cobaltstrike | b640afa8bec303ca319a950c3e1281955e5fe4059afd62aa05b850f095a1d0ea

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-01-2025 16:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

a408366233e67aa0efa1502da7c75d9c
SHA1

7fdb8c5d0555029e20406860e5047fdc38bac018
SHA256

b640afa8bec303ca319a950c3e1281955e5fe4059afd62aa05b850f095a1d0ea
SHA512

3bbe7a7cd3bb96da59ecf241e5a0c9270a6f4b1da0c335bcb579a2feded9b12c807f718fb8ad304533574ebe298c75a3766766285604a425df1d9d51787c143d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUN:T+q56utgpPF8u/7N

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0008000000023c9c-4.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca1-8.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca0-9.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca2-23.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca3-28.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c9d-35.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca4-41.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca5-46.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca7-60.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca8-66.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023caa-71.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cac-85.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cad-102.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb2-126.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb5-147.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbd-200.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbf-210.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbe-205.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbc-203.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbb-198.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cba-188.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb9-183.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb8-178.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb7-173.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb6-166.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb4-150.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb3-144.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb1-129.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023caf-122.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb0-115.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cae-113.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cab-91.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca9-78.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/5032-0-0x00007FF72AC80000-0x00007FF72AFD4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c9c-4.dat	xmrig
behavioral2/memory/532-6-0x00007FF6B2470000-0x00007FF6B27C4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca1-8.dat	xmrig
behavioral2/files/0x0007000000023ca0-9.dat	xmrig
behavioral2/memory/492-12-0x00007FF67FB20000-0x00007FF67FE74000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca2-23.dat	xmrig
behavioral2/memory/1732-21-0x00007FF64E9A0000-0x00007FF64ECF4000-memory.dmp	xmrig
behavioral2/memory/4560-24-0x00007FF6F1B10000-0x00007FF6F1E64000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca3-28.dat	xmrig
behavioral2/memory/4628-32-0x00007FF732F60000-0x00007FF7332B4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c9d-35.dat	xmrig
behavioral2/memory/2816-36-0x00007FF76DC10000-0x00007FF76DF64000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca4-41.dat	xmrig
behavioral2/memory/2004-42-0x00007FF635210000-0x00007FF635564000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca5-46.dat	xmrig
behavioral2/files/0x0007000000023ca7-60.dat	xmrig
behavioral2/files/0x0007000000023ca8-66.dat	xmrig
behavioral2/files/0x0007000000023caa-71.dat	xmrig
behavioral2/files/0x0007000000023cac-85.dat	xmrig
behavioral2/memory/4156-87-0x00007FF760820000-0x00007FF760B74000-memory.dmp	xmrig
behavioral2/memory/2816-95-0x00007FF76DC10000-0x00007FF76DF64000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cad-102.dat	xmrig
behavioral2/memory/4368-108-0x00007FF775C60000-0x00007FF775FB4000-memory.dmp	xmrig
behavioral2/memory/3896-118-0x00007FF62F680000-0x00007FF62F9D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb2-126.dat	xmrig
behavioral2/files/0x0007000000023cb5-147.dat	xmrig
behavioral2/memory/4156-157-0x00007FF760820000-0x00007FF760B74000-memory.dmp	xmrig
behavioral2/memory/900-185-0x00007FF6153F0000-0x00007FF615744000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cbd-200.dat	xmrig
behavioral2/memory/5104-893-0x00007FF779570000-0x00007FF7798C4000-memory.dmp	xmrig
behavioral2/memory/4000-890-0x00007FF60C670000-0x00007FF60C9C4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cbf-210.dat	xmrig
behavioral2/files/0x0007000000023cbe-205.dat	xmrig
behavioral2/files/0x0007000000023cbc-203.dat	xmrig
behavioral2/files/0x0007000000023cbb-198.dat	xmrig
behavioral2/memory/4344-194-0x00007FF73F5E0000-0x00007FF73F934000-memory.dmp	xmrig
behavioral2/memory/4696-193-0x00007FF6A1DC0000-0x00007FF6A2114000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cba-188.dat	xmrig
behavioral2/files/0x0007000000023cb9-183.dat	xmrig
behavioral2/memory/560-181-0x00007FF664DE0000-0x00007FF665134000-memory.dmp	xmrig
behavioral2/memory/488-180-0x00007FF6C85B0000-0x00007FF6C8904000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb8-178.dat	xmrig
behavioral2/files/0x0007000000023cb7-173.dat	xmrig
behavioral2/memory/216-172-0x00007FF626E40000-0x00007FF627194000-memory.dmp	xmrig
behavioral2/memory/3512-171-0x00007FF674C30000-0x00007FF674F84000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb6-166.dat	xmrig
behavioral2/memory/4368-165-0x00007FF775C60000-0x00007FF775FB4000-memory.dmp	xmrig
behavioral2/memory/2872-164-0x00007FF664F20000-0x00007FF665274000-memory.dmp	xmrig
behavioral2/memory/4952-158-0x00007FF6F21D0000-0x00007FF6F2524000-memory.dmp	xmrig
behavioral2/memory/2856-156-0x00007FF63A7E0000-0x00007FF63AB34000-memory.dmp	xmrig
behavioral2/memory/1616-152-0x00007FF609230000-0x00007FF609584000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb4-150.dat	xmrig
behavioral2/memory/1044-146-0x00007FF6CA8F0000-0x00007FF6CAC44000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb3-144.dat	xmrig
behavioral2/memory/2940-141-0x00007FF79C460000-0x00007FF79C7B4000-memory.dmp	xmrig
behavioral2/memory/3848-140-0x00007FF76EEF0000-0x00007FF76F244000-memory.dmp	xmrig
behavioral2/memory/5104-139-0x00007FF779570000-0x00007FF7798C4000-memory.dmp	xmrig
behavioral2/memory/4000-135-0x00007FF60C670000-0x00007FF60C9C4000-memory.dmp	xmrig
behavioral2/memory/1380-131-0x00007FF612820000-0x00007FF612B74000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb1-129.dat	xmrig
behavioral2/memory/3592-125-0x00007FF78AEB0000-0x00007FF78B204000-memory.dmp	xmrig
behavioral2/memory/4696-124-0x00007FF6A1DC0000-0x00007FF6A2114000-memory.dmp	xmrig
behavioral2/files/0x0007000000023caf-122.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
532	iLuPffX.exe
492	fEtYTwl.exe
1732	RMiHflY.exe
4560	nFIzGke.exe
4628	KFjhVsP.exe
2816	QHsMlEJ.exe
2004	NEIJxIr.exe
3896	xYjhcqA.exe
3592	HdJoLfi.exe
1380	BMyVNJK.exe
3848	VmYSsvo.exe
2940	HDXqBIo.exe
1616	OmjHSfK.exe
4156	CIwjfwi.exe
2872	oiFlldu.exe
4368	pownxjC.exe
488	BgZuAnm.exe
2516	NGbgQtQ.exe
4696	oYQQHZC.exe
4000	SYSLamD.exe
5104	RzYfjjI.exe
1044	uiiciVK.exe
2856	QKeWqTf.exe
4952	gyAcdwp.exe
3512	fsFAhqT.exe
216	IHNAJxY.exe
560	BteADQp.exe
900	eviCyYB.exe
4344	FAiLzQA.exe
4660	byzTTxx.exe
1448	UEdfjAC.exe
4236	mFxXEry.exe
3452	tbqSojr.exe
4764	aXOTJGK.exe
2264	YHvUAbK.exe
4792	CEdZDdk.exe
1788	flgTcKc.exe
3208	MSGcthY.exe
1692	DCKqpim.exe
4080	qhnkVqA.exe
2396	fUlquvj.exe
2260	qiEjPwH.exe
3400	VtgCPCk.exe
2196	nHmWzpF.exe
1184	lqcChWe.exe
4496	pSLeGFw.exe
4672	GWdgZlI.exe
4380	sHgybPZ.exe
1060	oMVemeU.exe
2076	FXtRvSJ.exe
3812	LYQNoKk.exe
5040	yELDEvk.exe
3120	QeVTEDK.exe
700	TeTeeqO.exe
4904	BtSVtda.exe
4012	NniinPk.exe
2340	LuRKMLu.exe
4844	eTKnglC.exe
3076	qicZEkd.exe
1856	zRlmBDY.exe
2952	cflEDmw.exe
380	BqoMoiT.exe
1588	eUBPPXl.exe
3444	OvklfAG.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5032-0-0x00007FF72AC80000-0x00007FF72AFD4000-memory.dmp	upx
behavioral2/files/0x0008000000023c9c-4.dat	upx
behavioral2/memory/532-6-0x00007FF6B2470000-0x00007FF6B27C4000-memory.dmp	upx
behavioral2/files/0x0007000000023ca1-8.dat	upx
behavioral2/files/0x0007000000023ca0-9.dat	upx
behavioral2/memory/492-12-0x00007FF67FB20000-0x00007FF67FE74000-memory.dmp	upx
behavioral2/files/0x0007000000023ca2-23.dat	upx
behavioral2/memory/1732-21-0x00007FF64E9A0000-0x00007FF64ECF4000-memory.dmp	upx
behavioral2/memory/4560-24-0x00007FF6F1B10000-0x00007FF6F1E64000-memory.dmp	upx
behavioral2/files/0x0007000000023ca3-28.dat	upx
behavioral2/memory/4628-32-0x00007FF732F60000-0x00007FF7332B4000-memory.dmp	upx
behavioral2/files/0x0008000000023c9d-35.dat	upx
behavioral2/memory/2816-36-0x00007FF76DC10000-0x00007FF76DF64000-memory.dmp	upx
behavioral2/files/0x0007000000023ca4-41.dat	upx
behavioral2/memory/2004-42-0x00007FF635210000-0x00007FF635564000-memory.dmp	upx
behavioral2/files/0x0007000000023ca5-46.dat	upx
behavioral2/files/0x0007000000023ca7-60.dat	upx
behavioral2/files/0x0007000000023ca8-66.dat	upx
behavioral2/files/0x0007000000023caa-71.dat	upx
behavioral2/files/0x0007000000023cac-85.dat	upx
behavioral2/memory/4156-87-0x00007FF760820000-0x00007FF760B74000-memory.dmp	upx
behavioral2/memory/2816-95-0x00007FF76DC10000-0x00007FF76DF64000-memory.dmp	upx
behavioral2/files/0x0007000000023cad-102.dat	upx
behavioral2/memory/4368-108-0x00007FF775C60000-0x00007FF775FB4000-memory.dmp	upx
behavioral2/memory/3896-118-0x00007FF62F680000-0x00007FF62F9D4000-memory.dmp	upx
behavioral2/files/0x0007000000023cb2-126.dat	upx
behavioral2/files/0x0007000000023cb5-147.dat	upx
behavioral2/memory/4156-157-0x00007FF760820000-0x00007FF760B74000-memory.dmp	upx
behavioral2/memory/900-185-0x00007FF6153F0000-0x00007FF615744000-memory.dmp	upx
behavioral2/files/0x0007000000023cbd-200.dat	upx
behavioral2/memory/5104-893-0x00007FF779570000-0x00007FF7798C4000-memory.dmp	upx
behavioral2/memory/4000-890-0x00007FF60C670000-0x00007FF60C9C4000-memory.dmp	upx
behavioral2/files/0x0007000000023cbf-210.dat	upx
behavioral2/files/0x0007000000023cbe-205.dat	upx
behavioral2/files/0x0007000000023cbc-203.dat	upx
behavioral2/files/0x0007000000023cbb-198.dat	upx
behavioral2/memory/4344-194-0x00007FF73F5E0000-0x00007FF73F934000-memory.dmp	upx
behavioral2/memory/4696-193-0x00007FF6A1DC0000-0x00007FF6A2114000-memory.dmp	upx
behavioral2/files/0x0007000000023cba-188.dat	upx
behavioral2/files/0x0007000000023cb9-183.dat	upx
behavioral2/memory/560-181-0x00007FF664DE0000-0x00007FF665134000-memory.dmp	upx
behavioral2/memory/488-180-0x00007FF6C85B0000-0x00007FF6C8904000-memory.dmp	upx
behavioral2/files/0x0007000000023cb8-178.dat	upx
behavioral2/files/0x0007000000023cb7-173.dat	upx
behavioral2/memory/216-172-0x00007FF626E40000-0x00007FF627194000-memory.dmp	upx
behavioral2/memory/3512-171-0x00007FF674C30000-0x00007FF674F84000-memory.dmp	upx
behavioral2/files/0x0007000000023cb6-166.dat	upx
behavioral2/memory/4368-165-0x00007FF775C60000-0x00007FF775FB4000-memory.dmp	upx
behavioral2/memory/2872-164-0x00007FF664F20000-0x00007FF665274000-memory.dmp	upx
behavioral2/memory/4952-158-0x00007FF6F21D0000-0x00007FF6F2524000-memory.dmp	upx
behavioral2/memory/2856-156-0x00007FF63A7E0000-0x00007FF63AB34000-memory.dmp	upx
behavioral2/memory/1616-152-0x00007FF609230000-0x00007FF609584000-memory.dmp	upx
behavioral2/files/0x0007000000023cb4-150.dat	upx
behavioral2/memory/1044-146-0x00007FF6CA8F0000-0x00007FF6CAC44000-memory.dmp	upx
behavioral2/files/0x0007000000023cb3-144.dat	upx
behavioral2/memory/2940-141-0x00007FF79C460000-0x00007FF79C7B4000-memory.dmp	upx
behavioral2/memory/3848-140-0x00007FF76EEF0000-0x00007FF76F244000-memory.dmp	upx
behavioral2/memory/5104-139-0x00007FF779570000-0x00007FF7798C4000-memory.dmp	upx
behavioral2/memory/4000-135-0x00007FF60C670000-0x00007FF60C9C4000-memory.dmp	upx
behavioral2/memory/1380-131-0x00007FF612820000-0x00007FF612B74000-memory.dmp	upx
behavioral2/files/0x0007000000023cb1-129.dat	upx
behavioral2/memory/3592-125-0x00007FF78AEB0000-0x00007FF78B204000-memory.dmp	upx
behavioral2/memory/4696-124-0x00007FF6A1DC0000-0x00007FF6A2114000-memory.dmp	upx
behavioral2/files/0x0007000000023caf-122.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\OjalAtV.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eGQdCFg.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dTghOdH.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mZZCPMe.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bBHnMEY.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BtZQqqH.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vXLBUxf.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PYvGxLn.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bSKtLTe.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XpflzvO.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kgCfEtH.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CYNdAWH.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gyAcdwp.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IHNAJxY.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BqoMoiT.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NblIlPJ.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IwcpfUz.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YHDSueQ.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kfWXLga.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\psBZazb.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iZpOTOl.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BFrMMSp.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\byzTTxx.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kLsRwsD.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PJUIBeM.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kyUssIY.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fDkYyoL.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OFfWwXJ.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AznDaUN.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lyShbOi.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CDiADfg.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RqKWHYQ.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VRCXunJ.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wgcuGUt.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SFCXmwv.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UxIjaAR.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TShkCUt.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HoEdewR.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wspdEud.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aJgIXYu.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\usDZQne.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TepkeHe.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jHBEsJD.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HzeNBBW.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OkDDwBn.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SMSHihS.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ldRsNEA.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cXUYSGM.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TypjGtV.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cAmfNfq.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fIuEuba.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EZjGfcB.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TjsQbem.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sHFREof.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YaWZPOZ.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MxuYgkw.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yuQXPeA.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AsFySbK.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PpXJPnv.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pSLeGFw.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZbwbeIu.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FqIstWp.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zTXRGVM.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fAQDaPS.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5032 wrote to memory of 532	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 5032 wrote to memory of 532	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 5032 wrote to memory of 492	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 5032 wrote to memory of 492	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 5032 wrote to memory of 1732	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 5032 wrote to memory of 1732	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 5032 wrote to memory of 4560	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 5032 wrote to memory of 4560	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 5032 wrote to memory of 4628	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 5032 wrote to memory of 4628	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 5032 wrote to memory of 2816	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 5032 wrote to memory of 2816	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 5032 wrote to memory of 2004	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 5032 wrote to memory of 2004	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 5032 wrote to memory of 3896	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 5032 wrote to memory of 3896	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 5032 wrote to memory of 3592	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 5032 wrote to memory of 3592	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 5032 wrote to memory of 1380	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 5032 wrote to memory of 1380	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 5032 wrote to memory of 3848	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 5032 wrote to memory of 3848	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 5032 wrote to memory of 2940	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 5032 wrote to memory of 2940	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 5032 wrote to memory of 1616	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 5032 wrote to memory of 1616	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 5032 wrote to memory of 4156	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 5032 wrote to memory of 4156	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 5032 wrote to memory of 2872	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 5032 wrote to memory of 2872	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 5032 wrote to memory of 4368	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 5032 wrote to memory of 4368	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 5032 wrote to memory of 488	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 5032 wrote to memory of 488	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 5032 wrote to memory of 2516	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 5032 wrote to memory of 2516	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 5032 wrote to memory of 4696	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 5032 wrote to memory of 4696	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 5032 wrote to memory of 4000	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 5032 wrote to memory of 4000	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 5032 wrote to memory of 5104	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 5032 wrote to memory of 5104	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 5032 wrote to memory of 1044	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 5032 wrote to memory of 1044	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 5032 wrote to memory of 2856	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 5032 wrote to memory of 2856	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 5032 wrote to memory of 4952	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 5032 wrote to memory of 4952	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 5032 wrote to memory of 3512	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 5032 wrote to memory of 3512	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 5032 wrote to memory of 216	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 5032 wrote to memory of 216	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 5032 wrote to memory of 560	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 5032 wrote to memory of 560	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 5032 wrote to memory of 900	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 5032 wrote to memory of 900	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 5032 wrote to memory of 4344	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 5032 wrote to memory of 4344	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 5032 wrote to memory of 4660	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 5032 wrote to memory of 4660	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 5032 wrote to memory of 1448	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 5032 wrote to memory of 1448	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 5032 wrote to memory of 4236	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 5032 wrote to memory of 4236	5032	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	115

C:\Users\Admin\AppData\Local\Temp\2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:5032
- C:\Windows\System\iLuPffX.exe
  C:\Windows\System\iLuPffX.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\fEtYTwl.exe
  C:\Windows\System\fEtYTwl.exe
  2⤵
  - Executes dropped EXE
  PID:492
- C:\Windows\System\RMiHflY.exe
  C:\Windows\System\RMiHflY.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\nFIzGke.exe
  C:\Windows\System\nFIzGke.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\KFjhVsP.exe
  C:\Windows\System\KFjhVsP.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\QHsMlEJ.exe
  C:\Windows\System\QHsMlEJ.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\NEIJxIr.exe
  C:\Windows\System\NEIJxIr.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\xYjhcqA.exe
  C:\Windows\System\xYjhcqA.exe
  2⤵
  - Executes dropped EXE
  PID:3896
- C:\Windows\System\HdJoLfi.exe
  C:\Windows\System\HdJoLfi.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System\BMyVNJK.exe
  C:\Windows\System\BMyVNJK.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\VmYSsvo.exe
  C:\Windows\System\VmYSsvo.exe
  2⤵
  - Executes dropped EXE
  PID:3848
- C:\Windows\System\HDXqBIo.exe
  C:\Windows\System\HDXqBIo.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\OmjHSfK.exe
  C:\Windows\System\OmjHSfK.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\CIwjfwi.exe
  C:\Windows\System\CIwjfwi.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System\oiFlldu.exe
  C:\Windows\System\oiFlldu.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\pownxjC.exe
  C:\Windows\System\pownxjC.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\BgZuAnm.exe
  C:\Windows\System\BgZuAnm.exe
  2⤵
  - Executes dropped EXE
  PID:488
- C:\Windows\System\NGbgQtQ.exe
  C:\Windows\System\NGbgQtQ.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\oYQQHZC.exe
  C:\Windows\System\oYQQHZC.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\SYSLamD.exe
  C:\Windows\System\SYSLamD.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System\RzYfjjI.exe
  C:\Windows\System\RzYfjjI.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\uiiciVK.exe
  C:\Windows\System\uiiciVK.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\QKeWqTf.exe
  C:\Windows\System\QKeWqTf.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\gyAcdwp.exe
  C:\Windows\System\gyAcdwp.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\fsFAhqT.exe
  C:\Windows\System\fsFAhqT.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\IHNAJxY.exe
  C:\Windows\System\IHNAJxY.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\BteADQp.exe
  C:\Windows\System\BteADQp.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\eviCyYB.exe
  C:\Windows\System\eviCyYB.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\FAiLzQA.exe
  C:\Windows\System\FAiLzQA.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\byzTTxx.exe
  C:\Windows\System\byzTTxx.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System\UEdfjAC.exe
  C:\Windows\System\UEdfjAC.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\mFxXEry.exe
  C:\Windows\System\mFxXEry.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System\tbqSojr.exe
  C:\Windows\System\tbqSojr.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\aXOTJGK.exe
  C:\Windows\System\aXOTJGK.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\YHvUAbK.exe
  C:\Windows\System\YHvUAbK.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\CEdZDdk.exe
  C:\Windows\System\CEdZDdk.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\flgTcKc.exe
  C:\Windows\System\flgTcKc.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\MSGcthY.exe
  C:\Windows\System\MSGcthY.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\DCKqpim.exe
  C:\Windows\System\DCKqpim.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\qhnkVqA.exe
  C:\Windows\System\qhnkVqA.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\fUlquvj.exe
  C:\Windows\System\fUlquvj.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\qiEjPwH.exe
  C:\Windows\System\qiEjPwH.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\VtgCPCk.exe
  C:\Windows\System\VtgCPCk.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System\nHmWzpF.exe
  C:\Windows\System\nHmWzpF.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\lqcChWe.exe
  C:\Windows\System\lqcChWe.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\pSLeGFw.exe
  C:\Windows\System\pSLeGFw.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\GWdgZlI.exe
  C:\Windows\System\GWdgZlI.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\sHgybPZ.exe
  C:\Windows\System\sHgybPZ.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\oMVemeU.exe
  C:\Windows\System\oMVemeU.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\FXtRvSJ.exe
  C:\Windows\System\FXtRvSJ.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\LYQNoKk.exe
  C:\Windows\System\LYQNoKk.exe
  2⤵
  - Executes dropped EXE
  PID:3812
- C:\Windows\System\yELDEvk.exe
  C:\Windows\System\yELDEvk.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\QeVTEDK.exe
  C:\Windows\System\QeVTEDK.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\TeTeeqO.exe
  C:\Windows\System\TeTeeqO.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\BtSVtda.exe
  C:\Windows\System\BtSVtda.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\NniinPk.exe
  C:\Windows\System\NniinPk.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\LuRKMLu.exe
  C:\Windows\System\LuRKMLu.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\eTKnglC.exe
  C:\Windows\System\eTKnglC.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\qicZEkd.exe
  C:\Windows\System\qicZEkd.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\zRlmBDY.exe
  C:\Windows\System\zRlmBDY.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\cflEDmw.exe
  C:\Windows\System\cflEDmw.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\BqoMoiT.exe
  C:\Windows\System\BqoMoiT.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\eUBPPXl.exe
  C:\Windows\System\eUBPPXl.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\OvklfAG.exe
  C:\Windows\System\OvklfAG.exe
  2⤵
  - Executes dropped EXE
  PID:3444
- C:\Windows\System\hsmgTWT.exe
  C:\Windows\System\hsmgTWT.exe
  2⤵
  PID:1428
- C:\Windows\System\AgbreuE.exe
  C:\Windows\System\AgbreuE.exe
  2⤵
  PID:1620
- C:\Windows\System\kugDCKM.exe
  C:\Windows\System\kugDCKM.exe
  2⤵
  PID:4984
- C:\Windows\System\azaLNer.exe
  C:\Windows\System\azaLNer.exe
  2⤵
  PID:1820
- C:\Windows\System\plZaAhi.exe
  C:\Windows\System\plZaAhi.exe
  2⤵
  PID:4036
- C:\Windows\System\mfzwver.exe
  C:\Windows\System\mfzwver.exe
  2⤵
  PID:780
- C:\Windows\System\uhIiyzs.exe
  C:\Windows\System\uhIiyzs.exe
  2⤵
  PID:2908
- C:\Windows\System\yFZLSva.exe
  C:\Windows\System\yFZLSva.exe
  2⤵
  PID:4924
- C:\Windows\System\hCSJjDG.exe
  C:\Windows\System\hCSJjDG.exe
  2⤵
  PID:4796
- C:\Windows\System\GwwdYCe.exe
  C:\Windows\System\GwwdYCe.exe
  2⤵
  PID:3988
- C:\Windows\System\tPEiwej.exe
  C:\Windows\System\tPEiwej.exe
  2⤵
  PID:4532
- C:\Windows\System\rONVmhy.exe
  C:\Windows\System\rONVmhy.exe
  2⤵
  PID:5064
- C:\Windows\System\BtZQqqH.exe
  C:\Windows\System\BtZQqqH.exe
  2⤵
  PID:1592
- C:\Windows\System\zXzyPqf.exe
  C:\Windows\System\zXzyPqf.exe
  2⤵
  PID:4884
- C:\Windows\System\jyoIYrJ.exe
  C:\Windows\System\jyoIYrJ.exe
  2⤵
  PID:1064
- C:\Windows\System\RnpoXNZ.exe
  C:\Windows\System\RnpoXNZ.exe
  2⤵
  PID:2108
- C:\Windows\System\CDiADfg.exe
  C:\Windows\System\CDiADfg.exe
  2⤵
  PID:3480
- C:\Windows\System\VeWxOfB.exe
  C:\Windows\System\VeWxOfB.exe
  2⤵
  PID:5000
- C:\Windows\System\CcmBGLq.exe
  C:\Windows\System\CcmBGLq.exe
  2⤵
  PID:3360
- C:\Windows\System\lqbxRSn.exe
  C:\Windows\System\lqbxRSn.exe
  2⤵
  PID:5140
- C:\Windows\System\lHXCRCv.exe
  C:\Windows\System\lHXCRCv.exe
  2⤵
  PID:5168
- C:\Windows\System\fkqJmgF.exe
  C:\Windows\System\fkqJmgF.exe
  2⤵
  PID:5196
- C:\Windows\System\UisRGUb.exe
  C:\Windows\System\UisRGUb.exe
  2⤵
  PID:5236
- C:\Windows\System\HoEdewR.exe
  C:\Windows\System\HoEdewR.exe
  2⤵
  PID:5264
- C:\Windows\System\wpYCQPZ.exe
  C:\Windows\System\wpYCQPZ.exe
  2⤵
  PID:5280
- C:\Windows\System\MxRkQDA.exe
  C:\Windows\System\MxRkQDA.exe
  2⤵
  PID:5308
- C:\Windows\System\kLsRwsD.exe
  C:\Windows\System\kLsRwsD.exe
  2⤵
  PID:5336
- C:\Windows\System\dpaTLzR.exe
  C:\Windows\System\dpaTLzR.exe
  2⤵
  PID:5364
- C:\Windows\System\DriarTP.exe
  C:\Windows\System\DriarTP.exe
  2⤵
  PID:5392
- C:\Windows\System\DVMojdU.exe
  C:\Windows\System\DVMojdU.exe
  2⤵
  PID:5420
- C:\Windows\System\RelOAOW.exe
  C:\Windows\System\RelOAOW.exe
  2⤵
  PID:5448
- C:\Windows\System\rQHnjXe.exe
  C:\Windows\System\rQHnjXe.exe
  2⤵
  PID:5476
- C:\Windows\System\taCifWs.exe
  C:\Windows\System\taCifWs.exe
  2⤵
  PID:5504
- C:\Windows\System\bidJQZv.exe
  C:\Windows\System\bidJQZv.exe
  2⤵
  PID:5532
- C:\Windows\System\BwjsiEg.exe
  C:\Windows\System\BwjsiEg.exe
  2⤵
  PID:5560
- C:\Windows\System\bEUAlvy.exe
  C:\Windows\System\bEUAlvy.exe
  2⤵
  PID:5588
- C:\Windows\System\Hvemupg.exe
  C:\Windows\System\Hvemupg.exe
  2⤵
  PID:5616
- C:\Windows\System\VZInaDb.exe
  C:\Windows\System\VZInaDb.exe
  2⤵
  PID:5644
- C:\Windows\System\IfZIazC.exe
  C:\Windows\System\IfZIazC.exe
  2⤵
  PID:5684
- C:\Windows\System\RqKWHYQ.exe
  C:\Windows\System\RqKWHYQ.exe
  2⤵
  PID:5712
- C:\Windows\System\tTxcroq.exe
  C:\Windows\System\tTxcroq.exe
  2⤵
  PID:5728
- C:\Windows\System\krhlowM.exe
  C:\Windows\System\krhlowM.exe
  2⤵
  PID:5756
- C:\Windows\System\VnjMdQL.exe
  C:\Windows\System\VnjMdQL.exe
  2⤵
  PID:5784
- C:\Windows\System\TmWyFUe.exe
  C:\Windows\System\TmWyFUe.exe
  2⤵
  PID:5812
- C:\Windows\System\HMMvltt.exe
  C:\Windows\System\HMMvltt.exe
  2⤵
  PID:5840
- C:\Windows\System\eKwaLoj.exe
  C:\Windows\System\eKwaLoj.exe
  2⤵
  PID:5868
- C:\Windows\System\HNhGCac.exe
  C:\Windows\System\HNhGCac.exe
  2⤵
  PID:5896
- C:\Windows\System\xooFWDc.exe
  C:\Windows\System\xooFWDc.exe
  2⤵
  PID:5932
- C:\Windows\System\ehKTDCf.exe
  C:\Windows\System\ehKTDCf.exe
  2⤵
  PID:5976
- C:\Windows\System\wjaqREs.exe
  C:\Windows\System\wjaqREs.exe
  2⤵
  PID:5992
- C:\Windows\System\NDgGExn.exe
  C:\Windows\System\NDgGExn.exe
  2⤵
  PID:6016
- C:\Windows\System\fVCMSHJ.exe
  C:\Windows\System\fVCMSHJ.exe
  2⤵
  PID:6048
- C:\Windows\System\xAPwANv.exe
  C:\Windows\System\xAPwANv.exe
  2⤵
  PID:6076
- C:\Windows\System\RyTJVZL.exe
  C:\Windows\System\RyTJVZL.exe
  2⤵
  PID:6100
- C:\Windows\System\tSKpigB.exe
  C:\Windows\System\tSKpigB.exe
  2⤵
  PID:6128
- C:\Windows\System\DBCXsAC.exe
  C:\Windows\System\DBCXsAC.exe
  2⤵
  PID:2764
- C:\Windows\System\QIWJRKU.exe
  C:\Windows\System\QIWJRKU.exe
  2⤵
  PID:4316
- C:\Windows\System\XiFhJSK.exe
  C:\Windows\System\XiFhJSK.exe
  2⤵
  PID:2436
- C:\Windows\System\aySwGvc.exe
  C:\Windows\System\aySwGvc.exe
  2⤵
  PID:2612
- C:\Windows\System\yjXASgo.exe
  C:\Windows\System\yjXASgo.exe
  2⤵
  PID:2680
- C:\Windows\System\JSmkaoq.exe
  C:\Windows\System\JSmkaoq.exe
  2⤵
  PID:5128
- C:\Windows\System\dprWBLJ.exe
  C:\Windows\System\dprWBLJ.exe
  2⤵
  PID:5188
- C:\Windows\System\VEqlqZr.exe
  C:\Windows\System\VEqlqZr.exe
  2⤵
  PID:5256
- C:\Windows\System\twVKATb.exe
  C:\Windows\System\twVKATb.exe
  2⤵
  PID:5296
- C:\Windows\System\TGzXtRu.exe
  C:\Windows\System\TGzXtRu.exe
  2⤵
  PID:5356
- C:\Windows\System\vXLBUxf.exe
  C:\Windows\System\vXLBUxf.exe
  2⤵
  PID:5436
- C:\Windows\System\EGmvAkU.exe
  C:\Windows\System\EGmvAkU.exe
  2⤵
  PID:5492
- C:\Windows\System\ZvmMCPS.exe
  C:\Windows\System\ZvmMCPS.exe
  2⤵
  PID:5548
- C:\Windows\System\NcPbgPx.exe
  C:\Windows\System\NcPbgPx.exe
  2⤵
  PID:5628
- C:\Windows\System\soameMv.exe
  C:\Windows\System\soameMv.exe
  2⤵
  PID:5696
- C:\Windows\System\jHBEsJD.exe
  C:\Windows\System\jHBEsJD.exe
  2⤵
  PID:5748
- C:\Windows\System\EBtOsOx.exe
  C:\Windows\System\EBtOsOx.exe
  2⤵
  PID:5824
- C:\Windows\System\PJUIBeM.exe
  C:\Windows\System\PJUIBeM.exe
  2⤵
  PID:5912
- C:\Windows\System\hPkQjJw.exe
  C:\Windows\System\hPkQjJw.exe
  2⤵
  PID:5984
- C:\Windows\System\SLGjMrf.exe
  C:\Windows\System\SLGjMrf.exe
  2⤵
  PID:6040
- C:\Windows\System\DKbqoCy.exe
  C:\Windows\System\DKbqoCy.exe
  2⤵
  PID:6116
- C:\Windows\System\mvOIiPd.exe
  C:\Windows\System\mvOIiPd.exe
  2⤵
  PID:3572
- C:\Windows\System\cAmfNfq.exe
  C:\Windows\System\cAmfNfq.exe
  2⤵
  PID:4164
- C:\Windows\System\uzYRAzu.exe
  C:\Windows\System\uzYRAzu.exe
  2⤵
  PID:2452
- C:\Windows\System\PNhKFdl.exe
  C:\Windows\System\PNhKFdl.exe
  2⤵
  PID:5292
- C:\Windows\System\GjgTXnQ.exe
  C:\Windows\System\GjgTXnQ.exe
  2⤵
  PID:5460
- C:\Windows\System\CSYqcWG.exe
  C:\Windows\System\CSYqcWG.exe
  2⤵
  PID:5600
- C:\Windows\System\PYvGxLn.exe
  C:\Windows\System\PYvGxLn.exe
  2⤵
  PID:5740
- C:\Windows\System\gOyVjKK.exe
  C:\Windows\System\gOyVjKK.exe
  2⤵
  PID:5888
- C:\Windows\System\bBpRSns.exe
  C:\Windows\System\bBpRSns.exe
  2⤵
  PID:6032
- C:\Windows\System\XPCrMbf.exe
  C:\Windows\System\XPCrMbf.exe
  2⤵
  PID:6168
- C:\Windows\System\EcyZwIV.exe
  C:\Windows\System\EcyZwIV.exe
  2⤵
  PID:6188
- C:\Windows\System\UhKvjmp.exe
  C:\Windows\System\UhKvjmp.exe
  2⤵
  PID:6216
- C:\Windows\System\ZbwbeIu.exe
  C:\Windows\System\ZbwbeIu.exe
  2⤵
  PID:6256
- C:\Windows\System\yuQXPeA.exe
  C:\Windows\System\yuQXPeA.exe
  2⤵
  PID:6296
- C:\Windows\System\FRVSvlC.exe
  C:\Windows\System\FRVSvlC.exe
  2⤵
  PID:6312
- C:\Windows\System\woOdgJQ.exe
  C:\Windows\System\woOdgJQ.exe
  2⤵
  PID:6336
- C:\Windows\System\WydeaOD.exe
  C:\Windows\System\WydeaOD.exe
  2⤵
  PID:6356
- C:\Windows\System\zJiLIXG.exe
  C:\Windows\System\zJiLIXG.exe
  2⤵
  PID:6384
- C:\Windows\System\VRCXunJ.exe
  C:\Windows\System\VRCXunJ.exe
  2⤵
  PID:6412
- C:\Windows\System\eyTSrhj.exe
  C:\Windows\System\eyTSrhj.exe
  2⤵
  PID:6452
- C:\Windows\System\JjXEUAg.exe
  C:\Windows\System\JjXEUAg.exe
  2⤵
  PID:6480
- C:\Windows\System\EpzjrRV.exe
  C:\Windows\System\EpzjrRV.exe
  2⤵
  PID:6496
- C:\Windows\System\EoqAsva.exe
  C:\Windows\System\EoqAsva.exe
  2⤵
  PID:6524
- C:\Windows\System\rikMJPP.exe
  C:\Windows\System\rikMJPP.exe
  2⤵
  PID:6552
- C:\Windows\System\wbfxvOn.exe
  C:\Windows\System\wbfxvOn.exe
  2⤵
  PID:6580
- C:\Windows\System\RkIIgMw.exe
  C:\Windows\System\RkIIgMw.exe
  2⤵
  PID:6608
- C:\Windows\System\FqIstWp.exe
  C:\Windows\System\FqIstWp.exe
  2⤵
  PID:6636
- C:\Windows\System\XGPFcbg.exe
  C:\Windows\System\XGPFcbg.exe
  2⤵
  PID:6676
- C:\Windows\System\TSFkBwQ.exe
  C:\Windows\System\TSFkBwQ.exe
  2⤵
  PID:6704
- C:\Windows\System\gUoPdZS.exe
  C:\Windows\System\gUoPdZS.exe
  2⤵
  PID:6732
- C:\Windows\System\UBZrXUT.exe
  C:\Windows\System\UBZrXUT.exe
  2⤵
  PID:6760
- C:\Windows\System\nunBkey.exe
  C:\Windows\System\nunBkey.exe
  2⤵
  PID:6788
- C:\Windows\System\KVWsxmx.exe
  C:\Windows\System\KVWsxmx.exe
  2⤵
  PID:6804
- C:\Windows\System\fIuEuba.exe
  C:\Windows\System\fIuEuba.exe
  2⤵
  PID:6832
- C:\Windows\System\bUFWliL.exe
  C:\Windows\System\bUFWliL.exe
  2⤵
  PID:6872
- C:\Windows\System\zTXRGVM.exe
  C:\Windows\System\zTXRGVM.exe
  2⤵
  PID:6900
- C:\Windows\System\UoEJqps.exe
  C:\Windows\System\UoEJqps.exe
  2⤵
  PID:6916
- C:\Windows\System\gzBTbXQ.exe
  C:\Windows\System\gzBTbXQ.exe
  2⤵
  PID:6944
- C:\Windows\System\EmCXChi.exe
  C:\Windows\System\EmCXChi.exe
  2⤵
  PID:6984
- C:\Windows\System\wvQfCWa.exe
  C:\Windows\System\wvQfCWa.exe
  2⤵
  PID:7012
- C:\Windows\System\IwcpfUz.exe
  C:\Windows\System\IwcpfUz.exe
  2⤵
  PID:7028
- C:\Windows\System\fAQDaPS.exe
  C:\Windows\System\fAQDaPS.exe
  2⤵
  PID:7056
- C:\Windows\System\FATKMpH.exe
  C:\Windows\System\FATKMpH.exe
  2⤵
  PID:7084
- C:\Windows\System\bZJFomB.exe
  C:\Windows\System\bZJFomB.exe
  2⤵
  PID:7112
- C:\Windows\System\NThbnoY.exe
  C:\Windows\System\NThbnoY.exe
  2⤵
  PID:7140
- C:\Windows\System\aBLHVnv.exe
  C:\Windows\System\aBLHVnv.exe
  2⤵
  PID:6092
- C:\Windows\System\ndebEPP.exe
  C:\Windows\System\ndebEPP.exe
  2⤵
  PID:4856
- C:\Windows\System\EniXVcu.exe
  C:\Windows\System\EniXVcu.exe
  2⤵
  PID:5520
- C:\Windows\System\bkqkBFM.exe
  C:\Windows\System\bkqkBFM.exe
  2⤵
  PID:5884
- C:\Windows\System\ZmjSYru.exe
  C:\Windows\System\ZmjSYru.exe
  2⤵
  PID:6164
- C:\Windows\System\vSflYtL.exe
  C:\Windows\System\vSflYtL.exe
  2⤵
  PID:6232
- C:\Windows\System\NjMzCIQ.exe
  C:\Windows\System\NjMzCIQ.exe
  2⤵
  PID:6272
- C:\Windows\System\BFQcgTH.exe
  C:\Windows\System\BFQcgTH.exe
  2⤵
  PID:6332
- C:\Windows\System\reiXLSn.exe
  C:\Windows\System\reiXLSn.exe
  2⤵
  PID:6396
- C:\Windows\System\VpGDeQB.exe
  C:\Windows\System\VpGDeQB.exe
  2⤵
  PID:6464
- C:\Windows\System\zXSoNPE.exe
  C:\Windows\System\zXSoNPE.exe
  2⤵
  PID:6536
- C:\Windows\System\XGKcvHB.exe
  C:\Windows\System\XGKcvHB.exe
  2⤵
  PID:6596
- C:\Windows\System\GOCeHhq.exe
  C:\Windows\System\GOCeHhq.exe
  2⤵
  PID:6664
- C:\Windows\System\bSKtLTe.exe
  C:\Windows\System\bSKtLTe.exe
  2⤵
  PID:6752
- C:\Windows\System\gZIYlpX.exe
  C:\Windows\System\gZIYlpX.exe
  2⤵
  PID:6856
- C:\Windows\System\BxzpIcZ.exe
  C:\Windows\System\BxzpIcZ.exe
  2⤵
  PID:6888
- C:\Windows\System\NxicKxW.exe
  C:\Windows\System\NxicKxW.exe
  2⤵
  PID:6956
- C:\Windows\System\yGzAPhL.exe
  C:\Windows\System\yGzAPhL.exe
  2⤵
  PID:7020
- C:\Windows\System\OjalAtV.exe
  C:\Windows\System\OjalAtV.exe
  2⤵
  PID:7072
- C:\Windows\System\EsChmQz.exe
  C:\Windows\System\EsChmQz.exe
  2⤵
  PID:7132
- C:\Windows\System\syfeFfb.exe
  C:\Windows\System\syfeFfb.exe
  2⤵
  PID:5156
- C:\Windows\System\ItkMWfm.exe
  C:\Windows\System\ItkMWfm.exe
  2⤵
  PID:6008
- C:\Windows\System\CmfnSZl.exe
  C:\Windows\System\CmfnSZl.exe
  2⤵
  PID:6268
- C:\Windows\System\thCIJZL.exe
  C:\Windows\System\thCIJZL.exe
  2⤵
  PID:6440
- C:\Windows\System\lpRERZx.exe
  C:\Windows\System\lpRERZx.exe
  2⤵
  PID:6572
- C:\Windows\System\xanUQTM.exe
  C:\Windows\System\xanUQTM.exe
  2⤵
  PID:6692
- C:\Windows\System\iDZXSkA.exe
  C:\Windows\System\iDZXSkA.exe
  2⤵
  PID:6824
- C:\Windows\System\vDloDVl.exe
  C:\Windows\System\vDloDVl.exe
  2⤵
  PID:6996
- C:\Windows\System\SszUHRw.exe
  C:\Windows\System\SszUHRw.exe
  2⤵
  PID:7128
- C:\Windows\System\TOirzvK.exe
  C:\Windows\System\TOirzvK.exe
  2⤵
  PID:5800
- C:\Windows\System\raGRbZS.exe
  C:\Windows\System\raGRbZS.exe
  2⤵
  PID:6436
- C:\Windows\System\hyNVJTZ.exe
  C:\Windows\System\hyNVJTZ.exe
  2⤵
  PID:1668
- C:\Windows\System\iylndyV.exe
  C:\Windows\System\iylndyV.exe
  2⤵
  PID:7196
- C:\Windows\System\wilPfbG.exe
  C:\Windows\System\wilPfbG.exe
  2⤵
  PID:7224
- C:\Windows\System\GYfiwDK.exe
  C:\Windows\System\GYfiwDK.exe
  2⤵
  PID:7252
- C:\Windows\System\LTqmUXI.exe
  C:\Windows\System\LTqmUXI.exe
  2⤵
  PID:7280
- C:\Windows\System\iakTfVa.exe
  C:\Windows\System\iakTfVa.exe
  2⤵
  PID:7308
- C:\Windows\System\mNwDOPq.exe
  C:\Windows\System\mNwDOPq.exe
  2⤵
  PID:7336
- C:\Windows\System\bzJCVcI.exe
  C:\Windows\System\bzJCVcI.exe
  2⤵
  PID:7364
- C:\Windows\System\FoBYilr.exe
  C:\Windows\System\FoBYilr.exe
  2⤵
  PID:7392
- C:\Windows\System\jazhRaf.exe
  C:\Windows\System\jazhRaf.exe
  2⤵
  PID:7420
- C:\Windows\System\kTbwyzq.exe
  C:\Windows\System\kTbwyzq.exe
  2⤵
  PID:7448
- C:\Windows\System\vVQXWWS.exe
  C:\Windows\System\vVQXWWS.exe
  2⤵
  PID:7476
- C:\Windows\System\jbaEcko.exe
  C:\Windows\System\jbaEcko.exe
  2⤵
  PID:7504
- C:\Windows\System\pYoLrJd.exe
  C:\Windows\System\pYoLrJd.exe
  2⤵
  PID:7532
- C:\Windows\System\linCapG.exe
  C:\Windows\System\linCapG.exe
  2⤵
  PID:7560
- C:\Windows\System\ZVroyzi.exe
  C:\Windows\System\ZVroyzi.exe
  2⤵
  PID:7588
- C:\Windows\System\APyyuoY.exe
  C:\Windows\System\APyyuoY.exe
  2⤵
  PID:7616
- C:\Windows\System\dEeUSEQ.exe
  C:\Windows\System\dEeUSEQ.exe
  2⤵
  PID:7644
- C:\Windows\System\sJdCAQY.exe
  C:\Windows\System\sJdCAQY.exe
  2⤵
  PID:7672
- C:\Windows\System\uggVlLY.exe
  C:\Windows\System\uggVlLY.exe
  2⤵
  PID:7700
- C:\Windows\System\kGPhosK.exe
  C:\Windows\System\kGPhosK.exe
  2⤵
  PID:7728
- C:\Windows\System\kewwnoq.exe
  C:\Windows\System\kewwnoq.exe
  2⤵
  PID:7756
- C:\Windows\System\nBCoRhI.exe
  C:\Windows\System\nBCoRhI.exe
  2⤵
  PID:7796
- C:\Windows\System\LywsxUJ.exe
  C:\Windows\System\LywsxUJ.exe
  2⤵
  PID:7824
- C:\Windows\System\mofWjvF.exe
  C:\Windows\System\mofWjvF.exe
  2⤵
  PID:7840
- C:\Windows\System\xdvxQoN.exe
  C:\Windows\System\xdvxQoN.exe
  2⤵
  PID:7868
- C:\Windows\System\lYPUtqx.exe
  C:\Windows\System\lYPUtqx.exe
  2⤵
  PID:7896
- C:\Windows\System\kyUssIY.exe
  C:\Windows\System\kyUssIY.exe
  2⤵
  PID:7924
- C:\Windows\System\wgcuGUt.exe
  C:\Windows\System\wgcuGUt.exe
  2⤵
  PID:7952
- C:\Windows\System\pLRfQEE.exe
  C:\Windows\System\pLRfQEE.exe
  2⤵
  PID:7980
- C:\Windows\System\gbJKkiP.exe
  C:\Windows\System\gbJKkiP.exe
  2⤵
  PID:8008
- C:\Windows\System\IlvLEmZ.exe
  C:\Windows\System\IlvLEmZ.exe
  2⤵
  PID:8036
- C:\Windows\System\laEKvRv.exe
  C:\Windows\System\laEKvRv.exe
  2⤵
  PID:8064
- C:\Windows\System\LuMISig.exe
  C:\Windows\System\LuMISig.exe
  2⤵
  PID:8092
- C:\Windows\System\vseyRYr.exe
  C:\Windows\System\vseyRYr.exe
  2⤵
  PID:8120
- C:\Windows\System\jEBdFjb.exe
  C:\Windows\System\jEBdFjb.exe
  2⤵
  PID:8148
- C:\Windows\System\jFJMzWf.exe
  C:\Windows\System\jFJMzWf.exe
  2⤵
  PID:8176
- C:\Windows\System\EToPAmx.exe
  C:\Windows\System\EToPAmx.exe
  2⤵
  PID:4276
- C:\Windows\System\JNZwSNa.exe
  C:\Windows\System\JNZwSNa.exe
  2⤵
  PID:1396
- C:\Windows\System\eRWpiNt.exe
  C:\Windows\System\eRWpiNt.exe
  2⤵
  PID:6628
- C:\Windows\System\SFCXmwv.exe
  C:\Windows\System\SFCXmwv.exe
  2⤵
  PID:7212
- C:\Windows\System\pbEyhcA.exe
  C:\Windows\System\pbEyhcA.exe
  2⤵
  PID:7268
- C:\Windows\System\RQhkXID.exe
  C:\Windows\System\RQhkXID.exe
  2⤵
  PID:7328
- C:\Windows\System\BlKeleN.exe
  C:\Windows\System\BlKeleN.exe
  2⤵
  PID:3648
- C:\Windows\System\LPhdRrG.exe
  C:\Windows\System\LPhdRrG.exe
  2⤵
  PID:7460
- C:\Windows\System\sBqYVZs.exe
  C:\Windows\System\sBqYVZs.exe
  2⤵
  PID:7496
- C:\Windows\System\LqAYVHf.exe
  C:\Windows\System\LqAYVHf.exe
  2⤵
  PID:7580
- C:\Windows\System\KXuvymz.exe
  C:\Windows\System\KXuvymz.exe
  2⤵
  PID:7812
- C:\Windows\System\uSOwOJA.exe
  C:\Windows\System\uSOwOJA.exe
  2⤵
  PID:2972
- C:\Windows\System\rHwUMKI.exe
  C:\Windows\System\rHwUMKI.exe
  2⤵
  PID:7908
- C:\Windows\System\iATCepo.exe
  C:\Windows\System\iATCepo.exe
  2⤵
  PID:7944
- C:\Windows\System\upRzysT.exe
  C:\Windows\System\upRzysT.exe
  2⤵
  PID:8020
- C:\Windows\System\VglChrS.exe
  C:\Windows\System\VglChrS.exe
  2⤵
  PID:8084
- C:\Windows\System\tFrzHef.exe
  C:\Windows\System\tFrzHef.exe
  2⤵
  PID:8136
- C:\Windows\System\GMxhRBg.exe
  C:\Windows\System\GMxhRBg.exe
  2⤵
  PID:2532
- C:\Windows\System\jfjZyPu.exe
  C:\Windows\System\jfjZyPu.exe
  2⤵
  PID:7104
- C:\Windows\System\RDRQZzJ.exe
  C:\Windows\System\RDRQZzJ.exe
  2⤵
  PID:4940
- C:\Windows\System\lzMVGuQ.exe
  C:\Windows\System\lzMVGuQ.exe
  2⤵
  PID:7264
- C:\Windows\System\dTSJylp.exe
  C:\Windows\System\dTSJylp.exe
  2⤵
  PID:3760
- C:\Windows\System\MVdHmuc.exe
  C:\Windows\System\MVdHmuc.exe
  2⤵
  PID:7352
- C:\Windows\System\ItsDXwr.exe
  C:\Windows\System\ItsDXwr.exe
  2⤵
  PID:7544
- C:\Windows\System\OlJjkNv.exe
  C:\Windows\System\OlJjkNv.exe
  2⤵
  PID:3860
- C:\Windows\System\GJKcLud.exe
  C:\Windows\System\GJKcLud.exe
  2⤵
  PID:4724
- C:\Windows\System\vtZXbhs.exe
  C:\Windows\System\vtZXbhs.exe
  2⤵
  PID:2776
- C:\Windows\System\hDaCNav.exe
  C:\Windows\System\hDaCNav.exe
  2⤵
  PID:4244
- C:\Windows\System\wddbjfX.exe
  C:\Windows\System\wddbjfX.exe
  2⤵
  PID:436
- C:\Windows\System\EKgAeni.exe
  C:\Windows\System\EKgAeni.exe
  2⤵
  PID:2988
- C:\Windows\System\JSVVhny.exe
  C:\Windows\System\JSVVhny.exe
  2⤵
  PID:1232
- C:\Windows\System\CknySJp.exe
  C:\Windows\System\CknySJp.exe
  2⤵
  PID:3448
- C:\Windows\System\iwzSEit.exe
  C:\Windows\System\iwzSEit.exe
  2⤵
  PID:4224
- C:\Windows\System\ROGlofy.exe
  C:\Windows\System\ROGlofy.exe
  2⤵
  PID:4960
- C:\Windows\System\GDHxMTT.exe
  C:\Windows\System\GDHxMTT.exe
  2⤵
  PID:8188
- C:\Windows\System\YHDSueQ.exe
  C:\Windows\System\YHDSueQ.exe
  2⤵
  PID:6368
- C:\Windows\System\ALmAPUa.exe
  C:\Windows\System\ALmAPUa.exe
  2⤵
  PID:7412
- C:\Windows\System\XpflzvO.exe
  C:\Windows\System\XpflzvO.exe
  2⤵
  PID:7576
- C:\Windows\System\TyFwBNw.exe
  C:\Windows\System\TyFwBNw.exe
  2⤵
  PID:3540
- C:\Windows\System\jmLvAEY.exe
  C:\Windows\System\jmLvAEY.exe
  2⤵
  PID:7436
- C:\Windows\System\oCphpQP.exe
  C:\Windows\System\oCphpQP.exe
  2⤵
  PID:1724
- C:\Windows\System\BuXqksy.exe
  C:\Windows\System\BuXqksy.exe
  2⤵
  PID:4464
- C:\Windows\System\KzGrawY.exe
  C:\Windows\System\KzGrawY.exe
  2⤵
  PID:1392
- C:\Windows\System\NwvagSn.exe
  C:\Windows\System\NwvagSn.exe
  2⤵
  PID:7552
- C:\Windows\System\ATPSujX.exe
  C:\Windows\System\ATPSujX.exe
  2⤵
  PID:7836
- C:\Windows\System\NBYGFup.exe
  C:\Windows\System\NBYGFup.exe
  2⤵
  PID:7068
- C:\Windows\System\tiNfHcB.exe
  C:\Windows\System\tiNfHcB.exe
  2⤵
  PID:7296
- C:\Windows\System\XNjecbD.exe
  C:\Windows\System\XNjecbD.exe
  2⤵
  PID:2712
- C:\Windows\System\MRrvxhK.exe
  C:\Windows\System\MRrvxhK.exe
  2⤵
  PID:7300
- C:\Windows\System\PCrMYbL.exe
  C:\Windows\System\PCrMYbL.exe
  2⤵
  PID:8212
- C:\Windows\System\hIoMvAa.exe
  C:\Windows\System\hIoMvAa.exe
  2⤵
  PID:8240
- C:\Windows\System\LpWUVYM.exe
  C:\Windows\System\LpWUVYM.exe
  2⤵
  PID:8268
- C:\Windows\System\xLIWYRi.exe
  C:\Windows\System\xLIWYRi.exe
  2⤵
  PID:8296
- C:\Windows\System\EZjGfcB.exe
  C:\Windows\System\EZjGfcB.exe
  2⤵
  PID:8324
- C:\Windows\System\TjsQbem.exe
  C:\Windows\System\TjsQbem.exe
  2⤵
  PID:8368
- C:\Windows\System\SmOIoqf.exe
  C:\Windows\System\SmOIoqf.exe
  2⤵
  PID:8396
- C:\Windows\System\qHbRYot.exe
  C:\Windows\System\qHbRYot.exe
  2⤵
  PID:8452
- C:\Windows\System\LPbzpWe.exe
  C:\Windows\System\LPbzpWe.exe
  2⤵
  PID:8480
- C:\Windows\System\rsIVgOF.exe
  C:\Windows\System\rsIVgOF.exe
  2⤵
  PID:8508
- C:\Windows\System\JXDYcmw.exe
  C:\Windows\System\JXDYcmw.exe
  2⤵
  PID:8536
- C:\Windows\System\hfzqumC.exe
  C:\Windows\System\hfzqumC.exe
  2⤵
  PID:8564
- C:\Windows\System\kNHNmOf.exe
  C:\Windows\System\kNHNmOf.exe
  2⤵
  PID:8592
- C:\Windows\System\UettPRK.exe
  C:\Windows\System\UettPRK.exe
  2⤵
  PID:8620
- C:\Windows\System\YZfQtYq.exe
  C:\Windows\System\YZfQtYq.exe
  2⤵
  PID:8652
- C:\Windows\System\zaZHVBE.exe
  C:\Windows\System\zaZHVBE.exe
  2⤵
  PID:8680
- C:\Windows\System\yBghvcP.exe
  C:\Windows\System\yBghvcP.exe
  2⤵
  PID:8708
- C:\Windows\System\KjvjnTQ.exe
  C:\Windows\System\KjvjnTQ.exe
  2⤵
  PID:8736
- C:\Windows\System\HuYoQwO.exe
  C:\Windows\System\HuYoQwO.exe
  2⤵
  PID:8764
- C:\Windows\System\BTkkuSx.exe
  C:\Windows\System\BTkkuSx.exe
  2⤵
  PID:8792
- C:\Windows\System\mOGMUNF.exe
  C:\Windows\System\mOGMUNF.exe
  2⤵
  PID:8824
- C:\Windows\System\aAPKjYE.exe
  C:\Windows\System\aAPKjYE.exe
  2⤵
  PID:8856
- C:\Windows\System\kgCfEtH.exe
  C:\Windows\System\kgCfEtH.exe
  2⤵
  PID:8884
- C:\Windows\System\ZFrFhAw.exe
  C:\Windows\System\ZFrFhAw.exe
  2⤵
  PID:8912
- C:\Windows\System\jLmmsvC.exe
  C:\Windows\System\jLmmsvC.exe
  2⤵
  PID:8940
- C:\Windows\System\ttyiLrn.exe
  C:\Windows\System\ttyiLrn.exe
  2⤵
  PID:8980
- C:\Windows\System\mVeRIlW.exe
  C:\Windows\System\mVeRIlW.exe
  2⤵
  PID:9000
- C:\Windows\System\fDkYyoL.exe
  C:\Windows\System\fDkYyoL.exe
  2⤵
  PID:9028
- C:\Windows\System\NdqXJVK.exe
  C:\Windows\System\NdqXJVK.exe
  2⤵
  PID:9056
- C:\Windows\System\woRqdST.exe
  C:\Windows\System\woRqdST.exe
  2⤵
  PID:9084
- C:\Windows\System\mDCIkqy.exe
  C:\Windows\System\mDCIkqy.exe
  2⤵
  PID:9112
- C:\Windows\System\cJVXyoG.exe
  C:\Windows\System\cJVXyoG.exe
  2⤵
  PID:9140
- C:\Windows\System\DAzQanN.exe
  C:\Windows\System\DAzQanN.exe
  2⤵
  PID:9176
- C:\Windows\System\iOOGLlI.exe
  C:\Windows\System\iOOGLlI.exe
  2⤵
  PID:9196
- C:\Windows\System\crpSGMZ.exe
  C:\Windows\System\crpSGMZ.exe
  2⤵
  PID:8224
- C:\Windows\System\HEePrkD.exe
  C:\Windows\System\HEePrkD.exe
  2⤵
  PID:8288
- C:\Windows\System\WIXnQDk.exe
  C:\Windows\System\WIXnQDk.exe
  2⤵
  PID:8364
- C:\Windows\System\OcpSQDb.exe
  C:\Windows\System\OcpSQDb.exe
  2⤵
  PID:8388
- C:\Windows\System\bpaDIod.exe
  C:\Windows\System\bpaDIod.exe
  2⤵
  PID:8444
- C:\Windows\System\pvvIfBh.exe
  C:\Windows\System\pvvIfBh.exe
  2⤵
  PID:8588
- C:\Windows\System\BCGfWvX.exe
  C:\Windows\System\BCGfWvX.exe
  2⤵
  PID:8644
- C:\Windows\System\AsHJyCS.exe
  C:\Windows\System\AsHJyCS.exe
  2⤵
  PID:8720
- C:\Windows\System\pcUNLUk.exe
  C:\Windows\System\pcUNLUk.exe
  2⤵
  PID:8820
- C:\Windows\System\XYMzpmB.exe
  C:\Windows\System\XYMzpmB.exe
  2⤵
  PID:8600
- C:\Windows\System\GRNhMwe.exe
  C:\Windows\System\GRNhMwe.exe
  2⤵
  PID:9020
- C:\Windows\System\WMLyTXh.exe
  C:\Windows\System\WMLyTXh.exe
  2⤵
  PID:9108
- C:\Windows\System\aQVGsUf.exe
  C:\Windows\System\aQVGsUf.exe
  2⤵
  PID:1176
- C:\Windows\System\IgiXTuG.exe
  C:\Windows\System\IgiXTuG.exe
  2⤵
  PID:4756
- C:\Windows\System\txBErhJ.exe
  C:\Windows\System\txBErhJ.exe
  2⤵
  PID:1684
- C:\Windows\System\aijViYp.exe
  C:\Windows\System\aijViYp.exe
  2⤵
  PID:8648
- C:\Windows\System\TbSWEdM.exe
  C:\Windows\System\TbSWEdM.exe
  2⤵
  PID:8868
- C:\Windows\System\jbjHkPm.exe
  C:\Windows\System\jbjHkPm.exe
  2⤵
  PID:9096
- C:\Windows\System\mKqBYZq.exe
  C:\Windows\System\mKqBYZq.exe
  2⤵
  PID:4320
- C:\Windows\System\vDaXKzY.exe
  C:\Windows\System\vDaXKzY.exe
  2⤵
  PID:8604
- C:\Windows\System\GQMLIYW.exe
  C:\Windows\System\GQMLIYW.exe
  2⤵
  PID:9188
- C:\Windows\System\fxuogfd.exe
  C:\Windows\System\fxuogfd.exe
  2⤵
  PID:2884
- C:\Windows\System\dQYggxR.exe
  C:\Windows\System\dQYggxR.exe
  2⤵
  PID:8788
- C:\Windows\System\klsazDS.exe
  C:\Windows\System\klsazDS.exe
  2⤵
  PID:2008
- C:\Windows\System\iLZkLoE.exe
  C:\Windows\System\iLZkLoE.exe
  2⤵
  PID:8440
- C:\Windows\System\IpGMlsO.exe
  C:\Windows\System\IpGMlsO.exe
  2⤵
  PID:8196
- C:\Windows\System\ksetCxT.exe
  C:\Windows\System\ksetCxT.exe
  2⤵
  PID:9244
- C:\Windows\System\guwQjTZ.exe
  C:\Windows\System\guwQjTZ.exe
  2⤵
  PID:9272
- C:\Windows\System\HYxXGPV.exe
  C:\Windows\System\HYxXGPV.exe
  2⤵
  PID:9300
- C:\Windows\System\XWzDxBw.exe
  C:\Windows\System\XWzDxBw.exe
  2⤵
  PID:9328
- C:\Windows\System\OldivVG.exe
  C:\Windows\System\OldivVG.exe
  2⤵
  PID:9356
- C:\Windows\System\NhvkZKw.exe
  C:\Windows\System\NhvkZKw.exe
  2⤵
  PID:9384
- C:\Windows\System\scKZqVZ.exe
  C:\Windows\System\scKZqVZ.exe
  2⤵
  PID:9412
- C:\Windows\System\KYDcVcU.exe
  C:\Windows\System\KYDcVcU.exe
  2⤵
  PID:9440
- C:\Windows\System\AldTxzq.exe
  C:\Windows\System\AldTxzq.exe
  2⤵
  PID:9468
- C:\Windows\System\jEgJkmK.exe
  C:\Windows\System\jEgJkmK.exe
  2⤵
  PID:9496
- C:\Windows\System\KEfJWVS.exe
  C:\Windows\System\KEfJWVS.exe
  2⤵
  PID:9528
- C:\Windows\System\PoVdNsw.exe
  C:\Windows\System\PoVdNsw.exe
  2⤵
  PID:9556
- C:\Windows\System\ZQWnBNH.exe
  C:\Windows\System\ZQWnBNH.exe
  2⤵
  PID:9584
- C:\Windows\System\rOjPrYR.exe
  C:\Windows\System\rOjPrYR.exe
  2⤵
  PID:9612
- C:\Windows\System\oCEQrZE.exe
  C:\Windows\System\oCEQrZE.exe
  2⤵
  PID:9640
- C:\Windows\System\NblIlPJ.exe
  C:\Windows\System\NblIlPJ.exe
  2⤵
  PID:9668
- C:\Windows\System\eGQdCFg.exe
  C:\Windows\System\eGQdCFg.exe
  2⤵
  PID:9696
- C:\Windows\System\ChqTSKV.exe
  C:\Windows\System\ChqTSKV.exe
  2⤵
  PID:9724
- C:\Windows\System\ntDpzkS.exe
  C:\Windows\System\ntDpzkS.exe
  2⤵
  PID:9756
- C:\Windows\System\RKXhhqs.exe
  C:\Windows\System\RKXhhqs.exe
  2⤵
  PID:9784
- C:\Windows\System\ESXLhOn.exe
  C:\Windows\System\ESXLhOn.exe
  2⤵
  PID:9816
- C:\Windows\System\asOAvzn.exe
  C:\Windows\System\asOAvzn.exe
  2⤵
  PID:9852
- C:\Windows\System\MhTDNzn.exe
  C:\Windows\System\MhTDNzn.exe
  2⤵
  PID:9872
- C:\Windows\System\CPfXXCn.exe
  C:\Windows\System\CPfXXCn.exe
  2⤵
  PID:9900
- C:\Windows\System\oyWZFcw.exe
  C:\Windows\System\oyWZFcw.exe
  2⤵
  PID:9928
- C:\Windows\System\EENEmxt.exe
  C:\Windows\System\EENEmxt.exe
  2⤵
  PID:9956
- C:\Windows\System\jftISgx.exe
  C:\Windows\System\jftISgx.exe
  2⤵
  PID:9984
- C:\Windows\System\uSJDTSL.exe
  C:\Windows\System\uSJDTSL.exe
  2⤵
  PID:10012
- C:\Windows\System\SmFBcKs.exe
  C:\Windows\System\SmFBcKs.exe
  2⤵
  PID:10044
- C:\Windows\System\uukFTKY.exe
  C:\Windows\System\uukFTKY.exe
  2⤵
  PID:10072
- C:\Windows\System\rYispwH.exe
  C:\Windows\System\rYispwH.exe
  2⤵
  PID:10100
- C:\Windows\System\MvCAHvT.exe
  C:\Windows\System\MvCAHvT.exe
  2⤵
  PID:10128
- C:\Windows\System\dmjwLSk.exe
  C:\Windows\System\dmjwLSk.exe
  2⤵
  PID:10156
- C:\Windows\System\XAGMyvG.exe
  C:\Windows\System\XAGMyvG.exe
  2⤵
  PID:10184
- C:\Windows\System\mxexPDK.exe
  C:\Windows\System\mxexPDK.exe
  2⤵
  PID:10212
- C:\Windows\System\UefwWOg.exe
  C:\Windows\System\UefwWOg.exe
  2⤵
  PID:8252
- C:\Windows\System\IdOqMwV.exe
  C:\Windows\System\IdOqMwV.exe
  2⤵
  PID:9264
- C:\Windows\System\qlkUflS.exe
  C:\Windows\System\qlkUflS.exe
  2⤵
  PID:9352
- C:\Windows\System\ewdKNoY.exe
  C:\Windows\System\ewdKNoY.exe
  2⤵
  PID:9380
- C:\Windows\System\PpXJPnv.exe
  C:\Windows\System\PpXJPnv.exe
  2⤵
  PID:9452
- C:\Windows\System\pPqMqLz.exe
  C:\Windows\System\pPqMqLz.exe
  2⤵
  PID:9524
- C:\Windows\System\LMeaEDw.exe
  C:\Windows\System\LMeaEDw.exe
  2⤵
  PID:9596
- C:\Windows\System\DsmeLls.exe
  C:\Windows\System\DsmeLls.exe
  2⤵
  PID:9680
- C:\Windows\System\kfWXLga.exe
  C:\Windows\System\kfWXLga.exe
  2⤵
  PID:9736
- C:\Windows\System\fMowSAM.exe
  C:\Windows\System\fMowSAM.exe
  2⤵
  PID:9776
- C:\Windows\System\UxIjaAR.exe
  C:\Windows\System\UxIjaAR.exe
  2⤵
  PID:9860
- C:\Windows\System\wTeKHxc.exe
  C:\Windows\System\wTeKHxc.exe
  2⤵
  PID:9948
- C:\Windows\System\zxNjOhw.exe
  C:\Windows\System\zxNjOhw.exe
  2⤵
  PID:10004
- C:\Windows\System\JjIjDxs.exe
  C:\Windows\System\JjIjDxs.exe
  2⤵
  PID:10084
- C:\Windows\System\UYmhIpS.exe
  C:\Windows\System\UYmhIpS.exe
  2⤵
  PID:10152
- C:\Windows\System\AznDaUN.exe
  C:\Windows\System\AznDaUN.exe
  2⤵
  PID:10208
- C:\Windows\System\fALSLxW.exe
  C:\Windows\System\fALSLxW.exe
  2⤵
  PID:1848
- C:\Windows\System\LNpWULm.exe
  C:\Windows\System\LNpWULm.exe
  2⤵
  PID:9432
- C:\Windows\System\wspdEud.exe
  C:\Windows\System\wspdEud.exe
  2⤵
  PID:9576
- C:\Windows\System\WEhgnMK.exe
  C:\Windows\System\WEhgnMK.exe
  2⤵
  PID:9768
- C:\Windows\System\nOsuRLO.exe
  C:\Windows\System\nOsuRLO.exe
  2⤵
  PID:9892
- C:\Windows\System\QnvmUUn.exe
  C:\Windows\System\QnvmUUn.exe
  2⤵
  PID:9996
- C:\Windows\System\mtAIwbL.exe
  C:\Windows\System\mtAIwbL.exe
  2⤵
  PID:10140
- C:\Windows\System\JpTfANM.exe
  C:\Windows\System\JpTfANM.exe
  2⤵
  PID:9312
- C:\Windows\System\NtUGoxx.exe
  C:\Windows\System\NtUGoxx.exe
  2⤵
  PID:9708
- C:\Windows\System\sXhgVxH.exe
  C:\Windows\System\sXhgVxH.exe
  2⤵
  PID:9804
- C:\Windows\System\ododPWJ.exe
  C:\Windows\System\ododPWJ.exe
  2⤵
  PID:9492
- C:\Windows\System\evkVdpk.exe
  C:\Windows\System\evkVdpk.exe
  2⤵
  PID:9232
- C:\Windows\System\iOsyIKy.exe
  C:\Windows\System\iOsyIKy.exe
  2⤵
  PID:10248
- C:\Windows\System\hCHYqlJ.exe
  C:\Windows\System\hCHYqlJ.exe
  2⤵
  PID:10276
- C:\Windows\System\qXnqFpz.exe
  C:\Windows\System\qXnqFpz.exe
  2⤵
  PID:10304
- C:\Windows\System\OqfFpJg.exe
  C:\Windows\System\OqfFpJg.exe
  2⤵
  PID:10340
- C:\Windows\System\eYzKmvN.exe
  C:\Windows\System\eYzKmvN.exe
  2⤵
  PID:10368
- C:\Windows\System\JVQnxxv.exe
  C:\Windows\System\JVQnxxv.exe
  2⤵
  PID:10396
- C:\Windows\System\aJgIXYu.exe
  C:\Windows\System\aJgIXYu.exe
  2⤵
  PID:10424
- C:\Windows\System\AzKkLYd.exe
  C:\Windows\System\AzKkLYd.exe
  2⤵
  PID:10452
- C:\Windows\System\UApydHy.exe
  C:\Windows\System\UApydHy.exe
  2⤵
  PID:10480
- C:\Windows\System\GQqFqrb.exe
  C:\Windows\System\GQqFqrb.exe
  2⤵
  PID:10508
- C:\Windows\System\azyZnWp.exe
  C:\Windows\System\azyZnWp.exe
  2⤵
  PID:10536
- C:\Windows\System\zRvnUch.exe
  C:\Windows\System\zRvnUch.exe
  2⤵
  PID:10564
- C:\Windows\System\rmwXsye.exe
  C:\Windows\System\rmwXsye.exe
  2⤵
  PID:10592
- C:\Windows\System\DKShNXD.exe
  C:\Windows\System\DKShNXD.exe
  2⤵
  PID:10620
- C:\Windows\System\psBZazb.exe
  C:\Windows\System\psBZazb.exe
  2⤵
  PID:10652
- C:\Windows\System\vxQaYsT.exe
  C:\Windows\System\vxQaYsT.exe
  2⤵
  PID:10680
- C:\Windows\System\qexSgpk.exe
  C:\Windows\System\qexSgpk.exe
  2⤵
  PID:10708
- C:\Windows\System\DanwOlm.exe
  C:\Windows\System\DanwOlm.exe
  2⤵
  PID:10724
- C:\Windows\System\vJnPvGl.exe
  C:\Windows\System\vJnPvGl.exe
  2⤵
  PID:10752
- C:\Windows\System\sHFREof.exe
  C:\Windows\System\sHFREof.exe
  2⤵
  PID:10776
- C:\Windows\System\IPVeyPc.exe
  C:\Windows\System\IPVeyPc.exe
  2⤵
  PID:10808
- C:\Windows\System\UUHYxIS.exe
  C:\Windows\System\UUHYxIS.exe
  2⤵
  PID:10840
- C:\Windows\System\xgoeCfC.exe
  C:\Windows\System\xgoeCfC.exe
  2⤵
  PID:10860
- C:\Windows\System\kpPhfBv.exe
  C:\Windows\System\kpPhfBv.exe
  2⤵
  PID:10884
- C:\Windows\System\xxByMTO.exe
  C:\Windows\System\xxByMTO.exe
  2⤵
  PID:10940
- C:\Windows\System\wiNhBfA.exe
  C:\Windows\System\wiNhBfA.exe
  2⤵
  PID:10976
- C:\Windows\System\cFsYvCi.exe
  C:\Windows\System\cFsYvCi.exe
  2⤵
  PID:11004
- C:\Windows\System\MaMqLME.exe
  C:\Windows\System\MaMqLME.exe
  2⤵
  PID:11036
- C:\Windows\System\KozArrg.exe
  C:\Windows\System\KozArrg.exe
  2⤵
  PID:11064
- C:\Windows\System\txlqash.exe
  C:\Windows\System\txlqash.exe
  2⤵
  PID:11092
- C:\Windows\System\xOqtjyx.exe
  C:\Windows\System\xOqtjyx.exe
  2⤵
  PID:11120
- C:\Windows\System\TUnyXnb.exe
  C:\Windows\System\TUnyXnb.exe
  2⤵
  PID:11152
- C:\Windows\System\jSfEwnM.exe
  C:\Windows\System\jSfEwnM.exe
  2⤵
  PID:11180
- C:\Windows\System\uZCypdv.exe
  C:\Windows\System\uZCypdv.exe
  2⤵
  PID:11208
- C:\Windows\System\VOnrkvv.exe
  C:\Windows\System\VOnrkvv.exe
  2⤵
  PID:11236
- C:\Windows\System\TyAmhNP.exe
  C:\Windows\System\TyAmhNP.exe
  2⤵
  PID:11256
- C:\Windows\System\LIBctCs.exe
  C:\Windows\System\LIBctCs.exe
  2⤵
  PID:10360
- C:\Windows\System\dYdZIgP.exe
  C:\Windows\System\dYdZIgP.exe
  2⤵
  PID:3308
- C:\Windows\System\wuNWGeR.exe
  C:\Windows\System\wuNWGeR.exe
  2⤵
  PID:10504
- C:\Windows\System\RtmEFfB.exe
  C:\Windows\System\RtmEFfB.exe
  2⤵
  PID:10548
- C:\Windows\System\MAmXefM.exe
  C:\Windows\System\MAmXefM.exe
  2⤵
  PID:4908
- C:\Windows\System\iSEaTof.exe
  C:\Windows\System\iSEaTof.exe
  2⤵
  PID:10672
- C:\Windows\System\nNIZWuE.exe
  C:\Windows\System\nNIZWuE.exe
  2⤵
  PID:10716
- C:\Windows\System\ZHpCvvA.exe
  C:\Windows\System\ZHpCvvA.exe
  2⤵
  PID:10772
- C:\Windows\System\OMBwRqV.exe
  C:\Windows\System\OMBwRqV.exe
  2⤵
  PID:10828
- C:\Windows\System\VPJPHoc.exe
  C:\Windows\System\VPJPHoc.exe
  2⤵
  PID:10904
- C:\Windows\System\tizlkLZ.exe
  C:\Windows\System\tizlkLZ.exe
  2⤵
  PID:10996
- C:\Windows\System\HzeNBBW.exe
  C:\Windows\System\HzeNBBW.exe
  2⤵
  PID:8560
- C:\Windows\System\yetfHKw.exe
  C:\Windows\System\yetfHKw.exe
  2⤵
  PID:11016
- C:\Windows\System\ilTIFQS.exe
  C:\Windows\System\ilTIFQS.exe
  2⤵
  PID:11076
- C:\Windows\System\AsFySbK.exe
  C:\Windows\System\AsFySbK.exe
  2⤵
  PID:11164
- C:\Windows\System\nhvPLpY.exe
  C:\Windows\System\nhvPLpY.exe
  2⤵
  PID:11228
- C:\Windows\System\luXYxfd.exe
  C:\Windows\System\luXYxfd.exe
  2⤵
  PID:3624
- C:\Windows\System\mZZCPMe.exe
  C:\Windows\System\mZZCPMe.exe
  2⤵
  PID:10492
- C:\Windows\System\PGmNpKo.exe
  C:\Windows\System\PGmNpKo.exe
  2⤵
  PID:10632
- C:\Windows\System\oGhxceX.exe
  C:\Windows\System\oGhxceX.exe
  2⤵
  PID:10788
- C:\Windows\System\dsDNmdH.exe
  C:\Windows\System\dsDNmdH.exe
  2⤵
  PID:10924
- C:\Windows\System\zKTXctl.exe
  C:\Windows\System\zKTXctl.exe
  2⤵
  PID:11048
- C:\Windows\System\YBjjUjd.exe
  C:\Windows\System\YBjjUjd.exe
  2⤵
  PID:11204
- C:\Windows\System\ricizcD.exe
  C:\Windows\System\ricizcD.exe
  2⤵
  PID:10532
- C:\Windows\System\vGriWCc.exe
  C:\Windows\System\vGriWCc.exe
  2⤵
  PID:4392
- C:\Windows\System\OkDDwBn.exe
  C:\Windows\System\OkDDwBn.exe
  2⤵
  PID:11284
- C:\Windows\System\JpjwOPB.exe
  C:\Windows\System\JpjwOPB.exe
  2⤵
  PID:11336
- C:\Windows\System\SQrrrRf.exe
  C:\Windows\System\SQrrrRf.exe
  2⤵
  PID:11376
- C:\Windows\System\mOUMfsD.exe
  C:\Windows\System\mOUMfsD.exe
  2⤵
  PID:11404
- C:\Windows\System\sjaUWOw.exe
  C:\Windows\System\sjaUWOw.exe
  2⤵
  PID:11432
- C:\Windows\System\ARuLcLj.exe
  C:\Windows\System\ARuLcLj.exe
  2⤵
  PID:11460
- C:\Windows\System\VHWiLbX.exe
  C:\Windows\System\VHWiLbX.exe
  2⤵
  PID:11488
- C:\Windows\System\dLMXatA.exe
  C:\Windows\System\dLMXatA.exe
  2⤵
  PID:11516
- C:\Windows\System\kqjNwRm.exe
  C:\Windows\System\kqjNwRm.exe
  2⤵
  PID:11552
- C:\Windows\System\JAYksXt.exe
  C:\Windows\System\JAYksXt.exe
  2⤵
  PID:11588
- C:\Windows\System\QrbxDHo.exe
  C:\Windows\System\QrbxDHo.exe
  2⤵
  PID:11624
- C:\Windows\System\kPBAIIx.exe
  C:\Windows\System\kPBAIIx.exe
  2⤵
  PID:11656
- C:\Windows\System\hayzDJx.exe
  C:\Windows\System\hayzDJx.exe
  2⤵
  PID:11684
- C:\Windows\System\QPUHvcS.exe
  C:\Windows\System\QPUHvcS.exe
  2⤵
  PID:11724
- C:\Windows\System\mxRJNdV.exe
  C:\Windows\System\mxRJNdV.exe
  2⤵
  PID:11744
- C:\Windows\System\nhgDdcu.exe
  C:\Windows\System\nhgDdcu.exe
  2⤵
  PID:11772
- C:\Windows\System\NmGdkpK.exe
  C:\Windows\System\NmGdkpK.exe
  2⤵
  PID:11804
- C:\Windows\System\pgdHUCJ.exe
  C:\Windows\System\pgdHUCJ.exe
  2⤵
  PID:11832
- C:\Windows\System\adKmKuo.exe
  C:\Windows\System\adKmKuo.exe
  2⤵
  PID:11860
- C:\Windows\System\aEEVzYQ.exe
  C:\Windows\System\aEEVzYQ.exe
  2⤵
  PID:11888
- C:\Windows\System\wZIQCGo.exe
  C:\Windows\System\wZIQCGo.exe
  2⤵
  PID:11916
- C:\Windows\System\AGEZGxN.exe
  C:\Windows\System\AGEZGxN.exe
  2⤵
  PID:11944
- C:\Windows\System\qBTadug.exe
  C:\Windows\System\qBTadug.exe
  2⤵
  PID:11972
- C:\Windows\System\dZkgAve.exe
  C:\Windows\System\dZkgAve.exe
  2⤵
  PID:12000
- C:\Windows\System\FozrSQv.exe
  C:\Windows\System\FozrSQv.exe
  2⤵
  PID:12028
- C:\Windows\System\dTghOdH.exe
  C:\Windows\System\dTghOdH.exe
  2⤵
  PID:12056
- C:\Windows\System\IRXVjiR.exe
  C:\Windows\System\IRXVjiR.exe
  2⤵
  PID:12084
- C:\Windows\System\OXlhdJp.exe
  C:\Windows\System\OXlhdJp.exe
  2⤵
  PID:12112
- C:\Windows\System\SWqGdQg.exe
  C:\Windows\System\SWqGdQg.exe
  2⤵
  PID:12140
- C:\Windows\System\JbXiuVJ.exe
  C:\Windows\System\JbXiuVJ.exe
  2⤵
  PID:12168
- C:\Windows\System\msREMhP.exe
  C:\Windows\System\msREMhP.exe
  2⤵
  PID:12196
- C:\Windows\System\GsuPwUs.exe
  C:\Windows\System\GsuPwUs.exe
  2⤵
  PID:12224
- C:\Windows\System\cihWuBI.exe
  C:\Windows\System\cihWuBI.exe
  2⤵
  PID:12252
- C:\Windows\System\RVSkqMk.exe
  C:\Windows\System\RVSkqMk.exe
  2⤵
  PID:12280
- C:\Windows\System\CmVtzoV.exe
  C:\Windows\System\CmVtzoV.exe
  2⤵
  PID:11348
- C:\Windows\System\XgXsxRV.exe
  C:\Windows\System\XgXsxRV.exe
  2⤵
  PID:11416
- C:\Windows\System\GsJHnZu.exe
  C:\Windows\System\GsJHnZu.exe
  2⤵
  PID:11480
- C:\Windows\System\eQhRlGb.exe
  C:\Windows\System\eQhRlGb.exe
  2⤵
  PID:11584
- C:\Windows\System\BPhcnsU.exe
  C:\Windows\System\BPhcnsU.exe
  2⤵
  PID:11636
- C:\Windows\System\SnkKFGK.exe
  C:\Windows\System\SnkKFGK.exe
  2⤵
  PID:11680
- C:\Windows\System\FAcrOvU.exe
  C:\Windows\System\FAcrOvU.exe
  2⤵
  PID:11740
- C:\Windows\System\MnIUFUA.exe
  C:\Windows\System\MnIUFUA.exe
  2⤵
  PID:11816
- C:\Windows\System\GcbofFl.exe
  C:\Windows\System\GcbofFl.exe
  2⤵
  PID:11644
- C:\Windows\System\jDMJOBt.exe
  C:\Windows\System\jDMJOBt.exe
  2⤵
  PID:8532
- C:\Windows\System\wslgYGf.exe
  C:\Windows\System\wslgYGf.exe
  2⤵
  PID:11932
- C:\Windows\System\AkSOFNn.exe
  C:\Windows\System\AkSOFNn.exe
  2⤵
  PID:11992
- C:\Windows\System\hgbyKqs.exe
  C:\Windows\System\hgbyKqs.exe
  2⤵
  PID:12048
- C:\Windows\System\sBhcQDf.exe
  C:\Windows\System\sBhcQDf.exe
  2⤵
  PID:12108
- C:\Windows\System\jLcMXyW.exe
  C:\Windows\System\jLcMXyW.exe
  2⤵
  PID:12180
- C:\Windows\System\vKgQzkB.exe
  C:\Windows\System\vKgQzkB.exe
  2⤵
  PID:12244
- C:\Windows\System\tshWUVq.exe
  C:\Windows\System\tshWUVq.exe
  2⤵
  PID:11324
- C:\Windows\System\ixfDQXQ.exe
  C:\Windows\System\ixfDQXQ.exe
  2⤵
  PID:11508
- C:\Windows\System\tZEaiss.exe
  C:\Windows\System\tZEaiss.exe
  2⤵
  PID:3500
- C:\Windows\System\tOxdtYV.exe
  C:\Windows\System\tOxdtYV.exe
  2⤵
  PID:11796
- C:\Windows\System\EfFccfs.exe
  C:\Windows\System\EfFccfs.exe
  2⤵
  PID:11732
- C:\Windows\System\eZtDIRC.exe
  C:\Windows\System\eZtDIRC.exe
  2⤵
  PID:12020
- C:\Windows\System\APWMHoJ.exe
  C:\Windows\System\APWMHoJ.exe
  2⤵
  PID:12160
- C:\Windows\System\YaWZPOZ.exe
  C:\Windows\System\YaWZPOZ.exe
  2⤵
  PID:11320
- C:\Windows\System\RauknrL.exe
  C:\Windows\System\RauknrL.exe
  2⤵
  PID:11720
- C:\Windows\System\QuIAKwZ.exe
  C:\Windows\System\QuIAKwZ.exe
  2⤵
  PID:11908
- C:\Windows\System\PRhgoSA.exe
  C:\Windows\System\PRhgoSA.exe
  2⤵
  PID:12272
- C:\Windows\System\ySLlJSR.exe
  C:\Windows\System\ySLlJSR.exe
  2⤵
  PID:1464
- C:\Windows\System\uplmCUe.exe
  C:\Windows\System\uplmCUe.exe
  2⤵
  PID:11872
- C:\Windows\System\xQSgeCh.exe
  C:\Windows\System\xQSgeCh.exe
  2⤵
  PID:12296
- C:\Windows\System\VZWkJXx.exe
  C:\Windows\System\VZWkJXx.exe
  2⤵
  PID:12324
- C:\Windows\System\QkwMSNh.exe
  C:\Windows\System\QkwMSNh.exe
  2⤵
  PID:12352
- C:\Windows\System\pCbkMsY.exe
  C:\Windows\System\pCbkMsY.exe
  2⤵
  PID:12388
- C:\Windows\System\DiLDKMx.exe
  C:\Windows\System\DiLDKMx.exe
  2⤵
  PID:12436
- C:\Windows\System\IEPcdQY.exe
  C:\Windows\System\IEPcdQY.exe
  2⤵
  PID:12480
- C:\Windows\System\hEzqBUb.exe
  C:\Windows\System\hEzqBUb.exe
  2⤵
  PID:12532
- C:\Windows\System\bbIYMDn.exe
  C:\Windows\System\bbIYMDn.exe
  2⤵
  PID:12564
- C:\Windows\System\YDmuubO.exe
  C:\Windows\System\YDmuubO.exe
  2⤵
  PID:12596
- C:\Windows\System\GcviEkN.exe
  C:\Windows\System\GcviEkN.exe
  2⤵
  PID:12632
- C:\Windows\System\hfiENkN.exe
  C:\Windows\System\hfiENkN.exe
  2⤵
  PID:12656
- C:\Windows\System\MZlwfAd.exe
  C:\Windows\System\MZlwfAd.exe
  2⤵
  PID:12684
- C:\Windows\System\iZpOTOl.exe
  C:\Windows\System\iZpOTOl.exe
  2⤵
  PID:12712
- C:\Windows\System\ScMlsII.exe
  C:\Windows\System\ScMlsII.exe
  2⤵
  PID:12740
- C:\Windows\System\qgKOZmm.exe
  C:\Windows\System\qgKOZmm.exe
  2⤵
  PID:12768
- C:\Windows\System\WQCCirG.exe
  C:\Windows\System\WQCCirG.exe
  2⤵
  PID:12796
- C:\Windows\System\TtoKTlV.exe
  C:\Windows\System\TtoKTlV.exe
  2⤵
  PID:12824
- C:\Windows\System\KyDHgJP.exe
  C:\Windows\System\KyDHgJP.exe
  2⤵
  PID:12860
- C:\Windows\System\CYwWLDD.exe
  C:\Windows\System\CYwWLDD.exe
  2⤵
  PID:12880
- C:\Windows\System\cXUYSGM.exe
  C:\Windows\System\cXUYSGM.exe
  2⤵
  PID:12908
- C:\Windows\System\udKvFMd.exe
  C:\Windows\System\udKvFMd.exe
  2⤵
  PID:12936
- C:\Windows\System\ADFDtlH.exe
  C:\Windows\System\ADFDtlH.exe
  2⤵
  PID:12964
- C:\Windows\System\EMTuiwD.exe
  C:\Windows\System\EMTuiwD.exe
  2⤵
  PID:12992
- C:\Windows\System\WGHqyNC.exe
  C:\Windows\System\WGHqyNC.exe
  2⤵
  PID:13020
- C:\Windows\System\XUMAEmK.exe
  C:\Windows\System\XUMAEmK.exe
  2⤵
  PID:13048
- C:\Windows\System\pEUtpMn.exe
  C:\Windows\System\pEUtpMn.exe
  2⤵
  PID:13076
- C:\Windows\System\bBHnMEY.exe
  C:\Windows\System\bBHnMEY.exe
  2⤵
  PID:13104
- C:\Windows\System\wPIigLK.exe
  C:\Windows\System\wPIigLK.exe
  2⤵
  PID:13132
- C:\Windows\System\gwYItsB.exe
  C:\Windows\System\gwYItsB.exe
  2⤵
  PID:13160
- C:\Windows\System\SMiDBuN.exe
  C:\Windows\System\SMiDBuN.exe
  2⤵
  PID:13188
- C:\Windows\System\lKenGga.exe
  C:\Windows\System\lKenGga.exe
  2⤵
  PID:13216
- C:\Windows\System\CFISlrm.exe
  C:\Windows\System\CFISlrm.exe
  2⤵
  PID:13252
- C:\Windows\System\iJWsmvT.exe
  C:\Windows\System\iJWsmvT.exe
  2⤵
  PID:13272
- C:\Windows\System\iMKwEhe.exe
  C:\Windows\System\iMKwEhe.exe
  2⤵
  PID:13300
- C:\Windows\System\SExTpGO.exe
  C:\Windows\System\SExTpGO.exe
  2⤵
  PID:12308
- C:\Windows\System\utPDgpF.exe
  C:\Windows\System\utPDgpF.exe
  2⤵
  PID:12364
- C:\Windows\System\BJtAlbb.exe
  C:\Windows\System\BJtAlbb.exe
  2⤵
  PID:12468
- C:\Windows\System\KWplsxG.exe
  C:\Windows\System\KWplsxG.exe
  2⤵
  PID:12560
- C:\Windows\System\oEnZWoe.exe
  C:\Windows\System\oEnZWoe.exe
  2⤵
  PID:12624
- C:\Windows\System\KWhSoUa.exe
  C:\Windows\System\KWhSoUa.exe
  2⤵
  PID:12504
- C:\Windows\System\QAMuyMI.exe
  C:\Windows\System\QAMuyMI.exe
  2⤵
  PID:12668
- C:\Windows\System\pQIquaw.exe
  C:\Windows\System\pQIquaw.exe
  2⤵
  PID:12732
- C:\Windows\System\xHCjIzM.exe
  C:\Windows\System\xHCjIzM.exe
  2⤵
  PID:12792
- C:\Windows\System\MRRKDqw.exe
  C:\Windows\System\MRRKDqw.exe
  2⤵
  PID:12868
- C:\Windows\System\UwsTFXw.exe
  C:\Windows\System\UwsTFXw.exe
  2⤵
  PID:12904
- C:\Windows\System\YFtSkZY.exe
  C:\Windows\System\YFtSkZY.exe
  2⤵
  PID:12976
- C:\Windows\System\MrhdVqI.exe
  C:\Windows\System\MrhdVqI.exe
  2⤵
  PID:13044
- C:\Windows\System\OFfWwXJ.exe
  C:\Windows\System\OFfWwXJ.exe
  2⤵
  PID:13100
- C:\Windows\System\lMytFwj.exe
  C:\Windows\System\lMytFwj.exe
  2⤵
  PID:13172
- C:\Windows\System\oQnPTIS.exe
  C:\Windows\System\oQnPTIS.exe
  2⤵
  PID:13228
- C:\Windows\System\rBZetpe.exe
  C:\Windows\System\rBZetpe.exe
  2⤵
  PID:13292
- C:\Windows\System\zOupgPq.exe
  C:\Windows\System\zOupgPq.exe
  2⤵
  PID:12348
- C:\Windows\System\XsEsoCt.exe
  C:\Windows\System\XsEsoCt.exe
  2⤵
  PID:12556
- C:\Windows\System\txzMbhA.exe
  C:\Windows\System\txzMbhA.exe
  2⤵
  PID:12428
- C:\Windows\System\lVKbmsK.exe
  C:\Windows\System\lVKbmsK.exe
  2⤵
  PID:12780
- C:\Windows\System\PDXBQPU.exe
  C:\Windows\System\PDXBQPU.exe
  2⤵
  PID:12900
- C:\Windows\System\HIjIBRi.exe
  C:\Windows\System\HIjIBRi.exe
  2⤵
  PID:13068
- C:\Windows\System\SeTEprG.exe
  C:\Windows\System\SeTEprG.exe
  2⤵
  PID:13208
- C:\Windows\System\WukxHrm.exe
  C:\Windows\System\WukxHrm.exe
  2⤵
  PID:12420
- C:\Windows\System\LSrUvbS.exe
  C:\Windows\System\LSrUvbS.exe
  2⤵
  PID:12844
- C:\Windows\System\tqAnGXr.exe
  C:\Windows\System\tqAnGXr.exe
  2⤵
  PID:13152
- C:\Windows\System\FzLZztv.exe
  C:\Windows\System\FzLZztv.exe
  2⤵
  PID:5372
- C:\Windows\System\YIPcMts.exe
  C:\Windows\System\YIPcMts.exe
  2⤵
  PID:8908
- C:\Windows\System\KUTGNUX.exe
  C:\Windows\System\KUTGNUX.exe
  2⤵
  PID:5584
- C:\Windows\System\bTuoExR.exe
  C:\Windows\System\bTuoExR.exe
  2⤵
  PID:8924
- C:\Windows\System\HzJijJH.exe
  C:\Windows\System\HzJijJH.exe
  2⤵
  PID:13332
- C:\Windows\System\sJoLFrm.exe
  C:\Windows\System\sJoLFrm.exe
  2⤵
  PID:13380
- C:\Windows\System\QWAnmyw.exe
  C:\Windows\System\QWAnmyw.exe
  2⤵
  PID:13424
- C:\Windows\System\CYNdAWH.exe
  C:\Windows\System\CYNdAWH.exe
  2⤵
  PID:13440
- C:\Windows\System\avvHMkJ.exe
  C:\Windows\System\avvHMkJ.exe
  2⤵
  PID:13464
- C:\Windows\System\KkvbIbd.exe
  C:\Windows\System\KkvbIbd.exe
  2⤵
  PID:13492
- C:\Windows\System\OiFCarD.exe
  C:\Windows\System\OiFCarD.exe
  2⤵
  PID:13544
- C:\Windows\System\uckXpfv.exe
  C:\Windows\System\uckXpfv.exe
  2⤵
  PID:13572
- C:\Windows\System\rEAYSFG.exe
  C:\Windows\System\rEAYSFG.exe
  2⤵
  PID:13600
- C:\Windows\System\XAjwiiN.exe
  C:\Windows\System\XAjwiiN.exe
  2⤵
  PID:13636
- C:\Windows\System\HQYmudd.exe
  C:\Windows\System\HQYmudd.exe
  2⤵
  PID:13676
- C:\Windows\System\NGekOdZ.exe
  C:\Windows\System\NGekOdZ.exe
  2⤵
  PID:13708
- C:\Windows\System\JUBfsnf.exe
  C:\Windows\System\JUBfsnf.exe
  2⤵
  PID:13736
- C:\Windows\System\MWlUZnU.exe
  C:\Windows\System\MWlUZnU.exe
  2⤵
  PID:13776
- C:\Windows\System\kfGMGKX.exe
  C:\Windows\System\kfGMGKX.exe
  2⤵
  PID:13800
- C:\Windows\System\qzpqzpT.exe
  C:\Windows\System\qzpqzpT.exe
  2⤵
  PID:13844
- C:\Windows\System\TYkbaIv.exe
  C:\Windows\System\TYkbaIv.exe
  2⤵
  PID:13884
- C:\Windows\System\diGYYpi.exe
  C:\Windows\System\diGYYpi.exe
  2⤵
  PID:13912
- C:\Windows\System\upTNnKb.exe
  C:\Windows\System\upTNnKb.exe
  2⤵
  PID:13944
- C:\Windows\System\lyShbOi.exe
  C:\Windows\System\lyShbOi.exe
  2⤵
  PID:13972
- C:\Windows\System\ZwfTwdq.exe
  C:\Windows\System\ZwfTwdq.exe
  2⤵
  PID:14008
- C:\Windows\System\oICQIlP.exe
  C:\Windows\System\oICQIlP.exe
  2⤵
  PID:14040
- C:\Windows\System\TypjGtV.exe
  C:\Windows\System\TypjGtV.exe
  2⤵
  PID:14068
- C:\Windows\System\ghkbaAG.exe
  C:\Windows\System\ghkbaAG.exe
  2⤵
  PID:14096
- C:\Windows\System\geyQaiW.exe
  C:\Windows\System\geyQaiW.exe
  2⤵
  PID:14128
- C:\Windows\System\yqRdzIt.exe
  C:\Windows\System\yqRdzIt.exe
  2⤵
  PID:14156
- C:\Windows\System\DieSTGm.exe
  C:\Windows\System\DieSTGm.exe
  2⤵
  PID:14184
- C:\Windows\System\UcBjJRq.exe
  C:\Windows\System\UcBjJRq.exe
  2⤵
  PID:14212
- C:\Windows\System\XhAYYxC.exe
  C:\Windows\System\XhAYYxC.exe
  2⤵
  PID:14240
- C:\Windows\System\tOXlERL.exe
  C:\Windows\System\tOXlERL.exe
  2⤵
  PID:14268
- C:\Windows\System\PxOkpnP.exe
  C:\Windows\System\PxOkpnP.exe
  2⤵
  PID:14296
- C:\Windows\System\JySXCGA.exe
  C:\Windows\System\JySXCGA.exe
  2⤵
  PID:14324
- C:\Windows\System\EDYTDgr.exe
  C:\Windows\System\EDYTDgr.exe
  2⤵
  PID:13368
- C:\Windows\System\yRGbEFy.exe
  C:\Windows\System\yRGbEFy.exe
  2⤵
  PID:13456
- C:\Windows\System\ZtCnjwM.exe
  C:\Windows\System\ZtCnjwM.exe
  2⤵
  PID:13528
- C:\Windows\System\xliRlPt.exe
  C:\Windows\System\xliRlPt.exe
  2⤵
  PID:13592
- C:\Windows\System\VzBLZLD.exe
  C:\Windows\System\VzBLZLD.exe
  2⤵
  PID:13672
- C:\Windows\System\RBPbeqn.exe
  C:\Windows\System\RBPbeqn.exe
  2⤵
  PID:5972
- C:\Windows\System\YVTzJBd.exe
  C:\Windows\System\YVTzJBd.exe
  2⤵
  PID:13788
- C:\Windows\System\GiBICSw.exe
  C:\Windows\System\GiBICSw.exe
  2⤵
  PID:13784
- C:\Windows\System\RapszTC.exe
  C:\Windows\System\RapszTC.exe
  2⤵
  PID:13836
- C:\Windows\System\EaSFaQJ.exe
  C:\Windows\System\EaSFaQJ.exe
  2⤵
  PID:13904
- C:\Windows\System\ZOIqkyx.exe
  C:\Windows\System\ZOIqkyx.exe
  2⤵
  PID:13968
- C:\Windows\System\ClDRQPW.exe
  C:\Windows\System\ClDRQPW.exe
  2⤵
  PID:14000
- C:\Windows\System\BFrMMSp.exe
  C:\Windows\System\BFrMMSp.exe
  2⤵
  PID:14028
- C:\Windows\System\fIQKgys.exe
  C:\Windows\System\fIQKgys.exe
  2⤵
  PID:14088
- C:\Windows\System\tVGqnNX.exe
  C:\Windows\System\tVGqnNX.exe
  2⤵
  PID:14148
- C:\Windows\System\usDZQne.exe
  C:\Windows\System\usDZQne.exe
  2⤵
  PID:14204
- C:\Windows\System\oabEOlN.exe
  C:\Windows\System\oabEOlN.exe
  2⤵
  PID:14264
- C:\Windows\System\dDIdaUI.exe
  C:\Windows\System\dDIdaUI.exe
  2⤵
  PID:2944
- C:\Windows\System\BdrTfhP.exe
  C:\Windows\System\BdrTfhP.exe
  2⤵
  PID:13508
- C:\Windows\System\SikIAif.exe
  C:\Windows\System\SikIAif.exe
  2⤵
  PID:13668
- C:\Windows\System\TcRScHL.exe
  C:\Windows\System\TcRScHL.exe
  2⤵
  PID:13660
- C:\Windows\System\dxvGhDu.exe
  C:\Windows\System\dxvGhDu.exe
  2⤵
  PID:13896
- C:\Windows\System\rnLNUbh.exe
  C:\Windows\System\rnLNUbh.exe
  2⤵
  PID:13872
- C:\Windows\System\AxJIkBx.exe
  C:\Windows\System\AxJIkBx.exe
  2⤵
  PID:14120
- C:\Windows\System\wCJLUVO.exe
  C:\Windows\System\wCJLUVO.exe
  2⤵
  PID:14180
- C:\Windows\System\jRFKgSs.exe
  C:\Windows\System\jRFKgSs.exe
  2⤵
  PID:13416
- C:\Windows\System\ETpbpCq.exe
  C:\Windows\System\ETpbpCq.exe
  2⤵
  PID:13732
- C:\Windows\System\AmzuhcC.exe
  C:\Windows\System\AmzuhcC.exe
  2⤵
  PID:13868
- C:\Windows\System\RTuWWoO.exe
  C:\Windows\System\RTuWWoO.exe
  2⤵
  PID:5880
- C:\Windows\System\uPLuFyu.exe
  C:\Windows\System\uPLuFyu.exe
  2⤵
  PID:14260
- C:\Windows\System\NRFyHqv.exe
  C:\Windows\System\NRFyHqv.exe
  2⤵
  PID:12760
- C:\Windows\System\kjeOfbg.exe
  C:\Windows\System\kjeOfbg.exe
  2⤵
  PID:14060
- C:\Windows\System\lHJTHWX.exe
  C:\Windows\System\lHJTHWX.exe
  2⤵
  PID:13556
- C:\Windows\System\jqzTrDk.exe
  C:\Windows\System\jqzTrDk.exe
  2⤵
  PID:10744
- C:\Windows\System\TepkeHe.exe
  C:\Windows\System\TepkeHe.exe
  2⤵
  PID:14344
- C:\Windows\System\TShkCUt.exe
  C:\Windows\System\TShkCUt.exe
  2⤵
  PID:14376
- C:\Windows\System\VOqDTAm.exe
  C:\Windows\System\VOqDTAm.exe
  2⤵
  PID:14408
- C:\Windows\System\DVNKcWZ.exe
  C:\Windows\System\DVNKcWZ.exe
  2⤵
  PID:14436
- C:\Windows\System\DIdTfdI.exe
  C:\Windows\System\DIdTfdI.exe
  2⤵
  PID:14464
- C:\Windows\System\YqHGtKa.exe
  C:\Windows\System\YqHGtKa.exe
  2⤵
  PID:14492
- C:\Windows\System\lQBhyip.exe
  C:\Windows\System\lQBhyip.exe
  2⤵
  PID:14524
- C:\Windows\System\XVLJCVu.exe
  C:\Windows\System\XVLJCVu.exe
  2⤵
  PID:14552
- C:\Windows\System\yjndyxQ.exe
  C:\Windows\System\yjndyxQ.exe
  2⤵
  PID:14580
- C:\Windows\System\nqHqlBS.exe
  C:\Windows\System\nqHqlBS.exe
  2⤵
  PID:14608
- C:\Windows\System\VgcFMEv.exe
  C:\Windows\System\VgcFMEv.exe
  2⤵
  PID:14636
- C:\Windows\System\CJlIynq.exe
  C:\Windows\System\CJlIynq.exe
  2⤵
  PID:14664
- C:\Windows\System\oAQLKmZ.exe
  C:\Windows\System\oAQLKmZ.exe
  2⤵
  PID:14692
- C:\Windows\System\FhzRMkH.exe
  C:\Windows\System\FhzRMkH.exe
  2⤵
  PID:14720
- C:\Windows\System\gLCqBfq.exe
  C:\Windows\System\gLCqBfq.exe
  2⤵
  PID:14748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BMyVNJK.exe

Filesize
6.0MB

MD5
539a2ed475697014536e733bb68fce80

SHA1
01887f2f3d207536be4b4621ab3e1ceea2334afc

SHA256
cee83883b7d8f3c40f953b28feb85a8d5423f740207373ae424f3aab87786de2

SHA512
db2b228dad74f6f2419fff2428775daf6c66a715ddbd6a77bec7bdda87ccd2bb592f631c9d6ef9132777abf2cbe32d2a127505dd1357eaa68ff2d07242a849b0

Download Submit
C:\Windows\System\BgZuAnm.exe

Filesize
6.0MB

MD5
389a69840d3d1c8b3fffffb7999d0c1e

SHA1
8e739cc6be4a922f99300bc9ed7e3d08d94a0969

SHA256
dab3d31b53a7ba9d48bcca16ad8b38ca8b41e9f23dfbe541516e57978af12359

SHA512
87e45fe798595f048cd60bc24230130b7f63d0d804f8bae8c57794fbd5f2e70c5190bbd4f75a25b1009b3bb975d2f07bdf8d9520363d8888f79654f5df295c71

Download Submit
C:\Windows\System\BteADQp.exe

Filesize
6.0MB

MD5
3eec18d3c2cdb586bacb9d015d2dba1a

SHA1
b1f36808518d8452a69a914392d1167b3e693dd3

SHA256
9c982696078edd54c713059684ad009f63827d6c337f33d68eea84ea72709ac9

SHA512
0a5517c33fb2902f5ead2e12f782fb0ae2188e3854949edd2217e893c4264c4bfb52cd325a8540e257efc11b2ad2174ecc3e4576d0f8b6f79c356389e889334a

Download Submit
C:\Windows\System\CIwjfwi.exe

Filesize
6.0MB

MD5
302292b5007e4027e351c79e26cfb1bb

SHA1
b96d16a15e25d9aa44a1a57678dcd535500334eb

SHA256
1deaa8676f1eff77869d8601d912e555c8686ef0d2d75eb9a604bced51d34b03

SHA512
bc35da3d9d430f82a9e41867f58d9ed76b523d2252da1751499f81f1fc8178e21debe104953fa8079724d377101c91613c752121c5177e6e4c105bc38879bff7

Download Submit
C:\Windows\System\FAiLzQA.exe

Filesize
6.0MB

MD5
2ae137a3f0a6c92d4c5961ad57cd2833

SHA1
6cbaf4822afd7c33432469cfc312145e7e78b1a2

SHA256
f3c44b9e6a0058b0792b90f605e26f5ed74f0debfbdb67a18b89c218bdad51e1

SHA512
e52412d78ea3430903e0d8fbf23e72ee600f3df11ba23aafbd0e36c713520de5560b2d868e072bda8852d2137f849b3bdce518f61a18a47479f4c2c2c4848bd9

Download Submit
C:\Windows\System\HDXqBIo.exe

Filesize
6.0MB

MD5
393440ee57243a4fc6498d08b416dfda

SHA1
788c8a07de5dc117929e7dd7952f3f3ea7344795

SHA256
4589fe4a359efcc006d6db4e26f6a13cb833dab3964daa74c7c91e37562ba321

SHA512
6af765ac5bb1f6628908a7718c683a65c1b1ae66ee760151f5c6328d2adfa3e3e1d7e491eedc7047d5aa71cab4c42dc8f6d06e5c9d4b27a983b41527c3219f3a

Download Submit
C:\Windows\System\HdJoLfi.exe

Filesize
6.0MB

MD5
f6c48101fe13b8b42df0a0e9d9efc09b

SHA1
45546f5793e0d116d35fd576347aba79ffd21361

SHA256
bda76922d6b751c012966d867b67d518edfefd8ef46d61553f4d83382cbe3f2c

SHA512
c561bf1e866eb80f6afd34751a72b36c754e1b2116935dccf63dc17c7f0d35eddf3d4002bd3b8f264edb72936a74749a4aa2da262d1abbaa275b14dea9d18e67

Download Submit
C:\Windows\System\IHNAJxY.exe

Filesize
6.0MB

MD5
07a191cd543acffa8dced2bdb86eab12

SHA1
4ffe4a79e9a1a776f3d81d0e2bd43f94e3363468

SHA256
e708a0e9f681e0e72198cd287bf96008f709cfb905905601d15d7573412c7837

SHA512
2ea90a65eed3c44763d63092b3f616d167a341b0dc486dc7b7adeab87050a1a2d680df01a1a55d38b0d9d34a39cb9ec399b1d5b284d72557e11e9bf0d254a7c6

Download Submit
C:\Windows\System\KFjhVsP.exe

Filesize
6.0MB

MD5
b8c5fe4f208ce2773f083871166cc2d0

SHA1
3b2bfeaaacb310565f865909be313b22524e2077

SHA256
5f3f1f19c2955a044361cb1ce7c011cebcc1383295c3ba6ed1d5f86d5816a09d

SHA512
8a5d5b162c23f176be142e7aa1d3995326a9df19701c109b7fdbbf1a841cce4c61d775ede20114156cf8b54d9e83d4d17eb234d1e95626bd5be2823b4732e17b

Download Submit
C:\Windows\System\NEIJxIr.exe

Filesize
6.0MB

MD5
a15ebd23770944361dbd84ee7362888c

SHA1
15ec47a66f5f2005cb5aaebd1effcbeda59c84ce

SHA256
d4dbe2b73585601630069e4cb5f916f63a817a9baed2cabf525b1bb8a05d5cd1

SHA512
4af16a16f9d43f6d85dfefa9abec507a73cd25698a20c6832733aadc4ea39012ade56e952bd12d85066c59e5dce8ba878542a5a311825174e561e7fbafc1d2af

Download Submit
C:\Windows\System\NGbgQtQ.exe

Filesize
6.0MB

MD5
3576a999b9135def4f2792c5372df7fe

SHA1
77b5602b902879e89c1201d0f00a46a1ae6dbaed

SHA256
1fcd39e349629e3ef4e4c8123ec76631592d43ff984a37c0a7869d3d5d401bbf

SHA512
1b961063db17ae1e35371ec7c2d2ed6718010a6a6c54d2cb68b94e06a2741e341f6b8420eb0d6f17de7c9be16534f2b4055e40173fcdaf6d087a40c37ae7b974

Download Submit
C:\Windows\System\OmjHSfK.exe

Filesize
6.0MB

MD5
705b84ec761c8f0ad4d6893775cac735

SHA1
6b13b7075ea55adef522dc1e72bf2e33d3ee0653

SHA256
8a5bbcdd0eaf553fc29a290880ab15d09447ee76472e8ab4f752b498feb94f63

SHA512
8c0a3707bafcd9501d9379b6cb4b6b841eaaaf785524147abca45841616aaf29c38daa5a31f5ff1d300bef7cef3d8416f22de20c095c5f8d89208a9d7927703b

Download Submit
C:\Windows\System\QHsMlEJ.exe

Filesize
6.0MB

MD5
1ee4b59266af45eb16c98080718e96ae

SHA1
022e47ddcb83586c91f4cd1fd6a8d5430d0d22b2

SHA256
ab7d0af9af85f5cfa0707ca05042d822870da13787c1b114aa95512f13219cdf

SHA512
d0b20feb059350a14c1896a10484e4853e49cec206a9993075c42b56512f86fea299830e730f21f63cdee7c1fd3a364b5819aea0dcbba35976c2223d9bf3d286

Download Submit
C:\Windows\System\QKeWqTf.exe

Filesize
6.0MB

MD5
ec50a7033b5510c404a0e7e4823ad857

SHA1
289c025082fdded7d42b330ca271d65f99ea2b3d

SHA256
74150919243651da913152418acaa55b37f0451427b2c83204be495900e1b190

SHA512
3a70226b653c966d89954c2a1bc6fc19c4df5dfd5ceb7c570d4dbdc4217e9250b89f79ea503e52aa1efc670fc08a0dcd6956c4d5e459c85b8fe9512f5cce9086

Download Submit
C:\Windows\System\RMiHflY.exe

Filesize
6.0MB

MD5
a1e8def4e7d07f8bdf641cd287888db4

SHA1
8afd4ab7708dcb405efa3129c755f541fd67c9e1

SHA256
fd57cf09cccbaf39a92fab510a31011a9cf95cceb3fa4c8ee8c2c51357c4a0f7

SHA512
a87da4a1a36f57a2a459861455c005474c28bbea5fae4283e0fc98b5d6d54f674d3209d64f83212554816a35fe9db11fb44e0db880e088108cd76e6233e49307

Download Submit
C:\Windows\System\RzYfjjI.exe

Filesize
6.0MB

MD5
c03881abc7117988d31e6e6996e83e06

SHA1
33a95b2d3c507c9b1e88bf71098cc790dd39349a

SHA256
1786143336dbae64345e38851a07af0ce6b8168475c54056a99e051fb39ec2af

SHA512
f454a62ffeba67126dacab53275393c5b019f69c73bd0a0ec270abf386f5d077a32848275cfcb8181181fef1a5b9ac3312aeff786edec8c6d045e7a2b0a0d165

Download Submit
C:\Windows\System\SYSLamD.exe

Filesize
6.0MB

MD5
2db17c79601b006c55c4866d5db48796

SHA1
bc9061d41374584b0058ed03be663b11c5b62f24

SHA256
793ec0b5d2ed50645867f7fe9699505af40fde06f8d60651cea677fbb749c08a

SHA512
2674fdae9cc9a5a4536335d4225d08a020a40cececd2d66a44c306071cd6deb6d3a04acade68c3f124fc4b19679374d258ef2f174cc9bce3f4643522a585ea5e

Download Submit
C:\Windows\System\UEdfjAC.exe

Filesize
6.0MB

MD5
9b394e56692c13d054fb4e478d9927eb

SHA1
424c4a46149ff16f32fef1e2d4a681e0cc5234ea

SHA256
67a66a3db3464df7ee1f69c58c6db588619cc8fd678f718c718461b7f5306b6c

SHA512
de4ccd0e4f2fe3a28c93c82d9433918d06865f629528d9391955ad8b164b32d1c2684b78ba306fcf6b683550325b0483c42abf0efbb9e1d95ea50ece36330878

Download Submit
C:\Windows\System\VmYSsvo.exe

Filesize
6.0MB

MD5
3d0ac81daf439d0350110d91dfbad53b

SHA1
0aba6436289651cf348b4dafd82a5aa7e2c3c45f

SHA256
8aa58992de6f02af1dab8454387f38c98e160cdc5da1cc781cc13f20557efad7

SHA512
db5a8a2ab3989054598f04ea7a5ffd801991839ad0d0c20cf730e49a5d6bb473e45c7bc967b4001db74f873af2238d21d7911d618d82fb3f032229c2e6fc1c63

Download Submit
C:\Windows\System\byzTTxx.exe

Filesize
6.0MB

MD5
99a1352f39c52a800e642cda4fd0c7ee

SHA1
c9152b6891937c3a783e4dd2b42f3cb22d7f1f78

SHA256
e4caff18b823ebdf0ae4ed2e3e9a55661a039ff056bfcc2a89568152d9240f11

SHA512
42a049183489ed4ac7546b06a37378e0f23ce32d30f9c887059be8d42f50cfbfed265e790c6b895a329376b2127e0834ed8c3a89bd292b4059c77d70b9a1d776

Download Submit
C:\Windows\System\eviCyYB.exe

Filesize
6.0MB

MD5
8af2f7d132f3590e0542b2db8339af0c

SHA1
71ba4db05d4da7e74408686601a46bbfebe4fab2

SHA256
3f492ed0f8bb4c342fd780716b0b55e2cdeb766c8c3d8864f377f9d8f6aeb0ea

SHA512
b0150d120ac46a6c031f37fb3ce555d1ee6d6f4a3d497966df003519486f438887d971d80de0bbb0849d09a3cc79fdb489700939a6a0ba0f6f1e5dd2be3aba00

Download Submit
C:\Windows\System\fEtYTwl.exe

Filesize
6.0MB

MD5
a663016a3aea4f1d0382a252f862209c

SHA1
b5653dd332283087783e3ac1917f5000bedb3da2

SHA256
ae96beec803b016ace19458f680faad6eec090ed72a39376fedf1fc536e9b3e1

SHA512
217498c4b9f284fe01554825140d316034307656abd7711685beaccee8b1eb8a3e97bbe9d24deed7bfffd394d7ace91fcdd5e524cc8aefdace0fc1b8098a99dd

Download Submit
C:\Windows\System\fsFAhqT.exe

Filesize
6.0MB

MD5
64ceebbc5126a00f6fbd5de5797a2b13

SHA1
b6d61372093534be865cbe1902ce305c4b1daeeb

SHA256
afb628a5914ce8936a9b2051395c980ce30b3d6e161f9654d40a250df1c81e9e

SHA512
339a15e346b244c7333c429799ddd45b034b6d1bd093f54f3a171d71d9d17a8717017ecc19852df78aca70113f9a1aaecc5dff792d91f38a07f25afcfe2d6e09

Download Submit
C:\Windows\System\gyAcdwp.exe

Filesize
6.0MB

MD5
c6886cbbdccaea544f4938a971520175

SHA1
101bed62ea2aa413a2b861c5929d508b758a6c1f

SHA256
5a42389c6bee42300aa9fd2526da52ef855884c60daabe723d4c17034636fc00

SHA512
da9e00b23adc8c3f445c7d3c0c0cb33b3d503cf9e0e28f1e719aa4756663868f389a46cd04adc4fd5d655bc40d1319d57e82238cbde3b9021ce222e1995e37d5

Download Submit
C:\Windows\System\iLuPffX.exe

Filesize
6.0MB

MD5
9e36620cff97fe334d9810829cb6b0a2

SHA1
422ae8664d143abe82e53bf2939fbcd8ebd6f4b3

SHA256
028ee74f436b51ce8352786496c6b7a7d1b8abf2a437b5b034e34262255ff942

SHA512
bd081f9d957ec4ad24983009529e29629421f579d3c78cf52110f648cab37ee28def1899356bbc8dd0cfcb446edc1b7421d7afea1230643454d89bccb0d43162

Download Submit
C:\Windows\System\mFxXEry.exe

Filesize
6.0MB

MD5
ac41f5305cca19506496618dc885680e

SHA1
657015e59e41fd6c5034cecaaac32fd3cf852bc1

SHA256
43f74d5b349d741931ad1cfe14a4298d7860ea2f9a42a06a9b68ebe5e4537608

SHA512
c34e92059cd4f4083eb5dd894015ca7a5e606e85dbcf500363196f77489e4d1b19175e85410c5c3d98f60fc9e327a7c5a8ad9ea7bf8dc32bcfcd5adaa6f48eee

Download Submit
C:\Windows\System\nFIzGke.exe

Filesize
6.0MB

MD5
7d075f79ae65b8dfcf0e239f34e54d1c

SHA1
0fe6051310ce26ecc24b0c886fc7c4c23e4cc0e7

SHA256
e532ad169c22bf0c565a58042a0687e1320452a3d3a3dfdc3ed41888596850a6

SHA512
782ef68d57de727072690b78cb7fe9d6027108e62af4c7e09bc28aa7ef49f650b0fb9f18bb02aafbbc643553fa4f141145f4a144927e059491cab2de9a2198a7

Download Submit
C:\Windows\System\oYQQHZC.exe

Filesize
6.0MB

MD5
26494026334343b0f2e7fae5a4b2889a

SHA1
9a4de2db87d6ecddcf19b133acda87765b902556

SHA256
a9a24514dc265ee83863caa9ad826b96360b457a9d22e4d27d4c08cfd050431e

SHA512
498cd509ef3568fd44af8555596fb041cbd6163b890319ada7406128a8f517fdf4af13809f598621ab135c2386c11b0a345f6147b8419d9128e88468e1441506

Download Submit
C:\Windows\System\oiFlldu.exe

Filesize
6.0MB

MD5
989387b8d36e96662d1afde135fcf595

SHA1
8b7f481162bfa3a3d95b041c8cb2e32bf4c19ff6

SHA256
fd295ad1d3183c521837b7486679213b45b77b5bbfb2c6e2fe1b15c2ae517b35

SHA512
56b17747b233e834c2d00bd14153b0db8dfefe50cda4e3fe4df37dce7e8b0af4320c2cd7723f9b4ce5b506a4fa1ab1fe992a609b9f632533dd23bf9430971d9f

Download Submit
C:\Windows\System\pownxjC.exe

Filesize
6.0MB

MD5
a990d9811c33a91b2e44b1daadbb08a6

SHA1
8299832500e7d796584d0af0e2812648afa38cf6

SHA256
887d1bfce5e658cbe810e6d09082d0c81fae4394e0cb8193f2b376a2b7080b67

SHA512
1e236383911890a1458ca7bd087a8276f13e86aa60d2c262e1e9c02b8001597c5b06ac889c660fca494abf981adf536a8d5fddcd0a2ce5d84ca550fe85840390

Download Submit
C:\Windows\System\tbqSojr.exe

Filesize
6.0MB

MD5
16d6d562096d448fe9c08c2b2800d995

SHA1
f922f124a4792406f2c31084a957d1ebd7782026

SHA256
a181457358139639cdaa7f22d0022d21c4b642841520ceb51b6dd6781bd42d62

SHA512
450dcbd45cbede1e37754c67032313cb8861443de7a1cf8e866852b73e13ae0971eed2bee127a51fe48b61ba00ef311c7dc3d3c852a285f167f95f7bd206c6fb

Download Submit
C:\Windows\System\uiiciVK.exe

Filesize
6.0MB

MD5
258530336d1a562c2d3e4af8c1a4049f

SHA1
081164989916f22a071b80a7c3044725f49ed055

SHA256
3f0f12ac92a6a13ee8774d6baa528950d9ec61a1b71ccc25a8d69f7a8a1e585d

SHA512
cd00754121605015316d140053dc7d270306b09355140ea43ecf01ee3e39bc1d916ca893de4cbf0a557a7c5582b2a589d3e372d27c39c55944449bfb4e4b68bc

Download Submit
C:\Windows\System\xYjhcqA.exe

Filesize
6.0MB

MD5
1a40f40dae07dbb72c277e582d77775a

SHA1
0d4a5016c70d804524eb0abb1c88693cc63c8122

SHA256
840ede8bfd3527ee034254aaf9ae8d30d6eebf15be1e502d98620238db12d0b2

SHA512
e866b4ec4229420dd5fdc51c85114d737b756d081e5a156ac090379f22373f11b1febb6105aa44ef1fc39faffc5dfb5862955656d6231a616eac67ff0e46a24a

Download Submit
memory/216-2281-0x00007FF626E40000-0x00007FF627194000-memory.dmp

Filesize
3.3MB

Download
memory/216-1131-0x00007FF626E40000-0x00007FF627194000-memory.dmp

Filesize
3.3MB

Download
memory/216-172-0x00007FF626E40000-0x00007FF627194000-memory.dmp

Filesize
3.3MB

Download
memory/488-2278-0x00007FF6C85B0000-0x00007FF6C8904000-memory.dmp

Filesize
3.3MB

Download
memory/488-180-0x00007FF6C85B0000-0x00007FF6C8904000-memory.dmp

Filesize
3.3MB

Download
memory/488-109-0x00007FF6C85B0000-0x00007FF6C8904000-memory.dmp

Filesize
3.3MB

Download
memory/492-62-0x00007FF67FB20000-0x00007FF67FE74000-memory.dmp

Filesize
3.3MB

Download
memory/492-1945-0x00007FF67FB20000-0x00007FF67FE74000-memory.dmp

Filesize
3.3MB

Download
memory/492-12-0x00007FF67FB20000-0x00007FF67FE74000-memory.dmp

Filesize
3.3MB

Download
memory/532-1940-0x00007FF6B2470000-0x00007FF6B27C4000-memory.dmp

Filesize
3.3MB

Download
memory/532-55-0x00007FF6B2470000-0x00007FF6B27C4000-memory.dmp

Filesize
3.3MB

Download
memory/532-6-0x00007FF6B2470000-0x00007FF6B27C4000-memory.dmp

Filesize
3.3MB

Download
memory/560-2280-0x00007FF664DE0000-0x00007FF665134000-memory.dmp

Filesize
3.3MB

Download
memory/560-181-0x00007FF664DE0000-0x00007FF665134000-memory.dmp

Filesize
3.3MB

Download
memory/560-1197-0x00007FF664DE0000-0x00007FF665134000-memory.dmp

Filesize
3.3MB

Download
memory/900-1265-0x00007FF6153F0000-0x00007FF615744000-memory.dmp

Filesize
3.3MB

Download
memory/900-2285-0x00007FF6153F0000-0x00007FF615744000-memory.dmp

Filesize
3.3MB

Download
memory/900-185-0x00007FF6153F0000-0x00007FF615744000-memory.dmp

Filesize
3.3MB

Download
memory/1044-146-0x00007FF6CA8F0000-0x00007FF6CAC44000-memory.dmp

Filesize
3.3MB

Download
memory/1044-961-0x00007FF6CA8F0000-0x00007FF6CAC44000-memory.dmp

Filesize
3.3MB

Download
memory/1044-2279-0x00007FF6CA8F0000-0x00007FF6CAC44000-memory.dmp

Filesize
3.3MB

Download
memory/1380-131-0x00007FF612820000-0x00007FF612B74000-memory.dmp

Filesize
3.3MB

Download
memory/1380-65-0x00007FF612820000-0x00007FF612B74000-memory.dmp

Filesize
3.3MB

Download
memory/1616-152-0x00007FF609230000-0x00007FF609584000-memory.dmp

Filesize
3.3MB

Download
memory/1616-84-0x00007FF609230000-0x00007FF609584000-memory.dmp

Filesize
3.3MB

Download
memory/1616-2270-0x00007FF609230000-0x00007FF609584000-memory.dmp

Filesize
3.3MB

Download
memory/1732-1946-0x00007FF64E9A0000-0x00007FF64ECF4000-memory.dmp

Filesize
3.3MB

Download
memory/1732-21-0x00007FF64E9A0000-0x00007FF64ECF4000-memory.dmp

Filesize
3.3MB

Download
memory/1732-72-0x00007FF64E9A0000-0x00007FF64ECF4000-memory.dmp

Filesize
3.3MB

Download
memory/2004-42-0x00007FF635210000-0x00007FF635564000-memory.dmp

Filesize
3.3MB

Download
memory/2004-2132-0x00007FF635210000-0x00007FF635564000-memory.dmp

Filesize
3.3MB

Download
memory/2004-104-0x00007FF635210000-0x00007FF635564000-memory.dmp

Filesize
3.3MB

Download
memory/2516-119-0x00007FF6A2870000-0x00007FF6A2BC4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-2272-0x00007FF6A2870000-0x00007FF6A2BC4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-95-0x00007FF76DC10000-0x00007FF76DF64000-memory.dmp

Filesize
3.3MB

Download
memory/2816-36-0x00007FF76DC10000-0x00007FF76DF64000-memory.dmp

Filesize
3.3MB

Download
memory/2816-2129-0x00007FF76DC10000-0x00007FF76DF64000-memory.dmp

Filesize
3.3MB

Download
memory/2856-2284-0x00007FF63A7E0000-0x00007FF63AB34000-memory.dmp

Filesize
3.3MB

Download
memory/2856-962-0x00007FF63A7E0000-0x00007FF63AB34000-memory.dmp

Filesize
3.3MB

Download
memory/2856-156-0x00007FF63A7E0000-0x00007FF63AB34000-memory.dmp

Filesize
3.3MB

Download
memory/2872-96-0x00007FF664F20000-0x00007FF665274000-memory.dmp

Filesize
3.3MB

Download
memory/2872-164-0x00007FF664F20000-0x00007FF665274000-memory.dmp

Filesize
3.3MB

Download
memory/2872-2273-0x00007FF664F20000-0x00007FF665274000-memory.dmp

Filesize
3.3MB

Download
memory/2940-74-0x00007FF79C460000-0x00007FF79C7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-2269-0x00007FF79C460000-0x00007FF79C7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-141-0x00007FF79C460000-0x00007FF79C7B4000-memory.dmp

Filesize
3.3MB

Download
memory/3512-1037-0x00007FF674C30000-0x00007FF674F84000-memory.dmp

Filesize
3.3MB

Download
memory/3512-2282-0x00007FF674C30000-0x00007FF674F84000-memory.dmp

Filesize
3.3MB

Download
memory/3512-171-0x00007FF674C30000-0x00007FF674F84000-memory.dmp

Filesize
3.3MB

Download
memory/3592-56-0x00007FF78AEB0000-0x00007FF78B204000-memory.dmp

Filesize
3.3MB

Download
memory/3592-125-0x00007FF78AEB0000-0x00007FF78B204000-memory.dmp

Filesize
3.3MB

Download
memory/3848-73-0x00007FF76EEF0000-0x00007FF76F244000-memory.dmp

Filesize
3.3MB

Download
memory/3848-2268-0x00007FF76EEF0000-0x00007FF76F244000-memory.dmp

Filesize
3.3MB

Download
memory/3848-140-0x00007FF76EEF0000-0x00007FF76F244000-memory.dmp

Filesize
3.3MB

Download
memory/3896-53-0x00007FF62F680000-0x00007FF62F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/3896-118-0x00007FF62F680000-0x00007FF62F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/4000-135-0x00007FF60C670000-0x00007FF60C9C4000-memory.dmp

Filesize
3.3MB

Download
memory/4000-2275-0x00007FF60C670000-0x00007FF60C9C4000-memory.dmp

Filesize
3.3MB

Download
memory/4000-890-0x00007FF60C670000-0x00007FF60C9C4000-memory.dmp

Filesize
3.3MB

Download
memory/4156-87-0x00007FF760820000-0x00007FF760B74000-memory.dmp

Filesize
3.3MB

Download
memory/4156-157-0x00007FF760820000-0x00007FF760B74000-memory.dmp

Filesize
3.3MB

Download
memory/4156-2271-0x00007FF760820000-0x00007FF760B74000-memory.dmp

Filesize
3.3MB

Download
memory/4344-194-0x00007FF73F5E0000-0x00007FF73F934000-memory.dmp

Filesize
3.3MB

Download
memory/4344-1328-0x00007FF73F5E0000-0x00007FF73F934000-memory.dmp

Filesize
3.3MB

Download
memory/4344-2283-0x00007FF73F5E0000-0x00007FF73F934000-memory.dmp

Filesize
3.3MB

Download
memory/4368-2274-0x00007FF775C60000-0x00007FF775FB4000-memory.dmp

Filesize
3.3MB

Download
memory/4368-165-0x00007FF775C60000-0x00007FF775FB4000-memory.dmp

Filesize
3.3MB

Download
memory/4368-108-0x00007FF775C60000-0x00007FF775FB4000-memory.dmp

Filesize
3.3MB

Download
memory/4560-24-0x00007FF6F1B10000-0x00007FF6F1E64000-memory.dmp

Filesize
3.3MB

Download
memory/4560-1950-0x00007FF6F1B10000-0x00007FF6F1E64000-memory.dmp

Filesize
3.3MB

Download
memory/4560-76-0x00007FF6F1B10000-0x00007FF6F1E64000-memory.dmp

Filesize
3.3MB

Download
memory/4628-2126-0x00007FF732F60000-0x00007FF7332B4000-memory.dmp

Filesize
3.3MB

Download
memory/4628-32-0x00007FF732F60000-0x00007FF7332B4000-memory.dmp

Filesize
3.3MB

Download
memory/4696-193-0x00007FF6A1DC0000-0x00007FF6A2114000-memory.dmp

Filesize
3.3MB

Download
memory/4696-124-0x00007FF6A1DC0000-0x00007FF6A2114000-memory.dmp

Filesize
3.3MB

Download
memory/4696-2277-0x00007FF6A1DC0000-0x00007FF6A2114000-memory.dmp

Filesize
3.3MB

Download
memory/4952-158-0x00007FF6F21D0000-0x00007FF6F2524000-memory.dmp

Filesize
3.3MB

Download
memory/4952-990-0x00007FF6F21D0000-0x00007FF6F2524000-memory.dmp

Filesize
3.3MB

Download
memory/4952-2286-0x00007FF6F21D0000-0x00007FF6F2524000-memory.dmp

Filesize
3.3MB

Download
memory/5032-0-0x00007FF72AC80000-0x00007FF72AFD4000-memory.dmp

Filesize
3.3MB

Download
memory/5032-49-0x00007FF72AC80000-0x00007FF72AFD4000-memory.dmp

Filesize
3.3MB

Download
memory/5032-1-0x000001D0CA650000-0x000001D0CA660000-memory.dmp

Filesize
64KB

Download
memory/5104-2276-0x00007FF779570000-0x00007FF7798C4000-memory.dmp

Filesize
3.3MB

Download
memory/5104-139-0x00007FF779570000-0x00007FF7798C4000-memory.dmp

Filesize
3.3MB

Download
memory/5104-893-0x00007FF779570000-0x00007FF7798C4000-memory.dmp

Filesize
3.3MB

Download