cobaltstrike | 394f3825f210b6a79150e67a212d7e617e71d3379f08c5571760cb10c78f6046

Analysis

max time kernel
98s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
28-01-2025 16:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.7MB
MD5

1118b29154573755d7bff08fd13b0b9a
SHA1

d9b27a946026c194c2382619bbe1a437f4d834d3
SHA256

394f3825f210b6a79150e67a212d7e617e71d3379f08c5571760cb10c78f6046
SHA512

9d5c3d370a7916434ba33e24bb887e238d3e090cd6642e8cedae4a88e92ad9b52b4b0bce53b6b9e4d00da306c5894aa5a1b968f6af40561612ed57e453b843d6
SSDEEP

98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lUS:j+R56utgpPF8u/7S

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000a000000023bdf-5.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cac-16.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cad-24.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023caf-51.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb2-57.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb6-75.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023ca8-96.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbc-107.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbb-106.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb8-121.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbf-138.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbe-135.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbd-132.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cba-119.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb9-117.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb7-102.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb5-87.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb4-64.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb3-59.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb1-54.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb0-47.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cae-36.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cab-18.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc0-143.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc1-150.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc2-155.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc5-171.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc7-179.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc8-184.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc9-191.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc6-177.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc4-163.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4852-0-0x00007FF7A2AF0000-0x00007FF7A2E3D000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bdf-5.dat	xmrig
behavioral2/memory/5108-10-0x00007FF629350000-0x00007FF62969D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cac-16.dat	xmrig
behavioral2/memory/3440-19-0x00007FF618410000-0x00007FF61875D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cad-24.dat	xmrig
behavioral2/memory/4948-37-0x00007FF61C810000-0x00007FF61CB5D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023caf-51.dat	xmrig
behavioral2/files/0x0007000000023cb2-57.dat	xmrig
behavioral2/memory/1136-61-0x00007FF665880000-0x00007FF665BCD000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb6-75.dat	xmrig
behavioral2/memory/1064-89-0x00007FF6E1380000-0x00007FF6E16CD000-memory.dmp	xmrig
behavioral2/files/0x0008000000023ca8-96.dat	xmrig
behavioral2/files/0x0007000000023cbc-107.dat	xmrig
behavioral2/files/0x0007000000023cbb-106.dat	xmrig
behavioral2/files/0x0007000000023cb8-121.dat	xmrig
behavioral2/memory/2900-139-0x00007FF61B760000-0x00007FF61BAAD000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cbf-138.dat	xmrig
behavioral2/memory/4844-136-0x00007FF726480000-0x00007FF7267CD000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cbe-135.dat	xmrig
behavioral2/memory/908-133-0x00007FF69E2C0000-0x00007FF69E60D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cbd-132.dat	xmrig
behavioral2/memory/4424-130-0x00007FF6334E0000-0x00007FF63382D000-memory.dmp	xmrig
behavioral2/memory/3188-127-0x00007FF7785C0000-0x00007FF77890D000-memory.dmp	xmrig
behavioral2/memory/1764-122-0x00007FF7D4A50000-0x00007FF7D4D9D000-memory.dmp	xmrig
behavioral2/memory/4056-120-0x00007FF676260000-0x00007FF6765AD000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cba-119.dat	xmrig
behavioral2/memory/1120-118-0x00007FF78D790000-0x00007FF78DADD000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb9-117.dat	xmrig
behavioral2/memory/772-103-0x00007FF7F1EC0000-0x00007FF7F220D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb7-102.dat	xmrig
behavioral2/memory/1984-97-0x00007FF61C0A0000-0x00007FF61C3ED000-memory.dmp	xmrig
behavioral2/memory/2664-90-0x00007FF679980000-0x00007FF679CCD000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb5-87.dat	xmrig
behavioral2/memory/4800-69-0x00007FF7CCFE0000-0x00007FF7CD32D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb4-64.dat	xmrig
behavioral2/files/0x0007000000023cb3-59.dat	xmrig
behavioral2/memory/4512-58-0x00007FF68A400000-0x00007FF68A74D000-memory.dmp	xmrig
behavioral2/memory/3936-55-0x00007FF68DC20000-0x00007FF68DF6D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb1-54.dat	xmrig
behavioral2/memory/2556-52-0x00007FF76E210000-0x00007FF76E55D000-memory.dmp	xmrig
behavioral2/memory/2064-48-0x00007FF706280000-0x00007FF7065CD000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb0-47.dat	xmrig
behavioral2/files/0x0007000000023cae-36.dat	xmrig
behavioral2/memory/828-25-0x00007FF7758B0000-0x00007FF775BFD000-memory.dmp	xmrig
behavioral2/memory/4516-28-0x00007FF675F40000-0x00007FF67628D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cab-18.dat	xmrig
behavioral2/files/0x0007000000023cc0-143.dat	xmrig
behavioral2/memory/3892-145-0x00007FF7F5640000-0x00007FF7F598D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc1-150.dat	xmrig
behavioral2/memory/4172-151-0x00007FF6CBA70000-0x00007FF6CBDBD000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc2-155.dat	xmrig
behavioral2/memory/4912-164-0x00007FF653990000-0x00007FF653CDD000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc5-171.dat	xmrig
behavioral2/memory/1880-178-0x00007FF663610000-0x00007FF66395D000-memory.dmp	xmrig
behavioral2/memory/2944-180-0x00007FF6872E0000-0x00007FF68762D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc7-179.dat	xmrig
behavioral2/files/0x0007000000023cc8-184.dat	xmrig
behavioral2/files/0x0007000000023cc9-191.dat	xmrig
behavioral2/memory/4320-187-0x00007FF674C10000-0x00007FF674F5D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc6-177.dat	xmrig
behavioral2/memory/488-172-0x00007FF720510000-0x00007FF72085D000-memory.dmp	xmrig
behavioral2/memory/2268-168-0x00007FF6A4340000-0x00007FF6A468D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc4-163.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
5108	McZEjXt.exe
3440	aIrRFOC.exe
4516	HjbEXKG.exe
828	pKBFbLL.exe
4948	YEkfwdb.exe
2064	AfebWyX.exe
2556	QifyGZk.exe
3936	AXMjvxE.exe
4512	YeFkAOr.exe
1136	wfFhUlQ.exe
4800	paySIkW.exe
2664	cnZShgr.exe
772	UWSuFxm.exe
1764	OnXcQbk.exe
1064	dNOwfxA.exe
1984	uaWPqVh.exe
1120	jaDqPmK.exe
4056	syinEnd.exe
3188	rpbsjkD.exe
4424	KDMupoK.exe
908	KxaRvWm.exe
4844	gcclSQl.exe
2900	ErUkdyR.exe
3892	REqWbiq.exe
4172	ALgnIfb.exe
2268	WKgAGTC.exe
4912	imkqlJy.exe
488	LhKrGoB.exe
1880	VPQEYsD.exe
2944	MlstGLH.exe
4320	IToxTyH.exe
3472	MVtxTVl.exe
3308	cMHJcIQ.exe
1608	LOfkweH.exe
2348	HEbHqgi.exe
1512	xMQTLWR.exe
2460	VSQpvFx.exe
3448	KFLnJYD.exe
2224	KLJLkMw.exe
2028	ydQeKFF.exe
1228	bQXZYOa.exe
5076	EXGddiE.exe
3168	ALRpwiY.exe
4040	kLjqGfl.exe
4524	kvNGNvE.exe
3372	HvDCQGv.exe
5036	GfoaoOE.exe
4368	MsdfjnF.exe
1976	HucecNd.exe
2676	RdgOHcl.exe
3056	wkeAvTQ.exe
3764	PAOUSQn.exe
3564	YURGjSC.exe
4136	adzAQLW.exe
4784	lEszKmF.exe
3436	HrTdVOm.exe
1916	cpJCIKI.exe
1144	yirHfLv.exe
3884	lStfmKt.exe
3408	arKxGdw.exe
2016	xUQEwws.exe
3920	pZngTMs.exe
376	PxXeqaI.exe
1688	fnjAxOW.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\UtXNoBP.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YvVVUUB.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TiEUOLv.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JaloCUV.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ODhoGmr.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JbpyBzV.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OQRjWbU.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rcwXEPw.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TyRsDTL.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aOaSGTU.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fBMHdUg.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jlbnsnv.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\siCYVVA.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DkCiunC.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cuPnKjx.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wkeAvTQ.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FvcorcD.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yFHJISk.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SfXeqVW.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wmtvIYe.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bSCIvgO.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XpeBzhU.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oNcAbNC.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FIzmABq.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rZBoTbU.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IGUzpLM.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pZngTMs.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CybwXFk.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lrXmvKS.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qhCTntU.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IGZyFsX.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wDOtmIL.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\byEblHs.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KTJbVKy.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sbgTsjB.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rtFiXjX.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yzpGsWm.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RvxRjXV.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YYEXEiW.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WEheAUz.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EpgAyTN.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ydzvyLL.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RtVUvAK.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PpfXjkd.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zLjsocm.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OMIaPtq.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mrCugwD.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YhSAdAX.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AfebWyX.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ivlETKs.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MIqfGVM.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QFZSAFd.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hHxDTzU.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vqAwdMs.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Tnczuqn.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sLrXUBV.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gryCJLv.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NmoCkkp.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eLkXuWP.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SrMTLeR.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dHyYmDn.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rcreibk.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GpgnMYJ.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SLKWkzM.exe	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4852 wrote to memory of 5108	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 4852 wrote to memory of 5108	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 4852 wrote to memory of 3440	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 4852 wrote to memory of 3440	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 4852 wrote to memory of 4516	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4852 wrote to memory of 4516	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4852 wrote to memory of 828	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4852 wrote to memory of 828	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4852 wrote to memory of 4948	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4852 wrote to memory of 4948	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4852 wrote to memory of 2556	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4852 wrote to memory of 2556	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4852 wrote to memory of 2064	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4852 wrote to memory of 2064	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4852 wrote to memory of 3936	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4852 wrote to memory of 3936	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4852 wrote to memory of 4512	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4852 wrote to memory of 4512	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4852 wrote to memory of 1136	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4852 wrote to memory of 1136	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4852 wrote to memory of 4800	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4852 wrote to memory of 4800	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4852 wrote to memory of 1064	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4852 wrote to memory of 1064	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4852 wrote to memory of 2664	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4852 wrote to memory of 2664	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4852 wrote to memory of 772	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4852 wrote to memory of 772	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4852 wrote to memory of 1764	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4852 wrote to memory of 1764	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4852 wrote to memory of 1984	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4852 wrote to memory of 1984	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4852 wrote to memory of 1120	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4852 wrote to memory of 1120	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4852 wrote to memory of 4056	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4852 wrote to memory of 4056	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4852 wrote to memory of 3188	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4852 wrote to memory of 3188	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4852 wrote to memory of 4424	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4852 wrote to memory of 4424	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4852 wrote to memory of 908	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4852 wrote to memory of 908	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4852 wrote to memory of 4844	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4852 wrote to memory of 4844	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4852 wrote to memory of 2900	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4852 wrote to memory of 2900	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4852 wrote to memory of 3892	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4852 wrote to memory of 3892	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4852 wrote to memory of 4172	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4852 wrote to memory of 4172	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4852 wrote to memory of 2268	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4852 wrote to memory of 2268	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4852 wrote to memory of 4912	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4852 wrote to memory of 4912	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4852 wrote to memory of 488	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4852 wrote to memory of 488	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4852 wrote to memory of 1880	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4852 wrote to memory of 1880	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4852 wrote to memory of 2944	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4852 wrote to memory of 2944	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4852 wrote to memory of 4320	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4852 wrote to memory of 4320	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4852 wrote to memory of 3472	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4852 wrote to memory of 3472	4852	2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe	114

C:\Users\Admin\AppData\Local\Temp\2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-28_1118b29154573755d7bff08fd13b0b9a_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4852
- C:\Windows\System\McZEjXt.exe
  C:\Windows\System\McZEjXt.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\aIrRFOC.exe
  C:\Windows\System\aIrRFOC.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\HjbEXKG.exe
  C:\Windows\System\HjbEXKG.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\pKBFbLL.exe
  C:\Windows\System\pKBFbLL.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\YEkfwdb.exe
  C:\Windows\System\YEkfwdb.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\QifyGZk.exe
  C:\Windows\System\QifyGZk.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\AfebWyX.exe
  C:\Windows\System\AfebWyX.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\AXMjvxE.exe
  C:\Windows\System\AXMjvxE.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System\YeFkAOr.exe
  C:\Windows\System\YeFkAOr.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\wfFhUlQ.exe
  C:\Windows\System\wfFhUlQ.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\paySIkW.exe
  C:\Windows\System\paySIkW.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\dNOwfxA.exe
  C:\Windows\System\dNOwfxA.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\cnZShgr.exe
  C:\Windows\System\cnZShgr.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\UWSuFxm.exe
  C:\Windows\System\UWSuFxm.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\OnXcQbk.exe
  C:\Windows\System\OnXcQbk.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\uaWPqVh.exe
  C:\Windows\System\uaWPqVh.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\jaDqPmK.exe
  C:\Windows\System\jaDqPmK.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\syinEnd.exe
  C:\Windows\System\syinEnd.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\rpbsjkD.exe
  C:\Windows\System\rpbsjkD.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\KDMupoK.exe
  C:\Windows\System\KDMupoK.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\KxaRvWm.exe
  C:\Windows\System\KxaRvWm.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\gcclSQl.exe
  C:\Windows\System\gcclSQl.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\ErUkdyR.exe
  C:\Windows\System\ErUkdyR.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\REqWbiq.exe
  C:\Windows\System\REqWbiq.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\ALgnIfb.exe
  C:\Windows\System\ALgnIfb.exe
  2⤵
  - Executes dropped EXE
  PID:4172
- C:\Windows\System\WKgAGTC.exe
  C:\Windows\System\WKgAGTC.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\imkqlJy.exe
  C:\Windows\System\imkqlJy.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\LhKrGoB.exe
  C:\Windows\System\LhKrGoB.exe
  2⤵
  - Executes dropped EXE
  PID:488
- C:\Windows\System\VPQEYsD.exe
  C:\Windows\System\VPQEYsD.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\MlstGLH.exe
  C:\Windows\System\MlstGLH.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\IToxTyH.exe
  C:\Windows\System\IToxTyH.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System\MVtxTVl.exe
  C:\Windows\System\MVtxTVl.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\cMHJcIQ.exe
  C:\Windows\System\cMHJcIQ.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System\LOfkweH.exe
  C:\Windows\System\LOfkweH.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\HEbHqgi.exe
  C:\Windows\System\HEbHqgi.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\xMQTLWR.exe
  C:\Windows\System\xMQTLWR.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\VSQpvFx.exe
  C:\Windows\System\VSQpvFx.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\KFLnJYD.exe
  C:\Windows\System\KFLnJYD.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System\KLJLkMw.exe
  C:\Windows\System\KLJLkMw.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\ydQeKFF.exe
  C:\Windows\System\ydQeKFF.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\bQXZYOa.exe
  C:\Windows\System\bQXZYOa.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\EXGddiE.exe
  C:\Windows\System\EXGddiE.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\ALRpwiY.exe
  C:\Windows\System\ALRpwiY.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System\kLjqGfl.exe
  C:\Windows\System\kLjqGfl.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\kvNGNvE.exe
  C:\Windows\System\kvNGNvE.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\HvDCQGv.exe
  C:\Windows\System\HvDCQGv.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System\GfoaoOE.exe
  C:\Windows\System\GfoaoOE.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\MsdfjnF.exe
  C:\Windows\System\MsdfjnF.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\HucecNd.exe
  C:\Windows\System\HucecNd.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\RdgOHcl.exe
  C:\Windows\System\RdgOHcl.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\wkeAvTQ.exe
  C:\Windows\System\wkeAvTQ.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\PAOUSQn.exe
  C:\Windows\System\PAOUSQn.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System\YURGjSC.exe
  C:\Windows\System\YURGjSC.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\adzAQLW.exe
  C:\Windows\System\adzAQLW.exe
  2⤵
  - Executes dropped EXE
  PID:4136
- C:\Windows\System\lEszKmF.exe
  C:\Windows\System\lEszKmF.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\HrTdVOm.exe
  C:\Windows\System\HrTdVOm.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System\cpJCIKI.exe
  C:\Windows\System\cpJCIKI.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\yirHfLv.exe
  C:\Windows\System\yirHfLv.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\lStfmKt.exe
  C:\Windows\System\lStfmKt.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\arKxGdw.exe
  C:\Windows\System\arKxGdw.exe
  2⤵
  - Executes dropped EXE
  PID:3408
- C:\Windows\System\xUQEwws.exe
  C:\Windows\System\xUQEwws.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\pZngTMs.exe
  C:\Windows\System\pZngTMs.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\PxXeqaI.exe
  C:\Windows\System\PxXeqaI.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\fnjAxOW.exe
  C:\Windows\System\fnjAxOW.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\NnoddFS.exe
  C:\Windows\System\NnoddFS.exe
  2⤵
  PID:2972
- C:\Windows\System\NTblocs.exe
  C:\Windows\System\NTblocs.exe
  2⤵
  PID:3908
- C:\Windows\System\zBwHemv.exe
  C:\Windows\System\zBwHemv.exe
  2⤵
  PID:3280
- C:\Windows\System\meRkcKX.exe
  C:\Windows\System\meRkcKX.exe
  2⤵
  PID:4900
- C:\Windows\System\xObPNeb.exe
  C:\Windows\System\xObPNeb.exe
  2⤵
  PID:3296
- C:\Windows\System\UdNuHdG.exe
  C:\Windows\System\UdNuHdG.exe
  2⤵
  PID:1496
- C:\Windows\System\PtixixM.exe
  C:\Windows\System\PtixixM.exe
  2⤵
  PID:5112
- C:\Windows\System\mrVkDxo.exe
  C:\Windows\System\mrVkDxo.exe
  2⤵
  PID:956
- C:\Windows\System\oXMvyRa.exe
  C:\Windows\System\oXMvyRa.exe
  2⤵
  PID:4716
- C:\Windows\System\ibIvrdO.exe
  C:\Windows\System\ibIvrdO.exe
  2⤵
  PID:2940
- C:\Windows\System\vZrrIgy.exe
  C:\Windows\System\vZrrIgy.exe
  2⤵
  PID:440
- C:\Windows\System\HspEZqt.exe
  C:\Windows\System\HspEZqt.exe
  2⤵
  PID:2572
- C:\Windows\System\ZeYryUd.exe
  C:\Windows\System\ZeYryUd.exe
  2⤵
  PID:2580
- C:\Windows\System\SjUuYKS.exe
  C:\Windows\System\SjUuYKS.exe
  2⤵
  PID:3540
- C:\Windows\System\jqWZaqG.exe
  C:\Windows\System\jqWZaqG.exe
  2⤵
  PID:2624
- C:\Windows\System\rRispvp.exe
  C:\Windows\System\rRispvp.exe
  2⤵
  PID:4592
- C:\Windows\System\kuaPXcX.exe
  C:\Windows\System\kuaPXcX.exe
  2⤵
  PID:4992
- C:\Windows\System\BRLgZMk.exe
  C:\Windows\System\BRLgZMk.exe
  2⤵
  PID:4000
- C:\Windows\System\TVWvGhE.exe
  C:\Windows\System\TVWvGhE.exe
  2⤵
  PID:2248
- C:\Windows\System\KXWOmxF.exe
  C:\Windows\System\KXWOmxF.exe
  2⤵
  PID:3340
- C:\Windows\System\bfhmdsr.exe
  C:\Windows\System\bfhmdsr.exe
  2⤵
  PID:2124
- C:\Windows\System\ZRHgsgM.exe
  C:\Windows\System\ZRHgsgM.exe
  2⤵
  PID:3312
- C:\Windows\System\yzpGsWm.exe
  C:\Windows\System\yzpGsWm.exe
  2⤵
  PID:4344
- C:\Windows\System\lIkxsHa.exe
  C:\Windows\System\lIkxsHa.exe
  2⤵
  PID:4888
- C:\Windows\System\mnUDUXA.exe
  C:\Windows\System\mnUDUXA.exe
  2⤵
  PID:1936
- C:\Windows\System\GQxiIOP.exe
  C:\Windows\System\GQxiIOP.exe
  2⤵
  PID:464
- C:\Windows\System\KSWWkFt.exe
  C:\Windows\System\KSWWkFt.exe
  2⤵
  PID:1528
- C:\Windows\System\faezvJr.exe
  C:\Windows\System\faezvJr.exe
  2⤵
  PID:3364
- C:\Windows\System\rmPfPuX.exe
  C:\Windows\System\rmPfPuX.exe
  2⤵
  PID:3648
- C:\Windows\System\okEScMs.exe
  C:\Windows\System\okEScMs.exe
  2⤵
  PID:2692
- C:\Windows\System\SzaKCJJ.exe
  C:\Windows\System\SzaKCJJ.exe
  2⤵
  PID:3252
- C:\Windows\System\hDkzjcK.exe
  C:\Windows\System\hDkzjcK.exe
  2⤵
  PID:3104
- C:\Windows\System\FvcorcD.exe
  C:\Windows\System\FvcorcD.exe
  2⤵
  PID:1560
- C:\Windows\System\jHWaQYw.exe
  C:\Windows\System\jHWaQYw.exe
  2⤵
  PID:4996
- C:\Windows\System\YInEHaU.exe
  C:\Windows\System\YInEHaU.exe
  2⤵
  PID:5056
- C:\Windows\System\WtaPFyB.exe
  C:\Windows\System\WtaPFyB.exe
  2⤵
  PID:4472
- C:\Windows\System\AEglUzQ.exe
  C:\Windows\System\AEglUzQ.exe
  2⤵
  PID:2892
- C:\Windows\System\CybwXFk.exe
  C:\Windows\System\CybwXFk.exe
  2⤵
  PID:2000
- C:\Windows\System\LDdAHjG.exe
  C:\Windows\System\LDdAHjG.exe
  2⤵
  PID:3784
- C:\Windows\System\pfUlsno.exe
  C:\Windows\System\pfUlsno.exe
  2⤵
  PID:4680
- C:\Windows\System\VoajNlT.exe
  C:\Windows\System\VoajNlT.exe
  2⤵
  PID:2036
- C:\Windows\System\tUznvSx.exe
  C:\Windows\System\tUznvSx.exe
  2⤵
  PID:1176
- C:\Windows\System\plQyAbz.exe
  C:\Windows\System\plQyAbz.exe
  2⤵
  PID:3300
- C:\Windows\System\oQycYyM.exe
  C:\Windows\System\oQycYyM.exe
  2⤵
  PID:4400
- C:\Windows\System\mfCywyH.exe
  C:\Windows\System\mfCywyH.exe
  2⤵
  PID:4416
- C:\Windows\System\jXqCauB.exe
  C:\Windows\System\jXqCauB.exe
  2⤵
  PID:4976
- C:\Windows\System\arVZmXp.exe
  C:\Windows\System\arVZmXp.exe
  2⤵
  PID:1436
- C:\Windows\System\UmuPWNb.exe
  C:\Windows\System\UmuPWNb.exe
  2⤵
  PID:1860
- C:\Windows\System\IblYMcu.exe
  C:\Windows\System\IblYMcu.exe
  2⤵
  PID:5144
- C:\Windows\System\CWEOVgA.exe
  C:\Windows\System\CWEOVgA.exe
  2⤵
  PID:5184
- C:\Windows\System\lWUlvqt.exe
  C:\Windows\System\lWUlvqt.exe
  2⤵
  PID:5216
- C:\Windows\System\PczNgqR.exe
  C:\Windows\System\PczNgqR.exe
  2⤵
  PID:5240
- C:\Windows\System\MxRcdkp.exe
  C:\Windows\System\MxRcdkp.exe
  2⤵
  PID:5288
- C:\Windows\System\mfclPgM.exe
  C:\Windows\System\mfclPgM.exe
  2⤵
  PID:5312
- C:\Windows\System\QMJlDqI.exe
  C:\Windows\System\QMJlDqI.exe
  2⤵
  PID:5336
- C:\Windows\System\HscVlqe.exe
  C:\Windows\System\HscVlqe.exe
  2⤵
  PID:5376
- C:\Windows\System\TzxFjui.exe
  C:\Windows\System\TzxFjui.exe
  2⤵
  PID:5408
- C:\Windows\System\ODpkkaa.exe
  C:\Windows\System\ODpkkaa.exe
  2⤵
  PID:5436
- C:\Windows\System\geFDUvJ.exe
  C:\Windows\System\geFDUvJ.exe
  2⤵
  PID:5472
- C:\Windows\System\siCYVVA.exe
  C:\Windows\System\siCYVVA.exe
  2⤵
  PID:5496
- C:\Windows\System\gsTCtAc.exe
  C:\Windows\System\gsTCtAc.exe
  2⤵
  PID:5536
- C:\Windows\System\mXPtIZv.exe
  C:\Windows\System\mXPtIZv.exe
  2⤵
  PID:5560
- C:\Windows\System\oWQcyCl.exe
  C:\Windows\System\oWQcyCl.exe
  2⤵
  PID:5600
- C:\Windows\System\LJYChyR.exe
  C:\Windows\System\LJYChyR.exe
  2⤵
  PID:5632
- C:\Windows\System\dzfJtGw.exe
  C:\Windows\System\dzfJtGw.exe
  2⤵
  PID:5664
- C:\Windows\System\JaloCUV.exe
  C:\Windows\System\JaloCUV.exe
  2⤵
  PID:5696
- C:\Windows\System\qOLtogB.exe
  C:\Windows\System\qOLtogB.exe
  2⤵
  PID:5728
- C:\Windows\System\bEypXBy.exe
  C:\Windows\System\bEypXBy.exe
  2⤵
  PID:5760
- C:\Windows\System\DwcIeIF.exe
  C:\Windows\System\DwcIeIF.exe
  2⤵
  PID:5792
- C:\Windows\System\LShlSAy.exe
  C:\Windows\System\LShlSAy.exe
  2⤵
  PID:5824
- C:\Windows\System\CpKNAHC.exe
  C:\Windows\System\CpKNAHC.exe
  2⤵
  PID:5860
- C:\Windows\System\SfVkfZD.exe
  C:\Windows\System\SfVkfZD.exe
  2⤵
  PID:5900
- C:\Windows\System\vqAwdMs.exe
  C:\Windows\System\vqAwdMs.exe
  2⤵
  PID:5920
- C:\Windows\System\iDSiJei.exe
  C:\Windows\System\iDSiJei.exe
  2⤵
  PID:5952
- C:\Windows\System\KXPkfqj.exe
  C:\Windows\System\KXPkfqj.exe
  2⤵
  PID:5980
- C:\Windows\System\orIydpd.exe
  C:\Windows\System\orIydpd.exe
  2⤵
  PID:6020
- C:\Windows\System\XzZxvpU.exe
  C:\Windows\System\XzZxvpU.exe
  2⤵
  PID:6052
- C:\Windows\System\INnZalI.exe
  C:\Windows\System\INnZalI.exe
  2⤵
  PID:6084
- C:\Windows\System\TWRNtFS.exe
  C:\Windows\System\TWRNtFS.exe
  2⤵
  PID:6116
- C:\Windows\System\eYUNIiu.exe
  C:\Windows\System\eYUNIiu.exe
  2⤵
  PID:3676
- C:\Windows\System\STxqotG.exe
  C:\Windows\System\STxqotG.exe
  2⤵
  PID:5192
- C:\Windows\System\eXaSBiP.exe
  C:\Windows\System\eXaSBiP.exe
  2⤵
  PID:5236
- C:\Windows\System\hgweoDV.exe
  C:\Windows\System\hgweoDV.exe
  2⤵
  PID:5300
- C:\Windows\System\iUlZFpz.exe
  C:\Windows\System\iUlZFpz.exe
  2⤵
  PID:5360
- C:\Windows\System\SrekPjY.exe
  C:\Windows\System\SrekPjY.exe
  2⤵
  PID:5428
- C:\Windows\System\pjOqdGJ.exe
  C:\Windows\System\pjOqdGJ.exe
  2⤵
  PID:5484
- C:\Windows\System\TJGbwZn.exe
  C:\Windows\System\TJGbwZn.exe
  2⤵
  PID:5552
- C:\Windows\System\eLkXuWP.exe
  C:\Windows\System\eLkXuWP.exe
  2⤵
  PID:5612
- C:\Windows\System\XDhcRXj.exe
  C:\Windows\System\XDhcRXj.exe
  2⤵
  PID:5676
- C:\Windows\System\wNETBqE.exe
  C:\Windows\System\wNETBqE.exe
  2⤵
  PID:5740
- C:\Windows\System\QdwWGmH.exe
  C:\Windows\System\QdwWGmH.exe
  2⤵
  PID:5808
- C:\Windows\System\qPqtpNB.exe
  C:\Windows\System\qPqtpNB.exe
  2⤵
  PID:5872
- C:\Windows\System\Tnczuqn.exe
  C:\Windows\System\Tnczuqn.exe
  2⤵
  PID:5940
- C:\Windows\System\EEUZggI.exe
  C:\Windows\System\EEUZggI.exe
  2⤵
  PID:6004
- C:\Windows\System\XIttbPl.exe
  C:\Windows\System\XIttbPl.exe
  2⤵
  PID:6068
- C:\Windows\System\NoKtzAH.exe
  C:\Windows\System\NoKtzAH.exe
  2⤵
  PID:6132
- C:\Windows\System\RvxRjXV.exe
  C:\Windows\System\RvxRjXV.exe
  2⤵
  PID:5204
- C:\Windows\System\EjwgJCr.exe
  C:\Windows\System\EjwgJCr.exe
  2⤵
  PID:5348
- C:\Windows\System\YbyMzXC.exe
  C:\Windows\System\YbyMzXC.exe
  2⤵
  PID:5480
- C:\Windows\System\HXJZlmb.exe
  C:\Windows\System\HXJZlmb.exe
  2⤵
  PID:5608
- C:\Windows\System\lOOihFE.exe
  C:\Windows\System\lOOihFE.exe
  2⤵
  PID:3444
- C:\Windows\System\BfFIqSg.exe
  C:\Windows\System\BfFIqSg.exe
  2⤵
  PID:5852
- C:\Windows\System\kqxcAlq.exe
  C:\Windows\System\kqxcAlq.exe
  2⤵
  PID:5976
- C:\Windows\System\yULHdnd.exe
  C:\Windows\System\yULHdnd.exe
  2⤵
  PID:6100
- C:\Windows\System\yxOrHrm.exe
  C:\Windows\System\yxOrHrm.exe
  2⤵
  PID:5280
- C:\Windows\System\gnKqBQv.exe
  C:\Windows\System\gnKqBQv.exe
  2⤵
  PID:5544
- C:\Windows\System\zHVzvCC.exe
  C:\Windows\System\zHVzvCC.exe
  2⤵
  PID:5804
- C:\Windows\System\nmFxfVI.exe
  C:\Windows\System\nmFxfVI.exe
  2⤵
  PID:6060
- C:\Windows\System\lDKSzde.exe
  C:\Windows\System\lDKSzde.exe
  2⤵
  PID:5424
- C:\Windows\System\SYFISdw.exe
  C:\Windows\System\SYFISdw.exe
  2⤵
  PID:5912
- C:\Windows\System\SfeZPzo.exe
  C:\Windows\System\SfeZPzo.exe
  2⤵
  PID:5644
- C:\Windows\System\SAmgABW.exe
  C:\Windows\System\SAmgABW.exe
  2⤵
  PID:5672
- C:\Windows\System\ZRCdmDg.exe
  C:\Windows\System\ZRCdmDg.exe
  2⤵
  PID:6168
- C:\Windows\System\tlWdEUA.exe
  C:\Windows\System\tlWdEUA.exe
  2⤵
  PID:6196
- C:\Windows\System\oKiBnbO.exe
  C:\Windows\System\oKiBnbO.exe
  2⤵
  PID:6232
- C:\Windows\System\rpQBzAK.exe
  C:\Windows\System\rpQBzAK.exe
  2⤵
  PID:6264
- C:\Windows\System\JVzVbwh.exe
  C:\Windows\System\JVzVbwh.exe
  2⤵
  PID:6292
- C:\Windows\System\LlVYEZQ.exe
  C:\Windows\System\LlVYEZQ.exe
  2⤵
  PID:6324
- C:\Windows\System\qsbxjVO.exe
  C:\Windows\System\qsbxjVO.exe
  2⤵
  PID:6356
- C:\Windows\System\KBHWYgM.exe
  C:\Windows\System\KBHWYgM.exe
  2⤵
  PID:6388
- C:\Windows\System\KCjtLWf.exe
  C:\Windows\System\KCjtLWf.exe
  2⤵
  PID:6420
- C:\Windows\System\DIyehDV.exe
  C:\Windows\System\DIyehDV.exe
  2⤵
  PID:6452
- C:\Windows\System\lgwnLED.exe
  C:\Windows\System\lgwnLED.exe
  2⤵
  PID:6484
- C:\Windows\System\RuXuXBG.exe
  C:\Windows\System\RuXuXBG.exe
  2⤵
  PID:6516
- C:\Windows\System\MrkYOOl.exe
  C:\Windows\System\MrkYOOl.exe
  2⤵
  PID:6556
- C:\Windows\System\ASbPvVJ.exe
  C:\Windows\System\ASbPvVJ.exe
  2⤵
  PID:6588
- C:\Windows\System\BLioQuN.exe
  C:\Windows\System\BLioQuN.exe
  2⤵
  PID:6616
- C:\Windows\System\OmXwteQ.exe
  C:\Windows\System\OmXwteQ.exe
  2⤵
  PID:6648
- C:\Windows\System\lwyDCGC.exe
  C:\Windows\System\lwyDCGC.exe
  2⤵
  PID:6684
- C:\Windows\System\XDLMYhc.exe
  C:\Windows\System\XDLMYhc.exe
  2⤵
  PID:6712
- C:\Windows\System\mCJsOXT.exe
  C:\Windows\System\mCJsOXT.exe
  2⤵
  PID:6760
- C:\Windows\System\vyIAomI.exe
  C:\Windows\System\vyIAomI.exe
  2⤵
  PID:6776
- C:\Windows\System\fBIcXej.exe
  C:\Windows\System\fBIcXej.exe
  2⤵
  PID:6808
- C:\Windows\System\TMcdfmO.exe
  C:\Windows\System\TMcdfmO.exe
  2⤵
  PID:6840
- C:\Windows\System\txCMchU.exe
  C:\Windows\System\txCMchU.exe
  2⤵
  PID:6876
- C:\Windows\System\cRPZazA.exe
  C:\Windows\System\cRPZazA.exe
  2⤵
  PID:6904
- C:\Windows\System\WlsLOid.exe
  C:\Windows\System\WlsLOid.exe
  2⤵
  PID:6936
- C:\Windows\System\bSCIvgO.exe
  C:\Windows\System\bSCIvgO.exe
  2⤵
  PID:6972
- C:\Windows\System\XpeBzhU.exe
  C:\Windows\System\XpeBzhU.exe
  2⤵
  PID:7000
- C:\Windows\System\FgwSjbT.exe
  C:\Windows\System\FgwSjbT.exe
  2⤵
  PID:7036
- C:\Windows\System\rcwXEPw.exe
  C:\Windows\System\rcwXEPw.exe
  2⤵
  PID:7064
- C:\Windows\System\pAHCNIR.exe
  C:\Windows\System\pAHCNIR.exe
  2⤵
  PID:7096
- C:\Windows\System\rDwLeik.exe
  C:\Windows\System\rDwLeik.exe
  2⤵
  PID:7128
- C:\Windows\System\ThZiXiD.exe
  C:\Windows\System\ThZiXiD.exe
  2⤵
  PID:7160
- C:\Windows\System\ixcbXpo.exe
  C:\Windows\System\ixcbXpo.exe
  2⤵
  PID:6188
- C:\Windows\System\qoUcten.exe
  C:\Windows\System\qoUcten.exe
  2⤵
  PID:6252
- C:\Windows\System\VyxUeaK.exe
  C:\Windows\System\VyxUeaK.exe
  2⤵
  PID:6316
- C:\Windows\System\FBtZBsH.exe
  C:\Windows\System\FBtZBsH.exe
  2⤵
  PID:6368
- C:\Windows\System\qDJhtzG.exe
  C:\Windows\System\qDJhtzG.exe
  2⤵
  PID:6444
- C:\Windows\System\yaaWKkZ.exe
  C:\Windows\System\yaaWKkZ.exe
  2⤵
  PID:6500
- C:\Windows\System\nIoGOES.exe
  C:\Windows\System\nIoGOES.exe
  2⤵
  PID:6572
- C:\Windows\System\lpfSTKl.exe
  C:\Windows\System\lpfSTKl.exe
  2⤵
  PID:6640
- C:\Windows\System\UVGcNKy.exe
  C:\Windows\System\UVGcNKy.exe
  2⤵
  PID:6704
- C:\Windows\System\QEiRdPS.exe
  C:\Windows\System\QEiRdPS.exe
  2⤵
  PID:6768
- C:\Windows\System\Yrwudpf.exe
  C:\Windows\System\Yrwudpf.exe
  2⤵
  PID:6832
- C:\Windows\System\JODidQM.exe
  C:\Windows\System\JODidQM.exe
  2⤵
  PID:6896
- C:\Windows\System\gcwPZSs.exe
  C:\Windows\System\gcwPZSs.exe
  2⤵
  PID:6960
- C:\Windows\System\HOImFsX.exe
  C:\Windows\System\HOImFsX.exe
  2⤵
  PID:7024
- C:\Windows\System\vLRilsl.exe
  C:\Windows\System\vLRilsl.exe
  2⤵
  PID:7088
- C:\Windows\System\ilajmNU.exe
  C:\Windows\System\ilajmNU.exe
  2⤵
  PID:7152
- C:\Windows\System\shjvOdG.exe
  C:\Windows\System\shjvOdG.exe
  2⤵
  PID:6612
- C:\Windows\System\jOxhJym.exe
  C:\Windows\System\jOxhJym.exe
  2⤵
  PID:6348
- C:\Windows\System\NIHNvYx.exe
  C:\Windows\System\NIHNvYx.exe
  2⤵
  PID:6480
- C:\Windows\System\zGddXFQ.exe
  C:\Windows\System\zGddXFQ.exe
  2⤵
  PID:6604
- C:\Windows\System\ImsDtMY.exe
  C:\Windows\System\ImsDtMY.exe
  2⤵
  PID:6736
- C:\Windows\System\UtXNoBP.exe
  C:\Windows\System\UtXNoBP.exe
  2⤵
  PID:6864
- C:\Windows\System\BFydjfB.exe
  C:\Windows\System\BFydjfB.exe
  2⤵
  PID:6992
- C:\Windows\System\VzpiGzF.exe
  C:\Windows\System\VzpiGzF.exe
  2⤵
  PID:7108
- C:\Windows\System\XzPCCBo.exe
  C:\Windows\System\XzPCCBo.exe
  2⤵
  PID:6272
- C:\Windows\System\EargDCB.exe
  C:\Windows\System\EargDCB.exe
  2⤵
  PID:6528
- C:\Windows\System\zwlMKNF.exe
  C:\Windows\System\zwlMKNF.exe
  2⤵
  PID:6800
- C:\Windows\System\GFBEHTc.exe
  C:\Windows\System\GFBEHTc.exe
  2⤵
  PID:7056
- C:\Windows\System\NFhmKWm.exe
  C:\Windows\System\NFhmKWm.exe
  2⤵
  PID:6436
- C:\Windows\System\NWpjEvT.exe
  C:\Windows\System\NWpjEvT.exe
  2⤵
  PID:6932
- C:\Windows\System\WtQoImy.exe
  C:\Windows\System\WtQoImy.exe
  2⤵
  PID:6672
- C:\Windows\System\iygpDBm.exe
  C:\Windows\System\iygpDBm.exe
  2⤵
  PID:6156
- C:\Windows\System\OsITWpe.exe
  C:\Windows\System\OsITWpe.exe
  2⤵
  PID:7192
- C:\Windows\System\lYPBuCo.exe
  C:\Windows\System\lYPBuCo.exe
  2⤵
  PID:7224
- C:\Windows\System\UWCezIc.exe
  C:\Windows\System\UWCezIc.exe
  2⤵
  PID:7260
- C:\Windows\System\KYuKAgK.exe
  C:\Windows\System\KYuKAgK.exe
  2⤵
  PID:7292
- C:\Windows\System\gkIHAlh.exe
  C:\Windows\System\gkIHAlh.exe
  2⤵
  PID:7324
- C:\Windows\System\qtcNTkn.exe
  C:\Windows\System\qtcNTkn.exe
  2⤵
  PID:7356
- C:\Windows\System\pFBbIPz.exe
  C:\Windows\System\pFBbIPz.exe
  2⤵
  PID:7388
- C:\Windows\System\VZmbfem.exe
  C:\Windows\System\VZmbfem.exe
  2⤵
  PID:7420
- C:\Windows\System\xrYAxsT.exe
  C:\Windows\System\xrYAxsT.exe
  2⤵
  PID:7448
- C:\Windows\System\pfpgqAi.exe
  C:\Windows\System\pfpgqAi.exe
  2⤵
  PID:7484
- C:\Windows\System\vWhnofB.exe
  C:\Windows\System\vWhnofB.exe
  2⤵
  PID:7516
- C:\Windows\System\qrgpekz.exe
  C:\Windows\System\qrgpekz.exe
  2⤵
  PID:7548
- C:\Windows\System\yGvOLCm.exe
  C:\Windows\System\yGvOLCm.exe
  2⤵
  PID:7580
- C:\Windows\System\xqAzTQl.exe
  C:\Windows\System\xqAzTQl.exe
  2⤵
  PID:7612
- C:\Windows\System\mKArLpI.exe
  C:\Windows\System\mKArLpI.exe
  2⤵
  PID:7644
- C:\Windows\System\appSIEg.exe
  C:\Windows\System\appSIEg.exe
  2⤵
  PID:7676
- C:\Windows\System\gSTqhuy.exe
  C:\Windows\System\gSTqhuy.exe
  2⤵
  PID:7724
- C:\Windows\System\zQmwaTP.exe
  C:\Windows\System\zQmwaTP.exe
  2⤵
  PID:7740
- C:\Windows\System\gtdDMCX.exe
  C:\Windows\System\gtdDMCX.exe
  2⤵
  PID:7772
- C:\Windows\System\feWJuiA.exe
  C:\Windows\System\feWJuiA.exe
  2⤵
  PID:7804
- C:\Windows\System\gZWtHeF.exe
  C:\Windows\System\gZWtHeF.exe
  2⤵
  PID:7836
- C:\Windows\System\Jvxzljn.exe
  C:\Windows\System\Jvxzljn.exe
  2⤵
  PID:7868
- C:\Windows\System\vfsMBio.exe
  C:\Windows\System\vfsMBio.exe
  2⤵
  PID:7900
- C:\Windows\System\XDAadeh.exe
  C:\Windows\System\XDAadeh.exe
  2⤵
  PID:7932
- C:\Windows\System\VOmYQjE.exe
  C:\Windows\System\VOmYQjE.exe
  2⤵
  PID:7964
- C:\Windows\System\axJLlLG.exe
  C:\Windows\System\axJLlLG.exe
  2⤵
  PID:7996
- C:\Windows\System\atPaJKa.exe
  C:\Windows\System\atPaJKa.exe
  2⤵
  PID:8032
- C:\Windows\System\WldwuZQ.exe
  C:\Windows\System\WldwuZQ.exe
  2⤵
  PID:8060
- C:\Windows\System\gVaZUHs.exe
  C:\Windows\System\gVaZUHs.exe
  2⤵
  PID:8096
- C:\Windows\System\OZjpxGx.exe
  C:\Windows\System\OZjpxGx.exe
  2⤵
  PID:8124
- C:\Windows\System\iJEHBmV.exe
  C:\Windows\System\iJEHBmV.exe
  2⤵
  PID:8160
- C:\Windows\System\deIDJTR.exe
  C:\Windows\System\deIDJTR.exe
  2⤵
  PID:7172
- C:\Windows\System\nQlbLpl.exe
  C:\Windows\System\nQlbLpl.exe
  2⤵
  PID:7240
- C:\Windows\System\jVMGxuz.exe
  C:\Windows\System\jVMGxuz.exe
  2⤵
  PID:7288
- C:\Windows\System\SrMTLeR.exe
  C:\Windows\System\SrMTLeR.exe
  2⤵
  PID:7352
- C:\Windows\System\YpFwuyi.exe
  C:\Windows\System\YpFwuyi.exe
  2⤵
  PID:7404
- C:\Windows\System\cernywR.exe
  C:\Windows\System\cernywR.exe
  2⤵
  PID:7468
- C:\Windows\System\dKiYOZT.exe
  C:\Windows\System\dKiYOZT.exe
  2⤵
  PID:7544
- C:\Windows\System\PIajCFA.exe
  C:\Windows\System\PIajCFA.exe
  2⤵
  PID:7608
- C:\Windows\System\KjsVcnL.exe
  C:\Windows\System\KjsVcnL.exe
  2⤵
  PID:7672
- C:\Windows\System\lspOeYa.exe
  C:\Windows\System\lspOeYa.exe
  2⤵
  PID:7736
- C:\Windows\System\aPGymGB.exe
  C:\Windows\System\aPGymGB.exe
  2⤵
  PID:7800
- C:\Windows\System\tJPmOYj.exe
  C:\Windows\System\tJPmOYj.exe
  2⤵
  PID:7864
- C:\Windows\System\TyRsDTL.exe
  C:\Windows\System\TyRsDTL.exe
  2⤵
  PID:7928
- C:\Windows\System\bQLPXoy.exe
  C:\Windows\System\bQLPXoy.exe
  2⤵
  PID:7992
- C:\Windows\System\ydOqQTB.exe
  C:\Windows\System\ydOqQTB.exe
  2⤵
  PID:8052
- C:\Windows\System\IGZyFsX.exe
  C:\Windows\System\IGZyFsX.exe
  2⤵
  PID:8116
- C:\Windows\System\FYShlky.exe
  C:\Windows\System\FYShlky.exe
  2⤵
  PID:7188
- C:\Windows\System\EzJAxWW.exe
  C:\Windows\System\EzJAxWW.exe
  2⤵
  PID:7348
- C:\Windows\System\LssjEmd.exe
  C:\Windows\System\LssjEmd.exe
  2⤵
  PID:7528
- C:\Windows\System\XpbaiCs.exe
  C:\Windows\System\XpbaiCs.exe
  2⤵
  PID:7660
- C:\Windows\System\nCaHKDg.exe
  C:\Windows\System\nCaHKDg.exe
  2⤵
  PID:7788
- C:\Windows\System\kqgMhNV.exe
  C:\Windows\System\kqgMhNV.exe
  2⤵
  PID:7956
- C:\Windows\System\jRmQDQw.exe
  C:\Windows\System\jRmQDQw.exe
  2⤵
  PID:8104
- C:\Windows\System\dNkdfzi.exe
  C:\Windows\System\dNkdfzi.exe
  2⤵
  PID:8188
- C:\Windows\System\ZnJdzAT.exe
  C:\Windows\System\ZnJdzAT.exe
  2⤵
  PID:7512
- C:\Windows\System\guUGQah.exe
  C:\Windows\System\guUGQah.exe
  2⤵
  PID:8048
- C:\Windows\System\WDAHwqw.exe
  C:\Windows\System\WDAHwqw.exe
  2⤵
  PID:8172
- C:\Windows\System\xwjlZqS.exe
  C:\Windows\System\xwjlZqS.exe
  2⤵
  PID:7892
- C:\Windows\System\AVGxpQy.exe
  C:\Windows\System\AVGxpQy.exe
  2⤵
  PID:8204
- C:\Windows\System\YTDWgYH.exe
  C:\Windows\System\YTDWgYH.exe
  2⤵
  PID:8240
- C:\Windows\System\QlhSgJo.exe
  C:\Windows\System\QlhSgJo.exe
  2⤵
  PID:8292
- C:\Windows\System\tDGhscD.exe
  C:\Windows\System\tDGhscD.exe
  2⤵
  PID:8328
- C:\Windows\System\jShnRbC.exe
  C:\Windows\System\jShnRbC.exe
  2⤵
  PID:8360
- C:\Windows\System\KDXbLxO.exe
  C:\Windows\System\KDXbLxO.exe
  2⤵
  PID:8392
- C:\Windows\System\rWPpTxk.exe
  C:\Windows\System\rWPpTxk.exe
  2⤵
  PID:8424
- C:\Windows\System\akEvuPr.exe
  C:\Windows\System\akEvuPr.exe
  2⤵
  PID:8460
- C:\Windows\System\gwNqDQQ.exe
  C:\Windows\System\gwNqDQQ.exe
  2⤵
  PID:8488
- C:\Windows\System\RTgxJSO.exe
  C:\Windows\System\RTgxJSO.exe
  2⤵
  PID:8528
- C:\Windows\System\amOojbd.exe
  C:\Windows\System\amOojbd.exe
  2⤵
  PID:8560
- C:\Windows\System\XQYjiAW.exe
  C:\Windows\System\XQYjiAW.exe
  2⤵
  PID:8592
- C:\Windows\System\rISoquU.exe
  C:\Windows\System\rISoquU.exe
  2⤵
  PID:8624
- C:\Windows\System\YQLZZZF.exe
  C:\Windows\System\YQLZZZF.exe
  2⤵
  PID:8656
- C:\Windows\System\KpvlaXn.exe
  C:\Windows\System\KpvlaXn.exe
  2⤵
  PID:8704
- C:\Windows\System\DvVfivP.exe
  C:\Windows\System\DvVfivP.exe
  2⤵
  PID:8724
- C:\Windows\System\aiyLWNn.exe
  C:\Windows\System\aiyLWNn.exe
  2⤵
  PID:8756
- C:\Windows\System\ivlETKs.exe
  C:\Windows\System\ivlETKs.exe
  2⤵
  PID:8788
- C:\Windows\System\SLKWkzM.exe
  C:\Windows\System\SLKWkzM.exe
  2⤵
  PID:8824
- C:\Windows\System\uGqXcGB.exe
  C:\Windows\System\uGqXcGB.exe
  2⤵
  PID:8856
- C:\Windows\System\XslgTXc.exe
  C:\Windows\System\XslgTXc.exe
  2⤵
  PID:8888
- C:\Windows\System\nhbACAt.exe
  C:\Windows\System\nhbACAt.exe
  2⤵
  PID:8920
- C:\Windows\System\gbxAwvz.exe
  C:\Windows\System\gbxAwvz.exe
  2⤵
  PID:8952
- C:\Windows\System\PIsyVTi.exe
  C:\Windows\System\PIsyVTi.exe
  2⤵
  PID:8984
- C:\Windows\System\ODhoGmr.exe
  C:\Windows\System\ODhoGmr.exe
  2⤵
  PID:9016
- C:\Windows\System\MgUCXHg.exe
  C:\Windows\System\MgUCXHg.exe
  2⤵
  PID:9048
- C:\Windows\System\wbigxMI.exe
  C:\Windows\System\wbigxMI.exe
  2⤵
  PID:9080
- C:\Windows\System\ZOObMKr.exe
  C:\Windows\System\ZOObMKr.exe
  2⤵
  PID:9112
- C:\Windows\System\UbwDcSv.exe
  C:\Windows\System\UbwDcSv.exe
  2⤵
  PID:9144
- C:\Windows\System\zLjsocm.exe
  C:\Windows\System\zLjsocm.exe
  2⤵
  PID:9180
- C:\Windows\System\DCjKurD.exe
  C:\Windows\System\DCjKurD.exe
  2⤵
  PID:9212
- C:\Windows\System\ilCIEPN.exe
  C:\Windows\System\ilCIEPN.exe
  2⤵
  PID:8236
- C:\Windows\System\WESAbWz.exe
  C:\Windows\System\WESAbWz.exe
  2⤵
  PID:8304
- C:\Windows\System\zoTbEfd.exe
  C:\Windows\System\zoTbEfd.exe
  2⤵
  PID:8412
- C:\Windows\System\nGgmLPs.exe
  C:\Windows\System\nGgmLPs.exe
  2⤵
  PID:8456
- C:\Windows\System\KQVBtOh.exe
  C:\Windows\System\KQVBtOh.exe
  2⤵
  PID:8508
- C:\Windows\System\JeKgbZw.exe
  C:\Windows\System\JeKgbZw.exe
  2⤵
  PID:8588
- C:\Windows\System\XtiQtXM.exe
  C:\Windows\System\XtiQtXM.exe
  2⤵
  PID:8648
- C:\Windows\System\eMoYEvc.exe
  C:\Windows\System\eMoYEvc.exe
  2⤵
  PID:8684
- C:\Windows\System\wbOHQHw.exe
  C:\Windows\System\wbOHQHw.exe
  2⤵
  PID:8772
- C:\Windows\System\eRipabn.exe
  C:\Windows\System\eRipabn.exe
  2⤵
  PID:8840
- C:\Windows\System\gQAJrXY.exe
  C:\Windows\System\gQAJrXY.exe
  2⤵
  PID:8900
- C:\Windows\System\dYkIbFQ.exe
  C:\Windows\System\dYkIbFQ.exe
  2⤵
  PID:8968
- C:\Windows\System\XdVujyc.exe
  C:\Windows\System\XdVujyc.exe
  2⤵
  PID:9028
- C:\Windows\System\kDQUohq.exe
  C:\Windows\System\kDQUohq.exe
  2⤵
  PID:9092
- C:\Windows\System\FIzmABq.exe
  C:\Windows\System\FIzmABq.exe
  2⤵
  PID:9156
- C:\Windows\System\ZlGEups.exe
  C:\Windows\System\ZlGEups.exe
  2⤵
  PID:7852
- C:\Windows\System\zpQibdU.exe
  C:\Windows\System\zpQibdU.exe
  2⤵
  PID:8324
- C:\Windows\System\JPLpbEM.exe
  C:\Windows\System\JPLpbEM.exe
  2⤵
  PID:1180
- C:\Windows\System\YfBvhrk.exe
  C:\Windows\System\YfBvhrk.exe
  2⤵
  PID:8540
- C:\Windows\System\UFoEcMx.exe
  C:\Windows\System\UFoEcMx.exe
  2⤵
  PID:8668
- C:\Windows\System\IyavXfb.exe
  C:\Windows\System\IyavXfb.exe
  2⤵
  PID:8800
- C:\Windows\System\pvncIvx.exe
  C:\Windows\System\pvncIvx.exe
  2⤵
  PID:8948
- C:\Windows\System\DDdTres.exe
  C:\Windows\System\DDdTres.exe
  2⤵
  PID:9044
- C:\Windows\System\qdaNYop.exe
  C:\Windows\System\qdaNYop.exe
  2⤵
  PID:9176
- C:\Windows\System\nBxTZCM.exe
  C:\Windows\System\nBxTZCM.exe
  2⤵
  PID:8340
- C:\Windows\System\WEjjzIi.exe
  C:\Windows\System\WEjjzIi.exe
  2⤵
  PID:8524
- C:\Windows\System\mkeBRuX.exe
  C:\Windows\System\mkeBRuX.exe
  2⤵
  PID:8836
- C:\Windows\System\FWJyzyc.exe
  C:\Windows\System\FWJyzyc.exe
  2⤵
  PID:9076
- C:\Windows\System\UuOacCe.exe
  C:\Windows\System\UuOacCe.exe
  2⤵
  PID:8444
- C:\Windows\System\mtsAjPx.exe
  C:\Windows\System\mtsAjPx.exe
  2⤵
  PID:8996
- C:\Windows\System\YaStXJE.exe
  C:\Windows\System\YaStXJE.exe
  2⤵
  PID:8784
- C:\Windows\System\WAWehmU.exe
  C:\Windows\System\WAWehmU.exe
  2⤵
  PID:9244
- C:\Windows\System\gDMfzUD.exe
  C:\Windows\System\gDMfzUD.exe
  2⤵
  PID:9260
- C:\Windows\System\iyvZxtD.exe
  C:\Windows\System\iyvZxtD.exe
  2⤵
  PID:9292
- C:\Windows\System\rcreibk.exe
  C:\Windows\System\rcreibk.exe
  2⤵
  PID:9332
- C:\Windows\System\XdaCktc.exe
  C:\Windows\System\XdaCktc.exe
  2⤵
  PID:9356
- C:\Windows\System\ADBoxJa.exe
  C:\Windows\System\ADBoxJa.exe
  2⤵
  PID:9388
- C:\Windows\System\dBwcKiL.exe
  C:\Windows\System\dBwcKiL.exe
  2⤵
  PID:9420
- C:\Windows\System\uFOGONF.exe
  C:\Windows\System\uFOGONF.exe
  2⤵
  PID:9452
- C:\Windows\System\HbCZsJu.exe
  C:\Windows\System\HbCZsJu.exe
  2⤵
  PID:9484
- C:\Windows\System\NaRVday.exe
  C:\Windows\System\NaRVday.exe
  2⤵
  PID:9516
- C:\Windows\System\KAoMfbJ.exe
  C:\Windows\System\KAoMfbJ.exe
  2⤵
  PID:9548
- C:\Windows\System\MIqfGVM.exe
  C:\Windows\System\MIqfGVM.exe
  2⤵
  PID:9580
- C:\Windows\System\lIyZdpR.exe
  C:\Windows\System\lIyZdpR.exe
  2⤵
  PID:9612
- C:\Windows\System\sLrBawc.exe
  C:\Windows\System\sLrBawc.exe
  2⤵
  PID:9644
- C:\Windows\System\aCaxYGw.exe
  C:\Windows\System\aCaxYGw.exe
  2⤵
  PID:9676
- C:\Windows\System\OSSYmOO.exe
  C:\Windows\System\OSSYmOO.exe
  2⤵
  PID:9708
- C:\Windows\System\kDXjaXc.exe
  C:\Windows\System\kDXjaXc.exe
  2⤵
  PID:9740
- C:\Windows\System\hnUAnoO.exe
  C:\Windows\System\hnUAnoO.exe
  2⤵
  PID:9776
- C:\Windows\System\KaIfAeC.exe
  C:\Windows\System\KaIfAeC.exe
  2⤵
  PID:9808
- C:\Windows\System\DkCiunC.exe
  C:\Windows\System\DkCiunC.exe
  2⤵
  PID:9844
- C:\Windows\System\GpgnMYJ.exe
  C:\Windows\System\GpgnMYJ.exe
  2⤵
  PID:9876
- C:\Windows\System\CnSyjPF.exe
  C:\Windows\System\CnSyjPF.exe
  2⤵
  PID:9908
- C:\Windows\System\izsfFPp.exe
  C:\Windows\System\izsfFPp.exe
  2⤵
  PID:9940
- C:\Windows\System\aVlNcqa.exe
  C:\Windows\System\aVlNcqa.exe
  2⤵
  PID:9992
- C:\Windows\System\zuGMJLc.exe
  C:\Windows\System\zuGMJLc.exe
  2⤵
  PID:10008
- C:\Windows\System\QJSCiJT.exe
  C:\Windows\System\QJSCiJT.exe
  2⤵
  PID:10040
- C:\Windows\System\NxoBIMx.exe
  C:\Windows\System\NxoBIMx.exe
  2⤵
  PID:10072
- C:\Windows\System\UuzPyas.exe
  C:\Windows\System\UuzPyas.exe
  2⤵
  PID:10104
- C:\Windows\System\ydzvyLL.exe
  C:\Windows\System\ydzvyLL.exe
  2⤵
  PID:10136
- C:\Windows\System\Xaobodg.exe
  C:\Windows\System\Xaobodg.exe
  2⤵
  PID:10168
- C:\Windows\System\HHeQqXp.exe
  C:\Windows\System\HHeQqXp.exe
  2⤵
  PID:10200
- C:\Windows\System\JiWdyPe.exe
  C:\Windows\System\JiWdyPe.exe
  2⤵
  PID:10232
- C:\Windows\System\eyfRqoh.exe
  C:\Windows\System\eyfRqoh.exe
  2⤵
  PID:9256
- C:\Windows\System\YfZdexs.exe
  C:\Windows\System\YfZdexs.exe
  2⤵
  PID:9316
- C:\Windows\System\CwDGuJh.exe
  C:\Windows\System\CwDGuJh.exe
  2⤵
  PID:9380
- C:\Windows\System\ciiekxr.exe
  C:\Windows\System\ciiekxr.exe
  2⤵
  PID:9444
- C:\Windows\System\vVxBrTp.exe
  C:\Windows\System\vVxBrTp.exe
  2⤵
  PID:9508
- C:\Windows\System\McPdbMY.exe
  C:\Windows\System\McPdbMY.exe
  2⤵
  PID:9572
- C:\Windows\System\TBfCEZP.exe
  C:\Windows\System\TBfCEZP.exe
  2⤵
  PID:9636
- C:\Windows\System\WyLAFwO.exe
  C:\Windows\System\WyLAFwO.exe
  2⤵
  PID:9700
- C:\Windows\System\KfZWTSJ.exe
  C:\Windows\System\KfZWTSJ.exe
  2⤵
  PID:9768
- C:\Windows\System\dCSOdtr.exe
  C:\Windows\System\dCSOdtr.exe
  2⤵
  PID:9824
- C:\Windows\System\IuUbzMQ.exe
  C:\Windows\System\IuUbzMQ.exe
  2⤵
  PID:9892
- C:\Windows\System\Fdsnvak.exe
  C:\Windows\System\Fdsnvak.exe
  2⤵
  PID:9964
- C:\Windows\System\UOdyGZs.exe
  C:\Windows\System\UOdyGZs.exe
  2⤵
  PID:10032
- C:\Windows\System\vLxHCqY.exe
  C:\Windows\System\vLxHCqY.exe
  2⤵
  PID:10096
- C:\Windows\System\wPvvFtu.exe
  C:\Windows\System\wPvvFtu.exe
  2⤵
  PID:10148
- C:\Windows\System\pNPsoRA.exe
  C:\Windows\System\pNPsoRA.exe
  2⤵
  PID:10224
- C:\Windows\System\KnoeqSQ.exe
  C:\Windows\System\KnoeqSQ.exe
  2⤵
  PID:9304
- C:\Windows\System\oYsrAmJ.exe
  C:\Windows\System\oYsrAmJ.exe
  2⤵
  PID:9496
- C:\Windows\System\vRqUshw.exe
  C:\Windows\System\vRqUshw.exe
  2⤵
  PID:9564
- C:\Windows\System\ORBYLnL.exe
  C:\Windows\System\ORBYLnL.exe
  2⤵
  PID:9688
- C:\Windows\System\PqazPdM.exe
  C:\Windows\System\PqazPdM.exe
  2⤵
  PID:9868
- C:\Windows\System\fcsbCuy.exe
  C:\Windows\System\fcsbCuy.exe
  2⤵
  PID:9952
- C:\Windows\System\fIEGekg.exe
  C:\Windows\System\fIEGekg.exe
  2⤵
  PID:10056
- C:\Windows\System\NoIAuNU.exe
  C:\Windows\System\NoIAuNU.exe
  2⤵
  PID:10160
- C:\Windows\System\lyGMvTu.exe
  C:\Windows\System\lyGMvTu.exe
  2⤵
  PID:9972
- C:\Windows\System\FIbtkqF.exe
  C:\Windows\System\FIbtkqF.exe
  2⤵
  PID:9540
- C:\Windows\System\VLkaZYX.exe
  C:\Windows\System\VLkaZYX.exe
  2⤵
  PID:9792
- C:\Windows\System\OuPeUlF.exe
  C:\Windows\System\OuPeUlF.exe
  2⤵
  PID:10024
- C:\Windows\System\nwhutnS.exe
  C:\Windows\System\nwhutnS.exe
  2⤵
  PID:9288
- C:\Windows\System\QFZSAFd.exe
  C:\Windows\System\QFZSAFd.exe
  2⤵
  PID:9800
- C:\Windows\System\KSpPXaM.exe
  C:\Windows\System\KSpPXaM.exe
  2⤵
  PID:9272
- C:\Windows\System\TbhxbQR.exe
  C:\Windows\System\TbhxbQR.exe
  2⤵
  PID:9968
- C:\Windows\System\XUwpisA.exe
  C:\Windows\System\XUwpisA.exe
  2⤵
  PID:10272
- C:\Windows\System\sFcQBTc.exe
  C:\Windows\System\sFcQBTc.exe
  2⤵
  PID:10304
- C:\Windows\System\chmauAL.exe
  C:\Windows\System\chmauAL.exe
  2⤵
  PID:10336
- C:\Windows\System\NDWKPvu.exe
  C:\Windows\System\NDWKPvu.exe
  2⤵
  PID:10368
- C:\Windows\System\NycUzBz.exe
  C:\Windows\System\NycUzBz.exe
  2⤵
  PID:10400
- C:\Windows\System\zEpmwFr.exe
  C:\Windows\System\zEpmwFr.exe
  2⤵
  PID:10416
- C:\Windows\System\qwihbKg.exe
  C:\Windows\System\qwihbKg.exe
  2⤵
  PID:10464
- C:\Windows\System\pXqWOwS.exe
  C:\Windows\System\pXqWOwS.exe
  2⤵
  PID:10496
- C:\Windows\System\cPjCVKE.exe
  C:\Windows\System\cPjCVKE.exe
  2⤵
  PID:10528
- C:\Windows\System\HLJSkHi.exe
  C:\Windows\System\HLJSkHi.exe
  2⤵
  PID:10560
- C:\Windows\System\wqYYRlk.exe
  C:\Windows\System\wqYYRlk.exe
  2⤵
  PID:10592
- C:\Windows\System\IJORCJe.exe
  C:\Windows\System\IJORCJe.exe
  2⤵
  PID:10624
- C:\Windows\System\MHysNhN.exe
  C:\Windows\System\MHysNhN.exe
  2⤵
  PID:10656
- C:\Windows\System\qofdkMQ.exe
  C:\Windows\System\qofdkMQ.exe
  2⤵
  PID:10688
- C:\Windows\System\LvAauAU.exe
  C:\Windows\System\LvAauAU.exe
  2⤵
  PID:10720
- C:\Windows\System\zqGZVSJ.exe
  C:\Windows\System\zqGZVSJ.exe
  2⤵
  PID:10752
- C:\Windows\System\jcuBNAf.exe
  C:\Windows\System\jcuBNAf.exe
  2⤵
  PID:10784
- C:\Windows\System\QadMYXC.exe
  C:\Windows\System\QadMYXC.exe
  2⤵
  PID:10816
- C:\Windows\System\uKMgsTP.exe
  C:\Windows\System\uKMgsTP.exe
  2⤵
  PID:10852
- C:\Windows\System\yTpYGSR.exe
  C:\Windows\System\yTpYGSR.exe
  2⤵
  PID:10884
- C:\Windows\System\mtXCNYN.exe
  C:\Windows\System\mtXCNYN.exe
  2⤵
  PID:10916
- C:\Windows\System\tZlnzPj.exe
  C:\Windows\System\tZlnzPj.exe
  2⤵
  PID:10948
- C:\Windows\System\HsapHRf.exe
  C:\Windows\System\HsapHRf.exe
  2⤵
  PID:10980
- C:\Windows\System\EvXvQXG.exe
  C:\Windows\System\EvXvQXG.exe
  2⤵
  PID:10996
- C:\Windows\System\oQmkBMF.exe
  C:\Windows\System\oQmkBMF.exe
  2⤵
  PID:11028
- C:\Windows\System\bybhmQs.exe
  C:\Windows\System\bybhmQs.exe
  2⤵
  PID:11076
- C:\Windows\System\kcgNbil.exe
  C:\Windows\System\kcgNbil.exe
  2⤵
  PID:11108
- C:\Windows\System\HAKMVZp.exe
  C:\Windows\System\HAKMVZp.exe
  2⤵
  PID:11136
- C:\Windows\System\MvpMlyJ.exe
  C:\Windows\System\MvpMlyJ.exe
  2⤵
  PID:11156
- C:\Windows\System\wfwGGTY.exe
  C:\Windows\System\wfwGGTY.exe
  2⤵
  PID:11188
- C:\Windows\System\DafVMhk.exe
  C:\Windows\System\DafVMhk.exe
  2⤵
  PID:11236
- C:\Windows\System\nuwxllt.exe
  C:\Windows\System\nuwxllt.exe
  2⤵
  PID:9532
- C:\Windows\System\mWOwjeT.exe
  C:\Windows\System\mWOwjeT.exe
  2⤵
  PID:10264
- C:\Windows\System\MZCLLxU.exe
  C:\Windows\System\MZCLLxU.exe
  2⤵
  PID:10320
- C:\Windows\System\dJOfuUi.exe
  C:\Windows\System\dJOfuUi.exe
  2⤵
  PID:10412
- C:\Windows\System\aAogTzh.exe
  C:\Windows\System\aAogTzh.exe
  2⤵
  PID:10452
- C:\Windows\System\XdvedSh.exe
  C:\Windows\System\XdvedSh.exe
  2⤵
  PID:10524
- C:\Windows\System\HKBjbSl.exe
  C:\Windows\System\HKBjbSl.exe
  2⤵
  PID:10608
- C:\Windows\System\mDuzplf.exe
  C:\Windows\System\mDuzplf.exe
  2⤵
  PID:10672
- C:\Windows\System\iJWqGlD.exe
  C:\Windows\System\iJWqGlD.exe
  2⤵
  PID:10736
- C:\Windows\System\YsaAKGA.exe
  C:\Windows\System\YsaAKGA.exe
  2⤵
  PID:10796
- C:\Windows\System\ThpJNVX.exe
  C:\Windows\System\ThpJNVX.exe
  2⤵
  PID:10864
- C:\Windows\System\OsWkCPP.exe
  C:\Windows\System\OsWkCPP.exe
  2⤵
  PID:10928
- C:\Windows\System\IxeZLfB.exe
  C:\Windows\System\IxeZLfB.exe
  2⤵
  PID:10992
- C:\Windows\System\qywnSjr.exe
  C:\Windows\System\qywnSjr.exe
  2⤵
  PID:11064
- C:\Windows\System\qnKKHZF.exe
  C:\Windows\System\qnKKHZF.exe
  2⤵
  PID:11128
- C:\Windows\System\KlNuwpK.exe
  C:\Windows\System\KlNuwpK.exe
  2⤵
  PID:11204
- C:\Windows\System\wfrgScR.exe
  C:\Windows\System\wfrgScR.exe
  2⤵
  PID:11244
- C:\Windows\System\QrEQdvB.exe
  C:\Windows\System\QrEQdvB.exe
  2⤵
  PID:10348
- C:\Windows\System\KLDcxVv.exe
  C:\Windows\System\KLDcxVv.exe
  2⤵
  PID:10384
- C:\Windows\System\dtZhCUa.exe
  C:\Windows\System\dtZhCUa.exe
  2⤵
  PID:10576
- C:\Windows\System\xCXUwsm.exe
  C:\Windows\System\xCXUwsm.exe
  2⤵
  PID:10716
- C:\Windows\System\IYxdSJh.exe
  C:\Windows\System\IYxdSJh.exe
  2⤵
  PID:10780
- C:\Windows\System\vbSBLDE.exe
  C:\Windows\System\vbSBLDE.exe
  2⤵
  PID:10988
- C:\Windows\System\yFHJISk.exe
  C:\Windows\System\yFHJISk.exe
  2⤵
  PID:11088
- C:\Windows\System\LmlsjrL.exe
  C:\Windows\System\LmlsjrL.exe
  2⤵
  PID:11220
- C:\Windows\System\vxxmpbH.exe
  C:\Windows\System\vxxmpbH.exe
  2⤵
  PID:10396
- C:\Windows\System\dneGSsv.exe
  C:\Windows\System\dneGSsv.exe
  2⤵
  PID:10648
- C:\Windows\System\XOTmhbz.exe
  C:\Windows\System\XOTmhbz.exe
  2⤵
  PID:10732
- C:\Windows\System\fPTfPBA.exe
  C:\Windows\System\fPTfPBA.exe
  2⤵
  PID:11224
- C:\Windows\System\cfRgJLL.exe
  C:\Windows\System\cfRgJLL.exe
  2⤵
  PID:10476
- C:\Windows\System\TFQkMDO.exe
  C:\Windows\System\TFQkMDO.exe
  2⤵
  PID:11104
- C:\Windows\System\HHdWHrf.exe
  C:\Windows\System\HHdWHrf.exe
  2⤵
  PID:10748
- C:\Windows\System\Higstaq.exe
  C:\Windows\System\Higstaq.exe
  2⤵
  PID:11272
- C:\Windows\System\OrMEqLU.exe
  C:\Windows\System\OrMEqLU.exe
  2⤵
  PID:11304
- C:\Windows\System\XnCyiji.exe
  C:\Windows\System\XnCyiji.exe
  2⤵
  PID:11336
- C:\Windows\System\xNshxuF.exe
  C:\Windows\System\xNshxuF.exe
  2⤵
  PID:11384
- C:\Windows\System\sLrXUBV.exe
  C:\Windows\System\sLrXUBV.exe
  2⤵
  PID:11432
- C:\Windows\System\SFWEDoA.exe
  C:\Windows\System\SFWEDoA.exe
  2⤵
  PID:11472
- C:\Windows\System\hOFposc.exe
  C:\Windows\System\hOFposc.exe
  2⤵
  PID:11504
- C:\Windows\System\QlXHQzn.exe
  C:\Windows\System\QlXHQzn.exe
  2⤵
  PID:11540
- C:\Windows\System\ISLNsDS.exe
  C:\Windows\System\ISLNsDS.exe
  2⤵
  PID:11572
- C:\Windows\System\qHiaRlK.exe
  C:\Windows\System\qHiaRlK.exe
  2⤵
  PID:11596
- C:\Windows\System\xvjvaVX.exe
  C:\Windows\System\xvjvaVX.exe
  2⤵
  PID:11648
- C:\Windows\System\adhOoCy.exe
  C:\Windows\System\adhOoCy.exe
  2⤵
  PID:11664
- C:\Windows\System\xIOvanx.exe
  C:\Windows\System\xIOvanx.exe
  2⤵
  PID:11712
- C:\Windows\System\SfXeqVW.exe
  C:\Windows\System\SfXeqVW.exe
  2⤵
  PID:11744
- C:\Windows\System\KiYrvKj.exe
  C:\Windows\System\KiYrvKj.exe
  2⤵
  PID:11776
- C:\Windows\System\hHxDTzU.exe
  C:\Windows\System\hHxDTzU.exe
  2⤵
  PID:11808
- C:\Windows\System\wDOtmIL.exe
  C:\Windows\System\wDOtmIL.exe
  2⤵
  PID:11840
- C:\Windows\System\YYEXEiW.exe
  C:\Windows\System\YYEXEiW.exe
  2⤵
  PID:11872
- C:\Windows\System\doZpoya.exe
  C:\Windows\System\doZpoya.exe
  2⤵
  PID:11904
- C:\Windows\System\pgDYmOv.exe
  C:\Windows\System\pgDYmOv.exe
  2⤵
  PID:11936
- C:\Windows\System\vWTzphh.exe
  C:\Windows\System\vWTzphh.exe
  2⤵
  PID:11968
- C:\Windows\System\yWuCokY.exe
  C:\Windows\System\yWuCokY.exe
  2⤵
  PID:12000
- C:\Windows\System\oBCulec.exe
  C:\Windows\System\oBCulec.exe
  2⤵
  PID:12032
- C:\Windows\System\BcuwdHN.exe
  C:\Windows\System\BcuwdHN.exe
  2⤵
  PID:12064
- C:\Windows\System\GWezVTN.exe
  C:\Windows\System\GWezVTN.exe
  2⤵
  PID:12096
- C:\Windows\System\WdopKvG.exe
  C:\Windows\System\WdopKvG.exe
  2⤵
  PID:12128
- C:\Windows\System\juaIKJx.exe
  C:\Windows\System\juaIKJx.exe
  2⤵
  PID:12160
- C:\Windows\System\HFFikzE.exe
  C:\Windows\System\HFFikzE.exe
  2⤵
  PID:12192
- C:\Windows\System\vUPyISy.exe
  C:\Windows\System\vUPyISy.exe
  2⤵
  PID:12240
- C:\Windows\System\hjEbdoR.exe
  C:\Windows\System\hjEbdoR.exe
  2⤵
  PID:12272
- C:\Windows\System\gJrbWcX.exe
  C:\Windows\System\gJrbWcX.exe
  2⤵
  PID:11284
- C:\Windows\System\dsyLpgU.exe
  C:\Windows\System\dsyLpgU.exe
  2⤵
  PID:11380
- C:\Windows\System\YrUfyfP.exe
  C:\Windows\System\YrUfyfP.exe
  2⤵
  PID:11452
- C:\Windows\System\nZXHbui.exe
  C:\Windows\System\nZXHbui.exe
  2⤵
  PID:11488
- C:\Windows\System\tqtZheo.exe
  C:\Windows\System\tqtZheo.exe
  2⤵
  PID:11536
- C:\Windows\System\sXRJYCe.exe
  C:\Windows\System\sXRJYCe.exe
  2⤵
  PID:11616
- C:\Windows\System\OQRjWbU.exe
  C:\Windows\System\OQRjWbU.exe
  2⤵
  PID:11636
- C:\Windows\System\nyCCAlr.exe
  C:\Windows\System\nyCCAlr.exe
  2⤵
  PID:11760
- C:\Windows\System\lEHcoTJ.exe
  C:\Windows\System\lEHcoTJ.exe
  2⤵
  PID:11824
- C:\Windows\System\LwsBtTD.exe
  C:\Windows\System\LwsBtTD.exe
  2⤵
  PID:11900
- C:\Windows\System\UVBZlpG.exe
  C:\Windows\System\UVBZlpG.exe
  2⤵
  PID:11992
- C:\Windows\System\DNBrIrX.exe
  C:\Windows\System\DNBrIrX.exe
  2⤵
  PID:12120
- C:\Windows\System\mmvVptY.exe
  C:\Windows\System\mmvVptY.exe
  2⤵
  PID:12236
- C:\Windows\System\vYVfeqI.exe
  C:\Windows\System\vYVfeqI.exe
  2⤵
  PID:11348
- C:\Windows\System\QQHMyVq.exe
  C:\Windows\System\QQHMyVq.exe
  2⤵
  PID:11500
- C:\Windows\System\IfXlUUX.exe
  C:\Windows\System\IfXlUUX.exe
  2⤵
  PID:11556
- C:\Windows\System\snzEpfp.exe
  C:\Windows\System\snzEpfp.exe
  2⤵
  PID:11864
- C:\Windows\System\VDJSozu.exe
  C:\Windows\System\VDJSozu.exe
  2⤵
  PID:11788
- C:\Windows\System\byEblHs.exe
  C:\Windows\System\byEblHs.exe
  2⤵
  PID:12080
- C:\Windows\System\gyTHomW.exe
  C:\Windows\System\gyTHomW.exe
  2⤵
  PID:12204
- C:\Windows\System\JVgUBJe.exe
  C:\Windows\System\JVgUBJe.exe
  2⤵
  PID:11448
- C:\Windows\System\uxqYqDv.exe
  C:\Windows\System\uxqYqDv.exe
  2⤵
  PID:11724
- C:\Windows\System\PLxRluC.exe
  C:\Windows\System\PLxRluC.exe
  2⤵
  PID:12028
- C:\Windows\System\evpJoMR.exe
  C:\Windows\System\evpJoMR.exe
  2⤵
  PID:12048
- C:\Windows\System\enJBGMc.exe
  C:\Windows\System\enJBGMc.exe
  2⤵
  PID:11592
- C:\Windows\System\ElAHKpl.exe
  C:\Windows\System\ElAHKpl.exe
  2⤵
  PID:12292
- C:\Windows\System\JtSVVNN.exe
  C:\Windows\System\JtSVVNN.exe
  2⤵
  PID:12324
- C:\Windows\System\KkLUPQB.exe
  C:\Windows\System\KkLUPQB.exe
  2⤵
  PID:12368
- C:\Windows\System\msNEYPR.exe
  C:\Windows\System\msNEYPR.exe
  2⤵
  PID:12404
- C:\Windows\System\mjelXeB.exe
  C:\Windows\System\mjelXeB.exe
  2⤵
  PID:12440
- C:\Windows\System\SDpopSP.exe
  C:\Windows\System\SDpopSP.exe
  2⤵
  PID:12468
- C:\Windows\System\dHyYmDn.exe
  C:\Windows\System\dHyYmDn.exe
  2⤵
  PID:12488
- C:\Windows\System\RtVUvAK.exe
  C:\Windows\System\RtVUvAK.exe
  2⤵
  PID:12516
- C:\Windows\System\SugOKZT.exe
  C:\Windows\System\SugOKZT.exe
  2⤵
  PID:12548
- C:\Windows\System\CNkFRcZ.exe
  C:\Windows\System\CNkFRcZ.exe
  2⤵
  PID:12576
- C:\Windows\System\OKjfeXm.exe
  C:\Windows\System\OKjfeXm.exe
  2⤵
  PID:12612
- C:\Windows\System\DLvovAV.exe
  C:\Windows\System\DLvovAV.exe
  2⤵
  PID:12644
- C:\Windows\System\GZLfKsd.exe
  C:\Windows\System\GZLfKsd.exe
  2⤵
  PID:12692
- C:\Windows\System\NNnrlPY.exe
  C:\Windows\System\NNnrlPY.exe
  2⤵
  PID:12708
- C:\Windows\System\cMRTVmn.exe
  C:\Windows\System\cMRTVmn.exe
  2⤵
  PID:12744
- C:\Windows\System\qVCHyzb.exe
  C:\Windows\System\qVCHyzb.exe
  2⤵
  PID:12780
- C:\Windows\System\zeKBtht.exe
  C:\Windows\System\zeKBtht.exe
  2⤵
  PID:12828
- C:\Windows\System\LuMmoss.exe
  C:\Windows\System\LuMmoss.exe
  2⤵
  PID:12856
- C:\Windows\System\fhtuVgB.exe
  C:\Windows\System\fhtuVgB.exe
  2⤵
  PID:12888
- C:\Windows\System\amwtcEs.exe
  C:\Windows\System\amwtcEs.exe
  2⤵
  PID:12920
- C:\Windows\System\rRSqOqr.exe
  C:\Windows\System\rRSqOqr.exe
  2⤵
  PID:12952
- C:\Windows\System\gvEqZNQ.exe
  C:\Windows\System\gvEqZNQ.exe
  2⤵
  PID:12996
- C:\Windows\System\cZIdZAe.exe
  C:\Windows\System\cZIdZAe.exe
  2⤵
  PID:13012
- C:\Windows\System\rdlQIgJ.exe
  C:\Windows\System\rdlQIgJ.exe
  2⤵
  PID:13048
- C:\Windows\System\ZKoxJXZ.exe
  C:\Windows\System\ZKoxJXZ.exe
  2⤵
  PID:13096
- C:\Windows\System\RpraIuw.exe
  C:\Windows\System\RpraIuw.exe
  2⤵
  PID:13116
- C:\Windows\System\zfBqzSF.exe
  C:\Windows\System\zfBqzSF.exe
  2⤵
  PID:13168
- C:\Windows\System\XlAeUzf.exe
  C:\Windows\System\XlAeUzf.exe
  2⤵
  PID:13188
- C:\Windows\System\AfIrpkd.exe
  C:\Windows\System\AfIrpkd.exe
  2⤵
  PID:13232
- C:\Windows\System\VQQhHOV.exe
  C:\Windows\System\VQQhHOV.exe
  2⤵
  PID:13264
- C:\Windows\System\NTiiYPR.exe
  C:\Windows\System\NTiiYPR.exe
  2⤵
  PID:13296
- C:\Windows\System\zJHbwZA.exe
  C:\Windows\System\zJHbwZA.exe
  2⤵
  PID:11888
- C:\Windows\System\VgFjuzo.exe
  C:\Windows\System\VgFjuzo.exe
  2⤵
  PID:12320
- C:\Windows\System\AtVuZWm.exe
  C:\Windows\System\AtVuZWm.exe
  2⤵
  PID:12340
- C:\Windows\System\SZlBevh.exe
  C:\Windows\System\SZlBevh.exe
  2⤵
  PID:3736
- C:\Windows\System\xVXYaSA.exe
  C:\Windows\System\xVXYaSA.exe
  2⤵
  PID:12528
- C:\Windows\System\RWWObbB.exe
  C:\Windows\System\RWWObbB.exe
  2⤵
  PID:12592
- C:\Windows\System\goPvaXz.exe
  C:\Windows\System\goPvaXz.exe
  2⤵
  PID:12600
- C:\Windows\System\GbMUgsw.exe
  C:\Windows\System\GbMUgsw.exe
  2⤵
  PID:12668
- C:\Windows\System\NRoKzRM.exe
  C:\Windows\System\NRoKzRM.exe
  2⤵
  PID:12776
- C:\Windows\System\YRwsqBA.exe
  C:\Windows\System\YRwsqBA.exe
  2⤵
  PID:12840
- C:\Windows\System\JpsjRkz.exe
  C:\Windows\System\JpsjRkz.exe
  2⤵
  PID:12880
- C:\Windows\System\SuXmKGm.exe
  C:\Windows\System\SuXmKGm.exe
  2⤵
  PID:11920
- C:\Windows\System\cuPnKjx.exe
  C:\Windows\System\cuPnKjx.exe
  2⤵
  PID:12932
- C:\Windows\System\zTUKPrs.exe
  C:\Windows\System\zTUKPrs.exe
  2⤵
  PID:13004
- C:\Windows\System\ccYNhcA.exe
  C:\Windows\System\ccYNhcA.exe
  2⤵
  PID:12992
- C:\Windows\System\SINEISo.exe
  C:\Windows\System\SINEISo.exe
  2⤵
  PID:13032
- C:\Windows\System\qIbqbnj.exe
  C:\Windows\System\qIbqbnj.exe
  2⤵
  PID:13060
- C:\Windows\System\JIZrCiQ.exe
  C:\Windows\System\JIZrCiQ.exe
  2⤵
  PID:13200
- C:\Windows\System\LmgHtQg.exe
  C:\Windows\System\LmgHtQg.exe
  2⤵
  PID:13224
- C:\Windows\System\ZpOZiBe.exe
  C:\Windows\System\ZpOZiBe.exe
  2⤵
  PID:13308
- C:\Windows\System\UbToJjW.exe
  C:\Windows\System\UbToJjW.exe
  2⤵
  PID:12312
- C:\Windows\System\ohEZwsk.exe
  C:\Windows\System\ohEZwsk.exe
  2⤵
  PID:12428
- C:\Windows\System\aOaSGTU.exe
  C:\Windows\System\aOaSGTU.exe
  2⤵
  PID:12504
- C:\Windows\System\eNOqExf.exe
  C:\Windows\System\eNOqExf.exe
  2⤵
  PID:1160
- C:\Windows\System\fBMHdUg.exe
  C:\Windows\System\fBMHdUg.exe
  2⤵
  PID:12816
- C:\Windows\System\KkntqZU.exe
  C:\Windows\System\KkntqZU.exe
  2⤵
  PID:2656
- C:\Windows\System\yahLGMO.exe
  C:\Windows\System\yahLGMO.exe
  2⤵
  PID:12872
- C:\Windows\System\qlRJSGk.exe
  C:\Windows\System\qlRJSGk.exe
  2⤵
  PID:1372
- C:\Windows\System\WqwhlSt.exe
  C:\Windows\System\WqwhlSt.exe
  2⤵
  PID:12968
- C:\Windows\System\avCVoBP.exe
  C:\Windows\System\avCVoBP.exe
  2⤵
  PID:13020
- C:\Windows\System\mKJNpJf.exe
  C:\Windows\System\mKJNpJf.exe
  2⤵
  PID:13132
- C:\Windows\System\vjaXjDg.exe
  C:\Windows\System\vjaXjDg.exe
  2⤵
  PID:13176
- C:\Windows\System\kMsbmcr.exe
  C:\Windows\System\kMsbmcr.exe
  2⤵
  PID:12336
- C:\Windows\System\OMIaPtq.exe
  C:\Windows\System\OMIaPtq.exe
  2⤵
  PID:4964
- C:\Windows\System\nSTRNme.exe
  C:\Windows\System\nSTRNme.exe
  2⤵
  PID:12724
- C:\Windows\System\StrPhjc.exe
  C:\Windows\System\StrPhjc.exe
  2⤵
  PID:1996
- C:\Windows\System\sheZxbb.exe
  C:\Windows\System\sheZxbb.exe
  2⤵
  PID:3500
- C:\Windows\System\nxJpuTR.exe
  C:\Windows\System\nxJpuTR.exe
  2⤵
  PID:1592
- C:\Windows\System\eqGqPkT.exe
  C:\Windows\System\eqGqPkT.exe
  2⤵
  PID:1464
- C:\Windows\System\OEAmdNp.exe
  C:\Windows\System\OEAmdNp.exe
  2⤵
  PID:12688
- C:\Windows\System\rXNyrYd.exe
  C:\Windows\System\rXNyrYd.exe
  2⤵
  PID:1460
- C:\Windows\System\uNFpVQU.exe
  C:\Windows\System\uNFpVQU.exe
  2⤵
  PID:12364
- C:\Windows\System\YusAGAa.exe
  C:\Windows\System\YusAGAa.exe
  2⤵
  PID:7444
- C:\Windows\System\gbkfJUQ.exe
  C:\Windows\System\gbkfJUQ.exe
  2⤵
  PID:13080
- C:\Windows\System\sPWlkvR.exe
  C:\Windows\System\sPWlkvR.exe
  2⤵
  PID:13348
- C:\Windows\System\zLnjUVx.exe
  C:\Windows\System\zLnjUVx.exe
  2⤵
  PID:13368
- C:\Windows\System\jOpURrU.exe
  C:\Windows\System\jOpURrU.exe
  2⤵
  PID:13400
- C:\Windows\System\hpZkRHK.exe
  C:\Windows\System\hpZkRHK.exe
  2⤵
  PID:13444
- C:\Windows\System\UxAySQN.exe
  C:\Windows\System\UxAySQN.exe
  2⤵
  PID:13464
- C:\Windows\System\USYKFlN.exe
  C:\Windows\System\USYKFlN.exe
  2⤵
  PID:13504
- C:\Windows\System\NAyRNMF.exe
  C:\Windows\System\NAyRNMF.exe
  2⤵
  PID:13536
- C:\Windows\System\JyWDhlJ.exe
  C:\Windows\System\JyWDhlJ.exe
  2⤵
  PID:13592
- C:\Windows\System\AdsfVhW.exe
  C:\Windows\System\AdsfVhW.exe
  2⤵
  PID:13608
- C:\Windows\System\ULLUwmH.exe
  C:\Windows\System\ULLUwmH.exe
  2⤵
  PID:13640
- C:\Windows\System\FlloQYx.exe
  C:\Windows\System\FlloQYx.exe
  2⤵
  PID:13672
- C:\Windows\System\GHOzBjB.exe
  C:\Windows\System\GHOzBjB.exe
  2⤵
  PID:13704
- C:\Windows\System\PpfXjkd.exe
  C:\Windows\System\PpfXjkd.exe
  2⤵
  PID:13732
- C:\Windows\System\vpiPBlD.exe
  C:\Windows\System\vpiPBlD.exe
  2⤵
  PID:13768
- C:\Windows\System\WEheAUz.exe
  C:\Windows\System\WEheAUz.exe
  2⤵
  PID:13800
- C:\Windows\System\UpksVSB.exe
  C:\Windows\System\UpksVSB.exe
  2⤵
  PID:13832
- C:\Windows\System\XuprAsp.exe
  C:\Windows\System\XuprAsp.exe
  2⤵
  PID:13872
- C:\Windows\System\KTJbVKy.exe
  C:\Windows\System\KTJbVKy.exe
  2⤵
  PID:13912
- C:\Windows\System\hJLQmga.exe
  C:\Windows\System\hJLQmga.exe
  2⤵
  PID:13948
- C:\Windows\System\oarTaRl.exe
  C:\Windows\System\oarTaRl.exe
  2⤵
  PID:13988
- C:\Windows\System\BXpalaa.exe
  C:\Windows\System\BXpalaa.exe
  2⤵
  PID:14020
- C:\Windows\System\TqHFPHU.exe
  C:\Windows\System\TqHFPHU.exe
  2⤵
  PID:14068
- C:\Windows\System\NWlepgu.exe
  C:\Windows\System\NWlepgu.exe
  2⤵
  PID:14104
- C:\Windows\System\jZFudoo.exe
  C:\Windows\System\jZFudoo.exe
  2⤵
  PID:14136
- C:\Windows\System\gjDkttb.exe
  C:\Windows\System\gjDkttb.exe
  2⤵
  PID:14172
- C:\Windows\System\WwQsbGl.exe
  C:\Windows\System\WwQsbGl.exe
  2⤵
  PID:14236
- C:\Windows\System\kGFcwWu.exe
  C:\Windows\System\kGFcwWu.exe
  2⤵
  PID:14284
- C:\Windows\System\GRULYQF.exe
  C:\Windows\System\GRULYQF.exe
  2⤵
  PID:14324
- C:\Windows\System\RNdPycw.exe
  C:\Windows\System\RNdPycw.exe
  2⤵
  PID:13328
- C:\Windows\System\WSVmTSF.exe
  C:\Windows\System\WSVmTSF.exe
  2⤵
  PID:13396
- C:\Windows\System\xExpRYO.exe
  C:\Windows\System\xExpRYO.exe
  2⤵
  PID:13476
- C:\Windows\System\XbuhaAy.exe
  C:\Windows\System\XbuhaAy.exe
  2⤵
  PID:13524
- C:\Windows\System\IhIsKST.exe
  C:\Windows\System\IhIsKST.exe
  2⤵
  PID:13584
- C:\Windows\System\NrhdFoo.exe
  C:\Windows\System\NrhdFoo.exe
  2⤵
  PID:13556
- C:\Windows\System\XDeMDSY.exe
  C:\Windows\System\XDeMDSY.exe
  2⤵
  PID:13624
- C:\Windows\System\ZXFvjbo.exe
  C:\Windows\System\ZXFvjbo.exe
  2⤵
  PID:13652
- C:\Windows\System\zJLfjuU.exe
  C:\Windows\System\zJLfjuU.exe
  2⤵
  PID:13684
- C:\Windows\System\ZzgYyWi.exe
  C:\Windows\System\ZzgYyWi.exe
  2⤵
  PID:13740
- C:\Windows\System\BEgEsyl.exe
  C:\Windows\System\BEgEsyl.exe
  2⤵
  PID:13812
- C:\Windows\System\LQvcrEe.exe
  C:\Windows\System\LQvcrEe.exe
  2⤵
  PID:13984
- C:\Windows\System\bLKogCc.exe
  C:\Windows\System\bLKogCc.exe
  2⤵
  PID:14064
- C:\Windows\System\FHAYnRH.exe
  C:\Windows\System\FHAYnRH.exe
  2⤵
  PID:14116
- C:\Windows\System\SMMVIEu.exe
  C:\Windows\System\SMMVIEu.exe
  2⤵
  PID:14220
- C:\Windows\System\UYzBVRB.exe
  C:\Windows\System\UYzBVRB.exe
  2⤵
  PID:13336
- C:\Windows\System\kLiJGwe.exe
  C:\Windows\System\kLiJGwe.exe
  2⤵
  PID:13456
- C:\Windows\System\NApZZBu.exe
  C:\Windows\System\NApZZBu.exe
  2⤵
  PID:13560
- C:\Windows\System\dcvKRde.exe
  C:\Windows\System\dcvKRde.exe
  2⤵
  PID:13748
- C:\Windows\System\tbpDQLq.exe
  C:\Windows\System\tbpDQLq.exe
  2⤵
  PID:13936
- C:\Windows\System\lmiisQZ.exe
  C:\Windows\System\lmiisQZ.exe
  2⤵
  PID:14092
- C:\Windows\System\HRUMMah.exe
  C:\Windows\System\HRUMMah.exe
  2⤵
  PID:13436
- C:\Windows\System\yJraBKY.exe
  C:\Windows\System\yJraBKY.exe
  2⤵
  PID:13384
- C:\Windows\System\UNXkYcJ.exe
  C:\Windows\System\UNXkYcJ.exe
  2⤵
  PID:13604
- C:\Windows\System\SudvwHt.exe
  C:\Windows\System\SudvwHt.exe
  2⤵
  PID:13920
- C:\Windows\System\bqnlbCI.exe
  C:\Windows\System\bqnlbCI.exe
  2⤵
  PID:13424
- C:\Windows\System\gnuGCtV.exe
  C:\Windows\System\gnuGCtV.exe
  2⤵
  PID:13816
- C:\Windows\System\MemSqOb.exe
  C:\Windows\System\MemSqOb.exe
  2⤵
  PID:452
- C:\Windows\System\pwJvaAK.exe
  C:\Windows\System\pwJvaAK.exe
  2⤵
  PID:14000
- C:\Windows\System\JgugvsJ.exe
  C:\Windows\System\JgugvsJ.exe
  2⤵
  PID:14360
- C:\Windows\System\sMODZIz.exe
  C:\Windows\System\sMODZIz.exe
  2⤵
  PID:14376
- C:\Windows\System\eeHiani.exe
  C:\Windows\System\eeHiani.exe
  2⤵
  PID:14392
- C:\Windows\System\JObmJPa.exe
  C:\Windows\System\JObmJPa.exe
  2⤵
  PID:14408
- C:\Windows\System\YvVVUUB.exe
  C:\Windows\System\YvVVUUB.exe
  2⤵
  PID:14424
- C:\Windows\System\bgOZdTa.exe
  C:\Windows\System\bgOZdTa.exe
  2⤵
  PID:14440
- C:\Windows\System\UQgGwXG.exe
  C:\Windows\System\UQgGwXG.exe
  2⤵
  PID:14456
- C:\Windows\System\UqZccGN.exe
  C:\Windows\System\UqZccGN.exe
  2⤵
  PID:14484
- C:\Windows\System\jiQVkVz.exe
  C:\Windows\System\jiQVkVz.exe
  2⤵
  PID:14528
- C:\Windows\System\DGzRRfA.exe
  C:\Windows\System\DGzRRfA.exe
  2⤵
  PID:14548
- C:\Windows\System\NqlCGTr.exe
  C:\Windows\System\NqlCGTr.exe
  2⤵
  PID:14592
- C:\Windows\System\tHGwnJR.exe
  C:\Windows\System\tHGwnJR.exe
  2⤵
  PID:14620
- C:\Windows\System\jtocMhZ.exe
  C:\Windows\System\jtocMhZ.exe
  2⤵
  PID:14692
- C:\Windows\System\zfwCkAZ.exe
  C:\Windows\System\zfwCkAZ.exe
  2⤵
  PID:14760
- C:\Windows\System\YLJggix.exe
  C:\Windows\System\YLJggix.exe
  2⤵
  PID:14776
- C:\Windows\System\oOSJaeE.exe
  C:\Windows\System\oOSJaeE.exe
  2⤵
  PID:14808
- C:\Windows\System\sFOkRoZ.exe
  C:\Windows\System\sFOkRoZ.exe
  2⤵
  PID:14840
- C:\Windows\System\QSEzvNV.exe
  C:\Windows\System\QSEzvNV.exe
  2⤵
  PID:14872
- C:\Windows\System\vHUrTwH.exe
  C:\Windows\System\vHUrTwH.exe
  2⤵
  PID:14912
- C:\Windows\System\DHeXXsE.exe
  C:\Windows\System\DHeXXsE.exe
  2⤵
  PID:14948
- C:\Windows\System\qvjcyzd.exe
  C:\Windows\System\qvjcyzd.exe
  2⤵
  PID:14980
- C:\Windows\System\KIHzRwd.exe
  C:\Windows\System\KIHzRwd.exe
  2⤵
  PID:15000
- C:\Windows\System\WepTvMO.exe
  C:\Windows\System\WepTvMO.exe
  2⤵
  PID:15032
- C:\Windows\System\ZJFUjHz.exe
  C:\Windows\System\ZJFUjHz.exe
  2⤵
  PID:15064
- C:\Windows\System\UpbZsqV.exe
  C:\Windows\System\UpbZsqV.exe
  2⤵
  PID:15096
- C:\Windows\System\uaxHTjQ.exe
  C:\Windows\System\uaxHTjQ.exe
  2⤵
  PID:15132
- C:\Windows\System\qSFGNVs.exe
  C:\Windows\System\qSFGNVs.exe
  2⤵
  PID:15160
- C:\Windows\System\jlbnsnv.exe
  C:\Windows\System\jlbnsnv.exe
  2⤵
  PID:15192
- C:\Windows\System\Okrgolc.exe
  C:\Windows\System\Okrgolc.exe
  2⤵
  PID:15224
- C:\Windows\System\ScelgiQ.exe
  C:\Windows\System\ScelgiQ.exe
  2⤵
  PID:15284
- C:\Windows\System\aPvjoqT.exe
  C:\Windows\System\aPvjoqT.exe
  2⤵
  PID:15316
- C:\Windows\System\VEKYYMS.exe
  C:\Windows\System\VEKYYMS.exe
  2⤵
  PID:15344
- C:\Windows\System\IsCMIZY.exe
  C:\Windows\System\IsCMIZY.exe
  2⤵
  PID:14340
- C:\Windows\System\QkSaKGZ.exe
  C:\Windows\System\QkSaKGZ.exe
  2⤵
  PID:14384
- C:\Windows\System\XcZEJzi.exe
  C:\Windows\System\XcZEJzi.exe
  2⤵
  PID:14564
- C:\Windows\System\VbHKTbv.exe
  C:\Windows\System\VbHKTbv.exe
  2⤵
  PID:14512
- C:\Windows\System\sVckjxf.exe
  C:\Windows\System\sVckjxf.exe
  2⤵
  PID:14560
- C:\Windows\System\dsahTLE.exe
  C:\Windows\System\dsahTLE.exe
  2⤵
  PID:14660
- C:\Windows\System\OXfVNPP.exe
  C:\Windows\System\OXfVNPP.exe
  2⤵
  PID:14744
- C:\Windows\System\WIYPuCp.exe
  C:\Windows\System\WIYPuCp.exe
  2⤵
  PID:1000
- C:\Windows\System\rtFiXjX.exe
  C:\Windows\System\rtFiXjX.exe
  2⤵
  PID:14824
- C:\Windows\System\gJfrMiY.exe
  C:\Windows\System\gJfrMiY.exe
  2⤵
  PID:14884
- C:\Windows\System\TPuZavC.exe
  C:\Windows\System\TPuZavC.exe
  2⤵
  PID:14924
- C:\Windows\System\wjDKBJA.exe
  C:\Windows\System\wjDKBJA.exe
  2⤵
  PID:14940
- C:\Windows\System\zquSVfR.exe
  C:\Windows\System\zquSVfR.exe
  2⤵
  PID:14996
- C:\Windows\System\fTdSbnQ.exe
  C:\Windows\System\fTdSbnQ.exe
  2⤵
  PID:15020
- C:\Windows\System\gnybMQv.exe
  C:\Windows\System\gnybMQv.exe
  2⤵
  PID:2992
- C:\Windows\System\bmUsryu.exe
  C:\Windows\System\bmUsryu.exe
  2⤵
  PID:4552
- C:\Windows\System\JBlZAJI.exe
  C:\Windows\System\JBlZAJI.exe
  2⤵
  PID:15176
- C:\Windows\System\DpFnHRd.exe
  C:\Windows\System\DpFnHRd.exe
  2⤵
  PID:3516
- C:\Windows\System\VMjdEgO.exe
  C:\Windows\System\VMjdEgO.exe
  2⤵
  PID:15204
- C:\Windows\System\WDBhBEe.exe
  C:\Windows\System\WDBhBEe.exe
  2⤵
  PID:1892
- C:\Windows\System\NwEZXKN.exe
  C:\Windows\System\NwEZXKN.exe
  2⤵
  PID:14400
- C:\Windows\System\OTWjRNW.exe
  C:\Windows\System\OTWjRNW.exe
  2⤵
  PID:14540
- C:\Windows\System\akgCeVx.exe
  C:\Windows\System\akgCeVx.exe
  2⤵
  PID:14500
- C:\Windows\System\OdDfXkG.exe
  C:\Windows\System\OdDfXkG.exe
  2⤵
  PID:14600
- C:\Windows\System\GdCStmO.exe
  C:\Windows\System\GdCStmO.exe
  2⤵
  PID:14524
- C:\Windows\System\VTMndDu.exe
  C:\Windows\System\VTMndDu.exe
  2⤵
  PID:14740
- C:\Windows\System\MLZGqxR.exe
  C:\Windows\System\MLZGqxR.exe
  2⤵
  PID:14736
- C:\Windows\System\wRZpkpF.exe
  C:\Windows\System\wRZpkpF.exe
  2⤵
  PID:2060
- C:\Windows\System\pMtggQH.exe
  C:\Windows\System\pMtggQH.exe
  2⤵
  PID:3292
- C:\Windows\System\INFymYn.exe
  C:\Windows\System\INFymYn.exe
  2⤵
  PID:7480
- C:\Windows\System\QWslXiz.exe
  C:\Windows\System\QWslXiz.exe
  2⤵
  PID:15072
- C:\Windows\System\mrzJnKu.exe
  C:\Windows\System\mrzJnKu.exe
  2⤵
  PID:15084
- C:\Windows\System\eoyFiwT.exe
  C:\Windows\System\eoyFiwT.exe
  2⤵
  PID:15112
- C:\Windows\System\sOUxSkR.exe
  C:\Windows\System\sOUxSkR.exe
  2⤵
  PID:2592
- C:\Windows\System\qWqJMrl.exe
  C:\Windows\System\qWqJMrl.exe
  2⤵
  PID:15332
- C:\Windows\System\zWNAoFW.exe
  C:\Windows\System\zWNAoFW.exe
  2⤵
  PID:4672
- C:\Windows\System\nAYpyln.exe
  C:\Windows\System\nAYpyln.exe
  2⤵
  PID:5012
- C:\Windows\System\Rbjtiqd.exe
  C:\Windows\System\Rbjtiqd.exe
  2⤵
  PID:1716
- C:\Windows\System\lrXmvKS.exe
  C:\Windows\System\lrXmvKS.exe
  2⤵
  PID:14892
- C:\Windows\System\wQtyUzd.exe
  C:\Windows\System\wQtyUzd.exe
  2⤵
  PID:1280
- C:\Windows\System\nKlhSkn.exe
  C:\Windows\System\nKlhSkn.exe
  2⤵
  PID:7924
- C:\Windows\System\VezSVlt.exe
  C:\Windows\System\VezSVlt.exe
  2⤵
  PID:4600
- C:\Windows\System\WBOrgGW.exe
  C:\Windows\System\WBOrgGW.exe
  2⤵
  PID:4688
- C:\Windows\System\qhFIuZo.exe
  C:\Windows\System\qhFIuZo.exe
  2⤵
  PID:15116
- C:\Windows\System\sbgTsjB.exe
  C:\Windows\System\sbgTsjB.exe
  2⤵
  PID:15184
- C:\Windows\System\ZXrKNnI.exe
  C:\Windows\System\ZXrKNnI.exe
  2⤵
  PID:1912
- C:\Windows\System\CPAJDdj.exe
  C:\Windows\System\CPAJDdj.exe
  2⤵
  PID:2864
- C:\Windows\System\BTLuPlL.exe
  C:\Windows\System\BTLuPlL.exe
  2⤵
  PID:5132
- C:\Windows\System\IQtDvqZ.exe
  C:\Windows\System\IQtDvqZ.exe
  2⤵
  PID:14672
- C:\Windows\System\gryCJLv.exe
  C:\Windows\System\gryCJLv.exe
  2⤵
  PID:14864
- C:\Windows\System\wwEBHon.exe
  C:\Windows\System\wwEBHon.exe
  2⤵
  PID:5272
- C:\Windows\System\WRVWVLR.exe
  C:\Windows\System\WRVWVLR.exe
  2⤵
  PID:1704
- C:\Windows\System\rfWWqHA.exe
  C:\Windows\System\rfWWqHA.exe
  2⤵
  PID:3664
- C:\Windows\System\aNqXwvN.exe
  C:\Windows\System\aNqXwvN.exe
  2⤵
  PID:15104
- C:\Windows\System\ynmVpCf.exe
  C:\Windows\System\ynmVpCf.exe
  2⤵
  PID:3400
- C:\Windows\System\cYPVWHa.exe
  C:\Windows\System\cYPVWHa.exe
  2⤵
  PID:14720
- C:\Windows\System\CvRCLis.exe
  C:\Windows\System\CvRCLis.exe
  2⤵
  PID:3456
- C:\Windows\System\FpuyVzG.exe
  C:\Windows\System\FpuyVzG.exe
  2⤵
  PID:1564
- C:\Windows\System\UoDoOyN.exe
  C:\Windows\System\UoDoOyN.exe
  2⤵
  PID:11528
- C:\Windows\System\tFGewCr.exe
  C:\Windows\System\tFGewCr.exe
  2⤵
  PID:15040
- C:\Windows\System\HNqQEkd.exe
  C:\Windows\System\HNqQEkd.exe
  2⤵
  PID:5720
- C:\Windows\System\GTLOcKx.exe
  C:\Windows\System\GTLOcKx.exe
  2⤵
  PID:14616
- C:\Windows\System\rFAQPZP.exe
  C:\Windows\System\rFAQPZP.exe
  2⤵
  PID:5528
- C:\Windows\System\oNcAbNC.exe
  C:\Windows\System\oNcAbNC.exe
  2⤵
  PID:3508
- C:\Windows\System\UNyCwmR.exe
  C:\Windows\System\UNyCwmR.exe
  2⤵
  PID:5692
- C:\Windows\System\rZBoTbU.exe
  C:\Windows\System\rZBoTbU.exe
  2⤵
  PID:11440
- C:\Windows\System\SoSoEuc.exe
  C:\Windows\System\SoSoEuc.exe
  2⤵
  PID:5948
- C:\Windows\System\kdRUtVw.exe
  C:\Windows\System\kdRUtVw.exe
  2⤵
  PID:6140
- C:\Windows\System\lfuFHJp.exe
  C:\Windows\System\lfuFHJp.exe
  2⤵
  PID:5516
- C:\Windows\System\tyMbLNY.exe
  C:\Windows\System\tyMbLNY.exe
  2⤵
  PID:5884
- C:\Windows\System\WXnlnPZ.exe
  C:\Windows\System\WXnlnPZ.exe
  2⤵
  PID:1324
- C:\Windows\System\GFChOfc.exe
  C:\Windows\System\GFChOfc.exe
  2⤵
  PID:11368
- C:\Windows\System\xvndcqF.exe
  C:\Windows\System\xvndcqF.exe
  2⤵
  PID:2884
- C:\Windows\System\qOimCmy.exe
  C:\Windows\System\qOimCmy.exe
  2⤵
  PID:1824
- C:\Windows\System\xhHZcRf.exe
  C:\Windows\System\xhHZcRf.exe
  2⤵
  PID:5992
- C:\Windows\System\tasPRWq.exe
  C:\Windows\System\tasPRWq.exe
  2⤵
  PID:5344
- C:\Windows\System\OUuVAlM.exe
  C:\Windows\System\OUuVAlM.exe
  2⤵
  PID:5332
- C:\Windows\System\YEeyxDR.exe
  C:\Windows\System\YEeyxDR.exe
  2⤵
  PID:3852
- C:\Windows\System\msvGdus.exe
  C:\Windows\System\msvGdus.exe
  2⤵
  PID:2608
- C:\Windows\System\JEQUlPm.exe
  C:\Windows\System\JEQUlPm.exe
  2⤵
  PID:5844
- C:\Windows\System\lqKVPAo.exe
  C:\Windows\System\lqKVPAo.exe
  2⤵
  PID:14168
- C:\Windows\System\KAkiRbR.exe
  C:\Windows\System\KAkiRbR.exe
  2⤵
  PID:12220
- C:\Windows\System\qtRMouO.exe
  C:\Windows\System\qtRMouO.exe
  2⤵
  PID:5512
- C:\Windows\System\HkdvKjZ.exe
  C:\Windows\System\HkdvKjZ.exe
  2⤵
  PID:5296
- C:\Windows\System\SqLdBUQ.exe
  C:\Windows\System\SqLdBUQ.exe
  2⤵
  PID:6096
- C:\Windows\System\cqByTzL.exe
  C:\Windows\System\cqByTzL.exe
  2⤵
  PID:5896
- C:\Windows\System\sgCZAQF.exe
  C:\Windows\System\sgCZAQF.exe
  2⤵
  PID:6032
- C:\Windows\System\cLjRCwr.exe
  C:\Windows\System\cLjRCwr.exe
  2⤵
  PID:3180
- C:\Windows\System\yCwBgiW.exe
  C:\Windows\System\yCwBgiW.exe
  2⤵
  PID:6152
- C:\Windows\System\BokAkyt.exe
  C:\Windows\System\BokAkyt.exe
  2⤵
  PID:6248
- C:\Windows\System\UTzjOgY.exe
  C:\Windows\System\UTzjOgY.exe
  2⤵
  PID:5928
- C:\Windows\System\tOTSlOI.exe
  C:\Windows\System\tOTSlOI.exe
  2⤵
  PID:6332
- C:\Windows\System\FIFbMkK.exe
  C:\Windows\System\FIFbMkK.exe
  2⤵
  PID:6164
- C:\Windows\System\sJUwuGv.exe
  C:\Windows\System\sJUwuGv.exe
  2⤵
  PID:15392
- C:\Windows\System\qpYUkgg.exe
  C:\Windows\System\qpYUkgg.exe
  2⤵
  PID:15424
- C:\Windows\System\ehgXMRH.exe
  C:\Windows\System\ehgXMRH.exe
  2⤵
  PID:15456
- C:\Windows\System\TiEUOLv.exe
  C:\Windows\System\TiEUOLv.exe
  2⤵
  PID:15488
- C:\Windows\System\lyJbDGL.exe
  C:\Windows\System\lyJbDGL.exe
  2⤵
  PID:15520
- C:\Windows\System\OKNFYLP.exe
  C:\Windows\System\OKNFYLP.exe
  2⤵
  PID:15552
- C:\Windows\System\UAoBZKI.exe
  C:\Windows\System\UAoBZKI.exe
  2⤵
  PID:15596
- C:\Windows\System\EEVJbfd.exe
  C:\Windows\System\EEVJbfd.exe
  2⤵
  PID:15620
- C:\Windows\System\mrCugwD.exe
  C:\Windows\System\mrCugwD.exe
  2⤵
  PID:15656
- C:\Windows\System\UKImFrZ.exe
  C:\Windows\System\UKImFrZ.exe
  2⤵
  PID:15684
- C:\Windows\System\PdRoYsj.exe
  C:\Windows\System\PdRoYsj.exe
  2⤵
  PID:15700
- C:\Windows\System\GDHXVaq.exe
  C:\Windows\System\GDHXVaq.exe
  2⤵
  PID:15728
- C:\Windows\System\khlbssP.exe
  C:\Windows\System\khlbssP.exe
  2⤵
  PID:15744
- C:\Windows\System\FdcqBdc.exe
  C:\Windows\System\FdcqBdc.exe
  2⤵
  PID:15796
- C:\Windows\System\WRFKeQR.exe
  C:\Windows\System\WRFKeQR.exe
  2⤵
  PID:15844
- C:\Windows\System\qIxhvyP.exe
  C:\Windows\System\qIxhvyP.exe
  2⤵
  PID:15876
- C:\Windows\System\KzrPDMN.exe
  C:\Windows\System\KzrPDMN.exe
  2⤵
  PID:15900
- C:\Windows\System\ZaEyOJg.exe
  C:\Windows\System\ZaEyOJg.exe
  2⤵
  PID:15924
- C:\Windows\System\oauprgf.exe
  C:\Windows\System\oauprgf.exe
  2⤵
  PID:15940
- C:\Windows\System\EpgAyTN.exe
  C:\Windows\System\EpgAyTN.exe
  2⤵
  PID:15988
- C:\Windows\System\ueKxjth.exe
  C:\Windows\System\ueKxjth.exe
  2⤵
  PID:16024
- C:\Windows\System\JqDJwcy.exe
  C:\Windows\System\JqDJwcy.exe
  2⤵
  PID:16068
- C:\Windows\System\dpFTwhF.exe
  C:\Windows\System\dpFTwhF.exe
  2⤵
  PID:16100
- C:\Windows\System\SDMwBLo.exe
  C:\Windows\System\SDMwBLo.exe
  2⤵
  PID:16116
- C:\Windows\System\NPKlFSQ.exe
  C:\Windows\System\NPKlFSQ.exe
  2⤵
  PID:16148
- C:\Windows\System\XWJsGOx.exe
  C:\Windows\System\XWJsGOx.exe
  2⤵
  PID:16180
- C:\Windows\System\NmoCkkp.exe
  C:\Windows\System\NmoCkkp.exe
  2⤵
  PID:16212
- C:\Windows\System\nzEYFpI.exe
  C:\Windows\System\nzEYFpI.exe
  2⤵
  PID:16260
- C:\Windows\System\ajpheMF.exe
  C:\Windows\System\ajpheMF.exe
  2⤵
  PID:16276
- C:\Windows\System\auNzNFl.exe
  C:\Windows\System\auNzNFl.exe
  2⤵
  PID:16324
- C:\Windows\System\aGqAmth.exe
  C:\Windows\System\aGqAmth.exe
  2⤵
  PID:16344
- C:\Windows\System\FBjLQAa.exe
  C:\Windows\System\FBjLQAa.exe
  2⤵
  PID:15384
- C:\Windows\System\yvZlBqJ.exe
  C:\Windows\System\yvZlBqJ.exe
  2⤵
  PID:15420
- C:\Windows\System\VNnJeBM.exe
  C:\Windows\System\VNnJeBM.exe
  2⤵
  PID:6524
- C:\Windows\System\ogoMtDH.exe
  C:\Windows\System\ogoMtDH.exe
  2⤵
  PID:15504
- C:\Windows\System\JbpyBzV.exe
  C:\Windows\System\JbpyBzV.exe
  2⤵
  PID:15544
- C:\Windows\System\bdUiIJE.exe
  C:\Windows\System\bdUiIJE.exe
  2⤵
  PID:6624
- C:\Windows\System\KNgpFPW.exe
  C:\Windows\System\KNgpFPW.exe
  2⤵
  PID:15612
- C:\Windows\System\PVoHROU.exe
  C:\Windows\System\PVoHROU.exe
  2⤵
  PID:15648
- C:\Windows\System\qhCTntU.exe
  C:\Windows\System\qhCTntU.exe
  2⤵
  PID:15676
- C:\Windows\System\MlXsUuG.exe
  C:\Windows\System\MlXsUuG.exe
  2⤵
  PID:7020
- C:\Windows\System\YhSAdAX.exe
  C:\Windows\System\YhSAdAX.exe
  2⤵
  PID:15740
- C:\Windows\System\fSXrVWE.exe
  C:\Windows\System\fSXrVWE.exe
  2⤵
  PID:15832
- C:\Windows\System\uPFStrO.exe
  C:\Windows\System\uPFStrO.exe
  2⤵
  PID:15920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ALgnIfb.exe

Filesize
5.7MB

MD5
e76ee177be18676cad7b330541fceeb4

SHA1
bc3c1ead771a9070598e3f41d321d77786304d64

SHA256
a1f3e4e336cbb14d1310b01db28f35cb418fe740b76d3476c9dfa82fda6ca8a2

SHA512
6eb1eb1d30de060af1aeff4b3fc5ddc9a9e0c870a698156b63f5701bd9a8def97b3fe8df0dba1b2ceab2c65927a2bfdf16b8a4a8de317ec93c04257cf9a26271

Download Submit
C:\Windows\System\AXMjvxE.exe

Filesize
5.7MB

MD5
1028cc98a4bec3df9c17bf43ebf73581

SHA1
231dbb369ca59de95e32ecd40b6aa2dc22502906

SHA256
818ed85ed047f134277cfe6ddddb9cbed48a21ad909f89a66a8241730bc7b3ba

SHA512
035232be4033e6e6dc51bbf4fefcd356581419ed9856e7e6b3a2eb499bb32c361ad635cf596b12ae586369def4210170bd71bc6acc62881cf37adbbec813f1d4

Download Submit
C:\Windows\System\AfebWyX.exe

Filesize
5.7MB

MD5
9bf10be306cb83d07092911071fa3e09

SHA1
b8743d3cfcefbbae47c93c0d111443d8758ecd17

SHA256
08ade973a64dec8293b0248c8cd1e280777852082e6d8677f43488241dc317cd

SHA512
e1e4ab256206805a134451cb98d4a446c60b61e3620acd588fe5b9a1cb7b97ede454aa0e7f835ff0a3291a27db1d234643d46f775f6291563e0e746df3ad3429

Download Submit
C:\Windows\System\ErUkdyR.exe

Filesize
5.7MB

MD5
1bf0adc5a3271a40188112c066a822aa

SHA1
11fa27c40851efeba4cd76b54b54ef9df10e88c0

SHA256
95d0ff18e4c32dc4e754a928bda0835ace79d32a39e8a84d9982b6723eee7121

SHA512
eb7fa21d9839ad9ceb6b0a48aaf7502820c318d202f1f1e49a0e054eaa2dae08ecda0344452f39cb0f29a4fae49f73cbd6adebb942a3bcb79cac5ffc61ace20c

Download Submit
C:\Windows\System\HjbEXKG.exe

Filesize
5.7MB

MD5
c67c959debf578c5689ac4e63ea914b4

SHA1
a8aa15d763f634ee059cf1032c97d0cf78504457

SHA256
1b3c284d79c5883733d6150fd88558ad0006c7ac1c5b6ce849181a4bbdbb8555

SHA512
1d4f49ee203036ec85e61e7c07a86011a0b367cf85c4009d398044640dccca7923710a1b303e959733c601c9a352727d51202468013a2195a81f25f3783bacf2

Download Submit
C:\Windows\System\IToxTyH.exe

Filesize
5.7MB

MD5
29e6aee7e3639c5e39cdeccea56b1da2

SHA1
5d9843e30c262a14ea46c8143d722fdda3604052

SHA256
b0e4d518a44ed7778b549c26e1d96563377dcd0177fede2f11669ffa77c821de

SHA512
393e116ef4beb62ac77f39d7e5350409aac0a2511ac997a45bb3117e541c6dfd00d83cabcebc48ef35dcac0e5f1ff17a8136cddbd7b30c0bff08eaaab86eeda4

Download Submit
C:\Windows\System\KDMupoK.exe

Filesize
5.7MB

MD5
2663cf310a2829de89e3bde1b1d06928

SHA1
a37aeb8aaee22418c00fe7f07e85491ec858e011

SHA256
ad8f4ddba7821554e69a692fc9d3dc6277b28c5ec53414655f4d138fae24ac2b

SHA512
5e5d678d437e14628d83753fb85bff9983b1f314fb6771649a06365dd8f6f0a6eba82e4ae22748f28006915ab5191956a746bbc6072dc49ddaeeaa81f45de5f0

Download Submit
C:\Windows\System\KxaRvWm.exe

Filesize
5.7MB

MD5
abd25da6c8fd7e1b0ec457f8a3a298ff

SHA1
9931de3d20728b9b99bc462e30692e3bd5c7ef07

SHA256
60593318fa287ef09ab07f816bc04f1ca1e4b34379c443f92a3bfa17ef835fa3

SHA512
1f5c7e89845588155d23829ef0be30a7c0cf4147f2339484bb28901b2e7d770c224d7eccdc7f20801eb3723509f6f32938ef2c4544aaa163136f92b7a33539b3

Download Submit
C:\Windows\System\LhKrGoB.exe

Filesize
5.7MB

MD5
ebff0f31a2e6f4e44c95c1ed4bcc897b

SHA1
b199a7dde80571cf2b2bb518e6361cb439d1f05d

SHA256
ccafbb72f6c09fc2283724f83ff3d29706822fcfbc8b27cbf971c1220dc686e8

SHA512
011e574e15814f6dc589d27209fdc1b278e862d729b1c5ba85551e7f7a306b7520fde88ffb7cacc457831ab883f84e973a97a24900895bc4b858ceabdef2f76d

Download Submit
C:\Windows\System\MVtxTVl.exe

Filesize
5.7MB

MD5
ca80093dd3ddf11b09466035c4307f20

SHA1
a067b54402a3ede8ca3047d16d070e6938c6966e

SHA256
240e799dcb2e4c66adc8bbbf13d15f1398f125081efdcdd52d69ae6b222f77d5

SHA512
8136118c990025edb82c84164198187910e85be65859fccc46a9dd37346468c53d7b5a4568a72868280af6bf90cbdc7069d31bdfb4bb0f93e32904b8cb5995b8

Download Submit
C:\Windows\System\McZEjXt.exe

Filesize
5.7MB

MD5
f6470ea4bc9e7655a8894cd8fce29630

SHA1
d43c7619d6f0e4ccc6e4b590122ddc917d17f2fd

SHA256
3da1831c67df0253a987cdd564c42a748ba877c502e945a934b65468f21927ae

SHA512
acd342f3c499f54dd742145b1f3c619c04426237313d3a5a93e342f84891c89b6a61ec0f38ccbe88d51190a4e98058b7a6a3d72708a0f80140e1ca556f35e4a0

Download Submit
C:\Windows\System\MlstGLH.exe

Filesize
5.7MB

MD5
5069da25d4b6cd4ac59c5357ac1973dc

SHA1
0398af0b057da81a9bdea9db6a9a045b36f37235

SHA256
f8da67a5ae091640dcec8486d483b75af4fe51820898d2e53c551ede4191a651

SHA512
b06f084c696f04e53ea6c315355607ddee83e59d52d74681c4052c984d4e0685d8a1e5c17def6b0d1cbd7e84b5824e305c0754cc622bd22cc239117b8a3656ed

Download Submit
C:\Windows\System\OnXcQbk.exe

Filesize
5.7MB

MD5
0f0ac8005702142a3631c01ca3045a2a

SHA1
e1b7b202be04f388beb64a8e5d97ad1f388be656

SHA256
99cfc6ec6b7fe88188b3bd514e6b46d653f12e407622483d1d9a33696d5d7461

SHA512
6a548319378005dcffc6c904b01f8cc11a68032883c68fe09596e4840aeb9ba7c26a7b090017da7703087c0928b023181ab8af1e94874438f3d9a18e613c8d7a

Download Submit
C:\Windows\System\QifyGZk.exe

Filesize
5.7MB

MD5
4a20eea50f195affce3434efaccf29fb

SHA1
7af4fc96590cec2ba91a066ecf438892d0569822

SHA256
0090b6447da6014850b7a89eaa39dc1204af005dab1209a14fb5bdc7d8c3be43

SHA512
a4122cc49a9438e2a237f322d0553183a9ca71faf216b27aefdc892474add9a703b54a38f6ad19e005df7844eb41836d1a6a9ec5acf7fb7809f620a75cb99299

Download Submit
C:\Windows\System\REqWbiq.exe

Filesize
5.7MB

MD5
5438bfa0646d2be1bced2acdfae0dc2c

SHA1
90a22899c678d4f675c523eb7d7c4bad0fd47a36

SHA256
b4ad6086cdb01af34efedc91d993a9c9b7326fbbc5ce01dca9fd07fbb8c79bbc

SHA512
0af4e20f03210020e89e243ddc648c0eb4310765932fa2bbb99bdfec76aadfea09871242db92179ea2e1928f8350e7a61643026649d23ce1e8ac90d951406df1

Download Submit
C:\Windows\System\UWSuFxm.exe

Filesize
5.7MB

MD5
d91d2889f49204a2b0c4404f845b87d6

SHA1
5f1cb14fde43c61526d241ad19b7a2c9f0161490

SHA256
95e4e84bdf9561e0423b807eb68147b343da3341d40ce6d3d48ddebe9e1c9328

SHA512
5e769c618a40974e1815b8c43b0ee0c836b3c132e2ec9f4d2070ea049e940d9b3bf34372d5dea859bf3aee0f3f1e8004a855c91b237c707c43331715a1b832e8

Download Submit
C:\Windows\System\VPQEYsD.exe

Filesize
5.7MB

MD5
12f2657ccc822aa53f93b2527650c1dd

SHA1
7d2957591bfba645ba949b8c3926a7715f49ea57

SHA256
60258928e614dab056e18e45b9722eb0f2b593c3ffc50a87a814a2bef669e5b6

SHA512
b5a771b54f94026ab09e00923355153d1755dbe32f3fa06aa7e13fef356536c15fc0d3b82d6920416ece5fd50389fd6f26b00da434952f810998183a5d6120ef

Download Submit
C:\Windows\System\WKgAGTC.exe

Filesize
5.7MB

MD5
f7065ec7725712dd9687d778ea4fa86e

SHA1
0ffd29d562a1f9a31b1d2dd7aea723e7e7f1fc19

SHA256
60ff6f14a165105175e9830f8ce130512a6c09c13e8e0589c34a8a325c5e6c91

SHA512
1115b160ce0f344d06ffde1a27c5cfa06ca674d1a1f921e83fdbc5da1bdbbeeec56ce3c89438c4105c31c9b6d896ceca942e7df9e790b79454f5b55d5fd1e255

Download Submit
C:\Windows\System\YEkfwdb.exe

Filesize
5.7MB

MD5
9125469e0d5880f4d89378addf1bd049

SHA1
beb79c4df160106204512ba6d861d34ab53afae0

SHA256
ab8943088c235cfa30fa25781e32fa097eadb06949f5e961783db55c3d33f0d0

SHA512
fa199d5ccc35c693f50f02395b93bc8be1df7a6264e328ae98b85826ad5ce08d241074d3b0d810fa4ea74881cf5ffb578c2fc111262a7496e9c291991219e29a

Download Submit
C:\Windows\System\YeFkAOr.exe

Filesize
5.7MB

MD5
9511d691aa5e6afafdf1457f80082f05

SHA1
88a42c7715e0fced8671770b772feea09004f565

SHA256
9fbfb0a232eaf4cf00613377a0f017686ec37b1d3c345234f1fb974a73e160de

SHA512
0c4c42b7e10caf542b12e3acc041241114c4bf0fa3a526ed0fee5cbbfbfb5fcddaf25a1f618ba7bfc280a09c0c7b505306ff3ad387b8ad9de4612866b98a2662

Download Submit
C:\Windows\System\aIrRFOC.exe

Filesize
5.7MB

MD5
2a1461198ca275981f6190993178c22e

SHA1
5f007e4ce63e0bc50a2c16aaf1271c54084105cb

SHA256
1c8c6afb5c40b482e85e5cfec26bd40ba9cc6d2407d64cba4a8e6c58afb25b1e

SHA512
efe0720460c161e35d67a235a9b66f71ddec81bb34c65cefc89c5448d853f8e2492161a2756201698662e071ac79e6478f6911fb7024d9ef3e6a443f1dda3572

Download Submit
C:\Windows\System\cnZShgr.exe

Filesize
5.7MB

MD5
b3083274bc52681e41688f4efc0363f4

SHA1
f7159c1f71306a9c6bc8083cd1fa9d1c8be734c1

SHA256
a3c8a9c70d68847855b0a15e41bdddc68eb8d6ac22739b0a35d580d9b6f31b24

SHA512
f3d435508a41e19b482437929f0b063885d5318f15ff6a69a76e9122682e750842cb73218d968698e089e34fa0b68e5761b57c8dba18b7e4305973a2bbbfdc3a

Download Submit
C:\Windows\System\dNOwfxA.exe

Filesize
5.7MB

MD5
1746813bdd4bae35e1601dc498c355b2

SHA1
79bc5e598aa6f9a7332a949435a13c5810b86f7b

SHA256
58df7eb9f5780ff78b5121520a4752c42806bbb94ee0a191ff095be1f15f3832

SHA512
9d872193b1cfdeb8460f406ac79f538fa0bdca0a94200e9db1e04b9bcbc542b73ea9f3f5e4e599c3ff614d16f4d0f574a3553384ba8e8e66b07a2c4d160c941d

Download Submit
C:\Windows\System\gcclSQl.exe

Filesize
5.7MB

MD5
8ca1188abcc1fb117ff65198e1337b7d

SHA1
d4a4229d9c3082fd09a892d2e09922e24f837726

SHA256
3e65bb34d94ea39688d91c7bb9c0a0333cc8e133a155e698474dd7546e971bc6

SHA512
d511483237958bfa832a763a33aadc9935f2d0242a443a0b21bf13ca30f5b426c8fea1ac937d301927e39e8883b70589a0ca2143c1f6e88b9546e1169493f5e3

Download Submit
C:\Windows\System\imkqlJy.exe

Filesize
5.7MB

MD5
11d309c69e186bfad66f215d3b126836

SHA1
1546e969067bcaf8e7b80a2949a4641e793b2b77

SHA256
5700f10a2ce1ba0b27fd5aa28505a4a08b419582a7434b6d8f63d3e3c8402e87

SHA512
9845f73614bb2fab8dbd11dc591d764e58c4832725a41332a20b7a0ac3c8327871b456afee99dd045f4016a45ae9569d3ad73e4df20817f58e20495ab056f6c6

Download Submit
C:\Windows\System\jaDqPmK.exe

Filesize
5.7MB

MD5
cfe78b85f11d44365ed7dd38392c8c25

SHA1
7cdf55848acb283215f917b9814cb5ef090d4d5d

SHA256
ccde1beaeca7df7ad4bd09bdea4ebc7165bcde6bc574b749550702815c226590

SHA512
934440296c3cd2f3d86f09f669d7b61920ae9c655237cb8d2d87ef71cf7dac083d7ee59ad2998bb59b0d81840e9504e8b7ad9ada9ec8e2973fe3808ff880bc45

Download Submit
C:\Windows\System\pKBFbLL.exe

Filesize
5.7MB

MD5
dd8a58a88339c596e841772fd2673b07

SHA1
c4f7bd72f63ff5895917c7b1593ebf57a9fc1224

SHA256
1f020e339f27c9102458e90abbd9b8eb2388ebae3cbae398b8bbe8bbe098851d

SHA512
7e35d523a52cd6b118b0b9c8629c2bdee0d5a99db9c47a484a3b915e0d83252d92560db39a6b7c03b915300e92569e0bc1290fcd34cbff24726b72ab2b544e04

Download Submit
C:\Windows\System\paySIkW.exe

Filesize
5.7MB

MD5
c50c3f7d66810d3f645b39e3944cbce3

SHA1
324d7f798f943900478923aa276b6ee1df0b610b

SHA256
8560e36baadfb512da9a4f006b854c061894585f75f8fa97d6366b9f981b01d6

SHA512
810a80c03a6e0e6c00cd625ed3dd641969733b37c8c5a05465c472c4e870ac0b22e819e8b4dd8172f3dadb27e23ce504ac015d771f57326889c4e96f5ec2a5d8

Download Submit
C:\Windows\System\rpbsjkD.exe

Filesize
5.7MB

MD5
8457abb06470d9f217d05a6fbcf09474

SHA1
70ebe7dad6aedfb67485adfe1cb0267317663e70

SHA256
9a50bbbaeeb968213de849870345d3b4edd4574e07dd071898ace9e7492581d2

SHA512
dffd081f9834a9f41d04e58008919008c22746a71953170f0361a761f1025cdf934b5be206cbc4eb83d87226710ba8e757ddbbddd8dcd5f7811fc73d1f3b5807

Download Submit
C:\Windows\System\syinEnd.exe

Filesize
5.7MB

MD5
4e1d433d6b5a82183962d5f03ffbcba2

SHA1
e78a4716536fdcbc7fc8ac06cacb847f115ad823

SHA256
e2ef77410f78afd8785b7782400fdcb836a406507f7a65a5e21c81aca9601635

SHA512
ed0000e1b8a1a2fe7e34a784fab1271ef6287139275c24ad73b5b600d4289c5f0128f25a3195abbe9760aaaf594ababb60cf4e5c29ec99e0cdb45c1ec7e252c4

Download Submit
C:\Windows\System\uaWPqVh.exe

Filesize
5.7MB

MD5
13dcdaaeadbae37dd3f7c7ef2de2d119

SHA1
38517e4ebbbc81874da46a16ad6a8f06846fbe79

SHA256
7cfc04b6ffa8c4aa40a8da84b6d19693965b2af9de7a70ed968491aeff21b76e

SHA512
95feecf5f45bda3ad9f77e8e5aead8aa80225fe9b660cf374ab96ef98f91174634f1bf91928a8d7cfc1b8978e602c4d4ef930733dbebbe268d47fc15545b2213

Download Submit
C:\Windows\System\wfFhUlQ.exe

Filesize
5.7MB

MD5
307ea484f3e7daca4346dea6f0a0dc4e

SHA1
e027e98cedb586dd3b15202c4036c0dc0f93e4c3

SHA256
9966c82d02f4d5c8e5e60a8d6bf59e9db055653020a0548c01253a80e3382637

SHA512
ea047c5126c8a30d0a368e2bbc055f0d545a093248cba5ecb144be2bed0c51660f17d79bbde9503be8fb1214842ba2b09b3b8b60d3df7f4eae8b88c32871db40

Download Submit
memory/488-172-0x00007FF720510000-0x00007FF72085D000-memory.dmp

Filesize
3.3MB

Download
memory/772-103-0x00007FF7F1EC0000-0x00007FF7F220D000-memory.dmp

Filesize
3.3MB

Download
memory/828-25-0x00007FF7758B0000-0x00007FF775BFD000-memory.dmp

Filesize
3.3MB

Download
memory/908-133-0x00007FF69E2C0000-0x00007FF69E60D000-memory.dmp

Filesize
3.3MB

Download
memory/1064-89-0x00007FF6E1380000-0x00007FF6E16CD000-memory.dmp

Filesize
3.3MB

Download
memory/1120-118-0x00007FF78D790000-0x00007FF78DADD000-memory.dmp

Filesize
3.3MB

Download
memory/1136-61-0x00007FF665880000-0x00007FF665BCD000-memory.dmp

Filesize
3.3MB

Download
memory/1764-122-0x00007FF7D4A50000-0x00007FF7D4D9D000-memory.dmp

Filesize
3.3MB

Download
memory/1880-178-0x00007FF663610000-0x00007FF66395D000-memory.dmp

Filesize
3.3MB

Download
memory/1984-97-0x00007FF61C0A0000-0x00007FF61C3ED000-memory.dmp

Filesize
3.3MB

Download
memory/2064-48-0x00007FF706280000-0x00007FF7065CD000-memory.dmp

Filesize
3.3MB

Download
memory/2268-168-0x00007FF6A4340000-0x00007FF6A468D000-memory.dmp

Filesize
3.3MB

Download
memory/2556-52-0x00007FF76E210000-0x00007FF76E55D000-memory.dmp

Filesize
3.3MB

Download
memory/2664-90-0x00007FF679980000-0x00007FF679CCD000-memory.dmp

Filesize
3.3MB

Download
memory/2900-139-0x00007FF61B760000-0x00007FF61BAAD000-memory.dmp

Filesize
3.3MB

Download
memory/2944-180-0x00007FF6872E0000-0x00007FF68762D000-memory.dmp

Filesize
3.3MB

Download
memory/3188-127-0x00007FF7785C0000-0x00007FF77890D000-memory.dmp

Filesize
3.3MB

Download
memory/3440-19-0x00007FF618410000-0x00007FF61875D000-memory.dmp

Filesize
3.3MB

Download
memory/3892-145-0x00007FF7F5640000-0x00007FF7F598D000-memory.dmp

Filesize
3.3MB

Download
memory/3936-55-0x00007FF68DC20000-0x00007FF68DF6D000-memory.dmp

Filesize
3.3MB

Download
memory/4056-120-0x00007FF676260000-0x00007FF6765AD000-memory.dmp

Filesize
3.3MB

Download
memory/4172-151-0x00007FF6CBA70000-0x00007FF6CBDBD000-memory.dmp

Filesize
3.3MB

Download
memory/4320-187-0x00007FF674C10000-0x00007FF674F5D000-memory.dmp

Filesize
3.3MB

Download
memory/4424-130-0x00007FF6334E0000-0x00007FF63382D000-memory.dmp

Filesize
3.3MB

Download
memory/4512-58-0x00007FF68A400000-0x00007FF68A74D000-memory.dmp

Filesize
3.3MB

Download
memory/4516-28-0x00007FF675F40000-0x00007FF67628D000-memory.dmp

Filesize
3.3MB

Download
memory/4800-69-0x00007FF7CCFE0000-0x00007FF7CD32D000-memory.dmp

Filesize
3.3MB

Download
memory/4844-136-0x00007FF726480000-0x00007FF7267CD000-memory.dmp

Filesize
3.3MB

Download
memory/4852-1-0x0000017AEF650000-0x0000017AEF660000-memory.dmp

Filesize
64KB

Download
memory/4852-0-0x00007FF7A2AF0000-0x00007FF7A2E3D000-memory.dmp

Filesize
3.3MB

Download
memory/4912-164-0x00007FF653990000-0x00007FF653CDD000-memory.dmp

Filesize
3.3MB

Download
memory/4948-37-0x00007FF61C810000-0x00007FF61CB5D000-memory.dmp

Filesize
3.3MB

Download
memory/5108-10-0x00007FF629350000-0x00007FF62969D000-memory.dmp

Filesize
3.3MB

Download