cobaltstrike | 18830101263d5d561dabc075d5407ea52e6bfbdfe990a5af93a86161732a254e

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 19:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

1362fb226d13622b1fbb09ca83c23f36
SHA1

5d50639e2bdd268b16ba2dbec2aa447efe8f261e
SHA256

18830101263d5d561dabc075d5407ea52e6bfbdfe990a5af93a86161732a254e
SHA512

e9cc16a6e4502097e909a3e7c1ba502475d0ed625b9c0883f8b0ace6c29a70c9a8af8e6d58b047058f2cf2d6ea4441540455d4cdd06398b10288ac05de27213f
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUv:T+q56utgpPF8u/7v

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 34 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000c000000023b59-4.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b64-10.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b65-21.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b66-26.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b67-37.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b63-12.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b68-40.dat	cobalt_reflective_dll
behavioral2/files/0x000c000000023b5a-47.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6b-67.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6f-74.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b71-93.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b73-101.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b74-107.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b75-112.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b78-136.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7a-144.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7c-152.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7e-181.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b83-188.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b82-187.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023b7f-183.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7d-179.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023b81-174.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023b80-173.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7b-163.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b79-159.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b77-134.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b76-132.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b72-105.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b70-86.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6e-81.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6d-77.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6c-71.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6a-57.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3248-0-0x00007FF75D880000-0x00007FF75DBD4000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b59-4.dat	xmrig
behavioral2/memory/4600-6-0x00007FF69C160000-0x00007FF69C4B4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b64-10.dat	xmrig
behavioral2/files/0x000a000000023b65-21.dat	xmrig
behavioral2/files/0x000a000000023b66-26.dat	xmrig
behavioral2/memory/2928-27-0x00007FF7F7CF0000-0x00007FF7F8044000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b67-37.dat	xmrig
behavioral2/memory/3460-36-0x00007FF6A9A20000-0x00007FF6A9D74000-memory.dmp	xmrig
behavioral2/memory/1856-31-0x00007FF63A7B0000-0x00007FF63AB04000-memory.dmp	xmrig
behavioral2/memory/5076-23-0x00007FF743280000-0x00007FF7435D4000-memory.dmp	xmrig
behavioral2/memory/1712-20-0x00007FF7F62D0000-0x00007FF7F6624000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b63-12.dat	xmrig
behavioral2/files/0x000a000000023b68-40.dat	xmrig
behavioral2/memory/2816-44-0x00007FF684040000-0x00007FF684394000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b5a-47.dat	xmrig
behavioral2/files/0x000a000000023b6b-67.dat	xmrig
behavioral2/files/0x000a000000023b6f-74.dat	xmrig
behavioral2/files/0x000a000000023b71-93.dat	xmrig
behavioral2/files/0x000a000000023b73-101.dat	xmrig
behavioral2/files/0x000a000000023b74-107.dat	xmrig
behavioral2/files/0x000a000000023b75-112.dat	xmrig
behavioral2/files/0x000a000000023b78-136.dat	xmrig
behavioral2/files/0x000a000000023b7a-144.dat	xmrig
behavioral2/files/0x000a000000023b7c-152.dat	xmrig
behavioral2/files/0x000a000000023b7e-181.dat	xmrig
behavioral2/memory/1604-331-0x00007FF7AD850000-0x00007FF7ADBA4000-memory.dmp	xmrig
behavioral2/memory/3948-334-0x00007FF6BFC20000-0x00007FF6BFF74000-memory.dmp	xmrig
behavioral2/memory/532-337-0x00007FF603A10000-0x00007FF603D64000-memory.dmp	xmrig
behavioral2/memory/1632-338-0x00007FF7DB960000-0x00007FF7DBCB4000-memory.dmp	xmrig
behavioral2/memory/516-336-0x00007FF7003C0000-0x00007FF700714000-memory.dmp	xmrig
behavioral2/memory/5076-335-0x00007FF743280000-0x00007FF7435D4000-memory.dmp	xmrig
behavioral2/memory/3512-333-0x00007FF7B88D0000-0x00007FF7B8C24000-memory.dmp	xmrig
behavioral2/memory/4328-332-0x00007FF64B0E0000-0x00007FF64B434000-memory.dmp	xmrig
behavioral2/memory/3084-330-0x00007FF731DB0000-0x00007FF732104000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b83-188.dat	xmrig
behavioral2/files/0x000a000000023b82-187.dat	xmrig
behavioral2/files/0x0031000000023b7f-183.dat	xmrig
behavioral2/files/0x000a000000023b7d-179.dat	xmrig
behavioral2/files/0x0031000000023b81-174.dat	xmrig
behavioral2/files/0x0031000000023b80-173.dat	xmrig
behavioral2/memory/3292-172-0x00007FF7CB700000-0x00007FF7CBA54000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b7b-163.dat	xmrig
behavioral2/files/0x000a000000023b79-159.dat	xmrig
behavioral2/memory/4056-150-0x00007FF659F90000-0x00007FF65A2E4000-memory.dmp	xmrig
behavioral2/memory/2636-141-0x00007FF721780000-0x00007FF721AD4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b77-134.dat	xmrig
behavioral2/files/0x000a000000023b76-132.dat	xmrig
behavioral2/memory/2136-142-0x00007FF77CEB0000-0x00007FF77D204000-memory.dmp	xmrig
behavioral2/memory/1744-131-0x00007FF7BF960000-0x00007FF7BFCB4000-memory.dmp	xmrig
behavioral2/memory/668-130-0x00007FF677EB0000-0x00007FF678204000-memory.dmp	xmrig
behavioral2/memory/1712-127-0x00007FF7F62D0000-0x00007FF7F6624000-memory.dmp	xmrig
behavioral2/memory/4600-119-0x00007FF69C160000-0x00007FF69C4B4000-memory.dmp	xmrig
behavioral2/memory/1808-117-0x00007FF6EDC30000-0x00007FF6EDF84000-memory.dmp	xmrig
behavioral2/memory/3236-110-0x00007FF6B11F0000-0x00007FF6B1544000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b72-105.dat	xmrig
behavioral2/memory/644-104-0x00007FF66F920000-0x00007FF66FC74000-memory.dmp	xmrig
behavioral2/memory/4944-100-0x00007FF6332E0000-0x00007FF633634000-memory.dmp	xmrig
behavioral2/memory/1392-96-0x00007FF6BD7B0000-0x00007FF6BDB04000-memory.dmp	xmrig
behavioral2/memory/2928-361-0x00007FF7F7CF0000-0x00007FF7F8044000-memory.dmp	xmrig
behavioral2/memory/2384-94-0x00007FF637C40000-0x00007FF637F94000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b70-86.dat	xmrig
behavioral2/files/0x000a000000023b6e-81.dat	xmrig
behavioral2/files/0x000a000000023b6d-77.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4600	YaGtPUd.exe
1712	JTUxFmk.exe
5076	tnzxLoe.exe
2928	tCuNTzO.exe
1856	ZBNhvHC.exe
3460	FlWeMHz.exe
2816	XjBPwpE.exe
4824	DDyzGGi.exe
1452	zmCFuiY.exe
2384	cmNMGgd.exe
668	cfbJhmR.exe
1392	JUZbjvW.exe
4944	kGOFwQS.exe
644	RkSCKcq.exe
3236	LXtUgBY.exe
1808	DbcTmmj.exe
1744	pKSFrss.exe
2636	DXBGOkA.exe
2136	ihNcAHC.exe
4056	gPSKxlO.exe
3948	Xrmiekr.exe
3292	JBUXwlH.exe
3084	OBizRna.exe
516	pcICymp.exe
1604	QfuuHnG.exe
532	jCBoEqI.exe
4328	Smbfdvr.exe
1632	CWiaXiP.exe
3512	XdTvxkR.exe
2388	igdsFHV.exe
4956	xTAhCPH.exe
4516	AFnZaQg.exe
3440	oTIrnEc.exe
3064	dvrswuv.exe
4416	WRrmEAm.exe
216	YRXBTBR.exe
4972	tpjCNKo.exe
3556	trGOSdH.exe
4968	hchkcoe.exe
1132	nymvnvN.exe
4436	qWvwVGI.exe
2640	aeUmSBk.exe
4800	GCezKtS.exe
3120	KcLclKn.exe
3836	vdHKLIK.exe
4076	duneBtg.exe
752	mtexBNQ.exe
3840	vfDEMKY.exe
1552	bDqkirk.exe
4100	FnkkhPK.exe
592	ePDpwTF.exe
2536	bnutEca.exe
1768	vHGiBiK.exe
968	vgakBrf.exe
4912	NeuXmuD.exe
4596	sHQcGyi.exe
3000	VjCixZI.exe
3380	QptjQcH.exe
5060	ofuPxbX.exe
1840	KVaDkfg.exe
2956	dAkOTvX.exe
1096	bPifFpS.exe
228	uOnINgX.exe
3928	gNfRxTV.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3248-0-0x00007FF75D880000-0x00007FF75DBD4000-memory.dmp	upx
behavioral2/files/0x000c000000023b59-4.dat	upx
behavioral2/memory/4600-6-0x00007FF69C160000-0x00007FF69C4B4000-memory.dmp	upx
behavioral2/files/0x000a000000023b64-10.dat	upx
behavioral2/files/0x000a000000023b65-21.dat	upx
behavioral2/files/0x000a000000023b66-26.dat	upx
behavioral2/memory/2928-27-0x00007FF7F7CF0000-0x00007FF7F8044000-memory.dmp	upx
behavioral2/files/0x000a000000023b67-37.dat	upx
behavioral2/memory/3460-36-0x00007FF6A9A20000-0x00007FF6A9D74000-memory.dmp	upx
behavioral2/memory/1856-31-0x00007FF63A7B0000-0x00007FF63AB04000-memory.dmp	upx
behavioral2/memory/5076-23-0x00007FF743280000-0x00007FF7435D4000-memory.dmp	upx
behavioral2/memory/1712-20-0x00007FF7F62D0000-0x00007FF7F6624000-memory.dmp	upx
behavioral2/files/0x000a000000023b63-12.dat	upx
behavioral2/files/0x000a000000023b68-40.dat	upx
behavioral2/memory/2816-44-0x00007FF684040000-0x00007FF684394000-memory.dmp	upx
behavioral2/files/0x000c000000023b5a-47.dat	upx
behavioral2/files/0x000a000000023b6b-67.dat	upx
behavioral2/files/0x000a000000023b6f-74.dat	upx
behavioral2/files/0x000a000000023b71-93.dat	upx
behavioral2/files/0x000a000000023b73-101.dat	upx
behavioral2/files/0x000a000000023b74-107.dat	upx
behavioral2/files/0x000a000000023b75-112.dat	upx
behavioral2/files/0x000a000000023b78-136.dat	upx
behavioral2/files/0x000a000000023b7a-144.dat	upx
behavioral2/files/0x000a000000023b7c-152.dat	upx
behavioral2/files/0x000a000000023b7e-181.dat	upx
behavioral2/memory/1604-331-0x00007FF7AD850000-0x00007FF7ADBA4000-memory.dmp	upx
behavioral2/memory/3948-334-0x00007FF6BFC20000-0x00007FF6BFF74000-memory.dmp	upx
behavioral2/memory/532-337-0x00007FF603A10000-0x00007FF603D64000-memory.dmp	upx
behavioral2/memory/1632-338-0x00007FF7DB960000-0x00007FF7DBCB4000-memory.dmp	upx
behavioral2/memory/516-336-0x00007FF7003C0000-0x00007FF700714000-memory.dmp	upx
behavioral2/memory/5076-335-0x00007FF743280000-0x00007FF7435D4000-memory.dmp	upx
behavioral2/memory/3512-333-0x00007FF7B88D0000-0x00007FF7B8C24000-memory.dmp	upx
behavioral2/memory/4328-332-0x00007FF64B0E0000-0x00007FF64B434000-memory.dmp	upx
behavioral2/memory/3084-330-0x00007FF731DB0000-0x00007FF732104000-memory.dmp	upx
behavioral2/files/0x000a000000023b83-188.dat	upx
behavioral2/files/0x000a000000023b82-187.dat	upx
behavioral2/files/0x0031000000023b7f-183.dat	upx
behavioral2/files/0x000a000000023b7d-179.dat	upx
behavioral2/files/0x0031000000023b81-174.dat	upx
behavioral2/files/0x0031000000023b80-173.dat	upx
behavioral2/memory/3292-172-0x00007FF7CB700000-0x00007FF7CBA54000-memory.dmp	upx
behavioral2/files/0x000a000000023b7b-163.dat	upx
behavioral2/files/0x000a000000023b79-159.dat	upx
behavioral2/memory/4056-150-0x00007FF659F90000-0x00007FF65A2E4000-memory.dmp	upx
behavioral2/memory/2636-141-0x00007FF721780000-0x00007FF721AD4000-memory.dmp	upx
behavioral2/files/0x000a000000023b77-134.dat	upx
behavioral2/files/0x000a000000023b76-132.dat	upx
behavioral2/memory/2136-142-0x00007FF77CEB0000-0x00007FF77D204000-memory.dmp	upx
behavioral2/memory/1744-131-0x00007FF7BF960000-0x00007FF7BFCB4000-memory.dmp	upx
behavioral2/memory/668-130-0x00007FF677EB0000-0x00007FF678204000-memory.dmp	upx
behavioral2/memory/1712-127-0x00007FF7F62D0000-0x00007FF7F6624000-memory.dmp	upx
behavioral2/memory/4600-119-0x00007FF69C160000-0x00007FF69C4B4000-memory.dmp	upx
behavioral2/memory/1808-117-0x00007FF6EDC30000-0x00007FF6EDF84000-memory.dmp	upx
behavioral2/memory/3236-110-0x00007FF6B11F0000-0x00007FF6B1544000-memory.dmp	upx
behavioral2/files/0x000a000000023b72-105.dat	upx
behavioral2/memory/644-104-0x00007FF66F920000-0x00007FF66FC74000-memory.dmp	upx
behavioral2/memory/4944-100-0x00007FF6332E0000-0x00007FF633634000-memory.dmp	upx
behavioral2/memory/1392-96-0x00007FF6BD7B0000-0x00007FF6BDB04000-memory.dmp	upx
behavioral2/memory/2928-361-0x00007FF7F7CF0000-0x00007FF7F8044000-memory.dmp	upx
behavioral2/memory/2384-94-0x00007FF637C40000-0x00007FF637F94000-memory.dmp	upx
behavioral2/files/0x000a000000023b70-86.dat	upx
behavioral2/files/0x000a000000023b6e-81.dat	upx
behavioral2/files/0x000a000000023b6d-77.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\KfSzKtM.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UKtbVKC.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NeuXmuD.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NVQNQSA.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SnagKan.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FQJMTrp.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EQcthvZ.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\waepDpg.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rzBTxPD.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gpFNLiq.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bWINkoP.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RBrmYGj.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pWflxta.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\poFDDKI.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZMWGZuL.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tcXnyrH.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rigaRwb.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\khXALsF.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZMhkBhj.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eHqIQSV.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VQIlIXB.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XwakMVF.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CwyVnOM.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DbcTmmj.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MFPZTzj.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NKESwDz.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DLcUqte.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yFGdHnF.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FHgwNvj.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wtbDyoC.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YdyLQgK.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pKSFrss.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PgwcfNg.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pchiGsN.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kMFRKnx.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tNysolJ.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eoYcCrV.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KlfHlLE.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nUOATYD.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kmZCyQW.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VGdLrvA.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JTzgVjd.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qekvKfL.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zWNrFjt.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OcndAge.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WkdLOBl.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AAYyFxi.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nQLEqvp.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QrEvMWs.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\guHYVSj.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gNfRxTV.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ADcFatd.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yPXKRCT.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zhxzejR.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hHXkVgZ.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fDgNAlY.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DTbUECJ.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rVsnjFV.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QCTmwEc.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FGUOajS.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lpAVpiQ.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kgxjipo.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WnBbxWP.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rrEIXZE.exe	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3248 wrote to memory of 4600	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 3248 wrote to memory of 4600	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 3248 wrote to memory of 1712	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 3248 wrote to memory of 1712	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 3248 wrote to memory of 5076	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 3248 wrote to memory of 5076	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 3248 wrote to memory of 2928	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 3248 wrote to memory of 2928	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 3248 wrote to memory of 1856	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3248 wrote to memory of 1856	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3248 wrote to memory of 3460	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 3248 wrote to memory of 3460	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 3248 wrote to memory of 2816	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3248 wrote to memory of 2816	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3248 wrote to memory of 4824	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 3248 wrote to memory of 4824	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 3248 wrote to memory of 1452	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3248 wrote to memory of 1452	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3248 wrote to memory of 2384	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3248 wrote to memory of 2384	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3248 wrote to memory of 668	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3248 wrote to memory of 668	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3248 wrote to memory of 1392	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 3248 wrote to memory of 1392	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 3248 wrote to memory of 4944	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3248 wrote to memory of 4944	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3248 wrote to memory of 644	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3248 wrote to memory of 644	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3248 wrote to memory of 3236	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3248 wrote to memory of 3236	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3248 wrote to memory of 1808	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3248 wrote to memory of 1808	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3248 wrote to memory of 1744	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3248 wrote to memory of 1744	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3248 wrote to memory of 2636	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3248 wrote to memory of 2636	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3248 wrote to memory of 2136	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 3248 wrote to memory of 2136	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 3248 wrote to memory of 4056	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3248 wrote to memory of 4056	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3248 wrote to memory of 3948	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3248 wrote to memory of 3948	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3248 wrote to memory of 3292	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3248 wrote to memory of 3292	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3248 wrote to memory of 3084	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3248 wrote to memory of 3084	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3248 wrote to memory of 516	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 3248 wrote to memory of 516	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 3248 wrote to memory of 1604	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3248 wrote to memory of 1604	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3248 wrote to memory of 532	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3248 wrote to memory of 532	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3248 wrote to memory of 4328	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3248 wrote to memory of 4328	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3248 wrote to memory of 1632	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3248 wrote to memory of 1632	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3248 wrote to memory of 3512	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3248 wrote to memory of 3512	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3248 wrote to memory of 2388	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3248 wrote to memory of 2388	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3248 wrote to memory of 4956	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3248 wrote to memory of 4956	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3248 wrote to memory of 4516	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 3248 wrote to memory of 4516	3248	2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe	114

C:\Users\Admin\AppData\Local\Temp\2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_1362fb226d13622b1fbb09ca83c23f36_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3248
- C:\Windows\System\YaGtPUd.exe
  C:\Windows\System\YaGtPUd.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\JTUxFmk.exe
  C:\Windows\System\JTUxFmk.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\tnzxLoe.exe
  C:\Windows\System\tnzxLoe.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\tCuNTzO.exe
  C:\Windows\System\tCuNTzO.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\ZBNhvHC.exe
  C:\Windows\System\ZBNhvHC.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\FlWeMHz.exe
  C:\Windows\System\FlWeMHz.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\XjBPwpE.exe
  C:\Windows\System\XjBPwpE.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\DDyzGGi.exe
  C:\Windows\System\DDyzGGi.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\zmCFuiY.exe
  C:\Windows\System\zmCFuiY.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\cmNMGgd.exe
  C:\Windows\System\cmNMGgd.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\cfbJhmR.exe
  C:\Windows\System\cfbJhmR.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\JUZbjvW.exe
  C:\Windows\System\JUZbjvW.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\kGOFwQS.exe
  C:\Windows\System\kGOFwQS.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\RkSCKcq.exe
  C:\Windows\System\RkSCKcq.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\LXtUgBY.exe
  C:\Windows\System\LXtUgBY.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\DbcTmmj.exe
  C:\Windows\System\DbcTmmj.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\pKSFrss.exe
  C:\Windows\System\pKSFrss.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\DXBGOkA.exe
  C:\Windows\System\DXBGOkA.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\ihNcAHC.exe
  C:\Windows\System\ihNcAHC.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\gPSKxlO.exe
  C:\Windows\System\gPSKxlO.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\Xrmiekr.exe
  C:\Windows\System\Xrmiekr.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\JBUXwlH.exe
  C:\Windows\System\JBUXwlH.exe
  2⤵
  - Executes dropped EXE
  PID:3292
- C:\Windows\System\OBizRna.exe
  C:\Windows\System\OBizRna.exe
  2⤵
  - Executes dropped EXE
  PID:3084
- C:\Windows\System\pcICymp.exe
  C:\Windows\System\pcICymp.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\QfuuHnG.exe
  C:\Windows\System\QfuuHnG.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\jCBoEqI.exe
  C:\Windows\System\jCBoEqI.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\Smbfdvr.exe
  C:\Windows\System\Smbfdvr.exe
  2⤵
  - Executes dropped EXE
  PID:4328
- C:\Windows\System\CWiaXiP.exe
  C:\Windows\System\CWiaXiP.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\XdTvxkR.exe
  C:\Windows\System\XdTvxkR.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\igdsFHV.exe
  C:\Windows\System\igdsFHV.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\xTAhCPH.exe
  C:\Windows\System\xTAhCPH.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\AFnZaQg.exe
  C:\Windows\System\AFnZaQg.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\oTIrnEc.exe
  C:\Windows\System\oTIrnEc.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\dvrswuv.exe
  C:\Windows\System\dvrswuv.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\WRrmEAm.exe
  C:\Windows\System\WRrmEAm.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\YRXBTBR.exe
  C:\Windows\System\YRXBTBR.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\tpjCNKo.exe
  C:\Windows\System\tpjCNKo.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\trGOSdH.exe
  C:\Windows\System\trGOSdH.exe
  2⤵
  - Executes dropped EXE
  PID:3556
- C:\Windows\System\hchkcoe.exe
  C:\Windows\System\hchkcoe.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\nymvnvN.exe
  C:\Windows\System\nymvnvN.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\qWvwVGI.exe
  C:\Windows\System\qWvwVGI.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\aeUmSBk.exe
  C:\Windows\System\aeUmSBk.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\GCezKtS.exe
  C:\Windows\System\GCezKtS.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\KcLclKn.exe
  C:\Windows\System\KcLclKn.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\vdHKLIK.exe
  C:\Windows\System\vdHKLIK.exe
  2⤵
  - Executes dropped EXE
  PID:3836
- C:\Windows\System\duneBtg.exe
  C:\Windows\System\duneBtg.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System\mtexBNQ.exe
  C:\Windows\System\mtexBNQ.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\vfDEMKY.exe
  C:\Windows\System\vfDEMKY.exe
  2⤵
  - Executes dropped EXE
  PID:3840
- C:\Windows\System\bDqkirk.exe
  C:\Windows\System\bDqkirk.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\FnkkhPK.exe
  C:\Windows\System\FnkkhPK.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\ePDpwTF.exe
  C:\Windows\System\ePDpwTF.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\bnutEca.exe
  C:\Windows\System\bnutEca.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\vHGiBiK.exe
  C:\Windows\System\vHGiBiK.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\vgakBrf.exe
  C:\Windows\System\vgakBrf.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\NeuXmuD.exe
  C:\Windows\System\NeuXmuD.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\sHQcGyi.exe
  C:\Windows\System\sHQcGyi.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\VjCixZI.exe
  C:\Windows\System\VjCixZI.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\QptjQcH.exe
  C:\Windows\System\QptjQcH.exe
  2⤵
  - Executes dropped EXE
  PID:3380
- C:\Windows\System\ofuPxbX.exe
  C:\Windows\System\ofuPxbX.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\KVaDkfg.exe
  C:\Windows\System\KVaDkfg.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\dAkOTvX.exe
  C:\Windows\System\dAkOTvX.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\bPifFpS.exe
  C:\Windows\System\bPifFpS.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\uOnINgX.exe
  C:\Windows\System\uOnINgX.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\gNfRxTV.exe
  C:\Windows\System\gNfRxTV.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\uCSduAi.exe
  C:\Windows\System\uCSduAi.exe
  2⤵
  PID:4576
- C:\Windows\System\eIHyfRh.exe
  C:\Windows\System\eIHyfRh.exe
  2⤵
  PID:372
- C:\Windows\System\cMZifEA.exe
  C:\Windows\System\cMZifEA.exe
  2⤵
  PID:3220
- C:\Windows\System\lKBCYoS.exe
  C:\Windows\System\lKBCYoS.exe
  2⤵
  PID:848
- C:\Windows\System\WelGJzs.exe
  C:\Windows\System\WelGJzs.exe
  2⤵
  PID:3652
- C:\Windows\System\rnnqTgw.exe
  C:\Windows\System\rnnqTgw.exe
  2⤵
  PID:4384
- C:\Windows\System\IKRdhCk.exe
  C:\Windows\System\IKRdhCk.exe
  2⤵
  PID:4840
- C:\Windows\System\TwVrNNX.exe
  C:\Windows\System\TwVrNNX.exe
  2⤵
  PID:2176
- C:\Windows\System\zOCRTnn.exe
  C:\Windows\System\zOCRTnn.exe
  2⤵
  PID:1660
- C:\Windows\System\sLmDvPH.exe
  C:\Windows\System\sLmDvPH.exe
  2⤵
  PID:116
- C:\Windows\System\aowPRuI.exe
  C:\Windows\System\aowPRuI.exe
  2⤵
  PID:3328
- C:\Windows\System\cNxYMYJ.exe
  C:\Windows\System\cNxYMYJ.exe
  2⤵
  PID:5052
- C:\Windows\System\hlBGVnU.exe
  C:\Windows\System\hlBGVnU.exe
  2⤵
  PID:1324
- C:\Windows\System\QvytXFY.exe
  C:\Windows\System\QvytXFY.exe
  2⤵
  PID:2624
- C:\Windows\System\YAesmgA.exe
  C:\Windows\System\YAesmgA.exe
  2⤵
  PID:3564
- C:\Windows\System\WSgCvKA.exe
  C:\Windows\System\WSgCvKA.exe
  2⤵
  PID:888
- C:\Windows\System\JsgKVCE.exe
  C:\Windows\System\JsgKVCE.exe
  2⤵
  PID:2664
- C:\Windows\System\PizbQDp.exe
  C:\Windows\System\PizbQDp.exe
  2⤵
  PID:3808
- C:\Windows\System\iZrrGps.exe
  C:\Windows\System\iZrrGps.exe
  2⤵
  PID:5180
- C:\Windows\System\hYhCcBK.exe
  C:\Windows\System\hYhCcBK.exe
  2⤵
  PID:5196
- C:\Windows\System\fREVPQL.exe
  C:\Windows\System\fREVPQL.exe
  2⤵
  PID:5232
- C:\Windows\System\pHrcacn.exe
  C:\Windows\System\pHrcacn.exe
  2⤵
  PID:5256
- C:\Windows\System\TjIouOy.exe
  C:\Windows\System\TjIouOy.exe
  2⤵
  PID:5308
- C:\Windows\System\BPRRVVV.exe
  C:\Windows\System\BPRRVVV.exe
  2⤵
  PID:5348
- C:\Windows\System\PYSNZeC.exe
  C:\Windows\System\PYSNZeC.exe
  2⤵
  PID:5424
- C:\Windows\System\nLuwdua.exe
  C:\Windows\System\nLuwdua.exe
  2⤵
  PID:5464
- C:\Windows\System\pVviaou.exe
  C:\Windows\System\pVviaou.exe
  2⤵
  PID:5492
- C:\Windows\System\uzxtxJR.exe
  C:\Windows\System\uzxtxJR.exe
  2⤵
  PID:5516
- C:\Windows\System\nrFbivm.exe
  C:\Windows\System\nrFbivm.exe
  2⤵
  PID:5556
- C:\Windows\System\RgAZTzj.exe
  C:\Windows\System\RgAZTzj.exe
  2⤵
  PID:5592
- C:\Windows\System\hErbHdJ.exe
  C:\Windows\System\hErbHdJ.exe
  2⤵
  PID:5612
- C:\Windows\System\lgRnGDb.exe
  C:\Windows\System\lgRnGDb.exe
  2⤵
  PID:5652
- C:\Windows\System\xnSQPdV.exe
  C:\Windows\System\xnSQPdV.exe
  2⤵
  PID:5672
- C:\Windows\System\mtZDIPt.exe
  C:\Windows\System\mtZDIPt.exe
  2⤵
  PID:5712
- C:\Windows\System\RzwFpPk.exe
  C:\Windows\System\RzwFpPk.exe
  2⤵
  PID:5740
- C:\Windows\System\cZEqgwM.exe
  C:\Windows\System\cZEqgwM.exe
  2⤵
  PID:5768
- C:\Windows\System\BCIvmfA.exe
  C:\Windows\System\BCIvmfA.exe
  2⤵
  PID:5796
- C:\Windows\System\iWmGLMw.exe
  C:\Windows\System\iWmGLMw.exe
  2⤵
  PID:5824
- C:\Windows\System\opdlQwn.exe
  C:\Windows\System\opdlQwn.exe
  2⤵
  PID:5852
- C:\Windows\System\pkAoXEu.exe
  C:\Windows\System\pkAoXEu.exe
  2⤵
  PID:5880
- C:\Windows\System\oavIJOB.exe
  C:\Windows\System\oavIJOB.exe
  2⤵
  PID:5908
- C:\Windows\System\ATfhnlA.exe
  C:\Windows\System\ATfhnlA.exe
  2⤵
  PID:5944
- C:\Windows\System\gWIRidn.exe
  C:\Windows\System\gWIRidn.exe
  2⤵
  PID:5976
- C:\Windows\System\LbvnMeL.exe
  C:\Windows\System\LbvnMeL.exe
  2⤵
  PID:5996
- C:\Windows\System\ADcFatd.exe
  C:\Windows\System\ADcFatd.exe
  2⤵
  PID:6032
- C:\Windows\System\isggsmQ.exe
  C:\Windows\System\isggsmQ.exe
  2⤵
  PID:6060
- C:\Windows\System\nkKqDyn.exe
  C:\Windows\System\nkKqDyn.exe
  2⤵
  PID:6092
- C:\Windows\System\sOcLNHX.exe
  C:\Windows\System\sOcLNHX.exe
  2⤵
  PID:6124
- C:\Windows\System\MainRng.exe
  C:\Windows\System\MainRng.exe
  2⤵
  PID:348
- C:\Windows\System\ijZTENn.exe
  C:\Windows\System\ijZTENn.exe
  2⤵
  PID:3428
- C:\Windows\System\zREikVc.exe
  C:\Windows\System\zREikVc.exe
  2⤵
  PID:748
- C:\Windows\System\jZzqnOB.exe
  C:\Windows\System\jZzqnOB.exe
  2⤵
  PID:2724
- C:\Windows\System\OohdFGo.exe
  C:\Windows\System\OohdFGo.exe
  2⤵
  PID:3888
- C:\Windows\System\vjYiInG.exe
  C:\Windows\System\vjYiInG.exe
  2⤵
  PID:2324
- C:\Windows\System\fjhyaVY.exe
  C:\Windows\System\fjhyaVY.exe
  2⤵
  PID:656
- C:\Windows\System\hXkyjQv.exe
  C:\Windows\System\hXkyjQv.exe
  2⤵
  PID:5128
- C:\Windows\System\LDdYico.exe
  C:\Windows\System\LDdYico.exe
  2⤵
  PID:5220
- C:\Windows\System\jAUfxdD.exe
  C:\Windows\System\jAUfxdD.exe
  2⤵
  PID:4236
- C:\Windows\System\KNLKuxQ.exe
  C:\Windows\System\KNLKuxQ.exe
  2⤵
  PID:5244
- C:\Windows\System\swmhgCc.exe
  C:\Windows\System\swmhgCc.exe
  2⤵
  PID:5300
- C:\Windows\System\twJBlEF.exe
  C:\Windows\System\twJBlEF.exe
  2⤵
  PID:1268
- C:\Windows\System\YxOzJgB.exe
  C:\Windows\System\YxOzJgB.exe
  2⤵
  PID:3448
- C:\Windows\System\GsRPLuh.exe
  C:\Windows\System\GsRPLuh.exe
  2⤵
  PID:2896
- C:\Windows\System\UwbLxez.exe
  C:\Windows\System\UwbLxez.exe
  2⤵
  PID:2108
- C:\Windows\System\HuzzqcG.exe
  C:\Windows\System\HuzzqcG.exe
  2⤵
  PID:820
- C:\Windows\System\xAZYghz.exe
  C:\Windows\System\xAZYghz.exe
  2⤵
  PID:5148
- C:\Windows\System\Untbndy.exe
  C:\Windows\System\Untbndy.exe
  2⤵
  PID:2184
- C:\Windows\System\lXcQzwr.exe
  C:\Windows\System\lXcQzwr.exe
  2⤵
  PID:5400
- C:\Windows\System\lOQGmhG.exe
  C:\Windows\System\lOQGmhG.exe
  2⤵
  PID:1996
- C:\Windows\System\MLxTUhw.exe
  C:\Windows\System\MLxTUhw.exe
  2⤵
  PID:1128
- C:\Windows\System\gBhNwOL.exe
  C:\Windows\System\gBhNwOL.exe
  2⤵
  PID:5580
- C:\Windows\System\uIqPTNe.exe
  C:\Windows\System\uIqPTNe.exe
  2⤵
  PID:5608
- C:\Windows\System\joPAOPO.exe
  C:\Windows\System\joPAOPO.exe
  2⤵
  PID:4856
- C:\Windows\System\lAWCyrR.exe
  C:\Windows\System\lAWCyrR.exe
  2⤵
  PID:5696
- C:\Windows\System\WkwxJPQ.exe
  C:\Windows\System\WkwxJPQ.exe
  2⤵
  PID:5752
- C:\Windows\System\kmZCyQW.exe
  C:\Windows\System\kmZCyQW.exe
  2⤵
  PID:5780
- C:\Windows\System\WtiblDj.exe
  C:\Windows\System\WtiblDj.exe
  2⤵
  PID:5812
- C:\Windows\System\vrrWRlB.exe
  C:\Windows\System\vrrWRlB.exe
  2⤵
  PID:5860
- C:\Windows\System\dPUjdDi.exe
  C:\Windows\System\dPUjdDi.exe
  2⤵
  PID:5892
- C:\Windows\System\eEXJwQu.exe
  C:\Windows\System\eEXJwQu.exe
  2⤵
  PID:5952
- C:\Windows\System\icDeFrL.exe
  C:\Windows\System\icDeFrL.exe
  2⤵
  PID:5988
- C:\Windows\System\FXrhNvu.exe
  C:\Windows\System\FXrhNvu.exe
  2⤵
  PID:6068
- C:\Windows\System\kgkOftP.exe
  C:\Windows\System\kgkOftP.exe
  2⤵
  PID:6132
- C:\Windows\System\yKwsQho.exe
  C:\Windows\System\yKwsQho.exe
  2⤵
  PID:3784
- C:\Windows\System\gtYFjZr.exe
  C:\Windows\System\gtYFjZr.exe
  2⤵
  PID:4796
- C:\Windows\System\hyHvzqu.exe
  C:\Windows\System\hyHvzqu.exe
  2⤵
  PID:3412
- C:\Windows\System\PnAiNBE.exe
  C:\Windows\System\PnAiNBE.exe
  2⤵
  PID:5204
- C:\Windows\System\jUNNopG.exe
  C:\Windows\System\jUNNopG.exe
  2⤵
  PID:5408
- C:\Windows\System\jfZeQtw.exe
  C:\Windows\System\jfZeQtw.exe
  2⤵
  PID:464
- C:\Windows\System\QOqcyrd.exe
  C:\Windows\System\QOqcyrd.exe
  2⤵
  PID:5476
- C:\Windows\System\WIOFzeq.exe
  C:\Windows\System\WIOFzeq.exe
  2⤵
  PID:5540
- C:\Windows\System\xpoagYG.exe
  C:\Windows\System\xpoagYG.exe
  2⤵
  PID:2848
- C:\Windows\System\AQdkqrA.exe
  C:\Windows\System\AQdkqrA.exe
  2⤵
  PID:6052
- C:\Windows\System\vQsNhyw.exe
  C:\Windows\System\vQsNhyw.exe
  2⤵
  PID:1464
- C:\Windows\System\IqjfaVa.exe
  C:\Windows\System\IqjfaVa.exe
  2⤵
  PID:4952
- C:\Windows\System\AzldhMr.exe
  C:\Windows\System\AzldhMr.exe
  2⤵
  PID:2856
- C:\Windows\System\OQFDQed.exe
  C:\Windows\System\OQFDQed.exe
  2⤵
  PID:2080
- C:\Windows\System\SfTPbND.exe
  C:\Windows\System\SfTPbND.exe
  2⤵
  PID:5528
- C:\Windows\System\mYrwzfe.exe
  C:\Windows\System\mYrwzfe.exe
  2⤵
  PID:6040
- C:\Windows\System\DvlKgpx.exe
  C:\Windows\System\DvlKgpx.exe
  2⤵
  PID:1932
- C:\Windows\System\rVsnjFV.exe
  C:\Windows\System\rVsnjFV.exe
  2⤵
  PID:6176
- C:\Windows\System\TCSpYOP.exe
  C:\Windows\System\TCSpYOP.exe
  2⤵
  PID:6208
- C:\Windows\System\OvZAyQL.exe
  C:\Windows\System\OvZAyQL.exe
  2⤵
  PID:6236
- C:\Windows\System\wqAucnN.exe
  C:\Windows\System\wqAucnN.exe
  2⤵
  PID:6264
- C:\Windows\System\hCENGil.exe
  C:\Windows\System\hCENGil.exe
  2⤵
  PID:6288
- C:\Windows\System\ETJoqRp.exe
  C:\Windows\System\ETJoqRp.exe
  2⤵
  PID:6316
- C:\Windows\System\vZQTuzx.exe
  C:\Windows\System\vZQTuzx.exe
  2⤵
  PID:6348
- C:\Windows\System\lzwsSSi.exe
  C:\Windows\System\lzwsSSi.exe
  2⤵
  PID:6376
- C:\Windows\System\TblgowQ.exe
  C:\Windows\System\TblgowQ.exe
  2⤵
  PID:6400
- C:\Windows\System\eilsuia.exe
  C:\Windows\System\eilsuia.exe
  2⤵
  PID:6432
- C:\Windows\System\jXyCEKR.exe
  C:\Windows\System\jXyCEKR.exe
  2⤵
  PID:6460
- C:\Windows\System\sAEaOdv.exe
  C:\Windows\System\sAEaOdv.exe
  2⤵
  PID:6508
- C:\Windows\System\AaQYKSq.exe
  C:\Windows\System\AaQYKSq.exe
  2⤵
  PID:6536
- C:\Windows\System\VGdLrvA.exe
  C:\Windows\System\VGdLrvA.exe
  2⤵
  PID:6560
- C:\Windows\System\JOsjnrj.exe
  C:\Windows\System\JOsjnrj.exe
  2⤵
  PID:6588
- C:\Windows\System\MIIVMvX.exe
  C:\Windows\System\MIIVMvX.exe
  2⤵
  PID:6628
- C:\Windows\System\OcndAge.exe
  C:\Windows\System\OcndAge.exe
  2⤵
  PID:6652
- C:\Windows\System\rmWCyvo.exe
  C:\Windows\System\rmWCyvo.exe
  2⤵
  PID:6672
- C:\Windows\System\lilTYbH.exe
  C:\Windows\System\lilTYbH.exe
  2⤵
  PID:6696
- C:\Windows\System\wqMDbWE.exe
  C:\Windows\System\wqMDbWE.exe
  2⤵
  PID:6744
- C:\Windows\System\AUSIkSQ.exe
  C:\Windows\System\AUSIkSQ.exe
  2⤵
  PID:6772
- C:\Windows\System\rzBTxPD.exe
  C:\Windows\System\rzBTxPD.exe
  2⤵
  PID:6800
- C:\Windows\System\OIQpbUT.exe
  C:\Windows\System\OIQpbUT.exe
  2⤵
  PID:6824
- C:\Windows\System\hJZJCUG.exe
  C:\Windows\System\hJZJCUG.exe
  2⤵
  PID:6856
- C:\Windows\System\rikgbfL.exe
  C:\Windows\System\rikgbfL.exe
  2⤵
  PID:6884
- C:\Windows\System\cwmuDfb.exe
  C:\Windows\System\cwmuDfb.exe
  2⤵
  PID:6916
- C:\Windows\System\dLzQPku.exe
  C:\Windows\System\dLzQPku.exe
  2⤵
  PID:6944
- C:\Windows\System\xrYRYDJ.exe
  C:\Windows\System\xrYRYDJ.exe
  2⤵
  PID:6976
- C:\Windows\System\QUFQEyd.exe
  C:\Windows\System\QUFQEyd.exe
  2⤵
  PID:7000
- C:\Windows\System\prOpNWx.exe
  C:\Windows\System\prOpNWx.exe
  2⤵
  PID:7028
- C:\Windows\System\SmXoCgp.exe
  C:\Windows\System\SmXoCgp.exe
  2⤵
  PID:7060
- C:\Windows\System\wBnIDrs.exe
  C:\Windows\System\wBnIDrs.exe
  2⤵
  PID:7084
- C:\Windows\System\GxpjXDV.exe
  C:\Windows\System\GxpjXDV.exe
  2⤵
  PID:7116
- C:\Windows\System\BkovHQL.exe
  C:\Windows\System\BkovHQL.exe
  2⤵
  PID:7144
- C:\Windows\System\MCqHxpU.exe
  C:\Windows\System\MCqHxpU.exe
  2⤵
  PID:7160
- C:\Windows\System\uDGWdms.exe
  C:\Windows\System\uDGWdms.exe
  2⤵
  PID:6232
- C:\Windows\System\SYogSbL.exe
  C:\Windows\System\SYogSbL.exe
  2⤵
  PID:6296
- C:\Windows\System\DTFeuMs.exe
  C:\Windows\System\DTFeuMs.exe
  2⤵
  PID:6356
- C:\Windows\System\ImKXchg.exe
  C:\Windows\System\ImKXchg.exe
  2⤵
  PID:6408
- C:\Windows\System\mFHqGDa.exe
  C:\Windows\System\mFHqGDa.exe
  2⤵
  PID:6476
- C:\Windows\System\mTKINgz.exe
  C:\Windows\System\mTKINgz.exe
  2⤵
  PID:6548
- C:\Windows\System\phZxtgh.exe
  C:\Windows\System\phZxtgh.exe
  2⤵
  PID:6600
- C:\Windows\System\pDHnyVj.exe
  C:\Windows\System\pDHnyVj.exe
  2⤵
  PID:6688
- C:\Windows\System\ghhYACk.exe
  C:\Windows\System\ghhYACk.exe
  2⤵
  PID:6760
- C:\Windows\System\OJDkOod.exe
  C:\Windows\System\OJDkOod.exe
  2⤵
  PID:6844
- C:\Windows\System\dgvCOBP.exe
  C:\Windows\System\dgvCOBP.exe
  2⤵
  PID:6924
- C:\Windows\System\zTPNUaD.exe
  C:\Windows\System\zTPNUaD.exe
  2⤵
  PID:6992
- C:\Windows\System\GVUAVYB.exe
  C:\Windows\System\GVUAVYB.exe
  2⤵
  PID:7076
- C:\Windows\System\rVjgyHE.exe
  C:\Windows\System\rVjgyHE.exe
  2⤵
  PID:6160
- C:\Windows\System\FHgwNvj.exe
  C:\Windows\System\FHgwNvj.exe
  2⤵
  PID:6328
- C:\Windows\System\PskTirt.exe
  C:\Windows\System\PskTirt.exe
  2⤵
  PID:6524
- C:\Windows\System\fpsJezI.exe
  C:\Windows\System\fpsJezI.exe
  2⤵
  PID:6732
- C:\Windows\System\OKyyJzc.exe
  C:\Windows\System\OKyyJzc.exe
  2⤵
  PID:6880
- C:\Windows\System\PgwcfNg.exe
  C:\Windows\System\PgwcfNg.exe
  2⤵
  PID:7104
- C:\Windows\System\EdwZDJj.exe
  C:\Windows\System\EdwZDJj.exe
  2⤵
  PID:6200
- C:\Windows\System\EEZFoip.exe
  C:\Windows\System\EEZFoip.exe
  2⤵
  PID:6596
- C:\Windows\System\DEPBekz.exe
  C:\Windows\System\DEPBekz.exe
  2⤵
  PID:6984
- C:\Windows\System\RmJHqcj.exe
  C:\Windows\System\RmJHqcj.exe
  2⤵
  PID:6792
- C:\Windows\System\TJgFeJO.exe
  C:\Windows\System\TJgFeJO.exe
  2⤵
  PID:6580
- C:\Windows\System\AiAbllo.exe
  C:\Windows\System\AiAbllo.exe
  2⤵
  PID:7196
- C:\Windows\System\fStoTDj.exe
  C:\Windows\System\fStoTDj.exe
  2⤵
  PID:7224
- C:\Windows\System\XTDGFJm.exe
  C:\Windows\System\XTDGFJm.exe
  2⤵
  PID:7252
- C:\Windows\System\hspjQMF.exe
  C:\Windows\System\hspjQMF.exe
  2⤵
  PID:7280
- C:\Windows\System\eZzXJGQ.exe
  C:\Windows\System\eZzXJGQ.exe
  2⤵
  PID:7308
- C:\Windows\System\KIvMIYO.exe
  C:\Windows\System\KIvMIYO.exe
  2⤵
  PID:7324
- C:\Windows\System\sEPVMvh.exe
  C:\Windows\System\sEPVMvh.exe
  2⤵
  PID:7364
- C:\Windows\System\IOWhtaF.exe
  C:\Windows\System\IOWhtaF.exe
  2⤵
  PID:7396
- C:\Windows\System\tDYIcmA.exe
  C:\Windows\System\tDYIcmA.exe
  2⤵
  PID:7428
- C:\Windows\System\OEatqZn.exe
  C:\Windows\System\OEatqZn.exe
  2⤵
  PID:7456
- C:\Windows\System\GyVrSeS.exe
  C:\Windows\System\GyVrSeS.exe
  2⤵
  PID:7484
- C:\Windows\System\nTINNBU.exe
  C:\Windows\System\nTINNBU.exe
  2⤵
  PID:7516
- C:\Windows\System\ZMhkBhj.exe
  C:\Windows\System\ZMhkBhj.exe
  2⤵
  PID:7540
- C:\Windows\System\zPELBnM.exe
  C:\Windows\System\zPELBnM.exe
  2⤵
  PID:7556
- C:\Windows\System\SmLzNQv.exe
  C:\Windows\System\SmLzNQv.exe
  2⤵
  PID:7584
- C:\Windows\System\HDHLZGe.exe
  C:\Windows\System\HDHLZGe.exe
  2⤵
  PID:7620
- C:\Windows\System\gFXNCMs.exe
  C:\Windows\System\gFXNCMs.exe
  2⤵
  PID:7652
- C:\Windows\System\LkFaQUb.exe
  C:\Windows\System\LkFaQUb.exe
  2⤵
  PID:7680
- C:\Windows\System\pBYTSjG.exe
  C:\Windows\System\pBYTSjG.exe
  2⤵
  PID:7708
- C:\Windows\System\peWQiOT.exe
  C:\Windows\System\peWQiOT.exe
  2⤵
  PID:7736
- C:\Windows\System\gbeKjIr.exe
  C:\Windows\System\gbeKjIr.exe
  2⤵
  PID:7756
- C:\Windows\System\DEvYMKh.exe
  C:\Windows\System\DEvYMKh.exe
  2⤵
  PID:7780
- C:\Windows\System\vXVpMKd.exe
  C:\Windows\System\vXVpMKd.exe
  2⤵
  PID:7832
- C:\Windows\System\nBNzcVZ.exe
  C:\Windows\System\nBNzcVZ.exe
  2⤵
  PID:7848
- C:\Windows\System\gpFNLiq.exe
  C:\Windows\System\gpFNLiq.exe
  2⤵
  PID:7864
- C:\Windows\System\tOmnDcp.exe
  C:\Windows\System\tOmnDcp.exe
  2⤵
  PID:7888
- C:\Windows\System\JtoUCBl.exe
  C:\Windows\System\JtoUCBl.exe
  2⤵
  PID:7920
- C:\Windows\System\zJnozDW.exe
  C:\Windows\System\zJnozDW.exe
  2⤵
  PID:7956
- C:\Windows\System\xGCbliT.exe
  C:\Windows\System\xGCbliT.exe
  2⤵
  PID:7984
- C:\Windows\System\LIWjFbT.exe
  C:\Windows\System\LIWjFbT.exe
  2⤵
  PID:8004
- C:\Windows\System\whnnWpo.exe
  C:\Windows\System\whnnWpo.exe
  2⤵
  PID:8036
- C:\Windows\System\EqSzIyx.exe
  C:\Windows\System\EqSzIyx.exe
  2⤵
  PID:8072
- C:\Windows\System\poFDDKI.exe
  C:\Windows\System\poFDDKI.exe
  2⤵
  PID:8104
- C:\Windows\System\sHPGEAe.exe
  C:\Windows\System\sHPGEAe.exe
  2⤵
  PID:8128
- C:\Windows\System\DxdPRsM.exe
  C:\Windows\System\DxdPRsM.exe
  2⤵
  PID:8160
- C:\Windows\System\OoEOFsY.exe
  C:\Windows\System\OoEOFsY.exe
  2⤵
  PID:8176
- C:\Windows\System\TsYrVZf.exe
  C:\Windows\System\TsYrVZf.exe
  2⤵
  PID:6448
- C:\Windows\System\cDJgnLw.exe
  C:\Windows\System\cDJgnLw.exe
  2⤵
  PID:7272
- C:\Windows\System\tubVPPg.exe
  C:\Windows\System\tubVPPg.exe
  2⤵
  PID:7320
- C:\Windows\System\ErfDDbY.exe
  C:\Windows\System\ErfDDbY.exe
  2⤵
  PID:6532
- C:\Windows\System\QtpKLUc.exe
  C:\Windows\System\QtpKLUc.exe
  2⤵
  PID:7420
- C:\Windows\System\lsOzEFe.exe
  C:\Windows\System\lsOzEFe.exe
  2⤵
  PID:7496
- C:\Windows\System\MSTZhCT.exe
  C:\Windows\System\MSTZhCT.exe
  2⤵
  PID:7572
- C:\Windows\System\wsiOvMN.exe
  C:\Windows\System\wsiOvMN.exe
  2⤵
  PID:7644
- C:\Windows\System\NVQNQSA.exe
  C:\Windows\System\NVQNQSA.exe
  2⤵
  PID:7720
- C:\Windows\System\XYkRROP.exe
  C:\Windows\System\XYkRROP.exe
  2⤵
  PID:7776
- C:\Windows\System\unTuLjT.exe
  C:\Windows\System\unTuLjT.exe
  2⤵
  PID:7860
- C:\Windows\System\ZMWGZuL.exe
  C:\Windows\System\ZMWGZuL.exe
  2⤵
  PID:7876
- C:\Windows\System\EChHshv.exe
  C:\Windows\System\EChHshv.exe
  2⤵
  PID:7936
- C:\Windows\System\JTzgVjd.exe
  C:\Windows\System\JTzgVjd.exe
  2⤵
  PID:8016
- C:\Windows\System\awZIiLu.exe
  C:\Windows\System\awZIiLu.exe
  2⤵
  PID:8144
- C:\Windows\System\UsRohEM.exe
  C:\Windows\System\UsRohEM.exe
  2⤵
  PID:7180
- C:\Windows\System\ROQekqN.exe
  C:\Windows\System\ROQekqN.exe
  2⤵
  PID:7448
- C:\Windows\System\rwJodym.exe
  C:\Windows\System\rwJodym.exe
  2⤵
  PID:7640
- C:\Windows\System\McZgNkX.exe
  C:\Windows\System\McZgNkX.exe
  2⤵
  PID:7384
- C:\Windows\System\mGUpZQw.exe
  C:\Windows\System\mGUpZQw.exe
  2⤵
  PID:7880
- C:\Windows\System\oRFZzhr.exe
  C:\Windows\System\oRFZzhr.exe
  2⤵
  PID:7828
- C:\Windows\System\lbDHPUX.exe
  C:\Windows\System\lbDHPUX.exe
  2⤵
  PID:8056
- C:\Windows\System\MeNhHAX.exe
  C:\Windows\System\MeNhHAX.exe
  2⤵
  PID:8212
- C:\Windows\System\UKwwzaE.exe
  C:\Windows\System\UKwwzaE.exe
  2⤵
  PID:8248
- C:\Windows\System\CEhaSXM.exe
  C:\Windows\System\CEhaSXM.exe
  2⤵
  PID:8272
- C:\Windows\System\vjkGdjS.exe
  C:\Windows\System\vjkGdjS.exe
  2⤵
  PID:8304
- C:\Windows\System\zZOSMFF.exe
  C:\Windows\System\zZOSMFF.exe
  2⤵
  PID:8336
- C:\Windows\System\yiaRsrF.exe
  C:\Windows\System\yiaRsrF.exe
  2⤵
  PID:8356
- C:\Windows\System\GjqxwMx.exe
  C:\Windows\System\GjqxwMx.exe
  2⤵
  PID:8396
- C:\Windows\System\QCJgruQ.exe
  C:\Windows\System\QCJgruQ.exe
  2⤵
  PID:8428
- C:\Windows\System\JbdykqF.exe
  C:\Windows\System\JbdykqF.exe
  2⤵
  PID:8468
- C:\Windows\System\VYdnBPV.exe
  C:\Windows\System\VYdnBPV.exe
  2⤵
  PID:8492
- C:\Windows\System\JZqLLhy.exe
  C:\Windows\System\JZqLLhy.exe
  2⤵
  PID:8512
- C:\Windows\System\bWINkoP.exe
  C:\Windows\System\bWINkoP.exe
  2⤵
  PID:8544
- C:\Windows\System\gDNAxYd.exe
  C:\Windows\System\gDNAxYd.exe
  2⤵
  PID:8576
- C:\Windows\System\dWYkCYK.exe
  C:\Windows\System\dWYkCYK.exe
  2⤵
  PID:8596
- C:\Windows\System\XHNKrXn.exe
  C:\Windows\System\XHNKrXn.exe
  2⤵
  PID:8632
- C:\Windows\System\LDAfzPQ.exe
  C:\Windows\System\LDAfzPQ.exe
  2⤵
  PID:8652
- C:\Windows\System\tYLzttH.exe
  C:\Windows\System\tYLzttH.exe
  2⤵
  PID:8680
- C:\Windows\System\OFmwQBH.exe
  C:\Windows\System\OFmwQBH.exe
  2⤵
  PID:8720
- C:\Windows\System\yPXKRCT.exe
  C:\Windows\System\yPXKRCT.exe
  2⤵
  PID:8748
- C:\Windows\System\BmqeHgs.exe
  C:\Windows\System\BmqeHgs.exe
  2⤵
  PID:8764
- C:\Windows\System\WnBbxWP.exe
  C:\Windows\System\WnBbxWP.exe
  2⤵
  PID:8796
- C:\Windows\System\zxkLFQN.exe
  C:\Windows\System\zxkLFQN.exe
  2⤵
  PID:8824
- C:\Windows\System\LNJFKci.exe
  C:\Windows\System\LNJFKci.exe
  2⤵
  PID:8852
- C:\Windows\System\zrwTQZC.exe
  C:\Windows\System\zrwTQZC.exe
  2⤵
  PID:8880
- C:\Windows\System\DaNyUAx.exe
  C:\Windows\System\DaNyUAx.exe
  2⤵
  PID:8908
- C:\Windows\System\DxnxBDk.exe
  C:\Windows\System\DxnxBDk.exe
  2⤵
  PID:8936
- C:\Windows\System\bwBRfbm.exe
  C:\Windows\System\bwBRfbm.exe
  2⤵
  PID:8968
- C:\Windows\System\veWQTKp.exe
  C:\Windows\System\veWQTKp.exe
  2⤵
  PID:8996
- C:\Windows\System\CBttlEc.exe
  C:\Windows\System\CBttlEc.exe
  2⤵
  PID:9024
- C:\Windows\System\sSuJFxS.exe
  C:\Windows\System\sSuJFxS.exe
  2⤵
  PID:9052
- C:\Windows\System\yrWDLbN.exe
  C:\Windows\System\yrWDLbN.exe
  2⤵
  PID:9080
- C:\Windows\System\VdgzpJq.exe
  C:\Windows\System\VdgzpJq.exe
  2⤵
  PID:9108
- C:\Windows\System\kuzQGRb.exe
  C:\Windows\System\kuzQGRb.exe
  2⤵
  PID:9136
- C:\Windows\System\lxAgbwB.exe
  C:\Windows\System\lxAgbwB.exe
  2⤵
  PID:9164
- C:\Windows\System\VxLHqTD.exe
  C:\Windows\System\VxLHqTD.exe
  2⤵
  PID:9200
- C:\Windows\System\UcKaSEu.exe
  C:\Windows\System\UcKaSEu.exe
  2⤵
  PID:8196
- C:\Windows\System\nuxCHln.exe
  C:\Windows\System\nuxCHln.exe
  2⤵
  PID:8280
- C:\Windows\System\SnagKan.exe
  C:\Windows\System\SnagKan.exe
  2⤵
  PID:8328
- C:\Windows\System\FNsiWNI.exe
  C:\Windows\System\FNsiWNI.exe
  2⤵
  PID:8420
- C:\Windows\System\xzNWdZz.exe
  C:\Windows\System\xzNWdZz.exe
  2⤵
  PID:8480
- C:\Windows\System\qCnFpXE.exe
  C:\Windows\System\qCnFpXE.exe
  2⤵
  PID:8552
- C:\Windows\System\vtwPINc.exe
  C:\Windows\System\vtwPINc.exe
  2⤵
  PID:8616
- C:\Windows\System\tAtggGg.exe
  C:\Windows\System\tAtggGg.exe
  2⤵
  PID:8676
- C:\Windows\System\jYroXMs.exe
  C:\Windows\System\jYroXMs.exe
  2⤵
  PID:8732
- C:\Windows\System\BRrcdxw.exe
  C:\Windows\System\BRrcdxw.exe
  2⤵
  PID:8032
- C:\Windows\System\TSNtGtm.exe
  C:\Windows\System\TSNtGtm.exe
  2⤵
  PID:8876
- C:\Windows\System\jfSCRjv.exe
  C:\Windows\System\jfSCRjv.exe
  2⤵
  PID:8928
- C:\Windows\System\bdUYkOc.exe
  C:\Windows\System\bdUYkOc.exe
  2⤵
  PID:8992
- C:\Windows\System\FAzNQBz.exe
  C:\Windows\System\FAzNQBz.exe
  2⤵
  PID:9072
- C:\Windows\System\dZWQicf.exe
  C:\Windows\System\dZWQicf.exe
  2⤵
  PID:9128
- C:\Windows\System\XuGmMHJ.exe
  C:\Windows\System\XuGmMHJ.exe
  2⤵
  PID:9188
- C:\Windows\System\GlNmEps.exe
  C:\Windows\System\GlNmEps.exe
  2⤵
  PID:8300
- C:\Windows\System\YHtVbcU.exe
  C:\Windows\System\YHtVbcU.exe
  2⤵
  PID:8452
- C:\Windows\System\wSqfZKK.exe
  C:\Windows\System\wSqfZKK.exe
  2⤵
  PID:8608
- C:\Windows\System\RBrmYGj.exe
  C:\Windows\System\RBrmYGj.exe
  2⤵
  PID:8776
- C:\Windows\System\UuABqOn.exe
  C:\Windows\System\UuABqOn.exe
  2⤵
  PID:8920
- C:\Windows\System\VLBKGDZ.exe
  C:\Windows\System\VLBKGDZ.exe
  2⤵
  PID:9048
- C:\Windows\System\zhxzejR.exe
  C:\Windows\System\zhxzejR.exe
  2⤵
  PID:7844
- C:\Windows\System\FTZGVPD.exe
  C:\Windows\System\FTZGVPD.exe
  2⤵
  PID:8584
- C:\Windows\System\tKhQImE.exe
  C:\Windows\System\tKhQImE.exe
  2⤵
  PID:8904
- C:\Windows\System\regFWIB.exe
  C:\Windows\System\regFWIB.exe
  2⤵
  PID:8728
- C:\Windows\System\NpiOpUi.exe
  C:\Windows\System\NpiOpUi.exe
  2⤵
  PID:9184
- C:\Windows\System\aptNZUG.exe
  C:\Windows\System\aptNZUG.exe
  2⤵
  PID:9044
- C:\Windows\System\fYtuHJZ.exe
  C:\Windows\System\fYtuHJZ.exe
  2⤵
  PID:9248
- C:\Windows\System\CWFhWIL.exe
  C:\Windows\System\CWFhWIL.exe
  2⤵
  PID:9276
- C:\Windows\System\KWXEjHi.exe
  C:\Windows\System\KWXEjHi.exe
  2⤵
  PID:9304
- C:\Windows\System\IdLxWsQ.exe
  C:\Windows\System\IdLxWsQ.exe
  2⤵
  PID:9340
- C:\Windows\System\KVEzkqu.exe
  C:\Windows\System\KVEzkqu.exe
  2⤵
  PID:9360
- C:\Windows\System\gZMIgBu.exe
  C:\Windows\System\gZMIgBu.exe
  2⤵
  PID:9388
- C:\Windows\System\YXoInRq.exe
  C:\Windows\System\YXoInRq.exe
  2⤵
  PID:9416
- C:\Windows\System\WLGYSkL.exe
  C:\Windows\System\WLGYSkL.exe
  2⤵
  PID:9444
- C:\Windows\System\kaWplcD.exe
  C:\Windows\System\kaWplcD.exe
  2⤵
  PID:9472
- C:\Windows\System\aySSJXt.exe
  C:\Windows\System\aySSJXt.exe
  2⤵
  PID:9500
- C:\Windows\System\TqEKhqB.exe
  C:\Windows\System\TqEKhqB.exe
  2⤵
  PID:9532
- C:\Windows\System\HqdhTcb.exe
  C:\Windows\System\HqdhTcb.exe
  2⤵
  PID:9556
- C:\Windows\System\RHcePiW.exe
  C:\Windows\System\RHcePiW.exe
  2⤵
  PID:9584
- C:\Windows\System\wqLhUnA.exe
  C:\Windows\System\wqLhUnA.exe
  2⤵
  PID:9612
- C:\Windows\System\ibnBklK.exe
  C:\Windows\System\ibnBklK.exe
  2⤵
  PID:9640
- C:\Windows\System\faKoXdA.exe
  C:\Windows\System\faKoXdA.exe
  2⤵
  PID:9680
- C:\Windows\System\vjXfFQb.exe
  C:\Windows\System\vjXfFQb.exe
  2⤵
  PID:9696
- C:\Windows\System\WexrzZq.exe
  C:\Windows\System\WexrzZq.exe
  2⤵
  PID:9728
- C:\Windows\System\CWGPqGj.exe
  C:\Windows\System\CWGPqGj.exe
  2⤵
  PID:9756
- C:\Windows\System\mHqZvnZ.exe
  C:\Windows\System\mHqZvnZ.exe
  2⤵
  PID:9784
- C:\Windows\System\xIOlsGW.exe
  C:\Windows\System\xIOlsGW.exe
  2⤵
  PID:9812
- C:\Windows\System\RCsFzzt.exe
  C:\Windows\System\RCsFzzt.exe
  2⤵
  PID:9840
- C:\Windows\System\igfxCWu.exe
  C:\Windows\System\igfxCWu.exe
  2⤵
  PID:9868
- C:\Windows\System\HQpAxxE.exe
  C:\Windows\System\HQpAxxE.exe
  2⤵
  PID:9908
- C:\Windows\System\CiDWtFU.exe
  C:\Windows\System\CiDWtFU.exe
  2⤵
  PID:9932
- C:\Windows\System\TPBiGSs.exe
  C:\Windows\System\TPBiGSs.exe
  2⤵
  PID:9980
- C:\Windows\System\fYnzLlC.exe
  C:\Windows\System\fYnzLlC.exe
  2⤵
  PID:10012
- C:\Windows\System\SiNmgWH.exe
  C:\Windows\System\SiNmgWH.exe
  2⤵
  PID:10040
- C:\Windows\System\sMbYRaa.exe
  C:\Windows\System\sMbYRaa.exe
  2⤵
  PID:10084
- C:\Windows\System\BARrvWu.exe
  C:\Windows\System\BARrvWu.exe
  2⤵
  PID:10100
- C:\Windows\System\BvXBExx.exe
  C:\Windows\System\BvXBExx.exe
  2⤵
  PID:10128
- C:\Windows\System\hzhVyBx.exe
  C:\Windows\System\hzhVyBx.exe
  2⤵
  PID:10148
- C:\Windows\System\pNqOwsZ.exe
  C:\Windows\System\pNqOwsZ.exe
  2⤵
  PID:10188
- C:\Windows\System\qagRtyl.exe
  C:\Windows\System\qagRtyl.exe
  2⤵
  PID:10216
- C:\Windows\System\SYlwrGB.exe
  C:\Windows\System\SYlwrGB.exe
  2⤵
  PID:9228
- C:\Windows\System\BhJldah.exe
  C:\Windows\System\BhJldah.exe
  2⤵
  PID:5072
- C:\Windows\System\DodVTKz.exe
  C:\Windows\System\DodVTKz.exe
  2⤵
  PID:3436
- C:\Windows\System\usrzWFx.exe
  C:\Windows\System\usrzWFx.exe
  2⤵
  PID:9300
- C:\Windows\System\EFmYrJn.exe
  C:\Windows\System\EFmYrJn.exe
  2⤵
  PID:9380
- C:\Windows\System\YhOgAJo.exe
  C:\Windows\System\YhOgAJo.exe
  2⤵
  PID:9436
- C:\Windows\System\gUdtkhN.exe
  C:\Windows\System\gUdtkhN.exe
  2⤵
  PID:9496
- C:\Windows\System\bunHRPc.exe
  C:\Windows\System\bunHRPc.exe
  2⤵
  PID:9552
- C:\Windows\System\adiYSbs.exe
  C:\Windows\System\adiYSbs.exe
  2⤵
  PID:9624
- C:\Windows\System\bFiCtHo.exe
  C:\Windows\System\bFiCtHo.exe
  2⤵
  PID:9688
- C:\Windows\System\VRdlWeB.exe
  C:\Windows\System\VRdlWeB.exe
  2⤵
  PID:9768
- C:\Windows\System\tKcGZSq.exe
  C:\Windows\System\tKcGZSq.exe
  2⤵
  PID:9892
- C:\Windows\System\CaUJkJX.exe
  C:\Windows\System\CaUJkJX.exe
  2⤵
  PID:10004
- C:\Windows\System\UHCuCzA.exe
  C:\Windows\System\UHCuCzA.exe
  2⤵
  PID:10080
- C:\Windows\System\VrTTNzl.exe
  C:\Windows\System\VrTTNzl.exe
  2⤵
  PID:10180
- C:\Windows\System\VpNguZM.exe
  C:\Windows\System\VpNguZM.exe
  2⤵
  PID:3060
- C:\Windows\System\ASUjppR.exe
  C:\Windows\System\ASUjppR.exe
  2⤵
  PID:2560
- C:\Windows\System\hQpdEEF.exe
  C:\Windows\System\hQpdEEF.exe
  2⤵
  PID:9352
- C:\Windows\System\WkdLOBl.exe
  C:\Windows\System\WkdLOBl.exe
  2⤵
  PID:9484
- C:\Windows\System\FABvftg.exe
  C:\Windows\System\FABvftg.exe
  2⤵
  PID:9608
- C:\Windows\System\zWXiLRf.exe
  C:\Windows\System\zWXiLRf.exe
  2⤵
  PID:9748
- C:\Windows\System\sYJazEj.exe
  C:\Windows\System\sYJazEj.exe
  2⤵
  PID:1572
- C:\Windows\System\zTeuAvV.exe
  C:\Windows\System\zTeuAvV.exe
  2⤵
  PID:10052
- C:\Windows\System\FtMIyPY.exe
  C:\Windows\System\FtMIyPY.exe
  2⤵
  PID:10236
- C:\Windows\System\PJsrCXW.exe
  C:\Windows\System\PJsrCXW.exe
  2⤵
  PID:9428
- C:\Windows\System\UCPFQLs.exe
  C:\Windows\System\UCPFQLs.exe
  2⤵
  PID:9720
- C:\Windows\System\RnYADbj.exe
  C:\Windows\System\RnYADbj.exe
  2⤵
  PID:10032
- C:\Windows\System\iiKZNue.exe
  C:\Windows\System\iiKZNue.exe
  2⤵
  PID:5456
- C:\Windows\System\MFPZTzj.exe
  C:\Windows\System\MFPZTzj.exe
  2⤵
  PID:4260
- C:\Windows\System\fzDdiFN.exe
  C:\Windows\System\fzDdiFN.exe
  2⤵
  PID:10228
- C:\Windows\System\hHXkVgZ.exe
  C:\Windows\System\hHXkVgZ.exe
  2⤵
  PID:10252
- C:\Windows\System\GOHuCaU.exe
  C:\Windows\System\GOHuCaU.exe
  2⤵
  PID:10268
- C:\Windows\System\pdFcKqI.exe
  C:\Windows\System\pdFcKqI.exe
  2⤵
  PID:10300
- C:\Windows\System\GgVXrbI.exe
  C:\Windows\System\GgVXrbI.exe
  2⤵
  PID:10324
- C:\Windows\System\hqeNTPX.exe
  C:\Windows\System\hqeNTPX.exe
  2⤵
  PID:10360
- C:\Windows\System\ZOmURhl.exe
  C:\Windows\System\ZOmURhl.exe
  2⤵
  PID:10384
- C:\Windows\System\mGWEhuC.exe
  C:\Windows\System\mGWEhuC.exe
  2⤵
  PID:10424
- C:\Windows\System\fvCuURq.exe
  C:\Windows\System\fvCuURq.exe
  2⤵
  PID:10440
- C:\Windows\System\DwoRRSF.exe
  C:\Windows\System\DwoRRSF.exe
  2⤵
  PID:10476
- C:\Windows\System\wgGGvqi.exe
  C:\Windows\System\wgGGvqi.exe
  2⤵
  PID:10504
- C:\Windows\System\HIGCxbq.exe
  C:\Windows\System\HIGCxbq.exe
  2⤵
  PID:10544
- C:\Windows\System\RvxRZGT.exe
  C:\Windows\System\RvxRZGT.exe
  2⤵
  PID:10572
- C:\Windows\System\hPqrPIF.exe
  C:\Windows\System\hPqrPIF.exe
  2⤵
  PID:10588
- C:\Windows\System\AjWoAeO.exe
  C:\Windows\System\AjWoAeO.exe
  2⤵
  PID:10620
- C:\Windows\System\PCmZUpk.exe
  C:\Windows\System\PCmZUpk.exe
  2⤵
  PID:10644
- C:\Windows\System\pchiGsN.exe
  C:\Windows\System\pchiGsN.exe
  2⤵
  PID:10672
- C:\Windows\System\bEGhdQR.exe
  C:\Windows\System\bEGhdQR.exe
  2⤵
  PID:10700
- C:\Windows\System\UiAGpWR.exe
  C:\Windows\System\UiAGpWR.exe
  2⤵
  PID:10728
- C:\Windows\System\HhGthMg.exe
  C:\Windows\System\HhGthMg.exe
  2⤵
  PID:10756
- C:\Windows\System\pftvfwC.exe
  C:\Windows\System\pftvfwC.exe
  2⤵
  PID:10784
- C:\Windows\System\qZGIMJT.exe
  C:\Windows\System\qZGIMJT.exe
  2⤵
  PID:10812
- C:\Windows\System\LlQuLoW.exe
  C:\Windows\System\LlQuLoW.exe
  2⤵
  PID:10840
- C:\Windows\System\BUiRoqb.exe
  C:\Windows\System\BUiRoqb.exe
  2⤵
  PID:10868
- C:\Windows\System\BqfXsrW.exe
  C:\Windows\System\BqfXsrW.exe
  2⤵
  PID:10896
- C:\Windows\System\ETzzEsZ.exe
  C:\Windows\System\ETzzEsZ.exe
  2⤵
  PID:10924
- C:\Windows\System\oOzaPpk.exe
  C:\Windows\System\oOzaPpk.exe
  2⤵
  PID:10952
- C:\Windows\System\QVJElQX.exe
  C:\Windows\System\QVJElQX.exe
  2⤵
  PID:10980
- C:\Windows\System\dupOLvM.exe
  C:\Windows\System\dupOLvM.exe
  2⤵
  PID:11012
- C:\Windows\System\eFPwUQT.exe
  C:\Windows\System\eFPwUQT.exe
  2⤵
  PID:11040
- C:\Windows\System\XEOYLeK.exe
  C:\Windows\System\XEOYLeK.exe
  2⤵
  PID:11068
- C:\Windows\System\GCOzFwr.exe
  C:\Windows\System\GCOzFwr.exe
  2⤵
  PID:11096
- C:\Windows\System\TfHMlMx.exe
  C:\Windows\System\TfHMlMx.exe
  2⤵
  PID:11124
- C:\Windows\System\NKESwDz.exe
  C:\Windows\System\NKESwDz.exe
  2⤵
  PID:11152
- C:\Windows\System\QCTmwEc.exe
  C:\Windows\System\QCTmwEc.exe
  2⤵
  PID:11180
- C:\Windows\System\EjIoyuq.exe
  C:\Windows\System\EjIoyuq.exe
  2⤵
  PID:11208
- C:\Windows\System\BCTetha.exe
  C:\Windows\System\BCTetha.exe
  2⤵
  PID:11240
- C:\Windows\System\Ujrdrxf.exe
  C:\Windows\System\Ujrdrxf.exe
  2⤵
  PID:9664
- C:\Windows\System\JAeiSEC.exe
  C:\Windows\System\JAeiSEC.exe
  2⤵
  PID:10308
- C:\Windows\System\SlzdNIu.exe
  C:\Windows\System\SlzdNIu.exe
  2⤵
  PID:4476
- C:\Windows\System\scGmOzt.exe
  C:\Windows\System\scGmOzt.exe
  2⤵
  PID:10420
- C:\Windows\System\sChiIIG.exe
  C:\Windows\System\sChiIIG.exe
  2⤵
  PID:10496
- C:\Windows\System\eybZMll.exe
  C:\Windows\System\eybZMll.exe
  2⤵
  PID:10528
- C:\Windows\System\iYrmnGF.exe
  C:\Windows\System\iYrmnGF.exe
  2⤵
  PID:10608
- C:\Windows\System\xEkHAmj.exe
  C:\Windows\System\xEkHAmj.exe
  2⤵
  PID:10668
- C:\Windows\System\AAYyFxi.exe
  C:\Windows\System\AAYyFxi.exe
  2⤵
  PID:10740
- C:\Windows\System\ovNHWiE.exe
  C:\Windows\System\ovNHWiE.exe
  2⤵
  PID:10804
- C:\Windows\System\tHDIrZX.exe
  C:\Windows\System\tHDIrZX.exe
  2⤵
  PID:10864
- C:\Windows\System\nbYvyhR.exe
  C:\Windows\System\nbYvyhR.exe
  2⤵
  PID:10936
- C:\Windows\System\nXvEMfk.exe
  C:\Windows\System\nXvEMfk.exe
  2⤵
  PID:11004
- C:\Windows\System\udaUAGJ.exe
  C:\Windows\System\udaUAGJ.exe
  2⤵
  PID:10456
- C:\Windows\System\gRQKbEs.exe
  C:\Windows\System\gRQKbEs.exe
  2⤵
  PID:11120
- C:\Windows\System\SYthrrw.exe
  C:\Windows\System\SYthrrw.exe
  2⤵
  PID:11176
- C:\Windows\System\cHQIJfw.exe
  C:\Windows\System\cHQIJfw.exe
  2⤵
  PID:11260
- C:\Windows\System\tBBzKEm.exe
  C:\Windows\System\tBBzKEm.exe
  2⤵
  PID:10368
- C:\Windows\System\qekvKfL.exe
  C:\Windows\System\qekvKfL.exe
  2⤵
  PID:10516
- C:\Windows\System\xixRaac.exe
  C:\Windows\System\xixRaac.exe
  2⤵
  PID:10656
- C:\Windows\System\VwQIoIR.exe
  C:\Windows\System\VwQIoIR.exe
  2⤵
  PID:1180
- C:\Windows\System\viGKlNk.exe
  C:\Windows\System\viGKlNk.exe
  2⤵
  PID:10916
- C:\Windows\System\FomSpNh.exe
  C:\Windows\System\FomSpNh.exe
  2⤵
  PID:11092
- C:\Windows\System\WWNlwfj.exe
  C:\Windows\System\WWNlwfj.exe
  2⤵
  PID:11204
- C:\Windows\System\LEpIlFe.exe
  C:\Windows\System\LEpIlFe.exe
  2⤵
  PID:10436
- C:\Windows\System\QDFKJka.exe
  C:\Windows\System\QDFKJka.exe
  2⤵
  PID:2588
- C:\Windows\System\HeeSyyu.exe
  C:\Windows\System\HeeSyyu.exe
  2⤵
  PID:11036
- C:\Windows\System\VVAZuvC.exe
  C:\Windows\System\VVAZuvC.exe
  2⤵
  PID:10600
- C:\Windows\System\eHqIQSV.exe
  C:\Windows\System\eHqIQSV.exe
  2⤵
  PID:10348
- C:\Windows\System\wBMHpty.exe
  C:\Windows\System\wBMHpty.exe
  2⤵
  PID:11280
- C:\Windows\System\mnBrJuv.exe
  C:\Windows\System\mnBrJuv.exe
  2⤵
  PID:11308
- C:\Windows\System\PAEmWlq.exe
  C:\Windows\System\PAEmWlq.exe
  2⤵
  PID:11336
- C:\Windows\System\jLXmFlk.exe
  C:\Windows\System\jLXmFlk.exe
  2⤵
  PID:11364
- C:\Windows\System\BUlnQvr.exe
  C:\Windows\System\BUlnQvr.exe
  2⤵
  PID:11392
- C:\Windows\System\sSaPnuI.exe
  C:\Windows\System\sSaPnuI.exe
  2⤵
  PID:11420
- C:\Windows\System\qtPVCvh.exe
  C:\Windows\System\qtPVCvh.exe
  2⤵
  PID:11452
- C:\Windows\System\qzSPeCi.exe
  C:\Windows\System\qzSPeCi.exe
  2⤵
  PID:11492
- C:\Windows\System\LRtmwyj.exe
  C:\Windows\System\LRtmwyj.exe
  2⤵
  PID:11516
- C:\Windows\System\sxGVRMH.exe
  C:\Windows\System\sxGVRMH.exe
  2⤵
  PID:11536
- C:\Windows\System\zWNrFjt.exe
  C:\Windows\System\zWNrFjt.exe
  2⤵
  PID:11564
- C:\Windows\System\LSbQGQY.exe
  C:\Windows\System\LSbQGQY.exe
  2⤵
  PID:11592
- C:\Windows\System\DFJVyzX.exe
  C:\Windows\System\DFJVyzX.exe
  2⤵
  PID:11620
- C:\Windows\System\HeVqaQN.exe
  C:\Windows\System\HeVqaQN.exe
  2⤵
  PID:11648
- C:\Windows\System\dlHsIIO.exe
  C:\Windows\System\dlHsIIO.exe
  2⤵
  PID:11676
- C:\Windows\System\WiGNfjq.exe
  C:\Windows\System\WiGNfjq.exe
  2⤵
  PID:11692
- C:\Windows\System\cKnGvMk.exe
  C:\Windows\System\cKnGvMk.exe
  2⤵
  PID:11708
- C:\Windows\System\eoYcCrV.exe
  C:\Windows\System\eoYcCrV.exe
  2⤵
  PID:11732
- C:\Windows\System\kVlHwbm.exe
  C:\Windows\System\kVlHwbm.exe
  2⤵
  PID:11800
- C:\Windows\System\IlfYUpW.exe
  C:\Windows\System\IlfYUpW.exe
  2⤵
  PID:11828
- C:\Windows\System\qlEFQjt.exe
  C:\Windows\System\qlEFQjt.exe
  2⤵
  PID:11884
- C:\Windows\System\vVZDQCi.exe
  C:\Windows\System\vVZDQCi.exe
  2⤵
  PID:11920
- C:\Windows\System\IYxPDKG.exe
  C:\Windows\System\IYxPDKG.exe
  2⤵
  PID:11944
- C:\Windows\System\KlfHlLE.exe
  C:\Windows\System\KlfHlLE.exe
  2⤵
  PID:11972
- C:\Windows\System\zFpKges.exe
  C:\Windows\System\zFpKges.exe
  2⤵
  PID:12000
- C:\Windows\System\ShauvHC.exe
  C:\Windows\System\ShauvHC.exe
  2⤵
  PID:12032
- C:\Windows\System\PCJrEUm.exe
  C:\Windows\System\PCJrEUm.exe
  2⤵
  PID:12060
- C:\Windows\System\GBeghDF.exe
  C:\Windows\System\GBeghDF.exe
  2⤵
  PID:12088
- C:\Windows\System\NmovAlZ.exe
  C:\Windows\System\NmovAlZ.exe
  2⤵
  PID:12116
- C:\Windows\System\iqAvLeo.exe
  C:\Windows\System\iqAvLeo.exe
  2⤵
  PID:12144
- C:\Windows\System\dWHebtd.exe
  C:\Windows\System\dWHebtd.exe
  2⤵
  PID:12172
- C:\Windows\System\kNLZaVL.exe
  C:\Windows\System\kNLZaVL.exe
  2⤵
  PID:12200
- C:\Windows\System\BsyejjE.exe
  C:\Windows\System\BsyejjE.exe
  2⤵
  PID:12228
- C:\Windows\System\XRRbgWo.exe
  C:\Windows\System\XRRbgWo.exe
  2⤵
  PID:12268
- C:\Windows\System\YsuwvHJ.exe
  C:\Windows\System\YsuwvHJ.exe
  2⤵
  PID:12284
- C:\Windows\System\qtHEXpB.exe
  C:\Windows\System\qtHEXpB.exe
  2⤵
  PID:11320
- C:\Windows\System\PVdTYGZ.exe
  C:\Windows\System\PVdTYGZ.exe
  2⤵
  PID:11384
- C:\Windows\System\sVNVkRA.exe
  C:\Windows\System\sVNVkRA.exe
  2⤵
  PID:11448
- C:\Windows\System\OutVguy.exe
  C:\Windows\System\OutVguy.exe
  2⤵
  PID:11524
- C:\Windows\System\XhpMeGu.exe
  C:\Windows\System\XhpMeGu.exe
  2⤵
  PID:11584
- C:\Windows\System\ywErTTj.exe
  C:\Windows\System\ywErTTj.exe
  2⤵
  PID:11644
- C:\Windows\System\guHYVSj.exe
  C:\Windows\System\guHYVSj.exe
  2⤵
  PID:11720
- C:\Windows\System\aTPqwBF.exe
  C:\Windows\System\aTPqwBF.exe
  2⤵
  PID:11780
- C:\Windows\System\obHEgxE.exe
  C:\Windows\System\obHEgxE.exe
  2⤵
  PID:3552
- C:\Windows\System\TOSNoln.exe
  C:\Windows\System\TOSNoln.exe
  2⤵
  PID:9852
- C:\Windows\System\XFfgnUx.exe
  C:\Windows\System\XFfgnUx.exe
  2⤵
  PID:9836
- C:\Windows\System\DaZjvbL.exe
  C:\Windows\System\DaZjvbL.exe
  2⤵
  PID:11956
- C:\Windows\System\EssgJdK.exe
  C:\Windows\System\EssgJdK.exe
  2⤵
  PID:12012
- C:\Windows\System\FkCMStv.exe
  C:\Windows\System\FkCMStv.exe
  2⤵
  PID:12020
- C:\Windows\System\CvzlkUU.exe
  C:\Windows\System\CvzlkUU.exe
  2⤵
  PID:12128
- C:\Windows\System\rMRRPWZ.exe
  C:\Windows\System\rMRRPWZ.exe
  2⤵
  PID:12196
- C:\Windows\System\DJNWPCy.exe
  C:\Windows\System\DJNWPCy.exe
  2⤵
  PID:12252
- C:\Windows\System\VMtoyfj.exe
  C:\Windows\System\VMtoyfj.exe
  2⤵
  PID:11348
- C:\Windows\System\wglmLEl.exe
  C:\Windows\System\wglmLEl.exe
  2⤵
  PID:11488
- C:\Windows\System\TPrREuW.exe
  C:\Windows\System\TPrREuW.exe
  2⤵
  PID:11632
- C:\Windows\System\jDWAWMr.exe
  C:\Windows\System\jDWAWMr.exe
  2⤵
  PID:4584
- C:\Windows\System\DfjwMIV.exe
  C:\Windows\System\DfjwMIV.exe
  2⤵
  PID:9860
- C:\Windows\System\wqqqVrs.exe
  C:\Windows\System\wqqqVrs.exe
  2⤵
  PID:11936
- C:\Windows\System\tSEYxdl.exe
  C:\Windows\System\tSEYxdl.exe
  2⤵
  PID:12084
- C:\Windows\System\SjqFCVy.exe
  C:\Windows\System\SjqFCVy.exe
  2⤵
  PID:12280
- C:\Windows\System\WNhGTFw.exe
  C:\Windows\System\WNhGTFw.exe
  2⤵
  PID:11444
- C:\Windows\System\ddBhTzo.exe
  C:\Windows\System\ddBhTzo.exe
  2⤵
  PID:10160
- C:\Windows\System\JVUifaH.exe
  C:\Windows\System\JVUifaH.exe
  2⤵
  PID:12052
- C:\Windows\System\MEpOJsq.exe
  C:\Windows\System\MEpOJsq.exe
  2⤵
  PID:11432
- C:\Windows\System\rrEIXZE.exe
  C:\Windows\System\rrEIXZE.exe
  2⤵
  PID:12184
- C:\Windows\System\AEUTUjD.exe
  C:\Windows\System\AEUTUjD.exe
  2⤵
  PID:11996
- C:\Windows\System\kQTcjPH.exe
  C:\Windows\System\kQTcjPH.exe
  2⤵
  PID:12316
- C:\Windows\System\iSPYTve.exe
  C:\Windows\System\iSPYTve.exe
  2⤵
  PID:12344
- C:\Windows\System\tHBXxhL.exe
  C:\Windows\System\tHBXxhL.exe
  2⤵
  PID:12372
- C:\Windows\System\RWiLAJp.exe
  C:\Windows\System\RWiLAJp.exe
  2⤵
  PID:12400
- C:\Windows\System\bfvrgid.exe
  C:\Windows\System\bfvrgid.exe
  2⤵
  PID:12428
- C:\Windows\System\VaFLFax.exe
  C:\Windows\System\VaFLFax.exe
  2⤵
  PID:12456
- C:\Windows\System\EZWqxEt.exe
  C:\Windows\System\EZWqxEt.exe
  2⤵
  PID:12484
- C:\Windows\System\zAthMnd.exe
  C:\Windows\System\zAthMnd.exe
  2⤵
  PID:12512
- C:\Windows\System\MPGXiMu.exe
  C:\Windows\System\MPGXiMu.exe
  2⤵
  PID:12544
- C:\Windows\System\bALZsJQ.exe
  C:\Windows\System\bALZsJQ.exe
  2⤵
  PID:12572
- C:\Windows\System\uYxhdMK.exe
  C:\Windows\System\uYxhdMK.exe
  2⤵
  PID:12600
- C:\Windows\System\nKNSyXR.exe
  C:\Windows\System\nKNSyXR.exe
  2⤵
  PID:12636
- C:\Windows\System\WyHrGxk.exe
  C:\Windows\System\WyHrGxk.exe
  2⤵
  PID:12668
- C:\Windows\System\NVTEaCZ.exe
  C:\Windows\System\NVTEaCZ.exe
  2⤵
  PID:12700
- C:\Windows\System\JQIaFLF.exe
  C:\Windows\System\JQIaFLF.exe
  2⤵
  PID:12724
- C:\Windows\System\fmoXQDD.exe
  C:\Windows\System\fmoXQDD.exe
  2⤵
  PID:12752
- C:\Windows\System\LMNZcVI.exe
  C:\Windows\System\LMNZcVI.exe
  2⤵
  PID:12772
- C:\Windows\System\VpQHAKF.exe
  C:\Windows\System\VpQHAKF.exe
  2⤵
  PID:12800
- C:\Windows\System\gXZhzqT.exe
  C:\Windows\System\gXZhzqT.exe
  2⤵
  PID:12828
- C:\Windows\System\BnhbqFP.exe
  C:\Windows\System\BnhbqFP.exe
  2⤵
  PID:12856
- C:\Windows\System\xQBTdPC.exe
  C:\Windows\System\xQBTdPC.exe
  2⤵
  PID:12884
- C:\Windows\System\IdQsfAu.exe
  C:\Windows\System\IdQsfAu.exe
  2⤵
  PID:12912
- C:\Windows\System\wHIHtjm.exe
  C:\Windows\System\wHIHtjm.exe
  2⤵
  PID:12956
- C:\Windows\System\jdKsYxV.exe
  C:\Windows\System\jdKsYxV.exe
  2⤵
  PID:12980
- C:\Windows\System\pjnHHog.exe
  C:\Windows\System\pjnHHog.exe
  2⤵
  PID:13000
- C:\Windows\System\oEMNrfX.exe
  C:\Windows\System\oEMNrfX.exe
  2⤵
  PID:13028
- C:\Windows\System\nUOATYD.exe
  C:\Windows\System\nUOATYD.exe
  2⤵
  PID:13056
- C:\Windows\System\SHkdvvX.exe
  C:\Windows\System\SHkdvvX.exe
  2⤵
  PID:13088
- C:\Windows\System\KZyEVyb.exe
  C:\Windows\System\KZyEVyb.exe
  2⤵
  PID:13112
- C:\Windows\System\PoXqCvy.exe
  C:\Windows\System\PoXqCvy.exe
  2⤵
  PID:13140
- C:\Windows\System\vmCAdUN.exe
  C:\Windows\System\vmCAdUN.exe
  2⤵
  PID:13168
- C:\Windows\System\FVdEPoy.exe
  C:\Windows\System\FVdEPoy.exe
  2⤵
  PID:13196
- C:\Windows\System\LYqFScb.exe
  C:\Windows\System\LYqFScb.exe
  2⤵
  PID:13228
- C:\Windows\System\yumkbrj.exe
  C:\Windows\System\yumkbrj.exe
  2⤵
  PID:13256
- C:\Windows\System\xOxibPj.exe
  C:\Windows\System\xOxibPj.exe
  2⤵
  PID:13284
- C:\Windows\System\hqHTyiI.exe
  C:\Windows\System\hqHTyiI.exe
  2⤵
  PID:11700
- C:\Windows\System\hATEFNs.exe
  C:\Windows\System\hATEFNs.exe
  2⤵
  PID:12340
- C:\Windows\System\qKGBevt.exe
  C:\Windows\System\qKGBevt.exe
  2⤵
  PID:12412
- C:\Windows\System\guplmLB.exe
  C:\Windows\System\guplmLB.exe
  2⤵
  PID:12476
- C:\Windows\System\kMFRKnx.exe
  C:\Windows\System\kMFRKnx.exe
  2⤵
  PID:12556
- C:\Windows\System\nQLEqvp.exe
  C:\Windows\System\nQLEqvp.exe
  2⤵
  PID:12596
- C:\Windows\System\HNgFqiO.exe
  C:\Windows\System\HNgFqiO.exe
  2⤵
  PID:12676
- C:\Windows\System\ChJdZYa.exe
  C:\Windows\System\ChJdZYa.exe
  2⤵
  PID:12736
- C:\Windows\System\MlwLlRa.exe
  C:\Windows\System\MlwLlRa.exe
  2⤵
  PID:12796
- C:\Windows\System\FQJMTrp.exe
  C:\Windows\System\FQJMTrp.exe
  2⤵
  PID:12868
- C:\Windows\System\dqhtHzn.exe
  C:\Windows\System\dqhtHzn.exe
  2⤵
  PID:12932
- C:\Windows\System\ZrlAjBS.exe
  C:\Windows\System\ZrlAjBS.exe
  2⤵
  PID:12996
- C:\Windows\System\iFlAFUQ.exe
  C:\Windows\System\iFlAFUQ.exe
  2⤵
  PID:13052
- C:\Windows\System\kqiKtAc.exe
  C:\Windows\System\kqiKtAc.exe
  2⤵
  PID:13124
- C:\Windows\System\pSkMQZy.exe
  C:\Windows\System\pSkMQZy.exe
  2⤵
  PID:5368
- C:\Windows\System\BwKsYhq.exe
  C:\Windows\System\BwKsYhq.exe
  2⤵
  PID:13192
- C:\Windows\System\KOgTKdW.exe
  C:\Windows\System\KOgTKdW.exe
  2⤵
  PID:13268
- C:\Windows\System\bbFNGoI.exe
  C:\Windows\System\bbFNGoI.exe
  2⤵
  PID:12328
- C:\Windows\System\BDaHZDU.exe
  C:\Windows\System\BDaHZDU.exe
  2⤵
  PID:12524
- C:\Windows\System\tCWWeEq.exe
  C:\Windows\System\tCWWeEq.exe
  2⤵
  PID:12648
- C:\Windows\System\xLpKgrz.exe
  C:\Windows\System\xLpKgrz.exe
  2⤵
  PID:12784
- C:\Windows\System\qAENtHy.exe
  C:\Windows\System\qAENtHy.exe
  2⤵
  PID:12924
- C:\Windows\System\imcNgdr.exe
  C:\Windows\System\imcNgdr.exe
  2⤵
  PID:13080
- C:\Windows\System\Ysqozip.exe
  C:\Windows\System\Ysqozip.exe
  2⤵
  PID:13180
- C:\Windows\System\OAdmKkF.exe
  C:\Windows\System\OAdmKkF.exe
  2⤵
  PID:12312
- C:\Windows\System\uRWyumM.exe
  C:\Windows\System\uRWyumM.exe
  2⤵
  PID:12684
- C:\Windows\System\MmuiQNO.exe
  C:\Windows\System\MmuiQNO.exe
  2⤵
  PID:13040
- C:\Windows\System\AEKhBNO.exe
  C:\Windows\System\AEKhBNO.exe
  2⤵
  PID:13308
- C:\Windows\System\sYJIyRo.exe
  C:\Windows\System\sYJIyRo.exe
  2⤵
  PID:5380
- C:\Windows\System\YCfgBIW.exe
  C:\Windows\System\YCfgBIW.exe
  2⤵
  PID:12908
- C:\Windows\System\CdNFQbN.exe
  C:\Windows\System\CdNFQbN.exe
  2⤵
  PID:13340
- C:\Windows\System\prxZzCa.exe
  C:\Windows\System\prxZzCa.exe
  2⤵
  PID:13368
- C:\Windows\System\yACyKDJ.exe
  C:\Windows\System\yACyKDJ.exe
  2⤵
  PID:13396
- C:\Windows\System\ZYGKVnx.exe
  C:\Windows\System\ZYGKVnx.exe
  2⤵
  PID:13424
- C:\Windows\System\IDFBCtj.exe
  C:\Windows\System\IDFBCtj.exe
  2⤵
  PID:13452
- C:\Windows\System\jIZflyk.exe
  C:\Windows\System\jIZflyk.exe
  2⤵
  PID:13480
- C:\Windows\System\MfbxvLI.exe
  C:\Windows\System\MfbxvLI.exe
  2⤵
  PID:13508
- C:\Windows\System\VQIlIXB.exe
  C:\Windows\System\VQIlIXB.exe
  2⤵
  PID:13536
- C:\Windows\System\olJTDXV.exe
  C:\Windows\System\olJTDXV.exe
  2⤵
  PID:13572
- C:\Windows\System\ctuKzQX.exe
  C:\Windows\System\ctuKzQX.exe
  2⤵
  PID:13592
- C:\Windows\System\rgigzUr.exe
  C:\Windows\System\rgigzUr.exe
  2⤵
  PID:13620
- C:\Windows\System\MNitMfL.exe
  C:\Windows\System\MNitMfL.exe
  2⤵
  PID:13648
- C:\Windows\System\YVcgzzL.exe
  C:\Windows\System\YVcgzzL.exe
  2⤵
  PID:13676
- C:\Windows\System\FGUOajS.exe
  C:\Windows\System\FGUOajS.exe
  2⤵
  PID:13704
- C:\Windows\System\mHTKBAm.exe
  C:\Windows\System\mHTKBAm.exe
  2⤵
  PID:13732
- C:\Windows\System\agKicfp.exe
  C:\Windows\System\agKicfp.exe
  2⤵
  PID:13772
- C:\Windows\System\rLGfTwl.exe
  C:\Windows\System\rLGfTwl.exe
  2⤵
  PID:13804
- C:\Windows\System\BFmkQzs.exe
  C:\Windows\System\BFmkQzs.exe
  2⤵
  PID:13828
- C:\Windows\System\vamhyPU.exe
  C:\Windows\System\vamhyPU.exe
  2⤵
  PID:13852
- C:\Windows\System\gEfbXoa.exe
  C:\Windows\System\gEfbXoa.exe
  2⤵
  PID:13880
- C:\Windows\System\xJyMzdW.exe
  C:\Windows\System\xJyMzdW.exe
  2⤵
  PID:13908
- C:\Windows\System\ywnnNiL.exe
  C:\Windows\System\ywnnNiL.exe
  2⤵
  PID:13936
- C:\Windows\System\EQcthvZ.exe
  C:\Windows\System\EQcthvZ.exe
  2⤵
  PID:13964
- C:\Windows\System\rqohjkE.exe
  C:\Windows\System\rqohjkE.exe
  2⤵
  PID:13992
- C:\Windows\System\giIdkcC.exe
  C:\Windows\System\giIdkcC.exe
  2⤵
  PID:14020
- C:\Windows\System\EHVbcef.exe
  C:\Windows\System\EHVbcef.exe
  2⤵
  PID:14048
- C:\Windows\System\ttktojJ.exe
  C:\Windows\System\ttktojJ.exe
  2⤵
  PID:14076
- C:\Windows\System\AaYbTws.exe
  C:\Windows\System\AaYbTws.exe
  2⤵
  PID:14112
- C:\Windows\System\OJYtPzE.exe
  C:\Windows\System\OJYtPzE.exe
  2⤵
  PID:14132
- C:\Windows\System\OqKhrxq.exe
  C:\Windows\System\OqKhrxq.exe
  2⤵
  PID:14160
- C:\Windows\System\sRccRmg.exe
  C:\Windows\System\sRccRmg.exe
  2⤵
  PID:14188
- C:\Windows\System\xcqArxA.exe
  C:\Windows\System\xcqArxA.exe
  2⤵
  PID:14220
- C:\Windows\System\DLcUqte.exe
  C:\Windows\System\DLcUqte.exe
  2⤵
  PID:14248
- C:\Windows\System\SRaggcn.exe
  C:\Windows\System\SRaggcn.exe
  2⤵
  PID:14280
- C:\Windows\System\pdaqFav.exe
  C:\Windows\System\pdaqFav.exe
  2⤵
  PID:14308
- C:\Windows\System\mobjmuT.exe
  C:\Windows\System\mobjmuT.exe
  2⤵
  PID:12592
- C:\Windows\System\ADsIcQG.exe
  C:\Windows\System\ADsIcQG.exe
  2⤵
  PID:13388
- C:\Windows\System\UPcocsU.exe
  C:\Windows\System\UPcocsU.exe
  2⤵
  PID:13448
- C:\Windows\System\hUqjbWt.exe
  C:\Windows\System\hUqjbWt.exe
  2⤵
  PID:13532
- C:\Windows\System\ISTbhQf.exe
  C:\Windows\System\ISTbhQf.exe
  2⤵
  PID:13588
- C:\Windows\System\GmvHZlZ.exe
  C:\Windows\System\GmvHZlZ.exe
  2⤵
  PID:13644
- C:\Windows\System\MWEMnZT.exe
  C:\Windows\System\MWEMnZT.exe
  2⤵
  PID:13688
- C:\Windows\System\Cdtkhet.exe
  C:\Windows\System\Cdtkhet.exe
  2⤵
  PID:13788
- C:\Windows\System\MlXsuQg.exe
  C:\Windows\System\MlXsuQg.exe
  2⤵
  PID:13872
- C:\Windows\System\KhutnZS.exe
  C:\Windows\System\KhutnZS.exe
  2⤵
  PID:13948
- C:\Windows\System\XwakMVF.exe
  C:\Windows\System\XwakMVF.exe
  2⤵
  PID:14012
- C:\Windows\System\nyGTWKl.exe
  C:\Windows\System\nyGTWKl.exe
  2⤵
  PID:14072
- C:\Windows\System\YwXFRpv.exe
  C:\Windows\System\YwXFRpv.exe
  2⤵
  PID:14144
- C:\Windows\System\LaChlSC.exe
  C:\Windows\System\LaChlSC.exe
  2⤵
  PID:14184
- C:\Windows\System\RuAGwLg.exe
  C:\Windows\System\RuAGwLg.exe
  2⤵
  PID:4644
- C:\Windows\System\AGvGKtB.exe
  C:\Windows\System\AGvGKtB.exe
  2⤵
  PID:14320
- C:\Windows\System\oeskgWb.exe
  C:\Windows\System\oeskgWb.exe
  2⤵
  PID:13380
- C:\Windows\System\KfSzKtM.exe
  C:\Windows\System\KfSzKtM.exe
  2⤵
  PID:13528
- C:\Windows\System\MxnxwJI.exe
  C:\Windows\System\MxnxwJI.exe
  2⤵
  PID:13632
- C:\Windows\System\kPuiiwb.exe
  C:\Windows\System\kPuiiwb.exe
  2⤵
  PID:13800
- C:\Windows\System\kvIDizB.exe
  C:\Windows\System\kvIDizB.exe
  2⤵
  PID:13928
- C:\Windows\System\wQqZgjw.exe
  C:\Windows\System\wQqZgjw.exe
  2⤵
  PID:14060
- C:\Windows\System\dMngBJN.exe
  C:\Windows\System\dMngBJN.exe
  2⤵
  PID:14156
- C:\Windows\System\XJlKucs.exe
  C:\Windows\System\XJlKucs.exe
  2⤵
  PID:14264
- C:\Windows\System\tcXnyrH.exe
  C:\Windows\System\tcXnyrH.exe
  2⤵
  PID:13492
- C:\Windows\System\tNysolJ.exe
  C:\Windows\System\tNysolJ.exe
  2⤵
  PID:14256
- C:\Windows\System\ScqOHLe.exe
  C:\Windows\System\ScqOHLe.exe
  2⤵
  PID:14208
- C:\Windows\System\OoFoswR.exe
  C:\Windows\System\OoFoswR.exe
  2⤵
  PID:13436
- C:\Windows\System\lZjJBcA.exe
  C:\Windows\System\lZjJBcA.exe
  2⤵
  PID:13332
- C:\Windows\System\kfmrBpc.exe
  C:\Windows\System\kfmrBpc.exe
  2⤵
  PID:14004
- C:\Windows\System\wVCmbaU.exe
  C:\Windows\System\wVCmbaU.exe
  2⤵
  PID:14344
- C:\Windows\System\HAfPaJH.exe
  C:\Windows\System\HAfPaJH.exe
  2⤵
  PID:14372
- C:\Windows\System\xMABhEu.exe
  C:\Windows\System\xMABhEu.exe
  2⤵
  PID:14404
- C:\Windows\System\eRlNYPz.exe
  C:\Windows\System\eRlNYPz.exe
  2⤵
  PID:14436
- C:\Windows\System\bKQPxBD.exe
  C:\Windows\System\bKQPxBD.exe
  2⤵
  PID:14468
- C:\Windows\System\KKTdZQH.exe
  C:\Windows\System\KKTdZQH.exe
  2⤵
  PID:14500
- C:\Windows\System\VGmpBRf.exe
  C:\Windows\System\VGmpBRf.exe
  2⤵
  PID:14532
- C:\Windows\System\iueMMmf.exe
  C:\Windows\System\iueMMmf.exe
  2⤵
  PID:14572
- C:\Windows\System\qOfOJvn.exe
  C:\Windows\System\qOfOJvn.exe
  2⤵
  PID:14588
- C:\Windows\System\ejEkRFM.exe
  C:\Windows\System\ejEkRFM.exe
  2⤵
  PID:14644
- C:\Windows\System\hkokZem.exe
  C:\Windows\System\hkokZem.exe
  2⤵
  PID:14660
- C:\Windows\System\eTavOQI.exe
  C:\Windows\System\eTavOQI.exe
  2⤵
  PID:14696
- C:\Windows\System\xbGvDAH.exe
  C:\Windows\System\xbGvDAH.exe
  2⤵
  PID:14732
- C:\Windows\System\usluyXd.exe
  C:\Windows\System\usluyXd.exe
  2⤵
  PID:14764
- C:\Windows\System\EqUQKXt.exe
  C:\Windows\System\EqUQKXt.exe
  2⤵
  PID:14820
- C:\Windows\System\uhMninV.exe
  C:\Windows\System\uhMninV.exe
  2⤵
  PID:14844
- C:\Windows\System\fBAxqUX.exe
  C:\Windows\System\fBAxqUX.exe
  2⤵
  PID:14872
- C:\Windows\System\NCzOfVn.exe
  C:\Windows\System\NCzOfVn.exe
  2⤵
  PID:14900
- C:\Windows\System\ALsORXL.exe
  C:\Windows\System\ALsORXL.exe
  2⤵
  PID:14936
- C:\Windows\System\ieUxhdK.exe
  C:\Windows\System\ieUxhdK.exe
  2⤵
  PID:14972
- C:\Windows\System\ugIcNmu.exe
  C:\Windows\System\ugIcNmu.exe
  2⤵
  PID:15004
- C:\Windows\System\UKtbVKC.exe
  C:\Windows\System\UKtbVKC.exe
  2⤵
  PID:15024
- C:\Windows\System\cFTldKH.exe
  C:\Windows\System\cFTldKH.exe
  2⤵
  PID:15064
- C:\Windows\System\dbaGtym.exe
  C:\Windows\System\dbaGtym.exe
  2⤵
  PID:15096
- C:\Windows\System\dMQwGHW.exe
  C:\Windows\System\dMQwGHW.exe
  2⤵
  PID:15120
- C:\Windows\System\IAtUzqR.exe
  C:\Windows\System\IAtUzqR.exe
  2⤵
  PID:15148
- C:\Windows\System\cusKAcv.exe
  C:\Windows\System\cusKAcv.exe
  2⤵
  PID:15176
- C:\Windows\System\sHNKqaE.exe
  C:\Windows\System\sHNKqaE.exe
  2⤵
  PID:15208
- C:\Windows\System\rigaRwb.exe
  C:\Windows\System\rigaRwb.exe
  2⤵
  PID:15232
- C:\Windows\System\AcNcKOk.exe
  C:\Windows\System\AcNcKOk.exe
  2⤵
  PID:15260
- C:\Windows\System\fKDhqcL.exe
  C:\Windows\System\fKDhqcL.exe
  2⤵
  PID:15288
- C:\Windows\System\yCcbVBN.exe
  C:\Windows\System\yCcbVBN.exe
  2⤵
  PID:15316
- C:\Windows\System\Ddbjbjq.exe
  C:\Windows\System\Ddbjbjq.exe
  2⤵
  PID:15344
- C:\Windows\System\Osiwdtk.exe
  C:\Windows\System\Osiwdtk.exe
  2⤵
  PID:13616
- C:\Windows\System\FwqyjQS.exe
  C:\Windows\System\FwqyjQS.exe
  2⤵
  PID:14384
- C:\Windows\System\KqjNaTm.exe
  C:\Windows\System\KqjNaTm.exe
  2⤵
  PID:14448
- C:\Windows\System\tHhWGyc.exe
  C:\Windows\System\tHhWGyc.exe
  2⤵
  PID:3212
- C:\Windows\System\YkZhHao.exe
  C:\Windows\System\YkZhHao.exe
  2⤵
  PID:14380
- C:\Windows\System\khXALsF.exe
  C:\Windows\System\khXALsF.exe
  2⤵
  PID:14548
- C:\Windows\System\guCciIR.exe
  C:\Windows\System\guCciIR.exe
  2⤵
  PID:14608
- C:\Windows\System\uoDwSKa.exe
  C:\Windows\System\uoDwSKa.exe
  2⤵
  PID:4112
- C:\Windows\System\rDLXXjf.exe
  C:\Windows\System\rDLXXjf.exe
  2⤵
  PID:1752
- C:\Windows\System\lpAVpiQ.exe
  C:\Windows\System\lpAVpiQ.exe
  2⤵
  PID:2788
- C:\Windows\System\CplCcZg.exe
  C:\Windows\System\CplCcZg.exe
  2⤵
  PID:14772
- C:\Windows\System\PVWxRHx.exe
  C:\Windows\System\PVWxRHx.exe
  2⤵
  PID:5448
- C:\Windows\System\eFRSHFS.exe
  C:\Windows\System\eFRSHFS.exe
  2⤵
  PID:14868
- C:\Windows\System\kgxjipo.exe
  C:\Windows\System\kgxjipo.exe
  2⤵
  PID:14892
- C:\Windows\System\wtbDyoC.exe
  C:\Windows\System\wtbDyoC.exe
  2⤵
  PID:1008
- C:\Windows\System\gYnmdfR.exe
  C:\Windows\System\gYnmdfR.exe
  2⤵
  PID:5536
- C:\Windows\System\trjkkjc.exe
  C:\Windows\System\trjkkjc.exe
  2⤵
  PID:14980
- C:\Windows\System\XhHZmxz.exe
  C:\Windows\System\XhHZmxz.exe
  2⤵
  PID:2880
- C:\Windows\System\DtOacff.exe
  C:\Windows\System\DtOacff.exe
  2⤵
  PID:3424
- C:\Windows\System\QOUXmXT.exe
  C:\Windows\System\QOUXmXT.exe
  2⤵
  PID:15036
- C:\Windows\System\IXLilKE.exe
  C:\Windows\System\IXLilKE.exe
  2⤵
  PID:3996
- C:\Windows\System\FoNsAzr.exe
  C:\Windows\System\FoNsAzr.exe
  2⤵
  PID:3744
- C:\Windows\System\cUVydWC.exe
  C:\Windows\System\cUVydWC.exe
  2⤵
  PID:15088
- C:\Windows\System\txBqQXv.exe
  C:\Windows\System\txBqQXv.exe
  2⤵
  PID:5820
- C:\Windows\System\czyXYnp.exe
  C:\Windows\System\czyXYnp.exe
  2⤵
  PID:5844
- C:\Windows\System\tmXodph.exe
  C:\Windows\System\tmXodph.exe
  2⤵
  PID:15172
- C:\Windows\System\lxIYKMj.exe
  C:\Windows\System\lxIYKMj.exe
  2⤵
  PID:15216
- C:\Windows\System\ukaEBni.exe
  C:\Windows\System\ukaEBni.exe
  2⤵
  PID:5932
- C:\Windows\System\JSIktcW.exe
  C:\Windows\System\JSIktcW.exe
  2⤵
  PID:15256
- C:\Windows\System\Axsdnjo.exe
  C:\Windows\System\Axsdnjo.exe
  2⤵
  PID:6004
- C:\Windows\System\sASleHL.exe
  C:\Windows\System\sASleHL.exe
  2⤵
  PID:15328
- C:\Windows\System\fDgNAlY.exe
  C:\Windows\System\fDgNAlY.exe
  2⤵
  PID:6048
- C:\Windows\System\XoZSPdw.exe
  C:\Windows\System\XoZSPdw.exe
  2⤵
  PID:4572
- C:\Windows\System\WrcAerM.exe
  C:\Windows\System\WrcAerM.exe
  2⤵
  PID:4372
- C:\Windows\System\YdyLQgK.exe
  C:\Windows\System\YdyLQgK.exe
  2⤵
  PID:6136
- C:\Windows\System\ZQdwFOO.exe
  C:\Windows\System\ZQdwFOO.exe
  2⤵
  PID:14920
- C:\Windows\System\xveBnyX.exe
  C:\Windows\System\xveBnyX.exe
  2⤵
  PID:15012
- C:\Windows\System\tedgPfA.exe
  C:\Windows\System\tedgPfA.exe
  2⤵
  PID:4244
- C:\Windows\System\DqqyuuN.exe
  C:\Windows\System\DqqyuuN.exe
  2⤵
  PID:4652
- C:\Windows\System\ItRvmxe.exe
  C:\Windows\System\ItRvmxe.exe
  2⤵
  PID:14600
- C:\Windows\System\NbeKykH.exe
  C:\Windows\System\NbeKykH.exe
  2⤵
  PID:2480
- C:\Windows\System\DxcfSru.exe
  C:\Windows\System\DxcfSru.exe
  2⤵
  PID:3496
- C:\Windows\System\MaVPqQv.exe
  C:\Windows\System\MaVPqQv.exe
  2⤵
  PID:5192
- C:\Windows\System\ccLrPzB.exe
  C:\Windows\System\ccLrPzB.exe
  2⤵
  PID:2292
- C:\Windows\System\YDFlGaV.exe
  C:\Windows\System\YDFlGaV.exe
  2⤵
  PID:5480
- C:\Windows\System\tAOtebn.exe
  C:\Windows\System\tAOtebn.exe
  2⤵
  PID:14476
- C:\Windows\System\UeIrxEe.exe
  C:\Windows\System\UeIrxEe.exe
  2⤵
  PID:3720
- C:\Windows\System\TKLJuIh.exe
  C:\Windows\System\TKLJuIh.exe
  2⤵
  PID:14964
- C:\Windows\System\OkVxWZA.exe
  C:\Windows\System\OkVxWZA.exe
  2⤵
  PID:2020
- C:\Windows\System\GUITCHF.exe
  C:\Windows\System\GUITCHF.exe
  2⤵
  PID:5644
- C:\Windows\System\TZDhcIP.exe
  C:\Windows\System\TZDhcIP.exe
  2⤵
  PID:1732
- C:\Windows\System\DTbUECJ.exe
  C:\Windows\System\DTbUECJ.exe
  2⤵
  PID:5708
- C:\Windows\System\xXIaFrL.exe
  C:\Windows\System\xXIaFrL.exe
  2⤵
  PID:3896
- C:\Windows\System\JOersnw.exe
  C:\Windows\System\JOersnw.exe
  2⤵
  PID:5508
- C:\Windows\System\zwzTlaW.exe
  C:\Windows\System\zwzTlaW.exe
  2⤵
  PID:2980
- C:\Windows\System\SigDKrg.exe
  C:\Windows\System\SigDKrg.exe
  2⤵
  PID:5512
- C:\Windows\System\nlWYANM.exe
  C:\Windows\System\nlWYANM.exe
  2⤵
  PID:14704
- C:\Windows\System\pWflxta.exe
  C:\Windows\System\pWflxta.exe
  2⤵
  PID:15196
- C:\Windows\System\KezBXhX.exe
  C:\Windows\System\KezBXhX.exe
  2⤵
  PID:15228
- C:\Windows\System\uJVnycB.exe
  C:\Windows\System\uJVnycB.exe
  2⤵
  PID:1412
- C:\Windows\System\qaVAHbw.exe
  C:\Windows\System\qaVAHbw.exe
  2⤵
  PID:1672
- C:\Windows\System\RwsgzPF.exe
  C:\Windows\System\RwsgzPF.exe
  2⤵
  PID:1432
- C:\Windows\System\LlPzkGC.exe
  C:\Windows\System\LlPzkGC.exe
  2⤵
  PID:5112
- C:\Windows\System\APRdjms.exe
  C:\Windows\System\APRdjms.exe
  2⤵
  PID:4320
- C:\Windows\System\yFGdHnF.exe
  C:\Windows\System\yFGdHnF.exe
  2⤵
  PID:5872
- C:\Windows\System\VSLFTkW.exe
  C:\Windows\System\VSLFTkW.exe
  2⤵
  PID:5936
- C:\Windows\System\fiehzuc.exe
  C:\Windows\System\fiehzuc.exe
  2⤵
  PID:6008
- C:\Windows\System\waepDpg.exe
  C:\Windows\System\waepDpg.exe
  2⤵
  PID:4784
- C:\Windows\System\FrTQXig.exe
  C:\Windows\System\FrTQXig.exe
  2⤵
  PID:1448
- C:\Windows\System\gJRANPl.exe
  C:\Windows\System\gJRANPl.exe
  2⤵
  PID:14584
- C:\Windows\System\fVfqXlq.exe
  C:\Windows\System\fVfqXlq.exe
  2⤵
  PID:3548
- C:\Windows\System\QrEvMWs.exe
  C:\Windows\System\QrEvMWs.exe
  2⤵
  PID:4792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AFnZaQg.exe

Filesize
6.0MB

MD5
a5909c7e2c66c0e025dfa74ab48781b9

SHA1
fe6811c55397e560067a1a0429f7f0eb428ac3b8

SHA256
5cc0dc1de028b4d0b4ce1bff22ed27044f10e24e329d0abd5192ee18d8873ac2

SHA512
e718b94d0f9f48b7663390e51db1614aaa38da182b140b62cdfe08a5ec99a42872f79d3fc80ed21abb9a8581a1195682588b0e3785240f732a3d52517b539c62

Download Submit
C:\Windows\System\CWiaXiP.exe

Filesize
6.0MB

MD5
282523ae849072f9800b0a23d4249069

SHA1
2df873561dc1eeb409d6f398b6d8100e973a2233

SHA256
9fe16693454c83e44b3452d88cb3531b9787b6b6ee9c31c1c4925d29d20b25b8

SHA512
2ffaca4f9f441a2a8135f0aef659c16ff3d6966d162f3a746a8a72d60a4f37c4054dc1d4e62984282c2fe49ea083b3319a87e4813bd33f6bc70f23e02844401c

Download Submit
C:\Windows\System\DDyzGGi.exe

Filesize
6.0MB

MD5
9ce0c696a581a6ab4bbfa7c04b8d7966

SHA1
c31ed3bb14b57f12cf19fad29d94b34bd2f93b78

SHA256
1a0bd9839e84778f7b1ad8c1c5e5dbc4d8d268c4896f4321c4df83d8cde90199

SHA512
4a74d682047fbc2cacbf6d5230ca35dd1e3af88d64f4a0ca9ed28db769bdcc886b4983315def3afc6e47edd42608cf46255533c6e663c5386cd0d735cfd1967d

Download Submit
C:\Windows\System\DXBGOkA.exe

Filesize
6.0MB

MD5
8860dab12674008f12345deeda4cda33

SHA1
4c94819868112cfeec2baa2367efae14028529cb

SHA256
1fb2b555668c5382da1ebabbe71e9cacef6df819d9f5e2bd21af33c099eabc79

SHA512
2642c0c83a1d7041cde4d908e43c2ee4d2051a3ad7816fe9484d69979a7a280b1b5ecafd65b05c41b83375b01acbc4134c07f5a206d3d762553872010fbc9085

Download Submit
C:\Windows\System\DbcTmmj.exe

Filesize
6.0MB

MD5
2d20dd353abc74c080d9b4e10f7fe59d

SHA1
fc156f2f1198ecb1176e5682897205eeb5d83a9a

SHA256
f6614eca1b1c6bbdfb39f4c5215000e3cb44ed8e3be2ce9cf817d66da33ed1fc

SHA512
6e8545f7c6300ad4889a51e8ac97408f58772622a276846bab5cb9f66ba1615b97c974a2a7c2a85697e41571eae877c5e1e369d76247b3f7922d9a3fbb84623f

Download Submit
C:\Windows\System\FlWeMHz.exe

Filesize
6.0MB

MD5
9512a8b840fb036376e801194cdd5214

SHA1
77d1a83ee97f8eef5424ff19e0e5686543291ec4

SHA256
341a278e429f91494294f451751be9eb85d1ef3afc5a0ad414af9f661bd164b6

SHA512
03ba3832964889bdd7b8d4c109a6ecb75a85677334898a998d387f7d26a7af236396540ea17d4c604ca563416cf1052c4c7e26131812a63b0c59b4536aa64718

Download Submit
C:\Windows\System\JBUXwlH.exe

Filesize
6.0MB

MD5
e32f899427afca1142e6171a6be9a1e6

SHA1
c2a7c5d8dd25b98e37c5f2f6e6ff21003f07e9c5

SHA256
d6114ede3d7cc55a4bce4f6b43ca162f7f9fb69d69825a58ee68e358a287bfdb

SHA512
a0c4bd5f6143d97f09bd16113004ca62e1d5c27094bb1bce0775a80db3522ef0eaa6100c15891169212fe4162915fa24d6c4c93ee68233592ad82b478f174f74

Download Submit
C:\Windows\System\JTUxFmk.exe

Filesize
6.0MB

MD5
d8e0cf72c9639fead521fe29f2592cbf

SHA1
6c719d747125ae730dcd50e85aa1462ad7f52bdc

SHA256
a74a7755e8afac51c4ff51f73ab0095ccf3c44c1f8827a824276eabf682f0099

SHA512
a0c23d5c0e499ae785931bf5b8862b981e54d8054f8055ecd5b58825d2cea595904b2dc7b12464430da026085c8f0dcf7a55d8cef9122a513b37760f53f45526

Download Submit
C:\Windows\System\JUZbjvW.exe

Filesize
6.0MB

MD5
cb227be58d11cf3e8ee49552585bfd61

SHA1
0a20897ec7dc8ff5dda986a8154de4c75f98acd6

SHA256
2b4bfe45e11e712f978f16c44d38e59b69ca40609ad71bbea2f3744cfdb249e9

SHA512
eefcc4b70197971a30b88b51b51700a6e0ac7c02337ef8740489298653872fef1ec7bdd2c1f564ddbf4c4791538c14b5fb4d89691070ad0e02f914823ab132ac

Download Submit
C:\Windows\System\LXtUgBY.exe

Filesize
6.0MB

MD5
a218bb247b3c5b4fc9757dda3b19199e

SHA1
edc96ea7c1feaf26ba463d84b668800bb9a22b1c

SHA256
fa2c52084225b75bae4b2501c0ddca85ee7554bbbd8e2ef78e179dc75c7a82f7

SHA512
0503abecfd2469730cc6ab811ce125bf6fdb3dc5cf0700ddba9dedf3e6d8394e6694480f24ad9d66add0a514cb38b2287e7e84cddda275912392ea662cc44e41

Download Submit
C:\Windows\System\OBizRna.exe

Filesize
6.0MB

MD5
5f0a51c775954a7cfbf14a730233b134

SHA1
258f074ba7c48b2a0e05a58230dd9615d988f2a9

SHA256
93f08313fb899e0525f602f20db08d5df4d35d13a75bc671ad4eb8de639f8f34

SHA512
aec8a66d21c7f8ae96f5aa7b724841c82a965ee772118905471cb68c7fa1301f9e31b21eea89222f02ac5d6f73319801edf254c95c846eac5ef6d69712de658f

Download Submit
C:\Windows\System\QfuuHnG.exe

Filesize
6.0MB

MD5
c32fcf7f54dd3bcaeefe1a847934f615

SHA1
704528e6d4ec37290368d2581c6ccff773938fac

SHA256
8770bfa91ffa06ff673f5172b196644791bf835f3c3687816cd0f32f865ddea2

SHA512
3356ccdc096957d77382480bc48d01eb35dfb65ddbe2dd54c294eab4e8bb219b9dbd2ce67f943f540a54a738e0c1627de1fb17acc2a87b90a71821e7fec00817

Download Submit
C:\Windows\System\RkSCKcq.exe

Filesize
6.0MB

MD5
aad1457a015d41b6fffffe7be79b578b

SHA1
b24c2f087d31d543306b4fb8f0845f4440c53395

SHA256
f4d3a43c7eaa362cecf4cfbd49b257d3f763afb0c86f7b2c5b50b5817bfa4d9f

SHA512
d04bc293a4443cde7254edcaf0b40ba63b712e88a11f5a68319b499ad5917de9fea784da33cb2ad2c3c4470a45b00834506878434e6295fd93c24206f1fb6c1b

Download Submit
C:\Windows\System\Smbfdvr.exe

Filesize
6.0MB

MD5
77df3575ed14e9501604b313e31804be

SHA1
f98c418b2c92232296fce16c170861135b8718a9

SHA256
8b5e194a76a960762f408333697b04ea75b4cb9509f27862372959afb52c3dd0

SHA512
fc91799a0474ba8bb643561690955003d49d7cd1a5b688de283afdbb7422a9e866978ff9e6a9563e079115517594fc140aa29b39bae5b8935539ae7ea78ef95e

Download Submit
C:\Windows\System\XdTvxkR.exe

Filesize
6.0MB

MD5
ec29b58bb18ac3b93ac28da2c5736204

SHA1
b96c2defe3aebf65f808bdcf145896eab3aa4668

SHA256
3f4b7d2e7b65597e9bda089fddae951b453984c9ded65454a95ef5f4e07e236c

SHA512
b75eee5e6d87591e6a14e0d521335a0d9af361260558e7087015f08c9b7ade6d28e606b2d57290e8726597aa0013156845e344ebbbc7fbccb3a060f9b1ce69f3

Download Submit
C:\Windows\System\XjBPwpE.exe

Filesize
6.0MB

MD5
27d365f5e7108660225e3fb21dc83668

SHA1
d0f8d9c31b07348c70471088aa8452468b8c60d2

SHA256
363acbda92cd602a67dab23b8231855d5d0bcac465e51a81c56f23421addaf17

SHA512
e6a40dfb82b92fc6abfe1767f6ef954f7a98f6c062f4867b746081982d683244dd0352b07daa4ff754f583b211010300281399352248a4e83b80c5f04fbb19e7

Download Submit
C:\Windows\System\Xrmiekr.exe

Filesize
6.0MB

MD5
b2fb20de954b4077542f6d892a06f4fd

SHA1
7d4771e403f303cc7bcec98244a7f6420709d67d

SHA256
0051921cd61938753be90f7b799b41ea32fe818b37da7dc78115bb57ae3f5316

SHA512
ee288abd0a0c1291b1795fc4a753022f4f59fe3fac3e80c69d23717b7d6da6f1d806135138d56ae9e04b92b8355271e74ec8ad6139b78408f49d3c5350812a72

Download Submit
C:\Windows\System\YaGtPUd.exe

Filesize
6.0MB

MD5
8b1c528234c49e38b593f7000601c375

SHA1
be4de0d06834f4253a8f8ebf3473178f29122a57

SHA256
3b5f55390ee1cf584bc6fcba6b852639e22ffa7d26051fcd00b7905349c29be7

SHA512
b1d5889374de41a619d38ef9c95bab4db56b7353f261671fd994c031467cb3c0832751ee113514dc4a3c8ad31c6a4a9c1fbba32f7058e17a857fa4f417bf3b05

Download Submit
C:\Windows\System\ZBNhvHC.exe

Filesize
6.0MB

MD5
bda5f3692bec4912328b6eb576f12b3e

SHA1
8781b1f283d4e3a088efc1224197c3b3aee98ad2

SHA256
2f56977039bab7aade40dbcc2c5241fed289d55a6db2660306cffa1ea332263e

SHA512
0a88110ef2ac5a82f500e2540ba48dab7c7cf77d3bfa8e327630af85ddf2aa992d14d3f908664bea17e33742d776f9035cce3c2b4c4829f9cd54a84772bb5a0f

Download Submit
C:\Windows\System\cfbJhmR.exe

Filesize
6.0MB

MD5
9cf2471ba7d1b08fc8df343c924c84d4

SHA1
8ceeb661cf7e835556061f1ba8f322c416499295

SHA256
284425982c01e0fb7949e45ddac2a68a37e343a2c35c4c4c0762c335bd17b940

SHA512
323691c7c07635320d3aa17fedaab8874f3e565b58d68a5a5ce79f4ab180639abec54415e0dafbb722774d9e78bddf7fc6c1960386e5a34b7bc434336ca0c134

Download Submit
C:\Windows\System\cmNMGgd.exe

Filesize
6.0MB

MD5
e2b3e460cce9978e275b7ef3d9d766ff

SHA1
2837403bdbbc04bd54a46bc1e2e05442636be50b

SHA256
06f050f34a022e20acdc16fa2a50c11834fd8517fa0ea4adbacc9fc3b382bf45

SHA512
1e09565362b23c2e99d85930fe8e470210eb9ddc66c5a14f7943eae52b47e4b0b312f037f33e5012a3b6fb3bd1ed215830cce0eed624616476d8ff85c658b518

Download Submit
C:\Windows\System\dvrswuv.exe

Filesize
6.0MB

MD5
ca0e07e8caf0af2fd1c27c2cad2bb510

SHA1
c36d6bea4566d58f1ec9e83ccf97368b122fc4a9

SHA256
9c415bf7c219ebbababeeb56eaee2eeaf32f033dab4452f3181b452da22f6c70

SHA512
959e6cd8ac51d6247fd149d794dc146f1f30be840d2f6621edeaf59b5cfa4e1e449f96ec2c5ca646cbfb5bb55a143dd751ec4c5968a1615cc79d80ed3435ff06

Download Submit
C:\Windows\System\gPSKxlO.exe

Filesize
6.0MB

MD5
6440d0aebf8839e1fa26de0dca67c2fb

SHA1
931af2f9aa79f60770b9c70b3b5da799a1059bf2

SHA256
4fc3eac9f0069a1fb9445594d5e01a8ab6e4f206f5f2a39319d37a51f1a6c311

SHA512
0620d0496b766575eb556c9fd7b123a4fa5fcc9c97ac6a0809fdcfa867be305952ea427240279524194919a293ee1c254ed8e54e066fc16d3339cd8689dc9331

Download Submit
C:\Windows\System\igdsFHV.exe

Filesize
6.0MB

MD5
b24db5823df4eabfde45c745de36b0ce

SHA1
1e68d82d7d5fb6b89ccff8f0d638fcde89c40946

SHA256
2f62b89f67d4c56e92c77f23dc8dbf71d7cf4f28d4e39959ff8b6853c96ebe81

SHA512
fd12237dc1ff326790b0be052c8e32a22badece653e68b3dc4a76e5eb60b7d24583bbf618cc5b6f7ac2677f543cc3d5d3eff1643e394cf909ac717c9692f2ec4

Download Submit
C:\Windows\System\ihNcAHC.exe

Filesize
6.0MB

MD5
0501b8d7edc1472a4a7dbc21f91fb2ba

SHA1
cca35d304044dcb18429c9491e5a3c28bb1ade4f

SHA256
b1b3e2a787fb6332bf69f3ed8a042578599464e66c5e717f12a0a1dddc54c19c

SHA512
25af290427fed678070121f99ce4f5c54f7b8b38f2b4d30d61b9c200dd1b3fdd3b3e0d7d212f9402916a742ae501b4438f23f11258e57a14913ef924fa38329d

Download Submit
C:\Windows\System\jCBoEqI.exe

Filesize
6.0MB

MD5
a1031aff43747f6e362d633ab213abda

SHA1
231e2c05f8ad63546806acc32c0417bd433aa6e0

SHA256
3f9acfdc8e5d5d067337214b6acbf37a4fd596b2e85406cd179183651d1910eb

SHA512
8b39bf0d81ecf1adb8285ffef98e056511acb43bfc3ed09cdd94fe99bbaa1fd13e685b79fb4b2fee99fb77663962f6a47e86d342c7584ab46e1fcaea72af0c59

Download Submit
C:\Windows\System\kGOFwQS.exe

Filesize
6.0MB

MD5
ee4fcefb892d99ac162546cd0d1b7e39

SHA1
74c60e6b167ec50db0edd2be97575c76a413a4f3

SHA256
6de660e9078a9ea171c7d8b0939016815e810dbef87fb1cf59aad4ba01e4e114

SHA512
ae7f22249728e88a9ef126427bc821128571fc843bbe0930ee428cc43182d2771a8147641d6a94c34fe7402ac8e6e41db081dade45b21c6ed02986241f456786

Download Submit
C:\Windows\System\oTIrnEc.exe

Filesize
6.0MB

MD5
a1df50638c59e914770b6d936e30722a

SHA1
9eac5dcad6c39e7cc625cf9d2b28fbc0a44d63b2

SHA256
644125c89c981778a5acf44839d02972ca75a3ebe31b14c3166c0ec939f7abe9

SHA512
0e7226040d7e703ac353278222c3f2bb69d86f6b3b3f5440024529d4e45731b93d2c170a0d94971c8b151fa3149a72b24b80236ae958b3b9602d13269a26b93c

Download Submit
C:\Windows\System\pKSFrss.exe

Filesize
6.0MB

MD5
631886e734d6d30af4acd6b399b8a254

SHA1
b68d56d829a40b2df59eba5700893134fcf935bf

SHA256
7ef2cf3168491867a6dcf970b8ae98dca698a58fcfb75e3348fc8f2412ee2bd1

SHA512
3281002b7c2d758a1d7f8cd20983734ce136cb976d52db923ed0038109a5d403751a2db28378e284051fa75a16f58e844809271be6fa6e38996195c2a6970167

Download Submit
C:\Windows\System\pcICymp.exe

Filesize
6.0MB

MD5
5ecb936871f341844ef2366ad74be274

SHA1
94626e17d3c2c5d5198feb83861eaa5ff5ffdfd4

SHA256
f8369423e69b604a2d6948fecde5d1b07b5cb11f3756e6f99aafd7db1c6fb7a4

SHA512
61c91c7529235b760156c40212b36107201f2d5dc631febaec29ac69aae8b5b7fb4fbe1e9624d246208580b85eed7cf7aa24a2da93afb4c69b9e61972e492d1c

Download Submit
C:\Windows\System\tCuNTzO.exe

Filesize
6.0MB

MD5
2670556a4fd4484abc7ef687009f3916

SHA1
78df656ff863668872c820e0b0dfb9f9d6cd96a7

SHA256
d36039be529a8193f392b20e473104ef3f2bbd06c13967f8e7ff4233042c5d98

SHA512
cf2d871de2178b3b7c9be2b168d5a60f2d8f1ae0d5519dd0babb9fff3e7b31258b8e8c9ecea9be996014031fa857f89ee3db077851a66f4dd4559201817168c5

Download Submit
C:\Windows\System\tnzxLoe.exe

Filesize
6.0MB

MD5
495c5d1b0624619432197007a1aa8a7b

SHA1
ed0799db7806dc2bbac908f8ad721d6fe865ca56

SHA256
2c3cc715bafec4dc57f6fc975a3adf9cd7eb9a8cfbccb3660126108c5e0ee5c4

SHA512
16abc96d8e8bf5e570864d5f204439a8947827f3c07bcd71537e13aa2387732b01079db54ed08534317483c573d0fe519ec15ebce3167095cea32159016e6f9b

Download Submit
C:\Windows\System\xTAhCPH.exe

Filesize
6.0MB

MD5
71bf5341f471164f74ced979a93a45ae

SHA1
07131b8588c4b8f1225ad2f5d2f00e2b6119d5e2

SHA256
5053988f66fb48042877655720a0bd8e573ba6d33410db6bfac8bae0a9a23983

SHA512
234e7267b6080c0f6b46ca144b49bd00785770aefbabe94f1c6b0fc1929aa9d27b62db051eb33b32729ddf86d821683a691005f057047305731e19cd7e02bb63

Download Submit
C:\Windows\System\zmCFuiY.exe

Filesize
6.0MB

MD5
865b8cb5d90533665f2e4ecb12baf55f

SHA1
d93d235266b4c10eac10e291c5821aff89fdf928

SHA256
8768fca2073cf5cd8fe04793abf5240ebeb1dd686343d56a3ac45e3768ddb37f

SHA512
c2b0bcf441ddf9a05864c9d8c42706070946cb04379c007d22c4f22b902aca54e2c72108edeb74480f788a81d340abb1ae9261c34245f494456a291225465301

Download Submit
memory/516-336-0x00007FF7003C0000-0x00007FF700714000-memory.dmp

Filesize
3.3MB

Download
memory/516-2188-0x00007FF7003C0000-0x00007FF700714000-memory.dmp

Filesize
3.3MB

Download
memory/532-337-0x00007FF603A10000-0x00007FF603D64000-memory.dmp

Filesize
3.3MB

Download
memory/532-2190-0x00007FF603A10000-0x00007FF603D64000-memory.dmp

Filesize
3.3MB

Download
memory/644-2136-0x00007FF66F920000-0x00007FF66FC74000-memory.dmp

Filesize
3.3MB

Download
memory/644-104-0x00007FF66F920000-0x00007FF66FC74000-memory.dmp

Filesize
3.3MB

Download
memory/668-130-0x00007FF677EB0000-0x00007FF678204000-memory.dmp

Filesize
3.3MB

Download
memory/668-2132-0x00007FF677EB0000-0x00007FF678204000-memory.dmp

Filesize
3.3MB

Download
memory/1392-2140-0x00007FF6BD7B0000-0x00007FF6BDB04000-memory.dmp

Filesize
3.3MB

Download
memory/1392-96-0x00007FF6BD7B0000-0x00007FF6BDB04000-memory.dmp

Filesize
3.3MB

Download
memory/1452-56-0x00007FF674700000-0x00007FF674A54000-memory.dmp

Filesize
3.3MB

Download
memory/1452-714-0x00007FF674700000-0x00007FF674A54000-memory.dmp

Filesize
3.3MB

Download
memory/1452-2121-0x00007FF674700000-0x00007FF674A54000-memory.dmp

Filesize
3.3MB

Download
memory/1604-331-0x00007FF7AD850000-0x00007FF7ADBA4000-memory.dmp

Filesize
3.3MB

Download
memory/1604-2187-0x00007FF7AD850000-0x00007FF7ADBA4000-memory.dmp

Filesize
3.3MB

Download
memory/1632-2197-0x00007FF7DB960000-0x00007FF7DBCB4000-memory.dmp

Filesize
3.3MB

Download
memory/1632-338-0x00007FF7DB960000-0x00007FF7DBCB4000-memory.dmp

Filesize
3.3MB

Download
memory/1712-127-0x00007FF7F62D0000-0x00007FF7F6624000-memory.dmp

Filesize
3.3MB

Download
memory/1712-2015-0x00007FF7F62D0000-0x00007FF7F6624000-memory.dmp

Filesize
3.3MB

Download
memory/1712-20-0x00007FF7F62D0000-0x00007FF7F6624000-memory.dmp

Filesize
3.3MB

Download
memory/1744-131-0x00007FF7BF960000-0x00007FF7BFCB4000-memory.dmp

Filesize
3.3MB

Download
memory/1744-2153-0x00007FF7BF960000-0x00007FF7BFCB4000-memory.dmp

Filesize
3.3MB

Download
memory/1808-2143-0x00007FF6EDC30000-0x00007FF6EDF84000-memory.dmp

Filesize
3.3MB

Download
memory/1808-117-0x00007FF6EDC30000-0x00007FF6EDF84000-memory.dmp

Filesize
3.3MB

Download
memory/1856-31-0x00007FF63A7B0000-0x00007FF63AB04000-memory.dmp

Filesize
3.3MB

Download
memory/1856-473-0x00007FF63A7B0000-0x00007FF63AB04000-memory.dmp

Filesize
3.3MB

Download
memory/1856-2034-0x00007FF63A7B0000-0x00007FF63AB04000-memory.dmp

Filesize
3.3MB

Download
memory/2136-2163-0x00007FF77CEB0000-0x00007FF77D204000-memory.dmp

Filesize
3.3MB

Download
memory/2136-142-0x00007FF77CEB0000-0x00007FF77D204000-memory.dmp

Filesize
3.3MB

Download
memory/2384-94-0x00007FF637C40000-0x00007FF637F94000-memory.dmp

Filesize
3.3MB

Download
memory/2384-2125-0x00007FF637C40000-0x00007FF637F94000-memory.dmp

Filesize
3.3MB

Download
memory/2384-717-0x00007FF637C40000-0x00007FF637F94000-memory.dmp

Filesize
3.3MB

Download
memory/2636-2161-0x00007FF721780000-0x00007FF721AD4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-141-0x00007FF721780000-0x00007FF721AD4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-592-0x00007FF684040000-0x00007FF684394000-memory.dmp

Filesize
3.3MB

Download
memory/2816-2102-0x00007FF684040000-0x00007FF684394000-memory.dmp

Filesize
3.3MB

Download
memory/2816-44-0x00007FF684040000-0x00007FF684394000-memory.dmp

Filesize
3.3MB

Download
memory/2928-2032-0x00007FF7F7CF0000-0x00007FF7F8044000-memory.dmp

Filesize
3.3MB

Download
memory/2928-361-0x00007FF7F7CF0000-0x00007FF7F8044000-memory.dmp

Filesize
3.3MB

Download
memory/2928-27-0x00007FF7F7CF0000-0x00007FF7F8044000-memory.dmp

Filesize
3.3MB

Download
memory/3084-2169-0x00007FF731DB0000-0x00007FF732104000-memory.dmp

Filesize
3.3MB

Download
memory/3084-330-0x00007FF731DB0000-0x00007FF732104000-memory.dmp

Filesize
3.3MB

Download
memory/3236-110-0x00007FF6B11F0000-0x00007FF6B1544000-memory.dmp

Filesize
3.3MB

Download
memory/3236-2141-0x00007FF6B11F0000-0x00007FF6B1544000-memory.dmp

Filesize
3.3MB

Download
memory/3248-1-0x000002C5D5740000-0x000002C5D5750000-memory.dmp

Filesize
64KB

Download
memory/3248-0-0x00007FF75D880000-0x00007FF75DBD4000-memory.dmp

Filesize
3.3MB

Download
memory/3248-60-0x00007FF75D880000-0x00007FF75DBD4000-memory.dmp

Filesize
3.3MB

Download
memory/3292-172-0x00007FF7CB700000-0x00007FF7CBA54000-memory.dmp

Filesize
3.3MB

Download
memory/3292-2170-0x00007FF7CB700000-0x00007FF7CBA54000-memory.dmp

Filesize
3.3MB

Download
memory/3460-36-0x00007FF6A9A20000-0x00007FF6A9D74000-memory.dmp

Filesize
3.3MB

Download
memory/3460-2039-0x00007FF6A9A20000-0x00007FF6A9D74000-memory.dmp

Filesize
3.3MB

Download
memory/3460-531-0x00007FF6A9A20000-0x00007FF6A9D74000-memory.dmp

Filesize
3.3MB

Download
memory/3512-333-0x00007FF7B88D0000-0x00007FF7B8C24000-memory.dmp

Filesize
3.3MB

Download
memory/3512-2198-0x00007FF7B88D0000-0x00007FF7B8C24000-memory.dmp

Filesize
3.3MB

Download
memory/3948-2171-0x00007FF6BFC20000-0x00007FF6BFF74000-memory.dmp

Filesize
3.3MB

Download
memory/3948-334-0x00007FF6BFC20000-0x00007FF6BFF74000-memory.dmp

Filesize
3.3MB

Download
memory/4056-150-0x00007FF659F90000-0x00007FF65A2E4000-memory.dmp

Filesize
3.3MB

Download
memory/4056-2165-0x00007FF659F90000-0x00007FF65A2E4000-memory.dmp

Filesize
3.3MB

Download
memory/4328-2201-0x00007FF64B0E0000-0x00007FF64B434000-memory.dmp

Filesize
3.3MB

Download
memory/4328-332-0x00007FF64B0E0000-0x00007FF64B434000-memory.dmp

Filesize
3.3MB

Download
memory/4600-6-0x00007FF69C160000-0x00007FF69C4B4000-memory.dmp

Filesize
3.3MB

Download
memory/4600-119-0x00007FF69C160000-0x00007FF69C4B4000-memory.dmp

Filesize
3.3MB

Download
memory/4600-2010-0x00007FF69C160000-0x00007FF69C4B4000-memory.dmp

Filesize
3.3MB

Download
memory/4824-2116-0x00007FF7EDDD0000-0x00007FF7EE124000-memory.dmp

Filesize
3.3MB

Download
memory/4824-50-0x00007FF7EDDD0000-0x00007FF7EE124000-memory.dmp

Filesize
3.3MB

Download
memory/4824-646-0x00007FF7EDDD0000-0x00007FF7EE124000-memory.dmp

Filesize
3.3MB

Download
memory/4944-100-0x00007FF6332E0000-0x00007FF633634000-memory.dmp

Filesize
3.3MB

Download
memory/4944-2139-0x00007FF6332E0000-0x00007FF633634000-memory.dmp

Filesize
3.3MB

Download
memory/5076-335-0x00007FF743280000-0x00007FF7435D4000-memory.dmp

Filesize
3.3MB

Download
memory/5076-2025-0x00007FF743280000-0x00007FF7435D4000-memory.dmp

Filesize
3.3MB

Download
memory/5076-23-0x00007FF743280000-0x00007FF7435D4000-memory.dmp

Filesize
3.3MB

Download