cobaltstrike | 366994dfc3982d2391dd80d34c9cfed2948699470e8a6e3c6f562ab0b66407c5

Analysis

max time kernel
93s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
01/02/2025, 01:00 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.7MB
MD5

e0e26744a84b50208a0df942e6b14db3
SHA1

ed22aaa2ceb92762a3fb0962e061a85409a6d562
SHA256

366994dfc3982d2391dd80d34c9cfed2948699470e8a6e3c6f562ab0b66407c5
SHA512

32b7c7e58d376752eac42f4dfb9e9b13edaaf2c079a58014834ca76fe381770d973d127fa02f55e830679e08afeb52430cf117ef3ce0fb245be237856dd02979
SSDEEP

98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lUG:j+R56utgpPF8u/7G

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0008000000023c21-5.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c24-11.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c28-10.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c29-20.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c2b-35.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c2c-48.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c30-62.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c31-70.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c2f-66.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c2d-56.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c2e-55.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c2a-27.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c33-86.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c35-96.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c36-101.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023c25-87.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c32-78.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c37-106.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c39-113.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c3a-118.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c3b-126.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c3c-132.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c3d-138.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023c41-154.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c3f-150.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c3e-144.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c43-162.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c44-167.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c46-176.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c45-179.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c47-180.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c48-192.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3516-0-0x00007FF745F00000-0x00007FF74624D000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c21-5.dat	xmrig
behavioral2/memory/2896-7-0x00007FF7E09C0000-0x00007FF7E0D0D000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c24-11.dat	xmrig
behavioral2/memory/4524-13-0x00007FF79F3A0000-0x00007FF79F6ED000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c28-10.dat	xmrig
behavioral2/files/0x0007000000023c29-20.dat	xmrig
behavioral2/memory/5024-31-0x00007FF726D10000-0x00007FF72705D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c2b-35.dat	xmrig
behavioral2/files/0x0007000000023c2c-48.dat	xmrig
behavioral2/files/0x0007000000023c30-62.dat	xmrig
behavioral2/memory/4340-71-0x00007FF60EC10000-0x00007FF60EF5D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c31-70.dat	xmrig
behavioral2/memory/2196-69-0x00007FF789110000-0x00007FF78945D000-memory.dmp	xmrig
behavioral2/memory/3164-67-0x00007FF7377D0000-0x00007FF737B1D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c2f-66.dat	xmrig
behavioral2/memory/772-63-0x00007FF6BDD90000-0x00007FF6BE0DD000-memory.dmp	xmrig
behavioral2/memory/2712-58-0x00007FF707360000-0x00007FF7076AD000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c2d-56.dat	xmrig
behavioral2/files/0x0007000000023c2e-55.dat	xmrig
behavioral2/memory/4088-51-0x00007FF7393B0000-0x00007FF7396FD000-memory.dmp	xmrig
behavioral2/memory/4140-41-0x00007FF79C290000-0x00007FF79C5DD000-memory.dmp	xmrig
behavioral2/memory/3192-29-0x00007FF673DF0000-0x00007FF67413D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c2a-27.dat	xmrig
behavioral2/memory/2728-22-0x00007FF750930000-0x00007FF750C7D000-memory.dmp	xmrig
behavioral2/memory/4016-79-0x00007FF616CA0000-0x00007FF616FED000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c33-86.dat	xmrig
behavioral2/files/0x0007000000023c35-96.dat	xmrig
behavioral2/files/0x0007000000023c36-101.dat	xmrig
behavioral2/memory/3280-103-0x00007FF612020000-0x00007FF61236D000-memory.dmp	xmrig
behavioral2/memory/2268-97-0x00007FF71AC90000-0x00007FF71AFDD000-memory.dmp	xmrig
behavioral2/memory/644-91-0x00007FF7E3890000-0x00007FF7E3BDD000-memory.dmp	xmrig
behavioral2/memory/1708-88-0x00007FF7F4160000-0x00007FF7F44AD000-memory.dmp	xmrig
behavioral2/files/0x0009000000023c25-87.dat	xmrig
behavioral2/files/0x0007000000023c32-78.dat	xmrig
behavioral2/files/0x0007000000023c37-106.dat	xmrig
behavioral2/files/0x0007000000023c39-113.dat	xmrig
behavioral2/files/0x0007000000023c3a-118.dat	xmrig
behavioral2/memory/4460-115-0x00007FF6B5400000-0x00007FF6B574D000-memory.dmp	xmrig
behavioral2/memory/3472-109-0x00007FF789050000-0x00007FF78939D000-memory.dmp	xmrig
behavioral2/memory/220-121-0x00007FF68CE10000-0x00007FF68D15D000-memory.dmp	xmrig
behavioral2/memory/3932-127-0x00007FF773F50000-0x00007FF77429D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c3b-126.dat	xmrig
behavioral2/files/0x0007000000023c3c-132.dat	xmrig
behavioral2/memory/4828-133-0x00007FF7C4D70000-0x00007FF7C50BD000-memory.dmp	xmrig
behavioral2/memory/1668-139-0x00007FF73CC50000-0x00007FF73CF9D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c3d-138.dat	xmrig
behavioral2/memory/3436-145-0x00007FF7B4060000-0x00007FF7B43AD000-memory.dmp	xmrig
behavioral2/memory/1568-151-0x00007FF717180000-0x00007FF7174CD000-memory.dmp	xmrig
behavioral2/files/0x0009000000023c41-154.dat	xmrig
behavioral2/memory/4628-156-0x00007FF66FB90000-0x00007FF66FEDD000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c3f-150.dat	xmrig
behavioral2/files/0x0007000000023c3e-144.dat	xmrig
behavioral2/memory/2132-163-0x00007FF6B3CF0000-0x00007FF6B403D000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c43-162.dat	xmrig
behavioral2/files/0x0007000000023c44-167.dat	xmrig
behavioral2/files/0x0007000000023c46-176.dat	xmrig
behavioral2/files/0x0007000000023c45-179.dat	xmrig
behavioral2/files/0x0007000000023c47-180.dat	xmrig
behavioral2/memory/3708-184-0x00007FF67D550000-0x00007FF67D89D000-memory.dmp	xmrig
behavioral2/memory/4756-187-0x00007FF7822A0000-0x00007FF7825ED000-memory.dmp	xmrig
behavioral2/memory/4732-182-0x00007FF639D90000-0x00007FF63A0DD000-memory.dmp	xmrig
behavioral2/memory/1632-169-0x00007FF6924C0000-0x00007FF69280D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c48-192.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2896	rhEOzFo.exe
4524	eMiHaxa.exe
2728	eqCEWcs.exe
3192	rttVkLo.exe
5024	ITpNzHG.exe
4140	BureGOD.exe
4088	zVsVAys.exe
772	OXhNidL.exe
2712	Wqookma.exe
3164	qkLjIKS.exe
2196	vDXsUNu.exe
4340	gxjTElT.exe
4016	nMTReWv.exe
1708	VectAFc.exe
644	fOIEyil.exe
2268	FjRqfIm.exe
3280	aeCECTi.exe
3472	fIttGII.exe
4460	tmZaktn.exe
220	FNHJtxj.exe
3932	RfVcaov.exe
4828	trvwTsI.exe
1668	OEbuveX.exe
3436	FypMxKl.exe
1568	jjitRGm.exe
4628	phLHPuI.exe
2132	QLZeeqc.exe
1632	qoMjjFd.exe
3708	iVGThVU.exe
4732	nByjikR.exe
4756	juXKmAj.exe
468	pNwOCaW.exe
4392	iQZpXav.exe
1740	upOiDdc.exe
1972	VqepeqQ.exe
2632	mzCbMnQ.exe
4736	rNBIENQ.exe
4980	dypnKoP.exe
2736	HOfHeay.exe
972	iBimSlW.exe
3956	Ccwzqop.exe
1152	YJqcXQV.exe
4504	DEXdFxY.exe
3908	MYAgsAY.exe
2420	oZCsaSB.exe
1960	kQhxohD.exe
2380	FmwNMUl.exe
2516	yOncdMv.exe
1428	vneTXik.exe
216	AKncimk.exe
4748	alpzUKT.exe
440	QpIdLvP.exe
1280	AsIQlBf.exe
1556	YINeUkr.exe
1724	WSVbLyB.exe
1120	exBlUpu.exe
4840	JAcCeSu.exe
4012	GgExXrc.exe
2480	jqyXokX.exe
4452	EILRGvD.exe
1920	Atwavfx.exe
4116	BjTusYn.exe
1184	cmrIpYi.exe
3576	KnwFqxq.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\QRWwfxN.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cENvMnQ.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QBVHgnD.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PwPyWoS.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nxJrYBs.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Faqsvgn.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DkVTrnJ.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\whiGdGG.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HZAfNhS.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dfYEKBv.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iBimSlW.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKzocCO.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xbswnpi.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hbRMHgP.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WYgUCzL.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lVauYPs.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VbiBWki.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EgsETNC.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zhxSEAH.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eIlhxew.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FypMxKl.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DNQUagT.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WFMmtnM.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WreHdMO.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ynAzIWi.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AuQVaAP.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DpsmVfT.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IOctghv.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cwwZbMK.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fOIEyil.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jTmEraz.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OpdQDYs.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oFAwZXD.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JAuytEZ.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YgzvPfw.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZUxCsJf.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YtWDYXc.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rpoDcgf.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rPdmMQM.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XxOVeoN.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BKhCgLi.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UfXDawB.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jNZHmXT.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UkZhWde.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RCEzlMh.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\luFyWVd.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bzUHPfX.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GyIfySF.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yLijGaM.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HVmDRCw.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fIAqJwW.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cotmRuP.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BOODUaE.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nnZRlIY.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lSzuFsa.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rXwMGrl.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yrMAfTP.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BlymKZw.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kZDOXEZ.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RwIKxKl.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BjTusYn.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MYAgsAY.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YLSVjjz.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZxKXHce.exe	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3516 wrote to memory of 2896	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 3516 wrote to memory of 2896	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 3516 wrote to memory of 4524	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 3516 wrote to memory of 4524	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 3516 wrote to memory of 2728	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3516 wrote to memory of 2728	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3516 wrote to memory of 3192	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 3516 wrote to memory of 3192	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 3516 wrote to memory of 5024	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3516 wrote to memory of 5024	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3516 wrote to memory of 4140	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3516 wrote to memory of 4140	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3516 wrote to memory of 4088	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3516 wrote to memory of 4088	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3516 wrote to memory of 772	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 3516 wrote to memory of 772	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 3516 wrote to memory of 2712	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3516 wrote to memory of 2712	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3516 wrote to memory of 3164	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3516 wrote to memory of 3164	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3516 wrote to memory of 2196	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3516 wrote to memory of 2196	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3516 wrote to memory of 4340	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3516 wrote to memory of 4340	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3516 wrote to memory of 4016	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3516 wrote to memory of 4016	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3516 wrote to memory of 1708	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3516 wrote to memory of 1708	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3516 wrote to memory of 644	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 3516 wrote to memory of 644	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 3516 wrote to memory of 2268	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3516 wrote to memory of 2268	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3516 wrote to memory of 3280	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3516 wrote to memory of 3280	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3516 wrote to memory of 3472	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3516 wrote to memory of 3472	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3516 wrote to memory of 4460	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3516 wrote to memory of 4460	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3516 wrote to memory of 220	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 3516 wrote to memory of 220	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 3516 wrote to memory of 3932	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3516 wrote to memory of 3932	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3516 wrote to memory of 4828	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3516 wrote to memory of 4828	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3516 wrote to memory of 1668	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3516 wrote to memory of 1668	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3516 wrote to memory of 3436	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3516 wrote to memory of 3436	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3516 wrote to memory of 1568	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3516 wrote to memory of 1568	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3516 wrote to memory of 4628	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3516 wrote to memory of 4628	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3516 wrote to memory of 2132	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3516 wrote to memory of 2132	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3516 wrote to memory of 1632	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 3516 wrote to memory of 1632	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 3516 wrote to memory of 3708	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 3516 wrote to memory of 3708	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 3516 wrote to memory of 4732	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 3516 wrote to memory of 4732	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 3516 wrote to memory of 4756	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 3516 wrote to memory of 4756	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 3516 wrote to memory of 468	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 3516 wrote to memory of 468	3516	2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe	118

C:\Users\Admin\AppData\Local\Temp\2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_e0e26744a84b50208a0df942e6b14db3_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3516
- C:\Windows\System\rhEOzFo.exe
  C:\Windows\System\rhEOzFo.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\eMiHaxa.exe
  C:\Windows\System\eMiHaxa.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\eqCEWcs.exe
  C:\Windows\System\eqCEWcs.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\rttVkLo.exe
  C:\Windows\System\rttVkLo.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System\ITpNzHG.exe
  C:\Windows\System\ITpNzHG.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\BureGOD.exe
  C:\Windows\System\BureGOD.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\zVsVAys.exe
  C:\Windows\System\zVsVAys.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\OXhNidL.exe
  C:\Windows\System\OXhNidL.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\Wqookma.exe
  C:\Windows\System\Wqookma.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\qkLjIKS.exe
  C:\Windows\System\qkLjIKS.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\vDXsUNu.exe
  C:\Windows\System\vDXsUNu.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\gxjTElT.exe
  C:\Windows\System\gxjTElT.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\nMTReWv.exe
  C:\Windows\System\nMTReWv.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\VectAFc.exe
  C:\Windows\System\VectAFc.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\fOIEyil.exe
  C:\Windows\System\fOIEyil.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\FjRqfIm.exe
  C:\Windows\System\FjRqfIm.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\aeCECTi.exe
  C:\Windows\System\aeCECTi.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System\fIttGII.exe
  C:\Windows\System\fIttGII.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\tmZaktn.exe
  C:\Windows\System\tmZaktn.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\FNHJtxj.exe
  C:\Windows\System\FNHJtxj.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\RfVcaov.exe
  C:\Windows\System\RfVcaov.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\trvwTsI.exe
  C:\Windows\System\trvwTsI.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\OEbuveX.exe
  C:\Windows\System\OEbuveX.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\FypMxKl.exe
  C:\Windows\System\FypMxKl.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System\jjitRGm.exe
  C:\Windows\System\jjitRGm.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\phLHPuI.exe
  C:\Windows\System\phLHPuI.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\QLZeeqc.exe
  C:\Windows\System\QLZeeqc.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\qoMjjFd.exe
  C:\Windows\System\qoMjjFd.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\iVGThVU.exe
  C:\Windows\System\iVGThVU.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\nByjikR.exe
  C:\Windows\System\nByjikR.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\juXKmAj.exe
  C:\Windows\System\juXKmAj.exe
  2⤵
  - Executes dropped EXE
  PID:4756
- C:\Windows\System\pNwOCaW.exe
  C:\Windows\System\pNwOCaW.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\iQZpXav.exe
  C:\Windows\System\iQZpXav.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System\upOiDdc.exe
  C:\Windows\System\upOiDdc.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\VqepeqQ.exe
  C:\Windows\System\VqepeqQ.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\mzCbMnQ.exe
  C:\Windows\System\mzCbMnQ.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\rNBIENQ.exe
  C:\Windows\System\rNBIENQ.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\dypnKoP.exe
  C:\Windows\System\dypnKoP.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\HOfHeay.exe
  C:\Windows\System\HOfHeay.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\iBimSlW.exe
  C:\Windows\System\iBimSlW.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\Ccwzqop.exe
  C:\Windows\System\Ccwzqop.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\YJqcXQV.exe
  C:\Windows\System\YJqcXQV.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\DEXdFxY.exe
  C:\Windows\System\DEXdFxY.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\MYAgsAY.exe
  C:\Windows\System\MYAgsAY.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\oZCsaSB.exe
  C:\Windows\System\oZCsaSB.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\kQhxohD.exe
  C:\Windows\System\kQhxohD.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\FmwNMUl.exe
  C:\Windows\System\FmwNMUl.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\yOncdMv.exe
  C:\Windows\System\yOncdMv.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\vneTXik.exe
  C:\Windows\System\vneTXik.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\AKncimk.exe
  C:\Windows\System\AKncimk.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\alpzUKT.exe
  C:\Windows\System\alpzUKT.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\QpIdLvP.exe
  C:\Windows\System\QpIdLvP.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\AsIQlBf.exe
  C:\Windows\System\AsIQlBf.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\YINeUkr.exe
  C:\Windows\System\YINeUkr.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\WSVbLyB.exe
  C:\Windows\System\WSVbLyB.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\exBlUpu.exe
  C:\Windows\System\exBlUpu.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\JAcCeSu.exe
  C:\Windows\System\JAcCeSu.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\GgExXrc.exe
  C:\Windows\System\GgExXrc.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\jqyXokX.exe
  C:\Windows\System\jqyXokX.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\EILRGvD.exe
  C:\Windows\System\EILRGvD.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\Atwavfx.exe
  C:\Windows\System\Atwavfx.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\BjTusYn.exe
  C:\Windows\System\BjTusYn.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\cmrIpYi.exe
  C:\Windows\System\cmrIpYi.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\KnwFqxq.exe
  C:\Windows\System\KnwFqxq.exe
  2⤵
  - Executes dropped EXE
  PID:3576
- C:\Windows\System\gKxmqkp.exe
  C:\Windows\System\gKxmqkp.exe
  2⤵
  PID:1988
- C:\Windows\System\pqhpqKL.exe
  C:\Windows\System\pqhpqKL.exe
  2⤵
  PID:2868
- C:\Windows\System\TgluQlu.exe
  C:\Windows\System\TgluQlu.exe
  2⤵
  PID:1160
- C:\Windows\System\VFPcGrI.exe
  C:\Windows\System\VFPcGrI.exe
  2⤵
  PID:4884
- C:\Windows\System\DFHJhnb.exe
  C:\Windows\System\DFHJhnb.exe
  2⤵
  PID:1944
- C:\Windows\System\FKzocCO.exe
  C:\Windows\System\FKzocCO.exe
  2⤵
  PID:3900
- C:\Windows\System\DOsvqWa.exe
  C:\Windows\System\DOsvqWa.exe
  2⤵
  PID:4192
- C:\Windows\System\TOcFesI.exe
  C:\Windows\System\TOcFesI.exe
  2⤵
  PID:3984
- C:\Windows\System\IUmDaDr.exe
  C:\Windows\System\IUmDaDr.exe
  2⤵
  PID:1104
- C:\Windows\System\ITZiRcq.exe
  C:\Windows\System\ITZiRcq.exe
  2⤵
  PID:4764
- C:\Windows\System\UkZhWde.exe
  C:\Windows\System\UkZhWde.exe
  2⤵
  PID:4408
- C:\Windows\System\fltLtTy.exe
  C:\Windows\System\fltLtTy.exe
  2⤵
  PID:4684
- C:\Windows\System\wkfTPct.exe
  C:\Windows\System\wkfTPct.exe
  2⤵
  PID:4804
- C:\Windows\System\DWjJYOm.exe
  C:\Windows\System\DWjJYOm.exe
  2⤵
  PID:4832
- C:\Windows\System\MXeTiht.exe
  C:\Windows\System\MXeTiht.exe
  2⤵
  PID:4768
- C:\Windows\System\jbtLmhf.exe
  C:\Windows\System\jbtLmhf.exe
  2⤵
  PID:2156
- C:\Windows\System\rpoDcgf.exe
  C:\Windows\System\rpoDcgf.exe
  2⤵
  PID:496
- C:\Windows\System\VbDwpjX.exe
  C:\Windows\System\VbDwpjX.exe
  2⤵
  PID:452
- C:\Windows\System\YHJHCeJ.exe
  C:\Windows\System\YHJHCeJ.exe
  2⤵
  PID:1860
- C:\Windows\System\poMuBEE.exe
  C:\Windows\System\poMuBEE.exe
  2⤵
  PID:1968
- C:\Windows\System\bOikxEq.exe
  C:\Windows\System\bOikxEq.exe
  2⤵
  PID:3128
- C:\Windows\System\CEdaxWL.exe
  C:\Windows\System\CEdaxWL.exe
  2⤵
  PID:3440
- C:\Windows\System\YIVZakm.exe
  C:\Windows\System\YIVZakm.exe
  2⤵
  PID:4776
- C:\Windows\System\BaQqMws.exe
  C:\Windows\System\BaQqMws.exe
  2⤵
  PID:3776
- C:\Windows\System\TndIYqo.exe
  C:\Windows\System\TndIYqo.exe
  2⤵
  PID:1864
- C:\Windows\System\ETiQLzT.exe
  C:\Windows\System\ETiQLzT.exe
  2⤵
  PID:3552
- C:\Windows\System\pGENEoM.exe
  C:\Windows\System\pGENEoM.exe
  2⤵
  PID:3876
- C:\Windows\System\TFgbsHQ.exe
  C:\Windows\System\TFgbsHQ.exe
  2⤵
  PID:5008
- C:\Windows\System\izaWMlV.exe
  C:\Windows\System\izaWMlV.exe
  2⤵
  PID:2504
- C:\Windows\System\bzUHPfX.exe
  C:\Windows\System\bzUHPfX.exe
  2⤵
  PID:812
- C:\Windows\System\FfjlOoj.exe
  C:\Windows\System\FfjlOoj.exe
  2⤵
  PID:3208
- C:\Windows\System\FNibGHt.exe
  C:\Windows\System\FNibGHt.exe
  2⤵
  PID:1380
- C:\Windows\System\KcyGvXa.exe
  C:\Windows\System\KcyGvXa.exe
  2⤵
  PID:116
- C:\Windows\System\WPGQqjE.exe
  C:\Windows\System\WPGQqjE.exe
  2⤵
  PID:368
- C:\Windows\System\kNKfelB.exe
  C:\Windows\System\kNKfelB.exe
  2⤵
  PID:2012
- C:\Windows\System\QvwcrwG.exe
  C:\Windows\System\QvwcrwG.exe
  2⤵
  PID:5156
- C:\Windows\System\ZSvyrtG.exe
  C:\Windows\System\ZSvyrtG.exe
  2⤵
  PID:5184
- C:\Windows\System\mSpkYxg.exe
  C:\Windows\System\mSpkYxg.exe
  2⤵
  PID:5220
- C:\Windows\System\eBtJAJQ.exe
  C:\Windows\System\eBtJAJQ.exe
  2⤵
  PID:5256
- C:\Windows\System\whiGdGG.exe
  C:\Windows\System\whiGdGG.exe
  2⤵
  PID:5288
- C:\Windows\System\nYseGIZ.exe
  C:\Windows\System\nYseGIZ.exe
  2⤵
  PID:5316
- C:\Windows\System\dXMFEmp.exe
  C:\Windows\System\dXMFEmp.exe
  2⤵
  PID:5352
- C:\Windows\System\CkpTnRZ.exe
  C:\Windows\System\CkpTnRZ.exe
  2⤵
  PID:5376
- C:\Windows\System\uJEQcmy.exe
  C:\Windows\System\uJEQcmy.exe
  2⤵
  PID:5416
- C:\Windows\System\myDShWO.exe
  C:\Windows\System\myDShWO.exe
  2⤵
  PID:5444
- C:\Windows\System\vCztHUt.exe
  C:\Windows\System\vCztHUt.exe
  2⤵
  PID:5476
- C:\Windows\System\lSzuFsa.exe
  C:\Windows\System\lSzuFsa.exe
  2⤵
  PID:5508
- C:\Windows\System\rdKDEIV.exe
  C:\Windows\System\rdKDEIV.exe
  2⤵
  PID:5548
- C:\Windows\System\RIwZmAf.exe
  C:\Windows\System\RIwZmAf.exe
  2⤵
  PID:5580
- C:\Windows\System\DGPaiGy.exe
  C:\Windows\System\DGPaiGy.exe
  2⤵
  PID:5604
- C:\Windows\System\ybrAsgM.exe
  C:\Windows\System\ybrAsgM.exe
  2⤵
  PID:5640
- C:\Windows\System\xBuhPMu.exe
  C:\Windows\System\xBuhPMu.exe
  2⤵
  PID:5676
- C:\Windows\System\kFsGMCm.exe
  C:\Windows\System\kFsGMCm.exe
  2⤵
  PID:5700
- C:\Windows\System\uJnmmKg.exe
  C:\Windows\System\uJnmmKg.exe
  2⤵
  PID:5740
- C:\Windows\System\TjaLZrY.exe
  C:\Windows\System\TjaLZrY.exe
  2⤵
  PID:5768
- C:\Windows\System\rPdmMQM.exe
  C:\Windows\System\rPdmMQM.exe
  2⤵
  PID:5800
- C:\Windows\System\IaWNThw.exe
  C:\Windows\System\IaWNThw.exe
  2⤵
  PID:5836
- C:\Windows\System\EFKTHkz.exe
  C:\Windows\System\EFKTHkz.exe
  2⤵
  PID:5868
- C:\Windows\System\TwlbtzM.exe
  C:\Windows\System\TwlbtzM.exe
  2⤵
  PID:5892
- C:\Windows\System\zTSKWjS.exe
  C:\Windows\System\zTSKWjS.exe
  2⤵
  PID:5932
- C:\Windows\System\NHZkxtg.exe
  C:\Windows\System\NHZkxtg.exe
  2⤵
  PID:5964
- C:\Windows\System\rirzAiR.exe
  C:\Windows\System\rirzAiR.exe
  2⤵
  PID:5988
- C:\Windows\System\SYHFhFb.exe
  C:\Windows\System\SYHFhFb.exe
  2⤵
  PID:6028
- C:\Windows\System\OOefuKR.exe
  C:\Windows\System\OOefuKR.exe
  2⤵
  PID:6052
- C:\Windows\System\kLzCuSi.exe
  C:\Windows\System\kLzCuSi.exe
  2⤵
  PID:6084
- C:\Windows\System\Vpeqqmp.exe
  C:\Windows\System\Vpeqqmp.exe
  2⤵
  PID:6120
- C:\Windows\System\vDzvCFB.exe
  C:\Windows\System\vDzvCFB.exe
  2⤵
  PID:5140
- C:\Windows\System\vFWEqdW.exe
  C:\Windows\System\vFWEqdW.exe
  2⤵
  PID:5200
- C:\Windows\System\sBUVITh.exe
  C:\Windows\System\sBUVITh.exe
  2⤵
  PID:2852
- C:\Windows\System\qqIWwIQ.exe
  C:\Windows\System\qqIWwIQ.exe
  2⤵
  PID:5328
- C:\Windows\System\YLSVjjz.exe
  C:\Windows\System\YLSVjjz.exe
  2⤵
  PID:5400
- C:\Windows\System\aqahjPj.exe
  C:\Windows\System\aqahjPj.exe
  2⤵
  PID:2204
- C:\Windows\System\LGAJaiz.exe
  C:\Windows\System\LGAJaiz.exe
  2⤵
  PID:5524
- C:\Windows\System\tcydCCr.exe
  C:\Windows\System\tcydCCr.exe
  2⤵
  PID:5568
- C:\Windows\System\yLycNgk.exe
  C:\Windows\System\yLycNgk.exe
  2⤵
  PID:5656
- C:\Windows\System\HnMjQkE.exe
  C:\Windows\System\HnMjQkE.exe
  2⤵
  PID:5696
- C:\Windows\System\XZOIJCN.exe
  C:\Windows\System\XZOIJCN.exe
  2⤵
  PID:5780
- C:\Windows\System\FKsqeQf.exe
  C:\Windows\System\FKsqeQf.exe
  2⤵
  PID:5824
- C:\Windows\System\hbOOMqw.exe
  C:\Windows\System\hbOOMqw.exe
  2⤵
  PID:5908
- C:\Windows\System\HZAfNhS.exe
  C:\Windows\System\HZAfNhS.exe
  2⤵
  PID:5976
- C:\Windows\System\hiHsAys.exe
  C:\Windows\System\hiHsAys.exe
  2⤵
  PID:6000
- C:\Windows\System\RccirxD.exe
  C:\Windows\System\RccirxD.exe
  2⤵
  PID:6100
- C:\Windows\System\ZCxScaB.exe
  C:\Windows\System\ZCxScaB.exe
  2⤵
  PID:5168
- C:\Windows\System\urbMmxB.exe
  C:\Windows\System\urbMmxB.exe
  2⤵
  PID:5308
- C:\Windows\System\iWGDBZB.exe
  C:\Windows\System\iWGDBZB.exe
  2⤵
  PID:5424
- C:\Windows\System\QUDkMJB.exe
  C:\Windows\System\QUDkMJB.exe
  2⤵
  PID:5556
- C:\Windows\System\OLpBHox.exe
  C:\Windows\System\OLpBHox.exe
  2⤵
  PID:5684
- C:\Windows\System\UwFamRJ.exe
  C:\Windows\System\UwFamRJ.exe
  2⤵
  PID:5812
- C:\Windows\System\wnCIQLR.exe
  C:\Windows\System\wnCIQLR.exe
  2⤵
  PID:5940
- C:\Windows\System\FGMkrYE.exe
  C:\Windows\System\FGMkrYE.exe
  2⤵
  PID:6040
- C:\Windows\System\AXBGNLJ.exe
  C:\Windows\System\AXBGNLJ.exe
  2⤵
  PID:5232
- C:\Windows\System\pSFBUJf.exe
  C:\Windows\System\pSFBUJf.exe
  2⤵
  PID:5488
- C:\Windows\System\BOlQAoj.exe
  C:\Windows\System\BOlQAoj.exe
  2⤵
  PID:5600
- C:\Windows\System\XxOVeoN.exe
  C:\Windows\System\XxOVeoN.exe
  2⤵
  PID:5760
- C:\Windows\System\vUQtnqW.exe
  C:\Windows\System\vUQtnqW.exe
  2⤵
  PID:5952
- C:\Windows\System\EzgeKxZ.exe
  C:\Windows\System\EzgeKxZ.exe
  2⤵
  PID:5616
- C:\Windows\System\rBZhgho.exe
  C:\Windows\System\rBZhgho.exe
  2⤵
  PID:5484
- C:\Windows\System\IwFQsmI.exe
  C:\Windows\System\IwFQsmI.exe
  2⤵
  PID:6160
- C:\Windows\System\kGOjbbz.exe
  C:\Windows\System\kGOjbbz.exe
  2⤵
  PID:6208
- C:\Windows\System\ynAzIWi.exe
  C:\Windows\System\ynAzIWi.exe
  2⤵
  PID:6240
- C:\Windows\System\pMneNAE.exe
  C:\Windows\System\pMneNAE.exe
  2⤵
  PID:6272
- C:\Windows\System\ydjAdbw.exe
  C:\Windows\System\ydjAdbw.exe
  2⤵
  PID:6296
- C:\Windows\System\wQloDkt.exe
  C:\Windows\System\wQloDkt.exe
  2⤵
  PID:6316
- C:\Windows\System\ACGZYXz.exe
  C:\Windows\System\ACGZYXz.exe
  2⤵
  PID:6340
- C:\Windows\System\sEptBGt.exe
  C:\Windows\System\sEptBGt.exe
  2⤵
  PID:6384
- C:\Windows\System\AuQVaAP.exe
  C:\Windows\System\AuQVaAP.exe
  2⤵
  PID:6416
- C:\Windows\System\EVRoesj.exe
  C:\Windows\System\EVRoesj.exe
  2⤵
  PID:6452
- C:\Windows\System\DZGkWBg.exe
  C:\Windows\System\DZGkWBg.exe
  2⤵
  PID:6496
- C:\Windows\System\CxUqhCc.exe
  C:\Windows\System\CxUqhCc.exe
  2⤵
  PID:6528
- C:\Windows\System\nTKipVN.exe
  C:\Windows\System\nTKipVN.exe
  2⤵
  PID:6564
- C:\Windows\System\iebcEdr.exe
  C:\Windows\System\iebcEdr.exe
  2⤵
  PID:6596
- C:\Windows\System\OpdQDYs.exe
  C:\Windows\System\OpdQDYs.exe
  2⤵
  PID:6628
- C:\Windows\System\HKEbPzB.exe
  C:\Windows\System\HKEbPzB.exe
  2⤵
  PID:6660
- C:\Windows\System\AQCPrXk.exe
  C:\Windows\System\AQCPrXk.exe
  2⤵
  PID:6676
- C:\Windows\System\gfsOsOO.exe
  C:\Windows\System\gfsOsOO.exe
  2⤵
  PID:6696
- C:\Windows\System\ivltmBh.exe
  C:\Windows\System\ivltmBh.exe
  2⤵
  PID:6748
- C:\Windows\System\fszaPem.exe
  C:\Windows\System\fszaPem.exe
  2⤵
  PID:6772
- C:\Windows\System\otxrGiz.exe
  C:\Windows\System\otxrGiz.exe
  2⤵
  PID:6816
- C:\Windows\System\HsdfFBt.exe
  C:\Windows\System\HsdfFBt.exe
  2⤵
  PID:6852
- C:\Windows\System\DpsmVfT.exe
  C:\Windows\System\DpsmVfT.exe
  2⤵
  PID:6884
- C:\Windows\System\rwGezxg.exe
  C:\Windows\System\rwGezxg.exe
  2⤵
  PID:6916
- C:\Windows\System\HbEIzxA.exe
  C:\Windows\System\HbEIzxA.exe
  2⤵
  PID:6948
- C:\Windows\System\dbmVXNl.exe
  C:\Windows\System\dbmVXNl.exe
  2⤵
  PID:6980
- C:\Windows\System\vyWotdw.exe
  C:\Windows\System\vyWotdw.exe
  2⤵
  PID:7000
- C:\Windows\System\FbqJaak.exe
  C:\Windows\System\FbqJaak.exe
  2⤵
  PID:7028
- C:\Windows\System\RuIhWhW.exe
  C:\Windows\System\RuIhWhW.exe
  2⤵
  PID:7080
- C:\Windows\System\QBVHgnD.exe
  C:\Windows\System\QBVHgnD.exe
  2⤵
  PID:7112
- C:\Windows\System\rXwMGrl.exe
  C:\Windows\System\rXwMGrl.exe
  2⤵
  PID:7144
- C:\Windows\System\BLjDBRC.exe
  C:\Windows\System\BLjDBRC.exe
  2⤵
  PID:5236
- C:\Windows\System\oCrajql.exe
  C:\Windows\System\oCrajql.exe
  2⤵
  PID:6156
- C:\Windows\System\docucxy.exe
  C:\Windows\System\docucxy.exe
  2⤵
  PID:6220
- C:\Windows\System\BZGMQUw.exe
  C:\Windows\System\BZGMQUw.exe
  2⤵
  PID:6308
- C:\Windows\System\TjULemw.exe
  C:\Windows\System\TjULemw.exe
  2⤵
  PID:6332
- C:\Windows\System\TBOKGTy.exe
  C:\Windows\System\TBOKGTy.exe
  2⤵
  PID:6364
- C:\Windows\System\UoMJBmU.exe
  C:\Windows\System\UoMJBmU.exe
  2⤵
  PID:6508
- C:\Windows\System\LAfzkeG.exe
  C:\Windows\System\LAfzkeG.exe
  2⤵
  PID:6580
- C:\Windows\System\aUgJMTH.exe
  C:\Windows\System\aUgJMTH.exe
  2⤵
  PID:6608
- C:\Windows\System\PquNbsB.exe
  C:\Windows\System\PquNbsB.exe
  2⤵
  PID:6724
- C:\Windows\System\PTqSXwH.exe
  C:\Windows\System\PTqSXwH.exe
  2⤵
  PID:6720
- C:\Windows\System\fKkgNqB.exe
  C:\Windows\System\fKkgNqB.exe
  2⤵
  PID:6800
- C:\Windows\System\IxhQaPR.exe
  C:\Windows\System\IxhQaPR.exe
  2⤵
  PID:6844
- C:\Windows\System\fhdDvwf.exe
  C:\Windows\System\fhdDvwf.exe
  2⤵
  PID:6940
- C:\Windows\System\WDjWMcq.exe
  C:\Windows\System\WDjWMcq.exe
  2⤵
  PID:6988
- C:\Windows\System\FIiCopV.exe
  C:\Windows\System\FIiCopV.exe
  2⤵
  PID:7072
- C:\Windows\System\WYgUCzL.exe
  C:\Windows\System\WYgUCzL.exe
  2⤵
  PID:7124
- C:\Windows\System\wGxuZjR.exe
  C:\Windows\System\wGxuZjR.exe
  2⤵
  PID:6184
- C:\Windows\System\YjkEzCW.exe
  C:\Windows\System\YjkEzCW.exe
  2⤵
  PID:6236
- C:\Windows\System\vyCHOAV.exe
  C:\Windows\System\vyCHOAV.exe
  2⤵
  PID:6360
- C:\Windows\System\zQtNshp.exe
  C:\Windows\System\zQtNshp.exe
  2⤵
  PID:6484
- C:\Windows\System\iQmcGSy.exe
  C:\Windows\System\iQmcGSy.exe
  2⤵
  PID:6652
- C:\Windows\System\hhWVKpy.exe
  C:\Windows\System\hhWVKpy.exe
  2⤵
  PID:6908
- C:\Windows\System\obCZlFi.exe
  C:\Windows\System\obCZlFi.exe
  2⤵
  PID:6960
- C:\Windows\System\VXwRPyx.exe
  C:\Windows\System\VXwRPyx.exe
  2⤵
  PID:7020
- C:\Windows\System\MDFnnBZ.exe
  C:\Windows\System\MDFnnBZ.exe
  2⤵
  PID:7164
- C:\Windows\System\JFSZOpQ.exe
  C:\Windows\System\JFSZOpQ.exe
  2⤵
  PID:6464
- C:\Windows\System\GyIfySF.exe
  C:\Windows\System\GyIfySF.exe
  2⤵
  PID:6524
- C:\Windows\System\ZjngkXR.exe
  C:\Windows\System\ZjngkXR.exe
  2⤵
  PID:6764
- C:\Windows\System\ziuXzGV.exe
  C:\Windows\System\ziuXzGV.exe
  2⤵
  PID:6944
- C:\Windows\System\pBiBTxE.exe
  C:\Windows\System\pBiBTxE.exe
  2⤵
  PID:6428
- C:\Windows\System\kPVBilu.exe
  C:\Windows\System\kPVBilu.exe
  2⤵
  PID:7064
- C:\Windows\System\DVtYoFm.exe
  C:\Windows\System\DVtYoFm.exe
  2⤵
  PID:7176
- C:\Windows\System\EtTDvMm.exe
  C:\Windows\System\EtTDvMm.exe
  2⤵
  PID:7208
- C:\Windows\System\rAQSjFa.exe
  C:\Windows\System\rAQSjFa.exe
  2⤵
  PID:7224
- C:\Windows\System\sDxZXiJ.exe
  C:\Windows\System\sDxZXiJ.exe
  2⤵
  PID:7256
- C:\Windows\System\fgzKMTA.exe
  C:\Windows\System\fgzKMTA.exe
  2⤵
  PID:7288
- C:\Windows\System\PEhmJLf.exe
  C:\Windows\System\PEhmJLf.exe
  2⤵
  PID:7320
- C:\Windows\System\XvGYtyZ.exe
  C:\Windows\System\XvGYtyZ.exe
  2⤵
  PID:7368
- C:\Windows\System\LNcDjUV.exe
  C:\Windows\System\LNcDjUV.exe
  2⤵
  PID:7388
- C:\Windows\System\ZokNqFU.exe
  C:\Windows\System\ZokNqFU.exe
  2⤵
  PID:7416
- C:\Windows\System\GYoLnyB.exe
  C:\Windows\System\GYoLnyB.exe
  2⤵
  PID:7460
- C:\Windows\System\YopjIbr.exe
  C:\Windows\System\YopjIbr.exe
  2⤵
  PID:7500
- C:\Windows\System\pBhBaSU.exe
  C:\Windows\System\pBhBaSU.exe
  2⤵
  PID:7520
- C:\Windows\System\oNkRhdr.exe
  C:\Windows\System\oNkRhdr.exe
  2⤵
  PID:7580
- C:\Windows\System\kIunkUU.exe
  C:\Windows\System\kIunkUU.exe
  2⤵
  PID:7596
- C:\Windows\System\fGZudMi.exe
  C:\Windows\System\fGZudMi.exe
  2⤵
  PID:7628
- C:\Windows\System\DHrovQt.exe
  C:\Windows\System\DHrovQt.exe
  2⤵
  PID:7660
- C:\Windows\System\sTqjedW.exe
  C:\Windows\System\sTqjedW.exe
  2⤵
  PID:7692
- C:\Windows\System\cDYbnyk.exe
  C:\Windows\System\cDYbnyk.exe
  2⤵
  PID:7724
- C:\Windows\System\JdgAssl.exe
  C:\Windows\System\JdgAssl.exe
  2⤵
  PID:7756
- C:\Windows\System\PiOCGZi.exe
  C:\Windows\System\PiOCGZi.exe
  2⤵
  PID:7788
- C:\Windows\System\YZChjez.exe
  C:\Windows\System\YZChjez.exe
  2⤵
  PID:7820
- C:\Windows\System\eNFxlkm.exe
  C:\Windows\System\eNFxlkm.exe
  2⤵
  PID:7852
- C:\Windows\System\EgsETNC.exe
  C:\Windows\System\EgsETNC.exe
  2⤵
  PID:7884
- C:\Windows\System\wmDgONb.exe
  C:\Windows\System\wmDgONb.exe
  2⤵
  PID:7916
- C:\Windows\System\idSTEik.exe
  C:\Windows\System\idSTEik.exe
  2⤵
  PID:7948
- C:\Windows\System\xbswnpi.exe
  C:\Windows\System\xbswnpi.exe
  2⤵
  PID:7980
- C:\Windows\System\lVauYPs.exe
  C:\Windows\System\lVauYPs.exe
  2⤵
  PID:8012
- C:\Windows\System\PwPyWoS.exe
  C:\Windows\System\PwPyWoS.exe
  2⤵
  PID:8044
- C:\Windows\System\SZtIUzC.exe
  C:\Windows\System\SZtIUzC.exe
  2⤵
  PID:8076
- C:\Windows\System\MBzXCiC.exe
  C:\Windows\System\MBzXCiC.exe
  2⤵
  PID:8112
- C:\Windows\System\mxMmVMD.exe
  C:\Windows\System\mxMmVMD.exe
  2⤵
  PID:8144
- C:\Windows\System\DNQUagT.exe
  C:\Windows\System\DNQUagT.exe
  2⤵
  PID:8176
- C:\Windows\System\OjjwdJI.exe
  C:\Windows\System\OjjwdJI.exe
  2⤵
  PID:6624
- C:\Windows\System\JZTYzWp.exe
  C:\Windows\System\JZTYzWp.exe
  2⤵
  PID:7248
- C:\Windows\System\dfYEKBv.exe
  C:\Windows\System\dfYEKBv.exe
  2⤵
  PID:7268
- C:\Windows\System\TkomslR.exe
  C:\Windows\System\TkomslR.exe
  2⤵
  PID:7344
- C:\Windows\System\AeDPthJ.exe
  C:\Windows\System\AeDPthJ.exe
  2⤵
  PID:7412
- C:\Windows\System\UIldCAa.exe
  C:\Windows\System\UIldCAa.exe
  2⤵
  PID:7488
- C:\Windows\System\pgoJuej.exe
  C:\Windows\System\pgoJuej.exe
  2⤵
  PID:7556
- C:\Windows\System\TwrIVVH.exe
  C:\Windows\System\TwrIVVH.exe
  2⤵
  PID:7624
- C:\Windows\System\txNxsVN.exe
  C:\Windows\System\txNxsVN.exe
  2⤵
  PID:7676
- C:\Windows\System\sGWVZSk.exe
  C:\Windows\System\sGWVZSk.exe
  2⤵
  PID:7736
- C:\Windows\System\CJaXqqn.exe
  C:\Windows\System\CJaXqqn.exe
  2⤵
  PID:7804
- C:\Windows\System\TgVZoqJ.exe
  C:\Windows\System\TgVZoqJ.exe
  2⤵
  PID:7848
- C:\Windows\System\niSiYsL.exe
  C:\Windows\System\niSiYsL.exe
  2⤵
  PID:7928
- C:\Windows\System\tsMsBFa.exe
  C:\Windows\System\tsMsBFa.exe
  2⤵
  PID:7992
- C:\Windows\System\mnBXfXX.exe
  C:\Windows\System\mnBXfXX.exe
  2⤵
  PID:8056
- C:\Windows\System\BAjzfBW.exe
  C:\Windows\System\BAjzfBW.exe
  2⤵
  PID:8124
- C:\Windows\System\sQqaiVy.exe
  C:\Windows\System\sQqaiVy.exe
  2⤵
  PID:8188
- C:\Windows\System\IOctghv.exe
  C:\Windows\System\IOctghv.exe
  2⤵
  PID:7280
- C:\Windows\System\WtmVtJU.exe
  C:\Windows\System\WtmVtJU.exe
  2⤵
  PID:7396
- C:\Windows\System\IEvqnwI.exe
  C:\Windows\System\IEvqnwI.exe
  2⤵
  PID:7448
- C:\Windows\System\XHvFYcr.exe
  C:\Windows\System\XHvFYcr.exe
  2⤵
  PID:7652
- C:\Windows\System\QkroNYK.exe
  C:\Windows\System\QkroNYK.exe
  2⤵
  PID:7740
- C:\Windows\System\sArKXzC.exe
  C:\Windows\System\sArKXzC.exe
  2⤵
  PID:7868
- C:\Windows\System\jYuHUux.exe
  C:\Windows\System\jYuHUux.exe
  2⤵
  PID:7972
- C:\Windows\System\yqDOLaI.exe
  C:\Windows\System\yqDOLaI.exe
  2⤵
  PID:8092
- C:\Windows\System\JFJwTND.exe
  C:\Windows\System\JFJwTND.exe
  2⤵
  PID:7216
- C:\Windows\System\dhOIorL.exe
  C:\Windows\System\dhOIorL.exe
  2⤵
  PID:7444
- C:\Windows\System\UqLVBou.exe
  C:\Windows\System\UqLVBou.exe
  2⤵
  PID:7720
- C:\Windows\System\AtMnEup.exe
  C:\Windows\System\AtMnEup.exe
  2⤵
  PID:7864
- C:\Windows\System\rvLCCKV.exe
  C:\Windows\System\rvLCCKV.exe
  2⤵
  PID:7172
- C:\Windows\System\jCRSRLp.exe
  C:\Windows\System\jCRSRLp.exe
  2⤵
  PID:7644
- C:\Windows\System\jghmviw.exe
  C:\Windows\System\jghmviw.exe
  2⤵
  PID:8160
- C:\Windows\System\oFGnFuG.exe
  C:\Windows\System\oFGnFuG.exe
  2⤵
  PID:8088
- C:\Windows\System\qRhFhZN.exe
  C:\Windows\System\qRhFhZN.exe
  2⤵
  PID:8100
- C:\Windows\System\ojqHTCe.exe
  C:\Windows\System\ojqHTCe.exe
  2⤵
  PID:8224
- C:\Windows\System\KerhQsQ.exe
  C:\Windows\System\KerhQsQ.exe
  2⤵
  PID:8256
- C:\Windows\System\zSuImWV.exe
  C:\Windows\System\zSuImWV.exe
  2⤵
  PID:8288
- C:\Windows\System\wDVECFp.exe
  C:\Windows\System\wDVECFp.exe
  2⤵
  PID:8304
- C:\Windows\System\exskRNk.exe
  C:\Windows\System\exskRNk.exe
  2⤵
  PID:8340
- C:\Windows\System\PCePqwE.exe
  C:\Windows\System\PCePqwE.exe
  2⤵
  PID:8372
- C:\Windows\System\KrPNqGm.exe
  C:\Windows\System\KrPNqGm.exe
  2⤵
  PID:8400
- C:\Windows\System\hSbfATB.exe
  C:\Windows\System\hSbfATB.exe
  2⤵
  PID:8416
- C:\Windows\System\ixMJfyf.exe
  C:\Windows\System\ixMJfyf.exe
  2⤵
  PID:8472
- C:\Windows\System\nxJrYBs.exe
  C:\Windows\System\nxJrYBs.exe
  2⤵
  PID:8500
- C:\Windows\System\kXXbpsY.exe
  C:\Windows\System\kXXbpsY.exe
  2⤵
  PID:8528
- C:\Windows\System\AxrBOQT.exe
  C:\Windows\System\AxrBOQT.exe
  2⤵
  PID:8576
- C:\Windows\System\AhvVJBR.exe
  C:\Windows\System\AhvVJBR.exe
  2⤵
  PID:8608
- C:\Windows\System\TzcDybq.exe
  C:\Windows\System\TzcDybq.exe
  2⤵
  PID:8632
- C:\Windows\System\mMUyjPy.exe
  C:\Windows\System\mMUyjPy.exe
  2⤵
  PID:8656
- C:\Windows\System\xEVRMGO.exe
  C:\Windows\System\xEVRMGO.exe
  2⤵
  PID:8704
- C:\Windows\System\DYAkJpS.exe
  C:\Windows\System\DYAkJpS.exe
  2⤵
  PID:8736
- C:\Windows\System\oEPrJqi.exe
  C:\Windows\System\oEPrJqi.exe
  2⤵
  PID:8768
- C:\Windows\System\KLbTXFh.exe
  C:\Windows\System\KLbTXFh.exe
  2⤵
  PID:8800
- C:\Windows\System\olOTeXE.exe
  C:\Windows\System\olOTeXE.exe
  2⤵
  PID:8832
- C:\Windows\System\BQAhrDq.exe
  C:\Windows\System\BQAhrDq.exe
  2⤵
  PID:8864
- C:\Windows\System\soUlwfI.exe
  C:\Windows\System\soUlwfI.exe
  2⤵
  PID:8896
- C:\Windows\System\tGwokmb.exe
  C:\Windows\System\tGwokmb.exe
  2⤵
  PID:8928
- C:\Windows\System\NQkisFx.exe
  C:\Windows\System\NQkisFx.exe
  2⤵
  PID:8960
- C:\Windows\System\QAuGuVg.exe
  C:\Windows\System\QAuGuVg.exe
  2⤵
  PID:8992
- C:\Windows\System\riJpJVi.exe
  C:\Windows\System\riJpJVi.exe
  2⤵
  PID:9024
- C:\Windows\System\eEMPCQU.exe
  C:\Windows\System\eEMPCQU.exe
  2⤵
  PID:9056
- C:\Windows\System\CvKaApq.exe
  C:\Windows\System\CvKaApq.exe
  2⤵
  PID:9088
- C:\Windows\System\ACLtvWJ.exe
  C:\Windows\System\ACLtvWJ.exe
  2⤵
  PID:9120
- C:\Windows\System\hZkajEO.exe
  C:\Windows\System\hZkajEO.exe
  2⤵
  PID:9156
- C:\Windows\System\DftGArW.exe
  C:\Windows\System\DftGArW.exe
  2⤵
  PID:9188
- C:\Windows\System\cZNBAZG.exe
  C:\Windows\System\cZNBAZG.exe
  2⤵
  PID:9204
- C:\Windows\System\nAvNVEK.exe
  C:\Windows\System\nAvNVEK.exe
  2⤵
  PID:8240
- C:\Windows\System\RzebGHa.exe
  C:\Windows\System\RzebGHa.exe
  2⤵
  PID:8280
- C:\Windows\System\zuGfEfi.exe
  C:\Windows\System\zuGfEfi.exe
  2⤵
  PID:8352
- C:\Windows\System\BKhCgLi.exe
  C:\Windows\System\BKhCgLi.exe
  2⤵
  PID:8444
- C:\Windows\System\qAoJZcm.exe
  C:\Windows\System\qAoJZcm.exe
  2⤵
  PID:8520
- C:\Windows\System\IWWDOCE.exe
  C:\Windows\System\IWWDOCE.exe
  2⤵
  PID:8588
- C:\Windows\System\gimGXUD.exe
  C:\Windows\System\gimGXUD.exe
  2⤵
  PID:8648
- C:\Windows\System\qoUnmrE.exe
  C:\Windows\System\qoUnmrE.exe
  2⤵
  PID:8716
- C:\Windows\System\nUUWsZE.exe
  C:\Windows\System\nUUWsZE.exe
  2⤵
  PID:8780
- C:\Windows\System\buAvWnd.exe
  C:\Windows\System\buAvWnd.exe
  2⤵
  PID:8844
- C:\Windows\System\EljXCsm.exe
  C:\Windows\System\EljXCsm.exe
  2⤵
  PID:8908
- C:\Windows\System\oHzKGME.exe
  C:\Windows\System\oHzKGME.exe
  2⤵
  PID:8972
- C:\Windows\System\AWcRvhc.exe
  C:\Windows\System\AWcRvhc.exe
  2⤵
  PID:9020
- C:\Windows\System\DHkfnkc.exe
  C:\Windows\System\DHkfnkc.exe
  2⤵
  PID:9084
- C:\Windows\System\ydscJkH.exe
  C:\Windows\System\ydscJkH.exe
  2⤵
  PID:9144
- C:\Windows\System\jwDzLin.exe
  C:\Windows\System\jwDzLin.exe
  2⤵
  PID:7560
- C:\Windows\System\xVnoncX.exe
  C:\Windows\System\xVnoncX.exe
  2⤵
  PID:8268
- C:\Windows\System\titGPiK.exe
  C:\Windows\System\titGPiK.exe
  2⤵
  PID:8480
- C:\Windows\System\ZgAIbcu.exe
  C:\Windows\System\ZgAIbcu.exe
  2⤵
  PID:8552
- C:\Windows\System\SvkEfgm.exe
  C:\Windows\System\SvkEfgm.exe
  2⤵
  PID:8680
- C:\Windows\System\HpmIDwC.exe
  C:\Windows\System\HpmIDwC.exe
  2⤵
  PID:8824
- C:\Windows\System\kjhrsWl.exe
  C:\Windows\System\kjhrsWl.exe
  2⤵
  PID:8924
- C:\Windows\System\UNswmML.exe
  C:\Windows\System\UNswmML.exe
  2⤵
  PID:9080
- C:\Windows\System\wyULEdj.exe
  C:\Windows\System\wyULEdj.exe
  2⤵
  PID:8204
- C:\Windows\System\ObGdasf.exe
  C:\Windows\System\ObGdasf.exe
  2⤵
  PID:8468
- C:\Windows\System\aGwUHAS.exe
  C:\Windows\System\aGwUHAS.exe
  2⤵
  PID:8668
- C:\Windows\System\JtlUglS.exe
  C:\Windows\System\JtlUglS.exe
  2⤵
  PID:8888
- C:\Windows\System\LPNljvs.exe
  C:\Windows\System\LPNljvs.exe
  2⤵
  PID:9196
- C:\Windows\System\BSOvNVB.exe
  C:\Windows\System\BSOvNVB.exe
  2⤵
  PID:8696
- C:\Windows\System\AmZCHSL.exe
  C:\Windows\System\AmZCHSL.exe
  2⤵
  PID:8956
- C:\Windows\System\JBwPhhp.exe
  C:\Windows\System\JBwPhhp.exe
  2⤵
  PID:9228
- C:\Windows\System\eShZMCt.exe
  C:\Windows\System\eShZMCt.exe
  2⤵
  PID:9244
- C:\Windows\System\bQvvcDH.exe
  C:\Windows\System\bQvvcDH.exe
  2⤵
  PID:9284
- C:\Windows\System\spCBrXq.exe
  C:\Windows\System\spCBrXq.exe
  2⤵
  PID:9324
- C:\Windows\System\ZeUEpYn.exe
  C:\Windows\System\ZeUEpYn.exe
  2⤵
  PID:9360
- C:\Windows\System\ZZGvZVq.exe
  C:\Windows\System\ZZGvZVq.exe
  2⤵
  PID:9392
- C:\Windows\System\JLstGWG.exe
  C:\Windows\System\JLstGWG.exe
  2⤵
  PID:9428
- C:\Windows\System\VInuRcE.exe
  C:\Windows\System\VInuRcE.exe
  2⤵
  PID:9456
- C:\Windows\System\rFDSbcv.exe
  C:\Windows\System\rFDSbcv.exe
  2⤵
  PID:9488
- C:\Windows\System\jbRDGoS.exe
  C:\Windows\System\jbRDGoS.exe
  2⤵
  PID:9520
- C:\Windows\System\ePiCOsF.exe
  C:\Windows\System\ePiCOsF.exe
  2⤵
  PID:9552
- C:\Windows\System\pxqGRdr.exe
  C:\Windows\System\pxqGRdr.exe
  2⤵
  PID:9584
- C:\Windows\System\HqtbxKx.exe
  C:\Windows\System\HqtbxKx.exe
  2⤵
  PID:9616
- C:\Windows\System\EdNgWWV.exe
  C:\Windows\System\EdNgWWV.exe
  2⤵
  PID:9648
- C:\Windows\System\JsTJKXf.exe
  C:\Windows\System\JsTJKXf.exe
  2⤵
  PID:9680
- C:\Windows\System\YMccJut.exe
  C:\Windows\System\YMccJut.exe
  2⤵
  PID:9712
- C:\Windows\System\gMrrfMx.exe
  C:\Windows\System\gMrrfMx.exe
  2⤵
  PID:9744
- C:\Windows\System\tSNKxtM.exe
  C:\Windows\System\tSNKxtM.exe
  2⤵
  PID:9776
- C:\Windows\System\oYjStiz.exe
  C:\Windows\System\oYjStiz.exe
  2⤵
  PID:9808
- C:\Windows\System\ZGtOSoi.exe
  C:\Windows\System\ZGtOSoi.exe
  2⤵
  PID:9840
- C:\Windows\System\fDgnaAE.exe
  C:\Windows\System\fDgnaAE.exe
  2⤵
  PID:9872
- C:\Windows\System\eoJSRMM.exe
  C:\Windows\System\eoJSRMM.exe
  2⤵
  PID:9904
- C:\Windows\System\KUGbOqt.exe
  C:\Windows\System\KUGbOqt.exe
  2⤵
  PID:9936
- C:\Windows\System\KnJkNtv.exe
  C:\Windows\System\KnJkNtv.exe
  2⤵
  PID:9968
- C:\Windows\System\xqPqSGY.exe
  C:\Windows\System\xqPqSGY.exe
  2⤵
  PID:10000
- C:\Windows\System\QLzjoZV.exe
  C:\Windows\System\QLzjoZV.exe
  2⤵
  PID:10032
- C:\Windows\System\VwxkgSl.exe
  C:\Windows\System\VwxkgSl.exe
  2⤵
  PID:10064
- C:\Windows\System\rLYMxoG.exe
  C:\Windows\System\rLYMxoG.exe
  2⤵
  PID:10080
- C:\Windows\System\YdmDEkg.exe
  C:\Windows\System\YdmDEkg.exe
  2⤵
  PID:10128
- C:\Windows\System\sqvqAFg.exe
  C:\Windows\System\sqvqAFg.exe
  2⤵
  PID:10160
- C:\Windows\System\aRglgNH.exe
  C:\Windows\System\aRglgNH.exe
  2⤵
  PID:10176
- C:\Windows\System\VvzfXoZ.exe
  C:\Windows\System\VvzfXoZ.exe
  2⤵
  PID:10224
- C:\Windows\System\wiDcVXv.exe
  C:\Windows\System\wiDcVXv.exe
  2⤵
  PID:8460
- C:\Windows\System\qjPRpsR.exe
  C:\Windows\System\qjPRpsR.exe
  2⤵
  PID:9304
- C:\Windows\System\PatsPPa.exe
  C:\Windows\System\PatsPPa.exe
  2⤵
  PID:9348
- C:\Windows\System\TeiOfzV.exe
  C:\Windows\System\TeiOfzV.exe
  2⤵
  PID:9412
- C:\Windows\System\VFzciJA.exe
  C:\Windows\System\VFzciJA.exe
  2⤵
  PID:9472
- C:\Windows\System\SAvzlPg.exe
  C:\Windows\System\SAvzlPg.exe
  2⤵
  PID:9536
- C:\Windows\System\HQGKmHQ.exe
  C:\Windows\System\HQGKmHQ.exe
  2⤵
  PID:9600
- C:\Windows\System\zhxSEAH.exe
  C:\Windows\System\zhxSEAH.exe
  2⤵
  PID:9676
- C:\Windows\System\gSSTrij.exe
  C:\Windows\System\gSSTrij.exe
  2⤵
  PID:9724
- C:\Windows\System\TTCDgDG.exe
  C:\Windows\System\TTCDgDG.exe
  2⤵
  PID:9792
- C:\Windows\System\WlmEzrK.exe
  C:\Windows\System\WlmEzrK.exe
  2⤵
  PID:9900
- C:\Windows\System\fDvOxij.exe
  C:\Windows\System\fDvOxij.exe
  2⤵
  PID:9980
- C:\Windows\System\kRymwZq.exe
  C:\Windows\System\kRymwZq.exe
  2⤵
  PID:10048
- C:\Windows\System\aNIBdBR.exe
  C:\Windows\System\aNIBdBR.exe
  2⤵
  PID:10152
- C:\Windows\System\NBErtkv.exe
  C:\Windows\System\NBErtkv.exe
  2⤵
  PID:10188
- C:\Windows\System\ULUyajL.exe
  C:\Windows\System\ULUyajL.exe
  2⤵
  PID:8428
- C:\Windows\System\MFEDFWI.exe
  C:\Windows\System\MFEDFWI.exe
  2⤵
  PID:9308
- C:\Windows\System\wXEPuLY.exe
  C:\Windows\System\wXEPuLY.exe
  2⤵
  PID:9336
- C:\Windows\System\rizOqPv.exe
  C:\Windows\System\rizOqPv.exe
  2⤵
  PID:9640
- C:\Windows\System\LbUmVhP.exe
  C:\Windows\System\LbUmVhP.exe
  2⤵
  PID:9708
- C:\Windows\System\JvIKvba.exe
  C:\Windows\System\JvIKvba.exe
  2⤵
  PID:9868
- C:\Windows\System\EaLFfKQ.exe
  C:\Windows\System\EaLFfKQ.exe
  2⤵
  PID:9800
- C:\Windows\System\ePWicyE.exe
  C:\Windows\System\ePWicyE.exe
  2⤵
  PID:10052
- C:\Windows\System\rUYdzxO.exe
  C:\Windows\System\rUYdzxO.exe
  2⤵
  PID:9260
- C:\Windows\System\RbFrrMY.exe
  C:\Windows\System\RbFrrMY.exe
  2⤵
  PID:9532
- C:\Windows\System\xTfilxc.exe
  C:\Windows\System\xTfilxc.exe
  2⤵
  PID:9664
- C:\Windows\System\SHsksJl.exe
  C:\Windows\System\SHsksJl.exe
  2⤵
  PID:1908
- C:\Windows\System\QRWwfxN.exe
  C:\Windows\System\QRWwfxN.exe
  2⤵
  PID:10024
- C:\Windows\System\YXokYzx.exe
  C:\Windows\System\YXokYzx.exe
  2⤵
  PID:9320
- C:\Windows\System\gXYNLSy.exe
  C:\Windows\System\gXYNLSy.exe
  2⤵
  PID:2300
- C:\Windows\System\TljtXGA.exe
  C:\Windows\System\TljtXGA.exe
  2⤵
  PID:2932
- C:\Windows\System\LfbYQOA.exe
  C:\Windows\System\LfbYQOA.exe
  2⤵
  PID:10268
- C:\Windows\System\WIzIrKM.exe
  C:\Windows\System\WIzIrKM.exe
  2⤵
  PID:10324
- C:\Windows\System\gotgXDa.exe
  C:\Windows\System\gotgXDa.exe
  2⤵
  PID:10356
- C:\Windows\System\VjPKEgq.exe
  C:\Windows\System\VjPKEgq.exe
  2⤵
  PID:10392
- C:\Windows\System\XLiFBAf.exe
  C:\Windows\System\XLiFBAf.exe
  2⤵
  PID:10424
- C:\Windows\System\uLhPEOW.exe
  C:\Windows\System\uLhPEOW.exe
  2⤵
  PID:10452
- C:\Windows\System\HDEqLae.exe
  C:\Windows\System\HDEqLae.exe
  2⤵
  PID:10492
- C:\Windows\System\gcIyyIM.exe
  C:\Windows\System\gcIyyIM.exe
  2⤵
  PID:10532
- C:\Windows\System\ukDDBzh.exe
  C:\Windows\System\ukDDBzh.exe
  2⤵
  PID:10552
- C:\Windows\System\RchseIX.exe
  C:\Windows\System\RchseIX.exe
  2⤵
  PID:10584
- C:\Windows\System\DBmBkpY.exe
  C:\Windows\System\DBmBkpY.exe
  2⤵
  PID:10612
- C:\Windows\System\gzLJIaw.exe
  C:\Windows\System\gzLJIaw.exe
  2⤵
  PID:10632
- C:\Windows\System\HwEBHXl.exe
  C:\Windows\System\HwEBHXl.exe
  2⤵
  PID:10688
- C:\Windows\System\jAOmxEQ.exe
  C:\Windows\System\jAOmxEQ.exe
  2⤵
  PID:10704
- C:\Windows\System\tdlnQWS.exe
  C:\Windows\System\tdlnQWS.exe
  2⤵
  PID:10728
- C:\Windows\System\rjjZCTU.exe
  C:\Windows\System\rjjZCTU.exe
  2⤵
  PID:10748
- C:\Windows\System\cnLIhRU.exe
  C:\Windows\System\cnLIhRU.exe
  2⤵
  PID:10764
- C:\Windows\System\zUQwUec.exe
  C:\Windows\System\zUQwUec.exe
  2⤵
  PID:10796
- C:\Windows\System\LGYyGQr.exe
  C:\Windows\System\LGYyGQr.exe
  2⤵
  PID:10820
- C:\Windows\System\LyMUCPC.exe
  C:\Windows\System\LyMUCPC.exe
  2⤵
  PID:10880
- C:\Windows\System\KTRQllB.exe
  C:\Windows\System\KTRQllB.exe
  2⤵
  PID:10900
- C:\Windows\System\GZcGSHR.exe
  C:\Windows\System\GZcGSHR.exe
  2⤵
  PID:10936
- C:\Windows\System\EqguyDM.exe
  C:\Windows\System\EqguyDM.exe
  2⤵
  PID:10956
- C:\Windows\System\LrUWynb.exe
  C:\Windows\System\LrUWynb.exe
  2⤵
  PID:10988
- C:\Windows\System\KIRiKOu.exe
  C:\Windows\System\KIRiKOu.exe
  2⤵
  PID:11032
- C:\Windows\System\EPuNKth.exe
  C:\Windows\System\EPuNKth.exe
  2⤵
  PID:11052
- C:\Windows\System\wPJrBFz.exe
  C:\Windows\System\wPJrBFz.exe
  2⤵
  PID:11104
- C:\Windows\System\TCXhJjv.exe
  C:\Windows\System\TCXhJjv.exe
  2⤵
  PID:11144
- C:\Windows\System\boNYlUh.exe
  C:\Windows\System\boNYlUh.exe
  2⤵
  PID:11164
- C:\Windows\System\UfXDawB.exe
  C:\Windows\System\UfXDawB.exe
  2⤵
  PID:11212
- C:\Windows\System\bcFfPbe.exe
  C:\Windows\System\bcFfPbe.exe
  2⤵
  PID:11240
- C:\Windows\System\MpqxbDE.exe
  C:\Windows\System\MpqxbDE.exe
  2⤵
  PID:10264
- C:\Windows\System\nmhvsju.exe
  C:\Windows\System\nmhvsju.exe
  2⤵
  PID:10340
- C:\Windows\System\RhbfElr.exe
  C:\Windows\System\RhbfElr.exe
  2⤵
  PID:5048
- C:\Windows\System\pORjSHc.exe
  C:\Windows\System\pORjSHc.exe
  2⤵
  PID:10448
- C:\Windows\System\pFPiKmD.exe
  C:\Windows\System\pFPiKmD.exe
  2⤵
  PID:10544
- C:\Windows\System\moTlyRX.exe
  C:\Windows\System\moTlyRX.exe
  2⤵
  PID:10568
- C:\Windows\System\QFEtdTE.exe
  C:\Windows\System\QFEtdTE.exe
  2⤵
  PID:10660
- C:\Windows\System\PeWkbNW.exe
  C:\Windows\System\PeWkbNW.exe
  2⤵
  PID:10716
- C:\Windows\System\kfdkhEJ.exe
  C:\Windows\System\kfdkhEJ.exe
  2⤵
  PID:10856
- C:\Windows\System\xlGypZT.exe
  C:\Windows\System\xlGypZT.exe
  2⤵
  PID:10876
- C:\Windows\System\zimFFcb.exe
  C:\Windows\System\zimFFcb.exe
  2⤵
  PID:10912
- C:\Windows\System\GEiblUM.exe
  C:\Windows\System\GEiblUM.exe
  2⤵
  PID:10828
- C:\Windows\System\zgyRSBy.exe
  C:\Windows\System\zgyRSBy.exe
  2⤵
  PID:10924
- C:\Windows\System\vwApnvx.exe
  C:\Windows\System\vwApnvx.exe
  2⤵
  PID:11044
- C:\Windows\System\hbRMHgP.exe
  C:\Windows\System\hbRMHgP.exe
  2⤵
  PID:11076
- C:\Windows\System\VbiBWki.exe
  C:\Windows\System\VbiBWki.exe
  2⤵
  PID:11180
- C:\Windows\System\iLpZWEu.exe
  C:\Windows\System\iLpZWEu.exe
  2⤵
  PID:11252
- C:\Windows\System\PwCrmFQ.exe
  C:\Windows\System\PwCrmFQ.exe
  2⤵
  PID:10304
- C:\Windows\System\vtReoQw.exe
  C:\Windows\System\vtReoQw.exe
  2⤵
  PID:10412
- C:\Windows\System\PgNudje.exe
  C:\Windows\System\PgNudje.exe
  2⤵
  PID:10572
- C:\Windows\System\HVmDRCw.exe
  C:\Windows\System\HVmDRCw.exe
  2⤵
  PID:10756
- C:\Windows\System\wwEYSuf.exe
  C:\Windows\System\wwEYSuf.exe
  2⤵
  PID:4964
- C:\Windows\System\bQkKHdG.exe
  C:\Windows\System\bQkKHdG.exe
  2⤵
  PID:10892
- C:\Windows\System\mdbDZxC.exe
  C:\Windows\System\mdbDZxC.exe
  2⤵
  PID:11000
- C:\Windows\System\ZkcBAJa.exe
  C:\Windows\System\ZkcBAJa.exe
  2⤵
  PID:11176
- C:\Windows\System\cqBTmAI.exe
  C:\Windows\System\cqBTmAI.exe
  2⤵
  PID:10476
- C:\Windows\System\OFDqyZJ.exe
  C:\Windows\System\OFDqyZJ.exe
  2⤵
  PID:10644
- C:\Windows\System\IvADlwy.exe
  C:\Windows\System\IvADlwy.exe
  2⤵
  PID:10968
- C:\Windows\System\cotmRuP.exe
  C:\Windows\System\cotmRuP.exe
  2⤵
  PID:3220
- C:\Windows\System\WYlVhMs.exe
  C:\Windows\System\WYlVhMs.exe
  2⤵
  PID:10564
- C:\Windows\System\JSjjwxk.exe
  C:\Windows\System\JSjjwxk.exe
  2⤵
  PID:10908
- C:\Windows\System\ljouYPH.exe
  C:\Windows\System\ljouYPH.exe
  2⤵
  PID:11188
- C:\Windows\System\qxWkXAz.exe
  C:\Windows\System\qxWkXAz.exe
  2⤵
  PID:11268
- C:\Windows\System\kdhFQxt.exe
  C:\Windows\System\kdhFQxt.exe
  2⤵
  PID:11304
- C:\Windows\System\IKrCTMy.exe
  C:\Windows\System\IKrCTMy.exe
  2⤵
  PID:11328
- C:\Windows\System\gVjNKoE.exe
  C:\Windows\System\gVjNKoE.exe
  2⤵
  PID:11352
- C:\Windows\System\IgWjdEN.exe
  C:\Windows\System\IgWjdEN.exe
  2⤵
  PID:11380
- C:\Windows\System\phozpmz.exe
  C:\Windows\System\phozpmz.exe
  2⤵
  PID:11396
- C:\Windows\System\USVBzTW.exe
  C:\Windows\System\USVBzTW.exe
  2⤵
  PID:11416
- C:\Windows\System\EgDqGAt.exe
  C:\Windows\System\EgDqGAt.exe
  2⤵
  PID:11480
- C:\Windows\System\bVZUhIM.exe
  C:\Windows\System\bVZUhIM.exe
  2⤵
  PID:11528
- C:\Windows\System\BZmXkSk.exe
  C:\Windows\System\BZmXkSk.exe
  2⤵
  PID:11552
- C:\Windows\System\iCQiMGL.exe
  C:\Windows\System\iCQiMGL.exe
  2⤵
  PID:11600
- C:\Windows\System\YRzpZhb.exe
  C:\Windows\System\YRzpZhb.exe
  2⤵
  PID:11632
- C:\Windows\System\YgzvPfw.exe
  C:\Windows\System\YgzvPfw.exe
  2⤵
  PID:11668
- C:\Windows\System\ZvvYoGu.exe
  C:\Windows\System\ZvvYoGu.exe
  2⤵
  PID:11700
- C:\Windows\System\qCfnZWD.exe
  C:\Windows\System\qCfnZWD.exe
  2⤵
  PID:11732
- C:\Windows\System\RBJnYTC.exe
  C:\Windows\System\RBJnYTC.exe
  2⤵
  PID:11752
- C:\Windows\System\khZWXIU.exe
  C:\Windows\System\khZWXIU.exe
  2⤵
  PID:11796
- C:\Windows\System\VbFjNLN.exe
  C:\Windows\System\VbFjNLN.exe
  2⤵
  PID:11832
- C:\Windows\System\ZExNgGV.exe
  C:\Windows\System\ZExNgGV.exe
  2⤵
  PID:11864
- C:\Windows\System\LULwDGM.exe
  C:\Windows\System\LULwDGM.exe
  2⤵
  PID:11896
- C:\Windows\System\waBQaDG.exe
  C:\Windows\System\waBQaDG.exe
  2⤵
  PID:11928
- C:\Windows\System\IkGgerO.exe
  C:\Windows\System\IkGgerO.exe
  2⤵
  PID:11960
- C:\Windows\System\TwXXepG.exe
  C:\Windows\System\TwXXepG.exe
  2⤵
  PID:11992
- C:\Windows\System\WFMmtnM.exe
  C:\Windows\System\WFMmtnM.exe
  2⤵
  PID:12024
- C:\Windows\System\MycVhpd.exe
  C:\Windows\System\MycVhpd.exe
  2⤵
  PID:12056
- C:\Windows\System\oXcncjv.exe
  C:\Windows\System\oXcncjv.exe
  2⤵
  PID:12088
- C:\Windows\System\IKLJIdO.exe
  C:\Windows\System\IKLJIdO.exe
  2⤵
  PID:12108
- C:\Windows\System\qdWxmEp.exe
  C:\Windows\System\qdWxmEp.exe
  2⤵
  PID:12128
- C:\Windows\System\EGUMQzS.exe
  C:\Windows\System\EGUMQzS.exe
  2⤵
  PID:12152
- C:\Windows\System\vJvVyaz.exe
  C:\Windows\System\vJvVyaz.exe
  2⤵
  PID:12192
- C:\Windows\System\mTvlpkH.exe
  C:\Windows\System\mTvlpkH.exe
  2⤵
  PID:12228
- C:\Windows\System\lBXbAzb.exe
  C:\Windows\System\lBXbAzb.exe
  2⤵
  PID:12264
- C:\Windows\System\Tsxuddo.exe
  C:\Windows\System\Tsxuddo.exe
  2⤵
  PID:11276
- C:\Windows\System\LjeJtPE.exe
  C:\Windows\System\LjeJtPE.exe
  2⤵
  PID:11348
- C:\Windows\System\acEzpkr.exe
  C:\Windows\System\acEzpkr.exe
  2⤵
  PID:11432
- C:\Windows\System\CXdgrBl.exe
  C:\Windows\System\CXdgrBl.exe
  2⤵
  PID:11512
- C:\Windows\System\RCEzlMh.exe
  C:\Windows\System\RCEzlMh.exe
  2⤵
  PID:11580
- C:\Windows\System\UGREaUB.exe
  C:\Windows\System\UGREaUB.exe
  2⤵
  PID:11624
- C:\Windows\System\qOkwEwh.exe
  C:\Windows\System\qOkwEwh.exe
  2⤵
  PID:11680
- C:\Windows\System\BPxPsob.exe
  C:\Windows\System\BPxPsob.exe
  2⤵
  PID:11764
- C:\Windows\System\hOdLmLV.exe
  C:\Windows\System\hOdLmLV.exe
  2⤵
  PID:11820
- C:\Windows\System\NvjuvWo.exe
  C:\Windows\System\NvjuvWo.exe
  2⤵
  PID:11876
- C:\Windows\System\zuHgqtG.exe
  C:\Windows\System\zuHgqtG.exe
  2⤵
  PID:11940
- C:\Windows\System\XbWcPMs.exe
  C:\Windows\System\XbWcPMs.exe
  2⤵
  PID:12004
- C:\Windows\System\vQygNiS.exe
  C:\Windows\System\vQygNiS.exe
  2⤵
  PID:12080
- C:\Windows\System\zYeZPll.exe
  C:\Windows\System\zYeZPll.exe
  2⤵
  PID:12120
- C:\Windows\System\hWzhJMh.exe
  C:\Windows\System\hWzhJMh.exe
  2⤵
  PID:12212
- C:\Windows\System\fMVhtgZ.exe
  C:\Windows\System\fMVhtgZ.exe
  2⤵
  PID:12280
- C:\Windows\System\oFAwZXD.exe
  C:\Windows\System\oFAwZXD.exe
  2⤵
  PID:11284
- C:\Windows\System\XfETOXF.exe
  C:\Windows\System\XfETOXF.exe
  2⤵
  PID:11412
- C:\Windows\System\hsgeUJT.exe
  C:\Windows\System\hsgeUJT.exe
  2⤵
  PID:11568
- C:\Windows\System\IyFrQLZ.exe
  C:\Windows\System\IyFrQLZ.exe
  2⤵
  PID:11684
- C:\Windows\System\NuJmLAu.exe
  C:\Windows\System\NuJmLAu.exe
  2⤵
  PID:11780
- C:\Windows\System\uRVBIZC.exe
  C:\Windows\System\uRVBIZC.exe
  2⤵
  PID:11880
- C:\Windows\System\PmOtnTJ.exe
  C:\Windows\System\PmOtnTJ.exe
  2⤵
  PID:11944
- C:\Windows\System\VPMepyG.exe
  C:\Windows\System\VPMepyG.exe
  2⤵
  PID:12008
- C:\Windows\System\cpiZmqD.exe
  C:\Windows\System\cpiZmqD.exe
  2⤵
  PID:12116
- C:\Windows\System\jNZHmXT.exe
  C:\Windows\System\jNZHmXT.exe
  2⤵
  PID:12260
- C:\Windows\System\wbzCTAE.exe
  C:\Windows\System\wbzCTAE.exe
  2⤵
  PID:11476
- C:\Windows\System\izlWmLV.exe
  C:\Windows\System\izlWmLV.exe
  2⤵
  PID:11912
- C:\Windows\System\gaqrAGv.exe
  C:\Windows\System\gaqrAGv.exe
  2⤵
  PID:12036
- C:\Windows\System\luFyWVd.exe
  C:\Windows\System\luFyWVd.exe
  2⤵
  PID:11320
- C:\Windows\System\YjlkAWU.exe
  C:\Windows\System\YjlkAWU.exe
  2⤵
  PID:12296
- C:\Windows\System\BOODUaE.exe
  C:\Windows\System\BOODUaE.exe
  2⤵
  PID:12320
- C:\Windows\System\wohctQg.exe
  C:\Windows\System\wohctQg.exe
  2⤵
  PID:12348
- C:\Windows\System\IgNUxEo.exe
  C:\Windows\System\IgNUxEo.exe
  2⤵
  PID:12384
- C:\Windows\System\BhlgeEP.exe
  C:\Windows\System\BhlgeEP.exe
  2⤵
  PID:12420
- C:\Windows\System\nnZRlIY.exe
  C:\Windows\System\nnZRlIY.exe
  2⤵
  PID:12464
- C:\Windows\System\BeofGoC.exe
  C:\Windows\System\BeofGoC.exe
  2⤵
  PID:12496
- C:\Windows\System\MrGtGXW.exe
  C:\Windows\System\MrGtGXW.exe
  2⤵
  PID:12536
- C:\Windows\System\pCUKCQA.exe
  C:\Windows\System\pCUKCQA.exe
  2⤵
  PID:12576
- C:\Windows\System\VlILctc.exe
  C:\Windows\System\VlILctc.exe
  2⤵
  PID:12608
- C:\Windows\System\mqsrFyc.exe
  C:\Windows\System\mqsrFyc.exe
  2⤵
  PID:12640
- C:\Windows\System\ZUxCsJf.exe
  C:\Windows\System\ZUxCsJf.exe
  2⤵
  PID:12680
- C:\Windows\System\QHcJgFV.exe
  C:\Windows\System\QHcJgFV.exe
  2⤵
  PID:12704
- C:\Windows\System\Faqsvgn.exe
  C:\Windows\System\Faqsvgn.exe
  2⤵
  PID:12736
- C:\Windows\System\HTPzXBZ.exe
  C:\Windows\System\HTPzXBZ.exe
  2⤵
  PID:12776
- C:\Windows\System\wtMUHPm.exe
  C:\Windows\System\wtMUHPm.exe
  2⤵
  PID:12808
- C:\Windows\System\aLyvGfM.exe
  C:\Windows\System\aLyvGfM.exe
  2⤵
  PID:12840
- C:\Windows\System\SQzjyqx.exe
  C:\Windows\System\SQzjyqx.exe
  2⤵
  PID:12872
- C:\Windows\System\yrMAfTP.exe
  C:\Windows\System\yrMAfTP.exe
  2⤵
  PID:12892
- C:\Windows\System\FtHQpxb.exe
  C:\Windows\System\FtHQpxb.exe
  2⤵
  PID:12908
- C:\Windows\System\XvgYBrm.exe
  C:\Windows\System\XvgYBrm.exe
  2⤵
  PID:12936
- C:\Windows\System\lvtgMEV.exe
  C:\Windows\System\lvtgMEV.exe
  2⤵
  PID:12952
- C:\Windows\System\XQlazra.exe
  C:\Windows\System\XQlazra.exe
  2⤵
  PID:12976
- C:\Windows\System\iQjMuCz.exe
  C:\Windows\System\iQjMuCz.exe
  2⤵
  PID:13028
- C:\Windows\System\aZFrrvJ.exe
  C:\Windows\System\aZFrrvJ.exe
  2⤵
  PID:13072
- C:\Windows\System\RbamiQq.exe
  C:\Windows\System\RbamiQq.exe
  2⤵
  PID:13096
- C:\Windows\System\JhttCRt.exe
  C:\Windows\System\JhttCRt.exe
  2⤵
  PID:13128
- C:\Windows\System\JAuytEZ.exe
  C:\Windows\System\JAuytEZ.exe
  2⤵
  PID:13192
- C:\Windows\System\LyWhEjx.exe
  C:\Windows\System\LyWhEjx.exe
  2⤵
  PID:13212
- C:\Windows\System\fxGmzGc.exe
  C:\Windows\System\fxGmzGc.exe
  2⤵
  PID:13252
- C:\Windows\System\bcICOrm.exe
  C:\Windows\System\bcICOrm.exe
  2⤵
  PID:13272
- C:\Windows\System\EJJPJOE.exe
  C:\Windows\System\EJJPJOE.exe
  2⤵
  PID:13292
- C:\Windows\System\WJDKfzy.exe
  C:\Windows\System\WJDKfzy.exe
  2⤵
  PID:11364
- C:\Windows\System\UqfVywP.exe
  C:\Windows\System\UqfVywP.exe
  2⤵
  PID:11848
- C:\Windows\System\hHKQQyz.exe
  C:\Windows\System\hHKQQyz.exe
  2⤵
  PID:12412
- C:\Windows\System\BlymKZw.exe
  C:\Windows\System\BlymKZw.exe
  2⤵
  PID:12456
- C:\Windows\System\gCycksx.exe
  C:\Windows\System\gCycksx.exe
  2⤵
  PID:12512
- C:\Windows\System\SWEPcrv.exe
  C:\Windows\System\SWEPcrv.exe
  2⤵
  PID:12604
- C:\Windows\System\IZnyEOo.exe
  C:\Windows\System\IZnyEOo.exe
  2⤵
  PID:12668
- C:\Windows\System\XjYwZRa.exe
  C:\Windows\System\XjYwZRa.exe
  2⤵
  PID:12696
- C:\Windows\System\aBvCsZD.exe
  C:\Windows\System\aBvCsZD.exe
  2⤵
  PID:12728
- C:\Windows\System\mAuejCT.exe
  C:\Windows\System\mAuejCT.exe
  2⤵
  PID:12768
- C:\Windows\System\iwiCpws.exe
  C:\Windows\System\iwiCpws.exe
  2⤵
  PID:12820
- C:\Windows\System\rzvHUrO.exe
  C:\Windows\System\rzvHUrO.exe
  2⤵
  PID:12852
- C:\Windows\System\CdhTlnA.exe
  C:\Windows\System\CdhTlnA.exe
  2⤵
  PID:1976
- C:\Windows\System\eLdRtPB.exe
  C:\Windows\System\eLdRtPB.exe
  2⤵
  PID:4048
- C:\Windows\System\cWxGgfA.exe
  C:\Windows\System\cWxGgfA.exe
  2⤵
  PID:12984
- C:\Windows\System\swRigFF.exe
  C:\Windows\System\swRigFF.exe
  2⤵
  PID:13024
- C:\Windows\System\XjUkXHU.exe
  C:\Windows\System\XjUkXHU.exe
  2⤵
  PID:13056
- C:\Windows\System\SdGWftY.exe
  C:\Windows\System\SdGWftY.exe
  2⤵
  PID:13108
- C:\Windows\System\hXncevc.exe
  C:\Windows\System\hXncevc.exe
  2⤵
  PID:13180
- C:\Windows\System\ukpyqhr.exe
  C:\Windows\System\ukpyqhr.exe
  2⤵
  PID:13280
- C:\Windows\System\bQfqHTF.exe
  C:\Windows\System\bQfqHTF.exe
  2⤵
  PID:12180
- C:\Windows\System\basfjLh.exe
  C:\Windows\System\basfjLh.exe
  2⤵
  PID:12332
- C:\Windows\System\ZUSQuxe.exe
  C:\Windows\System\ZUSQuxe.exe
  2⤵
  PID:12480
- C:\Windows\System\rVcUotZ.exe
  C:\Windows\System\rVcUotZ.exe
  2⤵
  PID:12600
- C:\Windows\System\hVUqIpw.exe
  C:\Windows\System\hVUqIpw.exe
  2⤵
  PID:4204
- C:\Windows\System\bxOdcle.exe
  C:\Windows\System\bxOdcle.exe
  2⤵
  PID:12948
- C:\Windows\System\jpRRVhz.exe
  C:\Windows\System\jpRRVhz.exe
  2⤵
  PID:13112
- C:\Windows\System\NfFZWdI.exe
  C:\Windows\System\NfFZWdI.exe
  2⤵
  PID:13092
- C:\Windows\System\ecEGjdz.exe
  C:\Windows\System\ecEGjdz.exe
  2⤵
  PID:13264
- C:\Windows\System\GudQrmp.exe
  C:\Windows\System\GudQrmp.exe
  2⤵
  PID:12164
- C:\Windows\System\yLijGaM.exe
  C:\Windows\System\yLijGaM.exe
  2⤵
  PID:12492
- C:\Windows\System\HNGnsjS.exe
  C:\Windows\System\HNGnsjS.exe
  2⤵
  PID:12564
- C:\Windows\System\hWxctPe.exe
  C:\Windows\System\hWxctPe.exe
  2⤵
  PID:13044
- C:\Windows\System\CNgtWeD.exe
  C:\Windows\System\CNgtWeD.exe
  2⤵
  PID:4740
- C:\Windows\System\XaqcKdV.exe
  C:\Windows\System\XaqcKdV.exe
  2⤵
  PID:13268
- C:\Windows\System\hypDGTs.exe
  C:\Windows\System\hypDGTs.exe
  2⤵
  PID:9932
- C:\Windows\System\rLrLqJf.exe
  C:\Windows\System\rLrLqJf.exe
  2⤵
  PID:9960
- C:\Windows\System\YeWokzI.exe
  C:\Windows\System\YeWokzI.exe
  2⤵
  PID:11656
- C:\Windows\System\VFtJDoY.exe
  C:\Windows\System\VFtJDoY.exe
  2⤵
  PID:12376
- C:\Windows\System\eQavigE.exe
  C:\Windows\System\eQavigE.exe
  2⤵
  PID:5036
- C:\Windows\System\kYDFZFy.exe
  C:\Windows\System\kYDFZFy.exe
  2⤵
  PID:13344
- C:\Windows\System\HCJUYzF.exe
  C:\Windows\System\HCJUYzF.exe
  2⤵
  PID:13376
- C:\Windows\System\iOkKDFr.exe
  C:\Windows\System\iOkKDFr.exe
  2⤵
  PID:13408
- C:\Windows\System\YtWDYXc.exe
  C:\Windows\System\YtWDYXc.exe
  2⤵
  PID:13444
- C:\Windows\System\GcBFimX.exe
  C:\Windows\System\GcBFimX.exe
  2⤵
  PID:13472
- C:\Windows\System\zdFChsp.exe
  C:\Windows\System\zdFChsp.exe
  2⤵
  PID:13516
- C:\Windows\System\EsNXaFL.exe
  C:\Windows\System\EsNXaFL.exe
  2⤵
  PID:13552
- C:\Windows\System\qnFJweK.exe
  C:\Windows\System\qnFJweK.exe
  2⤵
  PID:13588
- C:\Windows\System\FRBeKQW.exe
  C:\Windows\System\FRBeKQW.exe
  2⤵
  PID:13636
- C:\Windows\System\jTmEraz.exe
  C:\Windows\System\jTmEraz.exe
  2⤵
  PID:13660
- C:\Windows\System\fIAqJwW.exe
  C:\Windows\System\fIAqJwW.exe
  2⤵
  PID:13704
- C:\Windows\System\Ptrgtym.exe
  C:\Windows\System\Ptrgtym.exe
  2⤵
  PID:13752
- C:\Windows\System\OusOJGu.exe
  C:\Windows\System\OusOJGu.exe
  2⤵
  PID:13772
- C:\Windows\System\lkBENlg.exe
  C:\Windows\System\lkBENlg.exe
  2⤵
  PID:13800
- C:\Windows\System\wnovMTZ.exe
  C:\Windows\System\wnovMTZ.exe
  2⤵
  PID:13840
- C:\Windows\System\nlKdnrL.exe
  C:\Windows\System\nlKdnrL.exe
  2⤵
  PID:13880
- C:\Windows\System\sTauvdV.exe
  C:\Windows\System\sTauvdV.exe
  2⤵
  PID:13904
- C:\Windows\System\sApkhQv.exe
  C:\Windows\System\sApkhQv.exe
  2⤵
  PID:13936
- C:\Windows\System\HjjVpzl.exe
  C:\Windows\System\HjjVpzl.exe
  2⤵
  PID:13968
- C:\Windows\System\HKfcrwE.exe
  C:\Windows\System\HKfcrwE.exe
  2⤵
  PID:14000
- C:\Windows\System\zBZinCn.exe
  C:\Windows\System\zBZinCn.exe
  2⤵
  PID:14020
- C:\Windows\System\uGJtsVZ.exe
  C:\Windows\System\uGJtsVZ.exe
  2⤵
  PID:14064
- C:\Windows\System\YDLLUjQ.exe
  C:\Windows\System\YDLLUjQ.exe
  2⤵
  PID:14096
- C:\Windows\System\ANthvrU.exe
  C:\Windows\System\ANthvrU.exe
  2⤵
  PID:14140
- C:\Windows\System\txNdOGu.exe
  C:\Windows\System\txNdOGu.exe
  2⤵
  PID:14156
- C:\Windows\System\rrZvXra.exe
  C:\Windows\System\rrZvXra.exe
  2⤵
  PID:14172
- C:\Windows\System\ANHiqcx.exe
  C:\Windows\System\ANHiqcx.exe
  2⤵
  PID:14188
- C:\Windows\System\mJWiTMs.exe
  C:\Windows\System\mJWiTMs.exe
  2⤵
  PID:14208
- C:\Windows\System\lEFtOvj.exe
  C:\Windows\System\lEFtOvj.exe
  2⤵
  PID:14228
- C:\Windows\System\ALnVewy.exe
  C:\Windows\System\ALnVewy.exe
  2⤵
  PID:14272
- C:\Windows\System\pSmEjbI.exe
  C:\Windows\System\pSmEjbI.exe
  2⤵
  PID:14312
- C:\Windows\System\mxcFCcO.exe
  C:\Windows\System\mxcFCcO.exe
  2⤵
  PID:12832
- C:\Windows\System\IStSrVi.exe
  C:\Windows\System\IStSrVi.exe
  2⤵
  PID:2180
- C:\Windows\System\cwwZbMK.exe
  C:\Windows\System\cwwZbMK.exe
  2⤵
  PID:1088
- C:\Windows\System\AbMdzOT.exe
  C:\Windows\System\AbMdzOT.exe
  2⤵
  PID:13424
- C:\Windows\System\XhKYOjl.exe
  C:\Windows\System\XhKYOjl.exe
  2⤵
  PID:13528
- C:\Windows\System\qoZHKvV.exe
  C:\Windows\System\qoZHKvV.exe
  2⤵
  PID:13576
- C:\Windows\System\ThjsrSD.exe
  C:\Windows\System\ThjsrSD.exe
  2⤵
  PID:13568
- C:\Windows\System\gtTWcIa.exe
  C:\Windows\System\gtTWcIa.exe
  2⤵
  PID:13652
- C:\Windows\System\cENvMnQ.exe
  C:\Windows\System\cENvMnQ.exe
  2⤵
  PID:13728
- C:\Windows\System\Wuoeaut.exe
  C:\Windows\System\Wuoeaut.exe
  2⤵
  PID:13828
- C:\Windows\System\Nafjaca.exe
  C:\Windows\System\Nafjaca.exe
  2⤵
  PID:13920
- C:\Windows\System\XgIRFok.exe
  C:\Windows\System\XgIRFok.exe
  2⤵
  PID:13964
- C:\Windows\System\zXxLumz.exe
  C:\Windows\System\zXxLumz.exe
  2⤵
  PID:14044
- C:\Windows\System\GGHMEPv.exe
  C:\Windows\System\GGHMEPv.exe
  2⤵
  PID:14088
- C:\Windows\System\kgrGybu.exe
  C:\Windows\System\kgrGybu.exe
  2⤵
  PID:14204
- C:\Windows\System\jIvMdzO.exe
  C:\Windows\System\jIvMdzO.exe
  2⤵
  PID:14224
- C:\Windows\System\ZtnTPDb.exe
  C:\Windows\System\ZtnTPDb.exe
  2⤵
  PID:11008
- C:\Windows\System\muFacGQ.exe
  C:\Windows\System\muFacGQ.exe
  2⤵
  PID:9964
- C:\Windows\System\iyuQsxd.exe
  C:\Windows\System\iyuQsxd.exe
  2⤵
  PID:13440
- C:\Windows\System\LJOSzWG.exe
  C:\Windows\System\LJOSzWG.exe
  2⤵
  PID:13532
- C:\Windows\System\wmAGOPR.exe
  C:\Windows\System\wmAGOPR.exe
  2⤵
  PID:13764
- C:\Windows\System\QZVrwnx.exe
  C:\Windows\System\QZVrwnx.exe
  2⤵
  PID:4948
- C:\Windows\System\TeENMYu.exe
  C:\Windows\System\TeENMYu.exe
  2⤵
  PID:13900
- C:\Windows\System\OowNYBm.exe
  C:\Windows\System\OowNYBm.exe
  2⤵
  PID:13980
- C:\Windows\System\Wipmhba.exe
  C:\Windows\System\Wipmhba.exe
  2⤵
  PID:14164
- C:\Windows\System\lOVDRQB.exe
  C:\Windows\System\lOVDRQB.exe
  2⤵
  PID:14220
- C:\Windows\System\fgsYmzm.exe
  C:\Windows\System\fgsYmzm.exe
  2⤵
  PID:14260
- C:\Windows\System\moccwsZ.exe
  C:\Windows\System\moccwsZ.exe
  2⤵
  PID:13504
- C:\Windows\System\VAcPzNB.exe
  C:\Windows\System\VAcPzNB.exe
  2⤵
  PID:2664
- C:\Windows\System\wIfOUom.exe
  C:\Windows\System\wIfOUom.exe
  2⤵
  PID:4108
- C:\Windows\System\iHSCQHq.exe
  C:\Windows\System\iHSCQHq.exe
  2⤵
  PID:3432
- C:\Windows\System\HbiikLi.exe
  C:\Windows\System\HbiikLi.exe
  2⤵
  PID:14136
- C:\Windows\System\lJjqwsW.exe
  C:\Windows\System\lJjqwsW.exe
  2⤵
  PID:14304
- C:\Windows\System\BoMGtBO.exe
  C:\Windows\System\BoMGtBO.exe
  2⤵
  PID:2212
- C:\Windows\System\xikqqiK.exe
  C:\Windows\System\xikqqiK.exe
  2⤵
  PID:14028
- C:\Windows\System\JqpKQaN.exe
  C:\Windows\System\JqpKQaN.exe
  2⤵
  PID:14108
- C:\Windows\System\hbDPTRl.exe
  C:\Windows\System\hbDPTRl.exe
  2⤵
  PID:13432
- C:\Windows\System\MdDNSRb.exe
  C:\Windows\System\MdDNSRb.exe
  2⤵
  PID:3336
- C:\Windows\System\nWKjTPf.exe
  C:\Windows\System\nWKjTPf.exe
  2⤵
  PID:14348
- C:\Windows\System\uWrstuO.exe
  C:\Windows\System\uWrstuO.exe
  2⤵
  PID:14384
- C:\Windows\System\pAIjneY.exe
  C:\Windows\System\pAIjneY.exe
  2⤵
  PID:14408
- C:\Windows\System\WMXrHcp.exe
  C:\Windows\System\WMXrHcp.exe
  2⤵
  PID:14452
- C:\Windows\System\oeiKBUE.exe
  C:\Windows\System\oeiKBUE.exe
  2⤵
  PID:14480
- C:\Windows\System\dVKlFST.exe
  C:\Windows\System\dVKlFST.exe
  2⤵
  PID:14512
- C:\Windows\System\bWjuFgq.exe
  C:\Windows\System\bWjuFgq.exe
  2⤵
  PID:14560
- C:\Windows\System\MkRiTuk.exe
  C:\Windows\System\MkRiTuk.exe
  2⤵
  PID:14592
- C:\Windows\System\jDtibjg.exe
  C:\Windows\System\jDtibjg.exe
  2⤵
  PID:14640
- C:\Windows\System\zYzDlio.exe
  C:\Windows\System\zYzDlio.exe
  2⤵
  PID:14656
- C:\Windows\System\hsqOjmD.exe
  C:\Windows\System\hsqOjmD.exe
  2⤵
  PID:14688
- C:\Windows\System\TfPXXGS.exe
  C:\Windows\System\TfPXXGS.exe
  2⤵
  PID:14720
- C:\Windows\System\GiZqLNE.exe
  C:\Windows\System\GiZqLNE.exe
  2⤵
  PID:14752
- C:\Windows\System\MwmfeSD.exe
  C:\Windows\System\MwmfeSD.exe
  2⤵
  PID:14784
- C:\Windows\System\QuXpdQM.exe
  C:\Windows\System\QuXpdQM.exe
  2⤵
  PID:14816
- C:\Windows\System\DkVTrnJ.exe
  C:\Windows\System\DkVTrnJ.exe
  2⤵
  PID:14840
- C:\Windows\System\vdgfBXn.exe
  C:\Windows\System\vdgfBXn.exe
  2⤵
  PID:14868
- C:\Windows\System\cgtPuWC.exe
  C:\Windows\System\cgtPuWC.exe
  2⤵
  PID:14896
- C:\Windows\System\REePOFT.exe
  C:\Windows\System\REePOFT.exe
  2⤵
  PID:14916
- C:\Windows\System\puyvIUv.exe
  C:\Windows\System\puyvIUv.exe
  2⤵
  PID:14960
- C:\Windows\System\uAzauXg.exe
  C:\Windows\System\uAzauXg.exe
  2⤵
  PID:14992
- C:\Windows\System\zbudNQb.exe
  C:\Windows\System\zbudNQb.exe
  2⤵
  PID:15032
- C:\Windows\System\xzwAEKF.exe
  C:\Windows\System\xzwAEKF.exe
  2⤵
  PID:15056
- C:\Windows\System\bxtmJvn.exe
  C:\Windows\System\bxtmJvn.exe
  2⤵
  PID:15092
- C:\Windows\System\UcwSHaO.exe
  C:\Windows\System\UcwSHaO.exe
  2⤵
  PID:15124
- C:\Windows\System\bYgQaYW.exe
  C:\Windows\System\bYgQaYW.exe
  2⤵
  PID:15164
- C:\Windows\System\BlCLNEN.exe
  C:\Windows\System\BlCLNEN.exe
  2⤵
  PID:15192
- C:\Windows\System\UlSxSxi.exe
  C:\Windows\System\UlSxSxi.exe
  2⤵
  PID:15236
- C:\Windows\System\eYTtSNN.exe
  C:\Windows\System\eYTtSNN.exe
  2⤵
  PID:15268
- C:\Windows\System\ygQyGpM.exe
  C:\Windows\System\ygQyGpM.exe
  2⤵
  PID:15300
- C:\Windows\System\lssTMeV.exe
  C:\Windows\System\lssTMeV.exe
  2⤵
  PID:15320
- C:\Windows\System\WreHdMO.exe
  C:\Windows\System\WreHdMO.exe
  2⤵
  PID:15352
- C:\Windows\System\OIhGqhq.exe
  C:\Windows\System\OIhGqhq.exe
  2⤵
  PID:14360
- C:\Windows\System\GiMdbse.exe
  C:\Windows\System\GiMdbse.exe
  2⤵
  PID:14392
- C:\Windows\System\NEuBnmO.exe
  C:\Windows\System\NEuBnmO.exe
  2⤵
  PID:14504
- C:\Windows\System\NXQrdwO.exe
  C:\Windows\System\NXQrdwO.exe
  2⤵
  PID:14588
- C:\Windows\System\IKChwNz.exe
  C:\Windows\System\IKChwNz.exe
  2⤵
  PID:14632
- C:\Windows\System\JxCiiLT.exe
  C:\Windows\System\JxCiiLT.exe
  2⤵
  PID:14668
- C:\Windows\System\evlfCng.exe
  C:\Windows\System\evlfCng.exe
  2⤵
  PID:14740
- C:\Windows\System\RRhBfML.exe
  C:\Windows\System\RRhBfML.exe
  2⤵
  PID:14764
- C:\Windows\System\HXkzSCh.exe
  C:\Windows\System\HXkzSCh.exe
  2⤵
  PID:14848
- C:\Windows\System\vCrUVMM.exe
  C:\Windows\System\vCrUVMM.exe
  2⤵
  PID:14888
- C:\Windows\System\zBwizXr.exe
  C:\Windows\System\zBwizXr.exe
  2⤵
  PID:14940
- C:\Windows\System\cJdhtHS.exe
  C:\Windows\System\cJdhtHS.exe
  2⤵
  PID:4084
- C:\Windows\System\BfuhjHT.exe
  C:\Windows\System\BfuhjHT.exe
  2⤵
  PID:15048
- C:\Windows\System\HlQbEEI.exe
  C:\Windows\System\HlQbEEI.exe
  2⤵
  PID:15076
- C:\Windows\System\WeyOmVk.exe
  C:\Windows\System\WeyOmVk.exe
  2⤵
  PID:15172
- C:\Windows\System\WRolIPW.exe
  C:\Windows\System\WRolIPW.exe
  2⤵
  PID:15228
- C:\Windows\System\nYKgqts.exe
  C:\Windows\System\nYKgqts.exe
  2⤵
  PID:15288
- C:\Windows\System\lEOxHRd.exe
  C:\Windows\System\lEOxHRd.exe
  2⤵
  PID:15312
- C:\Windows\System\Vkopjph.exe
  C:\Windows\System\Vkopjph.exe
  2⤵
  PID:14344
- C:\Windows\System\akAoyMF.exe
  C:\Windows\System\akAoyMF.exe
  2⤵
  PID:14492
- C:\Windows\System\UaNfEDA.exe
  C:\Windows\System\UaNfEDA.exe
  2⤵
  PID:2412
- C:\Windows\System\EmTmBwn.exe
  C:\Windows\System\EmTmBwn.exe
  2⤵
  PID:14648
- C:\Windows\System\StmfRTP.exe
  C:\Windows\System\StmfRTP.exe
  2⤵
  PID:14736
- C:\Windows\System\aeouNhE.exe
  C:\Windows\System\aeouNhE.exe
  2⤵
  PID:3112
- C:\Windows\System\fuRmHBU.exe
  C:\Windows\System\fuRmHBU.exe
  2⤵
  PID:1316
- C:\Windows\System\jCVqVmC.exe
  C:\Windows\System\jCVqVmC.exe
  2⤵
  PID:15108
- C:\Windows\System\ItpSNlG.exe
  C:\Windows\System\ItpSNlG.exe
  2⤵
  PID:15292
- C:\Windows\System\wNxjoJX.exe
  C:\Windows\System\wNxjoJX.exe
  2⤵
  PID:15308
- C:\Windows\System\XGHUKUG.exe
  C:\Windows\System\XGHUKUG.exe
  2⤵
  PID:1588
- C:\Windows\System\ZxKXHce.exe
  C:\Windows\System\ZxKXHce.exe
  2⤵
  PID:14536
- C:\Windows\System\dfOlPXI.exe
  C:\Windows\System\dfOlPXI.exe
  2⤵
  PID:14652
- C:\Windows\System\KSaOYlv.exe
  C:\Windows\System\KSaOYlv.exe
  2⤵
  PID:1640
- C:\Windows\System\FonWuln.exe
  C:\Windows\System\FonWuln.exe
  2⤵
  PID:15152
- C:\Windows\System\HuvxFyn.exe
  C:\Windows\System\HuvxFyn.exe
  2⤵
  PID:14428
- C:\Windows\System\MaAJssa.exe
  C:\Windows\System\MaAJssa.exe
  2⤵
  PID:3532
- C:\Windows\System\RlzrIwp.exe
  C:\Windows\System\RlzrIwp.exe
  2⤵
  PID:3012
- C:\Windows\System\RMHUacF.exe
  C:\Windows\System\RMHUacF.exe
  2⤵
  PID:15072
- C:\Windows\System\HSoIjWE.exe
  C:\Windows\System\HSoIjWE.exe
  2⤵
  PID:14704
- C:\Windows\System\ZFKApYI.exe
  C:\Windows\System\ZFKApYI.exe
  2⤵
  PID:15364
- C:\Windows\System\PHXerQW.exe
  C:\Windows\System\PHXerQW.exe
  2⤵
  PID:15400
- C:\Windows\System\kjwDUAF.exe
  C:\Windows\System\kjwDUAF.exe
  2⤵
  PID:15428
- C:\Windows\System\MqsWjAA.exe
  C:\Windows\System\MqsWjAA.exe
  2⤵
  PID:15496
- C:\Windows\System\vQUcgal.exe
  C:\Windows\System\vQUcgal.exe
  2⤵
  PID:15524
- C:\Windows\System\FRyvQXI.exe
  C:\Windows\System\FRyvQXI.exe
  2⤵
  PID:15556
- C:\Windows\System\JCWcHbj.exe
  C:\Windows\System\JCWcHbj.exe
  2⤵
  PID:15592
- C:\Windows\System\eqekhTF.exe
  C:\Windows\System\eqekhTF.exe
  2⤵
  PID:15624
- C:\Windows\System\PDjsbPN.exe
  C:\Windows\System\PDjsbPN.exe
  2⤵
  PID:15656
- C:\Windows\System\HCDxqOx.exe
  C:\Windows\System\HCDxqOx.exe
  2⤵
  PID:15676
- C:\Windows\System\ByNgawK.exe
  C:\Windows\System\ByNgawK.exe
  2⤵
  PID:15720
- C:\Windows\System\NajpBNG.exe
  C:\Windows\System\NajpBNG.exe
  2⤵
  PID:15736
- C:\Windows\System\mEMWcmS.exe
  C:\Windows\System\mEMWcmS.exe
  2⤵
  PID:15768
- C:\Windows\System\AUfDHSp.exe
  C:\Windows\System\AUfDHSp.exe
  2⤵
  PID:15804
- C:\Windows\System\REiWHpB.exe
  C:\Windows\System\REiWHpB.exe
  2⤵
  PID:15832
- C:\Windows\System\yxptPVj.exe
  C:\Windows\System\yxptPVj.exe
  2⤵
  PID:15872
- C:\Windows\System\BCyFVLI.exe
  C:\Windows\System\BCyFVLI.exe
  2⤵
  PID:15908
- C:\Windows\System\FSvNDgT.exe
  C:\Windows\System\FSvNDgT.exe
  2⤵
  PID:15936
- C:\Windows\System\eIlhxew.exe
  C:\Windows\System\eIlhxew.exe
  2⤵
  PID:15976
- C:\Windows\System\kIdblRU.exe
  C:\Windows\System\kIdblRU.exe
  2⤵
  PID:16008
- C:\Windows\System\kOMlyWb.exe
  C:\Windows\System\kOMlyWb.exe
  2⤵
  PID:16024
- C:\Windows\System\StSfOVT.exe
  C:\Windows\System\StSfOVT.exe
  2⤵
  PID:16056
- C:\Windows\System\ckLCIPi.exe
  C:\Windows\System\ckLCIPi.exe
  2⤵
  PID:16080
- C:\Windows\System\buIHsXN.exe
  C:\Windows\System\buIHsXN.exe
  2⤵
  PID:16100
- C:\Windows\System\VxxZOKD.exe
  C:\Windows\System\VxxZOKD.exe
  2⤵
  PID:16128
- C:\Windows\System\adbwCDx.exe
  C:\Windows\System\adbwCDx.exe
  2⤵
  PID:16168
- C:\Windows\System\opxyMYS.exe
  C:\Windows\System\opxyMYS.exe
  2⤵
  PID:16184
- C:\Windows\System\KlobWIH.exe
  C:\Windows\System\KlobWIH.exe
  2⤵
  PID:16228
- C:\Windows\System\mXpjPSg.exe
  C:\Windows\System\mXpjPSg.exe
  2⤵
  PID:16296
- C:\Windows\System\xJCicux.exe
  C:\Windows\System\xJCicux.exe
  2⤵
  PID:16328
- C:\Windows\System\nCJPjEn.exe
  C:\Windows\System\nCJPjEn.exe
  2⤵
  PID:16360
- C:\Windows\System\vZMUVwm.exe
  C:\Windows\System\vZMUVwm.exe
  2⤵
  PID:2660
- C:\Windows\System\wFrZaLe.exe
  C:\Windows\System\wFrZaLe.exe
  2⤵
  PID:15380
- C:\Windows\System\UmgEwLT.exe
  C:\Windows\System\UmgEwLT.exe
  2⤵
  PID:15436
- C:\Windows\System\xotTVgY.exe
  C:\Windows\System\xotTVgY.exe
  2⤵
  PID:15472
- C:\Windows\System\yxalcwb.exe
  C:\Windows\System\yxalcwb.exe
  2⤵
  PID:15540
- C:\Windows\System\tACmygf.exe
  C:\Windows\System\tACmygf.exe
  2⤵
  PID:15604
- C:\Windows\System\xekyRow.exe
  C:\Windows\System\xekyRow.exe
  2⤵
  PID:15648
- C:\Windows\System\wIHSfmM.exe
  C:\Windows\System\wIHSfmM.exe
  2⤵
  PID:15684
- C:\Windows\System\aACZSvW.exe
  C:\Windows\System\aACZSvW.exe
  2⤵
  PID:4368
- C:\Windows\System\OkjlyWL.exe
  C:\Windows\System\OkjlyWL.exe
  2⤵
  PID:15788
- C:\Windows\System\suwPVUu.exe
  C:\Windows\System\suwPVUu.exe
  2⤵
  PID:15844
- C:\Windows\System\BMDqrTM.exe
  C:\Windows\System\BMDqrTM.exe
  2⤵
  PID:15856
- C:\Windows\System\tlrZpnN.exe
  C:\Windows\System\tlrZpnN.exe
  2⤵
  PID:15932
- C:\Windows\System\XFRgccD.exe
  C:\Windows\System\XFRgccD.exe
  2⤵
  PID:16000
- C:\Windows\System\mfXYXIG.exe
  C:\Windows\System\mfXYXIG.exe
  2⤵
  PID:16040
- C:\Windows\System\BQfGUDM.exe
  C:\Windows\System\BQfGUDM.exe
  2⤵
  PID:16068
- C:\Windows\System\jbjIvKh.exe
  C:\Windows\System\jbjIvKh.exe
  2⤵
  PID:16140
- C:\Windows\System\WvDxOEG.exe
  C:\Windows\System\WvDxOEG.exe
  2⤵
  PID:16208
- C:\Windows\System\wuWWMMt.exe
  C:\Windows\System\wuWWMMt.exe
  2⤵
  PID:16276
- C:\Windows\System\qmHQjUo.exe
  C:\Windows\System\qmHQjUo.exe
  2⤵
  PID:16324
- C:\Windows\System\hiAlWQM.exe
  C:\Windows\System\hiAlWQM.exe
  2⤵
  PID:16372
- C:\Windows\System\feYXPLS.exe
  C:\Windows\System\feYXPLS.exe
  2⤵
  PID:4384
- C:\Windows\System\tAVmgRE.exe
  C:\Windows\System\tAVmgRE.exe
  2⤵
  PID:15464
- C:\Windows\System\NSAXYmF.exe
  C:\Windows\System\NSAXYmF.exe
  2⤵
  PID:15616
- C:\Windows\System\pNaILRe.exe
  C:\Windows\System\pNaILRe.exe
  2⤵
  PID:4808
- C:\Windows\System\mZpuwAw.exe
  C:\Windows\System\mZpuwAw.exe
  2⤵
  PID:15796
- C:\Windows\System\AWCnkjK.exe
  C:\Windows\System\AWCnkjK.exe
  2⤵
  PID:15812
- C:\Windows\System\eUnzgAz.exe
  C:\Windows\System\eUnzgAz.exe
  2⤵
  PID:15880
- C:\Windows\System\KYbAYRs.exe
  C:\Windows\System\KYbAYRs.exe
  2⤵
  PID:15920
- C:\Windows\System\XPFIjgn.exe
  C:\Windows\System\XPFIjgn.exe
  2⤵
  PID:4440
- C:\Windows\System\bUDFREy.exe
  C:\Windows\System\bUDFREy.exe
  2⤵
  PID:16164
- C:\Windows\System\WetHdVk.exe
  C:\Windows\System\WetHdVk.exe
  2⤵
  PID:2264
- C:\Windows\System\JnvkgEo.exe
  C:\Windows\System\JnvkgEo.exe
  2⤵
  PID:16312
- C:\Windows\System\OtkHOFC.exe
  C:\Windows\System\OtkHOFC.exe
  2⤵
  PID:2900
- C:\Windows\System\OYmnCwY.exe
  C:\Windows\System\OYmnCwY.exe
  2⤵
  PID:1664
- C:\Windows\System\atGSuQX.exe
  C:\Windows\System\atGSuQX.exe
  2⤵
  PID:3644
- C:\Windows\System\EWQLYzV.exe
  C:\Windows\System\EWQLYzV.exe
  2⤵
  PID:1600
- C:\Windows\System\lbmqwoq.exe
  C:\Windows\System\lbmqwoq.exe
  2⤵
  PID:3416
- C:\Windows\System\tsBCZzL.exe
  C:\Windows\System\tsBCZzL.exe
  2⤵
  PID:15944
- C:\Windows\System\MrwIskC.exe
  C:\Windows\System\MrwIskC.exe
  2⤵
  PID:2444
- C:\Windows\System\UrojGRG.exe
  C:\Windows\System\UrojGRG.exe
  2⤵
  PID:16072
- C:\Windows\System\biVyleD.exe
  C:\Windows\System\biVyleD.exe
  2⤵
  PID:2052
- C:\Windows\System\bINfCWd.exe
  C:\Windows\System\bINfCWd.exe
  2⤵
  PID:4380
- C:\Windows\System\PgezYxu.exe
  C:\Windows\System\PgezYxu.exe
  2⤵
  PID:4484
- C:\Windows\System\JyUNXLX.exe
  C:\Windows\System\JyUNXLX.exe
  2⤵
  PID:4176
- C:\Windows\System\airyskn.exe
  C:\Windows\System\airyskn.exe
  2⤵
  PID:2220
- C:\Windows\System\VYHfewV.exe
  C:\Windows\System\VYHfewV.exe
  2⤵
  PID:4424
- C:\Windows\System\prjGnJG.exe
  C:\Windows\System\prjGnJG.exe
  2⤵
  PID:3980
- C:\Windows\System\lqmRDcD.exe
  C:\Windows\System\lqmRDcD.exe
  2⤵
  PID:1512
- C:\Windows\System\gDuIfhw.exe
  C:\Windows\System\gDuIfhw.exe
  2⤵
  PID:16004
- C:\Windows\System\rLVDHny.exe
  C:\Windows\System\rLVDHny.exe
  2⤵
  PID:1648
- C:\Windows\System\ehNjyDu.exe
  C:\Windows\System\ehNjyDu.exe
  2⤵
  PID:2440
- C:\Windows\System\LNqVxVg.exe
  C:\Windows\System\LNqVxVg.exe
  2⤵
  PID:2684
- C:\Windows\System\bKoryNs.exe
  C:\Windows\System\bKoryNs.exe
  2⤵
  PID:1488
- C:\Windows\System\iuKHmEe.exe
  C:\Windows\System\iuKHmEe.exe
  2⤵
  PID:4404
- C:\Windows\System\SrtrXeP.exe
  C:\Windows\System\SrtrXeP.exe
  2⤵
  PID:2096
- C:\Windows\System\hnewwOo.exe
  C:\Windows\System\hnewwOo.exe
  2⤵
  PID:15824
- C:\Windows\System\jTKyolF.exe
  C:\Windows\System\jTKyolF.exe
  2⤵
  PID:3920
- C:\Windows\System\oodFuCH.exe
  C:\Windows\System\oodFuCH.exe
  2⤵
  PID:2748

Network

DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.ax-0001.ax-msedge.net

g-bing-com.ax-0001.ax-msedge.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f3a3b45af0844abfa324edb13a8db5a9&localId=w:20F8B246-B7E0-8A84-5B23-1CCEC77318F6&deviceId=6825842710398056&anid=

Remote address:

150.171.28.10:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f3a3b45af0844abfa324edb13a8db5a9&localId=w:20F8B246-B7E0-8A84-5B23-1CCEC77318F6&deviceId=6825842710398056&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=370D6282DD7A631218C77704DC4B62A9; domain=.bing.com; expires=Thu, 26-Feb-2026 01:00:58 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 66457047F3B6470296A05FDFF6302770 Ref B: LON601060101031 Ref C: 2025-02-01T01:00:58Z
date: Sat, 01 Feb 2025 01:00:58 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f3a3b45af0844abfa324edb13a8db5a9&localId=w:20F8B246-B7E0-8A84-5B23-1CCEC77318F6&deviceId=6825842710398056&anid=

Remote address:

150.171.28.10:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f3a3b45af0844abfa324edb13a8db5a9&localId=w:20F8B246-B7E0-8A84-5B23-1CCEC77318F6&deviceId=6825842710398056&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=370D6282DD7A631218C77704DC4B62A9

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=6vD7w5XZ4B5-zLJs9Dfahqy8U71ou_MSwwUtUMInfTg; domain=.bing.com; expires=Thu, 26-Feb-2026 01:00:58 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A659BE70F1374658867B330D9FB86244 Ref B: LON601060101031 Ref C: 2025-02-01T01:00:58Z
date: Sat, 01 Feb 2025 01:00:58 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f3a3b45af0844abfa324edb13a8db5a9&localId=w:20F8B246-B7E0-8A84-5B23-1CCEC77318F6&deviceId=6825842710398056&anid=

Remote address:

150.171.28.10:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f3a3b45af0844abfa324edb13a8db5a9&localId=w:20F8B246-B7E0-8A84-5B23-1CCEC77318F6&deviceId=6825842710398056&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=370D6282DD7A631218C77704DC4B62A9; MSPTC=6vD7w5XZ4B5-zLJs9Dfahqy8U71ou_MSwwUtUMInfTg

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 63591C5E4AB5480181D64F39EF07E806 Ref B: LON601060101031 Ref C: 2025-02-01T01:00:59Z
date: Sat, 01 Feb 2025 01:00:58 GMT
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

10.28.171.150.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.28.171.150.in-addr.arpa

IN PTR

Response
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

167.173.78.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

167.173.78.104.in-addr.arpa

IN PTR

Response

167.173.78.104.in-addr.arpa

IN PTR

a104-78-173-167deploystaticakamaitechnologiescom
DNS

68.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.159.190.20.in-addr.arpa

IN PTR

Response
DNS

13.153.16.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.153.16.2.in-addr.arpa

IN PTR

Response

13.153.16.2.in-addr.arpa

IN PTR

a2-16-153-13deploystaticakamaitechnologiescom
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

53.210.109.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

53.210.109.20.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

166.190.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

166.190.18.2.in-addr.arpa

IN PTR

Response

166.190.18.2.in-addr.arpa

IN PTR

a2-18-190-166deploystaticakamaitechnologiescom

150.171.28.10:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f3a3b45af0844abfa324edb13a8db5a9&localId=w:20F8B246-B7E0-8A84-5B23-1CCEC77318F6&deviceId=6825842710398056&anid=

tls, http2

2.0kB
9.4kB
21
19

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f3a3b45af0844abfa324edb13a8db5a9&localId=w:20F8B246-B7E0-8A84-5B23-1CCEC77318F6&deviceId=6825842710398056&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f3a3b45af0844abfa324edb13a8db5a9&localId=w:20F8B246-B7E0-8A84-5B23-1CCEC77318F6&deviceId=6825842710398056&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f3a3b45af0844abfa324edb13a8db5a9&localId=w:20F8B246-B7E0-8A84-5B23-1CCEC77318F6&deviceId=6825842710398056&anid=

HTTP Response

204

8.8.8.8:53

g.bing.com

dns

56 B
148 B
1
1

DNS Request

g.bing.com

DNS Response

150.171.28.10

150.171.27.10
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

10.28.171.150.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

10.28.171.150.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa
8.8.8.8:53

167.173.78.104.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

167.173.78.104.in-addr.arpa
8.8.8.8:53

68.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

68.159.190.20.in-addr.arpa
8.8.8.8:53

13.153.16.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

13.153.16.2.in-addr.arpa
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

26.35.223.20.in-addr.arpa
8.8.8.8:53

53.210.109.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

53.210.109.20.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

166.190.18.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

166.190.18.2.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BureGOD.exe

Filesize
5.7MB

MD5
83d452c0a36e9b9e8a94c1a16b134f7a

SHA1
6b7dccc7826827478128413f1d732dbdbb71e4ba

SHA256
5732eabded280dc9ee44bf33becc957063b581a6c1c893f0f0efda27055e57c1

SHA512
93b0e3ac9f09904418ddb7b211f811d67420793074bc2250c91ab64ed95f0cba1fb77612090dcc1d387d11e280273e508a1dcf392fe8af20c6392b86f4c46c0b

Download Submit
C:\Windows\System\FNHJtxj.exe

Filesize
5.7MB

MD5
a9ce0afdfbd4dbe9f354d70225b5c3fc

SHA1
531d629137ba6244f2d63157d93efa4c192cac10

SHA256
265858957801ca4908422c6218a010d3f1e318cca3cf2133d8c94ea646af7b93

SHA512
b5bca84605e97ca2a465318eca811636f388255a4b720653fdfeddde9e39c71e4e884442957052e23a20c3598ff35f2dd836f353e1a7a39b435f04a9ef964cfe

Download Submit
C:\Windows\System\FjRqfIm.exe

Filesize
5.7MB

MD5
7bc6746f27d60ec0444ddb8145e5352b

SHA1
c6d966fa211018549575898125c768355cd68638

SHA256
808f67753d28bfd0180c698f2c8a49d6b95fe641393eb731348fc7f4e6f8cc57

SHA512
50b4ef602fafc27b04517e665b44516133b99371365d5d21c303ebf0fd827a45668ea8215e9e333a39223876b25cf37e988f15b98e306219493cf9bebf8a9483

Download Submit
C:\Windows\System\FypMxKl.exe

Filesize
5.7MB

MD5
7d8e2e52751992c5d6602d90534c1a17

SHA1
73788418e25e33e100f693cd4e910805b2b4223b

SHA256
121a8b4393762b588d4ed6ba6298f9257eef5530a3f0a563f24313e3aec1806e

SHA512
225c8aae2d98021134fe8f936b0d4d2165c1b5f58a57042d3ef4fcd3d1a50547c975132d054c55218d2d5dfd66ad62423cfa4cc49c509094668017c247a16548

Download Submit
C:\Windows\System\ITpNzHG.exe

Filesize
5.7MB

MD5
e104ec6586a557832e15fa1f71725101

SHA1
78ded84bb9589e1ac686e539dcc5e1fad70ee1b1

SHA256
cef9663706d0ad903b6068fe4634579450a3d07e14a8e5fd872fcb9be383edd8

SHA512
cb1ca4f93dddcf716b7af022aa6e56d6dd15496dcf8f6f93c80c4366a1a47e669f438d69997f8fc3db6510bd5216f80bf6235a0523c79570030003e2c05854d1

Download Submit
C:\Windows\System\OEbuveX.exe

Filesize
5.7MB

MD5
d27f22f9d146e423cb23bfe63334424f

SHA1
c615869291d4e12741537fa66db872530b2b4efd

SHA256
c006058d7f3f2024fe507c5120cb34b83ea08fb93dd117ef66ba01e9b61fb565

SHA512
7fbd1f33bb4199abc198b229f4ac970f8314cbaf585e7bdb7b434a8ba933e9232ef1c0f6329b699e2dedd7a100165f7f98a3fd259f6feeab2178017c9a02fe87

Download Submit
C:\Windows\System\OXhNidL.exe

Filesize
5.7MB

MD5
60c4f25c90dcc4c132b6e2ddced7e2d5

SHA1
099cc95e8d1db814be51833fb341f25d94e6988e

SHA256
89333f1218897e936a01e5aa9fbe0f17202f5af38880ee4257874825e78258ce

SHA512
b6e64ddafbe5225070b3e2661e7d01c8b41253d8e2023d1314a0fa5987417eb2887cb39e740f38f34b87e90c2b4f8d0ba117350ba1ad02119906b1d3fbc787e9

Download Submit
C:\Windows\System\QLZeeqc.exe

Filesize
5.7MB

MD5
139f9780a7bb864ff43c7606262ce9eb

SHA1
4fbe8f19c3b81688379ddfcf3c796b2377be9305

SHA256
b601c0efac3703bab4762d419e3f64d22eb315bd2535b310e866554327b661b9

SHA512
e785f51b98782250da09e65e12f4336a37c1034dc01d95792c45740cb0cb1e98bfcad6da1583415ae1f0e511b59b4d72dd937972f35e121f8b6b45167928ac0e

Download Submit
C:\Windows\System\RfVcaov.exe

Filesize
5.7MB

MD5
fdb1e521626cc93495bb908368f960bd

SHA1
e6f60285a6bd2758e90ababec3c2bd87552b137a

SHA256
d6a9d5b70c7fa448750ca388ff6057a099bcf9353e01a1afd6ca06f1e71fec19

SHA512
92f65bd4b7af49ec00dfc72fe53e3ae9d05f3a77de132bad62ecbb8152045684d9d2535873b2c7ba2cb6480547c5e40ff5c2a570a75139a95f663f75366669d0

Download Submit
C:\Windows\System\VectAFc.exe

Filesize
5.7MB

MD5
8429af8d8ed564a5b9f47d0d4d41672d

SHA1
256d31f13ca6f4f16b450037b9d666b66ce5fccf

SHA256
0350ec2a566b1d641a23ae4b94aabadfd3cd4e9df1dc10ab6e9bbc95f8a8c8c1

SHA512
3536184720d6731d55f5ab34ba966b694c264e3b2dc0806c560c1f824656212341051397ec8c423e2f3a712fd3febadcaf8436cfe569fffcac4ef508d2afc2d6

Download Submit
C:\Windows\System\Wqookma.exe

Filesize
5.7MB

MD5
675b7ea4926c5dc3b9b0e1feffd1f651

SHA1
8fe1bb8d7a30a69a4ac32414d2edb816d4399f6e

SHA256
1a639312ccbb3d141b8b3d3becad46aa3ded66574ffbdcfa46b46491317f5ec9

SHA512
27e66631dd195b70472cdfda3d54fa9f65b61ae170a94451d1f96086dc97fa7b4af195cd98b703ef860696f4a8ad99687360d2296fc5adb6e841470c2f7db612

Download Submit
C:\Windows\System\aeCECTi.exe

Filesize
5.7MB

MD5
0b54816471c3fc9efe5f12f86718860d

SHA1
0f0d0a1e74217ba93a466c60a54a062120c43623

SHA256
2f626de81df846f71012442392ee792798a62a14a0c817ea1a60f95a6a580bf5

SHA512
ae8fc5b4400fc25e41a4363dec4d99c154d8e6ecac7aa519429916e6c671d3a70f70fbea11233b756f4239e582fbf848b156fd1a778062db239e0c2f654e4110

Download Submit
C:\Windows\System\eMiHaxa.exe

Filesize
5.7MB

MD5
9d09ee234bdbf0daa4ec25f9f6d64761

SHA1
c01b561cc919eef2505ebcf73ee0ef4e81a7cf22

SHA256
1c11dd6601766729acdac5658019bf5e3b36ceb1bc3ec9aac82bdcd3d4b91e5e

SHA512
72c0a012712c804005b760897214cda8f3385ad657aa3ff3ceb34955bf9f54ce3bf357dc42c32040edd5c2ae799255e47acc53714f0c183dfbca1b1ffb899520

Download Submit
C:\Windows\System\eqCEWcs.exe

Filesize
5.7MB

MD5
89a8348a8b4c2e7124fb88036518995e

SHA1
904dfbaed8849ded469a9d8880bf8c783c69e780

SHA256
8a31823cf963a31d6f2aed8f3709f544f73e66c062f17146331cf2eb7c8bd2ae

SHA512
b69509973f63e4d0cc7e8e6aae78dbfeb5170d28c47a69decd8aff7f6034b5b9e0a88de2fa7b6e2a50e43d28169f077ab16749a2a72841e93c8f18959c53abd1

Download Submit
C:\Windows\System\fIttGII.exe

Filesize
5.7MB

MD5
b2abc8fafee5a14e20c0b8c621e485fc

SHA1
d4fdacdd288ce6de434fa94eeea9a61764649aaf

SHA256
771f783d24c025ebeb8751cdc14a962ea02932ce3dd9d81f0c35de350e14bc89

SHA512
a2376677e0c4fadaca95f26027e3a4fb7e1e36ae7b04ec8d60c414819fec06f0407226b205835276adeab81058fff065c1a959c62f6cac2ec449256034eb8f0d

Download Submit
C:\Windows\System\fOIEyil.exe

Filesize
5.7MB

MD5
8b79b6b10cd7bc0cee7463a7489b9375

SHA1
16b297fc7fbc2f81ddc3540f56ddd585e428c559

SHA256
0606a35e3d7a8003a7cb145613a807519795af90851f0ab15cd312fb0535014d

SHA512
a3d2d6d333d6f255d6c1e883150f2284f2142ae010634837451c0b0c89c9388598269217a7ccb40c6f2ef62f774ccb35aff71e6d8bfa0dd6a96779ce5e4b5024

Download Submit
C:\Windows\System\gxjTElT.exe

Filesize
5.7MB

MD5
e0fab69e8ea69f8cf8a705df801a1109

SHA1
b16ec26a95247b1dc25ef9d8f2765b8a259e2268

SHA256
9f801127f7b72ff64d74ea6c43f98e147971e6cbff0f69ccfff75b51df15b7a6

SHA512
656020287825aa5d2d45ebd1bfdc7619bb7d9e6a309996acfe997cfe97ec28b48fbbf26a954ee29513ba8484ae52a5f1ea320f439b49921493310b06190b3fd2

Download Submit
C:\Windows\System\iVGThVU.exe

Filesize
5.7MB

MD5
9b77452a6383a6d59e34d52080705f38

SHA1
a3e3844b3e29a0f496505ffd68c8537806316d47

SHA256
a8b3c7bc29082478680ae5561da0e3e724d6c00cef087aac12d1d45539a2a2e8

SHA512
0b435d23b38543c887a13d110f09ecc0aa5de514f692a73c74dd050cb1cec92b35947973ea918d5123d74c00358d1885274fac64ded32613b3a46f1812272cf5

Download Submit
C:\Windows\System\jjitRGm.exe

Filesize
5.7MB

MD5
c0ee630d32c778aa3f2d1e7c6a606807

SHA1
9e12d685d260a032edf02c46c91ecf13728ba6c8

SHA256
83ed31366c69e69da5f87022c83d50e2f783796bcd984d59909f629d18bbf62f

SHA512
98f470bf80e4cbe5347db7e5038a8a9a3ea5bf8290e231aa2ecc8036375bf5e2f6f2f7f5e1f9b2e8e160324a85193da93267f2baa2ace12aacdbbad6424aee0b

Download Submit
C:\Windows\System\juXKmAj.exe

Filesize
5.7MB

MD5
ad5df39fac94492a540325ecf73f251a

SHA1
6606186b04084be45138e247748cdae2b46f61b5

SHA256
b5227f1e894418edb0e5c65feaa7bc7cd265eb13261df2c017a98dc09c113e62

SHA512
8d4db276a9e15b18027202447bb7416362a3ac23fbbcc1ff1317703e404d1d9a059c169cfa04448e0c3f789a51cbe2b29cedd3e42e8c97a34751036ee394f9f0

Download Submit
C:\Windows\System\nByjikR.exe

Filesize
5.7MB

MD5
28738fc2c43785acb5d358211329c0b9

SHA1
1f3742c985af1ad1381e4c68feb8de5e1b057bbb

SHA256
321ef537cc67a120ac08d96689e1da8511ab25016cf4945a63f95968c3c784b4

SHA512
03ac62fb949cb828caab34238facb51dd7e6fcd107c3d63007272c2379494da2713dc5725a18f744f6313c141aacbb45cb65b1091d3b672219ac40292245bc5b

Download Submit
C:\Windows\System\nMTReWv.exe

Filesize
5.7MB

MD5
65181bd594f529158ee8c6fd983faf70

SHA1
7ee0820d86493f9ed5c7983e05fe7a063143dd66

SHA256
41755305f86c6d9ba484d41a679bb2885f7f348290febd26fa8bb10a6a6f54a0

SHA512
1a8e4f99c275d9d978fee436cdcb836e70bfc2e0b1696960c1f7f41e2a28811b28f98e4bf4b0bf22888c0c4ea1eae582eb43690df10de136af3e800f805d95f0

Download Submit
C:\Windows\System\pNwOCaW.exe

Filesize
5.7MB

MD5
01cb33d1ce3f9e4f00d7eadf88152706

SHA1
b3273950202ba9a3fad3f5dff4851b121e91bb4e

SHA256
af9396cb2f0cc84c1bd9508d4b03274e83619e1d43c1bef05adc48d46312251a

SHA512
2fd5103b8330f7ddb91c572c44635be941c4a91014a7caffa3437be0d7ae4a09c2ceb1acb394901320aa784133a03a26d3b9b69007d340809d2bf76bb9c970b6

Download Submit
C:\Windows\System\phLHPuI.exe

Filesize
5.7MB

MD5
ac003f1ea093995eaa637bbb1d08e5b0

SHA1
58addedd04883982eb207d9f2b6a80ab9e858d29

SHA256
fc34cc89a89b85f964f471440689be25894cc0b73c75be05df305d4ca1d93d3e

SHA512
2ab47fa5f6e41b0d835a6b853ee88c7c1eea36043563a147056aca11e48a2ce42c11e09fa73f94cbc6fef7f88584b64affd13418823e875868380ccadb23487a

Download Submit
C:\Windows\System\qkLjIKS.exe

Filesize
5.7MB

MD5
fd74b9b21aa288c27603afc30bbf3763

SHA1
220156e4af4cde67f669f1692bbbe414bdbc9e98

SHA256
0cf03d18f9c226bf2adc1b10b4823e9044de9348c5e71018d3ff410a0f79e4c2

SHA512
99326ba5093a735a63c5e19de8017f347da6d290fdd742ef6f3c51d7c121b3ae8ccb1859c9e7cae4fa8e4d7ab3fb71c240dd28afba0de168112c0f86203b1a51

Download Submit
C:\Windows\System\qoMjjFd.exe

Filesize
5.7MB

MD5
4e1e84e7c19efe7bb94d8c70dafdfac4

SHA1
de255eb48501567762fe69da8fcee6b2072a429a

SHA256
182be7c1471c44c33022f6683e8d4cb37c2e15d36295f29581cb44ee7881f9e8

SHA512
2334dedb44d4532ddf18c0c54aa9d40f57ad499b1c47cde75fa1f86d87ead33f5fa7105073be40cc1ccf91495d559358e7167005e6c34f712f2225d583d8c23c

Download Submit
C:\Windows\System\rhEOzFo.exe

Filesize
5.7MB

MD5
c93522712279c29f951475f515499315

SHA1
3924eb816da2348249fbb2767f02538ffe8d12d7

SHA256
323e6e075bd82468de368ad520433382694de98dd8521146590fbc4b6e34c21b

SHA512
47bb9c2c9a3d6dda199f8277b264e950b380c97eff993a27cbb926888926b7f09e12b3ce81187a357aedf3d7a0c1e18d1d175cd76c3566473e763db2b60cacce

Download Submit
C:\Windows\System\rttVkLo.exe

Filesize
5.7MB

MD5
d9faa98e7bf12825e1849909f26a2cb2

SHA1
259c370bc1016ac59afc3e3496f3cd2d9e2c20ef

SHA256
9f01499a63f283a14ba85066149a3b0ad8ecb3d61bbcb3b9355d2223ec4ed380

SHA512
15e3bff2a5804cf10865bcd627d7bf0bf617d2e5fc1d657873db058483cb9f10071d7312fa5b35bd1f5c1f8a330a07f51ff48583f8210ede859d0ad07d1ce26d

Download Submit
C:\Windows\System\tmZaktn.exe

Filesize
5.7MB

MD5
ecd673a2d15beca71b91855da4d13267

SHA1
e24c66aecb281e3a971b6a316c48a52f4c100c72

SHA256
1f8074fb73fec5ce6fe0589f3db4447bb825478775bdf463d790839e86bbfe72

SHA512
54872ed3a9f81e28661cf0c52ee4a81e0cab941646e371aa9995d3a1ef1af635638b2df92029a3d19264282cd9b2a705bd8536d7786013d80b39228a7885f20a

Download Submit
C:\Windows\System\trvwTsI.exe

Filesize
5.7MB

MD5
8892007d54aba1f7b31cae73dc992eb7

SHA1
5032a1f92074ad3385280dfb81a36f9e2432dd39

SHA256
09c43c3be339efe677a5128044db88346458e9ec53d47b756fd3da93b94ca280

SHA512
b23b3e07ff347ac95e8f62d04cb907fa072e33813aaf6dc6a5f31e4a13a9598addfe9e932ca2620c8517922bab8111593265d151936e21a1eceac67e0bc84692

Download Submit
C:\Windows\System\vDXsUNu.exe

Filesize
5.7MB

MD5
a051c46687f975eefdbd4fd57c4e528f

SHA1
84a6976269eb881d47f6d0775bcb4190413fa183

SHA256
276403886bcf75e71ef6b3400f88f94adaa75967cd9b7067ddc480d2b101e6bc

SHA512
79e80cbba0c04b472cf39be70a77810d20c6882d12e56946ce5517d6040cdbace776f0b192d228de76420a6710592267fb2ca50b0de15ac48549b04385585226

Download Submit
C:\Windows\System\zVsVAys.exe

Filesize
5.7MB

MD5
9ca4a93ff607388b4f2b0a5a8f45e13c

SHA1
c2a23df92098b60d59bcf01022435c5f2b51d1e9

SHA256
5495e09b7894045c2466ca6a7ae83905dfa687f950bbebe97e81667bf83964cb

SHA512
bc0abe6fd5a18bf0127a0c716a5784423fe130e775c56f81e6344d01bcde347578f18d96e8daeb4dbc3a987ce2ca5b8f49de68c459100b258d71ab065a226b27

Download Submit
memory/220-121-0x00007FF68CE10000-0x00007FF68D15D000-memory.dmp

Filesize
3.3MB

Download
memory/644-91-0x00007FF7E3890000-0x00007FF7E3BDD000-memory.dmp

Filesize
3.3MB

Download
memory/772-63-0x00007FF6BDD90000-0x00007FF6BE0DD000-memory.dmp

Filesize
3.3MB

Download
memory/1568-151-0x00007FF717180000-0x00007FF7174CD000-memory.dmp

Filesize
3.3MB

Download
memory/1632-169-0x00007FF6924C0000-0x00007FF69280D000-memory.dmp

Filesize
3.3MB

Download
memory/1668-139-0x00007FF73CC50000-0x00007FF73CF9D000-memory.dmp

Filesize
3.3MB

Download
memory/1708-88-0x00007FF7F4160000-0x00007FF7F44AD000-memory.dmp

Filesize
3.3MB

Download
memory/2132-163-0x00007FF6B3CF0000-0x00007FF6B403D000-memory.dmp

Filesize
3.3MB

Download
memory/2196-69-0x00007FF789110000-0x00007FF78945D000-memory.dmp

Filesize
3.3MB

Download
memory/2268-97-0x00007FF71AC90000-0x00007FF71AFDD000-memory.dmp

Filesize
3.3MB

Download
memory/2712-58-0x00007FF707360000-0x00007FF7076AD000-memory.dmp

Filesize
3.3MB

Download
memory/2728-22-0x00007FF750930000-0x00007FF750C7D000-memory.dmp

Filesize
3.3MB

Download
memory/2896-7-0x00007FF7E09C0000-0x00007FF7E0D0D000-memory.dmp

Filesize
3.3MB

Download
memory/3164-67-0x00007FF7377D0000-0x00007FF737B1D000-memory.dmp

Filesize
3.3MB

Download
memory/3192-29-0x00007FF673DF0000-0x00007FF67413D000-memory.dmp

Filesize
3.3MB

Download
memory/3280-103-0x00007FF612020000-0x00007FF61236D000-memory.dmp

Filesize
3.3MB

Download
memory/3436-145-0x00007FF7B4060000-0x00007FF7B43AD000-memory.dmp

Filesize
3.3MB

Download
memory/3472-109-0x00007FF789050000-0x00007FF78939D000-memory.dmp

Filesize
3.3MB

Download
memory/3516-1-0x00000231F3240000-0x00000231F3250000-memory.dmp

Filesize
64KB

Download
memory/3516-0-0x00007FF745F00000-0x00007FF74624D000-memory.dmp

Filesize
3.3MB

Download
memory/3708-184-0x00007FF67D550000-0x00007FF67D89D000-memory.dmp

Filesize
3.3MB

Download
memory/3932-127-0x00007FF773F50000-0x00007FF77429D000-memory.dmp

Filesize
3.3MB

Download
memory/4016-79-0x00007FF616CA0000-0x00007FF616FED000-memory.dmp

Filesize
3.3MB

Download
memory/4088-51-0x00007FF7393B0000-0x00007FF7396FD000-memory.dmp

Filesize
3.3MB

Download
memory/4140-41-0x00007FF79C290000-0x00007FF79C5DD000-memory.dmp

Filesize
3.3MB

Download
memory/4340-71-0x00007FF60EC10000-0x00007FF60EF5D000-memory.dmp

Filesize
3.3MB

Download
memory/4460-115-0x00007FF6B5400000-0x00007FF6B574D000-memory.dmp

Filesize
3.3MB

Download
memory/4524-13-0x00007FF79F3A0000-0x00007FF79F6ED000-memory.dmp

Filesize
3.3MB

Download
memory/4628-156-0x00007FF66FB90000-0x00007FF66FEDD000-memory.dmp

Filesize
3.3MB

Download
memory/4732-182-0x00007FF639D90000-0x00007FF63A0DD000-memory.dmp

Filesize
3.3MB

Download
memory/4756-187-0x00007FF7822A0000-0x00007FF7825ED000-memory.dmp

Filesize
3.3MB

Download
memory/4828-133-0x00007FF7C4D70000-0x00007FF7C50BD000-memory.dmp

Filesize
3.3MB

Download
memory/5024-31-0x00007FF726D10000-0x00007FF72705D000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.