cobaltstrike | 447a9c1f712c9ac18e14a7e23dd4a52a5e1d3bae9897df3aa43705068b2bb104

Analysis

max time kernel
47s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
29-01-2025 17:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

ea108ac2aa6fa643d7e2f3ab7ab81f1b
SHA1

6214c70256051d43ba23a18ec8a84f3a9e3fde11
SHA256

447a9c1f712c9ac18e14a7e23dd4a52a5e1d3bae9897df3aa43705068b2bb104
SHA512

779cf5926f55b3672d536356b8ae28e29a74dc1634af23cfc80c5460ba4427963ade8dd4e530b3e77a162557f8aadc70a1476bb9cccd35b436c6d9eaca0a9155
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU7:T+q56utgpPF8u/77

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 3 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0031000000023b6c-22.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023b6e-36.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b70-46.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/968-0-0x00007FF7DA110000-0x00007FF7DA464000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b6b-16.dat	xmrig
behavioral2/files/0x000b000000023b6b-19.dat	xmrig
behavioral2/files/0x0031000000023b6c-22.dat	xmrig
behavioral2/memory/5036-25-0x00007FF64F590000-0x00007FF64F8E4000-memory.dmp	xmrig
behavioral2/memory/964-32-0x00007FF6863E0000-0x00007FF686734000-memory.dmp	xmrig
behavioral2/files/0x0031000000023b6e-36.dat	xmrig
behavioral2/files/0x000a000000023b71-51.dat	xmrig
behavioral2/files/0x000a000000023b75-70.dat	xmrig
behavioral2/memory/4684-71-0x00007FF6541F0000-0x00007FF654544000-memory.dmp	xmrig
behavioral2/memory/2872-75-0x00007FF616880000-0x00007FF616BD4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b77-90.dat	xmrig
behavioral2/files/0x000a000000023b78-95.dat	xmrig
behavioral2/files/0x000a000000023b7a-106.dat	xmrig
behavioral2/files/0x000a000000023b7d-118.dat	xmrig
behavioral2/files/0x000a000000023b83-153.dat	xmrig
behavioral2/memory/1464-260-0x00007FF7CB6C0000-0x00007FF7CBA14000-memory.dmp	xmrig
behavioral2/memory/1284-279-0x00007FF7F11B0000-0x00007FF7F1504000-memory.dmp	xmrig
behavioral2/memory/1952-282-0x00007FF76EFF0000-0x00007FF76F344000-memory.dmp	xmrig
behavioral2/memory/1684-285-0x00007FF782D00000-0x00007FF783054000-memory.dmp	xmrig
behavioral2/memory/2172-287-0x00007FF6468D0000-0x00007FF646C24000-memory.dmp	xmrig
behavioral2/memory/4312-289-0x00007FF6BEC70000-0x00007FF6BEFC4000-memory.dmp	xmrig
behavioral2/memory/1912-291-0x00007FF6C7F40000-0x00007FF6C8294000-memory.dmp	xmrig
behavioral2/memory/996-293-0x00007FF6AF1B0000-0x00007FF6AF504000-memory.dmp	xmrig
behavioral2/memory/2960-296-0x00007FF738410000-0x00007FF738764000-memory.dmp	xmrig
behavioral2/memory/2944-297-0x00007FF723980000-0x00007FF723CD4000-memory.dmp	xmrig
behavioral2/memory/2948-295-0x00007FF6CC3B0000-0x00007FF6CC704000-memory.dmp	xmrig
behavioral2/memory/4860-294-0x00007FF6F9240000-0x00007FF6F9594000-memory.dmp	xmrig
behavioral2/memory/3712-292-0x00007FF772DA0000-0x00007FF7730F4000-memory.dmp	xmrig
behavioral2/memory/4532-290-0x00007FF61EF40000-0x00007FF61F294000-memory.dmp	xmrig
behavioral2/memory/2628-288-0x00007FF6456C0000-0x00007FF645A14000-memory.dmp	xmrig
behavioral2/memory/3220-286-0x00007FF71FF90000-0x00007FF7202E4000-memory.dmp	xmrig
behavioral2/memory/4848-284-0x00007FF7E48A0000-0x00007FF7E4BF4000-memory.dmp	xmrig
behavioral2/memory/2332-283-0x00007FF6D7C10000-0x00007FF6D7F64000-memory.dmp	xmrig
behavioral2/memory/3604-281-0x00007FF71D280000-0x00007FF71D5D4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b88-172.dat	xmrig
behavioral2/files/0x000a000000023b86-168.dat	xmrig
behavioral2/files/0x000a000000023b84-159.dat	xmrig
behavioral2/files/0x000a000000023b85-157.dat	xmrig
behavioral2/files/0x000a000000023b84-155.dat	xmrig
behavioral2/files/0x000a000000023b83-147.dat	xmrig
behavioral2/files/0x000a000000023b81-144.dat	xmrig
behavioral2/files/0x000a000000023b80-136.dat	xmrig
behavioral2/files/0x000a000000023b7f-134.dat	xmrig
behavioral2/memory/3724-477-0x00007FF6A0450000-0x00007FF6A07A4000-memory.dmp	xmrig
behavioral2/memory/2864-575-0x00007FF6AD630000-0x00007FF6AD984000-memory.dmp	xmrig
behavioral2/memory/3724-1904-0x00007FF6A0450000-0x00007FF6A07A4000-memory.dmp	xmrig
behavioral2/memory/1528-1908-0x00007FF7AF5B0000-0x00007FF7AF904000-memory.dmp	xmrig
behavioral2/memory/2864-1917-0x00007FF6AD630000-0x00007FF6AD984000-memory.dmp	xmrig
behavioral2/memory/5036-1930-0x00007FF64F590000-0x00007FF64F8E4000-memory.dmp	xmrig
behavioral2/memory/4684-1949-0x00007FF6541F0000-0x00007FF654544000-memory.dmp	xmrig
behavioral2/memory/4912-1955-0x00007FF75C260000-0x00007FF75C5B4000-memory.dmp	xmrig
behavioral2/memory/4860-1978-0x00007FF6F9240000-0x00007FF6F9594000-memory.dmp	xmrig
behavioral2/memory/2960-1993-0x00007FF738410000-0x00007FF738764000-memory.dmp	xmrig
behavioral2/memory/1284-2002-0x00007FF7F11B0000-0x00007FF7F1504000-memory.dmp	xmrig
behavioral2/memory/3604-2014-0x00007FF71D280000-0x00007FF71D5D4000-memory.dmp	xmrig
behavioral2/memory/1684-2034-0x00007FF782D00000-0x00007FF783054000-memory.dmp	xmrig
behavioral2/memory/2628-2045-0x00007FF6456C0000-0x00007FF645A14000-memory.dmp	xmrig
behavioral2/memory/3712-2066-0x00007FF772DA0000-0x00007FF7730F4000-memory.dmp	xmrig
behavioral2/memory/1912-2062-0x00007FF6C7F40000-0x00007FF6C8294000-memory.dmp	xmrig
behavioral2/memory/4532-2056-0x00007FF61EF40000-0x00007FF61F294000-memory.dmp	xmrig
behavioral2/memory/4312-2052-0x00007FF6BEC70000-0x00007FF6BEFC4000-memory.dmp	xmrig
behavioral2/memory/2172-2043-0x00007FF6468D0000-0x00007FF646C24000-memory.dmp	xmrig
behavioral2/memory/3220-2037-0x00007FF71FF90000-0x00007FF7202E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3724	BhrQtSf.exe
1528	vrjoJlt.exe
2864	NYGlqzq.exe
5036	wRdHCtX.exe
964	iGvSOce.exe
996	GFbPaXj.exe
4684	SIgYInQ.exe
4912	lkLBogd.exe
2872	xmURNTM.exe
3036	SchfoTh.exe
2812	rWaDMSE.exe
1464	WZmPMYh.exe
4860	SegAGMD.exe
2948	cTXeQsu.exe
2960	YLMhsZZ.exe
1284	pWGfUwJ.exe
2944	vmLDgYi.exe
3604	JtRKAtK.exe
1952	kHpbEaE.exe
2332	lFfBbCR.exe
4848	wpgUNyc.exe
1684	mazgdCX.exe
3220	ygJNrSF.exe
2172	OCxCCXW.exe
2628	NftHCTP.exe
4312	hlrTmjO.exe
4532	zNExUUe.exe
1912	QkWbSsG.exe
3712	wuajiqQ.exe
4244	xSOdqXC.exe
3804	ZsusXvt.exe
4616	DvLFBvC.exe
1744	JJjWCSx.exe
3444	KIfaRAE.exe
2248	UmPlIvd.exe
3140	NaNwyiq.exe
4056	AyqrzXp.exe
2320	vonfuRN.exe
2992	omQHPdv.exe
2796	pWlDfEH.exe
2160	GaNiETF.exe
3292	GybbXXC.exe
3904	CagxRom.exe
2116	PIidkiZ.exe
4176	VWsJiYX.exe
1352	vbfwfiI.exe
2800	hHNYWpJ.exe
1068	SizMvTk.exe
4548	nzmliQt.exe
2756	IbekTPg.exe
2904	ncBcjzX.exe
3848	OtQZYQK.exe
3308	LeWYHcV.exe
4356	rXKrNhe.exe
1724	xIbTQNd.exe
2372	VhgBFrk.exe
2448	OsrBBmW.exe
4036	BCrSanT.exe
4976	WAUFyhE.exe
1340	ZfCyvFg.exe
1140	OCEfuSf.exe
1604	OMnKDyB.exe
4136	qWltsMi.exe
4920	yQOiNSr.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/968-0-0x00007FF7DA110000-0x00007FF7DA464000-memory.dmp	upx
behavioral2/files/0x000b000000023b6b-16.dat	upx
behavioral2/files/0x000b000000023b6b-19.dat	upx
behavioral2/files/0x0031000000023b6c-22.dat	upx
behavioral2/memory/5036-25-0x00007FF64F590000-0x00007FF64F8E4000-memory.dmp	upx
behavioral2/memory/964-32-0x00007FF6863E0000-0x00007FF686734000-memory.dmp	upx
behavioral2/files/0x0031000000023b6e-36.dat	upx
behavioral2/files/0x000a000000023b71-51.dat	upx
behavioral2/files/0x000a000000023b75-70.dat	upx
behavioral2/memory/4684-71-0x00007FF6541F0000-0x00007FF654544000-memory.dmp	upx
behavioral2/memory/2872-75-0x00007FF616880000-0x00007FF616BD4000-memory.dmp	upx
behavioral2/files/0x000a000000023b77-90.dat	upx
behavioral2/files/0x000a000000023b78-95.dat	upx
behavioral2/files/0x000a000000023b7a-106.dat	upx
behavioral2/files/0x000a000000023b7d-118.dat	upx
behavioral2/files/0x000a000000023b83-153.dat	upx
behavioral2/memory/1464-260-0x00007FF7CB6C0000-0x00007FF7CBA14000-memory.dmp	upx
behavioral2/memory/1284-279-0x00007FF7F11B0000-0x00007FF7F1504000-memory.dmp	upx
behavioral2/memory/1952-282-0x00007FF76EFF0000-0x00007FF76F344000-memory.dmp	upx
behavioral2/memory/1684-285-0x00007FF782D00000-0x00007FF783054000-memory.dmp	upx
behavioral2/memory/2172-287-0x00007FF6468D0000-0x00007FF646C24000-memory.dmp	upx
behavioral2/memory/4312-289-0x00007FF6BEC70000-0x00007FF6BEFC4000-memory.dmp	upx
behavioral2/memory/1912-291-0x00007FF6C7F40000-0x00007FF6C8294000-memory.dmp	upx
behavioral2/memory/996-293-0x00007FF6AF1B0000-0x00007FF6AF504000-memory.dmp	upx
behavioral2/memory/2960-296-0x00007FF738410000-0x00007FF738764000-memory.dmp	upx
behavioral2/memory/2944-297-0x00007FF723980000-0x00007FF723CD4000-memory.dmp	upx
behavioral2/memory/2948-295-0x00007FF6CC3B0000-0x00007FF6CC704000-memory.dmp	upx
behavioral2/memory/4860-294-0x00007FF6F9240000-0x00007FF6F9594000-memory.dmp	upx
behavioral2/memory/3712-292-0x00007FF772DA0000-0x00007FF7730F4000-memory.dmp	upx
behavioral2/memory/4532-290-0x00007FF61EF40000-0x00007FF61F294000-memory.dmp	upx
behavioral2/memory/2628-288-0x00007FF6456C0000-0x00007FF645A14000-memory.dmp	upx
behavioral2/memory/3220-286-0x00007FF71FF90000-0x00007FF7202E4000-memory.dmp	upx
behavioral2/memory/4848-284-0x00007FF7E48A0000-0x00007FF7E4BF4000-memory.dmp	upx
behavioral2/memory/2332-283-0x00007FF6D7C10000-0x00007FF6D7F64000-memory.dmp	upx
behavioral2/memory/3604-281-0x00007FF71D280000-0x00007FF71D5D4000-memory.dmp	upx
behavioral2/files/0x000a000000023b88-172.dat	upx
behavioral2/files/0x000a000000023b86-168.dat	upx
behavioral2/files/0x000a000000023b84-159.dat	upx
behavioral2/files/0x000a000000023b85-157.dat	upx
behavioral2/files/0x000a000000023b84-155.dat	upx
behavioral2/files/0x000a000000023b83-147.dat	upx
behavioral2/files/0x000a000000023b81-144.dat	upx
behavioral2/files/0x000a000000023b80-136.dat	upx
behavioral2/files/0x000a000000023b7f-134.dat	upx
behavioral2/memory/3724-477-0x00007FF6A0450000-0x00007FF6A07A4000-memory.dmp	upx
behavioral2/memory/2864-575-0x00007FF6AD630000-0x00007FF6AD984000-memory.dmp	upx
behavioral2/memory/3724-1904-0x00007FF6A0450000-0x00007FF6A07A4000-memory.dmp	upx
behavioral2/memory/1528-1908-0x00007FF7AF5B0000-0x00007FF7AF904000-memory.dmp	upx
behavioral2/memory/2864-1917-0x00007FF6AD630000-0x00007FF6AD984000-memory.dmp	upx
behavioral2/memory/5036-1930-0x00007FF64F590000-0x00007FF64F8E4000-memory.dmp	upx
behavioral2/memory/4684-1949-0x00007FF6541F0000-0x00007FF654544000-memory.dmp	upx
behavioral2/memory/4912-1955-0x00007FF75C260000-0x00007FF75C5B4000-memory.dmp	upx
behavioral2/memory/4860-1978-0x00007FF6F9240000-0x00007FF6F9594000-memory.dmp	upx
behavioral2/memory/2960-1993-0x00007FF738410000-0x00007FF738764000-memory.dmp	upx
behavioral2/memory/1284-2002-0x00007FF7F11B0000-0x00007FF7F1504000-memory.dmp	upx
behavioral2/memory/3604-2014-0x00007FF71D280000-0x00007FF71D5D4000-memory.dmp	upx
behavioral2/memory/1684-2034-0x00007FF782D00000-0x00007FF783054000-memory.dmp	upx
behavioral2/memory/2628-2045-0x00007FF6456C0000-0x00007FF645A14000-memory.dmp	upx
behavioral2/memory/3712-2066-0x00007FF772DA0000-0x00007FF7730F4000-memory.dmp	upx
behavioral2/memory/1912-2062-0x00007FF6C7F40000-0x00007FF6C8294000-memory.dmp	upx
behavioral2/memory/4532-2056-0x00007FF61EF40000-0x00007FF61F294000-memory.dmp	upx
behavioral2/memory/4312-2052-0x00007FF6BEC70000-0x00007FF6BEFC4000-memory.dmp	upx
behavioral2/memory/2172-2043-0x00007FF6468D0000-0x00007FF646C24000-memory.dmp	upx
behavioral2/memory/3220-2037-0x00007FF71FF90000-0x00007FF7202E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\OtQZYQK.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WAUFyhE.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nOhlkBg.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qjzWrSi.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vzZDAOY.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nwOOlUf.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RlDFeNs.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ucHJGBr.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sgBuBDX.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\leDnCry.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tudsthC.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QcYmalp.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\anyhTsY.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XeiHLKE.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tZSVpnw.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WdeewOr.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kzKsCkj.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hZOzCAJ.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bAFlVoe.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tuJDgMV.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NYGlqzq.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\omQHPdv.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PIidkiZ.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nXghHOE.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LlqEHxr.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BgMMViE.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BaDtYSa.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TJSBTCq.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ywaryIe.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PVaunYu.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cSzepvp.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SdCEThl.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QBDSqLM.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kcdLgfH.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ScmdKEz.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YLMhsZZ.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pymqPoY.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ExpjLau.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iqjyfNZ.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vugsxbc.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RUKpDHf.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lUXIpdP.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xMRUngs.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pvCNcbh.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gKktgMo.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cFDgeZO.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gHnCdpN.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\syEvHiH.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cIxhvhP.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dwQCAgj.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uuxujHj.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wnhExFg.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\psJjwzH.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JHhbTRd.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UMhrLgl.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MgTfhCi.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JQzpUnV.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZvnKmkl.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ATSkOMl.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IbekTPg.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tPJISGj.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kITzoxh.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xxbZbHI.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zLEWiGg.exe	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 968 wrote to memory of 3724	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 968 wrote to memory of 3724	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 968 wrote to memory of 1528	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 968 wrote to memory of 1528	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 968 wrote to memory of 2864	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 968 wrote to memory of 2864	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 968 wrote to memory of 5036	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 968 wrote to memory of 5036	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 968 wrote to memory of 964	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 968 wrote to memory of 964	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 968 wrote to memory of 996	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 968 wrote to memory of 996	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 968 wrote to memory of 4684	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 968 wrote to memory of 4684	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 968 wrote to memory of 4912	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 968 wrote to memory of 4912	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 968 wrote to memory of 2872	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 968 wrote to memory of 2872	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 968 wrote to memory of 3036	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 968 wrote to memory of 3036	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 968 wrote to memory of 2812	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 968 wrote to memory of 2812	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 968 wrote to memory of 1464	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 968 wrote to memory of 1464	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 968 wrote to memory of 4860	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 968 wrote to memory of 4860	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 968 wrote to memory of 2948	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 968 wrote to memory of 2948	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 968 wrote to memory of 2960	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 968 wrote to memory of 2960	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 968 wrote to memory of 1284	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 968 wrote to memory of 1284	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 968 wrote to memory of 2944	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 968 wrote to memory of 2944	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 968 wrote to memory of 3604	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 968 wrote to memory of 3604	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 968 wrote to memory of 1952	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 968 wrote to memory of 1952	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 968 wrote to memory of 2332	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 968 wrote to memory of 2332	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 968 wrote to memory of 4848	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 968 wrote to memory of 4848	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 968 wrote to memory of 1684	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 968 wrote to memory of 1684	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 968 wrote to memory of 3220	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 968 wrote to memory of 3220	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 968 wrote to memory of 2172	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 968 wrote to memory of 2172	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 968 wrote to memory of 2628	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 968 wrote to memory of 2628	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 968 wrote to memory of 4312	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 968 wrote to memory of 4312	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 968 wrote to memory of 4532	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 968 wrote to memory of 4532	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 968 wrote to memory of 1912	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 968 wrote to memory of 1912	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 968 wrote to memory of 3712	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 968 wrote to memory of 3712	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 968 wrote to memory of 4244	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 968 wrote to memory of 4244	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 968 wrote to memory of 3804	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 968 wrote to memory of 3804	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 968 wrote to memory of 4616	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 968 wrote to memory of 4616	968	2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe	117

C:\Users\Admin\AppData\Local\Temp\1475839342\zmstage.exe
C:\Users\Admin\AppData\Local\Temp\1475839342\zmstage.exe
1⤵
PID:2248

C:\Users\Admin\AppData\Local\Temp\2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-29_ea108ac2aa6fa643d7e2f3ab7ab81f1b_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:968
- C:\Windows\System\BhrQtSf.exe
  C:\Windows\System\BhrQtSf.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\vrjoJlt.exe
  C:\Windows\System\vrjoJlt.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\NYGlqzq.exe
  C:\Windows\System\NYGlqzq.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\wRdHCtX.exe
  C:\Windows\System\wRdHCtX.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\iGvSOce.exe
  C:\Windows\System\iGvSOce.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\GFbPaXj.exe
  C:\Windows\System\GFbPaXj.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\SIgYInQ.exe
  C:\Windows\System\SIgYInQ.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\lkLBogd.exe
  C:\Windows\System\lkLBogd.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\xmURNTM.exe
  C:\Windows\System\xmURNTM.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\SchfoTh.exe
  C:\Windows\System\SchfoTh.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\rWaDMSE.exe
  C:\Windows\System\rWaDMSE.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\WZmPMYh.exe
  C:\Windows\System\WZmPMYh.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\SegAGMD.exe
  C:\Windows\System\SegAGMD.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\cTXeQsu.exe
  C:\Windows\System\cTXeQsu.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\YLMhsZZ.exe
  C:\Windows\System\YLMhsZZ.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\pWGfUwJ.exe
  C:\Windows\System\pWGfUwJ.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\vmLDgYi.exe
  C:\Windows\System\vmLDgYi.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\JtRKAtK.exe
  C:\Windows\System\JtRKAtK.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\kHpbEaE.exe
  C:\Windows\System\kHpbEaE.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\lFfBbCR.exe
  C:\Windows\System\lFfBbCR.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\wpgUNyc.exe
  C:\Windows\System\wpgUNyc.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\mazgdCX.exe
  C:\Windows\System\mazgdCX.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\ygJNrSF.exe
  C:\Windows\System\ygJNrSF.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System\OCxCCXW.exe
  C:\Windows\System\OCxCCXW.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\NftHCTP.exe
  C:\Windows\System\NftHCTP.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\hlrTmjO.exe
  C:\Windows\System\hlrTmjO.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\zNExUUe.exe
  C:\Windows\System\zNExUUe.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\QkWbSsG.exe
  C:\Windows\System\QkWbSsG.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\wuajiqQ.exe
  C:\Windows\System\wuajiqQ.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\xSOdqXC.exe
  C:\Windows\System\xSOdqXC.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System\ZsusXvt.exe
  C:\Windows\System\ZsusXvt.exe
  2⤵
  - Executes dropped EXE
  PID:3804
- C:\Windows\System\DvLFBvC.exe
  C:\Windows\System\DvLFBvC.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\JJjWCSx.exe
  C:\Windows\System\JJjWCSx.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\KIfaRAE.exe
  C:\Windows\System\KIfaRAE.exe
  2⤵
  - Executes dropped EXE
  PID:3444
- C:\Windows\System\UmPlIvd.exe
  C:\Windows\System\UmPlIvd.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\NaNwyiq.exe
  C:\Windows\System\NaNwyiq.exe
  2⤵
  - Executes dropped EXE
  PID:3140
- C:\Windows\System\AyqrzXp.exe
  C:\Windows\System\AyqrzXp.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\vonfuRN.exe
  C:\Windows\System\vonfuRN.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\omQHPdv.exe
  C:\Windows\System\omQHPdv.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\pWlDfEH.exe
  C:\Windows\System\pWlDfEH.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\GaNiETF.exe
  C:\Windows\System\GaNiETF.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\GybbXXC.exe
  C:\Windows\System\GybbXXC.exe
  2⤵
  - Executes dropped EXE
  PID:3292
- C:\Windows\System\CagxRom.exe
  C:\Windows\System\CagxRom.exe
  2⤵
  - Executes dropped EXE
  PID:3904
- C:\Windows\System\PIidkiZ.exe
  C:\Windows\System\PIidkiZ.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\VWsJiYX.exe
  C:\Windows\System\VWsJiYX.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\vbfwfiI.exe
  C:\Windows\System\vbfwfiI.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\hHNYWpJ.exe
  C:\Windows\System\hHNYWpJ.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\SizMvTk.exe
  C:\Windows\System\SizMvTk.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\nzmliQt.exe
  C:\Windows\System\nzmliQt.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\IbekTPg.exe
  C:\Windows\System\IbekTPg.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\ncBcjzX.exe
  C:\Windows\System\ncBcjzX.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\OtQZYQK.exe
  C:\Windows\System\OtQZYQK.exe
  2⤵
  - Executes dropped EXE
  PID:3848
- C:\Windows\System\LeWYHcV.exe
  C:\Windows\System\LeWYHcV.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System\rXKrNhe.exe
  C:\Windows\System\rXKrNhe.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\xIbTQNd.exe
  C:\Windows\System\xIbTQNd.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\VhgBFrk.exe
  C:\Windows\System\VhgBFrk.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\OsrBBmW.exe
  C:\Windows\System\OsrBBmW.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\BCrSanT.exe
  C:\Windows\System\BCrSanT.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\WAUFyhE.exe
  C:\Windows\System\WAUFyhE.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\ZfCyvFg.exe
  C:\Windows\System\ZfCyvFg.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\OCEfuSf.exe
  C:\Windows\System\OCEfuSf.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\OMnKDyB.exe
  C:\Windows\System\OMnKDyB.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\qWltsMi.exe
  C:\Windows\System\qWltsMi.exe
  2⤵
  - Executes dropped EXE
  PID:4136
- C:\Windows\System\yQOiNSr.exe
  C:\Windows\System\yQOiNSr.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\KxuTcsy.exe
  C:\Windows\System\KxuTcsy.exe
  2⤵
  PID:3976
- C:\Windows\System\Nkukawz.exe
  C:\Windows\System\Nkukawz.exe
  2⤵
  PID:1776
- C:\Windows\System\bQsrHgr.exe
  C:\Windows\System\bQsrHgr.exe
  2⤵
  PID:2512
- C:\Windows\System\SwUYSFc.exe
  C:\Windows\System\SwUYSFc.exe
  2⤵
  PID:5096
- C:\Windows\System\ZLcXvyn.exe
  C:\Windows\System\ZLcXvyn.exe
  2⤵
  PID:3564
- C:\Windows\System\fweWOZP.exe
  C:\Windows\System\fweWOZP.exe
  2⤵
  PID:2104
- C:\Windows\System\AHfHxZy.exe
  C:\Windows\System\AHfHxZy.exe
  2⤵
  PID:4084
- C:\Windows\System\mNZJVHr.exe
  C:\Windows\System\mNZJVHr.exe
  2⤵
  PID:1028
- C:\Windows\System\ksPSZKW.exe
  C:\Windows\System\ksPSZKW.exe
  2⤵
  PID:3776
- C:\Windows\System\QjmmUuc.exe
  C:\Windows\System\QjmmUuc.exe
  2⤵
  PID:1064
- C:\Windows\System\BHtfWHE.exe
  C:\Windows\System\BHtfWHE.exe
  2⤵
  PID:1088
- C:\Windows\System\Mekhllw.exe
  C:\Windows\System\Mekhllw.exe
  2⤵
  PID:2280
- C:\Windows\System\UEgGnJa.exe
  C:\Windows\System\UEgGnJa.exe
  2⤵
  PID:2232
- C:\Windows\System\HYyaTbw.exe
  C:\Windows\System\HYyaTbw.exe
  2⤵
  PID:4168
- C:\Windows\System\Leqoaas.exe
  C:\Windows\System\Leqoaas.exe
  2⤵
  PID:4804
- C:\Windows\System\FaXschZ.exe
  C:\Windows\System\FaXschZ.exe
  2⤵
  PID:4388
- C:\Windows\System\MnauxJW.exe
  C:\Windows\System\MnauxJW.exe
  2⤵
  PID:2660
- C:\Windows\System\VigoOed.exe
  C:\Windows\System\VigoOed.exe
  2⤵
  PID:1932
- C:\Windows\System\lxKxRDE.exe
  C:\Windows\System\lxKxRDE.exe
  2⤵
  PID:1640
- C:\Windows\System\dfFbPUl.exe
  C:\Windows\System\dfFbPUl.exe
  2⤵
  PID:4196
- C:\Windows\System\HGharRu.exe
  C:\Windows\System\HGharRu.exe
  2⤵
  PID:1108
- C:\Windows\System\pymqPoY.exe
  C:\Windows\System\pymqPoY.exe
  2⤵
  PID:4588
- C:\Windows\System\axRtOEd.exe
  C:\Windows\System\axRtOEd.exe
  2⤵
  PID:1112
- C:\Windows\System\QjkNxYO.exe
  C:\Windows\System\QjkNxYO.exe
  2⤵
  PID:1632
- C:\Windows\System\igaFvvj.exe
  C:\Windows\System\igaFvvj.exe
  2⤵
  PID:668
- C:\Windows\System\VFKmpev.exe
  C:\Windows\System\VFKmpev.exe
  2⤵
  PID:4440
- C:\Windows\System\UXJoiQP.exe
  C:\Windows\System\UXJoiQP.exe
  2⤵
  PID:4776
- C:\Windows\System\kPNxmum.exe
  C:\Windows\System\kPNxmum.exe
  2⤵
  PID:4916
- C:\Windows\System\XDbTlhE.exe
  C:\Windows\System\XDbTlhE.exe
  2⤵
  PID:5152
- C:\Windows\System\TJSBTCq.exe
  C:\Windows\System\TJSBTCq.exe
  2⤵
  PID:5176
- C:\Windows\System\iYEibQI.exe
  C:\Windows\System\iYEibQI.exe
  2⤵
  PID:5204
- C:\Windows\System\LiPfuZC.exe
  C:\Windows\System\LiPfuZC.exe
  2⤵
  PID:5236
- C:\Windows\System\RSMzvUP.exe
  C:\Windows\System\RSMzvUP.exe
  2⤵
  PID:5264
- C:\Windows\System\prEgXdO.exe
  C:\Windows\System\prEgXdO.exe
  2⤵
  PID:5280
- C:\Windows\System\WAlpLue.exe
  C:\Windows\System\WAlpLue.exe
  2⤵
  PID:5308
- C:\Windows\System\eODGzjn.exe
  C:\Windows\System\eODGzjn.exe
  2⤵
  PID:5344
- C:\Windows\System\JHhbTRd.exe
  C:\Windows\System\JHhbTRd.exe
  2⤵
  PID:5364
- C:\Windows\System\wYorPYl.exe
  C:\Windows\System\wYorPYl.exe
  2⤵
  PID:5404
- C:\Windows\System\kvjxfOG.exe
  C:\Windows\System\kvjxfOG.exe
  2⤵
  PID:5436
- C:\Windows\System\OdbKxdm.exe
  C:\Windows\System\OdbKxdm.exe
  2⤵
  PID:5464
- C:\Windows\System\TviOCdA.exe
  C:\Windows\System\TviOCdA.exe
  2⤵
  PID:5484
- C:\Windows\System\zsmWnPn.exe
  C:\Windows\System\zsmWnPn.exe
  2⤵
  PID:5520
- C:\Windows\System\nXghHOE.exe
  C:\Windows\System\nXghHOE.exe
  2⤵
  PID:5552
- C:\Windows\System\PXwiMKt.exe
  C:\Windows\System\PXwiMKt.exe
  2⤵
  PID:5580
- C:\Windows\System\UtwUlEi.exe
  C:\Windows\System\UtwUlEi.exe
  2⤵
  PID:5608
- C:\Windows\System\NqObZfs.exe
  C:\Windows\System\NqObZfs.exe
  2⤵
  PID:5640
- C:\Windows\System\AfJQBYE.exe
  C:\Windows\System\AfJQBYE.exe
  2⤵
  PID:5660
- C:\Windows\System\xqhlapG.exe
  C:\Windows\System\xqhlapG.exe
  2⤵
  PID:5696
- C:\Windows\System\IZHdIOQ.exe
  C:\Windows\System\IZHdIOQ.exe
  2⤵
  PID:5724
- C:\Windows\System\ACAgnTb.exe
  C:\Windows\System\ACAgnTb.exe
  2⤵
  PID:5752
- C:\Windows\System\tPJISGj.exe
  C:\Windows\System\tPJISGj.exe
  2⤵
  PID:5780
- C:\Windows\System\yMYkoMa.exe
  C:\Windows\System\yMYkoMa.exe
  2⤵
  PID:5812
- C:\Windows\System\YKwKJvo.exe
  C:\Windows\System\YKwKJvo.exe
  2⤵
  PID:5840
- C:\Windows\System\dwQCAgj.exe
  C:\Windows\System\dwQCAgj.exe
  2⤵
  PID:5856
- C:\Windows\System\rjkWyze.exe
  C:\Windows\System\rjkWyze.exe
  2⤵
  PID:5892
- C:\Windows\System\UEjihug.exe
  C:\Windows\System\UEjihug.exe
  2⤵
  PID:5924
- C:\Windows\System\BvkOZNz.exe
  C:\Windows\System\BvkOZNz.exe
  2⤵
  PID:5948
- C:\Windows\System\wxohNCz.exe
  C:\Windows\System\wxohNCz.exe
  2⤵
  PID:5980
- C:\Windows\System\iKmNPWg.exe
  C:\Windows\System\iKmNPWg.exe
  2⤵
  PID:6000
- C:\Windows\System\ThRHRCJ.exe
  C:\Windows\System\ThRHRCJ.exe
  2⤵
  PID:6028
- C:\Windows\System\rlsFPok.exe
  C:\Windows\System\rlsFPok.exe
  2⤵
  PID:6068
- C:\Windows\System\CCLlrti.exe
  C:\Windows\System\CCLlrti.exe
  2⤵
  PID:6096
- C:\Windows\System\hXytNrl.exe
  C:\Windows\System\hXytNrl.exe
  2⤵
  PID:6124
- C:\Windows\System\tygsudF.exe
  C:\Windows\System\tygsudF.exe
  2⤵
  PID:6140
- C:\Windows\System\JyaJGIE.exe
  C:\Windows\System\JyaJGIE.exe
  2⤵
  PID:5212
- C:\Windows\System\ZsHtdAd.exe
  C:\Windows\System\ZsHtdAd.exe
  2⤵
  PID:5244
- C:\Windows\System\Cbxxgqx.exe
  C:\Windows\System\Cbxxgqx.exe
  2⤵
  PID:5300
- C:\Windows\System\DFZiwsZ.exe
  C:\Windows\System\DFZiwsZ.exe
  2⤵
  PID:5384
- C:\Windows\System\FYsswRJ.exe
  C:\Windows\System\FYsswRJ.exe
  2⤵
  PID:5444
- C:\Windows\System\EhCjlOq.exe
  C:\Windows\System\EhCjlOq.exe
  2⤵
  PID:5512
- C:\Windows\System\OOiEsFy.exe
  C:\Windows\System\OOiEsFy.exe
  2⤵
  PID:5588
- C:\Windows\System\ZRimdOz.exe
  C:\Windows\System\ZRimdOz.exe
  2⤵
  PID:4216
- C:\Windows\System\jrMJukS.exe
  C:\Windows\System\jrMJukS.exe
  2⤵
  PID:5704
- C:\Windows\System\vpCFkbs.exe
  C:\Windows\System\vpCFkbs.exe
  2⤵
  PID:5768
- C:\Windows\System\dcWbolM.exe
  C:\Windows\System\dcWbolM.exe
  2⤵
  PID:4424
- C:\Windows\System\FwOwTpp.exe
  C:\Windows\System\FwOwTpp.exe
  2⤵
  PID:5900
- C:\Windows\System\EBQcEDq.exe
  C:\Windows\System\EBQcEDq.exe
  2⤵
  PID:5964
- C:\Windows\System\bylbIUh.exe
  C:\Windows\System\bylbIUh.exe
  2⤵
  PID:5992
- C:\Windows\System\qKxdiWV.exe
  C:\Windows\System\qKxdiWV.exe
  2⤵
  PID:6076
- C:\Windows\System\adzcfbZ.exe
  C:\Windows\System\adzcfbZ.exe
  2⤵
  PID:5132
- C:\Windows\System\pNyQQlM.exe
  C:\Windows\System\pNyQQlM.exe
  2⤵
  PID:5228
- C:\Windows\System\ieabEEc.exe
  C:\Windows\System\ieabEEc.exe
  2⤵
  PID:5396
- C:\Windows\System\jqiSaZk.exe
  C:\Windows\System\jqiSaZk.exe
  2⤵
  PID:5544
- C:\Windows\System\NPPPgwJ.exe
  C:\Windows\System\NPPPgwJ.exe
  2⤵
  PID:5656
- C:\Windows\System\nNxgwlQ.exe
  C:\Windows\System\nNxgwlQ.exe
  2⤵
  PID:5760
- C:\Windows\System\fcerPRL.exe
  C:\Windows\System\fcerPRL.exe
  2⤵
  PID:5956
- C:\Windows\System\tbWWjyX.exe
  C:\Windows\System\tbWWjyX.exe
  2⤵
  PID:6084
- C:\Windows\System\kPdXrCa.exe
  C:\Windows\System\kPdXrCa.exe
  2⤵
  PID:5296
- C:\Windows\System\DBUUitl.exe
  C:\Windows\System\DBUUitl.exe
  2⤵
  PID:5636
- C:\Windows\System\OncEoGZ.exe
  C:\Windows\System\OncEoGZ.exe
  2⤵
  PID:5472
- C:\Windows\System\uAUHfWC.exe
  C:\Windows\System\uAUHfWC.exe
  2⤵
  PID:432
- C:\Windows\System\fghZvjx.exe
  C:\Windows\System\fghZvjx.exe
  2⤵
  PID:5920
- C:\Windows\System\kITzoxh.exe
  C:\Windows\System\kITzoxh.exe
  2⤵
  PID:6136
- C:\Windows\System\QpKDTdV.exe
  C:\Windows\System\QpKDTdV.exe
  2⤵
  PID:6168
- C:\Windows\System\RGzewAa.exe
  C:\Windows\System\RGzewAa.exe
  2⤵
  PID:6204
- C:\Windows\System\pguNawO.exe
  C:\Windows\System\pguNawO.exe
  2⤵
  PID:6232
- C:\Windows\System\hDWilGY.exe
  C:\Windows\System\hDWilGY.exe
  2⤵
  PID:6252
- C:\Windows\System\hUVHZjI.exe
  C:\Windows\System\hUVHZjI.exe
  2⤵
  PID:6280
- C:\Windows\System\yJFlOGU.exe
  C:\Windows\System\yJFlOGU.exe
  2⤵
  PID:6316
- C:\Windows\System\rPidZYP.exe
  C:\Windows\System\rPidZYP.exe
  2⤵
  PID:6336
- C:\Windows\System\AbWQERV.exe
  C:\Windows\System\AbWQERV.exe
  2⤵
  PID:6376
- C:\Windows\System\sueNiKn.exe
  C:\Windows\System\sueNiKn.exe
  2⤵
  PID:6404
- C:\Windows\System\TlXFwag.exe
  C:\Windows\System\TlXFwag.exe
  2⤵
  PID:6432
- C:\Windows\System\NjHMPbG.exe
  C:\Windows\System\NjHMPbG.exe
  2⤵
  PID:6460
- C:\Windows\System\gdmsWzG.exe
  C:\Windows\System\gdmsWzG.exe
  2⤵
  PID:6488
- C:\Windows\System\FdzGbYR.exe
  C:\Windows\System\FdzGbYR.exe
  2⤵
  PID:6516
- C:\Windows\System\GXnZVwv.exe
  C:\Windows\System\GXnZVwv.exe
  2⤵
  PID:6544
- C:\Windows\System\fULxxqj.exe
  C:\Windows\System\fULxxqj.exe
  2⤵
  PID:6572
- C:\Windows\System\okHQUQC.exe
  C:\Windows\System\okHQUQC.exe
  2⤵
  PID:6600
- C:\Windows\System\KHxjoRi.exe
  C:\Windows\System\KHxjoRi.exe
  2⤵
  PID:6628
- C:\Windows\System\qrmWiao.exe
  C:\Windows\System\qrmWiao.exe
  2⤵
  PID:6644
- C:\Windows\System\pFqipXN.exe
  C:\Windows\System\pFqipXN.exe
  2⤵
  PID:6676
- C:\Windows\System\UMhrLgl.exe
  C:\Windows\System\UMhrLgl.exe
  2⤵
  PID:6708
- C:\Windows\System\iDptrbv.exe
  C:\Windows\System\iDptrbv.exe
  2⤵
  PID:6728
- C:\Windows\System\kmQEFCY.exe
  C:\Windows\System\kmQEFCY.exe
  2⤵
  PID:6772
- C:\Windows\System\iMgeeid.exe
  C:\Windows\System\iMgeeid.exe
  2⤵
  PID:6808
- C:\Windows\System\bldfesp.exe
  C:\Windows\System\bldfesp.exe
  2⤵
  PID:6836
- C:\Windows\System\SjGYgWu.exe
  C:\Windows\System\SjGYgWu.exe
  2⤵
  PID:6868
- C:\Windows\System\MXBLiAh.exe
  C:\Windows\System\MXBLiAh.exe
  2⤵
  PID:6888
- C:\Windows\System\slYiNCF.exe
  C:\Windows\System\slYiNCF.exe
  2⤵
  PID:6924
- C:\Windows\System\UzCFnEu.exe
  C:\Windows\System\UzCFnEu.exe
  2⤵
  PID:6948
- C:\Windows\System\YrrjHWv.exe
  C:\Windows\System\YrrjHWv.exe
  2⤵
  PID:6976
- C:\Windows\System\rOOEEgd.exe
  C:\Windows\System\rOOEEgd.exe
  2⤵
  PID:7004
- C:\Windows\System\ZAFeVzV.exe
  C:\Windows\System\ZAFeVzV.exe
  2⤵
  PID:7036
- C:\Windows\System\xsYfovp.exe
  C:\Windows\System\xsYfovp.exe
  2⤵
  PID:7060
- C:\Windows\System\lwgGRmu.exe
  C:\Windows\System\lwgGRmu.exe
  2⤵
  PID:7092
- C:\Windows\System\lRvuTQf.exe
  C:\Windows\System\lRvuTQf.exe
  2⤵
  PID:7112
- C:\Windows\System\lAYVqYr.exe
  C:\Windows\System\lAYVqYr.exe
  2⤵
  PID:7144
- C:\Windows\System\FICNVXk.exe
  C:\Windows\System\FICNVXk.exe
  2⤵
  PID:6160
- C:\Windows\System\ybmBJsE.exe
  C:\Windows\System\ybmBJsE.exe
  2⤵
  PID:1472
- C:\Windows\System\vJoLpQb.exe
  C:\Windows\System\vJoLpQb.exe
  2⤵
  PID:6244
- C:\Windows\System\XeiHLKE.exe
  C:\Windows\System\XeiHLKE.exe
  2⤵
  PID:6324
- C:\Windows\System\iUDgkZs.exe
  C:\Windows\System\iUDgkZs.exe
  2⤵
  PID:6372
- C:\Windows\System\ZPymtyY.exe
  C:\Windows\System\ZPymtyY.exe
  2⤵
  PID:4104
- C:\Windows\System\LHXUkJl.exe
  C:\Windows\System\LHXUkJl.exe
  2⤵
  PID:6512
- C:\Windows\System\NROmAmP.exe
  C:\Windows\System\NROmAmP.exe
  2⤵
  PID:6556
- C:\Windows\System\ygtOIpO.exe
  C:\Windows\System\ygtOIpO.exe
  2⤵
  PID:6636
- C:\Windows\System\IuJszFM.exe
  C:\Windows\System\IuJszFM.exe
  2⤵
  PID:6704
- C:\Windows\System\rfDjuol.exe
  C:\Windows\System\rfDjuol.exe
  2⤵
  PID:6780
- C:\Windows\System\XTqmbxk.exe
  C:\Windows\System\XTqmbxk.exe
  2⤵
  PID:6848
- C:\Windows\System\ZRCWcvW.exe
  C:\Windows\System\ZRCWcvW.exe
  2⤵
  PID:6920
- C:\Windows\System\JFZvypd.exe
  C:\Windows\System\JFZvypd.exe
  2⤵
  PID:6984
- C:\Windows\System\JzIAwCx.exe
  C:\Windows\System\JzIAwCx.exe
  2⤵
  PID:7024
- C:\Windows\System\dcBhmCG.exe
  C:\Windows\System\dcBhmCG.exe
  2⤵
  PID:7124
- C:\Windows\System\hhWbVkh.exe
  C:\Windows\System\hhWbVkh.exe
  2⤵
  PID:6724
- C:\Windows\System\tZSVpnw.exe
  C:\Windows\System\tZSVpnw.exe
  2⤵
  PID:6248
- C:\Windows\System\rKMwrge.exe
  C:\Windows\System\rKMwrge.exe
  2⤵
  PID:6392
- C:\Windows\System\ZgOxGAm.exe
  C:\Windows\System\ZgOxGAm.exe
  2⤵
  PID:6552
- C:\Windows\System\ZAvttuH.exe
  C:\Windows\System\ZAvttuH.exe
  2⤵
  PID:6692
- C:\Windows\System\grWaAEu.exe
  C:\Windows\System\grWaAEu.exe
  2⤵
  PID:6860
- C:\Windows\System\AmgiyKw.exe
  C:\Windows\System\AmgiyKw.exe
  2⤵
  PID:7016
- C:\Windows\System\xCyKMAH.exe
  C:\Windows\System\xCyKMAH.exe
  2⤵
  PID:7156
- C:\Windows\System\wYqmfvK.exe
  C:\Windows\System\wYqmfvK.exe
  2⤵
  PID:6300
- C:\Windows\System\GZIGSzg.exe
  C:\Windows\System\GZIGSzg.exe
  2⤵
  PID:6624
- C:\Windows\System\eIZmMst.exe
  C:\Windows\System\eIZmMst.exe
  2⤵
  PID:7072
- C:\Windows\System\ziuDFjm.exe
  C:\Windows\System\ziuDFjm.exe
  2⤵
  PID:6608
- C:\Windows\System\jkWzODT.exe
  C:\Windows\System\jkWzODT.exe
  2⤵
  PID:6932
- C:\Windows\System\QPnrDqC.exe
  C:\Windows\System\QPnrDqC.exe
  2⤵
  PID:7184
- C:\Windows\System\RUKpDHf.exe
  C:\Windows\System\RUKpDHf.exe
  2⤵
  PID:7220
- C:\Windows\System\JOomhYj.exe
  C:\Windows\System\JOomhYj.exe
  2⤵
  PID:7248
- C:\Windows\System\wqxSBnn.exe
  C:\Windows\System\wqxSBnn.exe
  2⤵
  PID:7272
- C:\Windows\System\cxERqLD.exe
  C:\Windows\System\cxERqLD.exe
  2⤵
  PID:7292
- C:\Windows\System\YJglIYK.exe
  C:\Windows\System\YJglIYK.exe
  2⤵
  PID:7320
- C:\Windows\System\bhVvZPZ.exe
  C:\Windows\System\bhVvZPZ.exe
  2⤵
  PID:7356
- C:\Windows\System\ELqtcJG.exe
  C:\Windows\System\ELqtcJG.exe
  2⤵
  PID:7388
- C:\Windows\System\xEoxHow.exe
  C:\Windows\System\xEoxHow.exe
  2⤵
  PID:7416
- C:\Windows\System\qgMkjGt.exe
  C:\Windows\System\qgMkjGt.exe
  2⤵
  PID:7444
- C:\Windows\System\GvKHUSG.exe
  C:\Windows\System\GvKHUSG.exe
  2⤵
  PID:7472
- C:\Windows\System\YkYkbLy.exe
  C:\Windows\System\YkYkbLy.exe
  2⤵
  PID:7500
- C:\Windows\System\gevtOvc.exe
  C:\Windows\System\gevtOvc.exe
  2⤵
  PID:7524
- C:\Windows\System\PWNhXYG.exe
  C:\Windows\System\PWNhXYG.exe
  2⤵
  PID:7556
- C:\Windows\System\OWCxwVM.exe
  C:\Windows\System\OWCxwVM.exe
  2⤵
  PID:7576
- C:\Windows\System\fGhNaeP.exe
  C:\Windows\System\fGhNaeP.exe
  2⤵
  PID:7616
- C:\Windows\System\qEJyFNj.exe
  C:\Windows\System\qEJyFNj.exe
  2⤵
  PID:7644
- C:\Windows\System\lpTKsTs.exe
  C:\Windows\System\lpTKsTs.exe
  2⤵
  PID:7668
- C:\Windows\System\vzZDAOY.exe
  C:\Windows\System\vzZDAOY.exe
  2⤵
  PID:7700
- C:\Windows\System\YQcggdm.exe
  C:\Windows\System\YQcggdm.exe
  2⤵
  PID:7728
- C:\Windows\System\OIdhmpk.exe
  C:\Windows\System\OIdhmpk.exe
  2⤵
  PID:7760
- C:\Windows\System\tzdkPoW.exe
  C:\Windows\System\tzdkPoW.exe
  2⤵
  PID:7792
- C:\Windows\System\xmaFtzi.exe
  C:\Windows\System\xmaFtzi.exe
  2⤵
  PID:7820
- C:\Windows\System\MPVpDGm.exe
  C:\Windows\System\MPVpDGm.exe
  2⤵
  PID:7848
- C:\Windows\System\kOgwCTr.exe
  C:\Windows\System\kOgwCTr.exe
  2⤵
  PID:7872
- C:\Windows\System\BpXuHcf.exe
  C:\Windows\System\BpXuHcf.exe
  2⤵
  PID:7896
- C:\Windows\System\zazPYsS.exe
  C:\Windows\System\zazPYsS.exe
  2⤵
  PID:7924
- C:\Windows\System\qgMqLZc.exe
  C:\Windows\System\qgMqLZc.exe
  2⤵
  PID:7960
- C:\Windows\System\OxRShYA.exe
  C:\Windows\System\OxRShYA.exe
  2⤵
  PID:7980
- C:\Windows\System\iyhXdLm.exe
  C:\Windows\System\iyhXdLm.exe
  2⤵
  PID:8012
- C:\Windows\System\yomsyaQ.exe
  C:\Windows\System\yomsyaQ.exe
  2⤵
  PID:8040
- C:\Windows\System\sdulUXz.exe
  C:\Windows\System\sdulUXz.exe
  2⤵
  PID:8064
- C:\Windows\System\LMRKVPB.exe
  C:\Windows\System\LMRKVPB.exe
  2⤵
  PID:8092
- C:\Windows\System\ocUGbVH.exe
  C:\Windows\System\ocUGbVH.exe
  2⤵
  PID:8132
- C:\Windows\System\vlHzRpe.exe
  C:\Windows\System\vlHzRpe.exe
  2⤵
  PID:8148
- C:\Windows\System\MgTfhCi.exe
  C:\Windows\System\MgTfhCi.exe
  2⤵
  PID:8176
- C:\Windows\System\BSBuIWr.exe
  C:\Windows\System\BSBuIWr.exe
  2⤵
  PID:7200
- C:\Windows\System\FXfxVoi.exe
  C:\Windows\System\FXfxVoi.exe
  2⤵
  PID:7284
- C:\Windows\System\kJXCgUy.exe
  C:\Windows\System\kJXCgUy.exe
  2⤵
  PID:7364
- C:\Windows\System\hnQNwaP.exe
  C:\Windows\System\hnQNwaP.exe
  2⤵
  PID:7424
- C:\Windows\System\BqGbGBk.exe
  C:\Windows\System\BqGbGBk.exe
  2⤵
  PID:7488
- C:\Windows\System\YxABWkL.exe
  C:\Windows\System\YxABWkL.exe
  2⤵
  PID:7540
- C:\Windows\System\ajUHrQf.exe
  C:\Windows\System\ajUHrQf.exe
  2⤵
  PID:7604
- C:\Windows\System\ISrOMFr.exe
  C:\Windows\System\ISrOMFr.exe
  2⤵
  PID:7680
- C:\Windows\System\GCuQKTx.exe
  C:\Windows\System\GCuQKTx.exe
  2⤵
  PID:7768
- C:\Windows\System\iKhDPkT.exe
  C:\Windows\System\iKhDPkT.exe
  2⤵
  PID:7828
- C:\Windows\System\sgBuBDX.exe
  C:\Windows\System\sgBuBDX.exe
  2⤵
  PID:7892
- C:\Windows\System\tlPYQPX.exe
  C:\Windows\System\tlPYQPX.exe
  2⤵
  PID:7944
- C:\Windows\System\sFOxeIX.exe
  C:\Windows\System\sFOxeIX.exe
  2⤵
  PID:8032
- C:\Windows\System\LRYJPsY.exe
  C:\Windows\System\LRYJPsY.exe
  2⤵
  PID:8084
- C:\Windows\System\WdeewOr.exe
  C:\Windows\System\WdeewOr.exe
  2⤵
  PID:8144
- C:\Windows\System\xxbZbHI.exe
  C:\Windows\System\xxbZbHI.exe
  2⤵
  PID:7304
- C:\Windows\System\tHFwKfR.exe
  C:\Windows\System\tHFwKfR.exe
  2⤵
  PID:7404
- C:\Windows\System\JZJHfUY.exe
  C:\Windows\System\JZJHfUY.exe
  2⤵
  PID:7612
- C:\Windows\System\gmeuifj.exe
  C:\Windows\System\gmeuifj.exe
  2⤵
  PID:7736
- C:\Windows\System\YCYjecG.exe
  C:\Windows\System\YCYjecG.exe
  2⤵
  PID:7916
- C:\Windows\System\ZQjLHfK.exe
  C:\Windows\System\ZQjLHfK.exe
  2⤵
  PID:8004
- C:\Windows\System\jOigCKT.exe
  C:\Windows\System\jOigCKT.exe
  2⤵
  PID:8168
- C:\Windows\System\ZApBlYx.exe
  C:\Windows\System\ZApBlYx.exe
  2⤵
  PID:7508
- C:\Windows\System\wMxmmsZ.exe
  C:\Windows\System\wMxmmsZ.exe
  2⤵
  PID:7940
- C:\Windows\System\TyLdkln.exe
  C:\Windows\System\TyLdkln.exe
  2⤵
  PID:1904
- C:\Windows\System\QUWyQgl.exe
  C:\Windows\System\QUWyQgl.exe
  2⤵
  PID:8128
- C:\Windows\System\qwfUhim.exe
  C:\Windows\System\qwfUhim.exe
  2⤵
  PID:8200
- C:\Windows\System\AHQbQuB.exe
  C:\Windows\System\AHQbQuB.exe
  2⤵
  PID:8220
- C:\Windows\System\xJNWSzG.exe
  C:\Windows\System\xJNWSzG.exe
  2⤵
  PID:8252
- C:\Windows\System\gLyhAKn.exe
  C:\Windows\System\gLyhAKn.exe
  2⤵
  PID:8276
- C:\Windows\System\eiFgtqV.exe
  C:\Windows\System\eiFgtqV.exe
  2⤵
  PID:8312
- C:\Windows\System\HiwZubF.exe
  C:\Windows\System\HiwZubF.exe
  2⤵
  PID:8340
- C:\Windows\System\fpBcvrX.exe
  C:\Windows\System\fpBcvrX.exe
  2⤵
  PID:8360
- C:\Windows\System\HcFRyiF.exe
  C:\Windows\System\HcFRyiF.exe
  2⤵
  PID:8400
- C:\Windows\System\ExpjLau.exe
  C:\Windows\System\ExpjLau.exe
  2⤵
  PID:8424
- C:\Windows\System\uuxujHj.exe
  C:\Windows\System\uuxujHj.exe
  2⤵
  PID:8456
- C:\Windows\System\pfTkBtH.exe
  C:\Windows\System\pfTkBtH.exe
  2⤵
  PID:8484
- C:\Windows\System\lNBEEUc.exe
  C:\Windows\System\lNBEEUc.exe
  2⤵
  PID:8512
- C:\Windows\System\lvMyhKP.exe
  C:\Windows\System\lvMyhKP.exe
  2⤵
  PID:8540
- C:\Windows\System\EIabKDV.exe
  C:\Windows\System\EIabKDV.exe
  2⤵
  PID:8568
- C:\Windows\System\OmGtgKb.exe
  C:\Windows\System\OmGtgKb.exe
  2⤵
  PID:8596
- C:\Windows\System\dUROQxq.exe
  C:\Windows\System\dUROQxq.exe
  2⤵
  PID:8624
- C:\Windows\System\hhzIRLg.exe
  C:\Windows\System\hhzIRLg.exe
  2⤵
  PID:8644
- C:\Windows\System\nOhlkBg.exe
  C:\Windows\System\nOhlkBg.exe
  2⤵
  PID:8676
- C:\Windows\System\GzyvwsD.exe
  C:\Windows\System\GzyvwsD.exe
  2⤵
  PID:8700
- C:\Windows\System\nAykVTW.exe
  C:\Windows\System\nAykVTW.exe
  2⤵
  PID:8740
- C:\Windows\System\OILYSrr.exe
  C:\Windows\System\OILYSrr.exe
  2⤵
  PID:8760
- C:\Windows\System\QpYmjJw.exe
  C:\Windows\System\QpYmjJw.exe
  2⤵
  PID:8796
- C:\Windows\System\DgzqVER.exe
  C:\Windows\System\DgzqVER.exe
  2⤵
  PID:8824
- C:\Windows\System\EYpkJfA.exe
  C:\Windows\System\EYpkJfA.exe
  2⤵
  PID:8852
- C:\Windows\System\sAoDiIN.exe
  C:\Windows\System\sAoDiIN.exe
  2⤵
  PID:8880
- C:\Windows\System\uRnDftn.exe
  C:\Windows\System\uRnDftn.exe
  2⤵
  PID:8908
- C:\Windows\System\ljDSSMD.exe
  C:\Windows\System\ljDSSMD.exe
  2⤵
  PID:8936
- C:\Windows\System\mgBXKQU.exe
  C:\Windows\System\mgBXKQU.exe
  2⤵
  PID:8964
- C:\Windows\System\rqyMXmQ.exe
  C:\Windows\System\rqyMXmQ.exe
  2⤵
  PID:8984
- C:\Windows\System\cDkZIaB.exe
  C:\Windows\System\cDkZIaB.exe
  2⤵
  PID:9020
- C:\Windows\System\OBNYmLZ.exe
  C:\Windows\System\OBNYmLZ.exe
  2⤵
  PID:9044
- C:\Windows\System\PRfvBfJ.exe
  C:\Windows\System\PRfvBfJ.exe
  2⤵
  PID:9068
- C:\Windows\System\iWTLNNp.exe
  C:\Windows\System\iWTLNNp.exe
  2⤵
  PID:9100
- C:\Windows\System\GiTowst.exe
  C:\Windows\System\GiTowst.exe
  2⤵
  PID:9124
- C:\Windows\System\leDnCry.exe
  C:\Windows\System\leDnCry.exe
  2⤵
  PID:9160
- C:\Windows\System\rQTnlZW.exe
  C:\Windows\System\rQTnlZW.exe
  2⤵
  PID:9180
- C:\Windows\System\PVZCEjW.exe
  C:\Windows\System\PVZCEjW.exe
  2⤵
  PID:9208
- C:\Windows\System\Xgofook.exe
  C:\Windows\System\Xgofook.exe
  2⤵
  PID:8264
- C:\Windows\System\SHqzPNA.exe
  C:\Windows\System\SHqzPNA.exe
  2⤵
  PID:8296
- C:\Windows\System\FHPLldF.exe
  C:\Windows\System\FHPLldF.exe
  2⤵
  PID:8356
- C:\Windows\System\nRhHCgm.exe
  C:\Windows\System\nRhHCgm.exe
  2⤵
  PID:8468
- C:\Windows\System\yyoaXEH.exe
  C:\Windows\System\yyoaXEH.exe
  2⤵
  PID:8528
- C:\Windows\System\RugbNbf.exe
  C:\Windows\System\RugbNbf.exe
  2⤵
  PID:8608
- C:\Windows\System\hAhtVyT.exe
  C:\Windows\System\hAhtVyT.exe
  2⤵
  PID:8236
- C:\Windows\System\KhRsWbI.exe
  C:\Windows\System\KhRsWbI.exe
  2⤵
  PID:8720
- C:\Windows\System\ywlAmdE.exe
  C:\Windows\System\ywlAmdE.exe
  2⤵
  PID:8784
- C:\Windows\System\itaEJbb.exe
  C:\Windows\System\itaEJbb.exe
  2⤵
  PID:8840
- C:\Windows\System\PwXYgWB.exe
  C:\Windows\System\PwXYgWB.exe
  2⤵
  PID:8916
- C:\Windows\System\QamQgUL.exe
  C:\Windows\System\QamQgUL.exe
  2⤵
  PID:8948
- C:\Windows\System\JnSaIVp.exe
  C:\Windows\System\JnSaIVp.exe
  2⤵
  PID:9028
- C:\Windows\System\uzrhYPc.exe
  C:\Windows\System\uzrhYPc.exe
  2⤵
  PID:9064
- C:\Windows\System\khEsEmO.exe
  C:\Windows\System\khEsEmO.exe
  2⤵
  PID:9148
- C:\Windows\System\MedrGbJ.exe
  C:\Windows\System\MedrGbJ.exe
  2⤵
  PID:9204
- C:\Windows\System\VPJMqAi.exe
  C:\Windows\System\VPJMqAi.exe
  2⤵
  PID:8324
- C:\Windows\System\Htzrjgi.exe
  C:\Windows\System\Htzrjgi.exe
  2⤵
  PID:8432
- C:\Windows\System\wocJCda.exe
  C:\Windows\System\wocJCda.exe
  2⤵
  PID:8636
- C:\Windows\System\XZSEYuG.exe
  C:\Windows\System\XZSEYuG.exe
  2⤵
  PID:8752
- C:\Windows\System\KPXBGAK.exe
  C:\Windows\System\KPXBGAK.exe
  2⤵
  PID:8924
- C:\Windows\System\SZxeHBa.exe
  C:\Windows\System\SZxeHBa.exe
  2⤵
  PID:9052
- C:\Windows\System\RzdpcFx.exe
  C:\Windows\System\RzdpcFx.exe
  2⤵
  PID:9200
- C:\Windows\System\dCSIWNr.exe
  C:\Windows\System\dCSIWNr.exe
  2⤵
  PID:8524
- C:\Windows\System\YxkEOJI.exe
  C:\Windows\System\YxkEOJI.exe
  2⤵
  PID:8808
- C:\Windows\System\tudsthC.exe
  C:\Windows\System\tudsthC.exe
  2⤵
  PID:5148
- C:\Windows\System\rKpNchJ.exe
  C:\Windows\System\rKpNchJ.exe
  2⤵
  PID:3252
- C:\Windows\System\YQISbwd.exe
  C:\Windows\System\YQISbwd.exe
  2⤵
  PID:8352
- C:\Windows\System\elkDGeo.exe
  C:\Windows\System\elkDGeo.exe
  2⤵
  PID:9224
- C:\Windows\System\lZPmCaV.exe
  C:\Windows\System\lZPmCaV.exe
  2⤵
  PID:9256
- C:\Windows\System\qcuMqvZ.exe
  C:\Windows\System\qcuMqvZ.exe
  2⤵
  PID:9280
- C:\Windows\System\INEXAsz.exe
  C:\Windows\System\INEXAsz.exe
  2⤵
  PID:9308
- C:\Windows\System\CmkrZLO.exe
  C:\Windows\System\CmkrZLO.exe
  2⤵
  PID:9336
- C:\Windows\System\ZQZrslI.exe
  C:\Windows\System\ZQZrslI.exe
  2⤵
  PID:9368
- C:\Windows\System\QqBmcCl.exe
  C:\Windows\System\QqBmcCl.exe
  2⤵
  PID:9396
- C:\Windows\System\nZFZWoa.exe
  C:\Windows\System\nZFZWoa.exe
  2⤵
  PID:9428
- C:\Windows\System\hfCLnKh.exe
  C:\Windows\System\hfCLnKh.exe
  2⤵
  PID:9456
- C:\Windows\System\YArYBoG.exe
  C:\Windows\System\YArYBoG.exe
  2⤵
  PID:9484
- C:\Windows\System\nqHPKqy.exe
  C:\Windows\System\nqHPKqy.exe
  2⤵
  PID:9512
- C:\Windows\System\JaIZeHc.exe
  C:\Windows\System\JaIZeHc.exe
  2⤵
  PID:9540
- C:\Windows\System\QCkYTOn.exe
  C:\Windows\System\QCkYTOn.exe
  2⤵
  PID:9568
- C:\Windows\System\BMvRrTf.exe
  C:\Windows\System\BMvRrTf.exe
  2⤵
  PID:9596
- C:\Windows\System\RRTOdjf.exe
  C:\Windows\System\RRTOdjf.exe
  2⤵
  PID:9624
- C:\Windows\System\bRXOrAK.exe
  C:\Windows\System\bRXOrAK.exe
  2⤵
  PID:9644
- C:\Windows\System\IOvdJCa.exe
  C:\Windows\System\IOvdJCa.exe
  2⤵
  PID:9692
- C:\Windows\System\unsycSV.exe
  C:\Windows\System\unsycSV.exe
  2⤵
  PID:9752
- C:\Windows\System\cQwMamn.exe
  C:\Windows\System\cQwMamn.exe
  2⤵
  PID:9780
- C:\Windows\System\Twwxkls.exe
  C:\Windows\System\Twwxkls.exe
  2⤵
  PID:9824
- C:\Windows\System\wvXzMUl.exe
  C:\Windows\System\wvXzMUl.exe
  2⤵
  PID:9916
- C:\Windows\System\unMTcAe.exe
  C:\Windows\System\unMTcAe.exe
  2⤵
  PID:9960
- C:\Windows\System\YgQEzXb.exe
  C:\Windows\System\YgQEzXb.exe
  2⤵
  PID:10012
- C:\Windows\System\nwOOlUf.exe
  C:\Windows\System\nwOOlUf.exe
  2⤵
  PID:10052
- C:\Windows\System\GpgRUBG.exe
  C:\Windows\System\GpgRUBG.exe
  2⤵
  PID:10092
- C:\Windows\System\BdHCfbm.exe
  C:\Windows\System\BdHCfbm.exe
  2⤵
  PID:10120
- C:\Windows\System\SPEyXmT.exe
  C:\Windows\System\SPEyXmT.exe
  2⤵
  PID:10164
- C:\Windows\System\QwOdKqH.exe
  C:\Windows\System\QwOdKqH.exe
  2⤵
  PID:10212
- C:\Windows\System\iqjyfNZ.exe
  C:\Windows\System\iqjyfNZ.exe
  2⤵
  PID:9240
- C:\Windows\System\gFIrwjX.exe
  C:\Windows\System\gFIrwjX.exe
  2⤵
  PID:9348
- C:\Windows\System\xrfKVcT.exe
  C:\Windows\System\xrfKVcT.exe
  2⤵
  PID:9412
- C:\Windows\System\rcBxmTZ.exe
  C:\Windows\System\rcBxmTZ.exe
  2⤵
  PID:9472
- C:\Windows\System\BFSmLbA.exe
  C:\Windows\System\BFSmLbA.exe
  2⤵
  PID:9560
- C:\Windows\System\bsubxHK.exe
  C:\Windows\System\bsubxHK.exe
  2⤵
  PID:9632
- C:\Windows\System\RBpPwkP.exe
  C:\Windows\System\RBpPwkP.exe
  2⤵
  PID:9664
- C:\Windows\System\BwtkjaT.exe
  C:\Windows\System\BwtkjaT.exe
  2⤵
  PID:9676
- C:\Windows\System\FhCxYpE.exe
  C:\Windows\System\FhCxYpE.exe
  2⤵
  PID:9768
- C:\Windows\System\wYNgFCk.exe
  C:\Windows\System\wYNgFCk.exe
  2⤵
  PID:9904
- C:\Windows\System\vDrFAvx.exe
  C:\Windows\System\vDrFAvx.exe
  2⤵
  PID:9992
- C:\Windows\System\vhceGrZ.exe
  C:\Windows\System\vhceGrZ.exe
  2⤵
  PID:10080
- C:\Windows\System\kzKsCkj.exe
  C:\Windows\System\kzKsCkj.exe
  2⤵
  PID:9988
- C:\Windows\System\IbOEKkQ.exe
  C:\Windows\System\IbOEKkQ.exe
  2⤵
  PID:10156
- C:\Windows\System\hQYjmvC.exe
  C:\Windows\System\hQYjmvC.exe
  2⤵
  PID:2336
- C:\Windows\System\jBpZxzW.exe
  C:\Windows\System\jBpZxzW.exe
  2⤵
  PID:2024
- C:\Windows\System\vMgbZXX.exe
  C:\Windows\System\vMgbZXX.exe
  2⤵
  PID:9288
- C:\Windows\System\UDRLrMt.exe
  C:\Windows\System\UDRLrMt.exe
  2⤵
  PID:9464
- C:\Windows\System\mMbZxwU.exe
  C:\Windows\System\mMbZxwU.exe
  2⤵
  PID:2508
- C:\Windows\System\lUXIpdP.exe
  C:\Windows\System\lUXIpdP.exe
  2⤵
  PID:9736
- C:\Windows\System\gAoNPUn.exe
  C:\Windows\System\gAoNPUn.exe
  2⤵
  PID:9956
- C:\Windows\System\bVdDXNX.exe
  C:\Windows\System\bVdDXNX.exe
  2⤵
  PID:10112
- C:\Windows\System\OBJBHjK.exe
  C:\Windows\System\OBJBHjK.exe
  2⤵
  PID:8864
- C:\Windows\System\oWolElb.exe
  C:\Windows\System\oWolElb.exe
  2⤵
  PID:9444
- C:\Windows\System\EWfykJn.exe
  C:\Windows\System\EWfykJn.exe
  2⤵
  PID:9580
- C:\Windows\System\DRvibDM.exe
  C:\Windows\System\DRvibDM.exe
  2⤵
  PID:1816
- C:\Windows\System\hZOzCAJ.exe
  C:\Windows\System\hZOzCAJ.exe
  2⤵
  PID:10104
- C:\Windows\System\ptnxfrv.exe
  C:\Windows\System\ptnxfrv.exe
  2⤵
  PID:9704
- C:\Windows\System\UzdACgL.exe
  C:\Windows\System\UzdACgL.exe
  2⤵
  PID:9896
- C:\Windows\System\KfXfdqU.exe
  C:\Windows\System\KfXfdqU.exe
  2⤵
  PID:2528
- C:\Windows\System\oZEzELm.exe
  C:\Windows\System\oZEzELm.exe
  2⤵
  PID:10084
- C:\Windows\System\UuKjbIS.exe
  C:\Windows\System\UuKjbIS.exe
  2⤵
  PID:9724
- C:\Windows\System\zvIVAkI.exe
  C:\Windows\System\zvIVAkI.exe
  2⤵
  PID:10252
- C:\Windows\System\plteCtj.exe
  C:\Windows\System\plteCtj.exe
  2⤵
  PID:10280
- C:\Windows\System\sIupLSK.exe
  C:\Windows\System\sIupLSK.exe
  2⤵
  PID:10312
- C:\Windows\System\uJyTyiO.exe
  C:\Windows\System\uJyTyiO.exe
  2⤵
  PID:10340
- C:\Windows\System\iuGobfz.exe
  C:\Windows\System\iuGobfz.exe
  2⤵
  PID:10368
- C:\Windows\System\cCOprJe.exe
  C:\Windows\System\cCOprJe.exe
  2⤵
  PID:10396
- C:\Windows\System\wSEBOsy.exe
  C:\Windows\System\wSEBOsy.exe
  2⤵
  PID:10432
- C:\Windows\System\VAGVnYa.exe
  C:\Windows\System\VAGVnYa.exe
  2⤵
  PID:10456
- C:\Windows\System\QcYmalp.exe
  C:\Windows\System\QcYmalp.exe
  2⤵
  PID:10484
- C:\Windows\System\snMeQIR.exe
  C:\Windows\System\snMeQIR.exe
  2⤵
  PID:10512
- C:\Windows\System\CnoSpeF.exe
  C:\Windows\System\CnoSpeF.exe
  2⤵
  PID:10540
- C:\Windows\System\fmOWrVg.exe
  C:\Windows\System\fmOWrVg.exe
  2⤵
  PID:10568
- C:\Windows\System\nEJEVeo.exe
  C:\Windows\System\nEJEVeo.exe
  2⤵
  PID:10596
- C:\Windows\System\QmrjzzG.exe
  C:\Windows\System\QmrjzzG.exe
  2⤵
  PID:10624
- C:\Windows\System\RBOAOOS.exe
  C:\Windows\System\RBOAOOS.exe
  2⤵
  PID:10652
- C:\Windows\System\rtnILKC.exe
  C:\Windows\System\rtnILKC.exe
  2⤵
  PID:10680
- C:\Windows\System\okUehQf.exe
  C:\Windows\System\okUehQf.exe
  2⤵
  PID:10708
- C:\Windows\System\NmfQJoo.exe
  C:\Windows\System\NmfQJoo.exe
  2⤵
  PID:10748
- C:\Windows\System\KtBfNaM.exe
  C:\Windows\System\KtBfNaM.exe
  2⤵
  PID:10764
- C:\Windows\System\JHFNrcj.exe
  C:\Windows\System\JHFNrcj.exe
  2⤵
  PID:10800
- C:\Windows\System\vNpKCPh.exe
  C:\Windows\System\vNpKCPh.exe
  2⤵
  PID:10820
- C:\Windows\System\ywaryIe.exe
  C:\Windows\System\ywaryIe.exe
  2⤵
  PID:10848
- C:\Windows\System\tlsjGka.exe
  C:\Windows\System\tlsjGka.exe
  2⤵
  PID:10888
- C:\Windows\System\WUwCaQI.exe
  C:\Windows\System\WUwCaQI.exe
  2⤵
  PID:10904
- C:\Windows\System\XOwuKOR.exe
  C:\Windows\System\XOwuKOR.exe
  2⤵
  PID:10932
- C:\Windows\System\ihPYuNx.exe
  C:\Windows\System\ihPYuNx.exe
  2⤵
  PID:10960
- C:\Windows\System\mXihQwO.exe
  C:\Windows\System\mXihQwO.exe
  2⤵
  PID:10988
- C:\Windows\System\NZqEZPw.exe
  C:\Windows\System\NZqEZPw.exe
  2⤵
  PID:11016
- C:\Windows\System\shDoPWV.exe
  C:\Windows\System\shDoPWV.exe
  2⤵
  PID:11044
- C:\Windows\System\ZQgkWiU.exe
  C:\Windows\System\ZQgkWiU.exe
  2⤵
  PID:11076
- C:\Windows\System\yEIvZzB.exe
  C:\Windows\System\yEIvZzB.exe
  2⤵
  PID:11100
- C:\Windows\System\XGGSQTa.exe
  C:\Windows\System\XGGSQTa.exe
  2⤵
  PID:11132
- C:\Windows\System\XHcRMoD.exe
  C:\Windows\System\XHcRMoD.exe
  2⤵
  PID:11160
- C:\Windows\System\ujBCccy.exe
  C:\Windows\System\ujBCccy.exe
  2⤵
  PID:11188
- C:\Windows\System\hQOikLv.exe
  C:\Windows\System\hQOikLv.exe
  2⤵
  PID:11216
- C:\Windows\System\voYtUAn.exe
  C:\Windows\System\voYtUAn.exe
  2⤵
  PID:11244
- C:\Windows\System\tcAhymw.exe
  C:\Windows\System\tcAhymw.exe
  2⤵
  PID:10264
- C:\Windows\System\wnhExFg.exe
  C:\Windows\System\wnhExFg.exe
  2⤵
  PID:10308
- C:\Windows\System\PTBBJSU.exe
  C:\Windows\System\PTBBJSU.exe
  2⤵
  PID:10336
- C:\Windows\System\cehWieE.exe
  C:\Windows\System\cehWieE.exe
  2⤵
  PID:10412
- C:\Windows\System\bAFlVoe.exe
  C:\Windows\System\bAFlVoe.exe
  2⤵
  PID:10452
- C:\Windows\System\AoLNDLi.exe
  C:\Windows\System\AoLNDLi.exe
  2⤵
  PID:10524
- C:\Windows\System\yqFQjHi.exe
  C:\Windows\System\yqFQjHi.exe
  2⤵
  PID:10588
- C:\Windows\System\WHbAMqm.exe
  C:\Windows\System\WHbAMqm.exe
  2⤵
  PID:10668
- C:\Windows\System\kLTlZAI.exe
  C:\Windows\System\kLTlZAI.exe
  2⤵
  PID:10728
- C:\Windows\System\zBYgAVo.exe
  C:\Windows\System\zBYgAVo.exe
  2⤵
  PID:10788
- C:\Windows\System\ZpGnZfs.exe
  C:\Windows\System\ZpGnZfs.exe
  2⤵
  PID:10864
- C:\Windows\System\hFHiLwM.exe
  C:\Windows\System\hFHiLwM.exe
  2⤵
  PID:1144
- C:\Windows\System\RlDFeNs.exe
  C:\Windows\System\RlDFeNs.exe
  2⤵
  PID:10956
- C:\Windows\System\sBaHsfD.exe
  C:\Windows\System\sBaHsfD.exe
  2⤵
  PID:11028
- C:\Windows\System\WAhZdgz.exe
  C:\Windows\System\WAhZdgz.exe
  2⤵
  PID:11092
- C:\Windows\System\gslDMRx.exe
  C:\Windows\System\gslDMRx.exe
  2⤵
  PID:11156
- C:\Windows\System\gpBDyDm.exe
  C:\Windows\System\gpBDyDm.exe
  2⤵
  PID:11208
- C:\Windows\System\tRDHHCx.exe
  C:\Windows\System\tRDHHCx.exe
  2⤵
  PID:11260
- C:\Windows\System\brTFHPV.exe
  C:\Windows\System\brTFHPV.exe
  2⤵
  PID:1172
- C:\Windows\System\GtAaSdD.exe
  C:\Windows\System\GtAaSdD.exe
  2⤵
  PID:10440
- C:\Windows\System\PVaunYu.exe
  C:\Windows\System\PVaunYu.exe
  2⤵
  PID:10580
- C:\Windows\System\EhipjSj.exe
  C:\Windows\System\EhipjSj.exe
  2⤵
  PID:10756
- C:\Windows\System\cSzepvp.exe
  C:\Windows\System\cSzepvp.exe
  2⤵
  PID:5052
- C:\Windows\System\LeVYpHr.exe
  C:\Windows\System\LeVYpHr.exe
  2⤵
  PID:11056
- C:\Windows\System\ReeGamc.exe
  C:\Windows\System\ReeGamc.exe
  2⤵
  PID:11172
- C:\Windows\System\SrSyVfV.exe
  C:\Windows\System\SrSyVfV.exe
  2⤵
  PID:10304
- C:\Windows\System\FdoPxQV.exe
  C:\Windows\System\FdoPxQV.exe
  2⤵
  PID:10564
- C:\Windows\System\sONqLbC.exe
  C:\Windows\System\sONqLbC.exe
  2⤵
  PID:10952
- C:\Windows\System\aGBfnOI.exe
  C:\Windows\System\aGBfnOI.exe
  2⤵
  PID:11236
- C:\Windows\System\bvstzag.exe
  C:\Windows\System\bvstzag.exe
  2⤵
  PID:10896
- C:\Windows\System\jVTpDhE.exe
  C:\Windows\System\jVTpDhE.exe
  2⤵
  PID:10836
- C:\Windows\System\UElCXGW.exe
  C:\Windows\System\UElCXGW.exe
  2⤵
  PID:11292
- C:\Windows\System\nfEQkFn.exe
  C:\Windows\System\nfEQkFn.exe
  2⤵
  PID:11308
- C:\Windows\System\roCGWDq.exe
  C:\Windows\System\roCGWDq.exe
  2⤵
  PID:11336
- C:\Windows\System\yJZsYTN.exe
  C:\Windows\System\yJZsYTN.exe
  2⤵
  PID:11364
- C:\Windows\System\nuCfBxx.exe
  C:\Windows\System\nuCfBxx.exe
  2⤵
  PID:11392
- C:\Windows\System\KUJbIrb.exe
  C:\Windows\System\KUJbIrb.exe
  2⤵
  PID:11420
- C:\Windows\System\JUChkMr.exe
  C:\Windows\System\JUChkMr.exe
  2⤵
  PID:11460
- C:\Windows\System\abZyGMm.exe
  C:\Windows\System\abZyGMm.exe
  2⤵
  PID:11480
- C:\Windows\System\qtkwNql.exe
  C:\Windows\System\qtkwNql.exe
  2⤵
  PID:11508
- C:\Windows\System\uwctcHM.exe
  C:\Windows\System\uwctcHM.exe
  2⤵
  PID:11536
- C:\Windows\System\vFswuNm.exe
  C:\Windows\System\vFswuNm.exe
  2⤵
  PID:11564
- C:\Windows\System\zVVPECd.exe
  C:\Windows\System\zVVPECd.exe
  2⤵
  PID:11592
- C:\Windows\System\miknzxZ.exe
  C:\Windows\System\miknzxZ.exe
  2⤵
  PID:11620
- C:\Windows\System\nMPvBJC.exe
  C:\Windows\System\nMPvBJC.exe
  2⤵
  PID:11648
- C:\Windows\System\rDCcevB.exe
  C:\Windows\System\rDCcevB.exe
  2⤵
  PID:11688
- C:\Windows\System\FpQgpaC.exe
  C:\Windows\System\FpQgpaC.exe
  2⤵
  PID:11704
- C:\Windows\System\LRbiYXK.exe
  C:\Windows\System\LRbiYXK.exe
  2⤵
  PID:11736
- C:\Windows\System\AkZOzBU.exe
  C:\Windows\System\AkZOzBU.exe
  2⤵
  PID:11764
- C:\Windows\System\hLtLaFR.exe
  C:\Windows\System\hLtLaFR.exe
  2⤵
  PID:11792
- C:\Windows\System\CrAnryo.exe
  C:\Windows\System\CrAnryo.exe
  2⤵
  PID:11820
- C:\Windows\System\SyekvwK.exe
  C:\Windows\System\SyekvwK.exe
  2⤵
  PID:11848
- C:\Windows\System\hjtCKIw.exe
  C:\Windows\System\hjtCKIw.exe
  2⤵
  PID:11876
- C:\Windows\System\MSeSILc.exe
  C:\Windows\System\MSeSILc.exe
  2⤵
  PID:11904
- C:\Windows\System\lpixdKO.exe
  C:\Windows\System\lpixdKO.exe
  2⤵
  PID:11932
- C:\Windows\System\bKFAjhE.exe
  C:\Windows\System\bKFAjhE.exe
  2⤵
  PID:11960
- C:\Windows\System\ncdiXlg.exe
  C:\Windows\System\ncdiXlg.exe
  2⤵
  PID:11988
- C:\Windows\System\xMRUngs.exe
  C:\Windows\System\xMRUngs.exe
  2⤵
  PID:12016
- C:\Windows\System\FWoHZIe.exe
  C:\Windows\System\FWoHZIe.exe
  2⤵
  PID:12044
- C:\Windows\System\wkIruYK.exe
  C:\Windows\System\wkIruYK.exe
  2⤵
  PID:12072
- C:\Windows\System\QFlPamT.exe
  C:\Windows\System\QFlPamT.exe
  2⤵
  PID:12100
- C:\Windows\System\zVNZxCF.exe
  C:\Windows\System\zVNZxCF.exe
  2⤵
  PID:12128
- C:\Windows\System\OJwajyf.exe
  C:\Windows\System\OJwajyf.exe
  2⤵
  PID:12156
- C:\Windows\System\mNnvYgY.exe
  C:\Windows\System\mNnvYgY.exe
  2⤵
  PID:12184
- C:\Windows\System\XSdXhnx.exe
  C:\Windows\System\XSdXhnx.exe
  2⤵
  PID:12212
- C:\Windows\System\FshgPOp.exe
  C:\Windows\System\FshgPOp.exe
  2⤵
  PID:12240
- C:\Windows\System\ljlRHbK.exe
  C:\Windows\System\ljlRHbK.exe
  2⤵
  PID:12268
- C:\Windows\System\pvCNcbh.exe
  C:\Windows\System\pvCNcbh.exe
  2⤵
  PID:11288
- C:\Windows\System\tAggMQz.exe
  C:\Windows\System\tAggMQz.exe
  2⤵
  PID:11352
- C:\Windows\System\ObMrNqk.exe
  C:\Windows\System\ObMrNqk.exe
  2⤵
  PID:4412
- C:\Windows\System\jwlqmDz.exe
  C:\Windows\System\jwlqmDz.exe
  2⤵
  PID:11468
- C:\Windows\System\hPzDfQT.exe
  C:\Windows\System\hPzDfQT.exe
  2⤵
  PID:11504
- C:\Windows\System\qjzWrSi.exe
  C:\Windows\System\qjzWrSi.exe
  2⤵
  PID:11560
- C:\Windows\System\OJvWARr.exe
  C:\Windows\System\OJvWARr.exe
  2⤵
  PID:11612
- C:\Windows\System\obWFWPI.exe
  C:\Windows\System\obWFWPI.exe
  2⤵
  PID:11668
- C:\Windows\System\FckrtiH.exe
  C:\Windows\System\FckrtiH.exe
  2⤵
  PID:11748
- C:\Windows\System\JToRpFV.exe
  C:\Windows\System\JToRpFV.exe
  2⤵
  PID:11812
- C:\Windows\System\hRKrmmD.exe
  C:\Windows\System\hRKrmmD.exe
  2⤵
  PID:11872
- C:\Windows\System\MHuSVVU.exe
  C:\Windows\System\MHuSVVU.exe
  2⤵
  PID:11944
- C:\Windows\System\MFzjQIK.exe
  C:\Windows\System\MFzjQIK.exe
  2⤵
  PID:12008
- C:\Windows\System\xhkSRgq.exe
  C:\Windows\System\xhkSRgq.exe
  2⤵
  PID:12068
- C:\Windows\System\GaedOTS.exe
  C:\Windows\System\GaedOTS.exe
  2⤵
  PID:12140
- C:\Windows\System\DxRiFSO.exe
  C:\Windows\System\DxRiFSO.exe
  2⤵
  PID:12204
- C:\Windows\System\xXcLexn.exe
  C:\Windows\System\xXcLexn.exe
  2⤵
  PID:12260
- C:\Windows\System\CeuAHXQ.exe
  C:\Windows\System\CeuAHXQ.exe
  2⤵
  PID:11724
- C:\Windows\System\HUrVXTy.exe
  C:\Windows\System\HUrVXTy.exe
  2⤵
  PID:11456
- C:\Windows\System\sWOorEC.exe
  C:\Windows\System\sWOorEC.exe
  2⤵
  PID:11528
- C:\Windows\System\RZTFbjy.exe
  C:\Windows\System\RZTFbjy.exe
  2⤵
  PID:11644
- C:\Windows\System\jRxoZNq.exe
  C:\Windows\System\jRxoZNq.exe
  2⤵
  PID:11808
- C:\Windows\System\aQlHveQ.exe
  C:\Windows\System\aQlHveQ.exe
  2⤵
  PID:11972
- C:\Windows\System\yVFagIn.exe
  C:\Windows\System\yVFagIn.exe
  2⤵
  PID:12120
- C:\Windows\System\BoqZOrK.exe
  C:\Windows\System\BoqZOrK.exe
  2⤵
  PID:3560
- C:\Windows\System\VfOIMol.exe
  C:\Windows\System\VfOIMol.exe
  2⤵
  PID:3228
- C:\Windows\System\SdCEThl.exe
  C:\Windows\System\SdCEThl.exe
  2⤵
  PID:11784
- C:\Windows\System\jFSJBdW.exe
  C:\Windows\System\jFSJBdW.exe
  2⤵
  PID:12116
- C:\Windows\System\JDlnyas.exe
  C:\Windows\System\JDlnyas.exe
  2⤵
  PID:3388
- C:\Windows\System\uykdoUU.exe
  C:\Windows\System\uykdoUU.exe
  2⤵
  PID:11720
- C:\Windows\System\anyhTsY.exe
  C:\Windows\System\anyhTsY.exe
  2⤵
  PID:11440
- C:\Windows\System\whUZjiT.exe
  C:\Windows\System\whUZjiT.exe
  2⤵
  PID:12308
- C:\Windows\System\OTlOXiR.exe
  C:\Windows\System\OTlOXiR.exe
  2⤵
  PID:12336
- C:\Windows\System\PUTXwzn.exe
  C:\Windows\System\PUTXwzn.exe
  2⤵
  PID:12372
- C:\Windows\System\zEalLBR.exe
  C:\Windows\System\zEalLBR.exe
  2⤵
  PID:12396
- C:\Windows\System\ITVbPfE.exe
  C:\Windows\System\ITVbPfE.exe
  2⤵
  PID:12424
- C:\Windows\System\AJmwJpI.exe
  C:\Windows\System\AJmwJpI.exe
  2⤵
  PID:12452
- C:\Windows\System\Sbpjmpc.exe
  C:\Windows\System\Sbpjmpc.exe
  2⤵
  PID:12480
- C:\Windows\System\lBybzzM.exe
  C:\Windows\System\lBybzzM.exe
  2⤵
  PID:12508
- C:\Windows\System\oWFgTxy.exe
  C:\Windows\System\oWFgTxy.exe
  2⤵
  PID:12536
- C:\Windows\System\zLEWiGg.exe
  C:\Windows\System\zLEWiGg.exe
  2⤵
  PID:12564
- C:\Windows\System\FkMimZQ.exe
  C:\Windows\System\FkMimZQ.exe
  2⤵
  PID:12592
- C:\Windows\System\rfjsTnS.exe
  C:\Windows\System\rfjsTnS.exe
  2⤵
  PID:12620
- C:\Windows\System\KgnRhYY.exe
  C:\Windows\System\KgnRhYY.exe
  2⤵
  PID:12648
- C:\Windows\System\QNWSfKM.exe
  C:\Windows\System\QNWSfKM.exe
  2⤵
  PID:12676
- C:\Windows\System\XVLvHxU.exe
  C:\Windows\System\XVLvHxU.exe
  2⤵
  PID:12704
- C:\Windows\System\vWwczJv.exe
  C:\Windows\System\vWwczJv.exe
  2⤵
  PID:12732
- C:\Windows\System\auYOViF.exe
  C:\Windows\System\auYOViF.exe
  2⤵
  PID:12760
- C:\Windows\System\IQyFQpE.exe
  C:\Windows\System\IQyFQpE.exe
  2⤵
  PID:12788
- C:\Windows\System\QkXunop.exe
  C:\Windows\System\QkXunop.exe
  2⤵
  PID:12816
- C:\Windows\System\MmCvpSj.exe
  C:\Windows\System\MmCvpSj.exe
  2⤵
  PID:12844
- C:\Windows\System\izsetRb.exe
  C:\Windows\System\izsetRb.exe
  2⤵
  PID:12872
- C:\Windows\System\EpWKaSK.exe
  C:\Windows\System\EpWKaSK.exe
  2⤵
  PID:12900
- C:\Windows\System\MWORKUQ.exe
  C:\Windows\System\MWORKUQ.exe
  2⤵
  PID:12940
- C:\Windows\System\UqevttK.exe
  C:\Windows\System\UqevttK.exe
  2⤵
  PID:12956
- C:\Windows\System\sSRtvYZ.exe
  C:\Windows\System\sSRtvYZ.exe
  2⤵
  PID:12984
- C:\Windows\System\DMZgQri.exe
  C:\Windows\System\DMZgQri.exe
  2⤵
  PID:13012
- C:\Windows\System\ZYmeerK.exe
  C:\Windows\System\ZYmeerK.exe
  2⤵
  PID:13044
- C:\Windows\System\ReckZZZ.exe
  C:\Windows\System\ReckZZZ.exe
  2⤵
  PID:13072
- C:\Windows\System\dkcOKvT.exe
  C:\Windows\System\dkcOKvT.exe
  2⤵
  PID:13100
- C:\Windows\System\lPPvlvY.exe
  C:\Windows\System\lPPvlvY.exe
  2⤵
  PID:13128
- C:\Windows\System\HzwCrVJ.exe
  C:\Windows\System\HzwCrVJ.exe
  2⤵
  PID:13156
- C:\Windows\System\medijDh.exe
  C:\Windows\System\medijDh.exe
  2⤵
  PID:13184
- C:\Windows\System\OLSrLIM.exe
  C:\Windows\System\OLSrLIM.exe
  2⤵
  PID:13212
- C:\Windows\System\zwDPZiU.exe
  C:\Windows\System\zwDPZiU.exe
  2⤵
  PID:13240
- C:\Windows\System\KoAEFCr.exe
  C:\Windows\System\KoAEFCr.exe
  2⤵
  PID:13268
- C:\Windows\System\xxzUGZj.exe
  C:\Windows\System\xxzUGZj.exe
  2⤵
  PID:13296
- C:\Windows\System\JxRxwxV.exe
  C:\Windows\System\JxRxwxV.exe
  2⤵
  PID:12320
- C:\Windows\System\XDgMsxh.exe
  C:\Windows\System\XDgMsxh.exe
  2⤵
  PID:12388
- C:\Windows\System\ZOlIpxQ.exe
  C:\Windows\System\ZOlIpxQ.exe
  2⤵
  PID:12448
- C:\Windows\System\QBDSqLM.exe
  C:\Windows\System\QBDSqLM.exe
  2⤵
  PID:12504
- C:\Windows\System\jvKhAFn.exe
  C:\Windows\System\jvKhAFn.exe
  2⤵
  PID:12560
- C:\Windows\System\TyPYGVf.exe
  C:\Windows\System\TyPYGVf.exe
  2⤵
  PID:12636
- C:\Windows\System\CCInpRg.exe
  C:\Windows\System\CCInpRg.exe
  2⤵
  PID:12696
- C:\Windows\System\rBMQrbn.exe
  C:\Windows\System\rBMQrbn.exe
  2⤵
  PID:12752
- C:\Windows\System\nGmnZfo.exe
  C:\Windows\System\nGmnZfo.exe
  2⤵
  PID:12812
- C:\Windows\System\TUeSKqp.exe
  C:\Windows\System\TUeSKqp.exe
  2⤵
  PID:12868
- C:\Windows\System\QUKZjPy.exe
  C:\Windows\System\QUKZjPy.exe
  2⤵
  PID:12924
- C:\Windows\System\KIWCqid.exe
  C:\Windows\System\KIWCqid.exe
  2⤵
  PID:12980
- C:\Windows\System\nRAKMUy.exe
  C:\Windows\System\nRAKMUy.exe
  2⤵
  PID:13060
- C:\Windows\System\xYOlzPr.exe
  C:\Windows\System\xYOlzPr.exe
  2⤵
  PID:13092
- C:\Windows\System\MtCEVhc.exe
  C:\Windows\System\MtCEVhc.exe
  2⤵
  PID:13124
- C:\Windows\System\cFDgeZO.exe
  C:\Windows\System\cFDgeZO.exe
  2⤵
  PID:13200
- C:\Windows\System\KJwTySD.exe
  C:\Windows\System\KJwTySD.exe
  2⤵
  PID:13264
- C:\Windows\System\ewKAfpU.exe
  C:\Windows\System\ewKAfpU.exe
  2⤵
  PID:12352
- C:\Windows\System\OSDnoJQ.exe
  C:\Windows\System\OSDnoJQ.exe
  2⤵
  PID:12492
- C:\Windows\System\ZqVXCQS.exe
  C:\Windows\System\ZqVXCQS.exe
  2⤵
  PID:12672
- C:\Windows\System\LXOPEfg.exe
  C:\Windows\System\LXOPEfg.exe
  2⤵
  PID:12784
- C:\Windows\System\gqvYehH.exe
  C:\Windows\System\gqvYehH.exe
  2⤵
  PID:12892
- C:\Windows\System\HQEGDky.exe
  C:\Windows\System\HQEGDky.exe
  2⤵
  PID:13036
- C:\Windows\System\LlqEHxr.exe
  C:\Windows\System\LlqEHxr.exe
  2⤵
  PID:3368
- C:\Windows\System\JQzpUnV.exe
  C:\Windows\System\JQzpUnV.exe
  2⤵
  PID:764
- C:\Windows\System\iTVaCZt.exe
  C:\Windows\System\iTVaCZt.exe
  2⤵
  PID:3556
- C:\Windows\System\jhaaAtN.exe
  C:\Windows\System\jhaaAtN.exe
  2⤵
  PID:12304
- C:\Windows\System\ZvnKmkl.exe
  C:\Windows\System\ZvnKmkl.exe
  2⤵
  PID:3784
- C:\Windows\System\RSPksAU.exe
  C:\Windows\System\RSPksAU.exe
  2⤵
  PID:12860
- C:\Windows\System\jXLRMNe.exe
  C:\Windows\System\jXLRMNe.exe
  2⤵
  PID:2496
- C:\Windows\System\oVRQirz.exe
  C:\Windows\System\oVRQirz.exe
  2⤵
  PID:4500
- C:\Windows\System\XMEcqjU.exe
  C:\Windows\System\XMEcqjU.exe
  2⤵
  PID:13176
- C:\Windows\System\zJUATTm.exe
  C:\Windows\System\zJUATTm.exe
  2⤵
  PID:2096
- C:\Windows\System\ChlXnvK.exe
  C:\Windows\System\ChlXnvK.exe
  2⤵
  PID:2612
- C:\Windows\System\gKktgMo.exe
  C:\Windows\System\gKktgMo.exe
  2⤵
  PID:4904
- C:\Windows\System\vugsxbc.exe
  C:\Windows\System\vugsxbc.exe
  2⤵
  PID:2308
- C:\Windows\System\psJjwzH.exe
  C:\Windows\System\psJjwzH.exe
  2⤵
  PID:1460
- C:\Windows\System\WObiZYE.exe
  C:\Windows\System\WObiZYE.exe
  2⤵
  PID:13208
- C:\Windows\System\vutUNxM.exe
  C:\Windows\System\vutUNxM.exe
  2⤵
  PID:1180
- C:\Windows\System\pHvtQAR.exe
  C:\Windows\System\pHvtQAR.exe
  2⤵
  PID:1944
- C:\Windows\System\cVMuQCr.exe
  C:\Windows\System\cVMuQCr.exe
  2⤵
  PID:4540
- C:\Windows\System\tuJDgMV.exe
  C:\Windows\System\tuJDgMV.exe
  2⤵
  PID:1476
- C:\Windows\System\jJBYrqg.exe
  C:\Windows\System\jJBYrqg.exe
  2⤵
  PID:2720
- C:\Windows\System\iDAsGHw.exe
  C:\Windows\System\iDAsGHw.exe
  2⤵
  PID:2360
- C:\Windows\System\WrWvSOM.exe
  C:\Windows\System\WrWvSOM.exe
  2⤵
  PID:4884
- C:\Windows\System\kcdLgfH.exe
  C:\Windows\System\kcdLgfH.exe
  2⤵
  PID:5144
- C:\Windows\System\yrFrOgd.exe
  C:\Windows\System\yrFrOgd.exe
  2⤵
  PID:5192
- C:\Windows\System\BZysKrb.exe
  C:\Windows\System\BZysKrb.exe
  2⤵
  PID:2072
- C:\Windows\System\dfhvRNB.exe
  C:\Windows\System\dfhvRNB.exe
  2⤵
  PID:2156
- C:\Windows\System\eiXCPen.exe
  C:\Windows\System\eiXCPen.exe
  2⤵
  PID:13340
- C:\Windows\System\mbVnkpN.exe
  C:\Windows\System\mbVnkpN.exe
  2⤵
  PID:13364
- C:\Windows\System\bwxnNtP.exe
  C:\Windows\System\bwxnNtP.exe
  2⤵
  PID:13392
- C:\Windows\System\XeLkufb.exe
  C:\Windows\System\XeLkufb.exe
  2⤵
  PID:13424
- C:\Windows\System\fvciNMf.exe
  C:\Windows\System\fvciNMf.exe
  2⤵
  PID:13468
- C:\Windows\System\NIlYzfM.exe
  C:\Windows\System\NIlYzfM.exe
  2⤵
  PID:13496
- C:\Windows\System\peyjBVt.exe
  C:\Windows\System\peyjBVt.exe
  2⤵
  PID:13536
- C:\Windows\System\OLPasRg.exe
  C:\Windows\System\OLPasRg.exe
  2⤵
  PID:13580
- C:\Windows\System\QuvZAmS.exe
  C:\Windows\System\QuvZAmS.exe
  2⤵
  PID:13616
- C:\Windows\System\Rzyxhgn.exe
  C:\Windows\System\Rzyxhgn.exe
  2⤵
  PID:13664
- C:\Windows\System\qEmGQvr.exe
  C:\Windows\System\qEmGQvr.exe
  2⤵
  PID:13688
- C:\Windows\System\jFHrFvs.exe
  C:\Windows\System\jFHrFvs.exe
  2⤵
  PID:13724
- C:\Windows\System\jrlGrNr.exe
  C:\Windows\System\jrlGrNr.exe
  2⤵
  PID:13756
- C:\Windows\System\PClrjTy.exe
  C:\Windows\System\PClrjTy.exe
  2⤵
  PID:13784
- C:\Windows\System\WqtxnCG.exe
  C:\Windows\System\WqtxnCG.exe
  2⤵
  PID:13832
- C:\Windows\System\lBKQOLE.exe
  C:\Windows\System\lBKQOLE.exe
  2⤵
  PID:13860
- C:\Windows\System\xIlEiJD.exe
  C:\Windows\System\xIlEiJD.exe
  2⤵
  PID:13900
- C:\Windows\System\ScmdKEz.exe
  C:\Windows\System\ScmdKEz.exe
  2⤵
  PID:13956
- C:\Windows\System\WHwgttU.exe
  C:\Windows\System\WHwgttU.exe
  2⤵
  PID:13988
- C:\Windows\System\ConjHLd.exe
  C:\Windows\System\ConjHLd.exe
  2⤵
  PID:14028
- C:\Windows\System\bDRmDuf.exe
  C:\Windows\System\bDRmDuf.exe
  2⤵
  PID:14048
- C:\Windows\System\afeLHwZ.exe
  C:\Windows\System\afeLHwZ.exe
  2⤵
  PID:14084
- C:\Windows\System\vgZIfIg.exe
  C:\Windows\System\vgZIfIg.exe
  2⤵
  PID:14112
- C:\Windows\System\EnhQceO.exe
  C:\Windows\System\EnhQceO.exe
  2⤵
  PID:14132
- C:\Windows\System\qnWeJHr.exe
  C:\Windows\System\qnWeJHr.exe
  2⤵
  PID:14160
- C:\Windows\System\xGfURST.exe
  C:\Windows\System\xGfURST.exe
  2⤵
  PID:14188
- C:\Windows\System\mzitYlP.exe
  C:\Windows\System\mzitYlP.exe
  2⤵
  PID:14216
- C:\Windows\System\DaowFFd.exe
  C:\Windows\System\DaowFFd.exe
  2⤵
  PID:14248
- C:\Windows\System\QYuHzSo.exe
  C:\Windows\System\QYuHzSo.exe
  2⤵
  PID:14276
- C:\Windows\System\SUmihWP.exe
  C:\Windows\System\SUmihWP.exe
  2⤵
  PID:14304
- C:\Windows\System\KKiUpQn.exe
  C:\Windows\System\KKiUpQn.exe
  2⤵
  PID:13316
- C:\Windows\System\yfEqcFd.exe
  C:\Windows\System\yfEqcFd.exe
  2⤵
  PID:5288
- C:\Windows\System\TRdZRDE.exe
  C:\Windows\System\TRdZRDE.exe
  2⤵
  PID:5320
- C:\Windows\System\YfIOfeP.exe
  C:\Windows\System\YfIOfeP.exe
  2⤵
  PID:9524
- C:\Windows\System\sdaUmiz.exe
  C:\Windows\System\sdaUmiz.exe
  2⤵
  PID:5372
- C:\Windows\System\IaoCaKP.exe
  C:\Windows\System\IaoCaKP.exe
  2⤵
  PID:676
- C:\Windows\System\RbNUxwE.exe
  C:\Windows\System\RbNUxwE.exe
  2⤵
  PID:4868
- C:\Windows\System\JHLTbYl.exe
  C:\Windows\System\JHLTbYl.exe
  2⤵
  PID:5424
- C:\Windows\System\ylcriGa.exe
  C:\Windows\System\ylcriGa.exe
  2⤵
  PID:13608
- C:\Windows\System\UyPZOJB.exe
  C:\Windows\System\UyPZOJB.exe
  2⤵
  PID:13652
- C:\Windows\System\rxKjQvF.exe
  C:\Windows\System\rxKjQvF.exe
  2⤵
  PID:13680
- C:\Windows\System\dfzbYyf.exe
  C:\Windows\System\dfzbYyf.exe
  2⤵
  PID:3600
- C:\Windows\System\TVYpCXZ.exe
  C:\Windows\System\TVYpCXZ.exe
  2⤵
  PID:13752
- C:\Windows\System\ucHJGBr.exe
  C:\Windows\System\ucHJGBr.exe
  2⤵
  PID:2552
- C:\Windows\System\aWrTFpz.exe
  C:\Windows\System\aWrTFpz.exe
  2⤵
  PID:13812
- C:\Windows\System\BgMMViE.exe
  C:\Windows\System\BgMMViE.exe
  2⤵
  PID:13856
- C:\Windows\System\xzOwBOk.exe
  C:\Windows\System\xzOwBOk.exe
  2⤵
  PID:13896
- C:\Windows\System\gHZxrxt.exe
  C:\Windows\System\gHZxrxt.exe
  2⤵
  PID:13976
- C:\Windows\System\YrxMqVb.exe
  C:\Windows\System\YrxMqVb.exe
  2⤵
  PID:5688
- C:\Windows\System\gHnCdpN.exe
  C:\Windows\System\gHnCdpN.exe
  2⤵
  PID:13644
- C:\Windows\System\ZMfztKr.exe
  C:\Windows\System\ZMfztKr.exe
  2⤵
  PID:14008
- C:\Windows\System\NXmlCZx.exe
  C:\Windows\System\NXmlCZx.exe
  2⤵
  PID:13440
- C:\Windows\System\mRIdsLV.exe
  C:\Windows\System\mRIdsLV.exe
  2⤵
  PID:14092
- C:\Windows\System\Rdnjmrr.exe
  C:\Windows\System\Rdnjmrr.exe
  2⤵
  PID:14100
- C:\Windows\System\YptJxWY.exe
  C:\Windows\System\YptJxWY.exe
  2⤵
  PID:14144
- C:\Windows\System\syEvHiH.exe
  C:\Windows\System\syEvHiH.exe
  2⤵
  PID:14156
- C:\Windows\System\hMFzysM.exe
  C:\Windows\System\hMFzysM.exe
  2⤵
  PID:5888
- C:\Windows\System\gNclHzZ.exe
  C:\Windows\System\gNclHzZ.exe
  2⤵
  PID:14228
- C:\Windows\System\cIxhvhP.exe
  C:\Windows\System\cIxhvhP.exe
  2⤵
  PID:1580
- C:\Windows\System\yYfuvde.exe
  C:\Windows\System\yYfuvde.exe
  2⤵
  PID:14316
- C:\Windows\System\NYDZsmO.exe
  C:\Windows\System\NYDZsmO.exe
  2⤵
  PID:2044
- C:\Windows\System\zbxiTyP.exe
  C:\Windows\System\zbxiTyP.exe
  2⤵
  PID:4004
- C:\Windows\System\EUkuTkw.exe
  C:\Windows\System\EUkuTkw.exe
  2⤵
  PID:13412
- C:\Windows\System\BvdExzP.exe
  C:\Windows\System\BvdExzP.exe
  2⤵
  PID:5380
- C:\Windows\System\WPBcCpa.exe
  C:\Windows\System\WPBcCpa.exe
  2⤵
  PID:6116
- C:\Windows\System\fffqrGW.exe
  C:\Windows\System\fffqrGW.exe
  2⤵
  PID:2916
- C:\Windows\System\ujcSSsn.exe
  C:\Windows\System\ujcSSsn.exe
  2⤵
  PID:1644
- C:\Windows\System\ibRqHdA.exe
  C:\Windows\System\ibRqHdA.exe
  2⤵
  PID:1868
- C:\Windows\System\gaKblZF.exe
  C:\Windows\System\gaKblZF.exe
  2⤵
  PID:5508
- C:\Windows\System\ZFwUaft.exe
  C:\Windows\System\ZFwUaft.exe
  2⤵
  PID:13720
- C:\Windows\System\ThCfoLu.exe
  C:\Windows\System\ThCfoLu.exe
  2⤵
  PID:1404
- C:\Windows\System\EoIauXe.exe
  C:\Windows\System\EoIauXe.exe
  2⤵
  PID:5360
- C:\Windows\System\jCgRBvv.exe
  C:\Windows\System\jCgRBvv.exe
  2⤵
  PID:5432
- C:\Windows\System\ATSkOMl.exe
  C:\Windows\System\ATSkOMl.exe
  2⤵
  PID:5480
- C:\Windows\System\CocRPOc.exe
  C:\Windows\System\CocRPOc.exe
  2⤵
  PID:13968
- C:\Windows\System\gkFuIqC.exe
  C:\Windows\System\gkFuIqC.exe
  2⤵
  PID:5620
- C:\Windows\System\BaDtYSa.exe
  C:\Windows\System\BaDtYSa.exe
  2⤵
  PID:5684
- C:\Windows\System\XiKQfcL.exe
  C:\Windows\System\XiKQfcL.exe
  2⤵
  PID:5716
- C:\Windows\System\YeOLsYO.exe
  C:\Windows\System\YeOLsYO.exe
  2⤵
  PID:14012
- C:\Windows\System\XIjHcDP.exe
  C:\Windows\System\XIjHcDP.exe
  2⤵
  PID:5876
- C:\Windows\System\rnveOIj.exe
  C:\Windows\System\rnveOIj.exe
  2⤵
  PID:4816
- C:\Windows\System\ZdazcVX.exe
  C:\Windows\System\ZdazcVX.exe
  2⤵
  PID:6024
- C:\Windows\System\QCpsaSn.exe
  C:\Windows\System\QCpsaSn.exe
  2⤵
  PID:2740
- C:\Windows\System\ANYUQEB.exe
  C:\Windows\System\ANYUQEB.exe
  2⤵
  PID:3928
- C:\Windows\System\YXegcHk.exe
  C:\Windows\System\YXegcHk.exe
  2⤵
  PID:2780
- C:\Windows\System\esMGWuJ.exe
  C:\Windows\System\esMGWuJ.exe
  2⤵
  PID:5496
- C:\Windows\System\xuhYAzN.exe
  C:\Windows\System\xuhYAzN.exe
  2⤵
  PID:14332
- C:\Windows\System\rPKpXeM.exe
  C:\Windows\System\rPKpXeM.exe
  2⤵
  PID:5764
- C:\Windows\System\IrmdKnc.exe
  C:\Windows\System\IrmdKnc.exe
  2⤵
  PID:5884
- C:\Windows\System\IrCHieg.exe
  C:\Windows\System\IrCHieg.exe
  2⤵
  PID:13460
- C:\Windows\System\azHhnWQ.exe
  C:\Windows\System\azHhnWQ.exe
  2⤵
  PID:2456
- C:\Windows\System\HYowMKu.exe
  C:\Windows\System\HYowMKu.exe
  2⤵
  PID:5476
- C:\Windows\System\gQNtjBe.exe
  C:\Windows\System\gQNtjBe.exe
  2⤵
  PID:5168
- C:\Windows\System\jYMaiDB.exe
  C:\Windows\System\jYMaiDB.exe
  2⤵
  PID:5252
- C:\Windows\System\iODfzsU.exe
  C:\Windows\System\iODfzsU.exe
  2⤵
  PID:14072
- C:\Windows\System\XwMZJNT.exe
  C:\Windows\System\XwMZJNT.exe
  2⤵
  PID:6060
- C:\Windows\System\YDhMNcm.exe
  C:\Windows\System\YDhMNcm.exe
  2⤵
  PID:6156
- C:\Windows\System\zvTMJtr.exe
  C:\Windows\System\zvTMJtr.exe
  2⤵
  PID:2732
- C:\Windows\System\OpbwUvG.exe
  C:\Windows\System\OpbwUvG.exe
  2⤵
  PID:2064
- C:\Windows\System\QKjauTJ.exe
  C:\Windows\System\QKjauTJ.exe
  2⤵
  PID:6260
- C:\Windows\System\YXaAjvq.exe
  C:\Windows\System\YXaAjvq.exe
  2⤵
  PID:6288
- C:\Windows\System\fXeiBnb.exe
  C:\Windows\System\fXeiBnb.exe
  2⤵
  PID:5776
- C:\Windows\System\aDSGGEG.exe
  C:\Windows\System\aDSGGEG.exe
  2⤵
  PID:6368
- C:\Windows\System\BDylYMd.exe
  C:\Windows\System\BDylYMd.exe
  2⤵
  PID:14152
- C:\Windows\System\bszzvgX.exe
  C:\Windows\System\bszzvgX.exe
  2⤵
  PID:14240
- C:\Windows\System\pQnIjxm.exe
  C:\Windows\System\pQnIjxm.exe
  2⤵
  PID:5004
- C:\Windows\System\wLaKLSv.exe
  C:\Windows\System\wLaKLSv.exe
  2⤵
  PID:13324
- C:\Windows\System\GYXRqFR.exe
  C:\Windows\System\GYXRqFR.exe
  2⤵
  PID:6036
- C:\Windows\System\LsWKuPd.exe
  C:\Windows\System\LsWKuPd.exe
  2⤵
  PID:6592
- C:\Windows\System\ZbsCyoh.exe
  C:\Windows\System\ZbsCyoh.exe
  2⤵
  PID:264
- C:\Windows\System\IRaDALQ.exe
  C:\Windows\System\IRaDALQ.exe
  2⤵
  PID:13568
- C:\Windows\System\WEFimvZ.exe
  C:\Windows\System\WEFimvZ.exe
  2⤵
  PID:5732
- C:\Windows\System\CvBHzqe.exe
  C:\Windows\System\CvBHzqe.exe
  2⤵
  PID:4644
- C:\Windows\System\lkoQqOb.exe
  C:\Windows\System\lkoQqOb.exe
  2⤵
  PID:6756
- C:\Windows\System\eLuwPJB.exe
  C:\Windows\System\eLuwPJB.exe
  2⤵
  PID:6188
- C:\Windows\System\xnYISRz.exe
  C:\Windows\System\xnYISRz.exe
  2⤵
  PID:6832
- C:\Windows\System\czEJnji.exe
  C:\Windows\System\czEJnji.exe
  2⤵
  PID:2400
- C:\Windows\System\TJBMctk.exe
  C:\Windows\System\TJBMctk.exe
  2⤵
  PID:6884
- C:\Windows\System\UqyCtCX.exe
  C:\Windows\System\UqyCtCX.exe
  2⤵
  PID:6048
- C:\Windows\System\tqmQuub.exe
  C:\Windows\System\tqmQuub.exe
  2⤵
  PID:3452
- C:\Windows\System\iOZdiEG.exe
  C:\Windows\System\iOZdiEG.exe
  2⤵
  PID:13380
- C:\Windows\System\TEDuyyf.exe
  C:\Windows\System\TEDuyyf.exe
  2⤵
  PID:4112
- C:\Windows\System\FrCtdLZ.exe
  C:\Windows\System\FrCtdLZ.exe
  2⤵
  PID:5140
- C:\Windows\System\FzCjXnP.exe
  C:\Windows\System\FzCjXnP.exe
  2⤵
  PID:1628
- C:\Windows\System\wXkrsfO.exe
  C:\Windows\System\wXkrsfO.exe
  2⤵
  PID:5564
- C:\Windows\System\AoIjlsM.exe
  C:\Windows\System\AoIjlsM.exe
  2⤵
  PID:6152

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
1⤵
PID:13440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\GFbPaXj.exe

Filesize
6.0MB

MD5
9a138cede92132ce01f136c3cd284187

SHA1
6f06b43df820ab74d0d8c6461377920ee59c5d42

SHA256
badc824f42d26f1b29c90264959b3384f2651679726342ec9c4b509802d6a978

SHA512
b28d5b130fae3c21347db90c24de155ea72bc61d6f92aaa0139fdf4bf0b7efcd1834d25ac1a65e3ccfb2d3e329fe10f2e2273bbc1ce617513f3b1f63ad2ce9f4

Download Submit
C:\Windows\System\JJjWCSx.exe

Filesize
4.9MB

MD5
3e733645d2a900edeedf2e4569ddd8d7

SHA1
78108010e9893ebaea36eeaccb33d582a90ad9de

SHA256
379b81ea4d59ce4e8dd1583f40f084c032180e6107d1d78fb6a7b7903684882d

SHA512
e124535d17b1b64d78e12891219e525e1a73c495cde442cee2116bb13db9fa9bc9bc57100a5272b7ca164342ee33735c948b8a30e477b1de5d6a3f07c844bb68

Download Submit
C:\Windows\System\JtRKAtK.exe

Filesize
5.1MB

MD5
79f03d7ead2c1d39c80ef07bb33f82a5

SHA1
5185506dafb5bd16761d35d4e6cd1b42ac998959

SHA256
7f308779c50f6c2bb74b4a3bb33d5d76e5fa28c8ce042093bbd79b452bf7dfce

SHA512
14e320e95bf6ee90c2999a2b2eb284edf068a7b5a39c7c96ca96876a9e5dee0ac7dd51e0c7d61915a3df7ebd95753f44d81f916f91d4fe57a3b695c63b08f9e9

Download Submit
C:\Windows\System\NYGlqzq.exe

Filesize
5.6MB

MD5
ef13dce7166739ab1643511884c627c8

SHA1
18045b9aab4c588bc6535dd61dff0f4c30da74df

SHA256
6fca2292aaad8f40ecbbb6ec845e198b35b562467632dbd58dca5f4f27422f7e

SHA512
240a5534e278539ef5036fb0154be1b0a068bffa4e362bb915f34751af65643ee23ab369f2f621b38f5aa4286190c4fd04187854f7384adbe5edf901580af0f6

Download Submit
C:\Windows\System\NYGlqzq.exe

Filesize
5.1MB

MD5
47ab99dbf55ba511c3bdd5eb3e7ff3bc

SHA1
a15fe6b3933be1d843fa45834c2e58e20cd9d170

SHA256
ba6f8070783125c6d6eb73f0402658223faba9cc2449dbda47a60c9c7c86e845

SHA512
91e1b214711236c38412e0fc07c86166bf7f21b7a5e9e6ba6b9f359ec4ec64551660186e1d75fab014745521b5fa0617d6b1fc51de6d6664f029391b25f19c18

Download Submit
C:\Windows\System\NftHCTP.exe

Filesize
5.6MB

MD5
58e1a64bab4aa64825849626b2a79406

SHA1
d98b3a78fadcef969b53b9455d7b860f8c48f8d9

SHA256
8c2ec58fd33841260ae4d61c075c23df27d41258eb5556b873f742193e4bc4d8

SHA512
d50cd3b103e3e5d1a1d8a7b63d36bbe52987ccc7235332bfae30a5f99ef0fdf90338607d18e6f4b57cd16514329dedbfcc7a61aec6f9a92a2df4f2c17e0da0d5

Download Submit
C:\Windows\System\OCxCCXW.exe

Filesize
5.4MB

MD5
a7e57215581bb6fe1e0f915cab2b5a60

SHA1
7c5a12fd0a28865849f1beb71b329fc1104f8ded

SHA256
3e070a8aba8f1209913c3f8853103a49e1e5c1e207415fb0a5c9baa1000bcff1

SHA512
4bb6842e43181da2f4c92107b078f5e74ee96848a0366a87d25d77b652cd9e0fff67236e41e98aa025071b51103cf03aecbd1a787240f2f6aacc4d784aa91978

Download Submit
C:\Windows\System\OCxCCXW.exe

Filesize
5.1MB

MD5
b333e163d6b9e5b36ae6685756b78e5e

SHA1
04df4addd1f57e48479cd805f9d91bfa8b6d3d9e

SHA256
e7f0c589368347cd87fd120a326c61907dd897b152312a05f2f06e73df454859

SHA512
337b9cd0c83e92b611716548461f59f145ae37316be81d07c95be38901b87006f55bd923abba12b4b76d37eabcb08b287d1d39ece42a8f44d989565b2d35b426

Download Submit
C:\Windows\System\QkWbSsG.exe

Filesize
5.0MB

MD5
e908f01f7e4a0fcb7325a0fa3bf2ced2

SHA1
2f7ff4797273b3f81217fdbc3e84a4e2f187fa4a

SHA256
55373fbb5dfb838a76a10c195b02625a088f371e8cf2eb8b5de94ae6461d3df2

SHA512
88a2ebd94a1a71530dd8300bbacf3f980f638bcb35614e1eaa9f2d2b0280bab722b5262aa221e5e1c65c1b22cd8588c97eb2d4bc2d732e6289cc496267b16712

Download Submit
C:\Windows\System\QkWbSsG.exe

Filesize
5.4MB

MD5
98413590a113f506b5af267fe109ec33

SHA1
9f1478e89a6e0844ddca97cd136219f5a11a8724

SHA256
830aa3d11ce27366bf782b1c5832db04e67e2660c907ba6f43e79eb0229c7621

SHA512
315b04b1d3c4906ea1bcfefa12c4eb0f78109e89bafdd44e27df6656138ec088e5890d010483d22cb82d3c56eeceb3b625938d3ea93619f21938401433ca1115

Download Submit
C:\Windows\System\SIgYInQ.exe

Filesize
5.6MB

MD5
5a6fac650e01403895daf815b7793639

SHA1
628aa6643e10c65bd991a2ab9cea14b97474c2c6

SHA256
01305bc53581f4e43323157ced81ff9086fd30261c4e1fbe54c3947b9f559600

SHA512
1b04618d354e3911eba1493ecae215c4f5ab98cd056a5798bb0fa8652d423478a235616b7598780b2f9727fd136603525a8df330c64c448ed12656fb1fbc2e59

Download Submit
C:\Windows\System\SIgYInQ.exe

Filesize
5.4MB

MD5
b311343601b0fe7cc7153fbbf665abb9

SHA1
756e9bb21d29873b04959adfa883bd682c69f0a8

SHA256
3f0d45ea56c089b3bcebc798f1d0cea68f2f5f089d45279783a6774d9b1572c2

SHA512
4e35a6597f0ab5db154a2b863e2943ad884ca6afc7c80a806d78f3e3e95e13da3bae08c7a33414cc2ed73a7600f7ab5db2c50290bf44670c9b29a68ccdfe4f59

Download Submit
C:\Windows\System\SegAGMD.exe

Filesize
5.5MB

MD5
919beab20416c39c1771347fe3c81c8c

SHA1
33629716355e93d22f846cbc4af44989ca1e2c3a

SHA256
52d4d7a2ec4813714b862b572090dca3985a95e3c13c6148e45962ba103e90ba

SHA512
31313ab61e7105cd09e4a4321e424d267b6298255db83678eed52c96620d810dd1075018eeb1287ceed4fa8cadd1c72e6fe1882d35c2f260be35b4fd8f3ec8f5

Download Submit
C:\Windows\System\YLMhsZZ.exe

Filesize
5.2MB

MD5
3246045b9e576917717301d4dcd67ed7

SHA1
b5a8e4a2a0a6e63e8679a7c68ea9d416e4aa82da

SHA256
241d02df26f9405231dfed1465f475a3db697d920fdde413134b0f38ed74b47f

SHA512
bc8311c2b48f80884af406252cbdac750516d48a71699be6c0252db19b939721e358fc11dc941a035874de243c829b4c40b4ffaf9d1aab0315fdb0d9e4273403

Download Submit
C:\Windows\System\ZsusXvt.exe

Filesize
4.6MB

MD5
cf14e80b4cbae1e72539e6e82ad79b2a

SHA1
0437a2ed2ab0dafff4154cbfc9c5bcb488fa626d

SHA256
3e1ba2cd7bb000ab280ee834c1c15ef2f9dc2a2f7e33d8a554bbc40951843ca2

SHA512
3c1e6a865c62d14c4641951307eb67dd70c91545925a2718966075547412baed079d769dd131247176c1955fa9f4b64197ec4d8f78c8afea22564b0b570b58eb

Download Submit
C:\Windows\System\cTXeQsu.exe

Filesize
5.9MB

MD5
c2ad76ae0e9913e5681fb3a02033345c

SHA1
41a536f116d581519506b3b05ff0183112a4fabf

SHA256
04708573a793ba2e06c28228589a982960705491c979872c84c59bbd53fe1e19

SHA512
1636d9cdf5c27b39d4e9fcb98fd241b335fbc91e0b8f585e9acfe90bc1b86139027c4e4da148ef212da5df7f72ab493a25dcc253c39121cceaa72af0a9ce6bd5

Download Submit
C:\Windows\System\cTXeQsu.exe

Filesize
4.4MB

MD5
88e8b6b08ce34c6378158ee7532e93fe

SHA1
4286af0053ed4f372ad9e30d2e464f0c9d45b780

SHA256
b81e3d6b4c02b53e352f2bc7db97dfa6b01babb0f687fa418a106b25a4957f5e

SHA512
b28731435cb0ee33fc47f7d302117a830d1c0325d0ef9863c993fbf6dfa58c7a93bd3cc1664acc8335fa1d9672cc03a0513ca934a044677ef649c82fb197c880

Download Submit
C:\Windows\System\hlrTmjO.exe

Filesize
4.9MB

MD5
311531174064ef16ed2f299ab545614a

SHA1
12167f133bf05420a476b94bdc27552ad1ae9c72

SHA256
16b48fe54bb9c469aa80ebc94594003fe8bb15304222cad30ccdbad12357bccc

SHA512
b4d1ad07c3365bd775d6cf83ee77062ca69aea460d7429b38d8fa43fcde78713b1469952c48a0b64c1aadf75d0579ec80e8a48ca0046d54089677a21b9ac9e22

Download Submit
C:\Windows\System\iGvSOce.exe

Filesize
5.1MB

MD5
546d1ed27839c927c13dd9537d49cc10

SHA1
b0290ebeabf96bb78fa2cfcd71a2808df8323db9

SHA256
83027d70cf8320ba136ffde003b2f4916ce38fcb977982d442e684b864979278

SHA512
c8c6b13ffefa510e4e466f8cd4c83906ec2d8d1d09decaae72713197b6362bb972f4b207ba3d785d05a8e80b219fbb2fb53a1e6d1cf2576e9f52bebf87770531

Download Submit
C:\Windows\System\kHpbEaE.exe

Filesize
5.4MB

MD5
21a04ca287acd2182e159284c367d7ca

SHA1
b94efe0d1523f1a32359335a122a78994a384662

SHA256
fcad690b82e5780ee85c654a1bc42ae5d648603b8459cffa92d77facc5540130

SHA512
065cbf67325886de056e090c7d22b98c02a31f33b0554919f944e853c03b4ad72c9c3b05faf8a349257472b6897b4c41af28470bafc5ec25b8976a3b310fc56f

Download Submit
C:\Windows\System\lFfBbCR.exe

Filesize
4.4MB

MD5
eea002fc207f893fa5b5fe2b01c327b3

SHA1
52f692daad0b4dad29ca4d1173a48002b7627353

SHA256
eb4bc843f3daa7e26cc38c9d0ab9cb26b80b2ae6546309703318fa8ca2ec9d47

SHA512
659e7b1dc371fcceebe52ffaecf4a56bc302c95ae78afb8d53f66733b97e96f4796cec46ad6f2bd5f07c13cb0db0b68464c6d33bd7cce3b50431a0229def887b

Download Submit
C:\Windows\System\lkLBogd.exe

Filesize
6.0MB

MD5
9dd3c82cfb1be4688af04b58cd3e3889

SHA1
f20cbd796f8d11108728349bc75645c20b3703f7

SHA256
a99be01a9fd48e1590dc4b9997c8c7a45bbce0bba672522b5ac03e6ce2ce19ef

SHA512
de996db5b3ef37fcf47900aaa9e4d82d1343b8f847bab4195215232a87afa0b15c05c0938f55d357fda86edcfc6c20441c68f3268b0017f987c8c6c8a1af62dd

Download Submit
C:\Windows\System\mazgdCX.exe

Filesize
5.1MB

MD5
314dc4aefff95a7e3ca0ae94ee438e5a

SHA1
59e42b18b32d9b21a6a603a35e03316de933d7cc

SHA256
2acea0e1a2d123051d20a855122bb9d538771f2830adc823a282cfb33af4efcb

SHA512
bf38b13919df1a35a6fb94dddf59005e851e81a9c58560eba7b29a5ec09d84a34f1684f8c17d33dd03120aecd584bbfacc98b9876f3a04cf5a837f573cd3891d

Download Submit
C:\Windows\System\pWGfUwJ.exe

Filesize
4.4MB

MD5
cd8178d351a44e26a452c815ce82c28f

SHA1
ccd6463a5e3655db83fc1b07d07fac33658cb82e

SHA256
4fe9a80b3c2a79e95c920d9030255f7db51663df729e1c3cbb8945eb146b733b

SHA512
a43c8ff3edbdfe411a8d31c34ae4fe0a26e16ae37324c42308d47d64a4f1a20a571ac6752b9a15f5b6dcfd8cd40f3a41be0e0a72449b6ce9e922a365adc6c2b6

Download Submit
C:\Windows\System\pWGfUwJ.exe

Filesize
5.2MB

MD5
0436f0d12b2b555b006a53ca464f3fc3

SHA1
40e4ceceef5ddd0c05adba7a2a378492c474ca63

SHA256
59f22bf9622fe7e2fdf2a3cb39f548bf3f0845133c427afd641bdbb66aa7efd5

SHA512
366d472a1c953061ede48dc7d563aee4caa69645f2a4739862be8063b2f99794fe241b38d55543020ffa855d386b895fc36b80473ce64670ac92ef8a3fdec99b

Download Submit
C:\Windows\System\rWaDMSE.exe

Filesize
5.1MB

MD5
2c3b40e619e6554a4d8c69080e8e0d7d

SHA1
a081fd866d8490755fbf4181f925ae1f43368bb2

SHA256
7c9faeea3dcbb4d4674867672203cfec218d8d2671e249b9e6d524c02510efaa

SHA512
c9562f3ff6adaef1ee96262e368a1a41f5d98f867b1dd6818ed9f94a1bbba59ade5e6529e75015269fe5f79697a5ebe0e3b82885c0e4bf5e641b7f17637e9048

Download Submit
C:\Windows\System\vmLDgYi.exe

Filesize
5.6MB

MD5
2f04b3c2108ba7cc807f884ceab4d45f

SHA1
1c078368327863572c153827b46b01817a97f065

SHA256
2e2d58a9f27e094bb464b43b587453f911d66d18fb086d64ddb8063b7b5e655d

SHA512
9875ad69b6feb50133741570ef7c0b84b9f5ac13bb50b31427487e78a2d211c75d4aca04ed38eb9bd7b9277c79baedfd99aef635e035246f71a9d199d5edd950

Download Submit
C:\Windows\System\vmLDgYi.exe

Filesize
5.6MB

MD5
e0b5413f3bca523b3777cdbfa82a17b2

SHA1
a1fc6cc189d5819c11599f63349a178b84a1e25d

SHA256
d0584b4bb1c84cfe40db2681ff0d4f96f62801fa63ff3e199c9a980b7e7ef050

SHA512
13663a9cc2b579baf529adcdb7eb790e8a4afc32222430aad9f265b4e204bb0d8538e553686cab0f33fbfadd5b0dde1760f694d74474a9f3bb4ced44edd272a2

Download Submit
C:\Windows\System\vrjoJlt.exe

Filesize
5.8MB

MD5
6df6c7466d63a0ab5bd4a06697bf0c7b

SHA1
027f0fce4dfd86e7ab1374fb0b6fd09eb2dca35e

SHA256
55b3fe9a7e256c1808b1e0359be51cc6875b6fe987898fd8b9e5cef534fcd397

SHA512
1db122967fd86cb7660fc3c9bca447f3f3314ce2fe30cc5d8af73f657f9e302dff3c5725e7094fddbbe77ca382b12c756cced8657e984ac93c3aaea64c849d5d

Download Submit
C:\Windows\System\wRdHCtX.exe

Filesize
5.9MB

MD5
f8f1a3555f2a8d2d171f49039703fe47

SHA1
b8044c6b99fcdea5a55b7742c08605cfdf573101

SHA256
269581e241b554aaf34aa11773e59b076b55801910b292d9cb6a645e42a5bf2e

SHA512
fa6025b74482907f2daf9d780096c762aa270fa8a5afb35d2129a4b6a90f0ac36d021fc6d349b70a9979e8ca44834228b304e20c49648168407494a8aa2a73e5

Download Submit
C:\Windows\System\wRdHCtX.exe

Filesize
5.0MB

MD5
d927e81b7ac8bf38e1a0d751f7d22a0e

SHA1
115d7aa3f05ba0e5fb9a2f2c0f3da08dd12b37a9

SHA256
2b227e758253dd214e30102f1bbf221c5052179afc77127dc14b17cffced8ace

SHA512
bc62bc6d0314849709657174d2e4eeebecb134be7d9e1a22ca0b3d213a04c5f6249127cfbe976ed50b83b08b4264826f8f5c5a91b064a5e939dfee5099c4da12

Download Submit
C:\Windows\System\wuajiqQ.exe

Filesize
5.6MB

MD5
b1779e5d8f33a280c0c7a82918fc0886

SHA1
f57290f6d1b25190df08571d34ba3f0fa0db4ad9

SHA256
6f0a3b755ff39c7051c71a7bac9096d0436f153cb2d35dbe8929d7cd5631ee60

SHA512
aa3053a7ea819c42699b85b2504b086ad01f30b1560f2bbb4d0757af785440c15df337062e2cbffa725932a02d52acf39e7eff1c9a2acb0bcdfafe0855ec3e28

Download Submit
C:\Windows\System\wuajiqQ.exe

Filesize
5.6MB

MD5
bc896c529ac27af6df8fdf45baeeea5a

SHA1
82d1f773a1020aec3cc8a46635e729699b9bda87

SHA256
5244ee4c74695a982ce107890bd7738b2a15c65e2b9ce7f1ef023c0c89a5fabb

SHA512
468bd3b3d19d0f8cf312b35df80e0c3df154f7a35c005ec9f8c5587d353eb3fd084f0076ae206edafdb4484bd21270def57be28d2c1122501d30d24d10f82689

Download Submit
C:\Windows\System\xSOdqXC.exe

Filesize
4.6MB

MD5
e57989b1060d1492a21b2a60a3e7fa6d

SHA1
398d4519aa0440728aa1885d50c107ba694417ae

SHA256
3ea715670b0c0987de6fa36da06bd56826fad124b8de3d496022fbb53bb9b185

SHA512
2a2028bf1b4894fe4c4c39fb337339eb33bad0216a7e77c61dc82bce3f1fb4460d625800bb2e57fcbf236d2158098afdf8bad64970027d1e1dd05bf3c818c285

Download Submit
C:\Windows\System\xmURNTM.exe

Filesize
5.4MB

MD5
1b9d43642d2397703a9f0f4fedbd7e2e

SHA1
477525002fca6b91c7ddcbbe2a716f32aea6c2c7

SHA256
ce68de445dcd9c63c69c3455b34f47c6ca9e8b0eddfa19a6a2aad90bf3bbf17c

SHA512
de5554ad3f266dee1b7a82fba533207ec7e5fe27348cab51831a67f9b48280e597e1e16bd8ade6c19af2d4d978b2dd17299bebb4a0d2e3cda511308abf5cc292

Download Submit
C:\Windows\System\xmURNTM.exe

Filesize
5.5MB

MD5
812c165e5bd71754783d42a59461a99f

SHA1
e84f48c25ffd3518a210e53038ef7c245be6aa7b

SHA256
9636b580111941f9b9ffee6e9bcf1f2a723407513730208a85171b83fb1509d4

SHA512
9e362f7480a6d5ae89e2f06dfe2da3cd2ab8c4af96ef4a4edf3973f0fb729fc402b59d9ee674745c36a046ad8f3e157ffa14564eab257d11fb6b192363cc21d3

Download Submit
C:\Windows\System\ygJNrSF.exe

Filesize
5.4MB

MD5
37a8b1713e7e372ed03d5a1a3108ee74

SHA1
0097f627053f2d6cf5783039f41f071db7917716

SHA256
7b2be87ef903a9123350a0bdb7451c97e14828e6acdf4de1966efc6276f8143e

SHA512
6a9e8dffe594bfeb6a3e88f26cf7e3b3f0ce05141990ad4b2570b96dfaca8356f2a893c89a0a6a212ace060975c61435f598a05c7d40b286ddb7f43d8169bdc2

Download Submit
memory/964-624-0x00007FF6863E0000-0x00007FF686734000-memory.dmp

Filesize
3.3MB

Download
memory/964-1935-0x00007FF6863E0000-0x00007FF686734000-memory.dmp

Filesize
3.3MB

Download
memory/964-32-0x00007FF6863E0000-0x00007FF686734000-memory.dmp

Filesize
3.3MB

Download
memory/968-1-0x000001AE7FE30000-0x000001AE7FE40000-memory.dmp

Filesize
64KB

Download
memory/968-0-0x00007FF7DA110000-0x00007FF7DA464000-memory.dmp

Filesize
3.3MB

Download
memory/968-424-0x00007FF7DA110000-0x00007FF7DA464000-memory.dmp

Filesize
3.3MB

Download
memory/996-293-0x00007FF6AF1B0000-0x00007FF6AF504000-memory.dmp

Filesize
3.3MB

Download
memory/996-1945-0x00007FF6AF1B0000-0x00007FF6AF504000-memory.dmp

Filesize
3.3MB

Download
memory/1284-2002-0x00007FF7F11B0000-0x00007FF7F1504000-memory.dmp

Filesize
3.3MB

Download
memory/1284-279-0x00007FF7F11B0000-0x00007FF7F1504000-memory.dmp

Filesize
3.3MB

Download
memory/1464-260-0x00007FF7CB6C0000-0x00007FF7CBA14000-memory.dmp

Filesize
3.3MB

Download
memory/1464-1967-0x00007FF7CB6C0000-0x00007FF7CBA14000-memory.dmp

Filesize
3.3MB

Download
memory/1528-528-0x00007FF7AF5B0000-0x00007FF7AF904000-memory.dmp

Filesize
3.3MB

Download
memory/1528-1908-0x00007FF7AF5B0000-0x00007FF7AF904000-memory.dmp

Filesize
3.3MB

Download
memory/1528-14-0x00007FF7AF5B0000-0x00007FF7AF904000-memory.dmp

Filesize
3.3MB

Download
memory/1684-285-0x00007FF782D00000-0x00007FF783054000-memory.dmp

Filesize
3.3MB

Download
memory/1684-2034-0x00007FF782D00000-0x00007FF783054000-memory.dmp

Filesize
3.3MB

Download
memory/1912-291-0x00007FF6C7F40000-0x00007FF6C8294000-memory.dmp

Filesize
3.3MB

Download
memory/1912-2062-0x00007FF6C7F40000-0x00007FF6C8294000-memory.dmp

Filesize
3.3MB

Download
memory/1952-282-0x00007FF76EFF0000-0x00007FF76F344000-memory.dmp

Filesize
3.3MB

Download
memory/1952-2015-0x00007FF76EFF0000-0x00007FF76F344000-memory.dmp

Filesize
3.3MB

Download
memory/2172-2043-0x00007FF6468D0000-0x00007FF646C24000-memory.dmp

Filesize
3.3MB

Download
memory/2172-287-0x00007FF6468D0000-0x00007FF646C24000-memory.dmp

Filesize
3.3MB

Download
memory/2332-2024-0x00007FF6D7C10000-0x00007FF6D7F64000-memory.dmp

Filesize
3.3MB

Download
memory/2332-283-0x00007FF6D7C10000-0x00007FF6D7F64000-memory.dmp

Filesize
3.3MB

Download
memory/2628-288-0x00007FF6456C0000-0x00007FF645A14000-memory.dmp

Filesize
3.3MB

Download
memory/2628-2045-0x00007FF6456C0000-0x00007FF645A14000-memory.dmp

Filesize
3.3MB

Download
memory/2812-1965-0x00007FF6AF330000-0x00007FF6AF684000-memory.dmp

Filesize
3.3MB

Download
memory/2812-85-0x00007FF6AF330000-0x00007FF6AF684000-memory.dmp

Filesize
3.3MB

Download
memory/2864-575-0x00007FF6AD630000-0x00007FF6AD984000-memory.dmp

Filesize
3.3MB

Download
memory/2864-18-0x00007FF6AD630000-0x00007FF6AD984000-memory.dmp

Filesize
3.3MB

Download
memory/2864-1917-0x00007FF6AD630000-0x00007FF6AD984000-memory.dmp

Filesize
3.3MB

Download
memory/2872-75-0x00007FF616880000-0x00007FF616BD4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-1959-0x00007FF616880000-0x00007FF616BD4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-2007-0x00007FF723980000-0x00007FF723CD4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-297-0x00007FF723980000-0x00007FF723CD4000-memory.dmp

Filesize
3.3MB

Download
memory/2948-295-0x00007FF6CC3B0000-0x00007FF6CC704000-memory.dmp

Filesize
3.3MB

Download
memory/2948-1988-0x00007FF6CC3B0000-0x00007FF6CC704000-memory.dmp

Filesize
3.3MB

Download
memory/2960-296-0x00007FF738410000-0x00007FF738764000-memory.dmp

Filesize
3.3MB

Download
memory/2960-1993-0x00007FF738410000-0x00007FF738764000-memory.dmp

Filesize
3.3MB

Download
memory/3036-1964-0x00007FF791A00000-0x00007FF791D54000-memory.dmp

Filesize
3.3MB

Download
memory/3036-79-0x00007FF791A00000-0x00007FF791D54000-memory.dmp

Filesize
3.3MB

Download
memory/3220-2037-0x00007FF71FF90000-0x00007FF7202E4000-memory.dmp

Filesize
3.3MB

Download
memory/3220-286-0x00007FF71FF90000-0x00007FF7202E4000-memory.dmp

Filesize
3.3MB

Download
memory/3604-281-0x00007FF71D280000-0x00007FF71D5D4000-memory.dmp

Filesize
3.3MB

Download
memory/3604-2014-0x00007FF71D280000-0x00007FF71D5D4000-memory.dmp

Filesize
3.3MB

Download
memory/3712-292-0x00007FF772DA0000-0x00007FF7730F4000-memory.dmp

Filesize
3.3MB

Download
memory/3712-2066-0x00007FF772DA0000-0x00007FF7730F4000-memory.dmp

Filesize
3.3MB

Download
memory/3724-1904-0x00007FF6A0450000-0x00007FF6A07A4000-memory.dmp

Filesize
3.3MB

Download
memory/3724-6-0x00007FF6A0450000-0x00007FF6A07A4000-memory.dmp

Filesize
3.3MB

Download
memory/3724-477-0x00007FF6A0450000-0x00007FF6A07A4000-memory.dmp

Filesize
3.3MB

Download
memory/4312-289-0x00007FF6BEC70000-0x00007FF6BEFC4000-memory.dmp

Filesize
3.3MB

Download
memory/4312-2052-0x00007FF6BEC70000-0x00007FF6BEFC4000-memory.dmp

Filesize
3.3MB

Download
memory/4532-2056-0x00007FF61EF40000-0x00007FF61F294000-memory.dmp

Filesize
3.3MB

Download
memory/4532-290-0x00007FF61EF40000-0x00007FF61F294000-memory.dmp

Filesize
3.3MB

Download
memory/4684-71-0x00007FF6541F0000-0x00007FF654544000-memory.dmp

Filesize
3.3MB

Download
memory/4684-1949-0x00007FF6541F0000-0x00007FF654544000-memory.dmp

Filesize
3.3MB

Download
memory/4848-284-0x00007FF7E48A0000-0x00007FF7E4BF4000-memory.dmp

Filesize
3.3MB

Download
memory/4848-2031-0x00007FF7E48A0000-0x00007FF7E4BF4000-memory.dmp

Filesize
3.3MB

Download
memory/4860-1978-0x00007FF6F9240000-0x00007FF6F9594000-memory.dmp

Filesize
3.3MB

Download
memory/4860-294-0x00007FF6F9240000-0x00007FF6F9594000-memory.dmp

Filesize
3.3MB

Download
memory/4912-72-0x00007FF75C260000-0x00007FF75C5B4000-memory.dmp

Filesize
3.3MB

Download
memory/4912-1955-0x00007FF75C260000-0x00007FF75C5B4000-memory.dmp

Filesize
3.3MB

Download
memory/5036-621-0x00007FF64F590000-0x00007FF64F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/5036-1930-0x00007FF64F590000-0x00007FF64F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/5036-25-0x00007FF64F590000-0x00007FF64F8E4000-memory.dmp

Filesize
3.3MB

Download