cobaltstrike | d2a55c6f48aea50d2abd74e8dbf049618f68b684689829d6cffdbe365c87c7a3

Analysis

max time kernel
114s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18/11/2024, 07:49 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

a896b4e36fb3ac7ca11076694d342e92
SHA1

3bb0ba5e6d44c22b43d0cacae647ad616fcffc6c
SHA256

d2a55c6f48aea50d2abd74e8dbf049618f68b684689829d6cffdbe365c87c7a3
SHA512

0e5e2054d06de48330c9e15f436fba2e0305011f954c80818799e9d41e7a6977485e10a17142493a5bb69bfc134980b6cf864f49a0da7fd125a8d0638e9e935b
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUh:T+q56utgpPF8u/7h

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000c000000023b60-5.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b64-9.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b65-17.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b66-22.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b67-26.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b69-46.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6c-61.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6e-70.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6f-76.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023b71-86.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b73-95.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b74-102.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b77-111.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7a-127.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7b-135.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b81-163.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b82-169.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b80-167.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7f-161.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7e-159.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7d-157.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7c-152.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b79-131.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b78-124.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b76-113.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b75-112.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023b72-91.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023b70-81.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6d-66.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6b-56.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6a-51.dat	cobalt_reflective_dll
behavioral2/files/0x000c000000023b61-42.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b68-39.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2180-0-0x00007FF7F5600000-0x00007FF7F5954000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b60-5.dat	xmrig
behavioral2/files/0x000a000000023b64-9.dat	xmrig
behavioral2/files/0x000a000000023b65-17.dat	xmrig
behavioral2/memory/420-8-0x00007FF6AFCD0000-0x00007FF6B0024000-memory.dmp	xmrig
behavioral2/memory/616-19-0x00007FF6C6180000-0x00007FF6C64D4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b66-22.dat	xmrig
behavioral2/memory/3512-24-0x00007FF6A4A00000-0x00007FF6A4D54000-memory.dmp	xmrig
behavioral2/memory/576-23-0x00007FF61E6B0000-0x00007FF61EA04000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b67-26.dat	xmrig
behavioral2/memory/812-28-0x00007FF64F380000-0x00007FF64F6D4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b69-46.dat	xmrig
behavioral2/files/0x000a000000023b6c-61.dat	xmrig
behavioral2/files/0x000a000000023b6e-70.dat	xmrig
behavioral2/files/0x000a000000023b6f-76.dat	xmrig
behavioral2/files/0x0031000000023b71-86.dat	xmrig
behavioral2/files/0x000a000000023b73-95.dat	xmrig
behavioral2/files/0x000a000000023b74-102.dat	xmrig
behavioral2/files/0x000a000000023b77-111.dat	xmrig
behavioral2/files/0x000a000000023b7a-127.dat	xmrig
behavioral2/files/0x000a000000023b7b-135.dat	xmrig
behavioral2/files/0x000a000000023b81-163.dat	xmrig
behavioral2/memory/4504-601-0x00007FF78BCE0000-0x00007FF78C034000-memory.dmp	xmrig
behavioral2/memory/116-609-0x00007FF6BEAD0000-0x00007FF6BEE24000-memory.dmp	xmrig
behavioral2/memory/4532-613-0x00007FF6B9F50000-0x00007FF6BA2A4000-memory.dmp	xmrig
behavioral2/memory/2600-624-0x00007FF7C4D10000-0x00007FF7C5064000-memory.dmp	xmrig
behavioral2/memory/4016-648-0x00007FF796440000-0x00007FF796794000-memory.dmp	xmrig
behavioral2/memory/3792-689-0x00007FF6D8ED0000-0x00007FF6D9224000-memory.dmp	xmrig
behavioral2/memory/3504-682-0x00007FF6A75B0000-0x00007FF6A7904000-memory.dmp	xmrig
behavioral2/memory/3848-678-0x00007FF657F00000-0x00007FF658254000-memory.dmp	xmrig
behavioral2/memory/1556-675-0x00007FF70E9E0000-0x00007FF70ED34000-memory.dmp	xmrig
behavioral2/memory/2724-668-0x00007FF7A6360000-0x00007FF7A66B4000-memory.dmp	xmrig
behavioral2/memory/2692-664-0x00007FF6F7D20000-0x00007FF6F8074000-memory.dmp	xmrig
behavioral2/memory/1116-659-0x00007FF762320000-0x00007FF762674000-memory.dmp	xmrig
behavioral2/memory/1508-654-0x00007FF6F8A30000-0x00007FF6F8D84000-memory.dmp	xmrig
behavioral2/memory/644-644-0x00007FF67DBE0000-0x00007FF67DF34000-memory.dmp	xmrig
behavioral2/memory/2008-639-0x00007FF7E8710000-0x00007FF7E8A64000-memory.dmp	xmrig
behavioral2/memory/3472-636-0x00007FF62E8A0000-0x00007FF62EBF4000-memory.dmp	xmrig
behavioral2/memory/3836-630-0x00007FF6061E0000-0x00007FF606534000-memory.dmp	xmrig
behavioral2/memory/4508-622-0x00007FF6EC9F0000-0x00007FF6ECD44000-memory.dmp	xmrig
behavioral2/memory/3964-618-0x00007FF63DE90000-0x00007FF63E1E4000-memory.dmp	xmrig
behavioral2/memory/468-612-0x00007FF6E5DF0000-0x00007FF6E6144000-memory.dmp	xmrig
behavioral2/memory/1280-611-0x00007FF646790000-0x00007FF646AE4000-memory.dmp	xmrig
behavioral2/memory/3008-610-0x00007FF752DC0000-0x00007FF753114000-memory.dmp	xmrig
behavioral2/memory/1120-608-0x00007FF696C50000-0x00007FF696FA4000-memory.dmp	xmrig
behavioral2/memory/1440-607-0x00007FF770600000-0x00007FF770954000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b82-169.dat	xmrig
behavioral2/files/0x000a000000023b80-167.dat	xmrig
behavioral2/files/0x000a000000023b7f-161.dat	xmrig
behavioral2/files/0x000a000000023b7e-159.dat	xmrig
behavioral2/files/0x000a000000023b7d-157.dat	xmrig
behavioral2/files/0x000a000000023b7c-152.dat	xmrig
behavioral2/files/0x000a000000023b79-131.dat	xmrig
behavioral2/files/0x000a000000023b78-124.dat	xmrig
behavioral2/files/0x000a000000023b76-113.dat	xmrig
behavioral2/files/0x000a000000023b75-112.dat	xmrig
behavioral2/files/0x0031000000023b72-91.dat	xmrig
behavioral2/files/0x0031000000023b70-81.dat	xmrig
behavioral2/files/0x000a000000023b6d-66.dat	xmrig
behavioral2/files/0x000a000000023b6b-56.dat	xmrig
behavioral2/files/0x000a000000023b6a-51.dat	xmrig
behavioral2/files/0x000c000000023b61-42.dat	xmrig
behavioral2/files/0x000a000000023b68-39.dat	xmrig
behavioral2/memory/2180-956-0x00007FF7F5600000-0x00007FF7F5954000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
420	EKgncJl.exe
616	wbVLzWo.exe
3512	kUsaaxs.exe
576	QjZJJqe.exe
812	JKtWROV.exe
4504	GmCnrlz.exe
3792	XbWLgTA.exe
1440	iDwFhDm.exe
1120	kxeEizG.exe
116	RHBXEXU.exe
3008	IKvhXek.exe
1280	UrVKHcc.exe
468	TiCrvgh.exe
4532	ibgjePj.exe
3964	UeqYknN.exe
4508	QnHtCZt.exe
2600	FiixxWH.exe
3836	GZDfAkk.exe
3472	tkxLpmP.exe
2008	SBOFOxk.exe
644	NRpWLjn.exe
4016	XAoJOGb.exe
1508	YzWTtRh.exe
1116	cKjFQux.exe
2692	GlSzSip.exe
2724	FjVOBxu.exe
1556	StWOjpr.exe
3848	oQKGdVA.exe
3504	IhYqSaf.exe
3564	iOjVASA.exe
3152	nkPFTlZ.exe
3232	XxopqCs.exe
4668	gNpVcTe.exe
4060	REDuYhw.exe
3840	zYvGGxQ.exe
1240	ZWbJYjb.exe
3760	OWhCwlA.exe
2508	oEKUeTn.exe
64	yQFjPJE.exe
4360	xGJwEkO.exe
4768	FHhIiAD.exe
4316	dbEkVqt.exe
2292	bXffTLF.exe
3340	fPAXqdZ.exe
1816	zGjpliX.exe
4856	iKNLIEn.exe
764	qgMUzRf.exe
1820	sPFGVoe.exe
3128	tLBEocX.exe
736	lbxiPFh.exe
3568	wKSBhxl.exe
4760	jfzDtuu.exe
5116	MWvxIqL.exe
3204	pUPvgsK.exe
1188	vokSXxF.exe
4924	qtcNhVe.exe
3360	iWuIDzt.exe
4372	dMaoWiH.exe
2544	auIlvBu.exe
1208	tuughez.exe
4692	yJEZamq.exe
4940	WxAEZus.exe
2312	gYAxOzA.exe
2780	JuVBLVi.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2180-0-0x00007FF7F5600000-0x00007FF7F5954000-memory.dmp	upx
behavioral2/files/0x000c000000023b60-5.dat	upx
behavioral2/files/0x000a000000023b64-9.dat	upx
behavioral2/files/0x000a000000023b65-17.dat	upx
behavioral2/memory/420-8-0x00007FF6AFCD0000-0x00007FF6B0024000-memory.dmp	upx
behavioral2/memory/616-19-0x00007FF6C6180000-0x00007FF6C64D4000-memory.dmp	upx
behavioral2/files/0x000a000000023b66-22.dat	upx
behavioral2/memory/3512-24-0x00007FF6A4A00000-0x00007FF6A4D54000-memory.dmp	upx
behavioral2/memory/576-23-0x00007FF61E6B0000-0x00007FF61EA04000-memory.dmp	upx
behavioral2/files/0x000a000000023b67-26.dat	upx
behavioral2/memory/812-28-0x00007FF64F380000-0x00007FF64F6D4000-memory.dmp	upx
behavioral2/files/0x000a000000023b69-46.dat	upx
behavioral2/files/0x000a000000023b6c-61.dat	upx
behavioral2/files/0x000a000000023b6e-70.dat	upx
behavioral2/files/0x000a000000023b6f-76.dat	upx
behavioral2/files/0x0031000000023b71-86.dat	upx
behavioral2/files/0x000a000000023b73-95.dat	upx
behavioral2/files/0x000a000000023b74-102.dat	upx
behavioral2/files/0x000a000000023b77-111.dat	upx
behavioral2/files/0x000a000000023b7a-127.dat	upx
behavioral2/files/0x000a000000023b7b-135.dat	upx
behavioral2/files/0x000a000000023b81-163.dat	upx
behavioral2/memory/4504-601-0x00007FF78BCE0000-0x00007FF78C034000-memory.dmp	upx
behavioral2/memory/116-609-0x00007FF6BEAD0000-0x00007FF6BEE24000-memory.dmp	upx
behavioral2/memory/4532-613-0x00007FF6B9F50000-0x00007FF6BA2A4000-memory.dmp	upx
behavioral2/memory/2600-624-0x00007FF7C4D10000-0x00007FF7C5064000-memory.dmp	upx
behavioral2/memory/4016-648-0x00007FF796440000-0x00007FF796794000-memory.dmp	upx
behavioral2/memory/3792-689-0x00007FF6D8ED0000-0x00007FF6D9224000-memory.dmp	upx
behavioral2/memory/3504-682-0x00007FF6A75B0000-0x00007FF6A7904000-memory.dmp	upx
behavioral2/memory/3848-678-0x00007FF657F00000-0x00007FF658254000-memory.dmp	upx
behavioral2/memory/1556-675-0x00007FF70E9E0000-0x00007FF70ED34000-memory.dmp	upx
behavioral2/memory/2724-668-0x00007FF7A6360000-0x00007FF7A66B4000-memory.dmp	upx
behavioral2/memory/2692-664-0x00007FF6F7D20000-0x00007FF6F8074000-memory.dmp	upx
behavioral2/memory/1116-659-0x00007FF762320000-0x00007FF762674000-memory.dmp	upx
behavioral2/memory/1508-654-0x00007FF6F8A30000-0x00007FF6F8D84000-memory.dmp	upx
behavioral2/memory/644-644-0x00007FF67DBE0000-0x00007FF67DF34000-memory.dmp	upx
behavioral2/memory/2008-639-0x00007FF7E8710000-0x00007FF7E8A64000-memory.dmp	upx
behavioral2/memory/3472-636-0x00007FF62E8A0000-0x00007FF62EBF4000-memory.dmp	upx
behavioral2/memory/3836-630-0x00007FF6061E0000-0x00007FF606534000-memory.dmp	upx
behavioral2/memory/4508-622-0x00007FF6EC9F0000-0x00007FF6ECD44000-memory.dmp	upx
behavioral2/memory/3964-618-0x00007FF63DE90000-0x00007FF63E1E4000-memory.dmp	upx
behavioral2/memory/468-612-0x00007FF6E5DF0000-0x00007FF6E6144000-memory.dmp	upx
behavioral2/memory/1280-611-0x00007FF646790000-0x00007FF646AE4000-memory.dmp	upx
behavioral2/memory/3008-610-0x00007FF752DC0000-0x00007FF753114000-memory.dmp	upx
behavioral2/memory/1120-608-0x00007FF696C50000-0x00007FF696FA4000-memory.dmp	upx
behavioral2/memory/1440-607-0x00007FF770600000-0x00007FF770954000-memory.dmp	upx
behavioral2/files/0x000a000000023b82-169.dat	upx
behavioral2/files/0x000a000000023b80-167.dat	upx
behavioral2/files/0x000a000000023b7f-161.dat	upx
behavioral2/files/0x000a000000023b7e-159.dat	upx
behavioral2/files/0x000a000000023b7d-157.dat	upx
behavioral2/files/0x000a000000023b7c-152.dat	upx
behavioral2/files/0x000a000000023b79-131.dat	upx
behavioral2/files/0x000a000000023b78-124.dat	upx
behavioral2/files/0x000a000000023b76-113.dat	upx
behavioral2/files/0x000a000000023b75-112.dat	upx
behavioral2/files/0x0031000000023b72-91.dat	upx
behavioral2/files/0x0031000000023b70-81.dat	upx
behavioral2/files/0x000a000000023b6d-66.dat	upx
behavioral2/files/0x000a000000023b6b-56.dat	upx
behavioral2/files/0x000a000000023b6a-51.dat	upx
behavioral2/files/0x000c000000023b61-42.dat	upx
behavioral2/files/0x000a000000023b68-39.dat	upx
behavioral2/memory/2180-956-0x00007FF7F5600000-0x00007FF7F5954000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\QQSLpXa.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oyaYPKP.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ywOmrIi.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uFgTLDn.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Nwjandd.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WvdtvJm.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CAMRoGU.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gcHUYvw.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RpvlfdW.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iLRohaA.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eEoSiqp.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vBwvTKr.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FwuLWkI.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MlIiLnS.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SVvFweI.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sRHAAwY.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\InyPore.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HBgOfzX.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\auIlvBu.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fPtKPBn.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uLUrsUh.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FiixxWH.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wwKUPWl.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YzWTtRh.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QiVFjbJ.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QKIZssb.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KpoSeNE.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GQNAppL.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JZqWVAL.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CyUQoKU.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ogrvEqp.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MsoaptM.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OziBTyI.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UXhMmPz.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\npIsdrO.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XJcRvQQ.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kWuZCMd.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tuiOnwV.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zcGEHOJ.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nEdIEzG.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mrIAhuS.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LJssimb.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ssRIbBD.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EhnNdmS.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PAeYzIX.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Hjibrom.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nbtMVMf.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\itlsjjD.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YNbwYOf.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VBjetaC.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RyzBAhD.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pcFHLQC.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vamkQde.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hNkmfuu.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HcCobZu.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OhFVgGV.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ynxlnFB.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TvNLGym.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ibgjePj.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZsjKUaV.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eQsoqYW.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hPPDzSY.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\naQWWLc.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jtMWMIQ.exe	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 420	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 2180 wrote to memory of 420	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 2180 wrote to memory of 616	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 2180 wrote to memory of 616	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 2180 wrote to memory of 3512	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 2180 wrote to memory of 3512	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 2180 wrote to memory of 576	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 2180 wrote to memory of 576	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 2180 wrote to memory of 812	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 2180 wrote to memory of 812	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 2180 wrote to memory of 4504	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 2180 wrote to memory of 4504	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 2180 wrote to memory of 3792	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 2180 wrote to memory of 3792	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 2180 wrote to memory of 1440	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 2180 wrote to memory of 1440	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 2180 wrote to memory of 1120	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 2180 wrote to memory of 1120	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 2180 wrote to memory of 116	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 2180 wrote to memory of 116	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 2180 wrote to memory of 3008	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 2180 wrote to memory of 3008	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 2180 wrote to memory of 1280	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 2180 wrote to memory of 1280	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 2180 wrote to memory of 468	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 2180 wrote to memory of 468	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 2180 wrote to memory of 4532	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 2180 wrote to memory of 4532	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 2180 wrote to memory of 3964	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 2180 wrote to memory of 3964	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 2180 wrote to memory of 4508	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 2180 wrote to memory of 4508	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 2180 wrote to memory of 2600	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 2180 wrote to memory of 2600	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 2180 wrote to memory of 3836	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 2180 wrote to memory of 3836	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 2180 wrote to memory of 3472	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 2180 wrote to memory of 3472	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 2180 wrote to memory of 2008	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 2180 wrote to memory of 2008	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 2180 wrote to memory of 644	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 2180 wrote to memory of 644	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 2180 wrote to memory of 4016	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 2180 wrote to memory of 4016	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 2180 wrote to memory of 1508	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 2180 wrote to memory of 1508	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 2180 wrote to memory of 1116	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 2180 wrote to memory of 1116	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 2180 wrote to memory of 2692	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 2180 wrote to memory of 2692	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 2180 wrote to memory of 2724	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 2180 wrote to memory of 2724	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 2180 wrote to memory of 1556	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 2180 wrote to memory of 1556	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 2180 wrote to memory of 3848	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 2180 wrote to memory of 3848	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 2180 wrote to memory of 3504	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 2180 wrote to memory of 3504	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 2180 wrote to memory of 3564	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 2180 wrote to memory of 3564	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 2180 wrote to memory of 3152	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 2180 wrote to memory of 3152	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 2180 wrote to memory of 3232	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 2180 wrote to memory of 3232	2180	2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe	116

C:\Users\Admin\AppData\Local\Temp\2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-18_a896b4e36fb3ac7ca11076694d342e92_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Windows\System\EKgncJl.exe
  C:\Windows\System\EKgncJl.exe
  2⤵
  - Executes dropped EXE
  PID:420
- C:\Windows\System\wbVLzWo.exe
  C:\Windows\System\wbVLzWo.exe
  2⤵
  - Executes dropped EXE
  PID:616
- C:\Windows\System\kUsaaxs.exe
  C:\Windows\System\kUsaaxs.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\QjZJJqe.exe
  C:\Windows\System\QjZJJqe.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\JKtWROV.exe
  C:\Windows\System\JKtWROV.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\GmCnrlz.exe
  C:\Windows\System\GmCnrlz.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\XbWLgTA.exe
  C:\Windows\System\XbWLgTA.exe
  2⤵
  - Executes dropped EXE
  PID:3792
- C:\Windows\System\iDwFhDm.exe
  C:\Windows\System\iDwFhDm.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\kxeEizG.exe
  C:\Windows\System\kxeEizG.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\RHBXEXU.exe
  C:\Windows\System\RHBXEXU.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\IKvhXek.exe
  C:\Windows\System\IKvhXek.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\UrVKHcc.exe
  C:\Windows\System\UrVKHcc.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\TiCrvgh.exe
  C:\Windows\System\TiCrvgh.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\ibgjePj.exe
  C:\Windows\System\ibgjePj.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\UeqYknN.exe
  C:\Windows\System\UeqYknN.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\QnHtCZt.exe
  C:\Windows\System\QnHtCZt.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\FiixxWH.exe
  C:\Windows\System\FiixxWH.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\GZDfAkk.exe
  C:\Windows\System\GZDfAkk.exe
  2⤵
  - Executes dropped EXE
  PID:3836
- C:\Windows\System\tkxLpmP.exe
  C:\Windows\System\tkxLpmP.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\SBOFOxk.exe
  C:\Windows\System\SBOFOxk.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\NRpWLjn.exe
  C:\Windows\System\NRpWLjn.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\XAoJOGb.exe
  C:\Windows\System\XAoJOGb.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\YzWTtRh.exe
  C:\Windows\System\YzWTtRh.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\cKjFQux.exe
  C:\Windows\System\cKjFQux.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\GlSzSip.exe
  C:\Windows\System\GlSzSip.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\FjVOBxu.exe
  C:\Windows\System\FjVOBxu.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\StWOjpr.exe
  C:\Windows\System\StWOjpr.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\oQKGdVA.exe
  C:\Windows\System\oQKGdVA.exe
  2⤵
  - Executes dropped EXE
  PID:3848
- C:\Windows\System\IhYqSaf.exe
  C:\Windows\System\IhYqSaf.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System\iOjVASA.exe
  C:\Windows\System\iOjVASA.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\nkPFTlZ.exe
  C:\Windows\System\nkPFTlZ.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\XxopqCs.exe
  C:\Windows\System\XxopqCs.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System\gNpVcTe.exe
  C:\Windows\System\gNpVcTe.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System\REDuYhw.exe
  C:\Windows\System\REDuYhw.exe
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Windows\System\zYvGGxQ.exe
  C:\Windows\System\zYvGGxQ.exe
  2⤵
  - Executes dropped EXE
  PID:3840
- C:\Windows\System\ZWbJYjb.exe
  C:\Windows\System\ZWbJYjb.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\OWhCwlA.exe
  C:\Windows\System\OWhCwlA.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\oEKUeTn.exe
  C:\Windows\System\oEKUeTn.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\yQFjPJE.exe
  C:\Windows\System\yQFjPJE.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\xGJwEkO.exe
  C:\Windows\System\xGJwEkO.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\FHhIiAD.exe
  C:\Windows\System\FHhIiAD.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\dbEkVqt.exe
  C:\Windows\System\dbEkVqt.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\bXffTLF.exe
  C:\Windows\System\bXffTLF.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\fPAXqdZ.exe
  C:\Windows\System\fPAXqdZ.exe
  2⤵
  - Executes dropped EXE
  PID:3340
- C:\Windows\System\zGjpliX.exe
  C:\Windows\System\zGjpliX.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\iKNLIEn.exe
  C:\Windows\System\iKNLIEn.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\qgMUzRf.exe
  C:\Windows\System\qgMUzRf.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\sPFGVoe.exe
  C:\Windows\System\sPFGVoe.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\tLBEocX.exe
  C:\Windows\System\tLBEocX.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\lbxiPFh.exe
  C:\Windows\System\lbxiPFh.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\wKSBhxl.exe
  C:\Windows\System\wKSBhxl.exe
  2⤵
  - Executes dropped EXE
  PID:3568
- C:\Windows\System\jfzDtuu.exe
  C:\Windows\System\jfzDtuu.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\MWvxIqL.exe
  C:\Windows\System\MWvxIqL.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\pUPvgsK.exe
  C:\Windows\System\pUPvgsK.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\vokSXxF.exe
  C:\Windows\System\vokSXxF.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\qtcNhVe.exe
  C:\Windows\System\qtcNhVe.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\iWuIDzt.exe
  C:\Windows\System\iWuIDzt.exe
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Windows\System\dMaoWiH.exe
  C:\Windows\System\dMaoWiH.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\auIlvBu.exe
  C:\Windows\System\auIlvBu.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\tuughez.exe
  C:\Windows\System\tuughez.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\yJEZamq.exe
  C:\Windows\System\yJEZamq.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\WxAEZus.exe
  C:\Windows\System\WxAEZus.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\gYAxOzA.exe
  C:\Windows\System\gYAxOzA.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\JuVBLVi.exe
  C:\Windows\System\JuVBLVi.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\MlIiLnS.exe
  C:\Windows\System\MlIiLnS.exe
  2⤵
  PID:816
- C:\Windows\System\DchHChj.exe
  C:\Windows\System\DchHChj.exe
  2⤵
  PID:2608
- C:\Windows\System\cOApHvc.exe
  C:\Windows\System\cOApHvc.exe
  2⤵
  PID:640
- C:\Windows\System\FhHDxUJ.exe
  C:\Windows\System\FhHDxUJ.exe
  2⤵
  PID:2344
- C:\Windows\System\IejDgiR.exe
  C:\Windows\System\IejDgiR.exe
  2⤵
  PID:4028
- C:\Windows\System\zkkLLpH.exe
  C:\Windows\System\zkkLLpH.exe
  2⤵
  PID:5140
- C:\Windows\System\kQMbHWw.exe
  C:\Windows\System\kQMbHWw.exe
  2⤵
  PID:5156
- C:\Windows\System\xolnVoj.exe
  C:\Windows\System\xolnVoj.exe
  2⤵
  PID:5192
- C:\Windows\System\ojDLhGS.exe
  C:\Windows\System\ojDLhGS.exe
  2⤵
  PID:5212
- C:\Windows\System\LJssimb.exe
  C:\Windows\System\LJssimb.exe
  2⤵
  PID:5228
- C:\Windows\System\fPtKPBn.exe
  C:\Windows\System\fPtKPBn.exe
  2⤵
  PID:5264
- C:\Windows\System\lSUWWhd.exe
  C:\Windows\System\lSUWWhd.exe
  2⤵
  PID:5292
- C:\Windows\System\NrZWgxs.exe
  C:\Windows\System\NrZWgxs.exe
  2⤵
  PID:5312
- C:\Windows\System\HTWKhwE.exe
  C:\Windows\System\HTWKhwE.exe
  2⤵
  PID:5348
- C:\Windows\System\qAvPLWp.exe
  C:\Windows\System\qAvPLWp.exe
  2⤵
  PID:5388
- C:\Windows\System\MZEnzJI.exe
  C:\Windows\System\MZEnzJI.exe
  2⤵
  PID:5420
- C:\Windows\System\eLprwxJ.exe
  C:\Windows\System\eLprwxJ.exe
  2⤵
  PID:5448
- C:\Windows\System\MgVmZVj.exe
  C:\Windows\System\MgVmZVj.exe
  2⤵
  PID:5476
- C:\Windows\System\PetYXQE.exe
  C:\Windows\System\PetYXQE.exe
  2⤵
  PID:5504
- C:\Windows\System\qXFBrWv.exe
  C:\Windows\System\qXFBrWv.exe
  2⤵
  PID:5532
- C:\Windows\System\auzWrkj.exe
  C:\Windows\System\auzWrkj.exe
  2⤵
  PID:5560
- C:\Windows\System\VnpAqsw.exe
  C:\Windows\System\VnpAqsw.exe
  2⤵
  PID:5588
- C:\Windows\System\CHszUfj.exe
  C:\Windows\System\CHszUfj.exe
  2⤵
  PID:5628
- C:\Windows\System\DFBfCZG.exe
  C:\Windows\System\DFBfCZG.exe
  2⤵
  PID:5656
- C:\Windows\System\YawOtgI.exe
  C:\Windows\System\YawOtgI.exe
  2⤵
  PID:5672
- C:\Windows\System\XRenCQK.exe
  C:\Windows\System\XRenCQK.exe
  2⤵
  PID:5712
- C:\Windows\System\mBychwy.exe
  C:\Windows\System\mBychwy.exe
  2⤵
  PID:5740
- C:\Windows\System\jRqKMJL.exe
  C:\Windows\System\jRqKMJL.exe
  2⤵
  PID:5756
- C:\Windows\System\NxIwFSO.exe
  C:\Windows\System\NxIwFSO.exe
  2⤵
  PID:5792
- C:\Windows\System\MNisEir.exe
  C:\Windows\System\MNisEir.exe
  2⤵
  PID:5812
- C:\Windows\System\uIjHWqb.exe
  C:\Windows\System\uIjHWqb.exe
  2⤵
  PID:5848
- C:\Windows\System\lkFyHoO.exe
  C:\Windows\System\lkFyHoO.exe
  2⤵
  PID:5868
- C:\Windows\System\sCJUQHM.exe
  C:\Windows\System\sCJUQHM.exe
  2⤵
  PID:5896
- C:\Windows\System\McYmtTx.exe
  C:\Windows\System\McYmtTx.exe
  2⤵
  PID:5936
- C:\Windows\System\ckATFGC.exe
  C:\Windows\System\ckATFGC.exe
  2⤵
  PID:5952
- C:\Windows\System\FRRwcWD.exe
  C:\Windows\System\FRRwcWD.exe
  2⤵
  PID:5980
- C:\Windows\System\gClqQrd.exe
  C:\Windows\System\gClqQrd.exe
  2⤵
  PID:6024
- C:\Windows\System\lfYbzhk.exe
  C:\Windows\System\lfYbzhk.exe
  2⤵
  PID:6048
- C:\Windows\System\EYhxIoD.exe
  C:\Windows\System\EYhxIoD.exe
  2⤵
  PID:6088
- C:\Windows\System\RNnLeIh.exe
  C:\Windows\System\RNnLeIh.exe
  2⤵
  PID:6104
- C:\Windows\System\fVYhrHu.exe
  C:\Windows\System\fVYhrHu.exe
  2⤵
  PID:6132
- C:\Windows\System\ZmmbmSU.exe
  C:\Windows\System\ZmmbmSU.exe
  2⤵
  PID:2968
- C:\Windows\System\pcbjCQM.exe
  C:\Windows\System\pcbjCQM.exe
  2⤵
  PID:996
- C:\Windows\System\GZNxjGl.exe
  C:\Windows\System\GZNxjGl.exe
  2⤵
  PID:4732
- C:\Windows\System\BGHBnRw.exe
  C:\Windows\System\BGHBnRw.exe
  2⤵
  PID:3752
- C:\Windows\System\saiIpFX.exe
  C:\Windows\System\saiIpFX.exe
  2⤵
  PID:5152
- C:\Windows\System\wgxSYqU.exe
  C:\Windows\System\wgxSYqU.exe
  2⤵
  PID:5200
- C:\Windows\System\rKhgxeN.exe
  C:\Windows\System\rKhgxeN.exe
  2⤵
  PID:5288
- C:\Windows\System\hNkmfuu.exe
  C:\Windows\System\hNkmfuu.exe
  2⤵
  PID:5364
- C:\Windows\System\cxomiuS.exe
  C:\Windows\System\cxomiuS.exe
  2⤵
  PID:5432
- C:\Windows\System\WuiHbLQ.exe
  C:\Windows\System\WuiHbLQ.exe
  2⤵
  PID:5464
- C:\Windows\System\rJjOiOW.exe
  C:\Windows\System\rJjOiOW.exe
  2⤵
  PID:5548
- C:\Windows\System\onELAFK.exe
  C:\Windows\System\onELAFK.exe
  2⤵
  PID:5600
- C:\Windows\System\GFItUMZ.exe
  C:\Windows\System\GFItUMZ.exe
  2⤵
  PID:5664
- C:\Windows\System\jjoIMUG.exe
  C:\Windows\System\jjoIMUG.exe
  2⤵
  PID:5728
- C:\Windows\System\ZGjspjG.exe
  C:\Windows\System\ZGjspjG.exe
  2⤵
  PID:5808
- C:\Windows\System\JeqJgVy.exe
  C:\Windows\System\JeqJgVy.exe
  2⤵
  PID:5856
- C:\Windows\System\GaWrTyG.exe
  C:\Windows\System\GaWrTyG.exe
  2⤵
  PID:5920
- C:\Windows\System\kmbCpSq.exe
  C:\Windows\System\kmbCpSq.exe
  2⤵
  PID:5992
- C:\Windows\System\Jzoueyx.exe
  C:\Windows\System\Jzoueyx.exe
  2⤵
  PID:6060
- C:\Windows\System\DAmgChz.exe
  C:\Windows\System\DAmgChz.exe
  2⤵
  PID:4024
- C:\Windows\System\pAgUrSn.exe
  C:\Windows\System\pAgUrSn.exe
  2⤵
  PID:3640
- C:\Windows\System\TZQuhSW.exe
  C:\Windows\System\TZQuhSW.exe
  2⤵
  PID:4728
- C:\Windows\System\OqmwDwf.exe
  C:\Windows\System\OqmwDwf.exe
  2⤵
  PID:5252
- C:\Windows\System\fLEojMG.exe
  C:\Windows\System\fLEojMG.exe
  2⤵
  PID:5492
- C:\Windows\System\npIsdrO.exe
  C:\Windows\System\npIsdrO.exe
  2⤵
  PID:5612
- C:\Windows\System\pkZjgjz.exe
  C:\Windows\System\pkZjgjz.exe
  2⤵
  PID:5700
- C:\Windows\System\xSdCqqa.exe
  C:\Windows\System\xSdCqqa.exe
  2⤵
  PID:5884
- C:\Windows\System\divjjoG.exe
  C:\Windows\System\divjjoG.exe
  2⤵
  PID:6016
- C:\Windows\System\PUOihaF.exe
  C:\Windows\System\PUOihaF.exe
  2⤵
  PID:6112
- C:\Windows\System\zcGEHOJ.exe
  C:\Windows\System\zcGEHOJ.exe
  2⤵
  PID:6160
- C:\Windows\System\ZtQsJbZ.exe
  C:\Windows\System\ZtQsJbZ.exe
  2⤵
  PID:6184
- C:\Windows\System\TgAKduw.exe
  C:\Windows\System\TgAKduw.exe
  2⤵
  PID:6212
- C:\Windows\System\rFdOIgd.exe
  C:\Windows\System\rFdOIgd.exe
  2⤵
  PID:6268
- C:\Windows\System\YZxSSPq.exe
  C:\Windows\System\YZxSSPq.exe
  2⤵
  PID:6304
- C:\Windows\System\hoUiObo.exe
  C:\Windows\System\hoUiObo.exe
  2⤵
  PID:6332
- C:\Windows\System\XmSSgUz.exe
  C:\Windows\System\XmSSgUz.exe
  2⤵
  PID:6360
- C:\Windows\System\WSERVVQ.exe
  C:\Windows\System\WSERVVQ.exe
  2⤵
  PID:6388
- C:\Windows\System\QpwKctP.exe
  C:\Windows\System\QpwKctP.exe
  2⤵
  PID:6412
- C:\Windows\System\VUAfmAa.exe
  C:\Windows\System\VUAfmAa.exe
  2⤵
  PID:6444
- C:\Windows\System\WGUNXNO.exe
  C:\Windows\System\WGUNXNO.exe
  2⤵
  PID:6484
- C:\Windows\System\bsxXKmC.exe
  C:\Windows\System\bsxXKmC.exe
  2⤵
  PID:6512
- C:\Windows\System\eheLDVW.exe
  C:\Windows\System\eheLDVW.exe
  2⤵
  PID:6528
- C:\Windows\System\FXIAOFk.exe
  C:\Windows\System\FXIAOFk.exe
  2⤵
  PID:6568
- C:\Windows\System\BHzYGMe.exe
  C:\Windows\System\BHzYGMe.exe
  2⤵
  PID:6584
- C:\Windows\System\uRiWzLr.exe
  C:\Windows\System\uRiWzLr.exe
  2⤵
  PID:6612
- C:\Windows\System\wZCEsaj.exe
  C:\Windows\System\wZCEsaj.exe
  2⤵
  PID:6640
- C:\Windows\System\CdCTADw.exe
  C:\Windows\System\CdCTADw.exe
  2⤵
  PID:6668
- C:\Windows\System\JClxtrU.exe
  C:\Windows\System\JClxtrU.exe
  2⤵
  PID:6692
- C:\Windows\System\TYiFmtR.exe
  C:\Windows\System\TYiFmtR.exe
  2⤵
  PID:6712
- C:\Windows\System\WutIzeu.exe
  C:\Windows\System\WutIzeu.exe
  2⤵
  PID:6740
- C:\Windows\System\VBFRAJt.exe
  C:\Windows\System\VBFRAJt.exe
  2⤵
  PID:6768
- C:\Windows\System\PKaYWPF.exe
  C:\Windows\System\PKaYWPF.exe
  2⤵
  PID:6796
- C:\Windows\System\BCwWQGF.exe
  C:\Windows\System\BCwWQGF.exe
  2⤵
  PID:6832
- C:\Windows\System\hHLAvnv.exe
  C:\Windows\System\hHLAvnv.exe
  2⤵
  PID:6852
- C:\Windows\System\ssRIbBD.exe
  C:\Windows\System\ssRIbBD.exe
  2⤵
  PID:6868
- C:\Windows\System\eERPRjU.exe
  C:\Windows\System\eERPRjU.exe
  2⤵
  PID:6908
- C:\Windows\System\JYAxlsm.exe
  C:\Windows\System\JYAxlsm.exe
  2⤵
  PID:6948
- C:\Windows\System\SVvFweI.exe
  C:\Windows\System\SVvFweI.exe
  2⤵
  PID:6976
- C:\Windows\System\xHwFGrm.exe
  C:\Windows\System\xHwFGrm.exe
  2⤵
  PID:7004
- C:\Windows\System\sDUkqad.exe
  C:\Windows\System\sDUkqad.exe
  2⤵
  PID:7028
- C:\Windows\System\JZqWVAL.exe
  C:\Windows\System\JZqWVAL.exe
  2⤵
  PID:7060
- C:\Windows\System\lnxzuQr.exe
  C:\Windows\System\lnxzuQr.exe
  2⤵
  PID:7080
- C:\Windows\System\pZjUnvN.exe
  C:\Windows\System\pZjUnvN.exe
  2⤵
  PID:7096
- C:\Windows\System\vNnilnf.exe
  C:\Windows\System\vNnilnf.exe
  2⤵
  PID:7120
- C:\Windows\System\TKGkfda.exe
  C:\Windows\System\TKGkfda.exe
  2⤵
  PID:7160
- C:\Windows\System\QKuJZbv.exe
  C:\Windows\System\QKuJZbv.exe
  2⤵
  PID:748
- C:\Windows\System\jiLzWgn.exe
  C:\Windows\System\jiLzWgn.exe
  2⤵
  PID:5520
- C:\Windows\System\kDZCVUF.exe
  C:\Windows\System\kDZCVUF.exe
  2⤵
  PID:5644
- C:\Windows\System\JgyEgrq.exe
  C:\Windows\System\JgyEgrq.exe
  2⤵
  PID:5968
- C:\Windows\System\WOTFBUA.exe
  C:\Windows\System\WOTFBUA.exe
  2⤵
  PID:6200
- C:\Windows\System\elUOdaU.exe
  C:\Windows\System\elUOdaU.exe
  2⤵
  PID:6296
- C:\Windows\System\sRHAAwY.exe
  C:\Windows\System\sRHAAwY.exe
  2⤵
  PID:6348
- C:\Windows\System\zbtMMFf.exe
  C:\Windows\System\zbtMMFf.exe
  2⤵
  PID:6380
- C:\Windows\System\NPUPmHo.exe
  C:\Windows\System\NPUPmHo.exe
  2⤵
  PID:6680
- C:\Windows\System\VfulNms.exe
  C:\Windows\System\VfulNms.exe
  2⤵
  PID:6748
- C:\Windows\System\KdosHTa.exe
  C:\Windows\System\KdosHTa.exe
  2⤵
  PID:6780
- C:\Windows\System\PQdrCBl.exe
  C:\Windows\System\PQdrCBl.exe
  2⤵
  PID:6820
- C:\Windows\System\yJcePDh.exe
  C:\Windows\System\yJcePDh.exe
  2⤵
  PID:6860
- C:\Windows\System\dktIzRN.exe
  C:\Windows\System\dktIzRN.exe
  2⤵
  PID:6936
- C:\Windows\System\TxZSTkh.exe
  C:\Windows\System\TxZSTkh.exe
  2⤵
  PID:7048
- C:\Windows\System\lplFixW.exe
  C:\Windows\System\lplFixW.exe
  2⤵
  PID:7088
- C:\Windows\System\zDIIilK.exe
  C:\Windows\System\zDIIilK.exe
  2⤵
  PID:924
- C:\Windows\System\hmtAVLO.exe
  C:\Windows\System\hmtAVLO.exe
  2⤵
  PID:1512
- C:\Windows\System\iLRohaA.exe
  C:\Windows\System\iLRohaA.exe
  2⤵
  PID:844
- C:\Windows\System\YFtsWHk.exe
  C:\Windows\System\YFtsWHk.exe
  2⤵
  PID:1804
- C:\Windows\System\OJscyCf.exe
  C:\Windows\System\OJscyCf.exe
  2⤵
  PID:1928
- C:\Windows\System\EaUeHeh.exe
  C:\Windows\System\EaUeHeh.exe
  2⤵
  PID:2792
- C:\Windows\System\BHEbwHj.exe
  C:\Windows\System\BHEbwHj.exe
  2⤵
  PID:3712
- C:\Windows\System\UjlMjrZ.exe
  C:\Windows\System\UjlMjrZ.exe
  2⤵
  PID:3912
- C:\Windows\System\oXxBEqb.exe
  C:\Windows\System\oXxBEqb.exe
  2⤵
  PID:6220
- C:\Windows\System\lEArwVy.exe
  C:\Windows\System\lEArwVy.exe
  2⤵
  PID:4464
- C:\Windows\System\PvBTgxT.exe
  C:\Windows\System\PvBTgxT.exe
  2⤵
  PID:3680
- C:\Windows\System\fHMlIHx.exe
  C:\Windows\System\fHMlIHx.exe
  2⤵
  PID:6804
- C:\Windows\System\SaRkHax.exe
  C:\Windows\System\SaRkHax.exe
  2⤵
  PID:7024
- C:\Windows\System\WvdtvJm.exe
  C:\Windows\System\WvdtvJm.exe
  2⤵
  PID:3364
- C:\Windows\System\JEuxlWo.exe
  C:\Windows\System\JEuxlWo.exe
  2⤵
  PID:4872
- C:\Windows\System\jtMWMIQ.exe
  C:\Windows\System\jtMWMIQ.exe
  2⤵
  PID:1700
- C:\Windows\System\xrjCMIF.exe
  C:\Windows\System\xrjCMIF.exe
  2⤵
  PID:216
- C:\Windows\System\EwntzBh.exe
  C:\Windows\System\EwntzBh.exe
  2⤵
  PID:1136
- C:\Windows\System\fJNwDuS.exe
  C:\Windows\System\fJNwDuS.exe
  2⤵
  PID:5572
- C:\Windows\System\RsTTaTB.exe
  C:\Windows\System\RsTTaTB.exe
  2⤵
  PID:7192
- C:\Windows\System\FROMHNT.exe
  C:\Windows\System\FROMHNT.exe
  2⤵
  PID:7208
- C:\Windows\System\PsFxViJ.exe
  C:\Windows\System\PsFxViJ.exe
  2⤵
  PID:7228
- C:\Windows\System\FMveUCN.exe
  C:\Windows\System\FMveUCN.exe
  2⤵
  PID:7244
- C:\Windows\System\IYAGBMp.exe
  C:\Windows\System\IYAGBMp.exe
  2⤵
  PID:7280
- C:\Windows\System\BwRDTIg.exe
  C:\Windows\System\BwRDTIg.exe
  2⤵
  PID:7296
- C:\Windows\System\DpEWFfa.exe
  C:\Windows\System\DpEWFfa.exe
  2⤵
  PID:7312
- C:\Windows\System\mZyvhne.exe
  C:\Windows\System\mZyvhne.exe
  2⤵
  PID:7332
- C:\Windows\System\OefEdWp.exe
  C:\Windows\System\OefEdWp.exe
  2⤵
  PID:7392
- C:\Windows\System\kqhPdRt.exe
  C:\Windows\System\kqhPdRt.exe
  2⤵
  PID:7416
- C:\Windows\System\ClBkEse.exe
  C:\Windows\System\ClBkEse.exe
  2⤵
  PID:7436
- C:\Windows\System\dUasymy.exe
  C:\Windows\System\dUasymy.exe
  2⤵
  PID:7456
- C:\Windows\System\YvsdmVp.exe
  C:\Windows\System\YvsdmVp.exe
  2⤵
  PID:7472
- C:\Windows\System\gLhpwSS.exe
  C:\Windows\System\gLhpwSS.exe
  2⤵
  PID:7488
- C:\Windows\System\KQwxuXp.exe
  C:\Windows\System\KQwxuXp.exe
  2⤵
  PID:7532
- C:\Windows\System\GzWpPII.exe
  C:\Windows\System\GzWpPII.exe
  2⤵
  PID:7796
- C:\Windows\System\OTqoJUF.exe
  C:\Windows\System\OTqoJUF.exe
  2⤵
  PID:7812
- C:\Windows\System\CAMRoGU.exe
  C:\Windows\System\CAMRoGU.exe
  2⤵
  PID:7852
- C:\Windows\System\ldTozol.exe
  C:\Windows\System\ldTozol.exe
  2⤵
  PID:7872
- C:\Windows\System\QeFpXoq.exe
  C:\Windows\System\QeFpXoq.exe
  2⤵
  PID:7900
- C:\Windows\System\eoeBBcP.exe
  C:\Windows\System\eoeBBcP.exe
  2⤵
  PID:7960
- C:\Windows\System\pCkYdMR.exe
  C:\Windows\System\pCkYdMR.exe
  2⤵
  PID:8000
- C:\Windows\System\obGrRAO.exe
  C:\Windows\System\obGrRAO.exe
  2⤵
  PID:8032
- C:\Windows\System\gcNcjJO.exe
  C:\Windows\System\gcNcjJO.exe
  2⤵
  PID:8060
- C:\Windows\System\YCIJMfo.exe
  C:\Windows\System\YCIJMfo.exe
  2⤵
  PID:8096
- C:\Windows\System\KsxJesS.exe
  C:\Windows\System\KsxJesS.exe
  2⤵
  PID:8124
- C:\Windows\System\vJdnbcl.exe
  C:\Windows\System\vJdnbcl.exe
  2⤵
  PID:8160
- C:\Windows\System\vgTSJTe.exe
  C:\Windows\System\vgTSJTe.exe
  2⤵
  PID:8180
- C:\Windows\System\WSMLPSJ.exe
  C:\Windows\System\WSMLPSJ.exe
  2⤵
  PID:6320
- C:\Windows\System\kEXdmxC.exe
  C:\Windows\System\kEXdmxC.exe
  2⤵
  PID:7072
- C:\Windows\System\cxoUFyb.exe
  C:\Windows\System\cxoUFyb.exe
  2⤵
  PID:4868
- C:\Windows\System\YxpodpG.exe
  C:\Windows\System\YxpodpG.exe
  2⤵
  PID:4440
- C:\Windows\System\dxrcPRy.exe
  C:\Windows\System\dxrcPRy.exe
  2⤵
  PID:2196
- C:\Windows\System\evwbIut.exe
  C:\Windows\System\evwbIut.exe
  2⤵
  PID:7324
- C:\Windows\System\vJcHbpH.exe
  C:\Windows\System\vJcHbpH.exe
  2⤵
  PID:7384
- C:\Windows\System\DUqlxLE.exe
  C:\Windows\System\DUqlxLE.exe
  2⤵
  PID:7464
- C:\Windows\System\IBloJHY.exe
  C:\Windows\System\IBloJHY.exe
  2⤵
  PID:7524
- C:\Windows\System\ighoPqY.exe
  C:\Windows\System\ighoPqY.exe
  2⤵
  PID:7636
- C:\Windows\System\TLmTuII.exe
  C:\Windows\System\TLmTuII.exe
  2⤵
  PID:7676
- C:\Windows\System\JTxStHO.exe
  C:\Windows\System\JTxStHO.exe
  2⤵
  PID:3704
- C:\Windows\System\DSqFYHj.exe
  C:\Windows\System\DSqFYHj.exe
  2⤵
  PID:1096
- C:\Windows\System\kNIkzma.exe
  C:\Windows\System\kNIkzma.exe
  2⤵
  PID:4112
- C:\Windows\System\yrZeRpV.exe
  C:\Windows\System\yrZeRpV.exe
  2⤵
  PID:3692
- C:\Windows\System\NvEmiMj.exe
  C:\Windows\System\NvEmiMj.exe
  2⤵
  PID:4288
- C:\Windows\System\gBaMduK.exe
  C:\Windows\System\gBaMduK.exe
  2⤵
  PID:4248
- C:\Windows\System\UVkpTCG.exe
  C:\Windows\System\UVkpTCG.exe
  2⤵
  PID:1668
- C:\Windows\System\nwGttkV.exe
  C:\Windows\System\nwGttkV.exe
  2⤵
  PID:4588
- C:\Windows\System\OieikCh.exe
  C:\Windows\System\OieikCh.exe
  2⤵
  PID:4800
- C:\Windows\System\ywtsiQX.exe
  C:\Windows\System\ywtsiQX.exe
  2⤵
  PID:916
- C:\Windows\System\nEdIEzG.exe
  C:\Windows\System\nEdIEzG.exe
  2⤵
  PID:2132
- C:\Windows\System\vvRIyvj.exe
  C:\Windows\System\vvRIyvj.exe
  2⤵
  PID:2436
- C:\Windows\System\CCYhTGm.exe
  C:\Windows\System\CCYhTGm.exe
  2⤵
  PID:1972
- C:\Windows\System\CyUQoKU.exe
  C:\Windows\System\CyUQoKU.exe
  2⤵
  PID:3616
- C:\Windows\System\YqzGvYf.exe
  C:\Windows\System\YqzGvYf.exe
  2⤵
  PID:3772
- C:\Windows\System\ESfZzgr.exe
  C:\Windows\System\ESfZzgr.exe
  2⤵
  PID:2888
- C:\Windows\System\iZhaVVE.exe
  C:\Windows\System\iZhaVVE.exe
  2⤵
  PID:3676
- C:\Windows\System\ddPPfhz.exe
  C:\Windows\System\ddPPfhz.exe
  2⤵
  PID:4568
- C:\Windows\System\EOXjhbL.exe
  C:\Windows\System\EOXjhbL.exe
  2⤵
  PID:456
- C:\Windows\System\sacMdyM.exe
  C:\Windows\System\sacMdyM.exe
  2⤵
  PID:2876
- C:\Windows\System\uyLHvru.exe
  C:\Windows\System\uyLHvru.exe
  2⤵
  PID:3864
- C:\Windows\System\VCGnsHj.exe
  C:\Windows\System\VCGnsHj.exe
  2⤵
  PID:3580
- C:\Windows\System\UqXxRbc.exe
  C:\Windows\System\UqXxRbc.exe
  2⤵
  PID:3108
- C:\Windows\System\PuiYFXd.exe
  C:\Windows\System\PuiYFXd.exe
  2⤵
  PID:7728
- C:\Windows\System\MVeHtKV.exe
  C:\Windows\System\MVeHtKV.exe
  2⤵
  PID:7784
- C:\Windows\System\DgJpkiJ.exe
  C:\Windows\System\DgJpkiJ.exe
  2⤵
  PID:7840
- C:\Windows\System\NvriCOt.exe
  C:\Windows\System\NvriCOt.exe
  2⤵
  PID:2144
- C:\Windows\System\iwowbuU.exe
  C:\Windows\System\iwowbuU.exe
  2⤵
  PID:8016
- C:\Windows\System\bsOPCHG.exe
  C:\Windows\System\bsOPCHG.exe
  2⤵
  PID:8084
- C:\Windows\System\NyIeUuw.exe
  C:\Windows\System\NyIeUuw.exe
  2⤵
  PID:3604
- C:\Windows\System\abTJqHF.exe
  C:\Windows\System\abTJqHF.exe
  2⤵
  PID:6756
- C:\Windows\System\VHccWPn.exe
  C:\Windows\System\VHccWPn.exe
  2⤵
  PID:4676
- C:\Windows\System\HcCobZu.exe
  C:\Windows\System\HcCobZu.exe
  2⤵
  PID:3296
- C:\Windows\System\OhFVgGV.exe
  C:\Windows\System\OhFVgGV.exe
  2⤵
  PID:7372
- C:\Windows\System\QJfzjRB.exe
  C:\Windows\System\QJfzjRB.exe
  2⤵
  PID:7608
- C:\Windows\System\USWSjvH.exe
  C:\Windows\System\USWSjvH.exe
  2⤵
  PID:7668
- C:\Windows\System\opsSQOX.exe
  C:\Windows\System\opsSQOX.exe
  2⤵
  PID:7548
- C:\Windows\System\uLUrsUh.exe
  C:\Windows\System\uLUrsUh.exe
  2⤵
  PID:1688
- C:\Windows\System\HhAoUVG.exe
  C:\Windows\System\HhAoUVG.exe
  2⤵
  PID:5048
- C:\Windows\System\CGYgcML.exe
  C:\Windows\System\CGYgcML.exe
  2⤵
  PID:2256
- C:\Windows\System\itlsjjD.exe
  C:\Windows\System\itlsjjD.exe
  2⤵
  PID:3304
- C:\Windows\System\pqZKghT.exe
  C:\Windows\System\pqZKghT.exe
  2⤵
  PID:2532
- C:\Windows\System\TwcWTZI.exe
  C:\Windows\System\TwcWTZI.exe
  2⤵
  PID:2112
- C:\Windows\System\uiHSVGL.exe
  C:\Windows\System\uiHSVGL.exe
  2⤵
  PID:3736
- C:\Windows\System\pyVvuFL.exe
  C:\Windows\System\pyVvuFL.exe
  2⤵
  PID:1852
- C:\Windows\System\tVOOrCM.exe
  C:\Windows\System\tVOOrCM.exe
  2⤵
  PID:3248
- C:\Windows\System\JozeyBP.exe
  C:\Windows\System\JozeyBP.exe
  2⤵
  PID:6968
- C:\Windows\System\TSxAtmU.exe
  C:\Windows\System\TSxAtmU.exe
  2⤵
  PID:8008
- C:\Windows\System\GywVbKn.exe
  C:\Windows\System\GywVbKn.exe
  2⤵
  PID:8120
- C:\Windows\System\qZzLZEb.exe
  C:\Windows\System\qZzLZEb.exe
  2⤵
  PID:1528
- C:\Windows\System\hUyyeGT.exe
  C:\Windows\System\hUyyeGT.exe
  2⤵
  PID:4600
- C:\Windows\System\yiubqoY.exe
  C:\Windows\System\yiubqoY.exe
  2⤵
  PID:2776
- C:\Windows\System\GeKGVsr.exe
  C:\Windows\System\GeKGVsr.exe
  2⤵
  PID:3844
- C:\Windows\System\HzVrajw.exe
  C:\Windows\System\HzVrajw.exe
  2⤵
  PID:3016
- C:\Windows\System\FoymHRZ.exe
  C:\Windows\System\FoymHRZ.exe
  2⤵
  PID:1836
- C:\Windows\System\gPiFatm.exe
  C:\Windows\System\gPiFatm.exe
  2⤵
  PID:7844
- C:\Windows\System\yjzxZpP.exe
  C:\Windows\System\yjzxZpP.exe
  2⤵
  PID:7736
- C:\Windows\System\dJjwsgR.exe
  C:\Windows\System\dJjwsgR.exe
  2⤵
  PID:7200
- C:\Windows\System\WzasMFM.exe
  C:\Windows\System\WzasMFM.exe
  2⤵
  PID:2124
- C:\Windows\System\IFKRoCi.exe
  C:\Windows\System\IFKRoCi.exe
  2⤵
  PID:3556
- C:\Windows\System\oyOOPuW.exe
  C:\Windows\System\oyOOPuW.exe
  2⤵
  PID:1108
- C:\Windows\System\iZKlCch.exe
  C:\Windows\System\iZKlCch.exe
  2⤵
  PID:7572
- C:\Windows\System\nSLqrrU.exe
  C:\Windows\System\nSLqrrU.exe
  2⤵
  PID:5640
- C:\Windows\System\IJSxnxO.exe
  C:\Windows\System\IJSxnxO.exe
  2⤵
  PID:6256
- C:\Windows\System\cuZCCya.exe
  C:\Windows\System\cuZCCya.exe
  2⤵
  PID:4520
- C:\Windows\System\KrryMVA.exe
  C:\Windows\System\KrryMVA.exe
  2⤵
  PID:8216
- C:\Windows\System\hrhFTrG.exe
  C:\Windows\System\hrhFTrG.exe
  2⤵
  PID:8248
- C:\Windows\System\MWvFGXR.exe
  C:\Windows\System\MWvFGXR.exe
  2⤵
  PID:8272
- C:\Windows\System\GrcefQa.exe
  C:\Windows\System\GrcefQa.exe
  2⤵
  PID:8300
- C:\Windows\System\cRxkbWp.exe
  C:\Windows\System\cRxkbWp.exe
  2⤵
  PID:8332
- C:\Windows\System\NXRqyST.exe
  C:\Windows\System\NXRqyST.exe
  2⤵
  PID:8368
- C:\Windows\System\xFkGurm.exe
  C:\Windows\System\xFkGurm.exe
  2⤵
  PID:8388
- C:\Windows\System\uDSKRIL.exe
  C:\Windows\System\uDSKRIL.exe
  2⤵
  PID:8416
- C:\Windows\System\PLKwzWQ.exe
  C:\Windows\System\PLKwzWQ.exe
  2⤵
  PID:8444
- C:\Windows\System\HpudDYr.exe
  C:\Windows\System\HpudDYr.exe
  2⤵
  PID:8468
- C:\Windows\System\rhQBsqx.exe
  C:\Windows\System\rhQBsqx.exe
  2⤵
  PID:8500
- C:\Windows\System\LXoWbdc.exe
  C:\Windows\System\LXoWbdc.exe
  2⤵
  PID:8560
- C:\Windows\System\CeVjoPr.exe
  C:\Windows\System\CeVjoPr.exe
  2⤵
  PID:8580
- C:\Windows\System\EzjctQH.exe
  C:\Windows\System\EzjctQH.exe
  2⤵
  PID:8608
- C:\Windows\System\laxSkUK.exe
  C:\Windows\System\laxSkUK.exe
  2⤵
  PID:8624
- C:\Windows\System\eHDqlgF.exe
  C:\Windows\System\eHDqlgF.exe
  2⤵
  PID:8672
- C:\Windows\System\LRhJkXD.exe
  C:\Windows\System\LRhJkXD.exe
  2⤵
  PID:8688
- C:\Windows\System\pmhWwYD.exe
  C:\Windows\System\pmhWwYD.exe
  2⤵
  PID:8728
- C:\Windows\System\gFqNyJO.exe
  C:\Windows\System\gFqNyJO.exe
  2⤵
  PID:8744
- C:\Windows\System\TbBBOsC.exe
  C:\Windows\System\TbBBOsC.exe
  2⤵
  PID:8772
- C:\Windows\System\QrlKOhZ.exe
  C:\Windows\System\QrlKOhZ.exe
  2⤵
  PID:8800
- C:\Windows\System\nRlttRz.exe
  C:\Windows\System\nRlttRz.exe
  2⤵
  PID:8840
- C:\Windows\System\QQSLpXa.exe
  C:\Windows\System\QQSLpXa.exe
  2⤵
  PID:8872
- C:\Windows\System\qaRwSJI.exe
  C:\Windows\System\qaRwSJI.exe
  2⤵
  PID:8892
- C:\Windows\System\AnUuwlu.exe
  C:\Windows\System\AnUuwlu.exe
  2⤵
  PID:8924
- C:\Windows\System\QoNLKwK.exe
  C:\Windows\System\QoNLKwK.exe
  2⤵
  PID:8956
- C:\Windows\System\igOJjJD.exe
  C:\Windows\System\igOJjJD.exe
  2⤵
  PID:8972
- C:\Windows\System\kfhcxtN.exe
  C:\Windows\System\kfhcxtN.exe
  2⤵
  PID:9008
- C:\Windows\System\wnTwaib.exe
  C:\Windows\System\wnTwaib.exe
  2⤵
  PID:9032
- C:\Windows\System\EEisbAQ.exe
  C:\Windows\System\EEisbAQ.exe
  2⤵
  PID:9068
- C:\Windows\System\hbQKofC.exe
  C:\Windows\System\hbQKofC.exe
  2⤵
  PID:9096
- C:\Windows\System\BPxbTpW.exe
  C:\Windows\System\BPxbTpW.exe
  2⤵
  PID:9116
- C:\Windows\System\QLGOkja.exe
  C:\Windows\System\QLGOkja.exe
  2⤵
  PID:9156
- C:\Windows\System\rvZiqaI.exe
  C:\Windows\System\rvZiqaI.exe
  2⤵
  PID:9184
- C:\Windows\System\HLdfedd.exe
  C:\Windows\System\HLdfedd.exe
  2⤵
  PID:9212
- C:\Windows\System\ydJobbO.exe
  C:\Windows\System\ydJobbO.exe
  2⤵
  PID:8260
- C:\Windows\System\JfyGRpg.exe
  C:\Windows\System\JfyGRpg.exe
  2⤵
  PID:8324
- C:\Windows\System\TwUonKP.exe
  C:\Windows\System\TwUonKP.exe
  2⤵
  PID:5964
- C:\Windows\System\RFLasbj.exe
  C:\Windows\System\RFLasbj.exe
  2⤵
  PID:8460
- C:\Windows\System\XMOoKVX.exe
  C:\Windows\System\XMOoKVX.exe
  2⤵
  PID:8540
- C:\Windows\System\gDIzAMQ.exe
  C:\Windows\System\gDIzAMQ.exe
  2⤵
  PID:8572
- C:\Windows\System\PbNmeUu.exe
  C:\Windows\System\PbNmeUu.exe
  2⤵
  PID:8668
- C:\Windows\System\NENBjqt.exe
  C:\Windows\System\NENBjqt.exe
  2⤵
  PID:8092
- C:\Windows\System\JBpEKbm.exe
  C:\Windows\System\JBpEKbm.exe
  2⤵
  PID:7952
- C:\Windows\System\VXoqprR.exe
  C:\Windows\System\VXoqprR.exe
  2⤵
  PID:8868
- C:\Windows\System\iKQNlUJ.exe
  C:\Windows\System\iKQNlUJ.exe
  2⤵
  PID:8912
- C:\Windows\System\QvwhWMt.exe
  C:\Windows\System\QvwhWMt.exe
  2⤵
  PID:8968
- C:\Windows\System\AIloXWo.exe
  C:\Windows\System\AIloXWo.exe
  2⤵
  PID:9016
- C:\Windows\System\QqFRygs.exe
  C:\Windows\System\QqFRygs.exe
  2⤵
  PID:9076
- C:\Windows\System\InyPore.exe
  C:\Windows\System\InyPore.exe
  2⤵
  PID:9144
- C:\Windows\System\SwogMqA.exe
  C:\Windows\System\SwogMqA.exe
  2⤵
  PID:9208
- C:\Windows\System\MiqCjiu.exe
  C:\Windows\System\MiqCjiu.exe
  2⤵
  PID:8352
- C:\Windows\System\YNbwYOf.exe
  C:\Windows\System\YNbwYOf.exe
  2⤵
  PID:8432
- C:\Windows\System\nDjBjYg.exe
  C:\Windows\System\nDjBjYg.exe
  2⤵
  PID:8620
- C:\Windows\System\zwHecty.exe
  C:\Windows\System\zwHecty.exe
  2⤵
  PID:7968
- C:\Windows\System\QmjTwro.exe
  C:\Windows\System\QmjTwro.exe
  2⤵
  PID:8888
- C:\Windows\System\jLEPWEy.exe
  C:\Windows\System\jLEPWEy.exe
  2⤵
  PID:8780
- C:\Windows\System\BRAdRtS.exe
  C:\Windows\System\BRAdRtS.exe
  2⤵
  PID:9196
- C:\Windows\System\jWvhZGx.exe
  C:\Windows\System\jWvhZGx.exe
  2⤵
  PID:8576
- C:\Windows\System\VDxOLWG.exe
  C:\Windows\System\VDxOLWG.exe
  2⤵
  PID:8816
- C:\Windows\System\ZZWjdkq.exe
  C:\Windows\System\ZZWjdkq.exe
  2⤵
  PID:9088
- C:\Windows\System\WUAPvjs.exe
  C:\Windows\System\WUAPvjs.exe
  2⤵
  PID:5948
- C:\Windows\System\ciqTxwC.exe
  C:\Windows\System\ciqTxwC.exe
  2⤵
  PID:8404
- C:\Windows\System\dmSLHXK.exe
  C:\Windows\System\dmSLHXK.exe
  2⤵
  PID:9232
- C:\Windows\System\UedfBwL.exe
  C:\Windows\System\UedfBwL.exe
  2⤵
  PID:9280
- C:\Windows\System\aRtmhoL.exe
  C:\Windows\System\aRtmhoL.exe
  2⤵
  PID:9316
- C:\Windows\System\HqbKOUF.exe
  C:\Windows\System\HqbKOUF.exe
  2⤵
  PID:9348
- C:\Windows\System\yurudxg.exe
  C:\Windows\System\yurudxg.exe
  2⤵
  PID:9436
- C:\Windows\System\CSOuUdZ.exe
  C:\Windows\System\CSOuUdZ.exe
  2⤵
  PID:9476
- C:\Windows\System\cmJNVxP.exe
  C:\Windows\System\cmJNVxP.exe
  2⤵
  PID:9492
- C:\Windows\System\mouONdd.exe
  C:\Windows\System\mouONdd.exe
  2⤵
  PID:9520
- C:\Windows\System\gAYPxZg.exe
  C:\Windows\System\gAYPxZg.exe
  2⤵
  PID:9544
- C:\Windows\System\fQvHVdX.exe
  C:\Windows\System\fQvHVdX.exe
  2⤵
  PID:9588
- C:\Windows\System\TdylsGG.exe
  C:\Windows\System\TdylsGG.exe
  2⤵
  PID:9608
- C:\Windows\System\ALpzugb.exe
  C:\Windows\System\ALpzugb.exe
  2⤵
  PID:9648
- C:\Windows\System\mDtQXqw.exe
  C:\Windows\System\mDtQXqw.exe
  2⤵
  PID:9688
- C:\Windows\System\SOgDrbi.exe
  C:\Windows\System\SOgDrbi.exe
  2⤵
  PID:9728
- C:\Windows\System\GDuUyer.exe
  C:\Windows\System\GDuUyer.exe
  2⤵
  PID:9764
- C:\Windows\System\KpoSeNE.exe
  C:\Windows\System\KpoSeNE.exe
  2⤵
  PID:9780
- C:\Windows\System\nZvUQte.exe
  C:\Windows\System\nZvUQte.exe
  2⤵
  PID:9820
- C:\Windows\System\IogzDSF.exe
  C:\Windows\System\IogzDSF.exe
  2⤵
  PID:9844
- C:\Windows\System\loYpEfN.exe
  C:\Windows\System\loYpEfN.exe
  2⤵
  PID:9924
- C:\Windows\System\gFeMBzI.exe
  C:\Windows\System\gFeMBzI.exe
  2⤵
  PID:9976
- C:\Windows\System\jfqKyCo.exe
  C:\Windows\System\jfqKyCo.exe
  2⤵
  PID:10012
- C:\Windows\System\vxDuUNo.exe
  C:\Windows\System\vxDuUNo.exe
  2⤵
  PID:10044
- C:\Windows\System\stpHQJP.exe
  C:\Windows\System\stpHQJP.exe
  2⤵
  PID:10072
- C:\Windows\System\wcaFdvW.exe
  C:\Windows\System\wcaFdvW.exe
  2⤵
  PID:10152
- C:\Windows\System\lHSDWLg.exe
  C:\Windows\System\lHSDWLg.exe
  2⤵
  PID:10168
- C:\Windows\System\IlDzkFm.exe
  C:\Windows\System\IlDzkFm.exe
  2⤵
  PID:10192
- C:\Windows\System\XwDkYdo.exe
  C:\Windows\System\XwDkYdo.exe
  2⤵
  PID:10212
- C:\Windows\System\oyaYPKP.exe
  C:\Windows\System\oyaYPKP.exe
  2⤵
  PID:9300
- C:\Windows\System\UlpcVjq.exe
  C:\Windows\System\UlpcVjq.exe
  2⤵
  PID:9328
- C:\Windows\System\vBHzHJi.exe
  C:\Windows\System\vBHzHJi.exe
  2⤵
  PID:9448
- C:\Windows\System\EBUiEXW.exe
  C:\Windows\System\EBUiEXW.exe
  2⤵
  PID:6372
- C:\Windows\System\ZZoMngQ.exe
  C:\Windows\System\ZZoMngQ.exe
  2⤵
  PID:6480
- C:\Windows\System\FPafbsG.exe
  C:\Windows\System\FPafbsG.exe
  2⤵
  PID:9468
- C:\Windows\System\mIEjyEi.exe
  C:\Windows\System\mIEjyEi.exe
  2⤵
  PID:6592
- C:\Windows\System\FEwJDXY.exe
  C:\Windows\System\FEwJDXY.exe
  2⤵
  PID:6688
- C:\Windows\System\ORexHqX.exe
  C:\Windows\System\ORexHqX.exe
  2⤵
  PID:9620
- C:\Windows\System\ATvNYIq.exe
  C:\Windows\System\ATvNYIq.exe
  2⤵
  PID:9708
- C:\Windows\System\FZWzqxg.exe
  C:\Windows\System\FZWzqxg.exe
  2⤵
  PID:4292
- C:\Windows\System\YTHilur.exe
  C:\Windows\System\YTHilur.exe
  2⤵
  PID:9804
- C:\Windows\System\PYTBZCN.exe
  C:\Windows\System\PYTBZCN.exe
  2⤵
  PID:9840
- C:\Windows\System\xDcfkdm.exe
  C:\Windows\System\xDcfkdm.exe
  2⤵
  PID:9460
- C:\Windows\System\SfPIkbC.exe
  C:\Windows\System\SfPIkbC.exe
  2⤵
  PID:9552
- C:\Windows\System\ywOmrIi.exe
  C:\Windows\System\ywOmrIi.exe
  2⤵
  PID:4296
- C:\Windows\System\MeBWUCU.exe
  C:\Windows\System\MeBWUCU.exe
  2⤵
  PID:6928
- C:\Windows\System\oiChXJu.exe
  C:\Windows\System\oiChXJu.exe
  2⤵
  PID:7112
- C:\Windows\System\SKEflCq.exe
  C:\Windows\System\SKEflCq.exe
  2⤵
  PID:5836
- C:\Windows\System\ZBjNcqg.exe
  C:\Windows\System\ZBjNcqg.exe
  2⤵
  PID:6496
- C:\Windows\System\wkLNMDo.exe
  C:\Windows\System\wkLNMDo.exe
  2⤵
  PID:1956
- C:\Windows\System\YjoJWAO.exe
  C:\Windows\System\YjoJWAO.exe
  2⤵
  PID:10008
- C:\Windows\System\ozgzZCb.exe
  C:\Windows\System\ozgzZCb.exe
  2⤵
  PID:10080
- C:\Windows\System\GMnwGeb.exe
  C:\Windows\System\GMnwGeb.exe
  2⤵
  PID:872
- C:\Windows\System\bKNouPo.exe
  C:\Windows\System\bKNouPo.exe
  2⤵
  PID:10188
- C:\Windows\System\aVqFJFf.exe
  C:\Windows\System\aVqFJFf.exe
  2⤵
  PID:9996
- C:\Windows\System\SfsQSfK.exe
  C:\Windows\System\SfsQSfK.exe
  2⤵
  PID:3952
- C:\Windows\System\uEXSOyE.exe
  C:\Windows\System\uEXSOyE.exe
  2⤵
  PID:3732
- C:\Windows\System\VDxibVR.exe
  C:\Windows\System\VDxibVR.exe
  2⤵
  PID:6728
- C:\Windows\System\ApRCFMW.exe
  C:\Windows\System\ApRCFMW.exe
  2⤵
  PID:9988
- C:\Windows\System\NgxmpUJ.exe
  C:\Windows\System\NgxmpUJ.exe
  2⤵
  PID:5172
- C:\Windows\System\PWmmfZR.exe
  C:\Windows\System\PWmmfZR.exe
  2⤵
  PID:348
- C:\Windows\System\jfOyUVA.exe
  C:\Windows\System\jfOyUVA.exe
  2⤵
  PID:5188
- C:\Windows\System\RqNuDft.exe
  C:\Windows\System\RqNuDft.exe
  2⤵
  PID:9256
- C:\Windows\System\mtvgDqX.exe
  C:\Windows\System\mtvgDqX.exe
  2⤵
  PID:6196
- C:\Windows\System\CUXVtyY.exe
  C:\Windows\System\CUXVtyY.exe
  2⤵
  PID:5360
- C:\Windows\System\AWyNNzM.exe
  C:\Windows\System\AWyNNzM.exe
  2⤵
  PID:9220
- C:\Windows\System\UuOyKnL.exe
  C:\Windows\System\UuOyKnL.exe
  2⤵
  PID:6456
- C:\Windows\System\JUrjzvU.exe
  C:\Windows\System\JUrjzvU.exe
  2⤵
  PID:9564
- C:\Windows\System\pRSCwxz.exe
  C:\Windows\System\pRSCwxz.exe
  2⤵
  PID:6720
- C:\Windows\System\EiNZhMR.exe
  C:\Windows\System\EiNZhMR.exe
  2⤵
  PID:3272
- C:\Windows\System\ZcnZgLA.exe
  C:\Windows\System\ZcnZgLA.exe
  2⤵
  PID:5680
- C:\Windows\System\VTdykey.exe
  C:\Windows\System\VTdykey.exe
  2⤵
  PID:9772
- C:\Windows\System\LiTmLqv.exe
  C:\Windows\System\LiTmLqv.exe
  2⤵
  PID:7708
- C:\Windows\System\ROjmMNy.exe
  C:\Windows\System\ROjmMNy.exe
  2⤵
  PID:5736
- C:\Windows\System\XhQKdtJ.exe
  C:\Windows\System\XhQKdtJ.exe
  2⤵
  PID:9920
- C:\Windows\System\jvQeBNg.exe
  C:\Windows\System\jvQeBNg.exe
  2⤵
  PID:6920
- C:\Windows\System\hsDFhwf.exe
  C:\Windows\System\hsDFhwf.exe
  2⤵
  PID:5052
- C:\Windows\System\SJNzSIK.exe
  C:\Windows\System\SJNzSIK.exe
  2⤵
  PID:5860
- C:\Windows\System\taxZlyi.exe
  C:\Windows\System\taxZlyi.exe
  2⤵
  PID:4576
- C:\Windows\System\ojRlZGZ.exe
  C:\Windows\System\ojRlZGZ.exe
  2⤵
  PID:3100
- C:\Windows\System\dVWxvAv.exe
  C:\Windows\System\dVWxvAv.exe
  2⤵
  PID:1748
- C:\Windows\System\CvAjAmU.exe
  C:\Windows\System\CvAjAmU.exe
  2⤵
  PID:9932
- C:\Windows\System\ytBvnND.exe
  C:\Windows\System\ytBvnND.exe
  2⤵
  PID:4688
- C:\Windows\System\QWCtOKe.exe
  C:\Windows\System\QWCtOKe.exe
  2⤵
  PID:6452
- C:\Windows\System\FMTYatp.exe
  C:\Windows\System\FMTYatp.exe
  2⤵
  PID:6056
- C:\Windows\System\WenoAYS.exe
  C:\Windows\System\WenoAYS.exe
  2⤵
  PID:4472
- C:\Windows\System\ZtIbIVU.exe
  C:\Windows\System\ZtIbIVU.exe
  2⤵
  PID:6128
- C:\Windows\System\IQXxVYc.exe
  C:\Windows\System\IQXxVYc.exe
  2⤵
  PID:6140
- C:\Windows\System\eegGTcC.exe
  C:\Windows\System\eegGTcC.exe
  2⤵
  PID:9432
- C:\Windows\System\EWKjrTQ.exe
  C:\Windows\System\EWKjrTQ.exe
  2⤵
  PID:9540
- C:\Windows\System\FQtLZvf.exe
  C:\Windows\System\FQtLZvf.exe
  2⤵
  PID:5180
- C:\Windows\System\rdqwCNo.exe
  C:\Windows\System\rdqwCNo.exe
  2⤵
  PID:9684
- C:\Windows\System\oWZtqwx.exe
  C:\Windows\System\oWZtqwx.exe
  2⤵
  PID:5272
- C:\Windows\System\qjTIruq.exe
  C:\Windows\System\qjTIruq.exe
  2⤵
  PID:9576
- C:\Windows\System\YdcUiqe.exe
  C:\Windows\System\YdcUiqe.exe
  2⤵
  PID:6940
- C:\Windows\System\wwKUPWl.exe
  C:\Windows\System\wwKUPWl.exe
  2⤵
  PID:6252
- C:\Windows\System\QGsINdY.exe
  C:\Windows\System\QGsINdY.exe
  2⤵
  PID:5876
- C:\Windows\System\IKEtXdz.exe
  C:\Windows\System\IKEtXdz.exe
  2⤵
  PID:9024
- C:\Windows\System\aQMVWZf.exe
  C:\Windows\System\aQMVWZf.exe
  2⤵
  PID:6376
- C:\Windows\System\mrmnUeo.exe
  C:\Windows\System\mrmnUeo.exe
  2⤵
  PID:5308
- C:\Windows\System\ybLnoJL.exe
  C:\Windows\System\ybLnoJL.exe
  2⤵
  PID:5012
- C:\Windows\System\vwZMkVt.exe
  C:\Windows\System\vwZMkVt.exe
  2⤵
  PID:3988
- C:\Windows\System\kQJuFuV.exe
  C:\Windows\System\kQJuFuV.exe
  2⤵
  PID:4324
- C:\Windows\System\GKcSGrR.exe
  C:\Windows\System\GKcSGrR.exe
  2⤵
  PID:5972
- C:\Windows\System\WXQqmJQ.exe
  C:\Windows\System\WXQqmJQ.exe
  2⤵
  PID:3636
- C:\Windows\System\JJjCraJ.exe
  C:\Windows\System\JJjCraJ.exe
  2⤵
  PID:6072
- C:\Windows\System\dbBmRoW.exe
  C:\Windows\System\dbBmRoW.exe
  2⤵
  PID:1404
- C:\Windows\System\viCkmSe.exe
  C:\Windows\System\viCkmSe.exe
  2⤵
  PID:5488
- C:\Windows\System\kgHNZth.exe
  C:\Windows\System\kgHNZth.exe
  2⤵
  PID:5240
- C:\Windows\System\NtEBwre.exe
  C:\Windows\System\NtEBwre.exe
  2⤵
  PID:5460
- C:\Windows\System\umaWCtl.exe
  C:\Windows\System\umaWCtl.exe
  2⤵
  PID:5524
- C:\Windows\System\kVidlAU.exe
  C:\Windows\System\kVidlAU.exe
  2⤵
  PID:6284
- C:\Windows\System\UNpAanS.exe
  C:\Windows\System\UNpAanS.exe
  2⤵
  PID:6008
- C:\Windows\System\semqrul.exe
  C:\Windows\System\semqrul.exe
  2⤵
  PID:9880
- C:\Windows\System\drOPctz.exe
  C:\Windows\System\drOPctz.exe
  2⤵
  PID:6020
- C:\Windows\System\LqHYpUd.exe
  C:\Windows\System\LqHYpUd.exe
  2⤵
  PID:8116
- C:\Windows\System\nwMIOpj.exe
  C:\Windows\System\nwMIOpj.exe
  2⤵
  PID:8812
- C:\Windows\System\VNgxmLg.exe
  C:\Windows\System\VNgxmLg.exe
  2⤵
  PID:6208
- C:\Windows\System\OHeYlcv.exe
  C:\Windows\System\OHeYlcv.exe
  2⤵
  PID:9488
- C:\Windows\System\mKnJOXJ.exe
  C:\Windows\System\mKnJOXJ.exe
  2⤵
  PID:6264
- C:\Windows\System\TRUccGH.exe
  C:\Windows\System\TRUccGH.exe
  2⤵
  PID:8856
- C:\Windows\System\iBLVLye.exe
  C:\Windows\System\iBLVLye.exe
  2⤵
  PID:8848
- C:\Windows\System\tNmfKMw.exe
  C:\Windows\System\tNmfKMw.exe
  2⤵
  PID:2732
- C:\Windows\System\VImQBRa.exe
  C:\Windows\System\VImQBRa.exe
  2⤵
  PID:7664
- C:\Windows\System\whkruiD.exe
  C:\Windows\System\whkruiD.exe
  2⤵
  PID:4592
- C:\Windows\System\QSTtTqc.exe
  C:\Windows\System\QSTtTqc.exe
  2⤵
  PID:4852
- C:\Windows\System\QrQitgx.exe
  C:\Windows\System\QrQitgx.exe
  2⤵
  PID:10268
- C:\Windows\System\HrryNyJ.exe
  C:\Windows\System\HrryNyJ.exe
  2⤵
  PID:10288
- C:\Windows\System\mQAkLAJ.exe
  C:\Windows\System\mQAkLAJ.exe
  2⤵
  PID:10320
- C:\Windows\System\aleqtrM.exe
  C:\Windows\System\aleqtrM.exe
  2⤵
  PID:10356
- C:\Windows\System\fvgTdOD.exe
  C:\Windows\System\fvgTdOD.exe
  2⤵
  PID:10372
- C:\Windows\System\BhATWAz.exe
  C:\Windows\System\BhATWAz.exe
  2⤵
  PID:10400
- C:\Windows\System\IDDbAcp.exe
  C:\Windows\System\IDDbAcp.exe
  2⤵
  PID:10428
- C:\Windows\System\ZDKKAbh.exe
  C:\Windows\System\ZDKKAbh.exe
  2⤵
  PID:10456
- C:\Windows\System\bcrIsBG.exe
  C:\Windows\System\bcrIsBG.exe
  2⤵
  PID:10492
- C:\Windows\System\pNTHnKK.exe
  C:\Windows\System\pNTHnKK.exe
  2⤵
  PID:10520
- C:\Windows\System\IenpLyM.exe
  C:\Windows\System\IenpLyM.exe
  2⤵
  PID:10548
- C:\Windows\System\IKVihRy.exe
  C:\Windows\System\IKVihRy.exe
  2⤵
  PID:10580
- C:\Windows\System\PbOXwbD.exe
  C:\Windows\System\PbOXwbD.exe
  2⤵
  PID:10596
- C:\Windows\System\lpxItpg.exe
  C:\Windows\System\lpxItpg.exe
  2⤵
  PID:10624
- C:\Windows\System\jdgkXTO.exe
  C:\Windows\System\jdgkXTO.exe
  2⤵
  PID:10652
- C:\Windows\System\ltGwBTk.exe
  C:\Windows\System\ltGwBTk.exe
  2⤵
  PID:10680
- C:\Windows\System\jTmxEAG.exe
  C:\Windows\System\jTmxEAG.exe
  2⤵
  PID:10708
- C:\Windows\System\CEAMyAx.exe
  C:\Windows\System\CEAMyAx.exe
  2⤵
  PID:10740
- C:\Windows\System\ybgQeoA.exe
  C:\Windows\System\ybgQeoA.exe
  2⤵
  PID:10768
- C:\Windows\System\JPjqUAy.exe
  C:\Windows\System\JPjqUAy.exe
  2⤵
  PID:10796
- C:\Windows\System\lJmwQrV.exe
  C:\Windows\System\lJmwQrV.exe
  2⤵
  PID:10828
- C:\Windows\System\vWROWmQ.exe
  C:\Windows\System\vWROWmQ.exe
  2⤵
  PID:10852
- C:\Windows\System\vgxisFv.exe
  C:\Windows\System\vgxisFv.exe
  2⤵
  PID:10880
- C:\Windows\System\hzPWbTk.exe
  C:\Windows\System\hzPWbTk.exe
  2⤵
  PID:10908
- C:\Windows\System\nyOkawX.exe
  C:\Windows\System\nyOkawX.exe
  2⤵
  PID:10936
- C:\Windows\System\TPgIhlj.exe
  C:\Windows\System\TPgIhlj.exe
  2⤵
  PID:10964
- C:\Windows\System\hwMPUtu.exe
  C:\Windows\System\hwMPUtu.exe
  2⤵
  PID:10992
- C:\Windows\System\LzGtNcw.exe
  C:\Windows\System\LzGtNcw.exe
  2⤵
  PID:11020
- C:\Windows\System\nTPxYer.exe
  C:\Windows\System\nTPxYer.exe
  2⤵
  PID:11048
- C:\Windows\System\hQFkMOY.exe
  C:\Windows\System\hQFkMOY.exe
  2⤵
  PID:11076
- C:\Windows\System\xHzJmDo.exe
  C:\Windows\System\xHzJmDo.exe
  2⤵
  PID:11112
- C:\Windows\System\WWzZRlV.exe
  C:\Windows\System\WWzZRlV.exe
  2⤵
  PID:11132
- C:\Windows\System\CkUDUSb.exe
  C:\Windows\System\CkUDUSb.exe
  2⤵
  PID:11172
- C:\Windows\System\SIjbCWl.exe
  C:\Windows\System\SIjbCWl.exe
  2⤵
  PID:11220
- C:\Windows\System\JcGRYmW.exe
  C:\Windows\System\JcGRYmW.exe
  2⤵
  PID:11240
- C:\Windows\System\CagOozk.exe
  C:\Windows\System\CagOozk.exe
  2⤵
  PID:10280
- C:\Windows\System\fZtIxpX.exe
  C:\Windows\System\fZtIxpX.exe
  2⤵
  PID:10328
- C:\Windows\System\eNvDwAk.exe
  C:\Windows\System\eNvDwAk.exe
  2⤵
  PID:10368
- C:\Windows\System\uJmxrIM.exe
  C:\Windows\System\uJmxrIM.exe
  2⤵
  PID:10412
- C:\Windows\System\dnPpYyz.exe
  C:\Windows\System\dnPpYyz.exe
  2⤵
  PID:6700
- C:\Windows\System\wADfgQq.exe
  C:\Windows\System\wADfgQq.exe
  2⤵
  PID:10536
- C:\Windows\System\olFewQB.exe
  C:\Windows\System\olFewQB.exe
  2⤵
  PID:10592
- C:\Windows\System\hPPDzSY.exe
  C:\Windows\System\hPPDzSY.exe
  2⤵
  PID:10648
- C:\Windows\System\JBXoWmM.exe
  C:\Windows\System\JBXoWmM.exe
  2⤵
  PID:10720
- C:\Windows\System\mrIAhuS.exe
  C:\Windows\System\mrIAhuS.exe
  2⤵
  PID:10788
- C:\Windows\System\TchodjJ.exe
  C:\Windows\System\TchodjJ.exe
  2⤵
  PID:10836
- C:\Windows\System\OHcZkqh.exe
  C:\Windows\System\OHcZkqh.exe
  2⤵
  PID:10900
- C:\Windows\System\XJcRvQQ.exe
  C:\Windows\System\XJcRvQQ.exe
  2⤵
  PID:10960
- C:\Windows\System\bxjSlQO.exe
  C:\Windows\System\bxjSlQO.exe
  2⤵
  PID:11032
- C:\Windows\System\jczVsVl.exe
  C:\Windows\System\jczVsVl.exe
  2⤵
  PID:11096
- C:\Windows\System\NtULbSw.exe
  C:\Windows\System\NtULbSw.exe
  2⤵
  PID:6276
- C:\Windows\System\vIZdgTn.exe
  C:\Windows\System\vIZdgTn.exe
  2⤵
  PID:11236
- C:\Windows\System\PnJHgZV.exe
  C:\Windows\System\PnJHgZV.exe
  2⤵
  PID:10308
- C:\Windows\System\yDiFOqh.exe
  C:\Windows\System\yDiFOqh.exe
  2⤵
  PID:10396
- C:\Windows\System\SzwYzlI.exe
  C:\Windows\System\SzwYzlI.exe
  2⤵
  PID:10576
- C:\Windows\System\BEVfeql.exe
  C:\Windows\System\BEVfeql.exe
  2⤵
  PID:3180
- C:\Windows\System\hXenKLY.exe
  C:\Windows\System\hXenKLY.exe
  2⤵
  PID:10764
- C:\Windows\System\WCMzSyZ.exe
  C:\Windows\System\WCMzSyZ.exe
  2⤵
  PID:10892
- C:\Windows\System\BCkMJdn.exe
  C:\Windows\System\BCkMJdn.exe
  2⤵
  PID:11064
- C:\Windows\System\KhBRxXh.exe
  C:\Windows\System\KhBRxXh.exe
  2⤵
  PID:11204
- C:\Windows\System\LeAOOeF.exe
  C:\Windows\System\LeAOOeF.exe
  2⤵
  PID:10392
- C:\Windows\System\VCryjeJ.exe
  C:\Windows\System\VCryjeJ.exe
  2⤵
  PID:6848
- C:\Windows\System\wHqPGUX.exe
  C:\Windows\System\wHqPGUX.exe
  2⤵
  PID:11124
- C:\Windows\System\bciJBSL.exe
  C:\Windows\System\bciJBSL.exe
  2⤵
  PID:10340
- C:\Windows\System\mDMRkKg.exe
  C:\Windows\System\mDMRkKg.exe
  2⤵
  PID:10956
- C:\Windows\System\mIRZCGC.exe
  C:\Windows\System\mIRZCGC.exe
  2⤵
  PID:10876
- C:\Windows\System\cwDGwER.exe
  C:\Windows\System\cwDGwER.exe
  2⤵
  PID:6984
- C:\Windows\System\beSeHPb.exe
  C:\Windows\System\beSeHPb.exe
  2⤵
  PID:11292
- C:\Windows\System\vlENWvX.exe
  C:\Windows\System\vlENWvX.exe
  2⤵
  PID:11320
- C:\Windows\System\FwuLWkI.exe
  C:\Windows\System\FwuLWkI.exe
  2⤵
  PID:11348
- C:\Windows\System\lIEeZWl.exe
  C:\Windows\System\lIEeZWl.exe
  2⤵
  PID:11376
- C:\Windows\System\QJwctgh.exe
  C:\Windows\System\QJwctgh.exe
  2⤵
  PID:11404
- C:\Windows\System\oHzitwi.exe
  C:\Windows\System\oHzitwi.exe
  2⤵
  PID:11432
- C:\Windows\System\NIyWBUy.exe
  C:\Windows\System\NIyWBUy.exe
  2⤵
  PID:11460
- C:\Windows\System\ynxlnFB.exe
  C:\Windows\System\ynxlnFB.exe
  2⤵
  PID:11492
- C:\Windows\System\zBfRetX.exe
  C:\Windows\System\zBfRetX.exe
  2⤵
  PID:11516
- C:\Windows\System\kWuZCMd.exe
  C:\Windows\System\kWuZCMd.exe
  2⤵
  PID:11544
- C:\Windows\System\ziuijlG.exe
  C:\Windows\System\ziuijlG.exe
  2⤵
  PID:11572
- C:\Windows\System\YliTPHk.exe
  C:\Windows\System\YliTPHk.exe
  2⤵
  PID:11600
- C:\Windows\System\uVeLotj.exe
  C:\Windows\System\uVeLotj.exe
  2⤵
  PID:11628
- C:\Windows\System\TnHVgyE.exe
  C:\Windows\System\TnHVgyE.exe
  2⤵
  PID:11656
- C:\Windows\System\CGmdXTN.exe
  C:\Windows\System\CGmdXTN.exe
  2⤵
  PID:11684
- C:\Windows\System\DVNRJzM.exe
  C:\Windows\System\DVNRJzM.exe
  2⤵
  PID:11712
- C:\Windows\System\IVWuxSW.exe
  C:\Windows\System\IVWuxSW.exe
  2⤵
  PID:11748
- C:\Windows\System\aJknVoy.exe
  C:\Windows\System\aJknVoy.exe
  2⤵
  PID:11768
- C:\Windows\System\ZBwSwjl.exe
  C:\Windows\System\ZBwSwjl.exe
  2⤵
  PID:11796
- C:\Windows\System\JVYnPFM.exe
  C:\Windows\System\JVYnPFM.exe
  2⤵
  PID:11824
- C:\Windows\System\htNdwcS.exe
  C:\Windows\System\htNdwcS.exe
  2⤵
  PID:11852
- C:\Windows\System\kasIKUM.exe
  C:\Windows\System\kasIKUM.exe
  2⤵
  PID:11880
- C:\Windows\System\KbcCMRO.exe
  C:\Windows\System\KbcCMRO.exe
  2⤵
  PID:11908
- C:\Windows\System\VBjetaC.exe
  C:\Windows\System\VBjetaC.exe
  2⤵
  PID:11936
- C:\Windows\System\xrmyxWi.exe
  C:\Windows\System\xrmyxWi.exe
  2⤵
  PID:11964
- C:\Windows\System\xCHVuYH.exe
  C:\Windows\System\xCHVuYH.exe
  2⤵
  PID:11996
- C:\Windows\System\idsAwIb.exe
  C:\Windows\System\idsAwIb.exe
  2⤵
  PID:12024
- C:\Windows\System\QiVFjbJ.exe
  C:\Windows\System\QiVFjbJ.exe
  2⤵
  PID:12052
- C:\Windows\System\rlhpqal.exe
  C:\Windows\System\rlhpqal.exe
  2⤵
  PID:12080
- C:\Windows\System\IeAGAWP.exe
  C:\Windows\System\IeAGAWP.exe
  2⤵
  PID:12108
- C:\Windows\System\FsCIAJp.exe
  C:\Windows\System\FsCIAJp.exe
  2⤵
  PID:12136
- C:\Windows\System\QfefOJF.exe
  C:\Windows\System\QfefOJF.exe
  2⤵
  PID:12172
- C:\Windows\System\DQUGCCY.exe
  C:\Windows\System\DQUGCCY.exe
  2⤵
  PID:12192
- C:\Windows\System\eKptSUQ.exe
  C:\Windows\System\eKptSUQ.exe
  2⤵
  PID:12224
- C:\Windows\System\FCRXZQW.exe
  C:\Windows\System\FCRXZQW.exe
  2⤵
  PID:12248
- C:\Windows\System\qddHbnT.exe
  C:\Windows\System\qddHbnT.exe
  2⤵
  PID:12276
- C:\Windows\System\BriMPTe.exe
  C:\Windows\System\BriMPTe.exe
  2⤵
  PID:7116
- C:\Windows\System\vytTkDR.exe
  C:\Windows\System\vytTkDR.exe
  2⤵
  PID:11340
- C:\Windows\System\IoHQmUh.exe
  C:\Windows\System\IoHQmUh.exe
  2⤵
  PID:11400
- C:\Windows\System\eEoSiqp.exe
  C:\Windows\System\eEoSiqp.exe
  2⤵
  PID:11452
- C:\Windows\System\NEPlavg.exe
  C:\Windows\System\NEPlavg.exe
  2⤵
  PID:11508
- C:\Windows\System\UQOvxOx.exe
  C:\Windows\System\UQOvxOx.exe
  2⤵
  PID:11556
- C:\Windows\System\eQsoqYW.exe
  C:\Windows\System\eQsoqYW.exe
  2⤵
  PID:4020
- C:\Windows\System\CwFTgov.exe
  C:\Windows\System\CwFTgov.exe
  2⤵
  PID:11668
- C:\Windows\System\CNfndXr.exe
  C:\Windows\System\CNfndXr.exe
  2⤵
  PID:11736
- C:\Windows\System\kegemFe.exe
  C:\Windows\System\kegemFe.exe
  2⤵
  PID:11780
- C:\Windows\System\opdDqUX.exe
  C:\Windows\System\opdDqUX.exe
  2⤵
  PID:232
- C:\Windows\System\neWtXon.exe
  C:\Windows\System\neWtXon.exe
  2⤵
  PID:11872
- C:\Windows\System\cMVFZnF.exe
  C:\Windows\System\cMVFZnF.exe
  2⤵
  PID:11948
- C:\Windows\System\mkTBRjG.exe
  C:\Windows\System\mkTBRjG.exe
  2⤵
  PID:12016
- C:\Windows\System\EPNugea.exe
  C:\Windows\System\EPNugea.exe
  2⤵
  PID:12076
- C:\Windows\System\GQNAppL.exe
  C:\Windows\System\GQNAppL.exe
  2⤵
  PID:12148
- C:\Windows\System\NEgcNjB.exe
  C:\Windows\System\NEgcNjB.exe
  2⤵
  PID:12232
- C:\Windows\System\kGCdcsM.exe
  C:\Windows\System\kGCdcsM.exe
  2⤵
  PID:12272
- C:\Windows\System\sqXkAXQ.exe
  C:\Windows\System\sqXkAXQ.exe
  2⤵
  PID:11368
- C:\Windows\System\vRNxlPf.exe
  C:\Windows\System\vRNxlPf.exe
  2⤵
  PID:11480
- C:\Windows\System\aAbcjNa.exe
  C:\Windows\System\aAbcjNa.exe
  2⤵
  PID:11596
- C:\Windows\System\efZGSXb.exe
  C:\Windows\System\efZGSXb.exe
  2⤵
  PID:11732
- C:\Windows\System\IeoINga.exe
  C:\Windows\System\IeoINga.exe
  2⤵
  PID:11808
- C:\Windows\System\PQsewKF.exe
  C:\Windows\System\PQsewKF.exe
  2⤵
  PID:7376
- C:\Windows\System\yALwudX.exe
  C:\Windows\System\yALwudX.exe
  2⤵
  PID:7360
- C:\Windows\System\TusEEBI.exe
  C:\Windows\System\TusEEBI.exe
  2⤵
  PID:12008
- C:\Windows\System\tnJKmIg.exe
  C:\Windows\System\tnJKmIg.exe
  2⤵
  PID:12180
- C:\Windows\System\ANAAMCy.exe
  C:\Windows\System\ANAAMCy.exe
  2⤵
  PID:11428
- C:\Windows\System\ERfuyUP.exe
  C:\Windows\System\ERfuyUP.exe
  2⤵
  PID:7576
- C:\Windows\System\FXuhbjg.exe
  C:\Windows\System\FXuhbjg.exe
  2⤵
  PID:7616
- C:\Windows\System\fSgnMKr.exe
  C:\Windows\System\fSgnMKr.exe
  2⤵
  PID:7632
- C:\Windows\System\ucBWEiv.exe
  C:\Windows\System\ucBWEiv.exe
  2⤵
  PID:11696
- C:\Windows\System\srdbmza.exe
  C:\Windows\System\srdbmza.exe
  2⤵
  PID:3996
- C:\Windows\System\gcHUYvw.exe
  C:\Windows\System\gcHUYvw.exe
  2⤵
  PID:11992
- C:\Windows\System\oDcXntn.exe
  C:\Windows\System\oDcXntn.exe
  2⤵
  PID:4928
- C:\Windows\System\NwtDGCC.exe
  C:\Windows\System\NwtDGCC.exe
  2⤵
  PID:7648
- C:\Windows\System\kXOkNXX.exe
  C:\Windows\System\kXOkNXX.exe
  2⤵
  PID:11932
- C:\Windows\System\PyMRTrb.exe
  C:\Windows\System\PyMRTrb.exe
  2⤵
  PID:6996
- C:\Windows\System\QFnryKh.exe
  C:\Windows\System\QFnryKh.exe
  2⤵
  PID:12268
- C:\Windows\System\QTryobf.exe
  C:\Windows\System\QTryobf.exe
  2⤵
  PID:12292
- C:\Windows\System\MtXcaRd.exe
  C:\Windows\System\MtXcaRd.exe
  2⤵
  PID:12320
- C:\Windows\System\XBkNOdo.exe
  C:\Windows\System\XBkNOdo.exe
  2⤵
  PID:12348
- C:\Windows\System\zxeAfmo.exe
  C:\Windows\System\zxeAfmo.exe
  2⤵
  PID:12376
- C:\Windows\System\lZMnTsV.exe
  C:\Windows\System\lZMnTsV.exe
  2⤵
  PID:12404
- C:\Windows\System\lDatfuA.exe
  C:\Windows\System\lDatfuA.exe
  2⤵
  PID:12440
- C:\Windows\System\cLpHAXI.exe
  C:\Windows\System\cLpHAXI.exe
  2⤵
  PID:12460
- C:\Windows\System\KKzHeRw.exe
  C:\Windows\System\KKzHeRw.exe
  2⤵
  PID:12488
- C:\Windows\System\RyzBAhD.exe
  C:\Windows\System\RyzBAhD.exe
  2⤵
  PID:12516
- C:\Windows\System\uXxKMVB.exe
  C:\Windows\System\uXxKMVB.exe
  2⤵
  PID:12544
- C:\Windows\System\McSEeda.exe
  C:\Windows\System\McSEeda.exe
  2⤵
  PID:12576
- C:\Windows\System\mLDNWYe.exe
  C:\Windows\System\mLDNWYe.exe
  2⤵
  PID:12600
- C:\Windows\System\joXGpdC.exe
  C:\Windows\System\joXGpdC.exe
  2⤵
  PID:12628
- C:\Windows\System\eleTGhO.exe
  C:\Windows\System\eleTGhO.exe
  2⤵
  PID:12656
- C:\Windows\System\RdYSCYn.exe
  C:\Windows\System\RdYSCYn.exe
  2⤵
  PID:12684
- C:\Windows\System\XZHjBzr.exe
  C:\Windows\System\XZHjBzr.exe
  2⤵
  PID:12712
- C:\Windows\System\PkrwBMQ.exe
  C:\Windows\System\PkrwBMQ.exe
  2⤵
  PID:12740
- C:\Windows\System\YpGSTaB.exe
  C:\Windows\System\YpGSTaB.exe
  2⤵
  PID:12768
- C:\Windows\System\hicRkvV.exe
  C:\Windows\System\hicRkvV.exe
  2⤵
  PID:12796
- C:\Windows\System\SdTSiaU.exe
  C:\Windows\System\SdTSiaU.exe
  2⤵
  PID:12824
- C:\Windows\System\UOhegzU.exe
  C:\Windows\System\UOhegzU.exe
  2⤵
  PID:12852
- C:\Windows\System\PdRyCJK.exe
  C:\Windows\System\PdRyCJK.exe
  2⤵
  PID:12880
- C:\Windows\System\adCkCFY.exe
  C:\Windows\System\adCkCFY.exe
  2⤵
  PID:12908
- C:\Windows\System\HBgOfzX.exe
  C:\Windows\System\HBgOfzX.exe
  2⤵
  PID:12944
- C:\Windows\System\ghsUIXM.exe
  C:\Windows\System\ghsUIXM.exe
  2⤵
  PID:12968
- C:\Windows\System\hkQhNyo.exe
  C:\Windows\System\hkQhNyo.exe
  2⤵
  PID:13008
- C:\Windows\System\JnvntDX.exe
  C:\Windows\System\JnvntDX.exe
  2⤵
  PID:13024
- C:\Windows\System\cfMYjWq.exe
  C:\Windows\System\cfMYjWq.exe
  2⤵
  PID:13072
- C:\Windows\System\TqoTtUa.exe
  C:\Windows\System\TqoTtUa.exe
  2⤵
  PID:13100
- C:\Windows\System\ItvyHhT.exe
  C:\Windows\System\ItvyHhT.exe
  2⤵
  PID:13128
- C:\Windows\System\iOZrHdF.exe
  C:\Windows\System\iOZrHdF.exe
  2⤵
  PID:13160
- C:\Windows\System\czrcjRJ.exe
  C:\Windows\System\czrcjRJ.exe
  2⤵
  PID:13188
- C:\Windows\System\WbjaCfo.exe
  C:\Windows\System\WbjaCfo.exe
  2⤵
  PID:13216
- C:\Windows\System\CyLOCoq.exe
  C:\Windows\System\CyLOCoq.exe
  2⤵
  PID:13244
- C:\Windows\System\vOROUmT.exe
  C:\Windows\System\vOROUmT.exe
  2⤵
  PID:13272
- C:\Windows\System\pOanQiJ.exe
  C:\Windows\System\pOanQiJ.exe
  2⤵
  PID:13300
- C:\Windows\System\SwycbBG.exe
  C:\Windows\System\SwycbBG.exe
  2⤵
  PID:12332
- C:\Windows\System\hasXURg.exe
  C:\Windows\System\hasXURg.exe
  2⤵
  PID:12396
- C:\Windows\System\PmjsYsY.exe
  C:\Windows\System\PmjsYsY.exe
  2⤵
  PID:12472
- C:\Windows\System\hykyjRa.exe
  C:\Windows\System\hykyjRa.exe
  2⤵
  PID:12528
- C:\Windows\System\ogrvEqp.exe
  C:\Windows\System\ogrvEqp.exe
  2⤵
  PID:12592
- C:\Windows\System\rBphTyW.exe
  C:\Windows\System\rBphTyW.exe
  2⤵
  PID:12676
- C:\Windows\System\KjqmDkW.exe
  C:\Windows\System\KjqmDkW.exe
  2⤵
  PID:12724
- C:\Windows\System\naQWWLc.exe
  C:\Windows\System\naQWWLc.exe
  2⤵
  PID:12780
- C:\Windows\System\DwRQZPD.exe
  C:\Windows\System\DwRQZPD.exe
  2⤵
  PID:12844
- C:\Windows\System\tuiOnwV.exe
  C:\Windows\System\tuiOnwV.exe
  2⤵
  PID:12904
- C:\Windows\System\GlIJISd.exe
  C:\Windows\System\GlIJISd.exe
  2⤵
  PID:13020
- C:\Windows\System\aCmpVzR.exe
  C:\Windows\System\aCmpVzR.exe
  2⤵
  PID:13084
- C:\Windows\System\xHqmrpt.exe
  C:\Windows\System\xHqmrpt.exe
  2⤵
  PID:13144
- C:\Windows\System\mMCbOKn.exe
  C:\Windows\System\mMCbOKn.exe
  2⤵
  PID:13184
- C:\Windows\System\sAwmNcT.exe
  C:\Windows\System\sAwmNcT.exe
  2⤵
  PID:13256
- C:\Windows\System\aOXlJsW.exe
  C:\Windows\System\aOXlJsW.exe
  2⤵
  PID:12316
- C:\Windows\System\UHjBvvu.exe
  C:\Windows\System\UHjBvvu.exe
  2⤵
  PID:12452
- C:\Windows\System\Iszeauu.exe
  C:\Windows\System\Iszeauu.exe
  2⤵
  PID:12584
- C:\Windows\System\bhPjnOx.exe
  C:\Windows\System\bhPjnOx.exe
  2⤵
  PID:2580
- C:\Windows\System\hSvaSch.exe
  C:\Windows\System\hSvaSch.exe
  2⤵
  PID:12872
- C:\Windows\System\eDuJXGv.exe
  C:\Windows\System\eDuJXGv.exe
  2⤵
  PID:13016
- C:\Windows\System\AGTQyai.exe
  C:\Windows\System\AGTQyai.exe
  2⤵
  PID:13044
- C:\Windows\System\YEwmTzJ.exe
  C:\Windows\System\YEwmTzJ.exe
  2⤵
  PID:11848
- C:\Windows\System\XbzJkJD.exe
  C:\Windows\System\XbzJkJD.exe
  2⤵
  PID:12648
- C:\Windows\System\lKoitSb.exe
  C:\Windows\System\lKoitSb.exe
  2⤵
  PID:12992
- C:\Windows\System\MsoaptM.exe
  C:\Windows\System\MsoaptM.exe
  2⤵
  PID:12920
- C:\Windows\System\eSUCneF.exe
  C:\Windows\System\eSUCneF.exe
  2⤵
  PID:12936
- C:\Windows\System\zTFRaYr.exe
  C:\Windows\System\zTFRaYr.exe
  2⤵
  PID:2816
- C:\Windows\System\zEgQqwJ.exe
  C:\Windows\System\zEgQqwJ.exe
  2⤵
  PID:12448
- C:\Windows\System\KvDCnAk.exe
  C:\Windows\System\KvDCnAk.exe
  2⤵
  PID:12836
- C:\Windows\System\zDJgYgS.exe
  C:\Windows\System\zDJgYgS.exe
  2⤵
  PID:1320
- C:\Windows\System\ZUTYhzc.exe
  C:\Windows\System\ZUTYhzc.exe
  2⤵
  PID:8140
- C:\Windows\System\pcFHLQC.exe
  C:\Windows\System\pcFHLQC.exe
  2⤵
  PID:13332
- C:\Windows\System\qftoXZY.exe
  C:\Windows\System\qftoXZY.exe
  2⤵
  PID:13360
- C:\Windows\System\HRkJTqK.exe
  C:\Windows\System\HRkJTqK.exe
  2⤵
  PID:13388
- C:\Windows\System\LumnuLV.exe
  C:\Windows\System\LumnuLV.exe
  2⤵
  PID:13416
- C:\Windows\System\hZrSCzn.exe
  C:\Windows\System\hZrSCzn.exe
  2⤵
  PID:13444
- C:\Windows\System\QKIZssb.exe
  C:\Windows\System\QKIZssb.exe
  2⤵
  PID:13472
- C:\Windows\System\IoZsMyf.exe
  C:\Windows\System\IoZsMyf.exe
  2⤵
  PID:13500
- C:\Windows\System\QkjWkVl.exe
  C:\Windows\System\QkjWkVl.exe
  2⤵
  PID:13528
- C:\Windows\System\FHSsUCm.exe
  C:\Windows\System\FHSsUCm.exe
  2⤵
  PID:13556
- C:\Windows\System\enyHlEA.exe
  C:\Windows\System\enyHlEA.exe
  2⤵
  PID:13584
- C:\Windows\System\WBMdKnL.exe
  C:\Windows\System\WBMdKnL.exe
  2⤵
  PID:13612
- C:\Windows\System\aUzyEeR.exe
  C:\Windows\System\aUzyEeR.exe
  2⤵
  PID:13640
- C:\Windows\System\dlKrIVd.exe
  C:\Windows\System\dlKrIVd.exe
  2⤵
  PID:13668
- C:\Windows\System\PNsoiRp.exe
  C:\Windows\System\PNsoiRp.exe
  2⤵
  PID:13704
- C:\Windows\System\ItUHudY.exe
  C:\Windows\System\ItUHudY.exe
  2⤵
  PID:13724
- C:\Windows\System\HquNCGo.exe
  C:\Windows\System\HquNCGo.exe
  2⤵
  PID:13752
- C:\Windows\System\wmlgooS.exe
  C:\Windows\System\wmlgooS.exe
  2⤵
  PID:13780
- C:\Windows\System\ihWGKJF.exe
  C:\Windows\System\ihWGKJF.exe
  2⤵
  PID:13808
- C:\Windows\System\LkBMaBF.exe
  C:\Windows\System\LkBMaBF.exe
  2⤵
  PID:13836
- C:\Windows\System\RrKFGkR.exe
  C:\Windows\System\RrKFGkR.exe
  2⤵
  PID:13864
- C:\Windows\System\COXpyfX.exe
  C:\Windows\System\COXpyfX.exe
  2⤵
  PID:13892
- C:\Windows\System\uFgTLDn.exe
  C:\Windows\System\uFgTLDn.exe
  2⤵
  PID:13920
- C:\Windows\System\GiRajsy.exe
  C:\Windows\System\GiRajsy.exe
  2⤵
  PID:13948
- C:\Windows\System\yTThQHT.exe
  C:\Windows\System\yTThQHT.exe
  2⤵
  PID:13980
- C:\Windows\System\OIllWaH.exe
  C:\Windows\System\OIllWaH.exe
  2⤵
  PID:14008
- C:\Windows\System\qMoiOrs.exe
  C:\Windows\System\qMoiOrs.exe
  2⤵
  PID:14036
- C:\Windows\System\SoiyNuh.exe
  C:\Windows\System\SoiyNuh.exe
  2⤵
  PID:14064
- C:\Windows\System\dQPfdjq.exe
  C:\Windows\System\dQPfdjq.exe
  2⤵
  PID:14092
- C:\Windows\System\VqwcIKD.exe
  C:\Windows\System\VqwcIKD.exe
  2⤵
  PID:14124
- C:\Windows\System\EsWLPMZ.exe
  C:\Windows\System\EsWLPMZ.exe
  2⤵
  PID:14164
- C:\Windows\System\CwuBfcS.exe
  C:\Windows\System\CwuBfcS.exe
  2⤵
  PID:14180
- C:\Windows\System\QHpEour.exe
  C:\Windows\System\QHpEour.exe
  2⤵
  PID:14208
- C:\Windows\System\iOsRZwI.exe
  C:\Windows\System\iOsRZwI.exe
  2⤵
  PID:14236
- C:\Windows\System\twgqUPB.exe
  C:\Windows\System\twgqUPB.exe
  2⤵
  PID:14264
- C:\Windows\System\skZsKQW.exe
  C:\Windows\System\skZsKQW.exe
  2⤵
  PID:14292
- C:\Windows\System\BQHJwCQ.exe
  C:\Windows\System\BQHJwCQ.exe
  2⤵
  PID:14320
- C:\Windows\System\digJBwJ.exe
  C:\Windows\System\digJBwJ.exe
  2⤵
  PID:13344
- C:\Windows\System\RKZhgNO.exe
  C:\Windows\System\RKZhgNO.exe
  2⤵
  PID:13380
- C:\Windows\System\CryMkWq.exe
  C:\Windows\System\CryMkWq.exe
  2⤵
  PID:7188
- C:\Windows\System\Psfxryr.exe
  C:\Windows\System\Psfxryr.exe
  2⤵
  PID:4356
- C:\Windows\System\YfPdvuP.exe
  C:\Windows\System\YfPdvuP.exe
  2⤵
  PID:7428
- C:\Windows\System\erwBzgv.exe
  C:\Windows\System\erwBzgv.exe
  2⤵
  PID:13576
- C:\Windows\System\nbtMVMf.exe
  C:\Windows\System\nbtMVMf.exe
  2⤵
  PID:13632
- C:\Windows\System\PcbCWqD.exe
  C:\Windows\System\PcbCWqD.exe
  2⤵
  PID:13692
- C:\Windows\System\rVhJaUk.exe
  C:\Windows\System\rVhJaUk.exe
  2⤵
  PID:3300
- C:\Windows\System\EhnNdmS.exe
  C:\Windows\System\EhnNdmS.exe
  2⤵
  PID:13776
- C:\Windows\System\vkQwPcM.exe
  C:\Windows\System\vkQwPcM.exe
  2⤵
  PID:6648
- C:\Windows\System\gykmfrw.exe
  C:\Windows\System\gykmfrw.exe
  2⤵
  PID:13856
- C:\Windows\System\BtNTxjn.exe
  C:\Windows\System\BtNTxjn.exe
  2⤵
  PID:3112
- C:\Windows\System\PlcmTsD.exe
  C:\Windows\System\PlcmTsD.exe
  2⤵
  PID:516
- C:\Windows\System\bVRWqfi.exe
  C:\Windows\System\bVRWqfi.exe
  2⤵
  PID:14000
- C:\Windows\System\ueRkqnk.exe
  C:\Windows\System\ueRkqnk.exe
  2⤵
  PID:14048
- C:\Windows\System\iwvbYLx.exe
  C:\Windows\System\iwvbYLx.exe
  2⤵
  PID:4772
- C:\Windows\System\iqAbAbP.exe
  C:\Windows\System\iqAbAbP.exe
  2⤵
  PID:14144
- C:\Windows\System\anUHoET.exe
  C:\Windows\System\anUHoET.exe
  2⤵
  PID:1568
- C:\Windows\System\TMNFzrY.exe
  C:\Windows\System\TMNFzrY.exe
  2⤵
  PID:7732
- C:\Windows\System\GRYveUQ.exe
  C:\Windows\System\GRYveUQ.exe
  2⤵
  PID:14284
- C:\Windows\System\MTqpCzc.exe
  C:\Windows\System\MTqpCzc.exe
  2⤵
  PID:14316
- C:\Windows\System\vqPtKar.exe
  C:\Windows\System\vqPtKar.exe
  2⤵
  PID:7012
- C:\Windows\System\ioWVfTb.exe
  C:\Windows\System\ioWVfTb.exe
  2⤵
  PID:7216
- C:\Windows\System\mYKqhSp.exe
  C:\Windows\System\mYKqhSp.exe
  2⤵
  PID:13968
- C:\Windows\System\KpFSrZT.exe
  C:\Windows\System\KpFSrZT.exe
  2⤵
  PID:868
- C:\Windows\System\VGiTzYD.exe
  C:\Windows\System\VGiTzYD.exe
  2⤵
  PID:13680
- C:\Windows\System\VoHivnk.exe
  C:\Windows\System\VoHivnk.exe
  2⤵
  PID:2264
- C:\Windows\System\ulkMDqi.exe
  C:\Windows\System\ulkMDqi.exe
  2⤵
  PID:3412
- C:\Windows\System\RdZaDCv.exe
  C:\Windows\System\RdZaDCv.exe
  2⤵
  PID:936
- C:\Windows\System\LnxxJHQ.exe
  C:\Windows\System\LnxxJHQ.exe
  2⤵
  PID:13904
- C:\Windows\System\WpymHaE.exe
  C:\Windows\System\WpymHaE.exe
  2⤵
  PID:13972
- C:\Windows\System\IHiqhlO.exe
  C:\Windows\System\IHiqhlO.exe
  2⤵
  PID:14032
- C:\Windows\System\DqYRWtW.exe
  C:\Windows\System\DqYRWtW.exe
  2⤵
  PID:2696
- C:\Windows\System\KwTbrQG.exe
  C:\Windows\System\KwTbrQG.exe
  2⤵
  PID:14248
- C:\Windows\System\mulgIld.exe
  C:\Windows\System\mulgIld.exe
  2⤵
  PID:7848
- C:\Windows\System\drrXWyW.exe
  C:\Windows\System\drrXWyW.exe
  2⤵
  PID:7308
- C:\Windows\System\pmHnwzA.exe
  C:\Windows\System\pmHnwzA.exe
  2⤵
  PID:13428
- C:\Windows\System\zCSWZAn.exe
  C:\Windows\System\zCSWZAn.exe
  2⤵
  PID:13524
- C:\Windows\System\RpvlfdW.exe
  C:\Windows\System\RpvlfdW.exe
  2⤵
  PID:7448
- C:\Windows\System\ewIqwaA.exe
  C:\Windows\System\ewIqwaA.exe
  2⤵
  PID:3200
- C:\Windows\System\gysRZiQ.exe
  C:\Windows\System\gysRZiQ.exe
  2⤵
  PID:3632
- C:\Windows\System\HOkNRzn.exe
  C:\Windows\System\HOkNRzn.exe
  2⤵
  PID:5596
- C:\Windows\System\mIIHOUQ.exe
  C:\Windows\System\mIIHOUQ.exe
  2⤵
  PID:4888
- C:\Windows\System\errHgfB.exe
  C:\Windows\System\errHgfB.exe
  2⤵
  PID:8204
- C:\Windows\System\xTyVcGz.exe
  C:\Windows\System\xTyVcGz.exe
  2⤵
  PID:8224
- C:\Windows\System\aYbOgDS.exe
  C:\Windows\System\aYbOgDS.exe
  2⤵
  PID:8296
- C:\Windows\System\VrQzCxq.exe
  C:\Windows\System\VrQzCxq.exe
  2⤵
  PID:7260
- C:\Windows\System\mPGFtEd.exe
  C:\Windows\System\mPGFtEd.exe
  2⤵
  PID:8364
- C:\Windows\System\JDOGnsi.exe
  C:\Windows\System\JDOGnsi.exe
  2⤵
  PID:8400
- C:\Windows\System\qAghaFc.exe
  C:\Windows\System\qAghaFc.exe
  2⤵
  PID:8488
- C:\Windows\System\JIsfbvr.exe
  C:\Windows\System\JIsfbvr.exe
  2⤵
  PID:1608
- C:\Windows\System\KrlxLZU.exe
  C:\Windows\System\KrlxLZU.exe
  2⤵
  PID:7740
- C:\Windows\System\jDcixuv.exe
  C:\Windows\System\jDcixuv.exe
  2⤵
  PID:3216
- C:\Windows\System\IfieSiO.exe
  C:\Windows\System\IfieSiO.exe
  2⤵
  PID:8696
- C:\Windows\System\OsrJZGF.exe
  C:\Windows\System\OsrJZGF.exe
  2⤵
  PID:8440
- C:\Windows\System\OziBTyI.exe
  C:\Windows\System\OziBTyI.exe
  2⤵
  PID:4380
- C:\Windows\System\OavSOHE.exe
  C:\Windows\System\OavSOHE.exe
  2⤵
  PID:13356
- C:\Windows\System\YNHojyI.exe
  C:\Windows\System\YNHojyI.exe
  2⤵
  PID:8456
- C:\Windows\System\wNmOjZF.exe
  C:\Windows\System\wNmOjZF.exe
  2⤵
  PID:8852
- C:\Windows\System\vBwvTKr.exe
  C:\Windows\System\vBwvTKr.exe
  2⤵
  PID:8396
- C:\Windows\System\FEwINaF.exe
  C:\Windows\System\FEwINaF.exe
  2⤵
  PID:9056
- C:\Windows\System\rHRfEKI.exe
  C:\Windows\System\rHRfEKI.exe
  2⤵
  PID:14360
- C:\Windows\System\cgqNFLs.exe
  C:\Windows\System\cgqNFLs.exe
  2⤵
  PID:14388
- C:\Windows\System\CzBkumf.exe
  C:\Windows\System\CzBkumf.exe
  2⤵
  PID:14416
- C:\Windows\System\RACKIOP.exe
  C:\Windows\System\RACKIOP.exe
  2⤵
  PID:14444
- C:\Windows\System\mWTxVgQ.exe
  C:\Windows\System\mWTxVgQ.exe
  2⤵
  PID:14472
- C:\Windows\System\kStGzjj.exe
  C:\Windows\System\kStGzjj.exe
  2⤵
  PID:14500
- C:\Windows\System\KPXrxnn.exe
  C:\Windows\System\KPXrxnn.exe
  2⤵
  PID:14528
- C:\Windows\System\jaODdoe.exe
  C:\Windows\System\jaODdoe.exe
  2⤵
  PID:14556
- C:\Windows\System\qCoqmVe.exe
  C:\Windows\System\qCoqmVe.exe
  2⤵
  PID:14584
- C:\Windows\System\AsdbLKq.exe
  C:\Windows\System\AsdbLKq.exe
  2⤵
  PID:14612
- C:\Windows\System\QyUfrkY.exe
  C:\Windows\System\QyUfrkY.exe
  2⤵
  PID:14640
- C:\Windows\System\fibIfdT.exe
  C:\Windows\System\fibIfdT.exe
  2⤵
  PID:14668
- C:\Windows\System\KPQOOFj.exe
  C:\Windows\System\KPQOOFj.exe
  2⤵
  PID:14696
- C:\Windows\System\vamkQde.exe
  C:\Windows\System\vamkQde.exe
  2⤵
  PID:14728
- C:\Windows\System\IAZLmuQ.exe
  C:\Windows\System\IAZLmuQ.exe
  2⤵
  PID:14756
- C:\Windows\System\ZAZNlbG.exe
  C:\Windows\System\ZAZNlbG.exe
  2⤵
  PID:14784
- C:\Windows\System\QJqyIzr.exe
  C:\Windows\System\QJqyIzr.exe
  2⤵
  PID:14812
- C:\Windows\System\SPLmDuO.exe
  C:\Windows\System\SPLmDuO.exe
  2⤵
  PID:14848
- C:\Windows\System\UjAiBcK.exe
  C:\Windows\System\UjAiBcK.exe
  2⤵
  PID:14868
- C:\Windows\System\WenMiiM.exe
  C:\Windows\System\WenMiiM.exe
  2⤵
  PID:14896
- C:\Windows\System\sQdQFxw.exe
  C:\Windows\System\sQdQFxw.exe
  2⤵
  PID:14924
- C:\Windows\System\oltvSMp.exe
  C:\Windows\System\oltvSMp.exe
  2⤵
  PID:14952
- C:\Windows\System\Nwjandd.exe
  C:\Windows\System\Nwjandd.exe
  2⤵
  PID:14980
- C:\Windows\System\OIZCAmq.exe
  C:\Windows\System\OIZCAmq.exe
  2⤵
  PID:15008
- C:\Windows\System\ZsjKUaV.exe
  C:\Windows\System\ZsjKUaV.exe
  2⤵
  PID:15036
- C:\Windows\System\MbweZqG.exe
  C:\Windows\System\MbweZqG.exe
  2⤵
  PID:15064
- C:\Windows\System\nKMzxsj.exe
  C:\Windows\System\nKMzxsj.exe
  2⤵
  PID:15104
- C:\Windows\System\TvNLGym.exe
  C:\Windows\System\TvNLGym.exe
  2⤵
  PID:15120
- C:\Windows\System\ClfmQtB.exe
  C:\Windows\System\ClfmQtB.exe
  2⤵
  PID:15148
- C:\Windows\System\VwJhcSI.exe
  C:\Windows\System\VwJhcSI.exe
  2⤵
  PID:15176
- C:\Windows\System\PaJQnXz.exe
  C:\Windows\System\PaJQnXz.exe
  2⤵
  PID:15204
- C:\Windows\System\wXZcUTX.exe
  C:\Windows\System\wXZcUTX.exe
  2⤵
  PID:15232
- C:\Windows\System\wSEOSGe.exe
  C:\Windows\System\wSEOSGe.exe
  2⤵
  PID:15260
- C:\Windows\System\pThxVFl.exe
  C:\Windows\System\pThxVFl.exe
  2⤵
  PID:15288
- C:\Windows\System\erdCRDf.exe
  C:\Windows\System\erdCRDf.exe
  2⤵
  PID:15320
- C:\Windows\System\DqvbEJN.exe
  C:\Windows\System\DqvbEJN.exe
  2⤵
  PID:15348
- C:\Windows\System\HOeOXev.exe
  C:\Windows\System\HOeOXev.exe
  2⤵
  PID:9132
- C:\Windows\System\OEqIUcB.exe
  C:\Windows\System\OEqIUcB.exe
  2⤵
  PID:9172
- C:\Windows\System\ZUPcDtm.exe
  C:\Windows\System\ZUPcDtm.exe
  2⤵
  PID:14428
- C:\Windows\System\UVDvMoj.exe
  C:\Windows\System\UVDvMoj.exe
  2⤵
  PID:14464
- C:\Windows\System\PAeYzIX.exe
  C:\Windows\System\PAeYzIX.exe
  2⤵
  PID:14512
- C:\Windows\System\LJyrvhp.exe
  C:\Windows\System\LJyrvhp.exe
  2⤵
  PID:14548
- C:\Windows\System\qiPsixq.exe
  C:\Windows\System\qiPsixq.exe
  2⤵
  PID:14580
- C:\Windows\System\JInLTuR.exe
  C:\Windows\System\JInLTuR.exe
  2⤵
  PID:14608
- C:\Windows\System\OuMXEdT.exe
  C:\Windows\System\OuMXEdT.exe
  2⤵
  PID:8740
- C:\Windows\System\NrHyRtc.exe
  C:\Windows\System\NrHyRtc.exe
  2⤵
  PID:8940
- C:\Windows\System\hEErTxM.exe
  C:\Windows\System\hEErTxM.exe
  2⤵
  PID:14724
- C:\Windows\System\ewzEbjD.exe
  C:\Windows\System\ewzEbjD.exe
  2⤵
  PID:9112
- C:\Windows\System\BoWSWxL.exe
  C:\Windows\System\BoWSWxL.exe
  2⤵
  PID:14796
- C:\Windows\System\gaLJzCh.exe
  C:\Windows\System\gaLJzCh.exe
  2⤵
  PID:2896
- C:\Windows\System\CmSFlyg.exe
  C:\Windows\System\CmSFlyg.exe
  2⤵
  PID:14864
- C:\Windows\System\geaEPjR.exe
  C:\Windows\System\geaEPjR.exe
  2⤵
  PID:8708
- C:\Windows\System\RlOAmGb.exe
  C:\Windows\System\RlOAmGb.exe
  2⤵
  PID:14944
- C:\Windows\System\xyXMZFU.exe
  C:\Windows\System\xyXMZFU.exe
  2⤵
  PID:14972
- C:\Windows\System\Hjibrom.exe
  C:\Windows\System\Hjibrom.exe
  2⤵
  PID:15020
- C:\Windows\System\LUVCqhY.exe
  C:\Windows\System\LUVCqhY.exe
  2⤵
  PID:5224
- C:\Windows\System\yvPXyZi.exe
  C:\Windows\System\yvPXyZi.exe
  2⤵
  PID:8984
- C:\Windows\System\CamjWmC.exe
  C:\Windows\System\CamjWmC.exe
  2⤵
  PID:15132
- C:\Windows\System\zuzbcbb.exe
  C:\Windows\System\zuzbcbb.exe
  2⤵
  PID:15188
- C:\Windows\System\GxSepBT.exe
  C:\Windows\System\GxSepBT.exe
  2⤵
  PID:15228
- C:\Windows\System\lhlKMhI.exe
  C:\Windows\System\lhlKMhI.exe
  2⤵
  PID:15280
- C:\Windows\System\pYxbWzj.exe
  C:\Windows\System\pYxbWzj.exe
  2⤵
  PID:15344
- C:\Windows\System\CUiLrbS.exe
  C:\Windows\System\CUiLrbS.exe
  2⤵
  PID:9140
- C:\Windows\System\rKMePFa.exe
  C:\Windows\System\rKMePFa.exe
  2⤵
  PID:8528

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR

Response
DNS

88.210.23.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.210.23.2.in-addr.arpa

IN PTR

Response

88.210.23.2.in-addr.arpa

IN PTR

a2-23-210-88deploystaticakamaitechnologiescom
DNS

53.210.109.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

53.210.109.20.in-addr.arpa

IN PTR

Response
DNS

241.42.69.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.42.69.40.in-addr.arpa

IN PTR

Response
DNS

73.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.159.190.20.in-addr.arpa

IN PTR

Response
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

92.12.20.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

92.12.20.2.in-addr.arpa

IN PTR

Response

92.12.20.2.in-addr.arpa

IN PTR

a2-20-12-92deploystaticakamaitechnologiescom
DNS

154.239.44.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

154.239.44.20.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

11.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.227.111.52.in-addr.arpa

IN PTR

Response

No results found

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

104.219.191.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

104.219.191.52.in-addr.arpa
8.8.8.8:53

88.210.23.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

88.210.23.2.in-addr.arpa
8.8.8.8:53

53.210.109.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

53.210.109.20.in-addr.arpa
8.8.8.8:53

241.42.69.40.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

241.42.69.40.in-addr.arpa
8.8.8.8:53

73.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

73.159.190.20.in-addr.arpa
8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

92.12.20.2.in-addr.arpa

dns

69 B
131 B
1
1

DNS Request

92.12.20.2.in-addr.arpa
8.8.8.8:53

154.239.44.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

154.239.44.20.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

11.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

11.227.111.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\EKgncJl.exe

Filesize
6.0MB

MD5
be43b731e5b34364742e1f169a9ef38f

SHA1
fade9f39fdc5a287ef614ac4a55854ef1e6d5994

SHA256
66be10d9098f1b893b29aadbef57439cc2d59dd7e25079d5e6a918bcf4b56bb4

SHA512
2889de54e4c91870b9b3146a419a352e11b3c4938dbde6b1fbe032f34bcbd6c48035c539af276b44c61e23b43751606a07d439c8130f6f890daf726747d44117

Download Submit
C:\Windows\System\FiixxWH.exe

Filesize
6.0MB

MD5
2843fb19b2d080cb1ed792ac4c30aefe

SHA1
71b3b0139a5687b58c2fc6dd3ba3113ee890fa03

SHA256
b681ddb739224aac4bad816fd51859fb14dc2e92d86e584d31b1c3c910b45db7

SHA512
3c28f45b2a0ba2bb9f26b830e4c5a291127aec6569af867a8d399ec61f1c63a4b478f94e99f66902a24dff9816d620d4f745ffb62eee74d97b1e61b388dc6a17

Download Submit
C:\Windows\System\FjVOBxu.exe

Filesize
6.0MB

MD5
ee1e244ed7e15e3c946c62cdf9e1575d

SHA1
6b1d4f3f3e1bcc024d44070caa5853161ab1b5d9

SHA256
14f7283abfd7b86549ebee922d399ac63e960804cabb99e2dee1824d527b7f35

SHA512
c965143ce28ac264809823ec05b5e0bf2febfa6b2cb23765263955faf3d63fc590039060378e48e392ac5602a2d94d8b25b0b2dfd90d2ab390547f41bce101eb

Download Submit
C:\Windows\System\GZDfAkk.exe

Filesize
6.0MB

MD5
c63610f03d6916cbf1bee603ea872820

SHA1
cc7e54f6eb6288e431ef22e8c19c385e66380f94

SHA256
064c98298d15ff8abe49b11901a73b9ecb7f4791247f357b0487253ccc254f8f

SHA512
500ecb3e919b28176031ded36a9b70ff3f1d3ff98ab73448cd90c39cbbad17dbab3b1e5972566bc21480fff5fb7b2cfe3beb20f11d867176682f88a3d981adf7

Download Submit
C:\Windows\System\GlSzSip.exe

Filesize
6.0MB

MD5
67f9a11e3c19967c5832dfec9ca5eb4a

SHA1
12935c7a367be7b5d1438ac91e4d4bcd15457bf7

SHA256
ee6edfc4a6ccc5b5ea6db817c297671e7a5cb6142a783166c3c3a3011bce4003

SHA512
10633964e74e5841a169e4afaf1998489c2f20568d3dcfa132f216e6a219c9f688cd764768e39af8a17e14ab151166d8de09cf4a773aedc27c109b6c2df6a499

Download Submit
C:\Windows\System\GmCnrlz.exe

Filesize
6.0MB

MD5
c1fabb03f2e7a3d6c3c4d69c8b4b6f92

SHA1
d880912d5e0615f7dab3b102b68335f115710d19

SHA256
dcd80394383f396f6dd1f002a163141a7a88f60356d87bab7ec8c9e5ad856551

SHA512
fd26d63229a8d6ae9a866b33197f77ca2b4a05626aabdb47fa337dd757bb334856e8ec481eea013d9deaa19f6b1bc6b9046bdb096e6eae0bc15cc3a7ccc46d00

Download Submit
C:\Windows\System\IKvhXek.exe

Filesize
6.0MB

MD5
53927aeac22e1b5db0522e3b54425bf0

SHA1
7658518093fb4d8ae8de3add6318008f9ae343e5

SHA256
ba8faaaf73f8e377f64d4efc9dff7e589fe7854e44420717c1eb7b3705b1114a

SHA512
15c87ca6ab36cfe743e476cc25ff88ea4c9f8277430940ef85fbbf7a6bd21f396489c2637980fc7523e7429cdf8f0eda9b179e43f6514fa0e2a0dfc82644ae53

Download Submit
C:\Windows\System\IhYqSaf.exe

Filesize
6.0MB

MD5
046f7f0413be28f80babd08c143aef12

SHA1
d91219ff3af438d0d3fc9ae3389fd69c0c97763c

SHA256
2921e5515ad792095a77f5cdddbbb8c022071888f9d8a2d49113f396429c1797

SHA512
2f2cb01279435a76eaef4d9ccea7a38ef40a9dbdab74d42e2e82bcb3f3d1abf4ecbf8d0012011f1a8291825c95e51f67d72f40589ffe352b0c9f730bbc0e47ff

Download Submit
C:\Windows\System\JKtWROV.exe

Filesize
6.0MB

MD5
7648b937723c32629a40af241b368c0c

SHA1
c05f6e55b35b438199a6c8e42b6f69d327a72307

SHA256
e203aea1bf8aadb68e7e1eab84ad2037cfbee69956aea56cf51e0226797b3000

SHA512
7c3f118c33cdb9f364e440cf06d3288bda36f8fb638e688b473280ea50c58d6fa3c3517dd346cf92daff319e271cd6e775c4206bd800691d63281de8b1643a54

Download Submit
C:\Windows\System\NRpWLjn.exe

Filesize
6.0MB

MD5
54d751c452b1059944b195750462dc5e

SHA1
bb40a8b60a1b92c3de844fcc5092edd527d3846f

SHA256
bb9fade16d79924fc94d57824ae418497723fe8f2a85d8d6e8cd62f806c7e3dd

SHA512
2be9f467b042b6432177b77fe2a297d367747d25fdb99cb2db209d7e01b15da02cb1d1714c22fa50ff59aa82e7379f7a02229ed9b09be00e04573289b6d69e1b

Download Submit
C:\Windows\System\QjZJJqe.exe

Filesize
6.0MB

MD5
c9af810e2badb4e026483bfb5f162b9c

SHA1
5cd0c42537d9c303c29b5117e6234875f37a6380

SHA256
9b03b26dbccaef7b3c2770edf3e475140804fba01a785132b05444f08ca3ff2c

SHA512
3fae3f740d1b5f3533842c2efe76e700004ba9d5da5fd90bcba0160ac7799b4b0deda57213a4e04735493a4bf242eca4f21a1e2931f6a16192ba6ff3089573cf

Download Submit
C:\Windows\System\QnHtCZt.exe

Filesize
6.0MB

MD5
dd58a05898e37d5b0714457d34cddbb7

SHA1
83ea07cb1295e83d636d2a9bade58374299c0390

SHA256
4197e6525619adb38303b0a328d1034f7bb9225713a8e8578e0765d39c882547

SHA512
012e3cb3eb75bf6599b8cc2fb5f7de6a3d0ad255516d76bacf006d50635101eaa52b08c742f0956ee7da635d7457e97af2d68fa835f881fb268d760721ba4ead

Download Submit
C:\Windows\System\RHBXEXU.exe

Filesize
6.0MB

MD5
a67104d2483a559f394b06fb8aefa42c

SHA1
90bd8a7b804001dcd6f660b67a6ed7f4ac366b35

SHA256
02832839e19bae076317205bf63d3c342c32b1b0c35538c6594ceae0d27bddb5

SHA512
ccadae94d1d1576e157585335385c8f769c60f4f2709cd2747110cb395a9e251d2e3d0edfa1231dd6cbfe5251ab9e06166fdee497e1ac8d5a5f05a01bf4c822b

Download Submit
C:\Windows\System\SBOFOxk.exe

Filesize
6.0MB

MD5
a9f309e26aa8d306da1efc1ca30ef1cc

SHA1
6dea7df3d4c17db223e52a1eb45e5c5c90a8301f

SHA256
9c98deab11209e212889994a8cfeb98d5456cc50144e2e38315de987c715091c

SHA512
3df66c0d35941418b5a9df9e3410b574afe9677b4e8841249f561100852c0e08d0bb817d081c2ba1ea2cc8d4d3626fe8c3a226ee0b03f4da71e6f5fbfb432f6a

Download Submit
C:\Windows\System\StWOjpr.exe

Filesize
6.0MB

MD5
6055afce6f5d3e0085200a2f8f362918

SHA1
00cec90847aca71fca0feb86de9af49a277b46b3

SHA256
1c6bb67761e5961fabf7bc5aedec518547439f51140462a9c69125fbf8139bc7

SHA512
942ff68dd3fdc973ecbec4631170fd31bc9c063fac6b749d81f0ab0d22e7ea08ef14701b9eb4f2022501ed69e7552af0552e2185528dfca20f215795e8254825

Download Submit
C:\Windows\System\TiCrvgh.exe

Filesize
6.0MB

MD5
fcce6c64ac0a2f2203ef4ab023430428

SHA1
e3ba077cc303d43906812e386fa8eb9b41b31b09

SHA256
411206de3fb9fc1115592165869fa1fe84748b40b45c2d0801051b5c07e30bcd

SHA512
8232473f4d9be7b526d16e5a6d9c217ffa527e479286f99ef9ee82e843f72efc0637278ff8a8fd2599caab3f1f8636981e24f444b05a9b3b2e1ea4b00526fe18

Download Submit
C:\Windows\System\UeqYknN.exe

Filesize
6.0MB

MD5
fde71f44a8d8081678b9da9d4d6314e4

SHA1
e7748361bd31be961e39d8f5e81246d7574cec67

SHA256
b3441f089ea72c8609410b35e614525222c3d0527ffcccd99b0be72b185e8587

SHA512
9fef9e9b1b49f78dade49054def927c5322b20823a57b2e06cba2eac92474b49d257d65b1e72fb3418d7507ad97b33bfd5103f904aa7b4fac1c65c76f55c5c87

Download Submit
C:\Windows\System\UrVKHcc.exe

Filesize
6.0MB

MD5
695ba478b6c1eb9cf0782051418d0420

SHA1
ec4900c62cc2f461fde247f519ff98cba25eb819

SHA256
1e1a072625a04a42fa2259985e27989610b821ea7b130c3ac6c80700d5563874

SHA512
b0bb70c530de632a783780247ee18718caefbf176ade9865373fb430da5b9bdec6b03c18ec35bda2bb5ed672333f669ce502220d18586eef014bf9626147f78f

Download Submit
C:\Windows\System\XAoJOGb.exe

Filesize
6.0MB

MD5
186302beeea831d5c9e2846d0c4f64e8

SHA1
7155e41c939d1ad2364f38a69df5408b025481bd

SHA256
aeae3be8391eb2bee5467c44814753f3040a088b94d84465c04bfbcb29841192

SHA512
968f0966328cd94d5bbb04a1e0e0b7b8a06037fec1b24059266c01361164d369fc07111de662aa1bf10b5cd89b2238ecd36e64c2cdf480fd7170b03c40de7bd7

Download Submit
C:\Windows\System\XbWLgTA.exe

Filesize
6.0MB

MD5
589c757107fff59757e7f5799124bffd

SHA1
b6270b0a85a1a870c6219dad809304632d7fb058

SHA256
4ac7d9261ff26dfa10d62a85674a6c69036f937863a4699716cbca165fa3c070

SHA512
73a31bdaf79760b81e3ac512865c6333b0723af137272fb6beee321e7e14aed1a2f841f3d952e857ec0fe14b1d49b06b3ee3d4f44250bbcb5003a701b80a3397

Download Submit
C:\Windows\System\XxopqCs.exe

Filesize
6.0MB

MD5
8d6ec5c83c242c80f27cda22e8a6f4af

SHA1
4fa235fb3f9ea66a7202b59b06779f220958ed23

SHA256
42d24df4a4bb665663e86e36092443364a44f51285ebeb695caebabbfb5d10d9

SHA512
8832e1e6bf16c24fac9d242a558751c3ab2a01d0df2b276f352038cd3b7b8e51b69d459c842a94584e34c536cc44fae5979b89995cf7dd5f63bfa901b0d1a7a0

Download Submit
C:\Windows\System\YzWTtRh.exe

Filesize
6.0MB

MD5
8ec0b1fbb7213419292662c9ed92126d

SHA1
5c07f12759358ee81b1bd44640624d4b52915c8f

SHA256
3ce1f258223c575257646e7a2ae0aec6ebc0775881002e3c9c18f453571a0aa1

SHA512
6291d1336d326149d9c62706efc692870d194c3f55e4727aa12075ac823cc3b9b7e5c04078a7b0482487d3bd9601041292f145acb67bab6ec725e0e2a86a0d8f

Download Submit
C:\Windows\System\cKjFQux.exe

Filesize
6.0MB

MD5
2b1bd3e8cdc911fae8c6d945d40574eb

SHA1
3e023305c1d1c6a41fc67fba95ce85a9d6f1ae1f

SHA256
32a4b362a33cbf88cd5e06744d99b3e16aa04e7553b834fe5b5d5283d159423e

SHA512
3c25688622bbc965d7b37e586de91827a86d344a530e0ad50d61417c074486d4c08b25b87bc244d6572a797d711a93ac49521244d81b308f7f0179d94dae6887

Download Submit
C:\Windows\System\gNpVcTe.exe

Filesize
6.0MB

MD5
d2d09d399d13d56484186d75c81c131e

SHA1
0f2796ecfe1b27f6aca5f406f636bef5302a3fc2

SHA256
a6bdb92b400a8624c0795c0299360f72174017f1bb6837d13222744a0bd5ecdb

SHA512
b194924094df027e4c502b08e45ec3f71f5f6bef64941da539a587c326e5192e29cac5cfd8dec4b51f09707ec372fef0da99bf89838fafe0411f962a087cff67

Download Submit
C:\Windows\System\iDwFhDm.exe

Filesize
6.0MB

MD5
2aafc763b3e82c0e24f8d53345b8aa2f

SHA1
be24c7ca762e908f2503d0943a3272eaa53ce8bb

SHA256
61035a028b0fc1c0509be2b53d06d6fe0a6b614df7ed8e1210bfa2386de27786

SHA512
de2a5d4a89daa0f3cecd72aa419d8e6fcf284acaa9b3164b0a04f10bc6e864a8603b7a76031fa956256ad532fc46e70a1f854ef9a2745602f5e1d2973462b180

Download Submit
C:\Windows\System\iOjVASA.exe

Filesize
6.0MB

MD5
bfa5c2eb4d5209c02edd2eb75d16a42e

SHA1
73f9b1c0732bb726510c489612d5cfd7af4f150b

SHA256
8adfb5f616d785f71e12ed90661e418e413bcb6799c8fae3bea0e74091628b62

SHA512
b84331f0707ee07417293982970d0eb69cb2fc896b495669ad123cb9f80e2b578e322554c96269d22d0d08b8cecc871018198a4f11ea3ab22dced6596824c5b7

Download Submit
C:\Windows\System\ibgjePj.exe

Filesize
6.0MB

MD5
c919000bbc87b28873a8a7f9be9e56c7

SHA1
603c941c1efa707cea943949b565e072f85e0961

SHA256
5b061728c278dca3cec9034c2dfb02ae737233f1a2b7ed230647025b35de3595

SHA512
0b2c6085aee53a7b91a2cd36800f3c0837164ce92d8bc8395ef543746b3e04c17c51785ab9ceaea7c055f445523055803d9fad30eca95265d13d954eccec1033

Download Submit
C:\Windows\System\kUsaaxs.exe

Filesize
6.0MB

MD5
337414986b8d196a656a8a475967a599

SHA1
d71e65b5d2cd023add2e4503af47867f77440456

SHA256
914f63d557d0bd5ff8d1ccdb5eba35f6d19c2da3885285b73440ead134fa6960

SHA512
8fe248d3b24ea1cd6934c268c2434e138c54e8960b9e6dba18eb419fd829c4949be27ef018912dd0ca52413ae9d56e27d44eddcda8c7b5ca6f518443bab007db

Download Submit
C:\Windows\System\kxeEizG.exe

Filesize
6.0MB

MD5
f35b852163a19241948c906e86255886

SHA1
3ecfcc332404c103568a00d66eea38718afdc253

SHA256
ae6c874d561cdab4fe06ae102eeda0b9a9868c964b8e64f70a86e9d126649267

SHA512
8a4f8b97245ead101fa61f6444c5f659a944c21a3ca54d9823893fcdaec656bee137c81ffccea4192d0aba211b8325bdbde0bcf9a63ee337385526bea3b1d547

Download Submit
C:\Windows\System\nkPFTlZ.exe

Filesize
6.0MB

MD5
b8a4258c171413c664dea4f104f0e841

SHA1
8049ea8a4489578322d3e0256de70413e8292056

SHA256
01d40136926ebf9d9962280a374e4d8ca6db406944619fff1f5582d3bbcbef27

SHA512
062abd56ab2f5abfaca6cb4a076cd9928854f30df25abad6bd0c8d239a00466009b8aacd9cba8ecc42ff34a98ef87515da846234df8e2e61a4610c53681c4849

Download Submit
C:\Windows\System\oQKGdVA.exe

Filesize
6.0MB

MD5
865f7571793032fe5b75d2541e2688f2

SHA1
3678b5531a502b9fd20637eeb9e7b8006e1517d8

SHA256
a2ec1d9ed5529c4492921f287fbba59a8078adbb7f3f1f10030f117e3081e9b7

SHA512
8837efc121cf33c13032ff372f87438db0ab2c8a0f5bbdaf02156937c03d959410b0894737af31a832b73f749bb3c32c92584fdec79e9f7b700cb87a71c43319

Download Submit
C:\Windows\System\tkxLpmP.exe

Filesize
6.0MB

MD5
2dee99cec9fd25fccc69c1b63943607d

SHA1
3281e8d6d5ba49489e94b79d2839889edde38dea

SHA256
2c6431501a33edffd5b7e6b5d741b409aeec13051acd9b54b26c872c62e551ee

SHA512
38546de16ada73f9df6df146dc5e6108f55c10eea7ba14d103ea0c3ff22e3f3ccc90436ba635bad33fd1825fe1f7b8ed317de7f031061b7a1677531ffdc44a4b

Download Submit
C:\Windows\System\wbVLzWo.exe

Filesize
6.0MB

MD5
9dece49bd30bf419085c34e2e5e97f45

SHA1
7b100b4a440d41693269bf6d204f89e3c560badf

SHA256
cfac2030c8121e54463f7e54e7f6a962f387bf5ca4c38d0c9829322deb0439e4

SHA512
71e27bd9d42f400ba7b4e966af43573e7f735a0560984d53b6621bc2978ac46bad19dbc009ad01bd712d844d82bef64f8d4980df1696eef2908e04e6cd97e8f9

Download Submit
memory/116-609-0x00007FF6BEAD0000-0x00007FF6BEE24000-memory.dmp

Filesize
3.3MB

Download
memory/116-1246-0x00007FF6BEAD0000-0x00007FF6BEE24000-memory.dmp

Filesize
3.3MB

Download
memory/420-8-0x00007FF6AFCD0000-0x00007FF6B0024000-memory.dmp

Filesize
3.3MB

Download
memory/420-1223-0x00007FF6AFCD0000-0x00007FF6B0024000-memory.dmp

Filesize
3.3MB

Download
memory/420-1024-0x00007FF6AFCD0000-0x00007FF6B0024000-memory.dmp

Filesize
3.3MB

Download
memory/468-1259-0x00007FF6E5DF0000-0x00007FF6E6144000-memory.dmp

Filesize
3.3MB

Download
memory/468-612-0x00007FF6E5DF0000-0x00007FF6E6144000-memory.dmp

Filesize
3.3MB

Download
memory/576-1080-0x00007FF61E6B0000-0x00007FF61EA04000-memory.dmp

Filesize
3.3MB

Download
memory/576-23-0x00007FF61E6B0000-0x00007FF61EA04000-memory.dmp

Filesize
3.3MB

Download
memory/576-1238-0x00007FF61E6B0000-0x00007FF61EA04000-memory.dmp

Filesize
3.3MB

Download
memory/616-19-0x00007FF6C6180000-0x00007FF6C64D4000-memory.dmp

Filesize
3.3MB

Download
memory/616-1222-0x00007FF6C6180000-0x00007FF6C64D4000-memory.dmp

Filesize
3.3MB

Download
memory/644-1290-0x00007FF67DBE0000-0x00007FF67DF34000-memory.dmp

Filesize
3.3MB

Download
memory/644-644-0x00007FF67DBE0000-0x00007FF67DF34000-memory.dmp

Filesize
3.3MB

Download
memory/812-28-0x00007FF64F380000-0x00007FF64F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/812-1213-0x00007FF64F380000-0x00007FF64F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/812-1233-0x00007FF64F380000-0x00007FF64F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/1116-659-0x00007FF762320000-0x00007FF762674000-memory.dmp

Filesize
3.3MB

Download
memory/1116-1300-0x00007FF762320000-0x00007FF762674000-memory.dmp

Filesize
3.3MB

Download
memory/1120-608-0x00007FF696C50000-0x00007FF696FA4000-memory.dmp

Filesize
3.3MB

Download
memory/1120-1243-0x00007FF696C50000-0x00007FF696FA4000-memory.dmp

Filesize
3.3MB

Download
memory/1280-611-0x00007FF646790000-0x00007FF646AE4000-memory.dmp

Filesize
3.3MB

Download
memory/1280-1255-0x00007FF646790000-0x00007FF646AE4000-memory.dmp

Filesize
3.3MB

Download
memory/1440-607-0x00007FF770600000-0x00007FF770954000-memory.dmp

Filesize
3.3MB

Download
memory/1440-1239-0x00007FF770600000-0x00007FF770954000-memory.dmp

Filesize
3.3MB

Download
memory/1508-654-0x00007FF6F8A30000-0x00007FF6F8D84000-memory.dmp

Filesize
3.3MB

Download
memory/1508-1286-0x00007FF6F8A30000-0x00007FF6F8D84000-memory.dmp

Filesize
3.3MB

Download
memory/1556-1292-0x00007FF70E9E0000-0x00007FF70ED34000-memory.dmp

Filesize
3.3MB

Download
memory/1556-675-0x00007FF70E9E0000-0x00007FF70ED34000-memory.dmp

Filesize
3.3MB

Download
memory/2008-639-0x00007FF7E8710000-0x00007FF7E8A64000-memory.dmp

Filesize
3.3MB

Download
memory/2008-1291-0x00007FF7E8710000-0x00007FF7E8A64000-memory.dmp

Filesize
3.3MB

Download
memory/2180-956-0x00007FF7F5600000-0x00007FF7F5954000-memory.dmp

Filesize
3.3MB

Download
memory/2180-1-0x000002AFA9650000-0x000002AFA9660000-memory.dmp

Filesize
64KB

Download
memory/2180-0-0x00007FF7F5600000-0x00007FF7F5954000-memory.dmp

Filesize
3.3MB

Download
memory/2600-624-0x00007FF7C4D10000-0x00007FF7C5064000-memory.dmp

Filesize
3.3MB

Download
memory/2600-1269-0x00007FF7C4D10000-0x00007FF7C5064000-memory.dmp

Filesize
3.3MB

Download
memory/2692-664-0x00007FF6F7D20000-0x00007FF6F8074000-memory.dmp

Filesize
3.3MB

Download
memory/2692-1299-0x00007FF6F7D20000-0x00007FF6F8074000-memory.dmp

Filesize
3.3MB

Download
memory/2724-668-0x00007FF7A6360000-0x00007FF7A66B4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-1297-0x00007FF7A6360000-0x00007FF7A66B4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-610-0x00007FF752DC0000-0x00007FF753114000-memory.dmp

Filesize
3.3MB

Download
memory/3008-1249-0x00007FF752DC0000-0x00007FF753114000-memory.dmp

Filesize
3.3MB

Download
memory/3472-636-0x00007FF62E8A0000-0x00007FF62EBF4000-memory.dmp

Filesize
3.3MB

Download
memory/3472-1298-0x00007FF62E8A0000-0x00007FF62EBF4000-memory.dmp

Filesize
3.3MB

Download
memory/3504-682-0x00007FF6A75B0000-0x00007FF6A7904000-memory.dmp

Filesize
3.3MB

Download
memory/3504-1294-0x00007FF6A75B0000-0x00007FF6A7904000-memory.dmp

Filesize
3.3MB

Download
memory/3512-1227-0x00007FF6A4A00000-0x00007FF6A4D54000-memory.dmp

Filesize
3.3MB

Download
memory/3512-24-0x00007FF6A4A00000-0x00007FF6A4D54000-memory.dmp

Filesize
3.3MB

Download
memory/3792-689-0x00007FF6D8ED0000-0x00007FF6D9224000-memory.dmp

Filesize
3.3MB

Download
memory/3792-1232-0x00007FF6D8ED0000-0x00007FF6D9224000-memory.dmp

Filesize
3.3MB

Download
memory/3836-1276-0x00007FF6061E0000-0x00007FF606534000-memory.dmp

Filesize
3.3MB

Download
memory/3836-630-0x00007FF6061E0000-0x00007FF606534000-memory.dmp

Filesize
3.3MB

Download
memory/3848-1293-0x00007FF657F00000-0x00007FF658254000-memory.dmp

Filesize
3.3MB

Download
memory/3848-678-0x00007FF657F00000-0x00007FF658254000-memory.dmp

Filesize
3.3MB

Download
memory/3964-1260-0x00007FF63DE90000-0x00007FF63E1E4000-memory.dmp

Filesize
3.3MB

Download
memory/3964-618-0x00007FF63DE90000-0x00007FF63E1E4000-memory.dmp

Filesize
3.3MB

Download
memory/4016-648-0x00007FF796440000-0x00007FF796794000-memory.dmp

Filesize
3.3MB

Download
memory/4016-1289-0x00007FF796440000-0x00007FF796794000-memory.dmp

Filesize
3.3MB

Download
memory/4504-1217-0x00007FF78BCE0000-0x00007FF78C034000-memory.dmp

Filesize
3.3MB

Download
memory/4504-1240-0x00007FF78BCE0000-0x00007FF78C034000-memory.dmp

Filesize
3.3MB

Download
memory/4504-601-0x00007FF78BCE0000-0x00007FF78C034000-memory.dmp

Filesize
3.3MB

Download
memory/4508-622-0x00007FF6EC9F0000-0x00007FF6ECD44000-memory.dmp

Filesize
3.3MB

Download
memory/4508-1266-0x00007FF6EC9F0000-0x00007FF6ECD44000-memory.dmp

Filesize
3.3MB

Download
memory/4532-1264-0x00007FF6B9F50000-0x00007FF6BA2A4000-memory.dmp

Filesize
3.3MB

Download
memory/4532-613-0x00007FF6B9F50000-0x00007FF6BA2A4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.