cobaltstrike | de7c779138da808056c5ecb61cab2b4ff4585eda7749e00604b2f4003f27eebb

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
28/02/2025, 21:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.2MB
MD5

35bde6bb9d87ad5f8ea65beadf363434
SHA1

7f63888f487c556d3e70d8ef1ee441db102090a0
SHA256

de7c779138da808056c5ecb61cab2b4ff4585eda7749e00604b2f4003f27eebb
SHA512

ddf1f65eddcc5012e409e9a50015bbce0e102b081f3552646327c6cf5bcef4c79c9153349d92eae1676fa4bf5ee0d996fd638d03f1fa481a409f61243a5ced03
SSDEEP

49152:ROdWCCi7/ras56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6lj:RWWBibf56utgpPFotBER/mQ32lUn

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001202c-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c66-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c80-9.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c88-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd7-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cf5-38.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000165c7-45.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001755b-66.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017497-65.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017049-51.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018686-73.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001749c-72.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e7-93.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ed-96.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f1-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f4-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018704-116.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018744-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878e-129.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a8-136.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c16-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019250-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-166.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019360-186.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a6-191.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933f-181.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019297-175.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-171.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019269-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019246-151.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b4e-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018739-121.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 34 IoCs

miner

resource	yara_rule
behavioral1/memory/2292-15-0x000000013F6E0000-0x000000013FA31000-memory.dmp	xmrig
behavioral1/memory/2076-21-0x000000013F320000-0x000000013F671000-memory.dmp	xmrig
behavioral1/memory/2564-36-0x000000013FEE0000-0x0000000140231000-memory.dmp	xmrig
behavioral1/memory/1972-33-0x000000013F980000-0x000000013FCD1000-memory.dmp	xmrig
behavioral1/memory/2076-47-0x000000013F320000-0x000000013F671000-memory.dmp	xmrig
behavioral1/memory/2148-64-0x000000013FE30000-0x0000000140181000-memory.dmp	xmrig
behavioral1/memory/1972-88-0x0000000002290000-0x00000000025E1000-memory.dmp	xmrig
behavioral1/memory/2340-87-0x000000013F1B0000-0x000000013F501000-memory.dmp	xmrig
behavioral1/memory/2228-84-0x000000013F7E0000-0x000000013FB31000-memory.dmp	xmrig
behavioral1/memory/2844-79-0x000000013F720000-0x000000013FA71000-memory.dmp	xmrig
behavioral1/memory/2628-78-0x000000013F410000-0x000000013F761000-memory.dmp	xmrig
behavioral1/memory/2796-91-0x000000013F5A0000-0x000000013F8F1000-memory.dmp	xmrig
behavioral1/memory/2488-90-0x000000013F640000-0x000000013F991000-memory.dmp	xmrig
behavioral1/memory/1468-111-0x000000013F5C0000-0x000000013F911000-memory.dmp	xmrig
behavioral1/memory/1972-448-0x000000013F1B0000-0x000000013F501000-memory.dmp	xmrig
behavioral1/memory/1972-592-0x0000000002290000-0x00000000025E1000-memory.dmp	xmrig
behavioral1/memory/1112-593-0x000000013F630000-0x000000013F981000-memory.dmp	xmrig
behavioral1/memory/2672-364-0x000000013FAA0000-0x000000013FDF1000-memory.dmp	xmrig
behavioral1/memory/2844-363-0x000000013F720000-0x000000013FA71000-memory.dmp	xmrig
behavioral1/memory/2628-362-0x000000013F410000-0x000000013F761000-memory.dmp	xmrig
behavioral1/memory/2848-361-0x000000013F8E0000-0x000000013FC31000-memory.dmp	xmrig
behavioral1/memory/2292-2360-0x000000013F6E0000-0x000000013FA31000-memory.dmp	xmrig
behavioral1/memory/2564-2370-0x000000013FEE0000-0x0000000140231000-memory.dmp	xmrig
behavioral1/memory/2796-2490-0x000000013F5A0000-0x000000013F8F1000-memory.dmp	xmrig
behavioral1/memory/2228-2499-0x000000013F7E0000-0x000000013FB31000-memory.dmp	xmrig
behavioral1/memory/2488-2510-0x000000013F640000-0x000000013F991000-memory.dmp	xmrig
behavioral1/memory/2148-2626-0x000000013FE30000-0x0000000140181000-memory.dmp	xmrig
behavioral1/memory/2340-2638-0x000000013F1B0000-0x000000013F501000-memory.dmp	xmrig
behavioral1/memory/2672-2642-0x000000013FAA0000-0x000000013FDF1000-memory.dmp	xmrig
behavioral1/memory/2844-2650-0x000000013F720000-0x000000013FA71000-memory.dmp	xmrig
behavioral1/memory/2848-2646-0x000000013F8E0000-0x000000013FC31000-memory.dmp	xmrig
behavioral1/memory/2628-2654-0x000000013F410000-0x000000013F761000-memory.dmp	xmrig
behavioral1/memory/1112-2749-0x000000013F630000-0x000000013F981000-memory.dmp	xmrig
behavioral1/memory/1468-2739-0x000000013F5C0000-0x000000013F911000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2564	ErJkELg.exe
2292	UFQgUcc.exe
2076	zSTZayO.exe
2228	DStSFOC.exe
2488	KPvcRtK.exe
2796	feWyZnb.exe
2148	zfbFBdR.exe
2340	OGyQpug.exe
2848	stJEaqo.exe
2628	sIRqaFC.exe
2844	CvByWge.exe
2672	zZVMSiw.exe
1112	ZSTBNYZ.exe
1468	YOcfrgz.exe
2268	EKSVwzX.exe
2064	EoAnrty.exe
1964	uMMacnr.exe
1832	FBGhLYs.exe
1984	YEzyBtl.exe
1720	cHgpfZI.exe
1892	pEcdBqq.exe
2952	LmIzSop.exe
2944	RIibEne.exe
2156	bkIwjri.exe
1404	EbmADox.exe
2856	ligaTdZ.exe
1444	QYZxTjj.exe
2216	slGvweS.exe
2832	jbdNlUJ.exe
1180	nZAShGX.exe
2168	YbCqEmW.exe
1664	ClLvxUD.exe
112	VEEmYCv.exe
1452	TVlyTea.exe
1000	cZKBcKB.exe
2120	GMLmcSa.exe
3052	mRnsgUc.exe
612	XBsRGlG.exe
1208	CilkNfD.exe
304	jrMobBZ.exe
2372	tduIPmq.exe
580	ikLdyja.exe
992	woLYzDe.exe
2524	ptorByH.exe
2312	vdQRgbk.exe
776	YJvyoVb.exe
2252	RVzIwfp.exe
696	AYMssLK.exe
1424	HOlIJsT.exe
880	NcsAoVW.exe
2352	OmTeiym.exe
1640	XhAWDcu.exe
1500	kvoNoIQ.exe
2280	STzmApN.exe
2440	UfmnSZB.exe
2504	aJUXaFJ.exe
1876	kFiUYDy.exe
2052	IamAOLL.exe
2200	gqKnDvQ.exe
1784	IotrRZN.exe
2132	WBDWnWc.exe
2868	qUIIvjd.exe
2612	RkZlkVJ.exe
2656	utzZvyh.exe

Loads dropped DLL 64 IoCs

pid	Process
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1972-0-0x000000013F980000-0x000000013FCD1000-memory.dmp	upx
behavioral1/files/0x000c00000001202c-3.dat	upx
behavioral1/files/0x0008000000016c66-11.dat	upx
behavioral1/files/0x0007000000016c80-9.dat	upx
behavioral1/memory/2292-15-0x000000013F6E0000-0x000000013FA31000-memory.dmp	upx
behavioral1/memory/2564-10-0x000000013FEE0000-0x0000000140231000-memory.dmp	upx
behavioral1/files/0x0007000000016c88-22.dat	upx
behavioral1/memory/2076-21-0x000000013F320000-0x000000013F671000-memory.dmp	upx
behavioral1/memory/2228-27-0x000000013F7E0000-0x000000013FB31000-memory.dmp	upx
behavioral1/memory/2564-36-0x000000013FEE0000-0x0000000140231000-memory.dmp	upx
behavioral1/memory/2796-40-0x000000013F5A0000-0x000000013F8F1000-memory.dmp	upx
behavioral1/memory/2488-34-0x000000013F640000-0x000000013F991000-memory.dmp	upx
behavioral1/memory/1972-33-0x000000013F980000-0x000000013FCD1000-memory.dmp	upx
behavioral1/files/0x0007000000016cd7-32.dat	upx
behavioral1/files/0x0007000000016cf5-38.dat	upx
behavioral1/files/0x00090000000165c7-45.dat	upx
behavioral1/memory/2076-47-0x000000013F320000-0x000000013F671000-memory.dmp	upx
behavioral1/files/0x000600000001755b-66.dat	upx
behavioral1/files/0x0006000000017497-65.dat	upx
behavioral1/files/0x0007000000017049-51.dat	upx
behavioral1/memory/2148-64-0x000000013FE30000-0x0000000140181000-memory.dmp	upx
behavioral1/memory/2340-87-0x000000013F1B0000-0x000000013F501000-memory.dmp	upx
behavioral1/memory/2228-84-0x000000013F7E0000-0x000000013FB31000-memory.dmp	upx
behavioral1/memory/2672-81-0x000000013FAA0000-0x000000013FDF1000-memory.dmp	upx
behavioral1/memory/2844-79-0x000000013F720000-0x000000013FA71000-memory.dmp	upx
behavioral1/memory/2628-78-0x000000013F410000-0x000000013F761000-memory.dmp	upx
behavioral1/memory/2848-76-0x000000013F8E0000-0x000000013FC31000-memory.dmp	upx
behavioral1/files/0x0005000000018686-73.dat	upx
behavioral1/files/0x000600000001749c-72.dat	upx
behavioral1/files/0x00050000000186e7-93.dat	upx
behavioral1/memory/1112-94-0x000000013F630000-0x000000013F981000-memory.dmp	upx
behavioral1/memory/2796-91-0x000000013F5A0000-0x000000013F8F1000-memory.dmp	upx
behavioral1/memory/2488-90-0x000000013F640000-0x000000013F991000-memory.dmp	upx
behavioral1/files/0x00050000000186ed-96.dat	upx
behavioral1/files/0x00050000000186f1-100.dat	upx
behavioral1/files/0x00050000000186f4-112.dat	upx
behavioral1/memory/1468-111-0x000000013F5C0000-0x000000013F911000-memory.dmp	upx
behavioral1/files/0x0005000000018704-116.dat	upx
behavioral1/files/0x0005000000018744-126.dat	upx
behavioral1/files/0x000500000001878e-129.dat	upx
behavioral1/files/0x00050000000187a8-136.dat	upx
behavioral1/files/0x0006000000018c16-146.dat	upx
behavioral1/files/0x0005000000019250-156.dat	upx
behavioral1/files/0x0005000000019278-166.dat	upx
behavioral1/files/0x0005000000019360-186.dat	upx
behavioral1/memory/1112-593-0x000000013F630000-0x000000013F981000-memory.dmp	upx
behavioral1/memory/2672-364-0x000000013FAA0000-0x000000013FDF1000-memory.dmp	upx
behavioral1/memory/2844-363-0x000000013F720000-0x000000013FA71000-memory.dmp	upx
behavioral1/memory/2628-362-0x000000013F410000-0x000000013F761000-memory.dmp	upx
behavioral1/memory/2848-361-0x000000013F8E0000-0x000000013FC31000-memory.dmp	upx
behavioral1/files/0x00050000000193a6-191.dat	upx
behavioral1/files/0x000500000001933f-181.dat	upx
behavioral1/files/0x0005000000019297-175.dat	upx
behavioral1/files/0x0005000000019284-171.dat	upx
behavioral1/files/0x0005000000019269-161.dat	upx
behavioral1/files/0x0005000000019246-151.dat	upx
behavioral1/files/0x0006000000018b4e-141.dat	upx
behavioral1/files/0x0005000000018739-121.dat	upx
behavioral1/memory/2292-2360-0x000000013F6E0000-0x000000013FA31000-memory.dmp	upx
behavioral1/memory/2564-2370-0x000000013FEE0000-0x0000000140231000-memory.dmp	upx
behavioral1/memory/2796-2490-0x000000013F5A0000-0x000000013F8F1000-memory.dmp	upx
behavioral1/memory/2228-2499-0x000000013F7E0000-0x000000013FB31000-memory.dmp	upx
behavioral1/memory/2488-2510-0x000000013F640000-0x000000013F991000-memory.dmp	upx
behavioral1/memory/2148-2626-0x000000013FE30000-0x0000000140181000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\uRgdost.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oQvVGdy.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ncPCYja.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mRnsgUc.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QMVYiVS.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VtcPrNx.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CjjXIPh.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PMTidHN.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CaHKhHj.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NadDTuF.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JYVgzKW.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VFmPYHg.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tbBwjkK.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\euVHlNT.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gZpoCfZ.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ubotYcC.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TtrDojR.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NtxyKnJ.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QfeoSeC.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CVWBaAw.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZTDeGOH.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vNIyqig.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\boTgRZQ.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jLbFShh.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aTGquUc.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SpdAfbt.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vXfDjlO.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qdSuhqp.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZYqIKzm.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yiYUjok.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UFQgUcc.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZljOfhf.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WRyFmmW.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sBJarSE.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IzSCpVc.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AillpfW.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zrSKKER.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VcNSmHK.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QzijCaz.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\esmvCot.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dwKpNuU.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sgktmdI.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\asOzrSZ.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GkZaXue.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wjPsTru.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FseSwdd.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tNFMVnl.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XXTiubH.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\frKhcIb.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tHNPuqG.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iYyhYmP.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YrdrjvI.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BTHRlxw.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WBDWnWc.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CtWpCjY.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LjtUQTm.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KEpiHDA.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qbNJLnE.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dSkHkNY.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ikoQbVp.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IYFPitM.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gZaJryl.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CiKoQSt.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tklzvPV.exe	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 2564	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1972 wrote to memory of 2564	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1972 wrote to memory of 2564	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1972 wrote to memory of 2292	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1972 wrote to memory of 2292	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1972 wrote to memory of 2292	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1972 wrote to memory of 2076	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1972 wrote to memory of 2076	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1972 wrote to memory of 2076	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1972 wrote to memory of 2228	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1972 wrote to memory of 2228	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1972 wrote to memory of 2228	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1972 wrote to memory of 2488	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1972 wrote to memory of 2488	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1972 wrote to memory of 2488	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1972 wrote to memory of 2796	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1972 wrote to memory of 2796	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1972 wrote to memory of 2796	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1972 wrote to memory of 2148	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1972 wrote to memory of 2148	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1972 wrote to memory of 2148	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1972 wrote to memory of 2628	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1972 wrote to memory of 2628	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1972 wrote to memory of 2628	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1972 wrote to memory of 2340	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1972 wrote to memory of 2340	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1972 wrote to memory of 2340	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1972 wrote to memory of 2844	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1972 wrote to memory of 2844	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1972 wrote to memory of 2844	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1972 wrote to memory of 2848	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1972 wrote to memory of 2848	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1972 wrote to memory of 2848	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1972 wrote to memory of 2672	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1972 wrote to memory of 2672	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1972 wrote to memory of 2672	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1972 wrote to memory of 1112	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1972 wrote to memory of 1112	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1972 wrote to memory of 1112	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1972 wrote to memory of 1468	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1972 wrote to memory of 1468	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1972 wrote to memory of 1468	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1972 wrote to memory of 2268	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1972 wrote to memory of 2268	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1972 wrote to memory of 2268	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1972 wrote to memory of 2064	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1972 wrote to memory of 2064	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1972 wrote to memory of 2064	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1972 wrote to memory of 1964	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1972 wrote to memory of 1964	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1972 wrote to memory of 1964	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1972 wrote to memory of 1832	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1972 wrote to memory of 1832	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1972 wrote to memory of 1832	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1972 wrote to memory of 1984	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1972 wrote to memory of 1984	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1972 wrote to memory of 1984	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1972 wrote to memory of 1720	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1972 wrote to memory of 1720	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1972 wrote to memory of 1720	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1972 wrote to memory of 1892	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1972 wrote to memory of 1892	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1972 wrote to memory of 1892	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1972 wrote to memory of 2952	1972	2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-28_35bde6bb9d87ad5f8ea65beadf363434_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Windows\System\ErJkELg.exe
  C:\Windows\System\ErJkELg.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\UFQgUcc.exe
  C:\Windows\System\UFQgUcc.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\zSTZayO.exe
  C:\Windows\System\zSTZayO.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\DStSFOC.exe
  C:\Windows\System\DStSFOC.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\KPvcRtK.exe
  C:\Windows\System\KPvcRtK.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\feWyZnb.exe
  C:\Windows\System\feWyZnb.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\zfbFBdR.exe
  C:\Windows\System\zfbFBdR.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\sIRqaFC.exe
  C:\Windows\System\sIRqaFC.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\OGyQpug.exe
  C:\Windows\System\OGyQpug.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\CvByWge.exe
  C:\Windows\System\CvByWge.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\stJEaqo.exe
  C:\Windows\System\stJEaqo.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\zZVMSiw.exe
  C:\Windows\System\zZVMSiw.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\ZSTBNYZ.exe
  C:\Windows\System\ZSTBNYZ.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\YOcfrgz.exe
  C:\Windows\System\YOcfrgz.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\EKSVwzX.exe
  C:\Windows\System\EKSVwzX.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\EoAnrty.exe
  C:\Windows\System\EoAnrty.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\uMMacnr.exe
  C:\Windows\System\uMMacnr.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\FBGhLYs.exe
  C:\Windows\System\FBGhLYs.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\YEzyBtl.exe
  C:\Windows\System\YEzyBtl.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\cHgpfZI.exe
  C:\Windows\System\cHgpfZI.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\pEcdBqq.exe
  C:\Windows\System\pEcdBqq.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\LmIzSop.exe
  C:\Windows\System\LmIzSop.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\RIibEne.exe
  C:\Windows\System\RIibEne.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\bkIwjri.exe
  C:\Windows\System\bkIwjri.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\EbmADox.exe
  C:\Windows\System\EbmADox.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\ligaTdZ.exe
  C:\Windows\System\ligaTdZ.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\QYZxTjj.exe
  C:\Windows\System\QYZxTjj.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\slGvweS.exe
  C:\Windows\System\slGvweS.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\jbdNlUJ.exe
  C:\Windows\System\jbdNlUJ.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\nZAShGX.exe
  C:\Windows\System\nZAShGX.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\YbCqEmW.exe
  C:\Windows\System\YbCqEmW.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\ClLvxUD.exe
  C:\Windows\System\ClLvxUD.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\VEEmYCv.exe
  C:\Windows\System\VEEmYCv.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\TVlyTea.exe
  C:\Windows\System\TVlyTea.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\cZKBcKB.exe
  C:\Windows\System\cZKBcKB.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\GMLmcSa.exe
  C:\Windows\System\GMLmcSa.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\mRnsgUc.exe
  C:\Windows\System\mRnsgUc.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\XBsRGlG.exe
  C:\Windows\System\XBsRGlG.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\CilkNfD.exe
  C:\Windows\System\CilkNfD.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\jrMobBZ.exe
  C:\Windows\System\jrMobBZ.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\tduIPmq.exe
  C:\Windows\System\tduIPmq.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\ikLdyja.exe
  C:\Windows\System\ikLdyja.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\woLYzDe.exe
  C:\Windows\System\woLYzDe.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\ptorByH.exe
  C:\Windows\System\ptorByH.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\vdQRgbk.exe
  C:\Windows\System\vdQRgbk.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\YJvyoVb.exe
  C:\Windows\System\YJvyoVb.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\RVzIwfp.exe
  C:\Windows\System\RVzIwfp.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\AYMssLK.exe
  C:\Windows\System\AYMssLK.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\HOlIJsT.exe
  C:\Windows\System\HOlIJsT.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\NcsAoVW.exe
  C:\Windows\System\NcsAoVW.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\OmTeiym.exe
  C:\Windows\System\OmTeiym.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\XhAWDcu.exe
  C:\Windows\System\XhAWDcu.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\kvoNoIQ.exe
  C:\Windows\System\kvoNoIQ.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\STzmApN.exe
  C:\Windows\System\STzmApN.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\UfmnSZB.exe
  C:\Windows\System\UfmnSZB.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\aJUXaFJ.exe
  C:\Windows\System\aJUXaFJ.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\kFiUYDy.exe
  C:\Windows\System\kFiUYDy.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\IamAOLL.exe
  C:\Windows\System\IamAOLL.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\gqKnDvQ.exe
  C:\Windows\System\gqKnDvQ.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\IotrRZN.exe
  C:\Windows\System\IotrRZN.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\WBDWnWc.exe
  C:\Windows\System\WBDWnWc.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\qUIIvjd.exe
  C:\Windows\System\qUIIvjd.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\RkZlkVJ.exe
  C:\Windows\System\RkZlkVJ.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\utzZvyh.exe
  C:\Windows\System\utzZvyh.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\rOHpLLM.exe
  C:\Windows\System\rOHpLLM.exe
  2⤵
  PID:2772
- C:\Windows\System\gbrwPDI.exe
  C:\Windows\System\gbrwPDI.exe
  2⤵
  PID:1860
- C:\Windows\System\KpzfHGm.exe
  C:\Windows\System\KpzfHGm.exe
  2⤵
  PID:1144
- C:\Windows\System\ojAjQMB.exe
  C:\Windows\System\ojAjQMB.exe
  2⤵
  PID:1988
- C:\Windows\System\uRQsenG.exe
  C:\Windows\System\uRQsenG.exe
  2⤵
  PID:1236
- C:\Windows\System\OdfOZhw.exe
  C:\Windows\System\OdfOZhw.exe
  2⤵
  PID:2364
- C:\Windows\System\XNiWbBh.exe
  C:\Windows\System\XNiWbBh.exe
  2⤵
  PID:1684
- C:\Windows\System\NagxGGw.exe
  C:\Windows\System\NagxGGw.exe
  2⤵
  PID:2932
- C:\Windows\System\jCqGYIO.exe
  C:\Windows\System\jCqGYIO.exe
  2⤵
  PID:2948
- C:\Windows\System\lwtiqGv.exe
  C:\Windows\System\lwtiqGv.exe
  2⤵
  PID:1992
- C:\Windows\System\xbyITWA.exe
  C:\Windows\System\xbyITWA.exe
  2⤵
  PID:2980
- C:\Windows\System\WKivArD.exe
  C:\Windows\System\WKivArD.exe
  2⤵
  PID:2928
- C:\Windows\System\XDoCsdY.exe
  C:\Windows\System\XDoCsdY.exe
  2⤵
  PID:632
- C:\Windows\System\UpiopEU.exe
  C:\Windows\System\UpiopEU.exe
  2⤵
  PID:1088
- C:\Windows\System\QINJjjn.exe
  C:\Windows\System\QINJjjn.exe
  2⤵
  PID:1916
- C:\Windows\System\nbnAuEP.exe
  C:\Windows\System\nbnAuEP.exe
  2⤵
  PID:1788
- C:\Windows\System\pIzgnWP.exe
  C:\Windows\System\pIzgnWP.exe
  2⤵
  PID:2696
- C:\Windows\System\grZfUPy.exe
  C:\Windows\System\grZfUPy.exe
  2⤵
  PID:1928
- C:\Windows\System\AcoUJXx.exe
  C:\Windows\System\AcoUJXx.exe
  2⤵
  PID:1696
- C:\Windows\System\wtaFLXk.exe
  C:\Windows\System\wtaFLXk.exe
  2⤵
  PID:924
- C:\Windows\System\TtPLauH.exe
  C:\Windows\System\TtPLauH.exe
  2⤵
  PID:1604
- C:\Windows\System\iDZUVJV.exe
  C:\Windows\System\iDZUVJV.exe
  2⤵
  PID:1552
- C:\Windows\System\TFbqKHe.exe
  C:\Windows\System\TFbqKHe.exe
  2⤵
  PID:2936
- C:\Windows\System\LQDINCi.exe
  C:\Windows\System\LQDINCi.exe
  2⤵
  PID:1596
- C:\Windows\System\mrwISar.exe
  C:\Windows\System\mrwISar.exe
  2⤵
  PID:1524
- C:\Windows\System\cPVVJvJ.exe
  C:\Windows\System\cPVVJvJ.exe
  2⤵
  PID:2180
- C:\Windows\System\quTQuPP.exe
  C:\Windows\System\quTQuPP.exe
  2⤵
  PID:2116
- C:\Windows\System\opQZRLS.exe
  C:\Windows\System\opQZRLS.exe
  2⤵
  PID:2680
- C:\Windows\System\gzVbWQO.exe
  C:\Windows\System\gzVbWQO.exe
  2⤵
  PID:904
- C:\Windows\System\QATdHOB.exe
  C:\Windows\System\QATdHOB.exe
  2⤵
  PID:2744
- C:\Windows\System\RXrMGtt.exe
  C:\Windows\System\RXrMGtt.exe
  2⤵
  PID:2760
- C:\Windows\System\XSYycZc.exe
  C:\Windows\System\XSYycZc.exe
  2⤵
  PID:2084
- C:\Windows\System\rtNEYuo.exe
  C:\Windows\System\rtNEYuo.exe
  2⤵
  PID:2996
- C:\Windows\System\qkocUTs.exe
  C:\Windows\System\qkocUTs.exe
  2⤵
  PID:2800
- C:\Windows\System\GsimmPj.exe
  C:\Windows\System\GsimmPj.exe
  2⤵
  PID:828
- C:\Windows\System\GEqYyAR.exe
  C:\Windows\System\GEqYyAR.exe
  2⤵
  PID:2144
- C:\Windows\System\MWOJXwc.exe
  C:\Windows\System\MWOJXwc.exe
  2⤵
  PID:1344
- C:\Windows\System\suFjGng.exe
  C:\Windows\System\suFjGng.exe
  2⤵
  PID:1448
- C:\Windows\System\DZqYmZZ.exe
  C:\Windows\System\DZqYmZZ.exe
  2⤵
  PID:1920
- C:\Windows\System\MwhxUXF.exe
  C:\Windows\System\MwhxUXF.exe
  2⤵
  PID:1680
- C:\Windows\System\uKYugCS.exe
  C:\Windows\System\uKYugCS.exe
  2⤵
  PID:2260
- C:\Windows\System\frKhcIb.exe
  C:\Windows\System\frKhcIb.exe
  2⤵
  PID:1200
- C:\Windows\System\sUPcTKO.exe
  C:\Windows\System\sUPcTKO.exe
  2⤵
  PID:2580
- C:\Windows\System\dTLisRd.exe
  C:\Windows\System\dTLisRd.exe
  2⤵
  PID:1976
- C:\Windows\System\JHhYIpI.exe
  C:\Windows\System\JHhYIpI.exe
  2⤵
  PID:1276
- C:\Windows\System\ktaWEej.exe
  C:\Windows\System\ktaWEej.exe
  2⤵
  PID:1560
- C:\Windows\System\BWqefLZ.exe
  C:\Windows\System\BWqefLZ.exe
  2⤵
  PID:896
- C:\Windows\System\UJdqJkh.exe
  C:\Windows\System\UJdqJkh.exe
  2⤵
  PID:2596
- C:\Windows\System\tKbvoTv.exe
  C:\Windows\System\tKbvoTv.exe
  2⤵
  PID:1476
- C:\Windows\System\ThvlaNi.exe
  C:\Windows\System\ThvlaNi.exe
  2⤵
  PID:2484
- C:\Windows\System\lmJHLQE.exe
  C:\Windows\System\lmJHLQE.exe
  2⤵
  PID:2684
- C:\Windows\System\OlGDGer.exe
  C:\Windows\System\OlGDGer.exe
  2⤵
  PID:2896
- C:\Windows\System\EJamMfk.exe
  C:\Windows\System\EJamMfk.exe
  2⤵
  PID:2540
- C:\Windows\System\oqEdjam.exe
  C:\Windows\System\oqEdjam.exe
  2⤵
  PID:2728
- C:\Windows\System\qhdWmHQ.exe
  C:\Windows\System\qhdWmHQ.exe
  2⤵
  PID:2840
- C:\Windows\System\yVoOheX.exe
  C:\Windows\System\yVoOheX.exe
  2⤵
  PID:2752
- C:\Windows\System\bFNclny.exe
  C:\Windows\System\bFNclny.exe
  2⤵
  PID:2336
- C:\Windows\System\xEFLoIr.exe
  C:\Windows\System\xEFLoIr.exe
  2⤵
  PID:952
- C:\Windows\System\faumGbr.exe
  C:\Windows\System\faumGbr.exe
  2⤵
  PID:1120
- C:\Windows\System\RNlkwkr.exe
  C:\Windows\System\RNlkwkr.exe
  2⤵
  PID:2776
- C:\Windows\System\XxDLAjm.exe
  C:\Windows\System\XxDLAjm.exe
  2⤵
  PID:1016
- C:\Windows\System\oAlnfVa.exe
  C:\Windows\System\oAlnfVa.exe
  2⤵
  PID:572
- C:\Windows\System\Nfcwvkk.exe
  C:\Windows\System\Nfcwvkk.exe
  2⤵
  PID:1632
- C:\Windows\System\AEaEZxa.exe
  C:\Windows\System\AEaEZxa.exe
  2⤵
  PID:1396
- C:\Windows\System\fJQovDC.exe
  C:\Windows\System\fJQovDC.exe
  2⤵
  PID:980
- C:\Windows\System\zyMBVIA.exe
  C:\Windows\System\zyMBVIA.exe
  2⤵
  PID:768
- C:\Windows\System\FgkLWPJ.exe
  C:\Windows\System\FgkLWPJ.exe
  2⤵
  PID:1888
- C:\Windows\System\ISfKHdl.exe
  C:\Windows\System\ISfKHdl.exe
  2⤵
  PID:3012
- C:\Windows\System\uvNJcCx.exe
  C:\Windows\System\uvNJcCx.exe
  2⤵
  PID:2296
- C:\Windows\System\ClWIlja.exe
  C:\Windows\System\ClWIlja.exe
  2⤵
  PID:3068
- C:\Windows\System\OJdJhtX.exe
  C:\Windows\System\OJdJhtX.exe
  2⤵
  PID:2768
- C:\Windows\System\rHdUlgV.exe
  C:\Windows\System\rHdUlgV.exe
  2⤵
  PID:2240
- C:\Windows\System\asOzrSZ.exe
  C:\Windows\System\asOzrSZ.exe
  2⤵
  PID:2872
- C:\Windows\System\wVHiMuY.exe
  C:\Windows\System\wVHiMuY.exe
  2⤵
  PID:2664
- C:\Windows\System\TFgoiDY.exe
  C:\Windows\System\TFgoiDY.exe
  2⤵
  PID:2196
- C:\Windows\System\PMGxFMI.exe
  C:\Windows\System\PMGxFMI.exe
  2⤵
  PID:2532
- C:\Windows\System\lEevJni.exe
  C:\Windows\System\lEevJni.exe
  2⤵
  PID:2324
- C:\Windows\System\FWrHHHW.exe
  C:\Windows\System\FWrHHHW.exe
  2⤵
  PID:1576
- C:\Windows\System\XjUwrLs.exe
  C:\Windows\System\XjUwrLs.exe
  2⤵
  PID:2748
- C:\Windows\System\dSyzSIW.exe
  C:\Windows\System\dSyzSIW.exe
  2⤵
  PID:2788
- C:\Windows\System\DCVwZoY.exe
  C:\Windows\System\DCVwZoY.exe
  2⤵
  PID:2740
- C:\Windows\System\nwkuLDk.exe
  C:\Windows\System\nwkuLDk.exe
  2⤵
  PID:748
- C:\Windows\System\fzOIkOV.exe
  C:\Windows\System\fzOIkOV.exe
  2⤵
  PID:3084
- C:\Windows\System\OtTouBW.exe
  C:\Windows\System\OtTouBW.exe
  2⤵
  PID:3104
- C:\Windows\System\hZIMFHu.exe
  C:\Windows\System\hZIMFHu.exe
  2⤵
  PID:3124
- C:\Windows\System\vVxdgiO.exe
  C:\Windows\System\vVxdgiO.exe
  2⤵
  PID:3144
- C:\Windows\System\HXbgRyE.exe
  C:\Windows\System\HXbgRyE.exe
  2⤵
  PID:3164
- C:\Windows\System\kgrJtIN.exe
  C:\Windows\System\kgrJtIN.exe
  2⤵
  PID:3184
- C:\Windows\System\fwJYhcb.exe
  C:\Windows\System\fwJYhcb.exe
  2⤵
  PID:3204
- C:\Windows\System\TTrdSzp.exe
  C:\Windows\System\TTrdSzp.exe
  2⤵
  PID:3224
- C:\Windows\System\XsBLfZZ.exe
  C:\Windows\System\XsBLfZZ.exe
  2⤵
  PID:3240
- C:\Windows\System\rzCpjPr.exe
  C:\Windows\System\rzCpjPr.exe
  2⤵
  PID:3264
- C:\Windows\System\BTGuVuG.exe
  C:\Windows\System\BTGuVuG.exe
  2⤵
  PID:3280
- C:\Windows\System\HwKTNBf.exe
  C:\Windows\System\HwKTNBf.exe
  2⤵
  PID:3304
- C:\Windows\System\gVylxwx.exe
  C:\Windows\System\gVylxwx.exe
  2⤵
  PID:3324
- C:\Windows\System\jyGehjY.exe
  C:\Windows\System\jyGehjY.exe
  2⤵
  PID:3344
- C:\Windows\System\fzaAsOq.exe
  C:\Windows\System\fzaAsOq.exe
  2⤵
  PID:3364
- C:\Windows\System\WaBLmVO.exe
  C:\Windows\System\WaBLmVO.exe
  2⤵
  PID:3392
- C:\Windows\System\hysomKE.exe
  C:\Windows\System\hysomKE.exe
  2⤵
  PID:3412
- C:\Windows\System\liPYNxu.exe
  C:\Windows\System\liPYNxu.exe
  2⤵
  PID:3432
- C:\Windows\System\WmqmNaq.exe
  C:\Windows\System\WmqmNaq.exe
  2⤵
  PID:3452
- C:\Windows\System\cpEfeYW.exe
  C:\Windows\System\cpEfeYW.exe
  2⤵
  PID:3472
- C:\Windows\System\bNKeSmt.exe
  C:\Windows\System\bNKeSmt.exe
  2⤵
  PID:3492
- C:\Windows\System\ilOSoyE.exe
  C:\Windows\System\ilOSoyE.exe
  2⤵
  PID:3512
- C:\Windows\System\qQlSRuz.exe
  C:\Windows\System\qQlSRuz.exe
  2⤵
  PID:3536
- C:\Windows\System\gyXONzz.exe
  C:\Windows\System\gyXONzz.exe
  2⤵
  PID:3556
- C:\Windows\System\zEHJpqN.exe
  C:\Windows\System\zEHJpqN.exe
  2⤵
  PID:3576
- C:\Windows\System\TGsvgUg.exe
  C:\Windows\System\TGsvgUg.exe
  2⤵
  PID:3596
- C:\Windows\System\frwnLIk.exe
  C:\Windows\System\frwnLIk.exe
  2⤵
  PID:3616
- C:\Windows\System\TeklsPA.exe
  C:\Windows\System\TeklsPA.exe
  2⤵
  PID:3636
- C:\Windows\System\GgsKrnO.exe
  C:\Windows\System\GgsKrnO.exe
  2⤵
  PID:3656
- C:\Windows\System\VVvVFrs.exe
  C:\Windows\System\VVvVFrs.exe
  2⤵
  PID:3676
- C:\Windows\System\Ofgpjhs.exe
  C:\Windows\System\Ofgpjhs.exe
  2⤵
  PID:3696
- C:\Windows\System\ayHKmCt.exe
  C:\Windows\System\ayHKmCt.exe
  2⤵
  PID:3716
- C:\Windows\System\ZNQIzIM.exe
  C:\Windows\System\ZNQIzIM.exe
  2⤵
  PID:3736
- C:\Windows\System\HkOnqMB.exe
  C:\Windows\System\HkOnqMB.exe
  2⤵
  PID:3776
- C:\Windows\System\lPNhWzz.exe
  C:\Windows\System\lPNhWzz.exe
  2⤵
  PID:3796
- C:\Windows\System\obgjWqA.exe
  C:\Windows\System\obgjWqA.exe
  2⤵
  PID:3816
- C:\Windows\System\PwbUecA.exe
  C:\Windows\System\PwbUecA.exe
  2⤵
  PID:3836
- C:\Windows\System\XJAmCcT.exe
  C:\Windows\System\XJAmCcT.exe
  2⤵
  PID:3856
- C:\Windows\System\xvAXuWE.exe
  C:\Windows\System\xvAXuWE.exe
  2⤵
  PID:3872
- C:\Windows\System\CLajXba.exe
  C:\Windows\System\CLajXba.exe
  2⤵
  PID:3896
- C:\Windows\System\WOTmuvp.exe
  C:\Windows\System\WOTmuvp.exe
  2⤵
  PID:3916
- C:\Windows\System\JIgAYuD.exe
  C:\Windows\System\JIgAYuD.exe
  2⤵
  PID:3936
- C:\Windows\System\chltANM.exe
  C:\Windows\System\chltANM.exe
  2⤵
  PID:3956
- C:\Windows\System\sxBwUNf.exe
  C:\Windows\System\sxBwUNf.exe
  2⤵
  PID:3976
- C:\Windows\System\PMTidHN.exe
  C:\Windows\System\PMTidHN.exe
  2⤵
  PID:3996
- C:\Windows\System\fSHwFPh.exe
  C:\Windows\System\fSHwFPh.exe
  2⤵
  PID:4016
- C:\Windows\System\fLoduWg.exe
  C:\Windows\System\fLoduWg.exe
  2⤵
  PID:4032
- C:\Windows\System\DcVOUzX.exe
  C:\Windows\System\DcVOUzX.exe
  2⤵
  PID:4056
- C:\Windows\System\jGCmXjs.exe
  C:\Windows\System\jGCmXjs.exe
  2⤵
  PID:4072
- C:\Windows\System\JvUvOmm.exe
  C:\Windows\System\JvUvOmm.exe
  2⤵
  PID:1568
- C:\Windows\System\PtJSlHr.exe
  C:\Windows\System\PtJSlHr.exe
  2⤵
  PID:2404
- C:\Windows\System\JOZlxsh.exe
  C:\Windows\System\JOZlxsh.exe
  2⤵
  PID:1248
- C:\Windows\System\uyuzQAN.exe
  C:\Windows\System\uyuzQAN.exe
  2⤵
  PID:2248
- C:\Windows\System\JnHQZQJ.exe
  C:\Windows\System\JnHQZQJ.exe
  2⤵
  PID:2644
- C:\Windows\System\TDMauEx.exe
  C:\Windows\System\TDMauEx.exe
  2⤵
  PID:3076
- C:\Windows\System\DNOzAXz.exe
  C:\Windows\System\DNOzAXz.exe
  2⤵
  PID:1724
- C:\Windows\System\kbrdbHb.exe
  C:\Windows\System\kbrdbHb.exe
  2⤵
  PID:3172
- C:\Windows\System\qJhhzkq.exe
  C:\Windows\System\qJhhzkq.exe
  2⤵
  PID:3156
- C:\Windows\System\rMUAlPr.exe
  C:\Windows\System\rMUAlPr.exe
  2⤵
  PID:3220
- C:\Windows\System\VJHYFhm.exe
  C:\Windows\System\VJHYFhm.exe
  2⤵
  PID:3260
- C:\Windows\System\bIhGuvC.exe
  C:\Windows\System\bIhGuvC.exe
  2⤵
  PID:3288
- C:\Windows\System\TkrihmA.exe
  C:\Windows\System\TkrihmA.exe
  2⤵
  PID:3272
- C:\Windows\System\CiKoQSt.exe
  C:\Windows\System\CiKoQSt.exe
  2⤵
  PID:2496
- C:\Windows\System\uZhVUKd.exe
  C:\Windows\System\uZhVUKd.exe
  2⤵
  PID:3312
- C:\Windows\System\LiWkUjv.exe
  C:\Windows\System\LiWkUjv.exe
  2⤵
  PID:3384
- C:\Windows\System\KKzhuXY.exe
  C:\Windows\System\KKzhuXY.exe
  2⤵
  PID:3428
- C:\Windows\System\TYBzOLh.exe
  C:\Windows\System\TYBzOLh.exe
  2⤵
  PID:3408
- C:\Windows\System\utNbTeR.exe
  C:\Windows\System\utNbTeR.exe
  2⤵
  PID:3440
- C:\Windows\System\xortXtX.exe
  C:\Windows\System\xortXtX.exe
  2⤵
  PID:3480
- C:\Windows\System\UfkXjvL.exe
  C:\Windows\System\UfkXjvL.exe
  2⤵
  PID:3504
- C:\Windows\System\BTSGwtr.exe
  C:\Windows\System\BTSGwtr.exe
  2⤵
  PID:3528
- C:\Windows\System\SHKFIJz.exe
  C:\Windows\System\SHKFIJz.exe
  2⤵
  PID:3572
- C:\Windows\System\pWUsrpf.exe
  C:\Windows\System\pWUsrpf.exe
  2⤵
  PID:3624
- C:\Windows\System\PbnhcgW.exe
  C:\Windows\System\PbnhcgW.exe
  2⤵
  PID:3612
- C:\Windows\System\SfsCmFE.exe
  C:\Windows\System\SfsCmFE.exe
  2⤵
  PID:3648
- C:\Windows\System\caHAXvz.exe
  C:\Windows\System\caHAXvz.exe
  2⤵
  PID:3652
- C:\Windows\System\hYoUcPq.exe
  C:\Windows\System\hYoUcPq.exe
  2⤵
  PID:3744
- C:\Windows\System\fiBaAPb.exe
  C:\Windows\System\fiBaAPb.exe
  2⤵
  PID:3768
- C:\Windows\System\VYirrhZ.exe
  C:\Windows\System\VYirrhZ.exe
  2⤵
  PID:3732
- C:\Windows\System\aYzLncq.exe
  C:\Windows\System\aYzLncq.exe
  2⤵
  PID:3812
- C:\Windows\System\IonGgmc.exe
  C:\Windows\System\IonGgmc.exe
  2⤵
  PID:3852
- C:\Windows\System\dSkHkNY.exe
  C:\Windows\System\dSkHkNY.exe
  2⤵
  PID:3868
- C:\Windows\System\ABUzwiE.exe
  C:\Windows\System\ABUzwiE.exe
  2⤵
  PID:3984
- C:\Windows\System\eRehmCG.exe
  C:\Windows\System\eRehmCG.exe
  2⤵
  PID:4092
- C:\Windows\System\YvdUCby.exe
  C:\Windows\System\YvdUCby.exe
  2⤵
  PID:1356
- C:\Windows\System\jJdYhqe.exe
  C:\Windows\System\jJdYhqe.exe
  2⤵
  PID:2000
- C:\Windows\System\QMVYiVS.exe
  C:\Windows\System\QMVYiVS.exe
  2⤵
  PID:3524
- C:\Windows\System\lkMbpHW.exe
  C:\Windows\System\lkMbpHW.exe
  2⤵
  PID:3140
- C:\Windows\System\PrRupUE.exe
  C:\Windows\System\PrRupUE.exe
  2⤵
  PID:3176
- C:\Windows\System\DXcvjqB.exe
  C:\Windows\System\DXcvjqB.exe
  2⤵
  PID:3152
- C:\Windows\System\dsHzbgv.exe
  C:\Windows\System\dsHzbgv.exe
  2⤵
  PID:1124
- C:\Windows\System\AqmqZXS.exe
  C:\Windows\System\AqmqZXS.exe
  2⤵
  PID:3196
- C:\Windows\System\WANReCR.exe
  C:\Windows\System\WANReCR.exe
  2⤵
  PID:1672
- C:\Windows\System\RtfciMy.exe
  C:\Windows\System\RtfciMy.exe
  2⤵
  PID:3316
- C:\Windows\System\chxBlHn.exe
  C:\Windows\System\chxBlHn.exe
  2⤵
  PID:3460
- C:\Windows\System\NHkMAVY.exe
  C:\Windows\System\NHkMAVY.exe
  2⤵
  PID:3584
- C:\Windows\System\lkwexqo.exe
  C:\Windows\System\lkwexqo.exe
  2⤵
  PID:3704
- C:\Windows\System\XICuGSg.exe
  C:\Windows\System\XICuGSg.exe
  2⤵
  PID:3784
- C:\Windows\System\VtcPrNx.exe
  C:\Windows\System\VtcPrNx.exe
  2⤵
  PID:3232
- C:\Windows\System\iyrzlXG.exe
  C:\Windows\System\iyrzlXG.exe
  2⤵
  PID:1716
- C:\Windows\System\umvoLlt.exe
  C:\Windows\System\umvoLlt.exe
  2⤵
  PID:3684
- C:\Windows\System\EQOOFYf.exe
  C:\Windows\System\EQOOFYf.exe
  2⤵
  PID:3844
- C:\Windows\System\NjOobpn.exe
  C:\Windows\System\NjOobpn.exe
  2⤵
  PID:3532
- C:\Windows\System\MpYIlAs.exe
  C:\Windows\System\MpYIlAs.exe
  2⤵
  PID:3336
- C:\Windows\System\ydVzZqq.exe
  C:\Windows\System\ydVzZqq.exe
  2⤵
  PID:3944
- C:\Windows\System\WgSrosY.exe
  C:\Windows\System\WgSrosY.exe
  2⤵
  PID:2784
- C:\Windows\System\hgcDvds.exe
  C:\Windows\System\hgcDvds.exe
  2⤵
  PID:3992
- C:\Windows\System\OQoXUCt.exe
  C:\Windows\System\OQoXUCt.exe
  2⤵
  PID:2424
- C:\Windows\System\PmpLgxy.exe
  C:\Windows\System\PmpLgxy.exe
  2⤵
  PID:4028
- C:\Windows\System\dkBsDGg.exe
  C:\Windows\System\dkBsDGg.exe
  2⤵
  PID:3092
- C:\Windows\System\QuQdKVw.exe
  C:\Windows\System\QuQdKVw.exe
  2⤵
  PID:1392
- C:\Windows\System\LhkwmgO.exe
  C:\Windows\System\LhkwmgO.exe
  2⤵
  PID:1936
- C:\Windows\System\OUhTugW.exe
  C:\Windows\System\OUhTugW.exe
  2⤵
  PID:3296
- C:\Windows\System\xmkHZGs.exe
  C:\Windows\System\xmkHZGs.exe
  2⤵
  PID:3252
- C:\Windows\System\jvZQHWI.exe
  C:\Windows\System\jvZQHWI.exe
  2⤵
  PID:3484
- C:\Windows\System\exvFtZR.exe
  C:\Windows\System\exvFtZR.exe
  2⤵
  PID:1480
- C:\Windows\System\BMzAGDN.exe
  C:\Windows\System\BMzAGDN.exe
  2⤵
  PID:3628
- C:\Windows\System\eHqUspB.exe
  C:\Windows\System\eHqUspB.exe
  2⤵
  PID:3692
- C:\Windows\System\yoiwNhS.exe
  C:\Windows\System\yoiwNhS.exe
  2⤵
  PID:1704
- C:\Windows\System\WZWhWWq.exe
  C:\Windows\System\WZWhWWq.exe
  2⤵
  PID:3464
- C:\Windows\System\iJkrGTR.exe
  C:\Windows\System\iJkrGTR.exe
  2⤵
  PID:3448
- C:\Windows\System\fWLRdRx.exe
  C:\Windows\System\fWLRdRx.exe
  2⤵
  PID:3236
- C:\Windows\System\RdNjXsD.exe
  C:\Windows\System\RdNjXsD.exe
  2⤵
  PID:1620
- C:\Windows\System\zZyZnAS.exe
  C:\Windows\System\zZyZnAS.exe
  2⤵
  PID:4012
- C:\Windows\System\mbqaaGw.exe
  C:\Windows\System\mbqaaGw.exe
  2⤵
  PID:3912
- C:\Windows\System\uipthVe.exe
  C:\Windows\System\uipthVe.exe
  2⤵
  PID:4052
- C:\Windows\System\sAamTMg.exe
  C:\Windows\System\sAamTMg.exe
  2⤵
  PID:1868
- C:\Windows\System\cVLynFh.exe
  C:\Windows\System\cVLynFh.exe
  2⤵
  PID:1528
- C:\Windows\System\TFqoXRA.exe
  C:\Windows\System\TFqoXRA.exe
  2⤵
  PID:1540
- C:\Windows\System\YRbRyYj.exe
  C:\Windows\System\YRbRyYj.exe
  2⤵
  PID:3332
- C:\Windows\System\KkDmJPj.exe
  C:\Windows\System\KkDmJPj.exe
  2⤵
  PID:3248
- C:\Windows\System\vzcleiM.exe
  C:\Windows\System\vzcleiM.exe
  2⤵
  PID:1828
- C:\Windows\System\JGBkeQz.exe
  C:\Windows\System\JGBkeQz.exe
  2⤵
  PID:3884
- C:\Windows\System\JraOAIE.exe
  C:\Windows\System\JraOAIE.exe
  2⤵
  PID:2908
- C:\Windows\System\afpGrKY.exe
  C:\Windows\System\afpGrKY.exe
  2⤵
  PID:1188
- C:\Windows\System\yfmuFwB.exe
  C:\Windows\System\yfmuFwB.exe
  2⤵
  PID:2924
- C:\Windows\System\rHFxJKb.exe
  C:\Windows\System\rHFxJKb.exe
  2⤵
  PID:3100
- C:\Windows\System\esmvCot.exe
  C:\Windows\System\esmvCot.exe
  2⤵
  PID:1708
- C:\Windows\System\jSkDquK.exe
  C:\Windows\System\jSkDquK.exe
  2⤵
  PID:4024
- C:\Windows\System\TCEHCxU.exe
  C:\Windows\System\TCEHCxU.exe
  2⤵
  PID:3372
- C:\Windows\System\oliuWJZ.exe
  C:\Windows\System\oliuWJZ.exe
  2⤵
  PID:1700
- C:\Windows\System\wKSTGhZ.exe
  C:\Windows\System\wKSTGhZ.exe
  2⤵
  PID:2400
- C:\Windows\System\SpdAfbt.exe
  C:\Windows\System\SpdAfbt.exe
  2⤵
  PID:3756
- C:\Windows\System\yVeflFi.exe
  C:\Windows\System\yVeflFi.exe
  2⤵
  PID:1148
- C:\Windows\System\TpnFMcE.exe
  C:\Windows\System\TpnFMcE.exe
  2⤵
  PID:2220
- C:\Windows\System\IDEITeq.exe
  C:\Windows\System\IDEITeq.exe
  2⤵
  PID:3948
- C:\Windows\System\bFvZGng.exe
  C:\Windows\System\bFvZGng.exe
  2⤵
  PID:3908
- C:\Windows\System\lbkOCXz.exe
  C:\Windows\System\lbkOCXz.exe
  2⤵
  PID:3360
- C:\Windows\System\UuLUjMI.exe
  C:\Windows\System\UuLUjMI.exe
  2⤵
  PID:3488
- C:\Windows\System\hNYDZUr.exe
  C:\Windows\System\hNYDZUr.exe
  2⤵
  PID:3028
- C:\Windows\System\FagpfgR.exe
  C:\Windows\System\FagpfgR.exe
  2⤵
  PID:3644
- C:\Windows\System\CVWBaAw.exe
  C:\Windows\System\CVWBaAw.exe
  2⤵
  PID:4080
- C:\Windows\System\fnYEnUF.exe
  C:\Windows\System\fnYEnUF.exe
  2⤵
  PID:2904
- C:\Windows\System\eeIyTwP.exe
  C:\Windows\System\eeIyTwP.exe
  2⤵
  PID:3672
- C:\Windows\System\XAAYaPE.exe
  C:\Windows\System\XAAYaPE.exe
  2⤵
  PID:2080
- C:\Windows\System\uTGNVjt.exe
  C:\Windows\System\uTGNVjt.exe
  2⤵
  PID:3388
- C:\Windows\System\oVliOxk.exe
  C:\Windows\System\oVliOxk.exe
  2⤵
  PID:4116
- C:\Windows\System\ytjUyqo.exe
  C:\Windows\System\ytjUyqo.exe
  2⤵
  PID:4132
- C:\Windows\System\lRNgcFa.exe
  C:\Windows\System\lRNgcFa.exe
  2⤵
  PID:4152
- C:\Windows\System\MjeWhSB.exe
  C:\Windows\System\MjeWhSB.exe
  2⤵
  PID:4180
- C:\Windows\System\BKptUtD.exe
  C:\Windows\System\BKptUtD.exe
  2⤵
  PID:4196
- C:\Windows\System\ElprqXY.exe
  C:\Windows\System\ElprqXY.exe
  2⤵
  PID:4216
- C:\Windows\System\dOtDdxe.exe
  C:\Windows\System\dOtDdxe.exe
  2⤵
  PID:4276
- C:\Windows\System\WPyGgCy.exe
  C:\Windows\System\WPyGgCy.exe
  2⤵
  PID:4292
- C:\Windows\System\wFrerCP.exe
  C:\Windows\System\wFrerCP.exe
  2⤵
  PID:4312
- C:\Windows\System\tHNPuqG.exe
  C:\Windows\System\tHNPuqG.exe
  2⤵
  PID:4332
- C:\Windows\System\CwXEwwv.exe
  C:\Windows\System\CwXEwwv.exe
  2⤵
  PID:4348
- C:\Windows\System\xSCVNSV.exe
  C:\Windows\System\xSCVNSV.exe
  2⤵
  PID:4364
- C:\Windows\System\aoYICyC.exe
  C:\Windows\System\aoYICyC.exe
  2⤵
  PID:4380
- C:\Windows\System\qeEEIWu.exe
  C:\Windows\System\qeEEIWu.exe
  2⤵
  PID:4400
- C:\Windows\System\afIOjfE.exe
  C:\Windows\System\afIOjfE.exe
  2⤵
  PID:4416
- C:\Windows\System\TcXmoSY.exe
  C:\Windows\System\TcXmoSY.exe
  2⤵
  PID:4452
- C:\Windows\System\hyGqbTZ.exe
  C:\Windows\System\hyGqbTZ.exe
  2⤵
  PID:4472
- C:\Windows\System\UlEFIuO.exe
  C:\Windows\System\UlEFIuO.exe
  2⤵
  PID:4488
- C:\Windows\System\DOiwyQl.exe
  C:\Windows\System\DOiwyQl.exe
  2⤵
  PID:4512
- C:\Windows\System\XPfDuKX.exe
  C:\Windows\System\XPfDuKX.exe
  2⤵
  PID:4528
- C:\Windows\System\hVSwfOm.exe
  C:\Windows\System\hVSwfOm.exe
  2⤵
  PID:4560
- C:\Windows\System\zGQyYWT.exe
  C:\Windows\System\zGQyYWT.exe
  2⤵
  PID:4580
- C:\Windows\System\kQObguo.exe
  C:\Windows\System\kQObguo.exe
  2⤵
  PID:4624
- C:\Windows\System\liAEBWm.exe
  C:\Windows\System\liAEBWm.exe
  2⤵
  PID:4640
- C:\Windows\System\upHjpSl.exe
  C:\Windows\System\upHjpSl.exe
  2⤵
  PID:4656
- C:\Windows\System\snedtsX.exe
  C:\Windows\System\snedtsX.exe
  2⤵
  PID:4684
- C:\Windows\System\wPWgQWM.exe
  C:\Windows\System\wPWgQWM.exe
  2⤵
  PID:4700
- C:\Windows\System\CAHAPSo.exe
  C:\Windows\System\CAHAPSo.exe
  2⤵
  PID:4716
- C:\Windows\System\EixCkCl.exe
  C:\Windows\System\EixCkCl.exe
  2⤵
  PID:4736
- C:\Windows\System\DScXbcB.exe
  C:\Windows\System\DScXbcB.exe
  2⤵
  PID:4752
- C:\Windows\System\HgmCaHq.exe
  C:\Windows\System\HgmCaHq.exe
  2⤵
  PID:4772
- C:\Windows\System\bLIEyuk.exe
  C:\Windows\System\bLIEyuk.exe
  2⤵
  PID:4788
- C:\Windows\System\vjGFitp.exe
  C:\Windows\System\vjGFitp.exe
  2⤵
  PID:4816
- C:\Windows\System\gfsdIeX.exe
  C:\Windows\System\gfsdIeX.exe
  2⤵
  PID:4844
- C:\Windows\System\cXlmCWw.exe
  C:\Windows\System\cXlmCWw.exe
  2⤵
  PID:4860
- C:\Windows\System\wmuqhvc.exe
  C:\Windows\System\wmuqhvc.exe
  2⤵
  PID:4884
- C:\Windows\System\nTIuQdp.exe
  C:\Windows\System\nTIuQdp.exe
  2⤵
  PID:4900
- C:\Windows\System\VFdvLFU.exe
  C:\Windows\System\VFdvLFU.exe
  2⤵
  PID:4916
- C:\Windows\System\cnLWyGU.exe
  C:\Windows\System\cnLWyGU.exe
  2⤵
  PID:4936
- C:\Windows\System\TqFBWOl.exe
  C:\Windows\System\TqFBWOl.exe
  2⤵
  PID:4952
- C:\Windows\System\DOLKoLA.exe
  C:\Windows\System\DOLKoLA.exe
  2⤵
  PID:4972
- C:\Windows\System\CBSdqmk.exe
  C:\Windows\System\CBSdqmk.exe
  2⤵
  PID:5000
- C:\Windows\System\VNnJSHr.exe
  C:\Windows\System\VNnJSHr.exe
  2⤵
  PID:5020
- C:\Windows\System\VGMYEJK.exe
  C:\Windows\System\VGMYEJK.exe
  2⤵
  PID:5040
- C:\Windows\System\IwyiVFD.exe
  C:\Windows\System\IwyiVFD.exe
  2⤵
  PID:5064
- C:\Windows\System\TzRrIYp.exe
  C:\Windows\System\TzRrIYp.exe
  2⤵
  PID:5080
- C:\Windows\System\ZwYMTsc.exe
  C:\Windows\System\ZwYMTsc.exe
  2⤵
  PID:5104
- C:\Windows\System\lPgskTC.exe
  C:\Windows\System\lPgskTC.exe
  2⤵
  PID:1612
- C:\Windows\System\Ooqvtjc.exe
  C:\Windows\System\Ooqvtjc.exe
  2⤵
  PID:4160
- C:\Windows\System\JWnINgv.exe
  C:\Windows\System\JWnINgv.exe
  2⤵
  PID:4172
- C:\Windows\System\EhvhDKW.exe
  C:\Windows\System\EhvhDKW.exe
  2⤵
  PID:4104
- C:\Windows\System\mqPYmYp.exe
  C:\Windows\System\mqPYmYp.exe
  2⤵
  PID:4260
- C:\Windows\System\ySQkvHm.exe
  C:\Windows\System\ySQkvHm.exe
  2⤵
  PID:2700
- C:\Windows\System\lyzMWdO.exe
  C:\Windows\System\lyzMWdO.exe
  2⤵
  PID:4112
- C:\Windows\System\hnnYeWQ.exe
  C:\Windows\System\hnnYeWQ.exe
  2⤵
  PID:4244
- C:\Windows\System\zrEuzTR.exe
  C:\Windows\System\zrEuzTR.exe
  2⤵
  PID:4288
- C:\Windows\System\yjpewNs.exe
  C:\Windows\System\yjpewNs.exe
  2⤵
  PID:4232
- C:\Windows\System\rdNKzsr.exe
  C:\Windows\System\rdNKzsr.exe
  2⤵
  PID:4412
- C:\Windows\System\LSylEfO.exe
  C:\Windows\System\LSylEfO.exe
  2⤵
  PID:4436
- C:\Windows\System\EXGclQi.exe
  C:\Windows\System\EXGclQi.exe
  2⤵
  PID:4468
- C:\Windows\System\uysHsFi.exe
  C:\Windows\System\uysHsFi.exe
  2⤵
  PID:4484
- C:\Windows\System\mOTPDSx.exe
  C:\Windows\System\mOTPDSx.exe
  2⤵
  PID:4508
- C:\Windows\System\RLKtvCd.exe
  C:\Windows\System\RLKtvCd.exe
  2⤵
  PID:4540
- C:\Windows\System\LduwKPK.exe
  C:\Windows\System\LduwKPK.exe
  2⤵
  PID:4576
- C:\Windows\System\jkJjiIZ.exe
  C:\Windows\System\jkJjiIZ.exe
  2⤵
  PID:4600
- C:\Windows\System\mIZpwNM.exe
  C:\Windows\System\mIZpwNM.exe
  2⤵
  PID:4636
- C:\Windows\System\sfIWruT.exe
  C:\Windows\System\sfIWruT.exe
  2⤵
  PID:4652
- C:\Windows\System\rnudDIu.exe
  C:\Windows\System\rnudDIu.exe
  2⤵
  PID:4712
- C:\Windows\System\JQcJGSl.exe
  C:\Windows\System\JQcJGSl.exe
  2⤵
  PID:4728
- C:\Windows\System\XYvvvId.exe
  C:\Windows\System\XYvvvId.exe
  2⤵
  PID:4784
- C:\Windows\System\uvgDpmb.exe
  C:\Windows\System\uvgDpmb.exe
  2⤵
  PID:4768
- C:\Windows\System\RhbjTeU.exe
  C:\Windows\System\RhbjTeU.exe
  2⤵
  PID:4808
- C:\Windows\System\vpSAcKr.exe
  C:\Windows\System\vpSAcKr.exe
  2⤵
  PID:4868
- C:\Windows\System\aFFsSpk.exe
  C:\Windows\System\aFFsSpk.exe
  2⤵
  PID:4892
- C:\Windows\System\KffySPk.exe
  C:\Windows\System\KffySPk.exe
  2⤵
  PID:4944
- C:\Windows\System\ebmDTNe.exe
  C:\Windows\System\ebmDTNe.exe
  2⤵
  PID:4984
- C:\Windows\System\anoSNol.exe
  C:\Windows\System\anoSNol.exe
  2⤵
  PID:4616
- C:\Windows\System\gyoQYYV.exe
  C:\Windows\System\gyoQYYV.exe
  2⤵
  PID:5028
- C:\Windows\System\nBhZJSO.exe
  C:\Windows\System\nBhZJSO.exe
  2⤵
  PID:4968
- C:\Windows\System\NGIDZZJ.exe
  C:\Windows\System\NGIDZZJ.exe
  2⤵
  PID:5052
- C:\Windows\System\OnqgqgN.exe
  C:\Windows\System\OnqgqgN.exe
  2⤵
  PID:5112
- C:\Windows\System\bvIzSsj.exe
  C:\Windows\System\bvIzSsj.exe
  2⤵
  PID:4192
- C:\Windows\System\EtgamGf.exe
  C:\Windows\System\EtgamGf.exe
  2⤵
  PID:4328
- C:\Windows\System\DkMeMRb.exe
  C:\Windows\System\DkMeMRb.exe
  2⤵
  PID:4208
- C:\Windows\System\lGceDme.exe
  C:\Windows\System\lGceDme.exe
  2⤵
  PID:484
- C:\Windows\System\LDDPbyY.exe
  C:\Windows\System\LDDPbyY.exe
  2⤵
  PID:4356
- C:\Windows\System\gscqXzf.exe
  C:\Windows\System\gscqXzf.exe
  2⤵
  PID:4252
- C:\Windows\System\GpcZKSZ.exe
  C:\Windows\System\GpcZKSZ.exe
  2⤵
  PID:4432
- C:\Windows\System\wmFtcoP.exe
  C:\Windows\System\wmFtcoP.exe
  2⤵
  PID:4524
- C:\Windows\System\yqoOIdx.exe
  C:\Windows\System\yqoOIdx.exe
  2⤵
  PID:4548
- C:\Windows\System\fXSfbSA.exe
  C:\Windows\System\fXSfbSA.exe
  2⤵
  PID:4632
- C:\Windows\System\xcBvxUh.exe
  C:\Windows\System\xcBvxUh.exe
  2⤵
  PID:4680
- C:\Windows\System\GSQZPeG.exe
  C:\Windows\System\GSQZPeG.exe
  2⤵
  PID:4520
- C:\Windows\System\IHQTpMT.exe
  C:\Windows\System\IHQTpMT.exe
  2⤵
  PID:4832
- C:\Windows\System\REMhoYJ.exe
  C:\Windows\System\REMhoYJ.exe
  2⤵
  PID:4804
- C:\Windows\System\RStRVjX.exe
  C:\Windows\System\RStRVjX.exe
  2⤵
  PID:4924
- C:\Windows\System\yVdzCji.exe
  C:\Windows\System\yVdzCji.exe
  2⤵
  PID:5116
- C:\Windows\System\rkJKVoj.exe
  C:\Windows\System\rkJKVoj.exe
  2⤵
  PID:4908
- C:\Windows\System\mvkthvu.exe
  C:\Windows\System\mvkthvu.exe
  2⤵
  PID:4148
- C:\Windows\System\XBioYey.exe
  C:\Windows\System\XBioYey.exe
  2⤵
  PID:4284
- C:\Windows\System\btjXDfV.exe
  C:\Windows\System\btjXDfV.exe
  2⤵
  PID:4964
- C:\Windows\System\vvWYvey.exe
  C:\Windows\System\vvWYvey.exe
  2⤵
  PID:4424
- C:\Windows\System\vNIyqig.exe
  C:\Windows\System\vNIyqig.exe
  2⤵
  PID:4308
- C:\Windows\System\YXCkVZv.exe
  C:\Windows\System\YXCkVZv.exe
  2⤵
  PID:4496
- C:\Windows\System\vXfDjlO.exe
  C:\Windows\System\vXfDjlO.exe
  2⤵
  PID:4544
- C:\Windows\System\bsDMyio.exe
  C:\Windows\System\bsDMyio.exe
  2⤵
  PID:4608
- C:\Windows\System\mlRDqrW.exe
  C:\Windows\System\mlRDqrW.exe
  2⤵
  PID:4696
- C:\Windows\System\xVqahDi.exe
  C:\Windows\System\xVqahDi.exe
  2⤵
  PID:4780
- C:\Windows\System\WRNYLKK.exe
  C:\Windows\System\WRNYLKK.exe
  2⤵
  PID:1496
- C:\Windows\System\mHcGqDL.exe
  C:\Windows\System\mHcGqDL.exe
  2⤵
  PID:5048
- C:\Windows\System\abyFakw.exe
  C:\Windows\System\abyFakw.exe
  2⤵
  PID:4840
- C:\Windows\System\AeTlvdF.exe
  C:\Windows\System\AeTlvdF.exe
  2⤵
  PID:4256
- C:\Windows\System\lUGCAAE.exe
  C:\Windows\System\lUGCAAE.exe
  2⤵
  PID:5032
- C:\Windows\System\eJVGvJD.exe
  C:\Windows\System\eJVGvJD.exe
  2⤵
  PID:4300
- C:\Windows\System\MOEDwMp.exe
  C:\Windows\System\MOEDwMp.exe
  2⤵
  PID:4648
- C:\Windows\System\iLgltFP.exe
  C:\Windows\System\iLgltFP.exe
  2⤵
  PID:4556
- C:\Windows\System\FreYDIH.exe
  C:\Windows\System\FreYDIH.exe
  2⤵
  PID:5100
- C:\Windows\System\Mmazipz.exe
  C:\Windows\System\Mmazipz.exe
  2⤵
  PID:4912
- C:\Windows\System\omccgyH.exe
  C:\Windows\System\omccgyH.exe
  2⤵
  PID:3116
- C:\Windows\System\YEoYfzw.exe
  C:\Windows\System\YEoYfzw.exe
  2⤵
  PID:5012
- C:\Windows\System\mmJEcFs.exe
  C:\Windows\System\mmJEcFs.exe
  2⤵
  PID:4748
- C:\Windows\System\lgDmHha.exe
  C:\Windows\System\lgDmHha.exe
  2⤵
  PID:4856
- C:\Windows\System\cLLbGpY.exe
  C:\Windows\System\cLLbGpY.exe
  2⤵
  PID:4960
- C:\Windows\System\tsfbfpf.exe
  C:\Windows\System\tsfbfpf.exe
  2⤵
  PID:5092
- C:\Windows\System\iwRGisl.exe
  C:\Windows\System\iwRGisl.exe
  2⤵
  PID:4480
- C:\Windows\System\tklzvPV.exe
  C:\Windows\System\tklzvPV.exe
  2⤵
  PID:2624
- C:\Windows\System\AWxPqYB.exe
  C:\Windows\System\AWxPqYB.exe
  2⤵
  PID:5124
- C:\Windows\System\SxZlSuL.exe
  C:\Windows\System\SxZlSuL.exe
  2⤵
  PID:5144
- C:\Windows\System\plTduCL.exe
  C:\Windows\System\plTduCL.exe
  2⤵
  PID:5160
- C:\Windows\System\zjgqIHj.exe
  C:\Windows\System\zjgqIHj.exe
  2⤵
  PID:5184
- C:\Windows\System\pDGLTbV.exe
  C:\Windows\System\pDGLTbV.exe
  2⤵
  PID:5200
- C:\Windows\System\mPKhwkW.exe
  C:\Windows\System\mPKhwkW.exe
  2⤵
  PID:5220
- C:\Windows\System\tePFSsX.exe
  C:\Windows\System\tePFSsX.exe
  2⤵
  PID:5236
- C:\Windows\System\lhglrYX.exe
  C:\Windows\System\lhglrYX.exe
  2⤵
  PID:5264
- C:\Windows\System\nnnsUhH.exe
  C:\Windows\System\nnnsUhH.exe
  2⤵
  PID:5284
- C:\Windows\System\xAjrHdq.exe
  C:\Windows\System\xAjrHdq.exe
  2⤵
  PID:5304
- C:\Windows\System\MnBLROY.exe
  C:\Windows\System\MnBLROY.exe
  2⤵
  PID:5336
- C:\Windows\System\jQKWTqt.exe
  C:\Windows\System\jQKWTqt.exe
  2⤵
  PID:5352
- C:\Windows\System\IrOvfBe.exe
  C:\Windows\System\IrOvfBe.exe
  2⤵
  PID:5372
- C:\Windows\System\kcTdTTp.exe
  C:\Windows\System\kcTdTTp.exe
  2⤵
  PID:5388
- C:\Windows\System\CtWpCjY.exe
  C:\Windows\System\CtWpCjY.exe
  2⤵
  PID:5408
- C:\Windows\System\MXoakdl.exe
  C:\Windows\System\MXoakdl.exe
  2⤵
  PID:5424
- C:\Windows\System\lUXFOXo.exe
  C:\Windows\System\lUXFOXo.exe
  2⤵
  PID:5440
- C:\Windows\System\uSRSGxv.exe
  C:\Windows\System\uSRSGxv.exe
  2⤵
  PID:5456
- C:\Windows\System\AqGkVRi.exe
  C:\Windows\System\AqGkVRi.exe
  2⤵
  PID:5476
- C:\Windows\System\OXtpHUj.exe
  C:\Windows\System\OXtpHUj.exe
  2⤵
  PID:5492
- C:\Windows\System\chRCrwm.exe
  C:\Windows\System\chRCrwm.exe
  2⤵
  PID:5512
- C:\Windows\System\sUueAvX.exe
  C:\Windows\System\sUueAvX.exe
  2⤵
  PID:5544
- C:\Windows\System\AKyskAV.exe
  C:\Windows\System\AKyskAV.exe
  2⤵
  PID:5560
- C:\Windows\System\ByUAKdd.exe
  C:\Windows\System\ByUAKdd.exe
  2⤵
  PID:5576
- C:\Windows\System\pRUOEbi.exe
  C:\Windows\System\pRUOEbi.exe
  2⤵
  PID:5596
- C:\Windows\System\lxfoKyQ.exe
  C:\Windows\System\lxfoKyQ.exe
  2⤵
  PID:5612
- C:\Windows\System\JWzCyKC.exe
  C:\Windows\System\JWzCyKC.exe
  2⤵
  PID:5632
- C:\Windows\System\MBuMpnu.exe
  C:\Windows\System\MBuMpnu.exe
  2⤵
  PID:5648
- C:\Windows\System\JJtBPeA.exe
  C:\Windows\System\JJtBPeA.exe
  2⤵
  PID:5668
- C:\Windows\System\NiUmGwC.exe
  C:\Windows\System\NiUmGwC.exe
  2⤵
  PID:5684
- C:\Windows\System\UXPIhwx.exe
  C:\Windows\System\UXPIhwx.exe
  2⤵
  PID:5704
- C:\Windows\System\AlwSnfV.exe
  C:\Windows\System\AlwSnfV.exe
  2⤵
  PID:5728
- C:\Windows\System\IHUxEeP.exe
  C:\Windows\System\IHUxEeP.exe
  2⤵
  PID:5748
- C:\Windows\System\lveuzgv.exe
  C:\Windows\System\lveuzgv.exe
  2⤵
  PID:5772
- C:\Windows\System\bQHjOhc.exe
  C:\Windows\System\bQHjOhc.exe
  2⤵
  PID:5860
- C:\Windows\System\mpWYcJW.exe
  C:\Windows\System\mpWYcJW.exe
  2⤵
  PID:5876
- C:\Windows\System\qmhHoYU.exe
  C:\Windows\System\qmhHoYU.exe
  2⤵
  PID:5892
- C:\Windows\System\utnyaDI.exe
  C:\Windows\System\utnyaDI.exe
  2⤵
  PID:5920
- C:\Windows\System\IDzawmT.exe
  C:\Windows\System\IDzawmT.exe
  2⤵
  PID:5936
- C:\Windows\System\kTzkzyN.exe
  C:\Windows\System\kTzkzyN.exe
  2⤵
  PID:5952
- C:\Windows\System\lPhLTEf.exe
  C:\Windows\System\lPhLTEf.exe
  2⤵
  PID:5968
- C:\Windows\System\cpOJgkW.exe
  C:\Windows\System\cpOJgkW.exe
  2⤵
  PID:5984
- C:\Windows\System\WGLCGzB.exe
  C:\Windows\System\WGLCGzB.exe
  2⤵
  PID:6004
- C:\Windows\System\YRwZJAz.exe
  C:\Windows\System\YRwZJAz.exe
  2⤵
  PID:6020
- C:\Windows\System\VCujtzb.exe
  C:\Windows\System\VCujtzb.exe
  2⤵
  PID:6040
- C:\Windows\System\EcKVIkR.exe
  C:\Windows\System\EcKVIkR.exe
  2⤵
  PID:6056
- C:\Windows\System\spdLzcY.exe
  C:\Windows\System\spdLzcY.exe
  2⤵
  PID:6072
- C:\Windows\System\TFZwsKm.exe
  C:\Windows\System\TFZwsKm.exe
  2⤵
  PID:6092
- C:\Windows\System\wAtwsGz.exe
  C:\Windows\System\wAtwsGz.exe
  2⤵
  PID:6112
- C:\Windows\System\WKVPOum.exe
  C:\Windows\System\WKVPOum.exe
  2⤵
  PID:6128
- C:\Windows\System\bStscpS.exe
  C:\Windows\System\bStscpS.exe
  2⤵
  PID:5140
- C:\Windows\System\TnVlCQT.exe
  C:\Windows\System\TnVlCQT.exe
  2⤵
  PID:5168
- C:\Windows\System\TFhJMJN.exe
  C:\Windows\System\TFhJMJN.exe
  2⤵
  PID:5208
- C:\Windows\System\PnqHqvo.exe
  C:\Windows\System\PnqHqvo.exe
  2⤵
  PID:5192
- C:\Windows\System\dUFNazI.exe
  C:\Windows\System\dUFNazI.exe
  2⤵
  PID:5248
- C:\Windows\System\pIrJBcN.exe
  C:\Windows\System\pIrJBcN.exe
  2⤵
  PID:5300
- C:\Windows\System\zAicsZh.exe
  C:\Windows\System\zAicsZh.exe
  2⤵
  PID:5312
- C:\Windows\System\CHvNkbk.exe
  C:\Windows\System\CHvNkbk.exe
  2⤵
  PID:5316
- C:\Windows\System\ACprtAZ.exe
  C:\Windows\System\ACprtAZ.exe
  2⤵
  PID:5400
- C:\Windows\System\IzSCpVc.exe
  C:\Windows\System\IzSCpVc.exe
  2⤵
  PID:5472
- C:\Windows\System\yxsUPLL.exe
  C:\Windows\System\yxsUPLL.exe
  2⤵
  PID:5488
- C:\Windows\System\jotPCza.exe
  C:\Windows\System\jotPCza.exe
  2⤵
  PID:5532
- C:\Windows\System\bibWjZc.exe
  C:\Windows\System\bibWjZc.exe
  2⤵
  PID:5608
- C:\Windows\System\pTmdzAm.exe
  C:\Windows\System\pTmdzAm.exe
  2⤵
  PID:5720
- C:\Windows\System\aBFJjLF.exe
  C:\Windows\System\aBFJjLF.exe
  2⤵
  PID:5664
- C:\Windows\System\wjTgLRS.exe
  C:\Windows\System\wjTgLRS.exe
  2⤵
  PID:5740
- C:\Windows\System\Vrdbasu.exe
  C:\Windows\System\Vrdbasu.exe
  2⤵
  PID:5760
- C:\Windows\System\sqTwOei.exe
  C:\Windows\System\sqTwOei.exe
  2⤵
  PID:5784
- C:\Windows\System\IkneasM.exe
  C:\Windows\System\IkneasM.exe
  2⤵
  PID:5808
- C:\Windows\System\qmUFeGd.exe
  C:\Windows\System\qmUFeGd.exe
  2⤵
  PID:5820
- C:\Windows\System\SLAiYwf.exe
  C:\Windows\System\SLAiYwf.exe
  2⤵
  PID:5828
- C:\Windows\System\NcsmzEi.exe
  C:\Windows\System\NcsmzEi.exe
  2⤵
  PID:5868
- C:\Windows\System\LHjlIeJ.exe
  C:\Windows\System\LHjlIeJ.exe
  2⤵
  PID:5904
- C:\Windows\System\YOnKewt.exe
  C:\Windows\System\YOnKewt.exe
  2⤵
  PID:5976
- C:\Windows\System\EfqWuih.exe
  C:\Windows\System\EfqWuih.exe
  2⤵
  PID:6052
- C:\Windows\System\wpdknkF.exe
  C:\Windows\System\wpdknkF.exe
  2⤵
  PID:6124
- C:\Windows\System\YhEzpLt.exe
  C:\Windows\System\YhEzpLt.exe
  2⤵
  PID:5156
- C:\Windows\System\xlJURew.exe
  C:\Windows\System\xlJURew.exe
  2⤵
  PID:4620
- C:\Windows\System\arkcJwd.exe
  C:\Windows\System\arkcJwd.exe
  2⤵
  PID:5964
- C:\Windows\System\qenrUKm.exe
  C:\Windows\System\qenrUKm.exe
  2⤵
  PID:6104
- C:\Windows\System\qdSuhqp.exe
  C:\Windows\System\qdSuhqp.exe
  2⤵
  PID:5180
- C:\Windows\System\tbBwjkK.exe
  C:\Windows\System\tbBwjkK.exe
  2⤵
  PID:5280
- C:\Windows\System\dbMwomE.exe
  C:\Windows\System\dbMwomE.exe
  2⤵
  PID:5324
- C:\Windows\System\hwvYZJD.exe
  C:\Windows\System\hwvYZJD.exe
  2⤵
  PID:5368
- C:\Windows\System\CiNYPRm.exe
  C:\Windows\System\CiNYPRm.exe
  2⤵
  PID:5396
- C:\Windows\System\kYVauSK.exe
  C:\Windows\System\kYVauSK.exe
  2⤵
  PID:5432
- C:\Windows\System\DPyPwcY.exe
  C:\Windows\System\DPyPwcY.exe
  2⤵
  PID:5528
- C:\Windows\System\BXJeiok.exe
  C:\Windows\System\BXJeiok.exe
  2⤵
  PID:5644
- C:\Windows\System\iVhizUL.exe
  C:\Windows\System\iVhizUL.exe
  2⤵
  PID:5540
- C:\Windows\System\qKejvyp.exe
  C:\Windows\System\qKejvyp.exe
  2⤵
  PID:5588
- C:\Windows\System\tHZNxDa.exe
  C:\Windows\System\tHZNxDa.exe
  2⤵
  PID:5584
- C:\Windows\System\jEOTcHe.exe
  C:\Windows\System\jEOTcHe.exe
  2⤵
  PID:5656
- C:\Windows\System\AUfZXqS.exe
  C:\Windows\System\AUfZXqS.exe
  2⤵
  PID:5796
- C:\Windows\System\QpgnZyZ.exe
  C:\Windows\System\QpgnZyZ.exe
  2⤵
  PID:5804
- C:\Windows\System\qHMNcDL.exe
  C:\Windows\System\qHMNcDL.exe
  2⤵
  PID:5884
- C:\Windows\System\mWvUBNJ.exe
  C:\Windows\System\mWvUBNJ.exe
  2⤵
  PID:6084
- C:\Windows\System\vRUGHWn.exe
  C:\Windows\System\vRUGHWn.exe
  2⤵
  PID:5152
- C:\Windows\System\vORwCFU.exe
  C:\Windows\System\vORwCFU.exe
  2⤵
  PID:5992
- C:\Windows\System\OtIxrXQ.exe
  C:\Windows\System\OtIxrXQ.exe
  2⤵
  PID:5932
- C:\Windows\System\lhweamg.exe
  C:\Windows\System\lhweamg.exe
  2⤵
  PID:6136
- C:\Windows\System\oGyLgcD.exe
  C:\Windows\System\oGyLgcD.exe
  2⤵
  PID:5260
- C:\Windows\System\akhcxRc.exe
  C:\Windows\System\akhcxRc.exe
  2⤵
  PID:5344
- C:\Windows\System\UQMRXnp.exe
  C:\Windows\System\UQMRXnp.exe
  2⤵
  PID:5572
- C:\Windows\System\TYTmoOp.exe
  C:\Windows\System\TYTmoOp.exe
  2⤵
  PID:5620
- C:\Windows\System\sdEljPJ.exe
  C:\Windows\System\sdEljPJ.exe
  2⤵
  PID:5416
- C:\Windows\System\OhilMrK.exe
  C:\Windows\System\OhilMrK.exe
  2⤵
  PID:5712
- C:\Windows\System\rCCcRYp.exe
  C:\Windows\System\rCCcRYp.exe
  2⤵
  PID:5676
- C:\Windows\System\WDjZWbU.exe
  C:\Windows\System\WDjZWbU.exe
  2⤵
  PID:5716
- C:\Windows\System\WlCytbJ.exe
  C:\Windows\System\WlCytbJ.exe
  2⤵
  PID:5780
- C:\Windows\System\QCycxdz.exe
  C:\Windows\System\QCycxdz.exe
  2⤵
  PID:4828
- C:\Windows\System\zdCuBkZ.exe
  C:\Windows\System\zdCuBkZ.exe
  2⤵
  PID:6048
- C:\Windows\System\CttkDcS.exe
  C:\Windows\System\CttkDcS.exe
  2⤵
  PID:5216
- C:\Windows\System\BiozAFe.exe
  C:\Windows\System\BiozAFe.exe
  2⤵
  PID:5624
- C:\Windows\System\uIXJJWT.exe
  C:\Windows\System\uIXJJWT.exe
  2⤵
  PID:5736
- C:\Windows\System\KFbQbxJ.exe
  C:\Windows\System\KFbQbxJ.exe
  2⤵
  PID:5836
- C:\Windows\System\gpmEscy.exe
  C:\Windows\System\gpmEscy.exe
  2⤵
  PID:5508
- C:\Windows\System\gJwFMfF.exe
  C:\Windows\System\gJwFMfF.exe
  2⤵
  PID:6160
- C:\Windows\System\DrKaeLE.exe
  C:\Windows\System\DrKaeLE.exe
  2⤵
  PID:6180
- C:\Windows\System\MMZmWfY.exe
  C:\Windows\System\MMZmWfY.exe
  2⤵
  PID:6196
- C:\Windows\System\VswkJzp.exe
  C:\Windows\System\VswkJzp.exe
  2⤵
  PID:6216
- C:\Windows\System\iaNdOAa.exe
  C:\Windows\System\iaNdOAa.exe
  2⤵
  PID:6232
- C:\Windows\System\ezFFkbZ.exe
  C:\Windows\System\ezFFkbZ.exe
  2⤵
  PID:6252
- C:\Windows\System\woPaeEU.exe
  C:\Windows\System\woPaeEU.exe
  2⤵
  PID:6272
- C:\Windows\System\GxODSRm.exe
  C:\Windows\System\GxODSRm.exe
  2⤵
  PID:6288
- C:\Windows\System\vqQcJMr.exe
  C:\Windows\System\vqQcJMr.exe
  2⤵
  PID:6312
- C:\Windows\System\JIQQIjJ.exe
  C:\Windows\System\JIQQIjJ.exe
  2⤵
  PID:6380
- C:\Windows\System\jYKbWPm.exe
  C:\Windows\System\jYKbWPm.exe
  2⤵
  PID:6396
- C:\Windows\System\kFiSAYI.exe
  C:\Windows\System\kFiSAYI.exe
  2⤵
  PID:6412
- C:\Windows\System\pkOUOoz.exe
  C:\Windows\System\pkOUOoz.exe
  2⤵
  PID:6428
- C:\Windows\System\LzwywEN.exe
  C:\Windows\System\LzwywEN.exe
  2⤵
  PID:6444
- C:\Windows\System\wfeXfyq.exe
  C:\Windows\System\wfeXfyq.exe
  2⤵
  PID:6460
- C:\Windows\System\RUFquSn.exe
  C:\Windows\System\RUFquSn.exe
  2⤵
  PID:6480
- C:\Windows\System\hXDnVww.exe
  C:\Windows\System\hXDnVww.exe
  2⤵
  PID:6500
- C:\Windows\System\ZljOfhf.exe
  C:\Windows\System\ZljOfhf.exe
  2⤵
  PID:6516
- C:\Windows\System\CwdzJKH.exe
  C:\Windows\System\CwdzJKH.exe
  2⤵
  PID:6544
- C:\Windows\System\KsjSIov.exe
  C:\Windows\System\KsjSIov.exe
  2⤵
  PID:6576
- C:\Windows\System\crFHrAf.exe
  C:\Windows\System\crFHrAf.exe
  2⤵
  PID:6592
- C:\Windows\System\NNifimq.exe
  C:\Windows\System\NNifimq.exe
  2⤵
  PID:6612
- C:\Windows\System\OwCjPVs.exe
  C:\Windows\System\OwCjPVs.exe
  2⤵
  PID:6632
- C:\Windows\System\pPMwpow.exe
  C:\Windows\System\pPMwpow.exe
  2⤵
  PID:6648
- C:\Windows\System\PpydeYW.exe
  C:\Windows\System\PpydeYW.exe
  2⤵
  PID:6664
- C:\Windows\System\rNpkRiR.exe
  C:\Windows\System\rNpkRiR.exe
  2⤵
  PID:6688
- C:\Windows\System\eVYbuzW.exe
  C:\Windows\System\eVYbuzW.exe
  2⤵
  PID:6704
- C:\Windows\System\fGlvkud.exe
  C:\Windows\System\fGlvkud.exe
  2⤵
  PID:6732
- C:\Windows\System\UzjHxqJ.exe
  C:\Windows\System\UzjHxqJ.exe
  2⤵
  PID:6748
- C:\Windows\System\RqEVcum.exe
  C:\Windows\System\RqEVcum.exe
  2⤵
  PID:6764
- C:\Windows\System\jVutoHc.exe
  C:\Windows\System\jVutoHc.exe
  2⤵
  PID:6780
- C:\Windows\System\wAWwOMR.exe
  C:\Windows\System\wAWwOMR.exe
  2⤵
  PID:6800
- C:\Windows\System\lVkCPKf.exe
  C:\Windows\System\lVkCPKf.exe
  2⤵
  PID:6820
- C:\Windows\System\RQtHSSg.exe
  C:\Windows\System\RQtHSSg.exe
  2⤵
  PID:6864
- C:\Windows\System\TunmyRN.exe
  C:\Windows\System\TunmyRN.exe
  2⤵
  PID:6888
- C:\Windows\System\gadjyLc.exe
  C:\Windows\System\gadjyLc.exe
  2⤵
  PID:6904
- C:\Windows\System\DonrJWA.exe
  C:\Windows\System\DonrJWA.exe
  2⤵
  PID:6920
- C:\Windows\System\eCfYolf.exe
  C:\Windows\System\eCfYolf.exe
  2⤵
  PID:6940
- C:\Windows\System\euVHlNT.exe
  C:\Windows\System\euVHlNT.exe
  2⤵
  PID:6956
- C:\Windows\System\FWHWmAp.exe
  C:\Windows\System\FWHWmAp.exe
  2⤵
  PID:6976
- C:\Windows\System\yhdEKxM.exe
  C:\Windows\System\yhdEKxM.exe
  2⤵
  PID:6992
- C:\Windows\System\ATyXZNT.exe
  C:\Windows\System\ATyXZNT.exe
  2⤵
  PID:7012
- C:\Windows\System\pOWdiEI.exe
  C:\Windows\System\pOWdiEI.exe
  2⤵
  PID:7028
- C:\Windows\System\poQosMp.exe
  C:\Windows\System\poQosMp.exe
  2⤵
  PID:7044
- C:\Windows\System\pserHcn.exe
  C:\Windows\System\pserHcn.exe
  2⤵
  PID:7060
- C:\Windows\System\rOUaFuq.exe
  C:\Windows\System\rOUaFuq.exe
  2⤵
  PID:7080
- C:\Windows\System\fUlvLsk.exe
  C:\Windows\System\fUlvLsk.exe
  2⤵
  PID:7104
- C:\Windows\System\kBgAdeF.exe
  C:\Windows\System\kBgAdeF.exe
  2⤵
  PID:7120
- C:\Windows\System\cPCmnAs.exe
  C:\Windows\System\cPCmnAs.exe
  2⤵
  PID:7136
- C:\Windows\System\hDRrrBQ.exe
  C:\Windows\System\hDRrrBQ.exe
  2⤵
  PID:7152
- C:\Windows\System\pwSxhhG.exe
  C:\Windows\System\pwSxhhG.exe
  2⤵
  PID:6028
- C:\Windows\System\YXWnkCq.exe
  C:\Windows\System\YXWnkCq.exe
  2⤵
  PID:6172
- C:\Windows\System\nfFLFEz.exe
  C:\Windows\System\nfFLFEz.exe
  2⤵
  PID:6212
- C:\Windows\System\enAXEhX.exe
  C:\Windows\System\enAXEhX.exe
  2⤵
  PID:6280
- C:\Windows\System\VckQEBf.exe
  C:\Windows\System\VckQEBf.exe
  2⤵
  PID:6344
- C:\Windows\System\XsvDxgt.exe
  C:\Windows\System\XsvDxgt.exe
  2⤵
  PID:6224
- C:\Windows\System\eNdgBmY.exe
  C:\Windows\System\eNdgBmY.exe
  2⤵
  PID:6368
- C:\Windows\System\wUYsZhg.exe
  C:\Windows\System\wUYsZhg.exe
  2⤵
  PID:6376
- C:\Windows\System\pEEbhVl.exe
  C:\Windows\System\pEEbhVl.exe
  2⤵
  PID:5296
- C:\Windows\System\IqVLpjD.exe
  C:\Windows\System\IqVLpjD.exe
  2⤵
  PID:5832
- C:\Windows\System\HjpWWOz.exe
  C:\Windows\System\HjpWWOz.exe
  2⤵
  PID:5176
- C:\Windows\System\YoHhkHF.exe
  C:\Windows\System\YoHhkHF.exe
  2⤵
  PID:5276
- C:\Windows\System\ErAzWGd.exe
  C:\Windows\System\ErAzWGd.exe
  2⤵
  PID:5948
- C:\Windows\System\dLQYAao.exe
  C:\Windows\System\dLQYAao.exe
  2⤵
  PID:6264
- C:\Windows\System\bjvHdET.exe
  C:\Windows\System\bjvHdET.exe
  2⤵
  PID:6404
- C:\Windows\System\oXfVfgg.exe
  C:\Windows\System\oXfVfgg.exe
  2⤵
  PID:6476
- C:\Windows\System\UDDQlVT.exe
  C:\Windows\System\UDDQlVT.exe
  2⤵
  PID:6560
- C:\Windows\System\iRbHYht.exe
  C:\Windows\System\iRbHYht.exe
  2⤵
  PID:6556
- C:\Windows\System\dzdSueG.exe
  C:\Windows\System\dzdSueG.exe
  2⤵
  PID:6640
- C:\Windows\System\pBmvBaH.exe
  C:\Windows\System\pBmvBaH.exe
  2⤵
  PID:6684
- C:\Windows\System\mEBvYKg.exe
  C:\Windows\System\mEBvYKg.exe
  2⤵
  PID:6628
- C:\Windows\System\gzPpYjP.exe
  C:\Windows\System\gzPpYjP.exe
  2⤵
  PID:6420
- C:\Windows\System\qEumDRB.exe
  C:\Windows\System\qEumDRB.exe
  2⤵
  PID:6492
- C:\Windows\System\bcUdYFH.exe
  C:\Windows\System\bcUdYFH.exe
  2⤵
  PID:6540
- C:\Windows\System\bBfgPjX.exe
  C:\Windows\System\bBfgPjX.exe
  2⤵
  PID:6792
- C:\Windows\System\pPliAcg.exe
  C:\Windows\System\pPliAcg.exe
  2⤵
  PID:6836
- C:\Windows\System\AmIAEek.exe
  C:\Windows\System\AmIAEek.exe
  2⤵
  PID:6844
- C:\Windows\System\gkcntyy.exe
  C:\Windows\System\gkcntyy.exe
  2⤵
  PID:6832
- C:\Windows\System\UUGaPXf.exe
  C:\Windows\System\UUGaPXf.exe
  2⤵
  PID:6776
- C:\Windows\System\nWfBRNE.exe
  C:\Windows\System\nWfBRNE.exe
  2⤵
  PID:6872
- C:\Windows\System\dLLgZUh.exe
  C:\Windows\System\dLLgZUh.exe
  2⤵
  PID:6876
- C:\Windows\System\VErsyWE.exe
  C:\Windows\System\VErsyWE.exe
  2⤵
  PID:6936
- C:\Windows\System\PZAFvll.exe
  C:\Windows\System\PZAFvll.exe
  2⤵
  PID:7008
- C:\Windows\System\aZmMNbV.exe
  C:\Windows\System\aZmMNbV.exe
  2⤵
  PID:7072
- C:\Windows\System\heEZEYA.exe
  C:\Windows\System\heEZEYA.exe
  2⤵
  PID:6248
- C:\Windows\System\MRQbioI.exe
  C:\Windows\System\MRQbioI.exe
  2⤵
  PID:7164
- C:\Windows\System\KDSzkgQ.exe
  C:\Windows\System\KDSzkgQ.exe
  2⤵
  PID:6204
- C:\Windows\System\jExUViT.exe
  C:\Windows\System\jExUViT.exe
  2⤵
  PID:5484
- C:\Windows\System\rmiiopT.exe
  C:\Windows\System\rmiiopT.exe
  2⤵
  PID:6332
- C:\Windows\System\xJJgMNi.exe
  C:\Windows\System\xJJgMNi.exe
  2⤵
  PID:5912
- C:\Windows\System\XGgUCfy.exe
  C:\Windows\System\XGgUCfy.exe
  2⤵
  PID:6156
- C:\Windows\System\dwKpNuU.exe
  C:\Windows\System\dwKpNuU.exe
  2⤵
  PID:6324
- C:\Windows\System\WYsNgII.exe
  C:\Windows\System\WYsNgII.exe
  2⤵
  PID:6472
- C:\Windows\System\cCSpJcj.exe
  C:\Windows\System\cCSpJcj.exe
  2⤵
  PID:6680
- C:\Windows\System\ktTOXPI.exe
  C:\Windows\System\ktTOXPI.exe
  2⤵
  PID:6604
- C:\Windows\System\rAHIZRz.exe
  C:\Windows\System\rAHIZRz.exe
  2⤵
  PID:6728
- C:\Windows\System\DKqeYvi.exe
  C:\Windows\System\DKqeYvi.exe
  2⤵
  PID:6828
- C:\Windows\System\VUmxlwZ.exe
  C:\Windows\System\VUmxlwZ.exe
  2⤵
  PID:6860
- C:\Windows\System\KaNXirp.exe
  C:\Windows\System\KaNXirp.exe
  2⤵
  PID:6912
- C:\Windows\System\oaxnFtN.exe
  C:\Windows\System\oaxnFtN.exe
  2⤵
  PID:6840
- C:\Windows\System\AXVBoDY.exe
  C:\Windows\System\AXVBoDY.exe
  2⤵
  PID:6744
- C:\Windows\System\nTsTVYu.exe
  C:\Windows\System\nTsTVYu.exe
  2⤵
  PID:7040
- C:\Windows\System\RSMXIty.exe
  C:\Windows\System\RSMXIty.exe
  2⤵
  PID:7112
- C:\Windows\System\UcQGxHr.exe
  C:\Windows\System\UcQGxHr.exe
  2⤵
  PID:6952
- C:\Windows\System\yQRKWYY.exe
  C:\Windows\System\yQRKWYY.exe
  2⤵
  PID:7056
- C:\Windows\System\oodhwxB.exe
  C:\Windows\System\oodhwxB.exe
  2⤵
  PID:7132
- C:\Windows\System\zxNrWjd.exe
  C:\Windows\System\zxNrWjd.exe
  2⤵
  PID:6016
- C:\Windows\System\LbdrauH.exe
  C:\Windows\System\LbdrauH.exe
  2⤵
  PID:6440
- C:\Windows\System\AillpfW.exe
  C:\Windows\System\AillpfW.exe
  2⤵
  PID:6340
- C:\Windows\System\iQOiMCd.exe
  C:\Windows\System\iQOiMCd.exe
  2⤵
  PID:6436
- C:\Windows\System\qQsPTNa.exe
  C:\Windows\System\qQsPTNa.exe
  2⤵
  PID:6588
- C:\Windows\System\gZpoCfZ.exe
  C:\Windows\System\gZpoCfZ.exe
  2⤵
  PID:6064
- C:\Windows\System\HOhYnDK.exe
  C:\Windows\System\HOhYnDK.exe
  2⤵
  PID:6968
- C:\Windows\System\RxJbzja.exe
  C:\Windows\System\RxJbzja.exe
  2⤵
  PID:6932
- C:\Windows\System\ttWBMJn.exe
  C:\Windows\System\ttWBMJn.exe
  2⤵
  PID:6900
- C:\Windows\System\fLAjhJs.exe
  C:\Windows\System\fLAjhJs.exe
  2⤵
  PID:6812
- C:\Windows\System\ysmmJPk.exe
  C:\Windows\System\ysmmJPk.exe
  2⤵
  PID:7000
- C:\Windows\System\MfhJELB.exe
  C:\Windows\System\MfhJELB.exe
  2⤵
  PID:6984
- C:\Windows\System\SMxXTid.exe
  C:\Windows\System\SMxXTid.exe
  2⤵
  PID:7144
- C:\Windows\System\xtchOHt.exe
  C:\Windows\System\xtchOHt.exe
  2⤵
  PID:5468
- C:\Windows\System\boTgRZQ.exe
  C:\Windows\System\boTgRZQ.exe
  2⤵
  PID:6372
- C:\Windows\System\cOblSOg.exe
  C:\Windows\System\cOblSOg.exe
  2⤵
  PID:6068
- C:\Windows\System\fHQfoMU.exe
  C:\Windows\System\fHQfoMU.exe
  2⤵
  PID:6572
- C:\Windows\System\PlvdcIt.exe
  C:\Windows\System\PlvdcIt.exe
  2⤵
  PID:6528
- C:\Windows\System\NUUKldg.exe
  C:\Windows\System\NUUKldg.exe
  2⤵
  PID:5604
- C:\Windows\System\stzoPvR.exe
  C:\Windows\System\stzoPvR.exe
  2⤵
  PID:6916
- C:\Windows\System\QxldOlG.exe
  C:\Windows\System\QxldOlG.exe
  2⤵
  PID:6244
- C:\Windows\System\qdrgShp.exe
  C:\Windows\System\qdrgShp.exe
  2⤵
  PID:6468
- C:\Windows\System\vHpVVYK.exe
  C:\Windows\System\vHpVVYK.exe
  2⤵
  PID:7116
- C:\Windows\System\JSMBTHq.exe
  C:\Windows\System\JSMBTHq.exe
  2⤵
  PID:6672
- C:\Windows\System\zrSKKER.exe
  C:\Windows\System\zrSKKER.exe
  2⤵
  PID:6268
- C:\Windows\System\OkWYUzm.exe
  C:\Windows\System\OkWYUzm.exe
  2⤵
  PID:6568
- C:\Windows\System\osXEBtC.exe
  C:\Windows\System\osXEBtC.exe
  2⤵
  PID:6168
- C:\Windows\System\VpuMecr.exe
  C:\Windows\System\VpuMecr.exe
  2⤵
  PID:6624
- C:\Windows\System\LhObFRd.exe
  C:\Windows\System\LhObFRd.exe
  2⤵
  PID:6452
- C:\Windows\System\Tlqvdfy.exe
  C:\Windows\System\Tlqvdfy.exe
  2⤵
  PID:6260
- C:\Windows\System\LvgrZqf.exe
  C:\Windows\System\LvgrZqf.exe
  2⤵
  PID:6724
- C:\Windows\System\JzxLyVo.exe
  C:\Windows\System\JzxLyVo.exe
  2⤵
  PID:7096
- C:\Windows\System\MSMKGwv.exe
  C:\Windows\System\MSMKGwv.exe
  2⤵
  PID:5328
- C:\Windows\System\UkAEVQA.exe
  C:\Windows\System\UkAEVQA.exe
  2⤵
  PID:7188
- C:\Windows\System\DXLgLeh.exe
  C:\Windows\System\DXLgLeh.exe
  2⤵
  PID:7216
- C:\Windows\System\EDEHjsw.exe
  C:\Windows\System\EDEHjsw.exe
  2⤵
  PID:7236
- C:\Windows\System\qQxHQLZ.exe
  C:\Windows\System\qQxHQLZ.exe
  2⤵
  PID:7252
- C:\Windows\System\YTKtlYo.exe
  C:\Windows\System\YTKtlYo.exe
  2⤵
  PID:7272
- C:\Windows\System\OtJrdnP.exe
  C:\Windows\System\OtJrdnP.exe
  2⤵
  PID:7288
- C:\Windows\System\pesqzcw.exe
  C:\Windows\System\pesqzcw.exe
  2⤵
  PID:7304
- C:\Windows\System\sFUcIqD.exe
  C:\Windows\System\sFUcIqD.exe
  2⤵
  PID:7392
- C:\Windows\System\AFvNWKT.exe
  C:\Windows\System\AFvNWKT.exe
  2⤵
  PID:7416
- C:\Windows\System\PNHcPZB.exe
  C:\Windows\System\PNHcPZB.exe
  2⤵
  PID:7436
- C:\Windows\System\NLVRehe.exe
  C:\Windows\System\NLVRehe.exe
  2⤵
  PID:7452
- C:\Windows\System\IYFpymm.exe
  C:\Windows\System\IYFpymm.exe
  2⤵
  PID:7468
- C:\Windows\System\YYOMXFg.exe
  C:\Windows\System\YYOMXFg.exe
  2⤵
  PID:7484
- C:\Windows\System\WRyFmmW.exe
  C:\Windows\System\WRyFmmW.exe
  2⤵
  PID:7500
- C:\Windows\System\TUWRkgK.exe
  C:\Windows\System\TUWRkgK.exe
  2⤵
  PID:7516
- C:\Windows\System\jniBPxR.exe
  C:\Windows\System\jniBPxR.exe
  2⤵
  PID:7536
- C:\Windows\System\SkmuRSl.exe
  C:\Windows\System\SkmuRSl.exe
  2⤵
  PID:7556
- C:\Windows\System\oAvzlrP.exe
  C:\Windows\System\oAvzlrP.exe
  2⤵
  PID:7572
- C:\Windows\System\OEXbmap.exe
  C:\Windows\System\OEXbmap.exe
  2⤵
  PID:7588
- C:\Windows\System\zrylXiu.exe
  C:\Windows\System\zrylXiu.exe
  2⤵
  PID:7604
- C:\Windows\System\SbAliLT.exe
  C:\Windows\System\SbAliLT.exe
  2⤵
  PID:7632
- C:\Windows\System\fEXExDV.exe
  C:\Windows\System\fEXExDV.exe
  2⤵
  PID:7648
- C:\Windows\System\OTBLBoV.exe
  C:\Windows\System\OTBLBoV.exe
  2⤵
  PID:7668
- C:\Windows\System\iJofQQF.exe
  C:\Windows\System\iJofQQF.exe
  2⤵
  PID:7724
- C:\Windows\System\fMPCBHL.exe
  C:\Windows\System\fMPCBHL.exe
  2⤵
  PID:7740
- C:\Windows\System\RCGHiAz.exe
  C:\Windows\System\RCGHiAz.exe
  2⤵
  PID:7760
- C:\Windows\System\zRodKWy.exe
  C:\Windows\System\zRodKWy.exe
  2⤵
  PID:7780
- C:\Windows\System\jcXSHit.exe
  C:\Windows\System\jcXSHit.exe
  2⤵
  PID:7796
- C:\Windows\System\CavjTgI.exe
  C:\Windows\System\CavjTgI.exe
  2⤵
  PID:7820
- C:\Windows\System\sAoauvp.exe
  C:\Windows\System\sAoauvp.exe
  2⤵
  PID:7856
- C:\Windows\System\MmwTtcW.exe
  C:\Windows\System\MmwTtcW.exe
  2⤵
  PID:7884
- C:\Windows\System\ecZdMXd.exe
  C:\Windows\System\ecZdMXd.exe
  2⤵
  PID:7904
- C:\Windows\System\XQVpFzu.exe
  C:\Windows\System\XQVpFzu.exe
  2⤵
  PID:7920
- C:\Windows\System\HrpMSog.exe
  C:\Windows\System\HrpMSog.exe
  2⤵
  PID:7936
- C:\Windows\System\DXONwRK.exe
  C:\Windows\System\DXONwRK.exe
  2⤵
  PID:7956
- C:\Windows\System\EqHBoWx.exe
  C:\Windows\System\EqHBoWx.exe
  2⤵
  PID:7976
- C:\Windows\System\DkDEGSZ.exe
  C:\Windows\System\DkDEGSZ.exe
  2⤵
  PID:7996
- C:\Windows\System\XDrgTDV.exe
  C:\Windows\System\XDrgTDV.exe
  2⤵
  PID:8012
- C:\Windows\System\BXzgJew.exe
  C:\Windows\System\BXzgJew.exe
  2⤵
  PID:8036
- C:\Windows\System\aNWemvK.exe
  C:\Windows\System\aNWemvK.exe
  2⤵
  PID:8052
- C:\Windows\System\sqhdKrr.exe
  C:\Windows\System\sqhdKrr.exe
  2⤵
  PID:8092
- C:\Windows\System\axIxfXv.exe
  C:\Windows\System\axIxfXv.exe
  2⤵
  PID:8108
- C:\Windows\System\EgSssso.exe
  C:\Windows\System\EgSssso.exe
  2⤵
  PID:8128
- C:\Windows\System\lOBFfuZ.exe
  C:\Windows\System\lOBFfuZ.exe
  2⤵
  PID:8148
- C:\Windows\System\GtvohLM.exe
  C:\Windows\System\GtvohLM.exe
  2⤵
  PID:8168
- C:\Windows\System\fzwXtbR.exe
  C:\Windows\System\fzwXtbR.exe
  2⤵
  PID:8184
- C:\Windows\System\srDuqog.exe
  C:\Windows\System\srDuqog.exe
  2⤵
  PID:7092
- C:\Windows\System\CussgRf.exe
  C:\Windows\System\CussgRf.exe
  2⤵
  PID:7224
- C:\Windows\System\duhVqKQ.exe
  C:\Windows\System\duhVqKQ.exe
  2⤵
  PID:7300
- C:\Windows\System\LgnvwBg.exe
  C:\Windows\System\LgnvwBg.exe
  2⤵
  PID:7340
- C:\Windows\System\WIVlaim.exe
  C:\Windows\System\WIVlaim.exe
  2⤵
  PID:7320
- C:\Windows\System\ySQVyFY.exe
  C:\Windows\System\ySQVyFY.exe
  2⤵
  PID:7336
- C:\Windows\System\IqvleLp.exe
  C:\Windows\System\IqvleLp.exe
  2⤵
  PID:7356
- C:\Windows\System\DwRxOQO.exe
  C:\Windows\System\DwRxOQO.exe
  2⤵
  PID:7408
- C:\Windows\System\qdfqMUs.exe
  C:\Windows\System\qdfqMUs.exe
  2⤵
  PID:7376
- C:\Windows\System\vRVhRdW.exe
  C:\Windows\System\vRVhRdW.exe
  2⤵
  PID:7512
- C:\Windows\System\jcMkYRV.exe
  C:\Windows\System\jcMkYRV.exe
  2⤵
  PID:7532
- C:\Windows\System\vhxraaI.exe
  C:\Windows\System\vhxraaI.exe
  2⤵
  PID:7548
- C:\Windows\System\YrdrjvI.exe
  C:\Windows\System\YrdrjvI.exe
  2⤵
  PID:7628
- C:\Windows\System\RIqlKTv.exe
  C:\Windows\System\RIqlKTv.exe
  2⤵
  PID:7656
- C:\Windows\System\uaNSrNt.exe
  C:\Windows\System\uaNSrNt.exe
  2⤵
  PID:7680
- C:\Windows\System\GkZaXue.exe
  C:\Windows\System\GkZaXue.exe
  2⤵
  PID:7704
- C:\Windows\System\nnjFyyd.exe
  C:\Windows\System\nnjFyyd.exe
  2⤵
  PID:7720
- C:\Windows\System\wjPsTru.exe
  C:\Windows\System\wjPsTru.exe
  2⤵
  PID:7768
- C:\Windows\System\NCVBqvG.exe
  C:\Windows\System\NCVBqvG.exe
  2⤵
  PID:7804
- C:\Windows\System\GpsFJQY.exe
  C:\Windows\System\GpsFJQY.exe
  2⤵
  PID:7864
- C:\Windows\System\uPqZYWD.exe
  C:\Windows\System\uPqZYWD.exe
  2⤵
  PID:7916
- C:\Windows\System\DUjLsMk.exe
  C:\Windows\System\DUjLsMk.exe
  2⤵
  PID:7844
- C:\Windows\System\hQWZMun.exe
  C:\Windows\System\hQWZMun.exe
  2⤵
  PID:7944
- C:\Windows\System\OpzAceu.exe
  C:\Windows\System\OpzAceu.exe
  2⤵
  PID:7972
- C:\Windows\System\JYGBOsn.exe
  C:\Windows\System\JYGBOsn.exe
  2⤵
  PID:7968
- C:\Windows\System\xdxHycw.exe
  C:\Windows\System\xdxHycw.exe
  2⤵
  PID:8024
- C:\Windows\System\RSckvlv.exe
  C:\Windows\System\RSckvlv.exe
  2⤵
  PID:8048
- C:\Windows\System\ULEYsMw.exe
  C:\Windows\System\ULEYsMw.exe
  2⤵
  PID:8060
- C:\Windows\System\IHpSaHe.exe
  C:\Windows\System\IHpSaHe.exe
  2⤵
  PID:8120
- C:\Windows\System\QOTyHto.exe
  C:\Windows\System\QOTyHto.exe
  2⤵
  PID:7176
- C:\Windows\System\eEFdbil.exe
  C:\Windows\System\eEFdbil.exe
  2⤵
  PID:7264
- C:\Windows\System\iqJcEuW.exe
  C:\Windows\System\iqJcEuW.exe
  2⤵
  PID:7372
- C:\Windows\System\ZXZTTeB.exe
  C:\Windows\System\ZXZTTeB.exe
  2⤵
  PID:7332
- C:\Windows\System\wcVmPYL.exe
  C:\Windows\System\wcVmPYL.exe
  2⤵
  PID:7448
- C:\Windows\System\oSluWxf.exe
  C:\Windows\System\oSluWxf.exe
  2⤵
  PID:7528
- C:\Windows\System\WEPyoYQ.exe
  C:\Windows\System\WEPyoYQ.exe
  2⤵
  PID:7544
- C:\Windows\System\ZoPPnPs.exe
  C:\Windows\System\ZoPPnPs.exe
  2⤵
  PID:7424
- C:\Windows\System\wapWWeY.exe
  C:\Windows\System\wapWWeY.exe
  2⤵
  PID:7640
- C:\Windows\System\CaHKhHj.exe
  C:\Windows\System\CaHKhHj.exe
  2⤵
  PID:6552
- C:\Windows\System\psYCCzK.exe
  C:\Windows\System\psYCCzK.exe
  2⤵
  PID:7828
- C:\Windows\System\TNoOUeo.exe
  C:\Windows\System\TNoOUeo.exe
  2⤵
  PID:7872
- C:\Windows\System\yMBZUCE.exe
  C:\Windows\System\yMBZUCE.exe
  2⤵
  PID:7688
- C:\Windows\System\LrsnVEG.exe
  C:\Windows\System\LrsnVEG.exe
  2⤵
  PID:7816
- C:\Windows\System\mZDChYV.exe
  C:\Windows\System\mZDChYV.exe
  2⤵
  PID:7748
- C:\Windows\System\MdfGLlf.exe
  C:\Windows\System\MdfGLlf.exe
  2⤵
  PID:7900
- C:\Windows\System\SAEgTOC.exe
  C:\Windows\System\SAEgTOC.exe
  2⤵
  PID:7852
- C:\Windows\System\pjnkWqp.exe
  C:\Windows\System\pjnkWqp.exe
  2⤵
  PID:8136
- C:\Windows\System\UmvBGZH.exe
  C:\Windows\System\UmvBGZH.exe
  2⤵
  PID:8180
- C:\Windows\System\IeReljy.exe
  C:\Windows\System\IeReljy.exe
  2⤵
  PID:7260
- C:\Windows\System\syOgRxU.exe
  C:\Windows\System\syOgRxU.exe
  2⤵
  PID:8068
- C:\Windows\System\ubotYcC.exe
  C:\Windows\System\ubotYcC.exe
  2⤵
  PID:7196
- C:\Windows\System\aAmnBip.exe
  C:\Windows\System\aAmnBip.exe
  2⤵
  PID:8104
- C:\Windows\System\pNfCrVr.exe
  C:\Windows\System\pNfCrVr.exe
  2⤵
  PID:7280
- C:\Windows\System\omlPFOl.exe
  C:\Windows\System\omlPFOl.exe
  2⤵
  PID:7328
- C:\Windows\System\rbVUwiT.exe
  C:\Windows\System\rbVUwiT.exe
  2⤵
  PID:7404
- C:\Windows\System\CeUfiyp.exe
  C:\Windows\System\CeUfiyp.exe
  2⤵
  PID:7428
- C:\Windows\System\JkmhKHt.exe
  C:\Windows\System\JkmhKHt.exe
  2⤵
  PID:7616
- C:\Windows\System\PkgsRWo.exe
  C:\Windows\System\PkgsRWo.exe
  2⤵
  PID:7756
- C:\Windows\System\bllynCs.exe
  C:\Windows\System\bllynCs.exe
  2⤵
  PID:7228
- C:\Windows\System\BpgxPBu.exe
  C:\Windows\System\BpgxPBu.exe
  2⤵
  PID:7200
- C:\Windows\System\CGSPMZR.exe
  C:\Windows\System\CGSPMZR.exe
  2⤵
  PID:7496
- C:\Windows\System\OhpZimO.exe
  C:\Windows\System\OhpZimO.exe
  2⤵
  PID:7492
- C:\Windows\System\EpuDGQG.exe
  C:\Windows\System\EpuDGQG.exe
  2⤵
  PID:8064
- C:\Windows\System\QZkcZhX.exe
  C:\Windows\System\QZkcZhX.exe
  2⤵
  PID:8028
- C:\Windows\System\EYcIklm.exe
  C:\Windows\System\EYcIklm.exe
  2⤵
  PID:7380
- C:\Windows\System\JwOqnLY.exe
  C:\Windows\System\JwOqnLY.exe
  2⤵
  PID:7716
- C:\Windows\System\FsGoZHM.exe
  C:\Windows\System\FsGoZHM.exe
  2⤵
  PID:7880
- C:\Windows\System\lYnlQbT.exe
  C:\Windows\System\lYnlQbT.exe
  2⤵
  PID:7792
- C:\Windows\System\ORbdmmQ.exe
  C:\Windows\System\ORbdmmQ.exe
  2⤵
  PID:8044
- C:\Windows\System\qQqwNkr.exe
  C:\Windows\System\qQqwNkr.exe
  2⤵
  PID:8140
- C:\Windows\System\RjMPMlZ.exe
  C:\Windows\System\RjMPMlZ.exe
  2⤵
  PID:7268
- C:\Windows\System\YDZnvMg.exe
  C:\Windows\System\YDZnvMg.exe
  2⤵
  PID:8196
- C:\Windows\System\TjsvYmF.exe
  C:\Windows\System\TjsvYmF.exe
  2⤵
  PID:8216
- C:\Windows\System\nwOtnku.exe
  C:\Windows\System\nwOtnku.exe
  2⤵
  PID:8280
- C:\Windows\System\PnVncCN.exe
  C:\Windows\System\PnVncCN.exe
  2⤵
  PID:8300
- C:\Windows\System\nppakUC.exe
  C:\Windows\System\nppakUC.exe
  2⤵
  PID:8320
- C:\Windows\System\paExsYR.exe
  C:\Windows\System\paExsYR.exe
  2⤵
  PID:8340
- C:\Windows\System\qIJqshq.exe
  C:\Windows\System\qIJqshq.exe
  2⤵
  PID:8356
- C:\Windows\System\dvuOUMH.exe
  C:\Windows\System\dvuOUMH.exe
  2⤵
  PID:8376
- C:\Windows\System\vDZMRSb.exe
  C:\Windows\System\vDZMRSb.exe
  2⤵
  PID:8396
- C:\Windows\System\hNDwEYg.exe
  C:\Windows\System\hNDwEYg.exe
  2⤵
  PID:8412
- C:\Windows\System\VHvLikd.exe
  C:\Windows\System\VHvLikd.exe
  2⤵
  PID:8428
- C:\Windows\System\VpuBmaM.exe
  C:\Windows\System\VpuBmaM.exe
  2⤵
  PID:8448
- C:\Windows\System\ZGKrpXP.exe
  C:\Windows\System\ZGKrpXP.exe
  2⤵
  PID:8468
- C:\Windows\System\eZMpZTX.exe
  C:\Windows\System\eZMpZTX.exe
  2⤵
  PID:8488
- C:\Windows\System\CnURxEF.exe
  C:\Windows\System\CnURxEF.exe
  2⤵
  PID:8508
- C:\Windows\System\TZQylRB.exe
  C:\Windows\System\TZQylRB.exe
  2⤵
  PID:8528
- C:\Windows\System\QmQgYJv.exe
  C:\Windows\System\QmQgYJv.exe
  2⤵
  PID:8544
- C:\Windows\System\NZeIDGO.exe
  C:\Windows\System\NZeIDGO.exe
  2⤵
  PID:8560
- C:\Windows\System\OwbXfxQ.exe
  C:\Windows\System\OwbXfxQ.exe
  2⤵
  PID:8580
- C:\Windows\System\PYMKMTw.exe
  C:\Windows\System\PYMKMTw.exe
  2⤵
  PID:8596
- C:\Windows\System\VxGFjtS.exe
  C:\Windows\System\VxGFjtS.exe
  2⤵
  PID:8660
- C:\Windows\System\uZoqmbf.exe
  C:\Windows\System\uZoqmbf.exe
  2⤵
  PID:8676
- C:\Windows\System\uiQqlWf.exe
  C:\Windows\System\uiQqlWf.exe
  2⤵
  PID:8692
- C:\Windows\System\gQdzhtd.exe
  C:\Windows\System\gQdzhtd.exe
  2⤵
  PID:8708
- C:\Windows\System\dYnsvev.exe
  C:\Windows\System\dYnsvev.exe
  2⤵
  PID:8728
- C:\Windows\System\INZlApL.exe
  C:\Windows\System\INZlApL.exe
  2⤵
  PID:8752
- C:\Windows\System\doxBhJU.exe
  C:\Windows\System\doxBhJU.exe
  2⤵
  PID:8772
- C:\Windows\System\ZBboTMJ.exe
  C:\Windows\System\ZBboTMJ.exe
  2⤵
  PID:8800
- C:\Windows\System\wgUeebp.exe
  C:\Windows\System\wgUeebp.exe
  2⤵
  PID:8820
- C:\Windows\System\mayXBgx.exe
  C:\Windows\System\mayXBgx.exe
  2⤵
  PID:8840
- C:\Windows\System\crvmqIY.exe
  C:\Windows\System\crvmqIY.exe
  2⤵
  PID:8900
- C:\Windows\System\WQTobpy.exe
  C:\Windows\System\WQTobpy.exe
  2⤵
  PID:8952
- C:\Windows\System\KibJXnM.exe
  C:\Windows\System\KibJXnM.exe
  2⤵
  PID:8984
- C:\Windows\System\oIpOpVq.exe
  C:\Windows\System\oIpOpVq.exe
  2⤵
  PID:9020
- C:\Windows\System\qemzqVZ.exe
  C:\Windows\System\qemzqVZ.exe
  2⤵
  PID:9036
- C:\Windows\System\OARvlla.exe
  C:\Windows\System\OARvlla.exe
  2⤵
  PID:9060
- C:\Windows\System\wHdOXhy.exe
  C:\Windows\System\wHdOXhy.exe
  2⤵
  PID:9076
- C:\Windows\System\gDVloCS.exe
  C:\Windows\System\gDVloCS.exe
  2⤵
  PID:9092
- C:\Windows\System\cNlEWFr.exe
  C:\Windows\System\cNlEWFr.exe
  2⤵
  PID:9108
- C:\Windows\System\AwZKAeI.exe
  C:\Windows\System\AwZKAeI.exe
  2⤵
  PID:9128
- C:\Windows\System\zudSeii.exe
  C:\Windows\System\zudSeii.exe
  2⤵
  PID:9172
- C:\Windows\System\FDDtWtF.exe
  C:\Windows\System\FDDtWtF.exe
  2⤵
  PID:9196
- C:\Windows\System\vZJvrhx.exe
  C:\Windows\System\vZJvrhx.exe
  2⤵
  PID:7700
- C:\Windows\System\icewiFr.exe
  C:\Windows\System\icewiFr.exe
  2⤵
  PID:7952
- C:\Windows\System\FBEbdCu.exe
  C:\Windows\System\FBEbdCu.exe
  2⤵
  PID:7964
- C:\Windows\System\SXGmLki.exe
  C:\Windows\System\SXGmLki.exe
  2⤵
  PID:7208
- C:\Windows\System\ZvuHWGi.exe
  C:\Windows\System\ZvuHWGi.exe
  2⤵
  PID:7388
- C:\Windows\System\SdaKIkV.exe
  C:\Windows\System\SdaKIkV.exe
  2⤵
  PID:8236
- C:\Windows\System\LOFdyAi.exe
  C:\Windows\System\LOFdyAi.exe
  2⤵
  PID:8248
- C:\Windows\System\BayPMhV.exe
  C:\Windows\System\BayPMhV.exe
  2⤵
  PID:7368
- C:\Windows\System\kMLinHS.exe
  C:\Windows\System\kMLinHS.exe
  2⤵
  PID:8372
- C:\Windows\System\kvolgUp.exe
  C:\Windows\System\kvolgUp.exe
  2⤵
  PID:8368
- C:\Windows\System\xpomZQw.exe
  C:\Windows\System\xpomZQw.exe
  2⤵
  PID:8436
- C:\Windows\System\DOssIGW.exe
  C:\Windows\System\DOssIGW.exe
  2⤵
  PID:8484
- C:\Windows\System\uZDgWVg.exe
  C:\Windows\System\uZDgWVg.exe
  2⤵
  PID:8524
- C:\Windows\System\WBaPxUw.exe
  C:\Windows\System\WBaPxUw.exe
  2⤵
  PID:8384
- C:\Windows\System\sgsQpbz.exe
  C:\Windows\System\sgsQpbz.exe
  2⤵
  PID:8644
- C:\Windows\System\UAjPbLc.exe
  C:\Windows\System\UAjPbLc.exe
  2⤵
  PID:8648
- C:\Windows\System\cOYlAft.exe
  C:\Windows\System\cOYlAft.exe
  2⤵
  PID:8612
- C:\Windows\System\zUOqowC.exe
  C:\Windows\System\zUOqowC.exe
  2⤵
  PID:8704
- C:\Windows\System\XkRjevd.exe
  C:\Windows\System\XkRjevd.exe
  2⤵
  PID:8388
- C:\Windows\System\VvsINAr.exe
  C:\Windows\System\VvsINAr.exe
  2⤵
  PID:8460
- C:\Windows\System\sTktJbD.exe
  C:\Windows\System\sTktJbD.exe
  2⤵
  PID:8640
- C:\Windows\System\jLyNlmH.exe
  C:\Windows\System\jLyNlmH.exe
  2⤵
  PID:8656
- C:\Windows\System\LjtUQTm.exe
  C:\Windows\System\LjtUQTm.exe
  2⤵
  PID:8744
- C:\Windows\System\AGBRKqY.exe
  C:\Windows\System\AGBRKqY.exe
  2⤵
  PID:8764
- C:\Windows\System\PGoiqxd.exe
  C:\Windows\System\PGoiqxd.exe
  2⤵
  PID:8816
- C:\Windows\System\dKNMsLi.exe
  C:\Windows\System\dKNMsLi.exe
  2⤵
  PID:8832
- C:\Windows\System\uZWGZYy.exe
  C:\Windows\System\uZWGZYy.exe
  2⤵
  PID:8860
- C:\Windows\System\QelCSKo.exe
  C:\Windows\System\QelCSKo.exe
  2⤵
  PID:8880
- C:\Windows\System\NKoCiuu.exe
  C:\Windows\System\NKoCiuu.exe
  2⤵
  PID:8924
- C:\Windows\System\owkSHZs.exe
  C:\Windows\System\owkSHZs.exe
  2⤵
  PID:8940
- C:\Windows\System\GHZpjap.exe
  C:\Windows\System\GHZpjap.exe
  2⤵
  PID:8896
- C:\Windows\System\TDTcNJD.exe
  C:\Windows\System\TDTcNJD.exe
  2⤵
  PID:9012
- C:\Windows\System\WjIPDPW.exe
  C:\Windows\System\WjIPDPW.exe
  2⤵
  PID:9056
- C:\Windows\System\erunLJI.exe
  C:\Windows\System\erunLJI.exe
  2⤵
  PID:9120
- C:\Windows\System\QyYVLsh.exe
  C:\Windows\System\QyYVLsh.exe
  2⤵
  PID:8964
- C:\Windows\System\EkcZzvo.exe
  C:\Windows\System\EkcZzvo.exe
  2⤵
  PID:9068
- C:\Windows\System\CHpeubH.exe
  C:\Windows\System\CHpeubH.exe
  2⤵
  PID:9144
- C:\Windows\System\ZVDTQOT.exe
  C:\Windows\System\ZVDTQOT.exe
  2⤵
  PID:9168
- C:\Windows\System\TtrDojR.exe
  C:\Windows\System\TtrDojR.exe
  2⤵
  PID:9140
- C:\Windows\System\RmKYftU.exe
  C:\Windows\System\RmKYftU.exe
  2⤵
  PID:8788
- C:\Windows\System\bTrsumD.exe
  C:\Windows\System\bTrsumD.exe
  2⤵
  PID:7696
- C:\Windows\System\LFHHhBT.exe
  C:\Windows\System\LFHHhBT.exe
  2⤵
  PID:9000
- C:\Windows\System\rvtKRXA.exe
  C:\Windows\System\rvtKRXA.exe
  2⤵
  PID:8552
- C:\Windows\System\VQGcXIm.exe
  C:\Windows\System\VQGcXIm.exe
  2⤵
  PID:9088
- C:\Windows\System\aHwAawA.exe
  C:\Windows\System\aHwAawA.exe
  2⤵
  PID:8852
- C:\Windows\System\isSZiBk.exe
  C:\Windows\System\isSZiBk.exe
  2⤵
  PID:9212
- C:\Windows\System\mYsYZJV.exe
  C:\Windows\System\mYsYZJV.exe
  2⤵
  PID:8264
- C:\Windows\System\SMiEbup.exe
  C:\Windows\System\SMiEbup.exe
  2⤵
  PID:8632
- C:\Windows\System\OcCzlcY.exe
  C:\Windows\System\OcCzlcY.exe
  2⤵
  PID:8272
- C:\Windows\System\sNNRQSO.exe
  C:\Windows\System\sNNRQSO.exe
  2⤵
  PID:8888
- C:\Windows\System\HkauJbI.exe
  C:\Windows\System\HkauJbI.exe
  2⤵
  PID:9052
- C:\Windows\System\qFBJbBK.exe
  C:\Windows\System\qFBJbBK.exe
  2⤵
  PID:8244
- C:\Windows\System\hdBlKXd.exe
  C:\Windows\System\hdBlKXd.exe
  2⤵
  PID:8328
- C:\Windows\System\BrgPyIU.exe
  C:\Windows\System\BrgPyIU.exe
  2⤵
  PID:8456
- C:\Windows\System\YBawYWb.exe
  C:\Windows\System\YBawYWb.exe
  2⤵
  PID:8540
- C:\Windows\System\lJLuEFI.exe
  C:\Windows\System\lJLuEFI.exe
  2⤵
  PID:7812
- C:\Windows\System\KEdKzOK.exe
  C:\Windows\System\KEdKzOK.exe
  2⤵
  PID:8420
- C:\Windows\System\fSpZieY.exe
  C:\Windows\System\fSpZieY.exe
  2⤵
  PID:8720
- C:\Windows\System\FUceXwa.exe
  C:\Windows\System\FUceXwa.exe
  2⤵
  PID:8792
- C:\Windows\System\urSXdcd.exe
  C:\Windows\System\urSXdcd.exe
  2⤵
  PID:8308
- C:\Windows\System\gsBTaAi.exe
  C:\Windows\System\gsBTaAi.exe
  2⤵
  PID:8996
- C:\Windows\System\vcfVEEr.exe
  C:\Windows\System\vcfVEEr.exe
  2⤵
  PID:9152
- C:\Windows\System\DTderQP.exe
  C:\Windows\System\DTderQP.exe
  2⤵
  PID:8256
- C:\Windows\System\lvztRQr.exe
  C:\Windows\System\lvztRQr.exe
  2⤵
  PID:8912
- C:\Windows\System\iiEznmf.exe
  C:\Windows\System\iiEznmf.exe
  2⤵
  PID:8652
- C:\Windows\System\RiYpFdi.exe
  C:\Windows\System\RiYpFdi.exe
  2⤵
  PID:9188
- C:\Windows\System\VdXkEYR.exe
  C:\Windows\System\VdXkEYR.exe
  2⤵
  PID:8296
- C:\Windows\System\NQEZaqm.exe
  C:\Windows\System\NQEZaqm.exe
  2⤵
  PID:9100
- C:\Windows\System\NKONTtU.exe
  C:\Windows\System\NKONTtU.exe
  2⤵
  PID:9044
- C:\Windows\System\GfjTqDC.exe
  C:\Windows\System\GfjTqDC.exe
  2⤵
  PID:8476
- C:\Windows\System\izcZbys.exe
  C:\Windows\System\izcZbys.exe
  2⤵
  PID:8688
- C:\Windows\System\xafxIBh.exe
  C:\Windows\System\xafxIBh.exe
  2⤵
  PID:9208
- C:\Windows\System\OHDNjCH.exe
  C:\Windows\System\OHDNjCH.exe
  2⤵
  PID:8504
- C:\Windows\System\EavIuhg.exe
  C:\Windows\System\EavIuhg.exe
  2⤵
  PID:8796
- C:\Windows\System\ohezOWF.exe
  C:\Windows\System\ohezOWF.exe
  2⤵
  PID:8636
- C:\Windows\System\xMmQdKJ.exe
  C:\Windows\System\xMmQdKJ.exe
  2⤵
  PID:8920
- C:\Windows\System\vkZGmZD.exe
  C:\Windows\System\vkZGmZD.exe
  2⤵
  PID:6360
- C:\Windows\System\EUcsvpw.exe
  C:\Windows\System\EUcsvpw.exe
  2⤵
  PID:8408
- C:\Windows\System\WIizaMM.exe
  C:\Windows\System\WIizaMM.exe
  2⤵
  PID:8276
- C:\Windows\System\xkauxCx.exe
  C:\Windows\System\xkauxCx.exe
  2⤵
  PID:8828
- C:\Windows\System\rUgwztl.exe
  C:\Windows\System\rUgwztl.exe
  2⤵
  PID:8876
- C:\Windows\System\LxhOjkE.exe
  C:\Windows\System\LxhOjkE.exe
  2⤵
  PID:8992
- C:\Windows\System\GrPdDgG.exe
  C:\Windows\System\GrPdDgG.exe
  2⤵
  PID:8288
- C:\Windows\System\JPwxxbv.exe
  C:\Windows\System\JPwxxbv.exe
  2⤵
  PID:8536
- C:\Windows\System\hctyxlB.exe
  C:\Windows\System\hctyxlB.exe
  2⤵
  PID:8208
- C:\Windows\System\ZvagDkh.exe
  C:\Windows\System\ZvagDkh.exe
  2⤵
  PID:8916
- C:\Windows\System\tdvgdOJ.exe
  C:\Windows\System\tdvgdOJ.exe
  2⤵
  PID:8948
- C:\Windows\System\RfvEWjz.exe
  C:\Windows\System\RfvEWjz.exe
  2⤵
  PID:8480
- C:\Windows\System\oUADozQ.exe
  C:\Windows\System\oUADozQ.exe
  2⤵
  PID:9116
- C:\Windows\System\NswrFrk.exe
  C:\Windows\System\NswrFrk.exe
  2⤵
  PID:8572
- C:\Windows\System\SYcaUda.exe
  C:\Windows\System\SYcaUda.exe
  2⤵
  PID:8604
- C:\Windows\System\JZWRfjA.exe
  C:\Windows\System\JZWRfjA.exe
  2⤵
  PID:9240
- C:\Windows\System\GidUPXD.exe
  C:\Windows\System\GidUPXD.exe
  2⤵
  PID:9268
- C:\Windows\System\vsvjITl.exe
  C:\Windows\System\vsvjITl.exe
  2⤵
  PID:9288
- C:\Windows\System\IJzFelw.exe
  C:\Windows\System\IJzFelw.exe
  2⤵
  PID:9308
- C:\Windows\System\qBBQzno.exe
  C:\Windows\System\qBBQzno.exe
  2⤵
  PID:9328
- C:\Windows\System\bGaUzGP.exe
  C:\Windows\System\bGaUzGP.exe
  2⤵
  PID:9352
- C:\Windows\System\SJRkhLJ.exe
  C:\Windows\System\SJRkhLJ.exe
  2⤵
  PID:9368
- C:\Windows\System\gSkAPOy.exe
  C:\Windows\System\gSkAPOy.exe
  2⤵
  PID:9384
- C:\Windows\System\sCkLpov.exe
  C:\Windows\System\sCkLpov.exe
  2⤵
  PID:9400
- C:\Windows\System\FIkWXvx.exe
  C:\Windows\System\FIkWXvx.exe
  2⤵
  PID:9420
- C:\Windows\System\LFiWlgP.exe
  C:\Windows\System\LFiWlgP.exe
  2⤵
  PID:9444
- C:\Windows\System\VlydJRz.exe
  C:\Windows\System\VlydJRz.exe
  2⤵
  PID:9460
- C:\Windows\System\BTchAms.exe
  C:\Windows\System\BTchAms.exe
  2⤵
  PID:9476
- C:\Windows\System\Qyfdrax.exe
  C:\Windows\System\Qyfdrax.exe
  2⤵
  PID:9496
- C:\Windows\System\aCdfSWq.exe
  C:\Windows\System\aCdfSWq.exe
  2⤵
  PID:9528
- C:\Windows\System\FBWLMnY.exe
  C:\Windows\System\FBWLMnY.exe
  2⤵
  PID:9548
- C:\Windows\System\ncghjYR.exe
  C:\Windows\System\ncghjYR.exe
  2⤵
  PID:9564
- C:\Windows\System\RCrdggt.exe
  C:\Windows\System\RCrdggt.exe
  2⤵
  PID:9580
- C:\Windows\System\QLQgcPu.exe
  C:\Windows\System\QLQgcPu.exe
  2⤵
  PID:9604
- C:\Windows\System\tBgungA.exe
  C:\Windows\System\tBgungA.exe
  2⤵
  PID:9620
- C:\Windows\System\thEkgUN.exe
  C:\Windows\System\thEkgUN.exe
  2⤵
  PID:9636
- C:\Windows\System\vzdHDpA.exe
  C:\Windows\System\vzdHDpA.exe
  2⤵
  PID:9652
- C:\Windows\System\RIGIxQz.exe
  C:\Windows\System\RIGIxQz.exe
  2⤵
  PID:9668
- C:\Windows\System\VHJLbBj.exe
  C:\Windows\System\VHJLbBj.exe
  2⤵
  PID:9688
- C:\Windows\System\rZXpEdJ.exe
  C:\Windows\System\rZXpEdJ.exe
  2⤵
  PID:9704
- C:\Windows\System\YJFTedD.exe
  C:\Windows\System\YJFTedD.exe
  2⤵
  PID:9720
- C:\Windows\System\FseSwdd.exe
  C:\Windows\System\FseSwdd.exe
  2⤵
  PID:9736
- C:\Windows\System\JeghZBH.exe
  C:\Windows\System\JeghZBH.exe
  2⤵
  PID:9752
- C:\Windows\System\vPGPtYg.exe
  C:\Windows\System\vPGPtYg.exe
  2⤵
  PID:9768
- C:\Windows\System\XaBdddW.exe
  C:\Windows\System\XaBdddW.exe
  2⤵
  PID:9788
- C:\Windows\System\ibgOaeK.exe
  C:\Windows\System\ibgOaeK.exe
  2⤵
  PID:10020
- C:\Windows\System\rOJPJsq.exe
  C:\Windows\System\rOJPJsq.exe
  2⤵
  PID:10036
- C:\Windows\System\CIGcrZO.exe
  C:\Windows\System\CIGcrZO.exe
  2⤵
  PID:10056
- C:\Windows\System\isIkOvG.exe
  C:\Windows\System\isIkOvG.exe
  2⤵
  PID:10072
- C:\Windows\System\mkWMSnF.exe
  C:\Windows\System\mkWMSnF.exe
  2⤵
  PID:10088
- C:\Windows\System\tKJhzps.exe
  C:\Windows\System\tKJhzps.exe
  2⤵
  PID:10104
- C:\Windows\System\SjPCnJs.exe
  C:\Windows\System\SjPCnJs.exe
  2⤵
  PID:10124
- C:\Windows\System\pnREuNj.exe
  C:\Windows\System\pnREuNj.exe
  2⤵
  PID:10144
- C:\Windows\System\llkOlFB.exe
  C:\Windows\System\llkOlFB.exe
  2⤵
  PID:10164
- C:\Windows\System\whMNRPw.exe
  C:\Windows\System\whMNRPw.exe
  2⤵
  PID:10180
- C:\Windows\System\fWtGmor.exe
  C:\Windows\System\fWtGmor.exe
  2⤵
  PID:10200
- C:\Windows\System\fWxWgsb.exe
  C:\Windows\System\fWxWgsb.exe
  2⤵
  PID:10224
- C:\Windows\System\WldCWsK.exe
  C:\Windows\System\WldCWsK.exe
  2⤵
  PID:9452
- C:\Windows\System\brDPHsT.exe
  C:\Windows\System\brDPHsT.exe
  2⤵
  PID:9492
- C:\Windows\System\ZLhIrPb.exe
  C:\Windows\System\ZLhIrPb.exe
  2⤵
  PID:9516
- C:\Windows\System\DNAsdin.exe
  C:\Windows\System\DNAsdin.exe
  2⤵
  PID:9576
- C:\Windows\System\dSQAzTg.exe
  C:\Windows\System\dSQAzTg.exe
  2⤵
  PID:9660
- C:\Windows\System\wgdpcsd.exe
  C:\Windows\System\wgdpcsd.exe
  2⤵
  PID:9732
- C:\Windows\System\GkXuFmN.exe
  C:\Windows\System\GkXuFmN.exe
  2⤵
  PID:9540
- C:\Windows\System\HoaqKHv.exe
  C:\Windows\System\HoaqKHv.exe
  2⤵
  PID:9612
- C:\Windows\System\anbxnDw.exe
  C:\Windows\System\anbxnDw.exe
  2⤵
  PID:9680
- C:\Windows\System\urIUCdp.exe
  C:\Windows\System\urIUCdp.exe
  2⤵
  PID:9748
- C:\Windows\System\iEjGWbN.exe
  C:\Windows\System\iEjGWbN.exe
  2⤵
  PID:9836
- C:\Windows\System\KhdMIkY.exe
  C:\Windows\System\KhdMIkY.exe
  2⤵
  PID:9816
- C:\Windows\System\VErFqAo.exe
  C:\Windows\System\VErFqAo.exe
  2⤵
  PID:9844
- C:\Windows\System\EmHdFWv.exe
  C:\Windows\System\EmHdFWv.exe
  2⤵
  PID:9864
- C:\Windows\System\ssEpJdw.exe
  C:\Windows\System\ssEpJdw.exe
  2⤵
  PID:9876
- C:\Windows\System\nLNgJzz.exe
  C:\Windows\System\nLNgJzz.exe
  2⤵
  PID:9900
- C:\Windows\System\LPrMkvq.exe
  C:\Windows\System\LPrMkvq.exe
  2⤵
  PID:9916
- C:\Windows\System\kZEDLtK.exe
  C:\Windows\System\kZEDLtK.exe
  2⤵
  PID:9940
- C:\Windows\System\OVjrwaK.exe
  C:\Windows\System\OVjrwaK.exe
  2⤵
  PID:10120
- C:\Windows\System\shMcnqu.exe
  C:\Windows\System\shMcnqu.exe
  2⤵
  PID:10188
- C:\Windows\System\rjfGRgn.exe
  C:\Windows\System\rjfGRgn.exe
  2⤵
  PID:10068
- C:\Windows\System\mQXHhMp.exe
  C:\Windows\System\mQXHhMp.exe
  2⤵
  PID:10132
- C:\Windows\System\EomjJkZ.exe
  C:\Windows\System\EomjJkZ.exe
  2⤵
  PID:10236
- C:\Windows\System\hnBpJQW.exe
  C:\Windows\System\hnBpJQW.exe
  2⤵
  PID:8364
- C:\Windows\System\uQLkDvo.exe
  C:\Windows\System\uQLkDvo.exe
  2⤵
  PID:10220
- C:\Windows\System\MNcbkEs.exe
  C:\Windows\System\MNcbkEs.exe
  2⤵
  PID:9260
- C:\Windows\System\VbwhIip.exe
  C:\Windows\System\VbwhIip.exe
  2⤵
  PID:9296
- C:\Windows\System\cyNgMsf.exe
  C:\Windows\System\cyNgMsf.exe
  2⤵
  PID:9508
- C:\Windows\System\PaTXqxX.exe
  C:\Windows\System\PaTXqxX.exe
  2⤵
  PID:9840
- C:\Windows\System\DmZrlSG.exe
  C:\Windows\System\DmZrlSG.exe
  2⤵
  PID:9924
- C:\Windows\System\ewrnvAG.exe
  C:\Windows\System\ewrnvAG.exe
  2⤵
  PID:9956
- C:\Windows\System\OYXFVqp.exe
  C:\Windows\System\OYXFVqp.exe
  2⤵
  PID:9972
- C:\Windows\System\pAvwQYO.exe
  C:\Windows\System\pAvwQYO.exe
  2⤵
  PID:9988
- C:\Windows\System\GvFFFDD.exe
  C:\Windows\System\GvFFFDD.exe
  2⤵
  PID:10004
- C:\Windows\System\WXbmQwU.exe
  C:\Windows\System\WXbmQwU.exe
  2⤵
  PID:10044
- C:\Windows\System\GkJzCzH.exe
  C:\Windows\System\GkJzCzH.exe
  2⤵
  PID:10028
- C:\Windows\System\XealAbu.exe
  C:\Windows\System\XealAbu.exe
  2⤵
  PID:9764
- C:\Windows\System\ainuihI.exe
  C:\Windows\System\ainuihI.exe
  2⤵
  PID:9648
- C:\Windows\System\jHxxEQF.exe
  C:\Windows\System\jHxxEQF.exe
  2⤵
  PID:9428
- C:\Windows\System\tnFsytY.exe
  C:\Windows\System\tnFsytY.exe
  2⤵
  PID:9948
- C:\Windows\System\CCjAtmj.exe
  C:\Windows\System\CCjAtmj.exe
  2⤵
  PID:9336
- C:\Windows\System\OwDOmDM.exe
  C:\Windows\System\OwDOmDM.exe
  2⤵
  PID:9964
- C:\Windows\System\PvnEHgl.exe
  C:\Windows\System\PvnEHgl.exe
  2⤵
  PID:9852
- C:\Windows\System\wusXLbK.exe
  C:\Windows\System\wusXLbK.exe
  2⤵
  PID:9456
- C:\Windows\System\tImjWSh.exe
  C:\Windows\System\tImjWSh.exe
  2⤵
  PID:10156
- C:\Windows\System\AixdCkZ.exe
  C:\Windows\System\AixdCkZ.exe
  2⤵
  PID:8080
- C:\Windows\System\jLbFShh.exe
  C:\Windows\System\jLbFShh.exe
  2⤵
  PID:9220
- C:\Windows\System\SXgXbLW.exe
  C:\Windows\System\SXgXbLW.exe
  2⤵
  PID:8268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ClLvxUD.exe

Filesize
5.2MB

MD5
0f6b68f4ed75084fe9105e9561eaf27e

SHA1
1a710167e69a15a9818b5df06ae985cc5fbbe318

SHA256
feb7eabf8e7150e8e6d77a607dfe31f4176f8bbb696a5f9d26ba0358d682ee82

SHA512
96578a8c6106d041c13da990f37d5425ca5fc1ee894e59e6ae97e6d05ef572ee6066ab8af4d789211c30fac5b3afe8fbb38a69d663bf60ba9583dca6b9dffcdd

Download Submit
C:\Windows\system\CvByWge.exe

Filesize
5.2MB

MD5
303e1e9a07f3dfdc961d91c8f1c231aa

SHA1
2b3cb62d17378342ed0dca698d248378306ceba2

SHA256
cf9ca69904043c12a3f34bf592d2f1e9eb9132e589aea7135751fcd31510e3e6

SHA512
1d676226b9437133418c2f6de9507c99af7aa29fc3c8a2f637d03090ff48e69fb38fd61eb8d8ad789879904dad0ea13fc9020227d8d03afc1da6742dbc7f6992

Download Submit
C:\Windows\system\EbmADox.exe

Filesize
5.2MB

MD5
915873f43e24b2f22b5e04eb3e537c5b

SHA1
ea5f9cfcf49d6e0653287afeeb7e80cc0bc50c4f

SHA256
75beb3a3bbf5e15b4fc9439aaa37dc7ac28df76dd9ff6c95409088062ae05fba

SHA512
c8a6f7b798691c2f0d7419a269ff76d9f54438aa00c999d904f391eb0a71e16d4f62bfba9a8fd22d2860ba10adb14e43e2b91f46c68a9b36441368fa495b2990

Download Submit
C:\Windows\system\EoAnrty.exe

Filesize
5.2MB

MD5
285622251daa9c1ec8d1f0c345db292a

SHA1
2ba42075328989c1c904bb1dd34a9e0f00a4e07c

SHA256
74a584d319c3073a9ce08ab8f125084f5f756e72e90fe50e7abe1eced07a9b0b

SHA512
62a9b8a063d2426c3e022ebaada38a461e6397fa99d2ad53a0cf0eaf77c51afdc8323de0e912e4f54753f5601b11106a2b835f00a84403819a56a849ebe36a34

Download Submit
C:\Windows\system\FBGhLYs.exe

Filesize
5.2MB

MD5
ba9fd96fb051a02473daa89210986aaf

SHA1
25737fa363e4975df2170ec697384bbe0b3cc4ea

SHA256
28ff5b22f6011c553544762796a8d12fc9cb9f77e0833c14e1402dc7a57c7a58

SHA512
dabbc93e2fafcf86b6ddc90d022838ff000a10c98fb98febe731ec6e06174622de0b42c8eb91c67c752ba2ac7162658d5f982e8edb43cbe87ca58b71596147fc

Download Submit
C:\Windows\system\KPvcRtK.exe

Filesize
5.2MB

MD5
9dd3c40a2f5008769ea7e7a84512b882

SHA1
f72bcb88b3b570dd49a65e73b03734be9b692d29

SHA256
447f4fa8b9c1456b871f0cc62ead47047abd4e6e9ad66b99e67e7a91d1bdc615

SHA512
e1680cc8813effde232378ab520b9cfb453b85c12a5f317a1b1dfe5665cdf63e42e5281dd0137a7e4ad0afcec5c0b867f4b96f0397c1225c84539d2b6e351853

Download Submit
C:\Windows\system\LmIzSop.exe

Filesize
5.2MB

MD5
d09ff3abc630ddd013bc5ea339e06358

SHA1
558b56e570475d02ef95d183c952624c3c92f131

SHA256
259b7543f93bb2b022ce3179019f5b5c237261a5fb08ef6f4322b524f690dea0

SHA512
cd16053b2efff08a25fadd68e646cc82880dcbf2958920b7b768962d644b26badae938de5db23317cda4d6542159da73cb49a19c9d0339a8498fd1474e932ee6

Download Submit
C:\Windows\system\OGyQpug.exe

Filesize
5.2MB

MD5
43c990a5a65bb2a1a9b6f876286ed2b1

SHA1
62b2849adb93c828e2133c6f06418659f8ba7535

SHA256
c7665a530a2838b058351bc3125fba96cd09eb4136fcc824eb0d3b2a78681da4

SHA512
e81e565be7c39d1beed4e914d33f3eb72dccc6f849cb506c3828c9d339ef6fd853a929ddf172552ea4e811e0a9989987be7c696634e1bfb1022ee05f8d4123fc

Download Submit
C:\Windows\system\QYZxTjj.exe

Filesize
5.2MB

MD5
1b0bfde6a78c38cc4dfcefe5ab31f177

SHA1
5518fbf192b0661651fa16cad201af8a9d1f884b

SHA256
4868458ad657b11235badd7e5f3c23531d90defc0daf8387597545fbb3294858

SHA512
8b4051437c4f84ce9428accb8ec6203fb365bc0da14b114bdab9234ff8aabf489cf9d2eafec0601cf9000c68968aa29ee047bc1268f39345e0da6938f8f6f2c0

Download Submit
C:\Windows\system\RIibEne.exe

Filesize
5.2MB

MD5
5b05191cec73e37a5407d2c41f501351

SHA1
b884de6d73c19170a0c3c79edd1f5f8467c28cb8

SHA256
4eea509399c5404f342e6fb80d1ddcf2e058c2fc3938c515c0d248e4dbba91a0

SHA512
f70c031573dd8bb0519a87dc0f126e67f96e200fc70678ab707d1e867f90d004f2d52a0ddc767374499dc4707d52385a9ad8876ebcce7d64a9d33b69b1607850

Download Submit
C:\Windows\system\UFQgUcc.exe

Filesize
5.2MB

MD5
f53e70e119462cd60490a47a1791fa27

SHA1
774d2f5a04123443946e7b9226223cf4b8e910f8

SHA256
b6db5df99804368393b5b63585efcd92c44e208a7b09ee6ac12c9b9b3c1e554e

SHA512
272325f8208c02a7facfd1a35cd29be178efac21b71444944ff065fe2be27ecf25fd0a82bf3e08422045f4a3cfd9ad846da26702e4deaf83d33f26efdf04d819

Download Submit
C:\Windows\system\YEzyBtl.exe

Filesize
5.2MB

MD5
4839ae25e9a7337fd586ad8f43ff1e93

SHA1
59a7cb7ed24bd9f7ebe26256e6e4e60f6fba7538

SHA256
5af810a519a93d18715cedbfa0cd759b11e6aa4c0c3e5996599f114ed97eb5b8

SHA512
0e7ee338652610f7ad73db74dddb537705362cb327c11ace516846c20fde6bfd697e713c9f06e7af3928a9c26bac6ed59f46f07b2c8e4989fb6e55416fd4fd28

Download Submit
C:\Windows\system\YbCqEmW.exe

Filesize
5.2MB

MD5
ea129c4ecf0ac4439e2ebb29a5615e79

SHA1
ac69be1855d13f797173e6bb4c3e1bd6e662c466

SHA256
1b0052f0f198690e600e828e70dc4fa5c4313434ce11b14c6a9fbd0690ca5dc0

SHA512
e525262b7e2e0759820474be1d7b05c318fd5077145fc2d11a79858d59098b4ee475d5393feb5168a2e271bdc15959c3b521a1fd8a34c3b6cf152812b7165223

Download Submit
C:\Windows\system\ZSTBNYZ.exe

Filesize
5.2MB

MD5
1e28722a62872d82a7eb67bab95856a9

SHA1
ce165f44a1f1d63fbe825a91a45b2ac42b78a9c3

SHA256
d38ea47a2c49c7bc471a43bfe232cf35255adb7f163a6e1f0e02e078895c328d

SHA512
19b22539b5bade809a31aa7b70633e75755e88ea1278f74c78782ae507c24b7540334f387db9798ddb3ad5384f3b50059c173739934bab704183fefb4b21a1a0

Download Submit
C:\Windows\system\bkIwjri.exe

Filesize
5.2MB

MD5
7662585abdae82777d6a9e0bfa7aebdc

SHA1
34dde5ba9e9ef62b387c5a6e0f1a90262af692ad

SHA256
4381e8615660a6be6c4e4951a1ea343af7514b863b78c3439bc86cc78c1b61d7

SHA512
2e96d5f3031eee9de94d7ce56067c1aec3a552b1b9754237430ce08a3662271b184c5dda0ff607ff4a782108266df0bfaf46be99909cf3e51a20f34ee69a2ba2

Download Submit
C:\Windows\system\feWyZnb.exe

Filesize
5.2MB

MD5
0ff96afc7a7afecfda8f10c0e47e294b

SHA1
9b39d776d8b4a4d1f26cd87b9203137adb5b28c1

SHA256
e77c90d9ae5f0d51e09aec2e054781ec499c30beadaae92dc569bb522b907716

SHA512
410665c44b284fa1b0012c4abb80081c57d1df947f1e90c13f4560d7a25645d7c49b2149c3e59790d48d638488be8915b2307775aaff332fedea9fa0057d5e42

Download Submit
C:\Windows\system\jbdNlUJ.exe

Filesize
5.2MB

MD5
8192a61685996fd2f0c674ce9d4e1d09

SHA1
24fc97195a3307b40dda6881b62a5bac2a2c7ad3

SHA256
07e1cf7c53895786398f90ab33f72cdeca307ec6b50586247c2b314688012c00

SHA512
16f9d5a599a89f302df927e8c8c739f47eb8b028c0b47a3949a6f6bc97733a3b7195a18aef6217b5b7163ee91a433c5d2f771a12bd70d7beab56e1d29300e4f8

Download Submit
C:\Windows\system\ligaTdZ.exe

Filesize
5.2MB

MD5
840012c8f88512ef98ed18f3d06d0a7e

SHA1
9a23592140b80dc03b37e3159d6b4364647bab37

SHA256
3f591b3ccd16e2974a56b95f37384d2e7a50412a44e28d332ac1fea4c7943204

SHA512
371668adc2b40117be7115359cd62ad0dc3ecd4056d6f3c01fb3a8cc6f2dc03f80d19513333ef9d65cbe143a51433d0f643a85fee89d82a0c787ac88a16a1b29

Download Submit
C:\Windows\system\nZAShGX.exe

Filesize
5.2MB

MD5
2ba152ce6f36043f1b6b7ffce3aff9c8

SHA1
83da6234c967928f55b7cadc7f298fee8ac7e1f8

SHA256
5b3627f8801ea78103c100f344fa920896df13b5d0669ca2a6ebcab947768bfb

SHA512
b6ceda76267c309ac63072f26a88348e9c3eb37788ac39f4ac1b9cb56b9842e24786af0a1fe10b7807c6deabf952488cda395942df6ba94c5c538253133d19b3

Download Submit
C:\Windows\system\pEcdBqq.exe

Filesize
5.2MB

MD5
62edc15f599ef0659e15cbd43225d7de

SHA1
7cbf5ef6fb19c51feb0006497826e74bf06bb743

SHA256
0455d34ecdcd33dffa82d1dd40c63d7c3a73a5f7ce1a155b4df4fa0d19c88409

SHA512
d042f3c3945c00a55348832de3c39c3a1373cdb9ac778b010f51aedd901f5de79ffa9ebf41524c1103f2071d60819618fb5a8c605c4ad9cc2a078727b037b2be

Download Submit
C:\Windows\system\slGvweS.exe

Filesize
5.2MB

MD5
7cbf0234e2360cba467daee140f43295

SHA1
24702d2d551b172dff9ce9dae4143e41527e384c

SHA256
3e8706780a542316dd6fbae5f51f1ca9198934befc51c9f2557529d3a3e73bb8

SHA512
fe8ba1a55353680a52c52ce0f6335e9e9ff992a6157543c422e2486516533f19cf3c31422137153668e56241e40ae8d916cdc5463b2548049920e36a1eb4c46b

Download Submit
C:\Windows\system\stJEaqo.exe

Filesize
5.2MB

MD5
825f06fe484a38795f27522fec8174f3

SHA1
108caf06cfcc9629187603d7f3f35b7317a6761f

SHA256
cb29ef3f950c5b5e79983342a7547d190213ab757c5965c7506e8147717fcda5

SHA512
84c86ec1c360d09b13f284c2c6b1aaa247d0a83f6dadabd02a6f0a6b915e544b3cc38abbab1b82981adacf26311a7d3d95d515054cdfe3cf376ac718059d5c19

Download Submit
C:\Windows\system\uMMacnr.exe

Filesize
5.2MB

MD5
177987149fdf9062fb5d209165951b7a

SHA1
4a3c659824e74ddeec91c906fe77ab9916b935b4

SHA256
933c19f6d9e3467d5979fbe555bf1e3fb88ace0d9a29119908131ade90d8345a

SHA512
591e249d5da4f7be77dea5fe3d49c541b9518d3806864f8dad9092f70fabb6af1f80bba86b9895793626af572440bb67c1afab09704fc43d3514bb0dcd6f87f5

Download Submit
C:\Windows\system\zSTZayO.exe

Filesize
5.2MB

MD5
6c54becaba711f863b20fe7136112ee2

SHA1
fdebc8aa535a291b3a83fbf589749450e3111750

SHA256
f856e6a2e1a6c28191a321dcf98d7a4adb2c80b9607542cc74419c2bb594cba6

SHA512
6efc4fd0a64bc66ed80103089863c667272d53a733810da3f74098643fdc333d29e23c78bbf1c2f17dee77bb6e1af6eaf4ab6f1da24380905c5f1ddb4091d23a

Download Submit
C:\Windows\system\zZVMSiw.exe

Filesize
5.2MB

MD5
8e02bd10e39b47f8150bbebf25b34868

SHA1
5775e761b1409cf0e91e3bc3382422efa4ac8f5f

SHA256
27d7e01eabd8413f149a052dafbc4ae3be872348a5cc2c2fe2523e68a3709496

SHA512
d5a855a1bd0cbd12dc5ac7f8fdce895b7a0d7c8240724ba2b114ebbc497ad53fc4b430d109f57cbf2bd5880b052c831901778b3adf2a42e364561d23eddcbd1f

Download Submit
\Windows\system\DStSFOC.exe

Filesize
5.2MB

MD5
e51249118bec9ae41017a85cc87d354e

SHA1
adc67203003c77982865f4081e33c3013645482c

SHA256
f581eeaa55235004e6c152259935252b9d7a950aa9f045e1b9b0045c68aad609

SHA512
c5a091b8c0d60712147310d9a6d6ad11bcbce0a30d17ee92a17d9b5c7a7a50557794504fb522815dafebf248671139b3b0267911ab1d59fb64f7c32c50209b52

Download Submit
\Windows\system\EKSVwzX.exe

Filesize
5.2MB

MD5
06c80174cb0ef22e0034db8d194ba21e

SHA1
8bc6605229ca4ccf02b22737eabb3b3083e6d87d

SHA256
ab0fc01afc7f96557f8ad95e0e9241d96aba8300950a215bd29a8cca4559c1a9

SHA512
d0f47e9de883eee0cc4fd6623a14a1d0658567003e0caa87c59ae0935e05db2799b6f1577235fb5401c632556c1742fc29aa1dff39dbd64ef23e760a9d830db7

Download Submit
\Windows\system\ErJkELg.exe

Filesize
5.2MB

MD5
a3a323fc48438fe55306f350d39e2110

SHA1
4ae6a3752f6d2193a1858ff1edc1e7202549a953

SHA256
42a55d120d058040b3ffda6bdcc7c2fb134806fe118c36bbc5fc0ed9c5e0b731

SHA512
6a4ecdfa43031fd8fd68b82b5be254e0a0fa117246df6767932f6161d01db583ddeac94745390eeec82d025e2088a6c82d598da9198135fcde71d71581bc21f3

Download Submit
\Windows\system\YOcfrgz.exe

Filesize
5.2MB

MD5
b67c5d8244f044e8ed16e10627eb81b2

SHA1
a22cf56bb8ad6a7ee1e5b43fe4291668e37fb9ec

SHA256
93396d5e10a394cb2340939e4feaf36c3cf9a77ee75780d5352e3bcc86d07f88

SHA512
9f034eead42b3b0baf4b59da172d0f242e2fc5538484a838a2a15703bc83ee671d6c8bb2bf05e57cfca9c8563d363e5972192c46921b3d1fc6ddb2f895c9623a

Download Submit
\Windows\system\cHgpfZI.exe

Filesize
5.2MB

MD5
4d5edfe0964e1b387a74454447dd0633

SHA1
6ac0e2f079f47759c53967dd1e412cd33fa97c38

SHA256
46aa18def55d8e477bce3e6f5171353982bbdf702cd641be236486c86b7ef4a8

SHA512
9ee1763bd14cdf8836b29066ad4609e1191ee19f05524ac373002a629dab57afbbe46e47d129c8a4e8d980a7b7832797dbeb37846d6069c1db27ee57d1bdb12e

Download Submit
\Windows\system\sIRqaFC.exe

Filesize
5.2MB

MD5
48957a17ac9e9edd38f03a852bec82f7

SHA1
a511bd03a1b3aca75471924cbe02ba2588a5f9b0

SHA256
93b499a5cca8d58623b1d7840a4e229e40d99a88fbd95e7911d9c1394fcbfe78

SHA512
ca202715c24c3adb6b4d01ac48c898d70ec9dd2822036a4dbad381d80167ac1e47d21171226470c72aa12bf846044029bc3bee1edb28667373713f4a079d5077

Download Submit
\Windows\system\zfbFBdR.exe

Filesize
5.2MB

MD5
49e5c435f852e2c55aa8b7826e745633

SHA1
a6577da4f7cc74670a68afefaa8883251de18b07

SHA256
daaf74bcb4826a98ee0cef52da8dfaa8e8f2ff8d456fe42ba3511c0958494ccf

SHA512
18fb35ca18f8626657841a2bff595f0c6b830385d0314682a1def160d8e783dd5a15d0ea68579d87aac66aae2f6673bc01dc8795269edeb02db423aa147c8750

Download Submit
memory/1112-2749-0x000000013F630000-0x000000013F981000-memory.dmp

Filesize
3.3MB

Download
memory/1112-94-0x000000013F630000-0x000000013F981000-memory.dmp

Filesize
3.3MB

Download
memory/1112-593-0x000000013F630000-0x000000013F981000-memory.dmp

Filesize
3.3MB

Download
memory/1468-111-0x000000013F5C0000-0x000000013F911000-memory.dmp

Filesize
3.3MB

Download
memory/1468-2739-0x000000013F5C0000-0x000000013F911000-memory.dmp

Filesize
3.3MB

Download
memory/1972-33-0x000000013F980000-0x000000013FCD1000-memory.dmp

Filesize
3.3MB

Download
memory/1972-46-0x000000013FE30000-0x0000000140181000-memory.dmp

Filesize
3.3MB

Download
memory/1972-1-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/1972-14-0x0000000002290000-0x00000000025E1000-memory.dmp

Filesize
3.3MB

Download
memory/1972-83-0x000000013F410000-0x000000013F761000-memory.dmp

Filesize
3.3MB

Download
memory/1972-592-0x0000000002290000-0x00000000025E1000-memory.dmp

Filesize
3.3MB

Download
memory/1972-0-0x000000013F980000-0x000000013FCD1000-memory.dmp

Filesize
3.3MB

Download
memory/1972-85-0x000000013F1B0000-0x000000013F501000-memory.dmp

Filesize
3.3MB

Download
memory/1972-86-0x0000000002290000-0x00000000025E1000-memory.dmp

Filesize
3.3MB

Download
memory/1972-109-0x000000013F340000-0x000000013F691000-memory.dmp

Filesize
3.3MB

Download
memory/1972-448-0x000000013F1B0000-0x000000013F501000-memory.dmp

Filesize
3.3MB

Download
memory/1972-88-0x0000000002290000-0x00000000025E1000-memory.dmp

Filesize
3.3MB

Download
memory/1972-107-0x000000013F5C0000-0x000000013F911000-memory.dmp

Filesize
3.3MB

Download
memory/1972-215-0x000000013FE30000-0x0000000140181000-memory.dmp

Filesize
3.3MB

Download
memory/1972-39-0x0000000002290000-0x00000000025E1000-memory.dmp

Filesize
3.3MB

Download
memory/1972-74-0x0000000002290000-0x00000000025E1000-memory.dmp

Filesize
3.3MB

Download
memory/1972-23-0x0000000002290000-0x00000000025E1000-memory.dmp

Filesize
3.3MB

Download
memory/1972-29-0x0000000002290000-0x00000000025E1000-memory.dmp

Filesize
3.3MB

Download
memory/2076-47-0x000000013F320000-0x000000013F671000-memory.dmp

Filesize
3.3MB

Download
memory/2076-21-0x000000013F320000-0x000000013F671000-memory.dmp

Filesize
3.3MB

Download
memory/2148-2626-0x000000013FE30000-0x0000000140181000-memory.dmp

Filesize
3.3MB

Download
memory/2148-64-0x000000013FE30000-0x0000000140181000-memory.dmp

Filesize
3.3MB

Download
memory/2228-84-0x000000013F7E0000-0x000000013FB31000-memory.dmp

Filesize
3.3MB

Download
memory/2228-27-0x000000013F7E0000-0x000000013FB31000-memory.dmp

Filesize
3.3MB

Download
memory/2228-2499-0x000000013F7E0000-0x000000013FB31000-memory.dmp

Filesize
3.3MB

Download
memory/2292-15-0x000000013F6E0000-0x000000013FA31000-memory.dmp

Filesize
3.3MB

Download
memory/2292-2360-0x000000013F6E0000-0x000000013FA31000-memory.dmp

Filesize
3.3MB

Download
memory/2340-2638-0x000000013F1B0000-0x000000013F501000-memory.dmp

Filesize
3.3MB

Download
memory/2340-87-0x000000013F1B0000-0x000000013F501000-memory.dmp

Filesize
3.3MB

Download
memory/2488-90-0x000000013F640000-0x000000013F991000-memory.dmp

Filesize
3.3MB

Download
memory/2488-34-0x000000013F640000-0x000000013F991000-memory.dmp

Filesize
3.3MB

Download
memory/2488-2510-0x000000013F640000-0x000000013F991000-memory.dmp

Filesize
3.3MB

Download
memory/2564-2370-0x000000013FEE0000-0x0000000140231000-memory.dmp

Filesize
3.3MB

Download
memory/2564-10-0x000000013FEE0000-0x0000000140231000-memory.dmp

Filesize
3.3MB

Download
memory/2564-36-0x000000013FEE0000-0x0000000140231000-memory.dmp

Filesize
3.3MB

Download
memory/2628-362-0x000000013F410000-0x000000013F761000-memory.dmp

Filesize
3.3MB

Download
memory/2628-78-0x000000013F410000-0x000000013F761000-memory.dmp

Filesize
3.3MB

Download
memory/2628-2654-0x000000013F410000-0x000000013F761000-memory.dmp

Filesize
3.3MB

Download
memory/2672-364-0x000000013FAA0000-0x000000013FDF1000-memory.dmp

Filesize
3.3MB

Download
memory/2672-81-0x000000013FAA0000-0x000000013FDF1000-memory.dmp

Filesize
3.3MB

Download
memory/2672-2642-0x000000013FAA0000-0x000000013FDF1000-memory.dmp

Filesize
3.3MB

Download
memory/2796-2490-0x000000013F5A0000-0x000000013F8F1000-memory.dmp

Filesize
3.3MB

Download
memory/2796-91-0x000000013F5A0000-0x000000013F8F1000-memory.dmp

Filesize
3.3MB

Download
memory/2796-40-0x000000013F5A0000-0x000000013F8F1000-memory.dmp

Filesize
3.3MB

Download
memory/2844-2650-0x000000013F720000-0x000000013FA71000-memory.dmp

Filesize
3.3MB

Download
memory/2844-79-0x000000013F720000-0x000000013FA71000-memory.dmp

Filesize
3.3MB

Download
memory/2844-363-0x000000013F720000-0x000000013FA71000-memory.dmp

Filesize
3.3MB

Download
memory/2848-361-0x000000013F8E0000-0x000000013FC31000-memory.dmp

Filesize
3.3MB

Download
memory/2848-2646-0x000000013F8E0000-0x000000013FC31000-memory.dmp

Filesize
3.3MB

Download
memory/2848-76-0x000000013F8E0000-0x000000013FC31000-memory.dmp

Filesize
3.3MB

Download