cobaltstrike | f6a59db0ad5379d0ef7c8bb0e1ddf752d36affeb16ed740e61ce8563677e9d4c

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2024, 12:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

88da92025c1587c5c2e273eec8362f89
SHA1

57f7323c1e7d6ea0967572d3bef0aca9e89d1072
SHA256

f6a59db0ad5379d0ef7c8bb0e1ddf752d36affeb16ed740e61ce8563677e9d4c
SHA512

a8d3b0e45f3853cd868bc8d62e174973d072851423c89c4528467f0185644ae55dd39ff100cdd7342b91c7ebea4eae82e2c138825f9ee1cfd58542090da0c26a
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUQ:T+q56utgpPF8u/7Q

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000c000000023b44-4.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba8-10.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba7-11.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023baa-23.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba9-22.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bad-51.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bb0-67.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023baf-65.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bae-60.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bab-39.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bac-38.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bb1-70.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023ba4-77.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023bb3-82.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023bb4-99.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bbc-105.dat	cobalt_reflective_dll
behavioral2/files/0x000e000000023bc3-116.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023bd1-117.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023bd3-126.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bd9-141.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023bd2-149.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bde-156.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bdd-154.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bdc-152.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bcc-142.dat	cobalt_reflective_dll
behavioral2/files/0x000e000000023bd7-136.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bdf-170.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c0e-176.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c0f-181.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c10-193.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c11-195.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c12-199.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4400-0-0x00007FF65FEC0000-0x00007FF660214000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b44-4.dat	xmrig
behavioral2/files/0x000a000000023ba8-10.dat	xmrig
behavioral2/files/0x000a000000023ba7-11.dat	xmrig
behavioral2/files/0x000a000000023baa-23.dat	xmrig
behavioral2/files/0x000a000000023ba9-22.dat	xmrig
behavioral2/memory/4512-43-0x00007FF618870000-0x00007FF618BC4000-memory.dmp	xmrig
behavioral2/memory/4836-49-0x00007FF64DF20000-0x00007FF64E274000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bad-51.dat	xmrig
behavioral2/memory/5032-57-0x00007FF7FA0D0000-0x00007FF7FA424000-memory.dmp	xmrig
behavioral2/memory/2416-63-0x00007FF6C5500000-0x00007FF6C5854000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bb0-67.dat	xmrig
behavioral2/files/0x000a000000023baf-65.dat	xmrig
behavioral2/memory/4172-64-0x00007FF767800000-0x00007FF767B54000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bae-60.dat	xmrig
behavioral2/memory/2984-54-0x00007FF7DA7C0000-0x00007FF7DAB14000-memory.dmp	xmrig
behavioral2/memory/2896-50-0x00007FF758170000-0x00007FF7584C4000-memory.dmp	xmrig
behavioral2/memory/4036-47-0x00007FF700270000-0x00007FF7005C4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bab-39.dat	xmrig
behavioral2/files/0x000a000000023bac-38.dat	xmrig
behavioral2/memory/4212-29-0x00007FF640B10000-0x00007FF640E64000-memory.dmp	xmrig
behavioral2/memory/4868-27-0x00007FF7AEBB0000-0x00007FF7AEF04000-memory.dmp	xmrig
behavioral2/memory/4508-8-0x00007FF7821F0000-0x00007FF782544000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bb1-70.dat	xmrig
behavioral2/files/0x000b000000023ba4-77.dat	xmrig
behavioral2/memory/244-78-0x00007FF6DD320000-0x00007FF6DD674000-memory.dmp	xmrig
behavioral2/memory/4116-74-0x00007FF7C2DA0000-0x00007FF7C30F4000-memory.dmp	xmrig
behavioral2/files/0x000b000000023bb3-82.dat	xmrig
behavioral2/memory/1332-88-0x00007FF786D40000-0x00007FF787094000-memory.dmp	xmrig
behavioral2/memory/4512-92-0x00007FF618870000-0x00007FF618BC4000-memory.dmp	xmrig
behavioral2/files/0x000b000000023bb4-99.dat	xmrig
behavioral2/memory/5032-102-0x00007FF7FA0D0000-0x00007FF7FA424000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bbc-105.dat	xmrig
behavioral2/files/0x000e000000023bc3-116.dat	xmrig
behavioral2/files/0x0009000000023bd1-117.dat	xmrig
behavioral2/files/0x0009000000023bd3-126.dat	xmrig
behavioral2/files/0x0008000000023bd9-141.dat	xmrig
behavioral2/files/0x0009000000023bd2-149.dat	xmrig
behavioral2/memory/2120-158-0x00007FF762C90000-0x00007FF762FE4000-memory.dmp	xmrig
behavioral2/memory/4804-160-0x00007FF76E980000-0x00007FF76ECD4000-memory.dmp	xmrig
behavioral2/memory/2788-163-0x00007FF7192D0000-0x00007FF719624000-memory.dmp	xmrig
behavioral2/memory/4172-164-0x00007FF767800000-0x00007FF767B54000-memory.dmp	xmrig
behavioral2/memory/1404-162-0x00007FF6D54C0000-0x00007FF6D5814000-memory.dmp	xmrig
behavioral2/memory/5036-161-0x00007FF6B12A0000-0x00007FF6B15F4000-memory.dmp	xmrig
behavioral2/memory/2684-159-0x00007FF6FFBB0000-0x00007FF6FFF04000-memory.dmp	xmrig
behavioral2/files/0x0008000000023bde-156.dat	xmrig
behavioral2/files/0x0008000000023bdd-154.dat	xmrig
behavioral2/files/0x0008000000023bdc-152.dat	xmrig
behavioral2/memory/4736-151-0x00007FF618710000-0x00007FF618A64000-memory.dmp	xmrig
behavioral2/files/0x0008000000023bcc-142.dat	xmrig
behavioral2/memory/3104-140-0x00007FF71B960000-0x00007FF71BCB4000-memory.dmp	xmrig
behavioral2/files/0x000e000000023bd7-136.dat	xmrig
behavioral2/memory/2428-122-0x00007FF6CD130000-0x00007FF6CD484000-memory.dmp	xmrig
behavioral2/memory/1636-124-0x00007FF604630000-0x00007FF604984000-memory.dmp	xmrig
behavioral2/memory/2416-115-0x00007FF6C5500000-0x00007FF6C5854000-memory.dmp	xmrig
behavioral2/memory/764-100-0x00007FF660540000-0x00007FF660894000-memory.dmp	xmrig
behavioral2/memory/4212-98-0x00007FF640B10000-0x00007FF640E64000-memory.dmp	xmrig
behavioral2/memory/5012-97-0x00007FF794DD0000-0x00007FF795124000-memory.dmp	xmrig
behavioral2/memory/4836-96-0x00007FF64DF20000-0x00007FF64E274000-memory.dmp	xmrig
behavioral2/memory/4868-91-0x00007FF7AEBB0000-0x00007FF7AEF04000-memory.dmp	xmrig
behavioral2/memory/4400-86-0x00007FF65FEC0000-0x00007FF660214000-memory.dmp	xmrig
behavioral2/memory/4116-169-0x00007FF7C2DA0000-0x00007FF7C30F4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023bdf-170.dat	xmrig
behavioral2/files/0x0008000000023c0e-176.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4508	LFdxktW.exe
4868	MGbAgrd.exe
2896	juPsYbL.exe
4212	AhypUpO.exe
4512	affNvRe.exe
2984	KMyVGFT.exe
4036	GjZfyId.exe
4836	yZuCGcb.exe
5032	sxKZNFs.exe
2416	cvyrOyQ.exe
4172	mcbgbIN.exe
4116	GfOnfML.exe
244	seGjUah.exe
1332	qwofevH.exe
5012	mmGtwkx.exe
764	cSpflgL.exe
2428	YqpTImK.exe
4736	flJrpkW.exe
2120	IkrLqVh.exe
1636	ahCnRhI.exe
2684	LSJbhIO.exe
3104	enWDVGG.exe
2788	yaRZkSh.exe
4804	AEWiVhl.exe
5036	dKPAHmP.exe
1404	JGHpsjH.exe
1760	SSHykIU.exe
4124	PuaEiQN.exe
3608	LlDsUTd.exe
4408	oEENkJx.exe
2704	RIeySVW.exe
3216	VlWBIxm.exe
3388	xobrdmu.exe
4760	rGfpCCE.exe
2772	fIuwfAJ.exe
1620	gyveOWV.exe
4440	ICfROHe.exe
2884	iQUEAOp.exe
636	THtWgYe.exe
1632	IIqGEiu.exe
3004	qiKIxTb.exe
2636	GJxdavz.exe
2876	OagNdFv.exe
2396	wmdJOaR.exe
4176	IUJuuDm.exe
2912	MXuxFuz.exe
5044	lyGsPnV.exe
2240	jFJwbBM.exe
436	RUuyeAl.exe
2768	zzQEkqY.exe
1832	LISYLyS.exe
2092	PvrihtT.exe
1424	xyZOSMX.exe
4044	KQbNdpM.exe
1028	ZZNnOnR.exe
4828	IcxNvzX.exe
3772	XzGFOsK.exe
1156	ekVctHO.exe
2004	hYsBLTp.exe
3452	ObgNrqq.exe
1436	Zphfygt.exe
1872	HggobGK.exe
704	nwEmLdh.exe
2964	IqRhHQP.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4400-0-0x00007FF65FEC0000-0x00007FF660214000-memory.dmp	upx
behavioral2/files/0x000c000000023b44-4.dat	upx
behavioral2/files/0x000a000000023ba8-10.dat	upx
behavioral2/files/0x000a000000023ba7-11.dat	upx
behavioral2/files/0x000a000000023baa-23.dat	upx
behavioral2/files/0x000a000000023ba9-22.dat	upx
behavioral2/memory/4512-43-0x00007FF618870000-0x00007FF618BC4000-memory.dmp	upx
behavioral2/memory/4836-49-0x00007FF64DF20000-0x00007FF64E274000-memory.dmp	upx
behavioral2/files/0x000a000000023bad-51.dat	upx
behavioral2/memory/5032-57-0x00007FF7FA0D0000-0x00007FF7FA424000-memory.dmp	upx
behavioral2/memory/2416-63-0x00007FF6C5500000-0x00007FF6C5854000-memory.dmp	upx
behavioral2/files/0x000a000000023bb0-67.dat	upx
behavioral2/files/0x000a000000023baf-65.dat	upx
behavioral2/memory/4172-64-0x00007FF767800000-0x00007FF767B54000-memory.dmp	upx
behavioral2/files/0x000a000000023bae-60.dat	upx
behavioral2/memory/2984-54-0x00007FF7DA7C0000-0x00007FF7DAB14000-memory.dmp	upx
behavioral2/memory/2896-50-0x00007FF758170000-0x00007FF7584C4000-memory.dmp	upx
behavioral2/memory/4036-47-0x00007FF700270000-0x00007FF7005C4000-memory.dmp	upx
behavioral2/files/0x000a000000023bab-39.dat	upx
behavioral2/files/0x000a000000023bac-38.dat	upx
behavioral2/memory/4212-29-0x00007FF640B10000-0x00007FF640E64000-memory.dmp	upx
behavioral2/memory/4868-27-0x00007FF7AEBB0000-0x00007FF7AEF04000-memory.dmp	upx
behavioral2/memory/4508-8-0x00007FF7821F0000-0x00007FF782544000-memory.dmp	upx
behavioral2/files/0x000a000000023bb1-70.dat	upx
behavioral2/files/0x000b000000023ba4-77.dat	upx
behavioral2/memory/244-78-0x00007FF6DD320000-0x00007FF6DD674000-memory.dmp	upx
behavioral2/memory/4116-74-0x00007FF7C2DA0000-0x00007FF7C30F4000-memory.dmp	upx
behavioral2/files/0x000b000000023bb3-82.dat	upx
behavioral2/memory/1332-88-0x00007FF786D40000-0x00007FF787094000-memory.dmp	upx
behavioral2/memory/4512-92-0x00007FF618870000-0x00007FF618BC4000-memory.dmp	upx
behavioral2/files/0x000b000000023bb4-99.dat	upx
behavioral2/memory/5032-102-0x00007FF7FA0D0000-0x00007FF7FA424000-memory.dmp	upx
behavioral2/files/0x000a000000023bbc-105.dat	upx
behavioral2/files/0x000e000000023bc3-116.dat	upx
behavioral2/files/0x0009000000023bd1-117.dat	upx
behavioral2/files/0x0009000000023bd3-126.dat	upx
behavioral2/files/0x0008000000023bd9-141.dat	upx
behavioral2/files/0x0009000000023bd2-149.dat	upx
behavioral2/memory/2120-158-0x00007FF762C90000-0x00007FF762FE4000-memory.dmp	upx
behavioral2/memory/4804-160-0x00007FF76E980000-0x00007FF76ECD4000-memory.dmp	upx
behavioral2/memory/2788-163-0x00007FF7192D0000-0x00007FF719624000-memory.dmp	upx
behavioral2/memory/4172-164-0x00007FF767800000-0x00007FF767B54000-memory.dmp	upx
behavioral2/memory/1404-162-0x00007FF6D54C0000-0x00007FF6D5814000-memory.dmp	upx
behavioral2/memory/5036-161-0x00007FF6B12A0000-0x00007FF6B15F4000-memory.dmp	upx
behavioral2/memory/2684-159-0x00007FF6FFBB0000-0x00007FF6FFF04000-memory.dmp	upx
behavioral2/files/0x0008000000023bde-156.dat	upx
behavioral2/files/0x0008000000023bdd-154.dat	upx
behavioral2/files/0x0008000000023bdc-152.dat	upx
behavioral2/memory/4736-151-0x00007FF618710000-0x00007FF618A64000-memory.dmp	upx
behavioral2/files/0x0008000000023bcc-142.dat	upx
behavioral2/memory/3104-140-0x00007FF71B960000-0x00007FF71BCB4000-memory.dmp	upx
behavioral2/files/0x000e000000023bd7-136.dat	upx
behavioral2/memory/2428-122-0x00007FF6CD130000-0x00007FF6CD484000-memory.dmp	upx
behavioral2/memory/1636-124-0x00007FF604630000-0x00007FF604984000-memory.dmp	upx
behavioral2/memory/2416-115-0x00007FF6C5500000-0x00007FF6C5854000-memory.dmp	upx
behavioral2/memory/764-100-0x00007FF660540000-0x00007FF660894000-memory.dmp	upx
behavioral2/memory/4212-98-0x00007FF640B10000-0x00007FF640E64000-memory.dmp	upx
behavioral2/memory/5012-97-0x00007FF794DD0000-0x00007FF795124000-memory.dmp	upx
behavioral2/memory/4836-96-0x00007FF64DF20000-0x00007FF64E274000-memory.dmp	upx
behavioral2/memory/4868-91-0x00007FF7AEBB0000-0x00007FF7AEF04000-memory.dmp	upx
behavioral2/memory/4400-86-0x00007FF65FEC0000-0x00007FF660214000-memory.dmp	upx
behavioral2/memory/4116-169-0x00007FF7C2DA0000-0x00007FF7C30F4000-memory.dmp	upx
behavioral2/files/0x0008000000023bdf-170.dat	upx
behavioral2/files/0x0008000000023c0e-176.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JGHpsjH.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nkQtdXO.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rvjOcwX.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YhsgcBk.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xNCNDPU.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KWSQpfT.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rPrAQmi.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PUXcTyF.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WUdLwrY.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sZemIks.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QjOAKwh.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RqVZOdp.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AzhEfYN.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dzESKJS.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vDVVRvP.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hYsBLTp.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YTbQYgE.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ykHILGM.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LRGjevq.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZWNLMxG.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JUehTpZ.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ApDeNpt.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zkGEnBv.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xyZOSMX.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ekVctHO.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ObgNrqq.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZEfUZOR.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LKPGbVS.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CIeorLP.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bxyDCdr.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RSTNhEx.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UjvJOeW.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fIuwfAJ.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fsXWVut.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VohDBCd.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jORqdJV.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cehfDNq.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HHIthmH.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fwOnmYp.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZomWTQF.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OcLJCpu.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rasEGXS.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\deSNJJA.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kLZkPIz.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zSYEquS.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ePDiejm.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GUOtLuI.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mMExlFF.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kLTklGJ.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iOfdYAS.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zzQEkqY.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DeGdDNy.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zCtNMlW.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QVblHMM.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GWQrqNO.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NSBJnij.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cewibAD.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dASYAED.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jFJwbBM.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zfxQmGi.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\adrYpre.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rbrsUWw.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AvcuUry.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zCMEKwK.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4400 wrote to memory of 4508	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 4400 wrote to memory of 4508	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 4400 wrote to memory of 4868	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 4400 wrote to memory of 4868	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 4400 wrote to memory of 2896	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4400 wrote to memory of 2896	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4400 wrote to memory of 4212	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4400 wrote to memory of 4212	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4400 wrote to memory of 4512	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4400 wrote to memory of 4512	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4400 wrote to memory of 4036	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4400 wrote to memory of 4036	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4400 wrote to memory of 2984	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4400 wrote to memory of 2984	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4400 wrote to memory of 4836	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4400 wrote to memory of 4836	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4400 wrote to memory of 5032	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4400 wrote to memory of 5032	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4400 wrote to memory of 2416	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4400 wrote to memory of 2416	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4400 wrote to memory of 4172	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4400 wrote to memory of 4172	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4400 wrote to memory of 4116	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4400 wrote to memory of 4116	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4400 wrote to memory of 244	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4400 wrote to memory of 244	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4400 wrote to memory of 1332	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4400 wrote to memory of 1332	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4400 wrote to memory of 5012	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4400 wrote to memory of 5012	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4400 wrote to memory of 764	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4400 wrote to memory of 764	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4400 wrote to memory of 2428	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4400 wrote to memory of 2428	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4400 wrote to memory of 4736	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4400 wrote to memory of 4736	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4400 wrote to memory of 2120	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4400 wrote to memory of 2120	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4400 wrote to memory of 1636	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4400 wrote to memory of 1636	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4400 wrote to memory of 2684	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4400 wrote to memory of 2684	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4400 wrote to memory of 3104	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4400 wrote to memory of 3104	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4400 wrote to memory of 2788	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4400 wrote to memory of 2788	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4400 wrote to memory of 4804	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4400 wrote to memory of 4804	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4400 wrote to memory of 5036	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4400 wrote to memory of 5036	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4400 wrote to memory of 1404	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4400 wrote to memory of 1404	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4400 wrote to memory of 1760	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4400 wrote to memory of 1760	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4400 wrote to memory of 4124	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4400 wrote to memory of 4124	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4400 wrote to memory of 3608	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4400 wrote to memory of 3608	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4400 wrote to memory of 4408	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4400 wrote to memory of 4408	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4400 wrote to memory of 2704	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4400 wrote to memory of 2704	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4400 wrote to memory of 3216	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4400 wrote to memory of 3216	4400	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	114

C:\Users\Admin\AppData\Local\Temp\2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4400
- C:\Windows\System\LFdxktW.exe
  C:\Windows\System\LFdxktW.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\MGbAgrd.exe
  C:\Windows\System\MGbAgrd.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\juPsYbL.exe
  C:\Windows\System\juPsYbL.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\AhypUpO.exe
  C:\Windows\System\AhypUpO.exe
  2⤵
  - Executes dropped EXE
  PID:4212
- C:\Windows\System\affNvRe.exe
  C:\Windows\System\affNvRe.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\GjZfyId.exe
  C:\Windows\System\GjZfyId.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\KMyVGFT.exe
  C:\Windows\System\KMyVGFT.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\yZuCGcb.exe
  C:\Windows\System\yZuCGcb.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\sxKZNFs.exe
  C:\Windows\System\sxKZNFs.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\cvyrOyQ.exe
  C:\Windows\System\cvyrOyQ.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\mcbgbIN.exe
  C:\Windows\System\mcbgbIN.exe
  2⤵
  - Executes dropped EXE
  PID:4172
- C:\Windows\System\GfOnfML.exe
  C:\Windows\System\GfOnfML.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\seGjUah.exe
  C:\Windows\System\seGjUah.exe
  2⤵
  - Executes dropped EXE
  PID:244
- C:\Windows\System\qwofevH.exe
  C:\Windows\System\qwofevH.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\mmGtwkx.exe
  C:\Windows\System\mmGtwkx.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\cSpflgL.exe
  C:\Windows\System\cSpflgL.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\YqpTImK.exe
  C:\Windows\System\YqpTImK.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\flJrpkW.exe
  C:\Windows\System\flJrpkW.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\IkrLqVh.exe
  C:\Windows\System\IkrLqVh.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\ahCnRhI.exe
  C:\Windows\System\ahCnRhI.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\LSJbhIO.exe
  C:\Windows\System\LSJbhIO.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\enWDVGG.exe
  C:\Windows\System\enWDVGG.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\yaRZkSh.exe
  C:\Windows\System\yaRZkSh.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\AEWiVhl.exe
  C:\Windows\System\AEWiVhl.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\dKPAHmP.exe
  C:\Windows\System\dKPAHmP.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\JGHpsjH.exe
  C:\Windows\System\JGHpsjH.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\SSHykIU.exe
  C:\Windows\System\SSHykIU.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\PuaEiQN.exe
  C:\Windows\System\PuaEiQN.exe
  2⤵
  - Executes dropped EXE
  PID:4124
- C:\Windows\System\LlDsUTd.exe
  C:\Windows\System\LlDsUTd.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\oEENkJx.exe
  C:\Windows\System\oEENkJx.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\RIeySVW.exe
  C:\Windows\System\RIeySVW.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\VlWBIxm.exe
  C:\Windows\System\VlWBIxm.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\xobrdmu.exe
  C:\Windows\System\xobrdmu.exe
  2⤵
  - Executes dropped EXE
  PID:3388
- C:\Windows\System\rGfpCCE.exe
  C:\Windows\System\rGfpCCE.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\fIuwfAJ.exe
  C:\Windows\System\fIuwfAJ.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\gyveOWV.exe
  C:\Windows\System\gyveOWV.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\ICfROHe.exe
  C:\Windows\System\ICfROHe.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\iQUEAOp.exe
  C:\Windows\System\iQUEAOp.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\THtWgYe.exe
  C:\Windows\System\THtWgYe.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\IIqGEiu.exe
  C:\Windows\System\IIqGEiu.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\qiKIxTb.exe
  C:\Windows\System\qiKIxTb.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\GJxdavz.exe
  C:\Windows\System\GJxdavz.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\OagNdFv.exe
  C:\Windows\System\OagNdFv.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\wmdJOaR.exe
  C:\Windows\System\wmdJOaR.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\IUJuuDm.exe
  C:\Windows\System\IUJuuDm.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\MXuxFuz.exe
  C:\Windows\System\MXuxFuz.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\lyGsPnV.exe
  C:\Windows\System\lyGsPnV.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\jFJwbBM.exe
  C:\Windows\System\jFJwbBM.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\RUuyeAl.exe
  C:\Windows\System\RUuyeAl.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\zzQEkqY.exe
  C:\Windows\System\zzQEkqY.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\LISYLyS.exe
  C:\Windows\System\LISYLyS.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\PvrihtT.exe
  C:\Windows\System\PvrihtT.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\xyZOSMX.exe
  C:\Windows\System\xyZOSMX.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\KQbNdpM.exe
  C:\Windows\System\KQbNdpM.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\ZZNnOnR.exe
  C:\Windows\System\ZZNnOnR.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\IcxNvzX.exe
  C:\Windows\System\IcxNvzX.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\XzGFOsK.exe
  C:\Windows\System\XzGFOsK.exe
  2⤵
  - Executes dropped EXE
  PID:3772
- C:\Windows\System\ekVctHO.exe
  C:\Windows\System\ekVctHO.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\hYsBLTp.exe
  C:\Windows\System\hYsBLTp.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\ObgNrqq.exe
  C:\Windows\System\ObgNrqq.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\Zphfygt.exe
  C:\Windows\System\Zphfygt.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\HggobGK.exe
  C:\Windows\System\HggobGK.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\nwEmLdh.exe
  C:\Windows\System\nwEmLdh.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\IqRhHQP.exe
  C:\Windows\System\IqRhHQP.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\PUXcTyF.exe
  C:\Windows\System\PUXcTyF.exe
  2⤵
  PID:4248
- C:\Windows\System\yHKPvpt.exe
  C:\Windows\System\yHKPvpt.exe
  2⤵
  PID:2408
- C:\Windows\System\TVwOVHe.exe
  C:\Windows\System\TVwOVHe.exe
  2⤵
  PID:3040
- C:\Windows\System\BgyZEIT.exe
  C:\Windows\System\BgyZEIT.exe
  2⤵
  PID:2188
- C:\Windows\System\PZglBbw.exe
  C:\Windows\System\PZglBbw.exe
  2⤵
  PID:1272
- C:\Windows\System\OCUwnAv.exe
  C:\Windows\System\OCUwnAv.exe
  2⤵
  PID:1668
- C:\Windows\System\zfxQmGi.exe
  C:\Windows\System\zfxQmGi.exe
  2⤵
  PID:3676
- C:\Windows\System\MgrYKCi.exe
  C:\Windows\System\MgrYKCi.exe
  2⤵
  PID:4636
- C:\Windows\System\pHmVYyW.exe
  C:\Windows\System\pHmVYyW.exe
  2⤵
  PID:1388
- C:\Windows\System\iUHUUJS.exe
  C:\Windows\System\iUHUUJS.exe
  2⤵
  PID:2528
- C:\Windows\System\bwkeANL.exe
  C:\Windows\System\bwkeANL.exe
  2⤵
  PID:508
- C:\Windows\System\uldoRLs.exe
  C:\Windows\System\uldoRLs.exe
  2⤵
  PID:4980
- C:\Windows\System\eXGmdom.exe
  C:\Windows\System\eXGmdom.exe
  2⤵
  PID:3508
- C:\Windows\System\XREtmbO.exe
  C:\Windows\System\XREtmbO.exe
  2⤵
  PID:4480
- C:\Windows\System\bmloCMV.exe
  C:\Windows\System\bmloCMV.exe
  2⤵
  PID:1772
- C:\Windows\System\pHnDXCU.exe
  C:\Windows\System\pHnDXCU.exe
  2⤵
  PID:1480
- C:\Windows\System\xPyNQpg.exe
  C:\Windows\System\xPyNQpg.exe
  2⤵
  PID:1072
- C:\Windows\System\fQrIGee.exe
  C:\Windows\System\fQrIGee.exe
  2⤵
  PID:4996
- C:\Windows\System\JjOcQkd.exe
  C:\Windows\System\JjOcQkd.exe
  2⤵
  PID:3756
- C:\Windows\System\jJnhRLq.exe
  C:\Windows\System\jJnhRLq.exe
  2⤵
  PID:868
- C:\Windows\System\JkBYFhP.exe
  C:\Windows\System\JkBYFhP.exe
  2⤵
  PID:3600
- C:\Windows\System\IJIQUEO.exe
  C:\Windows\System\IJIQUEO.exe
  2⤵
  PID:4608
- C:\Windows\System\NQgsTWd.exe
  C:\Windows\System\NQgsTWd.exe
  2⤵
  PID:4256
- C:\Windows\System\UxudYUE.exe
  C:\Windows\System\UxudYUE.exe
  2⤵
  PID:1392
- C:\Windows\System\ZEfUZOR.exe
  C:\Windows\System\ZEfUZOR.exe
  2⤵
  PID:3064
- C:\Windows\System\mSxbpkO.exe
  C:\Windows\System\mSxbpkO.exe
  2⤵
  PID:216
- C:\Windows\System\DAwntiX.exe
  C:\Windows\System\DAwntiX.exe
  2⤵
  PID:3688
- C:\Windows\System\mgZJXxC.exe
  C:\Windows\System\mgZJXxC.exe
  2⤵
  PID:1532
- C:\Windows\System\SETlzRy.exe
  C:\Windows\System\SETlzRy.exe
  2⤵
  PID:1684
- C:\Windows\System\XZQXnnA.exe
  C:\Windows\System\XZQXnnA.exe
  2⤵
  PID:2376
- C:\Windows\System\zSYEquS.exe
  C:\Windows\System\zSYEquS.exe
  2⤵
  PID:3424
- C:\Windows\System\LKPGbVS.exe
  C:\Windows\System\LKPGbVS.exe
  2⤵
  PID:4940
- C:\Windows\System\BjhuqMq.exe
  C:\Windows\System\BjhuqMq.exe
  2⤵
  PID:2364
- C:\Windows\System\fsXWVut.exe
  C:\Windows\System\fsXWVut.exe
  2⤵
  PID:4596
- C:\Windows\System\NAwUwiV.exe
  C:\Windows\System\NAwUwiV.exe
  2⤵
  PID:4140
- C:\Windows\System\XpLfkOv.exe
  C:\Windows\System\XpLfkOv.exe
  2⤵
  PID:1448
- C:\Windows\System\SPfhNIM.exe
  C:\Windows\System\SPfhNIM.exe
  2⤵
  PID:4972
- C:\Windows\System\LLDmobT.exe
  C:\Windows\System\LLDmobT.exe
  2⤵
  PID:5152
- C:\Windows\System\zDyIAMU.exe
  C:\Windows\System\zDyIAMU.exe
  2⤵
  PID:5180
- C:\Windows\System\fAAxwiT.exe
  C:\Windows\System\fAAxwiT.exe
  2⤵
  PID:5208
- C:\Windows\System\qzouwLT.exe
  C:\Windows\System\qzouwLT.exe
  2⤵
  PID:5232
- C:\Windows\System\oBZUoPx.exe
  C:\Windows\System\oBZUoPx.exe
  2⤵
  PID:5260
- C:\Windows\System\AgUbkrm.exe
  C:\Windows\System\AgUbkrm.exe
  2⤵
  PID:5292
- C:\Windows\System\IaiJsEs.exe
  C:\Windows\System\IaiJsEs.exe
  2⤵
  PID:5320
- C:\Windows\System\smWfWbx.exe
  C:\Windows\System\smWfWbx.exe
  2⤵
  PID:5348
- C:\Windows\System\MXlNxdk.exe
  C:\Windows\System\MXlNxdk.exe
  2⤵
  PID:5380
- C:\Windows\System\DudYXTu.exe
  C:\Windows\System\DudYXTu.exe
  2⤵
  PID:5404
- C:\Windows\System\lduLiPd.exe
  C:\Windows\System\lduLiPd.exe
  2⤵
  PID:5436
- C:\Windows\System\LumgpwQ.exe
  C:\Windows\System\LumgpwQ.exe
  2⤵
  PID:5464
- C:\Windows\System\ebXLBzd.exe
  C:\Windows\System\ebXLBzd.exe
  2⤵
  PID:5492
- C:\Windows\System\mgVPECU.exe
  C:\Windows\System\mgVPECU.exe
  2⤵
  PID:5520
- C:\Windows\System\NvzIsUO.exe
  C:\Windows\System\NvzIsUO.exe
  2⤵
  PID:5548
- C:\Windows\System\QIYPLBD.exe
  C:\Windows\System\QIYPLBD.exe
  2⤵
  PID:5580
- C:\Windows\System\lqpGGUF.exe
  C:\Windows\System\lqpGGUF.exe
  2⤵
  PID:5612
- C:\Windows\System\nSyxuik.exe
  C:\Windows\System\nSyxuik.exe
  2⤵
  PID:5668
- C:\Windows\System\amOOyLP.exe
  C:\Windows\System\amOOyLP.exe
  2⤵
  PID:5700
- C:\Windows\System\GHQocDm.exe
  C:\Windows\System\GHQocDm.exe
  2⤵
  PID:5728
- C:\Windows\System\XXRjTUt.exe
  C:\Windows\System\XXRjTUt.exe
  2⤵
  PID:5752
- C:\Windows\System\ahkdduN.exe
  C:\Windows\System\ahkdduN.exe
  2⤵
  PID:5784
- C:\Windows\System\sXddMey.exe
  C:\Windows\System\sXddMey.exe
  2⤵
  PID:5812
- C:\Windows\System\vpduhEo.exe
  C:\Windows\System\vpduhEo.exe
  2⤵
  PID:5840
- C:\Windows\System\CIeorLP.exe
  C:\Windows\System\CIeorLP.exe
  2⤵
  PID:5868
- C:\Windows\System\rDOUBPt.exe
  C:\Windows\System\rDOUBPt.exe
  2⤵
  PID:5896
- C:\Windows\System\OmxGooX.exe
  C:\Windows\System\OmxGooX.exe
  2⤵
  PID:5924
- C:\Windows\System\kLxPSqd.exe
  C:\Windows\System\kLxPSqd.exe
  2⤵
  PID:5952
- C:\Windows\System\FSGWxTo.exe
  C:\Windows\System\FSGWxTo.exe
  2⤵
  PID:5980
- C:\Windows\System\UbDiFEo.exe
  C:\Windows\System\UbDiFEo.exe
  2⤵
  PID:6004
- C:\Windows\System\FslzpRR.exe
  C:\Windows\System\FslzpRR.exe
  2⤵
  PID:6036
- C:\Windows\System\ctAImkR.exe
  C:\Windows\System\ctAImkR.exe
  2⤵
  PID:6068
- C:\Windows\System\JqPvNeF.exe
  C:\Windows\System\JqPvNeF.exe
  2⤵
  PID:6096
- C:\Windows\System\SRIJvlj.exe
  C:\Windows\System\SRIJvlj.exe
  2⤵
  PID:6124
- C:\Windows\System\aRFhhUc.exe
  C:\Windows\System\aRFhhUc.exe
  2⤵
  PID:5140
- C:\Windows\System\UhGqzCF.exe
  C:\Windows\System\UhGqzCF.exe
  2⤵
  PID:4600
- C:\Windows\System\lcmrzZI.exe
  C:\Windows\System\lcmrzZI.exe
  2⤵
  PID:5268
- C:\Windows\System\ChqrALy.exe
  C:\Windows\System\ChqrALy.exe
  2⤵
  PID:5328
- C:\Windows\System\hUELTkq.exe
  C:\Windows\System\hUELTkq.exe
  2⤵
  PID:5396
- C:\Windows\System\gywcwuL.exe
  C:\Windows\System\gywcwuL.exe
  2⤵
  PID:5460
- C:\Windows\System\KvUYPVi.exe
  C:\Windows\System\KvUYPVi.exe
  2⤵
  PID:5528
- C:\Windows\System\mCcgwqr.exe
  C:\Windows\System\mCcgwqr.exe
  2⤵
  PID:5596
- C:\Windows\System\SKEeYsV.exe
  C:\Windows\System\SKEeYsV.exe
  2⤵
  PID:5680
- C:\Windows\System\claoNuQ.exe
  C:\Windows\System\claoNuQ.exe
  2⤵
  PID:5744
- C:\Windows\System\sMLQvEk.exe
  C:\Windows\System\sMLQvEk.exe
  2⤵
  PID:5800
- C:\Windows\System\ucaBcix.exe
  C:\Windows\System\ucaBcix.exe
  2⤵
  PID:5856
- C:\Windows\System\ntjQWsO.exe
  C:\Windows\System\ntjQWsO.exe
  2⤵
  PID:5932
- C:\Windows\System\QNSAcJb.exe
  C:\Windows\System\QNSAcJb.exe
  2⤵
  PID:5996
- C:\Windows\System\EwSZQbE.exe
  C:\Windows\System\EwSZQbE.exe
  2⤵
  PID:6064
- C:\Windows\System\jbXtHoi.exe
  C:\Windows\System\jbXtHoi.exe
  2⤵
  PID:6132
- C:\Windows\System\kMYUBya.exe
  C:\Windows\System\kMYUBya.exe
  2⤵
  PID:5240
- C:\Windows\System\LmXifId.exe
  C:\Windows\System\LmXifId.exe
  2⤵
  PID:5376
- C:\Windows\System\UQolZBZ.exe
  C:\Windows\System\UQolZBZ.exe
  2⤵
  PID:5544
- C:\Windows\System\EILqoFy.exe
  C:\Windows\System\EILqoFy.exe
  2⤵
  PID:5724
- C:\Windows\System\geYcQFZ.exe
  C:\Windows\System\geYcQFZ.exe
  2⤵
  PID:5892
- C:\Windows\System\nkQtdXO.exe
  C:\Windows\System\nkQtdXO.exe
  2⤵
  PID:6032
- C:\Windows\System\RTIbrbg.exe
  C:\Windows\System\RTIbrbg.exe
  2⤵
  PID:5176
- C:\Windows\System\bxyDCdr.exe
  C:\Windows\System\bxyDCdr.exe
  2⤵
  PID:5432
- C:\Windows\System\VuBZiSO.exe
  C:\Windows\System\VuBZiSO.exe
  2⤵
  PID:5836
- C:\Windows\System\gCKTfUL.exe
  C:\Windows\System\gCKTfUL.exe
  2⤵
  PID:5620
- C:\Windows\System\MRcqSfO.exe
  C:\Windows\System\MRcqSfO.exe
  2⤵
  PID:5988
- C:\Windows\System\pSEuccZ.exe
  C:\Windows\System\pSEuccZ.exe
  2⤵
  PID:6172
- C:\Windows\System\EAKBLIC.exe
  C:\Windows\System\EAKBLIC.exe
  2⤵
  PID:6196
- C:\Windows\System\XuhPYuZ.exe
  C:\Windows\System\XuhPYuZ.exe
  2⤵
  PID:6224
- C:\Windows\System\XfaJEaC.exe
  C:\Windows\System\XfaJEaC.exe
  2⤵
  PID:6256
- C:\Windows\System\JYKPFek.exe
  C:\Windows\System\JYKPFek.exe
  2⤵
  PID:6284
- C:\Windows\System\EivIiXf.exe
  C:\Windows\System\EivIiXf.exe
  2⤵
  PID:6312
- C:\Windows\System\YLySbOp.exe
  C:\Windows\System\YLySbOp.exe
  2⤵
  PID:6340
- C:\Windows\System\vQiXxbe.exe
  C:\Windows\System\vQiXxbe.exe
  2⤵
  PID:6368
- C:\Windows\System\XhVnJIs.exe
  C:\Windows\System\XhVnJIs.exe
  2⤵
  PID:6388
- C:\Windows\System\GWzCWAd.exe
  C:\Windows\System\GWzCWAd.exe
  2⤵
  PID:6424
- C:\Windows\System\MaVDdDb.exe
  C:\Windows\System\MaVDdDb.exe
  2⤵
  PID:6448
- C:\Windows\System\SXrnuan.exe
  C:\Windows\System\SXrnuan.exe
  2⤵
  PID:6480
- C:\Windows\System\jGDAoas.exe
  C:\Windows\System\jGDAoas.exe
  2⤵
  PID:6504
- C:\Windows\System\uQRCQxZ.exe
  C:\Windows\System\uQRCQxZ.exe
  2⤵
  PID:6536
- C:\Windows\System\YIakhip.exe
  C:\Windows\System\YIakhip.exe
  2⤵
  PID:6564
- C:\Windows\System\BgXxlDd.exe
  C:\Windows\System\BgXxlDd.exe
  2⤵
  PID:6580
- C:\Windows\System\yOahgGW.exe
  C:\Windows\System\yOahgGW.exe
  2⤵
  PID:6608
- C:\Windows\System\aMvzjWK.exe
  C:\Windows\System\aMvzjWK.exe
  2⤵
  PID:6644
- C:\Windows\System\LfMiPWn.exe
  C:\Windows\System\LfMiPWn.exe
  2⤵
  PID:6720
- C:\Windows\System\SBfZRBo.exe
  C:\Windows\System\SBfZRBo.exe
  2⤵
  PID:6792
- C:\Windows\System\tLmtCDw.exe
  C:\Windows\System\tLmtCDw.exe
  2⤵
  PID:6840
- C:\Windows\System\cewibAD.exe
  C:\Windows\System\cewibAD.exe
  2⤵
  PID:6860
- C:\Windows\System\bjukKNV.exe
  C:\Windows\System\bjukKNV.exe
  2⤵
  PID:6900
- C:\Windows\System\FAHgctb.exe
  C:\Windows\System\FAHgctb.exe
  2⤵
  PID:6944
- C:\Windows\System\IYyBCEn.exe
  C:\Windows\System\IYyBCEn.exe
  2⤵
  PID:7012
- C:\Windows\System\FMuKSBc.exe
  C:\Windows\System\FMuKSBc.exe
  2⤵
  PID:7044
- C:\Windows\System\liEPicy.exe
  C:\Windows\System\liEPicy.exe
  2⤵
  PID:7072
- C:\Windows\System\jwEyHXX.exe
  C:\Windows\System\jwEyHXX.exe
  2⤵
  PID:7112
- C:\Windows\System\sOwIQDH.exe
  C:\Windows\System\sOwIQDH.exe
  2⤵
  PID:7140
- C:\Windows\System\dFHVktq.exe
  C:\Windows\System\dFHVktq.exe
  2⤵
  PID:7164
- C:\Windows\System\RqCYJPo.exe
  C:\Windows\System\RqCYJPo.exe
  2⤵
  PID:6204
- C:\Windows\System\ZDMMBJW.exe
  C:\Windows\System\ZDMMBJW.exe
  2⤵
  PID:6272
- C:\Windows\System\WyzCwgV.exe
  C:\Windows\System\WyzCwgV.exe
  2⤵
  PID:6336
- C:\Windows\System\YjMmvcV.exe
  C:\Windows\System\YjMmvcV.exe
  2⤵
  PID:6420
- C:\Windows\System\XHcTuqu.exe
  C:\Windows\System\XHcTuqu.exe
  2⤵
  PID:6488
- C:\Windows\System\SlqKvXy.exe
  C:\Windows\System\SlqKvXy.exe
  2⤵
  PID:6544
- C:\Windows\System\wwuTEPS.exe
  C:\Windows\System\wwuTEPS.exe
  2⤵
  PID:6604
- C:\Windows\System\plFFfPS.exe
  C:\Windows\System\plFFfPS.exe
  2⤵
  PID:6700
- C:\Windows\System\mgdJuwt.exe
  C:\Windows\System\mgdJuwt.exe
  2⤵
  PID:6804
- C:\Windows\System\AyedyhR.exe
  C:\Windows\System\AyedyhR.exe
  2⤵
  PID:6924
- C:\Windows\System\VUyHacD.exe
  C:\Windows\System\VUyHacD.exe
  2⤵
  PID:3016
- C:\Windows\System\vqnayPO.exe
  C:\Windows\System\vqnayPO.exe
  2⤵
  PID:7040
- C:\Windows\System\avECWMb.exe
  C:\Windows\System\avECWMb.exe
  2⤵
  PID:7136
- C:\Windows\System\YhsgcBk.exe
  C:\Windows\System\YhsgcBk.exe
  2⤵
  PID:6168
- C:\Windows\System\DeGdDNy.exe
  C:\Windows\System\DeGdDNy.exe
  2⤵
  PID:4392
- C:\Windows\System\oXVsvJV.exe
  C:\Windows\System\oXVsvJV.exe
  2⤵
  PID:6396
- C:\Windows\System\CEmgzFe.exe
  C:\Windows\System\CEmgzFe.exe
  2⤵
  PID:6524
- C:\Windows\System\ejYQqKf.exe
  C:\Windows\System\ejYQqKf.exe
  2⤵
  PID:6628
- C:\Windows\System\YTbQYgE.exe
  C:\Windows\System\YTbQYgE.exe
  2⤵
  PID:4000
- C:\Windows\System\NiPPcHn.exe
  C:\Windows\System\NiPPcHn.exe
  2⤵
  PID:7060
- C:\Windows\System\sDmPViH.exe
  C:\Windows\System\sDmPViH.exe
  2⤵
  PID:6232
- C:\Windows\System\vyAsMZc.exe
  C:\Windows\System\vyAsMZc.exe
  2⤵
  PID:6440
- C:\Windows\System\AGxnHQN.exe
  C:\Windows\System\AGxnHQN.exe
  2⤵
  PID:6856
- C:\Windows\System\xEnNOtY.exe
  C:\Windows\System\xEnNOtY.exe
  2⤵
  PID:2988
- C:\Windows\System\YpGotlW.exe
  C:\Windows\System\YpGotlW.exe
  2⤵
  PID:2764
- C:\Windows\System\WgZTXiX.exe
  C:\Windows\System\WgZTXiX.exe
  2⤵
  PID:7148
- C:\Windows\System\uiwVqEF.exe
  C:\Windows\System\uiwVqEF.exe
  2⤵
  PID:6320
- C:\Windows\System\ggDgqLR.exe
  C:\Windows\System\ggDgqLR.exe
  2⤵
  PID:7196
- C:\Windows\System\bPjQWWe.exe
  C:\Windows\System\bPjQWWe.exe
  2⤵
  PID:7216
- C:\Windows\System\NFojTCf.exe
  C:\Windows\System\NFojTCf.exe
  2⤵
  PID:7256
- C:\Windows\System\KgrQvOV.exe
  C:\Windows\System\KgrQvOV.exe
  2⤵
  PID:7284
- C:\Windows\System\pDZUrPt.exe
  C:\Windows\System\pDZUrPt.exe
  2⤵
  PID:7308
- C:\Windows\System\adrYpre.exe
  C:\Windows\System\adrYpre.exe
  2⤵
  PID:7336
- C:\Windows\System\ePDiejm.exe
  C:\Windows\System\ePDiejm.exe
  2⤵
  PID:7364
- C:\Windows\System\dztXeTg.exe
  C:\Windows\System\dztXeTg.exe
  2⤵
  PID:7396
- C:\Windows\System\YYZIbJW.exe
  C:\Windows\System\YYZIbJW.exe
  2⤵
  PID:7424
- C:\Windows\System\GDtpFQh.exe
  C:\Windows\System\GDtpFQh.exe
  2⤵
  PID:7452
- C:\Windows\System\qeYmYYT.exe
  C:\Windows\System\qeYmYYT.exe
  2⤵
  PID:7476
- C:\Windows\System\jxqIGzp.exe
  C:\Windows\System\jxqIGzp.exe
  2⤵
  PID:7508
- C:\Windows\System\xyHVDAv.exe
  C:\Windows\System\xyHVDAv.exe
  2⤵
  PID:7536
- C:\Windows\System\KTjfDvF.exe
  C:\Windows\System\KTjfDvF.exe
  2⤵
  PID:7564
- C:\Windows\System\ndVJlcf.exe
  C:\Windows\System\ndVJlcf.exe
  2⤵
  PID:7588
- C:\Windows\System\bPUTYaF.exe
  C:\Windows\System\bPUTYaF.exe
  2⤵
  PID:7620
- C:\Windows\System\TnfAhCU.exe
  C:\Windows\System\TnfAhCU.exe
  2⤵
  PID:7640
- C:\Windows\System\tECaynx.exe
  C:\Windows\System\tECaynx.exe
  2⤵
  PID:7668
- C:\Windows\System\Lbglkpk.exe
  C:\Windows\System\Lbglkpk.exe
  2⤵
  PID:7704
- C:\Windows\System\eumSVjA.exe
  C:\Windows\System\eumSVjA.exe
  2⤵
  PID:7732
- C:\Windows\System\VohDBCd.exe
  C:\Windows\System\VohDBCd.exe
  2⤵
  PID:7760
- C:\Windows\System\njqBliP.exe
  C:\Windows\System\njqBliP.exe
  2⤵
  PID:7788
- C:\Windows\System\dQuGLre.exe
  C:\Windows\System\dQuGLre.exe
  2⤵
  PID:7816
- C:\Windows\System\KyBnbDT.exe
  C:\Windows\System\KyBnbDT.exe
  2⤵
  PID:7844
- C:\Windows\System\ykHILGM.exe
  C:\Windows\System\ykHILGM.exe
  2⤵
  PID:7872
- C:\Windows\System\iFSpNjm.exe
  C:\Windows\System\iFSpNjm.exe
  2⤵
  PID:7900
- C:\Windows\System\bcEIvUA.exe
  C:\Windows\System\bcEIvUA.exe
  2⤵
  PID:7940
- C:\Windows\System\gYahiKK.exe
  C:\Windows\System\gYahiKK.exe
  2⤵
  PID:7956
- C:\Windows\System\jrEtuxT.exe
  C:\Windows\System\jrEtuxT.exe
  2⤵
  PID:7988
- C:\Windows\System\bYzptQl.exe
  C:\Windows\System\bYzptQl.exe
  2⤵
  PID:8020
- C:\Windows\System\UMHBXCB.exe
  C:\Windows\System\UMHBXCB.exe
  2⤵
  PID:8044
- C:\Windows\System\jBlTBDm.exe
  C:\Windows\System\jBlTBDm.exe
  2⤵
  PID:8072
- C:\Windows\System\JwuVIuD.exe
  C:\Windows\System\JwuVIuD.exe
  2⤵
  PID:8100
- C:\Windows\System\gCPAuUs.exe
  C:\Windows\System\gCPAuUs.exe
  2⤵
  PID:8128
- C:\Windows\System\HsJpTwE.exe
  C:\Windows\System\HsJpTwE.exe
  2⤵
  PID:8156
- C:\Windows\System\lBxdYuK.exe
  C:\Windows\System\lBxdYuK.exe
  2⤵
  PID:8184
- C:\Windows\System\MuufKul.exe
  C:\Windows\System\MuufKul.exe
  2⤵
  PID:7208
- C:\Windows\System\AKPeCPH.exe
  C:\Windows\System\AKPeCPH.exe
  2⤵
  PID:7292
- C:\Windows\System\xLoEoYo.exe
  C:\Windows\System\xLoEoYo.exe
  2⤵
  PID:7348
- C:\Windows\System\AsBNpsm.exe
  C:\Windows\System\AsBNpsm.exe
  2⤵
  PID:7420
- C:\Windows\System\NfDVNWu.exe
  C:\Windows\System\NfDVNWu.exe
  2⤵
  PID:7484
- C:\Windows\System\RjPAUgb.exe
  C:\Windows\System\RjPAUgb.exe
  2⤵
  PID:7524
- C:\Windows\System\GlcXipE.exe
  C:\Windows\System\GlcXipE.exe
  2⤵
  PID:7596
- C:\Windows\System\FTYOFKW.exe
  C:\Windows\System\FTYOFKW.exe
  2⤵
  PID:7696
- C:\Windows\System\sKikftc.exe
  C:\Windows\System\sKikftc.exe
  2⤵
  PID:7744
- C:\Windows\System\bGkouAs.exe
  C:\Windows\System\bGkouAs.exe
  2⤵
  PID:7836
- C:\Windows\System\slETrWq.exe
  C:\Windows\System\slETrWq.exe
  2⤵
  PID:3060
- C:\Windows\System\gCIarax.exe
  C:\Windows\System\gCIarax.exe
  2⤵
  PID:2728
- C:\Windows\System\ToZrZlf.exe
  C:\Windows\System\ToZrZlf.exe
  2⤵
  PID:8056
- C:\Windows\System\hCdSjuC.exe
  C:\Windows\System\hCdSjuC.exe
  2⤵
  PID:8120
- C:\Windows\System\dnwmKvP.exe
  C:\Windows\System\dnwmKvP.exe
  2⤵
  PID:8180
- C:\Windows\System\zidPGbX.exe
  C:\Windows\System\zidPGbX.exe
  2⤵
  PID:7244
- C:\Windows\System\fKVNlrJ.exe
  C:\Windows\System\fKVNlrJ.exe
  2⤵
  PID:7328
- C:\Windows\System\bOuiOeF.exe
  C:\Windows\System\bOuiOeF.exe
  2⤵
  PID:7688
- C:\Windows\System\AETywpp.exe
  C:\Windows\System\AETywpp.exe
  2⤵
  PID:7756
- C:\Windows\System\CAWLGjL.exe
  C:\Windows\System\CAWLGjL.exe
  2⤵
  PID:7952
- C:\Windows\System\KbCBKoK.exe
  C:\Windows\System\KbCBKoK.exe
  2⤵
  PID:6980
- C:\Windows\System\DoiFhDW.exe
  C:\Windows\System\DoiFhDW.exe
  2⤵
  PID:6768
- C:\Windows\System\hdVVaZJ.exe
  C:\Windows\System\hdVVaZJ.exe
  2⤵
  PID:768
- C:\Windows\System\nJXTwla.exe
  C:\Windows\System\nJXTwla.exe
  2⤵
  PID:7316
- C:\Windows\System\jncqFTB.exe
  C:\Windows\System\jncqFTB.exe
  2⤵
  PID:7632
- C:\Windows\System\jfhwdPF.exe
  C:\Windows\System\jfhwdPF.exe
  2⤵
  PID:2164
- C:\Windows\System\JTjzoLJ.exe
  C:\Windows\System\JTjzoLJ.exe
  2⤵
  PID:6968
- C:\Windows\System\RimXzqP.exe
  C:\Windows\System\RimXzqP.exe
  2⤵
  PID:5024
- C:\Windows\System\TTFNJiL.exe
  C:\Windows\System\TTFNJiL.exe
  2⤵
  PID:7088
- C:\Windows\System\NLcTKQO.exe
  C:\Windows\System\NLcTKQO.exe
  2⤵
  PID:7084
- C:\Windows\System\MzYhYWb.exe
  C:\Windows\System\MzYhYWb.exe
  2⤵
  PID:8208
- C:\Windows\System\ggshZuh.exe
  C:\Windows\System\ggshZuh.exe
  2⤵
  PID:8236
- C:\Windows\System\InLyWoj.exe
  C:\Windows\System\InLyWoj.exe
  2⤵
  PID:8264
- C:\Windows\System\msIXcnL.exe
  C:\Windows\System\msIXcnL.exe
  2⤵
  PID:8292
- C:\Windows\System\RbLsAfa.exe
  C:\Windows\System\RbLsAfa.exe
  2⤵
  PID:8320
- C:\Windows\System\NNfQmFb.exe
  C:\Windows\System\NNfQmFb.exe
  2⤵
  PID:8352
- C:\Windows\System\bgDlgHV.exe
  C:\Windows\System\bgDlgHV.exe
  2⤵
  PID:8376
- C:\Windows\System\pCeCoOK.exe
  C:\Windows\System\pCeCoOK.exe
  2⤵
  PID:8408
- C:\Windows\System\nGWzezS.exe
  C:\Windows\System\nGWzezS.exe
  2⤵
  PID:8444
- C:\Windows\System\auuJENh.exe
  C:\Windows\System\auuJENh.exe
  2⤵
  PID:8464
- C:\Windows\System\HYyazsC.exe
  C:\Windows\System\HYyazsC.exe
  2⤵
  PID:8492
- C:\Windows\System\igMlHGO.exe
  C:\Windows\System\igMlHGO.exe
  2⤵
  PID:8520
- C:\Windows\System\bwqqoEg.exe
  C:\Windows\System\bwqqoEg.exe
  2⤵
  PID:8548
- C:\Windows\System\OspxeUW.exe
  C:\Windows\System\OspxeUW.exe
  2⤵
  PID:8580
- C:\Windows\System\DPkHpTQ.exe
  C:\Windows\System\DPkHpTQ.exe
  2⤵
  PID:8608
- C:\Windows\System\TYUMWkX.exe
  C:\Windows\System\TYUMWkX.exe
  2⤵
  PID:8636
- C:\Windows\System\bDChSmG.exe
  C:\Windows\System\bDChSmG.exe
  2⤵
  PID:8664
- C:\Windows\System\rGDFXiC.exe
  C:\Windows\System\rGDFXiC.exe
  2⤵
  PID:8692
- C:\Windows\System\EmQQUYg.exe
  C:\Windows\System\EmQQUYg.exe
  2⤵
  PID:8720
- C:\Windows\System\VhqXqoT.exe
  C:\Windows\System\VhqXqoT.exe
  2⤵
  PID:8748
- C:\Windows\System\OKtiskV.exe
  C:\Windows\System\OKtiskV.exe
  2⤵
  PID:8776
- C:\Windows\System\WUdLwrY.exe
  C:\Windows\System\WUdLwrY.exe
  2⤵
  PID:8804
- C:\Windows\System\sZemIks.exe
  C:\Windows\System\sZemIks.exe
  2⤵
  PID:8832
- C:\Windows\System\XUirLUW.exe
  C:\Windows\System\XUirLUW.exe
  2⤵
  PID:8860
- C:\Windows\System\OLFJXtn.exe
  C:\Windows\System\OLFJXtn.exe
  2⤵
  PID:8888
- C:\Windows\System\HRSDXri.exe
  C:\Windows\System\HRSDXri.exe
  2⤵
  PID:8916
- C:\Windows\System\XPmQFtW.exe
  C:\Windows\System\XPmQFtW.exe
  2⤵
  PID:8944
- C:\Windows\System\mEIQRqO.exe
  C:\Windows\System\mEIQRqO.exe
  2⤵
  PID:8972
- C:\Windows\System\DNUZJbL.exe
  C:\Windows\System\DNUZJbL.exe
  2⤵
  PID:9000
- C:\Windows\System\GUOtLuI.exe
  C:\Windows\System\GUOtLuI.exe
  2⤵
  PID:9028
- C:\Windows\System\zkGEnBv.exe
  C:\Windows\System\zkGEnBv.exe
  2⤵
  PID:9056
- C:\Windows\System\sTVEpIN.exe
  C:\Windows\System\sTVEpIN.exe
  2⤵
  PID:9084
- C:\Windows\System\yEHBFgH.exe
  C:\Windows\System\yEHBFgH.exe
  2⤵
  PID:9112
- C:\Windows\System\QIqYgyT.exe
  C:\Windows\System\QIqYgyT.exe
  2⤵
  PID:9140
- C:\Windows\System\xNCNDPU.exe
  C:\Windows\System\xNCNDPU.exe
  2⤵
  PID:9168
- C:\Windows\System\KdnmLcd.exe
  C:\Windows\System\KdnmLcd.exe
  2⤵
  PID:9196
- C:\Windows\System\BshYCOa.exe
  C:\Windows\System\BshYCOa.exe
  2⤵
  PID:8204
- C:\Windows\System\zjQLhtL.exe
  C:\Windows\System\zjQLhtL.exe
  2⤵
  PID:8276
- C:\Windows\System\pTZKzhx.exe
  C:\Windows\System\pTZKzhx.exe
  2⤵
  PID:8340
- C:\Windows\System\RdrllKT.exe
  C:\Windows\System\RdrllKT.exe
  2⤵
  PID:8400
- C:\Windows\System\BRyNKGT.exe
  C:\Windows\System\BRyNKGT.exe
  2⤵
  PID:8484
- C:\Windows\System\sudegoc.exe
  C:\Windows\System\sudegoc.exe
  2⤵
  PID:8560
- C:\Windows\System\QVNqGkB.exe
  C:\Windows\System\QVNqGkB.exe
  2⤵
  PID:8600
- C:\Windows\System\eRjZbKo.exe
  C:\Windows\System\eRjZbKo.exe
  2⤵
  PID:8676
- C:\Windows\System\cLwLHCe.exe
  C:\Windows\System\cLwLHCe.exe
  2⤵
  PID:8760
- C:\Windows\System\lCPAzEu.exe
  C:\Windows\System\lCPAzEu.exe
  2⤵
  PID:8800
- C:\Windows\System\aTHtxwu.exe
  C:\Windows\System\aTHtxwu.exe
  2⤵
  PID:8872
- C:\Windows\System\JjAqvgu.exe
  C:\Windows\System\JjAqvgu.exe
  2⤵
  PID:8936
- C:\Windows\System\ctPgUzk.exe
  C:\Windows\System\ctPgUzk.exe
  2⤵
  PID:8996
- C:\Windows\System\KjSnmbd.exe
  C:\Windows\System\KjSnmbd.exe
  2⤵
  PID:9076
- C:\Windows\System\zEqJaFo.exe
  C:\Windows\System\zEqJaFo.exe
  2⤵
  PID:9132
- C:\Windows\System\KAucJVy.exe
  C:\Windows\System\KAucJVy.exe
  2⤵
  PID:9188
- C:\Windows\System\DDYEYYv.exe
  C:\Windows\System\DDYEYYv.exe
  2⤵
  PID:8256
- C:\Windows\System\qXLJWBS.exe
  C:\Windows\System\qXLJWBS.exe
  2⤵
  PID:8452
- C:\Windows\System\BTazFbn.exe
  C:\Windows\System\BTazFbn.exe
  2⤵
  PID:8516
- C:\Windows\System\syhGPwZ.exe
  C:\Windows\System\syhGPwZ.exe
  2⤵
  PID:8716
- C:\Windows\System\ZYFeHHk.exe
  C:\Windows\System\ZYFeHHk.exe
  2⤵
  PID:8856
- C:\Windows\System\NYwLpNU.exe
  C:\Windows\System\NYwLpNU.exe
  2⤵
  PID:9024
- C:\Windows\System\pEbKOqu.exe
  C:\Windows\System\pEbKOqu.exe
  2⤵
  PID:9164
- C:\Windows\System\RSTNhEx.exe
  C:\Windows\System\RSTNhEx.exe
  2⤵
  PID:8008
- C:\Windows\System\xDTibpS.exe
  C:\Windows\System\xDTibpS.exe
  2⤵
  PID:8788
- C:\Windows\System\xgGwStx.exe
  C:\Windows\System\xgGwStx.exe
  2⤵
  PID:9124
- C:\Windows\System\hRzvcIj.exe
  C:\Windows\System\hRzvcIj.exe
  2⤵
  PID:8704
- C:\Windows\System\SaekEyh.exe
  C:\Windows\System\SaekEyh.exe
  2⤵
  PID:9096
- C:\Windows\System\GRKTFls.exe
  C:\Windows\System\GRKTFls.exe
  2⤵
  PID:9236
- C:\Windows\System\tLhwPrD.exe
  C:\Windows\System\tLhwPrD.exe
  2⤵
  PID:9264
- C:\Windows\System\xprPcBK.exe
  C:\Windows\System\xprPcBK.exe
  2⤵
  PID:9292
- C:\Windows\System\CYcjfaR.exe
  C:\Windows\System\CYcjfaR.exe
  2⤵
  PID:9320
- C:\Windows\System\smllBsC.exe
  C:\Windows\System\smllBsC.exe
  2⤵
  PID:9348
- C:\Windows\System\PmLMKMG.exe
  C:\Windows\System\PmLMKMG.exe
  2⤵
  PID:9376
- C:\Windows\System\wPJqxIR.exe
  C:\Windows\System\wPJqxIR.exe
  2⤵
  PID:9404
- C:\Windows\System\BvVCyQu.exe
  C:\Windows\System\BvVCyQu.exe
  2⤵
  PID:9432
- C:\Windows\System\XyktYdT.exe
  C:\Windows\System\XyktYdT.exe
  2⤵
  PID:9468
- C:\Windows\System\VTZYDKh.exe
  C:\Windows\System\VTZYDKh.exe
  2⤵
  PID:9488
- C:\Windows\System\hlupxtx.exe
  C:\Windows\System\hlupxtx.exe
  2⤵
  PID:9520
- C:\Windows\System\QhAolkd.exe
  C:\Windows\System\QhAolkd.exe
  2⤵
  PID:9548
- C:\Windows\System\YJhOhIQ.exe
  C:\Windows\System\YJhOhIQ.exe
  2⤵
  PID:9576
- C:\Windows\System\TjrTbqb.exe
  C:\Windows\System\TjrTbqb.exe
  2⤵
  PID:9604
- C:\Windows\System\ZsvbNtK.exe
  C:\Windows\System\ZsvbNtK.exe
  2⤵
  PID:9632
- C:\Windows\System\tuPplgk.exe
  C:\Windows\System\tuPplgk.exe
  2⤵
  PID:9660
- C:\Windows\System\CLHuhtO.exe
  C:\Windows\System\CLHuhtO.exe
  2⤵
  PID:9688
- C:\Windows\System\HXJdlnJ.exe
  C:\Windows\System\HXJdlnJ.exe
  2⤵
  PID:9716
- C:\Windows\System\XTMYuOk.exe
  C:\Windows\System\XTMYuOk.exe
  2⤵
  PID:9752
- C:\Windows\System\ubtSzAh.exe
  C:\Windows\System\ubtSzAh.exe
  2⤵
  PID:9780
- C:\Windows\System\TKbhoIZ.exe
  C:\Windows\System\TKbhoIZ.exe
  2⤵
  PID:9808
- C:\Windows\System\ssSScEZ.exe
  C:\Windows\System\ssSScEZ.exe
  2⤵
  PID:9836
- C:\Windows\System\lyVMZQB.exe
  C:\Windows\System\lyVMZQB.exe
  2⤵
  PID:9864
- C:\Windows\System\QyXQmJF.exe
  C:\Windows\System\QyXQmJF.exe
  2⤵
  PID:9892
- C:\Windows\System\zeSrboP.exe
  C:\Windows\System\zeSrboP.exe
  2⤵
  PID:9920
- C:\Windows\System\UqZSJyP.exe
  C:\Windows\System\UqZSJyP.exe
  2⤵
  PID:9948
- C:\Windows\System\IFixhWF.exe
  C:\Windows\System\IFixhWF.exe
  2⤵
  PID:9976
- C:\Windows\System\vVYHhiN.exe
  C:\Windows\System\vVYHhiN.exe
  2⤵
  PID:10004
- C:\Windows\System\blTUqds.exe
  C:\Windows\System\blTUqds.exe
  2⤵
  PID:10032
- C:\Windows\System\yNddINy.exe
  C:\Windows\System\yNddINy.exe
  2⤵
  PID:10060
- C:\Windows\System\QhaJLeG.exe
  C:\Windows\System\QhaJLeG.exe
  2⤵
  PID:10088
- C:\Windows\System\sPQTiFS.exe
  C:\Windows\System\sPQTiFS.exe
  2⤵
  PID:10116
- C:\Windows\System\Tgrunyf.exe
  C:\Windows\System\Tgrunyf.exe
  2⤵
  PID:10144
- C:\Windows\System\ugWHspG.exe
  C:\Windows\System\ugWHspG.exe
  2⤵
  PID:10172
- C:\Windows\System\pmUaKUu.exe
  C:\Windows\System\pmUaKUu.exe
  2⤵
  PID:10200
- C:\Windows\System\Sofqggw.exe
  C:\Windows\System\Sofqggw.exe
  2⤵
  PID:10228
- C:\Windows\System\HcoTOpU.exe
  C:\Windows\System\HcoTOpU.exe
  2⤵
  PID:9256
- C:\Windows\System\XJBVMSE.exe
  C:\Windows\System\XJBVMSE.exe
  2⤵
  PID:9312
- C:\Windows\System\jGzonDa.exe
  C:\Windows\System\jGzonDa.exe
  2⤵
  PID:9372
- C:\Windows\System\tBwckBG.exe
  C:\Windows\System\tBwckBG.exe
  2⤵
  PID:9444
- C:\Windows\System\SxUkOEI.exe
  C:\Windows\System\SxUkOEI.exe
  2⤵
  PID:9508
- C:\Windows\System\WFafjjs.exe
  C:\Windows\System\WFafjjs.exe
  2⤵
  PID:9572
- C:\Windows\System\JriHXXC.exe
  C:\Windows\System\JriHXXC.exe
  2⤵
  PID:9644
- C:\Windows\System\cAdPMXZ.exe
  C:\Windows\System\cAdPMXZ.exe
  2⤵
  PID:9712
- C:\Windows\System\OzJzdan.exe
  C:\Windows\System\OzJzdan.exe
  2⤵
  PID:9800
- C:\Windows\System\SHEWpWG.exe
  C:\Windows\System\SHEWpWG.exe
  2⤵
  PID:9848
- C:\Windows\System\otEwaiP.exe
  C:\Windows\System\otEwaiP.exe
  2⤵
  PID:9912
- C:\Windows\System\VWBVhDt.exe
  C:\Windows\System\VWBVhDt.exe
  2⤵
  PID:3236
- C:\Windows\System\dIFnblj.exe
  C:\Windows\System\dIFnblj.exe
  2⤵
  PID:10016
- C:\Windows\System\rjIbHpp.exe
  C:\Windows\System\rjIbHpp.exe
  2⤵
  PID:10080
- C:\Windows\System\CTddNAP.exe
  C:\Windows\System\CTddNAP.exe
  2⤵
  PID:10140
- C:\Windows\System\EvckxWp.exe
  C:\Windows\System\EvckxWp.exe
  2⤵
  PID:10212
- C:\Windows\System\ykSxTyY.exe
  C:\Windows\System\ykSxTyY.exe
  2⤵
  PID:9284
- C:\Windows\System\VISCCcM.exe
  C:\Windows\System\VISCCcM.exe
  2⤵
  PID:9424
- C:\Windows\System\coMecox.exe
  C:\Windows\System\coMecox.exe
  2⤵
  PID:9568
- C:\Windows\System\VPhzMGE.exe
  C:\Windows\System\VPhzMGE.exe
  2⤵
  PID:9748
- C:\Windows\System\QjOAKwh.exe
  C:\Windows\System\QjOAKwh.exe
  2⤵
  PID:9888
- C:\Windows\System\BzFwbsw.exe
  C:\Windows\System\BzFwbsw.exe
  2⤵
  PID:10000
- C:\Windows\System\QXLBqBf.exe
  C:\Windows\System\QXLBqBf.exe
  2⤵
  PID:10196
- C:\Windows\System\RFFXdPn.exe
  C:\Windows\System\RFFXdPn.exe
  2⤵
  PID:9484
- C:\Windows\System\lWBthWr.exe
  C:\Windows\System\lWBthWr.exe
  2⤵
  PID:9972
- C:\Windows\System\tQfkoEi.exe
  C:\Windows\System\tQfkoEi.exe
  2⤵
  PID:10192
- C:\Windows\System\ZAQyMFE.exe
  C:\Windows\System\ZAQyMFE.exe
  2⤵
  PID:4944
- C:\Windows\System\ZDaZQJs.exe
  C:\Windows\System\ZDaZQJs.exe
  2⤵
  PID:9944
- C:\Windows\System\nclDMGv.exe
  C:\Windows\System\nclDMGv.exe
  2⤵
  PID:10248
- C:\Windows\System\wWpoyfv.exe
  C:\Windows\System\wWpoyfv.exe
  2⤵
  PID:10276
- C:\Windows\System\uCwMROc.exe
  C:\Windows\System\uCwMROc.exe
  2⤵
  PID:10304
- C:\Windows\System\DbMwvrB.exe
  C:\Windows\System\DbMwvrB.exe
  2⤵
  PID:10332
- C:\Windows\System\jORqdJV.exe
  C:\Windows\System\jORqdJV.exe
  2⤵
  PID:10360
- C:\Windows\System\IdlTYTw.exe
  C:\Windows\System\IdlTYTw.exe
  2⤵
  PID:10388
- C:\Windows\System\UjvJOeW.exe
  C:\Windows\System\UjvJOeW.exe
  2⤵
  PID:10416
- C:\Windows\System\tvNmnHN.exe
  C:\Windows\System\tvNmnHN.exe
  2⤵
  PID:10448
- C:\Windows\System\RqVZOdp.exe
  C:\Windows\System\RqVZOdp.exe
  2⤵
  PID:10476
- C:\Windows\System\akUcmsQ.exe
  C:\Windows\System\akUcmsQ.exe
  2⤵
  PID:10504
- C:\Windows\System\IEfouWA.exe
  C:\Windows\System\IEfouWA.exe
  2⤵
  PID:10532
- C:\Windows\System\SlUcOfl.exe
  C:\Windows\System\SlUcOfl.exe
  2⤵
  PID:10572
- C:\Windows\System\ZwxlcJk.exe
  C:\Windows\System\ZwxlcJk.exe
  2⤵
  PID:10588
- C:\Windows\System\kErIzcA.exe
  C:\Windows\System\kErIzcA.exe
  2⤵
  PID:10616
- C:\Windows\System\WwTxWyq.exe
  C:\Windows\System\WwTxWyq.exe
  2⤵
  PID:10644
- C:\Windows\System\DnZuKBk.exe
  C:\Windows\System\DnZuKBk.exe
  2⤵
  PID:10672
- C:\Windows\System\rbrsUWw.exe
  C:\Windows\System\rbrsUWw.exe
  2⤵
  PID:10700
- C:\Windows\System\eLyGASi.exe
  C:\Windows\System\eLyGASi.exe
  2⤵
  PID:10728
- C:\Windows\System\sypTuda.exe
  C:\Windows\System\sypTuda.exe
  2⤵
  PID:10756
- C:\Windows\System\VGwWFDU.exe
  C:\Windows\System\VGwWFDU.exe
  2⤵
  PID:10784
- C:\Windows\System\ZsynqVI.exe
  C:\Windows\System\ZsynqVI.exe
  2⤵
  PID:10812
- C:\Windows\System\qreVLdh.exe
  C:\Windows\System\qreVLdh.exe
  2⤵
  PID:10840
- C:\Windows\System\VHHobes.exe
  C:\Windows\System\VHHobes.exe
  2⤵
  PID:10868
- C:\Windows\System\xWSwdqv.exe
  C:\Windows\System\xWSwdqv.exe
  2⤵
  PID:10896
- C:\Windows\System\zNqSUyM.exe
  C:\Windows\System\zNqSUyM.exe
  2⤵
  PID:10924
- C:\Windows\System\AvcuUry.exe
  C:\Windows\System\AvcuUry.exe
  2⤵
  PID:10952
- C:\Windows\System\pueStHM.exe
  C:\Windows\System\pueStHM.exe
  2⤵
  PID:10980
- C:\Windows\System\zCMEKwK.exe
  C:\Windows\System\zCMEKwK.exe
  2⤵
  PID:11008
- C:\Windows\System\sikGNah.exe
  C:\Windows\System\sikGNah.exe
  2⤵
  PID:11036
- C:\Windows\System\yplpvYH.exe
  C:\Windows\System\yplpvYH.exe
  2⤵
  PID:11064
- C:\Windows\System\cehfDNq.exe
  C:\Windows\System\cehfDNq.exe
  2⤵
  PID:11092
- C:\Windows\System\ZFFxSOf.exe
  C:\Windows\System\ZFFxSOf.exe
  2⤵
  PID:11120
- C:\Windows\System\mMExlFF.exe
  C:\Windows\System\mMExlFF.exe
  2⤵
  PID:11148
- C:\Windows\System\SzyLhJe.exe
  C:\Windows\System\SzyLhJe.exe
  2⤵
  PID:11176
- C:\Windows\System\LRsJQRD.exe
  C:\Windows\System\LRsJQRD.exe
  2⤵
  PID:11204
- C:\Windows\System\dYjLSGB.exe
  C:\Windows\System\dYjLSGB.exe
  2⤵
  PID:11232
- C:\Windows\System\pNgSJsF.exe
  C:\Windows\System\pNgSJsF.exe
  2⤵
  PID:11260
- C:\Windows\System\fhkhROI.exe
  C:\Windows\System\fhkhROI.exe
  2⤵
  PID:10296
- C:\Windows\System\sqgsfCR.exe
  C:\Windows\System\sqgsfCR.exe
  2⤵
  PID:10356
- C:\Windows\System\SsrHWbe.exe
  C:\Windows\System\SsrHWbe.exe
  2⤵
  PID:10428
- C:\Windows\System\KJpIXxD.exe
  C:\Windows\System\KJpIXxD.exe
  2⤵
  PID:10496
- C:\Windows\System\yQrpuZF.exe
  C:\Windows\System\yQrpuZF.exe
  2⤵
  PID:10568
- C:\Windows\System\SngoQay.exe
  C:\Windows\System\SngoQay.exe
  2⤵
  PID:10628
- C:\Windows\System\tyPtSRM.exe
  C:\Windows\System\tyPtSRM.exe
  2⤵
  PID:10692
- C:\Windows\System\jSUOKbG.exe
  C:\Windows\System\jSUOKbG.exe
  2⤵
  PID:10752
- C:\Windows\System\DXPCGQb.exe
  C:\Windows\System\DXPCGQb.exe
  2⤵
  PID:10804
- C:\Windows\System\EUykvdR.exe
  C:\Windows\System\EUykvdR.exe
  2⤵
  PID:10892
- C:\Windows\System\OYrfJyz.exe
  C:\Windows\System\OYrfJyz.exe
  2⤵
  PID:10944
- C:\Windows\System\OqEgfpr.exe
  C:\Windows\System\OqEgfpr.exe
  2⤵
  PID:11048
- C:\Windows\System\HHIthmH.exe
  C:\Windows\System\HHIthmH.exe
  2⤵
  PID:11088
- C:\Windows\System\vFJvLiu.exe
  C:\Windows\System\vFJvLiu.exe
  2⤵
  PID:11168
- C:\Windows\System\RZngVGd.exe
  C:\Windows\System\RZngVGd.exe
  2⤵
  PID:11256
- C:\Windows\System\SrmVklZ.exe
  C:\Windows\System\SrmVklZ.exe
  2⤵
  PID:10412
- C:\Windows\System\mwqnsLu.exe
  C:\Windows\System\mwqnsLu.exe
  2⤵
  PID:10552
- C:\Windows\System\wRvnArs.exe
  C:\Windows\System\wRvnArs.exe
  2⤵
  PID:10796
- C:\Windows\System\LCmSQrC.exe
  C:\Windows\System\LCmSQrC.exe
  2⤵
  PID:3120
- C:\Windows\System\JmGgVCT.exe
  C:\Windows\System\JmGgVCT.exe
  2⤵
  PID:11004
- C:\Windows\System\MGyzWYy.exe
  C:\Windows\System\MGyzWYy.exe
  2⤵
  PID:11076
- C:\Windows\System\vxxkFAX.exe
  C:\Windows\System\vxxkFAX.exe
  2⤵
  PID:4884
- C:\Windows\System\NAjayoi.exe
  C:\Windows\System\NAjayoi.exe
  2⤵
  PID:2220
- C:\Windows\System\SesOmsk.exe
  C:\Windows\System\SesOmsk.exe
  2⤵
  PID:11160
- C:\Windows\System\ZziUIfc.exe
  C:\Windows\System\ZziUIfc.exe
  2⤵
  PID:10524
- C:\Windows\System\ofNfAzf.exe
  C:\Windows\System\ofNfAzf.exe
  2⤵
  PID:10888
- C:\Windows\System\sOYNwPi.exe
  C:\Windows\System\sOYNwPi.exe
  2⤵
  PID:10964
- C:\Windows\System\KCzgrFI.exe
  C:\Windows\System\KCzgrFI.exe
  2⤵
  PID:10468
- C:\Windows\System\lKhxClU.exe
  C:\Windows\System\lKhxClU.exe
  2⤵
  PID:10384
- C:\Windows\System\IIejYfh.exe
  C:\Windows\System\IIejYfh.exe
  2⤵
  PID:10472
- C:\Windows\System\PXLGrCP.exe
  C:\Windows\System\PXLGrCP.exe
  2⤵
  PID:10748
- C:\Windows\System\LZuSbOg.exe
  C:\Windows\System\LZuSbOg.exe
  2⤵
  PID:1592
- C:\Windows\System\zCtNMlW.exe
  C:\Windows\System\zCtNMlW.exe
  2⤵
  PID:11292
- C:\Windows\System\CHMJcTl.exe
  C:\Windows\System\CHMJcTl.exe
  2⤵
  PID:11320
- C:\Windows\System\iYroKNk.exe
  C:\Windows\System\iYroKNk.exe
  2⤵
  PID:11348
- C:\Windows\System\PCuiNnQ.exe
  C:\Windows\System\PCuiNnQ.exe
  2⤵
  PID:11376
- C:\Windows\System\ilTFuho.exe
  C:\Windows\System\ilTFuho.exe
  2⤵
  PID:11404
- C:\Windows\System\XoeqxDC.exe
  C:\Windows\System\XoeqxDC.exe
  2⤵
  PID:11432
- C:\Windows\System\FysqlQf.exe
  C:\Windows\System\FysqlQf.exe
  2⤵
  PID:11460
- C:\Windows\System\jlukvlQ.exe
  C:\Windows\System\jlukvlQ.exe
  2⤵
  PID:11488
- C:\Windows\System\evsExKU.exe
  C:\Windows\System\evsExKU.exe
  2⤵
  PID:11516
- C:\Windows\System\GJiIAVX.exe
  C:\Windows\System\GJiIAVX.exe
  2⤵
  PID:11544
- C:\Windows\System\vNUdOph.exe
  C:\Windows\System\vNUdOph.exe
  2⤵
  PID:11576
- C:\Windows\System\icnLoej.exe
  C:\Windows\System\icnLoej.exe
  2⤵
  PID:11604
- C:\Windows\System\jcLAQck.exe
  C:\Windows\System\jcLAQck.exe
  2⤵
  PID:11640
- C:\Windows\System\NikxhbB.exe
  C:\Windows\System\NikxhbB.exe
  2⤵
  PID:11660
- C:\Windows\System\LVOnsfB.exe
  C:\Windows\System\LVOnsfB.exe
  2⤵
  PID:11688
- C:\Windows\System\bcqdzmj.exe
  C:\Windows\System\bcqdzmj.exe
  2⤵
  PID:11716
- C:\Windows\System\RLWPYiF.exe
  C:\Windows\System\RLWPYiF.exe
  2⤵
  PID:11744
- C:\Windows\System\TMmdtaF.exe
  C:\Windows\System\TMmdtaF.exe
  2⤵
  PID:11772
- C:\Windows\System\fwOnmYp.exe
  C:\Windows\System\fwOnmYp.exe
  2⤵
  PID:11800
- C:\Windows\System\qkuqZhn.exe
  C:\Windows\System\qkuqZhn.exe
  2⤵
  PID:11828
- C:\Windows\System\ikWbbKS.exe
  C:\Windows\System\ikWbbKS.exe
  2⤵
  PID:11856
- C:\Windows\System\XoxKvIO.exe
  C:\Windows\System\XoxKvIO.exe
  2⤵
  PID:11884
- C:\Windows\System\iDYtzcA.exe
  C:\Windows\System\iDYtzcA.exe
  2⤵
  PID:11912
- C:\Windows\System\haSjzMt.exe
  C:\Windows\System\haSjzMt.exe
  2⤵
  PID:11940
- C:\Windows\System\nOTwtjI.exe
  C:\Windows\System\nOTwtjI.exe
  2⤵
  PID:11968
- C:\Windows\System\aPEyPSD.exe
  C:\Windows\System\aPEyPSD.exe
  2⤵
  PID:11996
- C:\Windows\System\OpzDhmD.exe
  C:\Windows\System\OpzDhmD.exe
  2⤵
  PID:12024
- C:\Windows\System\ldYAQPg.exe
  C:\Windows\System\ldYAQPg.exe
  2⤵
  PID:12052
- C:\Windows\System\pHuhXcw.exe
  C:\Windows\System\pHuhXcw.exe
  2⤵
  PID:12080
- C:\Windows\System\xWSIxzp.exe
  C:\Windows\System\xWSIxzp.exe
  2⤵
  PID:12108
- C:\Windows\System\bQuOxOj.exe
  C:\Windows\System\bQuOxOj.exe
  2⤵
  PID:12136
- C:\Windows\System\LRGjevq.exe
  C:\Windows\System\LRGjevq.exe
  2⤵
  PID:12164
- C:\Windows\System\sbgBdrj.exe
  C:\Windows\System\sbgBdrj.exe
  2⤵
  PID:12204
- C:\Windows\System\AzhEfYN.exe
  C:\Windows\System\AzhEfYN.exe
  2⤵
  PID:12220
- C:\Windows\System\zoMdbJR.exe
  C:\Windows\System\zoMdbJR.exe
  2⤵
  PID:12248
- C:\Windows\System\UtZiRIE.exe
  C:\Windows\System\UtZiRIE.exe
  2⤵
  PID:12276
- C:\Windows\System\FocNChI.exe
  C:\Windows\System\FocNChI.exe
  2⤵
  PID:11304
- C:\Windows\System\gRsUGVy.exe
  C:\Windows\System\gRsUGVy.exe
  2⤵
  PID:11372
- C:\Windows\System\wtsNNip.exe
  C:\Windows\System\wtsNNip.exe
  2⤵
  PID:11444
- C:\Windows\System\GmIcOsK.exe
  C:\Windows\System\GmIcOsK.exe
  2⤵
  PID:11500
- C:\Windows\System\daXGpqG.exe
  C:\Windows\System\daXGpqG.exe
  2⤵
  PID:11568
- C:\Windows\System\jvClxDN.exe
  C:\Windows\System\jvClxDN.exe
  2⤵
  PID:11628
- C:\Windows\System\UvzgMoB.exe
  C:\Windows\System\UvzgMoB.exe
  2⤵
  PID:11700
- C:\Windows\System\ZomWTQF.exe
  C:\Windows\System\ZomWTQF.exe
  2⤵
  PID:11756
- C:\Windows\System\WwJYXwm.exe
  C:\Windows\System\WwJYXwm.exe
  2⤵
  PID:11820
- C:\Windows\System\QVblHMM.exe
  C:\Windows\System\QVblHMM.exe
  2⤵
  PID:11880
- C:\Windows\System\UwNmmHK.exe
  C:\Windows\System\UwNmmHK.exe
  2⤵
  PID:11952
- C:\Windows\System\zAfcNMS.exe
  C:\Windows\System\zAfcNMS.exe
  2⤵
  PID:12016
- C:\Windows\System\HpoCIao.exe
  C:\Windows\System\HpoCIao.exe
  2⤵
  PID:12076
- C:\Windows\System\YfBkVEi.exe
  C:\Windows\System\YfBkVEi.exe
  2⤵
  PID:12148
- C:\Windows\System\GbKVGpM.exe
  C:\Windows\System\GbKVGpM.exe
  2⤵
  PID:12188
- C:\Windows\System\heiEQnz.exe
  C:\Windows\System\heiEQnz.exe
  2⤵
  PID:12268
- C:\Windows\System\qpKXNaB.exe
  C:\Windows\System\qpKXNaB.exe
  2⤵
  PID:11368
- C:\Windows\System\bwIhfnD.exe
  C:\Windows\System\bwIhfnD.exe
  2⤵
  PID:11528
- C:\Windows\System\ejxywPU.exe
  C:\Windows\System\ejxywPU.exe
  2⤵
  PID:11680
- C:\Windows\System\sJRzdKo.exe
  C:\Windows\System\sJRzdKo.exe
  2⤵
  PID:11784
- C:\Windows\System\TPbWgDs.exe
  C:\Windows\System\TPbWgDs.exe
  2⤵
  PID:11932
- C:\Windows\System\KWSQpfT.exe
  C:\Windows\System\KWSQpfT.exe
  2⤵
  PID:12072
- C:\Windows\System\kLTklGJ.exe
  C:\Windows\System\kLTklGJ.exe
  2⤵
  PID:12232
- C:\Windows\System\nJVGaqO.exe
  C:\Windows\System\nJVGaqO.exe
  2⤵
  PID:11480
- C:\Windows\System\GWQrqNO.exe
  C:\Windows\System\GWQrqNO.exe
  2⤵
  PID:3820
- C:\Windows\System\OcLJCpu.exe
  C:\Windows\System\OcLJCpu.exe
  2⤵
  PID:12132
- C:\Windows\System\KLbJwfq.exe
  C:\Windows\System\KLbJwfq.exe
  2⤵
  PID:11624
- C:\Windows\System\UqlZkbW.exe
  C:\Windows\System\UqlZkbW.exe
  2⤵
  PID:11360
- C:\Windows\System\ixiaDAI.exe
  C:\Windows\System\ixiaDAI.exe
  2⤵
  PID:12296
- C:\Windows\System\jAdifeu.exe
  C:\Windows\System\jAdifeu.exe
  2⤵
  PID:12324
- C:\Windows\System\MkjigwT.exe
  C:\Windows\System\MkjigwT.exe
  2⤵
  PID:12360
- C:\Windows\System\WPzUNXm.exe
  C:\Windows\System\WPzUNXm.exe
  2⤵
  PID:12384
- C:\Windows\System\AjJHvMJ.exe
  C:\Windows\System\AjJHvMJ.exe
  2⤵
  PID:12412
- C:\Windows\System\ADHnbAM.exe
  C:\Windows\System\ADHnbAM.exe
  2⤵
  PID:12440
- C:\Windows\System\cjnIAcf.exe
  C:\Windows\System\cjnIAcf.exe
  2⤵
  PID:12468
- C:\Windows\System\qweNoOH.exe
  C:\Windows\System\qweNoOH.exe
  2⤵
  PID:12496
- C:\Windows\System\hMwQqIz.exe
  C:\Windows\System\hMwQqIz.exe
  2⤵
  PID:12524
- C:\Windows\System\EqInOVy.exe
  C:\Windows\System\EqInOVy.exe
  2⤵
  PID:12684
- C:\Windows\System\jawsdGF.exe
  C:\Windows\System\jawsdGF.exe
  2⤵
  PID:12716
- C:\Windows\System\RUbPRXP.exe
  C:\Windows\System\RUbPRXP.exe
  2⤵
  PID:12744
- C:\Windows\System\vBjMofM.exe
  C:\Windows\System\vBjMofM.exe
  2⤵
  PID:12772
- C:\Windows\System\uRpbfpX.exe
  C:\Windows\System\uRpbfpX.exe
  2⤵
  PID:12800
- C:\Windows\System\AIQujCg.exe
  C:\Windows\System\AIQujCg.exe
  2⤵
  PID:12828
- C:\Windows\System\GfNiqDF.exe
  C:\Windows\System\GfNiqDF.exe
  2⤵
  PID:12856
- C:\Windows\System\wmhIkvE.exe
  C:\Windows\System\wmhIkvE.exe
  2⤵
  PID:12884
- C:\Windows\System\Uxfbolf.exe
  C:\Windows\System\Uxfbolf.exe
  2⤵
  PID:12912
- C:\Windows\System\mgohBdj.exe
  C:\Windows\System\mgohBdj.exe
  2⤵
  PID:12940
- C:\Windows\System\PzFvnXA.exe
  C:\Windows\System\PzFvnXA.exe
  2⤵
  PID:12968
- C:\Windows\System\raYWqUI.exe
  C:\Windows\System\raYWqUI.exe
  2⤵
  PID:12996
- C:\Windows\System\todVQKs.exe
  C:\Windows\System\todVQKs.exe
  2⤵
  PID:13024
- C:\Windows\System\vEvIJOk.exe
  C:\Windows\System\vEvIJOk.exe
  2⤵
  PID:13052
- C:\Windows\System\rwNToux.exe
  C:\Windows\System\rwNToux.exe
  2⤵
  PID:13080
- C:\Windows\System\oiKCFyl.exe
  C:\Windows\System\oiKCFyl.exe
  2⤵
  PID:13108
- C:\Windows\System\LQLCxqS.exe
  C:\Windows\System\LQLCxqS.exe
  2⤵
  PID:13136
- C:\Windows\System\djrfyXr.exe
  C:\Windows\System\djrfyXr.exe
  2⤵
  PID:13164
- C:\Windows\System\iOfdYAS.exe
  C:\Windows\System\iOfdYAS.exe
  2⤵
  PID:13192
- C:\Windows\System\bWRDGZz.exe
  C:\Windows\System\bWRDGZz.exe
  2⤵
  PID:13220
- C:\Windows\System\QmtakIi.exe
  C:\Windows\System\QmtakIi.exe
  2⤵
  PID:13248
- C:\Windows\System\vwtCVUH.exe
  C:\Windows\System\vwtCVUH.exe
  2⤵
  PID:13280
- C:\Windows\System\STWrLKu.exe
  C:\Windows\System\STWrLKu.exe
  2⤵
  PID:12424
- C:\Windows\System\FvCzDET.exe
  C:\Windows\System\FvCzDET.exe
  2⤵
  PID:12488
- C:\Windows\System\jTmloUi.exe
  C:\Windows\System\jTmloUi.exe
  2⤵
  PID:12548
- C:\Windows\System\VfziiQo.exe
  C:\Windows\System\VfziiQo.exe
  2⤵
  PID:12576
- C:\Windows\System\JWSYPBa.exe
  C:\Windows\System\JWSYPBa.exe
  2⤵
  PID:12604
- C:\Windows\System\bTjRXzQ.exe
  C:\Windows\System\bTjRXzQ.exe
  2⤵
  PID:12632
- C:\Windows\System\yduOcEK.exe
  C:\Windows\System\yduOcEK.exe
  2⤵
  PID:12660
- C:\Windows\System\GEpisUQ.exe
  C:\Windows\System\GEpisUQ.exe
  2⤵
  PID:12700
- C:\Windows\System\povRsMh.exe
  C:\Windows\System\povRsMh.exe
  2⤵
  PID:12764
- C:\Windows\System\wylVvIq.exe
  C:\Windows\System\wylVvIq.exe
  2⤵
  PID:12824
- C:\Windows\System\kKnjPjT.exe
  C:\Windows\System\kKnjPjT.exe
  2⤵
  PID:12896
- C:\Windows\System\uxQwKzn.exe
  C:\Windows\System\uxQwKzn.exe
  2⤵
  PID:12988
- C:\Windows\System\qLvNIBp.exe
  C:\Windows\System\qLvNIBp.exe
  2⤵
  PID:13020
- C:\Windows\System\PphYVdn.exe
  C:\Windows\System\PphYVdn.exe
  2⤵
  PID:13076
- C:\Windows\System\WPmKCXO.exe
  C:\Windows\System\WPmKCXO.exe
  2⤵
  PID:13148
- C:\Windows\System\KnTxcHi.exe
  C:\Windows\System\KnTxcHi.exe
  2⤵
  PID:13212
- C:\Windows\System\YsLafbu.exe
  C:\Windows\System\YsLafbu.exe
  2⤵
  PID:13272
- C:\Windows\System\QZnYXBd.exe
  C:\Windows\System\QZnYXBd.exe
  2⤵
  PID:12308
- C:\Windows\System\OkaDyUB.exe
  C:\Windows\System\OkaDyUB.exe
  2⤵
  PID:12376
- C:\Windows\System\ZubbHuy.exe
  C:\Windows\System\ZubbHuy.exe
  2⤵
  PID:12480
- C:\Windows\System\QBpGlBl.exe
  C:\Windows\System\QBpGlBl.exe
  2⤵
  PID:12596
- C:\Windows\System\uBCslvq.exe
  C:\Windows\System\uBCslvq.exe
  2⤵
  PID:12656
- C:\Windows\System\YJpNnrL.exe
  C:\Windows\System\YJpNnrL.exe
  2⤵
  PID:12792
- C:\Windows\System\TyKTzkq.exe
  C:\Windows\System\TyKTzkq.exe
  2⤵
  PID:12936
- C:\Windows\System\eObfnfA.exe
  C:\Windows\System\eObfnfA.exe
  2⤵
  PID:13072
- C:\Windows\System\lyRURad.exe
  C:\Windows\System\lyRURad.exe
  2⤵
  PID:13240
- C:\Windows\System\KVSbPiZ.exe
  C:\Windows\System\KVSbPiZ.exe
  2⤵
  PID:12368
- C:\Windows\System\QGIKqlu.exe
  C:\Windows\System\QGIKqlu.exe
  2⤵
  PID:12464
- C:\Windows\System\wXrxiRe.exe
  C:\Windows\System\wXrxiRe.exe
  2⤵
  PID:12692
- C:\Windows\System\kpPyTbr.exe
  C:\Windows\System\kpPyTbr.exe
  2⤵
  PID:12372
- C:\Windows\System\BfpTTej.exe
  C:\Windows\System\BfpTTej.exe
  2⤵
  PID:13304
- C:\Windows\System\snJdaSb.exe
  C:\Windows\System\snJdaSb.exe
  2⤵
  PID:12588
- C:\Windows\System\eJRLbMs.exe
  C:\Windows\System\eJRLbMs.exe
  2⤵
  PID:1972
- C:\Windows\System\WSVWJEF.exe
  C:\Windows\System\WSVWJEF.exe
  2⤵
  PID:12880
- C:\Windows\System\LApkzrB.exe
  C:\Windows\System\LApkzrB.exe
  2⤵
  PID:3028
- C:\Windows\System\aBMCNKm.exe
  C:\Windows\System\aBMCNKm.exe
  2⤵
  PID:13188
- C:\Windows\System\RjjzuRV.exe
  C:\Windows\System\RjjzuRV.exe
  2⤵
  PID:13340
- C:\Windows\System\hlzOcFl.exe
  C:\Windows\System\hlzOcFl.exe
  2⤵
  PID:13368
- C:\Windows\System\QkhssaJ.exe
  C:\Windows\System\QkhssaJ.exe
  2⤵
  PID:13396
- C:\Windows\System\hZiMnWg.exe
  C:\Windows\System\hZiMnWg.exe
  2⤵
  PID:13424
- C:\Windows\System\RurmDvG.exe
  C:\Windows\System\RurmDvG.exe
  2⤵
  PID:13452
- C:\Windows\System\ArgKxrD.exe
  C:\Windows\System\ArgKxrD.exe
  2⤵
  PID:13480
- C:\Windows\System\JXWElgO.exe
  C:\Windows\System\JXWElgO.exe
  2⤵
  PID:13508
- C:\Windows\System\DdvKeXZ.exe
  C:\Windows\System\DdvKeXZ.exe
  2⤵
  PID:13536
- C:\Windows\System\yxedazy.exe
  C:\Windows\System\yxedazy.exe
  2⤵
  PID:13564
- C:\Windows\System\qJzoFNK.exe
  C:\Windows\System\qJzoFNK.exe
  2⤵
  PID:13592
- C:\Windows\System\syjTHYZ.exe
  C:\Windows\System\syjTHYZ.exe
  2⤵
  PID:13620
- C:\Windows\System\vLytLLg.exe
  C:\Windows\System\vLytLLg.exe
  2⤵
  PID:13648
- C:\Windows\System\mXVRAgT.exe
  C:\Windows\System\mXVRAgT.exe
  2⤵
  PID:13676
- C:\Windows\System\snNUWYX.exe
  C:\Windows\System\snNUWYX.exe
  2⤵
  PID:13704
- C:\Windows\System\TLhfolv.exe
  C:\Windows\System\TLhfolv.exe
  2⤵
  PID:13732
- C:\Windows\System\iqcLQHE.exe
  C:\Windows\System\iqcLQHE.exe
  2⤵
  PID:13760
- C:\Windows\System\rTshSSO.exe
  C:\Windows\System\rTshSSO.exe
  2⤵
  PID:13788
- C:\Windows\System\DPOZPnw.exe
  C:\Windows\System\DPOZPnw.exe
  2⤵
  PID:13824
- C:\Windows\System\wvPjjvB.exe
  C:\Windows\System\wvPjjvB.exe
  2⤵
  PID:13852
- C:\Windows\System\nJaUcey.exe
  C:\Windows\System\nJaUcey.exe
  2⤵
  PID:13896
- C:\Windows\System\tMjzDLt.exe
  C:\Windows\System\tMjzDLt.exe
  2⤵
  PID:13924
- C:\Windows\System\DksXUON.exe
  C:\Windows\System\DksXUON.exe
  2⤵
  PID:13944
- C:\Windows\System\OFRzvnj.exe
  C:\Windows\System\OFRzvnj.exe
  2⤵
  PID:13988
- C:\Windows\System\XXxjCIf.exe
  C:\Windows\System\XXxjCIf.exe
  2⤵
  PID:14012
- C:\Windows\System\teHDYSE.exe
  C:\Windows\System\teHDYSE.exe
  2⤵
  PID:14048
- C:\Windows\System\naYDVIp.exe
  C:\Windows\System\naYDVIp.exe
  2⤵
  PID:14068
- C:\Windows\System\jHGbmeO.exe
  C:\Windows\System\jHGbmeO.exe
  2⤵
  PID:14100
- C:\Windows\System\CkIqBdB.exe
  C:\Windows\System\CkIqBdB.exe
  2⤵
  PID:14152
- C:\Windows\System\OfPLlpq.exe
  C:\Windows\System\OfPLlpq.exe
  2⤵
  PID:14180
- C:\Windows\System\PCqVQiq.exe
  C:\Windows\System\PCqVQiq.exe
  2⤵
  PID:14204
- C:\Windows\System\QTuQqSS.exe
  C:\Windows\System\QTuQqSS.exe
  2⤵
  PID:14244
- C:\Windows\System\HobaUvW.exe
  C:\Windows\System\HobaUvW.exe
  2⤵
  PID:14268
- C:\Windows\System\xmCwRZa.exe
  C:\Windows\System\xmCwRZa.exe
  2⤵
  PID:14304
- C:\Windows\System\HHHftDW.exe
  C:\Windows\System\HHHftDW.exe
  2⤵
  PID:14324
- C:\Windows\System\qfJQEod.exe
  C:\Windows\System\qfJQEod.exe
  2⤵
  PID:13352
- C:\Windows\System\OMChIhI.exe
  C:\Windows\System\OMChIhI.exe
  2⤵
  PID:13416
- C:\Windows\System\ctCdthv.exe
  C:\Windows\System\ctCdthv.exe
  2⤵
  PID:13476
- C:\Windows\System\jQhTQTB.exe
  C:\Windows\System\jQhTQTB.exe
  2⤵
  PID:13548
- C:\Windows\System\tFzrSRa.exe
  C:\Windows\System\tFzrSRa.exe
  2⤵
  PID:13612
- C:\Windows\System\BVHYbmN.exe
  C:\Windows\System\BVHYbmN.exe
  2⤵
  PID:13668
- C:\Windows\System\rasEGXS.exe
  C:\Windows\System\rasEGXS.exe
  2⤵
  PID:13728
- C:\Windows\System\vSRBRrm.exe
  C:\Windows\System\vSRBRrm.exe
  2⤵
  PID:13776
- C:\Windows\System\RXgiPpn.exe
  C:\Windows\System\RXgiPpn.exe
  2⤵
  PID:13844
- C:\Windows\System\HyhZWRf.exe
  C:\Windows\System\HyhZWRf.exe
  2⤵
  PID:864
- C:\Windows\System\GhjQVuK.exe
  C:\Windows\System\GhjQVuK.exe
  2⤵
  PID:13884
- C:\Windows\System\irEeBQe.exe
  C:\Windows\System\irEeBQe.exe
  2⤵
  PID:13920
- C:\Windows\System\bBrvcxK.exe
  C:\Windows\System\bBrvcxK.exe
  2⤵
  PID:2800
- C:\Windows\System\oIdsnUz.exe
  C:\Windows\System\oIdsnUz.exe
  2⤵
  PID:4640
- C:\Windows\System\lFElymg.exe
  C:\Windows\System\lFElymg.exe
  2⤵
  PID:14028
- C:\Windows\System\FRJueid.exe
  C:\Windows\System\FRJueid.exe
  2⤵
  PID:13996
- C:\Windows\System\dxMlpmG.exe
  C:\Windows\System\dxMlpmG.exe
  2⤵
  PID:14096
- C:\Windows\System\KhCGiPz.exe
  C:\Windows\System\KhCGiPz.exe
  2⤵
  PID:14164
- C:\Windows\System\VFgiXRw.exe
  C:\Windows\System\VFgiXRw.exe
  2⤵
  PID:2168
- C:\Windows\System\vntYORZ.exe
  C:\Windows\System\vntYORZ.exe
  2⤵
  PID:14260
- C:\Windows\System\VkOfJWd.exe
  C:\Windows\System\VkOfJWd.exe
  2⤵
  PID:14292
- C:\Windows\System\NfCXZcc.exe
  C:\Windows\System\NfCXZcc.exe
  2⤵
  PID:13380
- C:\Windows\System\aqIFnew.exe
  C:\Windows\System\aqIFnew.exe
  2⤵
  PID:3088
- C:\Windows\System\SlOLALh.exe
  C:\Windows\System\SlOLALh.exe
  2⤵
  PID:13772
- C:\Windows\System\djQgGwH.exe
  C:\Windows\System\djQgGwH.exe
  2⤵
  PID:4532
- C:\Windows\System\gDsmBot.exe
  C:\Windows\System\gDsmBot.exe
  2⤵
  PID:3116
- C:\Windows\System\UiDoptC.exe
  C:\Windows\System\UiDoptC.exe
  2⤵
  PID:13836
- C:\Windows\System\uyhdxDh.exe
  C:\Windows\System\uyhdxDh.exe
  2⤵
  PID:5052
- C:\Windows\System\JQNjPCV.exe
  C:\Windows\System\JQNjPCV.exe
  2⤵
  PID:4068
- C:\Windows\System\NxrGYRU.exe
  C:\Windows\System\NxrGYRU.exe
  2⤵
  PID:3560
- C:\Windows\System\ygbLzZN.exe
  C:\Windows\System\ygbLzZN.exe
  2⤵
  PID:3352
- C:\Windows\System\dycWuUK.exe
  C:\Windows\System\dycWuUK.exe
  2⤵
  PID:14040
- C:\Windows\System\anJvDXa.exe
  C:\Windows\System\anJvDXa.exe
  2⤵
  PID:4948
- C:\Windows\System\NSBJnij.exe
  C:\Windows\System\NSBJnij.exe
  2⤵
  PID:14212
- C:\Windows\System\BuVqtsF.exe
  C:\Windows\System\BuVqtsF.exe
  2⤵
  PID:14288
- C:\Windows\System\HUzkDJl.exe
  C:\Windows\System\HUzkDJl.exe
  2⤵
  PID:3896
- C:\Windows\System\sAwmUyI.exe
  C:\Windows\System\sAwmUyI.exe
  2⤵
  PID:13532
- C:\Windows\System\sBzGtwA.exe
  C:\Windows\System\sBzGtwA.exe
  2⤵
  PID:4820
- C:\Windows\System\ZWNLMxG.exe
  C:\Windows\System\ZWNLMxG.exe
  2⤵
  PID:4576
- C:\Windows\System\bWnOXcZ.exe
  C:\Windows\System\bWnOXcZ.exe
  2⤵
  PID:2336
- C:\Windows\System\rNzTirO.exe
  C:\Windows\System\rNzTirO.exe
  2⤵
  PID:4372
- C:\Windows\System\VCraklW.exe
  C:\Windows\System\VCraklW.exe
  2⤵
  PID:1344
- C:\Windows\System\yuGsNpV.exe
  C:\Windows\System\yuGsNpV.exe
  2⤵
  PID:14140
- C:\Windows\System\gmrLfhG.exe
  C:\Windows\System\gmrLfhG.exe
  2⤵
  PID:452
- C:\Windows\System\lUeLkAh.exe
  C:\Windows\System\lUeLkAh.exe
  2⤵
  PID:13336
- C:\Windows\System\WTtHwZB.exe
  C:\Windows\System\WTtHwZB.exe
  2⤵
  PID:3736
- C:\Windows\System\yyLJJoO.exe
  C:\Windows\System\yyLJJoO.exe
  2⤵
  PID:3728
- C:\Windows\System\ZJPZPFB.exe
  C:\Windows\System\ZJPZPFB.exe
  2⤵
  PID:1412
- C:\Windows\System\PIuoRka.exe
  C:\Windows\System\PIuoRka.exe
  2⤵
  PID:2840
- C:\Windows\System\FSolrMt.exe
  C:\Windows\System\FSolrMt.exe
  2⤵
  PID:952
- C:\Windows\System\deSNJJA.exe
  C:\Windows\System\deSNJJA.exe
  2⤵
  PID:2308
- C:\Windows\System\CMiAiNB.exe
  C:\Windows\System\CMiAiNB.exe
  2⤵
  PID:4332
- C:\Windows\System\gKWNFHO.exe
  C:\Windows\System\gKWNFHO.exe
  2⤵
  PID:2916
- C:\Windows\System\bGwtEha.exe
  C:\Windows\System\bGwtEha.exe
  2⤵
  PID:2672
- C:\Windows\System\PzKdqmd.exe
  C:\Windows\System\PzKdqmd.exe
  2⤵
  PID:3164
- C:\Windows\System\SSGotyH.exe
  C:\Windows\System\SSGotyH.exe
  2⤵
  PID:4076
- C:\Windows\System\HTskXEv.exe
  C:\Windows\System\HTskXEv.exe
  2⤵
  PID:1164
- C:\Windows\System\LoGUVvY.exe
  C:\Windows\System\LoGUVvY.exe
  2⤵
  PID:720
- C:\Windows\System\vFWebMJ.exe
  C:\Windows\System\vFWebMJ.exe
  2⤵
  PID:4604
- C:\Windows\System\Cmzqgbc.exe
  C:\Windows\System\Cmzqgbc.exe
  2⤵
  PID:1608
- C:\Windows\System\DYuohOO.exe
  C:\Windows\System\DYuohOO.exe
  2⤵
  PID:2116
- C:\Windows\System\fuhyRGI.exe
  C:\Windows\System\fuhyRGI.exe
  2⤵
  PID:3552
- C:\Windows\System\frNElef.exe
  C:\Windows\System\frNElef.exe
  2⤵
  PID:3188
- C:\Windows\System\CvGKzZS.exe
  C:\Windows\System\CvGKzZS.exe
  2⤵
  PID:14352
- C:\Windows\System\lHKZjTI.exe
  C:\Windows\System\lHKZjTI.exe
  2⤵
  PID:14380
- C:\Windows\System\lTnUJwF.exe
  C:\Windows\System\lTnUJwF.exe
  2⤵
  PID:14408
- C:\Windows\System\xkssMvG.exe
  C:\Windows\System\xkssMvG.exe
  2⤵
  PID:14436
- C:\Windows\System\vIKUDVg.exe
  C:\Windows\System\vIKUDVg.exe
  2⤵
  PID:14464
- C:\Windows\System\nFujelf.exe
  C:\Windows\System\nFujelf.exe
  2⤵
  PID:14492
- C:\Windows\System\dzESKJS.exe
  C:\Windows\System\dzESKJS.exe
  2⤵
  PID:14520
- C:\Windows\System\plpyMAx.exe
  C:\Windows\System\plpyMAx.exe
  2⤵
  PID:14548
- C:\Windows\System\mfUDJca.exe
  C:\Windows\System\mfUDJca.exe
  2⤵
  PID:14576
- C:\Windows\System\EVCBsIp.exe
  C:\Windows\System\EVCBsIp.exe
  2⤵
  PID:14604
- C:\Windows\System\mZOHxtl.exe
  C:\Windows\System\mZOHxtl.exe
  2⤵
  PID:14632
- C:\Windows\System\VhyQxGx.exe
  C:\Windows\System\VhyQxGx.exe
  2⤵
  PID:14660
- C:\Windows\System\NzirBnK.exe
  C:\Windows\System\NzirBnK.exe
  2⤵
  PID:14688
- C:\Windows\System\yfssHhY.exe
  C:\Windows\System\yfssHhY.exe
  2⤵
  PID:14720
- C:\Windows\System\ZHxQJKE.exe
  C:\Windows\System\ZHxQJKE.exe
  2⤵
  PID:14748
- C:\Windows\System\JUehTpZ.exe
  C:\Windows\System\JUehTpZ.exe
  2⤵
  PID:14776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AEWiVhl.exe

Filesize
6.0MB

MD5
5999f42f1ac832ca26603cc86801cd5a

SHA1
45b1cf7053dc74e1b4f6eedcdb2a7c07af1a6577

SHA256
ada1ad271674968a9d2a087025d4c273477f251dc35528bbbfd6bb920c640ebc

SHA512
9cada4986cdb2b045daa90d6c5777e28046d76c780da8fe7aa8a08b773234820d5e68094038856ca747970aaa5295b44dfd77fc2d32ba831d366a5d38c3714f7

Download Submit
C:\Windows\System\AhypUpO.exe

Filesize
6.0MB

MD5
8c9e45fff99dca77781a7af5e1398ec5

SHA1
4522da78716551d07131df95dc1ff5225cc5c597

SHA256
81865c87b1ff7206c67b7c2edd69b3005c53578cc9a35d555c5088f03bf1554f

SHA512
1ee24dc22079aba1f822b9cdf62a8cfa5a19905785c69311563af8efc30294b64a462330561cfeea360bb9c2db829a8f2e40dd70529666beaf4cc519fc7dba37

Download Submit
C:\Windows\System\GfOnfML.exe

Filesize
6.0MB

MD5
2d46f4cfb57ed8c808a4b809763eefc5

SHA1
edcc97e99d4d694afb790bf16b4a36ca1ce81d5b

SHA256
a437b8813d0bb4ad3525b05d72d4ca93b97fed72add86501692ae53109c121b9

SHA512
9469b16285b995535d16cb47b8b5d96c8a1c49098a3eb98efa0efb804642675dfcb84eb9d94f9511fb2b122fa21c5fdb9e771a32f7983b1ef48a6edffcbf24e8

Download Submit
C:\Windows\System\GjZfyId.exe

Filesize
6.0MB

MD5
eeffb0e4b874e2979c5eba6b7134cd63

SHA1
b001047ee40379b761913bf9ff054009a4f77e55

SHA256
ad92267abb0f6c6bb22c92f67a72951f3b46936f058fed2ef41f440093d72272

SHA512
5dd15c999290ac2cc8f04a01cd661714400af9b8fb00f6a46fd37341bc9cf2447e98cc72711330bdf4703471245032400168fc6c3ca2a429eee3d34c2e893d3c

Download Submit
C:\Windows\System\IkrLqVh.exe

Filesize
6.0MB

MD5
2007f49730e60d7b412ff7afa92e4bc3

SHA1
bb8bd3d42b8c8d6b513acf1ea48e124ed11a658d

SHA256
98a2672208839f6d3e3b8c7ba43fd32d149447d1e8033574fa0fc8750be6f000

SHA512
a9b5438481f0f202c7ff72017e5c11df6db5da318f201d3a4ea1520b490e2364e78a14a0375843a0d556c0633be67ba78a53e9d69554309ced46ecf175a955b0

Download Submit
C:\Windows\System\JGHpsjH.exe

Filesize
6.0MB

MD5
09c8197ffb408b157cdd4053361bf765

SHA1
d4e3b7d1eddfa4400c175d0a13eb61e80df80389

SHA256
91b4b3ffb965a0e3404889319190e6355608f26967ae7bfd5976824a29a644fb

SHA512
03f694fb77f4d08176d2653e2f181a7f0c6cbd986947262949e75141b3c86c85ded1ad41b9065f1d5dc2a0283fab13ddb915ed68aeaf95678988803764eb662a

Download Submit
C:\Windows\System\KMyVGFT.exe

Filesize
6.0MB

MD5
d349510492dbda3730aa269de2095622

SHA1
506d774d1c5752db2ea4cb7da9f51dde6f08f38c

SHA256
07e4f35d178315735004830ebb5c97ac7f33b92c01cb596868835e715af9aa47

SHA512
786e809603cda108a810f1d8b4785965748f5e91da34c53e96390c0070d296c9e1ec899f9ddaca5316b66cb1bd4f9bc07997f9b048467731a35587a276a78bb2

Download Submit
C:\Windows\System\LFdxktW.exe

Filesize
6.0MB

MD5
5a4db14b9f8dfbe2fe831ed2210d8abb

SHA1
2088974b86a1fe6b51441839ccab4a929b98cae9

SHA256
2f3dc516956ab49a771db14e62a89ab6af38a195672078624e4abea63fedf7e8

SHA512
f9381ddcf074920b384ee2c24943bec16f6fd8d99ca3c61c45a0eca2acedc0db2eec83e085ef1dd421d94e95bff97bb3188aed8ad4846604ba51b02f1ba066ef

Download Submit
C:\Windows\System\LSJbhIO.exe

Filesize
6.0MB

MD5
772f539ad42bad606660e15dae760b4a

SHA1
3c7fbb9d8f96c29948e318c1a9b67fcdc8a819e6

SHA256
8cb093f176dcd761e89a83af5361513fa124cf8a63dc81da59cf3ec5ff0fdf6d

SHA512
f2399362250b057c2628f430875ef7a3a16472fd75951e2d46e412602964a27af4e4e0aae032915e7faa55f2e4f8c3386947a7adde6ef5bfba0953da2f6dfe8b

Download Submit
C:\Windows\System\LlDsUTd.exe

Filesize
6.0MB

MD5
32b5eddb0ed911f73300c103ee6e2d93

SHA1
50bd799090aa52f38d1b18c2867301e8413c3b3f

SHA256
8486c270533b4c0f10a9c021418cead6c5d998f2ee792de03f7631334aeb79c6

SHA512
082e2db086e241307a3d83c3f9108aa968dc271b090a2d03f4f9f0b1a0cf393d0ca081c764484e231d0b3282f3244f01935858ab6f8b05f4dd8e8967e48e2a09

Download Submit
C:\Windows\System\MGbAgrd.exe

Filesize
6.0MB

MD5
4a65a237d90c849579efc6772e909f99

SHA1
b31ba94871dc03de18b17ae5c25d1f754be9f259

SHA256
6764b796a5e10e6cb5a025d16fb2e8c316c64bd82c692c9592e011839eecf57b

SHA512
04dbc6f033420023f0b12ea52fff2f014f6d4794f5861ba010b1c5d15b3f52beec58c11e65e3896c453f5d08adee76842ae8a8ec14fe9211e2e529667494c9be

Download Submit
C:\Windows\System\PuaEiQN.exe

Filesize
6.0MB

MD5
2f507e9c55c2d1b9976809a3fd60bc65

SHA1
117d9dca7ca85b4d57593edf2dbe9985ce27518b

SHA256
c9290596ad267dded412778c8e98dfd06da4f38e21f83cc14ac6c74696a14cc3

SHA512
2667d72ca26a70c99ca15b0eebe9adba59b15d0facdf38c771e6ab0408b99351fdcdd3eae4574e94f48c40b39d09901cc0c897ae60dc954b0a4175bcb59c7bfa

Download Submit
C:\Windows\System\RIeySVW.exe

Filesize
6.0MB

MD5
673da0fdf9d2565b83e476935021f7a4

SHA1
524a3e136deef30a72d94333313d2393fcf2ddd7

SHA256
a248eaf699cfe8470b88e7d6c59ebec5e4c15518ecd1c2af9ef6092aab07801f

SHA512
de08b111bc15bb373b30d012532db9282ec5f630ef733e27fa79a16e6481edb9bc275676dbce931162bd148c7c215245592030381dea4106f3ec22caf2216d30

Download Submit
C:\Windows\System\SSHykIU.exe

Filesize
6.0MB

MD5
cef136e1109b683d0bdd405ba508f7d6

SHA1
9bd825a7c24dd1e832c1d5faddaf03717def34e4

SHA256
0854be7275e73a43445bba927c13fec673591343124d7dbc36cf79d5e87d168a

SHA512
b08544cfff7f94bf9e25052c2a65da575cd045036848e7482316ea4283b0c828ded9d7f9bd5d80cb8c57e3c9c263f7fe8b644e85d984c64109da09a2289459da

Download Submit
C:\Windows\System\VlWBIxm.exe

Filesize
6.0MB

MD5
2a62f806f1bed1b6d071239c3f216145

SHA1
9fb88f136a026c884bf85eb43d704d6420e204f4

SHA256
e97392c29a78a28aee58a1e03e0a4b10de030ca49b48c33a78fa882258c67b8e

SHA512
d42c01a307b70801ea0f745ad01d524ba781c9cb455548c05ceb14c02ac01d5c7edb7c2895a128c39dabb1d92a70901f9f7c68d84f62914bc007345087ea77b7

Download Submit
C:\Windows\System\YqpTImK.exe

Filesize
6.0MB

MD5
6c876282e5aeb9f59c0c0267a5b4c3fd

SHA1
7ff77731da8d25d641cd807a5eb016741f25bc9f

SHA256
8e42eda58721ab22b677279b36507a7fd8ee2eb91292ada2f0f5561d07b6f147

SHA512
c901b9502dc68ff13a57008b591cb13a81399a1e96e6bffac2a18fc12a17e4aeb8af035b2499eb9c5e6c1b9e323c584a7fe57680b585a3c23300e8c0a955ec91

Download Submit
C:\Windows\System\affNvRe.exe

Filesize
6.0MB

MD5
591a0525a2a1071363d9f6139572a842

SHA1
15bf53f2144e5dbafc53fad7105eafc93e473eb4

SHA256
95772e5b07b4afae8c5b04e8a22e873c3195f6e4483f0f037676a4e43827ae3e

SHA512
647900aa42a36fc04b445efa91005bfecf8d9e7249ef9897251ab1d0b8ae519ab0b74e38c26728dc2a413446611e8eb09a5ea9ea43401152edf4c128a54ffc3a

Download Submit
C:\Windows\System\ahCnRhI.exe

Filesize
6.0MB

MD5
ee97fd4664b8230403f7dfc44e86970d

SHA1
428bd25cd005a45d50788cb394e8719f0d2d4dde

SHA256
f529985c21345470d8eebbe19c47616131c7daa616338fe71cfaa028da7ef198

SHA512
c34b53e7ca231ac3e1fb0de6eda5b5fe5ed953b903344fcd57c4fa69a17dc3ef665133810333eb63c00f551142d071506fb017fad93881101b432363d5379b8b

Download Submit
C:\Windows\System\cSpflgL.exe

Filesize
6.0MB

MD5
e656e873e4098c837eec7434f71df868

SHA1
60402e421bef65b6f1a470d4ca75ae1999f73c55

SHA256
664f1c82cbd594bc32bd2a43bee7f0478589bb5e9ec1876d7fd4eebfb49be4d9

SHA512
1d2a4291e414427caa8e2730136797ca86789de7cecf1246ad1a42dae5226699e70725c58aa03fa2251c4a49114ce3ae7674a18e05065e33b5b76a6423ea3b62

Download Submit
C:\Windows\System\cvyrOyQ.exe

Filesize
6.0MB

MD5
4870338e87b16edfef20f1932bfe2fbf

SHA1
5a58b22a6adfd341a78ab5e083752cf1d0e19750

SHA256
e8caae0580560c0f2771245faa123c984e5e59d021a8be419c0549c0eef64212

SHA512
ca072489e34f29c9054578c7ef871c70dfe13aa297f25db1697f779a9d2556ca62ff8760dc4392eee883aa7feb3ae430d27351b0666df77637044fbc55263086

Download Submit
C:\Windows\System\dKPAHmP.exe

Filesize
6.0MB

MD5
16d799b26df32d6a1846d9538d8ef14c

SHA1
4e5a3d8c04e2cdf15b4c8e122879c95accafa53a

SHA256
cc7fc1e97fe23330aa1dfeb76a7fbe858d967a26f5c6ddd6a2accff88f26ce09

SHA512
b5efda6a6136caa31eaaaa5ba7fe69cefad54cd6b2b765311d01449fd546daf87e56f8f4621242185044c4cf429a96b13581e8cd993404356b9912c78b017bef

Download Submit
C:\Windows\System\enWDVGG.exe

Filesize
6.0MB

MD5
02c9f610639dee81cd19adb953d070a2

SHA1
16ad4edba821db000d8e739606758c88a474e2f6

SHA256
2f988131e3a05da68b278e996479dad6db75aa253ae2ca7f1d3632f9838140c6

SHA512
e5c9a56e6d89507fac27bbef130df79bcafac33a517905a4c90aa812ca361b5405aadb5ddecbb5168c739ccc5439171dc724714368db94e978e2c34ecfcfd546

Download Submit
C:\Windows\System\flJrpkW.exe

Filesize
6.0MB

MD5
d2eb1eda4d6084a95f661ca11e261c71

SHA1
9ed019176d5c8776fa6590b2629e5b6ba05b6e8f

SHA256
a60cd2a5d1e6c765d5d572541a1c2a92444f94fe2024b6b5bfa982627798cdc6

SHA512
20745232678d8d2944bd61a2ea3323b466e93ef7110cdd37a3ccd65b9ad5a0311d9b9464f6859c9fd5eed0c3ca1092e8f6c34490ff4703610594b43fd6128545

Download Submit
C:\Windows\System\juPsYbL.exe

Filesize
6.0MB

MD5
aa2b31cfa96d3d4006c66cac57be8fbb

SHA1
b4a09addc64d26f338d6a302ca23d1ceee15b8df

SHA256
d85d300b593cfb69d50c561ca83121e0f2933cb6209c862f1ac44449f05904c4

SHA512
f48fbb5828569ef42e55ff61ed733f7ef6f057c68d7958e619795b5076be337a712da4d3355fb35d2c8a59388906dbd6f7818bbdb6d7bda4aad0c3e7f263eee6

Download Submit
C:\Windows\System\mcbgbIN.exe

Filesize
6.0MB

MD5
9d907587b6b7bbf9f49dda6b9b666f0d

SHA1
2feb39613597c9966fdd360a890d797c53547867

SHA256
9b2a8d75ca02b291c0640dfdf5c453ac02eedf6485997eed9343830e91e736c5

SHA512
ee6c2a3cd5f48f2d05d3c42fc732806a0bca9d40143840ea9a8c7bc8ff2af2e00d50395c1d8faea9cdf7aa690120acfe9e87a65b5f9fddaf894a12084f454292

Download Submit
C:\Windows\System\mmGtwkx.exe

Filesize
6.0MB

MD5
214e8ea2a7b55a0c33d4a1df60edbb28

SHA1
0303d336c0af7662ca2f8c746a53f9f20961881f

SHA256
31967d510b4749a20ef2acbb45428f3bbefdc6b48e50f51b5a7513d6d8f59f96

SHA512
37469751217f9ce43cd956a28dc4c5bf3d8aafea9dbfa7fe79f4b2d7f5304c8a54c81195610abea5bb673b13765ec47e5ac060f2c1b29320c605ec992c5228f5

Download Submit
C:\Windows\System\oEENkJx.exe

Filesize
6.0MB

MD5
ff87e75b3f4dd7906b219978d9d3e352

SHA1
91d6f928cf40b236cd869b3d01114526dbae5a31

SHA256
9c873f12aae6d4cada1b120b07d0afccaa16489435f11c76c698d23ad6bc9ae3

SHA512
83afdb213af1232517a9fb4dab193414bc469991e02a7dd6e2877da22685081e6fd5da763444241b3e696ecd82c7abfbb4b892857ac532a044c207cc8f910a9c

Download Submit
C:\Windows\System\qwofevH.exe

Filesize
6.0MB

MD5
3009dab1a11a079964ddde19b9ffbf05

SHA1
808481ec1394c33e732d88a1f593d48d501165f4

SHA256
1511be1f44f38af76f5b4bb6aa26f022b51f71fd01691f6f5c2202e7801b53ec

SHA512
1ff4d761dc008363e11a528677730c249692135dab7bf9a13a09d8253b2b4196fa9bb5c8a8a389b8eb9f4d0269abad76e0e825d7da0e308dc8718fbbb562a86a

Download Submit
C:\Windows\System\seGjUah.exe

Filesize
6.0MB

MD5
3ab15cdad717e859f997ca5a36c0a4d8

SHA1
34f32d1d62cbf5c94d785307fca43d08b6ee3a51

SHA256
2bf3d42e120c0807a84ce03b49ce55c60c9a205992089d960cff6e69d200d040

SHA512
8841aa72721eb9c910f2ed0072e368e3eb6ab799fd963d467407e78cb58f8d7bbf86609da2fcb6fc664e7c85434909b32e84a613372178cdeec9debb82220436

Download Submit
C:\Windows\System\sxKZNFs.exe

Filesize
6.0MB

MD5
68ac3ca28388b13e1f65b4366cf05401

SHA1
d54fc2ddb1386af62e0ccbc26fadda82b46ac5ed

SHA256
324d24274bfe413b863dc0e355d8f16c2edd194ff89c2203f886a2796beaa654

SHA512
af01105278f1d1f2e527ddf4b6f4915b4ceb986c7a3bccc241640fc550d577d47d83a66c432c73cacfef3ebc6f8ea573292cfbd747ff6fa7d0ea3e271256df7a

Download Submit
C:\Windows\System\yZuCGcb.exe

Filesize
6.0MB

MD5
81a3c435b26c11760837cbf6c2bada9f

SHA1
dd9eff64b0d1a1abd55983a40727a199cc2d1936

SHA256
0ecbd28486f50e22ac07a97cfaa9b8450699d709abb0e768c3bc701e7ac0243e

SHA512
861799f64bf8e2d564cad86107a895d398f043488cd88c0fd4c7bbcbe1e0bd87297cbda9aad6a1f2305bf18cfc017db22c52e87ac2d212800d1b2e6fa61c8d3a

Download Submit
C:\Windows\System\yaRZkSh.exe

Filesize
6.0MB

MD5
8628ed4a11c2ff7869c409c6fe29ce54

SHA1
c38c495b871a6b6caa43a34b6483a1eaaf14769c

SHA256
df3210ffb9090b676028a130f51b020a78a50c6b873289859d2bf7b8a09bad27

SHA512
a2a916d983f53552d0983a763217874efaa30a5f55457a511032735a72ab0a5fc3abc865e953c8cbd36fa19d1ccb4c6c153f7198f7ca5680f5cee2fdf2240745

Download Submit
memory/244-1941-0x00007FF6DD320000-0x00007FF6DD674000-memory.dmp

Filesize
3.3MB

Download
memory/244-184-0x00007FF6DD320000-0x00007FF6DD674000-memory.dmp

Filesize
3.3MB

Download
memory/244-78-0x00007FF6DD320000-0x00007FF6DD674000-memory.dmp

Filesize
3.3MB

Download
memory/764-2020-0x00007FF660540000-0x00007FF660894000-memory.dmp

Filesize
3.3MB

Download
memory/764-100-0x00007FF660540000-0x00007FF660894000-memory.dmp

Filesize
3.3MB

Download
memory/764-273-0x00007FF660540000-0x00007FF660894000-memory.dmp

Filesize
3.3MB

Download
memory/1332-88-0x00007FF786D40000-0x00007FF787094000-memory.dmp

Filesize
3.3MB

Download
memory/1332-2010-0x00007FF786D40000-0x00007FF787094000-memory.dmp

Filesize
3.3MB

Download
memory/1404-2044-0x00007FF6D54C0000-0x00007FF6D5814000-memory.dmp

Filesize
3.3MB

Download
memory/1404-162-0x00007FF6D54C0000-0x00007FF6D5814000-memory.dmp

Filesize
3.3MB

Download
memory/1636-332-0x00007FF604630000-0x00007FF604984000-memory.dmp

Filesize
3.3MB

Download
memory/1636-124-0x00007FF604630000-0x00007FF604984000-memory.dmp

Filesize
3.3MB

Download
memory/1636-2038-0x00007FF604630000-0x00007FF604984000-memory.dmp

Filesize
3.3MB

Download
memory/1760-584-0x00007FF74A2B0000-0x00007FF74A604000-memory.dmp

Filesize
3.3MB

Download
memory/1760-174-0x00007FF74A2B0000-0x00007FF74A604000-memory.dmp

Filesize
3.3MB

Download
memory/2120-2027-0x00007FF762C90000-0x00007FF762FE4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-158-0x00007FF762C90000-0x00007FF762FE4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-115-0x00007FF6C5500000-0x00007FF6C5854000-memory.dmp

Filesize
3.3MB

Download
memory/2416-1517-0x00007FF6C5500000-0x00007FF6C5854000-memory.dmp

Filesize
3.3MB

Download
memory/2416-63-0x00007FF6C5500000-0x00007FF6C5854000-memory.dmp

Filesize
3.3MB

Download
memory/2428-122-0x00007FF6CD130000-0x00007FF6CD484000-memory.dmp

Filesize
3.3MB

Download
memory/2428-2025-0x00007FF6CD130000-0x00007FF6CD484000-memory.dmp

Filesize
3.3MB

Download
memory/2428-209-0x00007FF6CD130000-0x00007FF6CD484000-memory.dmp

Filesize
3.3MB

Download
memory/2684-159-0x00007FF6FFBB0000-0x00007FF6FFF04000-memory.dmp

Filesize
3.3MB

Download
memory/2684-2039-0x00007FF6FFBB0000-0x00007FF6FFF04000-memory.dmp

Filesize
3.3MB

Download
memory/2788-163-0x00007FF7192D0000-0x00007FF719624000-memory.dmp

Filesize
3.3MB

Download
memory/2788-459-0x00007FF7192D0000-0x00007FF719624000-memory.dmp

Filesize
3.3MB

Download
memory/2788-2054-0x00007FF7192D0000-0x00007FF719624000-memory.dmp

Filesize
3.3MB

Download
memory/2896-1498-0x00007FF758170000-0x00007FF7584C4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-50-0x00007FF758170000-0x00007FF7584C4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-54-0x00007FF7DA7C0000-0x00007FF7DAB14000-memory.dmp

Filesize
3.3MB

Download
memory/2984-1509-0x00007FF7DA7C0000-0x00007FF7DAB14000-memory.dmp

Filesize
3.3MB

Download
memory/3104-334-0x00007FF71B960000-0x00007FF71BCB4000-memory.dmp

Filesize
3.3MB

Download
memory/3104-2030-0x00007FF71B960000-0x00007FF71BCB4000-memory.dmp

Filesize
3.3MB

Download
memory/3104-140-0x00007FF71B960000-0x00007FF71BCB4000-memory.dmp

Filesize
3.3MB

Download
memory/3608-187-0x00007FF756CC0000-0x00007FF757014000-memory.dmp

Filesize
3.3MB

Download
memory/3608-709-0x00007FF756CC0000-0x00007FF757014000-memory.dmp

Filesize
3.3MB

Download
memory/3608-2368-0x00007FF756CC0000-0x00007FF757014000-memory.dmp

Filesize
3.3MB

Download
memory/4036-1507-0x00007FF700270000-0x00007FF7005C4000-memory.dmp

Filesize
3.3MB

Download
memory/4036-47-0x00007FF700270000-0x00007FF7005C4000-memory.dmp

Filesize
3.3MB

Download
memory/4116-74-0x00007FF7C2DA0000-0x00007FF7C30F4000-memory.dmp

Filesize
3.3MB

Download
memory/4116-169-0x00007FF7C2DA0000-0x00007FF7C30F4000-memory.dmp

Filesize
3.3MB

Download
memory/4116-1933-0x00007FF7C2DA0000-0x00007FF7C30F4000-memory.dmp

Filesize
3.3MB

Download
memory/4124-186-0x00007FF6D7C30000-0x00007FF6D7F84000-memory.dmp

Filesize
3.3MB

Download
memory/4124-2367-0x00007FF6D7C30000-0x00007FF6D7F84000-memory.dmp

Filesize
3.3MB

Download
memory/4172-1518-0x00007FF767800000-0x00007FF767B54000-memory.dmp

Filesize
3.3MB

Download
memory/4172-164-0x00007FF767800000-0x00007FF767B54000-memory.dmp

Filesize
3.3MB

Download
memory/4172-64-0x00007FF767800000-0x00007FF767B54000-memory.dmp

Filesize
3.3MB

Download
memory/4212-29-0x00007FF640B10000-0x00007FF640E64000-memory.dmp

Filesize
3.3MB

Download
memory/4212-1503-0x00007FF640B10000-0x00007FF640E64000-memory.dmp

Filesize
3.3MB

Download
memory/4212-98-0x00007FF640B10000-0x00007FF640E64000-memory.dmp

Filesize
3.3MB

Download
memory/4400-86-0x00007FF65FEC0000-0x00007FF660214000-memory.dmp

Filesize
3.3MB

Download
memory/4400-0-0x00007FF65FEC0000-0x00007FF660214000-memory.dmp

Filesize
3.3MB

Download
memory/4400-1-0x000001EDCA530000-0x000001EDCA540000-memory.dmp

Filesize
64KB

Download
memory/4508-1491-0x00007FF7821F0000-0x00007FF782544000-memory.dmp

Filesize
3.3MB

Download
memory/4508-8-0x00007FF7821F0000-0x00007FF782544000-memory.dmp

Filesize
3.3MB

Download
memory/4512-92-0x00007FF618870000-0x00007FF618BC4000-memory.dmp

Filesize
3.3MB

Download
memory/4512-1506-0x00007FF618870000-0x00007FF618BC4000-memory.dmp

Filesize
3.3MB

Download
memory/4512-43-0x00007FF618870000-0x00007FF618BC4000-memory.dmp

Filesize
3.3MB

Download
memory/4736-151-0x00007FF618710000-0x00007FF618A64000-memory.dmp

Filesize
3.3MB

Download
memory/4736-2035-0x00007FF618710000-0x00007FF618A64000-memory.dmp

Filesize
3.3MB

Download
memory/4804-2042-0x00007FF76E980000-0x00007FF76ECD4000-memory.dmp

Filesize
3.3MB

Download
memory/4804-160-0x00007FF76E980000-0x00007FF76ECD4000-memory.dmp

Filesize
3.3MB

Download
memory/4836-1511-0x00007FF64DF20000-0x00007FF64E274000-memory.dmp

Filesize
3.3MB

Download
memory/4836-96-0x00007FF64DF20000-0x00007FF64E274000-memory.dmp

Filesize
3.3MB

Download
memory/4836-49-0x00007FF64DF20000-0x00007FF64E274000-memory.dmp

Filesize
3.3MB

Download
memory/4868-91-0x00007FF7AEBB0000-0x00007FF7AEF04000-memory.dmp

Filesize
3.3MB

Download
memory/4868-27-0x00007FF7AEBB0000-0x00007FF7AEF04000-memory.dmp

Filesize
3.3MB

Download
memory/4868-1494-0x00007FF7AEBB0000-0x00007FF7AEF04000-memory.dmp

Filesize
3.3MB

Download
memory/5012-97-0x00007FF794DD0000-0x00007FF795124000-memory.dmp

Filesize
3.3MB

Download
memory/5012-208-0x00007FF794DD0000-0x00007FF795124000-memory.dmp

Filesize
3.3MB

Download
memory/5012-2022-0x00007FF794DD0000-0x00007FF795124000-memory.dmp

Filesize
3.3MB

Download
memory/5032-102-0x00007FF7FA0D0000-0x00007FF7FA424000-memory.dmp

Filesize
3.3MB

Download
memory/5032-1514-0x00007FF7FA0D0000-0x00007FF7FA424000-memory.dmp

Filesize
3.3MB

Download
memory/5032-57-0x00007FF7FA0D0000-0x00007FF7FA424000-memory.dmp

Filesize
3.3MB

Download
memory/5036-2046-0x00007FF6B12A0000-0x00007FF6B15F4000-memory.dmp

Filesize
3.3MB

Download
memory/5036-161-0x00007FF6B12A0000-0x00007FF6B15F4000-memory.dmp

Filesize
3.3MB

Download