cobaltstrike | ec00bb3d2c46a190da1b90b2cb9c983585d8fa81bce700e9928726a35f573617

Analysis

max time kernel
93s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2024 04:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

d953665be198f8b51ebf2b917e3369c5
SHA1

410feb6d896d6eb6db41e59f66f23687b4ab814f
SHA256

ec00bb3d2c46a190da1b90b2cb9c983585d8fa81bce700e9928726a35f573617
SHA512

080dd03fdf6c80a760d48421bc6194e6c873952f5cae8ae77ec7ad39ed46ddabe52d9a227c2454aff1f6bc58e8c751041a18627e961a7996c46bd2a87273bc31
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUv:T+q56utgpPF8u/7v

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0008000000023cd4-4.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd6-18.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd8-28.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd7-24.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd5-12.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd9-37.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cde-65.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce0-80.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cdf-76.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cdd-63.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023cd2-58.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cda-49.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cdb-52.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce1-87.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce2-93.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce5-119.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce6-123.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce4-111.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce3-99.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce8-146.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cea-152.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce9-149.dat	cobalt_reflective_dll
behavioral2/files/0x000400000001e748-138.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce7-136.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ced-170.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cec-172.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ceb-165.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cee-183.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cef-186.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cf1-193.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cf3-202.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cf2-203.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3292-0-0x00007FF7AFD20000-0x00007FF7B0074000-memory.dmp	xmrig
behavioral2/files/0x0008000000023cd4-4.dat	xmrig
behavioral2/memory/3932-8-0x00007FF70F8C0000-0x00007FF70FC14000-memory.dmp	xmrig
behavioral2/memory/3876-13-0x00007FF6F6C70000-0x00007FF6F6FC4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cd6-18.dat	xmrig
behavioral2/memory/3036-20-0x00007FF647610000-0x00007FF647964000-memory.dmp	xmrig
behavioral2/memory/2224-26-0x00007FF60DF50000-0x00007FF60E2A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cd8-28.dat	xmrig
behavioral2/memory/4992-32-0x00007FF645A20000-0x00007FF645D74000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cd7-24.dat	xmrig
behavioral2/files/0x0007000000023cd5-12.dat	xmrig
behavioral2/files/0x0007000000023cd9-37.dat	xmrig
behavioral2/memory/1868-36-0x00007FF765C80000-0x00007FF765FD4000-memory.dmp	xmrig
behavioral2/memory/1136-47-0x00007FF7BFC80000-0x00007FF7BFFD4000-memory.dmp	xmrig
behavioral2/memory/4368-55-0x00007FF7C3340000-0x00007FF7C3694000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cde-65.dat	xmrig
behavioral2/memory/3292-71-0x00007FF7AFD20000-0x00007FF7B0074000-memory.dmp	xmrig
behavioral2/memory/3904-82-0x00007FF674360000-0x00007FF6746B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ce0-80.dat	xmrig
behavioral2/memory/3932-79-0x00007FF70F8C0000-0x00007FF70FC14000-memory.dmp	xmrig
behavioral2/memory/3144-78-0x00007FF751870000-0x00007FF751BC4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cdf-76.dat	xmrig
behavioral2/memory/2092-75-0x00007FF7E0020000-0x00007FF7E0374000-memory.dmp	xmrig
behavioral2/memory/3680-74-0x00007FF676AA0000-0x00007FF676DF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cdd-63.dat	xmrig
behavioral2/files/0x0008000000023cd2-58.dat	xmrig
behavioral2/files/0x0007000000023cda-49.dat	xmrig
behavioral2/files/0x0007000000023cdb-52.dat	xmrig
behavioral2/memory/3960-42-0x00007FF635430000-0x00007FF635784000-memory.dmp	xmrig
behavioral2/memory/3876-83-0x00007FF6F6C70000-0x00007FF6F6FC4000-memory.dmp	xmrig
behavioral2/memory/2096-90-0x00007FF6AA1D0000-0x00007FF6AA524000-memory.dmp	xmrig
behavioral2/memory/3036-89-0x00007FF647610000-0x00007FF647964000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ce1-87.dat	xmrig
behavioral2/files/0x0007000000023ce2-93.dat	xmrig
behavioral2/memory/4424-102-0x00007FF720E80000-0x00007FF7211D4000-memory.dmp	xmrig
behavioral2/memory/1320-105-0x00007FF70D620000-0x00007FF70D974000-memory.dmp	xmrig
behavioral2/memory/3960-114-0x00007FF635430000-0x00007FF635784000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ce5-119.dat	xmrig
behavioral2/files/0x0007000000023ce6-123.dat	xmrig
behavioral2/memory/1360-122-0x00007FF7B8CC0000-0x00007FF7B9014000-memory.dmp	xmrig
behavioral2/memory/1136-121-0x00007FF7BFC80000-0x00007FF7BFFD4000-memory.dmp	xmrig
behavioral2/memory/3352-117-0x00007FF77E5E0000-0x00007FF77E934000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ce4-111.dat	xmrig
behavioral2/memory/1868-108-0x00007FF765C80000-0x00007FF765FD4000-memory.dmp	xmrig
behavioral2/memory/3168-107-0x00007FF7C47B0000-0x00007FF7C4B04000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ce3-99.dat	xmrig
behavioral2/memory/2224-96-0x00007FF60DF50000-0x00007FF60E2A4000-memory.dmp	xmrig
behavioral2/memory/2740-133-0x00007FF618D70000-0x00007FF6190C4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ce8-146.dat	xmrig
behavioral2/files/0x0007000000023cea-152.dat	xmrig
behavioral2/memory/4504-153-0x00007FF65B370000-0x00007FF65B6C4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ce9-149.dat	xmrig
behavioral2/memory/100-148-0x00007FF67E850000-0x00007FF67EBA4000-memory.dmp	xmrig
behavioral2/memory/2120-142-0x00007FF770370000-0x00007FF7706C4000-memory.dmp	xmrig
behavioral2/memory/5116-141-0x00007FF6181C0000-0x00007FF618514000-memory.dmp	xmrig
behavioral2/files/0x000400000001e748-138.dat	xmrig
behavioral2/memory/2092-132-0x00007FF7E0020000-0x00007FF7E0374000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ce7-136.dat	xmrig
behavioral2/memory/4368-127-0x00007FF7C3340000-0x00007FF7C3694000-memory.dmp	xmrig
behavioral2/memory/3168-161-0x00007FF7C47B0000-0x00007FF7C4B04000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ced-170.dat	xmrig
behavioral2/memory/2100-175-0x00007FF6CB4C0000-0x00007FF6CB814000-memory.dmp	xmrig
behavioral2/memory/1360-174-0x00007FF7B8CC0000-0x00007FF7B9014000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cec-172.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3932	KremJrf.exe
3876	GsyoTwS.exe
3036	KWLVatj.exe
2224	vHqDQek.exe
4992	KDVujGH.exe
1868	HtiSkrr.exe
3960	WtYanxF.exe
1136	rENeDiM.exe
4368	iDsBQgs.exe
3680	vPZSYOq.exe
3144	yAHvCPC.exe
3904	uvMFjpY.exe
2092	RtSQIFA.exe
2096	BXTIwyL.exe
4424	XoTUKuL.exe
1320	ukQukcE.exe
3168	ZqQMdIJ.exe
3352	TVjFclQ.exe
1360	pCbSSFY.exe
2740	dutWEaT.exe
5116	cixIWOO.exe
2120	xkrooSj.exe
100	pmzfORB.exe
4504	pguiHCL.exe
5056	AZJoPHm.exe
4584	feqPXBF.exe
2100	jrGvrvq.exe
1424	PunRwpa.exe
2652	oXPjbRI.exe
1804	aNpfIeR.exe
3772	TvgqWem.exe
1876	SgIeewB.exe
516	qdhCLYy.exe
4484	pVKEECX.exe
3388	xwZUTId.exe
1768	cxyUwMw.exe
4580	JqneNoK.exe
1456	dHqkBvl.exe
2084	ccYLHSe.exe
5028	EtfMmSC.exe
464	SlMBPBj.exe
1208	DxqDTcG.exe
4348	IkhPpPo.exe
2348	lgVCazL.exe
3564	ACYlRbX.exe
3528	QQSdhRW.exe
2168	PKiXhxR.exe
2292	jaODrKi.exe
4664	MVPcxAo.exe
1920	gdYomnZ.exe
2992	mTHEHlo.exe
2456	vLCDKkY.exe
1408	OLZLxnP.exe
1736	TXbtTwq.exe
1632	lvWlepg.exe
4120	ccNzbCt.exe
3956	kuRWRNR.exe
4884	KEfaOUb.exe
4956	WcZhumd.exe
1104	SyMExnW.exe
1472	oranTrA.exe
4208	oDTARYf.exe
3044	GGQVeAM.exe
1260	bfpxGqV.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3292-0-0x00007FF7AFD20000-0x00007FF7B0074000-memory.dmp	upx
behavioral2/files/0x0008000000023cd4-4.dat	upx
behavioral2/memory/3932-8-0x00007FF70F8C0000-0x00007FF70FC14000-memory.dmp	upx
behavioral2/memory/3876-13-0x00007FF6F6C70000-0x00007FF6F6FC4000-memory.dmp	upx
behavioral2/files/0x0007000000023cd6-18.dat	upx
behavioral2/memory/3036-20-0x00007FF647610000-0x00007FF647964000-memory.dmp	upx
behavioral2/memory/2224-26-0x00007FF60DF50000-0x00007FF60E2A4000-memory.dmp	upx
behavioral2/files/0x0007000000023cd8-28.dat	upx
behavioral2/memory/4992-32-0x00007FF645A20000-0x00007FF645D74000-memory.dmp	upx
behavioral2/files/0x0007000000023cd7-24.dat	upx
behavioral2/files/0x0007000000023cd5-12.dat	upx
behavioral2/files/0x0007000000023cd9-37.dat	upx
behavioral2/memory/1868-36-0x00007FF765C80000-0x00007FF765FD4000-memory.dmp	upx
behavioral2/memory/1136-47-0x00007FF7BFC80000-0x00007FF7BFFD4000-memory.dmp	upx
behavioral2/memory/4368-55-0x00007FF7C3340000-0x00007FF7C3694000-memory.dmp	upx
behavioral2/files/0x0007000000023cde-65.dat	upx
behavioral2/memory/3292-71-0x00007FF7AFD20000-0x00007FF7B0074000-memory.dmp	upx
behavioral2/memory/3904-82-0x00007FF674360000-0x00007FF6746B4000-memory.dmp	upx
behavioral2/files/0x0007000000023ce0-80.dat	upx
behavioral2/memory/3932-79-0x00007FF70F8C0000-0x00007FF70FC14000-memory.dmp	upx
behavioral2/memory/3144-78-0x00007FF751870000-0x00007FF751BC4000-memory.dmp	upx
behavioral2/files/0x0007000000023cdf-76.dat	upx
behavioral2/memory/2092-75-0x00007FF7E0020000-0x00007FF7E0374000-memory.dmp	upx
behavioral2/memory/3680-74-0x00007FF676AA0000-0x00007FF676DF4000-memory.dmp	upx
behavioral2/files/0x0007000000023cdd-63.dat	upx
behavioral2/files/0x0008000000023cd2-58.dat	upx
behavioral2/files/0x0007000000023cda-49.dat	upx
behavioral2/files/0x0007000000023cdb-52.dat	upx
behavioral2/memory/3960-42-0x00007FF635430000-0x00007FF635784000-memory.dmp	upx
behavioral2/memory/3876-83-0x00007FF6F6C70000-0x00007FF6F6FC4000-memory.dmp	upx
behavioral2/memory/2096-90-0x00007FF6AA1D0000-0x00007FF6AA524000-memory.dmp	upx
behavioral2/memory/3036-89-0x00007FF647610000-0x00007FF647964000-memory.dmp	upx
behavioral2/files/0x0007000000023ce1-87.dat	upx
behavioral2/files/0x0007000000023ce2-93.dat	upx
behavioral2/memory/4424-102-0x00007FF720E80000-0x00007FF7211D4000-memory.dmp	upx
behavioral2/memory/1320-105-0x00007FF70D620000-0x00007FF70D974000-memory.dmp	upx
behavioral2/memory/3960-114-0x00007FF635430000-0x00007FF635784000-memory.dmp	upx
behavioral2/files/0x0007000000023ce5-119.dat	upx
behavioral2/files/0x0007000000023ce6-123.dat	upx
behavioral2/memory/1360-122-0x00007FF7B8CC0000-0x00007FF7B9014000-memory.dmp	upx
behavioral2/memory/1136-121-0x00007FF7BFC80000-0x00007FF7BFFD4000-memory.dmp	upx
behavioral2/memory/3352-117-0x00007FF77E5E0000-0x00007FF77E934000-memory.dmp	upx
behavioral2/files/0x0007000000023ce4-111.dat	upx
behavioral2/memory/1868-108-0x00007FF765C80000-0x00007FF765FD4000-memory.dmp	upx
behavioral2/memory/3168-107-0x00007FF7C47B0000-0x00007FF7C4B04000-memory.dmp	upx
behavioral2/files/0x0007000000023ce3-99.dat	upx
behavioral2/memory/2224-96-0x00007FF60DF50000-0x00007FF60E2A4000-memory.dmp	upx
behavioral2/memory/2740-133-0x00007FF618D70000-0x00007FF6190C4000-memory.dmp	upx
behavioral2/files/0x0007000000023ce8-146.dat	upx
behavioral2/files/0x0007000000023cea-152.dat	upx
behavioral2/memory/4504-153-0x00007FF65B370000-0x00007FF65B6C4000-memory.dmp	upx
behavioral2/files/0x0007000000023ce9-149.dat	upx
behavioral2/memory/100-148-0x00007FF67E850000-0x00007FF67EBA4000-memory.dmp	upx
behavioral2/memory/2120-142-0x00007FF770370000-0x00007FF7706C4000-memory.dmp	upx
behavioral2/memory/5116-141-0x00007FF6181C0000-0x00007FF618514000-memory.dmp	upx
behavioral2/files/0x000400000001e748-138.dat	upx
behavioral2/memory/2092-132-0x00007FF7E0020000-0x00007FF7E0374000-memory.dmp	upx
behavioral2/files/0x0007000000023ce7-136.dat	upx
behavioral2/memory/4368-127-0x00007FF7C3340000-0x00007FF7C3694000-memory.dmp	upx
behavioral2/memory/3168-161-0x00007FF7C47B0000-0x00007FF7C4B04000-memory.dmp	upx
behavioral2/files/0x0007000000023ced-170.dat	upx
behavioral2/memory/2100-175-0x00007FF6CB4C0000-0x00007FF6CB814000-memory.dmp	upx
behavioral2/memory/1360-174-0x00007FF7B8CC0000-0x00007FF7B9014000-memory.dmp	upx
behavioral2/files/0x0007000000023cec-172.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\IOeSoUd.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CwndGot.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OJcWpPY.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lhBwFii.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UrwceZQ.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PrGeoUy.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GkDFiTN.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qUFHFJq.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gTQclFj.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FwnjGao.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OtSsOTF.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ThlqHMG.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zQYvyzU.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uriERtf.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iXygEUV.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qDjbTGx.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\thMRxOU.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZazeXgV.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PRlbmVV.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kuRWRNR.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nENYZPK.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fRATHsG.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xbSepCG.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bnymazY.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TKSwVOi.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pguiHCL.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lWYJUmK.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ISduONr.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VPSHoZC.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bCsyyAk.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UMdSduR.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BrVugqP.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rcTeZMu.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\atstObP.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tJlpVyK.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nRHTZvf.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jouDKMt.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZCGGmgn.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\USJvwTt.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nIwARfb.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\axsqPty.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XoTUKuL.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NlhGrct.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oITekxc.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\diJyXpA.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VMQmLJU.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vHeFnfD.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dIPHHeF.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HdVmFro.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kgKFewW.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tiUkdQE.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AKcBaJE.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YkuuLpV.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qCRdHiS.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AAVzpKh.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yvCCuHk.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WxNqzXi.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ENOrWZh.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hwgmyxh.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CFhurcR.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CZbOWij.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gVevxZv.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HcjquNL.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PeNpsIY.exe	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3292 wrote to memory of 3932	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 3292 wrote to memory of 3932	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 3292 wrote to memory of 3876	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3292 wrote to memory of 3876	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3292 wrote to memory of 3036	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 3292 wrote to memory of 3036	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 3292 wrote to memory of 2224	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3292 wrote to memory of 2224	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3292 wrote to memory of 4992	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 3292 wrote to memory of 4992	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 3292 wrote to memory of 1868	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3292 wrote to memory of 1868	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3292 wrote to memory of 3960	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3292 wrote to memory of 3960	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3292 wrote to memory of 1136	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3292 wrote to memory of 1136	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3292 wrote to memory of 4368	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 3292 wrote to memory of 4368	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 3292 wrote to memory of 3680	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3292 wrote to memory of 3680	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3292 wrote to memory of 3144	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3292 wrote to memory of 3144	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3292 wrote to memory of 3904	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3292 wrote to memory of 3904	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3292 wrote to memory of 2092	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3292 wrote to memory of 2092	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3292 wrote to memory of 2096	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3292 wrote to memory of 2096	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3292 wrote to memory of 4424	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3292 wrote to memory of 4424	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3292 wrote to memory of 1320	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 3292 wrote to memory of 1320	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 3292 wrote to memory of 3168	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3292 wrote to memory of 3168	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3292 wrote to memory of 3352	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3292 wrote to memory of 3352	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3292 wrote to memory of 1360	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3292 wrote to memory of 1360	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3292 wrote to memory of 2740	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3292 wrote to memory of 2740	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3292 wrote to memory of 5116	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 3292 wrote to memory of 5116	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 3292 wrote to memory of 2120	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3292 wrote to memory of 2120	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3292 wrote to memory of 100	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3292 wrote to memory of 100	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3292 wrote to memory of 4504	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3292 wrote to memory of 4504	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3292 wrote to memory of 5056	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3292 wrote to memory of 5056	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3292 wrote to memory of 4584	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3292 wrote to memory of 4584	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3292 wrote to memory of 2100	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3292 wrote to memory of 2100	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3292 wrote to memory of 1424	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3292 wrote to memory of 1424	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3292 wrote to memory of 2652	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 3292 wrote to memory of 2652	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 3292 wrote to memory of 1804	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 3292 wrote to memory of 1804	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 3292 wrote to memory of 3772	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 3292 wrote to memory of 3772	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 3292 wrote to memory of 1876	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 3292 wrote to memory of 1876	3292	2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe	117

C:\Users\Admin\AppData\Local\Temp\2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25_d953665be198f8b51ebf2b917e3369c5_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3292
- C:\Windows\System\KremJrf.exe
  C:\Windows\System\KremJrf.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\GsyoTwS.exe
  C:\Windows\System\GsyoTwS.exe
  2⤵
  - Executes dropped EXE
  PID:3876
- C:\Windows\System\KWLVatj.exe
  C:\Windows\System\KWLVatj.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\vHqDQek.exe
  C:\Windows\System\vHqDQek.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\KDVujGH.exe
  C:\Windows\System\KDVujGH.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\HtiSkrr.exe
  C:\Windows\System\HtiSkrr.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\WtYanxF.exe
  C:\Windows\System\WtYanxF.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\rENeDiM.exe
  C:\Windows\System\rENeDiM.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\iDsBQgs.exe
  C:\Windows\System\iDsBQgs.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\vPZSYOq.exe
  C:\Windows\System\vPZSYOq.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\yAHvCPC.exe
  C:\Windows\System\yAHvCPC.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System\uvMFjpY.exe
  C:\Windows\System\uvMFjpY.exe
  2⤵
  - Executes dropped EXE
  PID:3904
- C:\Windows\System\RtSQIFA.exe
  C:\Windows\System\RtSQIFA.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\BXTIwyL.exe
  C:\Windows\System\BXTIwyL.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\XoTUKuL.exe
  C:\Windows\System\XoTUKuL.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\ukQukcE.exe
  C:\Windows\System\ukQukcE.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\ZqQMdIJ.exe
  C:\Windows\System\ZqQMdIJ.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System\TVjFclQ.exe
  C:\Windows\System\TVjFclQ.exe
  2⤵
  - Executes dropped EXE
  PID:3352
- C:\Windows\System\pCbSSFY.exe
  C:\Windows\System\pCbSSFY.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\dutWEaT.exe
  C:\Windows\System\dutWEaT.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\cixIWOO.exe
  C:\Windows\System\cixIWOO.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\xkrooSj.exe
  C:\Windows\System\xkrooSj.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\pmzfORB.exe
  C:\Windows\System\pmzfORB.exe
  2⤵
  - Executes dropped EXE
  PID:100
- C:\Windows\System\pguiHCL.exe
  C:\Windows\System\pguiHCL.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\AZJoPHm.exe
  C:\Windows\System\AZJoPHm.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\feqPXBF.exe
  C:\Windows\System\feqPXBF.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\jrGvrvq.exe
  C:\Windows\System\jrGvrvq.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\PunRwpa.exe
  C:\Windows\System\PunRwpa.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\oXPjbRI.exe
  C:\Windows\System\oXPjbRI.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\aNpfIeR.exe
  C:\Windows\System\aNpfIeR.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\TvgqWem.exe
  C:\Windows\System\TvgqWem.exe
  2⤵
  - Executes dropped EXE
  PID:3772
- C:\Windows\System\SgIeewB.exe
  C:\Windows\System\SgIeewB.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\qdhCLYy.exe
  C:\Windows\System\qdhCLYy.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\pVKEECX.exe
  C:\Windows\System\pVKEECX.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\xwZUTId.exe
  C:\Windows\System\xwZUTId.exe
  2⤵
  - Executes dropped EXE
  PID:3388
- C:\Windows\System\cxyUwMw.exe
  C:\Windows\System\cxyUwMw.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\JqneNoK.exe
  C:\Windows\System\JqneNoK.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\dHqkBvl.exe
  C:\Windows\System\dHqkBvl.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\ccYLHSe.exe
  C:\Windows\System\ccYLHSe.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\EtfMmSC.exe
  C:\Windows\System\EtfMmSC.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\SlMBPBj.exe
  C:\Windows\System\SlMBPBj.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\DxqDTcG.exe
  C:\Windows\System\DxqDTcG.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\IkhPpPo.exe
  C:\Windows\System\IkhPpPo.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\lgVCazL.exe
  C:\Windows\System\lgVCazL.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\ACYlRbX.exe
  C:\Windows\System\ACYlRbX.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\QQSdhRW.exe
  C:\Windows\System\QQSdhRW.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\PKiXhxR.exe
  C:\Windows\System\PKiXhxR.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\jaODrKi.exe
  C:\Windows\System\jaODrKi.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\MVPcxAo.exe
  C:\Windows\System\MVPcxAo.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\gdYomnZ.exe
  C:\Windows\System\gdYomnZ.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\mTHEHlo.exe
  C:\Windows\System\mTHEHlo.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\vLCDKkY.exe
  C:\Windows\System\vLCDKkY.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\OLZLxnP.exe
  C:\Windows\System\OLZLxnP.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\TXbtTwq.exe
  C:\Windows\System\TXbtTwq.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\lvWlepg.exe
  C:\Windows\System\lvWlepg.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\ccNzbCt.exe
  C:\Windows\System\ccNzbCt.exe
  2⤵
  - Executes dropped EXE
  PID:4120
- C:\Windows\System\kuRWRNR.exe
  C:\Windows\System\kuRWRNR.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\KEfaOUb.exe
  C:\Windows\System\KEfaOUb.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\WcZhumd.exe
  C:\Windows\System\WcZhumd.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\SyMExnW.exe
  C:\Windows\System\SyMExnW.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\oranTrA.exe
  C:\Windows\System\oranTrA.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\oDTARYf.exe
  C:\Windows\System\oDTARYf.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System\GGQVeAM.exe
  C:\Windows\System\GGQVeAM.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\bfpxGqV.exe
  C:\Windows\System\bfpxGqV.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\mPdWxbz.exe
  C:\Windows\System\mPdWxbz.exe
  2⤵
  PID:1016
- C:\Windows\System\RtlLDdq.exe
  C:\Windows\System\RtlLDdq.exe
  2⤵
  PID:1560
- C:\Windows\System\gclucXC.exe
  C:\Windows\System\gclucXC.exe
  2⤵
  PID:4812
- C:\Windows\System\CHzEkUO.exe
  C:\Windows\System\CHzEkUO.exe
  2⤵
  PID:4788
- C:\Windows\System\cLzUWWv.exe
  C:\Windows\System\cLzUWWv.exe
  2⤵
  PID:4016
- C:\Windows\System\TgQdvsR.exe
  C:\Windows\System\TgQdvsR.exe
  2⤵
  PID:3584
- C:\Windows\System\cnZYvoz.exe
  C:\Windows\System\cnZYvoz.exe
  2⤵
  PID:848
- C:\Windows\System\kvgCgJw.exe
  C:\Windows\System\kvgCgJw.exe
  2⤵
  PID:1376
- C:\Windows\System\UfDOYJI.exe
  C:\Windows\System\UfDOYJI.exe
  2⤵
  PID:4340
- C:\Windows\System\SRVoLuX.exe
  C:\Windows\System\SRVoLuX.exe
  2⤵
  PID:3116
- C:\Windows\System\kyPaMXj.exe
  C:\Windows\System\kyPaMXj.exe
  2⤵
  PID:5112
- C:\Windows\System\PrnNcdA.exe
  C:\Windows\System\PrnNcdA.exe
  2⤵
  PID:3908
- C:\Windows\System\gFNxChl.exe
  C:\Windows\System\gFNxChl.exe
  2⤵
  PID:3872
- C:\Windows\System\llsDWkg.exe
  C:\Windows\System\llsDWkg.exe
  2⤵
  PID:4768
- C:\Windows\System\kIBAeUX.exe
  C:\Windows\System\kIBAeUX.exe
  2⤵
  PID:1944
- C:\Windows\System\burHzDo.exe
  C:\Windows\System\burHzDo.exe
  2⤵
  PID:4344
- C:\Windows\System\uSFyvfI.exe
  C:\Windows\System\uSFyvfI.exe
  2⤵
  PID:2504
- C:\Windows\System\slsPrQw.exe
  C:\Windows\System\slsPrQw.exe
  2⤵
  PID:2716
- C:\Windows\System\KMrbgXg.exe
  C:\Windows\System\KMrbgXg.exe
  2⤵
  PID:4464
- C:\Windows\System\TxSBEaK.exe
  C:\Windows\System\TxSBEaK.exe
  2⤵
  PID:2804
- C:\Windows\System\HMJBuyA.exe
  C:\Windows\System\HMJBuyA.exe
  2⤵
  PID:1420
- C:\Windows\System\TcbchWM.exe
  C:\Windows\System\TcbchWM.exe
  2⤵
  PID:2320
- C:\Windows\System\mRvXowX.exe
  C:\Windows\System\mRvXowX.exe
  2⤵
  PID:4600
- C:\Windows\System\sTlGfqm.exe
  C:\Windows\System\sTlGfqm.exe
  2⤵
  PID:3936
- C:\Windows\System\XqvmeQh.exe
  C:\Windows\System\XqvmeQh.exe
  2⤵
  PID:4336
- C:\Windows\System\VEJeBvP.exe
  C:\Windows\System\VEJeBvP.exe
  2⤵
  PID:5160
- C:\Windows\System\gxyyTCj.exe
  C:\Windows\System\gxyyTCj.exe
  2⤵
  PID:5188
- C:\Windows\System\unhnUMp.exe
  C:\Windows\System\unhnUMp.exe
  2⤵
  PID:5208
- C:\Windows\System\IyJzmvh.exe
  C:\Windows\System\IyJzmvh.exe
  2⤵
  PID:5240
- C:\Windows\System\xYdchjG.exe
  C:\Windows\System\xYdchjG.exe
  2⤵
  PID:5268
- C:\Windows\System\JEJnMTZ.exe
  C:\Windows\System\JEJnMTZ.exe
  2⤵
  PID:5296
- C:\Windows\System\zgOFOPD.exe
  C:\Windows\System\zgOFOPD.exe
  2⤵
  PID:5328
- C:\Windows\System\mISWQkJ.exe
  C:\Windows\System\mISWQkJ.exe
  2⤵
  PID:5352
- C:\Windows\System\yyZYTpg.exe
  C:\Windows\System\yyZYTpg.exe
  2⤵
  PID:5384
- C:\Windows\System\LRoRvrd.exe
  C:\Windows\System\LRoRvrd.exe
  2⤵
  PID:5404
- C:\Windows\System\nENYZPK.exe
  C:\Windows\System\nENYZPK.exe
  2⤵
  PID:5440
- C:\Windows\System\PZnrQzR.exe
  C:\Windows\System\PZnrQzR.exe
  2⤵
  PID:5472
- C:\Windows\System\ylqvyQb.exe
  C:\Windows\System\ylqvyQb.exe
  2⤵
  PID:5496
- C:\Windows\System\ozaDCLG.exe
  C:\Windows\System\ozaDCLG.exe
  2⤵
  PID:5524
- C:\Windows\System\LZmcSPX.exe
  C:\Windows\System\LZmcSPX.exe
  2⤵
  PID:5556
- C:\Windows\System\iikLWoo.exe
  C:\Windows\System\iikLWoo.exe
  2⤵
  PID:5580
- C:\Windows\System\ytyopDq.exe
  C:\Windows\System\ytyopDq.exe
  2⤵
  PID:5608
- C:\Windows\System\VxzNLjT.exe
  C:\Windows\System\VxzNLjT.exe
  2⤵
  PID:5632
- C:\Windows\System\RFEsXwt.exe
  C:\Windows\System\RFEsXwt.exe
  2⤵
  PID:5660
- C:\Windows\System\RqfCgAd.exe
  C:\Windows\System\RqfCgAd.exe
  2⤵
  PID:5696
- C:\Windows\System\TOHhyNZ.exe
  C:\Windows\System\TOHhyNZ.exe
  2⤵
  PID:5728
- C:\Windows\System\cpcnHvh.exe
  C:\Windows\System\cpcnHvh.exe
  2⤵
  PID:5752
- C:\Windows\System\PyUieRR.exe
  C:\Windows\System\PyUieRR.exe
  2⤵
  PID:5780
- C:\Windows\System\KJDNoCj.exe
  C:\Windows\System\KJDNoCj.exe
  2⤵
  PID:5808
- C:\Windows\System\ThlqHMG.exe
  C:\Windows\System\ThlqHMG.exe
  2⤵
  PID:5836
- C:\Windows\System\IOeSoUd.exe
  C:\Windows\System\IOeSoUd.exe
  2⤵
  PID:5864
- C:\Windows\System\BJOWErH.exe
  C:\Windows\System\BJOWErH.exe
  2⤵
  PID:5892
- C:\Windows\System\lADyNmR.exe
  C:\Windows\System\lADyNmR.exe
  2⤵
  PID:5920
- C:\Windows\System\JiWISIf.exe
  C:\Windows\System\JiWISIf.exe
  2⤵
  PID:5952
- C:\Windows\System\jsrufKs.exe
  C:\Windows\System\jsrufKs.exe
  2⤵
  PID:5972
- C:\Windows\System\sHrbYwS.exe
  C:\Windows\System\sHrbYwS.exe
  2⤵
  PID:6004
- C:\Windows\System\WdQirYH.exe
  C:\Windows\System\WdQirYH.exe
  2⤵
  PID:6032
- C:\Windows\System\jNIbIKE.exe
  C:\Windows\System\jNIbIKE.exe
  2⤵
  PID:6064
- C:\Windows\System\ykXWDIZ.exe
  C:\Windows\System\ykXWDIZ.exe
  2⤵
  PID:6088
- C:\Windows\System\YgDzhco.exe
  C:\Windows\System\YgDzhco.exe
  2⤵
  PID:6116
- C:\Windows\System\eSnXZWB.exe
  C:\Windows\System\eSnXZWB.exe
  2⤵
  PID:5132
- C:\Windows\System\FzPClHW.exe
  C:\Windows\System\FzPClHW.exe
  2⤵
  PID:4840
- C:\Windows\System\tNwNaJD.exe
  C:\Windows\System\tNwNaJD.exe
  2⤵
  PID:4156
- C:\Windows\System\TtQTOQr.exe
  C:\Windows\System\TtQTOQr.exe
  2⤵
  PID:5252
- C:\Windows\System\LJZiori.exe
  C:\Windows\System\LJZiori.exe
  2⤵
  PID:5284
- C:\Windows\System\EiXnFRJ.exe
  C:\Windows\System\EiXnFRJ.exe
  2⤵
  PID:5360
- C:\Windows\System\fRATHsG.exe
  C:\Windows\System\fRATHsG.exe
  2⤵
  PID:5424
- C:\Windows\System\dtJbrHD.exe
  C:\Windows\System\dtJbrHD.exe
  2⤵
  PID:5480
- C:\Windows\System\CLUgqzU.exe
  C:\Windows\System\CLUgqzU.exe
  2⤵
  PID:5532
- C:\Windows\System\MxvoVFD.exe
  C:\Windows\System\MxvoVFD.exe
  2⤵
  PID:5592
- C:\Windows\System\ffTeUnd.exe
  C:\Windows\System\ffTeUnd.exe
  2⤵
  PID:5656
- C:\Windows\System\QmojyTG.exe
  C:\Windows\System\QmojyTG.exe
  2⤵
  PID:5724
- C:\Windows\System\CZbOWij.exe
  C:\Windows\System\CZbOWij.exe
  2⤵
  PID:5768
- C:\Windows\System\PgzbWZh.exe
  C:\Windows\System\PgzbWZh.exe
  2⤵
  PID:5848
- C:\Windows\System\tYjGGWZ.exe
  C:\Windows\System\tYjGGWZ.exe
  2⤵
  PID:5912
- C:\Windows\System\VlPpMcH.exe
  C:\Windows\System\VlPpMcH.exe
  2⤵
  PID:5964
- C:\Windows\System\qVTWIQD.exe
  C:\Windows\System\qVTWIQD.exe
  2⤵
  PID:6016
- C:\Windows\System\GRCQHtB.exe
  C:\Windows\System\GRCQHtB.exe
  2⤵
  PID:6080
- C:\Windows\System\fCaASKH.exe
  C:\Windows\System\fCaASKH.exe
  2⤵
  PID:4544
- C:\Windows\System\CwndGot.exe
  C:\Windows\System\CwndGot.exe
  2⤵
  PID:2548
- C:\Windows\System\gBQSTia.exe
  C:\Windows\System\gBQSTia.exe
  2⤵
  PID:5324
- C:\Windows\System\oVWKaCx.exe
  C:\Windows\System\oVWKaCx.exe
  2⤵
  PID:5448
- C:\Windows\System\pHiKbPi.exe
  C:\Windows\System\pHiKbPi.exe
  2⤵
  PID:5548
- C:\Windows\System\FudUORY.exe
  C:\Windows\System\FudUORY.exe
  2⤵
  PID:5684
- C:\Windows\System\lacDGAY.exe
  C:\Windows\System\lacDGAY.exe
  2⤵
  PID:5816
- C:\Windows\System\tdIrlCB.exe
  C:\Windows\System\tdIrlCB.exe
  2⤵
  PID:5948
- C:\Windows\System\HTNGQvg.exe
  C:\Windows\System\HTNGQvg.exe
  2⤵
  PID:6060
- C:\Windows\System\CVDWvJz.exe
  C:\Windows\System\CVDWvJz.exe
  2⤵
  PID:5276
- C:\Windows\System\wGeUrJl.exe
  C:\Windows\System\wGeUrJl.exe
  2⤵
  PID:4268
- C:\Windows\System\ZSnqPwy.exe
  C:\Windows\System\ZSnqPwy.exe
  2⤵
  PID:5996
- C:\Windows\System\PrGeoUy.exe
  C:\Windows\System\PrGeoUy.exe
  2⤵
  PID:6164
- C:\Windows\System\rekszfN.exe
  C:\Windows\System\rekszfN.exe
  2⤵
  PID:6256
- C:\Windows\System\zZKPizj.exe
  C:\Windows\System\zZKPizj.exe
  2⤵
  PID:6284
- C:\Windows\System\gVevxZv.exe
  C:\Windows\System\gVevxZv.exe
  2⤵
  PID:6316
- C:\Windows\System\tiUkdQE.exe
  C:\Windows\System\tiUkdQE.exe
  2⤵
  PID:6368
- C:\Windows\System\HcjquNL.exe
  C:\Windows\System\HcjquNL.exe
  2⤵
  PID:6388
- C:\Windows\System\EBpqIwY.exe
  C:\Windows\System\EBpqIwY.exe
  2⤵
  PID:6424
- C:\Windows\System\GjTsPSf.exe
  C:\Windows\System\GjTsPSf.exe
  2⤵
  PID:6456
- C:\Windows\System\orOHkpG.exe
  C:\Windows\System\orOHkpG.exe
  2⤵
  PID:6488
- C:\Windows\System\mSvruxj.exe
  C:\Windows\System\mSvruxj.exe
  2⤵
  PID:6516
- C:\Windows\System\AbjhcrR.exe
  C:\Windows\System\AbjhcrR.exe
  2⤵
  PID:6540
- C:\Windows\System\nZYdxRp.exe
  C:\Windows\System\nZYdxRp.exe
  2⤵
  PID:6564
- C:\Windows\System\NlhGrct.exe
  C:\Windows\System\NlhGrct.exe
  2⤵
  PID:6600
- C:\Windows\System\YIOaWJB.exe
  C:\Windows\System\YIOaWJB.exe
  2⤵
  PID:6632
- C:\Windows\System\aRZhIXl.exe
  C:\Windows\System\aRZhIXl.exe
  2⤵
  PID:6668
- C:\Windows\System\jZbKtcI.exe
  C:\Windows\System\jZbKtcI.exe
  2⤵
  PID:6684
- C:\Windows\System\lJNYdRx.exe
  C:\Windows\System\lJNYdRx.exe
  2⤵
  PID:6712
- C:\Windows\System\lbdYuhO.exe
  C:\Windows\System\lbdYuhO.exe
  2⤵
  PID:6752
- C:\Windows\System\PeNpsIY.exe
  C:\Windows\System\PeNpsIY.exe
  2⤵
  PID:6784
- C:\Windows\System\DPagiwU.exe
  C:\Windows\System\DPagiwU.exe
  2⤵
  PID:6808
- C:\Windows\System\HOrSIJZ.exe
  C:\Windows\System\HOrSIJZ.exe
  2⤵
  PID:6836
- C:\Windows\System\WGgfZZR.exe
  C:\Windows\System\WGgfZZR.exe
  2⤵
  PID:6864
- C:\Windows\System\AKcBaJE.exe
  C:\Windows\System\AKcBaJE.exe
  2⤵
  PID:6896
- C:\Windows\System\UBSiVCN.exe
  C:\Windows\System\UBSiVCN.exe
  2⤵
  PID:6928
- C:\Windows\System\pUtORlU.exe
  C:\Windows\System\pUtORlU.exe
  2⤵
  PID:6952
- C:\Windows\System\DFEHjHC.exe
  C:\Windows\System\DFEHjHC.exe
  2⤵
  PID:6980
- C:\Windows\System\zQYvyzU.exe
  C:\Windows\System\zQYvyzU.exe
  2⤵
  PID:7004
- C:\Windows\System\XaajTYP.exe
  C:\Windows\System\XaajTYP.exe
  2⤵
  PID:7036
- C:\Windows\System\LeVnDbz.exe
  C:\Windows\System\LeVnDbz.exe
  2⤵
  PID:7064
- C:\Windows\System\vlugnbj.exe
  C:\Windows\System\vlugnbj.exe
  2⤵
  PID:7092
- C:\Windows\System\laVBrDo.exe
  C:\Windows\System\laVBrDo.exe
  2⤵
  PID:7120
- C:\Windows\System\PFYdaWy.exe
  C:\Windows\System\PFYdaWy.exe
  2⤵
  PID:7148
- C:\Windows\System\tlFGQUf.exe
  C:\Windows\System\tlFGQUf.exe
  2⤵
  PID:6196
- C:\Windows\System\uZMdnZh.exe
  C:\Windows\System\uZMdnZh.exe
  2⤵
  PID:6308
- C:\Windows\System\jtwwvDM.exe
  C:\Windows\System\jtwwvDM.exe
  2⤵
  PID:6384
- C:\Windows\System\jmKroDd.exe
  C:\Windows\System\jmKroDd.exe
  2⤵
  PID:6480
- C:\Windows\System\xbSepCG.exe
  C:\Windows\System\xbSepCG.exe
  2⤵
  PID:6500
- C:\Windows\System\GcbOPZC.exe
  C:\Windows\System\GcbOPZC.exe
  2⤵
  PID:6528
- C:\Windows\System\kJrlenZ.exe
  C:\Windows\System\kJrlenZ.exe
  2⤵
  PID:6592
- C:\Windows\System\obZcqzA.exe
  C:\Windows\System\obZcqzA.exe
  2⤵
  PID:6648
- C:\Windows\System\GOClGSN.exe
  C:\Windows\System\GOClGSN.exe
  2⤵
  PID:760
- C:\Windows\System\UGqidON.exe
  C:\Windows\System\UGqidON.exe
  2⤵
  PID:3240
- C:\Windows\System\eYmMeno.exe
  C:\Windows\System\eYmMeno.exe
  2⤵
  PID:6856
- C:\Windows\System\GkDFiTN.exe
  C:\Windows\System\GkDFiTN.exe
  2⤵
  PID:6936
- C:\Windows\System\ftTSxaK.exe
  C:\Windows\System\ftTSxaK.exe
  2⤵
  PID:6996
- C:\Windows\System\vaXBJOF.exe
  C:\Windows\System\vaXBJOF.exe
  2⤵
  PID:7072
- C:\Windows\System\MlVBzrS.exe
  C:\Windows\System\MlVBzrS.exe
  2⤵
  PID:7128
- C:\Windows\System\EKZYGdG.exe
  C:\Windows\System\EKZYGdG.exe
  2⤵
  PID:6296
- C:\Windows\System\panTYPu.exe
  C:\Windows\System\panTYPu.exe
  2⤵
  PID:6344
- C:\Windows\System\kJwXPUW.exe
  C:\Windows\System\kJwXPUW.exe
  2⤵
  PID:6560
- C:\Windows\System\iphtqcM.exe
  C:\Windows\System\iphtqcM.exe
  2⤵
  PID:6704
- C:\Windows\System\kvhRCLi.exe
  C:\Windows\System\kvhRCLi.exe
  2⤵
  PID:6892
- C:\Windows\System\NLgjcce.exe
  C:\Windows\System\NLgjcce.exe
  2⤵
  PID:5488
- C:\Windows\System\HDVsuXQ.exe
  C:\Windows\System\HDVsuXQ.exe
  2⤵
  PID:7084
- C:\Windows\System\zlkiHNn.exe
  C:\Windows\System\zlkiHNn.exe
  2⤵
  PID:6408
- C:\Windows\System\mFjDaRx.exe
  C:\Windows\System\mFjDaRx.exe
  2⤵
  PID:6760
- C:\Windows\System\vVpSaxK.exe
  C:\Windows\System\vVpSaxK.exe
  2⤵
  PID:6352
- C:\Windows\System\IpmJbZH.exe
  C:\Windows\System\IpmJbZH.exe
  2⤵
  PID:6624
- C:\Windows\System\mlPqksa.exe
  C:\Windows\System\mlPqksa.exe
  2⤵
  PID:7192
- C:\Windows\System\AtkhHDq.exe
  C:\Windows\System\AtkhHDq.exe
  2⤵
  PID:7220
- C:\Windows\System\QiAZEWy.exe
  C:\Windows\System\QiAZEWy.exe
  2⤵
  PID:7256
- C:\Windows\System\qPVkYOG.exe
  C:\Windows\System\qPVkYOG.exe
  2⤵
  PID:7288
- C:\Windows\System\xYvZfqL.exe
  C:\Windows\System\xYvZfqL.exe
  2⤵
  PID:7316
- C:\Windows\System\gpGSGXr.exe
  C:\Windows\System\gpGSGXr.exe
  2⤵
  PID:7332
- C:\Windows\System\xpKgKjf.exe
  C:\Windows\System\xpKgKjf.exe
  2⤵
  PID:7364
- C:\Windows\System\votUkrY.exe
  C:\Windows\System\votUkrY.exe
  2⤵
  PID:7404
- C:\Windows\System\xNHNTGq.exe
  C:\Windows\System\xNHNTGq.exe
  2⤵
  PID:7420
- C:\Windows\System\YdtWaCg.exe
  C:\Windows\System\YdtWaCg.exe
  2⤵
  PID:7464
- C:\Windows\System\BrMvRGa.exe
  C:\Windows\System\BrMvRGa.exe
  2⤵
  PID:7492
- C:\Windows\System\VEonsNl.exe
  C:\Windows\System\VEonsNl.exe
  2⤵
  PID:7520
- C:\Windows\System\lcOUTYf.exe
  C:\Windows\System\lcOUTYf.exe
  2⤵
  PID:7552
- C:\Windows\System\oNpKDVM.exe
  C:\Windows\System\oNpKDVM.exe
  2⤵
  PID:7576
- C:\Windows\System\oUYOOZp.exe
  C:\Windows\System\oUYOOZp.exe
  2⤵
  PID:7604
- C:\Windows\System\GJypJQI.exe
  C:\Windows\System\GJypJQI.exe
  2⤵
  PID:7632
- C:\Windows\System\LpiBoer.exe
  C:\Windows\System\LpiBoer.exe
  2⤵
  PID:7660
- C:\Windows\System\JjQOXSm.exe
  C:\Windows\System\JjQOXSm.exe
  2⤵
  PID:7692
- C:\Windows\System\XINNfNI.exe
  C:\Windows\System\XINNfNI.exe
  2⤵
  PID:7716
- C:\Windows\System\sEUJXKF.exe
  C:\Windows\System\sEUJXKF.exe
  2⤵
  PID:7756
- C:\Windows\System\oSDecTO.exe
  C:\Windows\System\oSDecTO.exe
  2⤵
  PID:7776
- C:\Windows\System\SubRxQn.exe
  C:\Windows\System\SubRxQn.exe
  2⤵
  PID:7804
- C:\Windows\System\sNmMEws.exe
  C:\Windows\System\sNmMEws.exe
  2⤵
  PID:7832
- C:\Windows\System\WskckXj.exe
  C:\Windows\System\WskckXj.exe
  2⤵
  PID:7860
- C:\Windows\System\RujkJSl.exe
  C:\Windows\System\RujkJSl.exe
  2⤵
  PID:7888
- C:\Windows\System\XuzLMwP.exe
  C:\Windows\System\XuzLMwP.exe
  2⤵
  PID:7916
- C:\Windows\System\CNYZbQY.exe
  C:\Windows\System\CNYZbQY.exe
  2⤵
  PID:7944
- C:\Windows\System\zWpBGYD.exe
  C:\Windows\System\zWpBGYD.exe
  2⤵
  PID:7980
- C:\Windows\System\XqjtiQS.exe
  C:\Windows\System\XqjtiQS.exe
  2⤵
  PID:8000
- C:\Windows\System\TVPzfyp.exe
  C:\Windows\System\TVPzfyp.exe
  2⤵
  PID:8028
- C:\Windows\System\cbweyQU.exe
  C:\Windows\System\cbweyQU.exe
  2⤵
  PID:8056
- C:\Windows\System\WencWLA.exe
  C:\Windows\System\WencWLA.exe
  2⤵
  PID:8084
- C:\Windows\System\vItIUzo.exe
  C:\Windows\System\vItIUzo.exe
  2⤵
  PID:8112
- C:\Windows\System\OxIpLtc.exe
  C:\Windows\System\OxIpLtc.exe
  2⤵
  PID:8140
- C:\Windows\System\bnaXCgT.exe
  C:\Windows\System\bnaXCgT.exe
  2⤵
  PID:8180
- C:\Windows\System\RIPWGFP.exe
  C:\Windows\System\RIPWGFP.exe
  2⤵
  PID:7204
- C:\Windows\System\QEDQSiU.exe
  C:\Windows\System\QEDQSiU.exe
  2⤵
  PID:7264
- C:\Windows\System\piQNNAR.exe
  C:\Windows\System\piQNNAR.exe
  2⤵
  PID:7324
- C:\Windows\System\LJmaCXW.exe
  C:\Windows\System\LJmaCXW.exe
  2⤵
  PID:7400
- C:\Windows\System\lnevDva.exe
  C:\Windows\System\lnevDva.exe
  2⤵
  PID:7452
- C:\Windows\System\CoFDGLF.exe
  C:\Windows\System\CoFDGLF.exe
  2⤵
  PID:3444
- C:\Windows\System\ditbRzr.exe
  C:\Windows\System\ditbRzr.exe
  2⤵
  PID:2688
- C:\Windows\System\JfhtiTs.exe
  C:\Windows\System\JfhtiTs.exe
  2⤵
  PID:7484
- C:\Windows\System\UKRiwwq.exe
  C:\Windows\System\UKRiwwq.exe
  2⤵
  PID:7540
- C:\Windows\System\GDenSDr.exe
  C:\Windows\System\GDenSDr.exe
  2⤵
  PID:7600
- C:\Windows\System\wUTzpbW.exe
  C:\Windows\System\wUTzpbW.exe
  2⤵
  PID:7672
- C:\Windows\System\LowhazQ.exe
  C:\Windows\System\LowhazQ.exe
  2⤵
  PID:7740
- C:\Windows\System\tcoktZK.exe
  C:\Windows\System\tcoktZK.exe
  2⤵
  PID:7800
- C:\Windows\System\YkuuLpV.exe
  C:\Windows\System\YkuuLpV.exe
  2⤵
  PID:7880
- C:\Windows\System\YxlelEW.exe
  C:\Windows\System\YxlelEW.exe
  2⤵
  PID:7956
- C:\Windows\System\HFAaQZf.exe
  C:\Windows\System\HFAaQZf.exe
  2⤵
  PID:8012
- C:\Windows\System\EBelMsW.exe
  C:\Windows\System\EBelMsW.exe
  2⤵
  PID:8076
- C:\Windows\System\Mbwzblp.exe
  C:\Windows\System\Mbwzblp.exe
  2⤵
  PID:8136
- C:\Windows\System\zJTGekw.exe
  C:\Windows\System\zJTGekw.exe
  2⤵
  PID:7216
- C:\Windows\System\TNDqPGA.exe
  C:\Windows\System\TNDqPGA.exe
  2⤵
  PID:7376
- C:\Windows\System\DHIskDZ.exe
  C:\Windows\System\DHIskDZ.exe
  2⤵
  PID:4052
- C:\Windows\System\ZZOVCjx.exe
  C:\Windows\System\ZZOVCjx.exe
  2⤵
  PID:4888
- C:\Windows\System\bvCpEoW.exe
  C:\Windows\System\bvCpEoW.exe
  2⤵
  PID:7628
- C:\Windows\System\VhDZtne.exe
  C:\Windows\System\VhDZtne.exe
  2⤵
  PID:7788
- C:\Windows\System\gxkQnlF.exe
  C:\Windows\System\gxkQnlF.exe
  2⤵
  PID:7936
- C:\Windows\System\uYeFwoJ.exe
  C:\Windows\System\uYeFwoJ.exe
  2⤵
  PID:8104
- C:\Windows\System\nWzIneq.exe
  C:\Windows\System\nWzIneq.exe
  2⤵
  PID:7300
- C:\Windows\System\UMnumiH.exe
  C:\Windows\System\UMnumiH.exe
  2⤵
  PID:4668
- C:\Windows\System\XakiHBp.exe
  C:\Windows\System\XakiHBp.exe
  2⤵
  PID:7856
- C:\Windows\System\lXaWqHl.exe
  C:\Windows\System\lXaWqHl.exe
  2⤵
  PID:7184
- C:\Windows\System\TmMXAjq.exe
  C:\Windows\System\TmMXAjq.exe
  2⤵
  PID:7768
- C:\Windows\System\GwByhlG.exe
  C:\Windows\System\GwByhlG.exe
  2⤵
  PID:8176
- C:\Windows\System\NuTOtpO.exe
  C:\Windows\System\NuTOtpO.exe
  2⤵
  PID:8212
- C:\Windows\System\qEGplbC.exe
  C:\Windows\System\qEGplbC.exe
  2⤵
  PID:8240
- C:\Windows\System\eDrApYh.exe
  C:\Windows\System\eDrApYh.exe
  2⤵
  PID:8268
- C:\Windows\System\SwtPpYd.exe
  C:\Windows\System\SwtPpYd.exe
  2⤵
  PID:8296
- C:\Windows\System\BHQvYCe.exe
  C:\Windows\System\BHQvYCe.exe
  2⤵
  PID:8324
- C:\Windows\System\FInosaw.exe
  C:\Windows\System\FInosaw.exe
  2⤵
  PID:8352
- C:\Windows\System\hCebXcA.exe
  C:\Windows\System\hCebXcA.exe
  2⤵
  PID:8380
- C:\Windows\System\BiOaDPw.exe
  C:\Windows\System\BiOaDPw.exe
  2⤵
  PID:8408
- C:\Windows\System\OJcWpPY.exe
  C:\Windows\System\OJcWpPY.exe
  2⤵
  PID:8436
- C:\Windows\System\wuYGdkN.exe
  C:\Windows\System\wuYGdkN.exe
  2⤵
  PID:8464
- C:\Windows\System\BafZUaW.exe
  C:\Windows\System\BafZUaW.exe
  2⤵
  PID:8500
- C:\Windows\System\CSlKgDC.exe
  C:\Windows\System\CSlKgDC.exe
  2⤵
  PID:8520
- C:\Windows\System\rjDaWDp.exe
  C:\Windows\System\rjDaWDp.exe
  2⤵
  PID:8552
- C:\Windows\System\hYIByzn.exe
  C:\Windows\System\hYIByzn.exe
  2⤵
  PID:8580
- C:\Windows\System\XTBuQIf.exe
  C:\Windows\System\XTBuQIf.exe
  2⤵
  PID:8608
- C:\Windows\System\lxgOZmn.exe
  C:\Windows\System\lxgOZmn.exe
  2⤵
  PID:8636
- C:\Windows\System\fbLVVsr.exe
  C:\Windows\System\fbLVVsr.exe
  2⤵
  PID:8664
- C:\Windows\System\dxPKXCO.exe
  C:\Windows\System\dxPKXCO.exe
  2⤵
  PID:8704
- C:\Windows\System\ReLixVs.exe
  C:\Windows\System\ReLixVs.exe
  2⤵
  PID:8724
- C:\Windows\System\FpEFzGJ.exe
  C:\Windows\System\FpEFzGJ.exe
  2⤵
  PID:8752
- C:\Windows\System\fgcrRUs.exe
  C:\Windows\System\fgcrRUs.exe
  2⤵
  PID:8780
- C:\Windows\System\RfUQPyY.exe
  C:\Windows\System\RfUQPyY.exe
  2⤵
  PID:8808
- C:\Windows\System\EsxMCst.exe
  C:\Windows\System\EsxMCst.exe
  2⤵
  PID:8836
- C:\Windows\System\CWCGNqT.exe
  C:\Windows\System\CWCGNqT.exe
  2⤵
  PID:8868
- C:\Windows\System\mTxrbIT.exe
  C:\Windows\System\mTxrbIT.exe
  2⤵
  PID:8896
- C:\Windows\System\PcIDVfP.exe
  C:\Windows\System\PcIDVfP.exe
  2⤵
  PID:8928
- C:\Windows\System\WqEeadn.exe
  C:\Windows\System\WqEeadn.exe
  2⤵
  PID:8980
- C:\Windows\System\SRDzBWC.exe
  C:\Windows\System\SRDzBWC.exe
  2⤵
  PID:9008
- C:\Windows\System\avRxTfx.exe
  C:\Windows\System\avRxTfx.exe
  2⤵
  PID:9036
- C:\Windows\System\tVuLiAO.exe
  C:\Windows\System\tVuLiAO.exe
  2⤵
  PID:9084
- C:\Windows\System\iFEmNRw.exe
  C:\Windows\System\iFEmNRw.exe
  2⤵
  PID:9116
- C:\Windows\System\PafmzmN.exe
  C:\Windows\System\PafmzmN.exe
  2⤵
  PID:9172
- C:\Windows\System\NGtRCWU.exe
  C:\Windows\System\NGtRCWU.exe
  2⤵
  PID:8204
- C:\Windows\System\oRyxcpV.exe
  C:\Windows\System\oRyxcpV.exe
  2⤵
  PID:8260
- C:\Windows\System\yekBZkG.exe
  C:\Windows\System\yekBZkG.exe
  2⤵
  PID:8316
- C:\Windows\System\nRHTZvf.exe
  C:\Windows\System\nRHTZvf.exe
  2⤵
  PID:8376
- C:\Windows\System\BwtETJK.exe
  C:\Windows\System\BwtETJK.exe
  2⤵
  PID:8432
- C:\Windows\System\kktmGIj.exe
  C:\Windows\System\kktmGIj.exe
  2⤵
  PID:8488
- C:\Windows\System\kVLWBux.exe
  C:\Windows\System\kVLWBux.exe
  2⤵
  PID:8564
- C:\Windows\System\qUFHFJq.exe
  C:\Windows\System\qUFHFJq.exe
  2⤵
  PID:8628
- C:\Windows\System\IAbHCZk.exe
  C:\Windows\System\IAbHCZk.exe
  2⤵
  PID:8716
- C:\Windows\System\BUzhEfR.exe
  C:\Windows\System\BUzhEfR.exe
  2⤵
  PID:8776
- C:\Windows\System\aakGcZt.exe
  C:\Windows\System\aakGcZt.exe
  2⤵
  PID:8828
- C:\Windows\System\qCRdHiS.exe
  C:\Windows\System\qCRdHiS.exe
  2⤵
  PID:8884
- C:\Windows\System\SpTscwG.exe
  C:\Windows\System\SpTscwG.exe
  2⤵
  PID:2336
- C:\Windows\System\elXxUJD.exe
  C:\Windows\System\elXxUJD.exe
  2⤵
  PID:8992
- C:\Windows\System\TQBynij.exe
  C:\Windows\System\TQBynij.exe
  2⤵
  PID:9080
- C:\Windows\System\DwkJuNA.exe
  C:\Windows\System\DwkJuNA.exe
  2⤵
  PID:9184
- C:\Windows\System\shkFQrZ.exe
  C:\Windows\System\shkFQrZ.exe
  2⤵
  PID:9204
- C:\Windows\System\MYdJBub.exe
  C:\Windows\System\MYdJBub.exe
  2⤵
  PID:9152
- C:\Windows\System\ILdpjAf.exe
  C:\Windows\System\ILdpjAf.exe
  2⤵
  PID:7852
- C:\Windows\System\vHeFnfD.exe
  C:\Windows\System\vHeFnfD.exe
  2⤵
  PID:8400
- C:\Windows\System\vfhhUvn.exe
  C:\Windows\System\vfhhUvn.exe
  2⤵
  PID:8516
- C:\Windows\System\aKQqtQZ.exe
  C:\Windows\System\aKQqtQZ.exe
  2⤵
  PID:8576
- C:\Windows\System\ClhcNuy.exe
  C:\Windows\System\ClhcNuy.exe
  2⤵
  PID:8744
- C:\Windows\System\ttkqEpc.exe
  C:\Windows\System\ttkqEpc.exe
  2⤵
  PID:3124
- C:\Windows\System\nrmqkhw.exe
  C:\Windows\System\nrmqkhw.exe
  2⤵
  PID:9020
- C:\Windows\System\GtpPJrR.exe
  C:\Windows\System\GtpPJrR.exe
  2⤵
  PID:8196
- C:\Windows\System\XCELQKg.exe
  C:\Windows\System\XCELQKg.exe
  2⤵
  PID:9128
- C:\Windows\System\vDuobQi.exe
  C:\Windows\System\vDuobQi.exe
  2⤵
  PID:8548
- C:\Windows\System\zpYlmNG.exe
  C:\Windows\System\zpYlmNG.exe
  2⤵
  PID:8736
- C:\Windows\System\nqkzFPu.exe
  C:\Windows\System\nqkzFPu.exe
  2⤵
  PID:2308
- C:\Windows\System\LSerIEJ.exe
  C:\Windows\System\LSerIEJ.exe
  2⤵
  PID:9168
- C:\Windows\System\BoAbCBL.exe
  C:\Windows\System\BoAbCBL.exe
  2⤵
  PID:2200
- C:\Windows\System\OtIGYmw.exe
  C:\Windows\System\OtIGYmw.exe
  2⤵
  PID:8684
- C:\Windows\System\IuToiFM.exe
  C:\Windows\System\IuToiFM.exe
  2⤵
  PID:9160
- C:\Windows\System\qaBgBzh.exe
  C:\Windows\System\qaBgBzh.exe
  2⤵
  PID:2496
- C:\Windows\System\lGQTrIx.exe
  C:\Windows\System\lGQTrIx.exe
  2⤵
  PID:9240
- C:\Windows\System\mRkJTmZ.exe
  C:\Windows\System\mRkJTmZ.exe
  2⤵
  PID:9268
- C:\Windows\System\oHXJqlH.exe
  C:\Windows\System\oHXJqlH.exe
  2⤵
  PID:9296
- C:\Windows\System\mOUkuGI.exe
  C:\Windows\System\mOUkuGI.exe
  2⤵
  PID:9324
- C:\Windows\System\STKcERS.exe
  C:\Windows\System\STKcERS.exe
  2⤵
  PID:9352
- C:\Windows\System\OZQtMjJ.exe
  C:\Windows\System\OZQtMjJ.exe
  2⤵
  PID:9380
- C:\Windows\System\bxIvFwz.exe
  C:\Windows\System\bxIvFwz.exe
  2⤵
  PID:9408
- C:\Windows\System\UvsNRpm.exe
  C:\Windows\System\UvsNRpm.exe
  2⤵
  PID:9436
- C:\Windows\System\PICzfnE.exe
  C:\Windows\System\PICzfnE.exe
  2⤵
  PID:9464
- C:\Windows\System\MiRPqOW.exe
  C:\Windows\System\MiRPqOW.exe
  2⤵
  PID:9492
- C:\Windows\System\qDjbTGx.exe
  C:\Windows\System\qDjbTGx.exe
  2⤵
  PID:9520
- C:\Windows\System\idrGHSg.exe
  C:\Windows\System\idrGHSg.exe
  2⤵
  PID:9548
- C:\Windows\System\wREbWca.exe
  C:\Windows\System\wREbWca.exe
  2⤵
  PID:9576
- C:\Windows\System\QbdOrJy.exe
  C:\Windows\System\QbdOrJy.exe
  2⤵
  PID:9604
- C:\Windows\System\cXlglhG.exe
  C:\Windows\System\cXlglhG.exe
  2⤵
  PID:9632
- C:\Windows\System\WHavrNW.exe
  C:\Windows\System\WHavrNW.exe
  2⤵
  PID:9660
- C:\Windows\System\NewHTiP.exe
  C:\Windows\System\NewHTiP.exe
  2⤵
  PID:9688
- C:\Windows\System\lVmZMaY.exe
  C:\Windows\System\lVmZMaY.exe
  2⤵
  PID:9716
- C:\Windows\System\gnNppMA.exe
  C:\Windows\System\gnNppMA.exe
  2⤵
  PID:9744
- C:\Windows\System\lXgtesr.exe
  C:\Windows\System\lXgtesr.exe
  2⤵
  PID:9772
- C:\Windows\System\imKfdBK.exe
  C:\Windows\System\imKfdBK.exe
  2⤵
  PID:9800
- C:\Windows\System\VDZDQDc.exe
  C:\Windows\System\VDZDQDc.exe
  2⤵
  PID:9848
- C:\Windows\System\nUaZvHQ.exe
  C:\Windows\System\nUaZvHQ.exe
  2⤵
  PID:9864
- C:\Windows\System\vyQJCSK.exe
  C:\Windows\System\vyQJCSK.exe
  2⤵
  PID:9892
- C:\Windows\System\zEtuodK.exe
  C:\Windows\System\zEtuodK.exe
  2⤵
  PID:9920
- C:\Windows\System\PRHQjDj.exe
  C:\Windows\System\PRHQjDj.exe
  2⤵
  PID:9948
- C:\Windows\System\ymGflcq.exe
  C:\Windows\System\ymGflcq.exe
  2⤵
  PID:9976
- C:\Windows\System\SkhiqyL.exe
  C:\Windows\System\SkhiqyL.exe
  2⤵
  PID:10004
- C:\Windows\System\gLXVyXz.exe
  C:\Windows\System\gLXVyXz.exe
  2⤵
  PID:10032
- C:\Windows\System\EJyJSMr.exe
  C:\Windows\System\EJyJSMr.exe
  2⤵
  PID:10060
- C:\Windows\System\oITekxc.exe
  C:\Windows\System\oITekxc.exe
  2⤵
  PID:10088
- C:\Windows\System\ObbfGuJ.exe
  C:\Windows\System\ObbfGuJ.exe
  2⤵
  PID:10116
- C:\Windows\System\lWYJUmK.exe
  C:\Windows\System\lWYJUmK.exe
  2⤵
  PID:10144
- C:\Windows\System\ZSestfy.exe
  C:\Windows\System\ZSestfy.exe
  2⤵
  PID:10172
- C:\Windows\System\UjFbyEb.exe
  C:\Windows\System\UjFbyEb.exe
  2⤵
  PID:10188
- C:\Windows\System\HyCRLSv.exe
  C:\Windows\System\HyCRLSv.exe
  2⤵
  PID:10216
- C:\Windows\System\bdkAorH.exe
  C:\Windows\System\bdkAorH.exe
  2⤵
  PID:9232
- C:\Windows\System\TPpVtZU.exe
  C:\Windows\System\TPpVtZU.exe
  2⤵
  PID:9260
- C:\Windows\System\EWyROzP.exe
  C:\Windows\System\EWyROzP.exe
  2⤵
  PID:9372
- C:\Windows\System\zLVPARW.exe
  C:\Windows\System\zLVPARW.exe
  2⤵
  PID:9448
- C:\Windows\System\UwmrcPp.exe
  C:\Windows\System\UwmrcPp.exe
  2⤵
  PID:9540
- C:\Windows\System\TMQUJrT.exe
  C:\Windows\System\TMQUJrT.exe
  2⤵
  PID:9652
- C:\Windows\System\yWTlvbf.exe
  C:\Windows\System\yWTlvbf.exe
  2⤵
  PID:9756
- C:\Windows\System\qhXRAzD.exe
  C:\Windows\System\qhXRAzD.exe
  2⤵
  PID:9796
- C:\Windows\System\BoYzykg.exe
  C:\Windows\System\BoYzykg.exe
  2⤵
  PID:9884
- C:\Windows\System\PRybJJV.exe
  C:\Windows\System\PRybJJV.exe
  2⤵
  PID:9944
- C:\Windows\System\MHYVSMh.exe
  C:\Windows\System\MHYVSMh.exe
  2⤵
  PID:10016
- C:\Windows\System\ZSCpMrg.exe
  C:\Windows\System\ZSCpMrg.exe
  2⤵
  PID:10080
- C:\Windows\System\vOcmAuE.exe
  C:\Windows\System\vOcmAuE.exe
  2⤵
  PID:10140
- C:\Windows\System\vpnEjnp.exe
  C:\Windows\System\vpnEjnp.exe
  2⤵
  PID:10196
- C:\Windows\System\yyUwyPa.exe
  C:\Windows\System\yyUwyPa.exe
  2⤵
  PID:9288
- C:\Windows\System\CNaSIMC.exe
  C:\Windows\System\CNaSIMC.exe
  2⤵
  PID:9420
- C:\Windows\System\tsvCmwj.exe
  C:\Windows\System\tsvCmwj.exe
  2⤵
  PID:9644
- C:\Windows\System\EiPQabM.exe
  C:\Windows\System\EiPQabM.exe
  2⤵
  PID:8952
- C:\Windows\System\SgOQUyG.exe
  C:\Windows\System\SgOQUyG.exe
  2⤵
  PID:9784
- C:\Windows\System\hTQXiAs.exe
  C:\Windows\System\hTQXiAs.exe
  2⤵
  PID:9940
- C:\Windows\System\ZijjAFz.exe
  C:\Windows\System\ZijjAFz.exe
  2⤵
  PID:10112
- C:\Windows\System\wKqgTpT.exe
  C:\Windows\System\wKqgTpT.exe
  2⤵
  PID:9228
- C:\Windows\System\YNuiUiN.exe
  C:\Windows\System\YNuiUiN.exe
  2⤵
  PID:8960
- C:\Windows\System\jouDKMt.exe
  C:\Windows\System\jouDKMt.exe
  2⤵
  PID:8956
- C:\Windows\System\xKYDdYX.exe
  C:\Windows\System\xKYDdYX.exe
  2⤵
  PID:10072
- C:\Windows\System\DoJfeqY.exe
  C:\Windows\System\DoJfeqY.exe
  2⤵
  PID:9032
- C:\Windows\System\XyhuCaG.exe
  C:\Windows\System\XyhuCaG.exe
  2⤵
  PID:9220
- C:\Windows\System\xlykygH.exe
  C:\Windows\System\xlykygH.exe
  2⤵
  PID:10244
- C:\Windows\System\jNLjDBG.exe
  C:\Windows\System\jNLjDBG.exe
  2⤵
  PID:10272
- C:\Windows\System\dBPHgun.exe
  C:\Windows\System\dBPHgun.exe
  2⤵
  PID:10300
- C:\Windows\System\azvaBhT.exe
  C:\Windows\System\azvaBhT.exe
  2⤵
  PID:10328
- C:\Windows\System\gssAoUb.exe
  C:\Windows\System\gssAoUb.exe
  2⤵
  PID:10356
- C:\Windows\System\MqbdobP.exe
  C:\Windows\System\MqbdobP.exe
  2⤵
  PID:10384
- C:\Windows\System\QqrGzek.exe
  C:\Windows\System\QqrGzek.exe
  2⤵
  PID:10412
- C:\Windows\System\anybkFU.exe
  C:\Windows\System\anybkFU.exe
  2⤵
  PID:10440
- C:\Windows\System\iNxmPmg.exe
  C:\Windows\System\iNxmPmg.exe
  2⤵
  PID:10468
- C:\Windows\System\KmjmeZM.exe
  C:\Windows\System\KmjmeZM.exe
  2⤵
  PID:10496
- C:\Windows\System\CMBqBRq.exe
  C:\Windows\System\CMBqBRq.exe
  2⤵
  PID:10524
- C:\Windows\System\hONNCnn.exe
  C:\Windows\System\hONNCnn.exe
  2⤵
  PID:10552
- C:\Windows\System\uFAEZXs.exe
  C:\Windows\System\uFAEZXs.exe
  2⤵
  PID:10580
- C:\Windows\System\ISduONr.exe
  C:\Windows\System\ISduONr.exe
  2⤵
  PID:10608
- C:\Windows\System\sLXQikn.exe
  C:\Windows\System\sLXQikn.exe
  2⤵
  PID:10636
- C:\Windows\System\mDpfhFu.exe
  C:\Windows\System\mDpfhFu.exe
  2⤵
  PID:10664
- C:\Windows\System\pIhpRTm.exe
  C:\Windows\System\pIhpRTm.exe
  2⤵
  PID:10692
- C:\Windows\System\QjpaIxr.exe
  C:\Windows\System\QjpaIxr.exe
  2⤵
  PID:10720
- C:\Windows\System\sYFyiko.exe
  C:\Windows\System\sYFyiko.exe
  2⤵
  PID:10748
- C:\Windows\System\doecQMG.exe
  C:\Windows\System\doecQMG.exe
  2⤵
  PID:10776
- C:\Windows\System\nUNckQs.exe
  C:\Windows\System\nUNckQs.exe
  2⤵
  PID:10804
- C:\Windows\System\TEbjhvM.exe
  C:\Windows\System\TEbjhvM.exe
  2⤵
  PID:10832
- C:\Windows\System\SkxZKov.exe
  C:\Windows\System\SkxZKov.exe
  2⤵
  PID:10860
- C:\Windows\System\TeahvWA.exe
  C:\Windows\System\TeahvWA.exe
  2⤵
  PID:10888
- C:\Windows\System\fjLJqhr.exe
  C:\Windows\System\fjLJqhr.exe
  2⤵
  PID:10916
- C:\Windows\System\CLStTfz.exe
  C:\Windows\System\CLStTfz.exe
  2⤵
  PID:10948
- C:\Windows\System\ExsiSjs.exe
  C:\Windows\System\ExsiSjs.exe
  2⤵
  PID:10976
- C:\Windows\System\uriERtf.exe
  C:\Windows\System\uriERtf.exe
  2⤵
  PID:11004
- C:\Windows\System\vRvmxLC.exe
  C:\Windows\System\vRvmxLC.exe
  2⤵
  PID:11032
- C:\Windows\System\KikyJpl.exe
  C:\Windows\System\KikyJpl.exe
  2⤵
  PID:11060
- C:\Windows\System\usGLzAv.exe
  C:\Windows\System\usGLzAv.exe
  2⤵
  PID:11088
- C:\Windows\System\JWmavZs.exe
  C:\Windows\System\JWmavZs.exe
  2⤵
  PID:11116
- C:\Windows\System\IEKCnWO.exe
  C:\Windows\System\IEKCnWO.exe
  2⤵
  PID:11144
- C:\Windows\System\mHIhsHa.exe
  C:\Windows\System\mHIhsHa.exe
  2⤵
  PID:11172
- C:\Windows\System\ynNPFVm.exe
  C:\Windows\System\ynNPFVm.exe
  2⤵
  PID:11200
- C:\Windows\System\vTZdXFY.exe
  C:\Windows\System\vTZdXFY.exe
  2⤵
  PID:11228
- C:\Windows\System\wBnmVGE.exe
  C:\Windows\System\wBnmVGE.exe
  2⤵
  PID:11256
- C:\Windows\System\xDUxoMU.exe
  C:\Windows\System\xDUxoMU.exe
  2⤵
  PID:10284
- C:\Windows\System\xmzhJuJ.exe
  C:\Windows\System\xmzhJuJ.exe
  2⤵
  PID:10340
- C:\Windows\System\onTUaoo.exe
  C:\Windows\System\onTUaoo.exe
  2⤵
  PID:10404
- C:\Windows\System\KtysUsw.exe
  C:\Windows\System\KtysUsw.exe
  2⤵
  PID:10452
- C:\Windows\System\tWiiNXq.exe
  C:\Windows\System\tWiiNXq.exe
  2⤵
  PID:10516
- C:\Windows\System\pJjoaaP.exe
  C:\Windows\System\pJjoaaP.exe
  2⤵
  PID:10548
- C:\Windows\System\wPrXhfB.exe
  C:\Windows\System\wPrXhfB.exe
  2⤵
  PID:10620
- C:\Windows\System\mJGnHlb.exe
  C:\Windows\System\mJGnHlb.exe
  2⤵
  PID:10676
- C:\Windows\System\bTPspAM.exe
  C:\Windows\System\bTPspAM.exe
  2⤵
  PID:4692
- C:\Windows\System\QFUJeBL.exe
  C:\Windows\System\QFUJeBL.exe
  2⤵
  PID:10788
- C:\Windows\System\GLAlGBm.exe
  C:\Windows\System\GLAlGBm.exe
  2⤵
  PID:10844
- C:\Windows\System\DtnSzUj.exe
  C:\Windows\System\DtnSzUj.exe
  2⤵
  PID:10912
- C:\Windows\System\ZBGklzH.exe
  C:\Windows\System\ZBGklzH.exe
  2⤵
  PID:10972
- C:\Windows\System\EOAbMfb.exe
  C:\Windows\System\EOAbMfb.exe
  2⤵
  PID:11044
- C:\Windows\System\ALRbfpl.exe
  C:\Windows\System\ALRbfpl.exe
  2⤵
  PID:11112
- C:\Windows\System\SAsjiKF.exe
  C:\Windows\System\SAsjiKF.exe
  2⤵
  PID:11168
- C:\Windows\System\XdDtWfF.exe
  C:\Windows\System\XdDtWfF.exe
  2⤵
  PID:11240
- C:\Windows\System\lhBwFii.exe
  C:\Windows\System\lhBwFii.exe
  2⤵
  PID:10320
- C:\Windows\System\XaZoOCu.exe
  C:\Windows\System\XaZoOCu.exe
  2⤵
  PID:4720
- C:\Windows\System\STTAdYe.exe
  C:\Windows\System\STTAdYe.exe
  2⤵
  PID:10600
- C:\Windows\System\SdRAKcx.exe
  C:\Windows\System\SdRAKcx.exe
  2⤵
  PID:4068
- C:\Windows\System\diJyXpA.exe
  C:\Windows\System\diJyXpA.exe
  2⤵
  PID:10872
- C:\Windows\System\bccRwDR.exe
  C:\Windows\System\bccRwDR.exe
  2⤵
  PID:10996
- C:\Windows\System\RgQSjVA.exe
  C:\Windows\System\RgQSjVA.exe
  2⤵
  PID:11156
- C:\Windows\System\ZCGGmgn.exe
  C:\Windows\System\ZCGGmgn.exe
  2⤵
  PID:10312
- C:\Windows\System\FrOJuLx.exe
  C:\Windows\System\FrOJuLx.exe
  2⤵
  PID:10656
- C:\Windows\System\SoQQEUb.exe
  C:\Windows\System\SoQQEUb.exe
  2⤵
  PID:10968
- C:\Windows\System\OontzYS.exe
  C:\Windows\System\OontzYS.exe
  2⤵
  PID:10264
- C:\Windows\System\IAlifdC.exe
  C:\Windows\System\IAlifdC.exe
  2⤵
  PID:11100
- C:\Windows\System\ArSTMyA.exe
  C:\Windows\System\ArSTMyA.exe
  2⤵
  PID:10900
- C:\Windows\System\iXygEUV.exe
  C:\Windows\System\iXygEUV.exe
  2⤵
  PID:11292
- C:\Windows\System\CMhzxOf.exe
  C:\Windows\System\CMhzxOf.exe
  2⤵
  PID:11320
- C:\Windows\System\zriVOMY.exe
  C:\Windows\System\zriVOMY.exe
  2⤵
  PID:11364
- C:\Windows\System\lTvwfaY.exe
  C:\Windows\System\lTvwfaY.exe
  2⤵
  PID:11380
- C:\Windows\System\KnlmRJx.exe
  C:\Windows\System\KnlmRJx.exe
  2⤵
  PID:11408
- C:\Windows\System\CnhxKOf.exe
  C:\Windows\System\CnhxKOf.exe
  2⤵
  PID:11436
- C:\Windows\System\ZgPVGFm.exe
  C:\Windows\System\ZgPVGFm.exe
  2⤵
  PID:11464
- C:\Windows\System\VEnFrAV.exe
  C:\Windows\System\VEnFrAV.exe
  2⤵
  PID:11492
- C:\Windows\System\HheptLc.exe
  C:\Windows\System\HheptLc.exe
  2⤵
  PID:11520
- C:\Windows\System\egCOSdw.exe
  C:\Windows\System\egCOSdw.exe
  2⤵
  PID:11548
- C:\Windows\System\UaJRYvZ.exe
  C:\Windows\System\UaJRYvZ.exe
  2⤵
  PID:11576
- C:\Windows\System\uPQPlxe.exe
  C:\Windows\System\uPQPlxe.exe
  2⤵
  PID:11604
- C:\Windows\System\OYiokVd.exe
  C:\Windows\System\OYiokVd.exe
  2⤵
  PID:11632
- C:\Windows\System\HpENLnY.exe
  C:\Windows\System\HpENLnY.exe
  2⤵
  PID:11664
- C:\Windows\System\dgRKxJs.exe
  C:\Windows\System\dgRKxJs.exe
  2⤵
  PID:11692
- C:\Windows\System\vOuXqij.exe
  C:\Windows\System\vOuXqij.exe
  2⤵
  PID:11720
- C:\Windows\System\NkGcTum.exe
  C:\Windows\System\NkGcTum.exe
  2⤵
  PID:11748
- C:\Windows\System\agojhAR.exe
  C:\Windows\System\agojhAR.exe
  2⤵
  PID:11776
- C:\Windows\System\drLNLmq.exe
  C:\Windows\System\drLNLmq.exe
  2⤵
  PID:11804
- C:\Windows\System\RxgPdXc.exe
  C:\Windows\System\RxgPdXc.exe
  2⤵
  PID:11832
- C:\Windows\System\ZzANaWE.exe
  C:\Windows\System\ZzANaWE.exe
  2⤵
  PID:11860
- C:\Windows\System\dIPHHeF.exe
  C:\Windows\System\dIPHHeF.exe
  2⤵
  PID:11888
- C:\Windows\System\ACPycbq.exe
  C:\Windows\System\ACPycbq.exe
  2⤵
  PID:11916
- C:\Windows\System\Zgecznk.exe
  C:\Windows\System\Zgecznk.exe
  2⤵
  PID:11944
- C:\Windows\System\ZERmRtq.exe
  C:\Windows\System\ZERmRtq.exe
  2⤵
  PID:11972
- C:\Windows\System\EgIckEN.exe
  C:\Windows\System\EgIckEN.exe
  2⤵
  PID:12000
- C:\Windows\System\ZzurKyH.exe
  C:\Windows\System\ZzurKyH.exe
  2⤵
  PID:12028
- C:\Windows\System\ibbylTF.exe
  C:\Windows\System\ibbylTF.exe
  2⤵
  PID:12056
- C:\Windows\System\flDBVUr.exe
  C:\Windows\System\flDBVUr.exe
  2⤵
  PID:12084
- C:\Windows\System\pZQyQZo.exe
  C:\Windows\System\pZQyQZo.exe
  2⤵
  PID:12112
- C:\Windows\System\WoMihhY.exe
  C:\Windows\System\WoMihhY.exe
  2⤵
  PID:12140
- C:\Windows\System\waOtUPJ.exe
  C:\Windows\System\waOtUPJ.exe
  2⤵
  PID:12168
- C:\Windows\System\gTQclFj.exe
  C:\Windows\System\gTQclFj.exe
  2⤵
  PID:12196
- C:\Windows\System\USJvwTt.exe
  C:\Windows\System\USJvwTt.exe
  2⤵
  PID:12224
- C:\Windows\System\wzpJYON.exe
  C:\Windows\System\wzpJYON.exe
  2⤵
  PID:12252
- C:\Windows\System\thMRxOU.exe
  C:\Windows\System\thMRxOU.exe
  2⤵
  PID:12280
- C:\Windows\System\VKsjRMt.exe
  C:\Windows\System\VKsjRMt.exe
  2⤵
  PID:11312
- C:\Windows\System\IXyvpwI.exe
  C:\Windows\System\IXyvpwI.exe
  2⤵
  PID:11376
- C:\Windows\System\dQeOcoc.exe
  C:\Windows\System\dQeOcoc.exe
  2⤵
  PID:11432
- C:\Windows\System\osgCslO.exe
  C:\Windows\System\osgCslO.exe
  2⤵
  PID:11504
- C:\Windows\System\ZomNBBg.exe
  C:\Windows\System\ZomNBBg.exe
  2⤵
  PID:11568
- C:\Windows\System\raLMxbj.exe
  C:\Windows\System\raLMxbj.exe
  2⤵
  PID:11628
- C:\Windows\System\doLAbzL.exe
  C:\Windows\System\doLAbzL.exe
  2⤵
  PID:11712
- C:\Windows\System\oplxEPi.exe
  C:\Windows\System\oplxEPi.exe
  2⤵
  PID:2436
- C:\Windows\System\oCygErj.exe
  C:\Windows\System\oCygErj.exe
  2⤵
  PID:11816
- C:\Windows\System\RkTcmfE.exe
  C:\Windows\System\RkTcmfE.exe
  2⤵
  PID:11880
- C:\Windows\System\hvwamGf.exe
  C:\Windows\System\hvwamGf.exe
  2⤵
  PID:11940
- C:\Windows\System\ugJxQjU.exe
  C:\Windows\System\ugJxQjU.exe
  2⤵
  PID:12012
- C:\Windows\System\KslzlgV.exe
  C:\Windows\System\KslzlgV.exe
  2⤵
  PID:12076
- C:\Windows\System\DYfwCMo.exe
  C:\Windows\System\DYfwCMo.exe
  2⤵
  PID:12136
- C:\Windows\System\JkVoWyy.exe
  C:\Windows\System\JkVoWyy.exe
  2⤵
  PID:12208
- C:\Windows\System\wcexAkd.exe
  C:\Windows\System\wcexAkd.exe
  2⤵
  PID:11640
- C:\Windows\System\VVGQOVG.exe
  C:\Windows\System\VVGQOVG.exe
  2⤵
  PID:11344
- C:\Windows\System\esuCYCx.exe
  C:\Windows\System\esuCYCx.exe
  2⤵
  PID:11488
- C:\Windows\System\JQuZwVB.exe
  C:\Windows\System\JQuZwVB.exe
  2⤵
  PID:11660
- C:\Windows\System\rLOrpmA.exe
  C:\Windows\System\rLOrpmA.exe
  2⤵
  PID:2124
- C:\Windows\System\BrVugqP.exe
  C:\Windows\System\BrVugqP.exe
  2⤵
  PID:11936
- C:\Windows\System\iursLCu.exe
  C:\Windows\System\iursLCu.exe
  2⤵
  PID:12104
- C:\Windows\System\NpJkvsC.exe
  C:\Windows\System\NpJkvsC.exe
  2⤵
  PID:12248
- C:\Windows\System\LWuEijU.exe
  C:\Windows\System\LWuEijU.exe
  2⤵
  PID:11484
- C:\Windows\System\PMCYJOk.exe
  C:\Windows\System\PMCYJOk.exe
  2⤵
  PID:11796
- C:\Windows\System\HnTYpdP.exe
  C:\Windows\System\HnTYpdP.exe
  2⤵
  PID:11304
- C:\Windows\System\XjeBIbC.exe
  C:\Windows\System\XjeBIbC.exe
  2⤵
  PID:11624
- C:\Windows\System\YHnbSSx.exe
  C:\Windows\System\YHnbSSx.exe
  2⤵
  PID:3884
- C:\Windows\System\lrVIcth.exe
  C:\Windows\System\lrVIcth.exe
  2⤵
  PID:12300
- C:\Windows\System\OqBJIYh.exe
  C:\Windows\System\OqBJIYh.exe
  2⤵
  PID:12344
- C:\Windows\System\aCicjOc.exe
  C:\Windows\System\aCicjOc.exe
  2⤵
  PID:12372
- C:\Windows\System\RoJPjhG.exe
  C:\Windows\System\RoJPjhG.exe
  2⤵
  PID:12396
- C:\Windows\System\bpaARGu.exe
  C:\Windows\System\bpaARGu.exe
  2⤵
  PID:12424
- C:\Windows\System\KxRsxXA.exe
  C:\Windows\System\KxRsxXA.exe
  2⤵
  PID:12476
- C:\Windows\System\ZazeXgV.exe
  C:\Windows\System\ZazeXgV.exe
  2⤵
  PID:12516
- C:\Windows\System\gyqrHcx.exe
  C:\Windows\System\gyqrHcx.exe
  2⤵
  PID:12540
- C:\Windows\System\rcTeZMu.exe
  C:\Windows\System\rcTeZMu.exe
  2⤵
  PID:12572
- C:\Windows\System\HdVmFro.exe
  C:\Windows\System\HdVmFro.exe
  2⤵
  PID:12600
- C:\Windows\System\VYqbllW.exe
  C:\Windows\System\VYqbllW.exe
  2⤵
  PID:12628
- C:\Windows\System\LfFguQO.exe
  C:\Windows\System\LfFguQO.exe
  2⤵
  PID:12656
- C:\Windows\System\GotIOZk.exe
  C:\Windows\System\GotIOZk.exe
  2⤵
  PID:12684
- C:\Windows\System\IOuuqtT.exe
  C:\Windows\System\IOuuqtT.exe
  2⤵
  PID:12712
- C:\Windows\System\BUdIsTr.exe
  C:\Windows\System\BUdIsTr.exe
  2⤵
  PID:12740
- C:\Windows\System\vltKdQK.exe
  C:\Windows\System\vltKdQK.exe
  2⤵
  PID:12768
- C:\Windows\System\zhatLPT.exe
  C:\Windows\System\zhatLPT.exe
  2⤵
  PID:12796
- C:\Windows\System\JVxJVcq.exe
  C:\Windows\System\JVxJVcq.exe
  2⤵
  PID:12824
- C:\Windows\System\blTnzNn.exe
  C:\Windows\System\blTnzNn.exe
  2⤵
  PID:12852
- C:\Windows\System\byGOlUi.exe
  C:\Windows\System\byGOlUi.exe
  2⤵
  PID:12880
- C:\Windows\System\LZzsUhM.exe
  C:\Windows\System\LZzsUhM.exe
  2⤵
  PID:12908
- C:\Windows\System\eweJgNe.exe
  C:\Windows\System\eweJgNe.exe
  2⤵
  PID:12936
- C:\Windows\System\QRwcwFz.exe
  C:\Windows\System\QRwcwFz.exe
  2⤵
  PID:12964
- C:\Windows\System\oUdwakk.exe
  C:\Windows\System\oUdwakk.exe
  2⤵
  PID:12992
- C:\Windows\System\atstObP.exe
  C:\Windows\System\atstObP.exe
  2⤵
  PID:13020
- C:\Windows\System\OFWSEhf.exe
  C:\Windows\System\OFWSEhf.exe
  2⤵
  PID:13048
- C:\Windows\System\IDzWBoU.exe
  C:\Windows\System\IDzWBoU.exe
  2⤵
  PID:13076
- C:\Windows\System\FGfRLfZ.exe
  C:\Windows\System\FGfRLfZ.exe
  2⤵
  PID:13104
- C:\Windows\System\helHtoe.exe
  C:\Windows\System\helHtoe.exe
  2⤵
  PID:13132
- C:\Windows\System\QWXvzaf.exe
  C:\Windows\System\QWXvzaf.exe
  2⤵
  PID:13160
- C:\Windows\System\NhArSeM.exe
  C:\Windows\System\NhArSeM.exe
  2⤵
  PID:13188
- C:\Windows\System\yHECmZs.exe
  C:\Windows\System\yHECmZs.exe
  2⤵
  PID:13216
- C:\Windows\System\FHDYrvn.exe
  C:\Windows\System\FHDYrvn.exe
  2⤵
  PID:13244
- C:\Windows\System\WxNqzXi.exe
  C:\Windows\System\WxNqzXi.exe
  2⤵
  PID:13272
- C:\Windows\System\fpxLSgx.exe
  C:\Windows\System\fpxLSgx.exe
  2⤵
  PID:13300
- C:\Windows\System\cjIjlfx.exe
  C:\Windows\System\cjIjlfx.exe
  2⤵
  PID:12296
- C:\Windows\System\SHMVGpd.exe
  C:\Windows\System\SHMVGpd.exe
  2⤵
  PID:12336
- C:\Windows\System\UkevrHG.exe
  C:\Windows\System\UkevrHG.exe
  2⤵
  PID:3048
- C:\Windows\System\vSmjDgc.exe
  C:\Windows\System\vSmjDgc.exe
  2⤵
  PID:12392
- C:\Windows\System\ENOrWZh.exe
  C:\Windows\System\ENOrWZh.exe
  2⤵
  PID:12496
- C:\Windows\System\tJlpVyK.exe
  C:\Windows\System\tJlpVyK.exe
  2⤵
  PID:12388
- C:\Windows\System\AqlpyRe.exe
  C:\Windows\System\AqlpyRe.exe
  2⤵
  PID:12404
- C:\Windows\System\cPlQDfu.exe
  C:\Windows\System\cPlQDfu.exe
  2⤵
  PID:12596
- C:\Windows\System\SpCCKrr.exe
  C:\Windows\System\SpCCKrr.exe
  2⤵
  PID:12624
- C:\Windows\System\izaxppc.exe
  C:\Windows\System\izaxppc.exe
  2⤵
  PID:12704
- C:\Windows\System\NvTTdAu.exe
  C:\Windows\System\NvTTdAu.exe
  2⤵
  PID:12752
- C:\Windows\System\cHizhwV.exe
  C:\Windows\System\cHizhwV.exe
  2⤵
  PID:12792
- C:\Windows\System\EtBaCPx.exe
  C:\Windows\System\EtBaCPx.exe
  2⤵
  PID:12864
- C:\Windows\System\epxwTiL.exe
  C:\Windows\System\epxwTiL.exe
  2⤵
  PID:12928
- C:\Windows\System\UnVXdLC.exe
  C:\Windows\System\UnVXdLC.exe
  2⤵
  PID:12984
- C:\Windows\System\nIJJzVI.exe
  C:\Windows\System\nIJJzVI.exe
  2⤵
  PID:13044
- C:\Windows\System\VPSHoZC.exe
  C:\Windows\System\VPSHoZC.exe
  2⤵
  PID:13116
- C:\Windows\System\rHcKJFx.exe
  C:\Windows\System\rHcKJFx.exe
  2⤵
  PID:13172
- C:\Windows\System\sNlhUyC.exe
  C:\Windows\System\sNlhUyC.exe
  2⤵
  PID:13228
- C:\Windows\System\SnbHEQK.exe
  C:\Windows\System\SnbHEQK.exe
  2⤵
  PID:13292
- C:\Windows\System\yTQTOOY.exe
  C:\Windows\System\yTQTOOY.exe
  2⤵
  PID:11684
- C:\Windows\System\lmWoJnG.exe
  C:\Windows\System\lmWoJnG.exe
  2⤵
  PID:12436
- C:\Windows\System\xygdJHk.exe
  C:\Windows\System\xygdJHk.exe
  2⤵
  PID:12532
- C:\Windows\System\ftDxGHN.exe
  C:\Windows\System\ftDxGHN.exe
  2⤵
  PID:12620
- C:\Windows\System\zhSZWUo.exe
  C:\Windows\System\zhSZWUo.exe
  2⤵
  PID:12760
- C:\Windows\System\LbZMQoN.exe
  C:\Windows\System\LbZMQoN.exe
  2⤵
  PID:12904
- C:\Windows\System\Rifzopt.exe
  C:\Windows\System\Rifzopt.exe
  2⤵
  PID:13032
- C:\Windows\System\JCIFGHR.exe
  C:\Windows\System\JCIFGHR.exe
  2⤵
  PID:4308
- C:\Windows\System\gFeKXSS.exe
  C:\Windows\System\gFeKXSS.exe
  2⤵
  PID:13284
- C:\Windows\System\TncwZkm.exe
  C:\Windows\System\TncwZkm.exe
  2⤵
  PID:12448
- C:\Windows\System\tSZmpLQ.exe
  C:\Windows\System\tSZmpLQ.exe
  2⤵
  PID:12648
- C:\Windows\System\hwgmyxh.exe
  C:\Windows\System\hwgmyxh.exe
  2⤵
  PID:12960
- C:\Windows\System\vFUbcRl.exe
  C:\Windows\System\vFUbcRl.exe
  2⤵
  PID:9064
- C:\Windows\System\dRopfey.exe
  C:\Windows\System\dRopfey.exe
  2⤵
  PID:12848
- C:\Windows\System\saRMZHu.exe
  C:\Windows\System\saRMZHu.exe
  2⤵
  PID:13180
- C:\Windows\System\RUXPwQC.exe
  C:\Windows\System\RUXPwQC.exe
  2⤵
  PID:12312
- C:\Windows\System\YHfctbo.exe
  C:\Windows\System\YHfctbo.exe
  2⤵
  PID:13316
- C:\Windows\System\qLoIlIm.exe
  C:\Windows\System\qLoIlIm.exe
  2⤵
  PID:13344
- C:\Windows\System\dnamvVz.exe
  C:\Windows\System\dnamvVz.exe
  2⤵
  PID:13372
- C:\Windows\System\nIwARfb.exe
  C:\Windows\System\nIwARfb.exe
  2⤵
  PID:13400
- C:\Windows\System\bbClmBI.exe
  C:\Windows\System\bbClmBI.exe
  2⤵
  PID:13428
- C:\Windows\System\PiJzetT.exe
  C:\Windows\System\PiJzetT.exe
  2⤵
  PID:13456
- C:\Windows\System\UrwceZQ.exe
  C:\Windows\System\UrwceZQ.exe
  2⤵
  PID:13484
- C:\Windows\System\bCsyyAk.exe
  C:\Windows\System\bCsyyAk.exe
  2⤵
  PID:13512
- C:\Windows\System\crtpLvd.exe
  C:\Windows\System\crtpLvd.exe
  2⤵
  PID:13540
- C:\Windows\System\YKVTslC.exe
  C:\Windows\System\YKVTslC.exe
  2⤵
  PID:13568
- C:\Windows\System\phrunBS.exe
  C:\Windows\System\phrunBS.exe
  2⤵
  PID:13596
- C:\Windows\System\SRCBmZo.exe
  C:\Windows\System\SRCBmZo.exe
  2⤵
  PID:13628
- C:\Windows\System\APFrxvy.exe
  C:\Windows\System\APFrxvy.exe
  2⤵
  PID:13656
- C:\Windows\System\aqoyMNv.exe
  C:\Windows\System\aqoyMNv.exe
  2⤵
  PID:13684
- C:\Windows\System\VJEheuk.exe
  C:\Windows\System\VJEheuk.exe
  2⤵
  PID:13716
- C:\Windows\System\PRlbmVV.exe
  C:\Windows\System\PRlbmVV.exe
  2⤵
  PID:13744
- C:\Windows\System\GzvUZQI.exe
  C:\Windows\System\GzvUZQI.exe
  2⤵
  PID:13764
- C:\Windows\System\GWjdfjZ.exe
  C:\Windows\System\GWjdfjZ.exe
  2⤵
  PID:13824
- C:\Windows\System\hkRSsqp.exe
  C:\Windows\System\hkRSsqp.exe
  2⤵
  PID:13852
- C:\Windows\System\TYZxHSt.exe
  C:\Windows\System\TYZxHSt.exe
  2⤵
  PID:13880
- C:\Windows\System\OuGmumO.exe
  C:\Windows\System\OuGmumO.exe
  2⤵
  PID:13908
- C:\Windows\System\siJsQYM.exe
  C:\Windows\System\siJsQYM.exe
  2⤵
  PID:13936
- C:\Windows\System\ufcNRMl.exe
  C:\Windows\System\ufcNRMl.exe
  2⤵
  PID:13964
- C:\Windows\System\iarugGV.exe
  C:\Windows\System\iarugGV.exe
  2⤵
  PID:13992
- C:\Windows\System\QfTeCTb.exe
  C:\Windows\System\QfTeCTb.exe
  2⤵
  PID:14020
- C:\Windows\System\fHpduDa.exe
  C:\Windows\System\fHpduDa.exe
  2⤵
  PID:14048
- C:\Windows\System\gqaxQni.exe
  C:\Windows\System\gqaxQni.exe
  2⤵
  PID:14076
- C:\Windows\System\jqxpvLB.exe
  C:\Windows\System\jqxpvLB.exe
  2⤵
  PID:14104
- C:\Windows\System\lfkdOXL.exe
  C:\Windows\System\lfkdOXL.exe
  2⤵
  PID:14132
- C:\Windows\System\kWhGued.exe
  C:\Windows\System\kWhGued.exe
  2⤵
  PID:14160
- C:\Windows\System\nudkdHN.exe
  C:\Windows\System\nudkdHN.exe
  2⤵
  PID:14188
- C:\Windows\System\DwOWedG.exe
  C:\Windows\System\DwOWedG.exe
  2⤵
  PID:14216
- C:\Windows\System\oYdgacE.exe
  C:\Windows\System\oYdgacE.exe
  2⤵
  PID:14244
- C:\Windows\System\jqYJVBo.exe
  C:\Windows\System\jqYJVBo.exe
  2⤵
  PID:14272
- C:\Windows\System\iQJAxfV.exe
  C:\Windows\System\iQJAxfV.exe
  2⤵
  PID:14300
- C:\Windows\System\goseWXR.exe
  C:\Windows\System\goseWXR.exe
  2⤵
  PID:14332
- C:\Windows\System\rqeJOFO.exe
  C:\Windows\System\rqeJOFO.exe
  2⤵
  PID:13364
- C:\Windows\System\RCzyYHE.exe
  C:\Windows\System\RCzyYHE.exe
  2⤵
  PID:13424
- C:\Windows\System\EufUJvN.exe
  C:\Windows\System\EufUJvN.exe
  2⤵
  PID:13496
- C:\Windows\System\uOLMEMF.exe
  C:\Windows\System\uOLMEMF.exe
  2⤵
  PID:13536
- C:\Windows\System\DsqCnLd.exe
  C:\Windows\System\DsqCnLd.exe
  2⤵
  PID:13608
- C:\Windows\System\gyMXWdT.exe
  C:\Windows\System\gyMXWdT.exe
  2⤵
  PID:13652
- C:\Windows\System\PYAOrRV.exe
  C:\Windows\System\PYAOrRV.exe
  2⤵
  PID:13676
- C:\Windows\System\yYOKEcQ.exe
  C:\Windows\System\yYOKEcQ.exe
  2⤵
  PID:13708
- C:\Windows\System\dSiKsPN.exe
  C:\Windows\System\dSiKsPN.exe
  2⤵
  PID:13732
- C:\Windows\System\qWLwmBo.exe
  C:\Windows\System\qWLwmBo.exe
  2⤵
  PID:656
- C:\Windows\System\ByzWwQV.exe
  C:\Windows\System\ByzWwQV.exe
  2⤵
  PID:2664
- C:\Windows\System\zTjjzZh.exe
  C:\Windows\System\zTjjzZh.exe
  2⤵
  PID:13692
- C:\Windows\System\hJgaivI.exe
  C:\Windows\System\hJgaivI.exe
  2⤵
  PID:3704
- C:\Windows\System\YFPaPWv.exe
  C:\Windows\System\YFPaPWv.exe
  2⤵
  PID:224
- C:\Windows\System\kgKFewW.exe
  C:\Windows\System\kgKFewW.exe
  2⤵
  PID:13792
- C:\Windows\System\xAhirbr.exe
  C:\Windows\System\xAhirbr.exe
  2⤵
  PID:13904
- C:\Windows\System\qUBWYYm.exe
  C:\Windows\System\qUBWYYm.exe
  2⤵
  PID:13956
- C:\Windows\System\YUJnTOJ.exe
  C:\Windows\System\YUJnTOJ.exe
  2⤵
  PID:5008
- C:\Windows\System\vZHMPPx.exe
  C:\Windows\System\vZHMPPx.exe
  2⤵
  PID:744
- C:\Windows\System\ZJJPAFV.exe
  C:\Windows\System\ZJJPAFV.exe
  2⤵
  PID:14072
- C:\Windows\System\FxXkfLy.exe
  C:\Windows\System\FxXkfLy.exe
  2⤵
  PID:2360
- C:\Windows\System\zbuWSZJ.exe
  C:\Windows\System\zbuWSZJ.exe
  2⤵
  PID:14180
- C:\Windows\System\yRIPiFO.exe
  C:\Windows\System\yRIPiFO.exe
  2⤵
  PID:14240
- C:\Windows\System\SIoownM.exe
  C:\Windows\System\SIoownM.exe
  2⤵
  PID:14284
- C:\Windows\System\TiaZVQq.exe
  C:\Windows\System\TiaZVQq.exe
  2⤵
  PID:14324
- C:\Windows\System\rnUWFLq.exe
  C:\Windows\System\rnUWFLq.exe
  2⤵
  PID:3628
- C:\Windows\System\gxsmORO.exe
  C:\Windows\System\gxsmORO.exe
  2⤵
  PID:4260
- C:\Windows\System\bnymazY.exe
  C:\Windows\System\bnymazY.exe
  2⤵
  PID:13532
- C:\Windows\System\YBtovnK.exe
  C:\Windows\System\YBtovnK.exe
  2⤵
  PID:1884
- C:\Windows\System\MudrixQ.exe
  C:\Windows\System\MudrixQ.exe
  2⤵
  PID:1392
- C:\Windows\System\nIpFjUt.exe
  C:\Windows\System\nIpFjUt.exe
  2⤵
  PID:1396
- C:\Windows\System\BSQUrlI.exe
  C:\Windows\System\BSQUrlI.exe
  2⤵
  PID:4764
- C:\Windows\System\qoikoIs.exe
  C:\Windows\System\qoikoIs.exe
  2⤵
  PID:13836
- C:\Windows\System\NfvqZRd.exe
  C:\Windows\System\NfvqZRd.exe
  2⤵
  PID:4196
- C:\Windows\System\SBVPyre.exe
  C:\Windows\System\SBVPyre.exe
  2⤵
  PID:4724
- C:\Windows\System\wXLSFjX.exe
  C:\Windows\System\wXLSFjX.exe
  2⤵
  PID:13892
- C:\Windows\System\NbPSDtj.exe
  C:\Windows\System\NbPSDtj.exe
  2⤵
  PID:4568
- C:\Windows\System\oXcidGu.exe
  C:\Windows\System\oXcidGu.exe
  2⤵
  PID:14032
- C:\Windows\System\WTnGMpC.exe
  C:\Windows\System\WTnGMpC.exe
  2⤵
  PID:14096
- C:\Windows\System\tTaJAwt.exe
  C:\Windows\System\tTaJAwt.exe
  2⤵
  PID:876
- C:\Windows\System\sYDwSkX.exe
  C:\Windows\System\sYDwSkX.exe
  2⤵
  PID:2980
- C:\Windows\System\NUGkLpO.exe
  C:\Windows\System\NUGkLpO.exe
  2⤵
  PID:14296
- C:\Windows\System\bDmettr.exe
  C:\Windows\System\bDmettr.exe
  2⤵
  PID:13796
- C:\Windows\System\xcBvAjF.exe
  C:\Windows\System\xcBvAjF.exe
  2⤵
  PID:3824
- C:\Windows\System\WsdHOVA.exe
  C:\Windows\System\WsdHOVA.exe
  2⤵
  PID:5136
- C:\Windows\System\AAVzpKh.exe
  C:\Windows\System\AAVzpKh.exe
  2⤵
  PID:1324
- C:\Windows\System\lCrWmXr.exe
  C:\Windows\System\lCrWmXr.exe
  2⤵
  PID:13760
- C:\Windows\System\ckQPMEd.exe
  C:\Windows\System\ckQPMEd.exe
  2⤵
  PID:5264
- C:\Windows\System\SdRoSLR.exe
  C:\Windows\System\SdRoSLR.exe
  2⤵
  PID:4604
- C:\Windows\System\YIeAJca.exe
  C:\Windows\System\YIeAJca.exe
  2⤵
  PID:540
- C:\Windows\System\TYugdNb.exe
  C:\Windows\System\TYugdNb.exe
  2⤵
  PID:14012
- C:\Windows\System\yvCCuHk.exe
  C:\Windows\System\yvCCuHk.exe
  2⤵
  PID:3396
- C:\Windows\System\UMdSduR.exe
  C:\Windows\System\UMdSduR.exe
  2⤵
  PID:3900
- C:\Windows\System\JTvctWN.exe
  C:\Windows\System\JTvctWN.exe
  2⤵
  PID:14228
- C:\Windows\System\reCvDIy.exe
  C:\Windows\System\reCvDIy.exe
  2⤵
  PID:4092
- C:\Windows\System\ANkaSJd.exe
  C:\Windows\System\ANkaSJd.exe
  2⤵
  PID:5720
- C:\Windows\System\VmUJgBn.exe
  C:\Windows\System\VmUJgBn.exe
  2⤵
  PID:5576
- C:\Windows\System\Gjouobh.exe
  C:\Windows\System\Gjouobh.exe
  2⤵
  PID:5712
- C:\Windows\System\pdRCYGy.exe
  C:\Windows\System\pdRCYGy.exe
  2⤵
  PID:3276
- C:\Windows\System\LnFtLdR.exe
  C:\Windows\System\LnFtLdR.exe
  2⤵
  PID:4496
- C:\Windows\System\ERHrIQG.exe
  C:\Windows\System\ERHrIQG.exe
  2⤵
  PID:5944
- C:\Windows\System\wciDDBE.exe
  C:\Windows\System\wciDDBE.exe
  2⤵
  PID:2140
- C:\Windows\System\FwnjGao.exe
  C:\Windows\System\FwnjGao.exe
  2⤵
  PID:5204
- C:\Windows\System\dHxQLLz.exe
  C:\Windows\System\dHxQLLz.exe
  2⤵
  PID:4252
- C:\Windows\System\TKSwVOi.exe
  C:\Windows\System\TKSwVOi.exe
  2⤵
  PID:6104
- C:\Windows\System\ZYSDXtI.exe
  C:\Windows\System\ZYSDXtI.exe
  2⤵
  PID:5372
- C:\Windows\System\JiCZaRH.exe
  C:\Windows\System\JiCZaRH.exe
  2⤵
  PID:14172
- C:\Windows\System\DVtNLYd.exe
  C:\Windows\System\DVtNLYd.exe
  2⤵
  PID:4500
- C:\Windows\System\JHvrevM.exe
  C:\Windows\System\JHvrevM.exe
  2⤵
  PID:5604
- C:\Windows\System\yHIkfUa.exe
  C:\Windows\System\yHIkfUa.exe
  2⤵
  PID:1364
- C:\Windows\System\DMVWQzt.exe
  C:\Windows\System\DMVWQzt.exe
  2⤵
  PID:2936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AZJoPHm.exe

Filesize
6.0MB

MD5
023809856c41ae1f33119ee27eba0744

SHA1
4e2642d8c54b3ea5befdbd08cd8121f3cd3e10a1

SHA256
b4f3120d45ba1b7f5e4562992301d57478bc663b4b3d817a5097852b98e08999

SHA512
a15b42408f58657d93726cee362f85f5f82508fc957e686f9cd217d77884decb14f08f114024f060533c63e74c0a39e87a83542dad39d73651f4cb84cb442c57

Download Submit
C:\Windows\System\BXTIwyL.exe

Filesize
6.0MB

MD5
4525d9cafa953434a15a0a2c43ed3a65

SHA1
530564ab1b1c5ab22ec317879a119dda669fb710

SHA256
c146f71d1e035a97bb1147bc611702995b14f783e06b7ccea580eca2cdf5a10f

SHA512
2c05325e51cbdaee34d24c5586ee3cbed456e89ae72bed9c1641d2832c2d77b0350d9892292284c7d8348bb35521799e381877ec8cbb9e545a38716b9c3074bf

Download Submit
C:\Windows\System\GsyoTwS.exe

Filesize
6.0MB

MD5
c7404710f666c9e43038d8ac768423a0

SHA1
78c1a15c5e50976bdd4e28bdb83e9f9465836eaa

SHA256
b15bde184682f1216a4d8b8a9525d25ee98caf7cb1c0fdb92038d073508e6333

SHA512
44a5726143350ee2d20e4861d13574c9621fb29809c09d20d55600a48f3fa08aa860d128019f930db3cccbec1bac7b0e8dce4bbd53153d38213e169ae79bb0cf

Download Submit
C:\Windows\System\HtiSkrr.exe

Filesize
6.0MB

MD5
914ee06039858af02ea8f91c38a12f23

SHA1
84979786f80531673a49b8ae8e0ca1705728ff86

SHA256
7bee0232b7cd1652d3d5075fdeb9a79898829de4b1a97ea110dabe823f286fc2

SHA512
2c74a0654bb5de36665e9f33c1f9f4fa59a1944fe2dcaaee14d8e9c87374baf8cba182320360e7fbd5cd1670c883635dfa808093d1207d117a337e61e677f6e2

Download Submit
C:\Windows\System\KDVujGH.exe

Filesize
6.0MB

MD5
8c4034b8ea434d371253367109ced2a4

SHA1
76d68890d97b7463ef309d8fef63cc598137e073

SHA256
104cf134eadb6abca40ee9fd16c46e83198ff4b09fd61e30e5674221a7525c42

SHA512
880477b914e39717ee2398faf66142e8719643aa568c10bfb0cb663ab000c93b92384fed204fd380022d1abec0c889baefe85e700201cc54ecf9de0935e3782b

Download Submit
C:\Windows\System\KWLVatj.exe

Filesize
6.0MB

MD5
90fe25e8d145111ecb22cec08fe396a0

SHA1
faf235d682056651b7215eb2ba24403e61e4bfdd

SHA256
1f049659d021e31cfe94d684167008bc9f842e62190a27ebdfbfd7f79e36d54c

SHA512
adf7e7a715178d6a85da0f62a86d7e2eca50a8d1a656b01e52cdb7df6e35fbcd8506ecb615977e96c7a875badaf34e7cbaca5d727fbbcabab20739de64aeebb1

Download Submit
C:\Windows\System\KremJrf.exe

Filesize
6.0MB

MD5
f1e66e13af5b5c4f847efcd5c72b3775

SHA1
2bbd57c684c92d14f7351ae5ab252231b55dc1e7

SHA256
cdbcd88ab3fdb2be9aae9471cc1ad9776e958f56500d6ad3e5255a3a47fe32ec

SHA512
de821c25ae3f5523ad145aeba8df5474d524298099ce377519e1fedee87b717e5b372324c3b7a40d88d053110ac444e10950476eb85e29d7db6e1d1835db288b

Download Submit
C:\Windows\System\PunRwpa.exe

Filesize
6.0MB

MD5
9f50240a71b229fa61e4a98f174bf0be

SHA1
86058fe6d5c892589f1d3e7455735a2391292fc6

SHA256
e8476e7c579a1f0394f1242458217c3261bb30aef1dd4f3c34c59c51669b405a

SHA512
cbe61fb83677268bc5289164b5d81038424627b94765d1b4dd54fcf67e63c58ab08b075d4ac2119eac0785eb8fa147eef2a119cfb181bad6dfc16170251f35f0

Download Submit
C:\Windows\System\RtSQIFA.exe

Filesize
6.0MB

MD5
dd8da968d329191ffba33ad226ee6d71

SHA1
30db1a15fc39f4a4af36720b1ee6b1fe54ec7543

SHA256
22e29897a9eba82d3c57782a3d63a8acd1caef014b16f39c6482ea2495fc49e2

SHA512
23764ca67dab7db9268a4493a55f28fec1cd33d459130c1dea678087bca0c3011bee56e7eba36673eb8b9220c33216af791577435c5513f2574529483e0e0212

Download Submit
C:\Windows\System\SgIeewB.exe

Filesize
6.0MB

MD5
5713eabeccbe27631791ea7e881294f5

SHA1
9462528e5c1264252144afc2937616b45f60f6c2

SHA256
52437c2bdcd506a5562c949eb7ac6ad41f880dbd847827f13d58cb34117000f8

SHA512
586629f0a191ab4faa3dfa9e98cb822fb606177aa07fca54d75410f211731104ee855c218d2b1fbab51a4a3343cf56e18b31b76c506ce0b48c0c3c3c1267c408

Download Submit
C:\Windows\System\TVjFclQ.exe

Filesize
6.0MB

MD5
de093d3279f3e6942315f7e0a4ee3c51

SHA1
0b4c2412cc71330af48a59a6e2971acd4466b2e3

SHA256
c4b40e7630c981a96594200ae8db81cf3f5c1844584ba5e81234980379800ff1

SHA512
9e34b08ebf283944f396570af642390c5565409da946d8a1dc69293dd2859c26f0f8f7dbd54f3c071c05ca5903a5b6039e7e84e6fd36e79bf382aaeb47228143

Download Submit
C:\Windows\System\TvgqWem.exe

Filesize
6.0MB

MD5
af652ff3286ddb0db2d099a44d041c82

SHA1
d4c1f73e4d64e24b3169769463cd89a648f40a1b

SHA256
fc0f176e95a6db1498000115ce067f9d3f51ac6617e327030935216da1038260

SHA512
48fac23d0737a6302862fd052ac7b682c208e7598b91d918beb0e8c5bf69f38fc65d85dd7e1112f908159c16bf1e0d82582584c83764fac136e6e4794add9af6

Download Submit
C:\Windows\System\WtYanxF.exe

Filesize
6.0MB

MD5
d9689bbcaef8d937f34eca9aea513f12

SHA1
1c09352e870de23cb2fec26466fc689de85682c5

SHA256
55336e74778ddcc70ff3599f78eab60be9b59c9e7674088a5639033c4898644b

SHA512
c1bde3369b9c3d250a26b698ea0a0e4d290d1ca2e2ce6efb6bd584d8672223f810283310ea01c1908d0875f4d1003de5134cd05c2947d4d7d372741b71f43aa3

Download Submit
C:\Windows\System\XoTUKuL.exe

Filesize
6.0MB

MD5
da811161a14e647c3a8f88dd667fe47f

SHA1
94a75647fb6a3bc799ecd6e6fd22e4af0d12b728

SHA256
76f6fa9baa2bd5c855be49cfdee21bae20ee11b066aabd5c010a45b8bc3f72db

SHA512
118dd92622cc3a54602ed63e0a6aba98e1dcea16bac734b2eab2b127faa84daf93f1af5d6bea970fecd0a980be608539c80303c85af991b16fb6c29384b77c87

Download Submit
C:\Windows\System\ZqQMdIJ.exe

Filesize
6.0MB

MD5
73fd1ecc5e729839eb7675ae0d19203b

SHA1
cb721325030ec3dc47355db5e458dfcacb8d068f

SHA256
02a1719047ad2866ac919561d931e4703b0cde2ffb510fd935f82673d497778b

SHA512
d1059d3057cda669e3cec076f9004c0f235021824c3e0b80024a876d2be53610e12693e59b0cada59e028b4478970299d14aad1b349cac2d9d2620d014edfdf4

Download Submit
C:\Windows\System\aNpfIeR.exe

Filesize
6.0MB

MD5
9aae9da7da037b3de5e03e2e27bf72e1

SHA1
cbe3de9382e8cd69fe473d394ebc298d5287d8e6

SHA256
f6eedf244ab1152a98fbce3dcf122c138382ab66e81673c3a1fb026d868ea42e

SHA512
2f72037711e7c7e692c4400e6ea0075f292dfeb31ad92c54640b40784ad582d01026a6418ffac090e5581f412bc2f4e54394b9f4cb2ef438cc328c89e620e6a9

Download Submit
C:\Windows\System\cixIWOO.exe

Filesize
6.0MB

MD5
347fa7f7ac3fd8c4631e48bed79ea19c

SHA1
a70ec09223c2e753ec09fd415c70ae6da37af791

SHA256
6a130177fc2c126575f7fe3e983d8b763863549ccc687299ac6670b90eb85db9

SHA512
3421b7aa4098904a7ffe90f5cad6a19174e1a09836a259020b6611bd39b60c8f9c329555fa2897de58535a5b5401060b2d797e60f5f755d3b50e137e17f8f10d

Download Submit
C:\Windows\System\dutWEaT.exe

Filesize
6.0MB

MD5
315416b4f7abe3e60fe1bd28459fb539

SHA1
1eb7c194e3d9394b961ee20957ec38bd44d8e06a

SHA256
76732d26be9996490238179baf55afea0076584226342eea39af3b5f4268c1d0

SHA512
44d2b2cfc4c663ee33fac04b8f08323ea293625818ce62a066b8de73b775d115af2907cd482a7c966d72cb1071478d0137bdcb0e294be94828ec0f54b49e256d

Download Submit
C:\Windows\System\feqPXBF.exe

Filesize
6.0MB

MD5
fa6d854c826a3147affface716c40a9f

SHA1
ca68d6d777736dcacb2a1e9aef274e5e07e80a63

SHA256
4fdf1040dc86d75fd87401e925a04099fcdcfbfe14148c7bbde991850449fa6b

SHA512
c33ff682c6b53bd48d655e654b0994274997ac3abf09615de6d49fb8fa323a4a90e3d9f08424e69d2bb773ff8dc6539fd654c6e68ea826719b5a427202b1dfb9

Download Submit
C:\Windows\System\iDsBQgs.exe

Filesize
6.0MB

MD5
ab4532006c0d187a1450cc6cd07d1cec

SHA1
98f79f2bff46fdb7dc45a01b75586f8117be84ef

SHA256
d683c80b188ea7641b1d6b64b8903da02992de130e609cf46d026ea80bb29755

SHA512
3c463b7f28883ee6b34da81ac1474226b57dbcdfef58d03f4940059f41e9bbb3c0980f9973b79664588a2fc41cc4432d13eb92cfc57c5ed526acef2e20d1b607

Download Submit
C:\Windows\System\jrGvrvq.exe

Filesize
6.0MB

MD5
c3ded8978f80933d9c9ea4d0f058134e

SHA1
e35679dd5ce83345c09eb91f4523e2551a1cd861

SHA256
a00bfb0efa6db6cea063ab241c0b9ee0160ad31c5a1dc1d4d10b32bf8e25e2e9

SHA512
21c2f093a53598fa045a78c51d90964336c01c409b491ba5cde37ecdbf1abd9e7f9466070c91655d3519b13d673a5ef029e92b86af83103d50696cdcbd1fcefd

Download Submit
C:\Windows\System\oXPjbRI.exe

Filesize
6.0MB

MD5
5f52386a6ffcb75edcc40f173f0ff987

SHA1
2558b3aef6150354a12a6b364a5adac9fcfa5ef9

SHA256
6cf6840e7dba0473d3a8337c77a9e59f1153018b24c09d97b1544b5ab4f03d2a

SHA512
bea19e675984b276f20147558009d35218c391a3af0cf45b4473d26711af183f821483b2045f8bcf4825a187233db3ab8fb04e945e91853754160260b3e8e597

Download Submit
C:\Windows\System\pCbSSFY.exe

Filesize
6.0MB

MD5
74bf404e19895a4e388508d16938c6eb

SHA1
dbeeea9da51d4fc965587f8d866a1b578cc672c2

SHA256
161315c2e6b5ced1ec3d83f17a65cc602802a6347093d288ff0ea0be051cc1bb

SHA512
4f918eda3ec33af5276c7dd45a55312aee61a96893c1c2e4a565ede8e3163efd1646dbcebb06282d5548d9a383a752b4260bf176080b08e0582226cef1e805c3

Download Submit
C:\Windows\System\pguiHCL.exe

Filesize
6.0MB

MD5
db4b567cc161b780d6ecd5e9481fe5d1

SHA1
1da8d5943dcf0d598e41b8590eff62b801d4844c

SHA256
941c0dc2337b86caeb9c2586e6677c220637cd7fbf45b4d77632996248ad15ab

SHA512
f3b3fe99a3f099e654930978ca005e136fc5b6dd2f5e515efa75790e0746b50fcf10f74d758d83635447a38c9b752aa544da7d9d41d9d99024ee91d438e71a3d

Download Submit
C:\Windows\System\pmzfORB.exe

Filesize
6.0MB

MD5
6dce35bb3b5f3df1b3cb1e378005c843

SHA1
b555ad1959f7623fb55d785ace9d7b31fd4f360e

SHA256
2d1a346043ff8b6b2cc32a45e08955b3387d470e25461309ef4f52fbc1834684

SHA512
8d0354f74ae32b62527a00aa7374c5e74f5c7f3c081260ce8e05348a2e5f0c93576d4ea4e96b862dbc5b5f1c6e9e460089ff3e1e8ba9a1bdd973d7555032c07d

Download Submit
C:\Windows\System\rENeDiM.exe

Filesize
6.0MB

MD5
e69d649057eb55f778a350905d8080d5

SHA1
8dd1c9ea20d0032900f3de85a2c39cf34020d0b8

SHA256
c50061c5dc0fcb9847ad1693b124473df344b7c5b8f9aedb083d067891ae99b2

SHA512
ded5ddc38686ae88a0bcd80e86b76047ed2726d93d8444efc30c253c645acacee1a482e837286f7182e7611d27499eb4d1fe31ba90d307dbd9d9e05caa5b3e7c

Download Submit
C:\Windows\System\ukQukcE.exe

Filesize
6.0MB

MD5
64cdd93a96e82dcaa002d1d6c71071dd

SHA1
0642c1a1d4ed462253bca127d3f51991d9cfd077

SHA256
b38c2ccaf52f884dbab19e3a6304c8f25fc8fcc638d1170419d42f3cd7dc8b0c

SHA512
bbe147786143aeb9b658aa3319f8a4e6fb86fff35ea7a87750935aa8bcaf9dba9e7b7ad0c99397ceec89c48dc620939f7b796b965dd0f047adae877bb1f2abdb

Download Submit
C:\Windows\System\uvMFjpY.exe

Filesize
6.0MB

MD5
dca488c60075d097042d57175f012df8

SHA1
1f58470c816c9f587383aae1c8c417c7efdb9e52

SHA256
7131c7409d36ad5c51f0f035824a296f335ad643b9c35127d6e80a23511a0b50

SHA512
dffab6dc8111e611bbdd1ee969d2300e0d15b2da087373eaf97a28fe5f23c650abd37cce4e537eecb792cc07bcb3fbc13c35d31d8567b9a5a571ef9d7b85f79c

Download Submit
C:\Windows\System\vHqDQek.exe

Filesize
6.0MB

MD5
092fec6f84bd7dbc8c392c7f9c54d88e

SHA1
bd745ec0b219135a71ca771ffb709dbc0d100992

SHA256
14dc7d3fc0f83bf1f82e9bcf422dea476ccc4a73c0d4f96134946143247f6374

SHA512
8940f024cdc02faae68475839d30398aa81dc32e477a0922741f13dccdca585a9701dacf03b23414b2f3f3ab3ba3a15963d52a3be9180463c768413330b723a8

Download Submit
C:\Windows\System\vPZSYOq.exe

Filesize
6.0MB

MD5
5af15fab22705eb2c82303b28ff50f07

SHA1
747a73d584197b0635f3a8738aee6b08b32d69fa

SHA256
d5dcac29dfcd24562f36fdbbe48b775bc32e837379370850b542cf3aa6e8d0fa

SHA512
54e519c347e59688847e99655542899e000882e937e6c444c9f49c9538b7ee39045b143ac8890f62785cc3c1ff0c50b573ad8f976d70ab7fa2cd69ea9730c82e

Download Submit
C:\Windows\System\xkrooSj.exe

Filesize
6.0MB

MD5
55fc9e8bf9baeb4b524388d4c8d339d7

SHA1
660a9a2fe1d3e288ef0ef3dbe5d6064a5c3a5033

SHA256
af4a381b32fd1149e43c46f70773846970f3b250495390ed1016dc41d8b22089

SHA512
5dce82503448b7f6cbaf7d44795c00b15dec3ac4436692c7a6fbb93407fd7630a17f66cb49b85cc1ac4e9c14e7c628bdffac86cd6f2698e1f72778a500d1b615

Download Submit
C:\Windows\System\yAHvCPC.exe

Filesize
6.0MB

MD5
aba54cf886f8c536f4cfe190cbe921b9

SHA1
72b7e029b360d4aed3b47bc5e3bf2b5ba316d5f9

SHA256
c7dad45b565d99483a07c74af8aad951a585bfdfaf5a35ef51dddf74e1d947b4

SHA512
be1585c2762af2897e6afc72ff508cd9c852ee6002c24ffc9ecbbdce532147d1cf872982ac5feec16c5f8a4cee6d0bfc47fa14e1cea751664f190aa8a3553e29

Download Submit
memory/100-207-0x00007FF67E850000-0x00007FF67EBA4000-memory.dmp

Filesize
3.3MB

Download
memory/100-2196-0x00007FF67E850000-0x00007FF67EBA4000-memory.dmp

Filesize
3.3MB

Download
memory/100-148-0x00007FF67E850000-0x00007FF67EBA4000-memory.dmp

Filesize
3.3MB

Download
memory/1136-121-0x00007FF7BFC80000-0x00007FF7BFFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1136-47-0x00007FF7BFC80000-0x00007FF7BFFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1136-1753-0x00007FF7BFC80000-0x00007FF7BFFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1320-105-0x00007FF70D620000-0x00007FF70D974000-memory.dmp

Filesize
3.3MB

Download
memory/1320-2003-0x00007FF70D620000-0x00007FF70D974000-memory.dmp

Filesize
3.3MB

Download
memory/1360-122-0x00007FF7B8CC0000-0x00007FF7B9014000-memory.dmp

Filesize
3.3MB

Download
memory/1360-174-0x00007FF7B8CC0000-0x00007FF7B9014000-memory.dmp

Filesize
3.3MB

Download
memory/1360-2015-0x00007FF7B8CC0000-0x00007FF7B9014000-memory.dmp

Filesize
3.3MB

Download
memory/1424-182-0x00007FF729570000-0x00007FF7298C4000-memory.dmp

Filesize
3.3MB

Download
memory/1424-571-0x00007FF729570000-0x00007FF7298C4000-memory.dmp

Filesize
3.3MB

Download
memory/1868-108-0x00007FF765C80000-0x00007FF765FD4000-memory.dmp

Filesize
3.3MB

Download
memory/1868-36-0x00007FF765C80000-0x00007FF765FD4000-memory.dmp

Filesize
3.3MB

Download
memory/1868-1742-0x00007FF765C80000-0x00007FF765FD4000-memory.dmp

Filesize
3.3MB

Download
memory/2092-1766-0x00007FF7E0020000-0x00007FF7E0374000-memory.dmp

Filesize
3.3MB

Download
memory/2092-75-0x00007FF7E0020000-0x00007FF7E0374000-memory.dmp

Filesize
3.3MB

Download
memory/2092-132-0x00007FF7E0020000-0x00007FF7E0374000-memory.dmp

Filesize
3.3MB

Download
memory/2096-90-0x00007FF6AA1D0000-0x00007FF6AA524000-memory.dmp

Filesize
3.3MB

Download
memory/2096-1950-0x00007FF6AA1D0000-0x00007FF6AA524000-memory.dmp

Filesize
3.3MB

Download
memory/2100-175-0x00007FF6CB4C0000-0x00007FF6CB814000-memory.dmp

Filesize
3.3MB

Download
memory/2100-432-0x00007FF6CB4C0000-0x00007FF6CB814000-memory.dmp

Filesize
3.3MB

Download
memory/2120-142-0x00007FF770370000-0x00007FF7706C4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-2190-0x00007FF770370000-0x00007FF7706C4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-190-0x00007FF770370000-0x00007FF7706C4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-96-0x00007FF60DF50000-0x00007FF60E2A4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-1736-0x00007FF60DF50000-0x00007FF60E2A4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-26-0x00007FF60DF50000-0x00007FF60E2A4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-198-0x00007FF7E0230000-0x00007FF7E0584000-memory.dmp

Filesize
3.3MB

Download
memory/2652-2359-0x00007FF7E0230000-0x00007FF7E0584000-memory.dmp

Filesize
3.3MB

Download
memory/2740-133-0x00007FF618D70000-0x00007FF6190C4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-2185-0x00007FF618D70000-0x00007FF6190C4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-181-0x00007FF618D70000-0x00007FF6190C4000-memory.dmp

Filesize
3.3MB

Download
memory/3036-89-0x00007FF647610000-0x00007FF647964000-memory.dmp

Filesize
3.3MB

Download
memory/3036-20-0x00007FF647610000-0x00007FF647964000-memory.dmp

Filesize
3.3MB

Download
memory/3036-1731-0x00007FF647610000-0x00007FF647964000-memory.dmp

Filesize
3.3MB

Download
memory/3144-1750-0x00007FF751870000-0x00007FF751BC4000-memory.dmp

Filesize
3.3MB

Download
memory/3144-78-0x00007FF751870000-0x00007FF751BC4000-memory.dmp

Filesize
3.3MB

Download
memory/3168-107-0x00007FF7C47B0000-0x00007FF7C4B04000-memory.dmp

Filesize
3.3MB

Download
memory/3168-161-0x00007FF7C47B0000-0x00007FF7C4B04000-memory.dmp

Filesize
3.3MB

Download
memory/3168-2007-0x00007FF7C47B0000-0x00007FF7C4B04000-memory.dmp

Filesize
3.3MB

Download
memory/3292-0-0x00007FF7AFD20000-0x00007FF7B0074000-memory.dmp

Filesize
3.3MB

Download
memory/3292-71-0x00007FF7AFD20000-0x00007FF7B0074000-memory.dmp

Filesize
3.3MB

Download
memory/3292-1-0x000001B833570000-0x000001B833580000-memory.dmp

Filesize
64KB

Download
memory/3352-2013-0x00007FF77E5E0000-0x00007FF77E934000-memory.dmp

Filesize
3.3MB

Download
memory/3352-169-0x00007FF77E5E0000-0x00007FF77E934000-memory.dmp

Filesize
3.3MB

Download
memory/3352-117-0x00007FF77E5E0000-0x00007FF77E934000-memory.dmp

Filesize
3.3MB

Download
memory/3680-74-0x00007FF676AA0000-0x00007FF676DF4000-memory.dmp

Filesize
3.3MB

Download
memory/3680-1752-0x00007FF676AA0000-0x00007FF676DF4000-memory.dmp

Filesize
3.3MB

Download
memory/3876-1728-0x00007FF6F6C70000-0x00007FF6F6FC4000-memory.dmp

Filesize
3.3MB

Download
memory/3876-83-0x00007FF6F6C70000-0x00007FF6F6FC4000-memory.dmp

Filesize
3.3MB

Download
memory/3876-13-0x00007FF6F6C70000-0x00007FF6F6FC4000-memory.dmp

Filesize
3.3MB

Download
memory/3904-82-0x00007FF674360000-0x00007FF6746B4000-memory.dmp

Filesize
3.3MB

Download
memory/3904-1767-0x00007FF674360000-0x00007FF6746B4000-memory.dmp

Filesize
3.3MB

Download
memory/3932-79-0x00007FF70F8C0000-0x00007FF70FC14000-memory.dmp

Filesize
3.3MB

Download
memory/3932-8-0x00007FF70F8C0000-0x00007FF70FC14000-memory.dmp

Filesize
3.3MB

Download
memory/3932-1721-0x00007FF70F8C0000-0x00007FF70FC14000-memory.dmp

Filesize
3.3MB

Download
memory/3960-42-0x00007FF635430000-0x00007FF635784000-memory.dmp

Filesize
3.3MB

Download
memory/3960-1755-0x00007FF635430000-0x00007FF635784000-memory.dmp

Filesize
3.3MB

Download
memory/3960-114-0x00007FF635430000-0x00007FF635784000-memory.dmp

Filesize
3.3MB

Download
memory/4368-55-0x00007FF7C3340000-0x00007FF7C3694000-memory.dmp

Filesize
3.3MB

Download
memory/4368-127-0x00007FF7C3340000-0x00007FF7C3694000-memory.dmp

Filesize
3.3MB

Download
memory/4368-1748-0x00007FF7C3340000-0x00007FF7C3694000-memory.dmp

Filesize
3.3MB

Download
memory/4424-1996-0x00007FF720E80000-0x00007FF7211D4000-memory.dmp

Filesize
3.3MB

Download
memory/4424-102-0x00007FF720E80000-0x00007FF7211D4000-memory.dmp

Filesize
3.3MB

Download
memory/4504-213-0x00007FF65B370000-0x00007FF65B6C4000-memory.dmp

Filesize
3.3MB

Download
memory/4504-2199-0x00007FF65B370000-0x00007FF65B6C4000-memory.dmp

Filesize
3.3MB

Download
memory/4504-153-0x00007FF65B370000-0x00007FF65B6C4000-memory.dmp

Filesize
3.3MB

Download
memory/4584-312-0x00007FF7500C0000-0x00007FF750414000-memory.dmp

Filesize
3.3MB

Download
memory/4584-168-0x00007FF7500C0000-0x00007FF750414000-memory.dmp

Filesize
3.3MB

Download
memory/4992-32-0x00007FF645A20000-0x00007FF645D74000-memory.dmp

Filesize
3.3MB

Download
memory/4992-1740-0x00007FF645A20000-0x00007FF645D74000-memory.dmp

Filesize
3.3MB

Download
memory/5056-164-0x00007FF7163A0000-0x00007FF7166F4000-memory.dmp

Filesize
3.3MB

Download
memory/5056-311-0x00007FF7163A0000-0x00007FF7166F4000-memory.dmp

Filesize
3.3MB

Download
memory/5056-2279-0x00007FF7163A0000-0x00007FF7166F4000-memory.dmp

Filesize
3.3MB

Download
memory/5116-2182-0x00007FF6181C0000-0x00007FF618514000-memory.dmp

Filesize
3.3MB

Download
memory/5116-141-0x00007FF6181C0000-0x00007FF618514000-memory.dmp

Filesize
3.3MB

Download