cobaltstrike | c273af764a9c9038f577cd8037b2e854fb64397ba2bed4b78ad13b52a783a52d

Analysis

max time kernel
94s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-12-2024 11:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

765a70dd14b72719f9155c90d98be137
SHA1

86a1df9685b6f240341d28bc279a57e1ed53fdcf
SHA256

c273af764a9c9038f577cd8037b2e854fb64397ba2bed4b78ad13b52a783a52d
SHA512

731eb7de4f3dfc5f1484e452fe6855388472be8120518a01b695cf25c3b7d17c4d319ffa09f5a8704dbfef9a8de4c6aa280abf1b539960eba0808f0a717dc60a
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUS:T+q56utgpPF8u/7S

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0008000000023cba-6.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbf-10.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbe-11.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc0-24.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023cbb-31.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc1-35.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc4-46.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc5-53.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc3-41.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc6-60.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc7-65.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc8-76.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc9-80.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cca-95.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ccd-103.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cce-111.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd0-121.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd2-131.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd7-160.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cdd-184.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cdb-182.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cdc-179.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cda-177.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd9-170.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd8-165.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd6-152.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd5-147.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd4-145.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd3-139.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd1-129.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ccf-119.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ccc-109.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ccb-101.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1440-0-0x00007FF7C0A50000-0x00007FF7C0DA4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023cba-6.dat	xmrig
behavioral2/files/0x0007000000023cbf-10.dat	xmrig
behavioral2/files/0x0007000000023cbe-11.dat	xmrig
behavioral2/memory/2304-8-0x00007FF639970000-0x00007FF639CC4000-memory.dmp	xmrig
behavioral2/memory/3784-12-0x00007FF60F870000-0x00007FF60FBC4000-memory.dmp	xmrig
behavioral2/memory/3908-18-0x00007FF7E83B0000-0x00007FF7E8704000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc0-24.dat	xmrig
behavioral2/files/0x0008000000023cbb-31.dat	xmrig
behavioral2/memory/3840-30-0x00007FF6FC500000-0x00007FF6FC854000-memory.dmp	xmrig
behavioral2/memory/3820-25-0x00007FF6716E0000-0x00007FF671A34000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc1-35.dat	xmrig
behavioral2/memory/2904-40-0x00007FF664BB0000-0x00007FF664F04000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc4-46.dat	xmrig
behavioral2/memory/3528-47-0x00007FF6EDBA0000-0x00007FF6EDEF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc5-53.dat	xmrig
behavioral2/memory/4544-54-0x00007FF76DD10000-0x00007FF76E064000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc3-41.dat	xmrig
behavioral2/memory/3168-36-0x00007FF789A10000-0x00007FF789D64000-memory.dmp	xmrig
behavioral2/memory/1440-58-0x00007FF7C0A50000-0x00007FF7C0DA4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc6-60.dat	xmrig
behavioral2/files/0x0007000000023cc7-65.dat	xmrig
behavioral2/memory/3784-67-0x00007FF60F870000-0x00007FF60FBC4000-memory.dmp	xmrig
behavioral2/memory/3908-74-0x00007FF7E83B0000-0x00007FF7E8704000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc8-76.dat	xmrig
behavioral2/memory/3472-75-0x00007FF65B130000-0x00007FF65B484000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc9-80.dat	xmrig
behavioral2/memory/3832-82-0x00007FF7F2960000-0x00007FF7F2CB4000-memory.dmp	xmrig
behavioral2/memory/3840-90-0x00007FF6FC500000-0x00007FF6FC854000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cca-95.dat	xmrig
behavioral2/files/0x0007000000023ccd-103.dat	xmrig
behavioral2/files/0x0007000000023cce-111.dat	xmrig
behavioral2/files/0x0007000000023cd0-121.dat	xmrig
behavioral2/files/0x0007000000023cd2-131.dat	xmrig
behavioral2/files/0x0007000000023cd7-160.dat	xmrig
behavioral2/files/0x0007000000023cdd-184.dat	xmrig
behavioral2/memory/4668-571-0x00007FF6DDD80000-0x00007FF6DE0D4000-memory.dmp	xmrig
behavioral2/memory/4320-577-0x00007FF626CC0000-0x00007FF627014000-memory.dmp	xmrig
behavioral2/memory/4308-579-0x00007FF6B6C40000-0x00007FF6B6F94000-memory.dmp	xmrig
behavioral2/memory/932-582-0x00007FF73D5F0000-0x00007FF73D944000-memory.dmp	xmrig
behavioral2/memory/2632-586-0x00007FF68D040000-0x00007FF68D394000-memory.dmp	xmrig
behavioral2/memory/4976-589-0x00007FF626E10000-0x00007FF627164000-memory.dmp	xmrig
behavioral2/memory/5104-590-0x00007FF65F550000-0x00007FF65F8A4000-memory.dmp	xmrig
behavioral2/memory/4120-596-0x00007FF752F70000-0x00007FF7532C4000-memory.dmp	xmrig
behavioral2/memory/2904-595-0x00007FF664BB0000-0x00007FF664F04000-memory.dmp	xmrig
behavioral2/memory/3144-594-0x00007FF6D8610000-0x00007FF6D8964000-memory.dmp	xmrig
behavioral2/memory/1804-593-0x00007FF695110000-0x00007FF695464000-memory.dmp	xmrig
behavioral2/memory/3956-588-0x00007FF693500000-0x00007FF693854000-memory.dmp	xmrig
behavioral2/memory/3244-583-0x00007FF70EC50000-0x00007FF70EFA4000-memory.dmp	xmrig
behavioral2/memory/2336-580-0x00007FF6563A0000-0x00007FF6566F4000-memory.dmp	xmrig
behavioral2/memory/4084-578-0x00007FF755480000-0x00007FF7557D4000-memory.dmp	xmrig
behavioral2/memory/1016-576-0x00007FF64BE80000-0x00007FF64C1D4000-memory.dmp	xmrig
behavioral2/memory/3528-598-0x00007FF6EDBA0000-0x00007FF6EDEF4000-memory.dmp	xmrig
behavioral2/memory/4544-659-0x00007FF76DD10000-0x00007FF76E064000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cdb-182.dat	xmrig
behavioral2/files/0x0007000000023cdc-179.dat	xmrig
behavioral2/files/0x0007000000023cda-177.dat	xmrig
behavioral2/memory/2452-795-0x00007FF6855A0000-0x00007FF6858F4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cd9-170.dat	xmrig
behavioral2/files/0x0007000000023cd8-165.dat	xmrig
behavioral2/memory/2476-861-0x00007FF7CDEB0000-0x00007FF7CE204000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cd6-152.dat	xmrig
behavioral2/files/0x0007000000023cd5-147.dat	xmrig
behavioral2/files/0x0007000000023cd4-145.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2304	SFnwUMr.exe
3784	fPjJUjQ.exe
3908	VNdKlja.exe
3820	OuZCWLG.exe
3840	wRIaCvo.exe
3168	oTCzzGu.exe
2904	MDVwLPW.exe
3528	RpOQjlA.exe
4544	pqvkzth.exe
2452	XTkbswb.exe
2476	kgKQfWP.exe
3472	IpCpxjX.exe
3832	JKYQhQa.exe
1632	TbojHxX.exe
4668	WUUOwbL.exe
4120	HlqkXMN.exe
1016	GyvXKEY.exe
4320	KUczgeE.exe
4084	qpqhqBa.exe
4308	bkxqoqC.exe
2336	IQAwJch.exe
932	HPWmfqk.exe
3244	GPUhCpu.exe
2632	hNGmHff.exe
3956	HhVzgrL.exe
4976	VKaMBUm.exe
5104	eeTQJQX.exe
1804	PGylQVX.exe
3144	NcaATSl.exe
3596	NJtVudf.exe
432	jxyifKj.exe
1008	GBLqpOL.exe
4040	UVZHBQf.exe
1716	tgmoaMb.exe
2432	iWmdvdg.exe
2268	XQYFtDW.exe
4988	KEwZbLs.exe
4680	OpMjRjt.exe
2408	tgzddQJ.exe
1880	ftCBmad.exe
872	UFUbmpa.exe
956	cbUvIIj.exe
3672	GrIslFO.exe
4980	gabcYeF.exe
4604	BWWEyfj.exe
512	YsXOqNp.exe
4900	KuyJbmF.exe
4508	dBZKxjS.exe
3944	cJLqJep.exe
4556	iWrIuir.exe
4552	VIkKAeZ.exe
4088	DHotVqv.exe
3020	lMtRTSm.exe
2852	cJLpWMa.exe
4268	IUoJwlX.exe
8	kmRVFvo.exe
5040	CKCaxTt.exe
1080	AiqgpRH.exe
4100	ppVouEW.exe
4072	GJnQIZh.exe
1588	BirBDTC.exe
3404	jaZXcPX.exe
388	rnYDLDI.exe
1740	ARNbFTP.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1440-0-0x00007FF7C0A50000-0x00007FF7C0DA4000-memory.dmp	upx
behavioral2/files/0x0008000000023cba-6.dat	upx
behavioral2/files/0x0007000000023cbf-10.dat	upx
behavioral2/files/0x0007000000023cbe-11.dat	upx
behavioral2/memory/2304-8-0x00007FF639970000-0x00007FF639CC4000-memory.dmp	upx
behavioral2/memory/3784-12-0x00007FF60F870000-0x00007FF60FBC4000-memory.dmp	upx
behavioral2/memory/3908-18-0x00007FF7E83B0000-0x00007FF7E8704000-memory.dmp	upx
behavioral2/files/0x0007000000023cc0-24.dat	upx
behavioral2/files/0x0008000000023cbb-31.dat	upx
behavioral2/memory/3840-30-0x00007FF6FC500000-0x00007FF6FC854000-memory.dmp	upx
behavioral2/memory/3820-25-0x00007FF6716E0000-0x00007FF671A34000-memory.dmp	upx
behavioral2/files/0x0007000000023cc1-35.dat	upx
behavioral2/memory/2904-40-0x00007FF664BB0000-0x00007FF664F04000-memory.dmp	upx
behavioral2/files/0x0007000000023cc4-46.dat	upx
behavioral2/memory/3528-47-0x00007FF6EDBA0000-0x00007FF6EDEF4000-memory.dmp	upx
behavioral2/files/0x0007000000023cc5-53.dat	upx
behavioral2/memory/4544-54-0x00007FF76DD10000-0x00007FF76E064000-memory.dmp	upx
behavioral2/files/0x0007000000023cc3-41.dat	upx
behavioral2/memory/3168-36-0x00007FF789A10000-0x00007FF789D64000-memory.dmp	upx
behavioral2/memory/1440-58-0x00007FF7C0A50000-0x00007FF7C0DA4000-memory.dmp	upx
behavioral2/files/0x0007000000023cc6-60.dat	upx
behavioral2/files/0x0007000000023cc7-65.dat	upx
behavioral2/memory/3784-67-0x00007FF60F870000-0x00007FF60FBC4000-memory.dmp	upx
behavioral2/memory/3908-74-0x00007FF7E83B0000-0x00007FF7E8704000-memory.dmp	upx
behavioral2/files/0x0007000000023cc8-76.dat	upx
behavioral2/memory/3472-75-0x00007FF65B130000-0x00007FF65B484000-memory.dmp	upx
behavioral2/files/0x0007000000023cc9-80.dat	upx
behavioral2/memory/3832-82-0x00007FF7F2960000-0x00007FF7F2CB4000-memory.dmp	upx
behavioral2/memory/3840-90-0x00007FF6FC500000-0x00007FF6FC854000-memory.dmp	upx
behavioral2/files/0x0007000000023cca-95.dat	upx
behavioral2/files/0x0007000000023ccd-103.dat	upx
behavioral2/files/0x0007000000023cce-111.dat	upx
behavioral2/files/0x0007000000023cd0-121.dat	upx
behavioral2/files/0x0007000000023cd2-131.dat	upx
behavioral2/files/0x0007000000023cd7-160.dat	upx
behavioral2/files/0x0007000000023cdd-184.dat	upx
behavioral2/memory/4668-571-0x00007FF6DDD80000-0x00007FF6DE0D4000-memory.dmp	upx
behavioral2/memory/4320-577-0x00007FF626CC0000-0x00007FF627014000-memory.dmp	upx
behavioral2/memory/4308-579-0x00007FF6B6C40000-0x00007FF6B6F94000-memory.dmp	upx
behavioral2/memory/932-582-0x00007FF73D5F0000-0x00007FF73D944000-memory.dmp	upx
behavioral2/memory/2632-586-0x00007FF68D040000-0x00007FF68D394000-memory.dmp	upx
behavioral2/memory/4976-589-0x00007FF626E10000-0x00007FF627164000-memory.dmp	upx
behavioral2/memory/5104-590-0x00007FF65F550000-0x00007FF65F8A4000-memory.dmp	upx
behavioral2/memory/4120-596-0x00007FF752F70000-0x00007FF7532C4000-memory.dmp	upx
behavioral2/memory/2904-595-0x00007FF664BB0000-0x00007FF664F04000-memory.dmp	upx
behavioral2/memory/3144-594-0x00007FF6D8610000-0x00007FF6D8964000-memory.dmp	upx
behavioral2/memory/1804-593-0x00007FF695110000-0x00007FF695464000-memory.dmp	upx
behavioral2/memory/3956-588-0x00007FF693500000-0x00007FF693854000-memory.dmp	upx
behavioral2/memory/3244-583-0x00007FF70EC50000-0x00007FF70EFA4000-memory.dmp	upx
behavioral2/memory/2336-580-0x00007FF6563A0000-0x00007FF6566F4000-memory.dmp	upx
behavioral2/memory/4084-578-0x00007FF755480000-0x00007FF7557D4000-memory.dmp	upx
behavioral2/memory/1016-576-0x00007FF64BE80000-0x00007FF64C1D4000-memory.dmp	upx
behavioral2/memory/3528-598-0x00007FF6EDBA0000-0x00007FF6EDEF4000-memory.dmp	upx
behavioral2/memory/4544-659-0x00007FF76DD10000-0x00007FF76E064000-memory.dmp	upx
behavioral2/files/0x0007000000023cdb-182.dat	upx
behavioral2/files/0x0007000000023cdc-179.dat	upx
behavioral2/files/0x0007000000023cda-177.dat	upx
behavioral2/memory/2452-795-0x00007FF6855A0000-0x00007FF6858F4000-memory.dmp	upx
behavioral2/files/0x0007000000023cd9-170.dat	upx
behavioral2/files/0x0007000000023cd8-165.dat	upx
behavioral2/memory/2476-861-0x00007FF7CDEB0000-0x00007FF7CE204000-memory.dmp	upx
behavioral2/files/0x0007000000023cd6-152.dat	upx
behavioral2/files/0x0007000000023cd5-147.dat	upx
behavioral2/files/0x0007000000023cd4-145.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\eVeObzw.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OlmsFnN.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sGQiXbm.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dyRvIpw.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jlUMguR.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gDRnsFs.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cPkMHTK.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RKEviAs.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nFodmGD.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cgoQxJu.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mDUiJFh.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\askeLtH.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WugwWup.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rzFEDRS.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PYRhYDU.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oYYERyt.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vLrPwxG.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mKAflRJ.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hmJsorL.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TPdBpoZ.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HIxnPtq.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rHhAuhj.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kUdmCvw.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yMbycEb.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VACgton.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bvcYlsf.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HgBdBwB.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nNibNCz.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lNpAbaJ.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pnggPKA.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\THbYVDW.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EPUtQWU.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hPZxONA.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fMiCehC.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mPIPWgv.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FbhZMyJ.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xJFcLaF.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FyjOtqk.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yweKlqd.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HrXzIxd.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UgUeHhC.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IHIgsak.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YbZDOif.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ohTbtSo.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JVdZVXp.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YPjgKtA.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pbAjCFx.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pgowyze.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fVPNPIt.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zYqFOpK.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DfhRAid.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\innMEhU.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Kzmvdao.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Hnacjgk.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qLAjgdu.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ypEuwao.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DstyAnS.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RmleReH.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RUgeOxZ.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WmEcVjC.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gvgKxFQ.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TewteEm.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zCofHLJ.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SFnwUMr.exe	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1440 wrote to memory of 2304	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 1440 wrote to memory of 2304	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 1440 wrote to memory of 3784	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1440 wrote to memory of 3784	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1440 wrote to memory of 3908	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 1440 wrote to memory of 3908	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 1440 wrote to memory of 3820	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1440 wrote to memory of 3820	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1440 wrote to memory of 3840	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1440 wrote to memory of 3840	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1440 wrote to memory of 3168	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1440 wrote to memory of 3168	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1440 wrote to memory of 2904	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1440 wrote to memory of 2904	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1440 wrote to memory of 3528	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1440 wrote to memory of 3528	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1440 wrote to memory of 4544	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1440 wrote to memory of 4544	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1440 wrote to memory of 2452	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1440 wrote to memory of 2452	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1440 wrote to memory of 2476	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1440 wrote to memory of 2476	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1440 wrote to memory of 3472	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1440 wrote to memory of 3472	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1440 wrote to memory of 3832	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1440 wrote to memory of 3832	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1440 wrote to memory of 1632	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1440 wrote to memory of 1632	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1440 wrote to memory of 4668	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1440 wrote to memory of 4668	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1440 wrote to memory of 1016	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1440 wrote to memory of 1016	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1440 wrote to memory of 4120	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1440 wrote to memory of 4120	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1440 wrote to memory of 4320	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1440 wrote to memory of 4320	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1440 wrote to memory of 4084	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1440 wrote to memory of 4084	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1440 wrote to memory of 4308	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1440 wrote to memory of 4308	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1440 wrote to memory of 2336	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1440 wrote to memory of 2336	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1440 wrote to memory of 932	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1440 wrote to memory of 932	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1440 wrote to memory of 3244	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1440 wrote to memory of 3244	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1440 wrote to memory of 2632	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1440 wrote to memory of 2632	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1440 wrote to memory of 3956	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1440 wrote to memory of 3956	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1440 wrote to memory of 4976	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1440 wrote to memory of 4976	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1440 wrote to memory of 5104	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1440 wrote to memory of 5104	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1440 wrote to memory of 1804	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1440 wrote to memory of 1804	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1440 wrote to memory of 3144	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1440 wrote to memory of 3144	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1440 wrote to memory of 3596	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1440 wrote to memory of 3596	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1440 wrote to memory of 432	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 1440 wrote to memory of 432	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 1440 wrote to memory of 1008	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 1440 wrote to memory of 1008	1440	2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe	116

C:\Users\Admin\AppData\Local\Temp\2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-17_765a70dd14b72719f9155c90d98be137_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1440
- C:\Windows\System\SFnwUMr.exe
  C:\Windows\System\SFnwUMr.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\fPjJUjQ.exe
  C:\Windows\System\fPjJUjQ.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System\VNdKlja.exe
  C:\Windows\System\VNdKlja.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\OuZCWLG.exe
  C:\Windows\System\OuZCWLG.exe
  2⤵
  - Executes dropped EXE
  PID:3820
- C:\Windows\System\wRIaCvo.exe
  C:\Windows\System\wRIaCvo.exe
  2⤵
  - Executes dropped EXE
  PID:3840
- C:\Windows\System\oTCzzGu.exe
  C:\Windows\System\oTCzzGu.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System\MDVwLPW.exe
  C:\Windows\System\MDVwLPW.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\RpOQjlA.exe
  C:\Windows\System\RpOQjlA.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\pqvkzth.exe
  C:\Windows\System\pqvkzth.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\XTkbswb.exe
  C:\Windows\System\XTkbswb.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\kgKQfWP.exe
  C:\Windows\System\kgKQfWP.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\IpCpxjX.exe
  C:\Windows\System\IpCpxjX.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\JKYQhQa.exe
  C:\Windows\System\JKYQhQa.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\TbojHxX.exe
  C:\Windows\System\TbojHxX.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\WUUOwbL.exe
  C:\Windows\System\WUUOwbL.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System\GyvXKEY.exe
  C:\Windows\System\GyvXKEY.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\HlqkXMN.exe
  C:\Windows\System\HlqkXMN.exe
  2⤵
  - Executes dropped EXE
  PID:4120
- C:\Windows\System\KUczgeE.exe
  C:\Windows\System\KUczgeE.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System\qpqhqBa.exe
  C:\Windows\System\qpqhqBa.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\bkxqoqC.exe
  C:\Windows\System\bkxqoqC.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System\IQAwJch.exe
  C:\Windows\System\IQAwJch.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\HPWmfqk.exe
  C:\Windows\System\HPWmfqk.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\GPUhCpu.exe
  C:\Windows\System\GPUhCpu.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\hNGmHff.exe
  C:\Windows\System\hNGmHff.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\HhVzgrL.exe
  C:\Windows\System\HhVzgrL.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\VKaMBUm.exe
  C:\Windows\System\VKaMBUm.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\eeTQJQX.exe
  C:\Windows\System\eeTQJQX.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\PGylQVX.exe
  C:\Windows\System\PGylQVX.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\NcaATSl.exe
  C:\Windows\System\NcaATSl.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System\NJtVudf.exe
  C:\Windows\System\NJtVudf.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\jxyifKj.exe
  C:\Windows\System\jxyifKj.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\GBLqpOL.exe
  C:\Windows\System\GBLqpOL.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\UVZHBQf.exe
  C:\Windows\System\UVZHBQf.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\tgmoaMb.exe
  C:\Windows\System\tgmoaMb.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\iWmdvdg.exe
  C:\Windows\System\iWmdvdg.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\XQYFtDW.exe
  C:\Windows\System\XQYFtDW.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\KEwZbLs.exe
  C:\Windows\System\KEwZbLs.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\OpMjRjt.exe
  C:\Windows\System\OpMjRjt.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System\tgzddQJ.exe
  C:\Windows\System\tgzddQJ.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\ftCBmad.exe
  C:\Windows\System\ftCBmad.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\UFUbmpa.exe
  C:\Windows\System\UFUbmpa.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\cbUvIIj.exe
  C:\Windows\System\cbUvIIj.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\GrIslFO.exe
  C:\Windows\System\GrIslFO.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\gabcYeF.exe
  C:\Windows\System\gabcYeF.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\BWWEyfj.exe
  C:\Windows\System\BWWEyfj.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\YsXOqNp.exe
  C:\Windows\System\YsXOqNp.exe
  2⤵
  - Executes dropped EXE
  PID:512
- C:\Windows\System\KuyJbmF.exe
  C:\Windows\System\KuyJbmF.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\dBZKxjS.exe
  C:\Windows\System\dBZKxjS.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\cJLqJep.exe
  C:\Windows\System\cJLqJep.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\iWrIuir.exe
  C:\Windows\System\iWrIuir.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\VIkKAeZ.exe
  C:\Windows\System\VIkKAeZ.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\DHotVqv.exe
  C:\Windows\System\DHotVqv.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\lMtRTSm.exe
  C:\Windows\System\lMtRTSm.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\cJLpWMa.exe
  C:\Windows\System\cJLpWMa.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\IUoJwlX.exe
  C:\Windows\System\IUoJwlX.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\kmRVFvo.exe
  C:\Windows\System\kmRVFvo.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\CKCaxTt.exe
  C:\Windows\System\CKCaxTt.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\AiqgpRH.exe
  C:\Windows\System\AiqgpRH.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\ppVouEW.exe
  C:\Windows\System\ppVouEW.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\GJnQIZh.exe
  C:\Windows\System\GJnQIZh.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\BirBDTC.exe
  C:\Windows\System\BirBDTC.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\jaZXcPX.exe
  C:\Windows\System\jaZXcPX.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System\rnYDLDI.exe
  C:\Windows\System\rnYDLDI.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\ARNbFTP.exe
  C:\Windows\System\ARNbFTP.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\UKWVwQU.exe
  C:\Windows\System\UKWVwQU.exe
  2⤵
  PID:5028
- C:\Windows\System\qMKHDVv.exe
  C:\Windows\System\qMKHDVv.exe
  2⤵
  PID:392
- C:\Windows\System\qLAjgdu.exe
  C:\Windows\System\qLAjgdu.exe
  2⤵
  PID:3636
- C:\Windows\System\GkSuPsO.exe
  C:\Windows\System\GkSuPsO.exe
  2⤵
  PID:380
- C:\Windows\System\eiIUCTj.exe
  C:\Windows\System\eiIUCTj.exe
  2⤵
  PID:4224
- C:\Windows\System\CRSRqzM.exe
  C:\Windows\System\CRSRqzM.exe
  2⤵
  PID:3876
- C:\Windows\System\wBvfRpD.exe
  C:\Windows\System\wBvfRpD.exe
  2⤵
  PID:3852
- C:\Windows\System\iLjArzE.exe
  C:\Windows\System\iLjArzE.exe
  2⤵
  PID:1512
- C:\Windows\System\netYuGh.exe
  C:\Windows\System\netYuGh.exe
  2⤵
  PID:2052
- C:\Windows\System\NYawosq.exe
  C:\Windows\System\NYawosq.exe
  2⤵
  PID:4440
- C:\Windows\System\NZaPlJc.exe
  C:\Windows\System\NZaPlJc.exe
  2⤵
  PID:4472
- C:\Windows\System\enDEdUd.exe
  C:\Windows\System\enDEdUd.exe
  2⤵
  PID:2756
- C:\Windows\System\vWjDKIF.exe
  C:\Windows\System\vWjDKIF.exe
  2⤵
  PID:1800
- C:\Windows\System\gDRnsFs.exe
  C:\Windows\System\gDRnsFs.exe
  2⤵
  PID:4896
- C:\Windows\System\IfPWKUM.exe
  C:\Windows\System\IfPWKUM.exe
  2⤵
  PID:3664
- C:\Windows\System\cCrKlNP.exe
  C:\Windows\System\cCrKlNP.exe
  2⤵
  PID:4952
- C:\Windows\System\hpxUjaH.exe
  C:\Windows\System\hpxUjaH.exe
  2⤵
  PID:2468
- C:\Windows\System\uGofYPp.exe
  C:\Windows\System\uGofYPp.exe
  2⤵
  PID:1944
- C:\Windows\System\pRDJEkK.exe
  C:\Windows\System\pRDJEkK.exe
  2⤵
  PID:4012
- C:\Windows\System\cPkMHTK.exe
  C:\Windows\System\cPkMHTK.exe
  2⤵
  PID:2928
- C:\Windows\System\ypEuwao.exe
  C:\Windows\System\ypEuwao.exe
  2⤵
  PID:4824
- C:\Windows\System\AXZDSkT.exe
  C:\Windows\System\AXZDSkT.exe
  2⤵
  PID:944
- C:\Windows\System\qggEddB.exe
  C:\Windows\System\qggEddB.exe
  2⤵
  PID:2716
- C:\Windows\System\pbAjCFx.exe
  C:\Windows\System\pbAjCFx.exe
  2⤵
  PID:5144
- C:\Windows\System\uYcybyh.exe
  C:\Windows\System\uYcybyh.exe
  2⤵
  PID:5176
- C:\Windows\System\gZSfqIf.exe
  C:\Windows\System\gZSfqIf.exe
  2⤵
  PID:5212
- C:\Windows\System\odUVTMm.exe
  C:\Windows\System\odUVTMm.exe
  2⤵
  PID:5240
- C:\Windows\System\drVfZBr.exe
  C:\Windows\System\drVfZBr.exe
  2⤵
  PID:5268
- C:\Windows\System\KpGsUpZ.exe
  C:\Windows\System\KpGsUpZ.exe
  2⤵
  PID:5284
- C:\Windows\System\WwANUvu.exe
  C:\Windows\System\WwANUvu.exe
  2⤵
  PID:5312
- C:\Windows\System\AaxdNLR.exe
  C:\Windows\System\AaxdNLR.exe
  2⤵
  PID:5340
- C:\Windows\System\DEnuYKK.exe
  C:\Windows\System\DEnuYKK.exe
  2⤵
  PID:5368
- C:\Windows\System\ztagigk.exe
  C:\Windows\System\ztagigk.exe
  2⤵
  PID:5396
- C:\Windows\System\iVNXrTr.exe
  C:\Windows\System\iVNXrTr.exe
  2⤵
  PID:5420
- C:\Windows\System\oXBuVEl.exe
  C:\Windows\System\oXBuVEl.exe
  2⤵
  PID:5452
- C:\Windows\System\TuINzZa.exe
  C:\Windows\System\TuINzZa.exe
  2⤵
  PID:5476
- C:\Windows\System\cPOaDWi.exe
  C:\Windows\System\cPOaDWi.exe
  2⤵
  PID:5508
- C:\Windows\System\YeCRqYz.exe
  C:\Windows\System\YeCRqYz.exe
  2⤵
  PID:5536
- C:\Windows\System\fShdPAg.exe
  C:\Windows\System\fShdPAg.exe
  2⤵
  PID:5564
- C:\Windows\System\xCXNMBC.exe
  C:\Windows\System\xCXNMBC.exe
  2⤵
  PID:5592
- C:\Windows\System\FWuhMUg.exe
  C:\Windows\System\FWuhMUg.exe
  2⤵
  PID:5620
- C:\Windows\System\SbUixrl.exe
  C:\Windows\System\SbUixrl.exe
  2⤵
  PID:5648
- C:\Windows\System\ueSFDjS.exe
  C:\Windows\System\ueSFDjS.exe
  2⤵
  PID:5676
- C:\Windows\System\JsqVgxg.exe
  C:\Windows\System\JsqVgxg.exe
  2⤵
  PID:5704
- C:\Windows\System\QCNvWAD.exe
  C:\Windows\System\QCNvWAD.exe
  2⤵
  PID:5732
- C:\Windows\System\ItlLSDb.exe
  C:\Windows\System\ItlLSDb.exe
  2⤵
  PID:5760
- C:\Windows\System\ZzcwfrG.exe
  C:\Windows\System\ZzcwfrG.exe
  2⤵
  PID:5788
- C:\Windows\System\rnLgVbA.exe
  C:\Windows\System\rnLgVbA.exe
  2⤵
  PID:5816
- C:\Windows\System\GIQRGwu.exe
  C:\Windows\System\GIQRGwu.exe
  2⤵
  PID:5844
- C:\Windows\System\qcTcvJd.exe
  C:\Windows\System\qcTcvJd.exe
  2⤵
  PID:5872
- C:\Windows\System\ZQNicHV.exe
  C:\Windows\System\ZQNicHV.exe
  2⤵
  PID:5904
- C:\Windows\System\xqSWtWG.exe
  C:\Windows\System\xqSWtWG.exe
  2⤵
  PID:5936
- C:\Windows\System\aXLemzc.exe
  C:\Windows\System\aXLemzc.exe
  2⤵
  PID:5972
- C:\Windows\System\xVRxmSK.exe
  C:\Windows\System\xVRxmSK.exe
  2⤵
  PID:5996
- C:\Windows\System\XeMZWjX.exe
  C:\Windows\System\XeMZWjX.exe
  2⤵
  PID:6028
- C:\Windows\System\FZvqntG.exe
  C:\Windows\System\FZvqntG.exe
  2⤵
  PID:6056
- C:\Windows\System\DzhLnQg.exe
  C:\Windows\System\DzhLnQg.exe
  2⤵
  PID:6088
- C:\Windows\System\qjkhqEL.exe
  C:\Windows\System\qjkhqEL.exe
  2⤵
  PID:6112
- C:\Windows\System\mSQjhTQ.exe
  C:\Windows\System\mSQjhTQ.exe
  2⤵
  PID:6140
- C:\Windows\System\rbHdFGC.exe
  C:\Windows\System\rbHdFGC.exe
  2⤵
  PID:1712
- C:\Windows\System\AqHGbwr.exe
  C:\Windows\System\AqHGbwr.exe
  2⤵
  PID:456
- C:\Windows\System\KHdshnk.exe
  C:\Windows\System\KHdshnk.exe
  2⤵
  PID:4416
- C:\Windows\System\EzypWkj.exe
  C:\Windows\System\EzypWkj.exe
  2⤵
  PID:5160
- C:\Windows\System\QCfZBGZ.exe
  C:\Windows\System\QCfZBGZ.exe
  2⤵
  PID:5228
- C:\Windows\System\jGOlDpw.exe
  C:\Windows\System\jGOlDpw.exe
  2⤵
  PID:5260
- C:\Windows\System\JdBzLhc.exe
  C:\Windows\System\JdBzLhc.exe
  2⤵
  PID:5324
- C:\Windows\System\GUidEdI.exe
  C:\Windows\System\GUidEdI.exe
  2⤵
  PID:5384
- C:\Windows\System\jtZqeGT.exe
  C:\Windows\System\jtZqeGT.exe
  2⤵
  PID:5444
- C:\Windows\System\LvTvvdo.exe
  C:\Windows\System\LvTvvdo.exe
  2⤵
  PID:5520
- C:\Windows\System\UpuaIta.exe
  C:\Windows\System\UpuaIta.exe
  2⤵
  PID:5580
- C:\Windows\System\wMOBWXT.exe
  C:\Windows\System\wMOBWXT.exe
  2⤵
  PID:5640
- C:\Windows\System\pgowyze.exe
  C:\Windows\System\pgowyze.exe
  2⤵
  PID:5716
- C:\Windows\System\vMwwLHR.exe
  C:\Windows\System\vMwwLHR.exe
  2⤵
  PID:5888
- C:\Windows\System\CKsdZdS.exe
  C:\Windows\System\CKsdZdS.exe
  2⤵
  PID:5808
- C:\Windows\System\tKQPrWb.exe
  C:\Windows\System\tKQPrWb.exe
  2⤵
  PID:5860
- C:\Windows\System\gSiuBCy.exe
  C:\Windows\System\gSiuBCy.exe
  2⤵
  PID:5928
- C:\Windows\System\jKajhOR.exe
  C:\Windows\System\jKajhOR.exe
  2⤵
  PID:6012
- C:\Windows\System\GpsiQCU.exe
  C:\Windows\System\GpsiQCU.exe
  2⤵
  PID:6072
- C:\Windows\System\GwLBgke.exe
  C:\Windows\System\GwLBgke.exe
  2⤵
  PID:6132
- C:\Windows\System\ulzntQH.exe
  C:\Windows\System\ulzntQH.exe
  2⤵
  PID:4460
- C:\Windows\System\zXFCFsE.exe
  C:\Windows\System\zXFCFsE.exe
  2⤵
  PID:972
- C:\Windows\System\PMsfsLL.exe
  C:\Windows\System\PMsfsLL.exe
  2⤵
  PID:2712
- C:\Windows\System\SuwWWqn.exe
  C:\Windows\System\SuwWWqn.exe
  2⤵
  PID:5472
- C:\Windows\System\KopwQcF.exe
  C:\Windows\System\KopwQcF.exe
  2⤵
  PID:5688
- C:\Windows\System\hiHCETm.exe
  C:\Windows\System\hiHCETm.exe
  2⤵
  PID:5920
- C:\Windows\System\iKGbMOm.exe
  C:\Windows\System\iKGbMOm.exe
  2⤵
  PID:5892
- C:\Windows\System\mfdtOhn.exe
  C:\Windows\System\mfdtOhn.exe
  2⤵
  PID:6044
- C:\Windows\System\wyCdKEA.exe
  C:\Windows\System\wyCdKEA.exe
  2⤵
  PID:3916
- C:\Windows\System\CCpJxRf.exe
  C:\Windows\System\CCpJxRf.exe
  2⤵
  PID:5360
- C:\Windows\System\xcWjoiW.exe
  C:\Windows\System\xcWjoiW.exe
  2⤵
  PID:5752
- C:\Windows\System\cwhzTdH.exe
  C:\Windows\System\cwhzTdH.exe
  2⤵
  PID:6160
- C:\Windows\System\AKtpNYm.exe
  C:\Windows\System\AKtpNYm.exe
  2⤵
  PID:6188
- C:\Windows\System\KGOqrPH.exe
  C:\Windows\System\KGOqrPH.exe
  2⤵
  PID:6204
- C:\Windows\System\YqcsEWU.exe
  C:\Windows\System\YqcsEWU.exe
  2⤵
  PID:6232
- C:\Windows\System\aWWjmcs.exe
  C:\Windows\System\aWWjmcs.exe
  2⤵
  PID:6260
- C:\Windows\System\DXCvLTT.exe
  C:\Windows\System\DXCvLTT.exe
  2⤵
  PID:6284
- C:\Windows\System\uolzOFk.exe
  C:\Windows\System\uolzOFk.exe
  2⤵
  PID:6312
- C:\Windows\System\mKAflRJ.exe
  C:\Windows\System\mKAflRJ.exe
  2⤵
  PID:6344
- C:\Windows\System\ptrpTlI.exe
  C:\Windows\System\ptrpTlI.exe
  2⤵
  PID:6380
- C:\Windows\System\hmJsorL.exe
  C:\Windows\System\hmJsorL.exe
  2⤵
  PID:6436
- C:\Windows\System\MaPAAbx.exe
  C:\Windows\System\MaPAAbx.exe
  2⤵
  PID:6512
- C:\Windows\System\fmuyFNd.exe
  C:\Windows\System\fmuyFNd.exe
  2⤵
  PID:6536
- C:\Windows\System\yXStfYe.exe
  C:\Windows\System\yXStfYe.exe
  2⤵
  PID:6648
- C:\Windows\System\CwkiuWM.exe
  C:\Windows\System\CwkiuWM.exe
  2⤵
  PID:6692
- C:\Windows\System\bFGVFfi.exe
  C:\Windows\System\bFGVFfi.exe
  2⤵
  PID:6720
- C:\Windows\System\OeUStoo.exe
  C:\Windows\System\OeUStoo.exe
  2⤵
  PID:6772
- C:\Windows\System\mdKcaLz.exe
  C:\Windows\System\mdKcaLz.exe
  2⤵
  PID:6852
- C:\Windows\System\GRxxjtD.exe
  C:\Windows\System\GRxxjtD.exe
  2⤵
  PID:6904
- C:\Windows\System\ZGHwuHI.exe
  C:\Windows\System\ZGHwuHI.exe
  2⤵
  PID:6972
- C:\Windows\System\cgoQxJu.exe
  C:\Windows\System\cgoQxJu.exe
  2⤵
  PID:7008
- C:\Windows\System\sHPHZrY.exe
  C:\Windows\System\sHPHZrY.exe
  2⤵
  PID:7044
- C:\Windows\System\YQwvudc.exe
  C:\Windows\System\YQwvudc.exe
  2⤵
  PID:7080
- C:\Windows\System\gNELphQ.exe
  C:\Windows\System\gNELphQ.exe
  2⤵
  PID:7132
- C:\Windows\System\BOjtpqw.exe
  C:\Windows\System\BOjtpqw.exe
  2⤵
  PID:7152
- C:\Windows\System\UtScpub.exe
  C:\Windows\System\UtScpub.exe
  2⤵
  PID:5156
- C:\Windows\System\nCquDTp.exe
  C:\Windows\System\nCquDTp.exe
  2⤵
  PID:5556
- C:\Windows\System\tSbMTyI.exe
  C:\Windows\System\tSbMTyI.exe
  2⤵
  PID:6152
- C:\Windows\System\TPdBpoZ.exe
  C:\Windows\System\TPdBpoZ.exe
  2⤵
  PID:6200
- C:\Windows\System\xqacnVP.exe
  C:\Windows\System\xqacnVP.exe
  2⤵
  PID:6252
- C:\Windows\System\WLlMRWW.exe
  C:\Windows\System\WLlMRWW.exe
  2⤵
  PID:648
- C:\Windows\System\tqHwAFY.exe
  C:\Windows\System\tqHwAFY.exe
  2⤵
  PID:2024
- C:\Windows\System\yYmcwCc.exe
  C:\Windows\System\yYmcwCc.exe
  2⤵
  PID:6300
- C:\Windows\System\CUikhwk.exe
  C:\Windows\System\CUikhwk.exe
  2⤵
  PID:6396
- C:\Windows\System\YbYswAK.exe
  C:\Windows\System\YbYswAK.exe
  2⤵
  PID:1544
- C:\Windows\System\tXTYcCi.exe
  C:\Windows\System\tXTYcCi.exe
  2⤵
  PID:2864
- C:\Windows\System\KKSBBnI.exe
  C:\Windows\System\KKSBBnI.exe
  2⤵
  PID:464
- C:\Windows\System\SmuSRtN.exe
  C:\Windows\System\SmuSRtN.exe
  2⤵
  PID:5084
- C:\Windows\System\gAssMCx.exe
  C:\Windows\System\gAssMCx.exe
  2⤵
  PID:4384
- C:\Windows\System\TnMcUVp.exe
  C:\Windows\System\TnMcUVp.exe
  2⤵
  PID:2996
- C:\Windows\System\JSDTfvz.exe
  C:\Windows\System\JSDTfvz.exe
  2⤵
  PID:6712
- C:\Windows\System\AiTZBMA.exe
  C:\Windows\System\AiTZBMA.exe
  2⤵
  PID:6756
- C:\Windows\System\IMxwosK.exe
  C:\Windows\System\IMxwosK.exe
  2⤵
  PID:6808
- C:\Windows\System\HkBMwxy.exe
  C:\Windows\System\HkBMwxy.exe
  2⤵
  PID:6912
- C:\Windows\System\LcxjtCc.exe
  C:\Windows\System\LcxjtCc.exe
  2⤵
  PID:6448
- C:\Windows\System\ZuEaBBT.exe
  C:\Windows\System\ZuEaBBT.exe
  2⤵
  PID:6456
- C:\Windows\System\DSpePhl.exe
  C:\Windows\System\DSpePhl.exe
  2⤵
  PID:7140
- C:\Windows\System\jZJOLcs.exe
  C:\Windows\System\jZJOLcs.exe
  2⤵
  PID:6524
- C:\Windows\System\FXJgGlE.exe
  C:\Windows\System\FXJgGlE.exe
  2⤵
  PID:6556
- C:\Windows\System\AvnQeeT.exe
  C:\Windows\System\AvnQeeT.exe
  2⤵
  PID:6552
- C:\Windows\System\ocjLHjq.exe
  C:\Windows\System\ocjLHjq.exe
  2⤵
  PID:6276
- C:\Windows\System\mStJHGw.exe
  C:\Windows\System\mStJHGw.exe
  2⤵
  PID:1660
- C:\Windows\System\wSBlqOk.exe
  C:\Windows\System\wSBlqOk.exe
  2⤵
  PID:1624
- C:\Windows\System\xuFMcgL.exe
  C:\Windows\System\xuFMcgL.exe
  2⤵
  PID:6532
- C:\Windows\System\GYOYuNi.exe
  C:\Windows\System\GYOYuNi.exe
  2⤵
  PID:3368
- C:\Windows\System\ObUoeRp.exe
  C:\Windows\System\ObUoeRp.exe
  2⤵
  PID:5008
- C:\Windows\System\kyDRUtL.exe
  C:\Windows\System\kyDRUtL.exe
  2⤵
  PID:2564
- C:\Windows\System\WiBlNui.exe
  C:\Windows\System\WiBlNui.exe
  2⤵
  PID:6964
- C:\Windows\System\RosfvBk.exe
  C:\Windows\System\RosfvBk.exe
  2⤵
  PID:6404
- C:\Windows\System\MDVvRGU.exe
  C:\Windows\System\MDVvRGU.exe
  2⤵
  PID:4656
- C:\Windows\System\IblOwQZ.exe
  C:\Windows\System\IblOwQZ.exe
  2⤵
  PID:5112
- C:\Windows\System\LcbiOlN.exe
  C:\Windows\System\LcbiOlN.exe
  2⤵
  PID:6528
- C:\Windows\System\ONsELWV.exe
  C:\Windows\System\ONsELWV.exe
  2⤵
  PID:4080
- C:\Windows\System\GzDHeso.exe
  C:\Windows\System\GzDHeso.exe
  2⤵
  PID:7028
- C:\Windows\System\pfRYCPi.exe
  C:\Windows\System\pfRYCPi.exe
  2⤵
  PID:2920
- C:\Windows\System\HIxnPtq.exe
  C:\Windows\System\HIxnPtq.exe
  2⤵
  PID:2664
- C:\Windows\System\znMegIA.exe
  C:\Windows\System\znMegIA.exe
  2⤵
  PID:920
- C:\Windows\System\UvxMKSf.exe
  C:\Windows\System\UvxMKSf.exe
  2⤵
  PID:6376
- C:\Windows\System\aWKGvIe.exe
  C:\Windows\System\aWKGvIe.exe
  2⤵
  PID:7188
- C:\Windows\System\NnZoGim.exe
  C:\Windows\System\NnZoGim.exe
  2⤵
  PID:7216
- C:\Windows\System\aXBpvTu.exe
  C:\Windows\System\aXBpvTu.exe
  2⤵
  PID:7244
- C:\Windows\System\yweKlqd.exe
  C:\Windows\System\yweKlqd.exe
  2⤵
  PID:7272
- C:\Windows\System\UXukgwl.exe
  C:\Windows\System\UXukgwl.exe
  2⤵
  PID:7300
- C:\Windows\System\xuQRmRQ.exe
  C:\Windows\System\xuQRmRQ.exe
  2⤵
  PID:7336
- C:\Windows\System\ekgibVW.exe
  C:\Windows\System\ekgibVW.exe
  2⤵
  PID:7356
- C:\Windows\System\PyXPeyG.exe
  C:\Windows\System\PyXPeyG.exe
  2⤵
  PID:7396
- C:\Windows\System\GrLpjqX.exe
  C:\Windows\System\GrLpjqX.exe
  2⤵
  PID:7424
- C:\Windows\System\RKEviAs.exe
  C:\Windows\System\RKEviAs.exe
  2⤵
  PID:7472
- C:\Windows\System\FqAEdtY.exe
  C:\Windows\System\FqAEdtY.exe
  2⤵
  PID:7488
- C:\Windows\System\RHYFsmH.exe
  C:\Windows\System\RHYFsmH.exe
  2⤵
  PID:7516
- C:\Windows\System\pRUHLOV.exe
  C:\Windows\System\pRUHLOV.exe
  2⤵
  PID:7560
- C:\Windows\System\nNibNCz.exe
  C:\Windows\System\nNibNCz.exe
  2⤵
  PID:7628
- C:\Windows\System\HrXzIxd.exe
  C:\Windows\System\HrXzIxd.exe
  2⤵
  PID:7688
- C:\Windows\System\BamaHkL.exe
  C:\Windows\System\BamaHkL.exe
  2⤵
  PID:7708
- C:\Windows\System\Aqlsnkj.exe
  C:\Windows\System\Aqlsnkj.exe
  2⤵
  PID:7736
- C:\Windows\System\vVcAnMF.exe
  C:\Windows\System\vVcAnMF.exe
  2⤵
  PID:7764
- C:\Windows\System\HVZDbpl.exe
  C:\Windows\System\HVZDbpl.exe
  2⤵
  PID:7792
- C:\Windows\System\fcFBHvR.exe
  C:\Windows\System\fcFBHvR.exe
  2⤵
  PID:7820
- C:\Windows\System\vwqTcph.exe
  C:\Windows\System\vwqTcph.exe
  2⤵
  PID:7856
- C:\Windows\System\NGSYGrj.exe
  C:\Windows\System\NGSYGrj.exe
  2⤵
  PID:7876
- C:\Windows\System\aBQAIwg.exe
  C:\Windows\System\aBQAIwg.exe
  2⤵
  PID:7904
- C:\Windows\System\LBIzEAS.exe
  C:\Windows\System\LBIzEAS.exe
  2⤵
  PID:7932
- C:\Windows\System\VrDLDLv.exe
  C:\Windows\System\VrDLDLv.exe
  2⤵
  PID:7964
- C:\Windows\System\RlBPifD.exe
  C:\Windows\System\RlBPifD.exe
  2⤵
  PID:7992
- C:\Windows\System\hiywYgc.exe
  C:\Windows\System\hiywYgc.exe
  2⤵
  PID:8020
- C:\Windows\System\cXCHUCP.exe
  C:\Windows\System\cXCHUCP.exe
  2⤵
  PID:8048
- C:\Windows\System\ONDrLJE.exe
  C:\Windows\System\ONDrLJE.exe
  2⤵
  PID:8076
- C:\Windows\System\YxNWqjC.exe
  C:\Windows\System\YxNWqjC.exe
  2⤵
  PID:8104
- C:\Windows\System\yRDbGtD.exe
  C:\Windows\System\yRDbGtD.exe
  2⤵
  PID:8132
- C:\Windows\System\dZyPtLy.exe
  C:\Windows\System\dZyPtLy.exe
  2⤵
  PID:8160
- C:\Windows\System\jvUJHcc.exe
  C:\Windows\System\jvUJHcc.exe
  2⤵
  PID:7172
- C:\Windows\System\xWDPWzf.exe
  C:\Windows\System\xWDPWzf.exe
  2⤵
  PID:7264
- C:\Windows\System\iVRQkFy.exe
  C:\Windows\System\iVRQkFy.exe
  2⤵
  PID:7344
- C:\Windows\System\XDPukWQ.exe
  C:\Windows\System\XDPukWQ.exe
  2⤵
  PID:7388
- C:\Windows\System\VrtUsjX.exe
  C:\Windows\System\VrtUsjX.exe
  2⤵
  PID:2284
- C:\Windows\System\pPppKwR.exe
  C:\Windows\System\pPppKwR.exe
  2⤵
  PID:7448
- C:\Windows\System\OCriMyS.exe
  C:\Windows\System\OCriMyS.exe
  2⤵
  PID:7508
- C:\Windows\System\hmApWcy.exe
  C:\Windows\System\hmApWcy.exe
  2⤵
  PID:7612
- C:\Windows\System\DstyAnS.exe
  C:\Windows\System\DstyAnS.exe
  2⤵
  PID:7668
- C:\Windows\System\KKWqrjD.exe
  C:\Windows\System\KKWqrjD.exe
  2⤵
  PID:7652
- C:\Windows\System\YbFRgtu.exe
  C:\Windows\System\YbFRgtu.exe
  2⤵
  PID:7728
- C:\Windows\System\XEDHVtf.exe
  C:\Windows\System\XEDHVtf.exe
  2⤵
  PID:7776
- C:\Windows\System\nsDMIrA.exe
  C:\Windows\System\nsDMIrA.exe
  2⤵
  PID:7832
- C:\Windows\System\VFNWqHJ.exe
  C:\Windows\System\VFNWqHJ.exe
  2⤵
  PID:7896
- C:\Windows\System\gjZMvRz.exe
  C:\Windows\System\gjZMvRz.exe
  2⤵
  PID:7960
- C:\Windows\System\HWTvDZf.exe
  C:\Windows\System\HWTvDZf.exe
  2⤵
  PID:8016
- C:\Windows\System\DIWqTDc.exe
  C:\Windows\System\DIWqTDc.exe
  2⤵
  PID:8092
- C:\Windows\System\hPZxONA.exe
  C:\Windows\System\hPZxONA.exe
  2⤵
  PID:2320
- C:\Windows\System\IYFzkYu.exe
  C:\Windows\System\IYFzkYu.exe
  2⤵
  PID:7212
- C:\Windows\System\hRDBpfa.exe
  C:\Windows\System\hRDBpfa.exe
  2⤵
  PID:7368
- C:\Windows\System\vkqwpFl.exe
  C:\Windows\System\vkqwpFl.exe
  2⤵
  PID:7484
- C:\Windows\System\FLlkgcz.exe
  C:\Windows\System\FLlkgcz.exe
  2⤵
  PID:7664
- C:\Windows\System\MKJyReO.exe
  C:\Windows\System\MKJyReO.exe
  2⤵
  PID:7584
- C:\Windows\System\xJDgOOk.exe
  C:\Windows\System\xJDgOOk.exe
  2⤵
  PID:7952
- C:\Windows\System\zGSgDzz.exe
  C:\Windows\System\zGSgDzz.exe
  2⤵
  PID:7984
- C:\Windows\System\BMrGtaC.exe
  C:\Windows\System\BMrGtaC.exe
  2⤵
  PID:8128
- C:\Windows\System\evZAMyX.exe
  C:\Windows\System\evZAMyX.exe
  2⤵
  PID:7352
- C:\Windows\System\XZjEdLp.exe
  C:\Windows\System\XZjEdLp.exe
  2⤵
  PID:1816
- C:\Windows\System\gvgKxFQ.exe
  C:\Windows\System\gvgKxFQ.exe
  2⤵
  PID:7924
- C:\Windows\System\ZnhzIrb.exe
  C:\Windows\System\ZnhzIrb.exe
  2⤵
  PID:7292
- C:\Windows\System\bajeJce.exe
  C:\Windows\System\bajeJce.exe
  2⤵
  PID:7872
- C:\Windows\System\aMwgVcc.exe
  C:\Windows\System\aMwgVcc.exe
  2⤵
  PID:7324
- C:\Windows\System\BMZYtfE.exe
  C:\Windows\System\BMZYtfE.exe
  2⤵
  PID:8212
- C:\Windows\System\MaJIMAc.exe
  C:\Windows\System\MaJIMAc.exe
  2⤵
  PID:8240
- C:\Windows\System\rSEAcES.exe
  C:\Windows\System\rSEAcES.exe
  2⤵
  PID:8268
- C:\Windows\System\zHwkynE.exe
  C:\Windows\System\zHwkynE.exe
  2⤵
  PID:8296
- C:\Windows\System\UgUeHhC.exe
  C:\Windows\System\UgUeHhC.exe
  2⤵
  PID:8324
- C:\Windows\System\zotiGei.exe
  C:\Windows\System\zotiGei.exe
  2⤵
  PID:8352
- C:\Windows\System\FFFzFnC.exe
  C:\Windows\System\FFFzFnC.exe
  2⤵
  PID:8380
- C:\Windows\System\ldbnUfB.exe
  C:\Windows\System\ldbnUfB.exe
  2⤵
  PID:8408
- C:\Windows\System\WDKcEAY.exe
  C:\Windows\System\WDKcEAY.exe
  2⤵
  PID:8436
- C:\Windows\System\hDbpzRZ.exe
  C:\Windows\System\hDbpzRZ.exe
  2⤵
  PID:8464
- C:\Windows\System\DjMfwuS.exe
  C:\Windows\System\DjMfwuS.exe
  2⤵
  PID:8492
- C:\Windows\System\APzIKlg.exe
  C:\Windows\System\APzIKlg.exe
  2⤵
  PID:8520
- C:\Windows\System\CtreBjw.exe
  C:\Windows\System\CtreBjw.exe
  2⤵
  PID:8548
- C:\Windows\System\gUOQNKr.exe
  C:\Windows\System\gUOQNKr.exe
  2⤵
  PID:8576
- C:\Windows\System\VUWdUlT.exe
  C:\Windows\System\VUWdUlT.exe
  2⤵
  PID:8608
- C:\Windows\System\AeLdZLw.exe
  C:\Windows\System\AeLdZLw.exe
  2⤵
  PID:8636
- C:\Windows\System\CZoDrjJ.exe
  C:\Windows\System\CZoDrjJ.exe
  2⤵
  PID:8664
- C:\Windows\System\fVPNPIt.exe
  C:\Windows\System\fVPNPIt.exe
  2⤵
  PID:8696
- C:\Windows\System\pzaAtng.exe
  C:\Windows\System\pzaAtng.exe
  2⤵
  PID:8788
- C:\Windows\System\DBjdEJF.exe
  C:\Windows\System\DBjdEJF.exe
  2⤵
  PID:8848
- C:\Windows\System\wWYjQWU.exe
  C:\Windows\System\wWYjQWU.exe
  2⤵
  PID:8912
- C:\Windows\System\ZiGsoeQ.exe
  C:\Windows\System\ZiGsoeQ.exe
  2⤵
  PID:8960
- C:\Windows\System\qSrOXBa.exe
  C:\Windows\System\qSrOXBa.exe
  2⤵
  PID:8976
- C:\Windows\System\vdYndoZ.exe
  C:\Windows\System\vdYndoZ.exe
  2⤵
  PID:9012
- C:\Windows\System\pFyNQVd.exe
  C:\Windows\System\pFyNQVd.exe
  2⤵
  PID:9064
- C:\Windows\System\hNyUAJK.exe
  C:\Windows\System\hNyUAJK.exe
  2⤵
  PID:9104
- C:\Windows\System\ORfksFH.exe
  C:\Windows\System\ORfksFH.exe
  2⤵
  PID:9124
- C:\Windows\System\fXWyLMu.exe
  C:\Windows\System\fXWyLMu.exe
  2⤵
  PID:9152
- C:\Windows\System\gvoQuXN.exe
  C:\Windows\System\gvoQuXN.exe
  2⤵
  PID:9180
- C:\Windows\System\xfCZLMl.exe
  C:\Windows\System\xfCZLMl.exe
  2⤵
  PID:9208
- C:\Windows\System\UVoIffj.exe
  C:\Windows\System\UVoIffj.exe
  2⤵
  PID:8236
- C:\Windows\System\TylPHCM.exe
  C:\Windows\System\TylPHCM.exe
  2⤵
  PID:8312
- C:\Windows\System\lSUbMFD.exe
  C:\Windows\System\lSUbMFD.exe
  2⤵
  PID:8396
- C:\Windows\System\UEqOBox.exe
  C:\Windows\System\UEqOBox.exe
  2⤵
  PID:8448
- C:\Windows\System\mbKKtaZ.exe
  C:\Windows\System\mbKKtaZ.exe
  2⤵
  PID:8504
- C:\Windows\System\cRsPLfI.exe
  C:\Windows\System\cRsPLfI.exe
  2⤵
  PID:8588
- C:\Windows\System\LJvrWOV.exe
  C:\Windows\System\LJvrWOV.exe
  2⤵
  PID:8656
- C:\Windows\System\sVmCUzI.exe
  C:\Windows\System\sVmCUzI.exe
  2⤵
  PID:8736
- C:\Windows\System\BFHjDIl.exe
  C:\Windows\System\BFHjDIl.exe
  2⤵
  PID:8876
- C:\Windows\System\yPWIZYQ.exe
  C:\Windows\System\yPWIZYQ.exe
  2⤵
  PID:9004
- C:\Windows\System\zXeZGhv.exe
  C:\Windows\System\zXeZGhv.exe
  2⤵
  PID:9080
- C:\Windows\System\kMnlgpq.exe
  C:\Windows\System\kMnlgpq.exe
  2⤵
  PID:9144
- C:\Windows\System\bRthCQN.exe
  C:\Windows\System\bRthCQN.exe
  2⤵
  PID:8784
- C:\Windows\System\ZNXQaWa.exe
  C:\Windows\System\ZNXQaWa.exe
  2⤵
  PID:9192
- C:\Windows\System\YiXhXXt.exe
  C:\Windows\System\YiXhXXt.exe
  2⤵
  PID:8288
- C:\Windows\System\EqveiPx.exe
  C:\Windows\System\EqveiPx.exe
  2⤵
  PID:8428
- C:\Windows\System\cNlnbDa.exe
  C:\Windows\System\cNlnbDa.exe
  2⤵
  PID:8572
- C:\Windows\System\nGUmTpB.exe
  C:\Windows\System\nGUmTpB.exe
  2⤵
  PID:7704
- C:\Windows\System\HxSDPAD.exe
  C:\Windows\System\HxSDPAD.exe
  2⤵
  PID:8972
- C:\Windows\System\amypoix.exe
  C:\Windows\System\amypoix.exe
  2⤵
  PID:9060
- C:\Windows\System\yjkTWiL.exe
  C:\Windows\System\yjkTWiL.exe
  2⤵
  PID:8232
- C:\Windows\System\FVJVEdy.exe
  C:\Windows\System\FVJVEdy.exe
  2⤵
  PID:8532
- C:\Windows\System\BXNoLvw.exe
  C:\Windows\System\BXNoLvw.exe
  2⤵
  PID:9056
- C:\Windows\System\qURJpMl.exe
  C:\Windows\System\qURJpMl.exe
  2⤵
  PID:9176
- C:\Windows\System\URzbqXU.exe
  C:\Windows\System\URzbqXU.exe
  2⤵
  PID:8732
- C:\Windows\System\liFfENS.exe
  C:\Windows\System\liFfENS.exe
  2⤵
  PID:9232
- C:\Windows\System\mDUiJFh.exe
  C:\Windows\System\mDUiJFh.exe
  2⤵
  PID:9260
- C:\Windows\System\rlhZHWA.exe
  C:\Windows\System\rlhZHWA.exe
  2⤵
  PID:9288
- C:\Windows\System\BiataLL.exe
  C:\Windows\System\BiataLL.exe
  2⤵
  PID:9316
- C:\Windows\System\oVQNSDq.exe
  C:\Windows\System\oVQNSDq.exe
  2⤵
  PID:9332
- C:\Windows\System\ZevRZOs.exe
  C:\Windows\System\ZevRZOs.exe
  2⤵
  PID:9348
- C:\Windows\System\JHxtGfx.exe
  C:\Windows\System\JHxtGfx.exe
  2⤵
  PID:9372
- C:\Windows\System\ozlFBcE.exe
  C:\Windows\System\ozlFBcE.exe
  2⤵
  PID:9404
- C:\Windows\System\VCzJaMr.exe
  C:\Windows\System\VCzJaMr.exe
  2⤵
  PID:9456
- C:\Windows\System\VgisVmJ.exe
  C:\Windows\System\VgisVmJ.exe
  2⤵
  PID:9484
- C:\Windows\System\LknDBFR.exe
  C:\Windows\System\LknDBFR.exe
  2⤵
  PID:9512
- C:\Windows\System\LKvQtos.exe
  C:\Windows\System\LKvQtos.exe
  2⤵
  PID:9544
- C:\Windows\System\UEkUScz.exe
  C:\Windows\System\UEkUScz.exe
  2⤵
  PID:9572
- C:\Windows\System\opFhfFB.exe
  C:\Windows\System\opFhfFB.exe
  2⤵
  PID:9600
- C:\Windows\System\UyawOqW.exe
  C:\Windows\System\UyawOqW.exe
  2⤵
  PID:9628
- C:\Windows\System\YPYgVll.exe
  C:\Windows\System\YPYgVll.exe
  2⤵
  PID:9656
- C:\Windows\System\VNLEgWR.exe
  C:\Windows\System\VNLEgWR.exe
  2⤵
  PID:9684
- C:\Windows\System\jYiKHRZ.exe
  C:\Windows\System\jYiKHRZ.exe
  2⤵
  PID:9712
- C:\Windows\System\FWVeDhq.exe
  C:\Windows\System\FWVeDhq.exe
  2⤵
  PID:9744
- C:\Windows\System\gVUooKO.exe
  C:\Windows\System\gVUooKO.exe
  2⤵
  PID:9772
- C:\Windows\System\QlYSyFM.exe
  C:\Windows\System\QlYSyFM.exe
  2⤵
  PID:9800
- C:\Windows\System\SkltcDs.exe
  C:\Windows\System\SkltcDs.exe
  2⤵
  PID:9828
- C:\Windows\System\fMiCehC.exe
  C:\Windows\System\fMiCehC.exe
  2⤵
  PID:9856
- C:\Windows\System\EDHizhd.exe
  C:\Windows\System\EDHizhd.exe
  2⤵
  PID:9884
- C:\Windows\System\ZuJRYxG.exe
  C:\Windows\System\ZuJRYxG.exe
  2⤵
  PID:9912
- C:\Windows\System\srdBKWC.exe
  C:\Windows\System\srdBKWC.exe
  2⤵
  PID:9940
- C:\Windows\System\oPbRZJi.exe
  C:\Windows\System\oPbRZJi.exe
  2⤵
  PID:9968
- C:\Windows\System\eVeObzw.exe
  C:\Windows\System\eVeObzw.exe
  2⤵
  PID:10012
- C:\Windows\System\XZMNQzB.exe
  C:\Windows\System\XZMNQzB.exe
  2⤵
  PID:10028
- C:\Windows\System\LtPvElU.exe
  C:\Windows\System\LtPvElU.exe
  2⤵
  PID:10092
- C:\Windows\System\EnOVinz.exe
  C:\Windows\System\EnOVinz.exe
  2⤵
  PID:10112
- C:\Windows\System\OVgIdaE.exe
  C:\Windows\System\OVgIdaE.exe
  2⤵
  PID:10140
- C:\Windows\System\ytsNXiN.exe
  C:\Windows\System\ytsNXiN.exe
  2⤵
  PID:10176
- C:\Windows\System\wtXOjkz.exe
  C:\Windows\System\wtXOjkz.exe
  2⤵
  PID:10196
- C:\Windows\System\ZkRVxwZ.exe
  C:\Windows\System\ZkRVxwZ.exe
  2⤵
  PID:10212
- C:\Windows\System\OggqcQU.exe
  C:\Windows\System\OggqcQU.exe
  2⤵
  PID:9248
- C:\Windows\System\mUggMxo.exe
  C:\Windows\System\mUggMxo.exe
  2⤵
  PID:9312
- C:\Windows\System\oNlWCmj.exe
  C:\Windows\System\oNlWCmj.exe
  2⤵
  PID:9364
- C:\Windows\System\VskOozu.exe
  C:\Windows\System\VskOozu.exe
  2⤵
  PID:9428
- C:\Windows\System\zYqFOpK.exe
  C:\Windows\System\zYqFOpK.exe
  2⤵
  PID:9528
- C:\Windows\System\IHjFRjk.exe
  C:\Windows\System\IHjFRjk.exe
  2⤵
  PID:9596
- C:\Windows\System\PbWdYyG.exe
  C:\Windows\System\PbWdYyG.exe
  2⤵
  PID:9648
- C:\Windows\System\cFzpcmS.exe
  C:\Windows\System\cFzpcmS.exe
  2⤵
  PID:9736
- C:\Windows\System\WNiJPRW.exe
  C:\Windows\System\WNiJPRW.exe
  2⤵
  PID:9840
- C:\Windows\System\mhrAgsn.exe
  C:\Windows\System\mhrAgsn.exe
  2⤵
  PID:9880
- C:\Windows\System\AScLonw.exe
  C:\Windows\System\AScLonw.exe
  2⤵
  PID:9960
- C:\Windows\System\CvaNnrE.exe
  C:\Windows\System\CvaNnrE.exe
  2⤵
  PID:10020
- C:\Windows\System\lScKNuI.exe
  C:\Windows\System\lScKNuI.exe
  2⤵
  PID:10104
- C:\Windows\System\mxvDsef.exe
  C:\Windows\System\mxvDsef.exe
  2⤵
  PID:10164
- C:\Windows\System\cDKyHqf.exe
  C:\Windows\System\cDKyHqf.exe
  2⤵
  PID:10224
- C:\Windows\System\HsdvTAZ.exe
  C:\Windows\System\HsdvTAZ.exe
  2⤵
  PID:9340
- C:\Windows\System\lXNescp.exe
  C:\Windows\System\lXNescp.exe
  2⤵
  PID:9468
- C:\Windows\System\CQFTygk.exe
  C:\Windows\System\CQFTygk.exe
  2⤵
  PID:9556
- C:\Windows\System\LkgXGBc.exe
  C:\Windows\System\LkgXGBc.exe
  2⤵
  PID:9676
- C:\Windows\System\aQkerRm.exe
  C:\Windows\System\aQkerRm.exe
  2⤵
  PID:6616
- C:\Windows\System\xZbastC.exe
  C:\Windows\System\xZbastC.exe
  2⤵
  PID:6604
- C:\Windows\System\OrqvPDU.exe
  C:\Windows\System\OrqvPDU.exe
  2⤵
  PID:4836
- C:\Windows\System\roTzFEe.exe
  C:\Windows\System\roTzFEe.exe
  2⤵
  PID:8600
- C:\Windows\System\DfhRAid.exe
  C:\Windows\System\DfhRAid.exe
  2⤵
  PID:10088
- C:\Windows\System\aXKwgRK.exe
  C:\Windows\System\aXKwgRK.exe
  2⤵
  PID:9228
- C:\Windows\System\OwgdQEC.exe
  C:\Windows\System\OwgdQEC.exe
  2⤵
  PID:9504
- C:\Windows\System\VhnZSnZ.exe
  C:\Windows\System\VhnZSnZ.exe
  2⤵
  PID:6600
- C:\Windows\System\KZFfpCg.exe
  C:\Windows\System\KZFfpCg.exe
  2⤵
  PID:9584
- C:\Windows\System\lXacaEO.exe
  C:\Windows\System\lXacaEO.exe
  2⤵
  PID:10192
- C:\Windows\System\TkPHXmu.exe
  C:\Windows\System\TkPHXmu.exe
  2⤵
  PID:6672
- C:\Windows\System\maPWdQT.exe
  C:\Windows\System\maPWdQT.exe
  2⤵
  PID:9440
- C:\Windows\System\Wlpvvzg.exe
  C:\Windows\System\Wlpvvzg.exe
  2⤵
  PID:9792
- C:\Windows\System\OlmsFnN.exe
  C:\Windows\System\OlmsFnN.exe
  2⤵
  PID:10260
- C:\Windows\System\CAfknuq.exe
  C:\Windows\System\CAfknuq.exe
  2⤵
  PID:10288
- C:\Windows\System\diNKhoi.exe
  C:\Windows\System\diNKhoi.exe
  2⤵
  PID:10316
- C:\Windows\System\IHIgsak.exe
  C:\Windows\System\IHIgsak.exe
  2⤵
  PID:10344
- C:\Windows\System\ZDQYLYJ.exe
  C:\Windows\System\ZDQYLYJ.exe
  2⤵
  PID:10372
- C:\Windows\System\YbZDOif.exe
  C:\Windows\System\YbZDOif.exe
  2⤵
  PID:10400
- C:\Windows\System\OTFIUpS.exe
  C:\Windows\System\OTFIUpS.exe
  2⤵
  PID:10428
- C:\Windows\System\vEiBBDS.exe
  C:\Windows\System\vEiBBDS.exe
  2⤵
  PID:10456
- C:\Windows\System\uyZlTKY.exe
  C:\Windows\System\uyZlTKY.exe
  2⤵
  PID:10488
- C:\Windows\System\WDhRoJK.exe
  C:\Windows\System\WDhRoJK.exe
  2⤵
  PID:10516
- C:\Windows\System\yTCBYjV.exe
  C:\Windows\System\yTCBYjV.exe
  2⤵
  PID:10544
- C:\Windows\System\wYHDbgf.exe
  C:\Windows\System\wYHDbgf.exe
  2⤵
  PID:10572
- C:\Windows\System\znorMbL.exe
  C:\Windows\System\znorMbL.exe
  2⤵
  PID:10600
- C:\Windows\System\kgvSXYr.exe
  C:\Windows\System\kgvSXYr.exe
  2⤵
  PID:10628
- C:\Windows\System\wsooxfK.exe
  C:\Windows\System\wsooxfK.exe
  2⤵
  PID:10656
- C:\Windows\System\SDvqyWP.exe
  C:\Windows\System\SDvqyWP.exe
  2⤵
  PID:10684
- C:\Windows\System\HHvSFHf.exe
  C:\Windows\System\HHvSFHf.exe
  2⤵
  PID:10712
- C:\Windows\System\QBWHpwQ.exe
  C:\Windows\System\QBWHpwQ.exe
  2⤵
  PID:10740
- C:\Windows\System\kcbKbgC.exe
  C:\Windows\System\kcbKbgC.exe
  2⤵
  PID:10768
- C:\Windows\System\kARVzCy.exe
  C:\Windows\System\kARVzCy.exe
  2⤵
  PID:10796
- C:\Windows\System\EMaqcxy.exe
  C:\Windows\System\EMaqcxy.exe
  2⤵
  PID:10824
- C:\Windows\System\ZzOOrEO.exe
  C:\Windows\System\ZzOOrEO.exe
  2⤵
  PID:10852
- C:\Windows\System\WrrngIL.exe
  C:\Windows\System\WrrngIL.exe
  2⤵
  PID:10880
- C:\Windows\System\iPFcruq.exe
  C:\Windows\System\iPFcruq.exe
  2⤵
  PID:10908
- C:\Windows\System\JPqaGmS.exe
  C:\Windows\System\JPqaGmS.exe
  2⤵
  PID:10936
- C:\Windows\System\Umigaqd.exe
  C:\Windows\System\Umigaqd.exe
  2⤵
  PID:10964
- C:\Windows\System\MfxRNeh.exe
  C:\Windows\System\MfxRNeh.exe
  2⤵
  PID:10992
- C:\Windows\System\NoZwlmA.exe
  C:\Windows\System\NoZwlmA.exe
  2⤵
  PID:11020
- C:\Windows\System\PGywmQl.exe
  C:\Windows\System\PGywmQl.exe
  2⤵
  PID:11048
- C:\Windows\System\TcrLKCc.exe
  C:\Windows\System\TcrLKCc.exe
  2⤵
  PID:11112
- C:\Windows\System\FPBegmE.exe
  C:\Windows\System\FPBegmE.exe
  2⤵
  PID:11140
- C:\Windows\System\jpFpIbU.exe
  C:\Windows\System\jpFpIbU.exe
  2⤵
  PID:11168
- C:\Windows\System\pDAxJtu.exe
  C:\Windows\System\pDAxJtu.exe
  2⤵
  PID:11204
- C:\Windows\System\PsAtbqa.exe
  C:\Windows\System\PsAtbqa.exe
  2⤵
  PID:11248
- C:\Windows\System\wuZBXYb.exe
  C:\Windows\System\wuZBXYb.exe
  2⤵
  PID:10300
- C:\Windows\System\PCBzPYY.exe
  C:\Windows\System\PCBzPYY.exe
  2⤵
  PID:10392
- C:\Windows\System\vwyJsrB.exe
  C:\Windows\System\vwyJsrB.exe
  2⤵
  PID:10472
- C:\Windows\System\khNbdOt.exe
  C:\Windows\System\khNbdOt.exe
  2⤵
  PID:10536
- C:\Windows\System\SPuHuDF.exe
  C:\Windows\System\SPuHuDF.exe
  2⤵
  PID:10596
- C:\Windows\System\xEVPxMv.exe
  C:\Windows\System\xEVPxMv.exe
  2⤵
  PID:10672
- C:\Windows\System\viiUBKY.exe
  C:\Windows\System\viiUBKY.exe
  2⤵
  PID:10736
- C:\Windows\System\UrTbfiS.exe
  C:\Windows\System\UrTbfiS.exe
  2⤵
  PID:10812
- C:\Windows\System\rzFEDRS.exe
  C:\Windows\System\rzFEDRS.exe
  2⤵
  PID:10872
- C:\Windows\System\nRjlCGa.exe
  C:\Windows\System\nRjlCGa.exe
  2⤵
  PID:10932
- C:\Windows\System\NSjhqBi.exe
  C:\Windows\System\NSjhqBi.exe
  2⤵
  PID:10464
- C:\Windows\System\MjNYknI.exe
  C:\Windows\System\MjNYknI.exe
  2⤵
  PID:11064
- C:\Windows\System\SaXHOsQ.exe
  C:\Windows\System\SaXHOsQ.exe
  2⤵
  PID:11104
- C:\Windows\System\PnUFdvY.exe
  C:\Windows\System\PnUFdvY.exe
  2⤵
  PID:6900
- C:\Windows\System\JlAQLDf.exe
  C:\Windows\System\JlAQLDf.exe
  2⤵
  PID:11244
- C:\Windows\System\JZwiMdu.exe
  C:\Windows\System\JZwiMdu.exe
  2⤵
  PID:10384
- C:\Windows\System\BpkytmR.exe
  C:\Windows\System\BpkytmR.exe
  2⤵
  PID:10340
- C:\Windows\System\jOVARsF.exe
  C:\Windows\System\jOVARsF.exe
  2⤵
  PID:11224
- C:\Windows\System\rjOHtDN.exe
  C:\Windows\System\rjOHtDN.exe
  2⤵
  PID:10648
- C:\Windows\System\XnepZgF.exe
  C:\Windows\System\XnepZgF.exe
  2⤵
  PID:448
- C:\Windows\System\gwWeqNU.exe
  C:\Windows\System\gwWeqNU.exe
  2⤵
  PID:10868
- C:\Windows\System\hPODuzU.exe
  C:\Windows\System\hPODuzU.exe
  2⤵
  PID:11040
- C:\Windows\System\sXwmEnz.exe
  C:\Windows\System\sXwmEnz.exe
  2⤵
  PID:11160
- C:\Windows\System\DEJXQSW.exe
  C:\Windows\System\DEJXQSW.exe
  2⤵
  PID:6896
- C:\Windows\System\IotLtlg.exe
  C:\Windows\System\IotLtlg.exe
  2⤵
  PID:10568
- C:\Windows\System\sGQiXbm.exe
  C:\Windows\System\sGQiXbm.exe
  2⤵
  PID:10840
- C:\Windows\System\uEfUkdT.exe
  C:\Windows\System\uEfUkdT.exe
  2⤵
  PID:3468
- C:\Windows\System\gacAGhn.exe
  C:\Windows\System\gacAGhn.exe
  2⤵
  PID:10504
- C:\Windows\System\PYRhYDU.exe
  C:\Windows\System\PYRhYDU.exe
  2⤵
  PID:11216
- C:\Windows\System\afOBFbJ.exe
  C:\Windows\System\afOBFbJ.exe
  2⤵
  PID:10356
- C:\Windows\System\GZSfAFM.exe
  C:\Windows\System\GZSfAFM.exe
  2⤵
  PID:11272
- C:\Windows\System\hMITqCO.exe
  C:\Windows\System\hMITqCO.exe
  2⤵
  PID:11300
- C:\Windows\System\omHrGNB.exe
  C:\Windows\System\omHrGNB.exe
  2⤵
  PID:11328
- C:\Windows\System\uLbHKWa.exe
  C:\Windows\System\uLbHKWa.exe
  2⤵
  PID:11356
- C:\Windows\System\nYkpoEG.exe
  C:\Windows\System\nYkpoEG.exe
  2⤵
  PID:11384
- C:\Windows\System\ZAzKcmh.exe
  C:\Windows\System\ZAzKcmh.exe
  2⤵
  PID:11416
- C:\Windows\System\bvBGFUW.exe
  C:\Windows\System\bvBGFUW.exe
  2⤵
  PID:11444
- C:\Windows\System\gGznztj.exe
  C:\Windows\System\gGznztj.exe
  2⤵
  PID:11472
- C:\Windows\System\faHrlyJ.exe
  C:\Windows\System\faHrlyJ.exe
  2⤵
  PID:11500
- C:\Windows\System\oYYERyt.exe
  C:\Windows\System\oYYERyt.exe
  2⤵
  PID:11516
- C:\Windows\System\qIjDtfn.exe
  C:\Windows\System\qIjDtfn.exe
  2⤵
  PID:11552
- C:\Windows\System\uKfrJvF.exe
  C:\Windows\System\uKfrJvF.exe
  2⤵
  PID:11584
- C:\Windows\System\wWpiyCB.exe
  C:\Windows\System\wWpiyCB.exe
  2⤵
  PID:11612
- C:\Windows\System\WguOrTH.exe
  C:\Windows\System\WguOrTH.exe
  2⤵
  PID:11640
- C:\Windows\System\SKEQqxq.exe
  C:\Windows\System\SKEQqxq.exe
  2⤵
  PID:11668
- C:\Windows\System\gPghbSb.exe
  C:\Windows\System\gPghbSb.exe
  2⤵
  PID:11696
- C:\Windows\System\kOmkWXJ.exe
  C:\Windows\System\kOmkWXJ.exe
  2⤵
  PID:11724
- C:\Windows\System\VnGrXYo.exe
  C:\Windows\System\VnGrXYo.exe
  2⤵
  PID:11752
- C:\Windows\System\GkhUnvl.exe
  C:\Windows\System\GkhUnvl.exe
  2⤵
  PID:11780
- C:\Windows\System\EAQiFVo.exe
  C:\Windows\System\EAQiFVo.exe
  2⤵
  PID:11808
- C:\Windows\System\QridgxX.exe
  C:\Windows\System\QridgxX.exe
  2⤵
  PID:11836
- C:\Windows\System\kDzoCms.exe
  C:\Windows\System\kDzoCms.exe
  2⤵
  PID:11864
- C:\Windows\System\ldSDgQv.exe
  C:\Windows\System\ldSDgQv.exe
  2⤵
  PID:11892
- C:\Windows\System\gakqaft.exe
  C:\Windows\System\gakqaft.exe
  2⤵
  PID:11924
- C:\Windows\System\rduTuLZ.exe
  C:\Windows\System\rduTuLZ.exe
  2⤵
  PID:11952
- C:\Windows\System\OGNerAJ.exe
  C:\Windows\System\OGNerAJ.exe
  2⤵
  PID:11980
- C:\Windows\System\limzqFh.exe
  C:\Windows\System\limzqFh.exe
  2⤵
  PID:12008
- C:\Windows\System\lWUzlMW.exe
  C:\Windows\System\lWUzlMW.exe
  2⤵
  PID:12036
- C:\Windows\System\EVKnKxj.exe
  C:\Windows\System\EVKnKxj.exe
  2⤵
  PID:12060
- C:\Windows\System\MMuvKIo.exe
  C:\Windows\System\MMuvKIo.exe
  2⤵
  PID:12092
- C:\Windows\System\WgmxIZx.exe
  C:\Windows\System\WgmxIZx.exe
  2⤵
  PID:12120
- C:\Windows\System\IbzriBK.exe
  C:\Windows\System\IbzriBK.exe
  2⤵
  PID:12148
- C:\Windows\System\TewteEm.exe
  C:\Windows\System\TewteEm.exe
  2⤵
  PID:12176
- C:\Windows\System\cFypSkk.exe
  C:\Windows\System\cFypSkk.exe
  2⤵
  PID:12204
- C:\Windows\System\pYxtsIV.exe
  C:\Windows\System\pYxtsIV.exe
  2⤵
  PID:12240
- C:\Windows\System\MYZFash.exe
  C:\Windows\System\MYZFash.exe
  2⤵
  PID:12268
- C:\Windows\System\HDDsAJE.exe
  C:\Windows\System\HDDsAJE.exe
  2⤵
  PID:11284
- C:\Windows\System\eSXnkzQ.exe
  C:\Windows\System\eSXnkzQ.exe
  2⤵
  PID:11324
- C:\Windows\System\NUrPakn.exe
  C:\Windows\System\NUrPakn.exe
  2⤵
  PID:11396
- C:\Windows\System\OZZsQir.exe
  C:\Windows\System\OZZsQir.exe
  2⤵
  PID:11456
- C:\Windows\System\ccuFcBY.exe
  C:\Windows\System\ccuFcBY.exe
  2⤵
  PID:2956
- C:\Windows\System\DrBGinI.exe
  C:\Windows\System\DrBGinI.exe
  2⤵
  PID:11568
- C:\Windows\System\hJhuOuU.exe
  C:\Windows\System\hJhuOuU.exe
  2⤵
  PID:11608
- C:\Windows\System\TrTaWDt.exe
  C:\Windows\System\TrTaWDt.exe
  2⤵
  PID:11680
- C:\Windows\System\dAHMRbk.exe
  C:\Windows\System\dAHMRbk.exe
  2⤵
  PID:11744
- C:\Windows\System\llhiNiK.exe
  C:\Windows\System\llhiNiK.exe
  2⤵
  PID:11828
- C:\Windows\System\oHxrIiE.exe
  C:\Windows\System\oHxrIiE.exe
  2⤵
  PID:11876
- C:\Windows\System\rraWmlq.exe
  C:\Windows\System\rraWmlq.exe
  2⤵
  PID:11940
- C:\Windows\System\QsufLzW.exe
  C:\Windows\System\QsufLzW.exe
  2⤵
  PID:12000
- C:\Windows\System\YoZoNLH.exe
  C:\Windows\System\YoZoNLH.exe
  2⤵
  PID:12068
- C:\Windows\System\mPIPWgv.exe
  C:\Windows\System\mPIPWgv.exe
  2⤵
  PID:12136
- C:\Windows\System\XAtXjGq.exe
  C:\Windows\System\XAtXjGq.exe
  2⤵
  PID:12192
- C:\Windows\System\innMEhU.exe
  C:\Windows\System\innMEhU.exe
  2⤵
  PID:12264
- C:\Windows\System\nQDYvXP.exe
  C:\Windows\System\nQDYvXP.exe
  2⤵
  PID:11352
- C:\Windows\System\KXzIZXb.exe
  C:\Windows\System\KXzIZXb.exe
  2⤵
  PID:11408
- C:\Windows\System\XEYZHMs.exe
  C:\Windows\System\XEYZHMs.exe
  2⤵
  PID:11560
- C:\Windows\System\FbhZMyJ.exe
  C:\Windows\System\FbhZMyJ.exe
  2⤵
  PID:11800
- C:\Windows\System\BvrcWol.exe
  C:\Windows\System\BvrcWol.exe
  2⤵
  PID:12048
- C:\Windows\System\KuqaYug.exe
  C:\Windows\System\KuqaYug.exe
  2⤵
  PID:12172
- C:\Windows\System\FLfeRJR.exe
  C:\Windows\System\FLfeRJR.exe
  2⤵
  PID:11380
- C:\Windows\System\PWOzkDE.exe
  C:\Windows\System\PWOzkDE.exe
  2⤵
  PID:11720
- C:\Windows\System\DwVTWSW.exe
  C:\Windows\System\DwVTWSW.exe
  2⤵
  PID:12116
- C:\Windows\System\UjoIBKZ.exe
  C:\Windows\System\UjoIBKZ.exe
  2⤵
  PID:10988
- C:\Windows\System\KPoNeIt.exe
  C:\Windows\System\KPoNeIt.exe
  2⤵
  PID:10956
- C:\Windows\System\BsOswaZ.exe
  C:\Windows\System\BsOswaZ.exe
  2⤵
  PID:11664
- C:\Windows\System\UfqAblp.exe
  C:\Windows\System\UfqAblp.exe
  2⤵
  PID:11092
- C:\Windows\System\FuhSogB.exe
  C:\Windows\System\FuhSogB.exe
  2⤵
  PID:404
- C:\Windows\System\qzlhehZ.exe
  C:\Windows\System\qzlhehZ.exe
  2⤵
  PID:11188
- C:\Windows\System\yMbycEb.exe
  C:\Windows\System\yMbycEb.exe
  2⤵
  PID:1508
- C:\Windows\System\UeYeest.exe
  C:\Windows\System\UeYeest.exe
  2⤵
  PID:12308
- C:\Windows\System\gybUxTm.exe
  C:\Windows\System\gybUxTm.exe
  2⤵
  PID:12336
- C:\Windows\System\upKTIbv.exe
  C:\Windows\System\upKTIbv.exe
  2⤵
  PID:12364
- C:\Windows\System\LigTIBs.exe
  C:\Windows\System\LigTIBs.exe
  2⤵
  PID:12392
- C:\Windows\System\HndiVgb.exe
  C:\Windows\System\HndiVgb.exe
  2⤵
  PID:12436
- C:\Windows\System\aKrxrtS.exe
  C:\Windows\System\aKrxrtS.exe
  2⤵
  PID:12452
- C:\Windows\System\eNixbOy.exe
  C:\Windows\System\eNixbOy.exe
  2⤵
  PID:12480
- C:\Windows\System\ZPNTWIb.exe
  C:\Windows\System\ZPNTWIb.exe
  2⤵
  PID:12508
- C:\Windows\System\qUYOgtQ.exe
  C:\Windows\System\qUYOgtQ.exe
  2⤵
  PID:12536
- C:\Windows\System\cKWXJvt.exe
  C:\Windows\System\cKWXJvt.exe
  2⤵
  PID:12564
- C:\Windows\System\CgeTzzj.exe
  C:\Windows\System\CgeTzzj.exe
  2⤵
  PID:12592
- C:\Windows\System\BgxIsBR.exe
  C:\Windows\System\BgxIsBR.exe
  2⤵
  PID:12620
- C:\Windows\System\ebQDHPc.exe
  C:\Windows\System\ebQDHPc.exe
  2⤵
  PID:12648
- C:\Windows\System\VoTbsNe.exe
  C:\Windows\System\VoTbsNe.exe
  2⤵
  PID:12676
- C:\Windows\System\fMyTjmb.exe
  C:\Windows\System\fMyTjmb.exe
  2⤵
  PID:12704
- C:\Windows\System\ZMzYeVo.exe
  C:\Windows\System\ZMzYeVo.exe
  2⤵
  PID:12732
- C:\Windows\System\JEvjiyT.exe
  C:\Windows\System\JEvjiyT.exe
  2⤵
  PID:12760
- C:\Windows\System\dRofzrD.exe
  C:\Windows\System\dRofzrD.exe
  2⤵
  PID:12788
- C:\Windows\System\WetcdsM.exe
  C:\Windows\System\WetcdsM.exe
  2⤵
  PID:12816
- C:\Windows\System\rHhAuhj.exe
  C:\Windows\System\rHhAuhj.exe
  2⤵
  PID:12844
- C:\Windows\System\QQWbCew.exe
  C:\Windows\System\QQWbCew.exe
  2⤵
  PID:12872
- C:\Windows\System\nBwvIrC.exe
  C:\Windows\System\nBwvIrC.exe
  2⤵
  PID:12900
- C:\Windows\System\THbYVDW.exe
  C:\Windows\System\THbYVDW.exe
  2⤵
  PID:12928
- C:\Windows\System\zmMiwvT.exe
  C:\Windows\System\zmMiwvT.exe
  2⤵
  PID:12956
- C:\Windows\System\ycYoawl.exe
  C:\Windows\System\ycYoawl.exe
  2⤵
  PID:12984
- C:\Windows\System\zuvXfUK.exe
  C:\Windows\System\zuvXfUK.exe
  2⤵
  PID:13012
- C:\Windows\System\DYqpqME.exe
  C:\Windows\System\DYqpqME.exe
  2⤵
  PID:13040
- C:\Windows\System\DVfGAOA.exe
  C:\Windows\System\DVfGAOA.exe
  2⤵
  PID:13068
- C:\Windows\System\lNpAbaJ.exe
  C:\Windows\System\lNpAbaJ.exe
  2⤵
  PID:13096
- C:\Windows\System\eKceuOt.exe
  C:\Windows\System\eKceuOt.exe
  2⤵
  PID:13128
- C:\Windows\System\cKaZmdy.exe
  C:\Windows\System\cKaZmdy.exe
  2⤵
  PID:13156
- C:\Windows\System\QIbqLEj.exe
  C:\Windows\System\QIbqLEj.exe
  2⤵
  PID:13184
- C:\Windows\System\jgMPZqR.exe
  C:\Windows\System\jgMPZqR.exe
  2⤵
  PID:13212
- C:\Windows\System\pIJyqlJ.exe
  C:\Windows\System\pIJyqlJ.exe
  2⤵
  PID:13240
- C:\Windows\System\QcCAiAf.exe
  C:\Windows\System\QcCAiAf.exe
  2⤵
  PID:13268
- C:\Windows\System\zjRPjGe.exe
  C:\Windows\System\zjRPjGe.exe
  2⤵
  PID:13292
- C:\Windows\System\CRBsbJS.exe
  C:\Windows\System\CRBsbJS.exe
  2⤵
  PID:12300
- C:\Windows\System\ZzJhfFF.exe
  C:\Windows\System\ZzJhfFF.exe
  2⤵
  PID:12360
- C:\Windows\System\xeqEDaf.exe
  C:\Windows\System\xeqEDaf.exe
  2⤵
  PID:12420
- C:\Windows\System\aTZtuqC.exe
  C:\Windows\System\aTZtuqC.exe
  2⤵
  PID:12492
- C:\Windows\System\Nnqleiq.exe
  C:\Windows\System\Nnqleiq.exe
  2⤵
  PID:12560
- C:\Windows\System\zShStUf.exe
  C:\Windows\System\zShStUf.exe
  2⤵
  PID:12644
- C:\Windows\System\TWxRJUv.exe
  C:\Windows\System\TWxRJUv.exe
  2⤵
  PID:12688
- C:\Windows\System\KSZPPqr.exe
  C:\Windows\System\KSZPPqr.exe
  2⤵
  PID:12724
- C:\Windows\System\IFPllVh.exe
  C:\Windows\System\IFPllVh.exe
  2⤵
  PID:12812
- C:\Windows\System\BNzYfhf.exe
  C:\Windows\System\BNzYfhf.exe
  2⤵
  PID:12884
- C:\Windows\System\xieSOjU.exe
  C:\Windows\System\xieSOjU.exe
  2⤵
  PID:12940
- C:\Windows\System\BuWAKoK.exe
  C:\Windows\System\BuWAKoK.exe
  2⤵
  PID:13004
- C:\Windows\System\mVPIxUz.exe
  C:\Windows\System\mVPIxUz.exe
  2⤵
  PID:13052
- C:\Windows\System\UNRRYgg.exe
  C:\Windows\System\UNRRYgg.exe
  2⤵
  PID:13140
- C:\Windows\System\askeLtH.exe
  C:\Windows\System\askeLtH.exe
  2⤵
  PID:13200
- C:\Windows\System\FTGxYEd.exe
  C:\Windows\System\FTGxYEd.exe
  2⤵
  PID:13264
- C:\Windows\System\kQjBrHE.exe
  C:\Windows\System\kQjBrHE.exe
  2⤵
  PID:12324
- C:\Windows\System\edzGdEe.exe
  C:\Windows\System\edzGdEe.exe
  2⤵
  PID:12472
- C:\Windows\System\xJFcLaF.exe
  C:\Windows\System\xJFcLaF.exe
  2⤵
  PID:12640
- C:\Windows\System\OuPdvhx.exe
  C:\Windows\System\OuPdvhx.exe
  2⤵
  PID:12756
- C:\Windows\System\tSNqCiq.exe
  C:\Windows\System\tSNqCiq.exe
  2⤵
  PID:12912
- C:\Windows\System\axcWCZV.exe
  C:\Windows\System\axcWCZV.exe
  2⤵
  PID:13024
- C:\Windows\System\vpBtitE.exe
  C:\Windows\System\vpBtitE.exe
  2⤵
  PID:13168
- C:\Windows\System\TDFpgAH.exe
  C:\Windows\System\TDFpgAH.exe
  2⤵
  PID:12292
- C:\Windows\System\IoSNYFw.exe
  C:\Windows\System\IoSNYFw.exe
  2⤵
  PID:12668
- C:\Windows\System\BSWeGNr.exe
  C:\Windows\System\BSWeGNr.exe
  2⤵
  PID:12980
- C:\Windows\System\NbjXiht.exe
  C:\Windows\System\NbjXiht.exe
  2⤵
  PID:11100
- C:\Windows\System\pqDpydT.exe
  C:\Windows\System\pqDpydT.exe
  2⤵
  PID:13108
- C:\Windows\System\ycdzVhj.exe
  C:\Windows\System\ycdzVhj.exe
  2⤵
  PID:12968
- C:\Windows\System\LOKZwOq.exe
  C:\Windows\System\LOKZwOq.exe
  2⤵
  PID:13336
- C:\Windows\System\IEmbrxH.exe
  C:\Windows\System\IEmbrxH.exe
  2⤵
  PID:13364
- C:\Windows\System\dyRvIpw.exe
  C:\Windows\System\dyRvIpw.exe
  2⤵
  PID:13392
- C:\Windows\System\HtcDzNV.exe
  C:\Windows\System\HtcDzNV.exe
  2⤵
  PID:13420
- C:\Windows\System\sEjRJhg.exe
  C:\Windows\System\sEjRJhg.exe
  2⤵
  PID:13448
- C:\Windows\System\Kzmvdao.exe
  C:\Windows\System\Kzmvdao.exe
  2⤵
  PID:13476
- C:\Windows\System\SWpshXp.exe
  C:\Windows\System\SWpshXp.exe
  2⤵
  PID:13504
- C:\Windows\System\RkWMiJL.exe
  C:\Windows\System\RkWMiJL.exe
  2⤵
  PID:13532
- C:\Windows\System\TYJCvVp.exe
  C:\Windows\System\TYJCvVp.exe
  2⤵
  PID:13560
- C:\Windows\System\VACgton.exe
  C:\Windows\System\VACgton.exe
  2⤵
  PID:13588
- C:\Windows\System\EWLFbEj.exe
  C:\Windows\System\EWLFbEj.exe
  2⤵
  PID:13616
- C:\Windows\System\sejhWrX.exe
  C:\Windows\System\sejhWrX.exe
  2⤵
  PID:13644
- C:\Windows\System\IcoDdod.exe
  C:\Windows\System\IcoDdod.exe
  2⤵
  PID:13672
- C:\Windows\System\FYQFuFM.exe
  C:\Windows\System\FYQFuFM.exe
  2⤵
  PID:13700
- C:\Windows\System\WwflvKM.exe
  C:\Windows\System\WwflvKM.exe
  2⤵
  PID:13728
- C:\Windows\System\FNrEvcw.exe
  C:\Windows\System\FNrEvcw.exe
  2⤵
  PID:13760
- C:\Windows\System\uHDNwmX.exe
  C:\Windows\System\uHDNwmX.exe
  2⤵
  PID:13788
- C:\Windows\System\adAMSdH.exe
  C:\Windows\System\adAMSdH.exe
  2⤵
  PID:13816
- C:\Windows\System\CRMjfyO.exe
  C:\Windows\System\CRMjfyO.exe
  2⤵
  PID:13844
- C:\Windows\System\jgVbMpu.exe
  C:\Windows\System\jgVbMpu.exe
  2⤵
  PID:13872
- C:\Windows\System\NggYjOY.exe
  C:\Windows\System\NggYjOY.exe
  2⤵
  PID:13900
- C:\Windows\System\gMtOWlv.exe
  C:\Windows\System\gMtOWlv.exe
  2⤵
  PID:13928
- C:\Windows\System\xKHnEck.exe
  C:\Windows\System\xKHnEck.exe
  2⤵
  PID:13956
- C:\Windows\System\ggbCWXh.exe
  C:\Windows\System\ggbCWXh.exe
  2⤵
  PID:13984
- C:\Windows\System\yrPoZHm.exe
  C:\Windows\System\yrPoZHm.exe
  2⤵
  PID:14012
- C:\Windows\System\uMzuaHC.exe
  C:\Windows\System\uMzuaHC.exe
  2⤵
  PID:14040
- C:\Windows\System\JZyJDNj.exe
  C:\Windows\System\JZyJDNj.exe
  2⤵
  PID:14068
- C:\Windows\System\DXCPKYa.exe
  C:\Windows\System\DXCPKYa.exe
  2⤵
  PID:14096
- C:\Windows\System\NgjJAGa.exe
  C:\Windows\System\NgjJAGa.exe
  2⤵
  PID:14124
- C:\Windows\System\SIKSmFK.exe
  C:\Windows\System\SIKSmFK.exe
  2⤵
  PID:14152
- C:\Windows\System\hXDnpaR.exe
  C:\Windows\System\hXDnpaR.exe
  2⤵
  PID:14180
- C:\Windows\System\vCdJeYj.exe
  C:\Windows\System\vCdJeYj.exe
  2⤵
  PID:14208
- C:\Windows\System\RdudgCO.exe
  C:\Windows\System\RdudgCO.exe
  2⤵
  PID:14236
- C:\Windows\System\CBZIXOH.exe
  C:\Windows\System\CBZIXOH.exe
  2⤵
  PID:14264
- C:\Windows\System\ZRYKbNd.exe
  C:\Windows\System\ZRYKbNd.exe
  2⤵
  PID:14292
- C:\Windows\System\qqSpGig.exe
  C:\Windows\System\qqSpGig.exe
  2⤵
  PID:14320
- C:\Windows\System\tVZtjuD.exe
  C:\Windows\System\tVZtjuD.exe
  2⤵
  PID:13348
- C:\Windows\System\tAtnoIi.exe
  C:\Windows\System\tAtnoIi.exe
  2⤵
  PID:5168
- C:\Windows\System\gxhZmsD.exe
  C:\Windows\System\gxhZmsD.exe
  2⤵
  PID:13440
- C:\Windows\System\zBuikZI.exe
  C:\Windows\System\zBuikZI.exe
  2⤵
  PID:13500
- C:\Windows\System\SgbIcei.exe
  C:\Windows\System\SgbIcei.exe
  2⤵
  PID:13556
- C:\Windows\System\ZCpwzbl.exe
  C:\Windows\System\ZCpwzbl.exe
  2⤵
  PID:13628
- C:\Windows\System\ipfJoLa.exe
  C:\Windows\System\ipfJoLa.exe
  2⤵
  PID:13692
- C:\Windows\System\gJzhzDJ.exe
  C:\Windows\System\gJzhzDJ.exe
  2⤵
  PID:13756
- C:\Windows\System\nYqjgfg.exe
  C:\Windows\System\nYqjgfg.exe
  2⤵
  PID:13828
- C:\Windows\System\mYBzZJA.exe
  C:\Windows\System\mYBzZJA.exe
  2⤵
  PID:13892
- C:\Windows\System\siirqqc.exe
  C:\Windows\System\siirqqc.exe
  2⤵
  PID:13968
- C:\Windows\System\PFLZMWF.exe
  C:\Windows\System\PFLZMWF.exe
  2⤵
  PID:14032
- C:\Windows\System\fEFBYJu.exe
  C:\Windows\System\fEFBYJu.exe
  2⤵
  PID:14092
- C:\Windows\System\lpVepXh.exe
  C:\Windows\System\lpVepXh.exe
  2⤵
  PID:14164
- C:\Windows\System\cTLHJIT.exe
  C:\Windows\System\cTLHJIT.exe
  2⤵
  PID:14228
- C:\Windows\System\DzhVKxD.exe
  C:\Windows\System\DzhVKxD.exe
  2⤵
  PID:14288
- C:\Windows\System\pYIMiRJ.exe
  C:\Windows\System\pYIMiRJ.exe
  2⤵
  PID:5152
- C:\Windows\System\cqXanxc.exe
  C:\Windows\System\cqXanxc.exe
  2⤵
  PID:13468
- C:\Windows\System\NxFmVqV.exe
  C:\Windows\System\NxFmVqV.exe
  2⤵
  PID:13608
- C:\Windows\System\mAdCDnQ.exe
  C:\Windows\System\mAdCDnQ.exe
  2⤵
  PID:13752
- C:\Windows\System\lFiDYcp.exe
  C:\Windows\System\lFiDYcp.exe
  2⤵
  PID:13920
- C:\Windows\System\ohTbtSo.exe
  C:\Windows\System\ohTbtSo.exe
  2⤵
  PID:14080
- C:\Windows\System\bvcYlsf.exe
  C:\Windows\System\bvcYlsf.exe
  2⤵
  PID:14220
- C:\Windows\System\kTclKxv.exe
  C:\Windows\System\kTclKxv.exe
  2⤵
  PID:13416
- C:\Windows\System\TyfTdkT.exe
  C:\Windows\System\TyfTdkT.exe
  2⤵
  PID:13720
- C:\Windows\System\aTNaiYs.exe
  C:\Windows\System\aTNaiYs.exe
  2⤵
  PID:14060
- C:\Windows\System\VmUIrlv.exe
  C:\Windows\System\VmUIrlv.exe
  2⤵
  PID:13332
- C:\Windows\System\vSCxoru.exe
  C:\Windows\System\vSCxoru.exe
  2⤵
  PID:14192
- C:\Windows\System\WhQpVtp.exe
  C:\Windows\System\WhQpVtp.exe
  2⤵
  PID:14024
- C:\Windows\System\LkwGNgy.exe
  C:\Windows\System\LkwGNgy.exe
  2⤵
  PID:14364
- C:\Windows\System\OqpdUXK.exe
  C:\Windows\System\OqpdUXK.exe
  2⤵
  PID:14392
- C:\Windows\System\DocQMPi.exe
  C:\Windows\System\DocQMPi.exe
  2⤵
  PID:14420
- C:\Windows\System\MmnSoba.exe
  C:\Windows\System\MmnSoba.exe
  2⤵
  PID:14448
- C:\Windows\System\sNNLJYM.exe
  C:\Windows\System\sNNLJYM.exe
  2⤵
  PID:14476
- C:\Windows\System\kbwwLSG.exe
  C:\Windows\System\kbwwLSG.exe
  2⤵
  PID:14504
- C:\Windows\System\qcQHczb.exe
  C:\Windows\System\qcQHczb.exe
  2⤵
  PID:14532
- C:\Windows\System\XRlgfnQ.exe
  C:\Windows\System\XRlgfnQ.exe
  2⤵
  PID:14560
- C:\Windows\System\ttnhGlu.exe
  C:\Windows\System\ttnhGlu.exe
  2⤵
  PID:14588
- C:\Windows\System\RNVbOmH.exe
  C:\Windows\System\RNVbOmH.exe
  2⤵
  PID:14616
- C:\Windows\System\zCofHLJ.exe
  C:\Windows\System\zCofHLJ.exe
  2⤵
  PID:14644
- C:\Windows\System\tUBsDeR.exe
  C:\Windows\System\tUBsDeR.exe
  2⤵
  PID:14672
- C:\Windows\System\NoONSOb.exe
  C:\Windows\System\NoONSOb.exe
  2⤵
  PID:14704
- C:\Windows\System\QxYmfaj.exe
  C:\Windows\System\QxYmfaj.exe
  2⤵
  PID:14732
- C:\Windows\System\ISXqFEa.exe
  C:\Windows\System\ISXqFEa.exe
  2⤵
  PID:14760
- C:\Windows\System\vLrPwxG.exe
  C:\Windows\System\vLrPwxG.exe
  2⤵
  PID:14792
- C:\Windows\System\WugwWup.exe
  C:\Windows\System\WugwWup.exe
  2⤵
  PID:14808
- C:\Windows\System\knPbcFa.exe
  C:\Windows\System\knPbcFa.exe
  2⤵
  PID:14848
- C:\Windows\System\bGZKYgV.exe
  C:\Windows\System\bGZKYgV.exe
  2⤵
  PID:14880
- C:\Windows\System\dLxmewR.exe
  C:\Windows\System\dLxmewR.exe
  2⤵
  PID:14908
- C:\Windows\System\cijBEpm.exe
  C:\Windows\System\cijBEpm.exe
  2⤵
  PID:14936
- C:\Windows\System\pnggPKA.exe
  C:\Windows\System\pnggPKA.exe
  2⤵
  PID:14964
- C:\Windows\System\MwUlsXt.exe
  C:\Windows\System\MwUlsXt.exe
  2⤵
  PID:14992
- C:\Windows\System\YnKLGKv.exe
  C:\Windows\System\YnKLGKv.exe
  2⤵
  PID:15108
- C:\Windows\System\JJwUZDC.exe
  C:\Windows\System\JJwUZDC.exe
  2⤵
  PID:15156
- C:\Windows\System\SstwtRE.exe
  C:\Windows\System\SstwtRE.exe
  2⤵
  PID:14556
- C:\Windows\System\BminSac.exe
  C:\Windows\System\BminSac.exe
  2⤵
  PID:14608
- C:\Windows\System\xBLcwXO.exe
  C:\Windows\System\xBLcwXO.exe
  2⤵
  PID:14696
- C:\Windows\System\nFodmGD.exe
  C:\Windows\System\nFodmGD.exe
  2⤵
  PID:14984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\GBLqpOL.exe

Filesize
6.0MB

MD5
8c4829ec176fd11add49fb1cf68e4173

SHA1
9f183cc6e13f239331b6611c429d20de09fa7a48

SHA256
aeb796ac8929ca53cb4796dab3d315cdc40963c42df5efc026a2caa5f1e09aff

SHA512
7d744baa9d659cf715be4467c68ef74775027172f393a3c0755c82402725fe35be2961a1d42258c399eb887fcd37bde83706ae59a316b9f6feadde399b61035c

Download Submit
C:\Windows\System\GPUhCpu.exe

Filesize
6.0MB

MD5
76da28578864a93e59ef9a003fc9bae1

SHA1
b1069097ad49df075e49ec974d1045094e808938

SHA256
66643058584940381482d97b093383b8122bfc8e21d4582ebf01f93bbbe30576

SHA512
3f610d400ead1cd2cb4fa71f2c9f959766a80663fd2cc9c0a2cecc841b739d98481229fe8935aa4319979b79043ec55aaa46a97adfcd942f5c0d61837dbbd695

Download Submit
C:\Windows\System\GyvXKEY.exe

Filesize
6.0MB

MD5
bc3cb94c806e04a74b98b76fe488086a

SHA1
84e44a04f9ba945f30afb049e95ec1686b08e812

SHA256
f214c868c7be1b8fe0193cfef2bd8fa565baf1c4932ccdbc0003c75b0ce08e5b

SHA512
6b65ec77cabb5b2308958b16f43bd48534aa3fadf9088f04a56c45282e3d7bb5427e0c0658b79d94a92165f1f6f3f8551d82c2cb27baf79874baa4a5cf3fd556

Download Submit
C:\Windows\System\HPWmfqk.exe

Filesize
6.0MB

MD5
04e9c7733160e25034faada2e57af11c

SHA1
e0a8b4d39be60fcaadb772379a32acf3ef47b68c

SHA256
2c5e176b0081d060edbddbc37810fd4001a4d0ccb0d8a47a9107bfc862cb0b12

SHA512
4aaab434f5fd24e1556d7adeae7dbb336332ba03aaba605b0c9b6f5080749fededb1b7f0b53e39846516b561bf30a226c0d3ad0bd5ad06e6f59ca0ba936888f4

Download Submit
C:\Windows\System\HhVzgrL.exe

Filesize
6.0MB

MD5
e0e81c2d651ff575af9585c58027a142

SHA1
a3e4590cc862b6e9ff3fd9d385f5c9d3ce1032f6

SHA256
ebbef158686af94eb405ad826338b655f3e3ff1542047e9de93c7d29ba124e37

SHA512
4e7ad14c84e53f86f2d1875c984d8b50bbf2309383a0f1ed62246d93466c0f0364c420624d77fb986d9c74c19037eeff31c5d4e09652c67e95444082978ee5a0

Download Submit
C:\Windows\System\HlqkXMN.exe

Filesize
6.0MB

MD5
3b0f477d2a1d4ad3f01dde251b118376

SHA1
8f0f792c603261ff897267cac9896b8b27c56f0e

SHA256
28e67d69b79fed18b949ab18b797dfbecdbf5a3dd7cc11795dea125141d7e530

SHA512
16d30dce14602d13b1b9c7875f303fea45017522b4f2f7dd831d1f8683efa7a96408dbdd894f93761b282976cb2c38c4748c98bcad26d774a0813392de3584fd

Download Submit
C:\Windows\System\IQAwJch.exe

Filesize
6.0MB

MD5
90a8085bd084ab239cf1e717587d23a3

SHA1
9b2b9fcae4f8510fdc42caab7d89aad4708b6f84

SHA256
678842f0ef2ed69ccfe5541bb52a53a6705927894c4ce986c84c8804bfe9e1c1

SHA512
8a2e1ebff4eb37b80c67e0a4cdd292587a89253fb70086db8cd49c435ede3520eb51d629c2df9d48c4e93d78ad7e127ecb5f572a9e27603238c301ccbf177e9c

Download Submit
C:\Windows\System\IpCpxjX.exe

Filesize
6.0MB

MD5
bf0ea04ece6f03cfbceb8517e642d45e

SHA1
24e6e6b362314e58d4b611a6ffb09d3b642a8e34

SHA256
dee70914a79e5c1321329821c9fccfb6acc9139e87b9ff387574ae1af45df352

SHA512
825a509612fd0b9d77141d99f8e35039777429f545913044b50484e6994b46d2075f4daf9383a70dbc74b121e814a9d2c04299cfedb84a97173442d9fca69d36

Download Submit
C:\Windows\System\JKYQhQa.exe

Filesize
6.0MB

MD5
c2eae58696c6e55e8dfbe48642d557bc

SHA1
9e304ef26dc658a98c8c5f492df8a78b29c321e7

SHA256
3baf95bbfe7745ebc56845e9ee48f72f101be5533097a6590be6b2485e483b8f

SHA512
e27839e0f1faafa86f6ce3374e41e618ada9fd23385b3d7fd1f891e210e237d32ac507fd2fefa0bb146ddda681c29bde3e7d016e5407c3dd4fe77db65b3c631f

Download Submit
C:\Windows\System\KUczgeE.exe

Filesize
6.0MB

MD5
a641e37193e9c0a9b7c1009310fc0eac

SHA1
24c18f0f3a43fa09a2644c5246dd0d2dda46fc2f

SHA256
30337e0eb76f3fe95ac3549aead37bc5df68a2f81e598a4d1e767ebcd85ecc16

SHA512
52597a670b11aee45183bf93665fb06e61857a47bb1f1527e43cc7c650bdcb0e396a949c08eafd1658c45e7a7de468199536be1ae8564cc6ffe32b654a741ed0

Download Submit
C:\Windows\System\MDVwLPW.exe

Filesize
6.0MB

MD5
82ca2c247fd2dc1ebef13f8feb34e66d

SHA1
a39dfe704d285fe179a9a8af52a75f86400e7c65

SHA256
c817311333146a009c427e50720285febeafe7fb81b3404f216f09b08e3aa637

SHA512
e6731531c85600f34f59acf3622a161a34647368a172fd3a06446ec3b46caf9d5e79e64a973350877456ab46d604f302a23a260f6f9c967ffcac231f33889d2a

Download Submit
C:\Windows\System\NJtVudf.exe

Filesize
6.0MB

MD5
199a1cf2f410bebcc6129d624bcc8ee9

SHA1
a56c5a269ab7a066135fd2d661e976e64576cc6d

SHA256
48e4a70b7b2fb7fe4ec0387884f85ba245e59c62a449a084332be68b47e63cdb

SHA512
ff743bf4e763bc7290e66a757f880f42c350cc8d03e6ac0ccb9c4be00ac4df91ea74f91b9909495496f9298c879eb78540d6d2c60cde913bb88f989ef839cc5c

Download Submit
C:\Windows\System\NcaATSl.exe

Filesize
6.0MB

MD5
b4ff56650f6915b7f04e2dd1ddffaaf4

SHA1
2856c149239ac650bbdebc286da00fcf8909e7f1

SHA256
1b432bdbeecf85315948f41cb67ed47699634b0e671a3ae316177b0dd4318d34

SHA512
32b8e30c3bf3f64b301ee6301cbbb34990069985941b4d2624255eab7443c02e9c82af67a23720443945dab8180eb28bcee153e43c8c887a70c905b09139bbbc

Download Submit
C:\Windows\System\OuZCWLG.exe

Filesize
6.0MB

MD5
86300d4b661959c7c9b704c5b3302e40

SHA1
f8da1e34b954f74251b68288193f4027620a92b3

SHA256
412ac9c45f11046b9d589c29fa11ec1db638188e53dd6face5d480dc3fe7b333

SHA512
864e85a45ede70aed54dbb25b825b90f79d38eb9d2c0fd159ba3b653aeaec1ee6fa42d9374d257253e2bba964dcdeb20a6b9d96b5c4959d85b1300a3b8e6ab47

Download Submit
C:\Windows\System\PGylQVX.exe

Filesize
6.0MB

MD5
efc37652f07958689ca5705ddb72e92f

SHA1
3168fc893ac2301719fbf5143a2b02de668fc502

SHA256
14dfe1fb139e09d786af341917b455efd59d8a3d30b038ed15b95066ae69d54e

SHA512
53bcd20580529348b96d9bb263c2a1b814cd82cf4e4d56370c2d34e5275b382ca2c34d9e90e46581231ab706f473b7e6d90e41264deb5952df13bd9a90e0dcc4

Download Submit
C:\Windows\System\RpOQjlA.exe

Filesize
6.0MB

MD5
22e702aba12a0ee4df9e20d93ab256d0

SHA1
d5ea2a98bcc16fc5909ff721c3cc7478275d23ca

SHA256
5b0fa0ed6fcc3fbd6bd92c3683ef9ff8598cd4d85f26dfac042ef8788e64484c

SHA512
9fd7719ab209654d0f49ba6db2e95b2ac950b3696e73fdc9974780c4942137f8626ce66dd7f7ca13f68f219c0dbeacc90b285661232e249587136805052ae445

Download Submit
C:\Windows\System\SFnwUMr.exe

Filesize
6.0MB

MD5
4fe40c5ce28f0bb19c613074e2ffa64d

SHA1
87c7601548e66125293df8291cd7b3ede5a628e9

SHA256
e6c44c21c16552b4d657a80d6a6b491a4e1b3853ff50aa42cf30a333371506da

SHA512
e9603db6e592847577528776a63aadc99370fb4207f207d7f26ae68577cfc027695c4a12511e85f06ba424f81bbe02ef242aa363b6a29fa4fa7a05de90f8399e

Download Submit
C:\Windows\System\TbojHxX.exe

Filesize
6.0MB

MD5
50c7a461d954bfd336bf031e3ece2678

SHA1
fa075f3cc7315bbfcbb06369d0655cf2b4228cb9

SHA256
f48cc002c222f747fc9b74d5a6eecc737fca7c2ef3403e8934f69a913cbc9f16

SHA512
6e05b3c3ffb697002c8416d69de2768ea7cfc675fcda22aafd662f4f2e6af710f44c689c3382bc34d7fe3484b4834c6f776bd34f448cdf018469200831641a4c

Download Submit
C:\Windows\System\UVZHBQf.exe

Filesize
6.0MB

MD5
6da119483e03a7a962b734fa26a5cdcb

SHA1
c6fb9fa03948f029f035a6ed02e603f5bafe784f

SHA256
8927f27f3a9e05bacc56b281b0feb4fae812c62041752aff56d8b1eafdca1925

SHA512
1861ecb278a9e0ddf14cf05ffbc288866afb5d8b08399cfec07ed3a7d8e0c7964ae6c0077a01906f967ef0152d3b08d64494e65b679c60b5533d5bee9aefd35a

Download Submit
C:\Windows\System\VKaMBUm.exe

Filesize
6.0MB

MD5
e042caf2fbbc1c293b57ba21b572e51d

SHA1
9c228ab88e135b76feda4d8a06388194c32d32b0

SHA256
8b71b7d2167a9df50626953c5e160c46c0fddaf3b073cd9fd0b4a73997737c6e

SHA512
7c2cf9163d8104bf7e379e36cfe7946bdc9545144b17c7069ecb75bd15c5c61dfde3f391de13f94064297ed9f1883a49cf2f5706b6c8cde0df19f9e54929522c

Download Submit
C:\Windows\System\VNdKlja.exe

Filesize
6.0MB

MD5
ac19fee5f956d430e208bd96cf2f88eb

SHA1
d5dcd9fcafe8515a637fcea4b41bc4ddf6a1a352

SHA256
9c7931e5bf95e52c64b63741b9ea928c637465ea67eb1c46bdfd1fb05bc2d866

SHA512
0efcd6ceee0469c99a9381823441518e7bb504002558e960d425c5b5a6adfdfefccf355f98b6668a34a6b546755de696ec395f7f1171ca62f04db2be4197d33f

Download Submit
C:\Windows\System\WUUOwbL.exe

Filesize
6.0MB

MD5
f900525405e594d509e8f7f7c328be6c

SHA1
12b96c84acfeb7d82f5df3ad3394b33dfac6755f

SHA256
6eb8c2487d064bddc57fc53a78fb637f35d06b80bdcfb78b50c625a7f90991b8

SHA512
bed3dacca7daea6a351d48ff5f0735fb1ad4ba98c5fa693ca918f1576d8c431db3b48115a7f86f5a1c410047cb667ec3c8d5a49252ccd4c4690675b976ac2d9a

Download Submit
C:\Windows\System\XTkbswb.exe

Filesize
6.0MB

MD5
3a6eb03bdff368c1d6da9208eb9d0228

SHA1
4581db26a3900aa0650490f62a8a2a25801b1c9b

SHA256
0c406006681d608f084bacaa055375fb7d781adf047ae01048cae0e1085084e2

SHA512
fe1648c62af2ae7f32c986683d63b230cb652e2322e9b6d1313b010d49cc2460545994d885c839b29102227e9d8330786133e5d4a34d5835cce4547c5f336d39

Download Submit
C:\Windows\System\bkxqoqC.exe

Filesize
6.0MB

MD5
e579b5d2f227b17795ec81749691454d

SHA1
4d07c8a882528d2532b0f0cd9f96b05debf3895e

SHA256
67983c8d411d7a96f687f22ea3515c36b5e94e8ab5a16dd4bd138eb23ded623a

SHA512
fd3b761f7a85c2d46873849128c8ea76f1effcacd7b8cec7a4e7a8882508f2f8afc1304da87f0faa5317bdc727e97eba7c207e7ab0f8012a3d4036d5a2624e35

Download Submit
C:\Windows\System\eeTQJQX.exe

Filesize
6.0MB

MD5
65347f006e014494b5868f374e99a85a

SHA1
aba911c880c21ae10897076bb73d2135af8b894c

SHA256
928ec62023afdcc7d5a79b660eb87387ebb4744aeb259b687c1f814f42aad610

SHA512
3448b721cab2ae20b1cb542554c5026eb28456fc6fcd00cc24c512fc34bd259f8c377d563d99b9e9f258a4e1977d32d2e229d98887c76530f66b9a94eb596e92

Download Submit
C:\Windows\System\fPjJUjQ.exe

Filesize
6.0MB

MD5
e48fd1cc3e4a1dfc49792b15618dece6

SHA1
9274abdb85102dc1c13472f4e375b9e60d7f1155

SHA256
0f28cf7830d7526291a1e25b936747ca1854cccc2d48351ff9884ea285798155

SHA512
eb8ff6adc9a27847a8c9aa9e990329d94defc2a0ac1e820a900543e896e24c83fbab380373e362c46998011e15da54c51a784b2dae9f777be068d978069884cb

Download Submit
C:\Windows\System\hNGmHff.exe

Filesize
6.0MB

MD5
b5a4c7ccc29666cb3e75f9409867cbf4

SHA1
56d5f2987ae4b8fcfd731a5a44a56717c543ce96

SHA256
7674e48e4fdd889d96be34d51ea24e7754a2b1cb9df7d28753196303a2f5c2a4

SHA512
d1de91070e365631d0d894d490a5c82b982d36f434f6d08306b928891e4078281e90e84b9944d6f773e9a9ff3d835bf2d5bfb6cbc0e55802727c6f36fda10ef2

Download Submit
C:\Windows\System\jxyifKj.exe

Filesize
6.0MB

MD5
707c1102743106be86d6eb2f85e970c4

SHA1
97e0db831a14b1cf43ba6faad2c6281c425d199a

SHA256
061dd2b5bd32cfb6472e9a4cc97c807cdefee0d0fa362b3c3d386f558264903c

SHA512
ccf22e7fafaef27584dfa8e7bfef05744846b9880fa5503ea487b464782554f1b3d623a9180ae0845f747401214a5e76e8ec5c639b992fb9b86109ab06451278

Download Submit
C:\Windows\System\kgKQfWP.exe

Filesize
6.0MB

MD5
899947ca4e95cae0db3bc0216dcb6ba9

SHA1
ac723f8141d50b88bd76e8507fd2dbffd1dcf3e8

SHA256
b054f00efd29292da5175351db99dc5dab6d573a0f2c39a3123062e31e474b05

SHA512
7ec9b38dbc65405262d1798a46a097c99d4fa8ce375546907da6395cf4545ab10ba921598248a1c5602e5b6ddd3383b13b36f35bb571408c1bc724ee5a39ca53

Download Submit
C:\Windows\System\oTCzzGu.exe

Filesize
6.0MB

MD5
ea20e8744078d06468c34a2392441746

SHA1
b1b395573d1b990e3fd7797b65beba4f291f58dc

SHA256
5f6cafb0ef9d1aaba8069539da5cafd4238eaab2765dafd70f4fe6ea526544a3

SHA512
0eec7eb1d8f354ae9fb43b42eb80693f4f2ca44491a0617dc2d5bbc4005be3f41b29e3a2dc687ac87697143adda85122697d9604de7242d89153dcb46f72ad12

Download Submit
C:\Windows\System\pqvkzth.exe

Filesize
6.0MB

MD5
b0510c2f70eafb7408132005a64ebb4b

SHA1
c082db5ec35c986d266cf9f3424b9a16daa63319

SHA256
b61e9487ec26bfdf7fd2ec828a490b65bc01496b22835d82a4bfb3a404d32aa4

SHA512
04a776b4b133a8130359d5e4364f9068efb3206220a26dca1a0de109abd37157aebe05633a72505b41e0c3f0eb1dd16d58b201c9f86f62521bb4f0a5f95c3db4

Download Submit
C:\Windows\System\qpqhqBa.exe

Filesize
6.0MB

MD5
0083839bd0b4d193cb7d4c20feacaa1a

SHA1
ef7109cf0fd14c7da54ec8c8234dcc36a6cc9ac2

SHA256
f14ef87560145134b4801fe8451568990b24ef03d14f81dfac080e88e59b3b49

SHA512
4619e927d1d7f63151d072a9319cc3b80178ac0990411d664e2cc3f810884437c9a0040bd4659f36f7d45c6ca88543f8d06a644684d4369c5fa69be7f15a5cea

Download Submit
C:\Windows\System\wRIaCvo.exe

Filesize
6.0MB

MD5
5268f2c5999a19e710c20a28e56ef518

SHA1
fdf6736264a9053729a590a506cc07535e514790

SHA256
dd89d3f06948771b13ad48f836be26e2fe2e56794bfd8b4a71aff0eb292c7570

SHA512
9ddbbe5c7deddfb4999a17f8905e866c42e9e3175b94512f5a96366f457574fbd4a6d4c3822a8f79abd51dfe0ff32d844ba69c98e40e5fab94357131bae748d1

Download Submit
memory/932-582-0x00007FF73D5F0000-0x00007FF73D944000-memory.dmp

Filesize
3.3MB

Download
memory/932-2377-0x00007FF73D5F0000-0x00007FF73D944000-memory.dmp

Filesize
3.3MB

Download
memory/1016-2367-0x00007FF64BE80000-0x00007FF64C1D4000-memory.dmp

Filesize
3.3MB

Download
memory/1016-576-0x00007FF64BE80000-0x00007FF64C1D4000-memory.dmp

Filesize
3.3MB

Download
memory/1440-1-0x000002C224390000-0x000002C2243A0000-memory.dmp

Filesize
64KB

Download
memory/1440-58-0x00007FF7C0A50000-0x00007FF7C0DA4000-memory.dmp

Filesize
3.3MB

Download
memory/1440-0-0x00007FF7C0A50000-0x00007FF7C0DA4000-memory.dmp

Filesize
3.3MB

Download
memory/1632-1066-0x00007FF6E0CD0000-0x00007FF6E1024000-memory.dmp

Filesize
3.3MB

Download
memory/1632-91-0x00007FF6E0CD0000-0x00007FF6E1024000-memory.dmp

Filesize
3.3MB

Download
memory/1632-2364-0x00007FF6E0CD0000-0x00007FF6E1024000-memory.dmp

Filesize
3.3MB

Download
memory/1804-2378-0x00007FF695110000-0x00007FF695464000-memory.dmp

Filesize
3.3MB

Download
memory/1804-593-0x00007FF695110000-0x00007FF695464000-memory.dmp

Filesize
3.3MB

Download
memory/2304-8-0x00007FF639970000-0x00007FF639CC4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-2163-0x00007FF639970000-0x00007FF639CC4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-61-0x00007FF639970000-0x00007FF639CC4000-memory.dmp

Filesize
3.3MB

Download
memory/2336-580-0x00007FF6563A0000-0x00007FF6566F4000-memory.dmp

Filesize
3.3MB

Download
memory/2336-2375-0x00007FF6563A0000-0x00007FF6566F4000-memory.dmp

Filesize
3.3MB

Download
memory/2452-795-0x00007FF6855A0000-0x00007FF6858F4000-memory.dmp

Filesize
3.3MB

Download
memory/2452-2361-0x00007FF6855A0000-0x00007FF6858F4000-memory.dmp

Filesize
3.3MB

Download
memory/2452-62-0x00007FF6855A0000-0x00007FF6858F4000-memory.dmp

Filesize
3.3MB

Download
memory/2476-2366-0x00007FF7CDEB0000-0x00007FF7CE204000-memory.dmp

Filesize
3.3MB

Download
memory/2476-69-0x00007FF7CDEB0000-0x00007FF7CE204000-memory.dmp

Filesize
3.3MB

Download
memory/2476-861-0x00007FF7CDEB0000-0x00007FF7CE204000-memory.dmp

Filesize
3.3MB

Download
memory/2632-2372-0x00007FF68D040000-0x00007FF68D394000-memory.dmp

Filesize
3.3MB

Download
memory/2632-586-0x00007FF68D040000-0x00007FF68D394000-memory.dmp

Filesize
3.3MB

Download
memory/2904-40-0x00007FF664BB0000-0x00007FF664F04000-memory.dmp

Filesize
3.3MB

Download
memory/2904-595-0x00007FF664BB0000-0x00007FF664F04000-memory.dmp

Filesize
3.3MB

Download
memory/3144-2380-0x00007FF6D8610000-0x00007FF6D8964000-memory.dmp

Filesize
3.3MB

Download
memory/3144-594-0x00007FF6D8610000-0x00007FF6D8964000-memory.dmp

Filesize
3.3MB

Download
memory/3168-36-0x00007FF789A10000-0x00007FF789D64000-memory.dmp

Filesize
3.3MB

Download
memory/3168-97-0x00007FF789A10000-0x00007FF789D64000-memory.dmp

Filesize
3.3MB

Download
memory/3244-583-0x00007FF70EC50000-0x00007FF70EFA4000-memory.dmp

Filesize
3.3MB

Download
memory/3244-2376-0x00007FF70EC50000-0x00007FF70EFA4000-memory.dmp

Filesize
3.3MB

Download
memory/3472-75-0x00007FF65B130000-0x00007FF65B484000-memory.dmp

Filesize
3.3MB

Download
memory/3472-929-0x00007FF65B130000-0x00007FF65B484000-memory.dmp

Filesize
3.3MB

Download
memory/3472-2362-0x00007FF65B130000-0x00007FF65B484000-memory.dmp

Filesize
3.3MB

Download
memory/3528-47-0x00007FF6EDBA0000-0x00007FF6EDEF4000-memory.dmp

Filesize
3.3MB

Download
memory/3528-598-0x00007FF6EDBA0000-0x00007FF6EDEF4000-memory.dmp

Filesize
3.3MB

Download
memory/3784-67-0x00007FF60F870000-0x00007FF60FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/3784-2173-0x00007FF60F870000-0x00007FF60FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/3784-12-0x00007FF60F870000-0x00007FF60FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/3820-81-0x00007FF6716E0000-0x00007FF671A34000-memory.dmp

Filesize
3.3MB

Download
memory/3820-25-0x00007FF6716E0000-0x00007FF671A34000-memory.dmp

Filesize
3.3MB

Download
memory/3832-1003-0x00007FF7F2960000-0x00007FF7F2CB4000-memory.dmp

Filesize
3.3MB

Download
memory/3832-82-0x00007FF7F2960000-0x00007FF7F2CB4000-memory.dmp

Filesize
3.3MB

Download
memory/3832-2363-0x00007FF7F2960000-0x00007FF7F2CB4000-memory.dmp

Filesize
3.3MB

Download
memory/3840-90-0x00007FF6FC500000-0x00007FF6FC854000-memory.dmp

Filesize
3.3MB

Download
memory/3840-30-0x00007FF6FC500000-0x00007FF6FC854000-memory.dmp

Filesize
3.3MB

Download
memory/3908-74-0x00007FF7E83B0000-0x00007FF7E8704000-memory.dmp

Filesize
3.3MB

Download
memory/3908-18-0x00007FF7E83B0000-0x00007FF7E8704000-memory.dmp

Filesize
3.3MB

Download
memory/3956-2371-0x00007FF693500000-0x00007FF693854000-memory.dmp

Filesize
3.3MB

Download
memory/3956-588-0x00007FF693500000-0x00007FF693854000-memory.dmp

Filesize
3.3MB

Download
memory/4084-578-0x00007FF755480000-0x00007FF7557D4000-memory.dmp

Filesize
3.3MB

Download
memory/4084-2370-0x00007FF755480000-0x00007FF7557D4000-memory.dmp

Filesize
3.3MB

Download
memory/4120-2368-0x00007FF752F70000-0x00007FF7532C4000-memory.dmp

Filesize
3.3MB

Download
memory/4120-596-0x00007FF752F70000-0x00007FF7532C4000-memory.dmp

Filesize
3.3MB

Download
memory/4308-2374-0x00007FF6B6C40000-0x00007FF6B6F94000-memory.dmp

Filesize
3.3MB

Download
memory/4308-579-0x00007FF6B6C40000-0x00007FF6B6F94000-memory.dmp

Filesize
3.3MB

Download
memory/4320-577-0x00007FF626CC0000-0x00007FF627014000-memory.dmp

Filesize
3.3MB

Download
memory/4320-2369-0x00007FF626CC0000-0x00007FF627014000-memory.dmp

Filesize
3.3MB

Download
memory/4544-54-0x00007FF76DD10000-0x00007FF76E064000-memory.dmp

Filesize
3.3MB

Download
memory/4544-659-0x00007FF76DD10000-0x00007FF76E064000-memory.dmp

Filesize
3.3MB

Download
memory/4668-2365-0x00007FF6DDD80000-0x00007FF6DE0D4000-memory.dmp

Filesize
3.3MB

Download
memory/4668-1067-0x00007FF6DDD80000-0x00007FF6DE0D4000-memory.dmp

Filesize
3.3MB

Download
memory/4668-571-0x00007FF6DDD80000-0x00007FF6DE0D4000-memory.dmp

Filesize
3.3MB

Download
memory/4976-2379-0x00007FF626E10000-0x00007FF627164000-memory.dmp

Filesize
3.3MB

Download
memory/4976-589-0x00007FF626E10000-0x00007FF627164000-memory.dmp

Filesize
3.3MB

Download
memory/5104-2373-0x00007FF65F550000-0x00007FF65F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/5104-590-0x00007FF65F550000-0x00007FF65F8A4000-memory.dmp

Filesize
3.3MB

Download