cobaltstrike | e88ec2d71d774a39800b017bde0bce3f5215b8c00e081b149e6ed0fb620956ee

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
03/05/2024, 11:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

01e0d2d212c97dd149ed9d29d304d696
SHA1

075465b35397d0c8c26a7900e9276770d63eec6b
SHA256

e88ec2d71d774a39800b017bde0bce3f5215b8c00e081b149e6ed0fb620956ee
SHA512

a3090cbb00776d3b30bc13faeb7097731fbce9066a4254c29a1a95ca693c95f0bcc21a9cbacbb2cf3420b46430009cea6d4dd6d2bd20c650e46e887f47fe5355
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUF:eOl56utgpPF8u/7F

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001228a-3.dat	cobalt_reflective_dll
behavioral1/files/0x0037000000015c9b-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015cd8-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ced-25.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015cf5-29.dat	cobalt_reflective_dll
behavioral1/files/0x0038000000015ca9-38.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016a3a-60.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c5b-82.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d10-115.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d46-145.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000171ad-190.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001708c-185.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016fa9-180.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d7d-175.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d79-170.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d73-165.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d5f-160.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d57-155.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4f-150.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d3e-140.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d36-135.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d2d-130.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d21-125.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d19-120.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d01-110.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cf2-105.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ccd-97.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ca1-89.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c57-75.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c3a-67.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d02-42.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d1e-51.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects Reflective DLL injection artifacts 32 IoCs

resource	yara_rule
behavioral1/files/0x000c00000001228a-3.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0037000000015c9b-9.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0008000000015cd8-11.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0007000000015ced-25.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0007000000015cf5-29.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0038000000015ca9-38.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0007000000016a3a-60.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000016c5b-82.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000016d10-115.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000016d46-145.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x00060000000171ad-190.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x000600000001708c-185.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000016fa9-180.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000016d7d-175.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000016d79-170.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000016d73-165.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000016d5f-160.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000016d57-155.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000016d4f-150.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000016d3e-140.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000016d36-135.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000016d2d-130.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000016d21-125.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000016d19-120.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000016d01-110.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000016cf2-105.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000016ccd-97.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000016ca1-89.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000016c57-75.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000016c3a-67.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0007000000015d02-42.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0009000000015d1e-51.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral1/memory/3028-0-0x000000013F750000-0x000000013FAA4000-memory.dmp	UPX
behavioral1/files/0x000c00000001228a-3.dat	UPX
behavioral1/memory/2780-7-0x000000013F550000-0x000000013F8A4000-memory.dmp	UPX
behavioral1/files/0x0037000000015c9b-9.dat	UPX
behavioral1/memory/2980-13-0x000000013F280000-0x000000013F5D4000-memory.dmp	UPX
behavioral1/files/0x0008000000015cd8-11.dat	UPX
behavioral1/memory/2612-21-0x000000013F480000-0x000000013F7D4000-memory.dmp	UPX
behavioral1/files/0x0007000000015ced-25.dat	UPX
behavioral1/memory/2744-28-0x000000013F770000-0x000000013FAC4000-memory.dmp	UPX
behavioral1/files/0x0007000000015cf5-29.dat	UPX
behavioral1/files/0x0038000000015ca9-38.dat	UPX
behavioral1/memory/2804-41-0x000000013F830000-0x000000013FB84000-memory.dmp	UPX
behavioral1/memory/3028-50-0x000000013F750000-0x000000013FAA4000-memory.dmp	UPX
behavioral1/memory/2576-57-0x000000013FDA0000-0x00000001400F4000-memory.dmp	UPX
behavioral1/files/0x0007000000016a3a-60.dat	UPX
behavioral1/memory/2920-71-0x000000013F2D0000-0x000000013F624000-memory.dmp	UPX
behavioral1/files/0x0006000000016c5b-82.dat	UPX
behavioral1/memory/1628-85-0x000000013FF10000-0x0000000140264000-memory.dmp	UPX
behavioral1/files/0x0006000000016d10-115.dat	UPX
behavioral1/files/0x0006000000016d46-145.dat	UPX
behavioral1/memory/1696-909-0x000000013F860000-0x000000013FBB4000-memory.dmp	UPX
behavioral1/memory/2920-1172-0x000000013F2D0000-0x000000013F624000-memory.dmp	UPX
behavioral1/memory/2532-2133-0x000000013F910000-0x000000013FC64000-memory.dmp	UPX
behavioral1/memory/1628-1829-0x000000013FF10000-0x0000000140264000-memory.dmp	UPX
behavioral1/memory/2352-1509-0x000000013F0F0000-0x000000013F444000-memory.dmp	UPX
behavioral1/memory/2576-716-0x000000013FDA0000-0x00000001400F4000-memory.dmp	UPX
behavioral1/files/0x00060000000171ad-190.dat	UPX
behavioral1/files/0x000600000001708c-185.dat	UPX
behavioral1/files/0x0006000000016fa9-180.dat	UPX
behavioral1/files/0x0006000000016d7d-175.dat	UPX
behavioral1/files/0x0006000000016d79-170.dat	UPX
behavioral1/files/0x0006000000016d73-165.dat	UPX
behavioral1/files/0x0006000000016d5f-160.dat	UPX
behavioral1/files/0x0006000000016d57-155.dat	UPX
behavioral1/files/0x0006000000016d4f-150.dat	UPX
behavioral1/files/0x0006000000016d3e-140.dat	UPX
behavioral1/files/0x0006000000016d36-135.dat	UPX
behavioral1/files/0x0006000000016d2d-130.dat	UPX
behavioral1/files/0x0006000000016d21-125.dat	UPX
behavioral1/files/0x0006000000016d19-120.dat	UPX
behavioral1/files/0x0006000000016d01-110.dat	UPX
behavioral1/files/0x0006000000016cf2-105.dat	UPX
behavioral1/memory/1896-101-0x000000013F6B0000-0x000000013FA04000-memory.dmp	UPX
behavioral1/memory/2804-99-0x000000013F830000-0x000000013FB84000-memory.dmp	UPX
behavioral1/files/0x0006000000016ccd-97.dat	UPX
behavioral1/memory/2532-93-0x000000013F910000-0x000000013FC64000-memory.dmp	UPX
behavioral1/memory/2468-91-0x000000013F490000-0x000000013F7E4000-memory.dmp	UPX
behavioral1/files/0x0006000000016ca1-89.dat	UPX
behavioral1/memory/2352-78-0x000000013F0F0000-0x000000013F444000-memory.dmp	UPX
behavioral1/files/0x0006000000016c57-75.dat	UPX
behavioral1/memory/1696-62-0x000000013F860000-0x000000013FBB4000-memory.dmp	UPX
behavioral1/memory/2980-69-0x000000013F280000-0x000000013F5D4000-memory.dmp	UPX
behavioral1/files/0x0006000000016c3a-67.dat	UPX
behavioral1/memory/2780-56-0x000000013F550000-0x000000013F8A4000-memory.dmp	UPX
behavioral1/files/0x0007000000015d02-42.dat	UPX
behavioral1/memory/2464-54-0x000000013F890000-0x000000013FBE4000-memory.dmp	UPX
behavioral1/files/0x0009000000015d1e-51.dat	UPX
behavioral1/memory/2468-34-0x000000013F490000-0x000000013F7E4000-memory.dmp	UPX
behavioral1/memory/1896-2785-0x000000013F6B0000-0x000000013FA04000-memory.dmp	UPX
behavioral1/memory/2780-3865-0x000000013F550000-0x000000013F8A4000-memory.dmp	UPX
behavioral1/memory/2980-3869-0x000000013F280000-0x000000013F5D4000-memory.dmp	UPX
behavioral1/memory/2612-3878-0x000000013F480000-0x000000013F7D4000-memory.dmp	UPX
behavioral1/memory/2744-3880-0x000000013F770000-0x000000013FAC4000-memory.dmp	UPX
behavioral1/memory/2468-3913-0x000000013F490000-0x000000013F7E4000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/3028-0-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/files/0x000c00000001228a-3.dat	xmrig
behavioral1/memory/2780-7-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/files/0x0037000000015c9b-9.dat	xmrig
behavioral1/memory/2980-13-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015cd8-11.dat	xmrig
behavioral1/memory/2612-21-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015ced-25.dat	xmrig
behavioral1/memory/2744-28-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015cf5-29.dat	xmrig
behavioral1/files/0x0038000000015ca9-38.dat	xmrig
behavioral1/memory/2804-41-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/3028-50-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2576-57-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016a3a-60.dat	xmrig
behavioral1/memory/2920-71-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/files/0x0006000000016c5b-82.dat	xmrig
behavioral1/memory/1628-85-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d10-115.dat	xmrig
behavioral1/files/0x0006000000016d46-145.dat	xmrig
behavioral1/memory/1696-909-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2920-1172-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2532-2133-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/1628-1829-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2352-1509-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/3028-1171-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2576-716-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/files/0x00060000000171ad-190.dat	xmrig
behavioral1/files/0x000600000001708c-185.dat	xmrig
behavioral1/files/0x0006000000016fa9-180.dat	xmrig
behavioral1/files/0x0006000000016d7d-175.dat	xmrig
behavioral1/files/0x0006000000016d79-170.dat	xmrig
behavioral1/files/0x0006000000016d73-165.dat	xmrig
behavioral1/files/0x0006000000016d5f-160.dat	xmrig
behavioral1/files/0x0006000000016d57-155.dat	xmrig
behavioral1/files/0x0006000000016d4f-150.dat	xmrig
behavioral1/files/0x0006000000016d3e-140.dat	xmrig
behavioral1/files/0x0006000000016d36-135.dat	xmrig
behavioral1/files/0x0006000000016d2d-130.dat	xmrig
behavioral1/files/0x0006000000016d21-125.dat	xmrig
behavioral1/files/0x0006000000016d19-120.dat	xmrig
behavioral1/files/0x0006000000016d01-110.dat	xmrig
behavioral1/files/0x0006000000016cf2-105.dat	xmrig
behavioral1/memory/1896-101-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2804-99-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/files/0x0006000000016ccd-97.dat	xmrig
behavioral1/memory/2532-93-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2468-91-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016ca1-89.dat	xmrig
behavioral1/memory/2352-78-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/files/0x0006000000016c57-75.dat	xmrig
behavioral1/memory/1696-62-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2980-69-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016c3a-67.dat	xmrig
behavioral1/memory/2780-56-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015d02-42.dat	xmrig
behavioral1/memory/2464-54-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/files/0x0009000000015d1e-51.dat	xmrig
behavioral1/memory/2468-34-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/1896-2785-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2780-3865-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2980-3869-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2612-3878-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2744-3880-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2780	mIExvwc.exe
2980	EYGWBFP.exe
2612	RpWspng.exe
2744	JOjMnlM.exe
2468	UNJFlfd.exe
2804	JhjgZVH.exe
2464	IPVZLkd.exe
2576	PtZEqsi.exe
1696	xqDLVXZ.exe
2920	sNWxuDp.exe
2352	UPPgDlF.exe
1628	XBSngyI.exe
2532	LMnKhiX.exe
1896	jusmYuQ.exe
236	zxPwWhM.exe
1552	teGForc.exe
1196	WuASyga.exe
352	fuyTZsD.exe
2272	aRbPLsj.exe
1220	exkeArP.exe
1424	JIUweYP.exe
2788	NyobTmu.exe
2808	zruXfSr.exe
2900	TMsxyoc.exe
2088	KOYQrXL.exe
2212	anjFHie.exe
2184	znsnevm.exe
2280	vNBMPgT.exe
2228	SZTEISJ.exe
912	DylLSra.exe
1648	WLRTGqB.exe
556	uHpFoHJ.exe
300	EDCsUJX.exe
2432	ZoSTCsZ.exe
2308	FFWoEgf.exe
2972	SjGvrQt.exe
1640	ZMSCwSf.exe
2348	TlGRaXm.exe
2328	WNIdKqG.exe
1596	jxoECnu.exe
1680	JsBmLKq.exe
1568	yfwALVX.exe
768	qrgxXni.exe
3060	orniKRu.exe
1572	tfglvqC.exe
748	AHyaybN.exe
2296	vaUYgcE.exe
2040	acXmNDA.exe
2052	StEglMj.exe
2064	mJhEfVq.exe
1908	xynobwr.exe
2840	DAdkkOU.exe
1412	fTgrtxJ.exe
2952	ijEkiLo.exe
2188	FDkqoLy.exe
2960	sYiMiMk.exe
2892	fFCgNeF.exe
1508	wYykMRn.exe
1480	hjacNvm.exe
1208	NomjJKP.exe
2812	dnvHHHv.exe
2604	CaRNyGW.exe
2976	lxvyasn.exe
2476	MBIzGXE.exe

Loads dropped DLL 64 IoCs

pid	Process
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3028-0-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/files/0x000c00000001228a-3.dat	upx
behavioral1/memory/2780-7-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/files/0x0037000000015c9b-9.dat	upx
behavioral1/memory/2980-13-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/files/0x0008000000015cd8-11.dat	upx
behavioral1/memory/2612-21-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/files/0x0007000000015ced-25.dat	upx
behavioral1/memory/2744-28-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/files/0x0007000000015cf5-29.dat	upx
behavioral1/files/0x0038000000015ca9-38.dat	upx
behavioral1/memory/2804-41-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/3028-50-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2576-57-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/files/0x0007000000016a3a-60.dat	upx
behavioral1/memory/2920-71-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/files/0x0006000000016c5b-82.dat	upx
behavioral1/memory/1628-85-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/files/0x0006000000016d10-115.dat	upx
behavioral1/files/0x0006000000016d46-145.dat	upx
behavioral1/memory/1696-909-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2920-1172-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2532-2133-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/1628-1829-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/2352-1509-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2576-716-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/files/0x00060000000171ad-190.dat	upx
behavioral1/files/0x000600000001708c-185.dat	upx
behavioral1/files/0x0006000000016fa9-180.dat	upx
behavioral1/files/0x0006000000016d7d-175.dat	upx
behavioral1/files/0x0006000000016d79-170.dat	upx
behavioral1/files/0x0006000000016d73-165.dat	upx
behavioral1/files/0x0006000000016d5f-160.dat	upx
behavioral1/files/0x0006000000016d57-155.dat	upx
behavioral1/files/0x0006000000016d4f-150.dat	upx
behavioral1/files/0x0006000000016d3e-140.dat	upx
behavioral1/files/0x0006000000016d36-135.dat	upx
behavioral1/files/0x0006000000016d2d-130.dat	upx
behavioral1/files/0x0006000000016d21-125.dat	upx
behavioral1/files/0x0006000000016d19-120.dat	upx
behavioral1/files/0x0006000000016d01-110.dat	upx
behavioral1/files/0x0006000000016cf2-105.dat	upx
behavioral1/memory/1896-101-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2804-99-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/files/0x0006000000016ccd-97.dat	upx
behavioral1/memory/2532-93-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2468-91-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/files/0x0006000000016ca1-89.dat	upx
behavioral1/memory/2352-78-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/files/0x0006000000016c57-75.dat	upx
behavioral1/memory/1696-62-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2980-69-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/files/0x0006000000016c3a-67.dat	upx
behavioral1/memory/2780-56-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/files/0x0007000000015d02-42.dat	upx
behavioral1/memory/2464-54-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/files/0x0009000000015d1e-51.dat	upx
behavioral1/memory/2468-34-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/1896-2785-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2780-3865-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2980-3869-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2612-3878-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2744-3880-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2468-3913-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\LYCNMXj.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zTFhBgI.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xEOISzb.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VIJqukA.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dbGKYFa.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JsRFBPf.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TauQaFU.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uDOxBnu.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LLLxXMf.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uwJAMfC.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tOpXcJZ.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OobYoTD.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xDenbsc.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SgxDItP.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EHfvDpl.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GYQcLCC.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jbRCEKx.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XBvKXGi.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mNPKoXJ.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iDnZSBb.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LawwwHc.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hqWLbOi.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HNTVVGg.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CaRNyGW.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OCEFmAk.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uOEuiFF.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vudrfXZ.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lsmyClZ.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AwvIDYz.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QbLfJrX.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TnlcFVI.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zSYnqgr.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JUBksjT.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tKkkmHO.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZBXTxus.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CxSKhVD.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MKsLlsa.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dbvGGfw.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FhvqWTn.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UaxaomR.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RBVrkXj.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MbPIzPA.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aufkADr.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FDkqoLy.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iWLBVCL.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rLCiqPi.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RxZwZAK.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cnyRTOb.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sLfECrX.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mZrfnvv.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vifnNhE.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QHuZcmZ.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NArfuvt.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NouAMmM.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mnxpJEs.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iuffKAa.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EIeVJbh.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pMBDRvQ.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nIkrKSO.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eVUNHEu.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rFpUNev.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QdHJVUi.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FEeVFxo.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UFVtIpR.exe	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2780	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 3028 wrote to memory of 2780	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 3028 wrote to memory of 2780	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 3028 wrote to memory of 2980	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 3028 wrote to memory of 2980	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 3028 wrote to memory of 2980	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 3028 wrote to memory of 2612	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3028 wrote to memory of 2612	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3028 wrote to memory of 2612	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3028 wrote to memory of 2744	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3028 wrote to memory of 2744	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3028 wrote to memory of 2744	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3028 wrote to memory of 2468	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3028 wrote to memory of 2468	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3028 wrote to memory of 2468	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3028 wrote to memory of 2804	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3028 wrote to memory of 2804	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3028 wrote to memory of 2804	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3028 wrote to memory of 2576	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3028 wrote to memory of 2576	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3028 wrote to memory of 2576	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3028 wrote to memory of 2464	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3028 wrote to memory of 2464	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3028 wrote to memory of 2464	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3028 wrote to memory of 1696	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3028 wrote to memory of 1696	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3028 wrote to memory of 1696	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3028 wrote to memory of 2920	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3028 wrote to memory of 2920	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3028 wrote to memory of 2920	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3028 wrote to memory of 2352	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3028 wrote to memory of 2352	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3028 wrote to memory of 2352	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3028 wrote to memory of 1628	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3028 wrote to memory of 1628	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3028 wrote to memory of 1628	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3028 wrote to memory of 2532	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3028 wrote to memory of 2532	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3028 wrote to memory of 2532	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3028 wrote to memory of 1896	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3028 wrote to memory of 1896	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3028 wrote to memory of 1896	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3028 wrote to memory of 236	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3028 wrote to memory of 236	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3028 wrote to memory of 236	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3028 wrote to memory of 1552	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3028 wrote to memory of 1552	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3028 wrote to memory of 1552	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3028 wrote to memory of 1196	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3028 wrote to memory of 1196	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3028 wrote to memory of 1196	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3028 wrote to memory of 352	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3028 wrote to memory of 352	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3028 wrote to memory of 352	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3028 wrote to memory of 2272	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3028 wrote to memory of 2272	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3028 wrote to memory of 2272	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3028 wrote to memory of 1220	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3028 wrote to memory of 1220	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3028 wrote to memory of 1220	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3028 wrote to memory of 1424	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3028 wrote to memory of 1424	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3028 wrote to memory of 1424	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3028 wrote to memory of 2788	3028	2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-03_01e0d2d212c97dd149ed9d29d304d696_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\System\mIExvwc.exe
  C:\Windows\System\mIExvwc.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\EYGWBFP.exe
  C:\Windows\System\EYGWBFP.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\RpWspng.exe
  C:\Windows\System\RpWspng.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\JOjMnlM.exe
  C:\Windows\System\JOjMnlM.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\UNJFlfd.exe
  C:\Windows\System\UNJFlfd.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\JhjgZVH.exe
  C:\Windows\System\JhjgZVH.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\PtZEqsi.exe
  C:\Windows\System\PtZEqsi.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\IPVZLkd.exe
  C:\Windows\System\IPVZLkd.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\xqDLVXZ.exe
  C:\Windows\System\xqDLVXZ.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\sNWxuDp.exe
  C:\Windows\System\sNWxuDp.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\UPPgDlF.exe
  C:\Windows\System\UPPgDlF.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\XBSngyI.exe
  C:\Windows\System\XBSngyI.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\LMnKhiX.exe
  C:\Windows\System\LMnKhiX.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\jusmYuQ.exe
  C:\Windows\System\jusmYuQ.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\zxPwWhM.exe
  C:\Windows\System\zxPwWhM.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\teGForc.exe
  C:\Windows\System\teGForc.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\WuASyga.exe
  C:\Windows\System\WuASyga.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\fuyTZsD.exe
  C:\Windows\System\fuyTZsD.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\aRbPLsj.exe
  C:\Windows\System\aRbPLsj.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\exkeArP.exe
  C:\Windows\System\exkeArP.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\JIUweYP.exe
  C:\Windows\System\JIUweYP.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\NyobTmu.exe
  C:\Windows\System\NyobTmu.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\zruXfSr.exe
  C:\Windows\System\zruXfSr.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\TMsxyoc.exe
  C:\Windows\System\TMsxyoc.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\KOYQrXL.exe
  C:\Windows\System\KOYQrXL.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\anjFHie.exe
  C:\Windows\System\anjFHie.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\znsnevm.exe
  C:\Windows\System\znsnevm.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\vNBMPgT.exe
  C:\Windows\System\vNBMPgT.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\SZTEISJ.exe
  C:\Windows\System\SZTEISJ.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\DylLSra.exe
  C:\Windows\System\DylLSra.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\WLRTGqB.exe
  C:\Windows\System\WLRTGqB.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\uHpFoHJ.exe
  C:\Windows\System\uHpFoHJ.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\EDCsUJX.exe
  C:\Windows\System\EDCsUJX.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\ZoSTCsZ.exe
  C:\Windows\System\ZoSTCsZ.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\FFWoEgf.exe
  C:\Windows\System\FFWoEgf.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\SjGvrQt.exe
  C:\Windows\System\SjGvrQt.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\ZMSCwSf.exe
  C:\Windows\System\ZMSCwSf.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\TlGRaXm.exe
  C:\Windows\System\TlGRaXm.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\WNIdKqG.exe
  C:\Windows\System\WNIdKqG.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\jxoECnu.exe
  C:\Windows\System\jxoECnu.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\JsBmLKq.exe
  C:\Windows\System\JsBmLKq.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\yfwALVX.exe
  C:\Windows\System\yfwALVX.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\qrgxXni.exe
  C:\Windows\System\qrgxXni.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\orniKRu.exe
  C:\Windows\System\orniKRu.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\tfglvqC.exe
  C:\Windows\System\tfglvqC.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\AHyaybN.exe
  C:\Windows\System\AHyaybN.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\vaUYgcE.exe
  C:\Windows\System\vaUYgcE.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\acXmNDA.exe
  C:\Windows\System\acXmNDA.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\StEglMj.exe
  C:\Windows\System\StEglMj.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\mJhEfVq.exe
  C:\Windows\System\mJhEfVq.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\xynobwr.exe
  C:\Windows\System\xynobwr.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\DAdkkOU.exe
  C:\Windows\System\DAdkkOU.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\fTgrtxJ.exe
  C:\Windows\System\fTgrtxJ.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\ijEkiLo.exe
  C:\Windows\System\ijEkiLo.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\FDkqoLy.exe
  C:\Windows\System\FDkqoLy.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\sYiMiMk.exe
  C:\Windows\System\sYiMiMk.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\fFCgNeF.exe
  C:\Windows\System\fFCgNeF.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\wYykMRn.exe
  C:\Windows\System\wYykMRn.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\hjacNvm.exe
  C:\Windows\System\hjacNvm.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\NomjJKP.exe
  C:\Windows\System\NomjJKP.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\dnvHHHv.exe
  C:\Windows\System\dnvHHHv.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\CaRNyGW.exe
  C:\Windows\System\CaRNyGW.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\lxvyasn.exe
  C:\Windows\System\lxvyasn.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\MBIzGXE.exe
  C:\Windows\System\MBIzGXE.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\fkNWxBo.exe
  C:\Windows\System\fkNWxBo.exe
  2⤵
  PID:2480
- C:\Windows\System\WbgdyOJ.exe
  C:\Windows\System\WbgdyOJ.exe
  2⤵
  PID:2404
- C:\Windows\System\Owswtyb.exe
  C:\Windows\System\Owswtyb.exe
  2⤵
  PID:2112
- C:\Windows\System\Vihhcal.exe
  C:\Windows\System\Vihhcal.exe
  2⤵
  PID:2724
- C:\Windows\System\ixFMxrV.exe
  C:\Windows\System\ixFMxrV.exe
  2⤵
  PID:2372
- C:\Windows\System\jlgOkHc.exe
  C:\Windows\System\jlgOkHc.exe
  2⤵
  PID:544
- C:\Windows\System\qDzdUXX.exe
  C:\Windows\System\qDzdUXX.exe
  2⤵
  PID:1836
- C:\Windows\System\IbTRyfJ.exe
  C:\Windows\System\IbTRyfJ.exe
  2⤵
  PID:1600
- C:\Windows\System\pRAHtVq.exe
  C:\Windows\System\pRAHtVq.exe
  2⤵
  PID:1416
- C:\Windows\System\pdyUtQv.exe
  C:\Windows\System\pdyUtQv.exe
  2⤵
  PID:1524
- C:\Windows\System\XRCBgQG.exe
  C:\Windows\System\XRCBgQG.exe
  2⤵
  PID:1200
- C:\Windows\System\tSnoHaV.exe
  C:\Windows\System\tSnoHaV.exe
  2⤵
  PID:2232
- C:\Windows\System\qlDlxpl.exe
  C:\Windows\System\qlDlxpl.exe
  2⤵
  PID:2560
- C:\Windows\System\PrUyRMJ.exe
  C:\Windows\System\PrUyRMJ.exe
  2⤵
  PID:576
- C:\Windows\System\fkrutws.exe
  C:\Windows\System\fkrutws.exe
  2⤵
  PID:1768
- C:\Windows\System\hqboWlx.exe
  C:\Windows\System\hqboWlx.exe
  2⤵
  PID:2424
- C:\Windows\System\VKxgpap.exe
  C:\Windows\System\VKxgpap.exe
  2⤵
  PID:2276
- C:\Windows\System\ydMAqHk.exe
  C:\Windows\System\ydMAqHk.exe
  2⤵
  PID:444
- C:\Windows\System\aLnHwKm.exe
  C:\Windows\System\aLnHwKm.exe
  2⤵
  PID:1832
- C:\Windows\System\TsEBxKy.exe
  C:\Windows\System\TsEBxKy.exe
  2⤵
  PID:1452
- C:\Windows\System\XPzEojN.exe
  C:\Windows\System\XPzEojN.exe
  2⤵
  PID:1968
- C:\Windows\System\iBaikAu.exe
  C:\Windows\System\iBaikAu.exe
  2⤵
  PID:1008
- C:\Windows\System\iGCRPvh.exe
  C:\Windows\System\iGCRPvh.exe
  2⤵
  PID:928
- C:\Windows\System\kjyXlwi.exe
  C:\Windows\System\kjyXlwi.exe
  2⤵
  PID:568
- C:\Windows\System\qaLWFnl.exe
  C:\Windows\System\qaLWFnl.exe
  2⤵
  PID:2836
- C:\Windows\System\FsHGeAz.exe
  C:\Windows\System\FsHGeAz.exe
  2⤵
  PID:2936
- C:\Windows\System\syHDIcb.exe
  C:\Windows\System\syHDIcb.exe
  2⤵
  PID:2304
- C:\Windows\System\JqVPkhh.exe
  C:\Windows\System\JqVPkhh.exe
  2⤵
  PID:2796
- C:\Windows\System\OnDYriR.exe
  C:\Windows\System\OnDYriR.exe
  2⤵
  PID:2876
- C:\Windows\System\qMTGhus.exe
  C:\Windows\System\qMTGhus.exe
  2⤵
  PID:1828
- C:\Windows\System\leqGWNF.exe
  C:\Windows\System\leqGWNF.exe
  2⤵
  PID:1956
- C:\Windows\System\laNAtFP.exe
  C:\Windows\System\laNAtFP.exe
  2⤵
  PID:2572
- C:\Windows\System\kwndCBj.exe
  C:\Windows\System\kwndCBj.exe
  2⤵
  PID:2792
- C:\Windows\System\DRBLNcu.exe
  C:\Windows\System\DRBLNcu.exe
  2⤵
  PID:2824
- C:\Windows\System\PbFdFDs.exe
  C:\Windows\System\PbFdFDs.exe
  2⤵
  PID:316
- C:\Windows\System\qdAfpvH.exe
  C:\Windows\System\qdAfpvH.exe
  2⤵
  PID:2632
- C:\Windows\System\SNdsrbn.exe
  C:\Windows\System\SNdsrbn.exe
  2⤵
  PID:1216
- C:\Windows\System\xqPYzTd.exe
  C:\Windows\System\xqPYzTd.exe
  2⤵
  PID:1900
- C:\Windows\System\HTMfSHW.exe
  C:\Windows\System\HTMfSHW.exe
  2⤵
  PID:2596
- C:\Windows\System\fKfJfqY.exe
  C:\Windows\System\fKfJfqY.exe
  2⤵
  PID:1924
- C:\Windows\System\bGcclhm.exe
  C:\Windows\System\bGcclhm.exe
  2⤵
  PID:2800
- C:\Windows\System\dbvGGfw.exe
  C:\Windows\System\dbvGGfw.exe
  2⤵
  PID:2032
- C:\Windows\System\fBuxTcT.exe
  C:\Windows\System\fBuxTcT.exe
  2⤵
  PID:980
- C:\Windows\System\gHuVssr.exe
  C:\Windows\System\gHuVssr.exe
  2⤵
  PID:2136
- C:\Windows\System\EjFJhhl.exe
  C:\Windows\System\EjFJhhl.exe
  2⤵
  PID:3036
- C:\Windows\System\aDUciJa.exe
  C:\Windows\System\aDUciJa.exe
  2⤵
  PID:836
- C:\Windows\System\LOYybpR.exe
  C:\Windows\System\LOYybpR.exe
  2⤵
  PID:2564
- C:\Windows\System\UgLYzHF.exe
  C:\Windows\System\UgLYzHF.exe
  2⤵
  PID:988
- C:\Windows\System\NONiwZf.exe
  C:\Windows\System\NONiwZf.exe
  2⤵
  PID:2008
- C:\Windows\System\GmXmymB.exe
  C:\Windows\System\GmXmymB.exe
  2⤵
  PID:2864
- C:\Windows\System\WqPsWBV.exe
  C:\Windows\System\WqPsWBV.exe
  2⤵
  PID:780
- C:\Windows\System\vUKoZXY.exe
  C:\Windows\System\vUKoZXY.exe
  2⤵
  PID:1620
- C:\Windows\System\YDdmfWG.exe
  C:\Windows\System\YDdmfWG.exe
  2⤵
  PID:1500
- C:\Windows\System\qkCbILa.exe
  C:\Windows\System\qkCbILa.exe
  2⤵
  PID:2676
- C:\Windows\System\ZZyCTkz.exe
  C:\Windows\System\ZZyCTkz.exe
  2⤵
  PID:2496
- C:\Windows\System\JSseXUZ.exe
  C:\Windows\System\JSseXUZ.exe
  2⤵
  PID:1536
- C:\Windows\System\xUzkWmu.exe
  C:\Windows\System\xUzkWmu.exe
  2⤵
  PID:2708
- C:\Windows\System\heVAPtb.exe
  C:\Windows\System\heVAPtb.exe
  2⤵
  PID:2360
- C:\Windows\System\wKlTCeL.exe
  C:\Windows\System\wKlTCeL.exe
  2⤵
  PID:2884
- C:\Windows\System\tEMMdvw.exe
  C:\Windows\System\tEMMdvw.exe
  2⤵
  PID:2200
- C:\Windows\System\yXXUIDp.exe
  C:\Windows\System\yXXUIDp.exe
  2⤵
  PID:2996
- C:\Windows\System\UjRechI.exe
  C:\Windows\System\UjRechI.exe
  2⤵
  PID:1176
- C:\Windows\System\vxINihE.exe
  C:\Windows\System\vxINihE.exe
  2⤵
  PID:872
- C:\Windows\System\WUHJaSq.exe
  C:\Windows\System\WUHJaSq.exe
  2⤵
  PID:636
- C:\Windows\System\HXNHUkF.exe
  C:\Windows\System\HXNHUkF.exe
  2⤵
  PID:3088
- C:\Windows\System\dfsmGSw.exe
  C:\Windows\System\dfsmGSw.exe
  2⤵
  PID:3108
- C:\Windows\System\UJpmMLv.exe
  C:\Windows\System\UJpmMLv.exe
  2⤵
  PID:3128
- C:\Windows\System\cyStnsg.exe
  C:\Windows\System\cyStnsg.exe
  2⤵
  PID:3144
- C:\Windows\System\huyUXWR.exe
  C:\Windows\System\huyUXWR.exe
  2⤵
  PID:3168
- C:\Windows\System\AnBxVuw.exe
  C:\Windows\System\AnBxVuw.exe
  2⤵
  PID:3188
- C:\Windows\System\osFxcQC.exe
  C:\Windows\System\osFxcQC.exe
  2⤵
  PID:3208
- C:\Windows\System\AHPXRZy.exe
  C:\Windows\System\AHPXRZy.exe
  2⤵
  PID:3228
- C:\Windows\System\YmBrvhF.exe
  C:\Windows\System\YmBrvhF.exe
  2⤵
  PID:3248
- C:\Windows\System\eKTFXjg.exe
  C:\Windows\System\eKTFXjg.exe
  2⤵
  PID:3264
- C:\Windows\System\PLrAsHQ.exe
  C:\Windows\System\PLrAsHQ.exe
  2⤵
  PID:3288
- C:\Windows\System\UFVtIpR.exe
  C:\Windows\System\UFVtIpR.exe
  2⤵
  PID:3304
- C:\Windows\System\ugtBzAP.exe
  C:\Windows\System\ugtBzAP.exe
  2⤵
  PID:3328
- C:\Windows\System\frtXLPx.exe
  C:\Windows\System\frtXLPx.exe
  2⤵
  PID:3348
- C:\Windows\System\iJPLoTn.exe
  C:\Windows\System\iJPLoTn.exe
  2⤵
  PID:3368
- C:\Windows\System\xSKpkKi.exe
  C:\Windows\System\xSKpkKi.exe
  2⤵
  PID:3388
- C:\Windows\System\MYHmNwu.exe
  C:\Windows\System\MYHmNwu.exe
  2⤵
  PID:3408
- C:\Windows\System\TRDaSvN.exe
  C:\Windows\System\TRDaSvN.exe
  2⤵
  PID:3428
- C:\Windows\System\IlZsJCq.exe
  C:\Windows\System\IlZsJCq.exe
  2⤵
  PID:3448
- C:\Windows\System\HINQnSy.exe
  C:\Windows\System\HINQnSy.exe
  2⤵
  PID:3468
- C:\Windows\System\ijzRKCS.exe
  C:\Windows\System\ijzRKCS.exe
  2⤵
  PID:3488
- C:\Windows\System\CrElqXZ.exe
  C:\Windows\System\CrElqXZ.exe
  2⤵
  PID:3504
- C:\Windows\System\UvawVNk.exe
  C:\Windows\System\UvawVNk.exe
  2⤵
  PID:3524
- C:\Windows\System\uohqHHJ.exe
  C:\Windows\System\uohqHHJ.exe
  2⤵
  PID:3548
- C:\Windows\System\hbqIZvc.exe
  C:\Windows\System\hbqIZvc.exe
  2⤵
  PID:3568
- C:\Windows\System\JiBxphn.exe
  C:\Windows\System\JiBxphn.exe
  2⤵
  PID:3588
- C:\Windows\System\GaNgFgg.exe
  C:\Windows\System\GaNgFgg.exe
  2⤵
  PID:3608
- C:\Windows\System\fWwqnGG.exe
  C:\Windows\System\fWwqnGG.exe
  2⤵
  PID:3628
- C:\Windows\System\wFIeihg.exe
  C:\Windows\System\wFIeihg.exe
  2⤵
  PID:3648
- C:\Windows\System\JQiIWSx.exe
  C:\Windows\System\JQiIWSx.exe
  2⤵
  PID:3668
- C:\Windows\System\LLnwfcT.exe
  C:\Windows\System\LLnwfcT.exe
  2⤵
  PID:3688
- C:\Windows\System\GZSNtit.exe
  C:\Windows\System\GZSNtit.exe
  2⤵
  PID:3708
- C:\Windows\System\MUoFVWm.exe
  C:\Windows\System\MUoFVWm.exe
  2⤵
  PID:3728
- C:\Windows\System\vreFfcf.exe
  C:\Windows\System\vreFfcf.exe
  2⤵
  PID:3748
- C:\Windows\System\hFPkaky.exe
  C:\Windows\System\hFPkaky.exe
  2⤵
  PID:3768
- C:\Windows\System\VlxzdrP.exe
  C:\Windows\System\VlxzdrP.exe
  2⤵
  PID:3784
- C:\Windows\System\fKCYVrU.exe
  C:\Windows\System\fKCYVrU.exe
  2⤵
  PID:3808
- C:\Windows\System\ZKgqUQl.exe
  C:\Windows\System\ZKgqUQl.exe
  2⤵
  PID:3824
- C:\Windows\System\qTMGoTI.exe
  C:\Windows\System\qTMGoTI.exe
  2⤵
  PID:3844
- C:\Windows\System\YIszfXH.exe
  C:\Windows\System\YIszfXH.exe
  2⤵
  PID:3864
- C:\Windows\System\TSzCRgo.exe
  C:\Windows\System\TSzCRgo.exe
  2⤵
  PID:3884
- C:\Windows\System\tITNnMm.exe
  C:\Windows\System\tITNnMm.exe
  2⤵
  PID:3900
- C:\Windows\System\SsarDkd.exe
  C:\Windows\System\SsarDkd.exe
  2⤵
  PID:3928
- C:\Windows\System\shCQfFC.exe
  C:\Windows\System\shCQfFC.exe
  2⤵
  PID:3944
- C:\Windows\System\xXcSZWl.exe
  C:\Windows\System\xXcSZWl.exe
  2⤵
  PID:3964
- C:\Windows\System\qaHOeoc.exe
  C:\Windows\System\qaHOeoc.exe
  2⤵
  PID:3984
- C:\Windows\System\hZhzkTl.exe
  C:\Windows\System\hZhzkTl.exe
  2⤵
  PID:4004
- C:\Windows\System\nMVDIhu.exe
  C:\Windows\System\nMVDIhu.exe
  2⤵
  PID:4028
- C:\Windows\System\DCHnBhp.exe
  C:\Windows\System\DCHnBhp.exe
  2⤵
  PID:4048
- C:\Windows\System\TdgRcGw.exe
  C:\Windows\System\TdgRcGw.exe
  2⤵
  PID:4068
- C:\Windows\System\ECWOBxq.exe
  C:\Windows\System\ECWOBxq.exe
  2⤵
  PID:4088
- C:\Windows\System\TGXTzNZ.exe
  C:\Windows\System\TGXTzNZ.exe
  2⤵
  PID:2944
- C:\Windows\System\abNdwac.exe
  C:\Windows\System\abNdwac.exe
  2⤵
  PID:1404
- C:\Windows\System\mvoCDRF.exe
  C:\Windows\System\mvoCDRF.exe
  2⤵
  PID:2460
- C:\Windows\System\ZSYKoud.exe
  C:\Windows\System\ZSYKoud.exe
  2⤵
  PID:2164
- C:\Windows\System\PkASzWe.exe
  C:\Windows\System\PkASzWe.exe
  2⤵
  PID:3044
- C:\Windows\System\FdwvfXk.exe
  C:\Windows\System\FdwvfXk.exe
  2⤵
  PID:1496
- C:\Windows\System\sQHWVXM.exe
  C:\Windows\System\sQHWVXM.exe
  2⤵
  PID:2236
- C:\Windows\System\patrrXj.exe
  C:\Windows\System\patrrXj.exe
  2⤵
  PID:2000
- C:\Windows\System\MMOYCMn.exe
  C:\Windows\System\MMOYCMn.exe
  2⤵
  PID:3076
- C:\Windows\System\kEiroxj.exe
  C:\Windows\System\kEiroxj.exe
  2⤵
  PID:1016
- C:\Windows\System\QnKSbRb.exe
  C:\Windows\System\QnKSbRb.exe
  2⤵
  PID:3120
- C:\Windows\System\oTGjMrU.exe
  C:\Windows\System\oTGjMrU.exe
  2⤵
  PID:3136
- C:\Windows\System\pobhiMo.exe
  C:\Windows\System\pobhiMo.exe
  2⤵
  PID:3140
- C:\Windows\System\CAWLDjd.exe
  C:\Windows\System\CAWLDjd.exe
  2⤵
  PID:3216
- C:\Windows\System\CXiladL.exe
  C:\Windows\System\CXiladL.exe
  2⤵
  PID:3272
- C:\Windows\System\HVXWeQr.exe
  C:\Windows\System\HVXWeQr.exe
  2⤵
  PID:3260
- C:\Windows\System\nwAxLSp.exe
  C:\Windows\System\nwAxLSp.exe
  2⤵
  PID:3296
- C:\Windows\System\BkPrtbS.exe
  C:\Windows\System\BkPrtbS.exe
  2⤵
  PID:3364
- C:\Windows\System\tvuWHFd.exe
  C:\Windows\System\tvuWHFd.exe
  2⤵
  PID:3404
- C:\Windows\System\hfXFcFf.exe
  C:\Windows\System\hfXFcFf.exe
  2⤵
  PID:3416
- C:\Windows\System\afVSeyv.exe
  C:\Windows\System\afVSeyv.exe
  2⤵
  PID:3476
- C:\Windows\System\eWuWBAG.exe
  C:\Windows\System\eWuWBAG.exe
  2⤵
  PID:3480
- C:\Windows\System\lXnzMtm.exe
  C:\Windows\System\lXnzMtm.exe
  2⤵
  PID:3536
- C:\Windows\System\wGfBAXm.exe
  C:\Windows\System\wGfBAXm.exe
  2⤵
  PID:3564
- C:\Windows\System\VHKpdGD.exe
  C:\Windows\System\VHKpdGD.exe
  2⤵
  PID:3600
- C:\Windows\System\oOpjRVM.exe
  C:\Windows\System\oOpjRVM.exe
  2⤵
  PID:3584
- C:\Windows\System\lhxvPuv.exe
  C:\Windows\System\lhxvPuv.exe
  2⤵
  PID:3620
- C:\Windows\System\IpcxBPk.exe
  C:\Windows\System\IpcxBPk.exe
  2⤵
  PID:3664
- C:\Windows\System\TXzXthL.exe
  C:\Windows\System\TXzXthL.exe
  2⤵
  PID:3704
- C:\Windows\System\yNFriAV.exe
  C:\Windows\System\yNFriAV.exe
  2⤵
  PID:3736
- C:\Windows\System\ViBemri.exe
  C:\Windows\System\ViBemri.exe
  2⤵
  PID:3804
- C:\Windows\System\mMcDJlW.exe
  C:\Windows\System\mMcDJlW.exe
  2⤵
  PID:3780
- C:\Windows\System\vkSTyOl.exe
  C:\Windows\System\vkSTyOl.exe
  2⤵
  PID:3820
- C:\Windows\System\LcGIizk.exe
  C:\Windows\System\LcGIizk.exe
  2⤵
  PID:3924
- C:\Windows\System\dDWMFnu.exe
  C:\Windows\System\dDWMFnu.exe
  2⤵
  PID:3896
- C:\Windows\System\EnWKEfy.exe
  C:\Windows\System\EnWKEfy.exe
  2⤵
  PID:3940
- C:\Windows\System\ZULLRsk.exe
  C:\Windows\System\ZULLRsk.exe
  2⤵
  PID:4012
- C:\Windows\System\vclJhIi.exe
  C:\Windows\System\vclJhIi.exe
  2⤵
  PID:4036
- C:\Windows\System\mQyafwc.exe
  C:\Windows\System\mQyafwc.exe
  2⤵
  PID:4064
- C:\Windows\System\KSlPVPR.exe
  C:\Windows\System\KSlPVPR.exe
  2⤵
  PID:2260
- C:\Windows\System\YNAojXF.exe
  C:\Windows\System\YNAojXF.exe
  2⤵
  PID:848
- C:\Windows\System\ywMibOY.exe
  C:\Windows\System\ywMibOY.exe
  2⤵
  PID:2616
- C:\Windows\System\EHQGADj.exe
  C:\Windows\System\EHQGADj.exe
  2⤵
  PID:1360
- C:\Windows\System\USpKRcD.exe
  C:\Windows\System\USpKRcD.exe
  2⤵
  PID:2988
- C:\Windows\System\YFaAJpj.exe
  C:\Windows\System\YFaAJpj.exe
  2⤵
  PID:2428
- C:\Windows\System\PPQdarO.exe
  C:\Windows\System\PPQdarO.exe
  2⤵
  PID:3116
- C:\Windows\System\YCJJwGs.exe
  C:\Windows\System\YCJJwGs.exe
  2⤵
  PID:3156
- C:\Windows\System\dgikZnE.exe
  C:\Windows\System\dgikZnE.exe
  2⤵
  PID:3236
- C:\Windows\System\DRfrpsB.exe
  C:\Windows\System\DRfrpsB.exe
  2⤵
  PID:3240
- C:\Windows\System\eQFxqqE.exe
  C:\Windows\System\eQFxqqE.exe
  2⤵
  PID:3244
- C:\Windows\System\FYBjXyU.exe
  C:\Windows\System\FYBjXyU.exe
  2⤵
  PID:3384
- C:\Windows\System\NBgHHVY.exe
  C:\Windows\System\NBgHHVY.exe
  2⤵
  PID:3484
- C:\Windows\System\GrLrOvC.exe
  C:\Windows\System\GrLrOvC.exe
  2⤵
  PID:3440
- C:\Windows\System\rxiTiJg.exe
  C:\Windows\System\rxiTiJg.exe
  2⤵
  PID:3532
- C:\Windows\System\CuiGcHM.exe
  C:\Windows\System\CuiGcHM.exe
  2⤵
  PID:3640
- C:\Windows\System\WbpuCaX.exe
  C:\Windows\System\WbpuCaX.exe
  2⤵
  PID:3684
- C:\Windows\System\WTaSXRz.exe
  C:\Windows\System\WTaSXRz.exe
  2⤵
  PID:3764
- C:\Windows\System\XlxhgPF.exe
  C:\Windows\System\XlxhgPF.exe
  2⤵
  PID:3696
- C:\Windows\System\WwlcAoS.exe
  C:\Windows\System\WwlcAoS.exe
  2⤵
  PID:3872
- C:\Windows\System\fqZMNFr.exe
  C:\Windows\System\fqZMNFr.exe
  2⤵
  PID:3920
- C:\Windows\System\vdJQRiP.exe
  C:\Windows\System\vdJQRiP.exe
  2⤵
  PID:3960
- C:\Windows\System\xwtsyHV.exe
  C:\Windows\System\xwtsyHV.exe
  2⤵
  PID:3980
- C:\Windows\System\dEbyRpb.exe
  C:\Windows\System\dEbyRpb.exe
  2⤵
  PID:4040
- C:\Windows\System\jvzmaDc.exe
  C:\Windows\System\jvzmaDc.exe
  2⤵
  PID:4080
- C:\Windows\System\STXJPQt.exe
  C:\Windows\System\STXJPQt.exe
  2⤵
  PID:2984
- C:\Windows\System\doSHUIG.exe
  C:\Windows\System\doSHUIG.exe
  2⤵
  PID:2608
- C:\Windows\System\gxigumw.exe
  C:\Windows\System\gxigumw.exe
  2⤵
  PID:1068
- C:\Windows\System\zVWSJZG.exe
  C:\Windows\System\zVWSJZG.exe
  2⤵
  PID:1736
- C:\Windows\System\XHDghnf.exe
  C:\Windows\System\XHDghnf.exe
  2⤵
  PID:3104
- C:\Windows\System\ZhZKnIF.exe
  C:\Windows\System\ZhZKnIF.exe
  2⤵
  PID:3360
- C:\Windows\System\LmeRvsJ.exe
  C:\Windows\System\LmeRvsJ.exe
  2⤵
  PID:3396
- C:\Windows\System\XaIUiDp.exe
  C:\Windows\System\XaIUiDp.exe
  2⤵
  PID:3460
- C:\Windows\System\zKnpJGF.exe
  C:\Windows\System\zKnpJGF.exe
  2⤵
  PID:3540
- C:\Windows\System\TdWnvep.exe
  C:\Windows\System\TdWnvep.exe
  2⤵
  PID:3576
- C:\Windows\System\wBGxHSx.exe
  C:\Windows\System\wBGxHSx.exe
  2⤵
  PID:3624
- C:\Windows\System\lYHxXRN.exe
  C:\Windows\System\lYHxXRN.exe
  2⤵
  PID:2784
- C:\Windows\System\mwezRwb.exe
  C:\Windows\System\mwezRwb.exe
  2⤵
  PID:3840
- C:\Windows\System\JAfnkmr.exe
  C:\Windows\System\JAfnkmr.exe
  2⤵
  PID:3992
- C:\Windows\System\DkDlhPa.exe
  C:\Windows\System\DkDlhPa.exe
  2⤵
  PID:4044
- C:\Windows\System\UfjfXvy.exe
  C:\Windows\System\UfjfXvy.exe
  2⤵
  PID:2556
- C:\Windows\System\UYKVgwY.exe
  C:\Windows\System\UYKVgwY.exe
  2⤵
  PID:1856
- C:\Windows\System\faRCmTO.exe
  C:\Windows\System\faRCmTO.exe
  2⤵
  PID:2736
- C:\Windows\System\srgwTJp.exe
  C:\Windows\System\srgwTJp.exe
  2⤵
  PID:3220
- C:\Windows\System\BBBtuzC.exe
  C:\Windows\System\BBBtuzC.exe
  2⤵
  PID:4104
- C:\Windows\System\BgRPHus.exe
  C:\Windows\System\BgRPHus.exe
  2⤵
  PID:4120
- C:\Windows\System\DorRwNB.exe
  C:\Windows\System\DorRwNB.exe
  2⤵
  PID:4144
- C:\Windows\System\JZRKceg.exe
  C:\Windows\System\JZRKceg.exe
  2⤵
  PID:4160
- C:\Windows\System\mKQzaXQ.exe
  C:\Windows\System\mKQzaXQ.exe
  2⤵
  PID:4180
- C:\Windows\System\xQYyAPz.exe
  C:\Windows\System\xQYyAPz.exe
  2⤵
  PID:4204
- C:\Windows\System\iuffKAa.exe
  C:\Windows\System\iuffKAa.exe
  2⤵
  PID:4224
- C:\Windows\System\vGCirqP.exe
  C:\Windows\System\vGCirqP.exe
  2⤵
  PID:4240
- C:\Windows\System\mkEBvwr.exe
  C:\Windows\System\mkEBvwr.exe
  2⤵
  PID:4272
- C:\Windows\System\JsWrszI.exe
  C:\Windows\System\JsWrszI.exe
  2⤵
  PID:4292
- C:\Windows\System\vUrAJLC.exe
  C:\Windows\System\vUrAJLC.exe
  2⤵
  PID:4312
- C:\Windows\System\DTpIotf.exe
  C:\Windows\System\DTpIotf.exe
  2⤵
  PID:4332
- C:\Windows\System\iAWksLy.exe
  C:\Windows\System\iAWksLy.exe
  2⤵
  PID:4352
- C:\Windows\System\BSbaSnh.exe
  C:\Windows\System\BSbaSnh.exe
  2⤵
  PID:4372
- C:\Windows\System\lhvwqSt.exe
  C:\Windows\System\lhvwqSt.exe
  2⤵
  PID:4392
- C:\Windows\System\bLseWjF.exe
  C:\Windows\System\bLseWjF.exe
  2⤵
  PID:4412
- C:\Windows\System\AqLzEiG.exe
  C:\Windows\System\AqLzEiG.exe
  2⤵
  PID:4432
- C:\Windows\System\NVClVhr.exe
  C:\Windows\System\NVClVhr.exe
  2⤵
  PID:4452
- C:\Windows\System\ALwGzuV.exe
  C:\Windows\System\ALwGzuV.exe
  2⤵
  PID:4472
- C:\Windows\System\AHoYwrN.exe
  C:\Windows\System\AHoYwrN.exe
  2⤵
  PID:4492
- C:\Windows\System\azDPYEe.exe
  C:\Windows\System\azDPYEe.exe
  2⤵
  PID:4512
- C:\Windows\System\UuwGwRB.exe
  C:\Windows\System\UuwGwRB.exe
  2⤵
  PID:4532
- C:\Windows\System\mHaLcPU.exe
  C:\Windows\System\mHaLcPU.exe
  2⤵
  PID:4552
- C:\Windows\System\BdHYrfU.exe
  C:\Windows\System\BdHYrfU.exe
  2⤵
  PID:4572
- C:\Windows\System\staQYVh.exe
  C:\Windows\System\staQYVh.exe
  2⤵
  PID:4592
- C:\Windows\System\fBokvOa.exe
  C:\Windows\System\fBokvOa.exe
  2⤵
  PID:4612
- C:\Windows\System\ggVpzhN.exe
  C:\Windows\System\ggVpzhN.exe
  2⤵
  PID:4632
- C:\Windows\System\mNPKoXJ.exe
  C:\Windows\System\mNPKoXJ.exe
  2⤵
  PID:4652
- C:\Windows\System\CsEuYSq.exe
  C:\Windows\System\CsEuYSq.exe
  2⤵
  PID:4672
- C:\Windows\System\UaJObJx.exe
  C:\Windows\System\UaJObJx.exe
  2⤵
  PID:4692
- C:\Windows\System\SKeArjp.exe
  C:\Windows\System\SKeArjp.exe
  2⤵
  PID:4712
- C:\Windows\System\YsawfME.exe
  C:\Windows\System\YsawfME.exe
  2⤵
  PID:4732
- C:\Windows\System\KXFRIza.exe
  C:\Windows\System\KXFRIza.exe
  2⤵
  PID:4752
- C:\Windows\System\pmcpJyB.exe
  C:\Windows\System\pmcpJyB.exe
  2⤵
  PID:4772
- C:\Windows\System\SnZYQBW.exe
  C:\Windows\System\SnZYQBW.exe
  2⤵
  PID:4792
- C:\Windows\System\xgLIUlp.exe
  C:\Windows\System\xgLIUlp.exe
  2⤵
  PID:4812
- C:\Windows\System\CzZzAHN.exe
  C:\Windows\System\CzZzAHN.exe
  2⤵
  PID:4832
- C:\Windows\System\UGGoEbS.exe
  C:\Windows\System\UGGoEbS.exe
  2⤵
  PID:4852
- C:\Windows\System\BWUWHRh.exe
  C:\Windows\System\BWUWHRh.exe
  2⤵
  PID:4872
- C:\Windows\System\WMMmgMt.exe
  C:\Windows\System\WMMmgMt.exe
  2⤵
  PID:4892
- C:\Windows\System\wmSlswj.exe
  C:\Windows\System\wmSlswj.exe
  2⤵
  PID:4912
- C:\Windows\System\hHDXEhg.exe
  C:\Windows\System\hHDXEhg.exe
  2⤵
  PID:4932
- C:\Windows\System\FBnZNpM.exe
  C:\Windows\System\FBnZNpM.exe
  2⤵
  PID:4952
- C:\Windows\System\YzQxRrm.exe
  C:\Windows\System\YzQxRrm.exe
  2⤵
  PID:4972
- C:\Windows\System\ThejvQa.exe
  C:\Windows\System\ThejvQa.exe
  2⤵
  PID:4992
- C:\Windows\System\YOZQYLz.exe
  C:\Windows\System\YOZQYLz.exe
  2⤵
  PID:5012
- C:\Windows\System\WCWarpj.exe
  C:\Windows\System\WCWarpj.exe
  2⤵
  PID:5032
- C:\Windows\System\KdpqzhM.exe
  C:\Windows\System\KdpqzhM.exe
  2⤵
  PID:5052
- C:\Windows\System\dTVxfgF.exe
  C:\Windows\System\dTVxfgF.exe
  2⤵
  PID:5072
- C:\Windows\System\fTYbDqk.exe
  C:\Windows\System\fTYbDqk.exe
  2⤵
  PID:5092
- C:\Windows\System\XfnJHao.exe
  C:\Windows\System\XfnJHao.exe
  2⤵
  PID:5112
- C:\Windows\System\sOLmXYd.exe
  C:\Windows\System\sOLmXYd.exe
  2⤵
  PID:2300
- C:\Windows\System\uPpPdNG.exe
  C:\Windows\System\uPpPdNG.exe
  2⤵
  PID:3424
- C:\Windows\System\VuNhxJZ.exe
  C:\Windows\System\VuNhxJZ.exe
  2⤵
  PID:3644
- C:\Windows\System\PjFpWNT.exe
  C:\Windows\System\PjFpWNT.exe
  2⤵
  PID:3560
- C:\Windows\System\nuHpxng.exe
  C:\Windows\System\nuHpxng.exe
  2⤵
  PID:3956
- C:\Windows\System\ckZHmAQ.exe
  C:\Windows\System\ckZHmAQ.exe
  2⤵
  PID:4060
- C:\Windows\System\PJLiLvd.exe
  C:\Windows\System\PJLiLvd.exe
  2⤵
  PID:2540
- C:\Windows\System\KywyyGe.exe
  C:\Windows\System\KywyyGe.exe
  2⤵
  PID:984
- C:\Windows\System\GqhTeXl.exe
  C:\Windows\System\GqhTeXl.exe
  2⤵
  PID:3184
- C:\Windows\System\BJaOIQC.exe
  C:\Windows\System\BJaOIQC.exe
  2⤵
  PID:4136
- C:\Windows\System\BHoAiIp.exe
  C:\Windows\System\BHoAiIp.exe
  2⤵
  PID:4116
- C:\Windows\System\tVpoSBj.exe
  C:\Windows\System\tVpoSBj.exe
  2⤵
  PID:4152
- C:\Windows\System\mZpxbOq.exe
  C:\Windows\System\mZpxbOq.exe
  2⤵
  PID:4200
- C:\Windows\System\AKcEhtI.exe
  C:\Windows\System\AKcEhtI.exe
  2⤵
  PID:4256
- C:\Windows\System\sOjWPox.exe
  C:\Windows\System\sOjWPox.exe
  2⤵
  PID:4304
- C:\Windows\System\khYYtef.exe
  C:\Windows\System\khYYtef.exe
  2⤵
  PID:1732
- C:\Windows\System\SXxUfBF.exe
  C:\Windows\System\SXxUfBF.exe
  2⤵
  PID:4324
- C:\Windows\System\COkCbVf.exe
  C:\Windows\System\COkCbVf.exe
  2⤵
  PID:4388
- C:\Windows\System\kvGecBq.exe
  C:\Windows\System\kvGecBq.exe
  2⤵
  PID:4428
- C:\Windows\System\dOYFqek.exe
  C:\Windows\System\dOYFqek.exe
  2⤵
  PID:4440
- C:\Windows\System\vWfKZmK.exe
  C:\Windows\System\vWfKZmK.exe
  2⤵
  PID:4444
- C:\Windows\System\WxVKCVr.exe
  C:\Windows\System\WxVKCVr.exe
  2⤵
  PID:4484
- C:\Windows\System\peEQrUK.exe
  C:\Windows\System\peEQrUK.exe
  2⤵
  PID:4528
- C:\Windows\System\zKlAoYy.exe
  C:\Windows\System\zKlAoYy.exe
  2⤵
  PID:4580
- C:\Windows\System\vpTfuCg.exe
  C:\Windows\System\vpTfuCg.exe
  2⤵
  PID:4600
- C:\Windows\System\zEnmurW.exe
  C:\Windows\System\zEnmurW.exe
  2⤵
  PID:4624
- C:\Windows\System\LrYMIcA.exe
  C:\Windows\System\LrYMIcA.exe
  2⤵
  PID:4644
- C:\Windows\System\MPtmRVb.exe
  C:\Windows\System\MPtmRVb.exe
  2⤵
  PID:4688
- C:\Windows\System\AwvIDYz.exe
  C:\Windows\System\AwvIDYz.exe
  2⤵
  PID:4728
- C:\Windows\System\rAnsRak.exe
  C:\Windows\System\rAnsRak.exe
  2⤵
  PID:1540
- C:\Windows\System\uTIxRzm.exe
  C:\Windows\System\uTIxRzm.exe
  2⤵
  PID:4764
- C:\Windows\System\IZwPCof.exe
  C:\Windows\System\IZwPCof.exe
  2⤵
  PID:4828
- C:\Windows\System\fPBQMEG.exe
  C:\Windows\System\fPBQMEG.exe
  2⤵
  PID:4860
- C:\Windows\System\UEXBKjP.exe
  C:\Windows\System\UEXBKjP.exe
  2⤵
  PID:4900
- C:\Windows\System\kOwYOow.exe
  C:\Windows\System\kOwYOow.exe
  2⤵
  PID:4920
- C:\Windows\System\foiOYVQ.exe
  C:\Windows\System\foiOYVQ.exe
  2⤵
  PID:4944
- C:\Windows\System\dJyZiFv.exe
  C:\Windows\System\dJyZiFv.exe
  2⤵
  PID:2832
- C:\Windows\System\baIhJaO.exe
  C:\Windows\System\baIhJaO.exe
  2⤵
  PID:5008
- C:\Windows\System\vTMWRDY.exe
  C:\Windows\System\vTMWRDY.exe
  2⤵
  PID:5048
- C:\Windows\System\tkqgGvC.exe
  C:\Windows\System\tkqgGvC.exe
  2⤵
  PID:2828
- C:\Windows\System\pNasnam.exe
  C:\Windows\System\pNasnam.exe
  2⤵
  PID:5108
- C:\Windows\System\MMjZWSU.exe
  C:\Windows\System\MMjZWSU.exe
  2⤵
  PID:3400
- C:\Windows\System\cnrtxKg.exe
  C:\Windows\System\cnrtxKg.exe
  2⤵
  PID:3916
- C:\Windows\System\DBqoevy.exe
  C:\Windows\System\DBqoevy.exe
  2⤵
  PID:2284
- C:\Windows\System\WkYFnjL.exe
  C:\Windows\System\WkYFnjL.exe
  2⤵
  PID:2584
- C:\Windows\System\nDtWphb.exe
  C:\Windows\System\nDtWphb.exe
  2⤵
  PID:3180
- C:\Windows\System\uabYugo.exe
  C:\Windows\System\uabYugo.exe
  2⤵
  PID:1664
- C:\Windows\System\AfBwPrv.exe
  C:\Windows\System\AfBwPrv.exe
  2⤵
  PID:4212
- C:\Windows\System\RXGQPSP.exe
  C:\Windows\System\RXGQPSP.exe
  2⤵
  PID:4192
- C:\Windows\System\cXAdNms.exe
  C:\Windows\System\cXAdNms.exe
  2⤵
  PID:1884
- C:\Windows\System\dtBaLtf.exe
  C:\Windows\System\dtBaLtf.exe
  2⤵
  PID:4284
- C:\Windows\System\ORWsRnx.exe
  C:\Windows\System\ORWsRnx.exe
  2⤵
  PID:4348
- C:\Windows\System\IHbLEhq.exe
  C:\Windows\System\IHbLEhq.exe
  2⤵
  PID:4424
- C:\Windows\System\gxfFDER.exe
  C:\Windows\System\gxfFDER.exe
  2⤵
  PID:4468
- C:\Windows\System\fuQzqfa.exe
  C:\Windows\System\fuQzqfa.exe
  2⤵
  PID:4480
- C:\Windows\System\NBhZdYM.exe
  C:\Windows\System\NBhZdYM.exe
  2⤵
  PID:4588
- C:\Windows\System\xXHRIPh.exe
  C:\Windows\System\xXHRIPh.exe
  2⤵
  PID:4608
- C:\Windows\System\BIHqKwo.exe
  C:\Windows\System\BIHqKwo.exe
  2⤵
  PID:4708
- C:\Windows\System\lYKuWvm.exe
  C:\Windows\System\lYKuWvm.exe
  2⤵
  PID:4704
- C:\Windows\System\vcAjqRh.exe
  C:\Windows\System\vcAjqRh.exe
  2⤵
  PID:4820
- C:\Windows\System\XgHcSgO.exe
  C:\Windows\System\XgHcSgO.exe
  2⤵
  PID:2520
- C:\Windows\System\Bcjobsq.exe
  C:\Windows\System\Bcjobsq.exe
  2⤵
  PID:4840
- C:\Windows\System\lfPMhYJ.exe
  C:\Windows\System\lfPMhYJ.exe
  2⤵
  PID:4904
- C:\Windows\System\pMcjwUF.exe
  C:\Windows\System\pMcjwUF.exe
  2⤵
  PID:5000
- C:\Windows\System\miPdHuG.exe
  C:\Windows\System\miPdHuG.exe
  2⤵
  PID:5068
- C:\Windows\System\HxtkvWT.exe
  C:\Windows\System\HxtkvWT.exe
  2⤵
  PID:5024
- C:\Windows\System\xdbYlwv.exe
  C:\Windows\System\xdbYlwv.exe
  2⤵
  PID:3284
- C:\Windows\System\oNqBLjp.exe
  C:\Windows\System\oNqBLjp.exe
  2⤵
  PID:2912
- C:\Windows\System\pZoULVC.exe
  C:\Windows\System\pZoULVC.exe
  2⤵
  PID:2160
- C:\Windows\System\nWHgHwG.exe
  C:\Windows\System\nWHgHwG.exe
  2⤵
  PID:4024
- C:\Windows\System\WSauxZH.exe
  C:\Windows\System\WSauxZH.exe
  2⤵
  PID:3336
- C:\Windows\System\SAxmGjE.exe
  C:\Windows\System\SAxmGjE.exe
  2⤵
  PID:4188
- C:\Windows\System\JMamjGw.exe
  C:\Windows\System\JMamjGw.exe
  2⤵
  PID:4280
- C:\Windows\System\knTCHcK.exe
  C:\Windows\System\knTCHcK.exe
  2⤵
  PID:4368
- C:\Windows\System\BZbudUV.exe
  C:\Windows\System\BZbudUV.exe
  2⤵
  PID:4464
- C:\Windows\System\RQsPFbE.exe
  C:\Windows\System\RQsPFbE.exe
  2⤵
  PID:4520
- C:\Windows\System\YZnSkfO.exe
  C:\Windows\System\YZnSkfO.exe
  2⤵
  PID:4680
- C:\Windows\System\zpWzAED.exe
  C:\Windows\System\zpWzAED.exe
  2⤵
  PID:4760
- C:\Windows\System\GAMCqVm.exe
  C:\Windows\System\GAMCqVm.exe
  2⤵
  PID:4788
- C:\Windows\System\DRCGSYa.exe
  C:\Windows\System\DRCGSYa.exe
  2⤵
  PID:4948
- C:\Windows\System\kKfTanv.exe
  C:\Windows\System\kKfTanv.exe
  2⤵
  PID:5044
- C:\Windows\System\OTRAQSV.exe
  C:\Windows\System\OTRAQSV.exe
  2⤵
  PID:5028
- C:\Windows\System\bdANRDW.exe
  C:\Windows\System\bdANRDW.exe
  2⤵
  PID:5136
- C:\Windows\System\ezikyfe.exe
  C:\Windows\System\ezikyfe.exe
  2⤵
  PID:5156
- C:\Windows\System\XEYxgXm.exe
  C:\Windows\System\XEYxgXm.exe
  2⤵
  PID:5176
- C:\Windows\System\iVqyTjr.exe
  C:\Windows\System\iVqyTjr.exe
  2⤵
  PID:5196
- C:\Windows\System\SZfodTb.exe
  C:\Windows\System\SZfodTb.exe
  2⤵
  PID:5216
- C:\Windows\System\aPfkgBL.exe
  C:\Windows\System\aPfkgBL.exe
  2⤵
  PID:5236
- C:\Windows\System\UXTUqRR.exe
  C:\Windows\System\UXTUqRR.exe
  2⤵
  PID:5256
- C:\Windows\System\BddFjOy.exe
  C:\Windows\System\BddFjOy.exe
  2⤵
  PID:5276
- C:\Windows\System\kyZpOvp.exe
  C:\Windows\System\kyZpOvp.exe
  2⤵
  PID:5296
- C:\Windows\System\EteliNx.exe
  C:\Windows\System\EteliNx.exe
  2⤵
  PID:5316
- C:\Windows\System\xcRmSVe.exe
  C:\Windows\System\xcRmSVe.exe
  2⤵
  PID:5340
- C:\Windows\System\ePwZbqo.exe
  C:\Windows\System\ePwZbqo.exe
  2⤵
  PID:5360
- C:\Windows\System\UCwXndd.exe
  C:\Windows\System\UCwXndd.exe
  2⤵
  PID:5380
- C:\Windows\System\PpDLKHn.exe
  C:\Windows\System\PpDLKHn.exe
  2⤵
  PID:5400
- C:\Windows\System\kfzVMXr.exe
  C:\Windows\System\kfzVMXr.exe
  2⤵
  PID:5420
- C:\Windows\System\DaKFniB.exe
  C:\Windows\System\DaKFniB.exe
  2⤵
  PID:5440
- C:\Windows\System\igIZKMV.exe
  C:\Windows\System\igIZKMV.exe
  2⤵
  PID:5460
- C:\Windows\System\VgwqTzg.exe
  C:\Windows\System\VgwqTzg.exe
  2⤵
  PID:5480
- C:\Windows\System\BktioHP.exe
  C:\Windows\System\BktioHP.exe
  2⤵
  PID:5500
- C:\Windows\System\FxyOCIQ.exe
  C:\Windows\System\FxyOCIQ.exe
  2⤵
  PID:5520
- C:\Windows\System\wUqWWiv.exe
  C:\Windows\System\wUqWWiv.exe
  2⤵
  PID:5540
- C:\Windows\System\JGEbWqx.exe
  C:\Windows\System\JGEbWqx.exe
  2⤵
  PID:5560
- C:\Windows\System\OCEFmAk.exe
  C:\Windows\System\OCEFmAk.exe
  2⤵
  PID:5580
- C:\Windows\System\LNNbLuK.exe
  C:\Windows\System\LNNbLuK.exe
  2⤵
  PID:5600
- C:\Windows\System\AOaMZxI.exe
  C:\Windows\System\AOaMZxI.exe
  2⤵
  PID:5620
- C:\Windows\System\KJfedRL.exe
  C:\Windows\System\KJfedRL.exe
  2⤵
  PID:5640
- C:\Windows\System\HuauBCo.exe
  C:\Windows\System\HuauBCo.exe
  2⤵
  PID:5660
- C:\Windows\System\nyWnjlF.exe
  C:\Windows\System\nyWnjlF.exe
  2⤵
  PID:5680
- C:\Windows\System\zXVtGcI.exe
  C:\Windows\System\zXVtGcI.exe
  2⤵
  PID:5700
- C:\Windows\System\xGQhLFt.exe
  C:\Windows\System\xGQhLFt.exe
  2⤵
  PID:5720
- C:\Windows\System\ZWYuFFu.exe
  C:\Windows\System\ZWYuFFu.exe
  2⤵
  PID:5740
- C:\Windows\System\XVlmpQu.exe
  C:\Windows\System\XVlmpQu.exe
  2⤵
  PID:5760
- C:\Windows\System\pSijDwz.exe
  C:\Windows\System\pSijDwz.exe
  2⤵
  PID:5780
- C:\Windows\System\XINMxXp.exe
  C:\Windows\System\XINMxXp.exe
  2⤵
  PID:5800
- C:\Windows\System\RtWDtmF.exe
  C:\Windows\System\RtWDtmF.exe
  2⤵
  PID:5820
- C:\Windows\System\XurFAIt.exe
  C:\Windows\System\XurFAIt.exe
  2⤵
  PID:5840
- C:\Windows\System\Opepcgv.exe
  C:\Windows\System\Opepcgv.exe
  2⤵
  PID:5860
- C:\Windows\System\wXzJunn.exe
  C:\Windows\System\wXzJunn.exe
  2⤵
  PID:5880
- C:\Windows\System\iAwiWGY.exe
  C:\Windows\System\iAwiWGY.exe
  2⤵
  PID:5900
- C:\Windows\System\jbnPJSm.exe
  C:\Windows\System\jbnPJSm.exe
  2⤵
  PID:5920
- C:\Windows\System\uRbnFDc.exe
  C:\Windows\System\uRbnFDc.exe
  2⤵
  PID:5940
- C:\Windows\System\aPQRrDb.exe
  C:\Windows\System\aPQRrDb.exe
  2⤵
  PID:5960
- C:\Windows\System\rKeKBkq.exe
  C:\Windows\System\rKeKBkq.exe
  2⤵
  PID:5980
- C:\Windows\System\VXGHEIp.exe
  C:\Windows\System\VXGHEIp.exe
  2⤵
  PID:6000
- C:\Windows\System\oIcKZxL.exe
  C:\Windows\System\oIcKZxL.exe
  2⤵
  PID:6020
- C:\Windows\System\moFxnLo.exe
  C:\Windows\System\moFxnLo.exe
  2⤵
  PID:6040
- C:\Windows\System\tyBpOvU.exe
  C:\Windows\System\tyBpOvU.exe
  2⤵
  PID:6060
- C:\Windows\System\MwCroOx.exe
  C:\Windows\System\MwCroOx.exe
  2⤵
  PID:6080
- C:\Windows\System\ZfxsDgX.exe
  C:\Windows\System\ZfxsDgX.exe
  2⤵
  PID:6100
- C:\Windows\System\bVByAor.exe
  C:\Windows\System\bVByAor.exe
  2⤵
  PID:6120
- C:\Windows\System\SoxiPwm.exe
  C:\Windows\System\SoxiPwm.exe
  2⤵
  PID:6140
- C:\Windows\System\pjpRtYl.exe
  C:\Windows\System\pjpRtYl.exe
  2⤵
  PID:3676
- C:\Windows\System\uVLNBRq.exe
  C:\Windows\System\uVLNBRq.exe
  2⤵
  PID:3792
- C:\Windows\System\KbikiVI.exe
  C:\Windows\System\KbikiVI.exe
  2⤵
  PID:4220
- C:\Windows\System\SPlsfvk.exe
  C:\Windows\System\SPlsfvk.exe
  2⤵
  PID:4308
- C:\Windows\System\TiKYaPL.exe
  C:\Windows\System\TiKYaPL.exe
  2⤵
  PID:4364
- C:\Windows\System\oxhplxW.exe
  C:\Windows\System\oxhplxW.exe
  2⤵
  PID:4564
- C:\Windows\System\CEQUzbt.exe
  C:\Windows\System\CEQUzbt.exe
  2⤵
  PID:4568
- C:\Windows\System\lNtqzBI.exe
  C:\Windows\System\lNtqzBI.exe
  2⤵
  PID:4864
- C:\Windows\System\oXJFtUl.exe
  C:\Windows\System\oXJFtUl.exe
  2⤵
  PID:5040
- C:\Windows\System\wjOoAoo.exe
  C:\Windows\System\wjOoAoo.exe
  2⤵
  PID:5144
- C:\Windows\System\iXjkZKc.exe
  C:\Windows\System\iXjkZKc.exe
  2⤵
  PID:5172
- C:\Windows\System\bmonkrq.exe
  C:\Windows\System\bmonkrq.exe
  2⤵
  PID:5212
- C:\Windows\System\cJtrYNL.exe
  C:\Windows\System\cJtrYNL.exe
  2⤵
  PID:5264
- C:\Windows\System\Fhucrul.exe
  C:\Windows\System\Fhucrul.exe
  2⤵
  PID:5268
- C:\Windows\System\MYbxALh.exe
  C:\Windows\System\MYbxALh.exe
  2⤵
  PID:5312
- C:\Windows\System\SNtDYRY.exe
  C:\Windows\System\SNtDYRY.exe
  2⤵
  PID:5356
- C:\Windows\System\wQjKMlE.exe
  C:\Windows\System\wQjKMlE.exe
  2⤵
  PID:5388
- C:\Windows\System\wIFsftN.exe
  C:\Windows\System\wIFsftN.exe
  2⤵
  PID:5416
- C:\Windows\System\hvNgGaP.exe
  C:\Windows\System\hvNgGaP.exe
  2⤵
  PID:5448
- C:\Windows\System\iCuvefD.exe
  C:\Windows\System\iCuvefD.exe
  2⤵
  PID:5472
- C:\Windows\System\YKNjQLi.exe
  C:\Windows\System\YKNjQLi.exe
  2⤵
  PID:5516
- C:\Windows\System\jEjbahw.exe
  C:\Windows\System\jEjbahw.exe
  2⤵
  PID:5532
- C:\Windows\System\BYFCTNn.exe
  C:\Windows\System\BYFCTNn.exe
  2⤵
  PID:5588
- C:\Windows\System\IHojKvL.exe
  C:\Windows\System\IHojKvL.exe
  2⤵
  PID:5616
- C:\Windows\System\jidFKLK.exe
  C:\Windows\System\jidFKLK.exe
  2⤵
  PID:5656
- C:\Windows\System\QteuZJZ.exe
  C:\Windows\System\QteuZJZ.exe
  2⤵
  PID:5708
- C:\Windows\System\aUzrLet.exe
  C:\Windows\System\aUzrLet.exe
  2⤵
  PID:5728
- C:\Windows\System\RoIMqtU.exe
  C:\Windows\System\RoIMqtU.exe
  2⤵
  PID:5752
- C:\Windows\System\PFaKcTm.exe
  C:\Windows\System\PFaKcTm.exe
  2⤵
  PID:5772
- C:\Windows\System\HyMWGgk.exe
  C:\Windows\System\HyMWGgk.exe
  2⤵
  PID:5828
- C:\Windows\System\ciMoNzF.exe
  C:\Windows\System\ciMoNzF.exe
  2⤵
  PID:5852
- C:\Windows\System\kdgqiqu.exe
  C:\Windows\System\kdgqiqu.exe
  2⤵
  PID:5896
- C:\Windows\System\HrEHBfN.exe
  C:\Windows\System\HrEHBfN.exe
  2⤵
  PID:5928
- C:\Windows\System\fzGTOnF.exe
  C:\Windows\System\fzGTOnF.exe
  2⤵
  PID:5952
- C:\Windows\System\AXFFHii.exe
  C:\Windows\System\AXFFHii.exe
  2⤵
  PID:5996
- C:\Windows\System\HnMPLFp.exe
  C:\Windows\System\HnMPLFp.exe
  2⤵
  PID:6012
- C:\Windows\System\gTlJDUw.exe
  C:\Windows\System\gTlJDUw.exe
  2⤵
  PID:6068
- C:\Windows\System\CIQySkr.exe
  C:\Windows\System\CIQySkr.exe
  2⤵
  PID:6096
- C:\Windows\System\BNTRfKk.exe
  C:\Windows\System\BNTRfKk.exe
  2⤵
  PID:6128
- C:\Windows\System\ceDqpXn.exe
  C:\Windows\System\ceDqpXn.exe
  2⤵
  PID:5084
- C:\Windows\System\CXfvftW.exe
  C:\Windows\System\CXfvftW.exe
  2⤵
  PID:4176
- C:\Windows\System\ywtUKKj.exe
  C:\Windows\System\ywtUKKj.exe
  2⤵
  PID:4380
- C:\Windows\System\qwgEETW.exe
  C:\Windows\System\qwgEETW.exe
  2⤵
  PID:4548
- C:\Windows\System\XKvGeTY.exe
  C:\Windows\System\XKvGeTY.exe
  2⤵
  PID:4908
- C:\Windows\System\IvgvQdR.exe
  C:\Windows\System\IvgvQdR.exe
  2⤵
  PID:5124
- C:\Windows\System\RiOsPbY.exe
  C:\Windows\System\RiOsPbY.exe
  2⤵
  PID:5164
- C:\Windows\System\xbzSBuR.exe
  C:\Windows\System\xbzSBuR.exe
  2⤵
  PID:5228
- C:\Windows\System\xhtcgcD.exe
  C:\Windows\System\xhtcgcD.exe
  2⤵
  PID:5248
- C:\Windows\System\BiMEacH.exe
  C:\Windows\System\BiMEacH.exe
  2⤵
  PID:5376
- C:\Windows\System\TcrRhXB.exe
  C:\Windows\System\TcrRhXB.exe
  2⤵
  PID:5408
- C:\Windows\System\CflsEXf.exe
  C:\Windows\System\CflsEXf.exe
  2⤵
  PID:5468
- C:\Windows\System\NZYCrvE.exe
  C:\Windows\System\NZYCrvE.exe
  2⤵
  PID:5496
- C:\Windows\System\jSERXiV.exe
  C:\Windows\System\jSERXiV.exe
  2⤵
  PID:5576
- C:\Windows\System\pEtsNlt.exe
  C:\Windows\System\pEtsNlt.exe
  2⤵
  PID:5668
- C:\Windows\System\lyeFsMl.exe
  C:\Windows\System\lyeFsMl.exe
  2⤵
  PID:5712
- C:\Windows\System\GiBbxYt.exe
  C:\Windows\System\GiBbxYt.exe
  2⤵
  PID:5776
- C:\Windows\System\gVwhhhz.exe
  C:\Windows\System\gVwhhhz.exe
  2⤵
  PID:5812
- C:\Windows\System\UJrakIo.exe
  C:\Windows\System\UJrakIo.exe
  2⤵
  PID:5876
- C:\Windows\System\KOrnOjd.exe
  C:\Windows\System\KOrnOjd.exe
  2⤵
  PID:5916
- C:\Windows\System\JsNLsyh.exe
  C:\Windows\System\JsNLsyh.exe
  2⤵
  PID:2488
- C:\Windows\System\SPRTAsG.exe
  C:\Windows\System\SPRTAsG.exe
  2⤵
  PID:6028
- C:\Windows\System\QkHSSkp.exe
  C:\Windows\System\QkHSSkp.exe
  2⤵
  PID:6052
- C:\Windows\System\zAWRDzl.exe
  C:\Windows\System\zAWRDzl.exe
  2⤵
  PID:6092
- C:\Windows\System\KsGtwzw.exe
  C:\Windows\System\KsGtwzw.exe
  2⤵
  PID:4168
- C:\Windows\System\mSbRlNX.exe
  C:\Windows\System\mSbRlNX.exe
  2⤵
  PID:2380
- C:\Windows\System\fvylpUR.exe
  C:\Windows\System\fvylpUR.exe
  2⤵
  PID:4884
- C:\Windows\System\xeAzjff.exe
  C:\Windows\System\xeAzjff.exe
  2⤵
  PID:5204
- C:\Windows\System\MrOuenj.exe
  C:\Windows\System\MrOuenj.exe
  2⤵
  PID:5252
- C:\Windows\System\ICvzzEz.exe
  C:\Windows\System\ICvzzEz.exe
  2⤵
  PID:5324
- C:\Windows\System\aAfXTGK.exe
  C:\Windows\System\aAfXTGK.exe
  2⤵
  PID:5436
- C:\Windows\System\gMnyMhO.exe
  C:\Windows\System\gMnyMhO.exe
  2⤵
  PID:5476
- C:\Windows\System\RLuWbXI.exe
  C:\Windows\System\RLuWbXI.exe
  2⤵
  PID:5632
- C:\Windows\System\VcPzLYB.exe
  C:\Windows\System\VcPzLYB.exe
  2⤵
  PID:5796
- C:\Windows\System\LjHjZel.exe
  C:\Windows\System\LjHjZel.exe
  2⤵
  PID:5832
- C:\Windows\System\gwJORlv.exe
  C:\Windows\System\gwJORlv.exe
  2⤵
  PID:5872
- C:\Windows\System\EmKqVSU.exe
  C:\Windows\System\EmKqVSU.exe
  2⤵
  PID:5976
- C:\Windows\System\vbTzHri.exe
  C:\Windows\System\vbTzHri.exe
  2⤵
  PID:6160
- C:\Windows\System\pcIHbeF.exe
  C:\Windows\System\pcIHbeF.exe
  2⤵
  PID:6180
- C:\Windows\System\HuBTxRH.exe
  C:\Windows\System\HuBTxRH.exe
  2⤵
  PID:6200
- C:\Windows\System\EIeVJbh.exe
  C:\Windows\System\EIeVJbh.exe
  2⤵
  PID:6220
- C:\Windows\System\WtwFaIX.exe
  C:\Windows\System\WtwFaIX.exe
  2⤵
  PID:6240
- C:\Windows\System\TwobbKn.exe
  C:\Windows\System\TwobbKn.exe
  2⤵
  PID:6260
- C:\Windows\System\qNcjNto.exe
  C:\Windows\System\qNcjNto.exe
  2⤵
  PID:6280
- C:\Windows\System\OWqPlMs.exe
  C:\Windows\System\OWqPlMs.exe
  2⤵
  PID:6300
- C:\Windows\System\cgcuXbH.exe
  C:\Windows\System\cgcuXbH.exe
  2⤵
  PID:6320
- C:\Windows\System\WpIEWpd.exe
  C:\Windows\System\WpIEWpd.exe
  2⤵
  PID:6340
- C:\Windows\System\TMjJYPF.exe
  C:\Windows\System\TMjJYPF.exe
  2⤵
  PID:6360
- C:\Windows\System\btfwPyv.exe
  C:\Windows\System\btfwPyv.exe
  2⤵
  PID:6380
- C:\Windows\System\nfVGiEq.exe
  C:\Windows\System\nfVGiEq.exe
  2⤵
  PID:6400
- C:\Windows\System\pFqfCDY.exe
  C:\Windows\System\pFqfCDY.exe
  2⤵
  PID:6420
- C:\Windows\System\bGmeZua.exe
  C:\Windows\System\bGmeZua.exe
  2⤵
  PID:6440
- C:\Windows\System\ghftoiW.exe
  C:\Windows\System\ghftoiW.exe
  2⤵
  PID:6460
- C:\Windows\System\MUQhgCg.exe
  C:\Windows\System\MUQhgCg.exe
  2⤵
  PID:6480
- C:\Windows\System\YxQvMJN.exe
  C:\Windows\System\YxQvMJN.exe
  2⤵
  PID:6500
- C:\Windows\System\cAiwKCh.exe
  C:\Windows\System\cAiwKCh.exe
  2⤵
  PID:6520
- C:\Windows\System\hJTyZGk.exe
  C:\Windows\System\hJTyZGk.exe
  2⤵
  PID:6540
- C:\Windows\System\DcKHZac.exe
  C:\Windows\System\DcKHZac.exe
  2⤵
  PID:6560
- C:\Windows\System\eCweVcE.exe
  C:\Windows\System\eCweVcE.exe
  2⤵
  PID:6580
- C:\Windows\System\jnGoZnt.exe
  C:\Windows\System\jnGoZnt.exe
  2⤵
  PID:6600
- C:\Windows\System\alGmAIH.exe
  C:\Windows\System\alGmAIH.exe
  2⤵
  PID:6620
- C:\Windows\System\NdXCOpn.exe
  C:\Windows\System\NdXCOpn.exe
  2⤵
  PID:6644
- C:\Windows\System\sMDYgvn.exe
  C:\Windows\System\sMDYgvn.exe
  2⤵
  PID:6664
- C:\Windows\System\mWEPsyl.exe
  C:\Windows\System\mWEPsyl.exe
  2⤵
  PID:6684
- C:\Windows\System\bVVOJXE.exe
  C:\Windows\System\bVVOJXE.exe
  2⤵
  PID:6704
- C:\Windows\System\EHfvDpl.exe
  C:\Windows\System\EHfvDpl.exe
  2⤵
  PID:6724
- C:\Windows\System\qKygRwf.exe
  C:\Windows\System\qKygRwf.exe
  2⤵
  PID:6744
- C:\Windows\System\tMjonjd.exe
  C:\Windows\System\tMjonjd.exe
  2⤵
  PID:6764
- C:\Windows\System\GbgbLDq.exe
  C:\Windows\System\GbgbLDq.exe
  2⤵
  PID:6784
- C:\Windows\System\pFBLPYn.exe
  C:\Windows\System\pFBLPYn.exe
  2⤵
  PID:6804
- C:\Windows\System\rgixtzY.exe
  C:\Windows\System\rgixtzY.exe
  2⤵
  PID:6824
- C:\Windows\System\orTFIDC.exe
  C:\Windows\System\orTFIDC.exe
  2⤵
  PID:6844
- C:\Windows\System\hUAcjqL.exe
  C:\Windows\System\hUAcjqL.exe
  2⤵
  PID:6864
- C:\Windows\System\vchPVOj.exe
  C:\Windows\System\vchPVOj.exe
  2⤵
  PID:6884
- C:\Windows\System\BEWCFxH.exe
  C:\Windows\System\BEWCFxH.exe
  2⤵
  PID:6904
- C:\Windows\System\zPYvUny.exe
  C:\Windows\System\zPYvUny.exe
  2⤵
  PID:6924
- C:\Windows\System\tHdzYPn.exe
  C:\Windows\System\tHdzYPn.exe
  2⤵
  PID:6944
- C:\Windows\System\kXIxkKD.exe
  C:\Windows\System\kXIxkKD.exe
  2⤵
  PID:6964
- C:\Windows\System\nmyxSiD.exe
  C:\Windows\System\nmyxSiD.exe
  2⤵
  PID:6984
- C:\Windows\System\CavnbDA.exe
  C:\Windows\System\CavnbDA.exe
  2⤵
  PID:7004
- C:\Windows\System\UhwPjJy.exe
  C:\Windows\System\UhwPjJy.exe
  2⤵
  PID:7024
- C:\Windows\System\ORfHQPa.exe
  C:\Windows\System\ORfHQPa.exe
  2⤵
  PID:7044
- C:\Windows\System\NfQcXyu.exe
  C:\Windows\System\NfQcXyu.exe
  2⤵
  PID:7064
- C:\Windows\System\pvpEbwI.exe
  C:\Windows\System\pvpEbwI.exe
  2⤵
  PID:7084
- C:\Windows\System\OtHSpsi.exe
  C:\Windows\System\OtHSpsi.exe
  2⤵
  PID:7104
- C:\Windows\System\iKLNfdE.exe
  C:\Windows\System\iKLNfdE.exe
  2⤵
  PID:7124
- C:\Windows\System\WXCZaZB.exe
  C:\Windows\System\WXCZaZB.exe
  2⤵
  PID:7144
- C:\Windows\System\bxSVGtw.exe
  C:\Windows\System\bxSVGtw.exe
  2⤵
  PID:7164
- C:\Windows\System\VMjCSCU.exe
  C:\Windows\System\VMjCSCU.exe
  2⤵
  PID:6056
- C:\Windows\System\yRhVZrH.exe
  C:\Windows\System\yRhVZrH.exe
  2⤵
  PID:5100
- C:\Windows\System\dXjOPyw.exe
  C:\Windows\System\dXjOPyw.exe
  2⤵
  PID:4700
- C:\Windows\System\ivFdGCn.exe
  C:\Windows\System\ivFdGCn.exe
  2⤵
  PID:5224
- C:\Windows\System\zrtXFGb.exe
  C:\Windows\System\zrtXFGb.exe
  2⤵
  PID:5492
- C:\Windows\System\iTSlEgw.exe
  C:\Windows\System\iTSlEgw.exe
  2⤵
  PID:5676
- C:\Windows\System\AeaRVsM.exe
  C:\Windows\System\AeaRVsM.exe
  2⤵
  PID:5808
- C:\Windows\System\jekOlak.exe
  C:\Windows\System\jekOlak.exe
  2⤵
  PID:5856
- C:\Windows\System\YfIlzWu.exe
  C:\Windows\System\YfIlzWu.exe
  2⤵
  PID:6156
- C:\Windows\System\pbmVbxP.exe
  C:\Windows\System\pbmVbxP.exe
  2⤵
  PID:6172
- C:\Windows\System\jPGIFfj.exe
  C:\Windows\System\jPGIFfj.exe
  2⤵
  PID:6212
- C:\Windows\System\VQjPiMN.exe
  C:\Windows\System\VQjPiMN.exe
  2⤵
  PID:6256
- C:\Windows\System\NnXFAEC.exe
  C:\Windows\System\NnXFAEC.exe
  2⤵
  PID:6288
- C:\Windows\System\LibBlgh.exe
  C:\Windows\System\LibBlgh.exe
  2⤵
  PID:6312
- C:\Windows\System\JyXJbyQ.exe
  C:\Windows\System\JyXJbyQ.exe
  2⤵
  PID:6352
- C:\Windows\System\HIufSlO.exe
  C:\Windows\System\HIufSlO.exe
  2⤵
  PID:6396
- C:\Windows\System\NrXzDWc.exe
  C:\Windows\System\NrXzDWc.exe
  2⤵
  PID:6412
- C:\Windows\System\nBlwSkA.exe
  C:\Windows\System\nBlwSkA.exe
  2⤵
  PID:6476
- C:\Windows\System\YhmTuBh.exe
  C:\Windows\System\YhmTuBh.exe
  2⤵
  PID:6508
- C:\Windows\System\DJCmdok.exe
  C:\Windows\System\DJCmdok.exe
  2⤵
  PID:2472
- C:\Windows\System\yiJhrLO.exe
  C:\Windows\System\yiJhrLO.exe
  2⤵
  PID:6552
- C:\Windows\System\dnkWqmL.exe
  C:\Windows\System\dnkWqmL.exe
  2⤵
  PID:6572
- C:\Windows\System\kIuschJ.exe
  C:\Windows\System\kIuschJ.exe
  2⤵
  PID:6628
- C:\Windows\System\etKKHII.exe
  C:\Windows\System\etKKHII.exe
  2⤵
  PID:6672
- C:\Windows\System\RpKxtRV.exe
  C:\Windows\System\RpKxtRV.exe
  2⤵
  PID:6656
- C:\Windows\System\LvqdMuN.exe
  C:\Windows\System\LvqdMuN.exe
  2⤵
  PID:6700
- C:\Windows\System\mpVBuJM.exe
  C:\Windows\System\mpVBuJM.exe
  2⤵
  PID:6732
- C:\Windows\System\AqSBgXY.exe
  C:\Windows\System\AqSBgXY.exe
  2⤵
  PID:6756
- C:\Windows\System\kokPpNT.exe
  C:\Windows\System\kokPpNT.exe
  2⤵
  PID:6776
- C:\Windows\System\OwJiGpO.exe
  C:\Windows\System\OwJiGpO.exe
  2⤵
  PID:6816
- C:\Windows\System\YMsvaWR.exe
  C:\Windows\System\YMsvaWR.exe
  2⤵
  PID:6880
- C:\Windows\System\ZbOhDnC.exe
  C:\Windows\System\ZbOhDnC.exe
  2⤵
  PID:6912
- C:\Windows\System\OcCOeGn.exe
  C:\Windows\System\OcCOeGn.exe
  2⤵
  PID:6932
- C:\Windows\System\LcULGqV.exe
  C:\Windows\System\LcULGqV.exe
  2⤵
  PID:6940
- C:\Windows\System\LKkCfWj.exe
  C:\Windows\System\LKkCfWj.exe
  2⤵
  PID:7000
- C:\Windows\System\sJgdMQz.exe
  C:\Windows\System\sJgdMQz.exe
  2⤵
  PID:7016
- C:\Windows\System\NouAMmM.exe
  C:\Windows\System\NouAMmM.exe
  2⤵
  PID:7072
- C:\Windows\System\UIPAlMV.exe
  C:\Windows\System\UIPAlMV.exe
  2⤵
  PID:7092
- C:\Windows\System\FrFpbju.exe
  C:\Windows\System\FrFpbju.exe
  2⤵
  PID:7132
- C:\Windows\System\zMAhspG.exe
  C:\Windows\System\zMAhspG.exe
  2⤵
  PID:7156
- C:\Windows\System\iDnZSBb.exe
  C:\Windows\System\iDnZSBb.exe
  2⤵
  PID:4340
- C:\Windows\System\atMChCu.exe
  C:\Windows\System\atMChCu.exe
  2⤵
  PID:5132
- C:\Windows\System\nFyCjcO.exe
  C:\Windows\System\nFyCjcO.exe
  2⤵
  PID:5272
- C:\Windows\System\AnfrKWB.exe
  C:\Windows\System\AnfrKWB.exe
  2⤵
  PID:5548
- C:\Windows\System\yswJaGR.exe
  C:\Windows\System\yswJaGR.exe
  2⤵
  PID:5736
- C:\Windows\System\bocQsWO.exe
  C:\Windows\System\bocQsWO.exe
  2⤵
  PID:6168
- C:\Windows\System\dVyVsLq.exe
  C:\Windows\System\dVyVsLq.exe
  2⤵
  PID:6236
- C:\Windows\System\tQYJvLD.exe
  C:\Windows\System\tQYJvLD.exe
  2⤵
  PID:6296
- C:\Windows\System\QRrrIGo.exe
  C:\Windows\System\QRrrIGo.exe
  2⤵
  PID:2068
- C:\Windows\System\fZjOBUO.exe
  C:\Windows\System\fZjOBUO.exe
  2⤵
  PID:6348
- C:\Windows\System\gtPBkip.exe
  C:\Windows\System\gtPBkip.exe
  2⤵
  PID:6468
- C:\Windows\System\jVzGYNT.exe
  C:\Windows\System\jVzGYNT.exe
  2⤵
  PID:6452
- C:\Windows\System\Cixxwlz.exe
  C:\Windows\System\Cixxwlz.exe
  2⤵
  PID:6516
- C:\Windows\System\pMNCIUK.exe
  C:\Windows\System\pMNCIUK.exe
  2⤵
  PID:6548
- C:\Windows\System\hPMlstP.exe
  C:\Windows\System\hPMlstP.exe
  2⤵
  PID:6596
- C:\Windows\System\UTRKatu.exe
  C:\Windows\System\UTRKatu.exe
  2⤵
  PID:6660
- C:\Windows\System\JizYBet.exe
  C:\Windows\System\JizYBet.exe
  2⤵
  PID:6696
- C:\Windows\System\vdWwwlv.exe
  C:\Windows\System\vdWwwlv.exe
  2⤵
  PID:6832
- C:\Windows\System\jSIrYnD.exe
  C:\Windows\System\jSIrYnD.exe
  2⤵
  PID:6812
- C:\Windows\System\AaLJhVC.exe
  C:\Windows\System\AaLJhVC.exe
  2⤵
  PID:6892
- C:\Windows\System\tczbudM.exe
  C:\Windows\System\tczbudM.exe
  2⤵
  PID:6896
- C:\Windows\System\DPPARZu.exe
  C:\Windows\System\DPPARZu.exe
  2⤵
  PID:6980
- C:\Windows\System\UIwnwfk.exe
  C:\Windows\System\UIwnwfk.exe
  2⤵
  PID:7112
- C:\Windows\System\ZeXkQiT.exe
  C:\Windows\System\ZeXkQiT.exe
  2⤵
  PID:7116
- C:\Windows\System\UeAkxbj.exe
  C:\Windows\System\UeAkxbj.exe
  2⤵
  PID:2364
- C:\Windows\System\JhrJuJJ.exe
  C:\Windows\System\JhrJuJJ.exe
  2⤵
  PID:6048
- C:\Windows\System\ATTutmT.exe
  C:\Windows\System\ATTutmT.exe
  2⤵
  PID:5292
- C:\Windows\System\HmXWKFV.exe
  C:\Windows\System\HmXWKFV.exe
  2⤵
  PID:2516
- C:\Windows\System\AYyVqXb.exe
  C:\Windows\System\AYyVqXb.exe
  2⤵
  PID:6192
- C:\Windows\System\tYTEsXc.exe
  C:\Windows\System\tYTEsXc.exe
  2⤵
  PID:2412
- C:\Windows\System\QChyxKz.exe
  C:\Windows\System\QChyxKz.exe
  2⤵
  PID:6316
- C:\Windows\System\TUjIIal.exe
  C:\Windows\System\TUjIIal.exe
  2⤵
  PID:6356
- C:\Windows\System\meSpJuj.exe
  C:\Windows\System\meSpJuj.exe
  2⤵
  PID:6376
- C:\Windows\System\UZhvbaf.exe
  C:\Windows\System\UZhvbaf.exe
  2⤵
  PID:6576
- C:\Windows\System\FsDDRGJ.exe
  C:\Windows\System\FsDDRGJ.exe
  2⤵
  PID:6592
- C:\Windows\System\tOpXcJZ.exe
  C:\Windows\System\tOpXcJZ.exe
  2⤵
  PID:6752
- C:\Windows\System\EJtfkMR.exe
  C:\Windows\System\EJtfkMR.exe
  2⤵
  PID:6872
- C:\Windows\System\QFCNyPc.exe
  C:\Windows\System\QFCNyPc.exe
  2⤵
  PID:6852
- C:\Windows\System\QKFztfh.exe
  C:\Windows\System\QKFztfh.exe
  2⤵
  PID:6916
- C:\Windows\System\ccFMuEY.exe
  C:\Windows\System\ccFMuEY.exe
  2⤵
  PID:7020
- C:\Windows\System\xzIgWKl.exe
  C:\Windows\System\xzIgWKl.exe
  2⤵
  PID:5148
- C:\Windows\System\jHuDDoU.exe
  C:\Windows\System\jHuDDoU.exe
  2⤵
  PID:7136
- C:\Windows\System\tKmotXr.exe
  C:\Windows\System\tKmotXr.exe
  2⤵
  PID:1892
- C:\Windows\System\LtRYGfi.exe
  C:\Windows\System\LtRYGfi.exe
  2⤵
  PID:6148
- C:\Windows\System\MXhoNZs.exe
  C:\Windows\System\MXhoNZs.exe
  2⤵
  PID:756
- C:\Windows\System\UmLZQvY.exe
  C:\Windows\System\UmLZQvY.exe
  2⤵
  PID:6388
- C:\Windows\System\mWsIXOW.exe
  C:\Windows\System\mWsIXOW.exe
  2⤵
  PID:2528
- C:\Windows\System\TWoYdzm.exe
  C:\Windows\System\TWoYdzm.exe
  2⤵
  PID:6416
- C:\Windows\System\aothMJh.exe
  C:\Windows\System\aothMJh.exe
  2⤵
  PID:2640
- C:\Windows\System\OyXUOlN.exe
  C:\Windows\System\OyXUOlN.exe
  2⤵
  PID:2384
- C:\Windows\System\JOdxNhg.exe
  C:\Windows\System\JOdxNhg.exe
  2⤵
  PID:1636
- C:\Windows\System\chuMkwt.exe
  C:\Windows\System\chuMkwt.exe
  2⤵
  PID:2196
- C:\Windows\System\pSrXEzh.exe
  C:\Windows\System\pSrXEzh.exe
  2⤵
  PID:7096
- C:\Windows\System\ZxMMwig.exe
  C:\Windows\System\ZxMMwig.exe
  2⤵
  PID:348
- C:\Windows\System\addbWUC.exe
  C:\Windows\System\addbWUC.exe
  2⤵
  PID:1392
- C:\Windows\System\nOVweHm.exe
  C:\Windows\System\nOVweHm.exe
  2⤵
  PID:2728
- C:\Windows\System\qtuVbSs.exe
  C:\Windows\System\qtuVbSs.exe
  2⤵
  PID:1712
- C:\Windows\System\imOjELo.exe
  C:\Windows\System\imOjELo.exe
  2⤵
  PID:5188
- C:\Windows\System\AOnAdkm.exe
  C:\Windows\System\AOnAdkm.exe
  2⤵
  PID:2484
- C:\Windows\System\luizYVq.exe
  C:\Windows\System\luizYVq.exe
  2⤵
  PID:1728
- C:\Windows\System\WfAuXLq.exe
  C:\Windows\System\WfAuXLq.exe
  2⤵
  PID:1040
- C:\Windows\System\nzNgWSc.exe
  C:\Windows\System\nzNgWSc.exe
  2⤵
  PID:6676
- C:\Windows\System\pMUWjUv.exe
  C:\Windows\System\pMUWjUv.exe
  2⤵
  PID:776
- C:\Windows\System\GeamvCM.exe
  C:\Windows\System\GeamvCM.exe
  2⤵
  PID:6780
- C:\Windows\System\nQOUpPx.exe
  C:\Windows\System\nQOUpPx.exe
  2⤵
  PID:536
- C:\Windows\System\aWKKIQx.exe
  C:\Windows\System\aWKKIQx.exe
  2⤵
  PID:1668
- C:\Windows\System\NgomQiq.exe
  C:\Windows\System\NgomQiq.exe
  2⤵
  PID:5452
- C:\Windows\System\ZRbZPXU.exe
  C:\Windows\System\ZRbZPXU.exe
  2⤵
  PID:6208
- C:\Windows\System\zaeatAr.exe
  C:\Windows\System\zaeatAr.exe
  2⤵
  PID:2148
- C:\Windows\System\XwNWlyt.exe
  C:\Windows\System\XwNWlyt.exe
  2⤵
  PID:2868
- C:\Windows\System\lJjhgIG.exe
  C:\Windows\System\lJjhgIG.exe
  2⤵
  PID:1396
- C:\Windows\System\DOwYsGb.exe
  C:\Windows\System\DOwYsGb.exe
  2⤵
  PID:6612
- C:\Windows\System\CpPSCKM.exe
  C:\Windows\System\CpPSCKM.exe
  2⤵
  PID:6720
- C:\Windows\System\HZoxyCD.exe
  C:\Windows\System\HZoxyCD.exe
  2⤵
  PID:540
- C:\Windows\System\IfCpOJz.exe
  C:\Windows\System\IfCpOJz.exe
  2⤵
  PID:2076
- C:\Windows\System\uJVwmui.exe
  C:\Windows\System\uJVwmui.exe
  2⤵
  PID:1560
- C:\Windows\System\sNfKubj.exe
  C:\Windows\System\sNfKubj.exe
  2⤵
  PID:6112
- C:\Windows\System\wRJZYkt.exe
  C:\Windows\System\wRJZYkt.exe
  2⤵
  PID:6248
- C:\Windows\System\GaiNMMa.exe
  C:\Windows\System\GaiNMMa.exe
  2⤵
  PID:2172
- C:\Windows\System\DEaHIKs.exe
  C:\Windows\System\DEaHIKs.exe
  2⤵
  PID:4804
- C:\Windows\System\auWYRhB.exe
  C:\Windows\System\auWYRhB.exe
  2⤵
  PID:2012
- C:\Windows\System\DiRBqoP.exe
  C:\Windows\System\DiRBqoP.exe
  2⤵
  PID:2240
- C:\Windows\System\vNJcZWJ.exe
  C:\Windows\System\vNJcZWJ.exe
  2⤵
  PID:2656
- C:\Windows\System\lldyAKl.exe
  C:\Windows\System\lldyAKl.exe
  2⤵
  PID:1872
- C:\Windows\System\AXtOxcl.exe
  C:\Windows\System\AXtOxcl.exe
  2⤵
  PID:1488
- C:\Windows\System\RrFVjTY.exe
  C:\Windows\System\RrFVjTY.exe
  2⤵
  PID:6920
- C:\Windows\System\sFnNSNU.exe
  C:\Windows\System\sFnNSNU.exe
  2⤵
  PID:7180
- C:\Windows\System\grPDlxR.exe
  C:\Windows\System\grPDlxR.exe
  2⤵
  PID:7196
- C:\Windows\System\GjeltkP.exe
  C:\Windows\System\GjeltkP.exe
  2⤵
  PID:7212
- C:\Windows\System\UdZUNct.exe
  C:\Windows\System\UdZUNct.exe
  2⤵
  PID:7228
- C:\Windows\System\YHoPOpO.exe
  C:\Windows\System\YHoPOpO.exe
  2⤵
  PID:7244
- C:\Windows\System\XRsbjJq.exe
  C:\Windows\System\XRsbjJq.exe
  2⤵
  PID:7296
- C:\Windows\System\BFhQzLv.exe
  C:\Windows\System\BFhQzLv.exe
  2⤵
  PID:7312
- C:\Windows\System\SKOsjgJ.exe
  C:\Windows\System\SKOsjgJ.exe
  2⤵
  PID:7328
- C:\Windows\System\EpEflBt.exe
  C:\Windows\System\EpEflBt.exe
  2⤵
  PID:7352
- C:\Windows\System\gKwfHkX.exe
  C:\Windows\System\gKwfHkX.exe
  2⤵
  PID:7376
- C:\Windows\System\LEVjkDJ.exe
  C:\Windows\System\LEVjkDJ.exe
  2⤵
  PID:7392
- C:\Windows\System\ultEYQB.exe
  C:\Windows\System\ultEYQB.exe
  2⤵
  PID:7408
- C:\Windows\System\AVGbbkz.exe
  C:\Windows\System\AVGbbkz.exe
  2⤵
  PID:7424
- C:\Windows\System\ArLsPhv.exe
  C:\Windows\System\ArLsPhv.exe
  2⤵
  PID:7440
- C:\Windows\System\MbSeWzw.exe
  C:\Windows\System\MbSeWzw.exe
  2⤵
  PID:7456
- C:\Windows\System\yxCLSNL.exe
  C:\Windows\System\yxCLSNL.exe
  2⤵
  PID:7472
- C:\Windows\System\XBIpLoQ.exe
  C:\Windows\System\XBIpLoQ.exe
  2⤵
  PID:7488
- C:\Windows\System\erSMhGX.exe
  C:\Windows\System\erSMhGX.exe
  2⤵
  PID:7512
- C:\Windows\System\VTKtbec.exe
  C:\Windows\System\VTKtbec.exe
  2⤵
  PID:7540
- C:\Windows\System\OUMNlpW.exe
  C:\Windows\System\OUMNlpW.exe
  2⤵
  PID:7556
- C:\Windows\System\EwsIrvF.exe
  C:\Windows\System\EwsIrvF.exe
  2⤵
  PID:7576
- C:\Windows\System\FvkqgrS.exe
  C:\Windows\System\FvkqgrS.exe
  2⤵
  PID:7592
- C:\Windows\System\OkAhhml.exe
  C:\Windows\System\OkAhhml.exe
  2⤵
  PID:7640
- C:\Windows\System\TKANEfI.exe
  C:\Windows\System\TKANEfI.exe
  2⤵
  PID:7656
- C:\Windows\System\yXSAHXq.exe
  C:\Windows\System\yXSAHXq.exe
  2⤵
  PID:7676
- C:\Windows\System\RTzbTtl.exe
  C:\Windows\System\RTzbTtl.exe
  2⤵
  PID:7696
- C:\Windows\System\qVZQtpP.exe
  C:\Windows\System\qVZQtpP.exe
  2⤵
  PID:7716
- C:\Windows\System\vvNrmsE.exe
  C:\Windows\System\vvNrmsE.exe
  2⤵
  PID:7732
- C:\Windows\System\lMEvQrA.exe
  C:\Windows\System\lMEvQrA.exe
  2⤵
  PID:7748
- C:\Windows\System\fiKqCSb.exe
  C:\Windows\System\fiKqCSb.exe
  2⤵
  PID:7768
- C:\Windows\System\HGZIXAm.exe
  C:\Windows\System\HGZIXAm.exe
  2⤵
  PID:7784
- C:\Windows\System\CihYxVK.exe
  C:\Windows\System\CihYxVK.exe
  2⤵
  PID:7804
- C:\Windows\System\gIurTbK.exe
  C:\Windows\System\gIurTbK.exe
  2⤵
  PID:7824
- C:\Windows\System\zmFhRxT.exe
  C:\Windows\System\zmFhRxT.exe
  2⤵
  PID:7840
- C:\Windows\System\mJlomos.exe
  C:\Windows\System\mJlomos.exe
  2⤵
  PID:7884
- C:\Windows\System\oOdWrYx.exe
  C:\Windows\System\oOdWrYx.exe
  2⤵
  PID:7900
- C:\Windows\System\HTbcVEF.exe
  C:\Windows\System\HTbcVEF.exe
  2⤵
  PID:7916
- C:\Windows\System\waTcxMI.exe
  C:\Windows\System\waTcxMI.exe
  2⤵
  PID:7932
- C:\Windows\System\UmljlyI.exe
  C:\Windows\System\UmljlyI.exe
  2⤵
  PID:7948
- C:\Windows\System\cnyRTOb.exe
  C:\Windows\System\cnyRTOb.exe
  2⤵
  PID:7964
- C:\Windows\System\oNzvAum.exe
  C:\Windows\System\oNzvAum.exe
  2⤵
  PID:7980
- C:\Windows\System\aozkpRl.exe
  C:\Windows\System\aozkpRl.exe
  2⤵
  PID:7996
- C:\Windows\System\sTgTsJU.exe
  C:\Windows\System\sTgTsJU.exe
  2⤵
  PID:8012
- C:\Windows\System\aKHIMTe.exe
  C:\Windows\System\aKHIMTe.exe
  2⤵
  PID:8028
- C:\Windows\System\wsQvEfW.exe
  C:\Windows\System\wsQvEfW.exe
  2⤵
  PID:8044
- C:\Windows\System\KNrrVoW.exe
  C:\Windows\System\KNrrVoW.exe
  2⤵
  PID:8060
- C:\Windows\System\WxqEWoa.exe
  C:\Windows\System\WxqEWoa.exe
  2⤵
  PID:8076
- C:\Windows\System\QIcqhSE.exe
  C:\Windows\System\QIcqhSE.exe
  2⤵
  PID:8092
- C:\Windows\System\VrosiKU.exe
  C:\Windows\System\VrosiKU.exe
  2⤵
  PID:8108
- C:\Windows\System\NcTwEfQ.exe
  C:\Windows\System\NcTwEfQ.exe
  2⤵
  PID:8124
- C:\Windows\System\TAqdZGO.exe
  C:\Windows\System\TAqdZGO.exe
  2⤵
  PID:8140
- C:\Windows\System\xPiTRmt.exe
  C:\Windows\System\xPiTRmt.exe
  2⤵
  PID:8156
- C:\Windows\System\lJnLPjN.exe
  C:\Windows\System\lJnLPjN.exe
  2⤵
  PID:8172
- C:\Windows\System\kYMeUBD.exe
  C:\Windows\System\kYMeUBD.exe
  2⤵
  PID:8188
- C:\Windows\System\PtOQwGL.exe
  C:\Windows\System\PtOQwGL.exe
  2⤵
  PID:7076
- C:\Windows\System\gDzCWYX.exe
  C:\Windows\System\gDzCWYX.exe
  2⤵
  PID:7188
- C:\Windows\System\CIYZhHi.exe
  C:\Windows\System\CIYZhHi.exe
  2⤵
  PID:7252
- C:\Windows\System\zuIdxFH.exe
  C:\Windows\System\zuIdxFH.exe
  2⤵
  PID:7176
- C:\Windows\System\hdlvCft.exe
  C:\Windows\System\hdlvCft.exe
  2⤵
  PID:7240
- C:\Windows\System\CjVGEEF.exe
  C:\Windows\System\CjVGEEF.exe
  2⤵
  PID:7268
- C:\Windows\System\TtNOFAX.exe
  C:\Windows\System\TtNOFAX.exe
  2⤵
  PID:7284
- C:\Windows\System\yVTWQNL.exe
  C:\Windows\System\yVTWQNL.exe
  2⤵
  PID:7308
- C:\Windows\System\hXuuMqz.exe
  C:\Windows\System\hXuuMqz.exe
  2⤵
  PID:7320
- C:\Windows\System\QtlkHAa.exe
  C:\Windows\System\QtlkHAa.exe
  2⤵
  PID:7360
- C:\Windows\System\cgSWeAL.exe
  C:\Windows\System\cgSWeAL.exe
  2⤵
  PID:7388
- C:\Windows\System\EmdFhXQ.exe
  C:\Windows\System\EmdFhXQ.exe
  2⤵
  PID:7436
- C:\Windows\System\WenmOam.exe
  C:\Windows\System\WenmOam.exe
  2⤵
  PID:7500
- C:\Windows\System\ZjwTRDM.exe
  C:\Windows\System\ZjwTRDM.exe
  2⤵
  PID:7552
- C:\Windows\System\mpotimd.exe
  C:\Windows\System\mpotimd.exe
  2⤵
  PID:7480
- C:\Windows\System\TZyIBON.exe
  C:\Windows\System\TZyIBON.exe
  2⤵
  PID:7528
- C:\Windows\System\vfyiSVD.exe
  C:\Windows\System\vfyiSVD.exe
  2⤵
  PID:7420
- C:\Windows\System\bUkCVcO.exe
  C:\Windows\System\bUkCVcO.exe
  2⤵
  PID:7608
- C:\Windows\System\KHTbbBm.exe
  C:\Windows\System\KHTbbBm.exe
  2⤵
  PID:7624
- C:\Windows\System\zpbUVlo.exe
  C:\Windows\System\zpbUVlo.exe
  2⤵
  PID:7604
- C:\Windows\System\PEXawTC.exe
  C:\Windows\System\PEXawTC.exe
  2⤵
  PID:7664
- C:\Windows\System\jIYkDvt.exe
  C:\Windows\System\jIYkDvt.exe
  2⤵
  PID:7688
- C:\Windows\System\jvHJRUJ.exe
  C:\Windows\System\jvHJRUJ.exe
  2⤵
  PID:7756
- C:\Windows\System\reVorHf.exe
  C:\Windows\System\reVorHf.exe
  2⤵
  PID:7708
- C:\Windows\System\puZzHVW.exe
  C:\Windows\System\puZzHVW.exe
  2⤵
  PID:7712
- C:\Windows\System\ZeYmFlq.exe
  C:\Windows\System\ZeYmFlq.exe
  2⤵
  PID:7780
- C:\Windows\System\gDzKnOR.exe
  C:\Windows\System\gDzKnOR.exe
  2⤵
  PID:7848
- C:\Windows\System\dguFPHC.exe
  C:\Windows\System\dguFPHC.exe
  2⤵
  PID:7872
- C:\Windows\System\XdzWsXR.exe
  C:\Windows\System\XdzWsXR.exe
  2⤵
  PID:7832
- C:\Windows\System\MQBfcvS.exe
  C:\Windows\System\MQBfcvS.exe
  2⤵
  PID:7912
- C:\Windows\System\XidhfGD.exe
  C:\Windows\System\XidhfGD.exe
  2⤵
  PID:7976
- C:\Windows\System\XLTEzoF.exe
  C:\Windows\System\XLTEzoF.exe
  2⤵
  PID:8040
- C:\Windows\System\Sjlogtc.exe
  C:\Windows\System\Sjlogtc.exe
  2⤵
  PID:8104
- C:\Windows\System\sOXKsCx.exe
  C:\Windows\System\sOXKsCx.exe
  2⤵
  PID:8168
- C:\Windows\System\BSUgwBk.exe
  C:\Windows\System\BSUgwBk.exe
  2⤵
  PID:7224
- C:\Windows\System\rVZdTmv.exe
  C:\Windows\System\rVZdTmv.exe
  2⤵
  PID:7924
- C:\Windows\System\xNEYaCv.exe
  C:\Windows\System\xNEYaCv.exe
  2⤵
  PID:7992
- C:\Windows\System\YGiSPMF.exe
  C:\Windows\System\YGiSPMF.exe
  2⤵
  PID:8056
- C:\Windows\System\CmBOFcw.exe
  C:\Windows\System\CmBOFcw.exe
  2⤵
  PID:8120
- C:\Windows\System\RiCYdRw.exe
  C:\Windows\System\RiCYdRw.exe
  2⤵
  PID:8184
- C:\Windows\System\uygDlPU.exe
  C:\Windows\System\uygDlPU.exe
  2⤵
  PID:7172
- C:\Windows\System\XQQJZzc.exe
  C:\Windows\System\XQQJZzc.exe
  2⤵
  PID:7280
- C:\Windows\System\ueuiROf.exe
  C:\Windows\System\ueuiROf.exe
  2⤵
  PID:7384
- C:\Windows\System\cnkbvHE.exe
  C:\Windows\System\cnkbvHE.exe
  2⤵
  PID:7452
- C:\Windows\System\AEFLOuF.exe
  C:\Windows\System\AEFLOuF.exe
  2⤵
  PID:7620
- C:\Windows\System\FGXYHpZ.exe
  C:\Windows\System\FGXYHpZ.exe
  2⤵
  PID:7728
- C:\Windows\System\rdKBdnB.exe
  C:\Windows\System\rdKBdnB.exe
  2⤵
  PID:7880
- C:\Windows\System\LMlhIXk.exe
  C:\Windows\System\LMlhIXk.exe
  2⤵
  PID:7364
- C:\Windows\System\DDDJCwu.exe
  C:\Windows\System\DDDJCwu.exe
  2⤵
  PID:7304
- C:\Windows\System\GYQcLCC.exe
  C:\Windows\System\GYQcLCC.exe
  2⤵
  PID:7508
- C:\Windows\System\WLSfzQo.exe
  C:\Windows\System\WLSfzQo.exe
  2⤵
  PID:7588
- C:\Windows\System\HMRArjH.exe
  C:\Windows\System\HMRArjH.exe
  2⤵
  PID:7760
- C:\Windows\System\clmtpdi.exe
  C:\Windows\System\clmtpdi.exe
  2⤵
  PID:7868
- C:\Windows\System\ZokzZKe.exe
  C:\Windows\System\ZokzZKe.exe
  2⤵
  PID:7972
- C:\Windows\System\pwTWnTm.exe
  C:\Windows\System\pwTWnTm.exe
  2⤵
  PID:8164
- C:\Windows\System\qQEtMyR.exe
  C:\Windows\System\qQEtMyR.exe
  2⤵
  PID:2108
- C:\Windows\System\lQIPLXp.exe
  C:\Windows\System\lQIPLXp.exe
  2⤵
  PID:8088
- C:\Windows\System\qJWcwvT.exe
  C:\Windows\System\qJWcwvT.exe
  2⤵
  PID:7372
- C:\Windows\System\cYVbkJo.exe
  C:\Windows\System\cYVbkJo.exe
  2⤵
  PID:7820
- C:\Windows\System\tLTSwDF.exe
  C:\Windows\System\tLTSwDF.exe
  2⤵
  PID:7744
- C:\Windows\System\fFWEFbH.exe
  C:\Windows\System\fFWEFbH.exe
  2⤵
  PID:7892
- C:\Windows\System\zYLIgWS.exe
  C:\Windows\System\zYLIgWS.exe
  2⤵
  PID:8024
- C:\Windows\System\zEmHXjP.exe
  C:\Windows\System\zEmHXjP.exe
  2⤵
  PID:7264
- C:\Windows\System\WWXYUMP.exe
  C:\Windows\System\WWXYUMP.exe
  2⤵
  PID:7652
- C:\Windows\System\LeEDZVH.exe
  C:\Windows\System\LeEDZVH.exe
  2⤵
  PID:7684
- C:\Windows\System\OOLMYRq.exe
  C:\Windows\System\OOLMYRq.exe
  2⤵
  PID:7956
- C:\Windows\System\ppywKId.exe
  C:\Windows\System\ppywKId.exe
  2⤵
  PID:7348
- C:\Windows\System\tFxhpDC.exe
  C:\Windows\System\tFxhpDC.exe
  2⤵
  PID:8072
- C:\Windows\System\EilqcXe.exe
  C:\Windows\System\EilqcXe.exe
  2⤵
  PID:7944
- C:\Windows\System\JuYDrkJ.exe
  C:\Windows\System\JuYDrkJ.exe
  2⤵
  PID:7432
- C:\Windows\System\BqLjsId.exe
  C:\Windows\System\BqLjsId.exe
  2⤵
  PID:7276
- C:\Windows\System\BtZOFbn.exe
  C:\Windows\System\BtZOFbn.exe
  2⤵
  PID:8208
- C:\Windows\System\ezsQZTB.exe
  C:\Windows\System\ezsQZTB.exe
  2⤵
  PID:8224
- C:\Windows\System\MbPIzPA.exe
  C:\Windows\System\MbPIzPA.exe
  2⤵
  PID:8240
- C:\Windows\System\iNgzaso.exe
  C:\Windows\System\iNgzaso.exe
  2⤵
  PID:8256
- C:\Windows\System\ZpoItUf.exe
  C:\Windows\System\ZpoItUf.exe
  2⤵
  PID:8272
- C:\Windows\System\OoNCpMH.exe
  C:\Windows\System\OoNCpMH.exe
  2⤵
  PID:8288
- C:\Windows\System\ybHOujY.exe
  C:\Windows\System\ybHOujY.exe
  2⤵
  PID:8304
- C:\Windows\System\YbihROU.exe
  C:\Windows\System\YbihROU.exe
  2⤵
  PID:8320
- C:\Windows\System\JlsRAjp.exe
  C:\Windows\System\JlsRAjp.exe
  2⤵
  PID:8340
- C:\Windows\System\bSSppKj.exe
  C:\Windows\System\bSSppKj.exe
  2⤵
  PID:8356
- C:\Windows\System\mnrevzf.exe
  C:\Windows\System\mnrevzf.exe
  2⤵
  PID:8372
- C:\Windows\System\AbOniqo.exe
  C:\Windows\System\AbOniqo.exe
  2⤵
  PID:8388
- C:\Windows\System\uhkHKNC.exe
  C:\Windows\System\uhkHKNC.exe
  2⤵
  PID:8404
- C:\Windows\System\jTikOxt.exe
  C:\Windows\System\jTikOxt.exe
  2⤵
  PID:8420
- C:\Windows\System\vavkzOc.exe
  C:\Windows\System\vavkzOc.exe
  2⤵
  PID:8440
- C:\Windows\System\kSapicj.exe
  C:\Windows\System\kSapicj.exe
  2⤵
  PID:8456
- C:\Windows\System\ARvUZxG.exe
  C:\Windows\System\ARvUZxG.exe
  2⤵
  PID:8476
- C:\Windows\System\nSuRXZR.exe
  C:\Windows\System\nSuRXZR.exe
  2⤵
  PID:8496
- C:\Windows\System\dnFCYwx.exe
  C:\Windows\System\dnFCYwx.exe
  2⤵
  PID:8512
- C:\Windows\System\ozOjABx.exe
  C:\Windows\System\ozOjABx.exe
  2⤵
  PID:8532
- C:\Windows\System\WpTbQeN.exe
  C:\Windows\System\WpTbQeN.exe
  2⤵
  PID:8548
- C:\Windows\System\VNxirkE.exe
  C:\Windows\System\VNxirkE.exe
  2⤵
  PID:8564
- C:\Windows\System\mmPAwRn.exe
  C:\Windows\System\mmPAwRn.exe
  2⤵
  PID:8588
- C:\Windows\System\YhXbXQJ.exe
  C:\Windows\System\YhXbXQJ.exe
  2⤵
  PID:8604
- C:\Windows\System\wKaqPRV.exe
  C:\Windows\System\wKaqPRV.exe
  2⤵
  PID:8624
- C:\Windows\System\nNAwrHu.exe
  C:\Windows\System\nNAwrHu.exe
  2⤵
  PID:8640
- C:\Windows\System\yHEFcrm.exe
  C:\Windows\System\yHEFcrm.exe
  2⤵
  PID:8656
- C:\Windows\System\koGnrrT.exe
  C:\Windows\System\koGnrrT.exe
  2⤵
  PID:8680
- C:\Windows\System\LgBATlC.exe
  C:\Windows\System\LgBATlC.exe
  2⤵
  PID:8700
- C:\Windows\System\nwXbNMx.exe
  C:\Windows\System\nwXbNMx.exe
  2⤵
  PID:8716
- C:\Windows\System\khbkNcY.exe
  C:\Windows\System\khbkNcY.exe
  2⤵
  PID:8736
- C:\Windows\System\oVjLiEg.exe
  C:\Windows\System\oVjLiEg.exe
  2⤵
  PID:8752
- C:\Windows\System\CRzWMYn.exe
  C:\Windows\System\CRzWMYn.exe
  2⤵
  PID:8768
- C:\Windows\System\WyasPlK.exe
  C:\Windows\System\WyasPlK.exe
  2⤵
  PID:8784
- C:\Windows\System\yiJAdAy.exe
  C:\Windows\System\yiJAdAy.exe
  2⤵
  PID:8804
- C:\Windows\System\GjvVBCL.exe
  C:\Windows\System\GjvVBCL.exe
  2⤵
  PID:8840
- C:\Windows\System\lUZLcSR.exe
  C:\Windows\System\lUZLcSR.exe
  2⤵
  PID:8876
- C:\Windows\System\ldopPAV.exe
  C:\Windows\System\ldopPAV.exe
  2⤵
  PID:8912
- C:\Windows\System\pEePMkW.exe
  C:\Windows\System\pEePMkW.exe
  2⤵
  PID:8928
- C:\Windows\System\wTfozMI.exe
  C:\Windows\System\wTfozMI.exe
  2⤵
  PID:8944
- C:\Windows\System\FJjVkqC.exe
  C:\Windows\System\FJjVkqC.exe
  2⤵
  PID:8960
- C:\Windows\System\fwMJHQo.exe
  C:\Windows\System\fwMJHQo.exe
  2⤵
  PID:8976
- C:\Windows\System\FZVUanN.exe
  C:\Windows\System\FZVUanN.exe
  2⤵
  PID:8992
- C:\Windows\System\IllrKHf.exe
  C:\Windows\System\IllrKHf.exe
  2⤵
  PID:9024
- C:\Windows\System\FIhJfoR.exe
  C:\Windows\System\FIhJfoR.exe
  2⤵
  PID:9040
- C:\Windows\System\vVNrXtm.exe
  C:\Windows\System\vVNrXtm.exe
  2⤵
  PID:9056
- C:\Windows\System\WVCBIxT.exe
  C:\Windows\System\WVCBIxT.exe
  2⤵
  PID:9072
- C:\Windows\System\elTWBuq.exe
  C:\Windows\System\elTWBuq.exe
  2⤵
  PID:9088
- C:\Windows\System\BVYHAIW.exe
  C:\Windows\System\BVYHAIW.exe
  2⤵
  PID:9108
- C:\Windows\System\CYgYPoY.exe
  C:\Windows\System\CYgYPoY.exe
  2⤵
  PID:9124
- C:\Windows\System\ZzukGoj.exe
  C:\Windows\System\ZzukGoj.exe
  2⤵
  PID:9144
- C:\Windows\System\CgOKbMH.exe
  C:\Windows\System\CgOKbMH.exe
  2⤵
  PID:9168
- C:\Windows\System\aCxhWdm.exe
  C:\Windows\System\aCxhWdm.exe
  2⤵
  PID:9184
- C:\Windows\System\mlKCqJV.exe
  C:\Windows\System\mlKCqJV.exe
  2⤵
  PID:9212
- C:\Windows\System\AgFOdWF.exe
  C:\Windows\System\AgFOdWF.exe
  2⤵
  PID:8204
- C:\Windows\System\mPnQDyK.exe
  C:\Windows\System\mPnQDyK.exe
  2⤵
  PID:8296
- C:\Windows\System\jTadxoU.exe
  C:\Windows\System\jTadxoU.exe
  2⤵
  PID:7524
- C:\Windows\System\lXFYdif.exe
  C:\Windows\System\lXFYdif.exe
  2⤵
  PID:8248
- C:\Windows\System\YOdcIiF.exe
  C:\Windows\System\YOdcIiF.exe
  2⤵
  PID:8312
- C:\Windows\System\vwgXhcu.exe
  C:\Windows\System\vwgXhcu.exe
  2⤵
  PID:8632
- C:\Windows\System\nsQrtDR.exe
  C:\Windows\System\nsQrtDR.exe
  2⤵
  PID:8692
- C:\Windows\System\CGghnHJ.exe
  C:\Windows\System\CGghnHJ.exe
  2⤵
  PID:8852
- C:\Windows\System\THETINP.exe
  C:\Windows\System\THETINP.exe
  2⤵
  PID:7520
- C:\Windows\System\sLfECrX.exe
  C:\Windows\System\sLfECrX.exe
  2⤵
  PID:9012
- C:\Windows\System\EnzFfnR.exe
  C:\Windows\System\EnzFfnR.exe
  2⤵
  PID:9064
- C:\Windows\System\FEhkuuP.exe
  C:\Windows\System\FEhkuuP.exe
  2⤵
  PID:9084
- C:\Windows\System\BiHKqlO.exe
  C:\Windows\System\BiHKqlO.exe
  2⤵
  PID:9120
- C:\Windows\System\oRzHgwH.exe
  C:\Windows\System\oRzHgwH.exe
  2⤵
  PID:9164
- C:\Windows\System\swCdLba.exe
  C:\Windows\System\swCdLba.exe
  2⤵
  PID:8416
- C:\Windows\System\VYLygTB.exe
  C:\Windows\System\VYLygTB.exe
  2⤵
  PID:8572
- C:\Windows\System\KHZknwT.exe
  C:\Windows\System\KHZknwT.exe
  2⤵
  PID:8580
- C:\Windows\System\AxOfPhM.exe
  C:\Windows\System\AxOfPhM.exe
  2⤵
  PID:8576
- C:\Windows\System\iPHNwBY.exe
  C:\Windows\System\iPHNwBY.exe
  2⤵
  PID:8488
- C:\Windows\System\glotjeD.exe
  C:\Windows\System\glotjeD.exe
  2⤵
  PID:8648
- C:\Windows\System\RaFrLIU.exe
  C:\Windows\System\RaFrLIU.exe
  2⤵
  PID:8520
- C:\Windows\System\xehLnjs.exe
  C:\Windows\System\xehLnjs.exe
  2⤵
  PID:8676
- C:\Windows\System\DdMDiTA.exe
  C:\Windows\System\DdMDiTA.exe
  2⤵
  PID:8724
- C:\Windows\System\ZRgSsDR.exe
  C:\Windows\System\ZRgSsDR.exe
  2⤵
  PID:8764
- C:\Windows\System\KanUsKE.exe
  C:\Windows\System\KanUsKE.exe
  2⤵
  PID:8796
- C:\Windows\System\uOEuiFF.exe
  C:\Windows\System\uOEuiFF.exe
  2⤵
  PID:8708
- C:\Windows\System\xVmnUfS.exe
  C:\Windows\System\xVmnUfS.exe
  2⤵
  PID:8904
- C:\Windows\System\yyhlLkA.exe
  C:\Windows\System\yyhlLkA.exe
  2⤵
  PID:8888
- C:\Windows\System\PdQtdyM.exe
  C:\Windows\System\PdQtdyM.exe
  2⤵
  PID:8988
- C:\Windows\System\cKxPSUq.exe
  C:\Windows\System\cKxPSUq.exe
  2⤵
  PID:8940
- C:\Windows\System\zaCrckg.exe
  C:\Windows\System\zaCrckg.exe
  2⤵
  PID:9004
- C:\Windows\System\uorivmB.exe
  C:\Windows\System\uorivmB.exe
  2⤵
  PID:9100
- C:\Windows\System\mnxpJEs.exe
  C:\Windows\System\mnxpJEs.exe
  2⤵
  PID:9196
- C:\Windows\System\KJrXuEg.exe
  C:\Windows\System\KJrXuEg.exe
  2⤵
  PID:8196
- C:\Windows\System\pMBDRvQ.exe
  C:\Windows\System\pMBDRvQ.exe
  2⤵
  PID:8236
- C:\Windows\System\JVVSxPQ.exe
  C:\Windows\System\JVVSxPQ.exe
  2⤵
  PID:8336
- C:\Windows\System\FhvqWTn.exe
  C:\Windows\System\FhvqWTn.exe
  2⤵
  PID:8468
- C:\Windows\System\yYwViLh.exe
  C:\Windows\System\yYwViLh.exe
  2⤵
  PID:8152
- C:\Windows\System\cofgeLR.exe
  C:\Windows\System\cofgeLR.exe
  2⤵
  PID:8380
- C:\Windows\System\UpXZonW.exe
  C:\Windows\System\UpXZonW.exe
  2⤵
  PID:8504
- C:\Windows\System\UaxaomR.exe
  C:\Windows\System\UaxaomR.exe
  2⤵
  PID:8596
- C:\Windows\System\QokKlGY.exe
  C:\Windows\System\QokKlGY.exe
  2⤵
  PID:8744
- C:\Windows\System\nSfHdIg.exe
  C:\Windows\System\nSfHdIg.exe
  2⤵
  PID:8828
- C:\Windows\System\QMJjvFY.exe
  C:\Windows\System\QMJjvFY.exe
  2⤵
  PID:8284
- C:\Windows\System\upopLnx.exe
  C:\Windows\System\upopLnx.exe
  2⤵
  PID:8848
- C:\Windows\System\FDAHpCd.exe
  C:\Windows\System\FDAHpCd.exe
  2⤵
  PID:8908
- C:\Windows\System\gWoFUBy.exe
  C:\Windows\System\gWoFUBy.exe
  2⤵
  PID:8984
- C:\Windows\System\yFMvxbn.exe
  C:\Windows\System\yFMvxbn.exe
  2⤵
  PID:9032
- C:\Windows\System\QwptrLG.exe
  C:\Windows\System\QwptrLG.exe
  2⤵
  PID:9096
- C:\Windows\System\bSepFQf.exe
  C:\Windows\System\bSepFQf.exe
  2⤵
  PID:9192
- C:\Windows\System\GQmJAGW.exe
  C:\Windows\System\GQmJAGW.exe
  2⤵
  PID:8364
- C:\Windows\System\dVuKKvT.exe
  C:\Windows\System\dVuKKvT.exe
  2⤵
  PID:8332
- C:\Windows\System\yTEykIQ.exe
  C:\Windows\System\yTEykIQ.exe
  2⤵
  PID:8280
- C:\Windows\System\gtxfzOY.exe
  C:\Windows\System\gtxfzOY.exe
  2⤵
  PID:8508
- C:\Windows\System\MBsIzUb.exe
  C:\Windows\System\MBsIzUb.exe
  2⤵
  PID:8732
- C:\Windows\System\BgrAqhA.exe
  C:\Windows\System\BgrAqhA.exe
  2⤵
  PID:8216
- C:\Windows\System\PFjrfab.exe
  C:\Windows\System\PFjrfab.exe
  2⤵
  PID:8896
- C:\Windows\System\tfFUTXH.exe
  C:\Windows\System\tfFUTXH.exe
  2⤵
  PID:9136
- C:\Windows\System\TFMcxTy.exe
  C:\Windows\System\TFMcxTy.exe
  2⤵
  PID:8968
- C:\Windows\System\fUSbWwv.exe
  C:\Windows\System\fUSbWwv.exe
  2⤵
  PID:8820
- C:\Windows\System\xdblPrm.exe
  C:\Windows\System\xdblPrm.exe
  2⤵
  PID:8268
- C:\Windows\System\TObUgHX.exe
  C:\Windows\System\TObUgHX.exe
  2⤵
  PID:8412
- C:\Windows\System\dueCgqv.exe
  C:\Windows\System\dueCgqv.exe
  2⤵
  PID:8776
- C:\Windows\System\kzdoBTp.exe
  C:\Windows\System\kzdoBTp.exe
  2⤵
  PID:8868
- C:\Windows\System\AOrPXXa.exe
  C:\Windows\System\AOrPXXa.exe
  2⤵
  PID:8924
- C:\Windows\System\jDzjSsY.exe
  C:\Windows\System\jDzjSsY.exe
  2⤵
  PID:9140
- C:\Windows\System\nSpujso.exe
  C:\Windows\System\nSpujso.exe
  2⤵
  PID:7800
- C:\Windows\System\LEHndOE.exe
  C:\Windows\System\LEHndOE.exe
  2⤵
  PID:8824
- C:\Windows\System\MCSKcFh.exe
  C:\Windows\System\MCSKcFh.exe
  2⤵
  PID:996
- C:\Windows\System\olWSFqF.exe
  C:\Windows\System\olWSFqF.exe
  2⤵
  PID:8920
- C:\Windows\System\vEdaDLQ.exe
  C:\Windows\System\vEdaDLQ.exe
  2⤵
  PID:8620
- C:\Windows\System\nhMTkQi.exe
  C:\Windows\System\nhMTkQi.exe
  2⤵
  PID:9208
- C:\Windows\System\jgHWuqL.exe
  C:\Windows\System\jgHWuqL.exe
  2⤵
  PID:9080
- C:\Windows\System\ohpwDJa.exe
  C:\Windows\System\ohpwDJa.exe
  2⤵
  PID:8892
- C:\Windows\System\GMCcDTt.exe
  C:\Windows\System\GMCcDTt.exe
  2⤵
  PID:9236
- C:\Windows\System\xVkpiUt.exe
  C:\Windows\System\xVkpiUt.exe
  2⤵
  PID:9252
- C:\Windows\System\jFliImx.exe
  C:\Windows\System\jFliImx.exe
  2⤵
  PID:9272
- C:\Windows\System\pIKMLBI.exe
  C:\Windows\System\pIKMLBI.exe
  2⤵
  PID:9296
- C:\Windows\System\fYmfJlm.exe
  C:\Windows\System\fYmfJlm.exe
  2⤵
  PID:9316
- C:\Windows\System\DUpyBCu.exe
  C:\Windows\System\DUpyBCu.exe
  2⤵
  PID:9332
- C:\Windows\System\skQSTdv.exe
  C:\Windows\System\skQSTdv.exe
  2⤵
  PID:9348
- C:\Windows\System\lUYClWb.exe
  C:\Windows\System\lUYClWb.exe
  2⤵
  PID:9376
- C:\Windows\System\HIlNVLC.exe
  C:\Windows\System\HIlNVLC.exe
  2⤵
  PID:9392
- C:\Windows\System\axjzoUb.exe
  C:\Windows\System\axjzoUb.exe
  2⤵
  PID:9408
- C:\Windows\System\WbRejkR.exe
  C:\Windows\System\WbRejkR.exe
  2⤵
  PID:9424
- C:\Windows\System\RbojEAn.exe
  C:\Windows\System\RbojEAn.exe
  2⤵
  PID:9440
- C:\Windows\System\hSBsRky.exe
  C:\Windows\System\hSBsRky.exe
  2⤵
  PID:9460
- C:\Windows\System\LlPnAiU.exe
  C:\Windows\System\LlPnAiU.exe
  2⤵
  PID:9488
- C:\Windows\System\BBbUOzr.exe
  C:\Windows\System\BBbUOzr.exe
  2⤵
  PID:9504
- C:\Windows\System\iWLBVCL.exe
  C:\Windows\System\iWLBVCL.exe
  2⤵
  PID:9528
- C:\Windows\System\IVEizTB.exe
  C:\Windows\System\IVEizTB.exe
  2⤵
  PID:9544
- C:\Windows\System\aaGbqRb.exe
  C:\Windows\System\aaGbqRb.exe
  2⤵
  PID:9564
- C:\Windows\System\yXxFOWM.exe
  C:\Windows\System\yXxFOWM.exe
  2⤵
  PID:9588
- C:\Windows\System\bHsQRMe.exe
  C:\Windows\System\bHsQRMe.exe
  2⤵
  PID:9612
- C:\Windows\System\KRARHUc.exe
  C:\Windows\System\KRARHUc.exe
  2⤵
  PID:9628
- C:\Windows\System\ZKFqUBp.exe
  C:\Windows\System\ZKFqUBp.exe
  2⤵
  PID:9648
- C:\Windows\System\KCXufDq.exe
  C:\Windows\System\KCXufDq.exe
  2⤵
  PID:9676
- C:\Windows\System\hVKplPi.exe
  C:\Windows\System\hVKplPi.exe
  2⤵
  PID:9692
- C:\Windows\System\cYwHIuA.exe
  C:\Windows\System\cYwHIuA.exe
  2⤵
  PID:9712
- C:\Windows\System\kdpatOK.exe
  C:\Windows\System\kdpatOK.exe
  2⤵
  PID:9732
- C:\Windows\System\tndEbxt.exe
  C:\Windows\System\tndEbxt.exe
  2⤵
  PID:9748
- C:\Windows\System\WjHsXmx.exe
  C:\Windows\System\WjHsXmx.exe
  2⤵
  PID:9768
- C:\Windows\System\ykrqgHQ.exe
  C:\Windows\System\ykrqgHQ.exe
  2⤵
  PID:9792
- C:\Windows\System\ZBXTxus.exe
  C:\Windows\System\ZBXTxus.exe
  2⤵
  PID:9812
- C:\Windows\System\CNbDoPg.exe
  C:\Windows\System\CNbDoPg.exe
  2⤵
  PID:9828
- C:\Windows\System\gNjysgM.exe
  C:\Windows\System\gNjysgM.exe
  2⤵
  PID:9848
- C:\Windows\System\OuAojof.exe
  C:\Windows\System\OuAojof.exe
  2⤵
  PID:9868
- C:\Windows\System\SRDDnIe.exe
  C:\Windows\System\SRDDnIe.exe
  2⤵
  PID:9888
- C:\Windows\System\vJqzxlL.exe
  C:\Windows\System\vJqzxlL.exe
  2⤵
  PID:9908
- C:\Windows\System\MBKtKIx.exe
  C:\Windows\System\MBKtKIx.exe
  2⤵
  PID:9924
- C:\Windows\System\UclsjuI.exe
  C:\Windows\System\UclsjuI.exe
  2⤵
  PID:9948
- C:\Windows\System\xEIosfb.exe
  C:\Windows\System\xEIosfb.exe
  2⤵
  PID:9964
- C:\Windows\System\PDgSuiL.exe
  C:\Windows\System\PDgSuiL.exe
  2⤵
  PID:9988
- C:\Windows\System\GNHreXn.exe
  C:\Windows\System\GNHreXn.exe
  2⤵
  PID:10008
- C:\Windows\System\KicsOXQ.exe
  C:\Windows\System\KicsOXQ.exe
  2⤵
  PID:10036
- C:\Windows\System\rnrJdZJ.exe
  C:\Windows\System\rnrJdZJ.exe
  2⤵
  PID:10056
- C:\Windows\System\vSJWFLP.exe
  C:\Windows\System\vSJWFLP.exe
  2⤵
  PID:10076
- C:\Windows\System\osEyhyU.exe
  C:\Windows\System\osEyhyU.exe
  2⤵
  PID:10096
- C:\Windows\System\JKcEeiF.exe
  C:\Windows\System\JKcEeiF.exe
  2⤵
  PID:10116
- C:\Windows\System\vVmdiiE.exe
  C:\Windows\System\vVmdiiE.exe
  2⤵
  PID:10140
- C:\Windows\System\rDVwzrE.exe
  C:\Windows\System\rDVwzrE.exe
  2⤵
  PID:10156
- C:\Windows\System\NtmEHCP.exe
  C:\Windows\System\NtmEHCP.exe
  2⤵
  PID:10172
- C:\Windows\System\MMZVPLv.exe
  C:\Windows\System\MMZVPLv.exe
  2⤵
  PID:10196
- C:\Windows\System\SxywZvq.exe
  C:\Windows\System\SxywZvq.exe
  2⤵
  PID:10212
- C:\Windows\System\aYXsvsO.exe
  C:\Windows\System\aYXsvsO.exe
  2⤵
  PID:10236
- C:\Windows\System\PnUWGcG.exe
  C:\Windows\System\PnUWGcG.exe
  2⤵
  PID:9232
- C:\Windows\System\IzVcVil.exe
  C:\Windows\System\IzVcVil.exe
  2⤵
  PID:9280
- C:\Windows\System\eVuVUuA.exe
  C:\Windows\System\eVuVUuA.exe
  2⤵
  PID:9312
- C:\Windows\System\cPpjmZy.exe
  C:\Windows\System\cPpjmZy.exe
  2⤵
  PID:9340
- C:\Windows\System\FssYPAL.exe
  C:\Windows\System\FssYPAL.exe
  2⤵
  PID:9372
- C:\Windows\System\FQhKaZB.exe
  C:\Windows\System\FQhKaZB.exe
  2⤵
  PID:9400
- C:\Windows\System\PHLPLUQ.exe
  C:\Windows\System\PHLPLUQ.exe
  2⤵
  PID:9452
- C:\Windows\System\MOIRHbY.exe
  C:\Windows\System\MOIRHbY.exe
  2⤵
  PID:9472
- C:\Windows\System\YiBwGkm.exe
  C:\Windows\System\YiBwGkm.exe
  2⤵
  PID:9432
- C:\Windows\System\vcsvVwP.exe
  C:\Windows\System\vcsvVwP.exe
  2⤵
  PID:9516
- C:\Windows\System\DGcBZhG.exe
  C:\Windows\System\DGcBZhG.exe
  2⤵
  PID:9556
- C:\Windows\System\rrzhkMp.exe
  C:\Windows\System\rrzhkMp.exe
  2⤵
  PID:9584
- C:\Windows\System\RzJZwCg.exe
  C:\Windows\System\RzJZwCg.exe
  2⤵
  PID:9608
- C:\Windows\System\zXMzbID.exe
  C:\Windows\System\zXMzbID.exe
  2⤵
  PID:9684
- C:\Windows\System\GkoQlEb.exe
  C:\Windows\System\GkoQlEb.exe
  2⤵
  PID:9704
- C:\Windows\System\fVGXdZv.exe
  C:\Windows\System\fVGXdZv.exe
  2⤵
  PID:9744
- C:\Windows\System\xpSTnKD.exe
  C:\Windows\System\xpSTnKD.exe
  2⤵
  PID:9760
- C:\Windows\System\QxhLdRV.exe
  C:\Windows\System\QxhLdRV.exe
  2⤵
  PID:9808
- C:\Windows\System\MlTlzeJ.exe
  C:\Windows\System\MlTlzeJ.exe
  2⤵
  PID:9860
- C:\Windows\System\qNvTHPi.exe
  C:\Windows\System\qNvTHPi.exe
  2⤵
  PID:9904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DylLSra.exe

Filesize
6.0MB

MD5
2f486d733531daf4242a20f3d6c4b39f

SHA1
4f60f62780faf9bf2672ef463d670d4be65747dd

SHA256
81eabb70a92621509e153c89f7cd13649f9bdd927c9fd45809717d53e8fa7b44

SHA512
f012e6e88f2812dd1a53e0dfb5549d8daefba536561c19c6e87cf6c3be8acd352eed6c8a0c1c9190c7952c8bbde480c6804e8035d76eff9e7ca014ee456a6300

Download Submit
C:\Windows\system\IPVZLkd.exe

Filesize
6.0MB

MD5
2de6c6d1111b98a942c5f9831f006698

SHA1
5758bbb64975c9477ee9b5645f5c3db7d120bcd0

SHA256
6caf882c1a8b30059f3b186bcab4823b4624e2b2f5e91ff7e3bcffae812d4453

SHA512
a894ce3f51003b4a99e0e1b0e0a3fb9035fb424955feee3e411ac999290e4e78bc85f5144e9656feb689ebc559a522b013971e3dd58f1591324090b4f339b1a9

Download Submit
C:\Windows\system\JIUweYP.exe

Filesize
6.0MB

MD5
a0c9ff0c430f6d1e414046d56299efbe

SHA1
e9c91ed5cd94f9a0edb3f6912a26aa3ab1335540

SHA256
1772ad3178173ab7842e24ba6c65e1ecf132af5cd17a84c3e987d9c253d0ce4a

SHA512
0151d46b7832332316a3a027c0a3295b850924a7270a194b1a7c456a57e8563e7187c8fbd449486bf157e0802161ac17c0b42bfda436edd35fb0df7bfd24cbc0

Download Submit
C:\Windows\system\JOjMnlM.exe

Filesize
6.0MB

MD5
2d1c850fea7fc4115f516c13de7280e9

SHA1
c774c72f0ff3814762e2e43a50f8332cfe240b39

SHA256
592d5548e42d14f5848448636c22a8ba97ccde9f552e14186aaed3dc59b0674f

SHA512
418e0f269fef51aa0c8a234ad2ebb9b2c67431d6ccb2dd7c0eabfee5ba52fa9dada30281b560f1ec7c78c9f594fe8257f9e0d78cfbf01cbdb7b3ac36c8e60db7

Download Submit
C:\Windows\system\JhjgZVH.exe

Filesize
6.0MB

MD5
6794d8e05fd3708cac75cb34b015c7ca

SHA1
d692cce368a9de577b0bcd6e6b8444d8b50fd40a

SHA256
76bce4684dfdb71a36f086116ac82c8071c5952d6d2b4c1a4df2d1dcb669ca79

SHA512
25911c509124e29ee47bcdb432e761deb683b3caa26ba80b68a2c77ee963ad564223088eb096325e597df80223843bf207458ed593c580c1cbad443b16c05cb7

Download Submit
C:\Windows\system\KOYQrXL.exe

Filesize
6.0MB

MD5
5d0b7187c05a3d71f0f7362693ffb682

SHA1
48f36cb99a9087a8f368ba16eb41b0d323b8ddd5

SHA256
a51ca40341a78c0d8969f56b6f5b920dd0d52ba04e88f48a330ecc6e5c4a8b15

SHA512
494a17caf89a098cb6b16ad4c2823c5c2ba39f48a08557362b42537984f206c8fb10c557ededaf2ea53dfc0eb4b856e74cbfe973d0ba0ce88807d317fb90e2bd

Download Submit
C:\Windows\system\LMnKhiX.exe

Filesize
6.0MB

MD5
470f50445c43363ea212662435c95bf1

SHA1
6cb7466ee5f5cc9219bc4f971d5f1016259884fa

SHA256
9e7d63f7ef3cc429a63fe62d2e1ec4bbd42967bd8a1dc7f1643724f89fcdc978

SHA512
c477e089e38d7e687a3f83f4f2b48248c223aa650b3cff26c3c53cb618a8821fe935c0b5a52c85e447e65f30ceae8f572b7688ebe0d8e3f872c631cb08621eae

Download Submit
C:\Windows\system\NyobTmu.exe

Filesize
6.0MB

MD5
202e91cd27ce4e286b26c10df1e18458

SHA1
64bba9539e6cb77e0946beb1c76d9141221bde91

SHA256
9c09ae09ec318d97252cf5182550055254effa45bdd3faa38fdfaba4a5a4d94f

SHA512
a3c04997d9ffe909fcb4a0c7142fed96833d39c01006c6aad76875ccdb6cdbc13b3f82e20b06b44c03b18c7f13e4513ccb218a298b039f8a0ab91ae46024bdbb

Download Submit
C:\Windows\system\RpWspng.exe

Filesize
6.0MB

MD5
70f350c833a5c2bbbab08c4920635752

SHA1
0f2474c9f4acbe88e739dab98771ae8a6f005871

SHA256
9f08406cc341efaf272d4c3554f679fa7a21e1ec1a844a40985eebea4d381c8c

SHA512
7abb3016c633e3d5108e4262daa045de18abd3ca3e66197bbf5e6b976a47f51f3705f884dfb487269589796fce8d6d5e395f7bc62c3ca73286602eed3cc9fff0

Download Submit
C:\Windows\system\SZTEISJ.exe

Filesize
6.0MB

MD5
6d16c1ccbe47f6b842f9663c937e0019

SHA1
ce2f84245cc9f3ca1fbea9c8e026221f7c540fc9

SHA256
0d48536fd594806b2b31fbb934ecdf3153664918435a63f9a9864fdc5311d022

SHA512
90fae2e5d05b84eb2fabe105d47717c0b1dc47151095bf864fab0dba64dc774502fa86ec0d6749196225b91ba811c4c0b389e03248f8feacd70496ea364ffc1f

Download Submit
C:\Windows\system\TMsxyoc.exe

Filesize
6.0MB

MD5
c5b98cc78017152c615af31046ab704e

SHA1
5afcdcaaebbcca1a3f228155989c9fb39a0baaa1

SHA256
1dbecbc67c3b8d5f101fefb2c47cbfd7556e5eda9688bbcae6a987efb6245946

SHA512
f6cb875a6990e4d1e6d610297b00d12af167b7e40822e071b82d643910f9bc8ed3e5e22b095d41a29ab1ed1d824a8e4a3f967dd6f9f1102c823b5f6441e3398f

Download Submit
C:\Windows\system\UPPgDlF.exe

Filesize
6.0MB

MD5
85529089f35edaa339e0f61ccccf2bff

SHA1
af26129b03c95f1f3449ebdb9ee68379a9a1b676

SHA256
0bacabc6fa66caf9fc593efdab43bdf62873eb37349a5cf4772c9712043968ac

SHA512
a57f2bfe245511a0ef0bb5db561143fd26b90d08cabd65294a55c65638114c2a7837e5e076326547d0b9f0df7b0073047e58c4c0d05d11f974c03750694b1569

Download Submit
C:\Windows\system\WLRTGqB.exe

Filesize
6.0MB

MD5
9a1c77bef04c37666b60540e9fe3611b

SHA1
98a16a6b8d1422e428acb0c089b503edff7d8177

SHA256
bfe243e08d95c735defdd6ba08d27cd2471c9bd9d311a226c69208e7495fb38a

SHA512
2769c55c085bb08434be69fdf93a888c02160aa294af6e27c8c67b9657f865e01b2554fd6d737601ecc8f348a9a33f0b8f5a0f27de0ebf2a180ee183c36f1eb1

Download Submit
C:\Windows\system\WuASyga.exe

Filesize
6.0MB

MD5
3fba33a9c82a7e92191cb8f9082ccc51

SHA1
7f7f89727b59b6cfba4747bfb3574cf2336653fd

SHA256
4df7625feb482f8fc51058763bd034743e85d44df0c88d87b1ba9da9f1285b2d

SHA512
f4a8004d714b4122a793f9cd9b12467d3ddc763b890819ffc3fa0da9e2ba8077eab2c7d3597ac6b6823b546de73d595f55b630018f32b63112157f15b2f262ac

Download Submit
C:\Windows\system\XBSngyI.exe

Filesize
6.0MB

MD5
ae3319f95cb81db0ce777ff8b17a8822

SHA1
6faf0ced24e077730ebc94ef8977c4ee70f3486e

SHA256
8d8d71a8526e8867fe7412c8185776b14fee4c5ab6bf25af2d8f25e1f9e3e095

SHA512
df23ee8d92a4a1f8803c912c34028a4fda2bc080c667e36bd62bb13252ab4c9079f81745a64195c30d1ca111f5fa19de8f9883b7a2a2a6acc624e77d3603dd99

Download Submit
C:\Windows\system\aRbPLsj.exe

Filesize
6.0MB

MD5
62203d220b03ed2f2ccd62299634af28

SHA1
7779a2ad183e68d37b03b5be800f0404a3085b38

SHA256
7ee9ed6842695c93475499c5b34fc3ef00b9bfc5bc54d99240122f114b23793a

SHA512
d85a97a70c365b096fb80907684eea263c93501bd6bb08b26826d0ba64080b74665c177887f299d3270c40cb6c9b465445271d9ea9889075ad436c779e7b29b7

Download Submit
C:\Windows\system\anjFHie.exe

Filesize
6.0MB

MD5
639a1bdc299955dcab17a76ea14e0381

SHA1
b10e01e32dd28b5c4f7a231ab42f898410685126

SHA256
6f58f798b24db5fd005db84a15a7e37c397a77f46d2f8ec87a562458a226c9de

SHA512
5a354f7871c764b253bb3fdb9ad119b1253faf8e651018b7a0dd0e8e81a3b71e4d31f6c6703042f8063d268b37b6476c6cf85b320a0cf343eee289ef526b9b76

Download Submit
C:\Windows\system\exkeArP.exe

Filesize
6.0MB

MD5
3015b508164c087d4d11c3915b0a5f0f

SHA1
00c2120b86f36e5316ac4f59aa03aa7acc8a61f6

SHA256
2833fc4c77e3e34baa904b21807662baea51df0d8491de6a120b476b6ae76d43

SHA512
a741958d71823dd69498d74f459f9e9d6e348532090442c2f79b355a101c7d9a1eace14a291cdacdb128df533c7846cabc5fc54a3379f0a43a33a20b4d5007ba

Download Submit
C:\Windows\system\fuyTZsD.exe

Filesize
6.0MB

MD5
aaa6a5347b6d7a104cfcfc801a7e0bad

SHA1
10c6988e452b446e4298ea5903b2f294bb82745c

SHA256
a1032c3369dca689a8ec357cfc0184738695cb6e39af019598f8dea5f4cf62ee

SHA512
e6209e5341343e9e18e3bb22d0ca332fe0698f204694ab3c14df9016a4516bf8b81a1110c787ad5e80fbc90b1030c110c4ffa05b011f2475a92bd4124c46fb90

Download Submit
C:\Windows\system\jusmYuQ.exe

Filesize
6.0MB

MD5
b47da5cfa22870396848bc9a1953d850

SHA1
a4dad27b30e246ddaa536c2a8dd95bb2d57cc0cf

SHA256
0bba2647a0e35be2040f87f57ee0260f2649ff4d70e7cde1e61e115dabeb1f3b

SHA512
901f05ddd89b8eaab995923b59ce4bb5c1be47e27c19dc73c69f2b575c578ca4a4220b7841c478deddef28f9e3a7298138fd27d5837d8df1b697c48fa41071d0

Download Submit
C:\Windows\system\sNWxuDp.exe

Filesize
6.0MB

MD5
cc348baeb2b910c22942b8e620d876b5

SHA1
301507ec549ae5cc951e284a7967d49d591b788a

SHA256
c5ecb35fb780dc5529675f816797a253521b20cf7dafc7b75079a76e111a9640

SHA512
59e9e0a53240dd3a7020ae930cd1633c470dc3e3bec0be266b4db768e55b79ab09d49bece6af31171e87cf1468f8d0d4e41dbf3f191690637f11b60cc3af5af1

Download Submit
C:\Windows\system\teGForc.exe

Filesize
6.0MB

MD5
0edd0837d4578c925234338d0dd2ab76

SHA1
94eb171c7e46b53995a3669c158fbbe4617ad923

SHA256
7a76dd3582d79a6cad58fb93b3f5738776bfac03f6a0263a63319440b77eb9be

SHA512
031576b88ef7f8a8f464ff99eb0a830bc3f3ab3df01ca2984a25702f92689f81f2dc25df4d521f7e5835208cfd7fce5084d231c238bed48c3f2b848c6d50e780

Download Submit
C:\Windows\system\uHpFoHJ.exe

Filesize
6.0MB

MD5
8b420f43bce7a10baba02580049486fa

SHA1
4cf41fba38eb2505a13fce95acca75f1b89b5a4e

SHA256
bfe76f434efa416bfc34975d91573904e6c9a68ef5f0f5ea714b338929f97c04

SHA512
e3e59c2ef3dc10fd47267984a35c16e0eb95331a878150510c5c07d83f9606a486f94bd216a426845900b26d7e79e75f701f80fcda199e4238d8f6632fecb37e

Download Submit
C:\Windows\system\vNBMPgT.exe

Filesize
6.0MB

MD5
4099a51af1c87854df098d8b90ae9714

SHA1
aa55f1d9b4f23a08584a2851d07c19a267aa5f42

SHA256
77dc8787d8c51ddb7e1014e33a9a150e38012157d0dcbebd7f45eacae552cdf3

SHA512
7df409d1cd577cb11e0e84bd36ce88fb017631033210230cb22206cefc9c66687eeb3e52d02e6d10d5509e3de82ba1dad535a29a763d75f99a44c975c5ccdd28

Download Submit
C:\Windows\system\xqDLVXZ.exe

Filesize
6.0MB

MD5
3264d091437c1f783d221eac083266bc

SHA1
edd36b030ab5d7ca8f8c93210b353c52c9edfe47

SHA256
ebbba1642d56d8fbd0263f82563037c31c0d4334c3d00e3b0ef16377e8610a9b

SHA512
9c09a69e08ed6d3cc993e5a385751431eb53c11f012e73bd97004428fed3d66a40f6f723770ae19dfe0b5357cf3706ecabc5714b1bad485f853614b5efc3f129

Download Submit
C:\Windows\system\znsnevm.exe

Filesize
6.0MB

MD5
c8cda84ef3d6420f25df30abd7187a2c

SHA1
3a169999837e4cb74ed378451ce5fac28b2a3f31

SHA256
1130e986db0109531f3766992a443e16ae85ebd8bd9cf246dd20e925020855f1

SHA512
fae6d3e307113506d0ac48b3fe0c60300b07a10ee75fd43a15b2c812c20390720e9dc32c7a3dbb6cf23fc99f878c1ab0a2704085c17409a5117ee1e22f0df4ee

Download Submit
C:\Windows\system\zruXfSr.exe

Filesize
6.0MB

MD5
9099e646371b8b3f6afba3b1ebeff76f

SHA1
3bb24d7fed2fb66847674676759b25773b1d1128

SHA256
203165e07ca6eb92f9d3859f60f5b296352d681d235000c1800f2fc325e88363

SHA512
ac4c1ee4741aac5735b4aa6f1e7fe5e716d3881e30f231daa4e4d7d9c0423ec80ef2e1aa36481e16c07d2fd318c31ef5dd70dfc5bb6cfde58fc77d06d1e15406

Download Submit
C:\Windows\system\zxPwWhM.exe

Filesize
6.0MB

MD5
fa20a44226057306ffc3189e2190f411

SHA1
c1612ef5612c7e68f18757c826ea1657a2ebc461

SHA256
8554c09fc813f4b30a3724f4c0b8fdaaab349d917878c516d51ad736f19f622f

SHA512
7073bbadf5614c3a29f5dae5a9879fb32749856cb77d763a46ff7b3263023812a946d2626ba72efaccd031a36fc8e75835b76b78b41fe74ebd957f05e71808d3

Download Submit
\Windows\system\EYGWBFP.exe

Filesize
6.0MB

MD5
5356c318f73a7f1fec1b0df171d7fd1f

SHA1
762021a75009d790f88143814be0f8463abda3e2

SHA256
56b5d80be14b9435c589e5ef7c29aba1b2f6beb4373e210fea01a60e25f2cc2c

SHA512
e3ec823ce1e9e75318444082fc5cc3848c547cb594dc994d1e1239d23bae3b46c11fc432de6b3e1221d71f60d75c8fde261d1324a3e3212714bf54bb69177faf

Download Submit
\Windows\system\PtZEqsi.exe

Filesize
6.0MB

MD5
d527194d02f4676c9e68dd3c8f74d37c

SHA1
b61a5d4b4b0e5cb93a6145c75a250cab85f2b9fc

SHA256
e48c373dba7762450f655e3d0c5305046b137c352727eb4dc6071bb6f0592020

SHA512
19295097a00e16ac6d705769e8d2da0f176fe8a8e633604d423f1d233cf9e8db2efa1c5f6522b8588cba7c735f6b1db2ee4a0df2530adc39cad5348c194f0c0e

Download Submit
\Windows\system\UNJFlfd.exe

Filesize
6.0MB

MD5
d056a15ef0a6f3744260f07a5d6a095d

SHA1
f082eb51fbd56f3b3a6e2edf205d99909cf4563c

SHA256
04fbae93420e680ea444754e03032803c72f2a12084b2ff466c5cc1e7c78bf48

SHA512
a80863bace6b1ac06d8beb3c5433415c8756ff4a7609ed873b0f589ce0837f3939a2892ed6fcb11cb60cdae9fa7b3c1e20ab5ef6b30f7c3c4d14e23c8d3f2a24

Download Submit
\Windows\system\mIExvwc.exe

Filesize
6.0MB

MD5
e8e5c3c418538a89e2686817d9aacb23

SHA1
4b798776a286376bc1e33c9ce11ceac40c62472a

SHA256
3ac9f150ae9a18fb2f9027ce8d95f569347d5e833adfe43e103dac360a39f870

SHA512
19f99b44c91ba091472c3ec8c53ae51692b3576769033822cc824de4d496c5935df13461e88d16d6ba1379bacd47ae67b5b7ab4264b296a8c12094e7eb1efbbe

Download Submit
memory/1628-85-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/1628-3957-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/1628-1829-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/1696-62-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/1696-3932-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/1696-909-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/1896-2785-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/1896-3963-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/1896-101-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2352-78-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2352-1509-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2352-3951-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2464-3922-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2464-54-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2468-3913-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2468-34-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2468-91-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-3966-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2532-93-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2532-2133-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2576-716-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-3936-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-57-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-21-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-3878-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-28-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-3880-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-7-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3865-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-56-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-99-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2804-3916-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2804-41-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2920-1172-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2920-71-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2920-3938-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2980-13-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-69-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-3869-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-84-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/3028-49-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-0-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-33-0x0000000002510000-0x0000000002864000-memory.dmp

Filesize
3.3MB

Download
memory/3028-53-0x0000000002510000-0x0000000002864000-memory.dmp

Filesize
3.3MB

Download
memory/3028-2784-0x0000000002510000-0x0000000002864000-memory.dmp

Filesize
3.3MB

Download
memory/3028-77-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/3028-1508-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/3028-92-0x0000000002510000-0x0000000002864000-memory.dmp

Filesize
3.3MB

Download
memory/3028-27-0x0000000002510000-0x0000000002864000-memory.dmp

Filesize
3.3MB

Download
memory/3028-20-0x0000000002510000-0x0000000002864000-memory.dmp

Filesize
3.3MB

Download
memory/3028-39-0x0000000002510000-0x0000000002864000-memory.dmp

Filesize
3.3MB

Download
memory/3028-50-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-70-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/3028-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/3028-100-0x0000000002510000-0x0000000002864000-memory.dmp

Filesize
3.3MB

Download
memory/3028-2132-0x0000000002510000-0x0000000002864000-memory.dmp

Filesize
3.3MB

Download
memory/3028-1828-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/3028-908-0x0000000002510000-0x0000000002864000-memory.dmp

Filesize
3.3MB

Download
memory/3028-1171-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download