cobaltstrike | 2b3f35bad6d061405c8f8634e98e01314cc7383288d47df5c3299ab4b799fd30

Analysis

max time kernel
138s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-01-2025 05:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.1MB
MD5

86e84d65a93b41461622fe4e1da60263
SHA1

edbf29a6a8fa201d51bf5fcef5a9980f696d0008
SHA256

2b3f35bad6d061405c8f8634e98e01314cc7383288d47df5c3299ab4b799fd30
SHA512

98719d673a2f7d032cdbd6398e079ec92511ce4393fd64b7d4428dfc3f09336a811caafc63cab46be3ac848c654e9796e79fbcba551999cf173c16346aafa7cf
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUX:eOl56utgpPF8u/7X

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a00000001227e-6.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186ee-8.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186fd-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018728-33.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001878f-46.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000187a5-53.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001977d-185.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196af-175.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197f8-188.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196b1-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019619-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-139.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019611-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019617-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019613-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960f-103.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-96.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019609-81.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960b-88.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018683-72.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-66.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001925e-58.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018784-37.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001873d-27.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2936-0-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/files/0x000a00000001227e-6.dat	xmrig
behavioral1/files/0x00070000000186ee-8.dat	xmrig
behavioral1/files/0x00070000000186fd-12.dat	xmrig
behavioral1/memory/2052-28-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/files/0x0007000000018728-33.dat	xmrig
behavioral1/memory/2240-34-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/988-22-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/files/0x000600000001878f-46.dat	xmrig
behavioral1/memory/2936-60-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/files/0x00060000000187a5-53.dat	xmrig
behavioral1/memory/2240-76-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2736-83-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/1988-92-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019615-120.dat	xmrig
behavioral1/files/0x0005000000019625-165.dat	xmrig
behavioral1/files/0x000500000001977d-185.dat	xmrig
behavioral1/memory/2936-875-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2648-348-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/files/0x00050000000196af-175.dat	xmrig
behavioral1/files/0x00050000000197f8-188.dat	xmrig
behavioral1/files/0x00050000000196b1-178.dat	xmrig
behavioral1/files/0x0005000000019623-160.dat	xmrig
behavioral1/files/0x0005000000019667-168.dat	xmrig
behavioral1/files/0x000500000001961d-148.dat	xmrig
behavioral1/files/0x0005000000019621-144.dat	xmrig
behavioral1/files/0x0005000000019622-153.dat	xmrig
behavioral1/files/0x0005000000019619-126.dat	xmrig
behavioral1/files/0x000500000001961f-139.dat	xmrig
behavioral1/files/0x0005000000019611-110.dat	xmrig
behavioral1/files/0x000500000001961b-131.dat	xmrig
behavioral1/files/0x0005000000019617-124.dat	xmrig
behavioral1/files/0x0005000000019613-114.dat	xmrig
behavioral1/memory/2936-106-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001960f-103.dat	xmrig
behavioral1/memory/2456-100-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/1484-99-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/files/0x000500000001960d-96.dat	xmrig
behavioral1/memory/2188-85-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/files/0x0005000000019609-81.dat	xmrig
behavioral1/files/0x000500000001960b-88.dat	xmrig
behavioral1/memory/2648-75-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2936-74-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/files/0x0008000000018683-72.dat	xmrig
behavioral1/memory/2652-69-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c5-66.dat	xmrig
behavioral1/memory/2456-61-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/2852-59-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/files/0x000700000001925e-58.dat	xmrig
behavioral1/memory/2864-49-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/2736-39-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018784-37.dat	xmrig
behavioral1/memory/2788-32-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2936-30-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/files/0x000600000001873d-27.dat	xmrig
behavioral1/memory/2128-26-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2788-3093-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2052-3077-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2128-3076-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2240-3111-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/988-3079-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2852-3139-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2456-3162-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/1484-3211-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2052	rumlcdM.exe
988	zINAXoa.exe
2128	JgYwiHp.exe
2788	zyjMvSy.exe
2240	EAhlQYx.exe
2736	aJmGbJs.exe
2864	bIkritx.exe
2852	iDlvIdV.exe
2456	LGUfcrA.exe
2652	bxesHpW.exe
2648	kbEPLBo.exe
2188	MteMbUu.exe
1988	uHKOovO.exe
1484	trlfoVW.exe
1516	gEjLQUH.exe
2164	ClmnFfp.exe
1776	pCmrJTD.exe
1424	ruPYQud.exe
1056	YhMQPhd.exe
1796	aikMoir.exe
760	sTqWklR.exe
1768	PgNLaKw.exe
112	KzOEkvx.exe
1616	gQbFDIl.exe
2916	yaaRuoN.exe
2120	mSfahNq.exe
2472	LWkTboO.exe
3052	ZwCrtjo.exe
1700	IXbRfKR.exe
316	UkYopit.exe
2696	NHErixI.exe
1608	SWaWuvz.exe
2396	bbEoSqX.exe
2460	EFSzzrR.exe
860	tdBeZDS.exe
1252	PHwGHcq.exe
864	vCngBKK.exe
1688	WRlHqNp.exe
1792	bMkqnLb.exe
780	lWMFflM.exe
796	cPTvLAs.exe
1940	BmaOagV.exe
592	roLWOtQ.exe
2064	GxuQjcx.exe
1968	ghTDIAs.exe
2204	QEqZZBw.exe
2228	dRXgFof.exe
2556	gJKSoNh.exe
1704	cWkaBow.exe
3000	WfLjude.exe
2516	Reqyfuj.exe
1744	kdWAnOA.exe
2148	mXLRgZV.exe
776	RKneUVU.exe
2468	IcLTsrB.exe
2688	YvaXHrK.exe
2824	QZvsTXC.exe
2612	Kiddcxn.exe
2868	joNCzzm.exe
1572	lHGnfVm.exe
2840	QdLUcmv.exe
108	uVaTSht.exe
1772	OPvNzyj.exe
1936	gzswArD.exe

Loads dropped DLL 64 IoCs

pid	Process
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2936-0-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/files/0x000a00000001227e-6.dat	upx
behavioral1/files/0x00070000000186ee-8.dat	upx
behavioral1/files/0x00070000000186fd-12.dat	upx
behavioral1/memory/2052-28-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/files/0x0007000000018728-33.dat	upx
behavioral1/memory/2240-34-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/988-22-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/files/0x000600000001878f-46.dat	upx
behavioral1/memory/2936-60-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/files/0x00060000000187a5-53.dat	upx
behavioral1/memory/2240-76-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2736-83-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/1988-92-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/files/0x0005000000019615-120.dat	upx
behavioral1/files/0x0005000000019625-165.dat	upx
behavioral1/files/0x000500000001977d-185.dat	upx
behavioral1/memory/2648-348-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/files/0x00050000000196af-175.dat	upx
behavioral1/files/0x00050000000197f8-188.dat	upx
behavioral1/files/0x00050000000196b1-178.dat	upx
behavioral1/files/0x0005000000019623-160.dat	upx
behavioral1/files/0x0005000000019667-168.dat	upx
behavioral1/files/0x000500000001961d-148.dat	upx
behavioral1/files/0x0005000000019621-144.dat	upx
behavioral1/files/0x0005000000019622-153.dat	upx
behavioral1/files/0x0005000000019619-126.dat	upx
behavioral1/files/0x000500000001961f-139.dat	upx
behavioral1/files/0x0005000000019611-110.dat	upx
behavioral1/files/0x000500000001961b-131.dat	upx
behavioral1/files/0x0005000000019617-124.dat	upx
behavioral1/files/0x0005000000019613-114.dat	upx
behavioral1/files/0x000500000001960f-103.dat	upx
behavioral1/memory/2456-100-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/1484-99-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/files/0x000500000001960d-96.dat	upx
behavioral1/memory/2188-85-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/files/0x0005000000019609-81.dat	upx
behavioral1/files/0x000500000001960b-88.dat	upx
behavioral1/memory/2648-75-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/files/0x0008000000018683-72.dat	upx
behavioral1/memory/2652-69-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/files/0x00050000000195c5-66.dat	upx
behavioral1/memory/2456-61-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2852-59-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/files/0x000700000001925e-58.dat	upx
behavioral1/memory/2864-49-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/2736-39-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/files/0x0006000000018784-37.dat	upx
behavioral1/memory/2788-32-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/files/0x000600000001873d-27.dat	upx
behavioral1/memory/2128-26-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2788-3093-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2052-3077-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2128-3076-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2240-3111-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/988-3079-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2852-3139-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2456-3162-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/1484-3211-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2188-3191-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/1988-3167-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2648-3166-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2736-3161-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\apXjCab.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zcyMsYK.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rtndmtz.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zWNOtSC.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EBwBorg.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VxHnkSx.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kfWQvkg.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oUMYypo.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ROcQIHk.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QJzIIeJ.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aAPjxYz.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RirewTD.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GxooWSP.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DUFaMnk.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jkUBfDh.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IfPqlQA.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cPTvLAs.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TvuiggZ.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\brUDKvI.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AKImJYe.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HeggPPw.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UugMdzq.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kGUqXSq.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EIsYWzt.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JNZnKfM.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sRLQLNg.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GHorEMG.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kTTmyes.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RkOXZGT.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKBrbLX.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eyCOadG.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VXfeccS.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sppMfrB.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QYZlBlu.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TxRstVX.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WiOTnHy.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vJjFNBL.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HHAfZTy.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YoaUEcE.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NAtmuds.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UTwfYaP.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FaxIHaz.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UPWkqbn.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yNhabFd.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ujwYfZP.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qkVQtpd.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kAvSvzI.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eKeLlMW.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EQiVWvk.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uHKOovO.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hkofGrM.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EBIHYTr.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SGOGsTS.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OoKDEOn.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kdWAnOA.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gmpOYic.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cqcmyhW.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ywTDTNW.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nPoEHSi.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OyoykmJ.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nfWEodW.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QTWmllk.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KhRtmbL.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZlmQFUD.exe	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 2052	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2936 wrote to memory of 2052	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2936 wrote to memory of 2052	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2936 wrote to memory of 988	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2936 wrote to memory of 988	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2936 wrote to memory of 988	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2936 wrote to memory of 2128	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2936 wrote to memory of 2128	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2936 wrote to memory of 2128	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2936 wrote to memory of 2240	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2936 wrote to memory of 2240	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2936 wrote to memory of 2240	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2936 wrote to memory of 2788	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2936 wrote to memory of 2788	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2936 wrote to memory of 2788	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2936 wrote to memory of 2736	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2936 wrote to memory of 2736	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2936 wrote to memory of 2736	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2936 wrote to memory of 2864	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2936 wrote to memory of 2864	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2936 wrote to memory of 2864	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2936 wrote to memory of 2852	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2936 wrote to memory of 2852	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2936 wrote to memory of 2852	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2936 wrote to memory of 2456	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2936 wrote to memory of 2456	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2936 wrote to memory of 2456	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2936 wrote to memory of 2652	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2936 wrote to memory of 2652	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2936 wrote to memory of 2652	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2936 wrote to memory of 2648	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2936 wrote to memory of 2648	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2936 wrote to memory of 2648	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2936 wrote to memory of 2188	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2936 wrote to memory of 2188	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2936 wrote to memory of 2188	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2936 wrote to memory of 1988	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2936 wrote to memory of 1988	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2936 wrote to memory of 1988	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2936 wrote to memory of 1484	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2936 wrote to memory of 1484	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2936 wrote to memory of 1484	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2936 wrote to memory of 1516	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2936 wrote to memory of 1516	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2936 wrote to memory of 1516	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2936 wrote to memory of 2164	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2936 wrote to memory of 2164	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2936 wrote to memory of 2164	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2936 wrote to memory of 1776	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2936 wrote to memory of 1776	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2936 wrote to memory of 1776	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2936 wrote to memory of 1424	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2936 wrote to memory of 1424	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2936 wrote to memory of 1424	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2936 wrote to memory of 1056	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2936 wrote to memory of 1056	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2936 wrote to memory of 1056	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2936 wrote to memory of 1768	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2936 wrote to memory of 1768	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2936 wrote to memory of 1768	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2936 wrote to memory of 1796	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2936 wrote to memory of 1796	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2936 wrote to memory of 1796	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2936 wrote to memory of 112	2936	2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-25_86e84d65a93b41461622fe4e1da60263_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Windows\System\rumlcdM.exe
  C:\Windows\System\rumlcdM.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\zINAXoa.exe
  C:\Windows\System\zINAXoa.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\JgYwiHp.exe
  C:\Windows\System\JgYwiHp.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\EAhlQYx.exe
  C:\Windows\System\EAhlQYx.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\zyjMvSy.exe
  C:\Windows\System\zyjMvSy.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\aJmGbJs.exe
  C:\Windows\System\aJmGbJs.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\bIkritx.exe
  C:\Windows\System\bIkritx.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\iDlvIdV.exe
  C:\Windows\System\iDlvIdV.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\LGUfcrA.exe
  C:\Windows\System\LGUfcrA.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\bxesHpW.exe
  C:\Windows\System\bxesHpW.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\kbEPLBo.exe
  C:\Windows\System\kbEPLBo.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\MteMbUu.exe
  C:\Windows\System\MteMbUu.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\uHKOovO.exe
  C:\Windows\System\uHKOovO.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\trlfoVW.exe
  C:\Windows\System\trlfoVW.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\gEjLQUH.exe
  C:\Windows\System\gEjLQUH.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\ClmnFfp.exe
  C:\Windows\System\ClmnFfp.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\pCmrJTD.exe
  C:\Windows\System\pCmrJTD.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\ruPYQud.exe
  C:\Windows\System\ruPYQud.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\YhMQPhd.exe
  C:\Windows\System\YhMQPhd.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\PgNLaKw.exe
  C:\Windows\System\PgNLaKw.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\aikMoir.exe
  C:\Windows\System\aikMoir.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\KzOEkvx.exe
  C:\Windows\System\KzOEkvx.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\sTqWklR.exe
  C:\Windows\System\sTqWklR.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\yaaRuoN.exe
  C:\Windows\System\yaaRuoN.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\gQbFDIl.exe
  C:\Windows\System\gQbFDIl.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\mSfahNq.exe
  C:\Windows\System\mSfahNq.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\LWkTboO.exe
  C:\Windows\System\LWkTboO.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\ZwCrtjo.exe
  C:\Windows\System\ZwCrtjo.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\IXbRfKR.exe
  C:\Windows\System\IXbRfKR.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\UkYopit.exe
  C:\Windows\System\UkYopit.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\NHErixI.exe
  C:\Windows\System\NHErixI.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\SWaWuvz.exe
  C:\Windows\System\SWaWuvz.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\bbEoSqX.exe
  C:\Windows\System\bbEoSqX.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\EFSzzrR.exe
  C:\Windows\System\EFSzzrR.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\PHwGHcq.exe
  C:\Windows\System\PHwGHcq.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\tdBeZDS.exe
  C:\Windows\System\tdBeZDS.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\WRlHqNp.exe
  C:\Windows\System\WRlHqNp.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\vCngBKK.exe
  C:\Windows\System\vCngBKK.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\bMkqnLb.exe
  C:\Windows\System\bMkqnLb.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\lWMFflM.exe
  C:\Windows\System\lWMFflM.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\cPTvLAs.exe
  C:\Windows\System\cPTvLAs.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\BmaOagV.exe
  C:\Windows\System\BmaOagV.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\ghTDIAs.exe
  C:\Windows\System\ghTDIAs.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\roLWOtQ.exe
  C:\Windows\System\roLWOtQ.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\dRXgFof.exe
  C:\Windows\System\dRXgFof.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\GxuQjcx.exe
  C:\Windows\System\GxuQjcx.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\gJKSoNh.exe
  C:\Windows\System\gJKSoNh.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\QEqZZBw.exe
  C:\Windows\System\QEqZZBw.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\cWkaBow.exe
  C:\Windows\System\cWkaBow.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\WfLjude.exe
  C:\Windows\System\WfLjude.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\Reqyfuj.exe
  C:\Windows\System\Reqyfuj.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\kdWAnOA.exe
  C:\Windows\System\kdWAnOA.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\mXLRgZV.exe
  C:\Windows\System\mXLRgZV.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\RKneUVU.exe
  C:\Windows\System\RKneUVU.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\IcLTsrB.exe
  C:\Windows\System\IcLTsrB.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\YvaXHrK.exe
  C:\Windows\System\YvaXHrK.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\joNCzzm.exe
  C:\Windows\System\joNCzzm.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\QZvsTXC.exe
  C:\Windows\System\QZvsTXC.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\QdLUcmv.exe
  C:\Windows\System\QdLUcmv.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\Kiddcxn.exe
  C:\Windows\System\Kiddcxn.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\uVaTSht.exe
  C:\Windows\System\uVaTSht.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\lHGnfVm.exe
  C:\Windows\System\lHGnfVm.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\gzswArD.exe
  C:\Windows\System\gzswArD.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\OPvNzyj.exe
  C:\Windows\System\OPvNzyj.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\NfgzWtK.exe
  C:\Windows\System\NfgzWtK.exe
  2⤵
  PID:2132
- C:\Windows\System\jcYqXeF.exe
  C:\Windows\System\jcYqXeF.exe
  2⤵
  PID:540
- C:\Windows\System\rJjTZQa.exe
  C:\Windows\System\rJjTZQa.exe
  2⤵
  PID:1324
- C:\Windows\System\NlDibwA.exe
  C:\Windows\System\NlDibwA.exe
  2⤵
  PID:2080
- C:\Windows\System\CBeZZRC.exe
  C:\Windows\System\CBeZZRC.exe
  2⤵
  PID:1240
- C:\Windows\System\PFpKZVM.exe
  C:\Windows\System\PFpKZVM.exe
  2⤵
  PID:3064
- C:\Windows\System\qBJcJfM.exe
  C:\Windows\System\qBJcJfM.exe
  2⤵
  PID:2496
- C:\Windows\System\UHVugCL.exe
  C:\Windows\System\UHVugCL.exe
  2⤵
  PID:756
- C:\Windows\System\ZvksdyK.exe
  C:\Windows\System\ZvksdyK.exe
  2⤵
  PID:2436
- C:\Windows\System\VQWiWwn.exe
  C:\Windows\System\VQWiWwn.exe
  2⤵
  PID:608
- C:\Windows\System\BQOvMRK.exe
  C:\Windows\System\BQOvMRK.exe
  2⤵
  PID:1280
- C:\Windows\System\dRnChEF.exe
  C:\Windows\System\dRnChEF.exe
  2⤵
  PID:1380
- C:\Windows\System\KhoPCvO.exe
  C:\Windows\System\KhoPCvO.exe
  2⤵
  PID:2236
- C:\Windows\System\ICuBkiV.exe
  C:\Windows\System\ICuBkiV.exe
  2⤵
  PID:2528
- C:\Windows\System\FfhpkqE.exe
  C:\Windows\System\FfhpkqE.exe
  2⤵
  PID:900
- C:\Windows\System\FPHBWsq.exe
  C:\Windows\System\FPHBWsq.exe
  2⤵
  PID:2376
- C:\Windows\System\bKGGJPH.exe
  C:\Windows\System\bKGGJPH.exe
  2⤵
  PID:2340
- C:\Windows\System\NdocuoD.exe
  C:\Windows\System\NdocuoD.exe
  2⤵
  PID:1836
- C:\Windows\System\DAOGxMc.exe
  C:\Windows\System\DAOGxMc.exe
  2⤵
  PID:1544
- C:\Windows\System\XzoCijS.exe
  C:\Windows\System\XzoCijS.exe
  2⤵
  PID:1436
- C:\Windows\System\ykvxyYO.exe
  C:\Windows\System\ykvxyYO.exe
  2⤵
  PID:2524
- C:\Windows\System\maEVorm.exe
  C:\Windows\System\maEVorm.exe
  2⤵
  PID:2484
- C:\Windows\System\cUDUTci.exe
  C:\Windows\System\cUDUTci.exe
  2⤵
  PID:3036
- C:\Windows\System\vmymQRu.exe
  C:\Windows\System\vmymQRu.exe
  2⤵
  PID:1720
- C:\Windows\System\rqbsgwi.exe
  C:\Windows\System\rqbsgwi.exe
  2⤵
  PID:484
- C:\Windows\System\QBpFZQP.exe
  C:\Windows\System\QBpFZQP.exe
  2⤵
  PID:1564
- C:\Windows\System\PrUxCNR.exe
  C:\Windows\System\PrUxCNR.exe
  2⤵
  PID:2900
- C:\Windows\System\DIenfYq.exe
  C:\Windows\System\DIenfYq.exe
  2⤵
  PID:2520
- C:\Windows\System\DpOPTKl.exe
  C:\Windows\System\DpOPTKl.exe
  2⤵
  PID:2712
- C:\Windows\System\tHJMVhq.exe
  C:\Windows\System\tHJMVhq.exe
  2⤵
  PID:568
- C:\Windows\System\WVYgBnG.exe
  C:\Windows\System\WVYgBnG.exe
  2⤵
  PID:2296
- C:\Windows\System\iTPUznu.exe
  C:\Windows\System\iTPUznu.exe
  2⤵
  PID:3092
- C:\Windows\System\zlhBQMW.exe
  C:\Windows\System\zlhBQMW.exe
  2⤵
  PID:3112
- C:\Windows\System\biitLvt.exe
  C:\Windows\System\biitLvt.exe
  2⤵
  PID:3132
- C:\Windows\System\UlmNvYQ.exe
  C:\Windows\System\UlmNvYQ.exe
  2⤵
  PID:3152
- C:\Windows\System\tPbuXYO.exe
  C:\Windows\System\tPbuXYO.exe
  2⤵
  PID:3172
- C:\Windows\System\azGeSAs.exe
  C:\Windows\System\azGeSAs.exe
  2⤵
  PID:3192
- C:\Windows\System\iCFzuPu.exe
  C:\Windows\System\iCFzuPu.exe
  2⤵
  PID:3216
- C:\Windows\System\vAOIswU.exe
  C:\Windows\System\vAOIswU.exe
  2⤵
  PID:3236
- C:\Windows\System\yUvRoAC.exe
  C:\Windows\System\yUvRoAC.exe
  2⤵
  PID:3256
- C:\Windows\System\OOYtJzp.exe
  C:\Windows\System\OOYtJzp.exe
  2⤵
  PID:3272
- C:\Windows\System\tUUCDPg.exe
  C:\Windows\System\tUUCDPg.exe
  2⤵
  PID:3292
- C:\Windows\System\WNstgYe.exe
  C:\Windows\System\WNstgYe.exe
  2⤵
  PID:3308
- C:\Windows\System\BCJMVhh.exe
  C:\Windows\System\BCJMVhh.exe
  2⤵
  PID:3328
- C:\Windows\System\NUhxvSk.exe
  C:\Windows\System\NUhxvSk.exe
  2⤵
  PID:3352
- C:\Windows\System\KXMjQwm.exe
  C:\Windows\System\KXMjQwm.exe
  2⤵
  PID:3372
- C:\Windows\System\YtfKkNu.exe
  C:\Windows\System\YtfKkNu.exe
  2⤵
  PID:3392
- C:\Windows\System\gmpOYic.exe
  C:\Windows\System\gmpOYic.exe
  2⤵
  PID:3412
- C:\Windows\System\cqfHxeM.exe
  C:\Windows\System\cqfHxeM.exe
  2⤵
  PID:3432
- C:\Windows\System\cMrqkJB.exe
  C:\Windows\System\cMrqkJB.exe
  2⤵
  PID:3456
- C:\Windows\System\QWkIOoG.exe
  C:\Windows\System\QWkIOoG.exe
  2⤵
  PID:3476
- C:\Windows\System\LUFiWhP.exe
  C:\Windows\System\LUFiWhP.exe
  2⤵
  PID:3492
- C:\Windows\System\YUoboLz.exe
  C:\Windows\System\YUoboLz.exe
  2⤵
  PID:3512
- C:\Windows\System\pOcOgut.exe
  C:\Windows\System\pOcOgut.exe
  2⤵
  PID:3532
- C:\Windows\System\ZPoGdUQ.exe
  C:\Windows\System\ZPoGdUQ.exe
  2⤵
  PID:3552
- C:\Windows\System\skGUxOR.exe
  C:\Windows\System\skGUxOR.exe
  2⤵
  PID:3572
- C:\Windows\System\aoGdWmZ.exe
  C:\Windows\System\aoGdWmZ.exe
  2⤵
  PID:3588
- C:\Windows\System\kvvRfDi.exe
  C:\Windows\System\kvvRfDi.exe
  2⤵
  PID:3616
- C:\Windows\System\SaxLmvx.exe
  C:\Windows\System\SaxLmvx.exe
  2⤵
  PID:3636
- C:\Windows\System\FUGBkJS.exe
  C:\Windows\System\FUGBkJS.exe
  2⤵
  PID:3652
- C:\Windows\System\gBxRmcZ.exe
  C:\Windows\System\gBxRmcZ.exe
  2⤵
  PID:3676
- C:\Windows\System\WRUIked.exe
  C:\Windows\System\WRUIked.exe
  2⤵
  PID:3692
- C:\Windows\System\QyPZPuZ.exe
  C:\Windows\System\QyPZPuZ.exe
  2⤵
  PID:3716
- C:\Windows\System\YHGSWmO.exe
  C:\Windows\System\YHGSWmO.exe
  2⤵
  PID:3732
- C:\Windows\System\wpnHDRx.exe
  C:\Windows\System\wpnHDRx.exe
  2⤵
  PID:3752
- C:\Windows\System\xaUcQQO.exe
  C:\Windows\System\xaUcQQO.exe
  2⤵
  PID:3772
- C:\Windows\System\wsSepOp.exe
  C:\Windows\System\wsSepOp.exe
  2⤵
  PID:3800
- C:\Windows\System\gYghqHI.exe
  C:\Windows\System\gYghqHI.exe
  2⤵
  PID:3820
- C:\Windows\System\jjtKzNI.exe
  C:\Windows\System\jjtKzNI.exe
  2⤵
  PID:3836
- C:\Windows\System\ISyEyUw.exe
  C:\Windows\System\ISyEyUw.exe
  2⤵
  PID:3860
- C:\Windows\System\GnwWjDz.exe
  C:\Windows\System\GnwWjDz.exe
  2⤵
  PID:3876
- C:\Windows\System\xuMyGvz.exe
  C:\Windows\System\xuMyGvz.exe
  2⤵
  PID:3892
- C:\Windows\System\UNzuRgd.exe
  C:\Windows\System\UNzuRgd.exe
  2⤵
  PID:3908
- C:\Windows\System\bdOfhbp.exe
  C:\Windows\System\bdOfhbp.exe
  2⤵
  PID:3936
- C:\Windows\System\BnYOXBP.exe
  C:\Windows\System\BnYOXBP.exe
  2⤵
  PID:3956
- C:\Windows\System\jhfVSLU.exe
  C:\Windows\System\jhfVSLU.exe
  2⤵
  PID:3976
- C:\Windows\System\pCiLRIM.exe
  C:\Windows\System\pCiLRIM.exe
  2⤵
  PID:3992
- C:\Windows\System\cCNpDyo.exe
  C:\Windows\System\cCNpDyo.exe
  2⤵
  PID:4016
- C:\Windows\System\TbNwnAW.exe
  C:\Windows\System\TbNwnAW.exe
  2⤵
  PID:4032
- C:\Windows\System\CYwDTBR.exe
  C:\Windows\System\CYwDTBR.exe
  2⤵
  PID:4052
- C:\Windows\System\vnIaxOX.exe
  C:\Windows\System\vnIaxOX.exe
  2⤵
  PID:4068
- C:\Windows\System\ugBPcqE.exe
  C:\Windows\System\ugBPcqE.exe
  2⤵
  PID:4088
- C:\Windows\System\QBnsdkJ.exe
  C:\Windows\System\QBnsdkJ.exe
  2⤵
  PID:2100
- C:\Windows\System\AyZgFAF.exe
  C:\Windows\System\AyZgFAF.exe
  2⤵
  PID:2124
- C:\Windows\System\pEGisKD.exe
  C:\Windows\System\pEGisKD.exe
  2⤵
  PID:2244
- C:\Windows\System\omjgExb.exe
  C:\Windows\System\omjgExb.exe
  2⤵
  PID:2028
- C:\Windows\System\mOlUBNL.exe
  C:\Windows\System\mOlUBNL.exe
  2⤵
  PID:1300
- C:\Windows\System\vkSKHme.exe
  C:\Windows\System\vkSKHme.exe
  2⤵
  PID:2360
- C:\Windows\System\TgusMin.exe
  C:\Windows\System\TgusMin.exe
  2⤵
  PID:2344
- C:\Windows\System\JXzBHYf.exe
  C:\Windows\System\JXzBHYf.exe
  2⤵
  PID:2488
- C:\Windows\System\XMgrmSN.exe
  C:\Windows\System\XMgrmSN.exe
  2⤵
  PID:1372
- C:\Windows\System\KUpcfDr.exe
  C:\Windows\System\KUpcfDr.exe
  2⤵
  PID:2288
- C:\Windows\System\VpFYbDu.exe
  C:\Windows\System\VpFYbDu.exe
  2⤵
  PID:532
- C:\Windows\System\KEbKcJD.exe
  C:\Windows\System\KEbKcJD.exe
  2⤵
  PID:2144
- C:\Windows\System\YJXcXsd.exe
  C:\Windows\System\YJXcXsd.exe
  2⤵
  PID:2672
- C:\Windows\System\KSsmQAb.exe
  C:\Windows\System\KSsmQAb.exe
  2⤵
  PID:2756
- C:\Windows\System\ILfEgwo.exe
  C:\Windows\System\ILfEgwo.exe
  2⤵
  PID:3084
- C:\Windows\System\BmGThPP.exe
  C:\Windows\System\BmGThPP.exe
  2⤵
  PID:3120
- C:\Windows\System\VGhzIYd.exe
  C:\Windows\System\VGhzIYd.exe
  2⤵
  PID:3160
- C:\Windows\System\Smjctku.exe
  C:\Windows\System\Smjctku.exe
  2⤵
  PID:3232
- C:\Windows\System\xQXZfEt.exe
  C:\Windows\System\xQXZfEt.exe
  2⤵
  PID:3244
- C:\Windows\System\qvZgDPi.exe
  C:\Windows\System\qvZgDPi.exe
  2⤵
  PID:3336
- C:\Windows\System\coGPjsd.exe
  C:\Windows\System\coGPjsd.exe
  2⤵
  PID:3388
- C:\Windows\System\fUzgyXT.exe
  C:\Windows\System\fUzgyXT.exe
  2⤵
  PID:3316
- C:\Windows\System\eXMkfIH.exe
  C:\Windows\System\eXMkfIH.exe
  2⤵
  PID:3428
- C:\Windows\System\gtOBNem.exe
  C:\Windows\System\gtOBNem.exe
  2⤵
  PID:3424
- C:\Windows\System\cYIydYd.exe
  C:\Windows\System\cYIydYd.exe
  2⤵
  PID:3500
- C:\Windows\System\DYVJgzy.exe
  C:\Windows\System\DYVJgzy.exe
  2⤵
  PID:3452
- C:\Windows\System\vCjBjJz.exe
  C:\Windows\System\vCjBjJz.exe
  2⤵
  PID:3488
- C:\Windows\System\DldoBcL.exe
  C:\Windows\System\DldoBcL.exe
  2⤵
  PID:3564
- C:\Windows\System\MGaMSbv.exe
  C:\Windows\System\MGaMSbv.exe
  2⤵
  PID:3628
- C:\Windows\System\jmwebMa.exe
  C:\Windows\System\jmwebMa.exe
  2⤵
  PID:3700
- C:\Windows\System\KXNOVuD.exe
  C:\Windows\System\KXNOVuD.exe
  2⤵
  PID:3744
- C:\Windows\System\BoIhHBX.exe
  C:\Windows\System\BoIhHBX.exe
  2⤵
  PID:3612
- C:\Windows\System\xUlueiQ.exe
  C:\Windows\System\xUlueiQ.exe
  2⤵
  PID:3688
- C:\Windows\System\SMpjJHl.exe
  C:\Windows\System\SMpjJHl.exe
  2⤵
  PID:3784
- C:\Windows\System\pwWWSGG.exe
  C:\Windows\System\pwWWSGG.exe
  2⤵
  PID:3724
- C:\Windows\System\pyyDgRC.exe
  C:\Windows\System\pyyDgRC.exe
  2⤵
  PID:3900
- C:\Windows\System\LMUWspT.exe
  C:\Windows\System\LMUWspT.exe
  2⤵
  PID:3808
- C:\Windows\System\DonEYmF.exe
  C:\Windows\System\DonEYmF.exe
  2⤵
  PID:3856
- C:\Windows\System\ndRmTsA.exe
  C:\Windows\System\ndRmTsA.exe
  2⤵
  PID:3920
- C:\Windows\System\rofrPgw.exe
  C:\Windows\System\rofrPgw.exe
  2⤵
  PID:3968
- C:\Windows\System\jNoTVVB.exe
  C:\Windows\System\jNoTVVB.exe
  2⤵
  PID:4028
- C:\Windows\System\gXibSop.exe
  C:\Windows\System\gXibSop.exe
  2⤵
  PID:4012
- C:\Windows\System\uygCvrM.exe
  C:\Windows\System\uygCvrM.exe
  2⤵
  PID:1332
- C:\Windows\System\lsLCxOA.exe
  C:\Windows\System\lsLCxOA.exe
  2⤵
  PID:3748
- C:\Windows\System\xOUTYMA.exe
  C:\Windows\System\xOUTYMA.exe
  2⤵
  PID:4084
- C:\Windows\System\pqVFqfe.exe
  C:\Windows\System\pqVFqfe.exe
  2⤵
  PID:1732
- C:\Windows\System\gHBgjCo.exe
  C:\Windows\System\gHBgjCo.exe
  2⤵
  PID:1872
- C:\Windows\System\GQgqGqN.exe
  C:\Windows\System\GQgqGqN.exe
  2⤵
  PID:992
- C:\Windows\System\geEASUT.exe
  C:\Windows\System\geEASUT.exe
  2⤵
  PID:2920
- C:\Windows\System\fCDKXYk.exe
  C:\Windows\System\fCDKXYk.exe
  2⤵
  PID:2200
- C:\Windows\System\wvMOydk.exe
  C:\Windows\System\wvMOydk.exe
  2⤵
  PID:2008
- C:\Windows\System\LTtcahQ.exe
  C:\Windows\System\LTtcahQ.exe
  2⤵
  PID:1260
- C:\Windows\System\QCdaoye.exe
  C:\Windows\System\QCdaoye.exe
  2⤵
  PID:2224
- C:\Windows\System\RLQRkFM.exe
  C:\Windows\System\RLQRkFM.exe
  2⤵
  PID:3144
- C:\Windows\System\YgzLQUp.exe
  C:\Windows\System\YgzLQUp.exe
  2⤵
  PID:3208
- C:\Windows\System\nczkGOu.exe
  C:\Windows\System\nczkGOu.exe
  2⤵
  PID:3204
- C:\Windows\System\MpPFWCl.exe
  C:\Windows\System\MpPFWCl.exe
  2⤵
  PID:3380
- C:\Windows\System\KtIHOEY.exe
  C:\Windows\System\KtIHOEY.exe
  2⤵
  PID:3368
- C:\Windows\System\LFEnJWA.exe
  C:\Windows\System\LFEnJWA.exe
  2⤵
  PID:3468
- C:\Windows\System\uzOjWho.exe
  C:\Windows\System\uzOjWho.exe
  2⤵
  PID:3444
- C:\Windows\System\HMLRNXX.exe
  C:\Windows\System\HMLRNXX.exe
  2⤵
  PID:3740
- C:\Windows\System\XbBNxIy.exe
  C:\Windows\System\XbBNxIy.exe
  2⤵
  PID:3644
- C:\Windows\System\bgwgwju.exe
  C:\Windows\System\bgwgwju.exe
  2⤵
  PID:3728
- C:\Windows\System\fEitYBT.exe
  C:\Windows\System\fEitYBT.exe
  2⤵
  PID:3760
- C:\Windows\System\NUlddBo.exe
  C:\Windows\System\NUlddBo.exe
  2⤵
  PID:3788
- C:\Windows\System\BmJHsiI.exe
  C:\Windows\System\BmJHsiI.exe
  2⤵
  PID:3948
- C:\Windows\System\YTCWcRd.exe
  C:\Windows\System\YTCWcRd.exe
  2⤵
  PID:3888
- C:\Windows\System\rWhgHiE.exe
  C:\Windows\System\rWhgHiE.exe
  2⤵
  PID:4076
- C:\Windows\System\kZFRKVI.exe
  C:\Windows\System\kZFRKVI.exe
  2⤵
  PID:3848
- C:\Windows\System\ZdHOaUD.exe
  C:\Windows\System\ZdHOaUD.exe
  2⤵
  PID:4064
- C:\Windows\System\dGmWzPg.exe
  C:\Windows\System\dGmWzPg.exe
  2⤵
  PID:1116
- C:\Windows\System\NDZLydI.exe
  C:\Windows\System\NDZLydI.exe
  2⤵
  PID:3140
- C:\Windows\System\CypAAsw.exe
  C:\Windows\System\CypAAsw.exe
  2⤵
  PID:4000
- C:\Windows\System\XpaiPxJ.exe
  C:\Windows\System\XpaiPxJ.exe
  2⤵
  PID:892
- C:\Windows\System\WIxlZdy.exe
  C:\Windows\System\WIxlZdy.exe
  2⤵
  PID:2960
- C:\Windows\System\BNsdqhw.exe
  C:\Windows\System\BNsdqhw.exe
  2⤵
  PID:3124
- C:\Windows\System\UFLNIvz.exe
  C:\Windows\System\UFLNIvz.exe
  2⤵
  PID:3248
- C:\Windows\System\cwFsndf.exe
  C:\Windows\System\cwFsndf.exe
  2⤵
  PID:4100
- C:\Windows\System\rdEgwPz.exe
  C:\Windows\System\rdEgwPz.exe
  2⤵
  PID:4124
- C:\Windows\System\uIeNURr.exe
  C:\Windows\System\uIeNURr.exe
  2⤵
  PID:4144
- C:\Windows\System\JlIpuwj.exe
  C:\Windows\System\JlIpuwj.exe
  2⤵
  PID:4160
- C:\Windows\System\wJhLynx.exe
  C:\Windows\System\wJhLynx.exe
  2⤵
  PID:4176
- C:\Windows\System\HAhHFcU.exe
  C:\Windows\System\HAhHFcU.exe
  2⤵
  PID:4204
- C:\Windows\System\nRDjWBS.exe
  C:\Windows\System\nRDjWBS.exe
  2⤵
  PID:4224
- C:\Windows\System\uBgTKCq.exe
  C:\Windows\System\uBgTKCq.exe
  2⤵
  PID:4240
- C:\Windows\System\ezurxUa.exe
  C:\Windows\System\ezurxUa.exe
  2⤵
  PID:4256
- C:\Windows\System\mARqEYs.exe
  C:\Windows\System\mARqEYs.exe
  2⤵
  PID:4280
- C:\Windows\System\WIQoEGe.exe
  C:\Windows\System\WIQoEGe.exe
  2⤵
  PID:4308
- C:\Windows\System\MZNfGtv.exe
  C:\Windows\System\MZNfGtv.exe
  2⤵
  PID:4328
- C:\Windows\System\DDQnRLc.exe
  C:\Windows\System\DDQnRLc.exe
  2⤵
  PID:4348
- C:\Windows\System\VrxBglc.exe
  C:\Windows\System\VrxBglc.exe
  2⤵
  PID:4368
- C:\Windows\System\pcfTFCB.exe
  C:\Windows\System\pcfTFCB.exe
  2⤵
  PID:4384
- C:\Windows\System\yzvDocN.exe
  C:\Windows\System\yzvDocN.exe
  2⤵
  PID:4408
- C:\Windows\System\CEvBIDy.exe
  C:\Windows\System\CEvBIDy.exe
  2⤵
  PID:4424
- C:\Windows\System\hdUvDBr.exe
  C:\Windows\System\hdUvDBr.exe
  2⤵
  PID:4448
- C:\Windows\System\EuJYjjn.exe
  C:\Windows\System\EuJYjjn.exe
  2⤵
  PID:4468
- C:\Windows\System\WNjTnFs.exe
  C:\Windows\System\WNjTnFs.exe
  2⤵
  PID:4492
- C:\Windows\System\CtIxSTE.exe
  C:\Windows\System\CtIxSTE.exe
  2⤵
  PID:4508
- C:\Windows\System\dWnIIdE.exe
  C:\Windows\System\dWnIIdE.exe
  2⤵
  PID:4532
- C:\Windows\System\jfPqyHA.exe
  C:\Windows\System\jfPqyHA.exe
  2⤵
  PID:4548
- C:\Windows\System\uFpEWMS.exe
  C:\Windows\System\uFpEWMS.exe
  2⤵
  PID:4568
- C:\Windows\System\hWrEVGE.exe
  C:\Windows\System\hWrEVGE.exe
  2⤵
  PID:4588
- C:\Windows\System\JWLowkr.exe
  C:\Windows\System\JWLowkr.exe
  2⤵
  PID:4608
- C:\Windows\System\dUXzcll.exe
  C:\Windows\System\dUXzcll.exe
  2⤵
  PID:4624
- C:\Windows\System\zLaZFnv.exe
  C:\Windows\System\zLaZFnv.exe
  2⤵
  PID:4648
- C:\Windows\System\xugyXpR.exe
  C:\Windows\System\xugyXpR.exe
  2⤵
  PID:4668
- C:\Windows\System\bfzDJHN.exe
  C:\Windows\System\bfzDJHN.exe
  2⤵
  PID:4684
- C:\Windows\System\ULlaMJE.exe
  C:\Windows\System\ULlaMJE.exe
  2⤵
  PID:4700
- C:\Windows\System\rGULdRm.exe
  C:\Windows\System\rGULdRm.exe
  2⤵
  PID:4716
- C:\Windows\System\xAYJXFR.exe
  C:\Windows\System\xAYJXFR.exe
  2⤵
  PID:4732
- C:\Windows\System\FKBrbLX.exe
  C:\Windows\System\FKBrbLX.exe
  2⤵
  PID:4748
- C:\Windows\System\nsMUheD.exe
  C:\Windows\System\nsMUheD.exe
  2⤵
  PID:4764
- C:\Windows\System\rSjCZDS.exe
  C:\Windows\System\rSjCZDS.exe
  2⤵
  PID:4780
- C:\Windows\System\IaEsfQz.exe
  C:\Windows\System\IaEsfQz.exe
  2⤵
  PID:4796
- C:\Windows\System\kGUqXSq.exe
  C:\Windows\System\kGUqXSq.exe
  2⤵
  PID:4812
- C:\Windows\System\rlDJpYg.exe
  C:\Windows\System\rlDJpYg.exe
  2⤵
  PID:4856
- C:\Windows\System\mZoTtgS.exe
  C:\Windows\System\mZoTtgS.exe
  2⤵
  PID:4900
- C:\Windows\System\snDHMvF.exe
  C:\Windows\System\snDHMvF.exe
  2⤵
  PID:4916
- C:\Windows\System\ZnCpzDE.exe
  C:\Windows\System\ZnCpzDE.exe
  2⤵
  PID:4940
- C:\Windows\System\LHHsMCp.exe
  C:\Windows\System\LHHsMCp.exe
  2⤵
  PID:4960
- C:\Windows\System\eiyImzy.exe
  C:\Windows\System\eiyImzy.exe
  2⤵
  PID:4980
- C:\Windows\System\yHolBIn.exe
  C:\Windows\System\yHolBIn.exe
  2⤵
  PID:4996
- C:\Windows\System\xAGbTkf.exe
  C:\Windows\System\xAGbTkf.exe
  2⤵
  PID:5016
- C:\Windows\System\ZVyPber.exe
  C:\Windows\System\ZVyPber.exe
  2⤵
  PID:5036
- C:\Windows\System\DmTbPxJ.exe
  C:\Windows\System\DmTbPxJ.exe
  2⤵
  PID:5052
- C:\Windows\System\TRKyFel.exe
  C:\Windows\System\TRKyFel.exe
  2⤵
  PID:5072
- C:\Windows\System\cKXHGnS.exe
  C:\Windows\System\cKXHGnS.exe
  2⤵
  PID:5096
- C:\Windows\System\WMnMApP.exe
  C:\Windows\System\WMnMApP.exe
  2⤵
  PID:5116
- C:\Windows\System\lbrGXuN.exe
  C:\Windows\System\lbrGXuN.exe
  2⤵
  PID:3284
- C:\Windows\System\wDiEREv.exe
  C:\Windows\System\wDiEREv.exe
  2⤵
  PID:3420
- C:\Windows\System\lRJilhC.exe
  C:\Windows\System\lRJilhC.exe
  2⤵
  PID:3544
- C:\Windows\System\DABKxxp.exe
  C:\Windows\System\DABKxxp.exe
  2⤵
  PID:3832
- C:\Windows\System\UcwAWva.exe
  C:\Windows\System\UcwAWva.exe
  2⤵
  PID:3884
- C:\Windows\System\jVQRjfb.exe
  C:\Windows\System\jVQRjfb.exe
  2⤵
  PID:3844
- C:\Windows\System\bCkNhjS.exe
  C:\Windows\System\bCkNhjS.exe
  2⤵
  PID:3668
- C:\Windows\System\ZLUyeWv.exe
  C:\Windows\System\ZLUyeWv.exe
  2⤵
  PID:4024
- C:\Windows\System\zfdUTKS.exe
  C:\Windows\System\zfdUTKS.exe
  2⤵
  PID:3944
- C:\Windows\System\kipiWKW.exe
  C:\Windows\System\kipiWKW.exe
  2⤵
  PID:3168
- C:\Windows\System\XyUCoXI.exe
  C:\Windows\System\XyUCoXI.exe
  2⤵
  PID:320
- C:\Windows\System\BGzlHbe.exe
  C:\Windows\System\BGzlHbe.exe
  2⤵
  PID:4120
- C:\Windows\System\FZmYENu.exe
  C:\Windows\System\FZmYENu.exe
  2⤵
  PID:1020
- C:\Windows\System\KRbVnXw.exe
  C:\Windows\System\KRbVnXw.exe
  2⤵
  PID:3464
- C:\Windows\System\nhTKTlf.exe
  C:\Windows\System\nhTKTlf.exe
  2⤵
  PID:4136
- C:\Windows\System\KNSuUyZ.exe
  C:\Windows\System\KNSuUyZ.exe
  2⤵
  PID:4196
- C:\Windows\System\YDXjdqA.exe
  C:\Windows\System\YDXjdqA.exe
  2⤵
  PID:4236
- C:\Windows\System\TZRlykR.exe
  C:\Windows\System\TZRlykR.exe
  2⤵
  PID:4272
- C:\Windows\System\FOqlgNG.exe
  C:\Windows\System\FOqlgNG.exe
  2⤵
  PID:4172
- C:\Windows\System\STETxeq.exe
  C:\Windows\System\STETxeq.exe
  2⤵
  PID:4212
- C:\Windows\System\taMlwUQ.exe
  C:\Windows\System\taMlwUQ.exe
  2⤵
  PID:4296
- C:\Windows\System\lcWNxof.exe
  C:\Windows\System\lcWNxof.exe
  2⤵
  PID:4400
- C:\Windows\System\oxVgoqF.exe
  C:\Windows\System\oxVgoqF.exe
  2⤵
  PID:4436
- C:\Windows\System\jyzWYjI.exe
  C:\Windows\System\jyzWYjI.exe
  2⤵
  PID:4480
- C:\Windows\System\MFJwtDi.exe
  C:\Windows\System\MFJwtDi.exe
  2⤵
  PID:4524
- C:\Windows\System\bXYGuzS.exe
  C:\Windows\System\bXYGuzS.exe
  2⤵
  PID:4380
- C:\Windows\System\GjTdmRI.exe
  C:\Windows\System\GjTdmRI.exe
  2⤵
  PID:4600
- C:\Windows\System\gwPnAKm.exe
  C:\Windows\System\gwPnAKm.exe
  2⤵
  PID:4644
- C:\Windows\System\ZlmQFUD.exe
  C:\Windows\System\ZlmQFUD.exe
  2⤵
  PID:4540
- C:\Windows\System\bSncXOM.exe
  C:\Windows\System\bSncXOM.exe
  2⤵
  PID:4616
- C:\Windows\System\BjVBlOs.exe
  C:\Windows\System\BjVBlOs.exe
  2⤵
  PID:4744
- C:\Windows\System\TvuiggZ.exe
  C:\Windows\System\TvuiggZ.exe
  2⤵
  PID:4808
- C:\Windows\System\hBpDlwr.exe
  C:\Windows\System\hBpDlwr.exe
  2⤵
  PID:4788
- C:\Windows\System\cBMwvOn.exe
  C:\Windows\System\cBMwvOn.exe
  2⤵
  PID:4840
- C:\Windows\System\MLNaLiw.exe
  C:\Windows\System\MLNaLiw.exe
  2⤵
  PID:4756
- C:\Windows\System\VMeDwoB.exe
  C:\Windows\System\VMeDwoB.exe
  2⤵
  PID:4620
- C:\Windows\System\imhkICG.exe
  C:\Windows\System\imhkICG.exe
  2⤵
  PID:4872
- C:\Windows\System\brUDKvI.exe
  C:\Windows\System\brUDKvI.exe
  2⤵
  PID:4896
- C:\Windows\System\IfqBkHn.exe
  C:\Windows\System\IfqBkHn.exe
  2⤵
  PID:4848
- C:\Windows\System\yLzzrqz.exe
  C:\Windows\System\yLzzrqz.exe
  2⤵
  PID:4912
- C:\Windows\System\OolwWaP.exe
  C:\Windows\System\OolwWaP.exe
  2⤵
  PID:5044
- C:\Windows\System\LeVjwZV.exe
  C:\Windows\System\LeVjwZV.exe
  2⤵
  PID:5092
- C:\Windows\System\Gurrxgc.exe
  C:\Windows\System\Gurrxgc.exe
  2⤵
  PID:5088
- C:\Windows\System\FDRfjSn.exe
  C:\Windows\System\FDRfjSn.exe
  2⤵
  PID:3264
- C:\Windows\System\mLdYBgp.exe
  C:\Windows\System\mLdYBgp.exe
  2⤵
  PID:3288
- C:\Windows\System\EIsYWzt.exe
  C:\Windows\System\EIsYWzt.exe
  2⤵
  PID:4040
- C:\Windows\System\INnsheO.exe
  C:\Windows\System\INnsheO.exe
  2⤵
  PID:3932
- C:\Windows\System\nCQVmWa.exe
  C:\Windows\System\nCQVmWa.exe
  2⤵
  PID:3632
- C:\Windows\System\aiiklTU.exe
  C:\Windows\System\aiiklTU.exe
  2⤵
  PID:2420
- C:\Windows\System\mOzMPjT.exe
  C:\Windows\System\mOzMPjT.exe
  2⤵
  PID:3872
- C:\Windows\System\jMcahjn.exe
  C:\Windows\System\jMcahjn.exe
  2⤵
  PID:2532
- C:\Windows\System\IcugHHk.exe
  C:\Windows\System\IcugHHk.exe
  2⤵
  PID:2196
- C:\Windows\System\mpFCQcN.exe
  C:\Windows\System\mpFCQcN.exe
  2⤵
  PID:4288
- C:\Windows\System\uBHBZCn.exe
  C:\Windows\System\uBHBZCn.exe
  2⤵
  PID:4440
- C:\Windows\System\rXDAYRX.exe
  C:\Windows\System\rXDAYRX.exe
  2⤵
  PID:4444
- C:\Windows\System\mQLpmTm.exe
  C:\Windows\System\mQLpmTm.exe
  2⤵
  PID:2212
- C:\Windows\System\jxsGoJA.exe
  C:\Windows\System\jxsGoJA.exe
  2⤵
  PID:4456
- C:\Windows\System\XVJmvLz.exe
  C:\Windows\System\XVJmvLz.exe
  2⤵
  PID:4344
- C:\Windows\System\hkBWeSP.exe
  C:\Windows\System\hkBWeSP.exe
  2⤵
  PID:4564
- C:\Windows\System\ofLojqH.exe
  C:\Windows\System\ofLojqH.exe
  2⤵
  PID:4268
- C:\Windows\System\YMRLLKr.exe
  C:\Windows\System\YMRLLKr.exe
  2⤵
  PID:4596
- C:\Windows\System\KyMjaim.exe
  C:\Windows\System\KyMjaim.exe
  2⤵
  PID:4680
- C:\Windows\System\zBforSP.exe
  C:\Windows\System\zBforSP.exe
  2⤵
  PID:1496
- C:\Windows\System\cqcmyhW.exe
  C:\Windows\System\cqcmyhW.exe
  2⤵
  PID:4632
- C:\Windows\System\RHlfWss.exe
  C:\Windows\System\RHlfWss.exe
  2⤵
  PID:4828
- C:\Windows\System\YImeNMC.exe
  C:\Windows\System\YImeNMC.exe
  2⤵
  PID:4724
- C:\Windows\System\mNFuPSN.exe
  C:\Windows\System\mNFuPSN.exe
  2⤵
  PID:4864
- C:\Windows\System\ERPpinn.exe
  C:\Windows\System\ERPpinn.exe
  2⤵
  PID:4696
- C:\Windows\System\BodAJQf.exe
  C:\Windows\System\BodAJQf.exe
  2⤵
  PID:5008
- C:\Windows\System\czsUqSw.exe
  C:\Windows\System\czsUqSw.exe
  2⤵
  PID:4952
- C:\Windows\System\zaRezhL.exe
  C:\Windows\System\zaRezhL.exe
  2⤵
  PID:4968
- C:\Windows\System\csCEHYN.exe
  C:\Windows\System\csCEHYN.exe
  2⤵
  PID:3964
- C:\Windows\System\YbysGBN.exe
  C:\Windows\System\YbysGBN.exe
  2⤵
  PID:3148
- C:\Windows\System\SoCooZQ.exe
  C:\Windows\System\SoCooZQ.exe
  2⤵
  PID:3648
- C:\Windows\System\qivmQGM.exe
  C:\Windows\System\qivmQGM.exe
  2⤵
  PID:952
- C:\Windows\System\eYkQorM.exe
  C:\Windows\System\eYkQorM.exe
  2⤵
  PID:5112
- C:\Windows\System\KnGcnOd.exe
  C:\Windows\System\KnGcnOd.exe
  2⤵
  PID:4324
- C:\Windows\System\PIAmsJw.exe
  C:\Windows\System\PIAmsJw.exe
  2⤵
  PID:3988
- C:\Windows\System\MskFhCm.exe
  C:\Windows\System\MskFhCm.exe
  2⤵
  PID:3252
- C:\Windows\System\tdenlFe.exe
  C:\Windows\System\tdenlFe.exe
  2⤵
  PID:4432
- C:\Windows\System\eDGFpXP.exe
  C:\Windows\System\eDGFpXP.exe
  2⤵
  PID:3304
- C:\Windows\System\stvfiYh.exe
  C:\Windows\System\stvfiYh.exe
  2⤵
  PID:4500
- C:\Windows\System\RfgWdvV.exe
  C:\Windows\System\RfgWdvV.exe
  2⤵
  PID:4360
- C:\Windows\System\deWdHSq.exe
  C:\Windows\System\deWdHSq.exe
  2⤵
  PID:2308
- C:\Windows\System\tUyZNnl.exe
  C:\Windows\System\tUyZNnl.exe
  2⤵
  PID:4868
- C:\Windows\System\zUCTOuz.exe
  C:\Windows\System\zUCTOuz.exe
  2⤵
  PID:1648
- C:\Windows\System\jfbBrDX.exe
  C:\Windows\System\jfbBrDX.exe
  2⤵
  PID:4888
- C:\Windows\System\HyJcukw.exe
  C:\Windows\System\HyJcukw.exe
  2⤵
  PID:4884
- C:\Windows\System\eDisdlk.exe
  C:\Windows\System\eDisdlk.exe
  2⤵
  PID:5136
- C:\Windows\System\FTHYuRP.exe
  C:\Windows\System\FTHYuRP.exe
  2⤵
  PID:5152
- C:\Windows\System\eBCkFWt.exe
  C:\Windows\System\eBCkFWt.exe
  2⤵
  PID:5168
- C:\Windows\System\VYKNaGo.exe
  C:\Windows\System\VYKNaGo.exe
  2⤵
  PID:5184
- C:\Windows\System\VDfPxCZ.exe
  C:\Windows\System\VDfPxCZ.exe
  2⤵
  PID:5220
- C:\Windows\System\jOyLqGI.exe
  C:\Windows\System\jOyLqGI.exe
  2⤵
  PID:5240
- C:\Windows\System\SahdWvs.exe
  C:\Windows\System\SahdWvs.exe
  2⤵
  PID:5256
- C:\Windows\System\BaEbSXZ.exe
  C:\Windows\System\BaEbSXZ.exe
  2⤵
  PID:5280
- C:\Windows\System\crnMhkX.exe
  C:\Windows\System\crnMhkX.exe
  2⤵
  PID:5304
- C:\Windows\System\eHLBfnK.exe
  C:\Windows\System\eHLBfnK.exe
  2⤵
  PID:5320
- C:\Windows\System\DPaDEim.exe
  C:\Windows\System\DPaDEim.exe
  2⤵
  PID:5344
- C:\Windows\System\hnrRtvy.exe
  C:\Windows\System\hnrRtvy.exe
  2⤵
  PID:5364
- C:\Windows\System\sxnBhye.exe
  C:\Windows\System\sxnBhye.exe
  2⤵
  PID:5380
- C:\Windows\System\wSNKVZn.exe
  C:\Windows\System\wSNKVZn.exe
  2⤵
  PID:5408
- C:\Windows\System\gSYPPZO.exe
  C:\Windows\System\gSYPPZO.exe
  2⤵
  PID:5428
- C:\Windows\System\qMYjztc.exe
  C:\Windows\System\qMYjztc.exe
  2⤵
  PID:5460
- C:\Windows\System\JHkCsJm.exe
  C:\Windows\System\JHkCsJm.exe
  2⤵
  PID:5480
- C:\Windows\System\eSjajcx.exe
  C:\Windows\System\eSjajcx.exe
  2⤵
  PID:5500
- C:\Windows\System\VvezRZp.exe
  C:\Windows\System\VvezRZp.exe
  2⤵
  PID:5520
- C:\Windows\System\mnnHhCH.exe
  C:\Windows\System\mnnHhCH.exe
  2⤵
  PID:5540
- C:\Windows\System\mRFYPGE.exe
  C:\Windows\System\mRFYPGE.exe
  2⤵
  PID:5560
- C:\Windows\System\eeTadWw.exe
  C:\Windows\System\eeTadWw.exe
  2⤵
  PID:5580
- C:\Windows\System\DZbGzMd.exe
  C:\Windows\System\DZbGzMd.exe
  2⤵
  PID:5600
- C:\Windows\System\ljspwDE.exe
  C:\Windows\System\ljspwDE.exe
  2⤵
  PID:5620
- C:\Windows\System\HXVtFTc.exe
  C:\Windows\System\HXVtFTc.exe
  2⤵
  PID:5636
- C:\Windows\System\ZXBKaAo.exe
  C:\Windows\System\ZXBKaAo.exe
  2⤵
  PID:5660
- C:\Windows\System\RULZMdt.exe
  C:\Windows\System\RULZMdt.exe
  2⤵
  PID:5680
- C:\Windows\System\KLkZJoV.exe
  C:\Windows\System\KLkZJoV.exe
  2⤵
  PID:5700
- C:\Windows\System\uVsjyvl.exe
  C:\Windows\System\uVsjyvl.exe
  2⤵
  PID:5720
- C:\Windows\System\ofzXPGX.exe
  C:\Windows\System\ofzXPGX.exe
  2⤵
  PID:5736
- C:\Windows\System\yLmKptT.exe
  C:\Windows\System\yLmKptT.exe
  2⤵
  PID:5764
- C:\Windows\System\AQoEyhd.exe
  C:\Windows\System\AQoEyhd.exe
  2⤵
  PID:5780
- C:\Windows\System\DfrYyLN.exe
  C:\Windows\System\DfrYyLN.exe
  2⤵
  PID:5800
- C:\Windows\System\RjFYFYP.exe
  C:\Windows\System\RjFYFYP.exe
  2⤵
  PID:5824
- C:\Windows\System\RsbVxKS.exe
  C:\Windows\System\RsbVxKS.exe
  2⤵
  PID:5844
- C:\Windows\System\thrmHVL.exe
  C:\Windows\System\thrmHVL.exe
  2⤵
  PID:5860
- C:\Windows\System\XfVZDiB.exe
  C:\Windows\System\XfVZDiB.exe
  2⤵
  PID:5880
- C:\Windows\System\cBecvim.exe
  C:\Windows\System\cBecvim.exe
  2⤵
  PID:5900
- C:\Windows\System\rMWzogL.exe
  C:\Windows\System\rMWzogL.exe
  2⤵
  PID:5916
- C:\Windows\System\yfBPpyD.exe
  C:\Windows\System\yfBPpyD.exe
  2⤵
  PID:5936
- C:\Windows\System\brzbOWq.exe
  C:\Windows\System\brzbOWq.exe
  2⤵
  PID:5956
- C:\Windows\System\eWgupvZ.exe
  C:\Windows\System\eWgupvZ.exe
  2⤵
  PID:5984
- C:\Windows\System\GctVyrW.exe
  C:\Windows\System\GctVyrW.exe
  2⤵
  PID:6000
- C:\Windows\System\rcfmDEk.exe
  C:\Windows\System\rcfmDEk.exe
  2⤵
  PID:6020
- C:\Windows\System\PNHyfDF.exe
  C:\Windows\System\PNHyfDF.exe
  2⤵
  PID:6040
- C:\Windows\System\VQpDZKY.exe
  C:\Windows\System\VQpDZKY.exe
  2⤵
  PID:6060
- C:\Windows\System\DyLtXat.exe
  C:\Windows\System\DyLtXat.exe
  2⤵
  PID:6080
- C:\Windows\System\pZJSRLs.exe
  C:\Windows\System\pZJSRLs.exe
  2⤵
  PID:6100
- C:\Windows\System\IqfIPZW.exe
  C:\Windows\System\IqfIPZW.exe
  2⤵
  PID:6120
- C:\Windows\System\KTCQNTO.exe
  C:\Windows\System\KTCQNTO.exe
  2⤵
  PID:6140
- C:\Windows\System\VNHehhq.exe
  C:\Windows\System\VNHehhq.exe
  2⤵
  PID:3712
- C:\Windows\System\tPnETzx.exe
  C:\Windows\System\tPnETzx.exe
  2⤵
  PID:2832
- C:\Windows\System\FtpCSFU.exe
  C:\Windows\System\FtpCSFU.exe
  2⤵
  PID:4304
- C:\Windows\System\eyCOadG.exe
  C:\Windows\System\eyCOadG.exe
  2⤵
  PID:4712
- C:\Windows\System\ClDaClx.exe
  C:\Windows\System\ClDaClx.exe
  2⤵
  PID:3032
- C:\Windows\System\vojLLkk.exe
  C:\Windows\System\vojLLkk.exe
  2⤵
  PID:3484
- C:\Windows\System\DyxWGio.exe
  C:\Windows\System\DyxWGio.exe
  2⤵
  PID:2704
- C:\Windows\System\pyAYwWW.exe
  C:\Windows\System\pyAYwWW.exe
  2⤵
  PID:5132
- C:\Windows\System\drKDSFj.exe
  C:\Windows\System\drKDSFj.exe
  2⤵
  PID:5196
- C:\Windows\System\umXRcwj.exe
  C:\Windows\System\umXRcwj.exe
  2⤵
  PID:5216
- C:\Windows\System\enKbhlH.exe
  C:\Windows\System\enKbhlH.exe
  2⤵
  PID:4152
- C:\Windows\System\ISCNtYY.exe
  C:\Windows\System\ISCNtYY.exe
  2⤵
  PID:3360
- C:\Windows\System\POITODs.exe
  C:\Windows\System\POITODs.exe
  2⤵
  PID:5296
- C:\Windows\System\HlYqQia.exe
  C:\Windows\System\HlYqQia.exe
  2⤵
  PID:5332
- C:\Windows\System\gJrjTwA.exe
  C:\Windows\System\gJrjTwA.exe
  2⤵
  PID:4956
- C:\Windows\System\AEoyJhF.exe
  C:\Windows\System\AEoyJhF.exe
  2⤵
  PID:5372
- C:\Windows\System\mVsqeIJ.exe
  C:\Windows\System\mVsqeIJ.exe
  2⤵
  PID:1820
- C:\Windows\System\OljQrUa.exe
  C:\Windows\System\OljQrUa.exe
  2⤵
  PID:5236
- C:\Windows\System\iWbgVXn.exe
  C:\Windows\System\iWbgVXn.exe
  2⤵
  PID:5420
- C:\Windows\System\vIqlSSe.exe
  C:\Windows\System\vIqlSSe.exe
  2⤵
  PID:5264
- C:\Windows\System\ZaGjONA.exe
  C:\Windows\System\ZaGjONA.exe
  2⤵
  PID:5316
- C:\Windows\System\eMhtGKv.exe
  C:\Windows\System\eMhtGKv.exe
  2⤵
  PID:5472
- C:\Windows\System\qkVQtpd.exe
  C:\Windows\System\qkVQtpd.exe
  2⤵
  PID:5436
- C:\Windows\System\GtIYajp.exe
  C:\Windows\System\GtIYajp.exe
  2⤵
  PID:5548
- C:\Windows\System\QtUMWQG.exe
  C:\Windows\System\QtUMWQG.exe
  2⤵
  PID:2796
- C:\Windows\System\mBeBwto.exe
  C:\Windows\System\mBeBwto.exe
  2⤵
  PID:5488
- C:\Windows\System\SUDMJBt.exe
  C:\Windows\System\SUDMJBt.exe
  2⤵
  PID:5596
- C:\Windows\System\fgWERvg.exe
  C:\Windows\System\fgWERvg.exe
  2⤵
  PID:4488
- C:\Windows\System\BJviZtu.exe
  C:\Windows\System\BJviZtu.exe
  2⤵
  PID:5648
- C:\Windows\System\xXtvEsy.exe
  C:\Windows\System\xXtvEsy.exe
  2⤵
  PID:5644
- C:\Windows\System\GVLjoBS.exe
  C:\Windows\System\GVLjoBS.exe
  2⤵
  PID:5744
- C:\Windows\System\mTjaShF.exe
  C:\Windows\System\mTjaShF.exe
  2⤵
  PID:5752
- C:\Windows\System\rIWPfjk.exe
  C:\Windows\System\rIWPfjk.exe
  2⤵
  PID:5832
- C:\Windows\System\dgEryJb.exe
  C:\Windows\System\dgEryJb.exe
  2⤵
  PID:5772
- C:\Windows\System\MzDopGv.exe
  C:\Windows\System\MzDopGv.exe
  2⤵
  PID:5816
- C:\Windows\System\fzHBqGl.exe
  C:\Windows\System\fzHBqGl.exe
  2⤵
  PID:5852
- C:\Windows\System\YGtCXkJ.exe
  C:\Windows\System\YGtCXkJ.exe
  2⤵
  PID:5952
- C:\Windows\System\TLtFqYj.exe
  C:\Windows\System\TLtFqYj.exe
  2⤵
  PID:5928
- C:\Windows\System\YoMerku.exe
  C:\Windows\System\YoMerku.exe
  2⤵
  PID:6036
- C:\Windows\System\tMgVofQ.exe
  C:\Windows\System\tMgVofQ.exe
  2⤵
  PID:5964
- C:\Windows\System\KPbMQcm.exe
  C:\Windows\System\KPbMQcm.exe
  2⤵
  PID:5976
- C:\Windows\System\tXYvxfZ.exe
  C:\Windows\System\tXYvxfZ.exe
  2⤵
  PID:6052
- C:\Windows\System\AeRxQpR.exe
  C:\Windows\System\AeRxQpR.exe
  2⤵
  PID:5024
- C:\Windows\System\kmvpyvx.exe
  C:\Windows\System\kmvpyvx.exe
  2⤵
  PID:4484
- C:\Windows\System\zwrpFcq.exe
  C:\Windows\System\zwrpFcq.exe
  2⤵
  PID:6136
- C:\Windows\System\hysQILy.exe
  C:\Windows\System\hysQILy.exe
  2⤵
  PID:1236
- C:\Windows\System\ywKeKHY.exe
  C:\Windows\System\ywKeKHY.exe
  2⤵
  PID:3928
- C:\Windows\System\hGXDtYD.exe
  C:\Windows\System\hGXDtYD.exe
  2⤵
  PID:3568
- C:\Windows\System\cBeQuKu.exe
  C:\Windows\System\cBeQuKu.exe
  2⤵
  PID:5204
- C:\Windows\System\skhKGua.exe
  C:\Windows\System\skhKGua.exe
  2⤵
  PID:4740
- C:\Windows\System\feIsykn.exe
  C:\Windows\System\feIsykn.exe
  2⤵
  PID:4220
- C:\Windows\System\xLbYmzr.exe
  C:\Windows\System\xLbYmzr.exe
  2⤵
  PID:2628
- C:\Windows\System\EQLonAX.exe
  C:\Windows\System\EQLonAX.exe
  2⤵
  PID:5292
- C:\Windows\System\fCTIljL.exe
  C:\Windows\System\fCTIljL.exe
  2⤵
  PID:4376
- C:\Windows\System\ARtbPBV.exe
  C:\Windows\System\ARtbPBV.exe
  2⤵
  PID:5144
- C:\Windows\System\stEwYUo.exe
  C:\Windows\System\stEwYUo.exe
  2⤵
  PID:5336
- C:\Windows\System\tOlkKNC.exe
  C:\Windows\System\tOlkKNC.exe
  2⤵
  PID:5228
- C:\Windows\System\SvthaTC.exe
  C:\Windows\System\SvthaTC.exe
  2⤵
  PID:5404
- C:\Windows\System\CGkCxWz.exe
  C:\Windows\System\CGkCxWz.exe
  2⤵
  PID:5496
- C:\Windows\System\soqqdfG.exe
  C:\Windows\System\soqqdfG.exe
  2⤵
  PID:5608
- C:\Windows\System\RUwpbCO.exe
  C:\Windows\System\RUwpbCO.exe
  2⤵
  PID:5716
- C:\Windows\System\Cnonxmm.exe
  C:\Windows\System\Cnonxmm.exe
  2⤵
  PID:5532
- C:\Windows\System\rjEsxBe.exe
  C:\Windows\System\rjEsxBe.exe
  2⤵
  PID:5476
- C:\Windows\System\zzrFaHA.exe
  C:\Windows\System\zzrFaHA.exe
  2⤵
  PID:5812
- C:\Windows\System\GzDxThi.exe
  C:\Windows\System\GzDxThi.exe
  2⤵
  PID:2448
- C:\Windows\System\ITdGqgf.exe
  C:\Windows\System\ITdGqgf.exe
  2⤵
  PID:5696
- C:\Windows\System\ZvqurjH.exe
  C:\Windows\System\ZvqurjH.exe
  2⤵
  PID:5676
- C:\Windows\System\ZHoyxBe.exe
  C:\Windows\System\ZHoyxBe.exe
  2⤵
  PID:1612
- C:\Windows\System\JWMFGKE.exe
  C:\Windows\System\JWMFGKE.exe
  2⤵
  PID:2220
- C:\Windows\System\ldTfOHh.exe
  C:\Windows\System\ldTfOHh.exe
  2⤵
  PID:6112
- C:\Windows\System\zcAyhRr.exe
  C:\Windows\System\zcAyhRr.exe
  2⤵
  PID:6092
- C:\Windows\System\UYGadnO.exe
  C:\Windows\System\UYGadnO.exe
  2⤵
  PID:6068
- C:\Windows\System\sZkgMYH.exe
  C:\Windows\System\sZkgMYH.exe
  2⤵
  PID:6012
- C:\Windows\System\MKiKoBE.exe
  C:\Windows\System\MKiKoBE.exe
  2⤵
  PID:5552
- C:\Windows\System\JGdqUmt.exe
  C:\Windows\System\JGdqUmt.exe
  2⤵
  PID:4660
- C:\Windows\System\greGtav.exe
  C:\Windows\System\greGtav.exe
  2⤵
  PID:6096
- C:\Windows\System\AKKfvxW.exe
  C:\Windows\System\AKKfvxW.exe
  2⤵
  PID:1228
- C:\Windows\System\umKPAsG.exe
  C:\Windows\System\umKPAsG.exe
  2⤵
  PID:4188
- C:\Windows\System\RkInFvC.exe
  C:\Windows\System\RkInFvC.exe
  2⤵
  PID:5104
- C:\Windows\System\AWXHLgT.exe
  C:\Windows\System\AWXHLgT.exe
  2⤵
  PID:4340
- C:\Windows\System\MEfhvaz.exe
  C:\Windows\System\MEfhvaz.exe
  2⤵
  PID:5356
- C:\Windows\System\lPZFjEU.exe
  C:\Windows\System\lPZFjEU.exe
  2⤵
  PID:5424
- C:\Windows\System\YqcGzOZ.exe
  C:\Windows\System\YqcGzOZ.exe
  2⤵
  PID:5492
- C:\Windows\System\eViDwHT.exe
  C:\Windows\System\eViDwHT.exe
  2⤵
  PID:5416
- C:\Windows\System\UOSKtvx.exe
  C:\Windows\System\UOSKtvx.exe
  2⤵
  PID:5632
- C:\Windows\System\rpziuGL.exe
  C:\Windows\System\rpziuGL.exe
  2⤵
  PID:5896
- C:\Windows\System\zfMvTWS.exe
  C:\Windows\System\zfMvTWS.exe
  2⤵
  PID:2256
- C:\Windows\System\fMnlFCV.exe
  C:\Windows\System\fMnlFCV.exe
  2⤵
  PID:5820
- C:\Windows\System\NeSAgqs.exe
  C:\Windows\System\NeSAgqs.exe
  2⤵
  PID:5892
- C:\Windows\System\ohoKHWS.exe
  C:\Windows\System\ohoKHWS.exe
  2⤵
  PID:5996
- C:\Windows\System\WbZwIqt.exe
  C:\Windows\System\WbZwIqt.exe
  2⤵
  PID:2368
- C:\Windows\System\apXjCab.exe
  C:\Windows\System\apXjCab.exe
  2⤵
  PID:2476
- C:\Windows\System\HMBnOci.exe
  C:\Windows\System\HMBnOci.exe
  2⤵
  PID:2184
- C:\Windows\System\wBhCBDb.exe
  C:\Windows\System\wBhCBDb.exe
  2⤵
  PID:5164
- C:\Windows\System\jhKNMyx.exe
  C:\Windows\System\jhKNMyx.exe
  2⤵
  PID:1628
- C:\Windows\System\klOIUdh.exe
  C:\Windows\System\klOIUdh.exe
  2⤵
  PID:5616
- C:\Windows\System\hniGVJp.exe
  C:\Windows\System\hniGVJp.exe
  2⤵
  PID:3048
- C:\Windows\System\xueSyqf.exe
  C:\Windows\System\xueSyqf.exe
  2⤵
  PID:5568
- C:\Windows\System\KiDXvia.exe
  C:\Windows\System\KiDXvia.exe
  2⤵
  PID:5788
- C:\Windows\System\MzjzsqQ.exe
  C:\Windows\System\MzjzsqQ.exe
  2⤵
  PID:2964
- C:\Windows\System\ZExArjk.exe
  C:\Windows\System\ZExArjk.exe
  2⤵
  PID:6164
- C:\Windows\System\wVhNeKN.exe
  C:\Windows\System\wVhNeKN.exe
  2⤵
  PID:6184
- C:\Windows\System\wXQfudO.exe
  C:\Windows\System\wXQfudO.exe
  2⤵
  PID:6208
- C:\Windows\System\CKmaFuo.exe
  C:\Windows\System\CKmaFuo.exe
  2⤵
  PID:6228
- C:\Windows\System\eBjKVrV.exe
  C:\Windows\System\eBjKVrV.exe
  2⤵
  PID:6248
- C:\Windows\System\xXeDtKe.exe
  C:\Windows\System\xXeDtKe.exe
  2⤵
  PID:6268
- C:\Windows\System\XgxlxRN.exe
  C:\Windows\System\XgxlxRN.exe
  2⤵
  PID:6288
- C:\Windows\System\cZveKoK.exe
  C:\Windows\System\cZveKoK.exe
  2⤵
  PID:6308
- C:\Windows\System\JenlwGy.exe
  C:\Windows\System\JenlwGy.exe
  2⤵
  PID:6328
- C:\Windows\System\xThnaKd.exe
  C:\Windows\System\xThnaKd.exe
  2⤵
  PID:6348
- C:\Windows\System\BjNfrKh.exe
  C:\Windows\System\BjNfrKh.exe
  2⤵
  PID:6368
- C:\Windows\System\ByfhNSH.exe
  C:\Windows\System\ByfhNSH.exe
  2⤵
  PID:6388
- C:\Windows\System\OyoykmJ.exe
  C:\Windows\System\OyoykmJ.exe
  2⤵
  PID:6408
- C:\Windows\System\jUBYgCa.exe
  C:\Windows\System\jUBYgCa.exe
  2⤵
  PID:6428
- C:\Windows\System\gCYVUZV.exe
  C:\Windows\System\gCYVUZV.exe
  2⤵
  PID:6448
- C:\Windows\System\VwVkeMX.exe
  C:\Windows\System\VwVkeMX.exe
  2⤵
  PID:6468
- C:\Windows\System\WJhhimU.exe
  C:\Windows\System\WJhhimU.exe
  2⤵
  PID:6488
- C:\Windows\System\DgApGJo.exe
  C:\Windows\System\DgApGJo.exe
  2⤵
  PID:6508
- C:\Windows\System\tWoyJtj.exe
  C:\Windows\System\tWoyJtj.exe
  2⤵
  PID:6528
- C:\Windows\System\vgSjyEk.exe
  C:\Windows\System\vgSjyEk.exe
  2⤵
  PID:6548
- C:\Windows\System\HmtaUfr.exe
  C:\Windows\System\HmtaUfr.exe
  2⤵
  PID:6568
- C:\Windows\System\LjmRFhP.exe
  C:\Windows\System\LjmRFhP.exe
  2⤵
  PID:6584
- C:\Windows\System\uAfbFbp.exe
  C:\Windows\System\uAfbFbp.exe
  2⤵
  PID:6608
- C:\Windows\System\mOXsrkW.exe
  C:\Windows\System\mOXsrkW.exe
  2⤵
  PID:6628
- C:\Windows\System\QGXnSQU.exe
  C:\Windows\System\QGXnSQU.exe
  2⤵
  PID:6648
- C:\Windows\System\GdWYVeS.exe
  C:\Windows\System\GdWYVeS.exe
  2⤵
  PID:6668
- C:\Windows\System\FnZbBiD.exe
  C:\Windows\System\FnZbBiD.exe
  2⤵
  PID:6688
- C:\Windows\System\ZWDLpWa.exe
  C:\Windows\System\ZWDLpWa.exe
  2⤵
  PID:6704
- C:\Windows\System\rXyFuqN.exe
  C:\Windows\System\rXyFuqN.exe
  2⤵
  PID:6728
- C:\Windows\System\ULYVblt.exe
  C:\Windows\System\ULYVblt.exe
  2⤵
  PID:6748
- C:\Windows\System\SuZXQHG.exe
  C:\Windows\System\SuZXQHG.exe
  2⤵
  PID:6768
- C:\Windows\System\fOaCRpc.exe
  C:\Windows\System\fOaCRpc.exe
  2⤵
  PID:6788
- C:\Windows\System\FMwKmXE.exe
  C:\Windows\System\FMwKmXE.exe
  2⤵
  PID:6808
- C:\Windows\System\SYkjzHE.exe
  C:\Windows\System\SYkjzHE.exe
  2⤵
  PID:6828
- C:\Windows\System\qczzoFQ.exe
  C:\Windows\System\qczzoFQ.exe
  2⤵
  PID:6848
- C:\Windows\System\fKvBCfG.exe
  C:\Windows\System\fKvBCfG.exe
  2⤵
  PID:6868
- C:\Windows\System\CCOoUUB.exe
  C:\Windows\System\CCOoUUB.exe
  2⤵
  PID:6888
- C:\Windows\System\rXzEIhw.exe
  C:\Windows\System\rXzEIhw.exe
  2⤵
  PID:6908
- C:\Windows\System\wGJvWaf.exe
  C:\Windows\System\wGJvWaf.exe
  2⤵
  PID:6928
- C:\Windows\System\rfqrBWR.exe
  C:\Windows\System\rfqrBWR.exe
  2⤵
  PID:6948
- C:\Windows\System\ieqUoiI.exe
  C:\Windows\System\ieqUoiI.exe
  2⤵
  PID:6968
- C:\Windows\System\XPtkVXQ.exe
  C:\Windows\System\XPtkVXQ.exe
  2⤵
  PID:6988
- C:\Windows\System\pXFKkve.exe
  C:\Windows\System\pXFKkve.exe
  2⤵
  PID:7008
- C:\Windows\System\dMANceq.exe
  C:\Windows\System\dMANceq.exe
  2⤵
  PID:7028
- C:\Windows\System\WSmXqVW.exe
  C:\Windows\System\WSmXqVW.exe
  2⤵
  PID:7048
- C:\Windows\System\hdSYDLG.exe
  C:\Windows\System\hdSYDLG.exe
  2⤵
  PID:7068
- C:\Windows\System\UeYFUQr.exe
  C:\Windows\System\UeYFUQr.exe
  2⤵
  PID:7084
- C:\Windows\System\wxutelu.exe
  C:\Windows\System\wxutelu.exe
  2⤵
  PID:7108
- C:\Windows\System\gfwbrHZ.exe
  C:\Windows\System\gfwbrHZ.exe
  2⤵
  PID:7128
- C:\Windows\System\mUwicGh.exe
  C:\Windows\System\mUwicGh.exe
  2⤵
  PID:7148
- C:\Windows\System\rViLWAF.exe
  C:\Windows\System\rViLWAF.exe
  2⤵
  PID:7164
- C:\Windows\System\hkofGrM.exe
  C:\Windows\System\hkofGrM.exe
  2⤵
  PID:5760
- C:\Windows\System\kVExMZd.exe
  C:\Windows\System\kVExMZd.exe
  2⤵
  PID:6008
- C:\Windows\System\vJjFNBL.exe
  C:\Windows\System\vJjFNBL.exe
  2⤵
  PID:4820
- C:\Windows\System\PftHySp.exe
  C:\Windows\System\PftHySp.exe
  2⤵
  PID:2720
- C:\Windows\System\EVsQAFc.exe
  C:\Windows\System\EVsQAFc.exe
  2⤵
  PID:4004
- C:\Windows\System\fAVWyeC.exe
  C:\Windows\System\fAVWyeC.exe
  2⤵
  PID:872
- C:\Windows\System\JaGFVrC.exe
  C:\Windows\System\JaGFVrC.exe
  2⤵
  PID:5992
- C:\Windows\System\vgBWWTG.exe
  C:\Windows\System\vgBWWTG.exe
  2⤵
  PID:6152
- C:\Windows\System\iHDHNnN.exe
  C:\Windows\System\iHDHNnN.exe
  2⤵
  PID:6180
- C:\Windows\System\NodRtcp.exe
  C:\Windows\System\NodRtcp.exe
  2⤵
  PID:6196
- C:\Windows\System\CcOyxWn.exe
  C:\Windows\System\CcOyxWn.exe
  2⤵
  PID:6240
- C:\Windows\System\ilxPfby.exe
  C:\Windows\System\ilxPfby.exe
  2⤵
  PID:6260
- C:\Windows\System\QuvAzqF.exe
  C:\Windows\System\QuvAzqF.exe
  2⤵
  PID:6320
- C:\Windows\System\ICIHmRc.exe
  C:\Windows\System\ICIHmRc.exe
  2⤵
  PID:6356
- C:\Windows\System\teGhvgh.exe
  C:\Windows\System\teGhvgh.exe
  2⤵
  PID:6404
- C:\Windows\System\rRbXSIs.exe
  C:\Windows\System\rRbXSIs.exe
  2⤵
  PID:6380
- C:\Windows\System\kZRolDB.exe
  C:\Windows\System\kZRolDB.exe
  2⤵
  PID:6420
- C:\Windows\System\ulXozXy.exe
  C:\Windows\System\ulXozXy.exe
  2⤵
  PID:2880
- C:\Windows\System\HxSVgXL.exe
  C:\Windows\System\HxSVgXL.exe
  2⤵
  PID:6496
- C:\Windows\System\nWPjxAB.exe
  C:\Windows\System\nWPjxAB.exe
  2⤵
  PID:6524
- C:\Windows\System\TSHbHFp.exe
  C:\Windows\System\TSHbHFp.exe
  2⤵
  PID:6560
- C:\Windows\System\PowDOaK.exe
  C:\Windows\System\PowDOaK.exe
  2⤵
  PID:6600
- C:\Windows\System\gCWiJxr.exe
  C:\Windows\System\gCWiJxr.exe
  2⤵
  PID:6636
- C:\Windows\System\uBMghXh.exe
  C:\Windows\System\uBMghXh.exe
  2⤵
  PID:6640
- C:\Windows\System\LGCMwPn.exe
  C:\Windows\System\LGCMwPn.exe
  2⤵
  PID:6684
- C:\Windows\System\PBvcPDm.exe
  C:\Windows\System\PBvcPDm.exe
  2⤵
  PID:6724
- C:\Windows\System\TlfMhEX.exe
  C:\Windows\System\TlfMhEX.exe
  2⤵
  PID:6764
- C:\Windows\System\JOjLdwf.exe
  C:\Windows\System\JOjLdwf.exe
  2⤵
  PID:6796
- C:\Windows\System\BnTncmE.exe
  C:\Windows\System\BnTncmE.exe
  2⤵
  PID:6836
- C:\Windows\System\NmCdAoB.exe
  C:\Windows\System\NmCdAoB.exe
  2⤵
  PID:6816
- C:\Windows\System\JxCNAMH.exe
  C:\Windows\System\JxCNAMH.exe
  2⤵
  PID:6856
- C:\Windows\System\dtiZlBT.exe
  C:\Windows\System\dtiZlBT.exe
  2⤵
  PID:6896
- C:\Windows\System\UPWkqbn.exe
  C:\Windows\System\UPWkqbn.exe
  2⤵
  PID:6956
- C:\Windows\System\oZxEqqW.exe
  C:\Windows\System\oZxEqqW.exe
  2⤵
  PID:6996
- C:\Windows\System\lrQzqCx.exe
  C:\Windows\System\lrQzqCx.exe
  2⤵
  PID:6980
- C:\Windows\System\PCZeFez.exe
  C:\Windows\System\PCZeFez.exe
  2⤵
  PID:7080
- C:\Windows\System\cqNlpuU.exe
  C:\Windows\System\cqNlpuU.exe
  2⤵
  PID:7096
- C:\Windows\System\ccATUte.exe
  C:\Windows\System\ccATUte.exe
  2⤵
  PID:5872
- C:\Windows\System\dlxJzbY.exe
  C:\Windows\System\dlxJzbY.exe
  2⤵
  PID:4804
- C:\Windows\System\jNiGJUD.exe
  C:\Windows\System\jNiGJUD.exe
  2⤵
  PID:6016
- C:\Windows\System\IDhYgIJ.exe
  C:\Windows\System\IDhYgIJ.exe
  2⤵
  PID:5808
- C:\Windows\System\PauzSTB.exe
  C:\Windows\System\PauzSTB.exe
  2⤵
  PID:2668
- C:\Windows\System\qPFmYwT.exe
  C:\Windows\System\qPFmYwT.exe
  2⤵
  PID:6276
- C:\Windows\System\BWbacGt.exe
  C:\Windows\System\BWbacGt.exe
  2⤵
  PID:6336
- C:\Windows\System\JMcRfOw.exe
  C:\Windows\System\JMcRfOw.exe
  2⤵
  PID:1808
- C:\Windows\System\rGtUMGw.exe
  C:\Windows\System\rGtUMGw.exe
  2⤵
  PID:5944
- C:\Windows\System\pmYeQEV.exe
  C:\Windows\System\pmYeQEV.exe
  2⤵
  PID:5556
- C:\Windows\System\NvDfVdj.exe
  C:\Windows\System\NvDfVdj.exe
  2⤵
  PID:6644
- C:\Windows\System\gJmvqVX.exe
  C:\Windows\System\gJmvqVX.exe
  2⤵
  PID:2860
- C:\Windows\System\fZgslwF.exe
  C:\Windows\System\fZgslwF.exe
  2⤵
  PID:6220
- C:\Windows\System\LceNWHt.exe
  C:\Windows\System\LceNWHt.exe
  2⤵
  PID:6304
- C:\Windows\System\xXgRAAd.exe
  C:\Windows\System\xXgRAAd.exe
  2⤵
  PID:2924
- C:\Windows\System\SReULyx.exe
  C:\Windows\System\SReULyx.exe
  2⤵
  PID:1084
- C:\Windows\System\ZGhXLFy.exe
  C:\Windows\System\ZGhXLFy.exe
  2⤵
  PID:6340
- C:\Windows\System\AWYobXN.exe
  C:\Windows\System\AWYobXN.exe
  2⤵
  PID:6960
- C:\Windows\System\gULJRkl.exe
  C:\Windows\System\gULJRkl.exe
  2⤵
  PID:6416
- C:\Windows\System\XqbVRyk.exe
  C:\Windows\System\XqbVRyk.exe
  2⤵
  PID:6536
- C:\Windows\System\yTBUVpB.exe
  C:\Windows\System\yTBUVpB.exe
  2⤵
  PID:6616
- C:\Windows\System\OUpMNlw.exe
  C:\Windows\System\OUpMNlw.exe
  2⤵
  PID:7040
- C:\Windows\System\UfGfpFJ.exe
  C:\Windows\System\UfGfpFJ.exe
  2⤵
  PID:7060
- C:\Windows\System\lMWemHq.exe
  C:\Windows\System\lMWemHq.exe
  2⤵
  PID:6884
- C:\Windows\System\mJkhgNG.exe
  C:\Windows\System\mJkhgNG.exe
  2⤵
  PID:7140
- C:\Windows\System\JeaXHHW.exe
  C:\Windows\System\JeaXHHW.exe
  2⤵
  PID:6940
- C:\Windows\System\aapxuPl.exe
  C:\Windows\System\aapxuPl.exe
  2⤵
  PID:6824
- C:\Windows\System\kAvSvzI.exe
  C:\Windows\System\kAvSvzI.exe
  2⤵
  PID:2616
- C:\Windows\System\fnfwBQr.exe
  C:\Windows\System\fnfwBQr.exe
  2⤵
  PID:6264
- C:\Windows\System\HJBqbPp.exe
  C:\Windows\System\HJBqbPp.exe
  2⤵
  PID:4852
- C:\Windows\System\NwPqPpp.exe
  C:\Windows\System\NwPqPpp.exe
  2⤵
  PID:6740
- C:\Windows\System\VDJerxz.exe
  C:\Windows\System\VDJerxz.exe
  2⤵
  PID:7056
- C:\Windows\System\rNnKuqy.exe
  C:\Windows\System\rNnKuqy.exe
  2⤵
  PID:7104
- C:\Windows\System\KejrtAb.exe
  C:\Windows\System\KejrtAb.exe
  2⤵
  PID:6396
- C:\Windows\System\GONyJBU.exe
  C:\Windows\System\GONyJBU.exe
  2⤵
  PID:6192
- C:\Windows\System\ZSlANYl.exe
  C:\Windows\System\ZSlANYl.exe
  2⤵
  PID:6500
- C:\Windows\System\gAlvase.exe
  C:\Windows\System\gAlvase.exe
  2⤵
  PID:6316
- C:\Windows\System\QjNQIMf.exe
  C:\Windows\System\QjNQIMf.exe
  2⤵
  PID:6580
- C:\Windows\System\bZVhCQV.exe
  C:\Windows\System\bZVhCQV.exe
  2⤵
  PID:6760
- C:\Windows\System\ebLlDAl.exe
  C:\Windows\System\ebLlDAl.exe
  2⤵
  PID:6676
- C:\Windows\System\YIYoYds.exe
  C:\Windows\System\YIYoYds.exe
  2⤵
  PID:2888
- C:\Windows\System\IujcdHT.exe
  C:\Windows\System\IujcdHT.exe
  2⤵
  PID:6480
- C:\Windows\System\VxHnkSx.exe
  C:\Windows\System\VxHnkSx.exe
  2⤵
  PID:6460
- C:\Windows\System\AMLYIyZ.exe
  C:\Windows\System\AMLYIyZ.exe
  2⤵
  PID:6984
- C:\Windows\System\wEgSmLJ.exe
  C:\Windows\System\wEgSmLJ.exe
  2⤵
  PID:2432
- C:\Windows\System\xaEYKCg.exe
  C:\Windows\System\xaEYKCg.exe
  2⤵
  PID:6660
- C:\Windows\System\wBiSkxF.exe
  C:\Windows\System\wBiSkxF.exe
  2⤵
  PID:6780
- C:\Windows\System\tiYvuLJ.exe
  C:\Windows\System\tiYvuLJ.exe
  2⤵
  PID:6700
- C:\Windows\System\bXgzbhG.exe
  C:\Windows\System\bXgzbhG.exe
  2⤵
  PID:6720
- C:\Windows\System\XwbACVy.exe
  C:\Windows\System\XwbACVy.exe
  2⤵
  PID:6664
- C:\Windows\System\zVUoQkm.exe
  C:\Windows\System\zVUoQkm.exe
  2⤵
  PID:7024
- C:\Windows\System\eIGcuDY.exe
  C:\Windows\System\eIGcuDY.exe
  2⤵
  PID:5360
- C:\Windows\System\fTGxjBh.exe
  C:\Windows\System\fTGxjBh.exe
  2⤵
  PID:7044
- C:\Windows\System\NOTRxhb.exe
  C:\Windows\System\NOTRxhb.exe
  2⤵
  PID:5972
- C:\Windows\System\hAYvdKa.exe
  C:\Windows\System\hAYvdKa.exe
  2⤵
  PID:1684
- C:\Windows\System\DddiusY.exe
  C:\Windows\System\DddiusY.exe
  2⤵
  PID:6804
- C:\Windows\System\NApSJvN.exe
  C:\Windows\System\NApSJvN.exe
  2⤵
  PID:7020
- C:\Windows\System\MActUnV.exe
  C:\Windows\System\MActUnV.exe
  2⤵
  PID:2608
- C:\Windows\System\oPtIRed.exe
  C:\Windows\System\oPtIRed.exe
  2⤵
  PID:6172
- C:\Windows\System\WsUuXcz.exe
  C:\Windows\System\WsUuXcz.exe
  2⤵
  PID:6376
- C:\Windows\System\pmBGmiA.exe
  C:\Windows\System\pmBGmiA.exe
  2⤵
  PID:2772
- C:\Windows\System\zIBnrxr.exe
  C:\Windows\System\zIBnrxr.exe
  2⤵
  PID:2940
- C:\Windows\System\alILoYB.exe
  C:\Windows\System\alILoYB.exe
  2⤵
  PID:6564
- C:\Windows\System\xGeHhEN.exe
  C:\Windows\System\xGeHhEN.exe
  2⤵
  PID:1784
- C:\Windows\System\VjXYZUQ.exe
  C:\Windows\System\VjXYZUQ.exe
  2⤵
  PID:2876
- C:\Windows\System\HwcRCgY.exe
  C:\Windows\System\HwcRCgY.exe
  2⤵
  PID:1932
- C:\Windows\System\faYMyuJ.exe
  C:\Windows\System\faYMyuJ.exe
  2⤵
  PID:6936
- C:\Windows\System\oglZGcz.exe
  C:\Windows\System\oglZGcz.exe
  2⤵
  PID:2812
- C:\Windows\System\ubiGIFI.exe
  C:\Windows\System\ubiGIFI.exe
  2⤵
  PID:1132
- C:\Windows\System\pABMcue.exe
  C:\Windows\System\pABMcue.exe
  2⤵
  PID:6712
- C:\Windows\System\UKqHDYR.exe
  C:\Windows\System\UKqHDYR.exe
  2⤵
  PID:1316
- C:\Windows\System\Rcekeor.exe
  C:\Windows\System\Rcekeor.exe
  2⤵
  PID:700
- C:\Windows\System\JNZnKfM.exe
  C:\Windows\System\JNZnKfM.exe
  2⤵
  PID:1520
- C:\Windows\System\wXRxzKE.exe
  C:\Windows\System\wXRxzKE.exe
  2⤵
  PID:640
- C:\Windows\System\axTefSV.exe
  C:\Windows\System\axTefSV.exe
  2⤵
  PID:3056
- C:\Windows\System\yRmhZOQ.exe
  C:\Windows\System\yRmhZOQ.exe
  2⤵
  PID:6236
- C:\Windows\System\LTmnLVP.exe
  C:\Windows\System\LTmnLVP.exe
  2⤵
  PID:6324
- C:\Windows\System\MjXfQke.exe
  C:\Windows\System\MjXfQke.exe
  2⤵
  PID:7180
- C:\Windows\System\GUhpghL.exe
  C:\Windows\System\GUhpghL.exe
  2⤵
  PID:7204
- C:\Windows\System\PfDMuWn.exe
  C:\Windows\System\PfDMuWn.exe
  2⤵
  PID:7220
- C:\Windows\System\BAhkysU.exe
  C:\Windows\System\BAhkysU.exe
  2⤵
  PID:7248
- C:\Windows\System\UbLxubn.exe
  C:\Windows\System\UbLxubn.exe
  2⤵
  PID:7264
- C:\Windows\System\qkkTrCN.exe
  C:\Windows\System\qkkTrCN.exe
  2⤵
  PID:7296
- C:\Windows\System\ryVaElW.exe
  C:\Windows\System\ryVaElW.exe
  2⤵
  PID:7312
- C:\Windows\System\uugmWJB.exe
  C:\Windows\System\uugmWJB.exe
  2⤵
  PID:7328
- C:\Windows\System\QPfWDVW.exe
  C:\Windows\System\QPfWDVW.exe
  2⤵
  PID:7348
- C:\Windows\System\GpJGhwQ.exe
  C:\Windows\System\GpJGhwQ.exe
  2⤵
  PID:7368
- C:\Windows\System\RpKXPed.exe
  C:\Windows\System\RpKXPed.exe
  2⤵
  PID:7384
- C:\Windows\System\NjetlKT.exe
  C:\Windows\System\NjetlKT.exe
  2⤵
  PID:7412
- C:\Windows\System\uOImrxE.exe
  C:\Windows\System\uOImrxE.exe
  2⤵
  PID:7428
- C:\Windows\System\NdPsTSY.exe
  C:\Windows\System\NdPsTSY.exe
  2⤵
  PID:7444
- C:\Windows\System\xUhQmmw.exe
  C:\Windows\System\xUhQmmw.exe
  2⤵
  PID:7464
- C:\Windows\System\pUdYkUk.exe
  C:\Windows\System\pUdYkUk.exe
  2⤵
  PID:7508
- C:\Windows\System\xzsFzLj.exe
  C:\Windows\System\xzsFzLj.exe
  2⤵
  PID:7524
- C:\Windows\System\YdjIfbu.exe
  C:\Windows\System\YdjIfbu.exe
  2⤵
  PID:7540
- C:\Windows\System\KLjfTaR.exe
  C:\Windows\System\KLjfTaR.exe
  2⤵
  PID:7556
- C:\Windows\System\tTbUsFO.exe
  C:\Windows\System\tTbUsFO.exe
  2⤵
  PID:7572
- C:\Windows\System\SodNueG.exe
  C:\Windows\System\SodNueG.exe
  2⤵
  PID:7588
- C:\Windows\System\YKQedjJ.exe
  C:\Windows\System\YKQedjJ.exe
  2⤵
  PID:7604
- C:\Windows\System\eKeLlMW.exe
  C:\Windows\System\eKeLlMW.exe
  2⤵
  PID:7620
- C:\Windows\System\nXNSEEm.exe
  C:\Windows\System\nXNSEEm.exe
  2⤵
  PID:7636
- C:\Windows\System\UrWTpxr.exe
  C:\Windows\System\UrWTpxr.exe
  2⤵
  PID:7656
- C:\Windows\System\duwstHk.exe
  C:\Windows\System\duwstHk.exe
  2⤵
  PID:7684
- C:\Windows\System\wrTiEOK.exe
  C:\Windows\System\wrTiEOK.exe
  2⤵
  PID:7700
- C:\Windows\System\dgjihsk.exe
  C:\Windows\System\dgjihsk.exe
  2⤵
  PID:7716
- C:\Windows\System\CgkLlzL.exe
  C:\Windows\System\CgkLlzL.exe
  2⤵
  PID:7736
- C:\Windows\System\msammSP.exe
  C:\Windows\System\msammSP.exe
  2⤵
  PID:7756
- C:\Windows\System\gcDqjxm.exe
  C:\Windows\System\gcDqjxm.exe
  2⤵
  PID:7776
- C:\Windows\System\yZEDrMy.exe
  C:\Windows\System\yZEDrMy.exe
  2⤵
  PID:7796
- C:\Windows\System\ddANTQN.exe
  C:\Windows\System\ddANTQN.exe
  2⤵
  PID:7816
- C:\Windows\System\PQgGCax.exe
  C:\Windows\System\PQgGCax.exe
  2⤵
  PID:7836
- C:\Windows\System\iscbdGI.exe
  C:\Windows\System\iscbdGI.exe
  2⤵
  PID:7852
- C:\Windows\System\QzNkUaa.exe
  C:\Windows\System\QzNkUaa.exe
  2⤵
  PID:7872
- C:\Windows\System\kFQCrKU.exe
  C:\Windows\System\kFQCrKU.exe
  2⤵
  PID:7892
- C:\Windows\System\ncbslpm.exe
  C:\Windows\System\ncbslpm.exe
  2⤵
  PID:7908
- C:\Windows\System\aBAOjtQ.exe
  C:\Windows\System\aBAOjtQ.exe
  2⤵
  PID:7924
- C:\Windows\System\rAmOhgP.exe
  C:\Windows\System\rAmOhgP.exe
  2⤵
  PID:7944
- C:\Windows\System\LgtgQxv.exe
  C:\Windows\System\LgtgQxv.exe
  2⤵
  PID:7964
- C:\Windows\System\VSDdMLg.exe
  C:\Windows\System\VSDdMLg.exe
  2⤵
  PID:7980
- C:\Windows\System\Jtcdlka.exe
  C:\Windows\System\Jtcdlka.exe
  2⤵
  PID:7996
- C:\Windows\System\iavBdSO.exe
  C:\Windows\System\iavBdSO.exe
  2⤵
  PID:8016
- C:\Windows\System\xySdITt.exe
  C:\Windows\System\xySdITt.exe
  2⤵
  PID:8036
- C:\Windows\System\eIsGnHh.exe
  C:\Windows\System\eIsGnHh.exe
  2⤵
  PID:8052
- C:\Windows\System\JhVWuYm.exe
  C:\Windows\System\JhVWuYm.exe
  2⤵
  PID:8072
- C:\Windows\System\UyenzyA.exe
  C:\Windows\System\UyenzyA.exe
  2⤵
  PID:8148
- C:\Windows\System\zRQAvra.exe
  C:\Windows\System\zRQAvra.exe
  2⤵
  PID:8164
- C:\Windows\System\ClBVWFX.exe
  C:\Windows\System\ClBVWFX.exe
  2⤵
  PID:8180
- C:\Windows\System\Fwsbufb.exe
  C:\Windows\System\Fwsbufb.exe
  2⤵
  PID:7212
- C:\Windows\System\HHAfZTy.exe
  C:\Windows\System\HHAfZTy.exe
  2⤵
  PID:7292
- C:\Windows\System\JNwtuim.exe
  C:\Windows\System\JNwtuim.exe
  2⤵
  PID:2492
- C:\Windows\System\LOJiJBB.exe
  C:\Windows\System\LOJiJBB.exe
  2⤵
  PID:1868
- C:\Windows\System\RuDdWPt.exe
  C:\Windows\System\RuDdWPt.exe
  2⤵
  PID:5588
- C:\Windows\System\EYHEzkh.exe
  C:\Windows\System\EYHEzkh.exe
  2⤵
  PID:7196
- C:\Windows\System\RavMXyA.exe
  C:\Windows\System\RavMXyA.exe
  2⤵
  PID:7452
- C:\Windows\System\czrplgo.exe
  C:\Windows\System\czrplgo.exe
  2⤵
  PID:7232
- C:\Windows\System\ZjgfJqr.exe
  C:\Windows\System\ZjgfJqr.exe
  2⤵
  PID:7280
- C:\Windows\System\JwCcjTc.exe
  C:\Windows\System\JwCcjTc.exe
  2⤵
  PID:7324
- C:\Windows\System\armgnsV.exe
  C:\Windows\System\armgnsV.exe
  2⤵
  PID:7396
- C:\Windows\System\LNipyYc.exe
  C:\Windows\System\LNipyYc.exe
  2⤵
  PID:7480
- C:\Windows\System\RNJWveM.exe
  C:\Windows\System\RNJWveM.exe
  2⤵
  PID:7500
- C:\Windows\System\KYBOaqb.exe
  C:\Windows\System\KYBOaqb.exe
  2⤵
  PID:7548
- C:\Windows\System\alSeIvQ.exe
  C:\Windows\System\alSeIvQ.exe
  2⤵
  PID:7612
- C:\Windows\System\RKcaYMe.exe
  C:\Windows\System\RKcaYMe.exe
  2⤵
  PID:7692
- C:\Windows\System\gGfImLj.exe
  C:\Windows\System\gGfImLj.exe
  2⤵
  PID:7732
- C:\Windows\System\LhQGUcC.exe
  C:\Windows\System\LhQGUcC.exe
  2⤵
  PID:7808
- C:\Windows\System\TLDwOsw.exe
  C:\Windows\System\TLDwOsw.exe
  2⤵
  PID:7888
- C:\Windows\System\gaexWso.exe
  C:\Windows\System\gaexWso.exe
  2⤵
  PID:7960
- C:\Windows\System\PCklTLt.exe
  C:\Windows\System\PCklTLt.exe
  2⤵
  PID:8028
- C:\Windows\System\dsjasOP.exe
  C:\Windows\System\dsjasOP.exe
  2⤵
  PID:7596
- C:\Windows\System\vruWcwh.exe
  C:\Windows\System\vruWcwh.exe
  2⤵
  PID:7532
- C:\Windows\System\BjHiACS.exe
  C:\Windows\System\BjHiACS.exe
  2⤵
  PID:7568
- C:\Windows\System\ElGAZdK.exe
  C:\Windows\System\ElGAZdK.exe
  2⤵
  PID:8004
- C:\Windows\System\NFHPMSc.exe
  C:\Windows\System\NFHPMSc.exe
  2⤵
  PID:7668
- C:\Windows\System\LuyyYPF.exe
  C:\Windows\System\LuyyYPF.exe
  2⤵
  PID:7712
- C:\Windows\System\GzuKhyB.exe
  C:\Windows\System\GzuKhyB.exe
  2⤵
  PID:7824
- C:\Windows\System\iWIexHv.exe
  C:\Windows\System\iWIexHv.exe
  2⤵
  PID:7868
- C:\Windows\System\mQbnjQX.exe
  C:\Windows\System\mQbnjQX.exe
  2⤵
  PID:7940
- C:\Windows\System\TpalbXu.exe
  C:\Windows\System\TpalbXu.exe
  2⤵
  PID:8012
- C:\Windows\System\UjCjLHW.exe
  C:\Windows\System\UjCjLHW.exe
  2⤵
  PID:8084
- C:\Windows\System\RfdsUXI.exe
  C:\Windows\System\RfdsUXI.exe
  2⤵
  PID:8108
- C:\Windows\System\IdyQuum.exe
  C:\Windows\System\IdyQuum.exe
  2⤵
  PID:7176
- C:\Windows\System\NZejpEn.exe
  C:\Windows\System\NZejpEn.exe
  2⤵
  PID:7228
- C:\Windows\System\llcmuzo.exe
  C:\Windows\System\llcmuzo.exe
  2⤵
  PID:7424
- C:\Windows\System\AiJvPui.exe
  C:\Windows\System\AiJvPui.exe
  2⤵
  PID:8088
- C:\Windows\System\dZujrNA.exe
  C:\Windows\System\dZujrNA.exe
  2⤵
  PID:7260
- C:\Windows\System\QvRQeps.exe
  C:\Windows\System\QvRQeps.exe
  2⤵
  PID:7364
- C:\Windows\System\AvoxGog.exe
  C:\Windows\System\AvoxGog.exe
  2⤵
  PID:7584
- C:\Windows\System\hFIKONK.exe
  C:\Windows\System\hFIKONK.exe
  2⤵
  PID:1552
- C:\Windows\System\zHoeGtU.exe
  C:\Windows\System\zHoeGtU.exe
  2⤵
  PID:6464
- C:\Windows\System\IhBpBUa.exe
  C:\Windows\System\IhBpBUa.exe
  2⤵
  PID:7880
- C:\Windows\System\qNqlmeQ.exe
  C:\Windows\System\qNqlmeQ.exe
  2⤵
  PID:7744
- C:\Windows\System\GQRxQOD.exe
  C:\Windows\System\GQRxQOD.exe
  2⤵
  PID:7904
- C:\Windows\System\bFQoYqq.exe
  C:\Windows\System\bFQoYqq.exe
  2⤵
  PID:7972
- C:\Windows\System\msuXvxq.exe
  C:\Windows\System\msuXvxq.exe
  2⤵
  PID:7476
- C:\Windows\System\utEVHIF.exe
  C:\Windows\System\utEVHIF.exe
  2⤵
  PID:7440
- C:\Windows\System\OJNXOul.exe
  C:\Windows\System\OJNXOul.exe
  2⤵
  PID:7644
- C:\Windows\System\inZPvqb.exe
  C:\Windows\System\inZPvqb.exe
  2⤵
  PID:7772
- C:\Windows\System\NZuYSDE.exe
  C:\Windows\System\NZuYSDE.exe
  2⤵
  PID:8064
- C:\Windows\System\ambUOIr.exe
  C:\Windows\System\ambUOIr.exe
  2⤵
  PID:7600
- C:\Windows\System\DMhKjyd.exe
  C:\Windows\System\DMhKjyd.exe
  2⤵
  PID:7788
- C:\Windows\System\ZXJnjXm.exe
  C:\Windows\System\ZXJnjXm.exe
  2⤵
  PID:8128
- C:\Windows\System\bCBYzzI.exe
  C:\Windows\System\bCBYzzI.exe
  2⤵
  PID:7376
- C:\Windows\System\eUwhnSn.exe
  C:\Windows\System\eUwhnSn.exe
  2⤵
  PID:7936
- C:\Windows\System\KQWTmLm.exe
  C:\Windows\System\KQWTmLm.exe
  2⤵
  PID:7516
- C:\Windows\System\tteKMLb.exe
  C:\Windows\System\tteKMLb.exe
  2⤵
  PID:7956
- C:\Windows\System\JygAqka.exe
  C:\Windows\System\JygAqka.exe
  2⤵
  PID:8136
- C:\Windows\System\vfqICpP.exe
  C:\Windows\System\vfqICpP.exe
  2⤵
  PID:7360
- C:\Windows\System\xbvAUnC.exe
  C:\Windows\System\xbvAUnC.exe
  2⤵
  PID:7436
- C:\Windows\System\nBSAozW.exe
  C:\Windows\System\nBSAozW.exe
  2⤵
  PID:7844
- C:\Windows\System\hQhnyXc.exe
  C:\Windows\System\hQhnyXc.exe
  2⤵
  PID:7288
- C:\Windows\System\eJtdzAu.exe
  C:\Windows\System\eJtdzAu.exe
  2⤵
  PID:8208
- C:\Windows\System\ccxccjY.exe
  C:\Windows\System\ccxccjY.exe
  2⤵
  PID:8224
- C:\Windows\System\bTMLUDB.exe
  C:\Windows\System\bTMLUDB.exe
  2⤵
  PID:8244
- C:\Windows\System\BdvwTUO.exe
  C:\Windows\System\BdvwTUO.exe
  2⤵
  PID:8260
- C:\Windows\System\aAPjxYz.exe
  C:\Windows\System\aAPjxYz.exe
  2⤵
  PID:8280
- C:\Windows\System\Hdbeedk.exe
  C:\Windows\System\Hdbeedk.exe
  2⤵
  PID:8296
- C:\Windows\System\NOzhCjo.exe
  C:\Windows\System\NOzhCjo.exe
  2⤵
  PID:8312
- C:\Windows\System\mJDethn.exe
  C:\Windows\System\mJDethn.exe
  2⤵
  PID:8336
- C:\Windows\System\KlXViHE.exe
  C:\Windows\System\KlXViHE.exe
  2⤵
  PID:8436
- C:\Windows\System\Xpbxqhm.exe
  C:\Windows\System\Xpbxqhm.exe
  2⤵
  PID:8452
- C:\Windows\System\RVyDDuY.exe
  C:\Windows\System\RVyDDuY.exe
  2⤵
  PID:8472
- C:\Windows\System\zpDKErI.exe
  C:\Windows\System\zpDKErI.exe
  2⤵
  PID:8488
- C:\Windows\System\DsCIaSa.exe
  C:\Windows\System\DsCIaSa.exe
  2⤵
  PID:8504
- C:\Windows\System\eaLUUAZ.exe
  C:\Windows\System\eaLUUAZ.exe
  2⤵
  PID:8520
- C:\Windows\System\wvzNGwF.exe
  C:\Windows\System\wvzNGwF.exe
  2⤵
  PID:8536
- C:\Windows\System\ZlEIQxZ.exe
  C:\Windows\System\ZlEIQxZ.exe
  2⤵
  PID:8552
- C:\Windows\System\NAlmjuc.exe
  C:\Windows\System\NAlmjuc.exe
  2⤵
  PID:8568
- C:\Windows\System\QMEbvNN.exe
  C:\Windows\System\QMEbvNN.exe
  2⤵
  PID:8584
- C:\Windows\System\OsBOdUY.exe
  C:\Windows\System\OsBOdUY.exe
  2⤵
  PID:8600
- C:\Windows\System\eeikbyb.exe
  C:\Windows\System\eeikbyb.exe
  2⤵
  PID:8616
- C:\Windows\System\ojHGOWA.exe
  C:\Windows\System\ojHGOWA.exe
  2⤵
  PID:8680
- C:\Windows\System\lOiesrU.exe
  C:\Windows\System\lOiesrU.exe
  2⤵
  PID:8696
- C:\Windows\System\rEjXvTH.exe
  C:\Windows\System\rEjXvTH.exe
  2⤵
  PID:8712
- C:\Windows\System\DMvnEyv.exe
  C:\Windows\System\DMvnEyv.exe
  2⤵
  PID:8728
- C:\Windows\System\ZSXgGnB.exe
  C:\Windows\System\ZSXgGnB.exe
  2⤵
  PID:8744
- C:\Windows\System\TXzEoBx.exe
  C:\Windows\System\TXzEoBx.exe
  2⤵
  PID:8760
- C:\Windows\System\yNhabFd.exe
  C:\Windows\System\yNhabFd.exe
  2⤵
  PID:8776
- C:\Windows\System\rrsFWiY.exe
  C:\Windows\System\rrsFWiY.exe
  2⤵
  PID:8840
- C:\Windows\System\XzlkVuN.exe
  C:\Windows\System\XzlkVuN.exe
  2⤵
  PID:8856
- C:\Windows\System\swqXTTD.exe
  C:\Windows\System\swqXTTD.exe
  2⤵
  PID:8872
- C:\Windows\System\yRKaLOM.exe
  C:\Windows\System\yRKaLOM.exe
  2⤵
  PID:8888
- C:\Windows\System\rXyOVQw.exe
  C:\Windows\System\rXyOVQw.exe
  2⤵
  PID:8904
- C:\Windows\System\VmuTJVu.exe
  C:\Windows\System\VmuTJVu.exe
  2⤵
  PID:8928
- C:\Windows\System\cpuwfJS.exe
  C:\Windows\System\cpuwfJS.exe
  2⤵
  PID:8948
- C:\Windows\System\UzSJbGC.exe
  C:\Windows\System\UzSJbGC.exe
  2⤵
  PID:8980
- C:\Windows\System\bEvwoSj.exe
  C:\Windows\System\bEvwoSj.exe
  2⤵
  PID:8996
- C:\Windows\System\hXjqIaS.exe
  C:\Windows\System\hXjqIaS.exe
  2⤵
  PID:9012
- C:\Windows\System\zbaJJfz.exe
  C:\Windows\System\zbaJJfz.exe
  2⤵
  PID:9028
- C:\Windows\System\tJGtMyY.exe
  C:\Windows\System\tJGtMyY.exe
  2⤵
  PID:9052
- C:\Windows\System\aQaPZXc.exe
  C:\Windows\System\aQaPZXc.exe
  2⤵
  PID:9084
- C:\Windows\System\sRLQLNg.exe
  C:\Windows\System\sRLQLNg.exe
  2⤵
  PID:9104
- C:\Windows\System\OKITpYP.exe
  C:\Windows\System\OKITpYP.exe
  2⤵
  PID:9124
- C:\Windows\System\XsTkRRc.exe
  C:\Windows\System\XsTkRRc.exe
  2⤵
  PID:9140
- C:\Windows\System\ZwOTWFW.exe
  C:\Windows\System\ZwOTWFW.exe
  2⤵
  PID:9156
- C:\Windows\System\aeCwOCa.exe
  C:\Windows\System\aeCwOCa.exe
  2⤵
  PID:9172
- C:\Windows\System\BFleRBk.exe
  C:\Windows\System\BFleRBk.exe
  2⤵
  PID:9188
- C:\Windows\System\jvpdjwf.exe
  C:\Windows\System\jvpdjwf.exe
  2⤵
  PID:9204
- C:\Windows\System\EYDnvos.exe
  C:\Windows\System\EYDnvos.exe
  2⤵
  PID:8220
- C:\Windows\System\jVCFYWa.exe
  C:\Windows\System\jVCFYWa.exe
  2⤵
  PID:8324
- C:\Windows\System\JVFucGR.exe
  C:\Windows\System\JVFucGR.exe
  2⤵
  PID:7496
- C:\Windows\System\VwXESJD.exe
  C:\Windows\System\VwXESJD.exe
  2⤵
  PID:8196
- C:\Windows\System\RjDtGpK.exe
  C:\Windows\System\RjDtGpK.exe
  2⤵
  PID:7728
- C:\Windows\System\QizXQXP.exe
  C:\Windows\System\QizXQXP.exe
  2⤵
  PID:8188
- C:\Windows\System\hKIXWay.exe
  C:\Windows\System\hKIXWay.exe
  2⤵
  PID:8272
- C:\Windows\System\LAQLXGf.exe
  C:\Windows\System\LAQLXGf.exe
  2⤵
  PID:8356
- C:\Windows\System\kxkWgsQ.exe
  C:\Windows\System\kxkWgsQ.exe
  2⤵
  PID:7932
- C:\Windows\System\VXfeccS.exe
  C:\Windows\System\VXfeccS.exe
  2⤵
  PID:7752
- C:\Windows\System\uChBsYE.exe
  C:\Windows\System\uChBsYE.exe
  2⤵
  PID:8240
- C:\Windows\System\gdbIOfk.exe
  C:\Windows\System\gdbIOfk.exe
  2⤵
  PID:8360
- C:\Windows\System\RdazRRO.exe
  C:\Windows\System\RdazRRO.exe
  2⤵
  PID:8380
- C:\Windows\System\PFBNisr.exe
  C:\Windows\System\PFBNisr.exe
  2⤵
  PID:8444
- C:\Windows\System\eZobugy.exe
  C:\Windows\System\eZobugy.exe
  2⤵
  PID:8412
- C:\Windows\System\pybwbQW.exe
  C:\Windows\System\pybwbQW.exe
  2⤵
  PID:8428
- C:\Windows\System\XPEbMyq.exe
  C:\Windows\System\XPEbMyq.exe
  2⤵
  PID:8484
- C:\Windows\System\gizibyw.exe
  C:\Windows\System\gizibyw.exe
  2⤵
  PID:8576
- C:\Windows\System\yszwbbP.exe
  C:\Windows\System\yszwbbP.exe
  2⤵
  PID:8496
- C:\Windows\System\volpufD.exe
  C:\Windows\System\volpufD.exe
  2⤵
  PID:8528
- C:\Windows\System\hgyXVPV.exe
  C:\Windows\System\hgyXVPV.exe
  2⤵
  PID:8592
- C:\Windows\System\jtJphZf.exe
  C:\Windows\System\jtJphZf.exe
  2⤵
  PID:8632
- C:\Windows\System\LIldVpD.exe
  C:\Windows\System\LIldVpD.exe
  2⤵
  PID:8648
- C:\Windows\System\WcninjF.exe
  C:\Windows\System\WcninjF.exe
  2⤵
  PID:8668
- C:\Windows\System\gkpOOzx.exe
  C:\Windows\System\gkpOOzx.exe
  2⤵
  PID:8720
- C:\Windows\System\BHlGaBA.exe
  C:\Windows\System\BHlGaBA.exe
  2⤵
  PID:8736
- C:\Windows\System\BVprMlq.exe
  C:\Windows\System\BVprMlq.exe
  2⤵
  PID:8796
- C:\Windows\System\LmUkOwE.exe
  C:\Windows\System\LmUkOwE.exe
  2⤵
  PID:8812
- C:\Windows\System\wGlEiSu.exe
  C:\Windows\System\wGlEiSu.exe
  2⤵
  PID:8832
- C:\Windows\System\OSKvPBG.exe
  C:\Windows\System\OSKvPBG.exe
  2⤵
  PID:8884
- C:\Windows\System\nfWEodW.exe
  C:\Windows\System\nfWEodW.exe
  2⤵
  PID:8868
- C:\Windows\System\eNKMrbq.exe
  C:\Windows\System\eNKMrbq.exe
  2⤵
  PID:8960
- C:\Windows\System\ONPmvOy.exe
  C:\Windows\System\ONPmvOy.exe
  2⤵
  PID:8976
- C:\Windows\System\SnUTJPD.exe
  C:\Windows\System\SnUTJPD.exe
  2⤵
  PID:9036
- C:\Windows\System\PBtmisV.exe
  C:\Windows\System\PBtmisV.exe
  2⤵
  PID:9048
- C:\Windows\System\FrMLtGr.exe
  C:\Windows\System\FrMLtGr.exe
  2⤵
  PID:9072
- C:\Windows\System\jDtbSMw.exe
  C:\Windows\System\jDtbSMw.exe
  2⤵
  PID:9092
- C:\Windows\System\YCBvjVP.exe
  C:\Windows\System\YCBvjVP.exe
  2⤵
  PID:9120
- C:\Windows\System\TceAZui.exe
  C:\Windows\System\TceAZui.exe
  2⤵
  PID:9164
- C:\Windows\System\YrObfpG.exe
  C:\Windows\System\YrObfpG.exe
  2⤵
  PID:9212
- C:\Windows\System\stvyrqu.exe
  C:\Windows\System\stvyrqu.exe
  2⤵
  PID:2604
- C:\Windows\System\mtKcbyw.exe
  C:\Windows\System\mtKcbyw.exe
  2⤵
  PID:7680
- C:\Windows\System\AsLrUWn.exe
  C:\Windows\System\AsLrUWn.exe
  2⤵
  PID:7652
- C:\Windows\System\YlabVWm.exe
  C:\Windows\System\YlabVWm.exe
  2⤵
  PID:7420
- C:\Windows\System\yUqkBJN.exe
  C:\Windows\System\yUqkBJN.exe
  2⤵
  PID:7492
- C:\Windows\System\niUZdfe.exe
  C:\Windows\System\niUZdfe.exe
  2⤵
  PID:8480
- C:\Windows\System\MKihAVX.exe
  C:\Windows\System\MKihAVX.exe
  2⤵
  PID:8468
- C:\Windows\System\yGpchXD.exe
  C:\Windows\System\yGpchXD.exe
  2⤵
  PID:8644
- C:\Windows\System\sCIOHZW.exe
  C:\Windows\System\sCIOHZW.exe
  2⤵
  PID:7272
- C:\Windows\System\nttavbH.exe
  C:\Windows\System\nttavbH.exe
  2⤵
  PID:8596
- C:\Windows\System\VdgMPYS.exe
  C:\Windows\System\VdgMPYS.exe
  2⤵
  PID:8544
- C:\Windows\System\lrhwXlr.exe
  C:\Windows\System\lrhwXlr.exe
  2⤵
  PID:8500
- C:\Windows\System\cqJJpqE.exe
  C:\Windows\System\cqJJpqE.exe
  2⤵
  PID:8660
- C:\Windows\System\xTHNQfh.exe
  C:\Windows\System\xTHNQfh.exe
  2⤵
  PID:8664
- C:\Windows\System\fsqpJHE.exe
  C:\Windows\System\fsqpJHE.exe
  2⤵
  PID:8804
- C:\Windows\System\BTbeRBC.exe
  C:\Windows\System\BTbeRBC.exe
  2⤵
  PID:8896
- C:\Windows\System\EZtrIUh.exe
  C:\Windows\System\EZtrIUh.exe
  2⤵
  PID:8848
- C:\Windows\System\xAQQjPc.exe
  C:\Windows\System\xAQQjPc.exe
  2⤵
  PID:8940
- C:\Windows\System\xSJWmIz.exe
  C:\Windows\System\xSJWmIz.exe
  2⤵
  PID:9040
- C:\Windows\System\XVAvIEI.exe
  C:\Windows\System\XVAvIEI.exe
  2⤵
  PID:9080
- C:\Windows\System\kKDpdKU.exe
  C:\Windows\System\kKDpdKU.exe
  2⤵
  PID:8992
- C:\Windows\System\UsGKUff.exe
  C:\Windows\System\UsGKUff.exe
  2⤵
  PID:8256
- C:\Windows\System\lvchZXx.exe
  C:\Windows\System\lvchZXx.exe
  2⤵
  PID:9004
- C:\Windows\System\iJqJTrb.exe
  C:\Windows\System\iJqJTrb.exe
  2⤵
  PID:9020
- C:\Windows\System\HctVJKh.exe
  C:\Windows\System\HctVJKh.exe
  2⤵
  PID:9116
- C:\Windows\System\ALjPDaX.exe
  C:\Windows\System\ALjPDaX.exe
  2⤵
  PID:8232
- C:\Windows\System\YzSlGri.exe
  C:\Windows\System\YzSlGri.exe
  2⤵
  PID:7404
- C:\Windows\System\exDmvKs.exe
  C:\Windows\System\exDmvKs.exe
  2⤵
  PID:8200
- C:\Windows\System\wPJGTrS.exe
  C:\Windows\System\wPJGTrS.exe
  2⤵
  PID:7860
- C:\Windows\System\NJiGUuV.exe
  C:\Windows\System\NJiGUuV.exe
  2⤵
  PID:8404
- C:\Windows\System\AKImJYe.exe
  C:\Windows\System\AKImJYe.exe
  2⤵
  PID:8608
- C:\Windows\System\EBIHYTr.exe
  C:\Windows\System\EBIHYTr.exe
  2⤵
  PID:8304
- C:\Windows\System\eRludUt.exe
  C:\Windows\System\eRludUt.exe
  2⤵
  PID:8756
- C:\Windows\System\UPgsVJh.exe
  C:\Windows\System\UPgsVJh.exe
  2⤵
  PID:8516
- C:\Windows\System\ZmrDmJR.exe
  C:\Windows\System\ZmrDmJR.exe
  2⤵
  PID:8708
- C:\Windows\System\RpjnnVO.exe
  C:\Windows\System\RpjnnVO.exe
  2⤵
  PID:8964
- C:\Windows\System\PnwKxPo.exe
  C:\Windows\System\PnwKxPo.exe
  2⤵
  PID:9148
- C:\Windows\System\OhJLXDl.exe
  C:\Windows\System\OhJLXDl.exe
  2⤵
  PID:8176
- C:\Windows\System\wAXgWQL.exe
  C:\Windows\System\wAXgWQL.exe
  2⤵
  PID:8104
- C:\Windows\System\ROcQIHk.exe
  C:\Windows\System\ROcQIHk.exe
  2⤵
  PID:8704
- C:\Windows\System\WmtdVIJ.exe
  C:\Windows\System\WmtdVIJ.exe
  2⤵
  PID:8628
- C:\Windows\System\XQmxeLz.exe
  C:\Windows\System\XQmxeLz.exe
  2⤵
  PID:8640
- C:\Windows\System\ndtMzYD.exe
  C:\Windows\System\ndtMzYD.exe
  2⤵
  PID:7768
- C:\Windows\System\xeBlcZe.exe
  C:\Windows\System\xeBlcZe.exe
  2⤵
  PID:8420
- C:\Windows\System\YhmWort.exe
  C:\Windows\System\YhmWort.exe
  2⤵
  PID:7256
- C:\Windows\System\URvyTdu.exe
  C:\Windows\System\URvyTdu.exe
  2⤵
  PID:8120
- C:\Windows\System\jzRtooi.exe
  C:\Windows\System\jzRtooi.exe
  2⤵
  PID:8920
- C:\Windows\System\pAkbBrg.exe
  C:\Windows\System\pAkbBrg.exe
  2⤵
  PID:8692
- C:\Windows\System\DIRzHPg.exe
  C:\Windows\System\DIRzHPg.exe
  2⤵
  PID:9068
- C:\Windows\System\RCUVCpY.exe
  C:\Windows\System\RCUVCpY.exe
  2⤵
  PID:8124
- C:\Windows\System\uYsojBl.exe
  C:\Windows\System\uYsojBl.exe
  2⤵
  PID:8024
- C:\Windows\System\SfEiMsA.exe
  C:\Windows\System\SfEiMsA.exe
  2⤵
  PID:9220
- C:\Windows\System\jdaVVCq.exe
  C:\Windows\System\jdaVVCq.exe
  2⤵
  PID:9236
- C:\Windows\System\oOihVZM.exe
  C:\Windows\System\oOihVZM.exe
  2⤵
  PID:9252
- C:\Windows\System\VtjxDAk.exe
  C:\Windows\System\VtjxDAk.exe
  2⤵
  PID:9268
- C:\Windows\System\vOtiuWp.exe
  C:\Windows\System\vOtiuWp.exe
  2⤵
  PID:9284
- C:\Windows\System\btFjBlQ.exe
  C:\Windows\System\btFjBlQ.exe
  2⤵
  PID:9300
- C:\Windows\System\VfmhuKF.exe
  C:\Windows\System\VfmhuKF.exe
  2⤵
  PID:9316
- C:\Windows\System\MtKxNrT.exe
  C:\Windows\System\MtKxNrT.exe
  2⤵
  PID:9336
- C:\Windows\System\SPJWMSR.exe
  C:\Windows\System\SPJWMSR.exe
  2⤵
  PID:9356
- C:\Windows\System\oPBZZDH.exe
  C:\Windows\System\oPBZZDH.exe
  2⤵
  PID:9388
- C:\Windows\System\nRHUVxk.exe
  C:\Windows\System\nRHUVxk.exe
  2⤵
  PID:9408
- C:\Windows\System\zOsIpcZ.exe
  C:\Windows\System\zOsIpcZ.exe
  2⤵
  PID:9424
- C:\Windows\System\ZtaDknD.exe
  C:\Windows\System\ZtaDknD.exe
  2⤵
  PID:9440
- C:\Windows\System\TbBOhtl.exe
  C:\Windows\System\TbBOhtl.exe
  2⤵
  PID:9460
- C:\Windows\System\olmiTkr.exe
  C:\Windows\System\olmiTkr.exe
  2⤵
  PID:9484
- C:\Windows\System\xAYLSQa.exe
  C:\Windows\System\xAYLSQa.exe
  2⤵
  PID:9500
- C:\Windows\System\jtAluqz.exe
  C:\Windows\System\jtAluqz.exe
  2⤵
  PID:9520
- C:\Windows\System\ErVWWSk.exe
  C:\Windows\System\ErVWWSk.exe
  2⤵
  PID:9536
- C:\Windows\System\yErivdh.exe
  C:\Windows\System\yErivdh.exe
  2⤵
  PID:9552
- C:\Windows\System\hBsJkDc.exe
  C:\Windows\System\hBsJkDc.exe
  2⤵
  PID:9568
- C:\Windows\System\wpcCAag.exe
  C:\Windows\System\wpcCAag.exe
  2⤵
  PID:9584
- C:\Windows\System\eelGgAV.exe
  C:\Windows\System\eelGgAV.exe
  2⤵
  PID:9604
- C:\Windows\System\PVOdwTk.exe
  C:\Windows\System\PVOdwTk.exe
  2⤵
  PID:9620
- C:\Windows\System\KQiQrHs.exe
  C:\Windows\System\KQiQrHs.exe
  2⤵
  PID:9636
- C:\Windows\System\rzpsKSX.exe
  C:\Windows\System\rzpsKSX.exe
  2⤵
  PID:9652
- C:\Windows\System\MXyqHqA.exe
  C:\Windows\System\MXyqHqA.exe
  2⤵
  PID:9676
- C:\Windows\System\PqfzMkC.exe
  C:\Windows\System\PqfzMkC.exe
  2⤵
  PID:9776
- C:\Windows\System\YmvCtdR.exe
  C:\Windows\System\YmvCtdR.exe
  2⤵
  PID:9792
- C:\Windows\System\kxPyQnK.exe
  C:\Windows\System\kxPyQnK.exe
  2⤵
  PID:9808
- C:\Windows\System\ErGxSQy.exe
  C:\Windows\System\ErGxSQy.exe
  2⤵
  PID:9824
- C:\Windows\System\DbLSyZY.exe
  C:\Windows\System\DbLSyZY.exe
  2⤵
  PID:9840
- C:\Windows\System\vASRgEV.exe
  C:\Windows\System\vASRgEV.exe
  2⤵
  PID:9864
- C:\Windows\System\VbzQNmk.exe
  C:\Windows\System\VbzQNmk.exe
  2⤵
  PID:9880
- C:\Windows\System\PHZiFRN.exe
  C:\Windows\System\PHZiFRN.exe
  2⤵
  PID:9896
- C:\Windows\System\GurYfdK.exe
  C:\Windows\System\GurYfdK.exe
  2⤵
  PID:9912
- C:\Windows\System\WtkdcMW.exe
  C:\Windows\System\WtkdcMW.exe
  2⤵
  PID:9964
- C:\Windows\System\MZjBcrs.exe
  C:\Windows\System\MZjBcrs.exe
  2⤵
  PID:9980
- C:\Windows\System\PJGwfTT.exe
  C:\Windows\System\PJGwfTT.exe
  2⤵
  PID:9996
- C:\Windows\System\DldCKUX.exe
  C:\Windows\System\DldCKUX.exe
  2⤵
  PID:10020
- C:\Windows\System\VITDmUB.exe
  C:\Windows\System\VITDmUB.exe
  2⤵
  PID:10036
- C:\Windows\System\zYeCcyY.exe
  C:\Windows\System\zYeCcyY.exe
  2⤵
  PID:10052
- C:\Windows\System\SzailKY.exe
  C:\Windows\System\SzailKY.exe
  2⤵
  PID:10072
- C:\Windows\System\JiytVuB.exe
  C:\Windows\System\JiytVuB.exe
  2⤵
  PID:10096
- C:\Windows\System\NebrGZn.exe
  C:\Windows\System\NebrGZn.exe
  2⤵
  PID:10124
- C:\Windows\System\bcbrBMJ.exe
  C:\Windows\System\bcbrBMJ.exe
  2⤵
  PID:10144
- C:\Windows\System\pNzDoKa.exe
  C:\Windows\System\pNzDoKa.exe
  2⤵
  PID:10164
- C:\Windows\System\tnQwdUA.exe
  C:\Windows\System\tnQwdUA.exe
  2⤵
  PID:10188
- C:\Windows\System\XtOQuyb.exe
  C:\Windows\System\XtOQuyb.exe
  2⤵
  PID:10208
- C:\Windows\System\fydFYSn.exe
  C:\Windows\System\fydFYSn.exe
  2⤵
  PID:10224
- C:\Windows\System\FDHEyBl.exe
  C:\Windows\System\FDHEyBl.exe
  2⤵
  PID:9152
- C:\Windows\System\hEcbZfC.exe
  C:\Windows\System\hEcbZfC.exe
  2⤵
  PID:9260
- C:\Windows\System\rHYraij.exe
  C:\Windows\System\rHYraij.exe
  2⤵
  PID:9244
- C:\Windows\System\BEdABpM.exe
  C:\Windows\System\BEdABpM.exe
  2⤵
  PID:8376
- C:\Windows\System\nCAViAL.exe
  C:\Windows\System\nCAViAL.exe
  2⤵
  PID:9296
- C:\Windows\System\XCwyBKW.exe
  C:\Windows\System\XCwyBKW.exe
  2⤵
  PID:9332
- C:\Windows\System\XaTHcBe.exe
  C:\Windows\System\XaTHcBe.exe
  2⤵
  PID:9376
- C:\Windows\System\LweecFI.exe
  C:\Windows\System\LweecFI.exe
  2⤵
  PID:9404
- C:\Windows\System\BtWYJPg.exe
  C:\Windows\System\BtWYJPg.exe
  2⤵
  PID:9432
- C:\Windows\System\hDhaOry.exe
  C:\Windows\System\hDhaOry.exe
  2⤵
  PID:9492
- C:\Windows\System\NkcQteh.exe
  C:\Windows\System\NkcQteh.exe
  2⤵
  PID:9468
- C:\Windows\System\MyRcMct.exe
  C:\Windows\System\MyRcMct.exe
  2⤵
  PID:9508
- C:\Windows\System\XMfdaKr.exe
  C:\Windows\System\XMfdaKr.exe
  2⤵
  PID:9548
- C:\Windows\System\umKmoYs.exe
  C:\Windows\System\umKmoYs.exe
  2⤵
  PID:9612
- C:\Windows\System\qyDhXie.exe
  C:\Windows\System\qyDhXie.exe
  2⤵
  PID:9664
- C:\Windows\System\yJDOtCt.exe
  C:\Windows\System\yJDOtCt.exe
  2⤵
  PID:9700
- C:\Windows\System\VfvXFaT.exe
  C:\Windows\System\VfvXFaT.exe
  2⤵
  PID:9720
- C:\Windows\System\VFvmddg.exe
  C:\Windows\System\VFvmddg.exe
  2⤵
  PID:9728
- C:\Windows\System\hgfIqyp.exe
  C:\Windows\System\hgfIqyp.exe
  2⤵
  PID:9752
- C:\Windows\System\CVErVuZ.exe
  C:\Windows\System\CVErVuZ.exe
  2⤵
  PID:9816
- C:\Windows\System\GKNVeXx.exe
  C:\Windows\System\GKNVeXx.exe
  2⤵
  PID:9856
- C:\Windows\System\QrdJaIo.exe
  C:\Windows\System\QrdJaIo.exe
  2⤵
  PID:9760
- C:\Windows\System\ifXXiyo.exe
  C:\Windows\System\ifXXiyo.exe
  2⤵
  PID:9804
- C:\Windows\System\wDsPfqI.exe
  C:\Windows\System\wDsPfqI.exe
  2⤵
  PID:9904
- C:\Windows\System\XmtgOyQ.exe
  C:\Windows\System\XmtgOyQ.exe
  2⤵
  PID:9920
- C:\Windows\System\ttJEUav.exe
  C:\Windows\System\ttJEUav.exe
  2⤵
  PID:9972
- C:\Windows\System\UEglksl.exe
  C:\Windows\System\UEglksl.exe
  2⤵
  PID:10012
- C:\Windows\System\YZJqDTh.exe
  C:\Windows\System\YZJqDTh.exe
  2⤵
  PID:10028
- C:\Windows\System\HeggPPw.exe
  C:\Windows\System\HeggPPw.exe
  2⤵
  PID:10108
- C:\Windows\System\DOxJycy.exe
  C:\Windows\System\DOxJycy.exe
  2⤵
  PID:10136
- C:\Windows\System\AalGkCA.exe
  C:\Windows\System\AalGkCA.exe
  2⤵
  PID:10156
- C:\Windows\System\UPFBiAt.exe
  C:\Windows\System\UPFBiAt.exe
  2⤵
  PID:10196
- C:\Windows\System\lFTUcOR.exe
  C:\Windows\System\lFTUcOR.exe
  2⤵
  PID:8320
- C:\Windows\System\cJWTOvb.exe
  C:\Windows\System\cJWTOvb.exe
  2⤵
  PID:9228
- C:\Windows\System\vRAWHCM.exe
  C:\Windows\System\vRAWHCM.exe
  2⤵
  PID:9292
- C:\Windows\System\CLbvPln.exe
  C:\Windows\System\CLbvPln.exe
  2⤵
  PID:9280
- C:\Windows\System\RSftERk.exe
  C:\Windows\System\RSftERk.exe
  2⤵
  PID:9368
- C:\Windows\System\IChzcZB.exe
  C:\Windows\System\IChzcZB.exe
  2⤵
  PID:9544
- C:\Windows\System\SOYzVfk.exe
  C:\Windows\System\SOYzVfk.exe
  2⤵
  PID:9628
- C:\Windows\System\OLoKAuE.exe
  C:\Windows\System\OLoKAuE.exe
  2⤵
  PID:9580
- C:\Windows\System\MuAqKWm.exe
  C:\Windows\System\MuAqKWm.exe
  2⤵
  PID:9448
- C:\Windows\System\tnvCqpy.exe
  C:\Windows\System\tnvCqpy.exe
  2⤵
  PID:9596
- C:\Windows\System\iBvZoyW.exe
  C:\Windows\System\iBvZoyW.exe
  2⤵
  PID:9684
- C:\Windows\System\TZkLLnc.exe
  C:\Windows\System\TZkLLnc.exe
  2⤵
  PID:9848
- C:\Windows\System\FaxIHaz.exe
  C:\Windows\System\FaxIHaz.exe
  2⤵
  PID:9948
- C:\Windows\System\jPgZMVA.exe
  C:\Windows\System\jPgZMVA.exe
  2⤵
  PID:9764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ClmnFfp.exe

Filesize
6.1MB

MD5
0d8b8551fb920639fce901801c94cd86

SHA1
24afc512582a65136ccae9136446624931db0729

SHA256
117c741dbec3bb01b457026cdf88124edad42e4ebeead8655735ebcde630c353

SHA512
fe7fd0dde9613298a2a068feef1adf14a5d6e4c7dcf85df80dfaa6fe87ee1d3abf34c2422d74152e1d21fff209655321a86022c92aef926dd148088d426db657

Download Submit
C:\Windows\system\EAhlQYx.exe

Filesize
6.1MB

MD5
4fd9ebfa74f34a114bb0e2a182a9fc66

SHA1
1cad70f289ee682e0efddad7275f2bb2b4212600

SHA256
0649a660e14cf3eab7c31711a7770229811f6308d31618344d54c59fddb75367

SHA512
873146b7acdfcca8e7c69b7b5ba4629b722923ae32f874cbdae2ed65e4afe588193df0501d16a9657b09e80e0b9c2c29aa229c8a27abe98639832ec153eeeee8

Download Submit
C:\Windows\system\IXbRfKR.exe

Filesize
6.1MB

MD5
314489c57543dd2692327ede38d15558

SHA1
0b690df9642ce7bb7d4196f970170f1d1bc5b521

SHA256
4e2d514ae1f5cba8ede2330731cab0d3cd911c2be4ea9f8f51fde12a74a59983

SHA512
d683de6b273048ab4f81aa266acdc4699205d1bd0c3cf64a4581245d80b5107e2699db8902e1435333d84d2365a1917aa7b77898b237d1cf1c4c10a0f6f37ff1

Download Submit
C:\Windows\system\KzOEkvx.exe

Filesize
6.1MB

MD5
ace7c2834316802ec70dfd6f4aed6cd2

SHA1
8fafa55c7da1d0aba91e1b5fa677cdc9dd7e53dd

SHA256
e3d36216fdc75b2d084570995eac50c9b3cad5f758f38212e7e95b1b210e9c8e

SHA512
1a0071047f2b00fbe8a8ba6a2ceafc8937d49061a3196d25aee7cbbd222412b0ced6cf43b2d67a3138292153269121bcd8d8c7391e28fd6c8ebc5ebefb78612b

Download Submit
C:\Windows\system\LGUfcrA.exe

Filesize
6.1MB

MD5
c2024a514bd6f308889b6e9e9943ccac

SHA1
4b7e6da14d53b2c88318bf2ffd086943704b0068

SHA256
3c9235895f22e6d0442134b7d62a023442f31a6c80fcfea64b9f85bb2be3f5a6

SHA512
691ac062468a86f0476d45488c7d0a6eea214dec15118601842a0e6a340a0f15e3f884e20aaef19740902bd36dd14662c8b7bfd705cae3614178bba613c76a41

Download Submit
C:\Windows\system\LWkTboO.exe

Filesize
6.1MB

MD5
96725553770f246be1d9aeaf4a609f05

SHA1
10d6bf34161c8a5e7f5c46222654df71d205e55f

SHA256
b70e8974338dcad6dbfca510a0063b083bfaea03ff5776dba00e6df10ffdae4c

SHA512
d268eba8a11b6372b46cf45cb05c18034fabb2eb60e9f62378781d93acc96e80b465430e58c2a853b756a6956f7c9404f4db742d6e56e0de7dede5951d142a0e

Download Submit
C:\Windows\system\MteMbUu.exe

Filesize
6.1MB

MD5
be5593ababd36b81299b009deb09b164

SHA1
dc68eca1c2ca3ca679023eecf25b1572caff2da7

SHA256
8582bf6fe88cc9d93a9a563b4ddfec27d88e99b5339acc98f4516df7a145d01c

SHA512
1dbfc75b20aa6081b7c45cef65ddd67f05406465da2d0312a793fd7459dda5956b695a9f6e330a93f7e758f5b5c0fb147e3d2fea875b14b9fb026db43275c762

Download Submit
C:\Windows\system\NHErixI.exe

Filesize
6.1MB

MD5
f1335a82ebdd20186d9c99b76f69b2e8

SHA1
a61b475e9541a77dbb5f15dacd6075d50280a211

SHA256
f8b923582547f2b5754726cdb10739c1ade56e40104dc6da990b7f0d55fbb2c6

SHA512
b1b5735216735045a05f7ed47e62d1893337bd43d669b8a5ef90bb88541e80e97d9985f15eb07e7144de441a2d06ca94ba9761a2d99df6775c84345b3c7fdd06

Download Submit
C:\Windows\system\SWaWuvz.exe

Filesize
6.1MB

MD5
4a594e15bf0ff02db074b8178019af4d

SHA1
b5a28c06749a4f7a99ddd0f5a1d076497eef8e56

SHA256
7bf42cbd4992c88d4ba4fef361dcf7c40d00aca3959b330aab1d8151777fc97a

SHA512
d4de6a56e14a16b66b6ef436bdf7b7613f1d14909355fb5eacfb4d105f0e57852e04ff0f5a1c0858c9624f890e202be00be7de4893df811691fd8ccc9f18acf0

Download Submit
C:\Windows\system\UkYopit.exe

Filesize
6.1MB

MD5
cab7e3999256e295c18ce1133549bb16

SHA1
8d7dc6e592252374376e430a7fe47d7906c30028

SHA256
5aad5379803568f4ca15939add849c5b0ab18135275c827f2b331890632e5305

SHA512
4d0f7c29f993a8efc76eced43150dd60828cc00e01cba1ed817161d29324376d5c0648a1307fca28f90932801bfd44c6d6387add5fc603ca62a614585220b39a

Download Submit
C:\Windows\system\YhMQPhd.exe

Filesize
6.1MB

MD5
b0051a253dbb8aeb1d6e81d5ffebcd4b

SHA1
5d83df62951f9087073727a77b846c21f09eaa04

SHA256
55283ecc1bc90484d4b7f5011fc3c4deb436544e9d011e94550953008e710ce2

SHA512
6164a0f39cbc7b342e3ee86c689929189ea875f1e97779b3740b00245cba35864efe9c04c2b58da2c0c1428b01df38105c6d6cdbe93a22e56577cb2a82e8e820

Download Submit
C:\Windows\system\ZwCrtjo.exe

Filesize
6.1MB

MD5
fa2937a776741a00d62f19944a7eed31

SHA1
237eb476cd77fca7c0f9737c9b4dc36a3a3ade13

SHA256
732302021671a9fa5706661e22a5ab0924d09c2dd1a54658370ed4d6b0e5dcbd

SHA512
343b056cda8f00e3c93af258d125a5d0a80d5dd599cceaa0dcff468b9ebdcc6dd1ba0b393b93b1026302818861487fbeeec7a44ad64da76e27f8afd8795a3754

Download Submit
C:\Windows\system\aJmGbJs.exe

Filesize
6.1MB

MD5
d02f0fe54ed3d64923a3265db38d6459

SHA1
2c0f4804229cf4381081e0cedcaf966a6abfdbe6

SHA256
e3069313ad6666e99f5272656fd226ae88080bd38a29cdedfabb851ca1a66277

SHA512
badb43f2ee344cc7346bb5bcccd5032787434e19c160ad287d8376e7c59690c1f6f55fb3f79f48b73b8bb12b8b8d665844fe1dc3c61b865adaed83abb9542265

Download Submit
C:\Windows\system\aikMoir.exe

Filesize
6.1MB

MD5
05807672e9712cab49cc192bb8642ce4

SHA1
95bcf8240f003d4344a1f4b08b393c9f53b59345

SHA256
32140ee2fa68f45bd6ba5d7e8829db7a9465fa6f2dc4e930f416fd4835ff600a

SHA512
617b5392d48cccd766bfdff6b96f0adf169042394533c4ead72bc377d7889166e42e52617f89fbc20b0f733a545ca8c8c0a201bc64f0ff61e73f12b613a3a97a

Download Submit
C:\Windows\system\bIkritx.exe

Filesize
6.1MB

MD5
b104702a5494921790aa6e4daa9d085f

SHA1
aff680b50f29ebba89cc1bb972811bf8fabee831

SHA256
4c8d7fa2aeddd8838e61ffbfb71a5409c2dd563afb32203cb06850eb17908ca3

SHA512
6b7f0d2745b81b7fb9b23c6b3a404b764cc22515b0cd308e776ef4d125dedf8abcfdb6068cb3ea467156e91bc7e88c7b93b97c5249663eb29205302ae7964d0a

Download Submit
C:\Windows\system\bxesHpW.exe

Filesize
6.1MB

MD5
bfbd8f4aadcfd8c100e104942e34a212

SHA1
001c7638df3ce1d0d1c36d56ea477dfb485a05d1

SHA256
abe7ed91300d7ec07b993e61b30429b235c2bd3082f3040cbead04a0cce5b417

SHA512
8da9008c1bd3bb556a8fb458dc9b4603ec9f774e32b0ad6cad2a8f71d3841946214b272ed23c56b1e8bec61d2846a3ce0127ae644d9991e6011da229ea8bdc08

Download Submit
C:\Windows\system\gEjLQUH.exe

Filesize
6.1MB

MD5
9d9d61d004bcef792c9b9ed45601891c

SHA1
fc2fc8d8d13ad3ad3c5015788e6b4be9cdaaf261

SHA256
e05f078d574e80187fe8c356dc85085c03df3449099d2208f4bc5669bdcd6f47

SHA512
06d19a8ebf4d37002c9b7f56b8c7ced8bddeaa71c43f0c745d47a5272fce9c219cd141443a8e7e7a01ffd8ffdffba7d4d828afc49f27cd55f3385940c21c187e

Download Submit
C:\Windows\system\gQbFDIl.exe

Filesize
6.1MB

MD5
1f54539ead84e2c2747b5e39a732aaee

SHA1
b18d7d2c6bc3d169dfdac8c40dea4d13ad511c91

SHA256
8197632cb0fc9422d94c63467618579ffa764665fd55ba60959ade2555fc9321

SHA512
26e1390da31ae80cc788fb391798126ae8ee799309e023a6968eb3aa31285df06dccc66961b754eaaea24788755591c2870898ddad8e951a3cd8792e7a1146a7

Download Submit
C:\Windows\system\iDlvIdV.exe

Filesize
6.1MB

MD5
ef449987780010130ea7c91e9f6c3dea

SHA1
2fac2cbe7973b1b3c61c28025050446471104697

SHA256
39508dec65f6ca42d46021a799322eae1550e09e8c2e45f20feb33b2172d561c

SHA512
0ce8b8ac97f9e5d0b9563acab63362376354ee1a1e2b92ec51ccfb212f4a2d301c16cc4e777339cecd9ecd6e4513b04592f965e964cd1dd5c772e1420ac66827

Download Submit
C:\Windows\system\kbEPLBo.exe

Filesize
6.1MB

MD5
9c77e880e341e14484e438fc22c2a96d

SHA1
6bec248be93c303bc6f0df003188c4505d84d4a1

SHA256
210ce45ec307bb1cbec3dee1383262d0b791f35505c22272adec67bbc0372108

SHA512
fdc28b2f334fcd34767ef1cd47cbc1821c5a7731d6c895e0f7bf80a08ed7c6c2d8aa8622b65f91d1789b2a0df6aa23df304c896425d82d932e612f20b3d38920

Download Submit
C:\Windows\system\mSfahNq.exe

Filesize
6.1MB

MD5
96e2a527e3e43d94cdb8f9b2fafc575b

SHA1
5bbb5cb18d40af44e682fd04604ef8eddd79708e

SHA256
47101d2dc109d056237140ccfdc84d66bbe60706497209935d33f953955008cb

SHA512
7c1e9973a79be2da434e403ac740736e9fa8199ab791ed5f07011405215ba8abed4afa7412e413686ffeaceff68ef8a343339166df763f11af97b7ad4e3b521a

Download Submit
C:\Windows\system\pCmrJTD.exe

Filesize
6.1MB

MD5
fe6ade1f423d78090f448028d7140709

SHA1
6931c5f4fc0c06267f991b53627924607a79f7b1

SHA256
50a02399f0840a83c82e903594c97f552af84c28aef9b492532b22a5ccb79672

SHA512
423f5abc717af21db3550362ddb99a3a9b3e8809241b12ba35135df958d942a62caeb84e04bb79ba6d0da7f05c839c3a4f308bc0b37ab3298d7ef1db93555175

Download Submit
C:\Windows\system\ruPYQud.exe

Filesize
6.1MB

MD5
a77bb8442572e3e9276fa04a34af699b

SHA1
e3f3d8eed33035d06e841dadf3e510daaffb136d

SHA256
a4d150b0dce12ee8d35c54aa79db36f13ae9a50eba19cbba8d4fb898e0cada5d

SHA512
372465d25c461a679e0c13ef1111ee6ba61023c39d27bc7306641739c280a62f042f57485905ead0fc1f71ba4ff624771fea7b765fa497f4a64c0278d8c2aece

Download Submit
C:\Windows\system\rumlcdM.exe

Filesize
6.1MB

MD5
c2db515cbd822aa1007a29b3423ab455

SHA1
a18c6a137138e5fdfe3f5d87c3c24a25bcf6c435

SHA256
6cf7abf1505b92398c8e7c69a27290a27a7191c2d2d2952aeadeb01bea33e82f

SHA512
b70f752e7c1a45208d5736ae8abd6db5748cd36aa04969a8ea706d298d55c6adc7b75ff3d6b9301b23fe68c684e4131a4d76e261f8de09665401db6ae98554f2

Download Submit
C:\Windows\system\sTqWklR.exe

Filesize
6.1MB

MD5
596d09ed53071263188b4a183a393fe7

SHA1
575c79690f8581a3149768391f2f8401de5b42e5

SHA256
77d85a1e1582408bbb1aa3bf38638fddfa7605107eba82c8a5ff5f6e35e06037

SHA512
9a833c1aedcbe3323f063f50f5a0bde4341747a8a33da438d6cdc96e1526bf65e60c46f4313e9dccae93672d6436eb047d12c83a544d1430e8ee607accc7a3ba

Download Submit
C:\Windows\system\trlfoVW.exe

Filesize
6.1MB

MD5
67db878de6f5f9004714a3333aed5539

SHA1
00f4c021ca7122737524fc0120df044ce9c7f935

SHA256
42c8d2778d75f7f270eac724f7831a7ed5ae1a0e70b0f7e1a562ebec97857f41

SHA512
aad5010fb0de7b530fd5720a40a037df187b3bf7cea165499a84880472b62c44e1efff0f5ee73c8a2eea091e3ac4564033b09c745c53ba4c97bbc21925ccf14d

Download Submit
C:\Windows\system\uHKOovO.exe

Filesize
6.1MB

MD5
e8d57814134a16a4c0982fb127aadd04

SHA1
b03beb63d82df7800929184c5a1f56df88298d02

SHA256
58f43d8363808673ad5dd11c9c8914e2cf413a7cd12d35efda730fa5af69f73a

SHA512
0692773b77c2a098910c17ed18c9e03d8c5aaa833d564f842825b0a785bb2990d61b7e71b76b0282e8659bb280839fa0d715d8e52fc4afddb17e2fc310487f31

Download Submit
C:\Windows\system\zyjMvSy.exe

Filesize
6.1MB

MD5
e69161be45e0adeb182a16d653c039ad

SHA1
4f8a2b3d88fd95b6589f8b0deb5e89b2f1b4f2ed

SHA256
cb25073eb5b2129b4bc9f96b68623cbf54eff85da2ed8c91f0d302dd3680681d

SHA512
ae66ffebd8db19f2d8577ee9582b29bb88dccf365777a3fd3c8bbfb6031c325392bdd735668d916acc7b7fd69ace4b7b0c2eda4e8e325734e141d66283e62b1e

Download Submit
\Windows\system\JgYwiHp.exe

Filesize
6.1MB

MD5
397e8f78053d96038bb1f62849a9c3ff

SHA1
138b9feaa073fe4dd3da2b018131f8d7ee301c91

SHA256
0500e79ebf4face888242aab498722c25d43a1fcc85a10717986fd166f05ddca

SHA512
5528979e2f8b0601caf8541f7d5e62d33e42ca5df1f6be94a97c46f8f0480a6802cc63b0c618b9498c9206ebb5781c6d3fbe9ec38d33be99283c6a298519f4c8

Download Submit
\Windows\system\PgNLaKw.exe

Filesize
6.1MB

MD5
918ef25ff75cb9167bbe1efd3e3d557b

SHA1
5d04f765cccab51bcfc4991069f6909fb8a7caf1

SHA256
a65d2c87b9971bf87b0b9940e4d3134c5191e2f32c2264f736c6c619647163a1

SHA512
d9cfde420b65a475b36208dfd6ace70d1b4815ab4c3a180836281fe730c2f12c62ad5980ad22bea51163c779cb10a674609bf9907f138bf438cb8b1ea3185e38

Download Submit
\Windows\system\yaaRuoN.exe

Filesize
6.1MB

MD5
6713c27e540558283c21fa9638690078

SHA1
230cd5c68de4673da94a5d203b42c5f491827b93

SHA256
d8fef9a689bdb72656aadb7f5756050b93f0958422ceaeb63059cf03495312da

SHA512
7cc2ca5fa1784c5f5cb4c135dd86794cc5bb297800fb3e6a4841dd5948046cabef212991a82ac6276b93bad9205c3cf843b1e4d1b7b8da19a177cf326588f23d

Download Submit
\Windows\system\zINAXoa.exe

Filesize
6.1MB

MD5
bccb38081edd3dd8a1cffdb3e28505f5

SHA1
ab31ff6ee6352c6d54a0531fd6581b2f9b0290e1

SHA256
e948628b0a2363b62e2ae423b9797dd90eea4b42774409d61ad37f21ad99c50e

SHA512
1f981f597c6f408f3b13ecd19e9e91fcfcf41dd4db81ca07146075d082b86c81b21300aa38ce131499636910654a226ef69aa7df4c83e86d7fc0f93e34478adb

Download Submit
memory/988-22-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/988-3079-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/1484-99-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/1484-3211-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/1988-92-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/1988-3167-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2052-28-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2052-3077-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2128-26-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2128-3076-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2188-85-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2188-3191-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2240-76-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2240-34-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2240-3111-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2456-61-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2456-3162-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2456-100-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2648-75-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2648-3166-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2648-348-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2652-3160-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2652-69-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2736-83-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3161-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-39-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-3093-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2788-32-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2852-59-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2852-3139-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2864-49-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-3157-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-84-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2936-31-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2936-74-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2936-18-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2936-713-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-48-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-91-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-106-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-0-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-30-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2936-38-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/2936-60-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-68-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2936-98-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2936-875-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2936-347-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2936-535-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2936-1-0x0000000001B20000-0x0000000001B30000-memory.dmp

Filesize
64KB

Download