cobaltstrike | cacfa99cc82befecbeb3077be644cfff3419eeae8033bd9694ec9259e1da41f6

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 00:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.9MB
MD5

c9d459b19fde42aaba162d85d5a4c035
SHA1

1e86fdbefe260c82a359535b35b132d87474dda5
SHA256

cacfa99cc82befecbeb3077be644cfff3419eeae8033bd9694ec9259e1da41f6
SHA512

6689f87a03190b2cec7dcafb52d8745a194ed986aca836d246fa43c6dd016e9bcd2ad4b845944426bcabb0e45f3d8d0c7d8548a92176341675b998840f304b7b
SSDEEP

98304:demTLkNdfE0pZ3u56utgpPFotBER/mQ32lUy:E+b56utgpPF8u/7y

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a00000001202a-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016241-7.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001630a-14.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016644-18.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001686c-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ab9-25.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c56-30.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016c7b-34.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dea-37.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017047-43.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001743a-47.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175e7-61.dat	cobalt_reflective_dll
behavioral1/files/0x0011000000018682-73.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f8-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018781-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-175.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019279-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926a-181.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925e-172.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001922c-154.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018bf3-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019227-122.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878c-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018742-93.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018731-89.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f2-81.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001868b-77.dat	cobalt_reflective_dll
behavioral1/files/0x001400000001866f-69.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018669-65.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017491-57.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001747d-53.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016eb4-41.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/840-0-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/files/0x000a00000001202a-3.dat	xmrig
behavioral1/files/0x0008000000016241-7.dat	xmrig
behavioral1/files/0x000800000001630a-14.dat	xmrig
behavioral1/files/0x0007000000016644-18.dat	xmrig
behavioral1/files/0x000700000001686c-22.dat	xmrig
behavioral1/files/0x0007000000016ab9-25.dat	xmrig
behavioral1/files/0x0007000000016c56-30.dat	xmrig
behavioral1/files/0x0009000000016c7b-34.dat	xmrig
behavioral1/files/0x0008000000016dea-37.dat	xmrig
behavioral1/files/0x0006000000017047-43.dat	xmrig
behavioral1/files/0x000600000001743a-47.dat	xmrig
behavioral1/files/0x00060000000175e7-61.dat	xmrig
behavioral1/files/0x0011000000018682-73.dat	xmrig
behavioral1/files/0x00050000000186f8-85.dat	xmrig
behavioral1/files/0x0005000000018781-97.dat	xmrig
behavioral1/files/0x0005000000019261-175.dat	xmrig
behavioral1/memory/840-766-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2744-1103-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2944-1102-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2872-1067-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/files/0x0005000000019279-187.dat	xmrig
behavioral1/files/0x000500000001926a-181.dat	xmrig
behavioral1/files/0x000500000001925e-172.dat	xmrig
behavioral1/files/0x000500000001922c-154.dat	xmrig
behavioral1/files/0x0006000000018bf3-153.dat	xmrig
behavioral1/memory/1616-152-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2744-150-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2944-148-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/840-147-0x0000000002230000-0x0000000002584000-memory.dmp	xmrig
behavioral1/memory/2724-146-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/840-145-0x0000000002230000-0x0000000002584000-memory.dmp	xmrig
behavioral1/memory/2872-144-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/840-143-0x0000000002230000-0x0000000002584000-memory.dmp	xmrig
behavioral1/memory/2980-142-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2812-140-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2816-138-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2736-136-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/1912-134-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/840-133-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2316-132-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2372-130-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/840-129-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2964-128-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/840-127-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/1552-126-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/files/0x0005000000019227-122.dat	xmrig
behavioral1/files/0x000500000001878c-101.dat	xmrig
behavioral1/files/0x0005000000018742-93.dat	xmrig
behavioral1/files/0x0005000000018731-89.dat	xmrig
behavioral1/files/0x00050000000186f2-81.dat	xmrig
behavioral1/files/0x000500000001868b-77.dat	xmrig
behavioral1/files/0x001400000001866f-69.dat	xmrig
behavioral1/files/0x0006000000018669-65.dat	xmrig
behavioral1/files/0x0006000000017491-57.dat	xmrig
behavioral1/files/0x000600000001747d-53.dat	xmrig
behavioral1/files/0x0006000000016eb4-41.dat	xmrig
behavioral1/memory/2964-3946-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/2812-3947-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/1616-3948-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2816-3954-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2736-3953-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/1552-3952-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2944-3951-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1616	sfnVAXO.exe
1552	TuJBmQJ.exe
2964	zCkXHQT.exe
2372	UlPpRpB.exe
2316	UOBduDs.exe
1912	pjtdzwL.exe
2736	FhWMwtO.exe
2816	vZySyZj.exe
2812	wCmyKlT.exe
2980	SjchcCX.exe
2872	hFMcGjD.exe
2724	woJDJWc.exe
2944	ckvaXNz.exe
2744	vgCUehz.exe
2660	cBVBhHS.exe
2616	RetdfPw.exe
2672	XfNTCEm.exe
3056	kJaVnYZ.exe
2148	LgYPSMA.exe
2216	BVNaUFy.exe
592	AlDLfXz.exe
1408	QsEtzQS.exe
2592	vXbmfVY.exe
1468	epBVEcG.exe
1144	JwqLVSS.exe
2864	zvcMJDr.exe
2912	tGIZHZL.exe
1900	lWUzhCN.exe
816	AEoZfTI.exe
1556	cDyxcsX.exe
2956	eVdTDCH.exe
2576	CicToyu.exe
2988	gpcwLwt.exe
2500	MLrvyFU.exe
1708	qAKomgh.exe
2792	hhUgxwN.exe
580	TrDfpTK.exe
3000	FbMQSZL.exe
1904	khckayA.exe
2292	AgDSbSc.exe
1448	quoXeQQ.exe
1892	cyouWvb.exe
2436	eTLslMo.exe
2236	KlOkTVD.exe
1792	ozpSizF.exe
1580	OzzpWQc.exe
1436	mzFBjfX.exe
2064	FuHSiPa.exe
868	dPdsUqa.exe
1544	Osabedi.exe
1636	DVINdrd.exe
2228	LOoRCAU.exe
2752	XxlHpRN.exe
2976	ZBmsGqx.exe
1940	vOGSdSV.exe
3060	suxfXSj.exe
1528	BpuFwvA.exe
2472	fChoAzM.exe
2880	cqXRXwZ.exe
2952	ykocNVS.exe
2604	DWzQRnE.exe
2884	tqDzsOq.exe
1788	ksRfFuj.exe
1260	IsafFgj.exe

Loads dropped DLL 64 IoCs

pid	Process
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/840-0-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/files/0x000a00000001202a-3.dat	upx
behavioral1/files/0x0008000000016241-7.dat	upx
behavioral1/files/0x000800000001630a-14.dat	upx
behavioral1/files/0x0007000000016644-18.dat	upx
behavioral1/files/0x000700000001686c-22.dat	upx
behavioral1/files/0x0007000000016ab9-25.dat	upx
behavioral1/files/0x0007000000016c56-30.dat	upx
behavioral1/files/0x0009000000016c7b-34.dat	upx
behavioral1/files/0x0008000000016dea-37.dat	upx
behavioral1/files/0x0006000000017047-43.dat	upx
behavioral1/files/0x000600000001743a-47.dat	upx
behavioral1/files/0x00060000000175e7-61.dat	upx
behavioral1/files/0x0011000000018682-73.dat	upx
behavioral1/files/0x00050000000186f8-85.dat	upx
behavioral1/files/0x0005000000018781-97.dat	upx
behavioral1/files/0x0005000000019261-175.dat	upx
behavioral1/memory/840-766-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2744-1103-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2944-1102-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2872-1067-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/files/0x0005000000019279-187.dat	upx
behavioral1/files/0x000500000001926a-181.dat	upx
behavioral1/files/0x000500000001925e-172.dat	upx
behavioral1/files/0x000500000001922c-154.dat	upx
behavioral1/files/0x0006000000018bf3-153.dat	upx
behavioral1/memory/1616-152-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2744-150-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2944-148-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2724-146-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2872-144-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2980-142-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2812-140-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2816-138-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2736-136-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/1912-134-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2316-132-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2372-130-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2964-128-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/1552-126-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/files/0x0005000000019227-122.dat	upx
behavioral1/files/0x000500000001878c-101.dat	upx
behavioral1/files/0x0005000000018742-93.dat	upx
behavioral1/files/0x0005000000018731-89.dat	upx
behavioral1/files/0x00050000000186f2-81.dat	upx
behavioral1/files/0x000500000001868b-77.dat	upx
behavioral1/files/0x001400000001866f-69.dat	upx
behavioral1/files/0x0006000000018669-65.dat	upx
behavioral1/files/0x0006000000017491-57.dat	upx
behavioral1/files/0x000600000001747d-53.dat	upx
behavioral1/files/0x0006000000016eb4-41.dat	upx
behavioral1/memory/2964-3946-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/2812-3947-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/1616-3948-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2816-3954-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2736-3953-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/1552-3952-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2944-3951-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2316-3950-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2872-3949-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2744-3955-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2724-4172-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2980-4173-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2372-4174-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JTsxDJu.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WIGBiFp.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vnZGKWM.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LOoRCAU.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tqDzsOq.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zEHYTCb.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ODOsxhL.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MFyHBGE.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zMvxHey.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FnvMgZI.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hQqqVZM.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TEDztVE.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\veDCIPV.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qrHsKcH.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\epBVEcG.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IuJMPYv.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wzMkfdS.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ntCigkV.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LbvRgok.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\widMIcB.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ObNccIO.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zvcMJDr.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rOcNdMV.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mlwOKIK.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WWHLagF.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pVqiFTl.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vKqHhhw.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vIARagl.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UGrVLVO.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kQEIlYz.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YjrFdou.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ptVonhp.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PbBjUDb.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vtdHVsg.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MeeSIvV.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aFZclXP.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JQqbSjE.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MFJJWxs.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KipfvVJ.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YLEerIL.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kQktnmt.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gcEwjWZ.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DJNTTiK.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jmOSFiE.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\waakwJC.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eOQIRny.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KMUtMML.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Kuvzkgr.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xLAXpfY.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\efjxyZN.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BTRUOzE.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jvLsiet.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AlDLfXz.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VzvfeZi.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XAXvNDW.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aeeeszg.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yDcUPQW.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sqtNJWW.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BXNNXMz.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cDyxcsX.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NAEgNar.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vWDyhOi.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MLugLMY.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CvJzqCf.exe	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 840 wrote to memory of 1616	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 840 wrote to memory of 1616	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 840 wrote to memory of 1616	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 840 wrote to memory of 1552	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 840 wrote to memory of 1552	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 840 wrote to memory of 1552	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 840 wrote to memory of 2964	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 840 wrote to memory of 2964	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 840 wrote to memory of 2964	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 840 wrote to memory of 2372	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 840 wrote to memory of 2372	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 840 wrote to memory of 2372	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 840 wrote to memory of 2316	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 840 wrote to memory of 2316	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 840 wrote to memory of 2316	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 840 wrote to memory of 1912	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 840 wrote to memory of 1912	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 840 wrote to memory of 1912	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 840 wrote to memory of 2736	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 840 wrote to memory of 2736	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 840 wrote to memory of 2736	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 840 wrote to memory of 2816	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 840 wrote to memory of 2816	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 840 wrote to memory of 2816	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 840 wrote to memory of 2812	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 840 wrote to memory of 2812	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 840 wrote to memory of 2812	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 840 wrote to memory of 2980	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 840 wrote to memory of 2980	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 840 wrote to memory of 2980	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 840 wrote to memory of 2872	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 840 wrote to memory of 2872	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 840 wrote to memory of 2872	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 840 wrote to memory of 2724	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 840 wrote to memory of 2724	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 840 wrote to memory of 2724	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 840 wrote to memory of 2944	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 840 wrote to memory of 2944	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 840 wrote to memory of 2944	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 840 wrote to memory of 2744	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 840 wrote to memory of 2744	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 840 wrote to memory of 2744	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 840 wrote to memory of 2660	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 840 wrote to memory of 2660	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 840 wrote to memory of 2660	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 840 wrote to memory of 2616	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 840 wrote to memory of 2616	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 840 wrote to memory of 2616	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 840 wrote to memory of 2672	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 840 wrote to memory of 2672	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 840 wrote to memory of 2672	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 840 wrote to memory of 3056	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 840 wrote to memory of 3056	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 840 wrote to memory of 3056	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 840 wrote to memory of 2148	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 840 wrote to memory of 2148	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 840 wrote to memory of 2148	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 840 wrote to memory of 2216	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 840 wrote to memory of 2216	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 840 wrote to memory of 2216	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 840 wrote to memory of 592	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 840 wrote to memory of 592	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 840 wrote to memory of 592	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 840 wrote to memory of 1408	840	2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_c9d459b19fde42aaba162d85d5a4c035_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:840
- C:\Windows\System\sfnVAXO.exe
  C:\Windows\System\sfnVAXO.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\TuJBmQJ.exe
  C:\Windows\System\TuJBmQJ.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\zCkXHQT.exe
  C:\Windows\System\zCkXHQT.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\UlPpRpB.exe
  C:\Windows\System\UlPpRpB.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\UOBduDs.exe
  C:\Windows\System\UOBduDs.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\pjtdzwL.exe
  C:\Windows\System\pjtdzwL.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\FhWMwtO.exe
  C:\Windows\System\FhWMwtO.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\vZySyZj.exe
  C:\Windows\System\vZySyZj.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\wCmyKlT.exe
  C:\Windows\System\wCmyKlT.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\SjchcCX.exe
  C:\Windows\System\SjchcCX.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\hFMcGjD.exe
  C:\Windows\System\hFMcGjD.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\woJDJWc.exe
  C:\Windows\System\woJDJWc.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\ckvaXNz.exe
  C:\Windows\System\ckvaXNz.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\vgCUehz.exe
  C:\Windows\System\vgCUehz.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\cBVBhHS.exe
  C:\Windows\System\cBVBhHS.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\RetdfPw.exe
  C:\Windows\System\RetdfPw.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\XfNTCEm.exe
  C:\Windows\System\XfNTCEm.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\kJaVnYZ.exe
  C:\Windows\System\kJaVnYZ.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\LgYPSMA.exe
  C:\Windows\System\LgYPSMA.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\BVNaUFy.exe
  C:\Windows\System\BVNaUFy.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\AlDLfXz.exe
  C:\Windows\System\AlDLfXz.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\QsEtzQS.exe
  C:\Windows\System\QsEtzQS.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\vXbmfVY.exe
  C:\Windows\System\vXbmfVY.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\epBVEcG.exe
  C:\Windows\System\epBVEcG.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\JwqLVSS.exe
  C:\Windows\System\JwqLVSS.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\tGIZHZL.exe
  C:\Windows\System\tGIZHZL.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\zvcMJDr.exe
  C:\Windows\System\zvcMJDr.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\lWUzhCN.exe
  C:\Windows\System\lWUzhCN.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\AEoZfTI.exe
  C:\Windows\System\AEoZfTI.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\cDyxcsX.exe
  C:\Windows\System\cDyxcsX.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\eVdTDCH.exe
  C:\Windows\System\eVdTDCH.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\CicToyu.exe
  C:\Windows\System\CicToyu.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\gpcwLwt.exe
  C:\Windows\System\gpcwLwt.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\MLrvyFU.exe
  C:\Windows\System\MLrvyFU.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\qAKomgh.exe
  C:\Windows\System\qAKomgh.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\TrDfpTK.exe
  C:\Windows\System\TrDfpTK.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\hhUgxwN.exe
  C:\Windows\System\hhUgxwN.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\FbMQSZL.exe
  C:\Windows\System\FbMQSZL.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\khckayA.exe
  C:\Windows\System\khckayA.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\AgDSbSc.exe
  C:\Windows\System\AgDSbSc.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\quoXeQQ.exe
  C:\Windows\System\quoXeQQ.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\cyouWvb.exe
  C:\Windows\System\cyouWvb.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\eTLslMo.exe
  C:\Windows\System\eTLslMo.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\KlOkTVD.exe
  C:\Windows\System\KlOkTVD.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\ozpSizF.exe
  C:\Windows\System\ozpSizF.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\mzFBjfX.exe
  C:\Windows\System\mzFBjfX.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\OzzpWQc.exe
  C:\Windows\System\OzzpWQc.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\dPdsUqa.exe
  C:\Windows\System\dPdsUqa.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\FuHSiPa.exe
  C:\Windows\System\FuHSiPa.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\Osabedi.exe
  C:\Windows\System\Osabedi.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\DVINdrd.exe
  C:\Windows\System\DVINdrd.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\vOGSdSV.exe
  C:\Windows\System\vOGSdSV.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\LOoRCAU.exe
  C:\Windows\System\LOoRCAU.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\fChoAzM.exe
  C:\Windows\System\fChoAzM.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\XxlHpRN.exe
  C:\Windows\System\XxlHpRN.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\cqXRXwZ.exe
  C:\Windows\System\cqXRXwZ.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\ZBmsGqx.exe
  C:\Windows\System\ZBmsGqx.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\DWzQRnE.exe
  C:\Windows\System\DWzQRnE.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\suxfXSj.exe
  C:\Windows\System\suxfXSj.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\tqDzsOq.exe
  C:\Windows\System\tqDzsOq.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\BpuFwvA.exe
  C:\Windows\System\BpuFwvA.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\ksRfFuj.exe
  C:\Windows\System\ksRfFuj.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\ykocNVS.exe
  C:\Windows\System\ykocNVS.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\IsafFgj.exe
  C:\Windows\System\IsafFgj.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\ytLKIKc.exe
  C:\Windows\System\ytLKIKc.exe
  2⤵
  PID:2072
- C:\Windows\System\IpFPuXj.exe
  C:\Windows\System\IpFPuXj.exe
  2⤵
  PID:2584
- C:\Windows\System\mXDXMXK.exe
  C:\Windows\System\mXDXMXK.exe
  2⤵
  PID:632
- C:\Windows\System\Xttcnau.exe
  C:\Windows\System\Xttcnau.exe
  2⤵
  PID:1968
- C:\Windows\System\PlRDtka.exe
  C:\Windows\System\PlRDtka.exe
  2⤵
  PID:1308
- C:\Windows\System\uvHZMkc.exe
  C:\Windows\System\uvHZMkc.exe
  2⤵
  PID:1916
- C:\Windows\System\nXtVWfA.exe
  C:\Windows\System\nXtVWfA.exe
  2⤵
  PID:1488
- C:\Windows\System\BTeeIoj.exe
  C:\Windows\System\BTeeIoj.exe
  2⤵
  PID:2460
- C:\Windows\System\KbblNdu.exe
  C:\Windows\System\KbblNdu.exe
  2⤵
  PID:2328
- C:\Windows\System\NLJoAAv.exe
  C:\Windows\System\NLJoAAv.exe
  2⤵
  PID:1624
- C:\Windows\System\DyVstnl.exe
  C:\Windows\System\DyVstnl.exe
  2⤵
  PID:3044
- C:\Windows\System\osRTaUs.exe
  C:\Windows\System\osRTaUs.exe
  2⤵
  PID:2468
- C:\Windows\System\GLhgvUb.exe
  C:\Windows\System\GLhgvUb.exe
  2⤵
  PID:876
- C:\Windows\System\DCIpUNI.exe
  C:\Windows\System\DCIpUNI.exe
  2⤵
  PID:2004
- C:\Windows\System\YiWacov.exe
  C:\Windows\System\YiWacov.exe
  2⤵
  PID:2432
- C:\Windows\System\dDNHMtB.exe
  C:\Windows\System\dDNHMtB.exe
  2⤵
  PID:1712
- C:\Windows\System\YVZkChU.exe
  C:\Windows\System\YVZkChU.exe
  2⤵
  PID:2876
- C:\Windows\System\QKHSPtY.exe
  C:\Windows\System\QKHSPtY.exe
  2⤵
  PID:2628
- C:\Windows\System\zWNjoVP.exe
  C:\Windows\System\zWNjoVP.exe
  2⤵
  PID:3024
- C:\Windows\System\MrprDLS.exe
  C:\Windows\System\MrprDLS.exe
  2⤵
  PID:1540
- C:\Windows\System\xdvrNBl.exe
  C:\Windows\System\xdvrNBl.exe
  2⤵
  PID:1780
- C:\Windows\System\MEXNkWX.exe
  C:\Windows\System\MEXNkWX.exe
  2⤵
  PID:380
- C:\Windows\System\Njnguer.exe
  C:\Windows\System\Njnguer.exe
  2⤵
  PID:2656
- C:\Windows\System\vtdHVsg.exe
  C:\Windows\System\vtdHVsg.exe
  2⤵
  PID:2936
- C:\Windows\System\jjQTUua.exe
  C:\Windows\System\jjQTUua.exe
  2⤵
  PID:2512
- C:\Windows\System\DizwUpk.exe
  C:\Windows\System\DizwUpk.exe
  2⤵
  PID:316
- C:\Windows\System\ZMvYFBM.exe
  C:\Windows\System\ZMvYFBM.exe
  2⤵
  PID:444
- C:\Windows\System\IuJMPYv.exe
  C:\Windows\System\IuJMPYv.exe
  2⤵
  PID:1720
- C:\Windows\System\JxWFPuN.exe
  C:\Windows\System\JxWFPuN.exe
  2⤵
  PID:944
- C:\Windows\System\EPGbbop.exe
  C:\Windows\System\EPGbbop.exe
  2⤵
  PID:688
- C:\Windows\System\YqiUZhE.exe
  C:\Windows\System\YqiUZhE.exe
  2⤵
  PID:2252
- C:\Windows\System\PXPDUxD.exe
  C:\Windows\System\PXPDUxD.exe
  2⤵
  PID:2296
- C:\Windows\System\lBOvUGC.exe
  C:\Windows\System\lBOvUGC.exe
  2⤵
  PID:1032
- C:\Windows\System\lpHocJq.exe
  C:\Windows\System\lpHocJq.exe
  2⤵
  PID:2380
- C:\Windows\System\UkwnoOM.exe
  C:\Windows\System\UkwnoOM.exe
  2⤵
  PID:2832
- C:\Windows\System\JligbDa.exe
  C:\Windows\System\JligbDa.exe
  2⤵
  PID:2776
- C:\Windows\System\WBhvMcp.exe
  C:\Windows\System\WBhvMcp.exe
  2⤵
  PID:1136
- C:\Windows\System\xdtyIIz.exe
  C:\Windows\System\xdtyIIz.exe
  2⤵
  PID:2348
- C:\Windows\System\fcbWjUf.exe
  C:\Windows\System\fcbWjUf.exe
  2⤵
  PID:3080
- C:\Windows\System\qZiyRVR.exe
  C:\Windows\System\qZiyRVR.exe
  2⤵
  PID:3104
- C:\Windows\System\FdJKvwY.exe
  C:\Windows\System\FdJKvwY.exe
  2⤵
  PID:3124
- C:\Windows\System\FPjSqPg.exe
  C:\Windows\System\FPjSqPg.exe
  2⤵
  PID:3144
- C:\Windows\System\OySZzCx.exe
  C:\Windows\System\OySZzCx.exe
  2⤵
  PID:3160
- C:\Windows\System\DYBNLEg.exe
  C:\Windows\System\DYBNLEg.exe
  2⤵
  PID:3184
- C:\Windows\System\WFSwMJZ.exe
  C:\Windows\System\WFSwMJZ.exe
  2⤵
  PID:3204
- C:\Windows\System\oBPOMFt.exe
  C:\Windows\System\oBPOMFt.exe
  2⤵
  PID:3224
- C:\Windows\System\uGyAVrw.exe
  C:\Windows\System\uGyAVrw.exe
  2⤵
  PID:3244
- C:\Windows\System\nxmhUmR.exe
  C:\Windows\System\nxmhUmR.exe
  2⤵
  PID:3264
- C:\Windows\System\pygmirc.exe
  C:\Windows\System\pygmirc.exe
  2⤵
  PID:3284
- C:\Windows\System\qkagTCI.exe
  C:\Windows\System\qkagTCI.exe
  2⤵
  PID:3304
- C:\Windows\System\nKAlwJz.exe
  C:\Windows\System\nKAlwJz.exe
  2⤵
  PID:3324
- C:\Windows\System\ByIRxzo.exe
  C:\Windows\System\ByIRxzo.exe
  2⤵
  PID:3344
- C:\Windows\System\WUtHUTP.exe
  C:\Windows\System\WUtHUTP.exe
  2⤵
  PID:3364
- C:\Windows\System\WkBPwVs.exe
  C:\Windows\System\WkBPwVs.exe
  2⤵
  PID:3384
- C:\Windows\System\ylUuiry.exe
  C:\Windows\System\ylUuiry.exe
  2⤵
  PID:3404
- C:\Windows\System\xGeLVQW.exe
  C:\Windows\System\xGeLVQW.exe
  2⤵
  PID:3424
- C:\Windows\System\tEAosui.exe
  C:\Windows\System\tEAosui.exe
  2⤵
  PID:3444
- C:\Windows\System\oCWQtqf.exe
  C:\Windows\System\oCWQtqf.exe
  2⤵
  PID:3464
- C:\Windows\System\VQRsyqB.exe
  C:\Windows\System\VQRsyqB.exe
  2⤵
  PID:3484
- C:\Windows\System\qmLRVUM.exe
  C:\Windows\System\qmLRVUM.exe
  2⤵
  PID:3504
- C:\Windows\System\KBcpefk.exe
  C:\Windows\System\KBcpefk.exe
  2⤵
  PID:3524
- C:\Windows\System\FYUWSyG.exe
  C:\Windows\System\FYUWSyG.exe
  2⤵
  PID:3544
- C:\Windows\System\IXXYnje.exe
  C:\Windows\System\IXXYnje.exe
  2⤵
  PID:3564
- C:\Windows\System\YjrFdou.exe
  C:\Windows\System\YjrFdou.exe
  2⤵
  PID:3584
- C:\Windows\System\WQLQaTU.exe
  C:\Windows\System\WQLQaTU.exe
  2⤵
  PID:3604
- C:\Windows\System\AqsYQzl.exe
  C:\Windows\System\AqsYQzl.exe
  2⤵
  PID:3624
- C:\Windows\System\JTsxDJu.exe
  C:\Windows\System\JTsxDJu.exe
  2⤵
  PID:3644
- C:\Windows\System\MVizRWx.exe
  C:\Windows\System\MVizRWx.exe
  2⤵
  PID:3664
- C:\Windows\System\iSUUsKk.exe
  C:\Windows\System\iSUUsKk.exe
  2⤵
  PID:3684
- C:\Windows\System\OWNbmKi.exe
  C:\Windows\System\OWNbmKi.exe
  2⤵
  PID:3704
- C:\Windows\System\QuPotHM.exe
  C:\Windows\System\QuPotHM.exe
  2⤵
  PID:3724
- C:\Windows\System\XfndEns.exe
  C:\Windows\System\XfndEns.exe
  2⤵
  PID:3744
- C:\Windows\System\buXwAjH.exe
  C:\Windows\System\buXwAjH.exe
  2⤵
  PID:3760
- C:\Windows\System\gJAnciR.exe
  C:\Windows\System\gJAnciR.exe
  2⤵
  PID:3776
- C:\Windows\System\qaNnqYT.exe
  C:\Windows\System\qaNnqYT.exe
  2⤵
  PID:3792
- C:\Windows\System\DngUtgl.exe
  C:\Windows\System\DngUtgl.exe
  2⤵
  PID:3808
- C:\Windows\System\tUJlLqH.exe
  C:\Windows\System\tUJlLqH.exe
  2⤵
  PID:3836
- C:\Windows\System\eNSsfba.exe
  C:\Windows\System\eNSsfba.exe
  2⤵
  PID:3856
- C:\Windows\System\LqDofqS.exe
  C:\Windows\System\LqDofqS.exe
  2⤵
  PID:3876
- C:\Windows\System\phvlkwe.exe
  C:\Windows\System\phvlkwe.exe
  2⤵
  PID:3900
- C:\Windows\System\rPsaiRF.exe
  C:\Windows\System\rPsaiRF.exe
  2⤵
  PID:3924
- C:\Windows\System\EyOhFiD.exe
  C:\Windows\System\EyOhFiD.exe
  2⤵
  PID:3944
- C:\Windows\System\fKECZCt.exe
  C:\Windows\System\fKECZCt.exe
  2⤵
  PID:3960
- C:\Windows\System\WVElPDz.exe
  C:\Windows\System\WVElPDz.exe
  2⤵
  PID:3976
- C:\Windows\System\XQdeSGn.exe
  C:\Windows\System\XQdeSGn.exe
  2⤵
  PID:3992
- C:\Windows\System\jQpTlfi.exe
  C:\Windows\System\jQpTlfi.exe
  2⤵
  PID:4008
- C:\Windows\System\FyJoBFM.exe
  C:\Windows\System\FyJoBFM.exe
  2⤵
  PID:4028
- C:\Windows\System\ZwjphIx.exe
  C:\Windows\System\ZwjphIx.exe
  2⤵
  PID:4044
- C:\Windows\System\HWtsELw.exe
  C:\Windows\System\HWtsELw.exe
  2⤵
  PID:4060
- C:\Windows\System\DDkiQVJ.exe
  C:\Windows\System\DDkiQVJ.exe
  2⤵
  PID:4076
- C:\Windows\System\QTvvnTA.exe
  C:\Windows\System\QTvvnTA.exe
  2⤵
  PID:4092
- C:\Windows\System\zKlqmfS.exe
  C:\Windows\System\zKlqmfS.exe
  2⤵
  PID:476
- C:\Windows\System\PsDxqFx.exe
  C:\Windows\System\PsDxqFx.exe
  2⤵
  PID:2896
- C:\Windows\System\LjsHqWF.exe
  C:\Windows\System\LjsHqWF.exe
  2⤵
  PID:2108
- C:\Windows\System\ueWvYjT.exe
  C:\Windows\System\ueWvYjT.exe
  2⤵
  PID:304
- C:\Windows\System\yQpzfjw.exe
  C:\Windows\System\yQpzfjw.exe
  2⤵
  PID:924
- C:\Windows\System\lFvsRWV.exe
  C:\Windows\System\lFvsRWV.exe
  2⤵
  PID:1268
- C:\Windows\System\udMhDZI.exe
  C:\Windows\System\udMhDZI.exe
  2⤵
  PID:1512
- C:\Windows\System\ILfVJgL.exe
  C:\Windows\System\ILfVJgL.exe
  2⤵
  PID:1804
- C:\Windows\System\BXpSKyY.exe
  C:\Windows\System\BXpSKyY.exe
  2⤵
  PID:2868
- C:\Windows\System\kcgatfV.exe
  C:\Windows\System\kcgatfV.exe
  2⤵
  PID:1640
- C:\Windows\System\xXRKuGl.exe
  C:\Windows\System\xXRKuGl.exe
  2⤵
  PID:3040
- C:\Windows\System\VzoJspH.exe
  C:\Windows\System\VzoJspH.exe
  2⤵
  PID:3076
- C:\Windows\System\FQWZLEN.exe
  C:\Windows\System\FQWZLEN.exe
  2⤵
  PID:3112
- C:\Windows\System\vPReVPS.exe
  C:\Windows\System\vPReVPS.exe
  2⤵
  PID:3180
- C:\Windows\System\qirKRjc.exe
  C:\Windows\System\qirKRjc.exe
  2⤵
  PID:3200
- C:\Windows\System\YDaOcss.exe
  C:\Windows\System\YDaOcss.exe
  2⤵
  PID:3216
- C:\Windows\System\HsVCMJC.exe
  C:\Windows\System\HsVCMJC.exe
  2⤵
  PID:3260
- C:\Windows\System\NlAMkTU.exe
  C:\Windows\System\NlAMkTU.exe
  2⤵
  PID:3296
- C:\Windows\System\IQEZmsQ.exe
  C:\Windows\System\IQEZmsQ.exe
  2⤵
  PID:3312
- C:\Windows\System\IghZVJV.exe
  C:\Windows\System\IghZVJV.exe
  2⤵
  PID:3316
- C:\Windows\System\ewckcHs.exe
  C:\Windows\System\ewckcHs.exe
  2⤵
  PID:3376
- C:\Windows\System\IONDSGz.exe
  C:\Windows\System\IONDSGz.exe
  2⤵
  PID:3412
- C:\Windows\System\qPbbfTz.exe
  C:\Windows\System\qPbbfTz.exe
  2⤵
  PID:3532
- C:\Windows\System\gheAHGJ.exe
  C:\Windows\System\gheAHGJ.exe
  2⤵
  PID:3600
- C:\Windows\System\XOdShOY.exe
  C:\Windows\System\XOdShOY.exe
  2⤵
  PID:3640
- C:\Windows\System\iLgAIPn.exe
  C:\Windows\System\iLgAIPn.exe
  2⤵
  PID:3740
- C:\Windows\System\MVNndpS.exe
  C:\Windows\System\MVNndpS.exe
  2⤵
  PID:3800
- C:\Windows\System\LEfDHPo.exe
  C:\Windows\System\LEfDHPo.exe
  2⤵
  PID:3848
- C:\Windows\System\nTndGgf.exe
  C:\Windows\System\nTndGgf.exe
  2⤵
  PID:3672
- C:\Windows\System\yXBRmwx.exe
  C:\Windows\System\yXBRmwx.exe
  2⤵
  PID:3788
- C:\Windows\System\qRAQYYe.exe
  C:\Windows\System\qRAQYYe.exe
  2⤵
  PID:3892
- C:\Windows\System\elWkLCP.exe
  C:\Windows\System\elWkLCP.exe
  2⤵
  PID:3968
- C:\Windows\System\CaUkCxc.exe
  C:\Windows\System\CaUkCxc.exe
  2⤵
  PID:3872
- C:\Windows\System\ITjtOic.exe
  C:\Windows\System\ITjtOic.exe
  2⤵
  PID:3716
- C:\Windows\System\RHWuPVz.exe
  C:\Windows\System\RHWuPVz.exe
  2⤵
  PID:4036
- C:\Windows\System\ZFVxabs.exe
  C:\Windows\System\ZFVxabs.exe
  2⤵
  PID:2796
- C:\Windows\System\NUFuDNt.exe
  C:\Windows\System\NUFuDNt.exe
  2⤵
  PID:3052
- C:\Windows\System\GeCXLux.exe
  C:\Windows\System\GeCXLux.exe
  2⤵
  PID:1700
- C:\Windows\System\CNLYNAO.exe
  C:\Windows\System\CNLYNAO.exe
  2⤵
  PID:2384
- C:\Windows\System\FcyKNEt.exe
  C:\Windows\System\FcyKNEt.exe
  2⤵
  PID:2204
- C:\Windows\System\AFbIxTK.exe
  C:\Windows\System\AFbIxTK.exe
  2⤵
  PID:3240
- C:\Windows\System\rOcNdMV.exe
  C:\Windows\System\rOcNdMV.exe
  2⤵
  PID:3920
- C:\Windows\System\ZuTVsPP.exe
  C:\Windows\System\ZuTVsPP.exe
  2⤵
  PID:3460
- C:\Windows\System\PdAAREp.exe
  C:\Windows\System\PdAAREp.exe
  2⤵
  PID:3396
- C:\Windows\System\WhmALLE.exe
  C:\Windows\System\WhmALLE.exe
  2⤵
  PID:3096
- C:\Windows\System\qUjZhLl.exe
  C:\Windows\System\qUjZhLl.exe
  2⤵
  PID:3212
- C:\Windows\System\sVZkFxY.exe
  C:\Windows\System\sVZkFxY.exe
  2⤵
  PID:3320
- C:\Windows\System\CEVRDgB.exe
  C:\Windows\System\CEVRDgB.exe
  2⤵
  PID:2244
- C:\Windows\System\MqzygOZ.exe
  C:\Windows\System\MqzygOZ.exe
  2⤵
  PID:1476
- C:\Windows\System\ITXZlgu.exe
  C:\Windows\System\ITXZlgu.exe
  2⤵
  PID:3436
- C:\Windows\System\UzHvXgW.exe
  C:\Windows\System\UzHvXgW.exe
  2⤵
  PID:3512
- C:\Windows\System\crvkPfm.exe
  C:\Windows\System\crvkPfm.exe
  2⤵
  PID:3552
- C:\Windows\System\qyCWjrv.exe
  C:\Windows\System\qyCWjrv.exe
  2⤵
  PID:3616
- C:\Windows\System\lqIBrOX.exe
  C:\Windows\System\lqIBrOX.exe
  2⤵
  PID:3592
- C:\Windows\System\UMuwyTx.exe
  C:\Windows\System\UMuwyTx.exe
  2⤵
  PID:2440
- C:\Windows\System\wUFZBEz.exe
  C:\Windows\System\wUFZBEz.exe
  2⤵
  PID:2280
- C:\Windows\System\nzHQrxe.exe
  C:\Windows\System\nzHQrxe.exe
  2⤵
  PID:1724
- C:\Windows\System\xBsISIE.exe
  C:\Windows\System\xBsISIE.exe
  2⤵
  PID:2960
- C:\Windows\System\wsutOCr.exe
  C:\Windows\System\wsutOCr.exe
  2⤵
  PID:2924
- C:\Windows\System\cWwFsnj.exe
  C:\Windows\System\cWwFsnj.exe
  2⤵
  PID:1836
- C:\Windows\System\Pkumzge.exe
  C:\Windows\System\Pkumzge.exe
  2⤵
  PID:3696
- C:\Windows\System\aeeeszg.exe
  C:\Windows\System\aeeeszg.exe
  2⤵
  PID:3832
- C:\Windows\System\GXibueR.exe
  C:\Windows\System\GXibueR.exe
  2⤵
  PID:3888
- C:\Windows\System\kxRtPmv.exe
  C:\Windows\System\kxRtPmv.exe
  2⤵
  PID:3912
- C:\Windows\System\AvVZNNu.exe
  C:\Windows\System\AvVZNNu.exe
  2⤵
  PID:2588
- C:\Windows\System\FicMYhV.exe
  C:\Windows\System\FicMYhV.exe
  2⤵
  PID:3132
- C:\Windows\System\UWTbWiD.exe
  C:\Windows\System\UWTbWiD.exe
  2⤵
  PID:3152
- C:\Windows\System\Cvzbniw.exe
  C:\Windows\System\Cvzbniw.exe
  2⤵
  PID:3192
- C:\Windows\System\ZqceZeF.exe
  C:\Windows\System\ZqceZeF.exe
  2⤵
  PID:3868
- C:\Windows\System\AaclQsh.exe
  C:\Windows\System\AaclQsh.exe
  2⤵
  PID:3820
- C:\Windows\System\szKNmal.exe
  C:\Windows\System\szKNmal.exe
  2⤵
  PID:3692
- C:\Windows\System\UnsaYfq.exe
  C:\Windows\System\UnsaYfq.exe
  2⤵
  PID:2608
- C:\Windows\System\MpEpFXD.exe
  C:\Windows\System\MpEpFXD.exe
  2⤵
  PID:3456
- C:\Windows\System\TMJYZXQ.exe
  C:\Windows\System\TMJYZXQ.exe
  2⤵
  PID:1372
- C:\Windows\System\CVwvYBk.exe
  C:\Windows\System\CVwvYBk.exe
  2⤵
  PID:2680
- C:\Windows\System\KGeJOkR.exe
  C:\Windows\System\KGeJOkR.exe
  2⤵
  PID:3168
- C:\Windows\System\oqQKnXM.exe
  C:\Windows\System\oqQKnXM.exe
  2⤵
  PID:3220
- C:\Windows\System\YNdcHtJ.exe
  C:\Windows\System\YNdcHtJ.exe
  2⤵
  PID:3576
- C:\Windows\System\srYtaHc.exe
  C:\Windows\System\srYtaHc.exe
  2⤵
  PID:3620
- C:\Windows\System\ZWjefjo.exe
  C:\Windows\System\ZWjefjo.exe
  2⤵
  PID:2728
- C:\Windows\System\urItJIC.exe
  C:\Windows\System\urItJIC.exe
  2⤵
  PID:3392
- C:\Windows\System\tfYIUav.exe
  C:\Windows\System\tfYIUav.exe
  2⤵
  PID:2364
- C:\Windows\System\jXydsiB.exe
  C:\Windows\System\jXydsiB.exe
  2⤵
  PID:1224
- C:\Windows\System\AnPMVBA.exe
  C:\Windows\System\AnPMVBA.exe
  2⤵
  PID:3632
- C:\Windows\System\dmdWSAC.exe
  C:\Windows\System\dmdWSAC.exe
  2⤵
  PID:3772
- C:\Windows\System\VzCEciA.exe
  C:\Windows\System\VzCEciA.exe
  2⤵
  PID:3088
- C:\Windows\System\rUyNxIV.exe
  C:\Windows\System\rUyNxIV.exe
  2⤵
  PID:2820
- C:\Windows\System\himtosH.exe
  C:\Windows\System\himtosH.exe
  2⤵
  PID:872
- C:\Windows\System\auFrVvW.exe
  C:\Windows\System\auFrVvW.exe
  2⤵
  PID:3660
- C:\Windows\System\zeYYvDi.exe
  C:\Windows\System\zeYYvDi.exe
  2⤵
  PID:3940
- C:\Windows\System\EINBjvJ.exe
  C:\Windows\System\EINBjvJ.exe
  2⤵
  PID:3156
- C:\Windows\System\bkRYdNr.exe
  C:\Windows\System\bkRYdNr.exe
  2⤵
  PID:2492
- C:\Windows\System\xnlaWhQ.exe
  C:\Windows\System\xnlaWhQ.exe
  2⤵
  PID:3300
- C:\Windows\System\DSNEEBe.exe
  C:\Windows\System\DSNEEBe.exe
  2⤵
  PID:3340
- C:\Windows\System\UOLCOyc.exe
  C:\Windows\System\UOLCOyc.exe
  2⤵
  PID:2636
- C:\Windows\System\cXZkLiI.exe
  C:\Windows\System\cXZkLiI.exe
  2⤵
  PID:576
- C:\Windows\System\sDPYPYh.exe
  C:\Windows\System\sDPYPYh.exe
  2⤵
  PID:2184
- C:\Windows\System\bYfrpuI.exe
  C:\Windows\System\bYfrpuI.exe
  2⤵
  PID:1956
- C:\Windows\System\MHtrVyx.exe
  C:\Windows\System\MHtrVyx.exe
  2⤵
  PID:4020
- C:\Windows\System\QQfwiqH.exe
  C:\Windows\System\QQfwiqH.exe
  2⤵
  PID:1324
- C:\Windows\System\moRScCP.exe
  C:\Windows\System\moRScCP.exe
  2⤵
  PID:2076
- C:\Windows\System\YhFzmPh.exe
  C:\Windows\System\YhFzmPh.exe
  2⤵
  PID:3136
- C:\Windows\System\gXlvJYz.exe
  C:\Windows\System\gXlvJYz.exe
  2⤵
  PID:3560
- C:\Windows\System\RbGTWej.exe
  C:\Windows\System\RbGTWej.exe
  2⤵
  PID:2764
- C:\Windows\System\GhACAPA.exe
  C:\Windows\System\GhACAPA.exe
  2⤵
  PID:1732
- C:\Windows\System\QLhNQtS.exe
  C:\Windows\System\QLhNQtS.exe
  2⤵
  PID:4104
- C:\Windows\System\WywcXhg.exe
  C:\Windows\System\WywcXhg.exe
  2⤵
  PID:4120
- C:\Windows\System\pQtMhgE.exe
  C:\Windows\System\pQtMhgE.exe
  2⤵
  PID:4136
- C:\Windows\System\edTpEKX.exe
  C:\Windows\System\edTpEKX.exe
  2⤵
  PID:4152
- C:\Windows\System\xeiTdpB.exe
  C:\Windows\System\xeiTdpB.exe
  2⤵
  PID:4168
- C:\Windows\System\YoYAGfm.exe
  C:\Windows\System\YoYAGfm.exe
  2⤵
  PID:4188
- C:\Windows\System\mkcnFkm.exe
  C:\Windows\System\mkcnFkm.exe
  2⤵
  PID:4208
- C:\Windows\System\MeeSIvV.exe
  C:\Windows\System\MeeSIvV.exe
  2⤵
  PID:4276
- C:\Windows\System\gUiEpvl.exe
  C:\Windows\System\gUiEpvl.exe
  2⤵
  PID:4292
- C:\Windows\System\YewzLKY.exe
  C:\Windows\System\YewzLKY.exe
  2⤵
  PID:4308
- C:\Windows\System\ccvdzis.exe
  C:\Windows\System\ccvdzis.exe
  2⤵
  PID:4328
- C:\Windows\System\gALKNaD.exe
  C:\Windows\System\gALKNaD.exe
  2⤵
  PID:4344
- C:\Windows\System\mlqZhGG.exe
  C:\Windows\System\mlqZhGG.exe
  2⤵
  PID:4360
- C:\Windows\System\NMgmhkm.exe
  C:\Windows\System\NMgmhkm.exe
  2⤵
  PID:4376
- C:\Windows\System\iMcKDmF.exe
  C:\Windows\System\iMcKDmF.exe
  2⤵
  PID:4392
- C:\Windows\System\qeBEYxv.exe
  C:\Windows\System\qeBEYxv.exe
  2⤵
  PID:4408
- C:\Windows\System\sMVqgal.exe
  C:\Windows\System\sMVqgal.exe
  2⤵
  PID:4424
- C:\Windows\System\ckchIjB.exe
  C:\Windows\System\ckchIjB.exe
  2⤵
  PID:4440
- C:\Windows\System\ODubtSQ.exe
  C:\Windows\System\ODubtSQ.exe
  2⤵
  PID:4456
- C:\Windows\System\aHwWEtW.exe
  C:\Windows\System\aHwWEtW.exe
  2⤵
  PID:4472
- C:\Windows\System\stmJNsG.exe
  C:\Windows\System\stmJNsG.exe
  2⤵
  PID:4488
- C:\Windows\System\ntCvPyF.exe
  C:\Windows\System\ntCvPyF.exe
  2⤵
  PID:4504
- C:\Windows\System\ckFqXIm.exe
  C:\Windows\System\ckFqXIm.exe
  2⤵
  PID:4524
- C:\Windows\System\zfdeZlk.exe
  C:\Windows\System\zfdeZlk.exe
  2⤵
  PID:4544
- C:\Windows\System\oWQGUol.exe
  C:\Windows\System\oWQGUol.exe
  2⤵
  PID:4560
- C:\Windows\System\cCFpysq.exe
  C:\Windows\System\cCFpysq.exe
  2⤵
  PID:4576
- C:\Windows\System\EgTkCri.exe
  C:\Windows\System\EgTkCri.exe
  2⤵
  PID:4592
- C:\Windows\System\lmAvJVp.exe
  C:\Windows\System\lmAvJVp.exe
  2⤵
  PID:4612
- C:\Windows\System\xXJoyQz.exe
  C:\Windows\System\xXJoyQz.exe
  2⤵
  PID:4632
- C:\Windows\System\yULgvGt.exe
  C:\Windows\System\yULgvGt.exe
  2⤵
  PID:4656
- C:\Windows\System\EmfCSWk.exe
  C:\Windows\System\EmfCSWk.exe
  2⤵
  PID:4680
- C:\Windows\System\eEjimpU.exe
  C:\Windows\System\eEjimpU.exe
  2⤵
  PID:4700
- C:\Windows\System\unIyEbP.exe
  C:\Windows\System\unIyEbP.exe
  2⤵
  PID:4772
- C:\Windows\System\TLzhQPc.exe
  C:\Windows\System\TLzhQPc.exe
  2⤵
  PID:4800
- C:\Windows\System\NhrSVlV.exe
  C:\Windows\System\NhrSVlV.exe
  2⤵
  PID:4820
- C:\Windows\System\shvbeHs.exe
  C:\Windows\System\shvbeHs.exe
  2⤵
  PID:4836
- C:\Windows\System\gvkqjsy.exe
  C:\Windows\System\gvkqjsy.exe
  2⤵
  PID:4852
- C:\Windows\System\TTXrBwo.exe
  C:\Windows\System\TTXrBwo.exe
  2⤵
  PID:4868
- C:\Windows\System\IzzQVNX.exe
  C:\Windows\System\IzzQVNX.exe
  2⤵
  PID:4884
- C:\Windows\System\jDqtjCD.exe
  C:\Windows\System\jDqtjCD.exe
  2⤵
  PID:4900
- C:\Windows\System\JDSfyQW.exe
  C:\Windows\System\JDSfyQW.exe
  2⤵
  PID:4916
- C:\Windows\System\MGSeKhE.exe
  C:\Windows\System\MGSeKhE.exe
  2⤵
  PID:4932
- C:\Windows\System\PGljKvd.exe
  C:\Windows\System\PGljKvd.exe
  2⤵
  PID:4948
- C:\Windows\System\RKfYXRo.exe
  C:\Windows\System\RKfYXRo.exe
  2⤵
  PID:4964
- C:\Windows\System\VzvfeZi.exe
  C:\Windows\System\VzvfeZi.exe
  2⤵
  PID:4980
- C:\Windows\System\ULHLOSS.exe
  C:\Windows\System\ULHLOSS.exe
  2⤵
  PID:4996
- C:\Windows\System\LRnyPiY.exe
  C:\Windows\System\LRnyPiY.exe
  2⤵
  PID:5012
- C:\Windows\System\FfiObDV.exe
  C:\Windows\System\FfiObDV.exe
  2⤵
  PID:5028
- C:\Windows\System\lyerJzd.exe
  C:\Windows\System\lyerJzd.exe
  2⤵
  PID:5044
- C:\Windows\System\riYDOTi.exe
  C:\Windows\System\riYDOTi.exe
  2⤵
  PID:5112
- C:\Windows\System\OlffsKs.exe
  C:\Windows\System\OlffsKs.exe
  2⤵
  PID:2808
- C:\Windows\System\xhVplZo.exe
  C:\Windows\System\xhVplZo.exe
  2⤵
  PID:2224
- C:\Windows\System\SqBAcQs.exe
  C:\Windows\System\SqBAcQs.exe
  2⤵
  PID:3516
- C:\Windows\System\nRrceJR.exe
  C:\Windows\System\nRrceJR.exe
  2⤵
  PID:2632
- C:\Windows\System\XkueSvV.exe
  C:\Windows\System\XkueSvV.exe
  2⤵
  PID:4116
- C:\Windows\System\tcXJBkY.exe
  C:\Windows\System\tcXJBkY.exe
  2⤵
  PID:4180
- C:\Windows\System\yniBvVg.exe
  C:\Windows\System\yniBvVg.exe
  2⤵
  PID:2704
- C:\Windows\System\VfmVwpt.exe
  C:\Windows\System\VfmVwpt.exe
  2⤵
  PID:2400
- C:\Windows\System\WrFHGqI.exe
  C:\Windows\System\WrFHGqI.exe
  2⤵
  PID:4196
- C:\Windows\System\UFyVrIp.exe
  C:\Windows\System\UFyVrIp.exe
  2⤵
  PID:3932
- C:\Windows\System\UHPYlmt.exe
  C:\Windows\System\UHPYlmt.exe
  2⤵
  PID:4232
- C:\Windows\System\jOcarMr.exe
  C:\Windows\System\jOcarMr.exe
  2⤵
  PID:4256
- C:\Windows\System\KBUXBBp.exe
  C:\Windows\System\KBUXBBp.exe
  2⤵
  PID:4272
- C:\Windows\System\XCkJRlg.exe
  C:\Windows\System\XCkJRlg.exe
  2⤵
  PID:4384
- C:\Windows\System\hbtnqbz.exe
  C:\Windows\System\hbtnqbz.exe
  2⤵
  PID:4448
- C:\Windows\System\iDphnCE.exe
  C:\Windows\System\iDphnCE.exe
  2⤵
  PID:4336
- C:\Windows\System\BjuamWZ.exe
  C:\Windows\System\BjuamWZ.exe
  2⤵
  PID:4584
- C:\Windows\System\PAhSwZy.exe
  C:\Windows\System\PAhSwZy.exe
  2⤵
  PID:4664
- C:\Windows\System\dZZGfNH.exe
  C:\Windows\System\dZZGfNH.exe
  2⤵
  PID:4400
- C:\Windows\System\NAEgNar.exe
  C:\Windows\System\NAEgNar.exe
  2⤵
  PID:4464
- C:\Windows\System\vKIrnJL.exe
  C:\Windows\System\vKIrnJL.exe
  2⤵
  PID:4532
- C:\Windows\System\XCwCYZE.exe
  C:\Windows\System\XCwCYZE.exe
  2⤵
  PID:4572
- C:\Windows\System\kHSvZOX.exe
  C:\Windows\System\kHSvZOX.exe
  2⤵
  PID:4648
- C:\Windows\System\fVxdsLU.exe
  C:\Windows\System\fVxdsLU.exe
  2⤵
  PID:4696
- C:\Windows\System\rJLyJLQ.exe
  C:\Windows\System\rJLyJLQ.exe
  2⤵
  PID:4672
- C:\Windows\System\ehWBlmX.exe
  C:\Windows\System\ehWBlmX.exe
  2⤵
  PID:4716
- C:\Windows\System\ZLdTXcv.exe
  C:\Windows\System\ZLdTXcv.exe
  2⤵
  PID:4736
- C:\Windows\System\vKHQfpA.exe
  C:\Windows\System\vKHQfpA.exe
  2⤵
  PID:4600
- C:\Windows\System\QyMDAkG.exe
  C:\Windows\System\QyMDAkG.exe
  2⤵
  PID:4760
- C:\Windows\System\bULRmoN.exe
  C:\Windows\System\bULRmoN.exe
  2⤵
  PID:4848
- C:\Windows\System\UusuFMO.exe
  C:\Windows\System\UusuFMO.exe
  2⤵
  PID:4912
- C:\Windows\System\ywQqXqx.exe
  C:\Windows\System\ywQqXqx.exe
  2⤵
  PID:4976
- C:\Windows\System\KzAumYy.exe
  C:\Windows\System\KzAumYy.exe
  2⤵
  PID:4860
- C:\Windows\System\tkKWYBm.exe
  C:\Windows\System\tkKWYBm.exe
  2⤵
  PID:4956
- C:\Windows\System\ksKdrAJ.exe
  C:\Windows\System\ksKdrAJ.exe
  2⤵
  PID:5024
- C:\Windows\System\oBvWbvR.exe
  C:\Windows\System\oBvWbvR.exe
  2⤵
  PID:3676
- C:\Windows\System\FujyVvx.exe
  C:\Windows\System\FujyVvx.exe
  2⤵
  PID:2848
- C:\Windows\System\mkIUZfs.exe
  C:\Windows\System\mkIUZfs.exe
  2⤵
  PID:5068
- C:\Windows\System\kHtTbAo.exe
  C:\Windows\System\kHtTbAo.exe
  2⤵
  PID:5084
- C:\Windows\System\rSKQfwn.exe
  C:\Windows\System\rSKQfwn.exe
  2⤵
  PID:5100
- C:\Windows\System\xZayzbK.exe
  C:\Windows\System\xZayzbK.exe
  2⤵
  PID:2772
- C:\Windows\System\tcqQbNV.exe
  C:\Windows\System\tcqQbNV.exe
  2⤵
  PID:4160
- C:\Windows\System\lDRLSyf.exe
  C:\Windows\System\lDRLSyf.exe
  2⤵
  PID:5108
- C:\Windows\System\BGsVPep.exe
  C:\Windows\System\BGsVPep.exe
  2⤵
  PID:2904
- C:\Windows\System\WWQdKFy.exe
  C:\Windows\System\WWQdKFy.exe
  2⤵
  PID:2624
- C:\Windows\System\qupnzOD.exe
  C:\Windows\System\qupnzOD.exe
  2⤵
  PID:556
- C:\Windows\System\GUsumrB.exe
  C:\Windows\System\GUsumrB.exe
  2⤵
  PID:3176
- C:\Windows\System\KliEsLP.exe
  C:\Windows\System\KliEsLP.exe
  2⤵
  PID:3896
- C:\Windows\System\bwQVgIv.exe
  C:\Windows\System\bwQVgIv.exe
  2⤵
  PID:4248
- C:\Windows\System\tSoPLuv.exe
  C:\Windows\System\tSoPLuv.exe
  2⤵
  PID:4372
- C:\Windows\System\aGrSGNk.exe
  C:\Windows\System\aGrSGNk.exe
  2⤵
  PID:4324
- C:\Windows\System\iwkgYdI.exe
  C:\Windows\System\iwkgYdI.exe
  2⤵
  PID:4728
- C:\Windows\System\byLGCUy.exe
  C:\Windows\System\byLGCUy.exe
  2⤵
  PID:4628
- C:\Windows\System\nLoiiVe.exe
  C:\Windows\System\nLoiiVe.exe
  2⤵
  PID:4756
- C:\Windows\System\mdeFang.exe
  C:\Windows\System\mdeFang.exe
  2⤵
  PID:4712
- C:\Windows\System\YlHEJTA.exe
  C:\Windows\System\YlHEJTA.exe
  2⤵
  PID:4784
- C:\Windows\System\ZVSXnff.exe
  C:\Windows\System\ZVSXnff.exe
  2⤵
  PID:4788
- C:\Windows\System\mYqByHq.exe
  C:\Windows\System\mYqByHq.exe
  2⤵
  PID:4896
- C:\Windows\System\IQzrsqC.exe
  C:\Windows\System\IQzrsqC.exe
  2⤵
  PID:5064
- C:\Windows\System\KgxQxPj.exe
  C:\Windows\System\KgxQxPj.exe
  2⤵
  PID:4908
- C:\Windows\System\BSCHJXd.exe
  C:\Windows\System\BSCHJXd.exe
  2⤵
  PID:2856
- C:\Windows\System\KnWihMP.exe
  C:\Windows\System\KnWihMP.exe
  2⤵
  PID:2524
- C:\Windows\System\TQSBVDj.exe
  C:\Windows\System\TQSBVDj.exe
  2⤵
  PID:5060
- C:\Windows\System\NYaKxRx.exe
  C:\Windows\System\NYaKxRx.exe
  2⤵
  PID:2448
- C:\Windows\System\YZxKHMr.exe
  C:\Windows\System\YZxKHMr.exe
  2⤵
  PID:4128
- C:\Windows\System\odDQeSc.exe
  C:\Windows\System\odDQeSc.exe
  2⤵
  PID:4132
- C:\Windows\System\bVdpHVI.exe
  C:\Windows\System\bVdpHVI.exe
  2⤵
  PID:3420
- C:\Windows\System\yONBxkj.exe
  C:\Windows\System\yONBxkj.exe
  2⤵
  PID:4176
- C:\Windows\System\yDcUPQW.exe
  C:\Windows\System\yDcUPQW.exe
  2⤵
  PID:1644
- C:\Windows\System\RVCvcfA.exe
  C:\Windows\System\RVCvcfA.exe
  2⤵
  PID:4252
- C:\Windows\System\ukCGfdz.exe
  C:\Windows\System\ukCGfdz.exe
  2⤵
  PID:4304
- C:\Windows\System\NDYUsXX.exe
  C:\Windows\System\NDYUsXX.exe
  2⤵
  PID:4500
- C:\Windows\System\SCqsCtn.exe
  C:\Windows\System\SCqsCtn.exe
  2⤵
  PID:4436
- C:\Windows\System\vAxYRFj.exe
  C:\Windows\System\vAxYRFj.exe
  2⤵
  PID:2748
- C:\Windows\System\smxGpwA.exe
  C:\Windows\System\smxGpwA.exe
  2⤵
  PID:2200
- C:\Windows\System\GAQPkxX.exe
  C:\Windows\System\GAQPkxX.exe
  2⤵
  PID:4972
- C:\Windows\System\bJzajYP.exe
  C:\Windows\System\bJzajYP.exe
  2⤵
  PID:4816
- C:\Windows\System\PywVqVJ.exe
  C:\Windows\System\PywVqVJ.exe
  2⤵
  PID:1800
- C:\Windows\System\zxhNjNL.exe
  C:\Windows\System\zxhNjNL.exe
  2⤵
  PID:2032
- C:\Windows\System\YvObnpB.exe
  C:\Windows\System\YvObnpB.exe
  2⤵
  PID:2100
- C:\Windows\System\YXfBPOb.exe
  C:\Windows\System\YXfBPOb.exe
  2⤵
  PID:4244
- C:\Windows\System\EMJVLlR.exe
  C:\Windows\System\EMJVLlR.exe
  2⤵
  PID:2464
- C:\Windows\System\APMepEa.exe
  C:\Windows\System\APMepEa.exe
  2⤵
  PID:568
- C:\Windows\System\fDdquRx.exe
  C:\Windows\System\fDdquRx.exe
  2⤵
  PID:4496
- C:\Windows\System\UbeTLWb.exe
  C:\Windows\System\UbeTLWb.exe
  2⤵
  PID:4316
- C:\Windows\System\MFyHBGE.exe
  C:\Windows\System\MFyHBGE.exe
  2⤵
  PID:4688
- C:\Windows\System\ptVonhp.exe
  C:\Windows\System\ptVonhp.exe
  2⤵
  PID:1664
- C:\Windows\System\ZkNDKqd.exe
  C:\Windows\System\ZkNDKqd.exe
  2⤵
  PID:4992
- C:\Windows\System\QSOlCmB.exe
  C:\Windows\System\QSOlCmB.exe
  2⤵
  PID:2640
- C:\Windows\System\JAPbode.exe
  C:\Windows\System\JAPbode.exe
  2⤵
  PID:2420
- C:\Windows\System\TiXdGAe.exe
  C:\Windows\System\TiXdGAe.exe
  2⤵
  PID:4692
- C:\Windows\System\myxMgPB.exe
  C:\Windows\System\myxMgPB.exe
  2⤵
  PID:1952
- C:\Windows\System\WOFeMxK.exe
  C:\Windows\System\WOFeMxK.exe
  2⤵
  PID:4268
- C:\Windows\System\QXBEQYJ.exe
  C:\Windows\System\QXBEQYJ.exe
  2⤵
  PID:5008
- C:\Windows\System\ttUCNWa.exe
  C:\Windows\System\ttUCNWa.exe
  2⤵
  PID:788
- C:\Windows\System\ztdAOIb.exe
  C:\Windows\System\ztdAOIb.exe
  2⤵
  PID:4844
- C:\Windows\System\AztnvjZ.exe
  C:\Windows\System\AztnvjZ.exe
  2⤵
  PID:2788
- C:\Windows\System\KjLsqOC.exe
  C:\Windows\System\KjLsqOC.exe
  2⤵
  PID:664
- C:\Windows\System\vcCTBiO.exe
  C:\Windows\System\vcCTBiO.exe
  2⤵
  PID:5096
- C:\Windows\System\avWVVsQ.exe
  C:\Windows\System\avWVVsQ.exe
  2⤵
  PID:856
- C:\Windows\System\jSqNlhH.exe
  C:\Windows\System\jSqNlhH.exe
  2⤵
  PID:5132
- C:\Windows\System\OJXCiDF.exe
  C:\Windows\System\OJXCiDF.exe
  2⤵
  PID:5152
- C:\Windows\System\wfUAgQP.exe
  C:\Windows\System\wfUAgQP.exe
  2⤵
  PID:5168
- C:\Windows\System\AuznhuV.exe
  C:\Windows\System\AuznhuV.exe
  2⤵
  PID:5184
- C:\Windows\System\hGJdocQ.exe
  C:\Windows\System\hGJdocQ.exe
  2⤵
  PID:5204
- C:\Windows\System\WVCchsY.exe
  C:\Windows\System\WVCchsY.exe
  2⤵
  PID:5224
- C:\Windows\System\YQxYuXQ.exe
  C:\Windows\System\YQxYuXQ.exe
  2⤵
  PID:5244
- C:\Windows\System\pXIPdXl.exe
  C:\Windows\System\pXIPdXl.exe
  2⤵
  PID:5260
- C:\Windows\System\DBuIWXI.exe
  C:\Windows\System\DBuIWXI.exe
  2⤵
  PID:5276
- C:\Windows\System\ZFaiUlv.exe
  C:\Windows\System\ZFaiUlv.exe
  2⤵
  PID:5292
- C:\Windows\System\OvJxSTk.exe
  C:\Windows\System\OvJxSTk.exe
  2⤵
  PID:5312
- C:\Windows\System\QIglgFT.exe
  C:\Windows\System\QIglgFT.exe
  2⤵
  PID:5328
- C:\Windows\System\jAgIwlm.exe
  C:\Windows\System\jAgIwlm.exe
  2⤵
  PID:5344
- C:\Windows\System\eafnLad.exe
  C:\Windows\System\eafnLad.exe
  2⤵
  PID:5360
- C:\Windows\System\eQVPjAR.exe
  C:\Windows\System\eQVPjAR.exe
  2⤵
  PID:5380
- C:\Windows\System\WcnssZL.exe
  C:\Windows\System\WcnssZL.exe
  2⤵
  PID:5412
- C:\Windows\System\LcSTNOY.exe
  C:\Windows\System\LcSTNOY.exe
  2⤵
  PID:5436
- C:\Windows\System\OeiMxjz.exe
  C:\Windows\System\OeiMxjz.exe
  2⤵
  PID:5452
- C:\Windows\System\vWDyhOi.exe
  C:\Windows\System\vWDyhOi.exe
  2⤵
  PID:5468
- C:\Windows\System\XAXvNDW.exe
  C:\Windows\System\XAXvNDW.exe
  2⤵
  PID:5484
- C:\Windows\System\eALpeFr.exe
  C:\Windows\System\eALpeFr.exe
  2⤵
  PID:5500
- C:\Windows\System\XwINIov.exe
  C:\Windows\System\XwINIov.exe
  2⤵
  PID:5516
- C:\Windows\System\xdXwjZI.exe
  C:\Windows\System\xdXwjZI.exe
  2⤵
  PID:5536
- C:\Windows\System\RPVkblQ.exe
  C:\Windows\System\RPVkblQ.exe
  2⤵
  PID:5556
- C:\Windows\System\QNCmmZu.exe
  C:\Windows\System\QNCmmZu.exe
  2⤵
  PID:5572
- C:\Windows\System\NIJzXgV.exe
  C:\Windows\System\NIJzXgV.exe
  2⤵
  PID:5588
- C:\Windows\System\BVzKoXZ.exe
  C:\Windows\System\BVzKoXZ.exe
  2⤵
  PID:5604
- C:\Windows\System\tqtbUuR.exe
  C:\Windows\System\tqtbUuR.exe
  2⤵
  PID:5620
- C:\Windows\System\ghKLLpQ.exe
  C:\Windows\System\ghKLLpQ.exe
  2⤵
  PID:5636
- C:\Windows\System\ZDqitKP.exe
  C:\Windows\System\ZDqitKP.exe
  2⤵
  PID:5656
- C:\Windows\System\gJxrQAe.exe
  C:\Windows\System\gJxrQAe.exe
  2⤵
  PID:5672
- C:\Windows\System\rRNVTrE.exe
  C:\Windows\System\rRNVTrE.exe
  2⤵
  PID:5688
- C:\Windows\System\iPkxPca.exe
  C:\Windows\System\iPkxPca.exe
  2⤵
  PID:5704
- C:\Windows\System\XhRuIpT.exe
  C:\Windows\System\XhRuIpT.exe
  2⤵
  PID:5720
- C:\Windows\System\efjxyZN.exe
  C:\Windows\System\efjxyZN.exe
  2⤵
  PID:5736
- C:\Windows\System\DXplcau.exe
  C:\Windows\System\DXplcau.exe
  2⤵
  PID:5752
- C:\Windows\System\FBTBLRQ.exe
  C:\Windows\System\FBTBLRQ.exe
  2⤵
  PID:5768
- C:\Windows\System\qiSFquA.exe
  C:\Windows\System\qiSFquA.exe
  2⤵
  PID:5784
- C:\Windows\System\RxXCNrU.exe
  C:\Windows\System\RxXCNrU.exe
  2⤵
  PID:5800
- C:\Windows\System\mHzEMRL.exe
  C:\Windows\System\mHzEMRL.exe
  2⤵
  PID:5816
- C:\Windows\System\SXkQTHZ.exe
  C:\Windows\System\SXkQTHZ.exe
  2⤵
  PID:5832
- C:\Windows\System\FXDyIfN.exe
  C:\Windows\System\FXDyIfN.exe
  2⤵
  PID:5848
- C:\Windows\System\SpEqisz.exe
  C:\Windows\System\SpEqisz.exe
  2⤵
  PID:5864
- C:\Windows\System\VbCiEeU.exe
  C:\Windows\System\VbCiEeU.exe
  2⤵
  PID:5880
- C:\Windows\System\SmrdpYz.exe
  C:\Windows\System\SmrdpYz.exe
  2⤵
  PID:5896
- C:\Windows\System\FnvMgZI.exe
  C:\Windows\System\FnvMgZI.exe
  2⤵
  PID:5912
- C:\Windows\System\Kuvzkgr.exe
  C:\Windows\System\Kuvzkgr.exe
  2⤵
  PID:5928
- C:\Windows\System\NIMAGbW.exe
  C:\Windows\System\NIMAGbW.exe
  2⤵
  PID:5948
- C:\Windows\System\mVBxFqv.exe
  C:\Windows\System\mVBxFqv.exe
  2⤵
  PID:5964
- C:\Windows\System\wpsmPol.exe
  C:\Windows\System\wpsmPol.exe
  2⤵
  PID:5980
- C:\Windows\System\zoVxrQT.exe
  C:\Windows\System\zoVxrQT.exe
  2⤵
  PID:6000
- C:\Windows\System\dnxvArv.exe
  C:\Windows\System\dnxvArv.exe
  2⤵
  PID:6020
- C:\Windows\System\HnVBRDY.exe
  C:\Windows\System\HnVBRDY.exe
  2⤵
  PID:6040
- C:\Windows\System\kaVVhQh.exe
  C:\Windows\System\kaVVhQh.exe
  2⤵
  PID:6056
- C:\Windows\System\DNwlpCr.exe
  C:\Windows\System\DNwlpCr.exe
  2⤵
  PID:6072
- C:\Windows\System\NATLrFB.exe
  C:\Windows\System\NATLrFB.exe
  2⤵
  PID:6088
- C:\Windows\System\yQkBysz.exe
  C:\Windows\System\yQkBysz.exe
  2⤵
  PID:6104
- C:\Windows\System\riSHTfv.exe
  C:\Windows\System\riSHTfv.exe
  2⤵
  PID:6120
- C:\Windows\System\qzepnAi.exe
  C:\Windows\System\qzepnAi.exe
  2⤵
  PID:6136
- C:\Windows\System\DhlXeXy.exe
  C:\Windows\System\DhlXeXy.exe
  2⤵
  PID:2668
- C:\Windows\System\CcGUaBP.exe
  C:\Windows\System\CcGUaBP.exe
  2⤵
  PID:5176
- C:\Windows\System\OktqfnZ.exe
  C:\Windows\System\OktqfnZ.exe
  2⤵
  PID:5252
- C:\Windows\System\pIllgGo.exe
  C:\Windows\System\pIllgGo.exe
  2⤵
  PID:5324
- C:\Windows\System\osTuiVf.exe
  C:\Windows\System\osTuiVf.exe
  2⤵
  PID:5388
- C:\Windows\System\RwqAxUS.exe
  C:\Windows\System\RwqAxUS.exe
  2⤵
  PID:5408
- C:\Windows\System\iWCusVg.exe
  C:\Windows\System\iWCusVg.exe
  2⤵
  PID:5480
- C:\Windows\System\ZZYPtsy.exe
  C:\Windows\System\ZZYPtsy.exe
  2⤵
  PID:4928
- C:\Windows\System\wGARfXS.exe
  C:\Windows\System\wGARfXS.exe
  2⤵
  PID:1676
- C:\Windows\System\fDIZtIP.exe
  C:\Windows\System\fDIZtIP.exe
  2⤵
  PID:4668
- C:\Windows\System\UgoXxcf.exe
  C:\Windows\System\UgoXxcf.exe
  2⤵
  PID:5192
- C:\Windows\System\xJYWKNL.exe
  C:\Windows\System\xJYWKNL.exe
  2⤵
  PID:5240
- C:\Windows\System\JSVbiAJ.exe
  C:\Windows\System\JSVbiAJ.exe
  2⤵
  PID:5304
- C:\Windows\System\uyJxvzt.exe
  C:\Windows\System\uyJxvzt.exe
  2⤵
  PID:5368
- C:\Windows\System\fQzmaLh.exe
  C:\Windows\System\fQzmaLh.exe
  2⤵
  PID:5432
- C:\Windows\System\zQNwpHV.exe
  C:\Windows\System\zQNwpHV.exe
  2⤵
  PID:5496
- C:\Windows\System\UWmyhtg.exe
  C:\Windows\System\UWmyhtg.exe
  2⤵
  PID:5580
- C:\Windows\System\izUFUIW.exe
  C:\Windows\System\izUFUIW.exe
  2⤵
  PID:5644
- C:\Windows\System\QQMVmOY.exe
  C:\Windows\System\QQMVmOY.exe
  2⤵
  PID:5684
- C:\Windows\System\pnQUEGW.exe
  C:\Windows\System\pnQUEGW.exe
  2⤵
  PID:5808
- C:\Windows\System\ribzYmt.exe
  C:\Windows\System\ribzYmt.exe
  2⤵
  PID:5872
- C:\Windows\System\rTmYzpK.exe
  C:\Windows\System\rTmYzpK.exe
  2⤵
  PID:5936
- C:\Windows\System\DeQfNOC.exe
  C:\Windows\System\DeQfNOC.exe
  2⤵
  PID:5944
- C:\Windows\System\RwSCDZz.exe
  C:\Windows\System\RwSCDZz.exe
  2⤵
  PID:6008
- C:\Windows\System\trPLitd.exe
  C:\Windows\System\trPLitd.exe
  2⤵
  PID:5548
- C:\Windows\System\lToDANp.exe
  C:\Windows\System\lToDANp.exe
  2⤵
  PID:6112
- C:\Windows\System\xmKLxyY.exe
  C:\Windows\System\xmKLxyY.exe
  2⤵
  PID:5792
- C:\Windows\System\lOKqTeb.exe
  C:\Windows\System\lOKqTeb.exe
  2⤵
  PID:5960
- C:\Windows\System\BtPnMuw.exe
  C:\Windows\System\BtPnMuw.exe
  2⤵
  PID:5288
- C:\Windows\System\YjkMyQq.exe
  C:\Windows\System\YjkMyQq.exe
  2⤵
  PID:5564
- C:\Windows\System\UloFXWW.exe
  C:\Windows\System\UloFXWW.exe
  2⤵
  PID:6028
- C:\Windows\System\JztOZjH.exe
  C:\Windows\System\JztOZjH.exe
  2⤵
  PID:5596
- C:\Windows\System\QZixxoj.exe
  C:\Windows\System\QZixxoj.exe
  2⤵
  PID:5664
- C:\Windows\System\GSvBooy.exe
  C:\Windows\System\GSvBooy.exe
  2⤵
  PID:5732
- C:\Windows\System\eTbbrLL.exe
  C:\Windows\System\eTbbrLL.exe
  2⤵
  PID:5828
- C:\Windows\System\LdQaBlN.exe
  C:\Windows\System\LdQaBlN.exe
  2⤵
  PID:5892
- C:\Windows\System\TLnkbqg.exe
  C:\Windows\System\TLnkbqg.exe
  2⤵
  PID:5996
- C:\Windows\System\bapBmFK.exe
  C:\Windows\System\bapBmFK.exe
  2⤵
  PID:6128
- C:\Windows\System\MfXLMAW.exe
  C:\Windows\System\MfXLMAW.exe
  2⤵
  PID:5320
- C:\Windows\System\TQWwwtY.exe
  C:\Windows\System\TQWwwtY.exe
  2⤵
  PID:5512
- C:\Windows\System\EUxekYn.exe
  C:\Windows\System\EUxekYn.exe
  2⤵
  PID:5272
- C:\Windows\System\DdkkJQK.exe
  C:\Windows\System\DdkkJQK.exe
  2⤵
  PID:4832
- C:\Windows\System\WKsWdEB.exe
  C:\Windows\System\WKsWdEB.exe
  2⤵
  PID:5372
- C:\Windows\System\mwBGCVp.exe
  C:\Windows\System\mwBGCVp.exe
  2⤵
  PID:5428
- C:\Windows\System\Otbbeie.exe
  C:\Windows\System\Otbbeie.exe
  2⤵
  PID:5652
- C:\Windows\System\AnetOmO.exe
  C:\Windows\System\AnetOmO.exe
  2⤵
  PID:5844
- C:\Windows\System\GcudSvt.exe
  C:\Windows\System\GcudSvt.exe
  2⤵
  PID:6016
- C:\Windows\System\yLUmJSH.exe
  C:\Windows\System\yLUmJSH.exe
  2⤵
  PID:1520
- C:\Windows\System\hQqqVZM.exe
  C:\Windows\System\hQqqVZM.exe
  2⤵
  PID:5600
- C:\Windows\System\yyHrwlE.exe
  C:\Windows\System\yyHrwlE.exe
  2⤵
  PID:5972
- C:\Windows\System\jsuOUFK.exe
  C:\Windows\System\jsuOUFK.exe
  2⤵
  PID:6084
- C:\Windows\System\vJBCHLK.exe
  C:\Windows\System\vJBCHLK.exe
  2⤵
  PID:5220
- C:\Windows\System\sqtNJWW.exe
  C:\Windows\System\sqtNJWW.exe
  2⤵
  PID:5612
- C:\Windows\System\hGSPSDH.exe
  C:\Windows\System\hGSPSDH.exe
  2⤵
  PID:5876
- C:\Windows\System\yCdCRVc.exe
  C:\Windows\System\yCdCRVc.exe
  2⤵
  PID:5144
- C:\Windows\System\VyyFCvY.exe
  C:\Windows\System\VyyFCvY.exe
  2⤵
  PID:5860
- C:\Windows\System\THgQHKE.exe
  C:\Windows\System\THgQHKE.exe
  2⤵
  PID:3276
- C:\Windows\System\OpfuUXw.exe
  C:\Windows\System\OpfuUXw.exe
  2⤵
  PID:5508
- C:\Windows\System\cxANhgM.exe
  C:\Windows\System\cxANhgM.exe
  2⤵
  PID:5160
- C:\Windows\System\WItGNil.exe
  C:\Windows\System\WItGNil.exe
  2⤵
  PID:5376
- C:\Windows\System\VgwadWB.exe
  C:\Windows\System\VgwadWB.exe
  2⤵
  PID:6080
- C:\Windows\System\edpTGOP.exe
  C:\Windows\System\edpTGOP.exe
  2⤵
  PID:5148
- C:\Windows\System\EcPkLoe.exe
  C:\Windows\System\EcPkLoe.exe
  2⤵
  PID:5528
- C:\Windows\System\PyNPjvN.exe
  C:\Windows\System\PyNPjvN.exe
  2⤵
  PID:5420
- C:\Windows\System\pSxMLJD.exe
  C:\Windows\System\pSxMLJD.exe
  2⤵
  PID:4228
- C:\Windows\System\igLXxRt.exe
  C:\Windows\System\igLXxRt.exe
  2⤵
  PID:6156
- C:\Windows\System\UncWyzM.exe
  C:\Windows\System\UncWyzM.exe
  2⤵
  PID:6172
- C:\Windows\System\FsMNLQo.exe
  C:\Windows\System\FsMNLQo.exe
  2⤵
  PID:6188
- C:\Windows\System\HmNzpyh.exe
  C:\Windows\System\HmNzpyh.exe
  2⤵
  PID:6204
- C:\Windows\System\UEJlGfP.exe
  C:\Windows\System\UEJlGfP.exe
  2⤵
  PID:6220
- C:\Windows\System\kPwfLRh.exe
  C:\Windows\System\kPwfLRh.exe
  2⤵
  PID:6236
- C:\Windows\System\SWeOPYU.exe
  C:\Windows\System\SWeOPYU.exe
  2⤵
  PID:6252
- C:\Windows\System\STVnyZn.exe
  C:\Windows\System\STVnyZn.exe
  2⤵
  PID:6268
- C:\Windows\System\kdCLTig.exe
  C:\Windows\System\kdCLTig.exe
  2⤵
  PID:6284
- C:\Windows\System\yJHyPDy.exe
  C:\Windows\System\yJHyPDy.exe
  2⤵
  PID:6300
- C:\Windows\System\NWYJsuD.exe
  C:\Windows\System\NWYJsuD.exe
  2⤵
  PID:6316
- C:\Windows\System\qrIqxMU.exe
  C:\Windows\System\qrIqxMU.exe
  2⤵
  PID:6332
- C:\Windows\System\lhHiwua.exe
  C:\Windows\System\lhHiwua.exe
  2⤵
  PID:6372
- C:\Windows\System\HvgLZOl.exe
  C:\Windows\System\HvgLZOl.exe
  2⤵
  PID:6388
- C:\Windows\System\FvWSekz.exe
  C:\Windows\System\FvWSekz.exe
  2⤵
  PID:6404
- C:\Windows\System\DlspPXv.exe
  C:\Windows\System\DlspPXv.exe
  2⤵
  PID:6420
- C:\Windows\System\IrDzlGh.exe
  C:\Windows\System\IrDzlGh.exe
  2⤵
  PID:6744
- C:\Windows\System\nzOKfZh.exe
  C:\Windows\System\nzOKfZh.exe
  2⤵
  PID:6760
- C:\Windows\System\LumrdKe.exe
  C:\Windows\System\LumrdKe.exe
  2⤵
  PID:6776
- C:\Windows\System\MKEmaTc.exe
  C:\Windows\System\MKEmaTc.exe
  2⤵
  PID:6792
- C:\Windows\System\AFIbjgz.exe
  C:\Windows\System\AFIbjgz.exe
  2⤵
  PID:6808
- C:\Windows\System\DbVfuYK.exe
  C:\Windows\System\DbVfuYK.exe
  2⤵
  PID:6824
- C:\Windows\System\rxeJskc.exe
  C:\Windows\System\rxeJskc.exe
  2⤵
  PID:6840
- C:\Windows\System\xmSxThu.exe
  C:\Windows\System\xmSxThu.exe
  2⤵
  PID:6856
- C:\Windows\System\WjAHkcc.exe
  C:\Windows\System\WjAHkcc.exe
  2⤵
  PID:6872
- C:\Windows\System\jybyYLt.exe
  C:\Windows\System\jybyYLt.exe
  2⤵
  PID:6888
- C:\Windows\System\bLtqcZw.exe
  C:\Windows\System\bLtqcZw.exe
  2⤵
  PID:6904
- C:\Windows\System\ZEOlPIs.exe
  C:\Windows\System\ZEOlPIs.exe
  2⤵
  PID:6920
- C:\Windows\System\ULIiIuS.exe
  C:\Windows\System\ULIiIuS.exe
  2⤵
  PID:6936
- C:\Windows\System\oBnALZY.exe
  C:\Windows\System\oBnALZY.exe
  2⤵
  PID:6952
- C:\Windows\System\hsiyRnc.exe
  C:\Windows\System\hsiyRnc.exe
  2⤵
  PID:6968
- C:\Windows\System\iIEQqBz.exe
  C:\Windows\System\iIEQqBz.exe
  2⤵
  PID:6984
- C:\Windows\System\MXPQdRJ.exe
  C:\Windows\System\MXPQdRJ.exe
  2⤵
  PID:7000
- C:\Windows\System\AdpLcEt.exe
  C:\Windows\System\AdpLcEt.exe
  2⤵
  PID:7016
- C:\Windows\System\MxDKPEu.exe
  C:\Windows\System\MxDKPEu.exe
  2⤵
  PID:7032
- C:\Windows\System\NeKOqBJ.exe
  C:\Windows\System\NeKOqBJ.exe
  2⤵
  PID:7048
- C:\Windows\System\gcEwjWZ.exe
  C:\Windows\System\gcEwjWZ.exe
  2⤵
  PID:7064
- C:\Windows\System\rwNgkVM.exe
  C:\Windows\System\rwNgkVM.exe
  2⤵
  PID:7080
- C:\Windows\System\RHHDQtC.exe
  C:\Windows\System\RHHDQtC.exe
  2⤵
  PID:7096
- C:\Windows\System\YUOtNjO.exe
  C:\Windows\System\YUOtNjO.exe
  2⤵
  PID:7112
- C:\Windows\System\LIEIspp.exe
  C:\Windows\System\LIEIspp.exe
  2⤵
  PID:7128
- C:\Windows\System\vgIezmd.exe
  C:\Windows\System\vgIezmd.exe
  2⤵
  PID:7144
- C:\Windows\System\ZDxYspk.exe
  C:\Windows\System\ZDxYspk.exe
  2⤵
  PID:7160
- C:\Windows\System\TZACvfh.exe
  C:\Windows\System\TZACvfh.exe
  2⤵
  PID:6168
- C:\Windows\System\UZGNUNi.exe
  C:\Windows\System\UZGNUNi.exe
  2⤵
  PID:6228
- C:\Windows\System\eFtEdOk.exe
  C:\Windows\System\eFtEdOk.exe
  2⤵
  PID:5764
- C:\Windows\System\eTGqdMK.exe
  C:\Windows\System\eTGqdMK.exe
  2⤵
  PID:5616
- C:\Windows\System\DJNTTiK.exe
  C:\Windows\System\DJNTTiK.exe
  2⤵
  PID:5196
- C:\Windows\System\VCehjDv.exe
  C:\Windows\System\VCehjDv.exe
  2⤵
  PID:5544
- C:\Windows\System\ujrXGsb.exe
  C:\Windows\System\ujrXGsb.exe
  2⤵
  PID:4732
- C:\Windows\System\icihfvS.exe
  C:\Windows\System\icihfvS.exe
  2⤵
  PID:6184
- C:\Windows\System\PTotHWm.exe
  C:\Windows\System\PTotHWm.exe
  2⤵
  PID:6248
- C:\Windows\System\YYoQeYX.exe
  C:\Windows\System\YYoQeYX.exe
  2⤵
  PID:6292
- C:\Windows\System\rKujsUh.exe
  C:\Windows\System\rKujsUh.exe
  2⤵
  PID:6308
- C:\Windows\System\oaBsceZ.exe
  C:\Windows\System\oaBsceZ.exe
  2⤵
  PID:6352
- C:\Windows\System\NuMGmby.exe
  C:\Windows\System\NuMGmby.exe
  2⤵
  PID:6368
- C:\Windows\System\TKBRoIm.exe
  C:\Windows\System\TKBRoIm.exe
  2⤵
  PID:6396
- C:\Windows\System\huiRnwq.exe
  C:\Windows\System\huiRnwq.exe
  2⤵
  PID:6436
- C:\Windows\System\oHaTOMs.exe
  C:\Windows\System\oHaTOMs.exe
  2⤵
  PID:6452
- C:\Windows\System\FvRrpIx.exe
  C:\Windows\System\FvRrpIx.exe
  2⤵
  PID:4768
- C:\Windows\System\uogYqIm.exe
  C:\Windows\System\uogYqIm.exe
  2⤵
  PID:6472
- C:\Windows\System\kDsGvTD.exe
  C:\Windows\System\kDsGvTD.exe
  2⤵
  PID:6476
- C:\Windows\System\FgmwTVg.exe
  C:\Windows\System\FgmwTVg.exe
  2⤵
  PID:6492
- C:\Windows\System\KmUJMAd.exe
  C:\Windows\System\KmUJMAd.exe
  2⤵
  PID:6508
- C:\Windows\System\QZXyILq.exe
  C:\Windows\System\QZXyILq.exe
  2⤵
  PID:4288
- C:\Windows\System\OJySJIL.exe
  C:\Windows\System\OJySJIL.exe
  2⤵
  PID:6536
- C:\Windows\System\oUrGbEe.exe
  C:\Windows\System\oUrGbEe.exe
  2⤵
  PID:6552
- C:\Windows\System\PbBjUDb.exe
  C:\Windows\System\PbBjUDb.exe
  2⤵
  PID:6568
- C:\Windows\System\PelSLCU.exe
  C:\Windows\System\PelSLCU.exe
  2⤵
  PID:6588
- C:\Windows\System\dkiKKIv.exe
  C:\Windows\System\dkiKKIv.exe
  2⤵
  PID:6600
- C:\Windows\System\QgOvlAC.exe
  C:\Windows\System\QgOvlAC.exe
  2⤵
  PID:6616
- C:\Windows\System\jrliqCv.exe
  C:\Windows\System\jrliqCv.exe
  2⤵
  PID:6632
- C:\Windows\System\UKQBGKe.exe
  C:\Windows\System\UKQBGKe.exe
  2⤵
  PID:6648
- C:\Windows\System\xLAXpfY.exe
  C:\Windows\System\xLAXpfY.exe
  2⤵
  PID:6664
- C:\Windows\System\noyZutd.exe
  C:\Windows\System\noyZutd.exe
  2⤵
  PID:6680
- C:\Windows\System\HaAwkVn.exe
  C:\Windows\System\HaAwkVn.exe
  2⤵
  PID:6696
- C:\Windows\System\pWNSTxT.exe
  C:\Windows\System\pWNSTxT.exe
  2⤵
  PID:6712
- C:\Windows\System\eSZRojO.exe
  C:\Windows\System\eSZRojO.exe
  2⤵
  PID:6728
- C:\Windows\System\sskTSsY.exe
  C:\Windows\System\sskTSsY.exe
  2⤵
  PID:6788
- C:\Windows\System\BTRUOzE.exe
  C:\Windows\System\BTRUOzE.exe
  2⤵
  PID:6820
- C:\Windows\System\QOrezNN.exe
  C:\Windows\System\QOrezNN.exe
  2⤵
  PID:6948
- C:\Windows\System\qZRbThL.exe
  C:\Windows\System\qZRbThL.exe
  2⤵
  PID:7008
- C:\Windows\System\chPnTwH.exe
  C:\Windows\System\chPnTwH.exe
  2⤵
  PID:6732
- C:\Windows\System\SUwrnhq.exe
  C:\Windows\System\SUwrnhq.exe
  2⤵
  PID:6960
- C:\Windows\System\CordGbh.exe
  C:\Windows\System\CordGbh.exe
  2⤵
  PID:7024
- C:\Windows\System\BXNNXMz.exe
  C:\Windows\System\BXNNXMz.exe
  2⤵
  PID:6868
- C:\Windows\System\zYogvUd.exe
  C:\Windows\System\zYogvUd.exe
  2⤵
  PID:6964
- C:\Windows\System\LaRsJfJ.exe
  C:\Windows\System\LaRsJfJ.exe
  2⤵
  PID:7076
- C:\Windows\System\nygYkcZ.exe
  C:\Windows\System\nygYkcZ.exe
  2⤵
  PID:5056
- C:\Windows\System\uZpLOpV.exe
  C:\Windows\System\uZpLOpV.exe
  2⤵
  PID:7056
- C:\Windows\System\wYQCVzi.exe
  C:\Windows\System\wYQCVzi.exe
  2⤵
  PID:7092
- C:\Windows\System\hCrmhWg.exe
  C:\Windows\System\hCrmhWg.exe
  2⤵
  PID:6196
- C:\Windows\System\JoJatUl.exe
  C:\Windows\System\JoJatUl.exe
  2⤵
  PID:6360
- C:\Windows\System\AuBNrnv.exe
  C:\Windows\System\AuBNrnv.exe
  2⤵
  PID:6152
- C:\Windows\System\ZXQkYUx.exe
  C:\Windows\System\ZXQkYUx.exe
  2⤵
  PID:7124
- C:\Windows\System\SSNQXIo.exe
  C:\Windows\System\SSNQXIo.exe
  2⤵
  PID:6468
- C:\Windows\System\fbndzsT.exe
  C:\Windows\System\fbndzsT.exe
  2⤵
  PID:6340
- C:\Windows\System\SmlzsZM.exe
  C:\Windows\System\SmlzsZM.exe
  2⤵
  PID:5552
- C:\Windows\System\gxVztVk.exe
  C:\Windows\System\gxVztVk.exe
  2⤵
  PID:6564
- C:\Windows\System\vwSMnQI.exe
  C:\Windows\System\vwSMnQI.exe
  2⤵
  PID:6512
- C:\Windows\System\hLlKDfY.exe
  C:\Windows\System\hLlKDfY.exe
  2⤵
  PID:6520
- C:\Windows\System\lhrvepX.exe
  C:\Windows\System\lhrvepX.exe
  2⤵
  PID:6592
- C:\Windows\System\MgOEiCn.exe
  C:\Windows\System\MgOEiCn.exe
  2⤵
  PID:6688
- C:\Windows\System\ylhlvVa.exe
  C:\Windows\System\ylhlvVa.exe
  2⤵
  PID:6852
- C:\Windows\System\aEAZXYK.exe
  C:\Windows\System\aEAZXYK.exe
  2⤵
  PID:6836
- C:\Windows\System\goBhAbp.exe
  C:\Windows\System\goBhAbp.exe
  2⤵
  PID:6644
- C:\Windows\System\DTyiKeZ.exe
  C:\Windows\System\DTyiKeZ.exe
  2⤵
  PID:6640
- C:\Windows\System\JnzMTsk.exe
  C:\Windows\System\JnzMTsk.exe
  2⤵
  PID:6704
- C:\Windows\System\sBUUcJP.exe
  C:\Windows\System\sBUUcJP.exe
  2⤵
  PID:6900
- C:\Windows\System\IubpVqM.exe
  C:\Windows\System\IubpVqM.exe
  2⤵
  PID:6364
- C:\Windows\System\DGdAJPg.exe
  C:\Windows\System\DGdAJPg.exe
  2⤵
  PID:6428
- C:\Windows\System\kxodSFS.exe
  C:\Windows\System\kxodSFS.exe
  2⤵
  PID:6380
- C:\Windows\System\bFdQXkw.exe
  C:\Windows\System\bFdQXkw.exe
  2⤵
  PID:6596
- C:\Windows\System\aElvsFl.exe
  C:\Windows\System\aElvsFl.exe
  2⤵
  PID:6296
- C:\Windows\System\YvsKbCs.exe
  C:\Windows\System\YvsKbCs.exe
  2⤵
  PID:5908
- C:\Windows\System\wzMkfdS.exe
  C:\Windows\System\wzMkfdS.exe
  2⤵
  PID:6996
- C:\Windows\System\gRAoFhG.exe
  C:\Windows\System\gRAoFhG.exe
  2⤵
  PID:7012
- C:\Windows\System\vCPVThI.exe
  C:\Windows\System\vCPVThI.exe
  2⤵
  PID:6464
- C:\Windows\System\IIOuMpp.exe
  C:\Windows\System\IIOuMpp.exe
  2⤵
  PID:6500
- C:\Windows\System\VqKhiaB.exe
  C:\Windows\System\VqKhiaB.exe
  2⤵
  PID:5888
- C:\Windows\System\CALYEcu.exe
  C:\Windows\System\CALYEcu.exe
  2⤵
  PID:5744
- C:\Windows\System\GWRwNTw.exe
  C:\Windows\System\GWRwNTw.exe
  2⤵
  PID:6708
- C:\Windows\System\ADXaDpV.exe
  C:\Windows\System\ADXaDpV.exe
  2⤵
  PID:6576
- C:\Windows\System\WMpMlGp.exe
  C:\Windows\System\WMpMlGp.exe
  2⤵
  PID:6560
- C:\Windows\System\AQYUoKm.exe
  C:\Windows\System\AQYUoKm.exe
  2⤵
  PID:7156
- C:\Windows\System\PfcFccV.exe
  C:\Windows\System\PfcFccV.exe
  2⤵
  PID:6580
- C:\Windows\System\wEhchYn.exe
  C:\Windows\System\wEhchYn.exe
  2⤵
  PID:6448
- C:\Windows\System\mrDXuKV.exe
  C:\Windows\System\mrDXuKV.exe
  2⤵
  PID:7176
- C:\Windows\System\FmHTAzI.exe
  C:\Windows\System\FmHTAzI.exe
  2⤵
  PID:7192
- C:\Windows\System\goMVNaZ.exe
  C:\Windows\System\goMVNaZ.exe
  2⤵
  PID:7208
- C:\Windows\System\JgFYMTB.exe
  C:\Windows\System\JgFYMTB.exe
  2⤵
  PID:7224
- C:\Windows\System\ntCigkV.exe
  C:\Windows\System\ntCigkV.exe
  2⤵
  PID:7244
- C:\Windows\System\TiuSWxN.exe
  C:\Windows\System\TiuSWxN.exe
  2⤵
  PID:7260
- C:\Windows\System\QSrJlMv.exe
  C:\Windows\System\QSrJlMv.exe
  2⤵
  PID:7276
- C:\Windows\System\rsnoVBz.exe
  C:\Windows\System\rsnoVBz.exe
  2⤵
  PID:7292
- C:\Windows\System\LQgeWFk.exe
  C:\Windows\System\LQgeWFk.exe
  2⤵
  PID:7308
- C:\Windows\System\CsGJSAC.exe
  C:\Windows\System\CsGJSAC.exe
  2⤵
  PID:7324
- C:\Windows\System\QRGUJfi.exe
  C:\Windows\System\QRGUJfi.exe
  2⤵
  PID:7344
- C:\Windows\System\YZZzgSF.exe
  C:\Windows\System\YZZzgSF.exe
  2⤵
  PID:7360
- C:\Windows\System\ZPmaZOB.exe
  C:\Windows\System\ZPmaZOB.exe
  2⤵
  PID:7376
- C:\Windows\System\hKKRtBr.exe
  C:\Windows\System\hKKRtBr.exe
  2⤵
  PID:7392
- C:\Windows\System\zttQIrt.exe
  C:\Windows\System\zttQIrt.exe
  2⤵
  PID:7408
- C:\Windows\System\HsMaVJU.exe
  C:\Windows\System\HsMaVJU.exe
  2⤵
  PID:7424
- C:\Windows\System\NKexZlr.exe
  C:\Windows\System\NKexZlr.exe
  2⤵
  PID:7440
- C:\Windows\System\jKFmlTC.exe
  C:\Windows\System\jKFmlTC.exe
  2⤵
  PID:7460
- C:\Windows\System\iCzzheI.exe
  C:\Windows\System\iCzzheI.exe
  2⤵
  PID:7480
- C:\Windows\System\vIARagl.exe
  C:\Windows\System\vIARagl.exe
  2⤵
  PID:7504
- C:\Windows\System\swNEyun.exe
  C:\Windows\System\swNEyun.exe
  2⤵
  PID:7524
- C:\Windows\System\MSEjgHp.exe
  C:\Windows\System\MSEjgHp.exe
  2⤵
  PID:7544
- C:\Windows\System\SDSDtqS.exe
  C:\Windows\System\SDSDtqS.exe
  2⤵
  PID:7564
- C:\Windows\System\bJsZxLl.exe
  C:\Windows\System\bJsZxLl.exe
  2⤵
  PID:7584
- C:\Windows\System\RGoPLMu.exe
  C:\Windows\System\RGoPLMu.exe
  2⤵
  PID:7608
- C:\Windows\System\uSfaIrk.exe
  C:\Windows\System\uSfaIrk.exe
  2⤵
  PID:7624
- C:\Windows\System\iRBjXDF.exe
  C:\Windows\System\iRBjXDF.exe
  2⤵
  PID:7640
- C:\Windows\System\wausaWO.exe
  C:\Windows\System\wausaWO.exe
  2⤵
  PID:7656
- C:\Windows\System\HNhiJwb.exe
  C:\Windows\System\HNhiJwb.exe
  2⤵
  PID:7672
- C:\Windows\System\ewYOEfo.exe
  C:\Windows\System\ewYOEfo.exe
  2⤵
  PID:7688
- C:\Windows\System\KYXKkvc.exe
  C:\Windows\System\KYXKkvc.exe
  2⤵
  PID:7820
- C:\Windows\System\KMvKdht.exe
  C:\Windows\System\KMvKdht.exe
  2⤵
  PID:7836
- C:\Windows\System\ZtCNhpv.exe
  C:\Windows\System\ZtCNhpv.exe
  2⤵
  PID:7852
- C:\Windows\System\ewbKJde.exe
  C:\Windows\System\ewbKJde.exe
  2⤵
  PID:7868
- C:\Windows\System\BwLNWGa.exe
  C:\Windows\System\BwLNWGa.exe
  2⤵
  PID:7884
- C:\Windows\System\TZbyUps.exe
  C:\Windows\System\TZbyUps.exe
  2⤵
  PID:7900
- C:\Windows\System\pzVcXjQ.exe
  C:\Windows\System\pzVcXjQ.exe
  2⤵
  PID:7916
- C:\Windows\System\ckYwpBr.exe
  C:\Windows\System\ckYwpBr.exe
  2⤵
  PID:7932
- C:\Windows\System\qGYrsqs.exe
  C:\Windows\System\qGYrsqs.exe
  2⤵
  PID:7948
- C:\Windows\System\DwecwCB.exe
  C:\Windows\System\DwecwCB.exe
  2⤵
  PID:7964
- C:\Windows\System\npdWGhU.exe
  C:\Windows\System\npdWGhU.exe
  2⤵
  PID:8012
- C:\Windows\System\ovfoPOZ.exe
  C:\Windows\System\ovfoPOZ.exe
  2⤵
  PID:8036
- C:\Windows\System\KipfvVJ.exe
  C:\Windows\System\KipfvVJ.exe
  2⤵
  PID:8052
- C:\Windows\System\jmOSFiE.exe
  C:\Windows\System\jmOSFiE.exe
  2⤵
  PID:8068
- C:\Windows\System\IgUNhBq.exe
  C:\Windows\System\IgUNhBq.exe
  2⤵
  PID:8084
- C:\Windows\System\pcDXXMj.exe
  C:\Windows\System\pcDXXMj.exe
  2⤵
  PID:8100
- C:\Windows\System\tnpupZl.exe
  C:\Windows\System\tnpupZl.exe
  2⤵
  PID:8124
- C:\Windows\System\oeCyqqD.exe
  C:\Windows\System\oeCyqqD.exe
  2⤵
  PID:8140
- C:\Windows\System\PaDUhnr.exe
  C:\Windows\System\PaDUhnr.exe
  2⤵
  PID:8156
- C:\Windows\System\DtQZUmu.exe
  C:\Windows\System\DtQZUmu.exe
  2⤵
  PID:8172
- C:\Windows\System\SDBWnZd.exe
  C:\Windows\System\SDBWnZd.exe
  2⤵
  PID:6488
- C:\Windows\System\QidYILD.exe
  C:\Windows\System\QidYILD.exe
  2⤵
  PID:6756
- C:\Windows\System\IcGahkB.exe
  C:\Windows\System\IcGahkB.exe
  2⤵
  PID:7136
- C:\Windows\System\JQqbSjE.exe
  C:\Windows\System\JQqbSjE.exe
  2⤵
  PID:7272
- C:\Windows\System\ljfAMMw.exe
  C:\Windows\System\ljfAMMw.exe
  2⤵
  PID:7336
- C:\Windows\System\AcdbDNF.exe
  C:\Windows\System\AcdbDNF.exe
  2⤵
  PID:7404
- C:\Windows\System\jVJRnMm.exe
  C:\Windows\System\jVJRnMm.exe
  2⤵
  PID:7512
- C:\Windows\System\tdIVJib.exe
  C:\Windows\System\tdIVJib.exe
  2⤵
  PID:7560
- C:\Windows\System\cDJNtPy.exe
  C:\Windows\System\cDJNtPy.exe
  2⤵
  PID:7604
- C:\Windows\System\EabjhDQ.exe
  C:\Windows\System\EabjhDQ.exe
  2⤵
  PID:7664
- C:\Windows\System\HGCEGoQ.exe
  C:\Windows\System\HGCEGoQ.exe
  2⤵
  PID:7724
- C:\Windows\System\pnmfpNc.exe
  C:\Windows\System\pnmfpNc.exe
  2⤵
  PID:7748
- C:\Windows\System\VeARpbN.exe
  C:\Windows\System\VeARpbN.exe
  2⤵
  PID:7752
- C:\Windows\System\sqCLtLd.exe
  C:\Windows\System\sqCLtLd.exe
  2⤵
  PID:7768
- C:\Windows\System\EsijxCv.exe
  C:\Windows\System\EsijxCv.exe
  2⤵
  PID:7784
- C:\Windows\System\tDXJNRI.exe
  C:\Windows\System\tDXJNRI.exe
  2⤵
  PID:7088
- C:\Windows\System\AWlLFrf.exe
  C:\Windows\System\AWlLFrf.exe
  2⤵
  PID:7388
- C:\Windows\System\JQLzRbK.exe
  C:\Windows\System\JQLzRbK.exe
  2⤵
  PID:4072
- C:\Windows\System\waakwJC.exe
  C:\Windows\System\waakwJC.exe
  2⤵
  PID:7188
- C:\Windows\System\glFNMtO.exe
  C:\Windows\System\glFNMtO.exe
  2⤵
  PID:7288
- C:\Windows\System\CzgNKft.exe
  C:\Windows\System\CzgNKft.exe
  2⤵
  PID:7448
- C:\Windows\System\mnSAoBg.exe
  C:\Windows\System\mnSAoBg.exe
  2⤵
  PID:7496
- C:\Windows\System\ZNUMnWC.exe
  C:\Windows\System\ZNUMnWC.exe
  2⤵
  PID:7580
- C:\Windows\System\rmnKesI.exe
  C:\Windows\System\rmnKesI.exe
  2⤵
  PID:7792
- C:\Windows\System\YYGPPvD.exe
  C:\Windows\System\YYGPPvD.exe
  2⤵
  PID:7844
- C:\Windows\System\UGrVLVO.exe
  C:\Windows\System\UGrVLVO.exe
  2⤵
  PID:7912
- C:\Windows\System\AWqDcbX.exe
  C:\Windows\System\AWqDcbX.exe
  2⤵
  PID:7828
- C:\Windows\System\ivQPREm.exe
  C:\Windows\System\ivQPREm.exe
  2⤵
  PID:7924
- C:\Windows\System\fYZotQN.exe
  C:\Windows\System\fYZotQN.exe
  2⤵
  PID:7984
- C:\Windows\System\qtaqOuQ.exe
  C:\Windows\System\qtaqOuQ.exe
  2⤵
  PID:8000
- C:\Windows\System\YZHzomj.exe
  C:\Windows\System\YZHzomj.exe
  2⤵
  PID:8076
- C:\Windows\System\UyozMLh.exe
  C:\Windows\System\UyozMLh.exe
  2⤵
  PID:8024
- C:\Windows\System\OEVxGOR.exe
  C:\Windows\System\OEVxGOR.exe
  2⤵
  PID:8032
- C:\Windows\System\hTNTOyK.exe
  C:\Windows\System\hTNTOyK.exe
  2⤵
  PID:8096
- C:\Windows\System\riDAEPk.exe
  C:\Windows\System\riDAEPk.exe
  2⤵
  PID:8112
- C:\Windows\System\niHYRay.exe
  C:\Windows\System\niHYRay.exe
  2⤵
  PID:8180
- C:\Windows\System\ugCfbuv.exe
  C:\Windows\System\ugCfbuv.exe
  2⤵
  PID:6992
- C:\Windows\System\XodeRiB.exe
  C:\Windows\System\XodeRiB.exe
  2⤵
  PID:7200
- C:\Windows\System\pNCIGKY.exe
  C:\Windows\System\pNCIGKY.exe
  2⤵
  PID:6608
- C:\Windows\System\riiRJQE.exe
  C:\Windows\System\riiRJQE.exe
  2⤵
  PID:7236
- C:\Windows\System\OgyzyxI.exe
  C:\Windows\System\OgyzyxI.exe
  2⤵
  PID:7400
- C:\Windows\System\iLMLlIA.exe
  C:\Windows\System\iLMLlIA.exe
  2⤵
  PID:7708
- C:\Windows\System\sntOsSi.exe
  C:\Windows\System\sntOsSi.exe
  2⤵
  PID:7516
- C:\Windows\System\daxVSlH.exe
  C:\Windows\System\daxVSlH.exe
  2⤵
  PID:7720
- C:\Windows\System\jRldiej.exe
  C:\Windows\System\jRldiej.exe
  2⤵
  PID:7760
- C:\Windows\System\wLcnNRK.exe
  C:\Windows\System\wLcnNRK.exe
  2⤵
  PID:6928
- C:\Windows\System\vcGvcEf.exe
  C:\Windows\System\vcGvcEf.exe
  2⤵
  PID:7488
- C:\Windows\System\jZSAkgu.exe
  C:\Windows\System\jZSAkgu.exe
  2⤵
  PID:7536
- C:\Windows\System\FpOrvLT.exe
  C:\Windows\System\FpOrvLT.exe
  2⤵
  PID:7764
- C:\Windows\System\AtFCcLK.exe
  C:\Windows\System\AtFCcLK.exe
  2⤵
  PID:7816
- C:\Windows\System\MlxEOvn.exe
  C:\Windows\System\MlxEOvn.exe
  2⤵
  PID:7220
- C:\Windows\System\bEgkiKa.exe
  C:\Windows\System\bEgkiKa.exe
  2⤵
  PID:7804
- C:\Windows\System\ZUBkGOe.exe
  C:\Windows\System\ZUBkGOe.exe
  2⤵
  PID:7880
- C:\Windows\System\aNHUwHJ.exe
  C:\Windows\System\aNHUwHJ.exe
  2⤵
  PID:8164
- C:\Windows\System\HiQENTj.exe
  C:\Windows\System\HiQENTj.exe
  2⤵
  PID:1508
- C:\Windows\System\gjCbnpm.exe
  C:\Windows\System\gjCbnpm.exe
  2⤵
  PID:8116
- C:\Windows\System\wihMVXY.exe
  C:\Windows\System\wihMVXY.exe
  2⤵
  PID:7600
- C:\Windows\System\WCSHIZE.exe
  C:\Windows\System\WCSHIZE.exe
  2⤵
  PID:8064
- C:\Windows\System\fmfSmec.exe
  C:\Windows\System\fmfSmec.exe
  2⤵
  PID:7716
- C:\Windows\System\OYUZpce.exe
  C:\Windows\System\OYUZpce.exe
  2⤵
  PID:7352
- C:\Windows\System\gAHtWOh.exe
  C:\Windows\System\gAHtWOh.exe
  2⤵
  PID:7320
- C:\Windows\System\aRRKvNd.exe
  C:\Windows\System\aRRKvNd.exe
  2⤵
  PID:7992
- C:\Windows\System\mntJZKW.exe
  C:\Windows\System\mntJZKW.exe
  2⤵
  PID:7540
- C:\Windows\System\edeLNHO.exe
  C:\Windows\System\edeLNHO.exe
  2⤵
  PID:7044
- C:\Windows\System\HQTsaRW.exe
  C:\Windows\System\HQTsaRW.exe
  2⤵
  PID:7416
- C:\Windows\System\jxlbmOo.exe
  C:\Windows\System\jxlbmOo.exe
  2⤵
  PID:7456
- C:\Windows\System\aHBwnIQ.exe
  C:\Windows\System\aHBwnIQ.exe
  2⤵
  PID:7972
- C:\Windows\System\KJuhRgi.exe
  C:\Windows\System\KJuhRgi.exe
  2⤵
  PID:8008
- C:\Windows\System\GjDoAht.exe
  C:\Windows\System\GjDoAht.exe
  2⤵
  PID:8132
- C:\Windows\System\IWBPBMl.exe
  C:\Windows\System\IWBPBMl.exe
  2⤵
  PID:7860
- C:\Windows\System\JFPPcXV.exe
  C:\Windows\System\JFPPcXV.exe
  2⤵
  PID:6280
- C:\Windows\System\WrVKKVa.exe
  C:\Windows\System\WrVKKVa.exe
  2⤵
  PID:7744
- C:\Windows\System\znzCPbv.exe
  C:\Windows\System\znzCPbv.exe
  2⤵
  PID:6932
- C:\Windows\System\ZKPAswZ.exe
  C:\Windows\System\ZKPAswZ.exe
  2⤵
  PID:8152
- C:\Windows\System\mnFzfDv.exe
  C:\Windows\System\mnFzfDv.exe
  2⤵
  PID:5840
- C:\Windows\System\wENiYYf.exe
  C:\Windows\System\wENiYYf.exe
  2⤵
  PID:7648
- C:\Windows\System\NFbmjYP.exe
  C:\Windows\System\NFbmjYP.exe
  2⤵
  PID:7492
- C:\Windows\System\oyIqUFH.exe
  C:\Windows\System\oyIqUFH.exe
  2⤵
  PID:6532
- C:\Windows\System\dlsYoca.exe
  C:\Windows\System\dlsYoca.exe
  2⤵
  PID:7864
- C:\Windows\System\kICcmKl.exe
  C:\Windows\System\kICcmKl.exe
  2⤵
  PID:8108
- C:\Windows\System\QqXQbUM.exe
  C:\Windows\System\QqXQbUM.exe
  2⤵
  PID:7368
- C:\Windows\System\wAMrXSU.exe
  C:\Windows\System\wAMrXSU.exe
  2⤵
  PID:7848
- C:\Windows\System\CtuFSXf.exe
  C:\Windows\System\CtuFSXf.exe
  2⤵
  PID:7976
- C:\Windows\System\RlqXcoW.exe
  C:\Windows\System\RlqXcoW.exe
  2⤵
  PID:7896
- C:\Windows\System\zBdrGYA.exe
  C:\Windows\System\zBdrGYA.exe
  2⤵
  PID:8208
- C:\Windows\System\GnKblWp.exe
  C:\Windows\System\GnKblWp.exe
  2⤵
  PID:8228
- C:\Windows\System\StbXgZm.exe
  C:\Windows\System\StbXgZm.exe
  2⤵
  PID:8244
- C:\Windows\System\zYUgffv.exe
  C:\Windows\System\zYUgffv.exe
  2⤵
  PID:8268
- C:\Windows\System\RBTKcrk.exe
  C:\Windows\System\RBTKcrk.exe
  2⤵
  PID:8288
- C:\Windows\System\OAMxPCF.exe
  C:\Windows\System\OAMxPCF.exe
  2⤵
  PID:8308
- C:\Windows\System\snziKBh.exe
  C:\Windows\System\snziKBh.exe
  2⤵
  PID:8324
- C:\Windows\System\gTwgMYC.exe
  C:\Windows\System\gTwgMYC.exe
  2⤵
  PID:8344
- C:\Windows\System\GDUqWMf.exe
  C:\Windows\System\GDUqWMf.exe
  2⤵
  PID:8360
- C:\Windows\System\XRuYuSs.exe
  C:\Windows\System\XRuYuSs.exe
  2⤵
  PID:8376
- C:\Windows\System\ZoDWpAs.exe
  C:\Windows\System\ZoDWpAs.exe
  2⤵
  PID:8444
- C:\Windows\System\kLqhDhS.exe
  C:\Windows\System\kLqhDhS.exe
  2⤵
  PID:8460
- C:\Windows\System\fkiPamR.exe
  C:\Windows\System\fkiPamR.exe
  2⤵
  PID:8476
- C:\Windows\System\Rrhmyqw.exe
  C:\Windows\System\Rrhmyqw.exe
  2⤵
  PID:8492
- C:\Windows\System\jvXjVBl.exe
  C:\Windows\System\jvXjVBl.exe
  2⤵
  PID:8508
- C:\Windows\System\WcrwcJi.exe
  C:\Windows\System\WcrwcJi.exe
  2⤵
  PID:8524
- C:\Windows\System\YgNUONS.exe
  C:\Windows\System\YgNUONS.exe
  2⤵
  PID:8540
- C:\Windows\System\QhgusOp.exe
  C:\Windows\System\QhgusOp.exe
  2⤵
  PID:8556
- C:\Windows\System\DtUeWvD.exe
  C:\Windows\System\DtUeWvD.exe
  2⤵
  PID:8576
- C:\Windows\System\UeJRXXV.exe
  C:\Windows\System\UeJRXXV.exe
  2⤵
  PID:8592
- C:\Windows\System\PlFZsTT.exe
  C:\Windows\System\PlFZsTT.exe
  2⤵
  PID:8616
- C:\Windows\System\DpKHQbz.exe
  C:\Windows\System\DpKHQbz.exe
  2⤵
  PID:8632
- C:\Windows\System\PbfQOdB.exe
  C:\Windows\System\PbfQOdB.exe
  2⤵
  PID:8652
- C:\Windows\System\bajHKAh.exe
  C:\Windows\System\bajHKAh.exe
  2⤵
  PID:8684
- C:\Windows\System\KSmMkOs.exe
  C:\Windows\System\KSmMkOs.exe
  2⤵
  PID:8704
- C:\Windows\System\fsvnsOJ.exe
  C:\Windows\System\fsvnsOJ.exe
  2⤵
  PID:8748
- C:\Windows\System\bnKawle.exe
  C:\Windows\System\bnKawle.exe
  2⤵
  PID:8764
- C:\Windows\System\TzZccmM.exe
  C:\Windows\System\TzZccmM.exe
  2⤵
  PID:8784
- C:\Windows\System\JwfjeJJ.exe
  C:\Windows\System\JwfjeJJ.exe
  2⤵
  PID:8800
- C:\Windows\System\IBKqcmx.exe
  C:\Windows\System\IBKqcmx.exe
  2⤵
  PID:8816
- C:\Windows\System\cZqmHeC.exe
  C:\Windows\System\cZqmHeC.exe
  2⤵
  PID:8832
- C:\Windows\System\iFZMOfI.exe
  C:\Windows\System\iFZMOfI.exe
  2⤵
  PID:8848
- C:\Windows\System\XatGCMK.exe
  C:\Windows\System\XatGCMK.exe
  2⤵
  PID:8864
- C:\Windows\System\KZbyaze.exe
  C:\Windows\System\KZbyaze.exe
  2⤵
  PID:8880
- C:\Windows\System\FLLnhbQ.exe
  C:\Windows\System\FLLnhbQ.exe
  2⤵
  PID:8896
- C:\Windows\System\nnZwsWU.exe
  C:\Windows\System\nnZwsWU.exe
  2⤵
  PID:8912
- C:\Windows\System\LQAFVln.exe
  C:\Windows\System\LQAFVln.exe
  2⤵
  PID:8928
- C:\Windows\System\QBuSQVu.exe
  C:\Windows\System\QBuSQVu.exe
  2⤵
  PID:8944
- C:\Windows\System\KyvVBvx.exe
  C:\Windows\System\KyvVBvx.exe
  2⤵
  PID:8960
- C:\Windows\System\UXntFoF.exe
  C:\Windows\System\UXntFoF.exe
  2⤵
  PID:8976
- C:\Windows\System\mSUpkpF.exe
  C:\Windows\System\mSUpkpF.exe
  2⤵
  PID:8992
- C:\Windows\System\cuhSmnb.exe
  C:\Windows\System\cuhSmnb.exe
  2⤵
  PID:9008
- C:\Windows\System\WtnjeYO.exe
  C:\Windows\System\WtnjeYO.exe
  2⤵
  PID:9032
- C:\Windows\System\rKYmvik.exe
  C:\Windows\System\rKYmvik.exe
  2⤵
  PID:9052
- C:\Windows\System\YTqyTBC.exe
  C:\Windows\System\YTqyTBC.exe
  2⤵
  PID:9068
- C:\Windows\System\pJprFAz.exe
  C:\Windows\System\pJprFAz.exe
  2⤵
  PID:9084
- C:\Windows\System\oZKwLDj.exe
  C:\Windows\System\oZKwLDj.exe
  2⤵
  PID:9100
- C:\Windows\System\oITvcSY.exe
  C:\Windows\System\oITvcSY.exe
  2⤵
  PID:9116
- C:\Windows\System\WIGBiFp.exe
  C:\Windows\System\WIGBiFp.exe
  2⤵
  PID:9132
- C:\Windows\System\eGOLRQE.exe
  C:\Windows\System\eGOLRQE.exe
  2⤵
  PID:9148
- C:\Windows\System\kRBdmBS.exe
  C:\Windows\System\kRBdmBS.exe
  2⤵
  PID:9164
- C:\Windows\System\hpSdlji.exe
  C:\Windows\System\hpSdlji.exe
  2⤵
  PID:9180
- C:\Windows\System\edjbEME.exe
  C:\Windows\System\edjbEME.exe
  2⤵
  PID:9196
- C:\Windows\System\NdKCPzD.exe
  C:\Windows\System\NdKCPzD.exe
  2⤵
  PID:9212
- C:\Windows\System\wmWNqJB.exe
  C:\Windows\System\wmWNqJB.exe
  2⤵
  PID:8204
- C:\Windows\System\jgGvGet.exe
  C:\Windows\System\jgGvGet.exe
  2⤵
  PID:8280
- C:\Windows\System\zZqsaPu.exe
  C:\Windows\System\zZqsaPu.exe
  2⤵
  PID:7732
- C:\Windows\System\NkznSQt.exe
  C:\Windows\System\NkznSQt.exe
  2⤵
  PID:7704
- C:\Windows\System\UWSKUxj.exe
  C:\Windows\System\UWSKUxj.exe
  2⤵
  PID:8224
- C:\Windows\System\NhxMwAo.exe
  C:\Windows\System\NhxMwAo.exe
  2⤵
  PID:8300
- C:\Windows\System\cgbsQOt.exe
  C:\Windows\System\cgbsQOt.exe
  2⤵
  PID:8396
- C:\Windows\System\ttNcSDg.exe
  C:\Windows\System\ttNcSDg.exe
  2⤵
  PID:8384
- C:\Windows\System\IWFliVU.exe
  C:\Windows\System\IWFliVU.exe
  2⤵
  PID:8432
- C:\Windows\System\LAFMrAq.exe
  C:\Windows\System\LAFMrAq.exe
  2⤵
  PID:8468
- C:\Windows\System\OndNcjQ.exe
  C:\Windows\System\OndNcjQ.exe
  2⤵
  PID:8532
- C:\Windows\System\XiwRVnh.exe
  C:\Windows\System\XiwRVnh.exe
  2⤵
  PID:8572
- C:\Windows\System\BWFqqGk.exe
  C:\Windows\System\BWFqqGk.exe
  2⤵
  PID:8612
- C:\Windows\System\ZKsnonk.exe
  C:\Windows\System\ZKsnonk.exe
  2⤵
  PID:8628
- C:\Windows\System\CcfQcvB.exe
  C:\Windows\System\CcfQcvB.exe
  2⤵
  PID:8484
- C:\Windows\System\vKKCDBG.exe
  C:\Windows\System\vKKCDBG.exe
  2⤵
  PID:8588
- C:\Windows\System\HHOxTCS.exe
  C:\Windows\System\HHOxTCS.exe
  2⤵
  PID:8676
- C:\Windows\System\uQFgBol.exe
  C:\Windows\System\uQFgBol.exe
  2⤵
  PID:8700
- C:\Windows\System\jrvAAuf.exe
  C:\Windows\System\jrvAAuf.exe
  2⤵
  PID:8720
- C:\Windows\System\vDPJUjQ.exe
  C:\Windows\System\vDPJUjQ.exe
  2⤵
  PID:8732
- C:\Windows\System\VQPulFo.exe
  C:\Windows\System\VQPulFo.exe
  2⤵
  PID:8756
- C:\Windows\System\fDwRclg.exe
  C:\Windows\System\fDwRclg.exe
  2⤵
  PID:8780
- C:\Windows\System\FCAcUbF.exe
  C:\Windows\System\FCAcUbF.exe
  2⤵
  PID:8844
- C:\Windows\System\MWZzrUj.exe
  C:\Windows\System\MWZzrUj.exe
  2⤵
  PID:8860
- C:\Windows\System\PVNtcra.exe
  C:\Windows\System\PVNtcra.exe
  2⤵
  PID:8920
- C:\Windows\System\OgNPNJK.exe
  C:\Windows\System\OgNPNJK.exe
  2⤵
  PID:8956
- C:\Windows\System\tlAiOVm.exe
  C:\Windows\System\tlAiOVm.exe
  2⤵
  PID:8904
- C:\Windows\System\uYcdZCw.exe
  C:\Windows\System\uYcdZCw.exe
  2⤵
  PID:8968
- C:\Windows\System\MFJJWxs.exe
  C:\Windows\System\MFJJWxs.exe
  2⤵
  PID:8988
- C:\Windows\System\KmkKmEZ.exe
  C:\Windows\System\KmkKmEZ.exe
  2⤵
  PID:9040
- C:\Windows\System\oMybINO.exe
  C:\Windows\System\oMybINO.exe
  2⤵
  PID:9128
- C:\Windows\System\vrXIvdE.exe
  C:\Windows\System\vrXIvdE.exe
  2⤵
  PID:9192
- C:\Windows\System\CZySCHj.exe
  C:\Windows\System\CZySCHj.exe
  2⤵
  PID:8316
- C:\Windows\System\HcPUCXn.exe
  C:\Windows\System\HcPUCXn.exe
  2⤵
  PID:9048
- C:\Windows\System\AIrhfQq.exe
  C:\Windows\System\AIrhfQq.exe
  2⤵
  PID:8220
- C:\Windows\System\OrACBzZ.exe
  C:\Windows\System\OrACBzZ.exe
  2⤵
  PID:8332
- C:\Windows\System\BnqHYgl.exe
  C:\Windows\System\BnqHYgl.exe
  2⤵
  PID:8552
- C:\Windows\System\lAcJYxU.exe
  C:\Windows\System\lAcJYxU.exe
  2⤵
  PID:8952
- C:\Windows\System\GxqfIKC.exe
  C:\Windows\System\GxqfIKC.exe
  2⤵
  PID:8564
- C:\Windows\System\XqPwtUm.exe
  C:\Windows\System\XqPwtUm.exe
  2⤵
  PID:9096
- C:\Windows\System\dPaszOI.exe
  C:\Windows\System\dPaszOI.exe
  2⤵
  PID:7268
- C:\Windows\System\fRwWMVN.exe
  C:\Windows\System\fRwWMVN.exe
  2⤵
  PID:9172
- C:\Windows\System\szZFxYv.exe
  C:\Windows\System\szZFxYv.exe
  2⤵
  PID:8276
- C:\Windows\System\PjjgYkK.exe
  C:\Windows\System\PjjgYkK.exe
  2⤵
  PID:7776
- C:\Windows\System\qUVIhmn.exe
  C:\Windows\System\qUVIhmn.exe
  2⤵
  PID:8260
- C:\Windows\System\ZffNiec.exe
  C:\Windows\System\ZffNiec.exe
  2⤵
  PID:8356
- C:\Windows\System\zJkoMAC.exe
  C:\Windows\System\zJkoMAC.exe
  2⤵
  PID:8416
- C:\Windows\System\QNVNhnt.exe
  C:\Windows\System\QNVNhnt.exe
  2⤵
  PID:8424
- C:\Windows\System\PZsgLFW.exe
  C:\Windows\System\PZsgLFW.exe
  2⤵
  PID:8504
- C:\Windows\System\LbvRgok.exe
  C:\Windows\System\LbvRgok.exe
  2⤵
  PID:9004
- C:\Windows\System\vnZGKWM.exe
  C:\Windows\System\vnZGKWM.exe
  2⤵
  PID:8640
- C:\Windows\System\IpbhgTY.exe
  C:\Windows\System\IpbhgTY.exe
  2⤵
  PID:8828
- C:\Windows\System\qaRhPgk.exe
  C:\Windows\System\qaRhPgk.exe
  2⤵
  PID:8728
- C:\Windows\System\LmdCFrH.exe
  C:\Windows\System\LmdCFrH.exe
  2⤵
  PID:8516
- C:\Windows\System\aFDzeeS.exe
  C:\Windows\System\aFDzeeS.exe
  2⤵
  PID:9108
- C:\Windows\System\lIZQcnv.exe
  C:\Windows\System\lIZQcnv.exe
  2⤵
  PID:7372
- C:\Windows\System\OUpYpjZ.exe
  C:\Windows\System\OUpYpjZ.exe
  2⤵
  PID:9124
- C:\Windows\System\ahpXhrK.exe
  C:\Windows\System\ahpXhrK.exe
  2⤵
  PID:8256
- C:\Windows\System\MxpEMeC.exe
  C:\Windows\System\MxpEMeC.exe
  2⤵
  PID:8724
- C:\Windows\System\IMOZwIP.exe
  C:\Windows\System\IMOZwIP.exe
  2⤵
  PID:7684
- C:\Windows\System\vFSJNRU.exe
  C:\Windows\System\vFSJNRU.exe
  2⤵
  PID:9188
- C:\Windows\System\rHaRjHV.exe
  C:\Windows\System\rHaRjHV.exe
  2⤵
  PID:8264
- C:\Windows\System\SNpKAoF.exe
  C:\Windows\System\SNpKAoF.exe
  2⤵
  PID:9208
- C:\Windows\System\UldqnnP.exe
  C:\Windows\System\UldqnnP.exe
  2⤵
  PID:9228
- C:\Windows\System\wrcPPcT.exe
  C:\Windows\System\wrcPPcT.exe
  2⤵
  PID:9244
- C:\Windows\System\rFJAKdX.exe
  C:\Windows\System\rFJAKdX.exe
  2⤵
  PID:9260
- C:\Windows\System\popftdj.exe
  C:\Windows\System\popftdj.exe
  2⤵
  PID:9312
- C:\Windows\System\Gtdwrru.exe
  C:\Windows\System\Gtdwrru.exe
  2⤵
  PID:9332
- C:\Windows\System\ukbdIjV.exe
  C:\Windows\System\ukbdIjV.exe
  2⤵
  PID:9348
- C:\Windows\System\JbzlDZF.exe
  C:\Windows\System\JbzlDZF.exe
  2⤵
  PID:9364
- C:\Windows\System\FMYUfry.exe
  C:\Windows\System\FMYUfry.exe
  2⤵
  PID:9380
- C:\Windows\System\xVOjVqG.exe
  C:\Windows\System\xVOjVqG.exe
  2⤵
  PID:9400
- C:\Windows\System\TNRgyWM.exe
  C:\Windows\System\TNRgyWM.exe
  2⤵
  PID:9416
- C:\Windows\System\OBFYlzl.exe
  C:\Windows\System\OBFYlzl.exe
  2⤵
  PID:9432
- C:\Windows\System\EUxhCsr.exe
  C:\Windows\System\EUxhCsr.exe
  2⤵
  PID:9448
- C:\Windows\System\kPgTboh.exe
  C:\Windows\System\kPgTboh.exe
  2⤵
  PID:9464
- C:\Windows\System\TEDztVE.exe
  C:\Windows\System\TEDztVE.exe
  2⤵
  PID:9480
- C:\Windows\System\yIALeGT.exe
  C:\Windows\System\yIALeGT.exe
  2⤵
  PID:9500
- C:\Windows\System\IOnhezy.exe
  C:\Windows\System\IOnhezy.exe
  2⤵
  PID:9520
- C:\Windows\System\jsbzgTo.exe
  C:\Windows\System\jsbzgTo.exe
  2⤵
  PID:9536
- C:\Windows\System\gJGfKMD.exe
  C:\Windows\System\gJGfKMD.exe
  2⤵
  PID:9552
- C:\Windows\System\NQsQuMT.exe
  C:\Windows\System\NQsQuMT.exe
  2⤵
  PID:9584
- C:\Windows\System\fKuseCI.exe
  C:\Windows\System\fKuseCI.exe
  2⤵
  PID:9604
- C:\Windows\System\NXlmZpn.exe
  C:\Windows\System\NXlmZpn.exe
  2⤵
  PID:9620
- C:\Windows\System\MLugLMY.exe
  C:\Windows\System\MLugLMY.exe
  2⤵
  PID:9636
- C:\Windows\System\kvxxkLg.exe
  C:\Windows\System\kvxxkLg.exe
  2⤵
  PID:9656
- C:\Windows\System\nvMVxXd.exe
  C:\Windows\System\nvMVxXd.exe
  2⤵
  PID:9672
- C:\Windows\System\uWBxwlQ.exe
  C:\Windows\System\uWBxwlQ.exe
  2⤵
  PID:9688
- C:\Windows\System\oWxOqgG.exe
  C:\Windows\System\oWxOqgG.exe
  2⤵
  PID:9708
- C:\Windows\System\zTERapp.exe
  C:\Windows\System\zTERapp.exe
  2⤵
  PID:9724
- C:\Windows\System\kOHRqIk.exe
  C:\Windows\System\kOHRqIk.exe
  2⤵
  PID:9744
- C:\Windows\System\YajfqST.exe
  C:\Windows\System\YajfqST.exe
  2⤵
  PID:9764
- C:\Windows\System\YhSdrKr.exe
  C:\Windows\System\YhSdrKr.exe
  2⤵
  PID:9788
- C:\Windows\System\weWFtPm.exe
  C:\Windows\System\weWFtPm.exe
  2⤵
  PID:9808
- C:\Windows\System\CFwIvUA.exe
  C:\Windows\System\CFwIvUA.exe
  2⤵
  PID:9828
- C:\Windows\System\tZYGfBT.exe
  C:\Windows\System\tZYGfBT.exe
  2⤵
  PID:9844
- C:\Windows\System\GlDvZWJ.exe
  C:\Windows\System\GlDvZWJ.exe
  2⤵
  PID:9864
- C:\Windows\System\jVIYMCs.exe
  C:\Windows\System\jVIYMCs.exe
  2⤵
  PID:9884
- C:\Windows\System\RycrPpC.exe
  C:\Windows\System\RycrPpC.exe
  2⤵
  PID:9900
- C:\Windows\System\hRyssFQ.exe
  C:\Windows\System\hRyssFQ.exe
  2⤵
  PID:9916
- C:\Windows\System\DSJwhxP.exe
  C:\Windows\System\DSJwhxP.exe
  2⤵
  PID:9932
- C:\Windows\System\mVyLhfG.exe
  C:\Windows\System\mVyLhfG.exe
  2⤵
  PID:9952
- C:\Windows\System\zIqOVUu.exe
  C:\Windows\System\zIqOVUu.exe
  2⤵
  PID:9968
- C:\Windows\System\wrLHqYU.exe
  C:\Windows\System\wrLHqYU.exe
  2⤵
  PID:9988
- C:\Windows\System\WPSNeaK.exe
  C:\Windows\System\WPSNeaK.exe
  2⤵
  PID:10008
- C:\Windows\System\MnNMljK.exe
  C:\Windows\System\MnNMljK.exe
  2⤵
  PID:10024
- C:\Windows\System\zplyOuD.exe
  C:\Windows\System\zplyOuD.exe
  2⤵
  PID:10040
- C:\Windows\System\hLidEJy.exe
  C:\Windows\System\hLidEJy.exe
  2⤵
  PID:10060
- C:\Windows\System\hBvFOif.exe
  C:\Windows\System\hBvFOif.exe
  2⤵
  PID:10084
- C:\Windows\System\JjVIkcR.exe
  C:\Windows\System\JjVIkcR.exe
  2⤵
  PID:10104
- C:\Windows\System\TYBjCmA.exe
  C:\Windows\System\TYBjCmA.exe
  2⤵
  PID:10152
- C:\Windows\System\DJTBqwK.exe
  C:\Windows\System\DJTBqwK.exe
  2⤵
  PID:10168
- C:\Windows\System\UCYRcOn.exe
  C:\Windows\System\UCYRcOn.exe
  2⤵
  PID:10184
- C:\Windows\System\aWVsmsX.exe
  C:\Windows\System\aWVsmsX.exe
  2⤵
  PID:10200
- C:\Windows\System\ahBRxpg.exe
  C:\Windows\System\ahBRxpg.exe
  2⤵
  PID:10228
- C:\Windows\System\TeqLgKt.exe
  C:\Windows\System\TeqLgKt.exe
  2⤵
  PID:8452
- C:\Windows\System\QnqpBWs.exe
  C:\Windows\System\QnqpBWs.exe
  2⤵
  PID:8440
- C:\Windows\System\uOizULw.exe
  C:\Windows\System\uOizULw.exe
  2⤵
  PID:8500
- C:\Windows\System\pVqiFTl.exe
  C:\Windows\System\pVqiFTl.exe
  2⤵
  PID:8692
- C:\Windows\System\IAAOLJZ.exe
  C:\Windows\System\IAAOLJZ.exe
  2⤵
  PID:9204
- C:\Windows\System\mCRPbvD.exe
  C:\Windows\System\mCRPbvD.exe
  2⤵
  PID:2308
- C:\Windows\System\RhSTgln.exe
  C:\Windows\System\RhSTgln.exe
  2⤵
  PID:9236
- C:\Windows\System\hyQEmCI.exe
  C:\Windows\System\hyQEmCI.exe
  2⤵
  PID:9276
- C:\Windows\System\fhTzyge.exe
  C:\Windows\System\fhTzyge.exe
  2⤵
  PID:9288
- C:\Windows\System\IxPGEzb.exe
  C:\Windows\System\IxPGEzb.exe
  2⤵
  PID:9308
- C:\Windows\System\MiqqLWc.exe
  C:\Windows\System\MiqqLWc.exe
  2⤵
  PID:9376
- C:\Windows\System\CnAkCIJ.exe
  C:\Windows\System\CnAkCIJ.exe
  2⤵
  PID:9508
- C:\Windows\System\iFojQmw.exe
  C:\Windows\System\iFojQmw.exe
  2⤵
  PID:9440
- C:\Windows\System\AHnzYyh.exe
  C:\Windows\System\AHnzYyh.exe
  2⤵
  PID:9388
- C:\Windows\System\bgBoBwA.exe
  C:\Windows\System\bgBoBwA.exe
  2⤵
  PID:9628
- C:\Windows\System\ccvERJi.exe
  C:\Windows\System\ccvERJi.exe
  2⤵
  PID:9696
- C:\Windows\System\kPPgmjL.exe
  C:\Windows\System\kPPgmjL.exe
  2⤵
  PID:9736
- C:\Windows\System\HNwVxnt.exe
  C:\Windows\System\HNwVxnt.exe
  2⤵
  PID:9780
- C:\Windows\System\zQVcerH.exe
  C:\Windows\System\zQVcerH.exe
  2⤵
  PID:9824
- C:\Windows\System\DCPmNJe.exe
  C:\Windows\System\DCPmNJe.exe
  2⤵
  PID:9488
- C:\Windows\System\ciimJrZ.exe
  C:\Windows\System\ciimJrZ.exe
  2⤵
  PID:9356
- C:\Windows\System\WuGzjcg.exe
  C:\Windows\System\WuGzjcg.exe
  2⤵
  PID:9392
- C:\Windows\System\tAWbJHY.exe
  C:\Windows\System\tAWbJHY.exe
  2⤵
  PID:9424
- C:\Windows\System\AONKFrH.exe
  C:\Windows\System\AONKFrH.exe
  2⤵
  PID:9492
- C:\Windows\System\GOpzslk.exe
  C:\Windows\System\GOpzslk.exe
  2⤵
  PID:9560
- C:\Windows\System\IRhJVzZ.exe
  C:\Windows\System\IRhJVzZ.exe
  2⤵
  PID:9576
- C:\Windows\System\dOcgUrP.exe
  C:\Windows\System\dOcgUrP.exe
  2⤵
  PID:9652
- C:\Windows\System\feCxvwW.exe
  C:\Windows\System\feCxvwW.exe
  2⤵
  PID:9720
- C:\Windows\System\VmniGac.exe
  C:\Windows\System\VmniGac.exe
  2⤵
  PID:9796
- C:\Windows\System\xgUBIhT.exe
  C:\Windows\System\xgUBIhT.exe
  2⤵
  PID:9872
- C:\Windows\System\ZuNCEMW.exe
  C:\Windows\System\ZuNCEMW.exe
  2⤵
  PID:9912
- C:\Windows\System\imkpFkn.exe
  C:\Windows\System\imkpFkn.exe
  2⤵
  PID:9976
- C:\Windows\System\HdSxVmW.exe
  C:\Windows\System\HdSxVmW.exe
  2⤵
  PID:10020
- C:\Windows\System\dLZORdL.exe
  C:\Windows\System\dLZORdL.exe
  2⤵
  PID:9996
- C:\Windows\System\AUWnera.exe
  C:\Windows\System\AUWnera.exe
  2⤵
  PID:10004
- C:\Windows\System\qeNotoc.exe
  C:\Windows\System\qeNotoc.exe
  2⤵
  PID:10032
- C:\Windows\System\yWQsOjT.exe
  C:\Windows\System\yWQsOjT.exe
  2⤵
  PID:10072
- C:\Windows\System\CRSOLGG.exe
  C:\Windows\System\CRSOLGG.exe
  2⤵
  PID:10160
- C:\Windows\System\MzpKwZQ.exe
  C:\Windows\System\MzpKwZQ.exe
  2⤵
  PID:10128
- C:\Windows\System\LfWpzcv.exe
  C:\Windows\System\LfWpzcv.exe
  2⤵
  PID:10144
- C:\Windows\System\nheIcmh.exe
  C:\Windows\System\nheIcmh.exe
  2⤵
  PID:10180
- C:\Windows\System\rejPgRA.exe
  C:\Windows\System\rejPgRA.exe
  2⤵
  PID:10220
- C:\Windows\System\wifgJcg.exe
  C:\Windows\System\wifgJcg.exe
  2⤵
  PID:9256
- C:\Windows\System\FwIkVCe.exe
  C:\Windows\System\FwIkVCe.exe
  2⤵
  PID:9268
- C:\Windows\System\SDkdoDX.exe
  C:\Windows\System\SDkdoDX.exe
  2⤵
  PID:9024
- C:\Windows\System\GQdHvxW.exe
  C:\Windows\System\GQdHvxW.exe
  2⤵
  PID:9140
- C:\Windows\System\InHDkdN.exe
  C:\Windows\System\InHDkdN.exe
  2⤵
  PID:9284
- C:\Windows\System\YLEerIL.exe
  C:\Windows\System\YLEerIL.exe
  2⤵
  PID:9516
- C:\Windows\System\OAeujiC.exe
  C:\Windows\System\OAeujiC.exe
  2⤵
  PID:9544
- C:\Windows\System\HOsnGdS.exe
  C:\Windows\System\HOsnGdS.exe
  2⤵
  PID:9776
- C:\Windows\System\iHkyjrB.exe
  C:\Windows\System\iHkyjrB.exe
  2⤵
  PID:9596
- C:\Windows\System\VJUYwiq.exe
  C:\Windows\System\VJUYwiq.exe
  2⤵
  PID:9568
- C:\Windows\System\IvLnJiR.exe
  C:\Windows\System\IvLnJiR.exe
  2⤵
  PID:9836
- C:\Windows\System\jGltbWs.exe
  C:\Windows\System\jGltbWs.exe
  2⤵
  PID:10116
- C:\Windows\System\BTARAhP.exe
  C:\Windows\System\BTARAhP.exe
  2⤵
  PID:9760
- C:\Windows\System\pPEjPiH.exe
  C:\Windows\System\pPEjPiH.exe
  2⤵
  PID:10016
- C:\Windows\System\HRKpKiF.exe
  C:\Windows\System\HRKpKiF.exe
  2⤵
  PID:10120
- C:\Windows\System\widMIcB.exe
  C:\Windows\System\widMIcB.exe
  2⤵
  PID:10192
- C:\Windows\System\rEOkvHU.exe
  C:\Windows\System\rEOkvHU.exe
  2⤵
  PID:8936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AEoZfTI.exe

Filesize
5.9MB

MD5
2ef0f431dee0c378e7c7e61483adea50

SHA1
4032783272f2fc2ca591a127ca546a56df950210

SHA256
e281bfdb2f0b56d6a02f38a3b2c7fc8c58aa610dcf8616f1aeb73826e17b8f11

SHA512
258b818a929622a4f4a68086de42abfc902f285d9aa3dbf75e41a373fba3d58aa8992c0aa6c8bcf845cac5beefbed8a13943279d3afc5ad33e36be245b6bff9a

Download Submit
C:\Windows\system\AlDLfXz.exe

Filesize
5.9MB

MD5
ec3219c68e5d21485fa75ea8b90b0dd1

SHA1
b65f98af02561c2ec0856f77fb6fc9ddd91a63d7

SHA256
43fc347f57d8e7fadbaac74bd898c3998f3dea911fabc6ae0128de65b43723a8

SHA512
a787eadd22c7f2c043ef01925656a33269b07eec4865d9723edffdd6d4d4d792e5a24ebad150376a6d90af4c50a1cca158cf6d5ed9a2f77d3ac47d695b21bbef

Download Submit
C:\Windows\system\BVNaUFy.exe

Filesize
5.9MB

MD5
c2122c917087572b0054ab3b656a2e96

SHA1
e14ff150819be6e8d4d43d5f46a15ed4f4c6ebce

SHA256
7d7599a841f2437af747f9c7fb5037025192801e79949dc58d0c0890c7187e6e

SHA512
263527191d1ab545fbd879a4c51ddec96507019f5d05a8f239e7cdab0b53aaafaccb7ac9be87fbf95d05f68929212511bef422417bb2690943c7a8b5d43627ee

Download Submit
C:\Windows\system\CicToyu.exe

Filesize
5.9MB

MD5
26d8575aad6d86b5cd226d913e5340da

SHA1
ca0191df3bf24ca678ffe04a435686c2562bba1a

SHA256
702d31065b117c7b6075322dfc824124112a433997b63007a985a0e99cde9616

SHA512
e7a75b163148931880f3032504d4b6d4f79e742a17a7f8930e74b6c2f2336b930d645a09229aa3bf3c15f81f3658fe3d5d5efef90cebe5b827941e57209fcf19

Download Submit
C:\Windows\system\FhWMwtO.exe

Filesize
5.9MB

MD5
fe88900db4b3386f3d0c6a0ef71519cc

SHA1
319bce97beaa79adc79b4083fc60ec0fd5a00bf2

SHA256
068faee4cdabc224d244086be0a52dd0eb0f2311a6e8404f1558f28a3690d7d4

SHA512
06c2ed3a55179276eae8eae7c011edeb79f1877786a7369407ea205f656ddb8712a032356548f006277d5287cbf109fc29e1fb196ad24d57e87e8819c88dadd3

Download Submit
C:\Windows\system\JwqLVSS.exe

Filesize
5.9MB

MD5
10263e36b99353f6b873548d617c9ae4

SHA1
51b33dda613f35646ff57b49c821addbe65ca408

SHA256
b5f088e8ec635b86e8d8c2014d0c94a4d38637d49b436ca3872dd975b5f152e6

SHA512
b0159cc7075e7e4186a5b72b7de20f4412a96d4ffc23ceb227d0219a55fa1ec6d8c339297b37206cff0ee564107dcf717cb6e8be85d3fea538d89e4c124fa631

Download Submit
C:\Windows\system\LgYPSMA.exe

Filesize
5.9MB

MD5
8cb4a22da23f451a2529fc2606a5dd9d

SHA1
66d8c444a6aab01256ed71bc146b8fd8be0a54c9

SHA256
892fa03254f0071dd97edda33682b5e319e576a18ad5b3c4ad471dfd05195325

SHA512
910cc9e189afea01d9ea9aa32f71718cb8599bc4c6ae4170aa26afcea8194025ac5662f773781838c723aa71707d509cfc25d8066f610dbd8089a17ed09d786f

Download Submit
C:\Windows\system\QsEtzQS.exe

Filesize
5.9MB

MD5
897c686c8dd3aea6f738bdef500c80d5

SHA1
b3f9b8d1340809b9db0f1ad22849507e6f71aa4d

SHA256
a35f6d6db2eb23655cd7df92742c436755cae35a8546e6c602231925b7906c45

SHA512
cc8f307ede9b49e4d48162df073947e2c3e4f6a00f24d24723e9f49e5c6a61ffdff71fe4d28c1fac55f80b5485458c8720d38e48fc999ab661a0f501c372a26c

Download Submit
C:\Windows\system\RetdfPw.exe

Filesize
5.9MB

MD5
b1af8238af6ca72ea9fbea794a61491c

SHA1
b67b7dd1d4fbd3143d5666401c976d90a51c9c07

SHA256
2b1dcfef5555da324a7e66d063e75612b05f83c0d733968eee4684ff64380ad4

SHA512
31c545e0cc8ee0d687373fbe4ebc50c57049b890a4e90d55c6dcece80e808ccf3e05de03b6705fca8723f57b66f55ddbcdbd27e6f4f73d181dd1848a0b47da7f

Download Submit
C:\Windows\system\SjchcCX.exe

Filesize
5.9MB

MD5
28f5755d74ef0075895e639628dfa997

SHA1
443fe8ce862a1bad7652403e80064fd5686a8e42

SHA256
612a13c6866e09d778ca442e2fef6c6cc4ca90c6d61da9a88416c9cd9ec469e7

SHA512
70f4df979ecfb37d329f17b94a108bf0fa811aa0504567879dbf5ae1e50936287d2660bf71bbc809d13507061c850c1f9f2fbf2664752e4b1db8808224e3f1fc

Download Submit
C:\Windows\system\UOBduDs.exe

Filesize
5.9MB

MD5
d34ecb565c34f57101f22ed35b85bf41

SHA1
9e0dcf50382214b8613ee0e4936353f6fcf02efc

SHA256
7ef00d4c85b6419bd43672d7d78c8bdd516cb8e3debc1821829b59a68aa4d0df

SHA512
3286387eb62d25828b303683cb02ebcafb5a91523a392dd4f5e7474507aedafbc632d034d48315b7b227c04bbc21475003f17f4fd5dd49880f92219ae70dc0e0

Download Submit
C:\Windows\system\UlPpRpB.exe

Filesize
5.9MB

MD5
75d18b4db5b74b16e2089468c1328164

SHA1
2137783e7116c5fe80113513cb4970a4dc08a8fc

SHA256
94205a1e3dcdad8df07d069ff44f72cc7b78648d60856b4a968ffb05fde780d5

SHA512
369badc43acc75a286a9716f160da1b0982690fa460f100f7fc1455a60402e413869b020cb2ef8df8df1f2ae21923ff16dfcf7b1800f08740593c48942b58f85

Download Submit
C:\Windows\system\XfNTCEm.exe

Filesize
5.9MB

MD5
32956ba167cf75a7cd63145fc52c9bc5

SHA1
fab0cdb9241ed3d40b085299b789721b19be3be8

SHA256
fdbfb63343d15ee1fc70fa2883b0be79215fd0d5ebd3ef1590104a02ed203985

SHA512
4309ddc18071cbf7e45c27ffe3b92a15679dff18617a9da0270e63f8e7ab32500694770aff6a0e0f32098be2471ef2a041e059a83ccfaf33b4ebd6a1293bdc6e

Download Submit
C:\Windows\system\cBVBhHS.exe

Filesize
5.9MB

MD5
ba4be81ec04d3f7d3379bfc6554d231d

SHA1
661b88700f95c81efdc21e856288335c87a35a4f

SHA256
09b06e83c02c17a2947f2e2b4f0d75ee7c45af3272b7ff358078c8493f98d669

SHA512
214bd248dc6f08f12977fd1a4268d6de8f8dfed755b5a1fefc0618d264a757e1f5dc6c1b9618e5f2561b8352446fbcc5727ed96ce4730eb0229f00af6b44096b

Download Submit
C:\Windows\system\ckvaXNz.exe

Filesize
5.9MB

MD5
a43bf032cbedd391221f8cd68a1ffc6f

SHA1
d5e0c3fcb330ead40fa96f9e77b7a0f1d6ad8ee3

SHA256
2408b28c14e1f371b71d8bacb59248289829e4385f6a6c06e0a308725ca8e288

SHA512
945dd7dacefa391903889bcea48b4cc2bd67add41f11382f912d4e557f9e3edfd72ccd327ae6f747442fdcc212a98db08f50a80c2d5850d0f16666919c00ae98

Download Submit
C:\Windows\system\eVdTDCH.exe

Filesize
5.9MB

MD5
97282a0cac97b18c071bf52206774913

SHA1
66e3beed417f3ef5e4e704a10b459d6abf037f2c

SHA256
86298ae8b9ac1ec1884aeb12ac15e15a3fe424a3906d9d5ef42fd50b0a512ccf

SHA512
640090a80b9da36cc6a5acdb450cd1d1083bb8193ef155b2ad5b26399a8515b5aba979d37d49442505c7d37286735911a0771e237c2e9bd4fc215aac9eb7acda

Download Submit
C:\Windows\system\epBVEcG.exe

Filesize
5.9MB

MD5
1ba1a930e0cf6025bbaebee9c9de49ad

SHA1
c9ec06b2bb583804b2e3a26a2808ce6c236d92d9

SHA256
32e21917ef38fa6e84feaa9daf4d91f73f8d13cd37549323834a402e6f4087e8

SHA512
d46327a0ccfba94d7473fdde306f7d9c8095ad454d9615d2097cea65f38d3450c8ba3c44369167205ae4b6e74c3608a09f667da326a81a819af1ce7245c70084

Download Submit
C:\Windows\system\kJaVnYZ.exe

Filesize
5.9MB

MD5
cacc485c5cf2f6923491a10bf6c5b6a6

SHA1
fb467a54c9e29a1e3750cbaaf8bbaf4078c32983

SHA256
d7990feeaa01ba3fdca741d3d92f822d76eeb364f6bae7b703500d155905d848

SHA512
8e79a24c2e24d0cff8b83759cc08952bc8b006e3c81b1d6c70517c7133a43af49094e847297eb3402675a032ef4cb2f4a9ae5802b47380fcb761b1e905999746

Download Submit
C:\Windows\system\lWUzhCN.exe

Filesize
5.9MB

MD5
376732629f48ce64a78dc362665314f2

SHA1
91e9b7df72620f3a55366af0ddbe62160fc9b3f3

SHA256
2e920a726598479d1f1d8ad6a3df3ac1292ad2816bc646f33805ad66893f0cd9

SHA512
b8dbd781ea47bf0a3a5ba5f4a089d2b66dac3376912105068df4d4b9fb73af5fcd35e5bf0d679e3978633bd4cb153e12ae47c1dae416a1f116360f0aa63053ad

Download Submit
C:\Windows\system\pjtdzwL.exe

Filesize
5.9MB

MD5
99b0e0dd81efb8243c3472906098e653

SHA1
88ab52da014747d56fdef94d8085a681573ef7fb

SHA256
af66737b406625816768012a202a0b7b19d7835a7d9e54fae05c079120197c21

SHA512
b31e82db87ff605b6dd53699a92858bb71393dd37c0425ecb59d0cac65375563ee15a3bc76a70069eb5406dda1131a2633a81dd7bb4b310b32efd277c19701f5

Download Submit
C:\Windows\system\tGIZHZL.exe

Filesize
5.9MB

MD5
a62851c86ab8e9c4456240d2829268a6

SHA1
75ca22b151fb4fa0189b54ce9455b1d42c960def

SHA256
0ce3f44df39f320a552680646476b6f9bed648d3b720c586b1e873ea9f00f3c9

SHA512
f0268ce761e5e88a1b63b9b43f882b3426eb99a47b60355cee192b671468ee92d23dba3cd8e0dc817d52605c587d6f11401af09e814de4ebf30be2aa91decd8c

Download Submit
C:\Windows\system\vXbmfVY.exe

Filesize
5.9MB

MD5
ad65628f57d1572e54476037c8d4acd7

SHA1
3a7dc208d08afac5684bea78eb340b3debce4e30

SHA256
4bba50cf32e7ab08f231b858fbee142aeb6be69826d67c73b5a459cdb2ac6a11

SHA512
49d9f06731dffea436e8db0f654005e6ab2189d15bfd6ba4887348684994d01049f722ba910247b088950deaaaefc84138bd41fba62a483772fa68e8317b66f3

Download Submit
C:\Windows\system\vZySyZj.exe

Filesize
5.9MB

MD5
fb0016f7bee4e56b4f2252001d7dc0ce

SHA1
7f2f8cfff4e2a112549d2b2e16c429ec29b860cf

SHA256
13ef88f1edeb2a06887532400a5528bca8e37f1f71a142106531beceda6808dc

SHA512
00a8f0283352397edf40cc63e3ec6b0c6aa976f29b6d591c534e820efb8e3eb8812f2ae4eeaf5f381e38df87b2efa0b916bbc77c353b4ed7270f01324e362507

Download Submit
C:\Windows\system\vgCUehz.exe

Filesize
5.9MB

MD5
90fccf88d91a809cce1d921c21d01b0f

SHA1
295a3fafde5689f8dee59b67e0b855c378532657

SHA256
e9a8a0214853c8a4c0e2b1c236fb946e4f222a9a03ebac1a44d042433d829823

SHA512
46922463c8dae630027b4fa88053a465ac94eaea1f039dc7b3c5e1127657fece76dd6934a62c05dee36d36a99ed226c15eacd14dbbef5abafd0cd4993f6c2c2b

Download Submit
C:\Windows\system\wCmyKlT.exe

Filesize
5.9MB

MD5
f87aa86dd0ded4bc8106dc302177ff60

SHA1
796ef35db6945baeb2e275c1189e1e05f51d278f

SHA256
b9373d8528ea6de1e66301696a03cb8582cc2a48021d26bb7f10f97b7860f301

SHA512
081b0c5a7c1283f6fbeaa5d527478a5847b72bc6b70d5048907d8c358503ce164c984c62473c360d8f2c26c11fcf6ca70edc3d5d0ebfd8322d542824b4d63581

Download Submit
C:\Windows\system\zCkXHQT.exe

Filesize
5.9MB

MD5
43b338a66c6c8eaa0878c78f3000d6f6

SHA1
0c4f242da1b5d3498c97c5157e843be085f10b84

SHA256
93c5127decc6f6878bf87d6d0a01d3bf065185c681ff2e9bb35db6cb127db958

SHA512
ce87c5240ee05bc54ea5142083b62e4f296e66a061f39e26f11ca0cdc120595401fc8123e78e96e444bc7ebb4cc2eef7163a85a6c26d12943c086d4ff4f1f97e

Download Submit
C:\Windows\system\zvcMJDr.exe

Filesize
5.9MB

MD5
f36372bc0da09d4c44a9add9663249b6

SHA1
6a27b21b7b7543406c74e9733a02c495f3d6979a

SHA256
e6045d596d7521682788fa9629b0586737689bf543266e9c763a4904bcc74e22

SHA512
681b8effe73ffd7a6242c20d02ee79b81f90bcc6d1265edc0b0549a825958cea8427d7238b1ed106eca706a9e34890479cc0e744328c11024b54a5a19c6b8ff5

Download Submit
\Windows\system\TuJBmQJ.exe

Filesize
5.9MB

MD5
3138d52cd16275173dcc701d6317d617

SHA1
511db06c13a6b2a685a08f8fd927e05197bf8886

SHA256
0ecfd6cfb92be5f709fac8c5d29dde77f06e64fad591eb7913a9652680d691e9

SHA512
f32f81bd85f7f8369b74d145a15b25ac96ae17dc2fad55314c159fe92c1708f26e59f58682820fc5d4c8d0c5d9b570ccb3028f6804c3aef4fcb29e59fe12ecc0

Download Submit
\Windows\system\cDyxcsX.exe

Filesize
5.9MB

MD5
396d653c9162899e2d4d7c4836962a81

SHA1
315261ad462fbd1eae216ae2baaca1e4cc2c3740

SHA256
9525b658c84ffecda3e34e37ff4bee352e522cd5da464516a0d61f1bd72d96b2

SHA512
97d6b0b1938d643040f7513a6abdf71458041359cfa16332ccaf7f9d2c0ff666666e0d21255c7577e78bfc6f9866fa03ba2c76b10048a52d22afed45ba0a5016

Download Submit
\Windows\system\hFMcGjD.exe

Filesize
5.9MB

MD5
76d77ad11b0353421e84d46f0cf59ad9

SHA1
fe143d77296d9bf3570fa4f8665decc1cfdbfe27

SHA256
89fc851d68e8090311d8d1823834414dfe709278e86c5e45d041f6a27a6ffcd9

SHA512
7d4f7613f55689340f833401f575cedc326ac96ced31c629b687203a960cb382a7490efa2c11bd82f9a16e0f8be3f555cb3b16b5c651c254c92cef11c419638c

Download Submit
\Windows\system\sfnVAXO.exe

Filesize
5.9MB

MD5
3287679e6233937f4da38dfa181b9f3b

SHA1
6881568d86f50abaf4381d64b79e7b13dde9f4b3

SHA256
2fa1f0280273c94d6ce333184d8bdba8e189e464ea628ab19a1884ef19d05fea

SHA512
e4018bbd0723631b8ed847d41330c8b379d84c3ee4a28376f30f876a5ea67ec789513021e46bf5c48fa6116e1a44cd81490c6c30334101a5817ca92af089111d

Download Submit
\Windows\system\woJDJWc.exe

Filesize
5.9MB

MD5
df763e4f06d458aa9faa1d092eee698a

SHA1
b71570ca3a34d120a6afa36a289601da99d323e0

SHA256
7921e2e1af0a7b554d50c6b59484e82273be2116aea239e626729de6d90654bc

SHA512
af69531bddf85d1bef2b7800c529a50afee180471df2f25f5425f2a63144d3cc89e48284a2a22db88c2c89f77f023f8d26cec6cc438d1b88fb099bccfd2bff0c

Download Submit
memory/840-141-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/840-129-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/840-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/840-149-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/840-766-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/840-147-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/840-777-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/840-145-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/840-1095-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/840-143-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/840-1068-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/840-0-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/840-1063-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/840-139-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/840-973-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/840-137-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/840-125-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/840-135-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/840-151-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/840-133-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/840-127-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/840-131-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/1552-126-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/1552-3952-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/1616-152-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/1616-3948-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/1912-4175-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/1912-134-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2316-3950-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2316-132-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2372-4174-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2372-130-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2724-4172-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2724-146-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2736-136-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3953-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2744-3955-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2744-1103-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2744-150-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2812-140-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2812-3947-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2816-138-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-3954-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-3949-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2872-144-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2872-1067-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2944-148-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-1102-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-3951-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-3946-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2964-128-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2980-142-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2980-4173-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download