cobaltstrike | e08fe55e277c63585eda0473d85ef893b7d68dcbcbb69c94ddb9c5bc19d9a513

Analysis

max time kernel
110s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2024 02:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

630db713ef477173c430867af2387270
SHA1

0b8fe20eebdc13200b0deff54a8d768e691dfb33
SHA256

e08fe55e277c63585eda0473d85ef893b7d68dcbcbb69c94ddb9c5bc19d9a513
SHA512

e1d7c1b0272de6a13dd31c1cc26b457a06fa3d0ac9c9564690b77cacd46d2113a65a0de53779ea3195e2ad6e34d8f4c2bcc50ab2c07624d9c2f13862c7d0744e
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUE:T+q56utgpPF8u/7E

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0009000000023c94-5.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9b-10.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9a-12.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023c97-22.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9c-28.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9d-37.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9e-38.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9f-43.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca0-53.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca1-62.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca2-66.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca3-73.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca4-79.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca5-86.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca6-92.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca7-97.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca8-108.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca9-115.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cac-125.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023caa-132.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cae-140.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023caf-145.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb5-178.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb4-187.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb3-185.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb2-165.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb1-161.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb0-159.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cad-138.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb7-196.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb6-197.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb8-204.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1356-0-0x00007FF638D50000-0x00007FF6390A4000-memory.dmp	xmrig
behavioral2/files/0x0009000000023c94-5.dat	xmrig
behavioral2/files/0x0007000000023c9b-10.dat	xmrig
behavioral2/files/0x0007000000023c9a-12.dat	xmrig
behavioral2/memory/4712-11-0x00007FF6FBBB0000-0x00007FF6FBF04000-memory.dmp	xmrig
behavioral2/memory/4796-7-0x00007FF7230E0000-0x00007FF723434000-memory.dmp	xmrig
behavioral2/memory/3852-19-0x00007FF79C9B0000-0x00007FF79CD04000-memory.dmp	xmrig
behavioral2/files/0x000a000000023c97-22.dat	xmrig
behavioral2/memory/3376-24-0x00007FF7C30E0000-0x00007FF7C3434000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9c-28.dat	xmrig
behavioral2/memory/3112-32-0x00007FF7710E0000-0x00007FF771434000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9d-37.dat	xmrig
behavioral2/files/0x0007000000023c9e-38.dat	xmrig
behavioral2/files/0x0007000000023c9f-43.dat	xmrig
behavioral2/memory/3508-47-0x00007FF7E4860000-0x00007FF7E4BB4000-memory.dmp	xmrig
behavioral2/memory/2184-48-0x00007FF7A8F10000-0x00007FF7A9264000-memory.dmp	xmrig
behavioral2/memory/2652-39-0x00007FF6E1E30000-0x00007FF6E2184000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca0-53.dat	xmrig
behavioral2/memory/4796-57-0x00007FF7230E0000-0x00007FF723434000-memory.dmp	xmrig
behavioral2/memory/2656-58-0x00007FF64CF90000-0x00007FF64D2E4000-memory.dmp	xmrig
behavioral2/memory/1356-56-0x00007FF638D50000-0x00007FF6390A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca1-62.dat	xmrig
behavioral2/memory/1060-64-0x00007FF7651E0000-0x00007FF765534000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca2-66.dat	xmrig
behavioral2/memory/2220-71-0x00007FF7B5130000-0x00007FF7B5484000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca3-73.dat	xmrig
behavioral2/memory/4976-75-0x00007FF65A1F0000-0x00007FF65A544000-memory.dmp	xmrig
behavioral2/memory/4712-69-0x00007FF6FBBB0000-0x00007FF6FBF04000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca4-79.dat	xmrig
behavioral2/memory/2020-83-0x00007FF74A820000-0x00007FF74AB74000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca5-86.dat	xmrig
behavioral2/files/0x0007000000023ca6-92.dat	xmrig
behavioral2/memory/3508-94-0x00007FF7E4860000-0x00007FF7E4BB4000-memory.dmp	xmrig
behavioral2/memory/2652-99-0x00007FF6E1E30000-0x00007FF6E2184000-memory.dmp	xmrig
behavioral2/memory/2124-103-0x00007FF7B7220000-0x00007FF7B7574000-memory.dmp	xmrig
behavioral2/memory/2316-98-0x00007FF6AA490000-0x00007FF6AA7E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca7-97.dat	xmrig
behavioral2/memory/3112-93-0x00007FF7710E0000-0x00007FF771434000-memory.dmp	xmrig
behavioral2/memory/1340-91-0x00007FF637AD0000-0x00007FF637E24000-memory.dmp	xmrig
behavioral2/memory/3376-87-0x00007FF7C30E0000-0x00007FF7C3434000-memory.dmp	xmrig
behavioral2/memory/2184-106-0x00007FF7A8F10000-0x00007FF7A9264000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca8-108.dat	xmrig
behavioral2/memory/3236-110-0x00007FF7E1920000-0x00007FF7E1C74000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca9-115.dat	xmrig
behavioral2/memory/2924-118-0x00007FF603C90000-0x00007FF603FE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cac-125.dat	xmrig
behavioral2/files/0x0007000000023caa-132.dat	xmrig
behavioral2/files/0x0007000000023cae-140.dat	xmrig
behavioral2/files/0x0007000000023caf-145.dat	xmrig
behavioral2/memory/1148-155-0x00007FF6D55B0000-0x00007FF6D5904000-memory.dmp	xmrig
behavioral2/memory/2400-163-0x00007FF6B5860000-0x00007FF6B5BB4000-memory.dmp	xmrig
behavioral2/memory/2068-169-0x00007FF664BE0000-0x00007FF664F34000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb5-178.dat	xmrig
behavioral2/files/0x0007000000023cb4-187.dat	xmrig
behavioral2/files/0x0007000000023cb3-185.dat	xmrig
behavioral2/memory/2316-184-0x00007FF6AA490000-0x00007FF6AA7E4000-memory.dmp	xmrig
behavioral2/memory/1540-183-0x00007FF610AD0000-0x00007FF610E24000-memory.dmp	xmrig
behavioral2/memory/2604-182-0x00007FF691EA0000-0x00007FF6921F4000-memory.dmp	xmrig
behavioral2/memory/3432-181-0x00007FF74C820000-0x00007FF74CB74000-memory.dmp	xmrig
behavioral2/memory/1340-180-0x00007FF637AD0000-0x00007FF637E24000-memory.dmp	xmrig
behavioral2/memory/2020-179-0x00007FF74A820000-0x00007FF74AB74000-memory.dmp	xmrig
behavioral2/memory/5000-168-0x00007FF7A6C20000-0x00007FF7A6F74000-memory.dmp	xmrig
behavioral2/memory/2680-167-0x00007FF7B4670000-0x00007FF7B49C4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb2-165.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4796	jtazOvJ.exe
4712	WmjDJXj.exe
3852	KGBvBva.exe
3376	zEmenjp.exe
3112	qSFtnWh.exe
2652	pZBlWtq.exe
3508	DNsfVEs.exe
2184	wBniffd.exe
2656	XrVvtIZ.exe
1060	WFsbxev.exe
2220	KmCeXcg.exe
4976	bTJMklJ.exe
2020	Gmusskw.exe
1340	QtHmeij.exe
2316	JQXWzxh.exe
2124	WcTyIvT.exe
3236	HNrgfKR.exe
2924	BpMtetf.exe
4252	EjYiKDp.exe
1148	XxLdiUs.exe
2680	JnYcGYs.exe
1804	VzwwxJL.exe
4784	EMgKRFj.exe
5000	HicYbdD.exe
2400	PeHZTww.exe
2068	RFcFpKk.exe
3432	DVkgcyj.exe
2604	HUmRDRn.exe
1540	UzugCix.exe
4688	yQTxpzc.exe
4632	ybywdyY.exe
2872	SjKUzIo.exe
2752	dnFjeUU.exe
960	VHXdTuj.exe
2412	KhDmGRw.exe
1676	nvoJGGZ.exe
4808	qfOqlAu.exe
3820	JeDMORa.exe
3576	iNiQOnc.exe
3956	gWTCJwC.exe
2780	ZjEWfcL.exe
3808	PaQLqhQ.exe
2380	sxVuvzt.exe
4996	nCWMtVi.exe
384	YTMkNZo.exe
3880	eVyTWVg.exe
4304	rFjIViq.exe
3224	eyQYViq.exe
4644	InSxFnm.exe
3080	GDXhjEs.exe
748	jboMfih.exe
3600	qXuRYVP.exe
3740	tYczISP.exe
1672	vyqDFVp.exe
2736	wvRTDxA.exe
3192	lPmibuk.exe
4576	kmDbcfc.exe
1260	eVGJZsK.exe
2540	JYNkHwc.exe
3760	THnRrYD.exe
872	ZEymqfZ.exe
5012	ROdrfjZ.exe
1308	emnLNcn.exe
2740	FifjBqN.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1356-0-0x00007FF638D50000-0x00007FF6390A4000-memory.dmp	upx
behavioral2/files/0x0009000000023c94-5.dat	upx
behavioral2/files/0x0007000000023c9b-10.dat	upx
behavioral2/files/0x0007000000023c9a-12.dat	upx
behavioral2/memory/4712-11-0x00007FF6FBBB0000-0x00007FF6FBF04000-memory.dmp	upx
behavioral2/memory/4796-7-0x00007FF7230E0000-0x00007FF723434000-memory.dmp	upx
behavioral2/memory/3852-19-0x00007FF79C9B0000-0x00007FF79CD04000-memory.dmp	upx
behavioral2/files/0x000a000000023c97-22.dat	upx
behavioral2/memory/3376-24-0x00007FF7C30E0000-0x00007FF7C3434000-memory.dmp	upx
behavioral2/files/0x0007000000023c9c-28.dat	upx
behavioral2/memory/3112-32-0x00007FF7710E0000-0x00007FF771434000-memory.dmp	upx
behavioral2/files/0x0007000000023c9d-37.dat	upx
behavioral2/files/0x0007000000023c9e-38.dat	upx
behavioral2/files/0x0007000000023c9f-43.dat	upx
behavioral2/memory/3508-47-0x00007FF7E4860000-0x00007FF7E4BB4000-memory.dmp	upx
behavioral2/memory/2184-48-0x00007FF7A8F10000-0x00007FF7A9264000-memory.dmp	upx
behavioral2/memory/2652-39-0x00007FF6E1E30000-0x00007FF6E2184000-memory.dmp	upx
behavioral2/files/0x0007000000023ca0-53.dat	upx
behavioral2/memory/4796-57-0x00007FF7230E0000-0x00007FF723434000-memory.dmp	upx
behavioral2/memory/2656-58-0x00007FF64CF90000-0x00007FF64D2E4000-memory.dmp	upx
behavioral2/memory/1356-56-0x00007FF638D50000-0x00007FF6390A4000-memory.dmp	upx
behavioral2/files/0x0007000000023ca1-62.dat	upx
behavioral2/memory/1060-64-0x00007FF7651E0000-0x00007FF765534000-memory.dmp	upx
behavioral2/files/0x0007000000023ca2-66.dat	upx
behavioral2/memory/2220-71-0x00007FF7B5130000-0x00007FF7B5484000-memory.dmp	upx
behavioral2/files/0x0007000000023ca3-73.dat	upx
behavioral2/memory/4976-75-0x00007FF65A1F0000-0x00007FF65A544000-memory.dmp	upx
behavioral2/memory/4712-69-0x00007FF6FBBB0000-0x00007FF6FBF04000-memory.dmp	upx
behavioral2/files/0x0007000000023ca4-79.dat	upx
behavioral2/memory/2020-83-0x00007FF74A820000-0x00007FF74AB74000-memory.dmp	upx
behavioral2/files/0x0007000000023ca5-86.dat	upx
behavioral2/files/0x0007000000023ca6-92.dat	upx
behavioral2/memory/3508-94-0x00007FF7E4860000-0x00007FF7E4BB4000-memory.dmp	upx
behavioral2/memory/2652-99-0x00007FF6E1E30000-0x00007FF6E2184000-memory.dmp	upx
behavioral2/memory/2124-103-0x00007FF7B7220000-0x00007FF7B7574000-memory.dmp	upx
behavioral2/memory/2316-98-0x00007FF6AA490000-0x00007FF6AA7E4000-memory.dmp	upx
behavioral2/files/0x0007000000023ca7-97.dat	upx
behavioral2/memory/3112-93-0x00007FF7710E0000-0x00007FF771434000-memory.dmp	upx
behavioral2/memory/1340-91-0x00007FF637AD0000-0x00007FF637E24000-memory.dmp	upx
behavioral2/memory/3376-87-0x00007FF7C30E0000-0x00007FF7C3434000-memory.dmp	upx
behavioral2/memory/2184-106-0x00007FF7A8F10000-0x00007FF7A9264000-memory.dmp	upx
behavioral2/files/0x0007000000023ca8-108.dat	upx
behavioral2/memory/3236-110-0x00007FF7E1920000-0x00007FF7E1C74000-memory.dmp	upx
behavioral2/files/0x0007000000023ca9-115.dat	upx
behavioral2/memory/2924-118-0x00007FF603C90000-0x00007FF603FE4000-memory.dmp	upx
behavioral2/files/0x0007000000023cac-125.dat	upx
behavioral2/files/0x0007000000023caa-132.dat	upx
behavioral2/files/0x0007000000023cae-140.dat	upx
behavioral2/files/0x0007000000023caf-145.dat	upx
behavioral2/memory/1148-155-0x00007FF6D55B0000-0x00007FF6D5904000-memory.dmp	upx
behavioral2/memory/2400-163-0x00007FF6B5860000-0x00007FF6B5BB4000-memory.dmp	upx
behavioral2/memory/2068-169-0x00007FF664BE0000-0x00007FF664F34000-memory.dmp	upx
behavioral2/files/0x0007000000023cb5-178.dat	upx
behavioral2/files/0x0007000000023cb4-187.dat	upx
behavioral2/files/0x0007000000023cb3-185.dat	upx
behavioral2/memory/2316-184-0x00007FF6AA490000-0x00007FF6AA7E4000-memory.dmp	upx
behavioral2/memory/1540-183-0x00007FF610AD0000-0x00007FF610E24000-memory.dmp	upx
behavioral2/memory/2604-182-0x00007FF691EA0000-0x00007FF6921F4000-memory.dmp	upx
behavioral2/memory/3432-181-0x00007FF74C820000-0x00007FF74CB74000-memory.dmp	upx
behavioral2/memory/1340-180-0x00007FF637AD0000-0x00007FF637E24000-memory.dmp	upx
behavioral2/memory/2020-179-0x00007FF74A820000-0x00007FF74AB74000-memory.dmp	upx
behavioral2/memory/5000-168-0x00007FF7A6C20000-0x00007FF7A6F74000-memory.dmp	upx
behavioral2/memory/2680-167-0x00007FF7B4670000-0x00007FF7B49C4000-memory.dmp	upx
behavioral2/files/0x0007000000023cb2-165.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\iJAKTlw.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iNiQOnc.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ixXIMWo.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uJKCwnA.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VlZDhJD.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mpTwSsD.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\etPBzGU.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FXCTMVf.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WchMcmB.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fuCMqXw.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jWIhJQz.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\phbbSgl.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JQXWzxh.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FXxHckM.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DqXliYA.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\axaeaIL.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rGsnnwt.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JZChnHQ.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HRJtJYX.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YUBQzqn.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mjGPKQf.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HcOpprb.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rmFbBKr.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JQfrcfs.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NDmzMVm.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FZKHrrZ.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\niUqMJq.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KvzvZvm.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FEEZhqB.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OphVztt.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jbteaZA.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IjgAdou.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bEhiruE.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Grlpyfg.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tYczISP.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JEVyEUt.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lMRKMQH.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OklfUgq.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EfMyxYO.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tUxjTOi.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VfwRDcq.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AYOeVUp.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZNNDTSo.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JtiOvpf.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sHDQhrZ.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SwcpDZm.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\auXcKmY.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aMaHDKO.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FXXQxYs.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eHuzWNa.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NlNoEBK.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fJuymcs.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WoJtfik.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GDXhjEs.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wIoWvgO.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qkkhcYk.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VxHQhSr.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eOHcQPD.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EjSanef.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VXSbJNV.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\amzEfAx.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vnYslVG.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AEuHwne.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mQNXfhE.exe	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1356 wrote to memory of 4796	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 1356 wrote to memory of 4796	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 1356 wrote to memory of 4712	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 1356 wrote to memory of 4712	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 1356 wrote to memory of 3852	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 1356 wrote to memory of 3852	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 1356 wrote to memory of 3376	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1356 wrote to memory of 3376	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1356 wrote to memory of 3112	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 1356 wrote to memory of 3112	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 1356 wrote to memory of 2652	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1356 wrote to memory of 2652	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1356 wrote to memory of 3508	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1356 wrote to memory of 3508	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1356 wrote to memory of 2184	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1356 wrote to memory of 2184	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1356 wrote to memory of 2656	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1356 wrote to memory of 2656	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1356 wrote to memory of 1060	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1356 wrote to memory of 1060	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1356 wrote to memory of 2220	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1356 wrote to memory of 2220	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1356 wrote to memory of 4976	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1356 wrote to memory of 4976	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1356 wrote to memory of 2020	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1356 wrote to memory of 2020	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1356 wrote to memory of 1340	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1356 wrote to memory of 1340	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1356 wrote to memory of 2316	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1356 wrote to memory of 2316	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1356 wrote to memory of 2124	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1356 wrote to memory of 2124	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1356 wrote to memory of 3236	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1356 wrote to memory of 3236	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1356 wrote to memory of 2924	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1356 wrote to memory of 2924	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1356 wrote to memory of 4252	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1356 wrote to memory of 4252	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1356 wrote to memory of 1148	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1356 wrote to memory of 1148	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1356 wrote to memory of 2680	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1356 wrote to memory of 2680	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1356 wrote to memory of 1804	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1356 wrote to memory of 1804	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1356 wrote to memory of 4784	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1356 wrote to memory of 4784	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1356 wrote to memory of 5000	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1356 wrote to memory of 5000	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1356 wrote to memory of 2400	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1356 wrote to memory of 2400	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1356 wrote to memory of 2068	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1356 wrote to memory of 2068	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1356 wrote to memory of 3432	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1356 wrote to memory of 3432	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1356 wrote to memory of 2604	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1356 wrote to memory of 2604	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1356 wrote to memory of 1540	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1356 wrote to memory of 1540	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1356 wrote to memory of 4688	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1356 wrote to memory of 4688	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1356 wrote to memory of 4632	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1356 wrote to memory of 4632	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1356 wrote to memory of 2872	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1356 wrote to memory of 2872	1356	2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe	114

C:\Users\Admin\AppData\Local\Temp\2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25_630db713ef477173c430867af2387270_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1356
- C:\Windows\System\jtazOvJ.exe
  C:\Windows\System\jtazOvJ.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\WmjDJXj.exe
  C:\Windows\System\WmjDJXj.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\KGBvBva.exe
  C:\Windows\System\KGBvBva.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System\zEmenjp.exe
  C:\Windows\System\zEmenjp.exe
  2⤵
  - Executes dropped EXE
  PID:3376
- C:\Windows\System\qSFtnWh.exe
  C:\Windows\System\qSFtnWh.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\pZBlWtq.exe
  C:\Windows\System\pZBlWtq.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\DNsfVEs.exe
  C:\Windows\System\DNsfVEs.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\wBniffd.exe
  C:\Windows\System\wBniffd.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\XrVvtIZ.exe
  C:\Windows\System\XrVvtIZ.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\WFsbxev.exe
  C:\Windows\System\WFsbxev.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\KmCeXcg.exe
  C:\Windows\System\KmCeXcg.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\bTJMklJ.exe
  C:\Windows\System\bTJMklJ.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\Gmusskw.exe
  C:\Windows\System\Gmusskw.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\QtHmeij.exe
  C:\Windows\System\QtHmeij.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\JQXWzxh.exe
  C:\Windows\System\JQXWzxh.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\WcTyIvT.exe
  C:\Windows\System\WcTyIvT.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\HNrgfKR.exe
  C:\Windows\System\HNrgfKR.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\BpMtetf.exe
  C:\Windows\System\BpMtetf.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\EjYiKDp.exe
  C:\Windows\System\EjYiKDp.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System\XxLdiUs.exe
  C:\Windows\System\XxLdiUs.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\JnYcGYs.exe
  C:\Windows\System\JnYcGYs.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\VzwwxJL.exe
  C:\Windows\System\VzwwxJL.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\EMgKRFj.exe
  C:\Windows\System\EMgKRFj.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\HicYbdD.exe
  C:\Windows\System\HicYbdD.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\PeHZTww.exe
  C:\Windows\System\PeHZTww.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\RFcFpKk.exe
  C:\Windows\System\RFcFpKk.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\DVkgcyj.exe
  C:\Windows\System\DVkgcyj.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\HUmRDRn.exe
  C:\Windows\System\HUmRDRn.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\UzugCix.exe
  C:\Windows\System\UzugCix.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\yQTxpzc.exe
  C:\Windows\System\yQTxpzc.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\ybywdyY.exe
  C:\Windows\System\ybywdyY.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\SjKUzIo.exe
  C:\Windows\System\SjKUzIo.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\dnFjeUU.exe
  C:\Windows\System\dnFjeUU.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\VHXdTuj.exe
  C:\Windows\System\VHXdTuj.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\KhDmGRw.exe
  C:\Windows\System\KhDmGRw.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\nvoJGGZ.exe
  C:\Windows\System\nvoJGGZ.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\qfOqlAu.exe
  C:\Windows\System\qfOqlAu.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\JeDMORa.exe
  C:\Windows\System\JeDMORa.exe
  2⤵
  - Executes dropped EXE
  PID:3820
- C:\Windows\System\iNiQOnc.exe
  C:\Windows\System\iNiQOnc.exe
  2⤵
  - Executes dropped EXE
  PID:3576
- C:\Windows\System\gWTCJwC.exe
  C:\Windows\System\gWTCJwC.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\ZjEWfcL.exe
  C:\Windows\System\ZjEWfcL.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\PaQLqhQ.exe
  C:\Windows\System\PaQLqhQ.exe
  2⤵
  - Executes dropped EXE
  PID:3808
- C:\Windows\System\sxVuvzt.exe
  C:\Windows\System\sxVuvzt.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\nCWMtVi.exe
  C:\Windows\System\nCWMtVi.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\YTMkNZo.exe
  C:\Windows\System\YTMkNZo.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System\eVyTWVg.exe
  C:\Windows\System\eVyTWVg.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System\rFjIViq.exe
  C:\Windows\System\rFjIViq.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\eyQYViq.exe
  C:\Windows\System\eyQYViq.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\InSxFnm.exe
  C:\Windows\System\InSxFnm.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\GDXhjEs.exe
  C:\Windows\System\GDXhjEs.exe
  2⤵
  - Executes dropped EXE
  PID:3080
- C:\Windows\System\jboMfih.exe
  C:\Windows\System\jboMfih.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\qXuRYVP.exe
  C:\Windows\System\qXuRYVP.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System\tYczISP.exe
  C:\Windows\System\tYczISP.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System\vyqDFVp.exe
  C:\Windows\System\vyqDFVp.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\wvRTDxA.exe
  C:\Windows\System\wvRTDxA.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\lPmibuk.exe
  C:\Windows\System\lPmibuk.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System\kmDbcfc.exe
  C:\Windows\System\kmDbcfc.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\eVGJZsK.exe
  C:\Windows\System\eVGJZsK.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\JYNkHwc.exe
  C:\Windows\System\JYNkHwc.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\THnRrYD.exe
  C:\Windows\System\THnRrYD.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\ZEymqfZ.exe
  C:\Windows\System\ZEymqfZ.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\ROdrfjZ.exe
  C:\Windows\System\ROdrfjZ.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\emnLNcn.exe
  C:\Windows\System\emnLNcn.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\FifjBqN.exe
  C:\Windows\System\FifjBqN.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\xkdFUiP.exe
  C:\Windows\System\xkdFUiP.exe
  2⤵
  PID:3168
- C:\Windows\System\GmdoQSm.exe
  C:\Windows\System\GmdoQSm.exe
  2⤵
  PID:4080
- C:\Windows\System\AemGmZo.exe
  C:\Windows\System\AemGmZo.exe
  2⤵
  PID:1384
- C:\Windows\System\pPzJzMJ.exe
  C:\Windows\System\pPzJzMJ.exe
  2⤵
  PID:4832
- C:\Windows\System\DRGuEqn.exe
  C:\Windows\System\DRGuEqn.exe
  2⤵
  PID:1636
- C:\Windows\System\HcOpprb.exe
  C:\Windows\System\HcOpprb.exe
  2⤵
  PID:1848
- C:\Windows\System\lRhyQgM.exe
  C:\Windows\System\lRhyQgM.exe
  2⤵
  PID:1324
- C:\Windows\System\bTllAES.exe
  C:\Windows\System\bTllAES.exe
  2⤵
  PID:4540
- C:\Windows\System\jYWRhov.exe
  C:\Windows\System\jYWRhov.exe
  2⤵
  PID:3036
- C:\Windows\System\seCFayc.exe
  C:\Windows\System\seCFayc.exe
  2⤵
  PID:4980
- C:\Windows\System\jGkpAtW.exe
  C:\Windows\System\jGkpAtW.exe
  2⤵
  PID:1580
- C:\Windows\System\EjSanef.exe
  C:\Windows\System\EjSanef.exe
  2⤵
  PID:4548
- C:\Windows\System\FFQRpbd.exe
  C:\Windows\System\FFQRpbd.exe
  2⤵
  PID:2120
- C:\Windows\System\KGwbyAH.exe
  C:\Windows\System\KGwbyAH.exe
  2⤵
  PID:4376
- C:\Windows\System\AIDenES.exe
  C:\Windows\System\AIDenES.exe
  2⤵
  PID:1876
- C:\Windows\System\MQTXqCc.exe
  C:\Windows\System\MQTXqCc.exe
  2⤵
  PID:4888
- C:\Windows\System\wIoWvgO.exe
  C:\Windows\System\wIoWvgO.exe
  2⤵
  PID:4152
- C:\Windows\System\oskDQyA.exe
  C:\Windows\System\oskDQyA.exe
  2⤵
  PID:4552
- C:\Windows\System\qkkhcYk.exe
  C:\Windows\System\qkkhcYk.exe
  2⤵
  PID:4300
- C:\Windows\System\leIxmWx.exe
  C:\Windows\System\leIxmWx.exe
  2⤵
  PID:2968
- C:\Windows\System\gRWfKpo.exe
  C:\Windows\System\gRWfKpo.exe
  2⤵
  PID:668
- C:\Windows\System\FXCTMVf.exe
  C:\Windows\System\FXCTMVf.exe
  2⤵
  PID:3524
- C:\Windows\System\uawkIly.exe
  C:\Windows\System\uawkIly.exe
  2⤵
  PID:1640
- C:\Windows\System\VfwRDcq.exe
  C:\Windows\System\VfwRDcq.exe
  2⤵
  PID:3912
- C:\Windows\System\GhzPTER.exe
  C:\Windows\System\GhzPTER.exe
  2⤵
  PID:1988
- C:\Windows\System\jStRPZl.exe
  C:\Windows\System\jStRPZl.exe
  2⤵
  PID:2816
- C:\Windows\System\VONWCrj.exe
  C:\Windows\System\VONWCrj.exe
  2⤵
  PID:2912
- C:\Windows\System\AalDOuE.exe
  C:\Windows\System\AalDOuE.exe
  2⤵
  PID:1496
- C:\Windows\System\elKrCPJ.exe
  C:\Windows\System\elKrCPJ.exe
  2⤵
  PID:1688
- C:\Windows\System\gKTfdtn.exe
  C:\Windows\System\gKTfdtn.exe
  2⤵
  PID:1064
- C:\Windows\System\LxEnblj.exe
  C:\Windows\System\LxEnblj.exe
  2⤵
  PID:4700
- C:\Windows\System\picNgML.exe
  C:\Windows\System\picNgML.exe
  2⤵
  PID:4836
- C:\Windows\System\qdRGjHg.exe
  C:\Windows\System\qdRGjHg.exe
  2⤵
  PID:4068
- C:\Windows\System\hzEDyLC.exe
  C:\Windows\System\hzEDyLC.exe
  2⤵
  PID:2860
- C:\Windows\System\AZWjctp.exe
  C:\Windows\System\AZWjctp.exe
  2⤵
  PID:1012
- C:\Windows\System\cWzQlTP.exe
  C:\Windows\System\cWzQlTP.exe
  2⤵
  PID:392
- C:\Windows\System\kNPaNDJ.exe
  C:\Windows\System\kNPaNDJ.exe
  2⤵
  PID:3936
- C:\Windows\System\dZdURHl.exe
  C:\Windows\System\dZdURHl.exe
  2⤵
  PID:4464
- C:\Windows\System\FUSkPlI.exe
  C:\Windows\System\FUSkPlI.exe
  2⤵
  PID:2836
- C:\Windows\System\bIKDHvp.exe
  C:\Windows\System\bIKDHvp.exe
  2⤵
  PID:444
- C:\Windows\System\WNEeVfB.exe
  C:\Windows\System\WNEeVfB.exe
  2⤵
  PID:3528
- C:\Windows\System\XuaoGRP.exe
  C:\Windows\System\XuaoGRP.exe
  2⤵
  PID:3584
- C:\Windows\System\jknAWgH.exe
  C:\Windows\System\jknAWgH.exe
  2⤵
  PID:912
- C:\Windows\System\hAFpelc.exe
  C:\Windows\System\hAFpelc.exe
  2⤵
  PID:3024
- C:\Windows\System\HSIuvCA.exe
  C:\Windows\System\HSIuvCA.exe
  2⤵
  PID:3132
- C:\Windows\System\VXSbJNV.exe
  C:\Windows\System\VXSbJNV.exe
  2⤵
  PID:3672
- C:\Windows\System\UaBEoJG.exe
  C:\Windows\System\UaBEoJG.exe
  2⤵
  PID:1292
- C:\Windows\System\ARlEDRl.exe
  C:\Windows\System\ARlEDRl.exe
  2⤵
  PID:4404
- C:\Windows\System\LesPuKN.exe
  C:\Windows\System\LesPuKN.exe
  2⤵
  PID:1132
- C:\Windows\System\ZOJISLJ.exe
  C:\Windows\System\ZOJISLJ.exe
  2⤵
  PID:5144
- C:\Windows\System\iUDouZy.exe
  C:\Windows\System\iUDouZy.exe
  2⤵
  PID:5168
- C:\Windows\System\HkhtpXO.exe
  C:\Windows\System\HkhtpXO.exe
  2⤵
  PID:5200
- C:\Windows\System\FYaIDmw.exe
  C:\Windows\System\FYaIDmw.exe
  2⤵
  PID:5224
- C:\Windows\System\eNtOjqP.exe
  C:\Windows\System\eNtOjqP.exe
  2⤵
  PID:5252
- C:\Windows\System\XrssIAj.exe
  C:\Windows\System\XrssIAj.exe
  2⤵
  PID:5280
- C:\Windows\System\rMoEEDi.exe
  C:\Windows\System\rMoEEDi.exe
  2⤵
  PID:5308
- C:\Windows\System\NWuTWaS.exe
  C:\Windows\System\NWuTWaS.exe
  2⤵
  PID:5340
- C:\Windows\System\WxUEaSw.exe
  C:\Windows\System\WxUEaSw.exe
  2⤵
  PID:5364
- C:\Windows\System\wHWZDcm.exe
  C:\Windows\System\wHWZDcm.exe
  2⤵
  PID:5396
- C:\Windows\System\ITpBsAg.exe
  C:\Windows\System\ITpBsAg.exe
  2⤵
  PID:5424
- C:\Windows\System\GDwqfes.exe
  C:\Windows\System\GDwqfes.exe
  2⤵
  PID:5444
- C:\Windows\System\PmATxsN.exe
  C:\Windows\System\PmATxsN.exe
  2⤵
  PID:5468
- C:\Windows\System\aXOZPTB.exe
  C:\Windows\System\aXOZPTB.exe
  2⤵
  PID:5508
- C:\Windows\System\GztQhGG.exe
  C:\Windows\System\GztQhGG.exe
  2⤵
  PID:5540
- C:\Windows\System\VxHQhSr.exe
  C:\Windows\System\VxHQhSr.exe
  2⤵
  PID:5564
- C:\Windows\System\KmEzQNs.exe
  C:\Windows\System\KmEzQNs.exe
  2⤵
  PID:5596
- C:\Windows\System\Razcstw.exe
  C:\Windows\System\Razcstw.exe
  2⤵
  PID:5624
- C:\Windows\System\kEPVyhq.exe
  C:\Windows\System\kEPVyhq.exe
  2⤵
  PID:5652
- C:\Windows\System\jNkubBo.exe
  C:\Windows\System\jNkubBo.exe
  2⤵
  PID:5680
- C:\Windows\System\eaMYsZR.exe
  C:\Windows\System\eaMYsZR.exe
  2⤵
  PID:5708
- C:\Windows\System\SpIwPIN.exe
  C:\Windows\System\SpIwPIN.exe
  2⤵
  PID:5736
- C:\Windows\System\qtDyKZh.exe
  C:\Windows\System\qtDyKZh.exe
  2⤵
  PID:5764
- C:\Windows\System\sfxPFFu.exe
  C:\Windows\System\sfxPFFu.exe
  2⤵
  PID:5792
- C:\Windows\System\JgNwNNs.exe
  C:\Windows\System\JgNwNNs.exe
  2⤵
  PID:5820
- C:\Windows\System\gnXqOil.exe
  C:\Windows\System\gnXqOil.exe
  2⤵
  PID:5848
- C:\Windows\System\ybhkmod.exe
  C:\Windows\System\ybhkmod.exe
  2⤵
  PID:5880
- C:\Windows\System\YSOoPyd.exe
  C:\Windows\System\YSOoPyd.exe
  2⤵
  PID:5904
- C:\Windows\System\OFHBCeE.exe
  C:\Windows\System\OFHBCeE.exe
  2⤵
  PID:5932
- C:\Windows\System\AYOeVUp.exe
  C:\Windows\System\AYOeVUp.exe
  2⤵
  PID:5952
- C:\Windows\System\kFxyOxZ.exe
  C:\Windows\System\kFxyOxZ.exe
  2⤵
  PID:5980
- C:\Windows\System\eOHcQPD.exe
  C:\Windows\System\eOHcQPD.exe
  2⤵
  PID:6016
- C:\Windows\System\WchMcmB.exe
  C:\Windows\System\WchMcmB.exe
  2⤵
  PID:6044
- C:\Windows\System\ptupQBQ.exe
  C:\Windows\System\ptupQBQ.exe
  2⤵
  PID:6072
- C:\Windows\System\hfICnBS.exe
  C:\Windows\System\hfICnBS.exe
  2⤵
  PID:6100
- C:\Windows\System\GfpXjlP.exe
  C:\Windows\System\GfpXjlP.exe
  2⤵
  PID:6128
- C:\Windows\System\GiiZabz.exe
  C:\Windows\System\GiiZabz.exe
  2⤵
  PID:5152
- C:\Windows\System\aMaHDKO.exe
  C:\Windows\System\aMaHDKO.exe
  2⤵
  PID:5216
- C:\Windows\System\PwQLQfU.exe
  C:\Windows\System\PwQLQfU.exe
  2⤵
  PID:5288
- C:\Windows\System\jipVfln.exe
  C:\Windows\System\jipVfln.exe
  2⤵
  PID:5348
- C:\Windows\System\xFbfWvg.exe
  C:\Windows\System\xFbfWvg.exe
  2⤵
  PID:5408
- C:\Windows\System\igSagjP.exe
  C:\Windows\System\igSagjP.exe
  2⤵
  PID:5476
- C:\Windows\System\qwHeJpt.exe
  C:\Windows\System\qwHeJpt.exe
  2⤵
  PID:5536
- C:\Windows\System\TVqXQLT.exe
  C:\Windows\System\TVqXQLT.exe
  2⤵
  PID:5608
- C:\Windows\System\zUkEZkD.exe
  C:\Windows\System\zUkEZkD.exe
  2⤵
  PID:5672
- C:\Windows\System\OeESgMo.exe
  C:\Windows\System\OeESgMo.exe
  2⤵
  PID:5744
- C:\Windows\System\oRjxvYm.exe
  C:\Windows\System\oRjxvYm.exe
  2⤵
  PID:5812
- C:\Windows\System\VmNVxDi.exe
  C:\Windows\System\VmNVxDi.exe
  2⤵
  PID:5868
- C:\Windows\System\oMhngPP.exe
  C:\Windows\System\oMhngPP.exe
  2⤵
  PID:5944
- C:\Windows\System\ludVzXx.exe
  C:\Windows\System\ludVzXx.exe
  2⤵
  PID:6000
- C:\Windows\System\afITkGW.exe
  C:\Windows\System\afITkGW.exe
  2⤵
  PID:6064
- C:\Windows\System\WoJtfik.exe
  C:\Windows\System\WoJtfik.exe
  2⤵
  PID:6120
- C:\Windows\System\PbAjsqt.exe
  C:\Windows\System\PbAjsqt.exe
  2⤵
  PID:5236
- C:\Windows\System\OphVztt.exe
  C:\Windows\System\OphVztt.exe
  2⤵
  PID:3844
- C:\Windows\System\GjHROOY.exe
  C:\Windows\System\GjHROOY.exe
  2⤵
  PID:5484
- C:\Windows\System\xivLTPk.exe
  C:\Windows\System\xivLTPk.exe
  2⤵
  PID:5700
- C:\Windows\System\juVurMQ.exe
  C:\Windows\System\juVurMQ.exe
  2⤵
  PID:5856
- C:\Windows\System\iUCYsVM.exe
  C:\Windows\System\iUCYsVM.exe
  2⤵
  PID:6052
- C:\Windows\System\YVkJTqi.exe
  C:\Windows\System\YVkJTqi.exe
  2⤵
  PID:5192
- C:\Windows\System\ODIqtCz.exe
  C:\Windows\System\ODIqtCz.exe
  2⤵
  PID:5572
- C:\Windows\System\uotvvDR.exe
  C:\Windows\System\uotvvDR.exe
  2⤵
  PID:6024
- C:\Windows\System\DBpkvei.exe
  C:\Windows\System\DBpkvei.exe
  2⤵
  PID:5772
- C:\Windows\System\bhTOKjP.exe
  C:\Windows\System\bhTOKjP.exe
  2⤵
  PID:5316
- C:\Windows\System\sotxOxh.exe
  C:\Windows\System\sotxOxh.exe
  2⤵
  PID:5300
- C:\Windows\System\jbteaZA.exe
  C:\Windows\System\jbteaZA.exe
  2⤵
  PID:6172
- C:\Windows\System\EHPGrry.exe
  C:\Windows\System\EHPGrry.exe
  2⤵
  PID:6204
- C:\Windows\System\eIyWlvx.exe
  C:\Windows\System\eIyWlvx.exe
  2⤵
  PID:6232
- C:\Windows\System\ZNNDTSo.exe
  C:\Windows\System\ZNNDTSo.exe
  2⤵
  PID:6264
- C:\Windows\System\KwLdYhZ.exe
  C:\Windows\System\KwLdYhZ.exe
  2⤵
  PID:6292
- C:\Windows\System\LuBdkjz.exe
  C:\Windows\System\LuBdkjz.exe
  2⤵
  PID:6316
- C:\Windows\System\BzeovfH.exe
  C:\Windows\System\BzeovfH.exe
  2⤵
  PID:6344
- C:\Windows\System\ixXIMWo.exe
  C:\Windows\System\ixXIMWo.exe
  2⤵
  PID:6372
- C:\Windows\System\tOiGsUZ.exe
  C:\Windows\System\tOiGsUZ.exe
  2⤵
  PID:6400
- C:\Windows\System\zboUtvK.exe
  C:\Windows\System\zboUtvK.exe
  2⤵
  PID:6428
- C:\Windows\System\viixxhF.exe
  C:\Windows\System\viixxhF.exe
  2⤵
  PID:6460
- C:\Windows\System\gvavtkm.exe
  C:\Windows\System\gvavtkm.exe
  2⤵
  PID:6484
- C:\Windows\System\IwJbbOd.exe
  C:\Windows\System\IwJbbOd.exe
  2⤵
  PID:6516
- C:\Windows\System\bgwcgTs.exe
  C:\Windows\System\bgwcgTs.exe
  2⤵
  PID:6544
- C:\Windows\System\Kdcqmde.exe
  C:\Windows\System\Kdcqmde.exe
  2⤵
  PID:6576
- C:\Windows\System\yuLbSbe.exe
  C:\Windows\System\yuLbSbe.exe
  2⤵
  PID:6604
- C:\Windows\System\FALIOrQ.exe
  C:\Windows\System\FALIOrQ.exe
  2⤵
  PID:6628
- C:\Windows\System\KcRnNVT.exe
  C:\Windows\System\KcRnNVT.exe
  2⤵
  PID:6656
- C:\Windows\System\ZZSoVwD.exe
  C:\Windows\System\ZZSoVwD.exe
  2⤵
  PID:6684
- C:\Windows\System\TPGEozU.exe
  C:\Windows\System\TPGEozU.exe
  2⤵
  PID:6716
- C:\Windows\System\GjZsKVT.exe
  C:\Windows\System\GjZsKVT.exe
  2⤵
  PID:6744
- C:\Windows\System\LkCPZqa.exe
  C:\Windows\System\LkCPZqa.exe
  2⤵
  PID:6772
- C:\Windows\System\JNSKutm.exe
  C:\Windows\System\JNSKutm.exe
  2⤵
  PID:6804
- C:\Windows\System\rybNIIZ.exe
  C:\Windows\System\rybNIIZ.exe
  2⤵
  PID:6832
- C:\Windows\System\HIoitki.exe
  C:\Windows\System\HIoitki.exe
  2⤵
  PID:6856
- C:\Windows\System\RCGKCSs.exe
  C:\Windows\System\RCGKCSs.exe
  2⤵
  PID:6896
- C:\Windows\System\zVfKloQ.exe
  C:\Windows\System\zVfKloQ.exe
  2⤵
  PID:6924
- C:\Windows\System\iHQNuLH.exe
  C:\Windows\System\iHQNuLH.exe
  2⤵
  PID:6952
- C:\Windows\System\oEJDGbF.exe
  C:\Windows\System\oEJDGbF.exe
  2⤵
  PID:6980
- C:\Windows\System\aTnKUdj.exe
  C:\Windows\System\aTnKUdj.exe
  2⤵
  PID:7012
- C:\Windows\System\JQfrcfs.exe
  C:\Windows\System\JQfrcfs.exe
  2⤵
  PID:7044
- C:\Windows\System\JEVyEUt.exe
  C:\Windows\System\JEVyEUt.exe
  2⤵
  PID:7068
- C:\Windows\System\QuPLVaI.exe
  C:\Windows\System\QuPLVaI.exe
  2⤵
  PID:7100
- C:\Windows\System\eczUiNw.exe
  C:\Windows\System\eczUiNw.exe
  2⤵
  PID:7124
- C:\Windows\System\yHmeHtr.exe
  C:\Windows\System\yHmeHtr.exe
  2⤵
  PID:7152
- C:\Windows\System\bHglyEE.exe
  C:\Windows\System\bHglyEE.exe
  2⤵
  PID:6164
- C:\Windows\System\ZYJYvmf.exe
  C:\Windows\System\ZYJYvmf.exe
  2⤵
  PID:6244
- C:\Windows\System\rEOSZYK.exe
  C:\Windows\System\rEOSZYK.exe
  2⤵
  PID:6300
- C:\Windows\System\BXJAwVo.exe
  C:\Windows\System\BXJAwVo.exe
  2⤵
  PID:6364
- C:\Windows\System\GjVQSQO.exe
  C:\Windows\System\GjVQSQO.exe
  2⤵
  PID:6440
- C:\Windows\System\OohjDoG.exe
  C:\Windows\System\OohjDoG.exe
  2⤵
  PID:6496
- C:\Windows\System\OCQMNKh.exe
  C:\Windows\System\OCQMNKh.exe
  2⤵
  PID:6564
- C:\Windows\System\KgrUUJD.exe
  C:\Windows\System\KgrUUJD.exe
  2⤵
  PID:6612
- C:\Windows\System\JZChnHQ.exe
  C:\Windows\System\JZChnHQ.exe
  2⤵
  PID:6676
- C:\Windows\System\QsNqBUD.exe
  C:\Windows\System\QsNqBUD.exe
  2⤵
  PID:6752
- C:\Windows\System\edkdqFt.exe
  C:\Windows\System\edkdqFt.exe
  2⤵
  PID:6228
- C:\Windows\System\GyufTTX.exe
  C:\Windows\System\GyufTTX.exe
  2⤵
  PID:6876
- C:\Windows\System\xmWUOdQ.exe
  C:\Windows\System\xmWUOdQ.exe
  2⤵
  PID:6960
- C:\Windows\System\LDPWOrr.exe
  C:\Windows\System\LDPWOrr.exe
  2⤵
  PID:7040
- C:\Windows\System\aURBkwj.exe
  C:\Windows\System\aURBkwj.exe
  2⤵
  PID:7164
- C:\Windows\System\OrMvbRW.exe
  C:\Windows\System\OrMvbRW.exe
  2⤵
  PID:6260
- C:\Windows\System\UgHOvox.exe
  C:\Windows\System\UgHOvox.exe
  2⤵
  PID:6412
- C:\Windows\System\PEfjfaS.exe
  C:\Windows\System\PEfjfaS.exe
  2⤵
  PID:6780
- C:\Windows\System\JtiOvpf.exe
  C:\Windows\System\JtiOvpf.exe
  2⤵
  PID:4720
- C:\Windows\System\UfsljbF.exe
  C:\Windows\System\UfsljbF.exe
  2⤵
  PID:6764
- C:\Windows\System\FXxHckM.exe
  C:\Windows\System\FXxHckM.exe
  2⤵
  PID:2128
- C:\Windows\System\mQNXfhE.exe
  C:\Windows\System\mQNXfhE.exe
  2⤵
  PID:7196
- C:\Windows\System\YFBDzMI.exe
  C:\Windows\System\YFBDzMI.exe
  2⤵
  PID:7224
- C:\Windows\System\xZtJswZ.exe
  C:\Windows\System\xZtJswZ.exe
  2⤵
  PID:7252
- C:\Windows\System\QlRIOBM.exe
  C:\Windows\System\QlRIOBM.exe
  2⤵
  PID:7272
- C:\Windows\System\FUeDsOT.exe
  C:\Windows\System\FUeDsOT.exe
  2⤵
  PID:7300
- C:\Windows\System\cMAMBko.exe
  C:\Windows\System\cMAMBko.exe
  2⤵
  PID:7336
- C:\Windows\System\ZulqixE.exe
  C:\Windows\System\ZulqixE.exe
  2⤵
  PID:7364
- C:\Windows\System\qdELCCZ.exe
  C:\Windows\System\qdELCCZ.exe
  2⤵
  PID:7392
- C:\Windows\System\FlsCkKz.exe
  C:\Windows\System\FlsCkKz.exe
  2⤵
  PID:7420
- C:\Windows\System\tinyxxp.exe
  C:\Windows\System\tinyxxp.exe
  2⤵
  PID:7448
- C:\Windows\System\evhSgPV.exe
  C:\Windows\System\evhSgPV.exe
  2⤵
  PID:7476
- C:\Windows\System\VshRhly.exe
  C:\Windows\System\VshRhly.exe
  2⤵
  PID:7504
- C:\Windows\System\sSTbacQ.exe
  C:\Windows\System\sSTbacQ.exe
  2⤵
  PID:7532
- C:\Windows\System\lMRKMQH.exe
  C:\Windows\System\lMRKMQH.exe
  2⤵
  PID:7564
- C:\Windows\System\qqtJrrn.exe
  C:\Windows\System\qqtJrrn.exe
  2⤵
  PID:7596
- C:\Windows\System\CfvUFXf.exe
  C:\Windows\System\CfvUFXf.exe
  2⤵
  PID:7624
- C:\Windows\System\QchNHIw.exe
  C:\Windows\System\QchNHIw.exe
  2⤵
  PID:7652
- C:\Windows\System\JZDRwCS.exe
  C:\Windows\System\JZDRwCS.exe
  2⤵
  PID:7680
- C:\Windows\System\zbqKVgc.exe
  C:\Windows\System\zbqKVgc.exe
  2⤵
  PID:7708
- C:\Windows\System\hYVGZwy.exe
  C:\Windows\System\hYVGZwy.exe
  2⤵
  PID:7736
- C:\Windows\System\FCRLUNl.exe
  C:\Windows\System\FCRLUNl.exe
  2⤵
  PID:7768
- C:\Windows\System\Snkclof.exe
  C:\Windows\System\Snkclof.exe
  2⤵
  PID:7796
- C:\Windows\System\uwkLtgg.exe
  C:\Windows\System\uwkLtgg.exe
  2⤵
  PID:7824
- C:\Windows\System\xCSLvdP.exe
  C:\Windows\System\xCSLvdP.exe
  2⤵
  PID:7848
- C:\Windows\System\sYTEVHX.exe
  C:\Windows\System\sYTEVHX.exe
  2⤵
  PID:7880
- C:\Windows\System\DqXliYA.exe
  C:\Windows\System\DqXliYA.exe
  2⤵
  PID:7912
- C:\Windows\System\MZzYjUi.exe
  C:\Windows\System\MZzYjUi.exe
  2⤵
  PID:7940
- C:\Windows\System\mBpIqVi.exe
  C:\Windows\System\mBpIqVi.exe
  2⤵
  PID:7968
- C:\Windows\System\RUpkhKe.exe
  C:\Windows\System\RUpkhKe.exe
  2⤵
  PID:7996
- C:\Windows\System\bmiuDNs.exe
  C:\Windows\System\bmiuDNs.exe
  2⤵
  PID:8024
- C:\Windows\System\XZprwcv.exe
  C:\Windows\System\XZprwcv.exe
  2⤵
  PID:8052
- C:\Windows\System\QokQnTF.exe
  C:\Windows\System\QokQnTF.exe
  2⤵
  PID:8080
- C:\Windows\System\AoMuvJj.exe
  C:\Windows\System\AoMuvJj.exe
  2⤵
  PID:8108
- C:\Windows\System\tVBvoyw.exe
  C:\Windows\System\tVBvoyw.exe
  2⤵
  PID:8140
- C:\Windows\System\NvDZPlL.exe
  C:\Windows\System\NvDZPlL.exe
  2⤵
  PID:8168
- C:\Windows\System\AhjMYAQ.exe
  C:\Windows\System\AhjMYAQ.exe
  2⤵
  PID:7176
- C:\Windows\System\HRJtJYX.exe
  C:\Windows\System\HRJtJYX.exe
  2⤵
  PID:7232
- C:\Windows\System\VZHmCfv.exe
  C:\Windows\System\VZHmCfv.exe
  2⤵
  PID:7268
- C:\Windows\System\NDmzMVm.exe
  C:\Windows\System\NDmzMVm.exe
  2⤵
  PID:7320
- C:\Windows\System\LsygYdY.exe
  C:\Windows\System\LsygYdY.exe
  2⤵
  PID:7404
- C:\Windows\System\OklfUgq.exe
  C:\Windows\System\OklfUgq.exe
  2⤵
  PID:7464
- C:\Windows\System\gsaWZLe.exe
  C:\Windows\System\gsaWZLe.exe
  2⤵
  PID:7516
- C:\Windows\System\dCDnSaG.exe
  C:\Windows\System\dCDnSaG.exe
  2⤵
  PID:7584
- C:\Windows\System\ZcUaXHc.exe
  C:\Windows\System\ZcUaXHc.exe
  2⤵
  PID:7660
- C:\Windows\System\uhvLoCo.exe
  C:\Windows\System\uhvLoCo.exe
  2⤵
  PID:7720
- C:\Windows\System\KEZdXLH.exe
  C:\Windows\System\KEZdXLH.exe
  2⤵
  PID:7784
- C:\Windows\System\GbXDwBv.exe
  C:\Windows\System\GbXDwBv.exe
  2⤵
  PID:7856
- C:\Windows\System\iiBShsd.exe
  C:\Windows\System\iiBShsd.exe
  2⤵
  PID:7924
- C:\Windows\System\HdsiFgH.exe
  C:\Windows\System\HdsiFgH.exe
  2⤵
  PID:7984
- C:\Windows\System\amzEfAx.exe
  C:\Windows\System\amzEfAx.exe
  2⤵
  PID:8060
- C:\Windows\System\zYeWeSi.exe
  C:\Windows\System\zYeWeSi.exe
  2⤵
  PID:8124
- C:\Windows\System\VjIiPpH.exe
  C:\Windows\System\VjIiPpH.exe
  2⤵
  PID:8176
- C:\Windows\System\rDQUQyk.exe
  C:\Windows\System\rDQUQyk.exe
  2⤵
  PID:7316
- C:\Windows\System\YUBQzqn.exe
  C:\Windows\System\YUBQzqn.exe
  2⤵
  PID:7436
- C:\Windows\System\wUaDBpu.exe
  C:\Windows\System\wUaDBpu.exe
  2⤵
  PID:7608
- C:\Windows\System\ydXjize.exe
  C:\Windows\System\ydXjize.exe
  2⤵
  PID:7692
- C:\Windows\System\OrNqTdt.exe
  C:\Windows\System\OrNqTdt.exe
  2⤵
  PID:7888
- C:\Windows\System\efGgztr.exe
  C:\Windows\System\efGgztr.exe
  2⤵
  PID:8068
- C:\Windows\System\fDHraJW.exe
  C:\Windows\System\fDHraJW.exe
  2⤵
  PID:8156
- C:\Windows\System\FBLxQhU.exe
  C:\Windows\System\FBLxQhU.exe
  2⤵
  PID:7372
- C:\Windows\System\IsMvtkX.exe
  C:\Windows\System\IsMvtkX.exe
  2⤵
  PID:6524
- C:\Windows\System\FZKHrrZ.exe
  C:\Windows\System\FZKHrrZ.exe
  2⤵
  PID:3516
- C:\Windows\System\KgynNgU.exe
  C:\Windows\System\KgynNgU.exe
  2⤵
  PID:7492
- C:\Windows\System\myBcNCl.exe
  C:\Windows\System\myBcNCl.exe
  2⤵
  PID:7208
- C:\Windows\System\hgFevzO.exe
  C:\Windows\System\hgFevzO.exe
  2⤵
  PID:4920
- C:\Windows\System\vzprHLC.exe
  C:\Windows\System\vzprHLC.exe
  2⤵
  PID:7832
- C:\Windows\System\koZyoPh.exe
  C:\Windows\System\koZyoPh.exe
  2⤵
  PID:8220
- C:\Windows\System\CkngAXB.exe
  C:\Windows\System\CkngAXB.exe
  2⤵
  PID:8244
- C:\Windows\System\ZHuDWhZ.exe
  C:\Windows\System\ZHuDWhZ.exe
  2⤵
  PID:8276
- C:\Windows\System\CZloTHR.exe
  C:\Windows\System\CZloTHR.exe
  2⤵
  PID:8300
- C:\Windows\System\fsQJVmj.exe
  C:\Windows\System\fsQJVmj.exe
  2⤵
  PID:8332
- C:\Windows\System\OJzZBAW.exe
  C:\Windows\System\OJzZBAW.exe
  2⤵
  PID:8352
- C:\Windows\System\PINIMWM.exe
  C:\Windows\System\PINIMWM.exe
  2⤵
  PID:8388
- C:\Windows\System\vnYslVG.exe
  C:\Windows\System\vnYslVG.exe
  2⤵
  PID:8416
- C:\Windows\System\buwHQRh.exe
  C:\Windows\System\buwHQRh.exe
  2⤵
  PID:8448
- C:\Windows\System\MXdtlyQ.exe
  C:\Windows\System\MXdtlyQ.exe
  2⤵
  PID:8476
- C:\Windows\System\HLGKnlQ.exe
  C:\Windows\System\HLGKnlQ.exe
  2⤵
  PID:8504
- C:\Windows\System\ttcjcRc.exe
  C:\Windows\System\ttcjcRc.exe
  2⤵
  PID:8532
- C:\Windows\System\nblFAFZ.exe
  C:\Windows\System\nblFAFZ.exe
  2⤵
  PID:8560
- C:\Windows\System\LEmJCqH.exe
  C:\Windows\System\LEmJCqH.exe
  2⤵
  PID:8588
- C:\Windows\System\noUigkT.exe
  C:\Windows\System\noUigkT.exe
  2⤵
  PID:8616
- C:\Windows\System\PrSkVXA.exe
  C:\Windows\System\PrSkVXA.exe
  2⤵
  PID:8652
- C:\Windows\System\JBcChHq.exe
  C:\Windows\System\JBcChHq.exe
  2⤵
  PID:8672
- C:\Windows\System\qytomcA.exe
  C:\Windows\System\qytomcA.exe
  2⤵
  PID:8708
- C:\Windows\System\NrPvpVn.exe
  C:\Windows\System\NrPvpVn.exe
  2⤵
  PID:8736
- C:\Windows\System\LdLHiWn.exe
  C:\Windows\System\LdLHiWn.exe
  2⤵
  PID:8764
- C:\Windows\System\KVMaKxR.exe
  C:\Windows\System\KVMaKxR.exe
  2⤵
  PID:8792
- C:\Windows\System\tZIGUUj.exe
  C:\Windows\System\tZIGUUj.exe
  2⤵
  PID:8816
- C:\Windows\System\CEUFTHd.exe
  C:\Windows\System\CEUFTHd.exe
  2⤵
  PID:8848
- C:\Windows\System\fuCMqXw.exe
  C:\Windows\System\fuCMqXw.exe
  2⤵
  PID:8880
- C:\Windows\System\wNTcWlA.exe
  C:\Windows\System\wNTcWlA.exe
  2⤵
  PID:8900
- C:\Windows\System\dRoCWdv.exe
  C:\Windows\System\dRoCWdv.exe
  2⤵
  PID:8932
- C:\Windows\System\RcUkOgq.exe
  C:\Windows\System\RcUkOgq.exe
  2⤵
  PID:8960
- C:\Windows\System\MnBFAtm.exe
  C:\Windows\System\MnBFAtm.exe
  2⤵
  PID:8988
- C:\Windows\System\FrtqneB.exe
  C:\Windows\System\FrtqneB.exe
  2⤵
  PID:9016
- C:\Windows\System\DdXWmgm.exe
  C:\Windows\System\DdXWmgm.exe
  2⤵
  PID:9044
- C:\Windows\System\QaoYDuP.exe
  C:\Windows\System\QaoYDuP.exe
  2⤵
  PID:9072
- C:\Windows\System\NCuXDsA.exe
  C:\Windows\System\NCuXDsA.exe
  2⤵
  PID:9100
- C:\Windows\System\YESDZXH.exe
  C:\Windows\System\YESDZXH.exe
  2⤵
  PID:9128
- C:\Windows\System\exrRfDv.exe
  C:\Windows\System\exrRfDv.exe
  2⤵
  PID:9152
- C:\Windows\System\sCMLdGl.exe
  C:\Windows\System\sCMLdGl.exe
  2⤵
  PID:9184
- C:\Windows\System\mXymgHn.exe
  C:\Windows\System\mXymgHn.exe
  2⤵
  PID:9212
- C:\Windows\System\sghUxdD.exe
  C:\Windows\System\sghUxdD.exe
  2⤵
  PID:8232
- C:\Windows\System\qwCSLcv.exe
  C:\Windows\System\qwCSLcv.exe
  2⤵
  PID:8292
- C:\Windows\System\PwICZSC.exe
  C:\Windows\System\PwICZSC.exe
  2⤵
  PID:8364
- C:\Windows\System\tBNdqFu.exe
  C:\Windows\System\tBNdqFu.exe
  2⤵
  PID:7296
- C:\Windows\System\FXXQxYs.exe
  C:\Windows\System\FXXQxYs.exe
  2⤵
  PID:8484
- C:\Windows\System\lCxNeMe.exe
  C:\Windows\System\lCxNeMe.exe
  2⤵
  PID:8544
- C:\Windows\System\AGvqpEW.exe
  C:\Windows\System\AGvqpEW.exe
  2⤵
  PID:8604
- C:\Windows\System\SrnMEPM.exe
  C:\Windows\System\SrnMEPM.exe
  2⤵
  PID:8692
- C:\Windows\System\PgRMfRl.exe
  C:\Windows\System\PgRMfRl.exe
  2⤵
  PID:8752
- C:\Windows\System\ERTtrZZ.exe
  C:\Windows\System\ERTtrZZ.exe
  2⤵
  PID:8832
- C:\Windows\System\ETIuFcn.exe
  C:\Windows\System\ETIuFcn.exe
  2⤵
  PID:8892
- C:\Windows\System\ivKCPVx.exe
  C:\Windows\System\ivKCPVx.exe
  2⤵
  PID:8968
- C:\Windows\System\uGANYIR.exe
  C:\Windows\System\uGANYIR.exe
  2⤵
  PID:9028
- C:\Windows\System\WOJJifV.exe
  C:\Windows\System\WOJJifV.exe
  2⤵
  PID:4528
- C:\Windows\System\fyGqTFO.exe
  C:\Windows\System\fyGqTFO.exe
  2⤵
  PID:9136
- C:\Windows\System\bOSLfVF.exe
  C:\Windows\System\bOSLfVF.exe
  2⤵
  PID:8204
- C:\Windows\System\FbeRAys.exe
  C:\Windows\System\FbeRAys.exe
  2⤵
  PID:8260
- C:\Windows\System\CkabrXe.exe
  C:\Windows\System\CkabrXe.exe
  2⤵
  PID:8456
- C:\Windows\System\sXUYVqi.exe
  C:\Windows\System\sXUYVqi.exe
  2⤵
  PID:8572
- C:\Windows\System\ykfBvlP.exe
  C:\Windows\System\ykfBvlP.exe
  2⤵
  PID:8776
- C:\Windows\System\CucbsLn.exe
  C:\Windows\System\CucbsLn.exe
  2⤵
  PID:8940
- C:\Windows\System\eHuzWNa.exe
  C:\Windows\System\eHuzWNa.exe
  2⤵
  PID:9108
- C:\Windows\System\jzgrGel.exe
  C:\Windows\System\jzgrGel.exe
  2⤵
  PID:8208
- C:\Windows\System\DopwGBX.exe
  C:\Windows\System\DopwGBX.exe
  2⤵
  PID:8512
- C:\Windows\System\IjgAdou.exe
  C:\Windows\System\IjgAdou.exe
  2⤵
  PID:8920
- C:\Windows\System\uhPMBFu.exe
  C:\Windows\System\uhPMBFu.exe
  2⤵
  PID:8252
- C:\Windows\System\HASDOHf.exe
  C:\Windows\System\HASDOHf.exe
  2⤵
  PID:9060
- C:\Windows\System\ICOaltD.exe
  C:\Windows\System\ICOaltD.exe
  2⤵
  PID:8636
- C:\Windows\System\RTHyTjJ.exe
  C:\Windows\System\RTHyTjJ.exe
  2⤵
  PID:9240
- C:\Windows\System\boVewUf.exe
  C:\Windows\System\boVewUf.exe
  2⤵
  PID:9268
- C:\Windows\System\iiUDKGY.exe
  C:\Windows\System\iiUDKGY.exe
  2⤵
  PID:9296
- C:\Windows\System\yGpoILc.exe
  C:\Windows\System\yGpoILc.exe
  2⤵
  PID:9324
- C:\Windows\System\AvshAyd.exe
  C:\Windows\System\AvshAyd.exe
  2⤵
  PID:9352
- C:\Windows\System\EszEpTj.exe
  C:\Windows\System\EszEpTj.exe
  2⤵
  PID:9376
- C:\Windows\System\IUGsJpv.exe
  C:\Windows\System\IUGsJpv.exe
  2⤵
  PID:9412
- C:\Windows\System\gcVEbUy.exe
  C:\Windows\System\gcVEbUy.exe
  2⤵
  PID:9440
- C:\Windows\System\rrQACEL.exe
  C:\Windows\System\rrQACEL.exe
  2⤵
  PID:9468
- C:\Windows\System\WgqOCTT.exe
  C:\Windows\System\WgqOCTT.exe
  2⤵
  PID:9496
- C:\Windows\System\tqHFLnE.exe
  C:\Windows\System\tqHFLnE.exe
  2⤵
  PID:9516
- C:\Windows\System\ymZYjQO.exe
  C:\Windows\System\ymZYjQO.exe
  2⤵
  PID:9556
- C:\Windows\System\AEuHwne.exe
  C:\Windows\System\AEuHwne.exe
  2⤵
  PID:9580
- C:\Windows\System\eNbCiVn.exe
  C:\Windows\System\eNbCiVn.exe
  2⤵
  PID:9600
- C:\Windows\System\FUAyHrz.exe
  C:\Windows\System\FUAyHrz.exe
  2⤵
  PID:9636
- C:\Windows\System\BrVCcoU.exe
  C:\Windows\System\BrVCcoU.exe
  2⤵
  PID:9664
- C:\Windows\System\hhFftAK.exe
  C:\Windows\System\hhFftAK.exe
  2⤵
  PID:9688
- C:\Windows\System\mGJQVTa.exe
  C:\Windows\System\mGJQVTa.exe
  2⤵
  PID:9712
- C:\Windows\System\ibszaOp.exe
  C:\Windows\System\ibszaOp.exe
  2⤵
  PID:9744
- C:\Windows\System\hvBeuyM.exe
  C:\Windows\System\hvBeuyM.exe
  2⤵
  PID:9776
- C:\Windows\System\NaBjYCY.exe
  C:\Windows\System\NaBjYCY.exe
  2⤵
  PID:9800
- C:\Windows\System\bXMOwUd.exe
  C:\Windows\System\bXMOwUd.exe
  2⤵
  PID:9828
- C:\Windows\System\MdphZaZ.exe
  C:\Windows\System\MdphZaZ.exe
  2⤵
  PID:9852
- C:\Windows\System\HTZmHYn.exe
  C:\Windows\System\HTZmHYn.exe
  2⤵
  PID:9888
- C:\Windows\System\hPWInnY.exe
  C:\Windows\System\hPWInnY.exe
  2⤵
  PID:9916
- C:\Windows\System\niUqMJq.exe
  C:\Windows\System\niUqMJq.exe
  2⤵
  PID:9944
- C:\Windows\System\SSdEgXq.exe
  C:\Windows\System\SSdEgXq.exe
  2⤵
  PID:9972
- C:\Windows\System\bDjUROd.exe
  C:\Windows\System\bDjUROd.exe
  2⤵
  PID:9992
- C:\Windows\System\nWOQrsH.exe
  C:\Windows\System\nWOQrsH.exe
  2⤵
  PID:10028
- C:\Windows\System\TdFVQBc.exe
  C:\Windows\System\TdFVQBc.exe
  2⤵
  PID:10052
- C:\Windows\System\NlNoEBK.exe
  C:\Windows\System\NlNoEBK.exe
  2⤵
  PID:10088
- C:\Windows\System\NYSdpZu.exe
  C:\Windows\System\NYSdpZu.exe
  2⤵
  PID:10108
- C:\Windows\System\VAoqjxU.exe
  C:\Windows\System\VAoqjxU.exe
  2⤵
  PID:10140
- C:\Windows\System\nSfkDyB.exe
  C:\Windows\System\nSfkDyB.exe
  2⤵
  PID:10172
- C:\Windows\System\jqSynyB.exe
  C:\Windows\System\jqSynyB.exe
  2⤵
  PID:10204
- C:\Windows\System\pfTGJDg.exe
  C:\Windows\System\pfTGJDg.exe
  2⤵
  PID:9220
- C:\Windows\System\DGRkfQS.exe
  C:\Windows\System\DGRkfQS.exe
  2⤵
  PID:3652
- C:\Windows\System\KHQhajO.exe
  C:\Windows\System\KHQhajO.exe
  2⤵
  PID:9256
- C:\Windows\System\okTgzjp.exe
  C:\Windows\System\okTgzjp.exe
  2⤵
  PID:9336
- C:\Windows\System\mAFWMmy.exe
  C:\Windows\System\mAFWMmy.exe
  2⤵
  PID:9420
- C:\Windows\System\DxhpckM.exe
  C:\Windows\System\DxhpckM.exe
  2⤵
  PID:9456
- C:\Windows\System\axaeaIL.exe
  C:\Windows\System\axaeaIL.exe
  2⤵
  PID:9528
- C:\Windows\System\cFKNhGk.exe
  C:\Windows\System\cFKNhGk.exe
  2⤵
  PID:9620
- C:\Windows\System\hVYrNBW.exe
  C:\Windows\System\hVYrNBW.exe
  2⤵
  PID:9648
- C:\Windows\System\rGsnnwt.exe
  C:\Windows\System\rGsnnwt.exe
  2⤵
  PID:9708
- C:\Windows\System\UbLvmDS.exe
  C:\Windows\System\UbLvmDS.exe
  2⤵
  PID:9784
- C:\Windows\System\kOcNjqt.exe
  C:\Windows\System\kOcNjqt.exe
  2⤵
  PID:9844
- C:\Windows\System\qZrTspy.exe
  C:\Windows\System\qZrTspy.exe
  2⤵
  PID:9904
- C:\Windows\System\bYQAZfd.exe
  C:\Windows\System\bYQAZfd.exe
  2⤵
  PID:9980
- C:\Windows\System\OaImirC.exe
  C:\Windows\System\OaImirC.exe
  2⤵
  PID:10012
- C:\Windows\System\dwyRuMc.exe
  C:\Windows\System\dwyRuMc.exe
  2⤵
  PID:10072
- C:\Windows\System\xQhHHhc.exe
  C:\Windows\System\xQhHHhc.exe
  2⤵
  PID:10148
- C:\Windows\System\CLEVVep.exe
  C:\Windows\System\CLEVVep.exe
  2⤵
  PID:10216
- C:\Windows\System\nxfSyAm.exe
  C:\Windows\System\nxfSyAm.exe
  2⤵
  PID:9252
- C:\Windows\System\qFEFQXG.exe
  C:\Windows\System\qFEFQXG.exe
  2⤵
  PID:9428
- C:\Windows\System\GZtERgA.exe
  C:\Windows\System\GZtERgA.exe
  2⤵
  PID:9512
- C:\Windows\System\iMQXRdR.exe
  C:\Windows\System\iMQXRdR.exe
  2⤵
  PID:2764
- C:\Windows\System\yuXWbcb.exe
  C:\Windows\System\yuXWbcb.exe
  2⤵
  PID:9760
- C:\Windows\System\PpbHkGI.exe
  C:\Windows\System\PpbHkGI.exe
  2⤵
  PID:9932
- C:\Windows\System\fBuFNpT.exe
  C:\Windows\System\fBuFNpT.exe
  2⤵
  PID:2644
- C:\Windows\System\tqTjWej.exe
  C:\Windows\System\tqTjWej.exe
  2⤵
  PID:10180
- C:\Windows\System\HbMVFpQ.exe
  C:\Windows\System\HbMVFpQ.exe
  2⤵
  PID:9368
- C:\Windows\System\xlDauGH.exe
  C:\Windows\System\xlDauGH.exe
  2⤵
  PID:804
- C:\Windows\System\eLDDtum.exe
  C:\Windows\System\eLDDtum.exe
  2⤵
  PID:9988
- C:\Windows\System\DQgLDBi.exe
  C:\Windows\System\DQgLDBi.exe
  2⤵
  PID:5040
- C:\Windows\System\QRrXBtl.exe
  C:\Windows\System\QRrXBtl.exe
  2⤵
  PID:9872
- C:\Windows\System\qjhnHEz.exe
  C:\Windows\System\qjhnHEz.exe
  2⤵
  PID:2432
- C:\Windows\System\jWIhJQz.exe
  C:\Windows\System\jWIhJQz.exe
  2⤵
  PID:10260
- C:\Windows\System\RcYcuFV.exe
  C:\Windows\System\RcYcuFV.exe
  2⤵
  PID:10288
- C:\Windows\System\zbvmTzF.exe
  C:\Windows\System\zbvmTzF.exe
  2⤵
  PID:10316
- C:\Windows\System\dhUacYC.exe
  C:\Windows\System\dhUacYC.exe
  2⤵
  PID:10344
- C:\Windows\System\kPPXaPB.exe
  C:\Windows\System\kPPXaPB.exe
  2⤵
  PID:10372
- C:\Windows\System\ocsFVwk.exe
  C:\Windows\System\ocsFVwk.exe
  2⤵
  PID:10400
- C:\Windows\System\IVwmFDm.exe
  C:\Windows\System\IVwmFDm.exe
  2⤵
  PID:10428
- C:\Windows\System\PifkPVk.exe
  C:\Windows\System\PifkPVk.exe
  2⤵
  PID:10456
- C:\Windows\System\JBENWQV.exe
  C:\Windows\System\JBENWQV.exe
  2⤵
  PID:10484
- C:\Windows\System\sHDQhrZ.exe
  C:\Windows\System\sHDQhrZ.exe
  2⤵
  PID:10524
- C:\Windows\System\CgbWWCs.exe
  C:\Windows\System\CgbWWCs.exe
  2⤵
  PID:10548
- C:\Windows\System\bCdMwZX.exe
  C:\Windows\System\bCdMwZX.exe
  2⤵
  PID:10568
- C:\Windows\System\qnmRAgD.exe
  C:\Windows\System\qnmRAgD.exe
  2⤵
  PID:10596
- C:\Windows\System\nEtUcOC.exe
  C:\Windows\System\nEtUcOC.exe
  2⤵
  PID:10624
- C:\Windows\System\aiaKeKi.exe
  C:\Windows\System\aiaKeKi.exe
  2⤵
  PID:10652
- C:\Windows\System\FTcsXMT.exe
  C:\Windows\System\FTcsXMT.exe
  2⤵
  PID:10680
- C:\Windows\System\lktamqJ.exe
  C:\Windows\System\lktamqJ.exe
  2⤵
  PID:10708
- C:\Windows\System\kFWGQOu.exe
  C:\Windows\System\kFWGQOu.exe
  2⤵
  PID:10736
- C:\Windows\System\bsjVTar.exe
  C:\Windows\System\bsjVTar.exe
  2⤵
  PID:10764
- C:\Windows\System\ecjaypU.exe
  C:\Windows\System\ecjaypU.exe
  2⤵
  PID:10792
- C:\Windows\System\mtmiKcU.exe
  C:\Windows\System\mtmiKcU.exe
  2⤵
  PID:10832
- C:\Windows\System\ZQDEFSD.exe
  C:\Windows\System\ZQDEFSD.exe
  2⤵
  PID:10848
- C:\Windows\System\KcJVXMo.exe
  C:\Windows\System\KcJVXMo.exe
  2⤵
  PID:10876
- C:\Windows\System\xcNYhTP.exe
  C:\Windows\System\xcNYhTP.exe
  2⤵
  PID:10904
- C:\Windows\System\nOILupY.exe
  C:\Windows\System\nOILupY.exe
  2⤵
  PID:10932
- C:\Windows\System\QKTwOMf.exe
  C:\Windows\System\QKTwOMf.exe
  2⤵
  PID:10960
- C:\Windows\System\ptdEWIG.exe
  C:\Windows\System\ptdEWIG.exe
  2⤵
  PID:10988
- C:\Windows\System\sBzyrAX.exe
  C:\Windows\System\sBzyrAX.exe
  2⤵
  PID:11020
- C:\Windows\System\kPQJbKf.exe
  C:\Windows\System\kPQJbKf.exe
  2⤵
  PID:11048
- C:\Windows\System\kvkNYGl.exe
  C:\Windows\System\kvkNYGl.exe
  2⤵
  PID:11084
- C:\Windows\System\EfMyxYO.exe
  C:\Windows\System\EfMyxYO.exe
  2⤵
  PID:11112
- C:\Windows\System\flWoyWY.exe
  C:\Windows\System\flWoyWY.exe
  2⤵
  PID:11140
- C:\Windows\System\tTfbSZp.exe
  C:\Windows\System\tTfbSZp.exe
  2⤵
  PID:11168
- C:\Windows\System\uJKCwnA.exe
  C:\Windows\System\uJKCwnA.exe
  2⤵
  PID:11196
- C:\Windows\System\AhMABcn.exe
  C:\Windows\System\AhMABcn.exe
  2⤵
  PID:11224
- C:\Windows\System\lCYzffO.exe
  C:\Windows\System\lCYzffO.exe
  2⤵
  PID:11252
- C:\Windows\System\uflqgLL.exe
  C:\Windows\System\uflqgLL.exe
  2⤵
  PID:10280
- C:\Windows\System\fJuymcs.exe
  C:\Windows\System\fJuymcs.exe
  2⤵
  PID:10340
- C:\Windows\System\iZUoPYz.exe
  C:\Windows\System\iZUoPYz.exe
  2⤵
  PID:10412
- C:\Windows\System\ugbwJVL.exe
  C:\Windows\System\ugbwJVL.exe
  2⤵
  PID:10476
- C:\Windows\System\IunWiHB.exe
  C:\Windows\System\IunWiHB.exe
  2⤵
  PID:10536
- C:\Windows\System\TujAlTE.exe
  C:\Windows\System\TujAlTE.exe
  2⤵
  PID:10608
- C:\Windows\System\NgGSPOv.exe
  C:\Windows\System\NgGSPOv.exe
  2⤵
  PID:10672
- C:\Windows\System\TqJuSQF.exe
  C:\Windows\System\TqJuSQF.exe
  2⤵
  PID:10732
- C:\Windows\System\xZTFnEH.exe
  C:\Windows\System\xZTFnEH.exe
  2⤵
  PID:10804
- C:\Windows\System\JlDSqUx.exe
  C:\Windows\System\JlDSqUx.exe
  2⤵
  PID:10868
- C:\Windows\System\KbnNfvR.exe
  C:\Windows\System\KbnNfvR.exe
  2⤵
  PID:10928
- C:\Windows\System\RQFjkJL.exe
  C:\Windows\System\RQFjkJL.exe
  2⤵
  PID:11000
- C:\Windows\System\jIyOLOX.exe
  C:\Windows\System\jIyOLOX.exe
  2⤵
  PID:11076
- C:\Windows\System\XwFbsmM.exe
  C:\Windows\System\XwFbsmM.exe
  2⤵
  PID:11136
- C:\Windows\System\NSwWGWm.exe
  C:\Windows\System\NSwWGWm.exe
  2⤵
  PID:4992
- C:\Windows\System\MYckqTI.exe
  C:\Windows\System\MYckqTI.exe
  2⤵
  PID:11236
- C:\Windows\System\JoPNRGN.exe
  C:\Windows\System\JoPNRGN.exe
  2⤵
  PID:10328
- C:\Windows\System\FlWryZL.exe
  C:\Windows\System\FlWryZL.exe
  2⤵
  PID:10468
- C:\Windows\System\KHIDpDS.exe
  C:\Windows\System\KHIDpDS.exe
  2⤵
  PID:10636
- C:\Windows\System\ZDYLkHr.exe
  C:\Windows\System\ZDYLkHr.exe
  2⤵
  PID:1376
- C:\Windows\System\kKJbQGq.exe
  C:\Windows\System\kKJbQGq.exe
  2⤵
  PID:2544
- C:\Windows\System\mjGPKQf.exe
  C:\Windows\System\mjGPKQf.exe
  2⤵
  PID:10924
- C:\Windows\System\pcEGhDi.exe
  C:\Windows\System\pcEGhDi.exe
  2⤵
  PID:11104
- C:\Windows\System\jMtPogN.exe
  C:\Windows\System\jMtPogN.exe
  2⤵
  PID:11220
- C:\Windows\System\bEhiruE.exe
  C:\Windows\System\bEhiruE.exe
  2⤵
  PID:10452
- C:\Windows\System\OdrsyMo.exe
  C:\Windows\System\OdrsyMo.exe
  2⤵
  PID:10784
- C:\Windows\System\VsHVYwc.exe
  C:\Windows\System\VsHVYwc.exe
  2⤵
  PID:11044
- C:\Windows\System\TgpUHbT.exe
  C:\Windows\System\TgpUHbT.exe
  2⤵
  PID:10440
- C:\Windows\System\zJJdaqT.exe
  C:\Windows\System\zJJdaqT.exe
  2⤵
  PID:11192
- C:\Windows\System\aVRBtvA.exe
  C:\Windows\System\aVRBtvA.exe
  2⤵
  PID:10984
- C:\Windows\System\YEchixM.exe
  C:\Windows\System\YEchixM.exe
  2⤵
  PID:11292
- C:\Windows\System\pDiqNZP.exe
  C:\Windows\System\pDiqNZP.exe
  2⤵
  PID:11320
- C:\Windows\System\Yvqrftq.exe
  C:\Windows\System\Yvqrftq.exe
  2⤵
  PID:11348
- C:\Windows\System\KQqaXxv.exe
  C:\Windows\System\KQqaXxv.exe
  2⤵
  PID:11376
- C:\Windows\System\SEOsFqv.exe
  C:\Windows\System\SEOsFqv.exe
  2⤵
  PID:11404
- C:\Windows\System\wYCPryq.exe
  C:\Windows\System\wYCPryq.exe
  2⤵
  PID:11432
- C:\Windows\System\qsDGkas.exe
  C:\Windows\System\qsDGkas.exe
  2⤵
  PID:11464
- C:\Windows\System\MLZCbbc.exe
  C:\Windows\System\MLZCbbc.exe
  2⤵
  PID:11496
- C:\Windows\System\onVvKfW.exe
  C:\Windows\System\onVvKfW.exe
  2⤵
  PID:11536
- C:\Windows\System\hUqjqGg.exe
  C:\Windows\System\hUqjqGg.exe
  2⤵
  PID:11552
- C:\Windows\System\LRDDmTx.exe
  C:\Windows\System\LRDDmTx.exe
  2⤵
  PID:11580
- C:\Windows\System\WmTQLNb.exe
  C:\Windows\System\WmTQLNb.exe
  2⤵
  PID:11608
- C:\Windows\System\iQwWhjk.exe
  C:\Windows\System\iQwWhjk.exe
  2⤵
  PID:11636
- C:\Windows\System\JJGgTIi.exe
  C:\Windows\System\JJGgTIi.exe
  2⤵
  PID:11664
- C:\Windows\System\bcAdiEb.exe
  C:\Windows\System\bcAdiEb.exe
  2⤵
  PID:11692
- C:\Windows\System\XdccGxr.exe
  C:\Windows\System\XdccGxr.exe
  2⤵
  PID:11724
- C:\Windows\System\VYtNbQS.exe
  C:\Windows\System\VYtNbQS.exe
  2⤵
  PID:11752
- C:\Windows\System\fXeKsex.exe
  C:\Windows\System\fXeKsex.exe
  2⤵
  PID:11780
- C:\Windows\System\uhOYGYA.exe
  C:\Windows\System\uhOYGYA.exe
  2⤵
  PID:11808
- C:\Windows\System\etjsKuM.exe
  C:\Windows\System\etjsKuM.exe
  2⤵
  PID:11836
- C:\Windows\System\jPadwyN.exe
  C:\Windows\System\jPadwyN.exe
  2⤵
  PID:11864
- C:\Windows\System\aFnsiEU.exe
  C:\Windows\System\aFnsiEU.exe
  2⤵
  PID:11892
- C:\Windows\System\phbbSgl.exe
  C:\Windows\System\phbbSgl.exe
  2⤵
  PID:11920
- C:\Windows\System\JspZeYi.exe
  C:\Windows\System\JspZeYi.exe
  2⤵
  PID:11948
- C:\Windows\System\cLpLLsc.exe
  C:\Windows\System\cLpLLsc.exe
  2⤵
  PID:11976
- C:\Windows\System\QOiawiW.exe
  C:\Windows\System\QOiawiW.exe
  2⤵
  PID:12004
- C:\Windows\System\LryzrSi.exe
  C:\Windows\System\LryzrSi.exe
  2⤵
  PID:12032
- C:\Windows\System\ldDwIfv.exe
  C:\Windows\System\ldDwIfv.exe
  2⤵
  PID:12060
- C:\Windows\System\cWaFxxJ.exe
  C:\Windows\System\cWaFxxJ.exe
  2⤵
  PID:12088
- C:\Windows\System\xPRHjgB.exe
  C:\Windows\System\xPRHjgB.exe
  2⤵
  PID:12116
- C:\Windows\System\zByYKEL.exe
  C:\Windows\System\zByYKEL.exe
  2⤵
  PID:12144
- C:\Windows\System\RprNehw.exe
  C:\Windows\System\RprNehw.exe
  2⤵
  PID:12172
- C:\Windows\System\UOzmTaI.exe
  C:\Windows\System\UOzmTaI.exe
  2⤵
  PID:12200
- C:\Windows\System\RtsAYuy.exe
  C:\Windows\System\RtsAYuy.exe
  2⤵
  PID:12228
- C:\Windows\System\OUqnOGI.exe
  C:\Windows\System\OUqnOGI.exe
  2⤵
  PID:12256
- C:\Windows\System\VcdLwGh.exe
  C:\Windows\System\VcdLwGh.exe
  2⤵
  PID:12284
- C:\Windows\System\uieCufp.exe
  C:\Windows\System\uieCufp.exe
  2⤵
  PID:11332
- C:\Windows\System\FaofpSr.exe
  C:\Windows\System\FaofpSr.exe
  2⤵
  PID:11368
- C:\Windows\System\Grlpyfg.exe
  C:\Windows\System\Grlpyfg.exe
  2⤵
  PID:11400
- C:\Windows\System\zGnEoEh.exe
  C:\Windows\System\zGnEoEh.exe
  2⤵
  PID:11480
- C:\Windows\System\YJgNxqN.exe
  C:\Windows\System\YJgNxqN.exe
  2⤵
  PID:6636
- C:\Windows\System\zsncPxU.exe
  C:\Windows\System\zsncPxU.exe
  2⤵
  PID:6556
- C:\Windows\System\kVNqwnq.exe
  C:\Windows\System\kVNqwnq.exe
  2⤵
  PID:11576
- C:\Windows\System\NNMJzJe.exe
  C:\Windows\System\NNMJzJe.exe
  2⤵
  PID:11180
- C:\Windows\System\tVvyyqz.exe
  C:\Windows\System\tVvyyqz.exe
  2⤵
  PID:11716
- C:\Windows\System\qYLKarK.exe
  C:\Windows\System\qYLKarK.exe
  2⤵
  PID:11776
- C:\Windows\System\ozLyrMQ.exe
  C:\Windows\System\ozLyrMQ.exe
  2⤵
  PID:11848
- C:\Windows\System\fLEUBoG.exe
  C:\Windows\System\fLEUBoG.exe
  2⤵
  PID:11960
- C:\Windows\System\hmLuNhP.exe
  C:\Windows\System\hmLuNhP.exe
  2⤵
  PID:12016
- C:\Windows\System\ZJtBQud.exe
  C:\Windows\System\ZJtBQud.exe
  2⤵
  PID:12084
- C:\Windows\System\QkyQOHk.exe
  C:\Windows\System\QkyQOHk.exe
  2⤵
  PID:12156
- C:\Windows\System\AhjzXqq.exe
  C:\Windows\System\AhjzXqq.exe
  2⤵
  PID:12220
- C:\Windows\System\ColjFUI.exe
  C:\Windows\System\ColjFUI.exe
  2⤵
  PID:12280
- C:\Windows\System\Vzvzthn.exe
  C:\Windows\System\Vzvzthn.exe
  2⤵
  PID:11304
- C:\Windows\System\viswmsb.exe
  C:\Windows\System\viswmsb.exe
  2⤵
  PID:3056
- C:\Windows\System\PZTiWGR.exe
  C:\Windows\System\PZTiWGR.exe
  2⤵
  PID:11564
- C:\Windows\System\tonjgRx.exe
  C:\Windows\System\tonjgRx.exe
  2⤵
  PID:11704
- C:\Windows\System\kDsPzeC.exe
  C:\Windows\System\kDsPzeC.exe
  2⤵
  PID:11876
- C:\Windows\System\jTfvWBZ.exe
  C:\Windows\System\jTfvWBZ.exe
  2⤵
  PID:11996
- C:\Windows\System\HBadEfi.exe
  C:\Windows\System\HBadEfi.exe
  2⤵
  PID:12136
- C:\Windows\System\pbXWBXf.exe
  C:\Windows\System\pbXWBXf.exe
  2⤵
  PID:12212
- C:\Windows\System\RrLUjgI.exe
  C:\Windows\System\RrLUjgI.exe
  2⤵
  PID:11388
- C:\Windows\System\DXpCvVP.exe
  C:\Windows\System\DXpCvVP.exe
  2⤵
  PID:11676
- C:\Windows\System\eUrwiUq.exe
  C:\Windows\System\eUrwiUq.exe
  2⤵
  PID:11888
- C:\Windows\System\LRJUYPr.exe
  C:\Windows\System\LRJUYPr.exe
  2⤵
  PID:12196
- C:\Windows\System\Njlxrya.exe
  C:\Windows\System\Njlxrya.exe
  2⤵
  PID:11828
- C:\Windows\System\IcZayOu.exe
  C:\Windows\System\IcZayOu.exe
  2⤵
  PID:11544
- C:\Windows\System\KvzvZvm.exe
  C:\Windows\System\KvzvZvm.exe
  2⤵
  PID:12296
- C:\Windows\System\EMRoHhK.exe
  C:\Windows\System\EMRoHhK.exe
  2⤵
  PID:12324
- C:\Windows\System\ChYXLDQ.exe
  C:\Windows\System\ChYXLDQ.exe
  2⤵
  PID:12352
- C:\Windows\System\kSkcqAT.exe
  C:\Windows\System\kSkcqAT.exe
  2⤵
  PID:12380
- C:\Windows\System\MwnaQWE.exe
  C:\Windows\System\MwnaQWE.exe
  2⤵
  PID:12408
- C:\Windows\System\QtvgJWg.exe
  C:\Windows\System\QtvgJWg.exe
  2⤵
  PID:12436
- C:\Windows\System\GUkROft.exe
  C:\Windows\System\GUkROft.exe
  2⤵
  PID:12464
- C:\Windows\System\LEkyOxN.exe
  C:\Windows\System\LEkyOxN.exe
  2⤵
  PID:12492
- C:\Windows\System\yswFGtg.exe
  C:\Windows\System\yswFGtg.exe
  2⤵
  PID:12520
- C:\Windows\System\BLCIVXF.exe
  C:\Windows\System\BLCIVXF.exe
  2⤵
  PID:12548
- C:\Windows\System\rPjZmQu.exe
  C:\Windows\System\rPjZmQu.exe
  2⤵
  PID:12576
- C:\Windows\System\qreJpGx.exe
  C:\Windows\System\qreJpGx.exe
  2⤵
  PID:12604
- C:\Windows\System\teTfVzK.exe
  C:\Windows\System\teTfVzK.exe
  2⤵
  PID:12632
- C:\Windows\System\UEpFOgi.exe
  C:\Windows\System\UEpFOgi.exe
  2⤵
  PID:12660
- C:\Windows\System\IsdYICB.exe
  C:\Windows\System\IsdYICB.exe
  2⤵
  PID:12688
- C:\Windows\System\IBEMIGS.exe
  C:\Windows\System\IBEMIGS.exe
  2⤵
  PID:12716
- C:\Windows\System\QZFUbwZ.exe
  C:\Windows\System\QZFUbwZ.exe
  2⤵
  PID:12744
- C:\Windows\System\NrcEbbE.exe
  C:\Windows\System\NrcEbbE.exe
  2⤵
  PID:12784
- C:\Windows\System\FRsYSDq.exe
  C:\Windows\System\FRsYSDq.exe
  2⤵
  PID:12804
- C:\Windows\System\JTYaGlN.exe
  C:\Windows\System\JTYaGlN.exe
  2⤵
  PID:12832
- C:\Windows\System\JyTJfGH.exe
  C:\Windows\System\JyTJfGH.exe
  2⤵
  PID:12860
- C:\Windows\System\xlOKwZw.exe
  C:\Windows\System\xlOKwZw.exe
  2⤵
  PID:12888
- C:\Windows\System\LIpZmrE.exe
  C:\Windows\System\LIpZmrE.exe
  2⤵
  PID:12916
- C:\Windows\System\JgtrBkg.exe
  C:\Windows\System\JgtrBkg.exe
  2⤵
  PID:12944
- C:\Windows\System\jnsvJpS.exe
  C:\Windows\System\jnsvJpS.exe
  2⤵
  PID:12972
- C:\Windows\System\wmEPnVH.exe
  C:\Windows\System\wmEPnVH.exe
  2⤵
  PID:13000
- C:\Windows\System\sETRRDa.exe
  C:\Windows\System\sETRRDa.exe
  2⤵
  PID:13028
- C:\Windows\System\zfTATAK.exe
  C:\Windows\System\zfTATAK.exe
  2⤵
  PID:13056
- C:\Windows\System\rmFbBKr.exe
  C:\Windows\System\rmFbBKr.exe
  2⤵
  PID:13084
- C:\Windows\System\mWpNJhF.exe
  C:\Windows\System\mWpNJhF.exe
  2⤵
  PID:13112
- C:\Windows\System\BhSAjIp.exe
  C:\Windows\System\BhSAjIp.exe
  2⤵
  PID:13140
- C:\Windows\System\mNormQL.exe
  C:\Windows\System\mNormQL.exe
  2⤵
  PID:13168
- C:\Windows\System\EXjsSIi.exe
  C:\Windows\System\EXjsSIi.exe
  2⤵
  PID:13196
- C:\Windows\System\pVRhHZy.exe
  C:\Windows\System\pVRhHZy.exe
  2⤵
  PID:13224
- C:\Windows\System\mLSfsoH.exe
  C:\Windows\System\mLSfsoH.exe
  2⤵
  PID:13252
- C:\Windows\System\ZaJVuwE.exe
  C:\Windows\System\ZaJVuwE.exe
  2⤵
  PID:13280
- C:\Windows\System\CsMBBRB.exe
  C:\Windows\System\CsMBBRB.exe
  2⤵
  PID:13308
- C:\Windows\System\IctBeTn.exe
  C:\Windows\System\IctBeTn.exe
  2⤵
  PID:12344
- C:\Windows\System\CqpBeQC.exe
  C:\Windows\System\CqpBeQC.exe
  2⤵
  PID:12404
- C:\Windows\System\CLyYqQo.exe
  C:\Windows\System\CLyYqQo.exe
  2⤵
  PID:12484
- C:\Windows\System\qQJkfUI.exe
  C:\Windows\System\qQJkfUI.exe
  2⤵
  PID:12544
- C:\Windows\System\IBDFrYE.exe
  C:\Windows\System\IBDFrYE.exe
  2⤵
  PID:12600
- C:\Windows\System\RbLMrCu.exe
  C:\Windows\System\RbLMrCu.exe
  2⤵
  PID:12672
- C:\Windows\System\KOqaObQ.exe
  C:\Windows\System\KOqaObQ.exe
  2⤵
  PID:12736
- C:\Windows\System\zanamaD.exe
  C:\Windows\System\zanamaD.exe
  2⤵
  PID:12800
- C:\Windows\System\zZUagxV.exe
  C:\Windows\System\zZUagxV.exe
  2⤵
  PID:12880
- C:\Windows\System\ZqOcVsw.exe
  C:\Windows\System\ZqOcVsw.exe
  2⤵
  PID:12956
- C:\Windows\System\KFiREjm.exe
  C:\Windows\System\KFiREjm.exe
  2⤵
  PID:13020
- C:\Windows\System\iQHrcgG.exe
  C:\Windows\System\iQHrcgG.exe
  2⤵
  PID:13080
- C:\Windows\System\RLUtmFh.exe
  C:\Windows\System\RLUtmFh.exe
  2⤵
  PID:13152
- C:\Windows\System\SPOIRwb.exe
  C:\Windows\System\SPOIRwb.exe
  2⤵
  PID:13216
- C:\Windows\System\fyFOAfw.exe
  C:\Windows\System\fyFOAfw.exe
  2⤵
  PID:13276
- C:\Windows\System\jTfzxmy.exe
  C:\Windows\System\jTfzxmy.exe
  2⤵
  PID:12392
- C:\Windows\System\PrUsHFE.exe
  C:\Windows\System\PrUsHFE.exe
  2⤵
  PID:12428
- C:\Windows\System\JYfIcXV.exe
  C:\Windows\System\JYfIcXV.exe
  2⤵
  PID:12652
- C:\Windows\System\QXHCWAY.exe
  C:\Windows\System\QXHCWAY.exe
  2⤵
  PID:12796
- C:\Windows\System\iPeaSox.exe
  C:\Windows\System\iPeaSox.exe
  2⤵
  PID:12984
- C:\Windows\System\VcflvBs.exe
  C:\Windows\System\VcflvBs.exe
  2⤵
  PID:13132
- C:\Windows\System\taohKxh.exe
  C:\Windows\System\taohKxh.exe
  2⤵
  PID:13264
- C:\Windows\System\exEfjWI.exe
  C:\Windows\System\exEfjWI.exe
  2⤵
  PID:12792
- C:\Windows\System\OkdFARi.exe
  C:\Windows\System\OkdFARi.exe
  2⤵
  PID:12764
- C:\Windows\System\XlMrlfL.exe
  C:\Windows\System\XlMrlfL.exe
  2⤵
  PID:13108
- C:\Windows\System\NUBJDmM.exe
  C:\Windows\System\NUBJDmM.exe
  2⤵
  PID:12596
- C:\Windows\System\MWtPKKY.exe
  C:\Windows\System\MWtPKKY.exe
  2⤵
  PID:12936
- C:\Windows\System\UZOVCut.exe
  C:\Windows\System\UZOVCut.exe
  2⤵
  PID:2460
- C:\Windows\System\tNUTTGp.exe
  C:\Windows\System\tNUTTGp.exe
  2⤵
  PID:13344
- C:\Windows\System\hCwuilS.exe
  C:\Windows\System\hCwuilS.exe
  2⤵
  PID:13372
- C:\Windows\System\IbbRcPg.exe
  C:\Windows\System\IbbRcPg.exe
  2⤵
  PID:13400
- C:\Windows\System\TaKVxUw.exe
  C:\Windows\System\TaKVxUw.exe
  2⤵
  PID:13428
- C:\Windows\System\VSOysGu.exe
  C:\Windows\System\VSOysGu.exe
  2⤵
  PID:13456
- C:\Windows\System\PhiJPGw.exe
  C:\Windows\System\PhiJPGw.exe
  2⤵
  PID:13488
- C:\Windows\System\LQzITyw.exe
  C:\Windows\System\LQzITyw.exe
  2⤵
  PID:13520
- C:\Windows\System\wZHLsWO.exe
  C:\Windows\System\wZHLsWO.exe
  2⤵
  PID:13556
- C:\Windows\System\onIUCnN.exe
  C:\Windows\System\onIUCnN.exe
  2⤵
  PID:13584
- C:\Windows\System\LPrJCaD.exe
  C:\Windows\System\LPrJCaD.exe
  2⤵
  PID:13612
- C:\Windows\System\TFiFQqF.exe
  C:\Windows\System\TFiFQqF.exe
  2⤵
  PID:13644
- C:\Windows\System\jEWVSUA.exe
  C:\Windows\System\jEWVSUA.exe
  2⤵
  PID:13672
- C:\Windows\System\wOYhABa.exe
  C:\Windows\System\wOYhABa.exe
  2⤵
  PID:13700
- C:\Windows\System\ZqVEheI.exe
  C:\Windows\System\ZqVEheI.exe
  2⤵
  PID:13728
- C:\Windows\System\vCuLPMf.exe
  C:\Windows\System\vCuLPMf.exe
  2⤵
  PID:13756
- C:\Windows\System\pLawHqH.exe
  C:\Windows\System\pLawHqH.exe
  2⤵
  PID:13784
- C:\Windows\System\qgHNjji.exe
  C:\Windows\System\qgHNjji.exe
  2⤵
  PID:13812
- C:\Windows\System\FtMVmnl.exe
  C:\Windows\System\FtMVmnl.exe
  2⤵
  PID:13840
- C:\Windows\System\OPhSmKD.exe
  C:\Windows\System\OPhSmKD.exe
  2⤵
  PID:13868
- C:\Windows\System\ZVjIboD.exe
  C:\Windows\System\ZVjIboD.exe
  2⤵
  PID:13896
- C:\Windows\System\kpDRhnD.exe
  C:\Windows\System\kpDRhnD.exe
  2⤵
  PID:13924
- C:\Windows\System\WXMpVYR.exe
  C:\Windows\System\WXMpVYR.exe
  2⤵
  PID:13952
- C:\Windows\System\DPUtZet.exe
  C:\Windows\System\DPUtZet.exe
  2⤵
  PID:13980
- C:\Windows\System\CDEuVNB.exe
  C:\Windows\System\CDEuVNB.exe
  2⤵
  PID:14012
- C:\Windows\System\kwjLqFf.exe
  C:\Windows\System\kwjLqFf.exe
  2⤵
  PID:14040
- C:\Windows\System\RdTEePb.exe
  C:\Windows\System\RdTEePb.exe
  2⤵
  PID:14068
- C:\Windows\System\cITpOVR.exe
  C:\Windows\System\cITpOVR.exe
  2⤵
  PID:14096
- C:\Windows\System\BNbbeed.exe
  C:\Windows\System\BNbbeed.exe
  2⤵
  PID:14124
- C:\Windows\System\pFucqtc.exe
  C:\Windows\System\pFucqtc.exe
  2⤵
  PID:14152
- C:\Windows\System\ASUVcOL.exe
  C:\Windows\System\ASUVcOL.exe
  2⤵
  PID:14192
- C:\Windows\System\tUyBHut.exe
  C:\Windows\System\tUyBHut.exe
  2⤵
  PID:14208
- C:\Windows\System\EUUGPYw.exe
  C:\Windows\System\EUUGPYw.exe
  2⤵
  PID:14236
- C:\Windows\System\scdeCeC.exe
  C:\Windows\System\scdeCeC.exe
  2⤵
  PID:14264
- C:\Windows\System\crAWnrU.exe
  C:\Windows\System\crAWnrU.exe
  2⤵
  PID:14292
- C:\Windows\System\FEEZhqB.exe
  C:\Windows\System\FEEZhqB.exe
  2⤵
  PID:14320
- C:\Windows\System\FbxpcUY.exe
  C:\Windows\System\FbxpcUY.exe
  2⤵
  PID:13328
- C:\Windows\System\CiQcSCG.exe
  C:\Windows\System\CiQcSCG.exe
  2⤵
  PID:13368
- C:\Windows\System\FCIdaPj.exe
  C:\Windows\System\FCIdaPj.exe
  2⤵
  PID:13412
- C:\Windows\System\YBhVKlw.exe
  C:\Windows\System\YBhVKlw.exe
  2⤵
  PID:13480
- C:\Windows\System\BGXwHbS.exe
  C:\Windows\System\BGXwHbS.exe
  2⤵
  PID:552
- C:\Windows\System\jxgGetD.exe
  C:\Windows\System\jxgGetD.exe
  2⤵
  PID:13580
- C:\Windows\System\ZWqnxLv.exe
  C:\Windows\System\ZWqnxLv.exe
  2⤵
  PID:13640
- C:\Windows\System\ZnPyVrS.exe
  C:\Windows\System\ZnPyVrS.exe
  2⤵
  PID:13712
- C:\Windows\System\bDmzKGm.exe
  C:\Windows\System\bDmzKGm.exe
  2⤵
  PID:13748
- C:\Windows\System\PfAOSPj.exe
  C:\Windows\System\PfAOSPj.exe
  2⤵
  PID:13804
- C:\Windows\System\SwcpDZm.exe
  C:\Windows\System\SwcpDZm.exe
  2⤵
  PID:13864
- C:\Windows\System\BLXsJWe.exe
  C:\Windows\System\BLXsJWe.exe
  2⤵
  PID:13936
- C:\Windows\System\hLuUcXO.exe
  C:\Windows\System\hLuUcXO.exe
  2⤵
  PID:13464
- C:\Windows\System\oDfFJZk.exe
  C:\Windows\System\oDfFJZk.exe
  2⤵
  PID:14060
- C:\Windows\System\JqjMpos.exe
  C:\Windows\System\JqjMpos.exe
  2⤵
  PID:14116
- C:\Windows\System\BwoDlXO.exe
  C:\Windows\System\BwoDlXO.exe
  2⤵
  PID:14144
- C:\Windows\System\vHpKVZh.exe
  C:\Windows\System\vHpKVZh.exe
  2⤵
  PID:14176
- C:\Windows\System\SZcaqql.exe
  C:\Windows\System\SZcaqql.exe
  2⤵
  PID:4380
- C:\Windows\System\auXcKmY.exe
  C:\Windows\System\auXcKmY.exe
  2⤵
  PID:14260
- C:\Windows\System\DoaYlVe.exe
  C:\Windows\System\DoaYlVe.exe
  2⤵
  PID:14312
- C:\Windows\System\nBWvkCc.exe
  C:\Windows\System\nBWvkCc.exe
  2⤵
  PID:1304
- C:\Windows\System\BicBbKU.exe
  C:\Windows\System\BicBbKU.exe
  2⤵
  PID:12928
- C:\Windows\System\rEUKBYv.exe
  C:\Windows\System\rEUKBYv.exe
  2⤵
  PID:13508
- C:\Windows\System\ORRoWQO.exe
  C:\Windows\System\ORRoWQO.exe
  2⤵
  PID:13600
- C:\Windows\System\eRkcUMZ.exe
  C:\Windows\System\eRkcUMZ.exe
  2⤵
  PID:13696
- C:\Windows\System\pACWnXf.exe
  C:\Windows\System\pACWnXf.exe
  2⤵
  PID:4416
- C:\Windows\System\IFtQZgJ.exe
  C:\Windows\System\IFtQZgJ.exe
  2⤵
  PID:13892
- C:\Windows\System\XqCJIdp.exe
  C:\Windows\System\XqCJIdp.exe
  2⤵
  PID:13992
- C:\Windows\System\wCUKbbC.exe
  C:\Windows\System\wCUKbbC.exe
  2⤵
  PID:3860
- C:\Windows\System\uPUvgrt.exe
  C:\Windows\System\uPUvgrt.exe
  2⤵
  PID:14172
- C:\Windows\System\nROycEl.exe
  C:\Windows\System\nROycEl.exe
  2⤵
  PID:4884
- C:\Windows\System\lzmftgR.exe
  C:\Windows\System\lzmftgR.exe
  2⤵
  PID:3400
- C:\Windows\System\hFluFBC.exe
  C:\Windows\System\hFluFBC.exe
  2⤵
  PID:4936
- C:\Windows\System\cGRnuzi.exe
  C:\Windows\System\cGRnuzi.exe
  2⤵
  PID:13472
- C:\Windows\System\rrZjCJq.exe
  C:\Windows\System\rrZjCJq.exe
  2⤵
  PID:2428
- C:\Windows\System\DCBQNqe.exe
  C:\Windows\System\DCBQNqe.exe
  2⤵
  PID:1508
- C:\Windows\System\MshsNMN.exe
  C:\Windows\System\MshsNMN.exe
  2⤵
  PID:4200
- C:\Windows\System\iUczKKk.exe
  C:\Windows\System\iUczKKk.exe
  2⤵
  PID:2076
- C:\Windows\System\ozZicho.exe
  C:\Windows\System\ozZicho.exe
  2⤵
  PID:424
- C:\Windows\System\FSdJDHg.exe
  C:\Windows\System\FSdJDHg.exe
  2⤵
  PID:3608
- C:\Windows\System\IvqAMEh.exe
  C:\Windows\System\IvqAMEh.exe
  2⤵
  PID:13976
- C:\Windows\System\fkZByzK.exe
  C:\Windows\System\fkZByzK.exe
  2⤵
  PID:1236
- C:\Windows\System\NhBeINm.exe
  C:\Windows\System\NhBeINm.exe
  2⤵
  PID:3468
- C:\Windows\System\VlZDhJD.exe
  C:\Windows\System\VlZDhJD.exe
  2⤵
  PID:4176
- C:\Windows\System\GRaxXaR.exe
  C:\Windows\System\GRaxXaR.exe
  2⤵
  PID:2096
- C:\Windows\System\PPissWf.exe
  C:\Windows\System\PPissWf.exe
  2⤵
  PID:4736
- C:\Windows\System\GDiSaDB.exe
  C:\Windows\System\GDiSaDB.exe
  2⤵
  PID:3756
- C:\Windows\System\RfUWdpp.exe
  C:\Windows\System\RfUWdpp.exe
  2⤵
  PID:13356
- C:\Windows\System\dKGEndK.exe
  C:\Windows\System\dKGEndK.exe
  2⤵
  PID:5108
- C:\Windows\System\sNGtanI.exe
  C:\Windows\System\sNGtanI.exe
  2⤵
  PID:836
- C:\Windows\System\cIVIbzF.exe
  C:\Windows\System\cIVIbzF.exe
  2⤵
  PID:4072
- C:\Windows\System\FeQuSbg.exe
  C:\Windows\System\FeQuSbg.exe
  2⤵
  PID:4228
- C:\Windows\System\kzLZARo.exe
  C:\Windows\System\kzLZARo.exe
  2⤵
  PID:3884
- C:\Windows\System\MOvleHm.exe
  C:\Windows\System\MOvleHm.exe
  2⤵
  PID:2704
- C:\Windows\System\wAazTYp.exe
  C:\Windows\System\wAazTYp.exe
  2⤵
  PID:4244
- C:\Windows\System\LYCiWLZ.exe
  C:\Windows\System\LYCiWLZ.exe
  2⤵
  PID:1600
- C:\Windows\System\WwuqZtd.exe
  C:\Windows\System\WwuqZtd.exe
  2⤵
  PID:4144
- C:\Windows\System\tUxjTOi.exe
  C:\Windows\System\tUxjTOi.exe
  2⤵
  PID:756
- C:\Windows\System\bFyZyOj.exe
  C:\Windows\System\bFyZyOj.exe
  2⤵
  PID:4844
- C:\Windows\System\wQphVnx.exe
  C:\Windows\System\wQphVnx.exe
  2⤵
  PID:832
- C:\Windows\System\yJPzgpX.exe
  C:\Windows\System\yJPzgpX.exe
  2⤵
  PID:4776
- C:\Windows\System\Xdxmeqw.exe
  C:\Windows\System\Xdxmeqw.exe
  2⤵
  PID:1196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BpMtetf.exe

Filesize
6.0MB

MD5
22a719a9c04ab3b6f80412b72a59b7fb

SHA1
27759ddac83840711f4bf16e09a88936b85d4e4d

SHA256
ba2174e55079e4ded7a72dcc82ea5a350b717bcae148589aa8fce9b3ecd44549

SHA512
f37de39007856448e159c3c47b98d168cc29bca1dc2cd82f194eab0e16ef61f1cec76f2c036c1aab2ba9a94ea8bb9223b10ba92f19e218e43d2a30e5a1db011c

Download Submit
C:\Windows\System\DNsfVEs.exe

Filesize
6.0MB

MD5
25b4cbe8f98df274993dace406b169e2

SHA1
0200a4a1f3bca15dd494f227bdf1ddf57ecf36be

SHA256
9c3d31cbca3ae22650db40d0eac2922f7f26793d32f8431336f074031cc667d0

SHA512
434f460c6e6f58aa4d713bf40b2dfdba96f0bbf0bacdd1137effed5cf74132bd5dbe9fbdcdf90f8583dc669c3788ebe96e6e66a40178155002eb2a5f212ccef3

Download Submit
C:\Windows\System\DVkgcyj.exe

Filesize
6.0MB

MD5
7f0f22de25a69e72e7f9c2c473cf814a

SHA1
b9588e26daffdda4795b9d413b0bc24c97add455

SHA256
21320bb2c868c7174339366d61e846fccb5e84d5c059417ee67a5fbed11829ad

SHA512
9d0246475b34050c7b53e34f7ed0b587e08a83374b9810a21f8c825f251f76bc12426bce91d856519634f642275e4fa52eb726489508b079a3d8713d0a1b2b1a

Download Submit
C:\Windows\System\EMgKRFj.exe

Filesize
6.0MB

MD5
8d72cace550fb863e4e5877f66a45790

SHA1
543266a5a8b38e4edc5def504858f30f2a75c890

SHA256
01cf712339eba21eeb78dacc737e69c741ec37601e21b6ca04090c7058473b3e

SHA512
ef84ee04435c43c017a58d5ec658254522fe56153c4c51dbf33136272bcd30f25f5552abdc450964e5801835ab61722d47a9a40ecc96e795e0b72128b1e3f978

Download Submit
C:\Windows\System\EjYiKDp.exe

Filesize
6.0MB

MD5
914ea7bdceb4f3210d13a0becaf857e5

SHA1
e3977449ae7a753990d979227a98f166f72db728

SHA256
33c5988c45737093d072504b2c7c7b910e89acdfbb8ed6ed754fe1fbfd761f03

SHA512
b04e0085e673630a4b4b58d28450ede226de9183734407069afeaf2d3014ba8565871d242e7efa86aed83f112abe6d11d147a9ecb98a4031e664c1214b866311

Download Submit
C:\Windows\System\Gmusskw.exe

Filesize
6.0MB

MD5
07ee44165133fd89d1ad2e7bccd0d651

SHA1
db31c92d9d5596ba510ab215fd78e4998e23e6a4

SHA256
00fdbdc2e7c439aecc6f4be46d1e1fff63109906269363dad625d0e97f1a6c82

SHA512
1d361fd53ba4c154101fbdb42d69a57799e6d3c182a05138f8584ca17bed030a3c5a40c8662a37d5298024e2622e9c3151320a3c12876150e21b3d528b7c3263

Download Submit
C:\Windows\System\HNrgfKR.exe

Filesize
6.0MB

MD5
d8afff8b0a991e045551f50057c91a72

SHA1
783c571fc4b7dfacccb86fba32863328ed39c723

SHA256
45344aa3636d50082235d926b4945443c3d19ce47c5a58a3aa781d609d361b56

SHA512
59daf5de4f975e58c1b6fa2b35f7512e84cf503f51a620ba9547f8b037ac65ed258abcf311045ce79aedc874d393805250ca358c9e4fa469cdb7ee6d911df4a7

Download Submit
C:\Windows\System\HUmRDRn.exe

Filesize
6.0MB

MD5
90f0f36c25bf309f2dd8586a166ea00c

SHA1
23ba873717f61723dda7d00a545b041343bf6588

SHA256
17b01a4d934dba4d17d6c9b3b1be7b277f05bd597ee6eebec518444869044611

SHA512
8600760423c59c3e1ab0527359dbfd072f1bfeaeef9b788fb02b8c97b5e103ff8bde936ecbbc265ff3f9f26cd67f0b9e12a3644927ec09d567c151b1350b83ce

Download Submit
C:\Windows\System\HicYbdD.exe

Filesize
6.0MB

MD5
d410ff0536bed84495d8af1be15d2655

SHA1
bf8a9510817ec2802e936b7b6113ff4ccdf611a1

SHA256
85a41170582376db22c69205d8ae8318849cc5bafd6c991a80f8a62d55baafc0

SHA512
9049b518964d71d93cf300fe9af908b2e64cb8e280f4f55474d5d30d0ebb33a9c9c2d11612cb532bee77589b08ae92c2081c80f986045abb39a7c7d59770b1fd

Download Submit
C:\Windows\System\JQXWzxh.exe

Filesize
6.0MB

MD5
99b8cd112c6dd87ec65c5c0b99ff1fe0

SHA1
ed16d4cee4fe735d74afc14347f4366db7cfa338

SHA256
fddc15662cf63b615667c319c3999866e62c4a89ee879fb2c53bd57d33c5c103

SHA512
2171a1b34e9a4d910889e1add45c2b79939285ef46f56d1c36fe9ec95fc0d20a90e0cbb2ab8182daab0eda934670342b899e9370e343f65f198d517bd88e3639

Download Submit
C:\Windows\System\JnYcGYs.exe

Filesize
6.0MB

MD5
ba1a381cd3a8b1fc179f898fb50f6dd1

SHA1
c0ebf6840929c1bfedaa9390bb1563070e4f01bb

SHA256
da7ed1a38fec3cbcc6923a80e371c31227f99b197427b50eb3c44f26e01ae905

SHA512
63ec2d3c7f4a2ba06f4d9c62f185ab0237ee94c4f5872761b0688c8c4bc52cb3667ee5f267d4b0c434e69ecdfb5b28a8867ca2e0ecaf36206f94d8febeac441e

Download Submit
C:\Windows\System\KGBvBva.exe

Filesize
6.0MB

MD5
71c09f50f112d67c4ace8a5cc3a55919

SHA1
405735d34c6f023e02e72b4d88af30657752c39b

SHA256
d8bd994ff8016c3dc819335d863cdd1148e52ab5df568b1474d156a35ad45eba

SHA512
9dcf6a55765374815b1be8c5cb4bbac812f28612f14a20152e3eede74d17c728caddd704c98c0102c49461a17bb71cf3eba0e4beecbf4f0e95f613c7a12efe2c

Download Submit
C:\Windows\System\KmCeXcg.exe

Filesize
6.0MB

MD5
a16074941300975d91a92a1c1e9bd2f6

SHA1
fe95b0092847bdf004aed094d1b24d959b341585

SHA256
e0e80e1c0d052aaf0d493ecbed977d1ef7cb3da1c0d72ec9cef4289197d7fc33

SHA512
07fe98c60fdbfaeb47de548b0a56b802182ec419e9d3566c85f95e27d1580f7c81bb8439cad2874cd0f038f06f60b761c9991d7e9a68caa59b3d5cde00356b59

Download Submit
C:\Windows\System\PeHZTww.exe

Filesize
6.0MB

MD5
f0fc8153534071d60ab63b60a1b8c66c

SHA1
1e0303ba81ec0d2d7aec3103c83b6d4a4b795677

SHA256
0f036ad76fef2d52eff0c441bffaead9351e222e18ce3870821c8db3c957872f

SHA512
39b9f29c4189b1fd56930605c2a2b0929419214cd4a6e21ee787f0dcd90b53b7b6db23202ad30b168ec32a484f0c9a561ae288b0210b11229303e7748df1f4a3

Download Submit
C:\Windows\System\QtHmeij.exe

Filesize
6.0MB

MD5
a0f23c58bba9ca5551c62ba14b14a54b

SHA1
2232cd969a4a69d0b4bc4a499672ff5e91c9e28c

SHA256
432ac98ba28cfc732de89d52503e970f4951fd336a104a68097b73cf6466e8ab

SHA512
811e7db962026b304c84f9e6a2f74fad4720955e3543df1bf76c6035180675002c1a86887cb4dedeb3e401ee97f46d928afba242f346b6b4dd758faf653cd183

Download Submit
C:\Windows\System\RFcFpKk.exe

Filesize
6.0MB

MD5
13be7d9a0c6fb3258b68cefdab1941fc

SHA1
f79b7cd5c24f772d634a89ea2078b467a20c248d

SHA256
c65ff8a7fbe3afb042b43cbcfe29235c5d75961fd167f26fcd6b7b501ed4dd27

SHA512
596bb718e8621ddc983b39cb4593797c587afa822a616d20438843e95bf6e4d39d202a932a49604a2c634927682c25263d11e7f30d8887c15b0dc213658197ae

Download Submit
C:\Windows\System\SjKUzIo.exe

Filesize
6.0MB

MD5
aaf2ed945e16e147eafe8baef96fb089

SHA1
ad6f8a779cedf5c570df3296bb47cda9339c253e

SHA256
52ed959ad01ec7433a03bc2b4f517cbc679632a0a91266b3208aa3f4ebfa714f

SHA512
4661ae6588ef6a424131ae952b90fab11078f2c2ed7882b05f149c908669190896360d6e83824fdad8fe116626f9ecc7e30169b4c9c15c1e0af486c008a8ee12

Download Submit
C:\Windows\System\UzugCix.exe

Filesize
6.0MB

MD5
729e9c7ae32b732acfd8dd7b7d3e9378

SHA1
5a271b8abf2054b315ba611a40c79bdff4ebab0f

SHA256
44047d516c4cb45ddad2d444e6120a64d55e0e5ea4b2ad105511d4af5cccddc5

SHA512
934fc6923cd3ec2c288612b0605ac15388eaa3825f98245223b6afafebde0530b6047a9ce2356c94ad8345fe914015347d99d548edf632720f8725d6d0bdced2

Download Submit
C:\Windows\System\VzwwxJL.exe

Filesize
6.0MB

MD5
c8b8667daebe68eb70286c1dd6a3face

SHA1
07283c3b518e09eea032be5b669c515b0f7c2ca9

SHA256
321385c86d4b1b927ab5ac38113ef8269e190c70607cad4b1bddd396671a4906

SHA512
536d20f1f96525e5ae00ad902cee4322aa11cba789f904786bf863ede68e2cdd6dc3ac23a2612e98a9c00b56cecd4e76d196675a1aae10f41dc14702950df925

Download Submit
C:\Windows\System\WFsbxev.exe

Filesize
6.0MB

MD5
5588a7a2b91493d43855abee0675a771

SHA1
1416ff91b7938b81560f7b99ebc9659d09f3a3f1

SHA256
77bfdd11549d83bb59981f0209c9a910cc05aa610a07132c1d3568664e4f359c

SHA512
90334f609806a5ebaa789819af667c335de7fbc443c2e50fb0f39b79de098119854d3316cf93fa8a422c3cd33848ecc80661f5a41e57a6cffd099aa33ab370b8

Download Submit
C:\Windows\System\WcTyIvT.exe

Filesize
6.0MB

MD5
123c3ffac5bc3183da5f323f81e7cc71

SHA1
3e46b45a3e3055df2f05fc771a51db0832892218

SHA256
bf9aa949dfc274dc43977c48d45a805c0420054d0b94618f816f99db3254283c

SHA512
b615ea3c301263ae810f92e7888e763207e36929dd4ad1fde34c865bd2eb441576dea278eda4ba26692372d3f4de9fa9d0ef02177d5e5905468a7ea08bc1c48a

Download Submit
C:\Windows\System\WmjDJXj.exe

Filesize
6.0MB

MD5
79362d01b4251f0cd97ef44632204605

SHA1
e172d3527d9aacde9e2490be67a5dbc44eb6f4e9

SHA256
815fe277bb26d1b4d35d2b23dbf92e0e612f0d629a66b04c5a48a503ba3e6175

SHA512
6015a17f8aa041c8be0c9a1743a7470afebee47de66c69d5929f4695218ae2839ff0571594c926d3051a82318203446b339389227328d9f1cc818393377bfb5e

Download Submit
C:\Windows\System\XrVvtIZ.exe

Filesize
6.0MB

MD5
ede153909652c1b471b30d3c0a106047

SHA1
8bfc56be593b0488fd83b8168f38ac505c1d6ccd

SHA256
68d65d9db7399e8b591caccbd00bdf3ccaf6e3b383c2af34e2b51fd9b04cdd00

SHA512
9775883e96f44d2a72ef6c528d20843397d331caf7b1084c076b3e94d65debac1d589b7045f3ddfc982a350ee4601384eaae5b3029c2c30d0e6f435b35a1a4c8

Download Submit
C:\Windows\System\XxLdiUs.exe

Filesize
6.0MB

MD5
9929764884b9cb63dad34213bdc8690c

SHA1
66ae2ed8da11785bdb77205fea9ff1a9cb7b969c

SHA256
fbdbc8c752e0c2129b0fc644bc0d60a461bce8bce70aaa62381a01d5d593e291

SHA512
1e9e3b65858af0fb41281871d6c643da178499bbf1c6765b1338bfdb420f7d701ea3a591e6a84f9b1bf869bfeaf2c8291e8a2ed98227bd7b0f9a7244d9cfdbaa

Download Submit
C:\Windows\System\bTJMklJ.exe

Filesize
6.0MB

MD5
0db0179afc7f65b14b779643f518c9e1

SHA1
a45975e42586d45aa4e9c96863489217ef758876

SHA256
9aca9e9aff1c256d4c19f00203e2a5a0708a1c4f0cd5748ecde4e46a55ecb917

SHA512
0459f85396fa1afd1ff2e30d233c32ca178cc26e666773595ef49ca288f5f9a5b6c14d2adb78ee0e113ae29baa6ec275990ac9208bc398155d9105aaa4bc9916

Download Submit
C:\Windows\System\jtazOvJ.exe

Filesize
6.0MB

MD5
6f31bf6f2a088558c08d11352a54eb87

SHA1
729e06e072d87d33d18f453a0c2ff07d74aa02c7

SHA256
c1fcf6ad4356bed19e7f0ae9e99541f960811b109bee111df5e5abb6ab31434a

SHA512
0d81eea430451391ced05853ace75cca67cfa23ac630ab5993e4e6b1874f074d92b7737dcd083fdcadfba2899c988e4cb1f4c408a429d744751d19e58de01445

Download Submit
C:\Windows\System\pZBlWtq.exe

Filesize
6.0MB

MD5
809661b19108a5ab65d9d6907bdefc52

SHA1
c41bddf66428e7dc9fd3e092d33d8f888748a85f

SHA256
30b652ea9274158267fdf1469b1a981eac48936ed75dae34dcff8376066168d3

SHA512
b0f81a79a43a310f257034ebec273b66d3d3e4ebd314a0873abaf2fc948fc58021cc5bfc6b01022ec9d3c1fa7abce3565eef97ff9ef156b2f8fc75a51b23d829

Download Submit
C:\Windows\System\qSFtnWh.exe

Filesize
6.0MB

MD5
a2ec24dadf247da98de0a7b838edbcb7

SHA1
ffbdb71a4b24ee7be1cc950017c2309edeae5b90

SHA256
f1f3f51c0f3ba2a141037e0580cf33224956c7c93397352fa6503d26b2953ae6

SHA512
60a40fe1f2884d5de0cad8883e7876705755ba8044413e63ddee5196e9b9b18f9ade213f54c343799f27c33e99f23cb0ea10e8eb40d82d9fbbceb0e9302e05b7

Download Submit
C:\Windows\System\wBniffd.exe

Filesize
6.0MB

MD5
e19e2632de521d3ed4095b161d6bf742

SHA1
8d6b1e38f8b93037384d6f2a6da522c89d55c365

SHA256
96fbeef809a677ee5ae8184bcb6a80f07cc7b251dd3c245eff3b7d1819e3758e

SHA512
0da74a8b332eeaf68801317086197fd6d962728d8a7a24cba6e4ccb448ec173b64c70abebecc7097f486182ec627d4705611f21082d2606b5454b42a5ede81a2

Download Submit
C:\Windows\System\yQTxpzc.exe

Filesize
6.0MB

MD5
a448e145f79a11ee10543d934b8bce12

SHA1
c6d17ddf0947955ae59c639c7f5a0cd0bd02bb19

SHA256
9fcc77686ad1f1f2f4daf3768621ad355eba290b3b24d31e369246f195dc37f6

SHA512
5c5dae9aef1505410f59af69fb21c6ddbd1f01822062d5bdb97dbf450071a5c383f4d371dba7171cfece2c7f837ffce79888974d8cd4e9b346def069f452bf89

Download Submit
C:\Windows\System\ybywdyY.exe

Filesize
6.0MB

MD5
959f51acd1ec445033858d0531ffbd7a

SHA1
f3790b8b567fc3deb5a99d495b4cfbb24cbbc7bd

SHA256
472fe96b562cf9cece51d90bf7d29e0dedff7be3a36761db20eb0d6c0c67f0e6

SHA512
e8e3857b2622f194f403c6e8fdaa3f61ff36c1a86246fc2dfe5de675379bbd09e2bc5a4c78dec63aa12cef6321d28cb8332a5934058ae5371d12168904e42b3e

Download Submit
C:\Windows\System\zEmenjp.exe

Filesize
6.0MB

MD5
e4eb7c5b4dda8628018c74ab88de8aef

SHA1
71610a5cf29e5c33b30bfac83a3e270a81094b69

SHA256
89df7fd80ec51686d0db5c182551e8b13edd1396be3d78ee6c04da7e949ede3e

SHA512
3a8e9b264f1e9593df8fca1f29629e946e0dbc51bdaa03e1ceef2ebd9abcf585417cf43e4403e7cef3db9a5adacb0abf3461d5586472fae1f53706af63a33119

Download Submit
memory/1060-64-0x00007FF7651E0000-0x00007FF765534000-memory.dmp

Filesize
3.3MB

Download
memory/1060-1968-0x00007FF7651E0000-0x00007FF765534000-memory.dmp

Filesize
3.3MB

Download
memory/1060-124-0x00007FF7651E0000-0x00007FF765534000-memory.dmp

Filesize
3.3MB

Download
memory/1148-2193-0x00007FF6D55B0000-0x00007FF6D5904000-memory.dmp

Filesize
3.3MB

Download
memory/1148-155-0x00007FF6D55B0000-0x00007FF6D5904000-memory.dmp

Filesize
3.3MB

Download
memory/1340-91-0x00007FF637AD0000-0x00007FF637E24000-memory.dmp

Filesize
3.3MB

Download
memory/1340-180-0x00007FF637AD0000-0x00007FF637E24000-memory.dmp

Filesize
3.3MB

Download
memory/1340-2033-0x00007FF637AD0000-0x00007FF637E24000-memory.dmp

Filesize
3.3MB

Download
memory/1356-1-0x000001C5BE8F0000-0x000001C5BE900000-memory.dmp

Filesize
64KB

Download
memory/1356-0-0x00007FF638D50000-0x00007FF6390A4000-memory.dmp

Filesize
3.3MB

Download
memory/1356-56-0x00007FF638D50000-0x00007FF6390A4000-memory.dmp

Filesize
3.3MB

Download
memory/1540-2223-0x00007FF610AD0000-0x00007FF610E24000-memory.dmp

Filesize
3.3MB

Download
memory/1540-183-0x00007FF610AD0000-0x00007FF610E24000-memory.dmp

Filesize
3.3MB

Download
memory/1540-613-0x00007FF610AD0000-0x00007FF610E24000-memory.dmp

Filesize
3.3MB

Download
memory/1804-2198-0x00007FF77DD30000-0x00007FF77E084000-memory.dmp

Filesize
3.3MB

Download
memory/1804-156-0x00007FF77DD30000-0x00007FF77E084000-memory.dmp

Filesize
3.3MB

Download
memory/2020-179-0x00007FF74A820000-0x00007FF74AB74000-memory.dmp

Filesize
3.3MB

Download
memory/2020-83-0x00007FF74A820000-0x00007FF74AB74000-memory.dmp

Filesize
3.3MB

Download
memory/2020-2029-0x00007FF74A820000-0x00007FF74AB74000-memory.dmp

Filesize
3.3MB

Download
memory/2068-2209-0x00007FF664BE0000-0x00007FF664F34000-memory.dmp

Filesize
3.3MB

Download
memory/2068-169-0x00007FF664BE0000-0x00007FF664F34000-memory.dmp

Filesize
3.3MB

Download
memory/2124-203-0x00007FF7B7220000-0x00007FF7B7574000-memory.dmp

Filesize
3.3MB

Download
memory/2124-2039-0x00007FF7B7220000-0x00007FF7B7574000-memory.dmp

Filesize
3.3MB

Download
memory/2124-103-0x00007FF7B7220000-0x00007FF7B7574000-memory.dmp

Filesize
3.3MB

Download
memory/2184-48-0x00007FF7A8F10000-0x00007FF7A9264000-memory.dmp

Filesize
3.3MB

Download
memory/2184-106-0x00007FF7A8F10000-0x00007FF7A9264000-memory.dmp

Filesize
3.3MB

Download
memory/2184-1755-0x00007FF7A8F10000-0x00007FF7A9264000-memory.dmp

Filesize
3.3MB

Download
memory/2220-71-0x00007FF7B5130000-0x00007FF7B5484000-memory.dmp

Filesize
3.3MB

Download
memory/2220-2002-0x00007FF7B5130000-0x00007FF7B5484000-memory.dmp

Filesize
3.3MB

Download
memory/2220-130-0x00007FF7B5130000-0x00007FF7B5484000-memory.dmp

Filesize
3.3MB

Download
memory/2316-184-0x00007FF6AA490000-0x00007FF6AA7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-98-0x00007FF6AA490000-0x00007FF6AA7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-2035-0x00007FF6AA490000-0x00007FF6AA7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2400-476-0x00007FF6B5860000-0x00007FF6B5BB4000-memory.dmp

Filesize
3.3MB

Download
memory/2400-2210-0x00007FF6B5860000-0x00007FF6B5BB4000-memory.dmp

Filesize
3.3MB

Download
memory/2400-163-0x00007FF6B5860000-0x00007FF6B5BB4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-610-0x00007FF691EA0000-0x00007FF6921F4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-2224-0x00007FF691EA0000-0x00007FF6921F4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-182-0x00007FF691EA0000-0x00007FF6921F4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-1752-0x00007FF6E1E30000-0x00007FF6E2184000-memory.dmp

Filesize
3.3MB

Download
memory/2652-39-0x00007FF6E1E30000-0x00007FF6E2184000-memory.dmp

Filesize
3.3MB

Download
memory/2652-99-0x00007FF6E1E30000-0x00007FF6E2184000-memory.dmp

Filesize
3.3MB

Download
memory/2656-58-0x00007FF64CF90000-0x00007FF64D2E4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1927-0x00007FF64CF90000-0x00007FF64D2E4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-2200-0x00007FF7B4670000-0x00007FF7B49C4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-167-0x00007FF7B4670000-0x00007FF7B49C4000-memory.dmp

Filesize
3.3MB

Download
memory/2924-2172-0x00007FF603C90000-0x00007FF603FE4000-memory.dmp

Filesize
3.3MB

Download
memory/2924-118-0x00007FF603C90000-0x00007FF603FE4000-memory.dmp

Filesize
3.3MB

Download
memory/3112-32-0x00007FF7710E0000-0x00007FF771434000-memory.dmp

Filesize
3.3MB

Download
memory/3112-1749-0x00007FF7710E0000-0x00007FF771434000-memory.dmp

Filesize
3.3MB

Download
memory/3112-93-0x00007FF7710E0000-0x00007FF771434000-memory.dmp

Filesize
3.3MB

Download
memory/3236-294-0x00007FF7E1920000-0x00007FF7E1C74000-memory.dmp

Filesize
3.3MB

Download
memory/3236-110-0x00007FF7E1920000-0x00007FF7E1C74000-memory.dmp

Filesize
3.3MB

Download
memory/3236-2168-0x00007FF7E1920000-0x00007FF7E1C74000-memory.dmp

Filesize
3.3MB

Download
memory/3376-87-0x00007FF7C30E0000-0x00007FF7C3434000-memory.dmp

Filesize
3.3MB

Download
memory/3376-24-0x00007FF7C30E0000-0x00007FF7C3434000-memory.dmp

Filesize
3.3MB

Download
memory/3376-1746-0x00007FF7C30E0000-0x00007FF7C3434000-memory.dmp

Filesize
3.3MB

Download
memory/3432-609-0x00007FF74C820000-0x00007FF74CB74000-memory.dmp

Filesize
3.3MB

Download
memory/3432-2226-0x00007FF74C820000-0x00007FF74CB74000-memory.dmp

Filesize
3.3MB

Download
memory/3432-181-0x00007FF74C820000-0x00007FF74CB74000-memory.dmp

Filesize
3.3MB

Download
memory/3508-1751-0x00007FF7E4860000-0x00007FF7E4BB4000-memory.dmp

Filesize
3.3MB

Download
memory/3508-47-0x00007FF7E4860000-0x00007FF7E4BB4000-memory.dmp

Filesize
3.3MB

Download
memory/3508-94-0x00007FF7E4860000-0x00007FF7E4BB4000-memory.dmp

Filesize
3.3MB

Download
memory/3852-1712-0x00007FF79C9B0000-0x00007FF79CD04000-memory.dmp

Filesize
3.3MB

Download
memory/3852-19-0x00007FF79C9B0000-0x00007FF79CD04000-memory.dmp

Filesize
3.3MB

Download
memory/4252-352-0x00007FF7C8250000-0x00007FF7C85A4000-memory.dmp

Filesize
3.3MB

Download
memory/4252-2190-0x00007FF7C8250000-0x00007FF7C85A4000-memory.dmp

Filesize
3.3MB

Download
memory/4252-128-0x00007FF7C8250000-0x00007FF7C85A4000-memory.dmp

Filesize
3.3MB

Download
memory/4712-69-0x00007FF6FBBB0000-0x00007FF6FBF04000-memory.dmp

Filesize
3.3MB

Download
memory/4712-1621-0x00007FF6FBBB0000-0x00007FF6FBF04000-memory.dmp

Filesize
3.3MB

Download
memory/4712-11-0x00007FF6FBBB0000-0x00007FF6FBF04000-memory.dmp

Filesize
3.3MB

Download
memory/4784-158-0x00007FF791D50000-0x00007FF7920A4000-memory.dmp

Filesize
3.3MB

Download
memory/4784-2205-0x00007FF791D50000-0x00007FF7920A4000-memory.dmp

Filesize
3.3MB

Download
memory/4796-1623-0x00007FF7230E0000-0x00007FF723434000-memory.dmp

Filesize
3.3MB

Download
memory/4796-57-0x00007FF7230E0000-0x00007FF723434000-memory.dmp

Filesize
3.3MB

Download
memory/4796-7-0x00007FF7230E0000-0x00007FF723434000-memory.dmp

Filesize
3.3MB

Download
memory/4976-2005-0x00007FF65A1F0000-0x00007FF65A544000-memory.dmp

Filesize
3.3MB

Download
memory/4976-164-0x00007FF65A1F0000-0x00007FF65A544000-memory.dmp

Filesize
3.3MB

Download
memory/4976-75-0x00007FF65A1F0000-0x00007FF65A544000-memory.dmp

Filesize
3.3MB

Download
memory/5000-168-0x00007FF7A6C20000-0x00007FF7A6F74000-memory.dmp

Filesize
3.3MB

Download
memory/5000-2211-0x00007FF7A6C20000-0x00007FF7A6F74000-memory.dmp

Filesize
3.3MB

Download