cobaltstrike | c2283ab853d4083c2364d162483b9469c3b3f186ca21f7b066a8f07daf6101f0

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-12-2024 11:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

a4d4f6bedb195581358a4b321dbd0613
SHA1

b36bffd1b256db4856bb387ce9df995f8d631e95
SHA256

c2283ab853d4083c2364d162483b9469c3b3f186ca21f7b066a8f07daf6101f0
SHA512

d184e81fdc052b65f522eb588363c4417cc6f3f8937a222b3674bdd8f4772194b06c8639abcebacbc38f8e4780009e2afbf3b3d2ca5c0c29a779a99581b8d389
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUd:T+q56utgpPF8u/7d

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0008000000023cb1-6.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb6-28.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb4-36.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb8-50.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb9-54.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cba-65.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbb-67.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb7-48.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb5-35.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb3-33.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb2-12.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbc-70.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023caf-80.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbe-87.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbf-98.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc0-102.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc1-107.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc2-117.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc4-130.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc7-144.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc5-142.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc3-128.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbd-91.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc8-151.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc9-158.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cca-164.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ccc-177.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ccb-183.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ccf-196.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cce-194.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd1-202.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd0-201.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ccd-181.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4708-0-0x00007FF744730000-0x00007FF744A84000-memory.dmp	xmrig
behavioral2/files/0x0008000000023cb1-6.dat	xmrig
behavioral2/memory/4852-8-0x00007FF714810000-0x00007FF714B64000-memory.dmp	xmrig
behavioral2/memory/2540-24-0x00007FF7CAA00000-0x00007FF7CAD54000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb6-28.dat	xmrig
behavioral2/files/0x0007000000023cb4-36.dat	xmrig
behavioral2/files/0x0007000000023cb8-50.dat	xmrig
behavioral2/files/0x0007000000023cb9-54.dat	xmrig
behavioral2/memory/2460-62-0x00007FF7519A0000-0x00007FF751CF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cba-65.dat	xmrig
behavioral2/files/0x0007000000023cbb-67.dat	xmrig
behavioral2/memory/4856-64-0x00007FF650CF0000-0x00007FF651044000-memory.dmp	xmrig
behavioral2/memory/3104-63-0x00007FF79CF10000-0x00007FF79D264000-memory.dmp	xmrig
behavioral2/memory/4280-60-0x00007FF7F3900000-0x00007FF7F3C54000-memory.dmp	xmrig
behavioral2/memory/3984-59-0x00007FF6A9090000-0x00007FF6A93E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb7-48.dat	xmrig
behavioral2/files/0x0007000000023cb5-35.dat	xmrig
behavioral2/files/0x0007000000023cb3-33.dat	xmrig
behavioral2/memory/2068-29-0x00007FF648940000-0x00007FF648C94000-memory.dmp	xmrig
behavioral2/memory/796-31-0x00007FF62FC20000-0x00007FF62FF74000-memory.dmp	xmrig
behavioral2/memory/2444-25-0x00007FF71EA50000-0x00007FF71EDA4000-memory.dmp	xmrig
behavioral2/memory/4292-20-0x00007FF6BFFB0000-0x00007FF6C0304000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb2-12.dat	xmrig
behavioral2/files/0x0007000000023cbc-70.dat	xmrig
behavioral2/files/0x0008000000023caf-80.dat	xmrig
behavioral2/files/0x0007000000023cbe-87.dat	xmrig
behavioral2/files/0x0007000000023cbf-98.dat	xmrig
behavioral2/files/0x0007000000023cc0-102.dat	xmrig
behavioral2/files/0x0007000000023cc1-107.dat	xmrig
behavioral2/memory/4300-109-0x00007FF73E3D0000-0x00007FF73E724000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc2-117.dat	xmrig
behavioral2/files/0x0007000000023cc4-130.dat	xmrig
behavioral2/memory/220-136-0x00007FF7ACEA0000-0x00007FF7AD1F4000-memory.dmp	xmrig
behavioral2/memory/4800-139-0x00007FF75CE30000-0x00007FF75D184000-memory.dmp	xmrig
behavioral2/memory/2460-146-0x00007FF7519A0000-0x00007FF751CF4000-memory.dmp	xmrig
behavioral2/memory/1248-148-0x00007FF709610000-0x00007FF709964000-memory.dmp	xmrig
behavioral2/memory/4696-147-0x00007FF6D5200000-0x00007FF6D5554000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc7-144.dat	xmrig
behavioral2/files/0x0007000000023cc5-142.dat	xmrig
behavioral2/memory/3984-141-0x00007FF6A9090000-0x00007FF6A93E4000-memory.dmp	xmrig
behavioral2/memory/3524-140-0x00007FF764A70000-0x00007FF764DC4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc3-128.dat	xmrig
behavioral2/memory/796-121-0x00007FF62FC20000-0x00007FF62FF74000-memory.dmp	xmrig
behavioral2/memory/2068-116-0x00007FF648940000-0x00007FF648C94000-memory.dmp	xmrig
behavioral2/memory/1940-115-0x00007FF742D30000-0x00007FF743084000-memory.dmp	xmrig
behavioral2/memory/2444-111-0x00007FF71EA50000-0x00007FF71EDA4000-memory.dmp	xmrig
behavioral2/memory/4988-110-0x00007FF70CA30000-0x00007FF70CD84000-memory.dmp	xmrig
behavioral2/memory/2540-108-0x00007FF7CAA00000-0x00007FF7CAD54000-memory.dmp	xmrig
behavioral2/memory/3488-106-0x00007FF7DF720000-0x00007FF7DFA74000-memory.dmp	xmrig
behavioral2/memory/648-92-0x00007FF7CD600000-0x00007FF7CD954000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cbd-91.dat	xmrig
behavioral2/memory/4292-88-0x00007FF6BFFB0000-0x00007FF6C0304000-memory.dmp	xmrig
behavioral2/memory/5108-85-0x00007FF68C9A0000-0x00007FF68CCF4000-memory.dmp	xmrig
behavioral2/memory/4708-84-0x00007FF744730000-0x00007FF744A84000-memory.dmp	xmrig
behavioral2/memory/4472-72-0x00007FF6C8C90000-0x00007FF6C8FE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc8-151.dat	xmrig
behavioral2/memory/1692-157-0x00007FF7E0050000-0x00007FF7E03A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc9-158.dat	xmrig
behavioral2/memory/4856-154-0x00007FF650CF0000-0x00007FF651044000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cca-164.dat	xmrig
behavioral2/memory/336-171-0x00007FF601E00000-0x00007FF602154000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ccc-177.dat	xmrig
behavioral2/files/0x0007000000023ccb-183.dat	xmrig
behavioral2/files/0x0007000000023ccf-196.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4852	qkasQVq.exe
4292	IxuORYk.exe
2540	TDFTXWa.exe
2068	BSsNjBR.exe
2444	JbnqKMU.exe
796	OmCvxcM.exe
3984	kXIrkHF.exe
3104	ulToGgE.exe
4280	WPvRMZk.exe
2460	gpaNNMM.exe
4856	YGWTdLb.exe
4472	mwdZLBz.exe
5108	uqJMxOl.exe
648	iFcuknj.exe
3488	SPuBRLD.exe
4300	pYWaUGX.exe
4988	FPTlvJt.exe
1940	PmiTNff.exe
220	RQXMazK.exe
4696	iGAOdnn.exe
4800	KQdPnHy.exe
1248	CdyyEiU.exe
3524	CQUitbw.exe
1692	mVWMrkX.exe
4416	kiNTljI.exe
336	mVPZyML.exe
948	eUscsOX.exe
1964	uhwZdEq.exe
2044	DIzEjYv.exe
1300	JjLgtWR.exe
2952	KhPcbJl.exe
5080	EkFGGju.exe
3516	xlIISEs.exe
1180	zvJsRgI.exe
3256	PYVUtlz.exe
4220	rpRwzQd.exe
4428	yVPvDTW.exe
2780	efPLfDy.exe
1656	LkfZYCz.exe
3924	QwHLukJ.exe
3860	tGOvbpQ.exe
4644	ZAMYBWb.exe
4344	zXZXUnv.exe
5100	rUtOcZb.exe
876	Vulemxk.exe
4104	WBKqrJz.exe
5068	HhccApm.exe
3200	DnOqLsP.exe
544	LGLFeKQ.exe
448	wLqOjmU.exe
3668	OsVQOVE.exe
4392	ALBBYme.exe
1724	TLMVIZj.exe
3852	RAhRDMC.exe
1148	oqVzeQA.exe
3228	slsVICn.exe
2224	GoEmzKk.exe
4548	VSMnWkI.exe
4160	UszTgot.exe
4512	pMXHhvZ.exe
4600	XewEViB.exe
4564	pwKlEdK.exe
4164	mVfzeKI.exe
4072	eoqJeAt.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4708-0-0x00007FF744730000-0x00007FF744A84000-memory.dmp	upx
behavioral2/files/0x0008000000023cb1-6.dat	upx
behavioral2/memory/4852-8-0x00007FF714810000-0x00007FF714B64000-memory.dmp	upx
behavioral2/memory/2540-24-0x00007FF7CAA00000-0x00007FF7CAD54000-memory.dmp	upx
behavioral2/files/0x0007000000023cb6-28.dat	upx
behavioral2/files/0x0007000000023cb4-36.dat	upx
behavioral2/files/0x0007000000023cb8-50.dat	upx
behavioral2/files/0x0007000000023cb9-54.dat	upx
behavioral2/memory/2460-62-0x00007FF7519A0000-0x00007FF751CF4000-memory.dmp	upx
behavioral2/files/0x0007000000023cba-65.dat	upx
behavioral2/files/0x0007000000023cbb-67.dat	upx
behavioral2/memory/4856-64-0x00007FF650CF0000-0x00007FF651044000-memory.dmp	upx
behavioral2/memory/3104-63-0x00007FF79CF10000-0x00007FF79D264000-memory.dmp	upx
behavioral2/memory/4280-60-0x00007FF7F3900000-0x00007FF7F3C54000-memory.dmp	upx
behavioral2/memory/3984-59-0x00007FF6A9090000-0x00007FF6A93E4000-memory.dmp	upx
behavioral2/files/0x0007000000023cb7-48.dat	upx
behavioral2/files/0x0007000000023cb5-35.dat	upx
behavioral2/files/0x0007000000023cb3-33.dat	upx
behavioral2/memory/2068-29-0x00007FF648940000-0x00007FF648C94000-memory.dmp	upx
behavioral2/memory/796-31-0x00007FF62FC20000-0x00007FF62FF74000-memory.dmp	upx
behavioral2/memory/2444-25-0x00007FF71EA50000-0x00007FF71EDA4000-memory.dmp	upx
behavioral2/memory/4292-20-0x00007FF6BFFB0000-0x00007FF6C0304000-memory.dmp	upx
behavioral2/files/0x0007000000023cb2-12.dat	upx
behavioral2/files/0x0007000000023cbc-70.dat	upx
behavioral2/files/0x0008000000023caf-80.dat	upx
behavioral2/files/0x0007000000023cbe-87.dat	upx
behavioral2/files/0x0007000000023cbf-98.dat	upx
behavioral2/files/0x0007000000023cc0-102.dat	upx
behavioral2/files/0x0007000000023cc1-107.dat	upx
behavioral2/memory/4300-109-0x00007FF73E3D0000-0x00007FF73E724000-memory.dmp	upx
behavioral2/files/0x0007000000023cc2-117.dat	upx
behavioral2/files/0x0007000000023cc4-130.dat	upx
behavioral2/memory/220-136-0x00007FF7ACEA0000-0x00007FF7AD1F4000-memory.dmp	upx
behavioral2/memory/4800-139-0x00007FF75CE30000-0x00007FF75D184000-memory.dmp	upx
behavioral2/memory/2460-146-0x00007FF7519A0000-0x00007FF751CF4000-memory.dmp	upx
behavioral2/memory/1248-148-0x00007FF709610000-0x00007FF709964000-memory.dmp	upx
behavioral2/memory/4696-147-0x00007FF6D5200000-0x00007FF6D5554000-memory.dmp	upx
behavioral2/files/0x0007000000023cc7-144.dat	upx
behavioral2/files/0x0007000000023cc5-142.dat	upx
behavioral2/memory/3984-141-0x00007FF6A9090000-0x00007FF6A93E4000-memory.dmp	upx
behavioral2/memory/3524-140-0x00007FF764A70000-0x00007FF764DC4000-memory.dmp	upx
behavioral2/files/0x0007000000023cc3-128.dat	upx
behavioral2/memory/796-121-0x00007FF62FC20000-0x00007FF62FF74000-memory.dmp	upx
behavioral2/memory/2068-116-0x00007FF648940000-0x00007FF648C94000-memory.dmp	upx
behavioral2/memory/1940-115-0x00007FF742D30000-0x00007FF743084000-memory.dmp	upx
behavioral2/memory/2444-111-0x00007FF71EA50000-0x00007FF71EDA4000-memory.dmp	upx
behavioral2/memory/4988-110-0x00007FF70CA30000-0x00007FF70CD84000-memory.dmp	upx
behavioral2/memory/2540-108-0x00007FF7CAA00000-0x00007FF7CAD54000-memory.dmp	upx
behavioral2/memory/3488-106-0x00007FF7DF720000-0x00007FF7DFA74000-memory.dmp	upx
behavioral2/memory/648-92-0x00007FF7CD600000-0x00007FF7CD954000-memory.dmp	upx
behavioral2/files/0x0007000000023cbd-91.dat	upx
behavioral2/memory/4292-88-0x00007FF6BFFB0000-0x00007FF6C0304000-memory.dmp	upx
behavioral2/memory/5108-85-0x00007FF68C9A0000-0x00007FF68CCF4000-memory.dmp	upx
behavioral2/memory/4708-84-0x00007FF744730000-0x00007FF744A84000-memory.dmp	upx
behavioral2/memory/4472-72-0x00007FF6C8C90000-0x00007FF6C8FE4000-memory.dmp	upx
behavioral2/files/0x0007000000023cc8-151.dat	upx
behavioral2/memory/1692-157-0x00007FF7E0050000-0x00007FF7E03A4000-memory.dmp	upx
behavioral2/files/0x0007000000023cc9-158.dat	upx
behavioral2/memory/4856-154-0x00007FF650CF0000-0x00007FF651044000-memory.dmp	upx
behavioral2/files/0x0007000000023cca-164.dat	upx
behavioral2/memory/336-171-0x00007FF601E00000-0x00007FF602154000-memory.dmp	upx
behavioral2/files/0x0007000000023ccc-177.dat	upx
behavioral2/files/0x0007000000023ccb-183.dat	upx
behavioral2/files/0x0007000000023ccf-196.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\GFBeJIA.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FtknruP.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mocQbda.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yIbxVbg.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aucVKlj.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yVPvDTW.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cjMsHHx.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ydwgNem.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bBwixel.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SDoUhGt.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ntQiDZc.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wiOEzXL.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xYvsPWJ.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KrWLQFE.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yvEEtvM.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LgVPOaD.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xDXdnNE.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sdSCsYC.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iqBYhgg.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RhxpPhh.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TVGjEaS.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EFmovQq.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QGngJnn.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bVbrWtX.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RFZamNe.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aBZvXts.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UDSyMce.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iamkYgb.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mUVtJPu.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pfKvLQK.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ggzPLkE.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rFKOsPQ.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ofNwVLR.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XpkZyKR.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Houxqxm.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QwHLukJ.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ylSwOux.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DMjIGjN.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XsHfPxW.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\brnsoDs.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CQUitbw.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IZkrpQf.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\byMsvut.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Fuzqnro.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CxDZfws.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iUIbZoW.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GHyGfyE.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ruyGKuO.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LGLFeKQ.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eoqJeAt.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cgDjoFu.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZlOdfEL.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jcBTkWy.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rWLXIef.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DvdMxbd.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ksqqCNm.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PZEyYAA.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xpTuEYO.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NFytsJd.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pGOittb.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EcHsCTc.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pXsMSKR.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pqJtqMl.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VKpTaBb.exe	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4708 wrote to memory of 4852	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 4708 wrote to memory of 4852	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 4708 wrote to memory of 4292	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4708 wrote to memory of 4292	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4708 wrote to memory of 2540	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4708 wrote to memory of 2540	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4708 wrote to memory of 2444	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4708 wrote to memory of 2444	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4708 wrote to memory of 2068	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4708 wrote to memory of 2068	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4708 wrote to memory of 796	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4708 wrote to memory of 796	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4708 wrote to memory of 3984	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4708 wrote to memory of 3984	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4708 wrote to memory of 3104	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4708 wrote to memory of 3104	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4708 wrote to memory of 4280	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4708 wrote to memory of 4280	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4708 wrote to memory of 2460	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4708 wrote to memory of 2460	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4708 wrote to memory of 4856	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4708 wrote to memory of 4856	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4708 wrote to memory of 4472	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4708 wrote to memory of 4472	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4708 wrote to memory of 5108	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4708 wrote to memory of 5108	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4708 wrote to memory of 648	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4708 wrote to memory of 648	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4708 wrote to memory of 3488	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4708 wrote to memory of 3488	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4708 wrote to memory of 4300	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4708 wrote to memory of 4300	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4708 wrote to memory of 4988	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4708 wrote to memory of 4988	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4708 wrote to memory of 1940	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4708 wrote to memory of 1940	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4708 wrote to memory of 220	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4708 wrote to memory of 220	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4708 wrote to memory of 4696	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4708 wrote to memory of 4696	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4708 wrote to memory of 4800	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4708 wrote to memory of 4800	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4708 wrote to memory of 1248	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4708 wrote to memory of 1248	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4708 wrote to memory of 3524	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4708 wrote to memory of 3524	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4708 wrote to memory of 1692	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4708 wrote to memory of 1692	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4708 wrote to memory of 4416	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4708 wrote to memory of 4416	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4708 wrote to memory of 336	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4708 wrote to memory of 336	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4708 wrote to memory of 948	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4708 wrote to memory of 948	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4708 wrote to memory of 1964	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4708 wrote to memory of 1964	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4708 wrote to memory of 2044	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4708 wrote to memory of 2044	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4708 wrote to memory of 1300	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4708 wrote to memory of 1300	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4708 wrote to memory of 2952	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4708 wrote to memory of 2952	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4708 wrote to memory of 5080	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 4708 wrote to memory of 5080	4708	2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe	115

C:\Users\Admin\AppData\Local\Temp\2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-17_a4d4f6bedb195581358a4b321dbd0613_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4708
- C:\Windows\System\qkasQVq.exe
  C:\Windows\System\qkasQVq.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\IxuORYk.exe
  C:\Windows\System\IxuORYk.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\TDFTXWa.exe
  C:\Windows\System\TDFTXWa.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\JbnqKMU.exe
  C:\Windows\System\JbnqKMU.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\BSsNjBR.exe
  C:\Windows\System\BSsNjBR.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\OmCvxcM.exe
  C:\Windows\System\OmCvxcM.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\kXIrkHF.exe
  C:\Windows\System\kXIrkHF.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\ulToGgE.exe
  C:\Windows\System\ulToGgE.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\WPvRMZk.exe
  C:\Windows\System\WPvRMZk.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\gpaNNMM.exe
  C:\Windows\System\gpaNNMM.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\YGWTdLb.exe
  C:\Windows\System\YGWTdLb.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\mwdZLBz.exe
  C:\Windows\System\mwdZLBz.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\uqJMxOl.exe
  C:\Windows\System\uqJMxOl.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\iFcuknj.exe
  C:\Windows\System\iFcuknj.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\SPuBRLD.exe
  C:\Windows\System\SPuBRLD.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\pYWaUGX.exe
  C:\Windows\System\pYWaUGX.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\FPTlvJt.exe
  C:\Windows\System\FPTlvJt.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\PmiTNff.exe
  C:\Windows\System\PmiTNff.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\RQXMazK.exe
  C:\Windows\System\RQXMazK.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\iGAOdnn.exe
  C:\Windows\System\iGAOdnn.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\KQdPnHy.exe
  C:\Windows\System\KQdPnHy.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\CdyyEiU.exe
  C:\Windows\System\CdyyEiU.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\CQUitbw.exe
  C:\Windows\System\CQUitbw.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\mVWMrkX.exe
  C:\Windows\System\mVWMrkX.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\kiNTljI.exe
  C:\Windows\System\kiNTljI.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\mVPZyML.exe
  C:\Windows\System\mVPZyML.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\eUscsOX.exe
  C:\Windows\System\eUscsOX.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\uhwZdEq.exe
  C:\Windows\System\uhwZdEq.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\DIzEjYv.exe
  C:\Windows\System\DIzEjYv.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\JjLgtWR.exe
  C:\Windows\System\JjLgtWR.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\KhPcbJl.exe
  C:\Windows\System\KhPcbJl.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\EkFGGju.exe
  C:\Windows\System\EkFGGju.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\xlIISEs.exe
  C:\Windows\System\xlIISEs.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\zvJsRgI.exe
  C:\Windows\System\zvJsRgI.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\PYVUtlz.exe
  C:\Windows\System\PYVUtlz.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\rpRwzQd.exe
  C:\Windows\System\rpRwzQd.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\yVPvDTW.exe
  C:\Windows\System\yVPvDTW.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\efPLfDy.exe
  C:\Windows\System\efPLfDy.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\LkfZYCz.exe
  C:\Windows\System\LkfZYCz.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\QwHLukJ.exe
  C:\Windows\System\QwHLukJ.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\tGOvbpQ.exe
  C:\Windows\System\tGOvbpQ.exe
  2⤵
  - Executes dropped EXE
  PID:3860
- C:\Windows\System\ZAMYBWb.exe
  C:\Windows\System\ZAMYBWb.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\zXZXUnv.exe
  C:\Windows\System\zXZXUnv.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\rUtOcZb.exe
  C:\Windows\System\rUtOcZb.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\Vulemxk.exe
  C:\Windows\System\Vulemxk.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\WBKqrJz.exe
  C:\Windows\System\WBKqrJz.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\HhccApm.exe
  C:\Windows\System\HhccApm.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\DnOqLsP.exe
  C:\Windows\System\DnOqLsP.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\LGLFeKQ.exe
  C:\Windows\System\LGLFeKQ.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\wLqOjmU.exe
  C:\Windows\System\wLqOjmU.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\OsVQOVE.exe
  C:\Windows\System\OsVQOVE.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\ALBBYme.exe
  C:\Windows\System\ALBBYme.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System\TLMVIZj.exe
  C:\Windows\System\TLMVIZj.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\RAhRDMC.exe
  C:\Windows\System\RAhRDMC.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System\oqVzeQA.exe
  C:\Windows\System\oqVzeQA.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\slsVICn.exe
  C:\Windows\System\slsVICn.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\GoEmzKk.exe
  C:\Windows\System\GoEmzKk.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\VSMnWkI.exe
  C:\Windows\System\VSMnWkI.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\UszTgot.exe
  C:\Windows\System\UszTgot.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\pMXHhvZ.exe
  C:\Windows\System\pMXHhvZ.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\XewEViB.exe
  C:\Windows\System\XewEViB.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\pwKlEdK.exe
  C:\Windows\System\pwKlEdK.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\mVfzeKI.exe
  C:\Windows\System\mVfzeKI.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\eoqJeAt.exe
  C:\Windows\System\eoqJeAt.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\zfftGOV.exe
  C:\Windows\System\zfftGOV.exe
  2⤵
  PID:1800
- C:\Windows\System\NgfCqfq.exe
  C:\Windows\System\NgfCqfq.exe
  2⤵
  PID:2632
- C:\Windows\System\EWbCqaQ.exe
  C:\Windows\System\EWbCqaQ.exe
  2⤵
  PID:2908
- C:\Windows\System\EAnmyZU.exe
  C:\Windows\System\EAnmyZU.exe
  2⤵
  PID:4356
- C:\Windows\System\sJHmmnv.exe
  C:\Windows\System\sJHmmnv.exe
  2⤵
  PID:1892
- C:\Windows\System\CYUXONq.exe
  C:\Windows\System\CYUXONq.exe
  2⤵
  PID:3632
- C:\Windows\System\XxmcVbz.exe
  C:\Windows\System\XxmcVbz.exe
  2⤵
  PID:1212
- C:\Windows\System\pisWogg.exe
  C:\Windows\System\pisWogg.exe
  2⤵
  PID:112
- C:\Windows\System\hfSLZYE.exe
  C:\Windows\System\hfSLZYE.exe
  2⤵
  PID:3720
- C:\Windows\System\gesUyqf.exe
  C:\Windows\System\gesUyqf.exe
  2⤵
  PID:4972
- C:\Windows\System\cddoUAK.exe
  C:\Windows\System\cddoUAK.exe
  2⤵
  PID:4824
- C:\Windows\System\DQrkOlM.exe
  C:\Windows\System\DQrkOlM.exe
  2⤵
  PID:8
- C:\Windows\System\qUIlDnj.exe
  C:\Windows\System\qUIlDnj.exe
  2⤵
  PID:3628
- C:\Windows\System\bnUKYWK.exe
  C:\Windows\System\bnUKYWK.exe
  2⤵
  PID:4304
- C:\Windows\System\deohTcp.exe
  C:\Windows\System\deohTcp.exe
  2⤵
  PID:2396
- C:\Windows\System\UKyjAEV.exe
  C:\Windows\System\UKyjAEV.exe
  2⤵
  PID:3244
- C:\Windows\System\ngIjAYj.exe
  C:\Windows\System\ngIjAYj.exe
  2⤵
  PID:4348
- C:\Windows\System\kYiNHFj.exe
  C:\Windows\System\kYiNHFj.exe
  2⤵
  PID:4572
- C:\Windows\System\XIrbpRU.exe
  C:\Windows\System\XIrbpRU.exe
  2⤵
  PID:2892
- C:\Windows\System\fcAquNB.exe
  C:\Windows\System\fcAquNB.exe
  2⤵
  PID:3688
- C:\Windows\System\nRHhyjh.exe
  C:\Windows\System\nRHhyjh.exe
  2⤵
  PID:5088
- C:\Windows\System\OVNLxLF.exe
  C:\Windows\System\OVNLxLF.exe
  2⤵
  PID:2352
- C:\Windows\System\mOTCGwX.exe
  C:\Windows\System\mOTCGwX.exe
  2⤵
  PID:4484
- C:\Windows\System\EcHsCTc.exe
  C:\Windows\System\EcHsCTc.exe
  2⤵
  PID:2836
- C:\Windows\System\NiOIqSl.exe
  C:\Windows\System\NiOIqSl.exe
  2⤵
  PID:1592
- C:\Windows\System\ylSwOux.exe
  C:\Windows\System\ylSwOux.exe
  2⤵
  PID:3212
- C:\Windows\System\pXsMSKR.exe
  C:\Windows\System\pXsMSKR.exe
  2⤵
  PID:3660
- C:\Windows\System\oRMCAFc.exe
  C:\Windows\System\oRMCAFc.exe
  2⤵
  PID:3692
- C:\Windows\System\iBNrmcq.exe
  C:\Windows\System\iBNrmcq.exe
  2⤵
  PID:1632
- C:\Windows\System\PZEyYAA.exe
  C:\Windows\System\PZEyYAA.exe
  2⤵
  PID:3680
- C:\Windows\System\ZSOzMNW.exe
  C:\Windows\System\ZSOzMNW.exe
  2⤵
  PID:2576
- C:\Windows\System\uZjYGzo.exe
  C:\Windows\System\uZjYGzo.exe
  2⤵
  PID:4868
- C:\Windows\System\xyxKcZE.exe
  C:\Windows\System\xyxKcZE.exe
  2⤵
  PID:3848
- C:\Windows\System\kqjtnIU.exe
  C:\Windows\System\kqjtnIU.exe
  2⤵
  PID:1720
- C:\Windows\System\QjgJJev.exe
  C:\Windows\System\QjgJJev.exe
  2⤵
  PID:348
- C:\Windows\System\NApdvBS.exe
  C:\Windows\System\NApdvBS.exe
  2⤵
  PID:1840
- C:\Windows\System\KeFEYcg.exe
  C:\Windows\System\KeFEYcg.exe
  2⤵
  PID:3600
- C:\Windows\System\djoPwxR.exe
  C:\Windows\System\djoPwxR.exe
  2⤵
  PID:1512
- C:\Windows\System\WTPSPdx.exe
  C:\Windows\System\WTPSPdx.exe
  2⤵
  PID:2644
- C:\Windows\System\zQRDJdu.exe
  C:\Windows\System\zQRDJdu.exe
  2⤵
  PID:1568
- C:\Windows\System\aTfhCCb.exe
  C:\Windows\System\aTfhCCb.exe
  2⤵
  PID:3536
- C:\Windows\System\DrwPlSq.exe
  C:\Windows\System\DrwPlSq.exe
  2⤵
  PID:3560
- C:\Windows\System\xYvsPWJ.exe
  C:\Windows\System\xYvsPWJ.exe
  2⤵
  PID:5188
- C:\Windows\System\JZUcBzL.exe
  C:\Windows\System\JZUcBzL.exe
  2⤵
  PID:5272
- C:\Windows\System\mUVtJPu.exe
  C:\Windows\System\mUVtJPu.exe
  2⤵
  PID:5324
- C:\Windows\System\cwqZMRQ.exe
  C:\Windows\System\cwqZMRQ.exe
  2⤵
  PID:5352
- C:\Windows\System\xKqyqqd.exe
  C:\Windows\System\xKqyqqd.exe
  2⤵
  PID:5396
- C:\Windows\System\tUhzmhg.exe
  C:\Windows\System\tUhzmhg.exe
  2⤵
  PID:5452
- C:\Windows\System\YFQQTmL.exe
  C:\Windows\System\YFQQTmL.exe
  2⤵
  PID:5484
- C:\Windows\System\MgieuVd.exe
  C:\Windows\System\MgieuVd.exe
  2⤵
  PID:5512
- C:\Windows\System\hgpWecU.exe
  C:\Windows\System\hgpWecU.exe
  2⤵
  PID:5544
- C:\Windows\System\QbQZdjU.exe
  C:\Windows\System\QbQZdjU.exe
  2⤵
  PID:5568
- C:\Windows\System\JiADGFh.exe
  C:\Windows\System\JiADGFh.exe
  2⤵
  PID:5600
- C:\Windows\System\JvzILlI.exe
  C:\Windows\System\JvzILlI.exe
  2⤵
  PID:5628
- C:\Windows\System\hEardut.exe
  C:\Windows\System\hEardut.exe
  2⤵
  PID:5644
- C:\Windows\System\CdxIRiK.exe
  C:\Windows\System\CdxIRiK.exe
  2⤵
  PID:5676
- C:\Windows\System\bVeWyeL.exe
  C:\Windows\System\bVeWyeL.exe
  2⤵
  PID:5712
- C:\Windows\System\UNBpxRi.exe
  C:\Windows\System\UNBpxRi.exe
  2⤵
  PID:5740
- C:\Windows\System\WxBzVUn.exe
  C:\Windows\System\WxBzVUn.exe
  2⤵
  PID:5768
- C:\Windows\System\kdlMuWJ.exe
  C:\Windows\System\kdlMuWJ.exe
  2⤵
  PID:5796
- C:\Windows\System\mfziOTi.exe
  C:\Windows\System\mfziOTi.exe
  2⤵
  PID:5824
- C:\Windows\System\ozFHuVQ.exe
  C:\Windows\System\ozFHuVQ.exe
  2⤵
  PID:5852
- C:\Windows\System\kMpfHOi.exe
  C:\Windows\System\kMpfHOi.exe
  2⤵
  PID:5880
- C:\Windows\System\mGDgiIT.exe
  C:\Windows\System\mGDgiIT.exe
  2⤵
  PID:5908
- C:\Windows\System\fbSAEWJ.exe
  C:\Windows\System\fbSAEWJ.exe
  2⤵
  PID:5940
- C:\Windows\System\ylRGlzH.exe
  C:\Windows\System\ylRGlzH.exe
  2⤵
  PID:5964
- C:\Windows\System\xpTuEYO.exe
  C:\Windows\System\xpTuEYO.exe
  2⤵
  PID:5996
- C:\Windows\System\BujwieW.exe
  C:\Windows\System\BujwieW.exe
  2⤵
  PID:6024
- C:\Windows\System\mUYznzc.exe
  C:\Windows\System\mUYznzc.exe
  2⤵
  PID:6052
- C:\Windows\System\UkptMbi.exe
  C:\Windows\System\UkptMbi.exe
  2⤵
  PID:6080
- C:\Windows\System\cJbsSPj.exe
  C:\Windows\System\cJbsSPj.exe
  2⤵
  PID:6108
- C:\Windows\System\kmbYQSz.exe
  C:\Windows\System\kmbYQSz.exe
  2⤵
  PID:6136
- C:\Windows\System\byMsvut.exe
  C:\Windows\System\byMsvut.exe
  2⤵
  PID:5280
- C:\Windows\System\RuPIyNt.exe
  C:\Windows\System\RuPIyNt.exe
  2⤵
  PID:5380
- C:\Windows\System\coCRJuk.exe
  C:\Windows\System\coCRJuk.exe
  2⤵
  PID:5476
- C:\Windows\System\Zigtdav.exe
  C:\Windows\System\Zigtdav.exe
  2⤵
  PID:5372
- C:\Windows\System\fygiLNn.exe
  C:\Windows\System\fygiLNn.exe
  2⤵
  PID:5204
- C:\Windows\System\eUOdoEC.exe
  C:\Windows\System\eUOdoEC.exe
  2⤵
  PID:5608
- C:\Windows\System\mRlBpsA.exe
  C:\Windows\System\mRlBpsA.exe
  2⤵
  PID:5664
- C:\Windows\System\UQvhCoO.exe
  C:\Windows\System\UQvhCoO.exe
  2⤵
  PID:5728
- C:\Windows\System\rqZoZfm.exe
  C:\Windows\System\rqZoZfm.exe
  2⤵
  PID:5820
- C:\Windows\System\cgDjoFu.exe
  C:\Windows\System\cgDjoFu.exe
  2⤵
  PID:5888
- C:\Windows\System\mEUzOMO.exe
  C:\Windows\System\mEUzOMO.exe
  2⤵
  PID:5948
- C:\Windows\System\jvmUDeL.exe
  C:\Windows\System\jvmUDeL.exe
  2⤵
  PID:5432
- C:\Windows\System\PVZjcKn.exe
  C:\Windows\System\PVZjcKn.exe
  2⤵
  PID:6076
- C:\Windows\System\hrPvtvk.exe
  C:\Windows\System\hrPvtvk.exe
  2⤵
  PID:6124
- C:\Windows\System\ZlOdfEL.exe
  C:\Windows\System\ZlOdfEL.exe
  2⤵
  PID:5428
- C:\Windows\System\qIBocgV.exe
  C:\Windows\System\qIBocgV.exe
  2⤵
  PID:5376
- C:\Windows\System\wAJQgEO.exe
  C:\Windows\System\wAJQgEO.exe
  2⤵
  PID:5636
- C:\Windows\System\nVlnkdi.exe
  C:\Windows\System\nVlnkdi.exe
  2⤵
  PID:5804
- C:\Windows\System\NSNUCdm.exe
  C:\Windows\System\NSNUCdm.exe
  2⤵
  PID:5936
- C:\Windows\System\wLHWvlq.exe
  C:\Windows\System\wLHWvlq.exe
  2⤵
  PID:6088
- C:\Windows\System\ilBrgWE.exe
  C:\Windows\System\ilBrgWE.exe
  2⤵
  PID:5536
- C:\Windows\System\YdwPMHN.exe
  C:\Windows\System\YdwPMHN.exe
  2⤵
  PID:5700
- C:\Windows\System\vIostkx.exe
  C:\Windows\System\vIostkx.exe
  2⤵
  PID:6096
- C:\Windows\System\UJDvFtK.exe
  C:\Windows\System\UJDvFtK.exe
  2⤵
  PID:5984
- C:\Windows\System\glAHjpU.exe
  C:\Windows\System\glAHjpU.exe
  2⤵
  PID:5404
- C:\Windows\System\yvdYrBf.exe
  C:\Windows\System\yvdYrBf.exe
  2⤵
  PID:6172
- C:\Windows\System\pagnXBT.exe
  C:\Windows\System\pagnXBT.exe
  2⤵
  PID:6200
- C:\Windows\System\JOcpMtw.exe
  C:\Windows\System\JOcpMtw.exe
  2⤵
  PID:6228
- C:\Windows\System\rnYKgCR.exe
  C:\Windows\System\rnYKgCR.exe
  2⤵
  PID:6256
- C:\Windows\System\SCJDBGJ.exe
  C:\Windows\System\SCJDBGJ.exe
  2⤵
  PID:6284
- C:\Windows\System\kchFqbL.exe
  C:\Windows\System\kchFqbL.exe
  2⤵
  PID:6312
- C:\Windows\System\eYUgizW.exe
  C:\Windows\System\eYUgizW.exe
  2⤵
  PID:6380
- C:\Windows\System\gKiJCGv.exe
  C:\Windows\System\gKiJCGv.exe
  2⤵
  PID:6436
- C:\Windows\System\ywiMkYH.exe
  C:\Windows\System\ywiMkYH.exe
  2⤵
  PID:6468
- C:\Windows\System\rQaZrvr.exe
  C:\Windows\System\rQaZrvr.exe
  2⤵
  PID:6496
- C:\Windows\System\QkbxyNo.exe
  C:\Windows\System\QkbxyNo.exe
  2⤵
  PID:6528
- C:\Windows\System\ipCdSeA.exe
  C:\Windows\System\ipCdSeA.exe
  2⤵
  PID:6556
- C:\Windows\System\cGyvaan.exe
  C:\Windows\System\cGyvaan.exe
  2⤵
  PID:6584
- C:\Windows\System\RgSHEyE.exe
  C:\Windows\System\RgSHEyE.exe
  2⤵
  PID:6608
- C:\Windows\System\OosFvzl.exe
  C:\Windows\System\OosFvzl.exe
  2⤵
  PID:6640
- C:\Windows\System\TXYTMFO.exe
  C:\Windows\System\TXYTMFO.exe
  2⤵
  PID:6668
- C:\Windows\System\YRIrQKK.exe
  C:\Windows\System\YRIrQKK.exe
  2⤵
  PID:6696
- C:\Windows\System\PwLEAdv.exe
  C:\Windows\System\PwLEAdv.exe
  2⤵
  PID:6712
- C:\Windows\System\XZahGVH.exe
  C:\Windows\System\XZahGVH.exe
  2⤵
  PID:6748
- C:\Windows\System\QMeazKP.exe
  C:\Windows\System\QMeazKP.exe
  2⤵
  PID:6772
- C:\Windows\System\TrxlfFo.exe
  C:\Windows\System\TrxlfFo.exe
  2⤵
  PID:6808
- C:\Windows\System\FpmhIgI.exe
  C:\Windows\System\FpmhIgI.exe
  2⤵
  PID:6840
- C:\Windows\System\ggzPLkE.exe
  C:\Windows\System\ggzPLkE.exe
  2⤵
  PID:6868
- C:\Windows\System\cPrRqjH.exe
  C:\Windows\System\cPrRqjH.exe
  2⤵
  PID:6896
- C:\Windows\System\miHtSfa.exe
  C:\Windows\System\miHtSfa.exe
  2⤵
  PID:6928
- C:\Windows\System\YhcnAVn.exe
  C:\Windows\System\YhcnAVn.exe
  2⤵
  PID:6956
- C:\Windows\System\pfKvLQK.exe
  C:\Windows\System\pfKvLQK.exe
  2⤵
  PID:6984
- C:\Windows\System\GbTYYyG.exe
  C:\Windows\System\GbTYYyG.exe
  2⤵
  PID:7012
- C:\Windows\System\uzSwcNv.exe
  C:\Windows\System\uzSwcNv.exe
  2⤵
  PID:7040
- C:\Windows\System\NFytsJd.exe
  C:\Windows\System\NFytsJd.exe
  2⤵
  PID:7068
- C:\Windows\System\OclLHsg.exe
  C:\Windows\System\OclLHsg.exe
  2⤵
  PID:7096
- C:\Windows\System\MZVCruu.exe
  C:\Windows\System\MZVCruu.exe
  2⤵
  PID:7124
- C:\Windows\System\jfsnuWM.exe
  C:\Windows\System\jfsnuWM.exe
  2⤵
  PID:7152
- C:\Windows\System\zQsCXoP.exe
  C:\Windows\System\zQsCXoP.exe
  2⤵
  PID:6180
- C:\Windows\System\QDydPyE.exe
  C:\Windows\System\QDydPyE.exe
  2⤵
  PID:6244
- C:\Windows\System\pqJtqMl.exe
  C:\Windows\System\pqJtqMl.exe
  2⤵
  PID:6308
- C:\Windows\System\shpFdoO.exe
  C:\Windows\System\shpFdoO.exe
  2⤵
  PID:6424
- C:\Windows\System\HvjqfLA.exe
  C:\Windows\System\HvjqfLA.exe
  2⤵
  PID:6392
- C:\Windows\System\UOaDGxQ.exe
  C:\Windows\System\UOaDGxQ.exe
  2⤵
  PID:6484
- C:\Windows\System\qepIIUn.exe
  C:\Windows\System\qepIIUn.exe
  2⤵
  PID:6536
- C:\Windows\System\NOodLOz.exe
  C:\Windows\System\NOodLOz.exe
  2⤵
  PID:6620
- C:\Windows\System\MiTixmq.exe
  C:\Windows\System\MiTixmq.exe
  2⤵
  PID:6692
- C:\Windows\System\eKNJMKe.exe
  C:\Windows\System\eKNJMKe.exe
  2⤵
  PID:6756
- C:\Windows\System\nTKQtKv.exe
  C:\Windows\System\nTKQtKv.exe
  2⤵
  PID:6816
- C:\Windows\System\fOPuzOH.exe
  C:\Windows\System\fOPuzOH.exe
  2⤵
  PID:6876
- C:\Windows\System\pjZPzYB.exe
  C:\Windows\System\pjZPzYB.exe
  2⤵
  PID:6952
- C:\Windows\System\gOFsCZK.exe
  C:\Windows\System\gOFsCZK.exe
  2⤵
  PID:7028
- C:\Windows\System\lbIsDGn.exe
  C:\Windows\System\lbIsDGn.exe
  2⤵
  PID:7148
- C:\Windows\System\UNtOSrp.exe
  C:\Windows\System\UNtOSrp.exe
  2⤵
  PID:6224
- C:\Windows\System\EQSUhRr.exe
  C:\Windows\System\EQSUhRr.exe
  2⤵
  PID:6476
- C:\Windows\System\QXssprL.exe
  C:\Windows\System\QXssprL.exe
  2⤵
  PID:6524
- C:\Windows\System\YWtCXFU.exe
  C:\Windows\System\YWtCXFU.exe
  2⤵
  PID:6832
- C:\Windows\System\eLwxWHM.exe
  C:\Windows\System\eLwxWHM.exe
  2⤵
  PID:264
- C:\Windows\System\VCceQow.exe
  C:\Windows\System\VCceQow.exe
  2⤵
  PID:6152
- C:\Windows\System\Fuzqnro.exe
  C:\Windows\System\Fuzqnro.exe
  2⤵
  PID:760
- C:\Windows\System\FvMaxKB.exe
  C:\Windows\System\FvMaxKB.exe
  2⤵
  PID:1552
- C:\Windows\System\TVGjEaS.exe
  C:\Windows\System\TVGjEaS.exe
  2⤵
  PID:7160
- C:\Windows\System\hAXxMda.exe
  C:\Windows\System\hAXxMda.exe
  2⤵
  PID:6648
- C:\Windows\System\GaFFOBy.exe
  C:\Windows\System\GaFFOBy.exe
  2⤵
  PID:6768
- C:\Windows\System\ZZVnzmy.exe
  C:\Windows\System\ZZVnzmy.exe
  2⤵
  PID:6904
- C:\Windows\System\HaPjwJa.exe
  C:\Windows\System\HaPjwJa.exe
  2⤵
  PID:6148
- C:\Windows\System\WQUsCDM.exe
  C:\Windows\System\WQUsCDM.exe
  2⤵
  PID:7176
- C:\Windows\System\WcwjxJP.exe
  C:\Windows\System\WcwjxJP.exe
  2⤵
  PID:7196
- C:\Windows\System\EGKyxoe.exe
  C:\Windows\System\EGKyxoe.exe
  2⤵
  PID:7228
- C:\Windows\System\TtMztot.exe
  C:\Windows\System\TtMztot.exe
  2⤵
  PID:7252
- C:\Windows\System\qcdWMKF.exe
  C:\Windows\System\qcdWMKF.exe
  2⤵
  PID:7280
- C:\Windows\System\rxHjwhv.exe
  C:\Windows\System\rxHjwhv.exe
  2⤵
  PID:7308
- C:\Windows\System\cjMsHHx.exe
  C:\Windows\System\cjMsHHx.exe
  2⤵
  PID:7360
- C:\Windows\System\KNVBPfK.exe
  C:\Windows\System\KNVBPfK.exe
  2⤵
  PID:7432
- C:\Windows\System\UybDFhm.exe
  C:\Windows\System\UybDFhm.exe
  2⤵
  PID:7472
- C:\Windows\System\lkceZEx.exe
  C:\Windows\System\lkceZEx.exe
  2⤵
  PID:7548
- C:\Windows\System\RnNYtKE.exe
  C:\Windows\System\RnNYtKE.exe
  2⤵
  PID:7584
- C:\Windows\System\IyBtYvU.exe
  C:\Windows\System\IyBtYvU.exe
  2⤵
  PID:7616
- C:\Windows\System\dIiDOSk.exe
  C:\Windows\System\dIiDOSk.exe
  2⤵
  PID:7648
- C:\Windows\System\OcFRvTC.exe
  C:\Windows\System\OcFRvTC.exe
  2⤵
  PID:7688
- C:\Windows\System\nywBRHG.exe
  C:\Windows\System\nywBRHG.exe
  2⤵
  PID:7724
- C:\Windows\System\jcBTkWy.exe
  C:\Windows\System\jcBTkWy.exe
  2⤵
  PID:7752
- C:\Windows\System\Dxmaiyh.exe
  C:\Windows\System\Dxmaiyh.exe
  2⤵
  PID:7792
- C:\Windows\System\wvNwGLU.exe
  C:\Windows\System\wvNwGLU.exe
  2⤵
  PID:7820
- C:\Windows\System\QGngJnn.exe
  C:\Windows\System\QGngJnn.exe
  2⤵
  PID:7876
- C:\Windows\System\EFmovQq.exe
  C:\Windows\System\EFmovQq.exe
  2⤵
  PID:7908
- C:\Windows\System\VPZLUvi.exe
  C:\Windows\System\VPZLUvi.exe
  2⤵
  PID:7944
- C:\Windows\System\UtzrQmr.exe
  C:\Windows\System\UtzrQmr.exe
  2⤵
  PID:7976
- C:\Windows\System\negpCIU.exe
  C:\Windows\System\negpCIU.exe
  2⤵
  PID:8016
- C:\Windows\System\aGFUMxw.exe
  C:\Windows\System\aGFUMxw.exe
  2⤵
  PID:8036
- C:\Windows\System\uqWJjag.exe
  C:\Windows\System\uqWJjag.exe
  2⤵
  PID:8064
- C:\Windows\System\vnOiwgR.exe
  C:\Windows\System\vnOiwgR.exe
  2⤵
  PID:8092
- C:\Windows\System\OnDzlOM.exe
  C:\Windows\System\OnDzlOM.exe
  2⤵
  PID:8128
- C:\Windows\System\hMGttLB.exe
  C:\Windows\System\hMGttLB.exe
  2⤵
  PID:8148
- C:\Windows\System\aFpMakr.exe
  C:\Windows\System\aFpMakr.exe
  2⤵
  PID:8176
- C:\Windows\System\cvRpRBd.exe
  C:\Windows\System\cvRpRBd.exe
  2⤵
  PID:7192
- C:\Windows\System\hnYeZqF.exe
  C:\Windows\System\hnYeZqF.exe
  2⤵
  PID:7276
- C:\Windows\System\KtjTJtG.exe
  C:\Windows\System\KtjTJtG.exe
  2⤵
  PID:7320
- C:\Windows\System\UIHOaIl.exe
  C:\Windows\System\UIHOaIl.exe
  2⤵
  PID:7440
- C:\Windows\System\qBMbjHt.exe
  C:\Windows\System\qBMbjHt.exe
  2⤵
  PID:7592
- C:\Windows\System\IZzjRdg.exe
  C:\Windows\System\IZzjRdg.exe
  2⤵
  PID:7720
- C:\Windows\System\FgoYpac.exe
  C:\Windows\System\FgoYpac.exe
  2⤵
  PID:7800
- C:\Windows\System\gSlrhiU.exe
  C:\Windows\System\gSlrhiU.exe
  2⤵
  PID:7772
- C:\Windows\System\tkEFXak.exe
  C:\Windows\System\tkEFXak.exe
  2⤵
  PID:7872
- C:\Windows\System\QQgXrvY.exe
  C:\Windows\System\QQgXrvY.exe
  2⤵
  PID:7940
- C:\Windows\System\CsURHAc.exe
  C:\Windows\System\CsURHAc.exe
  2⤵
  PID:7932
- C:\Windows\System\MemPgnq.exe
  C:\Windows\System\MemPgnq.exe
  2⤵
  PID:7844
- C:\Windows\System\HWPvymN.exe
  C:\Windows\System\HWPvymN.exe
  2⤵
  PID:8056
- C:\Windows\System\MjpSuyf.exe
  C:\Windows\System\MjpSuyf.exe
  2⤵
  PID:8120
- C:\Windows\System\WNFWLYT.exe
  C:\Windows\System\WNFWLYT.exe
  2⤵
  PID:7184
- C:\Windows\System\QgqdXrG.exe
  C:\Windows\System\QgqdXrG.exe
  2⤵
  PID:7300
- C:\Windows\System\ojVgTtD.exe
  C:\Windows\System\ojVgTtD.exe
  2⤵
  PID:1772
- C:\Windows\System\kXAPJwJ.exe
  C:\Windows\System\kXAPJwJ.exe
  2⤵
  PID:7104
- C:\Windows\System\OeAuDsV.exe
  C:\Windows\System\OeAuDsV.exe
  2⤵
  PID:7780
- C:\Windows\System\Kiskloe.exe
  C:\Windows\System\Kiskloe.exe
  2⤵
  PID:7868
- C:\Windows\System\gPhroQB.exe
  C:\Windows\System\gPhroQB.exe
  2⤵
  PID:7864
- C:\Windows\System\Zdvqswo.exe
  C:\Windows\System\Zdvqswo.exe
  2⤵
  PID:8112
- C:\Windows\System\xdAqDuW.exe
  C:\Windows\System\xdAqDuW.exe
  2⤵
  PID:7304
- C:\Windows\System\mbJRSIf.exe
  C:\Windows\System\mbJRSIf.exe
  2⤵
  PID:452
- C:\Windows\System\YawsawQ.exe
  C:\Windows\System\YawsawQ.exe
  2⤵
  PID:7936
- C:\Windows\System\lBWOZzJ.exe
  C:\Windows\System\lBWOZzJ.exe
  2⤵
  PID:7244
- C:\Windows\System\koQCSeN.exe
  C:\Windows\System\koQCSeN.exe
  2⤵
  PID:7832
- C:\Windows\System\URoOFXn.exe
  C:\Windows\System\URoOFXn.exe
  2⤵
  PID:8196
- C:\Windows\System\DhLglTn.exe
  C:\Windows\System\DhLglTn.exe
  2⤵
  PID:8220
- C:\Windows\System\NQOPvvR.exe
  C:\Windows\System\NQOPvvR.exe
  2⤵
  PID:8248
- C:\Windows\System\YQLbSRF.exe
  C:\Windows\System\YQLbSRF.exe
  2⤵
  PID:8280
- C:\Windows\System\yWuCkbB.exe
  C:\Windows\System\yWuCkbB.exe
  2⤵
  PID:8300
- C:\Windows\System\GSOPahv.exe
  C:\Windows\System\GSOPahv.exe
  2⤵
  PID:8336
- C:\Windows\System\VAjcpve.exe
  C:\Windows\System\VAjcpve.exe
  2⤵
  PID:8356
- C:\Windows\System\rFKOsPQ.exe
  C:\Windows\System\rFKOsPQ.exe
  2⤵
  PID:8384
- C:\Windows\System\ouMCzeh.exe
  C:\Windows\System\ouMCzeh.exe
  2⤵
  PID:8416
- C:\Windows\System\UAtLIaa.exe
  C:\Windows\System\UAtLIaa.exe
  2⤵
  PID:8440
- C:\Windows\System\PlcYTsd.exe
  C:\Windows\System\PlcYTsd.exe
  2⤵
  PID:8468
- C:\Windows\System\VKpTaBb.exe
  C:\Windows\System\VKpTaBb.exe
  2⤵
  PID:8496
- C:\Windows\System\wSkJDcr.exe
  C:\Windows\System\wSkJDcr.exe
  2⤵
  PID:8524
- C:\Windows\System\rpMMdxn.exe
  C:\Windows\System\rpMMdxn.exe
  2⤵
  PID:8552
- C:\Windows\System\BWRevgc.exe
  C:\Windows\System\BWRevgc.exe
  2⤵
  PID:8580
- C:\Windows\System\rbkxRjc.exe
  C:\Windows\System\rbkxRjc.exe
  2⤵
  PID:8608
- C:\Windows\System\rWLXIef.exe
  C:\Windows\System\rWLXIef.exe
  2⤵
  PID:8636
- C:\Windows\System\lQNQGZs.exe
  C:\Windows\System\lQNQGZs.exe
  2⤵
  PID:8668
- C:\Windows\System\olGelNa.exe
  C:\Windows\System\olGelNa.exe
  2⤵
  PID:8692
- C:\Windows\System\jXdGnZQ.exe
  C:\Windows\System\jXdGnZQ.exe
  2⤵
  PID:8720
- C:\Windows\System\HMPyfiA.exe
  C:\Windows\System\HMPyfiA.exe
  2⤵
  PID:8748
- C:\Windows\System\quOXQVd.exe
  C:\Windows\System\quOXQVd.exe
  2⤵
  PID:8776
- C:\Windows\System\DCXOKmu.exe
  C:\Windows\System\DCXOKmu.exe
  2⤵
  PID:8804
- C:\Windows\System\bVbrWtX.exe
  C:\Windows\System\bVbrWtX.exe
  2⤵
  PID:8832
- C:\Windows\System\rHNwNqz.exe
  C:\Windows\System\rHNwNqz.exe
  2⤵
  PID:8864
- C:\Windows\System\XyvwAUX.exe
  C:\Windows\System\XyvwAUX.exe
  2⤵
  PID:8892
- C:\Windows\System\PPhozFt.exe
  C:\Windows\System\PPhozFt.exe
  2⤵
  PID:8920
- C:\Windows\System\JJOuVRt.exe
  C:\Windows\System\JJOuVRt.exe
  2⤵
  PID:8960
- C:\Windows\System\YuByDCb.exe
  C:\Windows\System\YuByDCb.exe
  2⤵
  PID:8976
- C:\Windows\System\eqPntDZ.exe
  C:\Windows\System\eqPntDZ.exe
  2⤵
  PID:9004
- C:\Windows\System\CMXleFw.exe
  C:\Windows\System\CMXleFw.exe
  2⤵
  PID:9032
- C:\Windows\System\oJBThoS.exe
  C:\Windows\System\oJBThoS.exe
  2⤵
  PID:9060
- C:\Windows\System\SWgsavR.exe
  C:\Windows\System\SWgsavR.exe
  2⤵
  PID:9092
- C:\Windows\System\lxSWrty.exe
  C:\Windows\System\lxSWrty.exe
  2⤵
  PID:9132
- C:\Windows\System\SBrLJiH.exe
  C:\Windows\System\SBrLJiH.exe
  2⤵
  PID:9164
- C:\Windows\System\ApKOTFM.exe
  C:\Windows\System\ApKOTFM.exe
  2⤵
  PID:8204
- C:\Windows\System\cteqtth.exe
  C:\Windows\System\cteqtth.exe
  2⤵
  PID:8240
- C:\Windows\System\hsYGyDY.exe
  C:\Windows\System\hsYGyDY.exe
  2⤵
  PID:8312
- C:\Windows\System\pODpAhL.exe
  C:\Windows\System\pODpAhL.exe
  2⤵
  PID:8396
- C:\Windows\System\IxLtrtz.exe
  C:\Windows\System\IxLtrtz.exe
  2⤵
  PID:8432
- C:\Windows\System\YEOuLOf.exe
  C:\Windows\System\YEOuLOf.exe
  2⤵
  PID:8488
- C:\Windows\System\yvEEtvM.exe
  C:\Windows\System\yvEEtvM.exe
  2⤵
  PID:8548
- C:\Windows\System\iWkenor.exe
  C:\Windows\System\iWkenor.exe
  2⤵
  PID:8632
- C:\Windows\System\uxRKuTS.exe
  C:\Windows\System\uxRKuTS.exe
  2⤵
  PID:8704
- C:\Windows\System\SosNRNL.exe
  C:\Windows\System\SosNRNL.exe
  2⤵
  PID:8768
- C:\Windows\System\NIhPkWB.exe
  C:\Windows\System\NIhPkWB.exe
  2⤵
  PID:8856
- C:\Windows\System\LCsuGHr.exe
  C:\Windows\System\LCsuGHr.exe
  2⤵
  PID:8916
- C:\Windows\System\fcvPREf.exe
  C:\Windows\System\fcvPREf.exe
  2⤵
  PID:8988
- C:\Windows\System\nrYDViV.exe
  C:\Windows\System\nrYDViV.exe
  2⤵
  PID:9044
- C:\Windows\System\exkvVhR.exe
  C:\Windows\System\exkvVhR.exe
  2⤵
  PID:9112
- C:\Windows\System\MeQjgHg.exe
  C:\Windows\System\MeQjgHg.exe
  2⤵
  PID:3024
- C:\Windows\System\PokYtMO.exe
  C:\Windows\System\PokYtMO.exe
  2⤵
  PID:5008
- C:\Windows\System\YVyHOeR.exe
  C:\Windows\System\YVyHOeR.exe
  2⤵
  PID:9172
- C:\Windows\System\ROnNjBw.exe
  C:\Windows\System\ROnNjBw.exe
  2⤵
  PID:8352
- C:\Windows\System\ZscWAXD.exe
  C:\Windows\System\ZscWAXD.exe
  2⤵
  PID:8436
- C:\Windows\System\APEJzSU.exe
  C:\Windows\System\APEJzSU.exe
  2⤵
  PID:6432
- C:\Windows\System\ZDLvAnZ.exe
  C:\Windows\System\ZDLvAnZ.exe
  2⤵
  PID:8744
- C:\Windows\System\EwtbJIn.exe
  C:\Windows\System\EwtbJIn.exe
  2⤵
  PID:8844
- C:\Windows\System\LgVPOaD.exe
  C:\Windows\System\LgVPOaD.exe
  2⤵
  PID:8972
- C:\Windows\System\BNxuuLP.exe
  C:\Windows\System\BNxuuLP.exe
  2⤵
  PID:432
- C:\Windows\System\lhdWlBa.exe
  C:\Windows\System\lhdWlBa.exe
  2⤵
  PID:9148
- C:\Windows\System\OBIOQdS.exe
  C:\Windows\System\OBIOQdS.exe
  2⤵
  PID:8424
- C:\Windows\System\ylwCRSQ.exe
  C:\Windows\System\ylwCRSQ.exe
  2⤵
  PID:7524
- C:\Windows\System\dDwqrpX.exe
  C:\Windows\System\dDwqrpX.exe
  2⤵
  PID:9084
- C:\Windows\System\RhwMSmq.exe
  C:\Windows\System\RhwMSmq.exe
  2⤵
  PID:224
- C:\Windows\System\VzYedFp.exe
  C:\Windows\System\VzYedFp.exe
  2⤵
  PID:8268
- C:\Windows\System\WbLrtRC.exe
  C:\Windows\System\WbLrtRC.exe
  2⤵
  PID:9028
- C:\Windows\System\xviAWqT.exe
  C:\Windows\System\xviAWqT.exe
  2⤵
  PID:9240
- C:\Windows\System\qLWITav.exe
  C:\Windows\System\qLWITav.exe
  2⤵
  PID:9268
- C:\Windows\System\NNHDdEF.exe
  C:\Windows\System\NNHDdEF.exe
  2⤵
  PID:9296
- C:\Windows\System\lQaaxuu.exe
  C:\Windows\System\lQaaxuu.exe
  2⤵
  PID:9324
- C:\Windows\System\yqLjMco.exe
  C:\Windows\System\yqLjMco.exe
  2⤵
  PID:9352
- C:\Windows\System\IZkrpQf.exe
  C:\Windows\System\IZkrpQf.exe
  2⤵
  PID:9380
- C:\Windows\System\ymAUJhN.exe
  C:\Windows\System\ymAUJhN.exe
  2⤵
  PID:9408
- C:\Windows\System\owcluaw.exe
  C:\Windows\System\owcluaw.exe
  2⤵
  PID:9436
- C:\Windows\System\WqbrIIb.exe
  C:\Windows\System\WqbrIIb.exe
  2⤵
  PID:9464
- C:\Windows\System\pMfBEoo.exe
  C:\Windows\System\pMfBEoo.exe
  2⤵
  PID:9492
- C:\Windows\System\OIFzxpp.exe
  C:\Windows\System\OIFzxpp.exe
  2⤵
  PID:9520
- C:\Windows\System\iWHiVsK.exe
  C:\Windows\System\iWHiVsK.exe
  2⤵
  PID:9548
- C:\Windows\System\qyWpPDU.exe
  C:\Windows\System\qyWpPDU.exe
  2⤵
  PID:9576
- C:\Windows\System\rwTfbnR.exe
  C:\Windows\System\rwTfbnR.exe
  2⤵
  PID:9604
- C:\Windows\System\sTQWOUy.exe
  C:\Windows\System\sTQWOUy.exe
  2⤵
  PID:9632
- C:\Windows\System\BRbaJcx.exe
  C:\Windows\System\BRbaJcx.exe
  2⤵
  PID:9660
- C:\Windows\System\OUSgUPT.exe
  C:\Windows\System\OUSgUPT.exe
  2⤵
  PID:9688
- C:\Windows\System\OMmdakL.exe
  C:\Windows\System\OMmdakL.exe
  2⤵
  PID:9716
- C:\Windows\System\gSfDWaB.exe
  C:\Windows\System\gSfDWaB.exe
  2⤵
  PID:9744
- C:\Windows\System\kjfAueN.exe
  C:\Windows\System\kjfAueN.exe
  2⤵
  PID:9776
- C:\Windows\System\FrRcMBZ.exe
  C:\Windows\System\FrRcMBZ.exe
  2⤵
  PID:9804
- C:\Windows\System\JuTdXBS.exe
  C:\Windows\System\JuTdXBS.exe
  2⤵
  PID:9832
- C:\Windows\System\VdGoXEB.exe
  C:\Windows\System\VdGoXEB.exe
  2⤵
  PID:9860
- C:\Windows\System\VlDqQTl.exe
  C:\Windows\System\VlDqQTl.exe
  2⤵
  PID:9888
- C:\Windows\System\isrxdqr.exe
  C:\Windows\System\isrxdqr.exe
  2⤵
  PID:9916
- C:\Windows\System\axyGDQI.exe
  C:\Windows\System\axyGDQI.exe
  2⤵
  PID:9944
- C:\Windows\System\XArPrHw.exe
  C:\Windows\System\XArPrHw.exe
  2⤵
  PID:9972
- C:\Windows\System\ddgOhyb.exe
  C:\Windows\System\ddgOhyb.exe
  2⤵
  PID:10000
- C:\Windows\System\EDMburA.exe
  C:\Windows\System\EDMburA.exe
  2⤵
  PID:10028
- C:\Windows\System\QTWGVcH.exe
  C:\Windows\System\QTWGVcH.exe
  2⤵
  PID:10056
- C:\Windows\System\wHcDszd.exe
  C:\Windows\System\wHcDszd.exe
  2⤵
  PID:10084
- C:\Windows\System\YRBSNFy.exe
  C:\Windows\System\YRBSNFy.exe
  2⤵
  PID:10112
- C:\Windows\System\nqrzygS.exe
  C:\Windows\System\nqrzygS.exe
  2⤵
  PID:10140
- C:\Windows\System\bopsOfv.exe
  C:\Windows\System\bopsOfv.exe
  2⤵
  PID:10168
- C:\Windows\System\dwmVcgp.exe
  C:\Windows\System\dwmVcgp.exe
  2⤵
  PID:10196
- C:\Windows\System\JNKFRsA.exe
  C:\Windows\System\JNKFRsA.exe
  2⤵
  PID:10224
- C:\Windows\System\YzetecN.exe
  C:\Windows\System\YzetecN.exe
  2⤵
  PID:9252
- C:\Windows\System\XuJstoF.exe
  C:\Windows\System\XuJstoF.exe
  2⤵
  PID:9316
- C:\Windows\System\CveBtEb.exe
  C:\Windows\System\CveBtEb.exe
  2⤵
  PID:9376
- C:\Windows\System\GpIwibI.exe
  C:\Windows\System\GpIwibI.exe
  2⤵
  PID:9448
- C:\Windows\System\kRnBOyE.exe
  C:\Windows\System\kRnBOyE.exe
  2⤵
  PID:9512
- C:\Windows\System\LaoHHZd.exe
  C:\Windows\System\LaoHHZd.exe
  2⤵
  PID:9568
- C:\Windows\System\aVpMpBD.exe
  C:\Windows\System\aVpMpBD.exe
  2⤵
  PID:9628
- C:\Windows\System\qnJSgGt.exe
  C:\Windows\System\qnJSgGt.exe
  2⤵
  PID:9700
- C:\Windows\System\tiFrDAD.exe
  C:\Windows\System\tiFrDAD.exe
  2⤵
  PID:9768
- C:\Windows\System\RFZamNe.exe
  C:\Windows\System\RFZamNe.exe
  2⤵
  PID:9880
- C:\Windows\System\CMTcBtB.exe
  C:\Windows\System\CMTcBtB.exe
  2⤵
  PID:9912
- C:\Windows\System\SHrPhki.exe
  C:\Windows\System\SHrPhki.exe
  2⤵
  PID:9984
- C:\Windows\System\YrfTVCF.exe
  C:\Windows\System\YrfTVCF.exe
  2⤵
  PID:10048
- C:\Windows\System\tHrnkXk.exe
  C:\Windows\System\tHrnkXk.exe
  2⤵
  PID:10124
- C:\Windows\System\cLBtmgT.exe
  C:\Windows\System\cLBtmgT.exe
  2⤵
  PID:10188
- C:\Windows\System\KPROYEY.exe
  C:\Windows\System\KPROYEY.exe
  2⤵
  PID:9232
- C:\Windows\System\beaOPHh.exe
  C:\Windows\System\beaOPHh.exe
  2⤵
  PID:9372
- C:\Windows\System\vxcBSiE.exe
  C:\Windows\System\vxcBSiE.exe
  2⤵
  PID:8236
- C:\Windows\System\MlfTPuo.exe
  C:\Windows\System\MlfTPuo.exe
  2⤵
  PID:9656
- C:\Windows\System\kRSrXEb.exe
  C:\Windows\System\kRSrXEb.exe
  2⤵
  PID:9816
- C:\Windows\System\OEaHnGL.exe
  C:\Windows\System\OEaHnGL.exe
  2⤵
  PID:9964
- C:\Windows\System\AEvBjPk.exe
  C:\Windows\System\AEvBjPk.exe
  2⤵
  PID:10108
- C:\Windows\System\iPzaaVt.exe
  C:\Windows\System\iPzaaVt.exe
  2⤵
  PID:9292
- C:\Windows\System\bMDrPur.exe
  C:\Windows\System\bMDrPur.exe
  2⤵
  PID:9596
- C:\Windows\System\wjSgUky.exe
  C:\Windows\System\wjSgUky.exe
  2⤵
  PID:9908
- C:\Windows\System\TnUhbFD.exe
  C:\Windows\System\TnUhbFD.exe
  2⤵
  PID:4456
- C:\Windows\System\AVeZzYG.exe
  C:\Windows\System\AVeZzYG.exe
  2⤵
  PID:9504
- C:\Windows\System\xDXdnNE.exe
  C:\Windows\System\xDXdnNE.exe
  2⤵
  PID:10220
- C:\Windows\System\SRmqVUB.exe
  C:\Windows\System\SRmqVUB.exe
  2⤵
  PID:1056
- C:\Windows\System\jwHXXjJ.exe
  C:\Windows\System\jwHXXjJ.exe
  2⤵
  PID:10268
- C:\Windows\System\FFjFdnA.exe
  C:\Windows\System\FFjFdnA.exe
  2⤵
  PID:10296
- C:\Windows\System\BqqQbLl.exe
  C:\Windows\System\BqqQbLl.exe
  2⤵
  PID:10324
- C:\Windows\System\HwAnIZA.exe
  C:\Windows\System\HwAnIZA.exe
  2⤵
  PID:10352
- C:\Windows\System\uBmHmaC.exe
  C:\Windows\System\uBmHmaC.exe
  2⤵
  PID:10380
- C:\Windows\System\cxweApI.exe
  C:\Windows\System\cxweApI.exe
  2⤵
  PID:10408
- C:\Windows\System\PGgoYpJ.exe
  C:\Windows\System\PGgoYpJ.exe
  2⤵
  PID:10436
- C:\Windows\System\syGQcQz.exe
  C:\Windows\System\syGQcQz.exe
  2⤵
  PID:10464
- C:\Windows\System\ntQiDZc.exe
  C:\Windows\System\ntQiDZc.exe
  2⤵
  PID:10492
- C:\Windows\System\OcxmKMP.exe
  C:\Windows\System\OcxmKMP.exe
  2⤵
  PID:10520
- C:\Windows\System\zhPaGNb.exe
  C:\Windows\System\zhPaGNb.exe
  2⤵
  PID:10548
- C:\Windows\System\snfyUXY.exe
  C:\Windows\System\snfyUXY.exe
  2⤵
  PID:10576
- C:\Windows\System\pTucyjo.exe
  C:\Windows\System\pTucyjo.exe
  2⤵
  PID:10604
- C:\Windows\System\oVzGvxS.exe
  C:\Windows\System\oVzGvxS.exe
  2⤵
  PID:10632
- C:\Windows\System\ovfxVTd.exe
  C:\Windows\System\ovfxVTd.exe
  2⤵
  PID:10660
- C:\Windows\System\lQAzrAN.exe
  C:\Windows\System\lQAzrAN.exe
  2⤵
  PID:10688
- C:\Windows\System\cDZxfTJ.exe
  C:\Windows\System\cDZxfTJ.exe
  2⤵
  PID:10716
- C:\Windows\System\gweXTCa.exe
  C:\Windows\System\gweXTCa.exe
  2⤵
  PID:10744
- C:\Windows\System\tCROPwg.exe
  C:\Windows\System\tCROPwg.exe
  2⤵
  PID:10776
- C:\Windows\System\qbtRaXQ.exe
  C:\Windows\System\qbtRaXQ.exe
  2⤵
  PID:10804
- C:\Windows\System\uDAoWsX.exe
  C:\Windows\System\uDAoWsX.exe
  2⤵
  PID:10832
- C:\Windows\System\zvrcVFO.exe
  C:\Windows\System\zvrcVFO.exe
  2⤵
  PID:10860
- C:\Windows\System\IBHTidR.exe
  C:\Windows\System\IBHTidR.exe
  2⤵
  PID:10888
- C:\Windows\System\aTBEHSx.exe
  C:\Windows\System\aTBEHSx.exe
  2⤵
  PID:10916
- C:\Windows\System\pfYrJyb.exe
  C:\Windows\System\pfYrJyb.exe
  2⤵
  PID:10944
- C:\Windows\System\eNZQRHz.exe
  C:\Windows\System\eNZQRHz.exe
  2⤵
  PID:10972
- C:\Windows\System\sWOjKqd.exe
  C:\Windows\System\sWOjKqd.exe
  2⤵
  PID:11000
- C:\Windows\System\SeevyJM.exe
  C:\Windows\System\SeevyJM.exe
  2⤵
  PID:11036
- C:\Windows\System\sdSCsYC.exe
  C:\Windows\System\sdSCsYC.exe
  2⤵
  PID:11056
- C:\Windows\System\CxDZfws.exe
  C:\Windows\System\CxDZfws.exe
  2⤵
  PID:11084
- C:\Windows\System\NpLAxnb.exe
  C:\Windows\System\NpLAxnb.exe
  2⤵
  PID:11112
- C:\Windows\System\mauZzdj.exe
  C:\Windows\System\mauZzdj.exe
  2⤵
  PID:11140
- C:\Windows\System\BLJXKDw.exe
  C:\Windows\System\BLJXKDw.exe
  2⤵
  PID:11168
- C:\Windows\System\iUIbZoW.exe
  C:\Windows\System\iUIbZoW.exe
  2⤵
  PID:11196
- C:\Windows\System\VQLuAyY.exe
  C:\Windows\System\VQLuAyY.exe
  2⤵
  PID:11224
- C:\Windows\System\aOkQsTJ.exe
  C:\Windows\System\aOkQsTJ.exe
  2⤵
  PID:11252
- C:\Windows\System\IGvNSWJ.exe
  C:\Windows\System\IGvNSWJ.exe
  2⤵
  PID:10280
- C:\Windows\System\bIAjzwc.exe
  C:\Windows\System\bIAjzwc.exe
  2⤵
  PID:10316
- C:\Windows\System\UVkZJtJ.exe
  C:\Windows\System\UVkZJtJ.exe
  2⤵
  PID:10364
- C:\Windows\System\yxacfza.exe
  C:\Windows\System\yxacfza.exe
  2⤵
  PID:10428
- C:\Windows\System\hLGKjcv.exe
  C:\Windows\System\hLGKjcv.exe
  2⤵
  PID:10488
- C:\Windows\System\CskYqgO.exe
  C:\Windows\System\CskYqgO.exe
  2⤵
  PID:10544
- C:\Windows\System\dMTuXuG.exe
  C:\Windows\System\dMTuXuG.exe
  2⤵
  PID:10616
- C:\Windows\System\GFBeJIA.exe
  C:\Windows\System\GFBeJIA.exe
  2⤵
  PID:10680
- C:\Windows\System\wlCbbzL.exe
  C:\Windows\System\wlCbbzL.exe
  2⤵
  PID:10740
- C:\Windows\System\ZbbSwqj.exe
  C:\Windows\System\ZbbSwqj.exe
  2⤵
  PID:10816
- C:\Windows\System\mVwJTFh.exe
  C:\Windows\System\mVwJTFh.exe
  2⤵
  PID:10880
- C:\Windows\System\RlsaLxH.exe
  C:\Windows\System\RlsaLxH.exe
  2⤵
  PID:10940
- C:\Windows\System\VLZTURq.exe
  C:\Windows\System\VLZTURq.exe
  2⤵
  PID:11012
- C:\Windows\System\RdmIeer.exe
  C:\Windows\System\RdmIeer.exe
  2⤵
  PID:11080
- C:\Windows\System\mDrXPXc.exe
  C:\Windows\System\mDrXPXc.exe
  2⤵
  PID:11152
- C:\Windows\System\tGMawfW.exe
  C:\Windows\System\tGMawfW.exe
  2⤵
  PID:11216
- C:\Windows\System\mhdmlJN.exe
  C:\Windows\System\mhdmlJN.exe
  2⤵
  PID:10264
- C:\Windows\System\ZxCUgSF.exe
  C:\Windows\System\ZxCUgSF.exe
  2⤵
  PID:10392
- C:\Windows\System\qAGxJBL.exe
  C:\Windows\System\qAGxJBL.exe
  2⤵
  PID:10516
- C:\Windows\System\PfFceKW.exe
  C:\Windows\System\PfFceKW.exe
  2⤵
  PID:10656
- C:\Windows\System\DOhMfyu.exe
  C:\Windows\System\DOhMfyu.exe
  2⤵
  PID:10800
- C:\Windows\System\YmNFIFu.exe
  C:\Windows\System\YmNFIFu.exe
  2⤵
  PID:10968
- C:\Windows\System\cjgpLVx.exe
  C:\Windows\System\cjgpLVx.exe
  2⤵
  PID:11132
- C:\Windows\System\WtIFFjW.exe
  C:\Windows\System\WtIFFjW.exe
  2⤵
  PID:10260
- C:\Windows\System\dWGFRjk.exe
  C:\Windows\System\dWGFRjk.exe
  2⤵
  PID:10572
- C:\Windows\System\bGRRzxm.exe
  C:\Windows\System\bGRRzxm.exe
  2⤵
  PID:10928
- C:\Windows\System\nBCOxeH.exe
  C:\Windows\System\nBCOxeH.exe
  2⤵
  PID:9824
- C:\Windows\System\DMjIGjN.exe
  C:\Windows\System\DMjIGjN.exe
  2⤵
  PID:11076
- C:\Windows\System\DJyKiiR.exe
  C:\Windows\System\DJyKiiR.exe
  2⤵
  PID:10872
- C:\Windows\System\kitfBVg.exe
  C:\Windows\System\kitfBVg.exe
  2⤵
  PID:11292
- C:\Windows\System\xRADHVq.exe
  C:\Windows\System\xRADHVq.exe
  2⤵
  PID:11320
- C:\Windows\System\vEfxgaC.exe
  C:\Windows\System\vEfxgaC.exe
  2⤵
  PID:11348
- C:\Windows\System\iALtcoa.exe
  C:\Windows\System\iALtcoa.exe
  2⤵
  PID:11376
- C:\Windows\System\DvdMxbd.exe
  C:\Windows\System\DvdMxbd.exe
  2⤵
  PID:11404
- C:\Windows\System\MxXqnzf.exe
  C:\Windows\System\MxXqnzf.exe
  2⤵
  PID:11432
- C:\Windows\System\iqievtR.exe
  C:\Windows\System\iqievtR.exe
  2⤵
  PID:11460
- C:\Windows\System\VGSvYoz.exe
  C:\Windows\System\VGSvYoz.exe
  2⤵
  PID:11488
- C:\Windows\System\FtknruP.exe
  C:\Windows\System\FtknruP.exe
  2⤵
  PID:11516
- C:\Windows\System\ULIyYog.exe
  C:\Windows\System\ULIyYog.exe
  2⤵
  PID:11544
- C:\Windows\System\cVcXfaK.exe
  C:\Windows\System\cVcXfaK.exe
  2⤵
  PID:11572
- C:\Windows\System\CYIBqYU.exe
  C:\Windows\System\CYIBqYU.exe
  2⤵
  PID:11600
- C:\Windows\System\zsDmvEe.exe
  C:\Windows\System\zsDmvEe.exe
  2⤵
  PID:11628
- C:\Windows\System\pGOittb.exe
  C:\Windows\System\pGOittb.exe
  2⤵
  PID:11656
- C:\Windows\System\UwTTsWC.exe
  C:\Windows\System\UwTTsWC.exe
  2⤵
  PID:11684
- C:\Windows\System\fVSJqwG.exe
  C:\Windows\System\fVSJqwG.exe
  2⤵
  PID:11712
- C:\Windows\System\COhNFzN.exe
  C:\Windows\System\COhNFzN.exe
  2⤵
  PID:11740
- C:\Windows\System\SOfdDoV.exe
  C:\Windows\System\SOfdDoV.exe
  2⤵
  PID:11772
- C:\Windows\System\NYEIsSA.exe
  C:\Windows\System\NYEIsSA.exe
  2⤵
  PID:11800
- C:\Windows\System\MKUmsyM.exe
  C:\Windows\System\MKUmsyM.exe
  2⤵
  PID:11828
- C:\Windows\System\SFseYXC.exe
  C:\Windows\System\SFseYXC.exe
  2⤵
  PID:11856
- C:\Windows\System\iLjSkaa.exe
  C:\Windows\System\iLjSkaa.exe
  2⤵
  PID:11884
- C:\Windows\System\PelgTTF.exe
  C:\Windows\System\PelgTTF.exe
  2⤵
  PID:11916
- C:\Windows\System\AhfUynu.exe
  C:\Windows\System\AhfUynu.exe
  2⤵
  PID:11944
- C:\Windows\System\wrjJTOE.exe
  C:\Windows\System\wrjJTOE.exe
  2⤵
  PID:11960
- C:\Windows\System\AGZcFLq.exe
  C:\Windows\System\AGZcFLq.exe
  2⤵
  PID:12000
- C:\Windows\System\enrNgMx.exe
  C:\Windows\System\enrNgMx.exe
  2⤵
  PID:12032
- C:\Windows\System\OhWxMEK.exe
  C:\Windows\System\OhWxMEK.exe
  2⤵
  PID:12060
- C:\Windows\System\xuCDAyN.exe
  C:\Windows\System\xuCDAyN.exe
  2⤵
  PID:12088
- C:\Windows\System\LAIURlh.exe
  C:\Windows\System\LAIURlh.exe
  2⤵
  PID:12124
- C:\Windows\System\pSWwbzL.exe
  C:\Windows\System\pSWwbzL.exe
  2⤵
  PID:12180
- C:\Windows\System\omCbcpA.exe
  C:\Windows\System\omCbcpA.exe
  2⤵
  PID:12200
- C:\Windows\System\GTkovtx.exe
  C:\Windows\System\GTkovtx.exe
  2⤵
  PID:12228
- C:\Windows\System\hKBvtlA.exe
  C:\Windows\System\hKBvtlA.exe
  2⤵
  PID:12244
- C:\Windows\System\mryaqZx.exe
  C:\Windows\System\mryaqZx.exe
  2⤵
  PID:10772
- C:\Windows\System\HPkxIPh.exe
  C:\Windows\System\HPkxIPh.exe
  2⤵
  PID:11316
- C:\Windows\System\TzEFLNV.exe
  C:\Windows\System\TzEFLNV.exe
  2⤵
  PID:11400
- C:\Windows\System\UjmIkPw.exe
  C:\Windows\System\UjmIkPw.exe
  2⤵
  PID:11480
- C:\Windows\System\wVHsXuu.exe
  C:\Windows\System\wVHsXuu.exe
  2⤵
  PID:11540
- C:\Windows\System\fbsNtAg.exe
  C:\Windows\System\fbsNtAg.exe
  2⤵
  PID:11596
- C:\Windows\System\IEbyvOa.exe
  C:\Windows\System\IEbyvOa.exe
  2⤵
  PID:11668
- C:\Windows\System\ZIGzFLK.exe
  C:\Windows\System\ZIGzFLK.exe
  2⤵
  PID:11732
- C:\Windows\System\ZrVELLi.exe
  C:\Windows\System\ZrVELLi.exe
  2⤵
  PID:11796
- C:\Windows\System\qjhChtC.exe
  C:\Windows\System\qjhChtC.exe
  2⤵
  PID:11868
- C:\Windows\System\xxgccaY.exe
  C:\Windows\System\xxgccaY.exe
  2⤵
  PID:11912
- C:\Windows\System\gtNFqlx.exe
  C:\Windows\System\gtNFqlx.exe
  2⤵
  PID:11980
- C:\Windows\System\GHyGfyE.exe
  C:\Windows\System\GHyGfyE.exe
  2⤵
  PID:12028
- C:\Windows\System\mocQbda.exe
  C:\Windows\System\mocQbda.exe
  2⤵
  PID:12080
- C:\Windows\System\dZOxJsg.exe
  C:\Windows\System\dZOxJsg.exe
  2⤵
  PID:4168
- C:\Windows\System\wiOEzXL.exe
  C:\Windows\System\wiOEzXL.exe
  2⤵
  PID:2368
- C:\Windows\System\VYtEQkF.exe
  C:\Windows\System\VYtEQkF.exe
  2⤵
  PID:12148
- C:\Windows\System\AnBZMTP.exe
  C:\Windows\System\AnBZMTP.exe
  2⤵
  PID:12156
- C:\Windows\System\tVaRezY.exe
  C:\Windows\System\tVaRezY.exe
  2⤵
  PID:12236
- C:\Windows\System\DRFqfix.exe
  C:\Windows\System\DRFqfix.exe
  2⤵
  PID:11288
- C:\Windows\System\YFJengc.exe
  C:\Windows\System\YFJengc.exe
  2⤵
  PID:11396
- C:\Windows\System\qnpLAQq.exe
  C:\Windows\System\qnpLAQq.exe
  2⤵
  PID:11528
- C:\Windows\System\QjHDOon.exe
  C:\Windows\System\QjHDOon.exe
  2⤵
  PID:11648
- C:\Windows\System\KlFHpIJ.exe
  C:\Windows\System\KlFHpIJ.exe
  2⤵
  PID:11784
- C:\Windows\System\dMkIOpo.exe
  C:\Windows\System\dMkIOpo.exe
  2⤵
  PID:11908
- C:\Windows\System\wPzHGpP.exe
  C:\Windows\System\wPzHGpP.exe
  2⤵
  PID:12048
- C:\Windows\System\JrGiNgd.exe
  C:\Windows\System\JrGiNgd.exe
  2⤵
  PID:3584
- C:\Windows\System\jkoJfCH.exe
  C:\Windows\System\jkoJfCH.exe
  2⤵
  PID:4876
- C:\Windows\System\cVlfcll.exe
  C:\Windows\System\cVlfcll.exe
  2⤵
  PID:11360
- C:\Windows\System\UBtOHWB.exe
  C:\Windows\System\UBtOHWB.exe
  2⤵
  PID:11584
- C:\Windows\System\hyXysfN.exe
  C:\Windows\System\hyXysfN.exe
  2⤵
  PID:12216
- C:\Windows\System\ZvqKNxv.exe
  C:\Windows\System\ZvqKNxv.exe
  2⤵
  PID:3340
- C:\Windows\System\wGeqhah.exe
  C:\Windows\System\wGeqhah.exe
  2⤵
  PID:11284
- C:\Windows\System\sIEqWBb.exe
  C:\Windows\System\sIEqWBb.exe
  2⤵
  PID:11972
- C:\Windows\System\BFESIjR.exe
  C:\Windows\System\BFESIjR.exe
  2⤵
  PID:11848
- C:\Windows\System\DCFjOJj.exe
  C:\Windows\System\DCFjOJj.exe
  2⤵
  PID:12296
- C:\Windows\System\AuXMcsX.exe
  C:\Windows\System\AuXMcsX.exe
  2⤵
  PID:12324
- C:\Windows\System\rLhQzFZ.exe
  C:\Windows\System\rLhQzFZ.exe
  2⤵
  PID:12352
- C:\Windows\System\WgeegwE.exe
  C:\Windows\System\WgeegwE.exe
  2⤵
  PID:12388
- C:\Windows\System\iqBYhgg.exe
  C:\Windows\System\iqBYhgg.exe
  2⤵
  PID:12408
- C:\Windows\System\tFzKBpx.exe
  C:\Windows\System\tFzKBpx.exe
  2⤵
  PID:12436
- C:\Windows\System\tatwlPh.exe
  C:\Windows\System\tatwlPh.exe
  2⤵
  PID:12464
- C:\Windows\System\zyNuhkV.exe
  C:\Windows\System\zyNuhkV.exe
  2⤵
  PID:12492
- C:\Windows\System\obcWVPO.exe
  C:\Windows\System\obcWVPO.exe
  2⤵
  PID:12520
- C:\Windows\System\HYkTrmL.exe
  C:\Windows\System\HYkTrmL.exe
  2⤵
  PID:12548
- C:\Windows\System\qnESDzq.exe
  C:\Windows\System\qnESDzq.exe
  2⤵
  PID:12576
- C:\Windows\System\KLOhnnh.exe
  C:\Windows\System\KLOhnnh.exe
  2⤵
  PID:12604
- C:\Windows\System\nRLlxNK.exe
  C:\Windows\System\nRLlxNK.exe
  2⤵
  PID:12632
- C:\Windows\System\uDnaPkN.exe
  C:\Windows\System\uDnaPkN.exe
  2⤵
  PID:12660
- C:\Windows\System\ZiTbjQn.exe
  C:\Windows\System\ZiTbjQn.exe
  2⤵
  PID:12688
- C:\Windows\System\oHrzynZ.exe
  C:\Windows\System\oHrzynZ.exe
  2⤵
  PID:12716
- C:\Windows\System\GSitWWB.exe
  C:\Windows\System\GSitWWB.exe
  2⤵
  PID:12744
- C:\Windows\System\olNsiFh.exe
  C:\Windows\System\olNsiFh.exe
  2⤵
  PID:12772
- C:\Windows\System\XuPiNFA.exe
  C:\Windows\System\XuPiNFA.exe
  2⤵
  PID:12800
- C:\Windows\System\veIcFhm.exe
  C:\Windows\System\veIcFhm.exe
  2⤵
  PID:12828
- C:\Windows\System\DXNTvyL.exe
  C:\Windows\System\DXNTvyL.exe
  2⤵
  PID:12856
- C:\Windows\System\RVfOtlD.exe
  C:\Windows\System\RVfOtlD.exe
  2⤵
  PID:12884
- C:\Windows\System\WLFvfQU.exe
  C:\Windows\System\WLFvfQU.exe
  2⤵
  PID:12912
- C:\Windows\System\kTXCbFK.exe
  C:\Windows\System\kTXCbFK.exe
  2⤵
  PID:12944
- C:\Windows\System\cIgfxfY.exe
  C:\Windows\System\cIgfxfY.exe
  2⤵
  PID:12972
- C:\Windows\System\wOCnpTS.exe
  C:\Windows\System\wOCnpTS.exe
  2⤵
  PID:13000
- C:\Windows\System\XUMHbwr.exe
  C:\Windows\System\XUMHbwr.exe
  2⤵
  PID:13028
- C:\Windows\System\AnLnFVF.exe
  C:\Windows\System\AnLnFVF.exe
  2⤵
  PID:13056
- C:\Windows\System\JgwZYhW.exe
  C:\Windows\System\JgwZYhW.exe
  2⤵
  PID:13084
- C:\Windows\System\IFCClvO.exe
  C:\Windows\System\IFCClvO.exe
  2⤵
  PID:13112
- C:\Windows\System\QyUjqsL.exe
  C:\Windows\System\QyUjqsL.exe
  2⤵
  PID:13140
- C:\Windows\System\ofNwVLR.exe
  C:\Windows\System\ofNwVLR.exe
  2⤵
  PID:13168
- C:\Windows\System\GDgCLFA.exe
  C:\Windows\System\GDgCLFA.exe
  2⤵
  PID:13196
- C:\Windows\System\GMBNFKx.exe
  C:\Windows\System\GMBNFKx.exe
  2⤵
  PID:13224
- C:\Windows\System\FAjlNdv.exe
  C:\Windows\System\FAjlNdv.exe
  2⤵
  PID:13260
- C:\Windows\System\bywDYon.exe
  C:\Windows\System\bywDYon.exe
  2⤵
  PID:13288
- C:\Windows\System\kMaplqx.exe
  C:\Windows\System\kMaplqx.exe
  2⤵
  PID:12292
- C:\Windows\System\ydwgNem.exe
  C:\Windows\System\ydwgNem.exe
  2⤵
  PID:12364
- C:\Windows\System\eOQVPDl.exe
  C:\Windows\System\eOQVPDl.exe
  2⤵
  PID:12428
- C:\Windows\System\dimfbLZ.exe
  C:\Windows\System\dimfbLZ.exe
  2⤵
  PID:12516
- C:\Windows\System\AbEJIpi.exe
  C:\Windows\System\AbEJIpi.exe
  2⤵
  PID:12560
- C:\Windows\System\sUtedRI.exe
  C:\Windows\System\sUtedRI.exe
  2⤵
  PID:12624
- C:\Windows\System\LgRFDeS.exe
  C:\Windows\System\LgRFDeS.exe
  2⤵
  PID:12684
- C:\Windows\System\WStVFWe.exe
  C:\Windows\System\WStVFWe.exe
  2⤵
  PID:12740
- C:\Windows\System\ZxGmOqK.exe
  C:\Windows\System\ZxGmOqK.exe
  2⤵
  PID:12812
- C:\Windows\System\DYpRtfs.exe
  C:\Windows\System\DYpRtfs.exe
  2⤵
  PID:12876
- C:\Windows\System\oejrfZS.exe
  C:\Windows\System\oejrfZS.exe
  2⤵
  PID:12940
- C:\Windows\System\akLArWD.exe
  C:\Windows\System\akLArWD.exe
  2⤵
  PID:13012
- C:\Windows\System\SvcmRqI.exe
  C:\Windows\System\SvcmRqI.exe
  2⤵
  PID:13076
- C:\Windows\System\JQeFyrN.exe
  C:\Windows\System\JQeFyrN.exe
  2⤵
  PID:13136
- C:\Windows\System\hleAErO.exe
  C:\Windows\System\hleAErO.exe
  2⤵
  PID:13208
- C:\Windows\System\fRfkgzm.exe
  C:\Windows\System\fRfkgzm.exe
  2⤵
  PID:13284
- C:\Windows\System\nvApeWh.exe
  C:\Windows\System\nvApeWh.exe
  2⤵
  PID:12344
- C:\Windows\System\eeIyfiT.exe
  C:\Windows\System\eeIyfiT.exe
  2⤵
  PID:12512
- C:\Windows\System\xyoEsOj.exe
  C:\Windows\System\xyoEsOj.exe
  2⤵
  PID:4616
- C:\Windows\System\kELLCBY.exe
  C:\Windows\System\kELLCBY.exe
  2⤵
  PID:12708
- C:\Windows\System\gpWsFOJ.exe
  C:\Windows\System\gpWsFOJ.exe
  2⤵
  PID:12840
- C:\Windows\System\GbtDJwb.exe
  C:\Windows\System\GbtDJwb.exe
  2⤵
  PID:12992
- C:\Windows\System\ZxySSQj.exe
  C:\Windows\System\ZxySSQj.exe
  2⤵
  PID:13068
- C:\Windows\System\QaUtYtE.exe
  C:\Windows\System\QaUtYtE.exe
  2⤵
  PID:13188
- C:\Windows\System\xNheqyY.exe
  C:\Windows\System\xNheqyY.exe
  2⤵
  PID:12320
- C:\Windows\System\bBwixel.exe
  C:\Windows\System\bBwixel.exe
  2⤵
  PID:12616
- C:\Windows\System\wRwBctV.exe
  C:\Windows\System\wRwBctV.exe
  2⤵
  PID:12904
- C:\Windows\System\EeDSSsl.exe
  C:\Windows\System\EeDSSsl.exe
  2⤵
  PID:13164
- C:\Windows\System\BtyyZyT.exe
  C:\Windows\System\BtyyZyT.exe
  2⤵
  PID:1352
- C:\Windows\System\aBZvXts.exe
  C:\Windows\System\aBZvXts.exe
  2⤵
  PID:4524
- C:\Windows\System\NzJPAUq.exe
  C:\Windows\System\NzJPAUq.exe
  2⤵
  PID:4628
- C:\Windows\System\tZLYFeJ.exe
  C:\Windows\System\tZLYFeJ.exe
  2⤵
  PID:13340
- C:\Windows\System\zIseoiW.exe
  C:\Windows\System\zIseoiW.exe
  2⤵
  PID:13368
- C:\Windows\System\VTuATcl.exe
  C:\Windows\System\VTuATcl.exe
  2⤵
  PID:13396
- C:\Windows\System\ZiSxhHf.exe
  C:\Windows\System\ZiSxhHf.exe
  2⤵
  PID:13424
- C:\Windows\System\PLIvpaT.exe
  C:\Windows\System\PLIvpaT.exe
  2⤵
  PID:13452
- C:\Windows\System\BdBJJNZ.exe
  C:\Windows\System\BdBJJNZ.exe
  2⤵
  PID:13480
- C:\Windows\System\rXerBfe.exe
  C:\Windows\System\rXerBfe.exe
  2⤵
  PID:13508
- C:\Windows\System\VhDMCnG.exe
  C:\Windows\System\VhDMCnG.exe
  2⤵
  PID:13536
- C:\Windows\System\gJXExCV.exe
  C:\Windows\System\gJXExCV.exe
  2⤵
  PID:13564
- C:\Windows\System\tLcpMAq.exe
  C:\Windows\System\tLcpMAq.exe
  2⤵
  PID:13592
- C:\Windows\System\xAduBiT.exe
  C:\Windows\System\xAduBiT.exe
  2⤵
  PID:13620
- C:\Windows\System\ksqqCNm.exe
  C:\Windows\System\ksqqCNm.exe
  2⤵
  PID:13648
- C:\Windows\System\zAWmSxz.exe
  C:\Windows\System\zAWmSxz.exe
  2⤵
  PID:13676
- C:\Windows\System\PLTdErY.exe
  C:\Windows\System\PLTdErY.exe
  2⤵
  PID:13704
- C:\Windows\System\dPPhGeL.exe
  C:\Windows\System\dPPhGeL.exe
  2⤵
  PID:13732
- C:\Windows\System\OrUgaNu.exe
  C:\Windows\System\OrUgaNu.exe
  2⤵
  PID:13768
- C:\Windows\System\IfkanUK.exe
  C:\Windows\System\IfkanUK.exe
  2⤵
  PID:13792
- C:\Windows\System\HWKKWWS.exe
  C:\Windows\System\HWKKWWS.exe
  2⤵
  PID:13820
- C:\Windows\System\BxrdKfO.exe
  C:\Windows\System\BxrdKfO.exe
  2⤵
  PID:13848
- C:\Windows\System\cnrfHTq.exe
  C:\Windows\System\cnrfHTq.exe
  2⤵
  PID:13876
- C:\Windows\System\zjxtpqq.exe
  C:\Windows\System\zjxtpqq.exe
  2⤵
  PID:13904
- C:\Windows\System\fmjYmdI.exe
  C:\Windows\System\fmjYmdI.exe
  2⤵
  PID:13932
- C:\Windows\System\MdozZhs.exe
  C:\Windows\System\MdozZhs.exe
  2⤵
  PID:13960
- C:\Windows\System\uerEtUt.exe
  C:\Windows\System\uerEtUt.exe
  2⤵
  PID:13988
- C:\Windows\System\YUONzYG.exe
  C:\Windows\System\YUONzYG.exe
  2⤵
  PID:14016
- C:\Windows\System\JNUrKYA.exe
  C:\Windows\System\JNUrKYA.exe
  2⤵
  PID:14044
- C:\Windows\System\RhxpPhh.exe
  C:\Windows\System\RhxpPhh.exe
  2⤵
  PID:14072
- C:\Windows\System\ASHAktK.exe
  C:\Windows\System\ASHAktK.exe
  2⤵
  PID:14100
- C:\Windows\System\dqnYmPo.exe
  C:\Windows\System\dqnYmPo.exe
  2⤵
  PID:14128
- C:\Windows\System\DcQHSKF.exe
  C:\Windows\System\DcQHSKF.exe
  2⤵
  PID:14156
- C:\Windows\System\MDPaBTf.exe
  C:\Windows\System\MDPaBTf.exe
  2⤵
  PID:14184
- C:\Windows\System\fEcqksG.exe
  C:\Windows\System\fEcqksG.exe
  2⤵
  PID:14212
- C:\Windows\System\BKpaRGu.exe
  C:\Windows\System\BKpaRGu.exe
  2⤵
  PID:14240
- C:\Windows\System\MggTHbb.exe
  C:\Windows\System\MggTHbb.exe
  2⤵
  PID:14268
- C:\Windows\System\ZyvYHgS.exe
  C:\Windows\System\ZyvYHgS.exe
  2⤵
  PID:14296
- C:\Windows\System\UDSyMce.exe
  C:\Windows\System\UDSyMce.exe
  2⤵
  PID:14328
- C:\Windows\System\tQCTYll.exe
  C:\Windows\System\tQCTYll.exe
  2⤵
  PID:13336
- C:\Windows\System\reXXyYk.exe
  C:\Windows\System\reXXyYk.exe
  2⤵
  PID:13436
- C:\Windows\System\pdtzKdr.exe
  C:\Windows\System\pdtzKdr.exe
  2⤵
  PID:13476
- C:\Windows\System\kkKnFep.exe
  C:\Windows\System\kkKnFep.exe
  2⤵
  PID:13532
- C:\Windows\System\JVozhTe.exe
  C:\Windows\System\JVozhTe.exe
  2⤵
  PID:13640
- C:\Windows\System\uTzJbJD.exe
  C:\Windows\System\uTzJbJD.exe
  2⤵
  PID:13716
- C:\Windows\System\zadAhHh.exe
  C:\Windows\System\zadAhHh.exe
  2⤵
  PID:13760
- C:\Windows\System\qfpDmea.exe
  C:\Windows\System\qfpDmea.exe
  2⤵
  PID:13860
- C:\Windows\System\HbBSivR.exe
  C:\Windows\System\HbBSivR.exe
  2⤵
  PID:13944
- C:\Windows\System\bKJYvXh.exe
  C:\Windows\System\bKJYvXh.exe
  2⤵
  PID:13980
- C:\Windows\System\WJAMccF.exe
  C:\Windows\System\WJAMccF.exe
  2⤵
  PID:14124
- C:\Windows\System\wCDUOXg.exe
  C:\Windows\System\wCDUOXg.exe
  2⤵
  PID:14224
- C:\Windows\System\DZKvCpS.exe
  C:\Windows\System\DZKvCpS.exe
  2⤵
  PID:14264
- C:\Windows\System\xlTxMlt.exe
  C:\Windows\System\xlTxMlt.exe
  2⤵
  PID:14320
- C:\Windows\System\qZbfJTm.exe
  C:\Windows\System\qZbfJTm.exe
  2⤵
  PID:13416
- C:\Windows\System\geLYKPQ.exe
  C:\Windows\System\geLYKPQ.exe
  2⤵
  PID:1280
- C:\Windows\System\HQCIArt.exe
  C:\Windows\System\HQCIArt.exe
  2⤵
  PID:13748
- C:\Windows\System\AUCUfhI.exe
  C:\Windows\System\AUCUfhI.exe
  2⤵
  PID:4252
- C:\Windows\System\bopnwAp.exe
  C:\Windows\System\bopnwAp.exe
  2⤵
  PID:13804
- C:\Windows\System\qtPYKId.exe
  C:\Windows\System\qtPYKId.exe
  2⤵
  PID:4464
- C:\Windows\System\RFMqQGo.exe
  C:\Windows\System\RFMqQGo.exe
  2⤵
  PID:13660
- C:\Windows\System\KKafolj.exe
  C:\Windows\System\KKafolj.exe
  2⤵
  PID:4324
- C:\Windows\System\BGxsuhi.exe
  C:\Windows\System\BGxsuhi.exe
  2⤵
  PID:14208
- C:\Windows\System\nROTCqZ.exe
  C:\Windows\System\nROTCqZ.exe
  2⤵
  PID:3380
- C:\Windows\System\PvTyRbb.exe
  C:\Windows\System\PvTyRbb.exe
  2⤵
  PID:14324
- C:\Windows\System\MFqYoTd.exe
  C:\Windows\System\MFqYoTd.exe
  2⤵
  PID:13756
- C:\Windows\System\UIAusEA.exe
  C:\Windows\System\UIAusEA.exe
  2⤵
  PID:13784
- C:\Windows\System\TKaSkgH.exe
  C:\Windows\System\TKaSkgH.exe
  2⤵
  PID:14308
- C:\Windows\System\WcbVnoY.exe
  C:\Windows\System\WcbVnoY.exe
  2⤵
  PID:13744
- C:\Windows\System\RpoItlw.exe
  C:\Windows\System\RpoItlw.exe
  2⤵
  PID:13504
- C:\Windows\System\nenkOyi.exe
  C:\Windows\System\nenkOyi.exe
  2⤵
  PID:14168
- C:\Windows\System\UYldBmi.exe
  C:\Windows\System\UYldBmi.exe
  2⤵
  PID:2904
- C:\Windows\System\vMIZfJp.exe
  C:\Windows\System\vMIZfJp.exe
  2⤵
  PID:14356
- C:\Windows\System\FFmmemC.exe
  C:\Windows\System\FFmmemC.exe
  2⤵
  PID:14384
- C:\Windows\System\uiAFUSV.exe
  C:\Windows\System\uiAFUSV.exe
  2⤵
  PID:14412
- C:\Windows\System\cLbOgld.exe
  C:\Windows\System\cLbOgld.exe
  2⤵
  PID:14440
- C:\Windows\System\JdTCLhT.exe
  C:\Windows\System\JdTCLhT.exe
  2⤵
  PID:14468
- C:\Windows\System\ydSWOFh.exe
  C:\Windows\System\ydSWOFh.exe
  2⤵
  PID:14496
- C:\Windows\System\SaSxsvb.exe
  C:\Windows\System\SaSxsvb.exe
  2⤵
  PID:14524
- C:\Windows\System\BAHkhff.exe
  C:\Windows\System\BAHkhff.exe
  2⤵
  PID:14556
- C:\Windows\System\GJHdoMd.exe
  C:\Windows\System\GJHdoMd.exe
  2⤵
  PID:14584
- C:\Windows\System\XpkZyKR.exe
  C:\Windows\System\XpkZyKR.exe
  2⤵
  PID:14612
- C:\Windows\System\nwprEkx.exe
  C:\Windows\System\nwprEkx.exe
  2⤵
  PID:14640
- C:\Windows\System\VQPABau.exe
  C:\Windows\System\VQPABau.exe
  2⤵
  PID:14668
- C:\Windows\System\kCvaiDq.exe
  C:\Windows\System\kCvaiDq.exe
  2⤵
  PID:14696
- C:\Windows\System\GSQOwQt.exe
  C:\Windows\System\GSQOwQt.exe
  2⤵
  PID:14724
- C:\Windows\System\IvZTQYH.exe
  C:\Windows\System\IvZTQYH.exe
  2⤵
  PID:14752
- C:\Windows\System\FUsyruu.exe
  C:\Windows\System\FUsyruu.exe
  2⤵
  PID:14780
- C:\Windows\System\mPZdERR.exe
  C:\Windows\System\mPZdERR.exe
  2⤵
  PID:14808
- C:\Windows\System\UVZYuyV.exe
  C:\Windows\System\UVZYuyV.exe
  2⤵
  PID:14836
- C:\Windows\System\XsHfPxW.exe
  C:\Windows\System\XsHfPxW.exe
  2⤵
  PID:14864
- C:\Windows\System\BvHplLf.exe
  C:\Windows\System\BvHplLf.exe
  2⤵
  PID:14892
- C:\Windows\System\yIbxVbg.exe
  C:\Windows\System\yIbxVbg.exe
  2⤵
  PID:14920
- C:\Windows\System\iqNCNIN.exe
  C:\Windows\System\iqNCNIN.exe
  2⤵
  PID:14948
- C:\Windows\System\jnQbWaR.exe
  C:\Windows\System\jnQbWaR.exe
  2⤵
  PID:14976
- C:\Windows\System\lcVTOhK.exe
  C:\Windows\System\lcVTOhK.exe
  2⤵
  PID:15004
- C:\Windows\System\eVuEkdW.exe
  C:\Windows\System\eVuEkdW.exe
  2⤵
  PID:15032
- C:\Windows\System\tTsWNTL.exe
  C:\Windows\System\tTsWNTL.exe
  2⤵
  PID:15060
- C:\Windows\System\WOHoHbJ.exe
  C:\Windows\System\WOHoHbJ.exe
  2⤵
  PID:15088
- C:\Windows\System\KrWLQFE.exe
  C:\Windows\System\KrWLQFE.exe
  2⤵
  PID:15116
- C:\Windows\System\tbpEWrd.exe
  C:\Windows\System\tbpEWrd.exe
  2⤵
  PID:15144
- C:\Windows\System\nfSijZR.exe
  C:\Windows\System\nfSijZR.exe
  2⤵
  PID:15172
- C:\Windows\System\iQwlueA.exe
  C:\Windows\System\iQwlueA.exe
  2⤵
  PID:15200
- C:\Windows\System\YBLVitw.exe
  C:\Windows\System\YBLVitw.exe
  2⤵
  PID:15228
- C:\Windows\System\lxODbyv.exe
  C:\Windows\System\lxODbyv.exe
  2⤵
  PID:15256
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 15256 -s 248
    3⤵
    PID:14636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BSsNjBR.exe

Filesize
6.0MB

MD5
84c23b8c5fafbaff4b1272dbdb4fd60e

SHA1
cc86945322ebd88e1f3f572e6a150d993c06f12e

SHA256
bfeb260a6e16c58a60d5375bc3295fba3ca4e49f3969394ac4764b71238ab187

SHA512
145a10bc5574c8990a952d514c347c9a6c0b5af7dfe9a2fdbff19b96d1361b4c3ecb98eecb54c7400f7c7a208d49192fae083f11b2dace53a9f5a2f5c09f39a5

Download Submit
C:\Windows\System\CQUitbw.exe

Filesize
6.0MB

MD5
ac3551389e56ef41003788e10048381d

SHA1
67b1a8f13858138cf0bb20188ec8f75c83a123c0

SHA256
c321ca61a80388db147387d0bd79cead7bcec5d4420cafb4e98d55bfaa297664

SHA512
71665ac5788780745c81f24e9a80af2c81be5b418d29788913bb7c382bdbb8baea697b888dd31cd20101e51143da61b26489ca367be52a780a1e8a8d61a60577

Download Submit
C:\Windows\System\CdyyEiU.exe

Filesize
6.0MB

MD5
16b95193ae5e269af1834aeddb9d8028

SHA1
09ca88186133d53ad4abed93a87712fe059a374b

SHA256
4418bb48ba22f3635b868484785edf3d5ff90f83bc782b132285cddbbf176bb1

SHA512
57e7d2635e418ec26911b9302c41070409464bc3f7be2554f7a5318ae91367d73f9854e932cacd2c021d8826b2fb039068992901bc8baa6eaca35a2fd6103844

Download Submit
C:\Windows\System\DIzEjYv.exe

Filesize
6.0MB

MD5
92a0975df7765509548cb8648084e73c

SHA1
ec6e56f27d36f826b49eaf0101a414adcd8b07af

SHA256
3afb15ccbf97a19543c04f21adaa74e5f4e47c8e30bb86068d0f8ef7965977d3

SHA512
282c14bd6f12e8893fa645ccaa8545534f937c8a94e0ed71eaf37c278b5f95c6f252e356c7a5eede9ea24d8c68305c8094b06e782af31136d331c6332c021cfe

Download Submit
C:\Windows\System\EkFGGju.exe

Filesize
6.0MB

MD5
1b05bb7872eb97dfa8c6a81438ca63ed

SHA1
079a680853da425819e1f3b777c970726ca4fd5e

SHA256
e824a52e2ab8901cfdad14effcff6ced4d501d1b68d9276f10d0d43d5fe7e987

SHA512
bcfc21f51318af451d5a18a8fd9b8b426e8d17b6baf826f2eca368219d97ddfeab23a81ec8a1c23b07b58eecfa76c2485cb2ee229b85e4ff86db96bb4d5edb60

Download Submit
C:\Windows\System\FPTlvJt.exe

Filesize
6.0MB

MD5
ba50068fc2041040559996a05335dc8e

SHA1
e3a19e99fa51a2aad430d930a677a6836ee796bb

SHA256
f7566f412d30f5780c9899b2eced4705d9ddbd77ead5cd6409283d881ec92fc8

SHA512
d950561f8fa34939eb3659e939ecdc7910b53cf24af41043148c9a50cfc4bc3aa6a204e818990b59cc1449e87250e6a0c2a3d1a9d3243e142c7dd7658ed07489

Download Submit
C:\Windows\System\IxuORYk.exe

Filesize
6.0MB

MD5
c701e7d3339f3e333b39084cd79aa5c9

SHA1
a8706cc581a2752ca9995cb47a00080897efb82a

SHA256
917beca8ddfdecea4df02d25995c0649eb1be0d7b7e731cccefc9d6e31301121

SHA512
44fa4ab8dc0228592d695cc5a64454330247fe89871aabc1f450e16f79f72c457073d3ab13349071deecc3a903bed84e456ec1626d51b4a711ba33b2ac2be971

Download Submit
C:\Windows\System\JbnqKMU.exe

Filesize
6.0MB

MD5
f983bb281b0d548eccbfc788746d4363

SHA1
6095a1ab006ceaf886f99e3325d9878cfbb7a078

SHA256
65db1e705a95888e35e0c5f14284503e3e79a4e2921884d2fc8115b2257e9812

SHA512
75c296b61f519c57ff7f06bd08400bfd3213561bb2184547a00fd0f2463154fee848e60c9193b62d881813743bdad5d2e06dcd74f97b49e7c4b2635facbbf88b

Download Submit
C:\Windows\System\JjLgtWR.exe

Filesize
6.0MB

MD5
d03e2ed9a88d77d28abcb0e4e5e70c54

SHA1
6f896dcb64a5c7fd1350046e92d87f7e45f1ecd5

SHA256
ac0f642e6afa583a261fdd5d4ad8e2606ff36d24c3b2a27928b056c24fcd7de7

SHA512
1f9dc9131eef5b6b77e6cfff5b0e4d1dec8cde669ce1d75f034788aa2fde196afc3d75ced196b0a8fa4fe5bfa18acebf4b852d29822c8c3c38abed6127e85e6f

Download Submit
C:\Windows\System\KQdPnHy.exe

Filesize
6.0MB

MD5
4093ee6057caa7eec3383385454931ed

SHA1
76c036caf7dddafd989ca35f9fabae41ef754891

SHA256
ef5e07f653a3323a774badc17b159bcee75aa661aa25492bf734f36c5cd36d6e

SHA512
fa65d1607a089538d33fb06db4b3ce4ef98738bb4603308772f91d67c56e6405e0e09aa7e8f7b471b1cc17dd03a50f1e092a28bcb32425cc9ab758736a75c795

Download Submit
C:\Windows\System\KhPcbJl.exe

Filesize
6.0MB

MD5
4caa3db1e1c88f67f91a9ff611a1fad0

SHA1
9600880accb502e550dc34f5e3610ba0fd35d72d

SHA256
e501e9eb1fa8d0dc55063b7492c7f9617fbf2badd4315e7e4445f40e0d1296b1

SHA512
483b55dbdfcd766626f6eadd42076db383f28dd788e8b64d2bcc0ae0706fe9338290c21e8dcdf4dfc0a2f9a0bb40242d3b4ef3505820fad72d7db724c3c1c81b

Download Submit
C:\Windows\System\OmCvxcM.exe

Filesize
6.0MB

MD5
576acdc5211f89a9621d58dbdb7715d9

SHA1
c1b190ccf5ce3662b8283acb95f5c4d5985bfb2a

SHA256
b34b465849a1655cace75d8ad09699bfeea4f72cd8140269992e3fcb7ff3e25d

SHA512
c3c80dd6b943c952c8b88ac73c35b967f4072e88e110ef79dca6bcbd48ec5509fc3a0dba3e95578c3a5b8e35917d5ff4bce3262eeca72624f1b86bcd751cb84d

Download Submit
C:\Windows\System\PmiTNff.exe

Filesize
6.0MB

MD5
c17806d7c53ae1154634af9d33378a76

SHA1
19df0dc14beb4bf40d8b5c9c29f301075c09984f

SHA256
27dfbc9ae1c06073092f04cc241a662d04eda884d0c8564de61728ab42106c78

SHA512
24b4f16fb42298dc12536f5ce1d76bdb5170e0ac00c765858d830340c58609fa3fd40d5a55883a2beb6fa2db33fee0832755d5822f91165f46ac32ed706febd0

Download Submit
C:\Windows\System\RQXMazK.exe

Filesize
6.0MB

MD5
421573ea4b9fa5d3d607d1ba62ad7582

SHA1
2ea06fab66d9c71a311ca5d2e44ae2de9b4a9ac2

SHA256
0996292f83ce74dc298ba8a1b1a05c4110285634ea7be605a0eddf7d8843eda8

SHA512
b2a3c9bf527d20230be7929914601b36ec7fafb19fd9dba4d01936491b33759510cdc51b714890b6cce7176c0fcb3358817028f86ed6cd5f27007036d1e2eba8

Download Submit
C:\Windows\System\SPuBRLD.exe

Filesize
6.0MB

MD5
6b16c2705749b3d93cf8bd2ae636f932

SHA1
973e8da09ec14b86d88844ba07d02633ca580cac

SHA256
97135c77e7383f4665139275ad5104480f70d9c5a6a67d439f9cbaf1c032038e

SHA512
bc14daa2c83d29bf5387573d9ac2ab9becec6624a08abebfa855270b4c4bf3d865efd1ea1b7d9d9faf30459f41e14333b6d19cc28a48a50efdd13c6d479e77d7

Download Submit
C:\Windows\System\TDFTXWa.exe

Filesize
6.0MB

MD5
5ebfe87c03b7de62b0b5c2e8c406d31d

SHA1
136b07869e60fa9ad871e86a581ce8bc2afd98a7

SHA256
e5ff4270e475fe23265aecd923ffec247398ecc6f1024b31445f91b6114ae7d9

SHA512
32d53be91add9c4fa73fbe46c6aaa9b039c0f37f0013d2c899af025cf07d4c7acebb9a6d300b5eb0bc6b77380e8b98a56d679895fe55d2639af99b361a0ff90e

Download Submit
C:\Windows\System\WPvRMZk.exe

Filesize
6.0MB

MD5
dba25eafe28c4c33f63dfb9ee120206d

SHA1
d8aa0c051b873368dda41f32cc124d010e801ea9

SHA256
28b5598e92d636a881b9db326fb125220df4579b4562b14a4bf88ac7035b3efa

SHA512
7af51db34bd3100cfca54613192d2520f64d1dc035dc8a14019099bcd8ed21ff4de4f2b444efaef9fe22087820ed41b83c534c328a8ee1a9d2b94c3a16850516

Download Submit
C:\Windows\System\YGWTdLb.exe

Filesize
6.0MB

MD5
0f7c891ced49270a06d39f1aa1d2e64a

SHA1
b397153abdebf0e409628f100a3f0b281e71085e

SHA256
f3ae7c795fe6352a2c7dfad61ec24d76b82a43f788bb24e96a26c334dd30a76c

SHA512
43684ad2b26c461b7a32ce94588e0839a421f825e3c20edb63a8927e38ebb36bde4ea0c2c2002104e0f409f31ac0ee6462f49b7c7d0c445da07fa67bc9b505e0

Download Submit
C:\Windows\System\eUscsOX.exe

Filesize
6.0MB

MD5
c7b611baf9f0f555e9fa90011d9cbc25

SHA1
b3963bc0ce75b73ad65b35d3843453741e248121

SHA256
fc6470aea54ec316a201824e5182cc083dfe87f19efd051f4eecd750063fd3b4

SHA512
6045fe5a5de9db4afbfc6287e41584a8b81ba7f76d61312f790dd841a5fbd5166dba763955f84fb8a01fb6a106f42a07e198196df4999b28f4ae905377aeba47

Download Submit
C:\Windows\System\gpaNNMM.exe

Filesize
6.0MB

MD5
fdf7e8ac1eca75db2aea530073536a27

SHA1
ad63a5bb7dea8479da0c8c2c41611e9cbc3619c4

SHA256
b68b5861937790e9df5372638dc30cbc7f64c17a29b0190019a2c1d121cf473c

SHA512
aa6d71e9927b5d9ac619cfa131c6b622175159b1da48538022de0761af58f523f2ca7e84623e2a55e2a12c39e7643a273b6a1d8da84bb4b7d2563bc7f017b45c

Download Submit
C:\Windows\System\iFcuknj.exe

Filesize
6.0MB

MD5
496c055b561ddc7332e04a875e4948c1

SHA1
4aa0833d290b1f21833b32455bf63f446ad73e06

SHA256
116094da73159811831778e93dc3677559cdea5d67b2d262f0ee3848da5fc00e

SHA512
84d0ed790f6a2cf1c4e869911a3a6145a9ac731fc4f906943be767f0e814c19ac8d48838c18d469a7121b6593b07b5ce30c460c5cbfe6ae0bfaa2b9f24cdc3ce

Download Submit
C:\Windows\System\iGAOdnn.exe

Filesize
6.0MB

MD5
d44c8f6efd17b6b98f1ffa177e0cf6af

SHA1
e1f09927de8a5feb3b0e9438414b528a8c632c29

SHA256
a9a8749da10d2ce13c33547d0810d744053fc6a037e3ee581267a3f968bf08cd

SHA512
189777a8c814fc5eff022a0318c67eebd4dcb183b0562b6c001f69f02eb754ce29330b5c8487deca4574be955feba0fbb7d775690c89fda31c25066e28361448

Download Submit
C:\Windows\System\kXIrkHF.exe

Filesize
6.0MB

MD5
0b5ea6e55e19095928746b4f06ba3d9b

SHA1
34bd6c2e7b266e5addc2accb996a99ad9b3fd519

SHA256
6ba0cb18a34eec97710c3d9ed050574d06ee132eb0f62e3d9b8aa97ccc6e6a79

SHA512
0301599f435c710284817c0edd6adc0156f08091999a8c01c4f1c19a21030beb80f197d9de78072c284c9f072967ad374f8b84cc4463219433b8db4dbf9612e9

Download Submit
C:\Windows\System\kiNTljI.exe

Filesize
6.0MB

MD5
ae7c86302f8122482dd17082c0a4b531

SHA1
12f8153828dbf1c3434bad29c84604c4dad67eac

SHA256
8b7a58868809ba3c04ccad7bd7027726dc629a05e33366905955624937cb8196

SHA512
2694594ac350a86a578e6197e220e7f9f114c6354338f2c20c04bb2ad76bcf8f8e76dc812d54a3d4347e53bebee3874d9c5ef7954d2e161e8279e45ba08a6a0d

Download Submit
C:\Windows\System\mVPZyML.exe

Filesize
6.0MB

MD5
04603319450eb18cc5c747ee45029b43

SHA1
d55f732fb669bdfaf11aeca5ebba409894037449

SHA256
8dd54d486f2b57263dd312a0a3c89f4babcc98594e8529fa64e84447ccad1b24

SHA512
bf44008439de6924b1c6fd2e9cb7b594b17030ff6e727a71387b1cdc2b70b70d715747a9d1a2d88bd281e72dd568ae60434298f6652c6a54cec46e8d634f6c41

Download Submit
C:\Windows\System\mVWMrkX.exe

Filesize
6.0MB

MD5
0268a0408d5c1fc5fe72d25e2edb5da8

SHA1
cb43302642c40e8ab6c21b7158e4b0c87fca4f68

SHA256
72b0b56c9e41103fdb6c535348b2b385488de346aba1e44b0144ed42e5652a9f

SHA512
4c94be01089de41d7ac26bad809d3f6c24e539998f5da347848f8aa3877e3750f80ed048b0040d508878cc690aec2e9768e3aaf542e5b396b392b3a1fac4de8b

Download Submit
C:\Windows\System\mwdZLBz.exe

Filesize
6.0MB

MD5
75d8529a799415877224f448648b628e

SHA1
ef9e3f3097af30898eb701279be4fd0522600055

SHA256
89f28a32ab91905327ea45ca7c37b0828e48f5f4e58cedc5c2c5e6247d4a9961

SHA512
19888c7af649663185c0a07bf76796a846b39dee14eded80f57e456d315e20a06c9936dc15ed7d0dcc10252e5c11f69f7da7e943484e125cd46c22d0d5b87ef4

Download Submit
C:\Windows\System\pYWaUGX.exe

Filesize
6.0MB

MD5
63f4543c346c92b0faf2a045073e4af4

SHA1
fc9e84ba908a23e4d1765575050eed7bd8b037ce

SHA256
91343900fe72b659093286736568fa871b771d470fe0edc918d7feba0c46eb12

SHA512
895de478b4f5109b0ec6a71306ed7a6507b91b2258dd3cccafd0195eac465a186353829456968b3c6ef3aa5a548dd342548a5b811341dba257e0e0d50aaeb2df

Download Submit
C:\Windows\System\qkasQVq.exe

Filesize
6.0MB

MD5
90d07c86ed6890d2607af5813f477ba3

SHA1
e62414cf412c61f53ded14624ee8f2335ee74659

SHA256
4ed6ddfd32ac3b22c7b6fc2945e2a281ae018c65a8dcbc29354f3828c7a607df

SHA512
d51170c65af5a3dc34954a1558cf70c7318067b747303d552bc4bb8af6d89f81a34810659925a7e670250eb2c2d943b742f80448f7a995b77548c47980f3d8d9

Download Submit
C:\Windows\System\uhwZdEq.exe

Filesize
6.0MB

MD5
9b6a445453cb7e6324a842de3f1ac30e

SHA1
2ec659214e7abad60f716292f3a5cb6250bc0797

SHA256
d7f8cb12c87d595c387b687fe59d7b3445c783747844fd89334e342c27002acb

SHA512
b20969d4e1a2662b88d76b4a6b8957efd1c379855a00fb01cfccb95e058b03f4edaa7e21c11d6c85c3a028298d993f948f54d518e176b1b44e5fd22d51356c02

Download Submit
C:\Windows\System\ulToGgE.exe

Filesize
6.0MB

MD5
81d08dca75ff2e606d4cc88d3a6b418e

SHA1
72e4bb49de16952d4bfa89fa4aa418c2e2b5d3f2

SHA256
3cbdcafb23b069aaf0217e2e86fdfaea872614dae26a4a6172e47463fd6f3a7e

SHA512
dc875f15dfb96e03622041d40ed74cb41d1c00f2568a307b9db22568a1234161103a5e518eb8a3794edb23d88ecb31747c044346cb59e196e3e7d3e74d8aa0bc

Download Submit
C:\Windows\System\uqJMxOl.exe

Filesize
6.0MB

MD5
7a821b5488223fe9d832fba0f5371c67

SHA1
de3bf119df315d9c61e49c22ce0022b09f45f2f7

SHA256
3103c51a20cd0b1e5bf7c33ae740a6918f6be27e1e48dbe479ec90d32683c4f2

SHA512
8145a026cad5aabde77fed9f125eb7bcb3fa4a9b920cace7aa65c23bec2b30bfcd854ced939a08080b7e66927524504075d00c943f8e64740c497155a6ce5f4c

Download Submit
C:\Windows\System\xlIISEs.exe

Filesize
6.0MB

MD5
6b5ccc6dad93ea80af74c5a02a990489

SHA1
b6453f6d8177645350a750621c141acbf97dd620

SHA256
8def209f8ce687ed0799be4d165bafcd36dc545aafeb2f816faab88a9ccf46a1

SHA512
b8d0eef971555a20c005f3e54f84662efe6cbc6547360a380ab1e3d946aaa27a6b29c704a6a31d346f95ceff96ba562100d5725fc39a5ad3d47cb5b1c15a9c82

Download Submit
memory/220-208-0x00007FF7ACEA0000-0x00007FF7AD1F4000-memory.dmp

Filesize
3.3MB

Download
memory/220-2084-0x00007FF7ACEA0000-0x00007FF7AD1F4000-memory.dmp

Filesize
3.3MB

Download
memory/220-136-0x00007FF7ACEA0000-0x00007FF7AD1F4000-memory.dmp

Filesize
3.3MB

Download
memory/336-528-0x00007FF601E00000-0x00007FF602154000-memory.dmp

Filesize
3.3MB

Download
memory/336-171-0x00007FF601E00000-0x00007FF602154000-memory.dmp

Filesize
3.3MB

Download
memory/336-2311-0x00007FF601E00000-0x00007FF602154000-memory.dmp

Filesize
3.3MB

Download
memory/648-174-0x00007FF7CD600000-0x00007FF7CD954000-memory.dmp

Filesize
3.3MB

Download
memory/648-2074-0x00007FF7CD600000-0x00007FF7CD954000-memory.dmp

Filesize
3.3MB

Download
memory/648-92-0x00007FF7CD600000-0x00007FF7CD954000-memory.dmp

Filesize
3.3MB

Download
memory/796-1627-0x00007FF62FC20000-0x00007FF62FF74000-memory.dmp

Filesize
3.3MB

Download
memory/796-121-0x00007FF62FC20000-0x00007FF62FF74000-memory.dmp

Filesize
3.3MB

Download
memory/796-31-0x00007FF62FC20000-0x00007FF62FF74000-memory.dmp

Filesize
3.3MB

Download
memory/948-178-0x00007FF67D180000-0x00007FF67D4D4000-memory.dmp

Filesize
3.3MB

Download
memory/948-643-0x00007FF67D180000-0x00007FF67D4D4000-memory.dmp

Filesize
3.3MB

Download
memory/948-2313-0x00007FF67D180000-0x00007FF67D4D4000-memory.dmp

Filesize
3.3MB

Download
memory/1248-2098-0x00007FF709610000-0x00007FF709964000-memory.dmp

Filesize
3.3MB

Download
memory/1248-148-0x00007FF709610000-0x00007FF709964000-memory.dmp

Filesize
3.3MB

Download
memory/1692-157-0x00007FF7E0050000-0x00007FF7E03A4000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2087-0x00007FF742D30000-0x00007FF743084000-memory.dmp

Filesize
3.3MB

Download
memory/1940-115-0x00007FF742D30000-0x00007FF743084000-memory.dmp

Filesize
3.3MB

Download
memory/1964-2314-0x00007FF718E70000-0x00007FF7191C4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-709-0x00007FF718E70000-0x00007FF7191C4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-179-0x00007FF718E70000-0x00007FF7191C4000-memory.dmp

Filesize
3.3MB

Download
memory/2044-2312-0x00007FF70D230000-0x00007FF70D584000-memory.dmp

Filesize
3.3MB

Download
memory/2044-187-0x00007FF70D230000-0x00007FF70D584000-memory.dmp

Filesize
3.3MB

Download
memory/2068-29-0x00007FF648940000-0x00007FF648C94000-memory.dmp

Filesize
3.3MB

Download
memory/2068-1629-0x00007FF648940000-0x00007FF648C94000-memory.dmp

Filesize
3.3MB

Download
memory/2068-116-0x00007FF648940000-0x00007FF648C94000-memory.dmp

Filesize
3.3MB

Download
memory/2444-111-0x00007FF71EA50000-0x00007FF71EDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-1628-0x00007FF71EA50000-0x00007FF71EDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-25-0x00007FF71EA50000-0x00007FF71EDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2460-146-0x00007FF7519A0000-0x00007FF751CF4000-memory.dmp

Filesize
3.3MB

Download
memory/2460-1638-0x00007FF7519A0000-0x00007FF751CF4000-memory.dmp

Filesize
3.3MB

Download
memory/2460-62-0x00007FF7519A0000-0x00007FF751CF4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-24-0x00007FF7CAA00000-0x00007FF7CAD54000-memory.dmp

Filesize
3.3MB

Download
memory/2540-108-0x00007FF7CAA00000-0x00007FF7CAD54000-memory.dmp

Filesize
3.3MB

Download
memory/2540-1622-0x00007FF7CAA00000-0x00007FF7CAD54000-memory.dmp

Filesize
3.3MB

Download
memory/3104-1632-0x00007FF79CF10000-0x00007FF79D264000-memory.dmp

Filesize
3.3MB

Download
memory/3104-63-0x00007FF79CF10000-0x00007FF79D264000-memory.dmp

Filesize
3.3MB

Download
memory/3488-106-0x00007FF7DF720000-0x00007FF7DFA74000-memory.dmp

Filesize
3.3MB

Download
memory/3488-2075-0x00007FF7DF720000-0x00007FF7DFA74000-memory.dmp

Filesize
3.3MB

Download
memory/3524-140-0x00007FF764A70000-0x00007FF764DC4000-memory.dmp

Filesize
3.3MB

Download
memory/3524-2099-0x00007FF764A70000-0x00007FF764DC4000-memory.dmp

Filesize
3.3MB

Download
memory/3524-273-0x00007FF764A70000-0x00007FF764DC4000-memory.dmp

Filesize
3.3MB

Download
memory/3984-1626-0x00007FF6A9090000-0x00007FF6A93E4000-memory.dmp

Filesize
3.3MB

Download
memory/3984-59-0x00007FF6A9090000-0x00007FF6A93E4000-memory.dmp

Filesize
3.3MB

Download
memory/3984-141-0x00007FF6A9090000-0x00007FF6A93E4000-memory.dmp

Filesize
3.3MB

Download
memory/4280-60-0x00007FF7F3900000-0x00007FF7F3C54000-memory.dmp

Filesize
3.3MB

Download
memory/4280-1635-0x00007FF7F3900000-0x00007FF7F3C54000-memory.dmp

Filesize
3.3MB

Download
memory/4292-1614-0x00007FF6BFFB0000-0x00007FF6C0304000-memory.dmp

Filesize
3.3MB

Download
memory/4292-88-0x00007FF6BFFB0000-0x00007FF6C0304000-memory.dmp

Filesize
3.3MB

Download
memory/4292-20-0x00007FF6BFFB0000-0x00007FF6C0304000-memory.dmp

Filesize
3.3MB

Download
memory/4300-109-0x00007FF73E3D0000-0x00007FF73E724000-memory.dmp

Filesize
3.3MB

Download
memory/4300-2080-0x00007FF73E3D0000-0x00007FF73E724000-memory.dmp

Filesize
3.3MB

Download
memory/4416-527-0x00007FF7013A0000-0x00007FF7016F4000-memory.dmp

Filesize
3.3MB

Download
memory/4416-2310-0x00007FF7013A0000-0x00007FF7016F4000-memory.dmp

Filesize
3.3MB

Download
memory/4416-162-0x00007FF7013A0000-0x00007FF7016F4000-memory.dmp

Filesize
3.3MB

Download
memory/4472-72-0x00007FF6C8C90000-0x00007FF6C8FE4000-memory.dmp

Filesize
3.3MB

Download
memory/4472-2060-0x00007FF6C8C90000-0x00007FF6C8FE4000-memory.dmp

Filesize
3.3MB

Download
memory/4472-159-0x00007FF6C8C90000-0x00007FF6C8FE4000-memory.dmp

Filesize
3.3MB

Download
memory/4696-2089-0x00007FF6D5200000-0x00007FF6D5554000-memory.dmp

Filesize
3.3MB

Download
memory/4696-147-0x00007FF6D5200000-0x00007FF6D5554000-memory.dmp

Filesize
3.3MB

Download
memory/4708-1-0x000002AC284E0000-0x000002AC284F0000-memory.dmp

Filesize
64KB

Download
memory/4708-0-0x00007FF744730000-0x00007FF744A84000-memory.dmp

Filesize
3.3MB

Download
memory/4708-84-0x00007FF744730000-0x00007FF744A84000-memory.dmp

Filesize
3.3MB

Download
memory/4800-139-0x00007FF75CE30000-0x00007FF75D184000-memory.dmp

Filesize
3.3MB

Download
memory/4800-2082-0x00007FF75CE30000-0x00007FF75D184000-memory.dmp

Filesize
3.3MB

Download
memory/4852-8-0x00007FF714810000-0x00007FF714B64000-memory.dmp

Filesize
3.3MB

Download
memory/4852-1600-0x00007FF714810000-0x00007FF714B64000-memory.dmp

Filesize
3.3MB

Download
memory/4856-154-0x00007FF650CF0000-0x00007FF651044000-memory.dmp

Filesize
3.3MB

Download
memory/4856-1639-0x00007FF650CF0000-0x00007FF651044000-memory.dmp

Filesize
3.3MB

Download
memory/4856-64-0x00007FF650CF0000-0x00007FF651044000-memory.dmp

Filesize
3.3MB

Download
memory/4988-2079-0x00007FF70CA30000-0x00007FF70CD84000-memory.dmp

Filesize
3.3MB

Download
memory/4988-110-0x00007FF70CA30000-0x00007FF70CD84000-memory.dmp

Filesize
3.3MB

Download
memory/5108-85-0x00007FF68C9A0000-0x00007FF68CCF4000-memory.dmp

Filesize
3.3MB

Download
memory/5108-2064-0x00007FF68C9A0000-0x00007FF68CCF4000-memory.dmp

Filesize
3.3MB

Download