cobaltstrike | 3091afe358f830f1d8dd05649a4efe8745805ee222b016e41fef69e79ddf51d6

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
02-01-2025 03:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

585b285f6571574683433c782c549f08
SHA1

929eed3d430ecf1e2ae98a9bfa36abefe56f2fff
SHA256

3091afe358f830f1d8dd05649a4efe8745805ee222b016e41fef69e79ddf51d6
SHA512

022c04c3347909a20e226c7fee0e4e4cbb2457ec972bc05fb8f6192d61345ff0969841522d03594dc32dedc365b0611578c6a88680cbce74a0235270c60e2381
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUM:T+q56utgpPF8u/7M

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d000000012281-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c66-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c88-26.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018686-67.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000164b1-93.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f4-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018739-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a8-117.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a6-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019360-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933f-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019297-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019269-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019250-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019246-129.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c16-125.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b4e-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878e-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018744-109.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018704-102.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f1-87.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e7-65.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001755b-61.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d43-59.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cf5-58.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ed-78.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001749c-53.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d3a-43.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd7-32.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016875-12.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1720-0-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/files/0x000d000000012281-3.dat	xmrig
behavioral1/files/0x0008000000016c66-15.dat	xmrig
behavioral1/memory/2356-22-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c88-26.dat	xmrig
behavioral1/memory/1720-51-0x0000000002490000-0x00000000027E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000018686-67.dat	xmrig
behavioral1/memory/2804-83-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x00090000000164b1-93.dat	xmrig
behavioral1/files/0x00050000000186f4-97.dat	xmrig
behavioral1/files/0x0005000000018739-105.dat	xmrig
behavioral1/files/0x00050000000187a8-117.dat	xmrig
behavioral1/memory/2396-3550-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2532-3610-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2920-3796-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2260-3867-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2964-3866-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2816-3891-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2892-3927-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2928-3928-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2972-3926-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2804-3925-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2704-3795-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/1712-3573-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2296-3551-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2356-3552-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2972-872-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/1720-871-0x0000000002490000-0x00000000027E4000-memory.dmp	xmrig
behavioral1/memory/2804-748-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a6-161.dat	xmrig
behavioral1/files/0x0005000000019360-157.dat	xmrig
behavioral1/files/0x000500000001933f-153.dat	xmrig
behavioral1/files/0x0005000000019284-145.dat	xmrig
behavioral1/files/0x0005000000019297-149.dat	xmrig
behavioral1/files/0x0005000000019278-141.dat	xmrig
behavioral1/files/0x0005000000019269-137.dat	xmrig
behavioral1/files/0x0005000000019250-133.dat	xmrig
behavioral1/files/0x0005000000019246-129.dat	xmrig
behavioral1/files/0x0006000000018c16-125.dat	xmrig
behavioral1/files/0x0006000000018b4e-121.dat	xmrig
behavioral1/files/0x000500000001878e-113.dat	xmrig
behavioral1/files/0x0005000000018744-109.dat	xmrig
behavioral1/files/0x0005000000018704-102.dat	xmrig
behavioral1/memory/2964-90-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2972-89-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/files/0x00050000000186f1-87.dat	xmrig
behavioral1/memory/2532-82-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2892-72-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2816-71-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2928-70-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/files/0x00050000000186e7-65.dat	xmrig
behavioral1/files/0x000600000001755b-61.dat	xmrig
behavioral1/files/0x0008000000016d43-59.dat	xmrig
behavioral1/files/0x0007000000016cf5-58.dat	xmrig
behavioral1/memory/2704-80-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2964-48-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2296-39-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/files/0x00050000000186ed-78.dat	xmrig
behavioral1/memory/2920-76-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2260-55-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/1720-54-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/files/0x000900000001749c-53.dat	xmrig
behavioral1/files/0x0009000000016d3a-43.dat	xmrig
behavioral1/files/0x0007000000016cd7-32.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2396	UVWSLip.exe
1712	xhXUSXN.exe
2356	UuibCrK.exe
2532	JJciUDQ.exe
2296	lvyLein.exe
2964	FEhLHdy.exe
2260	fAxphmE.exe
2928	tGGtbMe.exe
2816	sZhYFFp.exe
2892	fFLAQfI.exe
2920	DGIaZgz.exe
2704	DbmVVYT.exe
2804	mWmQCxN.exe
2972	WOvAjHY.exe
2528	KGGDjbC.exe
1248	paKgCOV.exe
3064	HACMAil.exe
2912	lecPeBl.exe
768	Mccqhyc.exe
2992	QvDeLaV.exe
1296	QJxATQJ.exe
1292	AQiAUXk.exe
1508	JruFjbG.exe
1756	dYJYKeM.exe
2548	VdtxqHp.exe
2544	LQXEzKS.exe
1804	XgbsVMK.exe
2424	BTIuVUw.exe
2156	rjjrUxu.exe
2148	ArduEQV.exe
1104	hZlDIfo.exe
328	vZXQxIN.exe
1048	AAoLIDW.exe
2068	kFwgRSy.exe
2672	JyMNCeS.exe
1524	GmiizWF.exe
684	ybHkfmh.exe
1608	TQCWWXF.exe
2136	axeLeGv.exe
1996	bZqVMQx.exe
2164	uPbVowP.exe
2012	omkFjVt.exe
1652	LGtxtBU.exe
2024	XBvnorS.exe
920	CqNnGmq.exe
1344	qhaVLZU.exe
1636	AdVkafu.exe
2128	QuTWiQl.exe
1260	FCyBOJr.exe
2460	hYwnZPX.exe
1632	bXbxOdO.exe
2428	UkBXooj.exe
1544	FgxesRL.exe
1672	RFqoTon.exe
1692	INZgLQA.exe
2488	orwFAsy.exe
288	ZqicigN.exe
2448	vGnOUcu.exe
888	DpCYwZz.exe
1500	ymfObLX.exe
2440	uPFmUwC.exe
2316	GAgqOpl.exe
1568	gEjoIps.exe
1908	YaPVnVU.exe

Loads dropped DLL 64 IoCs

pid	Process
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1720-0-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/files/0x000d000000012281-3.dat	upx
behavioral1/files/0x0008000000016c66-15.dat	upx
behavioral1/memory/2356-22-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/files/0x0007000000016c88-26.dat	upx
behavioral1/files/0x0005000000018686-67.dat	upx
behavioral1/memory/2804-83-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x00090000000164b1-93.dat	upx
behavioral1/files/0x00050000000186f4-97.dat	upx
behavioral1/files/0x0005000000018739-105.dat	upx
behavioral1/files/0x00050000000187a8-117.dat	upx
behavioral1/memory/2396-3550-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2532-3610-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2920-3796-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2260-3867-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2964-3866-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2816-3891-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2892-3927-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2928-3928-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2972-3926-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2804-3925-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2704-3795-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/1712-3573-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2296-3551-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2356-3552-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2972-872-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2804-748-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x00050000000193a6-161.dat	upx
behavioral1/files/0x0005000000019360-157.dat	upx
behavioral1/files/0x000500000001933f-153.dat	upx
behavioral1/files/0x0005000000019284-145.dat	upx
behavioral1/files/0x0005000000019297-149.dat	upx
behavioral1/files/0x0005000000019278-141.dat	upx
behavioral1/files/0x0005000000019269-137.dat	upx
behavioral1/files/0x0005000000019250-133.dat	upx
behavioral1/files/0x0005000000019246-129.dat	upx
behavioral1/files/0x0006000000018c16-125.dat	upx
behavioral1/files/0x0006000000018b4e-121.dat	upx
behavioral1/files/0x000500000001878e-113.dat	upx
behavioral1/files/0x0005000000018744-109.dat	upx
behavioral1/files/0x0005000000018704-102.dat	upx
behavioral1/memory/2964-90-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2972-89-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/files/0x00050000000186f1-87.dat	upx
behavioral1/memory/2532-82-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2892-72-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2816-71-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2928-70-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/files/0x00050000000186e7-65.dat	upx
behavioral1/files/0x000600000001755b-61.dat	upx
behavioral1/files/0x0008000000016d43-59.dat	upx
behavioral1/files/0x0007000000016cf5-58.dat	upx
behavioral1/memory/2704-80-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2964-48-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2296-39-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/files/0x00050000000186ed-78.dat	upx
behavioral1/memory/2920-76-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2260-55-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/1720-54-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/files/0x000900000001749c-53.dat	upx
behavioral1/files/0x0009000000016d3a-43.dat	upx
behavioral1/files/0x0007000000016cd7-32.dat	upx
behavioral1/memory/2532-28-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2396-19-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\CmbnVcp.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vvxgTwl.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VfalMQK.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SWaIPmD.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cZyRRgf.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aOXSCWN.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bycpbeE.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vGnOUcu.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xpKfitx.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HTMdIxV.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kWZlGcA.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AdkDqBY.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hlfbGDK.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\excxYvL.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AAoLIDW.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NAYdpXX.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TeNTVTY.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\krnThma.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CqNnGmq.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pyyuDsr.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PwJdkDT.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XlfjuZY.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oNrKsBr.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sgNlerh.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uEEGZks.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\unHMFXE.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bKQZWYY.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pEmewHz.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ymfObLX.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UGuPvbl.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MirJJXO.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YZdyuvX.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VUGbXpp.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ORCRAnw.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HuzEDix.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RjAPaKo.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vFTyMrJ.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CMovAPz.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MEjkxOe.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dsMacYK.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uTbEBQU.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fsjOMTs.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hAVmehD.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rjjrUxu.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XGWIOLV.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BVtSDDW.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CmCCxUz.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yLSpSEJ.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xVCTiQR.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ylaznZS.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DLxnXcC.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vyOjKyL.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rNHEuAY.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gjPAakK.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LviqIic.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iXcmbYs.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MFxXyGP.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hAoQuQK.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zgDRrVU.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vttPKBo.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WASZbxJ.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IdtoXUx.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sOFFrRJ.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zMfbfXg.exe	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 2396	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1720 wrote to memory of 2396	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1720 wrote to memory of 2396	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1720 wrote to memory of 1712	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1720 wrote to memory of 1712	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1720 wrote to memory of 1712	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1720 wrote to memory of 2356	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1720 wrote to memory of 2356	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1720 wrote to memory of 2356	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1720 wrote to memory of 2532	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1720 wrote to memory of 2532	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1720 wrote to memory of 2532	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1720 wrote to memory of 2296	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1720 wrote to memory of 2296	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1720 wrote to memory of 2296	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1720 wrote to memory of 2928	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1720 wrote to memory of 2928	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1720 wrote to memory of 2928	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1720 wrote to memory of 2964	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1720 wrote to memory of 2964	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1720 wrote to memory of 2964	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1720 wrote to memory of 2816	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1720 wrote to memory of 2816	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1720 wrote to memory of 2816	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1720 wrote to memory of 2260	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1720 wrote to memory of 2260	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1720 wrote to memory of 2260	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1720 wrote to memory of 2892	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1720 wrote to memory of 2892	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1720 wrote to memory of 2892	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1720 wrote to memory of 2920	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1720 wrote to memory of 2920	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1720 wrote to memory of 2920	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1720 wrote to memory of 2804	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1720 wrote to memory of 2804	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1720 wrote to memory of 2804	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1720 wrote to memory of 2704	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1720 wrote to memory of 2704	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1720 wrote to memory of 2704	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1720 wrote to memory of 2972	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1720 wrote to memory of 2972	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1720 wrote to memory of 2972	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1720 wrote to memory of 2528	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1720 wrote to memory of 2528	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1720 wrote to memory of 2528	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1720 wrote to memory of 1248	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1720 wrote to memory of 1248	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1720 wrote to memory of 1248	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1720 wrote to memory of 3064	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1720 wrote to memory of 3064	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1720 wrote to memory of 3064	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1720 wrote to memory of 2912	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1720 wrote to memory of 2912	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1720 wrote to memory of 2912	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1720 wrote to memory of 768	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1720 wrote to memory of 768	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1720 wrote to memory of 768	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1720 wrote to memory of 2992	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1720 wrote to memory of 2992	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1720 wrote to memory of 2992	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1720 wrote to memory of 1296	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1720 wrote to memory of 1296	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1720 wrote to memory of 1296	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1720 wrote to memory of 1292	1720	2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-02_585b285f6571574683433c782c549f08_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Windows\System\UVWSLip.exe
  C:\Windows\System\UVWSLip.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\xhXUSXN.exe
  C:\Windows\System\xhXUSXN.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\UuibCrK.exe
  C:\Windows\System\UuibCrK.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\JJciUDQ.exe
  C:\Windows\System\JJciUDQ.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\lvyLein.exe
  C:\Windows\System\lvyLein.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\tGGtbMe.exe
  C:\Windows\System\tGGtbMe.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\FEhLHdy.exe
  C:\Windows\System\FEhLHdy.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\sZhYFFp.exe
  C:\Windows\System\sZhYFFp.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\fAxphmE.exe
  C:\Windows\System\fAxphmE.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\fFLAQfI.exe
  C:\Windows\System\fFLAQfI.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\DGIaZgz.exe
  C:\Windows\System\DGIaZgz.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\mWmQCxN.exe
  C:\Windows\System\mWmQCxN.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\DbmVVYT.exe
  C:\Windows\System\DbmVVYT.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\WOvAjHY.exe
  C:\Windows\System\WOvAjHY.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\KGGDjbC.exe
  C:\Windows\System\KGGDjbC.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\paKgCOV.exe
  C:\Windows\System\paKgCOV.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\HACMAil.exe
  C:\Windows\System\HACMAil.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\lecPeBl.exe
  C:\Windows\System\lecPeBl.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\Mccqhyc.exe
  C:\Windows\System\Mccqhyc.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\QvDeLaV.exe
  C:\Windows\System\QvDeLaV.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\QJxATQJ.exe
  C:\Windows\System\QJxATQJ.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\AQiAUXk.exe
  C:\Windows\System\AQiAUXk.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\JruFjbG.exe
  C:\Windows\System\JruFjbG.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\dYJYKeM.exe
  C:\Windows\System\dYJYKeM.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\VdtxqHp.exe
  C:\Windows\System\VdtxqHp.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\LQXEzKS.exe
  C:\Windows\System\LQXEzKS.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\XgbsVMK.exe
  C:\Windows\System\XgbsVMK.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\BTIuVUw.exe
  C:\Windows\System\BTIuVUw.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\rjjrUxu.exe
  C:\Windows\System\rjjrUxu.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\ArduEQV.exe
  C:\Windows\System\ArduEQV.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\hZlDIfo.exe
  C:\Windows\System\hZlDIfo.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\vZXQxIN.exe
  C:\Windows\System\vZXQxIN.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\AAoLIDW.exe
  C:\Windows\System\AAoLIDW.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\kFwgRSy.exe
  C:\Windows\System\kFwgRSy.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\JyMNCeS.exe
  C:\Windows\System\JyMNCeS.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\GmiizWF.exe
  C:\Windows\System\GmiizWF.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\ybHkfmh.exe
  C:\Windows\System\ybHkfmh.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\TQCWWXF.exe
  C:\Windows\System\TQCWWXF.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\axeLeGv.exe
  C:\Windows\System\axeLeGv.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\bZqVMQx.exe
  C:\Windows\System\bZqVMQx.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\uPbVowP.exe
  C:\Windows\System\uPbVowP.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\omkFjVt.exe
  C:\Windows\System\omkFjVt.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\LGtxtBU.exe
  C:\Windows\System\LGtxtBU.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\XBvnorS.exe
  C:\Windows\System\XBvnorS.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\CqNnGmq.exe
  C:\Windows\System\CqNnGmq.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\qhaVLZU.exe
  C:\Windows\System\qhaVLZU.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\AdVkafu.exe
  C:\Windows\System\AdVkafu.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\QuTWiQl.exe
  C:\Windows\System\QuTWiQl.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\FCyBOJr.exe
  C:\Windows\System\FCyBOJr.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\hYwnZPX.exe
  C:\Windows\System\hYwnZPX.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\bXbxOdO.exe
  C:\Windows\System\bXbxOdO.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\UkBXooj.exe
  C:\Windows\System\UkBXooj.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\FgxesRL.exe
  C:\Windows\System\FgxesRL.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\INZgLQA.exe
  C:\Windows\System\INZgLQA.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\RFqoTon.exe
  C:\Windows\System\RFqoTon.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\ZqicigN.exe
  C:\Windows\System\ZqicigN.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\orwFAsy.exe
  C:\Windows\System\orwFAsy.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\vGnOUcu.exe
  C:\Windows\System\vGnOUcu.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\DpCYwZz.exe
  C:\Windows\System\DpCYwZz.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\ymfObLX.exe
  C:\Windows\System\ymfObLX.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\uPFmUwC.exe
  C:\Windows\System\uPFmUwC.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\GAgqOpl.exe
  C:\Windows\System\GAgqOpl.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\gEjoIps.exe
  C:\Windows\System\gEjoIps.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\KsMDVbq.exe
  C:\Windows\System\KsMDVbq.exe
  2⤵
  PID:1592
- C:\Windows\System\YaPVnVU.exe
  C:\Windows\System\YaPVnVU.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\FFRQxsq.exe
  C:\Windows\System\FFRQxsq.exe
  2⤵
  PID:2628
- C:\Windows\System\KvvAexN.exe
  C:\Windows\System\KvvAexN.exe
  2⤵
  PID:2612
- C:\Windows\System\UWHDBdz.exe
  C:\Windows\System\UWHDBdz.exe
  2⤵
  PID:2836
- C:\Windows\System\dBLtMyK.exe
  C:\Windows\System\dBLtMyK.exe
  2⤵
  PID:2852
- C:\Windows\System\BEYrnlu.exe
  C:\Windows\System\BEYrnlu.exe
  2⤵
  PID:1240
- C:\Windows\System\PAEOGuU.exe
  C:\Windows\System\PAEOGuU.exe
  2⤵
  PID:2948
- C:\Windows\System\SHOgmKD.exe
  C:\Windows\System\SHOgmKD.exe
  2⤵
  PID:2720
- C:\Windows\System\SeIHLAn.exe
  C:\Windows\System\SeIHLAn.exe
  2⤵
  PID:2724
- C:\Windows\System\YjXcMZm.exe
  C:\Windows\System\YjXcMZm.exe
  2⤵
  PID:2752
- C:\Windows\System\RAiwpFF.exe
  C:\Windows\System\RAiwpFF.exe
  2⤵
  PID:964
- C:\Windows\System\XGitUrO.exe
  C:\Windows\System\XGitUrO.exe
  2⤵
  PID:3040
- C:\Windows\System\PEIXjdo.exe
  C:\Windows\System\PEIXjdo.exe
  2⤵
  PID:316
- C:\Windows\System\bcJkzPB.exe
  C:\Windows\System\bcJkzPB.exe
  2⤵
  PID:2732
- C:\Windows\System\sZpoKxc.exe
  C:\Windows\System\sZpoKxc.exe
  2⤵
  PID:2076
- C:\Windows\System\vnTCGbp.exe
  C:\Windows\System\vnTCGbp.exe
  2⤵
  PID:2476
- C:\Windows\System\pJTxkxL.exe
  C:\Windows\System\pJTxkxL.exe
  2⤵
  PID:1140
- C:\Windows\System\hOPCoTX.exe
  C:\Windows\System\hOPCoTX.exe
  2⤵
  PID:2172
- C:\Windows\System\IgojOHZ.exe
  C:\Windows\System\IgojOHZ.exe
  2⤵
  PID:1340
- C:\Windows\System\uSfiOvQ.exe
  C:\Windows\System\uSfiOvQ.exe
  2⤵
  PID:2020
- C:\Windows\System\bWOWzIj.exe
  C:\Windows\System\bWOWzIj.exe
  2⤵
  PID:1688
- C:\Windows\System\aGkQMFm.exe
  C:\Windows\System\aGkQMFm.exe
  2⤵
  PID:2008
- C:\Windows\System\ZomHHpu.exe
  C:\Windows\System\ZomHHpu.exe
  2⤵
  PID:496
- C:\Windows\System\czwuCDS.exe
  C:\Windows\System\czwuCDS.exe
  2⤵
  PID:772
- C:\Windows\System\mgUSgba.exe
  C:\Windows\System\mgUSgba.exe
  2⤵
  PID:1548
- C:\Windows\System\ZcHfmOd.exe
  C:\Windows\System\ZcHfmOd.exe
  2⤵
  PID:1656
- C:\Windows\System\CwEmxHJ.exe
  C:\Windows\System\CwEmxHJ.exe
  2⤵
  PID:812
- C:\Windows\System\kwJbMcj.exe
  C:\Windows\System\kwJbMcj.exe
  2⤵
  PID:2176
- C:\Windows\System\LhnnkQf.exe
  C:\Windows\System\LhnnkQf.exe
  2⤵
  PID:2320
- C:\Windows\System\kadlGNW.exe
  C:\Windows\System\kadlGNW.exe
  2⤵
  PID:884
- C:\Windows\System\YFYtyGp.exe
  C:\Windows\System\YFYtyGp.exe
  2⤵
  PID:2644
- C:\Windows\System\vttPKBo.exe
  C:\Windows\System\vttPKBo.exe
  2⤵
  PID:1700
- C:\Windows\System\xMubNmk.exe
  C:\Windows\System\xMubNmk.exe
  2⤵
  PID:1796
- C:\Windows\System\FUzWCjm.exe
  C:\Windows\System\FUzWCjm.exe
  2⤵
  PID:2388
- C:\Windows\System\lzKMsAz.exe
  C:\Windows\System\lzKMsAz.exe
  2⤵
  PID:1264
- C:\Windows\System\KKiMGXe.exe
  C:\Windows\System\KKiMGXe.exe
  2⤵
  PID:2432
- C:\Windows\System\ORnWCol.exe
  C:\Windows\System\ORnWCol.exe
  2⤵
  PID:3000
- C:\Windows\System\XoVhroj.exe
  C:\Windows\System\XoVhroj.exe
  2⤵
  PID:840
- C:\Windows\System\PhVhwRY.exe
  C:\Windows\System\PhVhwRY.exe
  2⤵
  PID:1320
- C:\Windows\System\LOJSAlO.exe
  C:\Windows\System\LOJSAlO.exe
  2⤵
  PID:1224
- C:\Windows\System\YVtbRsZ.exe
  C:\Windows\System\YVtbRsZ.exe
  2⤵
  PID:2304
- C:\Windows\System\FWZpvqM.exe
  C:\Windows\System\FWZpvqM.exe
  2⤵
  PID:1032
- C:\Windows\System\hNEPmEL.exe
  C:\Windows\System\hNEPmEL.exe
  2⤵
  PID:3076
- C:\Windows\System\uhyPWSW.exe
  C:\Windows\System\uhyPWSW.exe
  2⤵
  PID:3092
- C:\Windows\System\wyEcaYC.exe
  C:\Windows\System\wyEcaYC.exe
  2⤵
  PID:3108
- C:\Windows\System\GDEBbNJ.exe
  C:\Windows\System\GDEBbNJ.exe
  2⤵
  PID:3124
- C:\Windows\System\baSKCAq.exe
  C:\Windows\System\baSKCAq.exe
  2⤵
  PID:3144
- C:\Windows\System\FchlLgl.exe
  C:\Windows\System\FchlLgl.exe
  2⤵
  PID:3160
- C:\Windows\System\bhoCXsn.exe
  C:\Windows\System\bhoCXsn.exe
  2⤵
  PID:3176
- C:\Windows\System\xXiHNNd.exe
  C:\Windows\System\xXiHNNd.exe
  2⤵
  PID:3192
- C:\Windows\System\UCJEJza.exe
  C:\Windows\System\UCJEJza.exe
  2⤵
  PID:3208
- C:\Windows\System\mWKcxLM.exe
  C:\Windows\System\mWKcxLM.exe
  2⤵
  PID:3224
- C:\Windows\System\oyGVwbG.exe
  C:\Windows\System\oyGVwbG.exe
  2⤵
  PID:3240
- C:\Windows\System\iBoZNBM.exe
  C:\Windows\System\iBoZNBM.exe
  2⤵
  PID:3256
- C:\Windows\System\gjJkzwv.exe
  C:\Windows\System\gjJkzwv.exe
  2⤵
  PID:3272
- C:\Windows\System\dgmDgav.exe
  C:\Windows\System\dgmDgav.exe
  2⤵
  PID:3288
- C:\Windows\System\MHaVKRb.exe
  C:\Windows\System\MHaVKRb.exe
  2⤵
  PID:3304
- C:\Windows\System\AwWgwLa.exe
  C:\Windows\System\AwWgwLa.exe
  2⤵
  PID:3324
- C:\Windows\System\yyIagSD.exe
  C:\Windows\System\yyIagSD.exe
  2⤵
  PID:3340
- C:\Windows\System\vPKVJBC.exe
  C:\Windows\System\vPKVJBC.exe
  2⤵
  PID:3356
- C:\Windows\System\EQHYHyq.exe
  C:\Windows\System\EQHYHyq.exe
  2⤵
  PID:3372
- C:\Windows\System\djPUrPi.exe
  C:\Windows\System\djPUrPi.exe
  2⤵
  PID:3388
- C:\Windows\System\dlrysTy.exe
  C:\Windows\System\dlrysTy.exe
  2⤵
  PID:3404
- C:\Windows\System\qSuXDHi.exe
  C:\Windows\System\qSuXDHi.exe
  2⤵
  PID:3420
- C:\Windows\System\iUfFSus.exe
  C:\Windows\System\iUfFSus.exe
  2⤵
  PID:3436
- C:\Windows\System\ryfMhVe.exe
  C:\Windows\System\ryfMhVe.exe
  2⤵
  PID:3452
- C:\Windows\System\mnTFIod.exe
  C:\Windows\System\mnTFIod.exe
  2⤵
  PID:3468
- C:\Windows\System\YVctKNe.exe
  C:\Windows\System\YVctKNe.exe
  2⤵
  PID:3484
- C:\Windows\System\oxXjMKK.exe
  C:\Windows\System\oxXjMKK.exe
  2⤵
  PID:3500
- C:\Windows\System\WXRAqJK.exe
  C:\Windows\System\WXRAqJK.exe
  2⤵
  PID:3516
- C:\Windows\System\WRKvMmN.exe
  C:\Windows\System\WRKvMmN.exe
  2⤵
  PID:3532
- C:\Windows\System\Eonnhjb.exe
  C:\Windows\System\Eonnhjb.exe
  2⤵
  PID:3548
- C:\Windows\System\KMpjIwl.exe
  C:\Windows\System\KMpjIwl.exe
  2⤵
  PID:3564
- C:\Windows\System\JUAcVDK.exe
  C:\Windows\System\JUAcVDK.exe
  2⤵
  PID:3580
- C:\Windows\System\bVVOHOJ.exe
  C:\Windows\System\bVVOHOJ.exe
  2⤵
  PID:3596
- C:\Windows\System\svExyYj.exe
  C:\Windows\System\svExyYj.exe
  2⤵
  PID:3612
- C:\Windows\System\LkdJabD.exe
  C:\Windows\System\LkdJabD.exe
  2⤵
  PID:3628
- C:\Windows\System\aambnUT.exe
  C:\Windows\System\aambnUT.exe
  2⤵
  PID:3644
- C:\Windows\System\MJjaYGf.exe
  C:\Windows\System\MJjaYGf.exe
  2⤵
  PID:3660
- C:\Windows\System\PyAtHpG.exe
  C:\Windows\System\PyAtHpG.exe
  2⤵
  PID:3676
- C:\Windows\System\ojKfLcJ.exe
  C:\Windows\System\ojKfLcJ.exe
  2⤵
  PID:3692
- C:\Windows\System\XlfjuZY.exe
  C:\Windows\System\XlfjuZY.exe
  2⤵
  PID:3708
- C:\Windows\System\CHtEnhQ.exe
  C:\Windows\System\CHtEnhQ.exe
  2⤵
  PID:3724
- C:\Windows\System\xvyIUir.exe
  C:\Windows\System\xvyIUir.exe
  2⤵
  PID:3740
- C:\Windows\System\pWUVIES.exe
  C:\Windows\System\pWUVIES.exe
  2⤵
  PID:3756
- C:\Windows\System\QpAFjuM.exe
  C:\Windows\System\QpAFjuM.exe
  2⤵
  PID:3772
- C:\Windows\System\newyKzf.exe
  C:\Windows\System\newyKzf.exe
  2⤵
  PID:3788
- C:\Windows\System\NZWOXGT.exe
  C:\Windows\System\NZWOXGT.exe
  2⤵
  PID:3804
- C:\Windows\System\osCUyRY.exe
  C:\Windows\System\osCUyRY.exe
  2⤵
  PID:3820
- C:\Windows\System\GiKtSeC.exe
  C:\Windows\System\GiKtSeC.exe
  2⤵
  PID:3836
- C:\Windows\System\JaePynm.exe
  C:\Windows\System\JaePynm.exe
  2⤵
  PID:3852
- C:\Windows\System\QaDIamz.exe
  C:\Windows\System\QaDIamz.exe
  2⤵
  PID:3868
- C:\Windows\System\yhGrJjW.exe
  C:\Windows\System\yhGrJjW.exe
  2⤵
  PID:3884
- C:\Windows\System\VxGOKlb.exe
  C:\Windows\System\VxGOKlb.exe
  2⤵
  PID:3900
- C:\Windows\System\xBxsUwB.exe
  C:\Windows\System\xBxsUwB.exe
  2⤵
  PID:3916
- C:\Windows\System\vFTyMrJ.exe
  C:\Windows\System\vFTyMrJ.exe
  2⤵
  PID:3932
- C:\Windows\System\nQWUCSi.exe
  C:\Windows\System\nQWUCSi.exe
  2⤵
  PID:3948
- C:\Windows\System\ZtTbhMt.exe
  C:\Windows\System\ZtTbhMt.exe
  2⤵
  PID:3964
- C:\Windows\System\vOZjozP.exe
  C:\Windows\System\vOZjozP.exe
  2⤵
  PID:3980
- C:\Windows\System\auwfcXG.exe
  C:\Windows\System\auwfcXG.exe
  2⤵
  PID:3996
- C:\Windows\System\dnrsyDu.exe
  C:\Windows\System\dnrsyDu.exe
  2⤵
  PID:4012
- C:\Windows\System\RgvGYLF.exe
  C:\Windows\System\RgvGYLF.exe
  2⤵
  PID:4028
- C:\Windows\System\YGqhaKu.exe
  C:\Windows\System\YGqhaKu.exe
  2⤵
  PID:4044
- C:\Windows\System\CbEqZit.exe
  C:\Windows\System\CbEqZit.exe
  2⤵
  PID:4060
- C:\Windows\System\iIVBWms.exe
  C:\Windows\System\iIVBWms.exe
  2⤵
  PID:4076
- C:\Windows\System\kECMwSx.exe
  C:\Windows\System\kECMwSx.exe
  2⤵
  PID:4092
- C:\Windows\System\fjaJcIU.exe
  C:\Windows\System\fjaJcIU.exe
  2⤵
  PID:1988
- C:\Windows\System\iukpXZH.exe
  C:\Windows\System\iukpXZH.exe
  2⤵
  PID:1940
- C:\Windows\System\VlsLzyf.exe
  C:\Windows\System\VlsLzyf.exe
  2⤵
  PID:1336
- C:\Windows\System\DBwSbUz.exe
  C:\Windows\System\DBwSbUz.exe
  2⤵
  PID:700
- C:\Windows\System\PoUZWJD.exe
  C:\Windows\System\PoUZWJD.exe
  2⤵
  PID:2856
- C:\Windows\System\hlqaFkk.exe
  C:\Windows\System\hlqaFkk.exe
  2⤵
  PID:2232
- C:\Windows\System\jJsxXVi.exe
  C:\Windows\System\jJsxXVi.exe
  2⤵
  PID:2444
- C:\Windows\System\JpsGuAg.exe
  C:\Windows\System\JpsGuAg.exe
  2⤵
  PID:2400
- C:\Windows\System\VAEvNxQ.exe
  C:\Windows\System\VAEvNxQ.exe
  2⤵
  PID:2940
- C:\Windows\System\yJqGtCQ.exe
  C:\Windows\System\yJqGtCQ.exe
  2⤵
  PID:448
- C:\Windows\System\ObfTRqP.exe
  C:\Windows\System\ObfTRqP.exe
  2⤵
  PID:3132
- C:\Windows\System\YmdnlAE.exe
  C:\Windows\System\YmdnlAE.exe
  2⤵
  PID:3084
- C:\Windows\System\AdzmZGw.exe
  C:\Windows\System\AdzmZGw.exe
  2⤵
  PID:3200
- C:\Windows\System\oNrKsBr.exe
  C:\Windows\System\oNrKsBr.exe
  2⤵
  PID:3156
- C:\Windows\System\ojbWToR.exe
  C:\Windows\System\ojbWToR.exe
  2⤵
  PID:3232
- C:\Windows\System\xgCStSZ.exe
  C:\Windows\System\xgCStSZ.exe
  2⤵
  PID:3296
- C:\Windows\System\simzGgK.exe
  C:\Windows\System\simzGgK.exe
  2⤵
  PID:3284
- C:\Windows\System\iFctLwO.exe
  C:\Windows\System\iFctLwO.exe
  2⤵
  PID:3248
- C:\Windows\System\tAUJzKo.exe
  C:\Windows\System\tAUJzKo.exe
  2⤵
  PID:3320
- C:\Windows\System\AKbQDsv.exe
  C:\Windows\System\AKbQDsv.exe
  2⤵
  PID:3380
- C:\Windows\System\GnxzvMl.exe
  C:\Windows\System\GnxzvMl.exe
  2⤵
  PID:3464
- C:\Windows\System\BmJdiPo.exe
  C:\Windows\System\BmJdiPo.exe
  2⤵
  PID:3528
- C:\Windows\System\MHMIsmI.exe
  C:\Windows\System\MHMIsmI.exe
  2⤵
  PID:3892
- C:\Windows\System\pzlvKHs.exe
  C:\Windows\System\pzlvKHs.exe
  2⤵
  PID:3924
- C:\Windows\System\WycyGPo.exe
  C:\Windows\System\WycyGPo.exe
  2⤵
  PID:3972
- C:\Windows\System\FDPdtQk.exe
  C:\Windows\System\FDPdtQk.exe
  2⤵
  PID:4004
- C:\Windows\System\nHzcMeZ.exe
  C:\Windows\System\nHzcMeZ.exe
  2⤵
  PID:4024
- C:\Windows\System\MNDFFMW.exe
  C:\Windows\System\MNDFFMW.exe
  2⤵
  PID:4072
- C:\Windows\System\KGSxawz.exe
  C:\Windows\System\KGSxawz.exe
  2⤵
  PID:1912
- C:\Windows\System\kboFNQV.exe
  C:\Windows\System\kboFNQV.exe
  2⤵
  PID:2800
- C:\Windows\System\zbkhnQU.exe
  C:\Windows\System\zbkhnQU.exe
  2⤵
  PID:4084
- C:\Windows\System\Ecdjvfg.exe
  C:\Windows\System\Ecdjvfg.exe
  2⤵
  PID:2312
- C:\Windows\System\UQcoOhj.exe
  C:\Windows\System\UQcoOhj.exe
  2⤵
  PID:3444
- C:\Windows\System\XMUNWgk.exe
  C:\Windows\System\XMUNWgk.exe
  2⤵
  PID:3512
- C:\Windows\System\eeDyeCg.exe
  C:\Windows\System\eeDyeCg.exe
  2⤵
  PID:3560
- C:\Windows\System\xpKfitx.exe
  C:\Windows\System\xpKfitx.exe
  2⤵
  PID:3620
- C:\Windows\System\kJCCJVl.exe
  C:\Windows\System\kJCCJVl.exe
  2⤵
  PID:3652
- C:\Windows\System\bERitIO.exe
  C:\Windows\System\bERitIO.exe
  2⤵
  PID:3704
- C:\Windows\System\IBnOFRn.exe
  C:\Windows\System\IBnOFRn.exe
  2⤵
  PID:3752
- C:\Windows\System\EqHRGIK.exe
  C:\Windows\System\EqHRGIK.exe
  2⤵
  PID:3796
- C:\Windows\System\sgNlerh.exe
  C:\Windows\System\sgNlerh.exe
  2⤵
  PID:3828
- C:\Windows\System\FcCXKXZ.exe
  C:\Windows\System\FcCXKXZ.exe
  2⤵
  PID:3876
- C:\Windows\System\PxZDuZE.exe
  C:\Windows\System\PxZDuZE.exe
  2⤵
  PID:4008
- C:\Windows\System\XQiwpRW.exe
  C:\Windows\System\XQiwpRW.exe
  2⤵
  PID:3988
- C:\Windows\System\qdpPUHg.exe
  C:\Windows\System\qdpPUHg.exe
  2⤵
  PID:2504
- C:\Windows\System\JhljmAa.exe
  C:\Windows\System\JhljmAa.exe
  2⤵
  PID:2308
- C:\Windows\System\kEREiue.exe
  C:\Windows\System\kEREiue.exe
  2⤵
  PID:1752
- C:\Windows\System\ObCjTIa.exe
  C:\Windows\System\ObCjTIa.exe
  2⤵
  PID:2676
- C:\Windows\System\LvAAwPO.exe
  C:\Windows\System\LvAAwPO.exe
  2⤵
  PID:3188
- C:\Windows\System\RkUkgPz.exe
  C:\Windows\System\RkUkgPz.exe
  2⤵
  PID:3220
- C:\Windows\System\tAaDczo.exe
  C:\Windows\System\tAaDczo.exe
  2⤵
  PID:324
- C:\Windows\System\CRypmXo.exe
  C:\Windows\System\CRypmXo.exe
  2⤵
  PID:3416
- C:\Windows\System\ztouBQa.exe
  C:\Windows\System\ztouBQa.exe
  2⤵
  PID:3608
- C:\Windows\System\ZSOtYyZ.exe
  C:\Windows\System\ZSOtYyZ.exe
  2⤵
  PID:3732
- C:\Windows\System\WQtvNqo.exe
  C:\Windows\System\WQtvNqo.exe
  2⤵
  PID:3640
- C:\Windows\System\QBgsZei.exe
  C:\Windows\System\QBgsZei.exe
  2⤵
  PID:3384
- C:\Windows\System\lggapbI.exe
  C:\Windows\System\lggapbI.exe
  2⤵
  PID:3572
- C:\Windows\System\PHcDJNz.exe
  C:\Windows\System\PHcDJNz.exe
  2⤵
  PID:3688
- C:\Windows\System\nDoFTBO.exe
  C:\Windows\System\nDoFTBO.exe
  2⤵
  PID:1416
- C:\Windows\System\gaftMIE.exe
  C:\Windows\System\gaftMIE.exe
  2⤵
  PID:3784
- C:\Windows\System\zwFuXhg.exe
  C:\Windows\System\zwFuXhg.exe
  2⤵
  PID:3912
- C:\Windows\System\IxLDUZu.exe
  C:\Windows\System\IxLDUZu.exe
  2⤵
  PID:3172
- C:\Windows\System\uzXaZiG.exe
  C:\Windows\System\uzXaZiG.exe
  2⤵
  PID:3336
- C:\Windows\System\fdurbok.exe
  C:\Windows\System\fdurbok.exe
  2⤵
  PID:3268
- C:\Windows\System\YchbYEg.exe
  C:\Windows\System\YchbYEg.exe
  2⤵
  PID:4116
- C:\Windows\System\zgDRrVU.exe
  C:\Windows\System\zgDRrVU.exe
  2⤵
  PID:4136
- C:\Windows\System\FPLjSZj.exe
  C:\Windows\System\FPLjSZj.exe
  2⤵
  PID:4156
- C:\Windows\System\BIedJap.exe
  C:\Windows\System\BIedJap.exe
  2⤵
  PID:4176
- C:\Windows\System\AvdNNDn.exe
  C:\Windows\System\AvdNNDn.exe
  2⤵
  PID:4192
- C:\Windows\System\BAnMUtJ.exe
  C:\Windows\System\BAnMUtJ.exe
  2⤵
  PID:4216
- C:\Windows\System\Xiiavte.exe
  C:\Windows\System\Xiiavte.exe
  2⤵
  PID:4232
- C:\Windows\System\MReegru.exe
  C:\Windows\System\MReegru.exe
  2⤵
  PID:4256
- C:\Windows\System\kNKtyUg.exe
  C:\Windows\System\kNKtyUg.exe
  2⤵
  PID:4272
- C:\Windows\System\joAXDzx.exe
  C:\Windows\System\joAXDzx.exe
  2⤵
  PID:4292
- C:\Windows\System\XDVBARW.exe
  C:\Windows\System\XDVBARW.exe
  2⤵
  PID:4308
- C:\Windows\System\gDoLZXk.exe
  C:\Windows\System\gDoLZXk.exe
  2⤵
  PID:4336
- C:\Windows\System\VAzFvsd.exe
  C:\Windows\System\VAzFvsd.exe
  2⤵
  PID:4356
- C:\Windows\System\iQNgRYI.exe
  C:\Windows\System\iQNgRYI.exe
  2⤵
  PID:4380
- C:\Windows\System\SMZhTzr.exe
  C:\Windows\System\SMZhTzr.exe
  2⤵
  PID:4400
- C:\Windows\System\ZeygrBC.exe
  C:\Windows\System\ZeygrBC.exe
  2⤵
  PID:4416
- C:\Windows\System\CMovAPz.exe
  C:\Windows\System\CMovAPz.exe
  2⤵
  PID:4432
- C:\Windows\System\msIrUfO.exe
  C:\Windows\System\msIrUfO.exe
  2⤵
  PID:4452
- C:\Windows\System\pemLIuF.exe
  C:\Windows\System\pemLIuF.exe
  2⤵
  PID:4472
- C:\Windows\System\gLiFTQw.exe
  C:\Windows\System\gLiFTQw.exe
  2⤵
  PID:4496
- C:\Windows\System\NahlZrL.exe
  C:\Windows\System\NahlZrL.exe
  2⤵
  PID:4512
- C:\Windows\System\rNHEuAY.exe
  C:\Windows\System\rNHEuAY.exe
  2⤵
  PID:4532
- C:\Windows\System\cFEHhRU.exe
  C:\Windows\System\cFEHhRU.exe
  2⤵
  PID:4548
- C:\Windows\System\OqXWpeM.exe
  C:\Windows\System\OqXWpeM.exe
  2⤵
  PID:4564
- C:\Windows\System\JTZiOnU.exe
  C:\Windows\System\JTZiOnU.exe
  2⤵
  PID:4592
- C:\Windows\System\LLIWoyv.exe
  C:\Windows\System\LLIWoyv.exe
  2⤵
  PID:4608
- C:\Windows\System\JpQdeEN.exe
  C:\Windows\System\JpQdeEN.exe
  2⤵
  PID:4636
- C:\Windows\System\UNAxmBS.exe
  C:\Windows\System\UNAxmBS.exe
  2⤵
  PID:4656
- C:\Windows\System\oEJNixd.exe
  C:\Windows\System\oEJNixd.exe
  2⤵
  PID:4676
- C:\Windows\System\YxlLqXF.exe
  C:\Windows\System\YxlLqXF.exe
  2⤵
  PID:4692
- C:\Windows\System\CzJgaSL.exe
  C:\Windows\System\CzJgaSL.exe
  2⤵
  PID:4716
- C:\Windows\System\aGqVuqM.exe
  C:\Windows\System\aGqVuqM.exe
  2⤵
  PID:4744
- C:\Windows\System\xOjWmfL.exe
  C:\Windows\System\xOjWmfL.exe
  2⤵
  PID:4768
- C:\Windows\System\babAKih.exe
  C:\Windows\System\babAKih.exe
  2⤵
  PID:4784
- C:\Windows\System\YXRAvBb.exe
  C:\Windows\System\YXRAvBb.exe
  2⤵
  PID:4808
- C:\Windows\System\qgbFkkX.exe
  C:\Windows\System\qgbFkkX.exe
  2⤵
  PID:4828
- C:\Windows\System\yOEzRPQ.exe
  C:\Windows\System\yOEzRPQ.exe
  2⤵
  PID:4852
- C:\Windows\System\SNXEJjg.exe
  C:\Windows\System\SNXEJjg.exe
  2⤵
  PID:4868
- C:\Windows\System\NUurCMN.exe
  C:\Windows\System\NUurCMN.exe
  2⤵
  PID:4884
- C:\Windows\System\JuwyeUT.exe
  C:\Windows\System\JuwyeUT.exe
  2⤵
  PID:4912
- C:\Windows\System\VwKZOiN.exe
  C:\Windows\System\VwKZOiN.exe
  2⤵
  PID:4928
- C:\Windows\System\OxdseHA.exe
  C:\Windows\System\OxdseHA.exe
  2⤵
  PID:4948
- C:\Windows\System\TezdVGl.exe
  C:\Windows\System\TezdVGl.exe
  2⤵
  PID:4972
- C:\Windows\System\wwmZaLZ.exe
  C:\Windows\System\wwmZaLZ.exe
  2⤵
  PID:4988
- C:\Windows\System\pckBCxk.exe
  C:\Windows\System\pckBCxk.exe
  2⤵
  PID:5008
- C:\Windows\System\JIZDdYr.exe
  C:\Windows\System\JIZDdYr.exe
  2⤵
  PID:5028
- C:\Windows\System\YJXymGT.exe
  C:\Windows\System\YJXymGT.exe
  2⤵
  PID:5048
- C:\Windows\System\RTmBGqk.exe
  C:\Windows\System\RTmBGqk.exe
  2⤵
  PID:5068
- C:\Windows\System\MKaEPYg.exe
  C:\Windows\System\MKaEPYg.exe
  2⤵
  PID:5092
- C:\Windows\System\vvXBZzU.exe
  C:\Windows\System\vvXBZzU.exe
  2⤵
  PID:5108
- C:\Windows\System\LCCuDTs.exe
  C:\Windows\System\LCCuDTs.exe
  2⤵
  PID:3492
- C:\Windows\System\NukxFkJ.exe
  C:\Windows\System\NukxFkJ.exe
  2⤵
  PID:3508
- C:\Windows\System\GGFopuq.exe
  C:\Windows\System\GGFopuq.exe
  2⤵
  PID:3672
- C:\Windows\System\jXkzRJi.exe
  C:\Windows\System\jXkzRJi.exe
  2⤵
  PID:2352
- C:\Windows\System\PGNccwe.exe
  C:\Windows\System\PGNccwe.exe
  2⤵
  PID:3780
- C:\Windows\System\WfAxStK.exe
  C:\Windows\System\WfAxStK.exe
  2⤵
  PID:4020
- C:\Windows\System\VpuwXrI.exe
  C:\Windows\System\VpuwXrI.exe
  2⤵
  PID:4108
- C:\Windows\System\qdiSRmk.exe
  C:\Windows\System\qdiSRmk.exe
  2⤵
  PID:3928
- C:\Windows\System\ExohBxb.exe
  C:\Windows\System\ExohBxb.exe
  2⤵
  PID:2100
- C:\Windows\System\MYYFTxy.exe
  C:\Windows\System\MYYFTxy.exe
  2⤵
  PID:4184
- C:\Windows\System\LvSVjrq.exe
  C:\Windows\System\LvSVjrq.exe
  2⤵
  PID:4124
- C:\Windows\System\xnyLPHK.exe
  C:\Windows\System\xnyLPHK.exe
  2⤵
  PID:4164
- C:\Windows\System\vzXQjth.exe
  C:\Windows\System\vzXQjth.exe
  2⤵
  PID:4264
- C:\Windows\System\JsvOjKN.exe
  C:\Windows\System\JsvOjKN.exe
  2⤵
  PID:4252
- C:\Windows\System\HTMdIxV.exe
  C:\Windows\System\HTMdIxV.exe
  2⤵
  PID:4388
- C:\Windows\System\GyYqrVm.exe
  C:\Windows\System\GyYqrVm.exe
  2⤵
  PID:4460
- C:\Windows\System\tnXlWge.exe
  C:\Windows\System\tnXlWge.exe
  2⤵
  PID:4320
- C:\Windows\System\QYjaTHX.exe
  C:\Windows\System\QYjaTHX.exe
  2⤵
  PID:4540
- C:\Windows\System\jCLEmYE.exe
  C:\Windows\System\jCLEmYE.exe
  2⤵
  PID:4572
- C:\Windows\System\TOoBUaU.exe
  C:\Windows\System\TOoBUaU.exe
  2⤵
  PID:4580
- C:\Windows\System\RMeLVcv.exe
  C:\Windows\System\RMeLVcv.exe
  2⤵
  PID:4372
- C:\Windows\System\GYoowvV.exe
  C:\Windows\System\GYoowvV.exe
  2⤵
  PID:4664
- C:\Windows\System\GMdEFTL.exe
  C:\Windows\System\GMdEFTL.exe
  2⤵
  PID:4480
- C:\Windows\System\ZcPJVOe.exe
  C:\Windows\System\ZcPJVOe.exe
  2⤵
  PID:4492
- C:\Windows\System\vNzXPRL.exe
  C:\Windows\System\vNzXPRL.exe
  2⤵
  PID:4712
- C:\Windows\System\WhtZsMt.exe
  C:\Windows\System\WhtZsMt.exe
  2⤵
  PID:4652
- C:\Windows\System\TsQTEHO.exe
  C:\Windows\System\TsQTEHO.exe
  2⤵
  PID:4604
- C:\Windows\System\DjqyHww.exe
  C:\Windows\System\DjqyHww.exe
  2⤵
  PID:4732
- C:\Windows\System\tBKJurw.exe
  C:\Windows\System\tBKJurw.exe
  2⤵
  PID:4760
- C:\Windows\System\fjmiOBc.exe
  C:\Windows\System\fjmiOBc.exe
  2⤵
  PID:4780
- C:\Windows\System\KpuwAyS.exe
  C:\Windows\System\KpuwAyS.exe
  2⤵
  PID:4848
- C:\Windows\System\CHGPwEj.exe
  C:\Windows\System\CHGPwEj.exe
  2⤵
  PID:4876
- C:\Windows\System\RjAPaKo.exe
  C:\Windows\System\RjAPaKo.exe
  2⤵
  PID:4908
- C:\Windows\System\GDTIdWe.exe
  C:\Windows\System\GDTIdWe.exe
  2⤵
  PID:4956
- C:\Windows\System\wZooXtK.exe
  C:\Windows\System\wZooXtK.exe
  2⤵
  PID:4904
- C:\Windows\System\hDdCzaW.exe
  C:\Windows\System\hDdCzaW.exe
  2⤵
  PID:4980
- C:\Windows\System\NJVFefE.exe
  C:\Windows\System\NJVFefE.exe
  2⤵
  PID:1648
- C:\Windows\System\SAJFgdr.exe
  C:\Windows\System\SAJFgdr.exe
  2⤵
  PID:5088
- C:\Windows\System\sbdKuzz.exe
  C:\Windows\System\sbdKuzz.exe
  2⤵
  PID:5024
- C:\Windows\System\uXTmOOK.exe
  C:\Windows\System\uXTmOOK.exe
  2⤵
  PID:4820
- C:\Windows\System\GpcWRyo.exe
  C:\Windows\System\GpcWRyo.exe
  2⤵
  PID:3768
- C:\Windows\System\wJryTsj.exe
  C:\Windows\System\wJryTsj.exe
  2⤵
  PID:5100
- C:\Windows\System\OrpbaRH.exe
  C:\Windows\System\OrpbaRH.exe
  2⤵
  PID:3216
- C:\Windows\System\nqqxQuU.exe
  C:\Windows\System\nqqxQuU.exe
  2⤵
  PID:4112
- C:\Windows\System\BEghUWe.exe
  C:\Windows\System\BEghUWe.exe
  2⤵
  PID:4056
- C:\Windows\System\wHDIKjm.exe
  C:\Windows\System\wHDIKjm.exe
  2⤵
  PID:3400
- C:\Windows\System\UGuPvbl.exe
  C:\Windows\System\UGuPvbl.exe
  2⤵
  PID:4132
- C:\Windows\System\MEjkxOe.exe
  C:\Windows\System\MEjkxOe.exe
  2⤵
  PID:4204
- C:\Windows\System\BPXUJgA.exe
  C:\Windows\System\BPXUJgA.exe
  2⤵
  PID:4352
- C:\Windows\System\QQysKqG.exe
  C:\Windows\System\QQysKqG.exe
  2⤵
  PID:4468
- C:\Windows\System\JzcGwsz.exe
  C:\Windows\System\JzcGwsz.exe
  2⤵
  PID:4392
- C:\Windows\System\AIEZZbU.exe
  C:\Windows\System\AIEZZbU.exe
  2⤵
  PID:2860
- C:\Windows\System\jMTqeGT.exe
  C:\Windows\System\jMTqeGT.exe
  2⤵
  PID:4364
- C:\Windows\System\dsMacYK.exe
  C:\Windows\System\dsMacYK.exe
  2⤵
  PID:4376
- C:\Windows\System\VeDFvCa.exe
  C:\Windows\System\VeDFvCa.exe
  2⤵
  PID:2472
- C:\Windows\System\hvOLCCn.exe
  C:\Windows\System\hvOLCCn.exe
  2⤵
  PID:4700
- C:\Windows\System\LlojlAv.exe
  C:\Windows\System\LlojlAv.exe
  2⤵
  PID:4724
- C:\Windows\System\iYNPanL.exe
  C:\Windows\System\iYNPanL.exe
  2⤵
  PID:4764
- C:\Windows\System\KkddWCt.exe
  C:\Windows\System\KkddWCt.exe
  2⤵
  PID:4836
- C:\Windows\System\UhsLFMV.exe
  C:\Windows\System\UhsLFMV.exe
  2⤵
  PID:4648
- C:\Windows\System\qPWxVEh.exe
  C:\Windows\System\qPWxVEh.exe
  2⤵
  PID:4756
- C:\Windows\System\TCWKKUv.exe
  C:\Windows\System\TCWKKUv.exe
  2⤵
  PID:5036
- C:\Windows\System\UgslgZE.exe
  C:\Windows\System\UgslgZE.exe
  2⤵
  PID:5020
- C:\Windows\System\LjQXISI.exe
  C:\Windows\System\LjQXISI.exe
  2⤵
  PID:4860
- C:\Windows\System\fOGMgkd.exe
  C:\Windows\System\fOGMgkd.exe
  2⤵
  PID:2536
- C:\Windows\System\dXfzPXW.exe
  C:\Windows\System\dXfzPXW.exe
  2⤵
  PID:3556
- C:\Windows\System\vMRpEAf.exe
  C:\Windows\System\vMRpEAf.exe
  2⤵
  PID:4940
- C:\Windows\System\oKTRKZd.exe
  C:\Windows\System\oKTRKZd.exe
  2⤵
  PID:5076
- C:\Windows\System\QUoOKhM.exe
  C:\Windows\System\QUoOKhM.exe
  2⤵
  PID:3544
- C:\Windows\System\gMsmUQT.exe
  C:\Windows\System\gMsmUQT.exe
  2⤵
  PID:4228
- C:\Windows\System\JExViQG.exe
  C:\Windows\System\JExViQG.exe
  2⤵
  PID:4300
- C:\Windows\System\qDLipZJ.exe
  C:\Windows\System\qDLipZJ.exe
  2⤵
  PID:4508
- C:\Windows\System\tLxGptX.exe
  C:\Windows\System\tLxGptX.exe
  2⤵
  PID:4448
- C:\Windows\System\NywjVoV.exe
  C:\Windows\System\NywjVoV.exe
  2⤵
  PID:1268
- C:\Windows\System\kWZlGcA.exe
  C:\Windows\System\kWZlGcA.exe
  2⤵
  PID:4752
- C:\Windows\System\eXdGwDv.exe
  C:\Windows\System\eXdGwDv.exe
  2⤵
  PID:5104
- C:\Windows\System\hclDtLk.exe
  C:\Windows\System\hclDtLk.exe
  2⤵
  PID:4144
- C:\Windows\System\uGkgoRU.exe
  C:\Windows\System\uGkgoRU.exe
  2⤵
  PID:4200
- C:\Windows\System\akktOPM.exe
  C:\Windows\System\akktOPM.exe
  2⤵
  PID:3412
- C:\Windows\System\NAYdpXX.exe
  C:\Windows\System\NAYdpXX.exe
  2⤵
  PID:4544
- C:\Windows\System\PWfsqVG.exe
  C:\Windows\System\PWfsqVG.exe
  2⤵
  PID:4920
- C:\Windows\System\NcJIAWm.exe
  C:\Windows\System\NcJIAWm.exe
  2⤵
  PID:2960
- C:\Windows\System\WGQYXoE.exe
  C:\Windows\System\WGQYXoE.exe
  2⤵
  PID:4488
- C:\Windows\System\RveuJlt.exe
  C:\Windows\System\RveuJlt.exe
  2⤵
  PID:5064
- C:\Windows\System\waxTXCP.exe
  C:\Windows\System\waxTXCP.exe
  2⤵
  PID:4560
- C:\Windows\System\UuHPwML.exe
  C:\Windows\System\UuHPwML.exe
  2⤵
  PID:3800
- C:\Windows\System\EeEpIzf.exe
  C:\Windows\System\EeEpIzf.exe
  2⤵
  PID:5040
- C:\Windows\System\AElIPIf.exe
  C:\Windows\System\AElIPIf.exe
  2⤵
  PID:4348
- C:\Windows\System\KiIoclT.exe
  C:\Windows\System\KiIoclT.exe
  2⤵
  PID:4248
- C:\Windows\System\wkBseMJ.exe
  C:\Windows\System\wkBseMJ.exe
  2⤵
  PID:2696
- C:\Windows\System\XskNEKD.exe
  C:\Windows\System\XskNEKD.exe
  2⤵
  PID:4688
- C:\Windows\System\nrLsyBG.exe
  C:\Windows\System\nrLsyBG.exe
  2⤵
  PID:2744
- C:\Windows\System\OXBfhfi.exe
  C:\Windows\System\OXBfhfi.exe
  2⤵
  PID:3956
- C:\Windows\System\JrSfKyJ.exe
  C:\Windows\System\JrSfKyJ.exe
  2⤵
  PID:2956
- C:\Windows\System\GccjZqj.exe
  C:\Windows\System\GccjZqj.exe
  2⤵
  PID:4172
- C:\Windows\System\AnqtYwP.exe
  C:\Windows\System\AnqtYwP.exe
  2⤵
  PID:576
- C:\Windows\System\jnmUxTF.exe
  C:\Windows\System\jnmUxTF.exe
  2⤵
  PID:4484
- C:\Windows\System\UFGljnD.exe
  C:\Windows\System\UFGljnD.exe
  2⤵
  PID:2864
- C:\Windows\System\dtMakSB.exe
  C:\Windows\System\dtMakSB.exe
  2⤵
  PID:5132
- C:\Windows\System\VrcsakT.exe
  C:\Windows\System\VrcsakT.exe
  2⤵
  PID:5148
- C:\Windows\System\jhFstjI.exe
  C:\Windows\System\jhFstjI.exe
  2⤵
  PID:5164
- C:\Windows\System\NEgzxgr.exe
  C:\Windows\System\NEgzxgr.exe
  2⤵
  PID:5180
- C:\Windows\System\FxSScxc.exe
  C:\Windows\System\FxSScxc.exe
  2⤵
  PID:5196
- C:\Windows\System\KzlbDpF.exe
  C:\Windows\System\KzlbDpF.exe
  2⤵
  PID:5212
- C:\Windows\System\WLdGxoN.exe
  C:\Windows\System\WLdGxoN.exe
  2⤵
  PID:5228
- C:\Windows\System\OmwYnnv.exe
  C:\Windows\System\OmwYnnv.exe
  2⤵
  PID:5244
- C:\Windows\System\yunWFLZ.exe
  C:\Windows\System\yunWFLZ.exe
  2⤵
  PID:5260
- C:\Windows\System\JVfuzWI.exe
  C:\Windows\System\JVfuzWI.exe
  2⤵
  PID:5276
- C:\Windows\System\xNSDVlh.exe
  C:\Windows\System\xNSDVlh.exe
  2⤵
  PID:5292
- C:\Windows\System\VOoSwgH.exe
  C:\Windows\System\VOoSwgH.exe
  2⤵
  PID:5308
- C:\Windows\System\yNdwVbm.exe
  C:\Windows\System\yNdwVbm.exe
  2⤵
  PID:5324
- C:\Windows\System\mzaGniM.exe
  C:\Windows\System\mzaGniM.exe
  2⤵
  PID:5340
- C:\Windows\System\RlhpFlH.exe
  C:\Windows\System\RlhpFlH.exe
  2⤵
  PID:5356
- C:\Windows\System\zxYduCk.exe
  C:\Windows\System\zxYduCk.exe
  2⤵
  PID:5372
- C:\Windows\System\xqCvvvN.exe
  C:\Windows\System\xqCvvvN.exe
  2⤵
  PID:5388
- C:\Windows\System\FuSxTLG.exe
  C:\Windows\System\FuSxTLG.exe
  2⤵
  PID:5404
- C:\Windows\System\DBDzxTd.exe
  C:\Windows\System\DBDzxTd.exe
  2⤵
  PID:5420
- C:\Windows\System\PtsinVr.exe
  C:\Windows\System\PtsinVr.exe
  2⤵
  PID:5436
- C:\Windows\System\grkApmp.exe
  C:\Windows\System\grkApmp.exe
  2⤵
  PID:5452
- C:\Windows\System\wCBnAwW.exe
  C:\Windows\System\wCBnAwW.exe
  2⤵
  PID:5468
- C:\Windows\System\tPyYerL.exe
  C:\Windows\System\tPyYerL.exe
  2⤵
  PID:5484
- C:\Windows\System\cttfiOm.exe
  C:\Windows\System\cttfiOm.exe
  2⤵
  PID:5512
- C:\Windows\System\MUAzSyi.exe
  C:\Windows\System\MUAzSyi.exe
  2⤵
  PID:5540
- C:\Windows\System\RFTufFv.exe
  C:\Windows\System\RFTufFv.exe
  2⤵
  PID:5556
- C:\Windows\System\lJIubRX.exe
  C:\Windows\System\lJIubRX.exe
  2⤵
  PID:5576
- C:\Windows\System\VXqvafl.exe
  C:\Windows\System\VXqvafl.exe
  2⤵
  PID:5592
- C:\Windows\System\TFyohXy.exe
  C:\Windows\System\TFyohXy.exe
  2⤵
  PID:5608
- C:\Windows\System\LHPjHvc.exe
  C:\Windows\System\LHPjHvc.exe
  2⤵
  PID:5624
- C:\Windows\System\nJeLJlB.exe
  C:\Windows\System\nJeLJlB.exe
  2⤵
  PID:5640
- C:\Windows\System\rpNGgpg.exe
  C:\Windows\System\rpNGgpg.exe
  2⤵
  PID:5656
- C:\Windows\System\QCafevc.exe
  C:\Windows\System\QCafevc.exe
  2⤵
  PID:5672
- C:\Windows\System\ozFiNOv.exe
  C:\Windows\System\ozFiNOv.exe
  2⤵
  PID:5688
- C:\Windows\System\TeRCjsy.exe
  C:\Windows\System\TeRCjsy.exe
  2⤵
  PID:5704
- C:\Windows\System\oEFWzgm.exe
  C:\Windows\System\oEFWzgm.exe
  2⤵
  PID:5720
- C:\Windows\System\wycLXRK.exe
  C:\Windows\System\wycLXRK.exe
  2⤵
  PID:5736
- C:\Windows\System\TKugrPG.exe
  C:\Windows\System\TKugrPG.exe
  2⤵
  PID:5752
- C:\Windows\System\gXCmFOV.exe
  C:\Windows\System\gXCmFOV.exe
  2⤵
  PID:5768
- C:\Windows\System\bxCabRT.exe
  C:\Windows\System\bxCabRT.exe
  2⤵
  PID:5784
- C:\Windows\System\fRjLJgy.exe
  C:\Windows\System\fRjLJgy.exe
  2⤵
  PID:5800
- C:\Windows\System\FOUVmHf.exe
  C:\Windows\System\FOUVmHf.exe
  2⤵
  PID:5816
- C:\Windows\System\AaVpRsP.exe
  C:\Windows\System\AaVpRsP.exe
  2⤵
  PID:5832
- C:\Windows\System\DvuemcS.exe
  C:\Windows\System\DvuemcS.exe
  2⤵
  PID:5864
- C:\Windows\System\UNTWNtm.exe
  C:\Windows\System\UNTWNtm.exe
  2⤵
  PID:5880
- C:\Windows\System\KUFGHkw.exe
  C:\Windows\System\KUFGHkw.exe
  2⤵
  PID:5896
- C:\Windows\System\pjnqMJY.exe
  C:\Windows\System\pjnqMJY.exe
  2⤵
  PID:5912
- C:\Windows\System\mxaEsvw.exe
  C:\Windows\System\mxaEsvw.exe
  2⤵
  PID:5928
- C:\Windows\System\DOzhDfd.exe
  C:\Windows\System\DOzhDfd.exe
  2⤵
  PID:5944
- C:\Windows\System\uiIuXXk.exe
  C:\Windows\System\uiIuXXk.exe
  2⤵
  PID:5960
- C:\Windows\System\UVpcQWj.exe
  C:\Windows\System\UVpcQWj.exe
  2⤵
  PID:5976
- C:\Windows\System\EyZNBxX.exe
  C:\Windows\System\EyZNBxX.exe
  2⤵
  PID:5992
- C:\Windows\System\tWjyFki.exe
  C:\Windows\System\tWjyFki.exe
  2⤵
  PID:6008
- C:\Windows\System\UJaBDxY.exe
  C:\Windows\System\UJaBDxY.exe
  2⤵
  PID:6024
- C:\Windows\System\gtyBOiU.exe
  C:\Windows\System\gtyBOiU.exe
  2⤵
  PID:6040
- C:\Windows\System\bbGpvKa.exe
  C:\Windows\System\bbGpvKa.exe
  2⤵
  PID:6056
- C:\Windows\System\vtCKjvs.exe
  C:\Windows\System\vtCKjvs.exe
  2⤵
  PID:6072
- C:\Windows\System\fnBZWCW.exe
  C:\Windows\System\fnBZWCW.exe
  2⤵
  PID:6088
- C:\Windows\System\PZejixx.exe
  C:\Windows\System\PZejixx.exe
  2⤵
  PID:6104
- C:\Windows\System\ydGUjQM.exe
  C:\Windows\System\ydGUjQM.exe
  2⤵
  PID:6120
- C:\Windows\System\NOHbDya.exe
  C:\Windows\System\NOHbDya.exe
  2⤵
  PID:6136
- C:\Windows\System\TnAQCqn.exe
  C:\Windows\System\TnAQCqn.exe
  2⤵
  PID:4796
- C:\Windows\System\ItYAJJf.exe
  C:\Windows\System\ItYAJJf.exe
  2⤵
  PID:4728
- C:\Windows\System\UrjzPuA.exe
  C:\Windows\System\UrjzPuA.exe
  2⤵
  PID:4576
- C:\Windows\System\nCrZrZs.exe
  C:\Windows\System\nCrZrZs.exe
  2⤵
  PID:5128
- C:\Windows\System\MirJJXO.exe
  C:\Windows\System\MirJJXO.exe
  2⤵
  PID:780
- C:\Windows\System\biPIwVJ.exe
  C:\Windows\System\biPIwVJ.exe
  2⤵
  PID:5156
- C:\Windows\System\zXmxeJx.exe
  C:\Windows\System\zXmxeJx.exe
  2⤵
  PID:5220
- C:\Windows\System\tmHhzGb.exe
  C:\Windows\System\tmHhzGb.exe
  2⤵
  PID:5140
- C:\Windows\System\vVNpLqQ.exe
  C:\Windows\System\vVNpLqQ.exe
  2⤵
  PID:5144
- C:\Windows\System\lpSyCng.exe
  C:\Windows\System\lpSyCng.exe
  2⤵
  PID:5316
- C:\Windows\System\MUvoxsc.exe
  C:\Windows\System\MUvoxsc.exe
  2⤵
  PID:5380
- C:\Windows\System\nesTPjL.exe
  C:\Windows\System\nesTPjL.exe
  2⤵
  PID:5204
- C:\Windows\System\OXtbUiL.exe
  C:\Windows\System\OXtbUiL.exe
  2⤵
  PID:5240
- C:\Windows\System\TeNTVTY.exe
  C:\Windows\System\TeNTVTY.exe
  2⤵
  PID:5412
- C:\Windows\System\kMBviNl.exe
  C:\Windows\System\kMBviNl.exe
  2⤵
  PID:3140
- C:\Windows\System\cDdMEnM.exe
  C:\Windows\System\cDdMEnM.exe
  2⤵
  PID:5396
- C:\Windows\System\lLClAoZ.exe
  C:\Windows\System\lLClAoZ.exe
  2⤵
  PID:5476
- C:\Windows\System\MRrFlCV.exe
  C:\Windows\System\MRrFlCV.exe
  2⤵
  PID:5528
- C:\Windows\System\HSHotBC.exe
  C:\Windows\System\HSHotBC.exe
  2⤵
  PID:5568
- C:\Windows\System\DEWRAls.exe
  C:\Windows\System\DEWRAls.exe
  2⤵
  PID:5632
- C:\Windows\System\eDkpGte.exe
  C:\Windows\System\eDkpGte.exe
  2⤵
  PID:5696
- C:\Windows\System\bycpbeE.exe
  C:\Windows\System\bycpbeE.exe
  2⤵
  PID:5368
- C:\Windows\System\BVtSDDW.exe
  C:\Windows\System\BVtSDDW.exe
  2⤵
  PID:5764
- C:\Windows\System\KDVfwTX.exe
  C:\Windows\System\KDVfwTX.exe
  2⤵
  PID:5828
- C:\Windows\System\Reyxikq.exe
  C:\Windows\System\Reyxikq.exe
  2⤵
  PID:5652
- C:\Windows\System\vwgQsCK.exe
  C:\Windows\System\vwgQsCK.exe
  2⤵
  PID:5744
- C:\Windows\System\IjUpNrp.exe
  C:\Windows\System\IjUpNrp.exe
  2⤵
  PID:5892
- C:\Windows\System\zZVKIBA.exe
  C:\Windows\System\zZVKIBA.exe
  2⤵
  PID:5876
- C:\Windows\System\uEfhCWK.exe
  C:\Windows\System\uEfhCWK.exe
  2⤵
  PID:5936
- C:\Windows\System\tEUYQsO.exe
  C:\Windows\System\tEUYQsO.exe
  2⤵
  PID:5972
- C:\Windows\System\FzrYQjR.exe
  C:\Windows\System\FzrYQjR.exe
  2⤵
  PID:5496
- C:\Windows\System\OcNYAWK.exe
  C:\Windows\System\OcNYAWK.exe
  2⤵
  PID:5500
- C:\Windows\System\xQQFZad.exe
  C:\Windows\System\xQQFZad.exe
  2⤵
  PID:5952
- C:\Windows\System\WCqYIDr.exe
  C:\Windows\System\WCqYIDr.exe
  2⤵
  PID:1952
- C:\Windows\System\tfeXAel.exe
  C:\Windows\System\tfeXAel.exe
  2⤵
  PID:2104
- C:\Windows\System\HBiXfit.exe
  C:\Windows\System\HBiXfit.exe
  2⤵
  PID:4800
- C:\Windows\System\jnovdPL.exe
  C:\Windows\System\jnovdPL.exe
  2⤵
  PID:6084
- C:\Windows\System\HhofPip.exe
  C:\Windows\System\HhofPip.exe
  2⤵
  PID:2216
- C:\Windows\System\oWpaLBY.exe
  C:\Windows\System\oWpaLBY.exe
  2⤵
  PID:2096
- C:\Windows\System\WmwYoHs.exe
  C:\Windows\System\WmwYoHs.exe
  2⤵
  PID:5252
- C:\Windows\System\NqWDxEk.exe
  C:\Windows\System\NqWDxEk.exe
  2⤵
  PID:5288
- C:\Windows\System\DJHBTcJ.exe
  C:\Windows\System\DJHBTcJ.exe
  2⤵
  PID:5192
- C:\Windows\System\CNyHzuy.exe
  C:\Windows\System\CNyHzuy.exe
  2⤵
  PID:5304
- C:\Windows\System\CWWfias.exe
  C:\Windows\System\CWWfias.exe
  2⤵
  PID:5432
- C:\Windows\System\MDMApLN.exe
  C:\Windows\System\MDMApLN.exe
  2⤵
  PID:5600
- C:\Windows\System\QsUApDm.exe
  C:\Windows\System\QsUApDm.exe
  2⤵
  PID:5508
- C:\Windows\System\CmbnVcp.exe
  C:\Windows\System\CmbnVcp.exe
  2⤵
  PID:5668
- C:\Windows\System\WMWawwq.exe
  C:\Windows\System\WMWawwq.exe
  2⤵
  PID:5780
- C:\Windows\System\AwxUwni.exe
  C:\Windows\System\AwxUwni.exe
  2⤵
  PID:1740
- C:\Windows\System\anAIznR.exe
  C:\Windows\System\anAIznR.exe
  2⤵
  PID:5732
- C:\Windows\System\tzcqHYf.exe
  C:\Windows\System\tzcqHYf.exe
  2⤵
  PID:2092
- C:\Windows\System\hAoQuQK.exe
  C:\Windows\System\hAoQuQK.exe
  2⤵
  PID:4644
- C:\Windows\System\akuqOfx.exe
  C:\Windows\System\akuqOfx.exe
  2⤵
  PID:5872
- C:\Windows\System\BQQfQME.exe
  C:\Windows\System\BQQfQME.exe
  2⤵
  PID:6080
- C:\Windows\System\EpIeknd.exe
  C:\Windows\System\EpIeknd.exe
  2⤵
  PID:5760
- C:\Windows\System\gGmPjNa.exe
  C:\Windows\System\gGmPjNa.exe
  2⤵
  PID:5284
- C:\Windows\System\pbQMGgG.exe
  C:\Windows\System\pbQMGgG.exe
  2⤵
  PID:5464
- C:\Windows\System\uEEGZks.exe
  C:\Windows\System\uEEGZks.exe
  2⤵
  PID:5564
- C:\Windows\System\YLyPLrv.exe
  C:\Windows\System\YLyPLrv.exe
  2⤵
  PID:5548
- C:\Windows\System\FKygNHV.exe
  C:\Windows\System\FKygNHV.exe
  2⤵
  PID:2144
- C:\Windows\System\BVmODTd.exe
  C:\Windows\System\BVmODTd.exe
  2⤵
  PID:2828
- C:\Windows\System\dIpsbKX.exe
  C:\Windows\System\dIpsbKX.exe
  2⤵
  PID:2408
- C:\Windows\System\OqrsCiR.exe
  C:\Windows\System\OqrsCiR.exe
  2⤵
  PID:3184
- C:\Windows\System\PvJqmPP.exe
  C:\Windows\System\PvJqmPP.exe
  2⤵
  PID:2756
- C:\Windows\System\DkEQsvQ.exe
  C:\Windows\System\DkEQsvQ.exe
  2⤵
  PID:6020
- C:\Windows\System\lNmsGoJ.exe
  C:\Windows\System\lNmsGoJ.exe
  2⤵
  PID:5984
- C:\Windows\System\BGODLwW.exe
  C:\Windows\System\BGODLwW.exe
  2⤵
  PID:6032
- C:\Windows\System\GjLlWfb.exe
  C:\Windows\System\GjLlWfb.exe
  2⤵
  PID:5664
- C:\Windows\System\rICSWfK.exe
  C:\Windows\System\rICSWfK.exe
  2⤵
  PID:1476
- C:\Windows\System\XgLLpfl.exe
  C:\Windows\System\XgLLpfl.exe
  2⤵
  PID:1156
- C:\Windows\System\ERtnFea.exe
  C:\Windows\System\ERtnFea.exe
  2⤵
  PID:4968
- C:\Windows\System\RGVsbZd.exe
  C:\Windows\System\RGVsbZd.exe
  2⤵
  PID:4620
- C:\Windows\System\iryVOKw.exe
  C:\Windows\System\iryVOKw.exe
  2⤵
  PID:3032
- C:\Windows\System\bIfdoDp.exe
  C:\Windows\System\bIfdoDp.exe
  2⤵
  PID:2516
- C:\Windows\System\ASYCbTl.exe
  C:\Windows\System\ASYCbTl.exe
  2⤵
  PID:2748
- C:\Windows\System\RHSeoDR.exe
  C:\Windows\System\RHSeoDR.exe
  2⤵
  PID:5524
- C:\Windows\System\bAiEdPI.exe
  C:\Windows\System\bAiEdPI.exe
  2⤵
  PID:2028
- C:\Windows\System\yZjlVPD.exe
  C:\Windows\System\yZjlVPD.exe
  2⤵
  PID:6016
- C:\Windows\System\PlvJOEe.exe
  C:\Windows\System\PlvJOEe.exe
  2⤵
  PID:5796
- C:\Windows\System\xDAgZNF.exe
  C:\Windows\System\xDAgZNF.exe
  2⤵
  PID:5968
- C:\Windows\System\KbhvptD.exe
  C:\Windows\System\KbhvptD.exe
  2⤵
  PID:3044
- C:\Windows\System\alxsDbt.exe
  C:\Windows\System\alxsDbt.exe
  2⤵
  PID:3028
- C:\Windows\System\wYVIcPl.exe
  C:\Windows\System\wYVIcPl.exe
  2⤵
  PID:6156
- C:\Windows\System\lAEBxhT.exe
  C:\Windows\System\lAEBxhT.exe
  2⤵
  PID:6172
- C:\Windows\System\dKuBxes.exe
  C:\Windows\System\dKuBxes.exe
  2⤵
  PID:6192
- C:\Windows\System\NnEwdEC.exe
  C:\Windows\System\NnEwdEC.exe
  2⤵
  PID:6212
- C:\Windows\System\nfqqAFv.exe
  C:\Windows\System\nfqqAFv.exe
  2⤵
  PID:6228
- C:\Windows\System\zSaKEdP.exe
  C:\Windows\System\zSaKEdP.exe
  2⤵
  PID:6244
- C:\Windows\System\ruihXDd.exe
  C:\Windows\System\ruihXDd.exe
  2⤵
  PID:6260
- C:\Windows\System\UICxAGC.exe
  C:\Windows\System\UICxAGC.exe
  2⤵
  PID:6284
- C:\Windows\System\RhMougw.exe
  C:\Windows\System\RhMougw.exe
  2⤵
  PID:6304
- C:\Windows\System\ILszWmt.exe
  C:\Windows\System\ILszWmt.exe
  2⤵
  PID:6324
- C:\Windows\System\XZCrhhn.exe
  C:\Windows\System\XZCrhhn.exe
  2⤵
  PID:6340
- C:\Windows\System\aDygsiQ.exe
  C:\Windows\System\aDygsiQ.exe
  2⤵
  PID:6356
- C:\Windows\System\lVLEfIw.exe
  C:\Windows\System\lVLEfIw.exe
  2⤵
  PID:6372
- C:\Windows\System\bmLKDSI.exe
  C:\Windows\System\bmLKDSI.exe
  2⤵
  PID:6388
- C:\Windows\System\DNMtShx.exe
  C:\Windows\System\DNMtShx.exe
  2⤵
  PID:6404
- C:\Windows\System\AeKKcWv.exe
  C:\Windows\System\AeKKcWv.exe
  2⤵
  PID:6420
- C:\Windows\System\ZSIKMlf.exe
  C:\Windows\System\ZSIKMlf.exe
  2⤵
  PID:6440
- C:\Windows\System\ytfUYbC.exe
  C:\Windows\System\ytfUYbC.exe
  2⤵
  PID:6456
- C:\Windows\System\BinYHtB.exe
  C:\Windows\System\BinYHtB.exe
  2⤵
  PID:6472
- C:\Windows\System\YZdyuvX.exe
  C:\Windows\System\YZdyuvX.exe
  2⤵
  PID:6488
- C:\Windows\System\rfqRNmk.exe
  C:\Windows\System\rfqRNmk.exe
  2⤵
  PID:6504
- C:\Windows\System\jOvMXaR.exe
  C:\Windows\System\jOvMXaR.exe
  2⤵
  PID:6520
- C:\Windows\System\omVMxkd.exe
  C:\Windows\System\omVMxkd.exe
  2⤵
  PID:6536
- C:\Windows\System\VastuCb.exe
  C:\Windows\System\VastuCb.exe
  2⤵
  PID:6552
- C:\Windows\System\GpVaXxN.exe
  C:\Windows\System\GpVaXxN.exe
  2⤵
  PID:6568
- C:\Windows\System\zbkwffK.exe
  C:\Windows\System\zbkwffK.exe
  2⤵
  PID:6584
- C:\Windows\System\uzIHdAU.exe
  C:\Windows\System\uzIHdAU.exe
  2⤵
  PID:6600
- C:\Windows\System\JSxQwxW.exe
  C:\Windows\System\JSxQwxW.exe
  2⤵
  PID:6616
- C:\Windows\System\gQQcpVX.exe
  C:\Windows\System\gQQcpVX.exe
  2⤵
  PID:6632
- C:\Windows\System\CmCCxUz.exe
  C:\Windows\System\CmCCxUz.exe
  2⤵
  PID:6648
- C:\Windows\System\PIfcDlU.exe
  C:\Windows\System\PIfcDlU.exe
  2⤵
  PID:6664
- C:\Windows\System\yywxQFM.exe
  C:\Windows\System\yywxQFM.exe
  2⤵
  PID:6680
- C:\Windows\System\JtZBdPx.exe
  C:\Windows\System\JtZBdPx.exe
  2⤵
  PID:6696
- C:\Windows\System\bNoNdEj.exe
  C:\Windows\System\bNoNdEj.exe
  2⤵
  PID:6712
- C:\Windows\System\tcYKDDU.exe
  C:\Windows\System\tcYKDDU.exe
  2⤵
  PID:6728
- C:\Windows\System\zoMEPCo.exe
  C:\Windows\System\zoMEPCo.exe
  2⤵
  PID:6744
- C:\Windows\System\SfCgMJS.exe
  C:\Windows\System\SfCgMJS.exe
  2⤵
  PID:6760
- C:\Windows\System\XfykeHh.exe
  C:\Windows\System\XfykeHh.exe
  2⤵
  PID:6776
- C:\Windows\System\jqMQNqr.exe
  C:\Windows\System\jqMQNqr.exe
  2⤵
  PID:6792
- C:\Windows\System\iYSiFeh.exe
  C:\Windows\System\iYSiFeh.exe
  2⤵
  PID:6808
- C:\Windows\System\BwUTKWA.exe
  C:\Windows\System\BwUTKWA.exe
  2⤵
  PID:6824
- C:\Windows\System\wUBgjRX.exe
  C:\Windows\System\wUBgjRX.exe
  2⤵
  PID:6840
- C:\Windows\System\nRoKJqB.exe
  C:\Windows\System\nRoKJqB.exe
  2⤵
  PID:6884
- C:\Windows\System\VUGbXpp.exe
  C:\Windows\System\VUGbXpp.exe
  2⤵
  PID:6900
- C:\Windows\System\qabgVRV.exe
  C:\Windows\System\qabgVRV.exe
  2⤵
  PID:6920
- C:\Windows\System\QKctvpC.exe
  C:\Windows\System\QKctvpC.exe
  2⤵
  PID:6936
- C:\Windows\System\lWDHozV.exe
  C:\Windows\System\lWDHozV.exe
  2⤵
  PID:6952
- C:\Windows\System\JxpDBbY.exe
  C:\Windows\System\JxpDBbY.exe
  2⤵
  PID:6968
- C:\Windows\System\PJPlqRs.exe
  C:\Windows\System\PJPlqRs.exe
  2⤵
  PID:6984
- C:\Windows\System\eByTIPO.exe
  C:\Windows\System\eByTIPO.exe
  2⤵
  PID:7000
- C:\Windows\System\NARqcnB.exe
  C:\Windows\System\NARqcnB.exe
  2⤵
  PID:7016
- C:\Windows\System\IWCreru.exe
  C:\Windows\System\IWCreru.exe
  2⤵
  PID:7032
- C:\Windows\System\pZoMlnp.exe
  C:\Windows\System\pZoMlnp.exe
  2⤵
  PID:7048
- C:\Windows\System\IJuSAws.exe
  C:\Windows\System\IJuSAws.exe
  2⤵
  PID:7064
- C:\Windows\System\CNOHIJn.exe
  C:\Windows\System\CNOHIJn.exe
  2⤵
  PID:7080
- C:\Windows\System\IzAAocM.exe
  C:\Windows\System\IzAAocM.exe
  2⤵
  PID:7096
- C:\Windows\System\RwQWhxq.exe
  C:\Windows\System\RwQWhxq.exe
  2⤵
  PID:7112
- C:\Windows\System\ksjeQxw.exe
  C:\Windows\System\ksjeQxw.exe
  2⤵
  PID:7128
- C:\Windows\System\qLEwocX.exe
  C:\Windows\System\qLEwocX.exe
  2⤵
  PID:7144
- C:\Windows\System\GYCpvOL.exe
  C:\Windows\System\GYCpvOL.exe
  2⤵
  PID:7160
- C:\Windows\System\NwMurLh.exe
  C:\Windows\System\NwMurLh.exe
  2⤵
  PID:5332
- C:\Windows\System\xSMcKaE.exe
  C:\Windows\System\xSMcKaE.exe
  2⤵
  PID:5648
- C:\Windows\System\jACtAkM.exe
  C:\Windows\System\jACtAkM.exe
  2⤵
  PID:6164
- C:\Windows\System\sDoomWy.exe
  C:\Windows\System\sDoomWy.exe
  2⤵
  PID:6252
- C:\Windows\System\OHJGCHA.exe
  C:\Windows\System\OHJGCHA.exe
  2⤵
  PID:6292
- C:\Windows\System\gwgjNgj.exe
  C:\Windows\System\gwgjNgj.exe
  2⤵
  PID:5124
- C:\Windows\System\AcUVvNB.exe
  C:\Windows\System\AcUVvNB.exe
  2⤵
  PID:5268
- C:\Windows\System\MNNBqFl.exe
  C:\Windows\System\MNNBqFl.exe
  2⤵
  PID:6148
- C:\Windows\System\bYaZSLK.exe
  C:\Windows\System\bYaZSLK.exe
  2⤵
  PID:6300
- C:\Windows\System\wvEtKvd.exe
  C:\Windows\System\wvEtKvd.exe
  2⤵
  PID:6400
- C:\Windows\System\eGTaDkR.exe
  C:\Windows\System\eGTaDkR.exe
  2⤵
  PID:6496
- C:\Windows\System\kKIhVnB.exe
  C:\Windows\System\kKIhVnB.exe
  2⤵
  PID:844
- C:\Windows\System\EAzpbjj.exe
  C:\Windows\System\EAzpbjj.exe
  2⤵
  PID:6656
- C:\Windows\System\lOxyrxG.exe
  C:\Windows\System\lOxyrxG.exe
  2⤵
  PID:6720
- C:\Windows\System\iZqiyHL.exe
  C:\Windows\System\iZqiyHL.exe
  2⤵
  PID:6756
- C:\Windows\System\QPbqbjW.exe
  C:\Windows\System\QPbqbjW.exe
  2⤵
  PID:6820
- C:\Windows\System\MyMEDNQ.exe
  C:\Windows\System\MyMEDNQ.exe
  2⤵
  PID:6240
- C:\Windows\System\kPStMyV.exe
  C:\Windows\System\kPStMyV.exe
  2⤵
  PID:6280
- C:\Windows\System\HnZqaJe.exe
  C:\Windows\System\HnZqaJe.exe
  2⤵
  PID:6348
- C:\Windows\System\ydrTNue.exe
  C:\Windows\System\ydrTNue.exe
  2⤵
  PID:6412
- C:\Windows\System\NmUqqnI.exe
  C:\Windows\System\NmUqqnI.exe
  2⤵
  PID:6480
- C:\Windows\System\LtHbDvv.exe
  C:\Windows\System\LtHbDvv.exe
  2⤵
  PID:6544
- C:\Windows\System\qEWBdUl.exe
  C:\Windows\System\qEWBdUl.exe
  2⤵
  PID:6608
- C:\Windows\System\eacTpmq.exe
  C:\Windows\System\eacTpmq.exe
  2⤵
  PID:6640
- C:\Windows\System\dXrwnIC.exe
  C:\Windows\System\dXrwnIC.exe
  2⤵
  PID:6704
- C:\Windows\System\nraNvaj.exe
  C:\Windows\System\nraNvaj.exe
  2⤵
  PID:6864
- C:\Windows\System\snWmJxn.exe
  C:\Windows\System\snWmJxn.exe
  2⤵
  PID:6736
- C:\Windows\System\aChkCFD.exe
  C:\Windows\System\aChkCFD.exe
  2⤵
  PID:6852
- C:\Windows\System\kzVaNOM.exe
  C:\Windows\System\kzVaNOM.exe
  2⤵
  PID:6992
- C:\Windows\System\YwoXviF.exe
  C:\Windows\System\YwoXviF.exe
  2⤵
  PID:6960
- C:\Windows\System\npoZqGO.exe
  C:\Windows\System\npoZqGO.exe
  2⤵
  PID:6908
- C:\Windows\System\EhXuOlh.exe
  C:\Windows\System\EhXuOlh.exe
  2⤵
  PID:7024
- C:\Windows\System\GBGVbiv.exe
  C:\Windows\System\GBGVbiv.exe
  2⤵
  PID:6912
- C:\Windows\System\pyyuDsr.exe
  C:\Windows\System\pyyuDsr.exe
  2⤵
  PID:6980
- C:\Windows\System\jVXmapN.exe
  C:\Windows\System\jVXmapN.exe
  2⤵
  PID:7044
- C:\Windows\System\BHYbZns.exe
  C:\Windows\System\BHYbZns.exe
  2⤵
  PID:7152
- C:\Windows\System\ywshGEI.exe
  C:\Windows\System\ywshGEI.exe
  2⤵
  PID:7156
- C:\Windows\System\gcFbqyZ.exe
  C:\Windows\System\gcFbqyZ.exe
  2⤵
  PID:7092
- C:\Windows\System\HAGBUYy.exe
  C:\Windows\System\HAGBUYy.exe
  2⤵
  PID:2728
- C:\Windows\System\GwfWNOZ.exe
  C:\Windows\System\GwfWNOZ.exe
  2⤵
  PID:6208
- C:\Windows\System\sPxpIMQ.exe
  C:\Windows\System\sPxpIMQ.exe
  2⤵
  PID:6180
- C:\Windows\System\NwZkuZy.exe
  C:\Windows\System\NwZkuZy.exe
  2⤵
  PID:2452
- C:\Windows\System\ftjKind.exe
  C:\Windows\System\ftjKind.exe
  2⤵
  PID:6224
- C:\Windows\System\aAIRGpJ.exe
  C:\Windows\System\aAIRGpJ.exe
  2⤵
  PID:6468
- C:\Windows\System\UVwJJUh.exe
  C:\Windows\System\UVwJJUh.exe
  2⤵
  PID:6560
- C:\Windows\System\gfVhLaI.exe
  C:\Windows\System\gfVhLaI.exe
  2⤵
  PID:6692
- C:\Windows\System\DYaOJhM.exe
  C:\Windows\System\DYaOJhM.exe
  2⤵
  PID:6428
- C:\Windows\System\GpRgRTU.exe
  C:\Windows\System\GpRgRTU.exe
  2⤵
  PID:6320
- C:\Windows\System\YkgUCYO.exe
  C:\Windows\System\YkgUCYO.exe
  2⤵
  PID:6580
- C:\Windows\System\wYifQzA.exe
  C:\Windows\System\wYifQzA.exe
  2⤵
  PID:6512
- C:\Windows\System\vUXCsxy.exe
  C:\Windows\System\vUXCsxy.exe
  2⤵
  PID:6516
- C:\Windows\System\ffbGQLB.exe
  C:\Windows\System\ffbGQLB.exe
  2⤵
  PID:6856
- C:\Windows\System\KdvAosl.exe
  C:\Windows\System\KdvAosl.exe
  2⤵
  PID:6772
- C:\Windows\System\cgjXtet.exe
  C:\Windows\System\cgjXtet.exe
  2⤵
  PID:3060
- C:\Windows\System\eXYjDMa.exe
  C:\Windows\System\eXYjDMa.exe
  2⤵
  PID:6928
- C:\Windows\System\nwqwKhz.exe
  C:\Windows\System\nwqwKhz.exe
  2⤵
  PID:7008
- C:\Windows\System\UQjteFm.exe
  C:\Windows\System\UQjteFm.exe
  2⤵
  PID:7124
- C:\Windows\System\eysYaUx.exe
  C:\Windows\System\eysYaUx.exe
  2⤵
  PID:6432
- C:\Windows\System\agcWpaX.exe
  C:\Windows\System\agcWpaX.exe
  2⤵
  PID:5256
- C:\Windows\System\BUGrkVt.exe
  C:\Windows\System\BUGrkVt.exe
  2⤵
  PID:7108
- C:\Windows\System\HMlfNKn.exe
  C:\Windows\System\HMlfNKn.exe
  2⤵
  PID:6168
- C:\Windows\System\IiCHLam.exe
  C:\Windows\System\IiCHLam.exe
  2⤵
  PID:2108
- C:\Windows\System\ZFWEwuc.exe
  C:\Windows\System\ZFWEwuc.exe
  2⤵
  PID:6380
- C:\Windows\System\DjUBRse.exe
  C:\Windows\System\DjUBRse.exe
  2⤵
  PID:6184
- C:\Windows\System\rWKuFyW.exe
  C:\Windows\System\rWKuFyW.exe
  2⤵
  PID:6464
- C:\Windows\System\skPTVdx.exe
  C:\Windows\System\skPTVdx.exe
  2⤵
  PID:2588
- C:\Windows\System\utNGPGm.exe
  C:\Windows\System\utNGPGm.exe
  2⤵
  PID:7104
- C:\Windows\System\ckmqWVK.exe
  C:\Windows\System\ckmqWVK.exe
  2⤵
  PID:6236
- C:\Windows\System\GanmLOT.exe
  C:\Windows\System\GanmLOT.exe
  2⤵
  PID:6364
- C:\Windows\System\hlDeMCO.exe
  C:\Windows\System\hlDeMCO.exe
  2⤵
  PID:7028
- C:\Windows\System\lsasJob.exe
  C:\Windows\System\lsasJob.exe
  2⤵
  PID:7040
- C:\Windows\System\QgBsJso.exe
  C:\Windows\System\QgBsJso.exe
  2⤵
  PID:7136
- C:\Windows\System\WAHvOHr.exe
  C:\Windows\System\WAHvOHr.exe
  2⤵
  PID:1160
- C:\Windows\System\QKZvoWJ.exe
  C:\Windows\System\QKZvoWJ.exe
  2⤵
  PID:1056
- C:\Windows\System\WYvtqwI.exe
  C:\Windows\System\WYvtqwI.exe
  2⤵
  PID:6872
- C:\Windows\System\gjPAakK.exe
  C:\Windows\System\gjPAakK.exe
  2⤵
  PID:6448
- C:\Windows\System\HLkfrUa.exe
  C:\Windows\System\HLkfrUa.exe
  2⤵
  PID:6628
- C:\Windows\System\HNVuHgc.exe
  C:\Windows\System\HNVuHgc.exe
  2⤵
  PID:7184
- C:\Windows\System\YfWbwrs.exe
  C:\Windows\System\YfWbwrs.exe
  2⤵
  PID:7200
- C:\Windows\System\ToNVFyl.exe
  C:\Windows\System\ToNVFyl.exe
  2⤵
  PID:7216
- C:\Windows\System\aGkbhCe.exe
  C:\Windows\System\aGkbhCe.exe
  2⤵
  PID:7232
- C:\Windows\System\Qqxviuv.exe
  C:\Windows\System\Qqxviuv.exe
  2⤵
  PID:7248
- C:\Windows\System\kaxZyxD.exe
  C:\Windows\System\kaxZyxD.exe
  2⤵
  PID:7264
- C:\Windows\System\SWvwPKe.exe
  C:\Windows\System\SWvwPKe.exe
  2⤵
  PID:7280
- C:\Windows\System\fmbUoHK.exe
  C:\Windows\System\fmbUoHK.exe
  2⤵
  PID:7296
- C:\Windows\System\NGloqxs.exe
  C:\Windows\System\NGloqxs.exe
  2⤵
  PID:7312
- C:\Windows\System\PwJdkDT.exe
  C:\Windows\System\PwJdkDT.exe
  2⤵
  PID:7328
- C:\Windows\System\truVagh.exe
  C:\Windows\System\truVagh.exe
  2⤵
  PID:7344
- C:\Windows\System\yxQLbvm.exe
  C:\Windows\System\yxQLbvm.exe
  2⤵
  PID:7364
- C:\Windows\System\fICdjug.exe
  C:\Windows\System\fICdjug.exe
  2⤵
  PID:7388
- C:\Windows\System\ZhlvQCY.exe
  C:\Windows\System\ZhlvQCY.exe
  2⤵
  PID:7404
- C:\Windows\System\qYGqjce.exe
  C:\Windows\System\qYGqjce.exe
  2⤵
  PID:7420
- C:\Windows\System\rkIErWP.exe
  C:\Windows\System\rkIErWP.exe
  2⤵
  PID:7436
- C:\Windows\System\LSKDJYj.exe
  C:\Windows\System\LSKDJYj.exe
  2⤵
  PID:7452
- C:\Windows\System\HHrDltW.exe
  C:\Windows\System\HHrDltW.exe
  2⤵
  PID:7472
- C:\Windows\System\HNwOToZ.exe
  C:\Windows\System\HNwOToZ.exe
  2⤵
  PID:7488
- C:\Windows\System\DwwVBEx.exe
  C:\Windows\System\DwwVBEx.exe
  2⤵
  PID:7504
- C:\Windows\System\gBVpzFZ.exe
  C:\Windows\System\gBVpzFZ.exe
  2⤵
  PID:7520
- C:\Windows\System\gHpdJlv.exe
  C:\Windows\System\gHpdJlv.exe
  2⤵
  PID:7540
- C:\Windows\System\fbxHfiX.exe
  C:\Windows\System\fbxHfiX.exe
  2⤵
  PID:7556
- C:\Windows\System\EEdMXgL.exe
  C:\Windows\System\EEdMXgL.exe
  2⤵
  PID:7572
- C:\Windows\System\BLhDSru.exe
  C:\Windows\System\BLhDSru.exe
  2⤵
  PID:7588
- C:\Windows\System\kJMQjRW.exe
  C:\Windows\System\kJMQjRW.exe
  2⤵
  PID:7604
- C:\Windows\System\fOkpKMa.exe
  C:\Windows\System\fOkpKMa.exe
  2⤵
  PID:7624
- C:\Windows\System\lqMxGss.exe
  C:\Windows\System\lqMxGss.exe
  2⤵
  PID:7640
- C:\Windows\System\vvxgTwl.exe
  C:\Windows\System\vvxgTwl.exe
  2⤵
  PID:7656
- C:\Windows\System\bQLSPaz.exe
  C:\Windows\System\bQLSPaz.exe
  2⤵
  PID:7672
- C:\Windows\System\xyDtZsb.exe
  C:\Windows\System\xyDtZsb.exe
  2⤵
  PID:7688
- C:\Windows\System\YbKUutS.exe
  C:\Windows\System\YbKUutS.exe
  2⤵
  PID:7704
- C:\Windows\System\tKYIDqa.exe
  C:\Windows\System\tKYIDqa.exe
  2⤵
  PID:7720
- C:\Windows\System\DGAWBMc.exe
  C:\Windows\System\DGAWBMc.exe
  2⤵
  PID:7736
- C:\Windows\System\IKXmHIa.exe
  C:\Windows\System\IKXmHIa.exe
  2⤵
  PID:7752
- C:\Windows\System\CtFXUER.exe
  C:\Windows\System\CtFXUER.exe
  2⤵
  PID:7768
- C:\Windows\System\rRJByeD.exe
  C:\Windows\System\rRJByeD.exe
  2⤵
  PID:7784
- C:\Windows\System\zLyMbuX.exe
  C:\Windows\System\zLyMbuX.exe
  2⤵
  PID:7800
- C:\Windows\System\VHSFNzF.exe
  C:\Windows\System\VHSFNzF.exe
  2⤵
  PID:7820
- C:\Windows\System\DSEMyqT.exe
  C:\Windows\System\DSEMyqT.exe
  2⤵
  PID:7836
- C:\Windows\System\yLSpSEJ.exe
  C:\Windows\System\yLSpSEJ.exe
  2⤵
  PID:7852
- C:\Windows\System\mMfzrlJ.exe
  C:\Windows\System\mMfzrlJ.exe
  2⤵
  PID:7876
- C:\Windows\System\vIUzVXE.exe
  C:\Windows\System\vIUzVXE.exe
  2⤵
  PID:7892
- C:\Windows\System\XNGJVUl.exe
  C:\Windows\System\XNGJVUl.exe
  2⤵
  PID:7908
- C:\Windows\System\nxxWSYd.exe
  C:\Windows\System\nxxWSYd.exe
  2⤵
  PID:7924
- C:\Windows\System\MIBrGuT.exe
  C:\Windows\System\MIBrGuT.exe
  2⤵
  PID:7940
- C:\Windows\System\EwPtCqB.exe
  C:\Windows\System\EwPtCqB.exe
  2⤵
  PID:7956
- C:\Windows\System\iUJdQOc.exe
  C:\Windows\System\iUJdQOc.exe
  2⤵
  PID:7972
- C:\Windows\System\JdfTtBp.exe
  C:\Windows\System\JdfTtBp.exe
  2⤵
  PID:7988
- C:\Windows\System\WegcxRf.exe
  C:\Windows\System\WegcxRf.exe
  2⤵
  PID:8004
- C:\Windows\System\BnIwKsi.exe
  C:\Windows\System\BnIwKsi.exe
  2⤵
  PID:8020
- C:\Windows\System\HPwqwKx.exe
  C:\Windows\System\HPwqwKx.exe
  2⤵
  PID:8036
- C:\Windows\System\aQfGZoM.exe
  C:\Windows\System\aQfGZoM.exe
  2⤵
  PID:8052
- C:\Windows\System\uzuIcyc.exe
  C:\Windows\System\uzuIcyc.exe
  2⤵
  PID:8068
- C:\Windows\System\QXhhfgs.exe
  C:\Windows\System\QXhhfgs.exe
  2⤵
  PID:8084
- C:\Windows\System\HebLzUC.exe
  C:\Windows\System\HebLzUC.exe
  2⤵
  PID:8100
- C:\Windows\System\TGnPSSF.exe
  C:\Windows\System\TGnPSSF.exe
  2⤵
  PID:8116
- C:\Windows\System\SrMnYvI.exe
  C:\Windows\System\SrMnYvI.exe
  2⤵
  PID:8132
- C:\Windows\System\ZYjpgCP.exe
  C:\Windows\System\ZYjpgCP.exe
  2⤵
  PID:8148
- C:\Windows\System\JuYyGvj.exe
  C:\Windows\System\JuYyGvj.exe
  2⤵
  PID:8164
- C:\Windows\System\qZXwUVT.exe
  C:\Windows\System\qZXwUVT.exe
  2⤵
  PID:8180
- C:\Windows\System\DiktNKk.exe
  C:\Windows\System\DiktNKk.exe
  2⤵
  PID:7012
- C:\Windows\System\KOBrlWZ.exe
  C:\Windows\System\KOBrlWZ.exe
  2⤵
  PID:7196
- C:\Windows\System\PbrASkd.exe
  C:\Windows\System\PbrASkd.exe
  2⤵
  PID:7140
- C:\Windows\System\TIWwiBe.exe
  C:\Windows\System\TIWwiBe.exe
  2⤵
  PID:7176
- C:\Windows\System\dxiNwuk.exe
  C:\Windows\System\dxiNwuk.exe
  2⤵
  PID:7240
- C:\Windows\System\vFiabgA.exe
  C:\Windows\System\vFiabgA.exe
  2⤵
  PID:7276
- C:\Windows\System\noZyfpT.exe
  C:\Windows\System\noZyfpT.exe
  2⤵
  PID:7308
- C:\Windows\System\jYwlRoQ.exe
  C:\Windows\System\jYwlRoQ.exe
  2⤵
  PID:7356
- C:\Windows\System\ORCRAnw.exe
  C:\Windows\System\ORCRAnw.exe
  2⤵
  PID:7432
- C:\Windows\System\amMwGux.exe
  C:\Windows\System\amMwGux.exe
  2⤵
  PID:7412
- C:\Windows\System\unHMFXE.exe
  C:\Windows\System\unHMFXE.exe
  2⤵
  PID:7448
- C:\Windows\System\MnBuMCa.exe
  C:\Windows\System\MnBuMCa.exe
  2⤵
  PID:2004
- C:\Windows\System\HjMkJvD.exe
  C:\Windows\System\HjMkJvD.exe
  2⤵
  PID:7536
- C:\Windows\System\tYxdDJY.exe
  C:\Windows\System\tYxdDJY.exe
  2⤵
  PID:7600
- C:\Windows\System\eqtJQCI.exe
  C:\Windows\System\eqtJQCI.exe
  2⤵
  PID:7516
- C:\Windows\System\RCVUJGO.exe
  C:\Windows\System\RCVUJGO.exe
  2⤵
  PID:7552
- C:\Windows\System\IfWoKte.exe
  C:\Windows\System\IfWoKte.exe
  2⤵
  PID:7760
- C:\Windows\System\JJYYlYK.exe
  C:\Windows\System\JJYYlYK.exe
  2⤵
  PID:7700
- C:\Windows\System\uCozsdS.exe
  C:\Windows\System\uCozsdS.exe
  2⤵
  PID:7832
- C:\Windows\System\vxKurQi.exe
  C:\Windows\System\vxKurQi.exe
  2⤵
  PID:7612
- C:\Windows\System\miAQsEp.exe
  C:\Windows\System\miAQsEp.exe
  2⤵
  PID:7868
- C:\Windows\System\cefTgVx.exe
  C:\Windows\System\cefTgVx.exe
  2⤵
  PID:7860
- C:\Windows\System\TGittuZ.exe
  C:\Windows\System\TGittuZ.exe
  2⤵
  PID:7712
- C:\Windows\System\FihXnWW.exe
  C:\Windows\System\FihXnWW.exe
  2⤵
  PID:7776
- C:\Windows\System\XWBqamR.exe
  C:\Windows\System\XWBqamR.exe
  2⤵
  PID:7932
- C:\Windows\System\kWqQTGc.exe
  C:\Windows\System\kWqQTGc.exe
  2⤵
  PID:7996
- C:\Windows\System\fIEsGXC.exe
  C:\Windows\System\fIEsGXC.exe
  2⤵
  PID:7812
- C:\Windows\System\beWZenQ.exe
  C:\Windows\System\beWZenQ.exe
  2⤵
  PID:7884
- C:\Windows\System\kyCbTnD.exe
  C:\Windows\System\kyCbTnD.exe
  2⤵
  PID:6804
- C:\Windows\System\ojLXbBD.exe
  C:\Windows\System\ojLXbBD.exe
  2⤵
  PID:8060
- C:\Windows\System\FnDtdsP.exe
  C:\Windows\System\FnDtdsP.exe
  2⤵
  PID:8012
- C:\Windows\System\vMEzBQm.exe
  C:\Windows\System\vMEzBQm.exe
  2⤵
  PID:8076
- C:\Windows\System\RMWXnMA.exe
  C:\Windows\System\RMWXnMA.exe
  2⤵
  PID:8124
- C:\Windows\System\DvNEktP.exe
  C:\Windows\System\DvNEktP.exe
  2⤵
  PID:8160
- C:\Windows\System\RlStzNn.exe
  C:\Windows\System\RlStzNn.exe
  2⤵
  PID:7228
- C:\Windows\System\bKQZWYY.exe
  C:\Windows\System\bKQZWYY.exe
  2⤵
  PID:7272
- C:\Windows\System\CzCVzlv.exe
  C:\Windows\System\CzCVzlv.exe
  2⤵
  PID:7180
- C:\Windows\System\KzKWozd.exe
  C:\Windows\System\KzKWozd.exe
  2⤵
  PID:7336
- C:\Windows\System\upGKfJD.exe
  C:\Windows\System\upGKfJD.exe
  2⤵
  PID:8176
- C:\Windows\System\WEIveyF.exe
  C:\Windows\System\WEIveyF.exe
  2⤵
  PID:7444
- C:\Windows\System\brjDphY.exe
  C:\Windows\System\brjDphY.exe
  2⤵
  PID:7500
- C:\Windows\System\LDtLHkC.exe
  C:\Windows\System\LDtLHkC.exe
  2⤵
  PID:7664
- C:\Windows\System\ovoDqqJ.exe
  C:\Windows\System\ovoDqqJ.exe
  2⤵
  PID:7728
- C:\Windows\System\uTbEBQU.exe
  C:\Windows\System\uTbEBQU.exe
  2⤵
  PID:7360
- C:\Windows\System\pEmewHz.exe
  C:\Windows\System\pEmewHz.exe
  2⤵
  PID:7696
- C:\Windows\System\kkVksSR.exe
  C:\Windows\System\kkVksSR.exe
  2⤵
  PID:7616
- C:\Windows\System\BNxJEMG.exe
  C:\Windows\System\BNxJEMG.exe
  2⤵
  PID:7808
- C:\Windows\System\bLDLSpP.exe
  C:\Windows\System\bLDLSpP.exe
  2⤵
  PID:8028
- C:\Windows\System\bwDmuIG.exe
  C:\Windows\System\bwDmuIG.exe
  2⤵
  PID:7744
- C:\Windows\System\fihPJFG.exe
  C:\Windows\System\fihPJFG.exe
  2⤵
  PID:7848
- C:\Windows\System\nsmmnEm.exe
  C:\Windows\System\nsmmnEm.exe
  2⤵
  PID:8108
- C:\Windows\System\QAKIjLQ.exe
  C:\Windows\System\QAKIjLQ.exe
  2⤵
  PID:8048
- C:\Windows\System\TNyvPFw.exe
  C:\Windows\System\TNyvPFw.exe
  2⤵
  PID:7428
- C:\Windows\System\EQuAmXG.exe
  C:\Windows\System\EQuAmXG.exe
  2⤵
  PID:6532
- C:\Windows\System\ueiKsDa.exe
  C:\Windows\System\ueiKsDa.exe
  2⤵
  PID:7460
- C:\Windows\System\rrbBakZ.exe
  C:\Windows\System\rrbBakZ.exe
  2⤵
  PID:7288
- C:\Windows\System\TaqLVVu.exe
  C:\Windows\System\TaqLVVu.exe
  2⤵
  PID:7792
- C:\Windows\System\HlgHZMM.exe
  C:\Windows\System\HlgHZMM.exe
  2⤵
  PID:7352
- C:\Windows\System\AKliGAF.exe
  C:\Windows\System\AKliGAF.exe
  2⤵
  PID:6624
- C:\Windows\System\WASZbxJ.exe
  C:\Windows\System\WASZbxJ.exe
  2⤵
  PID:8156
- C:\Windows\System\etuxcLT.exe
  C:\Windows\System\etuxcLT.exe
  2⤵
  PID:7900
- C:\Windows\System\XszTmyi.exe
  C:\Windows\System\XszTmyi.exe
  2⤵
  PID:7968
- C:\Windows\System\WrVkIvt.exe
  C:\Windows\System\WrVkIvt.exe
  2⤵
  PID:7212
- C:\Windows\System\kKpphtX.exe
  C:\Windows\System\kKpphtX.exe
  2⤵
  PID:7380
- C:\Windows\System\ZgEDCYk.exe
  C:\Windows\System\ZgEDCYk.exe
  2⤵
  PID:7796
- C:\Windows\System\wUMalgq.exe
  C:\Windows\System\wUMalgq.exe
  2⤵
  PID:7496
- C:\Windows\System\xoFVNPE.exe
  C:\Windows\System\xoFVNPE.exe
  2⤵
  PID:7680
- C:\Windows\System\YJibpYo.exe
  C:\Windows\System\YJibpYo.exe
  2⤵
  PID:8204
- C:\Windows\System\WweKUHK.exe
  C:\Windows\System\WweKUHK.exe
  2⤵
  PID:8220
- C:\Windows\System\BLwlkpn.exe
  C:\Windows\System\BLwlkpn.exe
  2⤵
  PID:8236
- C:\Windows\System\XNCRjwS.exe
  C:\Windows\System\XNCRjwS.exe
  2⤵
  PID:8252
- C:\Windows\System\pdbeZCL.exe
  C:\Windows\System\pdbeZCL.exe
  2⤵
  PID:8268
- C:\Windows\System\xVCTiQR.exe
  C:\Windows\System\xVCTiQR.exe
  2⤵
  PID:8284
- C:\Windows\System\IdtoXUx.exe
  C:\Windows\System\IdtoXUx.exe
  2⤵
  PID:8300
- C:\Windows\System\WpqFVwS.exe
  C:\Windows\System\WpqFVwS.exe
  2⤵
  PID:8320
- C:\Windows\System\YlQaRuj.exe
  C:\Windows\System\YlQaRuj.exe
  2⤵
  PID:8336
- C:\Windows\System\NskULnl.exe
  C:\Windows\System\NskULnl.exe
  2⤵
  PID:8352
- C:\Windows\System\aCDDrwX.exe
  C:\Windows\System\aCDDrwX.exe
  2⤵
  PID:8368
- C:\Windows\System\KlmXaKs.exe
  C:\Windows\System\KlmXaKs.exe
  2⤵
  PID:8384
- C:\Windows\System\LwlbkzP.exe
  C:\Windows\System\LwlbkzP.exe
  2⤵
  PID:8400
- C:\Windows\System\rZiYcTI.exe
  C:\Windows\System\rZiYcTI.exe
  2⤵
  PID:8416
- C:\Windows\System\DhxCIZd.exe
  C:\Windows\System\DhxCIZd.exe
  2⤵
  PID:8432
- C:\Windows\System\DZvloCm.exe
  C:\Windows\System\DZvloCm.exe
  2⤵
  PID:8452
- C:\Windows\System\swwZUQF.exe
  C:\Windows\System\swwZUQF.exe
  2⤵
  PID:8468
- C:\Windows\System\dpUtxTl.exe
  C:\Windows\System\dpUtxTl.exe
  2⤵
  PID:8484
- C:\Windows\System\OvJTDyF.exe
  C:\Windows\System\OvJTDyF.exe
  2⤵
  PID:8500
- C:\Windows\System\azMdOtv.exe
  C:\Windows\System\azMdOtv.exe
  2⤵
  PID:8516
- C:\Windows\System\iahSJQk.exe
  C:\Windows\System\iahSJQk.exe
  2⤵
  PID:8532
- C:\Windows\System\WZAAGDA.exe
  C:\Windows\System\WZAAGDA.exe
  2⤵
  PID:8548
- C:\Windows\System\xrjLkbw.exe
  C:\Windows\System\xrjLkbw.exe
  2⤵
  PID:8564
- C:\Windows\System\PFqFVRV.exe
  C:\Windows\System\PFqFVRV.exe
  2⤵
  PID:8580
- C:\Windows\System\mDqkpFh.exe
  C:\Windows\System\mDqkpFh.exe
  2⤵
  PID:8596
- C:\Windows\System\wNRtUZb.exe
  C:\Windows\System\wNRtUZb.exe
  2⤵
  PID:8612
- C:\Windows\System\TOgeCtQ.exe
  C:\Windows\System\TOgeCtQ.exe
  2⤵
  PID:8628
- C:\Windows\System\onPpuBo.exe
  C:\Windows\System\onPpuBo.exe
  2⤵
  PID:8644
- C:\Windows\System\CgIqEhC.exe
  C:\Windows\System\CgIqEhC.exe
  2⤵
  PID:8660
- C:\Windows\System\UdXmipC.exe
  C:\Windows\System\UdXmipC.exe
  2⤵
  PID:8676
- C:\Windows\System\UesuFNd.exe
  C:\Windows\System\UesuFNd.exe
  2⤵
  PID:8692
- C:\Windows\System\bcosHLB.exe
  C:\Windows\System\bcosHLB.exe
  2⤵
  PID:8708
- C:\Windows\System\CTDLUxF.exe
  C:\Windows\System\CTDLUxF.exe
  2⤵
  PID:8724
- C:\Windows\System\pGsomSk.exe
  C:\Windows\System\pGsomSk.exe
  2⤵
  PID:8740
- C:\Windows\System\nZInldk.exe
  C:\Windows\System\nZInldk.exe
  2⤵
  PID:8756
- C:\Windows\System\enHwDev.exe
  C:\Windows\System\enHwDev.exe
  2⤵
  PID:8772
- C:\Windows\System\HuzEDix.exe
  C:\Windows\System\HuzEDix.exe
  2⤵
  PID:8788
- C:\Windows\System\VfNsiTt.exe
  C:\Windows\System\VfNsiTt.exe
  2⤵
  PID:8804
- C:\Windows\System\bJAJmFy.exe
  C:\Windows\System\bJAJmFy.exe
  2⤵
  PID:8820
- C:\Windows\System\XleDFdM.exe
  C:\Windows\System\XleDFdM.exe
  2⤵
  PID:8836
- C:\Windows\System\mTqAQnQ.exe
  C:\Windows\System\mTqAQnQ.exe
  2⤵
  PID:8852
- C:\Windows\System\DTmRSqi.exe
  C:\Windows\System\DTmRSqi.exe
  2⤵
  PID:8868
- C:\Windows\System\JAcOFtK.exe
  C:\Windows\System\JAcOFtK.exe
  2⤵
  PID:8888
- C:\Windows\System\ugYVUkF.exe
  C:\Windows\System\ugYVUkF.exe
  2⤵
  PID:8904
- C:\Windows\System\ywpogyX.exe
  C:\Windows\System\ywpogyX.exe
  2⤵
  PID:8920
- C:\Windows\System\TxHOUSG.exe
  C:\Windows\System\TxHOUSG.exe
  2⤵
  PID:8936
- C:\Windows\System\VfalMQK.exe
  C:\Windows\System\VfalMQK.exe
  2⤵
  PID:8952
- C:\Windows\System\UiaoEAL.exe
  C:\Windows\System\UiaoEAL.exe
  2⤵
  PID:8968
- C:\Windows\System\frwyYbK.exe
  C:\Windows\System\frwyYbK.exe
  2⤵
  PID:8984
- C:\Windows\System\DzwWKxM.exe
  C:\Windows\System\DzwWKxM.exe
  2⤵
  PID:9000
- C:\Windows\System\ImuKBNx.exe
  C:\Windows\System\ImuKBNx.exe
  2⤵
  PID:9016
- C:\Windows\System\BMIZaEl.exe
  C:\Windows\System\BMIZaEl.exe
  2⤵
  PID:9032
- C:\Windows\System\PsTnQcl.exe
  C:\Windows\System\PsTnQcl.exe
  2⤵
  PID:9048
- C:\Windows\System\NlPoBDx.exe
  C:\Windows\System\NlPoBDx.exe
  2⤵
  PID:9064
- C:\Windows\System\VxzdcZS.exe
  C:\Windows\System\VxzdcZS.exe
  2⤵
  PID:9080
- C:\Windows\System\LviqIic.exe
  C:\Windows\System\LviqIic.exe
  2⤵
  PID:9096
- C:\Windows\System\uyPBHrB.exe
  C:\Windows\System\uyPBHrB.exe
  2⤵
  PID:9112
- C:\Windows\System\llZfqEY.exe
  C:\Windows\System\llZfqEY.exe
  2⤵
  PID:9128
- C:\Windows\System\WRynrxh.exe
  C:\Windows\System\WRynrxh.exe
  2⤵
  PID:9144
- C:\Windows\System\zSTFTVB.exe
  C:\Windows\System\zSTFTVB.exe
  2⤵
  PID:9160
- C:\Windows\System\VhPOTqO.exe
  C:\Windows\System\VhPOTqO.exe
  2⤵
  PID:9176
- C:\Windows\System\xvKTDLY.exe
  C:\Windows\System\xvKTDLY.exe
  2⤵
  PID:9192
- C:\Windows\System\kZSluUp.exe
  C:\Windows\System\kZSluUp.exe
  2⤵
  PID:9208
- C:\Windows\System\oKshGIA.exe
  C:\Windows\System\oKshGIA.exe
  2⤵
  PID:7964
- C:\Windows\System\yhwsmyZ.exe
  C:\Windows\System\yhwsmyZ.exe
  2⤵
  PID:8196
- C:\Windows\System\WHHftUC.exe
  C:\Windows\System\WHHftUC.exe
  2⤵
  PID:8244
- C:\Windows\System\XaxlvQZ.exe
  C:\Windows\System\XaxlvQZ.exe
  2⤵
  PID:8276
- C:\Windows\System\XIHXDbC.exe
  C:\Windows\System\XIHXDbC.exe
  2⤵
  PID:8344
- C:\Windows\System\uUOgXkk.exe
  C:\Windows\System\uUOgXkk.exe
  2⤵
  PID:8376
- C:\Windows\System\yJMquvq.exe
  C:\Windows\System\yJMquvq.exe
  2⤵
  PID:8440
- C:\Windows\System\aKeYkeg.exe
  C:\Windows\System\aKeYkeg.exe
  2⤵
  PID:8332
- C:\Windows\System\TnDAodZ.exe
  C:\Windows\System\TnDAodZ.exe
  2⤵
  PID:8396
- C:\Windows\System\dsATVcF.exe
  C:\Windows\System\dsATVcF.exe
  2⤵
  PID:8512
- C:\Windows\System\LUPiOcW.exe
  C:\Windows\System\LUPiOcW.exe
  2⤵
  PID:8460
- C:\Windows\System\thHiaGy.exe
  C:\Windows\System\thHiaGy.exe
  2⤵
  PID:8524
- C:\Windows\System\wLPsZyW.exe
  C:\Windows\System\wLPsZyW.exe
  2⤵
  PID:8572
- C:\Windows\System\QYZKNhG.exe
  C:\Windows\System\QYZKNhG.exe
  2⤵
  PID:8560
- C:\Windows\System\cJTpsom.exe
  C:\Windows\System\cJTpsom.exe
  2⤵
  PID:8624
- C:\Windows\System\krnThma.exe
  C:\Windows\System\krnThma.exe
  2⤵
  PID:8652
- C:\Windows\System\ZFgjLux.exe
  C:\Windows\System\ZFgjLux.exe
  2⤵
  PID:8672
- C:\Windows\System\iZVjRGg.exe
  C:\Windows\System\iZVjRGg.exe
  2⤵
  PID:8716
- C:\Windows\System\qqgGmUs.exe
  C:\Windows\System\qqgGmUs.exe
  2⤵
  PID:8780
- C:\Windows\System\AdkDqBY.exe
  C:\Windows\System\AdkDqBY.exe
  2⤵
  PID:8844
- C:\Windows\System\AyCYchT.exe
  C:\Windows\System\AyCYchT.exe
  2⤵
  PID:8828
- C:\Windows\System\qJekvLU.exe
  C:\Windows\System\qJekvLU.exe
  2⤵
  PID:8768
- C:\Windows\System\nAgkSmO.exe
  C:\Windows\System\nAgkSmO.exe
  2⤵
  PID:8796
- C:\Windows\System\szUPVEx.exe
  C:\Windows\System\szUPVEx.exe
  2⤵
  PID:8896
- C:\Windows\System\sOFFrRJ.exe
  C:\Windows\System\sOFFrRJ.exe
  2⤵
  PID:8964
- C:\Windows\System\LPoJXyD.exe
  C:\Windows\System\LPoJXyD.exe
  2⤵
  PID:8948
- C:\Windows\System\iSPfuUF.exe
  C:\Windows\System\iSPfuUF.exe
  2⤵
  PID:9024
- C:\Windows\System\vlICJXB.exe
  C:\Windows\System\vlICJXB.exe
  2⤵
  PID:9060
- C:\Windows\System\SWaIPmD.exe
  C:\Windows\System\SWaIPmD.exe
  2⤵
  PID:9152
- C:\Windows\System\ZPAZJuv.exe
  C:\Windows\System\ZPAZJuv.exe
  2⤵
  PID:9188
- C:\Windows\System\Mzaagoc.exe
  C:\Windows\System\Mzaagoc.exe
  2⤵
  PID:8212
- C:\Windows\System\cYDpanq.exe
  C:\Windows\System\cYDpanq.exe
  2⤵
  PID:8408
- C:\Windows\System\vgdsujS.exe
  C:\Windows\System\vgdsujS.exe
  2⤵
  PID:9044
- C:\Windows\System\LcYDhQj.exe
  C:\Windows\System\LcYDhQj.exe
  2⤵
  PID:9108
- C:\Windows\System\WAuCKrT.exe
  C:\Windows\System\WAuCKrT.exe
  2⤵
  PID:8248
- C:\Windows\System\IIwSkZj.exe
  C:\Windows\System\IIwSkZj.exe
  2⤵
  PID:9200
- C:\Windows\System\VUUmcsp.exe
  C:\Windows\System\VUUmcsp.exe
  2⤵
  PID:9136
- C:\Windows\System\AuaJdnv.exe
  C:\Windows\System\AuaJdnv.exe
  2⤵
  PID:8312
- C:\Windows\System\wcbCyMe.exe
  C:\Windows\System\wcbCyMe.exe
  2⤵
  PID:8296
- C:\Windows\System\iVbyKco.exe
  C:\Windows\System\iVbyKco.exe
  2⤵
  PID:8640
- C:\Windows\System\eYSVEra.exe
  C:\Windows\System\eYSVEra.exe
  2⤵
  PID:8748
- C:\Windows\System\ggUzlpw.exe
  C:\Windows\System\ggUzlpw.exe
  2⤵
  PID:8480
- C:\Windows\System\hAtsllI.exe
  C:\Windows\System\hAtsllI.exe
  2⤵
  PID:8700
- C:\Windows\System\RaUSZej.exe
  C:\Windows\System\RaUSZej.exe
  2⤵
  PID:8588
- C:\Windows\System\mGPsuwz.exe
  C:\Windows\System\mGPsuwz.exe
  2⤵
  PID:8812
- C:\Windows\System\ssXxvAF.exe
  C:\Windows\System\ssXxvAF.exe
  2⤵
  PID:8816
- C:\Windows\System\pbqgWRL.exe
  C:\Windows\System\pbqgWRL.exe
  2⤵
  PID:8736
- C:\Windows\System\GmAChDk.exe
  C:\Windows\System\GmAChDk.exe
  2⤵
  PID:8944
- C:\Windows\System\DTgDBAZ.exe
  C:\Windows\System\DTgDBAZ.exe
  2⤵
  PID:2568
- C:\Windows\System\EkLnjKa.exe
  C:\Windows\System\EkLnjKa.exe
  2⤵
  PID:9124
- C:\Windows\System\CHbASlp.exe
  C:\Windows\System\CHbASlp.exe
  2⤵
  PID:8260
- C:\Windows\System\ucVqPJm.exe
  C:\Windows\System\ucVqPJm.exe
  2⤵
  PID:8364
- C:\Windows\System\zAWEAyi.exe
  C:\Windows\System\zAWEAyi.exe
  2⤵
  PID:8656
- C:\Windows\System\vJQVvVa.exe
  C:\Windows\System\vJQVvVa.exe
  2⤵
  PID:9156
- C:\Windows\System\gtnrAPX.exe
  C:\Windows\System\gtnrAPX.exe
  2⤵
  PID:9204
- C:\Windows\System\qAuekyL.exe
  C:\Windows\System\qAuekyL.exe
  2⤵
  PID:8592
- C:\Windows\System\TlIgpQD.exe
  C:\Windows\System\TlIgpQD.exe
  2⤵
  PID:8876
- C:\Windows\System\XeyHnvk.exe
  C:\Windows\System\XeyHnvk.exe
  2⤵
  PID:8976
- C:\Windows\System\PUbBBGn.exe
  C:\Windows\System\PUbBBGn.exe
  2⤵
  PID:8864
- C:\Windows\System\yOKwcnY.exe
  C:\Windows\System\yOKwcnY.exe
  2⤵
  PID:1812
- C:\Windows\System\zsAyeOC.exe
  C:\Windows\System\zsAyeOC.exe
  2⤵
  PID:8144
- C:\Windows\System\pflvOve.exe
  C:\Windows\System\pflvOve.exe
  2⤵
  PID:408
- C:\Windows\System\pLagSCo.exe
  C:\Windows\System\pLagSCo.exe
  2⤵
  PID:2280
- C:\Windows\System\skFXpPD.exe
  C:\Windows\System\skFXpPD.exe
  2⤵
  PID:2572
- C:\Windows\System\wQWivsP.exe
  C:\Windows\System\wQWivsP.exe
  2⤵
  PID:8308
- C:\Windows\System\lDgDbrE.exe
  C:\Windows\System\lDgDbrE.exe
  2⤵
  PID:8832
- C:\Windows\System\BgnfcCM.exe
  C:\Windows\System\BgnfcCM.exe
  2⤵
  PID:548
- C:\Windows\System\zZwfyqt.exe
  C:\Windows\System\zZwfyqt.exe
  2⤵
  PID:9104
- C:\Windows\System\xaIhFLp.exe
  C:\Windows\System\xaIhFLp.exe
  2⤵
  PID:8496
- C:\Windows\System\mhJoZLX.exe
  C:\Windows\System\mhJoZLX.exe
  2⤵
  PID:8732
- C:\Windows\System\LukgWJM.exe
  C:\Windows\System\LukgWJM.exe
  2⤵
  PID:7904
- C:\Windows\System\rqjHHIF.exe
  C:\Windows\System\rqjHHIF.exe
  2⤵
  PID:8348
- C:\Windows\System\ZSKUWYH.exe
  C:\Windows\System\ZSKUWYH.exe
  2⤵
  PID:9220
- C:\Windows\System\ovqiUdL.exe
  C:\Windows\System\ovqiUdL.exe
  2⤵
  PID:9236
- C:\Windows\System\onrNdug.exe
  C:\Windows\System\onrNdug.exe
  2⤵
  PID:9252
- C:\Windows\System\lhJjImJ.exe
  C:\Windows\System\lhJjImJ.exe
  2⤵
  PID:9268
- C:\Windows\System\ScVllzD.exe
  C:\Windows\System\ScVllzD.exe
  2⤵
  PID:9284
- C:\Windows\System\gvlkucP.exe
  C:\Windows\System\gvlkucP.exe
  2⤵
  PID:9300
- C:\Windows\System\OxLYTLw.exe
  C:\Windows\System\OxLYTLw.exe
  2⤵
  PID:9316
- C:\Windows\System\VQlYaIJ.exe
  C:\Windows\System\VQlYaIJ.exe
  2⤵
  PID:9332
- C:\Windows\System\wBPMFZx.exe
  C:\Windows\System\wBPMFZx.exe
  2⤵
  PID:9348
- C:\Windows\System\dZjmgan.exe
  C:\Windows\System\dZjmgan.exe
  2⤵
  PID:9364
- C:\Windows\System\bucWZhM.exe
  C:\Windows\System\bucWZhM.exe
  2⤵
  PID:9380
- C:\Windows\System\oPdNvql.exe
  C:\Windows\System\oPdNvql.exe
  2⤵
  PID:9396
- C:\Windows\System\FAoTbpu.exe
  C:\Windows\System\FAoTbpu.exe
  2⤵
  PID:9412
- C:\Windows\System\tPupLqD.exe
  C:\Windows\System\tPupLqD.exe
  2⤵
  PID:9428
- C:\Windows\System\NJnKQso.exe
  C:\Windows\System\NJnKQso.exe
  2⤵
  PID:9444
- C:\Windows\System\vZFSkxU.exe
  C:\Windows\System\vZFSkxU.exe
  2⤵
  PID:9460
- C:\Windows\System\HgPVUnc.exe
  C:\Windows\System\HgPVUnc.exe
  2⤵
  PID:9476
- C:\Windows\System\ZVcEQON.exe
  C:\Windows\System\ZVcEQON.exe
  2⤵
  PID:9492
- C:\Windows\System\MHWUpkx.exe
  C:\Windows\System\MHWUpkx.exe
  2⤵
  PID:9508
- C:\Windows\System\glpdHpT.exe
  C:\Windows\System\glpdHpT.exe
  2⤵
  PID:9524
- C:\Windows\System\svpDppU.exe
  C:\Windows\System\svpDppU.exe
  2⤵
  PID:9540
- C:\Windows\System\uhQrefP.exe
  C:\Windows\System\uhQrefP.exe
  2⤵
  PID:9556
- C:\Windows\System\FZfwxGn.exe
  C:\Windows\System\FZfwxGn.exe
  2⤵
  PID:9572
- C:\Windows\System\wMqHxlY.exe
  C:\Windows\System\wMqHxlY.exe
  2⤵
  PID:9588
- C:\Windows\System\fsjOMTs.exe
  C:\Windows\System\fsjOMTs.exe
  2⤵
  PID:9604
- C:\Windows\System\EaTIJOC.exe
  C:\Windows\System\EaTIJOC.exe
  2⤵
  PID:9620
- C:\Windows\System\WIxcvNI.exe
  C:\Windows\System\WIxcvNI.exe
  2⤵
  PID:9636
- C:\Windows\System\OomDCNS.exe
  C:\Windows\System\OomDCNS.exe
  2⤵
  PID:9652
- C:\Windows\System\TbFQSaF.exe
  C:\Windows\System\TbFQSaF.exe
  2⤵
  PID:9668
- C:\Windows\System\UpuVgZf.exe
  C:\Windows\System\UpuVgZf.exe
  2⤵
  PID:9684
- C:\Windows\System\EhqmWPs.exe
  C:\Windows\System\EhqmWPs.exe
  2⤵
  PID:9700
- C:\Windows\System\dMmvHrc.exe
  C:\Windows\System\dMmvHrc.exe
  2⤵
  PID:9716
- C:\Windows\System\LzgMyrs.exe
  C:\Windows\System\LzgMyrs.exe
  2⤵
  PID:9732
- C:\Windows\System\nGDaGVv.exe
  C:\Windows\System\nGDaGVv.exe
  2⤵
  PID:9748
- C:\Windows\System\hAVmehD.exe
  C:\Windows\System\hAVmehD.exe
  2⤵
  PID:9764
- C:\Windows\System\tbDgZeN.exe
  C:\Windows\System\tbDgZeN.exe
  2⤵
  PID:9780
- C:\Windows\System\hCTPxWa.exe
  C:\Windows\System\hCTPxWa.exe
  2⤵
  PID:9796
- C:\Windows\System\uGdRDTh.exe
  C:\Windows\System\uGdRDTh.exe
  2⤵
  PID:9812
- C:\Windows\System\XNTsHwf.exe
  C:\Windows\System\XNTsHwf.exe
  2⤵
  PID:9828
- C:\Windows\System\mtejELY.exe
  C:\Windows\System\mtejELY.exe
  2⤵
  PID:9844
- C:\Windows\System\aWgtBOC.exe
  C:\Windows\System\aWgtBOC.exe
  2⤵
  PID:9860
- C:\Windows\System\mhphaUl.exe
  C:\Windows\System\mhphaUl.exe
  2⤵
  PID:9880
- C:\Windows\System\wKBiAzB.exe
  C:\Windows\System\wKBiAzB.exe
  2⤵
  PID:9900
- C:\Windows\System\IeVbQYO.exe
  C:\Windows\System\IeVbQYO.exe
  2⤵
  PID:9916
- C:\Windows\System\fjAzwNm.exe
  C:\Windows\System\fjAzwNm.exe
  2⤵
  PID:9932
- C:\Windows\System\lvMaDja.exe
  C:\Windows\System\lvMaDja.exe
  2⤵
  PID:9948
- C:\Windows\System\cuYgaCG.exe
  C:\Windows\System\cuYgaCG.exe
  2⤵
  PID:9964
- C:\Windows\System\eOJDyAh.exe
  C:\Windows\System\eOJDyAh.exe
  2⤵
  PID:9980
- C:\Windows\System\UbJUCgf.exe
  C:\Windows\System\UbJUCgf.exe
  2⤵
  PID:9996
- C:\Windows\System\pFHKRSU.exe
  C:\Windows\System\pFHKRSU.exe
  2⤵
  PID:10012
- C:\Windows\System\JGCOUIM.exe
  C:\Windows\System\JGCOUIM.exe
  2⤵
  PID:10096
- C:\Windows\System\gQUHrwg.exe
  C:\Windows\System\gQUHrwg.exe
  2⤵
  PID:10116
- C:\Windows\System\ylaznZS.exe
  C:\Windows\System\ylaznZS.exe
  2⤵
  PID:10132
- C:\Windows\System\MEzzqBZ.exe
  C:\Windows\System\MEzzqBZ.exe
  2⤵
  PID:10148
- C:\Windows\System\XAVjZvY.exe
  C:\Windows\System\XAVjZvY.exe
  2⤵
  PID:10164
- C:\Windows\System\zegIIwC.exe
  C:\Windows\System\zegIIwC.exe
  2⤵
  PID:10180
- C:\Windows\System\lCpwqbb.exe
  C:\Windows\System\lCpwqbb.exe
  2⤵
  PID:10196
- C:\Windows\System\JJSrOXS.exe
  C:\Windows\System\JJSrOXS.exe
  2⤵
  PID:10212
- C:\Windows\System\PIDbIAY.exe
  C:\Windows\System\PIDbIAY.exe
  2⤵
  PID:10228
- C:\Windows\System\URdHISw.exe
  C:\Windows\System\URdHISw.exe
  2⤵
  PID:2376
- C:\Windows\System\XnSPgQu.exe
  C:\Windows\System\XnSPgQu.exe
  2⤵
  PID:9276
- C:\Windows\System\JasBlfQ.exe
  C:\Windows\System\JasBlfQ.exe
  2⤵
  PID:9340
- C:\Windows\System\qoPvxCp.exe
  C:\Windows\System\qoPvxCp.exe
  2⤵
  PID:8424
- C:\Windows\System\HIoWLbw.exe
  C:\Windows\System\HIoWLbw.exe
  2⤵
  PID:9296
- C:\Windows\System\ARLXDdC.exe
  C:\Windows\System\ARLXDdC.exe
  2⤵
  PID:9260
- C:\Windows\System\XXHrLsR.exe
  C:\Windows\System\XXHrLsR.exe
  2⤵
  PID:9388
- C:\Windows\System\AoLHHYx.exe
  C:\Windows\System\AoLHHYx.exe
  2⤵
  PID:9420
- C:\Windows\System\pdxpJVJ.exe
  C:\Windows\System\pdxpJVJ.exe
  2⤵
  PID:9440
- C:\Windows\System\TLKWudx.exe
  C:\Windows\System\TLKWudx.exe
  2⤵
  PID:7632
- C:\Windows\System\rhdOcjC.exe
  C:\Windows\System\rhdOcjC.exe
  2⤵
  PID:9484
- C:\Windows\System\ltJcilO.exe
  C:\Windows\System\ltJcilO.exe
  2⤵
  PID:9584
- C:\Windows\System\FcbpVqe.exe
  C:\Windows\System\FcbpVqe.exe
  2⤵
  PID:9648
- C:\Windows\System\ICYirKJ.exe
  C:\Windows\System\ICYirKJ.exe
  2⤵
  PID:9728
- C:\Windows\System\iqMXLBC.exe
  C:\Windows\System\iqMXLBC.exe
  2⤵
  PID:9756
- C:\Windows\System\eMRiZST.exe
  C:\Windows\System\eMRiZST.exe
  2⤵
  PID:9792
- C:\Windows\System\yKVVImZ.exe
  C:\Windows\System\yKVVImZ.exe
  2⤵
  PID:9856
- C:\Windows\System\NkepPyD.exe
  C:\Windows\System\NkepPyD.exe
  2⤵
  PID:9928
- C:\Windows\System\jzqnAes.exe
  C:\Windows\System\jzqnAes.exe
  2⤵
  PID:9708
- C:\Windows\System\vNAhaEP.exe
  C:\Windows\System\vNAhaEP.exe
  2⤵
  PID:9944
- C:\Windows\System\ZbydUAC.exe
  C:\Windows\System\ZbydUAC.exe
  2⤵
  PID:9836
- C:\Windows\System\GCCkMtI.exe
  C:\Windows\System\GCCkMtI.exe
  2⤵
  PID:9972
- C:\Windows\System\jTekgoH.exe
  C:\Windows\System\jTekgoH.exe
  2⤵
  PID:9876
- C:\Windows\System\ZiRFqBv.exe
  C:\Windows\System\ZiRFqBv.exe
  2⤵
  PID:10020
- C:\Windows\System\utpsIIw.exe
  C:\Windows\System\utpsIIw.exe
  2⤵
  PID:10064
- C:\Windows\System\QjNydDP.exe
  C:\Windows\System\QjNydDP.exe
  2⤵
  PID:10052
- C:\Windows\System\DBshlhM.exe
  C:\Windows\System\DBshlhM.exe
  2⤵
  PID:10088
- C:\Windows\System\bkiEyCF.exe
  C:\Windows\System\bkiEyCF.exe
  2⤵
  PID:10024
- C:\Windows\System\yslgZXB.exe
  C:\Windows\System\yslgZXB.exe
  2⤵
  PID:10128
- C:\Windows\System\MdsRpAa.exe
  C:\Windows\System\MdsRpAa.exe
  2⤵
  PID:10220
- C:\Windows\System\DgIbYnk.exe
  C:\Windows\System\DgIbYnk.exe
  2⤵
  PID:9308
- C:\Windows\System\izXmZwT.exe
  C:\Windows\System\izXmZwT.exe
  2⤵
  PID:10172
- C:\Windows\System\qkCFMCh.exe
  C:\Windows\System\qkCFMCh.exe
  2⤵
  PID:9616
- C:\Windows\System\sZytmNj.exe
  C:\Windows\System\sZytmNj.exe
  2⤵
  PID:9372
- C:\Windows\System\DndWYfN.exe
  C:\Windows\System\DndWYfN.exe
  2⤵
  PID:9924
- C:\Windows\System\dbfskpN.exe
  C:\Windows\System\dbfskpN.exe
  2⤵
  PID:10008
- C:\Windows\System\aiFEFCm.exe
  C:\Windows\System\aiFEFCm.exe
  2⤵
  PID:9852
- C:\Windows\System\hikdDKD.exe
  C:\Windows\System\hikdDKD.exe
  2⤵
  PID:10076
- C:\Windows\System\jwZcysn.exe
  C:\Windows\System\jwZcysn.exe
  2⤵
  PID:9992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AQiAUXk.exe

Filesize
6.0MB

MD5
301c5d7d881f0288a8a66ef0805e5a48

SHA1
c8c34c071e892eb874bd0beddd995cc4f15ba9e7

SHA256
9b76a94e56d5e40ce494b7d1b95598b24771255ffd9e544b940348382d45a88c

SHA512
ca76d3256bfafcb6a90467dfb2dfa4d89a04a37170dbfa7ba48a79476986ce6cd7828b43b9d883f06f985738f8f02d9a48c88c6c1a99c03db67f147d2d7e5999

Download Submit
C:\Windows\system\ArduEQV.exe

Filesize
6.0MB

MD5
33d745f1d6ae53366532a2a28146b4c5

SHA1
388e4742cb16fcc29b21f47fe4a951035c3ae96e

SHA256
27888ba75ec0cced19d0ec0d5c7b9c11aa88f626cfba723e645a7714b85a7133

SHA512
08de9e581f28fbf36bd87ddd3a03f4dd8431b699d796bcb2fd012718657f4bb75aead61e07ff1e17ecd5a97fb3ba15e1626e8993885c737c8ccc8321537cdf35

Download Submit
C:\Windows\system\BTIuVUw.exe

Filesize
6.0MB

MD5
8f2604e42cf7528cd5f90ac4f1d48c5a

SHA1
e41ce25d57f91a4cbe371c90894acce47a0ebb01

SHA256
0e60977d738ef5bcc8fd869d7031c2f46c5ce5e8657ad5a59de9903d930ba334

SHA512
cc7afaf0240e39e9d4c2a968b2b91c324e81e2f97c5c7c261ecbc44b291f2372aa1f4ebe980f26d2f8330db97da2101bcb88f953c31a6e2d965fca4d7851893e

Download Submit
C:\Windows\system\DGIaZgz.exe

Filesize
6.0MB

MD5
845d52f34178ba04c9f97a523c6c7f74

SHA1
c35a0a6b7e1406ff1782b8b428ea7bceb60e0e3e

SHA256
35c766034dbccbfa4c7178783b3c2260484da00ded4d3f282ff0eb0809ea1e4b

SHA512
864ff7b5451db6476f94b781e2e6649ad8e6e26d1bab5c46ce5a0ae9a117b85f0c5efa23eb47b9b9b25591c3723a001c7de7e8e413e5e61630930368220806a5

Download Submit
C:\Windows\system\DbmVVYT.exe

Filesize
6.0MB

MD5
a62109b3edda6c4d058dea55d5b3949d

SHA1
4ca1755712a8eb27d3e859826101c125de8b04af

SHA256
b9bd682d99601449020fccde9b972397fd21ed4288251d138cf8e952ab35ce69

SHA512
6b15d58063f42b44ed1ca1942ef7e804f653e11c8f15b5ae5cb532fb6a0283fb084722962588c57809bdf1b2562d4ec563bcc414547679212a0aa32563dc0e56

Download Submit
C:\Windows\system\FEhLHdy.exe

Filesize
6.0MB

MD5
1aaa3be8c381ed9233626ec3a7ec56e1

SHA1
c8b228b453b773cbafe22a4639cd96811b3d7303

SHA256
cf5b0bb17dc6e49456f321fb056f2cf00632426bbb00166b8e7e487e7a54e263

SHA512
09072d00eb3b115ea5b1704cd5ed05bcbd9179b6436d3f74eb4e8dc353a1fc561bfb76376634610becfe646a0e1423b93d303cd4736a3aa3dc1387c52d5c6b37

Download Submit
C:\Windows\system\HACMAil.exe

Filesize
6.0MB

MD5
f3b21e6dc22d779e794e46384e477d97

SHA1
0150e40bfa83659f9dd9d24bb4805c5c1a175214

SHA256
6fecae90fcde16c7e010e6adeeafaa1ec8d85c6838ad503578c5dfa7d0e66526

SHA512
852ad1cdfbc40d2093fdd00c418956141e5212f255fd23845c4f444ba5e05aca2aefb8a35287d33b4e1af114f611f7d18e8ef042e1db8048373ac068fa662b89

Download Submit
C:\Windows\system\JJciUDQ.exe

Filesize
6.0MB

MD5
d96450887d779a08091a1ac96f370f09

SHA1
8c1491da46349aac359d0a43682330686caddf84

SHA256
73aabaa971a621be380cb32d3aac8ff1593c0ae51e0705f70a572e0bee00d4d8

SHA512
4dddb3892525ad5c81336442ad422f42dc5ad506fb6f9b9e2f5f6ee045d384504e9515913e7b17e17748a6ea9cf326f85f9322a7e5d856c10f35c41868510f51

Download Submit
C:\Windows\system\JruFjbG.exe

Filesize
6.0MB

MD5
6c5c43acc84f57b5a1b4c3effa744c1a

SHA1
d1c4f2b11e18f70b1132f6a09234bed762d9392f

SHA256
c33ef19412713c4aadcb87f5627f9d33c8463633b511528af68aa1ed7a208ea3

SHA512
ae7720c4318ae4e5b56b6581a8867c1c971f104372965766a88534794f09d766c792d9fd0cb52603ef4e1f7063f0eace2a7c343c96b11c9707a471209d2cb36d

Download Submit
C:\Windows\system\KGGDjbC.exe

Filesize
6.0MB

MD5
9a701ca29c0cb5b2e960a45bb573665f

SHA1
bdc5a172a8ef31f4b9dbdf3a7452869d6da08a50

SHA256
99ee904624673ace8984f9c5df327a82d8ac3fc6eac76804193c0ccf6560084f

SHA512
de85c00a73781b01db7a7cd76a1fd90bf5b884c27a4631e4d7c48a175d5360370410afbbeaac72a60f4977c6f7918d9dd54c54f40ba7cd8bf0cd85e063523200

Download Submit
C:\Windows\system\LQXEzKS.exe

Filesize
6.0MB

MD5
4f652535947be635ee70c139ca2186fb

SHA1
5aca11c161f8a5d38e82e474e5c76eeb4b33091e

SHA256
26c70b8ee6ad72fa1a288027d988aec950498ea5cd88474ba835edb7a0e48f47

SHA512
8c3f5a4293750e021988e14dc06b2edeaac78d3d62a86216f7aeab13c074eccc7324f31ad8556a5024362ab786784329afcb1ba4f402268f2b56899901b4ad52

Download Submit
C:\Windows\system\Mccqhyc.exe

Filesize
6.0MB

MD5
c6ec0ca9976ff9078cd0add6554c1be6

SHA1
3a5436bc82cd914289c598e2ed86fd9c83d44fda

SHA256
e1a0c47a509e83cfa401ffef256b00d662549b20f4367e5630e77af205754a11

SHA512
7fa163d8fed38f4babb9b648c77608e087fc5201e0ebf1bc5c1507128515e63de6304ffec9918142d78ef99c1c2f42fb3c81c76c7594a7555467ec1f8db4007d

Download Submit
C:\Windows\system\QJxATQJ.exe

Filesize
6.0MB

MD5
efa78c693df1e9934e25123969e72941

SHA1
2135966b979baef3dbca1bebefc46ead6cc3e172

SHA256
a62fb61c3cdcf730098ea5f7183f7f812f723c17ffefa39ee572519e10a3ce8d

SHA512
ecb260fb4e715e56c023ac74a8dcfb73e7e498fc303990bb326a0fb67982162ac89b851a132570906f7b2444377bf34d947280da182b74213c68b49b56e7cc15

Download Submit
C:\Windows\system\QvDeLaV.exe

Filesize
6.0MB

MD5
0bde01331499ee3468e85848da5f47db

SHA1
89f8ed8cc953ade8883a77dfbafc694179e19995

SHA256
54411e55939a0d4febff6cc23ffe100eb3803939b9c4855d0288bcd60e28e646

SHA512
fa2f3e182b247efa17417c6aaee112bb461e9ce7c4d4c30248e025a695c1378cae28263e72bf0670c37cdf1846e3086157383f4a4145121324c9259471687a5f

Download Submit
C:\Windows\system\UuibCrK.exe

Filesize
6.0MB

MD5
80ece552c81d1196c3d37aa663f44af7

SHA1
0b62b0801af8914ff2f458d2b20e583c700f6a74

SHA256
00e06f5a33f92f691b08bdd62c6dec7688f79814bc841ecb9d29529cfd5bdc20

SHA512
0b2029349d029531eee3f3c0c22be2c43be9477ce77eeee23c3f4373c4eba2cd3636a27cc83a8f663e701e4380ad099251e9d62f7a65c97472f3feb724cd1bb2

Download Submit
C:\Windows\system\VdtxqHp.exe

Filesize
6.0MB

MD5
fcc07aab0ea23e120754f8a974209963

SHA1
8ad0668da770eced1eaa4ce87d45cf74003c275e

SHA256
40b3c36002c808d344ce8844c83fda01ae6432cf324a8264a17515f17e25781e

SHA512
5a72ca36e2f512c4e47c308a8dfb399395f450b640576d4d5ef8f7350231dff7e087bc7dd7fc2a5ac52004e5548baa37a881529e55d6b4ff2e439e9f6c126a9c

Download Submit
C:\Windows\system\WOvAjHY.exe

Filesize
6.0MB

MD5
119c2755206531418ba74d7eaa76cec2

SHA1
09b4c3f259d94ab51231ebbacb736820d3a8f206

SHA256
787111aaa110492485d72dcfd28a0ee3002edf2287425ed0a6b4d4ec2613d6d7

SHA512
8b456c89aca5ae2ddd5be899497230ed26ff4645c0ce5c3a286cb7894f9d1141d0d9f164a96d8dabfe60b48418993f014a96de88380ebbcafc41d4e5a3b7ce31

Download Submit
C:\Windows\system\XgbsVMK.exe

Filesize
6.0MB

MD5
cb7ff638baace4e160f57d8bd81c9a1a

SHA1
19f529a11b8b72116bf1a8a5e026835606fce02b

SHA256
1b71e17a7b3a1dda31759030ec881c1dae68bfa6f017800de93576cc4de2ef0d

SHA512
214896b3c0ae5c6985d306ce4492c36fa3a204ebcc4b79e0514149d8e79a3449acfbbe570b30155c81f73168d481e822d45686c5e92834a612730aacfb8df781

Download Submit
C:\Windows\system\dYJYKeM.exe

Filesize
6.0MB

MD5
cd8804e22abe547b714163c15d99184b

SHA1
3259772edf879e0dc51082dd0b0b4bb9e156fae6

SHA256
8cbb99e29e6b2a804ec9565f4b8856a321d40d547a473f78d23f9a17437c37ae

SHA512
22c5e7f8c4f0d1440e75218efa46b8c6bc4539dcabe53a74b0fc13976d11512fe719f02e7f995f365e35c246dd85036a47d98bd8eca6681dd3297ed17794ee7a

Download Submit
C:\Windows\system\fAxphmE.exe

Filesize
6.0MB

MD5
d8a7629bf35081e0063895299a13b632

SHA1
4bed11b2cf6779d3a8cd0e58ffa08c84e36a4d1f

SHA256
1d256a1db6632bd9981b7efa7df09317455ac5779b06587d937d88f5fd544d78

SHA512
73cb8b1f1f15f99a27fcadbb83b9b784c5b26e357ce6f0bdec04bb26d6a59e70b5a67d7f5f300700864fc703dda93b84312d09a21648bc1a833afd2447936a26

Download Submit
C:\Windows\system\fFLAQfI.exe

Filesize
6.0MB

MD5
49fc1b573ac7c67286643968c7aaefbd

SHA1
8f4684f21d3e7234b1af5f26212c78e148cdd18a

SHA256
3e2f8954b99d39ac8ef4d0e91e092ab9a0ae6235233d17fd4707dcfaac7f8356

SHA512
2789befbeb33e15cc10466cc95bb50744cdb731c54762d3b6c10f04f89af2780f795e32f090385b1519acad4f9280009029285840ded40101e5b97617362c590

Download Submit
C:\Windows\system\hZlDIfo.exe

Filesize
6.0MB

MD5
f9d7a90aad0faa875f0ea21e08e101ce

SHA1
9405c88dc502904a89b5aea84074644b8504317c

SHA256
ab3dfe7ba8ca0345e3447ed1d2331c15accc50089f03f39668bd1e717bce3be3

SHA512
9dd16e019bf0c82fbbefcae55ce09b368a86f1ed0c88fa8ae9fe76c0b652e4f9b5343fde1af84848e6833f0148639f4b165a330394c641e44b9865367ca8a4d6

Download Submit
C:\Windows\system\lecPeBl.exe

Filesize
6.0MB

MD5
9d4054849932fae2a50b45dbd1a00bed

SHA1
28e93d84000f0567aa96b00b67e640f70878ffa1

SHA256
09a0f3992807384398f62d03fb7de5f59f6a1f377893e16b5915614159576545

SHA512
3a3cfd9a9ac1dfaa6df64de4799e28ed6b48bb0529931dca589bc0584f8b0a6e93098bb2b1c14345c97470fee53a74bd7549a2b399ab6c76003a0df94d6a80ae

Download Submit
C:\Windows\system\lvyLein.exe

Filesize
6.0MB

MD5
a94958b6d8a40aa9386257ab127e9ebb

SHA1
c26fb0452f214002d03be7c197b5852ea6420a87

SHA256
0ab78bf325f3ad14c88577bbafdb26072348c9b2cc9211e266479113d943c1f6

SHA512
480a8eda73dc8d5aa95ba5a66404672f399859de0b6935acd2dd69cfded5b54d2cc46b27de43574e92785b8b49d43fbfba270919d10c46f767e0ded5629a5782

Download Submit
C:\Windows\system\paKgCOV.exe

Filesize
6.0MB

MD5
1d2dab6c9558c4c0f8e45554481c5eb9

SHA1
e6958a73f64677362dcec213697f9b7851248ffa

SHA256
d8d2999e5c113f29ea8d7ac44c06eeafdfddaf13c517d10be1bb3a8d6f816ce0

SHA512
357a45189dc41b016ef0f885161c55136aa4e4cbbb429e4f5cff84ea8433f0c2ca5fca2814196d4adc0caa64a677669be18013bf047a3c66cfbc2ca75f16b4a5

Download Submit
C:\Windows\system\rjjrUxu.exe

Filesize
6.0MB

MD5
b10fbad2559eb601c09b296e91dae4e6

SHA1
eac4d9cf0d5dbd9d183b2a0c0b4e199275f62510

SHA256
97db336efcbbd6a1a02d8fc2b7fbf86359256f29c89a864a5edbc3fa7929e6ad

SHA512
3f15ce525586d7758bee31c10f21f5585abc842c6876cb1c2ae2d2522271cfc25ba18a1f1ff8d6f489a4952ad903a6566735bb13bf068f9e82fc58b0c99444d7

Download Submit
C:\Windows\system\sZhYFFp.exe

Filesize
6.0MB

MD5
c7012d682472fc864110bd647b9b4f88

SHA1
0dbf684477c1cf44b91b684544a9466a3ebe796f

SHA256
478d73d27aa896022173a5f2c20237079685b703e4e0104005c8412fd45a8ba5

SHA512
146d2bcdd9a1b10a57f8d726ddd8cecb831429c6effa4cd9d91c98dc6c1671c2a1d2f43ebf99e9b55579e9e500a41222926c4e3561d60a689f0dacca7cdb5dd8

Download Submit
C:\Windows\system\tGGtbMe.exe

Filesize
6.0MB

MD5
ac2af15d1d80a5507a575f3ebba02a7f

SHA1
78f4fced5377107b1190c5ab8571a007125b79b7

SHA256
2411bc5d307bfcff360139141b24c17a9505634cb05228f7f511b9b2843404fc

SHA512
095a0a352867c021eeee71e143c4623cd80f478f201b36d286ae970f583a6532380ba0c74689995d0985eeaa66350cde92016a00ebdb9d14d857fd16f04a842a

Download Submit
C:\Windows\system\vZXQxIN.exe

Filesize
6.0MB

MD5
31ae825da1d4fc7c6023546b512232f7

SHA1
0564f38812e0088dd79f85d6eb3ed9f971b17fa5

SHA256
89e22a835e3262ef3c11758db16a31c65dac37497356edc3ef9cddb5ee9560cb

SHA512
067ca99f4d8842269669408d68e8c22c4ded07c73c6d1efa47c56848b3caaf63f5a63c06e9e3309429be793321a313e8d74cbf33ba29a5bb7dc75d1783d9f3f6

Download Submit
C:\Windows\system\xhXUSXN.exe

Filesize
6.0MB

MD5
1c45c87d1b77c18f6477207c505127fe

SHA1
0b34dcabd53a6c0a9e0d13fd0ca16de13ee50e5e

SHA256
87e8a2bc796c3d779a02492a390af0e33e6156fc52ad5d9192ebf30aa9deb47e

SHA512
9d47e6337e143c3c450aa59eacda8a269cd0d02738ae15bf25358d508b0d5e97a9e7b846d862cdb3eeb5dd6068d4d105452482c635f67065e49f18158a550842

Download Submit
\Windows\system\UVWSLip.exe

Filesize
6.0MB

MD5
36ca0a32a16f5fbec1a0ffa5301dd6f1

SHA1
5fad751197e1502d4b19e80ac6ce63ea44287054

SHA256
eaf9c2df093895dc404f9ba08dbfd81b00974c5d7da108479343458b32ef3521

SHA512
090141ce9110bbc2c85fcedc0d2c6f999686ddd1cb7645d06c953bf6e64a4189f3b07d8d5673cc0dceac8418d2e742d0a6612183e190d66aeed9673f19bde118

Download Submit
\Windows\system\mWmQCxN.exe

Filesize
6.0MB

MD5
73febc701b3320c421be97bd5dcd845e

SHA1
5f5422e06d4491e82b606815cfca74bc725bbd25

SHA256
02136cf240cb97f2d7fd3f1f0509566b90724aa3e59b7e9488e2c90424bf298a

SHA512
5b0bdefc66ae7ac779b1f1dfe3a54f0a7886927824a5c009696a2d523dcdd131a95a9382868d22d1959a77ebca1bd8271912d1c0f2a587aa215929b7bdccfd73

Download Submit
memory/1712-3573-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/1712-17-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/1720-20-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/1720-0-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/1720-21-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/1720-79-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/1720-1048-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/1720-54-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/1720-871-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/1720-88-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/1720-77-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/1720-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1720-319-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/1720-27-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/1720-69-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/1720-457-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/1720-456-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/1720-38-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/1720-51-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/1720-44-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-55-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-3867-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-39-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-3551-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2356-22-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2356-3552-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2396-3550-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2396-19-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2532-3610-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-82-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-28-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-80-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2704-3795-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2804-83-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2804-3925-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2804-748-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2816-71-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-3891-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-3927-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-72-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-3796-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-76-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2928-70-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2928-3928-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2964-90-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-3866-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-48-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-89-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2972-3926-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2972-872-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download