe
  C:\Windows\System\WlpuNJu.exe
  2⤵
  PID:6364
- C:\Windows\System\cdUczIq.exe
  C:\Windows\System\cdUczIq.exe
  2⤵
  PID:6380
- C:\Windows\System\TKSrUOB.exe
  C:\Windows\System\TKSrUOB.exe
  2⤵
  PID:6396
- C:\Windows\System\WLcsxiQ.exe
  C:\Windows\System\WLcsxiQ.exe
  2⤵
  PID:6412
- C:\Windows\System\zINzzMa.exe
  C:\Windows\System\zINzzMa.exe
  2⤵
  PID:6428
- C:\Windows\System\jOojGgE.exe
  C:\Windows\System\jOojGgE.exe
  2⤵
  PID:6444
- C:\Windows\System\XlnBJVD.exe
  C:\Windows\System\XlnBJVD.exe
  2⤵
  PID:6460
- C:\Windows\System\TfuUASX.exe
  C:\Windows\System\TfuUASX.exe
  2⤵
  PID:6476
- C:\Windows\System\nVyKiMj.exe
  C:\Windows\System\nVyKiMj.exe
  2⤵
  PID:6492
- C:\Windows\System\IlmOxvp.exe
  C:\Windows\System\IlmOxvp.exe
  2⤵
  PID:6508
- C:\Windows\System\zRvRviQ.exe
  C:\Windows\System\zRvRviQ.exe
  2⤵
  PID:6524
- C:\Windows\System\KIBxKMD.exe
  C:\Windows\System\KIBxKMD.exe
  2⤵
  PID:6540
- C:\Windows\System\aLasTMN.exe
  C:\Windows\System\aLasTMN.exe
  2⤵
  PID:6556
- C:\Windows\System\eIEzjtn.exe
  C:\Windows\System\eIEzjtn.exe
  2⤵
  PID:6572
- C:\Windows\System\zfsZPRh.exe
  C:\Windows\System\zfsZPRh.exe
  2⤵
  PID:6588
- C:\Windows\System\vfQtDTR.exe
  C:\Windows\System\vfQtDTR.exe
  2⤵
  PID:6604
- C:\Windows\System\WUYKwRd.exe
  C:\Windows\System\WUYKwRd.exe
  2⤵
  PID:6624
- C:\Windows\System\mWuVEuQ.exe
  C:\Windows\System\mWuVEuQ.exe
  2⤵
  PID:6640
- C:\Windows\System\vQJwzug.exe
  C:\Windows\System\vQJwzug.exe
  2⤵
  PID:6688
- C:\Windows\System\GvpmPnQ.exe
  C:\Windows\System\GvpmPnQ.exe
  2⤵
  PID:6704
- C:\Windows\System\nRkFZhv.exe
  C:\Windows\System\nRkFZhv.exe
  2⤵
  PID:6720
- C:\Windows\System\yhHtsyo.exe
  C:\Windows\System\yhHtsyo.exe
  2⤵
  PID:6740
- C:\Windows\System\rtuyYAa.exe
  C:\Windows\System\rtuyYAa.exe
  2⤵
  PID:6756
- C:\Windows\System\QOQGTAs.exe
  C:\Windows\System\QOQGTAs.exe
  2⤵
  PID:6772
- C:\Windows\System\yesHpsQ.exe
  C:\Windows\System\yesHpsQ.exe
  2⤵
  PID:6788
- C:\Windows\System\lgaKHgM.exe
  C:\Windows\System\lgaKHgM.exe
  2⤵
  PID:6804
- C:\Windows\System\SFUWucG.exe
  C:\Windows\System\SFUWucG.exe
  2⤵
  PID:6828
- C:\Windows\System\VMmxWhr.exe
  C:\Windows\System\VMmxWhr.exe
  2⤵
  PID:6844
- C:\Windows\System\LjrcKyD.exe
  C:\Windows\System\LjrcKyD.exe
  2⤵
  PID:6864
- C:\Windows\System\LlwyGLv.exe
  C:\Windows\System\LlwyGLv.exe
  2⤵
  PID:6896
- C:\Windows\System\fMUcxZd.exe
  C:\Windows\System\fMUcxZd.exe
  2⤵
  PID:6916
- C:\Windows\System\fgDllrG.exe
  C:\Windows\System\fgDllrG.exe
  2⤵
  PID:6932
- C:\Windows\System\BLruspH.exe
  C:\Windows\System\BLruspH.exe
  2⤵
  PID:6948
- C:\Windows\System\zJUitkD.exe
  C:\Windows\System\zJUitkD.exe
  2⤵
  PID:6964
- C:\Windows\System\jEvOaKt.exe
  C:\Windows\System\jEvOaKt.exe
  2⤵
  PID:6984
- C:\Windows\System\TrpeUwv.exe
  C:\Windows\System\TrpeUwv.exe
  2⤵
  PID:7120
- C:\Windows\System\SYiYXRk.exe
  C:\Windows\System\SYiYXRk.exe
  2⤵
  PID:7136
- C:\Windows\System\OAqDNwO.exe
  C:\Windows\System\OAqDNwO.exe
  2⤵
  PID:7152
- C:\Windows\System\lWPVHyC.exe
  C:\Windows\System\lWPVHyC.exe
  2⤵
  PID:2568
- C:\Windows\System\lMUOifi.exe
  C:\Windows\System\lMUOifi.exe
  2⤵
  PID:5140
- C:\Windows\System\oKomNcq.exe
  C:\Windows\System\oKomNcq.exe
  2⤵
  PID:6152
- C:\Windows\System\ZhkHYPL.exe
  C:\Windows\System\ZhkHYPL.exe
  2⤵
  PID:6184
- C:\Windows\System\EXSgAyH.exe
  C:\Windows\System\EXSgAyH.exe
  2⤵
  PID:6216
- C:\Windows\System\fyswZTq.exe
  C:\Windows\System\fyswZTq.exe
  2⤵
  PID:6232
- C:\Windows\System\VhIbWQJ.exe
  C:\Windows\System\VhIbWQJ.exe
  2⤵
  PID:6276
- C:\Windows\System\tJkAJFg.exe
  C:\Windows\System\tJkAJFg.exe
  2⤵
  PID:2740
- C:\Windows\System\dPZtuoG.exe
  C:\Windows\System\dPZtuoG.exe
  2⤵
  PID:6360
- C:\Windows\System\MVqulRU.exe
  C:\Windows\System\MVqulRU.exe
  2⤵
  PID:6408
- C:\Windows\System\UHDcYWr.exe
  C:\Windows\System\UHDcYWr.exe
  2⤵
  PID:6424
- C:\Windows\System\oCRKCuj.exe
  C:\Windows\System\oCRKCuj.exe
  2⤵
  PID:6456
- C:\Windows\System\MQyBbgA.exe
  C:\Windows\System\MQyBbgA.exe
  2⤵
  PID:6500
- C:\Windows\System\ECpepZG.exe
  C:\Windows\System\ECpepZG.exe
  2⤵
  PID:1600
- C:\Windows\System\BbcixYY.exe
  C:\Windows\System\BbcixYY.exe
  2⤵
  PID:3236
- C:\Windows\System\zZoYNwN.exe
  C:\Windows\System\zZoYNwN.exe
  2⤵
  PID:6564
- C:\Windows\System\XwWHJnI.exe
  C:\Windows\System\XwWHJnI.exe
  2⤵
  PID:6584
- C:\Windows\System\vrHmCIT.exe
  C:\Windows\System\vrHmCIT.exe
  2⤵
  PID:2604
- C:\Windows\System\sapUKkZ.exe
  C:\Windows\System\sapUKkZ.exe
  2⤵
  PID:6648
- C:\Windows\System\eKnUPtt.exe
  C:\Windows\System\eKnUPtt.exe
  2⤵
  PID:2444
- C:\Windows\System\OXcUUoU.exe
  C:\Windows\System\OXcUUoU.exe
  2⤵
  PID:6700
- C:\Windows\System\fVkMQCU.exe
  C:\Windows\System\fVkMQCU.exe
  2⤵
  PID:6768
- C:\Windows\System\pfglIAs.exe
  C:\Windows\System\pfglIAs.exe
  2⤵
  PID:6836
- C:\Windows\System\JEhSlyx.exe
  C:\Windows\System\JEhSlyx.exe
  2⤵
  PID:6816
- C:\Windows\System\YLqdUKb.exe
  C:\Windows\System\YLqdUKb.exe
  2⤵
  PID:2616
- C:\Windows\System\xcgEuav.exe
  C:\Windows\System\xcgEuav.exe
  2⤵
  PID:6956
- C:\Windows\System\LQFXuML.exe
  C:\Windows\System\LQFXuML.exe
  2⤵
  PID:2400
- C:\Windows\System\lUvSMse.exe
  C:\Windows\System\lUvSMse.exe
  2⤵
  PID:6752
- C:\Windows\System\ciABjmj.exe
  C:\Windows\System\ciABjmj.exe
  2⤵
  PID:6784
- C:\Windows\System\JmkfnBa.exe
  C:\Windows\System\JmkfnBa.exe
  2⤵
  PID:6852
- C:\Windows\System\tsfABwm.exe
  C:\Windows\System\tsfABwm.exe
  2⤵
  PID:6940
- C:\Windows\System\gXXvtMZ.exe
  C:\Windows\System\gXXvtMZ.exe
  2⤵
  PID:6976
- C:\Windows\System\tHWuGQT.exe
  C:\Windows\System\tHWuGQT.exe
  2⤵
  PID:2008
- C:\Windows\System\wCqAqNl.exe
  C:\Windows\System\wCqAqNl.exe
  2⤵
  PID:7020
- C:\Windows\System\QKctoAH.exe
  C:\Windows\System\QKctoAH.exe
  2⤵
  PID:7036
- C:\Windows\System\TQOaqfU.exe
  C:\Windows\System\TQOaqfU.exe
  2⤵
  PID:7052
- C:\Windows\System\fUJsThX.exe
  C:\Windows\System\fUJsThX.exe
  2⤵
  PID:7068
- C:\Windows\System\FkMNIBp.exe
  C:\Windows\System\FkMNIBp.exe
  2⤵
  PID:7084
- C:\Windows\System\WosfxBN.exe
  C:\Windows\System\WosfxBN.exe
  2⤵
  PID:7100
- C:\Windows\System\PbrBKvP.exe
  C:\Windows\System\PbrBKvP.exe
  2⤵
  PID:7148
- C:\Windows\System\sXrQlnM.exe
  C:\Windows\System\sXrQlnM.exe
  2⤵
  PID:6180
- C:\Windows\System\XyYWICK.exe
  C:\Windows\System\XyYWICK.exe
  2⤵
  PID:6292
- C:\Windows\System\RvpZtfe.exe
  C:\Windows\System\RvpZtfe.exe
  2⤵
  PID:6404
- C:\Windows\System\LOKvnOG.exe
  C:\Windows\System\LOKvnOG.exe
  2⤵
  PID:6452
- C:\Windows\System\nvSMAZs.exe
  C:\Windows\System\nvSMAZs.exe
  2⤵
  PID:6148
- C:\Windows\System\WQNOUha.exe
  C:\Windows\System\WQNOUha.exe
  2⤵
  PID:6248
- C:\Windows\System\WKHZjuz.exe
  C:\Windows\System\WKHZjuz.exe
  2⤵
  PID:6312
- C:\Windows\System\rsSZRMQ.exe
  C:\Windows\System\rsSZRMQ.exe
  2⤵
  PID:1464
- C:\Windows\System\feTaJqT.exe
  C:\Windows\System\feTaJqT.exe
  2⤵
  PID:2628
- C:\Windows\System\NlsEmXP.exe
  C:\Windows\System\NlsEmXP.exe
  2⤵
  PID:6992
- C:\Windows\System\JvZREqp.exe
  C:\Windows\System\JvZREqp.exe
  2⤵
  PID:7064
- C:\Windows\System\KhDODFn.exe
  C:\Windows\System\KhDODFn.exe
  2⤵
  PID:7160
- C:\Windows\System\cCVWixB.exe
  C:\Windows\System\cCVWixB.exe
  2⤵
  PID:6328
- C:\Windows\System\jWFiXMi.exe
  C:\Windows\System\jWFiXMi.exe
  2⤵
  PID:2712
- C:\Windows\System\mOEwgOT.exe
  C:\Windows\System\mOEwgOT.exe
  2⤵
  PID:3016
- C:\Windows\System\ICYlBsn.exe
  C:\Windows\System\ICYlBsn.exe
  2⤵
  PID:6800
- C:\Windows\System\dTPihub.exe
  C:\Windows\System\dTPihub.exe
  2⤵
  PID:6812
- C:\Windows\System\gEiXejQ.exe
  C:\Windows\System\gEiXejQ.exe
  2⤵
  PID:6244
- C:\Windows\System\vjnybZe.exe
  C:\Windows\System\vjnybZe.exe
  2⤵
  PID:7044
- C:\Windows\System\xfCcoTP.exe
  C:\Windows\System\xfCcoTP.exe
  2⤵
  PID:7076
- C:\Windows\System\krxqvKt.exe
  C:\Windows\System\krxqvKt.exe
  2⤵
  PID:6212
- C:\Windows\System\FMkvefq.exe
  C:\Windows\System\FMkvefq.exe
  2⤵
  PID:6356
- C:\Windows\System\czVvWiG.exe
  C:\Windows\System\czVvWiG.exe
  2⤵
  PID:6600
- C:\Windows\System\JzLKuiC.exe
  C:\Windows\System\JzLKuiC.exe
  2⤵
  PID:2756
- C:\Windows\System\RocOmrq.exe
  C:\Windows\System\RocOmrq.exe
  2⤵
  PID:6652
- C:\Windows\System\LkkRZrS.exe
  C:\Windows\System\LkkRZrS.exe
  2⤵
  PID:2440
- C:\Windows\System\kVWOnID.exe
  C:\Windows\System\kVWOnID.exe
  2⤵
  PID:6636
- C:\Windows\System\hsFliYM.exe
  C:\Windows\System\hsFliYM.exe
  2⤵
  PID:6676
- C:\Windows\System\JoPnrAF.exe
  C:\Windows\System\JoPnrAF.exe
  2⤵
  PID:7096
- C:\Windows\System\zPBfuqa.exe
  C:\Windows\System\zPBfuqa.exe
  2⤵
  PID:6972
- C:\Windows\System\wIVnHYN.exe
  C:\Windows\System\wIVnHYN.exe
  2⤵
  PID:6168
- C:\Windows\System\NTmaJzV.exe
  C:\Windows\System\NTmaJzV.exe
  2⤵
  PID:7048
- C:\Windows\System\ybHWsVu.exe
  C:\Windows\System\ybHWsVu.exe
  2⤵
  PID:6372
- C:\Windows\System\hZloZKd.exe
  C:\Windows\System\hZloZKd.exe
  2⤵
  PID:6200
- C:\Windows\System\ISmPfOC.exe
  C:\Windows\System\ISmPfOC.exe
  2⤵
  PID:6716
- C:\Windows\System\XzMMoRp.exe
  C:\Windows\System\XzMMoRp.exe
  2⤵
  PID:6872
- C:\Windows\System\snsDCIK.exe
  C:\Windows\System\snsDCIK.exe
  2⤵
  PID:6520
- C:\Windows\System\kuJsCzA.exe
  C:\Windows\System\kuJsCzA.exe
  2⤵
  PID:7144
- C:\Windows\System\VzMWsjC.exe
  C:\Windows\System\VzMWsjC.exe
  2⤵
  PID:7028
- C:\Windows\System\ApAQcAX.exe
  C:\Windows\System\ApAQcAX.exe
  2⤵
  PID:7080
- C:\Windows\System\AyZSFoE.exe
  C:\Windows\System\AyZSFoE.exe
  2⤵
  PID:6696
- C:\Windows\System\wZHXDAQ.exe
  C:\Windows\System\wZHXDAQ.exe
  2⤵
  PID:7000
- C:\Windows\System\eJirJFj.exe
  C:\Windows\System\eJirJFj.exe
  2⤵
  PID:6436
- C:\Windows\System\zyCCooq.exe
  C:\Windows\System\zyCCooq.exe
  2⤵
  PID:7004
- C:\Windows\System\KyrZTUv.exe
  C:\Windows\System\KyrZTUv.exe
  2⤵
  PID:2652
- C:\Windows\System\OzdYHfK.exe
  C:\Windows\System\OzdYHfK.exe
  2⤵
  PID:2432
- C:\Windows\System\SMLWKjN.exe
  C:\Windows\System\SMLWKjN.exe
  2⤵
  PID:3060
- C:\Windows\System\hIwjsLd.exe
  C:\Windows\System\hIwjsLd.exe
  2⤵
  PID:3048
- C:\Windows\System\GRAXMve.exe
  C:\Windows\System\GRAXMve.exe
  2⤵
  PID:6888
- C:\Windows\System\hipWryl.exe
  C:\Windows\System\hipWryl.exe
  2⤵
  PID:1484
- C:\Windows\System\DhHrICJ.exe
  C:\Windows\System\DhHrICJ.exe
  2⤵
  PID:2560
- C:\Windows\System\hgktWdl.exe
  C:\Windows\System\hgktWdl.exe
  2⤵
  PID:6892
- C:\Windows\System\hRvjBOR.exe
  C:\Windows\System\hRvjBOR.exe
  2⤵
  PID:2108
- C:\Windows\System\DCKdpgS.exe
  C:\Windows\System\DCKdpgS.exe
  2⤵
  PID:7112
- C:\Windows\System\IHqtxdB.exe
  C:\Windows\System\IHqtxdB.exe
  2⤵
  PID:6388
- C:\Windows\System\EWxaIRY.exe
  C:\Windows\System\EWxaIRY.exe
  2⤵
  PID:7172
- C:\Windows\System\SGYZcep.exe
  C:\Windows\System\SGYZcep.exe
  2⤵
  PID:7188
- C:\Windows\System\SuPhnOe.exe
  C:\Windows\System\SuPhnOe.exe
  2⤵
  PID:7204
- C:\Windows\System\aouVXkj.exe
  C:\Windows\System\aouVXkj.exe
  2⤵
  PID:7220
- C:\Windows\System\CcMuwVH.exe
  C:\Windows\System\CcMuwVH.exe
  2⤵
  PID:7236
- C:\Windows\System\jLdolWR.exe
  C:\Windows\System\jLdolWR.exe
  2⤵
  PID:7252
- C:\Windows\System\OtmgMlv.exe
  C:\Windows\System\OtmgMlv.exe
  2⤵
  PID:7268
- C:\Windows\System\bwPLdcU.exe
  C:\Windows\System\bwPLdcU.exe
  2⤵
  PID:7284
- C:\Windows\System\iUVFqRN.exe
  C:\Windows\System\iUVFqRN.exe
  2⤵
  PID:7304
- C:\Windows\System\oSkXzIc.exe
  C:\Windows\System\oSkXzIc.exe
  2⤵
  PID:7320
- C:\Windows\System\LcNDLNG.exe
  C:\Windows\System\LcNDLNG.exe
  2⤵
  PID:7336
- C:\Windows\System\GzlMvFg.exe
  C:\Windows\System\GzlMvFg.exe
  2⤵
  PID:7352
- C:\Windows\System\cFPlNwg.exe
  C:\Windows\System\cFPlNwg.exe
  2⤵
  PID:7368
- C:\Windows\System\vZYMYJM.exe
  C:\Windows\System\vZYMYJM.exe
  2⤵
  PID:7384
- C:\Windows\System\ReJGpms.exe
  C:\Windows\System\ReJGpms.exe
  2⤵
  PID:7400
- C:\Windows\System\FybTGtK.exe
  C:\Windows\System\FybTGtK.exe
  2⤵
  PID:7416
- C:\Windows\System\ShYFeiV.exe
  C:\Windows\System\ShYFeiV.exe
  2⤵
  PID:7432
- C:\Windows\System\mVTELEx.exe
  C:\Windows\System\mVTELEx.exe
  2⤵
  PID:7448
- C:\Windows\System\KzRswLW.exe
  C:\Windows\System\KzRswLW.exe
  2⤵
  PID:7464
- C:\Windows\System\LRqBnKX.exe
  C:\Windows\System\LRqBnKX.exe
  2⤵
  PID:7480
- C:\Windows\System\iZXrtkq.exe
  C:\Windows\System\iZXrtkq.exe
  2⤵
  PID:7496
- C:\Windows\System\ajbDwZc.exe
  C:\Windows\System\ajbDwZc.exe
  2⤵
  PID:7512
- C:\Windows\System\ARXWYKz.exe
  C:\Windows\System\ARXWYKz.exe
  2⤵
  PID:7528
- C:\Windows\System\UUWWNrP.exe
  C:\Windows\System\UUWWNrP.exe
  2⤵
  PID:7544
- C:\Windows\System\cxGzIhM.exe
  C:\Windows\System\cxGzIhM.exe
  2⤵
  PID:7560
- C:\Windows\System\mIJGGOr.exe
  C:\Windows\System\mIJGGOr.exe
  2⤵
  PID:7576
- C:\Windows\System\CERpGqh.exe
  C:\Windows\System\CERpGqh.exe
  2⤵
  PID:7592
- C:\Windows\System\TRnhjRL.exe
  C:\Windows\System\TRnhjRL.exe
  2⤵
  PID:7608
- C:\Windows\System\McmoObV.exe
  C:\Windows\System\McmoObV.exe
  2⤵
  PID:7624
- C:\Windows\System\xGNXuIM.exe
  C:\Windows\System\xGNXuIM.exe
  2⤵
  PID:7640
- C:\Windows\System\qPmekhq.exe
  C:\Windows\System\qPmekhq.exe
  2⤵
  PID:7656
- C:\Windows\System\HiEynRb.exe
  C:\Windows\System\HiEynRb.exe
  2⤵
  PID:7672
- C:\Windows\System\xKbVPwT.exe
  C:\Windows\System\xKbVPwT.exe
  2⤵
  PID:7688
- C:\Windows\System\XIANuTa.exe
  C:\Windows\System\XIANuTa.exe
  2⤵
  PID:7704
- C:\Windows\System\SnGIetx.exe
  C:\Windows\System\SnGIetx.exe
  2⤵
  PID:7720
- C:\Windows\System\OKEMWoU.exe
  C:\Windows\System\OKEMWoU.exe
  2⤵
  PID:7736
- C:\Windows\System\cHHDhGJ.exe
  C:\Windows\System\cHHDhGJ.exe
  2⤵
  PID:7752
- C:\Windows\System\rFuLIEa.exe
  C:\Windows\System\rFuLIEa.exe
  2⤵
  PID:7768
- C:\Windows\System\CyBWcwv.exe
  C:\Windows\System\CyBWcwv.exe
  2⤵
  PID:7784
- C:\Windows\System\LKngiOf.exe
  C:\Windows\System\LKngiOf.exe
  2⤵
  PID:7800
- C:\Windows\System\PCEPRVr.exe
  C:\Windows\System\PCEPRVr.exe
  2⤵
  PID:7816
- C:\Windows\System\VQDatjO.exe
  C:\Windows\System\VQDatjO.exe
  2⤵
  PID:7836
- C:\Windows\System\rdhFrcN.exe
  C:\Windows\System\rdhFrcN.exe
  2⤵
  PID:7852
- C:\Windows\System\ivfAnav.exe
  C:\Windows\System\ivfAnav.exe
  2⤵
  PID:7868
- C:\Windows\System\NxjCkNa.exe
  C:\Windows\System\NxjCkNa.exe
  2⤵
  PID:7884
- C:\Windows\System\UVamyRe.exe
  C:\Windows\System\UVamyRe.exe
  2⤵
  PID:7900
- C:\Windows\System\JYUsTkD.exe
  C:\Windows\System\JYUsTkD.exe
  2⤵
  PID:7916
- C:\Windows\System\krpSBSH.exe
  C:\Windows\System\krpSBSH.exe
  2⤵
  PID:7932
- C:\Windows\System\heovDUX.exe
  C:\Windows\System\heovDUX.exe
  2⤵
  PID:7948
- C:\Windows\System\EKucowU.exe
  C:\Windows\System\EKucowU.exe
  2⤵
  PID:7964
- C:\Windows\System\BzkJWRV.exe
  C:\Windows\System\BzkJWRV.exe
  2⤵
  PID:7980
- C:\Windows\System\jDaFQuK.exe
  C:\Windows\System\jDaFQuK.exe
  2⤵
  PID:7996
- C:\Windows\System\LSRxnvG.exe
  C:\Windows\System\LSRxnvG.exe
  2⤵
  PID:8012
- C:\Windows\System\SdMOdml.exe
  C:\Windows\System\SdMOdml.exe
  2⤵
  PID:8028
- C:\Windows\System\AzYHnXN.exe
  C:\Windows\System\AzYHnXN.exe
  2⤵
  PID:8044
- C:\Windows\System\ikLYRfQ.exe
  C:\Windows\System\ikLYRfQ.exe
  2⤵
  PID:8060
- C:\Windows\System\IVupfjj.exe
  C:\Windows\System\IVupfjj.exe
  2⤵
  PID:8076
- C:\Windows\System\VgiRVPa.exe
  C:\Windows\System\VgiRVPa.exe
  2⤵
  PID:8092
- C:\Windows\System\xzfNJTh.exe
  C:\Windows\System\xzfNJTh.exe
  2⤵
  PID:8108
- C:\Windows\System\gnchdrA.exe
  C:\Windows\System\gnchdrA.exe
  2⤵
  PID:8124
- C:\Windows\System\WrmpTMH.exe
  C:\Windows\System\WrmpTMH.exe
  2⤵
  PID:8140
- C:\Windows\System\eoPqhVJ.exe
  C:\Windows\System\eoPqhVJ.exe
  2⤵
  PID:8156
- C:\Windows\System\fQYVIGy.exe
  C:\Windows\System\fQYVIGy.exe
  2⤵
  PID:8172
- C:\Windows\System\KyWDQxc.exe
  C:\Windows\System\KyWDQxc.exe
  2⤵
  PID:6860
- C:\Windows\System\tTHXLAE.exe
  C:\Windows\System\tTHXLAE.exe
  2⤵
  PID:7184
- C:\Windows\System\mTWUBAM.exe
  C:\Windows\System\mTWUBAM.exe
  2⤵
  PID:7248
- C:\Windows\System\FtKDRgO.exe
  C:\Windows\System\FtKDRgO.exe
  2⤵
  PID:7312
- C:\Windows\System\LkztNId.exe
  C:\Windows\System\LkztNId.exe
  2⤵
  PID:7348
- C:\Windows\System\OKXPpkR.exe
  C:\Windows\System\OKXPpkR.exe
  2⤵
  PID:6764
- C:\Windows\System\LemEdhB.exe
  C:\Windows\System\LemEdhB.exe
  2⤵
  PID:6296
- C:\Windows\System\OlgljJv.exe
  C:\Windows\System\OlgljJv.exe
  2⤵
  PID:928
- C:\Windows\System\oUIsnBa.exe
  C:\Windows\System\oUIsnBa.exe
  2⤵
  PID:7196
- C:\Windows\System\jGaneng.exe
  C:\Windows\System\jGaneng.exe
  2⤵
  PID:7264
- C:\Windows\System\LSRQspR.exe
  C:\Windows\System\LSRQspR.exe
  2⤵
  PID:7332
- C:\Windows\System\zpkNtDy.exe
  C:\Windows\System\zpkNtDy.exe
  2⤵
  PID:7424
- C:\Windows\System\QtUZgLs.exe
  C:\Windows\System\QtUZgLs.exe
  2⤵
  PID:7476
- C:\Windows\System\wZdAgMt.exe
  C:\Windows\System\wZdAgMt.exe
  2⤵
  PID:7540
- C:\Windows\System\sTjpFPW.exe
  C:\Windows\System\sTjpFPW.exe
  2⤵
  PID:7604
- C:\Windows\System\hbLYrTU.exe
  C:\Windows\System\hbLYrTU.exe
  2⤵
  PID:7668
- C:\Windows\System\ZFlpkuk.exe
  C:\Windows\System\ZFlpkuk.exe
  2⤵
  PID:7732
- C:\Windows\System\DThvvYs.exe
  C:\Windows\System\DThvvYs.exe
  2⤵
  PID:7520
- C:\Windows\System\bBaFAmg.exe
  C:\Windows\System\bBaFAmg.exe
  2⤵
  PID:7860
- C:\Windows\System\Hhyssdc.exe
  C:\Windows\System\Hhyssdc.exe
  2⤵
  PID:7924
- C:\Windows\System\uyKUrje.exe
  C:\Windows\System\uyKUrje.exe
  2⤵
  PID:7776
- C:\Windows\System\jdfECdE.exe
  C:\Windows\System\jdfECdE.exe
  2⤵
  PID:7648
- C:\Windows\System\wgGsFGF.exe
  C:\Windows\System\wgGsFGF.exe
  2⤵
  PID:7744
- C:\Windows\System\fCIgqQx.exe
  C:\Windows\System\fCIgqQx.exe
  2⤵
  PID:7552
- C:\Windows\System\reZIzGK.exe
  C:\Windows\System\reZIzGK.exe
  2⤵
  PID:7652
- C:\Windows\System\RZUjXVq.exe
  C:\Windows\System\RZUjXVq.exe
  2⤵
  PID:7988
- C:\Windows\System\UCzwbGL.exe
  C:\Windows\System\UCzwbGL.exe
  2⤵
  PID:7848
- C:\Windows\System\EAqVYFp.exe
  C:\Windows\System\EAqVYFp.exe
  2⤵
  PID:7912
- C:\Windows\System\tAujbZp.exe
  C:\Windows\System\tAujbZp.exe
  2⤵
  PID:7972
- C:\Windows\System\nVaoCVK.exe
  C:\Windows\System\nVaoCVK.exe
  2⤵
  PID:8036
- C:\Windows\System\zRhMbXy.exe
  C:\Windows\System\zRhMbXy.exe
  2⤵
  PID:8040
- C:\Windows\System\dgAXXHb.exe
  C:\Windows\System\dgAXXHb.exe
  2⤵
  PID:8072
- C:\Windows\System\qdlXjhH.exe
  C:\Windows\System\qdlXjhH.exe
  2⤵
  PID:8152
- C:\Windows\System\ocWBEKi.exe
  C:\Windows\System\ocWBEKi.exe
  2⤵
  PID:7244
- C:\Windows\System\faDqxzT.exe
  C:\Windows\System\faDqxzT.exe
  2⤵
  PID:7280
- C:\Windows\System\AyKkaQu.exe
  C:\Windows\System\AyKkaQu.exe
  2⤵
  PID:7180
- C:\Windows\System\ixFAwzr.exe
  C:\Windows\System\ixFAwzr.exe
  2⤵
  PID:7440
- C:\Windows\System\gSPezOc.exe
  C:\Windows\System\gSPezOc.exe
  2⤵
  PID:6912
- C:\Windows\System\JylPDhz.exe
  C:\Windows\System\JylPDhz.exe
  2⤵
  PID:7408
- C:\Windows\System\iiwaVCt.exe
  C:\Windows\System\iiwaVCt.exe
  2⤵
  PID:7600
- C:\Windows\System\yIeZzup.exe
  C:\Windows\System\yIeZzup.exe
  2⤵
  PID:7828
- C:\Windows\System\jLIvBCW.exe
  C:\Windows\System\jLIvBCW.exe
  2⤵
  PID:2012
- C:\Windows\System\WfgMLQg.exe
  C:\Windows\System\WfgMLQg.exe
  2⤵
  PID:7636
- C:\Windows\System\pgSgAsg.exe
  C:\Windows\System\pgSgAsg.exe
  2⤵
  PID:7664
- C:\Windows\System\iOIFjZd.exe
  C:\Windows\System\iOIFjZd.exe
  2⤵
  PID:7684
- C:\Windows\System\QRIdLEb.exe
  C:\Windows\System\QRIdLEb.exe
  2⤵
  PID:7780
- C:\Windows\System\FOWVhMb.exe
  C:\Windows\System\FOWVhMb.exe
  2⤵
  PID:7616
- C:\Windows\System\cjikhlY.exe
  C:\Windows\System\cjikhlY.exe
  2⤵
  PID:8104
- C:\Windows\System\oeTiIMq.exe
  C:\Windows\System\oeTiIMq.exe
  2⤵
  PID:7524
- C:\Windows\System\ThucLXY.exe
  C:\Windows\System\ThucLXY.exe
  2⤵
  PID:7412
- C:\Windows\System\yjPsgnG.exe
  C:\Windows\System\yjPsgnG.exe
  2⤵
  PID:7364
- C:\Windows\System\bxnbfLk.exe
  C:\Windows\System\bxnbfLk.exe
  2⤵
  PID:7944
- C:\Windows\System\huOdTua.exe
  C:\Windows\System\huOdTua.exe
  2⤵
  PID:7728
- C:\Windows\System\wuCkBdu.exe
  C:\Windows\System\wuCkBdu.exe
  2⤵
  PID:8204
- C:\Windows\System\OLRDoSW.exe
  C:\Windows\System\OLRDoSW.exe
  2⤵
  PID:8220
- C:\Windows\System\QJfMOKO.exe
  C:\Windows\System\QJfMOKO.exe
  2⤵
  PID:8240
- C:\Windows\System\HohSHlO.exe
  C:\Windows\System\HohSHlO.exe
  2⤵
  PID:8256
- C:\Windows\System\MFgzCgV.exe
  C:\Windows\System\MFgzCgV.exe
  2⤵
  PID:8272
- C:\Windows\System\vJrsqbv.exe
  C:\Windows\System\vJrsqbv.exe
  2⤵
  PID:8288
- C:\Windows\System\JxrcKVF.exe
  C:\Windows\System\JxrcKVF.exe
  2⤵
  PID:8304
- C:\Windows\System\HDtGbpc.exe
  C:\Windows\System\HDtGbpc.exe
  2⤵
  PID:8320
- C:\Windows\System\bahlaFw.exe
  C:\Windows\System\bahlaFw.exe
  2⤵
  PID:8336
- C:\Windows\System\baQVHxR.exe
  C:\Windows\System\baQVHxR.exe
  2⤵
  PID:8352
- C:\Windows\System\lHpEyII.exe
  C:\Windows\System\lHpEyII.exe
  2⤵
  PID:8368
- C:\Windows\System\lYIqsCe.exe
  C:\Windows\System\lYIqsCe.exe
  2⤵
  PID:8384
- C:\Windows\System\htbLnsh.exe
  C:\Windows\System\htbLnsh.exe
  2⤵
  PID:8400
- C:\Windows\System\bCSRDmc.exe
  C:\Windows\System\bCSRDmc.exe
  2⤵
  PID:8416
- C:\Windows\System\jHKRJQJ.exe
  C:\Windows\System\jHKRJQJ.exe
  2⤵
  PID:8432
- C:\Windows\System\uhoHHnV.exe
  C:\Windows\System\uhoHHnV.exe
  2⤵
  PID:8448
- C:\Windows\System\eRThwFu.exe
  C:\Windows\System\eRThwFu.exe
  2⤵
  PID:8464
- C:\Windows\System\TEUNfVZ.exe
  C:\Windows\System\TEUNfVZ.exe
  2⤵
  PID:8480
- C:\Windows\System\DOUtKtj.exe
  C:\Windows\System\DOUtKtj.exe
  2⤵
  PID:8496
- C:\Windows\System\NcKyzTX.exe
  C:\Windows\System\NcKyzTX.exe
  2⤵
  PID:8512
- C:\Windows\System\qKecSkM.exe
  C:\Windows\System\qKecSkM.exe
  2⤵
  PID:8528
- C:\Windows\System\DrMvuaX.exe
  C:\Windows\System\DrMvuaX.exe
  2⤵
  PID:8544
- C:\Windows\System\PHXoois.exe
  C:\Windows\System\PHXoois.exe
  2⤵
  PID:8560
- C:\Windows\System\ZMvkGQg.exe
  C:\Windows\System\ZMvkGQg.exe
  2⤵
  PID:8576
- C:\Windows\System\RvMXttc.exe
  C:\Windows\System\RvMXttc.exe
  2⤵
  PID:8592
- C:\Windows\System\kMPTpzc.exe
  C:\Windows\System\kMPTpzc.exe
  2⤵
  PID:8608
- C:\Windows\System\DJtgMsm.exe
  C:\Windows\System\DJtgMsm.exe
  2⤵
  PID:8624
- C:\Windows\System\ZxrogAa.exe
  C:\Windows\System\ZxrogAa.exe
  2⤵
  PID:8640
- C:\Windows\System\zKVIxif.exe
  C:\Windows\System\zKVIxif.exe
  2⤵
  PID:8656
- C:\Windows\System\WEcZSXg.exe
  C:\Windows\System\WEcZSXg.exe
  2⤵
  PID:8672
- C:\Windows\System\QulASUZ.exe
  C:\Windows\System\QulASUZ.exe
  2⤵
  PID:8688
- C:\Windows\System\wshiqzH.exe
  C:\Windows\System\wshiqzH.exe
  2⤵
  PID:8704
- C:\Windows\System\HMMtsjF.exe
  C:\Windows\System\HMMtsjF.exe
  2⤵
  PID:8720
- C:\Windows\System\KgCWEca.exe
  C:\Windows\System\KgCWEca.exe
  2⤵
  PID:8736
- C:\Windows\System\wcBkvJE.exe
  C:\Windows\System\wcBkvJE.exe
  2⤵
  PID:8752
- C:\Windows\System\qAlvIbs.exe
  C:\Windows\System\qAlvIbs.exe
  2⤵
  PID:8768
- C:\Windows\System\ZsxmyqJ.exe
  C:\Windows\System\ZsxmyqJ.exe
  2⤵
  PID:8784
- C:\Windows\System\hWjpEaR.exe
  C:\Windows\System\hWjpEaR.exe
  2⤵
  PID:8800
- C:\Windows\System\yfwIInI.exe
  C:\Windows\System\yfwIInI.exe
  2⤵
  PID:8820
- C:\Windows\System\CpsLWgz.exe
  C:\Windows\System\CpsLWgz.exe
  2⤵
  PID:8836
- C:\Windows\System\qmMYApD.exe
  C:\Windows\System\qmMYApD.exe
  2⤵
  PID:8852
- C:\Windows\System\czrCGIz.exe
  C:\Windows\System\czrCGIz.exe
  2⤵
  PID:8868
- C:\Windows\System\WqAARhB.exe
  C:\Windows\System\WqAARhB.exe
  2⤵
  PID:8884
- C:\Windows\System\knrkAXv.exe
  C:\Windows\System\knrkAXv.exe
  2⤵
  PID:8900
- C:\Windows\System\NHkBCfy.exe
  C:\Windows\System\NHkBCfy.exe
  2⤵
  PID:8916
- C:\Windows\System\xiBzxOC.exe
  C:\Windows\System\xiBzxOC.exe
  2⤵
  PID:8932
- C:\Windows\System\eEmRvBD.exe
  C:\Windows\System\eEmRvBD.exe
  2⤵
  PID:8948
- C:\Windows\System\shwczuz.exe
  C:\Windows\System\shwczuz.exe
  2⤵
  PID:8964
- C:\Windows\System\XYzWTEb.exe
  C:\Windows\System\XYzWTEb.exe
  2⤵
  PID:8980
- C:\Windows\System\gKuoQsC.exe
  C:\Windows\System\gKuoQsC.exe
  2⤵
  PID:8996
- C:\Windows\System\hEKGSft.exe
  C:\Windows\System\hEKGSft.exe
  2⤵
  PID:9012
- C:\Windows\System\ZFeDmra.exe
  C:\Windows\System\ZFeDmra.exe
  2⤵
  PID:9028
- C:\Windows\System\piUuxzn.exe
  C:\Windows\System\piUuxzn.exe
  2⤵
  PID:9044
- C:\Windows\System\BbDxdsn.exe
  C:\Windows\System\BbDxdsn.exe
  2⤵
  PID:9060
- C:\Windows\System\nYQHyGS.exe
  C:\Windows\System\nYQHyGS.exe
  2⤵
  PID:9076
- C:\Windows\System\gSEwGwY.exe
  C:\Windows\System\gSEwGwY.exe
  2⤵
  PID:9092
- C:\Windows\System\vqWZTYS.exe
  C:\Windows\System\vqWZTYS.exe
  2⤵
  PID:9108
- C:\Windows\System\lwLFVwu.exe
  C:\Windows\System\lwLFVwu.exe
  2⤵
  PID:9124
- C:\Windows\System\KEjaCmW.exe
  C:\Windows\System\KEjaCmW.exe
  2⤵
  PID:9148
- C:\Windows\System\AtyTVDB.exe
  C:\Windows\System\AtyTVDB.exe
  2⤵
  PID:9164
- C:\Windows\System\TSwVibd.exe
  C:\Windows\System\TSwVibd.exe
  2⤵
  PID:9180
- C:\Windows\System\OWrPvPx.exe
  C:\Windows\System\OWrPvPx.exe
  2⤵
  PID:9196
- C:\Windows\System\EmiWiAP.exe
  C:\Windows\System\EmiWiAP.exe
  2⤵
  PID:9212
- C:\Windows\System\KTIgzOH.exe
  C:\Windows\System\KTIgzOH.exe
  2⤵
  PID:7716
- C:\Windows\System\ZZgkowk.exe
  C:\Windows\System\ZZgkowk.exe
  2⤵
  PID:8212
- C:\Windows\System\ehwSmEG.exe
  C:\Windows\System\ehwSmEG.exe
  2⤵
  PID:8216
- C:\Windows\System\CQtAJqP.exe
  C:\Windows\System\CQtAJqP.exe
  2⤵
  PID:8284
- C:\Windows\System\cvTpKZU.exe
  C:\Windows\System\cvTpKZU.exe
  2⤵
  PID:8196
- C:\Windows\System\nGUzNPJ.exe
  C:\Windows\System\nGUzNPJ.exe
  2⤵
  PID:7228
- C:\Windows\System\vkXfLCx.exe
  C:\Windows\System\vkXfLCx.exe
  2⤵
  PID:7376
- C:\Windows\System\ViLROmg.exe
  C:\Windows\System\ViLROmg.exe
  2⤵
  PID:7472
- C:\Windows\System\RlUSFKC.exe
  C:\Windows\System\RlUSFKC.exe
  2⤵
  PID:8376
- C:\Windows\System\wECKTwY.exe
  C:\Windows\System\wECKTwY.exe
  2⤵
  PID:7748
- C:\Windows\System\JgqJcLE.exe
  C:\Windows\System\JgqJcLE.exe
  2⤵
  PID:7896
- C:\Windows\System\RRNStSv.exe
  C:\Windows\System\RRNStSv.exe
  2⤵
  PID:8268
- C:\Windows\System\oCipHEy.exe
  C:\Windows\System\oCipHEy.exe
  2⤵
  PID:8380
- C:\Windows\System\zFfaejj.exe
  C:\Windows\System\zFfaejj.exe
  2⤵
  PID:8476
- C:\Windows\System\KaWkljF.exe
  C:\Windows\System\KaWkljF.exe
  2⤵
  PID:8540
- C:\Windows\System\xNiIkKw.exe
  C:\Windows\System\xNiIkKw.exe
  2⤵
  PID:8600
- C:\Windows\System\TYLjeFF.exe
  C:\Windows\System\TYLjeFF.exe
  2⤵
  PID:8492
- C:\Windows\System\hfgfNzf.exe
  C:\Windows\System\hfgfNzf.exe
  2⤵
  PID:8552
- C:\Windows\System\DabyLvU.exe
  C:\Windows\System\DabyLvU.exe
  2⤵
  PID:8424
- C:\Windows\System\DgAUhMV.exe
  C:\Windows\System\DgAUhMV.exe
  2⤵
  PID:8524
- C:\Windows\System\qjkghfg.exe
  C:\Windows\System\qjkghfg.exe
  2⤵
  PID:8636
- C:\Windows\System\IrNkjZl.exe
  C:\Windows\System\IrNkjZl.exe
  2⤵
  PID:8728
- C:\Windows\System\NHnVgSX.exe
  C:\Windows\System\NHnVgSX.exe
  2⤵
  PID:8620
- C:\Windows\System\fHMjWqi.exe
  C:\Windows\System\fHMjWqi.exe
  2⤵
  PID:8648
- C:\Windows\System\txkXANO.exe
  C:\Windows\System\txkXANO.exe
  2⤵
  PID:8748
- C:\Windows\System\uihnlwz.exe
  C:\Windows\System\uihnlwz.exe
  2⤵
  PID:8792
- C:\Windows\System\ApNZuMA.exe
  C:\Windows\System\ApNZuMA.exe
  2⤵
  PID:8828
- C:\Windows\System\AUSgSFM.exe
  C:\Windows\System\AUSgSFM.exe
  2⤵
  PID:8844
- C:\Windows\System\RUDIXAm.exe
  C:\Windows\System\RUDIXAm.exe
  2⤵
  PID:8892
- C:\Windows\System\cEsnurD.exe
  C:\Windows\System\cEsnurD.exe
  2⤵
  PID:8944
- C:\Windows\System\SvmPQtp.exe
  C:\Windows\System\SvmPQtp.exe
  2⤵
  PID:8876
- C:\Windows\System\eoiFuNe.exe
  C:\Windows\System\eoiFuNe.exe
  2⤵
  PID:9004
- C:\Windows\System\bbbuOqE.exe
  C:\Windows\System\bbbuOqE.exe
  2⤵
  PID:9068
- C:\Windows\System\MvyQVDR.exe
  C:\Windows\System\MvyQVDR.exe
  2⤵
  PID:9132
- C:\Windows\System\YXftAIy.exe
  C:\Windows\System\YXftAIy.exe
  2⤵
  PID:8992
- C:\Windows\System\fAMcELc.exe
  C:\Windows\System\fAMcELc.exe
  2⤵
  PID:9120
- C:\Windows\System\ppOWqGi.exe
  C:\Windows\System\ppOWqGi.exe
  2⤵
  PID:8808
- C:\Windows\System\nDlDNZC.exe
  C:\Windows\System\nDlDNZC.exe
  2⤵
  PID:9188
- C:\Windows\System\cQjFJls.exe
  C:\Windows\System\cQjFJls.exe
  2⤵
  PID:9176
- C:\Windows\System\pKDZKGH.exe
  C:\Windows\System\pKDZKGH.exe
  2⤵
  PID:7880
- C:\Windows\System\Jfdqqjz.exe
  C:\Windows\System\Jfdqqjz.exe
  2⤵
  PID:8084
- C:\Windows\System\hmvdoWb.exe
  C:\Windows\System\hmvdoWb.exe
  2⤵
  PID:8184
- C:\Windows\System\GJdYLLM.exe
  C:\Windows\System\GJdYLLM.exe
  2⤵
  PID:7232
- C:\Windows\System\ZGLjgGp.exe
  C:\Windows\System\ZGLjgGp.exe
  2⤵
  PID:8344
- C:\Windows\System\TNqVAil.exe
  C:\Windows\System\TNqVAil.exe
  2⤵
  PID:7892
- C:\Windows\System\PUpXDYe.exe
  C:\Windows\System\PUpXDYe.exe
  2⤵
  PID:8412
- C:\Windows\System\qDSVBZp.exe
  C:\Windows\System\qDSVBZp.exe
  2⤵
  PID:9140
- C:\Windows\System\JOrmvTf.exe
  C:\Windows\System\JOrmvTf.exe
  2⤵
  PID:8568
- C:\Windows\System\sfzyFJU.exe
  C:\Windows\System\sfzyFJU.exe
  2⤵
  PID:8460
- C:\Windows\System\LKJjFTN.exe
  C:\Windows\System\LKJjFTN.exe
  2⤵
  PID:8604
- C:\Windows\System\uJfGntV.exe
  C:\Windows\System\uJfGntV.exe
  2⤵
  PID:8668
- C:\Windows\System\VrnIEUV.exe
  C:\Windows\System\VrnIEUV.exe
  2⤵
  PID:8712
- C:\Windows\System\sKsRveO.exe
  C:\Windows\System\sKsRveO.exe
  2⤵
  PID:7300
- C:\Windows\System\yKbXyEN.exe
  C:\Windows\System\yKbXyEN.exe
  2⤵
  PID:8976
- C:\Windows\System\bBhgfQf.exe
  C:\Windows\System\bBhgfQf.exe
  2⤵
  PID:9104
- C:\Windows\System\WyPGjuX.exe
  C:\Windows\System\WyPGjuX.exe
  2⤵
  PID:8716
- C:\Windows\System\cMHpuzJ.exe
  C:\Windows\System\cMHpuzJ.exe
  2⤵
  PID:9156
- C:\Windows\System\KalVKSg.exe
  C:\Windows\System\KalVKSg.exe
  2⤵
  PID:9052
- C:\Windows\System\eApmcag.exe
  C:\Windows\System\eApmcag.exe
  2⤵
  PID:7956
- C:\Windows\System\aKcqImg.exe
  C:\Windows\System\aKcqImg.exe
  2⤵
  PID:8316
- C:\Windows\System\ckepIQs.exe
  C:\Windows\System\ckepIQs.exe
  2⤵
  PID:9172
- C:\Windows\System\NARHCFg.exe
  C:\Windows\System\NARHCFg.exe
  2⤵
  PID:8228
- C:\Windows\System\MTutjdh.exe
  C:\Windows\System\MTutjdh.exe
  2⤵
  PID:8444
- C:\Windows\System\uXDxnRx.exe
  C:\Windows\System\uXDxnRx.exe
  2⤵
  PID:8584
- C:\Windows\System\dJGmXZV.exe
  C:\Windows\System\dJGmXZV.exe
  2⤵
  PID:8328
- C:\Windows\System\qcTNWgG.exe
  C:\Windows\System\qcTNWgG.exe
  2⤵
  PID:8396
- C:\Windows\System\XLsNKXu.exe
  C:\Windows\System\XLsNKXu.exe
  2⤵
  PID:9040
- C:\Windows\System\fFqvhpu.exe
  C:\Windows\System\fFqvhpu.exe
  2⤵
  PID:9192
- C:\Windows\System\NSHFEOV.exe
  C:\Windows\System\NSHFEOV.exe
  2⤵
  PID:8300
- C:\Windows\System\AcEeNTK.exe
  C:\Windows\System\AcEeNTK.exe
  2⤵
  PID:8960
- C:\Windows\System\lZqMQNs.exe
  C:\Windows\System\lZqMQNs.exe
  2⤵
  PID:7444
- C:\Windows\System\pHNJPnO.exe
  C:\Windows\System\pHNJPnO.exe
  2⤵
  PID:8860
- C:\Windows\System\FsbgbrQ.exe
  C:\Windows\System\FsbgbrQ.exe
  2⤵
  PID:9036
- C:\Windows\System\lmPTKYf.exe
  C:\Windows\System\lmPTKYf.exe
  2⤵
  PID:9116
- C:\Windows\System\WKdGCDW.exe
  C:\Windows\System\WKdGCDW.exe
  2⤵
  PID:8732
- C:\Windows\System\jTACIvj.exe
  C:\Windows\System\jTACIvj.exe
  2⤵
  PID:7960
- C:\Windows\System\ngKdYsm.exe
  C:\Windows\System\ngKdYsm.exe
  2⤵
  PID:9232
- C:\Windows\System\rTaXCeH.exe
  C:\Windows\System\rTaXCeH.exe
  2⤵
  PID:9248
- C:\Windows\System\MgZyScb.exe
  C:\Windows\System\MgZyScb.exe
  2⤵
  PID:9264
- C:\Windows\System\IHIERJt.exe
  C:\Windows\System\IHIERJt.exe
  2⤵
  PID:9280
- C:\Windows\System\bpxbBsi.exe
  C:\Windows\System\bpxbBsi.exe
  2⤵
  PID:9296
- C:\Windows\System\NlmaUzO.exe
  C:\Windows\System\NlmaUzO.exe
  2⤵
  PID:9312
- C:\Windows\System\oXvkBOf.exe
  C:\Windows\System\oXvkBOf.exe
  2⤵
  PID:9328
- C:\Windows\System\wJrhlTA.exe
  C:\Windows\System\wJrhlTA.exe
  2⤵
  PID:9344
- C:\Windows\System\vqsDlNb.exe
  C:\Windows\System\vqsDlNb.exe
  2⤵
  PID:9364
- C:\Windows\System\vKomrRT.exe
  C:\Windows\System\vKomrRT.exe
  2⤵
  PID:9380
- C:\Windows\System\ivJyTCL.exe
  C:\Windows\System\ivJyTCL.exe
  2⤵
  PID:9396
- C:\Windows\System\HIOrtlC.exe
  C:\Windows\System\HIOrtlC.exe
  2⤵
  PID:9412
- C:\Windows\System\igVvuil.exe
  C:\Windows\System\igVvuil.exe
  2⤵
  PID:9428
- C:\Windows\System\PMvQmpR.exe
  C:\Windows\System\PMvQmpR.exe
  2⤵
  PID:9444
- C:\Windows\System\Vmfwuvs.exe
  C:\Windows\System\Vmfwuvs.exe
  2⤵
  PID:9460
- C:\Windows\System\rtGiYRj.exe
  C:\Windows\System\rtGiYRj.exe
  2⤵
  PID:9476
- C:\Windows\System\haMcnuy.exe
  C:\Windows\System\haMcnuy.exe
  2⤵
  PID:9492
- C:\Windows\System\UrXZAzZ.exe
  C:\Windows\System\UrXZAzZ.exe
  2⤵
  PID:9508
- C:\Windows\System\WBWQWRs.exe
  C:\Windows\System\WBWQWRs.exe
  2⤵
  PID:9524
- C:\Windows\System\bMbrAAZ.exe
  C:\Windows\System\bMbrAAZ.exe
  2⤵
  PID:9540
- C:\Windows\System\FQcFeeT.exe
  C:\Windows\System\FQcFeeT.exe
  2⤵
  PID:9556
- C:\Windows\System\hSWvXcM.exe
  C:\Windows\System\hSWvXcM.exe
  2⤵
  PID:9572
- C:\Windows\System\mXWQHqt.exe
  C:\Windows\System\mXWQHqt.exe
  2⤵
  PID:9588
- C:\Windows\System\MCHaKvl.exe
  C:\Windows\System\MCHaKvl.exe
  2⤵
  PID:9604
- C:\Windows\System\NCYOjSS.exe
  C:\Windows\System\NCYOjSS.exe
  2⤵
  PID:9624
- C:\Windows\System\jtQXAxb.exe
  C:\Windows\System\jtQXAxb.exe
  2⤵
  PID:9640
- C:\Windows\System\xvtcCcr.exe
  C:\Windows\System\xvtcCcr.exe
  2⤵
  PID:9656
- C:\Windows\System\nInmjPE.exe
  C:\Windows\System\nInmjPE.exe
  2⤵
  PID:9672
- C:\Windows\System\OzekOVI.exe
  C:\Windows\System\OzekOVI.exe
  2⤵
  PID:9688
- C:\Windows\System\QqzrCFe.exe
  C:\Windows\System\QqzrCFe.exe
  2⤵
  PID:9704
- C:\Windows\System\TrZTDbM.exe
  C:\Windows\System\TrZTDbM.exe
  2⤵
  PID:9720
- C:\Windows\System\aEasjnu.exe
  C:\Windows\System\aEasjnu.exe
  2⤵
  PID:9736
- C:\Windows\System\qmuganS.exe
  C:\Windows\System\qmuganS.exe
  2⤵
  PID:9752
- C:\Windows\System\QGdvtIM.exe
  C:\Windows\System\QGdvtIM.exe
  2⤵
  PID:9768
- C:\Windows\System\MeGzhnu.exe
  C:\Windows\System\MeGzhnu.exe
  2⤵
  PID:9784
- C:\Windows\System\rECEJPK.exe
  C:\Windows\System\rECEJPK.exe
  2⤵
  PID:9800
- C:\Windows\System\TONikTq.exe
  C:\Windows\System\TONikTq.exe
  2⤵
  PID:9816
- C:\Windows\System\XoMYiIa.exe
  C:\Windows\System\XoMYiIa.exe
  2⤵
  PID:9836
- C:\Windows\System\QgWopjS.exe
  C:\Windows\System\QgWopjS.exe
  2⤵
  PID:9852
- C:\Windows\System\YMfgFZr.exe
  C:\Windows\System\YMfgFZr.exe
  2⤵
  PID:9872
- C:\Windows\System\THewymZ.exe
  C:\Windows\System\THewymZ.exe
  2⤵
  PID:9888
- C:\Windows\System\YYtrqwv.exe
  C:\Windows\System\YYtrqwv.exe
  2⤵
  PID:9916
- C:\Windows\System\qprGiww.exe
  C:\Windows\System\qprGiww.exe
  2⤵
  PID:9956
- C:\Windows\System\cdgaqvX.exe
  C:\Windows\System\cdgaqvX.exe
  2⤵
  PID:10092
- C:\Windows\System\uYVVGFW.exe
  C:\Windows\System\uYVVGFW.exe
  2⤵
  PID:10108
- C:\Windows\System\OmVmbxa.exe
  C:\Windows\System\OmVmbxa.exe
  2⤵
  PID:10124
- C:\Windows\System\uVkPZed.exe
  C:\Windows\System\uVkPZed.exe
  2⤵
  PID:10140
- C:\Windows\System\rSnWCKI.exe
  C:\Windows\System\rSnWCKI.exe
  2⤵
  PID:10156
- C:\Windows\System\sWwjWyt.exe
  C:\Windows\System\sWwjWyt.exe
  2⤵
  PID:10196
- C:\Windows\System\yQNohEZ.exe
  C:\Windows\System\yQNohEZ.exe
  2⤵
  PID:10216
- C:\Windows\System\EJENrga.exe
  C:\Windows\System\EJENrga.exe
  2⤵
  PID:8680
- C:\Windows\System\HktxqRm.exe
  C:\Windows\System\HktxqRm.exe
  2⤵
  PID:9388
- C:\Windows\System\xpKmLoc.exe
  C:\Windows\System\xpKmLoc.exe
  2⤵
  PID:9616
- C:\Windows\System\LybWNXz.exe
  C:\Windows\System\LybWNXz.exe
  2⤵
  PID:9748
- C:\Windows\System\jYhEIrk.exe
  C:\Windows\System\jYhEIrk.exe
  2⤵
  PID:9696
- C:\Windows\System\ZDaEozq.exe
  C:\Windows\System\ZDaEozq.exe
  2⤵
  PID:9884
- C:\Windows\System\nQklwZV.exe
  C:\Windows\System\nQklwZV.exe
  2⤵
  PID:9980
- C:\Windows\System\PBejkGo.exe
  C:\Windows\System\PBejkGo.exe
  2⤵
  PID:10000
- C:\Windows\System\FbIAyol.exe
  C:\Windows\System\FbIAyol.exe
  2⤵
  PID:10016
- C:\Windows\System\GfLnSvX.exe
  C:\Windows\System\GfLnSvX.exe
  2⤵
  PID:10032
- C:\Windows\System\rFFZlns.exe
  C:\Windows\System\rFFZlns.exe
  2⤵
  PID:10048
- C:\Windows\System\igxZXJa.exe
  C:\Windows\System\igxZXJa.exe
  2⤵
  PID:10080
- C:\Windows\System\gXhXeQI.exe
  C:\Windows\System\gXhXeQI.exe
  2⤵
  PID:9376
- C:\Windows\System\TAyNyEQ.exe
  C:\Windows\System\TAyNyEQ.exe
  2⤵
  PID:10228
- C:\Windows\System\eZqVbSN.exe
  C:\Windows\System\eZqVbSN.exe
  2⤵
  PID:9292
- C:\Windows\System\BagftUX.exe
  C:\Windows\System\BagftUX.exe
  2⤵
  PID:9516
- C:\Windows\System\rgfLAoG.exe
  C:\Windows\System\rgfLAoG.exe
  2⤵
  PID:9584
- C:\Windows\System\HxokImS.exe
  C:\Windows\System\HxokImS.exe
  2⤵
  PID:9712
- C:\Windows\System\ITjlnCR.exe
  C:\Windows\System\ITjlnCR.exe
  2⤵
  PID:9600
- C:\Windows\System\dCyBuBh.exe
  C:\Windows\System\dCyBuBh.exe
  2⤵
  PID:9760
- C:\Windows\System\YEIrKLU.exe
  C:\Windows\System\YEIrKLU.exe
  2⤵
  PID:9796
- C:\Windows\System\EnQdxiQ.exe
  C:\Windows\System\EnQdxiQ.exe
  2⤵
  PID:9848
- C:\Windows\System\URpiPUe.exe
  C:\Windows\System\URpiPUe.exe
  2⤵
  PID:9620
- C:\Windows\System\pTRXnNK.exe
  C:\Windows\System\pTRXnNK.exe
  2⤵
  PID:9928
- C:\Windows\System\xCeFNCp.exe
  C:\Windows\System\xCeFNCp.exe
  2⤵
  PID:10072
- C:\Windows\System\wcFwXcu.exe
  C:\Windows\System\wcFwXcu.exe
  2⤵
  PID:10176
- C:\Windows\System\NkAvwyp.exe
  C:\Windows\System\NkAvwyp.exe
  2⤵
  PID:10180
- C:\Windows\System\hNhpmLb.exe
  C:\Windows\System\hNhpmLb.exe
  2⤵
  PID:9336
- C:\Windows\System\KevnMzz.exe
  C:\Windows\System\KevnMzz.exe
  2⤵
  PID:9976
- C:\Windows\System\owMSmwA.exe
  C:\Windows\System\owMSmwA.exe
  2⤵
  PID:10172
- C:\Windows\System\pQukNBJ.exe
  C:\Windows\System\pQukNBJ.exe
  2⤵
  PID:10192
- C:\Windows\System\dTsGGXk.exe
  C:\Windows\System\dTsGGXk.exe
  2⤵
  PID:10024
- C:\Windows\System\HXyPcRj.exe
  C:\Windows\System\HXyPcRj.exe
  2⤵
  PID:9596
- C:\Windows\System\tVFBREv.exe
  C:\Windows\System\tVFBREv.exe
  2⤵
  PID:10212
- C:\Windows\System\BbhrNlL.exe
  C:\Windows\System\BbhrNlL.exe
  2⤵
  PID:10088
- C:\Windows\System\WoqeIju.exe
  C:\Windows\System\WoqeIju.exe
  2⤵
  PID:9580
- C:\Windows\System\FuVAcmD.exe
  C:\Windows\System\FuVAcmD.exe
  2⤵
  PID:10268
- C:\Windows\System\AloCcQY.exe
  C:\Windows\System\AloCcQY.exe
  2⤵
  PID:10304
- C:\Windows\System\QafGqnB.exe
  C:\Windows\System\QafGqnB.exe
  2⤵
  PID:10380
- C:\Windows\System\xAOacUG.exe
  C:\Windows\System\xAOacUG.exe
  2⤵
  PID:10420
- C:\Windows\System\swXJPqo.exe
  C:\Windows\System\swXJPqo.exe
  2⤵
  PID:10440
- C:\Windows\System\RWVEVdx.exe
  C:\Windows\System\RWVEVdx.exe
  2⤵
  PID:10468
- C:\Windows\System\gZhICDj.exe
  C:\Windows\System\gZhICDj.exe
  2⤵
  PID:10492
- C:\Windows\System\QtExuNr.exe
  C:\Windows\System\QtExuNr.exe
  2⤵
  PID:10508
- C:\Windows\System\FIqTEti.exe
  C:\Windows\System\FIqTEti.exe
  2⤵
  PID:10536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AAygHjS.exe

Filesize
6.0MB

MD5
c45c55fa8691461df3e4381bf6e741eb

SHA1
3ffd7adb01b87ffce5b9cdd646e464824149359b

SHA256
05ac84b2c34c9d591bfc153b86f410923675949887d22e244c33744b73f4da35

SHA512
d2bdf78e63875ad9aa236dd5acdcb8319e5bf9230bcc204ae264b813e6034c036bbd62f1955b719b2e599555db7317ded0721486c2038251ccee0f6897fbbcd1

Download Submit
C:\Windows\system\BuIBPpr.exe

Filesize
6.0MB

MD5
4de5555410f39c24cf63ee4fc76756e5

SHA1
12014f8e4defc4e30aee0a7fe58759c488573f88

SHA256
14bef2835f02ecac66fde6e910fa1eb0f37f68be40c05d00b6f63d50d9bc9cd4

SHA512
b969d323d05db7cd1888163db9614c12948c88b54501e07604cd72bdb2f2aec995db1afba40a10694888c5f40e503e83e0e9b88c04819a849441c471bf3cc9a7

Download Submit
C:\Windows\system\CLhAfPX.exe

Filesize
6.0MB

MD5
53b4cf257bb01817676a2ce76ded5d88

SHA1
9d56aacf758d5631b4822d67995fdc68c1d5bc01

SHA256
7681235285538692a03bf83f3dd5280e000dc9b36fd15a9de95d07c2035d0f06

SHA512
22af396bc9180e07658e204fff44f50a9d4a8d8c1b2c74c9c8e5ae73d48f4fc92f31a7f4212e6acf0c5804e7d9322c51e81d0b1bcff6ba791756f87576513f1f

Download Submit
C:\Windows\system\DFfoHua.exe

Filesize
6.0MB

MD5
bd51073d77552d2a65d09d55145e1f4b

SHA1
dc5ee1c723276b4790d90a48830b94b6b7a11443

SHA256
70fc9bb82f9e1947a5322be71fc5693a8576d0de376409939d5e2630e6ad5b8a

SHA512
d71e5e35ce8f474d387af4861c9fd1afda53bfb9cd060facecd1ec4f5a4b980353a51eacb9a937333198c3da3c9ddbdebbfa329c24150888f9030e918dffa6ba

Download Submit
C:\Windows\system\FOkfVtQ.exe

Filesize
6.0MB

MD5
4a4c28fa8375754ac6375cf4a5e6ded5

SHA1
76252d5ad00ff2baec724bbae83ed446f089cc63

SHA256
a55e60344ce1b0a106052404be1bab05372e11101bbcc22a0973ab69fd9983b7

SHA512
5f2ea29728e151088864b0b036cd57600bf4c65f7a81de42ff2f70c94c3b39f970992e142c799fe6e30b0f9d4c518f5a3d4f057b97e693ca8113ca0dab799619

Download Submit
C:\Windows\system\FgpKYFI.exe

Filesize
6.0MB

MD5
9b013be539a7043580db1e5f0b33799e

SHA1
f72339d8e046e1ccf2c9dea3ebc643161f866301

SHA256
9a17c9dbae0a82d4030a03602c6c325675b9804313f83e4074066e9a1ea695d0

SHA512
c584ceee015b7d9ae47b511ba1fd1c94777cdb2a3314870c60a1cfcde1edb390352372be9a610ae43913788ae7ca7c75d8acf3faf69edf1edeb49812e5d3dddd

Download Submit
C:\Windows\system\FsvDrMU.exe

Filesize
6.0MB

MD5
badc077b99ecbbe0f63bb33a3bdd1788

SHA1
fa026109d340c3945cbf97912d7e30177fb35560

SHA256
14dd781e08097eece4803d041f7b12d5ec19fbc1d9c43952a4ccebf78b028c57

SHA512
784737ba9bc99366c99c20b27c88a55e8d2c4d4d05a25f348f17f0c6a6839200e04612944a65a0b3716cca79f2cd17d4230c42446f9b6f8261f270accb736025

Download Submit
C:\Windows\system\IPxJoNW.exe

Filesize
6.0MB

MD5
715976375dedc30df0d782241791da9c

SHA1
96b52b6586baf4da81ae924217400038f099d9fe

SHA256
24e8b3a64b2dac0e1ccc40faee3b8d58732ef893734db9973fd626050eb333ca

SHA512
a835b5dde4e8fcba5a676078cacb4cf2dcac282cf3d8b92dc513d479ca47edf47c43e17bc4653719e786e5662ed44f7135f1a88f259802dd18c0d193ecf80740

Download Submit
C:\Windows\system\JtdFbhH.exe

Filesize
6.0MB

MD5
7e90419e321017a812f686bda480050d

SHA1
0a668972941569967218ddaee1ac4f95344e5563

SHA256
ae26e203b9bbbf46bc2f510711ddb63edc4a70fdb75b2ec44ef7f64bda765f00

SHA512
203377bfc5c75612341046707efd647b986fd9472111558fed3285ef96da89aee81a430854cb9fd7d9683197da88e68d6ded35c254897191d3ad634b0758a6a0

Download Submit
C:\Windows\system\NAGdNEf.exe

Filesize
6.0MB

MD5
0c407b928eaee8d1ee738bb0c2fd3df8

SHA1
7da1d7150a556391d51e375e9919f7180fae2bf6

SHA256
ba20c96c16f3035ebce10a0db5f545f190998b3906a290df3a6c579fe2631d68

SHA512
19fa335f035e37f22adff0a0360011241ba20e7a14f289a544598afda307fa8bfb885570066df40946d924fba7940c6c8b8e9783b633d531d63c741a9e1a6415

Download Submit
C:\Windows\system\QuibBQW.exe

Filesize
6.0MB

MD5
8b7aa72d9dfae3e8c5ef419631b27c3e

SHA1
a8cd474913ec7bb2d34814c175072549e0cf5f1d

SHA256
baf49f38762654a631aec6dd514977273613e1e0e1bbea5a8222e92437195f1c

SHA512
132995c0cee400de7c07a711e2df6dc5775e76ab3dc259ac6a9cfcb10c995578d5cd7ed1f46735ce0d612f92c278fcd037b269971d657f86ec9adad7ed51279f

Download Submit
C:\Windows\system\QwWlnyi.exe

Filesize
6.0MB

MD5
d67175f818b7fc56317dd322582849b5

SHA1
647dec46a5e2dca892ff1712ec0ac366dccfb8ed

SHA256
e86ca99d3f1355844d12c46128ae3605f1bf9494c37bae1a2ed8fa55dd31a332

SHA512
0c0a298a12ef8e51e93431e675c4e4934d007c9b81ae9c492b00bfbb5d478eec69d666260f2b8d0149c08b3568541963808924c21ccff40fe51710e6fe6ad6fc

Download Submit
C:\Windows\system\YQkWrzw.exe

Filesize
6.0MB

MD5
efcb050aa0811c4379dfd49f38fd6bde

SHA1
aa52fc43d0971f033bd0d47c44d4293c70da1f50

SHA256
df183832cb235d2274bc91dc804b7efba20a7dfea5c2a4672226809f6ff95db5

SHA512
55df268573b407a855bce0340a65d5f33f7ef41e776bd2c53e72a74716d928c99fbea8c23c32980329c461f96c0040d9c91ab9739bfecfc7f21a21368cf00dc1

Download Submit
C:\Windows\system\YZjWbnV.exe

Filesize
6.0MB

MD5
c8388566d6c3bbdb6c1c8cdad76e0d1a

SHA1
6357128004a0e68dbf4adabdd3c61ae01e3ef9ee

SHA256
294aca8876aaef73a38c85371ff651c8cde092c8e20731216b80e19395bf63bd

SHA512
82984fd085f5ea7c051aa638558dc63d2cd48c7dacef849dc88f5db955cf85efeeec01cb48dade1d3d48428eae8b8f1e4e6348488e53624c1cc705d0e1c16a08

Download Submit
C:\Windows\system\ZDNYyhV.exe

Filesize
6.0MB

MD5
21c60b67a5a3cc648702013fc07e7ab6

SHA1
62e419ff1e72358e65d9d2e1c40765d935a3abf6

SHA256
c7fe1875371d2a40dbc4de59e154a551ab1833660d72e298daf26947c255892e

SHA512
81593adc751ba760ebc137f4db62ecb8be8aeb970c0a24c3ab73d4c75301927dcbedf095434652d1edcf26198f39bd32020ff7a1fd1782ace87a38a36adcee34

Download Submit
C:\Windows\system\ZyUdITf.exe

Filesize
6.0MB

MD5
a8310b85a5fdd49f2a6ce2802e9d0c37

SHA1
6fb5fb07c74f52a23d3932d20b68a92c07a3cfb4

SHA256
4cc46e801311e3f5ac683a595a44f666a87d86d562942a90687a028a3db0fa41

SHA512
ce24606e1fbecc43af090e39ad02a1034eadd0ee873a9bd7c93ec7ed7592c6d6def8168c27d42109f7446285b1a91701be526f330fc28967dc31db62b89db411

Download Submit
C:\Windows\system\hNgdher.exe

Filesize
6.0MB

MD5
307eeb82b0af022c8df13823f2a9532a

SHA1
46668f8854d9ea6a8ced3bca3cc184b2f4977234

SHA256
19e3bee40cbdf9ac4a167a786d6b315a2c11549cc73a9f6602c1247a6f94e218

SHA512
d52485d6ef5296f24b667d81d8c69268481c6b394d4e0de4c99bae9de57457a1d458f1c728909717735d6cf9d209069b07f9b230fd8b1c0e58a9e1b25b0da594

Download Submit
C:\Windows\system\jQEVYPi.exe

Filesize
6.0MB

MD5
96060e0a6449f6fc30d55855cd8e12e0

SHA1
962ed5bb50c8ad53e1bc6d399e473cf7421da03d

SHA256
07aed45ac3ad0eed4d9a71b87cc788ff9a209cda32757f4d9712e9099b46a86e

SHA512
a0f6b1bb28fa399e6587b2b0c77fb5d5a9a657abb1eebbacc0ea73b188e58c4affff836a01c699ddecb909307d46a5373007d527d219d54f8405ab83caff34ef

Download Submit
C:\Windows\system\kZVLNUp.exe

Filesize
6.0MB

MD5
a461c4121d0155e4e69485e1ee8f1c3f

SHA1
fb2af8552f87309e50758865c64a50ecb6214dc6

SHA256
e46412021be432fc7d5fc4a38957a444dfaf6e0b090e063ee8766e94852076f9

SHA512
0597cd7907feaf6369f1540c4b1d7ebcfb0d82502538f515191c5a5cea90bc4876f90b87a72ae67a8b3461d5b03e4dd55cdacab0e0cd1bc9faab110e132973b2

Download Submit
C:\Windows\system\lTMGIbI.exe

Filesize
6.0MB

MD5
9fa6f1a3daedbc59aedc6129ed5f20c3

SHA1
2e3c0a66f85f8e4c9508190bf51ea76a000e932e

SHA256
78296dd7e28fa87eaafa652b1f82b97b9355b3a2c15afa856e2f608d8f585e24

SHA512
9c00b7134f85f8dc1859d3f939f4d3a16da70722ae1969e288f4ac4d3b7c47087c1517483ae848c26f01447008dcb4155b72db5985e94689e74d8d38bf33aa49

Download Submit
C:\Windows\system\mGZSvOm.exe

Filesize
6.0MB

MD5
c98821bb3d46e62619fede6bfcf6263c

SHA1
927f8fdbe3f84c632f1a3dc965e04cd1eb7ed981

SHA256
fed7e9e907d08d9c5f6e7e8b5feafe185106d8d7592a3a35bfaa3b16ef2405ce

SHA512
3bca8c7f8bfd4a2a910f4b89aae13162064c5f10657ad75a7e618112e71f455585f0781d70f369eb1a162e0245e5c1da00d61d10e93f5aae354a1b767117f706

Download Submit
C:\Windows\system\pLcbOVM.exe

Filesize
6.0MB

MD5
b086aa763d7ebdde8110bcc6c999b1b6

SHA1
e3e250f051805efa72755852cb879a08ce9c4bdb

SHA256
3c24dd4403139da36901a109574e2593366e285d9f07d86d42d438b953d650e8

SHA512
caa70285cb6d5f3eb1e171ce716575d92f2d437343a985a4ea1462f2c89f5eb753233acea5be05624c73c6e38a52809ee6eaccd60af2a52fa1611f43e0cdf364

Download Submit
C:\Windows\system\qbIRmsC.exe

Filesize
6.0MB

MD5
52e068aadf9c84d79d7b72afe0dcd833

SHA1
31ee65ca65fa57aa9edb674adc0d58a4a5a76878

SHA256
2787cf1521c6d5c07f683cd59c09a2650456e36dcaae1a8c7ac1e01b84f75843

SHA512
c8c81d8ae9c705f6ce78ec78919e01c42a75f63e97f00988adaa75b4acfbb3fbb0f8714d48573c9c82cb2d966e7425901a0663b1b1d302f6799e7cebd9a6d647

Download Submit
C:\Windows\system\uavXEUc.exe

Filesize
6.0MB

MD5
1245306f8f31cd887c84ed10589bc78b

SHA1
afc14e2dbe21311f7cdc3b118b3e39f468eaff5b

SHA256
b5e99b3c90ee14a88b2fabf88c386b88aba5119372145e9cc2ce5f38f9164f09

SHA512
1b3698c6d9d63e6a5a3b72c95d8c410182a25f27b2b45bd23fafaf2b6d6ac65ea4e0e6b17df19d08897d7550df9187af640767e30e010bc77d4ab1da7a46ef63

Download Submit
C:\Windows\system\wPWSSjo.exe

Filesize
6.0MB

MD5
09ca07939f734ae791b4d39054677174

SHA1
3a2442bbfa361a367b79c9331e79f738ec164487

SHA256
b81d67eb41589f95a4a58973c6b2e5185c4922d1eece2095e1e33e5dc05c53e9

SHA512
3629a4ebd8c94b9409656956d6480b473a1673db8bb7ead40c9630ce6b5eee84a6403f68e38efc90c3ef1bd0d9407170352fc35d5aa0ad429cadff7098a21f77

Download Submit
C:\Windows\system\xhQxbcB.exe

Filesize
6.0MB

MD5
0bd7ac135b03cb9fb116acf5dd177d10

SHA1
49dd13438a00123a52df6573470f8b4994f5f113

SHA256
7713e2ae23d9579437d5e27d5f0cebe24b8e2a65228bdf2c7766a8e92c4a4d46

SHA512
a75f4092d574055be15ad5504cd962f7bd546e363e010d770ebf38fb8707208e3dd7d6077115909d67f92124da1f4edb54ddc4881b87d40b9717c1b4098c8aec

Download Submit
C:\Windows\system\yJfYaDQ.exe

Filesize
6.0MB

MD5
b0aa126cdba5324b5f50a60c3b385422

SHA1
ac6b3bb46a2bb6238a6dc30590da8b5a17fc5263

SHA256
21ddd57d71d803e0a01625d0f6ac17240b7b4670b797eb09bf7ca85c0054ebfd

SHA512
08f84069be83b48de51733612e75f0695092aee401bfc338b8ed12f60b7a32f5b8c09f0d1ebf363f3d1bdd6fca52f464fc0bba39250ab468b3b878cb23e0f2a8

Download Submit
C:\Windows\system\yiJHjGk.exe

Filesize
6.0MB

MD5
652fdca84aaff24e3a1835445fa14c20

SHA1
d77231bd153c10ed6d174d1036115e7702c0578b

SHA256
867bcfbc1d57cc40978c5ac0e246b22febbb2d5629e7148322ecbf2f6d50d63b

SHA512
03478d3eab956d5a4f9bf386b29b7798cff505c4cf0efbdb9d466ed82f35cf944f19e74a3fcbe4aa4472c66bd74462fa8f014bc6b1a318dc248916bb35f21de3

Download Submit
C:\Windows\system\zoExfYr.exe

Filesize
6.0MB

MD5
39056a9ef8b259f32e2aca5db0630f65

SHA1
a04a7c03b4520ddead9db3caaaa2d263064f9602

SHA256
5b7bc5deec12837ed13ea3f66eac4a5f4b09058638ccbe7e658d4845688fc921

SHA512
793044a79b8d0bd9c589d5942992b0ed447e86dca307f3df5bd03a60926da28b66ad684f8c3872da72e1d2e45d42d2eca74e09339452c513e435a14c74f4a90f

Download Submit
\Windows\system\BbVTPpf.exe

Filesize
6.0MB

MD5
d4249082a13e311abe829f4422bd03d3

SHA1
b31bc73ed72b557b43f0b809de71a3a13b20fb0b

SHA256
ef61a63c05b40ba85497ce967ca05d2d22dab63bbe870d7a15ed1f28d874f9ce

SHA512
63655759b610698ed0f854331c5f2e2af42442300225e4a9898a400c56ce4bfd37de075c95b41df227d91303ed2b22701f7e5dfbc69f14063ecdcc9e2629ff18

Download Submit
\Windows\system\kpdChRq.exe

Filesize
6.0MB

MD5
d6b557159fc0ff32528754ca99d5add8

SHA1
dcaded0938984e65fcfe2cce484515e5785be6a7

SHA256
edb4f03d81c689724c3de3ff8dddde25cd721f6b430e9fac2695f5914fea2e64

SHA512
e5afb88870124f5b6a9ee9a135b469904828249b868df197decf33c70b5aba6e7b09e149903f023bba1fafdcdd79c6aec21ab8cd3cd980b582ca831e5ed2c5db

Download Submit
\Windows\system\pfLuSoO.exe

Filesize
6.0MB

MD5
2d38b63bce2c818bed5f55ee2907a082

SHA1
d0a950877b769696fc6430d94e468331413b669d

SHA256
ce39aaef0346e56d949ea0d59a7f52372c7086aac68056b6149d96770947c4e1

SHA512
6d121c03bb62c9ba38423c5c58145d234ddd6cde54fcf7028b09976a3d01c074aab61b534d66de9bca63c2857ab981e0d57b4a8decdce051bac3f9202f423a30

Download Submit
memory/2116-3247-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2116-611-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2216-3210-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2216-609-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2308-3211-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2308-741-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2416-613-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2416-3213-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2552-3212-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2552-631-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-3298-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-625-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-3268-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2580-633-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2596-629-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-3283-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-619-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3216-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2692-3209-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2692-627-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2716-3265-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-621-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-617-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3230-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2828-623-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2828-3214-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2928-3215-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2928-615-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1750-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-614-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2976-620-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-0-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-626-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2976-628-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1766-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-632-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1588-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1608-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1715-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1728-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1749-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2976-610-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2976-618-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2976-630-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1792-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1794-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2976-616-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1767-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1751-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1746-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1755-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1722-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2976-634-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2976-570-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2976-624-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2976-622-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1765-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2976-612-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1741-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download