cobaltstrike | 68269bcac80c5cd95eb5312a1a7177ec82e0fb0cf5cf3cae2058688a303fc09f

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
28/11/2024, 03:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

71979dba2fe1c83eae51934264e5b860
SHA1

367a9cf58e5eb9cc679f9b125b34517f2bc48d49
SHA256

68269bcac80c5cd95eb5312a1a7177ec82e0fb0cf5cf3cae2058688a303fc09f
SHA512

7757b4a190bd00c96b9b8870a2fc7b2a55c4528f4731470c5b2d55e53bfc36b9528c38a368ad9d70c4a18ce637237d952db2fec1f74608fb5d7342ea959b9fdd
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUM:T+q56utgpPF8u/7M

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0009000000023c64-5.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc3-8.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc2-15.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc4-25.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc5-22.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc7-38.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cca-55.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc9-60.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ccb-68.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ccd-74.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd0-95.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd1-96.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd3-108.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd5-120.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd4-135.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cde-177.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cdd-175.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cdc-171.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cdb-169.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cda-167.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd9-165.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd8-162.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd7-160.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd6-157.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd2-127.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ccf-104.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cce-102.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023cbf-93.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ccc-70.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cdf-194.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc8-53.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc6-44.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1644-0-0x00007FF7E8240000-0x00007FF7E8594000-memory.dmp	xmrig
behavioral2/files/0x0009000000023c64-5.dat	xmrig
behavioral2/memory/4144-6-0x00007FF7E8F00000-0x00007FF7E9254000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc3-8.dat	xmrig
behavioral2/files/0x0007000000023cc2-15.dat	xmrig
behavioral2/files/0x0007000000023cc4-25.dat	xmrig
behavioral2/memory/4392-24-0x00007FF66EF30000-0x00007FF66F284000-memory.dmp	xmrig
behavioral2/memory/228-23-0x00007FF697D10000-0x00007FF698064000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc5-22.dat	xmrig
behavioral2/memory/3004-12-0x00007FF6C7470000-0x00007FF6C77C4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc7-38.dat	xmrig
behavioral2/files/0x0007000000023cca-55.dat	xmrig
behavioral2/files/0x0007000000023cc9-60.dat	xmrig
behavioral2/files/0x0007000000023ccb-68.dat	xmrig
behavioral2/files/0x0007000000023ccd-74.dat	xmrig
behavioral2/files/0x0007000000023cd0-95.dat	xmrig
behavioral2/files/0x0007000000023cd1-96.dat	xmrig
behavioral2/files/0x0007000000023cd3-108.dat	xmrig
behavioral2/files/0x0007000000023cd5-120.dat	xmrig
behavioral2/files/0x0007000000023cd4-135.dat	xmrig
behavioral2/memory/1200-154-0x00007FF782F70000-0x00007FF7832C4000-memory.dmp	xmrig
behavioral2/memory/4984-179-0x00007FF7C53D0000-0x00007FF7C5724000-memory.dmp	xmrig
behavioral2/memory/3852-188-0x00007FF619310000-0x00007FF619664000-memory.dmp	xmrig
behavioral2/memory/228-187-0x00007FF697D10000-0x00007FF698064000-memory.dmp	xmrig
behavioral2/memory/3096-186-0x00007FF69C0F0000-0x00007FF69C444000-memory.dmp	xmrig
behavioral2/memory/4144-185-0x00007FF7E8F00000-0x00007FF7E9254000-memory.dmp	xmrig
behavioral2/memory/3516-184-0x00007FF6B1A80000-0x00007FF6B1DD4000-memory.dmp	xmrig
behavioral2/memory/5036-183-0x00007FF7DDF40000-0x00007FF7DE294000-memory.dmp	xmrig
behavioral2/memory/880-182-0x00007FF782C90000-0x00007FF782FE4000-memory.dmp	xmrig
behavioral2/memory/4668-181-0x00007FF7FCE30000-0x00007FF7FD184000-memory.dmp	xmrig
behavioral2/memory/4680-180-0x00007FF608600000-0x00007FF608954000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cde-177.dat	xmrig
behavioral2/files/0x0007000000023cdd-175.dat	xmrig
behavioral2/memory/684-174-0x00007FF64D700000-0x00007FF64DA54000-memory.dmp	xmrig
behavioral2/memory/4692-173-0x00007FF762FF0000-0x00007FF763344000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cdc-171.dat	xmrig
behavioral2/files/0x0007000000023cdb-169.dat	xmrig
behavioral2/files/0x0007000000023cda-167.dat	xmrig
behavioral2/files/0x0007000000023cd9-165.dat	xmrig
behavioral2/memory/3612-164-0x00007FF6BF1C0000-0x00007FF6BF514000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cd8-162.dat	xmrig
behavioral2/files/0x0007000000023cd7-160.dat	xmrig
behavioral2/files/0x0007000000023cd6-157.dat	xmrig
behavioral2/memory/2884-155-0x00007FF750050000-0x00007FF7503A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cd2-127.dat	xmrig
behavioral2/memory/1008-126-0x00007FF784C40000-0x00007FF784F94000-memory.dmp	xmrig
behavioral2/memory/4196-114-0x00007FF7716F0000-0x00007FF771A44000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ccf-104.dat	xmrig
behavioral2/files/0x0007000000023cce-102.dat	xmrig
behavioral2/memory/4568-98-0x00007FF6531F0000-0x00007FF653544000-memory.dmp	xmrig
behavioral2/memory/4840-97-0x00007FF7ECD40000-0x00007FF7ED094000-memory.dmp	xmrig
behavioral2/files/0x0008000000023cbf-93.dat	xmrig
behavioral2/memory/2892-87-0x00007FF75A6A0000-0x00007FF75A9F4000-memory.dmp	xmrig
behavioral2/memory/4500-86-0x00007FF701210000-0x00007FF701564000-memory.dmp	xmrig
behavioral2/memory/1644-85-0x00007FF7E8240000-0x00007FF7E8594000-memory.dmp	xmrig
behavioral2/memory/2608-80-0x00007FF6B6180000-0x00007FF6B64D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ccc-70.dat	xmrig
behavioral2/memory/3004-190-0x00007FF6C7470000-0x00007FF6C77C4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cdf-194.dat	xmrig
behavioral2/memory/4392-306-0x00007FF66EF30000-0x00007FF66F284000-memory.dmp	xmrig
behavioral2/memory/3524-374-0x00007FF6013B0000-0x00007FF601704000-memory.dmp	xmrig
behavioral2/memory/1980-442-0x00007FF69FD40000-0x00007FF6A0094000-memory.dmp	xmrig
behavioral2/memory/3132-507-0x00007FF738630000-0x00007FF738984000-memory.dmp	xmrig
behavioral2/memory/4840-580-0x00007FF7ECD40000-0x00007FF7ED094000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4144	OyFoyJZ.exe
3004	GztZZAg.exe
228	PqmkEIM.exe
4392	CNLVqbl.exe
1756	nvxSqSX.exe
3524	oWaCnZP.exe
1980	kIEixAH.exe
1640	dHsFTch.exe
3132	ZrLSUiD.exe
2608	CjLLNnD.exe
4196	jHujEib.exe
1008	EbwapXs.exe
4500	nyBcmhL.exe
1200	UCyaITk.exe
2892	agoWhUh.exe
4840	WxCJeAs.exe
2884	LyPXYAF.exe
4568	FpLAFYK.exe
3516	TZEXjjj.exe
3612	LukqWga.exe
3096	yuhrLXA.exe
4692	cvNBLnL.exe
684	EkrVUpm.exe
4984	QKuzUSK.exe
4680	zDZzyKG.exe
3852	kGYoTEL.exe
4668	QghKOwl.exe
880	dYQYzzN.exe
5036	yNTrfwj.exe
1696	cUCWFYf.exe
4556	PxqGLcR.exe
5008	uhpCptw.exe
1612	eOWnGUT.exe
1508	wQGTVLp.exe
3448	rZWYyvY.exe
1292	oMQyzbW.exe
4248	qNfQoND.exe
1516	KsmhWDH.exe
1392	VJaMHgw.exe
2700	gIouqTC.exe
3052	ETcJgby.exe
3512	PaBimqA.exe
4412	yOkncqB.exe
752	kjdKtme.exe
1992	DjjqJWX.exe
2628	LyzRcmm.exe
2176	paQmcBh.exe
3604	pxFiAZf.exe
2384	WADJEoF.exe
2956	iOtyIwa.exe
3632	XieYrfM.exe
4796	MNbaQuX.exe
3768	TaQPPID.exe
4328	enZEmtM.exe
4536	wPzDALO.exe
4208	rzrcrIL.exe
5024	ySOnJfz.exe
2640	hZPBYGJ.exe
2204	XqioZnj.exe
3888	pYJVbeU.exe
1452	dbXQChn.exe
2600	hqegDYF.exe
3856	CwdkmFS.exe
3712	GazLoJp.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1644-0-0x00007FF7E8240000-0x00007FF7E8594000-memory.dmp	upx
behavioral2/files/0x0009000000023c64-5.dat	upx
behavioral2/memory/4144-6-0x00007FF7E8F00000-0x00007FF7E9254000-memory.dmp	upx
behavioral2/files/0x0007000000023cc3-8.dat	upx
behavioral2/files/0x0007000000023cc2-15.dat	upx
behavioral2/files/0x0007000000023cc4-25.dat	upx
behavioral2/memory/4392-24-0x00007FF66EF30000-0x00007FF66F284000-memory.dmp	upx
behavioral2/memory/228-23-0x00007FF697D10000-0x00007FF698064000-memory.dmp	upx
behavioral2/files/0x0007000000023cc5-22.dat	upx
behavioral2/memory/3004-12-0x00007FF6C7470000-0x00007FF6C77C4000-memory.dmp	upx
behavioral2/files/0x0007000000023cc7-38.dat	upx
behavioral2/files/0x0007000000023cca-55.dat	upx
behavioral2/files/0x0007000000023cc9-60.dat	upx
behavioral2/files/0x0007000000023ccb-68.dat	upx
behavioral2/files/0x0007000000023ccd-74.dat	upx
behavioral2/files/0x0007000000023cd0-95.dat	upx
behavioral2/files/0x0007000000023cd1-96.dat	upx
behavioral2/files/0x0007000000023cd3-108.dat	upx
behavioral2/files/0x0007000000023cd5-120.dat	upx
behavioral2/files/0x0007000000023cd4-135.dat	upx
behavioral2/memory/1200-154-0x00007FF782F70000-0x00007FF7832C4000-memory.dmp	upx
behavioral2/memory/4984-179-0x00007FF7C53D0000-0x00007FF7C5724000-memory.dmp	upx
behavioral2/memory/3852-188-0x00007FF619310000-0x00007FF619664000-memory.dmp	upx
behavioral2/memory/228-187-0x00007FF697D10000-0x00007FF698064000-memory.dmp	upx
behavioral2/memory/3096-186-0x00007FF69C0F0000-0x00007FF69C444000-memory.dmp	upx
behavioral2/memory/4144-185-0x00007FF7E8F00000-0x00007FF7E9254000-memory.dmp	upx
behavioral2/memory/3516-184-0x00007FF6B1A80000-0x00007FF6B1DD4000-memory.dmp	upx
behavioral2/memory/5036-183-0x00007FF7DDF40000-0x00007FF7DE294000-memory.dmp	upx
behavioral2/memory/880-182-0x00007FF782C90000-0x00007FF782FE4000-memory.dmp	upx
behavioral2/memory/4668-181-0x00007FF7FCE30000-0x00007FF7FD184000-memory.dmp	upx
behavioral2/memory/4680-180-0x00007FF608600000-0x00007FF608954000-memory.dmp	upx
behavioral2/files/0x0007000000023cde-177.dat	upx
behavioral2/files/0x0007000000023cdd-175.dat	upx
behavioral2/memory/684-174-0x00007FF64D700000-0x00007FF64DA54000-memory.dmp	upx
behavioral2/memory/4692-173-0x00007FF762FF0000-0x00007FF763344000-memory.dmp	upx
behavioral2/files/0x0007000000023cdc-171.dat	upx
behavioral2/files/0x0007000000023cdb-169.dat	upx
behavioral2/files/0x0007000000023cda-167.dat	upx
behavioral2/files/0x0007000000023cd9-165.dat	upx
behavioral2/memory/3612-164-0x00007FF6BF1C0000-0x00007FF6BF514000-memory.dmp	upx
behavioral2/files/0x0007000000023cd8-162.dat	upx
behavioral2/files/0x0007000000023cd7-160.dat	upx
behavioral2/files/0x0007000000023cd6-157.dat	upx
behavioral2/memory/2884-155-0x00007FF750050000-0x00007FF7503A4000-memory.dmp	upx
behavioral2/files/0x0007000000023cd2-127.dat	upx
behavioral2/memory/1008-126-0x00007FF784C40000-0x00007FF784F94000-memory.dmp	upx
behavioral2/memory/4196-114-0x00007FF7716F0000-0x00007FF771A44000-memory.dmp	upx
behavioral2/files/0x0007000000023ccf-104.dat	upx
behavioral2/files/0x0007000000023cce-102.dat	upx
behavioral2/memory/4568-98-0x00007FF6531F0000-0x00007FF653544000-memory.dmp	upx
behavioral2/memory/4840-97-0x00007FF7ECD40000-0x00007FF7ED094000-memory.dmp	upx
behavioral2/files/0x0008000000023cbf-93.dat	upx
behavioral2/memory/2892-87-0x00007FF75A6A0000-0x00007FF75A9F4000-memory.dmp	upx
behavioral2/memory/4500-86-0x00007FF701210000-0x00007FF701564000-memory.dmp	upx
behavioral2/memory/1644-85-0x00007FF7E8240000-0x00007FF7E8594000-memory.dmp	upx
behavioral2/memory/2608-80-0x00007FF6B6180000-0x00007FF6B64D4000-memory.dmp	upx
behavioral2/files/0x0007000000023ccc-70.dat	upx
behavioral2/memory/3004-190-0x00007FF6C7470000-0x00007FF6C77C4000-memory.dmp	upx
behavioral2/files/0x0007000000023cdf-194.dat	upx
behavioral2/memory/4392-306-0x00007FF66EF30000-0x00007FF66F284000-memory.dmp	upx
behavioral2/memory/3524-374-0x00007FF6013B0000-0x00007FF601704000-memory.dmp	upx
behavioral2/memory/1980-442-0x00007FF69FD40000-0x00007FF6A0094000-memory.dmp	upx
behavioral2/memory/3132-507-0x00007FF738630000-0x00007FF738984000-memory.dmp	upx
behavioral2/memory/4840-580-0x00007FF7ECD40000-0x00007FF7ED094000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\pYCpkDw.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oWaCnZP.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yLvBpZg.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MtOQivS.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dGqwgoo.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oVEQBeJ.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CKDTdtT.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oZxOIul.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dhVFYxc.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\woNrEVq.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rHKhWCC.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\liapcdk.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HGUsDSd.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lShknEv.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ysfOIjl.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tXwYtru.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QGgFGsF.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ljFWHSj.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TPDcxOO.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LukqWga.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SazPRJj.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MtGtiZO.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ECQjdfO.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zPcYsor.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BLhfuCG.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ngxnlBd.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EpcZdxy.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OgYPccl.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UCyaITk.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tCHTOMF.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jbKJDDp.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ejNDnNc.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zfhDeTH.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uFwmCak.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\diUUEDN.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QqDudsN.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cUFMqir.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XrpkQNf.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UCDkSqj.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZTGqqfF.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jPSFBLn.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZQTsJuy.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UVMTUin.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZSGfGzc.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fLQuCSS.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eXZATkZ.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SEcmxnk.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dXygRCg.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CdrrJno.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JVECDFn.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ioVZatF.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TUZAIRq.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XAbmPmI.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BCsHZxY.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Izyncsr.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FsgVHVx.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GzVDXQA.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rBkIofj.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WGefIsQ.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zgCqVAD.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oMYUCBA.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bHFLSXG.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HNDaFya.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EYZiLnc.exe	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 4144	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1644 wrote to memory of 4144	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1644 wrote to memory of 3004	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 1644 wrote to memory of 3004	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 1644 wrote to memory of 228	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1644 wrote to memory of 228	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1644 wrote to memory of 1756	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1644 wrote to memory of 1756	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1644 wrote to memory of 4392	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1644 wrote to memory of 4392	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1644 wrote to memory of 3524	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1644 wrote to memory of 3524	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1644 wrote to memory of 1980	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1644 wrote to memory of 1980	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1644 wrote to memory of 1640	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1644 wrote to memory of 1640	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1644 wrote to memory of 3132	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1644 wrote to memory of 3132	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1644 wrote to memory of 2608	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1644 wrote to memory of 2608	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1644 wrote to memory of 4196	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1644 wrote to memory of 4196	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1644 wrote to memory of 1008	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1644 wrote to memory of 1008	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1644 wrote to memory of 4500	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1644 wrote to memory of 4500	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1644 wrote to memory of 1200	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1644 wrote to memory of 1200	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1644 wrote to memory of 2892	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1644 wrote to memory of 2892	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1644 wrote to memory of 4840	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1644 wrote to memory of 4840	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1644 wrote to memory of 2884	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1644 wrote to memory of 2884	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1644 wrote to memory of 4568	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1644 wrote to memory of 4568	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1644 wrote to memory of 3516	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1644 wrote to memory of 3516	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1644 wrote to memory of 3612	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1644 wrote to memory of 3612	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1644 wrote to memory of 3096	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1644 wrote to memory of 3096	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1644 wrote to memory of 4692	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1644 wrote to memory of 4692	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1644 wrote to memory of 684	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1644 wrote to memory of 684	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1644 wrote to memory of 4984	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1644 wrote to memory of 4984	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1644 wrote to memory of 4680	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1644 wrote to memory of 4680	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1644 wrote to memory of 3852	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1644 wrote to memory of 3852	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1644 wrote to memory of 4668	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1644 wrote to memory of 4668	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1644 wrote to memory of 880	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1644 wrote to memory of 880	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1644 wrote to memory of 5036	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1644 wrote to memory of 5036	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1644 wrote to memory of 1696	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 1644 wrote to memory of 1696	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 1644 wrote to memory of 4556	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 1644 wrote to memory of 4556	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 1644 wrote to memory of 5008	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 1644 wrote to memory of 5008	1644	2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe	117

C:\Users\Admin\AppData\Local\Temp\2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-28_71979dba2fe1c83eae51934264e5b860_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Windows\System\OyFoyJZ.exe
  C:\Windows\System\OyFoyJZ.exe
  2⤵
  - Executes dropped EXE
  PID:4144
- C:\Windows\System\GztZZAg.exe
  C:\Windows\System\GztZZAg.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\PqmkEIM.exe
  C:\Windows\System\PqmkEIM.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\nvxSqSX.exe
  C:\Windows\System\nvxSqSX.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\CNLVqbl.exe
  C:\Windows\System\CNLVqbl.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System\oWaCnZP.exe
  C:\Windows\System\oWaCnZP.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\kIEixAH.exe
  C:\Windows\System\kIEixAH.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\dHsFTch.exe
  C:\Windows\System\dHsFTch.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\ZrLSUiD.exe
  C:\Windows\System\ZrLSUiD.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System\CjLLNnD.exe
  C:\Windows\System\CjLLNnD.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\jHujEib.exe
  C:\Windows\System\jHujEib.exe
  2⤵
  - Executes dropped EXE
  PID:4196
- C:\Windows\System\EbwapXs.exe
  C:\Windows\System\EbwapXs.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\nyBcmhL.exe
  C:\Windows\System\nyBcmhL.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\UCyaITk.exe
  C:\Windows\System\UCyaITk.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\agoWhUh.exe
  C:\Windows\System\agoWhUh.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\WxCJeAs.exe
  C:\Windows\System\WxCJeAs.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\LyPXYAF.exe
  C:\Windows\System\LyPXYAF.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\FpLAFYK.exe
  C:\Windows\System\FpLAFYK.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\TZEXjjj.exe
  C:\Windows\System\TZEXjjj.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\LukqWga.exe
  C:\Windows\System\LukqWga.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\yuhrLXA.exe
  C:\Windows\System\yuhrLXA.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\cvNBLnL.exe
  C:\Windows\System\cvNBLnL.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\EkrVUpm.exe
  C:\Windows\System\EkrVUpm.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\QKuzUSK.exe
  C:\Windows\System\QKuzUSK.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\zDZzyKG.exe
  C:\Windows\System\zDZzyKG.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System\kGYoTEL.exe
  C:\Windows\System\kGYoTEL.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System\QghKOwl.exe
  C:\Windows\System\QghKOwl.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System\dYQYzzN.exe
  C:\Windows\System\dYQYzzN.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\yNTrfwj.exe
  C:\Windows\System\yNTrfwj.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\cUCWFYf.exe
  C:\Windows\System\cUCWFYf.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\PxqGLcR.exe
  C:\Windows\System\PxqGLcR.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\uhpCptw.exe
  C:\Windows\System\uhpCptw.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\eOWnGUT.exe
  C:\Windows\System\eOWnGUT.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\wQGTVLp.exe
  C:\Windows\System\wQGTVLp.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\rZWYyvY.exe
  C:\Windows\System\rZWYyvY.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System\oMQyzbW.exe
  C:\Windows\System\oMQyzbW.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\qNfQoND.exe
  C:\Windows\System\qNfQoND.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\KsmhWDH.exe
  C:\Windows\System\KsmhWDH.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\VJaMHgw.exe
  C:\Windows\System\VJaMHgw.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\gIouqTC.exe
  C:\Windows\System\gIouqTC.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\ETcJgby.exe
  C:\Windows\System\ETcJgby.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\PaBimqA.exe
  C:\Windows\System\PaBimqA.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\yOkncqB.exe
  C:\Windows\System\yOkncqB.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\kjdKtme.exe
  C:\Windows\System\kjdKtme.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\DjjqJWX.exe
  C:\Windows\System\DjjqJWX.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\LyzRcmm.exe
  C:\Windows\System\LyzRcmm.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\paQmcBh.exe
  C:\Windows\System\paQmcBh.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\pxFiAZf.exe
  C:\Windows\System\pxFiAZf.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\WADJEoF.exe
  C:\Windows\System\WADJEoF.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\iOtyIwa.exe
  C:\Windows\System\iOtyIwa.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\XieYrfM.exe
  C:\Windows\System\XieYrfM.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System\MNbaQuX.exe
  C:\Windows\System\MNbaQuX.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\TaQPPID.exe
  C:\Windows\System\TaQPPID.exe
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Windows\System\enZEmtM.exe
  C:\Windows\System\enZEmtM.exe
  2⤵
  - Executes dropped EXE
  PID:4328
- C:\Windows\System\wPzDALO.exe
  C:\Windows\System\wPzDALO.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\rzrcrIL.exe
  C:\Windows\System\rzrcrIL.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System\ySOnJfz.exe
  C:\Windows\System\ySOnJfz.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\hZPBYGJ.exe
  C:\Windows\System\hZPBYGJ.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\XqioZnj.exe
  C:\Windows\System\XqioZnj.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\pYJVbeU.exe
  C:\Windows\System\pYJVbeU.exe
  2⤵
  - Executes dropped EXE
  PID:3888
- C:\Windows\System\dbXQChn.exe
  C:\Windows\System\dbXQChn.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\hqegDYF.exe
  C:\Windows\System\hqegDYF.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\CwdkmFS.exe
  C:\Windows\System\CwdkmFS.exe
  2⤵
  - Executes dropped EXE
  PID:3856
- C:\Windows\System\GazLoJp.exe
  C:\Windows\System\GazLoJp.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\enrdbyI.exe
  C:\Windows\System\enrdbyI.exe
  2⤵
  PID:3876
- C:\Windows\System\WXqdVTn.exe
  C:\Windows\System\WXqdVTn.exe
  2⤵
  PID:2800
- C:\Windows\System\Tvlqyng.exe
  C:\Windows\System\Tvlqyng.exe
  2⤵
  PID:4052
- C:\Windows\System\hVGxwSQ.exe
  C:\Windows\System\hVGxwSQ.exe
  2⤵
  PID:4948
- C:\Windows\System\ivRkWDB.exe
  C:\Windows\System\ivRkWDB.exe
  2⤵
  PID:3324
- C:\Windows\System\BLhfuCG.exe
  C:\Windows\System\BLhfuCG.exe
  2⤵
  PID:3580
- C:\Windows\System\qpyTUXL.exe
  C:\Windows\System\qpyTUXL.exe
  2⤵
  PID:4924
- C:\Windows\System\FhOeAgh.exe
  C:\Windows\System\FhOeAgh.exe
  2⤵
  PID:4484
- C:\Windows\System\AzBYhkF.exe
  C:\Windows\System\AzBYhkF.exe
  2⤵
  PID:2632
- C:\Windows\System\tpfLFcf.exe
  C:\Windows\System\tpfLFcf.exe
  2⤵
  PID:2008
- C:\Windows\System\YBCrriy.exe
  C:\Windows\System\YBCrriy.exe
  2⤵
  PID:5028
- C:\Windows\System\bvEjZUy.exe
  C:\Windows\System\bvEjZUy.exe
  2⤵
  PID:4616
- C:\Windows\System\vHaFacE.exe
  C:\Windows\System\vHaFacE.exe
  2⤵
  PID:3600
- C:\Windows\System\ngxnlBd.exe
  C:\Windows\System\ngxnlBd.exe
  2⤵
  PID:3676
- C:\Windows\System\WeVzeie.exe
  C:\Windows\System\WeVzeie.exe
  2⤵
  PID:4048
- C:\Windows\System\VdOirHd.exe
  C:\Windows\System\VdOirHd.exe
  2⤵
  PID:2964
- C:\Windows\System\TBUfedt.exe
  C:\Windows\System\TBUfedt.exe
  2⤵
  PID:2300
- C:\Windows\System\GBRqvOV.exe
  C:\Windows\System\GBRqvOV.exe
  2⤵
  PID:4904
- C:\Windows\System\KQaYxXi.exe
  C:\Windows\System\KQaYxXi.exe
  2⤵
  PID:2280
- C:\Windows\System\gGPzkGG.exe
  C:\Windows\System\gGPzkGG.exe
  2⤵
  PID:3764
- C:\Windows\System\muHYIwo.exe
  C:\Windows\System\muHYIwo.exe
  2⤵
  PID:4508
- C:\Windows\System\KVBCLES.exe
  C:\Windows\System\KVBCLES.exe
  2⤵
  PID:1440
- C:\Windows\System\EYbXGJP.exe
  C:\Windows\System\EYbXGJP.exe
  2⤵
  PID:4312
- C:\Windows\System\ZTsmDcU.exe
  C:\Windows\System\ZTsmDcU.exe
  2⤵
  PID:1836
- C:\Windows\System\EpcZdxy.exe
  C:\Windows\System\EpcZdxy.exe
  2⤵
  PID:3452
- C:\Windows\System\eJGemIB.exe
  C:\Windows\System\eJGemIB.exe
  2⤵
  PID:3808
- C:\Windows\System\TLHULfG.exe
  C:\Windows\System\TLHULfG.exe
  2⤵
  PID:2224
- C:\Windows\System\VyNVEdo.exe
  C:\Windows\System\VyNVEdo.exe
  2⤵
  PID:2908
- C:\Windows\System\zeFlNVm.exe
  C:\Windows\System\zeFlNVm.exe
  2⤵
  PID:1964
- C:\Windows\System\ZQTsJuy.exe
  C:\Windows\System\ZQTsJuy.exe
  2⤵
  PID:5140
- C:\Windows\System\EojeimW.exe
  C:\Windows\System\EojeimW.exe
  2⤵
  PID:5180
- C:\Windows\System\NgRNzhx.exe
  C:\Windows\System\NgRNzhx.exe
  2⤵
  PID:5216
- C:\Windows\System\xxeZATG.exe
  C:\Windows\System\xxeZATG.exe
  2⤵
  PID:5244
- C:\Windows\System\BmylrlI.exe
  C:\Windows\System\BmylrlI.exe
  2⤵
  PID:5272
- C:\Windows\System\brFEmZE.exe
  C:\Windows\System\brFEmZE.exe
  2⤵
  PID:5292
- C:\Windows\System\qWgTyYW.exe
  C:\Windows\System\qWgTyYW.exe
  2⤵
  PID:5328
- C:\Windows\System\VemMotd.exe
  C:\Windows\System\VemMotd.exe
  2⤵
  PID:5356
- C:\Windows\System\rloLFlt.exe
  C:\Windows\System\rloLFlt.exe
  2⤵
  PID:5384
- C:\Windows\System\ildwleA.exe
  C:\Windows\System\ildwleA.exe
  2⤵
  PID:5404
- C:\Windows\System\sOdmECq.exe
  C:\Windows\System\sOdmECq.exe
  2⤵
  PID:5436
- C:\Windows\System\xhqOHeZ.exe
  C:\Windows\System\xhqOHeZ.exe
  2⤵
  PID:5468
- C:\Windows\System\pMSVRPu.exe
  C:\Windows\System\pMSVRPu.exe
  2⤵
  PID:5496
- C:\Windows\System\SvevzKq.exe
  C:\Windows\System\SvevzKq.exe
  2⤵
  PID:5528
- C:\Windows\System\tlRWvPx.exe
  C:\Windows\System\tlRWvPx.exe
  2⤵
  PID:5556
- C:\Windows\System\XHcZIMx.exe
  C:\Windows\System\XHcZIMx.exe
  2⤵
  PID:5584
- C:\Windows\System\ETLVLTw.exe
  C:\Windows\System\ETLVLTw.exe
  2⤵
  PID:5616
- C:\Windows\System\oMYUCBA.exe
  C:\Windows\System\oMYUCBA.exe
  2⤵
  PID:5660
- C:\Windows\System\WNPQAgL.exe
  C:\Windows\System\WNPQAgL.exe
  2⤵
  PID:5680
- C:\Windows\System\XAbmPmI.exe
  C:\Windows\System\XAbmPmI.exe
  2⤵
  PID:5740
- C:\Windows\System\EoyKEYm.exe
  C:\Windows\System\EoyKEYm.exe
  2⤵
  PID:5848
- C:\Windows\System\TSHQmJf.exe
  C:\Windows\System\TSHQmJf.exe
  2⤵
  PID:5880
- C:\Windows\System\padYXay.exe
  C:\Windows\System\padYXay.exe
  2⤵
  PID:5944
- C:\Windows\System\KKavYNN.exe
  C:\Windows\System\KKavYNN.exe
  2⤵
  PID:6008
- C:\Windows\System\sWCxyQz.exe
  C:\Windows\System\sWCxyQz.exe
  2⤵
  PID:6048
- C:\Windows\System\eWzLxyh.exe
  C:\Windows\System\eWzLxyh.exe
  2⤵
  PID:6092
- C:\Windows\System\oZxOIul.exe
  C:\Windows\System\oZxOIul.exe
  2⤵
  PID:6140
- C:\Windows\System\dDJZrGQ.exe
  C:\Windows\System\dDJZrGQ.exe
  2⤵
  PID:2496
- C:\Windows\System\SvLMTmd.exe
  C:\Windows\System\SvLMTmd.exe
  2⤵
  PID:2740
- C:\Windows\System\RwhbfuP.exe
  C:\Windows\System\RwhbfuP.exe
  2⤵
  PID:5284
- C:\Windows\System\bZylXTJ.exe
  C:\Windows\System\bZylXTJ.exe
  2⤵
  PID:5364
- C:\Windows\System\fuMtPFC.exe
  C:\Windows\System\fuMtPFC.exe
  2⤵
  PID:5428
- C:\Windows\System\ElKGdaF.exe
  C:\Windows\System\ElKGdaF.exe
  2⤵
  PID:5504
- C:\Windows\System\mEpaxBq.exe
  C:\Windows\System\mEpaxBq.exe
  2⤵
  PID:5548
- C:\Windows\System\kMlqtmF.exe
  C:\Windows\System\kMlqtmF.exe
  2⤵
  PID:5612
- C:\Windows\System\ZWZDuzO.exe
  C:\Windows\System\ZWZDuzO.exe
  2⤵
  PID:5792
- C:\Windows\System\Ijeqdga.exe
  C:\Windows\System\Ijeqdga.exe
  2⤵
  PID:5920
- C:\Windows\System\gnMvjAJ.exe
  C:\Windows\System\gnMvjAJ.exe
  2⤵
  PID:3344
- C:\Windows\System\jbALItw.exe
  C:\Windows\System\jbALItw.exe
  2⤵
  PID:6124
- C:\Windows\System\rMZQubF.exe
  C:\Windows\System\rMZQubF.exe
  2⤵
  PID:5840
- C:\Windows\System\RNlaeys.exe
  C:\Windows\System\RNlaeys.exe
  2⤵
  PID:5132
- C:\Windows\System\MIFqBQI.exe
  C:\Windows\System\MIFqBQI.exe
  2⤵
  PID:3624
- C:\Windows\System\qNLgcSC.exe
  C:\Windows\System\qNLgcSC.exe
  2⤵
  PID:5452
- C:\Windows\System\ygQIbCu.exe
  C:\Windows\System\ygQIbCu.exe
  2⤵
  PID:5596
- C:\Windows\System\yqSeoxb.exe
  C:\Windows\System\yqSeoxb.exe
  2⤵
  PID:5752
- C:\Windows\System\bHFLSXG.exe
  C:\Windows\System\bHFLSXG.exe
  2⤵
  PID:5952
- C:\Windows\System\VvkWGkL.exe
  C:\Windows\System\VvkWGkL.exe
  2⤵
  PID:6076
- C:\Windows\System\YwSuiMm.exe
  C:\Windows\System\YwSuiMm.exe
  2⤵
  PID:5232
- C:\Windows\System\ejNDnNc.exe
  C:\Windows\System\ejNDnNc.exe
  2⤵
  PID:5568
- C:\Windows\System\tdXVIkd.exe
  C:\Windows\System\tdXVIkd.exe
  2⤵
  PID:5804
- C:\Windows\System\RoxoaHK.exe
  C:\Windows\System\RoxoaHK.exe
  2⤵
  PID:4972
- C:\Windows\System\MpaBbdY.exe
  C:\Windows\System\MpaBbdY.exe
  2⤵
  PID:2108
- C:\Windows\System\BwdBcGl.exe
  C:\Windows\System\BwdBcGl.exe
  2⤵
  PID:4112
- C:\Windows\System\LRLayEf.exe
  C:\Windows\System\LRLayEf.exe
  2⤵
  PID:6160
- C:\Windows\System\ckXSsvF.exe
  C:\Windows\System\ckXSsvF.exe
  2⤵
  PID:6188
- C:\Windows\System\syTkNOU.exe
  C:\Windows\System\syTkNOU.exe
  2⤵
  PID:6212
- C:\Windows\System\kMxNsch.exe
  C:\Windows\System\kMxNsch.exe
  2⤵
  PID:6244
- C:\Windows\System\UVzThfb.exe
  C:\Windows\System\UVzThfb.exe
  2⤵
  PID:6276
- C:\Windows\System\ULWGtcS.exe
  C:\Windows\System\ULWGtcS.exe
  2⤵
  PID:6300
- C:\Windows\System\AlsupwB.exe
  C:\Windows\System\AlsupwB.exe
  2⤵
  PID:6328
- C:\Windows\System\hOeRwVn.exe
  C:\Windows\System\hOeRwVn.exe
  2⤵
  PID:6356
- C:\Windows\System\stfnBfc.exe
  C:\Windows\System\stfnBfc.exe
  2⤵
  PID:6388
- C:\Windows\System\uVusQOv.exe
  C:\Windows\System\uVusQOv.exe
  2⤵
  PID:6416
- C:\Windows\System\eXZATkZ.exe
  C:\Windows\System\eXZATkZ.exe
  2⤵
  PID:6436
- C:\Windows\System\mmcgxMn.exe
  C:\Windows\System\mmcgxMn.exe
  2⤵
  PID:6472
- C:\Windows\System\EAeoOji.exe
  C:\Windows\System\EAeoOji.exe
  2⤵
  PID:6500
- C:\Windows\System\mCUAPWT.exe
  C:\Windows\System\mCUAPWT.exe
  2⤵
  PID:6528
- C:\Windows\System\YYGQAlv.exe
  C:\Windows\System\YYGQAlv.exe
  2⤵
  PID:6556
- C:\Windows\System\XrpkQNf.exe
  C:\Windows\System\XrpkQNf.exe
  2⤵
  PID:6592
- C:\Windows\System\OJKUhEa.exe
  C:\Windows\System\OJKUhEa.exe
  2⤵
  PID:6616
- C:\Windows\System\DxYSLRm.exe
  C:\Windows\System\DxYSLRm.exe
  2⤵
  PID:6640
- C:\Windows\System\BvLQAGA.exe
  C:\Windows\System\BvLQAGA.exe
  2⤵
  PID:6668
- C:\Windows\System\nMGAyia.exe
  C:\Windows\System\nMGAyia.exe
  2⤵
  PID:6700
- C:\Windows\System\BucmxMX.exe
  C:\Windows\System\BucmxMX.exe
  2⤵
  PID:6732
- C:\Windows\System\mohVHOX.exe
  C:\Windows\System\mohVHOX.exe
  2⤵
  PID:6760
- C:\Windows\System\FhZygnP.exe
  C:\Windows\System\FhZygnP.exe
  2⤵
  PID:6788
- C:\Windows\System\xsGNESJ.exe
  C:\Windows\System\xsGNESJ.exe
  2⤵
  PID:6824
- C:\Windows\System\TkeDNYU.exe
  C:\Windows\System\TkeDNYU.exe
  2⤵
  PID:6856
- C:\Windows\System\ZQeAbPn.exe
  C:\Windows\System\ZQeAbPn.exe
  2⤵
  PID:6872
- C:\Windows\System\BRbQOek.exe
  C:\Windows\System\BRbQOek.exe
  2⤵
  PID:6908
- C:\Windows\System\lMbMkTB.exe
  C:\Windows\System\lMbMkTB.exe
  2⤵
  PID:6928
- C:\Windows\System\XQIPdPD.exe
  C:\Windows\System\XQIPdPD.exe
  2⤵
  PID:6956
- C:\Windows\System\tUEavQX.exe
  C:\Windows\System\tUEavQX.exe
  2⤵
  PID:7004
- C:\Windows\System\yoHtwsB.exe
  C:\Windows\System\yoHtwsB.exe
  2⤵
  PID:7032
- C:\Windows\System\woaPLiO.exe
  C:\Windows\System\woaPLiO.exe
  2⤵
  PID:7072
- C:\Windows\System\BCsHZxY.exe
  C:\Windows\System\BCsHZxY.exe
  2⤵
  PID:7112
- C:\Windows\System\xETVHkI.exe
  C:\Windows\System\xETVHkI.exe
  2⤵
  PID:7144
- C:\Windows\System\vFgEEsk.exe
  C:\Windows\System\vFgEEsk.exe
  2⤵
  PID:6252
- C:\Windows\System\dhVFYxc.exe
  C:\Windows\System\dhVFYxc.exe
  2⤵
  PID:6336
- C:\Windows\System\vRAiPcy.exe
  C:\Windows\System\vRAiPcy.exe
  2⤵
  PID:6368
- C:\Windows\System\Izyncsr.exe
  C:\Windows\System\Izyncsr.exe
  2⤵
  PID:6448
- C:\Windows\System\rdGYnAM.exe
  C:\Windows\System\rdGYnAM.exe
  2⤵
  PID:6492
- C:\Windows\System\AMIeNQZ.exe
  C:\Windows\System\AMIeNQZ.exe
  2⤵
  PID:6564
- C:\Windows\System\FuPeoPn.exe
  C:\Windows\System\FuPeoPn.exe
  2⤵
  PID:6652
- C:\Windows\System\tCHTOMF.exe
  C:\Windows\System\tCHTOMF.exe
  2⤵
  PID:6716
- C:\Windows\System\DdAWSqW.exe
  C:\Windows\System\DdAWSqW.exe
  2⤵
  PID:6768
- C:\Windows\System\jhIZxXY.exe
  C:\Windows\System\jhIZxXY.exe
  2⤵
  PID:6864
- C:\Windows\System\SxlleDl.exe
  C:\Windows\System\SxlleDl.exe
  2⤵
  PID:6920
- C:\Windows\System\XixFivB.exe
  C:\Windows\System\XixFivB.exe
  2⤵
  PID:6952
- C:\Windows\System\UCDkSqj.exe
  C:\Windows\System\UCDkSqj.exe
  2⤵
  PID:7068
- C:\Windows\System\nJMvYGh.exe
  C:\Windows\System\nJMvYGh.exe
  2⤵
  PID:7124
- C:\Windows\System\jytlIBi.exe
  C:\Windows\System\jytlIBi.exe
  2⤵
  PID:6272
- C:\Windows\System\QvjnaIr.exe
  C:\Windows\System\QvjnaIr.exe
  2⤵
  PID:6148
- C:\Windows\System\SbUHKlW.exe
  C:\Windows\System\SbUHKlW.exe
  2⤵
  PID:7156
- C:\Windows\System\xDmgjtg.exe
  C:\Windows\System\xDmgjtg.exe
  2⤵
  PID:6484
- C:\Windows\System\OzRgodp.exe
  C:\Windows\System\OzRgodp.exe
  2⤵
  PID:6680
- C:\Windows\System\cgeqJxj.exe
  C:\Windows\System\cgeqJxj.exe
  2⤵
  PID:6844
- C:\Windows\System\wzbvDDN.exe
  C:\Windows\System\wzbvDDN.exe
  2⤵
  PID:6984
- C:\Windows\System\pubiDAI.exe
  C:\Windows\System\pubiDAI.exe
  2⤵
  PID:7100
- C:\Windows\System\XHiDoVS.exe
  C:\Windows\System\XHiDoVS.exe
  2⤵
  PID:6228
- C:\Windows\System\rxhTkIW.exe
  C:\Windows\System\rxhTkIW.exe
  2⤵
  PID:6424
- C:\Windows\System\jcMSiCh.exe
  C:\Windows\System\jcMSiCh.exe
  2⤵
  PID:6884
- C:\Windows\System\AnGNbVz.exe
  C:\Windows\System\AnGNbVz.exe
  2⤵
  PID:6176
- C:\Windows\System\IBSWUwS.exe
  C:\Windows\System\IBSWUwS.exe
  2⤵
  PID:1160
- C:\Windows\System\zjvyCsV.exe
  C:\Windows\System\zjvyCsV.exe
  2⤵
  PID:6200
- C:\Windows\System\rONtood.exe
  C:\Windows\System\rONtood.exe
  2⤵
  PID:7188
- C:\Windows\System\tioEBaa.exe
  C:\Windows\System\tioEBaa.exe
  2⤵
  PID:7224
- C:\Windows\System\KeyMjpn.exe
  C:\Windows\System\KeyMjpn.exe
  2⤵
  PID:7244
- C:\Windows\System\tXwYtru.exe
  C:\Windows\System\tXwYtru.exe
  2⤵
  PID:7272
- C:\Windows\System\fQZlelJ.exe
  C:\Windows\System\fQZlelJ.exe
  2⤵
  PID:7308
- C:\Windows\System\xBGOnzZ.exe
  C:\Windows\System\xBGOnzZ.exe
  2⤵
  PID:7328
- C:\Windows\System\QGgFGsF.exe
  C:\Windows\System\QGgFGsF.exe
  2⤵
  PID:7372
- C:\Windows\System\wmhKoJg.exe
  C:\Windows\System\wmhKoJg.exe
  2⤵
  PID:7396
- C:\Windows\System\kdRZvCi.exe
  C:\Windows\System\kdRZvCi.exe
  2⤵
  PID:7424
- C:\Windows\System\CjhPyHD.exe
  C:\Windows\System\CjhPyHD.exe
  2⤵
  PID:7444
- C:\Windows\System\CuSbuZP.exe
  C:\Windows\System\CuSbuZP.exe
  2⤵
  PID:7472
- C:\Windows\System\FQMyFOs.exe
  C:\Windows\System\FQMyFOs.exe
  2⤵
  PID:7500
- C:\Windows\System\CzUfBjh.exe
  C:\Windows\System\CzUfBjh.exe
  2⤵
  PID:7532
- C:\Windows\System\OIyLwYj.exe
  C:\Windows\System\OIyLwYj.exe
  2⤵
  PID:7556
- C:\Windows\System\YRgUzvo.exe
  C:\Windows\System\YRgUzvo.exe
  2⤵
  PID:7584
- C:\Windows\System\woNrEVq.exe
  C:\Windows\System\woNrEVq.exe
  2⤵
  PID:7616
- C:\Windows\System\HNDaFya.exe
  C:\Windows\System\HNDaFya.exe
  2⤵
  PID:7656
- C:\Windows\System\frnDdxv.exe
  C:\Windows\System\frnDdxv.exe
  2⤵
  PID:7672
- C:\Windows\System\BqmAcwz.exe
  C:\Windows\System\BqmAcwz.exe
  2⤵
  PID:7700
- C:\Windows\System\pNdLGpw.exe
  C:\Windows\System\pNdLGpw.exe
  2⤵
  PID:7728
- C:\Windows\System\XeYjMNX.exe
  C:\Windows\System\XeYjMNX.exe
  2⤵
  PID:7760
- C:\Windows\System\TfhyEvR.exe
  C:\Windows\System\TfhyEvR.exe
  2⤵
  PID:7784
- C:\Windows\System\xsoveMV.exe
  C:\Windows\System\xsoveMV.exe
  2⤵
  PID:7812
- C:\Windows\System\ZtsVljp.exe
  C:\Windows\System\ZtsVljp.exe
  2⤵
  PID:7844
- C:\Windows\System\xiNPzQs.exe
  C:\Windows\System\xiNPzQs.exe
  2⤵
  PID:7868
- C:\Windows\System\qANgjxo.exe
  C:\Windows\System\qANgjxo.exe
  2⤵
  PID:7896
- C:\Windows\System\yMpPLGD.exe
  C:\Windows\System\yMpPLGD.exe
  2⤵
  PID:7932
- C:\Windows\System\RwbsZCz.exe
  C:\Windows\System\RwbsZCz.exe
  2⤵
  PID:7964
- C:\Windows\System\ljFWHSj.exe
  C:\Windows\System\ljFWHSj.exe
  2⤵
  PID:7984
- C:\Windows\System\JTMFnTd.exe
  C:\Windows\System\JTMFnTd.exe
  2⤵
  PID:8012
- C:\Windows\System\OItleVz.exe
  C:\Windows\System\OItleVz.exe
  2⤵
  PID:8060
- C:\Windows\System\RazYTuU.exe
  C:\Windows\System\RazYTuU.exe
  2⤵
  PID:8104
- C:\Windows\System\SCAyLhi.exe
  C:\Windows\System\SCAyLhi.exe
  2⤵
  PID:8156
- C:\Windows\System\FsEoKpc.exe
  C:\Windows\System\FsEoKpc.exe
  2⤵
  PID:7268
- C:\Windows\System\UwLvItN.exe
  C:\Windows\System\UwLvItN.exe
  2⤵
  PID:7408
- C:\Windows\System\BcmrFOB.exe
  C:\Windows\System\BcmrFOB.exe
  2⤵
  PID:7492
- C:\Windows\System\xHIsBYY.exe
  C:\Windows\System\xHIsBYY.exe
  2⤵
  PID:7524
- C:\Windows\System\aiATotA.exe
  C:\Windows\System\aiATotA.exe
  2⤵
  PID:7580
- C:\Windows\System\JtlLTlp.exe
  C:\Windows\System\JtlLTlp.exe
  2⤵
  PID:7636
- C:\Windows\System\wgdpEPi.exe
  C:\Windows\System\wgdpEPi.exe
  2⤵
  PID:7768
- C:\Windows\System\lteiQtz.exe
  C:\Windows\System\lteiQtz.exe
  2⤵
  PID:7836
- C:\Windows\System\sYwFSrr.exe
  C:\Windows\System\sYwFSrr.exe
  2⤵
  PID:7892
- C:\Windows\System\yLvBpZg.exe
  C:\Windows\System\yLvBpZg.exe
  2⤵
  PID:7944
- C:\Windows\System\zIyYuYr.exe
  C:\Windows\System\zIyYuYr.exe
  2⤵
  PID:8024
- C:\Windows\System\oWDfiEW.exe
  C:\Windows\System\oWDfiEW.exe
  2⤵
  PID:8136
- C:\Windows\System\ZTGqqfF.exe
  C:\Windows\System\ZTGqqfF.exe
  2⤵
  PID:7404
- C:\Windows\System\ejuCQBX.exe
  C:\Windows\System\ejuCQBX.exe
  2⤵
  PID:7520
- C:\Windows\System\YzMwaaa.exe
  C:\Windows\System\YzMwaaa.exe
  2⤵
  PID:7624
- C:\Windows\System\CrujgEK.exe
  C:\Windows\System\CrujgEK.exe
  2⤵
  PID:7824
- C:\Windows\System\rDVkXNx.exe
  C:\Windows\System\rDVkXNx.exe
  2⤵
  PID:7976
- C:\Windows\System\oEULlAd.exe
  C:\Windows\System\oEULlAd.exe
  2⤵
  PID:8168
- C:\Windows\System\dUidths.exe
  C:\Windows\System\dUidths.exe
  2⤵
  PID:1844
- C:\Windows\System\HWqvZsr.exe
  C:\Windows\System\HWqvZsr.exe
  2⤵
  PID:5056
- C:\Windows\System\dUPPCkD.exe
  C:\Windows\System\dUPPCkD.exe
  2⤵
  PID:7264
- C:\Windows\System\LMFHUtg.exe
  C:\Windows\System\LMFHUtg.exe
  2⤵
  PID:8084
- C:\Windows\System\RvIgYsx.exe
  C:\Windows\System\RvIgYsx.exe
  2⤵
  PID:920
- C:\Windows\System\yyXDEHM.exe
  C:\Windows\System\yyXDEHM.exe
  2⤵
  PID:8088
- C:\Windows\System\llLRZEJ.exe
  C:\Windows\System\llLRZEJ.exe
  2⤵
  PID:7860
- C:\Windows\System\wyqECgL.exe
  C:\Windows\System\wyqECgL.exe
  2⤵
  PID:8196
- C:\Windows\System\pLDCRKo.exe
  C:\Windows\System\pLDCRKo.exe
  2⤵
  PID:8232
- C:\Windows\System\jPlIVQw.exe
  C:\Windows\System\jPlIVQw.exe
  2⤵
  PID:8260
- C:\Windows\System\CtzFwkg.exe
  C:\Windows\System\CtzFwkg.exe
  2⤵
  PID:8288
- C:\Windows\System\umxZqPu.exe
  C:\Windows\System\umxZqPu.exe
  2⤵
  PID:8316
- C:\Windows\System\CRcMVCA.exe
  C:\Windows\System\CRcMVCA.exe
  2⤵
  PID:8344
- C:\Windows\System\PAlEwyZ.exe
  C:\Windows\System\PAlEwyZ.exe
  2⤵
  PID:8372
- C:\Windows\System\zfhDeTH.exe
  C:\Windows\System\zfhDeTH.exe
  2⤵
  PID:8400
- C:\Windows\System\izUaEFR.exe
  C:\Windows\System\izUaEFR.exe
  2⤵
  PID:8428
- C:\Windows\System\svZbIme.exe
  C:\Windows\System\svZbIme.exe
  2⤵
  PID:8456
- C:\Windows\System\YGXySVz.exe
  C:\Windows\System\YGXySVz.exe
  2⤵
  PID:8484
- C:\Windows\System\BOUxbVh.exe
  C:\Windows\System\BOUxbVh.exe
  2⤵
  PID:8512
- C:\Windows\System\HluVJly.exe
  C:\Windows\System\HluVJly.exe
  2⤵
  PID:8540
- C:\Windows\System\SEcmxnk.exe
  C:\Windows\System\SEcmxnk.exe
  2⤵
  PID:8568
- C:\Windows\System\QfmZLDu.exe
  C:\Windows\System\QfmZLDu.exe
  2⤵
  PID:8596
- C:\Windows\System\JjfyfuG.exe
  C:\Windows\System\JjfyfuG.exe
  2⤵
  PID:8624
- C:\Windows\System\jPcmOnq.exe
  C:\Windows\System\jPcmOnq.exe
  2⤵
  PID:8652
- C:\Windows\System\hpXFYVf.exe
  C:\Windows\System\hpXFYVf.exe
  2⤵
  PID:8680
- C:\Windows\System\oGuWmom.exe
  C:\Windows\System\oGuWmom.exe
  2⤵
  PID:8708
- C:\Windows\System\OgYPccl.exe
  C:\Windows\System\OgYPccl.exe
  2⤵
  PID:8736
- C:\Windows\System\nUwbWOF.exe
  C:\Windows\System\nUwbWOF.exe
  2⤵
  PID:8764
- C:\Windows\System\vshiUUh.exe
  C:\Windows\System\vshiUUh.exe
  2⤵
  PID:8792
- C:\Windows\System\pKJKsyR.exe
  C:\Windows\System\pKJKsyR.exe
  2⤵
  PID:8820
- C:\Windows\System\waLCSrs.exe
  C:\Windows\System\waLCSrs.exe
  2⤵
  PID:8848
- C:\Windows\System\nGFQmaK.exe
  C:\Windows\System\nGFQmaK.exe
  2⤵
  PID:8876
- C:\Windows\System\dSOKOkE.exe
  C:\Windows\System\dSOKOkE.exe
  2⤵
  PID:8904
- C:\Windows\System\mFurzoT.exe
  C:\Windows\System\mFurzoT.exe
  2⤵
  PID:8932
- C:\Windows\System\vAJDoff.exe
  C:\Windows\System\vAJDoff.exe
  2⤵
  PID:8960
- C:\Windows\System\gfZtVHq.exe
  C:\Windows\System\gfZtVHq.exe
  2⤵
  PID:8988
- C:\Windows\System\KJNRPFg.exe
  C:\Windows\System\KJNRPFg.exe
  2⤵
  PID:9016
- C:\Windows\System\EkyObXQ.exe
  C:\Windows\System\EkyObXQ.exe
  2⤵
  PID:9052
- C:\Windows\System\dXygRCg.exe
  C:\Windows\System\dXygRCg.exe
  2⤵
  PID:9076
- C:\Windows\System\OLqoRiO.exe
  C:\Windows\System\OLqoRiO.exe
  2⤵
  PID:9104
- C:\Windows\System\MWNOgIP.exe
  C:\Windows\System\MWNOgIP.exe
  2⤵
  PID:9132
- C:\Windows\System\WTNSsXu.exe
  C:\Windows\System\WTNSsXu.exe
  2⤵
  PID:9160
- C:\Windows\System\VjqkXdH.exe
  C:\Windows\System\VjqkXdH.exe
  2⤵
  PID:9188
- C:\Windows\System\kuqpAiD.exe
  C:\Windows\System\kuqpAiD.exe
  2⤵
  PID:8204
- C:\Windows\System\kTxOVlh.exe
  C:\Windows\System\kTxOVlh.exe
  2⤵
  PID:8252
- C:\Windows\System\pRKavEd.exe
  C:\Windows\System\pRKavEd.exe
  2⤵
  PID:2236
- C:\Windows\System\ILRNVNd.exe
  C:\Windows\System\ILRNVNd.exe
  2⤵
  PID:8392
- C:\Windows\System\tqgkuTi.exe
  C:\Windows\System\tqgkuTi.exe
  2⤵
  PID:8440
- C:\Windows\System\dlCENbc.exe
  C:\Windows\System\dlCENbc.exe
  2⤵
  PID:8504
- C:\Windows\System\NtCpIdI.exe
  C:\Windows\System\NtCpIdI.exe
  2⤵
  PID:8592
- C:\Windows\System\XscXdJL.exe
  C:\Windows\System\XscXdJL.exe
  2⤵
  PID:8644
- C:\Windows\System\uTLyYBX.exe
  C:\Windows\System\uTLyYBX.exe
  2⤵
  PID:3760
- C:\Windows\System\XQjXAER.exe
  C:\Windows\System\XQjXAER.exe
  2⤵
  PID:8732
- C:\Windows\System\uFwmCak.exe
  C:\Windows\System\uFwmCak.exe
  2⤵
  PID:8816
- C:\Windows\System\FczcISV.exe
  C:\Windows\System\FczcISV.exe
  2⤵
  PID:8872
- C:\Windows\System\ZTaFaMN.exe
  C:\Windows\System\ZTaFaMN.exe
  2⤵
  PID:8928
- C:\Windows\System\EYZiLnc.exe
  C:\Windows\System\EYZiLnc.exe
  2⤵
  PID:9012
- C:\Windows\System\CeUYBrP.exe
  C:\Windows\System\CeUYBrP.exe
  2⤵
  PID:9040
- C:\Windows\System\WxkmZul.exe
  C:\Windows\System\WxkmZul.exe
  2⤵
  PID:9116
- C:\Windows\System\VtwOkOn.exe
  C:\Windows\System\VtwOkOn.exe
  2⤵
  PID:9172
- C:\Windows\System\ybNfeaj.exe
  C:\Windows\System\ybNfeaj.exe
  2⤵
  PID:8216
- C:\Windows\System\ECmMEmP.exe
  C:\Windows\System\ECmMEmP.exe
  2⤵
  PID:8356
- C:\Windows\System\evtZlSK.exe
  C:\Windows\System\evtZlSK.exe
  2⤵
  PID:8480
- C:\Windows\System\SaOtFsX.exe
  C:\Windows\System\SaOtFsX.exe
  2⤵
  PID:3028
- C:\Windows\System\hNppeyQ.exe
  C:\Windows\System\hNppeyQ.exe
  2⤵
  PID:8728
- C:\Windows\System\VNKjUEe.exe
  C:\Windows\System\VNKjUEe.exe
  2⤵
  PID:3396
- C:\Windows\System\FJdhvFA.exe
  C:\Windows\System\FJdhvFA.exe
  2⤵
  PID:2948
- C:\Windows\System\MeWhaDy.exe
  C:\Windows\System\MeWhaDy.exe
  2⤵
  PID:8068
- C:\Windows\System\XdYaUBg.exe
  C:\Windows\System\XdYaUBg.exe
  2⤵
  PID:8980
- C:\Windows\System\TbQNbTc.exe
  C:\Windows\System\TbQNbTc.exe
  2⤵
  PID:9128
- C:\Windows\System\DMStcxX.exe
  C:\Windows\System\DMStcxX.exe
  2⤵
  PID:8308
- C:\Windows\System\YFJMPEF.exe
  C:\Windows\System\YFJMPEF.exe
  2⤵
  PID:8616
- C:\Windows\System\GzVDXQA.exe
  C:\Windows\System\GzVDXQA.exe
  2⤵
  PID:5628
- C:\Windows\System\pWFFILs.exe
  C:\Windows\System\pWFFILs.exe
  2⤵
  PID:8868
- C:\Windows\System\cHxDwan.exe
  C:\Windows\System\cHxDwan.exe
  2⤵
  PID:9184
- C:\Windows\System\UoBmxCh.exe
  C:\Windows\System\UoBmxCh.exe
  2⤵
  PID:8720
- C:\Windows\System\LZffgGD.exe
  C:\Windows\System\LZffgGD.exe
  2⤵
  PID:8972
- C:\Windows\System\mcNYFfT.exe
  C:\Windows\System\mcNYFfT.exe
  2⤵
  PID:756
- C:\Windows\System\PkeKmCl.exe
  C:\Windows\System\PkeKmCl.exe
  2⤵
  PID:9224
- C:\Windows\System\MOFwYFr.exe
  C:\Windows\System\MOFwYFr.exe
  2⤵
  PID:9252
- C:\Windows\System\AgjFgAV.exe
  C:\Windows\System\AgjFgAV.exe
  2⤵
  PID:9280
- C:\Windows\System\bfGXFOl.exe
  C:\Windows\System\bfGXFOl.exe
  2⤵
  PID:9308
- C:\Windows\System\WkySpOT.exe
  C:\Windows\System\WkySpOT.exe
  2⤵
  PID:9336
- C:\Windows\System\CCQHpBp.exe
  C:\Windows\System\CCQHpBp.exe
  2⤵
  PID:9364
- C:\Windows\System\BqNqzik.exe
  C:\Windows\System\BqNqzik.exe
  2⤵
  PID:9392
- C:\Windows\System\rmQwdnU.exe
  C:\Windows\System\rmQwdnU.exe
  2⤵
  PID:9420
- C:\Windows\System\BOvpcvf.exe
  C:\Windows\System\BOvpcvf.exe
  2⤵
  PID:9448
- C:\Windows\System\kWRxPnW.exe
  C:\Windows\System\kWRxPnW.exe
  2⤵
  PID:9476
- C:\Windows\System\cDGnwkZ.exe
  C:\Windows\System\cDGnwkZ.exe
  2⤵
  PID:9504
- C:\Windows\System\zsXFTWD.exe
  C:\Windows\System\zsXFTWD.exe
  2⤵
  PID:9532
- C:\Windows\System\WVHOFCH.exe
  C:\Windows\System\WVHOFCH.exe
  2⤵
  PID:9560
- C:\Windows\System\GnIXDUV.exe
  C:\Windows\System\GnIXDUV.exe
  2⤵
  PID:9588
- C:\Windows\System\FsgVHVx.exe
  C:\Windows\System\FsgVHVx.exe
  2⤵
  PID:9616
- C:\Windows\System\LdTYAxe.exe
  C:\Windows\System\LdTYAxe.exe
  2⤵
  PID:9644
- C:\Windows\System\rQmBSqt.exe
  C:\Windows\System\rQmBSqt.exe
  2⤵
  PID:9672
- C:\Windows\System\GtzkgYd.exe
  C:\Windows\System\GtzkgYd.exe
  2⤵
  PID:9700
- C:\Windows\System\WNYzAOf.exe
  C:\Windows\System\WNYzAOf.exe
  2⤵
  PID:9728
- C:\Windows\System\PGsfFRv.exe
  C:\Windows\System\PGsfFRv.exe
  2⤵
  PID:9760
- C:\Windows\System\meNtaSg.exe
  C:\Windows\System\meNtaSg.exe
  2⤵
  PID:9788
- C:\Windows\System\PEiKKyh.exe
  C:\Windows\System\PEiKKyh.exe
  2⤵
  PID:9816
- C:\Windows\System\VZpZEtT.exe
  C:\Windows\System\VZpZEtT.exe
  2⤵
  PID:9844
- C:\Windows\System\TPDcxOO.exe
  C:\Windows\System\TPDcxOO.exe
  2⤵
  PID:9872
- C:\Windows\System\iUugvvI.exe
  C:\Windows\System\iUugvvI.exe
  2⤵
  PID:9900
- C:\Windows\System\MtOQivS.exe
  C:\Windows\System\MtOQivS.exe
  2⤵
  PID:9928
- C:\Windows\System\XMfCtFc.exe
  C:\Windows\System\XMfCtFc.exe
  2⤵
  PID:9956
- C:\Windows\System\ljFJxVr.exe
  C:\Windows\System\ljFJxVr.exe
  2⤵
  PID:9984
- C:\Windows\System\QkENlbI.exe
  C:\Windows\System\QkENlbI.exe
  2⤵
  PID:10012
- C:\Windows\System\CdIbJKJ.exe
  C:\Windows\System\CdIbJKJ.exe
  2⤵
  PID:10040
- C:\Windows\System\nrNlIZD.exe
  C:\Windows\System\nrNlIZD.exe
  2⤵
  PID:10068
- C:\Windows\System\EJUjJPH.exe
  C:\Windows\System\EJUjJPH.exe
  2⤵
  PID:10096
- C:\Windows\System\dRkuHOf.exe
  C:\Windows\System\dRkuHOf.exe
  2⤵
  PID:10124
- C:\Windows\System\IzwIMCl.exe
  C:\Windows\System\IzwIMCl.exe
  2⤵
  PID:10152
- C:\Windows\System\AiyLSTS.exe
  C:\Windows\System\AiyLSTS.exe
  2⤵
  PID:10184
- C:\Windows\System\mtnaAqY.exe
  C:\Windows\System\mtnaAqY.exe
  2⤵
  PID:10212
- C:\Windows\System\PLYFMsE.exe
  C:\Windows\System\PLYFMsE.exe
  2⤵
  PID:9244
- C:\Windows\System\qmRrnsk.exe
  C:\Windows\System\qmRrnsk.exe
  2⤵
  PID:9276
- C:\Windows\System\fDnRPym.exe
  C:\Windows\System\fDnRPym.exe
  2⤵
  PID:4172
- C:\Windows\System\DyWIHZj.exe
  C:\Windows\System\DyWIHZj.exe
  2⤵
  PID:9496
- C:\Windows\System\ULZykHD.exe
  C:\Windows\System\ULZykHD.exe
  2⤵
  PID:5048
- C:\Windows\System\dRUoSsf.exe
  C:\Windows\System\dRUoSsf.exe
  2⤵
  PID:9636
- C:\Windows\System\hokfGNb.exe
  C:\Windows\System\hokfGNb.exe
  2⤵
  PID:9668
- C:\Windows\System\LanaIwJ.exe
  C:\Windows\System\LanaIwJ.exe
  2⤵
  PID:9724
- C:\Windows\System\IwIENNn.exe
  C:\Windows\System\IwIENNn.exe
  2⤵
  PID:9812
- C:\Windows\System\UamTWKm.exe
  C:\Windows\System\UamTWKm.exe
  2⤵
  PID:9840
- C:\Windows\System\iKhrRjd.exe
  C:\Windows\System\iKhrRjd.exe
  2⤵
  PID:9884
- C:\Windows\System\CdrrJno.exe
  C:\Windows\System\CdrrJno.exe
  2⤵
  PID:10032
- C:\Windows\System\VfnmPLA.exe
  C:\Windows\System\VfnmPLA.exe
  2⤵
  PID:10060
- C:\Windows\System\SazPRJj.exe
  C:\Windows\System\SazPRJj.exe
  2⤵
  PID:10144
- C:\Windows\System\SUGApdj.exe
  C:\Windows\System\SUGApdj.exe
  2⤵
  PID:10196
- C:\Windows\System\IeFLqqU.exe
  C:\Windows\System\IeFLqqU.exe
  2⤵
  PID:9748
- C:\Windows\System\Mvkgppw.exe
  C:\Windows\System\Mvkgppw.exe
  2⤵
  PID:9328
- C:\Windows\System\QdgclSC.exe
  C:\Windows\System\QdgclSC.exe
  2⤵
  PID:9580
- C:\Windows\System\yVLgPfk.exe
  C:\Windows\System\yVLgPfk.exe
  2⤵
  PID:6264
- C:\Windows\System\sdhWUhs.exe
  C:\Windows\System\sdhWUhs.exe
  2⤵
  PID:4916
- C:\Windows\System\Ctjhdgq.exe
  C:\Windows\System\Ctjhdgq.exe
  2⤵
  PID:9912
- C:\Windows\System\cbCsIiL.exe
  C:\Windows\System\cbCsIiL.exe
  2⤵
  PID:7360
- C:\Windows\System\fIfqupD.exe
  C:\Windows\System\fIfqupD.exe
  2⤵
  PID:10164
- C:\Windows\System\ZnUafIB.exe
  C:\Windows\System\ZnUafIB.exe
  2⤵
  PID:9460
- C:\Windows\System\RLPrMTB.exe
  C:\Windows\System\RLPrMTB.exe
  2⤵
  PID:1456
- C:\Windows\System\qrxBSzT.exe
  C:\Windows\System\qrxBSzT.exe
  2⤵
  PID:10052
- C:\Windows\System\xVEdGiU.exe
  C:\Windows\System\xVEdGiU.exe
  2⤵
  PID:9272
- C:\Windows\System\UNlrQAY.exe
  C:\Windows\System\UNlrQAY.exe
  2⤵
  PID:10224
- C:\Windows\System\wDMZeJI.exe
  C:\Windows\System\wDMZeJI.exe
  2⤵
  PID:9696
- C:\Windows\System\HAVOjKV.exe
  C:\Windows\System\HAVOjKV.exe
  2⤵
  PID:10268
- C:\Windows\System\rHKhWCC.exe
  C:\Windows\System\rHKhWCC.exe
  2⤵
  PID:10296
- C:\Windows\System\zvNIBBA.exe
  C:\Windows\System\zvNIBBA.exe
  2⤵
  PID:10324
- C:\Windows\System\CIkFBqE.exe
  C:\Windows\System\CIkFBqE.exe
  2⤵
  PID:10352
- C:\Windows\System\AnDjzPv.exe
  C:\Windows\System\AnDjzPv.exe
  2⤵
  PID:10380
- C:\Windows\System\ySdCkvA.exe
  C:\Windows\System\ySdCkvA.exe
  2⤵
  PID:10408
- C:\Windows\System\CemuION.exe
  C:\Windows\System\CemuION.exe
  2⤵
  PID:10424
- C:\Windows\System\StuQNYD.exe
  C:\Windows\System\StuQNYD.exe
  2⤵
  PID:10464
- C:\Windows\System\MpsRnfO.exe
  C:\Windows\System\MpsRnfO.exe
  2⤵
  PID:10496
- C:\Windows\System\HDKjyFG.exe
  C:\Windows\System\HDKjyFG.exe
  2⤵
  PID:10520
- C:\Windows\System\MheVDBx.exe
  C:\Windows\System\MheVDBx.exe
  2⤵
  PID:10552
- C:\Windows\System\lPifwcC.exe
  C:\Windows\System\lPifwcC.exe
  2⤵
  PID:10580
- C:\Windows\System\xcwSRub.exe
  C:\Windows\System\xcwSRub.exe
  2⤵
  PID:10608
- C:\Windows\System\XKhlLqR.exe
  C:\Windows\System\XKhlLqR.exe
  2⤵
  PID:10636
- C:\Windows\System\BFCImPl.exe
  C:\Windows\System\BFCImPl.exe
  2⤵
  PID:10664
- C:\Windows\System\QZrkuaf.exe
  C:\Windows\System\QZrkuaf.exe
  2⤵
  PID:10692
- C:\Windows\System\nTXAaUV.exe
  C:\Windows\System\nTXAaUV.exe
  2⤵
  PID:10720
- C:\Windows\System\movSjLR.exe
  C:\Windows\System\movSjLR.exe
  2⤵
  PID:10768
- C:\Windows\System\VbMzXnJ.exe
  C:\Windows\System\VbMzXnJ.exe
  2⤵
  PID:10816
- C:\Windows\System\xxmOdMI.exe
  C:\Windows\System\xxmOdMI.exe
  2⤵
  PID:10836
- C:\Windows\System\lBcUUHa.exe
  C:\Windows\System\lBcUUHa.exe
  2⤵
  PID:10864
- C:\Windows\System\GDzlpZf.exe
  C:\Windows\System\GDzlpZf.exe
  2⤵
  PID:10912
- C:\Windows\System\afYwJkG.exe
  C:\Windows\System\afYwJkG.exe
  2⤵
  PID:10940
- C:\Windows\System\oVEQBeJ.exe
  C:\Windows\System\oVEQBeJ.exe
  2⤵
  PID:10972
- C:\Windows\System\kaZBjFP.exe
  C:\Windows\System\kaZBjFP.exe
  2⤵
  PID:11028
- C:\Windows\System\eTmAHKl.exe
  C:\Windows\System\eTmAHKl.exe
  2⤵
  PID:11060
- C:\Windows\System\VKSEysU.exe
  C:\Windows\System\VKSEysU.exe
  2⤵
  PID:11092
- C:\Windows\System\jPSFBLn.exe
  C:\Windows\System\jPSFBLn.exe
  2⤵
  PID:11124
- C:\Windows\System\QBbIaNu.exe
  C:\Windows\System\QBbIaNu.exe
  2⤵
  PID:11156
- C:\Windows\System\BzwbOWt.exe
  C:\Windows\System\BzwbOWt.exe
  2⤵
  PID:11184
- C:\Windows\System\qyPjshj.exe
  C:\Windows\System\qyPjshj.exe
  2⤵
  PID:11212
- C:\Windows\System\jCivpAW.exe
  C:\Windows\System\jCivpAW.exe
  2⤵
  PID:11240
- C:\Windows\System\IyDYmCw.exe
  C:\Windows\System\IyDYmCw.exe
  2⤵
  PID:10252
- C:\Windows\System\zFLUFpT.exe
  C:\Windows\System\zFLUFpT.exe
  2⤵
  PID:10308
- C:\Windows\System\xljTvGa.exe
  C:\Windows\System\xljTvGa.exe
  2⤵
  PID:10364
- C:\Windows\System\bnmaBlQ.exe
  C:\Windows\System\bnmaBlQ.exe
  2⤵
  PID:10416
- C:\Windows\System\DlkSMar.exe
  C:\Windows\System\DlkSMar.exe
  2⤵
  PID:10484
- C:\Windows\System\JZiMqRn.exe
  C:\Windows\System\JZiMqRn.exe
  2⤵
  PID:10544
- C:\Windows\System\sJJQdAe.exe
  C:\Windows\System\sJJQdAe.exe
  2⤵
  PID:10604
- C:\Windows\System\EQthlCL.exe
  C:\Windows\System\EQthlCL.exe
  2⤵
  PID:10676
- C:\Windows\System\XUMMutC.exe
  C:\Windows\System\XUMMutC.exe
  2⤵
  PID:10716
- C:\Windows\System\qygqHil.exe
  C:\Windows\System\qygqHil.exe
  2⤵
  PID:3904
- C:\Windows\System\ZVqPiVn.exe
  C:\Windows\System\ZVqPiVn.exe
  2⤵
  PID:10824
- C:\Windows\System\dRnLXao.exe
  C:\Windows\System\dRnLXao.exe
  2⤵
  PID:732
- C:\Windows\System\CnpLlpj.exe
  C:\Windows\System\CnpLlpj.exe
  2⤵
  PID:10952
- C:\Windows\System\UIUOUeM.exe
  C:\Windows\System\UIUOUeM.exe
  2⤵
  PID:11052
- C:\Windows\System\rBkIofj.exe
  C:\Windows\System\rBkIofj.exe
  2⤵
  PID:11116
- C:\Windows\System\vScjFxa.exe
  C:\Windows\System\vScjFxa.exe
  2⤵
  PID:11048
- C:\Windows\System\EGyWAzT.exe
  C:\Windows\System\EGyWAzT.exe
  2⤵
  PID:1096
- C:\Windows\System\hZbYdoA.exe
  C:\Windows\System\hZbYdoA.exe
  2⤵
  PID:11180
- C:\Windows\System\WGefIsQ.exe
  C:\Windows\System\WGefIsQ.exe
  2⤵
  PID:11252
- C:\Windows\System\eabyFxT.exe
  C:\Windows\System\eabyFxT.exe
  2⤵
  PID:10320
- C:\Windows\System\ghKmiPR.exe
  C:\Windows\System\ghKmiPR.exe
  2⤵
  PID:10460
- C:\Windows\System\rplyuKU.exe
  C:\Windows\System\rplyuKU.exe
  2⤵
  PID:10592
- C:\Windows\System\hbftqDq.exe
  C:\Windows\System\hbftqDq.exe
  2⤵
  PID:10712
- C:\Windows\System\rSzhfna.exe
  C:\Windows\System\rSzhfna.exe
  2⤵
  PID:10848
- C:\Windows\System\TICtZES.exe
  C:\Windows\System\TICtZES.exe
  2⤵
  PID:11020
- C:\Windows\System\sinYvxZ.exe
  C:\Windows\System\sinYvxZ.exe
  2⤵
  PID:11148
- C:\Windows\System\yUxblqW.exe
  C:\Windows\System\yUxblqW.exe
  2⤵
  PID:11208
- C:\Windows\System\GAqqTfy.exe
  C:\Windows\System\GAqqTfy.exe
  2⤵
  PID:9776
- C:\Windows\System\zgCqVAD.exe
  C:\Windows\System\zgCqVAD.exe
  2⤵
  PID:10704
- C:\Windows\System\tMNHsEg.exe
  C:\Windows\System\tMNHsEg.exe
  2⤵
  PID:10984
- C:\Windows\System\baGcoYk.exe
  C:\Windows\System\baGcoYk.exe
  2⤵
  PID:4944
- C:\Windows\System\TGmoqmb.exe
  C:\Windows\System\TGmoqmb.exe
  2⤵
  PID:5012
- C:\Windows\System\sefxDIg.exe
  C:\Windows\System\sefxDIg.exe
  2⤵
  PID:6284
- C:\Windows\System\GaZzGSi.exe
  C:\Windows\System\GaZzGSi.exe
  2⤵
  PID:11292
- C:\Windows\System\liapcdk.exe
  C:\Windows\System\liapcdk.exe
  2⤵
  PID:11320
- C:\Windows\System\JVECDFn.exe
  C:\Windows\System\JVECDFn.exe
  2⤵
  PID:11348
- C:\Windows\System\uRKZvts.exe
  C:\Windows\System\uRKZvts.exe
  2⤵
  PID:11376
- C:\Windows\System\QqDudsN.exe
  C:\Windows\System\QqDudsN.exe
  2⤵
  PID:11404
- C:\Windows\System\cnKBZMx.exe
  C:\Windows\System\cnKBZMx.exe
  2⤵
  PID:11436
- C:\Windows\System\KmrnNnt.exe
  C:\Windows\System\KmrnNnt.exe
  2⤵
  PID:11464
- C:\Windows\System\daxIedT.exe
  C:\Windows\System\daxIedT.exe
  2⤵
  PID:11492
- C:\Windows\System\xjvBuCV.exe
  C:\Windows\System\xjvBuCV.exe
  2⤵
  PID:11520
- C:\Windows\System\zJrYYtn.exe
  C:\Windows\System\zJrYYtn.exe
  2⤵
  PID:11556
- C:\Windows\System\karOJlF.exe
  C:\Windows\System\karOJlF.exe
  2⤵
  PID:11600
- C:\Windows\System\nOFXdqw.exe
  C:\Windows\System\nOFXdqw.exe
  2⤵
  PID:11616
- C:\Windows\System\AQNYWha.exe
  C:\Windows\System\AQNYWha.exe
  2⤵
  PID:11644
- C:\Windows\System\uetSmVg.exe
  C:\Windows\System\uetSmVg.exe
  2⤵
  PID:11672
- C:\Windows\System\WyfThnR.exe
  C:\Windows\System\WyfThnR.exe
  2⤵
  PID:11700
- C:\Windows\System\tIBkfcl.exe
  C:\Windows\System\tIBkfcl.exe
  2⤵
  PID:11728
- C:\Windows\System\NhKQUgW.exe
  C:\Windows\System\NhKQUgW.exe
  2⤵
  PID:11756
- C:\Windows\System\GbHrxSC.exe
  C:\Windows\System\GbHrxSC.exe
  2⤵
  PID:11784
- C:\Windows\System\YRkZWhK.exe
  C:\Windows\System\YRkZWhK.exe
  2⤵
  PID:11812
- C:\Windows\System\zAbhYQz.exe
  C:\Windows\System\zAbhYQz.exe
  2⤵
  PID:11840
- C:\Windows\System\wkUSGXj.exe
  C:\Windows\System\wkUSGXj.exe
  2⤵
  PID:11868
- C:\Windows\System\MtGtiZO.exe
  C:\Windows\System\MtGtiZO.exe
  2⤵
  PID:11896
- C:\Windows\System\kitASyH.exe
  C:\Windows\System\kitASyH.exe
  2⤵
  PID:11924
- C:\Windows\System\VHCZfAM.exe
  C:\Windows\System\VHCZfAM.exe
  2⤵
  PID:11960
- C:\Windows\System\wUqpHNY.exe
  C:\Windows\System\wUqpHNY.exe
  2⤵
  PID:11992
- C:\Windows\System\sILwSJx.exe
  C:\Windows\System\sILwSJx.exe
  2⤵
  PID:12008
- C:\Windows\System\yeSuyrJ.exe
  C:\Windows\System\yeSuyrJ.exe
  2⤵
  PID:12036
- C:\Windows\System\RWCGSoJ.exe
  C:\Windows\System\RWCGSoJ.exe
  2⤵
  PID:12064
- C:\Windows\System\UKmaEEl.exe
  C:\Windows\System\UKmaEEl.exe
  2⤵
  PID:12092
- C:\Windows\System\NpbdeTS.exe
  C:\Windows\System\NpbdeTS.exe
  2⤵
  PID:12120
- C:\Windows\System\qeLVKPG.exe
  C:\Windows\System\qeLVKPG.exe
  2⤵
  PID:12148
- C:\Windows\System\WecwXnH.exe
  C:\Windows\System\WecwXnH.exe
  2⤵
  PID:12176
- C:\Windows\System\uFMblQi.exe
  C:\Windows\System\uFMblQi.exe
  2⤵
  PID:12208
- C:\Windows\System\ujBtWyr.exe
  C:\Windows\System\ujBtWyr.exe
  2⤵
  PID:12236
- C:\Windows\System\eUnYHWj.exe
  C:\Windows\System\eUnYHWj.exe
  2⤵
  PID:12276
- C:\Windows\System\SKsUmAR.exe
  C:\Windows\System\SKsUmAR.exe
  2⤵
  PID:4416
- C:\Windows\System\kGgWQFA.exe
  C:\Windows\System\kGgWQFA.exe
  2⤵
  PID:11312
- C:\Windows\System\UVMTUin.exe
  C:\Windows\System\UVMTUin.exe
  2⤵
  PID:11372
- C:\Windows\System\TNANNdL.exe
  C:\Windows\System\TNANNdL.exe
  2⤵
  PID:11448
- C:\Windows\System\vVDvVcZ.exe
  C:\Windows\System\vVDvVcZ.exe
  2⤵
  PID:11512
- C:\Windows\System\yBBnBaK.exe
  C:\Windows\System\yBBnBaK.exe
  2⤵
  PID:11576
- C:\Windows\System\EGbIYcF.exe
  C:\Windows\System\EGbIYcF.exe
  2⤵
  PID:11640
- C:\Windows\System\NOghvTM.exe
  C:\Windows\System\NOghvTM.exe
  2⤵
  PID:11712
- C:\Windows\System\EJBVqTj.exe
  C:\Windows\System\EJBVqTj.exe
  2⤵
  PID:11776
- C:\Windows\System\nSBqHpz.exe
  C:\Windows\System\nSBqHpz.exe
  2⤵
  PID:11836
- C:\Windows\System\ETSTNWc.exe
  C:\Windows\System\ETSTNWc.exe
  2⤵
  PID:11908
- C:\Windows\System\qgbcyRQ.exe
  C:\Windows\System\qgbcyRQ.exe
  2⤵
  PID:11972
- C:\Windows\System\HdEEjTc.exe
  C:\Windows\System\HdEEjTc.exe
  2⤵
  PID:12020
- C:\Windows\System\FShObuk.exe
  C:\Windows\System\FShObuk.exe
  2⤵
  PID:12088
- C:\Windows\System\ZSGfGzc.exe
  C:\Windows\System\ZSGfGzc.exe
  2⤵
  PID:12160
- C:\Windows\System\NLLenIg.exe
  C:\Windows\System\NLLenIg.exe
  2⤵
  PID:12204
- C:\Windows\System\sORWhzf.exe
  C:\Windows\System\sORWhzf.exe
  2⤵
  PID:12260
- C:\Windows\System\uwxcQrg.exe
  C:\Windows\System\uwxcQrg.exe
  2⤵
  PID:11360
- C:\Windows\System\BTKaeTq.exe
  C:\Windows\System\BTKaeTq.exe
  2⤵
  PID:11504
- C:\Windows\System\KBtJczC.exe
  C:\Windows\System\KBtJczC.exe
  2⤵
  PID:11636
- C:\Windows\System\HoZSdkl.exe
  C:\Windows\System\HoZSdkl.exe
  2⤵
  PID:11804
- C:\Windows\System\UVrDWwx.exe
  C:\Windows\System\UVrDWwx.exe
  2⤵
  PID:11948
- C:\Windows\System\ZzctjFg.exe
  C:\Windows\System\ZzctjFg.exe
  2⤵
  PID:12076
- C:\Windows\System\PKSGDbR.exe
  C:\Windows\System\PKSGDbR.exe
  2⤵
  PID:12232
- C:\Windows\System\EWkmRka.exe
  C:\Windows\System\EWkmRka.exe
  2⤵
  PID:11476
- C:\Windows\System\fLQuCSS.exe
  C:\Windows\System\fLQuCSS.exe
  2⤵
  PID:11752
- C:\Windows\System\MVELGGu.exe
  C:\Windows\System\MVELGGu.exe
  2⤵
  PID:12084
- C:\Windows\System\gEWklQP.exe
  C:\Windows\System\gEWklQP.exe
  2⤵
  PID:11608
- C:\Windows\System\PmrHqIA.exe
  C:\Windows\System\PmrHqIA.exe
  2⤵
  PID:11428
- C:\Windows\System\IHtHnuk.exe
  C:\Windows\System\IHtHnuk.exe
  2⤵
  PID:12296
- C:\Windows\System\kkaSeVs.exe
  C:\Windows\System\kkaSeVs.exe
  2⤵
  PID:12324
- C:\Windows\System\YvoeSsh.exe
  C:\Windows\System\YvoeSsh.exe
  2⤵
  PID:12352
- C:\Windows\System\kVmCMSn.exe
  C:\Windows\System\kVmCMSn.exe
  2⤵
  PID:12380
- C:\Windows\System\tJorBTf.exe
  C:\Windows\System\tJorBTf.exe
  2⤵
  PID:12408
- C:\Windows\System\KCFGTxz.exe
  C:\Windows\System\KCFGTxz.exe
  2⤵
  PID:12440
- C:\Windows\System\zCXOdbn.exe
  C:\Windows\System\zCXOdbn.exe
  2⤵
  PID:12468
- C:\Windows\System\HHRMpMl.exe
  C:\Windows\System\HHRMpMl.exe
  2⤵
  PID:12496
- C:\Windows\System\TsMdLKn.exe
  C:\Windows\System\TsMdLKn.exe
  2⤵
  PID:12524
- C:\Windows\System\cFcEXuG.exe
  C:\Windows\System\cFcEXuG.exe
  2⤵
  PID:12552
- C:\Windows\System\uOPjkWW.exe
  C:\Windows\System\uOPjkWW.exe
  2⤵
  PID:12580
- C:\Windows\System\xpHCvuH.exe
  C:\Windows\System\xpHCvuH.exe
  2⤵
  PID:12620
- C:\Windows\System\SZsQMpk.exe
  C:\Windows\System\SZsQMpk.exe
  2⤵
  PID:12636
- C:\Windows\System\ngBXvJJ.exe
  C:\Windows\System\ngBXvJJ.exe
  2⤵
  PID:12664
- C:\Windows\System\KJWjgxM.exe
  C:\Windows\System\KJWjgxM.exe
  2⤵
  PID:12692
- C:\Windows\System\NRjVoOa.exe
  C:\Windows\System\NRjVoOa.exe
  2⤵
  PID:12720
- C:\Windows\System\AbWQPjR.exe
  C:\Windows\System\AbWQPjR.exe
  2⤵
  PID:12748
- C:\Windows\System\HGUsDSd.exe
  C:\Windows\System\HGUsDSd.exe
  2⤵
  PID:12776
- C:\Windows\System\SyiOwFi.exe
  C:\Windows\System\SyiOwFi.exe
  2⤵
  PID:12804
- C:\Windows\System\kkiMeAq.exe
  C:\Windows\System\kkiMeAq.exe
  2⤵
  PID:12848
- C:\Windows\System\PNoKSiE.exe
  C:\Windows\System\PNoKSiE.exe
  2⤵
  PID:12880
- C:\Windows\System\evlxFdc.exe
  C:\Windows\System\evlxFdc.exe
  2⤵
  PID:12908
- C:\Windows\System\ZxBATrR.exe
  C:\Windows\System\ZxBATrR.exe
  2⤵
  PID:12928
- C:\Windows\System\wyGGHou.exe
  C:\Windows\System\wyGGHou.exe
  2⤵
  PID:12956
- C:\Windows\System\mOuDNgy.exe
  C:\Windows\System\mOuDNgy.exe
  2⤵
  PID:12984
- C:\Windows\System\PlmTdif.exe
  C:\Windows\System\PlmTdif.exe
  2⤵
  PID:13012
- C:\Windows\System\oTCCJGO.exe
  C:\Windows\System\oTCCJGO.exe
  2⤵
  PID:13040
- C:\Windows\System\GECejVX.exe
  C:\Windows\System\GECejVX.exe
  2⤵
  PID:13068
- C:\Windows\System\oveEtLs.exe
  C:\Windows\System\oveEtLs.exe
  2⤵
  PID:13100
- C:\Windows\System\OsbJwjD.exe
  C:\Windows\System\OsbJwjD.exe
  2⤵
  PID:13128
- C:\Windows\System\EmqKfMG.exe
  C:\Windows\System\EmqKfMG.exe
  2⤵
  PID:13156
- C:\Windows\System\lUQRwNn.exe
  C:\Windows\System\lUQRwNn.exe
  2⤵
  PID:13184
- C:\Windows\System\omyYzBw.exe
  C:\Windows\System\omyYzBw.exe
  2⤵
  PID:13212
- C:\Windows\System\slXesLS.exe
  C:\Windows\System\slXesLS.exe
  2⤵
  PID:13240
- C:\Windows\System\pvZxruU.exe
  C:\Windows\System\pvZxruU.exe
  2⤵
  PID:13268
- C:\Windows\System\isMbGVK.exe
  C:\Windows\System\isMbGVK.exe
  2⤵
  PID:13296
- C:\Windows\System\JmEUWSK.exe
  C:\Windows\System\JmEUWSK.exe
  2⤵
  PID:12316
- C:\Windows\System\ECQjdfO.exe
  C:\Windows\System\ECQjdfO.exe
  2⤵
  PID:12372
- C:\Windows\System\WhBwthf.exe
  C:\Windows\System\WhBwthf.exe
  2⤵
  PID:12436
- C:\Windows\System\BdcnIzt.exe
  C:\Windows\System\BdcnIzt.exe
  2⤵
  PID:12492
- C:\Windows\System\uhbiGJi.exe
  C:\Windows\System\uhbiGJi.exe
  2⤵
  PID:12564
- C:\Windows\System\dnyeaDl.exe
  C:\Windows\System\dnyeaDl.exe
  2⤵
  PID:12628
- C:\Windows\System\eltagyK.exe
  C:\Windows\System\eltagyK.exe
  2⤵
  PID:12688
- C:\Windows\System\eFNNgcW.exe
  C:\Windows\System\eFNNgcW.exe
  2⤵
  PID:12796
- C:\Windows\System\MORixez.exe
  C:\Windows\System\MORixez.exe
  2⤵
  PID:12844
- C:\Windows\System\hCwVDMV.exe
  C:\Windows\System\hCwVDMV.exe
  2⤵
  PID:12892
- C:\Windows\System\TVdKjKQ.exe
  C:\Windows\System\TVdKjKQ.exe
  2⤵
  PID:12968
- C:\Windows\System\kfpzqTJ.exe
  C:\Windows\System\kfpzqTJ.exe
  2⤵
  PID:13032
- C:\Windows\System\YUHXbvW.exe
  C:\Windows\System\YUHXbvW.exe
  2⤵
  PID:13096
- C:\Windows\System\doNsrMt.exe
  C:\Windows\System\doNsrMt.exe
  2⤵
  PID:13168
- C:\Windows\System\HVAoqSo.exe
  C:\Windows\System\HVAoqSo.exe
  2⤵
  PID:13232
- C:\Windows\System\cUFMqir.exe
  C:\Windows\System\cUFMqir.exe
  2⤵
  PID:13292
- C:\Windows\System\jGYLuwm.exe
  C:\Windows\System\jGYLuwm.exe
  2⤵
  PID:12400
- C:\Windows\System\BNZIIDK.exe
  C:\Windows\System\BNZIIDK.exe
  2⤵
  PID:12544
- C:\Windows\System\OMaBkpi.exe
  C:\Windows\System\OMaBkpi.exe
  2⤵
  PID:12684
- C:\Windows\System\lLSrFZx.exe
  C:\Windows\System\lLSrFZx.exe
  2⤵
  PID:12876
- C:\Windows\System\PCbpHWg.exe
  C:\Windows\System\PCbpHWg.exe
  2⤵
  PID:13008
- C:\Windows\System\CKDTdtT.exe
  C:\Windows\System\CKDTdtT.exe
  2⤵
  PID:13152
- C:\Windows\System\bRixhJb.exe
  C:\Windows\System\bRixhJb.exe
  2⤵
  PID:12308
- C:\Windows\System\psuPvjT.exe
  C:\Windows\System\psuPvjT.exe
  2⤵
  PID:12616
- C:\Windows\System\rAxJTuQ.exe
  C:\Windows\System\rAxJTuQ.exe
  2⤵
  PID:12996
- C:\Windows\System\OBTMZsv.exe
  C:\Windows\System\OBTMZsv.exe
  2⤵
  PID:12364
- C:\Windows\System\GFEzkXT.exe
  C:\Windows\System\GFEzkXT.exe
  2⤵
  PID:13280
- C:\Windows\System\XKzKEtx.exe
  C:\Windows\System\XKzKEtx.exe
  2⤵
  PID:13320
- C:\Windows\System\ioVZatF.exe
  C:\Windows\System\ioVZatF.exe
  2⤵
  PID:13348
- C:\Windows\System\diUUEDN.exe
  C:\Windows\System\diUUEDN.exe
  2⤵
  PID:13376
- C:\Windows\System\vBEImud.exe
  C:\Windows\System\vBEImud.exe
  2⤵
  PID:13404
- C:\Windows\System\ptXUjrt.exe
  C:\Windows\System\ptXUjrt.exe
  2⤵
  PID:13432
- C:\Windows\System\bTgHRSm.exe
  C:\Windows\System\bTgHRSm.exe
  2⤵
  PID:13460
- C:\Windows\System\EdOmTOw.exe
  C:\Windows\System\EdOmTOw.exe
  2⤵
  PID:13488
- C:\Windows\System\dKCBUke.exe
  C:\Windows\System\dKCBUke.exe
  2⤵
  PID:13516
- C:\Windows\System\zPcYsor.exe
  C:\Windows\System\zPcYsor.exe
  2⤵
  PID:13544
- C:\Windows\System\dDKHeFA.exe
  C:\Windows\System\dDKHeFA.exe
  2⤵
  PID:13572
- C:\Windows\System\qnjDfwS.exe
  C:\Windows\System\qnjDfwS.exe
  2⤵
  PID:13600
- C:\Windows\System\coFeQVS.exe
  C:\Windows\System\coFeQVS.exe
  2⤵
  PID:13628
- C:\Windows\System\uNGXapZ.exe
  C:\Windows\System\uNGXapZ.exe
  2⤵
  PID:13652
- C:\Windows\System\eFlUOGa.exe
  C:\Windows\System\eFlUOGa.exe
  2⤵
  PID:13684
- C:\Windows\System\TjyJelY.exe
  C:\Windows\System\TjyJelY.exe
  2⤵
  PID:13732
- C:\Windows\System\MkDaDcg.exe
  C:\Windows\System\MkDaDcg.exe
  2⤵
  PID:13776
- C:\Windows\System\rAXKxho.exe
  C:\Windows\System\rAXKxho.exe
  2⤵
  PID:13812
- C:\Windows\System\jyHdDaH.exe
  C:\Windows\System\jyHdDaH.exe
  2⤵
  PID:13840
- C:\Windows\System\fEkkYDE.exe
  C:\Windows\System\fEkkYDE.exe
  2⤵
  PID:13868
- C:\Windows\System\DcdZMFp.exe
  C:\Windows\System\DcdZMFp.exe
  2⤵
  PID:13896
- C:\Windows\System\aUSFtfv.exe
  C:\Windows\System\aUSFtfv.exe
  2⤵
  PID:13924
- C:\Windows\System\ZJyzOOR.exe
  C:\Windows\System\ZJyzOOR.exe
  2⤵
  PID:13952
- C:\Windows\System\MrFHlMM.exe
  C:\Windows\System\MrFHlMM.exe
  2⤵
  PID:13980
- C:\Windows\System\YjkNXJE.exe
  C:\Windows\System\YjkNXJE.exe
  2⤵
  PID:14008
- C:\Windows\System\dhdfThM.exe
  C:\Windows\System\dhdfThM.exe
  2⤵
  PID:14036
- C:\Windows\System\odDQMyS.exe
  C:\Windows\System\odDQMyS.exe
  2⤵
  PID:14064
- C:\Windows\System\BFzXddG.exe
  C:\Windows\System\BFzXddG.exe
  2⤵
  PID:14092
- C:\Windows\System\WMizyAp.exe
  C:\Windows\System\WMizyAp.exe
  2⤵
  PID:14124
- C:\Windows\System\SnbhhKk.exe
  C:\Windows\System\SnbhhKk.exe
  2⤵
  PID:14152
- C:\Windows\System\uktneTV.exe
  C:\Windows\System\uktneTV.exe
  2⤵
  PID:14180
- C:\Windows\System\cxkPRKE.exe
  C:\Windows\System\cxkPRKE.exe
  2⤵
  PID:14208
- C:\Windows\System\XQIIkND.exe
  C:\Windows\System\XQIIkND.exe
  2⤵
  PID:14236
- C:\Windows\System\XpPmwUQ.exe
  C:\Windows\System\XpPmwUQ.exe
  2⤵
  PID:14264
- C:\Windows\System\yxRbvpQ.exe
  C:\Windows\System\yxRbvpQ.exe
  2⤵
  PID:14292
- C:\Windows\System\QOWYKqV.exe
  C:\Windows\System\QOWYKqV.exe
  2⤵
  PID:14320
- C:\Windows\System\YqgDkKw.exe
  C:\Windows\System\YqgDkKw.exe
  2⤵
  PID:13340
- C:\Windows\System\NrFhool.exe
  C:\Windows\System\NrFhool.exe
  2⤵
  PID:13400
- C:\Windows\System\oOvXccl.exe
  C:\Windows\System\oOvXccl.exe
  2⤵
  PID:13472
- C:\Windows\System\HQdyojR.exe
  C:\Windows\System\HQdyojR.exe
  2⤵
  PID:13536
- C:\Windows\System\IYhHQfY.exe
  C:\Windows\System\IYhHQfY.exe
  2⤵
  PID:13592
- C:\Windows\System\wENHHMi.exe
  C:\Windows\System\wENHHMi.exe
  2⤵
  PID:13668
- C:\Windows\System\lShknEv.exe
  C:\Windows\System\lShknEv.exe
  2⤵
  PID:13768
- C:\Windows\System\MIpcPMd.exe
  C:\Windows\System\MIpcPMd.exe
  2⤵
  PID:12060
- C:\Windows\System\qdHIXFr.exe
  C:\Windows\System\qdHIXFr.exe
  2⤵
  PID:10748
- C:\Windows\System\vZOncUz.exe
  C:\Windows\System\vZOncUz.exe
  2⤵
  PID:13864
- C:\Windows\System\LegJrTI.exe
  C:\Windows\System\LegJrTI.exe
  2⤵
  PID:13936
- C:\Windows\System\dRLMStL.exe
  C:\Windows\System\dRLMStL.exe
  2⤵
  PID:14020
- C:\Windows\System\dGqwgoo.exe
  C:\Windows\System\dGqwgoo.exe
  2⤵
  PID:14060
- C:\Windows\System\DEgOglP.exe
  C:\Windows\System\DEgOglP.exe
  2⤵
  PID:14136
- C:\Windows\System\uQWuEzL.exe
  C:\Windows\System\uQWuEzL.exe
  2⤵
  PID:14200
- C:\Windows\System\geaoYuW.exe
  C:\Windows\System\geaoYuW.exe
  2⤵
  PID:14260
- C:\Windows\System\kTBMTnz.exe
  C:\Windows\System\kTBMTnz.exe
  2⤵
  PID:14332
- C:\Windows\System\TUZAIRq.exe
  C:\Windows\System\TUZAIRq.exe
  2⤵
  PID:13452
- C:\Windows\System\pYCpkDw.exe
  C:\Windows\System\pYCpkDw.exe
  2⤵
  PID:13584
- C:\Windows\System\kXVabmE.exe
  C:\Windows\System\kXVabmE.exe
  2⤵
  PID:13728
- C:\Windows\System\UqaOdco.exe
  C:\Windows\System\UqaOdco.exe
  2⤵
  PID:13852
- C:\Windows\System\ItqINTy.exe
  C:\Windows\System\ItqINTy.exe
  2⤵
  PID:13976
- C:\Windows\System\LHRVlPO.exe
  C:\Windows\System\LHRVlPO.exe
  2⤵
  PID:14164
- C:\Windows\System\gcPUOeq.exe
  C:\Windows\System\gcPUOeq.exe
  2⤵
  PID:14288
- C:\Windows\System\vlXRMbs.exe
  C:\Windows\System\vlXRMbs.exe
  2⤵
  PID:13596
- C:\Windows\System\pslXSBH.exe
  C:\Windows\System\pslXSBH.exe
  2⤵
  PID:13916
- C:\Windows\System\McJUsbb.exe
  C:\Windows\System\McJUsbb.exe
  2⤵
  PID:14256
- C:\Windows\System\bOKfypC.exe
  C:\Windows\System\bOKfypC.exe
  2⤵
  PID:10764
- C:\Windows\System\WtqDKbN.exe
  C:\Windows\System\WtqDKbN.exe
  2⤵
  PID:14228
- C:\Windows\System\VhJFzuy.exe
  C:\Windows\System\VhJFzuy.exe
  2⤵
  PID:14356
- C:\Windows\System\jbKJDDp.exe
  C:\Windows\System\jbKJDDp.exe
  2⤵
  PID:14384
- C:\Windows\System\oCdNmmu.exe
  C:\Windows\System\oCdNmmu.exe
  2⤵
  PID:14412
- C:\Windows\System\yKeDEyR.exe
  C:\Windows\System\yKeDEyR.exe
  2⤵
  PID:14440
- C:\Windows\System\uPQhfKC.exe
  C:\Windows\System\uPQhfKC.exe
  2⤵
  PID:14468
- C:\Windows\System\qUaIsLN.exe
  C:\Windows\System\qUaIsLN.exe
  2⤵
  PID:14496
- C:\Windows\System\xpnPpSo.exe
  C:\Windows\System\xpnPpSo.exe
  2⤵
  PID:14524
- C:\Windows\System\ypzhoOp.exe
  C:\Windows\System\ypzhoOp.exe
  2⤵
  PID:14552
- C:\Windows\System\dGOkPde.exe
  C:\Windows\System\dGOkPde.exe
  2⤵
  PID:14580
- C:\Windows\System\anEEWjH.exe
  C:\Windows\System\anEEWjH.exe
  2⤵
  PID:14608
- C:\Windows\System\JJYfWEi.exe
  C:\Windows\System\JJYfWEi.exe
  2⤵
  PID:14636
- C:\Windows\System\KyDrtPc.exe
  C:\Windows\System\KyDrtPc.exe
  2⤵
  PID:14664
- C:\Windows\System\cWRuDrS.exe
  C:\Windows\System\cWRuDrS.exe
  2⤵
  PID:14692
- C:\Windows\System\vtBzgMh.exe
  C:\Windows\System\vtBzgMh.exe
  2⤵
  PID:14720
- C:\Windows\System\XMfqfwu.exe
  C:\Windows\System\XMfqfwu.exe
  2⤵
  PID:14748
- C:\Windows\System\LmfOxcQ.exe
  C:\Windows\System\LmfOxcQ.exe
  2⤵
  PID:14776
- C:\Windows\System\evFWplS.exe
  C:\Windows\System\evFWplS.exe
  2⤵
  PID:14804
- C:\Windows\System\CSQlprD.exe
  C:\Windows\System\CSQlprD.exe
  2⤵
  PID:14832
- C:\Windows\System\AFjhddb.exe
  C:\Windows\System\AFjhddb.exe
  2⤵
  PID:14860
- C:\Windows\System\Vbgiunb.exe
  C:\Windows\System\Vbgiunb.exe
  2⤵
  PID:14888
- C:\Windows\System\yWCBapw.exe
  C:\Windows\System\yWCBapw.exe
  2⤵
  PID:14916
- C:\Windows\System\rIjTpLA.exe
  C:\Windows\System\rIjTpLA.exe
  2⤵
  PID:14944
- C:\Windows\System\xIdrrPs.exe
  C:\Windows\System\xIdrrPs.exe
  2⤵
  PID:14972
- C:\Windows\System\tRJxwFU.exe
  C:\Windows\System\tRJxwFU.exe
  2⤵
  PID:15000
- C:\Windows\System\zPiMyUj.exe
  C:\Windows\System\zPiMyUj.exe
  2⤵
  PID:15028
- C:\Windows\System\JhsfFGV.exe
  C:\Windows\System\JhsfFGV.exe
  2⤵
  PID:15056
- C:\Windows\System\UJHTksK.exe
  C:\Windows\System\UJHTksK.exe
  2⤵
  PID:15088
- C:\Windows\System\EnMfQBn.exe
  C:\Windows\System\EnMfQBn.exe
  2⤵
  PID:15116
- C:\Windows\System\mkYKGWH.exe
  C:\Windows\System\mkYKGWH.exe
  2⤵
  PID:15152
- C:\Windows\System\mkPaPtG.exe
  C:\Windows\System\mkPaPtG.exe
  2⤵
  PID:15172
- C:\Windows\System\kOFfrJu.exe
  C:\Windows\System\kOFfrJu.exe
  2⤵
  PID:15200
- C:\Windows\System\ruNBMMc.exe
  C:\Windows\System\ruNBMMc.exe
  2⤵
  PID:15228
- C:\Windows\System\lBUjAIl.exe
  C:\Windows\System\lBUjAIl.exe
  2⤵
  PID:15256

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
1⤵
PID:8068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CNLVqbl.exe

Filesize
6.0MB

MD5
b04d50cb6bfdb446c301ddc782b53925

SHA1
f47da1c46f8026b9c953f60fe4380b381ba10f4c

SHA256
e3182683f53656cf33bdfb3dd69832f728e8aa01f3dc7a569a9083cf98a12255

SHA512
c017e36032ce914e2461ddc5649146ca242e1567dad93077a568e93cf83050eef5e56c65640803f1dbc0c0d770b7f022fae2d987cfd75dd87684c788f46fcbf7

Download Submit
C:\Windows\System\CjLLNnD.exe

Filesize
6.0MB

MD5
b2d2a44fc87c89561f17c4ef6dcf21b0

SHA1
a65790a80fc24870036b440f56965dc18aa867b6

SHA256
54bca472ac76091cc90e7c49ab2017d6ba32cf0d32ba469b826e69881ea0a413

SHA512
d3595b1dfb4d60c194fb6c23c63a667fa18d9afd1ce6345fad45f3e817493c8354094c65a492bda11ee2e885fe28750295183205427e4a96b44a19ed68d3eb90

Download Submit
C:\Windows\System\EbwapXs.exe

Filesize
6.0MB

MD5
62ebf838be3e39eead4f8b3fc7bff7ef

SHA1
f41d51389ec01b0fb460bc6337978617ab32ecd3

SHA256
44037b059dfc9cd7feac939c8b8780b651468f5d22a09372fd60b9dc760b269e

SHA512
6327e5aee094ce1214365ab8b9710f4aaa2eb90de11d784d2ecea53ffc1f79e93a4bf775c063c3e300fe9432dc4b4781f448f9be777112d829136404dbe5e1c7

Download Submit
C:\Windows\System\EkrVUpm.exe

Filesize
6.0MB

MD5
be68c4763ffa221473ff70ab09370dee

SHA1
400192c34ea4e63f8c124379e6285ba0252122e0

SHA256
3868484c66f0908539a45a4b21476b3bcc427cf4c9a6658daae4c88b2ff38add

SHA512
1cc2abc3103b3fa8b4db5dde833fb16ad2a734d4c73c5bf16ab488a2d8922cb5be0abe6cfe18baf11232177da06fa3ab89dfedf60dfab22653ae382a3fda10d9

Download Submit
C:\Windows\System\FpLAFYK.exe

Filesize
6.0MB

MD5
1cd7466cdf1a98f2c53dafdc96a55a42

SHA1
b90347f5d11449c4041a6166c551fbefd40abef4

SHA256
117bacdecbfd3a9b1e66e8af19d01b2c5dcd53b9787b4e083601e7931e8a8113

SHA512
671361b6afbb5bb93edd99cce630d7c59bb7ef08446ea7fdd3468d9d925c51754c2e545469a89ef8eb2e9b2b39a8af30a22959c91cd6b599cc0ecf70eea1e33a

Download Submit
C:\Windows\System\GztZZAg.exe

Filesize
6.0MB

MD5
58e51c299820909fbc83829539c6690a

SHA1
22f439d1544372089264edd896185892e5a85140

SHA256
add33f8ff519e40e32837aee57d57d9fd02cc97fcf5a2ef61cb406614a4ed70f

SHA512
b078bbf5f6f3bc2d8b8bac9c805dcbc222ff3259e5690e225fba8065526897a089fa834a1e24d73bf1d44e2df2900c4a037dada59cfd7ca2f5d7b7b8e5bbd874

Download Submit
C:\Windows\System\LukqWga.exe

Filesize
6.0MB

MD5
478adc405a5780909ee48e9477d92e03

SHA1
20f814d083abe1ac8163dfd72fa16bb4d93b6bc5

SHA256
129698c605dbdfc85637c0d1a58d731039a5b3e6586f257bd78fe77ea364faba

SHA512
56a09c4b900f57f935f50217225de046d9a2f682a6aa45669035f3e412f69af2672f6982924dddae49cb6a052ae26d284f72862fc38576a0bad22c9985859443

Download Submit
C:\Windows\System\LyPXYAF.exe

Filesize
6.0MB

MD5
a4789f9710b9de5beedd6e325c62705e

SHA1
4a6f0bb6be94b283057dd071ac297ac9c806267e

SHA256
e608c5e9b56cc4ac9ac3a8ec3c8838251817713f2702c317f11dc89743f4fa4e

SHA512
6818f7d542bbd702b046beb5acbd2a8e353ed9b7397c0e64bac8a06b2005c6e883438009e784eb3a4c6c8008051735134c5d106ac5476e6c85fa622876405ae5

Download Submit
C:\Windows\System\OyFoyJZ.exe

Filesize
6.0MB

MD5
8b37a4dbb1e4e252941ae0d4747c840a

SHA1
8223dd8815c18f9df20824c99ea45cc37eda8463

SHA256
87d23c8eea0737d9363170f8df5321bec64e3887d84c593d82bbc1e5e44d54c4

SHA512
eb0a075ed71291ab000b78c5023b7086fee7b0fa922c85ec1b480388deebba35a3e8ccfdbedf5672581e052c41d1d89a7183fc8671208763d47d6f1bcda0a20e

Download Submit
C:\Windows\System\PqmkEIM.exe

Filesize
6.0MB

MD5
81a06e247b61bfd98134d9be1dfb50f2

SHA1
e0c445757b26f8b51edc496503407418d4c54d22

SHA256
6a679503259efc6fd4c4b0a763e09c29817f8ce52210165383df44af8734ea13

SHA512
4a4e366053eec81460f8e91b91018fb2f2dd46fea7d5e8d07b541b459c260fd3d467326e1db6cc60dde5489d2d109df87002f0b8d507d4349355e15074614c4f

Download Submit
C:\Windows\System\PxqGLcR.exe

Filesize
6.0MB

MD5
7504b9384ff29a4192776b4a8a2aa06e

SHA1
e6f8e85f6eb063890f3f7897b1de9841107b52c0

SHA256
74c9156a0a76012ebd947ee13f4ebdc369acdf87b071491588ceddffb2c9d315

SHA512
9b5a2ad16ed9b38b544de99588941a748d5450bde76e08771fefa6acc9d4e8eb63745b46f4ac755d96fc73ecf485973e8dfdd7c979516e222f4c189392ea2f34

Download Submit
C:\Windows\System\QKuzUSK.exe

Filesize
6.0MB

MD5
b938c9a5fbc6c89f1360a303b4767d29

SHA1
0e1f35af09a2f2e1d36833a9d38ecfd3d9ff6152

SHA256
5056546c2c155e3f8a054b279311155c7d7a884ff3bd822620607b3f8871f9ad

SHA512
23030f7df5b9afa926784fd5d2ecaab095263f587b6f2cfc84c88c3bde135a1855703e07c68020640935d9c252801577096eb74e81b25b4114196d258f440a40

Download Submit
C:\Windows\System\QghKOwl.exe

Filesize
6.0MB

MD5
81ee341f5374e9b39c513bf74a68d903

SHA1
6679bb54d163046a4d1bba671da0c6ea354bf5fa

SHA256
7defa9835ca876594b97facbd4a7ded51b38c7756af93e63239289b78b6ad671

SHA512
f0766f23ffa77bd7dadeb45f49998194c0d9ea733c9e93627ae5db9a23e9bc215fbd0e556fe4642cc527862e6ba3b8a02c26b01015516d1140a37422aac098f1

Download Submit
C:\Windows\System\TZEXjjj.exe

Filesize
6.0MB

MD5
3424f6ccf55c6f65c636a8107898d72a

SHA1
66dbddc913394e5befeda23751e2fde00df793f1

SHA256
b47ad9c0cd3255a1317e4c867b0dd8916d74c09b62088b86c32bfcd5777a263c

SHA512
b3d236f8a38ddf3cc386a6d64541eeb5c45138d67cb2e9a8f63c1b5be6033d08e2353b58ebd919d6b5102f8a3ca85a3c0cd72df79a81b1f5dd6a6eddbde832cd

Download Submit
C:\Windows\System\UCyaITk.exe

Filesize
6.0MB

MD5
2db83ad01aba5be4cae3b841d0ac14bd

SHA1
5a3eeecb500f615f5493aa71d2241f7f74f86c7c

SHA256
16466e3f0ff5897ba0cc6c7949c92f53608c476cc3fb056d8a8f2a704f039215

SHA512
7bb66bf575710064dde5b80b033e1353461c1da6945a04438e79d4dbd5539be487e01a53ca564a2ea7ca1ba5d2132f77f15b899c810cc2fc535940712367442f

Download Submit
C:\Windows\System\WxCJeAs.exe

Filesize
6.0MB

MD5
6bff6559c209adf5a1cdd66d64ddbe58

SHA1
5ab7d5104d810b09d8dd316d7df3cdec0d5d8165

SHA256
78569ce0342508f06baf1659919f21f3b1a6e1b8ea937558a40f20d18fa41aa2

SHA512
14b2d057e0277edf5041e75e0e1ccfdef97b27d59707cb0251393e9e207b620c1944d4f87bef4f6b63560ef9c7dbf2776d0517722b8e0d1943fb84174f09fc35

Download Submit
C:\Windows\System\ZrLSUiD.exe

Filesize
6.0MB

MD5
bd01f13c2bf760c253733f19d4efc90f

SHA1
8368b39a04b9d778e2b357c1980044c034ef90cf

SHA256
72ecdc002e650bf963f7b5bb506afd1425b03d5b9c6672648e8c81daef87d5fb

SHA512
340753928769277f72a629ded088314e49454ea5cb17985a0b497e782c6148240cc54b0cce590a636298c04e67c1dddb0be072d2095d7e81ac84d6fb5249b2d0

Download Submit
C:\Windows\System\agoWhUh.exe

Filesize
6.0MB

MD5
7a28b233619c87dd5e7a9570a58a9bea

SHA1
3ee5aec4061059dc37f5875f534c69048d706c83

SHA256
8c1228efdfdbb14776b2fa45ae407086fea86217219e2e2d00873fb1e20c1c7c

SHA512
0639a05dd35262cf019edc2613034d3f817b1a40e36ddee7fdeda5ef77033bae171261950015d951c6659e282a99b230ce585725228e4a8376d7d2425b7d8dfb

Download Submit
C:\Windows\System\cUCWFYf.exe

Filesize
6.0MB

MD5
fbb88de9920cb7f16b8acda00f50bff6

SHA1
bc8c449e61fabf6a4cf8e4da6b8769065b485420

SHA256
21a594773cad2800322cc7a9bee14eb55c42bae49858c2e7a58856d7a7b3142f

SHA512
4c92e0d72b801bcef98ab2051927af04f3bdbe0bb51915ef74313c63801b93e029a9cca63849ba82cb68e2a515b48c73c6eb8106080386b8e9408a7215cae9d4

Download Submit
C:\Windows\System\cvNBLnL.exe

Filesize
6.0MB

MD5
f46303f85816fbc661dfcce8ed1050ee

SHA1
6c4b68adf939580f33c31c37fce53a16162a72a3

SHA256
4d3db3c47546be2abf48bd714b9cabcf0d792b1e21d7c9fa9c07bde5f09dd20e

SHA512
f8954c6870cc4ed0d3005e37259002681e95d510ffec69dab35c873342e5167bdc8b1ebd97c5e569c2b345b7c27e870d8fe647ae7e375fb208604d6865d40d73

Download Submit
C:\Windows\System\dHsFTch.exe

Filesize
6.0MB

MD5
c937c9bdd4ac4a371cf4c0f22e8cc436

SHA1
71d59f5531841d00b6936c53adf1e7577e200b95

SHA256
d091d9b7ba068934254872c89e33e6f6f414ce8203ce68dc594b22dd7907fb23

SHA512
10409897831f72cbcae45de19efd59fbe9dfd6211b22920cc7801937c1730a4a042d8c3a86499ada7dacfcf17508e5a58b8bd09b41f9af1ea4e8a7667de30119

Download Submit
C:\Windows\System\dYQYzzN.exe

Filesize
6.0MB

MD5
526c495a0591ad75b0ee4247f4dc8f73

SHA1
3684869a7d922f694922aa56ce9fca0bfc99558d

SHA256
45fb51cea7b157be5dd7aa9648995ed5eec8a3a58de115fa9b2ecbf83b5dd569

SHA512
138eaad28d97c334aef362b2ba7ccbda429ffd9100d1c545a57c46f1a8a6feb705a9e43bd9e9d0f9b6c0167f5b090445079683039e824e7ab80ea923f20cf6f5

Download Submit
C:\Windows\System\jHujEib.exe

Filesize
6.0MB

MD5
409075c9ef5ed5c40192dc63faf77315

SHA1
8d7f7815468c4e568d2ece1ef6fe69cc221b4913

SHA256
abdc7bf2669c13313e9e877eac5b8f179bf35b947b347a410e995e8454e5b31e

SHA512
231344564b2e4646bacdfc260aa1047e2b9d34db71365ba7da26dea11c13d45049907aba1472f8155709d74d21b6c159cb731b49b262213d2ad006b55ad41f1e

Download Submit
C:\Windows\System\kGYoTEL.exe

Filesize
6.0MB

MD5
565c98487dc301a869d756714e44141c

SHA1
38bb8547ba471e48cc05aea6ded0d2e8d4148c74

SHA256
949298a45bd3e6179aa5dd3484e734a3f6bed1b02c9e45e8d5958e701af47ec7

SHA512
c87860ca65f32debfef8e6072cbbb396dbe318158ab92c062169a7fe40087704527e660a86196dd5189062e8dd889e6291dd1a650830502db941e1782f295ec8

Download Submit
C:\Windows\System\kIEixAH.exe

Filesize
6.0MB

MD5
9e43ecf1b3bb6e12ee61750ac1069d24

SHA1
b6ceaa41b67f980da1c6b11c6605f0fe8aa373fd

SHA256
6784b916a531fa41e50c84520176e93aea7a78341de7f0fd795f399f212bda17

SHA512
4024f3221a17df16a807d513057c7cca8fe94d6b05c299f7d73c693b8e84271cf5764605cb81b703af9d9fbaefa3b2b471c2b31cd18b0bd1c5ed8065e0149a16

Download Submit
C:\Windows\System\nvxSqSX.exe

Filesize
6.0MB

MD5
cc4ec83a9588c92875f0d1c6d32fe947

SHA1
d485c208e944181363b7f394c9c185fcbfb6e699

SHA256
d6bf16849ebe1f060b7f3a3253359baf821a8c2e8c93261c018d70ae2355f7dc

SHA512
d0c4666e77f323bb6bd2095cd0563c9164a2f42289e8563cb9f8e5c6fbe0eec543dd64bc4aa33b2e3ab6fe01afe88fb324d1b8b201ebf7c73631da205f57879d

Download Submit
C:\Windows\System\nyBcmhL.exe

Filesize
6.0MB

MD5
038024b93133708ed414ffdec6c137a7

SHA1
1aacfbaf733c7e9e47e638ff3fb3062a4ee91a08

SHA256
6db79bf8467a0396b6a3e5816c2a99a0c24b4adf73ab19e715793e2fda94343d

SHA512
0248460275d70dce1bf5df99e067a50805954a41d0e60732b45ed9c499d0345d7d0bfd934b470b80853a97b54ffeecafdb4c2a605242f5227a919d0e3c3323d1

Download Submit
C:\Windows\System\oWaCnZP.exe

Filesize
6.0MB

MD5
1b5fb7dd7c5f6134882734e03a0755fc

SHA1
6c1353852c06c0d017f5568f319fba87425f7020

SHA256
b32c638bfe156635de3dd944ca6615aa21a6cecfc3dd07825ec1cb3934256db0

SHA512
9b4f3e58638c933b0c75ca96865a9c7d1886ddbe5685c675fd33cc26058847d1de5d34bb0d874e611b16c91245530f61fa3c6a37c2abc492ac758579a30d205c

Download Submit
C:\Windows\System\uhpCptw.exe

Filesize
6.0MB

MD5
8df7eaa5d56d053d20ac2d53c28ca196

SHA1
3d6d18d18a7c4dd0ec6c3ca1c9f0c0a2578b9a79

SHA256
308caed412081a4487920175f85810763a6b4d00c3ebbea636da0828a5c8e08d

SHA512
350b4a1cd7a75bc983b977b7ca85018cb49740674cb1126ea77213a2cefbccccfd02dda7465d7edde6691f22218c09757d04bc14538a4fb255addab7d49eb490

Download Submit
C:\Windows\System\yNTrfwj.exe

Filesize
6.0MB

MD5
619365f4265daa19eea6719abf546d51

SHA1
7149a57e869f58ee879809122fe81419c951600f

SHA256
f703ff700f979d780c246da9f37ffff9fc7b1ebfc2c4424d0bd5042ec8c8ddb1

SHA512
b6fe188069dc068455ac8c7f60763de4e7998a31154d87c9eb2c360dbf0bac2b31b3cc38e252368b584d18fac59ca11f97d8ed1cbe74eed03baab2ea65e6ba04

Download Submit
C:\Windows\System\yuhrLXA.exe

Filesize
6.0MB

MD5
163682c14034528f89dd571c62e7d41d

SHA1
e7b6c4bb7b46a36c7d2d51532708cc6f2b52c0ee

SHA256
789c2d76d91a025b6f30fb7ac593fcad459d56f68c5279c5c49fc251ae055591

SHA512
71abdb273aa9f2cf60cf7023847130b94d52d54b69b647fc8a42aecd1003a6775cacc7592e0e836a4aa3753b5f8b30d33e2df9ea7ba1937354073654c6994b8f

Download Submit
C:\Windows\System\zDZzyKG.exe

Filesize
6.0MB

MD5
bb7aa6c65ac98c82a60ad27e69712481

SHA1
7968d3c9eaa708bd7073e46f2c57d01f1d4344c5

SHA256
04df77f4333b23c0970ff24c9e5a97304aeeaea4e61435bf556888edfcd2c3af

SHA512
96604912ecd3dad5e52f1d53d7c823273e40c2299705ccb889b4ab9c1daf7bade331c047f2ee6277e3c1147de21d85d1518cd00219e90106a6133215748910dc

Download Submit
memory/228-187-0x00007FF697D10000-0x00007FF698064000-memory.dmp

Filesize
3.3MB

Download
memory/228-23-0x00007FF697D10000-0x00007FF698064000-memory.dmp

Filesize
3.3MB

Download
memory/684-2254-0x00007FF64D700000-0x00007FF64DA54000-memory.dmp

Filesize
3.3MB

Download
memory/684-174-0x00007FF64D700000-0x00007FF64DA54000-memory.dmp

Filesize
3.3MB

Download
memory/880-2258-0x00007FF782C90000-0x00007FF782FE4000-memory.dmp

Filesize
3.3MB

Download
memory/880-182-0x00007FF782C90000-0x00007FF782FE4000-memory.dmp

Filesize
3.3MB

Download
memory/1008-126-0x00007FF784C40000-0x00007FF784F94000-memory.dmp

Filesize
3.3MB

Download
memory/1008-2243-0x00007FF784C40000-0x00007FF784F94000-memory.dmp

Filesize
3.3MB

Download
memory/1200-154-0x00007FF782F70000-0x00007FF7832C4000-memory.dmp

Filesize
3.3MB

Download
memory/1200-2244-0x00007FF782F70000-0x00007FF7832C4000-memory.dmp

Filesize
3.3MB

Download
memory/1640-59-0x00007FF7F6010000-0x00007FF7F6364000-memory.dmp

Filesize
3.3MB

Download
memory/1640-2239-0x00007FF7F6010000-0x00007FF7F6364000-memory.dmp

Filesize
3.3MB

Download
memory/1644-0-0x00007FF7E8240000-0x00007FF7E8594000-memory.dmp

Filesize
3.3MB

Download
memory/1644-1-0x0000022184D50000-0x0000022184D60000-memory.dmp

Filesize
64KB

Download
memory/1644-85-0x00007FF7E8240000-0x00007FF7E8594000-memory.dmp

Filesize
3.3MB

Download
memory/1756-2236-0x00007FF635D90000-0x00007FF6360E4000-memory.dmp

Filesize
3.3MB

Download
memory/1756-373-0x00007FF635D90000-0x00007FF6360E4000-memory.dmp

Filesize
3.3MB

Download
memory/1756-33-0x00007FF635D90000-0x00007FF6360E4000-memory.dmp

Filesize
3.3MB

Download
memory/1980-442-0x00007FF69FD40000-0x00007FF6A0094000-memory.dmp

Filesize
3.3MB

Download
memory/1980-2237-0x00007FF69FD40000-0x00007FF6A0094000-memory.dmp

Filesize
3.3MB

Download
memory/1980-51-0x00007FF69FD40000-0x00007FF6A0094000-memory.dmp

Filesize
3.3MB

Download
memory/2608-2241-0x00007FF6B6180000-0x00007FF6B64D4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-80-0x00007FF6B6180000-0x00007FF6B64D4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-2248-0x00007FF750050000-0x00007FF7503A4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-155-0x00007FF750050000-0x00007FF7503A4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-87-0x00007FF75A6A0000-0x00007FF75A9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-2247-0x00007FF75A6A0000-0x00007FF75A9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-648-0x00007FF75A6A0000-0x00007FF75A9F4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-12-0x00007FF6C7470000-0x00007FF6C77C4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-190-0x00007FF6C7470000-0x00007FF6C77C4000-memory.dmp

Filesize
3.3MB

Download
memory/3096-186-0x00007FF69C0F0000-0x00007FF69C444000-memory.dmp

Filesize
3.3MB

Download
memory/3096-2253-0x00007FF69C0F0000-0x00007FF69C444000-memory.dmp

Filesize
3.3MB

Download
memory/3132-2240-0x00007FF738630000-0x00007FF738984000-memory.dmp

Filesize
3.3MB

Download
memory/3132-52-0x00007FF738630000-0x00007FF738984000-memory.dmp

Filesize
3.3MB

Download
memory/3132-507-0x00007FF738630000-0x00007FF738984000-memory.dmp

Filesize
3.3MB

Download
memory/3516-184-0x00007FF6B1A80000-0x00007FF6B1DD4000-memory.dmp

Filesize
3.3MB

Download
memory/3516-2250-0x00007FF6B1A80000-0x00007FF6B1DD4000-memory.dmp

Filesize
3.3MB

Download
memory/3524-41-0x00007FF6013B0000-0x00007FF601704000-memory.dmp

Filesize
3.3MB

Download
memory/3524-374-0x00007FF6013B0000-0x00007FF601704000-memory.dmp

Filesize
3.3MB

Download
memory/3524-2238-0x00007FF6013B0000-0x00007FF601704000-memory.dmp

Filesize
3.3MB

Download
memory/3612-2251-0x00007FF6BF1C0000-0x00007FF6BF514000-memory.dmp

Filesize
3.3MB

Download
memory/3612-164-0x00007FF6BF1C0000-0x00007FF6BF514000-memory.dmp

Filesize
3.3MB

Download
memory/3852-2257-0x00007FF619310000-0x00007FF619664000-memory.dmp

Filesize
3.3MB

Download
memory/3852-188-0x00007FF619310000-0x00007FF619664000-memory.dmp

Filesize
3.3MB

Download
memory/4144-6-0x00007FF7E8F00000-0x00007FF7E9254000-memory.dmp

Filesize
3.3MB

Download
memory/4144-185-0x00007FF7E8F00000-0x00007FF7E9254000-memory.dmp

Filesize
3.3MB

Download
memory/4196-2242-0x00007FF7716F0000-0x00007FF771A44000-memory.dmp

Filesize
3.3MB

Download
memory/4196-114-0x00007FF7716F0000-0x00007FF771A44000-memory.dmp

Filesize
3.3MB

Download
memory/4392-24-0x00007FF66EF30000-0x00007FF66F284000-memory.dmp

Filesize
3.3MB

Download
memory/4392-306-0x00007FF66EF30000-0x00007FF66F284000-memory.dmp

Filesize
3.3MB

Download
memory/4500-2246-0x00007FF701210000-0x00007FF701564000-memory.dmp

Filesize
3.3MB

Download
memory/4500-86-0x00007FF701210000-0x00007FF701564000-memory.dmp

Filesize
3.3MB

Download
memory/4500-647-0x00007FF701210000-0x00007FF701564000-memory.dmp

Filesize
3.3MB

Download
memory/4568-2249-0x00007FF6531F0000-0x00007FF653544000-memory.dmp

Filesize
3.3MB

Download
memory/4568-98-0x00007FF6531F0000-0x00007FF653544000-memory.dmp

Filesize
3.3MB

Download
memory/4568-649-0x00007FF6531F0000-0x00007FF653544000-memory.dmp

Filesize
3.3MB

Download
memory/4668-181-0x00007FF7FCE30000-0x00007FF7FD184000-memory.dmp

Filesize
3.3MB

Download
memory/4668-2259-0x00007FF7FCE30000-0x00007FF7FD184000-memory.dmp

Filesize
3.3MB

Download
memory/4680-2255-0x00007FF608600000-0x00007FF608954000-memory.dmp

Filesize
3.3MB

Download
memory/4680-180-0x00007FF608600000-0x00007FF608954000-memory.dmp

Filesize
3.3MB

Download
memory/4692-2252-0x00007FF762FF0000-0x00007FF763344000-memory.dmp

Filesize
3.3MB

Download
memory/4692-173-0x00007FF762FF0000-0x00007FF763344000-memory.dmp

Filesize
3.3MB

Download
memory/4840-2245-0x00007FF7ECD40000-0x00007FF7ED094000-memory.dmp

Filesize
3.3MB

Download
memory/4840-97-0x00007FF7ECD40000-0x00007FF7ED094000-memory.dmp

Filesize
3.3MB

Download
memory/4840-580-0x00007FF7ECD40000-0x00007FF7ED094000-memory.dmp

Filesize
3.3MB

Download
memory/4984-2256-0x00007FF7C53D0000-0x00007FF7C5724000-memory.dmp

Filesize
3.3MB

Download
memory/4984-179-0x00007FF7C53D0000-0x00007FF7C5724000-memory.dmp

Filesize
3.3MB

Download
memory/5036-183-0x00007FF7DDF40000-0x00007FF7DE294000-memory.dmp

Filesize
3.3MB

Download
memory/5036-2260-0x00007FF7DDF40000-0x00007FF7DE294000-memory.dmp

Filesize
3.3MB

Download