cobaltstrike | db5f4cf8bcb96363152472d7620df23774047522af243fb3036b695cac83dc85

Analysis

max time kernel
91s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23-09-2024 01:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

d7863584b9702297d9a3ecea38849fea
SHA1

5ddc11fd379043be80397ea34d7ff26adbad48e2
SHA256

db5f4cf8bcb96363152472d7620df23774047522af243fb3036b695cac83dc85
SHA512

1c422779c7732ae950618da53a5c43fbb9c4c87608b46e2ad1cf45587e46362b3e0a31d3381921c09d761eeff58d34777c216e46b6426f72cb7458ac09dd0b42
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUC:T+q56utgpPF8u/7C

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0008000000023477-5.dat	cobalt_reflective_dll
behavioral2/files/0x000800000002347a-11.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002347e-10.dat	cobalt_reflective_dll
behavioral2/files/0x000800000002347b-22.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023480-28.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023481-35.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023482-40.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023484-47.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023485-53.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023486-64.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023487-68.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023489-76.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002348b-88.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002348c-95.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002348f-108.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023490-113.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023492-129.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023498-153.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002349a-163.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002349c-173.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002349d-178.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002349b-176.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023499-166.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023497-156.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023496-151.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023495-146.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023494-138.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023493-132.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023491-125.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002348e-111.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002348d-106.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002348a-89.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023488-85.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4088-0-0x00007FF68CF40000-0x00007FF68D294000-memory.dmp	xmrig
behavioral2/files/0x0008000000023477-5.dat	xmrig
behavioral2/files/0x000800000002347a-11.dat	xmrig
behavioral2/memory/4980-14-0x00007FF68EDF0000-0x00007FF68F144000-memory.dmp	xmrig
behavioral2/files/0x000700000002347e-10.dat	xmrig
behavioral2/memory/2952-8-0x00007FF7F6650000-0x00007FF7F69A4000-memory.dmp	xmrig
behavioral2/memory/4276-18-0x00007FF7CA270000-0x00007FF7CA5C4000-memory.dmp	xmrig
behavioral2/files/0x000800000002347b-22.dat	xmrig
behavioral2/memory/3460-25-0x00007FF649520000-0x00007FF649874000-memory.dmp	xmrig
behavioral2/files/0x0007000000023480-28.dat	xmrig
behavioral2/memory/3892-32-0x00007FF76E540000-0x00007FF76E894000-memory.dmp	xmrig
behavioral2/files/0x0007000000023481-35.dat	xmrig
behavioral2/memory/3852-36-0x00007FF6E5040000-0x00007FF6E5394000-memory.dmp	xmrig
behavioral2/files/0x0007000000023482-40.dat	xmrig
behavioral2/memory/3600-44-0x00007FF697290000-0x00007FF6975E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023484-47.dat	xmrig
behavioral2/files/0x0007000000023485-53.dat	xmrig
behavioral2/files/0x0007000000023486-64.dat	xmrig
behavioral2/files/0x0007000000023487-68.dat	xmrig
behavioral2/memory/4500-71-0x00007FF708690000-0x00007FF7089E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023489-76.dat	xmrig
behavioral2/memory/4276-77-0x00007FF7CA270000-0x00007FF7CA5C4000-memory.dmp	xmrig
behavioral2/files/0x000700000002348b-88.dat	xmrig
behavioral2/files/0x000700000002348c-95.dat	xmrig
behavioral2/files/0x000700000002348f-108.dat	xmrig
behavioral2/files/0x0007000000023490-113.dat	xmrig
behavioral2/files/0x0007000000023492-129.dat	xmrig
behavioral2/files/0x0007000000023498-153.dat	xmrig
behavioral2/files/0x000700000002349a-163.dat	xmrig
behavioral2/files/0x000700000002349c-173.dat	xmrig
behavioral2/memory/4004-498-0x00007FF7BB320000-0x00007FF7BB674000-memory.dmp	xmrig
behavioral2/memory/3004-501-0x00007FF7612A0000-0x00007FF7615F4000-memory.dmp	xmrig
behavioral2/memory/432-504-0x00007FF709610000-0x00007FF709964000-memory.dmp	xmrig
behavioral2/memory/4420-510-0x00007FF6FD610000-0x00007FF6FD964000-memory.dmp	xmrig
behavioral2/memory/2500-515-0x00007FF74B650000-0x00007FF74B9A4000-memory.dmp	xmrig
behavioral2/memory/1476-518-0x00007FF631070000-0x00007FF6313C4000-memory.dmp	xmrig
behavioral2/memory/3460-522-0x00007FF649520000-0x00007FF649874000-memory.dmp	xmrig
behavioral2/memory/1264-523-0x00007FF655C10000-0x00007FF655F64000-memory.dmp	xmrig
behavioral2/memory/3264-521-0x00007FF7B1930000-0x00007FF7B1C84000-memory.dmp	xmrig
behavioral2/memory/3524-520-0x00007FF720780000-0x00007FF720AD4000-memory.dmp	xmrig
behavioral2/memory/1440-519-0x00007FF608DB0000-0x00007FF609104000-memory.dmp	xmrig
behavioral2/memory/2100-517-0x00007FF6D3420000-0x00007FF6D3774000-memory.dmp	xmrig
behavioral2/memory/3956-516-0x00007FF7BA8A0000-0x00007FF7BABF4000-memory.dmp	xmrig
behavioral2/memory/1432-513-0x00007FF62AE60000-0x00007FF62B1B4000-memory.dmp	xmrig
behavioral2/memory/2296-512-0x00007FF7F5260000-0x00007FF7F55B4000-memory.dmp	xmrig
behavioral2/memory/3816-511-0x00007FF6083D0000-0x00007FF608724000-memory.dmp	xmrig
behavioral2/memory/1948-508-0x00007FF702EB0000-0x00007FF703204000-memory.dmp	xmrig
behavioral2/memory/2512-507-0x00007FF6D0110000-0x00007FF6D0464000-memory.dmp	xmrig
behavioral2/memory/5000-503-0x00007FF77AD10000-0x00007FF77B064000-memory.dmp	xmrig
behavioral2/files/0x000700000002349d-178.dat	xmrig
behavioral2/files/0x000700000002349b-176.dat	xmrig
behavioral2/files/0x0007000000023499-166.dat	xmrig
behavioral2/files/0x0007000000023497-156.dat	xmrig
behavioral2/files/0x0007000000023496-151.dat	xmrig
behavioral2/files/0x0007000000023495-146.dat	xmrig
behavioral2/files/0x0007000000023494-138.dat	xmrig
behavioral2/files/0x0007000000023493-132.dat	xmrig
behavioral2/files/0x0007000000023491-125.dat	xmrig
behavioral2/files/0x000700000002348e-111.dat	xmrig
behavioral2/files/0x000700000002348d-106.dat	xmrig
behavioral2/files/0x000700000002348a-89.dat	xmrig
behavioral2/files/0x0007000000023488-85.dat	xmrig
behavioral2/memory/5072-63-0x00007FF7935A0000-0x00007FF7938F4000-memory.dmp	xmrig
behavioral2/memory/4980-62-0x00007FF68EDF0000-0x00007FF68F144000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2952	xNsjCIa.exe
4980	mFreEsA.exe
4276	gHMVeDi.exe
3460	CeaoZwJ.exe
3892	eUMflQY.exe
3852	FBHshXS.exe
3600	ZyBykNJ.exe
2596	uLYosop.exe
1208	NqZxiKC.exe
5072	FqIxviu.exe
4500	CXHpsgc.exe
4004	lzCBqsh.exe
3004	HpahNTq.exe
1264	sswgeXf.exe
5000	dobeaLM.exe
432	mGGJWyq.exe
2512	OXlATvj.exe
1948	NLGSmHY.exe
4420	mojfrfQ.exe
3816	rDKGVEC.exe
2296	QVfRYDZ.exe
1432	lepKZqO.exe
2500	aYCNkpT.exe
3956	FVxaTWo.exe
2100	cZMlqAo.exe
1476	zuJNSFz.exe
1440	GvzWnbw.exe
3524	lfeZRqP.exe
3264	oXCoSoZ.exe
4696	ItffSRr.exe
440	NVBgGPR.exe
1356	PpgJeGw.exe
4740	aUlMnQo.exe
2148	rLaFiOe.exe
2904	fSsYoaP.exe
2832	HuVAJMa.exe
4428	HJpiVoC.exe
1880	gGVFfOJ.exe
2556	cYVEDUT.exe
1552	ZHsDUnf.exe
1700	StwEthE.exe
388	wCjmKcQ.exe
4712	UKuyNYn.exe
4416	LJRnVtE.exe
1524	yczbpSZ.exe
220	PFrcCWZ.exe
60	hfmRWOm.exe
3120	sLFPEvb.exe
2432	wwOHvgu.exe
3092	immqjUk.exe
224	qFlVZWP.exe
4688	GjDcyCh.exe
4340	dNcPqQE.exe
4368	NJDpfCV.exe
4852	KHnPsfd.exe
8	kBuStoj.exe
3452	AfEWLcp.exe
3172	BAXVGPt.exe
3680	XHEIxXc.exe
5036	CcjZtBi.exe
4032	qXMXJNv.exe
3688	DoKEeXO.exe
4748	WzfcRYI.exe
1424	UZEOnQr.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4088-0-0x00007FF68CF40000-0x00007FF68D294000-memory.dmp	upx
behavioral2/files/0x0008000000023477-5.dat	upx
behavioral2/files/0x000800000002347a-11.dat	upx
behavioral2/memory/4980-14-0x00007FF68EDF0000-0x00007FF68F144000-memory.dmp	upx
behavioral2/files/0x000700000002347e-10.dat	upx
behavioral2/memory/2952-8-0x00007FF7F6650000-0x00007FF7F69A4000-memory.dmp	upx
behavioral2/memory/4276-18-0x00007FF7CA270000-0x00007FF7CA5C4000-memory.dmp	upx
behavioral2/files/0x000800000002347b-22.dat	upx
behavioral2/memory/3460-25-0x00007FF649520000-0x00007FF649874000-memory.dmp	upx
behavioral2/files/0x0007000000023480-28.dat	upx
behavioral2/memory/3892-32-0x00007FF76E540000-0x00007FF76E894000-memory.dmp	upx
behavioral2/files/0x0007000000023481-35.dat	upx
behavioral2/memory/3852-36-0x00007FF6E5040000-0x00007FF6E5394000-memory.dmp	upx
behavioral2/files/0x0007000000023482-40.dat	upx
behavioral2/memory/3600-44-0x00007FF697290000-0x00007FF6975E4000-memory.dmp	upx
behavioral2/files/0x0007000000023484-47.dat	upx
behavioral2/files/0x0007000000023485-53.dat	upx
behavioral2/files/0x0007000000023486-64.dat	upx
behavioral2/files/0x0007000000023487-68.dat	upx
behavioral2/memory/4500-71-0x00007FF708690000-0x00007FF7089E4000-memory.dmp	upx
behavioral2/files/0x0007000000023489-76.dat	upx
behavioral2/memory/4276-77-0x00007FF7CA270000-0x00007FF7CA5C4000-memory.dmp	upx
behavioral2/files/0x000700000002348b-88.dat	upx
behavioral2/files/0x000700000002348c-95.dat	upx
behavioral2/files/0x000700000002348f-108.dat	upx
behavioral2/files/0x0007000000023490-113.dat	upx
behavioral2/files/0x0007000000023492-129.dat	upx
behavioral2/files/0x0007000000023498-153.dat	upx
behavioral2/files/0x000700000002349a-163.dat	upx
behavioral2/files/0x000700000002349c-173.dat	upx
behavioral2/memory/4004-498-0x00007FF7BB320000-0x00007FF7BB674000-memory.dmp	upx
behavioral2/memory/3004-501-0x00007FF7612A0000-0x00007FF7615F4000-memory.dmp	upx
behavioral2/memory/432-504-0x00007FF709610000-0x00007FF709964000-memory.dmp	upx
behavioral2/memory/4420-510-0x00007FF6FD610000-0x00007FF6FD964000-memory.dmp	upx
behavioral2/memory/2500-515-0x00007FF74B650000-0x00007FF74B9A4000-memory.dmp	upx
behavioral2/memory/1476-518-0x00007FF631070000-0x00007FF6313C4000-memory.dmp	upx
behavioral2/memory/3460-522-0x00007FF649520000-0x00007FF649874000-memory.dmp	upx
behavioral2/memory/1264-523-0x00007FF655C10000-0x00007FF655F64000-memory.dmp	upx
behavioral2/memory/3264-521-0x00007FF7B1930000-0x00007FF7B1C84000-memory.dmp	upx
behavioral2/memory/3524-520-0x00007FF720780000-0x00007FF720AD4000-memory.dmp	upx
behavioral2/memory/1440-519-0x00007FF608DB0000-0x00007FF609104000-memory.dmp	upx
behavioral2/memory/2100-517-0x00007FF6D3420000-0x00007FF6D3774000-memory.dmp	upx
behavioral2/memory/3956-516-0x00007FF7BA8A0000-0x00007FF7BABF4000-memory.dmp	upx
behavioral2/memory/1432-513-0x00007FF62AE60000-0x00007FF62B1B4000-memory.dmp	upx
behavioral2/memory/2296-512-0x00007FF7F5260000-0x00007FF7F55B4000-memory.dmp	upx
behavioral2/memory/3816-511-0x00007FF6083D0000-0x00007FF608724000-memory.dmp	upx
behavioral2/memory/1948-508-0x00007FF702EB0000-0x00007FF703204000-memory.dmp	upx
behavioral2/memory/2512-507-0x00007FF6D0110000-0x00007FF6D0464000-memory.dmp	upx
behavioral2/memory/5000-503-0x00007FF77AD10000-0x00007FF77B064000-memory.dmp	upx
behavioral2/files/0x000700000002349d-178.dat	upx
behavioral2/files/0x000700000002349b-176.dat	upx
behavioral2/files/0x0007000000023499-166.dat	upx
behavioral2/files/0x0007000000023497-156.dat	upx
behavioral2/files/0x0007000000023496-151.dat	upx
behavioral2/files/0x0007000000023495-146.dat	upx
behavioral2/files/0x0007000000023494-138.dat	upx
behavioral2/files/0x0007000000023493-132.dat	upx
behavioral2/files/0x0007000000023491-125.dat	upx
behavioral2/files/0x000700000002348e-111.dat	upx
behavioral2/files/0x000700000002348d-106.dat	upx
behavioral2/files/0x000700000002348a-89.dat	upx
behavioral2/files/0x0007000000023488-85.dat	upx
behavioral2/memory/5072-63-0x00007FF7935A0000-0x00007FF7938F4000-memory.dmp	upx
behavioral2/memory/4980-62-0x00007FF68EDF0000-0x00007FF68F144000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ahhLnAN.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UxvaCTT.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SCfPSuO.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fEtTjpN.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KRdtvcV.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yRNTlLD.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AOXrokB.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dCpcKwU.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vuooPZW.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mQGSnwj.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pngWxzC.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GjDcyCh.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yhpzjAG.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MxEoyUP.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aAspVWy.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RqQlXnm.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jFTdAEu.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\myCPHtM.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\otTgOmJ.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KQOijQI.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JZVeiDr.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JZXOLaT.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QHuYQDE.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dXmpZDQ.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oKIvyZW.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aDRjYZc.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yczbpSZ.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RCttNQM.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ysDxvbd.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jPzKpqg.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MpopMjl.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jxmuSaJ.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sbHXTVj.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uLYosop.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AkdJxtE.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QbTJkAP.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZDsvron.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KmJCgyG.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LYkwLMR.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Gzyfmiu.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cokWgKU.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZPJVKml.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BUJhFeZ.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oQqgsLw.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WGrjGWK.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rLaFiOe.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FCGKtRE.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bSKifky.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OXlATvj.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qXMXJNv.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tfawVLe.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JqeyZKK.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CtaWhCC.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hHOHVIb.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pOWKEez.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZlcPXLT.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\immqjUk.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SRhQIPe.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HBkceFn.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OVyawLO.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\caWSJjh.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zadSAwR.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MjLMLuH.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iTcbDzt.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4088 wrote to memory of 2952	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4088 wrote to memory of 2952	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4088 wrote to memory of 4980	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4088 wrote to memory of 4980	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4088 wrote to memory of 4276	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4088 wrote to memory of 4276	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4088 wrote to memory of 3460	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4088 wrote to memory of 3460	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4088 wrote to memory of 3892	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4088 wrote to memory of 3892	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4088 wrote to memory of 3852	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4088 wrote to memory of 3852	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4088 wrote to memory of 3600	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4088 wrote to memory of 3600	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4088 wrote to memory of 2596	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4088 wrote to memory of 2596	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4088 wrote to memory of 1208	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4088 wrote to memory of 1208	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4088 wrote to memory of 5072	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4088 wrote to memory of 5072	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4088 wrote to memory of 4500	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4088 wrote to memory of 4500	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4088 wrote to memory of 4004	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4088 wrote to memory of 4004	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4088 wrote to memory of 3004	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4088 wrote to memory of 3004	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4088 wrote to memory of 1264	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4088 wrote to memory of 1264	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4088 wrote to memory of 5000	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4088 wrote to memory of 5000	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4088 wrote to memory of 432	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4088 wrote to memory of 432	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4088 wrote to memory of 2512	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4088 wrote to memory of 2512	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4088 wrote to memory of 1948	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4088 wrote to memory of 1948	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4088 wrote to memory of 4420	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4088 wrote to memory of 4420	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4088 wrote to memory of 3816	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4088 wrote to memory of 3816	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4088 wrote to memory of 2296	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4088 wrote to memory of 2296	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4088 wrote to memory of 1432	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4088 wrote to memory of 1432	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4088 wrote to memory of 2500	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4088 wrote to memory of 2500	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4088 wrote to memory of 3956	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4088 wrote to memory of 3956	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4088 wrote to memory of 2100	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4088 wrote to memory of 2100	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4088 wrote to memory of 1476	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4088 wrote to memory of 1476	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4088 wrote to memory of 1440	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4088 wrote to memory of 1440	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4088 wrote to memory of 3524	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4088 wrote to memory of 3524	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4088 wrote to memory of 3264	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4088 wrote to memory of 3264	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4088 wrote to memory of 4696	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4088 wrote to memory of 4696	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4088 wrote to memory of 440	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 4088 wrote to memory of 440	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 4088 wrote to memory of 1356	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 4088 wrote to memory of 1356	4088	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	116

C:\Users\Admin\AppData\Local\Temp\2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4088
- C:\Windows\System\xNsjCIa.exe
  C:\Windows\System\xNsjCIa.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\mFreEsA.exe
  C:\Windows\System\mFreEsA.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\gHMVeDi.exe
  C:\Windows\System\gHMVeDi.exe
  2⤵
  - Executes dropped EXE
  PID:4276
- C:\Windows\System\CeaoZwJ.exe
  C:\Windows\System\CeaoZwJ.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\eUMflQY.exe
  C:\Windows\System\eUMflQY.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\FBHshXS.exe
  C:\Windows\System\FBHshXS.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System\ZyBykNJ.exe
  C:\Windows\System\ZyBykNJ.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System\uLYosop.exe
  C:\Windows\System\uLYosop.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\NqZxiKC.exe
  C:\Windows\System\NqZxiKC.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\FqIxviu.exe
  C:\Windows\System\FqIxviu.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\CXHpsgc.exe
  C:\Windows\System\CXHpsgc.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\lzCBqsh.exe
  C:\Windows\System\lzCBqsh.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\HpahNTq.exe
  C:\Windows\System\HpahNTq.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\sswgeXf.exe
  C:\Windows\System\sswgeXf.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\dobeaLM.exe
  C:\Windows\System\dobeaLM.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\mGGJWyq.exe
  C:\Windows\System\mGGJWyq.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\OXlATvj.exe
  C:\Windows\System\OXlATvj.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\NLGSmHY.exe
  C:\Windows\System\NLGSmHY.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\mojfrfQ.exe
  C:\Windows\System\mojfrfQ.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\rDKGVEC.exe
  C:\Windows\System\rDKGVEC.exe
  2⤵
  - Executes dropped EXE
  PID:3816
- C:\Windows\System\QVfRYDZ.exe
  C:\Windows\System\QVfRYDZ.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\lepKZqO.exe
  C:\Windows\System\lepKZqO.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\aYCNkpT.exe
  C:\Windows\System\aYCNkpT.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\FVxaTWo.exe
  C:\Windows\System\FVxaTWo.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\cZMlqAo.exe
  C:\Windows\System\cZMlqAo.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\zuJNSFz.exe
  C:\Windows\System\zuJNSFz.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\GvzWnbw.exe
  C:\Windows\System\GvzWnbw.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\lfeZRqP.exe
  C:\Windows\System\lfeZRqP.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\oXCoSoZ.exe
  C:\Windows\System\oXCoSoZ.exe
  2⤵
  - Executes dropped EXE
  PID:3264
- C:\Windows\System\ItffSRr.exe
  C:\Windows\System\ItffSRr.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\NVBgGPR.exe
  C:\Windows\System\NVBgGPR.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\PpgJeGw.exe
  C:\Windows\System\PpgJeGw.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\aUlMnQo.exe
  C:\Windows\System\aUlMnQo.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\rLaFiOe.exe
  C:\Windows\System\rLaFiOe.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\fSsYoaP.exe
  C:\Windows\System\fSsYoaP.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\HuVAJMa.exe
  C:\Windows\System\HuVAJMa.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\HJpiVoC.exe
  C:\Windows\System\HJpiVoC.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\gGVFfOJ.exe
  C:\Windows\System\gGVFfOJ.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\cYVEDUT.exe
  C:\Windows\System\cYVEDUT.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\ZHsDUnf.exe
  C:\Windows\System\ZHsDUnf.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\StwEthE.exe
  C:\Windows\System\StwEthE.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\wCjmKcQ.exe
  C:\Windows\System\wCjmKcQ.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\UKuyNYn.exe
  C:\Windows\System\UKuyNYn.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\LJRnVtE.exe
  C:\Windows\System\LJRnVtE.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\yczbpSZ.exe
  C:\Windows\System\yczbpSZ.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\PFrcCWZ.exe
  C:\Windows\System\PFrcCWZ.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\hfmRWOm.exe
  C:\Windows\System\hfmRWOm.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\sLFPEvb.exe
  C:\Windows\System\sLFPEvb.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\wwOHvgu.exe
  C:\Windows\System\wwOHvgu.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\immqjUk.exe
  C:\Windows\System\immqjUk.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\qFlVZWP.exe
  C:\Windows\System\qFlVZWP.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\GjDcyCh.exe
  C:\Windows\System\GjDcyCh.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\dNcPqQE.exe
  C:\Windows\System\dNcPqQE.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\NJDpfCV.exe
  C:\Windows\System\NJDpfCV.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\KHnPsfd.exe
  C:\Windows\System\KHnPsfd.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\kBuStoj.exe
  C:\Windows\System\kBuStoj.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\AfEWLcp.exe
  C:\Windows\System\AfEWLcp.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\BAXVGPt.exe
  C:\Windows\System\BAXVGPt.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\XHEIxXc.exe
  C:\Windows\System\XHEIxXc.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\CcjZtBi.exe
  C:\Windows\System\CcjZtBi.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\qXMXJNv.exe
  C:\Windows\System\qXMXJNv.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\DoKEeXO.exe
  C:\Windows\System\DoKEeXO.exe
  2⤵
  - Executes dropped EXE
  PID:3688
- C:\Windows\System\WzfcRYI.exe
  C:\Windows\System\WzfcRYI.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\UZEOnQr.exe
  C:\Windows\System\UZEOnQr.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\uSDxIXh.exe
  C:\Windows\System\uSDxIXh.exe
  2⤵
  PID:1944
- C:\Windows\System\NTgQWUJ.exe
  C:\Windows\System\NTgQWUJ.exe
  2⤵
  PID:3352
- C:\Windows\System\fQXXdEQ.exe
  C:\Windows\System\fQXXdEQ.exe
  2⤵
  PID:4160
- C:\Windows\System\jytwpIa.exe
  C:\Windows\System\jytwpIa.exe
  2⤵
  PID:3368
- C:\Windows\System\otTgOmJ.exe
  C:\Windows\System\otTgOmJ.exe
  2⤵
  PID:4788
- C:\Windows\System\xNsyqEu.exe
  C:\Windows\System\xNsyqEu.exe
  2⤵
  PID:4124
- C:\Windows\System\XzUZSwZ.exe
  C:\Windows\System\XzUZSwZ.exe
  2⤵
  PID:1352
- C:\Windows\System\CTtwArT.exe
  C:\Windows\System\CTtwArT.exe
  2⤵
  PID:976
- C:\Windows\System\jQrsJwh.exe
  C:\Windows\System\jQrsJwh.exe
  2⤵
  PID:2388
- C:\Windows\System\tLdQFyA.exe
  C:\Windows\System\tLdQFyA.exe
  2⤵
  PID:1392
- C:\Windows\System\tMlWbDW.exe
  C:\Windows\System\tMlWbDW.exe
  2⤵
  PID:2312
- C:\Windows\System\CxrwjsW.exe
  C:\Windows\System\CxrwjsW.exe
  2⤵
  PID:1376
- C:\Windows\System\ZibEwfJ.exe
  C:\Windows\System\ZibEwfJ.exe
  2⤵
  PID:2260
- C:\Windows\System\knHeTpC.exe
  C:\Windows\System\knHeTpC.exe
  2⤵
  PID:3976
- C:\Windows\System\uPXpHrF.exe
  C:\Windows\System\uPXpHrF.exe
  2⤵
  PID:1416
- C:\Windows\System\IAcSSBT.exe
  C:\Windows\System\IAcSSBT.exe
  2⤵
  PID:4972
- C:\Windows\System\dLxrKjp.exe
  C:\Windows\System\dLxrKjp.exe
  2⤵
  PID:2084
- C:\Windows\System\GZDRIHj.exe
  C:\Windows\System\GZDRIHj.exe
  2⤵
  PID:4924
- C:\Windows\System\BjjBIfN.exe
  C:\Windows\System\BjjBIfN.exe
  2⤵
  PID:4784
- C:\Windows\System\BUJhFeZ.exe
  C:\Windows\System\BUJhFeZ.exe
  2⤵
  PID:5040
- C:\Windows\System\fuxGkJm.exe
  C:\Windows\System\fuxGkJm.exe
  2⤵
  PID:752
- C:\Windows\System\MNXpQIK.exe
  C:\Windows\System\MNXpQIK.exe
  2⤵
  PID:2528
- C:\Windows\System\IBsCBVr.exe
  C:\Windows\System\IBsCBVr.exe
  2⤵
  PID:4724
- C:\Windows\System\ncVbSqY.exe
  C:\Windows\System\ncVbSqY.exe
  2⤵
  PID:840
- C:\Windows\System\eWvPHTr.exe
  C:\Windows\System\eWvPHTr.exe
  2⤵
  PID:4508
- C:\Windows\System\qkavxwM.exe
  C:\Windows\System\qkavxwM.exe
  2⤵
  PID:4392
- C:\Windows\System\MptVWwJ.exe
  C:\Windows\System\MptVWwJ.exe
  2⤵
  PID:1796
- C:\Windows\System\qOBZcHU.exe
  C:\Windows\System\qOBZcHU.exe
  2⤵
  PID:2744
- C:\Windows\System\rdXIFdX.exe
  C:\Windows\System\rdXIFdX.exe
  2⤵
  PID:3612
- C:\Windows\System\ARkXJZv.exe
  C:\Windows\System\ARkXJZv.exe
  2⤵
  PID:4768
- C:\Windows\System\tfawVLe.exe
  C:\Windows\System\tfawVLe.exe
  2⤵
  PID:3540
- C:\Windows\System\drEbJFZ.exe
  C:\Windows\System\drEbJFZ.exe
  2⤵
  PID:3412
- C:\Windows\System\DigKehQ.exe
  C:\Windows\System\DigKehQ.exe
  2⤵
  PID:4432
- C:\Windows\System\oPEDBpV.exe
  C:\Windows\System\oPEDBpV.exe
  2⤵
  PID:1896
- C:\Windows\System\vlwnRva.exe
  C:\Windows\System\vlwnRva.exe
  2⤵
  PID:1448
- C:\Windows\System\TApYSKt.exe
  C:\Windows\System\TApYSKt.exe
  2⤵
  PID:5128
- C:\Windows\System\FvzShcX.exe
  C:\Windows\System\FvzShcX.exe
  2⤵
  PID:5156
- C:\Windows\System\cmOXRtC.exe
  C:\Windows\System\cmOXRtC.exe
  2⤵
  PID:5184
- C:\Windows\System\zzbZJnB.exe
  C:\Windows\System\zzbZJnB.exe
  2⤵
  PID:5212
- C:\Windows\System\CpyglBz.exe
  C:\Windows\System\CpyglBz.exe
  2⤵
  PID:5240
- C:\Windows\System\GKzJevN.exe
  C:\Windows\System\GKzJevN.exe
  2⤵
  PID:5268
- C:\Windows\System\HXPAHam.exe
  C:\Windows\System\HXPAHam.exe
  2⤵
  PID:5296
- C:\Windows\System\WHberZd.exe
  C:\Windows\System\WHberZd.exe
  2⤵
  PID:5324
- C:\Windows\System\aDRjYZc.exe
  C:\Windows\System\aDRjYZc.exe
  2⤵
  PID:5352
- C:\Windows\System\cjaKSJL.exe
  C:\Windows\System\cjaKSJL.exe
  2⤵
  PID:5380
- C:\Windows\System\dowYRlz.exe
  C:\Windows\System\dowYRlz.exe
  2⤵
  PID:5408
- C:\Windows\System\iraDLIM.exe
  C:\Windows\System\iraDLIM.exe
  2⤵
  PID:5436
- C:\Windows\System\VBKzoMM.exe
  C:\Windows\System\VBKzoMM.exe
  2⤵
  PID:5464
- C:\Windows\System\PWGGMKh.exe
  C:\Windows\System\PWGGMKh.exe
  2⤵
  PID:5488
- C:\Windows\System\sqYaeop.exe
  C:\Windows\System\sqYaeop.exe
  2⤵
  PID:5520
- C:\Windows\System\xCqDjpO.exe
  C:\Windows\System\xCqDjpO.exe
  2⤵
  PID:5548
- C:\Windows\System\DWtTryl.exe
  C:\Windows\System\DWtTryl.exe
  2⤵
  PID:5576
- C:\Windows\System\XzNTibq.exe
  C:\Windows\System\XzNTibq.exe
  2⤵
  PID:5604
- C:\Windows\System\MGVbySK.exe
  C:\Windows\System\MGVbySK.exe
  2⤵
  PID:5632
- C:\Windows\System\djyqDAN.exe
  C:\Windows\System\djyqDAN.exe
  2⤵
  PID:5660
- C:\Windows\System\GjLFSPO.exe
  C:\Windows\System\GjLFSPO.exe
  2⤵
  PID:5688
- C:\Windows\System\vcBxGMv.exe
  C:\Windows\System\vcBxGMv.exe
  2⤵
  PID:5716
- C:\Windows\System\KbfVgTi.exe
  C:\Windows\System\KbfVgTi.exe
  2⤵
  PID:5744
- C:\Windows\System\zKBKvlo.exe
  C:\Windows\System\zKBKvlo.exe
  2⤵
  PID:5772
- C:\Windows\System\sawvXWi.exe
  C:\Windows\System\sawvXWi.exe
  2⤵
  PID:5800
- C:\Windows\System\aTuoqhP.exe
  C:\Windows\System\aTuoqhP.exe
  2⤵
  PID:5828
- C:\Windows\System\aLZmUsN.exe
  C:\Windows\System\aLZmUsN.exe
  2⤵
  PID:5856
- C:\Windows\System\Gmwjwuu.exe
  C:\Windows\System\Gmwjwuu.exe
  2⤵
  PID:5884
- C:\Windows\System\aizqqtk.exe
  C:\Windows\System\aizqqtk.exe
  2⤵
  PID:5912
- C:\Windows\System\ZdOmEvO.exe
  C:\Windows\System\ZdOmEvO.exe
  2⤵
  PID:5940
- C:\Windows\System\OmHHzOK.exe
  C:\Windows\System\OmHHzOK.exe
  2⤵
  PID:5968
- C:\Windows\System\bxoffEJ.exe
  C:\Windows\System\bxoffEJ.exe
  2⤵
  PID:5996
- C:\Windows\System\yhpzjAG.exe
  C:\Windows\System\yhpzjAG.exe
  2⤵
  PID:6024
- C:\Windows\System\wkRHzYV.exe
  C:\Windows\System\wkRHzYV.exe
  2⤵
  PID:6052
- C:\Windows\System\NnJkpWZ.exe
  C:\Windows\System\NnJkpWZ.exe
  2⤵
  PID:6080
- C:\Windows\System\MxEoyUP.exe
  C:\Windows\System\MxEoyUP.exe
  2⤵
  PID:6108
- C:\Windows\System\gPrOLdy.exe
  C:\Windows\System\gPrOLdy.exe
  2⤵
  PID:6136
- C:\Windows\System\YnMnBDh.exe
  C:\Windows\System\YnMnBDh.exe
  2⤵
  PID:2096
- C:\Windows\System\aAspVWy.exe
  C:\Windows\System\aAspVWy.exe
  2⤵
  PID:1792
- C:\Windows\System\uptpAin.exe
  C:\Windows\System\uptpAin.exe
  2⤵
  PID:5196
- C:\Windows\System\CaRpYoY.exe
  C:\Windows\System\CaRpYoY.exe
  2⤵
  PID:5256
- C:\Windows\System\IwjNLOp.exe
  C:\Windows\System\IwjNLOp.exe
  2⤵
  PID:5428
- C:\Windows\System\gkFEFhj.exe
  C:\Windows\System\gkFEFhj.exe
  2⤵
  PID:5784
- C:\Windows\System\aojjlPE.exe
  C:\Windows\System\aojjlPE.exe
  2⤵
  PID:5820
- C:\Windows\System\QKgNKfr.exe
  C:\Windows\System\QKgNKfr.exe
  2⤵
  PID:5848
- C:\Windows\System\cqpWzXW.exe
  C:\Windows\System\cqpWzXW.exe
  2⤵
  PID:5896
- C:\Windows\System\gEmahuC.exe
  C:\Windows\System\gEmahuC.exe
  2⤵
  PID:5952
- C:\Windows\System\kieTItq.exe
  C:\Windows\System\kieTItq.exe
  2⤵
  PID:6012
- C:\Windows\System\RlbbykK.exe
  C:\Windows\System\RlbbykK.exe
  2⤵
  PID:6092
- C:\Windows\System\UPFZbKc.exe
  C:\Windows\System\UPFZbKc.exe
  2⤵
  PID:3176
- C:\Windows\System\znFMgRI.exe
  C:\Windows\System\znFMgRI.exe
  2⤵
  PID:5232
- C:\Windows\System\NBWzLqi.exe
  C:\Windows\System\NBWzLqi.exe
  2⤵
  PID:4108
- C:\Windows\System\alAqcko.exe
  C:\Windows\System\alAqcko.exe
  2⤵
  PID:5700
- C:\Windows\System\mvmrpXs.exe
  C:\Windows\System\mvmrpXs.exe
  2⤵
  PID:4816
- C:\Windows\System\NjSySZs.exe
  C:\Windows\System\NjSySZs.exe
  2⤵
  PID:5932
- C:\Windows\System\zjWJMUy.exe
  C:\Windows\System\zjWJMUy.exe
  2⤵
  PID:6124
- C:\Windows\System\yrpBcln.exe
  C:\Windows\System\yrpBcln.exe
  2⤵
  PID:6168
- C:\Windows\System\PLOSDYp.exe
  C:\Windows\System\PLOSDYp.exe
  2⤵
  PID:6196
- C:\Windows\System\AXIPSRY.exe
  C:\Windows\System\AXIPSRY.exe
  2⤵
  PID:6224
- C:\Windows\System\EcHPgIx.exe
  C:\Windows\System\EcHPgIx.exe
  2⤵
  PID:6252
- C:\Windows\System\VceWIvb.exe
  C:\Windows\System\VceWIvb.exe
  2⤵
  PID:6280
- C:\Windows\System\ySbfOge.exe
  C:\Windows\System\ySbfOge.exe
  2⤵
  PID:6308
- C:\Windows\System\VIFAQqE.exe
  C:\Windows\System\VIFAQqE.exe
  2⤵
  PID:6336
- C:\Windows\System\csmDVah.exe
  C:\Windows\System\csmDVah.exe
  2⤵
  PID:6364
- C:\Windows\System\DQorAYl.exe
  C:\Windows\System\DQorAYl.exe
  2⤵
  PID:6400
- C:\Windows\System\bynbViU.exe
  C:\Windows\System\bynbViU.exe
  2⤵
  PID:6432
- C:\Windows\System\EWMYJpe.exe
  C:\Windows\System\EWMYJpe.exe
  2⤵
  PID:6460
- C:\Windows\System\CNdKzvq.exe
  C:\Windows\System\CNdKzvq.exe
  2⤵
  PID:6488
- C:\Windows\System\APGSJSX.exe
  C:\Windows\System\APGSJSX.exe
  2⤵
  PID:6516
- C:\Windows\System\wVeOlmw.exe
  C:\Windows\System\wVeOlmw.exe
  2⤵
  PID:6544
- C:\Windows\System\PplEveX.exe
  C:\Windows\System\PplEveX.exe
  2⤵
  PID:6564
- C:\Windows\System\VpePYpi.exe
  C:\Windows\System\VpePYpi.exe
  2⤵
  PID:6588
- C:\Windows\System\DfQfkxO.exe
  C:\Windows\System\DfQfkxO.exe
  2⤵
  PID:6616
- C:\Windows\System\UwmIanB.exe
  C:\Windows\System\UwmIanB.exe
  2⤵
  PID:6644
- C:\Windows\System\HBkceFn.exe
  C:\Windows\System\HBkceFn.exe
  2⤵
  PID:6672
- C:\Windows\System\iOGFunF.exe
  C:\Windows\System\iOGFunF.exe
  2⤵
  PID:6700
- C:\Windows\System\DwJsEYh.exe
  C:\Windows\System\DwJsEYh.exe
  2⤵
  PID:6728
- C:\Windows\System\tKWEtEn.exe
  C:\Windows\System\tKWEtEn.exe
  2⤵
  PID:6756
- C:\Windows\System\qzEQtSC.exe
  C:\Windows\System\qzEQtSC.exe
  2⤵
  PID:6784
- C:\Windows\System\moKHNzS.exe
  C:\Windows\System\moKHNzS.exe
  2⤵
  PID:6812
- C:\Windows\System\HITVMvf.exe
  C:\Windows\System\HITVMvf.exe
  2⤵
  PID:6840
- C:\Windows\System\uosFgVs.exe
  C:\Windows\System\uosFgVs.exe
  2⤵
  PID:6868
- C:\Windows\System\CpHeXmq.exe
  C:\Windows\System\CpHeXmq.exe
  2⤵
  PID:6896
- C:\Windows\System\sKeFglm.exe
  C:\Windows\System\sKeFglm.exe
  2⤵
  PID:6924
- C:\Windows\System\iivsKpc.exe
  C:\Windows\System\iivsKpc.exe
  2⤵
  PID:6952
- C:\Windows\System\OnDgrsr.exe
  C:\Windows\System\OnDgrsr.exe
  2⤵
  PID:6980
- C:\Windows\System\UGCDSpT.exe
  C:\Windows\System\UGCDSpT.exe
  2⤵
  PID:7008
- C:\Windows\System\wlRSdrF.exe
  C:\Windows\System\wlRSdrF.exe
  2⤵
  PID:7036
- C:\Windows\System\GzOsmUY.exe
  C:\Windows\System\GzOsmUY.exe
  2⤵
  PID:7060
- C:\Windows\System\zvSTesf.exe
  C:\Windows\System\zvSTesf.exe
  2⤵
  PID:7092
- C:\Windows\System\zpjrDpZ.exe
  C:\Windows\System\zpjrDpZ.exe
  2⤵
  PID:7120
- C:\Windows\System\BpumANe.exe
  C:\Windows\System\BpumANe.exe
  2⤵
  PID:7148
- C:\Windows\System\ggYocQm.exe
  C:\Windows\System\ggYocQm.exe
  2⤵
  PID:3516
- C:\Windows\System\MTdElsh.exe
  C:\Windows\System\MTdElsh.exe
  2⤵
  PID:5452
- C:\Windows\System\cZBUkPr.exe
  C:\Windows\System\cZBUkPr.exe
  2⤵
  PID:6044
- C:\Windows\System\pfjIpjX.exe
  C:\Windows\System\pfjIpjX.exe
  2⤵
  PID:6188
- C:\Windows\System\liYGKMT.exe
  C:\Windows\System\liYGKMT.exe
  2⤵
  PID:6264
- C:\Windows\System\ebozeUe.exe
  C:\Windows\System\ebozeUe.exe
  2⤵
  PID:6324
- C:\Windows\System\AQixFIt.exe
  C:\Windows\System\AQixFIt.exe
  2⤵
  PID:6392
- C:\Windows\System\ZDsvron.exe
  C:\Windows\System\ZDsvron.exe
  2⤵
  PID:6452
- C:\Windows\System\Dswdwpk.exe
  C:\Windows\System\Dswdwpk.exe
  2⤵
  PID:6528
- C:\Windows\System\oWphyKD.exe
  C:\Windows\System\oWphyKD.exe
  2⤵
  PID:6580
- C:\Windows\System\NKVAVUX.exe
  C:\Windows\System\NKVAVUX.exe
  2⤵
  PID:6636
- C:\Windows\System\Hnwphrd.exe
  C:\Windows\System\Hnwphrd.exe
  2⤵
  PID:6692
- C:\Windows\System\xZGfDRB.exe
  C:\Windows\System\xZGfDRB.exe
  2⤵
  PID:720
- C:\Windows\System\smcngYF.exe
  C:\Windows\System\smcngYF.exe
  2⤵
  PID:6800
- C:\Windows\System\LxEJYlq.exe
  C:\Windows\System\LxEJYlq.exe
  2⤵
  PID:6856
- C:\Windows\System\mcjJUIG.exe
  C:\Windows\System\mcjJUIG.exe
  2⤵
  PID:6916
- C:\Windows\System\RCttNQM.exe
  C:\Windows\System\RCttNQM.exe
  2⤵
  PID:6992
- C:\Windows\System\lXdghrE.exe
  C:\Windows\System\lXdghrE.exe
  2⤵
  PID:7052
- C:\Windows\System\HkfUdjV.exe
  C:\Windows\System\HkfUdjV.exe
  2⤵
  PID:7112
- C:\Windows\System\JWWQHKY.exe
  C:\Windows\System\JWWQHKY.exe
  2⤵
  PID:7164
- C:\Windows\System\UoSApLp.exe
  C:\Windows\System\UoSApLp.exe
  2⤵
  PID:5928
- C:\Windows\System\JqeyZKK.exe
  C:\Windows\System\JqeyZKK.exe
  2⤵
  PID:6236
- C:\Windows\System\xLMypkw.exe
  C:\Windows\System\xLMypkw.exe
  2⤵
  PID:6352
- C:\Windows\System\tLoAeXm.exe
  C:\Windows\System\tLoAeXm.exe
  2⤵
  PID:428
- C:\Windows\System\KusfKpx.exe
  C:\Windows\System\KusfKpx.exe
  2⤵
  PID:6556
- C:\Windows\System\aWWgEjD.exe
  C:\Windows\System\aWWgEjD.exe
  2⤵
  PID:6664
- C:\Windows\System\GqjLDkV.exe
  C:\Windows\System\GqjLDkV.exe
  2⤵
  PID:4164
- C:\Windows\System\yuUoeKO.exe
  C:\Windows\System\yuUoeKO.exe
  2⤵
  PID:6888
- C:\Windows\System\JXIMhDg.exe
  C:\Windows\System\JXIMhDg.exe
  2⤵
  PID:4556
- C:\Windows\System\dNnuden.exe
  C:\Windows\System\dNnuden.exe
  2⤵
  PID:7084
- C:\Windows\System\DEFabCY.exe
  C:\Windows\System\DEFabCY.exe
  2⤵
  PID:4312
- C:\Windows\System\rcsZoty.exe
  C:\Windows\System\rcsZoty.exe
  2⤵
  PID:1752
- C:\Windows\System\SbbeRQp.exe
  C:\Windows\System\SbbeRQp.exe
  2⤵
  PID:4752
- C:\Windows\System\gCGwzrC.exe
  C:\Windows\System\gCGwzrC.exe
  2⤵
  PID:4908
- C:\Windows\System\AWPeybf.exe
  C:\Windows\System\AWPeybf.exe
  2⤵
  PID:6968
- C:\Windows\System\ysDxvbd.exe
  C:\Windows\System\ysDxvbd.exe
  2⤵
  PID:5168
- C:\Windows\System\BbwBEPI.exe
  C:\Windows\System\BbwBEPI.exe
  2⤵
  PID:5568
- C:\Windows\System\fqOulgR.exe
  C:\Windows\System\fqOulgR.exe
  2⤵
  PID:5728
- C:\Windows\System\OctxhSY.exe
  C:\Windows\System\OctxhSY.exe
  2⤵
  PID:5792
- C:\Windows\System\QqHDSvB.exe
  C:\Windows\System\QqHDSvB.exe
  2⤵
  PID:1924
- C:\Windows\System\MufysCQ.exe
  C:\Windows\System\MufysCQ.exe
  2⤵
  PID:5564
- C:\Windows\System\KmJCgyG.exe
  C:\Windows\System\KmJCgyG.exe
  2⤵
  PID:2540
- C:\Windows\System\YclJjaB.exe
  C:\Windows\System\YclJjaB.exe
  2⤵
  PID:5424
- C:\Windows\System\xAfCkHU.exe
  C:\Windows\System\xAfCkHU.exe
  2⤵
  PID:7176
- C:\Windows\System\QaXqCDO.exe
  C:\Windows\System\QaXqCDO.exe
  2⤵
  PID:7192
- C:\Windows\System\IoETdwb.exe
  C:\Windows\System\IoETdwb.exe
  2⤵
  PID:7220
- C:\Windows\System\fEtTjpN.exe
  C:\Windows\System\fEtTjpN.exe
  2⤵
  PID:7248
- C:\Windows\System\hjaTlPv.exe
  C:\Windows\System\hjaTlPv.exe
  2⤵
  PID:7276
- C:\Windows\System\HXKvqmi.exe
  C:\Windows\System\HXKvqmi.exe
  2⤵
  PID:7312
- C:\Windows\System\OVyawLO.exe
  C:\Windows\System\OVyawLO.exe
  2⤵
  PID:7348
- C:\Windows\System\eNuPeDj.exe
  C:\Windows\System\eNuPeDj.exe
  2⤵
  PID:7376
- C:\Windows\System\zGLgajB.exe
  C:\Windows\System\zGLgajB.exe
  2⤵
  PID:7392
- C:\Windows\System\KQOijQI.exe
  C:\Windows\System\KQOijQI.exe
  2⤵
  PID:7444
- C:\Windows\System\mHJIaWC.exe
  C:\Windows\System\mHJIaWC.exe
  2⤵
  PID:7508
- C:\Windows\System\vOyoUDr.exe
  C:\Windows\System\vOyoUDr.exe
  2⤵
  PID:7548
- C:\Windows\System\WkeXtiW.exe
  C:\Windows\System\WkeXtiW.exe
  2⤵
  PID:7600
- C:\Windows\System\yxIWFtX.exe
  C:\Windows\System\yxIWFtX.exe
  2⤵
  PID:7632
- C:\Windows\System\DiMSdll.exe
  C:\Windows\System\DiMSdll.exe
  2⤵
  PID:7672
- C:\Windows\System\DliXaCs.exe
  C:\Windows\System\DliXaCs.exe
  2⤵
  PID:7712
- C:\Windows\System\eEbTuXK.exe
  C:\Windows\System\eEbTuXK.exe
  2⤵
  PID:7748
- C:\Windows\System\jPzKpqg.exe
  C:\Windows\System\jPzKpqg.exe
  2⤵
  PID:7780
- C:\Windows\System\dowHFeL.exe
  C:\Windows\System\dowHFeL.exe
  2⤵
  PID:7796
- C:\Windows\System\XtekjSc.exe
  C:\Windows\System\XtekjSc.exe
  2⤵
  PID:7824
- C:\Windows\System\yuzRVsg.exe
  C:\Windows\System\yuzRVsg.exe
  2⤵
  PID:7856
- C:\Windows\System\EbLklOo.exe
  C:\Windows\System\EbLklOo.exe
  2⤵
  PID:7896
- C:\Windows\System\uDcAKtW.exe
  C:\Windows\System\uDcAKtW.exe
  2⤵
  PID:7940
- C:\Windows\System\oVAHziA.exe
  C:\Windows\System\oVAHziA.exe
  2⤵
  PID:7968
- C:\Windows\System\YtEKdPA.exe
  C:\Windows\System\YtEKdPA.exe
  2⤵
  PID:8004
- C:\Windows\System\HGwJyFf.exe
  C:\Windows\System\HGwJyFf.exe
  2⤵
  PID:8036
- C:\Windows\System\AqtRtiL.exe
  C:\Windows\System\AqtRtiL.exe
  2⤵
  PID:8088
- C:\Windows\System\Sfkaerg.exe
  C:\Windows\System\Sfkaerg.exe
  2⤵
  PID:8116
- C:\Windows\System\wbQNBFN.exe
  C:\Windows\System\wbQNBFN.exe
  2⤵
  PID:8140
- C:\Windows\System\LqDOtov.exe
  C:\Windows\System\LqDOtov.exe
  2⤵
  PID:8164
- C:\Windows\System\rLHvAec.exe
  C:\Windows\System\rLHvAec.exe
  2⤵
  PID:7172
- C:\Windows\System\spUoAMh.exe
  C:\Windows\System\spUoAMh.exe
  2⤵
  PID:2180
- C:\Windows\System\OewiEKH.exe
  C:\Windows\System\OewiEKH.exe
  2⤵
  PID:7288
- C:\Windows\System\ALXAnKs.exe
  C:\Windows\System\ALXAnKs.exe
  2⤵
  PID:7364
- C:\Windows\System\pJPrhYC.exe
  C:\Windows\System\pJPrhYC.exe
  2⤵
  PID:7432
- C:\Windows\System\qEzWQWb.exe
  C:\Windows\System\qEzWQWb.exe
  2⤵
  PID:7544
- C:\Windows\System\gXsqZuF.exe
  C:\Windows\System\gXsqZuF.exe
  2⤵
  PID:7692
- C:\Windows\System\ahhLnAN.exe
  C:\Windows\System\ahhLnAN.exe
  2⤵
  PID:7740
- C:\Windows\System\arBSEVx.exe
  C:\Windows\System\arBSEVx.exe
  2⤵
  PID:7812
- C:\Windows\System\oQqgsLw.exe
  C:\Windows\System\oQqgsLw.exe
  2⤵
  PID:7848
- C:\Windows\System\bbFSNmy.exe
  C:\Windows\System\bbFSNmy.exe
  2⤵
  PID:7984
- C:\Windows\System\XNYekez.exe
  C:\Windows\System\XNYekez.exe
  2⤵
  PID:8032
- C:\Windows\System\AwjELoQ.exe
  C:\Windows\System\AwjELoQ.exe
  2⤵
  PID:8124
- C:\Windows\System\FSqATfS.exe
  C:\Windows\System\FSqATfS.exe
  2⤵
  PID:8180
- C:\Windows\System\dAuICNl.exe
  C:\Windows\System\dAuICNl.exe
  2⤵
  PID:7272
- C:\Windows\System\nIqtvIe.exe
  C:\Windows\System\nIqtvIe.exe
  2⤵
  PID:7408
- C:\Windows\System\ljNMRRE.exe
  C:\Windows\System\ljNMRRE.exe
  2⤵
  PID:7620
- C:\Windows\System\UOjKfKW.exe
  C:\Windows\System\UOjKfKW.exe
  2⤵
  PID:7920
- C:\Windows\System\vulMuDH.exe
  C:\Windows\System\vulMuDH.exe
  2⤵
  PID:8012
- C:\Windows\System\rCHMrBA.exe
  C:\Windows\System\rCHMrBA.exe
  2⤵
  PID:8160
- C:\Windows\System\XcODhDO.exe
  C:\Windows\System\XcODhDO.exe
  2⤵
  PID:7976
- C:\Windows\System\FkqRCAu.exe
  C:\Windows\System\FkqRCAu.exe
  2⤵
  PID:7996
- C:\Windows\System\sqWAeDd.exe
  C:\Windows\System\sqWAeDd.exe
  2⤵
  PID:7412
- C:\Windows\System\ciNkKDL.exe
  C:\Windows\System\ciNkKDL.exe
  2⤵
  PID:7244
- C:\Windows\System\WTRBaKM.exe
  C:\Windows\System\WTRBaKM.exe
  2⤵
  PID:8224
- C:\Windows\System\AEoVHVP.exe
  C:\Windows\System\AEoVHVP.exe
  2⤵
  PID:8252
- C:\Windows\System\lhFIKbp.exe
  C:\Windows\System\lhFIKbp.exe
  2⤵
  PID:8272
- C:\Windows\System\OckUhvt.exe
  C:\Windows\System\OckUhvt.exe
  2⤵
  PID:8300
- C:\Windows\System\MRKLzTu.exe
  C:\Windows\System\MRKLzTu.exe
  2⤵
  PID:8328
- C:\Windows\System\UxvaCTT.exe
  C:\Windows\System\UxvaCTT.exe
  2⤵
  PID:8356
- C:\Windows\System\BeFDPgP.exe
  C:\Windows\System\BeFDPgP.exe
  2⤵
  PID:8384
- C:\Windows\System\MKXYDMl.exe
  C:\Windows\System\MKXYDMl.exe
  2⤵
  PID:8416
- C:\Windows\System\mfpWdmB.exe
  C:\Windows\System\mfpWdmB.exe
  2⤵
  PID:8440
- C:\Windows\System\GDjYFPv.exe
  C:\Windows\System\GDjYFPv.exe
  2⤵
  PID:8476
- C:\Windows\System\SrCqjAS.exe
  C:\Windows\System\SrCqjAS.exe
  2⤵
  PID:8496
- C:\Windows\System\QbTJkAP.exe
  C:\Windows\System\QbTJkAP.exe
  2⤵
  PID:8536
- C:\Windows\System\uRZAQfR.exe
  C:\Windows\System\uRZAQfR.exe
  2⤵
  PID:8556
- C:\Windows\System\XieyuqZ.exe
  C:\Windows\System\XieyuqZ.exe
  2⤵
  PID:8588
- C:\Windows\System\fLzMaWA.exe
  C:\Windows\System\fLzMaWA.exe
  2⤵
  PID:8612
- C:\Windows\System\jMxgovD.exe
  C:\Windows\System\jMxgovD.exe
  2⤵
  PID:8644
- C:\Windows\System\aOywHPY.exe
  C:\Windows\System\aOywHPY.exe
  2⤵
  PID:8672
- C:\Windows\System\bQaIDiE.exe
  C:\Windows\System\bQaIDiE.exe
  2⤵
  PID:8708
- C:\Windows\System\eZvPGyZ.exe
  C:\Windows\System\eZvPGyZ.exe
  2⤵
  PID:8728
- C:\Windows\System\ULdTXNe.exe
  C:\Windows\System\ULdTXNe.exe
  2⤵
  PID:8764
- C:\Windows\System\faQmfKY.exe
  C:\Windows\System\faQmfKY.exe
  2⤵
  PID:8796
- C:\Windows\System\DPAdjMy.exe
  C:\Windows\System\DPAdjMy.exe
  2⤵
  PID:8828
- C:\Windows\System\GwTdINc.exe
  C:\Windows\System\GwTdINc.exe
  2⤵
  PID:8848
- C:\Windows\System\EJntrUe.exe
  C:\Windows\System\EJntrUe.exe
  2⤵
  PID:8876
- C:\Windows\System\YjWYcyR.exe
  C:\Windows\System\YjWYcyR.exe
  2⤵
  PID:8904
- C:\Windows\System\wGtcdJh.exe
  C:\Windows\System\wGtcdJh.exe
  2⤵
  PID:8932
- C:\Windows\System\RcvqGtT.exe
  C:\Windows\System\RcvqGtT.exe
  2⤵
  PID:8960
- C:\Windows\System\LoBqmpf.exe
  C:\Windows\System\LoBqmpf.exe
  2⤵
  PID:8988
- C:\Windows\System\MSwpTun.exe
  C:\Windows\System\MSwpTun.exe
  2⤵
  PID:9016
- C:\Windows\System\PQBZgFB.exe
  C:\Windows\System\PQBZgFB.exe
  2⤵
  PID:9044
- C:\Windows\System\zmYDPwI.exe
  C:\Windows\System\zmYDPwI.exe
  2⤵
  PID:9072
- C:\Windows\System\ICZlRua.exe
  C:\Windows\System\ICZlRua.exe
  2⤵
  PID:9148
- C:\Windows\System\XmHJtDl.exe
  C:\Windows\System\XmHJtDl.exe
  2⤵
  PID:9172
- C:\Windows\System\QSijdAW.exe
  C:\Windows\System\QSijdAW.exe
  2⤵
  PID:9196
- C:\Windows\System\rAUDpPq.exe
  C:\Windows\System\rAUDpPq.exe
  2⤵
  PID:8232
- C:\Windows\System\sAMDLPJ.exe
  C:\Windows\System\sAMDLPJ.exe
  2⤵
  PID:8284
- C:\Windows\System\nfZxXrk.exe
  C:\Windows\System\nfZxXrk.exe
  2⤵
  PID:8368
- C:\Windows\System\XFWqkqp.exe
  C:\Windows\System\XFWqkqp.exe
  2⤵
  PID:8424
- C:\Windows\System\HitXYSl.exe
  C:\Windows\System\HitXYSl.exe
  2⤵
  PID:8488
- C:\Windows\System\cgQohGu.exe
  C:\Windows\System\cgQohGu.exe
  2⤵
  PID:8568
- C:\Windows\System\RqQlXnm.exe
  C:\Windows\System\RqQlXnm.exe
  2⤵
  PID:8624
- C:\Windows\System\JZVeiDr.exe
  C:\Windows\System\JZVeiDr.exe
  2⤵
  PID:8688
- C:\Windows\System\FVylvMV.exe
  C:\Windows\System\FVylvMV.exe
  2⤵
  PID:8748
- C:\Windows\System\WQplMlt.exe
  C:\Windows\System\WQplMlt.exe
  2⤵
  PID:8840
- C:\Windows\System\btFBpXC.exe
  C:\Windows\System\btFBpXC.exe
  2⤵
  PID:8896
- C:\Windows\System\XBWnWLP.exe
  C:\Windows\System\XBWnWLP.exe
  2⤵
  PID:8928
- C:\Windows\System\WYUbCsf.exe
  C:\Windows\System\WYUbCsf.exe
  2⤵
  PID:9004
- C:\Windows\System\dWfKAKm.exe
  C:\Windows\System\dWfKAKm.exe
  2⤵
  PID:9064
- C:\Windows\System\OGBDMrD.exe
  C:\Windows\System\OGBDMrD.exe
  2⤵
  PID:9164
- C:\Windows\System\JZXOLaT.exe
  C:\Windows\System\JZXOLaT.exe
  2⤵
  PID:8204
- C:\Windows\System\mQGSnwj.exe
  C:\Windows\System\mQGSnwj.exe
  2⤵
  PID:8404
- C:\Windows\System\plbLBCC.exe
  C:\Windows\System\plbLBCC.exe
  2⤵
  PID:8516
- C:\Windows\System\vgtQDoK.exe
  C:\Windows\System\vgtQDoK.exe
  2⤵
  PID:8656
- C:\Windows\System\VINhCLH.exe
  C:\Windows\System\VINhCLH.exe
  2⤵
  PID:3096
- C:\Windows\System\Pbkbzcy.exe
  C:\Windows\System\Pbkbzcy.exe
  2⤵
  PID:8924
- C:\Windows\System\BWDxWPz.exe
  C:\Windows\System\BWDxWPz.exe
  2⤵
  PID:9132
- C:\Windows\System\TIxTjCH.exe
  C:\Windows\System\TIxTjCH.exe
  2⤵
  PID:8268
- C:\Windows\System\PfxuJfv.exe
  C:\Windows\System\PfxuJfv.exe
  2⤵
  PID:8720
- C:\Windows\System\BzguaHc.exe
  C:\Windows\System\BzguaHc.exe
  2⤵
  PID:9040
- C:\Windows\System\prnuqNp.exe
  C:\Windows\System\prnuqNp.exe
  2⤵
  PID:8608
- C:\Windows\System\LsnqZec.exe
  C:\Windows\System\LsnqZec.exe
  2⤵
  PID:3488
- C:\Windows\System\yyjAhTO.exe
  C:\Windows\System\yyjAhTO.exe
  2⤵
  PID:9232
- C:\Windows\System\UbTOxJC.exe
  C:\Windows\System\UbTOxJC.exe
  2⤵
  PID:9260
- C:\Windows\System\UFCwOdV.exe
  C:\Windows\System\UFCwOdV.exe
  2⤵
  PID:9288
- C:\Windows\System\fUlFxqQ.exe
  C:\Windows\System\fUlFxqQ.exe
  2⤵
  PID:9316
- C:\Windows\System\cXDCLbm.exe
  C:\Windows\System\cXDCLbm.exe
  2⤵
  PID:9344
- C:\Windows\System\CqVxfmp.exe
  C:\Windows\System\CqVxfmp.exe
  2⤵
  PID:9372
- C:\Windows\System\TAomWHg.exe
  C:\Windows\System\TAomWHg.exe
  2⤵
  PID:9400
- C:\Windows\System\yadFEuD.exe
  C:\Windows\System\yadFEuD.exe
  2⤵
  PID:9428
- C:\Windows\System\MklWtBF.exe
  C:\Windows\System\MklWtBF.exe
  2⤵
  PID:9456
- C:\Windows\System\lwrSEyq.exe
  C:\Windows\System\lwrSEyq.exe
  2⤵
  PID:9484
- C:\Windows\System\mLRHMBq.exe
  C:\Windows\System\mLRHMBq.exe
  2⤵
  PID:9516
- C:\Windows\System\iqllnrr.exe
  C:\Windows\System\iqllnrr.exe
  2⤵
  PID:9540
- C:\Windows\System\pzHtzEu.exe
  C:\Windows\System\pzHtzEu.exe
  2⤵
  PID:9568
- C:\Windows\System\ISwEdbg.exe
  C:\Windows\System\ISwEdbg.exe
  2⤵
  PID:9596
- C:\Windows\System\QHuYQDE.exe
  C:\Windows\System\QHuYQDE.exe
  2⤵
  PID:9624
- C:\Windows\System\FfQyddo.exe
  C:\Windows\System\FfQyddo.exe
  2⤵
  PID:9660
- C:\Windows\System\mbHZuEk.exe
  C:\Windows\System\mbHZuEk.exe
  2⤵
  PID:9680
- C:\Windows\System\kaThYzv.exe
  C:\Windows\System\kaThYzv.exe
  2⤵
  PID:9712
- C:\Windows\System\lUGmoKY.exe
  C:\Windows\System\lUGmoKY.exe
  2⤵
  PID:9748
- C:\Windows\System\KmCdYHL.exe
  C:\Windows\System\KmCdYHL.exe
  2⤵
  PID:9768
- C:\Windows\System\ezJyzEy.exe
  C:\Windows\System\ezJyzEy.exe
  2⤵
  PID:9796
- C:\Windows\System\NMFrlMB.exe
  C:\Windows\System\NMFrlMB.exe
  2⤵
  PID:9828
- C:\Windows\System\FxYAkAv.exe
  C:\Windows\System\FxYAkAv.exe
  2⤵
  PID:9856
- C:\Windows\System\lWZwbEi.exe
  C:\Windows\System\lWZwbEi.exe
  2⤵
  PID:9880
- C:\Windows\System\TVnjPyQ.exe
  C:\Windows\System\TVnjPyQ.exe
  2⤵
  PID:9912
- C:\Windows\System\qvbfwLb.exe
  C:\Windows\System\qvbfwLb.exe
  2⤵
  PID:9952
- C:\Windows\System\bGheEdN.exe
  C:\Windows\System\bGheEdN.exe
  2⤵
  PID:9984
- C:\Windows\System\HybSAcb.exe
  C:\Windows\System\HybSAcb.exe
  2⤵
  PID:10012
- C:\Windows\System\BCazEcC.exe
  C:\Windows\System\BCazEcC.exe
  2⤵
  PID:10048
- C:\Windows\System\OZFyJiE.exe
  C:\Windows\System\OZFyJiE.exe
  2⤵
  PID:10068
- C:\Windows\System\GdCTItD.exe
  C:\Windows\System\GdCTItD.exe
  2⤵
  PID:10096
- C:\Windows\System\QUKtsEY.exe
  C:\Windows\System\QUKtsEY.exe
  2⤵
  PID:10124
- C:\Windows\System\KCUaefM.exe
  C:\Windows\System\KCUaefM.exe
  2⤵
  PID:10152
- C:\Windows\System\roqUOZT.exe
  C:\Windows\System\roqUOZT.exe
  2⤵
  PID:10180
- C:\Windows\System\CGYHRWg.exe
  C:\Windows\System\CGYHRWg.exe
  2⤵
  PID:10212
- C:\Windows\System\MobdJpS.exe
  C:\Windows\System\MobdJpS.exe
  2⤵
  PID:10236
- C:\Windows\System\pXSpjxD.exe
  C:\Windows\System\pXSpjxD.exe
  2⤵
  PID:9272
- C:\Windows\System\wYNRApc.exe
  C:\Windows\System\wYNRApc.exe
  2⤵
  PID:9356
- C:\Windows\System\YCLMOaV.exe
  C:\Windows\System\YCLMOaV.exe
  2⤵
  PID:9396
- C:\Windows\System\AUHmDje.exe
  C:\Windows\System\AUHmDje.exe
  2⤵
  PID:9560
- C:\Windows\System\cJrSLrk.exe
  C:\Windows\System\cJrSLrk.exe
  2⤵
  PID:9692
- C:\Windows\System\YLlUAwY.exe
  C:\Windows\System\YLlUAwY.exe
  2⤵
  PID:9872
- C:\Windows\System\mzHYQyJ.exe
  C:\Windows\System\mzHYQyJ.exe
  2⤵
  PID:9924
- C:\Windows\System\aNCaQUz.exe
  C:\Windows\System\aNCaQUz.exe
  2⤵
  PID:9980
- C:\Windows\System\vNNxgpq.exe
  C:\Windows\System\vNNxgpq.exe
  2⤵
  PID:10024
- C:\Windows\System\CVnCVFf.exe
  C:\Windows\System\CVnCVFf.exe
  2⤵
  PID:10088
- C:\Windows\System\OrvJTXM.exe
  C:\Windows\System\OrvJTXM.exe
  2⤵
  PID:10144
- C:\Windows\System\zxxQMIX.exe
  C:\Windows\System\zxxQMIX.exe
  2⤵
  PID:10228
- C:\Windows\System\LNhTkZM.exe
  C:\Windows\System\LNhTkZM.exe
  2⤵
  PID:9300
- C:\Windows\System\bAhERTz.exe
  C:\Windows\System\bAhERTz.exe
  2⤵
  PID:9536
- C:\Windows\System\yHPXwrT.exe
  C:\Windows\System\yHPXwrT.exe
  2⤵
  PID:9904
- C:\Windows\System\FfaYWpY.exe
  C:\Windows\System\FfaYWpY.exe
  2⤵
  PID:10116
- C:\Windows\System\wCnpQEb.exe
  C:\Windows\System\wCnpQEb.exe
  2⤵
  PID:9228
- C:\Windows\System\auxrDpB.exe
  C:\Windows\System\auxrDpB.exe
  2⤵
  PID:9736
- C:\Windows\System\aQCHCPU.exe
  C:\Windows\System\aQCHCPU.exe
  2⤵
  PID:10056
- C:\Windows\System\oIFyLYI.exe
  C:\Windows\System\oIFyLYI.exe
  2⤵
  PID:10008
- C:\Windows\System\gsQWWft.exe
  C:\Windows\System\gsQWWft.exe
  2⤵
  PID:9948
- C:\Windows\System\UJbnGTd.exe
  C:\Windows\System\UJbnGTd.exe
  2⤵
  PID:10268
- C:\Windows\System\plGfFHw.exe
  C:\Windows\System\plGfFHw.exe
  2⤵
  PID:10296
- C:\Windows\System\QHRnFtU.exe
  C:\Windows\System\QHRnFtU.exe
  2⤵
  PID:10324
- C:\Windows\System\vgMcPjJ.exe
  C:\Windows\System\vgMcPjJ.exe
  2⤵
  PID:10352
- C:\Windows\System\EIxJoye.exe
  C:\Windows\System\EIxJoye.exe
  2⤵
  PID:10392
- C:\Windows\System\VTjNXBB.exe
  C:\Windows\System\VTjNXBB.exe
  2⤵
  PID:10424
- C:\Windows\System\joenAML.exe
  C:\Windows\System\joenAML.exe
  2⤵
  PID:10452
- C:\Windows\System\KDoOGKU.exe
  C:\Windows\System\KDoOGKU.exe
  2⤵
  PID:10484
- C:\Windows\System\IfxvRwi.exe
  C:\Windows\System\IfxvRwi.exe
  2⤵
  PID:10520
- C:\Windows\System\AeEudJr.exe
  C:\Windows\System\AeEudJr.exe
  2⤵
  PID:10548
- C:\Windows\System\TrcpSTi.exe
  C:\Windows\System\TrcpSTi.exe
  2⤵
  PID:10576
- C:\Windows\System\mizxyTJ.exe
  C:\Windows\System\mizxyTJ.exe
  2⤵
  PID:10604
- C:\Windows\System\LYkwLMR.exe
  C:\Windows\System\LYkwLMR.exe
  2⤵
  PID:10636
- C:\Windows\System\rGHzpIF.exe
  C:\Windows\System\rGHzpIF.exe
  2⤵
  PID:10664
- C:\Windows\System\dXmpZDQ.exe
  C:\Windows\System\dXmpZDQ.exe
  2⤵
  PID:10692
- C:\Windows\System\caWSJjh.exe
  C:\Windows\System\caWSJjh.exe
  2⤵
  PID:10720
- C:\Windows\System\MYGabgj.exe
  C:\Windows\System\MYGabgj.exe
  2⤵
  PID:10748
- C:\Windows\System\hQOodRP.exe
  C:\Windows\System\hQOodRP.exe
  2⤵
  PID:10776
- C:\Windows\System\ZbYYyRP.exe
  C:\Windows\System\ZbYYyRP.exe
  2⤵
  PID:10804
- C:\Windows\System\unOTovk.exe
  C:\Windows\System\unOTovk.exe
  2⤵
  PID:10832
- C:\Windows\System\YzPkXJP.exe
  C:\Windows\System\YzPkXJP.exe
  2⤵
  PID:10864
- C:\Windows\System\CtaWhCC.exe
  C:\Windows\System\CtaWhCC.exe
  2⤵
  PID:10888
- C:\Windows\System\pWRSGiO.exe
  C:\Windows\System\pWRSGiO.exe
  2⤵
  PID:10924
- C:\Windows\System\QDgDrWg.exe
  C:\Windows\System\QDgDrWg.exe
  2⤵
  PID:10944
- C:\Windows\System\BDYRjwk.exe
  C:\Windows\System\BDYRjwk.exe
  2⤵
  PID:10972
- C:\Windows\System\zadSAwR.exe
  C:\Windows\System\zadSAwR.exe
  2⤵
  PID:11004
- C:\Windows\System\QhzmKoh.exe
  C:\Windows\System\QhzmKoh.exe
  2⤵
  PID:11028
- C:\Windows\System\laNHmxf.exe
  C:\Windows\System\laNHmxf.exe
  2⤵
  PID:11056
- C:\Windows\System\KRdtvcV.exe
  C:\Windows\System\KRdtvcV.exe
  2⤵
  PID:11088
- C:\Windows\System\CtzdeTl.exe
  C:\Windows\System\CtzdeTl.exe
  2⤵
  PID:11116
- C:\Windows\System\lqwlrtc.exe
  C:\Windows\System\lqwlrtc.exe
  2⤵
  PID:11144
- C:\Windows\System\yTOvkVP.exe
  C:\Windows\System\yTOvkVP.exe
  2⤵
  PID:11184
- C:\Windows\System\FELwFzp.exe
  C:\Windows\System\FELwFzp.exe
  2⤵
  PID:11212
- C:\Windows\System\HPdUJdE.exe
  C:\Windows\System\HPdUJdE.exe
  2⤵
  PID:11244
- C:\Windows\System\yRNTlLD.exe
  C:\Windows\System\yRNTlLD.exe
  2⤵
  PID:10260
- C:\Windows\System\sQdQVkj.exe
  C:\Windows\System\sQdQVkj.exe
  2⤵
  PID:10320
- C:\Windows\System\kjtNDqV.exe
  C:\Windows\System\kjtNDqV.exe
  2⤵
  PID:10404
- C:\Windows\System\EYsLjBu.exe
  C:\Windows\System\EYsLjBu.exe
  2⤵
  PID:10464
- C:\Windows\System\JevroCw.exe
  C:\Windows\System\JevroCw.exe
  2⤵
  PID:10544
- C:\Windows\System\HuPOBXd.exe
  C:\Windows\System\HuPOBXd.exe
  2⤵
  PID:10600
- C:\Windows\System\zVAifOf.exe
  C:\Windows\System\zVAifOf.exe
  2⤵
  PID:10660
- C:\Windows\System\BDGoTDS.exe
  C:\Windows\System\BDGoTDS.exe
  2⤵
  PID:10732
- C:\Windows\System\bkWVywh.exe
  C:\Windows\System\bkWVywh.exe
  2⤵
  PID:10796
- C:\Windows\System\MtUZYMF.exe
  C:\Windows\System\MtUZYMF.exe
  2⤵
  PID:10852
- C:\Windows\System\aAlsZqu.exe
  C:\Windows\System\aAlsZqu.exe
  2⤵
  PID:10908
- C:\Windows\System\XxcmtJw.exe
  C:\Windows\System\XxcmtJw.exe
  2⤵
  PID:10968
- C:\Windows\System\iFbxopf.exe
  C:\Windows\System\iFbxopf.exe
  2⤵
  PID:11040
- C:\Windows\System\jJRWLXR.exe
  C:\Windows\System\jJRWLXR.exe
  2⤵
  PID:11108
- C:\Windows\System\NLRlRzs.exe
  C:\Windows\System\NLRlRzs.exe
  2⤵
  PID:11180
- C:\Windows\System\iygaCdE.exe
  C:\Windows\System\iygaCdE.exe
  2⤵
  PID:11228
- C:\Windows\System\XxkLViq.exe
  C:\Windows\System\XxkLViq.exe
  2⤵
  PID:10308
- C:\Windows\System\ihGKMhw.exe
  C:\Windows\System\ihGKMhw.exe
  2⤵
  PID:10448
- C:\Windows\System\ceNheNy.exe
  C:\Windows\System\ceNheNy.exe
  2⤵
  PID:10628
- C:\Windows\System\StxdyTB.exe
  C:\Windows\System\StxdyTB.exe
  2⤵
  PID:10772
- C:\Windows\System\TijtCcT.exe
  C:\Windows\System\TijtCcT.exe
  2⤵
  PID:10900
- C:\Windows\System\zcsDUkw.exe
  C:\Windows\System\zcsDUkw.exe
  2⤵
  PID:11084
- C:\Windows\System\vDFUsbt.exe
  C:\Windows\System\vDFUsbt.exe
  2⤵
  PID:11252
- C:\Windows\System\vxWikCV.exe
  C:\Windows\System\vxWikCV.exe
  2⤵
  PID:10588
- C:\Windows\System\LDqpcwn.exe
  C:\Windows\System\LDqpcwn.exe
  2⤵
  PID:11020
- C:\Windows\System\EUUywXD.exe
  C:\Windows\System\EUUywXD.exe
  2⤵
  PID:10444
- C:\Windows\System\wYKiLYz.exe
  C:\Windows\System\wYKiLYz.exe
  2⤵
  PID:7308
- C:\Windows\System\mihAhIQ.exe
  C:\Windows\System\mihAhIQ.exe
  2⤵
  PID:3620
- C:\Windows\System\SNfVmWL.exe
  C:\Windows\System\SNfVmWL.exe
  2⤵
  PID:10884
- C:\Windows\System\HPrTAou.exe
  C:\Windows\System\HPrTAou.exe
  2⤵
  PID:3820
- C:\Windows\System\RGReVPG.exe
  C:\Windows\System\RGReVPG.exe
  2⤵
  PID:2976
- C:\Windows\System\OUqerrd.exe
  C:\Windows\System\OUqerrd.exe
  2⤵
  PID:11272
- C:\Windows\System\FshpZoE.exe
  C:\Windows\System\FshpZoE.exe
  2⤵
  PID:11300
- C:\Windows\System\EuyXplO.exe
  C:\Windows\System\EuyXplO.exe
  2⤵
  PID:11328
- C:\Windows\System\xWkGSTP.exe
  C:\Windows\System\xWkGSTP.exe
  2⤵
  PID:11356
- C:\Windows\System\NZnjdtP.exe
  C:\Windows\System\NZnjdtP.exe
  2⤵
  PID:11384
- C:\Windows\System\ZlMdKZB.exe
  C:\Windows\System\ZlMdKZB.exe
  2⤵
  PID:11412
- C:\Windows\System\NCdUsac.exe
  C:\Windows\System\NCdUsac.exe
  2⤵
  PID:11440
- C:\Windows\System\XlnMFYn.exe
  C:\Windows\System\XlnMFYn.exe
  2⤵
  PID:11468
- C:\Windows\System\azRhPcG.exe
  C:\Windows\System\azRhPcG.exe
  2⤵
  PID:11496
- C:\Windows\System\pgMNrsH.exe
  C:\Windows\System\pgMNrsH.exe
  2⤵
  PID:11524
- C:\Windows\System\afnRcZB.exe
  C:\Windows\System\afnRcZB.exe
  2⤵
  PID:11552
- C:\Windows\System\GvNIbwR.exe
  C:\Windows\System\GvNIbwR.exe
  2⤵
  PID:11580
- C:\Windows\System\RXEEZdh.exe
  C:\Windows\System\RXEEZdh.exe
  2⤵
  PID:11608
- C:\Windows\System\dlNrUfq.exe
  C:\Windows\System\dlNrUfq.exe
  2⤵
  PID:11636
- C:\Windows\System\DOUWtic.exe
  C:\Windows\System\DOUWtic.exe
  2⤵
  PID:11664
- C:\Windows\System\fQMAjLL.exe
  C:\Windows\System\fQMAjLL.exe
  2⤵
  PID:11692
- C:\Windows\System\pWgXZPA.exe
  C:\Windows\System\pWgXZPA.exe
  2⤵
  PID:11720
- C:\Windows\System\PDUnOXN.exe
  C:\Windows\System\PDUnOXN.exe
  2⤵
  PID:11748
- C:\Windows\System\bIanIlm.exe
  C:\Windows\System\bIanIlm.exe
  2⤵
  PID:11776
- C:\Windows\System\kQVpDqJ.exe
  C:\Windows\System\kQVpDqJ.exe
  2⤵
  PID:11804
- C:\Windows\System\PzWgXGu.exe
  C:\Windows\System\PzWgXGu.exe
  2⤵
  PID:11832
- C:\Windows\System\utgUaFB.exe
  C:\Windows\System\utgUaFB.exe
  2⤵
  PID:11876
- C:\Windows\System\dlxVJRH.exe
  C:\Windows\System\dlxVJRH.exe
  2⤵
  PID:11892
- C:\Windows\System\YjtFQeb.exe
  C:\Windows\System\YjtFQeb.exe
  2⤵
  PID:11920
- C:\Windows\System\TIaIzFy.exe
  C:\Windows\System\TIaIzFy.exe
  2⤵
  PID:11948
- C:\Windows\System\uqMeFyJ.exe
  C:\Windows\System\uqMeFyJ.exe
  2⤵
  PID:11988
- C:\Windows\System\hfgMgkZ.exe
  C:\Windows\System\hfgMgkZ.exe
  2⤵
  PID:12020
- C:\Windows\System\MpopMjl.exe
  C:\Windows\System\MpopMjl.exe
  2⤵
  PID:12044
- C:\Windows\System\djCVGam.exe
  C:\Windows\System\djCVGam.exe
  2⤵
  PID:12076
- C:\Windows\System\hHOHVIb.exe
  C:\Windows\System\hHOHVIb.exe
  2⤵
  PID:12112
- C:\Windows\System\XXZIyMp.exe
  C:\Windows\System\XXZIyMp.exe
  2⤵
  PID:12136
- C:\Windows\System\oAsVnjl.exe
  C:\Windows\System\oAsVnjl.exe
  2⤵
  PID:12156
- C:\Windows\System\sxGYgkL.exe
  C:\Windows\System\sxGYgkL.exe
  2⤵
  PID:12172
- C:\Windows\System\YqDjYqK.exe
  C:\Windows\System\YqDjYqK.exe
  2⤵
  PID:12224
- C:\Windows\System\ESqGKsh.exe
  C:\Windows\System\ESqGKsh.exe
  2⤵
  PID:12244
- C:\Windows\System\PJfoJcf.exe
  C:\Windows\System\PJfoJcf.exe
  2⤵
  PID:11312
- C:\Windows\System\JiOnLWf.exe
  C:\Windows\System\JiOnLWf.exe
  2⤵
  PID:11376
- C:\Windows\System\sqdGoix.exe
  C:\Windows\System\sqdGoix.exe
  2⤵
  PID:11436
- C:\Windows\System\oYmxODE.exe
  C:\Windows\System\oYmxODE.exe
  2⤵
  PID:11520
- C:\Windows\System\FoWHgIS.exe
  C:\Windows\System\FoWHgIS.exe
  2⤵
  PID:11600
- C:\Windows\System\ZUaiNkV.exe
  C:\Windows\System\ZUaiNkV.exe
  2⤵
  PID:11660
- C:\Windows\System\KjmYVgP.exe
  C:\Windows\System\KjmYVgP.exe
  2⤵
  PID:11716
- C:\Windows\System\zPwSESy.exe
  C:\Windows\System\zPwSESy.exe
  2⤵
  PID:11796
- C:\Windows\System\SNLVWJA.exe
  C:\Windows\System\SNLVWJA.exe
  2⤵
  PID:11868
- C:\Windows\System\VMsXaFs.exe
  C:\Windows\System\VMsXaFs.exe
  2⤵
  PID:11936
- C:\Windows\System\kvtdHWA.exe
  C:\Windows\System\kvtdHWA.exe
  2⤵
  PID:12008
- C:\Windows\System\dOLJwdx.exe
  C:\Windows\System\dOLJwdx.exe
  2⤵
  PID:12068
- C:\Windows\System\pOWKEez.exe
  C:\Windows\System\pOWKEez.exe
  2⤵
  PID:12144
- C:\Windows\System\qCECMiz.exe
  C:\Windows\System\qCECMiz.exe
  2⤵
  PID:12204
- C:\Windows\System\bdawoQT.exe
  C:\Windows\System\bdawoQT.exe
  2⤵
  PID:12240
- C:\Windows\System\eveVrUn.exe
  C:\Windows\System\eveVrUn.exe
  2⤵
  PID:2140
- C:\Windows\System\vnqVqTg.exe
  C:\Windows\System\vnqVqTg.exe
  2⤵
  PID:11424
- C:\Windows\System\VOidOzM.exe
  C:\Windows\System\VOidOzM.exe
  2⤵
  PID:11628
- C:\Windows\System\ZnPPUWI.exe
  C:\Windows\System\ZnPPUWI.exe
  2⤵
  PID:11772
- C:\Windows\System\mlbfsXi.exe
  C:\Windows\System\mlbfsXi.exe
  2⤵
  PID:2128
- C:\Windows\System\CkCEhXN.exe
  C:\Windows\System\CkCEhXN.exe
  2⤵
  PID:11960
- C:\Windows\System\dTSSuMK.exe
  C:\Windows\System\dTSSuMK.exe
  2⤵
  PID:12120
- C:\Windows\System\VmnZwAw.exe
  C:\Windows\System\VmnZwAw.exe
  2⤵
  PID:9816
- C:\Windows\System\pfMxUKS.exe
  C:\Windows\System\pfMxUKS.exe
  2⤵
  PID:11576
- C:\Windows\System\Gzyfmiu.exe
  C:\Windows\System\Gzyfmiu.exe
  2⤵
  PID:1676
- C:\Windows\System\FiVohyt.exe
  C:\Windows\System\FiVohyt.exe
  2⤵
  PID:12184
- C:\Windows\System\RyAeojR.exe
  C:\Windows\System\RyAeojR.exe
  2⤵
  PID:11852
- C:\Windows\System\gUazrhV.exe
  C:\Windows\System\gUazrhV.exe
  2⤵
  PID:11712
- C:\Windows\System\JxwQKTR.exe
  C:\Windows\System\JxwQKTR.exe
  2⤵
  PID:12304
- C:\Windows\System\DVlPQxu.exe
  C:\Windows\System\DVlPQxu.exe
  2⤵
  PID:12336
- C:\Windows\System\UUtcqrB.exe
  C:\Windows\System\UUtcqrB.exe
  2⤵
  PID:12364
- C:\Windows\System\bwzNtBA.exe
  C:\Windows\System\bwzNtBA.exe
  2⤵
  PID:12392
- C:\Windows\System\OgaQbeE.exe
  C:\Windows\System\OgaQbeE.exe
  2⤵
  PID:12420
- C:\Windows\System\MjLMLuH.exe
  C:\Windows\System\MjLMLuH.exe
  2⤵
  PID:12448
- C:\Windows\System\YvnprAg.exe
  C:\Windows\System\YvnprAg.exe
  2⤵
  PID:12476
- C:\Windows\System\gUnqbuO.exe
  C:\Windows\System\gUnqbuO.exe
  2⤵
  PID:12504
- C:\Windows\System\VaxFsIb.exe
  C:\Windows\System\VaxFsIb.exe
  2⤵
  PID:12532
- C:\Windows\System\cokWgKU.exe
  C:\Windows\System\cokWgKU.exe
  2⤵
  PID:12560
- C:\Windows\System\slEkGep.exe
  C:\Windows\System\slEkGep.exe
  2⤵
  PID:12588
- C:\Windows\System\ivMLiXN.exe
  C:\Windows\System\ivMLiXN.exe
  2⤵
  PID:12616
- C:\Windows\System\ymkitvJ.exe
  C:\Windows\System\ymkitvJ.exe
  2⤵
  PID:12652
- C:\Windows\System\HPkVqzW.exe
  C:\Windows\System\HPkVqzW.exe
  2⤵
  PID:12672
- C:\Windows\System\HEiCzBD.exe
  C:\Windows\System\HEiCzBD.exe
  2⤵
  PID:12704
- C:\Windows\System\dNihzmk.exe
  C:\Windows\System\dNihzmk.exe
  2⤵
  PID:12728
- C:\Windows\System\keXfMHo.exe
  C:\Windows\System\keXfMHo.exe
  2⤵
  PID:12756
- C:\Windows\System\ikEjcAh.exe
  C:\Windows\System\ikEjcAh.exe
  2⤵
  PID:12784
- C:\Windows\System\BqkCPCR.exe
  C:\Windows\System\BqkCPCR.exe
  2⤵
  PID:12812
- C:\Windows\System\uaZkDFt.exe
  C:\Windows\System\uaZkDFt.exe
  2⤵
  PID:12840
- C:\Windows\System\OVZwPmX.exe
  C:\Windows\System\OVZwPmX.exe
  2⤵
  PID:12868
- C:\Windows\System\IWGFCCo.exe
  C:\Windows\System\IWGFCCo.exe
  2⤵
  PID:12896
- C:\Windows\System\UVhTIbA.exe
  C:\Windows\System\UVhTIbA.exe
  2⤵
  PID:12928
- C:\Windows\System\FCGKtRE.exe
  C:\Windows\System\FCGKtRE.exe
  2⤵
  PID:12956
- C:\Windows\System\neWlJYM.exe
  C:\Windows\System\neWlJYM.exe
  2⤵
  PID:12984
- C:\Windows\System\QraHJwA.exe
  C:\Windows\System\QraHJwA.exe
  2⤵
  PID:13012
- C:\Windows\System\neUCJYn.exe
  C:\Windows\System\neUCJYn.exe
  2⤵
  PID:13040
- C:\Windows\System\HIccZaj.exe
  C:\Windows\System\HIccZaj.exe
  2⤵
  PID:13072
- C:\Windows\System\PvMCoch.exe
  C:\Windows\System\PvMCoch.exe
  2⤵
  PID:13100
- C:\Windows\System\wNRQyud.exe
  C:\Windows\System\wNRQyud.exe
  2⤵
  PID:13128
- C:\Windows\System\jxmuSaJ.exe
  C:\Windows\System\jxmuSaJ.exe
  2⤵
  PID:13156
- C:\Windows\System\ouUoJgB.exe
  C:\Windows\System\ouUoJgB.exe
  2⤵
  PID:13184
- C:\Windows\System\BGZVeko.exe
  C:\Windows\System\BGZVeko.exe
  2⤵
  PID:13212
- C:\Windows\System\jbqmnKq.exe
  C:\Windows\System\jbqmnKq.exe
  2⤵
  PID:13240
- C:\Windows\System\JNJIPKa.exe
  C:\Windows\System\JNJIPKa.exe
  2⤵
  PID:13268
- C:\Windows\System\FRliGWG.exe
  C:\Windows\System\FRliGWG.exe
  2⤵
  PID:13296
- C:\Windows\System\ygkiddQ.exe
  C:\Windows\System\ygkiddQ.exe
  2⤵
  PID:12332
- C:\Windows\System\pngWxzC.exe
  C:\Windows\System\pngWxzC.exe
  2⤵
  PID:12376
- C:\Windows\System\bSKifky.exe
  C:\Windows\System\bSKifky.exe
  2⤵
  PID:12440
- C:\Windows\System\kSGFUcy.exe
  C:\Windows\System\kSGFUcy.exe
  2⤵
  PID:12500
- C:\Windows\System\WPUjvvm.exe
  C:\Windows\System\WPUjvvm.exe
  2⤵
  PID:12552
- C:\Windows\System\DSUZKHr.exe
  C:\Windows\System\DSUZKHr.exe
  2⤵
  PID:12612
- C:\Windows\System\DJKnAQn.exe
  C:\Windows\System\DJKnAQn.exe
  2⤵
  PID:12684
- C:\Windows\System\smCxffE.exe
  C:\Windows\System\smCxffE.exe
  2⤵
  PID:12740
- C:\Windows\System\GbjcTwq.exe
  C:\Windows\System\GbjcTwq.exe
  2⤵
  PID:12804
- C:\Windows\System\bNoHPRy.exe
  C:\Windows\System\bNoHPRy.exe
  2⤵
  PID:3188
- C:\Windows\System\EKlXBye.exe
  C:\Windows\System\EKlXBye.exe
  2⤵
  PID:12920
- C:\Windows\System\DLiobXy.exe
  C:\Windows\System\DLiobXy.exe
  2⤵
  PID:12980
- C:\Windows\System\AvLzjeI.exe
  C:\Windows\System\AvLzjeI.exe
  2⤵
  PID:13036
- C:\Windows\System\MDFrceW.exe
  C:\Windows\System\MDFrceW.exe
  2⤵
  PID:13060
- C:\Windows\System\ZPcgwPm.exe
  C:\Windows\System\ZPcgwPm.exe
  2⤵
  PID:13168
- C:\Windows\System\TlftGaF.exe
  C:\Windows\System\TlftGaF.exe
  2⤵
  PID:13232
- C:\Windows\System\chRLlXn.exe
  C:\Windows\System\chRLlXn.exe
  2⤵
  PID:13292
- C:\Windows\System\LJpoAIS.exe
  C:\Windows\System\LJpoAIS.exe
  2⤵
  PID:12412
- C:\Windows\System\UWJrAMh.exe
  C:\Windows\System\UWJrAMh.exe
  2⤵
  PID:12528
- C:\Windows\System\wlTuWDC.exe
  C:\Windows\System\wlTuWDC.exe
  2⤵
  PID:12668
- C:\Windows\System\koDgHfj.exe
  C:\Windows\System\koDgHfj.exe
  2⤵
  PID:12836
- C:\Windows\System\BSZkMZA.exe
  C:\Windows\System\BSZkMZA.exe
  2⤵
  PID:12892
- C:\Windows\System\dHUdkFX.exe
  C:\Windows\System\dHUdkFX.exe
  2⤵
  PID:13152
- C:\Windows\System\XKtZvbu.exe
  C:\Windows\System\XKtZvbu.exe
  2⤵
  PID:12468
- C:\Windows\System\qTnZELQ.exe
  C:\Windows\System\qTnZELQ.exe
  2⤵
  PID:12724
- C:\Windows\System\fVgzKQF.exe
  C:\Windows\System\fVgzKQF.exe
  2⤵
  PID:13148
- C:\Windows\System\RgLQFec.exe
  C:\Windows\System\RgLQFec.exe
  2⤵
  PID:10384
- C:\Windows\System\EAxrWgq.exe
  C:\Windows\System\EAxrWgq.exe
  2⤵
  PID:12284
- C:\Windows\System\YrLfUtW.exe
  C:\Windows\System\YrLfUtW.exe
  2⤵
  PID:11488
- C:\Windows\System\OlClRiT.exe
  C:\Windows\System\OlClRiT.exe
  2⤵
  PID:12968
- C:\Windows\System\nnxqQsJ.exe
  C:\Windows\System\nnxqQsJ.exe
  2⤵
  PID:13320
- C:\Windows\System\yrFnQhR.exe
  C:\Windows\System\yrFnQhR.exe
  2⤵
  PID:13348
- C:\Windows\System\cPxIrRy.exe
  C:\Windows\System\cPxIrRy.exe
  2⤵
  PID:13376
- C:\Windows\System\maDxPMB.exe
  C:\Windows\System\maDxPMB.exe
  2⤵
  PID:13404
- C:\Windows\System\EhZmXCX.exe
  C:\Windows\System\EhZmXCX.exe
  2⤵
  PID:13432
- C:\Windows\System\ZlcPXLT.exe
  C:\Windows\System\ZlcPXLT.exe
  2⤵
  PID:13460
- C:\Windows\System\yqfibBo.exe
  C:\Windows\System\yqfibBo.exe
  2⤵
  PID:13488
- C:\Windows\System\wiFwZqz.exe
  C:\Windows\System\wiFwZqz.exe
  2⤵
  PID:13516
- C:\Windows\System\NDIvKRa.exe
  C:\Windows\System\NDIvKRa.exe
  2⤵
  PID:13544
- C:\Windows\System\vRDzCOt.exe
  C:\Windows\System\vRDzCOt.exe
  2⤵
  PID:13572
- C:\Windows\System\TOMajgl.exe
  C:\Windows\System\TOMajgl.exe
  2⤵
  PID:13600
- C:\Windows\System\Qhohxyq.exe
  C:\Windows\System\Qhohxyq.exe
  2⤵
  PID:13628
- C:\Windows\System\pztDhyV.exe
  C:\Windows\System\pztDhyV.exe
  2⤵
  PID:13656
- C:\Windows\System\HLtISvP.exe
  C:\Windows\System\HLtISvP.exe
  2⤵
  PID:13688
- C:\Windows\System\ZiiZCbo.exe
  C:\Windows\System\ZiiZCbo.exe
  2⤵
  PID:13720
- C:\Windows\System\wjDZKju.exe
  C:\Windows\System\wjDZKju.exe
  2⤵
  PID:13744
- C:\Windows\System\lkUIhVL.exe
  C:\Windows\System\lkUIhVL.exe
  2⤵
  PID:13772
- C:\Windows\System\KEebNsL.exe
  C:\Windows\System\KEebNsL.exe
  2⤵
  PID:13800
- C:\Windows\System\lvjNaXW.exe
  C:\Windows\System\lvjNaXW.exe
  2⤵
  PID:13836
- C:\Windows\System\odaquXx.exe
  C:\Windows\System\odaquXx.exe
  2⤵
  PID:13864
- C:\Windows\System\DlIAaEL.exe
  C:\Windows\System\DlIAaEL.exe
  2⤵
  PID:13892
- C:\Windows\System\NtcHpBv.exe
  C:\Windows\System\NtcHpBv.exe
  2⤵
  PID:13920
- C:\Windows\System\lDDQLwv.exe
  C:\Windows\System\lDDQLwv.exe
  2⤵
  PID:13948
- C:\Windows\System\SCfPSuO.exe
  C:\Windows\System\SCfPSuO.exe
  2⤵
  PID:13988
- C:\Windows\System\ntRmCjk.exe
  C:\Windows\System\ntRmCjk.exe
  2⤵
  PID:14004
- C:\Windows\System\hdTRlqN.exe
  C:\Windows\System\hdTRlqN.exe
  2⤵
  PID:14032
- C:\Windows\System\jFTdAEu.exe
  C:\Windows\System\jFTdAEu.exe
  2⤵
  PID:14060
- C:\Windows\System\SRhQIPe.exe
  C:\Windows\System\SRhQIPe.exe
  2⤵
  PID:14088
- C:\Windows\System\dffcPzY.exe
  C:\Windows\System\dffcPzY.exe
  2⤵
  PID:14116
- C:\Windows\System\AzjYugn.exe
  C:\Windows\System\AzjYugn.exe
  2⤵
  PID:14144
- C:\Windows\System\VcGJnlo.exe
  C:\Windows\System\VcGJnlo.exe
  2⤵
  PID:14172
- C:\Windows\System\KDxpRat.exe
  C:\Windows\System\KDxpRat.exe
  2⤵
  PID:14200
- C:\Windows\System\ZLLAUbF.exe
  C:\Windows\System\ZLLAUbF.exe
  2⤵
  PID:14228
- C:\Windows\System\TkyMlWs.exe
  C:\Windows\System\TkyMlWs.exe
  2⤵
  PID:14256
- C:\Windows\System\cvelNxe.exe
  C:\Windows\System\cvelNxe.exe
  2⤵
  PID:14284
- C:\Windows\System\lSWNHRH.exe
  C:\Windows\System\lSWNHRH.exe
  2⤵
  PID:14312
- C:\Windows\System\EiBsklX.exe
  C:\Windows\System\EiBsklX.exe
  2⤵
  PID:13316
- C:\Windows\System\HyZMWJt.exe
  C:\Windows\System\HyZMWJt.exe
  2⤵
  PID:13368
- C:\Windows\System\PfCYvmR.exe
  C:\Windows\System\PfCYvmR.exe
  2⤵
  PID:13428
- C:\Windows\System\hNcqaIm.exe
  C:\Windows\System\hNcqaIm.exe
  2⤵
  PID:13484
- C:\Windows\System\sxKihFw.exe
  C:\Windows\System\sxKihFw.exe
  2⤵
  PID:13536
- C:\Windows\System\qWqBhGi.exe
  C:\Windows\System\qWqBhGi.exe
  2⤵
  PID:13596
- C:\Windows\System\DxRcukx.exe
  C:\Windows\System\DxRcukx.exe
  2⤵
  PID:13672
- C:\Windows\System\vdUjeOj.exe
  C:\Windows\System\vdUjeOj.exe
  2⤵
  PID:13756
- C:\Windows\System\JKzLukE.exe
  C:\Windows\System\JKzLukE.exe
  2⤵
  PID:13816
- C:\Windows\System\oKIvyZW.exe
  C:\Windows\System\oKIvyZW.exe
  2⤵
  PID:2060
- C:\Windows\System\qvYaUfK.exe
  C:\Windows\System\qvYaUfK.exe
  2⤵
  PID:13904
- C:\Windows\System\iUBpwlO.exe
  C:\Windows\System\iUBpwlO.exe
  2⤵
  PID:13968
- C:\Windows\System\HkCkUrw.exe
  C:\Windows\System\HkCkUrw.exe
  2⤵
  PID:14028
- C:\Windows\System\prjLQmQ.exe
  C:\Windows\System\prjLQmQ.exe
  2⤵
  PID:4792
- C:\Windows\System\BEmiQaF.exe
  C:\Windows\System\BEmiQaF.exe
  2⤵
  PID:14140
- C:\Windows\System\FvvbLdK.exe
  C:\Windows\System\FvvbLdK.exe
  2⤵
  PID:14192
- C:\Windows\System\MABtoci.exe
  C:\Windows\System\MABtoci.exe
  2⤵
  PID:14252
- C:\Windows\System\REWFVPI.exe
  C:\Windows\System\REWFVPI.exe
  2⤵
  PID:14324
- C:\Windows\System\pusnGJw.exe
  C:\Windows\System\pusnGJw.exe
  2⤵
  PID:13396
- C:\Windows\System\xKlIZwt.exe
  C:\Windows\System\xKlIZwt.exe
  2⤵
  PID:4064
- C:\Windows\System\ZPJVKml.exe
  C:\Windows\System\ZPJVKml.exe
  2⤵
  PID:13648
- C:\Windows\System\OyFHlbq.exe
  C:\Windows\System\OyFHlbq.exe
  2⤵
  PID:14220
- C:\Windows\System\LTHxlqi.exe
  C:\Windows\System\LTHxlqi.exe
  2⤵
  PID:5052
- C:\Windows\System\debWcXo.exe
  C:\Windows\System\debWcXo.exe
  2⤵
  PID:13624
- C:\Windows\System\furxdwa.exe
  C:\Windows\System\furxdwa.exe
  2⤵
  PID:13848
- C:\Windows\System\IfQWjWx.exe
  C:\Windows\System\IfQWjWx.exe
  2⤵
  PID:13996
- C:\Windows\System\mMtdLiB.exe
  C:\Windows\System\mMtdLiB.exe
  2⤵
  PID:14128
- C:\Windows\System\KLJBUBl.exe
  C:\Windows\System\KLJBUBl.exe
  2⤵
  PID:13480
- C:\Windows\System\EpVwrJD.exe
  C:\Windows\System\EpVwrJD.exe
  2⤵
  PID:13888
- C:\Windows\System\nzxwzir.exe
  C:\Windows\System\nzxwzir.exe
  2⤵
  PID:14280
- C:\Windows\System\wXXyCiE.exe
  C:\Windows\System\wXXyCiE.exe
  2⤵
  PID:14072
- C:\Windows\System\jFDSkvZ.exe
  C:\Windows\System\jFDSkvZ.exe
  2⤵
  PID:14352
- C:\Windows\System\lEJlSLq.exe
  C:\Windows\System\lEJlSLq.exe
  2⤵
  PID:14380
- C:\Windows\System\OsOPxxd.exe
  C:\Windows\System\OsOPxxd.exe
  2⤵
  PID:14408
- C:\Windows\System\SoZmfzY.exe
  C:\Windows\System\SoZmfzY.exe
  2⤵
  PID:14436
- C:\Windows\System\RlAIclt.exe
  C:\Windows\System\RlAIclt.exe
  2⤵
  PID:14464
- C:\Windows\System\ZVQBfIl.exe
  C:\Windows\System\ZVQBfIl.exe
  2⤵
  PID:14492
- C:\Windows\System\uboQCFZ.exe
  C:\Windows\System\uboQCFZ.exe
  2⤵
  PID:14520
- C:\Windows\System\BbAjMsG.exe
  C:\Windows\System\BbAjMsG.exe
  2⤵
  PID:14548
- C:\Windows\System\MeRFABr.exe
  C:\Windows\System\MeRFABr.exe
  2⤵
  PID:14580
- C:\Windows\System\VqHKulL.exe
  C:\Windows\System\VqHKulL.exe
  2⤵
  PID:14608
- C:\Windows\System\PTPqPEH.exe
  C:\Windows\System\PTPqPEH.exe
  2⤵
  PID:14636
- C:\Windows\System\BFRvNwS.exe
  C:\Windows\System\BFRvNwS.exe
  2⤵
  PID:14664
- C:\Windows\System\nGgsbJs.exe
  C:\Windows\System\nGgsbJs.exe
  2⤵
  PID:14692
- C:\Windows\System\AkdJxtE.exe
  C:\Windows\System\AkdJxtE.exe
  2⤵
  PID:14720
- C:\Windows\System\nDBwOVO.exe
  C:\Windows\System\nDBwOVO.exe
  2⤵
  PID:14752
- C:\Windows\System\AOXrokB.exe
  C:\Windows\System\AOXrokB.exe
  2⤵
  PID:14884
- C:\Windows\System\myCPHtM.exe
  C:\Windows\System\myCPHtM.exe
  2⤵
  PID:14912
- C:\Windows\System\ICZSkrS.exe
  C:\Windows\System\ICZSkrS.exe
  2⤵
  PID:14940
- C:\Windows\System\LXOgjSw.exe
  C:\Windows\System\LXOgjSw.exe
  2⤵
  PID:14968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CXHpsgc.exe

Filesize
6.0MB

MD5
cfc746dd4cadf9b6d5db6c73c6f0b476

SHA1
58a28ad3c13fb50b22f988430901cd0140ed5511

SHA256
7223780502b3a72b9862ef7915f7fcd3623e82c276df4a7aedb555a079f2ce0b

SHA512
d83d660e5d4134dabd942540490c9237ae0adaa8a046d5029aa7abfe1af1483a11f4ff3e5b5bcf7deb0f63861c760683626718f6b3fa3524cd265d713b654529

Download Submit
C:\Windows\System\CeaoZwJ.exe

Filesize
6.0MB

MD5
2316dca5e9cd0b36ba6aeb1508191cef

SHA1
3e2d9486ce3753fd8ababa64493406dc0a09a6b5

SHA256
03496ae76a94cc64e4102d8b8c6b2d6562246999cfc84ccb4599a47641616037

SHA512
543295fb7ec704bb0ae6c93171ca771615350a8d5ab17ca8836bf6576bfcd6751ae6e7df059751158cce04db739e47cc915dfb2c670adf76baba031782b2ad6b

Download Submit
C:\Windows\System\FBHshXS.exe

Filesize
6.0MB

MD5
7521930d13c13d995fcf5953e8ae5fc0

SHA1
775484e08853e360e22d5604a8071c626a049b18

SHA256
8238bdaf69c4caa4869ec49e31bfce9c2d8a710e0d9d806c075cba5ed2040355

SHA512
3e662e9a3712c8bfd1a41d84256a2184ccba5735268e11d4d51d4787272021e328524a8a8b2d5746137ace95411bd8ce6cc093bca9d0dc4b9419b960ee5eee1d

Download Submit
C:\Windows\System\FVxaTWo.exe

Filesize
6.0MB

MD5
32e770c65086bfd1d82aacf4a987e74a

SHA1
09bbefcd6431d804e9f1262d7d2eb79dab7d3e84

SHA256
069da6b116659694eb0c49d844567521a7a544e2e2d28e46c3df6df2cf852902

SHA512
c701bd4cadc6e96d513e92f630bf52cb9b77956f4858f36a0530c4d8669144946f8d2bddbf45fc8aa2e89e6edc40e4b517980aaea0c02a31d085845a5eb61ccd

Download Submit
C:\Windows\System\FqIxviu.exe

Filesize
6.0MB

MD5
a9adc03f14f1aa2800accf18aecbe632

SHA1
f6616358916e2c0a335cfabd2685a2a356efd9d6

SHA256
8c503ffc840a3822b017608eee8412ca290163fe4e703b2a5435af7120dbfe4e

SHA512
3bdfdbab216cf4fec16c9ba0b2af04552dc64e0498bb7f0d983ca7367e7e57b43839f3f61723755c44b55d085486f9f23f3bc53550d327b40924fddc35c2a44b

Download Submit
C:\Windows\System\GvzWnbw.exe

Filesize
6.0MB

MD5
bcb2adeec609d446cb085cff4ebe0cbc

SHA1
aa4096ae1b113488547ec343a6fae4e1d9597f8b

SHA256
6ada2e26ad736ca157ed965e7564b6c11f1e43532d83d7972a0ee94466f96845

SHA512
4bd498d50cb1774a71938e7398421b86257e2911be1ff32f700bc8d862850bdd982465411b60c41b670217644b30ffbf4bf5ef11d164cbd94fd6218cc4587e89

Download Submit
C:\Windows\System\HpahNTq.exe

Filesize
6.0MB

MD5
2bc2b782ddefa23f8f9503f6d52713d8

SHA1
9ca57530eeee735816485ae59817ad84cb89327e

SHA256
b6e718f897f73736feddeff633426a04e26dae8ef1d6cc858927abd4baef3914

SHA512
8ced113bfdb6d128ca17a968ec871d3b1f085beb10452404eae5ec706826d98c75accf1d2b6c1266cffccaf3335bc04df860315bb7859e3d339597baa21cd6f5

Download Submit
C:\Windows\System\ItffSRr.exe

Filesize
6.0MB

MD5
1009d1abcb0d0e570682e2fa1d3e1498

SHA1
12121b35c655b8f14ae0ebfc84fab4621ee1ec41

SHA256
8e55fbc7b95b2bf926756bfdd383e0811583e2b133fe888bbebdbc5e4e3ec599

SHA512
f5aa8f05c69c13269665f0cdc85b35516518a9999fda885554d284333918ea0411b34f486b2f9a6bf4960944bb1596dba02184def5e7b1fd36155fcb86217f95

Download Submit
C:\Windows\System\NLGSmHY.exe

Filesize
6.0MB

MD5
fe953c5e0dd83f8acd9b3a7be8fbd7fb

SHA1
fed395cc1c1446bfcfd722414f626fc0be1eb9e8

SHA256
3266c7958876fc2c308a7e3ead0aed64d93f12cce2acb527cf525e5405b7678c

SHA512
313069ce70fdcf85260a8c02df82ef1eaf680233effaa86c1eeb4273b82182d98d6b248d01f30cd22a17033ed0125221818ab8da186b50e6a932da47576ed23c

Download Submit
C:\Windows\System\NVBgGPR.exe

Filesize
6.0MB

MD5
1cbbb90a5d353156b4fc229ac4ee526a

SHA1
9a13d7f504309d0c9e3840f9a9b1ff1985c58a67

SHA256
7ff85d52168c40dcfd4b2299b572433538aa4de86a71d66c7eadd8ccc2529b2d

SHA512
7a5a42be04bdfd9bfaa740e1e7a15cf9e1de78377d717dc21d6c063b9c43ad65b981a9ea9756f3d919c904c61443306fc098b3252dbc99eb8ae48bdaf1a223cf

Download Submit
C:\Windows\System\NqZxiKC.exe

Filesize
6.0MB

MD5
66dda779d750199577f7fd4d9dc5111d

SHA1
8cff1a2037dec2c3122af8b532325ed42054758a

SHA256
19bdcffe1a980cf9be4299c42ce9a0e83595aac963dc537503444a27b1dd722d

SHA512
692a7da622e341061acc84fceba035a638bd25310fe7e00cc354aa83e64f0745c31b14d5df36cd1642a7423d1bb22d92f4f7085c61591870c90471684be58500

Download Submit
C:\Windows\System\OXlATvj.exe

Filesize
6.0MB

MD5
92e5e05030c3279a5a605d7c72bd2213

SHA1
82fb9da0ed1aa6d57fd7eaea1559af86591aaae7

SHA256
88afec88f08ce7e1a6606c5cf064b0e45fddf53aba1f484e0837e8de83e720ed

SHA512
c120359279d1777ac5aa6a9968951b2ac9666d3ef984741236bc68ac69f78b4005940c2f62cf3555373fd95fb53f4c38bc4d545713f03f5de1806fc498b91834

Download Submit
C:\Windows\System\PpgJeGw.exe

Filesize
6.0MB

MD5
4c30587205c0180fae3f72941124f79f

SHA1
f27e6a7cf8a096ebde3a5e98662aae9b0c7b4d44

SHA256
c0721e95da8ad3ccae3d1cd468b38fefaf66cf2529a89f0e6c34cd7d634d3263

SHA512
17cf2f75e6fb081e41b19b2e48e6ed511e3124e85cd88f82b84b83c05b0f973d9459ec393909c1f7711479728b6bdeacd1b766fab8976bdb01e6d3509e03731f

Download Submit
C:\Windows\System\QVfRYDZ.exe

Filesize
6.0MB

MD5
cb4dc958fb5885e1d043f053d83bac73

SHA1
1a0846ad0ccf9382f86a10bc72c2ffec8d1c562d

SHA256
8aaac8e3e134c3b2e123c8e58f6678183dbe9739f048a70d8dc5e593e83fff2d

SHA512
cd487731435fe0ba13b328ce877b63c124386faefd362610ae995298722571bb7834c8c6d1dc14249f435c7d7f02ad3de6f51893ead6c98ff8e4117b850b9ddb

Download Submit
C:\Windows\System\ZyBykNJ.exe

Filesize
6.0MB

MD5
98eb23e0070e0e9406d52d3210ca7d49

SHA1
9e5418bf52eb691fe889da814b29b6ae099dfd98

SHA256
e75b5ca30443e080ebc78a7c0595f97351df3bd74536665a8f78dcc22584a13f

SHA512
251751541b49f913a9a2767ea7518a4809aa542824fe5af155776d4596a9fa2c05dd86e50d86b502526fb12342eafd123bfd539959e6099a3c6ad44841d12499

Download Submit
C:\Windows\System\aUlMnQo.exe

Filesize
6.0MB

MD5
1429c776bdc70ff3e6bd66e04019dd0a

SHA1
f744bb49a2404e9602fba731e1efa20f4bdb8cbd

SHA256
9cc232ff31b720e3fbba442cc38139727dc1b3f6bdc529652f5e30ac696ce4c5

SHA512
3cbc50b9c91ad32b406a42762d0aa42b06b27b7e3f7475e2c5fe358cd4bc1bcab0b3da2d4f05d223efa92fee7fe0a272b3557c1db6c5ca99f2a7361d68576eb0

Download Submit
C:\Windows\System\aYCNkpT.exe

Filesize
6.0MB

MD5
a52e7953a1372c5f6f4bac11903834d5

SHA1
3b0afa78440d9434dcd5d2ec0427a43ff377717a

SHA256
f94f98c688d8a8118def0e6a15599a3909b1f4cbd0a8d2d219dd7502fe3cb302

SHA512
8bd085465fe7a2f9a9938bff70d4951371b5e76c1c0f4afc4b991a45c4d839d989e34da2810db9234084798b668844bbd5f6bd9daef88f20e0d273cb11a81805

Download Submit
C:\Windows\System\cZMlqAo.exe

Filesize
6.0MB

MD5
48f45016e26406f11b554e976bcaed9c

SHA1
9c497f28ac97d43008b4d7514eb761aef060f71a

SHA256
b94c31953659348d5c15762ef2c90604a8365f6597d99f876a54e4b9d3ea65ea

SHA512
84564ca38c5d6d84e1506c70cf4ce2fb2bc59c3c5f07800906a6779dc181b7c693f79cecf821741301bbafb170b5acf7c454805fe7f207ac06cf51206e8bb44e

Download Submit
C:\Windows\System\dobeaLM.exe

Filesize
6.0MB

MD5
9c2029c93f3da490503801058abfabc7

SHA1
e500472265de3e7ba06388fbf6c647e641fffd98

SHA256
6476e2d01ed72f8324c6e210b43168d1904a772c8fa2ab6dc534b70f48656c3d

SHA512
b81ccfce026e23278ac958adee573eee9089e5ffb0f1802986355d25521d38ad6a1a128540cd455b6587fc0ed1765c62e80aa9a57a751d638c4112e92ea5f610

Download Submit
C:\Windows\System\eUMflQY.exe

Filesize
6.0MB

MD5
f4daf25d7ac4ece9bb48e44519b6febb

SHA1
70cb5bfafc08004c01869ec9933bf00d439c0c50

SHA256
17665c32f6557cbc1796f514368740ebf3f4e46316e88c4c933bd1d01b60b7a5

SHA512
29c0003e8b4d89ab9148f0f535214590c07ebe2e8eb0192d4d390910d510fbfa54620e9f0e96a4f7bfca2bd19627ca632d4d186ecc8862e0f8ed0f454e939178

Download Submit
C:\Windows\System\gHMVeDi.exe

Filesize
6.0MB

MD5
8c3c102dceacd2674ee14c4af23b9a63

SHA1
51b78693655ef6e321bf357b10ef35c5a4a93637

SHA256
c7419643705ec5f036766a05c683b4ac1dfeea84a952a7bf719394cf084ae856

SHA512
34779b1e645497db232fe83a269a3cbe1b60f3b6ed32a77e9c84bfd1f5ca2a47f13d9f1dd24559d088eb3003e5c04bf4dfd0f0b54a5e971f0dcba40b53468384

Download Submit
C:\Windows\System\lepKZqO.exe

Filesize
6.0MB

MD5
a76e8977fd344be60d9cdb233ab1283a

SHA1
d541e71f70af72af43f148108413d2a4f6c94bf6

SHA256
788a1ac76557a23b344a79896b099f3fb2b6688c0b78e51e1f861bda9f352743

SHA512
9a5a7488f9475acb8472040d0f946cfc475515a70b1a603f0e65df3a067398070bbf18cb64194e41e7e653ae0c2ed7f3409aeab8bdcb3b7cec9a1e6a059e479b

Download Submit
C:\Windows\System\lfeZRqP.exe

Filesize
6.0MB

MD5
2770c4cca729033beb318d706a7b1dde

SHA1
2bc5d7d1374a4e88f2bda81de7656efb91d6624f

SHA256
66fbe1f35e2c6204f1caa60dd9372d4ae46504d4da4ce5749912e4035ff6d6b3

SHA512
41c8eaaff3fc401ccd9e1cbae4e35eec66126d9b312fca1abf6080ef3af102661224a594983880a3854010ad4d358da0632ea4421354653c24c41161c45b5ffb

Download Submit
C:\Windows\System\lzCBqsh.exe

Filesize
6.0MB

MD5
87b3626ea308dad8cd23733599bac58e

SHA1
5853c98717a843c6c7458c42272be6b17e2af1e9

SHA256
a1a2ca17c45655240fe11b12e6f3f47785060ed7870111621928c0e71a5896d6

SHA512
6874e668c7ba34bfce196231368dcd483706ae482ccd8c48f271234d828401cce0344184b317d9c8254656d68515c47af970494c09ddffcd0ca78db075d26f9a

Download Submit
C:\Windows\System\mFreEsA.exe

Filesize
6.0MB

MD5
2db43ec855c34e402f048646e2044c0b

SHA1
fe12826aebab740c0d7d78f3bc805a8c66a782ba

SHA256
0e5a9c0bc80b93985ef7f7763f505eaead71d7de6f42dff5e42cce43f7825689

SHA512
1c8beb15b7073c15bcf696857145d823cbaa1ea939c62cc0faec1730e02c7ab5a01d3c56bb5e1655f55452c62b7b5c5ab9e6b6d36145dee0d4155ec228d2b79a

Download Submit
C:\Windows\System\mGGJWyq.exe

Filesize
6.0MB

MD5
841177cd97beb3a6333aeb4c8e38b7f8

SHA1
91779551952b43ecbb9610df0e70edb00cc824c9

SHA256
d9aabeebc28dddee20cb2291beb933ad608ed4d866acb69abcfa9ca78825d8f4

SHA512
3e59a6cea42739c12c0b424ad89c83b989b7419e98c674e6c8a4451ec800dd4669eb016fcbe33e5b2972e9b7278e86ca4a05177814e1cdc35bdb0c238cb9820b

Download Submit
C:\Windows\System\mojfrfQ.exe

Filesize
6.0MB

MD5
ae1cb5352e2e215c1116a5195ccdb8d0

SHA1
8579c86c26829f105ea87276138575e1b29ee8b4

SHA256
0a33d26a2c3418f80ea6bdbf6a0b04d7a432b592063a5b534eadb2c5813d34ad

SHA512
30c3304f85279c84dd642da4520750cd7cb11b65c3820a22a554eefb55bb90fd003b977a4d9e8d2716948d438beab58f3f9713b4ce7c64b76b4f2981526c576f

Download Submit
C:\Windows\System\oXCoSoZ.exe

Filesize
6.0MB

MD5
a4eed20f8123387ab8ddf2c8a1a98e48

SHA1
ea5968c774425323b398eab38648e2189f190755

SHA256
044527ffd62162e0c2785ff5ab1549a473491a4805f90faa50976a9b3d84d5d9

SHA512
d4c0cb41b70bbd35de6f7656668ee8041aa1265321a48b9f7dfa07c2e49cc52f9cc8d842fbff5ce00db6625be16f1b033ce016739409709e690366c63eb1ebc7

Download Submit
C:\Windows\System\rDKGVEC.exe

Filesize
6.0MB

MD5
03c66343505867d7a2ce1b29026e8f23

SHA1
cf1c16d12d21b468ca94b8ff33404bd0e55b98e8

SHA256
06f458857c813d7aa8ec238603aa761d213adad5621414bfe65b14ca3475967d

SHA512
63690410392576bc211c3a36c9f3c3352a69a7ff847b144bbe6428c864cd548d9a16565ce51d3ff171b22f9e9db10e1d57e9a9617a1b78f0d77f3af00e34f0e9

Download Submit
C:\Windows\System\sswgeXf.exe

Filesize
6.0MB

MD5
a4b95030d109a8bb0a919bf7757ad9c9

SHA1
0698e5fedd4defc4975a010a21d2be7bd64302e6

SHA256
9b99fd7499947e54ef1298dcc31c5631d930dff693a131f371b9c10572c6b9c9

SHA512
cf920845e429701af1700c1ea0f8dc8ea0680efd3dd25231f75ea12ca7110adc798bc1fcf42a2c60d27d895b0105bf06d37261a8e7529e013addac07a742062a

Download Submit
C:\Windows\System\uLYosop.exe

Filesize
6.0MB

MD5
d20944926ce32fe43879a95e684347fb

SHA1
f0667b0e1705b64e23dd7e0936fc4b9d0f0e5569

SHA256
579ef84e71e835c63dd35aa9c8921b583927142ce9118f29ba0fa3599a2bed19

SHA512
822889d3a3b5f3e28868bbdbe57f4f33044e1d0ce42fe8f1276dfe4cb877f8dcc10f02fe5a38edf307650b1297cedf9cb2378d141261605a7a28ef5485f5ae7c

Download Submit
C:\Windows\System\xNsjCIa.exe

Filesize
6.0MB

MD5
198b03f7b3fe69415159d6a42d0d6b2c

SHA1
ad60b8056f078ae3a14f7d403d7da5fbefc6c980

SHA256
0d18b39806cceaacd862612c55188252d6dcb241445f82acb056665c663e5604

SHA512
cb19e50512b866a499583b9e0c1f9dbd8c10ad1bef02021d78259388ee2c3ba3248af26d3449fdcd914163efca138366ba0dc2d626ab8b1cde9af271c7466bf4

Download Submit
C:\Windows\System\zuJNSFz.exe

Filesize
6.0MB

MD5
7cc2bad1f5c507a17ad5b94c4f12812a

SHA1
dc5a421001e9211ed330317dda4ece69600449f9

SHA256
ae2a562e76b1c5982bb567da21642b73e860d4a2d3f97a7d2c4a7545fb555ccc

SHA512
830ddbc73c86832b1f4f361ea7d7a3b049222230f7f8b25bed0ccad967c66896bf56c136acbcb3517511bcc50f7fd0fd527e4e7e19221575e4e6428b7a112564

Download Submit
memory/432-504-0x00007FF709610000-0x00007FF709964000-memory.dmp

Filesize
3.3MB

Download
memory/432-2228-0x00007FF709610000-0x00007FF709964000-memory.dmp

Filesize
3.3MB

Download
memory/1208-57-0x00007FF676660000-0x00007FF6769B4000-memory.dmp

Filesize
3.3MB

Download
memory/1208-2220-0x00007FF676660000-0x00007FF6769B4000-memory.dmp

Filesize
3.3MB

Download
memory/1208-1072-0x00007FF676660000-0x00007FF6769B4000-memory.dmp

Filesize
3.3MB

Download
memory/1264-2226-0x00007FF655C10000-0x00007FF655F64000-memory.dmp

Filesize
3.3MB

Download
memory/1264-523-0x00007FF655C10000-0x00007FF655F64000-memory.dmp

Filesize
3.3MB

Download
memory/1432-513-0x00007FF62AE60000-0x00007FF62B1B4000-memory.dmp

Filesize
3.3MB

Download
memory/1432-2231-0x00007FF62AE60000-0x00007FF62B1B4000-memory.dmp

Filesize
3.3MB

Download
memory/1440-519-0x00007FF608DB0000-0x00007FF609104000-memory.dmp

Filesize
3.3MB

Download
memory/1440-2240-0x00007FF608DB0000-0x00007FF609104000-memory.dmp

Filesize
3.3MB

Download
memory/1476-2237-0x00007FF631070000-0x00007FF6313C4000-memory.dmp

Filesize
3.3MB

Download
memory/1476-518-0x00007FF631070000-0x00007FF6313C4000-memory.dmp

Filesize
3.3MB

Download
memory/1948-2234-0x00007FF702EB0000-0x00007FF703204000-memory.dmp

Filesize
3.3MB

Download
memory/1948-508-0x00007FF702EB0000-0x00007FF703204000-memory.dmp

Filesize
3.3MB

Download
memory/2100-517-0x00007FF6D3420000-0x00007FF6D3774000-memory.dmp

Filesize
3.3MB

Download
memory/2100-2236-0x00007FF6D3420000-0x00007FF6D3774000-memory.dmp

Filesize
3.3MB

Download
memory/2296-2229-0x00007FF7F5260000-0x00007FF7F55B4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-512-0x00007FF7F5260000-0x00007FF7F55B4000-memory.dmp

Filesize
3.3MB

Download
memory/2500-515-0x00007FF74B650000-0x00007FF74B9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2500-2230-0x00007FF74B650000-0x00007FF74B9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-2227-0x00007FF6D0110000-0x00007FF6D0464000-memory.dmp

Filesize
3.3MB

Download
memory/2512-507-0x00007FF6D0110000-0x00007FF6D0464000-memory.dmp

Filesize
3.3MB

Download
memory/2596-2219-0x00007FF615B00000-0x00007FF615E54000-memory.dmp

Filesize
3.3MB

Download
memory/2596-54-0x00007FF615B00000-0x00007FF615E54000-memory.dmp

Filesize
3.3MB

Download
memory/2952-8-0x00007FF7F6650000-0x00007FF7F69A4000-memory.dmp

Filesize
3.3MB

Download
memory/2952-55-0x00007FF7F6650000-0x00007FF7F69A4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-501-0x00007FF7612A0000-0x00007FF7615F4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-2223-0x00007FF7612A0000-0x00007FF7615F4000-memory.dmp

Filesize
3.3MB

Download
memory/3264-521-0x00007FF7B1930000-0x00007FF7B1C84000-memory.dmp

Filesize
3.3MB

Download
memory/3264-2238-0x00007FF7B1930000-0x00007FF7B1C84000-memory.dmp

Filesize
3.3MB

Download
memory/3460-2215-0x00007FF649520000-0x00007FF649874000-memory.dmp

Filesize
3.3MB

Download
memory/3460-25-0x00007FF649520000-0x00007FF649874000-memory.dmp

Filesize
3.3MB

Download
memory/3460-522-0x00007FF649520000-0x00007FF649874000-memory.dmp

Filesize
3.3MB

Download
memory/3524-520-0x00007FF720780000-0x00007FF720AD4000-memory.dmp

Filesize
3.3MB

Download
memory/3524-2239-0x00007FF720780000-0x00007FF720AD4000-memory.dmp

Filesize
3.3MB

Download
memory/3600-2218-0x00007FF697290000-0x00007FF6975E4000-memory.dmp

Filesize
3.3MB

Download
memory/3600-915-0x00007FF697290000-0x00007FF6975E4000-memory.dmp

Filesize
3.3MB

Download
memory/3600-44-0x00007FF697290000-0x00007FF6975E4000-memory.dmp

Filesize
3.3MB

Download
memory/3816-511-0x00007FF6083D0000-0x00007FF608724000-memory.dmp

Filesize
3.3MB

Download
memory/3816-2232-0x00007FF6083D0000-0x00007FF608724000-memory.dmp

Filesize
3.3MB

Download
memory/3852-2217-0x00007FF6E5040000-0x00007FF6E5394000-memory.dmp

Filesize
3.3MB

Download
memory/3852-36-0x00007FF6E5040000-0x00007FF6E5394000-memory.dmp

Filesize
3.3MB

Download
memory/3852-787-0x00007FF6E5040000-0x00007FF6E5394000-memory.dmp

Filesize
3.3MB

Download
memory/3892-2216-0x00007FF76E540000-0x00007FF76E894000-memory.dmp

Filesize
3.3MB

Download
memory/3892-32-0x00007FF76E540000-0x00007FF76E894000-memory.dmp

Filesize
3.3MB

Download
memory/3956-2235-0x00007FF7BA8A0000-0x00007FF7BABF4000-memory.dmp

Filesize
3.3MB

Download
memory/3956-516-0x00007FF7BA8A0000-0x00007FF7BABF4000-memory.dmp

Filesize
3.3MB

Download
memory/4004-498-0x00007FF7BB320000-0x00007FF7BB674000-memory.dmp

Filesize
3.3MB

Download
memory/4004-2224-0x00007FF7BB320000-0x00007FF7BB674000-memory.dmp

Filesize
3.3MB

Download
memory/4004-1212-0x00007FF7BB320000-0x00007FF7BB674000-memory.dmp

Filesize
3.3MB

Download
memory/4088-52-0x00007FF68CF40000-0x00007FF68D294000-memory.dmp

Filesize
3.3MB

Download
memory/4088-1-0x00000299B6FA0000-0x00000299B6FB0000-memory.dmp

Filesize
64KB

Download
memory/4088-0-0x00007FF68CF40000-0x00007FF68D294000-memory.dmp

Filesize
3.3MB

Download
memory/4276-18-0x00007FF7CA270000-0x00007FF7CA5C4000-memory.dmp

Filesize
3.3MB

Download
memory/4276-77-0x00007FF7CA270000-0x00007FF7CA5C4000-memory.dmp

Filesize
3.3MB

Download
memory/4420-2233-0x00007FF6FD610000-0x00007FF6FD964000-memory.dmp

Filesize
3.3MB

Download
memory/4420-510-0x00007FF6FD610000-0x00007FF6FD964000-memory.dmp

Filesize
3.3MB

Download
memory/4500-2222-0x00007FF708690000-0x00007FF7089E4000-memory.dmp

Filesize
3.3MB

Download
memory/4500-1211-0x00007FF708690000-0x00007FF7089E4000-memory.dmp

Filesize
3.3MB

Download
memory/4500-71-0x00007FF708690000-0x00007FF7089E4000-memory.dmp

Filesize
3.3MB

Download
memory/4980-62-0x00007FF68EDF0000-0x00007FF68F144000-memory.dmp

Filesize
3.3MB

Download
memory/4980-14-0x00007FF68EDF0000-0x00007FF68F144000-memory.dmp

Filesize
3.3MB

Download
memory/5000-2225-0x00007FF77AD10000-0x00007FF77B064000-memory.dmp

Filesize
3.3MB

Download
memory/5000-503-0x00007FF77AD10000-0x00007FF77B064000-memory.dmp

Filesize
3.3MB

Download
memory/5072-2221-0x00007FF7935A0000-0x00007FF7938F4000-memory.dmp

Filesize
3.3MB

Download
memory/5072-1131-0x00007FF7935A0000-0x00007FF7938F4000-memory.dmp

Filesize
3.3MB

Download
memory/5072-63-0x00007FF7935A0000-0x00007FF7938F4000-memory.dmp

Filesize
3.3MB

Download