cobaltstrike | 0a1b5991c8addc3371b81560f967728e64614086bce58c44ed2395495879406a

Analysis

max time kernel
94s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2024, 05:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b65d6c2d6d37f7aef534f3243d52ee4a
SHA1

adfa396c883039b654161546b1cc2d000625decc
SHA256

0a1b5991c8addc3371b81560f967728e64614086bce58c44ed2395495879406a
SHA512

12b2b1e669a3f002a4c31f28ffda1b17b1efe1349c0bbeb44991ca74f9816708337a07088c2460d25e0b309c4cbac3669a3f8345e8bffd2c3beb01d87e2ccb60
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUw:T+q56utgpPF8u/7w

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000d000000023b6d-4.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b77-10.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b73-12.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b79-22.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7a-30.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7b-34.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b74-40.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7c-47.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7d-55.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7f-58.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b80-66.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b81-75.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b82-82.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b83-87.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b84-92.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b85-103.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b87-116.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b88-124.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b86-109.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b89-130.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8a-138.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8b-142.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8e-162.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b90-175.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8f-167.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8d-160.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8c-149.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b91-181.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b94-193.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9c-200.dat	cobalt_reflective_dll
behavioral2/files/0x000e000000023ba3-204.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b93-190.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3192-0-0x00007FF7FD820000-0x00007FF7FDB74000-memory.dmp	xmrig
behavioral2/files/0x000d000000023b6d-4.dat	xmrig
behavioral2/memory/2392-8-0x00007FF7B8770000-0x00007FF7B8AC4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b77-10.dat	xmrig
behavioral2/memory/2180-13-0x00007FF6650F0000-0x00007FF665444000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b73-12.dat	xmrig
behavioral2/memory/564-19-0x00007FF709BC0000-0x00007FF709F14000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b79-22.dat	xmrig
behavioral2/memory/3520-24-0x00007FF675940000-0x00007FF675C94000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b7a-30.dat	xmrig
behavioral2/memory/4088-32-0x00007FF799CA0000-0x00007FF799FF4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b7b-34.dat	xmrig
behavioral2/memory/3872-38-0x00007FF6652E0000-0x00007FF665634000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b74-40.dat	xmrig
behavioral2/files/0x000a000000023b7c-47.dat	xmrig
behavioral2/memory/2000-45-0x00007FF6417B0000-0x00007FF641B04000-memory.dmp	xmrig
behavioral2/memory/32-48-0x00007FF6BC200000-0x00007FF6BC554000-memory.dmp	xmrig
behavioral2/memory/2832-54-0x00007FF6AA270000-0x00007FF6AA5C4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b7d-55.dat	xmrig
behavioral2/files/0x000a000000023b7f-58.dat	xmrig
behavioral2/files/0x000a000000023b80-66.dat	xmrig
behavioral2/files/0x000a000000023b81-75.dat	xmrig
behavioral2/memory/2844-77-0x00007FF7644E0000-0x00007FF764834000-memory.dmp	xmrig
behavioral2/memory/2180-74-0x00007FF6650F0000-0x00007FF665444000-memory.dmp	xmrig
behavioral2/memory/4984-68-0x00007FF792C50000-0x00007FF792FA4000-memory.dmp	xmrig
behavioral2/memory/2392-67-0x00007FF7B8770000-0x00007FF7B8AC4000-memory.dmp	xmrig
behavioral2/memory/1692-61-0x00007FF6BA470000-0x00007FF6BA7C4000-memory.dmp	xmrig
behavioral2/memory/3192-60-0x00007FF7FD820000-0x00007FF7FDB74000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b82-82.dat	xmrig
behavioral2/memory/3520-84-0x00007FF675940000-0x00007FF675C94000-memory.dmp	xmrig
behavioral2/memory/4464-85-0x00007FF60EC90000-0x00007FF60EFE4000-memory.dmp	xmrig
behavioral2/memory/564-80-0x00007FF709BC0000-0x00007FF709F14000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b83-87.dat	xmrig
behavioral2/files/0x000a000000023b84-92.dat	xmrig
behavioral2/memory/5092-96-0x00007FF714E70000-0x00007FF7151C4000-memory.dmp	xmrig
behavioral2/memory/3872-95-0x00007FF6652E0000-0x00007FF665634000-memory.dmp	xmrig
behavioral2/memory/1612-89-0x00007FF732530000-0x00007FF732884000-memory.dmp	xmrig
behavioral2/memory/32-101-0x00007FF6BC200000-0x00007FF6BC554000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b85-103.dat	xmrig
behavioral2/memory/4612-102-0x00007FF6CAE60000-0x00007FF6CB1B4000-memory.dmp	xmrig
behavioral2/memory/2832-110-0x00007FF6AA270000-0x00007FF6AA5C4000-memory.dmp	xmrig
behavioral2/memory/1692-117-0x00007FF6BA470000-0x00007FF6BA7C4000-memory.dmp	xmrig
behavioral2/memory/3144-119-0x00007FF7208F0000-0x00007FF720C44000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b87-116.dat	xmrig
behavioral2/memory/4984-123-0x00007FF792C50000-0x00007FF792FA4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b88-124.dat	xmrig
behavioral2/memory/3660-112-0x00007FF7F3410000-0x00007FF7F3764000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b86-109.dat	xmrig
behavioral2/memory/3828-126-0x00007FF759BF0000-0x00007FF759F44000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b89-130.dat	xmrig
behavioral2/files/0x000a000000023b8a-138.dat	xmrig
behavioral2/files/0x000a000000023b8b-142.dat	xmrig
behavioral2/memory/1616-143-0x00007FF62BDC0000-0x00007FF62C114000-memory.dmp	xmrig
behavioral2/memory/4548-137-0x00007FF63E4B0000-0x00007FF63E804000-memory.dmp	xmrig
behavioral2/memory/2892-135-0x00007FF716AE0000-0x00007FF716E34000-memory.dmp	xmrig
behavioral2/memory/2844-131-0x00007FF7644E0000-0x00007FF764834000-memory.dmp	xmrig
behavioral2/memory/2688-152-0x00007FF790590000-0x00007FF7908E4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b8e-162.dat	xmrig
behavioral2/memory/4612-171-0x00007FF6CAE60000-0x00007FF6CB1B4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b90-175.dat	xmrig
behavioral2/memory/4832-172-0x00007FF78DA90000-0x00007FF78DDE4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b8f-167.dat	xmrig
behavioral2/memory/3876-165-0x00007FF70D910000-0x00007FF70DC64000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b8d-160.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2392	fJTXxur.exe
2180	BuqnfUn.exe
564	KxmfrYr.exe
3520	qBSEZSL.exe
4088	mPaNcKt.exe
3872	VyLiZcx.exe
2000	mqQZcMR.exe
32	tbvsOkk.exe
2832	MzioDdc.exe
1692	SHhhpfO.exe
4984	sYSgNVU.exe
2844	vbKEWco.exe
4464	MzbpDOL.exe
1612	qqSQvEU.exe
5092	DrnXUAf.exe
4612	UkfkMvS.exe
3660	etTZQqR.exe
3144	JXjUoWa.exe
3828	WplwnCX.exe
2892	skJOulx.exe
4548	fNmDUKL.exe
1616	dMXrlAG.exe
2688	aYsaKGp.exe
4068	riSfCTV.exe
3876	pmyWJOd.exe
4832	AnRrTwQ.exe
2212	ONnTvIB.exe
2120	YaOwsUI.exe
2028	fpuIYhN.exe
4272	RQwHDBK.exe
2260	JDsTCAw.exe
3528	DYMBsvI.exe
1664	DuSqZIq.exe
3280	PUMNpRq.exe
3668	rZlcfrs.exe
3044	LCaFMuV.exe
3740	HjIcddY.exe
2704	KDItmVN.exe
3956	EFbrCza.exe
2200	Jqaamqh.exe
4016	SgFFkGa.exe
4628	wwxevss.exe
4964	XKWYCiO.exe
4912	ABfvyNL.exe
4916	oNovanJ.exe
3256	RhdPICJ.exe
2808	Gsbmdcg.exe
2236	imXtJRO.exe
4496	TuEKBOm.exe
2880	LGDpquc.exe
4644	ZoDcQZQ.exe
3420	YFDqrQO.exe
5056	QtiFgCY.exe
1752	nNgtazk.exe
2768	iGzBJFs.exe
5096	QXbLdeW.exe
4736	qgDehiv.exe
3944	dHJTrBL.exe
2376	nJHuNhM.exe
2076	MJuKbcP.exe
4152	odRwUPS.exe
4728	xyQXEQF.exe
4476	dgNpLGT.exe
4676	GSGaZnC.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3192-0-0x00007FF7FD820000-0x00007FF7FDB74000-memory.dmp	upx
behavioral2/files/0x000d000000023b6d-4.dat	upx
behavioral2/memory/2392-8-0x00007FF7B8770000-0x00007FF7B8AC4000-memory.dmp	upx
behavioral2/files/0x000a000000023b77-10.dat	upx
behavioral2/memory/2180-13-0x00007FF6650F0000-0x00007FF665444000-memory.dmp	upx
behavioral2/files/0x000b000000023b73-12.dat	upx
behavioral2/memory/564-19-0x00007FF709BC0000-0x00007FF709F14000-memory.dmp	upx
behavioral2/files/0x000a000000023b79-22.dat	upx
behavioral2/memory/3520-24-0x00007FF675940000-0x00007FF675C94000-memory.dmp	upx
behavioral2/files/0x000a000000023b7a-30.dat	upx
behavioral2/memory/4088-32-0x00007FF799CA0000-0x00007FF799FF4000-memory.dmp	upx
behavioral2/files/0x000a000000023b7b-34.dat	upx
behavioral2/memory/3872-38-0x00007FF6652E0000-0x00007FF665634000-memory.dmp	upx
behavioral2/files/0x000b000000023b74-40.dat	upx
behavioral2/files/0x000a000000023b7c-47.dat	upx
behavioral2/memory/2000-45-0x00007FF6417B0000-0x00007FF641B04000-memory.dmp	upx
behavioral2/memory/32-48-0x00007FF6BC200000-0x00007FF6BC554000-memory.dmp	upx
behavioral2/memory/2832-54-0x00007FF6AA270000-0x00007FF6AA5C4000-memory.dmp	upx
behavioral2/files/0x000a000000023b7d-55.dat	upx
behavioral2/files/0x000a000000023b7f-58.dat	upx
behavioral2/files/0x000a000000023b80-66.dat	upx
behavioral2/files/0x000a000000023b81-75.dat	upx
behavioral2/memory/2844-77-0x00007FF7644E0000-0x00007FF764834000-memory.dmp	upx
behavioral2/memory/2180-74-0x00007FF6650F0000-0x00007FF665444000-memory.dmp	upx
behavioral2/memory/4984-68-0x00007FF792C50000-0x00007FF792FA4000-memory.dmp	upx
behavioral2/memory/2392-67-0x00007FF7B8770000-0x00007FF7B8AC4000-memory.dmp	upx
behavioral2/memory/1692-61-0x00007FF6BA470000-0x00007FF6BA7C4000-memory.dmp	upx
behavioral2/memory/3192-60-0x00007FF7FD820000-0x00007FF7FDB74000-memory.dmp	upx
behavioral2/files/0x000a000000023b82-82.dat	upx
behavioral2/memory/3520-84-0x00007FF675940000-0x00007FF675C94000-memory.dmp	upx
behavioral2/memory/4464-85-0x00007FF60EC90000-0x00007FF60EFE4000-memory.dmp	upx
behavioral2/memory/564-80-0x00007FF709BC0000-0x00007FF709F14000-memory.dmp	upx
behavioral2/files/0x000a000000023b83-87.dat	upx
behavioral2/files/0x000a000000023b84-92.dat	upx
behavioral2/memory/5092-96-0x00007FF714E70000-0x00007FF7151C4000-memory.dmp	upx
behavioral2/memory/3872-95-0x00007FF6652E0000-0x00007FF665634000-memory.dmp	upx
behavioral2/memory/1612-89-0x00007FF732530000-0x00007FF732884000-memory.dmp	upx
behavioral2/memory/32-101-0x00007FF6BC200000-0x00007FF6BC554000-memory.dmp	upx
behavioral2/files/0x000a000000023b85-103.dat	upx
behavioral2/memory/4612-102-0x00007FF6CAE60000-0x00007FF6CB1B4000-memory.dmp	upx
behavioral2/memory/2832-110-0x00007FF6AA270000-0x00007FF6AA5C4000-memory.dmp	upx
behavioral2/memory/1692-117-0x00007FF6BA470000-0x00007FF6BA7C4000-memory.dmp	upx
behavioral2/memory/3144-119-0x00007FF7208F0000-0x00007FF720C44000-memory.dmp	upx
behavioral2/files/0x000a000000023b87-116.dat	upx
behavioral2/memory/4984-123-0x00007FF792C50000-0x00007FF792FA4000-memory.dmp	upx
behavioral2/files/0x000a000000023b88-124.dat	upx
behavioral2/memory/3660-112-0x00007FF7F3410000-0x00007FF7F3764000-memory.dmp	upx
behavioral2/files/0x000a000000023b86-109.dat	upx
behavioral2/memory/3828-126-0x00007FF759BF0000-0x00007FF759F44000-memory.dmp	upx
behavioral2/files/0x000a000000023b89-130.dat	upx
behavioral2/files/0x000a000000023b8a-138.dat	upx
behavioral2/files/0x000a000000023b8b-142.dat	upx
behavioral2/memory/1616-143-0x00007FF62BDC0000-0x00007FF62C114000-memory.dmp	upx
behavioral2/memory/4548-137-0x00007FF63E4B0000-0x00007FF63E804000-memory.dmp	upx
behavioral2/memory/2892-135-0x00007FF716AE0000-0x00007FF716E34000-memory.dmp	upx
behavioral2/memory/2844-131-0x00007FF7644E0000-0x00007FF764834000-memory.dmp	upx
behavioral2/memory/2688-152-0x00007FF790590000-0x00007FF7908E4000-memory.dmp	upx
behavioral2/files/0x000a000000023b8e-162.dat	upx
behavioral2/memory/4612-171-0x00007FF6CAE60000-0x00007FF6CB1B4000-memory.dmp	upx
behavioral2/files/0x000a000000023b90-175.dat	upx
behavioral2/memory/4832-172-0x00007FF78DA90000-0x00007FF78DDE4000-memory.dmp	upx
behavioral2/files/0x000a000000023b8f-167.dat	upx
behavioral2/memory/3876-165-0x00007FF70D910000-0x00007FF70DC64000-memory.dmp	upx
behavioral2/files/0x000a000000023b8d-160.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\VIkpNho.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TuHqGlr.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ussmCFl.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QLPrsrQ.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rfdzFLm.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UlIERgk.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zwalZlt.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ihBNlHS.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LnXkXVH.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HjIcddY.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Mowtqid.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hwJxdPJ.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tkRKdLO.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ExWrdDv.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OpeUmoj.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GdgmLRZ.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WfWvnNQ.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qKBLJjf.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SDvTIjN.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jruGMgC.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MGZeRrm.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vjCMASt.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DYHRXRH.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XfYGjFb.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lqsvsfk.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NMxNBMD.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pnZdlPT.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\shqxXVP.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BiFxdNo.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qQZOqYx.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\phdtHKv.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Gsbmdcg.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jrkdCog.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qFqwcqq.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VAzcsup.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rsLaeyV.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gJFxOkv.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bmZLOPu.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DHrCPiq.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VnyGrcC.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fPxZpbQ.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZLNMsNH.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JncJzhq.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AHrmvkU.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fJTXxur.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TJElVyM.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\etINSog.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SArwuZQ.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gwcbpDx.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oaqbGlh.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\skJOulx.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OVbPkhE.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fNzDDgP.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NOidIAG.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eaqcWIA.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\toBlsNn.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PcNQHjf.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ujcSAze.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qpnxdPD.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yRfrlyG.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jVdvIFu.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WHkfbgV.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CBtHJcB.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QVkgLyb.exe	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3192 wrote to memory of 2392	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 3192 wrote to memory of 2392	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 3192 wrote to memory of 2180	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 3192 wrote to memory of 2180	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 3192 wrote to memory of 564	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 3192 wrote to memory of 564	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 3192 wrote to memory of 3520	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3192 wrote to memory of 3520	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3192 wrote to memory of 4088	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 3192 wrote to memory of 4088	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 3192 wrote to memory of 3872	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3192 wrote to memory of 3872	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3192 wrote to memory of 2000	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 3192 wrote to memory of 2000	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 3192 wrote to memory of 32	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3192 wrote to memory of 32	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3192 wrote to memory of 2832	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3192 wrote to memory of 2832	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3192 wrote to memory of 1692	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3192 wrote to memory of 1692	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3192 wrote to memory of 4984	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 3192 wrote to memory of 4984	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 3192 wrote to memory of 2844	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3192 wrote to memory of 2844	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3192 wrote to memory of 4464	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3192 wrote to memory of 4464	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3192 wrote to memory of 1612	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3192 wrote to memory of 1612	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3192 wrote to memory of 5092	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3192 wrote to memory of 5092	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3192 wrote to memory of 4612	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3192 wrote to memory of 4612	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3192 wrote to memory of 3660	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3192 wrote to memory of 3660	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3192 wrote to memory of 3144	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 3192 wrote to memory of 3144	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 3192 wrote to memory of 3828	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3192 wrote to memory of 3828	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3192 wrote to memory of 2892	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3192 wrote to memory of 2892	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3192 wrote to memory of 4548	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3192 wrote to memory of 4548	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3192 wrote to memory of 1616	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3192 wrote to memory of 1616	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3192 wrote to memory of 2688	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3192 wrote to memory of 2688	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3192 wrote to memory of 4068	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3192 wrote to memory of 4068	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3192 wrote to memory of 3876	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3192 wrote to memory of 3876	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3192 wrote to memory of 4832	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3192 wrote to memory of 4832	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3192 wrote to memory of 2212	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3192 wrote to memory of 2212	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3192 wrote to memory of 2120	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3192 wrote to memory of 2120	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3192 wrote to memory of 2028	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 3192 wrote to memory of 2028	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 3192 wrote to memory of 4272	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 3192 wrote to memory of 4272	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 3192 wrote to memory of 2260	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 3192 wrote to memory of 2260	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 3192 wrote to memory of 3528	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	119
PID 3192 wrote to memory of 3528	3192	2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe	119

C:\Users\Admin\AppData\Local\Temp\2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-27_b65d6c2d6d37f7aef534f3243d52ee4a_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3192
- C:\Windows\System\fJTXxur.exe
  C:\Windows\System\fJTXxur.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\BuqnfUn.exe
  C:\Windows\System\BuqnfUn.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\KxmfrYr.exe
  C:\Windows\System\KxmfrYr.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\qBSEZSL.exe
  C:\Windows\System\qBSEZSL.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\mPaNcKt.exe
  C:\Windows\System\mPaNcKt.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\VyLiZcx.exe
  C:\Windows\System\VyLiZcx.exe
  2⤵
  - Executes dropped EXE
  PID:3872
- C:\Windows\System\mqQZcMR.exe
  C:\Windows\System\mqQZcMR.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\tbvsOkk.exe
  C:\Windows\System\tbvsOkk.exe
  2⤵
  - Executes dropped EXE
  PID:32
- C:\Windows\System\MzioDdc.exe
  C:\Windows\System\MzioDdc.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\SHhhpfO.exe
  C:\Windows\System\SHhhpfO.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\sYSgNVU.exe
  C:\Windows\System\sYSgNVU.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\vbKEWco.exe
  C:\Windows\System\vbKEWco.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\MzbpDOL.exe
  C:\Windows\System\MzbpDOL.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\qqSQvEU.exe
  C:\Windows\System\qqSQvEU.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\DrnXUAf.exe
  C:\Windows\System\DrnXUAf.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System\UkfkMvS.exe
  C:\Windows\System\UkfkMvS.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\etTZQqR.exe
  C:\Windows\System\etTZQqR.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\JXjUoWa.exe
  C:\Windows\System\JXjUoWa.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System\WplwnCX.exe
  C:\Windows\System\WplwnCX.exe
  2⤵
  - Executes dropped EXE
  PID:3828
- C:\Windows\System\skJOulx.exe
  C:\Windows\System\skJOulx.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\fNmDUKL.exe
  C:\Windows\System\fNmDUKL.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\dMXrlAG.exe
  C:\Windows\System\dMXrlAG.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\aYsaKGp.exe
  C:\Windows\System\aYsaKGp.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\riSfCTV.exe
  C:\Windows\System\riSfCTV.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\pmyWJOd.exe
  C:\Windows\System\pmyWJOd.exe
  2⤵
  - Executes dropped EXE
  PID:3876
- C:\Windows\System\AnRrTwQ.exe
  C:\Windows\System\AnRrTwQ.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\ONnTvIB.exe
  C:\Windows\System\ONnTvIB.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\YaOwsUI.exe
  C:\Windows\System\YaOwsUI.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\fpuIYhN.exe
  C:\Windows\System\fpuIYhN.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\RQwHDBK.exe
  C:\Windows\System\RQwHDBK.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\JDsTCAw.exe
  C:\Windows\System\JDsTCAw.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\DYMBsvI.exe
  C:\Windows\System\DYMBsvI.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\DuSqZIq.exe
  C:\Windows\System\DuSqZIq.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\PUMNpRq.exe
  C:\Windows\System\PUMNpRq.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System\rZlcfrs.exe
  C:\Windows\System\rZlcfrs.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\LCaFMuV.exe
  C:\Windows\System\LCaFMuV.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\HjIcddY.exe
  C:\Windows\System\HjIcddY.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System\KDItmVN.exe
  C:\Windows\System\KDItmVN.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\EFbrCza.exe
  C:\Windows\System\EFbrCza.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\Jqaamqh.exe
  C:\Windows\System\Jqaamqh.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\SgFFkGa.exe
  C:\Windows\System\SgFFkGa.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\wwxevss.exe
  C:\Windows\System\wwxevss.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\XKWYCiO.exe
  C:\Windows\System\XKWYCiO.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\ABfvyNL.exe
  C:\Windows\System\ABfvyNL.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\oNovanJ.exe
  C:\Windows\System\oNovanJ.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\RhdPICJ.exe
  C:\Windows\System\RhdPICJ.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\Gsbmdcg.exe
  C:\Windows\System\Gsbmdcg.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\imXtJRO.exe
  C:\Windows\System\imXtJRO.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\TuEKBOm.exe
  C:\Windows\System\TuEKBOm.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\LGDpquc.exe
  C:\Windows\System\LGDpquc.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\ZoDcQZQ.exe
  C:\Windows\System\ZoDcQZQ.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\YFDqrQO.exe
  C:\Windows\System\YFDqrQO.exe
  2⤵
  - Executes dropped EXE
  PID:3420
- C:\Windows\System\QtiFgCY.exe
  C:\Windows\System\QtiFgCY.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\nNgtazk.exe
  C:\Windows\System\nNgtazk.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\iGzBJFs.exe
  C:\Windows\System\iGzBJFs.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\QXbLdeW.exe
  C:\Windows\System\QXbLdeW.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\qgDehiv.exe
  C:\Windows\System\qgDehiv.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\dHJTrBL.exe
  C:\Windows\System\dHJTrBL.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\nJHuNhM.exe
  C:\Windows\System\nJHuNhM.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\MJuKbcP.exe
  C:\Windows\System\MJuKbcP.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\odRwUPS.exe
  C:\Windows\System\odRwUPS.exe
  2⤵
  - Executes dropped EXE
  PID:4152
- C:\Windows\System\xyQXEQF.exe
  C:\Windows\System\xyQXEQF.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\dgNpLGT.exe
  C:\Windows\System\dgNpLGT.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\GSGaZnC.exe
  C:\Windows\System\GSGaZnC.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\ujcSAze.exe
  C:\Windows\System\ujcSAze.exe
  2⤵
  PID:1068
- C:\Windows\System\braSoSM.exe
  C:\Windows\System\braSoSM.exe
  2⤵
  PID:2560
- C:\Windows\System\HDlTrDU.exe
  C:\Windows\System\HDlTrDU.exe
  2⤵
  PID:3056
- C:\Windows\System\xHbjdLT.exe
  C:\Windows\System\xHbjdLT.exe
  2⤵
  PID:3768
- C:\Windows\System\ybaIdcR.exe
  C:\Windows\System\ybaIdcR.exe
  2⤵
  PID:1192
- C:\Windows\System\CUWeNrd.exe
  C:\Windows\System\CUWeNrd.exe
  2⤵
  PID:5080
- C:\Windows\System\RsDHJOS.exe
  C:\Windows\System\RsDHJOS.exe
  2⤵
  PID:1864
- C:\Windows\System\OVbPkhE.exe
  C:\Windows\System\OVbPkhE.exe
  2⤵
  PID:1452
- C:\Windows\System\tvGeAas.exe
  C:\Windows\System\tvGeAas.exe
  2⤵
  PID:4200
- C:\Windows\System\xfSiPrx.exe
  C:\Windows\System\xfSiPrx.exe
  2⤵
  PID:1976
- C:\Windows\System\DjpoqXa.exe
  C:\Windows\System\DjpoqXa.exe
  2⤵
  PID:5104
- C:\Windows\System\nMSmzSt.exe
  C:\Windows\System\nMSmzSt.exe
  2⤵
  PID:4808
- C:\Windows\System\voeHaaf.exe
  C:\Windows\System\voeHaaf.exe
  2⤵
  PID:452
- C:\Windows\System\cuvGPfv.exe
  C:\Windows\System\cuvGPfv.exe
  2⤵
  PID:4344
- C:\Windows\System\qpnxdPD.exe
  C:\Windows\System\qpnxdPD.exe
  2⤵
  PID:2776
- C:\Windows\System\gSpxoqN.exe
  C:\Windows\System\gSpxoqN.exe
  2⤵
  PID:5016
- C:\Windows\System\FFUvuOC.exe
  C:\Windows\System\FFUvuOC.exe
  2⤵
  PID:4776
- C:\Windows\System\GuaHfzz.exe
  C:\Windows\System\GuaHfzz.exe
  2⤵
  PID:2820
- C:\Windows\System\pPkNXpS.exe
  C:\Windows\System\pPkNXpS.exe
  2⤵
  PID:880
- C:\Windows\System\NJYhgeR.exe
  C:\Windows\System\NJYhgeR.exe
  2⤵
  PID:3020
- C:\Windows\System\NPrkeNW.exe
  C:\Windows\System\NPrkeNW.exe
  2⤵
  PID:2632
- C:\Windows\System\yxFiMCg.exe
  C:\Windows\System\yxFiMCg.exe
  2⤵
  PID:4536
- C:\Windows\System\LBWMEHJ.exe
  C:\Windows\System\LBWMEHJ.exe
  2⤵
  PID:3472
- C:\Windows\System\AmwyJqZ.exe
  C:\Windows\System\AmwyJqZ.exe
  2⤵
  PID:3196
- C:\Windows\System\nRSnaOs.exe
  C:\Windows\System\nRSnaOs.exe
  2⤵
  PID:1260
- C:\Windows\System\XbRxXTE.exe
  C:\Windows\System\XbRxXTE.exe
  2⤵
  PID:4224
- C:\Windows\System\QHNoyRD.exe
  C:\Windows\System\QHNoyRD.exe
  2⤵
  PID:3260
- C:\Windows\System\ZqqmVxg.exe
  C:\Windows\System\ZqqmVxg.exe
  2⤵
  PID:3824
- C:\Windows\System\pEmpycR.exe
  C:\Windows\System\pEmpycR.exe
  2⤵
  PID:3592
- C:\Windows\System\wyFMPvE.exe
  C:\Windows\System\wyFMPvE.exe
  2⤵
  PID:4212
- C:\Windows\System\ZGPkKNF.exe
  C:\Windows\System\ZGPkKNF.exe
  2⤵
  PID:2388
- C:\Windows\System\yrflhUO.exe
  C:\Windows\System\yrflhUO.exe
  2⤵
  PID:5176
- C:\Windows\System\xyjJJUb.exe
  C:\Windows\System\xyjJJUb.exe
  2⤵
  PID:5236
- C:\Windows\System\JAOuQSi.exe
  C:\Windows\System\JAOuQSi.exe
  2⤵
  PID:5304
- C:\Windows\System\hleVUhS.exe
  C:\Windows\System\hleVUhS.exe
  2⤵
  PID:5336
- C:\Windows\System\JRrLdVT.exe
  C:\Windows\System\JRrLdVT.exe
  2⤵
  PID:5356
- C:\Windows\System\NsDphwo.exe
  C:\Windows\System\NsDphwo.exe
  2⤵
  PID:5380
- C:\Windows\System\ifjFCTK.exe
  C:\Windows\System\ifjFCTK.exe
  2⤵
  PID:5460
- C:\Windows\System\UKsHuES.exe
  C:\Windows\System\UKsHuES.exe
  2⤵
  PID:5492
- C:\Windows\System\HvkilLv.exe
  C:\Windows\System\HvkilLv.exe
  2⤵
  PID:5520
- C:\Windows\System\ZwXhjUZ.exe
  C:\Windows\System\ZwXhjUZ.exe
  2⤵
  PID:5540
- C:\Windows\System\tRBOZxH.exe
  C:\Windows\System\tRBOZxH.exe
  2⤵
  PID:5576
- C:\Windows\System\UNYylVQ.exe
  C:\Windows\System\UNYylVQ.exe
  2⤵
  PID:5608
- C:\Windows\System\qKBLJjf.exe
  C:\Windows\System\qKBLJjf.exe
  2⤵
  PID:5636
- C:\Windows\System\gUoNXGv.exe
  C:\Windows\System\gUoNXGv.exe
  2⤵
  PID:5660
- C:\Windows\System\McoXipn.exe
  C:\Windows\System\McoXipn.exe
  2⤵
  PID:5692
- C:\Windows\System\oDrcSdc.exe
  C:\Windows\System\oDrcSdc.exe
  2⤵
  PID:5716
- C:\Windows\System\pcJRIhR.exe
  C:\Windows\System\pcJRIhR.exe
  2⤵
  PID:5744
- C:\Windows\System\qXYAQcs.exe
  C:\Windows\System\qXYAQcs.exe
  2⤵
  PID:5772
- C:\Windows\System\pAfRbaY.exe
  C:\Windows\System\pAfRbaY.exe
  2⤵
  PID:5800
- C:\Windows\System\NcvvRwE.exe
  C:\Windows\System\NcvvRwE.exe
  2⤵
  PID:5828
- C:\Windows\System\NMxNBMD.exe
  C:\Windows\System\NMxNBMD.exe
  2⤵
  PID:5860
- C:\Windows\System\pnZdlPT.exe
  C:\Windows\System\pnZdlPT.exe
  2⤵
  PID:5884
- C:\Windows\System\QbioRMG.exe
  C:\Windows\System\QbioRMG.exe
  2⤵
  PID:5916
- C:\Windows\System\guYxuKr.exe
  C:\Windows\System\guYxuKr.exe
  2⤵
  PID:5952
- C:\Windows\System\xqyzWdE.exe
  C:\Windows\System\xqyzWdE.exe
  2⤵
  PID:5976
- C:\Windows\System\ruetIPg.exe
  C:\Windows\System\ruetIPg.exe
  2⤵
  PID:6004
- C:\Windows\System\XvYZnSY.exe
  C:\Windows\System\XvYZnSY.exe
  2⤵
  PID:6028
- C:\Windows\System\RjElwwj.exe
  C:\Windows\System\RjElwwj.exe
  2⤵
  PID:6064
- C:\Windows\System\zBQlXJy.exe
  C:\Windows\System\zBQlXJy.exe
  2⤵
  PID:6092
- C:\Windows\System\HKeealF.exe
  C:\Windows\System\HKeealF.exe
  2⤵
  PID:6116
- C:\Windows\System\DHrCPiq.exe
  C:\Windows\System\DHrCPiq.exe
  2⤵
  PID:5168
- C:\Windows\System\VkYukZh.exe
  C:\Windows\System\VkYukZh.exe
  2⤵
  PID:5348
- C:\Windows\System\bhcVxVE.exe
  C:\Windows\System\bhcVxVE.exe
  2⤵
  PID:5396
- C:\Windows\System\scJxMGA.exe
  C:\Windows\System\scJxMGA.exe
  2⤵
  PID:5476
- C:\Windows\System\FtZzgri.exe
  C:\Windows\System\FtZzgri.exe
  2⤵
  PID:5448
- C:\Windows\System\qtbdaIU.exe
  C:\Windows\System\qtbdaIU.exe
  2⤵
  PID:5528
- C:\Windows\System\CssdfYO.exe
  C:\Windows\System\CssdfYO.exe
  2⤵
  PID:5584
- C:\Windows\System\CskQwIl.exe
  C:\Windows\System\CskQwIl.exe
  2⤵
  PID:5644
- C:\Windows\System\iiaWBMT.exe
  C:\Windows\System\iiaWBMT.exe
  2⤵
  PID:5724
- C:\Windows\System\LUedwPR.exe
  C:\Windows\System\LUedwPR.exe
  2⤵
  PID:5764
- C:\Windows\System\EoqYUIQ.exe
  C:\Windows\System\EoqYUIQ.exe
  2⤵
  PID:5820
- C:\Windows\System\puHTNQe.exe
  C:\Windows\System\puHTNQe.exe
  2⤵
  PID:5872
- C:\Windows\System\dVGawuZ.exe
  C:\Windows\System\dVGawuZ.exe
  2⤵
  PID:5944
- C:\Windows\System\WbXqRkT.exe
  C:\Windows\System\WbXqRkT.exe
  2⤵
  PID:5988
- C:\Windows\System\LsWkpNI.exe
  C:\Windows\System\LsWkpNI.exe
  2⤵
  PID:6044
- C:\Windows\System\QJriBAv.exe
  C:\Windows\System\QJriBAv.exe
  2⤵
  PID:6104
- C:\Windows\System\lsEPgyR.exe
  C:\Windows\System\lsEPgyR.exe
  2⤵
  PID:5300
- C:\Windows\System\QdnvweV.exe
  C:\Windows\System\QdnvweV.exe
  2⤵
  PID:5500
- C:\Windows\System\tMSgzHV.exe
  C:\Windows\System\tMSgzHV.exe
  2⤵
  PID:5560
- C:\Windows\System\Mowtqid.exe
  C:\Windows\System\Mowtqid.exe
  2⤵
  PID:5680
- C:\Windows\System\YtmHpSF.exe
  C:\Windows\System\YtmHpSF.exe
  2⤵
  PID:5808
- C:\Windows\System\VNpVWzM.exe
  C:\Windows\System\VNpVWzM.exe
  2⤵
  PID:5984
- C:\Windows\System\eaqcWIA.exe
  C:\Windows\System\eaqcWIA.exe
  2⤵
  PID:6128
- C:\Windows\System\IFleizV.exe
  C:\Windows\System\IFleizV.exe
  2⤵
  PID:5504
- C:\Windows\System\jwPdrpz.exe
  C:\Windows\System\jwPdrpz.exe
  2⤵
  PID:2752
- C:\Windows\System\qgJJjAv.exe
  C:\Windows\System\qgJJjAv.exe
  2⤵
  PID:4352
- C:\Windows\System\lbNyzZp.exe
  C:\Windows\System\lbNyzZp.exe
  2⤵
  PID:5600
- C:\Windows\System\ZKnUvTk.exe
  C:\Windows\System\ZKnUvTk.exe
  2⤵
  PID:5856
- C:\Windows\System\ccPdfyZ.exe
  C:\Windows\System\ccPdfyZ.exe
  2⤵
  PID:6160
- C:\Windows\System\EiVisKG.exe
  C:\Windows\System\EiVisKG.exe
  2⤵
  PID:6188
- C:\Windows\System\CVNQUnl.exe
  C:\Windows\System\CVNQUnl.exe
  2⤵
  PID:6216
- C:\Windows\System\VXJzyBx.exe
  C:\Windows\System\VXJzyBx.exe
  2⤵
  PID:6240
- C:\Windows\System\PPrBgGs.exe
  C:\Windows\System\PPrBgGs.exe
  2⤵
  PID:6276
- C:\Windows\System\coCtczd.exe
  C:\Windows\System\coCtczd.exe
  2⤵
  PID:6308
- C:\Windows\System\xyhikvM.exe
  C:\Windows\System\xyhikvM.exe
  2⤵
  PID:6336
- C:\Windows\System\PopnqVZ.exe
  C:\Windows\System\PopnqVZ.exe
  2⤵
  PID:6364
- C:\Windows\System\MbpDGGC.exe
  C:\Windows\System\MbpDGGC.exe
  2⤵
  PID:6384
- C:\Windows\System\liYvVpB.exe
  C:\Windows\System\liYvVpB.exe
  2⤵
  PID:6412
- C:\Windows\System\zXEtvRD.exe
  C:\Windows\System\zXEtvRD.exe
  2⤵
  PID:6448
- C:\Windows\System\UxckAVM.exe
  C:\Windows\System\UxckAVM.exe
  2⤵
  PID:6476
- C:\Windows\System\uVqdSit.exe
  C:\Windows\System\uVqdSit.exe
  2⤵
  PID:6508
- C:\Windows\System\kGpfYyE.exe
  C:\Windows\System\kGpfYyE.exe
  2⤵
  PID:6532
- C:\Windows\System\ywLkDKe.exe
  C:\Windows\System\ywLkDKe.exe
  2⤵
  PID:6564
- C:\Windows\System\myiYHLu.exe
  C:\Windows\System\myiYHLu.exe
  2⤵
  PID:6596
- C:\Windows\System\YzYlJxX.exe
  C:\Windows\System\YzYlJxX.exe
  2⤵
  PID:6612
- C:\Windows\System\aNdHMAZ.exe
  C:\Windows\System\aNdHMAZ.exe
  2⤵
  PID:6648
- C:\Windows\System\mJfueTZ.exe
  C:\Windows\System\mJfueTZ.exe
  2⤵
  PID:6668
- C:\Windows\System\VnyGrcC.exe
  C:\Windows\System\VnyGrcC.exe
  2⤵
  PID:6696
- C:\Windows\System\zlUZBZY.exe
  C:\Windows\System\zlUZBZY.exe
  2⤵
  PID:6736
- C:\Windows\System\aVPqZXP.exe
  C:\Windows\System\aVPqZXP.exe
  2⤵
  PID:6768
- C:\Windows\System\YDlDvoM.exe
  C:\Windows\System\YDlDvoM.exe
  2⤵
  PID:6820
- C:\Windows\System\MDgGUPF.exe
  C:\Windows\System\MDgGUPF.exe
  2⤵
  PID:6852
- C:\Windows\System\resqmVs.exe
  C:\Windows\System\resqmVs.exe
  2⤵
  PID:6896
- C:\Windows\System\lVFnaBx.exe
  C:\Windows\System\lVFnaBx.exe
  2⤵
  PID:6924
- C:\Windows\System\UKHcosD.exe
  C:\Windows\System\UKHcosD.exe
  2⤵
  PID:6940
- C:\Windows\System\yRfrlyG.exe
  C:\Windows\System\yRfrlyG.exe
  2⤵
  PID:6976
- C:\Windows\System\YDtCZVT.exe
  C:\Windows\System\YDtCZVT.exe
  2⤵
  PID:7016
- C:\Windows\System\hABxkbs.exe
  C:\Windows\System\hABxkbs.exe
  2⤵
  PID:7044
- C:\Windows\System\zxkUBLG.exe
  C:\Windows\System\zxkUBLG.exe
  2⤵
  PID:7088
- C:\Windows\System\GewAUIE.exe
  C:\Windows\System\GewAUIE.exe
  2⤵
  PID:7112
- C:\Windows\System\yQJPryw.exe
  C:\Windows\System\yQJPryw.exe
  2⤵
  PID:7140
- C:\Windows\System\jePWZeh.exe
  C:\Windows\System\jePWZeh.exe
  2⤵
  PID:6156
- C:\Windows\System\aymlAse.exe
  C:\Windows\System\aymlAse.exe
  2⤵
  PID:6204
- C:\Windows\System\LXedMyv.exe
  C:\Windows\System\LXedMyv.exe
  2⤵
  PID:4004
- C:\Windows\System\nvDZetm.exe
  C:\Windows\System\nvDZetm.exe
  2⤵
  PID:1980
- C:\Windows\System\rLHOmZh.exe
  C:\Windows\System\rLHOmZh.exe
  2⤵
  PID:1936
- C:\Windows\System\toBlsNn.exe
  C:\Windows\System\toBlsNn.exe
  2⤵
  PID:6324
- C:\Windows\System\FEWfFtD.exe
  C:\Windows\System\FEWfFtD.exe
  2⤵
  PID:6376
- C:\Windows\System\FvGSEus.exe
  C:\Windows\System\FvGSEus.exe
  2⤵
  PID:4316
- C:\Windows\System\mYiEEoV.exe
  C:\Windows\System\mYiEEoV.exe
  2⤵
  PID:6516
- C:\Windows\System\Tnqapub.exe
  C:\Windows\System\Tnqapub.exe
  2⤵
  PID:6584
- C:\Windows\System\EZcSbzt.exe
  C:\Windows\System\EZcSbzt.exe
  2⤵
  PID:6656
- C:\Windows\System\RKNdupH.exe
  C:\Windows\System\RKNdupH.exe
  2⤵
  PID:6732
- C:\Windows\System\srdqYaT.exe
  C:\Windows\System\srdqYaT.exe
  2⤵
  PID:6828
- C:\Windows\System\QLPrsrQ.exe
  C:\Windows\System\QLPrsrQ.exe
  2⤵
  PID:6880
- C:\Windows\System\oToPwHn.exe
  C:\Windows\System\oToPwHn.exe
  2⤵
  PID:6952
- C:\Windows\System\SDvTIjN.exe
  C:\Windows\System\SDvTIjN.exe
  2⤵
  PID:7028
- C:\Windows\System\HDndLER.exe
  C:\Windows\System\HDndLER.exe
  2⤵
  PID:7072
- C:\Windows\System\tqmdEUJ.exe
  C:\Windows\System\tqmdEUJ.exe
  2⤵
  PID:7148
- C:\Windows\System\tbGjfqI.exe
  C:\Windows\System\tbGjfqI.exe
  2⤵
  PID:6184
- C:\Windows\System\ysinumk.exe
  C:\Windows\System\ysinumk.exe
  2⤵
  PID:384
- C:\Windows\System\hvnZvmV.exe
  C:\Windows\System\hvnZvmV.exe
  2⤵
  PID:6404
- C:\Windows\System\fPxZpbQ.exe
  C:\Windows\System\fPxZpbQ.exe
  2⤵
  PID:6548
- C:\Windows\System\StwWyTC.exe
  C:\Windows\System\StwWyTC.exe
  2⤵
  PID:6716
- C:\Windows\System\XuIRWAg.exe
  C:\Windows\System\XuIRWAg.exe
  2⤵
  PID:6912
- C:\Windows\System\OEQNAoz.exe
  C:\Windows\System\OEQNAoz.exe
  2⤵
  PID:7064
- C:\Windows\System\RNczymY.exe
  C:\Windows\System\RNczymY.exe
  2⤵
  PID:2316
- C:\Windows\System\orGDdYw.exe
  C:\Windows\System\orGDdYw.exe
  2⤵
  PID:5344
- C:\Windows\System\nhqXIcR.exe
  C:\Windows\System\nhqXIcR.exe
  2⤵
  PID:6920
- C:\Windows\System\pGAfPNb.exe
  C:\Windows\System\pGAfPNb.exe
  2⤵
  PID:6544
- C:\Windows\System\kxDYdGm.exe
  C:\Windows\System\kxDYdGm.exe
  2⤵
  PID:6604
- C:\Windows\System\mybtSdb.exe
  C:\Windows\System\mybtSdb.exe
  2⤵
  PID:6488
- C:\Windows\System\xJnPSqe.exe
  C:\Windows\System\xJnPSqe.exe
  2⤵
  PID:7180
- C:\Windows\System\xlrCBJB.exe
  C:\Windows\System\xlrCBJB.exe
  2⤵
  PID:7212
- C:\Windows\System\SSWBzyl.exe
  C:\Windows\System\SSWBzyl.exe
  2⤵
  PID:7240
- C:\Windows\System\yHqgFpm.exe
  C:\Windows\System\yHqgFpm.exe
  2⤵
  PID:7272
- C:\Windows\System\ZmUdSBK.exe
  C:\Windows\System\ZmUdSBK.exe
  2⤵
  PID:7300
- C:\Windows\System\eQmmSFK.exe
  C:\Windows\System\eQmmSFK.exe
  2⤵
  PID:7328
- C:\Windows\System\JWMRLcj.exe
  C:\Windows\System\JWMRLcj.exe
  2⤵
  PID:7352
- C:\Windows\System\XBeVrqO.exe
  C:\Windows\System\XBeVrqO.exe
  2⤵
  PID:7376
- C:\Windows\System\cwLDjEe.exe
  C:\Windows\System\cwLDjEe.exe
  2⤵
  PID:7408
- C:\Windows\System\ZLNMsNH.exe
  C:\Windows\System\ZLNMsNH.exe
  2⤵
  PID:7428
- C:\Windows\System\nclWaFZ.exe
  C:\Windows\System\nclWaFZ.exe
  2⤵
  PID:7464
- C:\Windows\System\NGnJKhw.exe
  C:\Windows\System\NGnJKhw.exe
  2⤵
  PID:7492
- C:\Windows\System\JvSople.exe
  C:\Windows\System\JvSople.exe
  2⤵
  PID:7520
- C:\Windows\System\XwmSyFx.exe
  C:\Windows\System\XwmSyFx.exe
  2⤵
  PID:7548
- C:\Windows\System\qKdzcgM.exe
  C:\Windows\System\qKdzcgM.exe
  2⤵
  PID:7576
- C:\Windows\System\nKQWUqd.exe
  C:\Windows\System\nKQWUqd.exe
  2⤵
  PID:7604
- C:\Windows\System\cZklxXf.exe
  C:\Windows\System\cZklxXf.exe
  2⤵
  PID:7632
- C:\Windows\System\xSclCYr.exe
  C:\Windows\System\xSclCYr.exe
  2⤵
  PID:7664
- C:\Windows\System\yvZhQqt.exe
  C:\Windows\System\yvZhQqt.exe
  2⤵
  PID:7684
- C:\Windows\System\IzXPHpk.exe
  C:\Windows\System\IzXPHpk.exe
  2⤵
  PID:7712
- C:\Windows\System\JlIwxFe.exe
  C:\Windows\System\JlIwxFe.exe
  2⤵
  PID:7740
- C:\Windows\System\fxjIBVY.exe
  C:\Windows\System\fxjIBVY.exe
  2⤵
  PID:7768
- C:\Windows\System\hSfOARg.exe
  C:\Windows\System\hSfOARg.exe
  2⤵
  PID:7796
- C:\Windows\System\xqUbBDz.exe
  C:\Windows\System\xqUbBDz.exe
  2⤵
  PID:7840
- C:\Windows\System\TJElVyM.exe
  C:\Windows\System\TJElVyM.exe
  2⤵
  PID:7856
- C:\Windows\System\vnxkxBa.exe
  C:\Windows\System\vnxkxBa.exe
  2⤵
  PID:7884
- C:\Windows\System\DixGUog.exe
  C:\Windows\System\DixGUog.exe
  2⤵
  PID:7912
- C:\Windows\System\NMjaLUt.exe
  C:\Windows\System\NMjaLUt.exe
  2⤵
  PID:7940
- C:\Windows\System\kyDEvKa.exe
  C:\Windows\System\kyDEvKa.exe
  2⤵
  PID:7968
- C:\Windows\System\iVOIyhL.exe
  C:\Windows\System\iVOIyhL.exe
  2⤵
  PID:8008
- C:\Windows\System\rZTbpno.exe
  C:\Windows\System\rZTbpno.exe
  2⤵
  PID:8028
- C:\Windows\System\YyDuqjG.exe
  C:\Windows\System\YyDuqjG.exe
  2⤵
  PID:8060
- C:\Windows\System\SqMEBAB.exe
  C:\Windows\System\SqMEBAB.exe
  2⤵
  PID:8096
- C:\Windows\System\buYRKTs.exe
  C:\Windows\System\buYRKTs.exe
  2⤵
  PID:8124
- C:\Windows\System\kXYciDJ.exe
  C:\Windows\System\kXYciDJ.exe
  2⤵
  PID:8144
- C:\Windows\System\FNsixRO.exe
  C:\Windows\System\FNsixRO.exe
  2⤵
  PID:8172
- C:\Windows\System\fNzDDgP.exe
  C:\Windows\System\fNzDDgP.exe
  2⤵
  PID:7188
- C:\Windows\System\BhqrFWQ.exe
  C:\Windows\System\BhqrFWQ.exe
  2⤵
  PID:7252
- C:\Windows\System\oFnTCMV.exe
  C:\Windows\System\oFnTCMV.exe
  2⤵
  PID:7316
- C:\Windows\System\xTUpEIt.exe
  C:\Windows\System\xTUpEIt.exe
  2⤵
  PID:7392
- C:\Windows\System\aeNKWEb.exe
  C:\Windows\System\aeNKWEb.exe
  2⤵
  PID:7056
- C:\Windows\System\zQYhJDV.exe
  C:\Windows\System\zQYhJDV.exe
  2⤵
  PID:7504
- C:\Windows\System\rpfsNFa.exe
  C:\Windows\System\rpfsNFa.exe
  2⤵
  PID:7568
- C:\Windows\System\fESixsp.exe
  C:\Windows\System\fESixsp.exe
  2⤵
  PID:7648
- C:\Windows\System\gsNsNbC.exe
  C:\Windows\System\gsNsNbC.exe
  2⤵
  PID:7704
- C:\Windows\System\khwHVJH.exe
  C:\Windows\System\khwHVJH.exe
  2⤵
  PID:7764
- C:\Windows\System\gDyXHYt.exe
  C:\Windows\System\gDyXHYt.exe
  2⤵
  PID:7836
- C:\Windows\System\OjYMDXp.exe
  C:\Windows\System\OjYMDXp.exe
  2⤵
  PID:7852
- C:\Windows\System\shPObrV.exe
  C:\Windows\System\shPObrV.exe
  2⤵
  PID:7924
- C:\Windows\System\tMgWdGz.exe
  C:\Windows\System\tMgWdGz.exe
  2⤵
  PID:7992
- C:\Windows\System\CvGmxMs.exe
  C:\Windows\System\CvGmxMs.exe
  2⤵
  PID:8052
- C:\Windows\System\kNIOAOQ.exe
  C:\Windows\System\kNIOAOQ.exe
  2⤵
  PID:8132
- C:\Windows\System\JIovlLy.exe
  C:\Windows\System\JIovlLy.exe
  2⤵
  PID:6224
- C:\Windows\System\SVkOwDT.exe
  C:\Windows\System\SVkOwDT.exe
  2⤵
  PID:7308
- C:\Windows\System\uaGLBWs.exe
  C:\Windows\System\uaGLBWs.exe
  2⤵
  PID:7440
- C:\Windows\System\jVdvIFu.exe
  C:\Windows\System\jVdvIFu.exe
  2⤵
  PID:7616
- C:\Windows\System\rnRlPEu.exe
  C:\Windows\System\rnRlPEu.exe
  2⤵
  PID:7752
- C:\Windows\System\AstIZzG.exe
  C:\Windows\System\AstIZzG.exe
  2⤵
  PID:7848
- C:\Windows\System\QTWBjpz.exe
  C:\Windows\System\QTWBjpz.exe
  2⤵
  PID:8020
- C:\Windows\System\pmBtIrv.exe
  C:\Windows\System\pmBtIrv.exe
  2⤵
  PID:7220
- C:\Windows\System\uKEdycx.exe
  C:\Windows\System\uKEdycx.exe
  2⤵
  PID:7500
- C:\Windows\System\TPLcVLF.exe
  C:\Windows\System\TPLcVLF.exe
  2⤵
  PID:7816
- C:\Windows\System\cXAIlCa.exe
  C:\Windows\System\cXAIlCa.exe
  2⤵
  PID:8104
- C:\Windows\System\etINSog.exe
  C:\Windows\System\etINSog.exe
  2⤵
  PID:7696
- C:\Windows\System\ozByAOL.exe
  C:\Windows\System\ozByAOL.exe
  2⤵
  PID:7980
- C:\Windows\System\AVnbZDw.exe
  C:\Windows\System\AVnbZDw.exe
  2⤵
  PID:8212
- C:\Windows\System\SKOqQJu.exe
  C:\Windows\System\SKOqQJu.exe
  2⤵
  PID:8240
- C:\Windows\System\wXVqEEO.exe
  C:\Windows\System\wXVqEEO.exe
  2⤵
  PID:8268
- C:\Windows\System\LAKxxor.exe
  C:\Windows\System\LAKxxor.exe
  2⤵
  PID:8304
- C:\Windows\System\zPhGGQi.exe
  C:\Windows\System\zPhGGQi.exe
  2⤵
  PID:8324
- C:\Windows\System\XHayVxu.exe
  C:\Windows\System\XHayVxu.exe
  2⤵
  PID:8360
- C:\Windows\System\TBgLWAJ.exe
  C:\Windows\System\TBgLWAJ.exe
  2⤵
  PID:8380
- C:\Windows\System\WpkkrVi.exe
  C:\Windows\System\WpkkrVi.exe
  2⤵
  PID:8408
- C:\Windows\System\rlMdDDG.exe
  C:\Windows\System\rlMdDDG.exe
  2⤵
  PID:8436
- C:\Windows\System\SfnHWqV.exe
  C:\Windows\System\SfnHWqV.exe
  2⤵
  PID:8472
- C:\Windows\System\yRBQDIR.exe
  C:\Windows\System\yRBQDIR.exe
  2⤵
  PID:8500
- C:\Windows\System\GvVHIFJ.exe
  C:\Windows\System\GvVHIFJ.exe
  2⤵
  PID:8528
- C:\Windows\System\MRPVycs.exe
  C:\Windows\System\MRPVycs.exe
  2⤵
  PID:8556
- C:\Windows\System\Pkastcy.exe
  C:\Windows\System\Pkastcy.exe
  2⤵
  PID:8576
- C:\Windows\System\zNzoeBu.exe
  C:\Windows\System\zNzoeBu.exe
  2⤵
  PID:8604
- C:\Windows\System\ZAHmcFf.exe
  C:\Windows\System\ZAHmcFf.exe
  2⤵
  PID:8632
- C:\Windows\System\GDdxjwF.exe
  C:\Windows\System\GDdxjwF.exe
  2⤵
  PID:8660
- C:\Windows\System\FXfkbnj.exe
  C:\Windows\System\FXfkbnj.exe
  2⤵
  PID:8688
- C:\Windows\System\fohzdsn.exe
  C:\Windows\System\fohzdsn.exe
  2⤵
  PID:8724
- C:\Windows\System\CIvmHeD.exe
  C:\Windows\System\CIvmHeD.exe
  2⤵
  PID:8744
- C:\Windows\System\jrkdCog.exe
  C:\Windows\System\jrkdCog.exe
  2⤵
  PID:8772
- C:\Windows\System\zZLblJg.exe
  C:\Windows\System\zZLblJg.exe
  2⤵
  PID:8804
- C:\Windows\System\OvpAHrP.exe
  C:\Windows\System\OvpAHrP.exe
  2⤵
  PID:8836
- C:\Windows\System\PoxyjeM.exe
  C:\Windows\System\PoxyjeM.exe
  2⤵
  PID:8856
- C:\Windows\System\iZUAcsG.exe
  C:\Windows\System\iZUAcsG.exe
  2⤵
  PID:8884
- C:\Windows\System\OxosaSE.exe
  C:\Windows\System\OxosaSE.exe
  2⤵
  PID:8912
- C:\Windows\System\QnUTZsJ.exe
  C:\Windows\System\QnUTZsJ.exe
  2⤵
  PID:8940
- C:\Windows\System\egKiRcS.exe
  C:\Windows\System\egKiRcS.exe
  2⤵
  PID:8968
- C:\Windows\System\BNUnWfQ.exe
  C:\Windows\System\BNUnWfQ.exe
  2⤵
  PID:8996
- C:\Windows\System\XelPzOn.exe
  C:\Windows\System\XelPzOn.exe
  2⤵
  PID:9044
- C:\Windows\System\qDiQMpR.exe
  C:\Windows\System\qDiQMpR.exe
  2⤵
  PID:9060
- C:\Windows\System\TstOfhO.exe
  C:\Windows\System\TstOfhO.exe
  2⤵
  PID:9088
- C:\Windows\System\QXEhKmf.exe
  C:\Windows\System\QXEhKmf.exe
  2⤵
  PID:9116
- C:\Windows\System\JGerNSR.exe
  C:\Windows\System\JGerNSR.exe
  2⤵
  PID:9144
- C:\Windows\System\noMNazY.exe
  C:\Windows\System\noMNazY.exe
  2⤵
  PID:9172
- C:\Windows\System\Vzqptlq.exe
  C:\Windows\System\Vzqptlq.exe
  2⤵
  PID:9200
- C:\Windows\System\tqGDWbp.exe
  C:\Windows\System\tqGDWbp.exe
  2⤵
  PID:8224
- C:\Windows\System\oFkerSI.exe
  C:\Windows\System\oFkerSI.exe
  2⤵
  PID:8292
- C:\Windows\System\knJTHUF.exe
  C:\Windows\System\knJTHUF.exe
  2⤵
  PID:8348
- C:\Windows\System\MZuowYF.exe
  C:\Windows\System\MZuowYF.exe
  2⤵
  PID:8424
- C:\Windows\System\RAMAyAW.exe
  C:\Windows\System\RAMAyAW.exe
  2⤵
  PID:8484
- C:\Windows\System\SKNNtZk.exe
  C:\Windows\System\SKNNtZk.exe
  2⤵
  PID:8564
- C:\Windows\System\bePXlIK.exe
  C:\Windows\System\bePXlIK.exe
  2⤵
  PID:8616
- C:\Windows\System\RqUbpJW.exe
  C:\Windows\System\RqUbpJW.exe
  2⤵
  PID:8680
- C:\Windows\System\cBrocAQ.exe
  C:\Windows\System\cBrocAQ.exe
  2⤵
  PID:8764
- C:\Windows\System\ukEVVMl.exe
  C:\Windows\System\ukEVVMl.exe
  2⤵
  PID:8816
- C:\Windows\System\YBBDwrx.exe
  C:\Windows\System\YBBDwrx.exe
  2⤵
  PID:8880
- C:\Windows\System\AlAOOxN.exe
  C:\Windows\System\AlAOOxN.exe
  2⤵
  PID:8960
- C:\Windows\System\kqoxhfF.exe
  C:\Windows\System\kqoxhfF.exe
  2⤵
  PID:8992
- C:\Windows\System\LTmPftF.exe
  C:\Windows\System\LTmPftF.exe
  2⤵
  PID:9076
- C:\Windows\System\MgPGMsV.exe
  C:\Windows\System\MgPGMsV.exe
  2⤵
  PID:9136
- C:\Windows\System\oBObtwq.exe
  C:\Windows\System\oBObtwq.exe
  2⤵
  PID:9196
- C:\Windows\System\FhYHJVb.exe
  C:\Windows\System\FhYHJVb.exe
  2⤵
  PID:8336
- C:\Windows\System\LXOLqTw.exe
  C:\Windows\System\LXOLqTw.exe
  2⤵
  PID:8480
- C:\Windows\System\PcNQHjf.exe
  C:\Windows\System\PcNQHjf.exe
  2⤵
  PID:8600
- C:\Windows\System\YwEuKDI.exe
  C:\Windows\System\YwEuKDI.exe
  2⤵
  PID:8788
- C:\Windows\System\MglkFpM.exe
  C:\Windows\System\MglkFpM.exe
  2⤵
  PID:8952
- C:\Windows\System\NTZHtxf.exe
  C:\Windows\System\NTZHtxf.exe
  2⤵
  PID:9056
- C:\Windows\System\bmyEJwO.exe
  C:\Windows\System\bmyEJwO.exe
  2⤵
  PID:8208
- C:\Windows\System\Etripoj.exe
  C:\Windows\System\Etripoj.exe
  2⤵
  PID:8676
- C:\Windows\System\MKTxvOx.exe
  C:\Windows\System\MKTxvOx.exe
  2⤵
  PID:8904
- C:\Windows\System\guTpdwT.exe
  C:\Windows\System\guTpdwT.exe
  2⤵
  PID:8392
- C:\Windows\System\xelcbfL.exe
  C:\Windows\System\xelcbfL.exe
  2⤵
  PID:9184
- C:\Windows\System\AtNTlYw.exe
  C:\Windows\System\AtNTlYw.exe
  2⤵
  PID:9224
- C:\Windows\System\jaWqAYH.exe
  C:\Windows\System\jaWqAYH.exe
  2⤵
  PID:9252
- C:\Windows\System\YYyOWRK.exe
  C:\Windows\System\YYyOWRK.exe
  2⤵
  PID:9280
- C:\Windows\System\rNWtKZv.exe
  C:\Windows\System\rNWtKZv.exe
  2⤵
  PID:9316
- C:\Windows\System\HFYVhRZ.exe
  C:\Windows\System\HFYVhRZ.exe
  2⤵
  PID:9336
- C:\Windows\System\nlJWLco.exe
  C:\Windows\System\nlJWLco.exe
  2⤵
  PID:9364
- C:\Windows\System\mcaoFEY.exe
  C:\Windows\System\mcaoFEY.exe
  2⤵
  PID:9392
- C:\Windows\System\dDJFeiW.exe
  C:\Windows\System\dDJFeiW.exe
  2⤵
  PID:9420
- C:\Windows\System\AfaDqVr.exe
  C:\Windows\System\AfaDqVr.exe
  2⤵
  PID:9448
- C:\Windows\System\hwJxdPJ.exe
  C:\Windows\System\hwJxdPJ.exe
  2⤵
  PID:9480
- C:\Windows\System\pFgQPAr.exe
  C:\Windows\System\pFgQPAr.exe
  2⤵
  PID:9504
- C:\Windows\System\gYQwjRZ.exe
  C:\Windows\System\gYQwjRZ.exe
  2⤵
  PID:9532
- C:\Windows\System\rRdJIqn.exe
  C:\Windows\System\rRdJIqn.exe
  2⤵
  PID:9556
- C:\Windows\System\RxQwXIx.exe
  C:\Windows\System\RxQwXIx.exe
  2⤵
  PID:9588
- C:\Windows\System\xTYngHV.exe
  C:\Windows\System\xTYngHV.exe
  2⤵
  PID:9616
- C:\Windows\System\eTGOmue.exe
  C:\Windows\System\eTGOmue.exe
  2⤵
  PID:9648
- C:\Windows\System\mkQBagD.exe
  C:\Windows\System\mkQBagD.exe
  2⤵
  PID:9676
- C:\Windows\System\XdMHLWb.exe
  C:\Windows\System\XdMHLWb.exe
  2⤵
  PID:9704
- C:\Windows\System\zuqzDAf.exe
  C:\Windows\System\zuqzDAf.exe
  2⤵
  PID:9732
- C:\Windows\System\PSuwPyC.exe
  C:\Windows\System\PSuwPyC.exe
  2⤵
  PID:9764
- C:\Windows\System\ytDnWoy.exe
  C:\Windows\System\ytDnWoy.exe
  2⤵
  PID:9788
- C:\Windows\System\ittKVQV.exe
  C:\Windows\System\ittKVQV.exe
  2⤵
  PID:9816
- C:\Windows\System\GiGiIbs.exe
  C:\Windows\System\GiGiIbs.exe
  2⤵
  PID:9832
- C:\Windows\System\ZnCIKfG.exe
  C:\Windows\System\ZnCIKfG.exe
  2⤵
  PID:9872
- C:\Windows\System\lcJAMIZ.exe
  C:\Windows\System\lcJAMIZ.exe
  2⤵
  PID:9900
- C:\Windows\System\ubgxBVL.exe
  C:\Windows\System\ubgxBVL.exe
  2⤵
  PID:9928
- C:\Windows\System\jruGMgC.exe
  C:\Windows\System\jruGMgC.exe
  2⤵
  PID:9956
- C:\Windows\System\NzYxbns.exe
  C:\Windows\System\NzYxbns.exe
  2⤵
  PID:9992
- C:\Windows\System\UocjhjR.exe
  C:\Windows\System\UocjhjR.exe
  2⤵
  PID:10012
- C:\Windows\System\YQdlEyc.exe
  C:\Windows\System\YQdlEyc.exe
  2⤵
  PID:10040
- C:\Windows\System\QnNdAEi.exe
  C:\Windows\System\QnNdAEi.exe
  2⤵
  PID:10068
- C:\Windows\System\vEZWkdX.exe
  C:\Windows\System\vEZWkdX.exe
  2⤵
  PID:10096
- C:\Windows\System\dHhhzsr.exe
  C:\Windows\System\dHhhzsr.exe
  2⤵
  PID:10124
- C:\Windows\System\JwlLhQq.exe
  C:\Windows\System\JwlLhQq.exe
  2⤵
  PID:10152
- C:\Windows\System\ssFdqCg.exe
  C:\Windows\System\ssFdqCg.exe
  2⤵
  PID:10180
- C:\Windows\System\HcqCxAr.exe
  C:\Windows\System\HcqCxAr.exe
  2⤵
  PID:10208
- C:\Windows\System\vuKqAhA.exe
  C:\Windows\System\vuKqAhA.exe
  2⤵
  PID:10236
- C:\Windows\System\ZYJrLxg.exe
  C:\Windows\System\ZYJrLxg.exe
  2⤵
  PID:9292
- C:\Windows\System\tDffEOj.exe
  C:\Windows\System\tDffEOj.exe
  2⤵
  PID:9332
- C:\Windows\System\SznkQdD.exe
  C:\Windows\System\SznkQdD.exe
  2⤵
  PID:9404
- C:\Windows\System\vFqcxPb.exe
  C:\Windows\System\vFqcxPb.exe
  2⤵
  PID:9472
- C:\Windows\System\QtmkpQD.exe
  C:\Windows\System\QtmkpQD.exe
  2⤵
  PID:9528
- C:\Windows\System\shqxXVP.exe
  C:\Windows\System\shqxXVP.exe
  2⤵
  PID:9600
- C:\Windows\System\MGZeRrm.exe
  C:\Windows\System\MGZeRrm.exe
  2⤵
  PID:9668
- C:\Windows\System\iGAxZgw.exe
  C:\Windows\System\iGAxZgw.exe
  2⤵
  PID:9728
- C:\Windows\System\uAyYLQs.exe
  C:\Windows\System\uAyYLQs.exe
  2⤵
  PID:9800
- C:\Windows\System\QuPdeKS.exe
  C:\Windows\System\QuPdeKS.exe
  2⤵
  PID:9864
- C:\Windows\System\ojWzWzA.exe
  C:\Windows\System\ojWzWzA.exe
  2⤵
  PID:9920
- C:\Windows\System\MRUUzaN.exe
  C:\Windows\System\MRUUzaN.exe
  2⤵
  PID:10000
- C:\Windows\System\EseBBWw.exe
  C:\Windows\System\EseBBWw.exe
  2⤵
  PID:10060
- C:\Windows\System\LlrbxTV.exe
  C:\Windows\System\LlrbxTV.exe
  2⤵
  PID:10120
- C:\Windows\System\VkFgnCF.exe
  C:\Windows\System\VkFgnCF.exe
  2⤵
  PID:10196
- C:\Windows\System\NWMqeCw.exe
  C:\Windows\System\NWMqeCw.exe
  2⤵
  PID:9276
- C:\Windows\System\UjpMsvF.exe
  C:\Windows\System\UjpMsvF.exe
  2⤵
  PID:9432
- C:\Windows\System\Rzvohzw.exe
  C:\Windows\System\Rzvohzw.exe
  2⤵
  PID:9524
- C:\Windows\System\eZucKeX.exe
  C:\Windows\System\eZucKeX.exe
  2⤵
  PID:9724
- C:\Windows\System\nGNNVpX.exe
  C:\Windows\System\nGNNVpX.exe
  2⤵
  PID:9848
- C:\Windows\System\YBKmhtz.exe
  C:\Windows\System\YBKmhtz.exe
  2⤵
  PID:9980
- C:\Windows\System\GqQQAdO.exe
  C:\Windows\System\GqQQAdO.exe
  2⤵
  PID:10148
- C:\Windows\System\KzRGSBS.exe
  C:\Windows\System\KzRGSBS.exe
  2⤵
  PID:9460
- C:\Windows\System\qeGcJJf.exe
  C:\Windows\System\qeGcJJf.exe
  2⤵
  PID:9772
- C:\Windows\System\FXaBLVg.exe
  C:\Windows\System\FXaBLVg.exe
  2⤵
  PID:10052
- C:\Windows\System\GSwsYlT.exe
  C:\Windows\System\GSwsYlT.exe
  2⤵
  PID:9628
- C:\Windows\System\HySoyXQ.exe
  C:\Windows\System\HySoyXQ.exe
  2⤵
  PID:9500
- C:\Windows\System\YETJtFR.exe
  C:\Windows\System\YETJtFR.exe
  2⤵
  PID:10256
- C:\Windows\System\rnyTTbe.exe
  C:\Windows\System\rnyTTbe.exe
  2⤵
  PID:10284
- C:\Windows\System\aZKrNyo.exe
  C:\Windows\System\aZKrNyo.exe
  2⤵
  PID:10344
- C:\Windows\System\ruJCHBo.exe
  C:\Windows\System\ruJCHBo.exe
  2⤵
  PID:10372
- C:\Windows\System\mMScjqa.exe
  C:\Windows\System\mMScjqa.exe
  2⤵
  PID:10400
- C:\Windows\System\LpEZtQo.exe
  C:\Windows\System\LpEZtQo.exe
  2⤵
  PID:10448
- C:\Windows\System\qasQdtP.exe
  C:\Windows\System\qasQdtP.exe
  2⤵
  PID:10488
- C:\Windows\System\zMrufhB.exe
  C:\Windows\System\zMrufhB.exe
  2⤵
  PID:10536
- C:\Windows\System\ExWrdDv.exe
  C:\Windows\System\ExWrdDv.exe
  2⤵
  PID:10568
- C:\Windows\System\trseWOA.exe
  C:\Windows\System\trseWOA.exe
  2⤵
  PID:10616
- C:\Windows\System\eqeotCb.exe
  C:\Windows\System\eqeotCb.exe
  2⤵
  PID:10640
- C:\Windows\System\UbyBnRm.exe
  C:\Windows\System\UbyBnRm.exe
  2⤵
  PID:10672
- C:\Windows\System\rfdzFLm.exe
  C:\Windows\System\rfdzFLm.exe
  2⤵
  PID:10700
- C:\Windows\System\FXKmllg.exe
  C:\Windows\System\FXKmllg.exe
  2⤵
  PID:10728
- C:\Windows\System\MzwXDks.exe
  C:\Windows\System\MzwXDks.exe
  2⤵
  PID:10760
- C:\Windows\System\sMFvarU.exe
  C:\Windows\System\sMFvarU.exe
  2⤵
  PID:10788
- C:\Windows\System\ScDCDDn.exe
  C:\Windows\System\ScDCDDn.exe
  2⤵
  PID:10824
- C:\Windows\System\WbZqGfa.exe
  C:\Windows\System\WbZqGfa.exe
  2⤵
  PID:10848
- C:\Windows\System\xUcRwKl.exe
  C:\Windows\System\xUcRwKl.exe
  2⤵
  PID:10880
- C:\Windows\System\lHoCjLM.exe
  C:\Windows\System\lHoCjLM.exe
  2⤵
  PID:10908
- C:\Windows\System\xJbJNOH.exe
  C:\Windows\System\xJbJNOH.exe
  2⤵
  PID:10944
- C:\Windows\System\ElhCwss.exe
  C:\Windows\System\ElhCwss.exe
  2⤵
  PID:10964
- C:\Windows\System\WTSynBI.exe
  C:\Windows\System\WTSynBI.exe
  2⤵
  PID:10992
- C:\Windows\System\QaPsrJC.exe
  C:\Windows\System\QaPsrJC.exe
  2⤵
  PID:11020
- C:\Windows\System\QYToIpB.exe
  C:\Windows\System\QYToIpB.exe
  2⤵
  PID:11048
- C:\Windows\System\LrTDKJg.exe
  C:\Windows\System\LrTDKJg.exe
  2⤵
  PID:11076
- C:\Windows\System\rvVTEGp.exe
  C:\Windows\System\rvVTEGp.exe
  2⤵
  PID:11104
- C:\Windows\System\fQXhjtQ.exe
  C:\Windows\System\fQXhjtQ.exe
  2⤵
  PID:11136
- C:\Windows\System\pjzwZLi.exe
  C:\Windows\System\pjzwZLi.exe
  2⤵
  PID:11160
- C:\Windows\System\yVeviSt.exe
  C:\Windows\System\yVeviSt.exe
  2⤵
  PID:11188
- C:\Windows\System\XFLJskk.exe
  C:\Windows\System\XFLJskk.exe
  2⤵
  PID:11224
- C:\Windows\System\KrwPBNw.exe
  C:\Windows\System\KrwPBNw.exe
  2⤵
  PID:11244
- C:\Windows\System\pGiajaR.exe
  C:\Windows\System\pGiajaR.exe
  2⤵
  PID:10248
- C:\Windows\System\cRZPnMO.exe
  C:\Windows\System\cRZPnMO.exe
  2⤵
  PID:10296
- C:\Windows\System\EMvzHfZ.exe
  C:\Windows\System\EMvzHfZ.exe
  2⤵
  PID:10328
- C:\Windows\System\oQyAzza.exe
  C:\Windows\System\oQyAzza.exe
  2⤵
  PID:10396
- C:\Windows\System\spXjEeX.exe
  C:\Windows\System\spXjEeX.exe
  2⤵
  PID:10528
- C:\Windows\System\MClKCwd.exe
  C:\Windows\System\MClKCwd.exe
  2⤵
  PID:10608
- C:\Windows\System\gVMWvFm.exe
  C:\Windows\System\gVMWvFm.exe
  2⤵
  PID:4436
- C:\Windows\System\EBhVtjf.exe
  C:\Windows\System\EBhVtjf.exe
  2⤵
  PID:10556
- C:\Windows\System\buvdhRm.exe
  C:\Windows\System\buvdhRm.exe
  2⤵
  PID:10664
- C:\Windows\System\QKSCQac.exe
  C:\Windows\System\QKSCQac.exe
  2⤵
  PID:10720
- C:\Windows\System\pHAFeBg.exe
  C:\Windows\System\pHAFeBg.exe
  2⤵
  PID:10784
- C:\Windows\System\KeiaAAH.exe
  C:\Windows\System\KeiaAAH.exe
  2⤵
  PID:10872
- C:\Windows\System\RUYLHQJ.exe
  C:\Windows\System\RUYLHQJ.exe
  2⤵
  PID:10928
- C:\Windows\System\QimAsRm.exe
  C:\Windows\System\QimAsRm.exe
  2⤵
  PID:10988
- C:\Windows\System\oEkCijb.exe
  C:\Windows\System\oEkCijb.exe
  2⤵
  PID:11060
- C:\Windows\System\MWPyRAt.exe
  C:\Windows\System\MWPyRAt.exe
  2⤵
  PID:11100
- C:\Windows\System\qFqwcqq.exe
  C:\Windows\System\qFqwcqq.exe
  2⤵
  PID:11172
- C:\Windows\System\lrLTwcO.exe
  C:\Windows\System\lrLTwcO.exe
  2⤵
  PID:11232
- C:\Windows\System\SybHhNi.exe
  C:\Windows\System\SybHhNi.exe
  2⤵
  PID:3780
- C:\Windows\System\LYoLFCy.exe
  C:\Windows\System\LYoLFCy.exe
  2⤵
  PID:10476
- C:\Windows\System\qJqWkYg.exe
  C:\Windows\System\qJqWkYg.exe
  2⤵
  PID:5004
- C:\Windows\System\itScwpy.exe
  C:\Windows\System\itScwpy.exe
  2⤵
  PID:10636
- C:\Windows\System\DRqLHtw.exe
  C:\Windows\System\DRqLHtw.exe
  2⤵
  PID:10504
- C:\Windows\System\QBnMzep.exe
  C:\Windows\System\QBnMzep.exe
  2⤵
  PID:10816
- C:\Windows\System\WRoerNt.exe
  C:\Windows\System\WRoerNt.exe
  2⤵
  PID:10924
- C:\Windows\System\yHuBDoO.exe
  C:\Windows\System\yHuBDoO.exe
  2⤵
  PID:10984
- C:\Windows\System\aHWpMCD.exe
  C:\Windows\System\aHWpMCD.exe
  2⤵
  PID:11156
- C:\Windows\System\HAipGcu.exe
  C:\Windows\System\HAipGcu.exe
  2⤵
  PID:2644
- C:\Windows\System\SKVwOfZ.exe
  C:\Windows\System\SKVwOfZ.exe
  2⤵
  PID:10756
- C:\Windows\System\MQGVsdQ.exe
  C:\Windows\System\MQGVsdQ.exe
  2⤵
  PID:11212
- C:\Windows\System\OersKlg.exe
  C:\Windows\System\OersKlg.exe
  2⤵
  PID:10904
- C:\Windows\System\EYzzVHr.exe
  C:\Windows\System\EYzzVHr.exe
  2⤵
  PID:10748
- C:\Windows\System\GUgVFsu.exe
  C:\Windows\System\GUgVFsu.exe
  2⤵
  PID:10956
- C:\Windows\System\VhVdUch.exe
  C:\Windows\System\VhVdUch.exe
  2⤵
  PID:10312
- C:\Windows\System\uBPiVXU.exe
  C:\Windows\System\uBPiVXU.exe
  2⤵
  PID:10320
- C:\Windows\System\BlyNnoB.exe
  C:\Windows\System\BlyNnoB.exe
  2⤵
  PID:11288
- C:\Windows\System\ZusPmjM.exe
  C:\Windows\System\ZusPmjM.exe
  2⤵
  PID:11316
- C:\Windows\System\FMkcFFG.exe
  C:\Windows\System\FMkcFFG.exe
  2⤵
  PID:11344
- C:\Windows\System\TxItRVa.exe
  C:\Windows\System\TxItRVa.exe
  2⤵
  PID:11372
- C:\Windows\System\cfdzSNu.exe
  C:\Windows\System\cfdzSNu.exe
  2⤵
  PID:11400
- C:\Windows\System\dAdhuEc.exe
  C:\Windows\System\dAdhuEc.exe
  2⤵
  PID:11428
- C:\Windows\System\CvxJXwD.exe
  C:\Windows\System\CvxJXwD.exe
  2⤵
  PID:11456
- C:\Windows\System\fxEgxVu.exe
  C:\Windows\System\fxEgxVu.exe
  2⤵
  PID:11484
- C:\Windows\System\toaNKQa.exe
  C:\Windows\System\toaNKQa.exe
  2⤵
  PID:11512
- C:\Windows\System\reBpoRA.exe
  C:\Windows\System\reBpoRA.exe
  2⤵
  PID:11540
- C:\Windows\System\VAzcsup.exe
  C:\Windows\System\VAzcsup.exe
  2⤵
  PID:11568
- C:\Windows\System\tLDRZBD.exe
  C:\Windows\System\tLDRZBD.exe
  2⤵
  PID:11596
- C:\Windows\System\hjEMwQH.exe
  C:\Windows\System\hjEMwQH.exe
  2⤵
  PID:11624
- C:\Windows\System\iVktzAE.exe
  C:\Windows\System\iVktzAE.exe
  2⤵
  PID:11652
- C:\Windows\System\OKcqxas.exe
  C:\Windows\System\OKcqxas.exe
  2⤵
  PID:11692
- C:\Windows\System\xobOrMO.exe
  C:\Windows\System\xobOrMO.exe
  2⤵
  PID:11716
- C:\Windows\System\LKRXXWv.exe
  C:\Windows\System\LKRXXWv.exe
  2⤵
  PID:11736
- C:\Windows\System\APARmZy.exe
  C:\Windows\System\APARmZy.exe
  2⤵
  PID:11768
- C:\Windows\System\hPKyVBW.exe
  C:\Windows\System\hPKyVBW.exe
  2⤵
  PID:11796
- C:\Windows\System\UlIERgk.exe
  C:\Windows\System\UlIERgk.exe
  2⤵
  PID:11824
- C:\Windows\System\ufYQIPt.exe
  C:\Windows\System\ufYQIPt.exe
  2⤵
  PID:11852
- C:\Windows\System\oFzFgNO.exe
  C:\Windows\System\oFzFgNO.exe
  2⤵
  PID:11880
- C:\Windows\System\JyYDmna.exe
  C:\Windows\System\JyYDmna.exe
  2⤵
  PID:11908
- C:\Windows\System\fmYYBNA.exe
  C:\Windows\System\fmYYBNA.exe
  2⤵
  PID:12124
- C:\Windows\System\yWTfiZD.exe
  C:\Windows\System\yWTfiZD.exe
  2⤵
  PID:12152
- C:\Windows\System\RpmtDDS.exe
  C:\Windows\System\RpmtDDS.exe
  2⤵
  PID:12188
- C:\Windows\System\HAYtpyJ.exe
  C:\Windows\System\HAYtpyJ.exe
  2⤵
  PID:12208
- C:\Windows\System\PgrWYLr.exe
  C:\Windows\System\PgrWYLr.exe
  2⤵
  PID:12236
- C:\Windows\System\ZFXAuGO.exe
  C:\Windows\System\ZFXAuGO.exe
  2⤵
  PID:12268
- C:\Windows\System\RSOZmPa.exe
  C:\Windows\System\RSOZmPa.exe
  2⤵
  PID:11284
- C:\Windows\System\InfcsjZ.exe
  C:\Windows\System\InfcsjZ.exe
  2⤵
  PID:11340
- C:\Windows\System\WnmByxA.exe
  C:\Windows\System\WnmByxA.exe
  2⤵
  PID:11412
- C:\Windows\System\OdEnVxZ.exe
  C:\Windows\System\OdEnVxZ.exe
  2⤵
  PID:11480
- C:\Windows\System\ACnEBoh.exe
  C:\Windows\System\ACnEBoh.exe
  2⤵
  PID:11536
- C:\Windows\System\GyZtuHM.exe
  C:\Windows\System\GyZtuHM.exe
  2⤵
  PID:11620
- C:\Windows\System\rsLaeyV.exe
  C:\Windows\System\rsLaeyV.exe
  2⤵
  PID:11672
- C:\Windows\System\UanqMZC.exe
  C:\Windows\System\UanqMZC.exe
  2⤵
  PID:11732
- C:\Windows\System\BzPQkZd.exe
  C:\Windows\System\BzPQkZd.exe
  2⤵
  PID:11808
- C:\Windows\System\qQZOqYx.exe
  C:\Windows\System\qQZOqYx.exe
  2⤵
  PID:11864
- C:\Windows\System\pQmtCbY.exe
  C:\Windows\System\pQmtCbY.exe
  2⤵
  PID:11900
- C:\Windows\System\xypkvMQ.exe
  C:\Windows\System\xypkvMQ.exe
  2⤵
  PID:11944
- C:\Windows\System\YFscLoU.exe
  C:\Windows\System\YFscLoU.exe
  2⤵
  PID:11972
- C:\Windows\System\oqGIVLi.exe
  C:\Windows\System\oqGIVLi.exe
  2⤵
  PID:12000
- C:\Windows\System\JisAyqU.exe
  C:\Windows\System\JisAyqU.exe
  2⤵
  PID:12028
- C:\Windows\System\iRZxOKr.exe
  C:\Windows\System\iRZxOKr.exe
  2⤵
  PID:12056
- C:\Windows\System\NOidIAG.exe
  C:\Windows\System\NOidIAG.exe
  2⤵
  PID:12084
- C:\Windows\System\sCVXqdA.exe
  C:\Windows\System\sCVXqdA.exe
  2⤵
  PID:12112
- C:\Windows\System\PegTWrK.exe
  C:\Windows\System\PegTWrK.exe
  2⤵
  PID:12172
- C:\Windows\System\OpeUmoj.exe
  C:\Windows\System\OpeUmoj.exe
  2⤵
  PID:12284
- C:\Windows\System\mvAwwTa.exe
  C:\Windows\System\mvAwwTa.exe
  2⤵
  PID:11328
- C:\Windows\System\qUfoJVF.exe
  C:\Windows\System\qUfoJVF.exe
  2⤵
  PID:11452
- C:\Windows\System\bPUgtmk.exe
  C:\Windows\System\bPUgtmk.exe
  2⤵
  PID:11592
- C:\Windows\System\VrMMhuU.exe
  C:\Windows\System\VrMMhuU.exe
  2⤵
  PID:11840
- C:\Windows\System\bFFwIIE.exe
  C:\Windows\System\bFFwIIE.exe
  2⤵
  PID:4976
- C:\Windows\System\BNMqFCq.exe
  C:\Windows\System\BNMqFCq.exe
  2⤵
  PID:11964
- C:\Windows\System\tkRKdLO.exe
  C:\Windows\System\tkRKdLO.exe
  2⤵
  PID:12020
- C:\Windows\System\NeJVtJB.exe
  C:\Windows\System\NeJVtJB.exe
  2⤵
  PID:12080
- C:\Windows\System\ORUJUqB.exe
  C:\Windows\System\ORUJUqB.exe
  2⤵
  PID:12264
- C:\Windows\System\PXtkymb.exe
  C:\Windows\System\PXtkymb.exe
  2⤵
  PID:11440
- C:\Windows\System\CfMvzfd.exe
  C:\Windows\System\CfMvzfd.exe
  2⤵
  PID:11792
- C:\Windows\System\xtgaZcg.exe
  C:\Windows\System\xtgaZcg.exe
  2⤵
  PID:11956
- C:\Windows\System\Vsbnbmk.exe
  C:\Windows\System\Vsbnbmk.exe
  2⤵
  PID:12136
- C:\Windows\System\zwalZlt.exe
  C:\Windows\System\zwalZlt.exe
  2⤵
  PID:12256
- C:\Windows\System\yjIOiNm.exe
  C:\Windows\System\yjIOiNm.exe
  2⤵
  PID:12076
- C:\Windows\System\TspSWZa.exe
  C:\Windows\System\TspSWZa.exe
  2⤵
  PID:11588
- C:\Windows\System\fiCGxyx.exe
  C:\Windows\System\fiCGxyx.exe
  2⤵
  PID:12320
- C:\Windows\System\TxUrBOy.exe
  C:\Windows\System\TxUrBOy.exe
  2⤵
  PID:12340
- C:\Windows\System\tYCgHUO.exe
  C:\Windows\System\tYCgHUO.exe
  2⤵
  PID:12368
- C:\Windows\System\AufzJWm.exe
  C:\Windows\System\AufzJWm.exe
  2⤵
  PID:12396
- C:\Windows\System\HwVBLQI.exe
  C:\Windows\System\HwVBLQI.exe
  2⤵
  PID:12424
- C:\Windows\System\sHtZGla.exe
  C:\Windows\System\sHtZGla.exe
  2⤵
  PID:12464
- C:\Windows\System\vTKQydS.exe
  C:\Windows\System\vTKQydS.exe
  2⤵
  PID:12488
- C:\Windows\System\vxvCbJP.exe
  C:\Windows\System\vxvCbJP.exe
  2⤵
  PID:12512
- C:\Windows\System\xdRavEE.exe
  C:\Windows\System\xdRavEE.exe
  2⤵
  PID:12540
- C:\Windows\System\bIVBoYw.exe
  C:\Windows\System\bIVBoYw.exe
  2⤵
  PID:12568
- C:\Windows\System\igAwFsu.exe
  C:\Windows\System\igAwFsu.exe
  2⤵
  PID:12596
- C:\Windows\System\xBItTvR.exe
  C:\Windows\System\xBItTvR.exe
  2⤵
  PID:12624
- C:\Windows\System\XOzRGPk.exe
  C:\Windows\System\XOzRGPk.exe
  2⤵
  PID:12652
- C:\Windows\System\vWNxuYv.exe
  C:\Windows\System\vWNxuYv.exe
  2⤵
  PID:12680
- C:\Windows\System\drCgWDl.exe
  C:\Windows\System\drCgWDl.exe
  2⤵
  PID:12708
- C:\Windows\System\zlsMSQe.exe
  C:\Windows\System\zlsMSQe.exe
  2⤵
  PID:12736
- C:\Windows\System\tUQGoAU.exe
  C:\Windows\System\tUQGoAU.exe
  2⤵
  PID:12764
- C:\Windows\System\aAviWbK.exe
  C:\Windows\System\aAviWbK.exe
  2⤵
  PID:12800
- C:\Windows\System\CrRLqfY.exe
  C:\Windows\System\CrRLqfY.exe
  2⤵
  PID:12820
- C:\Windows\System\ubFzbRu.exe
  C:\Windows\System\ubFzbRu.exe
  2⤵
  PID:12848
- C:\Windows\System\mHVoePD.exe
  C:\Windows\System\mHVoePD.exe
  2⤵
  PID:12876
- C:\Windows\System\AXTBmon.exe
  C:\Windows\System\AXTBmon.exe
  2⤵
  PID:12904
- C:\Windows\System\SArwuZQ.exe
  C:\Windows\System\SArwuZQ.exe
  2⤵
  PID:12932
- C:\Windows\System\CQZOVAb.exe
  C:\Windows\System\CQZOVAb.exe
  2⤵
  PID:12964
- C:\Windows\System\gJFxOkv.exe
  C:\Windows\System\gJFxOkv.exe
  2⤵
  PID:12992
- C:\Windows\System\nrmOmXr.exe
  C:\Windows\System\nrmOmXr.exe
  2⤵
  PID:13020
- C:\Windows\System\TzJFjEq.exe
  C:\Windows\System\TzJFjEq.exe
  2⤵
  PID:13048
- C:\Windows\System\vZfcCDi.exe
  C:\Windows\System\vZfcCDi.exe
  2⤵
  PID:13076
- C:\Windows\System\TqLWMug.exe
  C:\Windows\System\TqLWMug.exe
  2⤵
  PID:13104
- C:\Windows\System\aCveMxR.exe
  C:\Windows\System\aCveMxR.exe
  2⤵
  PID:13132
- C:\Windows\System\DpJqyPZ.exe
  C:\Windows\System\DpJqyPZ.exe
  2⤵
  PID:13160
- C:\Windows\System\BiFxdNo.exe
  C:\Windows\System\BiFxdNo.exe
  2⤵
  PID:13188
- C:\Windows\System\YGDtvbF.exe
  C:\Windows\System\YGDtvbF.exe
  2⤵
  PID:13216
- C:\Windows\System\YRhnLTt.exe
  C:\Windows\System\YRhnLTt.exe
  2⤵
  PID:13244
- C:\Windows\System\YfsIEmg.exe
  C:\Windows\System\YfsIEmg.exe
  2⤵
  PID:13272
- C:\Windows\System\QuZyUfW.exe
  C:\Windows\System\QuZyUfW.exe
  2⤵
  PID:13300
- C:\Windows\System\PdoUScb.exe
  C:\Windows\System\PdoUScb.exe
  2⤵
  PID:12332
- C:\Windows\System\FvFjrTH.exe
  C:\Windows\System\FvFjrTH.exe
  2⤵
  PID:12392
- C:\Windows\System\JncJzhq.exe
  C:\Windows\System\JncJzhq.exe
  2⤵
  PID:12452
- C:\Windows\System\SrWMEPw.exe
  C:\Windows\System\SrWMEPw.exe
  2⤵
  PID:12504
- C:\Windows\System\GdgmLRZ.exe
  C:\Windows\System\GdgmLRZ.exe
  2⤵
  PID:12564
- C:\Windows\System\wFNbUBl.exe
  C:\Windows\System\wFNbUBl.exe
  2⤵
  PID:12636
- C:\Windows\System\DdaVYkN.exe
  C:\Windows\System\DdaVYkN.exe
  2⤵
  PID:12676
- C:\Windows\System\EyObrlk.exe
  C:\Windows\System\EyObrlk.exe
  2⤵
  PID:12732
- C:\Windows\System\lYpEWND.exe
  C:\Windows\System\lYpEWND.exe
  2⤵
  PID:12808
- C:\Windows\System\vOpgTwf.exe
  C:\Windows\System\vOpgTwf.exe
  2⤵
  PID:12868
- C:\Windows\System\xAEioPf.exe
  C:\Windows\System\xAEioPf.exe
  2⤵
  PID:12928
- C:\Windows\System\WfWvnNQ.exe
  C:\Windows\System\WfWvnNQ.exe
  2⤵
  PID:13004
- C:\Windows\System\xXnyAbr.exe
  C:\Windows\System\xXnyAbr.exe
  2⤵
  PID:13068
- C:\Windows\System\WHkfbgV.exe
  C:\Windows\System\WHkfbgV.exe
  2⤵
  PID:13156
- C:\Windows\System\MpUCpaY.exe
  C:\Windows\System\MpUCpaY.exe
  2⤵
  PID:13212
- C:\Windows\System\SxpvZvq.exe
  C:\Windows\System\SxpvZvq.exe
  2⤵
  PID:13268
- C:\Windows\System\dFwYLKz.exe
  C:\Windows\System\dFwYLKz.exe
  2⤵
  PID:12360
- C:\Windows\System\YAcdZCN.exe
  C:\Windows\System\YAcdZCN.exe
  2⤵
  PID:12448
- C:\Windows\System\USUjsmI.exe
  C:\Windows\System\USUjsmI.exe
  2⤵
  PID:12560
- C:\Windows\System\bIHXnZF.exe
  C:\Windows\System\bIHXnZF.exe
  2⤵
  PID:12704
- C:\Windows\System\ojPtYRf.exe
  C:\Windows\System\ojPtYRf.exe
  2⤵
  PID:12788
- C:\Windows\System\QMBTBTo.exe
  C:\Windows\System\QMBTBTo.exe
  2⤵
  PID:12980
- C:\Windows\System\TQHGHgO.exe
  C:\Windows\System\TQHGHgO.exe
  2⤵
  PID:13100
- C:\Windows\System\QFuQrOY.exe
  C:\Windows\System\QFuQrOY.exe
  2⤵
  PID:13256
- C:\Windows\System\CpDKlzF.exe
  C:\Windows\System\CpDKlzF.exe
  2⤵
  PID:12532
- C:\Windows\System\XftnNIF.exe
  C:\Windows\System\XftnNIF.exe
  2⤵
  PID:12148
- C:\Windows\System\tAFRRbW.exe
  C:\Windows\System\tAFRRbW.exe
  2⤵
  PID:13044
- C:\Windows\System\zbrQARL.exe
  C:\Windows\System\zbrQARL.exe
  2⤵
  PID:12304
- C:\Windows\System\IVVoqEo.exe
  C:\Windows\System\IVVoqEo.exe
  2⤵
  PID:12924
- C:\Windows\System\kiMVOsk.exe
  C:\Windows\System\kiMVOsk.exe
  2⤵
  PID:12620
- C:\Windows\System\cnqpcZx.exe
  C:\Windows\System\cnqpcZx.exe
  2⤵
  PID:1004
- C:\Windows\System\AKpLNLX.exe
  C:\Windows\System\AKpLNLX.exe
  2⤵
  PID:13332
- C:\Windows\System\SsseWeB.exe
  C:\Windows\System\SsseWeB.exe
  2⤵
  PID:13360
- C:\Windows\System\nUCDswm.exe
  C:\Windows\System\nUCDswm.exe
  2⤵
  PID:13388
- C:\Windows\System\KwEjTNZ.exe
  C:\Windows\System\KwEjTNZ.exe
  2⤵
  PID:13416
- C:\Windows\System\OSXoMlM.exe
  C:\Windows\System\OSXoMlM.exe
  2⤵
  PID:13444
- C:\Windows\System\yqlLMHO.exe
  C:\Windows\System\yqlLMHO.exe
  2⤵
  PID:13472
- C:\Windows\System\EuPeCql.exe
  C:\Windows\System\EuPeCql.exe
  2⤵
  PID:13500
- C:\Windows\System\timOpJp.exe
  C:\Windows\System\timOpJp.exe
  2⤵
  PID:13528
- C:\Windows\System\YtPxSxJ.exe
  C:\Windows\System\YtPxSxJ.exe
  2⤵
  PID:13556
- C:\Windows\System\ucsjsGR.exe
  C:\Windows\System\ucsjsGR.exe
  2⤵
  PID:13584
- C:\Windows\System\hOZZfFF.exe
  C:\Windows\System\hOZZfFF.exe
  2⤵
  PID:13612
- C:\Windows\System\nZYZzaN.exe
  C:\Windows\System\nZYZzaN.exe
  2⤵
  PID:13640
- C:\Windows\System\MZBQUoS.exe
  C:\Windows\System\MZBQUoS.exe
  2⤵
  PID:13668
- C:\Windows\System\akEuMwT.exe
  C:\Windows\System\akEuMwT.exe
  2⤵
  PID:13696
- C:\Windows\System\VIkpNho.exe
  C:\Windows\System\VIkpNho.exe
  2⤵
  PID:13728
- C:\Windows\System\deEgusA.exe
  C:\Windows\System\deEgusA.exe
  2⤵
  PID:13756
- C:\Windows\System\nhOCvAt.exe
  C:\Windows\System\nhOCvAt.exe
  2⤵
  PID:13784
- C:\Windows\System\QGlRIcU.exe
  C:\Windows\System\QGlRIcU.exe
  2⤵
  PID:13812
- C:\Windows\System\RskgocI.exe
  C:\Windows\System\RskgocI.exe
  2⤵
  PID:13840
- C:\Windows\System\PkSdlFS.exe
  C:\Windows\System\PkSdlFS.exe
  2⤵
  PID:13868
- C:\Windows\System\zuCPXaf.exe
  C:\Windows\System\zuCPXaf.exe
  2⤵
  PID:13896
- C:\Windows\System\GrFZmBW.exe
  C:\Windows\System\GrFZmBW.exe
  2⤵
  PID:13924
- C:\Windows\System\uHQbIly.exe
  C:\Windows\System\uHQbIly.exe
  2⤵
  PID:13952
- C:\Windows\System\BGROUIF.exe
  C:\Windows\System\BGROUIF.exe
  2⤵
  PID:13980
- C:\Windows\System\ocKYypJ.exe
  C:\Windows\System\ocKYypJ.exe
  2⤵
  PID:14016
- C:\Windows\System\WwfwBcJ.exe
  C:\Windows\System\WwfwBcJ.exe
  2⤵
  PID:14044
- C:\Windows\System\oGdzIlw.exe
  C:\Windows\System\oGdzIlw.exe
  2⤵
  PID:14072
- C:\Windows\System\PdgvTaB.exe
  C:\Windows\System\PdgvTaB.exe
  2⤵
  PID:14100
- C:\Windows\System\ZsvwFkD.exe
  C:\Windows\System\ZsvwFkD.exe
  2⤵
  PID:14128
- C:\Windows\System\uEcNfev.exe
  C:\Windows\System\uEcNfev.exe
  2⤵
  PID:14156
- C:\Windows\System\sPBFxXA.exe
  C:\Windows\System\sPBFxXA.exe
  2⤵
  PID:14184
- C:\Windows\System\aIffhZI.exe
  C:\Windows\System\aIffhZI.exe
  2⤵
  PID:14212
- C:\Windows\System\TsHylXx.exe
  C:\Windows\System\TsHylXx.exe
  2⤵
  PID:14240
- C:\Windows\System\LgUiwyO.exe
  C:\Windows\System\LgUiwyO.exe
  2⤵
  PID:14268
- C:\Windows\System\UycSHiM.exe
  C:\Windows\System\UycSHiM.exe
  2⤵
  PID:14296
- C:\Windows\System\TduoCfV.exe
  C:\Windows\System\TduoCfV.exe
  2⤵
  PID:14324
- C:\Windows\System\npNaMYx.exe
  C:\Windows\System\npNaMYx.exe
  2⤵
  PID:3904
- C:\Windows\System\PUYicSE.exe
  C:\Windows\System\PUYicSE.exe
  2⤵
  PID:13400
- C:\Windows\System\TTNWMXB.exe
  C:\Windows\System\TTNWMXB.exe
  2⤵
  PID:13468
- C:\Windows\System\uVdfSxy.exe
  C:\Windows\System\uVdfSxy.exe
  2⤵
  PID:13540
- C:\Windows\System\BODVZYX.exe
  C:\Windows\System\BODVZYX.exe
  2⤵
  PID:13576
- C:\Windows\System\KGRVUNv.exe
  C:\Windows\System\KGRVUNv.exe
  2⤵
  PID:13652
- C:\Windows\System\oToLrGq.exe
  C:\Windows\System\oToLrGq.exe
  2⤵
  PID:13740
- C:\Windows\System\phdtHKv.exe
  C:\Windows\System\phdtHKv.exe
  2⤵
  PID:13780
- C:\Windows\System\AJMPWRO.exe
  C:\Windows\System\AJMPWRO.exe
  2⤵
  PID:13864
- C:\Windows\System\jGpAWfR.exe
  C:\Windows\System\jGpAWfR.exe
  2⤵
  PID:13920
- C:\Windows\System\CsReTJM.exe
  C:\Windows\System\CsReTJM.exe
  2⤵
  PID:13992
- C:\Windows\System\qQmKRgd.exe
  C:\Windows\System\qQmKRgd.exe
  2⤵
  PID:14068
- C:\Windows\System\tgKtRZC.exe
  C:\Windows\System\tgKtRZC.exe
  2⤵
  PID:14124
- C:\Windows\System\YmhOjCO.exe
  C:\Windows\System\YmhOjCO.exe
  2⤵
  PID:14196
- C:\Windows\System\ljuhVKp.exe
  C:\Windows\System\ljuhVKp.exe
  2⤵
  PID:14260
- C:\Windows\System\hcgfnsT.exe
  C:\Windows\System\hcgfnsT.exe
  2⤵
  PID:14320
- C:\Windows\System\fXOzAwN.exe
  C:\Windows\System\fXOzAwN.exe
  2⤵
  PID:13384
- C:\Windows\System\ujuIlgs.exe
  C:\Windows\System\ujuIlgs.exe
  2⤵
  PID:13552
- C:\Windows\System\tMJuhZf.exe
  C:\Windows\System\tMJuhZf.exe
  2⤵
  PID:13692
- C:\Windows\System\yycsCLD.exe
  C:\Windows\System\yycsCLD.exe
  2⤵
  PID:13852
- C:\Windows\System\DjPSmwt.exe
  C:\Windows\System\DjPSmwt.exe
  2⤵
  PID:14028
- C:\Windows\System\DHWrWGH.exe
  C:\Windows\System\DHWrWGH.exe
  2⤵
  PID:3628
- C:\Windows\System\IPKqkVw.exe
  C:\Windows\System\IPKqkVw.exe
  2⤵
  PID:14236
- C:\Windows\System\vjCMASt.exe
  C:\Windows\System\vjCMASt.exe
  2⤵
  PID:5100
- C:\Windows\System\TcuQVbs.exe
  C:\Windows\System\TcuQVbs.exe
  2⤵
  PID:13632
- C:\Windows\System\HDfWEYd.exe
  C:\Windows\System\HDfWEYd.exe
  2⤵
  PID:14112
- C:\Windows\System\gwcbpDx.exe
  C:\Windows\System\gwcbpDx.exe
  2⤵
  PID:13348
- C:\Windows\System\kUoHtJc.exe
  C:\Windows\System\kUoHtJc.exe
  2⤵
  PID:13976
- C:\Windows\System\GmELjsX.exe
  C:\Windows\System\GmELjsX.exe
  2⤵
  PID:14312
- C:\Windows\System\ihBNlHS.exe
  C:\Windows\System\ihBNlHS.exe
  2⤵
  PID:14356
- C:\Windows\System\oaqbGlh.exe
  C:\Windows\System\oaqbGlh.exe
  2⤵
  PID:14384
- C:\Windows\System\cvayKCO.exe
  C:\Windows\System\cvayKCO.exe
  2⤵
  PID:14412
- C:\Windows\System\SMxAcnZ.exe
  C:\Windows\System\SMxAcnZ.exe
  2⤵
  PID:14440
- C:\Windows\System\bmZLOPu.exe
  C:\Windows\System\bmZLOPu.exe
  2⤵
  PID:14468
- C:\Windows\System\BPNfgFx.exe
  C:\Windows\System\BPNfgFx.exe
  2⤵
  PID:14496
- C:\Windows\System\gYPgZFo.exe
  C:\Windows\System\gYPgZFo.exe
  2⤵
  PID:14524
- C:\Windows\System\DYHRXRH.exe
  C:\Windows\System\DYHRXRH.exe
  2⤵
  PID:14552
- C:\Windows\System\RDbWqHm.exe
  C:\Windows\System\RDbWqHm.exe
  2⤵
  PID:14580
- C:\Windows\System\AHrmvkU.exe
  C:\Windows\System\AHrmvkU.exe
  2⤵
  PID:14608
- C:\Windows\System\xprdJPU.exe
  C:\Windows\System\xprdJPU.exe
  2⤵
  PID:14640
- C:\Windows\System\yisFtzd.exe
  C:\Windows\System\yisFtzd.exe
  2⤵
  PID:14672
- C:\Windows\System\FuhCodp.exe
  C:\Windows\System\FuhCodp.exe
  2⤵
  PID:14716
- C:\Windows\System\APdodgY.exe
  C:\Windows\System\APdodgY.exe
  2⤵
  PID:14740
- C:\Windows\System\CBtHJcB.exe
  C:\Windows\System\CBtHJcB.exe
  2⤵
  PID:14760
- C:\Windows\System\OKTlYYi.exe
  C:\Windows\System\OKTlYYi.exe
  2⤵
  PID:14792
- C:\Windows\System\MdELoXB.exe
  C:\Windows\System\MdELoXB.exe
  2⤵
  PID:14816
- C:\Windows\System\qSbqtCO.exe
  C:\Windows\System\qSbqtCO.exe
  2⤵
  PID:14856
- C:\Windows\System\cXZICuS.exe
  C:\Windows\System\cXZICuS.exe
  2⤵
  PID:14884
- C:\Windows\System\uKwubOT.exe
  C:\Windows\System\uKwubOT.exe
  2⤵
  PID:14912
- C:\Windows\System\wlwoHnM.exe
  C:\Windows\System\wlwoHnM.exe
  2⤵
  PID:14940
- C:\Windows\System\MLKICng.exe
  C:\Windows\System\MLKICng.exe
  2⤵
  PID:14968
- C:\Windows\System\YrEQJbR.exe
  C:\Windows\System\YrEQJbR.exe
  2⤵
  PID:14996
- C:\Windows\System\NqSknYq.exe
  C:\Windows\System\NqSknYq.exe
  2⤵
  PID:15024
- C:\Windows\System\VSxUyhL.exe
  C:\Windows\System\VSxUyhL.exe
  2⤵
  PID:15044
- C:\Windows\System\LSJJSso.exe
  C:\Windows\System\LSJJSso.exe
  2⤵
  PID:15084
- C:\Windows\System\zMjDldO.exe
  C:\Windows\System\zMjDldO.exe
  2⤵
  PID:15112
- C:\Windows\System\uXQEEOC.exe
  C:\Windows\System\uXQEEOC.exe
  2⤵
  PID:15140
- C:\Windows\System\QVkgLyb.exe
  C:\Windows\System\QVkgLyb.exe
  2⤵
  PID:15172
- C:\Windows\System\LvVrAki.exe
  C:\Windows\System\LvVrAki.exe
  2⤵
  PID:15200
- C:\Windows\System\dghNpiX.exe
  C:\Windows\System\dghNpiX.exe
  2⤵
  PID:15236
- C:\Windows\System\TuHqGlr.exe
  C:\Windows\System\TuHqGlr.exe
  2⤵
  PID:15308
- C:\Windows\System\JQJzdUt.exe
  C:\Windows\System\JQJzdUt.exe
  2⤵
  PID:15324
- C:\Windows\System\gtDrdHI.exe
  C:\Windows\System\gtDrdHI.exe
  2⤵
  PID:14352
- C:\Windows\System\YwxRVgI.exe
  C:\Windows\System\YwxRVgI.exe
  2⤵
  PID:14596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AnRrTwQ.exe

Filesize
6.0MB

MD5
8683dd41e82ac5067ed07e7d743eedcf

SHA1
3d9c8103dcdc1d0cbd7b766372b8322734da9f84

SHA256
3a1fd5dff1f7174231529fdcf58a89f27540b138f89abb0b2242568ddb10af0b

SHA512
1d5a2d43a70f6ba914642ec512e1b00f3592d18c71ffc89d3671bbb8551018a4819fa4dbfe2b7ea97291d38591b6204290d45eeb1291cc43f5e56e9588e4535f

Download Submit
C:\Windows\System\BuqnfUn.exe

Filesize
6.0MB

MD5
05178709d1d0016bbe0411d6f31eb6fc

SHA1
1b6f6702b0a14d386732a33dcf64411f8ca9d2dd

SHA256
df9ab06f3c612688328f1e70b2c1e3367add4be0f3497cb08fb94c21e6f15a22

SHA512
a32f5adcdb92834193b13f6f2b69d900979d85835b128ad83afaaf538981b05c619991e6d088e9b0a5c05d9080154d238ca17039d32638b3998fa2e2ef49f5cb

Download Submit
C:\Windows\System\DYMBsvI.exe

Filesize
6.0MB

MD5
c9493695e96f244be5e8c5a8b5989aa9

SHA1
6b1123d7cd146396399d41e5f4243f7aff04f53e

SHA256
4a063923bfb47f6c7928ef97f5d22d82ac8d609bdbf1aec9dc0d214bc2c0359d

SHA512
d9a136c4cd0fb4b916c4356af7a8ab59045c0350efb63b05ad5ae90b6394808679b1b71f6b4895d1b02f9a34386486464aa4e4e4da43e1d8feb438d38a7c5989

Download Submit
C:\Windows\System\DrnXUAf.exe

Filesize
6.0MB

MD5
75a32d162a80f50fca27f6bc3703438a

SHA1
63d4f30caadbc9deaa1d290d36d5e900b29e859e

SHA256
200cf6e453b64ecf5be364db10d1090618584a6a5d7228d963b1dea396bff440

SHA512
bfd7ff8ffa88678549697bbba09c4d970f5adb0ceeee1c246b5bf57064e5c2599cc25b92c1bb078ca67d24ec595ef7e268209043369e92c89299a594dab6d157

Download Submit
C:\Windows\System\JDsTCAw.exe

Filesize
6.0MB

MD5
1bd6414f2fe88d05e5ec505e8ccf1fc4

SHA1
6de9463f602961b580c2cbad551fc0b07be36acb

SHA256
2b80e416c4fe69da49f6c373fcce943b370aa484966d855440ea83d4e986bf27

SHA512
2365324d0f76992a721127a7272342b1192988759e9dcb16da7b9ed1c21570706952ea0f1367fec05bd4728dac2ffe85a0dd9f5a333c726c8b5a52e1a2662a18

Download Submit
C:\Windows\System\JXjUoWa.exe

Filesize
6.0MB

MD5
54c6941f4517693beb2239d4ba8e08da

SHA1
f5c763447422991bd9499cd820641a24501f1de9

SHA256
5e3da7af001c276c06708fb4389cd71209d9e8ddbbd2a5cc1f329d0054aa06b1

SHA512
a98d3172348977fc4515e79adc0a72e6741ed72492802db2e2fdd7e00db3f001020cfa5853915361d25670da0b4018d227a5ec1f406b4c112323796a6af0108a

Download Submit
C:\Windows\System\KxmfrYr.exe

Filesize
6.0MB

MD5
ce0a42b812f016140a06f7dadc861482

SHA1
68e1106a67c9921793ea3d2e8bf42ed7a22c2dfb

SHA256
b8c84d7d7245ef21a9e2ed5c5db572cbd6e228589cac5d7248af473695117d24

SHA512
8acd381177dc8c274aa1ec997faa6d3e3a4c1c2ad6fdaeba1d931877cbe034cc3951124a0ce261535aee13d814c5de5de8cddba77e2461b2338a348c6b207c74

Download Submit
C:\Windows\System\MzbpDOL.exe

Filesize
6.0MB

MD5
15cd6098e3ed4f4907cb9bb0355edf55

SHA1
11c2183d8ab3c9413ef2233b8ee455d32003dccf

SHA256
409a7794b637e72baf3ff0f5c5d24b767c9b480c8c8727add7415dc6fce1a94b

SHA512
b3ae45ff446a4910c5a621378d813a8977f9b230294a3a448800aef47225c153bc0022dca3902657c8a4cbb35daf23b3ef5362a359827f7041c9a0e801c0a0a0

Download Submit
C:\Windows\System\MzioDdc.exe

Filesize
6.0MB

MD5
ba086a85290279948001824ddcfff59d

SHA1
7f6bdcc7aff8729a699a00e7679df2b4ce03cd23

SHA256
f2c1aa9d732701d772bc7c1910c48d6d52bedc832604d3977b028a35c9094031

SHA512
16a111d53d7d4740b209aaf9783925be4e455d2c629e24fc90c9f65e9214ccef05f31b40d834d0a3c5f8f54f44948067afeefb9fc9e670fada6f404a095bd73d

Download Submit
C:\Windows\System\ONnTvIB.exe

Filesize
6.0MB

MD5
face49dead95a111b99ba664ece7dcc0

SHA1
c5cd4460570966cc1b4f3ae5e9308773efa68c10

SHA256
e6ef3460f5be904a9cf7939a490f809d573d97d0e5994589e2b47e0badfbaea0

SHA512
59d5840e416f4035950f08ca308d347c07cc29ebbb69217d22af7693036c5d3df517899649b767712d41079729061972fbedc0f4ba56dad79bf4ac06f400d097

Download Submit
C:\Windows\System\RQwHDBK.exe

Filesize
6.0MB

MD5
caf7d041c160849dd07e3fab14f32e15

SHA1
a546f0b00746ce90ca2e7981352534994617bd37

SHA256
58edc89f3b9b5fe0b7493f7acea11e06435de40d374f8136dc6e2ece379ef873

SHA512
2065f7bd878c6480db4bbeb3138803ae76568daef82db0150874fba97b51948c5c72ccaf367ed816e41232b782ed1d2bf245d75e6999ed81ac01d79f8ded9670

Download Submit
C:\Windows\System\SHhhpfO.exe

Filesize
6.0MB

MD5
d89e9aa33ad6e87a541fdc01861adf17

SHA1
13db5c589d284023ac4f64185ee40ea7907c86c3

SHA256
e7d566e8745aed576f917884413f1cd157fd495add3c1ff8cccb069f5726ef36

SHA512
7b8cc87e051a11e04adc9fcf5efde9286866ca296195c1d4443da4ff9a2e38f4e95eff08342e408cadcc6770404cdcc18f7976ee68bbad519b1fb5eb1194cebb

Download Submit
C:\Windows\System\UkfkMvS.exe

Filesize
6.0MB

MD5
08b706ef3b3dc3a137a516da91e029fc

SHA1
f93ce6097658bc00cd7218be147d84e6ef48f4c4

SHA256
5fd203a20d6ff007ee0e15a3c4be7cc25900fecab1c26315900b72498b2911a3

SHA512
a14ede355fcce3a2553e6d8c7e8c3ff1f16e585a7f0ac511e6d576784e2250b74bd2400726025f79a9558ae60faffb6a4b5255a2bb09acb1880593a372d29004

Download Submit
C:\Windows\System\VyLiZcx.exe

Filesize
6.0MB

MD5
0cee9cc5a397e75b0a60bb85cf20d853

SHA1
4eb4a8d79663958cfae63d40b9ccf037358bb57e

SHA256
a084a097a3e3421cbb711ce2bb70baa29efe04a04fa369e0c28bec2220d605bb

SHA512
57cc7566564b099796e52fe31d1760fbe93c97efdfc6cf1c229a4d577c1024125a83112b09785f21ff81a51c298b67ff7e9623c78baf61449aa7b8205ce95394

Download Submit
C:\Windows\System\WplwnCX.exe

Filesize
6.0MB

MD5
61e4e67fe90d29fb8294e2f7d3b93056

SHA1
3932735d82d318c51d0f565cfc6924916f9e7ced

SHA256
b6494708675d2eeef76fa47400a49e7b65fd33e05cdc3d4e37cf7947fb47420d

SHA512
3f7588620da851819157c5aa7eaf9bacc18aa1f4554dde1e63d5eac60d7baf7f7902c9c69735cd7d28f86561898bbb8372ba198475643b148645e2ac0b120a87

Download Submit
C:\Windows\System\YaOwsUI.exe

Filesize
6.0MB

MD5
1a65089acbf0254de8a9d54446be5bed

SHA1
7ef918ef2ff5b969b24b9d1e6b468d5155bc76a5

SHA256
9f570780d050f18dea4360451e90eb48d2811c4f43ffb09ce3dc534012150d5c

SHA512
54ccdeffdd810c141130cf892ae0a0435bc71b82ca5afd2af483430d00ccf72c3088b6c50327c03e1530879a4b6521a434b6dd6a6596d66dbed928b9bf8ca874

Download Submit
C:\Windows\System\aYsaKGp.exe

Filesize
6.0MB

MD5
3e9b775d97fd701416a0262779806e26

SHA1
0441f9b3b720f7abe169d32caa1ea81f023b725a

SHA256
1eb9a516ac15f0c7d92609ac0a58aa1d1920a6f3a4e18a0d8c6770da0f1827c6

SHA512
5a3765cef0a301b2264a53fbe2b3bb9438fe5d4c4af7d70e475c9453abcb419614ce63fb48995cb2f0dd0b8534286dcdcecfc6820ecd0b95dbe0ef4d845e70a3

Download Submit
C:\Windows\System\dMXrlAG.exe

Filesize
6.0MB

MD5
6524b17b5ddfa4e28b93d2c90c4712cc

SHA1
7d2caa772f9ed5b53922a26dafec8835685368b3

SHA256
5b1bff70d33c87d43852b72531e7960f70af4cb5c0f21e9a15153c124b53b5e5

SHA512
8705976dfc3ccc044e0c9949103ad036914804746aa84ed6523f93c353b029fdd2437cb627b5b041d10cbef236ed578b8dcf02a2a59452379c437aaec64c4c20

Download Submit
C:\Windows\System\etTZQqR.exe

Filesize
6.0MB

MD5
4376627e55109d73e0486547a814898d

SHA1
b8330de30e87ffdca1aa8a8b98cc701669e7f741

SHA256
cef748f5d5dd782d27dd02c466a44b566b1d8cb9f770e289fb253eca346238dd

SHA512
742507fc8197f8623dd3396a1924752b6f40468593fda312518a69f44ce647acc979c2060a77a36f106570b2137a4cf63d07e58a745a352e98a9b19b99e083e6

Download Submit
C:\Windows\System\fJTXxur.exe

Filesize
6.0MB

MD5
65a0366e5737885758d7f224a12089e5

SHA1
0029aa3b4446ed55a134b6c04b816c5292a87f48

SHA256
b316f5cc9bf41678d21fe3cebb03aaf690057ea68e7175e36059475118ca0d53

SHA512
5925d51eebf400ae74ecea8edc2e4f6de6f1c1a19c3695546706d76a96ee04ccbd2be9d93c0a4c7a94ddc67676e168914a41b2f60f5b602e9a04148ebcaea139

Download Submit
C:\Windows\System\fNmDUKL.exe

Filesize
6.0MB

MD5
1f530903a9bd26130f8f364971d0edae

SHA1
393b6a04e3f85b1510abed43b6bad095979ba7c6

SHA256
84fd2779dfba7436161412d4e012b071ddc1742c01609270cc429337f6b24037

SHA512
6a6835791b8d4e0945abd57365e04f4ecc724e374814a3aecf308f3b9458c0e8e7f152584e20458ae6d6097d73e0ac980db2225530fd00c35235f5941a1e4339

Download Submit
C:\Windows\System\fpuIYhN.exe

Filesize
6.0MB

MD5
ed633504f3f41e1722d29ce2f05df9ac

SHA1
1c99de096b4337abba6497c8ec6f247b1a2d04a2

SHA256
ec4cb4cf3fa17ad20bafa682efa848423b082480ddbbb07b4fd2f67db4b627ae

SHA512
839ce16355806b4eb5f83553770e2f4c7e29968979e8a6566e0f2beb5f799bc59025454109d46fc9338c832d48785b68a2a13c5ca8a81342631404600a4ca08a

Download Submit
C:\Windows\System\mPaNcKt.exe

Filesize
6.0MB

MD5
f4f3bbdaa2c3ddc71ffb8629f89b861f

SHA1
5170d03e19331f3f34d6b31cb7082604dfa29be9

SHA256
f499299bd5cb9581ebaa17e1ae2f1b23129114c488dbf3ea60454ae9862840bc

SHA512
3d1834772abe5b1207ba32860c0ee0596e478f2c9b89d4613972b3dd32fe36d4ab2dc3017f7576a521b47bcd81c5c95569dbd70071ee83ea4bee8ba18f5395d6

Download Submit
C:\Windows\System\mqQZcMR.exe

Filesize
6.0MB

MD5
0b68d5cc2682d73beb0d805fda64b474

SHA1
0890a1b35897846a6dc6ac8b9752469214fe4376

SHA256
6a6b384c4e30775318d5d847c30c773bb24bee5e88ecb01b4aa6c976e49ad867

SHA512
6570ee8d509510fc9f9a1f5891d8322baabce865284c4e04a1e49fe132dcb9f54ae445156bc5e5383bc1910c7f1d2545dfc5fd7dee3eaa88d86aad7ae4f2d358

Download Submit
C:\Windows\System\pmyWJOd.exe

Filesize
6.0MB

MD5
ab758e7b4f767150b66178b4cb1771e2

SHA1
c8b603937e405654e20ce580c0c158344c368081

SHA256
1676b828ab26ec91a96dd3c4eb5c092d7387f662637458be95f1bb6df0cbcbf0

SHA512
089f9bfb7ccc0a0bf7cf343ced9f7cac47da04951ff9fbfa370733ed7e1a219b5b63bb25f38dbf002cd25aedda982f929ec86e7a3db9743721bd71c49871b18f

Download Submit
C:\Windows\System\qBSEZSL.exe

Filesize
6.0MB

MD5
ccda2f3fc7396f3449a72f3363293794

SHA1
c35eacb82e63760d4331850f43f469f8c09c8925

SHA256
4911d63d4d871a8d986a38535d309e94e032b51c6ef8802e4c15c16251e6c0e0

SHA512
8e93a6dad545ec88cf231c78cb8d238412847829da9cd2bb487161712c254111d22fd219829c31c91305e38d29c6ea7872fac7500c11c49a2ffd4eb27a072f9d

Download Submit
C:\Windows\System\qqSQvEU.exe

Filesize
6.0MB

MD5
ec592d8b9d9f0e34540ddff1ff9b54b1

SHA1
f71a81ccae59a6840fdd42d8f9e2d60534827314

SHA256
fc77c7714dc6edcb1b575a3af47f00764f8dce2e0506db6166299f6b57fb1cf2

SHA512
83a57ed96dea5693a7b28c37d1a3e30acbb8f8971c1ea8952f21df1f856c4421eefc6062b6badb4921cb92109700f75c7343ca0a25d3a2ea41074d7f41e5b2c5

Download Submit
C:\Windows\System\riSfCTV.exe

Filesize
6.0MB

MD5
b6512c4a1969a201ca21266eb39d30bd

SHA1
b9ff33f61f6d89abefcadb95f229860802887f07

SHA256
c2f2625755a17ef6a076b7fcbc6437e8d49eb7bef76e539a0352010466398dde

SHA512
85f43461153fcc4204332cfc4e6aa6aac8f02e4a6860eee4dd5ffc994143c910a28512b557e07aa3005c3b6439c590e2ac5bd5d8393d6166f4c8b1238fb2f13d

Download Submit
C:\Windows\System\sYSgNVU.exe

Filesize
6.0MB

MD5
a7a1d780e137a5345190de7e70cec59f

SHA1
772555fc17fab699ec544006f347a30df7389691

SHA256
f5f03249c70fb052bcac6b3d922e7e34a6d428b8a8055bea864bc15cf30438f7

SHA512
c40d0f522cd0ee4407bac5970a26b377630d577b9b84b8b0c613580543a3032805900e90145dd424ae200f915c3e706b5736d94b8bdf55b57db6edb938604867

Download Submit
C:\Windows\System\skJOulx.exe

Filesize
6.0MB

MD5
e5c21602da6beb55c2d57b955e4195ba

SHA1
d447756985b01c9f855c0002285a042855b45ec6

SHA256
72cda33e684704f13a1941b1652f99e47152af6f64363d8a3a1f3142f95c00af

SHA512
0225a84d8e71a91882390ded0a785b757d5223a7d58bbae66a10e869ab8ad5eedef405d6c43cb47367ca625eacf11ee9e0bbde1f678c7f1265adeb8e618beea8

Download Submit
C:\Windows\System\tbvsOkk.exe

Filesize
6.0MB

MD5
af9bc1ccf6cf07b9786496fc5aa9e44e

SHA1
2c3517c3423dc9a1008b932f8654bb79cb8d5288

SHA256
af745177b57c6a80c2406a44247a61042a05adfb637077db4d8ebe7c26260365

SHA512
b56e6a471b526f30e5a12eff135d250c7f271ef126d128ed6ea2fb4fced233da64be1ec80c6e47b09ddf8616f3a1a4c9aa58c3baded61d7ce80828c6314b1602

Download Submit
C:\Windows\System\vbKEWco.exe

Filesize
6.0MB

MD5
4301c435c02326e1b0c77a94e789283c

SHA1
3b2e7489b25f71032d734eae8285984337d5d1c2

SHA256
299f1162fbb17a47a92c15d4790c3732d22ca7519f74fa03a241bd0d59bbb8e0

SHA512
bdd52d4a5153369c0c413a6dcf4c3adba5c01efe8c4111fa59553e9654496b8eb50f1712d2d5a339f5f94cb050e344af26df5db6eeb26d4a1192f21fb9e9a346

Download Submit
memory/32-101-0x00007FF6BC200000-0x00007FF6BC554000-memory.dmp

Filesize
3.3MB

Download
memory/32-48-0x00007FF6BC200000-0x00007FF6BC554000-memory.dmp

Filesize
3.3MB

Download
memory/32-2230-0x00007FF6BC200000-0x00007FF6BC554000-memory.dmp

Filesize
3.3MB

Download
memory/564-80-0x00007FF709BC0000-0x00007FF709F14000-memory.dmp

Filesize
3.3MB

Download
memory/564-19-0x00007FF709BC0000-0x00007FF709F14000-memory.dmp

Filesize
3.3MB

Download
memory/564-2180-0x00007FF709BC0000-0x00007FF709F14000-memory.dmp

Filesize
3.3MB

Download
memory/1612-151-0x00007FF732530000-0x00007FF732884000-memory.dmp

Filesize
3.3MB

Download
memory/1612-89-0x00007FF732530000-0x00007FF732884000-memory.dmp

Filesize
3.3MB

Download
memory/1616-280-0x00007FF62BDC0000-0x00007FF62C114000-memory.dmp

Filesize
3.3MB

Download
memory/1616-143-0x00007FF62BDC0000-0x00007FF62C114000-memory.dmp

Filesize
3.3MB

Download
memory/1616-2348-0x00007FF62BDC0000-0x00007FF62C114000-memory.dmp

Filesize
3.3MB

Download
memory/1692-61-0x00007FF6BA470000-0x00007FF6BA7C4000-memory.dmp

Filesize
3.3MB

Download
memory/1692-117-0x00007FF6BA470000-0x00007FF6BA7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2000-2223-0x00007FF6417B0000-0x00007FF641B04000-memory.dmp

Filesize
3.3MB

Download
memory/2000-45-0x00007FF6417B0000-0x00007FF641B04000-memory.dmp

Filesize
3.3MB

Download
memory/2028-2355-0x00007FF6AFCF0000-0x00007FF6B0044000-memory.dmp

Filesize
3.3MB

Download
memory/2028-727-0x00007FF6AFCF0000-0x00007FF6B0044000-memory.dmp

Filesize
3.3MB

Download
memory/2028-189-0x00007FF6AFCF0000-0x00007FF6B0044000-memory.dmp

Filesize
3.3MB

Download
memory/2120-661-0x00007FF720E30000-0x00007FF721184000-memory.dmp

Filesize
3.3MB

Download
memory/2120-2354-0x00007FF720E30000-0x00007FF721184000-memory.dmp

Filesize
3.3MB

Download
memory/2120-183-0x00007FF720E30000-0x00007FF721184000-memory.dmp

Filesize
3.3MB

Download
memory/2180-74-0x00007FF6650F0000-0x00007FF665444000-memory.dmp

Filesize
3.3MB

Download
memory/2180-13-0x00007FF6650F0000-0x00007FF665444000-memory.dmp

Filesize
3.3MB

Download
memory/2180-2170-0x00007FF6650F0000-0x00007FF665444000-memory.dmp

Filesize
3.3MB

Download
memory/2212-178-0x00007FF729290000-0x00007FF7295E4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-2353-0x00007FF729290000-0x00007FF7295E4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-596-0x00007FF729290000-0x00007FF7295E4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-67-0x00007FF7B8770000-0x00007FF7B8AC4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-8-0x00007FF7B8770000-0x00007FF7B8AC4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2165-0x00007FF7B8770000-0x00007FF7B8AC4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-152-0x00007FF790590000-0x00007FF7908E4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-2349-0x00007FF790590000-0x00007FF7908E4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-110-0x00007FF6AA270000-0x00007FF6AA5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-54-0x00007FF6AA270000-0x00007FF6AA5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-131-0x00007FF7644E0000-0x00007FF764834000-memory.dmp

Filesize
3.3MB

Download
memory/2844-77-0x00007FF7644E0000-0x00007FF764834000-memory.dmp

Filesize
3.3MB

Download
memory/2892-135-0x00007FF716AE0000-0x00007FF716E34000-memory.dmp

Filesize
3.3MB

Download
memory/2892-2346-0x00007FF716AE0000-0x00007FF716E34000-memory.dmp

Filesize
3.3MB

Download
memory/3144-119-0x00007FF7208F0000-0x00007FF720C44000-memory.dmp

Filesize
3.3MB

Download
memory/3144-2344-0x00007FF7208F0000-0x00007FF720C44000-memory.dmp

Filesize
3.3MB

Download
memory/3192-60-0x00007FF7FD820000-0x00007FF7FDB74000-memory.dmp

Filesize
3.3MB

Download
memory/3192-0-0x00007FF7FD820000-0x00007FF7FDB74000-memory.dmp

Filesize
3.3MB

Download
memory/3192-1-0x000001AAE7BE0000-0x000001AAE7BF0000-memory.dmp

Filesize
64KB

Download
memory/3520-84-0x00007FF675940000-0x00007FF675C94000-memory.dmp

Filesize
3.3MB

Download
memory/3520-24-0x00007FF675940000-0x00007FF675C94000-memory.dmp

Filesize
3.3MB

Download
memory/3520-2183-0x00007FF675940000-0x00007FF675C94000-memory.dmp

Filesize
3.3MB

Download
memory/3660-2343-0x00007FF7F3410000-0x00007FF7F3764000-memory.dmp

Filesize
3.3MB

Download
memory/3660-112-0x00007FF7F3410000-0x00007FF7F3764000-memory.dmp

Filesize
3.3MB

Download
memory/3828-126-0x00007FF759BF0000-0x00007FF759F44000-memory.dmp

Filesize
3.3MB

Download
memory/3828-2345-0x00007FF759BF0000-0x00007FF759F44000-memory.dmp

Filesize
3.3MB

Download
memory/3828-187-0x00007FF759BF0000-0x00007FF759F44000-memory.dmp

Filesize
3.3MB

Download
memory/3872-2209-0x00007FF6652E0000-0x00007FF665634000-memory.dmp

Filesize
3.3MB

Download
memory/3872-38-0x00007FF6652E0000-0x00007FF665634000-memory.dmp

Filesize
3.3MB

Download
memory/3872-95-0x00007FF6652E0000-0x00007FF665634000-memory.dmp

Filesize
3.3MB

Download
memory/3876-165-0x00007FF70D910000-0x00007FF70DC64000-memory.dmp

Filesize
3.3MB

Download
memory/3876-2351-0x00007FF70D910000-0x00007FF70DC64000-memory.dmp

Filesize
3.3MB

Download
memory/4068-2350-0x00007FF77AD00000-0x00007FF77B054000-memory.dmp

Filesize
3.3MB

Download
memory/4068-408-0x00007FF77AD00000-0x00007FF77B054000-memory.dmp

Filesize
3.3MB

Download
memory/4068-159-0x00007FF77AD00000-0x00007FF77B054000-memory.dmp

Filesize
3.3MB

Download
memory/4088-2188-0x00007FF799CA0000-0x00007FF799FF4000-memory.dmp

Filesize
3.3MB

Download
memory/4088-32-0x00007FF799CA0000-0x00007FF799FF4000-memory.dmp

Filesize
3.3MB

Download
memory/4464-85-0x00007FF60EC90000-0x00007FF60EFE4000-memory.dmp

Filesize
3.3MB

Download
memory/4548-137-0x00007FF63E4B0000-0x00007FF63E804000-memory.dmp

Filesize
3.3MB

Download
memory/4548-2347-0x00007FF63E4B0000-0x00007FF63E804000-memory.dmp

Filesize
3.3MB

Download
memory/4548-231-0x00007FF63E4B0000-0x00007FF63E804000-memory.dmp

Filesize
3.3MB

Download
memory/4612-2342-0x00007FF6CAE60000-0x00007FF6CB1B4000-memory.dmp

Filesize
3.3MB

Download
memory/4612-171-0x00007FF6CAE60000-0x00007FF6CB1B4000-memory.dmp

Filesize
3.3MB

Download
memory/4612-102-0x00007FF6CAE60000-0x00007FF6CB1B4000-memory.dmp

Filesize
3.3MB

Download
memory/4832-2352-0x00007FF78DA90000-0x00007FF78DDE4000-memory.dmp

Filesize
3.3MB

Download
memory/4832-172-0x00007FF78DA90000-0x00007FF78DDE4000-memory.dmp

Filesize
3.3MB

Download
memory/4984-68-0x00007FF792C50000-0x00007FF792FA4000-memory.dmp

Filesize
3.3MB

Download
memory/4984-123-0x00007FF792C50000-0x00007FF792FA4000-memory.dmp

Filesize
3.3MB

Download
memory/5092-2341-0x00007FF714E70000-0x00007FF7151C4000-memory.dmp

Filesize
3.3MB

Download
memory/5092-96-0x00007FF714E70000-0x00007FF7151C4000-memory.dmp

Filesize
3.3MB

Download
memory/5092-156-0x00007FF714E70000-0x00007FF7151C4000-memory.dmp

Filesize
3.3MB

Download