cobaltstrike | f4841082d3cad1d6f292b944dfb8140e3e49952a681a3edbc366254f9e26316b

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2024 02:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

3a15eb20f137cbdd86d965ed233bf3f3
SHA1

7a155706d4ef88289942e3b16103d9a4de0f9c9b
SHA256

f4841082d3cad1d6f292b944dfb8140e3e49952a681a3edbc366254f9e26316b
SHA512

ab728281585a7747d787367b1b4495627204fa2f16ba3619c41684a7c1631285e6223820d8c1e1f4dee06ec7c73db3b7a91edb09cb9f7ce5998fcca888e11e8e
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUJ:T+q56utgpPF8u/7J

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000b000000023b79-5.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7d-10.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b81-36.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b80-29.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b82-40.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b85-58.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b87-73.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b7a-79.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b88-88.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b89-96.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8a-102.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b86-65.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b84-54.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b83-47.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7f-24.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8b-108.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8c-114.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8e-128.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8f-133.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b90-142.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b91-146.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b92-154.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b93-157.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023bb2-193.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023bb1-194.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bac-191.dat	cobalt_reflective_dll
behavioral2/files/0x000e000000023ba3-185.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9c-177.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b94-171.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8d-126.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023bb3-201.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7e-17.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1348-0-0x00007FF676330000-0x00007FF676684000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b79-5.dat	xmrig
behavioral2/files/0x000a000000023b7d-10.dat	xmrig
behavioral2/memory/4932-14-0x00007FF756EC0000-0x00007FF757214000-memory.dmp	xmrig
behavioral2/memory/1028-20-0x00007FF778DE0000-0x00007FF779134000-memory.dmp	xmrig
behavioral2/memory/3796-26-0x00007FF6C65F0000-0x00007FF6C6944000-memory.dmp	xmrig
behavioral2/memory/2036-32-0x00007FF703ED0000-0x00007FF704224000-memory.dmp	xmrig
behavioral2/memory/3124-38-0x00007FF7CF190000-0x00007FF7CF4E4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b81-36.dat	xmrig
behavioral2/files/0x000a000000023b80-29.dat	xmrig
behavioral2/files/0x000a000000023b82-40.dat	xmrig
behavioral2/files/0x000a000000023b85-58.dat	xmrig
behavioral2/memory/1348-62-0x00007FF676330000-0x00007FF676684000-memory.dmp	xmrig
behavioral2/memory/1576-69-0x00007FF7704C0000-0x00007FF770814000-memory.dmp	xmrig
behavioral2/memory/2616-70-0x00007FF73C460000-0x00007FF73C7B4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b87-73.dat	xmrig
behavioral2/memory/1436-77-0x00007FF606590000-0x00007FF6068E4000-memory.dmp	xmrig
behavioral2/memory/4932-76-0x00007FF756EC0000-0x00007FF757214000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b7a-79.dat	xmrig
behavioral2/memory/3796-89-0x00007FF6C65F0000-0x00007FF6C6944000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b88-88.dat	xmrig
behavioral2/memory/2996-98-0x00007FF70DA30000-0x00007FF70DD84000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b89-96.dat	xmrig
behavioral2/memory/2036-95-0x00007FF703ED0000-0x00007FF704224000-memory.dmp	xmrig
behavioral2/memory/4732-93-0x00007FF684D20000-0x00007FF685074000-memory.dmp	xmrig
behavioral2/memory/2008-84-0x00007FF704F10000-0x00007FF705264000-memory.dmp	xmrig
behavioral2/memory/3124-103-0x00007FF7CF190000-0x00007FF7CF4E4000-memory.dmp	xmrig
behavioral2/memory/3544-104-0x00007FF7A4BA0000-0x00007FF7A4EF4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b8a-102.dat	xmrig
behavioral2/memory/1028-81-0x00007FF778DE0000-0x00007FF779134000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b86-65.dat	xmrig
behavioral2/memory/3800-63-0x00007FF7B6510000-0x00007FF7B6864000-memory.dmp	xmrig
behavioral2/memory/3728-56-0x00007FF739880000-0x00007FF739BD4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b84-54.dat	xmrig
behavioral2/memory/2080-50-0x00007FF619B60000-0x00007FF619EB4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b83-47.dat	xmrig
behavioral2/memory/4728-44-0x00007FF78C6E0000-0x00007FF78CA34000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b7f-24.dat	xmrig
behavioral2/files/0x000a000000023b8b-108.dat	xmrig
behavioral2/memory/3660-110-0x00007FF6BD4A0000-0x00007FF6BD7F4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b8c-114.dat	xmrig
behavioral2/files/0x000a000000023b8e-128.dat	xmrig
behavioral2/files/0x000a000000023b8f-133.dat	xmrig
behavioral2/files/0x000a000000023b90-142.dat	xmrig
behavioral2/files/0x000a000000023b91-146.dat	xmrig
behavioral2/memory/3764-153-0x00007FF64F430000-0x00007FF64F784000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b92-154.dat	xmrig
behavioral2/files/0x000b000000023b93-157.dat	xmrig
behavioral2/memory/3544-160-0x00007FF7A4BA0000-0x00007FF7A4EF4000-memory.dmp	xmrig
behavioral2/memory/2624-147-0x00007FF624D80000-0x00007FF6250D4000-memory.dmp	xmrig
behavioral2/memory/1568-141-0x00007FF64F590000-0x00007FF64F8E4000-memory.dmp	xmrig
behavioral2/memory/2008-140-0x00007FF704F10000-0x00007FF705264000-memory.dmp	xmrig
behavioral2/memory/1308-162-0x00007FF65D6C0000-0x00007FF65DA14000-memory.dmp	xmrig
behavioral2/memory/2940-166-0x00007FF67E1E0000-0x00007FF67E534000-memory.dmp	xmrig
behavioral2/memory/3660-173-0x00007FF6BD4A0000-0x00007FF6BD7F4000-memory.dmp	xmrig
behavioral2/files/0x0009000000023bb2-193.dat	xmrig
behavioral2/files/0x0009000000023bb1-194.dat	xmrig
behavioral2/files/0x0008000000023bac-191.dat	xmrig
behavioral2/memory/4960-190-0x00007FF7ABAF0000-0x00007FF7ABE44000-memory.dmp	xmrig
behavioral2/memory/2948-189-0x00007FF65FFA0000-0x00007FF6602F4000-memory.dmp	xmrig
behavioral2/files/0x000e000000023ba3-185.dat	xmrig
behavioral2/memory/2392-184-0x00007FF6DAFE0000-0x00007FF6DB334000-memory.dmp	xmrig
behavioral2/memory/384-181-0x00007FF67CEF0000-0x00007FF67D244000-memory.dmp	xmrig
behavioral2/memory/2636-179-0x00007FF6EB090000-0x00007FF6EB3E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1576	NrHmtah.exe
4932	pEOkxqn.exe
1028	HUjVsem.exe
3796	dVRHckG.exe
2036	EkSIWMX.exe
3124	qCeixAx.exe
4728	VrdjlQY.exe
2080	nAgRzkK.exe
3728	RGqtMTR.exe
3800	GfFCERL.exe
2616	CtVCMZF.exe
1436	LAjavUV.exe
2008	kYfkLjr.exe
4732	dsfvnwC.exe
2996	wBKdcEm.exe
3544	iNYohfa.exe
3660	mSXAKpE.exe
384	vxQibMo.exe
2392	PlDuHHY.exe
644	dCWPBMG.exe
1860	fOnJuaA.exe
1568	qHABTaa.exe
2624	hgEMorl.exe
3764	RasDhLw.exe
1308	RiUWTdW.exe
2940	uBRIBkv.exe
2636	RTFHFYR.exe
2948	sHNRGGQ.exe
4960	UodJSLL.exe
520	vlqfTIT.exe
1040	QQqvnUE.exe
1728	HgvDDkO.exe
1384	iGqBvID.exe
4276	uXLasAO.exe
1108	LSQgybO.exe
3296	wfsuimK.exe
1076	AFFFbrJ.exe
2196	YkJvWVL.exe
928	ZcUNxWp.exe
4388	MoZVldb.exe
5116	FEMehHk.exe
1704	ZvqqvZs.exe
648	HfiikvT.exe
4428	UMhNFHk.exe
4160	ZQtFiJW.exe
3176	zgvBPXZ.exe
2212	BqSoFyc.exe
848	gRNLwql.exe
488	sBWTYdv.exe
4408	HINsgVP.exe
2204	BJeJtrm.exe
4432	zRJkIFf.exe
4820	YXQdGWv.exe
4240	ZRbegwA.exe
4132	hEBgvvV.exe
5044	SGGDkfd.exe
4832	OHCuQlN.exe
1480	VhyeNxw.exe
3692	OFuBmrc.exe
4260	HOXppxb.exe
3536	shrOrbL.exe
3060	KVYNagQ.exe
4016	iuiqwjP.exe
3612	aKeNCdP.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1348-0-0x00007FF676330000-0x00007FF676684000-memory.dmp	upx
behavioral2/files/0x000b000000023b79-5.dat	upx
behavioral2/files/0x000a000000023b7d-10.dat	upx
behavioral2/memory/4932-14-0x00007FF756EC0000-0x00007FF757214000-memory.dmp	upx
behavioral2/memory/1028-20-0x00007FF778DE0000-0x00007FF779134000-memory.dmp	upx
behavioral2/memory/3796-26-0x00007FF6C65F0000-0x00007FF6C6944000-memory.dmp	upx
behavioral2/memory/2036-32-0x00007FF703ED0000-0x00007FF704224000-memory.dmp	upx
behavioral2/memory/3124-38-0x00007FF7CF190000-0x00007FF7CF4E4000-memory.dmp	upx
behavioral2/files/0x000a000000023b81-36.dat	upx
behavioral2/files/0x000a000000023b80-29.dat	upx
behavioral2/files/0x000a000000023b82-40.dat	upx
behavioral2/files/0x000a000000023b85-58.dat	upx
behavioral2/memory/1348-62-0x00007FF676330000-0x00007FF676684000-memory.dmp	upx
behavioral2/memory/1576-69-0x00007FF7704C0000-0x00007FF770814000-memory.dmp	upx
behavioral2/memory/2616-70-0x00007FF73C460000-0x00007FF73C7B4000-memory.dmp	upx
behavioral2/files/0x000a000000023b87-73.dat	upx
behavioral2/memory/1436-77-0x00007FF606590000-0x00007FF6068E4000-memory.dmp	upx
behavioral2/memory/4932-76-0x00007FF756EC0000-0x00007FF757214000-memory.dmp	upx
behavioral2/files/0x000b000000023b7a-79.dat	upx
behavioral2/memory/3796-89-0x00007FF6C65F0000-0x00007FF6C6944000-memory.dmp	upx
behavioral2/files/0x000a000000023b88-88.dat	upx
behavioral2/memory/2996-98-0x00007FF70DA30000-0x00007FF70DD84000-memory.dmp	upx
behavioral2/files/0x000a000000023b89-96.dat	upx
behavioral2/memory/2036-95-0x00007FF703ED0000-0x00007FF704224000-memory.dmp	upx
behavioral2/memory/4732-93-0x00007FF684D20000-0x00007FF685074000-memory.dmp	upx
behavioral2/memory/2008-84-0x00007FF704F10000-0x00007FF705264000-memory.dmp	upx
behavioral2/memory/3124-103-0x00007FF7CF190000-0x00007FF7CF4E4000-memory.dmp	upx
behavioral2/memory/3544-104-0x00007FF7A4BA0000-0x00007FF7A4EF4000-memory.dmp	upx
behavioral2/files/0x000a000000023b8a-102.dat	upx
behavioral2/memory/1028-81-0x00007FF778DE0000-0x00007FF779134000-memory.dmp	upx
behavioral2/files/0x000a000000023b86-65.dat	upx
behavioral2/memory/3800-63-0x00007FF7B6510000-0x00007FF7B6864000-memory.dmp	upx
behavioral2/memory/3728-56-0x00007FF739880000-0x00007FF739BD4000-memory.dmp	upx
behavioral2/files/0x000a000000023b84-54.dat	upx
behavioral2/memory/2080-50-0x00007FF619B60000-0x00007FF619EB4000-memory.dmp	upx
behavioral2/files/0x000a000000023b83-47.dat	upx
behavioral2/memory/4728-44-0x00007FF78C6E0000-0x00007FF78CA34000-memory.dmp	upx
behavioral2/files/0x000a000000023b7f-24.dat	upx
behavioral2/files/0x000a000000023b8b-108.dat	upx
behavioral2/memory/3660-110-0x00007FF6BD4A0000-0x00007FF6BD7F4000-memory.dmp	upx
behavioral2/files/0x000a000000023b8c-114.dat	upx
behavioral2/files/0x000a000000023b8e-128.dat	upx
behavioral2/files/0x000a000000023b8f-133.dat	upx
behavioral2/files/0x000a000000023b90-142.dat	upx
behavioral2/files/0x000a000000023b91-146.dat	upx
behavioral2/memory/3764-153-0x00007FF64F430000-0x00007FF64F784000-memory.dmp	upx
behavioral2/files/0x000b000000023b92-154.dat	upx
behavioral2/files/0x000b000000023b93-157.dat	upx
behavioral2/memory/3544-160-0x00007FF7A4BA0000-0x00007FF7A4EF4000-memory.dmp	upx
behavioral2/memory/2624-147-0x00007FF624D80000-0x00007FF6250D4000-memory.dmp	upx
behavioral2/memory/1568-141-0x00007FF64F590000-0x00007FF64F8E4000-memory.dmp	upx
behavioral2/memory/2008-140-0x00007FF704F10000-0x00007FF705264000-memory.dmp	upx
behavioral2/memory/1308-162-0x00007FF65D6C0000-0x00007FF65DA14000-memory.dmp	upx
behavioral2/memory/2940-166-0x00007FF67E1E0000-0x00007FF67E534000-memory.dmp	upx
behavioral2/memory/3660-173-0x00007FF6BD4A0000-0x00007FF6BD7F4000-memory.dmp	upx
behavioral2/files/0x0009000000023bb2-193.dat	upx
behavioral2/files/0x0009000000023bb1-194.dat	upx
behavioral2/files/0x0008000000023bac-191.dat	upx
behavioral2/memory/4960-190-0x00007FF7ABAF0000-0x00007FF7ABE44000-memory.dmp	upx
behavioral2/memory/2948-189-0x00007FF65FFA0000-0x00007FF6602F4000-memory.dmp	upx
behavioral2/files/0x000e000000023ba3-185.dat	upx
behavioral2/memory/2392-184-0x00007FF6DAFE0000-0x00007FF6DB334000-memory.dmp	upx
behavioral2/memory/384-181-0x00007FF67CEF0000-0x00007FF67D244000-memory.dmp	upx
behavioral2/memory/2636-179-0x00007FF6EB090000-0x00007FF6EB3E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\LJWlwyb.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\haNMhTa.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rDPVflL.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jLJdsKd.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RasDhLw.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SHZQEcw.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zYqjIvs.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZQwivab.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OxQgByI.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dToyxLW.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zDWSQaO.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hrjolfL.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ufoMVPM.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BeOfqBP.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EigTxpq.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HINsgVP.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QPwVECl.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hqVMVDA.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XdmgpAI.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sHNRGGQ.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gRNLwql.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FHlHOIM.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NtxnVoX.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hjBtUzw.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MPJPlBv.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jjObUvt.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qWIedeV.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jmuEAWd.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WaRugLt.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yTelQyh.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bdSGGpy.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mwbXoYs.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\irplqxu.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ryiqZHD.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iCetiTU.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CRXSQQW.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mumzbaO.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WuyIuvP.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OLTVExe.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jSWmkkJ.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NFBaPAZ.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TUSmNFb.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UuEQfgv.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yIsZDop.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iKHwezM.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dMbEymQ.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yfauSFh.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lUChgZM.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XVdvENY.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VGHpvXQ.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RlgyCnc.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jNuRFWu.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dHjWDRJ.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tDBFgFo.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lhyZsSh.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iPSPiEa.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vJCCVTS.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bQbqziZ.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cGDfQEH.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CmvsIkp.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XlYOpjK.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NKzvVPX.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vggEFwY.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uBRIBkv.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1348 wrote to memory of 1576	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 1348 wrote to memory of 1576	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 1348 wrote to memory of 4932	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 1348 wrote to memory of 4932	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 1348 wrote to memory of 1028	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1348 wrote to memory of 1028	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1348 wrote to memory of 3796	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 1348 wrote to memory of 3796	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 1348 wrote to memory of 2036	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1348 wrote to memory of 2036	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1348 wrote to memory of 3124	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1348 wrote to memory of 3124	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1348 wrote to memory of 4728	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1348 wrote to memory of 4728	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1348 wrote to memory of 2080	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1348 wrote to memory of 2080	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1348 wrote to memory of 3728	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1348 wrote to memory of 3728	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1348 wrote to memory of 3800	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1348 wrote to memory of 3800	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1348 wrote to memory of 2616	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1348 wrote to memory of 2616	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1348 wrote to memory of 1436	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1348 wrote to memory of 1436	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1348 wrote to memory of 2008	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1348 wrote to memory of 2008	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1348 wrote to memory of 4732	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1348 wrote to memory of 4732	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1348 wrote to memory of 2996	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1348 wrote to memory of 2996	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1348 wrote to memory of 3544	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1348 wrote to memory of 3544	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1348 wrote to memory of 3660	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1348 wrote to memory of 3660	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1348 wrote to memory of 384	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1348 wrote to memory of 384	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1348 wrote to memory of 2392	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1348 wrote to memory of 2392	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1348 wrote to memory of 644	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1348 wrote to memory of 644	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1348 wrote to memory of 1860	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1348 wrote to memory of 1860	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1348 wrote to memory of 1568	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1348 wrote to memory of 1568	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1348 wrote to memory of 2624	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1348 wrote to memory of 2624	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1348 wrote to memory of 3764	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1348 wrote to memory of 3764	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1348 wrote to memory of 1308	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1348 wrote to memory of 1308	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1348 wrote to memory of 2940	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1348 wrote to memory of 2940	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1348 wrote to memory of 2636	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1348 wrote to memory of 2636	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1348 wrote to memory of 2948	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1348 wrote to memory of 2948	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1348 wrote to memory of 4960	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1348 wrote to memory of 4960	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1348 wrote to memory of 520	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1348 wrote to memory of 520	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1348 wrote to memory of 1040	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1348 wrote to memory of 1040	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1348 wrote to memory of 1728	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 1348 wrote to memory of 1728	1348	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	115

C:\Windows\System32\hnaorh.exe
"C:\Windows\System32\hnaorh.exe"
1⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1348
- C:\Windows\System\NrHmtah.exe
  C:\Windows\System\NrHmtah.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\pEOkxqn.exe
  C:\Windows\System\pEOkxqn.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\HUjVsem.exe
  C:\Windows\System\HUjVsem.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\dVRHckG.exe
  C:\Windows\System\dVRHckG.exe
  2⤵
  - Executes dropped EXE
  PID:3796
- C:\Windows\System\EkSIWMX.exe
  C:\Windows\System\EkSIWMX.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\qCeixAx.exe
  C:\Windows\System\qCeixAx.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\VrdjlQY.exe
  C:\Windows\System\VrdjlQY.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\nAgRzkK.exe
  C:\Windows\System\nAgRzkK.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\RGqtMTR.exe
  C:\Windows\System\RGqtMTR.exe
  2⤵
  - Executes dropped EXE
  PID:3728
- C:\Windows\System\GfFCERL.exe
  C:\Windows\System\GfFCERL.exe
  2⤵
  - Executes dropped EXE
  PID:3800
- C:\Windows\System\CtVCMZF.exe
  C:\Windows\System\CtVCMZF.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\LAjavUV.exe
  C:\Windows\System\LAjavUV.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\kYfkLjr.exe
  C:\Windows\System\kYfkLjr.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\dsfvnwC.exe
  C:\Windows\System\dsfvnwC.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\wBKdcEm.exe
  C:\Windows\System\wBKdcEm.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\iNYohfa.exe
  C:\Windows\System\iNYohfa.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\mSXAKpE.exe
  C:\Windows\System\mSXAKpE.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\vxQibMo.exe
  C:\Windows\System\vxQibMo.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System\PlDuHHY.exe
  C:\Windows\System\PlDuHHY.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\dCWPBMG.exe
  C:\Windows\System\dCWPBMG.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\fOnJuaA.exe
  C:\Windows\System\fOnJuaA.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\qHABTaa.exe
  C:\Windows\System\qHABTaa.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\hgEMorl.exe
  C:\Windows\System\hgEMorl.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\RasDhLw.exe
  C:\Windows\System\RasDhLw.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System\RiUWTdW.exe
  C:\Windows\System\RiUWTdW.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\uBRIBkv.exe
  C:\Windows\System\uBRIBkv.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\RTFHFYR.exe
  C:\Windows\System\RTFHFYR.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\sHNRGGQ.exe
  C:\Windows\System\sHNRGGQ.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\UodJSLL.exe
  C:\Windows\System\UodJSLL.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\vlqfTIT.exe
  C:\Windows\System\vlqfTIT.exe
  2⤵
  - Executes dropped EXE
  PID:520
- C:\Windows\System\QQqvnUE.exe
  C:\Windows\System\QQqvnUE.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\HgvDDkO.exe
  C:\Windows\System\HgvDDkO.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\iGqBvID.exe
  C:\Windows\System\iGqBvID.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\uXLasAO.exe
  C:\Windows\System\uXLasAO.exe
  2⤵
  - Executes dropped EXE
  PID:4276
- C:\Windows\System\LSQgybO.exe
  C:\Windows\System\LSQgybO.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\wfsuimK.exe
  C:\Windows\System\wfsuimK.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\AFFFbrJ.exe
  C:\Windows\System\AFFFbrJ.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\YkJvWVL.exe
  C:\Windows\System\YkJvWVL.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\ZcUNxWp.exe
  C:\Windows\System\ZcUNxWp.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\MoZVldb.exe
  C:\Windows\System\MoZVldb.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\FEMehHk.exe
  C:\Windows\System\FEMehHk.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\ZvqqvZs.exe
  C:\Windows\System\ZvqqvZs.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\HfiikvT.exe
  C:\Windows\System\HfiikvT.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\UMhNFHk.exe
  C:\Windows\System\UMhNFHk.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\ZQtFiJW.exe
  C:\Windows\System\ZQtFiJW.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\zgvBPXZ.exe
  C:\Windows\System\zgvBPXZ.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\BqSoFyc.exe
  C:\Windows\System\BqSoFyc.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\gRNLwql.exe
  C:\Windows\System\gRNLwql.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\sBWTYdv.exe
  C:\Windows\System\sBWTYdv.exe
  2⤵
  - Executes dropped EXE
  PID:488
- C:\Windows\System\HINsgVP.exe
  C:\Windows\System\HINsgVP.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\BJeJtrm.exe
  C:\Windows\System\BJeJtrm.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\zRJkIFf.exe
  C:\Windows\System\zRJkIFf.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\YXQdGWv.exe
  C:\Windows\System\YXQdGWv.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\ZRbegwA.exe
  C:\Windows\System\ZRbegwA.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System\hEBgvvV.exe
  C:\Windows\System\hEBgvvV.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System\SGGDkfd.exe
  C:\Windows\System\SGGDkfd.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\OHCuQlN.exe
  C:\Windows\System\OHCuQlN.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\VhyeNxw.exe
  C:\Windows\System\VhyeNxw.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\OFuBmrc.exe
  C:\Windows\System\OFuBmrc.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\HOXppxb.exe
  C:\Windows\System\HOXppxb.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\shrOrbL.exe
  C:\Windows\System\shrOrbL.exe
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Windows\System\KVYNagQ.exe
  C:\Windows\System\KVYNagQ.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\iuiqwjP.exe
  C:\Windows\System\iuiqwjP.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\aKeNCdP.exe
  C:\Windows\System\aKeNCdP.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\zXeZWlY.exe
  C:\Windows\System\zXeZWlY.exe
  2⤵
  PID:2372
- C:\Windows\System\ONdIYsT.exe
  C:\Windows\System\ONdIYsT.exe
  2⤵
  PID:3064
- C:\Windows\System\UkbaVCM.exe
  C:\Windows\System\UkbaVCM.exe
  2⤵
  PID:3520
- C:\Windows\System\cDsvRMr.exe
  C:\Windows\System\cDsvRMr.exe
  2⤵
  PID:3384
- C:\Windows\System\EsAoUOH.exe
  C:\Windows\System\EsAoUOH.exe
  2⤵
  PID:4012
- C:\Windows\System\RzFxnmJ.exe
  C:\Windows\System\RzFxnmJ.exe
  2⤵
  PID:4252
- C:\Windows\System\MYCNhjS.exe
  C:\Windows\System\MYCNhjS.exe
  2⤵
  PID:468
- C:\Windows\System\vgWaSqT.exe
  C:\Windows\System\vgWaSqT.exe
  2⤵
  PID:2864
- C:\Windows\System\mllFPjU.exe
  C:\Windows\System\mllFPjU.exe
  2⤵
  PID:3244
- C:\Windows\System\lHdnLIT.exe
  C:\Windows\System\lHdnLIT.exe
  2⤵
  PID:2816
- C:\Windows\System\bQbqziZ.exe
  C:\Windows\System\bQbqziZ.exe
  2⤵
  PID:1572
- C:\Windows\System\zhXHvwL.exe
  C:\Windows\System\zhXHvwL.exe
  2⤵
  PID:1084
- C:\Windows\System\WXtTFdQ.exe
  C:\Windows\System\WXtTFdQ.exe
  2⤵
  PID:3308
- C:\Windows\System\zzJahtJ.exe
  C:\Windows\System\zzJahtJ.exe
  2⤵
  PID:4980
- C:\Windows\System\POhGcde.exe
  C:\Windows\System\POhGcde.exe
  2⤵
  PID:4444
- C:\Windows\System\rCVLSHb.exe
  C:\Windows\System\rCVLSHb.exe
  2⤵
  PID:1828
- C:\Windows\System\QPwVECl.exe
  C:\Windows\System\QPwVECl.exe
  2⤵
  PID:2416
- C:\Windows\System\peqcApX.exe
  C:\Windows\System\peqcApX.exe
  2⤵
  PID:228
- C:\Windows\System\orYFYUf.exe
  C:\Windows\System\orYFYUf.exe
  2⤵
  PID:4044
- C:\Windows\System\LoQvuXX.exe
  C:\Windows\System\LoQvuXX.exe
  2⤵
  PID:1676
- C:\Windows\System\jNuRFWu.exe
  C:\Windows\System\jNuRFWu.exe
  2⤵
  PID:4064
- C:\Windows\System\ieZCOws.exe
  C:\Windows\System\ieZCOws.exe
  2⤵
  PID:2736
- C:\Windows\System\hPjBjMC.exe
  C:\Windows\System\hPjBjMC.exe
  2⤵
  PID:3736
- C:\Windows\System\ieBNMQM.exe
  C:\Windows\System\ieBNMQM.exe
  2⤵
  PID:744
- C:\Windows\System\zvlpUvo.exe
  C:\Windows\System\zvlpUvo.exe
  2⤵
  PID:2012
- C:\Windows\System\fHYvKTW.exe
  C:\Windows\System\fHYvKTW.exe
  2⤵
  PID:1116
- C:\Windows\System\Ejqgqpl.exe
  C:\Windows\System\Ejqgqpl.exe
  2⤵
  PID:2448
- C:\Windows\System\RPrdVcd.exe
  C:\Windows\System\RPrdVcd.exe
  2⤵
  PID:1844
- C:\Windows\System\noFNWMf.exe
  C:\Windows\System\noFNWMf.exe
  2⤵
  PID:5156
- C:\Windows\System\jmuEAWd.exe
  C:\Windows\System\jmuEAWd.exe
  2⤵
  PID:5184
- C:\Windows\System\MMSWolL.exe
  C:\Windows\System\MMSWolL.exe
  2⤵
  PID:5216
- C:\Windows\System\YlSRord.exe
  C:\Windows\System\YlSRord.exe
  2⤵
  PID:5240
- C:\Windows\System\HkXfxfl.exe
  C:\Windows\System\HkXfxfl.exe
  2⤵
  PID:5268
- C:\Windows\System\fXpGNGd.exe
  C:\Windows\System\fXpGNGd.exe
  2⤵
  PID:5300
- C:\Windows\System\pRnghbE.exe
  C:\Windows\System\pRnghbE.exe
  2⤵
  PID:5328
- C:\Windows\System\rAElEJZ.exe
  C:\Windows\System\rAElEJZ.exe
  2⤵
  PID:5352
- C:\Windows\System\DuzOFvL.exe
  C:\Windows\System\DuzOFvL.exe
  2⤵
  PID:5380
- C:\Windows\System\PzhEket.exe
  C:\Windows\System\PzhEket.exe
  2⤵
  PID:5412
- C:\Windows\System\RwkwkqI.exe
  C:\Windows\System\RwkwkqI.exe
  2⤵
  PID:5428
- C:\Windows\System\MKiaBGo.exe
  C:\Windows\System\MKiaBGo.exe
  2⤵
  PID:5456
- C:\Windows\System\TfHKuED.exe
  C:\Windows\System\TfHKuED.exe
  2⤵
  PID:5496
- C:\Windows\System\Wgqxxux.exe
  C:\Windows\System\Wgqxxux.exe
  2⤵
  PID:5512
- C:\Windows\System\SjIAxix.exe
  C:\Windows\System\SjIAxix.exe
  2⤵
  PID:5552
- C:\Windows\System\MhBmszj.exe
  C:\Windows\System\MhBmszj.exe
  2⤵
  PID:5584
- C:\Windows\System\LWmcdPH.exe
  C:\Windows\System\LWmcdPH.exe
  2⤵
  PID:5612
- C:\Windows\System\SHZQEcw.exe
  C:\Windows\System\SHZQEcw.exe
  2⤵
  PID:5636
- C:\Windows\System\YRqfpiz.exe
  C:\Windows\System\YRqfpiz.exe
  2⤵
  PID:5668
- C:\Windows\System\XMQQREE.exe
  C:\Windows\System\XMQQREE.exe
  2⤵
  PID:5696
- C:\Windows\System\eJtfDor.exe
  C:\Windows\System\eJtfDor.exe
  2⤵
  PID:5716
- C:\Windows\System\FRCVGmi.exe
  C:\Windows\System\FRCVGmi.exe
  2⤵
  PID:5756
- C:\Windows\System\iCxIrRJ.exe
  C:\Windows\System\iCxIrRJ.exe
  2⤵
  PID:5784
- C:\Windows\System\oyGnBTz.exe
  C:\Windows\System\oyGnBTz.exe
  2⤵
  PID:5804
- C:\Windows\System\TsDSBoT.exe
  C:\Windows\System\TsDSBoT.exe
  2⤵
  PID:5840
- C:\Windows\System\AKeVDCN.exe
  C:\Windows\System\AKeVDCN.exe
  2⤵
  PID:5868
- C:\Windows\System\XoQCwhX.exe
  C:\Windows\System\XoQCwhX.exe
  2⤵
  PID:5900
- C:\Windows\System\DqxYxft.exe
  C:\Windows\System\DqxYxft.exe
  2⤵
  PID:5928
- C:\Windows\System\CYwFXvY.exe
  C:\Windows\System\CYwFXvY.exe
  2⤵
  PID:5956
- C:\Windows\System\MYWeuuN.exe
  C:\Windows\System\MYWeuuN.exe
  2⤵
  PID:5984
- C:\Windows\System\XassvWV.exe
  C:\Windows\System\XassvWV.exe
  2⤵
  PID:6008
- C:\Windows\System\pyBudLu.exe
  C:\Windows\System\pyBudLu.exe
  2⤵
  PID:6040
- C:\Windows\System\rAfRgcD.exe
  C:\Windows\System\rAfRgcD.exe
  2⤵
  PID:6068
- C:\Windows\System\KTJwtLn.exe
  C:\Windows\System\KTJwtLn.exe
  2⤵
  PID:6092
- C:\Windows\System\ufoMVPM.exe
  C:\Windows\System\ufoMVPM.exe
  2⤵
  PID:6112
- C:\Windows\System\hnGNTBX.exe
  C:\Windows\System\hnGNTBX.exe
  2⤵
  PID:6140
- C:\Windows\System\DahyIzM.exe
  C:\Windows\System\DahyIzM.exe
  2⤵
  PID:5204
- C:\Windows\System\oszkOmq.exe
  C:\Windows\System\oszkOmq.exe
  2⤵
  PID:5248
- C:\Windows\System\HNoBNbu.exe
  C:\Windows\System\HNoBNbu.exe
  2⤵
  PID:5336
- C:\Windows\System\FZKkzuh.exe
  C:\Windows\System\FZKkzuh.exe
  2⤵
  PID:5364
- C:\Windows\System\daDHNlj.exe
  C:\Windows\System\daDHNlj.exe
  2⤵
  PID:5448
- C:\Windows\System\sQrolur.exe
  C:\Windows\System\sQrolur.exe
  2⤵
  PID:5524
- C:\Windows\System\JQXYmEi.exe
  C:\Windows\System\JQXYmEi.exe
  2⤵
  PID:5592
- C:\Windows\System\LSCnqfI.exe
  C:\Windows\System\LSCnqfI.exe
  2⤵
  PID:5656
- C:\Windows\System\dHjWDRJ.exe
  C:\Windows\System\dHjWDRJ.exe
  2⤵
  PID:5744
- C:\Windows\System\IOenIsS.exe
  C:\Windows\System\IOenIsS.exe
  2⤵
  PID:5800
- C:\Windows\System\UpChovh.exe
  C:\Windows\System\UpChovh.exe
  2⤵
  PID:5852
- C:\Windows\System\xNihjSf.exe
  C:\Windows\System\xNihjSf.exe
  2⤵
  PID:5936
- C:\Windows\System\wkgAmfE.exe
  C:\Windows\System\wkgAmfE.exe
  2⤵
  PID:5996
- C:\Windows\System\rpipYYy.exe
  C:\Windows\System\rpipYYy.exe
  2⤵
  PID:6076
- C:\Windows\System\qDzsQok.exe
  C:\Windows\System\qDzsQok.exe
  2⤵
  PID:6132
- C:\Windows\System\gaMhyAf.exe
  C:\Windows\System\gaMhyAf.exe
  2⤵
  PID:5224
- C:\Windows\System\NNZsMEU.exe
  C:\Windows\System\NNZsMEU.exe
  2⤵
  PID:2236
- C:\Windows\System\gReUTLN.exe
  C:\Windows\System\gReUTLN.exe
  2⤵
  PID:5540
- C:\Windows\System\BDuEYdu.exe
  C:\Windows\System\BDuEYdu.exe
  2⤵
  PID:5728
- C:\Windows\System\HuCtWAO.exe
  C:\Windows\System\HuCtWAO.exe
  2⤵
  PID:5828
- C:\Windows\System\cjrUKGA.exe
  C:\Windows\System\cjrUKGA.exe
  2⤵
  PID:5972
- C:\Windows\System\pZawips.exe
  C:\Windows\System\pZawips.exe
  2⤵
  PID:5564
- C:\Windows\System\UznAuKa.exe
  C:\Windows\System\UznAuKa.exe
  2⤵
  PID:4524
- C:\Windows\System\kFrufYo.exe
  C:\Windows\System\kFrufYo.exe
  2⤵
  PID:5752
- C:\Windows\System\UhXOiaw.exe
  C:\Windows\System\UhXOiaw.exe
  2⤵
  PID:1664
- C:\Windows\System\wvhNuPu.exe
  C:\Windows\System\wvhNuPu.exe
  2⤵
  PID:5508
- C:\Windows\System\jqUlWGc.exe
  C:\Windows\System\jqUlWGc.exe
  2⤵
  PID:5424
- C:\Windows\System\pfJBXzs.exe
  C:\Windows\System\pfJBXzs.exe
  2⤵
  PID:6148
- C:\Windows\System\qZjUkxL.exe
  C:\Windows\System\qZjUkxL.exe
  2⤵
  PID:6184
- C:\Windows\System\YInftSF.exe
  C:\Windows\System\YInftSF.exe
  2⤵
  PID:6216
- C:\Windows\System\zTrKqJT.exe
  C:\Windows\System\zTrKqJT.exe
  2⤵
  PID:6240
- C:\Windows\System\xouLdFf.exe
  C:\Windows\System\xouLdFf.exe
  2⤵
  PID:6272
- C:\Windows\System\bWrOAcp.exe
  C:\Windows\System\bWrOAcp.exe
  2⤵
  PID:6304
- C:\Windows\System\lltOwos.exe
  C:\Windows\System\lltOwos.exe
  2⤵
  PID:6332
- C:\Windows\System\wxXzKgG.exe
  C:\Windows\System\wxXzKgG.exe
  2⤵
  PID:6364
- C:\Windows\System\YgIVKHy.exe
  C:\Windows\System\YgIVKHy.exe
  2⤵
  PID:6388
- C:\Windows\System\uBLbRzR.exe
  C:\Windows\System\uBLbRzR.exe
  2⤵
  PID:6420
- C:\Windows\System\UOOqDBy.exe
  C:\Windows\System\UOOqDBy.exe
  2⤵
  PID:6444
- C:\Windows\System\otpQgkB.exe
  C:\Windows\System\otpQgkB.exe
  2⤵
  PID:6472
- C:\Windows\System\lvNtzoN.exe
  C:\Windows\System\lvNtzoN.exe
  2⤵
  PID:6496
- C:\Windows\System\IKFIkLB.exe
  C:\Windows\System\IKFIkLB.exe
  2⤵
  PID:6528
- C:\Windows\System\PEgmSwO.exe
  C:\Windows\System\PEgmSwO.exe
  2⤵
  PID:6560
- C:\Windows\System\ZRUdyZK.exe
  C:\Windows\System\ZRUdyZK.exe
  2⤵
  PID:6584
- C:\Windows\System\ceAouen.exe
  C:\Windows\System\ceAouen.exe
  2⤵
  PID:6616
- C:\Windows\System\aCQdrdg.exe
  C:\Windows\System\aCQdrdg.exe
  2⤵
  PID:6640
- C:\Windows\System\ESmgtMu.exe
  C:\Windows\System\ESmgtMu.exe
  2⤵
  PID:6668
- C:\Windows\System\KVOgqMs.exe
  C:\Windows\System\KVOgqMs.exe
  2⤵
  PID:6700
- C:\Windows\System\XsEDYmG.exe
  C:\Windows\System\XsEDYmG.exe
  2⤵
  PID:6724
- C:\Windows\System\ulLUbOp.exe
  C:\Windows\System\ulLUbOp.exe
  2⤵
  PID:6744
- C:\Windows\System\hHNlvzT.exe
  C:\Windows\System\hHNlvzT.exe
  2⤵
  PID:6780
- C:\Windows\System\LJWlwyb.exe
  C:\Windows\System\LJWlwyb.exe
  2⤵
  PID:6812
- C:\Windows\System\USNjCDI.exe
  C:\Windows\System\USNjCDI.exe
  2⤵
  PID:6836
- C:\Windows\System\eTRfxzv.exe
  C:\Windows\System\eTRfxzv.exe
  2⤵
  PID:6864
- C:\Windows\System\jXsqjdc.exe
  C:\Windows\System\jXsqjdc.exe
  2⤵
  PID:6896
- C:\Windows\System\HozYCEL.exe
  C:\Windows\System\HozYCEL.exe
  2⤵
  PID:6920
- C:\Windows\System\tTitFQR.exe
  C:\Windows\System\tTitFQR.exe
  2⤵
  PID:6948
- C:\Windows\System\kGJmfst.exe
  C:\Windows\System\kGJmfst.exe
  2⤵
  PID:6980
- C:\Windows\System\jtwixgP.exe
  C:\Windows\System\jtwixgP.exe
  2⤵
  PID:7012
- C:\Windows\System\USnHSpu.exe
  C:\Windows\System\USnHSpu.exe
  2⤵
  PID:7036
- C:\Windows\System\CSLzCAi.exe
  C:\Windows\System\CSLzCAi.exe
  2⤵
  PID:7064
- C:\Windows\System\ToDcgZL.exe
  C:\Windows\System\ToDcgZL.exe
  2⤵
  PID:7092
- C:\Windows\System\RlhHwpM.exe
  C:\Windows\System\RlhHwpM.exe
  2⤵
  PID:7124
- C:\Windows\System\EtaWLKD.exe
  C:\Windows\System\EtaWLKD.exe
  2⤵
  PID:7148
- C:\Windows\System\dMbEymQ.exe
  C:\Windows\System\dMbEymQ.exe
  2⤵
  PID:4984
- C:\Windows\System\ambXXfK.exe
  C:\Windows\System\ambXXfK.exe
  2⤵
  PID:6224
- C:\Windows\System\SVGzWkh.exe
  C:\Windows\System\SVGzWkh.exe
  2⤵
  PID:6292
- C:\Windows\System\ZRAQIHL.exe
  C:\Windows\System\ZRAQIHL.exe
  2⤵
  PID:6372
- C:\Windows\System\KoXnRPh.exe
  C:\Windows\System\KoXnRPh.exe
  2⤵
  PID:6428
- C:\Windows\System\WvgaULH.exe
  C:\Windows\System\WvgaULH.exe
  2⤵
  PID:6484
- C:\Windows\System\ohZJkoG.exe
  C:\Windows\System\ohZJkoG.exe
  2⤵
  PID:6556
- C:\Windows\System\VxzkEvX.exe
  C:\Windows\System\VxzkEvX.exe
  2⤵
  PID:6632
- C:\Windows\System\UuTeapl.exe
  C:\Windows\System\UuTeapl.exe
  2⤵
  PID:6676
- C:\Windows\System\HCZsnpz.exe
  C:\Windows\System\HCZsnpz.exe
  2⤵
  PID:6756
- C:\Windows\System\DfpCAvR.exe
  C:\Windows\System\DfpCAvR.exe
  2⤵
  PID:6800
- C:\Windows\System\mwbXoYs.exe
  C:\Windows\System\mwbXoYs.exe
  2⤵
  PID:6872
- C:\Windows\System\imxjFSI.exe
  C:\Windows\System\imxjFSI.exe
  2⤵
  PID:6912
- C:\Windows\System\PrFJKxd.exe
  C:\Windows\System\PrFJKxd.exe
  2⤵
  PID:7000
- C:\Windows\System\mATKHFU.exe
  C:\Windows\System\mATKHFU.exe
  2⤵
  PID:7052
- C:\Windows\System\XtZbuBP.exe
  C:\Windows\System\XtZbuBP.exe
  2⤵
  PID:7132
- C:\Windows\System\CfpyMkU.exe
  C:\Windows\System\CfpyMkU.exe
  2⤵
  PID:6192
- C:\Windows\System\dvNHMRh.exe
  C:\Windows\System\dvNHMRh.exe
  2⤵
  PID:6344
- C:\Windows\System\TabQlMG.exe
  C:\Windows\System\TabQlMG.exe
  2⤵
  PID:6512
- C:\Windows\System\gZOtbfY.exe
  C:\Windows\System\gZOtbfY.exe
  2⤵
  PID:6688
- C:\Windows\System\iVksAbu.exe
  C:\Windows\System\iVksAbu.exe
  2⤵
  PID:6828
- C:\Windows\System\pwFOOGV.exe
  C:\Windows\System\pwFOOGV.exe
  2⤵
  PID:6988
- C:\Windows\System\GQaPive.exe
  C:\Windows\System\GQaPive.exe
  2⤵
  PID:7104
- C:\Windows\System\OjenWPG.exe
  C:\Windows\System\OjenWPG.exe
  2⤵
  PID:6408
- C:\Windows\System\StDLMhc.exe
  C:\Windows\System\StDLMhc.exe
  2⤵
  PID:6768
- C:\Windows\System\TXEfYYC.exe
  C:\Windows\System\TXEfYYC.exe
  2⤵
  PID:7156
- C:\Windows\System\VCLdBek.exe
  C:\Windows\System\VCLdBek.exe
  2⤵
  PID:6884
- C:\Windows\System\XPARcXr.exe
  C:\Windows\System\XPARcXr.exe
  2⤵
  PID:7076
- C:\Windows\System\IrTcbhx.exe
  C:\Windows\System\IrTcbhx.exe
  2⤵
  PID:7188
- C:\Windows\System\vBjhSuW.exe
  C:\Windows\System\vBjhSuW.exe
  2⤵
  PID:7216
- C:\Windows\System\BeOfqBP.exe
  C:\Windows\System\BeOfqBP.exe
  2⤵
  PID:7244
- C:\Windows\System\BnegAHo.exe
  C:\Windows\System\BnegAHo.exe
  2⤵
  PID:7268
- C:\Windows\System\HNBwkfS.exe
  C:\Windows\System\HNBwkfS.exe
  2⤵
  PID:7304
- C:\Windows\System\ZYkBPLe.exe
  C:\Windows\System\ZYkBPLe.exe
  2⤵
  PID:7332
- C:\Windows\System\nxnQmOr.exe
  C:\Windows\System\nxnQmOr.exe
  2⤵
  PID:7356
- C:\Windows\System\vMhdKYT.exe
  C:\Windows\System\vMhdKYT.exe
  2⤵
  PID:7384
- C:\Windows\System\zlYCAXV.exe
  C:\Windows\System\zlYCAXV.exe
  2⤵
  PID:7416
- C:\Windows\System\RnJHgcq.exe
  C:\Windows\System\RnJHgcq.exe
  2⤵
  PID:7440
- C:\Windows\System\UxmVueg.exe
  C:\Windows\System\UxmVueg.exe
  2⤵
  PID:7468
- C:\Windows\System\BWxsUcH.exe
  C:\Windows\System\BWxsUcH.exe
  2⤵
  PID:7496
- C:\Windows\System\urNkjSV.exe
  C:\Windows\System\urNkjSV.exe
  2⤵
  PID:7524
- C:\Windows\System\vpXDSIw.exe
  C:\Windows\System\vpXDSIw.exe
  2⤵
  PID:7544
- C:\Windows\System\ZiQbBFn.exe
  C:\Windows\System\ZiQbBFn.exe
  2⤵
  PID:7580
- C:\Windows\System\tdKhtxT.exe
  C:\Windows\System\tdKhtxT.exe
  2⤵
  PID:7612
- C:\Windows\System\iPSPiEa.exe
  C:\Windows\System\iPSPiEa.exe
  2⤵
  PID:7640
- C:\Windows\System\xsUSoPk.exe
  C:\Windows\System\xsUSoPk.exe
  2⤵
  PID:7668
- C:\Windows\System\YpvtbrZ.exe
  C:\Windows\System\YpvtbrZ.exe
  2⤵
  PID:7696
- C:\Windows\System\yoyWrkm.exe
  C:\Windows\System\yoyWrkm.exe
  2⤵
  PID:7724
- C:\Windows\System\vDdiOps.exe
  C:\Windows\System\vDdiOps.exe
  2⤵
  PID:7752
- C:\Windows\System\JJVOLqs.exe
  C:\Windows\System\JJVOLqs.exe
  2⤵
  PID:7772
- C:\Windows\System\ULJNqZJ.exe
  C:\Windows\System\ULJNqZJ.exe
  2⤵
  PID:7812
- C:\Windows\System\WaRugLt.exe
  C:\Windows\System\WaRugLt.exe
  2⤵
  PID:7832
- C:\Windows\System\mrBsItz.exe
  C:\Windows\System\mrBsItz.exe
  2⤵
  PID:7860
- C:\Windows\System\qUouVZG.exe
  C:\Windows\System\qUouVZG.exe
  2⤵
  PID:7908
- C:\Windows\System\zYqjIvs.exe
  C:\Windows\System\zYqjIvs.exe
  2⤵
  PID:7936
- C:\Windows\System\qQWpIOE.exe
  C:\Windows\System\qQWpIOE.exe
  2⤵
  PID:7964
- C:\Windows\System\UnxwPoF.exe
  C:\Windows\System\UnxwPoF.exe
  2⤵
  PID:8000
- C:\Windows\System\loeIQLT.exe
  C:\Windows\System\loeIQLT.exe
  2⤵
  PID:8020
- C:\Windows\System\TpPMrWj.exe
  C:\Windows\System\TpPMrWj.exe
  2⤵
  PID:8048
- C:\Windows\System\vcMckcb.exe
  C:\Windows\System\vcMckcb.exe
  2⤵
  PID:8080
- C:\Windows\System\qmFyUSf.exe
  C:\Windows\System\qmFyUSf.exe
  2⤵
  PID:8104
- C:\Windows\System\YrKNeCC.exe
  C:\Windows\System\YrKNeCC.exe
  2⤵
  PID:8132
- C:\Windows\System\zPUfkYC.exe
  C:\Windows\System\zPUfkYC.exe
  2⤵
  PID:8160
- C:\Windows\System\JWTGenD.exe
  C:\Windows\System\JWTGenD.exe
  2⤵
  PID:7180
- C:\Windows\System\duOatqY.exe
  C:\Windows\System\duOatqY.exe
  2⤵
  PID:7260
- C:\Windows\System\vXtNraq.exe
  C:\Windows\System\vXtNraq.exe
  2⤵
  PID:7312
- C:\Windows\System\VMiFBjb.exe
  C:\Windows\System\VMiFBjb.exe
  2⤵
  PID:7376
- C:\Windows\System\hvFZdLU.exe
  C:\Windows\System\hvFZdLU.exe
  2⤵
  PID:7448
- C:\Windows\System\JfpekaO.exe
  C:\Windows\System\JfpekaO.exe
  2⤵
  PID:7504
- C:\Windows\System\QaKTCRK.exe
  C:\Windows\System\QaKTCRK.exe
  2⤵
  PID:7564
- C:\Windows\System\cGDfQEH.exe
  C:\Windows\System\cGDfQEH.exe
  2⤵
  PID:7628
- C:\Windows\System\AGKNPUa.exe
  C:\Windows\System\AGKNPUa.exe
  2⤵
  PID:7688
- C:\Windows\System\CMaoLap.exe
  C:\Windows\System\CMaoLap.exe
  2⤵
  PID:7760
- C:\Windows\System\MdPfngj.exe
  C:\Windows\System\MdPfngj.exe
  2⤵
  PID:7824
- C:\Windows\System\nutlbvo.exe
  C:\Windows\System\nutlbvo.exe
  2⤵
  PID:7920
- C:\Windows\System\QxlJOKv.exe
  C:\Windows\System\QxlJOKv.exe
  2⤵
  PID:7976
- C:\Windows\System\hTYfukD.exe
  C:\Windows\System\hTYfukD.exe
  2⤵
  PID:8044
- C:\Windows\System\zoQSMnV.exe
  C:\Windows\System\zoQSMnV.exe
  2⤵
  PID:2344
- C:\Windows\System\bPAsTcY.exe
  C:\Windows\System\bPAsTcY.exe
  2⤵
  PID:8152
- C:\Windows\System\ivKvrsg.exe
  C:\Windows\System\ivKvrsg.exe
  2⤵
  PID:7252
- C:\Windows\System\ZLwChlU.exe
  C:\Windows\System\ZLwChlU.exe
  2⤵
  PID:7368
- C:\Windows\System\zGhkYUL.exe
  C:\Windows\System\zGhkYUL.exe
  2⤵
  PID:7480
- C:\Windows\System\nuanyVn.exe
  C:\Windows\System\nuanyVn.exe
  2⤵
  PID:7600
- C:\Windows\System\CRXSQQW.exe
  C:\Windows\System\CRXSQQW.exe
  2⤵
  PID:7784
- C:\Windows\System\MoxbaMI.exe
  C:\Windows\System\MoxbaMI.exe
  2⤵
  PID:7956
- C:\Windows\System\wSlrJzO.exe
  C:\Windows\System\wSlrJzO.exe
  2⤵
  PID:8128
- C:\Windows\System\qviTTUN.exe
  C:\Windows\System\qviTTUN.exe
  2⤵
  PID:7300
- C:\Windows\System\OfoEbVh.exe
  C:\Windows\System\OfoEbVh.exe
  2⤵
  PID:7592
- C:\Windows\System\ZQwivab.exe
  C:\Windows\System\ZQwivab.exe
  2⤵
  PID:8016
- C:\Windows\System\GFwNPwp.exe
  C:\Windows\System\GFwNPwp.exe
  2⤵
  PID:1228
- C:\Windows\System\gSbyGej.exe
  C:\Windows\System\gSbyGej.exe
  2⤵
  PID:7200
- C:\Windows\System\wmuExMi.exe
  C:\Windows\System\wmuExMi.exe
  2⤵
  PID:7948
- C:\Windows\System\FHlHOIM.exe
  C:\Windows\System\FHlHOIM.exe
  2⤵
  PID:8220
- C:\Windows\System\HrwStfZ.exe
  C:\Windows\System\HrwStfZ.exe
  2⤵
  PID:8248
- C:\Windows\System\UcmgRCm.exe
  C:\Windows\System\UcmgRCm.exe
  2⤵
  PID:8276
- C:\Windows\System\tvKKHak.exe
  C:\Windows\System\tvKKHak.exe
  2⤵
  PID:8312
- C:\Windows\System\OxQgByI.exe
  C:\Windows\System\OxQgByI.exe
  2⤵
  PID:8332
- C:\Windows\System\OeTKakc.exe
  C:\Windows\System\OeTKakc.exe
  2⤵
  PID:8360
- C:\Windows\System\yfauSFh.exe
  C:\Windows\System\yfauSFh.exe
  2⤵
  PID:8392
- C:\Windows\System\fthKJZg.exe
  C:\Windows\System\fthKJZg.exe
  2⤵
  PID:8424
- C:\Windows\System\CmvsIkp.exe
  C:\Windows\System\CmvsIkp.exe
  2⤵
  PID:8444
- C:\Windows\System\KrcKNIf.exe
  C:\Windows\System\KrcKNIf.exe
  2⤵
  PID:8476
- C:\Windows\System\HoKKahk.exe
  C:\Windows\System\HoKKahk.exe
  2⤵
  PID:8516
- C:\Windows\System\dToyxLW.exe
  C:\Windows\System\dToyxLW.exe
  2⤵
  PID:8532
- C:\Windows\System\MEzCubl.exe
  C:\Windows\System\MEzCubl.exe
  2⤵
  PID:8560
- C:\Windows\System\tQRLaEE.exe
  C:\Windows\System\tQRLaEE.exe
  2⤵
  PID:8588
- C:\Windows\System\biJPnPj.exe
  C:\Windows\System\biJPnPj.exe
  2⤵
  PID:8620
- C:\Windows\System\KchPjAn.exe
  C:\Windows\System\KchPjAn.exe
  2⤵
  PID:8656
- C:\Windows\System\noZwibZ.exe
  C:\Windows\System\noZwibZ.exe
  2⤵
  PID:8680
- C:\Windows\System\lUChgZM.exe
  C:\Windows\System\lUChgZM.exe
  2⤵
  PID:8704
- C:\Windows\System\XkvYlTm.exe
  C:\Windows\System\XkvYlTm.exe
  2⤵
  PID:8732
- C:\Windows\System\dMhNlWi.exe
  C:\Windows\System\dMhNlWi.exe
  2⤵
  PID:8760
- C:\Windows\System\AAwgWnu.exe
  C:\Windows\System\AAwgWnu.exe
  2⤵
  PID:8788
- C:\Windows\System\GJXhETR.exe
  C:\Windows\System\GJXhETR.exe
  2⤵
  PID:8816
- C:\Windows\System\NSKHkim.exe
  C:\Windows\System\NSKHkim.exe
  2⤵
  PID:8852
- C:\Windows\System\heRqalX.exe
  C:\Windows\System\heRqalX.exe
  2⤵
  PID:8880
- C:\Windows\System\jQIOGlI.exe
  C:\Windows\System\jQIOGlI.exe
  2⤵
  PID:8900
- C:\Windows\System\yIsZDop.exe
  C:\Windows\System\yIsZDop.exe
  2⤵
  PID:8928
- C:\Windows\System\XlYOpjK.exe
  C:\Windows\System\XlYOpjK.exe
  2⤵
  PID:8964
- C:\Windows\System\rYJObCP.exe
  C:\Windows\System\rYJObCP.exe
  2⤵
  PID:8988
- C:\Windows\System\XVdvENY.exe
  C:\Windows\System\XVdvENY.exe
  2⤵
  PID:9012
- C:\Windows\System\NKzvVPX.exe
  C:\Windows\System\NKzvVPX.exe
  2⤵
  PID:9040
- C:\Windows\System\gGfmoXv.exe
  C:\Windows\System\gGfmoXv.exe
  2⤵
  PID:9072
- C:\Windows\System\CYrJUko.exe
  C:\Windows\System\CYrJUko.exe
  2⤵
  PID:9100
- C:\Windows\System\xiiiarS.exe
  C:\Windows\System\xiiiarS.exe
  2⤵
  PID:9128
- C:\Windows\System\hkCVjow.exe
  C:\Windows\System\hkCVjow.exe
  2⤵
  PID:9156
- C:\Windows\System\IZgFFKq.exe
  C:\Windows\System\IZgFFKq.exe
  2⤵
  PID:9184
- C:\Windows\System\JYpANVV.exe
  C:\Windows\System\JYpANVV.exe
  2⤵
  PID:9212
- C:\Windows\System\iKHwezM.exe
  C:\Windows\System\iKHwezM.exe
  2⤵
  PID:8244
- C:\Windows\System\DzrVPyw.exe
  C:\Windows\System\DzrVPyw.exe
  2⤵
  PID:8320
- C:\Windows\System\QhMTbhV.exe
  C:\Windows\System\QhMTbhV.exe
  2⤵
  PID:8380
- C:\Windows\System\dzfahAp.exe
  C:\Windows\System\dzfahAp.exe
  2⤵
  PID:2584
- C:\Windows\System\mumzbaO.exe
  C:\Windows\System\mumzbaO.exe
  2⤵
  PID:8488
- C:\Windows\System\eTSUDIt.exe
  C:\Windows\System\eTSUDIt.exe
  2⤵
  PID:8524
- C:\Windows\System\GAVqUuy.exe
  C:\Windows\System\GAVqUuy.exe
  2⤵
  PID:8632
- C:\Windows\System\xzSAWAf.exe
  C:\Windows\System\xzSAWAf.exe
  2⤵
  PID:4336
- C:\Windows\System\RZjucAJ.exe
  C:\Windows\System\RZjucAJ.exe
  2⤵
  PID:8752
- C:\Windows\System\vggEFwY.exe
  C:\Windows\System\vggEFwY.exe
  2⤵
  PID:8784
- C:\Windows\System\cLPuIzS.exe
  C:\Windows\System\cLPuIzS.exe
  2⤵
  PID:8840
- C:\Windows\System\DVdpHDR.exe
  C:\Windows\System\DVdpHDR.exe
  2⤵
  PID:8912
- C:\Windows\System\DIWgdEM.exe
  C:\Windows\System\DIWgdEM.exe
  2⤵
  PID:8972
- C:\Windows\System\sIVBkBE.exe
  C:\Windows\System\sIVBkBE.exe
  2⤵
  PID:9032
- C:\Windows\System\TGkSoit.exe
  C:\Windows\System\TGkSoit.exe
  2⤵
  PID:9092
- C:\Windows\System\ZkvtKKu.exe
  C:\Windows\System\ZkvtKKu.exe
  2⤵
  PID:9152
- C:\Windows\System\UZMitxQ.exe
  C:\Windows\System\UZMitxQ.exe
  2⤵
  PID:8212
- C:\Windows\System\QEVCRRX.exe
  C:\Windows\System\QEVCRRX.exe
  2⤵
  PID:8356
- C:\Windows\System\gcONdnw.exe
  C:\Windows\System\gcONdnw.exe
  2⤵
  PID:8460
- C:\Windows\System\uYaRDmw.exe
  C:\Windows\System\uYaRDmw.exe
  2⤵
  PID:8644
- C:\Windows\System\YbigRYI.exe
  C:\Windows\System\YbigRYI.exe
  2⤵
  PID:8700
- C:\Windows\System\WuyIuvP.exe
  C:\Windows\System\WuyIuvP.exe
  2⤵
  PID:8940
- C:\Windows\System\haNMhTa.exe
  C:\Windows\System\haNMhTa.exe
  2⤵
  PID:9024
- C:\Windows\System\pTbaAmN.exe
  C:\Windows\System\pTbaAmN.exe
  2⤵
  PID:4740
- C:\Windows\System\pxzgOri.exe
  C:\Windows\System\pxzgOri.exe
  2⤵
  PID:8272
- C:\Windows\System\SvtVTyG.exe
  C:\Windows\System\SvtVTyG.exe
  2⤵
  PID:8552
- C:\Windows\System\ftwdOuh.exe
  C:\Windows\System\ftwdOuh.exe
  2⤵
  PID:8996
- C:\Windows\System\FfCjpyI.exe
  C:\Windows\System\FfCjpyI.exe
  2⤵
  PID:9120
- C:\Windows\System\BrCPPmE.exe
  C:\Windows\System\BrCPPmE.exe
  2⤵
  PID:8608
- C:\Windows\System\RbDeMgM.exe
  C:\Windows\System\RbDeMgM.exe
  2⤵
  PID:4628
- C:\Windows\System\yyduoNn.exe
  C:\Windows\System\yyduoNn.exe
  2⤵
  PID:8696
- C:\Windows\System\AesGLoJ.exe
  C:\Windows\System\AesGLoJ.exe
  2⤵
  PID:9232
- C:\Windows\System\yqmDaEB.exe
  C:\Windows\System\yqmDaEB.exe
  2⤵
  PID:9260
- C:\Windows\System\RZbYrMM.exe
  C:\Windows\System\RZbYrMM.exe
  2⤵
  PID:9288
- C:\Windows\System\WPzHhzr.exe
  C:\Windows\System\WPzHhzr.exe
  2⤵
  PID:9316
- C:\Windows\System\sQbiSxU.exe
  C:\Windows\System\sQbiSxU.exe
  2⤵
  PID:9344
- C:\Windows\System\SDqvUYr.exe
  C:\Windows\System\SDqvUYr.exe
  2⤵
  PID:9376
- C:\Windows\System\CtBkNtE.exe
  C:\Windows\System\CtBkNtE.exe
  2⤵
  PID:9400
- C:\Windows\System\MoBUzzB.exe
  C:\Windows\System\MoBUzzB.exe
  2⤵
  PID:9428
- C:\Windows\System\DcPByXs.exe
  C:\Windows\System\DcPByXs.exe
  2⤵
  PID:9464
- C:\Windows\System\nXCoEBt.exe
  C:\Windows\System\nXCoEBt.exe
  2⤵
  PID:9488
- C:\Windows\System\xTqDRVK.exe
  C:\Windows\System\xTqDRVK.exe
  2⤵
  PID:9516
- C:\Windows\System\SFsqrpP.exe
  C:\Windows\System\SFsqrpP.exe
  2⤵
  PID:9552
- C:\Windows\System\PQWRTzf.exe
  C:\Windows\System\PQWRTzf.exe
  2⤵
  PID:9584
- C:\Windows\System\GFnlDEf.exe
  C:\Windows\System\GFnlDEf.exe
  2⤵
  PID:9600
- C:\Windows\System\KThQGzr.exe
  C:\Windows\System\KThQGzr.exe
  2⤵
  PID:9628
- C:\Windows\System\kTTvAhI.exe
  C:\Windows\System\kTTvAhI.exe
  2⤵
  PID:9656
- C:\Windows\System\OIEoknn.exe
  C:\Windows\System\OIEoknn.exe
  2⤵
  PID:9688
- C:\Windows\System\GThwpiA.exe
  C:\Windows\System\GThwpiA.exe
  2⤵
  PID:9712
- C:\Windows\System\COtJNfU.exe
  C:\Windows\System\COtJNfU.exe
  2⤵
  PID:9740
- C:\Windows\System\dDaxFoX.exe
  C:\Windows\System\dDaxFoX.exe
  2⤵
  PID:9768
- C:\Windows\System\cbfmnrk.exe
  C:\Windows\System\cbfmnrk.exe
  2⤵
  PID:9796
- C:\Windows\System\TprKpXO.exe
  C:\Windows\System\TprKpXO.exe
  2⤵
  PID:9824
- C:\Windows\System\LlubXyQ.exe
  C:\Windows\System\LlubXyQ.exe
  2⤵
  PID:9852
- C:\Windows\System\dDNGzBW.exe
  C:\Windows\System\dDNGzBW.exe
  2⤵
  PID:9880
- C:\Windows\System\zcHUfHE.exe
  C:\Windows\System\zcHUfHE.exe
  2⤵
  PID:9908
- C:\Windows\System\HpzBcyS.exe
  C:\Windows\System\HpzBcyS.exe
  2⤵
  PID:9940
- C:\Windows\System\LoTDDqZ.exe
  C:\Windows\System\LoTDDqZ.exe
  2⤵
  PID:9964
- C:\Windows\System\VWVLbxD.exe
  C:\Windows\System\VWVLbxD.exe
  2⤵
  PID:9992
- C:\Windows\System\VGHpvXQ.exe
  C:\Windows\System\VGHpvXQ.exe
  2⤵
  PID:10020
- C:\Windows\System\GGPXZan.exe
  C:\Windows\System\GGPXZan.exe
  2⤵
  PID:10048
- C:\Windows\System\rDPVflL.exe
  C:\Windows\System\rDPVflL.exe
  2⤵
  PID:10076
- C:\Windows\System\DLGwqek.exe
  C:\Windows\System\DLGwqek.exe
  2⤵
  PID:10104
- C:\Windows\System\zixKRSF.exe
  C:\Windows\System\zixKRSF.exe
  2⤵
  PID:10132
- C:\Windows\System\MgJolvr.exe
  C:\Windows\System\MgJolvr.exe
  2⤵
  PID:10160
- C:\Windows\System\SjgdHxf.exe
  C:\Windows\System\SjgdHxf.exe
  2⤵
  PID:10188
- C:\Windows\System\kcMfjoG.exe
  C:\Windows\System\kcMfjoG.exe
  2⤵
  PID:10216
- C:\Windows\System\yBrGAdV.exe
  C:\Windows\System\yBrGAdV.exe
  2⤵
  PID:9244
- C:\Windows\System\uZSIENq.exe
  C:\Windows\System\uZSIENq.exe
  2⤵
  PID:9280
- C:\Windows\System\iycvGDg.exe
  C:\Windows\System\iycvGDg.exe
  2⤵
  PID:9340
- C:\Windows\System\vJCCVTS.exe
  C:\Windows\System\vJCCVTS.exe
  2⤵
  PID:9384
- C:\Windows\System\sUZrZVZ.exe
  C:\Windows\System\sUZrZVZ.exe
  2⤵
  PID:9472
- C:\Windows\System\wPJLDyV.exe
  C:\Windows\System\wPJLDyV.exe
  2⤵
  PID:9508
- C:\Windows\System\dfdZvGj.exe
  C:\Windows\System\dfdZvGj.exe
  2⤵
  PID:9572
- C:\Windows\System\dPXncmc.exe
  C:\Windows\System\dPXncmc.exe
  2⤵
  PID:4792
- C:\Windows\System\nObdLdv.exe
  C:\Windows\System\nObdLdv.exe
  2⤵
  PID:9700
- C:\Windows\System\kGomYjm.exe
  C:\Windows\System\kGomYjm.exe
  2⤵
  PID:9792
- C:\Windows\System\FNHLIYv.exe
  C:\Windows\System\FNHLIYv.exe
  2⤵
  PID:9848
- C:\Windows\System\ipsbtFZ.exe
  C:\Windows\System\ipsbtFZ.exe
  2⤵
  PID:9900
- C:\Windows\System\BOMvNZD.exe
  C:\Windows\System\BOMvNZD.exe
  2⤵
  PID:9956
- C:\Windows\System\EFZQHCH.exe
  C:\Windows\System\EFZQHCH.exe
  2⤵
  PID:1008
- C:\Windows\System\DiAkzYk.exe
  C:\Windows\System\DiAkzYk.exe
  2⤵
  PID:10068
- C:\Windows\System\JrcKXEt.exe
  C:\Windows\System\JrcKXEt.exe
  2⤵
  PID:10144
- C:\Windows\System\KAyYBId.exe
  C:\Windows\System\KAyYBId.exe
  2⤵
  PID:10200
- C:\Windows\System\nGWasdR.exe
  C:\Windows\System\nGWasdR.exe
  2⤵
  PID:9252
- C:\Windows\System\OxxnuIU.exe
  C:\Windows\System\OxxnuIU.exe
  2⤵
  PID:2960
- C:\Windows\System\euQnDcV.exe
  C:\Windows\System\euQnDcV.exe
  2⤵
  PID:9500
- C:\Windows\System\irplqxu.exe
  C:\Windows\System\irplqxu.exe
  2⤵
  PID:9640
- C:\Windows\System\JIUyikt.exe
  C:\Windows\System\JIUyikt.exe
  2⤵
  PID:9788
- C:\Windows\System\KhFavOg.exe
  C:\Windows\System\KhFavOg.exe
  2⤵
  PID:9932
- C:\Windows\System\eaXLMmT.exe
  C:\Windows\System\eaXLMmT.exe
  2⤵
  PID:3444
- C:\Windows\System\aybYjrq.exe
  C:\Windows\System\aybYjrq.exe
  2⤵
  PID:10172
- C:\Windows\System\LvWoIeF.exe
  C:\Windows\System\LvWoIeF.exe
  2⤵
  PID:9312
- C:\Windows\System\LdbJlKi.exe
  C:\Windows\System\LdbJlKi.exe
  2⤵
  PID:9676
- C:\Windows\System\agkWPCS.exe
  C:\Windows\System\agkWPCS.exe
  2⤵
  PID:9892
- C:\Windows\System\hGzjzYH.exe
  C:\Windows\System\hGzjzYH.exe
  2⤵
  PID:10228
- C:\Windows\System\KRpVlfq.exe
  C:\Windows\System\KRpVlfq.exe
  2⤵
  PID:9736
- C:\Windows\System\zvWjANW.exe
  C:\Windows\System\zvWjANW.exe
  2⤵
  PID:9308
- C:\Windows\System\DFGXGaU.exe
  C:\Windows\System\DFGXGaU.exe
  2⤵
  PID:10156
- C:\Windows\System\hByGyKY.exe
  C:\Windows\System\hByGyKY.exe
  2⤵
  PID:10264
- C:\Windows\System\acAHwCP.exe
  C:\Windows\System\acAHwCP.exe
  2⤵
  PID:10292
- C:\Windows\System\gZLlzxY.exe
  C:\Windows\System\gZLlzxY.exe
  2⤵
  PID:10320
- C:\Windows\System\EXwCQWo.exe
  C:\Windows\System\EXwCQWo.exe
  2⤵
  PID:10352
- C:\Windows\System\cJaeoBj.exe
  C:\Windows\System\cJaeoBj.exe
  2⤵
  PID:10380
- C:\Windows\System\SNjoZLF.exe
  C:\Windows\System\SNjoZLF.exe
  2⤵
  PID:10408
- C:\Windows\System\tubhGBi.exe
  C:\Windows\System\tubhGBi.exe
  2⤵
  PID:10436
- C:\Windows\System\SBYAuTP.exe
  C:\Windows\System\SBYAuTP.exe
  2⤵
  PID:10464
- C:\Windows\System\tjAvabD.exe
  C:\Windows\System\tjAvabD.exe
  2⤵
  PID:10492
- C:\Windows\System\VyYkIUK.exe
  C:\Windows\System\VyYkIUK.exe
  2⤵
  PID:10528
- C:\Windows\System\PzuyGiy.exe
  C:\Windows\System\PzuyGiy.exe
  2⤵
  PID:10548
- C:\Windows\System\QaDMwyY.exe
  C:\Windows\System\QaDMwyY.exe
  2⤵
  PID:10576
- C:\Windows\System\uoLCvxu.exe
  C:\Windows\System\uoLCvxu.exe
  2⤵
  PID:10604
- C:\Windows\System\AkwsqBV.exe
  C:\Windows\System\AkwsqBV.exe
  2⤵
  PID:10632
- C:\Windows\System\VmeznBw.exe
  C:\Windows\System\VmeznBw.exe
  2⤵
  PID:10660
- C:\Windows\System\DeyWktz.exe
  C:\Windows\System\DeyWktz.exe
  2⤵
  PID:10688
- C:\Windows\System\xbKMTwt.exe
  C:\Windows\System\xbKMTwt.exe
  2⤵
  PID:10716
- C:\Windows\System\xCdGdkq.exe
  C:\Windows\System\xCdGdkq.exe
  2⤵
  PID:10748
- C:\Windows\System\VJGULFS.exe
  C:\Windows\System\VJGULFS.exe
  2⤵
  PID:10772
- C:\Windows\System\RACLBJT.exe
  C:\Windows\System\RACLBJT.exe
  2⤵
  PID:10808
- C:\Windows\System\iEUwfvb.exe
  C:\Windows\System\iEUwfvb.exe
  2⤵
  PID:10828
- C:\Windows\System\DDeCyjt.exe
  C:\Windows\System\DDeCyjt.exe
  2⤵
  PID:10856
- C:\Windows\System\zyatmDs.exe
  C:\Windows\System\zyatmDs.exe
  2⤵
  PID:10884
- C:\Windows\System\DUJyRHX.exe
  C:\Windows\System\DUJyRHX.exe
  2⤵
  PID:10912
- C:\Windows\System\hqVMVDA.exe
  C:\Windows\System\hqVMVDA.exe
  2⤵
  PID:10940
- C:\Windows\System\pKnBlnC.exe
  C:\Windows\System\pKnBlnC.exe
  2⤵
  PID:10968
- C:\Windows\System\BIjcFPt.exe
  C:\Windows\System\BIjcFPt.exe
  2⤵
  PID:10996
- C:\Windows\System\lRRgggr.exe
  C:\Windows\System\lRRgggr.exe
  2⤵
  PID:11024
- C:\Windows\System\IwyZFpy.exe
  C:\Windows\System\IwyZFpy.exe
  2⤵
  PID:11060
- C:\Windows\System\eBNYgQa.exe
  C:\Windows\System\eBNYgQa.exe
  2⤵
  PID:11080
- C:\Windows\System\PYBfBFf.exe
  C:\Windows\System\PYBfBFf.exe
  2⤵
  PID:11108
- C:\Windows\System\xSpDGLI.exe
  C:\Windows\System\xSpDGLI.exe
  2⤵
  PID:11136
- C:\Windows\System\jFZBZeZ.exe
  C:\Windows\System\jFZBZeZ.exe
  2⤵
  PID:11164
- C:\Windows\System\VczvlmV.exe
  C:\Windows\System\VczvlmV.exe
  2⤵
  PID:11192
- C:\Windows\System\xvLWQxC.exe
  C:\Windows\System\xvLWQxC.exe
  2⤵
  PID:11220
- C:\Windows\System\WrLkvZv.exe
  C:\Windows\System\WrLkvZv.exe
  2⤵
  PID:11252
- C:\Windows\System\XObkmth.exe
  C:\Windows\System\XObkmth.exe
  2⤵
  PID:10284
- C:\Windows\System\notHNwQ.exe
  C:\Windows\System\notHNwQ.exe
  2⤵
  PID:10348
- C:\Windows\System\tXOEFvQ.exe
  C:\Windows\System\tXOEFvQ.exe
  2⤵
  PID:10404
- C:\Windows\System\AwoSHHt.exe
  C:\Windows\System\AwoSHHt.exe
  2⤵
  PID:10476
- C:\Windows\System\ruiTJWR.exe
  C:\Windows\System\ruiTJWR.exe
  2⤵
  PID:10560
- C:\Windows\System\QnZKzze.exe
  C:\Windows\System\QnZKzze.exe
  2⤵
  PID:3744
- C:\Windows\System\CdOBauy.exe
  C:\Windows\System\CdOBauy.exe
  2⤵
  PID:10652
- C:\Windows\System\bdXUPTp.exe
  C:\Windows\System\bdXUPTp.exe
  2⤵
  PID:10712
- C:\Windows\System\JooLcHI.exe
  C:\Windows\System\JooLcHI.exe
  2⤵
  PID:10768
- C:\Windows\System\xXpiwfS.exe
  C:\Windows\System\xXpiwfS.exe
  2⤵
  PID:10840
- C:\Windows\System\FhjoelD.exe
  C:\Windows\System\FhjoelD.exe
  2⤵
  PID:10896
- C:\Windows\System\zZgDwKB.exe
  C:\Windows\System\zZgDwKB.exe
  2⤵
  PID:1632
- C:\Windows\System\SPZSORK.exe
  C:\Windows\System\SPZSORK.exe
  2⤵
  PID:11008
- C:\Windows\System\gpeeMNk.exe
  C:\Windows\System\gpeeMNk.exe
  2⤵
  PID:11068
- C:\Windows\System\mVWGxhI.exe
  C:\Windows\System\mVWGxhI.exe
  2⤵
  PID:11120
- C:\Windows\System\OtzCaPd.exe
  C:\Windows\System\OtzCaPd.exe
  2⤵
  PID:11184
- C:\Windows\System\yTelQyh.exe
  C:\Windows\System\yTelQyh.exe
  2⤵
  PID:11248
- C:\Windows\System\yRGnSJT.exe
  C:\Windows\System\yRGnSJT.exe
  2⤵
  PID:10344
- C:\Windows\System\AHUcgwk.exe
  C:\Windows\System\AHUcgwk.exe
  2⤵
  PID:10504
- C:\Windows\System\aJAtFSM.exe
  C:\Windows\System\aJAtFSM.exe
  2⤵
  PID:10616
- C:\Windows\System\tDBFgFo.exe
  C:\Windows\System\tDBFgFo.exe
  2⤵
  PID:10756
- C:\Windows\System\QkTDacI.exe
  C:\Windows\System\QkTDacI.exe
  2⤵
  PID:10880
- C:\Windows\System\aNdwkTb.exe
  C:\Windows\System\aNdwkTb.exe
  2⤵
  PID:11044
- C:\Windows\System\NveizBa.exe
  C:\Windows\System\NveizBa.exe
  2⤵
  PID:11160
- C:\Windows\System\qTZhQij.exe
  C:\Windows\System\qTZhQij.exe
  2⤵
  PID:6592
- C:\Windows\System\CbCOSqP.exe
  C:\Windows\System\CbCOSqP.exe
  2⤵
  PID:10588
- C:\Windows\System\AOJkptW.exe
  C:\Windows\System\AOJkptW.exe
  2⤵
  PID:10852
- C:\Windows\System\gWmmTBd.exe
  C:\Windows\System\gWmmTBd.exe
  2⤵
  PID:11244
- C:\Windows\System\SVuNEPM.exe
  C:\Windows\System\SVuNEPM.exe
  2⤵
  PID:10820
- C:\Windows\System\sVWRJqQ.exe
  C:\Windows\System\sVWRJqQ.exe
  2⤵
  PID:10708
- C:\Windows\System\WzvqFOw.exe
  C:\Windows\System\WzvqFOw.exe
  2⤵
  PID:11280
- C:\Windows\System\XfGSGkI.exe
  C:\Windows\System\XfGSGkI.exe
  2⤵
  PID:11308
- C:\Windows\System\ECULviT.exe
  C:\Windows\System\ECULviT.exe
  2⤵
  PID:11336
- C:\Windows\System\yYyvAZU.exe
  C:\Windows\System\yYyvAZU.exe
  2⤵
  PID:11364
- C:\Windows\System\eBXFyKE.exe
  C:\Windows\System\eBXFyKE.exe
  2⤵
  PID:11392
- C:\Windows\System\OLTVExe.exe
  C:\Windows\System\OLTVExe.exe
  2⤵
  PID:11420
- C:\Windows\System\IQMLEbD.exe
  C:\Windows\System\IQMLEbD.exe
  2⤵
  PID:11448
- C:\Windows\System\pIaoeVT.exe
  C:\Windows\System\pIaoeVT.exe
  2⤵
  PID:11476
- C:\Windows\System\RiwHStB.exe
  C:\Windows\System\RiwHStB.exe
  2⤵
  PID:11504
- C:\Windows\System\jSWmkkJ.exe
  C:\Windows\System\jSWmkkJ.exe
  2⤵
  PID:11532
- C:\Windows\System\dcJYHOC.exe
  C:\Windows\System\dcJYHOC.exe
  2⤵
  PID:11560
- C:\Windows\System\rjsUrMy.exe
  C:\Windows\System\rjsUrMy.exe
  2⤵
  PID:11592
- C:\Windows\System\OzuNCOu.exe
  C:\Windows\System\OzuNCOu.exe
  2⤵
  PID:11640
- C:\Windows\System\pTplurP.exe
  C:\Windows\System\pTplurP.exe
  2⤵
  PID:11684
- C:\Windows\System\SJHJZKO.exe
  C:\Windows\System\SJHJZKO.exe
  2⤵
  PID:11704
- C:\Windows\System\KvPQljA.exe
  C:\Windows\System\KvPQljA.exe
  2⤵
  PID:11744
- C:\Windows\System\XWgFIQo.exe
  C:\Windows\System\XWgFIQo.exe
  2⤵
  PID:11804
- C:\Windows\System\BKilkLe.exe
  C:\Windows\System\BKilkLe.exe
  2⤵
  PID:11876
- C:\Windows\System\HBCMbCj.exe
  C:\Windows\System\HBCMbCj.exe
  2⤵
  PID:11924
- C:\Windows\System\ETfbDQb.exe
  C:\Windows\System\ETfbDQb.exe
  2⤵
  PID:11972
- C:\Windows\System\zluLRHl.exe
  C:\Windows\System\zluLRHl.exe
  2⤵
  PID:12000
- C:\Windows\System\NYPtidq.exe
  C:\Windows\System\NYPtidq.exe
  2⤵
  PID:12048
- C:\Windows\System\KswmBuT.exe
  C:\Windows\System\KswmBuT.exe
  2⤵
  PID:12068
- C:\Windows\System\gnUoBCy.exe
  C:\Windows\System\gnUoBCy.exe
  2⤵
  PID:12124
- C:\Windows\System\FTQCicy.exe
  C:\Windows\System\FTQCicy.exe
  2⤵
  PID:12164
- C:\Windows\System\tcnNKkw.exe
  C:\Windows\System\tcnNKkw.exe
  2⤵
  PID:12192
- C:\Windows\System\PeCqijB.exe
  C:\Windows\System\PeCqijB.exe
  2⤵
  PID:12224
- C:\Windows\System\tkDzgVp.exe
  C:\Windows\System\tkDzgVp.exe
  2⤵
  PID:12248
- C:\Windows\System\DYCKPEq.exe
  C:\Windows\System\DYCKPEq.exe
  2⤵
  PID:12276
- C:\Windows\System\aVQJIBJ.exe
  C:\Windows\System\aVQJIBJ.exe
  2⤵
  PID:11304
- C:\Windows\System\FQVwFLl.exe
  C:\Windows\System\FQVwFLl.exe
  2⤵
  PID:11376
- C:\Windows\System\vvWzGdB.exe
  C:\Windows\System\vvWzGdB.exe
  2⤵
  PID:11440
- C:\Windows\System\aSQIxEc.exe
  C:\Windows\System\aSQIxEc.exe
  2⤵
  PID:2784
- C:\Windows\System\wYneBSP.exe
  C:\Windows\System\wYneBSP.exe
  2⤵
  PID:11556
- C:\Windows\System\IvdyjqS.exe
  C:\Windows\System\IvdyjqS.exe
  2⤵
  PID:3188
- C:\Windows\System\ryiqZHD.exe
  C:\Windows\System\ryiqZHD.exe
  2⤵
  PID:11636
- C:\Windows\System\QSWoRae.exe
  C:\Windows\System\QSWoRae.exe
  2⤵
  PID:11716
- C:\Windows\System\aXLRwLK.exe
  C:\Windows\System\aXLRwLK.exe
  2⤵
  PID:11824
- C:\Windows\System\gsrNmMW.exe
  C:\Windows\System\gsrNmMW.exe
  2⤵
  PID:11936
- C:\Windows\System\GNWaYKH.exe
  C:\Windows\System\GNWaYKH.exe
  2⤵
  PID:11984
- C:\Windows\System\kLMVedZ.exe
  C:\Windows\System\kLMVedZ.exe
  2⤵
  PID:12024
- C:\Windows\System\LYeiyvE.exe
  C:\Windows\System\LYeiyvE.exe
  2⤵
  PID:11896
- C:\Windows\System\nHIcNak.exe
  C:\Windows\System\nHIcNak.exe
  2⤵
  PID:11856
- C:\Windows\System\mLqCvEs.exe
  C:\Windows\System\mLqCvEs.exe
  2⤵
  PID:4840
- C:\Windows\System\NkpSBws.exe
  C:\Windows\System\NkpSBws.exe
  2⤵
  PID:12096
- C:\Windows\System\NFBaPAZ.exe
  C:\Windows\System\NFBaPAZ.exe
  2⤵
  PID:12176
- C:\Windows\System\XMVjeTW.exe
  C:\Windows\System\XMVjeTW.exe
  2⤵
  PID:3684
- C:\Windows\System\xkiChuQ.exe
  C:\Windows\System\xkiChuQ.exe
  2⤵
  PID:12268
- C:\Windows\System\iwEwWOr.exe
  C:\Windows\System\iwEwWOr.exe
  2⤵
  PID:11360
- C:\Windows\System\NtxnVoX.exe
  C:\Windows\System\NtxnVoX.exe
  2⤵
  PID:11524
- C:\Windows\System\NonGINW.exe
  C:\Windows\System\NonGINW.exe
  2⤵
  PID:1620
- C:\Windows\System\bMOyguA.exe
  C:\Windows\System\bMOyguA.exe
  2⤵
  PID:11700
- C:\Windows\System\ZCnbpQe.exe
  C:\Windows\System\ZCnbpQe.exe
  2⤵
  PID:11916
- C:\Windows\System\PWeFZuB.exe
  C:\Windows\System\PWeFZuB.exe
  2⤵
  PID:12060
- C:\Windows\System\cCKUonJ.exe
  C:\Windows\System\cCKUonJ.exe
  2⤵
  PID:12080
- C:\Windows\System\wkrPEkZ.exe
  C:\Windows\System\wkrPEkZ.exe
  2⤵
  PID:3812
- C:\Windows\System\lvVZPNp.exe
  C:\Windows\System\lvVZPNp.exe
  2⤵
  PID:12088
- C:\Windows\System\bRkEAKT.exe
  C:\Windows\System\bRkEAKT.exe
  2⤵
  PID:11292
- C:\Windows\System\cLXMRqV.exe
  C:\Windows\System\cLXMRqV.exe
  2⤵
  PID:11600
- C:\Windows\System\XTgDiRU.exe
  C:\Windows\System\XTgDiRU.exe
  2⤵
  PID:2156
- C:\Windows\System\nIrtgSv.exe
  C:\Windows\System\nIrtgSv.exe
  2⤵
  PID:11904
- C:\Windows\System\BwQYWkK.exe
  C:\Windows\System\BwQYWkK.exe
  2⤵
  PID:12204
- C:\Windows\System\lisOaQr.exe
  C:\Windows\System\lisOaQr.exe
  2⤵
  PID:11496
- C:\Windows\System\dacLPoX.exe
  C:\Windows\System\dacLPoX.exe
  2⤵
  PID:4756
- C:\Windows\System\hjBtUzw.exe
  C:\Windows\System\hjBtUzw.exe
  2⤵
  PID:11796
- C:\Windows\System\EjQzdcv.exe
  C:\Windows\System\EjQzdcv.exe
  2⤵
  PID:11432
- C:\Windows\System\qIqNidW.exe
  C:\Windows\System\qIqNidW.exe
  2⤵
  PID:12312
- C:\Windows\System\XOKayES.exe
  C:\Windows\System\XOKayES.exe
  2⤵
  PID:12340
- C:\Windows\System\XdrVwSH.exe
  C:\Windows\System\XdrVwSH.exe
  2⤵
  PID:12372
- C:\Windows\System\LMaelLl.exe
  C:\Windows\System\LMaelLl.exe
  2⤵
  PID:12400
- C:\Windows\System\zDWSQaO.exe
  C:\Windows\System\zDWSQaO.exe
  2⤵
  PID:12428
- C:\Windows\System\tJKplhp.exe
  C:\Windows\System\tJKplhp.exe
  2⤵
  PID:12456
- C:\Windows\System\sfcHUPL.exe
  C:\Windows\System\sfcHUPL.exe
  2⤵
  PID:12484
- C:\Windows\System\MZxZlhs.exe
  C:\Windows\System\MZxZlhs.exe
  2⤵
  PID:12512
- C:\Windows\System\nQmjEhx.exe
  C:\Windows\System\nQmjEhx.exe
  2⤵
  PID:12540
- C:\Windows\System\ysWyZba.exe
  C:\Windows\System\ysWyZba.exe
  2⤵
  PID:12568
- C:\Windows\System\erbFCcF.exe
  C:\Windows\System\erbFCcF.exe
  2⤵
  PID:12596
- C:\Windows\System\IWlcmxu.exe
  C:\Windows\System\IWlcmxu.exe
  2⤵
  PID:12624
- C:\Windows\System\bdSGGpy.exe
  C:\Windows\System\bdSGGpy.exe
  2⤵
  PID:12652
- C:\Windows\System\ZsQzCrD.exe
  C:\Windows\System\ZsQzCrD.exe
  2⤵
  PID:12680
- C:\Windows\System\qOTMlXR.exe
  C:\Windows\System\qOTMlXR.exe
  2⤵
  PID:12708
- C:\Windows\System\XgGUQHX.exe
  C:\Windows\System\XgGUQHX.exe
  2⤵
  PID:12752
- C:\Windows\System\jFbKZeA.exe
  C:\Windows\System\jFbKZeA.exe
  2⤵
  PID:12768
- C:\Windows\System\mtSWCaY.exe
  C:\Windows\System\mtSWCaY.exe
  2⤵
  PID:12796
- C:\Windows\System\JXtTUID.exe
  C:\Windows\System\JXtTUID.exe
  2⤵
  PID:12824
- C:\Windows\System\AqKAVTR.exe
  C:\Windows\System\AqKAVTR.exe
  2⤵
  PID:12852
- C:\Windows\System\TRpvwGG.exe
  C:\Windows\System\TRpvwGG.exe
  2⤵
  PID:12880
- C:\Windows\System\hrjolfL.exe
  C:\Windows\System\hrjolfL.exe
  2⤵
  PID:12908
- C:\Windows\System\ogGDqWP.exe
  C:\Windows\System\ogGDqWP.exe
  2⤵
  PID:12936
- C:\Windows\System\MfxzlfH.exe
  C:\Windows\System\MfxzlfH.exe
  2⤵
  PID:12964
- C:\Windows\System\xQpTAqq.exe
  C:\Windows\System\xQpTAqq.exe
  2⤵
  PID:12992
- C:\Windows\System\hQCVkeH.exe
  C:\Windows\System\hQCVkeH.exe
  2⤵
  PID:13020
- C:\Windows\System\qRamJde.exe
  C:\Windows\System\qRamJde.exe
  2⤵
  PID:13048
- C:\Windows\System\IvZrwQZ.exe
  C:\Windows\System\IvZrwQZ.exe
  2⤵
  PID:13088
- C:\Windows\System\wQyVjos.exe
  C:\Windows\System\wQyVjos.exe
  2⤵
  PID:13108
- C:\Windows\System\nWyAQPv.exe
  C:\Windows\System\nWyAQPv.exe
  2⤵
  PID:13136
- C:\Windows\System\LfCFkvR.exe
  C:\Windows\System\LfCFkvR.exe
  2⤵
  PID:13164
- C:\Windows\System\ouXRsVE.exe
  C:\Windows\System\ouXRsVE.exe
  2⤵
  PID:13192
- C:\Windows\System\kJLREGF.exe
  C:\Windows\System\kJLREGF.exe
  2⤵
  PID:13220
- C:\Windows\System\IHZAsZF.exe
  C:\Windows\System\IHZAsZF.exe
  2⤵
  PID:13248
- C:\Windows\System\KiGRVXG.exe
  C:\Windows\System\KiGRVXG.exe
  2⤵
  PID:13276
- C:\Windows\System\FRojLrD.exe
  C:\Windows\System\FRojLrD.exe
  2⤵
  PID:12296
- C:\Windows\System\lMxuNKv.exe
  C:\Windows\System\lMxuNKv.exe
  2⤵
  PID:12360
- C:\Windows\System\ySTolLL.exe
  C:\Windows\System\ySTolLL.exe
  2⤵
  PID:12412
- C:\Windows\System\fTrJGQP.exe
  C:\Windows\System\fTrJGQP.exe
  2⤵
  PID:12476
- C:\Windows\System\WcpJJMA.exe
  C:\Windows\System\WcpJJMA.exe
  2⤵
  PID:12536
- C:\Windows\System\IxkilwV.exe
  C:\Windows\System\IxkilwV.exe
  2⤵
  PID:12608
- C:\Windows\System\vhMqZZm.exe
  C:\Windows\System\vhMqZZm.exe
  2⤵
  PID:12672
- C:\Windows\System\BeTQFBm.exe
  C:\Windows\System\BeTQFBm.exe
  2⤵
  PID:12732
- C:\Windows\System\NsEFtec.exe
  C:\Windows\System\NsEFtec.exe
  2⤵
  PID:12792
- C:\Windows\System\FLCLAyi.exe
  C:\Windows\System\FLCLAyi.exe
  2⤵
  PID:12848
- C:\Windows\System\HvlzGuy.exe
  C:\Windows\System\HvlzGuy.exe
  2⤵
  PID:12920
- C:\Windows\System\HVwJWzH.exe
  C:\Windows\System\HVwJWzH.exe
  2⤵
  PID:12984
- C:\Windows\System\qpvZJIa.exe
  C:\Windows\System\qpvZJIa.exe
  2⤵
  PID:13060
- C:\Windows\System\OAAszbt.exe
  C:\Windows\System\OAAszbt.exe
  2⤵
  PID:13120
- C:\Windows\System\FGnNJXq.exe
  C:\Windows\System\FGnNJXq.exe
  2⤵
  PID:13184
- C:\Windows\System\oAeHvul.exe
  C:\Windows\System\oAeHvul.exe
  2⤵
  PID:13244
- C:\Windows\System\lhyZsSh.exe
  C:\Windows\System\lhyZsSh.exe
  2⤵
  PID:13308
- C:\Windows\System\gobnyxm.exe
  C:\Windows\System\gobnyxm.exe
  2⤵
  PID:12440
- C:\Windows\System\WxCoons.exe
  C:\Windows\System\WxCoons.exe
  2⤵
  PID:12532
- C:\Windows\System\RTCawna.exe
  C:\Windows\System\RTCawna.exe
  2⤵
  PID:12700
- C:\Windows\System\TUSmNFb.exe
  C:\Windows\System\TUSmNFb.exe
  2⤵
  PID:12816
- C:\Windows\System\mrZAvpw.exe
  C:\Windows\System\mrZAvpw.exe
  2⤵
  PID:12904
- C:\Windows\System\NVQSNQQ.exe
  C:\Windows\System\NVQSNQQ.exe
  2⤵
  PID:13032
- C:\Windows\System\hjVwzqy.exe
  C:\Windows\System\hjVwzqy.exe
  2⤵
  PID:13176
- C:\Windows\System\vFLurrK.exe
  C:\Windows\System\vFLurrK.exe
  2⤵
  PID:13272
- C:\Windows\System\EigTxpq.exe
  C:\Windows\System\EigTxpq.exe
  2⤵
  PID:12468
- C:\Windows\System\MPJPlBv.exe
  C:\Windows\System\MPJPlBv.exe
  2⤵
  PID:12760
- C:\Windows\System\UuEQfgv.exe
  C:\Windows\System\UuEQfgv.exe
  2⤵
  PID:12900
- C:\Windows\System\YDOdoyb.exe
  C:\Windows\System\YDOdoyb.exe
  2⤵
  PID:4172
- C:\Windows\System\TCYpySG.exe
  C:\Windows\System\TCYpySG.exe
  2⤵
  PID:12844
- C:\Windows\System\IiEMCuZ.exe
  C:\Windows\System\IiEMCuZ.exe
  2⤵
  PID:13160
- C:\Windows\System\SIfOmgc.exe
  C:\Windows\System\SIfOmgc.exe
  2⤵
  PID:4872
- C:\Windows\System\hDEFwuP.exe
  C:\Windows\System\hDEFwuP.exe
  2⤵
  PID:13328
- C:\Windows\System\HMhRnKQ.exe
  C:\Windows\System\HMhRnKQ.exe
  2⤵
  PID:13356
- C:\Windows\System\GjLLofR.exe
  C:\Windows\System\GjLLofR.exe
  2⤵
  PID:13384
- C:\Windows\System\vmSTkKl.exe
  C:\Windows\System\vmSTkKl.exe
  2⤵
  PID:13412
- C:\Windows\System\cpvNmMV.exe
  C:\Windows\System\cpvNmMV.exe
  2⤵
  PID:13440
- C:\Windows\System\HZEnRtw.exe
  C:\Windows\System\HZEnRtw.exe
  2⤵
  PID:13468
- C:\Windows\System\iPhffOS.exe
  C:\Windows\System\iPhffOS.exe
  2⤵
  PID:13508
- C:\Windows\System\ZkKOyAz.exe
  C:\Windows\System\ZkKOyAz.exe
  2⤵
  PID:13524
- C:\Windows\System\LrPjqbO.exe
  C:\Windows\System\LrPjqbO.exe
  2⤵
  PID:13552
- C:\Windows\System\NDaipXi.exe
  C:\Windows\System\NDaipXi.exe
  2⤵
  PID:13580
- C:\Windows\System\DWKLIeA.exe
  C:\Windows\System\DWKLIeA.exe
  2⤵
  PID:13608
- C:\Windows\System\SQDigKj.exe
  C:\Windows\System\SQDigKj.exe
  2⤵
  PID:13636
- C:\Windows\System\jyqRZSZ.exe
  C:\Windows\System\jyqRZSZ.exe
  2⤵
  PID:13664
- C:\Windows\System\OufhPIY.exe
  C:\Windows\System\OufhPIY.exe
  2⤵
  PID:13692
- C:\Windows\System\gdiIUrl.exe
  C:\Windows\System\gdiIUrl.exe
  2⤵
  PID:13732
- C:\Windows\System\tyrfRDs.exe
  C:\Windows\System\tyrfRDs.exe
  2⤵
  PID:13756
- C:\Windows\System\AizpuCf.exe
  C:\Windows\System\AizpuCf.exe
  2⤵
  PID:13776
- C:\Windows\System\ZfIEpCQ.exe
  C:\Windows\System\ZfIEpCQ.exe
  2⤵
  PID:13804
- C:\Windows\System\MsnVPvT.exe
  C:\Windows\System\MsnVPvT.exe
  2⤵
  PID:13832
- C:\Windows\System\VACjgAc.exe
  C:\Windows\System\VACjgAc.exe
  2⤵
  PID:13860
- C:\Windows\System\WpyqdPz.exe
  C:\Windows\System\WpyqdPz.exe
  2⤵
  PID:13888
- C:\Windows\System\GLJCvvs.exe
  C:\Windows\System\GLJCvvs.exe
  2⤵
  PID:13916
- C:\Windows\System\JfrmGvl.exe
  C:\Windows\System\JfrmGvl.exe
  2⤵
  PID:13956
- C:\Windows\System\fuCnsAb.exe
  C:\Windows\System\fuCnsAb.exe
  2⤵
  PID:13976
- C:\Windows\System\THbcnoJ.exe
  C:\Windows\System\THbcnoJ.exe
  2⤵
  PID:14004
- C:\Windows\System\THsZEBn.exe
  C:\Windows\System\THsZEBn.exe
  2⤵
  PID:14032
- C:\Windows\System\ZilXDKi.exe
  C:\Windows\System\ZilXDKi.exe
  2⤵
  PID:14060
- C:\Windows\System\BrOSiSe.exe
  C:\Windows\System\BrOSiSe.exe
  2⤵
  PID:14088
- C:\Windows\System\fkrOkaX.exe
  C:\Windows\System\fkrOkaX.exe
  2⤵
  PID:14116
- C:\Windows\System\KyxFiIu.exe
  C:\Windows\System\KyxFiIu.exe
  2⤵
  PID:14144
- C:\Windows\System\iCetiTU.exe
  C:\Windows\System\iCetiTU.exe
  2⤵
  PID:14176
- C:\Windows\System\edqjtiE.exe
  C:\Windows\System\edqjtiE.exe
  2⤵
  PID:14200
- C:\Windows\System\JpagCjH.exe
  C:\Windows\System\JpagCjH.exe
  2⤵
  PID:14228
- C:\Windows\System\IWduQQn.exe
  C:\Windows\System\IWduQQn.exe
  2⤵
  PID:14256
- C:\Windows\System\dMfCquL.exe
  C:\Windows\System\dMfCquL.exe
  2⤵
  PID:14284
- C:\Windows\System\DtDIrDN.exe
  C:\Windows\System\DtDIrDN.exe
  2⤵
  PID:14312
- C:\Windows\System\vYPWJQZ.exe
  C:\Windows\System\vYPWJQZ.exe
  2⤵
  PID:13324
- C:\Windows\System\TLbxzUn.exe
  C:\Windows\System\TLbxzUn.exe
  2⤵
  PID:13380
- C:\Windows\System\uGctOyk.exe
  C:\Windows\System\uGctOyk.exe
  2⤵
  PID:2588
- C:\Windows\System\XVNnZdi.exe
  C:\Windows\System\XVNnZdi.exe
  2⤵
  PID:13464
- C:\Windows\System\swlGpwH.exe
  C:\Windows\System\swlGpwH.exe
  2⤵
  PID:13516
- C:\Windows\System\cgZeJoK.exe
  C:\Windows\System\cgZeJoK.exe
  2⤵
  PID:13576
- C:\Windows\System\BHESYAi.exe
  C:\Windows\System\BHESYAi.exe
  2⤵
  PID:3896
- C:\Windows\System\hQFNcMt.exe
  C:\Windows\System\hQFNcMt.exe
  2⤵
  PID:13660
- C:\Windows\System\SpUgqZD.exe
  C:\Windows\System\SpUgqZD.exe
  2⤵
  PID:13148
- C:\Windows\System\epAzsyl.exe
  C:\Windows\System\epAzsyl.exe
  2⤵
  PID:13788
- C:\Windows\System\slHPURb.exe
  C:\Windows\System\slHPURb.exe
  2⤵
  PID:13828
- C:\Windows\System\STgEmLG.exe
  C:\Windows\System\STgEmLG.exe
  2⤵
  PID:13900
- C:\Windows\System\LGcMxbm.exe
  C:\Windows\System\LGcMxbm.exe
  2⤵
  PID:13972
- C:\Windows\System\YsjFDHu.exe
  C:\Windows\System\YsjFDHu.exe
  2⤵
  PID:14028
- C:\Windows\System\bqhZvPM.exe
  C:\Windows\System\bqhZvPM.exe
  2⤵
  PID:14128
- C:\Windows\System\KihRPZS.exe
  C:\Windows\System\KihRPZS.exe
  2⤵
  PID:14164
- C:\Windows\System\qvrKHLo.exe
  C:\Windows\System\qvrKHLo.exe
  2⤵
  PID:14252
- C:\Windows\System\GUaxuZe.exe
  C:\Windows\System\GUaxuZe.exe
  2⤵
  PID:14296
- C:\Windows\System\AomlHgf.exe
  C:\Windows\System\AomlHgf.exe
  2⤵
  PID:13348
- C:\Windows\System\pGfvCom.exe
  C:\Windows\System\pGfvCom.exe
  2⤵
  PID:3616
- C:\Windows\System\eUwCTKG.exe
  C:\Windows\System\eUwCTKG.exe
  2⤵
  PID:4124
- C:\Windows\System\jjObUvt.exe
  C:\Windows\System\jjObUvt.exe
  2⤵
  PID:13704
- C:\Windows\System\ShWAoTm.exe
  C:\Windows\System\ShWAoTm.exe
  2⤵
  PID:13824
- C:\Windows\System\wWxWQmG.exe
  C:\Windows\System\wWxWQmG.exe
  2⤵
  PID:13964
- C:\Windows\System\bjUsYqw.exe
  C:\Windows\System\bjUsYqw.exe
  2⤵
  PID:14084
- C:\Windows\System\nXtByBP.exe
  C:\Windows\System\nXtByBP.exe
  2⤵
  PID:14276
- C:\Windows\System\uQbNJJq.exe
  C:\Windows\System\uQbNJJq.exe
  2⤵
  PID:13460
- C:\Windows\System\TomVJMe.exe
  C:\Windows\System\TomVJMe.exe
  2⤵
  PID:13764
- C:\Windows\System\Hsfsdwu.exe
  C:\Windows\System\Hsfsdwu.exe
  2⤵
  PID:14080
- C:\Windows\System\zPKrgun.exe
  C:\Windows\System\zPKrgun.exe
  2⤵
  PID:13436
- C:\Windows\System\DtTConm.exe
  C:\Windows\System\DtTConm.exe
  2⤵
  PID:14224
- C:\Windows\System\rzlxrxi.exe
  C:\Windows\System\rzlxrxi.exe
  2⤵
  PID:14024
- C:\Windows\System\fZZuIBM.exe
  C:\Windows\System\fZZuIBM.exe
  2⤵
  PID:14364
- C:\Windows\System\JZRVXsm.exe
  C:\Windows\System\JZRVXsm.exe
  2⤵
  PID:14392
- C:\Windows\System\vNyoXVV.exe
  C:\Windows\System\vNyoXVV.exe
  2⤵
  PID:14420
- C:\Windows\System\axmsavN.exe
  C:\Windows\System\axmsavN.exe
  2⤵
  PID:14448
- C:\Windows\System\niOcrSE.exe
  C:\Windows\System\niOcrSE.exe
  2⤵
  PID:14484
- C:\Windows\System\YbMETVG.exe
  C:\Windows\System\YbMETVG.exe
  2⤵
  PID:14504
- C:\Windows\System\EnGgWvr.exe
  C:\Windows\System\EnGgWvr.exe
  2⤵
  PID:14540
- C:\Windows\System\ysaIKFr.exe
  C:\Windows\System\ysaIKFr.exe
  2⤵
  PID:14560
- C:\Windows\System\OkNutCx.exe
  C:\Windows\System\OkNutCx.exe
  2⤵
  PID:14588
- C:\Windows\System\zXvJmRh.exe
  C:\Windows\System\zXvJmRh.exe
  2⤵
  PID:14616
- C:\Windows\System\fAguxhK.exe
  C:\Windows\System\fAguxhK.exe
  2⤵
  PID:14644
- C:\Windows\System\BFGBelp.exe
  C:\Windows\System\BFGBelp.exe
  2⤵
  PID:14672
- C:\Windows\System\hVpFnIR.exe
  C:\Windows\System\hVpFnIR.exe
  2⤵
  PID:14700
- C:\Windows\System\ccgPSWr.exe
  C:\Windows\System\ccgPSWr.exe
  2⤵
  PID:14728
- C:\Windows\System\XdmgpAI.exe
  C:\Windows\System\XdmgpAI.exe
  2⤵
  PID:14756
- C:\Windows\System\qWIedeV.exe
  C:\Windows\System\qWIedeV.exe
  2⤵
  PID:14784
- C:\Windows\System\qkDbBSJ.exe
  C:\Windows\System\qkDbBSJ.exe
  2⤵
  PID:14812
- C:\Windows\System\RlgyCnc.exe
  C:\Windows\System\RlgyCnc.exe
  2⤵
  PID:14852
- C:\Windows\System\GcZmXhe.exe
  C:\Windows\System\GcZmXhe.exe
  2⤵
  PID:14872
- C:\Windows\System\TfpRIhz.exe
  C:\Windows\System\TfpRIhz.exe
  2⤵
  PID:14900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CtVCMZF.exe

Filesize
6.0MB

MD5
6b9ae4c7eb5e8cbee8af8c1974054535

SHA1
e4bc652e99c335045b3856d9acfdf7c8616fc1b8

SHA256
aef9be6a74cb64873982b75540ad6b25f29c92caa405ed9271bc19d224ce454d

SHA512
2e8d4cb92792462e4ad2bdbcb6e53d6940c1e890c8604b564b294b6f271e3f2e9ed7d527511885509d77d7ced379c66fcfe64aebc6998fd759207ee4dccc87f1

Download Submit
C:\Windows\System\EkSIWMX.exe

Filesize
6.0MB

MD5
081e6a7bb8e82ee6efeb5abbee94de33

SHA1
7206a313e27d17afdd5a6ebba718a8e64927c045

SHA256
e8f92aa370ff14cb7292d60a07349871cbd4db3fc17b9584ba6cd6a020f21684

SHA512
99cacebfab16dc6b3a59314b6dc9955b6e32facf7b161c618b6935a03156a609d3945e837e1727ff5761b311ff2fb1c05fd8080424d2402323ccb8effdef5500

Download Submit
C:\Windows\System\GfFCERL.exe

Filesize
6.0MB

MD5
c62ab957fee0ca48dc98389e5ef343fd

SHA1
b9fd64cf026e53940821e7b812732cb23ffb13d9

SHA256
6c85a3ecdc58702efe168124cb1a3896e07a48aa861fbf144f53693b23019adc

SHA512
efab1ca0d219864002cc5606f6fb66b327da275b96da186d75a1f85ae488c5741a45453e2bfd56e286865dc9f43e1eb46c1581d66c87919c9547e5592f6829b9

Download Submit
C:\Windows\System\HUjVsem.exe

Filesize
6.0MB

MD5
2f82157f3c3340d680a662972c5d2107

SHA1
c257897bce118051c8e005370fe4bb596686138a

SHA256
ecef7f676209920940b6f201a837d68754f32214c7fac21195a2f0027e12f8a5

SHA512
937cd8d73b494b63b2c40b2da0c08892e86bd7ad6a0a135240a0faea0b60e677fb5a264569c49dcd2c4725daf00078a69e37a6014407dc70bd54d1fc8e154f68

Download Submit
C:\Windows\System\HgvDDkO.exe

Filesize
6.0MB

MD5
95bc72340d50092d82cf37ff14fcb820

SHA1
0bc69baa42b61cd21d99e59c4efa9c41df5c430f

SHA256
cfa07eb9e45f141080a1a364cb446d5b26845f466faa8c5c300f7a3aa1ae298d

SHA512
6febc656a712116503c52d81b94bbbbfa6171efc6a4ce30a588c6f4dfe380ab49623801f45c9edfd4493c086b527434973f8f5c8e8476ffff95d273f876088b0

Download Submit
C:\Windows\System\LAjavUV.exe

Filesize
6.0MB

MD5
347e85541c8c0d61c09547ee1f01e233

SHA1
db80160a03cd5dbf3b37a309a3d01cf62eb7ee01

SHA256
fdd883439cda8e6dd69ff0fb910da04af370e02d14dddcacc2814f0e6837118d

SHA512
64fe15202cbd34ed858bcd667ec929fe50f2e5fbf000f3b9e7deb877ef090489ffe40d67ce725c0638f6f730cbe8666d85a3ac172bd1fe7744fac18ee92f6d5d

Download Submit
C:\Windows\System\NrHmtah.exe

Filesize
6.0MB

MD5
24e19b3fedde07c9735ab976340b1360

SHA1
7629a08546558cd63b3d380452309aa52b84301d

SHA256
c8e5678bbe166369b49b5186591f9098d1b2978bc051b74b21a3dd8c5bf38f1f

SHA512
586b9423d83adde07e6cec2a71bebb97e1fc2e27ed26b3432122411de4b0f9ea4a804be865462f4f448f845483cbd418ce52a21aba62d15e33e89bef1d3bbfb7

Download Submit
C:\Windows\System\PlDuHHY.exe

Filesize
6.0MB

MD5
683f654fadafec092220ea250db9138c

SHA1
00ae53fa0883f6d409f6652e3fc5167ae551a3d7

SHA256
928d8e8c1d3b87b4d9fd51849658dbf2302d98e572fccbfb8408fd6ddb83aea6

SHA512
76e44e469e6d5d874e02eb11a6193bea6779d750c0b36c14124e5aaa39c6cc5c3264e904a76094cc59a5b23f0acd65ea0f20b5b703639af14f34006b1ffc22e3

Download Submit
C:\Windows\System\QQqvnUE.exe

Filesize
6.0MB

MD5
34742cd837effabf66c75a974b3d13dd

SHA1
91d1fab5bced12788e3527d4122e1b636343b079

SHA256
ce971598d47598ec995dd4dca25a62afaecc77b45fedefa12707dcd0b67be5e6

SHA512
7d1a85bf1fa160551fd2f7cf09cbab9690304a2991e6dd1e0958230066efcfdfa5f3d9a3a8de4d1e095a09091ddc5d3cbffe348801f89119a7bf2257ea96f37f

Download Submit
C:\Windows\System\RGqtMTR.exe

Filesize
6.0MB

MD5
976df1017a767e14046ff026529a71fe

SHA1
e50bb3558f4324b09b3b124d25a9ea1a181e26e1

SHA256
0fc7a78f682b794da1f0b115e2424e3ec618331d7f522e8a66311bbb6b6e0d4a

SHA512
4594c44dba304fd5101295816d83f5c5c94f6c72e4199e2789b14a84596351bfd75ed947510045d4e108d2db1d5aba9ff13a6664884ac78e3f84d61f95a6141b

Download Submit
C:\Windows\System\RTFHFYR.exe

Filesize
6.0MB

MD5
893ced3d6353c5cadd94812d48fb7b4b

SHA1
1772e9997b27d9a72597680e8276cb2b4ea0d549

SHA256
01556db0f98da55471cdc1e3ed6c29f1407542ac7ab92b0dbdc67dffdd1dbc3a

SHA512
6e62e32c2996e17cc6f6811f9b26746d392d8e2c12340632fd0aede7a7c644774985e6f277d600ef63d033f0f0ee657cfb578078746a52d058e767ed9efa3f4e

Download Submit
C:\Windows\System\RasDhLw.exe

Filesize
6.0MB

MD5
0bd1993b497e912ee83389ff379b9de3

SHA1
af115f3449cda3d198a2a7f6c7cd49e4f765e225

SHA256
dc59adf586885811f84de70bb828e37e5fea753806ace6856a8b256a18c77bae

SHA512
3d8ff75ed5c928dd105c22d9bc4f1f045e88057671a417ffaf5cbcc31cdabfd0f69a7f787d65bdf6b3b8e2b4727a0b47d6438e41cc5d1fa29efbe044283073b9

Download Submit
C:\Windows\System\RiUWTdW.exe

Filesize
6.0MB

MD5
18fa5e7b7e9daed5fd4c781b55ac868e

SHA1
122d380d78c19c506ab3ca6d3c99d270652f4086

SHA256
6a1ed9404527ae4907f790922f952e786f01def8ccb72c97a93ceeb06b13f372

SHA512
1cc0fde5665b342de9c36d6124379db71ef7b8144213608f41af68ab61d0224975860dc941354f2c99a802783f793da07dc59bbea73cb741702a50a9e96de2af

Download Submit
C:\Windows\System\UodJSLL.exe

Filesize
6.0MB

MD5
68924eec13273e76704fbf19cfbd5490

SHA1
b775bf7f82d565388413e0794089610950a7f1e3

SHA256
4112693c7f781483f0b6dd2c3d03d01ecfc6c248a42a1f6086baa5cddd178be6

SHA512
d28771ff4256a0a8e32aa03eac6f03066990d563b80847b06bfd443ef5c2988aa3fa76ba51ebb16380074f217c2879ab733a8e540bda32262ebb24589d6907b7

Download Submit
C:\Windows\System\VrdjlQY.exe

Filesize
6.0MB

MD5
cee676142ac2e0d31db79c929244cbc6

SHA1
83ab0c89e4739bd941e82de29f0809621117c670

SHA256
4a9b440f711d40ef22d907b619e759a28f2b56faa1ab41e68a32e14d8a217550

SHA512
e2d84d1293a59d06ffb896585a04cd3ec7dc50567a9ad47a62160a118ee7580de693d70cbf599149f54f0da57ae82c5f2f8f5e0cda19ef47ca56f30ec1c75b51

Download Submit
C:\Windows\System\dCWPBMG.exe

Filesize
6.0MB

MD5
9a7e72db7dedb6142d0cf63e107ed030

SHA1
2c4ec5e63b44f6eaadfcd9c7fbbcc477946d721b

SHA256
967970b2dcb9fc32f9781df9622ec2523a080253cb15b63fcb2b737af0307715

SHA512
a0dbae8d56191b03733b01e5f9169cca03a55c8779f12a185ac6f54a265f79db23efd1d1e065627776d66596d3f86cd6d4430ff74292078113c4da876ddc7541

Download Submit
C:\Windows\System\dVRHckG.exe

Filesize
6.0MB

MD5
a6eff34b5000411fcf975debaa039a80

SHA1
c31ae50634afdfacf9a5e9e98801271be75da5cf

SHA256
434c9071c2cb334f3a25f3612b108d051b0dc95bee15ce46c86c2bd08e16ca31

SHA512
1c7095cd21d46f55c3304ce046658d9d5296fea479bfffd457615d3b3daaea149bff918ec3da0323d1fcae7124f4993a472a86ecc97f7bf7a10f6dfe7e5ddec3

Download Submit
C:\Windows\System\dsfvnwC.exe

Filesize
6.0MB

MD5
7c9102dcf00efee0bcf1e268a2da7641

SHA1
6442ec1019118abbd5671220c41b998cc5edc695

SHA256
8b53bc32018ec04fbcef3d3931fc9d0fa32f5849df1e25d6f136084f7e4509d3

SHA512
1de3475277bc7521d856dd71b244bb3904d6ba0bc6a0ed432d3d2c63519f3e8ac4d9c8f51ce29833ac62bc8b391b0ad700973d4f0d6dacf2acbea92b1c999c1e

Download Submit
C:\Windows\System\fOnJuaA.exe

Filesize
6.0MB

MD5
b69e0bfeab9a402352a8ace6c5a6c26c

SHA1
6999fef2f7861dc082e7c78682861d11da6093c4

SHA256
9a5101c95b9b59e7a7fb507a1848bbc72ad4a2da9d4cde30c2fd58d330257670

SHA512
14a38c66ace84675c8bc22ebf5b0b2dab509c3e6537cc597c3586d9f1272fe3dce9caf935ce217bf7ea1073c7db56ff52e9a13956e4a1cd88523c28d769ea1ff

Download Submit
C:\Windows\System\hgEMorl.exe

Filesize
6.0MB

MD5
6d5171b9d5f70fe6e764a82111103e17

SHA1
32ae4df2843f57901d343d97b492f81fdb065d2f

SHA256
97b1a9d02b3196b6c3d47d7a5e573acf0af0efc2877cb394fe931265e8aae8d6

SHA512
f2e2109f402c9b2eb469877b5381621641eb9ce0504141a0d03f8d64b150dacd4cb178516059c7d4d0c9af86a7ec612302f4d752bbfd658d083748979e4b620f

Download Submit
C:\Windows\System\iNYohfa.exe

Filesize
6.0MB

MD5
71c3e86d09ad9c1e449545d904903b44

SHA1
be1e37fe565e7f096843dc87d2acdd30fde700a9

SHA256
188d411ca57db1bd56733e7eddcffe588e1938d13b8763eb5d783f13efd9670c

SHA512
3122b49445d391f86b4f94c60af6b87b2432cea825d3a5cb636e7f55da26a071c840bc01e98894068f8e9c980b0b9d2ddd6e0692c76e982ae1eab75e4d02d68b

Download Submit
C:\Windows\System\kYfkLjr.exe

Filesize
6.0MB

MD5
b97315842e34c10110e64932a7de8968

SHA1
4a9088c2c9871d273dd86205f5238332c55f6433

SHA256
394d862540a1a629093e763f038049a685043a13e19a8d896879b036b27accb0

SHA512
c3d6a89b293316e46786e03db813a333a61990ac90afbb498074cccc364c91fea02a90a73954b5cc3db71cf003d42d6b3b3db412dab14f3cb0aa31feb0c5906b

Download Submit
C:\Windows\System\mSXAKpE.exe

Filesize
6.0MB

MD5
1b40b76309c0db4415c852dd7a0776ef

SHA1
2b5c5a147060057050eafd7a0e8adb89d58389e8

SHA256
4ed1fe56d4be6b1a0977e5682c704e3411e48f1c3dcb461938cff298ea597ebe

SHA512
f484a767a788611ee20ede07ebc7cb17587e93a47165d9bfac969217f9c581d195c5c70124e0ea27600c8c9649ee60370a1888b951d41153d11b0d9856bc352e

Download Submit
C:\Windows\System\nAgRzkK.exe

Filesize
6.0MB

MD5
31af4b9c8cac40ef57b7f2b0cc5972d5

SHA1
281aaec59e96fde4cce35bded575625ed8753390

SHA256
cc3d45245aeb24652770d8b16e263773c84f8ed190e9854aae1516de1648222f

SHA512
5eeea9d888b3a19ecb3a4f95a808decd5ac308732580cfb85c983faafc983a674131b46ba92fd070db62e865a75873dc91b2347a8476817b0e21afb3f2e3fd1e

Download Submit
C:\Windows\System\pEOkxqn.exe

Filesize
6.0MB

MD5
347e04b9929c3ef4853b1f748fe51b09

SHA1
d56fde595a312fd27a53638eb1b3188a5bccd4d1

SHA256
1d3190eafc1fbd74a1db89440834034c0440fcf6f16f47e20df259f3e4a72ea5

SHA512
a99bf9f0b3292e0883bb387b50e81322e36a06cde479e71345eaa43dd900d260b6c20b07b8a6010635da1f372ac6735fa1b0f364da957f57c4a967d26eb37a2b

Download Submit
C:\Windows\System\qCeixAx.exe

Filesize
6.0MB

MD5
4d3280a2a5818c8bcf78ab87a7a8b170

SHA1
d1075a8cbdeb26eefd934c0e8e87acf9b38e66a0

SHA256
0d2b7d5f2bcf3d195ef2918f050f91e4d2f4c42dd442c5b483c4519025071ccd

SHA512
1b56475e8539cd67ed6ac73e71db893ab3b6b5b827aefe66dbabc2eeff011211f7155685fb04e5987946775feac5145e41094212e5835e86066d615c35c481c0

Download Submit
C:\Windows\System\qHABTaa.exe

Filesize
6.0MB

MD5
3d7ef2877c503ff6cf566e51af2e8292

SHA1
1c07dab5856ac6dde7bc5025d0861b248a04aeaf

SHA256
0525bca21d75ea38aa9d9eb7ef3717cd0dbe2b4d299cd0988e04ecc0f2a3fa97

SHA512
e1fbe3a5ea2a2a93b44f7dadc98ae13f3b7795abaf86ff333438a9243a9dd72aa949e0818dca0540447e97f9c28bfb0aab6b311522a5bbc6ae4972ec91e2147a

Download Submit
C:\Windows\System\sHNRGGQ.exe

Filesize
6.0MB

MD5
f41f8fee8ca4edb4afffcc71c75049ba

SHA1
86609ced04ae31e1169b60a15184397cd1645827

SHA256
c07cab0b69ef7f8e6a789767b45d7e486338d948b647a04874f94db32c71813b

SHA512
2424c59b7121cf4fd527ff96c5245ada8e53d689c0e1b6317c31d0ff2abb7d0a75d16d053cec0c80d4198034293e4a6a7e10ef4cbbc3e41a1e14118af35d5307

Download Submit
C:\Windows\System\uBRIBkv.exe

Filesize
6.0MB

MD5
8d38cc6c4b56f1b6745a1ac071e22306

SHA1
455fe13fa7466da73f986fa4c31bc99bc628dbbd

SHA256
1fbd0e87f34945a1298849fdaca67f0a5c8645b05383aa4cf1cce4485d3d28c6

SHA512
f9663ab602c7b2261f01af22563b25a41cc628f2b8e8f721b579654e70d4075564d6e8abf88b8c5d27400b5e60c23dacb427d89c3877f9ff35dba830bec373db

Download Submit
C:\Windows\System\vlqfTIT.exe

Filesize
6.0MB

MD5
df21e24fd545653886532c9ca07cb333

SHA1
5841c04d6a710497a9a07cbf90f3dc75b998c7af

SHA256
1fcb233c9d77b251b3ce87e2e8a6a0e9e82936fbe9785a8515c831505ba6b8ef

SHA512
cb5fcfafeb05ccb2bf24d1d40799090729614432e9e6d86fe5546adf844c721d97bde2a3f41f20f2ce284004d3fa5ea047c562c499827e6d902beb8a604ca020

Download Submit
C:\Windows\System\vxQibMo.exe

Filesize
6.0MB

MD5
6c4c345cd4e9efb711252c52029ee5a7

SHA1
650c203fe102b2a7b9254646dfc65e54f1ee7e5d

SHA256
595a15b3a00b63a9f0f7c55623c20dd4771c6fa5acadb80d8014c276df47c539

SHA512
cfe4d57f1f81334a9815826dbfbf57a593ffd4b94e0db770c77caf22b10878a4a3f74b4c32ea5388f30ae1903dd14b6718143613db86d8011af1ee24f06a0684

Download Submit
C:\Windows\System\wBKdcEm.exe

Filesize
6.0MB

MD5
e36f438328bf57d26173be8a45c4982c

SHA1
9d3b16bdc881f45a28b0296fea770eb78b220252

SHA256
3f24585caf4db1c15bda5852f2b4843ee108db853497e9e069a572df3df2efee

SHA512
cb0cf16c0939e1dc9384069496c16873c91a1d8edbb12ceeb01c12841264d2fa16d99d8daf8f905e3c94925c21751e8f9a2d909f31a08d60341921dfa2f5129b

Download Submit
memory/384-181-0x00007FF67CEF0000-0x00007FF67D244000-memory.dmp

Filesize
3.3MB

Download
memory/384-2251-0x00007FF67CEF0000-0x00007FF67D244000-memory.dmp

Filesize
3.3MB

Download
memory/384-116-0x00007FF67CEF0000-0x00007FF67D244000-memory.dmp

Filesize
3.3MB

Download
memory/644-2253-0x00007FF656110000-0x00007FF656464000-memory.dmp

Filesize
3.3MB

Download
memory/644-132-0x00007FF656110000-0x00007FF656464000-memory.dmp

Filesize
3.3MB

Download
memory/1028-81-0x00007FF778DE0000-0x00007FF779134000-memory.dmp

Filesize
3.3MB

Download
memory/1028-20-0x00007FF778DE0000-0x00007FF779134000-memory.dmp

Filesize
3.3MB

Download
memory/1028-2236-0x00007FF778DE0000-0x00007FF779134000-memory.dmp

Filesize
3.3MB

Download
memory/1308-2258-0x00007FF65D6C0000-0x00007FF65DA14000-memory.dmp

Filesize
3.3MB

Download
memory/1308-162-0x00007FF65D6C0000-0x00007FF65DA14000-memory.dmp

Filesize
3.3MB

Download
memory/1348-1-0x000002A820F50000-0x000002A820F60000-memory.dmp

Filesize
64KB

Download
memory/1348-62-0x00007FF676330000-0x00007FF676684000-memory.dmp

Filesize
3.3MB

Download
memory/1348-0-0x00007FF676330000-0x00007FF676684000-memory.dmp

Filesize
3.3MB

Download
memory/1436-2245-0x00007FF606590000-0x00007FF6068E4000-memory.dmp

Filesize
3.3MB

Download
memory/1436-77-0x00007FF606590000-0x00007FF6068E4000-memory.dmp

Filesize
3.3MB

Download
memory/1568-141-0x00007FF64F590000-0x00007FF64F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/1568-260-0x00007FF64F590000-0x00007FF64F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/1568-2255-0x00007FF64F590000-0x00007FF64F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/1576-2234-0x00007FF7704C0000-0x00007FF770814000-memory.dmp

Filesize
3.3MB

Download
memory/1576-8-0x00007FF7704C0000-0x00007FF770814000-memory.dmp

Filesize
3.3MB

Download
memory/1576-69-0x00007FF7704C0000-0x00007FF770814000-memory.dmp

Filesize
3.3MB

Download
memory/1860-208-0x00007FF6D31D0000-0x00007FF6D3524000-memory.dmp

Filesize
3.3MB

Download
memory/1860-2254-0x00007FF6D31D0000-0x00007FF6D3524000-memory.dmp

Filesize
3.3MB

Download
memory/1860-134-0x00007FF6D31D0000-0x00007FF6D3524000-memory.dmp

Filesize
3.3MB

Download
memory/2008-2246-0x00007FF704F10000-0x00007FF705264000-memory.dmp

Filesize
3.3MB

Download
memory/2008-84-0x00007FF704F10000-0x00007FF705264000-memory.dmp

Filesize
3.3MB

Download
memory/2008-140-0x00007FF704F10000-0x00007FF705264000-memory.dmp

Filesize
3.3MB

Download
memory/2036-2238-0x00007FF703ED0000-0x00007FF704224000-memory.dmp

Filesize
3.3MB

Download
memory/2036-95-0x00007FF703ED0000-0x00007FF704224000-memory.dmp

Filesize
3.3MB

Download
memory/2036-32-0x00007FF703ED0000-0x00007FF704224000-memory.dmp

Filesize
3.3MB

Download
memory/2080-50-0x00007FF619B60000-0x00007FF619EB4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-2241-0x00007FF619B60000-0x00007FF619EB4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2252-0x00007FF6DAFE0000-0x00007FF6DB334000-memory.dmp

Filesize
3.3MB

Download
memory/2392-184-0x00007FF6DAFE0000-0x00007FF6DB334000-memory.dmp

Filesize
3.3MB

Download
memory/2392-125-0x00007FF6DAFE0000-0x00007FF6DB334000-memory.dmp

Filesize
3.3MB

Download
memory/2616-2244-0x00007FF73C460000-0x00007FF73C7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-70-0x00007FF73C460000-0x00007FF73C7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-320-0x00007FF624D80000-0x00007FF6250D4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-2256-0x00007FF624D80000-0x00007FF6250D4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-147-0x00007FF624D80000-0x00007FF6250D4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-179-0x00007FF6EB090000-0x00007FF6EB3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-515-0x00007FF6EB090000-0x00007FF6EB3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-2262-0x00007FF6EB090000-0x00007FF6EB3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-166-0x00007FF67E1E0000-0x00007FF67E534000-memory.dmp

Filesize
3.3MB

Download
memory/2940-2259-0x00007FF67E1E0000-0x00007FF67E534000-memory.dmp

Filesize
3.3MB

Download
memory/2940-514-0x00007FF67E1E0000-0x00007FF67E534000-memory.dmp

Filesize
3.3MB

Download
memory/2948-2260-0x00007FF65FFA0000-0x00007FF6602F4000-memory.dmp

Filesize
3.3MB

Download
memory/2948-189-0x00007FF65FFA0000-0x00007FF6602F4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-2248-0x00007FF70DA30000-0x00007FF70DD84000-memory.dmp

Filesize
3.3MB

Download
memory/2996-98-0x00007FF70DA30000-0x00007FF70DD84000-memory.dmp

Filesize
3.3MB

Download
memory/3124-2239-0x00007FF7CF190000-0x00007FF7CF4E4000-memory.dmp

Filesize
3.3MB

Download
memory/3124-103-0x00007FF7CF190000-0x00007FF7CF4E4000-memory.dmp

Filesize
3.3MB

Download
memory/3124-38-0x00007FF7CF190000-0x00007FF7CF4E4000-memory.dmp

Filesize
3.3MB

Download
memory/3544-104-0x00007FF7A4BA0000-0x00007FF7A4EF4000-memory.dmp

Filesize
3.3MB

Download
memory/3544-160-0x00007FF7A4BA0000-0x00007FF7A4EF4000-memory.dmp

Filesize
3.3MB

Download
memory/3544-2249-0x00007FF7A4BA0000-0x00007FF7A4EF4000-memory.dmp

Filesize
3.3MB

Download
memory/3660-173-0x00007FF6BD4A0000-0x00007FF6BD7F4000-memory.dmp

Filesize
3.3MB

Download
memory/3660-110-0x00007FF6BD4A0000-0x00007FF6BD7F4000-memory.dmp

Filesize
3.3MB

Download
memory/3660-2250-0x00007FF6BD4A0000-0x00007FF6BD7F4000-memory.dmp

Filesize
3.3MB

Download
memory/3728-115-0x00007FF739880000-0x00007FF739BD4000-memory.dmp

Filesize
3.3MB

Download
memory/3728-2242-0x00007FF739880000-0x00007FF739BD4000-memory.dmp

Filesize
3.3MB

Download
memory/3728-56-0x00007FF739880000-0x00007FF739BD4000-memory.dmp

Filesize
3.3MB

Download
memory/3764-153-0x00007FF64F430000-0x00007FF64F784000-memory.dmp

Filesize
3.3MB

Download
memory/3764-2257-0x00007FF64F430000-0x00007FF64F784000-memory.dmp

Filesize
3.3MB

Download
memory/3764-383-0x00007FF64F430000-0x00007FF64F784000-memory.dmp

Filesize
3.3MB

Download
memory/3796-89-0x00007FF6C65F0000-0x00007FF6C6944000-memory.dmp

Filesize
3.3MB

Download
memory/3796-2237-0x00007FF6C65F0000-0x00007FF6C6944000-memory.dmp

Filesize
3.3MB

Download
memory/3796-26-0x00007FF6C65F0000-0x00007FF6C6944000-memory.dmp

Filesize
3.3MB

Download
memory/3800-63-0x00007FF7B6510000-0x00007FF7B6864000-memory.dmp

Filesize
3.3MB

Download
memory/3800-2243-0x00007FF7B6510000-0x00007FF7B6864000-memory.dmp

Filesize
3.3MB

Download
memory/4728-44-0x00007FF78C6E0000-0x00007FF78CA34000-memory.dmp

Filesize
3.3MB

Download
memory/4728-2240-0x00007FF78C6E0000-0x00007FF78CA34000-memory.dmp

Filesize
3.3MB

Download
memory/4732-2247-0x00007FF684D20000-0x00007FF685074000-memory.dmp

Filesize
3.3MB

Download
memory/4732-93-0x00007FF684D20000-0x00007FF685074000-memory.dmp

Filesize
3.3MB

Download
memory/4932-14-0x00007FF756EC0000-0x00007FF757214000-memory.dmp

Filesize
3.3MB

Download
memory/4932-76-0x00007FF756EC0000-0x00007FF757214000-memory.dmp

Filesize
3.3MB

Download
memory/4932-2235-0x00007FF756EC0000-0x00007FF757214000-memory.dmp

Filesize
3.3MB

Download
memory/4960-707-0x00007FF7ABAF0000-0x00007FF7ABE44000-memory.dmp

Filesize
3.3MB

Download
memory/4960-2261-0x00007FF7ABAF0000-0x00007FF7ABE44000-memory.dmp

Filesize
3.3MB

Download
memory/4960-190-0x00007FF7ABAF0000-0x00007FF7ABE44000-memory.dmp

Filesize
3.3MB

Download