cobaltstrike | 2ab3d9bd4039c6f94c7fa27f95fa62395aee7738edf3f6b90e4e2cefae6072c2

Analysis

max time kernel
145s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-01-2025 07:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

7d726eb8239fbbbc20ac192898cb0ead
SHA1

c3788e972532c0af2caee940efda17f0e53b4194
SHA256

2ab3d9bd4039c6f94c7fa27f95fa62395aee7738edf3f6b90e4e2cefae6072c2
SHA512

50197c11f706ce9cff2bd505b5fcf0abe20c7f22cc794a2db11ca7b1782fcf6f3e0d76edb1cad83e8df8070544f02642144c7f8f4746e03ac13a8a410626057b
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU4:T+q56utgpPF8u/74

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012116-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ca2-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd3-14.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cfe-18.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d0b-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d13-25.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d1b-30.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d24-34.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001747b-41.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001748f-45.dat	cobalt_reflective_dll
behavioral1/files/0x001500000001866d-57.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190cd-71.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190d6-77.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019218-89.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193be-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019271-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019389-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019277-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924c-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019229-93.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f7-85.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f3-81.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001879b-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018690-65.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018678-61.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001752f-53.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174ac-49.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d36-37.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 59 IoCs

miner

resource	yara_rule
behavioral1/memory/2408-0-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/files/0x0007000000012116-6.dat	xmrig
behavioral1/files/0x0008000000016ca2-10.dat	xmrig
behavioral1/files/0x0007000000016cd3-14.dat	xmrig
behavioral1/files/0x0008000000016cfe-18.dat	xmrig
behavioral1/files/0x0007000000016d0b-22.dat	xmrig
behavioral1/files/0x0007000000016d13-25.dat	xmrig
behavioral1/files/0x0007000000016d1b-30.dat	xmrig
behavioral1/files/0x0007000000016d24-34.dat	xmrig
behavioral1/files/0x000600000001747b-41.dat	xmrig
behavioral1/files/0x000600000001748f-45.dat	xmrig
behavioral1/files/0x001500000001866d-57.dat	xmrig
behavioral1/files/0x00060000000190cd-71.dat	xmrig
behavioral1/files/0x00060000000190d6-77.dat	xmrig
behavioral1/files/0x0005000000019218-89.dat	xmrig
behavioral1/memory/2696-1163-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193be-129.dat	xmrig
behavioral1/files/0x0005000000019382-128.dat	xmrig
behavioral1/files/0x0005000000019273-127.dat	xmrig
behavioral1/files/0x000500000001926b-126.dat	xmrig
behavioral1/files/0x0005000000019271-111.dat	xmrig
behavioral1/files/0x0005000000019389-122.dat	xmrig
behavioral1/files/0x0005000000019234-97.dat	xmrig
behavioral1/files/0x0005000000019277-115.dat	xmrig
behavioral1/files/0x000500000001924c-101.dat	xmrig
behavioral1/files/0x0005000000019229-93.dat	xmrig
behavioral1/files/0x00050000000191f7-85.dat	xmrig
behavioral1/files/0x00050000000191f3-81.dat	xmrig
behavioral1/files/0x000500000001879b-69.dat	xmrig
behavioral1/files/0x0005000000018690-65.dat	xmrig
behavioral1/files/0x0009000000018678-61.dat	xmrig
behavioral1/files/0x000600000001752f-53.dat	xmrig
behavioral1/files/0x00060000000174ac-49.dat	xmrig
behavioral1/files/0x0008000000016d36-37.dat	xmrig
behavioral1/memory/2408-1360-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2668-1359-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2824-1404-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2828-1411-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2568-1495-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2024-1586-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2408-2933-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2084-2968-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2544-2987-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2760-3914-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2584-3919-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2544-3945-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2828-3944-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2084-3946-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2024-3951-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2568-3950-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2824-3949-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2668-3948-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2696-3947-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2668-3952-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2696-3953-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2084-3954-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2584-3955-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2024-3956-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2824-3957-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2760	ZaRNaiw.exe
2696	PAxBXWs.exe
2668	nTdzaRn.exe
2824	vslSbAx.exe
2828	EYbBoVd.exe
2568	HhIwUTB.exe
2024	pFxjFwz.exe
2084	tkUHyrc.exe
2544	NFSpUeU.exe
2584	XSnnnvm.exe
1500	QSZkToZ.exe
2388	wOtqAWH.exe
1628	IxHEloF.exe
588	DoqZSXd.exe
1232	eRvwyoD.exe
1468	PmfZTPJ.exe
3064	XnJYuNe.exe
2260	tHGMqlj.exe
2160	dqgPEeN.exe
2640	iVwAXIb.exe
2856	ZVLcNbM.exe
2104	CfdTvaH.exe
2812	blQQuiL.exe
1264	otRjRAh.exe
2900	hEdegou.exe
1788	ATzNADN.exe
848	LuiCLGD.exe
2460	VXytCEg.exe
2372	BEjphQb.exe
1760	kvJVGcj.exe
2004	jNsPhzk.exe
2224	MCSGdaU.exe
2244	PSXTmsw.exe
2132	uJfzVKY.exe
684	eeAGXje.exe
2144	PYTnGbN.exe
2168	GKspyUl.exe
1080	GsmlOlx.exe
1852	tZFaxPM.exe
344	OsAwrUZ.exe
408	Molqubc.exe
1120	dEsDmPl.exe
1908	cybNyvp.exe
2444	uYzSdAm.exe
976	NZypzhJ.exe
1960	fjxzewg.exe
1492	BSicHKi.exe
2180	eoLcZPX.exe
1756	KvGwoEo.exe
1752	zcuBojS.exe
292	XCNMnSt.exe
2204	PxwHOmW.exe
1688	qxiHkvH.exe
1236	OBGWQYu.exe
604	hjsHRcX.exe
1564	IabhVCM.exe
2424	wsCqbRO.exe
1956	MXNeeIf.exe
288	swWGJwe.exe
1696	bFkjIvD.exe
1712	cHHjsTN.exe
1460	hvLFQHD.exe
1648	FckDZbx.exe
704	dGBruUX.exe

Loads dropped DLL 64 IoCs

pid	Process
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 58 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2408-0-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/files/0x0007000000012116-6.dat	upx
behavioral1/files/0x0008000000016ca2-10.dat	upx
behavioral1/files/0x0007000000016cd3-14.dat	upx
behavioral1/files/0x0008000000016cfe-18.dat	upx
behavioral1/files/0x0007000000016d0b-22.dat	upx
behavioral1/files/0x0007000000016d13-25.dat	upx
behavioral1/files/0x0007000000016d1b-30.dat	upx
behavioral1/files/0x0007000000016d24-34.dat	upx
behavioral1/files/0x000600000001747b-41.dat	upx
behavioral1/files/0x000600000001748f-45.dat	upx
behavioral1/files/0x001500000001866d-57.dat	upx
behavioral1/files/0x00060000000190cd-71.dat	upx
behavioral1/files/0x00060000000190d6-77.dat	upx
behavioral1/files/0x0005000000019218-89.dat	upx
behavioral1/memory/2696-1163-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/files/0x00050000000193be-129.dat	upx
behavioral1/files/0x0005000000019382-128.dat	upx
behavioral1/files/0x0005000000019273-127.dat	upx
behavioral1/files/0x000500000001926b-126.dat	upx
behavioral1/files/0x0005000000019271-111.dat	upx
behavioral1/files/0x0005000000019389-122.dat	upx
behavioral1/files/0x0005000000019234-97.dat	upx
behavioral1/files/0x0005000000019277-115.dat	upx
behavioral1/files/0x000500000001924c-101.dat	upx
behavioral1/files/0x0005000000019229-93.dat	upx
behavioral1/files/0x00050000000191f7-85.dat	upx
behavioral1/files/0x00050000000191f3-81.dat	upx
behavioral1/files/0x000500000001879b-69.dat	upx
behavioral1/files/0x0005000000018690-65.dat	upx
behavioral1/files/0x0009000000018678-61.dat	upx
behavioral1/files/0x000600000001752f-53.dat	upx
behavioral1/files/0x00060000000174ac-49.dat	upx
behavioral1/files/0x0008000000016d36-37.dat	upx
behavioral1/memory/2668-1359-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2824-1404-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2828-1411-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2568-1495-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2024-1586-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2408-2933-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2084-2968-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2544-2987-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2760-3914-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2584-3919-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2544-3945-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2828-3944-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2084-3946-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2024-3951-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2568-3950-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2824-3949-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2668-3948-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2696-3947-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2668-3952-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2696-3953-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2084-3954-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2584-3955-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2024-3956-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2824-3957-0x000000013F400000-0x000000013F754000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\riWVahL.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\idzILRS.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\duhVsbI.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iMMbAzD.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HYPiSNO.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vSNbjHo.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SnirdVt.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nHbVxUe.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JPuIdUM.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MXNeeIf.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rFwTwwJ.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KFFKRdI.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZlmcQTS.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\plXEfYJ.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WdYutOi.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iVwAXIb.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FbdmgOj.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KABYECl.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BNBoAoM.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TjjVgzm.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WMtqWAt.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pLXceoG.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ughfIMO.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eUKmMwF.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OyjtUNy.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tMFhIlM.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OVCsRbh.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KxXkFDG.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uBYVChM.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZhjkRxe.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HmVysvl.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FNDiyEq.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OxKIGyo.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lZGtjTw.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TNtvqTH.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xASphVC.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DToDvGo.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sLOYwdl.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kdtmPQT.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NsRQUZq.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uwzEhHN.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QSZkToZ.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lSGszcg.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JSruCoL.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\goAZXfE.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pkKpEoA.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RKCQVaf.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OOeoJWe.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dWKoPeD.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\teFDffj.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eLLwEJG.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vVVLWll.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QeMKhGx.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GCLwjzE.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vzejLKx.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xLHGpCX.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pFxjFwz.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DoqZSXd.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cybNyvp.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cyCwpNZ.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QnyJCMc.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aMyHmWn.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lSJOKNT.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vjBQUYA.exe	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 2760	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2408 wrote to memory of 2760	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2408 wrote to memory of 2760	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2408 wrote to memory of 2696	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2408 wrote to memory of 2696	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2408 wrote to memory of 2696	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2408 wrote to memory of 2668	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2408 wrote to memory of 2668	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2408 wrote to memory of 2668	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2408 wrote to memory of 2824	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2408 wrote to memory of 2824	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2408 wrote to memory of 2824	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2408 wrote to memory of 2828	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2408 wrote to memory of 2828	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2408 wrote to memory of 2828	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2408 wrote to memory of 2568	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2408 wrote to memory of 2568	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2408 wrote to memory of 2568	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2408 wrote to memory of 2024	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2408 wrote to memory of 2024	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2408 wrote to memory of 2024	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2408 wrote to memory of 2084	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2408 wrote to memory of 2084	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2408 wrote to memory of 2084	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2408 wrote to memory of 2544	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2408 wrote to memory of 2544	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2408 wrote to memory of 2544	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2408 wrote to memory of 2584	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2408 wrote to memory of 2584	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2408 wrote to memory of 2584	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2408 wrote to memory of 1500	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2408 wrote to memory of 1500	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2408 wrote to memory of 1500	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2408 wrote to memory of 2388	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2408 wrote to memory of 2388	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2408 wrote to memory of 2388	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2408 wrote to memory of 1628	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2408 wrote to memory of 1628	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2408 wrote to memory of 1628	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2408 wrote to memory of 588	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2408 wrote to memory of 588	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2408 wrote to memory of 588	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2408 wrote to memory of 1232	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2408 wrote to memory of 1232	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2408 wrote to memory of 1232	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2408 wrote to memory of 1468	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2408 wrote to memory of 1468	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2408 wrote to memory of 1468	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2408 wrote to memory of 3064	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2408 wrote to memory of 3064	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2408 wrote to memory of 3064	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2408 wrote to memory of 2260	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2408 wrote to memory of 2260	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2408 wrote to memory of 2260	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2408 wrote to memory of 2160	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2408 wrote to memory of 2160	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2408 wrote to memory of 2160	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2408 wrote to memory of 2640	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2408 wrote to memory of 2640	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2408 wrote to memory of 2640	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2408 wrote to memory of 2856	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2408 wrote to memory of 2856	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2408 wrote to memory of 2856	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2408 wrote to memory of 2104	2408	2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-25_7d726eb8239fbbbc20ac192898cb0ead_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Windows\System\ZaRNaiw.exe
  C:\Windows\System\ZaRNaiw.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\PAxBXWs.exe
  C:\Windows\System\PAxBXWs.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\nTdzaRn.exe
  C:\Windows\System\nTdzaRn.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\vslSbAx.exe
  C:\Windows\System\vslSbAx.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\EYbBoVd.exe
  C:\Windows\System\EYbBoVd.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\HhIwUTB.exe
  C:\Windows\System\HhIwUTB.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\pFxjFwz.exe
  C:\Windows\System\pFxjFwz.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\tkUHyrc.exe
  C:\Windows\System\tkUHyrc.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\NFSpUeU.exe
  C:\Windows\System\NFSpUeU.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\XSnnnvm.exe
  C:\Windows\System\XSnnnvm.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\QSZkToZ.exe
  C:\Windows\System\QSZkToZ.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\wOtqAWH.exe
  C:\Windows\System\wOtqAWH.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\IxHEloF.exe
  C:\Windows\System\IxHEloF.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\DoqZSXd.exe
  C:\Windows\System\DoqZSXd.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\eRvwyoD.exe
  C:\Windows\System\eRvwyoD.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\PmfZTPJ.exe
  C:\Windows\System\PmfZTPJ.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\XnJYuNe.exe
  C:\Windows\System\XnJYuNe.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\tHGMqlj.exe
  C:\Windows\System\tHGMqlj.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\dqgPEeN.exe
  C:\Windows\System\dqgPEeN.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\iVwAXIb.exe
  C:\Windows\System\iVwAXIb.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\ZVLcNbM.exe
  C:\Windows\System\ZVLcNbM.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\CfdTvaH.exe
  C:\Windows\System\CfdTvaH.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\blQQuiL.exe
  C:\Windows\System\blQQuiL.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\otRjRAh.exe
  C:\Windows\System\otRjRAh.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\hEdegou.exe
  C:\Windows\System\hEdegou.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\BEjphQb.exe
  C:\Windows\System\BEjphQb.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\ATzNADN.exe
  C:\Windows\System\ATzNADN.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\kvJVGcj.exe
  C:\Windows\System\kvJVGcj.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\LuiCLGD.exe
  C:\Windows\System\LuiCLGD.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\jNsPhzk.exe
  C:\Windows\System\jNsPhzk.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\VXytCEg.exe
  C:\Windows\System\VXytCEg.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\MCSGdaU.exe
  C:\Windows\System\MCSGdaU.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\PSXTmsw.exe
  C:\Windows\System\PSXTmsw.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\PYTnGbN.exe
  C:\Windows\System\PYTnGbN.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\uJfzVKY.exe
  C:\Windows\System\uJfzVKY.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\GKspyUl.exe
  C:\Windows\System\GKspyUl.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\eeAGXje.exe
  C:\Windows\System\eeAGXje.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\GsmlOlx.exe
  C:\Windows\System\GsmlOlx.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\tZFaxPM.exe
  C:\Windows\System\tZFaxPM.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\OsAwrUZ.exe
  C:\Windows\System\OsAwrUZ.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\Molqubc.exe
  C:\Windows\System\Molqubc.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\dEsDmPl.exe
  C:\Windows\System\dEsDmPl.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\cybNyvp.exe
  C:\Windows\System\cybNyvp.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\uYzSdAm.exe
  C:\Windows\System\uYzSdAm.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\NZypzhJ.exe
  C:\Windows\System\NZypzhJ.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\fjxzewg.exe
  C:\Windows\System\fjxzewg.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\BSicHKi.exe
  C:\Windows\System\BSicHKi.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\eoLcZPX.exe
  C:\Windows\System\eoLcZPX.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\KvGwoEo.exe
  C:\Windows\System\KvGwoEo.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\zcuBojS.exe
  C:\Windows\System\zcuBojS.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\XCNMnSt.exe
  C:\Windows\System\XCNMnSt.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\PxwHOmW.exe
  C:\Windows\System\PxwHOmW.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\qxiHkvH.exe
  C:\Windows\System\qxiHkvH.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\OBGWQYu.exe
  C:\Windows\System\OBGWQYu.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\hjsHRcX.exe
  C:\Windows\System\hjsHRcX.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\IabhVCM.exe
  C:\Windows\System\IabhVCM.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\wsCqbRO.exe
  C:\Windows\System\wsCqbRO.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\MXNeeIf.exe
  C:\Windows\System\MXNeeIf.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\swWGJwe.exe
  C:\Windows\System\swWGJwe.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\bFkjIvD.exe
  C:\Windows\System\bFkjIvD.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\cHHjsTN.exe
  C:\Windows\System\cHHjsTN.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\hvLFQHD.exe
  C:\Windows\System\hvLFQHD.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\FckDZbx.exe
  C:\Windows\System\FckDZbx.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\dGBruUX.exe
  C:\Windows\System\dGBruUX.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\wLYeXhT.exe
  C:\Windows\System\wLYeXhT.exe
  2⤵
  PID:2852
- C:\Windows\System\WujalfW.exe
  C:\Windows\System\WujalfW.exe
  2⤵
  PID:2456
- C:\Windows\System\XiaJVLS.exe
  C:\Windows\System\XiaJVLS.exe
  2⤵
  PID:1912
- C:\Windows\System\wnTdsqi.exe
  C:\Windows\System\wnTdsqi.exe
  2⤵
  PID:2032
- C:\Windows\System\OuObnvz.exe
  C:\Windows\System\OuObnvz.exe
  2⤵
  PID:1588
- C:\Windows\System\VwEOPQU.exe
  C:\Windows\System\VwEOPQU.exe
  2⤵
  PID:1548
- C:\Windows\System\gsTIHDP.exe
  C:\Windows\System\gsTIHDP.exe
  2⤵
  PID:2752
- C:\Windows\System\vPMJuGR.exe
  C:\Windows\System\vPMJuGR.exe
  2⤵
  PID:2820
- C:\Windows\System\UxhRTye.exe
  C:\Windows\System\UxhRTye.exe
  2⤵
  PID:2576
- C:\Windows\System\qYclmKD.exe
  C:\Windows\System\qYclmKD.exe
  2⤵
  PID:2716
- C:\Windows\System\wvSWAbq.exe
  C:\Windows\System\wvSWAbq.exe
  2⤵
  PID:2556
- C:\Windows\System\snXiqyX.exe
  C:\Windows\System\snXiqyX.exe
  2⤵
  PID:2000
- C:\Windows\System\tbMcVDF.exe
  C:\Windows\System\tbMcVDF.exe
  2⤵
  PID:2804
- C:\Windows\System\AFJSNQG.exe
  C:\Windows\System\AFJSNQG.exe
  2⤵
  PID:640
- C:\Windows\System\WDCaXZU.exe
  C:\Windows\System\WDCaXZU.exe
  2⤵
  PID:3056
- C:\Windows\System\QiDFbFH.exe
  C:\Windows\System\QiDFbFH.exe
  2⤵
  PID:2428
- C:\Windows\System\ruZDinv.exe
  C:\Windows\System\ruZDinv.exe
  2⤵
  PID:2880
- C:\Windows\System\mczfUSL.exe
  C:\Windows\System\mczfUSL.exe
  2⤵
  PID:2376
- C:\Windows\System\pDTtaub.exe
  C:\Windows\System\pDTtaub.exe
  2⤵
  PID:2108
- C:\Windows\System\plFYxzd.exe
  C:\Windows\System\plFYxzd.exe
  2⤵
  PID:1276
- C:\Windows\System\JsgPRLL.exe
  C:\Windows\System\JsgPRLL.exe
  2⤵
  PID:2272
- C:\Windows\System\lTebNiO.exe
  C:\Windows\System\lTebNiO.exe
  2⤵
  PID:1112
- C:\Windows\System\LUMgfgj.exe
  C:\Windows\System\LUMgfgj.exe
  2⤵
  PID:2364
- C:\Windows\System\xgcEWqM.exe
  C:\Windows\System\xgcEWqM.exe
  2⤵
  PID:316
- C:\Windows\System\qkGyvHM.exe
  C:\Windows\System\qkGyvHM.exe
  2⤵
  PID:544
- C:\Windows\System\NWZPXGm.exe
  C:\Windows\System\NWZPXGm.exe
  2⤵
  PID:1556
- C:\Windows\System\sUEZLHp.exe
  C:\Windows\System\sUEZLHp.exe
  2⤵
  PID:2060
- C:\Windows\System\mfUggwn.exe
  C:\Windows\System\mfUggwn.exe
  2⤵
  PID:2404
- C:\Windows\System\ozqkcpR.exe
  C:\Windows\System\ozqkcpR.exe
  2⤵
  PID:1732
- C:\Windows\System\aeIGcXW.exe
  C:\Windows\System\aeIGcXW.exe
  2⤵
  PID:824
- C:\Windows\System\xvKRCMQ.exe
  C:\Windows\System\xvKRCMQ.exe
  2⤵
  PID:744
- C:\Windows\System\vXpjGTa.exe
  C:\Windows\System\vXpjGTa.exe
  2⤵
  PID:1716
- C:\Windows\System\FFqqjwv.exe
  C:\Windows\System\FFqqjwv.exe
  2⤵
  PID:1720
- C:\Windows\System\GSVSwyd.exe
  C:\Windows\System\GSVSwyd.exe
  2⤵
  PID:1980
- C:\Windows\System\KlRzBhg.exe
  C:\Windows\System\KlRzBhg.exe
  2⤵
  PID:2344
- C:\Windows\System\qcueXqm.exe
  C:\Windows\System\qcueXqm.exe
  2⤵
  PID:3000
- C:\Windows\System\iSqMVwd.exe
  C:\Windows\System\iSqMVwd.exe
  2⤵
  PID:2268
- C:\Windows\System\rRKANWF.exe
  C:\Windows\System\rRKANWF.exe
  2⤵
  PID:564
- C:\Windows\System\lNQmFUu.exe
  C:\Windows\System\lNQmFUu.exe
  2⤵
  PID:872
- C:\Windows\System\EnIBUXE.exe
  C:\Windows\System\EnIBUXE.exe
  2⤵
  PID:2468
- C:\Windows\System\xROCuEQ.exe
  C:\Windows\System\xROCuEQ.exe
  2⤵
  PID:2748
- C:\Windows\System\noEKZAO.exe
  C:\Windows\System\noEKZAO.exe
  2⤵
  PID:2744
- C:\Windows\System\yVGraxq.exe
  C:\Windows\System\yVGraxq.exe
  2⤵
  PID:2892
- C:\Windows\System\UmyuRNc.exe
  C:\Windows\System\UmyuRNc.exe
  2⤵
  PID:2616
- C:\Windows\System\HvUIkci.exe
  C:\Windows\System\HvUIkci.exe
  2⤵
  PID:476
- C:\Windows\System\hVuWfmY.exe
  C:\Windows\System\hVuWfmY.exe
  2⤵
  PID:3012
- C:\Windows\System\JXpEHjb.exe
  C:\Windows\System\JXpEHjb.exe
  2⤵
  PID:1032
- C:\Windows\System\lSGszcg.exe
  C:\Windows\System\lSGszcg.exe
  2⤵
  PID:2728
- C:\Windows\System\JFGkkyr.exe
  C:\Windows\System\JFGkkyr.exe
  2⤵
  PID:2208
- C:\Windows\System\VATDkRr.exe
  C:\Windows\System\VATDkRr.exe
  2⤵
  PID:2020
- C:\Windows\System\czoNLaN.exe
  C:\Windows\System\czoNLaN.exe
  2⤵
  PID:2644
- C:\Windows\System\FwErAVw.exe
  C:\Windows\System\FwErAVw.exe
  2⤵
  PID:1528
- C:\Windows\System\HXheXym.exe
  C:\Windows\System\HXheXym.exe
  2⤵
  PID:1676
- C:\Windows\System\chXGaQh.exe
  C:\Windows\System\chXGaQh.exe
  2⤵
  PID:1368
- C:\Windows\System\ePBWIQi.exe
  C:\Windows\System\ePBWIQi.exe
  2⤵
  PID:1304
- C:\Windows\System\JIPkEsY.exe
  C:\Windows\System\JIPkEsY.exe
  2⤵
  PID:856
- C:\Windows\System\CoFZvrb.exe
  C:\Windows\System\CoFZvrb.exe
  2⤵
  PID:1240
- C:\Windows\System\OPxYQOa.exe
  C:\Windows\System\OPxYQOa.exe
  2⤵
  PID:1252
- C:\Windows\System\Lnxrvzl.exe
  C:\Windows\System\Lnxrvzl.exe
  2⤵
  PID:2740
- C:\Windows\System\RONSMEm.exe
  C:\Windows\System\RONSMEm.exe
  2⤵
  PID:3076
- C:\Windows\System\coYkveY.exe
  C:\Windows\System\coYkveY.exe
  2⤵
  PID:3092
- C:\Windows\System\FJBPJNP.exe
  C:\Windows\System\FJBPJNP.exe
  2⤵
  PID:3108
- C:\Windows\System\hfgNhni.exe
  C:\Windows\System\hfgNhni.exe
  2⤵
  PID:3124
- C:\Windows\System\OVCsRbh.exe
  C:\Windows\System\OVCsRbh.exe
  2⤵
  PID:3140
- C:\Windows\System\SpnWkUW.exe
  C:\Windows\System\SpnWkUW.exe
  2⤵
  PID:3156
- C:\Windows\System\EziXonI.exe
  C:\Windows\System\EziXonI.exe
  2⤵
  PID:3172
- C:\Windows\System\rRdHuqg.exe
  C:\Windows\System\rRdHuqg.exe
  2⤵
  PID:3188
- C:\Windows\System\PzkEBMI.exe
  C:\Windows\System\PzkEBMI.exe
  2⤵
  PID:3204
- C:\Windows\System\HnKNcKx.exe
  C:\Windows\System\HnKNcKx.exe
  2⤵
  PID:3220
- C:\Windows\System\NgvmeBt.exe
  C:\Windows\System\NgvmeBt.exe
  2⤵
  PID:3236
- C:\Windows\System\AisUAhj.exe
  C:\Windows\System\AisUAhj.exe
  2⤵
  PID:3252
- C:\Windows\System\pLxMohV.exe
  C:\Windows\System\pLxMohV.exe
  2⤵
  PID:3268
- C:\Windows\System\CvvNhVV.exe
  C:\Windows\System\CvvNhVV.exe
  2⤵
  PID:3284
- C:\Windows\System\yqmwEKz.exe
  C:\Windows\System\yqmwEKz.exe
  2⤵
  PID:3300
- C:\Windows\System\pQboHdO.exe
  C:\Windows\System\pQboHdO.exe
  2⤵
  PID:3316
- C:\Windows\System\SlQdcmT.exe
  C:\Windows\System\SlQdcmT.exe
  2⤵
  PID:3332
- C:\Windows\System\aVqFbQc.exe
  C:\Windows\System\aVqFbQc.exe
  2⤵
  PID:3348
- C:\Windows\System\vIwUogR.exe
  C:\Windows\System\vIwUogR.exe
  2⤵
  PID:3364
- C:\Windows\System\dWKoPeD.exe
  C:\Windows\System\dWKoPeD.exe
  2⤵
  PID:3380
- C:\Windows\System\hpBSRpH.exe
  C:\Windows\System\hpBSRpH.exe
  2⤵
  PID:3396
- C:\Windows\System\dnkUeBO.exe
  C:\Windows\System\dnkUeBO.exe
  2⤵
  PID:3412
- C:\Windows\System\YhZaZVm.exe
  C:\Windows\System\YhZaZVm.exe
  2⤵
  PID:3428
- C:\Windows\System\mvmAKrt.exe
  C:\Windows\System\mvmAKrt.exe
  2⤵
  PID:3444
- C:\Windows\System\vyFpbOc.exe
  C:\Windows\System\vyFpbOc.exe
  2⤵
  PID:3460
- C:\Windows\System\VouDOdi.exe
  C:\Windows\System\VouDOdi.exe
  2⤵
  PID:3476
- C:\Windows\System\WGygXWp.exe
  C:\Windows\System\WGygXWp.exe
  2⤵
  PID:3492
- C:\Windows\System\lInyRTQ.exe
  C:\Windows\System\lInyRTQ.exe
  2⤵
  PID:3508
- C:\Windows\System\erItSxZ.exe
  C:\Windows\System\erItSxZ.exe
  2⤵
  PID:3524
- C:\Windows\System\lpWotTL.exe
  C:\Windows\System\lpWotTL.exe
  2⤵
  PID:3540
- C:\Windows\System\NkzZECp.exe
  C:\Windows\System\NkzZECp.exe
  2⤵
  PID:3556
- C:\Windows\System\stZGdVA.exe
  C:\Windows\System\stZGdVA.exe
  2⤵
  PID:3572
- C:\Windows\System\uYLOGnw.exe
  C:\Windows\System\uYLOGnw.exe
  2⤵
  PID:3588
- C:\Windows\System\MEvnoVK.exe
  C:\Windows\System\MEvnoVK.exe
  2⤵
  PID:3604
- C:\Windows\System\vwwPDjh.exe
  C:\Windows\System\vwwPDjh.exe
  2⤵
  PID:3620
- C:\Windows\System\cQiAxgG.exe
  C:\Windows\System\cQiAxgG.exe
  2⤵
  PID:3636
- C:\Windows\System\yYZZclD.exe
  C:\Windows\System\yYZZclD.exe
  2⤵
  PID:3652
- C:\Windows\System\OGjvkiT.exe
  C:\Windows\System\OGjvkiT.exe
  2⤵
  PID:3668
- C:\Windows\System\FbdmgOj.exe
  C:\Windows\System\FbdmgOj.exe
  2⤵
  PID:3684
- C:\Windows\System\SYgsXZw.exe
  C:\Windows\System\SYgsXZw.exe
  2⤵
  PID:3700
- C:\Windows\System\AESWFUk.exe
  C:\Windows\System\AESWFUk.exe
  2⤵
  PID:3716
- C:\Windows\System\GBgjBSy.exe
  C:\Windows\System\GBgjBSy.exe
  2⤵
  PID:3732
- C:\Windows\System\fIsNATu.exe
  C:\Windows\System\fIsNATu.exe
  2⤵
  PID:3748
- C:\Windows\System\qLbBMoy.exe
  C:\Windows\System\qLbBMoy.exe
  2⤵
  PID:3764
- C:\Windows\System\KTJPDsO.exe
  C:\Windows\System\KTJPDsO.exe
  2⤵
  PID:3780
- C:\Windows\System\vwqlXZJ.exe
  C:\Windows\System\vwqlXZJ.exe
  2⤵
  PID:3796
- C:\Windows\System\VjYBaPN.exe
  C:\Windows\System\VjYBaPN.exe
  2⤵
  PID:3812
- C:\Windows\System\BUKpgeq.exe
  C:\Windows\System\BUKpgeq.exe
  2⤵
  PID:3828
- C:\Windows\System\LxYIZnY.exe
  C:\Windows\System\LxYIZnY.exe
  2⤵
  PID:3844
- C:\Windows\System\IRWjrOX.exe
  C:\Windows\System\IRWjrOX.exe
  2⤵
  PID:3860
- C:\Windows\System\ixKYkwa.exe
  C:\Windows\System\ixKYkwa.exe
  2⤵
  PID:3876
- C:\Windows\System\idcaEca.exe
  C:\Windows\System\idcaEca.exe
  2⤵
  PID:3892
- C:\Windows\System\zzbJsiE.exe
  C:\Windows\System\zzbJsiE.exe
  2⤵
  PID:3908
- C:\Windows\System\ughfIMO.exe
  C:\Windows\System\ughfIMO.exe
  2⤵
  PID:3924
- C:\Windows\System\zpSdOhM.exe
  C:\Windows\System\zpSdOhM.exe
  2⤵
  PID:3940
- C:\Windows\System\xjRqBgY.exe
  C:\Windows\System\xjRqBgY.exe
  2⤵
  PID:3956
- C:\Windows\System\mwQqmXQ.exe
  C:\Windows\System\mwQqmXQ.exe
  2⤵
  PID:3972
- C:\Windows\System\BYqCPLg.exe
  C:\Windows\System\BYqCPLg.exe
  2⤵
  PID:3988
- C:\Windows\System\oqOBEcm.exe
  C:\Windows\System\oqOBEcm.exe
  2⤵
  PID:4004
- C:\Windows\System\NsRQUZq.exe
  C:\Windows\System\NsRQUZq.exe
  2⤵
  PID:4020
- C:\Windows\System\aHbUkwk.exe
  C:\Windows\System\aHbUkwk.exe
  2⤵
  PID:4036
- C:\Windows\System\WjmmEPh.exe
  C:\Windows\System\WjmmEPh.exe
  2⤵
  PID:4052
- C:\Windows\System\UmarjRY.exe
  C:\Windows\System\UmarjRY.exe
  2⤵
  PID:4068
- C:\Windows\System\VOtAIHI.exe
  C:\Windows\System\VOtAIHI.exe
  2⤵
  PID:4084
- C:\Windows\System\ixZfYqu.exe
  C:\Windows\System\ixZfYqu.exe
  2⤵
  PID:2192
- C:\Windows\System\hVqprPG.exe
  C:\Windows\System\hVqprPG.exe
  2⤵
  PID:3052
- C:\Windows\System\LEDEijh.exe
  C:\Windows\System\LEDEijh.exe
  2⤵
  PID:2896
- C:\Windows\System\XTENUSY.exe
  C:\Windows\System\XTENUSY.exe
  2⤵
  PID:2864
- C:\Windows\System\rYYGXIm.exe
  C:\Windows\System\rYYGXIm.exe
  2⤵
  PID:1592
- C:\Windows\System\BYgguDn.exe
  C:\Windows\System\BYgguDn.exe
  2⤵
  PID:1092
- C:\Windows\System\LMSdtgE.exe
  C:\Windows\System\LMSdtgE.exe
  2⤵
  PID:2476
- C:\Windows\System\ngxGZrR.exe
  C:\Windows\System\ngxGZrR.exe
  2⤵
  PID:2724
- C:\Windows\System\IKgMCyj.exe
  C:\Windows\System\IKgMCyj.exe
  2⤵
  PID:2012
- C:\Windows\System\VgXojTi.exe
  C:\Windows\System\VgXojTi.exe
  2⤵
  PID:3088
- C:\Windows\System\sqxVZSu.exe
  C:\Windows\System\sqxVZSu.exe
  2⤵
  PID:3120
- C:\Windows\System\rlIeRQx.exe
  C:\Windows\System\rlIeRQx.exe
  2⤵
  PID:3152
- C:\Windows\System\LWOoMvB.exe
  C:\Windows\System\LWOoMvB.exe
  2⤵
  PID:3184
- C:\Windows\System\pzFngIN.exe
  C:\Windows\System\pzFngIN.exe
  2⤵
  PID:3216
- C:\Windows\System\OTaQYbq.exe
  C:\Windows\System\OTaQYbq.exe
  2⤵
  PID:3248
- C:\Windows\System\eUKmMwF.exe
  C:\Windows\System\eUKmMwF.exe
  2⤵
  PID:3280
- C:\Windows\System\PZgnqZl.exe
  C:\Windows\System\PZgnqZl.exe
  2⤵
  PID:3328
- C:\Windows\System\EzdaPuS.exe
  C:\Windows\System\EzdaPuS.exe
  2⤵
  PID:3340
- C:\Windows\System\JFBGngF.exe
  C:\Windows\System\JFBGngF.exe
  2⤵
  PID:3392
- C:\Windows\System\NjsIACO.exe
  C:\Windows\System\NjsIACO.exe
  2⤵
  PID:3424
- C:\Windows\System\ZEkHxGu.exe
  C:\Windows\System\ZEkHxGu.exe
  2⤵
  PID:3456
- C:\Windows\System\JdScuKW.exe
  C:\Windows\System\JdScuKW.exe
  2⤵
  PID:3516
- C:\Windows\System\GZsasJQ.exe
  C:\Windows\System\GZsasJQ.exe
  2⤵
  PID:3520
- C:\Windows\System\vrYbhVe.exe
  C:\Windows\System\vrYbhVe.exe
  2⤵
  PID:3536
- C:\Windows\System\OhkOJxw.exe
  C:\Windows\System\OhkOJxw.exe
  2⤵
  PID:3568
- C:\Windows\System\AjmHakk.exe
  C:\Windows\System\AjmHakk.exe
  2⤵
  PID:3616
- C:\Windows\System\tKJJpKe.exe
  C:\Windows\System\tKJJpKe.exe
  2⤵
  PID:3600
- C:\Windows\System\dXFfepD.exe
  C:\Windows\System\dXFfepD.exe
  2⤵
  PID:3708
- C:\Windows\System\DRZHXqW.exe
  C:\Windows\System\DRZHXqW.exe
  2⤵
  PID:3692
- C:\Windows\System\mctJUZj.exe
  C:\Windows\System\mctJUZj.exe
  2⤵
  PID:3724
- C:\Windows\System\tBDsiET.exe
  C:\Windows\System\tBDsiET.exe
  2⤵
  PID:3776
- C:\Windows\System\dNgsZpu.exe
  C:\Windows\System\dNgsZpu.exe
  2⤵
  PID:3808
- C:\Windows\System\gQcuMTO.exe
  C:\Windows\System\gQcuMTO.exe
  2⤵
  PID:3820
- C:\Windows\System\JNtPJya.exe
  C:\Windows\System\JNtPJya.exe
  2⤵
  PID:3856
- C:\Windows\System\iogECLt.exe
  C:\Windows\System\iogECLt.exe
  2⤵
  PID:3916
- C:\Windows\System\mvhSJnp.exe
  C:\Windows\System\mvhSJnp.exe
  2⤵
  PID:3936
- C:\Windows\System\htKDlVs.exe
  C:\Windows\System\htKDlVs.exe
  2⤵
  PID:3952
- C:\Windows\System\ZAwelBx.exe
  C:\Windows\System\ZAwelBx.exe
  2⤵
  PID:4000
- C:\Windows\System\bMRCDEO.exe
  C:\Windows\System\bMRCDEO.exe
  2⤵
  PID:4044
- C:\Windows\System\efgGcjz.exe
  C:\Windows\System\efgGcjz.exe
  2⤵
  PID:4064
- C:\Windows\System\cdOMadc.exe
  C:\Windows\System\cdOMadc.exe
  2⤵
  PID:1988
- C:\Windows\System\WEMmsKH.exe
  C:\Windows\System\WEMmsKH.exe
  2⤵
  PID:2808
- C:\Windows\System\lZGtjTw.exe
  C:\Windows\System\lZGtjTw.exe
  2⤵
  PID:1784
- C:\Windows\System\qPgzkoO.exe
  C:\Windows\System\qPgzkoO.exe
  2⤵
  PID:1308
- C:\Windows\System\QGsJMqm.exe
  C:\Windows\System\QGsJMqm.exe
  2⤵
  PID:3116
- C:\Windows\System\EZFSgiY.exe
  C:\Windows\System\EZFSgiY.exe
  2⤵
  PID:3180
- C:\Windows\System\DSCdBfE.exe
  C:\Windows\System\DSCdBfE.exe
  2⤵
  PID:3164
- C:\Windows\System\DOXDkQw.exe
  C:\Windows\System\DOXDkQw.exe
  2⤵
  PID:3212
- C:\Windows\System\laaelEg.exe
  C:\Windows\System\laaelEg.exe
  2⤵
  PID:3372
- C:\Windows\System\CXurMET.exe
  C:\Windows\System\CXurMET.exe
  2⤵
  PID:3312
- C:\Windows\System\ZXtFtqY.exe
  C:\Windows\System\ZXtFtqY.exe
  2⤵
  PID:3404
- C:\Windows\System\aIhgZoy.exe
  C:\Windows\System\aIhgZoy.exe
  2⤵
  PID:3488
- C:\Windows\System\WcEfLOb.exe
  C:\Windows\System\WcEfLOb.exe
  2⤵
  PID:3532
- C:\Windows\System\FdGYIhS.exe
  C:\Windows\System\FdGYIhS.exe
  2⤵
  PID:3676
- C:\Windows\System\lxGvKWE.exe
  C:\Windows\System\lxGvKWE.exe
  2⤵
  PID:3664
- C:\Windows\System\GeffgnT.exe
  C:\Windows\System\GeffgnT.exe
  2⤵
  PID:3744
- C:\Windows\System\ANOcpyR.exe
  C:\Windows\System\ANOcpyR.exe
  2⤵
  PID:3840
- C:\Windows\System\LZQWSVR.exe
  C:\Windows\System\LZQWSVR.exe
  2⤵
  PID:3872
- C:\Windows\System\TNtvqTH.exe
  C:\Windows\System\TNtvqTH.exe
  2⤵
  PID:4032
- C:\Windows\System\OfhALAv.exe
  C:\Windows\System\OfhALAv.exe
  2⤵
  PID:4092
- C:\Windows\System\LVVIfmS.exe
  C:\Windows\System\LVVIfmS.exe
  2⤵
  PID:4080
- C:\Windows\System\wevuMMv.exe
  C:\Windows\System\wevuMMv.exe
  2⤵
  PID:2976
- C:\Windows\System\uZIapxq.exe
  C:\Windows\System\uZIapxq.exe
  2⤵
  PID:1580
- C:\Windows\System\gYfmfSF.exe
  C:\Windows\System\gYfmfSF.exe
  2⤵
  PID:2516
- C:\Windows\System\uBsXcSK.exe
  C:\Windows\System\uBsXcSK.exe
  2⤵
  PID:4104
- C:\Windows\System\RNZvWBc.exe
  C:\Windows\System\RNZvWBc.exe
  2⤵
  PID:4120
- C:\Windows\System\HNvnrsb.exe
  C:\Windows\System\HNvnrsb.exe
  2⤵
  PID:4136
- C:\Windows\System\vROsgJP.exe
  C:\Windows\System\vROsgJP.exe
  2⤵
  PID:4152
- C:\Windows\System\EfkhSfR.exe
  C:\Windows\System\EfkhSfR.exe
  2⤵
  PID:4168
- C:\Windows\System\DmtZbhF.exe
  C:\Windows\System\DmtZbhF.exe
  2⤵
  PID:4184
- C:\Windows\System\KpfIRSc.exe
  C:\Windows\System\KpfIRSc.exe
  2⤵
  PID:4200
- C:\Windows\System\zrmiDmF.exe
  C:\Windows\System\zrmiDmF.exe
  2⤵
  PID:4216
- C:\Windows\System\vGwwsvj.exe
  C:\Windows\System\vGwwsvj.exe
  2⤵
  PID:4232
- C:\Windows\System\ftGskiq.exe
  C:\Windows\System\ftGskiq.exe
  2⤵
  PID:4248
- C:\Windows\System\BtzrwOx.exe
  C:\Windows\System\BtzrwOx.exe
  2⤵
  PID:4264
- C:\Windows\System\zprvbNZ.exe
  C:\Windows\System\zprvbNZ.exe
  2⤵
  PID:4280
- C:\Windows\System\JlmheSr.exe
  C:\Windows\System\JlmheSr.exe
  2⤵
  PID:4296
- C:\Windows\System\DQxreGa.exe
  C:\Windows\System\DQxreGa.exe
  2⤵
  PID:4312
- C:\Windows\System\XwyJDOc.exe
  C:\Windows\System\XwyJDOc.exe
  2⤵
  PID:4328
- C:\Windows\System\iNeJwJM.exe
  C:\Windows\System\iNeJwJM.exe
  2⤵
  PID:4344
- C:\Windows\System\VLjwVkU.exe
  C:\Windows\System\VLjwVkU.exe
  2⤵
  PID:4360
- C:\Windows\System\mNFMamA.exe
  C:\Windows\System\mNFMamA.exe
  2⤵
  PID:4376
- C:\Windows\System\VnZCure.exe
  C:\Windows\System\VnZCure.exe
  2⤵
  PID:4392
- C:\Windows\System\wJZKluS.exe
  C:\Windows\System\wJZKluS.exe
  2⤵
  PID:4408
- C:\Windows\System\iuwRrJJ.exe
  C:\Windows\System\iuwRrJJ.exe
  2⤵
  PID:4424
- C:\Windows\System\rFIfnAn.exe
  C:\Windows\System\rFIfnAn.exe
  2⤵
  PID:4440
- C:\Windows\System\EoAHanC.exe
  C:\Windows\System\EoAHanC.exe
  2⤵
  PID:4456
- C:\Windows\System\seyXqdS.exe
  C:\Windows\System\seyXqdS.exe
  2⤵
  PID:4472
- C:\Windows\System\YNqlkju.exe
  C:\Windows\System\YNqlkju.exe
  2⤵
  PID:4488
- C:\Windows\System\EGCUwCV.exe
  C:\Windows\System\EGCUwCV.exe
  2⤵
  PID:4504
- C:\Windows\System\ycHcrBw.exe
  C:\Windows\System\ycHcrBw.exe
  2⤵
  PID:4520
- C:\Windows\System\jvWzgjW.exe
  C:\Windows\System\jvWzgjW.exe
  2⤵
  PID:4536
- C:\Windows\System\hOnCXFr.exe
  C:\Windows\System\hOnCXFr.exe
  2⤵
  PID:4552
- C:\Windows\System\Jpcoucl.exe
  C:\Windows\System\Jpcoucl.exe
  2⤵
  PID:4568
- C:\Windows\System\danAbYU.exe
  C:\Windows\System\danAbYU.exe
  2⤵
  PID:4584
- C:\Windows\System\eiEieiz.exe
  C:\Windows\System\eiEieiz.exe
  2⤵
  PID:4604
- C:\Windows\System\YgBpSNW.exe
  C:\Windows\System\YgBpSNW.exe
  2⤵
  PID:4620
- C:\Windows\System\ytUTZxJ.exe
  C:\Windows\System\ytUTZxJ.exe
  2⤵
  PID:4636
- C:\Windows\System\jeyixPz.exe
  C:\Windows\System\jeyixPz.exe
  2⤵
  PID:4652
- C:\Windows\System\VEHOhKI.exe
  C:\Windows\System\VEHOhKI.exe
  2⤵
  PID:4668
- C:\Windows\System\cSougir.exe
  C:\Windows\System\cSougir.exe
  2⤵
  PID:4684
- C:\Windows\System\RwEVfvL.exe
  C:\Windows\System\RwEVfvL.exe
  2⤵
  PID:4700
- C:\Windows\System\uFSHcfX.exe
  C:\Windows\System\uFSHcfX.exe
  2⤵
  PID:4716
- C:\Windows\System\mlCAqDF.exe
  C:\Windows\System\mlCAqDF.exe
  2⤵
  PID:4732
- C:\Windows\System\KABYECl.exe
  C:\Windows\System\KABYECl.exe
  2⤵
  PID:4748
- C:\Windows\System\CPJqMIW.exe
  C:\Windows\System\CPJqMIW.exe
  2⤵
  PID:4764
- C:\Windows\System\MHPAiHz.exe
  C:\Windows\System\MHPAiHz.exe
  2⤵
  PID:4780
- C:\Windows\System\EMZPjEI.exe
  C:\Windows\System\EMZPjEI.exe
  2⤵
  PID:4796
- C:\Windows\System\GoTEHSq.exe
  C:\Windows\System\GoTEHSq.exe
  2⤵
  PID:4812
- C:\Windows\System\PXnGESo.exe
  C:\Windows\System\PXnGESo.exe
  2⤵
  PID:4828
- C:\Windows\System\dpZSOFa.exe
  C:\Windows\System\dpZSOFa.exe
  2⤵
  PID:4844
- C:\Windows\System\GMGHeHe.exe
  C:\Windows\System\GMGHeHe.exe
  2⤵
  PID:4860
- C:\Windows\System\xASphVC.exe
  C:\Windows\System\xASphVC.exe
  2⤵
  PID:4876
- C:\Windows\System\DECvfJm.exe
  C:\Windows\System\DECvfJm.exe
  2⤵
  PID:4892
- C:\Windows\System\hmDMDzI.exe
  C:\Windows\System\hmDMDzI.exe
  2⤵
  PID:4908
- C:\Windows\System\EOiLhcL.exe
  C:\Windows\System\EOiLhcL.exe
  2⤵
  PID:4924
- C:\Windows\System\toytVop.exe
  C:\Windows\System\toytVop.exe
  2⤵
  PID:4940
- C:\Windows\System\rkLwBas.exe
  C:\Windows\System\rkLwBas.exe
  2⤵
  PID:4956
- C:\Windows\System\bgDaQBb.exe
  C:\Windows\System\bgDaQBb.exe
  2⤵
  PID:4972
- C:\Windows\System\beFqaUg.exe
  C:\Windows\System\beFqaUg.exe
  2⤵
  PID:4988
- C:\Windows\System\tQswLbz.exe
  C:\Windows\System\tQswLbz.exe
  2⤵
  PID:5004
- C:\Windows\System\BNbMbpS.exe
  C:\Windows\System\BNbMbpS.exe
  2⤵
  PID:5020
- C:\Windows\System\vWioIuJ.exe
  C:\Windows\System\vWioIuJ.exe
  2⤵
  PID:5036
- C:\Windows\System\tEnLfwd.exe
  C:\Windows\System\tEnLfwd.exe
  2⤵
  PID:5052
- C:\Windows\System\kWUlDZU.exe
  C:\Windows\System\kWUlDZU.exe
  2⤵
  PID:5068
- C:\Windows\System\JczVNgr.exe
  C:\Windows\System\JczVNgr.exe
  2⤵
  PID:5084
- C:\Windows\System\MkjCIku.exe
  C:\Windows\System\MkjCIku.exe
  2⤵
  PID:5100
- C:\Windows\System\XqNREeW.exe
  C:\Windows\System\XqNREeW.exe
  2⤵
  PID:5116
- C:\Windows\System\jOHRcrk.exe
  C:\Windows\System\jOHRcrk.exe
  2⤵
  PID:3420
- C:\Windows\System\KulanBE.exe
  C:\Windows\System\KulanBE.exe
  2⤵
  PID:3548
- C:\Windows\System\qrLVZyD.exe
  C:\Windows\System\qrLVZyD.exe
  2⤵
  PID:3612
- C:\Windows\System\ihgVAYI.exe
  C:\Windows\System\ihgVAYI.exe
  2⤵
  PID:3792
- C:\Windows\System\lFtEovk.exe
  C:\Windows\System\lFtEovk.exe
  2⤵
  PID:3852
- C:\Windows\System\ndERhTf.exe
  C:\Windows\System\ndERhTf.exe
  2⤵
  PID:4060
- C:\Windows\System\teFDffj.exe
  C:\Windows\System\teFDffj.exe
  2⤵
  PID:1352
- C:\Windows\System\XZEyeKh.exe
  C:\Windows\System\XZEyeKh.exe
  2⤵
  PID:3244
- C:\Windows\System\UQSyVUE.exe
  C:\Windows\System\UQSyVUE.exe
  2⤵
  PID:4128
- C:\Windows\System\xZBpzna.exe
  C:\Windows\System\xZBpzna.exe
  2⤵
  PID:4160
- C:\Windows\System\UevnvKw.exe
  C:\Windows\System\UevnvKw.exe
  2⤵
  PID:4176
- C:\Windows\System\yjWPpHp.exe
  C:\Windows\System\yjWPpHp.exe
  2⤵
  PID:4208
- C:\Windows\System\MAuuOSp.exe
  C:\Windows\System\MAuuOSp.exe
  2⤵
  PID:4240
- C:\Windows\System\PrxrxhU.exe
  C:\Windows\System\PrxrxhU.exe
  2⤵
  PID:4272
- C:\Windows\System\ftLOfnu.exe
  C:\Windows\System\ftLOfnu.exe
  2⤵
  PID:4304
- C:\Windows\System\bVfZVLR.exe
  C:\Windows\System\bVfZVLR.exe
  2⤵
  PID:4336
- C:\Windows\System\GGZDnCY.exe
  C:\Windows\System\GGZDnCY.exe
  2⤵
  PID:4340
- C:\Windows\System\PKqzujU.exe
  C:\Windows\System\PKqzujU.exe
  2⤵
  PID:4400
- C:\Windows\System\fPphyao.exe
  C:\Windows\System\fPphyao.exe
  2⤵
  PID:4448
- C:\Windows\System\pJdvqOI.exe
  C:\Windows\System\pJdvqOI.exe
  2⤵
  PID:4464
- C:\Windows\System\ExhzIaa.exe
  C:\Windows\System\ExhzIaa.exe
  2⤵
  PID:4512
- C:\Windows\System\DqQULgB.exe
  C:\Windows\System\DqQULgB.exe
  2⤵
  PID:4528
- C:\Windows\System\CANoNzu.exe
  C:\Windows\System\CANoNzu.exe
  2⤵
  PID:4560
- C:\Windows\System\VZdXpjV.exe
  C:\Windows\System\VZdXpjV.exe
  2⤵
  PID:4592
- C:\Windows\System\oLnGWsU.exe
  C:\Windows\System\oLnGWsU.exe
  2⤵
  PID:4628
- C:\Windows\System\QUMWQYx.exe
  C:\Windows\System\QUMWQYx.exe
  2⤵
  PID:4660
- C:\Windows\System\JDESZIP.exe
  C:\Windows\System\JDESZIP.exe
  2⤵
  PID:4692
- C:\Windows\System\MYuRdEq.exe
  C:\Windows\System\MYuRdEq.exe
  2⤵
  PID:4724
- C:\Windows\System\aQHxVFC.exe
  C:\Windows\System\aQHxVFC.exe
  2⤵
  PID:4772
- C:\Windows\System\qPZSpKr.exe
  C:\Windows\System\qPZSpKr.exe
  2⤵
  PID:4804
- C:\Windows\System\xjlcOtA.exe
  C:\Windows\System\xjlcOtA.exe
  2⤵
  PID:4836
- C:\Windows\System\btKFORT.exe
  C:\Windows\System\btKFORT.exe
  2⤵
  PID:4852
- C:\Windows\System\erxfpkW.exe
  C:\Windows\System\erxfpkW.exe
  2⤵
  PID:4900
- C:\Windows\System\GpFkjqv.exe
  C:\Windows\System\GpFkjqv.exe
  2⤵
  PID:4932
- C:\Windows\System\bhvIVON.exe
  C:\Windows\System\bhvIVON.exe
  2⤵
  PID:4964
- C:\Windows\System\unEpRYp.exe
  C:\Windows\System\unEpRYp.exe
  2⤵
  PID:4996
- C:\Windows\System\nejGYFp.exe
  C:\Windows\System\nejGYFp.exe
  2⤵
  PID:5028
- C:\Windows\System\MWcCxla.exe
  C:\Windows\System\MWcCxla.exe
  2⤵
  PID:5060
- C:\Windows\System\xRpsaIv.exe
  C:\Windows\System\xRpsaIv.exe
  2⤵
  PID:5076
- C:\Windows\System\ybYmKkZ.exe
  C:\Windows\System\ybYmKkZ.exe
  2⤵
  PID:5108
- C:\Windows\System\KxXkFDG.exe
  C:\Windows\System\KxXkFDG.exe
  2⤵
  PID:3360
- C:\Windows\System\OtfjevB.exe
  C:\Windows\System\OtfjevB.exe
  2⤵
  PID:3804
- C:\Windows\System\yPTumbI.exe
  C:\Windows\System\yPTumbI.exe
  2⤵
  PID:3884
- C:\Windows\System\rrhGHbb.exe
  C:\Windows\System\rrhGHbb.exe
  2⤵
  PID:3084
- C:\Windows\System\ZnUvQvt.exe
  C:\Windows\System\ZnUvQvt.exe
  2⤵
  PID:4112
- C:\Windows\System\QqcZhWE.exe
  C:\Windows\System\QqcZhWE.exe
  2⤵
  PID:4180
- C:\Windows\System\UEVYFMj.exe
  C:\Windows\System\UEVYFMj.exe
  2⤵
  PID:4260
- C:\Windows\System\ZaRnnQT.exe
  C:\Windows\System\ZaRnnQT.exe
  2⤵
  PID:4356
- C:\Windows\System\CQmAyxE.exe
  C:\Windows\System\CQmAyxE.exe
  2⤵
  PID:4388
- C:\Windows\System\FlcApfD.exe
  C:\Windows\System\FlcApfD.exe
  2⤵
  PID:4436
- C:\Windows\System\wbcmsYE.exe
  C:\Windows\System\wbcmsYE.exe
  2⤵
  PID:4532
- C:\Windows\System\zAOGubd.exe
  C:\Windows\System\zAOGubd.exe
  2⤵
  PID:4600
- C:\Windows\System\BYuskzy.exe
  C:\Windows\System\BYuskzy.exe
  2⤵
  PID:4680
- C:\Windows\System\qkLnNbj.exe
  C:\Windows\System\qkLnNbj.exe
  2⤵
  PID:4712
- C:\Windows\System\JvMegxd.exe
  C:\Windows\System\JvMegxd.exe
  2⤵
  PID:4776
- C:\Windows\System\kwpoeXl.exe
  C:\Windows\System\kwpoeXl.exe
  2⤵
  PID:4840
- C:\Windows\System\AtNTCJW.exe
  C:\Windows\System\AtNTCJW.exe
  2⤵
  PID:4888
- C:\Windows\System\fJQGefR.exe
  C:\Windows\System\fJQGefR.exe
  2⤵
  PID:4968
- C:\Windows\System\dszbiJp.exe
  C:\Windows\System\dszbiJp.exe
  2⤵
  PID:5048
- C:\Windows\System\HSZVbnc.exe
  C:\Windows\System\HSZVbnc.exe
  2⤵
  PID:5112
- C:\Windows\System\uzIfWOF.exe
  C:\Windows\System\uzIfWOF.exe
  2⤵
  PID:3472
- C:\Windows\System\bbuaCkk.exe
  C:\Windows\System\bbuaCkk.exe
  2⤵
  PID:3100
- C:\Windows\System\Lucqqri.exe
  C:\Windows\System\Lucqqri.exe
  2⤵
  PID:5124
- C:\Windows\System\aUtUKfG.exe
  C:\Windows\System\aUtUKfG.exe
  2⤵
  PID:5140
- C:\Windows\System\iOguJHD.exe
  C:\Windows\System\iOguJHD.exe
  2⤵
  PID:5156
- C:\Windows\System\nNaNOXE.exe
  C:\Windows\System\nNaNOXE.exe
  2⤵
  PID:5172
- C:\Windows\System\GYaCWPw.exe
  C:\Windows\System\GYaCWPw.exe
  2⤵
  PID:5188
- C:\Windows\System\aOFNQeB.exe
  C:\Windows\System\aOFNQeB.exe
  2⤵
  PID:5204
- C:\Windows\System\eLLwEJG.exe
  C:\Windows\System\eLLwEJG.exe
  2⤵
  PID:5220
- C:\Windows\System\ttPbWcv.exe
  C:\Windows\System\ttPbWcv.exe
  2⤵
  PID:5236
- C:\Windows\System\EGYrXsU.exe
  C:\Windows\System\EGYrXsU.exe
  2⤵
  PID:5252
- C:\Windows\System\TfjHzEz.exe
  C:\Windows\System\TfjHzEz.exe
  2⤵
  PID:5268
- C:\Windows\System\szUyTkL.exe
  C:\Windows\System\szUyTkL.exe
  2⤵
  PID:5284
- C:\Windows\System\rFFGFFE.exe
  C:\Windows\System\rFFGFFE.exe
  2⤵
  PID:5300
- C:\Windows\System\ltXlyyN.exe
  C:\Windows\System\ltXlyyN.exe
  2⤵
  PID:5316
- C:\Windows\System\fzDlWkm.exe
  C:\Windows\System\fzDlWkm.exe
  2⤵
  PID:5332
- C:\Windows\System\uifXZJl.exe
  C:\Windows\System\uifXZJl.exe
  2⤵
  PID:5348
- C:\Windows\System\VAcIsSQ.exe
  C:\Windows\System\VAcIsSQ.exe
  2⤵
  PID:5364
- C:\Windows\System\TpefJBW.exe
  C:\Windows\System\TpefJBW.exe
  2⤵
  PID:5380
- C:\Windows\System\QYVRMPG.exe
  C:\Windows\System\QYVRMPG.exe
  2⤵
  PID:5396
- C:\Windows\System\tymQpgW.exe
  C:\Windows\System\tymQpgW.exe
  2⤵
  PID:5412
- C:\Windows\System\peszEeM.exe
  C:\Windows\System\peszEeM.exe
  2⤵
  PID:5428
- C:\Windows\System\HxAyVBI.exe
  C:\Windows\System\HxAyVBI.exe
  2⤵
  PID:5444
- C:\Windows\System\sXJbvdf.exe
  C:\Windows\System\sXJbvdf.exe
  2⤵
  PID:5460
- C:\Windows\System\JSruCoL.exe
  C:\Windows\System\JSruCoL.exe
  2⤵
  PID:5476
- C:\Windows\System\uFUoINB.exe
  C:\Windows\System\uFUoINB.exe
  2⤵
  PID:5492
- C:\Windows\System\YjAaeom.exe
  C:\Windows\System\YjAaeom.exe
  2⤵
  PID:5508
- C:\Windows\System\TQaFiTD.exe
  C:\Windows\System\TQaFiTD.exe
  2⤵
  PID:5524
- C:\Windows\System\OrQPtGo.exe
  C:\Windows\System\OrQPtGo.exe
  2⤵
  PID:5540
- C:\Windows\System\ZiLIetE.exe
  C:\Windows\System\ZiLIetE.exe
  2⤵
  PID:5556
- C:\Windows\System\TkciMif.exe
  C:\Windows\System\TkciMif.exe
  2⤵
  PID:5572
- C:\Windows\System\uTNifZU.exe
  C:\Windows\System\uTNifZU.exe
  2⤵
  PID:5592
- C:\Windows\System\XZjFVWc.exe
  C:\Windows\System\XZjFVWc.exe
  2⤵
  PID:5608
- C:\Windows\System\ibiycTH.exe
  C:\Windows\System\ibiycTH.exe
  2⤵
  PID:5624
- C:\Windows\System\NXgZzUw.exe
  C:\Windows\System\NXgZzUw.exe
  2⤵
  PID:5640
- C:\Windows\System\YtYVMtC.exe
  C:\Windows\System\YtYVMtC.exe
  2⤵
  PID:5656
- C:\Windows\System\DToDvGo.exe
  C:\Windows\System\DToDvGo.exe
  2⤵
  PID:5672
- C:\Windows\System\vJbxzEY.exe
  C:\Windows\System\vJbxzEY.exe
  2⤵
  PID:5688
- C:\Windows\System\syQYxMJ.exe
  C:\Windows\System\syQYxMJ.exe
  2⤵
  PID:5704
- C:\Windows\System\uHdbFaH.exe
  C:\Windows\System\uHdbFaH.exe
  2⤵
  PID:5720
- C:\Windows\System\WlgWPWf.exe
  C:\Windows\System\WlgWPWf.exe
  2⤵
  PID:5736
- C:\Windows\System\heaZeGH.exe
  C:\Windows\System\heaZeGH.exe
  2⤵
  PID:5752
- C:\Windows\System\NNtnLbX.exe
  C:\Windows\System\NNtnLbX.exe
  2⤵
  PID:5768
- C:\Windows\System\mpkWBHN.exe
  C:\Windows\System\mpkWBHN.exe
  2⤵
  PID:5784
- C:\Windows\System\BPwWjvF.exe
  C:\Windows\System\BPwWjvF.exe
  2⤵
  PID:5800
- C:\Windows\System\OTCoPwH.exe
  C:\Windows\System\OTCoPwH.exe
  2⤵
  PID:5816
- C:\Windows\System\CgGSJmp.exe
  C:\Windows\System\CgGSJmp.exe
  2⤵
  PID:5832
- C:\Windows\System\ljUAviX.exe
  C:\Windows\System\ljUAviX.exe
  2⤵
  PID:5848
- C:\Windows\System\fcqrkiE.exe
  C:\Windows\System\fcqrkiE.exe
  2⤵
  PID:5864
- C:\Windows\System\rkZSqFe.exe
  C:\Windows\System\rkZSqFe.exe
  2⤵
  PID:5880
- C:\Windows\System\GSGerVr.exe
  C:\Windows\System\GSGerVr.exe
  2⤵
  PID:5896
- C:\Windows\System\oLOTqrg.exe
  C:\Windows\System\oLOTqrg.exe
  2⤵
  PID:5912
- C:\Windows\System\ixZpqZg.exe
  C:\Windows\System\ixZpqZg.exe
  2⤵
  PID:5928
- C:\Windows\System\rOTKZft.exe
  C:\Windows\System\rOTKZft.exe
  2⤵
  PID:5944
- C:\Windows\System\ZRcLeNy.exe
  C:\Windows\System\ZRcLeNy.exe
  2⤵
  PID:5960
- C:\Windows\System\xVpjgex.exe
  C:\Windows\System\xVpjgex.exe
  2⤵
  PID:5976
- C:\Windows\System\UAjvqhC.exe
  C:\Windows\System\UAjvqhC.exe
  2⤵
  PID:5992
- C:\Windows\System\YqWIKvf.exe
  C:\Windows\System\YqWIKvf.exe
  2⤵
  PID:6008
- C:\Windows\System\DqsSvLe.exe
  C:\Windows\System\DqsSvLe.exe
  2⤵
  PID:6024
- C:\Windows\System\JnaMUvN.exe
  C:\Windows\System\JnaMUvN.exe
  2⤵
  PID:6040
- C:\Windows\System\JMRdROa.exe
  C:\Windows\System\JMRdROa.exe
  2⤵
  PID:6056
- C:\Windows\System\FxtIPyQ.exe
  C:\Windows\System\FxtIPyQ.exe
  2⤵
  PID:6072
- C:\Windows\System\ecXkNPC.exe
  C:\Windows\System\ecXkNPC.exe
  2⤵
  PID:6088
- C:\Windows\System\SaWNbCE.exe
  C:\Windows\System\SaWNbCE.exe
  2⤵
  PID:6104
- C:\Windows\System\jQRFrpx.exe
  C:\Windows\System\jQRFrpx.exe
  2⤵
  PID:6120
- C:\Windows\System\QQVWPvT.exe
  C:\Windows\System\QQVWPvT.exe
  2⤵
  PID:6136
- C:\Windows\System\RwNwupd.exe
  C:\Windows\System\RwNwupd.exe
  2⤵
  PID:4196
- C:\Windows\System\RpibYOh.exe
  C:\Windows\System\RpibYOh.exe
  2⤵
  PID:4276
- C:\Windows\System\cbZStPj.exe
  C:\Windows\System\cbZStPj.exe
  2⤵
  PID:4484
- C:\Windows\System\wBwVfeH.exe
  C:\Windows\System\wBwVfeH.exe
  2⤵
  PID:4580
- C:\Windows\System\ppYdwza.exe
  C:\Windows\System\ppYdwza.exe
  2⤵
  PID:4696
- C:\Windows\System\BNBoAoM.exe
  C:\Windows\System\BNBoAoM.exe
  2⤵
  PID:4884
- C:\Windows\System\LRWgiMj.exe
  C:\Windows\System\LRWgiMj.exe
  2⤵
  PID:4948
- C:\Windows\System\FfFAESB.exe
  C:\Windows\System\FfFAESB.exe
  2⤵
  PID:5044
- C:\Windows\System\XKkHFYZ.exe
  C:\Windows\System\XKkHFYZ.exe
  2⤵
  PID:3980
- C:\Windows\System\PEXNvEp.exe
  C:\Windows\System\PEXNvEp.exe
  2⤵
  PID:5152
- C:\Windows\System\poZdVYq.exe
  C:\Windows\System\poZdVYq.exe
  2⤵
  PID:5164
- C:\Windows\System\KJDfosK.exe
  C:\Windows\System\KJDfosK.exe
  2⤵
  PID:5196
- C:\Windows\System\cRVDupn.exe
  C:\Windows\System\cRVDupn.exe
  2⤵
  PID:5244
- C:\Windows\System\qIEqYdp.exe
  C:\Windows\System\qIEqYdp.exe
  2⤵
  PID:5280
- C:\Windows\System\djpKBhx.exe
  C:\Windows\System\djpKBhx.exe
  2⤵
  PID:5308
- C:\Windows\System\dqKxLEQ.exe
  C:\Windows\System\dqKxLEQ.exe
  2⤵
  PID:5340
- C:\Windows\System\cFSquFK.exe
  C:\Windows\System\cFSquFK.exe
  2⤵
  PID:5356
- C:\Windows\System\xHcyGBZ.exe
  C:\Windows\System\xHcyGBZ.exe
  2⤵
  PID:5388
- C:\Windows\System\CpPZECk.exe
  C:\Windows\System\CpPZECk.exe
  2⤵
  PID:5436
- C:\Windows\System\vLgilLW.exe
  C:\Windows\System\vLgilLW.exe
  2⤵
  PID:5468
- C:\Windows\System\FkaSxHo.exe
  C:\Windows\System\FkaSxHo.exe
  2⤵
  PID:5484
- C:\Windows\System\xCUuIwX.exe
  C:\Windows\System\xCUuIwX.exe
  2⤵
  PID:5536
- C:\Windows\System\eYyCLQz.exe
  C:\Windows\System\eYyCLQz.exe
  2⤵
  PID:5548
- C:\Windows\System\TCWTJlR.exe
  C:\Windows\System\TCWTJlR.exe
  2⤵
  PID:5600
- C:\Windows\System\iFfVOrR.exe
  C:\Windows\System\iFfVOrR.exe
  2⤵
  PID:5636
- C:\Windows\System\IerCxsZ.exe
  C:\Windows\System\IerCxsZ.exe
  2⤵
  PID:5668
- C:\Windows\System\GwnpUet.exe
  C:\Windows\System\GwnpUet.exe
  2⤵
  PID:5684
- C:\Windows\System\xHLyKba.exe
  C:\Windows\System\xHLyKba.exe
  2⤵
  PID:5732
- C:\Windows\System\OvchmYN.exe
  C:\Windows\System\OvchmYN.exe
  2⤵
  PID:5744
- C:\Windows\System\nkPmZSf.exe
  C:\Windows\System\nkPmZSf.exe
  2⤵
  PID:5796
- C:\Windows\System\lJNarme.exe
  C:\Windows\System\lJNarme.exe
  2⤵
  PID:5828
- C:\Windows\System\YRyZbUc.exe
  C:\Windows\System\YRyZbUc.exe
  2⤵
  PID:5860
- C:\Windows\System\mbsOKcC.exe
  C:\Windows\System\mbsOKcC.exe
  2⤵
  PID:5892
- C:\Windows\System\pIjFInB.exe
  C:\Windows\System\pIjFInB.exe
  2⤵
  PID:5908
- C:\Windows\System\JFieeTu.exe
  C:\Windows\System\JFieeTu.exe
  2⤵
  PID:5940
- C:\Windows\System\UYxnNAF.exe
  C:\Windows\System\UYxnNAF.exe
  2⤵
  PID:5988
- C:\Windows\System\AljSYPx.exe
  C:\Windows\System\AljSYPx.exe
  2⤵
  PID:6000
- C:\Windows\System\PkoXtsb.exe
  C:\Windows\System\PkoXtsb.exe
  2⤵
  PID:6032
- C:\Windows\System\aVlnAQc.exe
  C:\Windows\System\aVlnAQc.exe
  2⤵
  PID:6084
- C:\Windows\System\obLkkXF.exe
  C:\Windows\System\obLkkXF.exe
  2⤵
  PID:6116
- C:\Windows\System\IgahmjR.exe
  C:\Windows\System\IgahmjR.exe
  2⤵
  PID:4212
- C:\Windows\System\rmxyiHV.exe
  C:\Windows\System\rmxyiHV.exe
  2⤵
  PID:4452
- C:\Windows\System\JKtaxfF.exe
  C:\Windows\System\JKtaxfF.exe
  2⤵
  PID:4756
- C:\Windows\System\uoSiNyY.exe
  C:\Windows\System\uoSiNyY.exe
  2⤵
  PID:4868
- C:\Windows\System\kjZIURE.exe
  C:\Windows\System\kjZIURE.exe
  2⤵
  PID:4596
- C:\Windows\System\WNawjAY.exe
  C:\Windows\System\WNawjAY.exe
  2⤵
  PID:3632
- C:\Windows\System\uCFsRzJ.exe
  C:\Windows\System\uCFsRzJ.exe
  2⤵
  PID:5168
- C:\Windows\System\IbIiDJW.exe
  C:\Windows\System\IbIiDJW.exe
  2⤵
  PID:5228
- C:\Windows\System\lEQYmMu.exe
  C:\Windows\System\lEQYmMu.exe
  2⤵
  PID:5292
- C:\Windows\System\vIAJqPr.exe
  C:\Windows\System\vIAJqPr.exe
  2⤵
  PID:5372
- C:\Windows\System\plXEfYJ.exe
  C:\Windows\System\plXEfYJ.exe
  2⤵
  PID:5404
- C:\Windows\System\pirgCkR.exe
  C:\Windows\System\pirgCkR.exe
  2⤵
  PID:5500
- C:\Windows\System\dtYSQhp.exe
  C:\Windows\System\dtYSQhp.exe
  2⤵
  PID:5564
- C:\Windows\System\qHcTlNd.exe
  C:\Windows\System\qHcTlNd.exe
  2⤵
  PID:5616
- C:\Windows\System\bnlrlXi.exe
  C:\Windows\System\bnlrlXi.exe
  2⤵
  PID:5632
- C:\Windows\System\ThssDHM.exe
  C:\Windows\System\ThssDHM.exe
  2⤵
  PID:2196
- C:\Windows\System\BxcvDLu.exe
  C:\Windows\System\BxcvDLu.exe
  2⤵
  PID:5792
- C:\Windows\System\rREcYVY.exe
  C:\Windows\System\rREcYVY.exe
  2⤵
  PID:5888
- C:\Windows\System\goAZXfE.exe
  C:\Windows\System\goAZXfE.exe
  2⤵
  PID:5920
- C:\Windows\System\UkDzWDi.exe
  C:\Windows\System\UkDzWDi.exe
  2⤵
  PID:5968
- C:\Windows\System\stOpbJI.exe
  C:\Windows\System\stOpbJI.exe
  2⤵
  PID:6064
- C:\Windows\System\EYqELQt.exe
  C:\Windows\System\EYqELQt.exe
  2⤵
  PID:6128
- C:\Windows\System\JFrkGRE.exe
  C:\Windows\System\JFrkGRE.exe
  2⤵
  PID:6132
- C:\Windows\System\mSWAEWy.exe
  C:\Windows\System\mSWAEWy.exe
  2⤵
  PID:5012
- C:\Windows\System\IKgdAUH.exe
  C:\Windows\System\IKgdAUH.exe
  2⤵
  PID:3968
- C:\Windows\System\QGEwTnv.exe
  C:\Windows\System\QGEwTnv.exe
  2⤵
  PID:5136
- C:\Windows\System\fRIEaGM.exe
  C:\Windows\System\fRIEaGM.exe
  2⤵
  PID:5324
- C:\Windows\System\xYjVKDl.exe
  C:\Windows\System\xYjVKDl.exe
  2⤵
  PID:5520
- C:\Windows\System\JJNrmnO.exe
  C:\Windows\System\JJNrmnO.exe
  2⤵
  PID:6152
- C:\Windows\System\pFsyYGU.exe
  C:\Windows\System\pFsyYGU.exe
  2⤵
  PID:6168
- C:\Windows\System\BGelKpE.exe
  C:\Windows\System\BGelKpE.exe
  2⤵
  PID:6184
- C:\Windows\System\TPKgaGD.exe
  C:\Windows\System\TPKgaGD.exe
  2⤵
  PID:6200
- C:\Windows\System\nRadxFy.exe
  C:\Windows\System\nRadxFy.exe
  2⤵
  PID:6216
- C:\Windows\System\cptLtlt.exe
  C:\Windows\System\cptLtlt.exe
  2⤵
  PID:6232
- C:\Windows\System\JagHzgD.exe
  C:\Windows\System\JagHzgD.exe
  2⤵
  PID:6248
- C:\Windows\System\wMSleyS.exe
  C:\Windows\System\wMSleyS.exe
  2⤵
  PID:6264
- C:\Windows\System\FfHHxMP.exe
  C:\Windows\System\FfHHxMP.exe
  2⤵
  PID:6280
- C:\Windows\System\TrLFyBc.exe
  C:\Windows\System\TrLFyBc.exe
  2⤵
  PID:6296
- C:\Windows\System\fFlRMuI.exe
  C:\Windows\System\fFlRMuI.exe
  2⤵
  PID:6312
- C:\Windows\System\jiDcCNC.exe
  C:\Windows\System\jiDcCNC.exe
  2⤵
  PID:6328
- C:\Windows\System\QFXdcnt.exe
  C:\Windows\System\QFXdcnt.exe
  2⤵
  PID:6344
- C:\Windows\System\jmwgSYQ.exe
  C:\Windows\System\jmwgSYQ.exe
  2⤵
  PID:6360
- C:\Windows\System\xFqojzw.exe
  C:\Windows\System\xFqojzw.exe
  2⤵
  PID:6376
- C:\Windows\System\CXFvMBk.exe
  C:\Windows\System\CXFvMBk.exe
  2⤵
  PID:6392
- C:\Windows\System\ZhjkRxe.exe
  C:\Windows\System\ZhjkRxe.exe
  2⤵
  PID:6408
- C:\Windows\System\QnKvGeM.exe
  C:\Windows\System\QnKvGeM.exe
  2⤵
  PID:6432
- C:\Windows\System\gJeyhmi.exe
  C:\Windows\System\gJeyhmi.exe
  2⤵
  PID:6472
- C:\Windows\System\RgcwyMf.exe
  C:\Windows\System\RgcwyMf.exe
  2⤵
  PID:6488
- C:\Windows\System\dcwUbYr.exe
  C:\Windows\System\dcwUbYr.exe
  2⤵
  PID:6504
- C:\Windows\System\uweVamd.exe
  C:\Windows\System\uweVamd.exe
  2⤵
  PID:6520
- C:\Windows\System\EvWLPTT.exe
  C:\Windows\System\EvWLPTT.exe
  2⤵
  PID:6536
- C:\Windows\System\ZwUOwfA.exe
  C:\Windows\System\ZwUOwfA.exe
  2⤵
  PID:6552
- C:\Windows\System\kXSLxKn.exe
  C:\Windows\System\kXSLxKn.exe
  2⤵
  PID:6568
- C:\Windows\System\FKlkrOT.exe
  C:\Windows\System\FKlkrOT.exe
  2⤵
  PID:6584
- C:\Windows\System\nGoHHTX.exe
  C:\Windows\System\nGoHHTX.exe
  2⤵
  PID:6600
- C:\Windows\System\nYBfexy.exe
  C:\Windows\System\nYBfexy.exe
  2⤵
  PID:6616
- C:\Windows\System\bCJpnqk.exe
  C:\Windows\System\bCJpnqk.exe
  2⤵
  PID:6632
- C:\Windows\System\KaAVbnD.exe
  C:\Windows\System\KaAVbnD.exe
  2⤵
  PID:6648
- C:\Windows\System\eUoslcO.exe
  C:\Windows\System\eUoslcO.exe
  2⤵
  PID:6664
- C:\Windows\System\qfxeeeM.exe
  C:\Windows\System\qfxeeeM.exe
  2⤵
  PID:6680
- C:\Windows\System\GlivQIj.exe
  C:\Windows\System\GlivQIj.exe
  2⤵
  PID:6696
- C:\Windows\System\nkfBiGH.exe
  C:\Windows\System\nkfBiGH.exe
  2⤵
  PID:6712
- C:\Windows\System\FccwIEH.exe
  C:\Windows\System\FccwIEH.exe
  2⤵
  PID:6728
- C:\Windows\System\qpoEqrT.exe
  C:\Windows\System\qpoEqrT.exe
  2⤵
  PID:6744
- C:\Windows\System\roshEVX.exe
  C:\Windows\System\roshEVX.exe
  2⤵
  PID:6764
- C:\Windows\System\XrXOYFX.exe
  C:\Windows\System\XrXOYFX.exe
  2⤵
  PID:6780
- C:\Windows\System\UUQdzaP.exe
  C:\Windows\System\UUQdzaP.exe
  2⤵
  PID:6796
- C:\Windows\System\HVnNeqE.exe
  C:\Windows\System\HVnNeqE.exe
  2⤵
  PID:6816
- C:\Windows\System\BAOKYcP.exe
  C:\Windows\System\BAOKYcP.exe
  2⤵
  PID:6832
- C:\Windows\System\ItvzLyW.exe
  C:\Windows\System\ItvzLyW.exe
  2⤵
  PID:6848
- C:\Windows\System\ljJlBGR.exe
  C:\Windows\System\ljJlBGR.exe
  2⤵
  PID:6864
- C:\Windows\System\jXXMpfG.exe
  C:\Windows\System\jXXMpfG.exe
  2⤵
  PID:6880
- C:\Windows\System\rFwTwwJ.exe
  C:\Windows\System\rFwTwwJ.exe
  2⤵
  PID:6896
- C:\Windows\System\XJOPRdh.exe
  C:\Windows\System\XJOPRdh.exe
  2⤵
  PID:6912
- C:\Windows\System\tdIzYHz.exe
  C:\Windows\System\tdIzYHz.exe
  2⤵
  PID:6948
- C:\Windows\System\kWgrmoQ.exe
  C:\Windows\System\kWgrmoQ.exe
  2⤵
  PID:6964
- C:\Windows\System\STGYpRt.exe
  C:\Windows\System\STGYpRt.exe
  2⤵
  PID:2676
- C:\Windows\System\ADdVCvj.exe
  C:\Windows\System\ADdVCvj.exe
  2⤵
  PID:6192
- C:\Windows\System\rusfPwQ.exe
  C:\Windows\System\rusfPwQ.exe
  2⤵
  PID:6256
- C:\Windows\System\xSarkuC.exe
  C:\Windows\System\xSarkuC.exe
  2⤵
  PID:6292
- C:\Windows\System\EHNtSpy.exe
  C:\Windows\System\EHNtSpy.exe
  2⤵
  PID:6352
- C:\Windows\System\wnQxzwO.exe
  C:\Windows\System\wnQxzwO.exe
  2⤵
  PID:6416
- C:\Windows\System\xeiwTzG.exe
  C:\Windows\System\xeiwTzG.exe
  2⤵
  PID:2932
- C:\Windows\System\enbHziT.exe
  C:\Windows\System\enbHziT.exe
  2⤵
  PID:2680
- C:\Windows\System\dVAYCOX.exe
  C:\Windows\System\dVAYCOX.exe
  2⤵
  PID:2552
- C:\Windows\System\kzRFDGw.exe
  C:\Windows\System\kzRFDGw.exe
  2⤵
  PID:2780
- C:\Windows\System\jBOPITq.exe
  C:\Windows\System\jBOPITq.exe
  2⤵
  PID:3060
- C:\Windows\System\riWVahL.exe
  C:\Windows\System\riWVahL.exe
  2⤵
  PID:2016
- C:\Windows\System\jDwsFtg.exe
  C:\Windows\System\jDwsFtg.exe
  2⤵
  PID:2452
- C:\Windows\System\gKHlIuI.exe
  C:\Windows\System\gKHlIuI.exe
  2⤵
  PID:2792
- C:\Windows\System\dCbFDFr.exe
  C:\Windows\System\dCbFDFr.exe
  2⤵
  PID:6532
- C:\Windows\System\mqcGcyG.exe
  C:\Windows\System\mqcGcyG.exe
  2⤵
  PID:968
- C:\Windows\System\EOKXsfi.exe
  C:\Windows\System\EOKXsfi.exe
  2⤵
  PID:6596
- C:\Windows\System\AriuxbA.exe
  C:\Windows\System\AriuxbA.exe
  2⤵
  PID:6660
- C:\Windows\System\KeLrggb.exe
  C:\Windows\System\KeLrggb.exe
  2⤵
  PID:6692
- C:\Windows\System\EpuSMLC.exe
  C:\Windows\System\EpuSMLC.exe
  2⤵
  PID:6484
- C:\Windows\System\KsgOzoB.exe
  C:\Windows\System\KsgOzoB.exe
  2⤵
  PID:2956
- C:\Windows\System\UiXqVEZ.exe
  C:\Windows\System\UiXqVEZ.exe
  2⤵
  PID:6788
- C:\Windows\System\TWYwZHF.exe
  C:\Windows\System\TWYwZHF.exe
  2⤵
  PID:6544
- C:\Windows\System\qbaIype.exe
  C:\Windows\System\qbaIype.exe
  2⤵
  PID:1800
- C:\Windows\System\AGEplKP.exe
  C:\Windows\System\AGEplKP.exe
  2⤵
  PID:6576
- C:\Windows\System\HImLVdF.exe
  C:\Windows\System\HImLVdF.exe
  2⤵
  PID:6920
- C:\Windows\System\GSxohdi.exe
  C:\Windows\System\GSxohdi.exe
  2⤵
  PID:6676
- C:\Windows\System\YrHiydd.exe
  C:\Windows\System\YrHiydd.exe
  2⤵
  PID:6580
- C:\Windows\System\dkoIJqS.exe
  C:\Windows\System\dkoIJqS.exe
  2⤵
  PID:7056
- C:\Windows\System\IImikxW.exe
  C:\Windows\System\IImikxW.exe
  2⤵
  PID:7072
- C:\Windows\System\TqllyAU.exe
  C:\Windows\System\TqllyAU.exe
  2⤵
  PID:7088
- C:\Windows\System\cyCwpNZ.exe
  C:\Windows\System\cyCwpNZ.exe
  2⤵
  PID:7104
- C:\Windows\System\rPjmBDc.exe
  C:\Windows\System\rPjmBDc.exe
  2⤵
  PID:7120
- C:\Windows\System\NCeObwi.exe
  C:\Windows\System\NCeObwi.exe
  2⤵
  PID:7136
- C:\Windows\System\dlQHuxQ.exe
  C:\Windows\System\dlQHuxQ.exe
  2⤵
  PID:7152
- C:\Windows\System\mshcHQF.exe
  C:\Windows\System\mshcHQF.exe
  2⤵
  PID:5680
- C:\Windows\System\jGGUfaM.exe
  C:\Windows\System\jGGUfaM.exe
  2⤵
  PID:5604
- C:\Windows\System\TCWcqrF.exe
  C:\Windows\System\TCWcqrF.exe
  2⤵
  PID:5952
- C:\Windows\System\IUIvSjy.exe
  C:\Windows\System\IUIvSjy.exe
  2⤵
  PID:6020
- C:\Windows\System\ulGawIw.exe
  C:\Windows\System\ulGawIw.exe
  2⤵
  PID:6096
- C:\Windows\System\QpoDPfX.exe
  C:\Windows\System\QpoDPfX.exe
  2⤵
  PID:4744
- C:\Windows\System\iiBIqOg.exe
  C:\Windows\System\iiBIqOg.exe
  2⤵
  PID:4548
- C:\Windows\System\RWgwdBK.exe
  C:\Windows\System\RWgwdBK.exe
  2⤵
  PID:5328
- C:\Windows\System\BlPnqOR.exe
  C:\Windows\System\BlPnqOR.exe
  2⤵
  PID:6176
- C:\Windows\System\gVXHidk.exe
  C:\Windows\System\gVXHidk.exe
  2⤵
  PID:6240
- C:\Windows\System\IZOPDkn.exe
  C:\Windows\System\IZOPDkn.exe
  2⤵
  PID:6304
- C:\Windows\System\FtEAIVL.exe
  C:\Windows\System\FtEAIVL.exe
  2⤵
  PID:6368
- C:\Windows\System\DySyYxP.exe
  C:\Windows\System\DySyYxP.exe
  2⤵
  PID:6872
- C:\Windows\System\dzcHQiK.exe
  C:\Windows\System\dzcHQiK.exe
  2⤵
  PID:6404
- C:\Windows\System\pNZbebU.exe
  C:\Windows\System\pNZbebU.exe
  2⤵
  PID:2652
- C:\Windows\System\dKwyxJe.exe
  C:\Windows\System\dKwyxJe.exe
  2⤵
  PID:1432
- C:\Windows\System\ZiwMEcH.exe
  C:\Windows\System\ZiwMEcH.exe
  2⤵
  PID:2080
- C:\Windows\System\nGfNLdc.exe
  C:\Windows\System\nGfNLdc.exe
  2⤵
  PID:6824
- C:\Windows\System\QHqzZJg.exe
  C:\Windows\System\QHqzZJg.exe
  2⤵
  PID:6928
- C:\Windows\System\BfbDJFx.exe
  C:\Windows\System\BfbDJFx.exe
  2⤵
  PID:2564
- C:\Windows\System\rCyAJIk.exe
  C:\Windows\System\rCyAJIk.exe
  2⤵
  PID:6560
- C:\Windows\System\HGumUOo.exe
  C:\Windows\System\HGumUOo.exe
  2⤵
  PID:772
- C:\Windows\System\cisIrop.exe
  C:\Windows\System\cisIrop.exe
  2⤵
  PID:2596
- C:\Windows\System\AEevrmJ.exe
  C:\Windows\System\AEevrmJ.exe
  2⤵
  PID:6452
- C:\Windows\System\luhpGqr.exe
  C:\Windows\System\luhpGqr.exe
  2⤵
  PID:2648
- C:\Windows\System\SCMLgaK.exe
  C:\Windows\System\SCMLgaK.exe
  2⤵
  PID:6828
- C:\Windows\System\uByBuNb.exe
  C:\Windows\System\uByBuNb.exe
  2⤵
  PID:6644
- C:\Windows\System\PUAPYeO.exe
  C:\Windows\System\PUAPYeO.exe
  2⤵
  PID:820
- C:\Windows\System\edDfwMv.exe
  C:\Windows\System\edDfwMv.exe
  2⤵
  PID:6944
- C:\Windows\System\tKsxEsO.exe
  C:\Windows\System\tKsxEsO.exe
  2⤵
  PID:1292
- C:\Windows\System\skOyQFd.exe
  C:\Windows\System\skOyQFd.exe
  2⤵
  PID:6992
- C:\Windows\System\TsAhvdq.exe
  C:\Windows\System\TsAhvdq.exe
  2⤵
  PID:7008
- C:\Windows\System\JJaMRVR.exe
  C:\Windows\System\JJaMRVR.exe
  2⤵
  PID:3048
- C:\Windows\System\qcnPfzl.exe
  C:\Windows\System\qcnPfzl.exe
  2⤵
  PID:2992
- C:\Windows\System\OsQqTxP.exe
  C:\Windows\System\OsQqTxP.exe
  2⤵
  PID:2096
- C:\Windows\System\NxTRePu.exe
  C:\Windows\System\NxTRePu.exe
  2⤵
  PID:2112
- C:\Windows\System\NuoHnib.exe
  C:\Windows\System\NuoHnib.exe
  2⤵
  PID:7044
- C:\Windows\System\MhalBUn.exe
  C:\Windows\System\MhalBUn.exe
  2⤵
  PID:7084
- C:\Windows\System\SsjZfUb.exe
  C:\Windows\System\SsjZfUb.exe
  2⤵
  PID:3020
- C:\Windows\System\FUXzfaj.exe
  C:\Windows\System\FUXzfaj.exe
  2⤵
  PID:7148
- C:\Windows\System\aIuNHPw.exe
  C:\Windows\System\aIuNHPw.exe
  2⤵
  PID:7100
- C:\Windows\System\JoITjDQ.exe
  C:\Windows\System\JoITjDQ.exe
  2⤵
  PID:5728
- C:\Windows\System\TGEnAqw.exe
  C:\Windows\System\TGEnAqw.exe
  2⤵
  PID:4324
- C:\Windows\System\Njdlwsy.exe
  C:\Windows\System\Njdlwsy.exe
  2⤵
  PID:5580
- C:\Windows\System\EptEXqS.exe
  C:\Windows\System\EptEXqS.exe
  2⤵
  PID:5276
- C:\Windows\System\hhJrqKg.exe
  C:\Windows\System\hhJrqKg.exe
  2⤵
  PID:6336
- C:\Windows\System\JjrUloS.exe
  C:\Windows\System\JjrUloS.exe
  2⤵
  PID:6148
- C:\Windows\System\ALxmJIl.exe
  C:\Windows\System\ALxmJIl.exe
  2⤵
  PID:6844
- C:\Windows\System\iUBrCDj.exe
  C:\Windows\System\iUBrCDj.exe
  2⤵
  PID:7024
- C:\Windows\System\SrclbcX.exe
  C:\Windows\System\SrclbcX.exe
  2⤵
  PID:6400
- C:\Windows\System\ZKfijJc.exe
  C:\Windows\System\ZKfijJc.exe
  2⤵
  PID:6420
- C:\Windows\System\zQaLvGv.exe
  C:\Windows\System\zQaLvGv.exe
  2⤵
  PID:6528
- C:\Windows\System\pCrAAtN.exe
  C:\Windows\System\pCrAAtN.exe
  2⤵
  PID:6496
- C:\Windows\System\yTIXNos.exe
  C:\Windows\System\yTIXNos.exe
  2⤵
  PID:3040
- C:\Windows\System\YWQUvIz.exe
  C:\Windows\System\YWQUvIz.exe
  2⤵
  PID:6936
- C:\Windows\System\BafUwWb.exe
  C:\Windows\System\BafUwWb.exe
  2⤵
  PID:2608
- C:\Windows\System\iifWhNZ.exe
  C:\Windows\System\iifWhNZ.exe
  2⤵
  PID:6424
- C:\Windows\System\yvcRUfs.exe
  C:\Windows\System\yvcRUfs.exe
  2⤵
  PID:5972
- C:\Windows\System\FuotwTn.exe
  C:\Windows\System\FuotwTn.exe
  2⤵
  PID:2512
- C:\Windows\System\OyjtUNy.exe
  C:\Windows\System\OyjtUNy.exe
  2⤵
  PID:6776
- C:\Windows\System\yyZScWB.exe
  C:\Windows\System\yyZScWB.exe
  2⤵
  PID:6708
- C:\Windows\System\MnyRBMU.exe
  C:\Windows\System\MnyRBMU.exe
  2⤵
  PID:6608
- C:\Windows\System\haDhlSl.exe
  C:\Windows\System\haDhlSl.exe
  2⤵
  PID:2836
- C:\Windows\System\faDAhSG.exe
  C:\Windows\System\faDAhSG.exe
  2⤵
  PID:7040
- C:\Windows\System\xhhmovR.exe
  C:\Windows\System\xhhmovR.exe
  2⤵
  PID:2720
- C:\Windows\System\WnxJhyY.exe
  C:\Windows\System\WnxJhyY.exe
  2⤵
  PID:7184
- C:\Windows\System\JLPcXME.exe
  C:\Windows\System\JLPcXME.exe
  2⤵
  PID:7200
- C:\Windows\System\rKNCtTC.exe
  C:\Windows\System\rKNCtTC.exe
  2⤵
  PID:7216
- C:\Windows\System\vSNbjHo.exe
  C:\Windows\System\vSNbjHo.exe
  2⤵
  PID:7232
- C:\Windows\System\SxlOqIX.exe
  C:\Windows\System\SxlOqIX.exe
  2⤵
  PID:7248
- C:\Windows\System\hsVkYpu.exe
  C:\Windows\System\hsVkYpu.exe
  2⤵
  PID:7264
- C:\Windows\System\vVVLWll.exe
  C:\Windows\System\vVVLWll.exe
  2⤵
  PID:7280
- C:\Windows\System\xvUmBiF.exe
  C:\Windows\System\xvUmBiF.exe
  2⤵
  PID:7296
- C:\Windows\System\owDDbXI.exe
  C:\Windows\System\owDDbXI.exe
  2⤵
  PID:7312
- C:\Windows\System\xDVxubr.exe
  C:\Windows\System\xDVxubr.exe
  2⤵
  PID:7328
- C:\Windows\System\akXTjit.exe
  C:\Windows\System\akXTjit.exe
  2⤵
  PID:7348
- C:\Windows\System\gMNqBuF.exe
  C:\Windows\System\gMNqBuF.exe
  2⤵
  PID:7364
- C:\Windows\System\Pvdycbi.exe
  C:\Windows\System\Pvdycbi.exe
  2⤵
  PID:7380
- C:\Windows\System\pzlTXjj.exe
  C:\Windows\System\pzlTXjj.exe
  2⤵
  PID:7396
- C:\Windows\System\tMFhIlM.exe
  C:\Windows\System\tMFhIlM.exe
  2⤵
  PID:7412
- C:\Windows\System\zTWaeXo.exe
  C:\Windows\System\zTWaeXo.exe
  2⤵
  PID:7428
- C:\Windows\System\bljegOE.exe
  C:\Windows\System\bljegOE.exe
  2⤵
  PID:7444
- C:\Windows\System\VrelAuN.exe
  C:\Windows\System\VrelAuN.exe
  2⤵
  PID:7460
- C:\Windows\System\oPULXUo.exe
  C:\Windows\System\oPULXUo.exe
  2⤵
  PID:7476
- C:\Windows\System\Uetoakm.exe
  C:\Windows\System\Uetoakm.exe
  2⤵
  PID:7492
- C:\Windows\System\YGqYQou.exe
  C:\Windows\System\YGqYQou.exe
  2⤵
  PID:7508
- C:\Windows\System\XxHMMZu.exe
  C:\Windows\System\XxHMMZu.exe
  2⤵
  PID:7524
- C:\Windows\System\jYVFvHU.exe
  C:\Windows\System\jYVFvHU.exe
  2⤵
  PID:7540
- C:\Windows\System\QNWpzkx.exe
  C:\Windows\System\QNWpzkx.exe
  2⤵
  PID:7556
- C:\Windows\System\FHGoSKv.exe
  C:\Windows\System\FHGoSKv.exe
  2⤵
  PID:7572
- C:\Windows\System\mNQMxmI.exe
  C:\Windows\System\mNQMxmI.exe
  2⤵
  PID:7588
- C:\Windows\System\kgULaEH.exe
  C:\Windows\System\kgULaEH.exe
  2⤵
  PID:7604
- C:\Windows\System\BEKTcDw.exe
  C:\Windows\System\BEKTcDw.exe
  2⤵
  PID:7620
- C:\Windows\System\rXNwiDF.exe
  C:\Windows\System\rXNwiDF.exe
  2⤵
  PID:7636
- C:\Windows\System\nPBGdvV.exe
  C:\Windows\System\nPBGdvV.exe
  2⤵
  PID:7652
- C:\Windows\System\KOtyNhT.exe
  C:\Windows\System\KOtyNhT.exe
  2⤵
  PID:7668
- C:\Windows\System\PlWAbYN.exe
  C:\Windows\System\PlWAbYN.exe
  2⤵
  PID:7684
- C:\Windows\System\BCXqqMK.exe
  C:\Windows\System\BCXqqMK.exe
  2⤵
  PID:7700
- C:\Windows\System\wVxEekv.exe
  C:\Windows\System\wVxEekv.exe
  2⤵
  PID:7716
- C:\Windows\System\aWEFNzC.exe
  C:\Windows\System\aWEFNzC.exe
  2⤵
  PID:7732
- C:\Windows\System\wQOQkXi.exe
  C:\Windows\System\wQOQkXi.exe
  2⤵
  PID:7752
- C:\Windows\System\pkKpEoA.exe
  C:\Windows\System\pkKpEoA.exe
  2⤵
  PID:7768
- C:\Windows\System\uaYQwJQ.exe
  C:\Windows\System\uaYQwJQ.exe
  2⤵
  PID:7784
- C:\Windows\System\fIZoRHI.exe
  C:\Windows\System\fIZoRHI.exe
  2⤵
  PID:7800
- C:\Windows\System\nXNXUdj.exe
  C:\Windows\System\nXNXUdj.exe
  2⤵
  PID:7816
- C:\Windows\System\olOLXXw.exe
  C:\Windows\System\olOLXXw.exe
  2⤵
  PID:7832
- C:\Windows\System\jWpRtfU.exe
  C:\Windows\System\jWpRtfU.exe
  2⤵
  PID:7848
- C:\Windows\System\DLyTNuP.exe
  C:\Windows\System\DLyTNuP.exe
  2⤵
  PID:7864
- C:\Windows\System\tDYeVPu.exe
  C:\Windows\System\tDYeVPu.exe
  2⤵
  PID:7880
- C:\Windows\System\MNQUUFa.exe
  C:\Windows\System\MNQUUFa.exe
  2⤵
  PID:7896
- C:\Windows\System\wREGige.exe
  C:\Windows\System\wREGige.exe
  2⤵
  PID:7912
- C:\Windows\System\avJhfiz.exe
  C:\Windows\System\avJhfiz.exe
  2⤵
  PID:7928
- C:\Windows\System\TVzqRug.exe
  C:\Windows\System\TVzqRug.exe
  2⤵
  PID:7944
- C:\Windows\System\SlZwSeV.exe
  C:\Windows\System\SlZwSeV.exe
  2⤵
  PID:7960
- C:\Windows\System\SuYKHPm.exe
  C:\Windows\System\SuYKHPm.exe
  2⤵
  PID:7976
- C:\Windows\System\VIDBiIb.exe
  C:\Windows\System\VIDBiIb.exe
  2⤵
  PID:7992
- C:\Windows\System\QwVkQDT.exe
  C:\Windows\System\QwVkQDT.exe
  2⤵
  PID:8012
- C:\Windows\System\JSEetCL.exe
  C:\Windows\System\JSEetCL.exe
  2⤵
  PID:8028
- C:\Windows\System\kShwlzu.exe
  C:\Windows\System\kShwlzu.exe
  2⤵
  PID:8044
- C:\Windows\System\ciGtpBv.exe
  C:\Windows\System\ciGtpBv.exe
  2⤵
  PID:8060
- C:\Windows\System\rTxZdhW.exe
  C:\Windows\System\rTxZdhW.exe
  2⤵
  PID:8080
- C:\Windows\System\HhodFhI.exe
  C:\Windows\System\HhodFhI.exe
  2⤵
  PID:8096
- C:\Windows\System\HsAIeng.exe
  C:\Windows\System\HsAIeng.exe
  2⤵
  PID:8112
- C:\Windows\System\oKXccJF.exe
  C:\Windows\System\oKXccJF.exe
  2⤵
  PID:8128
- C:\Windows\System\VktJhdw.exe
  C:\Windows\System\VktJhdw.exe
  2⤵
  PID:8144
- C:\Windows\System\qNYEVFt.exe
  C:\Windows\System\qNYEVFt.exe
  2⤵
  PID:8160
- C:\Windows\System\afaSSLK.exe
  C:\Windows\System\afaSSLK.exe
  2⤵
  PID:8176
- C:\Windows\System\taOzGoi.exe
  C:\Windows\System\taOzGoi.exe
  2⤵
  PID:5824
- C:\Windows\System\mYIjRFO.exe
  C:\Windows\System\mYIjRFO.exe
  2⤵
  PID:7192
- C:\Windows\System\FQJCxDz.exe
  C:\Windows\System\FQJCxDz.exe
  2⤵
  PID:7256
- C:\Windows\System\nUhQLou.exe
  C:\Windows\System\nUhQLou.exe
  2⤵
  PID:7320
- C:\Windows\System\nCVDZyP.exe
  C:\Windows\System\nCVDZyP.exe
  2⤵
  PID:6628
- C:\Windows\System\AOtkATn.exe
  C:\Windows\System\AOtkATn.exe
  2⤵
  PID:6752
- C:\Windows\System\eSBDdRt.exe
  C:\Windows\System\eSBDdRt.exe
  2⤵
  PID:6736
- C:\Windows\System\avYeecR.exe
  C:\Windows\System\avYeecR.exe
  2⤵
  PID:6976
- C:\Windows\System\pQbGQvn.exe
  C:\Windows\System\pQbGQvn.exe
  2⤵
  PID:7144
- C:\Windows\System\THQYtqu.exe
  C:\Windows\System\THQYtqu.exe
  2⤵
  PID:5712
- C:\Windows\System\qivDXKj.exe
  C:\Windows\System\qivDXKj.exe
  2⤵
  PID:6840
- C:\Windows\System\bgtzSfS.exe
  C:\Windows\System\bgtzSfS.exe
  2⤵
  PID:6460
- C:\Windows\System\REekqqE.exe
  C:\Windows\System\REekqqE.exe
  2⤵
  PID:7356
- C:\Windows\System\WOgOzJm.exe
  C:\Windows\System\WOgOzJm.exe
  2⤵
  PID:7420
- C:\Windows\System\QIxTgET.exe
  C:\Windows\System\QIxTgET.exe
  2⤵
  PID:7484
- C:\Windows\System\TTNpsEX.exe
  C:\Windows\System\TTNpsEX.exe
  2⤵
  PID:7548
- C:\Windows\System\Aqncutp.exe
  C:\Windows\System\Aqncutp.exe
  2⤵
  PID:7612
- C:\Windows\System\ujMLRnG.exe
  C:\Windows\System\ujMLRnG.exe
  2⤵
  PID:7676
- C:\Windows\System\SrNjMVD.exe
  C:\Windows\System\SrNjMVD.exe
  2⤵
  PID:7740
- C:\Windows\System\CjAwSNl.exe
  C:\Windows\System\CjAwSNl.exe
  2⤵
  PID:7096
- C:\Windows\System\VKleSmx.exe
  C:\Windows\System\VKleSmx.exe
  2⤵
  PID:2688
- C:\Windows\System\huCYZdo.exe
  C:\Windows\System\huCYZdo.exe
  2⤵
  PID:7180
- C:\Windows\System\CURdspB.exe
  C:\Windows\System\CURdspB.exe
  2⤵
  PID:7276
- C:\Windows\System\TWqnQCv.exe
  C:\Windows\System\TWqnQCv.exe
  2⤵
  PID:7808
- C:\Windows\System\iEIsJaW.exe
  C:\Windows\System\iEIsJaW.exe
  2⤵
  PID:7872
- C:\Windows\System\SnirdVt.exe
  C:\Windows\System\SnirdVt.exe
  2⤵
  PID:7440
- C:\Windows\System\AjphWbe.exe
  C:\Windows\System\AjphWbe.exe
  2⤵
  PID:7408
- C:\Windows\System\VASgqRY.exe
  C:\Windows\System\VASgqRY.exe
  2⤵
  PID:7500
- C:\Windows\System\OuatXSY.exe
  C:\Windows\System\OuatXSY.exe
  2⤵
  PID:7564
- C:\Windows\System\DvbkiyB.exe
  C:\Windows\System\DvbkiyB.exe
  2⤵
  PID:7628
- C:\Windows\System\OKNSYSA.exe
  C:\Windows\System\OKNSYSA.exe
  2⤵
  PID:7692
- C:\Windows\System\fbAkzcy.exe
  C:\Windows\System\fbAkzcy.exe
  2⤵
  PID:7760
- C:\Windows\System\WMDhdGH.exe
  C:\Windows\System\WMDhdGH.exe
  2⤵
  PID:7824
- C:\Windows\System\PXwKAuz.exe
  C:\Windows\System\PXwKAuz.exe
  2⤵
  PID:7888
- C:\Windows\System\wnkdXeX.exe
  C:\Windows\System\wnkdXeX.exe
  2⤵
  PID:7936
- C:\Windows\System\WOAbroT.exe
  C:\Windows\System\WOAbroT.exe
  2⤵
  PID:7984
- C:\Windows\System\qNUgwas.exe
  C:\Windows\System\qNUgwas.exe
  2⤵
  PID:7972
- C:\Windows\System\HmVysvl.exe
  C:\Windows\System\HmVysvl.exe
  2⤵
  PID:8052
- C:\Windows\System\UgesDxy.exe
  C:\Windows\System\UgesDxy.exe
  2⤵
  PID:8072
- C:\Windows\System\kWQVAmi.exe
  C:\Windows\System\kWQVAmi.exe
  2⤵
  PID:8120
- C:\Windows\System\pDHJcqX.exe
  C:\Windows\System\pDHJcqX.exe
  2⤵
  PID:8140
- C:\Windows\System\CcjEGrr.exe
  C:\Windows\System\CcjEGrr.exe
  2⤵
  PID:5588
- C:\Windows\System\cZljetq.exe
  C:\Windows\System\cZljetq.exe
  2⤵
  PID:8124
- C:\Windows\System\OBHAdPT.exe
  C:\Windows\System\OBHAdPT.exe
  2⤵
  PID:8152
- C:\Windows\System\jgXIyIJ.exe
  C:\Windows\System\jgXIyIJ.exe
  2⤵
  PID:6720
- C:\Windows\System\fgcpwfE.exe
  C:\Windows\System\fgcpwfE.exe
  2⤵
  PID:7132
- C:\Windows\System\hLNdmsm.exe
  C:\Windows\System\hLNdmsm.exe
  2⤵
  PID:7388
- C:\Windows\System\trbtjdi.exe
  C:\Windows\System\trbtjdi.exe
  2⤵
  PID:7644
- C:\Windows\System\gCKwsiA.exe
  C:\Windows\System\gCKwsiA.exe
  2⤵
  PID:7036
- C:\Windows\System\hLpcrif.exe
  C:\Windows\System\hLpcrif.exe
  2⤵
  PID:7904
- C:\Windows\System\JPrrTaV.exe
  C:\Windows\System\JPrrTaV.exe
  2⤵
  PID:1036
- C:\Windows\System\DOSvdOg.exe
  C:\Windows\System\DOSvdOg.exe
  2⤵
  PID:2888
- C:\Windows\System\ZJjFcmx.exe
  C:\Windows\System\ZJjFcmx.exe
  2⤵
  PID:7272
- C:\Windows\System\jyUxSzs.exe
  C:\Windows\System\jyUxSzs.exe
  2⤵
  PID:7580
- C:\Windows\System\XLSRNne.exe
  C:\Windows\System\XLSRNne.exe
  2⤵
  PID:1804
- C:\Windows\System\NDJtYuG.exe
  C:\Windows\System\NDJtYuG.exe
  2⤵
  PID:7844
- C:\Windows\System\IaWHgtv.exe
  C:\Windows\System\IaWHgtv.exe
  2⤵
  PID:7536
- C:\Windows\System\NtLfElc.exe
  C:\Windows\System\NtLfElc.exe
  2⤵
  PID:7724
- C:\Windows\System\kfVnUVD.exe
  C:\Windows\System\kfVnUVD.exe
  2⤵
  PID:7792
- C:\Windows\System\tttQKlj.exe
  C:\Windows\System\tttQKlj.exe
  2⤵
  PID:1744
- C:\Windows\System\DZnaLtR.exe
  C:\Windows\System\DZnaLtR.exe
  2⤵
  PID:7016
- C:\Windows\System\wzugoyy.exe
  C:\Windows\System\wzugoyy.exe
  2⤵
  PID:7968
- C:\Windows\System\PcGdayP.exe
  C:\Windows\System\PcGdayP.exe
  2⤵
  PID:8104
- C:\Windows\System\ibAlMIr.exe
  C:\Windows\System\ibAlMIr.exe
  2⤵
  PID:2692
- C:\Windows\System\DJvxtMi.exe
  C:\Windows\System\DJvxtMi.exe
  2⤵
  PID:7288
- C:\Windows\System\SJqTvrE.exe
  C:\Windows\System\SJqTvrE.exe
  2⤵
  PID:7292
- C:\Windows\System\rdSozyi.exe
  C:\Windows\System\rdSozyi.exe
  2⤵
  PID:7516
- C:\Windows\System\dAAxxNP.exe
  C:\Windows\System\dAAxxNP.exe
  2⤵
  PID:7776
- C:\Windows\System\OTYfsdh.exe
  C:\Windows\System\OTYfsdh.exe
  2⤵
  PID:7712
- C:\Windows\System\YNbiKmA.exe
  C:\Windows\System\YNbiKmA.exe
  2⤵
  PID:7708
- C:\Windows\System\AtEMIVg.exe
  C:\Windows\System\AtEMIVg.exe
  2⤵
  PID:6760
- C:\Windows\System\GYGLBjG.exe
  C:\Windows\System\GYGLBjG.exe
  2⤵
  PID:7244
- C:\Windows\System\PDWdtTA.exe
  C:\Windows\System\PDWdtTA.exe
  2⤵
  PID:7856
- C:\Windows\System\kJcgINB.exe
  C:\Windows\System\kJcgINB.exe
  2⤵
  PID:8172
- C:\Windows\System\LgJzhGp.exe
  C:\Windows\System\LgJzhGp.exe
  2⤵
  PID:7032
- C:\Windows\System\VRSTRdx.exe
  C:\Windows\System\VRSTRdx.exe
  2⤵
  PID:7456
- C:\Windows\System\mGAcBis.exe
  C:\Windows\System\mGAcBis.exe
  2⤵
  PID:7468
- C:\Windows\System\wbETYZK.exe
  C:\Windows\System\wbETYZK.exe
  2⤵
  PID:8204
- C:\Windows\System\GGkyVoW.exe
  C:\Windows\System\GGkyVoW.exe
  2⤵
  PID:8220
- C:\Windows\System\LdhqYfr.exe
  C:\Windows\System\LdhqYfr.exe
  2⤵
  PID:8236
- C:\Windows\System\sEiEmUa.exe
  C:\Windows\System\sEiEmUa.exe
  2⤵
  PID:8252
- C:\Windows\System\wwZaDim.exe
  C:\Windows\System\wwZaDim.exe
  2⤵
  PID:8268
- C:\Windows\System\qAHROpV.exe
  C:\Windows\System\qAHROpV.exe
  2⤵
  PID:8284
- C:\Windows\System\riivtKT.exe
  C:\Windows\System\riivtKT.exe
  2⤵
  PID:8300
- C:\Windows\System\gZNAQwz.exe
  C:\Windows\System\gZNAQwz.exe
  2⤵
  PID:8316
- C:\Windows\System\iSotfTM.exe
  C:\Windows\System\iSotfTM.exe
  2⤵
  PID:8332
- C:\Windows\System\TjjVgzm.exe
  C:\Windows\System\TjjVgzm.exe
  2⤵
  PID:8348
- C:\Windows\System\GEfYdjO.exe
  C:\Windows\System\GEfYdjO.exe
  2⤵
  PID:8364
- C:\Windows\System\lwRQpDq.exe
  C:\Windows\System\lwRQpDq.exe
  2⤵
  PID:8380
- C:\Windows\System\uuBsXTG.exe
  C:\Windows\System\uuBsXTG.exe
  2⤵
  PID:8396
- C:\Windows\System\rDVPAmx.exe
  C:\Windows\System\rDVPAmx.exe
  2⤵
  PID:8416
- C:\Windows\System\lzpsmOm.exe
  C:\Windows\System\lzpsmOm.exe
  2⤵
  PID:8436
- C:\Windows\System\DdQCkQT.exe
  C:\Windows\System\DdQCkQT.exe
  2⤵
  PID:8452
- C:\Windows\System\axgpLct.exe
  C:\Windows\System\axgpLct.exe
  2⤵
  PID:8468
- C:\Windows\System\UCMSiEl.exe
  C:\Windows\System\UCMSiEl.exe
  2⤵
  PID:8484
- C:\Windows\System\uaiZNxI.exe
  C:\Windows\System\uaiZNxI.exe
  2⤵
  PID:8500
- C:\Windows\System\idzILRS.exe
  C:\Windows\System\idzILRS.exe
  2⤵
  PID:8516
- C:\Windows\System\ynWTREh.exe
  C:\Windows\System\ynWTREh.exe
  2⤵
  PID:8532
- C:\Windows\System\LfxRWGz.exe
  C:\Windows\System\LfxRWGz.exe
  2⤵
  PID:8548
- C:\Windows\System\QeMKhGx.exe
  C:\Windows\System\QeMKhGx.exe
  2⤵
  PID:8564
- C:\Windows\System\HtKJYVb.exe
  C:\Windows\System\HtKJYVb.exe
  2⤵
  PID:8580
- C:\Windows\System\WshISAC.exe
  C:\Windows\System\WshISAC.exe
  2⤵
  PID:8596
- C:\Windows\System\ChsiCBK.exe
  C:\Windows\System\ChsiCBK.exe
  2⤵
  PID:8612
- C:\Windows\System\MwQdtjx.exe
  C:\Windows\System\MwQdtjx.exe
  2⤵
  PID:8628
- C:\Windows\System\bpHHaae.exe
  C:\Windows\System\bpHHaae.exe
  2⤵
  PID:8644
- C:\Windows\System\EiXskIw.exe
  C:\Windows\System\EiXskIw.exe
  2⤵
  PID:8660
- C:\Windows\System\rZScboY.exe
  C:\Windows\System\rZScboY.exe
  2⤵
  PID:8676
- C:\Windows\System\uQjPPEU.exe
  C:\Windows\System\uQjPPEU.exe
  2⤵
  PID:8692
- C:\Windows\System\BXaXDGE.exe
  C:\Windows\System\BXaXDGE.exe
  2⤵
  PID:8708
- C:\Windows\System\ldNNKYG.exe
  C:\Windows\System\ldNNKYG.exe
  2⤵
  PID:8724
- C:\Windows\System\RKCQVaf.exe
  C:\Windows\System\RKCQVaf.exe
  2⤵
  PID:8740
- C:\Windows\System\VYqIcIb.exe
  C:\Windows\System\VYqIcIb.exe
  2⤵
  PID:8756
- C:\Windows\System\GCLwjzE.exe
  C:\Windows\System\GCLwjzE.exe
  2⤵
  PID:8772
- C:\Windows\System\OfiVaQr.exe
  C:\Windows\System\OfiVaQr.exe
  2⤵
  PID:8788
- C:\Windows\System\pUmUxHF.exe
  C:\Windows\System\pUmUxHF.exe
  2⤵
  PID:8804
- C:\Windows\System\wRJwJQw.exe
  C:\Windows\System\wRJwJQw.exe
  2⤵
  PID:8820
- C:\Windows\System\fXDcbwT.exe
  C:\Windows\System\fXDcbwT.exe
  2⤵
  PID:8836
- C:\Windows\System\aLkyfNU.exe
  C:\Windows\System\aLkyfNU.exe
  2⤵
  PID:8852
- C:\Windows\System\vxPuZcP.exe
  C:\Windows\System\vxPuZcP.exe
  2⤵
  PID:8868
- C:\Windows\System\VOUOPtP.exe
  C:\Windows\System\VOUOPtP.exe
  2⤵
  PID:8884
- C:\Windows\System\fKbJpGB.exe
  C:\Windows\System\fKbJpGB.exe
  2⤵
  PID:8900
- C:\Windows\System\aJorccX.exe
  C:\Windows\System\aJorccX.exe
  2⤵
  PID:8916
- C:\Windows\System\mdwVpzB.exe
  C:\Windows\System\mdwVpzB.exe
  2⤵
  PID:8932
- C:\Windows\System\TeLxNwu.exe
  C:\Windows\System\TeLxNwu.exe
  2⤵
  PID:8948
- C:\Windows\System\FNDiyEq.exe
  C:\Windows\System\FNDiyEq.exe
  2⤵
  PID:8964
- C:\Windows\System\WJtnxEY.exe
  C:\Windows\System\WJtnxEY.exe
  2⤵
  PID:8980
- C:\Windows\System\udeBWGK.exe
  C:\Windows\System\udeBWGK.exe
  2⤵
  PID:8996
- C:\Windows\System\EUNzyVm.exe
  C:\Windows\System\EUNzyVm.exe
  2⤵
  PID:9012
- C:\Windows\System\tIxNqKs.exe
  C:\Windows\System\tIxNqKs.exe
  2⤵
  PID:9028
- C:\Windows\System\DrwdYxn.exe
  C:\Windows\System\DrwdYxn.exe
  2⤵
  PID:9044
- C:\Windows\System\mBBSsfb.exe
  C:\Windows\System\mBBSsfb.exe
  2⤵
  PID:9060
- C:\Windows\System\rsYCJYP.exe
  C:\Windows\System\rsYCJYP.exe
  2⤵
  PID:9076
- C:\Windows\System\nSyugQh.exe
  C:\Windows\System\nSyugQh.exe
  2⤵
  PID:9092
- C:\Windows\System\yVycHiZ.exe
  C:\Windows\System\yVycHiZ.exe
  2⤵
  PID:9108
- C:\Windows\System\lhaygVU.exe
  C:\Windows\System\lhaygVU.exe
  2⤵
  PID:9124
- C:\Windows\System\jqXuQBz.exe
  C:\Windows\System\jqXuQBz.exe
  2⤵
  PID:9140
- C:\Windows\System\eRuKEAx.exe
  C:\Windows\System\eRuKEAx.exe
  2⤵
  PID:9156
- C:\Windows\System\usCvMQw.exe
  C:\Windows\System\usCvMQw.exe
  2⤵
  PID:9172
- C:\Windows\System\kWMEoAC.exe
  C:\Windows\System\kWMEoAC.exe
  2⤵
  PID:9188
- C:\Windows\System\zGwaGpm.exe
  C:\Windows\System\zGwaGpm.exe
  2⤵
  PID:9204
- C:\Windows\System\NqVzUBC.exe
  C:\Windows\System\NqVzUBC.exe
  2⤵
  PID:8200
- C:\Windows\System\ewSBDTF.exe
  C:\Windows\System\ewSBDTF.exe
  2⤵
  PID:8260
- C:\Windows\System\aDrZxEB.exe
  C:\Windows\System\aDrZxEB.exe
  2⤵
  PID:8296
- C:\Windows\System\llLSlPF.exe
  C:\Windows\System\llLSlPF.exe
  2⤵
  PID:8360
- C:\Windows\System\VxihXUB.exe
  C:\Windows\System\VxihXUB.exe
  2⤵
  PID:2712
- C:\Windows\System\UXyQaNy.exe
  C:\Windows\System\UXyQaNy.exe
  2⤵
  PID:8184
- C:\Windows\System\mePXVzm.exe
  C:\Windows\System\mePXVzm.exe
  2⤵
  PID:8036
- C:\Windows\System\AVeyqUl.exe
  C:\Windows\System\AVeyqUl.exe
  2⤵
  PID:8212
- C:\Windows\System\uTggXGd.exe
  C:\Windows\System\uTggXGd.exe
  2⤵
  PID:8040
- C:\Windows\System\zVnbyDM.exe
  C:\Windows\System\zVnbyDM.exe
  2⤵
  PID:8428
- C:\Windows\System\yEwrQLH.exe
  C:\Windows\System\yEwrQLH.exe
  2⤵
  PID:8492
- C:\Windows\System\bgAYajq.exe
  C:\Windows\System\bgAYajq.exe
  2⤵
  PID:8216
- C:\Windows\System\ZPGZvun.exe
  C:\Windows\System\ZPGZvun.exe
  2⤵
  PID:8312
- C:\Windows\System\YXvkhgw.exe
  C:\Windows\System\YXvkhgw.exe
  2⤵
  PID:8376
- C:\Windows\System\zGGRADL.exe
  C:\Windows\System\zGGRADL.exe
  2⤵
  PID:8448
- C:\Windows\System\BKapnkt.exe
  C:\Windows\System\BKapnkt.exe
  2⤵
  PID:8476
- C:\Windows\System\yukFtdX.exe
  C:\Windows\System\yukFtdX.exe
  2⤵
  PID:8592
- C:\Windows\System\VXbHpno.exe
  C:\Windows\System\VXbHpno.exe
  2⤵
  PID:8572
- C:\Windows\System\IDudxar.exe
  C:\Windows\System\IDudxar.exe
  2⤵
  PID:8444
- C:\Windows\System\zynIXtb.exe
  C:\Windows\System\zynIXtb.exe
  2⤵
  PID:8656
- C:\Windows\System\rqvoHtA.exe
  C:\Windows\System\rqvoHtA.exe
  2⤵
  PID:8640
- C:\Windows\System\qMXLzip.exe
  C:\Windows\System\qMXLzip.exe
  2⤵
  PID:8716
- C:\Windows\System\mvMOrYm.exe
  C:\Windows\System\mvMOrYm.exe
  2⤵
  PID:8704
- C:\Windows\System\CCBeCCb.exe
  C:\Windows\System\CCBeCCb.exe
  2⤵
  PID:8736
- C:\Windows\System\zzAxEnH.exe
  C:\Windows\System\zzAxEnH.exe
  2⤵
  PID:8812
- C:\Windows\System\lxejmTP.exe
  C:\Windows\System\lxejmTP.exe
  2⤵
  PID:8876
- C:\Windows\System\RUOCpIS.exe
  C:\Windows\System\RUOCpIS.exe
  2⤵
  PID:8828
- C:\Windows\System\SPqQent.exe
  C:\Windows\System\SPqQent.exe
  2⤵
  PID:8864
- C:\Windows\System\GDEpmUg.exe
  C:\Windows\System\GDEpmUg.exe
  2⤵
  PID:8796
- C:\Windows\System\XfQuqlu.exe
  C:\Windows\System\XfQuqlu.exe
  2⤵
  PID:9036
- C:\Windows\System\isLFKdl.exe
  C:\Windows\System\isLFKdl.exe
  2⤵
  PID:8892
- C:\Windows\System\SnIEzap.exe
  C:\Windows\System\SnIEzap.exe
  2⤵
  PID:8924
- C:\Windows\System\yflxJfw.exe
  C:\Windows\System\yflxJfw.exe
  2⤵
  PID:9052
- C:\Windows\System\jabdmqT.exe
  C:\Windows\System\jabdmqT.exe
  2⤵
  PID:9024
- C:\Windows\System\iIqlPYd.exe
  C:\Windows\System\iIqlPYd.exe
  2⤵
  PID:9196
- C:\Windows\System\WOkJxoy.exe
  C:\Windows\System\WOkJxoy.exe
  2⤵
  PID:8328
- C:\Windows\System\otWZkyP.exe
  C:\Windows\System\otWZkyP.exe
  2⤵
  PID:9084
- C:\Windows\System\NAxcgfs.exe
  C:\Windows\System\NAxcgfs.exe
  2⤵
  PID:7532
- C:\Windows\System\OxKIGyo.exe
  C:\Windows\System\OxKIGyo.exe
  2⤵
  PID:7020
- C:\Windows\System\FYdeknz.exe
  C:\Windows\System\FYdeknz.exe
  2⤵
  PID:7780
- C:\Windows\System\gslmNhq.exe
  C:\Windows\System\gslmNhq.exe
  2⤵
  PID:6456
- C:\Windows\System\pwCcRwg.exe
  C:\Windows\System\pwCcRwg.exe
  2⤵
  PID:9148
- C:\Windows\System\hUEKJsh.exe
  C:\Windows\System\hUEKJsh.exe
  2⤵
  PID:8372
- C:\Windows\System\njjBdXS.exe
  C:\Windows\System\njjBdXS.exe
  2⤵
  PID:8624
- C:\Windows\System\aBCjUGL.exe
  C:\Windows\System\aBCjUGL.exe
  2⤵
  PID:8672
- C:\Windows\System\VjQKIuH.exe
  C:\Windows\System\VjQKIuH.exe
  2⤵
  PID:8020
- C:\Windows\System\DmbgZav.exe
  C:\Windows\System\DmbgZav.exe
  2⤵
  PID:8524
- C:\Windows\System\BiGatBz.exe
  C:\Windows\System\BiGatBz.exe
  2⤵
  PID:8464
- C:\Windows\System\NvlMSzo.exe
  C:\Windows\System\NvlMSzo.exe
  2⤵
  PID:8832
- C:\Windows\System\lrIQtIA.exe
  C:\Windows\System\lrIQtIA.exe
  2⤵
  PID:8280
- C:\Windows\System\vEmnPlq.exe
  C:\Windows\System\vEmnPlq.exe
  2⤵
  PID:8768
- C:\Windows\System\sLOYwdl.exe
  C:\Windows\System\sLOYwdl.exe
  2⤵
  PID:9020
- C:\Windows\System\PbBdKVa.exe
  C:\Windows\System\PbBdKVa.exe
  2⤵
  PID:9056
- C:\Windows\System\GLwSqqr.exe
  C:\Windows\System\GLwSqqr.exe
  2⤵
  PID:7404
- C:\Windows\System\uBYVChM.exe
  C:\Windows\System\uBYVChM.exe
  2⤵
  PID:8752
- C:\Windows\System\xoqEDgW.exe
  C:\Windows\System\xoqEDgW.exe
  2⤵
  PID:8560
- C:\Windows\System\KjYXIuC.exe
  C:\Windows\System\KjYXIuC.exe
  2⤵
  PID:9136
- C:\Windows\System\PEtfafu.exe
  C:\Windows\System\PEtfafu.exe
  2⤵
  PID:8276
- C:\Windows\System\fTgYzYJ.exe
  C:\Windows\System\fTgYzYJ.exe
  2⤵
  PID:6444
- C:\Windows\System\yqXkTru.exe
  C:\Windows\System\yqXkTru.exe
  2⤵
  PID:7952
- C:\Windows\System\gPUyNiM.exe
  C:\Windows\System\gPUyNiM.exe
  2⤵
  PID:8960
- C:\Windows\System\ndkhYzZ.exe
  C:\Windows\System\ndkhYzZ.exe
  2⤵
  PID:8356
- C:\Windows\System\NvzmCsv.exe
  C:\Windows\System\NvzmCsv.exe
  2⤵
  PID:8228
- C:\Windows\System\diDvJOi.exe
  C:\Windows\System\diDvJOi.exe
  2⤵
  PID:8508
- C:\Windows\System\vjBQUYA.exe
  C:\Windows\System\vjBQUYA.exe
  2⤵
  PID:8588
- C:\Windows\System\cUBkcGz.exe
  C:\Windows\System\cUBkcGz.exe
  2⤵
  PID:9004
- C:\Windows\System\FJoKCke.exe
  C:\Windows\System\FJoKCke.exe
  2⤵
  PID:8544
- C:\Windows\System\iqQFCWA.exe
  C:\Windows\System\iqQFCWA.exe
  2⤵
  PID:8344
- C:\Windows\System\thEibRs.exe
  C:\Windows\System\thEibRs.exe
  2⤵
  PID:8944
- C:\Windows\System\qTpdNrw.exe
  C:\Windows\System\qTpdNrw.exe
  2⤵
  PID:8460
- C:\Windows\System\PnQrTjD.exe
  C:\Windows\System\PnQrTjD.exe
  2⤵
  PID:8988
- C:\Windows\System\xgqzuwW.exe
  C:\Windows\System\xgqzuwW.exe
  2⤵
  PID:9184
- C:\Windows\System\dGGDCjV.exe
  C:\Windows\System\dGGDCjV.exe
  2⤵
  PID:9228
- C:\Windows\System\ccHxwtv.exe
  C:\Windows\System\ccHxwtv.exe
  2⤵
  PID:9244
- C:\Windows\System\vSoxIkB.exe
  C:\Windows\System\vSoxIkB.exe
  2⤵
  PID:9260
- C:\Windows\System\OecSarT.exe
  C:\Windows\System\OecSarT.exe
  2⤵
  PID:9276
- C:\Windows\System\UaBuAaW.exe
  C:\Windows\System\UaBuAaW.exe
  2⤵
  PID:9292
- C:\Windows\System\kdtmPQT.exe
  C:\Windows\System\kdtmPQT.exe
  2⤵
  PID:9308
- C:\Windows\System\ypIobFs.exe
  C:\Windows\System\ypIobFs.exe
  2⤵
  PID:9324
- C:\Windows\System\tcDbfcu.exe
  C:\Windows\System\tcDbfcu.exe
  2⤵
  PID:9340
- C:\Windows\System\zAoXbqP.exe
  C:\Windows\System\zAoXbqP.exe
  2⤵
  PID:9356
- C:\Windows\System\cUzOuwO.exe
  C:\Windows\System\cUzOuwO.exe
  2⤵
  PID:9372
- C:\Windows\System\inTqEkp.exe
  C:\Windows\System\inTqEkp.exe
  2⤵
  PID:9388
- C:\Windows\System\yPbKBNw.exe
  C:\Windows\System\yPbKBNw.exe
  2⤵
  PID:9404
- C:\Windows\System\bXNgWzC.exe
  C:\Windows\System\bXNgWzC.exe
  2⤵
  PID:9420
- C:\Windows\System\pbLBJvW.exe
  C:\Windows\System\pbLBJvW.exe
  2⤵
  PID:9436
- C:\Windows\System\xXobTjk.exe
  C:\Windows\System\xXobTjk.exe
  2⤵
  PID:9452
- C:\Windows\System\wxvORPI.exe
  C:\Windows\System\wxvORPI.exe
  2⤵
  PID:9472
- C:\Windows\System\JqNcXdg.exe
  C:\Windows\System\JqNcXdg.exe
  2⤵
  PID:9488
- C:\Windows\System\UxciADa.exe
  C:\Windows\System\UxciADa.exe
  2⤵
  PID:9504
- C:\Windows\System\DhboRUg.exe
  C:\Windows\System\DhboRUg.exe
  2⤵
  PID:9520
- C:\Windows\System\XUkNfmm.exe
  C:\Windows\System\XUkNfmm.exe
  2⤵
  PID:9536
- C:\Windows\System\UBStITV.exe
  C:\Windows\System\UBStITV.exe
  2⤵
  PID:9552
- C:\Windows\System\FITjUJx.exe
  C:\Windows\System\FITjUJx.exe
  2⤵
  PID:9568
- C:\Windows\System\SrNUrMw.exe
  C:\Windows\System\SrNUrMw.exe
  2⤵
  PID:9584
- C:\Windows\System\yVucxKl.exe
  C:\Windows\System\yVucxKl.exe
  2⤵
  PID:9604
- C:\Windows\System\wFOyqcR.exe
  C:\Windows\System\wFOyqcR.exe
  2⤵
  PID:9620
- C:\Windows\System\ZrimEmy.exe
  C:\Windows\System\ZrimEmy.exe
  2⤵
  PID:9636
- C:\Windows\System\eWRqmhE.exe
  C:\Windows\System\eWRqmhE.exe
  2⤵
  PID:9656
- C:\Windows\System\WKUFObh.exe
  C:\Windows\System\WKUFObh.exe
  2⤵
  PID:9672
- C:\Windows\System\vzejLKx.exe
  C:\Windows\System\vzejLKx.exe
  2⤵
  PID:9688
- C:\Windows\System\SswOHVu.exe
  C:\Windows\System\SswOHVu.exe
  2⤵
  PID:9704
- C:\Windows\System\GazyBaO.exe
  C:\Windows\System\GazyBaO.exe
  2⤵
  PID:9720
- C:\Windows\System\LaqtpvC.exe
  C:\Windows\System\LaqtpvC.exe
  2⤵
  PID:9736
- C:\Windows\System\WKDaMKb.exe
  C:\Windows\System\WKDaMKb.exe
  2⤵
  PID:9752
- C:\Windows\System\kFRTmcC.exe
  C:\Windows\System\kFRTmcC.exe
  2⤵
  PID:9768
- C:\Windows\System\dNwQKZE.exe
  C:\Windows\System\dNwQKZE.exe
  2⤵
  PID:9784
- C:\Windows\System\npMjMIZ.exe
  C:\Windows\System\npMjMIZ.exe
  2⤵
  PID:9800
- C:\Windows\System\CnpfimA.exe
  C:\Windows\System\CnpfimA.exe
  2⤵
  PID:9816
- C:\Windows\System\CevTohx.exe
  C:\Windows\System\CevTohx.exe
  2⤵
  PID:9832
- C:\Windows\System\MnIfeno.exe
  C:\Windows\System\MnIfeno.exe
  2⤵
  PID:9848
- C:\Windows\System\rfKYIMc.exe
  C:\Windows\System\rfKYIMc.exe
  2⤵
  PID:9864
- C:\Windows\System\jqCGVyM.exe
  C:\Windows\System\jqCGVyM.exe
  2⤵
  PID:9880
- C:\Windows\System\coxFneg.exe
  C:\Windows\System\coxFneg.exe
  2⤵
  PID:9900
- C:\Windows\System\KUtszxQ.exe
  C:\Windows\System\KUtszxQ.exe
  2⤵
  PID:9920
- C:\Windows\System\urKwiVq.exe
  C:\Windows\System\urKwiVq.exe
  2⤵
  PID:9936
- C:\Windows\System\WpxhvWD.exe
  C:\Windows\System\WpxhvWD.exe
  2⤵
  PID:9952
- C:\Windows\System\cBsGgTB.exe
  C:\Windows\System\cBsGgTB.exe
  2⤵
  PID:9968
- C:\Windows\System\pNthHtw.exe
  C:\Windows\System\pNthHtw.exe
  2⤵
  PID:9988
- C:\Windows\System\YjcrLKg.exe
  C:\Windows\System\YjcrLKg.exe
  2⤵
  PID:10008
- C:\Windows\System\zxQHvUf.exe
  C:\Windows\System\zxQHvUf.exe
  2⤵
  PID:10024
- C:\Windows\System\oOWnrqV.exe
  C:\Windows\System\oOWnrqV.exe
  2⤵
  PID:10056
- C:\Windows\System\sfYwSPP.exe
  C:\Windows\System\sfYwSPP.exe
  2⤵
  PID:10072
- C:\Windows\System\soiYCFK.exe
  C:\Windows\System\soiYCFK.exe
  2⤵
  PID:10088
- C:\Windows\System\PFTQcDv.exe
  C:\Windows\System\PFTQcDv.exe
  2⤵
  PID:10104
- C:\Windows\System\FMRNAhz.exe
  C:\Windows\System\FMRNAhz.exe
  2⤵
  PID:10120
- C:\Windows\System\bkoJmFa.exe
  C:\Windows\System\bkoJmFa.exe
  2⤵
  PID:10136
- C:\Windows\System\fmwseVa.exe
  C:\Windows\System\fmwseVa.exe
  2⤵
  PID:10152
- C:\Windows\System\miwkovY.exe
  C:\Windows\System\miwkovY.exe
  2⤵
  PID:10168
- C:\Windows\System\ypYLLDZ.exe
  C:\Windows\System\ypYLLDZ.exe
  2⤵
  PID:10184
- C:\Windows\System\NUZZjDT.exe
  C:\Windows\System\NUZZjDT.exe
  2⤵
  PID:10200
- C:\Windows\System\BcVyQRc.exe
  C:\Windows\System\BcVyQRc.exe
  2⤵
  PID:10216
- C:\Windows\System\FeOAOtp.exe
  C:\Windows\System\FeOAOtp.exe
  2⤵
  PID:10232
- C:\Windows\System\ShHEjpq.exe
  C:\Windows\System\ShHEjpq.exe
  2⤵
  PID:8608
- C:\Windows\System\TbBuvEe.exe
  C:\Windows\System\TbBuvEe.exe
  2⤵
  PID:1204
- C:\Windows\System\jWQEUBn.exe
  C:\Windows\System\jWQEUBn.exe
  2⤵
  PID:9272
- C:\Windows\System\zbUVJke.exe
  C:\Windows\System\zbUVJke.exe
  2⤵
  PID:9364
- C:\Windows\System\eqsoXhJ.exe
  C:\Windows\System\eqsoXhJ.exe
  2⤵
  PID:9320
- C:\Windows\System\iybUpAR.exe
  C:\Windows\System\iybUpAR.exe
  2⤵
  PID:9380
- C:\Windows\System\zRnMDnl.exe
  C:\Windows\System\zRnMDnl.exe
  2⤵
  PID:9288
- C:\Windows\System\gpxrmDk.exe
  C:\Windows\System\gpxrmDk.exe
  2⤵
  PID:9460
- C:\Windows\System\GxFWNIb.exe
  C:\Windows\System\GxFWNIb.exe
  2⤵
  PID:9416
- C:\Windows\System\GEzELVV.exe
  C:\Windows\System\GEzELVV.exe
  2⤵
  PID:9500
- C:\Windows\System\WKqdMZW.exe
  C:\Windows\System\WKqdMZW.exe
  2⤵
  PID:9560
- C:\Windows\System\uwzEhHN.exe
  C:\Windows\System\uwzEhHN.exe
  2⤵
  PID:9576
- C:\Windows\System\bhkdMST.exe
  C:\Windows\System\bhkdMST.exe
  2⤵
  PID:9580
- C:\Windows\System\KkQfadt.exe
  C:\Windows\System\KkQfadt.exe
  2⤵
  PID:9616
- C:\Windows\System\PGSHkdZ.exe
  C:\Windows\System\PGSHkdZ.exe
  2⤵
  PID:9644
- C:\Windows\System\vvIdyvG.exe
  C:\Windows\System\vvIdyvG.exe
  2⤵
  PID:9680
- C:\Windows\System\FzqWLEw.exe
  C:\Windows\System\FzqWLEw.exe
  2⤵
  PID:9684
- C:\Windows\System\hvKxBDu.exe
  C:\Windows\System\hvKxBDu.exe
  2⤵
  PID:9812
- C:\Windows\System\LVCnPug.exe
  C:\Windows\System\LVCnPug.exe
  2⤵
  PID:9844
- C:\Windows\System\BzNBbzv.exe
  C:\Windows\System\BzNBbzv.exe
  2⤵
  PID:9856
- C:\Windows\System\TqQikBJ.exe
  C:\Windows\System\TqQikBJ.exe
  2⤵
  PID:9792
- C:\Windows\System\uIDOIKP.exe
  C:\Windows\System\uIDOIKP.exe
  2⤵
  PID:9728
- C:\Windows\System\OLNpoqQ.exe
  C:\Windows\System\OLNpoqQ.exe
  2⤵
  PID:9824
- C:\Windows\System\LGNUscd.exe
  C:\Windows\System\LGNUscd.exe
  2⤵
  PID:9948
- C:\Windows\System\YwJiGZB.exe
  C:\Windows\System\YwJiGZB.exe
  2⤵
  PID:9960
- C:\Windows\System\ZWBqGIv.exe
  C:\Windows\System\ZWBqGIv.exe
  2⤵
  PID:10016
- C:\Windows\System\KfNyBAU.exe
  C:\Windows\System\KfNyBAU.exe
  2⤵
  PID:10032
- C:\Windows\System\RxPpokf.exe
  C:\Windows\System\RxPpokf.exe
  2⤵
  PID:10080
- C:\Windows\System\PTHfgMV.exe
  C:\Windows\System\PTHfgMV.exe
  2⤵
  PID:10112
- C:\Windows\System\brrJdOk.exe
  C:\Windows\System\brrJdOk.exe
  2⤵
  PID:10164
- C:\Windows\System\LAgXPVG.exe
  C:\Windows\System\LAgXPVG.exe
  2⤵
  PID:10180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ATzNADN.exe

Filesize
6.0MB

MD5
a1e383fc6a7d9eab58f092083541ef06

SHA1
0fc1e356e1e2efa70a74f3b2978ee472348e8cfe

SHA256
0eb82a923614ec173eee52f1e86c23662f608c94a9a0beef003a7e9f60684ad1

SHA512
f43d1044b7fcc2550876ab50b019c5fcb6f85ce1cf67d2ea9c26e05b62be50cb75caf3382e9b9a201d8b793785f85723b23bcf80ed45afb41c1e5e4c95d04e63

Download Submit
C:\Windows\system\BEjphQb.exe

Filesize
6.0MB

MD5
9f2924695fa8e7a78b7258d563f60f12

SHA1
dcbfde2d1321415f2f75b78888a4f1f92b471e5d

SHA256
72c77c7f378d988891117935c8d82a12273a5c81054dbccafe59e1d2a3e1bd61

SHA512
27722f020079da231d8077e5a4ae7689e58e4270c2a1b8b437088b8256e79f02602bf1b61b59d40faf064f2f6acb6cf915050f5e304a4107baa90c1c9dd60824

Download Submit
C:\Windows\system\CfdTvaH.exe

Filesize
6.0MB

MD5
e579f55104721f371ab8305bd33d56ea

SHA1
33cb6f3c7c1a9aa334bb4d51a2982fea2a72fa8b

SHA256
5f2590a93e6242b98e1b38523e660b2f725affbcc44f2f8e158fefd53b846d8f

SHA512
770aa2fbdad1bca4e1be2c9e4c5c3d92492aae5a96659aa9837c210f370ac14d505948d915fd202028fd66fa3b6276e03d456bfbff4d3d08fd78cf797ca73da7

Download Submit
C:\Windows\system\DoqZSXd.exe

Filesize
6.0MB

MD5
e6cbb516264d932cd6358028158bf3b9

SHA1
ab7d4a75455e1efb759dc51794693efa453403ab

SHA256
420e3197da1a164fa0448ed47851824edb2430d4eb48835eb8742c78031bd7e8

SHA512
acec27fe6a1879b3d7c532db001341b69025b4a1b920a2e40ed1f87a76093ae56cba8d79d014c4a0e6e5d3f1a08c34f6cbdb6421c5237a847425d1fafd78ce23

Download Submit
C:\Windows\system\EYbBoVd.exe

Filesize
6.0MB

MD5
f8fdb0c71b6cc1b8b9b499fd25e26a6e

SHA1
98384ebf805e34fbfa177d2cd073cab3a63d2534

SHA256
470492077d32328964989cc270ac7f7ba2e02036318263b5050c3ec0c397a27e

SHA512
b89aa005a29d857096f5ff305f06526a423fb7cb04208dbe2b6830da0ece850979c219332b205cc1db71bf51e89f388ffa294a51a07f5e0cb99f35ac7be4d3df

Download Submit
C:\Windows\system\HhIwUTB.exe

Filesize
6.0MB

MD5
a0f82a993f762343d4b02cdfe5bf5d7e

SHA1
af2d9e6b1e92181d3904d852554597b81e0964ff

SHA256
5c300b034f030a651e3d1f7eb6ccec9d69e5bf7a1366f950c747c843768f0147

SHA512
3821071c0f36e03f1f56a03116e37209d59dbb4aa2fe12ac44eb3ea8bf18a34ec44c809cf74c0b7a49ec53b3d16b787352027331d8a8c7b024ee79b60ad8413e

Download Submit
C:\Windows\system\IxHEloF.exe

Filesize
6.0MB

MD5
901dbc75fb999b8cbdb483a34893b801

SHA1
c81b53124d1e97b0d21d6fb78f7d92144ce45664

SHA256
b51169e3321bae56ddd391e6768c14f0a6e346e94115b3d1e99133cbf3cddf23

SHA512
86cbc0188f2253ee22d18978bc73cec38579c0312eeaa7d6d5276d058b36316b0119a8eb3588b6064b0d7ec65fb613ca4aecfd57b4570f494008b8ee3578ed3e

Download Submit
C:\Windows\system\LuiCLGD.exe

Filesize
6.0MB

MD5
27f61274cf22cf916ef0d006c7bb2959

SHA1
0d078f3bb3a3abda6819daf4b0ac15dbc011050c

SHA256
700788d6300377ef9b9fa3954b5d4051f9deb8c9ae3a5c144cde1179d31c0e81

SHA512
dfee6b12b06a4c2242a31eb6e87f8acafa118d36ea92f12be4cd010632a0c4b522d1d7af43720a762a30919d2e47ce64f72677d8f92fc6255b6294972d16311f

Download Submit
C:\Windows\system\MCSGdaU.exe

Filesize
6.0MB

MD5
ae4375895de4afa1c39c6f52d12d7713

SHA1
675937f4c5b8673bd9318db8a45ac3789171d237

SHA256
88c4675c00737f6f5dc0c8c85b1a4fbae1b754ce32731afd9dbb8dd4f0a0dbee

SHA512
81ae22ba9b4f9c42a27a01cd97ab16b08aee82c831b2b8ed3a3b925213b606fa7e087fa5d0bec9db5e54b61d227766ac4ed0fc4625e864fc31da577440c0f571

Download Submit
C:\Windows\system\NFSpUeU.exe

Filesize
6.0MB

MD5
76c73d1dc25843bae0dcabfec8bbb9b4

SHA1
dc451d8fffc08d839174018ace11faaea8bcfc48

SHA256
89a1f6e9e6edb9cd32721b2808d8bac79c6e878acb9a8136b4ae58d7ec538e5c

SHA512
ea742b40f0bd9142528c5813bbf023a441e47241e6a50a2846fe4226549822fb6806cda2435a28d06626fd72e05d5660ee89190829f06c514e5dbc413ac74c20

Download Submit
C:\Windows\system\PAxBXWs.exe

Filesize
6.0MB

MD5
b0e4b57c64904047f275d0534c5d45d4

SHA1
fec9dd503afcc83385c84c979f52243a9440ae7c

SHA256
ed4b13d1b882992fa40a8c95fccc91af71cfe1575ab99af75287b098ba0b45be

SHA512
eb006dcbabea1b3462b02d6fed14b0766695e832dfa906c23716b1986a441729205350483b48a5416c5b5b6b82acc10435d41eb7eb8bf8dc1fd22d41e09ca431

Download Submit
C:\Windows\system\PmfZTPJ.exe

Filesize
6.0MB

MD5
49e91e08154d0ecc62cb4bd116b0c49e

SHA1
9342d622f0d6a7ebd10085a6102b02a30a2c068e

SHA256
e2395cb13535cc559bdebe08aab797b9eb2faf2de2c874fa6567232c22d60291

SHA512
2434eb140ec59df0f7e25ec13729ba62893e9c135c5cd53fae1dbb31d2cf0eb95be0bfda190d0eb7adcd85071a450965d8b9db82faee1c50073e40583a3e06ee

Download Submit
C:\Windows\system\QSZkToZ.exe

Filesize
6.0MB

MD5
3ab84f64577e56aad35b93ed40306ea8

SHA1
d60153feb7369166d62ea88a51a9d5be139bd057

SHA256
7b01dd7fbac6bf6a378f1fd44fe1fed340cefd77acd0182e9267e7fce0a532bf

SHA512
ef9baa26072b3a9f239a10a220732bb4707b1865512be3cec14a2aeaec1c7e6ca418aad7b366d8220cc6075f9e90b7c2fb1c3d8e303fdb803e5cbd3e08545ec9

Download Submit
C:\Windows\system\VXytCEg.exe

Filesize
6.0MB

MD5
62605ca709b1cb7603f3f933c5d9e072

SHA1
de0d8b3cda3c937e272a8c51d91b18c88abf59f1

SHA256
b6d3ba9043f5af1b54d6ed41d32c844e61979a1818b455a3dcb44d9c6a3d3315

SHA512
519edb7bd2a20053f6787fce77b76966a6a73af558564b823a8859697dbdbf9cb65b5c36354c00276fa0dd5a6f049ec7c7076836150641a4ee5019bfbbd3a5c8

Download Submit
C:\Windows\system\XSnnnvm.exe

Filesize
6.0MB

MD5
4343e00bf99e3268d378f7ae67db1dcf

SHA1
94d46c7d11e025df03969ab700cf78fa64374178

SHA256
59884b3f5463f22da0cd9adbdfb84ff2a180b4a398baa16c2313102978ffc230

SHA512
983a06325964886c2c522833e2515400a03e766c38699f93c0e34b2f6a56a33f708acda88f05ee12a08041f0d798468f4cf8351083ae47f6072966a4fb3f6353

Download Submit
C:\Windows\system\XnJYuNe.exe

Filesize
6.0MB

MD5
42d44f0151b14e493f06c1ece3280f79

SHA1
14757fe200616c5476ae5fa11abac370203d9e54

SHA256
adfb6525e8a83eac34589c9994da144ad684d7bf162006b62a43af36e25af822

SHA512
4c6692ac5befa270da5a33a4718908fe82c1953f3006bd0c9d66a36c62590fe6b33c1fd13ba527733b7a033e9f3852f346721d19b930bce92101250aff2819b2

Download Submit
C:\Windows\system\ZVLcNbM.exe

Filesize
6.0MB

MD5
89bc6a13472f127e7037c9562727402e

SHA1
2455abf231e39afe26fa6f458b73262a46d9cbaf

SHA256
561c596c96177f6cd7fca34bd10443bcb86f2d22f1bcf69ce584e485ad79b604

SHA512
8d706c25e6b6ecec8076b1a44c0ad93c6aabb7f5b6ad499e0b6e4b855af44b28d64de19df614a85d109f6c9871c57b1d9308efe1e5f2f6cc8ef6cf11f78b8db7

Download Submit
C:\Windows\system\ZaRNaiw.exe

Filesize
6.0MB

MD5
8672422e1a29c0beb2534e685b267a45

SHA1
2b66a46aa962a64ad4952bafdac440199bf7c363

SHA256
eb6fb64db95d090ffc5996728cef3ecb756cc560af8a2c1f3a891dd2b3fa62d4

SHA512
958f14517077a5bb29abcba27ea64123cec7e83b31565cba3df9784ea5fc79f4054dc98e5d6de06aebd8c1e87776b6298223818daa28f52b66458ffcd5601828

Download Submit
C:\Windows\system\blQQuiL.exe

Filesize
6.0MB

MD5
f067f2f2826d9e0d14640c2e71afa1e5

SHA1
1855424bc8afacfa38755f4a1717ad0d5b7dedac

SHA256
c88e3e09d9373216d03edd6094a57829b4cb6097b16709b8b4805021946226fa

SHA512
fb648949cab284918b2661ca0138884e6693f3a3318902dd7ea3876661180970938a6db836b5aefc51059dc2cdbd27250ed9869cc66faba5400501823597ac9a

Download Submit
C:\Windows\system\dqgPEeN.exe

Filesize
6.0MB

MD5
53f075d8dd4202a3a078e11e794e4c79

SHA1
713aa03185ed8bc50f6bbf315c8c51a9ac58aba4

SHA256
e53d772d99b6865101e43ce555a65b95f01347c702ae7e73bbf25696feca8d16

SHA512
b22e39f5fc75498775bbe46f519e8774e56c43396f521a571f0bbd36a85884f2e73d7d4ec82f666d97f0af1b48c171bd2b6b5b36aa5c6c5066e349bec0f030b4

Download Submit
C:\Windows\system\eRvwyoD.exe

Filesize
6.0MB

MD5
de809a0f6373cbddab8fcd1ab2ce8660

SHA1
59c67bc9fe462b0156ccfad4699d8f6deea8d852

SHA256
8da27c32b16d5e16b2dca260baf21019a7fdae98d655e2cf281ff52c662e5b2c

SHA512
61fd8e2b2375b521f725590f71fab54be3b08c2a30c6039ca13670650d281a7c7a491678f754139d49daf48be2153da99d679a574b93291e2814dcf75a57c8ee

Download Submit
C:\Windows\system\hEdegou.exe

Filesize
6.0MB

MD5
3d6d765ce25b51412057a2cd03439151

SHA1
f62150c32a361e5721e0fbc874d3ec6ffb8ca926

SHA256
7d0ce6181c4d69ed47ce3b535d8c3e44ef7275050f5a182ef8e642cb3d16b1c6

SHA512
f44964058d64a50fbdd7d79076b7be51589b0298a620050ead04cd173eb2502e122dd3cd212c4c9ce09283090c8f840c5dc145f5c8e5e45353675e76592b72b2

Download Submit
C:\Windows\system\iVwAXIb.exe

Filesize
6.0MB

MD5
bc755b76274478f423e30039c17b51f1

SHA1
bc4c6524a198d97b0dbcfaab90ebfba9eda90b05

SHA256
a66f69e868b1853e2585e49bcbf41ac8adac14b4ed921ffce86cb7e673fde540

SHA512
4baa8ed3ef63ae8a07b9ee2baaa50a49b4b4d85afcbec95dd2eaa105499523632654095d0652571a378e624d5b6575a5096852339b61316935fe861b34ba9ecf

Download Submit
C:\Windows\system\jNsPhzk.exe

Filesize
6.0MB

MD5
d79000f2740e1d93b30fe2f2d3fc3a6c

SHA1
79f20ae81444dc8946153afe93685c38e0ca4ac0

SHA256
c20dee05e24a78dc1075106b7a9fa22893ae226434382f2c396e2d2af02d34fc

SHA512
f215ca860627c5a2240c39f4b8b6a0a4bdd39a2e9253e1a3249db5742b019c088ece1b9b872d68609725cf1c771c642dbdda5d8cf9327186ed75b2d87bc93010

Download Submit
C:\Windows\system\kvJVGcj.exe

Filesize
6.0MB

MD5
83829925b2ad8231e13861403b86b70a

SHA1
757af15babfa056403e51086a36dc0adaaa83db1

SHA256
20646a47293a66e1510f51fca784e3c6cf93839a7c9f0a387a50bfdb891efa8f

SHA512
a4364ca1a67558ed7204d4586219aec7143358618ab2a04cb99de34e2ffefcbaa92a7b0588760991975d49966af9510232aac512e4f24be140dceb5f9442d380

Download Submit
C:\Windows\system\nTdzaRn.exe

Filesize
6.0MB

MD5
b54310b45e4eef8cc0255846442f7ede

SHA1
7de8786523118c5a2a0087fc34527a2bf235b7f6

SHA256
1eec68172c996282aa98c6196ed25a77f5a8bebfb201956f1bc3773158ef1529

SHA512
7c949a21eba86c9c647fc6e1dbbd99b7a5435a4f82810fe82e989bade5c61ef21cee409ebb38b334a24338e865822aa73db936983187561d322b4d37f6ca7525

Download Submit
C:\Windows\system\otRjRAh.exe

Filesize
6.0MB

MD5
b426710b085f7b5335e6868c9d8460d6

SHA1
977adc59a62735385e8d1f3867538ba180f48109

SHA256
b492b335f353a31fb86725f72a0d530698797a338db8a688e7e907058abfd3c6

SHA512
8468e4b1d251fdbd7c74c904e06a3ef4e8efadf9176cb86b702287052125617eafe5c2ab5c7134c535516cdf70552e87b1e08b9c3a36a340f109844b71c81f82

Download Submit
C:\Windows\system\pFxjFwz.exe

Filesize
6.0MB

MD5
e2f970192bb5ea584b51ef79add292f8

SHA1
804536107b4a1fa5f836a105250cff1de321e929

SHA256
f97742efc7dd1f1ea0a4e33e76f2d557dcd32f42c23e01f593ac5ff6b9872145

SHA512
30aa93fd99495e2ff06e42558eb28fa7bdaa0af1a5f53ac033fb4ba9e6b7ad662f39c2daac91d0c7ccbc0cd2bdfc14693a8c1a6194cac37c4d90965d825f888f

Download Submit
C:\Windows\system\tkUHyrc.exe

Filesize
6.0MB

MD5
43d5df37df281cbb36033eb8adc76abc

SHA1
b770168b939f9cd92596bfd9dfde12d5cfe85699

SHA256
80385683ddc3920568d6dc67a32dae2c02cace9fa21e327540ffbb3ffea23cae

SHA512
f6e99fac47e7cf9b934cb8108638dd815896d33d8dfd4d179b8e8b84128373141c614e9d9df15d1388af579beccdc1c106986a3e40b74c218a45d7c52fe850b7

Download Submit
C:\Windows\system\vslSbAx.exe

Filesize
6.0MB

MD5
ebce20b15f122e9fd54dd7e2ecb9b888

SHA1
757634b6351ff962dc0037838a67f03be497904c

SHA256
a1f46e46532d9c15e102263e2bb3415330b14a8f5c4350d30824455c2339c665

SHA512
e0c59ac33660dd2f9cab7edd44d0460a9f1910992496b072d9d81720e88c9dab3a99c053d2755208b16619f6fb3d61288b272d67c73d86f46305a9b32b65807a

Download Submit
C:\Windows\system\wOtqAWH.exe

Filesize
6.0MB

MD5
e0bf8ce7a469b6bf93054073251c7a4d

SHA1
04ca8f348cc2b52ad98dfe4a41e183936143a415

SHA256
a4982eb6d5085057f9d14e943d01a57d5e4b31ca602a79ec5f1ec54cc8d53f1b

SHA512
c8b0c2b3326431b40131e748448ff7397676cd8acdf273f6d80f61f729a4138b71f6b507a21c904aa1508773be73f7fa5dcd193d04238252a912de082b6f675b

Download Submit
\Windows\system\tHGMqlj.exe

Filesize
6.0MB

MD5
dad61676a50653ee361bd77d735c8047

SHA1
e6e042de327866b7a61025b5b02da50959afc4d7

SHA256
989d83b83bda069596fede8bea67c46beb30da6f7a65f393bd9b26ac6e90069c

SHA512
4ad1d6f9b985f432e09e57f83706cf204222207929fc5578af2e604feb3daa239903abee3808875350e753d54d4c4ec2a96ea0a1263d98511c1e885e196c3c8e

Download Submit
memory/2024-1586-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-3951-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-3956-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-3954-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-3946-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-2968-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-1170-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-0-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2408-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2408-1412-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2408-1496-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-1360-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2408-1405-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2408-2933-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2544-2987-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2544-3945-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2568-1495-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2568-3950-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2584-3955-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2584-3919-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2668-3948-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-1359-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-3952-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3947-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-1163-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3953-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-3914-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3949-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2824-1404-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3957-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2828-3944-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2828-1411-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download