cobaltstrike | c928727c901801725fbab3f4c4c45990983d7f7101d06365ff1d920a4b3619f1

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03/05/2024, 11:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

6de35ceb423575828925d55f973f0ddb
SHA1

062b3c80e8d0c387bb98a3d64e3b3fb82984d088
SHA256

c928727c901801725fbab3f4c4c45990983d7f7101d06365ff1d920a4b3619f1
SHA512

2d8ec22dbd2bdd5673a34bbce03c71ad650e4731669ff71caa94a45d5d9e11302a8f3110bf1e26196fe3da6c8d9e4f13c7201da59a72ece73b9d54bb6992e1c6
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUQ:eOl56utgpPF8u/7Q

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 19 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000014fe1-3.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000155e2-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015c23-16.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016b96-167.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ccf-135.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4f-183.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d24-157.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d01-151.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cd4-143.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ca9-132.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c10-114.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016b5e-104.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000167db-93.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015c2f-63.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000165ae-62.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016332-47.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015ec0-42.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001604b-37.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015c3c-26.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects Reflective DLL injection artifacts 19 IoCs

resource	yara_rule
behavioral1/files/0x000b000000014fe1-3.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x00090000000155e2-12.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0008000000015c23-16.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000016b96-167.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000016ccf-135.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000016d4f-183.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000016d24-157.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000016d01-151.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000016cd4-143.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000016ca9-132.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000016c10-114.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000016b5e-104.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x00060000000167db-93.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0007000000015c2f-63.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x00060000000165ae-62.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000016332-47.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0009000000015ec0-42.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x000600000001604b-37.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0007000000015c3c-26.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral1/memory/2804-0-0x000000013F5D0000-0x000000013F924000-memory.dmp	UPX
behavioral1/files/0x000b000000014fe1-3.dat	UPX
behavioral1/files/0x00090000000155e2-12.dat	UPX
behavioral1/files/0x0008000000015c23-16.dat	UPX
behavioral1/files/0x0006000000016042-34.dat	UPX
behavioral1/files/0x000600000001663d-101.dat	UPX
behavioral1/files/0x0006000000016cf0-191.dat	UPX
behavioral1/files/0x0006000000016d55-187.dat	UPX
behavioral1/files/0x0006000000016c90-177.dat	UPX
behavioral1/memory/2488-1797-0x000000013FB70000-0x000000013FEC4000-memory.dmp	UPX
behavioral1/memory/2660-1833-0x000000013FD90000-0x00000001400E4000-memory.dmp	UPX
behavioral1/memory/2616-1872-0x000000013F410000-0x000000013F764000-memory.dmp	UPX
behavioral1/memory/2368-1918-0x000000013F940000-0x000000013FC94000-memory.dmp	UPX
behavioral1/memory/2868-2341-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	UPX
behavioral1/memory/1660-2003-0x000000013FD50000-0x00000001400A4000-memory.dmp	UPX
behavioral1/memory/2328-1834-0x000000013F150000-0x000000013F4A4000-memory.dmp	UPX
behavioral1/memory/2804-1836-0x000000013F5D0000-0x000000013F924000-memory.dmp	UPX
behavioral1/memory/2872-1810-0x000000013F510000-0x000000013F864000-memory.dmp	UPX
behavioral1/memory/2484-1809-0x000000013FA50000-0x000000013FDA4000-memory.dmp	UPX
behavioral1/memory/2228-1777-0x000000013FB60000-0x000000013FEB4000-memory.dmp	UPX
behavioral1/files/0x0006000000016d4a-175.dat	UPX
behavioral1/files/0x0006000000016b96-167.dat	UPX
behavioral1/files/0x0006000000016d36-163.dat	UPX
behavioral1/files/0x0006000000016d11-153.dat	UPX
behavioral1/files/0x0006000000016cf0-145.dat	UPX
behavioral1/files/0x0006000000016ccf-135.dat	UPX
behavioral1/files/0x0006000000016c1a-116.dat	UPX
behavioral1/files/0x0006000000016ccf-186.dat	UPX
behavioral1/files/0x0006000000016d4f-183.dat	UPX
behavioral1/files/0x0006000000016c1a-174.dat	UPX
behavioral1/files/0x0006000000016283-89.dat	UPX
behavioral1/files/0x000900000001560a-162.dat	UPX
behavioral1/memory/2328-81-0x000000013F150000-0x000000013F4A4000-memory.dmp	UPX
behavioral1/memory/2484-79-0x000000013FA50000-0x000000013FDA4000-memory.dmp	UPX
behavioral1/memory/2868-75-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	UPX
behavioral1/memory/2660-73-0x000000013FD90000-0x00000001400E4000-memory.dmp	UPX
behavioral1/memory/2872-71-0x000000013F510000-0x000000013F864000-memory.dmp	UPX
behavioral1/files/0x0006000000016332-55.dat	UPX
behavioral1/files/0x0006000000016d24-157.dat	UPX
behavioral1/files/0x0009000000015c52-27.dat	UPX
behavioral1/memory/2220-20-0x000000013F750000-0x000000013FAA4000-memory.dmp	UPX
behavioral1/files/0x0006000000016d01-151.dat	UPX
behavioral1/files/0x0006000000016cd4-143.dat	UPX
behavioral1/memory/1660-133-0x000000013FD50000-0x00000001400A4000-memory.dmp	UPX
behavioral1/files/0x0006000000016ca9-132.dat	UPX
behavioral1/files/0x0006000000016ca9-129.dat	UPX
behavioral1/memory/2368-124-0x000000013F940000-0x000000013FC94000-memory.dmp	UPX
behavioral1/files/0x0006000000016c23-123.dat	UPX
behavioral1/memory/2616-121-0x000000013F410000-0x000000013F764000-memory.dmp	UPX
behavioral1/files/0x0006000000016c23-119.dat	UPX
behavioral1/memory/2608-115-0x000000013FB90000-0x000000013FEE4000-memory.dmp	UPX
behavioral1/files/0x0006000000016c10-114.dat	UPX
behavioral1/files/0x0006000000016b5e-104.dat	UPX
behavioral1/files/0x00060000000167db-93.dat	UPX
behavioral1/memory/2488-65-0x000000013FB70000-0x000000013FEC4000-memory.dmp	UPX
behavioral1/files/0x0007000000015c2f-63.dat	UPX
behavioral1/files/0x00060000000165ae-62.dat	UPX
behavioral1/files/0x0007000000015c2f-19.dat	UPX
behavioral1/memory/3016-52-0x000000013F580000-0x000000013F8D4000-memory.dmp	UPX
behavioral1/files/0x0006000000016332-47.dat	UPX
behavioral1/files/0x0009000000015ec0-42.dat	UPX
behavioral1/files/0x000600000001604b-37.dat	UPX
behavioral1/memory/2228-33-0x000000013FB60000-0x000000013FEB4000-memory.dmp	UPX
behavioral1/files/0x0007000000015c3c-26.dat	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2804-0-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/files/0x000b000000014fe1-3.dat	xmrig
behavioral1/files/0x00090000000155e2-12.dat	xmrig
behavioral1/files/0x0008000000015c23-16.dat	xmrig
behavioral1/memory/2804-66-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016042-34.dat	xmrig
behavioral1/files/0x000600000001663d-101.dat	xmrig
behavioral1/files/0x0006000000016cf0-191.dat	xmrig
behavioral1/files/0x0006000000016d55-187.dat	xmrig
behavioral1/files/0x0006000000016c90-177.dat	xmrig
behavioral1/memory/2220-1781-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2488-1797-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2660-1833-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2616-1872-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2368-1918-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2608-1908-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2868-2341-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/1660-2003-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2328-1834-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2804-1836-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2872-1810-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2484-1809-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/3016-1782-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2228-1777-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d4a-175.dat	xmrig
behavioral1/files/0x0006000000016b96-167.dat	xmrig
behavioral1/files/0x0006000000016d36-163.dat	xmrig
behavioral1/files/0x0006000000016d11-153.dat	xmrig
behavioral1/files/0x0006000000016cf0-145.dat	xmrig
behavioral1/files/0x0006000000016ccf-135.dat	xmrig
behavioral1/files/0x0006000000016c1a-116.dat	xmrig
behavioral1/files/0x0006000000016ccf-186.dat	xmrig
behavioral1/files/0x0006000000016d4f-183.dat	xmrig
behavioral1/files/0x0006000000016c1a-174.dat	xmrig
behavioral1/files/0x0006000000016283-89.dat	xmrig
behavioral1/files/0x000900000001560a-162.dat	xmrig
behavioral1/memory/2328-81-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2804-80-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/memory/2484-79-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/2804-76-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2868-75-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2660-73-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2804-72-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2872-71-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/files/0x0006000000016332-55.dat	xmrig
behavioral1/files/0x0006000000016d24-157.dat	xmrig
behavioral1/files/0x0009000000015c52-27.dat	xmrig
behavioral1/memory/2220-20-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d01-151.dat	xmrig
behavioral1/files/0x0006000000016cd4-143.dat	xmrig
behavioral1/memory/1660-133-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016ca9-132.dat	xmrig
behavioral1/files/0x0006000000016ca9-129.dat	xmrig
behavioral1/memory/2368-124-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x0006000000016c23-123.dat	xmrig
behavioral1/memory/2616-121-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/files/0x0006000000016c23-119.dat	xmrig
behavioral1/memory/2608-115-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016c10-114.dat	xmrig
behavioral1/files/0x0006000000016b5e-104.dat	xmrig
behavioral1/files/0x00060000000167db-93.dat	xmrig
behavioral1/memory/2488-65-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015c2f-63.dat	xmrig
behavioral1/files/0x00060000000165ae-62.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2220	umJWqxO.exe
2228	OvCQaHC.exe
3016	Uavyzmn.exe
2488	VnroRhf.exe
2484	xqfBXOC.exe
2872	VosfrpK.exe
2660	pWAidpw.exe
2328	xNBOPnG.exe
2868	jUPfhwF.exe
2608	MQgOBfS.exe
2616	gaVnJCx.exe
2368	EArXMXi.exe
1660	pbmahUP.exe
2380	Dxwalns.exe
2800	PuZoJMj.exe
460	BUIBZdj.exe
1476	CPLhCSa.exe
2200	hFHPfbC.exe
1832	uhdhOso.exe
1916	VbSXVro.exe
2276	XBLrSyb.exe
1772	vXsBXhI.exe
1008	okqpRTx.exe
1212	lIODsQl.exe
2400	SnppGFq.exe
1996	GEulvCo.exe
2304	VOwrfMK.exe
2676	gOKsaSv.exe
1360	MugVkOE.exe
2020	mAUDIgw.exe
2724	SglUHzJ.exe
940	DszOfPW.exe
2916	nAxtqXV.exe
832	UniRyKH.exe
1984	BLbgHPY.exe
980	kVrQqzM.exe
2432	cTWxxSo.exe
1852	BfTSUbU.exe
2960	dNRxaJv.exe
3024	mBaMFUv.exe
2256	qVZmFjD.exe
1068	HzjkCSL.exe
632	zkuVKol.exe
3008	uSQQqIe.exe
2912	ojCSBVi.exe
1136	QWruIVZ.exe
2884	vgDqVsg.exe
1620	ipmUEQN.exe
2832	ZVqUgpz.exe
1992	TtHdmrv.exe
2852	umTYSMP.exe
240	oBzcKTT.exe
2828	xLGseaU.exe
1760	wvxskpz.exe
1696	KMXlvHf.exe
2992	epHnuhK.exe
1588	QWPJJBm.exe
2248	bwvpxNu.exe
1492	RngKWuJ.exe
2520	sfyKzoP.exe
2540	VsYlfxj.exe
2448	isGtSEa.exe
2504	eprzfUD.exe
572	fxcMefZ.exe

Loads dropped DLL 64 IoCs

pid	Process
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2804-0-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/files/0x000b000000014fe1-3.dat	upx
behavioral1/files/0x00090000000155e2-12.dat	upx
behavioral1/files/0x0008000000015c23-16.dat	upx
behavioral1/files/0x0006000000016042-34.dat	upx
behavioral1/files/0x000600000001663d-101.dat	upx
behavioral1/files/0x0006000000016cf0-191.dat	upx
behavioral1/files/0x0006000000016d55-187.dat	upx
behavioral1/files/0x0006000000016c90-177.dat	upx
behavioral1/memory/2220-1781-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2488-1797-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2660-1833-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2616-1872-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2368-1918-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2608-1908-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2868-2341-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/1660-2003-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/2328-1834-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2804-1836-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2872-1810-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2484-1809-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/3016-1782-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2228-1777-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/files/0x0006000000016d4a-175.dat	upx
behavioral1/files/0x0006000000016b96-167.dat	upx
behavioral1/files/0x0006000000016d36-163.dat	upx
behavioral1/files/0x0006000000016d11-153.dat	upx
behavioral1/files/0x0006000000016cf0-145.dat	upx
behavioral1/files/0x0006000000016ccf-135.dat	upx
behavioral1/files/0x0006000000016c1a-116.dat	upx
behavioral1/files/0x0006000000016ccf-186.dat	upx
behavioral1/files/0x0006000000016d4f-183.dat	upx
behavioral1/files/0x0006000000016c1a-174.dat	upx
behavioral1/files/0x0006000000016283-89.dat	upx
behavioral1/files/0x000900000001560a-162.dat	upx
behavioral1/memory/2328-81-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2484-79-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/2868-75-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2660-73-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2872-71-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/files/0x0006000000016332-55.dat	upx
behavioral1/files/0x0006000000016d24-157.dat	upx
behavioral1/files/0x0009000000015c52-27.dat	upx
behavioral1/memory/2220-20-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/files/0x0006000000016d01-151.dat	upx
behavioral1/files/0x0006000000016cd4-143.dat	upx
behavioral1/memory/1660-133-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/files/0x0006000000016ca9-132.dat	upx
behavioral1/files/0x0006000000016ca9-129.dat	upx
behavioral1/memory/2368-124-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x0006000000016c23-123.dat	upx
behavioral1/memory/2616-121-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/files/0x0006000000016c23-119.dat	upx
behavioral1/memory/2608-115-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/files/0x0006000000016c10-114.dat	upx
behavioral1/files/0x0006000000016b5e-104.dat	upx
behavioral1/files/0x00060000000167db-93.dat	upx
behavioral1/memory/2488-65-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/files/0x0007000000015c2f-63.dat	upx
behavioral1/files/0x00060000000165ae-62.dat	upx
behavioral1/files/0x0007000000015c2f-19.dat	upx
behavioral1/memory/3016-52-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/files/0x0006000000016332-47.dat	upx
behavioral1/files/0x0009000000015ec0-42.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\cbnxpwN.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pKmwPkc.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GpAdIhg.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xieibmh.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rleMnLn.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dTrpUQC.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rXhIhde.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tQChfMf.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VztllGL.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XcPQCmh.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DUjTgQy.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bohdQYg.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YzWzCUZ.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jUPfhwF.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SftyUgA.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jyiYrsJ.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\efZvxUU.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eyFgjZJ.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OyqQxcW.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mdsjsBI.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zvMUgcV.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\abDYlUY.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VOYVFsz.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xnKvpoG.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QdzYlcc.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vTLKoKQ.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dNRxaJv.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dMawExg.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dZgiIRD.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FIyewnh.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IKFiPBH.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\URkLXRa.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WAaawOL.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uBgmtua.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bXZcUtA.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dGkBxXQ.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zqGZFAn.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\khUmwaA.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tpuijFt.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OqZuNNT.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LhLYLrU.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nbbZmfn.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kWSfMeS.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TpvFUlB.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eKukMyP.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xyltXpT.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lIODsQl.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LYYTBzK.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mOgbmeP.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vPyeTMk.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tRtcIyp.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TEsbBft.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PikHVjb.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IOeYmau.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wSkNgNS.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AJsKCAB.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pIyZgwo.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WjWoBmF.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fmjQRFT.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TWbmwap.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CGdpvuG.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HwVwtEW.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xkFjait.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FJMesMa.exe	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2804 wrote to memory of 2220	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2804 wrote to memory of 2220	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2804 wrote to memory of 2220	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2804 wrote to memory of 2228	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2804 wrote to memory of 2228	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2804 wrote to memory of 2228	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2804 wrote to memory of 3016	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2804 wrote to memory of 3016	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2804 wrote to memory of 3016	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2804 wrote to memory of 2868	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2804 wrote to memory of 2868	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2804 wrote to memory of 2868	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2804 wrote to memory of 2488	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2804 wrote to memory of 2488	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2804 wrote to memory of 2488	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2804 wrote to memory of 2608	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2804 wrote to memory of 2608	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2804 wrote to memory of 2608	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2804 wrote to memory of 2484	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2804 wrote to memory of 2484	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2804 wrote to memory of 2484	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2804 wrote to memory of 2616	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2804 wrote to memory of 2616	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2804 wrote to memory of 2616	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2804 wrote to memory of 2872	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2804 wrote to memory of 2872	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2804 wrote to memory of 2872	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2804 wrote to memory of 2368	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2804 wrote to memory of 2368	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2804 wrote to memory of 2368	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2804 wrote to memory of 2660	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2804 wrote to memory of 2660	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2804 wrote to memory of 2660	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2804 wrote to memory of 2380	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2804 wrote to memory of 2380	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2804 wrote to memory of 2380	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2804 wrote to memory of 2328	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2804 wrote to memory of 2328	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2804 wrote to memory of 2328	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2804 wrote to memory of 2800	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2804 wrote to memory of 2800	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2804 wrote to memory of 2800	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2804 wrote to memory of 1660	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2804 wrote to memory of 1660	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2804 wrote to memory of 1660	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2804 wrote to memory of 1008	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2804 wrote to memory of 1008	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2804 wrote to memory of 1008	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2804 wrote to memory of 460	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2804 wrote to memory of 460	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2804 wrote to memory of 460	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2804 wrote to memory of 1212	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2804 wrote to memory of 1212	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2804 wrote to memory of 1212	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2804 wrote to memory of 1476	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2804 wrote to memory of 1476	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2804 wrote to memory of 1476	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2804 wrote to memory of 1996	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2804 wrote to memory of 1996	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2804 wrote to memory of 1996	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2804 wrote to memory of 2200	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2804 wrote to memory of 2200	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2804 wrote to memory of 2200	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2804 wrote to memory of 2304	2804	2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-03_6de35ceb423575828925d55f973f0ddb_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2804
- C:\Windows\System\umJWqxO.exe
  C:\Windows\System\umJWqxO.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\OvCQaHC.exe
  C:\Windows\System\OvCQaHC.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\Uavyzmn.exe
  C:\Windows\System\Uavyzmn.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\jUPfhwF.exe
  C:\Windows\System\jUPfhwF.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\VnroRhf.exe
  C:\Windows\System\VnroRhf.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\MQgOBfS.exe
  C:\Windows\System\MQgOBfS.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\xqfBXOC.exe
  C:\Windows\System\xqfBXOC.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\gaVnJCx.exe
  C:\Windows\System\gaVnJCx.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\VosfrpK.exe
  C:\Windows\System\VosfrpK.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\EArXMXi.exe
  C:\Windows\System\EArXMXi.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\pWAidpw.exe
  C:\Windows\System\pWAidpw.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\Dxwalns.exe
  C:\Windows\System\Dxwalns.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\xNBOPnG.exe
  C:\Windows\System\xNBOPnG.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\PuZoJMj.exe
  C:\Windows\System\PuZoJMj.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\pbmahUP.exe
  C:\Windows\System\pbmahUP.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\okqpRTx.exe
  C:\Windows\System\okqpRTx.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\BUIBZdj.exe
  C:\Windows\System\BUIBZdj.exe
  2⤵
  - Executes dropped EXE
  PID:460
- C:\Windows\System\lIODsQl.exe
  C:\Windows\System\lIODsQl.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\CPLhCSa.exe
  C:\Windows\System\CPLhCSa.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\GEulvCo.exe
  C:\Windows\System\GEulvCo.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\hFHPfbC.exe
  C:\Windows\System\hFHPfbC.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\VOwrfMK.exe
  C:\Windows\System\VOwrfMK.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\uhdhOso.exe
  C:\Windows\System\uhdhOso.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\MugVkOE.exe
  C:\Windows\System\MugVkOE.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\VbSXVro.exe
  C:\Windows\System\VbSXVro.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\mAUDIgw.exe
  C:\Windows\System\mAUDIgw.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\XBLrSyb.exe
  C:\Windows\System\XBLrSyb.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\DszOfPW.exe
  C:\Windows\System\DszOfPW.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\vXsBXhI.exe
  C:\Windows\System\vXsBXhI.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\cTWxxSo.exe
  C:\Windows\System\cTWxxSo.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\SnppGFq.exe
  C:\Windows\System\SnppGFq.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\dNRxaJv.exe
  C:\Windows\System\dNRxaJv.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\gOKsaSv.exe
  C:\Windows\System\gOKsaSv.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\qVZmFjD.exe
  C:\Windows\System\qVZmFjD.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\SglUHzJ.exe
  C:\Windows\System\SglUHzJ.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\zkuVKol.exe
  C:\Windows\System\zkuVKol.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\nAxtqXV.exe
  C:\Windows\System\nAxtqXV.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\ojCSBVi.exe
  C:\Windows\System\ojCSBVi.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\UniRyKH.exe
  C:\Windows\System\UniRyKH.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\QWruIVZ.exe
  C:\Windows\System\QWruIVZ.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\BLbgHPY.exe
  C:\Windows\System\BLbgHPY.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\vgDqVsg.exe
  C:\Windows\System\vgDqVsg.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\kVrQqzM.exe
  C:\Windows\System\kVrQqzM.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\ipmUEQN.exe
  C:\Windows\System\ipmUEQN.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\BfTSUbU.exe
  C:\Windows\System\BfTSUbU.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\ZVqUgpz.exe
  C:\Windows\System\ZVqUgpz.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\mBaMFUv.exe
  C:\Windows\System\mBaMFUv.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\TtHdmrv.exe
  C:\Windows\System\TtHdmrv.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\HzjkCSL.exe
  C:\Windows\System\HzjkCSL.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\umTYSMP.exe
  C:\Windows\System\umTYSMP.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\uSQQqIe.exe
  C:\Windows\System\uSQQqIe.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\oBzcKTT.exe
  C:\Windows\System\oBzcKTT.exe
  2⤵
  - Executes dropped EXE
  PID:240
- C:\Windows\System\xLGseaU.exe
  C:\Windows\System\xLGseaU.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\wvxskpz.exe
  C:\Windows\System\wvxskpz.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\KMXlvHf.exe
  C:\Windows\System\KMXlvHf.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\epHnuhK.exe
  C:\Windows\System\epHnuhK.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\QWPJJBm.exe
  C:\Windows\System\QWPJJBm.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\RngKWuJ.exe
  C:\Windows\System\RngKWuJ.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\bwvpxNu.exe
  C:\Windows\System\bwvpxNu.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\sfyKzoP.exe
  C:\Windows\System\sfyKzoP.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\VsYlfxj.exe
  C:\Windows\System\VsYlfxj.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\isGtSEa.exe
  C:\Windows\System\isGtSEa.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\eprzfUD.exe
  C:\Windows\System\eprzfUD.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\RfWlluW.exe
  C:\Windows\System\RfWlluW.exe
  2⤵
  PID:812
- C:\Windows\System\fxcMefZ.exe
  C:\Windows\System\fxcMefZ.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\aAILqcc.exe
  C:\Windows\System\aAILqcc.exe
  2⤵
  PID:1704
- C:\Windows\System\PPPeiha.exe
  C:\Windows\System\PPPeiha.exe
  2⤵
  PID:2012
- C:\Windows\System\egaZjEp.exe
  C:\Windows\System\egaZjEp.exe
  2⤵
  PID:1708
- C:\Windows\System\tPzDJIc.exe
  C:\Windows\System\tPzDJIc.exe
  2⤵
  PID:2384
- C:\Windows\System\NYmpJKe.exe
  C:\Windows\System\NYmpJKe.exe
  2⤵
  PID:1276
- C:\Windows\System\kjVQPpM.exe
  C:\Windows\System\kjVQPpM.exe
  2⤵
  PID:1064
- C:\Windows\System\OTHXPOH.exe
  C:\Windows\System\OTHXPOH.exe
  2⤵
  PID:1844
- C:\Windows\System\duWAsNv.exe
  C:\Windows\System\duWAsNv.exe
  2⤵
  PID:2568
- C:\Windows\System\fwcmdPC.exe
  C:\Windows\System\fwcmdPC.exe
  2⤵
  PID:2556
- C:\Windows\System\rAeUadd.exe
  C:\Windows\System\rAeUadd.exe
  2⤵
  PID:2336
- C:\Windows\System\NCVkLsh.exe
  C:\Windows\System\NCVkLsh.exe
  2⤵
  PID:1952
- C:\Windows\System\BtxqnXo.exe
  C:\Windows\System\BtxqnXo.exe
  2⤵
  PID:112
- C:\Windows\System\SMBcMyw.exe
  C:\Windows\System\SMBcMyw.exe
  2⤵
  PID:2192
- C:\Windows\System\lpqGHRx.exe
  C:\Windows\System\lpqGHRx.exe
  2⤵
  PID:2284
- C:\Windows\System\cPMpKdJ.exe
  C:\Windows\System\cPMpKdJ.exe
  2⤵
  PID:1624
- C:\Windows\System\dDNTOMw.exe
  C:\Windows\System\dDNTOMw.exe
  2⤵
  PID:2124
- C:\Windows\System\BFGGgeu.exe
  C:\Windows\System\BFGGgeu.exe
  2⤵
  PID:3012
- C:\Windows\System\UrrMvQQ.exe
  C:\Windows\System\UrrMvQQ.exe
  2⤵
  PID:2668
- C:\Windows\System\FnhIMZI.exe
  C:\Windows\System\FnhIMZI.exe
  2⤵
  PID:1924
- C:\Windows\System\advqtXu.exe
  C:\Windows\System\advqtXu.exe
  2⤵
  PID:1120
- C:\Windows\System\bCxGzlz.exe
  C:\Windows\System\bCxGzlz.exe
  2⤵
  PID:1700
- C:\Windows\System\JrbNQqA.exe
  C:\Windows\System\JrbNQqA.exe
  2⤵
  PID:2984
- C:\Windows\System\XMzxSTC.exe
  C:\Windows\System\XMzxSTC.exe
  2⤵
  PID:1072
- C:\Windows\System\wPchwSE.exe
  C:\Windows\System\wPchwSE.exe
  2⤵
  PID:1828
- C:\Windows\System\PhnTqXk.exe
  C:\Windows\System\PhnTqXk.exe
  2⤵
  PID:2260
- C:\Windows\System\kFEHoEA.exe
  C:\Windows\System\kFEHoEA.exe
  2⤵
  PID:2116
- C:\Windows\System\knExPaq.exe
  C:\Windows\System\knExPaq.exe
  2⤵
  PID:2212
- C:\Windows\System\coKKbmu.exe
  C:\Windows\System\coKKbmu.exe
  2⤵
  PID:2816
- C:\Windows\System\pLCahKH.exe
  C:\Windows\System\pLCahKH.exe
  2⤵
  PID:2492
- C:\Windows\System\pljYFqx.exe
  C:\Windows\System\pljYFqx.exe
  2⤵
  PID:576
- C:\Windows\System\YEeVyfr.exe
  C:\Windows\System\YEeVyfr.exe
  2⤵
  PID:944
- C:\Windows\System\UUUgOUr.exe
  C:\Windows\System\UUUgOUr.exe
  2⤵
  PID:1692
- C:\Windows\System\dWszCZG.exe
  C:\Windows\System\dWszCZG.exe
  2⤵
  PID:2440
- C:\Windows\System\FRmXwne.exe
  C:\Windows\System\FRmXwne.exe
  2⤵
  PID:2496
- C:\Windows\System\OIwUsst.exe
  C:\Windows\System\OIwUsst.exe
  2⤵
  PID:1556
- C:\Windows\System\mqogRZi.exe
  C:\Windows\System\mqogRZi.exe
  2⤵
  PID:1192
- C:\Windows\System\nWMugQH.exe
  C:\Windows\System\nWMugQH.exe
  2⤵
  PID:2008
- C:\Windows\System\dFOsnkY.exe
  C:\Windows\System\dFOsnkY.exe
  2⤵
  PID:2576
- C:\Windows\System\WadlvBl.exe
  C:\Windows\System\WadlvBl.exe
  2⤵
  PID:1128
- C:\Windows\System\rOXoWhI.exe
  C:\Windows\System\rOXoWhI.exe
  2⤵
  PID:2908
- C:\Windows\System\cpSGKLL.exe
  C:\Windows\System\cpSGKLL.exe
  2⤵
  PID:1368
- C:\Windows\System\hVNHiys.exe
  C:\Windows\System\hVNHiys.exe
  2⤵
  PID:2508
- C:\Windows\System\NyhNUSN.exe
  C:\Windows\System\NyhNUSN.exe
  2⤵
  PID:1616
- C:\Windows\System\RyMdEDT.exe
  C:\Windows\System\RyMdEDT.exe
  2⤵
  PID:920
- C:\Windows\System\psTIVgr.exe
  C:\Windows\System\psTIVgr.exe
  2⤵
  PID:2028
- C:\Windows\System\hupVzsW.exe
  C:\Windows\System\hupVzsW.exe
  2⤵
  PID:2836
- C:\Windows\System\lSXaqob.exe
  C:\Windows\System\lSXaqob.exe
  2⤵
  PID:1968
- C:\Windows\System\SZwAocE.exe
  C:\Windows\System\SZwAocE.exe
  2⤵
  PID:2264
- C:\Windows\System\STbxizO.exe
  C:\Windows\System\STbxizO.exe
  2⤵
  PID:2268
- C:\Windows\System\laYRFvV.exe
  C:\Windows\System\laYRFvV.exe
  2⤵
  PID:880
- C:\Windows\System\SfOdTNm.exe
  C:\Windows\System\SfOdTNm.exe
  2⤵
  PID:3056
- C:\Windows\System\UxZTzNr.exe
  C:\Windows\System\UxZTzNr.exe
  2⤵
  PID:2620
- C:\Windows\System\yDJUUKN.exe
  C:\Windows\System\yDJUUKN.exe
  2⤵
  PID:2128
- C:\Windows\System\KrKkyye.exe
  C:\Windows\System\KrKkyye.exe
  2⤵
  PID:1840
- C:\Windows\System\ImfeZuB.exe
  C:\Windows\System\ImfeZuB.exe
  2⤵
  PID:2468
- C:\Windows\System\teOKmix.exe
  C:\Windows\System\teOKmix.exe
  2⤵
  PID:3092
- C:\Windows\System\kCGbwbM.exe
  C:\Windows\System\kCGbwbM.exe
  2⤵
  PID:3112
- C:\Windows\System\SCLlSqj.exe
  C:\Windows\System\SCLlSqj.exe
  2⤵
  PID:3132
- C:\Windows\System\yCJskAa.exe
  C:\Windows\System\yCJskAa.exe
  2⤵
  PID:3148
- C:\Windows\System\lBOgDPJ.exe
  C:\Windows\System\lBOgDPJ.exe
  2⤵
  PID:3164
- C:\Windows\System\RArVsqo.exe
  C:\Windows\System\RArVsqo.exe
  2⤵
  PID:3180
- C:\Windows\System\ENVkqlA.exe
  C:\Windows\System\ENVkqlA.exe
  2⤵
  PID:3204
- C:\Windows\System\PwSWIUJ.exe
  C:\Windows\System\PwSWIUJ.exe
  2⤵
  PID:3224
- C:\Windows\System\qaueXYm.exe
  C:\Windows\System\qaueXYm.exe
  2⤵
  PID:3272
- C:\Windows\System\pYLuVmQ.exe
  C:\Windows\System\pYLuVmQ.exe
  2⤵
  PID:3288
- C:\Windows\System\zMRLcBh.exe
  C:\Windows\System\zMRLcBh.exe
  2⤵
  PID:3312
- C:\Windows\System\viUWtvS.exe
  C:\Windows\System\viUWtvS.exe
  2⤵
  PID:3328
- C:\Windows\System\evUTHmN.exe
  C:\Windows\System\evUTHmN.exe
  2⤵
  PID:3348
- C:\Windows\System\XLouoyE.exe
  C:\Windows\System\XLouoyE.exe
  2⤵
  PID:3368
- C:\Windows\System\eBrZPJr.exe
  C:\Windows\System\eBrZPJr.exe
  2⤵
  PID:3392
- C:\Windows\System\oDaccvP.exe
  C:\Windows\System\oDaccvP.exe
  2⤵
  PID:3408
- C:\Windows\System\nGysxSK.exe
  C:\Windows\System\nGysxSK.exe
  2⤵
  PID:3432
- C:\Windows\System\LXGSFZo.exe
  C:\Windows\System\LXGSFZo.exe
  2⤵
  PID:3452
- C:\Windows\System\epyfZmh.exe
  C:\Windows\System\epyfZmh.exe
  2⤵
  PID:3472
- C:\Windows\System\pIyZgwo.exe
  C:\Windows\System\pIyZgwo.exe
  2⤵
  PID:3492
- C:\Windows\System\kcTDFMo.exe
  C:\Windows\System\kcTDFMo.exe
  2⤵
  PID:3508
- C:\Windows\System\SgZjPsX.exe
  C:\Windows\System\SgZjPsX.exe
  2⤵
  PID:3528
- C:\Windows\System\UwtwJZp.exe
  C:\Windows\System\UwtwJZp.exe
  2⤵
  PID:3548
- C:\Windows\System\rqbPFhd.exe
  C:\Windows\System\rqbPFhd.exe
  2⤵
  PID:3564
- C:\Windows\System\alOwAye.exe
  C:\Windows\System\alOwAye.exe
  2⤵
  PID:3588
- C:\Windows\System\luedyCq.exe
  C:\Windows\System\luedyCq.exe
  2⤵
  PID:3604
- C:\Windows\System\PjErzAk.exe
  C:\Windows\System\PjErzAk.exe
  2⤵
  PID:3624
- C:\Windows\System\DUzrlTc.exe
  C:\Windows\System\DUzrlTc.exe
  2⤵
  PID:3640
- C:\Windows\System\rBcYhZp.exe
  C:\Windows\System\rBcYhZp.exe
  2⤵
  PID:3656
- C:\Windows\System\IJVLXll.exe
  C:\Windows\System\IJVLXll.exe
  2⤵
  PID:3672
- C:\Windows\System\uDRTGLN.exe
  C:\Windows\System\uDRTGLN.exe
  2⤵
  PID:3688
- C:\Windows\System\WdPrKaq.exe
  C:\Windows\System\WdPrKaq.exe
  2⤵
  PID:3712
- C:\Windows\System\aUVdXsp.exe
  C:\Windows\System\aUVdXsp.exe
  2⤵
  PID:3736
- C:\Windows\System\MyvYLTX.exe
  C:\Windows\System\MyvYLTX.exe
  2⤵
  PID:3756
- C:\Windows\System\JIKzrwJ.exe
  C:\Windows\System\JIKzrwJ.exe
  2⤵
  PID:3772
- C:\Windows\System\bSkejsT.exe
  C:\Windows\System\bSkejsT.exe
  2⤵
  PID:3788
- C:\Windows\System\lMZLQRm.exe
  C:\Windows\System\lMZLQRm.exe
  2⤵
  PID:3808
- C:\Windows\System\SseSGVg.exe
  C:\Windows\System\SseSGVg.exe
  2⤵
  PID:3832
- C:\Windows\System\xtNmwQW.exe
  C:\Windows\System\xtNmwQW.exe
  2⤵
  PID:3884
- C:\Windows\System\MvhZoYh.exe
  C:\Windows\System\MvhZoYh.exe
  2⤵
  PID:3900
- C:\Windows\System\eAdmTtc.exe
  C:\Windows\System\eAdmTtc.exe
  2⤵
  PID:3924
- C:\Windows\System\gBUUSAJ.exe
  C:\Windows\System\gBUUSAJ.exe
  2⤵
  PID:3940
- C:\Windows\System\YCxqnIq.exe
  C:\Windows\System\YCxqnIq.exe
  2⤵
  PID:3956
- C:\Windows\System\mYFaizr.exe
  C:\Windows\System\mYFaizr.exe
  2⤵
  PID:3972
- C:\Windows\System\JXPcmia.exe
  C:\Windows\System\JXPcmia.exe
  2⤵
  PID:3996
- C:\Windows\System\VzpNATh.exe
  C:\Windows\System\VzpNATh.exe
  2⤵
  PID:4012
- C:\Windows\System\HwVwtEW.exe
  C:\Windows\System\HwVwtEW.exe
  2⤵
  PID:4032
- C:\Windows\System\gGMpRLf.exe
  C:\Windows\System\gGMpRLf.exe
  2⤵
  PID:4048
- C:\Windows\System\OThEUYO.exe
  C:\Windows\System\OThEUYO.exe
  2⤵
  PID:4068
- C:\Windows\System\uSzWUQp.exe
  C:\Windows\System\uSzWUQp.exe
  2⤵
  PID:4084
- C:\Windows\System\SQzmECD.exe
  C:\Windows\System\SQzmECD.exe
  2⤵
  PID:1092
- C:\Windows\System\BJXBode.exe
  C:\Windows\System\BJXBode.exe
  2⤵
  PID:2332
- C:\Windows\System\wSTEfOV.exe
  C:\Windows\System\wSTEfOV.exe
  2⤵
  PID:2060
- C:\Windows\System\SZRaBsg.exe
  C:\Windows\System\SZRaBsg.exe
  2⤵
  PID:2088
- C:\Windows\System\WoYkFUW.exe
  C:\Windows\System\WoYkFUW.exe
  2⤵
  PID:2076
- C:\Windows\System\SnUswrb.exe
  C:\Windows\System\SnUswrb.exe
  2⤵
  PID:1768
- C:\Windows\System\qCoqZiC.exe
  C:\Windows\System\qCoqZiC.exe
  2⤵
  PID:1796
- C:\Windows\System\CcYOZXQ.exe
  C:\Windows\System\CcYOZXQ.exe
  2⤵
  PID:1972
- C:\Windows\System\rmaalET.exe
  C:\Windows\System\rmaalET.exe
  2⤵
  PID:3104
- C:\Windows\System\XCANwsT.exe
  C:\Windows\System\XCANwsT.exe
  2⤵
  PID:2296
- C:\Windows\System\TGNCHOa.exe
  C:\Windows\System\TGNCHOa.exe
  2⤵
  PID:3172
- C:\Windows\System\SUFqUKk.exe
  C:\Windows\System\SUFqUKk.exe
  2⤵
  PID:3176
- C:\Windows\System\UTlJGla.exe
  C:\Windows\System\UTlJGla.exe
  2⤵
  PID:872
- C:\Windows\System\DfvORpH.exe
  C:\Windows\System\DfvORpH.exe
  2⤵
  PID:2420
- C:\Windows\System\EZIKSqF.exe
  C:\Windows\System\EZIKSqF.exe
  2⤵
  PID:1288
- C:\Windows\System\wNsAvCn.exe
  C:\Windows\System\wNsAvCn.exe
  2⤵
  PID:3084
- C:\Windows\System\JPHKwJf.exe
  C:\Windows\System\JPHKwJf.exe
  2⤵
  PID:3160
- C:\Windows\System\zLSQCAm.exe
  C:\Windows\System\zLSQCAm.exe
  2⤵
  PID:3200
- C:\Windows\System\GRqTNCf.exe
  C:\Windows\System\GRqTNCf.exe
  2⤵
  PID:3248
- C:\Windows\System\umEwHjM.exe
  C:\Windows\System\umEwHjM.exe
  2⤵
  PID:3264
- C:\Windows\System\kUiLRWB.exe
  C:\Windows\System\kUiLRWB.exe
  2⤵
  PID:3360
- C:\Windows\System\UFEbFvT.exe
  C:\Windows\System\UFEbFvT.exe
  2⤵
  PID:3304
- C:\Windows\System\wpWqDRX.exe
  C:\Windows\System\wpWqDRX.exe
  2⤵
  PID:3400
- C:\Windows\System\IzQCJmg.exe
  C:\Windows\System\IzQCJmg.exe
  2⤵
  PID:3404
- C:\Windows\System\SEUcwPD.exe
  C:\Windows\System\SEUcwPD.exe
  2⤵
  PID:3440
- C:\Windows\System\uOkNPbc.exe
  C:\Windows\System\uOkNPbc.exe
  2⤵
  PID:3488
- C:\Windows\System\fnyLeJc.exe
  C:\Windows\System\fnyLeJc.exe
  2⤵
  PID:3560
- C:\Windows\System\sqYqgFe.exe
  C:\Windows\System\sqYqgFe.exe
  2⤵
  PID:3636
- C:\Windows\System\ZpwdXzD.exe
  C:\Windows\System\ZpwdXzD.exe
  2⤵
  PID:3700
- C:\Windows\System\ivJemVz.exe
  C:\Windows\System\ivJemVz.exe
  2⤵
  PID:3468
- C:\Windows\System\fYKPpOa.exe
  C:\Windows\System\fYKPpOa.exe
  2⤵
  PID:3780
- C:\Windows\System\eyNSrsd.exe
  C:\Windows\System\eyNSrsd.exe
  2⤵
  PID:3544
- C:\Windows\System\WGnTqlI.exe
  C:\Windows\System\WGnTqlI.exe
  2⤵
  PID:3612
- C:\Windows\System\jdxgGUw.exe
  C:\Windows\System\jdxgGUw.exe
  2⤵
  PID:3680
- C:\Windows\System\wHaJkvw.exe
  C:\Windows\System\wHaJkvw.exe
  2⤵
  PID:3732
- C:\Windows\System\ZSDBxlq.exe
  C:\Windows\System\ZSDBxlq.exe
  2⤵
  PID:3840
- C:\Windows\System\UVXNbNd.exe
  C:\Windows\System\UVXNbNd.exe
  2⤵
  PID:3860
- C:\Windows\System\nFflrqA.exe
  C:\Windows\System\nFflrqA.exe
  2⤵
  PID:3892
- C:\Windows\System\SgmYFkt.exe
  C:\Windows\System\SgmYFkt.exe
  2⤵
  PID:3936
- C:\Windows\System\qDUZSPC.exe
  C:\Windows\System\qDUZSPC.exe
  2⤵
  PID:4004
- C:\Windows\System\lTSCsiA.exe
  C:\Windows\System\lTSCsiA.exe
  2⤵
  PID:2140
- C:\Windows\System\biVjqeN.exe
  C:\Windows\System\biVjqeN.exe
  2⤵
  PID:3992
- C:\Windows\System\QxagsQT.exe
  C:\Windows\System\QxagsQT.exe
  2⤵
  PID:3192
- C:\Windows\System\kxFWsll.exe
  C:\Windows\System\kxFWsll.exe
  2⤵
  PID:3256
- C:\Windows\System\pApQEkg.exe
  C:\Windows\System\pApQEkg.exe
  2⤵
  PID:3380
- C:\Windows\System\xWoAgee.exe
  C:\Windows\System\xWoAgee.exe
  2⤵
  PID:3948
- C:\Windows\System\arMshjj.exe
  C:\Windows\System\arMshjj.exe
  2⤵
  PID:4060
- C:\Windows\System\eThmRNx.exe
  C:\Windows\System\eThmRNx.exe
  2⤵
  PID:3908
- C:\Windows\System\WjWoBmF.exe
  C:\Windows\System\WjWoBmF.exe
  2⤵
  PID:3784
- C:\Windows\System\BQjOLFF.exe
  C:\Windows\System\BQjOLFF.exe
  2⤵
  PID:3652
- C:\Windows\System\lEJFfeV.exe
  C:\Windows\System\lEJFfeV.exe
  2⤵
  PID:4064
- C:\Windows\System\AfQobty.exe
  C:\Windows\System\AfQobty.exe
  2⤵
  PID:1920
- C:\Windows\System\taKePRA.exe
  C:\Windows\System\taKePRA.exe
  2⤵
  PID:2752
- C:\Windows\System\DuyOLOr.exe
  C:\Windows\System\DuyOLOr.exe
  2⤵
  PID:3280
- C:\Windows\System\zZWsway.exe
  C:\Windows\System\zZWsway.exe
  2⤵
  PID:3356
- C:\Windows\System\EVZinty.exe
  C:\Windows\System\EVZinty.exe
  2⤵
  PID:3424
- C:\Windows\System\gqYSori.exe
  C:\Windows\System\gqYSori.exe
  2⤵
  PID:3556
- C:\Windows\System\AbWisuK.exe
  C:\Windows\System\AbWisuK.exe
  2⤵
  PID:3708
- C:\Windows\System\UZooNvZ.exe
  C:\Windows\System\UZooNvZ.exe
  2⤵
  PID:3584
- C:\Windows\System\cBJarqL.exe
  C:\Windows\System\cBJarqL.exe
  2⤵
  PID:3100
- C:\Windows\System\sAnAbNg.exe
  C:\Windows\System\sAnAbNg.exe
  2⤵
  PID:3964
- C:\Windows\System\OeFBYCs.exe
  C:\Windows\System\OeFBYCs.exe
  2⤵
  PID:3868
- C:\Windows\System\fFHSzao.exe
  C:\Windows\System\fFHSzao.exe
  2⤵
  PID:4076
- C:\Windows\System\vTALGmq.exe
  C:\Windows\System\vTALGmq.exe
  2⤵
  PID:908
- C:\Windows\System\UHSOxgy.exe
  C:\Windows\System\UHSOxgy.exe
  2⤵
  PID:1748
- C:\Windows\System\QGMQwGR.exe
  C:\Windows\System\QGMQwGR.exe
  2⤵
  PID:1712
- C:\Windows\System\QVSwcdu.exe
  C:\Windows\System\QVSwcdu.exe
  2⤵
  PID:3980
- C:\Windows\System\yfRTGDa.exe
  C:\Windows\System\yfRTGDa.exe
  2⤵
  PID:3920
- C:\Windows\System\mfxKHoH.exe
  C:\Windows\System\mfxKHoH.exe
  2⤵
  PID:1584
- C:\Windows\System\gHKylbR.exe
  C:\Windows\System\gHKylbR.exe
  2⤵
  PID:2944
- C:\Windows\System\lnjjzMJ.exe
  C:\Windows\System\lnjjzMJ.exe
  2⤵
  PID:2856
- C:\Windows\System\DEjknhh.exe
  C:\Windows\System\DEjknhh.exe
  2⤵
  PID:1856
- C:\Windows\System\htxYweZ.exe
  C:\Windows\System\htxYweZ.exe
  2⤵
  PID:3088
- C:\Windows\System\ifBzytd.exe
  C:\Windows\System\ifBzytd.exe
  2⤵
  PID:4028
- C:\Windows\System\CQhiQcU.exe
  C:\Windows\System\CQhiQcU.exe
  2⤵
  PID:948
- C:\Windows\System\sPALJew.exe
  C:\Windows\System\sPALJew.exe
  2⤵
  PID:3484
- C:\Windows\System\IFASGTb.exe
  C:\Windows\System\IFASGTb.exe
  2⤵
  PID:2888
- C:\Windows\System\mwFSIqI.exe
  C:\Windows\System\mwFSIqI.exe
  2⤵
  PID:3988
- C:\Windows\System\ocNNHyt.exe
  C:\Windows\System\ocNNHyt.exe
  2⤵
  PID:3268
- C:\Windows\System\XogyhnN.exe
  C:\Windows\System\XogyhnN.exe
  2⤵
  PID:4020
- C:\Windows\System\lAtTFdS.exe
  C:\Windows\System\lAtTFdS.exe
  2⤵
  PID:3220
- C:\Windows\System\ZhLPkom.exe
  C:\Windows\System\ZhLPkom.exe
  2⤵
  PID:3376
- C:\Windows\System\DRTHmPE.exe
  C:\Windows\System\DRTHmPE.exe
  2⤵
  PID:2316
- C:\Windows\System\GaAyCII.exe
  C:\Windows\System\GaAyCII.exe
  2⤵
  PID:3124
- C:\Windows\System\WMLQFXv.exe
  C:\Windows\System\WMLQFXv.exe
  2⤵
  PID:1596
- C:\Windows\System\GJTIkAc.exe
  C:\Windows\System\GJTIkAc.exe
  2⤵
  PID:2652
- C:\Windows\System\LBqwEim.exe
  C:\Windows\System\LBqwEim.exe
  2⤵
  PID:1496
- C:\Windows\System\vKOaUsv.exe
  C:\Windows\System\vKOaUsv.exe
  2⤵
  PID:2840
- C:\Windows\System\xkUWfHE.exe
  C:\Windows\System\xkUWfHE.exe
  2⤵
  PID:3156
- C:\Windows\System\kzEqhJH.exe
  C:\Windows\System\kzEqhJH.exe
  2⤵
  PID:1724
- C:\Windows\System\ImdcgNn.exe
  C:\Windows\System\ImdcgNn.exe
  2⤵
  PID:3500
- C:\Windows\System\jnMVPUR.exe
  C:\Windows\System\jnMVPUR.exe
  2⤵
  PID:2456
- C:\Windows\System\DekgjCZ.exe
  C:\Windows\System\DekgjCZ.exe
  2⤵
  PID:1540
- C:\Windows\System\sTSAmVS.exe
  C:\Windows\System\sTSAmVS.exe
  2⤵
  PID:3916
- C:\Windows\System\iXxguan.exe
  C:\Windows\System\iXxguan.exe
  2⤵
  PID:2544
- C:\Windows\System\eElzLha.exe
  C:\Windows\System\eElzLha.exe
  2⤵
  PID:3216
- C:\Windows\System\lTVvxai.exe
  C:\Windows\System\lTVvxai.exe
  2⤵
  PID:976
- C:\Windows\System\LaYuozF.exe
  C:\Windows\System\LaYuozF.exe
  2⤵
  PID:3572
- C:\Windows\System\YSabOAL.exe
  C:\Windows\System\YSabOAL.exe
  2⤵
  PID:3828
- C:\Windows\System\hlhRcyn.exe
  C:\Windows\System\hlhRcyn.exe
  2⤵
  PID:2728
- C:\Windows\System\XLwQhVj.exe
  C:\Windows\System\XLwQhVj.exe
  2⤵
  PID:2388
- C:\Windows\System\iPjoGOq.exe
  C:\Windows\System\iPjoGOq.exe
  2⤵
  PID:3880
- C:\Windows\System\gAYujeB.exe
  C:\Windows\System\gAYujeB.exe
  2⤵
  PID:2396
- C:\Windows\System\uDfxUCZ.exe
  C:\Windows\System\uDfxUCZ.exe
  2⤵
  PID:1168
- C:\Windows\System\YSOCwdm.exe
  C:\Windows\System\YSOCwdm.exe
  2⤵
  PID:368
- C:\Windows\System\hhinbXf.exe
  C:\Windows\System\hhinbXf.exe
  2⤵
  PID:3580
- C:\Windows\System\dMawExg.exe
  C:\Windows\System\dMawExg.exe
  2⤵
  PID:1344
- C:\Windows\System\dTrpUQC.exe
  C:\Windows\System\dTrpUQC.exe
  2⤵
  PID:3340
- C:\Windows\System\CnNHSAn.exe
  C:\Windows\System\CnNHSAn.exe
  2⤵
  PID:372
- C:\Windows\System\oOiXEfc.exe
  C:\Windows\System\oOiXEfc.exe
  2⤵
  PID:3876
- C:\Windows\System\UsTWQov.exe
  C:\Windows\System\UsTWQov.exe
  2⤵
  PID:3764
- C:\Windows\System\wXbMqku.exe
  C:\Windows\System\wXbMqku.exe
  2⤵
  PID:1096
- C:\Windows\System\oCmewBM.exe
  C:\Windows\System\oCmewBM.exe
  2⤵
  PID:4116
- C:\Windows\System\UnWczPl.exe
  C:\Windows\System\UnWczPl.exe
  2⤵
  PID:4140
- C:\Windows\System\msrrdEc.exe
  C:\Windows\System\msrrdEc.exe
  2⤵
  PID:4160
- C:\Windows\System\AMVFEnl.exe
  C:\Windows\System\AMVFEnl.exe
  2⤵
  PID:4220
- C:\Windows\System\mhtxeBH.exe
  C:\Windows\System\mhtxeBH.exe
  2⤵
  PID:4248
- C:\Windows\System\bIXsJNY.exe
  C:\Windows\System\bIXsJNY.exe
  2⤵
  PID:4268
- C:\Windows\System\FohAsSW.exe
  C:\Windows\System\FohAsSW.exe
  2⤵
  PID:4284
- C:\Windows\System\ngTRrLz.exe
  C:\Windows\System\ngTRrLz.exe
  2⤵
  PID:4308
- C:\Windows\System\rGlmEIE.exe
  C:\Windows\System\rGlmEIE.exe
  2⤵
  PID:4328
- C:\Windows\System\prVFupt.exe
  C:\Windows\System\prVFupt.exe
  2⤵
  PID:4344
- C:\Windows\System\MCSCyDH.exe
  C:\Windows\System\MCSCyDH.exe
  2⤵
  PID:4360
- C:\Windows\System\GZsOvdX.exe
  C:\Windows\System\GZsOvdX.exe
  2⤵
  PID:4392
- C:\Windows\System\uzBihtc.exe
  C:\Windows\System\uzBihtc.exe
  2⤵
  PID:4408
- C:\Windows\System\IZyBxbV.exe
  C:\Windows\System\IZyBxbV.exe
  2⤵
  PID:4424
- C:\Windows\System\jpfiKnw.exe
  C:\Windows\System\jpfiKnw.exe
  2⤵
  PID:4440
- C:\Windows\System\hbDYteO.exe
  C:\Windows\System\hbDYteO.exe
  2⤵
  PID:4456
- C:\Windows\System\NaTvvgj.exe
  C:\Windows\System\NaTvvgj.exe
  2⤵
  PID:4484
- C:\Windows\System\llohQbF.exe
  C:\Windows\System\llohQbF.exe
  2⤵
  PID:4500
- C:\Windows\System\MHvBLPO.exe
  C:\Windows\System\MHvBLPO.exe
  2⤵
  PID:4516
- C:\Windows\System\QLUDTWp.exe
  C:\Windows\System\QLUDTWp.exe
  2⤵
  PID:4532
- C:\Windows\System\ohKHKDp.exe
  C:\Windows\System\ohKHKDp.exe
  2⤵
  PID:4580
- C:\Windows\System\qDWJvJb.exe
  C:\Windows\System\qDWJvJb.exe
  2⤵
  PID:4604
- C:\Windows\System\qfVmxJm.exe
  C:\Windows\System\qfVmxJm.exe
  2⤵
  PID:4620
- C:\Windows\System\LwiHCxt.exe
  C:\Windows\System\LwiHCxt.exe
  2⤵
  PID:4636
- C:\Windows\System\kkZKFqN.exe
  C:\Windows\System\kkZKFqN.exe
  2⤵
  PID:4656
- C:\Windows\System\rZujXDQ.exe
  C:\Windows\System\rZujXDQ.exe
  2⤵
  PID:4672
- C:\Windows\System\VYcGYUt.exe
  C:\Windows\System\VYcGYUt.exe
  2⤵
  PID:4696
- C:\Windows\System\xcSnuZl.exe
  C:\Windows\System\xcSnuZl.exe
  2⤵
  PID:4716
- C:\Windows\System\mNZgqZd.exe
  C:\Windows\System\mNZgqZd.exe
  2⤵
  PID:4752
- C:\Windows\System\pYMXpto.exe
  C:\Windows\System\pYMXpto.exe
  2⤵
  PID:4768
- C:\Windows\System\oqmOMhj.exe
  C:\Windows\System\oqmOMhj.exe
  2⤵
  PID:4784
- C:\Windows\System\fONdpla.exe
  C:\Windows\System\fONdpla.exe
  2⤵
  PID:4800
- C:\Windows\System\kFgNsPB.exe
  C:\Windows\System\kFgNsPB.exe
  2⤵
  PID:4820
- C:\Windows\System\aNzJeXQ.exe
  C:\Windows\System\aNzJeXQ.exe
  2⤵
  PID:4852
- C:\Windows\System\UddYIuU.exe
  C:\Windows\System\UddYIuU.exe
  2⤵
  PID:4884
- C:\Windows\System\rwLapdC.exe
  C:\Windows\System\rwLapdC.exe
  2⤵
  PID:4900
- C:\Windows\System\vCyVwnX.exe
  C:\Windows\System\vCyVwnX.exe
  2⤵
  PID:4916
- C:\Windows\System\gdueFKh.exe
  C:\Windows\System\gdueFKh.exe
  2⤵
  PID:4932
- C:\Windows\System\praqdWu.exe
  C:\Windows\System\praqdWu.exe
  2⤵
  PID:4948
- C:\Windows\System\PZhjdXJ.exe
  C:\Windows\System\PZhjdXJ.exe
  2⤵
  PID:4976
- C:\Windows\System\ZcSdfRU.exe
  C:\Windows\System\ZcSdfRU.exe
  2⤵
  PID:4996
- C:\Windows\System\LCHfsEg.exe
  C:\Windows\System\LCHfsEg.exe
  2⤵
  PID:5016
- C:\Windows\System\KEihZgV.exe
  C:\Windows\System\KEihZgV.exe
  2⤵
  PID:5032
- C:\Windows\System\bmDOLmK.exe
  C:\Windows\System\bmDOLmK.exe
  2⤵
  PID:5060
- C:\Windows\System\zKrSPMD.exe
  C:\Windows\System\zKrSPMD.exe
  2⤵
  PID:5084
- C:\Windows\System\eSlHNjg.exe
  C:\Windows\System\eSlHNjg.exe
  2⤵
  PID:5100
- C:\Windows\System\SsMofBy.exe
  C:\Windows\System\SsMofBy.exe
  2⤵
  PID:1184
- C:\Windows\System\KuiZmcS.exe
  C:\Windows\System\KuiZmcS.exe
  2⤵
  PID:3144
- C:\Windows\System\gUgRyJL.exe
  C:\Windows\System\gUgRyJL.exe
  2⤵
  PID:2604
- C:\Windows\System\xdFiWnz.exe
  C:\Windows\System\xdFiWnz.exe
  2⤵
  PID:4112
- C:\Windows\System\ghXKKaE.exe
  C:\Windows\System\ghXKKaE.exe
  2⤵
  PID:2452
- C:\Windows\System\wOikfyF.exe
  C:\Windows\System\wOikfyF.exe
  2⤵
  PID:2372
- C:\Windows\System\EbQOcsi.exe
  C:\Windows\System\EbQOcsi.exe
  2⤵
  PID:4044
- C:\Windows\System\yBGjgWn.exe
  C:\Windows\System\yBGjgWn.exe
  2⤵
  PID:4124
- C:\Windows\System\ozCXtPq.exe
  C:\Windows\System\ozCXtPq.exe
  2⤵
  PID:4200
- C:\Windows\System\DzTuQvW.exe
  C:\Windows\System\DzTuQvW.exe
  2⤵
  PID:4212
- C:\Windows\System\GAirmaA.exe
  C:\Windows\System\GAirmaA.exe
  2⤵
  PID:4232
- C:\Windows\System\hyKZBpX.exe
  C:\Windows\System\hyKZBpX.exe
  2⤵
  PID:2144
- C:\Windows\System\jyiYrsJ.exe
  C:\Windows\System\jyiYrsJ.exe
  2⤵
  PID:2768
- C:\Windows\System\weRdlcf.exe
  C:\Windows\System\weRdlcf.exe
  2⤵
  PID:4300
- C:\Windows\System\ZMQtgEs.exe
  C:\Windows\System\ZMQtgEs.exe
  2⤵
  PID:4368
- C:\Windows\System\LOmWSOe.exe
  C:\Windows\System\LOmWSOe.exe
  2⤵
  PID:4320
- C:\Windows\System\EuxHzOL.exe
  C:\Windows\System\EuxHzOL.exe
  2⤵
  PID:4352
- C:\Windows\System\KnzDVdz.exe
  C:\Windows\System\KnzDVdz.exe
  2⤵
  PID:4472
- C:\Windows\System\psvQiuG.exe
  C:\Windows\System\psvQiuG.exe
  2⤵
  PID:4512
- C:\Windows\System\qMHVXwB.exe
  C:\Windows\System\qMHVXwB.exe
  2⤵
  PID:4552
- C:\Windows\System\nLliofR.exe
  C:\Windows\System\nLliofR.exe
  2⤵
  PID:4448
- C:\Windows\System\iCaZtiu.exe
  C:\Windows\System\iCaZtiu.exe
  2⤵
  PID:4644
- C:\Windows\System\JWYrOlT.exe
  C:\Windows\System\JWYrOlT.exe
  2⤵
  PID:4588
- C:\Windows\System\TaNnGeA.exe
  C:\Windows\System\TaNnGeA.exe
  2⤵
  PID:4664
- C:\Windows\System\uBgmtua.exe
  C:\Windows\System\uBgmtua.exe
  2⤵
  PID:4712
- C:\Windows\System\jbnwNjm.exe
  C:\Windows\System\jbnwNjm.exe
  2⤵
  PID:4684
- C:\Windows\System\buXjlOS.exe
  C:\Windows\System\buXjlOS.exe
  2⤵
  PID:4748
- C:\Windows\System\LYYTBzK.exe
  C:\Windows\System\LYYTBzK.exe
  2⤵
  PID:4796
- C:\Windows\System\rGFTpQc.exe
  C:\Windows\System\rGFTpQc.exe
  2⤵
  PID:4832
- C:\Windows\System\OXfZrDB.exe
  C:\Windows\System\OXfZrDB.exe
  2⤵
  PID:4892
- C:\Windows\System\ffZzMZd.exe
  C:\Windows\System\ffZzMZd.exe
  2⤵
  PID:4956
- C:\Windows\System\aERbdio.exe
  C:\Windows\System\aERbdio.exe
  2⤵
  PID:4864
- C:\Windows\System\cbnxpwN.exe
  C:\Windows\System\cbnxpwN.exe
  2⤵
  PID:4912
- C:\Windows\System\LfPKqPN.exe
  C:\Windows\System\LfPKqPN.exe
  2⤵
  PID:5012
- C:\Windows\System\WolYzNw.exe
  C:\Windows\System\WolYzNw.exe
  2⤵
  PID:5044
- C:\Windows\System\cNzNQQh.exe
  C:\Windows\System\cNzNQQh.exe
  2⤵
  PID:4988
- C:\Windows\System\ISZyUiR.exe
  C:\Windows\System\ISZyUiR.exe
  2⤵
  PID:4104
- C:\Windows\System\EJzJIkm.exe
  C:\Windows\System\EJzJIkm.exe
  2⤵
  PID:5068
- C:\Windows\System\woFWkCN.exe
  C:\Windows\System\woFWkCN.exe
  2⤵
  PID:1736
- C:\Windows\System\EDyRANb.exe
  C:\Windows\System\EDyRANb.exe
  2⤵
  PID:1912
- C:\Windows\System\ysXZrqY.exe
  C:\Windows\System\ysXZrqY.exe
  2⤵
  PID:3848
- C:\Windows\System\sgbaDCJ.exe
  C:\Windows\System\sgbaDCJ.exe
  2⤵
  PID:2100
- C:\Windows\System\HSWuEUI.exe
  C:\Windows\System\HSWuEUI.exe
  2⤵
  PID:3296
- C:\Windows\System\WVxTYwY.exe
  C:\Windows\System\WVxTYwY.exe
  2⤵
  PID:1648
- C:\Windows\System\RVTzlVx.exe
  C:\Windows\System\RVTzlVx.exe
  2⤵
  PID:4244
- C:\Windows\System\HaDRXMo.exe
  C:\Windows\System\HaDRXMo.exe
  2⤵
  PID:4384
- C:\Windows\System\HvFevnA.exe
  C:\Windows\System\HvFevnA.exe
  2⤵
  PID:4464
- C:\Windows\System\scQkgBH.exe
  C:\Windows\System\scQkgBH.exe
  2⤵
  PID:4420
- C:\Windows\System\VZtGtZm.exe
  C:\Windows\System\VZtGtZm.exe
  2⤵
  PID:4544
- C:\Windows\System\nkHoKFS.exe
  C:\Windows\System\nkHoKFS.exe
  2⤵
  PID:4452
- C:\Windows\System\fFIrRnC.exe
  C:\Windows\System\fFIrRnC.exe
  2⤵
  PID:4652
- C:\Windows\System\QKuWFqv.exe
  C:\Windows\System\QKuWFqv.exe
  2⤵
  PID:4600
- C:\Windows\System\NIwNhzb.exe
  C:\Windows\System\NIwNhzb.exe
  2⤵
  PID:4860
- C:\Windows\System\yHaxAZN.exe
  C:\Windows\System\yHaxAZN.exe
  2⤵
  PID:4940
- C:\Windows\System\ddtYwbY.exe
  C:\Windows\System\ddtYwbY.exe
  2⤵
  PID:4708
- C:\Windows\System\uNzdAyI.exe
  C:\Windows\System\uNzdAyI.exe
  2⤵
  PID:4808
- C:\Windows\System\omERFeT.exe
  C:\Windows\System\omERFeT.exe
  2⤵
  PID:4880
- C:\Windows\System\DYRocbq.exe
  C:\Windows\System\DYRocbq.exe
  2⤵
  PID:5092
- C:\Windows\System\NXgYJUv.exe
  C:\Windows\System\NXgYJUv.exe
  2⤵
  PID:2408
- C:\Windows\System\JuKiWGd.exe
  C:\Windows\System\JuKiWGd.exe
  2⤵
  PID:3300
- C:\Windows\System\fDnTvoh.exe
  C:\Windows\System\fDnTvoh.exe
  2⤵
  PID:4292
- C:\Windows\System\eDwOnok.exe
  C:\Windows\System\eDwOnok.exe
  2⤵
  PID:4380
- C:\Windows\System\IKFiPBH.exe
  C:\Windows\System\IKFiPBH.exe
  2⤵
  PID:5116
- C:\Windows\System\gFEbiXx.exe
  C:\Windows\System\gFEbiXx.exe
  2⤵
  PID:5108
- C:\Windows\System\xiNOMot.exe
  C:\Windows\System\xiNOMot.exe
  2⤵
  PID:280
- C:\Windows\System\SUFnmIw.exe
  C:\Windows\System\SUFnmIw.exe
  2⤵
  PID:4260
- C:\Windows\System\YUQSGlH.exe
  C:\Windows\System\YUQSGlH.exe
  2⤵
  PID:4568
- C:\Windows\System\JyqpJJz.exe
  C:\Windows\System\JyqpJJz.exe
  2⤵
  PID:4496
- C:\Windows\System\IfKRlOF.exe
  C:\Windows\System\IfKRlOF.exe
  2⤵
  PID:4740
- C:\Windows\System\BIOtCGk.exe
  C:\Windows\System\BIOtCGk.exe
  2⤵
  PID:4596
- C:\Windows\System\vBDDqDa.exe
  C:\Windows\System\vBDDqDa.exe
  2⤵
  PID:2844
- C:\Windows\System\WCxDXxs.exe
  C:\Windows\System\WCxDXxs.exe
  2⤵
  PID:4760
- C:\Windows\System\CazrmDY.exe
  C:\Windows\System\CazrmDY.exe
  2⤵
  PID:800
- C:\Windows\System\TqdMbVf.exe
  C:\Windows\System\TqdMbVf.exe
  2⤵
  PID:4816
- C:\Windows\System\Nawdegx.exe
  C:\Windows\System\Nawdegx.exe
  2⤵
  PID:4132
- C:\Windows\System\jRYpaNo.exe
  C:\Windows\System\jRYpaNo.exe
  2⤵
  PID:5052
- C:\Windows\System\UswCbwM.exe
  C:\Windows\System\UswCbwM.exe
  2⤵
  PID:4316
- C:\Windows\System\CXlJibG.exe
  C:\Windows\System\CXlJibG.exe
  2⤵
  PID:4336
- C:\Windows\System\DqtuWTK.exe
  C:\Windows\System\DqtuWTK.exe
  2⤵
  PID:4564
- C:\Windows\System\eaSGCDX.exe
  C:\Windows\System\eaSGCDX.exe
  2⤵
  PID:4868
- C:\Windows\System\eGGSPnp.exe
  C:\Windows\System\eGGSPnp.exe
  2⤵
  PID:3388
- C:\Windows\System\PnLPKAq.exe
  C:\Windows\System\PnLPKAq.exe
  2⤵
  PID:4692
- C:\Windows\System\PuWvmdP.exe
  C:\Windows\System\PuWvmdP.exe
  2⤵
  PID:4356
- C:\Windows\System\RqUJTgX.exe
  C:\Windows\System\RqUJTgX.exe
  2⤵
  PID:1756
- C:\Windows\System\pqpKeUG.exe
  C:\Windows\System\pqpKeUG.exe
  2⤵
  PID:2720
- C:\Windows\System\PaGLKof.exe
  C:\Windows\System\PaGLKof.exe
  2⤵
  PID:2320
- C:\Windows\System\LkWjZdE.exe
  C:\Windows\System\LkWjZdE.exe
  2⤵
  PID:4876
- C:\Windows\System\jrJacdT.exe
  C:\Windows\System\jrJacdT.exe
  2⤵
  PID:4744
- C:\Windows\System\knBfuOs.exe
  C:\Windows\System\knBfuOs.exe
  2⤵
  PID:3460
- C:\Windows\System\GBfkBEJ.exe
  C:\Windows\System\GBfkBEJ.exe
  2⤵
  PID:4304
- C:\Windows\System\nFqdcWD.exe
  C:\Windows\System\nFqdcWD.exe
  2⤵
  PID:5128
- C:\Windows\System\kYxXDhY.exe
  C:\Windows\System\kYxXDhY.exe
  2⤵
  PID:5144
- C:\Windows\System\mqlyivU.exe
  C:\Windows\System\mqlyivU.exe
  2⤵
  PID:5164
- C:\Windows\System\kiwWXxD.exe
  C:\Windows\System\kiwWXxD.exe
  2⤵
  PID:5180
- C:\Windows\System\qIpOipD.exe
  C:\Windows\System\qIpOipD.exe
  2⤵
  PID:5196
- C:\Windows\System\MfJdfuf.exe
  C:\Windows\System\MfJdfuf.exe
  2⤵
  PID:5220
- C:\Windows\System\gayfZxz.exe
  C:\Windows\System\gayfZxz.exe
  2⤵
  PID:5268
- C:\Windows\System\tGwVyGU.exe
  C:\Windows\System\tGwVyGU.exe
  2⤵
  PID:5284
- C:\Windows\System\UekqyAg.exe
  C:\Windows\System\UekqyAg.exe
  2⤵
  PID:5308
- C:\Windows\System\OmiHUtP.exe
  C:\Windows\System\OmiHUtP.exe
  2⤵
  PID:5324
- C:\Windows\System\UfXvomM.exe
  C:\Windows\System\UfXvomM.exe
  2⤵
  PID:5348
- C:\Windows\System\uIktxuc.exe
  C:\Windows\System\uIktxuc.exe
  2⤵
  PID:5364
- C:\Windows\System\KocYTBp.exe
  C:\Windows\System\KocYTBp.exe
  2⤵
  PID:5380
- C:\Windows\System\OOMZPiX.exe
  C:\Windows\System\OOMZPiX.exe
  2⤵
  PID:5396
- C:\Windows\System\DiLiQzX.exe
  C:\Windows\System\DiLiQzX.exe
  2⤵
  PID:5420
- C:\Windows\System\FnlmTBv.exe
  C:\Windows\System\FnlmTBv.exe
  2⤵
  PID:5436
- C:\Windows\System\dQERBTb.exe
  C:\Windows\System\dQERBTb.exe
  2⤵
  PID:5464
- C:\Windows\System\HTgJeNJ.exe
  C:\Windows\System\HTgJeNJ.exe
  2⤵
  PID:5480
- C:\Windows\System\QdzYlcc.exe
  C:\Windows\System\QdzYlcc.exe
  2⤵
  PID:5496
- C:\Windows\System\Uizinzf.exe
  C:\Windows\System\Uizinzf.exe
  2⤵
  PID:5516
- C:\Windows\System\BqxiHkN.exe
  C:\Windows\System\BqxiHkN.exe
  2⤵
  PID:5532
- C:\Windows\System\EbFqSya.exe
  C:\Windows\System\EbFqSya.exe
  2⤵
  PID:5556
- C:\Windows\System\QRUonvf.exe
  C:\Windows\System\QRUonvf.exe
  2⤵
  PID:5572
- C:\Windows\System\HBuYbiZ.exe
  C:\Windows\System\HBuYbiZ.exe
  2⤵
  PID:5592
- C:\Windows\System\rhRqIoH.exe
  C:\Windows\System\rhRqIoH.exe
  2⤵
  PID:5620
- C:\Windows\System\hKQJroH.exe
  C:\Windows\System\hKQJroH.exe
  2⤵
  PID:5636
- C:\Windows\System\aXUjUly.exe
  C:\Windows\System\aXUjUly.exe
  2⤵
  PID:5652
- C:\Windows\System\YXTGbxt.exe
  C:\Windows\System\YXTGbxt.exe
  2⤵
  PID:5676
- C:\Windows\System\OeuljDR.exe
  C:\Windows\System\OeuljDR.exe
  2⤵
  PID:5692
- C:\Windows\System\wMBEdgf.exe
  C:\Windows\System\wMBEdgf.exe
  2⤵
  PID:5712
- C:\Windows\System\GHtYjBh.exe
  C:\Windows\System\GHtYjBh.exe
  2⤵
  PID:5744
- C:\Windows\System\CKiKhae.exe
  C:\Windows\System\CKiKhae.exe
  2⤵
  PID:5760
- C:\Windows\System\lWQUSNF.exe
  C:\Windows\System\lWQUSNF.exe
  2⤵
  PID:5776
- C:\Windows\System\ZcjntvH.exe
  C:\Windows\System\ZcjntvH.exe
  2⤵
  PID:5812
- C:\Windows\System\tpuijFt.exe
  C:\Windows\System\tpuijFt.exe
  2⤵
  PID:5828
- C:\Windows\System\DVRlTFe.exe
  C:\Windows\System\DVRlTFe.exe
  2⤵
  PID:5844
- C:\Windows\System\dpywwnP.exe
  C:\Windows\System\dpywwnP.exe
  2⤵
  PID:5864
- C:\Windows\System\uPcngcV.exe
  C:\Windows\System\uPcngcV.exe
  2⤵
  PID:5892
- C:\Windows\System\eWmTujS.exe
  C:\Windows\System\eWmTujS.exe
  2⤵
  PID:5908
- C:\Windows\System\ypwmhSS.exe
  C:\Windows\System\ypwmhSS.exe
  2⤵
  PID:5928
- C:\Windows\System\rEypTez.exe
  C:\Windows\System\rEypTez.exe
  2⤵
  PID:5944
- C:\Windows\System\HBKPjMf.exe
  C:\Windows\System\HBKPjMf.exe
  2⤵
  PID:5960
- C:\Windows\System\EYhZtvm.exe
  C:\Windows\System\EYhZtvm.exe
  2⤵
  PID:5988
- C:\Windows\System\owdxCiQ.exe
  C:\Windows\System\owdxCiQ.exe
  2⤵
  PID:6004
- C:\Windows\System\EcpaVhj.exe
  C:\Windows\System\EcpaVhj.exe
  2⤵
  PID:6020
- C:\Windows\System\zvJnNBb.exe
  C:\Windows\System\zvJnNBb.exe
  2⤵
  PID:6036
- C:\Windows\System\fIbBJEf.exe
  C:\Windows\System\fIbBJEf.exe
  2⤵
  PID:6052
- C:\Windows\System\kpTeHlE.exe
  C:\Windows\System\kpTeHlE.exe
  2⤵
  PID:6092
- C:\Windows\System\MwzvoUV.exe
  C:\Windows\System\MwzvoUV.exe
  2⤵
  PID:6108
- C:\Windows\System\bGbFgeO.exe
  C:\Windows\System\bGbFgeO.exe
  2⤵
  PID:6128
- C:\Windows\System\aufXaWf.exe
  C:\Windows\System\aufXaWf.exe
  2⤵
  PID:4560
- C:\Windows\System\ZyhnXdX.exe
  C:\Windows\System\ZyhnXdX.exe
  2⤵
  PID:5124
- C:\Windows\System\CGjdxCl.exe
  C:\Windows\System\CGjdxCl.exe
  2⤵
  PID:5160
- C:\Windows\System\aJkWYuj.exe
  C:\Windows\System\aJkWYuj.exe
  2⤵
  PID:4616
- C:\Windows\System\qvnkOLo.exe
  C:\Windows\System\qvnkOLo.exe
  2⤵
  PID:4928
- C:\Windows\System\GSVjtMd.exe
  C:\Windows\System\GSVjtMd.exe
  2⤵
  PID:5204
- C:\Windows\System\ggyqBpD.exe
  C:\Windows\System\ggyqBpD.exe
  2⤵
  PID:2788
- C:\Windows\System\jivYEtR.exe
  C:\Windows\System\jivYEtR.exe
  2⤵
  PID:5248
- C:\Windows\System\SFKOqHq.exe
  C:\Windows\System\SFKOqHq.exe
  2⤵
  PID:1680
- C:\Windows\System\qXZrfJZ.exe
  C:\Windows\System\qXZrfJZ.exe
  2⤵
  PID:5296
- C:\Windows\System\azkCRcX.exe
  C:\Windows\System\azkCRcX.exe
  2⤵
  PID:5316
- C:\Windows\System\bcBtQpV.exe
  C:\Windows\System\bcBtQpV.exe
  2⤵
  PID:5372
- C:\Windows\System\lnGnPVW.exe
  C:\Windows\System\lnGnPVW.exe
  2⤵
  PID:5444
- C:\Windows\System\CjdkvwD.exe
  C:\Windows\System\CjdkvwD.exe
  2⤵
  PID:5432
- C:\Windows\System\TcanWYb.exe
  C:\Windows\System\TcanWYb.exe
  2⤵
  PID:5456
- C:\Windows\System\TQyqyqH.exe
  C:\Windows\System\TQyqyqH.exe
  2⤵
  PID:5604
- C:\Windows\System\quGpSjI.exe
  C:\Windows\System\quGpSjI.exe
  2⤵
  PID:5616
- C:\Windows\System\gLVujyC.exe
  C:\Windows\System\gLVujyC.exe
  2⤵
  PID:5648
- C:\Windows\System\vIAgIAv.exe
  C:\Windows\System\vIAgIAv.exe
  2⤵
  PID:5728
- C:\Windows\System\rJivbIN.exe
  C:\Windows\System\rJivbIN.exe
  2⤵
  PID:5736
- C:\Windows\System\qfoXsyC.exe
  C:\Windows\System\qfoXsyC.exe
  2⤵
  PID:5700
- C:\Windows\System\bdmwLvZ.exe
  C:\Windows\System\bdmwLvZ.exe
  2⤵
  PID:5584
- C:\Windows\System\uQnhnwL.exe
  C:\Windows\System\uQnhnwL.exe
  2⤵
  PID:5820
- C:\Windows\System\dGLghhS.exe
  C:\Windows\System\dGLghhS.exe
  2⤵
  PID:5672
- C:\Windows\System\VZHqpde.exe
  C:\Windows\System\VZHqpde.exe
  2⤵
  PID:5856
- C:\Windows\System\ulhZnHu.exe
  C:\Windows\System\ulhZnHu.exe
  2⤵
  PID:5788
- C:\Windows\System\meCNVfD.exe
  C:\Windows\System\meCNVfD.exe
  2⤵
  PID:5872
- C:\Windows\System\ERzevpm.exe
  C:\Windows\System\ERzevpm.exe
  2⤵
  PID:5900
- C:\Windows\System\aPvhffG.exe
  C:\Windows\System\aPvhffG.exe
  2⤵
  PID:5956
- C:\Windows\System\KmoPEmd.exe
  C:\Windows\System\KmoPEmd.exe
  2⤵
  PID:5972
- C:\Windows\System\YycOkEV.exe
  C:\Windows\System\YycOkEV.exe
  2⤵
  PID:5976
- C:\Windows\System\PyxNUBs.exe
  C:\Windows\System\PyxNUBs.exe
  2⤵
  PID:6044
- C:\Windows\System\URkLXRa.exe
  C:\Windows\System\URkLXRa.exe
  2⤵
  PID:2156
- C:\Windows\System\XDbhlVM.exe
  C:\Windows\System\XDbhlVM.exe
  2⤵
  PID:6080
- C:\Windows\System\qujwsdW.exe
  C:\Windows\System\qujwsdW.exe
  2⤵
  PID:6088
- C:\Windows\System\naXVJmI.exe
  C:\Windows\System\naXVJmI.exe
  2⤵
  PID:5152
- C:\Windows\System\dTOlwas.exe
  C:\Windows\System\dTOlwas.exe
  2⤵
  PID:904
- C:\Windows\System\fmjQRFT.exe
  C:\Windows\System\fmjQRFT.exe
  2⤵
  PID:1320
- C:\Windows\System\XUrmdPr.exe
  C:\Windows\System\XUrmdPr.exe
  2⤵
  PID:5140
- C:\Windows\System\gGBaJuR.exe
  C:\Windows\System\gGBaJuR.exe
  2⤵
  PID:5256
- C:\Windows\System\khJeZIL.exe
  C:\Windows\System\khJeZIL.exe
  2⤵
  PID:5360
- C:\Windows\System\AubGmxC.exe
  C:\Windows\System\AubGmxC.exe
  2⤵
  PID:5416
- C:\Windows\System\wsnKbKU.exe
  C:\Windows\System\wsnKbKU.exe
  2⤵
  PID:5280
- C:\Windows\System\WXAdRvJ.exe
  C:\Windows\System\WXAdRvJ.exe
  2⤵
  PID:5528
- C:\Windows\System\iaKNUQs.exe
  C:\Windows\System\iaKNUQs.exe
  2⤵
  PID:5600
- C:\Windows\System\OsItgKi.exe
  C:\Windows\System\OsItgKi.exe
  2⤵
  PID:5472
- C:\Windows\System\pBUlNzr.exe
  C:\Windows\System\pBUlNzr.exe
  2⤵
  PID:5476
- C:\Windows\System\bUXocRb.exe
  C:\Windows\System\bUXocRb.exe
  2⤵
  PID:5628
- C:\Windows\System\eWdyWgw.exe
  C:\Windows\System\eWdyWgw.exe
  2⤵
  PID:5580
- C:\Windows\System\vRKyvDS.exe
  C:\Windows\System\vRKyvDS.exe
  2⤵
  PID:5632
- C:\Windows\System\rVqygzp.exe
  C:\Windows\System\rVqygzp.exe
  2⤵
  PID:5804
- C:\Windows\System\txOQVGd.exe
  C:\Windows\System\txOQVGd.exe
  2⤵
  PID:5888
- C:\Windows\System\REBLblb.exe
  C:\Windows\System\REBLblb.exe
  2⤵
  PID:5924
- C:\Windows\System\OqZuNNT.exe
  C:\Windows\System\OqZuNNT.exe
  2⤵
  PID:6028
- C:\Windows\System\zTULfqx.exe
  C:\Windows\System\zTULfqx.exe
  2⤵
  PID:6104
- C:\Windows\System\kdtfNCF.exe
  C:\Windows\System\kdtfNCF.exe
  2⤵
  PID:5212
- C:\Windows\System\lSamwaJ.exe
  C:\Windows\System\lSamwaJ.exe
  2⤵
  PID:4492
- C:\Windows\System\iGnwNSm.exe
  C:\Windows\System\iGnwNSm.exe
  2⤵
  PID:5936
- C:\Windows\System\zpfMALp.exe
  C:\Windows\System\zpfMALp.exe
  2⤵
  PID:6140
- C:\Windows\System\TIutJui.exe
  C:\Windows\System\TIutJui.exe
  2⤵
  PID:6000
- C:\Windows\System\RzmanQs.exe
  C:\Windows\System\RzmanQs.exe
  2⤵
  PID:2472
- C:\Windows\System\BYzdKCX.exe
  C:\Windows\System\BYzdKCX.exe
  2⤵
  PID:5176
- C:\Windows\System\TWbmwap.exe
  C:\Windows\System\TWbmwap.exe
  2⤵
  PID:5244
- C:\Windows\System\CEoDxag.exe
  C:\Windows\System\CEoDxag.exe
  2⤵
  PID:5392
- C:\Windows\System\XUfynlJ.exe
  C:\Windows\System\XUfynlJ.exe
  2⤵
  PID:5460
- C:\Windows\System\fiAcALA.exe
  C:\Windows\System\fiAcALA.exe
  2⤵
  PID:5540
- C:\Windows\System\QvLjPdZ.exe
  C:\Windows\System\QvLjPdZ.exe
  2⤵
  PID:5732
- C:\Windows\System\hsrHpqC.exe
  C:\Windows\System\hsrHpqC.exe
  2⤵
  PID:5504
- C:\Windows\System\hmqgdDA.exe
  C:\Windows\System\hmqgdDA.exe
  2⤵
  PID:5880
- C:\Windows\System\YlUsOmX.exe
  C:\Windows\System\YlUsOmX.exe
  2⤵
  PID:6060
- C:\Windows\System\axmyhye.exe
  C:\Windows\System\axmyhye.exe
  2⤵
  PID:6072
- C:\Windows\System\vfyZABF.exe
  C:\Windows\System\vfyZABF.exe
  2⤵
  PID:5984
- C:\Windows\System\PHkPosd.exe
  C:\Windows\System\PHkPosd.exe
  2⤵
  PID:4208
- C:\Windows\System\yLfrBzZ.exe
  C:\Windows\System\yLfrBzZ.exe
  2⤵
  PID:5512
- C:\Windows\System\kJIcdbe.exe
  C:\Windows\System\kJIcdbe.exe
  2⤵
  PID:5952
- C:\Windows\System\UYXuHUC.exe
  C:\Windows\System\UYXuHUC.exe
  2⤵
  PID:6016
- C:\Windows\System\YQqykEW.exe
  C:\Windows\System\YQqykEW.exe
  2⤵
  PID:5332
- C:\Windows\System\SMMJbVo.exe
  C:\Windows\System\SMMJbVo.exe
  2⤵
  PID:5492
- C:\Windows\System\buPSqHG.exe
  C:\Windows\System\buPSqHG.exe
  2⤵
  PID:768
- C:\Windows\System\IPuEdPD.exe
  C:\Windows\System\IPuEdPD.exe
  2⤵
  PID:6084
- C:\Windows\System\OCkoPxb.exe
  C:\Windows\System\OCkoPxb.exe
  2⤵
  PID:5852
- C:\Windows\System\bWIsXPD.exe
  C:\Windows\System\bWIsXPD.exe
  2⤵
  PID:5408
- C:\Windows\System\TkKlnSj.exe
  C:\Windows\System\TkKlnSj.exe
  2⤵
  PID:5216
- C:\Windows\System\BrYOhju.exe
  C:\Windows\System\BrYOhju.exe
  2⤵
  PID:5808
- C:\Windows\System\ahVqPqa.exe
  C:\Windows\System\ahVqPqa.exe
  2⤵
  PID:5720
- C:\Windows\System\lItQTdG.exe
  C:\Windows\System\lItQTdG.exe
  2⤵
  PID:5916
- C:\Windows\System\PpJgVKV.exe
  C:\Windows\System\PpJgVKV.exe
  2⤵
  PID:2288
- C:\Windows\System\vHIQtZO.exe
  C:\Windows\System\vHIQtZO.exe
  2⤵
  PID:6160
- C:\Windows\System\BSZdRFT.exe
  C:\Windows\System\BSZdRFT.exe
  2⤵
  PID:6176
- C:\Windows\System\YkRzwRq.exe
  C:\Windows\System\YkRzwRq.exe
  2⤵
  PID:6344
- C:\Windows\System\gSLAYNi.exe
  C:\Windows\System\gSLAYNi.exe
  2⤵
  PID:6368
- C:\Windows\System\aIXPCRA.exe
  C:\Windows\System\aIXPCRA.exe
  2⤵
  PID:6388
- C:\Windows\System\wJqHlPQ.exe
  C:\Windows\System\wJqHlPQ.exe
  2⤵
  PID:6408
- C:\Windows\System\DkMgcYd.exe
  C:\Windows\System\DkMgcYd.exe
  2⤵
  PID:6428
- C:\Windows\System\TEsbBft.exe
  C:\Windows\System\TEsbBft.exe
  2⤵
  PID:6456
- C:\Windows\System\ErKddpH.exe
  C:\Windows\System\ErKddpH.exe
  2⤵
  PID:6472
- C:\Windows\System\gEDRDfg.exe
  C:\Windows\System\gEDRDfg.exe
  2⤵
  PID:6492
- C:\Windows\System\rKxTibe.exe
  C:\Windows\System\rKxTibe.exe
  2⤵
  PID:6508
- C:\Windows\System\goRmUet.exe
  C:\Windows\System\goRmUet.exe
  2⤵
  PID:6548
- C:\Windows\System\nhrpbWs.exe
  C:\Windows\System\nhrpbWs.exe
  2⤵
  PID:6564
- C:\Windows\System\prTdqQu.exe
  C:\Windows\System\prTdqQu.exe
  2⤵
  PID:6580
- C:\Windows\System\PTABlCQ.exe
  C:\Windows\System\PTABlCQ.exe
  2⤵
  PID:6600
- C:\Windows\System\mrXXoHe.exe
  C:\Windows\System\mrXXoHe.exe
  2⤵
  PID:6632
- C:\Windows\System\hZOrQcX.exe
  C:\Windows\System\hZOrQcX.exe
  2⤵
  PID:6652
- C:\Windows\System\Zjolsew.exe
  C:\Windows\System\Zjolsew.exe
  2⤵
  PID:6668
- C:\Windows\System\GmrZOgg.exe
  C:\Windows\System\GmrZOgg.exe
  2⤵
  PID:6688
- C:\Windows\System\RtDpjpE.exe
  C:\Windows\System\RtDpjpE.exe
  2⤵
  PID:6704
- C:\Windows\System\EZRtyUS.exe
  C:\Windows\System\EZRtyUS.exe
  2⤵
  PID:6724
- C:\Windows\System\sytdBHs.exe
  C:\Windows\System\sytdBHs.exe
  2⤵
  PID:6740
- C:\Windows\System\uZvBVcM.exe
  C:\Windows\System\uZvBVcM.exe
  2⤵
  PID:6788
- C:\Windows\System\lDmiavH.exe
  C:\Windows\System\lDmiavH.exe
  2⤵
  PID:6808
- C:\Windows\System\vlrTeus.exe
  C:\Windows\System\vlrTeus.exe
  2⤵
  PID:6832
- C:\Windows\System\UgiGupv.exe
  C:\Windows\System\UgiGupv.exe
  2⤵
  PID:6848
- C:\Windows\System\wilaXDD.exe
  C:\Windows\System\wilaXDD.exe
  2⤵
  PID:6864
- C:\Windows\System\LCKqNgA.exe
  C:\Windows\System\LCKqNgA.exe
  2⤵
  PID:6884
- C:\Windows\System\ISleETP.exe
  C:\Windows\System\ISleETP.exe
  2⤵
  PID:6900
- C:\Windows\System\KvENFzW.exe
  C:\Windows\System\KvENFzW.exe
  2⤵
  PID:6916
- C:\Windows\System\OLmygOA.exe
  C:\Windows\System\OLmygOA.exe
  2⤵
  PID:6932
- C:\Windows\System\PikHVjb.exe
  C:\Windows\System\PikHVjb.exe
  2⤵
  PID:6948
- C:\Windows\System\uzzioHb.exe
  C:\Windows\System\uzzioHb.exe
  2⤵
  PID:6964
- C:\Windows\System\JSMTgPf.exe
  C:\Windows\System\JSMTgPf.exe
  2⤵
  PID:6980
- C:\Windows\System\xNdBoVI.exe
  C:\Windows\System\xNdBoVI.exe
  2⤵
  PID:6996
- C:\Windows\System\cIAprpE.exe
  C:\Windows\System\cIAprpE.exe
  2⤵
  PID:7012
- C:\Windows\System\TExOveT.exe
  C:\Windows\System\TExOveT.exe
  2⤵
  PID:7028
- C:\Windows\System\OItBJjx.exe
  C:\Windows\System\OItBJjx.exe
  2⤵
  PID:7044
- C:\Windows\System\qubhfVN.exe
  C:\Windows\System\qubhfVN.exe
  2⤵
  PID:7060
- C:\Windows\System\ifUdXdL.exe
  C:\Windows\System\ifUdXdL.exe
  2⤵
  PID:7076
- C:\Windows\System\qwwTjCd.exe
  C:\Windows\System\qwwTjCd.exe
  2⤵
  PID:7096
- C:\Windows\System\lNYRWzO.exe
  C:\Windows\System\lNYRWzO.exe
  2⤵
  PID:7112
- C:\Windows\System\nESTRZW.exe
  C:\Windows\System\nESTRZW.exe
  2⤵
  PID:7128
- C:\Windows\System\oqiEeEC.exe
  C:\Windows\System\oqiEeEC.exe
  2⤵
  PID:7144
- C:\Windows\System\RaDFXUp.exe
  C:\Windows\System\RaDFXUp.exe
  2⤵
  PID:7160
- C:\Windows\System\avkDxnh.exe
  C:\Windows\System\avkDxnh.exe
  2⤵
  PID:5412
- C:\Windows\System\qvUNtNk.exe
  C:\Windows\System\qvUNtNk.exe
  2⤵
  PID:5752
- C:\Windows\System\wWUjLGp.exe
  C:\Windows\System\wWUjLGp.exe
  2⤵
  PID:2464
- C:\Windows\System\VWIgBIa.exe
  C:\Windows\System\VWIgBIa.exe
  2⤵
  PID:5076
- C:\Windows\System\JRPAIyP.exe
  C:\Windows\System\JRPAIyP.exe
  2⤵
  PID:6192
- C:\Windows\System\xfgFuEy.exe
  C:\Windows\System\xfgFuEy.exe
  2⤵
  PID:6208
- C:\Windows\System\wYjUZSX.exe
  C:\Windows\System\wYjUZSX.exe
  2⤵
  PID:6224
- C:\Windows\System\AxqLbrr.exe
  C:\Windows\System\AxqLbrr.exe
  2⤵
  PID:6236
- C:\Windows\System\xParaOr.exe
  C:\Windows\System\xParaOr.exe
  2⤵
  PID:6256
- C:\Windows\System\mGAvFzk.exe
  C:\Windows\System\mGAvFzk.exe
  2⤵
  PID:6268
- C:\Windows\System\bohdQYg.exe
  C:\Windows\System\bohdQYg.exe
  2⤵
  PID:6288
- C:\Windows\System\DbZYgod.exe
  C:\Windows\System\DbZYgod.exe
  2⤵
  PID:6300
- C:\Windows\System\hpMlHAg.exe
  C:\Windows\System\hpMlHAg.exe
  2⤵
  PID:6324
- C:\Windows\System\DubpPMI.exe
  C:\Windows\System\DubpPMI.exe
  2⤵
  PID:2636
- C:\Windows\System\IrTgGxd.exe
  C:\Windows\System\IrTgGxd.exe
  2⤵
  PID:1936
- C:\Windows\System\QIXCFAm.exe
  C:\Windows\System\QIXCFAm.exe
  2⤵
  PID:2120
- C:\Windows\System\sdFAPWX.exe
  C:\Windows\System\sdFAPWX.exe
  2⤵
  PID:6352
- C:\Windows\System\gDlFFpt.exe
  C:\Windows\System\gDlFFpt.exe
  2⤵
  PID:6384
- C:\Windows\System\JOrAymX.exe
  C:\Windows\System\JOrAymX.exe
  2⤵
  PID:6416
- C:\Windows\System\qRwGKwv.exe
  C:\Windows\System\qRwGKwv.exe
  2⤵
  PID:6440
- C:\Windows\System\WTfQKiu.exe
  C:\Windows\System\WTfQKiu.exe
  2⤵
  PID:6488
- C:\Windows\System\lAgUGev.exe
  C:\Windows\System\lAgUGev.exe
  2⤵
  PID:6468
- C:\Windows\System\IAcuTHO.exe
  C:\Windows\System\IAcuTHO.exe
  2⤵
  PID:6524
- C:\Windows\System\xqoKsIO.exe
  C:\Windows\System\xqoKsIO.exe
  2⤵
  PID:6536
- C:\Windows\System\TQosrue.exe
  C:\Windows\System\TQosrue.exe
  2⤵
  PID:6612
- C:\Windows\System\cuVKqER.exe
  C:\Windows\System\cuVKqER.exe
  2⤵
  PID:6700
- C:\Windows\System\jcKhVnx.exe
  C:\Windows\System\jcKhVnx.exe
  2⤵
  PID:6732
- C:\Windows\System\cRGOXRY.exe
  C:\Windows\System\cRGOXRY.exe
  2⤵
  PID:6736
- C:\Windows\System\bzDFVLM.exe
  C:\Windows\System\bzDFVLM.exe
  2⤵
  PID:6648
- C:\Windows\System\qbngbBF.exe
  C:\Windows\System\qbngbBF.exe
  2⤵
  PID:6712
- C:\Windows\System\RECytyR.exe
  C:\Windows\System\RECytyR.exe
  2⤵
  PID:6756
- C:\Windows\System\LnnoOBg.exe
  C:\Windows\System\LnnoOBg.exe
  2⤵
  PID:6840
- C:\Windows\System\fpLbzhK.exe
  C:\Windows\System\fpLbzhK.exe
  2⤵
  PID:6768
- C:\Windows\System\kLbHTsB.exe
  C:\Windows\System\kLbHTsB.exe
  2⤵
  PID:6908
- C:\Windows\System\mCHAiFM.exe
  C:\Windows\System\mCHAiFM.exe
  2⤵
  PID:6856
- C:\Windows\System\kpZZfZr.exe
  C:\Windows\System\kpZZfZr.exe
  2⤵
  PID:6896
- C:\Windows\System\fNLlVRP.exe
  C:\Windows\System\fNLlVRP.exe
  2⤵
  PID:6944
- C:\Windows\System\VTCGNbL.exe
  C:\Windows\System\VTCGNbL.exe
  2⤵
  PID:6960
- C:\Windows\System\IDWKnba.exe
  C:\Windows\System\IDWKnba.exe
  2⤵
  PID:7040
- C:\Windows\System\XDiKmeC.exe
  C:\Windows\System\XDiKmeC.exe
  2⤵
  PID:7072
- C:\Windows\System\coMbepy.exe
  C:\Windows\System\coMbepy.exe
  2⤵
  PID:6992
- C:\Windows\System\rqMVcDW.exe
  C:\Windows\System\rqMVcDW.exe
  2⤵
  PID:7024
- C:\Windows\System\RpNIBNj.exe
  C:\Windows\System\RpNIBNj.exe
  2⤵
  PID:7088
- C:\Windows\System\lAZANKy.exe
  C:\Windows\System\lAZANKy.exe
  2⤵
  PID:7152
- C:\Windows\System\eUESVTQ.exe
  C:\Windows\System\eUESVTQ.exe
  2⤵
  PID:6156
- C:\Windows\System\ApXMnIO.exe
  C:\Windows\System\ApXMnIO.exe
  2⤵
  PID:6248
- C:\Windows\System\ZCFoKoo.exe
  C:\Windows\System\ZCFoKoo.exe
  2⤵
  PID:5548
- C:\Windows\System\KgsguJJ.exe
  C:\Windows\System\KgsguJJ.exe
  2⤵
  PID:6232
- C:\Windows\System\pgOOONe.exe
  C:\Windows\System\pgOOONe.exe
  2⤵
  PID:6304
- C:\Windows\System\zbpfhln.exe
  C:\Windows\System\zbpfhln.exe
  2⤵
  PID:5304
- C:\Windows\System\fcZztdU.exe
  C:\Windows\System\fcZztdU.exe
  2⤵
  PID:2252
- C:\Windows\System\fmBkLoH.exe
  C:\Windows\System\fmBkLoH.exe
  2⤵
  PID:6480
- C:\Windows\System\SjLFvqx.exe
  C:\Windows\System\SjLFvqx.exe
  2⤵
  PID:6504
- C:\Windows\System\TeFxwXQ.exe
  C:\Windows\System\TeFxwXQ.exe
  2⤵
  PID:6356
- C:\Windows\System\wIrwaiF.exe
  C:\Windows\System\wIrwaiF.exe
  2⤵
  PID:6404
- C:\Windows\System\QshtnTM.exe
  C:\Windows\System\QshtnTM.exe
  2⤵
  PID:6880
- C:\Windows\System\JaqrDrE.exe
  C:\Windows\System\JaqrDrE.exe
  2⤵
  PID:5688
- C:\Windows\System\jQFFGuu.exe
  C:\Windows\System\jQFFGuu.exe
  2⤵
  PID:6520
- C:\Windows\System\JICxryc.exe
  C:\Windows\System\JICxryc.exe
  2⤵
  PID:6576
- C:\Windows\System\dJAqltG.exe
  C:\Windows\System\dJAqltG.exe
  2⤵
  PID:6764
- C:\Windows\System\XWyVURq.exe
  C:\Windows\System\XWyVURq.exe
  2⤵
  PID:6680
- C:\Windows\System\tnLBzui.exe
  C:\Windows\System\tnLBzui.exe
  2⤵
  PID:7104
- C:\Windows\System\SXYvlmV.exe
  C:\Windows\System\SXYvlmV.exe
  2⤵
  PID:4192
- C:\Windows\System\NgAbQXS.exe
  C:\Windows\System\NgAbQXS.exe
  2⤵
  PID:6280
- C:\Windows\System\EpyVdfL.exe
  C:\Windows\System\EpyVdfL.exe
  2⤵
  PID:6336
- C:\Windows\System\pitbHqQ.exe
  C:\Windows\System\pitbHqQ.exe
  2⤵
  PID:7136
- C:\Windows\System\SHXMkXf.exe
  C:\Windows\System\SHXMkXf.exe
  2⤵
  PID:6216
- C:\Windows\System\yndeefw.exe
  C:\Windows\System\yndeefw.exe
  2⤵
  PID:6316
- C:\Windows\System\TaXWiGc.exe
  C:\Windows\System\TaXWiGc.exe
  2⤵
  PID:6592
- C:\Windows\System\yaQFwMo.exe
  C:\Windows\System\yaQFwMo.exe
  2⤵
  PID:6804
- C:\Windows\System\mVyvJcx.exe
  C:\Windows\System\mVyvJcx.exe
  2⤵
  PID:6420
- C:\Windows\System\tNegutK.exe
  C:\Windows\System\tNegutK.exe
  2⤵
  PID:6560
- C:\Windows\System\NYombUh.exe
  C:\Windows\System\NYombUh.exe
  2⤵
  PID:6376
- C:\Windows\System\DfFhSvX.exe
  C:\Windows\System\DfFhSvX.exe
  2⤵
  PID:7004
- C:\Windows\System\XeFSQmJ.exe
  C:\Windows\System\XeFSQmJ.exe
  2⤵
  PID:4276
- C:\Windows\System\klbTbEH.exe
  C:\Windows\System\klbTbEH.exe
  2⤵
  PID:7124
- C:\Windows\System\RnwGIyl.exe
  C:\Windows\System\RnwGIyl.exe
  2⤵
  PID:1688
- C:\Windows\System\aMVdowL.exe
  C:\Windows\System\aMVdowL.exe
  2⤵
  PID:6168
- C:\Windows\System\jjjmJrv.exe
  C:\Windows\System\jjjmJrv.exe
  2⤵
  PID:6436
- C:\Windows\System\zFAqnXx.exe
  C:\Windows\System\zFAqnXx.exe
  2⤵
  PID:6820
- C:\Windows\System\NThEnVS.exe
  C:\Windows\System\NThEnVS.exe
  2⤵
  PID:6976
- C:\Windows\System\aJTixTw.exe
  C:\Windows\System\aJTixTw.exe
  2⤵
  PID:6776
- C:\Windows\System\jmuINTn.exe
  C:\Windows\System\jmuINTn.exe
  2⤵
  PID:6396
- C:\Windows\System\QNanXXW.exe
  C:\Windows\System\QNanXXW.exe
  2⤵
  PID:6928
- C:\Windows\System\ejGJGRu.exe
  C:\Windows\System\ejGJGRu.exe
  2⤵
  PID:6628
- C:\Windows\System\fSqLfOp.exe
  C:\Windows\System\fSqLfOp.exe
  2⤵
  PID:6956
- C:\Windows\System\TTDiaMP.exe
  C:\Windows\System\TTDiaMP.exe
  2⤵
  PID:6272
- C:\Windows\System\nILkzjW.exe
  C:\Windows\System\nILkzjW.exe
  2⤵
  PID:7184
- C:\Windows\System\RNhLuZx.exe
  C:\Windows\System\RNhLuZx.exe
  2⤵
  PID:7200
- C:\Windows\System\hYHRqmo.exe
  C:\Windows\System\hYHRqmo.exe
  2⤵
  PID:7216
- C:\Windows\System\SlozShQ.exe
  C:\Windows\System\SlozShQ.exe
  2⤵
  PID:7232
- C:\Windows\System\muhHNwS.exe
  C:\Windows\System\muhHNwS.exe
  2⤵
  PID:7248
- C:\Windows\System\bBoFaxs.exe
  C:\Windows\System\bBoFaxs.exe
  2⤵
  PID:7264
- C:\Windows\System\rZrfIeJ.exe
  C:\Windows\System\rZrfIeJ.exe
  2⤵
  PID:7280
- C:\Windows\System\IOeYmau.exe
  C:\Windows\System\IOeYmau.exe
  2⤵
  PID:7300
- C:\Windows\System\yhdJUdD.exe
  C:\Windows\System\yhdJUdD.exe
  2⤵
  PID:7316
- C:\Windows\System\GMSQtbr.exe
  C:\Windows\System\GMSQtbr.exe
  2⤵
  PID:7332
- C:\Windows\System\sjjBAIV.exe
  C:\Windows\System\sjjBAIV.exe
  2⤵
  PID:7348
- C:\Windows\System\KIpxRlR.exe
  C:\Windows\System\KIpxRlR.exe
  2⤵
  PID:7364
- C:\Windows\System\mOgbmeP.exe
  C:\Windows\System\mOgbmeP.exe
  2⤵
  PID:7380
- C:\Windows\System\wSkNgNS.exe
  C:\Windows\System\wSkNgNS.exe
  2⤵
  PID:7396
- C:\Windows\System\EzoOxhv.exe
  C:\Windows\System\EzoOxhv.exe
  2⤵
  PID:7412
- C:\Windows\System\ZmECDxk.exe
  C:\Windows\System\ZmECDxk.exe
  2⤵
  PID:7428
- C:\Windows\System\ClxwISN.exe
  C:\Windows\System\ClxwISN.exe
  2⤵
  PID:7444
- C:\Windows\System\DkygUnl.exe
  C:\Windows\System\DkygUnl.exe
  2⤵
  PID:7460
- C:\Windows\System\rnyhmUT.exe
  C:\Windows\System\rnyhmUT.exe
  2⤵
  PID:7476
- C:\Windows\System\ZDNGKIO.exe
  C:\Windows\System\ZDNGKIO.exe
  2⤵
  PID:7492
- C:\Windows\System\VRXQVGt.exe
  C:\Windows\System\VRXQVGt.exe
  2⤵
  PID:7508
- C:\Windows\System\IRrHOPw.exe
  C:\Windows\System\IRrHOPw.exe
  2⤵
  PID:7524
- C:\Windows\System\lydJsgx.exe
  C:\Windows\System\lydJsgx.exe
  2⤵
  PID:7540
- C:\Windows\System\ivaxSYN.exe
  C:\Windows\System\ivaxSYN.exe
  2⤵
  PID:7556
- C:\Windows\System\JZJuloa.exe
  C:\Windows\System\JZJuloa.exe
  2⤵
  PID:7572
- C:\Windows\System\qyTKsyz.exe
  C:\Windows\System\qyTKsyz.exe
  2⤵
  PID:7588
- C:\Windows\System\rTFpMhF.exe
  C:\Windows\System\rTFpMhF.exe
  2⤵
  PID:7604
- C:\Windows\System\DfnEvpw.exe
  C:\Windows\System\DfnEvpw.exe
  2⤵
  PID:7620
- C:\Windows\System\WrxEyFs.exe
  C:\Windows\System\WrxEyFs.exe
  2⤵
  PID:7636
- C:\Windows\System\vnmIMJJ.exe
  C:\Windows\System\vnmIMJJ.exe
  2⤵
  PID:7652
- C:\Windows\System\aRtYkGI.exe
  C:\Windows\System\aRtYkGI.exe
  2⤵
  PID:7668
- C:\Windows\System\ZuOmtrb.exe
  C:\Windows\System\ZuOmtrb.exe
  2⤵
  PID:7684
- C:\Windows\System\oUqIWlM.exe
  C:\Windows\System\oUqIWlM.exe
  2⤵
  PID:7704
- C:\Windows\System\lyTYamk.exe
  C:\Windows\System\lyTYamk.exe
  2⤵
  PID:7720
- C:\Windows\System\JSQOXQr.exe
  C:\Windows\System\JSQOXQr.exe
  2⤵
  PID:7736
- C:\Windows\System\tAFOqtR.exe
  C:\Windows\System\tAFOqtR.exe
  2⤵
  PID:7752
- C:\Windows\System\Wgqsgps.exe
  C:\Windows\System\Wgqsgps.exe
  2⤵
  PID:7772
- C:\Windows\System\FWqlPmh.exe
  C:\Windows\System\FWqlPmh.exe
  2⤵
  PID:7788
- C:\Windows\System\FofacHS.exe
  C:\Windows\System\FofacHS.exe
  2⤵
  PID:7804
- C:\Windows\System\WxmdUDk.exe
  C:\Windows\System\WxmdUDk.exe
  2⤵
  PID:7820
- C:\Windows\System\UqiKLYz.exe
  C:\Windows\System\UqiKLYz.exe
  2⤵
  PID:7836
- C:\Windows\System\lZPRIqe.exe
  C:\Windows\System\lZPRIqe.exe
  2⤵
  PID:7852
- C:\Windows\System\fjjqWRH.exe
  C:\Windows\System\fjjqWRH.exe
  2⤵
  PID:7868
- C:\Windows\System\kPgyWFr.exe
  C:\Windows\System\kPgyWFr.exe
  2⤵
  PID:7884
- C:\Windows\System\oORjLuH.exe
  C:\Windows\System\oORjLuH.exe
  2⤵
  PID:7900
- C:\Windows\System\ErkFHbF.exe
  C:\Windows\System\ErkFHbF.exe
  2⤵
  PID:7916
- C:\Windows\System\pWoZSwv.exe
  C:\Windows\System\pWoZSwv.exe
  2⤵
  PID:7932
- C:\Windows\System\KDYstqg.exe
  C:\Windows\System\KDYstqg.exe
  2⤵
  PID:7948
- C:\Windows\System\NYzPXnl.exe
  C:\Windows\System\NYzPXnl.exe
  2⤵
  PID:7964
- C:\Windows\System\uXVNRCc.exe
  C:\Windows\System\uXVNRCc.exe
  2⤵
  PID:7980
- C:\Windows\System\XfzQVtl.exe
  C:\Windows\System\XfzQVtl.exe
  2⤵
  PID:7996
- C:\Windows\System\LnlWSah.exe
  C:\Windows\System\LnlWSah.exe
  2⤵
  PID:8012
- C:\Windows\System\wEpgucr.exe
  C:\Windows\System\wEpgucr.exe
  2⤵
  PID:8028
- C:\Windows\System\NOGbcIx.exe
  C:\Windows\System\NOGbcIx.exe
  2⤵
  PID:8044
- C:\Windows\System\WXCXYML.exe
  C:\Windows\System\WXCXYML.exe
  2⤵
  PID:8060
- C:\Windows\System\dxWqTwz.exe
  C:\Windows\System\dxWqTwz.exe
  2⤵
  PID:8076
- C:\Windows\System\KCFgXAH.exe
  C:\Windows\System\KCFgXAH.exe
  2⤵
  PID:8092
- C:\Windows\System\rKLXyQp.exe
  C:\Windows\System\rKLXyQp.exe
  2⤵
  PID:8108
- C:\Windows\System\tqpULqa.exe
  C:\Windows\System\tqpULqa.exe
  2⤵
  PID:8124
- C:\Windows\System\FyLSemT.exe
  C:\Windows\System\FyLSemT.exe
  2⤵
  PID:8140
- C:\Windows\System\gbEvwKh.exe
  C:\Windows\System\gbEvwKh.exe
  2⤵
  PID:8156
- C:\Windows\System\vTLKoKQ.exe
  C:\Windows\System\vTLKoKQ.exe
  2⤵
  PID:8172
- C:\Windows\System\AhThZOB.exe
  C:\Windows\System\AhThZOB.exe
  2⤵
  PID:8188
- C:\Windows\System\XDRRalB.exe
  C:\Windows\System\XDRRalB.exe
  2⤵
  PID:7192
- C:\Windows\System\aBWIItu.exe
  C:\Windows\System\aBWIItu.exe
  2⤵
  PID:7208
- C:\Windows\System\tgNJkkB.exe
  C:\Windows\System\tgNJkkB.exe
  2⤵
  PID:6544
- C:\Windows\System\aJzIUhD.exe
  C:\Windows\System\aJzIUhD.exe
  2⤵
  PID:7256
- C:\Windows\System\lhkqSgv.exe
  C:\Windows\System\lhkqSgv.exe
  2⤵
  PID:7272
- C:\Windows\System\afLyIzB.exe
  C:\Windows\System\afLyIzB.exe
  2⤵
  PID:7356
- C:\Windows\System\UIRiscr.exe
  C:\Windows\System\UIRiscr.exe
  2⤵
  PID:7276
- C:\Windows\System\vNfZWea.exe
  C:\Windows\System\vNfZWea.exe
  2⤵
  PID:7424
- C:\Windows\System\lhBBbyE.exe
  C:\Windows\System\lhBBbyE.exe
  2⤵
  PID:7404
- C:\Windows\System\eLQWwPt.exe
  C:\Windows\System\eLQWwPt.exe
  2⤵
  PID:7372
- C:\Windows\System\QtAfvsF.exe
  C:\Windows\System\QtAfvsF.exe
  2⤵
  PID:7488
- C:\Windows\System\turouCX.exe
  C:\Windows\System\turouCX.exe
  2⤵
  PID:7520
- C:\Windows\System\vOILXPZ.exe
  C:\Windows\System\vOILXPZ.exe
  2⤵
  PID:7472
- C:\Windows\System\lWGbhTl.exe
  C:\Windows\System\lWGbhTl.exe
  2⤵
  PID:7580
- C:\Windows\System\CPGWOHY.exe
  C:\Windows\System\CPGWOHY.exe
  2⤵
  PID:7628
- C:\Windows\System\YvVdVTp.exe
  C:\Windows\System\YvVdVTp.exe
  2⤵
  PID:7532
- C:\Windows\System\MDVtHXb.exe
  C:\Windows\System\MDVtHXb.exe
  2⤵
  PID:7568
- C:\Windows\System\EekHQIv.exe
  C:\Windows\System\EekHQIv.exe
  2⤵
  PID:7716
- C:\Windows\System\ftnYNFw.exe
  C:\Windows\System\ftnYNFw.exe
  2⤵
  PID:7784
- C:\Windows\System\frITOCf.exe
  C:\Windows\System\frITOCf.exe
  2⤵
  PID:7692
- C:\Windows\System\igWRdNA.exe
  C:\Windows\System\igWRdNA.exe
  2⤵
  PID:7860
- C:\Windows\System\wfETwax.exe
  C:\Windows\System\wfETwax.exe
  2⤵
  PID:7908
- C:\Windows\System\WxbhhNQ.exe
  C:\Windows\System\WxbhhNQ.exe
  2⤵
  PID:7896
- C:\Windows\System\dcRVwIx.exe
  C:\Windows\System\dcRVwIx.exe
  2⤵
  PID:7832
- C:\Windows\System\FhTZYTE.exe
  C:\Windows\System\FhTZYTE.exe
  2⤵
  PID:7764
- C:\Windows\System\UpvGKlq.exe
  C:\Windows\System\UpvGKlq.exe
  2⤵
  PID:7976
- C:\Windows\System\ufPcKLJ.exe
  C:\Windows\System\ufPcKLJ.exe
  2⤵
  PID:8036
- C:\Windows\System\oyqzhvb.exe
  C:\Windows\System\oyqzhvb.exe
  2⤵
  PID:7960
- C:\Windows\System\PgeVLfX.exe
  C:\Windows\System\PgeVLfX.exe
  2⤵
  PID:8024
- C:\Windows\System\DapzBqO.exe
  C:\Windows\System\DapzBqO.exe
  2⤵
  PID:8088
- C:\Windows\System\sbEzLnx.exe
  C:\Windows\System\sbEzLnx.exe
  2⤵
  PID:8120
- C:\Windows\System\AdQNAzK.exe
  C:\Windows\System\AdQNAzK.exe
  2⤵
  PID:8104
- C:\Windows\System\hmwagQp.exe
  C:\Windows\System\hmwagQp.exe
  2⤵
  PID:6620
- C:\Windows\System\pvnoWlf.exe
  C:\Windows\System\pvnoWlf.exe
  2⤵
  PID:7176
- C:\Windows\System\UAPfFgp.exe
  C:\Windows\System\UAPfFgp.exe
  2⤵
  PID:7260
- C:\Windows\System\aTAzyID.exe
  C:\Windows\System\aTAzyID.exe
  2⤵
  PID:7328
- C:\Windows\System\MMqfzRB.exe
  C:\Windows\System\MMqfzRB.exe
  2⤵
  PID:7292
- C:\Windows\System\xUolyDr.exe
  C:\Windows\System\xUolyDr.exe
  2⤵
  PID:7440
- C:\Windows\System\TGGClMc.exe
  C:\Windows\System\TGGClMc.exe
  2⤵
  PID:7408
- C:\Windows\System\IbPNSYE.exe
  C:\Windows\System\IbPNSYE.exe
  2⤵
  PID:7552
- C:\Windows\System\kxjRPNt.exe
  C:\Windows\System\kxjRPNt.exe
  2⤵
  PID:7680
- C:\Windows\System\AQSOImb.exe
  C:\Windows\System\AQSOImb.exe
  2⤵
  PID:7600
- C:\Windows\System\YzvsYYG.exe
  C:\Windows\System\YzvsYYG.exe
  2⤵
  PID:7632
- C:\Windows\System\idLdARp.exe
  C:\Windows\System\idLdARp.exe
  2⤵
  PID:7812
- C:\Windows\System\CiJBHdL.exe
  C:\Windows\System\CiJBHdL.exe
  2⤵
  PID:6572
- C:\Windows\System\ISVTMUw.exe
  C:\Windows\System\ISVTMUw.exe
  2⤵
  PID:7940
- C:\Windows\System\eoSopeQ.exe
  C:\Windows\System\eoSopeQ.exe
  2⤵
  PID:7928
- C:\Windows\System\nvCKfor.exe
  C:\Windows\System\nvCKfor.exe
  2⤵
  PID:7296
- C:\Windows\System\YjwMWMQ.exe
  C:\Windows\System\YjwMWMQ.exe
  2⤵
  PID:8020
- C:\Windows\System\arJtOIj.exe
  C:\Windows\System\arJtOIj.exe
  2⤵
  PID:8148
- C:\Windows\System\GnSaecN.exe
  C:\Windows\System\GnSaecN.exe
  2⤵
  PID:8164
- C:\Windows\System\rfSMVMv.exe
  C:\Windows\System\rfSMVMv.exe
  2⤵
  PID:6312
- C:\Windows\System\kMHYyMp.exe
  C:\Windows\System\kMHYyMp.exe
  2⤵
  PID:7452
- C:\Windows\System\BFBcpYA.exe
  C:\Windows\System\BFBcpYA.exe
  2⤵
  PID:7212
- C:\Windows\System\iLtdeJV.exe
  C:\Windows\System\iLtdeJV.exe
  2⤵
  PID:7648
- C:\Windows\System\ltqkVHQ.exe
  C:\Windows\System\ltqkVHQ.exe
  2⤵
  PID:7660
- C:\Windows\System\FQVOfBg.exe
  C:\Windows\System\FQVOfBg.exe
  2⤵
  PID:7700
- C:\Windows\System\FqcFKWR.exe
  C:\Windows\System\FqcFKWR.exe
  2⤵
  PID:7768
- C:\Windows\System\brRhmTe.exe
  C:\Windows\System\brRhmTe.exe
  2⤵
  PID:7912
- C:\Windows\System\wQlKTWj.exe
  C:\Windows\System\wQlKTWj.exe
  2⤵
  PID:8004
- C:\Windows\System\MacfKjJ.exe
  C:\Windows\System\MacfKjJ.exe
  2⤵
  PID:6784
- C:\Windows\System\mHadhkO.exe
  C:\Windows\System\mHadhkO.exe
  2⤵
  PID:7436
- C:\Windows\System\UTBbUwl.exe
  C:\Windows\System\UTBbUwl.exe
  2⤵
  PID:7800
- C:\Windows\System\jqTlzyp.exe
  C:\Windows\System\jqTlzyp.exe
  2⤵
  PID:8084
- C:\Windows\System\KyvLRNg.exe
  C:\Windows\System\KyvLRNg.exe
  2⤵
  PID:8196
- C:\Windows\System\VuioMoM.exe
  C:\Windows\System\VuioMoM.exe
  2⤵
  PID:8212
- C:\Windows\System\rkQivib.exe
  C:\Windows\System\rkQivib.exe
  2⤵
  PID:8228
- C:\Windows\System\wuTcMxk.exe
  C:\Windows\System\wuTcMxk.exe
  2⤵
  PID:8244
- C:\Windows\System\dRVRcRs.exe
  C:\Windows\System\dRVRcRs.exe
  2⤵
  PID:8260
- C:\Windows\System\YboMClN.exe
  C:\Windows\System\YboMClN.exe
  2⤵
  PID:8276
- C:\Windows\System\YNdHJNR.exe
  C:\Windows\System\YNdHJNR.exe
  2⤵
  PID:8292
- C:\Windows\System\UyeKEPE.exe
  C:\Windows\System\UyeKEPE.exe
  2⤵
  PID:8308
- C:\Windows\System\tSvZYNn.exe
  C:\Windows\System\tSvZYNn.exe
  2⤵
  PID:8324
- C:\Windows\System\fsQUSKb.exe
  C:\Windows\System\fsQUSKb.exe
  2⤵
  PID:8340
- C:\Windows\System\kXWuBEf.exe
  C:\Windows\System\kXWuBEf.exe
  2⤵
  PID:8356
- C:\Windows\System\eyFgjZJ.exe
  C:\Windows\System\eyFgjZJ.exe
  2⤵
  PID:8380
- C:\Windows\System\TUjCfCB.exe
  C:\Windows\System\TUjCfCB.exe
  2⤵
  PID:8396
- C:\Windows\System\GKXGIXg.exe
  C:\Windows\System\GKXGIXg.exe
  2⤵
  PID:8412
- C:\Windows\System\sjJApHJ.exe
  C:\Windows\System\sjJApHJ.exe
  2⤵
  PID:8428
- C:\Windows\System\aeJKhNk.exe
  C:\Windows\System\aeJKhNk.exe
  2⤵
  PID:8444
- C:\Windows\System\NCWywcA.exe
  C:\Windows\System\NCWywcA.exe
  2⤵
  PID:8460
- C:\Windows\System\jHtOWvk.exe
  C:\Windows\System\jHtOWvk.exe
  2⤵
  PID:8476
- C:\Windows\System\ScHWTmJ.exe
  C:\Windows\System\ScHWTmJ.exe
  2⤵
  PID:8492
- C:\Windows\System\AjYInaK.exe
  C:\Windows\System\AjYInaK.exe
  2⤵
  PID:8508
- C:\Windows\System\mtINWbp.exe
  C:\Windows\System\mtINWbp.exe
  2⤵
  PID:8524
- C:\Windows\System\MzEcbqC.exe
  C:\Windows\System\MzEcbqC.exe
  2⤵
  PID:8540
- C:\Windows\System\MVdwaEv.exe
  C:\Windows\System\MVdwaEv.exe
  2⤵
  PID:8556
- C:\Windows\System\DYVXpfL.exe
  C:\Windows\System\DYVXpfL.exe
  2⤵
  PID:8572
- C:\Windows\System\dpnIJSP.exe
  C:\Windows\System\dpnIJSP.exe
  2⤵
  PID:8588
- C:\Windows\System\rNbKOsN.exe
  C:\Windows\System\rNbKOsN.exe
  2⤵
  PID:8604
- C:\Windows\System\UIiRovM.exe
  C:\Windows\System\UIiRovM.exe
  2⤵
  PID:8624
- C:\Windows\System\BqBJdXM.exe
  C:\Windows\System\BqBJdXM.exe
  2⤵
  PID:8640
- C:\Windows\System\TCmzqyF.exe
  C:\Windows\System\TCmzqyF.exe
  2⤵
  PID:8656
- C:\Windows\System\iajkYOJ.exe
  C:\Windows\System\iajkYOJ.exe
  2⤵
  PID:8672
- C:\Windows\System\VSCOIOE.exe
  C:\Windows\System\VSCOIOE.exe
  2⤵
  PID:8688
- C:\Windows\System\ULypYVB.exe
  C:\Windows\System\ULypYVB.exe
  2⤵
  PID:8704
- C:\Windows\System\LXmRMoV.exe
  C:\Windows\System\LXmRMoV.exe
  2⤵
  PID:8720
- C:\Windows\System\qynAhfJ.exe
  C:\Windows\System\qynAhfJ.exe
  2⤵
  PID:8736
- C:\Windows\System\dfCtfGj.exe
  C:\Windows\System\dfCtfGj.exe
  2⤵
  PID:8752
- C:\Windows\System\kklVHFq.exe
  C:\Windows\System\kklVHFq.exe
  2⤵
  PID:8768
- C:\Windows\System\YgTRhbg.exe
  C:\Windows\System\YgTRhbg.exe
  2⤵
  PID:8788
- C:\Windows\System\GvdEQeA.exe
  C:\Windows\System\GvdEQeA.exe
  2⤵
  PID:8804
- C:\Windows\System\VqQcYDR.exe
  C:\Windows\System\VqQcYDR.exe
  2⤵
  PID:8820
- C:\Windows\System\wDtjEEP.exe
  C:\Windows\System\wDtjEEP.exe
  2⤵
  PID:8836
- C:\Windows\System\YHqJKii.exe
  C:\Windows\System\YHqJKii.exe
  2⤵
  PID:8852
- C:\Windows\System\xhuGjjt.exe
  C:\Windows\System\xhuGjjt.exe
  2⤵
  PID:8868
- C:\Windows\System\pyudMnU.exe
  C:\Windows\System\pyudMnU.exe
  2⤵
  PID:8884
- C:\Windows\System\pmDZkQD.exe
  C:\Windows\System\pmDZkQD.exe
  2⤵
  PID:8900
- C:\Windows\System\pSHMyzS.exe
  C:\Windows\System\pSHMyzS.exe
  2⤵
  PID:8916
- C:\Windows\System\TPnllWl.exe
  C:\Windows\System\TPnllWl.exe
  2⤵
  PID:8932
- C:\Windows\System\oMqoKHb.exe
  C:\Windows\System\oMqoKHb.exe
  2⤵
  PID:8948
- C:\Windows\System\KTIvdMY.exe
  C:\Windows\System\KTIvdMY.exe
  2⤵
  PID:8964
- C:\Windows\System\MIQHaRR.exe
  C:\Windows\System\MIQHaRR.exe
  2⤵
  PID:8980
- C:\Windows\System\fCMZXqI.exe
  C:\Windows\System\fCMZXqI.exe
  2⤵
  PID:9148
- C:\Windows\System\HoBpMNG.exe
  C:\Windows\System\HoBpMNG.exe
  2⤵
  PID:9164
- C:\Windows\System\ALesINo.exe
  C:\Windows\System\ALesINo.exe
  2⤵
  PID:9188
- C:\Windows\System\tRCShzw.exe
  C:\Windows\System\tRCShzw.exe
  2⤵
  PID:9204
- C:\Windows\System\VYVndTZ.exe
  C:\Windows\System\VYVndTZ.exe
  2⤵
  PID:8404
- C:\Windows\System\GJIEGzf.exe
  C:\Windows\System\GJIEGzf.exe
  2⤵
  PID:8564
- C:\Windows\System\uPuYySe.exe
  C:\Windows\System\uPuYySe.exe
  2⤵
  PID:8612
- C:\Windows\System\aZGLmeq.exe
  C:\Windows\System\aZGLmeq.exe
  2⤵
  PID:8728
- C:\Windows\System\sWAnaFy.exe
  C:\Windows\System\sWAnaFy.exe
  2⤵
  PID:8812
- C:\Windows\System\KuuxDJs.exe
  C:\Windows\System\KuuxDJs.exe
  2⤵
  PID:8860
- C:\Windows\System\DgCZShg.exe
  C:\Windows\System\DgCZShg.exe
  2⤵
  PID:8848
- C:\Windows\System\OxLmrRH.exe
  C:\Windows\System\OxLmrRH.exe
  2⤵
  PID:7780
- C:\Windows\System\WQmReWs.exe
  C:\Windows\System\WQmReWs.exe
  2⤵
  PID:6444
- C:\Windows\System\NSTdicx.exe
  C:\Windows\System\NSTdicx.exe
  2⤵
  PID:8472
- C:\Windows\System\MxLINdP.exe
  C:\Windows\System\MxLINdP.exe
  2⤵
  PID:8424
- C:\Windows\System\fBEIctQ.exe
  C:\Windows\System\fBEIctQ.exe
  2⤵
  PID:7312
- C:\Windows\System\MTQgVwC.exe
  C:\Windows\System\MTQgVwC.exe
  2⤵
  PID:8652
- C:\Windows\System\zmLBCYm.exe
  C:\Windows\System\zmLBCYm.exe
  2⤵
  PID:8452
- C:\Windows\System\NLZgzoE.exe
  C:\Windows\System\NLZgzoE.exe
  2⤵
  PID:8536
- C:\Windows\System\oNHisYA.exe
  C:\Windows\System\oNHisYA.exe
  2⤵
  PID:8880
- C:\Windows\System\YkRUEQO.exe
  C:\Windows\System\YkRUEQO.exe
  2⤵
  PID:8972
- C:\Windows\System\MvFRzve.exe
  C:\Windows\System\MvFRzve.exe
  2⤵
  PID:9004
- C:\Windows\System\vholOvL.exe
  C:\Windows\System\vholOvL.exe
  2⤵
  PID:9084
- C:\Windows\System\GUFABzv.exe
  C:\Windows\System\GUFABzv.exe
  2⤵
  PID:8668
- C:\Windows\System\bxRHWfT.exe
  C:\Windows\System\bxRHWfT.exe
  2⤵
  PID:8500
- C:\Windows\System\vPyeTMk.exe
  C:\Windows\System\vPyeTMk.exe
  2⤵
  PID:8632
- C:\Windows\System\zUpYema.exe
  C:\Windows\System\zUpYema.exe
  2⤵
  PID:9064
- C:\Windows\System\PFwSRWH.exe
  C:\Windows\System\PFwSRWH.exe
  2⤵
  PID:8580
- C:\Windows\System\ilnLvzs.exe
  C:\Windows\System\ilnLvzs.exe
  2⤵
  PID:8336
- C:\Windows\System\WvpaLpe.exe
  C:\Windows\System\WvpaLpe.exe
  2⤵
  PID:8832
- C:\Windows\System\TaUKRaf.exe
  C:\Windows\System\TaUKRaf.exe
  2⤵
  PID:7068
- C:\Windows\System\paNecJW.exe
  C:\Windows\System\paNecJW.exe
  2⤵
  PID:8236
- C:\Windows\System\CQTmOkF.exe
  C:\Windows\System\CQTmOkF.exe
  2⤵
  PID:9108
- C:\Windows\System\aoqvFzr.exe
  C:\Windows\System\aoqvFzr.exe
  2⤵
  PID:9160
- C:\Windows\System\ISdTrsY.exe
  C:\Windows\System\ISdTrsY.exe
  2⤵
  PID:8284
- C:\Windows\System\jlgiyfh.exe
  C:\Windows\System\jlgiyfh.exe
  2⤵
  PID:8988
- C:\Windows\System\HArsrJN.exe
  C:\Windows\System\HArsrJN.exe
  2⤵
  PID:9068
- C:\Windows\System\XYjntxp.exe
  C:\Windows\System\XYjntxp.exe
  2⤵
  PID:8748
- C:\Windows\System\PqIEeqh.exe
  C:\Windows\System\PqIEeqh.exe
  2⤵
  PID:8648
- C:\Windows\System\UDuZGxA.exe
  C:\Windows\System\UDuZGxA.exe
  2⤵
  PID:8912
- C:\Windows\System\TJLmUhn.exe
  C:\Windows\System\TJLmUhn.exe
  2⤵
  PID:9072
- C:\Windows\System\foMsibs.exe
  C:\Windows\System\foMsibs.exe
  2⤵
  PID:9020
- C:\Windows\System\OgYVGwX.exe
  C:\Windows\System\OgYVGwX.exe
  2⤵
  PID:8376
- C:\Windows\System\cjLqOkH.exe
  C:\Windows\System\cjLqOkH.exe
  2⤵
  PID:8240
- C:\Windows\System\nABAHiB.exe
  C:\Windows\System\nABAHiB.exe
  2⤵
  PID:9140
- C:\Windows\System\GxtfbHC.exe
  C:\Windows\System\GxtfbHC.exe
  2⤵
  PID:7612
- C:\Windows\System\uLLPwqt.exe
  C:\Windows\System\uLLPwqt.exe
  2⤵
  PID:9028
- C:\Windows\System\TGKDrwW.exe
  C:\Windows\System\TGKDrwW.exe
  2⤵
  PID:8332
- C:\Windows\System\jcDVGKm.exe
  C:\Windows\System\jcDVGKm.exe
  2⤵
  PID:8700
- C:\Windows\System\dkEtKMu.exe
  C:\Windows\System\dkEtKMu.exe
  2⤵
  PID:8896
- C:\Windows\System\BELMPZs.exe
  C:\Windows\System\BELMPZs.exe
  2⤵
  PID:9008
- C:\Windows\System\TvGLKTS.exe
  C:\Windows\System\TvGLKTS.exe
  2⤵
  PID:9124
- C:\Windows\System\BLVhrDO.exe
  C:\Windows\System\BLVhrDO.exe
  2⤵
  PID:9156
- C:\Windows\System\wFbmqNC.exe
  C:\Windows\System\wFbmqNC.exe
  2⤵
  PID:8348
- C:\Windows\System\uJnMaMP.exe
  C:\Windows\System\uJnMaMP.exe
  2⤵
  PID:7956
- C:\Windows\System\niJKFyp.exe
  C:\Windows\System\niJKFyp.exe
  2⤵
  PID:8352
- C:\Windows\System\dZgiIRD.exe
  C:\Windows\System\dZgiIRD.exe
  2⤵
  PID:8320
- C:\Windows\System\YTQVlBf.exe
  C:\Windows\System\YTQVlBf.exe
  2⤵
  PID:9056
- C:\Windows\System\IeNtivQ.exe
  C:\Windows\System\IeNtivQ.exe
  2⤵
  PID:8368
- C:\Windows\System\LhLYLrU.exe
  C:\Windows\System\LhLYLrU.exe
  2⤵
  PID:8256
- C:\Windows\System\MPtyisQ.exe
  C:\Windows\System\MPtyisQ.exe
  2⤵
  PID:8436
- C:\Windows\System\moKZlpF.exe
  C:\Windows\System\moKZlpF.exe
  2⤵
  PID:9040
- C:\Windows\System\EQNOQPC.exe
  C:\Windows\System\EQNOQPC.exe
  2⤵
  PID:8208
- C:\Windows\System\fXzwLJH.exe
  C:\Windows\System\fXzwLJH.exe
  2⤵
  PID:9052
- C:\Windows\System\cEtVCGI.exe
  C:\Windows\System\cEtVCGI.exe
  2⤵
  PID:9172
- C:\Windows\System\fzovqFc.exe
  C:\Windows\System\fzovqFc.exe
  2⤵
  PID:8796
- C:\Windows\System\ZWIRlAH.exe
  C:\Windows\System\ZWIRlAH.exe
  2⤵
  PID:8992
- C:\Windows\System\tpaEFEt.exe
  C:\Windows\System\tpaEFEt.exe
  2⤵
  PID:8300
- C:\Windows\System\bccIEKM.exe
  C:\Windows\System\bccIEKM.exe
  2⤵
  PID:8552
- C:\Windows\System\eqxYBLg.exe
  C:\Windows\System\eqxYBLg.exe
  2⤵
  PID:8520
- C:\Windows\System\dwMGDdF.exe
  C:\Windows\System\dwMGDdF.exe
  2⤵
  PID:8616
- C:\Windows\System\mszEVLR.exe
  C:\Windows\System\mszEVLR.exe
  2⤵
  PID:9176
- C:\Windows\System\zKEuhWl.exe
  C:\Windows\System\zKEuhWl.exe
  2⤵
  PID:8440
- C:\Windows\System\XCKUTnm.exe
  C:\Windows\System\XCKUTnm.exe
  2⤵
  PID:9044
- C:\Windows\System\GNUtaNr.exe
  C:\Windows\System\GNUtaNr.exe
  2⤵
  PID:9112
- C:\Windows\System\hsDpTNM.exe
  C:\Windows\System\hsDpTNM.exe
  2⤵
  PID:9100
- C:\Windows\System\kHZJPsu.exe
  C:\Windows\System\kHZJPsu.exe
  2⤵
  PID:9104
- C:\Windows\System\DtXUaKF.exe
  C:\Windows\System\DtXUaKF.exe
  2⤵
  PID:9212
- C:\Windows\System\TpdCjgh.exe
  C:\Windows\System\TpdCjgh.exe
  2⤵
  PID:9196
- C:\Windows\System\uHYOopu.exe
  C:\Windows\System\uHYOopu.exe
  2⤵
  PID:8272
- C:\Windows\System\LrHuNKP.exe
  C:\Windows\System\LrHuNKP.exe
  2⤵
  PID:8764
- C:\Windows\System\KqQXluR.exe
  C:\Windows\System\KqQXluR.exe
  2⤵
  PID:9224
- C:\Windows\System\njcxDEM.exe
  C:\Windows\System\njcxDEM.exe
  2⤵
  PID:9240
- C:\Windows\System\wMPiaAY.exe
  C:\Windows\System\wMPiaAY.exe
  2⤵
  PID:9256
- C:\Windows\System\ifgjnds.exe
  C:\Windows\System\ifgjnds.exe
  2⤵
  PID:9272
- C:\Windows\System\hoWcUTG.exe
  C:\Windows\System\hoWcUTG.exe
  2⤵
  PID:9288
- C:\Windows\System\ROprkjk.exe
  C:\Windows\System\ROprkjk.exe
  2⤵
  PID:9304
- C:\Windows\System\qgdNvah.exe
  C:\Windows\System\qgdNvah.exe
  2⤵
  PID:9320
- C:\Windows\System\fpLGgym.exe
  C:\Windows\System\fpLGgym.exe
  2⤵
  PID:9336
- C:\Windows\System\PFWytkR.exe
  C:\Windows\System\PFWytkR.exe
  2⤵
  PID:9352
- C:\Windows\System\UXdVjQu.exe
  C:\Windows\System\UXdVjQu.exe
  2⤵
  PID:9368
- C:\Windows\System\syGmJNp.exe
  C:\Windows\System\syGmJNp.exe
  2⤵
  PID:9384
- C:\Windows\System\wdSjOih.exe
  C:\Windows\System\wdSjOih.exe
  2⤵
  PID:9400
- C:\Windows\System\dLaZzIJ.exe
  C:\Windows\System\dLaZzIJ.exe
  2⤵
  PID:9416
- C:\Windows\System\doKoNTA.exe
  C:\Windows\System\doKoNTA.exe
  2⤵
  PID:9432
- C:\Windows\System\mYkBled.exe
  C:\Windows\System\mYkBled.exe
  2⤵
  PID:9448
- C:\Windows\System\FIyewnh.exe
  C:\Windows\System\FIyewnh.exe
  2⤵
  PID:9464
- C:\Windows\System\xmAKfMG.exe
  C:\Windows\System\xmAKfMG.exe
  2⤵
  PID:9480
- C:\Windows\System\darOBEF.exe
  C:\Windows\System\darOBEF.exe
  2⤵
  PID:9496
- C:\Windows\System\QFwrDJo.exe
  C:\Windows\System\QFwrDJo.exe
  2⤵
  PID:9512
- C:\Windows\System\QXeHSfM.exe
  C:\Windows\System\QXeHSfM.exe
  2⤵
  PID:9528
- C:\Windows\System\lnrOWYW.exe
  C:\Windows\System\lnrOWYW.exe
  2⤵
  PID:9544
- C:\Windows\System\lRqrjAR.exe
  C:\Windows\System\lRqrjAR.exe
  2⤵
  PID:9560
- C:\Windows\System\xjpUfTC.exe
  C:\Windows\System\xjpUfTC.exe
  2⤵
  PID:9576
- C:\Windows\System\qIAgzbY.exe
  C:\Windows\System\qIAgzbY.exe
  2⤵
  PID:9592
- C:\Windows\System\hBKWIfG.exe
  C:\Windows\System\hBKWIfG.exe
  2⤵
  PID:9612
- C:\Windows\System\bfRZyrK.exe
  C:\Windows\System\bfRZyrK.exe
  2⤵
  PID:9632
- C:\Windows\System\YgeVFWP.exe
  C:\Windows\System\YgeVFWP.exe
  2⤵
  PID:9652
- C:\Windows\System\SUizjFP.exe
  C:\Windows\System\SUizjFP.exe
  2⤵
  PID:9668
- C:\Windows\System\bYOUYmD.exe
  C:\Windows\System\bYOUYmD.exe
  2⤵
  PID:9684
- C:\Windows\System\iIvNoTO.exe
  C:\Windows\System\iIvNoTO.exe
  2⤵
  PID:9700
- C:\Windows\System\tKtnHQU.exe
  C:\Windows\System\tKtnHQU.exe
  2⤵
  PID:9716
- C:\Windows\System\MyYmMkH.exe
  C:\Windows\System\MyYmMkH.exe
  2⤵
  PID:9732
- C:\Windows\System\WutVpZf.exe
  C:\Windows\System\WutVpZf.exe
  2⤵
  PID:9748
- C:\Windows\System\PsbHYpR.exe
  C:\Windows\System\PsbHYpR.exe
  2⤵
  PID:9764
- C:\Windows\System\veeKlMP.exe
  C:\Windows\System\veeKlMP.exe
  2⤵
  PID:9780
- C:\Windows\System\jQkmlBd.exe
  C:\Windows\System\jQkmlBd.exe
  2⤵
  PID:9796
- C:\Windows\System\mordqwa.exe
  C:\Windows\System\mordqwa.exe
  2⤵
  PID:9812
- C:\Windows\System\fpQHwzI.exe
  C:\Windows\System\fpQHwzI.exe
  2⤵
  PID:9828
- C:\Windows\System\LbLDlWx.exe
  C:\Windows\System\LbLDlWx.exe
  2⤵
  PID:9844
- C:\Windows\System\pKmwPkc.exe
  C:\Windows\System\pKmwPkc.exe
  2⤵
  PID:9860
- C:\Windows\System\ahNQZSi.exe
  C:\Windows\System\ahNQZSi.exe
  2⤵
  PID:9876
- C:\Windows\System\bOIPaIv.exe
  C:\Windows\System\bOIPaIv.exe
  2⤵
  PID:9892
- C:\Windows\System\SfrcyYC.exe
  C:\Windows\System\SfrcyYC.exe
  2⤵
  PID:9908
- C:\Windows\System\rUepQlz.exe
  C:\Windows\System\rUepQlz.exe
  2⤵
  PID:9924
- C:\Windows\System\xggyFlK.exe
  C:\Windows\System\xggyFlK.exe
  2⤵
  PID:9940
- C:\Windows\System\japomVG.exe
  C:\Windows\System\japomVG.exe
  2⤵
  PID:9956
- C:\Windows\System\rIyMrmi.exe
  C:\Windows\System\rIyMrmi.exe
  2⤵
  PID:9972
- C:\Windows\System\ZWqScvf.exe
  C:\Windows\System\ZWqScvf.exe
  2⤵
  PID:9988
- C:\Windows\System\tMuEMOw.exe
  C:\Windows\System\tMuEMOw.exe
  2⤵
  PID:10008
- C:\Windows\System\ytvOose.exe
  C:\Windows\System\ytvOose.exe
  2⤵
  PID:10024
- C:\Windows\System\iZHQIOm.exe
  C:\Windows\System\iZHQIOm.exe
  2⤵
  PID:10040
- C:\Windows\System\OyeQUww.exe
  C:\Windows\System\OyeQUww.exe
  2⤵
  PID:10056
- C:\Windows\System\rzwgxgt.exe
  C:\Windows\System\rzwgxgt.exe
  2⤵
  PID:10072
- C:\Windows\System\mOyLkIW.exe
  C:\Windows\System\mOyLkIW.exe
  2⤵
  PID:10088
- C:\Windows\System\xoHbZDp.exe
  C:\Windows\System\xoHbZDp.exe
  2⤵
  PID:10104
- C:\Windows\System\TBSCWFw.exe
  C:\Windows\System\TBSCWFw.exe
  2⤵
  PID:10120
- C:\Windows\System\GctJbIf.exe
  C:\Windows\System\GctJbIf.exe
  2⤵
  PID:10136
- C:\Windows\System\VlPNVbO.exe
  C:\Windows\System\VlPNVbO.exe
  2⤵
  PID:10152
- C:\Windows\System\XSQMYXs.exe
  C:\Windows\System\XSQMYXs.exe
  2⤵
  PID:10168
- C:\Windows\System\tXIPpRi.exe
  C:\Windows\System\tXIPpRi.exe
  2⤵
  PID:10184
- C:\Windows\System\sbYPJxs.exe
  C:\Windows\System\sbYPJxs.exe
  2⤵
  PID:10200
- C:\Windows\System\IjXDSvp.exe
  C:\Windows\System\IjXDSvp.exe
  2⤵
  PID:10216
- C:\Windows\System\zqrIQkJ.exe
  C:\Windows\System\zqrIQkJ.exe
  2⤵
  PID:10232
- C:\Windows\System\GjbDzCL.exe
  C:\Windows\System\GjbDzCL.exe
  2⤵
  PID:9116
- C:\Windows\System\CvBvsLK.exe
  C:\Windows\System\CvBvsLK.exe
  2⤵
  PID:9252
- C:\Windows\System\NfYLuJy.exe
  C:\Windows\System\NfYLuJy.exe
  2⤵
  PID:7944
- C:\Windows\System\suHIKSa.exe
  C:\Windows\System\suHIKSa.exe
  2⤵
  PID:9264
- C:\Windows\System\nbbZmfn.exe
  C:\Windows\System\nbbZmfn.exe
  2⤵
  PID:9316
- C:\Windows\System\NJMPfFJ.exe
  C:\Windows\System\NJMPfFJ.exe
  2⤵
  PID:9376
- C:\Windows\System\RNOMWSe.exe
  C:\Windows\System\RNOMWSe.exe
  2⤵
  PID:9412
- C:\Windows\System\LKFUYEb.exe
  C:\Windows\System\LKFUYEb.exe
  2⤵
  PID:9360
- C:\Windows\System\MmmRNKd.exe
  C:\Windows\System\MmmRNKd.exe
  2⤵
  PID:9488
- C:\Windows\System\JwdEUnz.exe
  C:\Windows\System\JwdEUnz.exe
  2⤵
  PID:2920
- C:\Windows\System\dRauqQK.exe
  C:\Windows\System\dRauqQK.exe
  2⤵
  PID:9620
- C:\Windows\System\ZuezPYG.exe
  C:\Windows\System\ZuezPYG.exe
  2⤵
  PID:8680
- C:\Windows\System\InMKmNT.exe
  C:\Windows\System\InMKmNT.exe
  2⤵
  PID:584
- C:\Windows\System\zfhUFMX.exe
  C:\Windows\System\zfhUFMX.exe
  2⤵
  PID:9664
- C:\Windows\System\SfUpuna.exe
  C:\Windows\System\SfUpuna.exe
  2⤵
  PID:9680
- C:\Windows\System\OYZCSip.exe
  C:\Windows\System\OYZCSip.exe
  2⤵
  PID:9712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BUIBZdj.exe

Filesize
6.0MB

MD5
bd138cb6614eb05218d050a6ffa142f8

SHA1
c3af1b097b5b02018f82a7dc2b638caeb42bdbb8

SHA256
9dfc7fb0c6a92db7da1ed928b4007d724b19c0ea0a34efaaf1f91fd0e854e7a8

SHA512
eb4886907100b1d19787ac265f76470ba7face4acbb76538f699b57e7e74b1d03d36ebad9feee8e2e3d006cc209807601e042c69d2d06dda4b415e8a767c3f46

Download Submit
C:\Windows\system\CPLhCSa.exe

Filesize
6.0MB

MD5
314fb1669acab72b89c6b50db53da8aa

SHA1
06bdbc9dc0adedc1efd897ef16a86089298adc6f

SHA256
1de259360e50747d052938df7977d233ee3e7c2ce8db2921fe255b52e7a4345d

SHA512
21e14871592a5d271b97b9c24cf653112cc60227d01ddd4d81f5aa1d0b87ecfd7ff78a6a7e860f01f032de5a035a481816f4cdc86e357aeb7eb933c28c1d9e6c

Download Submit
C:\Windows\system\EArXMXi.exe

Filesize
3.9MB

MD5
629df215063d6638df324750ade25e6e

SHA1
a7bcd7ed33f338d054cd7cd95f144a2e95e6c24a

SHA256
96ebfb66a131d9db7573a5d9a7c74310279adbb3053826a39dca0ccc6072fe78

SHA512
45926a4476ae94a3fc2c220fd0b2c063bb1e4a08645b7daac21ad79ab091f6551fd8fa80833521d5f67e899bbbe3d9c7f27813bcef4c1aa5f698c6fa9f010739

Download Submit
C:\Windows\system\GEulvCo.exe

Filesize
5.4MB

MD5
785481135f7d6b8af615e700ffbdb09f

SHA1
cc62b959ed0213824d98868609b2f685f149fa5a

SHA256
01a9d60d31a303b831bb5fed48d693cdb7e24448140b4c1e0ab23ec9008d62c2

SHA512
9d1e9ab1798488afe3c65b04f9b49fdbe7230fdf7c80b34986ec0b5da7c8254795bd209cd3082ec1c483fa83660e4f01547425549582ab53514bad2efc81e265

Download Submit
C:\Windows\system\MugVkOE.exe

Filesize
5.5MB

MD5
e5eb933848596380e780e6d3d823bfeb

SHA1
ecc703962038e804373413fad5e6bf94f115d751

SHA256
5ab15b9acf39d68da0a3a78fe3f3fed5ccf6d23fecd9513c7f27537f8c028ff2

SHA512
5ee1ef0414663100cb564f3e9e23ec92f7423a32085d541a2d80d58583de469b65ae2ee9a2c3accf7b958530550cfecf4f02483ee9e4cbf59708702bb98a5e40

Download Submit
C:\Windows\system\OvCQaHC.exe

Filesize
6.0MB

MD5
784d5370ee055a42a21b3b77234215ea

SHA1
1fa5ceb73f1381bb3bc22e7b13e3f41a46f9e611

SHA256
2fdd872ccf2661bc319a6514d736805e0a523e4f1bca2d2833e9f6f22e31232f

SHA512
f2fcedbea8aaa32b8fc6a4d1ec530dde7741e5522e584546e9cc88d05751363a60ad7a5f6a740df612097af0e000fd3791892e365e629057d49d3391605be60c

Download Submit
C:\Windows\system\PuZoJMj.exe

Filesize
4.2MB

MD5
cdaf807c4c120df0e3be3910960ad189

SHA1
c3e1330c7d933a54f90894e748c33211211cc17b

SHA256
f9c54137ba4fd1233be8f87248309b02d148819e667308dc91fb35bd72d91110

SHA512
65910679f5289944fd6dde462fc1c2b831f355235ca97d9e42e430248fa72cc72b75e781627c8deb78ead5dbef72b7ba8cdc5bd73dfc0f395e6062805640f6fb

Download Submit
C:\Windows\system\Uavyzmn.exe

Filesize
6.0MB

MD5
c2574df65c3371d9e603599ffcc5a2f4

SHA1
0fc627e5112c6fa4220f4832a1826e19b114d1fe

SHA256
c7e63ab74ea6cb8efaf1710d4d593c2522038b1e2fdf8db8944a24aadda89ee5

SHA512
3088571618a92fc599653d378e1b89e0fd8a69ffaf637288afd70971f7d28aa741a76fc015b64a0e791843dd417b61646c7e5e3534c3503d2bd9c0a45399a74d

Download Submit
C:\Windows\system\VOwrfMK.exe

Filesize
3.9MB

MD5
548c83e8facc4416f9bd6e9bed03b42f

SHA1
a7b51c9b80e8a18730e7eefa2359a32299d96a59

SHA256
6a219293adf6cd5953b7c3587e756e4c8a37a80d0a885fe1715a570e9b112d39

SHA512
9b364581c78b16a42bdd1c25a3216c15b52a3a86b40a39e94c23c80b8b20e0de0492c91cfaba68315ef5f9e2986df0f57c103b3395635b18a9c8b452ff5b71bc

Download Submit
C:\Windows\system\VbSXVro.exe

Filesize
6.0MB

MD5
8916c95a1bdbd5959a63f4b02f29b50f

SHA1
2cdaf27456446cc3c1109f0ca84e2845d9fcb8ae

SHA256
11fc9c174b190662815a9df03cb15e870498124fa3fa620e809d97a841b745b3

SHA512
a7a2a297a0580886a20ea56d983c376ad4e4b1332ccddd2ec114c94a6acc5ccdd212d211fb81dfd4eb290c7702aaa7d064a12e8af797b075bebb855aebf6f1bb

Download Submit
C:\Windows\system\VnroRhf.exe

Filesize
6.0MB

MD5
6f4b702cc0da2792c6aa672fdfd0bfaf

SHA1
066ede2eddffd66e10bcbc6e1ae958013494448d

SHA256
a32ab67e15b79a286632a7f5672de5fba742534ceb1874e9a4f84cb2e1dc31cb

SHA512
303764acb22b73e5c9d075d231252f16ff819dbd47c8daba359e7e2391960681cce176aad6930e10732426330857db6a7eb39022b857ce39043c4f1376eae109

Download Submit
C:\Windows\system\XBLrSyb.exe

Filesize
6.0MB

MD5
8c6b7d068310c8de40c29e550ab0220e

SHA1
cd328941ff7724b675f08c6fe19e9949f7946600

SHA256
eb1f17308d933fb2af856d0dd53378013bd2f912e41ddd41d9a254ac7b371e1c

SHA512
1281157483210bd0d6145413c239fa34cca08f35a54ff60dcc3e9a55a3024f6c00489b368876c1a18c0d3f82999204955215795a61680626200c259becec5d60

Download Submit
C:\Windows\system\gOKsaSv.exe

Filesize
6.0MB

MD5
001624dab74bb06e1d7c37969e248810

SHA1
87efc75c94e5f4f1489c436ca4cde0c7a12c1029

SHA256
2330159bb44d3306e39697b0f9d72d091cf62c0963311b28738fedc4aac40756

SHA512
1af21c3eade700bb04778c339b7c11037e797975a6abc3f26cc5d199fa8e788ee19692f6cd9032e3bf2272465a466bb9bfebc5be955e1ac7a1a9d14bac1cbda1

Download Submit
C:\Windows\system\hFHPfbC.exe

Filesize
4.6MB

MD5
63d72d734c24bbbab850eea0229cb651

SHA1
c64c0f0cfe8c037e8eeff12c4f003e057a37bb9b

SHA256
648cb45c2bc6054eb3d1b8f9b48266e06a2d269d3c5371204b5e8824a4a7e62c

SHA512
1ab1b591ab899b922957334bcc60f348d3ff93b68c426bd8e7fba1695787594692d8935ad96514d18a4eccc0058b8ce830065d59b7b179be0de7a82cf4314938

Download Submit
C:\Windows\system\jUPfhwF.exe

Filesize
6.0MB

MD5
e57afee479f004a585848cb4492f4807

SHA1
8df961dc12fdfabb42a105ea2d4b24fe77ade28e

SHA256
37fdad56d3f0deb477e015462309a1a386166aaf6a709acfaac69113d486d7bc

SHA512
0d4bac9ef1026a7373124c9a4489f850cffb09f02fd56edbca396eae430ca0136437888d537040992cf9310aefc7a3bb809b3c8bf35d13956376f08d81c33199

Download Submit
C:\Windows\system\lIODsQl.exe

Filesize
6.0MB

MD5
7d10af66e42dfee2f18bb3ee82df62e3

SHA1
936b9c07425986c4f7c50738f620c65e39be5e2b

SHA256
bbe46826a101c4618aa5d6e672dec4f5e21b5eed6324983245f1560b0fd6086b

SHA512
0605ee8549aaff3c82c4b91e9ea492dfbb33699b69bce2cb725d626c4574255c02a0480f7873b6eb279c68888b0d4ed76076269c8ee8cef96d561593c119887d

Download Submit
C:\Windows\system\mAUDIgw.exe

Filesize
5.0MB

MD5
5ef0c979daabc048f9b466f49872f441

SHA1
d6864d968220f4c060160e8333c128669cff9f2d

SHA256
478c37a40ba8168252c9f659f151e72bfe4405f81ac9c95baebb0f373a860a32

SHA512
7074cc5e70bd156e4957cd2a17d940dacdda61b08c83dabe6626f012db0de3357c714b10fc1922c725c809859514e819dedcc9dbfc347adb0ec6155ffed290c6

Download Submit
C:\Windows\system\okqpRTx.exe

Filesize
5.4MB

MD5
66b3cf4550d85f52c68106ded2c34135

SHA1
bba585e986f151519e4c45d0afbd1f440faec759

SHA256
483a453c5a4b3c485c42cc27cf3bdda2d42b8f960869d527bf8b6b76c03c91a9

SHA512
92364e26489d388f300fe3fa6f76abc9c1e3382dba16b5af9eae97bedb271f35a0c569f432f03c22085a6d0f8befb1dfd69b82351edb3f48c413078b7083369f

Download Submit
C:\Windows\system\pWAidpw.exe

Filesize
3.8MB

MD5
d4a1769d462d71d8f96ec7dbf6bd123a

SHA1
d0d9c6a4a2f56b7186cde7e50238960bc39ad850

SHA256
4a62caa077a0ae0db5d761c1dd16df8a2f52791addae02a40562f208307ba917

SHA512
fe40de83a3b7c2ae8161d1dd96c3a6d0544785da3a2d89eef62ee7ce36e93105d0675ba3b5390097fa4d1639ddfed6dd094b637fce7d71798ddd6d9b4ca2f69b

Download Submit
C:\Windows\system\pbmahUP.exe

Filesize
6.0MB

MD5
baf51c03b06d9f29e7beedd9c4092977

SHA1
3e4a32444d88dd07c47cd09c142964200b7bd92c

SHA256
37cb6bffb05fb26ef2496ca3abd7a19f038fc471bc1d40d72168ca7f70c683a1

SHA512
39a1d2669d0f4ff135d7cdbd7ad564083c0fe4573b7c3067defe95e814285a4985394d6903f7d606d3f260c204d97eaeb994af2c6d6a23c4f75c2cfa26be244c

Download Submit
C:\Windows\system\uhdhOso.exe

Filesize
6.0MB

MD5
5da8fe8361a6b84f50f9165d63abf8e9

SHA1
e7a0ca51c2ae92aaa01aa32101fe742d3558501d

SHA256
fae762f87b7d1cb4a9b5f243deb8f42ba008974794fb9adfb117c9131260af3a

SHA512
27c314dce6ae9235fb8f0debe7e031f46a52bd16aa6e043ed786057da2bc793ef36d29e845e9ebf0d438481085837e5c8183a26530dbf0154e3c95c898300dd3

Download Submit
C:\Windows\system\xNBOPnG.exe

Filesize
6.0MB

MD5
59e3a28ff056f5b3553381d3a2c5e865

SHA1
6c044b8010f075e795c5108102e3717a53884c70

SHA256
4172254412b14ac6abac0e9ed1c72e76e2f6e42d92d2b3f0285b2af7111ae6ff

SHA512
dfd3331049ece823fa927af8303eee5e049f1ca47356b2077db726f01cc2c7d39154c8238348bd2b8fe0a8eaa29fe2c4aa9ac773ed20adf0d9c591af33c63ad7

Download Submit
C:\Windows\system\xqfBXOC.exe

Filesize
6.0MB

MD5
d4f9621f7c662eda15a152a5e253bcba

SHA1
90ad5f2493fab561365c1849e2c939a7b860d12a

SHA256
88f8c235d05eac090a3907198aa7370eb8b59fd8b0f18e1fc1786d4a4a5798fa

SHA512
03f11ab196c5be3ab7058745a7ed2758cac3b866c106862e8683f53cbd783c15fa05e65f4763713d06d053f5e2ffb5eda16d3a6523824400f33e16479122eb7a

Download Submit
\Windows\system\DszOfPW.exe

Filesize
3.7MB

MD5
3ed7d73eb502ef1a0d6c84fa4ece6b5e

SHA1
ab8109f0d41d57301f3978de0f11c24a8f6b93c1

SHA256
7eedee1be0d6eb6ed28e71f78111bc0b16a8765cb1b0bfcecfbe692772441641

SHA512
f483666e14b28b80841357ad340bf2aae1e9a1a8f5536099eb0d8a219dd7008f31409a898f419cca8ff3510219778ed5fadb381397ea2929a652753586cac800

Download Submit
\Windows\system\GEulvCo.exe

Filesize
5.6MB

MD5
eef276c2fcaaf171ddc69213c83450e4

SHA1
ad8ebfd376552c5269c1c1c6896855ea5fbcb373

SHA256
d3fad56a4ba33a0361bce1ee4b66e0a323cbb28f5ae159837b92c047b5566ce2

SHA512
437a79e3ea6522456ff5c86b5e044f9bf4561496fe5eb1ad99117e50d890f37675eab3186c5573f0823d50503be3bf84895d5cc6e59bc27db1368b1a7d0d57ca

Download Submit
\Windows\system\MQgOBfS.exe

Filesize
5.8MB

MD5
1b4778bacae562eaf5395159791b91d1

SHA1
08b0f3de3de9b7ddda3251f4c7a5ffe5b9bd6e77

SHA256
b05cb064bbf65fa5374ed677169a307e83ac3a93b74b969ae48ded4b97fc94f6

SHA512
31bbc5331d7a0f8f4c1fc1c9ad18fb872289655ac7bfa937f1113c4300485bf1e48bd9e0f79d7f126a8a513c45744eee3e6fee74215b4df79b151baeefce2eaa

Download Submit
\Windows\system\MugVkOE.exe

Filesize
6.0MB

MD5
797cb234fc4bda846cd88c140d12fb59

SHA1
b3298b438eb1c51c992e944b02018369637b9760

SHA256
e2ce5fe9485ca24bd6c8a2eceb6bddb81b6f180f317c48d4454d1b1660ed551c

SHA512
2f860b4d041f8173a616e1b56bfee21c9fd49a95e3cfdf623c71625f9464d36bb6a7fb1dd2d858366dddb812359b65845c2251fdca9e469a845418420e84c538

Download Submit
\Windows\system\VosfrpK.exe

Filesize
6.0MB

MD5
d1915f246f353ff9183a07ccce99cc7e

SHA1
43e07f0ea2615b0b447d87be86bd9605ccfd203d

SHA256
d6273feb83134b65de478ca52dcd9af9b200975913af21e220e12184a20e6231

SHA512
d2bfb5a87b3c22c152dbfe3881f0ac5dbbb36335c8cb43d88f7b203f6c212d355d2efba3e5db9f8ebf8d1607dc4a748d646eb7408690c6df99013e7c2950afeb

Download Submit
\Windows\system\cTWxxSo.exe

Filesize
4.1MB

MD5
74dc15d016c531a89ff8da78441d8e52

SHA1
3659c9a49a1d0121ba020af69d287393dc2a0c83

SHA256
ab02c3f27b6c2a3b963e12668864d766c664c7ed17097e1632470ffcf0f89432

SHA512
191ac3ff2091be082067d4f8fa5cb8e442754132e2bf07cd32725820ae5982f831f9db5d6a4759cd053f40d4c97243bea1158edac5463ac35dc97a203e4151e7

Download Submit
\Windows\system\dNRxaJv.exe

Filesize
4.0MB

MD5
026914027c49276cfab436b6737b0a4a

SHA1
0761e87fe031252c97a445bd832ab3e814358fe4

SHA256
a98653498169642dc1e94a11f64899c9c3a412a02bac4297d072b8c296015f86

SHA512
709fd492d244853f73d0ee34808a491439d893b95eea9618f712d08f9570a04d4020205bb1278a196fb9cad288d72e6e883237b74d11228e5f9cd631ad1cd137

Download Submit
\Windows\system\gaVnJCx.exe

Filesize
4.3MB

MD5
173cff192902a65988a5925de87c6787

SHA1
1612fb27d516b66477707fc30d2370cbe098ea49

SHA256
80c418142a2624866141e021d31f56c201ced99f4d5e60d4e2a827bb334bb1ff

SHA512
22cfb70800ac8daf69c05d0e3f9485fd45ebdcf0d7a57b05c45008fe77b6b83078457c5911969cb4fdd5652ef963c816e041872dd0cdf4f08d63e472e5e96528

Download Submit
\Windows\system\hFHPfbC.exe

Filesize
5.3MB

MD5
c43e33711c7fd979e5018337dc4759bf

SHA1
98f05fb56607a0d2438d5d9b94c06a1eae3e96ac

SHA256
126daf25908e88143514f383d004ce80b96a520a9b5233b68d78178b8f9a609b

SHA512
f9e132fb246a90dc4ad197509164e90710292162fcce9825f6eacf3bbb4c1b8395fb24464ad3014a07705a4627803d42659c488d866adc2bd32f342def8382ff

Download Submit
\Windows\system\jUPfhwF.exe

Filesize
4.4MB

MD5
ff05369bb59ce9a228b59ad25e01e989

SHA1
62ea16d7a9c9154331e429ba37ffcf7a49a41031

SHA256
8705353cea6e55a70397d88efedf6f652b26d372bc53780af9dcdb0a9a6221d9

SHA512
7e0cc47f0d805c7f999facda102aab96d71643d84d75aa4a5d1b85546235e4999c0605f0e74f531c77a86f2f58422fdb975ba9f5ef1e6f1632a7d85c20d44df2

Download Submit
\Windows\system\mAUDIgw.exe

Filesize
4.1MB

MD5
9786e69871f8c640dd7e80efe9b3c7c4

SHA1
02049924a5c6027839d8dfff09c4a6a3c16947b4

SHA256
6409dec05d240bc954607577e4b88a0652a52fc95e16a293e47767ba8044fc22

SHA512
8548228433ac57728ae0857caa7b9574d8689945d1322d6a4f4cd35211fd14e12cd98e3363f7a1723e5b1181870fe573645cca5092460558a3e66db3badd1d64

Download Submit
\Windows\system\pWAidpw.exe

Filesize
6.0MB

MD5
6de5fa6d53a32d5ba0af67d335cbfaca

SHA1
373527aff7c2ce4251c84ded060ecf6f3ada766f

SHA256
11301ee1fa26c09fb6eb1f7996bf9f338deab21f820ab4e2a8feaeaf117483b2

SHA512
f6b638568f767786b4325b54a487bfdb017665d8ecf1359d294944e7979b8513401037a5a8cda4e9ccde0edd41bd2e405465c5d65f43071da897d24e12be556e

Download Submit
\Windows\system\qVZmFjD.exe

Filesize
4.8MB

MD5
bb074ad53f9d91a916ef869deecf3286

SHA1
4a93d8fd7ef60cfda7537a27ccd0d72e8eee3592

SHA256
71efc492c8fe18b80f0288c375933c2f649ca1e3a07122c695d2f5d7864b4288

SHA512
3dfc9f50d74f77fe2fc8bb598d9c77cfa4f62731602507779c26aff1dd392d30316c770c28a95513216ef6a219c87f0033f496274243646045b824eb2a19d119

Download Submit
\Windows\system\uhdhOso.exe

Filesize
5.9MB

MD5
49b125f97761fd2383d8de16c75c51fd

SHA1
d87529ac519f6e7b600dadbbc09a8956219a512e

SHA256
bc06c322e94fb5965ee6523239674087f6f3be22b004a84ad0fd2644ff81c9e0

SHA512
97fb1f50b273404f0684fa863cbca122a3f7b4a1052b6090ce3ece5d3a37bc906837723a95c70ee92ea91728f7f9326332df23ee73305c27cbe5c80d6b72fa57

Download Submit
\Windows\system\umJWqxO.exe

Filesize
6.0MB

MD5
8715181e6ab94be960428a813fd8ec7f

SHA1
c6ff09ebf3213cb420bf0bd4bdc123916c75f2aa

SHA256
4e56eef72747ce979347545da275c6e71a4901b91ccfc1496f7349b6524e17f0

SHA512
29dc3372551bd108ba2db4862244d668a07a64182b960e47f7f150507ba6382eab05776cfe8c442633d8adbd138f29bac053363794fc4c65f08b886024b8271e

Download Submit
\Windows\system\vXsBXhI.exe

Filesize
6.0MB

MD5
3ab0b6f0d8c141143d5cccd9ccb7a827

SHA1
c2133c98e9aa1008fec4dc297a2fc3a7691fc14c

SHA256
ebbd5c6a4117770f58aced0e43fed239521f61f2576dc2611b7b87112b8389ef

SHA512
ea147c4a555ba443bc9809439d87f65a87d6ce74309d717c5806c0e4ff7ae344551fb28b84249c30286185affd15b18af88d5d24b3acf83d714f71374749e4dd

Download Submit
memory/1660-2003-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/1660-133-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-1781-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-20-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-1777-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-33-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-1834-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-81-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-1918-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2368-124-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2484-79-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-1809-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2488-65-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2488-1797-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-1908-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-115-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-1872-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2616-121-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2660-73-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-1833-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-1836-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2804-0-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2804-134-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2804-128-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2804-72-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-74-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-82-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2804-80-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2804-70-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2804-8-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2804-41-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2804-69-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2804-2229-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2804-76-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-78-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2804-68-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-61-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2804-77-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-66-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-75-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-2341-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-1810-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2872-71-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/3016-52-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-1782-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download