cobaltstrike | 4266f624dd3c1da4aaca4f59b07244c46d2151abe6f56945664231da7a0ec4ae

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
29-01-2025 10:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

361c2c9e643e5f370b28746e2e4b0889
SHA1

112742728bb054061d0a8d487158f3cfb9155dcf
SHA256

4266f624dd3c1da4aaca4f59b07244c46d2151abe6f56945664231da7a0ec4ae
SHA512

095e069f98577b5345655ce58c6cf3a877aa442384d69490a4c06f62f182b238ca10ea43bf9fa05851e4cde38a2d426d03f5ac350559f2a58097e6142902d596
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUZ:T+q56utgpPF8u/7Z

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0033000000023b73-5.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7e-10.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7f-11.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b80-22.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b81-28.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b82-34.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b83-40.dat	cobalt_reflective_dll
behavioral2/files/0x000c000000023b78-47.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b84-53.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b85-57.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b86-65.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b88-72.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b89-80.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8a-88.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8b-96.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8c-102.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8d-110.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b90-122.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8f-117.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b91-129.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b92-137.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b93-143.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b94-151.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b95-156.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b96-163.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b97-172.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b98-177.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b99-182.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9b-195.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9a-192.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9c-201.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b9d-205.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2864-0-0x00007FF6133A0000-0x00007FF6136F4000-memory.dmp	xmrig
behavioral2/files/0x0033000000023b73-5.dat	xmrig
behavioral2/memory/1316-8-0x00007FF6D4A90000-0x00007FF6D4DE4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b7e-10.dat	xmrig
behavioral2/memory/4308-14-0x00007FF70CD70000-0x00007FF70D0C4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b7f-11.dat	xmrig
behavioral2/memory/428-18-0x00007FF6390B0000-0x00007FF639404000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b80-22.dat	xmrig
behavioral2/memory/3496-24-0x00007FF7958D0000-0x00007FF795C24000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b81-28.dat	xmrig
behavioral2/memory/5072-30-0x00007FF68B9A0000-0x00007FF68BCF4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b82-34.dat	xmrig
behavioral2/memory/1168-35-0x00007FF718E30000-0x00007FF719184000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b83-40.dat	xmrig
behavioral2/memory/3320-42-0x00007FF684E90000-0x00007FF6851E4000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b78-47.dat	xmrig
behavioral2/memory/4536-48-0x00007FF75CDB0000-0x00007FF75D104000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b84-53.dat	xmrig
behavioral2/files/0x000a000000023b85-57.dat	xmrig
behavioral2/memory/2864-60-0x00007FF6133A0000-0x00007FF6136F4000-memory.dmp	xmrig
behavioral2/memory/5056-62-0x00007FF6E8EB0000-0x00007FF6E9204000-memory.dmp	xmrig
behavioral2/memory/4456-54-0x00007FF7EF460000-0x00007FF7EF7B4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b86-65.dat	xmrig
behavioral2/memory/1980-68-0x00007FF6D2B90000-0x00007FF6D2EE4000-memory.dmp	xmrig
behavioral2/memory/1316-67-0x00007FF6D4A90000-0x00007FF6D4DE4000-memory.dmp	xmrig
behavioral2/memory/4308-73-0x00007FF70CD70000-0x00007FF70D0C4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b88-72.dat	xmrig
behavioral2/memory/512-74-0x00007FF739B30000-0x00007FF739E84000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b89-80.dat	xmrig
behavioral2/memory/3496-85-0x00007FF7958D0000-0x00007FF795C24000-memory.dmp	xmrig
behavioral2/memory/32-84-0x00007FF711240000-0x00007FF711594000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b8a-88.dat	xmrig
behavioral2/memory/2060-90-0x00007FF7C1270000-0x00007FF7C15C4000-memory.dmp	xmrig
behavioral2/memory/5072-89-0x00007FF68B9A0000-0x00007FF68BCF4000-memory.dmp	xmrig
behavioral2/memory/428-81-0x00007FF6390B0000-0x00007FF639404000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b8b-96.dat	xmrig
behavioral2/memory/1168-98-0x00007FF718E30000-0x00007FF719184000-memory.dmp	xmrig
behavioral2/memory/1156-99-0x00007FF660CF0000-0x00007FF661044000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b8c-102.dat	xmrig
behavioral2/memory/3320-105-0x00007FF684E90000-0x00007FF6851E4000-memory.dmp	xmrig
behavioral2/memory/3012-106-0x00007FF649130000-0x00007FF649484000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b8d-110.dat	xmrig
behavioral2/memory/2840-113-0x00007FF6E8230000-0x00007FF6E8584000-memory.dmp	xmrig
behavioral2/memory/4536-112-0x00007FF75CDB0000-0x00007FF75D104000-memory.dmp	xmrig
behavioral2/memory/4456-118-0x00007FF7EF460000-0x00007FF7EF7B4000-memory.dmp	xmrig
behavioral2/memory/3984-119-0x00007FF754BE0000-0x00007FF754F34000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b90-122.dat	xmrig
behavioral2/memory/1592-126-0x00007FF71DA80000-0x00007FF71DDD4000-memory.dmp	xmrig
behavioral2/memory/5056-124-0x00007FF6E8EB0000-0x00007FF6E9204000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b8f-117.dat	xmrig
behavioral2/files/0x000a000000023b91-129.dat	xmrig
behavioral2/memory/1980-133-0x00007FF6D2B90000-0x00007FF6D2EE4000-memory.dmp	xmrig
behavioral2/memory/512-138-0x00007FF739B30000-0x00007FF739E84000-memory.dmp	xmrig
behavioral2/memory/960-139-0x00007FF719320000-0x00007FF719674000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b92-137.dat	xmrig
behavioral2/memory/4908-134-0x00007FF79FF00000-0x00007FF7A0254000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b93-143.dat	xmrig
behavioral2/memory/2312-153-0x00007FF7F8A30000-0x00007FF7F8D84000-memory.dmp	xmrig
behavioral2/memory/32-152-0x00007FF711240000-0x00007FF711594000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b94-151.dat	xmrig
behavioral2/memory/2952-145-0x00007FF6FA520000-0x00007FF6FA874000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b95-156.dat	xmrig
behavioral2/memory/736-161-0x00007FF671500000-0x00007FF671854000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b96-163.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1316	wOVjwan.exe
4308	JeCDvwd.exe
428	JgbHwls.exe
3496	RgSeUba.exe
5072	wtikZHt.exe
1168	ulknvIp.exe
3320	YSYzSbw.exe
4536	gUcHhqh.exe
4456	GTFNOQW.exe
5056	bXdHeok.exe
1980	hQooHOQ.exe
512	ZEbvfLD.exe
32	RfVUwUg.exe
2060	ujcLOvJ.exe
1156	UDEeGOh.exe
3012	IYkkBFN.exe
2840	tBJOFOx.exe
3984	OpAcLvT.exe
1592	pWQmNcZ.exe
4908	MSSPczD.exe
960	fjewqnR.exe
2952	FfePrem.exe
2312	UvKVXzs.exe
736	hlSITzl.exe
3532	nifZRiS.exe
748	ynctHoR.exe
2364	XWCLXOh.exe
1004	PBVkuUw.exe
996	sXBXQjk.exe
1480	rvPoVrD.exe
2496	Jifqudy.exe
1880	ENSKLTk.exe
4484	booCyQI.exe
3944	eNtPbBC.exe
1944	fdxBXBj.exe
2204	jqPdWWL.exe
3560	GRZSmMZ.exe
244	JGxohuv.exe
2412	NdUHTCn.exe
1988	KxSfxSE.exe
1644	ZaUUToV.exe
4976	AsapjKG.exe
2160	rWUlwBn.exe
2192	cscexeJ.exe
5020	OiDRJYy.exe
4972	ZyeyWgI.exe
5060	nVskQVz.exe
4580	oKwjosw.exe
2216	AJVRiHQ.exe
1700	KfNZtpc.exe
4748	PMefbyR.exe
4612	nKdJtbv.exe
3316	cPHWAng.exe
2544	IIciQQG.exe
3824	RtwifIJ.exe
848	KiuKtwI.exe
4948	sLiizdq.exe
3000	UbqFEUN.exe
2172	XgCuNsZ.exe
1540	YGZJFOG.exe
3452	UCWivdZ.exe
1080	WeLbBOh.exe
4056	HMUyrAn.exe
3392	yAgAUdq.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2864-0-0x00007FF6133A0000-0x00007FF6136F4000-memory.dmp	upx
behavioral2/files/0x0033000000023b73-5.dat	upx
behavioral2/memory/1316-8-0x00007FF6D4A90000-0x00007FF6D4DE4000-memory.dmp	upx
behavioral2/files/0x000a000000023b7e-10.dat	upx
behavioral2/memory/4308-14-0x00007FF70CD70000-0x00007FF70D0C4000-memory.dmp	upx
behavioral2/files/0x000a000000023b7f-11.dat	upx
behavioral2/memory/428-18-0x00007FF6390B0000-0x00007FF639404000-memory.dmp	upx
behavioral2/files/0x000a000000023b80-22.dat	upx
behavioral2/memory/3496-24-0x00007FF7958D0000-0x00007FF795C24000-memory.dmp	upx
behavioral2/files/0x000a000000023b81-28.dat	upx
behavioral2/memory/5072-30-0x00007FF68B9A0000-0x00007FF68BCF4000-memory.dmp	upx
behavioral2/files/0x000a000000023b82-34.dat	upx
behavioral2/memory/1168-35-0x00007FF718E30000-0x00007FF719184000-memory.dmp	upx
behavioral2/files/0x000a000000023b83-40.dat	upx
behavioral2/memory/3320-42-0x00007FF684E90000-0x00007FF6851E4000-memory.dmp	upx
behavioral2/files/0x000c000000023b78-47.dat	upx
behavioral2/memory/4536-48-0x00007FF75CDB0000-0x00007FF75D104000-memory.dmp	upx
behavioral2/files/0x000a000000023b84-53.dat	upx
behavioral2/files/0x000a000000023b85-57.dat	upx
behavioral2/memory/2864-60-0x00007FF6133A0000-0x00007FF6136F4000-memory.dmp	upx
behavioral2/memory/5056-62-0x00007FF6E8EB0000-0x00007FF6E9204000-memory.dmp	upx
behavioral2/memory/4456-54-0x00007FF7EF460000-0x00007FF7EF7B4000-memory.dmp	upx
behavioral2/files/0x000a000000023b86-65.dat	upx
behavioral2/memory/1980-68-0x00007FF6D2B90000-0x00007FF6D2EE4000-memory.dmp	upx
behavioral2/memory/1316-67-0x00007FF6D4A90000-0x00007FF6D4DE4000-memory.dmp	upx
behavioral2/memory/4308-73-0x00007FF70CD70000-0x00007FF70D0C4000-memory.dmp	upx
behavioral2/files/0x000a000000023b88-72.dat	upx
behavioral2/memory/512-74-0x00007FF739B30000-0x00007FF739E84000-memory.dmp	upx
behavioral2/files/0x000a000000023b89-80.dat	upx
behavioral2/memory/3496-85-0x00007FF7958D0000-0x00007FF795C24000-memory.dmp	upx
behavioral2/memory/32-84-0x00007FF711240000-0x00007FF711594000-memory.dmp	upx
behavioral2/files/0x000a000000023b8a-88.dat	upx
behavioral2/memory/2060-90-0x00007FF7C1270000-0x00007FF7C15C4000-memory.dmp	upx
behavioral2/memory/5072-89-0x00007FF68B9A0000-0x00007FF68BCF4000-memory.dmp	upx
behavioral2/memory/428-81-0x00007FF6390B0000-0x00007FF639404000-memory.dmp	upx
behavioral2/files/0x000a000000023b8b-96.dat	upx
behavioral2/memory/1168-98-0x00007FF718E30000-0x00007FF719184000-memory.dmp	upx
behavioral2/memory/1156-99-0x00007FF660CF0000-0x00007FF661044000-memory.dmp	upx
behavioral2/files/0x000a000000023b8c-102.dat	upx
behavioral2/memory/3320-105-0x00007FF684E90000-0x00007FF6851E4000-memory.dmp	upx
behavioral2/memory/3012-106-0x00007FF649130000-0x00007FF649484000-memory.dmp	upx
behavioral2/files/0x000a000000023b8d-110.dat	upx
behavioral2/memory/2840-113-0x00007FF6E8230000-0x00007FF6E8584000-memory.dmp	upx
behavioral2/memory/4536-112-0x00007FF75CDB0000-0x00007FF75D104000-memory.dmp	upx
behavioral2/memory/4456-118-0x00007FF7EF460000-0x00007FF7EF7B4000-memory.dmp	upx
behavioral2/memory/3984-119-0x00007FF754BE0000-0x00007FF754F34000-memory.dmp	upx
behavioral2/files/0x000a000000023b90-122.dat	upx
behavioral2/memory/1592-126-0x00007FF71DA80000-0x00007FF71DDD4000-memory.dmp	upx
behavioral2/memory/5056-124-0x00007FF6E8EB0000-0x00007FF6E9204000-memory.dmp	upx
behavioral2/files/0x000a000000023b8f-117.dat	upx
behavioral2/files/0x000a000000023b91-129.dat	upx
behavioral2/memory/1980-133-0x00007FF6D2B90000-0x00007FF6D2EE4000-memory.dmp	upx
behavioral2/memory/512-138-0x00007FF739B30000-0x00007FF739E84000-memory.dmp	upx
behavioral2/memory/960-139-0x00007FF719320000-0x00007FF719674000-memory.dmp	upx
behavioral2/files/0x000a000000023b92-137.dat	upx
behavioral2/memory/4908-134-0x00007FF79FF00000-0x00007FF7A0254000-memory.dmp	upx
behavioral2/files/0x000a000000023b93-143.dat	upx
behavioral2/memory/2312-153-0x00007FF7F8A30000-0x00007FF7F8D84000-memory.dmp	upx
behavioral2/memory/32-152-0x00007FF711240000-0x00007FF711594000-memory.dmp	upx
behavioral2/files/0x000a000000023b94-151.dat	upx
behavioral2/memory/2952-145-0x00007FF6FA520000-0x00007FF6FA874000-memory.dmp	upx
behavioral2/files/0x000a000000023b95-156.dat	upx
behavioral2/memory/736-161-0x00007FF671500000-0x00007FF671854000-memory.dmp	upx
behavioral2/files/0x000a000000023b96-163.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\TKoDoCO.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HkHfwck.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uChvNKX.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\quzCyGT.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QBEREpB.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\arxJDIf.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Rxhwkls.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AJoYaae.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pEezjfF.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nVskQVz.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oOLlVFX.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QCmXCVP.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nGUopGT.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NIGnxBf.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SXIFRFC.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iKeQESS.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PypURpC.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UooMSGY.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YCOrhyw.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qyLTvcv.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zpGCrVd.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bqUDpeB.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GxEgVtv.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UDEeGOh.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pXbYTrL.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KaiAORW.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cgqctnB.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gEqRpPj.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AHLCRTe.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SVpqMAk.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iBteeHo.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iXrusnN.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jMiFkBy.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fsxWgwT.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xXpflUy.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gLAvNGZ.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OtuFZeX.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZClgpei.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AlJVUzE.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ynctHoR.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rWUlwBn.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YOgBrPZ.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\THgEZeC.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VDApFes.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AyKYTDI.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wTLeCqr.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jLlHJHu.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\huPQlDE.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CkWKYgv.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AJVRiHQ.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MJQfZpw.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wqNNjDD.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iEpkUyK.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HBypVzR.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iKIFyPS.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jakOhvd.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\frZGNpB.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FMKYMjj.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zPHQdUt.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tGjCYAI.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iegXKLH.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oVFAVZs.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uHtMTGY.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SvNUZBR.exe	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2864 wrote to memory of 1316	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	82
PID 2864 wrote to memory of 1316	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	82
PID 2864 wrote to memory of 4308	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 2864 wrote to memory of 4308	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 2864 wrote to memory of 428	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 2864 wrote to memory of 428	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 2864 wrote to memory of 3496	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 2864 wrote to memory of 3496	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 2864 wrote to memory of 5072	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 2864 wrote to memory of 5072	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 2864 wrote to memory of 1168	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 2864 wrote to memory of 1168	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 2864 wrote to memory of 3320	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 2864 wrote to memory of 3320	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 2864 wrote to memory of 4536	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 2864 wrote to memory of 4536	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 2864 wrote to memory of 4456	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 2864 wrote to memory of 4456	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 2864 wrote to memory of 5056	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 2864 wrote to memory of 5056	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 2864 wrote to memory of 1980	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 2864 wrote to memory of 1980	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 2864 wrote to memory of 512	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 2864 wrote to memory of 512	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 2864 wrote to memory of 32	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 2864 wrote to memory of 32	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 2864 wrote to memory of 2060	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 2864 wrote to memory of 2060	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 2864 wrote to memory of 1156	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 2864 wrote to memory of 1156	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 2864 wrote to memory of 3012	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 2864 wrote to memory of 3012	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 2864 wrote to memory of 2840	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 2864 wrote to memory of 2840	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 2864 wrote to memory of 3984	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 2864 wrote to memory of 3984	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 2864 wrote to memory of 1592	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 2864 wrote to memory of 1592	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 2864 wrote to memory of 4908	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 2864 wrote to memory of 4908	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 2864 wrote to memory of 960	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 2864 wrote to memory of 960	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 2864 wrote to memory of 2952	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 2864 wrote to memory of 2952	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 2864 wrote to memory of 2312	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 2864 wrote to memory of 2312	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 2864 wrote to memory of 736	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 2864 wrote to memory of 736	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 2864 wrote to memory of 3532	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 2864 wrote to memory of 3532	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 2864 wrote to memory of 748	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 2864 wrote to memory of 748	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 2864 wrote to memory of 2364	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 2864 wrote to memory of 2364	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 2864 wrote to memory of 1004	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 2864 wrote to memory of 1004	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 2864 wrote to memory of 996	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 2864 wrote to memory of 996	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 2864 wrote to memory of 1480	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 2864 wrote to memory of 1480	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 2864 wrote to memory of 2496	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 2864 wrote to memory of 2496	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 2864 wrote to memory of 1880	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 2864 wrote to memory of 1880	2864	2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe	114

C:\Users\Admin\AppData\Local\Temp\2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-29_361c2c9e643e5f370b28746e2e4b0889_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2864
- C:\Windows\System\wOVjwan.exe
  C:\Windows\System\wOVjwan.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\JeCDvwd.exe
  C:\Windows\System\JeCDvwd.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System\JgbHwls.exe
  C:\Windows\System\JgbHwls.exe
  2⤵
  - Executes dropped EXE
  PID:428
- C:\Windows\System\RgSeUba.exe
  C:\Windows\System\RgSeUba.exe
  2⤵
  - Executes dropped EXE
  PID:3496
- C:\Windows\System\wtikZHt.exe
  C:\Windows\System\wtikZHt.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\ulknvIp.exe
  C:\Windows\System\ulknvIp.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\YSYzSbw.exe
  C:\Windows\System\YSYzSbw.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\gUcHhqh.exe
  C:\Windows\System\gUcHhqh.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\GTFNOQW.exe
  C:\Windows\System\GTFNOQW.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\bXdHeok.exe
  C:\Windows\System\bXdHeok.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\hQooHOQ.exe
  C:\Windows\System\hQooHOQ.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\ZEbvfLD.exe
  C:\Windows\System\ZEbvfLD.exe
  2⤵
  - Executes dropped EXE
  PID:512
- C:\Windows\System\RfVUwUg.exe
  C:\Windows\System\RfVUwUg.exe
  2⤵
  - Executes dropped EXE
  PID:32
- C:\Windows\System\ujcLOvJ.exe
  C:\Windows\System\ujcLOvJ.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\UDEeGOh.exe
  C:\Windows\System\UDEeGOh.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\IYkkBFN.exe
  C:\Windows\System\IYkkBFN.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\tBJOFOx.exe
  C:\Windows\System\tBJOFOx.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\OpAcLvT.exe
  C:\Windows\System\OpAcLvT.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\pWQmNcZ.exe
  C:\Windows\System\pWQmNcZ.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\MSSPczD.exe
  C:\Windows\System\MSSPczD.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\fjewqnR.exe
  C:\Windows\System\fjewqnR.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\FfePrem.exe
  C:\Windows\System\FfePrem.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\UvKVXzs.exe
  C:\Windows\System\UvKVXzs.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\hlSITzl.exe
  C:\Windows\System\hlSITzl.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\nifZRiS.exe
  C:\Windows\System\nifZRiS.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\ynctHoR.exe
  C:\Windows\System\ynctHoR.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\XWCLXOh.exe
  C:\Windows\System\XWCLXOh.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\PBVkuUw.exe
  C:\Windows\System\PBVkuUw.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\sXBXQjk.exe
  C:\Windows\System\sXBXQjk.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\rvPoVrD.exe
  C:\Windows\System\rvPoVrD.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\Jifqudy.exe
  C:\Windows\System\Jifqudy.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\ENSKLTk.exe
  C:\Windows\System\ENSKLTk.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\booCyQI.exe
  C:\Windows\System\booCyQI.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\eNtPbBC.exe
  C:\Windows\System\eNtPbBC.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\fdxBXBj.exe
  C:\Windows\System\fdxBXBj.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\jqPdWWL.exe
  C:\Windows\System\jqPdWWL.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\GRZSmMZ.exe
  C:\Windows\System\GRZSmMZ.exe
  2⤵
  - Executes dropped EXE
  PID:3560
- C:\Windows\System\JGxohuv.exe
  C:\Windows\System\JGxohuv.exe
  2⤵
  - Executes dropped EXE
  PID:244
- C:\Windows\System\NdUHTCn.exe
  C:\Windows\System\NdUHTCn.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\KxSfxSE.exe
  C:\Windows\System\KxSfxSE.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\ZaUUToV.exe
  C:\Windows\System\ZaUUToV.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\AsapjKG.exe
  C:\Windows\System\AsapjKG.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\rWUlwBn.exe
  C:\Windows\System\rWUlwBn.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\cscexeJ.exe
  C:\Windows\System\cscexeJ.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\OiDRJYy.exe
  C:\Windows\System\OiDRJYy.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\ZyeyWgI.exe
  C:\Windows\System\ZyeyWgI.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\nVskQVz.exe
  C:\Windows\System\nVskQVz.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\oKwjosw.exe
  C:\Windows\System\oKwjosw.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\AJVRiHQ.exe
  C:\Windows\System\AJVRiHQ.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\KfNZtpc.exe
  C:\Windows\System\KfNZtpc.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\PMefbyR.exe
  C:\Windows\System\PMefbyR.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\nKdJtbv.exe
  C:\Windows\System\nKdJtbv.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\cPHWAng.exe
  C:\Windows\System\cPHWAng.exe
  2⤵
  - Executes dropped EXE
  PID:3316
- C:\Windows\System\IIciQQG.exe
  C:\Windows\System\IIciQQG.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\RtwifIJ.exe
  C:\Windows\System\RtwifIJ.exe
  2⤵
  - Executes dropped EXE
  PID:3824
- C:\Windows\System\KiuKtwI.exe
  C:\Windows\System\KiuKtwI.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\sLiizdq.exe
  C:\Windows\System\sLiizdq.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\UbqFEUN.exe
  C:\Windows\System\UbqFEUN.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\XgCuNsZ.exe
  C:\Windows\System\XgCuNsZ.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\YGZJFOG.exe
  C:\Windows\System\YGZJFOG.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\UCWivdZ.exe
  C:\Windows\System\UCWivdZ.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\WeLbBOh.exe
  C:\Windows\System\WeLbBOh.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\HMUyrAn.exe
  C:\Windows\System\HMUyrAn.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\yAgAUdq.exe
  C:\Windows\System\yAgAUdq.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System\eKpkGii.exe
  C:\Windows\System\eKpkGii.exe
  2⤵
  PID:2844
- C:\Windows\System\jYKvnKD.exe
  C:\Windows\System\jYKvnKD.exe
  2⤵
  PID:4376
- C:\Windows\System\oXJkAdu.exe
  C:\Windows\System\oXJkAdu.exe
  2⤵
  PID:3020
- C:\Windows\System\WfPBuEF.exe
  C:\Windows\System\WfPBuEF.exe
  2⤵
  PID:100
- C:\Windows\System\arxJDIf.exe
  C:\Windows\System\arxJDIf.exe
  2⤵
  PID:2288
- C:\Windows\System\JKpatDi.exe
  C:\Windows\System\JKpatDi.exe
  2⤵
  PID:3412
- C:\Windows\System\hxHjmou.exe
  C:\Windows\System\hxHjmou.exe
  2⤵
  PID:4012
- C:\Windows\System\VoruZsd.exe
  C:\Windows\System\VoruZsd.exe
  2⤵
  PID:3660
- C:\Windows\System\sOArQgp.exe
  C:\Windows\System\sOArQgp.exe
  2⤵
  PID:4088
- C:\Windows\System\oVFAVZs.exe
  C:\Windows\System\oVFAVZs.exe
  2⤵
  PID:3108
- C:\Windows\System\QuHldTI.exe
  C:\Windows\System\QuHldTI.exe
  2⤵
  PID:3676
- C:\Windows\System\iyrZxvL.exe
  C:\Windows\System\iyrZxvL.exe
  2⤵
  PID:4980
- C:\Windows\System\qyLTvcv.exe
  C:\Windows\System\qyLTvcv.exe
  2⤵
  PID:4952
- C:\Windows\System\IxPjmqS.exe
  C:\Windows\System\IxPjmqS.exe
  2⤵
  PID:312
- C:\Windows\System\zrZWbml.exe
  C:\Windows\System\zrZWbml.exe
  2⤵
  PID:1372
- C:\Windows\System\XUCUiZU.exe
  C:\Windows\System\XUCUiZU.exe
  2⤵
  PID:4672
- C:\Windows\System\wCcYnKy.exe
  C:\Windows\System\wCcYnKy.exe
  2⤵
  PID:1912
- C:\Windows\System\bXBuyKO.exe
  C:\Windows\System\bXBuyKO.exe
  2⤵
  PID:832
- C:\Windows\System\OkXHZoG.exe
  C:\Windows\System\OkXHZoG.exe
  2⤵
  PID:4192
- C:\Windows\System\saICwLq.exe
  C:\Windows\System\saICwLq.exe
  2⤵
  PID:3860
- C:\Windows\System\VUmWpYr.exe
  C:\Windows\System\VUmWpYr.exe
  2⤵
  PID:2264
- C:\Windows\System\ZoDYFqi.exe
  C:\Windows\System\ZoDYFqi.exe
  2⤵
  PID:3528
- C:\Windows\System\vUqYnhV.exe
  C:\Windows\System\vUqYnhV.exe
  2⤵
  PID:1904
- C:\Windows\System\uqzJJNW.exe
  C:\Windows\System\uqzJJNW.exe
  2⤵
  PID:1728
- C:\Windows\System\wKqyMIR.exe
  C:\Windows\System\wKqyMIR.exe
  2⤵
  PID:2996
- C:\Windows\System\cbbBFvL.exe
  C:\Windows\System\cbbBFvL.exe
  2⤵
  PID:1172
- C:\Windows\System\TKoDoCO.exe
  C:\Windows\System\TKoDoCO.exe
  2⤵
  PID:3504
- C:\Windows\System\iEpkUyK.exe
  C:\Windows\System\iEpkUyK.exe
  2⤵
  PID:4324
- C:\Windows\System\FPSwmhP.exe
  C:\Windows\System\FPSwmhP.exe
  2⤵
  PID:2380
- C:\Windows\System\QfrWmog.exe
  C:\Windows\System\QfrWmog.exe
  2⤵
  PID:4128
- C:\Windows\System\miYXHqF.exe
  C:\Windows\System\miYXHqF.exe
  2⤵
  PID:3972
- C:\Windows\System\NGNmBLf.exe
  C:\Windows\System\NGNmBLf.exe
  2⤵
  PID:5012
- C:\Windows\System\qvAHeDZ.exe
  C:\Windows\System\qvAHeDZ.exe
  2⤵
  PID:2168
- C:\Windows\System\huPQlDE.exe
  C:\Windows\System\huPQlDE.exe
  2⤵
  PID:624
- C:\Windows\System\pwqVhuw.exe
  C:\Windows\System\pwqVhuw.exe
  2⤵
  PID:2712
- C:\Windows\System\JCNVGGh.exe
  C:\Windows\System\JCNVGGh.exe
  2⤵
  PID:1652
- C:\Windows\System\VktDVrE.exe
  C:\Windows\System\VktDVrE.exe
  2⤵
  PID:436
- C:\Windows\System\EdvghpH.exe
  C:\Windows\System\EdvghpH.exe
  2⤵
  PID:4500
- C:\Windows\System\hYHzKQF.exe
  C:\Windows\System\hYHzKQF.exe
  2⤵
  PID:2836
- C:\Windows\System\OwcDcjL.exe
  C:\Windows\System\OwcDcjL.exe
  2⤵
  PID:1524
- C:\Windows\System\tqeUAxY.exe
  C:\Windows\System\tqeUAxY.exe
  2⤵
  PID:5016
- C:\Windows\System\wnSayhn.exe
  C:\Windows\System\wnSayhn.exe
  2⤵
  PID:2596
- C:\Windows\System\mxnSehv.exe
  C:\Windows\System\mxnSehv.exe
  2⤵
  PID:2200
- C:\Windows\System\ALLzPLR.exe
  C:\Windows\System\ALLzPLR.exe
  2⤵
  PID:2980
- C:\Windows\System\RRMaDhY.exe
  C:\Windows\System\RRMaDhY.exe
  2⤵
  PID:4132
- C:\Windows\System\ixINCxx.exe
  C:\Windows\System\ixINCxx.exe
  2⤵
  PID:1556
- C:\Windows\System\fXyVjge.exe
  C:\Windows\System\fXyVjge.exe
  2⤵
  PID:1548
- C:\Windows\System\ioSneDg.exe
  C:\Windows\System\ioSneDg.exe
  2⤵
  PID:4968
- C:\Windows\System\DAswayT.exe
  C:\Windows\System\DAswayT.exe
  2⤵
  PID:4416
- C:\Windows\System\BQINqMR.exe
  C:\Windows\System\BQINqMR.exe
  2⤵
  PID:1724
- C:\Windows\System\KBLWNDM.exe
  C:\Windows\System\KBLWNDM.exe
  2⤵
  PID:4348
- C:\Windows\System\ccoNjeM.exe
  C:\Windows\System\ccoNjeM.exe
  2⤵
  PID:4992
- C:\Windows\System\RCLcoOT.exe
  C:\Windows\System\RCLcoOT.exe
  2⤵
  PID:5140
- C:\Windows\System\dkJsfLw.exe
  C:\Windows\System\dkJsfLw.exe
  2⤵
  PID:5168
- C:\Windows\System\fazzngv.exe
  C:\Windows\System\fazzngv.exe
  2⤵
  PID:5208
- C:\Windows\System\VmKwiOH.exe
  C:\Windows\System\VmKwiOH.exe
  2⤵
  PID:5236
- C:\Windows\System\DQAxyFM.exe
  C:\Windows\System\DQAxyFM.exe
  2⤵
  PID:5272
- C:\Windows\System\thpRDqA.exe
  C:\Windows\System\thpRDqA.exe
  2⤵
  PID:5304
- C:\Windows\System\LIMyCSL.exe
  C:\Windows\System\LIMyCSL.exe
  2⤵
  PID:5368
- C:\Windows\System\GPpobpd.exe
  C:\Windows\System\GPpobpd.exe
  2⤵
  PID:5404
- C:\Windows\System\yNhdAvv.exe
  C:\Windows\System\yNhdAvv.exe
  2⤵
  PID:5432
- C:\Windows\System\JTdMupO.exe
  C:\Windows\System\JTdMupO.exe
  2⤵
  PID:5456
- C:\Windows\System\cCmItog.exe
  C:\Windows\System\cCmItog.exe
  2⤵
  PID:5484
- C:\Windows\System\DGrcGgi.exe
  C:\Windows\System\DGrcGgi.exe
  2⤵
  PID:5512
- C:\Windows\System\SjqSgPB.exe
  C:\Windows\System\SjqSgPB.exe
  2⤵
  PID:5532
- C:\Windows\System\fsxWgwT.exe
  C:\Windows\System\fsxWgwT.exe
  2⤵
  PID:5568
- C:\Windows\System\XhgmYvG.exe
  C:\Windows\System\XhgmYvG.exe
  2⤵
  PID:5596
- C:\Windows\System\IhOuwEt.exe
  C:\Windows\System\IhOuwEt.exe
  2⤵
  PID:5628
- C:\Windows\System\ErYZGVA.exe
  C:\Windows\System\ErYZGVA.exe
  2⤵
  PID:5652
- C:\Windows\System\NkELPdQ.exe
  C:\Windows\System\NkELPdQ.exe
  2⤵
  PID:5680
- C:\Windows\System\btcFsvc.exe
  C:\Windows\System\btcFsvc.exe
  2⤵
  PID:5708
- C:\Windows\System\qCHEGBP.exe
  C:\Windows\System\qCHEGBP.exe
  2⤵
  PID:5740
- C:\Windows\System\MGsTBHF.exe
  C:\Windows\System\MGsTBHF.exe
  2⤵
  PID:5768
- C:\Windows\System\EGpihrS.exe
  C:\Windows\System\EGpihrS.exe
  2⤵
  PID:5796
- C:\Windows\System\aSjWHqB.exe
  C:\Windows\System\aSjWHqB.exe
  2⤵
  PID:5824
- C:\Windows\System\UhZhCiD.exe
  C:\Windows\System\UhZhCiD.exe
  2⤵
  PID:5860
- C:\Windows\System\ScOGXRA.exe
  C:\Windows\System\ScOGXRA.exe
  2⤵
  PID:5892
- C:\Windows\System\opRkCMb.exe
  C:\Windows\System\opRkCMb.exe
  2⤵
  PID:5916
- C:\Windows\System\kIoHbMq.exe
  C:\Windows\System\kIoHbMq.exe
  2⤵
  PID:5956
- C:\Windows\System\ZQMTzCp.exe
  C:\Windows\System\ZQMTzCp.exe
  2⤵
  PID:5988
- C:\Windows\System\ZzBPNUb.exe
  C:\Windows\System\ZzBPNUb.exe
  2⤵
  PID:6036
- C:\Windows\System\YHWHNtX.exe
  C:\Windows\System\YHWHNtX.exe
  2⤵
  PID:6100
- C:\Windows\System\DwWMJsc.exe
  C:\Windows\System\DwWMJsc.exe
  2⤵
  PID:5132
- C:\Windows\System\avluMuK.exe
  C:\Windows\System\avluMuK.exe
  2⤵
  PID:5384
- C:\Windows\System\NIGnxBf.exe
  C:\Windows\System\NIGnxBf.exe
  2⤵
  PID:5464
- C:\Windows\System\XJNKqpN.exe
  C:\Windows\System\XJNKqpN.exe
  2⤵
  PID:5560
- C:\Windows\System\EAEozKO.exe
  C:\Windows\System\EAEozKO.exe
  2⤵
  PID:5672
- C:\Windows\System\DRxphgE.exe
  C:\Windows\System\DRxphgE.exe
  2⤵
  PID:5000
- C:\Windows\System\tngMmMH.exe
  C:\Windows\System\tngMmMH.exe
  2⤵
  PID:5788
- C:\Windows\System\ZeeNRnf.exe
  C:\Windows\System\ZeeNRnf.exe
  2⤵
  PID:5844
- C:\Windows\System\ysiHuXp.exe
  C:\Windows\System\ysiHuXp.exe
  2⤵
  PID:5936
- C:\Windows\System\PBICeGB.exe
  C:\Windows\System\PBICeGB.exe
  2⤵
  PID:6024
- C:\Windows\System\dZqZZwZ.exe
  C:\Windows\System\dZqZZwZ.exe
  2⤵
  PID:5128
- C:\Windows\System\hMlyrAQ.exe
  C:\Windows\System\hMlyrAQ.exe
  2⤵
  PID:5492
- C:\Windows\System\XySympw.exe
  C:\Windows\System\XySympw.exe
  2⤵
  PID:5692
- C:\Windows\System\mkcOgYk.exe
  C:\Windows\System\mkcOgYk.exe
  2⤵
  PID:5808
- C:\Windows\System\mveGRoG.exe
  C:\Windows\System\mveGRoG.exe
  2⤵
  PID:5976
- C:\Windows\System\PBMKpmv.exe
  C:\Windows\System\PBMKpmv.exe
  2⤵
  PID:5664
- C:\Windows\System\BJcEccv.exe
  C:\Windows\System\BJcEccv.exe
  2⤵
  PID:5928
- C:\Windows\System\oUBmJii.exe
  C:\Windows\System\oUBmJii.exe
  2⤵
  PID:5868
- C:\Windows\System\eFYHITG.exe
  C:\Windows\System\eFYHITG.exe
  2⤵
  PID:5340
- C:\Windows\System\pxDavSi.exe
  C:\Windows\System\pxDavSi.exe
  2⤵
  PID:6176
- C:\Windows\System\xwDfYZD.exe
  C:\Windows\System\xwDfYZD.exe
  2⤵
  PID:6196
- C:\Windows\System\QWFnsSg.exe
  C:\Windows\System\QWFnsSg.exe
  2⤵
  PID:6236
- C:\Windows\System\YCOrhyw.exe
  C:\Windows\System\YCOrhyw.exe
  2⤵
  PID:6264
- C:\Windows\System\cOWrCZi.exe
  C:\Windows\System\cOWrCZi.exe
  2⤵
  PID:6288
- C:\Windows\System\DraqJmu.exe
  C:\Windows\System\DraqJmu.exe
  2⤵
  PID:6320
- C:\Windows\System\YOgBrPZ.exe
  C:\Windows\System\YOgBrPZ.exe
  2⤵
  PID:6340
- C:\Windows\System\PGRPOKM.exe
  C:\Windows\System\PGRPOKM.exe
  2⤵
  PID:6376
- C:\Windows\System\zlZxOsf.exe
  C:\Windows\System\zlZxOsf.exe
  2⤵
  PID:6396
- C:\Windows\System\gOSfEGV.exe
  C:\Windows\System\gOSfEGV.exe
  2⤵
  PID:6424
- C:\Windows\System\QokyAeT.exe
  C:\Windows\System\QokyAeT.exe
  2⤵
  PID:6452
- C:\Windows\System\wEClUMK.exe
  C:\Windows\System\wEClUMK.exe
  2⤵
  PID:6480
- C:\Windows\System\fMDMYIF.exe
  C:\Windows\System\fMDMYIF.exe
  2⤵
  PID:6508
- C:\Windows\System\hhUpUci.exe
  C:\Windows\System\hhUpUci.exe
  2⤵
  PID:6536
- C:\Windows\System\yUiJJkO.exe
  C:\Windows\System\yUiJJkO.exe
  2⤵
  PID:6576
- C:\Windows\System\VDApFes.exe
  C:\Windows\System\VDApFes.exe
  2⤵
  PID:6596
- C:\Windows\System\rgRbJpF.exe
  C:\Windows\System\rgRbJpF.exe
  2⤵
  PID:6624
- C:\Windows\System\GDAjeOU.exe
  C:\Windows\System\GDAjeOU.exe
  2⤵
  PID:6664
- C:\Windows\System\rMmqcyl.exe
  C:\Windows\System\rMmqcyl.exe
  2⤵
  PID:6692
- C:\Windows\System\XZtKjSP.exe
  C:\Windows\System\XZtKjSP.exe
  2⤵
  PID:6720
- C:\Windows\System\CBIpjoN.exe
  C:\Windows\System\CBIpjoN.exe
  2⤵
  PID:6748
- C:\Windows\System\FcLhNdD.exe
  C:\Windows\System\FcLhNdD.exe
  2⤵
  PID:6784
- C:\Windows\System\JLqJdjs.exe
  C:\Windows\System\JLqJdjs.exe
  2⤵
  PID:6804
- C:\Windows\System\kHTItOQ.exe
  C:\Windows\System\kHTItOQ.exe
  2⤵
  PID:6836
- C:\Windows\System\JrurKqW.exe
  C:\Windows\System\JrurKqW.exe
  2⤵
  PID:6868
- C:\Windows\System\zRNAuKl.exe
  C:\Windows\System\zRNAuKl.exe
  2⤵
  PID:6892
- C:\Windows\System\vOWIhfc.exe
  C:\Windows\System\vOWIhfc.exe
  2⤵
  PID:6920
- C:\Windows\System\SVpqMAk.exe
  C:\Windows\System\SVpqMAk.exe
  2⤵
  PID:6948
- C:\Windows\System\XbYeGXa.exe
  C:\Windows\System\XbYeGXa.exe
  2⤵
  PID:6976
- C:\Windows\System\tVwfBhw.exe
  C:\Windows\System\tVwfBhw.exe
  2⤵
  PID:7004
- C:\Windows\System\LlXYZLd.exe
  C:\Windows\System\LlXYZLd.exe
  2⤵
  PID:7032
- C:\Windows\System\iKIFyPS.exe
  C:\Windows\System\iKIFyPS.exe
  2⤵
  PID:7060
- C:\Windows\System\CqNRfOB.exe
  C:\Windows\System\CqNRfOB.exe
  2⤵
  PID:7088
- C:\Windows\System\DJINypS.exe
  C:\Windows\System\DJINypS.exe
  2⤵
  PID:7124
- C:\Windows\System\nkTVFYX.exe
  C:\Windows\System\nkTVFYX.exe
  2⤵
  PID:6208
- C:\Windows\System\FKDAlNV.exe
  C:\Windows\System\FKDAlNV.exe
  2⤵
  PID:6280
- C:\Windows\System\zSlauhH.exe
  C:\Windows\System\zSlauhH.exe
  2⤵
  PID:6388
- C:\Windows\System\zpGCrVd.exe
  C:\Windows\System\zpGCrVd.exe
  2⤵
  PID:6444
- C:\Windows\System\PpRSmXz.exe
  C:\Windows\System\PpRSmXz.exe
  2⤵
  PID:6528
- C:\Windows\System\ugdkBHn.exe
  C:\Windows\System\ugdkBHn.exe
  2⤵
  PID:6544
- C:\Windows\System\MJQfZpw.exe
  C:\Windows\System\MJQfZpw.exe
  2⤵
  PID:6636
- C:\Windows\System\GJpqmRj.exe
  C:\Windows\System\GJpqmRj.exe
  2⤵
  PID:6704
- C:\Windows\System\KxmGaPl.exe
  C:\Windows\System\KxmGaPl.exe
  2⤵
  PID:6772
- C:\Windows\System\yhMRVWY.exe
  C:\Windows\System\yhMRVWY.exe
  2⤵
  PID:6844
- C:\Windows\System\znYIdtR.exe
  C:\Windows\System\znYIdtR.exe
  2⤵
  PID:6876
- C:\Windows\System\bDZxzNV.exe
  C:\Windows\System\bDZxzNV.exe
  2⤵
  PID:6940
- C:\Windows\System\MRLPind.exe
  C:\Windows\System\MRLPind.exe
  2⤵
  PID:7016
- C:\Windows\System\dXXgTMd.exe
  C:\Windows\System\dXXgTMd.exe
  2⤵
  PID:7072
- C:\Windows\System\VkSmKmd.exe
  C:\Windows\System\VkSmKmd.exe
  2⤵
  PID:6160
- C:\Windows\System\pWUmBuL.exe
  C:\Windows\System\pWUmBuL.exe
  2⤵
  PID:6352
- C:\Windows\System\zPHQdUt.exe
  C:\Windows\System\zPHQdUt.exe
  2⤵
  PID:6520
- C:\Windows\System\YZDETzW.exe
  C:\Windows\System\YZDETzW.exe
  2⤵
  PID:5412
- C:\Windows\System\hLSVBMR.exe
  C:\Windows\System\hLSVBMR.exe
  2⤵
  PID:6740
- C:\Windows\System\oJByJMe.exe
  C:\Windows\System\oJByJMe.exe
  2⤵
  PID:6900
- C:\Windows\System\wyIRrVQ.exe
  C:\Windows\System\wyIRrVQ.exe
  2⤵
  PID:7044
- C:\Windows\System\ULLhIrc.exe
  C:\Windows\System\ULLhIrc.exe
  2⤵
  PID:6408
- C:\Windows\System\EhNvLyA.exe
  C:\Windows\System\EhNvLyA.exe
  2⤵
  PID:6592
- C:\Windows\System\rsfCljD.exe
  C:\Windows\System\rsfCljD.exe
  2⤵
  PID:6988
- C:\Windows\System\yevaEZD.exe
  C:\Windows\System\yevaEZD.exe
  2⤵
  PID:6760
- C:\Windows\System\WmjjTML.exe
  C:\Windows\System\WmjjTML.exe
  2⤵
  PID:3524
- C:\Windows\System\BTqmZZk.exe
  C:\Windows\System\BTqmZZk.exe
  2⤵
  PID:7196
- C:\Windows\System\lBNXYKA.exe
  C:\Windows\System\lBNXYKA.exe
  2⤵
  PID:7220
- C:\Windows\System\sBHdcDU.exe
  C:\Windows\System\sBHdcDU.exe
  2⤵
  PID:7244
- C:\Windows\System\TOAXhjd.exe
  C:\Windows\System\TOAXhjd.exe
  2⤵
  PID:7276
- C:\Windows\System\TWppRiG.exe
  C:\Windows\System\TWppRiG.exe
  2⤵
  PID:7304
- C:\Windows\System\TheClMR.exe
  C:\Windows\System\TheClMR.exe
  2⤵
  PID:7328
- C:\Windows\System\CTrLpEj.exe
  C:\Windows\System\CTrLpEj.exe
  2⤵
  PID:7360
- C:\Windows\System\XPQHNZs.exe
  C:\Windows\System\XPQHNZs.exe
  2⤵
  PID:7388
- C:\Windows\System\TPqgMSI.exe
  C:\Windows\System\TPqgMSI.exe
  2⤵
  PID:7416
- C:\Windows\System\EHWGivD.exe
  C:\Windows\System\EHWGivD.exe
  2⤵
  PID:7440
- C:\Windows\System\iWEJfNd.exe
  C:\Windows\System\iWEJfNd.exe
  2⤵
  PID:7472
- C:\Windows\System\kORTiMi.exe
  C:\Windows\System\kORTiMi.exe
  2⤵
  PID:7496
- C:\Windows\System\HRzfUSk.exe
  C:\Windows\System\HRzfUSk.exe
  2⤵
  PID:7524
- C:\Windows\System\mVUfduI.exe
  C:\Windows\System\mVUfduI.exe
  2⤵
  PID:7552
- C:\Windows\System\BzKIrdo.exe
  C:\Windows\System\BzKIrdo.exe
  2⤵
  PID:7580
- C:\Windows\System\DIGXiVx.exe
  C:\Windows\System\DIGXiVx.exe
  2⤵
  PID:7608
- C:\Windows\System\UznnfZn.exe
  C:\Windows\System\UznnfZn.exe
  2⤵
  PID:7636
- C:\Windows\System\SvNUZBR.exe
  C:\Windows\System\SvNUZBR.exe
  2⤵
  PID:7664
- C:\Windows\System\FDpQRBk.exe
  C:\Windows\System\FDpQRBk.exe
  2⤵
  PID:7700
- C:\Windows\System\drkOTKb.exe
  C:\Windows\System\drkOTKb.exe
  2⤵
  PID:7720
- C:\Windows\System\eQjHjBX.exe
  C:\Windows\System\eQjHjBX.exe
  2⤵
  PID:7748
- C:\Windows\System\KhXTYfx.exe
  C:\Windows\System\KhXTYfx.exe
  2⤵
  PID:7776
- C:\Windows\System\pGmIoyc.exe
  C:\Windows\System\pGmIoyc.exe
  2⤵
  PID:7804
- C:\Windows\System\hffpsXG.exe
  C:\Windows\System\hffpsXG.exe
  2⤵
  PID:7840
- C:\Windows\System\RIzVcjM.exe
  C:\Windows\System\RIzVcjM.exe
  2⤵
  PID:7868
- C:\Windows\System\DKNAwIG.exe
  C:\Windows\System\DKNAwIG.exe
  2⤵
  PID:7888
- C:\Windows\System\JAeDNnf.exe
  C:\Windows\System\JAeDNnf.exe
  2⤵
  PID:7916
- C:\Windows\System\AwOuTNf.exe
  C:\Windows\System\AwOuTNf.exe
  2⤵
  PID:7952
- C:\Windows\System\mhyLNJT.exe
  C:\Windows\System\mhyLNJT.exe
  2⤵
  PID:7976
- C:\Windows\System\eBjFHDu.exe
  C:\Windows\System\eBjFHDu.exe
  2⤵
  PID:8000
- C:\Windows\System\DltoKjA.exe
  C:\Windows\System\DltoKjA.exe
  2⤵
  PID:8028
- C:\Windows\System\XjfgMXX.exe
  C:\Windows\System\XjfgMXX.exe
  2⤵
  PID:8056
- C:\Windows\System\JoUYGbv.exe
  C:\Windows\System\JoUYGbv.exe
  2⤵
  PID:8084
- C:\Windows\System\HkHfwck.exe
  C:\Windows\System\HkHfwck.exe
  2⤵
  PID:8112
- C:\Windows\System\sxmslYI.exe
  C:\Windows\System\sxmslYI.exe
  2⤵
  PID:8140
- C:\Windows\System\qoLFker.exe
  C:\Windows\System\qoLFker.exe
  2⤵
  PID:8168
- C:\Windows\System\ENURmdv.exe
  C:\Windows\System\ENURmdv.exe
  2⤵
  PID:7176
- C:\Windows\System\fmyWCak.exe
  C:\Windows\System\fmyWCak.exe
  2⤵
  PID:7268
- C:\Windows\System\iTHXsnR.exe
  C:\Windows\System\iTHXsnR.exe
  2⤵
  PID:7336
- C:\Windows\System\WspzcFt.exe
  C:\Windows\System\WspzcFt.exe
  2⤵
  PID:7516
- C:\Windows\System\aAWjIYx.exe
  C:\Windows\System\aAWjIYx.exe
  2⤵
  PID:7632
- C:\Windows\System\LHGygkj.exe
  C:\Windows\System\LHGygkj.exe
  2⤵
  PID:7788
- C:\Windows\System\ACXIBDX.exe
  C:\Windows\System\ACXIBDX.exe
  2⤵
  PID:7828
- C:\Windows\System\cUTyceQ.exe
  C:\Windows\System\cUTyceQ.exe
  2⤵
  PID:7940
- C:\Windows\System\yRmojYC.exe
  C:\Windows\System\yRmojYC.exe
  2⤵
  PID:8012
- C:\Windows\System\BjQLNho.exe
  C:\Windows\System\BjQLNho.exe
  2⤵
  PID:8076
- C:\Windows\System\HGtlqJX.exe
  C:\Windows\System\HGtlqJX.exe
  2⤵
  PID:8132
- C:\Windows\System\tYBQRFF.exe
  C:\Windows\System\tYBQRFF.exe
  2⤵
  PID:7132
- C:\Windows\System\NZplXWD.exe
  C:\Windows\System\NZplXWD.exe
  2⤵
  PID:7316
- C:\Windows\System\iBteeHo.exe
  C:\Windows\System\iBteeHo.exe
  2⤵
  PID:7688
- C:\Windows\System\APAGADN.exe
  C:\Windows\System\APAGADN.exe
  2⤵
  PID:7912
- C:\Windows\System\IUAtBiB.exe
  C:\Windows\System\IUAtBiB.exe
  2⤵
  PID:8072
- C:\Windows\System\gLAvNGZ.exe
  C:\Windows\System\gLAvNGZ.exe
  2⤵
  PID:7260
- C:\Windows\System\gYauOdF.exe
  C:\Windows\System\gYauOdF.exe
  2⤵
  PID:7880
- C:\Windows\System\ekFwfcU.exe
  C:\Windows\System\ekFwfcU.exe
  2⤵
  PID:8188
- C:\Windows\System\kzJRjFN.exe
  C:\Windows\System\kzJRjFN.exe
  2⤵
  PID:7816
- C:\Windows\System\MfJoqpV.exe
  C:\Windows\System\MfJoqpV.exe
  2⤵
  PID:8216
- C:\Windows\System\RgHBFtq.exe
  C:\Windows\System\RgHBFtq.exe
  2⤵
  PID:8244
- C:\Windows\System\vLXnjGX.exe
  C:\Windows\System\vLXnjGX.exe
  2⤵
  PID:8272
- C:\Windows\System\KOIBtqC.exe
  C:\Windows\System\KOIBtqC.exe
  2⤵
  PID:8300
- C:\Windows\System\YfHahfR.exe
  C:\Windows\System\YfHahfR.exe
  2⤵
  PID:8328
- C:\Windows\System\HWVkTjG.exe
  C:\Windows\System\HWVkTjG.exe
  2⤵
  PID:8356
- C:\Windows\System\taPmxLE.exe
  C:\Windows\System\taPmxLE.exe
  2⤵
  PID:8384
- C:\Windows\System\wfSJICI.exe
  C:\Windows\System\wfSJICI.exe
  2⤵
  PID:8412
- C:\Windows\System\JQHXnFM.exe
  C:\Windows\System\JQHXnFM.exe
  2⤵
  PID:8444
- C:\Windows\System\fXedFZE.exe
  C:\Windows\System\fXedFZE.exe
  2⤵
  PID:8468
- C:\Windows\System\pQniNgy.exe
  C:\Windows\System\pQniNgy.exe
  2⤵
  PID:8500
- C:\Windows\System\ndfrTAn.exe
  C:\Windows\System\ndfrTAn.exe
  2⤵
  PID:8532
- C:\Windows\System\ZDtumsS.exe
  C:\Windows\System\ZDtumsS.exe
  2⤵
  PID:8552
- C:\Windows\System\KCHepWQ.exe
  C:\Windows\System\KCHepWQ.exe
  2⤵
  PID:8584
- C:\Windows\System\vKieTMF.exe
  C:\Windows\System\vKieTMF.exe
  2⤵
  PID:8612
- C:\Windows\System\PURhAqY.exe
  C:\Windows\System\PURhAqY.exe
  2⤵
  PID:8640
- C:\Windows\System\pXbYTrL.exe
  C:\Windows\System\pXbYTrL.exe
  2⤵
  PID:8668
- C:\Windows\System\IymCTxd.exe
  C:\Windows\System\IymCTxd.exe
  2⤵
  PID:8696
- C:\Windows\System\FLxnGvV.exe
  C:\Windows\System\FLxnGvV.exe
  2⤵
  PID:8728
- C:\Windows\System\AdOXjva.exe
  C:\Windows\System\AdOXjva.exe
  2⤵
  PID:8752
- C:\Windows\System\rugCSHm.exe
  C:\Windows\System\rugCSHm.exe
  2⤵
  PID:8780
- C:\Windows\System\KJtxVtv.exe
  C:\Windows\System\KJtxVtv.exe
  2⤵
  PID:8808
- C:\Windows\System\JtNjPuX.exe
  C:\Windows\System\JtNjPuX.exe
  2⤵
  PID:8836
- C:\Windows\System\msJvwcc.exe
  C:\Windows\System\msJvwcc.exe
  2⤵
  PID:8868
- C:\Windows\System\MkztrOL.exe
  C:\Windows\System\MkztrOL.exe
  2⤵
  PID:8892
- C:\Windows\System\Kcfbqjr.exe
  C:\Windows\System\Kcfbqjr.exe
  2⤵
  PID:8920
- C:\Windows\System\dsfsQke.exe
  C:\Windows\System\dsfsQke.exe
  2⤵
  PID:8948
- C:\Windows\System\ICNKCTI.exe
  C:\Windows\System\ICNKCTI.exe
  2⤵
  PID:8976
- C:\Windows\System\SqWKIlZ.exe
  C:\Windows\System\SqWKIlZ.exe
  2⤵
  PID:9004
- C:\Windows\System\PblqpzH.exe
  C:\Windows\System\PblqpzH.exe
  2⤵
  PID:9040
- C:\Windows\System\ZRedoOu.exe
  C:\Windows\System\ZRedoOu.exe
  2⤵
  PID:9064
- C:\Windows\System\TKshsKZ.exe
  C:\Windows\System\TKshsKZ.exe
  2⤵
  PID:9096
- C:\Windows\System\gJbQqSB.exe
  C:\Windows\System\gJbQqSB.exe
  2⤵
  PID:9116
- C:\Windows\System\XesDFsW.exe
  C:\Windows\System\XesDFsW.exe
  2⤵
  PID:9144
- C:\Windows\System\aaQTBae.exe
  C:\Windows\System\aaQTBae.exe
  2⤵
  PID:9172
- C:\Windows\System\AvFnHNj.exe
  C:\Windows\System\AvFnHNj.exe
  2⤵
  PID:9200
- C:\Windows\System\FjLoTEz.exe
  C:\Windows\System\FjLoTEz.exe
  2⤵
  PID:8232
- C:\Windows\System\HhLczDv.exe
  C:\Windows\System\HhLczDv.exe
  2⤵
  PID:8284
- C:\Windows\System\yuQnobH.exe
  C:\Windows\System\yuQnobH.exe
  2⤵
  PID:8348
- C:\Windows\System\iqLjrxq.exe
  C:\Windows\System\iqLjrxq.exe
  2⤵
  PID:8408
- C:\Windows\System\nwwDiXR.exe
  C:\Windows\System\nwwDiXR.exe
  2⤵
  PID:8464
- C:\Windows\System\jGyAQbP.exe
  C:\Windows\System\jGyAQbP.exe
  2⤵
  PID:8540
- C:\Windows\System\eCrFQYk.exe
  C:\Windows\System\eCrFQYk.exe
  2⤵
  PID:8604
- C:\Windows\System\VQfsOxO.exe
  C:\Windows\System\VQfsOxO.exe
  2⤵
  PID:8688
- C:\Windows\System\LQNjpDd.exe
  C:\Windows\System\LQNjpDd.exe
  2⤵
  PID:8736
- C:\Windows\System\lgKRyVr.exe
  C:\Windows\System\lgKRyVr.exe
  2⤵
  PID:8804
- C:\Windows\System\IKLYpvG.exe
  C:\Windows\System\IKLYpvG.exe
  2⤵
  PID:8876
- C:\Windows\System\pNEELkl.exe
  C:\Windows\System\pNEELkl.exe
  2⤵
  PID:8940
- C:\Windows\System\ftuXIsa.exe
  C:\Windows\System\ftuXIsa.exe
  2⤵
  PID:9000
- C:\Windows\System\uPJRuUf.exe
  C:\Windows\System\uPJRuUf.exe
  2⤵
  PID:9080
- C:\Windows\System\pHUtYNj.exe
  C:\Windows\System\pHUtYNj.exe
  2⤵
  PID:9164
- C:\Windows\System\GBmoHpU.exe
  C:\Windows\System\GBmoHpU.exe
  2⤵
  PID:9196
- C:\Windows\System\FGmCAuI.exe
  C:\Windows\System\FGmCAuI.exe
  2⤵
  PID:8600
- C:\Windows\System\FhxNmbG.exe
  C:\Windows\System\FhxNmbG.exe
  2⤵
  PID:8592
- C:\Windows\System\KhvbnXv.exe
  C:\Windows\System\KhvbnXv.exe
  2⤵
  PID:8764
- C:\Windows\System\hjBcboi.exe
  C:\Windows\System\hjBcboi.exe
  2⤵
  PID:8932
- C:\Windows\System\rdXRGQy.exe
  C:\Windows\System\rdXRGQy.exe
  2⤵
  PID:9108
- C:\Windows\System\YlEuaqJ.exe
  C:\Windows\System\YlEuaqJ.exe
  2⤵
  PID:8396
- C:\Windows\System\lSrPBaZ.exe
  C:\Windows\System\lSrPBaZ.exe
  2⤵
  PID:8716
- C:\Windows\System\zUYxNSX.exe
  C:\Windows\System\zUYxNSX.exe
  2⤵
  PID:9192
- C:\Windows\System\RWtaHBg.exe
  C:\Windows\System\RWtaHBg.exe
  2⤵
  PID:8776
- C:\Windows\System\MnnvXyO.exe
  C:\Windows\System\MnnvXyO.exe
  2⤵
  PID:8860
- C:\Windows\System\MHnaOJg.exe
  C:\Windows\System\MHnaOJg.exe
  2⤵
  PID:9240
- C:\Windows\System\ySdACWM.exe
  C:\Windows\System\ySdACWM.exe
  2⤵
  PID:9260
- C:\Windows\System\uChvNKX.exe
  C:\Windows\System\uChvNKX.exe
  2⤵
  PID:9308
- C:\Windows\System\pSyzLIv.exe
  C:\Windows\System\pSyzLIv.exe
  2⤵
  PID:9340
- C:\Windows\System\iBMFumv.exe
  C:\Windows\System\iBMFumv.exe
  2⤵
  PID:9372
- C:\Windows\System\bFFwvyG.exe
  C:\Windows\System\bFFwvyG.exe
  2⤵
  PID:9396
- C:\Windows\System\pxQiXfm.exe
  C:\Windows\System\pxQiXfm.exe
  2⤵
  PID:9420
- C:\Windows\System\YwWoIyZ.exe
  C:\Windows\System\YwWoIyZ.exe
  2⤵
  PID:9448
- C:\Windows\System\YpuNrOs.exe
  C:\Windows\System\YpuNrOs.exe
  2⤵
  PID:9476
- C:\Windows\System\fcPFJnp.exe
  C:\Windows\System\fcPFJnp.exe
  2⤵
  PID:9504
- C:\Windows\System\cDNjGmG.exe
  C:\Windows\System\cDNjGmG.exe
  2⤵
  PID:9532
- C:\Windows\System\dQIHctF.exe
  C:\Windows\System\dQIHctF.exe
  2⤵
  PID:9560
- C:\Windows\System\rLOYyzQ.exe
  C:\Windows\System\rLOYyzQ.exe
  2⤵
  PID:9588
- C:\Windows\System\quzCyGT.exe
  C:\Windows\System\quzCyGT.exe
  2⤵
  PID:9616
- C:\Windows\System\ZsoAWmm.exe
  C:\Windows\System\ZsoAWmm.exe
  2⤵
  PID:9648
- C:\Windows\System\bcCoAXu.exe
  C:\Windows\System\bcCoAXu.exe
  2⤵
  PID:9684
- C:\Windows\System\OwkJaQg.exe
  C:\Windows\System\OwkJaQg.exe
  2⤵
  PID:9700
- C:\Windows\System\hajdWOk.exe
  C:\Windows\System\hajdWOk.exe
  2⤵
  PID:9736
- C:\Windows\System\GhbMjVR.exe
  C:\Windows\System\GhbMjVR.exe
  2⤵
  PID:9760
- C:\Windows\System\XvhxeXC.exe
  C:\Windows\System\XvhxeXC.exe
  2⤵
  PID:9784
- C:\Windows\System\JYMqEGp.exe
  C:\Windows\System\JYMqEGp.exe
  2⤵
  PID:9812
- C:\Windows\System\fGPqlKV.exe
  C:\Windows\System\fGPqlKV.exe
  2⤵
  PID:9840
- C:\Windows\System\IrfrbuM.exe
  C:\Windows\System\IrfrbuM.exe
  2⤵
  PID:9868
- C:\Windows\System\SqngUvP.exe
  C:\Windows\System\SqngUvP.exe
  2⤵
  PID:9896
- C:\Windows\System\opDFtmz.exe
  C:\Windows\System\opDFtmz.exe
  2⤵
  PID:9924
- C:\Windows\System\GmJwACj.exe
  C:\Windows\System\GmJwACj.exe
  2⤵
  PID:9952
- C:\Windows\System\bsGEkQC.exe
  C:\Windows\System\bsGEkQC.exe
  2⤵
  PID:9980
- C:\Windows\System\uUIddir.exe
  C:\Windows\System\uUIddir.exe
  2⤵
  PID:10008
- C:\Windows\System\Ptjdbag.exe
  C:\Windows\System\Ptjdbag.exe
  2⤵
  PID:10040
- C:\Windows\System\ZnWyKdv.exe
  C:\Windows\System\ZnWyKdv.exe
  2⤵
  PID:10068
- C:\Windows\System\TgMiIKX.exe
  C:\Windows\System\TgMiIKX.exe
  2⤵
  PID:10096
- C:\Windows\System\qikCdtI.exe
  C:\Windows\System\qikCdtI.exe
  2⤵
  PID:10124
- C:\Windows\System\FwCFJTq.exe
  C:\Windows\System\FwCFJTq.exe
  2⤵
  PID:10152
- C:\Windows\System\PdrvvoM.exe
  C:\Windows\System\PdrvvoM.exe
  2⤵
  PID:10180
- C:\Windows\System\ONeHBCQ.exe
  C:\Windows\System\ONeHBCQ.exe
  2⤵
  PID:10216
- C:\Windows\System\jCTdPBl.exe
  C:\Windows\System\jCTdPBl.exe
  2⤵
  PID:10236
- C:\Windows\System\cdsNvTp.exe
  C:\Windows\System\cdsNvTp.exe
  2⤵
  PID:9280
- C:\Windows\System\jNAlzaS.exe
  C:\Windows\System\jNAlzaS.exe
  2⤵
  PID:5352
- C:\Windows\System\QGCghIA.exe
  C:\Windows\System\QGCghIA.exe
  2⤵
  PID:2472
- C:\Windows\System\BqBxFpE.exe
  C:\Windows\System\BqBxFpE.exe
  2⤵
  PID:9336
- C:\Windows\System\syoqXMr.exe
  C:\Windows\System\syoqXMr.exe
  2⤵
  PID:9384
- C:\Windows\System\hmJINhN.exe
  C:\Windows\System\hmJINhN.exe
  2⤵
  PID:9444
- C:\Windows\System\wOIJccu.exe
  C:\Windows\System\wOIJccu.exe
  2⤵
  PID:9520
- C:\Windows\System\KeOoJvz.exe
  C:\Windows\System\KeOoJvz.exe
  2⤵
  PID:9580
- C:\Windows\System\YfbwzGI.exe
  C:\Windows\System\YfbwzGI.exe
  2⤵
  PID:9640
- C:\Windows\System\oXvvqFr.exe
  C:\Windows\System\oXvvqFr.exe
  2⤵
  PID:9712
- C:\Windows\System\oktCOAH.exe
  C:\Windows\System\oktCOAH.exe
  2⤵
  PID:9776
- C:\Windows\System\kSoGRHu.exe
  C:\Windows\System\kSoGRHu.exe
  2⤵
  PID:9836
- C:\Windows\System\OnvECzw.exe
  C:\Windows\System\OnvECzw.exe
  2⤵
  PID:9892
- C:\Windows\System\dkFOdxp.exe
  C:\Windows\System\dkFOdxp.exe
  2⤵
  PID:9964
- C:\Windows\System\MNXDgYZ.exe
  C:\Windows\System\MNXDgYZ.exe
  2⤵
  PID:10028
- C:\Windows\System\FKtMetJ.exe
  C:\Windows\System\FKtMetJ.exe
  2⤵
  PID:10092
- C:\Windows\System\AAuXlOj.exe
  C:\Windows\System\AAuXlOj.exe
  2⤵
  PID:10164
- C:\Windows\System\WShdgAh.exe
  C:\Windows\System\WShdgAh.exe
  2⤵
  PID:10228
- C:\Windows\System\FYAxdnJ.exe
  C:\Windows\System\FYAxdnJ.exe
  2⤵
  PID:5332
- C:\Windows\System\usVlKIf.exe
  C:\Windows\System\usVlKIf.exe
  2⤵
  PID:9380
- C:\Windows\System\xuuVVrd.exe
  C:\Windows\System\xuuVVrd.exe
  2⤵
  PID:9496
- C:\Windows\System\GymfxBg.exe
  C:\Windows\System\GymfxBg.exe
  2⤵
  PID:9636
- C:\Windows\System\oNJpeWf.exe
  C:\Windows\System\oNJpeWf.exe
  2⤵
  PID:9804
- C:\Windows\System\BYYeDNQ.exe
  C:\Windows\System\BYYeDNQ.exe
  2⤵
  PID:9944
- C:\Windows\System\jakOhvd.exe
  C:\Windows\System\jakOhvd.exe
  2⤵
  PID:10120
- C:\Windows\System\sDlpCSY.exe
  C:\Windows\System\sDlpCSY.exe
  2⤵
  PID:6000
- C:\Windows\System\bqUDpeB.exe
  C:\Windows\System\bqUDpeB.exe
  2⤵
  PID:9432
- C:\Windows\System\xihuiNU.exe
  C:\Windows\System\xihuiNU.exe
  2⤵
  PID:5160
- C:\Windows\System\lMCZKKn.exe
  C:\Windows\System\lMCZKKn.exe
  2⤵
  PID:10076
- C:\Windows\System\oOLlVFX.exe
  C:\Windows\System\oOLlVFX.exe
  2⤵
  PID:5188
- C:\Windows\System\YjUGlZU.exe
  C:\Windows\System\YjUGlZU.exe
  2⤵
  PID:9296
- C:\Windows\System\JylttTb.exe
  C:\Windows\System\JylttTb.exe
  2⤵
  PID:9752
- C:\Windows\System\bQPSsBS.exe
  C:\Windows\System\bQPSsBS.exe
  2⤵
  PID:10256
- C:\Windows\System\AyKYTDI.exe
  C:\Windows\System\AyKYTDI.exe
  2⤵
  PID:10284
- C:\Windows\System\jICYAtu.exe
  C:\Windows\System\jICYAtu.exe
  2⤵
  PID:10312
- C:\Windows\System\SLpyBgM.exe
  C:\Windows\System\SLpyBgM.exe
  2⤵
  PID:10340
- C:\Windows\System\JOGsytx.exe
  C:\Windows\System\JOGsytx.exe
  2⤵
  PID:10368
- C:\Windows\System\QSxXEDD.exe
  C:\Windows\System\QSxXEDD.exe
  2⤵
  PID:10408
- C:\Windows\System\nlvnyju.exe
  C:\Windows\System\nlvnyju.exe
  2⤵
  PID:10424
- C:\Windows\System\GIBRLFV.exe
  C:\Windows\System\GIBRLFV.exe
  2⤵
  PID:10452
- C:\Windows\System\KaiAORW.exe
  C:\Windows\System\KaiAORW.exe
  2⤵
  PID:10488
- C:\Windows\System\kGztaQV.exe
  C:\Windows\System\kGztaQV.exe
  2⤵
  PID:10508
- C:\Windows\System\SXIFRFC.exe
  C:\Windows\System\SXIFRFC.exe
  2⤵
  PID:10536
- C:\Windows\System\UybfHGp.exe
  C:\Windows\System\UybfHGp.exe
  2⤵
  PID:10564
- C:\Windows\System\agmveMa.exe
  C:\Windows\System\agmveMa.exe
  2⤵
  PID:10592
- C:\Windows\System\LVHiTpo.exe
  C:\Windows\System\LVHiTpo.exe
  2⤵
  PID:10624
- C:\Windows\System\CSYLgUl.exe
  C:\Windows\System\CSYLgUl.exe
  2⤵
  PID:10648
- C:\Windows\System\pEJgCWW.exe
  C:\Windows\System\pEJgCWW.exe
  2⤵
  PID:10676
- C:\Windows\System\yiSfBhF.exe
  C:\Windows\System\yiSfBhF.exe
  2⤵
  PID:10712
- C:\Windows\System\hCxxNDN.exe
  C:\Windows\System\hCxxNDN.exe
  2⤵
  PID:10732
- C:\Windows\System\ymERXAV.exe
  C:\Windows\System\ymERXAV.exe
  2⤵
  PID:10760
- C:\Windows\System\cngJeny.exe
  C:\Windows\System\cngJeny.exe
  2⤵
  PID:10788
- C:\Windows\System\CkWKYgv.exe
  C:\Windows\System\CkWKYgv.exe
  2⤵
  PID:10864
- C:\Windows\System\cYMDLur.exe
  C:\Windows\System\cYMDLur.exe
  2⤵
  PID:10880
- C:\Windows\System\tPuxOKK.exe
  C:\Windows\System\tPuxOKK.exe
  2⤵
  PID:10912
- C:\Windows\System\JGCqwqK.exe
  C:\Windows\System\JGCqwqK.exe
  2⤵
  PID:10964
- C:\Windows\System\dHNZpqO.exe
  C:\Windows\System\dHNZpqO.exe
  2⤵
  PID:10992
- C:\Windows\System\iXrusnN.exe
  C:\Windows\System\iXrusnN.exe
  2⤵
  PID:11024
- C:\Windows\System\xWMjTzF.exe
  C:\Windows\System\xWMjTzF.exe
  2⤵
  PID:11048
- C:\Windows\System\iKeQESS.exe
  C:\Windows\System\iKeQESS.exe
  2⤵
  PID:11076
- C:\Windows\System\chCuIBc.exe
  C:\Windows\System\chCuIBc.exe
  2⤵
  PID:11108
- C:\Windows\System\kZcXVgj.exe
  C:\Windows\System\kZcXVgj.exe
  2⤵
  PID:11140
- C:\Windows\System\DUClFPO.exe
  C:\Windows\System\DUClFPO.exe
  2⤵
  PID:11176
- C:\Windows\System\SsJTOCp.exe
  C:\Windows\System\SsJTOCp.exe
  2⤵
  PID:11204
- C:\Windows\System\cgqctnB.exe
  C:\Windows\System\cgqctnB.exe
  2⤵
  PID:11228
- C:\Windows\System\FBPpVPD.exe
  C:\Windows\System\FBPpVPD.exe
  2⤵
  PID:11256
- C:\Windows\System\NJshGQp.exe
  C:\Windows\System\NJshGQp.exe
  2⤵
  PID:10296
- C:\Windows\System\YoFvzaO.exe
  C:\Windows\System\YoFvzaO.exe
  2⤵
  PID:10380
- C:\Windows\System\IJcpDyC.exe
  C:\Windows\System\IJcpDyC.exe
  2⤵
  PID:10464
- C:\Windows\System\qyZuWoB.exe
  C:\Windows\System\qyZuWoB.exe
  2⤵
  PID:10528
- C:\Windows\System\ckEWWyF.exe
  C:\Windows\System\ckEWWyF.exe
  2⤵
  PID:10588
- C:\Windows\System\pVaHfQe.exe
  C:\Windows\System\pVaHfQe.exe
  2⤵
  PID:10644
- C:\Windows\System\gdIBUTV.exe
  C:\Windows\System\gdIBUTV.exe
  2⤵
  PID:10696
- C:\Windows\System\esneqqC.exe
  C:\Windows\System\esneqqC.exe
  2⤵
  PID:10752
- C:\Windows\System\BNWvLjB.exe
  C:\Windows\System\BNWvLjB.exe
  2⤵
  PID:4360
- C:\Windows\System\slcQDMs.exe
  C:\Windows\System\slcQDMs.exe
  2⤵
  PID:10876
- C:\Windows\System\evcUBgx.exe
  C:\Windows\System\evcUBgx.exe
  2⤵
  PID:720
- C:\Windows\System\frZGNpB.exe
  C:\Windows\System\frZGNpB.exe
  2⤵
  PID:11012
- C:\Windows\System\IvjCtFu.exe
  C:\Windows\System\IvjCtFu.exe
  2⤵
  PID:11072
- C:\Windows\System\HQBjybN.exe
  C:\Windows\System\HQBjybN.exe
  2⤵
  PID:11120
- C:\Windows\System\wTLeCqr.exe
  C:\Windows\System\wTLeCqr.exe
  2⤵
  PID:11192
- C:\Windows\System\ORZyqRp.exe
  C:\Windows\System\ORZyqRp.exe
  2⤵
  PID:10252
- C:\Windows\System\WDIngKL.exe
  C:\Windows\System\WDIngKL.exe
  2⤵
  PID:10352
- C:\Windows\System\cAnDiwA.exe
  C:\Windows\System\cAnDiwA.exe
  2⤵
  PID:10552
- C:\Windows\System\jbgSAal.exe
  C:\Windows\System\jbgSAal.exe
  2⤵
  PID:10672
- C:\Windows\System\YvKaipl.exe
  C:\Windows\System\YvKaipl.exe
  2⤵
  PID:10780
- C:\Windows\System\EmnYGMH.exe
  C:\Windows\System\EmnYGMH.exe
  2⤵
  PID:10924
- C:\Windows\System\pKPVdRh.exe
  C:\Windows\System\pKPVdRh.exe
  2⤵
  PID:10892
- C:\Windows\System\qKLuRnW.exe
  C:\Windows\System\qKLuRnW.exe
  2⤵
  PID:4388
- C:\Windows\System\MsOZkOu.exe
  C:\Windows\System\MsOZkOu.exe
  2⤵
  PID:10420
- C:\Windows\System\SDNJFWl.exe
  C:\Windows\System\SDNJFWl.exe
  2⤵
  PID:5004
- C:\Windows\System\LiGLVnm.exe
  C:\Windows\System\LiGLVnm.exe
  2⤵
  PID:11068
- C:\Windows\System\WdkDfYp.exe
  C:\Windows\System\WdkDfYp.exe
  2⤵
  PID:1920
- C:\Windows\System\jOXvOvu.exe
  C:\Windows\System\jOXvOvu.exe
  2⤵
  PID:10904
- C:\Windows\System\gDEYqEW.exe
  C:\Windows\System\gDEYqEW.exe
  2⤵
  PID:10668
- C:\Windows\System\zREvdiA.exe
  C:\Windows\System\zREvdiA.exe
  2⤵
  PID:4364
- C:\Windows\System\hgcgSSh.exe
  C:\Windows\System\hgcgSSh.exe
  2⤵
  PID:11284
- C:\Windows\System\zCDyLVA.exe
  C:\Windows\System\zCDyLVA.exe
  2⤵
  PID:11324
- C:\Windows\System\mgDslGv.exe
  C:\Windows\System\mgDslGv.exe
  2⤵
  PID:11344
- C:\Windows\System\KTDhgYs.exe
  C:\Windows\System\KTDhgYs.exe
  2⤵
  PID:11372
- C:\Windows\System\CmVCzVh.exe
  C:\Windows\System\CmVCzVh.exe
  2⤵
  PID:11400
- C:\Windows\System\dlTeLxo.exe
  C:\Windows\System\dlTeLxo.exe
  2⤵
  PID:11428
- C:\Windows\System\ISteExE.exe
  C:\Windows\System\ISteExE.exe
  2⤵
  PID:11456
- C:\Windows\System\KaDiPaC.exe
  C:\Windows\System\KaDiPaC.exe
  2⤵
  PID:11484
- C:\Windows\System\iHBKxxw.exe
  C:\Windows\System\iHBKxxw.exe
  2⤵
  PID:11524
- C:\Windows\System\BpPbPiV.exe
  C:\Windows\System\BpPbPiV.exe
  2⤵
  PID:11552
- C:\Windows\System\JarSkYe.exe
  C:\Windows\System\JarSkYe.exe
  2⤵
  PID:11572
- C:\Windows\System\itSowMk.exe
  C:\Windows\System\itSowMk.exe
  2⤵
  PID:11600
- C:\Windows\System\ovxlcap.exe
  C:\Windows\System\ovxlcap.exe
  2⤵
  PID:11628
- C:\Windows\System\DkiEUns.exe
  C:\Windows\System\DkiEUns.exe
  2⤵
  PID:11656
- C:\Windows\System\FdFqSDf.exe
  C:\Windows\System\FdFqSDf.exe
  2⤵
  PID:11684
- C:\Windows\System\WmhGXan.exe
  C:\Windows\System\WmhGXan.exe
  2⤵
  PID:11712
- C:\Windows\System\kVyxZyG.exe
  C:\Windows\System\kVyxZyG.exe
  2⤵
  PID:11748
- C:\Windows\System\KMKoRvU.exe
  C:\Windows\System\KMKoRvU.exe
  2⤵
  PID:11768
- C:\Windows\System\GUXyOAf.exe
  C:\Windows\System\GUXyOAf.exe
  2⤵
  PID:11796
- C:\Windows\System\fpSHTyK.exe
  C:\Windows\System\fpSHTyK.exe
  2⤵
  PID:11824
- C:\Windows\System\bSVUTaY.exe
  C:\Windows\System\bSVUTaY.exe
  2⤵
  PID:11852
- C:\Windows\System\iKsgWFa.exe
  C:\Windows\System\iKsgWFa.exe
  2⤵
  PID:11880
- C:\Windows\System\zIObClB.exe
  C:\Windows\System\zIObClB.exe
  2⤵
  PID:11908
- C:\Windows\System\LHMTlyS.exe
  C:\Windows\System\LHMTlyS.exe
  2⤵
  PID:11940
- C:\Windows\System\JNROhBw.exe
  C:\Windows\System\JNROhBw.exe
  2⤵
  PID:11968
- C:\Windows\System\qpEFCKI.exe
  C:\Windows\System\qpEFCKI.exe
  2⤵
  PID:11992
- C:\Windows\System\VRayNmP.exe
  C:\Windows\System\VRayNmP.exe
  2⤵
  PID:12024
- C:\Windows\System\qmuzqdc.exe
  C:\Windows\System\qmuzqdc.exe
  2⤵
  PID:12092
- C:\Windows\System\qETuQgk.exe
  C:\Windows\System\qETuQgk.exe
  2⤵
  PID:12116
- C:\Windows\System\KtvAGUa.exe
  C:\Windows\System\KtvAGUa.exe
  2⤵
  PID:12148
- C:\Windows\System\rVabSIZ.exe
  C:\Windows\System\rVabSIZ.exe
  2⤵
  PID:12172
- C:\Windows\System\gAswaII.exe
  C:\Windows\System\gAswaII.exe
  2⤵
  PID:12200
- C:\Windows\System\cgCJqmw.exe
  C:\Windows\System\cgCJqmw.exe
  2⤵
  PID:12232
- C:\Windows\System\qsPmgpe.exe
  C:\Windows\System\qsPmgpe.exe
  2⤵
  PID:12256
- C:\Windows\System\nVnPZuO.exe
  C:\Windows\System\nVnPZuO.exe
  2⤵
  PID:12284
- C:\Windows\System\gybDwqb.exe
  C:\Windows\System\gybDwqb.exe
  2⤵
  PID:11336
- C:\Windows\System\BOHHUcj.exe
  C:\Windows\System\BOHHUcj.exe
  2⤵
  PID:11392
- C:\Windows\System\kLLqfWU.exe
  C:\Windows\System\kLLqfWU.exe
  2⤵
  PID:11452
- C:\Windows\System\QXkbmsi.exe
  C:\Windows\System\QXkbmsi.exe
  2⤵
  PID:2904
- C:\Windows\System\KLVaKBj.exe
  C:\Windows\System\KLVaKBj.exe
  2⤵
  PID:11612
- C:\Windows\System\xAMHxLh.exe
  C:\Windows\System\xAMHxLh.exe
  2⤵
  PID:11668
- C:\Windows\System\qpvIwvX.exe
  C:\Windows\System\qpvIwvX.exe
  2⤵
  PID:11044
- C:\Windows\System\UKeynBI.exe
  C:\Windows\System\UKeynBI.exe
  2⤵
  PID:11764
- C:\Windows\System\FMKYMjj.exe
  C:\Windows\System\FMKYMjj.exe
  2⤵
  PID:11816
- C:\Windows\System\qBUYVOz.exe
  C:\Windows\System\qBUYVOz.exe
  2⤵
  PID:11876
- C:\Windows\System\pqDMtwx.exe
  C:\Windows\System\pqDMtwx.exe
  2⤵
  PID:11936
- C:\Windows\System\KskZYWR.exe
  C:\Windows\System\KskZYWR.exe
  2⤵
  PID:12016
- C:\Windows\System\zMVOfVX.exe
  C:\Windows\System\zMVOfVX.exe
  2⤵
  PID:12108
- C:\Windows\System\dtGwGsk.exe
  C:\Windows\System\dtGwGsk.exe
  2⤵
  PID:11188
- C:\Windows\System\tjEKCmS.exe
  C:\Windows\System\tjEKCmS.exe
  2⤵
  PID:12140
- C:\Windows\System\YaiiLoN.exe
  C:\Windows\System\YaiiLoN.exe
  2⤵
  PID:12212
- C:\Windows\System\cUemBiC.exe
  C:\Windows\System\cUemBiC.exe
  2⤵
  PID:12276
- C:\Windows\System\viPzBHb.exe
  C:\Windows\System\viPzBHb.exe
  2⤵
  PID:11424
- C:\Windows\System\jEvgWXz.exe
  C:\Windows\System\jEvgWXz.exe
  2⤵
  PID:11564
- C:\Windows\System\njVcdMA.exe
  C:\Windows\System\njVcdMA.exe
  2⤵
  PID:11680
- C:\Windows\System\huTwUtg.exe
  C:\Windows\System\huTwUtg.exe
  2⤵
  PID:2564
- C:\Windows\System\OSEMThu.exe
  C:\Windows\System\OSEMThu.exe
  2⤵
  PID:3924
- C:\Windows\System\ksjcXID.exe
  C:\Windows\System\ksjcXID.exe
  2⤵
  PID:12100
- C:\Windows\System\OJcFZkZ.exe
  C:\Windows\System\OJcFZkZ.exe
  2⤵
  PID:10808
- C:\Windows\System\zqhhPIk.exe
  C:\Windows\System\zqhhPIk.exe
  2⤵
  PID:12268
- C:\Windows\System\hQbNpTk.exe
  C:\Windows\System\hQbNpTk.exe
  2⤵
  PID:4868
- C:\Windows\System\waxHXva.exe
  C:\Windows\System\waxHXva.exe
  2⤵
  PID:12000
- C:\Windows\System\sKAyczH.exe
  C:\Windows\System\sKAyczH.exe
  2⤵
  PID:10816
- C:\Windows\System\lXDEWbo.exe
  C:\Windows\System\lXDEWbo.exe
  2⤵
  PID:11532
- C:\Windows\System\BMIvOWJ.exe
  C:\Windows\System\BMIvOWJ.exe
  2⤵
  PID:12252
- C:\Windows\System\aUVBMTu.exe
  C:\Windows\System\aUVBMTu.exe
  2⤵
  PID:10812
- C:\Windows\System\boeeMpM.exe
  C:\Windows\System\boeeMpM.exe
  2⤵
  PID:3328
- C:\Windows\System\PnGRbHA.exe
  C:\Windows\System\PnGRbHA.exe
  2⤵
  PID:12308
- C:\Windows\System\ZgBEpKb.exe
  C:\Windows\System\ZgBEpKb.exe
  2⤵
  PID:12336
- C:\Windows\System\nQaHNCW.exe
  C:\Windows\System\nQaHNCW.exe
  2⤵
  PID:12364
- C:\Windows\System\ttjJOjs.exe
  C:\Windows\System\ttjJOjs.exe
  2⤵
  PID:12392
- C:\Windows\System\xXpflUy.exe
  C:\Windows\System\xXpflUy.exe
  2⤵
  PID:12420
- C:\Windows\System\IguhHgT.exe
  C:\Windows\System\IguhHgT.exe
  2⤵
  PID:12448
- C:\Windows\System\prztVGv.exe
  C:\Windows\System\prztVGv.exe
  2⤵
  PID:12476
- C:\Windows\System\AhMWdZW.exe
  C:\Windows\System\AhMWdZW.exe
  2⤵
  PID:12504
- C:\Windows\System\SxrjNpT.exe
  C:\Windows\System\SxrjNpT.exe
  2⤵
  PID:12540
- C:\Windows\System\phPPWoH.exe
  C:\Windows\System\phPPWoH.exe
  2⤵
  PID:12560
- C:\Windows\System\ggjVzbI.exe
  C:\Windows\System\ggjVzbI.exe
  2⤵
  PID:12588
- C:\Windows\System\gEqRpPj.exe
  C:\Windows\System\gEqRpPj.exe
  2⤵
  PID:12620
- C:\Windows\System\jURFJrm.exe
  C:\Windows\System\jURFJrm.exe
  2⤵
  PID:12648
- C:\Windows\System\Qgzlclu.exe
  C:\Windows\System\Qgzlclu.exe
  2⤵
  PID:12676
- C:\Windows\System\PtPizwU.exe
  C:\Windows\System\PtPizwU.exe
  2⤵
  PID:12712
- C:\Windows\System\nEgnQrZ.exe
  C:\Windows\System\nEgnQrZ.exe
  2⤵
  PID:12732
- C:\Windows\System\fEzofIl.exe
  C:\Windows\System\fEzofIl.exe
  2⤵
  PID:12760
- C:\Windows\System\QyoYUhr.exe
  C:\Windows\System\QyoYUhr.exe
  2⤵
  PID:12788
- C:\Windows\System\iGrCXPS.exe
  C:\Windows\System\iGrCXPS.exe
  2⤵
  PID:12816
- C:\Windows\System\jIncyJx.exe
  C:\Windows\System\jIncyJx.exe
  2⤵
  PID:12848
- C:\Windows\System\UbWMvHE.exe
  C:\Windows\System\UbWMvHE.exe
  2⤵
  PID:12880
- C:\Windows\System\ORQkRzD.exe
  C:\Windows\System\ORQkRzD.exe
  2⤵
  PID:12900
- C:\Windows\System\tChUSai.exe
  C:\Windows\System\tChUSai.exe
  2⤵
  PID:12928
- C:\Windows\System\ZtHjOQW.exe
  C:\Windows\System\ZtHjOQW.exe
  2⤵
  PID:12956
- C:\Windows\System\QzzsAYq.exe
  C:\Windows\System\QzzsAYq.exe
  2⤵
  PID:12984
- C:\Windows\System\bzgNYLL.exe
  C:\Windows\System\bzgNYLL.exe
  2⤵
  PID:13024
- C:\Windows\System\pyEuOdC.exe
  C:\Windows\System\pyEuOdC.exe
  2⤵
  PID:13040
- C:\Windows\System\OtuFZeX.exe
  C:\Windows\System\OtuFZeX.exe
  2⤵
  PID:13068
- C:\Windows\System\dbshcWd.exe
  C:\Windows\System\dbshcWd.exe
  2⤵
  PID:13096
- C:\Windows\System\aYBfaXQ.exe
  C:\Windows\System\aYBfaXQ.exe
  2⤵
  PID:13128
- C:\Windows\System\mmqaEnw.exe
  C:\Windows\System\mmqaEnw.exe
  2⤵
  PID:13152
- C:\Windows\System\Othjwnf.exe
  C:\Windows\System\Othjwnf.exe
  2⤵
  PID:13180
- C:\Windows\System\agvcAgJ.exe
  C:\Windows\System\agvcAgJ.exe
  2⤵
  PID:13208
- C:\Windows\System\MWXpGLB.exe
  C:\Windows\System\MWXpGLB.exe
  2⤵
  PID:13248
- C:\Windows\System\jIvUKOg.exe
  C:\Windows\System\jIvUKOg.exe
  2⤵
  PID:13268
- C:\Windows\System\aGooTDt.exe
  C:\Windows\System\aGooTDt.exe
  2⤵
  PID:13296
- C:\Windows\System\HHxpqLF.exe
  C:\Windows\System\HHxpqLF.exe
  2⤵
  PID:12320
- C:\Windows\System\LfyfBSJ.exe
  C:\Windows\System\LfyfBSJ.exe
  2⤵
  PID:12384
- C:\Windows\System\mrTWjEe.exe
  C:\Windows\System\mrTWjEe.exe
  2⤵
  PID:12444
- C:\Windows\System\ocguqBS.exe
  C:\Windows\System\ocguqBS.exe
  2⤵
  PID:12496
- C:\Windows\System\jMiFkBy.exe
  C:\Windows\System\jMiFkBy.exe
  2⤵
  PID:12556
- C:\Windows\System\NehIGsg.exe
  C:\Windows\System\NehIGsg.exe
  2⤵
  PID:12640
- C:\Windows\System\UyWDgmS.exe
  C:\Windows\System\UyWDgmS.exe
  2⤵
  PID:12720
- C:\Windows\System\YUJDYEu.exe
  C:\Windows\System\YUJDYEu.exe
  2⤵
  PID:12780
- C:\Windows\System\vfZrWfc.exe
  C:\Windows\System\vfZrWfc.exe
  2⤵
  PID:12828
- C:\Windows\System\nBbDkBR.exe
  C:\Windows\System\nBbDkBR.exe
  2⤵
  PID:1992
- C:\Windows\System\rrAqGnW.exe
  C:\Windows\System\rrAqGnW.exe
  2⤵
  PID:12924
- C:\Windows\System\nKCCoYc.exe
  C:\Windows\System\nKCCoYc.exe
  2⤵
  PID:12980
- C:\Windows\System\wVgDDPM.exe
  C:\Windows\System\wVgDDPM.exe
  2⤵
  PID:13052
- C:\Windows\System\rbOEGcH.exe
  C:\Windows\System\rbOEGcH.exe
  2⤵
  PID:13092
- C:\Windows\System\XxvnRcR.exe
  C:\Windows\System\XxvnRcR.exe
  2⤵
  PID:13148
- C:\Windows\System\tGjCYAI.exe
  C:\Windows\System\tGjCYAI.exe
  2⤵
  PID:13224
- C:\Windows\System\nJvfJmS.exe
  C:\Windows\System\nJvfJmS.exe
  2⤵
  PID:13284
- C:\Windows\System\UwgDEam.exe
  C:\Windows\System\UwgDEam.exe
  2⤵
  PID:12376
- C:\Windows\System\bOJHfSq.exe
  C:\Windows\System\bOJHfSq.exe
  2⤵
  PID:12488
- C:\Windows\System\TjeHglJ.exe
  C:\Windows\System\TjeHglJ.exe
  2⤵
  PID:12660
- C:\Windows\System\fYeVkgK.exe
  C:\Windows\System\fYeVkgK.exe
  2⤵
  PID:12808
- C:\Windows\System\YxFalqt.exe
  C:\Windows\System\YxFalqt.exe
  2⤵
  PID:12976
- C:\Windows\System\eolhrSx.exe
  C:\Windows\System\eolhrSx.exe
  2⤵
  PID:13080
- C:\Windows\System\PnUUzca.exe
  C:\Windows\System\PnUUzca.exe
  2⤵
  PID:13204
- C:\Windows\System\RYqJcni.exe
  C:\Windows\System\RYqJcni.exe
  2⤵
  PID:956
- C:\Windows\System\ZJBRGxp.exe
  C:\Windows\System\ZJBRGxp.exe
  2⤵
  PID:12752
- C:\Windows\System\wpaDPBL.exe
  C:\Windows\System\wpaDPBL.exe
  2⤵
  PID:13032
- C:\Windows\System\UduFmPe.exe
  C:\Windows\System\UduFmPe.exe
  2⤵
  PID:13200
- C:\Windows\System\FIHYsRn.exe
  C:\Windows\System\FIHYsRn.exe
  2⤵
  PID:12744
- C:\Windows\System\wqNNjDD.exe
  C:\Windows\System\wqNNjDD.exe
  2⤵
  PID:12348
- C:\Windows\System\zXvOuyk.exe
  C:\Windows\System\zXvOuyk.exe
  2⤵
  PID:13176
- C:\Windows\System\ZClgpei.exe
  C:\Windows\System\ZClgpei.exe
  2⤵
  PID:13348
- C:\Windows\System\EjrEMmA.exe
  C:\Windows\System\EjrEMmA.exe
  2⤵
  PID:13372
- C:\Windows\System\fZBKJWR.exe
  C:\Windows\System\fZBKJWR.exe
  2⤵
  PID:13400
- C:\Windows\System\RTfnlyQ.exe
  C:\Windows\System\RTfnlyQ.exe
  2⤵
  PID:13428
- C:\Windows\System\MOKDOZr.exe
  C:\Windows\System\MOKDOZr.exe
  2⤵
  PID:13456
- C:\Windows\System\vxTjZEy.exe
  C:\Windows\System\vxTjZEy.exe
  2⤵
  PID:13484
- C:\Windows\System\pJGgmOP.exe
  C:\Windows\System\pJGgmOP.exe
  2⤵
  PID:13512
- C:\Windows\System\CJGbeNd.exe
  C:\Windows\System\CJGbeNd.exe
  2⤵
  PID:13540
- C:\Windows\System\lczkBTO.exe
  C:\Windows\System\lczkBTO.exe
  2⤵
  PID:13568
- C:\Windows\System\aYSGAEU.exe
  C:\Windows\System\aYSGAEU.exe
  2⤵
  PID:13596
- C:\Windows\System\kAHrOEv.exe
  C:\Windows\System\kAHrOEv.exe
  2⤵
  PID:13624
- C:\Windows\System\iZxQOCP.exe
  C:\Windows\System\iZxQOCP.exe
  2⤵
  PID:13652
- C:\Windows\System\pYEzhBQ.exe
  C:\Windows\System\pYEzhBQ.exe
  2⤵
  PID:13680
- C:\Windows\System\YLKdncV.exe
  C:\Windows\System\YLKdncV.exe
  2⤵
  PID:13708
- C:\Windows\System\nFHRKYA.exe
  C:\Windows\System\nFHRKYA.exe
  2⤵
  PID:13736
- C:\Windows\System\DWkWATO.exe
  C:\Windows\System\DWkWATO.exe
  2⤵
  PID:13764
- C:\Windows\System\XODcQBM.exe
  C:\Windows\System\XODcQBM.exe
  2⤵
  PID:13812
- C:\Windows\System\opEJCkp.exe
  C:\Windows\System\opEJCkp.exe
  2⤵
  PID:13828
- C:\Windows\System\IkkwEHt.exe
  C:\Windows\System\IkkwEHt.exe
  2⤵
  PID:13856
- C:\Windows\System\kyirTqu.exe
  C:\Windows\System\kyirTqu.exe
  2⤵
  PID:13884
- C:\Windows\System\HpxJTEw.exe
  C:\Windows\System\HpxJTEw.exe
  2⤵
  PID:13912
- C:\Windows\System\fVvzskg.exe
  C:\Windows\System\fVvzskg.exe
  2⤵
  PID:13940
- C:\Windows\System\LcMQyer.exe
  C:\Windows\System\LcMQyer.exe
  2⤵
  PID:13976
- C:\Windows\System\ZokHReZ.exe
  C:\Windows\System\ZokHReZ.exe
  2⤵
  PID:13996
- C:\Windows\System\tfWmNhj.exe
  C:\Windows\System\tfWmNhj.exe
  2⤵
  PID:14024
- C:\Windows\System\xFXyOqo.exe
  C:\Windows\System\xFXyOqo.exe
  2⤵
  PID:14052
- C:\Windows\System\BBxjVvM.exe
  C:\Windows\System\BBxjVvM.exe
  2⤵
  PID:14080
- C:\Windows\System\OCCGtOj.exe
  C:\Windows\System\OCCGtOj.exe
  2⤵
  PID:14112
- C:\Windows\System\mzdFeiA.exe
  C:\Windows\System\mzdFeiA.exe
  2⤵
  PID:14152
- C:\Windows\System\IYGjXFD.exe
  C:\Windows\System\IYGjXFD.exe
  2⤵
  PID:14172
- C:\Windows\System\esHidWC.exe
  C:\Windows\System\esHidWC.exe
  2⤵
  PID:14196
- C:\Windows\System\rWqPJRU.exe
  C:\Windows\System\rWqPJRU.exe
  2⤵
  PID:14224
- C:\Windows\System\fjwdBWb.exe
  C:\Windows\System\fjwdBWb.exe
  2⤵
  PID:14252
- C:\Windows\System\rSpbrBX.exe
  C:\Windows\System\rSpbrBX.exe
  2⤵
  PID:14280
- C:\Windows\System\KLSwrKi.exe
  C:\Windows\System\KLSwrKi.exe
  2⤵
  PID:14316
- C:\Windows\System\ZlonbHs.exe
  C:\Windows\System\ZlonbHs.exe
  2⤵
  PID:13336
- C:\Windows\System\JKgcQYg.exe
  C:\Windows\System\JKgcQYg.exe
  2⤵
  PID:13412
- C:\Windows\System\yxpgHFV.exe
  C:\Windows\System\yxpgHFV.exe
  2⤵
  PID:13448
- C:\Windows\System\XdGnAXb.exe
  C:\Windows\System\XdGnAXb.exe
  2⤵
  PID:13532
- C:\Windows\System\pbAIvqW.exe
  C:\Windows\System\pbAIvqW.exe
  2⤵
  PID:13580
- C:\Windows\System\uiaGJHi.exe
  C:\Windows\System\uiaGJHi.exe
  2⤵
  PID:13644
- C:\Windows\System\KUatmDe.exe
  C:\Windows\System\KUatmDe.exe
  2⤵
  PID:13704
- C:\Windows\System\SNeTKpG.exe
  C:\Windows\System\SNeTKpG.exe
  2⤵
  PID:13776
- C:\Windows\System\UOXqDRc.exe
  C:\Windows\System\UOXqDRc.exe
  2⤵
  PID:13824
- C:\Windows\System\zWNddTO.exe
  C:\Windows\System\zWNddTO.exe
  2⤵
  PID:13368
- C:\Windows\System\qaUKYjK.exe
  C:\Windows\System\qaUKYjK.exe
  2⤵
  PID:13936
- C:\Windows\System\LLVIJOe.exe
  C:\Windows\System\LLVIJOe.exe
  2⤵
  PID:14012
- C:\Windows\System\hfFAkbG.exe
  C:\Windows\System\hfFAkbG.exe
  2⤵
  PID:14072
- C:\Windows\System\eceRAki.exe
  C:\Windows\System\eceRAki.exe
  2⤵
  PID:14148
- C:\Windows\System\pvfZLIB.exe
  C:\Windows\System\pvfZLIB.exe
  2⤵
  PID:14208
- C:\Windows\System\OmRExKb.exe
  C:\Windows\System\OmRExKb.exe
  2⤵
  PID:14272
- C:\Windows\System\EPGNUYz.exe
  C:\Windows\System\EPGNUYz.exe
  2⤵
  PID:13324
- C:\Windows\System\tNRSiRa.exe
  C:\Windows\System\tNRSiRa.exe
  2⤵
  PID:1608
- C:\Windows\System\haJOIiM.exe
  C:\Windows\System\haJOIiM.exe
  2⤵
  PID:13552
- C:\Windows\System\BKoXRiJ.exe
  C:\Windows\System\BKoXRiJ.exe
  2⤵
  PID:13696
- C:\Windows\System\syIcKMB.exe
  C:\Windows\System\syIcKMB.exe
  2⤵
  PID:3664
- C:\Windows\System\YGglDNG.exe
  C:\Windows\System\YGglDNG.exe
  2⤵
  PID:13984
- C:\Windows\System\VnWJrNy.exe
  C:\Windows\System\VnWJrNy.exe
  2⤵
  PID:14132
- C:\Windows\System\mSBIZiU.exe
  C:\Windows\System\mSBIZiU.exe
  2⤵
  PID:14300
- C:\Windows\System\FVwMjVJ.exe
  C:\Windows\System\FVwMjVJ.exe
  2⤵
  PID:2248
- C:\Windows\System\TOBtIoH.exe
  C:\Windows\System\TOBtIoH.exe
  2⤵
  PID:3904
- C:\Windows\System\UGjwFhv.exe
  C:\Windows\System\UGjwFhv.exe
  2⤵
  PID:14192
- C:\Windows\System\aZtnXNt.exe
  C:\Windows\System\aZtnXNt.exe
  2⤵
  PID:13620
- C:\Windows\System\gwnaqwt.exe
  C:\Windows\System\gwnaqwt.exe
  2⤵
  PID:13424
- C:\Windows\System\cTYemaH.exe
  C:\Windows\System\cTYemaH.exe
  2⤵
  PID:1736
- C:\Windows\System\Rxhwkls.exe
  C:\Windows\System\Rxhwkls.exe
  2⤵
  PID:14356
- C:\Windows\System\WDOMJKE.exe
  C:\Windows\System\WDOMJKE.exe
  2⤵
  PID:14384
- C:\Windows\System\HFUgFnG.exe
  C:\Windows\System\HFUgFnG.exe
  2⤵
  PID:14412
- C:\Windows\System\uiztqjn.exe
  C:\Windows\System\uiztqjn.exe
  2⤵
  PID:14440
- C:\Windows\System\pmsJEqB.exe
  C:\Windows\System\pmsJEqB.exe
  2⤵
  PID:14468
- C:\Windows\System\ZQFlaRl.exe
  C:\Windows\System\ZQFlaRl.exe
  2⤵
  PID:14496
- C:\Windows\System\JCqeLWG.exe
  C:\Windows\System\JCqeLWG.exe
  2⤵
  PID:14524
- C:\Windows\System\aIwCvAa.exe
  C:\Windows\System\aIwCvAa.exe
  2⤵
  PID:14560
- C:\Windows\System\JPCkgNz.exe
  C:\Windows\System\JPCkgNz.exe
  2⤵
  PID:14580
- C:\Windows\System\iFtXwVw.exe
  C:\Windows\System\iFtXwVw.exe
  2⤵
  PID:14616
- C:\Windows\System\JzSlmBc.exe
  C:\Windows\System\JzSlmBc.exe
  2⤵
  PID:14636
- C:\Windows\System\HgZcBCa.exe
  C:\Windows\System\HgZcBCa.exe
  2⤵
  PID:14664
- C:\Windows\System\WLvZFPp.exe
  C:\Windows\System\WLvZFPp.exe
  2⤵
  PID:14692
- C:\Windows\System\SCydeQA.exe
  C:\Windows\System\SCydeQA.exe
  2⤵
  PID:14720
- C:\Windows\System\VCvsgee.exe
  C:\Windows\System\VCvsgee.exe
  2⤵
  PID:14748
- C:\Windows\System\evXsTON.exe
  C:\Windows\System\evXsTON.exe
  2⤵
  PID:14776
- C:\Windows\System\ruyBCKj.exe
  C:\Windows\System\ruyBCKj.exe
  2⤵
  PID:14804
- C:\Windows\System\rFfqzqM.exe
  C:\Windows\System\rFfqzqM.exe
  2⤵
  PID:14832
- C:\Windows\System\tEYFxbM.exe
  C:\Windows\System\tEYFxbM.exe
  2⤵
  PID:14860
- C:\Windows\System\CqRRunP.exe
  C:\Windows\System\CqRRunP.exe
  2⤵
  PID:14888
- C:\Windows\System\fbZrEMG.exe
  C:\Windows\System\fbZrEMG.exe
  2⤵
  PID:14916
- C:\Windows\System\jLlHJHu.exe
  C:\Windows\System\jLlHJHu.exe
  2⤵
  PID:14944
- C:\Windows\System\fONZMct.exe
  C:\Windows\System\fONZMct.exe
  2⤵
  PID:14972
- C:\Windows\System\CsijVEV.exe
  C:\Windows\System\CsijVEV.exe
  2⤵
  PID:15004
- C:\Windows\System\FVuGKJh.exe
  C:\Windows\System\FVuGKJh.exe
  2⤵
  PID:15032
- C:\Windows\System\JrYZImP.exe
  C:\Windows\System\JrYZImP.exe
  2⤵
  PID:15060
- C:\Windows\System\sVZRAut.exe
  C:\Windows\System\sVZRAut.exe
  2⤵
  PID:15088
- C:\Windows\System\DIPJbYe.exe
  C:\Windows\System\DIPJbYe.exe
  2⤵
  PID:15120
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 15120 -s 248
    3⤵
    PID:14824
- C:\Windows\System\hXlUxhQ.exe
  C:\Windows\System\hXlUxhQ.exe
  2⤵
  PID:15280
- C:\Windows\System\tYSWwNo.exe
  C:\Windows\System\tYSWwNo.exe
  2⤵
  PID:15296
- C:\Windows\System\fASPwLx.exe
  C:\Windows\System\fASPwLx.exe
  2⤵
  PID:14536
- C:\Windows\System\KCIyYuB.exe
  C:\Windows\System\KCIyYuB.exe
  2⤵
  PID:4924
- C:\Windows\System\AJoYaae.exe
  C:\Windows\System\AJoYaae.exe
  2⤵
  PID:15260
- C:\Windows\System\UFYcUcu.exe
  C:\Windows\System\UFYcUcu.exe
  2⤵
  PID:14344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ENSKLTk.exe

Filesize
6.0MB

MD5
e9831c940ce3050ee57fa7a1e70d4573

SHA1
3b2586bc3b6ec7875650e18b057913ba149381f1

SHA256
b0a5c51351cb5c9c5f37b48de07e37674b42761254a434f55e428fde80cc230d

SHA512
43a7b6c4d76959bf89b1834b0e2503b8fdd6d3312a38bc07147d28128f7988f4bba1a6ac39b37e7eb90121ad84181b16a82e31e209c3beb3d8f784a4cca923b0

Download Submit
C:\Windows\System\FfePrem.exe

Filesize
6.0MB

MD5
c4b4bfb25ae78ccd1a9faf63d2e16f05

SHA1
387c004e8a8a2a4a2dfa4b4ea5580afbef4b1386

SHA256
7bd8567879cc4e9f456cc0e111c1900d79bac9b233051e5c6b922fa5b55cf765

SHA512
71af20135f767bd7e9972eb30fa11b7f930931a283d4980b13afa6852812923c3c0ba83aacf62b4b4ea0bb1864885ee45a217751b9e75d0dba27946894c67a31

Download Submit
C:\Windows\System\GTFNOQW.exe

Filesize
6.0MB

MD5
e542a3b47867ba2bd6b0b45083385e91

SHA1
720962a5ae7bae72de4555b3403627601122e764

SHA256
fe2a696f27fcfea107b5d3654173b515c7ec58a305f20dbdfe3f482c6ee28e8b

SHA512
232fb9851ef67434663cfead082ce2917e5f02fbe9f332a0691b28e61b28c91b45557b0af77b3ac4ddcd0e26758faba7d39f95fd2fa614ec6c7cb45c605d5a68

Download Submit
C:\Windows\System\IYkkBFN.exe

Filesize
6.0MB

MD5
ea440f6b91afb02fd9f15b5b564cf1f1

SHA1
7fe00669f8dd944e26cba39c7654ee9e757fd743

SHA256
da963e1b7cfeb6b099856972f55f409dae2453d19c0aff167f9c67e314dab9ec

SHA512
2c4388720528ed306c04f4312235c0b3a016e23ef86bcc0813472189ec55541ef2725ed99a9354210f527e5245f37023fb246088c1f9782f22a4c705de99cc22

Download Submit
C:\Windows\System\JeCDvwd.exe

Filesize
6.0MB

MD5
64eb6a305518dcc17ccec84015c90ca7

SHA1
809c6fe5d1fc2ca873230840f1cdb0b3daaab0e6

SHA256
fbab7720c6540d1ba447e4f7c474214c029ecb91455bde4015fb5556ab908a75

SHA512
4bd21f15bed6641b85eb589970f7271ed145ad072c4c056ad782064eb22ce04edf4999f5ea029f2473752fb0f183a617412f2bfca8828cf57c83261da5ac271c

Download Submit
C:\Windows\System\JgbHwls.exe

Filesize
6.0MB

MD5
7a75961c10ef79d832601ec62721e1c5

SHA1
fffd797208409edaed1bc023de453b11cdfd51ef

SHA256
a9439893d44660a0e5f38dc11b7563afad3c4d2e242281d1a70c62e9244c7102

SHA512
1e78b0222e6e16be06d584cae527f7a35c126b929ca31cae255f48088a0673a32d0bcbc8ef9fa95cb610e7b60ea626efae04ac3274eba1bf749c26504869e47e

Download Submit
C:\Windows\System\Jifqudy.exe

Filesize
6.0MB

MD5
8602f8ede9ae5d48e2c5e87c5e5937bd

SHA1
563dd656c56e521cd9b262919dd599df97e2b9cb

SHA256
a87cb5cfd49260ba3413e1090615a167fa18a85006f47f25e65e79d2934728b1

SHA512
a96dbcdf044c7fce13dcb7c8f9717fc7472b5d26a84f2e9cc47a6dc71eeb20fb6607a5e19dee33daf35ee1e6942b9806c58d8590e91df1aef152162dafd1ae77

Download Submit
C:\Windows\System\MSSPczD.exe

Filesize
6.0MB

MD5
43f3cacbabbe28022ba002d213c8263d

SHA1
417899336fd185937aa4344a9b921470146299de

SHA256
e4ebdc8124fe01a0b16584f18aa5ddf9764e52c1652315bf7947e7e8f57d8364

SHA512
1a80f310feb69f7f4294ea56cf636542f4340cb2129eebf8515631d370839923509414f9e39243fec5b130ded9fbf83caaa8f5e64e1fc0de570c4d6dd6913e29

Download Submit
C:\Windows\System\OpAcLvT.exe

Filesize
6.0MB

MD5
9f3122792ce0f1d611c61b259a059e3b

SHA1
5091db3e5c931ea001f1f1a31422d5b72d0aec51

SHA256
e5a6a593b7ac37659f66405858472b31db75cdd72a5f92f7c4421c90d0dad1ed

SHA512
584a23e5ba1ddbb6bf3c453ead6251e1e6b92e2c0f8305dca65dc3f7070da9cc3084ff172ef1444aef3d52eae0210707cd6ca22d6e3d5433743bac65e5dcde5e

Download Submit
C:\Windows\System\PBVkuUw.exe

Filesize
6.0MB

MD5
3cd1510ea7d96063009df1f48e954e30

SHA1
69b5a0caa497af4c742ee5ee83d89e7f30f84518

SHA256
e6103e34d2e9cdc8f8769d8327c27f48062675be264ddfc60a19a7780889fd4a

SHA512
9778768329b6cf4226ed22115215366f3716c5932672d149d4cd0122d63a8336191edad6699ab24df764ee70b847c0b04853c466f35cc8ac6674d1c2528e1f0c

Download Submit
C:\Windows\System\RfVUwUg.exe

Filesize
6.0MB

MD5
510e5429b1352ca823d5ec37df8c1c22

SHA1
992b3a86ef1cf121913d8c471b3ed8dd787f1f9e

SHA256
43e7f6125108e3c0199c9279c63e7c6646c6915d62fd37b5fca13355ae872997

SHA512
f13a33a64fbf09a4763f176a841242e8969288c3b5a0da20b86fe1939e3807c13d4c819a67b940619ee54c1a11fb70eeed31b7b83d76b78c156a9f036366486d

Download Submit
C:\Windows\System\RgSeUba.exe

Filesize
6.0MB

MD5
c6cc345bc534a9d96ac153f1504c3251

SHA1
2e644a92c1d1878cc131e4f7248c38af832ccd58

SHA256
02f22788c9aefbb68e2d428839706c8ea28de70a929065d5b0ad2b9d089166ae

SHA512
cde79cb01c96f307eb62748044bec2f98a066c22fd491af8424b3403021e1b090175f40e901d23a4fa3ed0d837bd9219595c4021e1edf3e95908c374e8046c16

Download Submit
C:\Windows\System\UDEeGOh.exe

Filesize
6.0MB

MD5
c6d50d3df0cc68be5145db376647dc95

SHA1
71d8c5f5708083452d0ff140c668fa44af2104f7

SHA256
39556de3ec4d68e243d5325a0a63fe7940e8d4a13762e07b0fb0f9afe5c717c3

SHA512
e1d298cb64a5db488a076f9ea2e2f3e655d90719bb72e5ac3eadf37ebbd306be012ff1ff73cd6fddac8cb92eadab1a1dc1aa19438a0d488a757529a3f87454f6

Download Submit
C:\Windows\System\UvKVXzs.exe

Filesize
6.0MB

MD5
628894c0cfa6edbab43c1ed0e1f58f62

SHA1
16d88792a93951d3a4084155b9558c8e8439ef7f

SHA256
c9a4aa5cbf6501b3081a1b11aeed015dce4692450a7bfce9bb40c7be9da0daed

SHA512
19ef4f306f1e76adc1ea1c9f6a2d0cd7be7a4bfd51258db8416158f054bd42b3f661b4dbee0263c00405d66976dd6b4b629bcca4f9612fcf86e2e073bfb1749b

Download Submit
C:\Windows\System\XWCLXOh.exe

Filesize
6.0MB

MD5
99d28f7d52c796948c8323fe83399466

SHA1
ca3ade50cd9cbdb0525c263c6ab601abb2dce219

SHA256
fd66cacf42e22c32c146ceadbec8b07e4b624af1a50402b7ff6a70d089de07d2

SHA512
1d5b86126b0de471c71971d6580facb2c5ffb3a874c1a2bee368f194466ed7b22d8485f1aac1f9232271a0eaa5ccdb242cec78730fdbf10046b096db11078bc1

Download Submit
C:\Windows\System\YSYzSbw.exe

Filesize
6.0MB

MD5
7abfe36f176de6bf13eeeb4afb56bc8b

SHA1
147bb6997f987bf19b073f0f28b497c2ba581a4c

SHA256
59195e8aee1c1501cbb3f76cb7904896a84a06839c776af836f7224631971fbc

SHA512
6d9e0d74933aa1051ede8ff7425077d3398571dcd4672a340036b6cffcd35a780ff397f241dcd1350d42df592b06fb9fcd8218394054c02b55d5f7f519d9a68f

Download Submit
C:\Windows\System\ZEbvfLD.exe

Filesize
6.0MB

MD5
e8aea7fd64e555b704e09f91aa2120a4

SHA1
1b76911f26b419cc0429af0db74cd43d88c8c343

SHA256
06b3df1201c5f9f763483500f4cccc00651ea5904ff6f54c84297ced6e2ee23f

SHA512
25004085b68f524536ff8e9afad4b96641ee5c6a7454aeaf1db2458bf6a4d5c56e8ae6f39917f7e451df1b1fbe534d9381d509f2e3be30c941bd9dacb8d600aa

Download Submit
C:\Windows\System\bXdHeok.exe

Filesize
6.0MB

MD5
886886023da2704dd3e8b38d0957f983

SHA1
82e43448ae56f98390ddcb8ecb91abfd93d0477e

SHA256
a99da0501f6999212005b25cfb81eec882e9208f808ec517073b84a53c292c9e

SHA512
be6f1dbb875468bf58025f9601488d5e57fb27cb61ec2be53d22e888c48c2775ba307909b195254852342af33a6c021bd47656dff9d5c0c3f2c8985d5d441f15

Download Submit
C:\Windows\System\fjewqnR.exe

Filesize
6.0MB

MD5
6a60d4f7229c68cc6e1b8bc83c47c69d

SHA1
e6efb0455a5ef10fd864a25d362ffc8a3a911fca

SHA256
a6183eedd984291cddc6788860380153c7476fa1a3b832d4dc2df5c76c400a12

SHA512
67dc1ea9e9a3d7c9386441d80b793d50bd429be4bb77f4caf15a4b0b6c134c15a78d270085d0505e083db98e37c348fed793394e309daae5b9cb3c79b2da0ec9

Download Submit
C:\Windows\System\gUcHhqh.exe

Filesize
6.0MB

MD5
09caca3927e7197f801130a7fa7b26ac

SHA1
8d08d69e165956b80e1dec1c3ca5089c2aa193b9

SHA256
27016f81d7f0580c4b3f6d358a2ec1232135c44ea03b9ed6446ebe70c6b4cec8

SHA512
5132b18965892c12b351ea0a1f81e868a53abd6e91c0ddd104ee88e69e497973fc877b3559dec83139e139d39b1b23e4b23f9d85a31d762dfd43a99f69b23d2d

Download Submit
C:\Windows\System\hQooHOQ.exe

Filesize
6.0MB

MD5
bf0e5ab9819a1d80e9641df6d42cb90e

SHA1
0425a32fc419e63d1bfe4380500366db504d8b6c

SHA256
481b3243c810a81d8ee5685f18957a88d7a486cec1f32035b89d5b8bb4df7bc5

SHA512
718c59c62665e8cb254024a2b1f9425ae6b64942b5026a11c9ba555f32e9f6fcbe1f1576ba278f30907f280470363db9f66baa7366a9d9ef4abadeb7fb8d2a2e

Download Submit
C:\Windows\System\hlSITzl.exe

Filesize
6.0MB

MD5
136572cbc0cf49b9f85e41fd7d2f5260

SHA1
92b1b92e084455bfc327f693c87dea280ffa62ee

SHA256
81eae1f24975e973479b18ebd809e7a480d6a52b396e8feb3ac90a4fdd5abdb6

SHA512
1e0d42336393c57f52674264632466548af08d371e01cca84fc65e41276cffb7aa12db9734970ef8d38f76dcf826c408ce6df942273e209b9c59f8a628510e23

Download Submit
C:\Windows\System\nifZRiS.exe

Filesize
6.0MB

MD5
ae63fe0a0a238a9d038e8cf6e4d1d6a7

SHA1
adb9197c03aebdea76f3d740e951426f2fa49dab

SHA256
209ce7e1e4d757aaee9ef3ce12037dd463f590d1a3bdb597f878ec1eb939afbe

SHA512
2b5dac723fa6c8d0702efc8936bdaa1899d008f734fe1acc6e421d381583c3b00a6d3f191ef75938381fccd276cd42183b4ae33213caa15b9c6f8e0001417a26

Download Submit
C:\Windows\System\pWQmNcZ.exe

Filesize
6.0MB

MD5
87913ab0b8719916764803be51cd4aef

SHA1
a152906e7b43d785bce8400ba5f15eb12b43fae9

SHA256
3c24a8b703be2f824d08ff4ba74ab21001d9b8a96b0ff65ff9c0e7f031168d8d

SHA512
dea78ce5d8f96c86c3f357a2b810275256d15af52e24ea1f72a7d2704c99992fa02853253e57abadfb59939ef2edb24a84e4bdeab027189dba97409047618722

Download Submit
C:\Windows\System\rvPoVrD.exe

Filesize
6.0MB

MD5
592879f130f7fd0c20aea14f6bb82fd6

SHA1
04a8399088352909fe0b05c34da2b019636ccebe

SHA256
d390ec06d766c3325b57269274a91665fcf4fa695d8dce645b2de525b495e3a5

SHA512
0b64d263a6cf242ea235dd4ffb69455c7b541247fadeb60ed1e652b2372f36edaafa9fadb8d082a7de38473202248bae13a67a068b2f29563e3cc98aedc9608c

Download Submit
C:\Windows\System\sXBXQjk.exe

Filesize
6.0MB

MD5
82a4021d59c6d83dfda7295ac4d47abf

SHA1
beab045163b92c1899081d6f1a8755a9274077a4

SHA256
e91fb768b47364ac3db3447c0155af33e22e9794638f40c520a0db9e6a268736

SHA512
5e4f3fc76758346736fef037990636513c2fdd61ea8fa98362611dd06bef7a82066b933e56920eadb19f3a574b29a0f74f8a19442d6182e21229ba6b83d78303

Download Submit
C:\Windows\System\tBJOFOx.exe

Filesize
6.0MB

MD5
048ebb649f183fd67d91b74bca5d8e16

SHA1
89b49e33e33d631e37ddd9dc9ebc4da4084cd700

SHA256
577acff09c7ed656f5200a7df5950c514353f513005cb7bb49d76a36176e2f3e

SHA512
12735afba9c094ace75bbd021f9267fec6dc10d29741bcbefb36bace9a0a97e01e7d66f5b723fb421d3ef6f973f61ffcb930e4b3bfb0347f0614a239f5d079f3

Download Submit
C:\Windows\System\ujcLOvJ.exe

Filesize
6.0MB

MD5
6af996cb512b77417eb9362ac9940f59

SHA1
dee8b75fe98a468dc09cea6c9151730f8e078d73

SHA256
75c18cae711d0704353817007b2ff586088f90467c8cf66c6ea85ecf3d5350ab

SHA512
e0642437d4e3a9d6331148b13e71e0d41694a2268acaba04548d0b06d460f8c76b232c9bf59978f490df7d51fe36a2641dc867037064fa10556afa492412b6e4

Download Submit
C:\Windows\System\ulknvIp.exe

Filesize
6.0MB

MD5
1c051c7b752c6a2e30e8a778877ea071

SHA1
eeed559235c0ea3d5b66eda532e03df9d00a0450

SHA256
5fb112834b89b49ea90b3a37f6ae0c1231b7fa243b039bc60a799103ebb31f2a

SHA512
c895389078709aaa81d828798115d6edf7158a03ecb0a2087884d17c951f21b73fb60fac83741075d5244f002c0cc85e21b64d6e8bb3cb01c24fa8969f85d1bc

Download Submit
C:\Windows\System\wOVjwan.exe

Filesize
6.0MB

MD5
1e061e9117a3db21f99208fd8cd3c864

SHA1
198e016ce017597553c6a894bed486359aadfbec

SHA256
1c9ca42940f9b909d1b9bba413ea34a1366799d8e695cc53f9a393a3b88da02b

SHA512
5b83ce673ef28564c3005c6d22514b4daca7b4f9bbb2cbb67a28f456ec89d64d0e831a54586b28875862b638ab8f5095424849b344bf169c720a092bc9c88a8f

Download Submit
C:\Windows\System\wtikZHt.exe

Filesize
6.0MB

MD5
041a9501f3796e245968657bb9500c83

SHA1
34fc2ba06dff63978f2f5e662884db791f4beb8c

SHA256
8dad9a0397bc2c14eaf5f20878f908f57ea24fed981f0f42e5a431a47d0bb0f6

SHA512
35dac763772e36ec5a142f25bff2f5dc72b1a86efa4f9ac5e31b225fb4f91f5cac130df913d97e33aade8ab23988407f7f3d6ce5bcfc00664bf7b86d2d5237cc

Download Submit
C:\Windows\System\ynctHoR.exe

Filesize
6.0MB

MD5
57a2135bd3b8b35e5f676f80b16dae0a

SHA1
38f57dbfa2365ea4468b042ef8f1ca94ac40df04

SHA256
f03cbe1519aaa20df55bd36d9103f2413f8fb9ba09d69a099d0ef833b15c3c3a

SHA512
2a3ff62d10bbb4f4d4bacbf49adbb1be1fca28636a190f0ad83efa63e8727841d5e94593952efb37a5ceb3a916f44f326c1ac6b82ca04290c2614a65e179d75e

Download Submit
memory/32-152-0x00007FF711240000-0x00007FF711594000-memory.dmp

Filesize
3.3MB

Download
memory/32-84-0x00007FF711240000-0x00007FF711594000-memory.dmp

Filesize
3.3MB

Download
memory/428-18-0x00007FF6390B0000-0x00007FF639404000-memory.dmp

Filesize
3.3MB

Download
memory/428-81-0x00007FF6390B0000-0x00007FF639404000-memory.dmp

Filesize
3.3MB

Download
memory/512-138-0x00007FF739B30000-0x00007FF739E84000-memory.dmp

Filesize
3.3MB

Download
memory/512-74-0x00007FF739B30000-0x00007FF739E84000-memory.dmp

Filesize
3.3MB

Download
memory/736-161-0x00007FF671500000-0x00007FF671854000-memory.dmp

Filesize
3.3MB

Download
memory/736-2483-0x00007FF671500000-0x00007FF671854000-memory.dmp

Filesize
3.3MB

Download
memory/748-171-0x00007FF770C30000-0x00007FF770F84000-memory.dmp

Filesize
3.3MB

Download
memory/748-2485-0x00007FF770C30000-0x00007FF770F84000-memory.dmp

Filesize
3.3MB

Download
memory/748-536-0x00007FF770C30000-0x00007FF770F84000-memory.dmp

Filesize
3.3MB

Download
memory/960-2480-0x00007FF719320000-0x00007FF719674000-memory.dmp

Filesize
3.3MB

Download
memory/960-139-0x00007FF719320000-0x00007FF719674000-memory.dmp

Filesize
3.3MB

Download
memory/960-224-0x00007FF719320000-0x00007FF719674000-memory.dmp

Filesize
3.3MB

Download
memory/996-2488-0x00007FF678810000-0x00007FF678B64000-memory.dmp

Filesize
3.3MB

Download
memory/996-191-0x00007FF678810000-0x00007FF678B64000-memory.dmp

Filesize
3.3MB

Download
memory/996-706-0x00007FF678810000-0x00007FF678B64000-memory.dmp

Filesize
3.3MB

Download
memory/1004-651-0x00007FF610250000-0x00007FF6105A4000-memory.dmp

Filesize
3.3MB

Download
memory/1004-184-0x00007FF610250000-0x00007FF6105A4000-memory.dmp

Filesize
3.3MB

Download
memory/1004-2487-0x00007FF610250000-0x00007FF6105A4000-memory.dmp

Filesize
3.3MB

Download
memory/1156-2474-0x00007FF660CF0000-0x00007FF661044000-memory.dmp

Filesize
3.3MB

Download
memory/1156-99-0x00007FF660CF0000-0x00007FF661044000-memory.dmp

Filesize
3.3MB

Download
memory/1168-98-0x00007FF718E30000-0x00007FF719184000-memory.dmp

Filesize
3.3MB

Download
memory/1168-35-0x00007FF718E30000-0x00007FF719184000-memory.dmp

Filesize
3.3MB

Download
memory/1316-2220-0x00007FF6D4A90000-0x00007FF6D4DE4000-memory.dmp

Filesize
3.3MB

Download
memory/1316-67-0x00007FF6D4A90000-0x00007FF6D4DE4000-memory.dmp

Filesize
3.3MB

Download
memory/1316-8-0x00007FF6D4A90000-0x00007FF6D4DE4000-memory.dmp

Filesize
3.3MB

Download
memory/1592-126-0x00007FF71DA80000-0x00007FF71DDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1592-2478-0x00007FF71DA80000-0x00007FF71DDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1592-190-0x00007FF71DA80000-0x00007FF71DDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1980-133-0x00007FF6D2B90000-0x00007FF6D2EE4000-memory.dmp

Filesize
3.3MB

Download
memory/1980-68-0x00007FF6D2B90000-0x00007FF6D2EE4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-160-0x00007FF7C1270000-0x00007FF7C15C4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-90-0x00007FF7C1270000-0x00007FF7C15C4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-2482-0x00007FF7F8A30000-0x00007FF7F8D84000-memory.dmp

Filesize
3.3MB

Download
memory/2312-330-0x00007FF7F8A30000-0x00007FF7F8D84000-memory.dmp

Filesize
3.3MB

Download
memory/2312-153-0x00007FF7F8A30000-0x00007FF7F8D84000-memory.dmp

Filesize
3.3MB

Download
memory/2364-597-0x00007FF75F680000-0x00007FF75F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-178-0x00007FF75F680000-0x00007FF75F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-2486-0x00007FF75F680000-0x00007FF75F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-2476-0x00007FF6E8230000-0x00007FF6E8584000-memory.dmp

Filesize
3.3MB

Download
memory/2840-113-0x00007FF6E8230000-0x00007FF6E8584000-memory.dmp

Filesize
3.3MB

Download
memory/2864-60-0x00007FF6133A0000-0x00007FF6136F4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-0-0x00007FF6133A0000-0x00007FF6136F4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-1-0x00000285B3550000-0x00000285B3560000-memory.dmp

Filesize
64KB

Download
memory/2952-145-0x00007FF6FA520000-0x00007FF6FA874000-memory.dmp

Filesize
3.3MB

Download
memory/2952-273-0x00007FF6FA520000-0x00007FF6FA874000-memory.dmp

Filesize
3.3MB

Download
memory/2952-2481-0x00007FF6FA520000-0x00007FF6FA874000-memory.dmp

Filesize
3.3MB

Download
memory/3012-106-0x00007FF649130000-0x00007FF649484000-memory.dmp

Filesize
3.3MB

Download
memory/3012-2475-0x00007FF649130000-0x00007FF649484000-memory.dmp

Filesize
3.3MB

Download
memory/3320-42-0x00007FF684E90000-0x00007FF6851E4000-memory.dmp

Filesize
3.3MB

Download
memory/3320-105-0x00007FF684E90000-0x00007FF6851E4000-memory.dmp

Filesize
3.3MB

Download
memory/3496-85-0x00007FF7958D0000-0x00007FF795C24000-memory.dmp

Filesize
3.3MB

Download
memory/3496-24-0x00007FF7958D0000-0x00007FF795C24000-memory.dmp

Filesize
3.3MB

Download
memory/3532-469-0x00007FF7D6A50000-0x00007FF7D6DA4000-memory.dmp

Filesize
3.3MB

Download
memory/3532-2484-0x00007FF7D6A50000-0x00007FF7D6DA4000-memory.dmp

Filesize
3.3MB

Download
memory/3532-165-0x00007FF7D6A50000-0x00007FF7D6DA4000-memory.dmp

Filesize
3.3MB

Download
memory/3984-183-0x00007FF754BE0000-0x00007FF754F34000-memory.dmp

Filesize
3.3MB

Download
memory/3984-119-0x00007FF754BE0000-0x00007FF754F34000-memory.dmp

Filesize
3.3MB

Download
memory/3984-2477-0x00007FF754BE0000-0x00007FF754F34000-memory.dmp

Filesize
3.3MB

Download
memory/4308-14-0x00007FF70CD70000-0x00007FF70D0C4000-memory.dmp

Filesize
3.3MB

Download
memory/4308-73-0x00007FF70CD70000-0x00007FF70D0C4000-memory.dmp

Filesize
3.3MB

Download
memory/4456-118-0x00007FF7EF460000-0x00007FF7EF7B4000-memory.dmp

Filesize
3.3MB

Download
memory/4456-54-0x00007FF7EF460000-0x00007FF7EF7B4000-memory.dmp

Filesize
3.3MB

Download
memory/4536-112-0x00007FF75CDB0000-0x00007FF75D104000-memory.dmp

Filesize
3.3MB

Download
memory/4536-48-0x00007FF75CDB0000-0x00007FF75D104000-memory.dmp

Filesize
3.3MB

Download
memory/4908-2479-0x00007FF79FF00000-0x00007FF7A0254000-memory.dmp

Filesize
3.3MB

Download
memory/4908-134-0x00007FF79FF00000-0x00007FF7A0254000-memory.dmp

Filesize
3.3MB

Download
memory/5056-124-0x00007FF6E8EB0000-0x00007FF6E9204000-memory.dmp

Filesize
3.3MB

Download
memory/5056-62-0x00007FF6E8EB0000-0x00007FF6E9204000-memory.dmp

Filesize
3.3MB

Download
memory/5072-30-0x00007FF68B9A0000-0x00007FF68BCF4000-memory.dmp

Filesize
3.3MB

Download
memory/5072-89-0x00007FF68B9A0000-0x00007FF68BCF4000-memory.dmp

Filesize
3.3MB

Download