cobaltstrike | 7aacc495dc75875e182528097e7b8e28bc053472e659bfa6f7c5fde45f53111c

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
28-01-2025 01:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

393ae7b66cc38ab9c564e070a2b7323e
SHA1

beb06fcb688e83d70348569d926a279983d91cd9
SHA256

7aacc495dc75875e182528097e7b8e28bc053472e659bfa6f7c5fde45f53111c
SHA512

e9e90eddb2230dd4eb98f7791c48f33a9cb64c46568a47a9675c2b4c78ce4ea60e1ae352c0c2e1bb451ba7272ba284e5977e78773e51f0ea94aa411d9001ad09
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU2:T+q56utgpPF8u/72

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000c000000023b3a-5.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba1-8.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba0-15.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba4-33.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b9d-36.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba2-25.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba5-41.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba6-47.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba7-51.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba8-61.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba9-68.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bac-87.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bad-91.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023baa-80.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bae-94.dat	cobalt_reflective_dll
behavioral2/files/0x000300000001e754-100.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023baf-109.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bb0-114.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bb1-121.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023bb2-126.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023bb3-133.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bcc-151.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023bd1-157.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023bd2-170.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023bd3-176.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bbc-155.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023bb4-145.dat	cobalt_reflective_dll
behavioral2/files/0x000e000000023bd7-181.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bdc-187.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bdd-198.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bde-200.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bdf-205.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/968-0-0x00007FF7727E0000-0x00007FF772B34000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b3a-5.dat	xmrig
behavioral2/files/0x000a000000023ba1-8.dat	xmrig
behavioral2/files/0x000a000000023ba0-15.dat	xmrig
behavioral2/memory/1616-18-0x00007FF71CC30000-0x00007FF71CF84000-memory.dmp	xmrig
behavioral2/memory/4700-14-0x00007FF7DAE00000-0x00007FF7DB154000-memory.dmp	xmrig
behavioral2/memory/2288-6-0x00007FF773060000-0x00007FF7733B4000-memory.dmp	xmrig
behavioral2/memory/4628-29-0x00007FF6D2AD0000-0x00007FF6D2E24000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba4-33.dat	xmrig
behavioral2/memory/2880-38-0x00007FF6E2F00000-0x00007FF6E3254000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b9d-36.dat	xmrig
behavioral2/memory/4996-32-0x00007FF78EA10000-0x00007FF78ED64000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba2-25.dat	xmrig
behavioral2/files/0x000a000000023ba5-41.dat	xmrig
behavioral2/memory/2856-43-0x00007FF6D9470000-0x00007FF6D97C4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba6-47.dat	xmrig
behavioral2/memory/3696-48-0x00007FF7DC450000-0x00007FF7DC7A4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba7-51.dat	xmrig
behavioral2/memory/968-54-0x00007FF7727E0000-0x00007FF772B34000-memory.dmp	xmrig
behavioral2/memory/540-57-0x00007FF7D7EE0000-0x00007FF7D8234000-memory.dmp	xmrig
behavioral2/memory/2288-58-0x00007FF773060000-0x00007FF7733B4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba8-61.dat	xmrig
behavioral2/memory/4804-65-0x00007FF71DA30000-0x00007FF71DD84000-memory.dmp	xmrig
behavioral2/memory/4700-64-0x00007FF7DAE00000-0x00007FF7DB154000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba9-68.dat	xmrig
behavioral2/memory/4108-72-0x00007FF6225F0000-0x00007FF622944000-memory.dmp	xmrig
behavioral2/memory/1616-71-0x00007FF71CC30000-0x00007FF71CF84000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bac-87.dat	xmrig
behavioral2/files/0x000a000000023bad-91.dat	xmrig
behavioral2/memory/2192-90-0x00007FF669AD0000-0x00007FF669E24000-memory.dmp	xmrig
behavioral2/memory/2880-89-0x00007FF6E2F00000-0x00007FF6E3254000-memory.dmp	xmrig
behavioral2/memory/4044-84-0x00007FF606600000-0x00007FF606954000-memory.dmp	xmrig
behavioral2/files/0x000a000000023baa-80.dat	xmrig
behavioral2/memory/2448-77-0x00007FF789680000-0x00007FF7899D4000-memory.dmp	xmrig
behavioral2/memory/4996-76-0x00007FF78EA10000-0x00007FF78ED64000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bae-94.dat	xmrig
behavioral2/memory/928-99-0x00007FF7F2F90000-0x00007FF7F32E4000-memory.dmp	xmrig
behavioral2/memory/2856-98-0x00007FF6D9470000-0x00007FF6D97C4000-memory.dmp	xmrig
behavioral2/files/0x000300000001e754-100.dat	xmrig
behavioral2/memory/3696-104-0x00007FF7DC450000-0x00007FF7DC7A4000-memory.dmp	xmrig
behavioral2/memory/1884-105-0x00007FF6BBBF0000-0x00007FF6BBF44000-memory.dmp	xmrig
behavioral2/files/0x000a000000023baf-109.dat	xmrig
behavioral2/files/0x000a000000023bb0-114.dat	xmrig
behavioral2/memory/2984-116-0x00007FF763550000-0x00007FF7638A4000-memory.dmp	xmrig
behavioral2/memory/3504-110-0x00007FF705EF0000-0x00007FF706244000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bb1-121.dat	xmrig
behavioral2/files/0x000b000000023bb2-126.dat	xmrig
behavioral2/memory/3172-129-0x00007FF7397D0000-0x00007FF739B24000-memory.dmp	xmrig
behavioral2/files/0x000b000000023bb3-133.dat	xmrig
behavioral2/memory/4044-134-0x00007FF606600000-0x00007FF606954000-memory.dmp	xmrig
behavioral2/memory/2448-128-0x00007FF789680000-0x00007FF7899D4000-memory.dmp	xmrig
behavioral2/memory/4920-124-0x00007FF6AFF30000-0x00007FF6B0284000-memory.dmp	xmrig
behavioral2/memory/2192-144-0x00007FF669AD0000-0x00007FF669E24000-memory.dmp	xmrig
behavioral2/files/0x0008000000023bcc-151.dat	xmrig
behavioral2/files/0x0009000000023bd1-157.dat	xmrig
behavioral2/files/0x0009000000023bd2-170.dat	xmrig
behavioral2/memory/2984-174-0x00007FF763550000-0x00007FF7638A4000-memory.dmp	xmrig
behavioral2/files/0x0009000000023bd3-176.dat	xmrig
behavioral2/memory/1052-175-0x00007FF674710000-0x00007FF674A64000-memory.dmp	xmrig
behavioral2/memory/3468-169-0x00007FF75F0E0000-0x00007FF75F434000-memory.dmp	xmrig
behavioral2/memory/3504-168-0x00007FF705EF0000-0x00007FF706244000-memory.dmp	xmrig
behavioral2/memory/1600-162-0x00007FF638E00000-0x00007FF639154000-memory.dmp	xmrig
behavioral2/memory/1884-158-0x00007FF6BBBF0000-0x00007FF6BBF44000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bbc-155.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2288	HBryYdq.exe
4700	wzQhuNu.exe
1616	zFuvTqP.exe
4628	iFvcGDB.exe
4996	VwrAhUA.exe
2880	NbhcLmz.exe
2856	xZzVHHf.exe
3696	igfYmvD.exe
540	VzeqAZo.exe
4804	dPEVHMS.exe
4108	qkYGRHH.exe
2448	SUAsGQp.exe
4044	QbRLdTP.exe
2192	UksqYrm.exe
928	VJOvMkz.exe
1884	FYEzjSH.exe
3504	HhEVfiA.exe
2984	AuuQXiu.exe
4920	nqtjDIA.exe
3172	isUHPXj.exe
3636	aDwNyyq.exe
2364	fGGNpCH.exe
3196	IMmPhuM.exe
4600	BSSMJIc.exe
1600	vomgVEI.exe
3468	DYXRTgz.exe
1052	heyNCIF.exe
4300	exQcxhK.exe
3456	VRZpEPC.exe
2892	QVKhFVD.exe
4792	XTqAVrN.exe
4900	WeZirzg.exe
3136	Lcpkaad.exe
3924	MZOYWDt.exe
632	paFdMpv.exe
1864	KSkCCln.exe
3992	IXZprOp.exe
456	IdJpZYN.exe
640	FLKsaOD.exe
3700	jCUjIlp.exe
3896	RvDTRNL.exe
2660	gnKlRLk.exe
2432	BaVVYVx.exe
4056	eAGlWfl.exe
5004	pjktjcE.exe
3652	mVWIltf.exe
1760	qqiKMTZ.exe
2988	zLEAzlf.exe
3112	CKPikgc.exe
4880	zdBHVKA.exe
3944	pqeNmHo.exe
3220	OcpaPfw.exe
4440	rQiyKcF.exe
1956	BumxtJr.exe
2352	ULWvvMK.exe
3836	AwcTwmx.exe
4884	IYGZHti.exe
2712	cCRBove.exe
1880	cGrzxiH.exe
4460	cAsJXRD.exe
1432	QaFaULO.exe
4040	iTFtYjS.exe
1404	fjeasEE.exe
1668	ubzQJTK.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/968-0-0x00007FF7727E0000-0x00007FF772B34000-memory.dmp	upx
behavioral2/files/0x000c000000023b3a-5.dat	upx
behavioral2/files/0x000a000000023ba1-8.dat	upx
behavioral2/files/0x000a000000023ba0-15.dat	upx
behavioral2/memory/1616-18-0x00007FF71CC30000-0x00007FF71CF84000-memory.dmp	upx
behavioral2/memory/4700-14-0x00007FF7DAE00000-0x00007FF7DB154000-memory.dmp	upx
behavioral2/memory/2288-6-0x00007FF773060000-0x00007FF7733B4000-memory.dmp	upx
behavioral2/memory/4628-29-0x00007FF6D2AD0000-0x00007FF6D2E24000-memory.dmp	upx
behavioral2/files/0x000a000000023ba4-33.dat	upx
behavioral2/memory/2880-38-0x00007FF6E2F00000-0x00007FF6E3254000-memory.dmp	upx
behavioral2/files/0x000b000000023b9d-36.dat	upx
behavioral2/memory/4996-32-0x00007FF78EA10000-0x00007FF78ED64000-memory.dmp	upx
behavioral2/files/0x000a000000023ba2-25.dat	upx
behavioral2/files/0x000a000000023ba5-41.dat	upx
behavioral2/memory/2856-43-0x00007FF6D9470000-0x00007FF6D97C4000-memory.dmp	upx
behavioral2/files/0x000a000000023ba6-47.dat	upx
behavioral2/memory/3696-48-0x00007FF7DC450000-0x00007FF7DC7A4000-memory.dmp	upx
behavioral2/files/0x000a000000023ba7-51.dat	upx
behavioral2/memory/968-54-0x00007FF7727E0000-0x00007FF772B34000-memory.dmp	upx
behavioral2/memory/540-57-0x00007FF7D7EE0000-0x00007FF7D8234000-memory.dmp	upx
behavioral2/memory/2288-58-0x00007FF773060000-0x00007FF7733B4000-memory.dmp	upx
behavioral2/files/0x000a000000023ba8-61.dat	upx
behavioral2/memory/4804-65-0x00007FF71DA30000-0x00007FF71DD84000-memory.dmp	upx
behavioral2/memory/4700-64-0x00007FF7DAE00000-0x00007FF7DB154000-memory.dmp	upx
behavioral2/files/0x000a000000023ba9-68.dat	upx
behavioral2/memory/4108-72-0x00007FF6225F0000-0x00007FF622944000-memory.dmp	upx
behavioral2/memory/1616-71-0x00007FF71CC30000-0x00007FF71CF84000-memory.dmp	upx
behavioral2/files/0x000a000000023bac-87.dat	upx
behavioral2/files/0x000a000000023bad-91.dat	upx
behavioral2/memory/2192-90-0x00007FF669AD0000-0x00007FF669E24000-memory.dmp	upx
behavioral2/memory/2880-89-0x00007FF6E2F00000-0x00007FF6E3254000-memory.dmp	upx
behavioral2/memory/4044-84-0x00007FF606600000-0x00007FF606954000-memory.dmp	upx
behavioral2/files/0x000a000000023baa-80.dat	upx
behavioral2/memory/2448-77-0x00007FF789680000-0x00007FF7899D4000-memory.dmp	upx
behavioral2/memory/4996-76-0x00007FF78EA10000-0x00007FF78ED64000-memory.dmp	upx
behavioral2/files/0x000a000000023bae-94.dat	upx
behavioral2/memory/928-99-0x00007FF7F2F90000-0x00007FF7F32E4000-memory.dmp	upx
behavioral2/memory/2856-98-0x00007FF6D9470000-0x00007FF6D97C4000-memory.dmp	upx
behavioral2/files/0x000300000001e754-100.dat	upx
behavioral2/memory/3696-104-0x00007FF7DC450000-0x00007FF7DC7A4000-memory.dmp	upx
behavioral2/memory/1884-105-0x00007FF6BBBF0000-0x00007FF6BBF44000-memory.dmp	upx
behavioral2/files/0x000a000000023baf-109.dat	upx
behavioral2/files/0x000a000000023bb0-114.dat	upx
behavioral2/memory/2984-116-0x00007FF763550000-0x00007FF7638A4000-memory.dmp	upx
behavioral2/memory/3504-110-0x00007FF705EF0000-0x00007FF706244000-memory.dmp	upx
behavioral2/files/0x000a000000023bb1-121.dat	upx
behavioral2/files/0x000b000000023bb2-126.dat	upx
behavioral2/memory/3172-129-0x00007FF7397D0000-0x00007FF739B24000-memory.dmp	upx
behavioral2/files/0x000b000000023bb3-133.dat	upx
behavioral2/memory/4044-134-0x00007FF606600000-0x00007FF606954000-memory.dmp	upx
behavioral2/memory/2448-128-0x00007FF789680000-0x00007FF7899D4000-memory.dmp	upx
behavioral2/memory/4920-124-0x00007FF6AFF30000-0x00007FF6B0284000-memory.dmp	upx
behavioral2/memory/2192-144-0x00007FF669AD0000-0x00007FF669E24000-memory.dmp	upx
behavioral2/files/0x0008000000023bcc-151.dat	upx
behavioral2/files/0x0009000000023bd1-157.dat	upx
behavioral2/files/0x0009000000023bd2-170.dat	upx
behavioral2/memory/2984-174-0x00007FF763550000-0x00007FF7638A4000-memory.dmp	upx
behavioral2/files/0x0009000000023bd3-176.dat	upx
behavioral2/memory/1052-175-0x00007FF674710000-0x00007FF674A64000-memory.dmp	upx
behavioral2/memory/3468-169-0x00007FF75F0E0000-0x00007FF75F434000-memory.dmp	upx
behavioral2/memory/3504-168-0x00007FF705EF0000-0x00007FF706244000-memory.dmp	upx
behavioral2/memory/1600-162-0x00007FF638E00000-0x00007FF639154000-memory.dmp	upx
behavioral2/memory/1884-158-0x00007FF6BBBF0000-0x00007FF6BBF44000-memory.dmp	upx
behavioral2/files/0x000a000000023bbc-155.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\NYAnFpX.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ffRBsQi.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IYGZHti.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mhafVkZ.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IwPZCxC.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ODWCtmg.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eAGlWfl.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ckLjTdv.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kkXGQyJ.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ajZsOnf.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eejHKfJ.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xSFYZUV.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vUsNPpk.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VRZpEPC.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lQHLSmz.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ywebRFz.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BwNTpyI.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WaXuqxw.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XFFVOuq.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UnEMJRV.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jaOwSyR.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UucejyN.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SXfOgEm.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EOWOyHl.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PtYBTjS.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dhVtcrR.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qzwtOdr.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hszxYKp.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qkYGRHH.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qLtpotL.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OSJlCrT.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MMquffG.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yrOqdQs.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ziyFgAz.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VhfSuWc.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JSkGATx.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WPVkzPl.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WLvFInd.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MUqkPxH.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WGgEGbv.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DbXYEHv.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CKPikgc.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iUxedcM.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zNiuCWr.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iTLMLJP.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vueACcK.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cHetNIs.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sStHZQw.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VkyLCfV.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OmudgYw.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uRsMVWg.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rexsoAE.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mkCKLsi.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kmeGaPo.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BwlbrMD.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BaVVYVx.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JpzdbAm.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iJoyILq.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nNCJTDw.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zSvBRqs.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RJamUle.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CMOnWMt.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jCmPzoL.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EHPmCRd.exe	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 968 wrote to memory of 2288	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 968 wrote to memory of 2288	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 968 wrote to memory of 4700	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 968 wrote to memory of 4700	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 968 wrote to memory of 1616	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 968 wrote to memory of 1616	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 968 wrote to memory of 4628	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 968 wrote to memory of 4628	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 968 wrote to memory of 4996	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 968 wrote to memory of 4996	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 968 wrote to memory of 2880	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 968 wrote to memory of 2880	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 968 wrote to memory of 2856	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 968 wrote to memory of 2856	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 968 wrote to memory of 3696	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 968 wrote to memory of 3696	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 968 wrote to memory of 540	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 968 wrote to memory of 540	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 968 wrote to memory of 4804	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 968 wrote to memory of 4804	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 968 wrote to memory of 4108	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 968 wrote to memory of 4108	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 968 wrote to memory of 2448	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 968 wrote to memory of 2448	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 968 wrote to memory of 4044	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 968 wrote to memory of 4044	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 968 wrote to memory of 2192	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 968 wrote to memory of 2192	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 968 wrote to memory of 928	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 968 wrote to memory of 928	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 968 wrote to memory of 1884	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 968 wrote to memory of 1884	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 968 wrote to memory of 3504	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 968 wrote to memory of 3504	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 968 wrote to memory of 2984	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 968 wrote to memory of 2984	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 968 wrote to memory of 4920	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 968 wrote to memory of 4920	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 968 wrote to memory of 3172	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 968 wrote to memory of 3172	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 968 wrote to memory of 3636	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 968 wrote to memory of 3636	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 968 wrote to memory of 2364	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 968 wrote to memory of 2364	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 968 wrote to memory of 3196	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 968 wrote to memory of 3196	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 968 wrote to memory of 4600	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 968 wrote to memory of 4600	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 968 wrote to memory of 1600	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 968 wrote to memory of 1600	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 968 wrote to memory of 3468	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 968 wrote to memory of 3468	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 968 wrote to memory of 1052	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 968 wrote to memory of 1052	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 968 wrote to memory of 4300	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 968 wrote to memory of 4300	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 968 wrote to memory of 3456	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 968 wrote to memory of 3456	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 968 wrote to memory of 2892	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 968 wrote to memory of 2892	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 968 wrote to memory of 4792	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 968 wrote to memory of 4792	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 968 wrote to memory of 4900	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 968 wrote to memory of 4900	968	2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe	116

C:\Users\Admin\AppData\Local\Temp\2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-28_393ae7b66cc38ab9c564e070a2b7323e_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:968
- C:\Windows\System\HBryYdq.exe
  C:\Windows\System\HBryYdq.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\wzQhuNu.exe
  C:\Windows\System\wzQhuNu.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\zFuvTqP.exe
  C:\Windows\System\zFuvTqP.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\iFvcGDB.exe
  C:\Windows\System\iFvcGDB.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\VwrAhUA.exe
  C:\Windows\System\VwrAhUA.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\NbhcLmz.exe
  C:\Windows\System\NbhcLmz.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\xZzVHHf.exe
  C:\Windows\System\xZzVHHf.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\igfYmvD.exe
  C:\Windows\System\igfYmvD.exe
  2⤵
  - Executes dropped EXE
  PID:3696
- C:\Windows\System\VzeqAZo.exe
  C:\Windows\System\VzeqAZo.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\dPEVHMS.exe
  C:\Windows\System\dPEVHMS.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\qkYGRHH.exe
  C:\Windows\System\qkYGRHH.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\SUAsGQp.exe
  C:\Windows\System\SUAsGQp.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\QbRLdTP.exe
  C:\Windows\System\QbRLdTP.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\UksqYrm.exe
  C:\Windows\System\UksqYrm.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\VJOvMkz.exe
  C:\Windows\System\VJOvMkz.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\FYEzjSH.exe
  C:\Windows\System\FYEzjSH.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\HhEVfiA.exe
  C:\Windows\System\HhEVfiA.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System\AuuQXiu.exe
  C:\Windows\System\AuuQXiu.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\nqtjDIA.exe
  C:\Windows\System\nqtjDIA.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\isUHPXj.exe
  C:\Windows\System\isUHPXj.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\aDwNyyq.exe
  C:\Windows\System\aDwNyyq.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\fGGNpCH.exe
  C:\Windows\System\fGGNpCH.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\IMmPhuM.exe
  C:\Windows\System\IMmPhuM.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\BSSMJIc.exe
  C:\Windows\System\BSSMJIc.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\vomgVEI.exe
  C:\Windows\System\vomgVEI.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\DYXRTgz.exe
  C:\Windows\System\DYXRTgz.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\heyNCIF.exe
  C:\Windows\System\heyNCIF.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\exQcxhK.exe
  C:\Windows\System\exQcxhK.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\VRZpEPC.exe
  C:\Windows\System\VRZpEPC.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\QVKhFVD.exe
  C:\Windows\System\QVKhFVD.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\XTqAVrN.exe
  C:\Windows\System\XTqAVrN.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\WeZirzg.exe
  C:\Windows\System\WeZirzg.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\Lcpkaad.exe
  C:\Windows\System\Lcpkaad.exe
  2⤵
  - Executes dropped EXE
  PID:3136
- C:\Windows\System\MZOYWDt.exe
  C:\Windows\System\MZOYWDt.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\paFdMpv.exe
  C:\Windows\System\paFdMpv.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\KSkCCln.exe
  C:\Windows\System\KSkCCln.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\IXZprOp.exe
  C:\Windows\System\IXZprOp.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\IdJpZYN.exe
  C:\Windows\System\IdJpZYN.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\FLKsaOD.exe
  C:\Windows\System\FLKsaOD.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\jCUjIlp.exe
  C:\Windows\System\jCUjIlp.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\RvDTRNL.exe
  C:\Windows\System\RvDTRNL.exe
  2⤵
  - Executes dropped EXE
  PID:3896
- C:\Windows\System\gnKlRLk.exe
  C:\Windows\System\gnKlRLk.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\BaVVYVx.exe
  C:\Windows\System\BaVVYVx.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\eAGlWfl.exe
  C:\Windows\System\eAGlWfl.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\pjktjcE.exe
  C:\Windows\System\pjktjcE.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\mVWIltf.exe
  C:\Windows\System\mVWIltf.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\qqiKMTZ.exe
  C:\Windows\System\qqiKMTZ.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\zLEAzlf.exe
  C:\Windows\System\zLEAzlf.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\CKPikgc.exe
  C:\Windows\System\CKPikgc.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\zdBHVKA.exe
  C:\Windows\System\zdBHVKA.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\pqeNmHo.exe
  C:\Windows\System\pqeNmHo.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\OcpaPfw.exe
  C:\Windows\System\OcpaPfw.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System\rQiyKcF.exe
  C:\Windows\System\rQiyKcF.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\BumxtJr.exe
  C:\Windows\System\BumxtJr.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\ULWvvMK.exe
  C:\Windows\System\ULWvvMK.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\AwcTwmx.exe
  C:\Windows\System\AwcTwmx.exe
  2⤵
  - Executes dropped EXE
  PID:3836
- C:\Windows\System\IYGZHti.exe
  C:\Windows\System\IYGZHti.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\cCRBove.exe
  C:\Windows\System\cCRBove.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\cGrzxiH.exe
  C:\Windows\System\cGrzxiH.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\cAsJXRD.exe
  C:\Windows\System\cAsJXRD.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\QaFaULO.exe
  C:\Windows\System\QaFaULO.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\iTFtYjS.exe
  C:\Windows\System\iTFtYjS.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\fjeasEE.exe
  C:\Windows\System\fjeasEE.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\ubzQJTK.exe
  C:\Windows\System\ubzQJTK.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\LRRRhKb.exe
  C:\Windows\System\LRRRhKb.exe
  2⤵
  PID:4872
- C:\Windows\System\aNkDvHD.exe
  C:\Windows\System\aNkDvHD.exe
  2⤵
  PID:5064
- C:\Windows\System\KbIXxLK.exe
  C:\Windows\System\KbIXxLK.exe
  2⤵
  PID:4528
- C:\Windows\System\tIFwdui.exe
  C:\Windows\System\tIFwdui.exe
  2⤵
  PID:3928
- C:\Windows\System\LIdFspM.exe
  C:\Windows\System\LIdFspM.exe
  2⤵
  PID:4588
- C:\Windows\System\HkyCQhH.exe
  C:\Windows\System\HkyCQhH.exe
  2⤵
  PID:336
- C:\Windows\System\jaOwSyR.exe
  C:\Windows\System\jaOwSyR.exe
  2⤵
  PID:4408
- C:\Windows\System\IoXFstk.exe
  C:\Windows\System\IoXFstk.exe
  2⤵
  PID:2504
- C:\Windows\System\xTPBlQW.exe
  C:\Windows\System\xTPBlQW.exe
  2⤵
  PID:2244
- C:\Windows\System\iwIuzTJ.exe
  C:\Windows\System\iwIuzTJ.exe
  2⤵
  PID:4716
- C:\Windows\System\sSSCxpz.exe
  C:\Windows\System\sSSCxpz.exe
  2⤵
  PID:5000
- C:\Windows\System\gNhhngx.exe
  C:\Windows\System\gNhhngx.exe
  2⤵
  PID:4844
- C:\Windows\System\ANebhxU.exe
  C:\Windows\System\ANebhxU.exe
  2⤵
  PID:4472
- C:\Windows\System\QkTnzzB.exe
  C:\Windows\System\QkTnzzB.exe
  2⤵
  PID:1192
- C:\Windows\System\JohfZoA.exe
  C:\Windows\System\JohfZoA.exe
  2⤵
  PID:4260
- C:\Windows\System\ouWmtlL.exe
  C:\Windows\System\ouWmtlL.exe
  2⤵
  PID:372
- C:\Windows\System\ffBpMbn.exe
  C:\Windows\System\ffBpMbn.exe
  2⤵
  PID:3732
- C:\Windows\System\xImjdYD.exe
  C:\Windows\System\xImjdYD.exe
  2⤵
  PID:4452
- C:\Windows\System\feWhIvA.exe
  C:\Windows\System\feWhIvA.exe
  2⤵
  PID:1292
- C:\Windows\System\LcqKHcv.exe
  C:\Windows\System\LcqKHcv.exe
  2⤵
  PID:2668
- C:\Windows\System\CxClimV.exe
  C:\Windows\System\CxClimV.exe
  2⤵
  PID:4348
- C:\Windows\System\sStHZQw.exe
  C:\Windows\System\sStHZQw.exe
  2⤵
  PID:3156
- C:\Windows\System\sBULFCp.exe
  C:\Windows\System\sBULFCp.exe
  2⤵
  PID:4424
- C:\Windows\System\VRLJYHI.exe
  C:\Windows\System\VRLJYHI.exe
  2⤵
  PID:1032
- C:\Windows\System\kcjsikD.exe
  C:\Windows\System\kcjsikD.exe
  2⤵
  PID:5056
- C:\Windows\System\NONcdgS.exe
  C:\Windows\System\NONcdgS.exe
  2⤵
  PID:3000
- C:\Windows\System\qBurcYh.exe
  C:\Windows\System\qBurcYh.exe
  2⤵
  PID:2980
- C:\Windows\System\SqLyLxI.exe
  C:\Windows\System\SqLyLxI.exe
  2⤵
  PID:3372
- C:\Windows\System\DvSqptq.exe
  C:\Windows\System\DvSqptq.exe
  2⤵
  PID:1068
- C:\Windows\System\iWVnQeU.exe
  C:\Windows\System\iWVnQeU.exe
  2⤵
  PID:2844
- C:\Windows\System\TNIoVPf.exe
  C:\Windows\System\TNIoVPf.exe
  2⤵
  PID:5088
- C:\Windows\System\KWftyxi.exe
  C:\Windows\System\KWftyxi.exe
  2⤵
  PID:4060
- C:\Windows\System\mkCKLsi.exe
  C:\Windows\System\mkCKLsi.exe
  2⤵
  PID:764
- C:\Windows\System\mwaCsrM.exe
  C:\Windows\System\mwaCsrM.exe
  2⤵
  PID:3272
- C:\Windows\System\QSTBOwH.exe
  C:\Windows\System\QSTBOwH.exe
  2⤵
  PID:3436
- C:\Windows\System\IlgxlSE.exe
  C:\Windows\System\IlgxlSE.exe
  2⤵
  PID:5144
- C:\Windows\System\nKVgBbB.exe
  C:\Windows\System\nKVgBbB.exe
  2⤵
  PID:5168
- C:\Windows\System\QCJipkN.exe
  C:\Windows\System\QCJipkN.exe
  2⤵
  PID:5200
- C:\Windows\System\jCmPzoL.exe
  C:\Windows\System\jCmPzoL.exe
  2⤵
  PID:5220
- C:\Windows\System\NPZEzeD.exe
  C:\Windows\System\NPZEzeD.exe
  2⤵
  PID:5244
- C:\Windows\System\NGWjwDD.exe
  C:\Windows\System\NGWjwDD.exe
  2⤵
  PID:5284
- C:\Windows\System\TosQvut.exe
  C:\Windows\System\TosQvut.exe
  2⤵
  PID:5312
- C:\Windows\System\MQObOcw.exe
  C:\Windows\System\MQObOcw.exe
  2⤵
  PID:5340
- C:\Windows\System\VXYjmao.exe
  C:\Windows\System\VXYjmao.exe
  2⤵
  PID:5368
- C:\Windows\System\JjUtXBe.exe
  C:\Windows\System\JjUtXBe.exe
  2⤵
  PID:5400
- C:\Windows\System\PvCRhFM.exe
  C:\Windows\System\PvCRhFM.exe
  2⤵
  PID:5428
- C:\Windows\System\AmYhdYK.exe
  C:\Windows\System\AmYhdYK.exe
  2⤵
  PID:5456
- C:\Windows\System\zsgZMsy.exe
  C:\Windows\System\zsgZMsy.exe
  2⤵
  PID:5484
- C:\Windows\System\gFfRkSn.exe
  C:\Windows\System\gFfRkSn.exe
  2⤵
  PID:5512
- C:\Windows\System\gIaScjW.exe
  C:\Windows\System\gIaScjW.exe
  2⤵
  PID:5540
- C:\Windows\System\UrQnAgx.exe
  C:\Windows\System\UrQnAgx.exe
  2⤵
  PID:5568
- C:\Windows\System\epnjjqg.exe
  C:\Windows\System\epnjjqg.exe
  2⤵
  PID:5596
- C:\Windows\System\BeKhbFs.exe
  C:\Windows\System\BeKhbFs.exe
  2⤵
  PID:5632
- C:\Windows\System\dXEPdFI.exe
  C:\Windows\System\dXEPdFI.exe
  2⤵
  PID:5704
- C:\Windows\System\witYpwp.exe
  C:\Windows\System\witYpwp.exe
  2⤵
  PID:5788
- C:\Windows\System\stqEZPm.exe
  C:\Windows\System\stqEZPm.exe
  2⤵
  PID:5824
- C:\Windows\System\dyYGSZo.exe
  C:\Windows\System\dyYGSZo.exe
  2⤵
  PID:5844
- C:\Windows\System\iUxedcM.exe
  C:\Windows\System\iUxedcM.exe
  2⤵
  PID:5888
- C:\Windows\System\LslTySj.exe
  C:\Windows\System\LslTySj.exe
  2⤵
  PID:5908
- C:\Windows\System\FLJEepv.exe
  C:\Windows\System\FLJEepv.exe
  2⤵
  PID:5948
- C:\Windows\System\jBajRxT.exe
  C:\Windows\System\jBajRxT.exe
  2⤵
  PID:5984
- C:\Windows\System\ZaZrJTB.exe
  C:\Windows\System\ZaZrJTB.exe
  2⤵
  PID:6016
- C:\Windows\System\CtoZXoO.exe
  C:\Windows\System\CtoZXoO.exe
  2⤵
  PID:6044
- C:\Windows\System\snntKtI.exe
  C:\Windows\System\snntKtI.exe
  2⤵
  PID:6076
- C:\Windows\System\AVJTyul.exe
  C:\Windows\System\AVJTyul.exe
  2⤵
  PID:6100
- C:\Windows\System\PqUBFmS.exe
  C:\Windows\System\PqUBFmS.exe
  2⤵
  PID:6132
- C:\Windows\System\kPfWEUz.exe
  C:\Windows\System\kPfWEUz.exe
  2⤵
  PID:5160
- C:\Windows\System\qYlCrYi.exe
  C:\Windows\System\qYlCrYi.exe
  2⤵
  PID:5228
- C:\Windows\System\pGoFoff.exe
  C:\Windows\System\pGoFoff.exe
  2⤵
  PID:5292
- C:\Windows\System\pptWAKL.exe
  C:\Windows\System\pptWAKL.exe
  2⤵
  PID:5352
- C:\Windows\System\WHaxVsh.exe
  C:\Windows\System\WHaxVsh.exe
  2⤵
  PID:5420
- C:\Windows\System\VzQlYAv.exe
  C:\Windows\System\VzQlYAv.exe
  2⤵
  PID:5480
- C:\Windows\System\JzrRNWQ.exe
  C:\Windows\System\JzrRNWQ.exe
  2⤵
  PID:5520
- C:\Windows\System\fMZroup.exe
  C:\Windows\System\fMZroup.exe
  2⤵
  PID:5612
- C:\Windows\System\cjICSBm.exe
  C:\Windows\System\cjICSBm.exe
  2⤵
  PID:5772
- C:\Windows\System\knfvBqW.exe
  C:\Windows\System\knfvBqW.exe
  2⤵
  PID:5876
- C:\Windows\System\PTPqmYT.exe
  C:\Windows\System\PTPqmYT.exe
  2⤵
  PID:5936
- C:\Windows\System\mJcoSeU.exe
  C:\Windows\System\mJcoSeU.exe
  2⤵
  PID:6004
- C:\Windows\System\GMPdtSh.exe
  C:\Windows\System\GMPdtSh.exe
  2⤵
  PID:6068
- C:\Windows\System\dCspcYR.exe
  C:\Windows\System\dCspcYR.exe
  2⤵
  PID:6140
- C:\Windows\System\UucejyN.exe
  C:\Windows\System\UucejyN.exe
  2⤵
  PID:5252
- C:\Windows\System\GNjCRzF.exe
  C:\Windows\System\GNjCRzF.exe
  2⤵
  PID:5408
- C:\Windows\System\lQHLSmz.exe
  C:\Windows\System\lQHLSmz.exe
  2⤵
  PID:5560
- C:\Windows\System\qZPyqkv.exe
  C:\Windows\System\qZPyqkv.exe
  2⤵
  PID:5816
- C:\Windows\System\amApKrC.exe
  C:\Windows\System\amApKrC.exe
  2⤵
  PID:5996
- C:\Windows\System\zrDzsxN.exe
  C:\Windows\System\zrDzsxN.exe
  2⤵
  PID:6112
- C:\Windows\System\wOgBnFG.exe
  C:\Windows\System\wOgBnFG.exe
  2⤵
  PID:5388
- C:\Windows\System\BfBaBOn.exe
  C:\Windows\System\BfBaBOn.exe
  2⤵
  PID:5932
- C:\Windows\System\ulKGSnn.exe
  C:\Windows\System\ulKGSnn.exe
  2⤵
  PID:1604
- C:\Windows\System\pHUbURr.exe
  C:\Windows\System\pHUbURr.exe
  2⤵
  PID:6028
- C:\Windows\System\vDSUcJw.exe
  C:\Windows\System\vDSUcJw.exe
  2⤵
  PID:6164
- C:\Windows\System\MwVegkX.exe
  C:\Windows\System\MwVegkX.exe
  2⤵
  PID:6196
- C:\Windows\System\FoQTsBR.exe
  C:\Windows\System\FoQTsBR.exe
  2⤵
  PID:6228
- C:\Windows\System\lfOCKuV.exe
  C:\Windows\System\lfOCKuV.exe
  2⤵
  PID:6256
- C:\Windows\System\cAEKTBJ.exe
  C:\Windows\System\cAEKTBJ.exe
  2⤵
  PID:6288
- C:\Windows\System\CNOkhTL.exe
  C:\Windows\System\CNOkhTL.exe
  2⤵
  PID:6336
- C:\Windows\System\dcqSfhk.exe
  C:\Windows\System\dcqSfhk.exe
  2⤵
  PID:6376
- C:\Windows\System\TzawDEA.exe
  C:\Windows\System\TzawDEA.exe
  2⤵
  PID:6396
- C:\Windows\System\VkyLCfV.exe
  C:\Windows\System\VkyLCfV.exe
  2⤵
  PID:6436
- C:\Windows\System\rxDiPWN.exe
  C:\Windows\System\rxDiPWN.exe
  2⤵
  PID:6468
- C:\Windows\System\qLtpotL.exe
  C:\Windows\System\qLtpotL.exe
  2⤵
  PID:6504
- C:\Windows\System\GHvBdDR.exe
  C:\Windows\System\GHvBdDR.exe
  2⤵
  PID:6532
- C:\Windows\System\HaztsZl.exe
  C:\Windows\System\HaztsZl.exe
  2⤵
  PID:6560
- C:\Windows\System\erNXLfD.exe
  C:\Windows\System\erNXLfD.exe
  2⤵
  PID:6588
- C:\Windows\System\ywebRFz.exe
  C:\Windows\System\ywebRFz.exe
  2⤵
  PID:6616
- C:\Windows\System\VnKjOSR.exe
  C:\Windows\System\VnKjOSR.exe
  2⤵
  PID:6644
- C:\Windows\System\OoeACQx.exe
  C:\Windows\System\OoeACQx.exe
  2⤵
  PID:6676
- C:\Windows\System\SXfOgEm.exe
  C:\Windows\System\SXfOgEm.exe
  2⤵
  PID:6704
- C:\Windows\System\LBRQlfW.exe
  C:\Windows\System\LBRQlfW.exe
  2⤵
  PID:6732
- C:\Windows\System\NKIYlTa.exe
  C:\Windows\System\NKIYlTa.exe
  2⤵
  PID:6760
- C:\Windows\System\IaRpkgj.exe
  C:\Windows\System\IaRpkgj.exe
  2⤵
  PID:6780
- C:\Windows\System\mkhmCor.exe
  C:\Windows\System\mkhmCor.exe
  2⤵
  PID:6820
- C:\Windows\System\kUJtXKS.exe
  C:\Windows\System\kUJtXKS.exe
  2⤵
  PID:6860
- C:\Windows\System\fSfgkIS.exe
  C:\Windows\System\fSfgkIS.exe
  2⤵
  PID:6884
- C:\Windows\System\HLVVDFB.exe
  C:\Windows\System\HLVVDFB.exe
  2⤵
  PID:6908
- C:\Windows\System\kmeGaPo.exe
  C:\Windows\System\kmeGaPo.exe
  2⤵
  PID:6940
- C:\Windows\System\lWumrKM.exe
  C:\Windows\System\lWumrKM.exe
  2⤵
  PID:6976
- C:\Windows\System\XXFyrPx.exe
  C:\Windows\System\XXFyrPx.exe
  2⤵
  PID:7008
- C:\Windows\System\tVyHNFR.exe
  C:\Windows\System\tVyHNFR.exe
  2⤵
  PID:7036
- C:\Windows\System\QArMKIu.exe
  C:\Windows\System\QArMKIu.exe
  2⤵
  PID:7064
- C:\Windows\System\gdUkfHG.exe
  C:\Windows\System\gdUkfHG.exe
  2⤵
  PID:7092
- C:\Windows\System\wrBGyhI.exe
  C:\Windows\System\wrBGyhI.exe
  2⤵
  PID:7120
- C:\Windows\System\lhkrXfp.exe
  C:\Windows\System\lhkrXfp.exe
  2⤵
  PID:7152
- C:\Windows\System\bfEwhzQ.exe
  C:\Windows\System\bfEwhzQ.exe
  2⤵
  PID:6172
- C:\Windows\System\szEEEKv.exe
  C:\Windows\System\szEEEKv.exe
  2⤵
  PID:6240
- C:\Windows\System\wFrXkOo.exe
  C:\Windows\System\wFrXkOo.exe
  2⤵
  PID:1836
- C:\Windows\System\mgTKhYh.exe
  C:\Windows\System\mgTKhYh.exe
  2⤵
  PID:6316
- C:\Windows\System\NlPCMMT.exe
  C:\Windows\System\NlPCMMT.exe
  2⤵
  PID:5880
- C:\Windows\System\CecxeEz.exe
  C:\Windows\System\CecxeEz.exe
  2⤵
  PID:6464
- C:\Windows\System\EaQWJhY.exe
  C:\Windows\System\EaQWJhY.exe
  2⤵
  PID:6496
- C:\Windows\System\tHtlcGu.exe
  C:\Windows\System\tHtlcGu.exe
  2⤵
  PID:6568
- C:\Windows\System\fVnFhVL.exe
  C:\Windows\System\fVnFhVL.exe
  2⤵
  PID:6632
- C:\Windows\System\FXmNGWF.exe
  C:\Windows\System\FXmNGWF.exe
  2⤵
  PID:6740
- C:\Windows\System\pnHvImb.exe
  C:\Windows\System\pnHvImb.exe
  2⤵
  PID:6812
- C:\Windows\System\GZtnfsU.exe
  C:\Windows\System\GZtnfsU.exe
  2⤵
  PID:1868
- C:\Windows\System\qjRUAPY.exe
  C:\Windows\System\qjRUAPY.exe
  2⤵
  PID:4212
- C:\Windows\System\rQcrkDC.exe
  C:\Windows\System\rQcrkDC.exe
  2⤵
  PID:1096
- C:\Windows\System\iqhcxyI.exe
  C:\Windows\System\iqhcxyI.exe
  2⤵
  PID:6920
- C:\Windows\System\sfbZcVW.exe
  C:\Windows\System\sfbZcVW.exe
  2⤵
  PID:6984
- C:\Windows\System\NZsbBXO.exe
  C:\Windows\System\NZsbBXO.exe
  2⤵
  PID:6484
- C:\Windows\System\RKQeQIs.exe
  C:\Windows\System\RKQeQIs.exe
  2⤵
  PID:7128
- C:\Windows\System\wDXQrTk.exe
  C:\Windows\System\wDXQrTk.exe
  2⤵
  PID:6204
- C:\Windows\System\AIfIUrf.exe
  C:\Windows\System\AIfIUrf.exe
  2⤵
  PID:4956
- C:\Windows\System\mhafVkZ.exe
  C:\Windows\System\mhafVkZ.exe
  2⤵
  PID:6420
- C:\Windows\System\eChCekE.exe
  C:\Windows\System\eChCekE.exe
  2⤵
  PID:6528
- C:\Windows\System\ptMsKie.exe
  C:\Windows\System\ptMsKie.exe
  2⤵
  PID:6724
- C:\Windows\System\jxxJyKo.exe
  C:\Windows\System\jxxJyKo.exe
  2⤵
  PID:1384
- C:\Windows\System\mjNUJqv.exe
  C:\Windows\System\mjNUJqv.exe
  2⤵
  PID:6876
- C:\Windows\System\oGyBAZe.exe
  C:\Windows\System\oGyBAZe.exe
  2⤵
  PID:7056
- C:\Windows\System\IwPZCxC.exe
  C:\Windows\System\IwPZCxC.exe
  2⤵
  PID:7144
- C:\Windows\System\dAGlleo.exe
  C:\Windows\System\dAGlleo.exe
  2⤵
  PID:3184
- C:\Windows\System\wUejbZX.exe
  C:\Windows\System\wUejbZX.exe
  2⤵
  PID:6672
- C:\Windows\System\NGXZlwH.exe
  C:\Windows\System\NGXZlwH.exe
  2⤵
  PID:6932
- C:\Windows\System\cGmJcua.exe
  C:\Windows\System\cGmJcua.exe
  2⤵
  PID:6264
- C:\Windows\System\qfOiUOJ.exe
  C:\Windows\System\qfOiUOJ.exe
  2⤵
  PID:6476
- C:\Windows\System\WievouV.exe
  C:\Windows\System\WievouV.exe
  2⤵
  PID:6388
- C:\Windows\System\iDmvfNx.exe
  C:\Windows\System\iDmvfNx.exe
  2⤵
  PID:7196
- C:\Windows\System\BwlbrMD.exe
  C:\Windows\System\BwlbrMD.exe
  2⤵
  PID:7228
- C:\Windows\System\zjTyhpg.exe
  C:\Windows\System\zjTyhpg.exe
  2⤵
  PID:7264
- C:\Windows\System\YXECOeh.exe
  C:\Windows\System\YXECOeh.exe
  2⤵
  PID:7320
- C:\Windows\System\NdwgHlC.exe
  C:\Windows\System\NdwgHlC.exe
  2⤵
  PID:7360
- C:\Windows\System\fEuZbeK.exe
  C:\Windows\System\fEuZbeK.exe
  2⤵
  PID:7392
- C:\Windows\System\CQwSnvG.exe
  C:\Windows\System\CQwSnvG.exe
  2⤵
  PID:7420
- C:\Windows\System\belccQe.exe
  C:\Windows\System\belccQe.exe
  2⤵
  PID:7448
- C:\Windows\System\RjqrLUr.exe
  C:\Windows\System\RjqrLUr.exe
  2⤵
  PID:7476
- C:\Windows\System\UKkZIIp.exe
  C:\Windows\System\UKkZIIp.exe
  2⤵
  PID:7504
- C:\Windows\System\IGvcjBa.exe
  C:\Windows\System\IGvcjBa.exe
  2⤵
  PID:7532
- C:\Windows\System\JlmLAxh.exe
  C:\Windows\System\JlmLAxh.exe
  2⤵
  PID:7556
- C:\Windows\System\FTlaitH.exe
  C:\Windows\System\FTlaitH.exe
  2⤵
  PID:7576
- C:\Windows\System\SJdpWrj.exe
  C:\Windows\System\SJdpWrj.exe
  2⤵
  PID:7608
- C:\Windows\System\HbOpOEZ.exe
  C:\Windows\System\HbOpOEZ.exe
  2⤵
  PID:7640
- C:\Windows\System\XkZWOAN.exe
  C:\Windows\System\XkZWOAN.exe
  2⤵
  PID:7668
- C:\Windows\System\NuabsJY.exe
  C:\Windows\System\NuabsJY.exe
  2⤵
  PID:7692
- C:\Windows\System\IqZQMrn.exe
  C:\Windows\System\IqZQMrn.exe
  2⤵
  PID:7720
- C:\Windows\System\ZWgrDil.exe
  C:\Windows\System\ZWgrDil.exe
  2⤵
  PID:7748
- C:\Windows\System\JORmdQu.exe
  C:\Windows\System\JORmdQu.exe
  2⤵
  PID:7796
- C:\Windows\System\BwNTpyI.exe
  C:\Windows\System\BwNTpyI.exe
  2⤵
  PID:7820
- C:\Windows\System\yfgudif.exe
  C:\Windows\System\yfgudif.exe
  2⤵
  PID:7840
- C:\Windows\System\UpDyTbz.exe
  C:\Windows\System\UpDyTbz.exe
  2⤵
  PID:7868
- C:\Windows\System\CMIHTDU.exe
  C:\Windows\System\CMIHTDU.exe
  2⤵
  PID:7896
- C:\Windows\System\FFrMLIr.exe
  C:\Windows\System\FFrMLIr.exe
  2⤵
  PID:7924
- C:\Windows\System\Otwepve.exe
  C:\Windows\System\Otwepve.exe
  2⤵
  PID:7952
- C:\Windows\System\HGZncuw.exe
  C:\Windows\System\HGZncuw.exe
  2⤵
  PID:7980
- C:\Windows\System\mShxZaP.exe
  C:\Windows\System\mShxZaP.exe
  2⤵
  PID:8008
- C:\Windows\System\kArgQAA.exe
  C:\Windows\System\kArgQAA.exe
  2⤵
  PID:8036
- C:\Windows\System\ZSajdma.exe
  C:\Windows\System\ZSajdma.exe
  2⤵
  PID:8064
- C:\Windows\System\OciOqpF.exe
  C:\Windows\System\OciOqpF.exe
  2⤵
  PID:8092
- C:\Windows\System\hwFuScI.exe
  C:\Windows\System\hwFuScI.exe
  2⤵
  PID:8120
- C:\Windows\System\BALIUwA.exe
  C:\Windows\System\BALIUwA.exe
  2⤵
  PID:8148
- C:\Windows\System\oRjNHrk.exe
  C:\Windows\System\oRjNHrk.exe
  2⤵
  PID:8176
- C:\Windows\System\bcQobir.exe
  C:\Windows\System\bcQobir.exe
  2⤵
  PID:7176
- C:\Windows\System\JSkGATx.exe
  C:\Windows\System\JSkGATx.exe
  2⤵
  PID:7244
- C:\Windows\System\VjxGKdd.exe
  C:\Windows\System\VjxGKdd.exe
  2⤵
  PID:6412
- C:\Windows\System\ItArRZb.exe
  C:\Windows\System\ItArRZb.exe
  2⤵
  PID:6868
- C:\Windows\System\ZBgvmIg.exe
  C:\Windows\System\ZBgvmIg.exe
  2⤵
  PID:7384
- C:\Windows\System\WaXuqxw.exe
  C:\Windows\System\WaXuqxw.exe
  2⤵
  PID:7440
- C:\Windows\System\BGgcgFI.exe
  C:\Windows\System\BGgcgFI.exe
  2⤵
  PID:7492
- C:\Windows\System\WeSWusH.exe
  C:\Windows\System\WeSWusH.exe
  2⤵
  PID:7572
- C:\Windows\System\AsevUzf.exe
  C:\Windows\System\AsevUzf.exe
  2⤵
  PID:7628
- C:\Windows\System\JDhrKgH.exe
  C:\Windows\System\JDhrKgH.exe
  2⤵
  PID:7704
- C:\Windows\System\WmMqjnA.exe
  C:\Windows\System\WmMqjnA.exe
  2⤵
  PID:7768
- C:\Windows\System\hrNMUvh.exe
  C:\Windows\System\hrNMUvh.exe
  2⤵
  PID:7852
- C:\Windows\System\LVlsoyp.exe
  C:\Windows\System\LVlsoyp.exe
  2⤵
  PID:7908
- C:\Windows\System\sEfsYbj.exe
  C:\Windows\System\sEfsYbj.exe
  2⤵
  PID:7972
- C:\Windows\System\LlRtIYX.exe
  C:\Windows\System\LlRtIYX.exe
  2⤵
  PID:8032
- C:\Windows\System\kRFNcvs.exe
  C:\Windows\System\kRFNcvs.exe
  2⤵
  PID:700
- C:\Windows\System\bdhgyTU.exe
  C:\Windows\System\bdhgyTU.exe
  2⤵
  PID:2016
- C:\Windows\System\mTtVfQL.exe
  C:\Windows\System\mTtVfQL.exe
  2⤵
  PID:8172
- C:\Windows\System\xfoOckT.exe
  C:\Windows\System\xfoOckT.exe
  2⤵
  PID:7236
- C:\Windows\System\LbqSPTR.exe
  C:\Windows\System\LbqSPTR.exe
  2⤵
  PID:7344
- C:\Windows\System\kdTCbaj.exe
  C:\Windows\System\kdTCbaj.exe
  2⤵
  PID:7464
- C:\Windows\System\vxyPesz.exe
  C:\Windows\System\vxyPesz.exe
  2⤵
  PID:7620
- C:\Windows\System\NgxMrXs.exe
  C:\Windows\System\NgxMrXs.exe
  2⤵
  PID:7760
- C:\Windows\System\xqpVTfY.exe
  C:\Windows\System\xqpVTfY.exe
  2⤵
  PID:7964
- C:\Windows\System\EHPmCRd.exe
  C:\Windows\System\EHPmCRd.exe
  2⤵
  PID:8076
- C:\Windows\System\iXgvmiq.exe
  C:\Windows\System\iXgvmiq.exe
  2⤵
  PID:7604
- C:\Windows\System\NnyOPNo.exe
  C:\Windows\System\NnyOPNo.exe
  2⤵
  PID:7372
- C:\Windows\System\PHADVwo.exe
  C:\Windows\System\PHADVwo.exe
  2⤵
  PID:7732
- C:\Windows\System\llvDWEU.exe
  C:\Windows\System\llvDWEU.exe
  2⤵
  PID:8060
- C:\Windows\System\NBcSPOU.exe
  C:\Windows\System\NBcSPOU.exe
  2⤵
  PID:7524
- C:\Windows\System\KpVvkRc.exe
  C:\Windows\System\KpVvkRc.exe
  2⤵
  PID:6416
- C:\Windows\System\OmudgYw.exe
  C:\Windows\System\OmudgYw.exe
  2⤵
  PID:8200
- C:\Windows\System\aHXrypC.exe
  C:\Windows\System\aHXrypC.exe
  2⤵
  PID:8228
- C:\Windows\System\GPDIkOC.exe
  C:\Windows\System\GPDIkOC.exe
  2⤵
  PID:8256
- C:\Windows\System\nnXrunU.exe
  C:\Windows\System\nnXrunU.exe
  2⤵
  PID:8284
- C:\Windows\System\WkOeEoP.exe
  C:\Windows\System\WkOeEoP.exe
  2⤵
  PID:8312
- C:\Windows\System\qQzwlQM.exe
  C:\Windows\System\qQzwlQM.exe
  2⤵
  PID:8340
- C:\Windows\System\NYAnFpX.exe
  C:\Windows\System\NYAnFpX.exe
  2⤵
  PID:8368
- C:\Windows\System\mGOgQsC.exe
  C:\Windows\System\mGOgQsC.exe
  2⤵
  PID:8396
- C:\Windows\System\IlivOLG.exe
  C:\Windows\System\IlivOLG.exe
  2⤵
  PID:8424
- C:\Windows\System\ajZsOnf.exe
  C:\Windows\System\ajZsOnf.exe
  2⤵
  PID:8456
- C:\Windows\System\keLCqrZ.exe
  C:\Windows\System\keLCqrZ.exe
  2⤵
  PID:8484
- C:\Windows\System\MvuqSEX.exe
  C:\Windows\System\MvuqSEX.exe
  2⤵
  PID:8512
- C:\Windows\System\vJPHMcD.exe
  C:\Windows\System\vJPHMcD.exe
  2⤵
  PID:8540
- C:\Windows\System\wsjewpW.exe
  C:\Windows\System\wsjewpW.exe
  2⤵
  PID:8568
- C:\Windows\System\SJFAbfA.exe
  C:\Windows\System\SJFAbfA.exe
  2⤵
  PID:8596
- C:\Windows\System\OqYCovF.exe
  C:\Windows\System\OqYCovF.exe
  2⤵
  PID:8624
- C:\Windows\System\tCnOWPp.exe
  C:\Windows\System\tCnOWPp.exe
  2⤵
  PID:8652
- C:\Windows\System\ifxDhTO.exe
  C:\Windows\System\ifxDhTO.exe
  2⤵
  PID:8680
- C:\Windows\System\yrOqdQs.exe
  C:\Windows\System\yrOqdQs.exe
  2⤵
  PID:8708
- C:\Windows\System\LVbrPsz.exe
  C:\Windows\System\LVbrPsz.exe
  2⤵
  PID:8736
- C:\Windows\System\gTZAYQv.exe
  C:\Windows\System\gTZAYQv.exe
  2⤵
  PID:8764
- C:\Windows\System\wOBXceP.exe
  C:\Windows\System\wOBXceP.exe
  2⤵
  PID:8796
- C:\Windows\System\WnMlwNU.exe
  C:\Windows\System\WnMlwNU.exe
  2⤵
  PID:8824
- C:\Windows\System\MqDtQbI.exe
  C:\Windows\System\MqDtQbI.exe
  2⤵
  PID:8848
- C:\Windows\System\hLpBNvs.exe
  C:\Windows\System\hLpBNvs.exe
  2⤵
  PID:8876
- C:\Windows\System\OzPxLpT.exe
  C:\Windows\System\OzPxLpT.exe
  2⤵
  PID:8904
- C:\Windows\System\QffVIIf.exe
  C:\Windows\System\QffVIIf.exe
  2⤵
  PID:8932
- C:\Windows\System\YsPGjDi.exe
  C:\Windows\System\YsPGjDi.exe
  2⤵
  PID:8960
- C:\Windows\System\RrCPEpL.exe
  C:\Windows\System\RrCPEpL.exe
  2⤵
  PID:8988
- C:\Windows\System\OSJlCrT.exe
  C:\Windows\System\OSJlCrT.exe
  2⤵
  PID:9016
- C:\Windows\System\KNRGvMR.exe
  C:\Windows\System\KNRGvMR.exe
  2⤵
  PID:9044
- C:\Windows\System\kjhcGnY.exe
  C:\Windows\System\kjhcGnY.exe
  2⤵
  PID:9072
- C:\Windows\System\qNpEBHo.exe
  C:\Windows\System\qNpEBHo.exe
  2⤵
  PID:9100
- C:\Windows\System\ldQUMqq.exe
  C:\Windows\System\ldQUMqq.exe
  2⤵
  PID:9128
- C:\Windows\System\gyIVEvN.exe
  C:\Windows\System\gyIVEvN.exe
  2⤵
  PID:9156
- C:\Windows\System\RRcUQkD.exe
  C:\Windows\System\RRcUQkD.exe
  2⤵
  PID:9184
- C:\Windows\System\uGYkvuR.exe
  C:\Windows\System\uGYkvuR.exe
  2⤵
  PID:9212
- C:\Windows\System\UpntAPP.exe
  C:\Windows\System\UpntAPP.exe
  2⤵
  PID:8248
- C:\Windows\System\OoaklHh.exe
  C:\Windows\System\OoaklHh.exe
  2⤵
  PID:8308
- C:\Windows\System\UUPzsBh.exe
  C:\Windows\System\UUPzsBh.exe
  2⤵
  PID:8380
- C:\Windows\System\ABobYdA.exe
  C:\Windows\System\ABobYdA.exe
  2⤵
  PID:8448
- C:\Windows\System\mHdEJJi.exe
  C:\Windows\System\mHdEJJi.exe
  2⤵
  PID:8532
- C:\Windows\System\fRWuJQk.exe
  C:\Windows\System\fRWuJQk.exe
  2⤵
  PID:8592
- C:\Windows\System\aoGPEJq.exe
  C:\Windows\System\aoGPEJq.exe
  2⤵
  PID:8648
- C:\Windows\System\XfCUYlw.exe
  C:\Windows\System\XfCUYlw.exe
  2⤵
  PID:8720
- C:\Windows\System\pdAvgjp.exe
  C:\Windows\System\pdAvgjp.exe
  2⤵
  PID:8784
- C:\Windows\System\XoXjiZc.exe
  C:\Windows\System\XoXjiZc.exe
  2⤵
  PID:8832
- C:\Windows\System\DmuEcGh.exe
  C:\Windows\System\DmuEcGh.exe
  2⤵
  PID:8896
- C:\Windows\System\NfYbLif.exe
  C:\Windows\System\NfYbLif.exe
  2⤵
  PID:8956
- C:\Windows\System\LmtnMBi.exe
  C:\Windows\System\LmtnMBi.exe
  2⤵
  PID:9012
- C:\Windows\System\RbEDaZL.exe
  C:\Windows\System\RbEDaZL.exe
  2⤵
  PID:9064
- C:\Windows\System\yARZJzS.exe
  C:\Windows\System\yARZJzS.exe
  2⤵
  PID:9124
- C:\Windows\System\ZfLsmDK.exe
  C:\Windows\System\ZfLsmDK.exe
  2⤵
  PID:9196
- C:\Windows\System\EfVHofY.exe
  C:\Windows\System\EfVHofY.exe
  2⤵
  PID:8296
- C:\Windows\System\pMdUnfT.exe
  C:\Windows\System\pMdUnfT.exe
  2⤵
  PID:8420
- C:\Windows\System\eAvffuE.exe
  C:\Windows\System\eAvffuE.exe
  2⤵
  PID:8588
- C:\Windows\System\XUpGDfB.exe
  C:\Windows\System\XUpGDfB.exe
  2⤵
  PID:8748
- C:\Windows\System\EalNegG.exe
  C:\Windows\System\EalNegG.exe
  2⤵
  PID:8872
- C:\Windows\System\zNiuCWr.exe
  C:\Windows\System\zNiuCWr.exe
  2⤵
  PID:9008
- C:\Windows\System\aeokAHM.exe
  C:\Windows\System\aeokAHM.exe
  2⤵
  PID:9120
- C:\Windows\System\hAvhXzP.exe
  C:\Windows\System\hAvhXzP.exe
  2⤵
  PID:8276
- C:\Windows\System\fLfzwWV.exe
  C:\Windows\System\fLfzwWV.exe
  2⤵
  PID:8644
- C:\Windows\System\iRsKRhf.exe
  C:\Windows\System\iRsKRhf.exe
  2⤵
  PID:8984
- C:\Windows\System\eejHKfJ.exe
  C:\Windows\System\eejHKfJ.exe
  2⤵
  PID:7676
- C:\Windows\System\gdRdTTu.exe
  C:\Windows\System\gdRdTTu.exe
  2⤵
  PID:8944
- C:\Windows\System\fQCuPnR.exe
  C:\Windows\System\fQCuPnR.exe
  2⤵
  PID:8212
- C:\Windows\System\TGZeHKZ.exe
  C:\Windows\System\TGZeHKZ.exe
  2⤵
  PID:9236
- C:\Windows\System\eBhwAci.exe
  C:\Windows\System\eBhwAci.exe
  2⤵
  PID:9264
- C:\Windows\System\EOWOyHl.exe
  C:\Windows\System\EOWOyHl.exe
  2⤵
  PID:9292
- C:\Windows\System\NxGigVx.exe
  C:\Windows\System\NxGigVx.exe
  2⤵
  PID:9324
- C:\Windows\System\reZJUIA.exe
  C:\Windows\System\reZJUIA.exe
  2⤵
  PID:9352
- C:\Windows\System\CfLdTMi.exe
  C:\Windows\System\CfLdTMi.exe
  2⤵
  PID:9380
- C:\Windows\System\QkLWfWS.exe
  C:\Windows\System\QkLWfWS.exe
  2⤵
  PID:9408
- C:\Windows\System\pkNTkAF.exe
  C:\Windows\System\pkNTkAF.exe
  2⤵
  PID:9436
- C:\Windows\System\adkFqSI.exe
  C:\Windows\System\adkFqSI.exe
  2⤵
  PID:9464
- C:\Windows\System\tAxwJln.exe
  C:\Windows\System\tAxwJln.exe
  2⤵
  PID:9492
- C:\Windows\System\eEadeWV.exe
  C:\Windows\System\eEadeWV.exe
  2⤵
  PID:9520
- C:\Windows\System\DEHrPLu.exe
  C:\Windows\System\DEHrPLu.exe
  2⤵
  PID:9548
- C:\Windows\System\iTLMLJP.exe
  C:\Windows\System\iTLMLJP.exe
  2⤵
  PID:9576
- C:\Windows\System\OUlFlLb.exe
  C:\Windows\System\OUlFlLb.exe
  2⤵
  PID:9604
- C:\Windows\System\iHgxbtv.exe
  C:\Windows\System\iHgxbtv.exe
  2⤵
  PID:9632
- C:\Windows\System\ltIIOzg.exe
  C:\Windows\System\ltIIOzg.exe
  2⤵
  PID:9660
- C:\Windows\System\nTDdnOT.exe
  C:\Windows\System\nTDdnOT.exe
  2⤵
  PID:9688
- C:\Windows\System\mfvogMT.exe
  C:\Windows\System\mfvogMT.exe
  2⤵
  PID:9716
- C:\Windows\System\JpzdbAm.exe
  C:\Windows\System\JpzdbAm.exe
  2⤵
  PID:9744
- C:\Windows\System\oJTgzut.exe
  C:\Windows\System\oJTgzut.exe
  2⤵
  PID:9772
- C:\Windows\System\zKappiw.exe
  C:\Windows\System\zKappiw.exe
  2⤵
  PID:9812
- C:\Windows\System\jCUSyuv.exe
  C:\Windows\System\jCUSyuv.exe
  2⤵
  PID:9828
- C:\Windows\System\qqQUxNJ.exe
  C:\Windows\System\qqQUxNJ.exe
  2⤵
  PID:9856
- C:\Windows\System\OQmVwOH.exe
  C:\Windows\System\OQmVwOH.exe
  2⤵
  PID:9884
- C:\Windows\System\xSFYZUV.exe
  C:\Windows\System\xSFYZUV.exe
  2⤵
  PID:9916
- C:\Windows\System\aFVRqNN.exe
  C:\Windows\System\aFVRqNN.exe
  2⤵
  PID:9944
- C:\Windows\System\VuzqJkC.exe
  C:\Windows\System\VuzqJkC.exe
  2⤵
  PID:9972
- C:\Windows\System\Czfnsqz.exe
  C:\Windows\System\Czfnsqz.exe
  2⤵
  PID:10000
- C:\Windows\System\jAybnyO.exe
  C:\Windows\System\jAybnyO.exe
  2⤵
  PID:10028
- C:\Windows\System\vdfPIbW.exe
  C:\Windows\System\vdfPIbW.exe
  2⤵
  PID:10056
- C:\Windows\System\VuZtaac.exe
  C:\Windows\System\VuZtaac.exe
  2⤵
  PID:10084
- C:\Windows\System\oNtuvSk.exe
  C:\Windows\System\oNtuvSk.exe
  2⤵
  PID:10112
- C:\Windows\System\SEptCTv.exe
  C:\Windows\System\SEptCTv.exe
  2⤵
  PID:10140
- C:\Windows\System\mvMURut.exe
  C:\Windows\System\mvMURut.exe
  2⤵
  PID:10172
- C:\Windows\System\MpcUuzg.exe
  C:\Windows\System\MpcUuzg.exe
  2⤵
  PID:10204
- C:\Windows\System\PsCvsqV.exe
  C:\Windows\System\PsCvsqV.exe
  2⤵
  PID:10232
- C:\Windows\System\ziyFgAz.exe
  C:\Windows\System\ziyFgAz.exe
  2⤵
  PID:9260
- C:\Windows\System\WBdKFxd.exe
  C:\Windows\System\WBdKFxd.exe
  2⤵
  PID:9336
- C:\Windows\System\HhgpYRF.exe
  C:\Windows\System\HhgpYRF.exe
  2⤵
  PID:9400
- C:\Windows\System\KjyjIxa.exe
  C:\Windows\System\KjyjIxa.exe
  2⤵
  PID:9460
- C:\Windows\System\ZGjlBeo.exe
  C:\Windows\System\ZGjlBeo.exe
  2⤵
  PID:9532
- C:\Windows\System\YHiKVpl.exe
  C:\Windows\System\YHiKVpl.exe
  2⤵
  PID:9596
- C:\Windows\System\wVLDpbB.exe
  C:\Windows\System\wVLDpbB.exe
  2⤵
  PID:9656
- C:\Windows\System\aMWpOdw.exe
  C:\Windows\System\aMWpOdw.exe
  2⤵
  PID:9728
- C:\Windows\System\HEiAAqt.exe
  C:\Windows\System\HEiAAqt.exe
  2⤵
  PID:9792
- C:\Windows\System\TGMmWfc.exe
  C:\Windows\System\TGMmWfc.exe
  2⤵
  PID:9848
- C:\Windows\System\jmSEuHr.exe
  C:\Windows\System\jmSEuHr.exe
  2⤵
  PID:9936
- C:\Windows\System\VMrXkyc.exe
  C:\Windows\System\VMrXkyc.exe
  2⤵
  PID:9984
- C:\Windows\System\rGGMVfm.exe
  C:\Windows\System\rGGMVfm.exe
  2⤵
  PID:10048
- C:\Windows\System\DlZlGhB.exe
  C:\Windows\System\DlZlGhB.exe
  2⤵
  PID:10108
- C:\Windows\System\mLwdehx.exe
  C:\Windows\System\mLwdehx.exe
  2⤵
  PID:10180
- C:\Windows\System\ckLjTdv.exe
  C:\Windows\System\ckLjTdv.exe
  2⤵
  PID:10228
- C:\Windows\System\dQOfCqT.exe
  C:\Windows\System\dQOfCqT.exe
  2⤵
  PID:9376
- C:\Windows\System\qIelgay.exe
  C:\Windows\System\qIelgay.exe
  2⤵
  PID:9516
- C:\Windows\System\DjfUvPj.exe
  C:\Windows\System\DjfUvPj.exe
  2⤵
  PID:9708
- C:\Windows\System\xueFRVY.exe
  C:\Windows\System\xueFRVY.exe
  2⤵
  PID:9876
- C:\Windows\System\QBoKEYu.exe
  C:\Windows\System\QBoKEYu.exe
  2⤵
  PID:10024
- C:\Windows\System\JZvIFdM.exe
  C:\Windows\System\JZvIFdM.exe
  2⤵
  PID:10104
- C:\Windows\System\WHeGHSV.exe
  C:\Windows\System\WHeGHSV.exe
  2⤵
  PID:9448
- C:\Windows\System\UrcYIJs.exe
  C:\Windows\System\UrcYIJs.exe
  2⤵
  PID:9768
- C:\Windows\System\oJboLSu.exe
  C:\Windows\System\oJboLSu.exe
  2⤵
  PID:4164
- C:\Windows\System\UtRGNcE.exe
  C:\Windows\System\UtRGNcE.exe
  2⤵
  PID:10224
- C:\Windows\System\stqnORA.exe
  C:\Windows\System\stqnORA.exe
  2⤵
  PID:10160
- C:\Windows\System\BdCuGTE.exe
  C:\Windows\System\BdCuGTE.exe
  2⤵
  PID:10076
- C:\Windows\System\TAUfXzu.exe
  C:\Windows\System\TAUfXzu.exe
  2⤵
  PID:4068
- C:\Windows\System\KoFjFbc.exe
  C:\Windows\System\KoFjFbc.exe
  2⤵
  PID:10256
- C:\Windows\System\CrDWhru.exe
  C:\Windows\System\CrDWhru.exe
  2⤵
  PID:10284
- C:\Windows\System\fCZfsrA.exe
  C:\Windows\System\fCZfsrA.exe
  2⤵
  PID:10312
- C:\Windows\System\PkJQmSJ.exe
  C:\Windows\System\PkJQmSJ.exe
  2⤵
  PID:10340
- C:\Windows\System\enbRyod.exe
  C:\Windows\System\enbRyod.exe
  2⤵
  PID:10368
- C:\Windows\System\iVqDfrX.exe
  C:\Windows\System\iVqDfrX.exe
  2⤵
  PID:10396
- C:\Windows\System\VaAmpsW.exe
  C:\Windows\System\VaAmpsW.exe
  2⤵
  PID:10424
- C:\Windows\System\nvljXiY.exe
  C:\Windows\System\nvljXiY.exe
  2⤵
  PID:10452
- C:\Windows\System\PBabnNs.exe
  C:\Windows\System\PBabnNs.exe
  2⤵
  PID:10480
- C:\Windows\System\tuQiiUN.exe
  C:\Windows\System\tuQiiUN.exe
  2⤵
  PID:10508
- C:\Windows\System\uTEvTVc.exe
  C:\Windows\System\uTEvTVc.exe
  2⤵
  PID:10536
- C:\Windows\System\bmrKCxS.exe
  C:\Windows\System\bmrKCxS.exe
  2⤵
  PID:10564
- C:\Windows\System\pxTjHPI.exe
  C:\Windows\System\pxTjHPI.exe
  2⤵
  PID:10592
- C:\Windows\System\JFfGUZp.exe
  C:\Windows\System\JFfGUZp.exe
  2⤵
  PID:10620
- C:\Windows\System\xQpzmxi.exe
  C:\Windows\System\xQpzmxi.exe
  2⤵
  PID:10648
- C:\Windows\System\vdvUtgU.exe
  C:\Windows\System\vdvUtgU.exe
  2⤵
  PID:10680
- C:\Windows\System\KxOHzze.exe
  C:\Windows\System\KxOHzze.exe
  2⤵
  PID:10716
- C:\Windows\System\iJoyILq.exe
  C:\Windows\System\iJoyILq.exe
  2⤵
  PID:10748
- C:\Windows\System\fThJuaq.exe
  C:\Windows\System\fThJuaq.exe
  2⤵
  PID:10772
- C:\Windows\System\IiOOwSY.exe
  C:\Windows\System\IiOOwSY.exe
  2⤵
  PID:10800
- C:\Windows\System\YRlSyeQ.exe
  C:\Windows\System\YRlSyeQ.exe
  2⤵
  PID:10832
- C:\Windows\System\YJaWglH.exe
  C:\Windows\System\YJaWglH.exe
  2⤵
  PID:10860
- C:\Windows\System\XLQWBnS.exe
  C:\Windows\System\XLQWBnS.exe
  2⤵
  PID:10888
- C:\Windows\System\pEbzHXJ.exe
  C:\Windows\System\pEbzHXJ.exe
  2⤵
  PID:10916
- C:\Windows\System\lmeqoaT.exe
  C:\Windows\System\lmeqoaT.exe
  2⤵
  PID:10944
- C:\Windows\System\PtYBTjS.exe
  C:\Windows\System\PtYBTjS.exe
  2⤵
  PID:10972
- C:\Windows\System\MuONeJh.exe
  C:\Windows\System\MuONeJh.exe
  2⤵
  PID:11000
- C:\Windows\System\JyqCBOb.exe
  C:\Windows\System\JyqCBOb.exe
  2⤵
  PID:11028
- C:\Windows\System\VeCyvXC.exe
  C:\Windows\System\VeCyvXC.exe
  2⤵
  PID:11056
- C:\Windows\System\VsPHmzE.exe
  C:\Windows\System\VsPHmzE.exe
  2⤵
  PID:11084
- C:\Windows\System\gfhFKvL.exe
  C:\Windows\System\gfhFKvL.exe
  2⤵
  PID:11112
- C:\Windows\System\EhakJlr.exe
  C:\Windows\System\EhakJlr.exe
  2⤵
  PID:11140
- C:\Windows\System\dSMdqPr.exe
  C:\Windows\System\dSMdqPr.exe
  2⤵
  PID:11168
- C:\Windows\System\ZkJMiNi.exe
  C:\Windows\System\ZkJMiNi.exe
  2⤵
  PID:11196
- C:\Windows\System\EuZcxTt.exe
  C:\Windows\System\EuZcxTt.exe
  2⤵
  PID:11224
- C:\Windows\System\NFViKrY.exe
  C:\Windows\System\NFViKrY.exe
  2⤵
  PID:11252
- C:\Windows\System\HQIwmme.exe
  C:\Windows\System\HQIwmme.exe
  2⤵
  PID:10304
- C:\Windows\System\MCKRojx.exe
  C:\Windows\System\MCKRojx.exe
  2⤵
  PID:10352
- C:\Windows\System\yvRUDEG.exe
  C:\Windows\System\yvRUDEG.exe
  2⤵
  PID:10408
- C:\Windows\System\uewDuMp.exe
  C:\Windows\System\uewDuMp.exe
  2⤵
  PID:10472
- C:\Windows\System\aOwyEFj.exe
  C:\Windows\System\aOwyEFj.exe
  2⤵
  PID:10548
- C:\Windows\System\RGvOcKl.exe
  C:\Windows\System\RGvOcKl.exe
  2⤵
  PID:9796
- C:\Windows\System\GWlXEHp.exe
  C:\Windows\System\GWlXEHp.exe
  2⤵
  PID:4932
- C:\Windows\System\hJbSRlG.exe
  C:\Windows\System\hJbSRlG.exe
  2⤵
  PID:3980
- C:\Windows\System\GgtIZVS.exe
  C:\Windows\System\GgtIZVS.exe
  2⤵
  PID:10784
- C:\Windows\System\HCaZETn.exe
  C:\Windows\System\HCaZETn.exe
  2⤵
  PID:10824
- C:\Windows\System\jTfgwpe.exe
  C:\Windows\System\jTfgwpe.exe
  2⤵
  PID:10884
- C:\Windows\System\BbtNPly.exe
  C:\Windows\System\BbtNPly.exe
  2⤵
  PID:10956
- C:\Windows\System\ekXXZOA.exe
  C:\Windows\System\ekXXZOA.exe
  2⤵
  PID:11020
- C:\Windows\System\hdeKjvT.exe
  C:\Windows\System\hdeKjvT.exe
  2⤵
  PID:11068
- C:\Windows\System\WPVkzPl.exe
  C:\Windows\System\WPVkzPl.exe
  2⤵
  PID:11132
- C:\Windows\System\ZspvdnL.exe
  C:\Windows\System\ZspvdnL.exe
  2⤵
  PID:11160
- C:\Windows\System\NlpryCW.exe
  C:\Windows\System\NlpryCW.exe
  2⤵
  PID:11220
- C:\Windows\System\XPwBltt.exe
  C:\Windows\System\XPwBltt.exe
  2⤵
  PID:10268
- C:\Windows\System\vbxHfYW.exe
  C:\Windows\System\vbxHfYW.exe
  2⤵
  PID:10436
- C:\Windows\System\DtiVuuL.exe
  C:\Windows\System\DtiVuuL.exe
  2⤵
  PID:10588
- C:\Windows\System\ckNqYdp.exe
  C:\Windows\System\ckNqYdp.exe
  2⤵
  PID:10700
- C:\Windows\System\msojTml.exe
  C:\Windows\System\msojTml.exe
  2⤵
  PID:10852
- C:\Windows\System\cBBjBJa.exe
  C:\Windows\System\cBBjBJa.exe
  2⤵
  PID:10984
- C:\Windows\System\vaHADGZ.exe
  C:\Windows\System\vaHADGZ.exe
  2⤵
  PID:11108
- C:\Windows\System\CbQNxHh.exe
  C:\Windows\System\CbQNxHh.exe
  2⤵
  PID:11216
- C:\Windows\System\clxanyK.exe
  C:\Windows\System\clxanyK.exe
  2⤵
  PID:10500
- C:\Windows\System\sjxoQGv.exe
  C:\Windows\System\sjxoQGv.exe
  2⤵
  PID:4820
- C:\Windows\System\KkXTNQt.exe
  C:\Windows\System\KkXTNQt.exe
  2⤵
  PID:2484
- C:\Windows\System\jLTvZxi.exe
  C:\Windows\System\jLTvZxi.exe
  2⤵
  PID:10388
- C:\Windows\System\PbjaGPB.exe
  C:\Windows\System\PbjaGPB.exe
  2⤵
  PID:3932
- C:\Windows\System\QBApClJ.exe
  C:\Windows\System\QBApClJ.exe
  2⤵
  PID:10732
- C:\Windows\System\PoOQQvH.exe
  C:\Windows\System\PoOQQvH.exe
  2⤵
  PID:11272
- C:\Windows\System\sGkFyeV.exe
  C:\Windows\System\sGkFyeV.exe
  2⤵
  PID:11328
- C:\Windows\System\VhfSuWc.exe
  C:\Windows\System\VhfSuWc.exe
  2⤵
  PID:11344
- C:\Windows\System\uRsMVWg.exe
  C:\Windows\System\uRsMVWg.exe
  2⤵
  PID:11372
- C:\Windows\System\UcWlEyb.exe
  C:\Windows\System\UcWlEyb.exe
  2⤵
  PID:11400
- C:\Windows\System\ZLNtUQE.exe
  C:\Windows\System\ZLNtUQE.exe
  2⤵
  PID:11428
- C:\Windows\System\vmvrfLI.exe
  C:\Windows\System\vmvrfLI.exe
  2⤵
  PID:11456
- C:\Windows\System\QshHwID.exe
  C:\Windows\System\QshHwID.exe
  2⤵
  PID:11484
- C:\Windows\System\dhVtcrR.exe
  C:\Windows\System\dhVtcrR.exe
  2⤵
  PID:11512
- C:\Windows\System\kBExOHu.exe
  C:\Windows\System\kBExOHu.exe
  2⤵
  PID:11544
- C:\Windows\System\RzEdrcL.exe
  C:\Windows\System\RzEdrcL.exe
  2⤵
  PID:11572
- C:\Windows\System\HfhTpqk.exe
  C:\Windows\System\HfhTpqk.exe
  2⤵
  PID:11600
- C:\Windows\System\liojJmg.exe
  C:\Windows\System\liojJmg.exe
  2⤵
  PID:11628
- C:\Windows\System\njLwiNJ.exe
  C:\Windows\System\njLwiNJ.exe
  2⤵
  PID:11656
- C:\Windows\System\VVmrNAM.exe
  C:\Windows\System\VVmrNAM.exe
  2⤵
  PID:11684
- C:\Windows\System\BoTkXKw.exe
  C:\Windows\System\BoTkXKw.exe
  2⤵
  PID:11712
- C:\Windows\System\HiEtqst.exe
  C:\Windows\System\HiEtqst.exe
  2⤵
  PID:11740
- C:\Windows\System\ICRCTOf.exe
  C:\Windows\System\ICRCTOf.exe
  2⤵
  PID:11768
- C:\Windows\System\PJtFuBp.exe
  C:\Windows\System\PJtFuBp.exe
  2⤵
  PID:11796
- C:\Windows\System\eiQVpay.exe
  C:\Windows\System\eiQVpay.exe
  2⤵
  PID:11824
- C:\Windows\System\YQFeucL.exe
  C:\Windows\System\YQFeucL.exe
  2⤵
  PID:11852
- C:\Windows\System\aUUgRBC.exe
  C:\Windows\System\aUUgRBC.exe
  2⤵
  PID:11880
- C:\Windows\System\tZUYmLB.exe
  C:\Windows\System\tZUYmLB.exe
  2⤵
  PID:11908
- C:\Windows\System\GkpbOlS.exe
  C:\Windows\System\GkpbOlS.exe
  2⤵
  PID:11936
- C:\Windows\System\UZDinKc.exe
  C:\Windows\System\UZDinKc.exe
  2⤵
  PID:11964
- C:\Windows\System\SRMVsYY.exe
  C:\Windows\System\SRMVsYY.exe
  2⤵
  PID:11992
- C:\Windows\System\yyIjROk.exe
  C:\Windows\System\yyIjROk.exe
  2⤵
  PID:12020
- C:\Windows\System\idveAwW.exe
  C:\Windows\System\idveAwW.exe
  2⤵
  PID:12048
- C:\Windows\System\NMDWUSp.exe
  C:\Windows\System\NMDWUSp.exe
  2⤵
  PID:12076
- C:\Windows\System\kaxYquJ.exe
  C:\Windows\System\kaxYquJ.exe
  2⤵
  PID:12104
- C:\Windows\System\aBGYacO.exe
  C:\Windows\System\aBGYacO.exe
  2⤵
  PID:12132
- C:\Windows\System\hzgxjDf.exe
  C:\Windows\System\hzgxjDf.exe
  2⤵
  PID:12160
- C:\Windows\System\xtdCLxV.exe
  C:\Windows\System\xtdCLxV.exe
  2⤵
  PID:12188
- C:\Windows\System\PafeFDe.exe
  C:\Windows\System\PafeFDe.exe
  2⤵
  PID:12216
- C:\Windows\System\ZnSeLES.exe
  C:\Windows\System\ZnSeLES.exe
  2⤵
  PID:12244
- C:\Windows\System\kkXGQyJ.exe
  C:\Windows\System\kkXGQyJ.exe
  2⤵
  PID:12272
- C:\Windows\System\BEutlqx.exe
  C:\Windows\System\BEutlqx.exe
  2⤵
  PID:1528
- C:\Windows\System\lqwoXHi.exe
  C:\Windows\System\lqwoXHi.exe
  2⤵
  PID:5096
- C:\Windows\System\cdYhDNe.exe
  C:\Windows\System\cdYhDNe.exe
  2⤵
  PID:11340
- C:\Windows\System\qPIdsHY.exe
  C:\Windows\System\qPIdsHY.exe
  2⤵
  PID:11412
- C:\Windows\System\sCHSInr.exe
  C:\Windows\System\sCHSInr.exe
  2⤵
  PID:11312
- C:\Windows\System\nVDRYcJ.exe
  C:\Windows\System\nVDRYcJ.exe
  2⤵
  PID:11536
- C:\Windows\System\nDYNVdz.exe
  C:\Windows\System\nDYNVdz.exe
  2⤵
  PID:11596
- C:\Windows\System\rKiwTTk.exe
  C:\Windows\System\rKiwTTk.exe
  2⤵
  PID:11668
- C:\Windows\System\dkIBxAZ.exe
  C:\Windows\System\dkIBxAZ.exe
  2⤵
  PID:11732
- C:\Windows\System\yXKaglQ.exe
  C:\Windows\System\yXKaglQ.exe
  2⤵
  PID:11792
- C:\Windows\System\IdMqeOq.exe
  C:\Windows\System\IdMqeOq.exe
  2⤵
  PID:11848
- C:\Windows\System\TuLLdWU.exe
  C:\Windows\System\TuLLdWU.exe
  2⤵
  PID:11928
- C:\Windows\System\nNCJTDw.exe
  C:\Windows\System\nNCJTDw.exe
  2⤵
  PID:11984
- C:\Windows\System\zSvBRqs.exe
  C:\Windows\System\zSvBRqs.exe
  2⤵
  PID:12060
- C:\Windows\System\hvqnbRP.exe
  C:\Windows\System\hvqnbRP.exe
  2⤵
  PID:12124
- C:\Windows\System\yImTBbf.exe
  C:\Windows\System\yImTBbf.exe
  2⤵
  PID:12180
- C:\Windows\System\SuEsidS.exe
  C:\Windows\System\SuEsidS.exe
  2⤵
  PID:12240
- C:\Windows\System\pNVRnzW.exe
  C:\Windows\System\pNVRnzW.exe
  2⤵
  PID:11304
- C:\Windows\System\BwXkNrz.exe
  C:\Windows\System\BwXkNrz.exe
  2⤵
  PID:11392
- C:\Windows\System\DOajbpd.exe
  C:\Windows\System\DOajbpd.exe
  2⤵
  PID:11524
- C:\Windows\System\aAmpvxx.exe
  C:\Windows\System\aAmpvxx.exe
  2⤵
  PID:11708
- C:\Windows\System\igvrOig.exe
  C:\Windows\System\igvrOig.exe
  2⤵
  PID:11836
- C:\Windows\System\GVzfgZQ.exe
  C:\Windows\System\GVzfgZQ.exe
  2⤵
  PID:11948
- C:\Windows\System\vueACcK.exe
  C:\Windows\System\vueACcK.exe
  2⤵
  PID:11920
- C:\Windows\System\sbSATPK.exe
  C:\Windows\System\sbSATPK.exe
  2⤵
  PID:11268
- C:\Windows\System\hTYsISd.exe
  C:\Windows\System\hTYsISd.exe
  2⤵
  PID:11508
- C:\Windows\System\SZYRvMO.exe
  C:\Windows\System\SZYRvMO.exe
  2⤵
  PID:11900
- C:\Windows\System\cDgZsVI.exe
  C:\Windows\System\cDgZsVI.exe
  2⤵
  PID:11532
- C:\Windows\System\FIqjNag.exe
  C:\Windows\System\FIqjNag.exe
  2⤵
  PID:11648
- C:\Windows\System\KDJRIXE.exe
  C:\Windows\System\KDJRIXE.exe
  2⤵
  PID:11324
- C:\Windows\System\dbGylAJ.exe
  C:\Windows\System\dbGylAJ.exe
  2⤵
  PID:12304
- C:\Windows\System\wYaDAbe.exe
  C:\Windows\System\wYaDAbe.exe
  2⤵
  PID:12332
- C:\Windows\System\TYvWLbc.exe
  C:\Windows\System\TYvWLbc.exe
  2⤵
  PID:12360
- C:\Windows\System\qdabVVN.exe
  C:\Windows\System\qdabVVN.exe
  2⤵
  PID:12388
- C:\Windows\System\wBeUBjE.exe
  C:\Windows\System\wBeUBjE.exe
  2⤵
  PID:12416
- C:\Windows\System\MMquffG.exe
  C:\Windows\System\MMquffG.exe
  2⤵
  PID:12444
- C:\Windows\System\gYhhGdQ.exe
  C:\Windows\System\gYhhGdQ.exe
  2⤵
  PID:12480
- C:\Windows\System\JjiqPhz.exe
  C:\Windows\System\JjiqPhz.exe
  2⤵
  PID:12508
- C:\Windows\System\haLliiZ.exe
  C:\Windows\System\haLliiZ.exe
  2⤵
  PID:12536
- C:\Windows\System\ZSitkdG.exe
  C:\Windows\System\ZSitkdG.exe
  2⤵
  PID:12572
- C:\Windows\System\XFFVOuq.exe
  C:\Windows\System\XFFVOuq.exe
  2⤵
  PID:12592
- C:\Windows\System\mSxyspJ.exe
  C:\Windows\System\mSxyspJ.exe
  2⤵
  PID:12620
- C:\Windows\System\MfITsdV.exe
  C:\Windows\System\MfITsdV.exe
  2⤵
  PID:12648
- C:\Windows\System\aEBYpoF.exe
  C:\Windows\System\aEBYpoF.exe
  2⤵
  PID:12676
- C:\Windows\System\wLwqQBV.exe
  C:\Windows\System\wLwqQBV.exe
  2⤵
  PID:12704
- C:\Windows\System\ESuBpvk.exe
  C:\Windows\System\ESuBpvk.exe
  2⤵
  PID:12732
- C:\Windows\System\wSLqrmX.exe
  C:\Windows\System\wSLqrmX.exe
  2⤵
  PID:12760
- C:\Windows\System\WVGRYne.exe
  C:\Windows\System\WVGRYne.exe
  2⤵
  PID:12788
- C:\Windows\System\qzwtOdr.exe
  C:\Windows\System\qzwtOdr.exe
  2⤵
  PID:12816
- C:\Windows\System\vrhUVzt.exe
  C:\Windows\System\vrhUVzt.exe
  2⤵
  PID:12844
- C:\Windows\System\RhtvnwC.exe
  C:\Windows\System\RhtvnwC.exe
  2⤵
  PID:12872
- C:\Windows\System\GkwEKKU.exe
  C:\Windows\System\GkwEKKU.exe
  2⤵
  PID:12900
- C:\Windows\System\FBvYpAW.exe
  C:\Windows\System\FBvYpAW.exe
  2⤵
  PID:12928
- C:\Windows\System\SbPvSNd.exe
  C:\Windows\System\SbPvSNd.exe
  2⤵
  PID:12956
- C:\Windows\System\UtStcRw.exe
  C:\Windows\System\UtStcRw.exe
  2⤵
  PID:12984
- C:\Windows\System\kovstLi.exe
  C:\Windows\System\kovstLi.exe
  2⤵
  PID:13012
- C:\Windows\System\UnEMJRV.exe
  C:\Windows\System\UnEMJRV.exe
  2⤵
  PID:13040
- C:\Windows\System\ZjUsdoo.exe
  C:\Windows\System\ZjUsdoo.exe
  2⤵
  PID:13072
- C:\Windows\System\BcmnpzY.exe
  C:\Windows\System\BcmnpzY.exe
  2⤵
  PID:13100
- C:\Windows\System\xivRqFP.exe
  C:\Windows\System\xivRqFP.exe
  2⤵
  PID:13128
- C:\Windows\System\NpcnwOv.exe
  C:\Windows\System\NpcnwOv.exe
  2⤵
  PID:13156
- C:\Windows\System\eSejymw.exe
  C:\Windows\System\eSejymw.exe
  2⤵
  PID:13184
- C:\Windows\System\ExISxfn.exe
  C:\Windows\System\ExISxfn.exe
  2⤵
  PID:13212
- C:\Windows\System\fieWNCh.exe
  C:\Windows\System\fieWNCh.exe
  2⤵
  PID:13240
- C:\Windows\System\ccLiQhb.exe
  C:\Windows\System\ccLiQhb.exe
  2⤵
  PID:13268
- C:\Windows\System\KjfjpPp.exe
  C:\Windows\System\KjfjpPp.exe
  2⤵
  PID:13308
- C:\Windows\System\WgpHzVu.exe
  C:\Windows\System\WgpHzVu.exe
  2⤵
  PID:12316
- C:\Windows\System\oiDelCh.exe
  C:\Windows\System\oiDelCh.exe
  2⤵
  PID:12380
- C:\Windows\System\HgIXngp.exe
  C:\Windows\System\HgIXngp.exe
  2⤵
  PID:12428
- C:\Windows\System\sIdbxUn.exe
  C:\Windows\System\sIdbxUn.exe
  2⤵
  PID:4964
- C:\Windows\System\AEgGJmc.exe
  C:\Windows\System\AEgGJmc.exe
  2⤵
  PID:12548
- C:\Windows\System\UuqgAIu.exe
  C:\Windows\System\UuqgAIu.exe
  2⤵
  PID:12612
- C:\Windows\System\NWbZQIu.exe
  C:\Windows\System\NWbZQIu.exe
  2⤵
  PID:12668
- C:\Windows\System\DSkXZSb.exe
  C:\Windows\System\DSkXZSb.exe
  2⤵
  PID:12728
- C:\Windows\System\nINyBNs.exe
  C:\Windows\System\nINyBNs.exe
  2⤵
  PID:12800
- C:\Windows\System\wWlHbmW.exe
  C:\Windows\System\wWlHbmW.exe
  2⤵
  PID:12864
- C:\Windows\System\KieYshd.exe
  C:\Windows\System\KieYshd.exe
  2⤵
  PID:12924
- C:\Windows\System\sJSPpcI.exe
  C:\Windows\System\sJSPpcI.exe
  2⤵
  PID:12980
- C:\Windows\System\UAvCYot.exe
  C:\Windows\System\UAvCYot.exe
  2⤵
  PID:13032
- C:\Windows\System\WmxIFHZ.exe
  C:\Windows\System\WmxIFHZ.exe
  2⤵
  PID:13084
- C:\Windows\System\YzHeXEL.exe
  C:\Windows\System\YzHeXEL.exe
  2⤵
  PID:13148
- C:\Windows\System\nyCqtcG.exe
  C:\Windows\System\nyCqtcG.exe
  2⤵
  PID:13208
- C:\Windows\System\XLzkgQn.exe
  C:\Windows\System\XLzkgQn.exe
  2⤵
  PID:13280
- C:\Windows\System\BuLKKmf.exe
  C:\Windows\System\BuLKKmf.exe
  2⤵
  PID:12372
- C:\Windows\System\YKvIVWI.exe
  C:\Windows\System\YKvIVWI.exe
  2⤵
  PID:12488
- C:\Windows\System\iXBBkqG.exe
  C:\Windows\System\iXBBkqG.exe
  2⤵
  PID:12472
- C:\Windows\System\VuHFULf.exe
  C:\Windows\System\VuHFULf.exe
  2⤵
  PID:12784
- C:\Windows\System\pZBBnxZ.exe
  C:\Windows\System\pZBBnxZ.exe
  2⤵
  PID:12968
- C:\Windows\System\GcxUHJS.exe
  C:\Windows\System\GcxUHJS.exe
  2⤵
  PID:13068
- C:\Windows\System\kkeIXdT.exe
  C:\Windows\System\kkeIXdT.exe
  2⤵
  PID:13236
- C:\Windows\System\lOBESph.exe
  C:\Windows\System\lOBESph.exe
  2⤵
  PID:12452
- C:\Windows\System\LPzmsAZ.exe
  C:\Windows\System\LPzmsAZ.exe
  2⤵
  PID:12756
- C:\Windows\System\cMsPlQC.exe
  C:\Windows\System\cMsPlQC.exe
  2⤵
  PID:12840
- C:\Windows\System\bvWomyp.exe
  C:\Windows\System\bvWomyp.exe
  2⤵
  PID:812
- C:\Windows\System\ydzoGVO.exe
  C:\Windows\System\ydzoGVO.exe
  2⤵
  PID:13196
- C:\Windows\System\IsvITHM.exe
  C:\Windows\System\IsvITHM.exe
  2⤵
  PID:5108
- C:\Windows\System\pKJcDZv.exe
  C:\Windows\System\pKJcDZv.exe
  2⤵
  PID:13336
- C:\Windows\System\vMqcwpO.exe
  C:\Windows\System\vMqcwpO.exe
  2⤵
  PID:13364
- C:\Windows\System\sudMsDb.exe
  C:\Windows\System\sudMsDb.exe
  2⤵
  PID:13392
- C:\Windows\System\cabBSbG.exe
  C:\Windows\System\cabBSbG.exe
  2⤵
  PID:13420
- C:\Windows\System\BNboOVQ.exe
  C:\Windows\System\BNboOVQ.exe
  2⤵
  PID:13452
- C:\Windows\System\GEIvEiu.exe
  C:\Windows\System\GEIvEiu.exe
  2⤵
  PID:13488
- C:\Windows\System\rVIvfSf.exe
  C:\Windows\System\rVIvfSf.exe
  2⤵
  PID:13516
- C:\Windows\System\cHetNIs.exe
  C:\Windows\System\cHetNIs.exe
  2⤵
  PID:13544
- C:\Windows\System\NXjnECC.exe
  C:\Windows\System\NXjnECC.exe
  2⤵
  PID:13572
- C:\Windows\System\pqqSacg.exe
  C:\Windows\System\pqqSacg.exe
  2⤵
  PID:13600
- C:\Windows\System\pfZngWz.exe
  C:\Windows\System\pfZngWz.exe
  2⤵
  PID:13628
- C:\Windows\System\WSMvjin.exe
  C:\Windows\System\WSMvjin.exe
  2⤵
  PID:13656
- C:\Windows\System\JhDActi.exe
  C:\Windows\System\JhDActi.exe
  2⤵
  PID:13684
- C:\Windows\System\vUsNPpk.exe
  C:\Windows\System\vUsNPpk.exe
  2⤵
  PID:13724
- C:\Windows\System\hLiEQHp.exe
  C:\Windows\System\hLiEQHp.exe
  2⤵
  PID:13740
- C:\Windows\System\iRigWTS.exe
  C:\Windows\System\iRigWTS.exe
  2⤵
  PID:13768
- C:\Windows\System\HVuLfXK.exe
  C:\Windows\System\HVuLfXK.exe
  2⤵
  PID:13796
- C:\Windows\System\dmgiZET.exe
  C:\Windows\System\dmgiZET.exe
  2⤵
  PID:13824
- C:\Windows\System\JnXdMeJ.exe
  C:\Windows\System\JnXdMeJ.exe
  2⤵
  PID:13852
- C:\Windows\System\WLvFInd.exe
  C:\Windows\System\WLvFInd.exe
  2⤵
  PID:13880
- C:\Windows\System\jidMFBX.exe
  C:\Windows\System\jidMFBX.exe
  2⤵
  PID:13908
- C:\Windows\System\yUSxdTH.exe
  C:\Windows\System\yUSxdTH.exe
  2⤵
  PID:13936
- C:\Windows\System\npvItqs.exe
  C:\Windows\System\npvItqs.exe
  2⤵
  PID:13964
- C:\Windows\System\wUlZaNd.exe
  C:\Windows\System\wUlZaNd.exe
  2⤵
  PID:13992
- C:\Windows\System\jDROIkI.exe
  C:\Windows\System\jDROIkI.exe
  2⤵
  PID:14020
- C:\Windows\System\jAtTzlT.exe
  C:\Windows\System\jAtTzlT.exe
  2⤵
  PID:14048
- C:\Windows\System\bKvJsXc.exe
  C:\Windows\System\bKvJsXc.exe
  2⤵
  PID:14076
- C:\Windows\System\gzzeCPx.exe
  C:\Windows\System\gzzeCPx.exe
  2⤵
  PID:14104
- C:\Windows\System\neFmDRN.exe
  C:\Windows\System\neFmDRN.exe
  2⤵
  PID:14132
- C:\Windows\System\pRBUflI.exe
  C:\Windows\System\pRBUflI.exe
  2⤵
  PID:14164
- C:\Windows\System\QjECWec.exe
  C:\Windows\System\QjECWec.exe
  2⤵
  PID:14192
- C:\Windows\System\LAgwpdp.exe
  C:\Windows\System\LAgwpdp.exe
  2⤵
  PID:14220
- C:\Windows\System\aIRHJtb.exe
  C:\Windows\System\aIRHJtb.exe
  2⤵
  PID:14248
- C:\Windows\System\kVnYGOc.exe
  C:\Windows\System\kVnYGOc.exe
  2⤵
  PID:14276
- C:\Windows\System\kozVpCP.exe
  C:\Windows\System\kozVpCP.exe
  2⤵
  PID:14304
- C:\Windows\System\qESLTPA.exe
  C:\Windows\System\qESLTPA.exe
  2⤵
  PID:14332
- C:\Windows\System\QrbLZnK.exe
  C:\Windows\System\QrbLZnK.exe
  2⤵
  PID:13376
- C:\Windows\System\lzfnLkD.exe
  C:\Windows\System\lzfnLkD.exe
  2⤵
  PID:4420
- C:\Windows\System\zCWFoqE.exe
  C:\Windows\System\zCWFoqE.exe
  2⤵
  PID:13460
- C:\Windows\System\CbZTFkA.exe
  C:\Windows\System\CbZTFkA.exe
  2⤵
  PID:13540
- C:\Windows\System\XYbBwMV.exe
  C:\Windows\System\XYbBwMV.exe
  2⤵
  PID:13596
- C:\Windows\System\BmoCyjv.exe
  C:\Windows\System\BmoCyjv.exe
  2⤵
  PID:13676
- C:\Windows\System\EGbWSFX.exe
  C:\Windows\System\EGbWSFX.exe
  2⤵
  PID:1860
- C:\Windows\System\oGoCuaG.exe
  C:\Windows\System\oGoCuaG.exe
  2⤵
  PID:4796
- C:\Windows\System\hszxYKp.exe
  C:\Windows\System\hszxYKp.exe
  2⤵
  PID:3204
- C:\Windows\System\ovaYnOP.exe
  C:\Windows\System\ovaYnOP.exe
  2⤵
  PID:13872
- C:\Windows\System\QGucQuL.exe
  C:\Windows\System\QGucQuL.exe
  2⤵
  PID:3816
- C:\Windows\System\fsODxnn.exe
  C:\Windows\System\fsODxnn.exe
  2⤵
  PID:2792
- C:\Windows\System\QClAEED.exe
  C:\Windows\System\QClAEED.exe
  2⤵
  PID:13988
- C:\Windows\System\OXqBOsr.exe
  C:\Windows\System\OXqBOsr.exe
  2⤵
  PID:1856
- C:\Windows\System\EBuoQOd.exe
  C:\Windows\System\EBuoQOd.exe
  2⤵
  PID:14068
- C:\Windows\System\CAkpzMf.exe
  C:\Windows\System\CAkpzMf.exe
  2⤵
  PID:14116
- C:\Windows\System\uVKRfKc.exe
  C:\Windows\System\uVKRfKc.exe
  2⤵
  PID:3244
- C:\Windows\System\tJsvLqd.exe
  C:\Windows\System\tJsvLqd.exe
  2⤵
  PID:14188
- C:\Windows\System\MAspXLF.exe
  C:\Windows\System\MAspXLF.exe
  2⤵
  PID:1816
- C:\Windows\System\vlvQaco.exe
  C:\Windows\System\vlvQaco.exe
  2⤵
  PID:3056
- C:\Windows\System\qsgDEJv.exe
  C:\Windows\System\qsgDEJv.exe
  2⤵
  PID:14316
- C:\Windows\System\RhexsDS.exe
  C:\Windows\System\RhexsDS.exe
  2⤵
  PID:13360
- C:\Windows\System\blWPmru.exe
  C:\Windows\System\blWPmru.exe
  2⤵
  PID:2064
- C:\Windows\System\OCyZYNQ.exe
  C:\Windows\System\OCyZYNQ.exe
  2⤵
  PID:13528
- C:\Windows\System\chwEEhI.exe
  C:\Windows\System\chwEEhI.exe
  2⤵
  PID:13624
- C:\Windows\System\HhnbKBw.exe
  C:\Windows\System\HhnbKBw.exe
  2⤵
  PID:13720
- C:\Windows\System\MUqkPxH.exe
  C:\Windows\System\MUqkPxH.exe
  2⤵
  PID:3380
- C:\Windows\System\RJamUle.exe
  C:\Windows\System\RJamUle.exe
  2⤵
  PID:3660
- C:\Windows\System\DqGkobT.exe
  C:\Windows\System\DqGkobT.exe
  2⤵
  PID:13820
- C:\Windows\System\pkPOrgf.exe
  C:\Windows\System\pkPOrgf.exe
  2⤵
  PID:1908
- C:\Windows\System\rexsoAE.exe
  C:\Windows\System\rexsoAE.exe
  2⤵
  PID:4064
- C:\Windows\System\ETdYHMI.exe
  C:\Windows\System\ETdYHMI.exe
  2⤵
  PID:13900
- C:\Windows\System\WGgEGbv.exe
  C:\Windows\System\WGgEGbv.exe
  2⤵
  PID:4968
- C:\Windows\System\NMiobtj.exe
  C:\Windows\System\NMiobtj.exe
  2⤵
  PID:14044
- C:\Windows\System\DVzfwxS.exe
  C:\Windows\System\DVzfwxS.exe
  2⤵
  PID:2184
- C:\Windows\System\tMIeaUL.exe
  C:\Windows\System\tMIeaUL.exe
  2⤵
  PID:14184
- C:\Windows\System\lEoQvKM.exe
  C:\Windows\System\lEoQvKM.exe
  2⤵
  PID:2672
- C:\Windows\System\OTRLauU.exe
  C:\Windows\System\OTRLauU.exe
  2⤵
  PID:14296
- C:\Windows\System\yqrvRtY.exe
  C:\Windows\System\yqrvRtY.exe
  2⤵
  PID:4184
- C:\Windows\System\BSeyDQc.exe
  C:\Windows\System\BSeyDQc.exe
  2⤵
  PID:1008
- C:\Windows\System\DbXYEHv.exe
  C:\Windows\System\DbXYEHv.exe
  2⤵
  PID:5072
- C:\Windows\System\gVRvLfR.exe
  C:\Windows\System\gVRvLfR.exe
  2⤵
  PID:4576
- C:\Windows\System\sloYriL.exe
  C:\Windows\System\sloYriL.exe
  2⤵
  PID:224
- C:\Windows\System\AuonDOa.exe
  C:\Windows\System\AuonDOa.exe
  2⤵
  PID:13848
- C:\Windows\System\AVhAeJG.exe
  C:\Windows\System\AVhAeJG.exe
  2⤵
  PID:3556
- C:\Windows\System\dSNqzLu.exe
  C:\Windows\System\dSNqzLu.exe
  2⤵
  PID:3628
- C:\Windows\System\csEmeID.exe
  C:\Windows\System\csEmeID.exe
  2⤵
  PID:1184
- C:\Windows\System\FVPpvlM.exe
  C:\Windows\System\FVPpvlM.exe
  2⤵
  PID:4368
- C:\Windows\System\dnlWMgd.exe
  C:\Windows\System\dnlWMgd.exe
  2⤵
  PID:14156
- C:\Windows\System\obledew.exe
  C:\Windows\System\obledew.exe
  2⤵
  PID:4320
- C:\Windows\System\ABehCCF.exe
  C:\Windows\System\ABehCCF.exe
  2⤵
  PID:2716
- C:\Windows\System\ZcRiBtc.exe
  C:\Windows\System\ZcRiBtc.exe
  2⤵
  PID:3868
- C:\Windows\System\JjzXPvI.exe
  C:\Windows\System\JjzXPvI.exe
  2⤵
  PID:1336
- C:\Windows\System\edFasUZ.exe
  C:\Windows\System\edFasUZ.exe
  2⤵
  PID:2476
- C:\Windows\System\tfYYIfW.exe
  C:\Windows\System\tfYYIfW.exe
  2⤵
  PID:13592
- C:\Windows\System\OoClnyu.exe
  C:\Windows\System\OoClnyu.exe
  2⤵
  PID:4676
- C:\Windows\System\ZjIeebT.exe
  C:\Windows\System\ZjIeebT.exe
  2⤵
  PID:4284
- C:\Windows\System\GHYBhkS.exe
  C:\Windows\System\GHYBhkS.exe
  2⤵
  PID:5280
- C:\Windows\System\gOGtCup.exe
  C:\Windows\System\gOGtCup.exe
  2⤵
  PID:5300
- C:\Windows\System\MTYrQaR.exe
  C:\Windows\System\MTYrQaR.exe
  2⤵
  PID:4540
- C:\Windows\System\DWOYGmx.exe
  C:\Windows\System\DWOYGmx.exe
  2⤵
  PID:1952
- C:\Windows\System\HrKrXMv.exe
  C:\Windows\System\HrKrXMv.exe
  2⤵
  PID:5424
- C:\Windows\System\xgUjsbj.exe
  C:\Windows\System\xgUjsbj.exe
  2⤵
  PID:5164
- C:\Windows\System\CMOnWMt.exe
  C:\Windows\System\CMOnWMt.exe
  2⤵
  PID:4992
- C:\Windows\System\OKFTXZM.exe
  C:\Windows\System\OKFTXZM.exe
  2⤵
  PID:13752
- C:\Windows\System\MQxgjZh.exe
  C:\Windows\System\MQxgjZh.exe
  2⤵
  PID:5564
- C:\Windows\System\nMnZXYE.exe
  C:\Windows\System\nMnZXYE.exe
  2⤵
  PID:5328
- C:\Windows\System\hgyPmOr.exe
  C:\Windows\System\hgyPmOr.exe
  2⤵
  PID:5384
- C:\Windows\System\ZcigWdq.exe
  C:\Windows\System\ZcigWdq.exe
  2⤵
  PID:5720
- C:\Windows\System\cvuyuND.exe
  C:\Windows\System\cvuyuND.exe
  2⤵
  PID:5184
- C:\Windows\System\UvBdLBF.exe
  C:\Windows\System\UvBdLBF.exe
  2⤵
  PID:5308
- C:\Windows\System\bwignTT.exe
  C:\Windows\System\bwignTT.exe
  2⤵
  PID:3616
- C:\Windows\System\qXrYINW.exe
  C:\Windows\System\qXrYINW.exe
  2⤵
  PID:5940
- C:\Windows\System\PfVQxQz.exe
  C:\Windows\System\PfVQxQz.exe
  2⤵
  PID:2632
- C:\Windows\System\pUHSPeB.exe
  C:\Windows\System\pUHSPeB.exe
  2⤵
  PID:5468
- C:\Windows\System\uHZYkhK.exe
  C:\Windows\System\uHZYkhK.exe
  2⤵
  PID:6040
- C:\Windows\System\gboxTFo.exe
  C:\Windows\System\gboxTFo.exe
  2⤵
  PID:6012
- C:\Windows\System\ChFZOTU.exe
  C:\Windows\System\ChFZOTU.exe
  2⤵
  PID:5916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AuuQXiu.exe

Filesize
6.0MB

MD5
4fe9204458a8de5067b8fecba9dced5a

SHA1
e38d2b9ca5ac9010270c8b5614ff6a9601fc8d4c

SHA256
6662f68effa83a51f6600e682c53ce436d6cac267e98d37902cd126f57e33708

SHA512
a9d95bd36c206baa6c89f8b127e62175cd92d889c8f69bcb36add22ab0eb4b037991629fa563e8bd9e74575c2cba9cc437e2d5232f0a2a2a80debba62bca0bb4

Download Submit
C:\Windows\System\BSSMJIc.exe

Filesize
6.0MB

MD5
44ea3f9d2425c3dfa5417b0ceb36f398

SHA1
42e220e10834d4f0c090059302f2487806dad5c4

SHA256
cb60359207ee76215872dbbff11d44bc848a456356828f63076dfd748e4005fc

SHA512
36535785c2afeee753a0f54e07220d6013e2128f0777aca418fa5143d796a95f0488ba83c85454d45b1cd2f001a7a89fc1c5f44634b0a51e10bf4df1d3b5eafa

Download Submit
C:\Windows\System\DYXRTgz.exe

Filesize
6.0MB

MD5
d3a631c7551a9a8370926775788d55e3

SHA1
8e121b23af2d906a9e9557e544ff8fe809688437

SHA256
628d1aea7cfa9d761580552d15700275de3d985004555612f9b30cb3ba9cf4d1

SHA512
c85e8e7d348839fa6d636fb74f12d5e835a795c115160dbf5b91e11e6b6f32a59fb4812360ce85bc9b5b916f451bebe3c89c95fe46576c5747d830c70551a46f

Download Submit
C:\Windows\System\FYEzjSH.exe

Filesize
6.0MB

MD5
b8fc970f7199f155382c006a95094920

SHA1
face17913791ed5235c386718eff3e6e1fe90e23

SHA256
eacc815ddae843337319338641f711433c3f606f588df22960d0c9cff5fe91ee

SHA512
a0ed3c05da8313ad8278df7ba4c93e89b3da6d2e63cb79324b81f65bc7d27b4b81b1e3568ad7eea6365949599a487cfdbcc8b08a87ba4b3f83f7602d744c67bc

Download Submit
C:\Windows\System\HBryYdq.exe

Filesize
6.0MB

MD5
4a6630d352b7336b5a3def968eb51dc1

SHA1
62268f5ac97bb2027a9cedc4000b6216c5a4aeb5

SHA256
ec4a4246b112ac76ff59530022e4b70301fff5f9fa0c0554dc720b8ace469853

SHA512
3f4787dde1951404f87d70484417efadc5afca6ee3cdb351b7d4e0d2b8cc9f5c5d4743b074cc44a5ede0768d07cba04c7f6f3736f872471a03d3c177a448d644

Download Submit
C:\Windows\System\HhEVfiA.exe

Filesize
6.0MB

MD5
85693b0db53baaa62b28227716ce7c60

SHA1
00a08f8096542dc17009b47f66a4d8b6722088ac

SHA256
3deff4ed762509e2d635f76b2023dcccc60c90b65ab1bad27aebbf09b25286a9

SHA512
f42de6c901403d8b37f9d903c9f0f349a1b5766c19ac19cf88990b950bc8eb88422784fcf216287487a44ff79100c24d76f935a0e715cce099519fcd23d5a202

Download Submit
C:\Windows\System\IMmPhuM.exe

Filesize
6.0MB

MD5
8cf029985f355f65c464ff8ad675ad96

SHA1
150ccb8a1da55ff17e37ee8594c03ba057b38781

SHA256
b101d25a545c19bbc7966e6158a3beb74661d3aefdbbe75f328e6cfe84c83d0e

SHA512
bfbb3d75245acd82a4c27f260f10ac7698b651f64597da573c443729381d54167311d4024141657178ad6748d43bea47bad9fa389b3b0a99777ff3e89df117f7

Download Submit
C:\Windows\System\NbhcLmz.exe

Filesize
6.0MB

MD5
cbe2ff26c9ffcaea8ca4e32adc794def

SHA1
a4621b72ea7980b034b24e6554bfa72d013d064f

SHA256
d1d3ad742d6b92b18541115460e855195ffd2e8494134b440132a514f13555ed

SHA512
232713ee1d382d4295f4edcf708bb687c0fee51ff3eda60041b9d1f35a6cae07bd77737ad252356ee9feefeb45a797291e21d6ebd99d7bb8a5cc5cc23ccf9a69

Download Submit
C:\Windows\System\QVKhFVD.exe

Filesize
6.0MB

MD5
45a13f73fc4a5386909e6a8e84505f40

SHA1
87a90e4fbdba273fc324c9ec49a5dc6b82fec1f3

SHA256
db4141e9815849fb5236e7e4ac87736eb66198759f720d0c30a07e284f59d854

SHA512
c46764c469d6768beb6fb18dfa9677a1df40abe3f2ee0809ed2ac109f8dd46c3001f9f5e85426ecc90e93bbf2532d6e187302210bf777222f8bb983ebc7f1fb4

Download Submit
C:\Windows\System\QbRLdTP.exe

Filesize
6.0MB

MD5
73a0c7feefcc88ae3ceafee7d5e3e51c

SHA1
cb98111754552865c049a931ac47d9f2c4f5dd26

SHA256
6116b1ea44e47237c63d0f4ae6970a68d4a740555626cd0350610517d02028f6

SHA512
2642fef158aa6360aee408cb95028dd341b4515b2aa48098bce764be8dd18c0df115c63d36bd1f0e00250ec36ef6dd68f4a7368c1319404510f2fbb97b2abe61

Download Submit
C:\Windows\System\SUAsGQp.exe

Filesize
6.0MB

MD5
1f4f826c741e5817d1d34a9642183ee6

SHA1
7ea3bfceed1a7116bcc190ca609a3f2c57bdd39a

SHA256
c2b72f4ab84cd24392d70b736c3ef3b28c1c1e9fd25552a2bda53c8e9c49487f

SHA512
ba55f24a8b3febdefa04722be5e17fefb5943910c1b0c05cf5075388cda968c6a4de107926f05eaf88e7e7cf92e89fa7f50194cee577d8c215d1aa996aed6f4b

Download Submit
C:\Windows\System\UksqYrm.exe

Filesize
6.0MB

MD5
f6bc464c285c61590b0ce0265719301f

SHA1
57fe5ee8b7e053c9ae07fe8261d8d7857bdd35e8

SHA256
8420bca749003383b356b9f6eeced4e84f3568cfb16a345ea3bbaa3b92231d39

SHA512
6d0a155571b2444b6c38c4139063f2af3db122a9cb3ee1d68a1ed9df9b573cff4b3a5150eeb4c3c0742d7440ae24e713c14e1ec8313cdf76e427986abdee78c0

Download Submit
C:\Windows\System\VJOvMkz.exe

Filesize
6.0MB

MD5
4a75cc3c23b13c93a1ba9cc0b368590a

SHA1
d03e5904c1942738b68db2ea2565f1aa240f8484

SHA256
fccba313f6b9bca7554924f172181abe380a83114b519b5cf80d5df1dd4a535d

SHA512
ca601a8d6e502778608cb95edd5b6a6591a89bf5d9773305a15fb7fe86d6df96b3fc72fe83b84ef63e7a9f5d76021ae87990d4cdf14a0b102c81bbe2d03ebb6b

Download Submit
C:\Windows\System\VRZpEPC.exe

Filesize
6.0MB

MD5
19773a43518d5d773d96b9eaa7fb7c29

SHA1
7e504143e8dc600557ae7e69d1f360f1f9f06175

SHA256
2ccc89406c653d9b40e65c0ad445903e35cda92b468c352ccac0b3b8817f0768

SHA512
8a30a471aab37a89f971b6b7a154beffc4c10b7cdf54550fe06f0ba5ec5ed860f00a3ea81aacf788cd23f6250b38d850fd92092d28732cd16a800602708b5989

Download Submit
C:\Windows\System\VwrAhUA.exe

Filesize
6.0MB

MD5
d0341bbb8726ba4589c41e39d90a23ba

SHA1
240b7fd6428291f50b0896559e8162e5bcdd44c1

SHA256
f9b83693098abe25be2e276da17d3ea0e2a0c0ef1f991cf0f9f4b5d49b40c97b

SHA512
83e513d1b527b962e48abfeba5a8e73d4bf4653f4ec75e8bb830b7fcea3e9b7a3b2a9eec9c41066e73b234a2e5e434e5b7d9430dcf21be468020b7f1e7fe16d1

Download Submit
C:\Windows\System\VzeqAZo.exe

Filesize
6.0MB

MD5
b1e378c1f32d4073a77b3c75aa25c2ad

SHA1
c0bc201d377bb6496b677365e574492bb53bb095

SHA256
f5494c0a870034d47338995a347c0c0ef00c16535611e45809dab64391df00b0

SHA512
0fd3a9be87287d9c146163b93b619efeaa1ff5ea9de9cafeca196a05efc0f985aed18bd1c0fa11c569ace6dc01e324a624641b754600f5f5f61b6be04ea537a3

Download Submit
C:\Windows\System\WeZirzg.exe

Filesize
6.0MB

MD5
cede3debb5d50f8fa26c391cba68bd16

SHA1
51d14bb737ea2c57b432593d983531407122d6ec

SHA256
8f45f4aa35cd982f4e8687f557bd70133aa7bb4bc8cd3e0d2420788ba9244971

SHA512
e1cafcef3cac802ffca71f09b98c2f64ac40ad3efe13180fbd9249e3d0794f54444d765037e155a9eea087eb917010083db30aa4bb7eae3ac3394f58d792a7a3

Download Submit
C:\Windows\System\XTqAVrN.exe

Filesize
6.0MB

MD5
7ae7d51a2bfb0109423a88e0e0e24111

SHA1
a5c8b4efa7dd464aa92f53da5a526b11b550bb01

SHA256
66689b0515cb0e69ea752f54bcb246f35029c3950e0e25cc0402119d34ad92f7

SHA512
938f6c8a9b1309d490e508be06a22b640e23b4b472e1b86be54b712f773895aedca94cf319cb9029d71582d8e1a7b4a48fe186e6498966928fa69a5bae5f672a

Download Submit
C:\Windows\System\aDwNyyq.exe

Filesize
6.0MB

MD5
32571fa7e320cb7a7e9018e8a2b1663d

SHA1
30efbb5a6681e4803d31954e694fa5f012c0df60

SHA256
7cf7a27b39cdee02169ac4375e58507b9edb3121ece4e58be2ed9540d33eae2a

SHA512
d4412411916ed720ef0f585ca7f6c85f05c9d155d6319619268dd514b8be26999636d3ce24e948b8c7c00132986628f2a1fc32f4d5d51ce904aeb5b65688981a

Download Submit
C:\Windows\System\dPEVHMS.exe

Filesize
6.0MB

MD5
076185cf9fa60a9a41f01288b241546a

SHA1
f56ab0b1f12980c5ba63365f22349b95e521762c

SHA256
df2ab9b35e7b692c940dd10e9ff644c18268a27f9c64e4d7a6b777020204445e

SHA512
c6d6bdd03e2f934aa4be37ab47c37ea40b486246431291ff22531748745a60d69f46c5b7b14f567c95128a434e1a10351c298557400c1dc9409efad0a3ab2860

Download Submit
C:\Windows\System\exQcxhK.exe

Filesize
6.0MB

MD5
c1677e807aa782ed311ecd5d29b29513

SHA1
d28225953e85bf7f33697e125abab0f86a17d371

SHA256
dedc6ccbd25dcceb9df183e44b235feecf1c19fa67199bfaad8047babbaa11a7

SHA512
9c953aad35c10f8c49cb8a6c8c1164438c1894b6dfb59898597c56c2e4332836e6eb66344e70c5ebd1f9db3b1ab005ab4f05f7f355361a19099be6d7622540e9

Download Submit
C:\Windows\System\fGGNpCH.exe

Filesize
6.0MB

MD5
0411e1b493d97119dd6b7c0733de9593

SHA1
a16a9add0341608e5bdbb428db64776bc5a2f0f2

SHA256
6668a115f805aeb2e7826b1793b9f59a46973b9c5302004954833b7a105e5cf1

SHA512
b776d035247dce08fb03daa7a6e8966d76996651b6106db215e4d3c2a60d851ed0a9a8045e79d16a896c9a357d05fe7e97b75a8f72f2e58c48caf9e5340fc19b

Download Submit
C:\Windows\System\heyNCIF.exe

Filesize
6.0MB

MD5
99c81d4b0ace77189d3d35b0b94c7c33

SHA1
40b59249ec595089c4487c39faf8f9c68d0e4679

SHA256
20033db5817c42c84741f2a6f05bfa4b4c561d64de8aa1f8e17f3b853fd75907

SHA512
c123ae2f2f269aeb34c9eb31c1697e1c087974cdfb801985a2506a7dbe61c00f7d985c796e2b25b54496154d50f0c3b6756d4111fd943b0b19e62ee99a055b48

Download Submit
C:\Windows\System\iFvcGDB.exe

Filesize
6.0MB

MD5
80c7e2968ce78a4e506ad73cd5daca18

SHA1
85e667dceeda112f8a4197bf9252b1d6f8b2fa63

SHA256
4fc3f415995748705dd83aeb49684c81f0260299c2591de9485b36a1e8beca16

SHA512
bafce7f6b7b56be1d8328cc72c1b5701dcf1bf6dac80ad6f2d33960bb1a83298f426e0d3c6cae90693e07797f25c378a26724c3ca83a089e721d8bacfe5498d5

Download Submit
C:\Windows\System\igfYmvD.exe

Filesize
6.0MB

MD5
564ba1ede77e4e3c49579c44efb36efe

SHA1
a660ac81ba17fed25a1e5488a89e952235a093d0

SHA256
f0a1850934e582c2733c5ac8c9dff2aaa63d4e56c64725577669f7c10ea54ef3

SHA512
4d4d31730d1e71720d25d0e308baabac7f1b6a589b689866c70912e657a465e08bf71f68d7dbb3751ba383840d98f335159e38617e8d20f326394c30a736a50f

Download Submit
C:\Windows\System\isUHPXj.exe

Filesize
6.0MB

MD5
96a4dcbf5a3806aa102cd389fb1b1531

SHA1
6df15e2c779825b7daeb0d5439b3d30080c0d285

SHA256
07b7d01c7100ddcd55f5d1dbc144dddc0dd39b82d25cf5b76d111aae58d310cb

SHA512
e2d61209d6e18055dbeb96d0aa4cb3f977fc71a384c23959ea536a3e8ab3c5f172423f27a1d390577b89304cb31e028d8fac119757d21347c43b3d76dc3e4eed

Download Submit
C:\Windows\System\nqtjDIA.exe

Filesize
6.0MB

MD5
d5f0bcae567b0626a371db1061fbacb7

SHA1
831561ba28f35dafcd83c17aea369eedcc1952de

SHA256
66076dfa8bb0baa8512012580e123c356e84d0f410abb4be8af15af1cecc2cd7

SHA512
09a617bf7f28b629279bf2284553d96299746b053cf0d7bc5ab4d468a59bd4b60532d0bd928587540e6d7cd9c92d298b05c5905278c389879f1a8289bd31b4ac

Download Submit
C:\Windows\System\qkYGRHH.exe

Filesize
6.0MB

MD5
e8fd19a9f21aa86e21e7b632ae17256b

SHA1
eb3b8f656d173dbf56bcd83f1efe6636d48a2556

SHA256
448f3b59f0d8e1c470bda61f66be5913fbddaa16a2e41f0c7ac091ebcecc4044

SHA512
7b635d542f30690815f4689e62bd808b030a6869ded434f251a2b9a02419c3ee9739eb7a29a748fb09e828f9d4992ce04086c8da513115a923d9e4ce2851412f

Download Submit
C:\Windows\System\vomgVEI.exe

Filesize
6.0MB

MD5
f0a2ea04c58f93fd85f5b2abbb10fe7f

SHA1
e91be0c933d314362aff57ad4d9839b988ffe80a

SHA256
775aeb5eda0081c4b36e56a2beba52aeca6040ab0773de9fe6d0146fd88c5fcc

SHA512
08a3cfe7d53b884a01aa31a099792226bf1b184753a99abfe8fa14901ff54ec1541a0e4a294837d0cd4e631781b6b5f3c95b4584a219eb102f45ea648f604750

Download Submit
C:\Windows\System\wzQhuNu.exe

Filesize
6.0MB

MD5
f1fc15686b87c1dab92b24b186b73c2a

SHA1
ab63c314a2dbb8dc8788bd6a89a26e6ffbb32a0e

SHA256
b3c61ad65b47c1451380a7ab5dfb4dab799106d4fd4089e2e2012c062069078a

SHA512
b1e71b5ae7467df20f81736ba0a36ba1a8dd3a0965620f939c32d66bfe789193627338b38c46d75a2c192f3802d1929c917821e66066824468b517b7b3d643b6

Download Submit
C:\Windows\System\xZzVHHf.exe

Filesize
6.0MB

MD5
365d22600a1aff891eabf77c2cb0aba1

SHA1
3f0c8e301bdf7ca6b59399826dd19adf14411bcb

SHA256
d0e03708399966413558b45313f2dffdbefd5b904f80e45794a3b4e35c59ed6f

SHA512
b1f77fd47ac1c2a384622e9b270931710d30c2abac4e69d8c1b66f1c0f0fcdc781c7cda03d2e5bd67dc594e5f2dd60abc3992da5ea2a6e070f84f23e757387d8

Download Submit
C:\Windows\System\zFuvTqP.exe

Filesize
6.0MB

MD5
66fa40bcced200b99f1942923596afa6

SHA1
03e8a148606dbfbf9fad1148c904e2c5d1d3c84a

SHA256
929bb90d3cf28ef6526234df1239f5f5dd42b7bf637eb6acf6dcd59a2bba099b

SHA512
783765dde4ffa186f23c6b24db5109bccd4e25f05c6333afb5b76fd12beb8f2e3e8d6258080654ad771f22588235b73b9c8ff048817eeb430759da5cabf93465

Download Submit
memory/540-57-0x00007FF7D7EE0000-0x00007FF7D8234000-memory.dmp

Filesize
3.3MB

Download
memory/540-1578-0x00007FF7D7EE0000-0x00007FF7D8234000-memory.dmp

Filesize
3.3MB

Download
memory/928-99-0x00007FF7F2F90000-0x00007FF7F32E4000-memory.dmp

Filesize
3.3MB

Download
memory/928-1945-0x00007FF7F2F90000-0x00007FF7F32E4000-memory.dmp

Filesize
3.3MB

Download
memory/968-0-0x00007FF7727E0000-0x00007FF772B34000-memory.dmp

Filesize
3.3MB

Download
memory/968-1-0x000001F96FB60000-0x000001F96FB70000-memory.dmp

Filesize
64KB

Download
memory/968-54-0x00007FF7727E0000-0x00007FF772B34000-memory.dmp

Filesize
3.3MB

Download
memory/1052-175-0x00007FF674710000-0x00007FF674A64000-memory.dmp

Filesize
3.3MB

Download
memory/1052-2196-0x00007FF674710000-0x00007FF674A64000-memory.dmp

Filesize
3.3MB

Download
memory/1052-477-0x00007FF674710000-0x00007FF674A64000-memory.dmp

Filesize
3.3MB

Download
memory/1600-367-0x00007FF638E00000-0x00007FF639154000-memory.dmp

Filesize
3.3MB

Download
memory/1600-2189-0x00007FF638E00000-0x00007FF639154000-memory.dmp

Filesize
3.3MB

Download
memory/1600-162-0x00007FF638E00000-0x00007FF639154000-memory.dmp

Filesize
3.3MB

Download
memory/1616-1342-0x00007FF71CC30000-0x00007FF71CF84000-memory.dmp

Filesize
3.3MB

Download
memory/1616-71-0x00007FF71CC30000-0x00007FF71CF84000-memory.dmp

Filesize
3.3MB

Download
memory/1616-18-0x00007FF71CC30000-0x00007FF71CF84000-memory.dmp

Filesize
3.3MB

Download
memory/1884-105-0x00007FF6BBBF0000-0x00007FF6BBF44000-memory.dmp

Filesize
3.3MB

Download
memory/1884-158-0x00007FF6BBBF0000-0x00007FF6BBF44000-memory.dmp

Filesize
3.3MB

Download
memory/1884-1987-0x00007FF6BBBF0000-0x00007FF6BBF44000-memory.dmp

Filesize
3.3MB

Download
memory/2192-1946-0x00007FF669AD0000-0x00007FF669E24000-memory.dmp

Filesize
3.3MB

Download
memory/2192-90-0x00007FF669AD0000-0x00007FF669E24000-memory.dmp

Filesize
3.3MB

Download
memory/2192-144-0x00007FF669AD0000-0x00007FF669E24000-memory.dmp

Filesize
3.3MB

Download
memory/2288-58-0x00007FF773060000-0x00007FF7733B4000-memory.dmp

Filesize
3.3MB

Download
memory/2288-1330-0x00007FF773060000-0x00007FF7733B4000-memory.dmp

Filesize
3.3MB

Download
memory/2288-6-0x00007FF773060000-0x00007FF7733B4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-149-0x00007FF6AB9F0000-0x00007FF6ABD44000-memory.dmp

Filesize
3.3MB

Download
memory/2364-2174-0x00007FF6AB9F0000-0x00007FF6ABD44000-memory.dmp

Filesize
3.3MB

Download
memory/2364-202-0x00007FF6AB9F0000-0x00007FF6ABD44000-memory.dmp

Filesize
3.3MB

Download
memory/2448-128-0x00007FF789680000-0x00007FF7899D4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-1787-0x00007FF789680000-0x00007FF7899D4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-77-0x00007FF789680000-0x00007FF7899D4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-98-0x00007FF6D9470000-0x00007FF6D97C4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-1576-0x00007FF6D9470000-0x00007FF6D97C4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-43-0x00007FF6D9470000-0x00007FF6D97C4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-1419-0x00007FF6E2F00000-0x00007FF6E3254000-memory.dmp

Filesize
3.3MB

Download
memory/2880-38-0x00007FF6E2F00000-0x00007FF6E3254000-memory.dmp

Filesize
3.3MB

Download
memory/2880-89-0x00007FF6E2F00000-0x00007FF6E3254000-memory.dmp

Filesize
3.3MB

Download
memory/2984-116-0x00007FF763550000-0x00007FF7638A4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-2101-0x00007FF763550000-0x00007FF7638A4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-174-0x00007FF763550000-0x00007FF7638A4000-memory.dmp

Filesize
3.3MB

Download
memory/3172-2108-0x00007FF7397D0000-0x00007FF739B24000-memory.dmp

Filesize
3.3MB

Download
memory/3172-190-0x00007FF7397D0000-0x00007FF739B24000-memory.dmp

Filesize
3.3MB

Download
memory/3172-129-0x00007FF7397D0000-0x00007FF739B24000-memory.dmp

Filesize
3.3MB

Download
memory/3196-152-0x00007FF6E8150000-0x00007FF6E84A4000-memory.dmp

Filesize
3.3MB

Download
memory/3196-2181-0x00007FF6E8150000-0x00007FF6E84A4000-memory.dmp

Filesize
3.3MB

Download
memory/3196-208-0x00007FF6E8150000-0x00007FF6E84A4000-memory.dmp

Filesize
3.3MB

Download
memory/3456-651-0x00007FF643840000-0x00007FF643B94000-memory.dmp

Filesize
3.3MB

Download
memory/3456-191-0x00007FF643840000-0x00007FF643B94000-memory.dmp

Filesize
3.3MB

Download
memory/3468-419-0x00007FF75F0E0000-0x00007FF75F434000-memory.dmp

Filesize
3.3MB

Download
memory/3468-2191-0x00007FF75F0E0000-0x00007FF75F434000-memory.dmp

Filesize
3.3MB

Download
memory/3468-169-0x00007FF75F0E0000-0x00007FF75F434000-memory.dmp

Filesize
3.3MB

Download
memory/3504-168-0x00007FF705EF0000-0x00007FF706244000-memory.dmp

Filesize
3.3MB

Download
memory/3504-110-0x00007FF705EF0000-0x00007FF706244000-memory.dmp

Filesize
3.3MB

Download
memory/3504-1990-0x00007FF705EF0000-0x00007FF706244000-memory.dmp

Filesize
3.3MB

Download
memory/3636-140-0x00007FF7F2250000-0x00007FF7F25A4000-memory.dmp

Filesize
3.3MB

Download
memory/3636-2106-0x00007FF7F2250000-0x00007FF7F25A4000-memory.dmp

Filesize
3.3MB

Download
memory/3696-48-0x00007FF7DC450000-0x00007FF7DC7A4000-memory.dmp

Filesize
3.3MB

Download
memory/3696-1577-0x00007FF7DC450000-0x00007FF7DC7A4000-memory.dmp

Filesize
3.3MB

Download
memory/3696-104-0x00007FF7DC450000-0x00007FF7DC7A4000-memory.dmp

Filesize
3.3MB

Download
memory/4044-1794-0x00007FF606600000-0x00007FF606954000-memory.dmp

Filesize
3.3MB

Download
memory/4044-134-0x00007FF606600000-0x00007FF606954000-memory.dmp

Filesize
3.3MB

Download
memory/4044-84-0x00007FF606600000-0x00007FF606954000-memory.dmp

Filesize
3.3MB

Download
memory/4108-72-0x00007FF6225F0000-0x00007FF622944000-memory.dmp

Filesize
3.3MB

Download
memory/4108-1741-0x00007FF6225F0000-0x00007FF622944000-memory.dmp

Filesize
3.3MB

Download
memory/4300-186-0x00007FF67BC00000-0x00007FF67BF54000-memory.dmp

Filesize
3.3MB

Download
memory/4600-2184-0x00007FF77F480000-0x00007FF77F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/4600-153-0x00007FF77F480000-0x00007FF77F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/4600-306-0x00007FF77F480000-0x00007FF77F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/4628-29-0x00007FF6D2AD0000-0x00007FF6D2E24000-memory.dmp

Filesize
3.3MB

Download
memory/4628-1410-0x00007FF6D2AD0000-0x00007FF6D2E24000-memory.dmp

Filesize
3.3MB

Download
memory/4700-14-0x00007FF7DAE00000-0x00007FF7DB154000-memory.dmp

Filesize
3.3MB

Download
memory/4700-64-0x00007FF7DAE00000-0x00007FF7DB154000-memory.dmp

Filesize
3.3MB

Download
memory/4700-1338-0x00007FF7DAE00000-0x00007FF7DB154000-memory.dmp

Filesize
3.3MB

Download
memory/4804-65-0x00007FF71DA30000-0x00007FF71DD84000-memory.dmp

Filesize
3.3MB

Download
memory/4804-1716-0x00007FF71DA30000-0x00007FF71DD84000-memory.dmp

Filesize
3.3MB

Download
memory/4920-2103-0x00007FF6AFF30000-0x00007FF6B0284000-memory.dmp

Filesize
3.3MB

Download
memory/4920-124-0x00007FF6AFF30000-0x00007FF6B0284000-memory.dmp

Filesize
3.3MB

Download
memory/4996-32-0x00007FF78EA10000-0x00007FF78ED64000-memory.dmp

Filesize
3.3MB

Download
memory/4996-76-0x00007FF78EA10000-0x00007FF78ED64000-memory.dmp

Filesize
3.3MB

Download
memory/4996-1418-0x00007FF78EA10000-0x00007FF78ED64000-memory.dmp

Filesize
3.3MB

Download