cobaltstrike | 6927c89d563d782d670aafb28596f1c7c613e80414eec28c1cfe3fd8f41000f3

Analysis

max time kernel
105s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 11:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

2a21deb49f1855b7ee85b50a47b4afd8
SHA1

3982f2898d6678fa4c1d6be05a6f41b7291aed2b
SHA256

6927c89d563d782d670aafb28596f1c7c613e80414eec28c1cfe3fd8f41000f3
SHA512

50fc674488a274c091cfe6212997d023300010df2c24d528b5c5e90af7a10def105fe0e89510d4a058dd1b401ebf2798da32cfe7c7c1f969cbcb12331c76a01a
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUB:T+q56utgpPF8u/7B

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0008000000023cca-6.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cce-12.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ccf-17.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd0-24.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd1-30.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd2-34.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd3-41.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd4-45.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd6-53.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd5-56.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd7-64.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd8-77.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd9-78.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cdf-108.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cdd-112.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cde-116.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce0-123.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce1-148.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce8-172.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cec-184.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ceb-182.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cea-180.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce9-176.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce7-165.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce6-162.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce5-152.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce4-141.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce3-137.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce2-134.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cdb-104.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cdc-98.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cda-89.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1768-0-0x00007FF6D7550000-0x00007FF6D78A4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023cca-6.dat	xmrig
behavioral2/memory/4748-8-0x00007FF6E5BF0000-0x00007FF6E5F44000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cce-12.dat	xmrig
behavioral2/files/0x0007000000023ccf-17.dat	xmrig
behavioral2/files/0x0007000000023cd0-24.dat	xmrig
behavioral2/files/0x0007000000023cd1-30.dat	xmrig
behavioral2/memory/1848-32-0x00007FF68F5E0000-0x00007FF68F934000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cd2-34.dat	xmrig
behavioral2/files/0x0007000000023cd3-41.dat	xmrig
behavioral2/files/0x0007000000023cd4-45.dat	xmrig
behavioral2/files/0x0007000000023cd6-53.dat	xmrig
behavioral2/files/0x0007000000023cd5-56.dat	xmrig
behavioral2/memory/2868-62-0x00007FF6799D0000-0x00007FF679D24000-memory.dmp	xmrig
behavioral2/memory/2260-57-0x00007FF606C10000-0x00007FF606F64000-memory.dmp	xmrig
behavioral2/memory/1032-55-0x00007FF7D4980000-0x00007FF7D4CD4000-memory.dmp	xmrig
behavioral2/memory/2988-54-0x00007FF767BC0000-0x00007FF767F14000-memory.dmp	xmrig
behavioral2/memory/3124-50-0x00007FF6117F0000-0x00007FF611B44000-memory.dmp	xmrig
behavioral2/memory/4944-26-0x00007FF69E1B0000-0x00007FF69E504000-memory.dmp	xmrig
behavioral2/memory/2984-22-0x00007FF657520000-0x00007FF657874000-memory.dmp	xmrig
behavioral2/memory/2444-16-0x00007FF6E9A30000-0x00007FF6E9D84000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cd7-64.dat	xmrig
behavioral2/memory/1768-67-0x00007FF6D7550000-0x00007FF6D78A4000-memory.dmp	xmrig
behavioral2/memory/3996-70-0x00007FF7FD1A0000-0x00007FF7FD4F4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cd8-77.dat	xmrig
behavioral2/files/0x0007000000023cd9-78.dat	xmrig
behavioral2/memory/4280-80-0x00007FF6F20B0000-0x00007FF6F2404000-memory.dmp	xmrig
behavioral2/memory/3392-91-0x00007FF783BF0000-0x00007FF783F44000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cdf-108.dat	xmrig
behavioral2/files/0x0007000000023cdd-112.dat	xmrig
behavioral2/files/0x0007000000023cde-116.dat	xmrig
behavioral2/files/0x0007000000023ce0-123.dat	xmrig
behavioral2/files/0x0007000000023ce1-148.dat	xmrig
behavioral2/files/0x0007000000023ce8-172.dat	xmrig
behavioral2/memory/4788-329-0x00007FF64DA00000-0x00007FF64DD54000-memory.dmp	xmrig
behavioral2/memory/648-332-0x00007FF6F0660000-0x00007FF6F09B4000-memory.dmp	xmrig
behavioral2/memory/2192-482-0x00007FF6E32A0000-0x00007FF6E35F4000-memory.dmp	xmrig
behavioral2/memory/3360-489-0x00007FF7BBB70000-0x00007FF7BBEC4000-memory.dmp	xmrig
behavioral2/memory/2888-479-0x00007FF64B1E0000-0x00007FF64B534000-memory.dmp	xmrig
behavioral2/memory/4892-597-0x00007FF739780000-0x00007FF739AD4000-memory.dmp	xmrig
behavioral2/memory/5108-605-0x00007FF631280000-0x00007FF6315D4000-memory.dmp	xmrig
behavioral2/memory/2260-578-0x00007FF606C10000-0x00007FF606F64000-memory.dmp	xmrig
behavioral2/memory/2244-572-0x00007FF6D18A0000-0x00007FF6D1BF4000-memory.dmp	xmrig
behavioral2/memory/3860-546-0x00007FF71AC20000-0x00007FF71AF74000-memory.dmp	xmrig
behavioral2/memory/4736-328-0x00007FF72D290000-0x00007FF72D5E4000-memory.dmp	xmrig
behavioral2/memory/4128-322-0x00007FF65B5C0000-0x00007FF65B914000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cec-184.dat	xmrig
behavioral2/files/0x0007000000023ceb-182.dat	xmrig
behavioral2/files/0x0007000000023cea-180.dat	xmrig
behavioral2/files/0x0007000000023ce9-176.dat	xmrig
behavioral2/files/0x0007000000023ce7-165.dat	xmrig
behavioral2/files/0x0007000000023ce6-162.dat	xmrig
behavioral2/files/0x0007000000023ce5-152.dat	xmrig
behavioral2/files/0x0007000000023ce4-141.dat	xmrig
behavioral2/files/0x0007000000023ce3-137.dat	xmrig
behavioral2/files/0x0007000000023ce2-134.dat	xmrig
behavioral2/memory/4444-124-0x00007FF678650000-0x00007FF6789A4000-memory.dmp	xmrig
behavioral2/memory/720-118-0x00007FF7EE060000-0x00007FF7EE3B4000-memory.dmp	xmrig
behavioral2/memory/3672-114-0x00007FF7E5490000-0x00007FF7E57E4000-memory.dmp	xmrig
behavioral2/memory/3124-109-0x00007FF6117F0000-0x00007FF611B44000-memory.dmp	xmrig
behavioral2/memory/1848-105-0x00007FF68F5E0000-0x00007FF68F934000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cdb-104.dat	xmrig
behavioral2/memory/728-100-0x00007FF69D0E0000-0x00007FF69D434000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cdc-98.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4748	WpZKdOB.exe
2444	CaFArxD.exe
2984	BmfdPho.exe
4944	UkGzSxJ.exe
1848	Jsoskat.exe
3124	jHtfShO.exe
1032	yZqTXGl.exe
2988	xNBvHxy.exe
2260	mxTYSrO.exe
2868	ZsSKmDp.exe
3996	NmZcrIA.exe
4280	gfhoKvn.exe
544	EOBOKhV.exe
3392	pHCybIe.exe
728	tbbETmJ.exe
3672	wznssNj.exe
720	lpJLzRD.exe
4444	jrgXnQj.exe
4128	bclNBIR.exe
4892	gDQbkxk.exe
5108	AGSfRiq.exe
4736	otvDVXP.exe
4788	gJvxTvu.exe
648	Xyjinqm.exe
2888	lNElTPR.exe
2192	FHXkoVl.exe
3360	esbGZSj.exe
3860	ZamWubL.exe
2244	WPAsBmT.exe
4912	ovaiJUQ.exe
3152	CUjUKdl.exe
336	zGSlJTN.exe
2480	FfuQkGX.exe
2184	OQvbdts.exe
836	HiRtMen.exe
1836	YWROSvY.exe
4588	GvJBAiy.exe
4684	sFyilLH.exe
3692	TEqSZoi.exe
4916	ksTgwuv.exe
4980	lowthAn.exe
3484	akWUKlm.exe
2936	duYCflm.exe
3540	ePZRfBv.exe
2540	DvDnmsV.exe
3332	bOKZHLB.exe
1760	HlhaEyH.exe
2668	fynIlYG.exe
3912	kCdIptj.exe
4320	aHriZqR.exe
4948	CtuTqff.exe
2236	dNTHXVH.exe
3068	vItMGUT.exe
740	FSaRrpd.exe
2508	nLwdkmK.exe
3608	aEEgWNe.exe
264	IcoSRqU.exe
812	RlOgJqN.exe
5064	tSdlaIy.exe
3364	cHxNTsr.exe
3948	YwKvNOn.exe
2920	OyvZOIB.exe
2280	FONhFew.exe
4712	NlTjtuD.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1768-0-0x00007FF6D7550000-0x00007FF6D78A4000-memory.dmp	upx
behavioral2/files/0x0008000000023cca-6.dat	upx
behavioral2/memory/4748-8-0x00007FF6E5BF0000-0x00007FF6E5F44000-memory.dmp	upx
behavioral2/files/0x0007000000023cce-12.dat	upx
behavioral2/files/0x0007000000023ccf-17.dat	upx
behavioral2/files/0x0007000000023cd0-24.dat	upx
behavioral2/files/0x0007000000023cd1-30.dat	upx
behavioral2/memory/1848-32-0x00007FF68F5E0000-0x00007FF68F934000-memory.dmp	upx
behavioral2/files/0x0007000000023cd2-34.dat	upx
behavioral2/files/0x0007000000023cd3-41.dat	upx
behavioral2/files/0x0007000000023cd4-45.dat	upx
behavioral2/files/0x0007000000023cd6-53.dat	upx
behavioral2/files/0x0007000000023cd5-56.dat	upx
behavioral2/memory/2868-62-0x00007FF6799D0000-0x00007FF679D24000-memory.dmp	upx
behavioral2/memory/2260-57-0x00007FF606C10000-0x00007FF606F64000-memory.dmp	upx
behavioral2/memory/1032-55-0x00007FF7D4980000-0x00007FF7D4CD4000-memory.dmp	upx
behavioral2/memory/2988-54-0x00007FF767BC0000-0x00007FF767F14000-memory.dmp	upx
behavioral2/memory/3124-50-0x00007FF6117F0000-0x00007FF611B44000-memory.dmp	upx
behavioral2/memory/4944-26-0x00007FF69E1B0000-0x00007FF69E504000-memory.dmp	upx
behavioral2/memory/2984-22-0x00007FF657520000-0x00007FF657874000-memory.dmp	upx
behavioral2/memory/2444-16-0x00007FF6E9A30000-0x00007FF6E9D84000-memory.dmp	upx
behavioral2/files/0x0007000000023cd7-64.dat	upx
behavioral2/memory/1768-67-0x00007FF6D7550000-0x00007FF6D78A4000-memory.dmp	upx
behavioral2/memory/3996-70-0x00007FF7FD1A0000-0x00007FF7FD4F4000-memory.dmp	upx
behavioral2/files/0x0007000000023cd8-77.dat	upx
behavioral2/files/0x0007000000023cd9-78.dat	upx
behavioral2/memory/4280-80-0x00007FF6F20B0000-0x00007FF6F2404000-memory.dmp	upx
behavioral2/memory/3392-91-0x00007FF783BF0000-0x00007FF783F44000-memory.dmp	upx
behavioral2/files/0x0007000000023cdf-108.dat	upx
behavioral2/files/0x0007000000023cdd-112.dat	upx
behavioral2/files/0x0007000000023cde-116.dat	upx
behavioral2/files/0x0007000000023ce0-123.dat	upx
behavioral2/files/0x0007000000023ce1-148.dat	upx
behavioral2/files/0x0007000000023ce8-172.dat	upx
behavioral2/memory/4788-329-0x00007FF64DA00000-0x00007FF64DD54000-memory.dmp	upx
behavioral2/memory/648-332-0x00007FF6F0660000-0x00007FF6F09B4000-memory.dmp	upx
behavioral2/memory/2192-482-0x00007FF6E32A0000-0x00007FF6E35F4000-memory.dmp	upx
behavioral2/memory/3360-489-0x00007FF7BBB70000-0x00007FF7BBEC4000-memory.dmp	upx
behavioral2/memory/2888-479-0x00007FF64B1E0000-0x00007FF64B534000-memory.dmp	upx
behavioral2/memory/4892-597-0x00007FF739780000-0x00007FF739AD4000-memory.dmp	upx
behavioral2/memory/5108-605-0x00007FF631280000-0x00007FF6315D4000-memory.dmp	upx
behavioral2/memory/2260-578-0x00007FF606C10000-0x00007FF606F64000-memory.dmp	upx
behavioral2/memory/2244-572-0x00007FF6D18A0000-0x00007FF6D1BF4000-memory.dmp	upx
behavioral2/memory/3860-546-0x00007FF71AC20000-0x00007FF71AF74000-memory.dmp	upx
behavioral2/memory/4736-328-0x00007FF72D290000-0x00007FF72D5E4000-memory.dmp	upx
behavioral2/memory/4128-322-0x00007FF65B5C0000-0x00007FF65B914000-memory.dmp	upx
behavioral2/files/0x0007000000023cec-184.dat	upx
behavioral2/files/0x0007000000023ceb-182.dat	upx
behavioral2/files/0x0007000000023cea-180.dat	upx
behavioral2/files/0x0007000000023ce9-176.dat	upx
behavioral2/files/0x0007000000023ce7-165.dat	upx
behavioral2/files/0x0007000000023ce6-162.dat	upx
behavioral2/files/0x0007000000023ce5-152.dat	upx
behavioral2/files/0x0007000000023ce4-141.dat	upx
behavioral2/files/0x0007000000023ce3-137.dat	upx
behavioral2/files/0x0007000000023ce2-134.dat	upx
behavioral2/memory/4444-124-0x00007FF678650000-0x00007FF6789A4000-memory.dmp	upx
behavioral2/memory/720-118-0x00007FF7EE060000-0x00007FF7EE3B4000-memory.dmp	upx
behavioral2/memory/3672-114-0x00007FF7E5490000-0x00007FF7E57E4000-memory.dmp	upx
behavioral2/memory/3124-109-0x00007FF6117F0000-0x00007FF611B44000-memory.dmp	upx
behavioral2/memory/1848-105-0x00007FF68F5E0000-0x00007FF68F934000-memory.dmp	upx
behavioral2/files/0x0007000000023cdb-104.dat	upx
behavioral2/memory/728-100-0x00007FF69D0E0000-0x00007FF69D434000-memory.dmp	upx
behavioral2/files/0x0007000000023cdc-98.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\fJMzjDM.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IJxGvKo.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lqhjiJd.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EmkCwct.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jttMEOe.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HIWVqzO.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IDCUJUF.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kCdIptj.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MoGKxse.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KFHpnMn.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QHrNRLZ.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WlvFAnK.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nlHLfOS.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WPAsBmT.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ccjkqEe.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qyycpfm.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BFPeGWI.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FfuQkGX.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKhXpZw.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zPfpfsS.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oslBlmF.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SitkFeo.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RzEBTiV.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZbESPLc.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kQSSuwO.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HmHcvYu.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FjLptlv.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AYUmoSk.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EjebMpy.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CsWhKCS.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BcwTdMu.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bCPsKPU.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\duYCflm.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zcruyvP.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UjxHTsg.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BoRQKsM.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\omPxSFL.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PqaFzAo.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sDAUreM.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XFLjQdF.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JQbwtMZ.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zPUPyMu.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VinnRWn.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wCjwlnM.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ErfpeXv.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zqGhucs.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aKbWQGR.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PXOAxUt.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vItMGUT.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WrZWZTX.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OrdULuF.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CtIzpHa.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OQvbdts.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dtbBhkf.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OjhdEOU.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oTuUVXT.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NqZkuNH.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OfiaHOC.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vTxXjJm.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZxBeEBu.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eJHXLdE.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YOjghhr.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QINsqwc.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tbbETmJ.exe	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 4748	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 1768 wrote to memory of 4748	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 1768 wrote to memory of 2444	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1768 wrote to memory of 2444	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1768 wrote to memory of 2984	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 1768 wrote to memory of 2984	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 1768 wrote to memory of 4944	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1768 wrote to memory of 4944	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1768 wrote to memory of 1848	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1768 wrote to memory of 1848	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1768 wrote to memory of 3124	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1768 wrote to memory of 3124	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1768 wrote to memory of 1032	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1768 wrote to memory of 1032	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1768 wrote to memory of 2988	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1768 wrote to memory of 2988	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1768 wrote to memory of 2868	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1768 wrote to memory of 2868	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1768 wrote to memory of 2260	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1768 wrote to memory of 2260	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1768 wrote to memory of 3996	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1768 wrote to memory of 3996	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1768 wrote to memory of 4280	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1768 wrote to memory of 4280	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1768 wrote to memory of 544	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1768 wrote to memory of 544	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1768 wrote to memory of 3392	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1768 wrote to memory of 3392	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1768 wrote to memory of 3672	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1768 wrote to memory of 3672	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1768 wrote to memory of 728	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1768 wrote to memory of 728	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1768 wrote to memory of 720	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1768 wrote to memory of 720	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1768 wrote to memory of 4128	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1768 wrote to memory of 4128	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1768 wrote to memory of 4444	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1768 wrote to memory of 4444	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1768 wrote to memory of 4892	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1768 wrote to memory of 4892	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1768 wrote to memory of 2888	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1768 wrote to memory of 2888	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1768 wrote to memory of 5108	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1768 wrote to memory of 5108	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1768 wrote to memory of 4736	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1768 wrote to memory of 4736	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1768 wrote to memory of 4788	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1768 wrote to memory of 4788	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1768 wrote to memory of 648	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1768 wrote to memory of 648	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1768 wrote to memory of 2192	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1768 wrote to memory of 2192	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1768 wrote to memory of 3360	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1768 wrote to memory of 3360	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1768 wrote to memory of 3860	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1768 wrote to memory of 3860	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1768 wrote to memory of 2244	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1768 wrote to memory of 2244	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1768 wrote to memory of 4912	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1768 wrote to memory of 4912	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1768 wrote to memory of 3152	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 1768 wrote to memory of 3152	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 1768 wrote to memory of 336	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 1768 wrote to memory of 336	1768	2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe	116

C:\Users\Admin\AppData\Local\Temp\2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_2a21deb49f1855b7ee85b50a47b4afd8_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Windows\System\WpZKdOB.exe
  C:\Windows\System\WpZKdOB.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\CaFArxD.exe
  C:\Windows\System\CaFArxD.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\BmfdPho.exe
  C:\Windows\System\BmfdPho.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\UkGzSxJ.exe
  C:\Windows\System\UkGzSxJ.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\Jsoskat.exe
  C:\Windows\System\Jsoskat.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\jHtfShO.exe
  C:\Windows\System\jHtfShO.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\yZqTXGl.exe
  C:\Windows\System\yZqTXGl.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\xNBvHxy.exe
  C:\Windows\System\xNBvHxy.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\ZsSKmDp.exe
  C:\Windows\System\ZsSKmDp.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\mxTYSrO.exe
  C:\Windows\System\mxTYSrO.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\NmZcrIA.exe
  C:\Windows\System\NmZcrIA.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\gfhoKvn.exe
  C:\Windows\System\gfhoKvn.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\EOBOKhV.exe
  C:\Windows\System\EOBOKhV.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\pHCybIe.exe
  C:\Windows\System\pHCybIe.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System\wznssNj.exe
  C:\Windows\System\wznssNj.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\tbbETmJ.exe
  C:\Windows\System\tbbETmJ.exe
  2⤵
  - Executes dropped EXE
  PID:728
- C:\Windows\System\lpJLzRD.exe
  C:\Windows\System\lpJLzRD.exe
  2⤵
  - Executes dropped EXE
  PID:720
- C:\Windows\System\bclNBIR.exe
  C:\Windows\System\bclNBIR.exe
  2⤵
  - Executes dropped EXE
  PID:4128
- C:\Windows\System\jrgXnQj.exe
  C:\Windows\System\jrgXnQj.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\gDQbkxk.exe
  C:\Windows\System\gDQbkxk.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\lNElTPR.exe
  C:\Windows\System\lNElTPR.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\AGSfRiq.exe
  C:\Windows\System\AGSfRiq.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\otvDVXP.exe
  C:\Windows\System\otvDVXP.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\gJvxTvu.exe
  C:\Windows\System\gJvxTvu.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\Xyjinqm.exe
  C:\Windows\System\Xyjinqm.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\FHXkoVl.exe
  C:\Windows\System\FHXkoVl.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\esbGZSj.exe
  C:\Windows\System\esbGZSj.exe
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Windows\System\ZamWubL.exe
  C:\Windows\System\ZamWubL.exe
  2⤵
  - Executes dropped EXE
  PID:3860
- C:\Windows\System\WPAsBmT.exe
  C:\Windows\System\WPAsBmT.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\ovaiJUQ.exe
  C:\Windows\System\ovaiJUQ.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\CUjUKdl.exe
  C:\Windows\System\CUjUKdl.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\zGSlJTN.exe
  C:\Windows\System\zGSlJTN.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\FfuQkGX.exe
  C:\Windows\System\FfuQkGX.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\OQvbdts.exe
  C:\Windows\System\OQvbdts.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\HiRtMen.exe
  C:\Windows\System\HiRtMen.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\YWROSvY.exe
  C:\Windows\System\YWROSvY.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\GvJBAiy.exe
  C:\Windows\System\GvJBAiy.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\sFyilLH.exe
  C:\Windows\System\sFyilLH.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\TEqSZoi.exe
  C:\Windows\System\TEqSZoi.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\ksTgwuv.exe
  C:\Windows\System\ksTgwuv.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\lowthAn.exe
  C:\Windows\System\lowthAn.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\akWUKlm.exe
  C:\Windows\System\akWUKlm.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\duYCflm.exe
  C:\Windows\System\duYCflm.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\ePZRfBv.exe
  C:\Windows\System\ePZRfBv.exe
  2⤵
  - Executes dropped EXE
  PID:3540
- C:\Windows\System\DvDnmsV.exe
  C:\Windows\System\DvDnmsV.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\bOKZHLB.exe
  C:\Windows\System\bOKZHLB.exe
  2⤵
  - Executes dropped EXE
  PID:3332
- C:\Windows\System\HlhaEyH.exe
  C:\Windows\System\HlhaEyH.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\fynIlYG.exe
  C:\Windows\System\fynIlYG.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\kCdIptj.exe
  C:\Windows\System\kCdIptj.exe
  2⤵
  - Executes dropped EXE
  PID:3912
- C:\Windows\System\aHriZqR.exe
  C:\Windows\System\aHriZqR.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System\CtuTqff.exe
  C:\Windows\System\CtuTqff.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\dNTHXVH.exe
  C:\Windows\System\dNTHXVH.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\vItMGUT.exe
  C:\Windows\System\vItMGUT.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\FSaRrpd.exe
  C:\Windows\System\FSaRrpd.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\nLwdkmK.exe
  C:\Windows\System\nLwdkmK.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\aEEgWNe.exe
  C:\Windows\System\aEEgWNe.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\IcoSRqU.exe
  C:\Windows\System\IcoSRqU.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\RlOgJqN.exe
  C:\Windows\System\RlOgJqN.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\tSdlaIy.exe
  C:\Windows\System\tSdlaIy.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\cHxNTsr.exe
  C:\Windows\System\cHxNTsr.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System\YwKvNOn.exe
  C:\Windows\System\YwKvNOn.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\OyvZOIB.exe
  C:\Windows\System\OyvZOIB.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\FONhFew.exe
  C:\Windows\System\FONhFew.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\NlTjtuD.exe
  C:\Windows\System\NlTjtuD.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\yPuwmvr.exe
  C:\Windows\System\yPuwmvr.exe
  2⤵
  PID:3132
- C:\Windows\System\BgZDXgy.exe
  C:\Windows\System\BgZDXgy.exe
  2⤵
  PID:3940
- C:\Windows\System\UsbzXrP.exe
  C:\Windows\System\UsbzXrP.exe
  2⤵
  PID:972
- C:\Windows\System\dkPwUPH.exe
  C:\Windows\System\dkPwUPH.exe
  2⤵
  PID:2120
- C:\Windows\System\sSBuzBa.exe
  C:\Windows\System\sSBuzBa.exe
  2⤵
  PID:3896
- C:\Windows\System\zpqQfgT.exe
  C:\Windows\System\zpqQfgT.exe
  2⤵
  PID:4836
- C:\Windows\System\EwAWFDu.exe
  C:\Windows\System\EwAWFDu.exe
  2⤵
  PID:2752
- C:\Windows\System\cfmlvdy.exe
  C:\Windows\System\cfmlvdy.exe
  2⤵
  PID:1840
- C:\Windows\System\XbiwvbG.exe
  C:\Windows\System\XbiwvbG.exe
  2⤵
  PID:4144
- C:\Windows\System\pKCitLv.exe
  C:\Windows\System\pKCitLv.exe
  2⤵
  PID:1272
- C:\Windows\System\OjhdEOU.exe
  C:\Windows\System\OjhdEOU.exe
  2⤵
  PID:5028
- C:\Windows\System\YgyJaMl.exe
  C:\Windows\System\YgyJaMl.exe
  2⤵
  PID:1312
- C:\Windows\System\BWVuIPt.exe
  C:\Windows\System\BWVuIPt.exe
  2⤵
  PID:1564
- C:\Windows\System\pVZtbJE.exe
  C:\Windows\System\pVZtbJE.exe
  2⤵
  PID:4316
- C:\Windows\System\mlZZAzR.exe
  C:\Windows\System\mlZZAzR.exe
  2⤵
  PID:4920
- C:\Windows\System\xQbDNvn.exe
  C:\Windows\System\xQbDNvn.exe
  2⤵
  PID:4132
- C:\Windows\System\vvCBkVR.exe
  C:\Windows\System\vvCBkVR.exe
  2⤵
  PID:4604
- C:\Windows\System\ZNGDtlM.exe
  C:\Windows\System\ZNGDtlM.exe
  2⤵
  PID:2080
- C:\Windows\System\IWiCBdd.exe
  C:\Windows\System\IWiCBdd.exe
  2⤵
  PID:3452
- C:\Windows\System\eJHXLdE.exe
  C:\Windows\System\eJHXLdE.exe
  2⤵
  PID:2320
- C:\Windows\System\zNsuUym.exe
  C:\Windows\System\zNsuUym.exe
  2⤵
  PID:2200
- C:\Windows\System\aDjAFXf.exe
  C:\Windows\System\aDjAFXf.exe
  2⤵
  PID:1712
- C:\Windows\System\RllLekZ.exe
  C:\Windows\System\RllLekZ.exe
  2⤵
  PID:2804
- C:\Windows\System\GNJFbnm.exe
  C:\Windows\System\GNJFbnm.exe
  2⤵
  PID:212
- C:\Windows\System\pXYBJSh.exe
  C:\Windows\System\pXYBJSh.exe
  2⤵
  PID:1748
- C:\Windows\System\ZbESPLc.exe
  C:\Windows\System\ZbESPLc.exe
  2⤵
  PID:4824
- C:\Windows\System\QcYaDnV.exe
  C:\Windows\System\QcYaDnV.exe
  2⤵
  PID:5124
- C:\Windows\System\ZxEYSoT.exe
  C:\Windows\System\ZxEYSoT.exe
  2⤵
  PID:5144
- C:\Windows\System\upBTvld.exe
  C:\Windows\System\upBTvld.exe
  2⤵
  PID:5172
- C:\Windows\System\FKhXpZw.exe
  C:\Windows\System\FKhXpZw.exe
  2⤵
  PID:5200
- C:\Windows\System\radhBxD.exe
  C:\Windows\System\radhBxD.exe
  2⤵
  PID:5216
- C:\Windows\System\VpiZCwz.exe
  C:\Windows\System\VpiZCwz.exe
  2⤵
  PID:5248
- C:\Windows\System\oPBANiU.exe
  C:\Windows\System\oPBANiU.exe
  2⤵
  PID:5272
- C:\Windows\System\KZedeYf.exe
  C:\Windows\System\KZedeYf.exe
  2⤵
  PID:5312
- C:\Windows\System\zPUPyMu.exe
  C:\Windows\System\zPUPyMu.exe
  2⤵
  PID:5340
- C:\Windows\System\AovGQlo.exe
  C:\Windows\System\AovGQlo.exe
  2⤵
  PID:5380
- C:\Windows\System\UGTlTXR.exe
  C:\Windows\System\UGTlTXR.exe
  2⤵
  PID:5400
- C:\Windows\System\bQNFyti.exe
  C:\Windows\System\bQNFyti.exe
  2⤵
  PID:5424
- C:\Windows\System\yTshlyU.exe
  C:\Windows\System\yTshlyU.exe
  2⤵
  PID:5452
- C:\Windows\System\sNXayZf.exe
  C:\Windows\System\sNXayZf.exe
  2⤵
  PID:5484
- C:\Windows\System\LXwLBVB.exe
  C:\Windows\System\LXwLBVB.exe
  2⤵
  PID:5508
- C:\Windows\System\sOKAPCC.exe
  C:\Windows\System\sOKAPCC.exe
  2⤵
  PID:5536
- C:\Windows\System\gURIHtA.exe
  C:\Windows\System\gURIHtA.exe
  2⤵
  PID:5564
- C:\Windows\System\MgBelXx.exe
  C:\Windows\System\MgBelXx.exe
  2⤵
  PID:5580
- C:\Windows\System\wSWPhqi.exe
  C:\Windows\System\wSWPhqi.exe
  2⤵
  PID:5608
- C:\Windows\System\dQkRNlk.exe
  C:\Windows\System\dQkRNlk.exe
  2⤵
  PID:5636
- C:\Windows\System\QyqlITD.exe
  C:\Windows\System\QyqlITD.exe
  2⤵
  PID:5680
- C:\Windows\System\VFkkGzu.exe
  C:\Windows\System\VFkkGzu.exe
  2⤵
  PID:5712
- C:\Windows\System\CqIgisZ.exe
  C:\Windows\System\CqIgisZ.exe
  2⤵
  PID:5744
- C:\Windows\System\FKWrqDx.exe
  C:\Windows\System\FKWrqDx.exe
  2⤵
  PID:5768
- C:\Windows\System\jvbtydh.exe
  C:\Windows\System\jvbtydh.exe
  2⤵
  PID:5796
- C:\Windows\System\mqHZSUa.exe
  C:\Windows\System\mqHZSUa.exe
  2⤵
  PID:5816
- C:\Windows\System\XseGTJq.exe
  C:\Windows\System\XseGTJq.exe
  2⤵
  PID:5844
- C:\Windows\System\GCNkDpt.exe
  C:\Windows\System\GCNkDpt.exe
  2⤵
  PID:5860
- C:\Windows\System\OXjKgfV.exe
  C:\Windows\System\OXjKgfV.exe
  2⤵
  PID:5892
- C:\Windows\System\VXBwbxn.exe
  C:\Windows\System\VXBwbxn.exe
  2⤵
  PID:5944
- C:\Windows\System\OJNSFbQ.exe
  C:\Windows\System\OJNSFbQ.exe
  2⤵
  PID:5968
- C:\Windows\System\PWYknCi.exe
  C:\Windows\System\PWYknCi.exe
  2⤵
  PID:5984
- C:\Windows\System\pYMrLSZ.exe
  C:\Windows\System\pYMrLSZ.exe
  2⤵
  PID:6012
- C:\Windows\System\VinnRWn.exe
  C:\Windows\System\VinnRWn.exe
  2⤵
  PID:6040
- C:\Windows\System\ABhqxxl.exe
  C:\Windows\System\ABhqxxl.exe
  2⤵
  PID:6068
- C:\Windows\System\EdSbYGi.exe
  C:\Windows\System\EdSbYGi.exe
  2⤵
  PID:6096
- C:\Windows\System\VapYUFR.exe
  C:\Windows\System\VapYUFR.exe
  2⤵
  PID:6136
- C:\Windows\System\ZCzwFhP.exe
  C:\Windows\System\ZCzwFhP.exe
  2⤵
  PID:2468
- C:\Windows\System\wlynTHr.exe
  C:\Windows\System\wlynTHr.exe
  2⤵
  PID:1124
- C:\Windows\System\xkrhNkI.exe
  C:\Windows\System\xkrhNkI.exe
  2⤵
  PID:984
- C:\Windows\System\scUErCF.exe
  C:\Windows\System\scUErCF.exe
  2⤵
  PID:5084
- C:\Windows\System\NkLDOUG.exe
  C:\Windows\System\NkLDOUG.exe
  2⤵
  PID:5188
- C:\Windows\System\YOjghhr.exe
  C:\Windows\System\YOjghhr.exe
  2⤵
  PID:5256
- C:\Windows\System\VyHxzRV.exe
  C:\Windows\System\VyHxzRV.exe
  2⤵
  PID:5288
- C:\Windows\System\NPBrGmM.exe
  C:\Windows\System\NPBrGmM.exe
  2⤵
  PID:5368
- C:\Windows\System\ACKWxAx.exe
  C:\Windows\System\ACKWxAx.exe
  2⤵
  PID:5476
- C:\Windows\System\fTpeZOc.exe
  C:\Windows\System\fTpeZOc.exe
  2⤵
  PID:5524
- C:\Windows\System\FhLsCHF.exe
  C:\Windows\System\FhLsCHF.exe
  2⤵
  PID:5592
- C:\Windows\System\USPJvon.exe
  C:\Windows\System\USPJvon.exe
  2⤵
  PID:5648
- C:\Windows\System\ACDSark.exe
  C:\Windows\System\ACDSark.exe
  2⤵
  PID:5688
- C:\Windows\System\tXftphS.exe
  C:\Windows\System\tXftphS.exe
  2⤵
  PID:5760
- C:\Windows\System\kvjCzAV.exe
  C:\Windows\System\kvjCzAV.exe
  2⤵
  PID:5808
- C:\Windows\System\ecHDMqc.exe
  C:\Windows\System\ecHDMqc.exe
  2⤵
  PID:5980
- C:\Windows\System\BEFkaAZ.exe
  C:\Windows\System\BEFkaAZ.exe
  2⤵
  PID:6076
- C:\Windows\System\wFPpgnC.exe
  C:\Windows\System\wFPpgnC.exe
  2⤵
  PID:6116
- C:\Windows\System\QDoQzWT.exe
  C:\Windows\System\QDoQzWT.exe
  2⤵
  PID:5228
- C:\Windows\System\pPtUuHe.exe
  C:\Windows\System\pPtUuHe.exe
  2⤵
  PID:4556
- C:\Windows\System\WTpwCyR.exe
  C:\Windows\System\WTpwCyR.exe
  2⤵
  PID:3016
- C:\Windows\System\pSxhVRS.exe
  C:\Windows\System\pSxhVRS.exe
  2⤵
  PID:3064
- C:\Windows\System\mNTuNjl.exe
  C:\Windows\System\mNTuNjl.exe
  2⤵
  PID:5392
- C:\Windows\System\uRslQyJ.exe
  C:\Windows\System\uRslQyJ.exe
  2⤵
  PID:3464
- C:\Windows\System\OfBdJDT.exe
  C:\Windows\System\OfBdJDT.exe
  2⤵
  PID:5572
- C:\Windows\System\wQglfAN.exe
  C:\Windows\System\wQglfAN.exe
  2⤵
  PID:1120
- C:\Windows\System\uCyDRVv.exe
  C:\Windows\System\uCyDRVv.exe
  2⤵
  PID:5736
- C:\Windows\System\aqzCTTi.exe
  C:\Windows\System\aqzCTTi.exe
  2⤵
  PID:5828
- C:\Windows\System\UTyLqPs.exe
  C:\Windows\System\UTyLqPs.exe
  2⤵
  PID:4384
- C:\Windows\System\mtHNTgK.exe
  C:\Windows\System\mtHNTgK.exe
  2⤵
  PID:2136
- C:\Windows\System\bmxxdrS.exe
  C:\Windows\System\bmxxdrS.exe
  2⤵
  PID:4584
- C:\Windows\System\qloDBTj.exe
  C:\Windows\System\qloDBTj.exe
  2⤵
  PID:5436
- C:\Windows\System\jCzllpJ.exe
  C:\Windows\System\jCzllpJ.exe
  2⤵
  PID:1408
- C:\Windows\System\xjTeHxO.exe
  C:\Windows\System\xjTeHxO.exe
  2⤵
  PID:220
- C:\Windows\System\mATvuoJ.exe
  C:\Windows\System\mATvuoJ.exe
  2⤵
  PID:2252
- C:\Windows\System\zLwrOTl.exe
  C:\Windows\System\zLwrOTl.exe
  2⤵
  PID:6164
- C:\Windows\System\PjWfrhm.exe
  C:\Windows\System\PjWfrhm.exe
  2⤵
  PID:6184
- C:\Windows\System\WvusAtc.exe
  C:\Windows\System\WvusAtc.exe
  2⤵
  PID:6220
- C:\Windows\System\skjNnCn.exe
  C:\Windows\System\skjNnCn.exe
  2⤵
  PID:6240
- C:\Windows\System\sSRKxCL.exe
  C:\Windows\System\sSRKxCL.exe
  2⤵
  PID:6268
- C:\Windows\System\ULaqitm.exe
  C:\Windows\System\ULaqitm.exe
  2⤵
  PID:6284
- C:\Windows\System\dLvONFg.exe
  C:\Windows\System\dLvONFg.exe
  2⤵
  PID:6312
- C:\Windows\System\qSgfAxp.exe
  C:\Windows\System\qSgfAxp.exe
  2⤵
  PID:6328
- C:\Windows\System\oEraCWp.exe
  C:\Windows\System\oEraCWp.exe
  2⤵
  PID:6360
- C:\Windows\System\seedkgm.exe
  C:\Windows\System\seedkgm.exe
  2⤵
  PID:6376
- C:\Windows\System\BSHmvQC.exe
  C:\Windows\System\BSHmvQC.exe
  2⤵
  PID:6424
- C:\Windows\System\ySmykiV.exe
  C:\Windows\System\ySmykiV.exe
  2⤵
  PID:6480
- C:\Windows\System\ULKuhuZ.exe
  C:\Windows\System\ULKuhuZ.exe
  2⤵
  PID:6520
- C:\Windows\System\PKGLiSe.exe
  C:\Windows\System\PKGLiSe.exe
  2⤵
  PID:6540
- C:\Windows\System\eGuefBE.exe
  C:\Windows\System\eGuefBE.exe
  2⤵
  PID:6584
- C:\Windows\System\wAzQpjn.exe
  C:\Windows\System\wAzQpjn.exe
  2⤵
  PID:6600
- C:\Windows\System\sPtOQTO.exe
  C:\Windows\System\sPtOQTO.exe
  2⤵
  PID:6728
- C:\Windows\System\myLYGAS.exe
  C:\Windows\System\myLYGAS.exe
  2⤵
  PID:6748
- C:\Windows\System\rPFzymQ.exe
  C:\Windows\System\rPFzymQ.exe
  2⤵
  PID:6796
- C:\Windows\System\KFHpnMn.exe
  C:\Windows\System\KFHpnMn.exe
  2⤵
  PID:6820
- C:\Windows\System\UzhUMzR.exe
  C:\Windows\System\UzhUMzR.exe
  2⤵
  PID:6852
- C:\Windows\System\oMIzaSD.exe
  C:\Windows\System\oMIzaSD.exe
  2⤵
  PID:6908
- C:\Windows\System\HJlnSSR.exe
  C:\Windows\System\HJlnSSR.exe
  2⤵
  PID:6960
- C:\Windows\System\FeCPlbX.exe
  C:\Windows\System\FeCPlbX.exe
  2⤵
  PID:6992
- C:\Windows\System\RXPsSRk.exe
  C:\Windows\System\RXPsSRk.exe
  2⤵
  PID:7036
- C:\Windows\System\yRwvPmB.exe
  C:\Windows\System\yRwvPmB.exe
  2⤵
  PID:7060
- C:\Windows\System\UxmHmUa.exe
  C:\Windows\System\UxmHmUa.exe
  2⤵
  PID:7112
- C:\Windows\System\kgRFjVM.exe
  C:\Windows\System\kgRFjVM.exe
  2⤵
  PID:5324
- C:\Windows\System\ArRVsDD.exe
  C:\Windows\System\ArRVsDD.exe
  2⤵
  PID:4516
- C:\Windows\System\GkWdEBn.exe
  C:\Windows\System\GkWdEBn.exe
  2⤵
  PID:3100
- C:\Windows\System\pXCvuFZ.exe
  C:\Windows\System\pXCvuFZ.exe
  2⤵
  PID:6256
- C:\Windows\System\JqGDqgG.exe
  C:\Windows\System\JqGDqgG.exe
  2⤵
  PID:6344
- C:\Windows\System\lbzktsU.exe
  C:\Windows\System\lbzktsU.exe
  2⤵
  PID:1484
- C:\Windows\System\bNfGlzG.exe
  C:\Windows\System\bNfGlzG.exe
  2⤵
  PID:6416
- C:\Windows\System\dtbBhkf.exe
  C:\Windows\System\dtbBhkf.exe
  2⤵
  PID:6508
- C:\Windows\System\JQbwtMZ.exe
  C:\Windows\System\JQbwtMZ.exe
  2⤵
  PID:6536
- C:\Windows\System\wCjwlnM.exe
  C:\Windows\System\wCjwlnM.exe
  2⤵
  PID:6672
- C:\Windows\System\JTTubEo.exe
  C:\Windows\System\JTTubEo.exe
  2⤵
  PID:6628
- C:\Windows\System\KDAWwbl.exe
  C:\Windows\System\KDAWwbl.exe
  2⤵
  PID:4976
- C:\Windows\System\SaZcefq.exe
  C:\Windows\System\SaZcefq.exe
  2⤵
  PID:2800
- C:\Windows\System\GDiEFny.exe
  C:\Windows\System\GDiEFny.exe
  2⤵
  PID:5140
- C:\Windows\System\SwbpOpK.exe
  C:\Windows\System\SwbpOpK.exe
  2⤵
  PID:6300
- C:\Windows\System\HTegsDy.exe
  C:\Windows\System\HTegsDy.exe
  2⤵
  PID:6764
- C:\Windows\System\amxPMFG.exe
  C:\Windows\System\amxPMFG.exe
  2⤵
  PID:6840
- C:\Windows\System\tXNGxwY.exe
  C:\Windows\System\tXNGxwY.exe
  2⤵
  PID:6944
- C:\Windows\System\RiMJeGf.exe
  C:\Windows\System\RiMJeGf.exe
  2⤵
  PID:7024
- C:\Windows\System\ErfpeXv.exe
  C:\Windows\System\ErfpeXv.exe
  2⤵
  PID:7108
- C:\Windows\System\AAjkYLe.exe
  C:\Windows\System\AAjkYLe.exe
  2⤵
  PID:2712
- C:\Windows\System\zqGhucs.exe
  C:\Windows\System\zqGhucs.exe
  2⤵
  PID:6204
- C:\Windows\System\tqjCips.exe
  C:\Windows\System\tqjCips.exe
  2⤵
  PID:6292
- C:\Windows\System\kqZIMwX.exe
  C:\Windows\System\kqZIMwX.exe
  2⤵
  PID:6324
- C:\Windows\System\WPgxlkx.exe
  C:\Windows\System\WPgxlkx.exe
  2⤵
  PID:6596
- C:\Windows\System\wheHTWG.exe
  C:\Windows\System\wheHTWG.exe
  2⤵
  PID:4452
- C:\Windows\System\FrfUSYb.exe
  C:\Windows\System\FrfUSYb.exe
  2⤵
  PID:5332
- C:\Windows\System\zZcKegf.exe
  C:\Windows\System\zZcKegf.exe
  2⤵
  PID:6812
- C:\Windows\System\CrZTKXG.exe
  C:\Windows\System\CrZTKXG.exe
  2⤵
  PID:3480
- C:\Windows\System\EvEMxPX.exe
  C:\Windows\System\EvEMxPX.exe
  2⤵
  PID:4652
- C:\Windows\System\uGHDHDy.exe
  C:\Windows\System\uGHDHDy.exe
  2⤵
  PID:5072
- C:\Windows\System\zcruyvP.exe
  C:\Windows\System\zcruyvP.exe
  2⤵
  PID:2196
- C:\Windows\System\RtMLWwh.exe
  C:\Windows\System\RtMLWwh.exe
  2⤵
  PID:6744
- C:\Windows\System\IkxTBMc.exe
  C:\Windows\System\IkxTBMc.exe
  2⤵
  PID:6232
- C:\Windows\System\RSGjEnb.exe
  C:\Windows\System\RSGjEnb.exe
  2⤵
  PID:5208
- C:\Windows\System\tzBgeaG.exe
  C:\Windows\System\tzBgeaG.exe
  2⤵
  PID:6304
- C:\Windows\System\HdZkZoS.exe
  C:\Windows\System\HdZkZoS.exe
  2⤵
  PID:7176
- C:\Windows\System\YdFDlyH.exe
  C:\Windows\System\YdFDlyH.exe
  2⤵
  PID:7204
- C:\Windows\System\ZxHJuzu.exe
  C:\Windows\System\ZxHJuzu.exe
  2⤵
  PID:7232
- C:\Windows\System\VCbawam.exe
  C:\Windows\System\VCbawam.exe
  2⤵
  PID:7260
- C:\Windows\System\MoGKxse.exe
  C:\Windows\System\MoGKxse.exe
  2⤵
  PID:7296
- C:\Windows\System\QJyYKMP.exe
  C:\Windows\System\QJyYKMP.exe
  2⤵
  PID:7316
- C:\Windows\System\lXmWAgB.exe
  C:\Windows\System\lXmWAgB.exe
  2⤵
  PID:7388
- C:\Windows\System\NHhLmfa.exe
  C:\Windows\System\NHhLmfa.exe
  2⤵
  PID:7408
- C:\Windows\System\REDRPTs.exe
  C:\Windows\System\REDRPTs.exe
  2⤵
  PID:7436
- C:\Windows\System\xLjSbGS.exe
  C:\Windows\System\xLjSbGS.exe
  2⤵
  PID:7472
- C:\Windows\System\MgmojKI.exe
  C:\Windows\System\MgmojKI.exe
  2⤵
  PID:7492
- C:\Windows\System\jttMEOe.exe
  C:\Windows\System\jttMEOe.exe
  2⤵
  PID:7520
- C:\Windows\System\ttQYjEw.exe
  C:\Windows\System\ttQYjEw.exe
  2⤵
  PID:7548
- C:\Windows\System\aEJAWSB.exe
  C:\Windows\System\aEJAWSB.exe
  2⤵
  PID:7580
- C:\Windows\System\GFTxRGh.exe
  C:\Windows\System\GFTxRGh.exe
  2⤵
  PID:7616
- C:\Windows\System\tiYRtRo.exe
  C:\Windows\System\tiYRtRo.exe
  2⤵
  PID:7636
- C:\Windows\System\IbtYPUq.exe
  C:\Windows\System\IbtYPUq.exe
  2⤵
  PID:7664
- C:\Windows\System\qdZXBgD.exe
  C:\Windows\System\qdZXBgD.exe
  2⤵
  PID:7700
- C:\Windows\System\wLDQSvo.exe
  C:\Windows\System\wLDQSvo.exe
  2⤵
  PID:7720
- C:\Windows\System\wIxLRcC.exe
  C:\Windows\System\wIxLRcC.exe
  2⤵
  PID:7748
- C:\Windows\System\ZxBeEBu.exe
  C:\Windows\System\ZxBeEBu.exe
  2⤵
  PID:7784
- C:\Windows\System\sXfjhoD.exe
  C:\Windows\System\sXfjhoD.exe
  2⤵
  PID:7804
- C:\Windows\System\FrAaBmC.exe
  C:\Windows\System\FrAaBmC.exe
  2⤵
  PID:7832
- C:\Windows\System\zSMgjHT.exe
  C:\Windows\System\zSMgjHT.exe
  2⤵
  PID:7864
- C:\Windows\System\BcDlAzA.exe
  C:\Windows\System\BcDlAzA.exe
  2⤵
  PID:7896
- C:\Windows\System\SpVUYfH.exe
  C:\Windows\System\SpVUYfH.exe
  2⤵
  PID:7928
- C:\Windows\System\QINsqwc.exe
  C:\Windows\System\QINsqwc.exe
  2⤵
  PID:7948
- C:\Windows\System\ZetwHDy.exe
  C:\Windows\System\ZetwHDy.exe
  2⤵
  PID:7984
- C:\Windows\System\KMIMers.exe
  C:\Windows\System\KMIMers.exe
  2⤵
  PID:8004
- C:\Windows\System\JAknkKL.exe
  C:\Windows\System\JAknkKL.exe
  2⤵
  PID:8032
- C:\Windows\System\ztmpJkm.exe
  C:\Windows\System\ztmpJkm.exe
  2⤵
  PID:8060
- C:\Windows\System\IRysxUI.exe
  C:\Windows\System\IRysxUI.exe
  2⤵
  PID:8104
- C:\Windows\System\GyzzmYn.exe
  C:\Windows\System\GyzzmYn.exe
  2⤵
  PID:8132
- C:\Windows\System\qwrEtLa.exe
  C:\Windows\System\qwrEtLa.exe
  2⤵
  PID:8152
- C:\Windows\System\YRjntgd.exe
  C:\Windows\System\YRjntgd.exe
  2⤵
  PID:8184
- C:\Windows\System\atQtUMb.exe
  C:\Windows\System\atQtUMb.exe
  2⤵
  PID:7220
- C:\Windows\System\AyTgvBC.exe
  C:\Windows\System\AyTgvBC.exe
  2⤵
  PID:7304
- C:\Windows\System\aKbWQGR.exe
  C:\Windows\System\aKbWQGR.exe
  2⤵
  PID:7376
- C:\Windows\System\ynulDbX.exe
  C:\Windows\System\ynulDbX.exe
  2⤵
  PID:7428
- C:\Windows\System\LDfTrOX.exe
  C:\Windows\System\LDfTrOX.exe
  2⤵
  PID:7484
- C:\Windows\System\wBBUoEq.exe
  C:\Windows\System\wBBUoEq.exe
  2⤵
  PID:7572
- C:\Windows\System\hOTJmxp.exe
  C:\Windows\System\hOTJmxp.exe
  2⤵
  PID:7656
- C:\Windows\System\OOTpwEI.exe
  C:\Windows\System\OOTpwEI.exe
  2⤵
  PID:7708
- C:\Windows\System\pBHtipC.exe
  C:\Windows\System\pBHtipC.exe
  2⤵
  PID:7792
- C:\Windows\System\mQTihJe.exe
  C:\Windows\System\mQTihJe.exe
  2⤵
  PID:7828
- C:\Windows\System\fOKbXUb.exe
  C:\Windows\System\fOKbXUb.exe
  2⤵
  PID:7992
- C:\Windows\System\qCOxIrg.exe
  C:\Windows\System\qCOxIrg.exe
  2⤵
  PID:8028
- C:\Windows\System\OOOKESb.exe
  C:\Windows\System\OOOKESb.exe
  2⤵
  PID:7568
- C:\Windows\System\UjxHTsg.exe
  C:\Windows\System\UjxHTsg.exe
  2⤵
  PID:8180
- C:\Windows\System\VkRRMqY.exe
  C:\Windows\System\VkRRMqY.exe
  2⤵
  PID:7356
- C:\Windows\System\TdAsjLF.exe
  C:\Windows\System\TdAsjLF.exe
  2⤵
  PID:7516
- C:\Windows\System\gYORhQK.exe
  C:\Windows\System\gYORhQK.exe
  2⤵
  PID:7684
- C:\Windows\System\QRTRKwv.exe
  C:\Windows\System\QRTRKwv.exe
  2⤵
  PID:7824
- C:\Windows\System\OpHXyxF.exe
  C:\Windows\System\OpHXyxF.exe
  2⤵
  PID:3976
- C:\Windows\System\OdaKWhK.exe
  C:\Windows\System\OdaKWhK.exe
  2⤵
  PID:8024
- C:\Windows\System\YybZpri.exe
  C:\Windows\System\YybZpri.exe
  2⤵
  PID:7272
- C:\Windows\System\YZXnZdx.exe
  C:\Windows\System\YZXnZdx.exe
  2⤵
  PID:7744
- C:\Windows\System\jaqeLcs.exe
  C:\Windows\System\jaqeLcs.exe
  2⤵
  PID:8100
- C:\Windows\System\eVnxpvO.exe
  C:\Windows\System\eVnxpvO.exe
  2⤵
  PID:3552
- C:\Windows\System\AYUmoSk.exe
  C:\Windows\System\AYUmoSk.exe
  2⤵
  PID:8000
- C:\Windows\System\EVubsHu.exe
  C:\Windows\System\EVubsHu.exe
  2⤵
  PID:7628
- C:\Windows\System\oryXROK.exe
  C:\Windows\System\oryXROK.exe
  2⤵
  PID:8220
- C:\Windows\System\dszJAks.exe
  C:\Windows\System\dszJAks.exe
  2⤵
  PID:8248
- C:\Windows\System\kzPwdRI.exe
  C:\Windows\System\kzPwdRI.exe
  2⤵
  PID:8292
- C:\Windows\System\EBVsaYk.exe
  C:\Windows\System\EBVsaYk.exe
  2⤵
  PID:8380
- C:\Windows\System\yQAmjll.exe
  C:\Windows\System\yQAmjll.exe
  2⤵
  PID:8428
- C:\Windows\System\tUFgyjX.exe
  C:\Windows\System\tUFgyjX.exe
  2⤵
  PID:8488
- C:\Windows\System\BoRQKsM.exe
  C:\Windows\System\BoRQKsM.exe
  2⤵
  PID:8504
- C:\Windows\System\zPfpfsS.exe
  C:\Windows\System\zPfpfsS.exe
  2⤵
  PID:8544
- C:\Windows\System\AUebjIG.exe
  C:\Windows\System\AUebjIG.exe
  2⤵
  PID:8584
- C:\Windows\System\fazVqkv.exe
  C:\Windows\System\fazVqkv.exe
  2⤵
  PID:8612
- C:\Windows\System\YLAAXjc.exe
  C:\Windows\System\YLAAXjc.exe
  2⤵
  PID:8644
- C:\Windows\System\lFzWBFC.exe
  C:\Windows\System\lFzWBFC.exe
  2⤵
  PID:8676
- C:\Windows\System\uXhmbTy.exe
  C:\Windows\System\uXhmbTy.exe
  2⤵
  PID:8696
- C:\Windows\System\FOtRGTz.exe
  C:\Windows\System\FOtRGTz.exe
  2⤵
  PID:8728
- C:\Windows\System\eiBtMMJ.exe
  C:\Windows\System\eiBtMMJ.exe
  2⤵
  PID:8760
- C:\Windows\System\eQqUCgc.exe
  C:\Windows\System\eQqUCgc.exe
  2⤵
  PID:8788
- C:\Windows\System\AJAvECO.exe
  C:\Windows\System\AJAvECO.exe
  2⤵
  PID:8820
- C:\Windows\System\WitDqNA.exe
  C:\Windows\System\WitDqNA.exe
  2⤵
  PID:8840
- C:\Windows\System\uOVJjyz.exe
  C:\Windows\System\uOVJjyz.exe
  2⤵
  PID:8876
- C:\Windows\System\RdmDYig.exe
  C:\Windows\System\RdmDYig.exe
  2⤵
  PID:8900
- C:\Windows\System\FtTfcmQ.exe
  C:\Windows\System\FtTfcmQ.exe
  2⤵
  PID:8928
- C:\Windows\System\lEKqHHM.exe
  C:\Windows\System\lEKqHHM.exe
  2⤵
  PID:8956
- C:\Windows\System\WbzOuJY.exe
  C:\Windows\System\WbzOuJY.exe
  2⤵
  PID:9008
- C:\Windows\System\uJnNNUi.exe
  C:\Windows\System\uJnNNUi.exe
  2⤵
  PID:9032
- C:\Windows\System\GUIDrgL.exe
  C:\Windows\System\GUIDrgL.exe
  2⤵
  PID:9060
- C:\Windows\System\pwOTCHG.exe
  C:\Windows\System\pwOTCHG.exe
  2⤵
  PID:9088
- C:\Windows\System\afzvBXw.exe
  C:\Windows\System\afzvBXw.exe
  2⤵
  PID:9116
- C:\Windows\System\lrVmXTw.exe
  C:\Windows\System\lrVmXTw.exe
  2⤵
  PID:9136
- C:\Windows\System\cVEjxCO.exe
  C:\Windows\System\cVEjxCO.exe
  2⤵
  PID:9168
- C:\Windows\System\yneuGUh.exe
  C:\Windows\System\yneuGUh.exe
  2⤵
  PID:9196
- C:\Windows\System\TddwqnX.exe
  C:\Windows\System\TddwqnX.exe
  2⤵
  PID:8212
- C:\Windows\System\HIWVqzO.exe
  C:\Windows\System\HIWVqzO.exe
  2⤵
  PID:8284
- C:\Windows\System\RBDHhYx.exe
  C:\Windows\System\RBDHhYx.exe
  2⤵
  PID:8408
- C:\Windows\System\QHrNRLZ.exe
  C:\Windows\System\QHrNRLZ.exe
  2⤵
  PID:8556
- C:\Windows\System\GYqTkuw.exe
  C:\Windows\System\GYqTkuw.exe
  2⤵
  PID:8604
- C:\Windows\System\IBObNQE.exe
  C:\Windows\System\IBObNQE.exe
  2⤵
  PID:8660
- C:\Windows\System\ACViAaf.exe
  C:\Windows\System\ACViAaf.exe
  2⤵
  PID:8720
- C:\Windows\System\gKmNJnB.exe
  C:\Windows\System\gKmNJnB.exe
  2⤵
  PID:8780
- C:\Windows\System\QLoHxPr.exe
  C:\Windows\System\QLoHxPr.exe
  2⤵
  PID:8836
- C:\Windows\System\qgCBNFl.exe
  C:\Windows\System\qgCBNFl.exe
  2⤵
  PID:4224
- C:\Windows\System\ORUiYvc.exe
  C:\Windows\System\ORUiYvc.exe
  2⤵
  PID:8948
- C:\Windows\System\QpiANzV.exe
  C:\Windows\System\QpiANzV.exe
  2⤵
  PID:9016
- C:\Windows\System\znxSPey.exe
  C:\Windows\System\znxSPey.exe
  2⤵
  PID:9096
- C:\Windows\System\SCGbJIq.exe
  C:\Windows\System\SCGbJIq.exe
  2⤵
  PID:9148
- C:\Windows\System\ZoRHtwn.exe
  C:\Windows\System\ZoRHtwn.exe
  2⤵
  PID:9212
- C:\Windows\System\lAqTOyd.exe
  C:\Windows\System\lAqTOyd.exe
  2⤵
  PID:8496
- C:\Windows\System\cxmCvwR.exe
  C:\Windows\System\cxmCvwR.exe
  2⤵
  PID:1784
- C:\Windows\System\NjwCjeb.exe
  C:\Windows\System\NjwCjeb.exe
  2⤵
  PID:8744
- C:\Windows\System\ApLcpWT.exe
  C:\Windows\System\ApLcpWT.exe
  2⤵
  PID:8884
- C:\Windows\System\YwNsQwt.exe
  C:\Windows\System\YwNsQwt.exe
  2⤵
  PID:8996
- C:\Windows\System\WsSJjiU.exe
  C:\Windows\System\WsSJjiU.exe
  2⤵
  PID:8244
- C:\Windows\System\JTcyatS.exe
  C:\Windows\System\JTcyatS.exe
  2⤵
  PID:8924
- C:\Windows\System\IDCUJUF.exe
  C:\Windows\System\IDCUJUF.exe
  2⤵
  PID:9176
- C:\Windows\System\bXxZQbM.exe
  C:\Windows\System\bXxZQbM.exe
  2⤵
  PID:9248
- C:\Windows\System\sUQSiAS.exe
  C:\Windows\System\sUQSiAS.exe
  2⤵
  PID:9268
- C:\Windows\System\oXTSsaT.exe
  C:\Windows\System\oXTSsaT.exe
  2⤵
  PID:9296
- C:\Windows\System\WCVkeml.exe
  C:\Windows\System\WCVkeml.exe
  2⤵
  PID:9328
- C:\Windows\System\fxbnAtN.exe
  C:\Windows\System\fxbnAtN.exe
  2⤵
  PID:9348
- C:\Windows\System\oTuUVXT.exe
  C:\Windows\System\oTuUVXT.exe
  2⤵
  PID:9376
- C:\Windows\System\WquKKAb.exe
  C:\Windows\System\WquKKAb.exe
  2⤵
  PID:9404
- C:\Windows\System\LnCjaxk.exe
  C:\Windows\System\LnCjaxk.exe
  2⤵
  PID:9432
- C:\Windows\System\hUsTbIs.exe
  C:\Windows\System\hUsTbIs.exe
  2⤵
  PID:9464
- C:\Windows\System\eaDlUdk.exe
  C:\Windows\System\eaDlUdk.exe
  2⤵
  PID:9492
- C:\Windows\System\vhgdess.exe
  C:\Windows\System\vhgdess.exe
  2⤵
  PID:9528
- C:\Windows\System\TCbNLrD.exe
  C:\Windows\System\TCbNLrD.exe
  2⤵
  PID:9552
- C:\Windows\System\RzxJAGB.exe
  C:\Windows\System\RzxJAGB.exe
  2⤵
  PID:9584
- C:\Windows\System\WEAxVqA.exe
  C:\Windows\System\WEAxVqA.exe
  2⤵
  PID:9604
- C:\Windows\System\qiCgaZg.exe
  C:\Windows\System\qiCgaZg.exe
  2⤵
  PID:9644
- C:\Windows\System\YWZYEUK.exe
  C:\Windows\System\YWZYEUK.exe
  2⤵
  PID:9664
- C:\Windows\System\MbaNate.exe
  C:\Windows\System\MbaNate.exe
  2⤵
  PID:9704
- C:\Windows\System\RrBQXSF.exe
  C:\Windows\System\RrBQXSF.exe
  2⤵
  PID:9724
- C:\Windows\System\gYdIOjo.exe
  C:\Windows\System\gYdIOjo.exe
  2⤵
  PID:9760
- C:\Windows\System\dgfnWqZ.exe
  C:\Windows\System\dgfnWqZ.exe
  2⤵
  PID:9780
- C:\Windows\System\ZXPWyMl.exe
  C:\Windows\System\ZXPWyMl.exe
  2⤵
  PID:9820
- C:\Windows\System\ZbareVh.exe
  C:\Windows\System\ZbareVh.exe
  2⤵
  PID:9848
- C:\Windows\System\NXKylEw.exe
  C:\Windows\System\NXKylEw.exe
  2⤵
  PID:9892
- C:\Windows\System\MxUUhsn.exe
  C:\Windows\System\MxUUhsn.exe
  2⤵
  PID:9932
- C:\Windows\System\msFPGxx.exe
  C:\Windows\System\msFPGxx.exe
  2⤵
  PID:9964
- C:\Windows\System\xZmRizY.exe
  C:\Windows\System\xZmRizY.exe
  2⤵
  PID:9992
- C:\Windows\System\qDXEXre.exe
  C:\Windows\System\qDXEXre.exe
  2⤵
  PID:10008
- C:\Windows\System\TuDTKLl.exe
  C:\Windows\System\TuDTKLl.exe
  2⤵
  PID:10036
- C:\Windows\System\yVdnmJv.exe
  C:\Windows\System\yVdnmJv.exe
  2⤵
  PID:10068
- C:\Windows\System\qTLGKWv.exe
  C:\Windows\System\qTLGKWv.exe
  2⤵
  PID:10092
- C:\Windows\System\WlvFAnK.exe
  C:\Windows\System\WlvFAnK.exe
  2⤵
  PID:10128
- C:\Windows\System\wMuRuEc.exe
  C:\Windows\System\wMuRuEc.exe
  2⤵
  PID:10156
- C:\Windows\System\oslBlmF.exe
  C:\Windows\System\oslBlmF.exe
  2⤵
  PID:10184
- C:\Windows\System\NwSkhrh.exe
  C:\Windows\System\NwSkhrh.exe
  2⤵
  PID:10212
- C:\Windows\System\mpQlHJx.exe
  C:\Windows\System\mpQlHJx.exe
  2⤵
  PID:8892
- C:\Windows\System\AApBNKM.exe
  C:\Windows\System\AApBNKM.exe
  2⤵
  PID:7256
- C:\Windows\System\PXOAxUt.exe
  C:\Windows\System\PXOAxUt.exe
  2⤵
  PID:9228
- C:\Windows\System\jFyjnMp.exe
  C:\Windows\System\jFyjnMp.exe
  2⤵
  PID:9316
- C:\Windows\System\NpxWsUg.exe
  C:\Windows\System\NpxWsUg.exe
  2⤵
  PID:9388
- C:\Windows\System\mbZiIpI.exe
  C:\Windows\System\mbZiIpI.exe
  2⤵
  PID:6848
- C:\Windows\System\qqOBKyI.exe
  C:\Windows\System\qqOBKyI.exe
  2⤵
  PID:6696
- C:\Windows\System\ZjzTHmj.exe
  C:\Windows\System\ZjzTHmj.exe
  2⤵
  PID:6676
- C:\Windows\System\fwYbmVV.exe
  C:\Windows\System\fwYbmVV.exe
  2⤵
  PID:9504
- C:\Windows\System\ffifOUA.exe
  C:\Windows\System\ffifOUA.exe
  2⤵
  PID:9544
- C:\Windows\System\mUOHUPE.exe
  C:\Windows\System\mUOHUPE.exe
  2⤵
  PID:9616
- C:\Windows\System\viBugCH.exe
  C:\Windows\System\viBugCH.exe
  2⤵
  PID:9700
- C:\Windows\System\TlWGyRJ.exe
  C:\Windows\System\TlWGyRJ.exe
  2⤵
  PID:9768
- C:\Windows\System\GHFgmFh.exe
  C:\Windows\System\GHFgmFh.exe
  2⤵
  PID:9816
- C:\Windows\System\OHhMlhS.exe
  C:\Windows\System\OHhMlhS.exe
  2⤵
  PID:9904
- C:\Windows\System\zkcCaXi.exe
  C:\Windows\System\zkcCaXi.exe
  2⤵
  PID:9972
- C:\Windows\System\PCyHReG.exe
  C:\Windows\System\PCyHReG.exe
  2⤵
  PID:10032
- C:\Windows\System\hcjvomt.exe
  C:\Windows\System\hcjvomt.exe
  2⤵
  PID:10112
- C:\Windows\System\vgoRTfH.exe
  C:\Windows\System\vgoRTfH.exe
  2⤵
  PID:10148
- C:\Windows\System\qgWdbCw.exe
  C:\Windows\System\qgWdbCw.exe
  2⤵
  PID:10204
- C:\Windows\System\smiJRFm.exe
  C:\Windows\System\smiJRFm.exe
  2⤵
  PID:7912
- C:\Windows\System\JLtXzbR.exe
  C:\Windows\System\JLtXzbR.exe
  2⤵
  PID:9372
- C:\Windows\System\DyZhQqH.exe
  C:\Windows\System\DyZhQqH.exe
  2⤵
  PID:6776
- C:\Windows\System\szuWbKU.exe
  C:\Windows\System\szuWbKU.exe
  2⤵
  PID:9484
- C:\Windows\System\ymVDWyN.exe
  C:\Windows\System\ymVDWyN.exe
  2⤵
  PID:9652
- C:\Windows\System\fJMzjDM.exe
  C:\Windows\System\fJMzjDM.exe
  2⤵
  PID:9792
- C:\Windows\System\itxasui.exe
  C:\Windows\System\itxasui.exe
  2⤵
  PID:9960
- C:\Windows\System\GPAlapH.exe
  C:\Windows\System\GPAlapH.exe
  2⤵
  PID:10120
- C:\Windows\System\LiEHWHT.exe
  C:\Windows\System\LiEHWHT.exe
  2⤵
  PID:7936
- C:\Windows\System\gUsywul.exe
  C:\Windows\System\gUsywul.exe
  2⤵
  PID:6660
- C:\Windows\System\eOSqqdg.exe
  C:\Windows\System\eOSqqdg.exe
  2⤵
  PID:9736
- C:\Windows\System\pqwyxDB.exe
  C:\Windows\System\pqwyxDB.exe
  2⤵
  PID:10084
- C:\Windows\System\PlWNTnY.exe
  C:\Windows\System\PlWNTnY.exe
  2⤵
  PID:9472
- C:\Windows\System\kWtmHEX.exe
  C:\Windows\System\kWtmHEX.exe
  2⤵
  PID:10196
- C:\Windows\System\RPJDNuA.exe
  C:\Windows\System\RPJDNuA.exe
  2⤵
  PID:7096
- C:\Windows\System\aElxuya.exe
  C:\Windows\System\aElxuya.exe
  2⤵
  PID:10260
- C:\Windows\System\FJOnbXh.exe
  C:\Windows\System\FJOnbXh.exe
  2⤵
  PID:10288
- C:\Windows\System\IqkDFGg.exe
  C:\Windows\System\IqkDFGg.exe
  2⤵
  PID:10324
- C:\Windows\System\eHArVnP.exe
  C:\Windows\System\eHArVnP.exe
  2⤵
  PID:10344
- C:\Windows\System\tDoIrtU.exe
  C:\Windows\System\tDoIrtU.exe
  2⤵
  PID:10372
- C:\Windows\System\EFaPYDg.exe
  C:\Windows\System\EFaPYDg.exe
  2⤵
  PID:10400
- C:\Windows\System\VSQkoOh.exe
  C:\Windows\System\VSQkoOh.exe
  2⤵
  PID:10436
- C:\Windows\System\JhtJtXp.exe
  C:\Windows\System\JhtJtXp.exe
  2⤵
  PID:10464
- C:\Windows\System\aUVPupp.exe
  C:\Windows\System\aUVPupp.exe
  2⤵
  PID:10484
- C:\Windows\System\FOViQdd.exe
  C:\Windows\System\FOViQdd.exe
  2⤵
  PID:10516
- C:\Windows\System\jyQhHnz.exe
  C:\Windows\System\jyQhHnz.exe
  2⤵
  PID:10540
- C:\Windows\System\pyjSvuy.exe
  C:\Windows\System\pyjSvuy.exe
  2⤵
  PID:10568
- C:\Windows\System\qleUSHW.exe
  C:\Windows\System\qleUSHW.exe
  2⤵
  PID:10596
- C:\Windows\System\rwKpmoT.exe
  C:\Windows\System\rwKpmoT.exe
  2⤵
  PID:10624
- C:\Windows\System\qHakQWX.exe
  C:\Windows\System\qHakQWX.exe
  2⤵
  PID:10652
- C:\Windows\System\oavXAkj.exe
  C:\Windows\System\oavXAkj.exe
  2⤵
  PID:10680
- C:\Windows\System\GgnLkFr.exe
  C:\Windows\System\GgnLkFr.exe
  2⤵
  PID:10712
- C:\Windows\System\OTiywaS.exe
  C:\Windows\System\OTiywaS.exe
  2⤵
  PID:10744
- C:\Windows\System\XSdqbVS.exe
  C:\Windows\System\XSdqbVS.exe
  2⤵
  PID:10768
- C:\Windows\System\hejdnqT.exe
  C:\Windows\System\hejdnqT.exe
  2⤵
  PID:10796
- C:\Windows\System\NqZkuNH.exe
  C:\Windows\System\NqZkuNH.exe
  2⤵
  PID:10824
- C:\Windows\System\lBvCUUh.exe
  C:\Windows\System\lBvCUUh.exe
  2⤵
  PID:10856
- C:\Windows\System\qQOQtuh.exe
  C:\Windows\System\qQOQtuh.exe
  2⤵
  PID:10880
- C:\Windows\System\mDGnVVC.exe
  C:\Windows\System\mDGnVVC.exe
  2⤵
  PID:10908
- C:\Windows\System\Vvztmvs.exe
  C:\Windows\System\Vvztmvs.exe
  2⤵
  PID:10944
- C:\Windows\System\AbXyWwn.exe
  C:\Windows\System\AbXyWwn.exe
  2⤵
  PID:10964
- C:\Windows\System\UUnjTqo.exe
  C:\Windows\System\UUnjTqo.exe
  2⤵
  PID:10992
- C:\Windows\System\npwkfno.exe
  C:\Windows\System\npwkfno.exe
  2⤵
  PID:11032
- C:\Windows\System\sXjicxi.exe
  C:\Windows\System\sXjicxi.exe
  2⤵
  PID:11060
- C:\Windows\System\oRFCiEo.exe
  C:\Windows\System\oRFCiEo.exe
  2⤵
  PID:11076
- C:\Windows\System\QxyHomf.exe
  C:\Windows\System\QxyHomf.exe
  2⤵
  PID:11112
- C:\Windows\System\hxPkbZf.exe
  C:\Windows\System\hxPkbZf.exe
  2⤵
  PID:11132
- C:\Windows\System\iupdWYF.exe
  C:\Windows\System\iupdWYF.exe
  2⤵
  PID:11160
- C:\Windows\System\CdORTsU.exe
  C:\Windows\System\CdORTsU.exe
  2⤵
  PID:11200
- C:\Windows\System\JjznCgN.exe
  C:\Windows\System\JjznCgN.exe
  2⤵
  PID:11216
- C:\Windows\System\pZqxjDI.exe
  C:\Windows\System\pZqxjDI.exe
  2⤵
  PID:11248
- C:\Windows\System\cLvJgaP.exe
  C:\Windows\System\cLvJgaP.exe
  2⤵
  PID:10256
- C:\Windows\System\ywmpsKC.exe
  C:\Windows\System\ywmpsKC.exe
  2⤵
  PID:10332
- C:\Windows\System\EYBsRRd.exe
  C:\Windows\System\EYBsRRd.exe
  2⤵
  PID:10384
- C:\Windows\System\NnTgJXS.exe
  C:\Windows\System\NnTgJXS.exe
  2⤵
  PID:10452
- C:\Windows\System\alXnhVX.exe
  C:\Windows\System\alXnhVX.exe
  2⤵
  PID:10496
- C:\Windows\System\qkAYZJd.exe
  C:\Windows\System\qkAYZJd.exe
  2⤵
  PID:2788
- C:\Windows\System\WHKAeJW.exe
  C:\Windows\System\WHKAeJW.exe
  2⤵
  PID:10616
- C:\Windows\System\XovsfcN.exe
  C:\Windows\System\XovsfcN.exe
  2⤵
  PID:10700
- C:\Windows\System\evrTdnZ.exe
  C:\Windows\System\evrTdnZ.exe
  2⤵
  PID:10760
- C:\Windows\System\CcACpiU.exe
  C:\Windows\System\CcACpiU.exe
  2⤵
  PID:10816
- C:\Windows\System\PMvUZDP.exe
  C:\Windows\System\PMvUZDP.exe
  2⤵
  PID:10876
- C:\Windows\System\yeoiyrJ.exe
  C:\Windows\System\yeoiyrJ.exe
  2⤵
  PID:10952
- C:\Windows\System\gsMaUbX.exe
  C:\Windows\System\gsMaUbX.exe
  2⤵
  PID:11028
- C:\Windows\System\kjeWnNi.exe
  C:\Windows\System\kjeWnNi.exe
  2⤵
  PID:11072
- C:\Windows\System\GtnSkCD.exe
  C:\Windows\System\GtnSkCD.exe
  2⤵
  PID:11152
- C:\Windows\System\HokQjkm.exe
  C:\Windows\System\HokQjkm.exe
  2⤵
  PID:3744
- C:\Windows\System\IbIMElW.exe
  C:\Windows\System\IbIMElW.exe
  2⤵
  PID:11228
- C:\Windows\System\fVqNtAq.exe
  C:\Windows\System\fVqNtAq.exe
  2⤵
  PID:10284
- C:\Windows\System\gMYmDxU.exe
  C:\Windows\System\gMYmDxU.exe
  2⤵
  PID:10444
- C:\Windows\System\RTLzOAm.exe
  C:\Windows\System\RTLzOAm.exe
  2⤵
  PID:9428
- C:\Windows\System\ItTaupv.exe
  C:\Windows\System\ItTaupv.exe
  2⤵
  PID:10672
- C:\Windows\System\tfHoGoF.exe
  C:\Windows\System\tfHoGoF.exe
  2⤵
  PID:10808
- C:\Windows\System\cQXwHdh.exe
  C:\Windows\System\cQXwHdh.exe
  2⤵
  PID:10976
- C:\Windows\System\ndOQQZt.exe
  C:\Windows\System\ndOQQZt.exe
  2⤵
  PID:11100
- C:\Windows\System\aqulWvk.exe
  C:\Windows\System\aqulWvk.exe
  2⤵
  PID:4364
- C:\Windows\System\VzFwuVi.exe
  C:\Windows\System\VzFwuVi.exe
  2⤵
  PID:1316
- C:\Windows\System\SHqNwBn.exe
  C:\Windows\System\SHqNwBn.exe
  2⤵
  PID:10592
- C:\Windows\System\DoJSVjK.exe
  C:\Windows\System\DoJSVjK.exe
  2⤵
  PID:10928
- C:\Windows\System\reDjzee.exe
  C:\Windows\System\reDjzee.exe
  2⤵
  PID:11172
- C:\Windows\System\xylMWtG.exe
  C:\Windows\System\xylMWtG.exe
  2⤵
  PID:10736
- C:\Windows\System\hfXiujQ.exe
  C:\Windows\System\hfXiujQ.exe
  2⤵
  PID:10524
- C:\Windows\System\SbrbJpJ.exe
  C:\Windows\System\SbrbJpJ.exe
  2⤵
  PID:4860
- C:\Windows\System\UaipBdj.exe
  C:\Windows\System\UaipBdj.exe
  2⤵
  PID:11292
- C:\Windows\System\clvSYoa.exe
  C:\Windows\System\clvSYoa.exe
  2⤵
  PID:11324
- C:\Windows\System\VVcgHjt.exe
  C:\Windows\System\VVcgHjt.exe
  2⤵
  PID:11348
- C:\Windows\System\exnACRx.exe
  C:\Windows\System\exnACRx.exe
  2⤵
  PID:11376
- C:\Windows\System\IJxGvKo.exe
  C:\Windows\System\IJxGvKo.exe
  2⤵
  PID:11412
- C:\Windows\System\InOjZxZ.exe
  C:\Windows\System\InOjZxZ.exe
  2⤵
  PID:11436
- C:\Windows\System\qIIRpCM.exe
  C:\Windows\System\qIIRpCM.exe
  2⤵
  PID:11460
- C:\Windows\System\GxnFdkk.exe
  C:\Windows\System\GxnFdkk.exe
  2⤵
  PID:11488
- C:\Windows\System\QJafZdf.exe
  C:\Windows\System\QJafZdf.exe
  2⤵
  PID:11516
- C:\Windows\System\CgmOKaM.exe
  C:\Windows\System\CgmOKaM.exe
  2⤵
  PID:11544
- C:\Windows\System\EjebMpy.exe
  C:\Windows\System\EjebMpy.exe
  2⤵
  PID:11572
- C:\Windows\System\cvisZUs.exe
  C:\Windows\System\cvisZUs.exe
  2⤵
  PID:11608
- C:\Windows\System\UMoAorL.exe
  C:\Windows\System\UMoAorL.exe
  2⤵
  PID:11628
- C:\Windows\System\omPxSFL.exe
  C:\Windows\System\omPxSFL.exe
  2⤵
  PID:11656
- C:\Windows\System\yMbzviu.exe
  C:\Windows\System\yMbzviu.exe
  2⤵
  PID:11688
- C:\Windows\System\rYSplJo.exe
  C:\Windows\System\rYSplJo.exe
  2⤵
  PID:11712
- C:\Windows\System\JxuTRIu.exe
  C:\Windows\System\JxuTRIu.exe
  2⤵
  PID:11740
- C:\Windows\System\jdAcReW.exe
  C:\Windows\System\jdAcReW.exe
  2⤵
  PID:11772
- C:\Windows\System\rdUidYD.exe
  C:\Windows\System\rdUidYD.exe
  2⤵
  PID:11808
- C:\Windows\System\gGxyKIU.exe
  C:\Windows\System\gGxyKIU.exe
  2⤵
  PID:11832
- C:\Windows\System\ekAUmXb.exe
  C:\Windows\System\ekAUmXb.exe
  2⤵
  PID:11852
- C:\Windows\System\OTUWWWA.exe
  C:\Windows\System\OTUWWWA.exe
  2⤵
  PID:11888
- C:\Windows\System\VPJsbFw.exe
  C:\Windows\System\VPJsbFw.exe
  2⤵
  PID:11924
- C:\Windows\System\DuiRyKU.exe
  C:\Windows\System\DuiRyKU.exe
  2⤵
  PID:11944
- C:\Windows\System\gAuKYbb.exe
  C:\Windows\System\gAuKYbb.exe
  2⤵
  PID:11988
- C:\Windows\System\depQSBm.exe
  C:\Windows\System\depQSBm.exe
  2⤵
  PID:12004
- C:\Windows\System\iBGzjkf.exe
  C:\Windows\System\iBGzjkf.exe
  2⤵
  PID:12036
- C:\Windows\System\HIWzoyV.exe
  C:\Windows\System\HIWzoyV.exe
  2⤵
  PID:12072
- C:\Windows\System\VsTPByW.exe
  C:\Windows\System\VsTPByW.exe
  2⤵
  PID:12092
- C:\Windows\System\AMxItNP.exe
  C:\Windows\System\AMxItNP.exe
  2⤵
  PID:12120
- C:\Windows\System\MlvcqXT.exe
  C:\Windows\System\MlvcqXT.exe
  2⤵
  PID:12172
- C:\Windows\System\eQhiBBG.exe
  C:\Windows\System\eQhiBBG.exe
  2⤵
  PID:12200
- C:\Windows\System\wowWvSq.exe
  C:\Windows\System\wowWvSq.exe
  2⤵
  PID:12232
- C:\Windows\System\joLxtwo.exe
  C:\Windows\System\joLxtwo.exe
  2⤵
  PID:12260
- C:\Windows\System\ghrXLyf.exe
  C:\Windows\System\ghrXLyf.exe
  2⤵
  PID:1684
- C:\Windows\System\VEFhZng.exe
  C:\Windows\System\VEFhZng.exe
  2⤵
  PID:11368
- C:\Windows\System\oAaUqFE.exe
  C:\Windows\System\oAaUqFE.exe
  2⤵
  PID:11424
- C:\Windows\System\dYzhYaB.exe
  C:\Windows\System\dYzhYaB.exe
  2⤵
  PID:11484
- C:\Windows\System\lspouQm.exe
  C:\Windows\System\lspouQm.exe
  2⤵
  PID:11528
- C:\Windows\System\CxtFZeS.exe
  C:\Windows\System\CxtFZeS.exe
  2⤵
  PID:11592
- C:\Windows\System\WXLPCXw.exe
  C:\Windows\System\WXLPCXw.exe
  2⤵
  PID:11652
- C:\Windows\System\YrPSlcs.exe
  C:\Windows\System\YrPSlcs.exe
  2⤵
  PID:11708
- C:\Windows\System\XwCDnrb.exe
  C:\Windows\System\XwCDnrb.exe
  2⤵
  PID:2308
- C:\Windows\System\WTxFFju.exe
  C:\Windows\System\WTxFFju.exe
  2⤵
  PID:3660
- C:\Windows\System\wYJnKWv.exe
  C:\Windows\System\wYJnKWv.exe
  2⤵
  PID:11860
- C:\Windows\System\gjZWAaJ.exe
  C:\Windows\System\gjZWAaJ.exe
  2⤵
  PID:2568
- C:\Windows\System\sJyRfxw.exe
  C:\Windows\System\sJyRfxw.exe
  2⤵
  PID:11940
- C:\Windows\System\PqaFzAo.exe
  C:\Windows\System\PqaFzAo.exe
  2⤵
  PID:11980
- C:\Windows\System\spUaJoZ.exe
  C:\Windows\System\spUaJoZ.exe
  2⤵
  PID:12064
- C:\Windows\System\BUOIxMP.exe
  C:\Windows\System\BUOIxMP.exe
  2⤵
  PID:12100
- C:\Windows\System\ZDkbfCA.exe
  C:\Windows\System\ZDkbfCA.exe
  2⤵
  PID:3932
- C:\Windows\System\hsvfyea.exe
  C:\Windows\System\hsvfyea.exe
  2⤵
  PID:12192
- C:\Windows\System\kAFcuoF.exe
  C:\Windows\System\kAFcuoF.exe
  2⤵
  PID:1624
- C:\Windows\System\ULPIkOp.exe
  C:\Windows\System\ULPIkOp.exe
  2⤵
  PID:1832
- C:\Windows\System\JalRrnU.exe
  C:\Windows\System\JalRrnU.exe
  2⤵
  PID:12180
- C:\Windows\System\DxCgzjI.exe
  C:\Windows\System\DxCgzjI.exe
  2⤵
  PID:11388
- C:\Windows\System\QRWTWXO.exe
  C:\Windows\System\QRWTWXO.exe
  2⤵
  PID:11508
- C:\Windows\System\pFvNZVH.exe
  C:\Windows\System\pFvNZVH.exe
  2⤵
  PID:11676
- C:\Windows\System\ikOtewo.exe
  C:\Windows\System\ikOtewo.exe
  2⤵
  PID:11784
- C:\Windows\System\yKbtThE.exe
  C:\Windows\System\yKbtThE.exe
  2⤵
  PID:11760
- C:\Windows\System\rLxNFhs.exe
  C:\Windows\System\rLxNFhs.exe
  2⤵
  PID:11984
- C:\Windows\System\hZAonEP.exe
  C:\Windows\System\hZAonEP.exe
  2⤵
  PID:12112
- C:\Windows\System\PSngysD.exe
  C:\Windows\System\PSngysD.exe
  2⤵
  PID:1360
- C:\Windows\System\xGDxhkr.exe
  C:\Windows\System\xGDxhkr.exe
  2⤵
  PID:3520
- C:\Windows\System\ETWilhG.exe
  C:\Windows\System\ETWilhG.exe
  2⤵
  PID:12128
- C:\Windows\System\HhoLEMV.exe
  C:\Windows\System\HhoLEMV.exe
  2⤵
  PID:11456
- C:\Windows\System\ABoJOKG.exe
  C:\Windows\System\ABoJOKG.exe
  2⤵
  PID:4152
- C:\Windows\System\kfKGpnB.exe
  C:\Windows\System\kfKGpnB.exe
  2⤵
  PID:12056
- C:\Windows\System\hWpmsls.exe
  C:\Windows\System\hWpmsls.exe
  2⤵
  PID:4352
- C:\Windows\System\wrYYViZ.exe
  C:\Windows\System\wrYYViZ.exe
  2⤵
  PID:11444
- C:\Windows\System\eJhBhqQ.exe
  C:\Windows\System\eJhBhqQ.exe
  2⤵
  PID:3656
- C:\Windows\System\AozozhU.exe
  C:\Windows\System\AozozhU.exe
  2⤵
  PID:11340
- C:\Windows\System\ubToNXv.exe
  C:\Windows\System\ubToNXv.exe
  2⤵
  PID:12296
- C:\Windows\System\vAqJPrX.exe
  C:\Windows\System\vAqJPrX.exe
  2⤵
  PID:12324
- C:\Windows\System\mzJiYBn.exe
  C:\Windows\System\mzJiYBn.exe
  2⤵
  PID:12352
- C:\Windows\System\MWuLlQN.exe
  C:\Windows\System\MWuLlQN.exe
  2⤵
  PID:12380
- C:\Windows\System\upNmIog.exe
  C:\Windows\System\upNmIog.exe
  2⤵
  PID:12408
- C:\Windows\System\mbjiCAU.exe
  C:\Windows\System\mbjiCAU.exe
  2⤵
  PID:12436
- C:\Windows\System\qJYHFLl.exe
  C:\Windows\System\qJYHFLl.exe
  2⤵
  PID:12472
- C:\Windows\System\fnQvrLW.exe
  C:\Windows\System\fnQvrLW.exe
  2⤵
  PID:12492
- C:\Windows\System\GTQoHzr.exe
  C:\Windows\System\GTQoHzr.exe
  2⤵
  PID:12528
- C:\Windows\System\jIEkjfN.exe
  C:\Windows\System\jIEkjfN.exe
  2⤵
  PID:12548
- C:\Windows\System\WrZWZTX.exe
  C:\Windows\System\WrZWZTX.exe
  2⤵
  PID:12576
- C:\Windows\System\CcJMKsN.exe
  C:\Windows\System\CcJMKsN.exe
  2⤵
  PID:12608
- C:\Windows\System\CVIVPxI.exe
  C:\Windows\System\CVIVPxI.exe
  2⤵
  PID:12636
- C:\Windows\System\pWvyevl.exe
  C:\Windows\System\pWvyevl.exe
  2⤵
  PID:12664
- C:\Windows\System\ugdpJjH.exe
  C:\Windows\System\ugdpJjH.exe
  2⤵
  PID:12692
- C:\Windows\System\jEQrNjG.exe
  C:\Windows\System\jEQrNjG.exe
  2⤵
  PID:12720
- C:\Windows\System\gcSSIdD.exe
  C:\Windows\System\gcSSIdD.exe
  2⤵
  PID:12748
- C:\Windows\System\lqhjiJd.exe
  C:\Windows\System\lqhjiJd.exe
  2⤵
  PID:12776
- C:\Windows\System\oaGocMW.exe
  C:\Windows\System\oaGocMW.exe
  2⤵
  PID:12804
- C:\Windows\System\TCntMbb.exe
  C:\Windows\System\TCntMbb.exe
  2⤵
  PID:12832
- C:\Windows\System\qdMSSJp.exe
  C:\Windows\System\qdMSSJp.exe
  2⤵
  PID:12860
- C:\Windows\System\CsWhKCS.exe
  C:\Windows\System\CsWhKCS.exe
  2⤵
  PID:12888
- C:\Windows\System\AFsEFiQ.exe
  C:\Windows\System\AFsEFiQ.exe
  2⤵
  PID:12916
- C:\Windows\System\KQslXqt.exe
  C:\Windows\System\KQslXqt.exe
  2⤵
  PID:12944
- C:\Windows\System\McWekNF.exe
  C:\Windows\System\McWekNF.exe
  2⤵
  PID:12972
- C:\Windows\System\PgwqQQw.exe
  C:\Windows\System\PgwqQQw.exe
  2⤵
  PID:13000
- C:\Windows\System\GzAiTEY.exe
  C:\Windows\System\GzAiTEY.exe
  2⤵
  PID:13028
- C:\Windows\System\hLNRffB.exe
  C:\Windows\System\hLNRffB.exe
  2⤵
  PID:13056
- C:\Windows\System\YPfrsTT.exe
  C:\Windows\System\YPfrsTT.exe
  2⤵
  PID:13084
- C:\Windows\System\FXgNJCw.exe
  C:\Windows\System\FXgNJCw.exe
  2⤵
  PID:13112
- C:\Windows\System\GPlDzzO.exe
  C:\Windows\System\GPlDzzO.exe
  2⤵
  PID:13140
- C:\Windows\System\IOjPTlx.exe
  C:\Windows\System\IOjPTlx.exe
  2⤵
  PID:13168
- C:\Windows\System\jShDWPS.exe
  C:\Windows\System\jShDWPS.exe
  2⤵
  PID:13196
- C:\Windows\System\sFloqsZ.exe
  C:\Windows\System\sFloqsZ.exe
  2⤵
  PID:13240
- C:\Windows\System\qMVfpFN.exe
  C:\Windows\System\qMVfpFN.exe
  2⤵
  PID:13260
- C:\Windows\System\yFYYyPG.exe
  C:\Windows\System\yFYYyPG.exe
  2⤵
  PID:13284
- C:\Windows\System\OVhyVEp.exe
  C:\Windows\System\OVhyVEp.exe
  2⤵
  PID:11752
- C:\Windows\System\sFZtPPU.exe
  C:\Windows\System\sFZtPPU.exe
  2⤵
  PID:12348
- C:\Windows\System\OWHSBIR.exe
  C:\Windows\System\OWHSBIR.exe
  2⤵
  PID:7076
- C:\Windows\System\glAjYKz.exe
  C:\Windows\System\glAjYKz.exe
  2⤵
  PID:12448
- C:\Windows\System\CCBXAOy.exe
  C:\Windows\System\CCBXAOy.exe
  2⤵
  PID:12512
- C:\Windows\System\rLpwZGf.exe
  C:\Windows\System\rLpwZGf.exe
  2⤵
  PID:12568
- C:\Windows\System\gHctvYL.exe
  C:\Windows\System\gHctvYL.exe
  2⤵
  PID:12628
- C:\Windows\System\NbIfdwZ.exe
  C:\Windows\System\NbIfdwZ.exe
  2⤵
  PID:12704
- C:\Windows\System\brvDgZZ.exe
  C:\Windows\System\brvDgZZ.exe
  2⤵
  PID:12760
- C:\Windows\System\PYwPoju.exe
  C:\Windows\System\PYwPoju.exe
  2⤵
  PID:12824
- C:\Windows\System\zKPgrhX.exe
  C:\Windows\System\zKPgrhX.exe
  2⤵
  PID:12884
- C:\Windows\System\igiYPXB.exe
  C:\Windows\System\igiYPXB.exe
  2⤵
  PID:12956
- C:\Windows\System\vVDIhoI.exe
  C:\Windows\System\vVDIhoI.exe
  2⤵
  PID:13020
- C:\Windows\System\AkFCSYB.exe
  C:\Windows\System\AkFCSYB.exe
  2⤵
  PID:13076
- C:\Windows\System\cJaLMGj.exe
  C:\Windows\System\cJaLMGj.exe
  2⤵
  PID:13132
- C:\Windows\System\OfiaHOC.exe
  C:\Windows\System\OfiaHOC.exe
  2⤵
  PID:5912
- C:\Windows\System\tJCFvSM.exe
  C:\Windows\System\tJCFvSM.exe
  2⤵
  PID:13252
- C:\Windows\System\BvGnLbs.exe
  C:\Windows\System\BvGnLbs.exe
  2⤵
  PID:12316
- C:\Windows\System\xXKGERV.exe
  C:\Windows\System\xXKGERV.exe
  2⤵
  PID:12420
- C:\Windows\System\SitkFeo.exe
  C:\Windows\System\SitkFeo.exe
  2⤵
  PID:12488
- C:\Windows\System\EmkCwct.exe
  C:\Windows\System\EmkCwct.exe
  2⤵
  PID:12632
- C:\Windows\System\olBUplS.exe
  C:\Windows\System\olBUplS.exe
  2⤵
  PID:12816
- C:\Windows\System\GQDjqbJ.exe
  C:\Windows\System\GQDjqbJ.exe
  2⤵
  PID:12940
- C:\Windows\System\DQHoPtU.exe
  C:\Windows\System\DQHoPtU.exe
  2⤵
  PID:13104
- C:\Windows\System\ZDBInzC.exe
  C:\Windows\System\ZDBInzC.exe
  2⤵
  PID:13236
- C:\Windows\System\ttYQfLk.exe
  C:\Windows\System\ttYQfLk.exe
  2⤵
  PID:11620
- C:\Windows\System\LrBTgJM.exe
  C:\Windows\System\LrBTgJM.exe
  2⤵
  PID:12620
- C:\Windows\System\ycGFqLt.exe
  C:\Windows\System\ycGFqLt.exe
  2⤵
  PID:13012
- C:\Windows\System\RDNVtqb.exe
  C:\Windows\System\RDNVtqb.exe
  2⤵
  PID:13308
- C:\Windows\System\TpStEKL.exe
  C:\Windows\System\TpStEKL.exe
  2⤵
  PID:12936
- C:\Windows\System\yTDDscJ.exe
  C:\Windows\System\yTDDscJ.exe
  2⤵
  PID:13280
- C:\Windows\System\VzIpzYm.exe
  C:\Windows\System\VzIpzYm.exe
  2⤵
  PID:13336
- C:\Windows\System\VlxqcSX.exe
  C:\Windows\System\VlxqcSX.exe
  2⤵
  PID:13364
- C:\Windows\System\BKcXNjY.exe
  C:\Windows\System\BKcXNjY.exe
  2⤵
  PID:13392
- C:\Windows\System\XcVeWQn.exe
  C:\Windows\System\XcVeWQn.exe
  2⤵
  PID:13420
- C:\Windows\System\mxCJmie.exe
  C:\Windows\System\mxCJmie.exe
  2⤵
  PID:13448
- C:\Windows\System\sCIhYaR.exe
  C:\Windows\System\sCIhYaR.exe
  2⤵
  PID:13476
- C:\Windows\System\yDndeix.exe
  C:\Windows\System\yDndeix.exe
  2⤵
  PID:13508
- C:\Windows\System\VlDOShQ.exe
  C:\Windows\System\VlDOShQ.exe
  2⤵
  PID:13536
- C:\Windows\System\osYtccW.exe
  C:\Windows\System\osYtccW.exe
  2⤵
  PID:13568
- C:\Windows\System\QqfOoNC.exe
  C:\Windows\System\QqfOoNC.exe
  2⤵
  PID:13608
- C:\Windows\System\hGXowll.exe
  C:\Windows\System\hGXowll.exe
  2⤵
  PID:13636
- C:\Windows\System\gDrYJaC.exe
  C:\Windows\System\gDrYJaC.exe
  2⤵
  PID:13668
- C:\Windows\System\NRBKNem.exe
  C:\Windows\System\NRBKNem.exe
  2⤵
  PID:13704
- C:\Windows\System\ZxoJWvf.exe
  C:\Windows\System\ZxoJWvf.exe
  2⤵
  PID:13736
- C:\Windows\System\vfBPWaa.exe
  C:\Windows\System\vfBPWaa.exe
  2⤵
  PID:13764
- C:\Windows\System\DPFiQWJ.exe
  C:\Windows\System\DPFiQWJ.exe
  2⤵
  PID:13816
- C:\Windows\System\baNWidh.exe
  C:\Windows\System\baNWidh.exe
  2⤵
  PID:13848
- C:\Windows\System\dfqLyAN.exe
  C:\Windows\System\dfqLyAN.exe
  2⤵
  PID:13868
- C:\Windows\System\OywiuXg.exe
  C:\Windows\System\OywiuXg.exe
  2⤵
  PID:13920
- C:\Windows\System\BgsrrxI.exe
  C:\Windows\System\BgsrrxI.exe
  2⤵
  PID:13956
- C:\Windows\System\pjbgSFq.exe
  C:\Windows\System\pjbgSFq.exe
  2⤵
  PID:13984
- C:\Windows\System\JazeYFz.exe
  C:\Windows\System\JazeYFz.exe
  2⤵
  PID:14008
- C:\Windows\System\hcklnnG.exe
  C:\Windows\System\hcklnnG.exe
  2⤵
  PID:14032
- C:\Windows\System\PFxPvEp.exe
  C:\Windows\System\PFxPvEp.exe
  2⤵
  PID:14068
- C:\Windows\System\OlDPEvj.exe
  C:\Windows\System\OlDPEvj.exe
  2⤵
  PID:14096
- C:\Windows\System\UapDvMI.exe
  C:\Windows\System\UapDvMI.exe
  2⤵
  PID:14128
- C:\Windows\System\agLQwDn.exe
  C:\Windows\System\agLQwDn.exe
  2⤵
  PID:14156
- C:\Windows\System\rowFgna.exe
  C:\Windows\System\rowFgna.exe
  2⤵
  PID:14184
- C:\Windows\System\RgsznfN.exe
  C:\Windows\System\RgsznfN.exe
  2⤵
  PID:14212
- C:\Windows\System\cLQpVTz.exe
  C:\Windows\System\cLQpVTz.exe
  2⤵
  PID:14240
- C:\Windows\System\PUmyAeR.exe
  C:\Windows\System\PUmyAeR.exe
  2⤵
  PID:14268
- C:\Windows\System\rAzJQsA.exe
  C:\Windows\System\rAzJQsA.exe
  2⤵
  PID:14296
- C:\Windows\System\PRFeKkL.exe
  C:\Windows\System\PRFeKkL.exe
  2⤵
  PID:14324
- C:\Windows\System\rayWozl.exe
  C:\Windows\System\rayWozl.exe
  2⤵
  PID:13356
- C:\Windows\System\BhTUVMe.exe
  C:\Windows\System\BhTUVMe.exe
  2⤵
  PID:13416
- C:\Windows\System\pOqbxLx.exe
  C:\Windows\System\pOqbxLx.exe
  2⤵
  PID:13488
- C:\Windows\System\ckKdhaT.exe
  C:\Windows\System\ckKdhaT.exe
  2⤵
  PID:13532
- C:\Windows\System\sYjYKdc.exe
  C:\Windows\System\sYjYKdc.exe
  2⤵
  PID:13580
- C:\Windows\System\HbFKyqk.exe
  C:\Windows\System\HbFKyqk.exe
  2⤵
  PID:1532
- C:\Windows\System\dzfEVNf.exe
  C:\Windows\System\dzfEVNf.exe
  2⤵
  PID:13660
- C:\Windows\System\yXvxvuc.exe
  C:\Windows\System\yXvxvuc.exe
  2⤵
  PID:3276
- C:\Windows\System\dOcvdAS.exe
  C:\Windows\System\dOcvdAS.exe
  2⤵
  PID:4440
- C:\Windows\System\jPLVTNK.exe
  C:\Windows\System\jPLVTNK.exe
  2⤵
  PID:13784
- C:\Windows\System\BcwTdMu.exe
  C:\Windows\System\BcwTdMu.exe
  2⤵
  PID:13716
- C:\Windows\System\PDJuYdc.exe
  C:\Windows\System\PDJuYdc.exe
  2⤵
  PID:13864
- C:\Windows\System\acidGQe.exe
  C:\Windows\System\acidGQe.exe
  2⤵
  PID:13888
- C:\Windows\System\eDmhLMA.exe
  C:\Windows\System\eDmhLMA.exe
  2⤵
  PID:3024
- C:\Windows\System\lmdRTtY.exe
  C:\Windows\System\lmdRTtY.exe
  2⤵
  PID:2460
- C:\Windows\System\eabrfHD.exe
  C:\Windows\System\eabrfHD.exe
  2⤵
  PID:3476
- C:\Windows\System\aTrfOlV.exe
  C:\Windows\System\aTrfOlV.exe
  2⤵
  PID:1864
- C:\Windows\System\HGtxSmw.exe
  C:\Windows\System\HGtxSmw.exe
  2⤵
  PID:1696
- C:\Windows\System\wvuutqM.exe
  C:\Windows\System\wvuutqM.exe
  2⤵
  PID:13812
- C:\Windows\System\KdgMLex.exe
  C:\Windows\System\KdgMLex.exe
  2⤵
  PID:5280
- C:\Windows\System\FjLptlv.exe
  C:\Windows\System\FjLptlv.exe
  2⤵
  PID:14064
- C:\Windows\System\zBdHqNw.exe
  C:\Windows\System\zBdHqNw.exe
  2⤵
  PID:13804
- C:\Windows\System\CQavWmF.exe
  C:\Windows\System\CQavWmF.exe
  2⤵
  PID:5732
- C:\Windows\System\GmpMvjL.exe
  C:\Windows\System\GmpMvjL.exe
  2⤵
  PID:4048
- C:\Windows\System\AoUaebC.exe
  C:\Windows\System\AoUaebC.exe
  2⤵
  PID:14140
- C:\Windows\System\uZyfIUf.exe
  C:\Windows\System\uZyfIUf.exe
  2⤵
  PID:14196
- C:\Windows\System\gEeZKRw.exe
  C:\Windows\System\gEeZKRw.exe
  2⤵
  PID:14224
- C:\Windows\System\eLCnSgM.exe
  C:\Windows\System\eLCnSgM.exe
  2⤵
  PID:1536
- C:\Windows\System\QxtKjQD.exe
  C:\Windows\System\QxtKjQD.exe
  2⤵
  PID:4256
- C:\Windows\System\pKySmPZ.exe
  C:\Windows\System\pKySmPZ.exe
  2⤵
  PID:14320
- C:\Windows\System\FjapdNp.exe
  C:\Windows\System\FjapdNp.exe
  2⤵
  PID:2104
- C:\Windows\System\OLPvklm.exe
  C:\Windows\System\OLPvklm.exe
  2⤵
  PID:13520
- C:\Windows\System\IOJeynn.exe
  C:\Windows\System\IOJeynn.exe
  2⤵
  PID:13496
- C:\Windows\System\ZjOHCmI.exe
  C:\Windows\System\ZjOHCmI.exe
  2⤵
  PID:13628
- C:\Windows\System\kZlYCaG.exe
  C:\Windows\System\kZlYCaG.exe
  2⤵
  PID:1156
- C:\Windows\System\QsTMJDr.exe
  C:\Windows\System\QsTMJDr.exe
  2⤵
  PID:13656
- C:\Windows\System\CIOwLtW.exe
  C:\Windows\System\CIOwLtW.exe
  2⤵
  PID:13840
- C:\Windows\System\DfyzOkL.exe
  C:\Windows\System\DfyzOkL.exe
  2⤵
  PID:2096
- C:\Windows\System\lGckLpr.exe
  C:\Windows\System\lGckLpr.exe
  2⤵
  PID:232
- C:\Windows\System\DybVNBH.exe
  C:\Windows\System\DybVNBH.exe
  2⤵
  PID:13908
- C:\Windows\System\mPnduPS.exe
  C:\Windows\System\mPnduPS.exe
  2⤵
  PID:3272
- C:\Windows\System\tEBGcPZ.exe
  C:\Windows\System\tEBGcPZ.exe
  2⤵
  PID:13328
- C:\Windows\System\KgaWwMY.exe
  C:\Windows\System\KgaWwMY.exe
  2⤵
  PID:868
- C:\Windows\System\KGqvCkH.exe
  C:\Windows\System\KGqvCkH.exe
  2⤵
  PID:13932
- C:\Windows\System\nlHLfOS.exe
  C:\Windows\System\nlHLfOS.exe
  2⤵
  PID:3732
- C:\Windows\System\YsJgbiQ.exe
  C:\Windows\System\YsJgbiQ.exe
  2⤵
  PID:4856
- C:\Windows\System\qEFpWKn.exe
  C:\Windows\System\qEFpWKn.exe
  2⤵
  PID:14204
- C:\Windows\System\DAgiSOm.exe
  C:\Windows\System\DAgiSOm.exe
  2⤵
  PID:6656
- C:\Windows\System\MdTBAsn.exe
  C:\Windows\System\MdTBAsn.exe
  2⤵
  PID:14280
- C:\Windows\System\xngmgka.exe
  C:\Windows\System\xngmgka.exe
  2⤵
  PID:13384
- C:\Windows\System\mQoZfhQ.exe
  C:\Windows\System\mQoZfhQ.exe
  2⤵
  PID:13596
- C:\Windows\System\OPpheKN.exe
  C:\Windows\System\OPpheKN.exe
  2⤵
  PID:13664
- C:\Windows\System\OrdULuF.exe
  C:\Windows\System\OrdULuF.exe
  2⤵
  PID:13712
- C:\Windows\System\GhccScR.exe
  C:\Windows\System\GhccScR.exe
  2⤵
  PID:13860
- C:\Windows\System\fnWNwuh.exe
  C:\Windows\System\fnWNwuh.exe
  2⤵
  PID:3400
- C:\Windows\System\jEmNIXn.exe
  C:\Windows\System\jEmNIXn.exe
  2⤵
  PID:13976
- C:\Windows\System\lNmwynj.exe
  C:\Windows\System\lNmwynj.exe
  2⤵
  PID:14088
- C:\Windows\System\wPUDmMe.exe
  C:\Windows\System\wPUDmMe.exe
  2⤵
  PID:5060
- C:\Windows\System\wEDqOrx.exe
  C:\Windows\System\wEDqOrx.exe
  2⤵
  PID:3300
- C:\Windows\System\UFtzbva.exe
  C:\Windows\System\UFtzbva.exe
  2⤵
  PID:6636
- C:\Windows\System\avxPCAB.exe
  C:\Windows\System\avxPCAB.exe
  2⤵
  PID:14316
- C:\Windows\System\EzYGjyR.exe
  C:\Windows\System\EzYGjyR.exe
  2⤵
  PID:1844
- C:\Windows\System\TgaLUqJ.exe
  C:\Windows\System\TgaLUqJ.exe
  2⤵
  PID:1616
- C:\Windows\System\JwDvEcn.exe
  C:\Windows\System\JwDvEcn.exe
  2⤵
  PID:1668
- C:\Windows\System\vTxXjJm.exe
  C:\Windows\System\vTxXjJm.exe
  2⤵
  PID:1892
- C:\Windows\System\nHOduFc.exe
  C:\Windows\System\nHOduFc.exe
  2⤵
  PID:7028
- C:\Windows\System\AEefsrt.exe
  C:\Windows\System\AEefsrt.exe
  2⤵
  PID:3884
- C:\Windows\System\rmfBiFZ.exe
  C:\Windows\System\rmfBiFZ.exe
  2⤵
  PID:7124
- C:\Windows\System\GtgfXxN.exe
  C:\Windows\System\GtgfXxN.exe
  2⤵
  PID:1824
- C:\Windows\System\aWIcEsP.exe
  C:\Windows\System\aWIcEsP.exe
  2⤵
  PID:1116
- C:\Windows\System\hzapKIN.exe
  C:\Windows\System\hzapKIN.exe
  2⤵
  PID:3588
- C:\Windows\System\UmwfjQz.exe
  C:\Windows\System\UmwfjQz.exe
  2⤵
  PID:6956
- C:\Windows\System\KZRIoaF.exe
  C:\Windows\System\KZRIoaF.exe
  2⤵
  PID:1948
- C:\Windows\System\YhUGpjp.exe
  C:\Windows\System\YhUGpjp.exe
  2⤵
  PID:2076
- C:\Windows\System\YkiFRPs.exe
  C:\Windows\System\YkiFRPs.exe
  2⤵
  PID:6444
- C:\Windows\System\fTUJdKc.exe
  C:\Windows\System\fTUJdKc.exe
  2⤵
  PID:6504
- C:\Windows\System\eISgaIr.exe
  C:\Windows\System\eISgaIr.exe
  2⤵
  PID:6556
- C:\Windows\System\WBMFwTy.exe
  C:\Windows\System\WBMFwTy.exe
  2⤵
  PID:5240
- C:\Windows\System\NTEpbOy.exe
  C:\Windows\System\NTEpbOy.exe
  2⤵
  PID:6904
- C:\Windows\System\TfRzRRI.exe
  C:\Windows\System\TfRzRRI.exe
  2⤵
  PID:1608
- C:\Windows\System\epEFibo.exe
  C:\Windows\System\epEFibo.exe
  2⤵
  PID:5304
- C:\Windows\System\ZEmbjNo.exe
  C:\Windows\System\ZEmbjNo.exe
  2⤵
  PID:3908
- C:\Windows\System\EtDWxoC.exe
  C:\Windows\System\EtDWxoC.exe
  2⤵
  PID:4336
- C:\Windows\System\NNetAQh.exe
  C:\Windows\System\NNetAQh.exe
  2⤵
  PID:5372
- C:\Windows\System\LGMLiNB.exe
  C:\Windows\System\LGMLiNB.exe
  2⤵
  PID:13348
- C:\Windows\System\WCJXgLI.exe
  C:\Windows\System\WCJXgLI.exe
  2⤵
  PID:6888
- C:\Windows\System\tgJDfQT.exe
  C:\Windows\System\tgJDfQT.exe
  2⤵
  PID:5412
- C:\Windows\System\ROlfHKG.exe
  C:\Windows\System\ROlfHKG.exe
  2⤵
  PID:5196
- C:\Windows\System\RRDKxgf.exe
  C:\Windows\System\RRDKxgf.exe
  2⤵
  PID:1804
- C:\Windows\System\QrxdHpJ.exe
  C:\Windows\System\QrxdHpJ.exe
  2⤵
  PID:6152
- C:\Windows\System\CakGiBL.exe
  C:\Windows\System\CakGiBL.exe
  2⤵
  PID:6808
- C:\Windows\System\ofUmavM.exe
  C:\Windows\System\ofUmavM.exe
  2⤵
  PID:5544
- C:\Windows\System\UJvVYiu.exe
  C:\Windows\System\UJvVYiu.exe
  2⤵
  PID:1056
- C:\Windows\System\ySVxJLl.exe
  C:\Windows\System\ySVxJLl.exe
  2⤵
  PID:5588
- C:\Windows\System\urvUHQz.exe
  C:\Windows\System\urvUHQz.exe
  2⤵
  PID:5356
- C:\Windows\System\QkgXQlS.exe
  C:\Windows\System\QkgXQlS.exe
  2⤵
  PID:5560
- C:\Windows\System\BfRAANe.exe
  C:\Windows\System\BfRAANe.exe
  2⤵
  PID:7088
- C:\Windows\System\ZKKaSdg.exe
  C:\Windows\System\ZKKaSdg.exe
  2⤵
  PID:6236
- C:\Windows\System\WQyConM.exe
  C:\Windows\System\WQyConM.exe
  2⤵
  PID:5704
- C:\Windows\System\kHcFxTi.exe
  C:\Windows\System\kHcFxTi.exe
  2⤵
  PID:5672
- C:\Windows\System\FcFvBUT.exe
  C:\Windows\System\FcFvBUT.exe
  2⤵
  PID:5480
- C:\Windows\System\DWRqejf.exe
  C:\Windows\System\DWRqejf.exe
  2⤵
  PID:5720
- C:\Windows\System\BgkfiXc.exe
  C:\Windows\System\BgkfiXc.exe
  2⤵
  PID:7156
- C:\Windows\System\HqhIxJo.exe
  C:\Windows\System\HqhIxJo.exe
  2⤵
  PID:7164
- C:\Windows\System\dIpZxPI.exe
  C:\Windows\System\dIpZxPI.exe
  2⤵
  PID:1956
- C:\Windows\System\edFHrNU.exe
  C:\Windows\System\edFHrNU.exe
  2⤵
  PID:3584
- C:\Windows\System\yvfgqnm.exe
  C:\Windows\System\yvfgqnm.exe
  2⤵
  PID:7240
- C:\Windows\System\xILEPTC.exe
  C:\Windows\System\xILEPTC.exe
  2⤵
  PID:5876
- C:\Windows\System\pPFEGQF.exe
  C:\Windows\System\pPFEGQF.exe
  2⤵
  PID:7332
- C:\Windows\System\QsAfhUg.exe
  C:\Windows\System\QsAfhUg.exe
  2⤵
  PID:7380
- C:\Windows\System\HWnpcVy.exe
  C:\Windows\System\HWnpcVy.exe
  2⤵
  PID:5888
- C:\Windows\System\kQSSuwO.exe
  C:\Windows\System\kQSSuwO.exe
  2⤵
  PID:7452
- C:\Windows\System\MrLvGqH.exe
  C:\Windows\System\MrLvGqH.exe
  2⤵
  PID:7468
- C:\Windows\System\tJmxhiE.exe
  C:\Windows\System\tJmxhiE.exe
  2⤵
  PID:6008
- C:\Windows\System\UXDWusM.exe
  C:\Windows\System\UXDWusM.exe
  2⤵
  PID:7384
- C:\Windows\System\eDLPWRZ.exe
  C:\Windows\System\eDLPWRZ.exe
  2⤵
  PID:7596
- C:\Windows\System\QRgqhOT.exe
  C:\Windows\System\QRgqhOT.exe
  2⤵
  PID:6056
- C:\Windows\System\elkMWzu.exe
  C:\Windows\System\elkMWzu.exe
  2⤵
  PID:7652
- C:\Windows\System\VJbgVbS.exe
  C:\Windows\System\VJbgVbS.exe
  2⤵
  PID:7672
- C:\Windows\System\xuHizPk.exe
  C:\Windows\System\xuHizPk.exe
  2⤵
  PID:7692
- C:\Windows\System\KQnPyfj.exe
  C:\Windows\System\KQnPyfj.exe
  2⤵
  PID:6132
- C:\Windows\System\yUyEnVs.exe
  C:\Windows\System\yUyEnVs.exe
  2⤵
  PID:7780
- C:\Windows\System\jWpbcKY.exe
  C:\Windows\System\jWpbcKY.exe
  2⤵
  PID:7820
- C:\Windows\System\azuBXdu.exe
  C:\Windows\System\azuBXdu.exe
  2⤵
  PID:14344
- C:\Windows\System\ccjkqEe.exe
  C:\Windows\System\ccjkqEe.exe
  2⤵
  PID:14372
- C:\Windows\System\JhBrGFw.exe
  C:\Windows\System\JhBrGFw.exe
  2⤵
  PID:14400
- C:\Windows\System\eAvKcez.exe
  C:\Windows\System\eAvKcez.exe
  2⤵
  PID:14428
- C:\Windows\System\fMfPtVy.exe
  C:\Windows\System\fMfPtVy.exe
  2⤵
  PID:14456
- C:\Windows\System\OkRBrlx.exe
  C:\Windows\System\OkRBrlx.exe
  2⤵
  PID:14484
- C:\Windows\System\iLrGCeN.exe
  C:\Windows\System\iLrGCeN.exe
  2⤵
  PID:14512
- C:\Windows\System\sVceWrh.exe
  C:\Windows\System\sVceWrh.exe
  2⤵
  PID:14540
- C:\Windows\System\hFQWdJF.exe
  C:\Windows\System\hFQWdJF.exe
  2⤵
  PID:14572
- C:\Windows\System\iQKOGUZ.exe
  C:\Windows\System\iQKOGUZ.exe
  2⤵
  PID:14600
- C:\Windows\System\DSSMGAn.exe
  C:\Windows\System\DSSMGAn.exe
  2⤵
  PID:14628
- C:\Windows\System\wfcutxg.exe
  C:\Windows\System\wfcutxg.exe
  2⤵
  PID:14656
- C:\Windows\System\CzmESLd.exe
  C:\Windows\System\CzmESLd.exe
  2⤵
  PID:14684
- C:\Windows\System\xMqLbBp.exe
  C:\Windows\System\xMqLbBp.exe
  2⤵
  PID:14720
- C:\Windows\System\VdOfuxl.exe
  C:\Windows\System\VdOfuxl.exe
  2⤵
  PID:14740
- C:\Windows\System\DeSGouW.exe
  C:\Windows\System\DeSGouW.exe
  2⤵
  PID:14768
- C:\Windows\System\yaPZeEt.exe
  C:\Windows\System\yaPZeEt.exe
  2⤵
  PID:14800
- C:\Windows\System\zDwbJZM.exe
  C:\Windows\System\zDwbJZM.exe
  2⤵
  PID:14828
- C:\Windows\System\NUQKzss.exe
  C:\Windows\System\NUQKzss.exe
  2⤵
  PID:14856
- C:\Windows\System\bAzdHWC.exe
  C:\Windows\System\bAzdHWC.exe
  2⤵
  PID:14884
- C:\Windows\System\AWaShCN.exe
  C:\Windows\System\AWaShCN.exe
  2⤵
  PID:14912
- C:\Windows\System\sDAUreM.exe
  C:\Windows\System\sDAUreM.exe
  2⤵
  PID:14944
- C:\Windows\System\PYEHgxb.exe
  C:\Windows\System\PYEHgxb.exe
  2⤵
  PID:14968
- C:\Windows\System\EwntnyT.exe
  C:\Windows\System\EwntnyT.exe
  2⤵
  PID:14996
- C:\Windows\System\mBcwvoW.exe
  C:\Windows\System\mBcwvoW.exe
  2⤵
  PID:15024
- C:\Windows\System\trWdwdP.exe
  C:\Windows\System\trWdwdP.exe
  2⤵
  PID:15052
- C:\Windows\System\PXJoOLK.exe
  C:\Windows\System\PXJoOLK.exe
  2⤵
  PID:15080
- C:\Windows\System\GsjdtDn.exe
  C:\Windows\System\GsjdtDn.exe
  2⤵
  PID:15108
- C:\Windows\System\ORvmUwc.exe
  C:\Windows\System\ORvmUwc.exe
  2⤵
  PID:15136
- C:\Windows\System\lOOTpkC.exe
  C:\Windows\System\lOOTpkC.exe
  2⤵
  PID:15164
- C:\Windows\System\WHyaaaE.exe
  C:\Windows\System\WHyaaaE.exe
  2⤵
  PID:15192
- C:\Windows\System\VjNyZYm.exe
  C:\Windows\System\VjNyZYm.exe
  2⤵
  PID:15220
- C:\Windows\System\OSzXqMf.exe
  C:\Windows\System\OSzXqMf.exe
  2⤵
  PID:15248
- C:\Windows\System\JviPbVE.exe
  C:\Windows\System\JviPbVE.exe
  2⤵
  PID:15276
- C:\Windows\System\FXzcMMy.exe
  C:\Windows\System\FXzcMMy.exe
  2⤵
  PID:15304
- C:\Windows\System\KPVAWNy.exe
  C:\Windows\System\KPVAWNy.exe
  2⤵
  PID:15336
- C:\Windows\System\TwnXOKh.exe
  C:\Windows\System\TwnXOKh.exe
  2⤵
  PID:7844
- C:\Windows\System\hoYWeee.exe
  C:\Windows\System\hoYWeee.exe
  2⤵
  PID:14384
- C:\Windows\System\dPcJFlc.exe
  C:\Windows\System\dPcJFlc.exe
  2⤵
  PID:7924
- C:\Windows\System\YqBupFJ.exe
  C:\Windows\System\YqBupFJ.exe
  2⤵
  PID:7964
- C:\Windows\System\vGBSuwO.exe
  C:\Windows\System\vGBSuwO.exe
  2⤵
  PID:5328
- C:\Windows\System\EuOlBMk.exe
  C:\Windows\System\EuOlBMk.exe
  2⤵
  PID:14524
- C:\Windows\System\JqXaWIo.exe
  C:\Windows\System\JqXaWIo.exe
  2⤵
  PID:14552
- C:\Windows\System\zeUucvy.exe
  C:\Windows\System\zeUucvy.exe
  2⤵
  PID:14564
- C:\Windows\System\QIYSTpQ.exe
  C:\Windows\System\QIYSTpQ.exe
  2⤵
  PID:8092
- C:\Windows\System\EqgONCD.exe
  C:\Windows\System\EqgONCD.exe
  2⤵
  PID:14652
- C:\Windows\System\cEuadHf.exe
  C:\Windows\System\cEuadHf.exe
  2⤵
  PID:14696
- C:\Windows\System\ZAiIDuM.exe
  C:\Windows\System\ZAiIDuM.exe
  2⤵
  PID:14732
- C:\Windows\System\rmbnlhy.exe
  C:\Windows\System\rmbnlhy.exe
  2⤵
  PID:7228
- C:\Windows\System\wPTQMXc.exe
  C:\Windows\System\wPTQMXc.exe
  2⤵
  PID:14820
- C:\Windows\System\KvzUPRo.exe
  C:\Windows\System\KvzUPRo.exe
  2⤵
  PID:14936
- C:\Windows\System\DJdCcEg.exe
  C:\Windows\System\DJdCcEg.exe
  2⤵
  PID:14964
- C:\Windows\System\prHqHWs.exe
  C:\Windows\System\prHqHWs.exe
  2⤵
  PID:15016
- C:\Windows\System\FzdVruK.exe
  C:\Windows\System\FzdVruK.exe
  2⤵
  PID:752
- C:\Windows\System\aKYeQKf.exe
  C:\Windows\System\aKYeQKf.exe
  2⤵
  PID:15072
- C:\Windows\System\XdeYMhD.exe
  C:\Windows\System\XdeYMhD.exe
  2⤵
  PID:15120
- C:\Windows\System\LzsYdxW.exe
  C:\Windows\System\LzsYdxW.exe
  2⤵
  PID:8112
- C:\Windows\System\EAlllxw.exe
  C:\Windows\System\EAlllxw.exe
  2⤵
  PID:15216
- C:\Windows\System\zRpjVoj.exe
  C:\Windows\System\zRpjVoj.exe
  2⤵
  PID:3968
- C:\Windows\System\GjsvZyy.exe
  C:\Windows\System\GjsvZyy.exe
  2⤵
  PID:15268
- C:\Windows\System\PpUIMXi.exe
  C:\Windows\System\PpUIMXi.exe
  2⤵
  PID:15324
- C:\Windows\System\JhlGEET.exe
  C:\Windows\System\JhlGEET.exe
  2⤵
  PID:15352
- C:\Windows\System\hYglMgS.exe
  C:\Windows\System\hYglMgS.exe
  2⤵
  PID:8016
- C:\Windows\System\CXIehFu.exe
  C:\Windows\System\CXIehFu.exe
  2⤵
  PID:8096
- C:\Windows\System\vspTTFt.exe
  C:\Windows\System\vspTTFt.exe
  2⤵
  PID:8412
- C:\Windows\System\qyycpfm.exe
  C:\Windows\System\qyycpfm.exe
  2⤵
  PID:8168
- C:\Windows\System\DwEMSeC.exe
  C:\Windows\System\DwEMSeC.exe
  2⤵
  PID:8516
- C:\Windows\System\eOpUAcy.exe
  C:\Windows\System\eOpUAcy.exe
  2⤵
  PID:14852
- C:\Windows\System\lCkzQTU.exe
  C:\Windows\System\lCkzQTU.exe
  2⤵
  PID:5620
- C:\Windows\System\yAqoudV.exe
  C:\Windows\System\yAqoudV.exe
  2⤵
  PID:5936
- C:\Windows\System\kWhWwPf.exe
  C:\Windows\System\kWhWwPf.exe
  2⤵
  PID:7716
- C:\Windows\System\irjQgNn.exe
  C:\Windows\System\irjQgNn.exe
  2⤵
  PID:7768
- C:\Windows\System\BFPeGWI.exe
  C:\Windows\System\BFPeGWI.exe
  2⤵
  PID:8144
- C:\Windows\System\yvusugx.exe
  C:\Windows\System\yvusugx.exe
  2⤵
  PID:15260
- C:\Windows\System\PpRXiBS.exe
  C:\Windows\System\PpRXiBS.exe
  2⤵
  PID:8908
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 8908 -s 248
    3⤵
    PID:5364
- C:\Windows\System\qXdxXLH.exe
  C:\Windows\System\qXdxXLH.exe
  2⤵
  PID:7976
- C:\Windows\System\mpgbxYc.exe
  C:\Windows\System\mpgbxYc.exe
  2⤵
  PID:9000
- C:\Windows\System\qltjiTj.exe
  C:\Windows\System\qltjiTj.exe
  2⤵
  PID:14532
- C:\Windows\System\XFLjQdF.exe
  C:\Windows\System\XFLjQdF.exe
  2⤵
  PID:14612
- C:\Windows\System\FbtQEZA.exe
  C:\Windows\System\FbtQEZA.exe
  2⤵
  PID:9164
- C:\Windows\System\obnmbZl.exe
  C:\Windows\System\obnmbZl.exe
  2⤵
  PID:8240
- C:\Windows\System\RllZbDD.exe
  C:\Windows\System\RllZbDD.exe
  2⤵
  PID:8304
- C:\Windows\System\miPzMww.exe
  C:\Windows\System\miPzMww.exe
  2⤵
  PID:7504
- C:\Windows\System\WxpOdJt.exe
  C:\Windows\System\WxpOdJt.exe
  2⤵
  PID:14924
- C:\Windows\System\ydmNUkL.exe
  C:\Windows\System\ydmNUkL.exe
  2⤵
  PID:5576
- C:\Windows\System\ocBiIcM.exe
  C:\Windows\System\ocBiIcM.exe
  2⤵
  PID:8672
- C:\Windows\System\rZWbRsG.exe
  C:\Windows\System\rZWbRsG.exe
  2⤵
  PID:8716
- C:\Windows\System\aiwddJG.exe
  C:\Windows\System\aiwddJG.exe
  2⤵
  PID:8772
- C:\Windows\System\vBgJHnv.exe
  C:\Windows\System\vBgJHnv.exe
  2⤵
  PID:5868
- C:\Windows\System\piYjpAx.exe
  C:\Windows\System\piYjpAx.exe
  2⤵
  PID:2720
- C:\Windows\System\trTbulg.exe
  C:\Windows\System\trTbulg.exe
  2⤵
  PID:7856
- C:\Windows\System\VhRLSTC.exe
  C:\Windows\System\VhRLSTC.exe
  2⤵
  PID:9048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AGSfRiq.exe

Filesize
6.0MB

MD5
33110760a048cf6b7f2322295bbca6ce

SHA1
c80e64fe5db1199c88c8e9612246ddb738a8b942

SHA256
d5034db6576b00a4bfb8d415cc67fcbccf305db484851b8027e39ea5afd66453

SHA512
689d81396eaa29b46be949fc668d9d2c2879558ed674a07670e73f1c3b74e98fd0997f0888dbfc648fbae6d90789c493af92b9704312b27c5409868c80214759

Download Submit
C:\Windows\System\BmfdPho.exe

Filesize
6.0MB

MD5
e5e7ac102cebaa88e3ecac98c4a54254

SHA1
7ef93c6b5ab764309945757dcfcf9283fc0a8011

SHA256
cafbc8110573fe9fa218c69e17a98d082b74bbcebf3de0a999dd73e8c6b978ce

SHA512
5735b93c85734ae3b1e05ce4a51dcb4432f0457858a5523cf708819ff52ebb05a2c6a943b6d480e2094eff43385e1cfd2598dbe68af58fbf5b168cbed3a475dd

Download Submit
C:\Windows\System\CUjUKdl.exe

Filesize
6.0MB

MD5
d5d6bd92d84d8c12cede06e446979a8c

SHA1
a0a765bf07c0535f2b33f0a53eee7aa466ddc708

SHA256
9cc83ba1b1d998067e794fab29aee31424b654fcdf917e0d73677532c7f85aef

SHA512
3ff82dd365f1b8663191191c952a256dab54279c1a3ac1ce938fb7d663b159c49b8d08e8068f9c9d1591161db723237dc0114c5417ea4cbe92fa2af5c9f7b703

Download Submit
C:\Windows\System\CaFArxD.exe

Filesize
6.0MB

MD5
ddb522bf200270c99852e3cd63bbb540

SHA1
63551190aff15edfbdfba8ea9f23fe2a72ea2519

SHA256
34c3c4c30c3ce4418b4a33828e03d0d8c6581deafcca4c3b1b472df14b58edb6

SHA512
ee77eff1fa2e8fef2a377df47cb8a359b3534acc3564d0cf672c4e50502099d67400db3541d7cbbff28e4b9746469c92919a02f621d623d45601d45c80e38fca

Download Submit
C:\Windows\System\EOBOKhV.exe

Filesize
6.0MB

MD5
ca21b4e657ab31de66413a6573e25804

SHA1
407121873e3987babf884445cf2b7d8d218e81bc

SHA256
c3d2cc8b32dc98175d6f6b6f482f09926af6e3600885809f1ef901e623c4e659

SHA512
8cdc6b73502820a86feb6ae4a0c101fa95981bffb7abdac521f55caeee01b4129898dc8b913adab6bf1d37051ca0bd5dbe00593532d9d40632ceb35c15410633

Download Submit
C:\Windows\System\FHXkoVl.exe

Filesize
6.0MB

MD5
2a02e6748b61f741f405a91a78cc404f

SHA1
4f066cc9caf8dc8eb796f8f152998360314d2e80

SHA256
24de80030d1c2fda1b006c0243caf2be01b543b5fa02fee2d253a7a82be81ece

SHA512
8089be619cc3f45bfc80be4701e87f6697b5687b905f322d83bde946d6e25425b54c2e09bcfcfd29022a2ff82fd9e84256d87b1532768a07b0abdcb1f5542fd8

Download Submit
C:\Windows\System\Jsoskat.exe

Filesize
6.0MB

MD5
958b763a2c961418e5f0da8cf1622a83

SHA1
6b1cbc3d54c3acac74eb4f8b7c1170a45001b8e1

SHA256
b66e7204f028a8f337467ec358c62ee696a6259665fb92fc9bebce94fde7f5f1

SHA512
881b12a10f30ae5697ee3d4a90bdacb631d680ec3104f14fc97bd7fb5390dba328f0065c7b3dc7c39d808da95d5a8eed23cb9f976113f7109933d1d7b851ce71

Download Submit
C:\Windows\System\NmZcrIA.exe

Filesize
6.0MB

MD5
42e0e3b2fd4c4750edbfae1d4f856510

SHA1
38213e27740c50f6ac830743710974db6ed57b86

SHA256
d7b78953899b7624c2ef7decb1cb519a6746c0c3c54ac212252c0fdd285515db

SHA512
eac6b04fa5ae79b84a2e8342b760d98b6be36c34d6e9063e3e5577a33c288488798615ae37b94b9170fc6427178e8ff151aa79a31cc9a679bc6bd0a6c3a4d45c

Download Submit
C:\Windows\System\UkGzSxJ.exe

Filesize
6.0MB

MD5
4909a528fb8066e6782ce000bf4e42a1

SHA1
8939885f2db9840740fdd818ee386e2a9667832a

SHA256
b9f879479858bfdd0ffdddab13277286ad85961d69267e123f1d646ec9e21855

SHA512
c18770bfa1071c423ecafaa25289ed2ca6f70e3374d9beeed5385868daf3f727878d4be33f184e1c59ca679f7c5ddd4e851f6f34d411d3548286c608d1905420

Download Submit
C:\Windows\System\WPAsBmT.exe

Filesize
6.0MB

MD5
aa4b07d12e033c9f4585b9e1628fbd6c

SHA1
9ea255e6acd33b62110ddcef2151da2012bba209

SHA256
f3cdc8462390792cba66d00345cf4d6951256613546322e67cbf0f0805a202b5

SHA512
ef20fa9b1406957ad109ed24919bb4661cff1d01629a6377e87bf54374db8a7449983978d5869253585bce0a38bcde985411429fd3cc6485036edb0648ca9a1e

Download Submit
C:\Windows\System\WpZKdOB.exe

Filesize
6.0MB

MD5
6be044cc807023f6682c2a29e2cb81a8

SHA1
c0ffbe168ac5c08312e0a429df12519c5385d49e

SHA256
1e5c27688b562e473a754749130b323b876d20bba7b0a6954c7e2157b040308c

SHA512
a3db656c58723bbf0e2e5f8944911c88d01086fabdbee3c45ecdd4d3537989b6e37a98cdcc9dafcadae28e201a51350c00eb0a6f12c04e5a1d346ee1403c9169

Download Submit
C:\Windows\System\Xyjinqm.exe

Filesize
6.0MB

MD5
00ccc55bd108cee7fcaacd617c44f4bc

SHA1
69b9920c888166bd31413eb4472f0b3c40ec21a3

SHA256
2bb9031969e25062585e27dca03e13592c95ba2dea5a0145761c52cd407b97a0

SHA512
3921ae8c66a9df0289f286a8165e4b53a46108ce1eaf190bfb9aed3eaf72ea56262c13e60b45f5fd21e5ebef8b69338aa0126a6d246fe42c928c9ded6aaf4a13

Download Submit
C:\Windows\System\ZamWubL.exe

Filesize
6.0MB

MD5
37090b0107e6422bb2ac3c1281246341

SHA1
7154ff2e74b6ade747779d5db1d3b856dd06be7d

SHA256
5632e9ab7508f69280c008ea77128f0e69c4235ded72f0b813d93698d8e2051c

SHA512
160be906a7a87a81428f664463c60f2cce9155698cce6d52505e3f49ccd836a9ec9c52e01a7d9e24b61aa3b66e405b9d53e0012d09a61fde6ac92cf7b549b0da

Download Submit
C:\Windows\System\ZsSKmDp.exe

Filesize
6.0MB

MD5
edc662e3f1ff8b00312b678f5d285b7d

SHA1
535757382e5a3289c1277acbc880778af8a9fc58

SHA256
89f8705bd3b60a2d41f5aef538a7161e23cdc40b344300de603b63f1141bb3a2

SHA512
96c85c4a7097a333958dc9f68a584c4bf7156c245401f090d83dcb5dde9ceb6ac3aefcaf5046aac7a06ed49d1d529ad4d6296bad2a3f6fae3d0a6d8f2b3a8a81

Download Submit
C:\Windows\System\bclNBIR.exe

Filesize
6.0MB

MD5
9edebc12d8f1439805bf003c59c65652

SHA1
e5171bff3b8e089fc7ac5da454da1873d5177565

SHA256
a73b379e08daa9499afe617e5ff3bf25a798293a540c74efaf528e7c0fa0e1c6

SHA512
1db7882f15d2b6411f5c99b52dffa0b873ffbd654063eb3f5dd086c86a9a4b3587467b7bf357f7bf3519cc63d3fcf8125f9b6603bfad9e87953ae9f6bc4013ee

Download Submit
C:\Windows\System\esbGZSj.exe

Filesize
6.0MB

MD5
61e526ee351e1fea180ed9dc3c7ab4d9

SHA1
daa08d5f81cbf3745b4f93a231965dcac0f76d20

SHA256
a29d0ffba6e0fc419300c48b6219206bef705499ce9d809f0844c246d4ef57a8

SHA512
f49284fcbc0722659f7287a79ca7b010a0efc0632268aedc56e45b2eab30d7c5689d6bff740f58278c442ab3931f212533eea26574bfd2146696f4428cc94675

Download Submit
C:\Windows\System\gDQbkxk.exe

Filesize
6.0MB

MD5
d4db53ea27538b10dd73a4d03a03f710

SHA1
fddb8d401fe05e744720ccf66b082a98f7dcb464

SHA256
87e5d64b2188808c1d30ceb57e90f66b9f5c18c2de6728366d99251eb7979708

SHA512
d62723adc8621f2ebac6754536d6078711798de14ecab9454f3fd87aa9ebb8a8b949b2977e1413512b78ac26029e6ace819fb967028659803f0d511ab7cedeb7

Download Submit
C:\Windows\System\gJvxTvu.exe

Filesize
6.0MB

MD5
49ac2742fcc39a99d96de8c30fa61931

SHA1
d467aee54cde30d5429faab04b0579e3d0f41f16

SHA256
c6d296a90fb08ec5b293769798e62eb51f951d8a1aaff421010b97853ce8ec58

SHA512
0881e7ebd7fed9afd9eea66cbd98b841de1a19bbd6881c33aec079bf1dd9fc2b439665ccc3efd7241c3e51c1a5ffe1ef5d4a96f2b35815910bee2efc4b1c6d3b

Download Submit
C:\Windows\System\gfhoKvn.exe

Filesize
6.0MB

MD5
11b4b476c53c22996776f18d4d18609e

SHA1
c3110edba1b1085222d50f2af7a040b4a2de772a

SHA256
efbf1fe568ef6ec887cc2061df13c9567733bbd8ac0d3a293c7d6617438c247b

SHA512
be29b3fef92a5034f0c314e6c609b215fc608e2e1be4a97fdd8838686331194aadbcb97170fbf41e360b95c454b389457deef747faf5ab1afd2cee9a0b88a23b

Download Submit
C:\Windows\System\jHtfShO.exe

Filesize
6.0MB

MD5
3321fbb2cba33c96390ea204ced517b1

SHA1
1e62b73e64c32703f0ff25ece7fe636de2e721cf

SHA256
2342079d83eaae39c089fd3418dddc18e103d84c31de63edd77ca921ba35d191

SHA512
d785f39fa4fe900fb918fb6f3836cefcce5114a044c565162cb4324b81867931ffaccdd35e610fea03d1ed27659b8d82bb8d9b2d707573e11c0a9678795855c3

Download Submit
C:\Windows\System\jrgXnQj.exe

Filesize
6.0MB

MD5
5b6fb93c6bbf9f127190669c0f1b6d87

SHA1
5f269bf6bbe38bb9e2f741d46068c62afbee1f28

SHA256
f0046dd99264bf9d1c12a1c963c9171338ebc618f65ba6290328b6507e7044b4

SHA512
ea421f3b885074e8456326eb747e2f4ca19c54b11c8f52d6197b85f9eb9191f9b5a6e0d42de58944caa362548809752c37f07d630f5c4e6fe2edcc025b1e89d9

Download Submit
C:\Windows\System\lNElTPR.exe

Filesize
6.0MB

MD5
9793d9ea4c07b98935f9f67f8629161b

SHA1
bd38dc8564f91e117148818f02114b467de5c258

SHA256
a44e416ca85bcfb4e66cc94cae891f8922b21c6f7715862b2ef5158de6995dd0

SHA512
821d9e8c2640d4ecf1b01455e1f5669a1329446ba049feabbf56ff136a29da6f00f131f8ae5f65780b5c5be3522c48e3b90eda378c3c736d2a59dc9f808f277c

Download Submit
C:\Windows\System\lpJLzRD.exe

Filesize
6.0MB

MD5
28ce85ac321028716c5bb74f95fd0ad9

SHA1
4fe6bae2090e659f763616a417ede0f8b611c1dd

SHA256
8a61a14db8f7cef24b101b1af2522d0fdd45a4541c73031d878d912bea6272d0

SHA512
c0967de5977b241c1494371e1105d3ceab81cb416c8098c1351447c55c90b27563d7d02bcf657ada567048f4fa738b924448af2333069ff653f97c4566d8a986

Download Submit
C:\Windows\System\mxTYSrO.exe

Filesize
6.0MB

MD5
3d68cbcbc3f0c9ca3029fddffc70d446

SHA1
010da40c3ce7c488cfc22520e2df28b5a803cdb0

SHA256
2fbea0a710658173f8a40d32ce54bbbb48c49ee1d0425e9d913dbf2ca1f43468

SHA512
7357fdfa7c1510435e41a7caabfbb62c9d08136f50628178b80cadf7be7ddb59a8ac34fb44ef937d9ea876298f13d79c8b474a8a08ac473cbf24157aca5a3773

Download Submit
C:\Windows\System\otvDVXP.exe

Filesize
6.0MB

MD5
f4cfeca9f9233b0fa607ba9831be3c5a

SHA1
ec52a33964e1681da8c11fe6f7d18e84460288d1

SHA256
14408eeb1d4b19ff6f2bd6f8c3a06c4a9b52aa02d2fb47be7f0b2b05a540d881

SHA512
c2f0c2773d96d6810bd4f3b31f9acd8b4110aca9df4d64a9e9620abd8d1bd21027fcdeb5314792efa60964d9bda858621acb9af17e5424210112e8fe9fcb018f

Download Submit
C:\Windows\System\ovaiJUQ.exe

Filesize
6.0MB

MD5
ed9702dada56932d91dacc4f8d981766

SHA1
85f8dfef473f8ab573abce67a5b7f9ed06ea53b9

SHA256
5d1d531c4006e885484b73ecb3029fd5115dfb8b1d8d78cf748c6bde08309cb8

SHA512
52808b2d8a88311ffcf3fe07176ae7a5de16da98676b195ec2ca262d38d2020c19a1e3db0529fac42fbda02cc50238de5e6b04c4634299a29041b3fdef439091

Download Submit
C:\Windows\System\pHCybIe.exe

Filesize
6.0MB

MD5
0885d19de1cb8f10b01375bb5fb33abf

SHA1
b7436ed9757e83ef6432565b42a5d99977c8d9ad

SHA256
62e13553f45bf7378d17c53a570316d5749ce8e179dbb148142273b7f1c506a4

SHA512
23f73576a3e0ed1ea57e3a6719498379cc7d7dbfa88016ca97d6a159827cb2bc65b9d96f694dcd65a9d549392a5c2a8c6ae50759f7adf3c60d7fb4f971cf269f

Download Submit
C:\Windows\System\tbbETmJ.exe

Filesize
6.0MB

MD5
01a7df6d603ed48dc8f4521665702bcb

SHA1
5de5f07520c19417a4da27dc65528b45f20e9e75

SHA256
b07d972fce47c158d29bba143bea3e0aaf624d8dbb47348d28eb8dcaa18aa508

SHA512
ede63d8fccc615f59fc4b603d6deb463ce9ce901b3c6622d7bcc94533b56156b8d2491e7836151b5553bd4eecb3d5ef803a7354fed4d13d583090e2357a84c89

Download Submit
C:\Windows\System\wznssNj.exe

Filesize
6.0MB

MD5
b9407685cc512b3c367cf23c74d7f424

SHA1
3f0a504c2fdc7aaf1167af281a438b9261f9c5c7

SHA256
91e8690013af6999d577bf8882a97580bdddbaf59867cc3928ab3db281681d14

SHA512
5853df07117dc5cb8f6b6886b774103b83cbb525b8db04cdb46a9cd5f8d556d61387e10fab0f8dc9d7fcaa7aecd074c73a11a8496d65cb8bd48a2385b04cc1ad

Download Submit
C:\Windows\System\xNBvHxy.exe

Filesize
6.0MB

MD5
5ccdfab37a4d9447bd83cbc4613d4092

SHA1
22ff560a8fb8fb74b730cc4ec5d816063f51f8ee

SHA256
c43c3a875a22463fbf7f79125d72d9a0f92ff3aae4a90df630122ba6e559e376

SHA512
cef4f254704b0d182481c954d793ef5ef10bec8c175c56f418c6c8d0ab7418103130b93413d3054da22128143ad484f808e898642eeb80484c93b9deb7b4a506

Download Submit
C:\Windows\System\yZqTXGl.exe

Filesize
6.0MB

MD5
b41e7c3a0883a48d26cdd6b0b546c42e

SHA1
26d7d4cfd10f9d3fff08a44ed47e4e8d7b8ade51

SHA256
4052ac91b421b641fa0d76d2d65d0367fb6ac9020b5afcc6068740d177fc389c

SHA512
e9c30f02ff86aea1f3e48591a84f787db0541e110432a6a5100d3720c4bb6ecdbc833ba7131fe5bb459e76b663cb1f41bbc4fb4754230964c9a0176d12c58f28

Download Submit
C:\Windows\System\zGSlJTN.exe

Filesize
6.0MB

MD5
06f1971deceba48c1b677b2b554c9b77

SHA1
b349a73114bd81cadbb699db7585b14826043316

SHA256
5f432e0667d39592ada1401557eca3f78670b674b03a0abd8933f0dae6c3d882

SHA512
23c5f39fe9eb7705431e6a76a76eaf20cafda055b053733e4dac7fc1a87afdec26372b5024ff99a28e2d8b54cb5c7a209671ee80c3ed251acd48b01fce437542

Download Submit
memory/544-1989-0x00007FF621BB0000-0x00007FF621F04000-memory.dmp

Filesize
3.3MB

Download
memory/544-83-0x00007FF621BB0000-0x00007FF621F04000-memory.dmp

Filesize
3.3MB

Download
memory/544-845-0x00007FF621BB0000-0x00007FF621F04000-memory.dmp

Filesize
3.3MB

Download
memory/648-2023-0x00007FF6F0660000-0x00007FF6F09B4000-memory.dmp

Filesize
3.3MB

Download
memory/648-332-0x00007FF6F0660000-0x00007FF6F09B4000-memory.dmp

Filesize
3.3MB

Download
memory/720-118-0x00007FF7EE060000-0x00007FF7EE3B4000-memory.dmp

Filesize
3.3MB

Download
memory/720-2005-0x00007FF7EE060000-0x00007FF7EE3B4000-memory.dmp

Filesize
3.3MB

Download
memory/728-894-0x00007FF69D0E0000-0x00007FF69D434000-memory.dmp

Filesize
3.3MB

Download
memory/728-1997-0x00007FF69D0E0000-0x00007FF69D434000-memory.dmp

Filesize
3.3MB

Download
memory/728-100-0x00007FF69D0E0000-0x00007FF69D434000-memory.dmp

Filesize
3.3MB

Download
memory/1032-55-0x00007FF7D4980000-0x00007FF7D4CD4000-memory.dmp

Filesize
3.3MB

Download
memory/1032-1627-0x00007FF7D4980000-0x00007FF7D4CD4000-memory.dmp

Filesize
3.3MB

Download
memory/1768-0-0x00007FF6D7550000-0x00007FF6D78A4000-memory.dmp

Filesize
3.3MB

Download
memory/1768-1-0x000001C541840000-0x000001C541850000-memory.dmp

Filesize
64KB

Download
memory/1768-67-0x00007FF6D7550000-0x00007FF6D78A4000-memory.dmp

Filesize
3.3MB

Download
memory/1848-105-0x00007FF68F5E0000-0x00007FF68F934000-memory.dmp

Filesize
3.3MB

Download
memory/1848-1609-0x00007FF68F5E0000-0x00007FF68F934000-memory.dmp

Filesize
3.3MB

Download
memory/1848-32-0x00007FF68F5E0000-0x00007FF68F934000-memory.dmp

Filesize
3.3MB

Download
memory/2192-2032-0x00007FF6E32A0000-0x00007FF6E35F4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-482-0x00007FF6E32A0000-0x00007FF6E35F4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-572-0x00007FF6D18A0000-0x00007FF6D1BF4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-2028-0x00007FF6D18A0000-0x00007FF6D1BF4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-1637-0x00007FF606C10000-0x00007FF606F64000-memory.dmp

Filesize
3.3MB

Download
memory/2260-578-0x00007FF606C10000-0x00007FF606F64000-memory.dmp

Filesize
3.3MB

Download
memory/2260-57-0x00007FF606C10000-0x00007FF606F64000-memory.dmp

Filesize
3.3MB

Download
memory/2444-16-0x00007FF6E9A30000-0x00007FF6E9D84000-memory.dmp

Filesize
3.3MB

Download
memory/2444-76-0x00007FF6E9A30000-0x00007FF6E9D84000-memory.dmp

Filesize
3.3MB

Download
memory/2444-1591-0x00007FF6E9A30000-0x00007FF6E9D84000-memory.dmp

Filesize
3.3MB

Download
memory/2868-1636-0x00007FF6799D0000-0x00007FF679D24000-memory.dmp

Filesize
3.3MB

Download
memory/2868-636-0x00007FF6799D0000-0x00007FF679D24000-memory.dmp

Filesize
3.3MB

Download
memory/2868-62-0x00007FF6799D0000-0x00007FF679D24000-memory.dmp

Filesize
3.3MB

Download
memory/2888-479-0x00007FF64B1E0000-0x00007FF64B534000-memory.dmp

Filesize
3.3MB

Download
memory/2888-2033-0x00007FF64B1E0000-0x00007FF64B534000-memory.dmp

Filesize
3.3MB

Download
memory/2984-1601-0x00007FF657520000-0x00007FF657874000-memory.dmp

Filesize
3.3MB

Download
memory/2984-22-0x00007FF657520000-0x00007FF657874000-memory.dmp

Filesize
3.3MB

Download
memory/2988-54-0x00007FF767BC0000-0x00007FF767F14000-memory.dmp

Filesize
3.3MB

Download
memory/2988-1633-0x00007FF767BC0000-0x00007FF767F14000-memory.dmp

Filesize
3.3MB

Download
memory/3124-1617-0x00007FF6117F0000-0x00007FF611B44000-memory.dmp

Filesize
3.3MB

Download
memory/3124-50-0x00007FF6117F0000-0x00007FF611B44000-memory.dmp

Filesize
3.3MB

Download
memory/3124-109-0x00007FF6117F0000-0x00007FF611B44000-memory.dmp

Filesize
3.3MB

Download
memory/3360-2034-0x00007FF7BBB70000-0x00007FF7BBEC4000-memory.dmp

Filesize
3.3MB

Download
memory/3360-489-0x00007FF7BBB70000-0x00007FF7BBEC4000-memory.dmp

Filesize
3.3MB

Download
memory/3392-1992-0x00007FF783BF0000-0x00007FF783F44000-memory.dmp

Filesize
3.3MB

Download
memory/3392-91-0x00007FF783BF0000-0x00007FF783F44000-memory.dmp

Filesize
3.3MB

Download
memory/3672-2002-0x00007FF7E5490000-0x00007FF7E57E4000-memory.dmp

Filesize
3.3MB

Download
memory/3672-114-0x00007FF7E5490000-0x00007FF7E57E4000-memory.dmp

Filesize
3.3MB

Download
memory/3860-546-0x00007FF71AC20000-0x00007FF71AF74000-memory.dmp

Filesize
3.3MB

Download
memory/3860-2029-0x00007FF71AC20000-0x00007FF71AF74000-memory.dmp

Filesize
3.3MB

Download
memory/3996-70-0x00007FF7FD1A0000-0x00007FF7FD4F4000-memory.dmp

Filesize
3.3MB

Download
memory/3996-684-0x00007FF7FD1A0000-0x00007FF7FD4F4000-memory.dmp

Filesize
3.3MB

Download
memory/3996-1978-0x00007FF7FD1A0000-0x00007FF7FD4F4000-memory.dmp

Filesize
3.3MB

Download
memory/4128-2013-0x00007FF65B5C0000-0x00007FF65B914000-memory.dmp

Filesize
3.3MB

Download
memory/4128-322-0x00007FF65B5C0000-0x00007FF65B914000-memory.dmp

Filesize
3.3MB

Download
memory/4280-730-0x00007FF6F20B0000-0x00007FF6F2404000-memory.dmp

Filesize
3.3MB

Download
memory/4280-1986-0x00007FF6F20B0000-0x00007FF6F2404000-memory.dmp

Filesize
3.3MB

Download
memory/4280-80-0x00007FF6F20B0000-0x00007FF6F2404000-memory.dmp

Filesize
3.3MB

Download
memory/4444-124-0x00007FF678650000-0x00007FF6789A4000-memory.dmp

Filesize
3.3MB

Download
memory/4444-2007-0x00007FF678650000-0x00007FF6789A4000-memory.dmp

Filesize
3.3MB

Download
memory/4444-1020-0x00007FF678650000-0x00007FF6789A4000-memory.dmp

Filesize
3.3MB

Download
memory/4736-328-0x00007FF72D290000-0x00007FF72D5E4000-memory.dmp

Filesize
3.3MB

Download
memory/4736-2018-0x00007FF72D290000-0x00007FF72D5E4000-memory.dmp

Filesize
3.3MB

Download
memory/4748-8-0x00007FF6E5BF0000-0x00007FF6E5F44000-memory.dmp

Filesize
3.3MB

Download
memory/4748-1584-0x00007FF6E5BF0000-0x00007FF6E5F44000-memory.dmp

Filesize
3.3MB

Download
memory/4748-73-0x00007FF6E5BF0000-0x00007FF6E5F44000-memory.dmp

Filesize
3.3MB

Download
memory/4788-329-0x00007FF64DA00000-0x00007FF64DD54000-memory.dmp

Filesize
3.3MB

Download
memory/4788-2016-0x00007FF64DA00000-0x00007FF64DD54000-memory.dmp

Filesize
3.3MB

Download
memory/4892-597-0x00007FF739780000-0x00007FF739AD4000-memory.dmp

Filesize
3.3MB

Download
memory/4892-2012-0x00007FF739780000-0x00007FF739AD4000-memory.dmp

Filesize
3.3MB

Download
memory/4944-1604-0x00007FF69E1B0000-0x00007FF69E504000-memory.dmp

Filesize
3.3MB

Download
memory/4944-26-0x00007FF69E1B0000-0x00007FF69E504000-memory.dmp

Filesize
3.3MB

Download
memory/5108-605-0x00007FF631280000-0x00007FF6315D4000-memory.dmp

Filesize
3.3MB

Download
memory/5108-2019-0x00007FF631280000-0x00007FF6315D4000-memory.dmp

Filesize
3.3MB

Download