cobaltstrike | 05fccbcaff0d5c68cb5cc769f54a6ad185287c5ac222ff71b5431b4d3f30ccec

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
02/02/2025, 19:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.7MB
MD5

6369cd65cdf046479caf31ef2b020d72
SHA1

c2685daf8c05180d27415478189f6390bd78c26e
SHA256

05fccbcaff0d5c68cb5cc769f54a6ad185287c5ac222ff71b5431b4d3f30ccec
SHA512

971403610776a5899fb8a170b1c95d0e370889ceea9b5d4e959e0b9b8ea2835533845b71ed740df05f09181ff386f23ba5829f7d32529c4b9b206b4da4e1001c
SSDEEP

98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lU7:j+R56utgpPF8u/77

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000c000000023b0a-6.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b67-10.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b63-12.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b68-19.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b69-29.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6b-43.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6d-53.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6c-44.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6a-38.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6e-60.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b64-66.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6f-72.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b71-77.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023b73-84.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023b74-90.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023b75-95.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b78-102.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b76-103.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b79-107.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7a-119.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7b-124.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7c-131.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7d-138.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7e-144.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7f-150.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b81-162.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b82-168.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b85-181.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b83-177.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b84-176.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b80-155.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b86-190.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/968-0-0x00007FF7EE7F0000-0x00007FF7EEB3D000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b0a-6.dat	xmrig
behavioral2/files/0x000a000000023b67-10.dat	xmrig
behavioral2/files/0x000b000000023b63-12.dat	xmrig
behavioral2/memory/2100-13-0x00007FF6A6B20000-0x00007FF6A6E6D000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b68-19.dat	xmrig
behavioral2/files/0x000a000000023b69-29.dat	xmrig
behavioral2/memory/4568-28-0x00007FF7C7D30000-0x00007FF7C807D000-memory.dmp	xmrig
behavioral2/memory/5032-34-0x00007FF67B350000-0x00007FF67B69D000-memory.dmp	xmrig
behavioral2/memory/3756-39-0x00007FF71EB60000-0x00007FF71EEAD000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b6b-43.dat	xmrig
behavioral2/memory/1252-48-0x00007FF6F89E0000-0x00007FF6F8D2D000-memory.dmp	xmrig
behavioral2/memory/3764-54-0x00007FF7CBAA0000-0x00007FF7CBDED000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b6d-53.dat	xmrig
behavioral2/files/0x000a000000023b6c-44.dat	xmrig
behavioral2/memory/4896-45-0x00007FF6EF4D0000-0x00007FF6EF81D000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b6a-38.dat	xmrig
behavioral2/memory/1452-22-0x00007FF669B60000-0x00007FF669EAD000-memory.dmp	xmrig
behavioral2/memory/2356-7-0x00007FF6490F0000-0x00007FF64943D000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b6e-60.dat	xmrig
behavioral2/memory/1012-61-0x00007FF641A80000-0x00007FF641DCD000-memory.dmp	xmrig
behavioral2/memory/2496-67-0x00007FF648240000-0x00007FF64858D000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b64-66.dat	xmrig
behavioral2/files/0x000a000000023b6f-72.dat	xmrig
behavioral2/memory/1416-73-0x00007FF6AD610000-0x00007FF6AD95D000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b71-77.dat	xmrig
behavioral2/memory/2128-79-0x00007FF7C5AD0000-0x00007FF7C5E1D000-memory.dmp	xmrig
behavioral2/files/0x0031000000023b73-84.dat	xmrig
behavioral2/files/0x0031000000023b74-90.dat	xmrig
behavioral2/files/0x0031000000023b75-95.dat	xmrig
behavioral2/files/0x000a000000023b78-102.dat	xmrig
behavioral2/files/0x000a000000023b76-103.dat	xmrig
behavioral2/files/0x000a000000023b79-107.dat	xmrig
behavioral2/files/0x000a000000023b7a-119.dat	xmrig
behavioral2/memory/3628-116-0x00007FF74C260000-0x00007FF74C5AD000-memory.dmp	xmrig
behavioral2/memory/2532-112-0x00007FF64AB90000-0x00007FF64AEDD000-memory.dmp	xmrig
behavioral2/memory/1340-97-0x00007FF6D4790000-0x00007FF6D4ADD000-memory.dmp	xmrig
behavioral2/memory/3608-109-0x00007FF737EE0000-0x00007FF73822D000-memory.dmp	xmrig
behavioral2/memory/2864-91-0x00007FF63C0D0000-0x00007FF63C41D000-memory.dmp	xmrig
behavioral2/memory/3532-85-0x00007FF6CCAA0000-0x00007FF6CCDED000-memory.dmp	xmrig
behavioral2/memory/4420-121-0x00007FF73F130000-0x00007FF73F47D000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b7b-124.dat	xmrig
behavioral2/memory/2188-127-0x00007FF76E410000-0x00007FF76E75D000-memory.dmp	xmrig
behavioral2/memory/1040-132-0x00007FF7C7260000-0x00007FF7C75AD000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b7c-131.dat	xmrig
behavioral2/memory/1744-139-0x00007FF649FB0000-0x00007FF64A2FD000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b7d-138.dat	xmrig
behavioral2/files/0x000a000000023b7e-144.dat	xmrig
behavioral2/memory/3868-151-0x00007FF72B840000-0x00007FF72BB8D000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b7f-150.dat	xmrig
behavioral2/memory/1780-145-0x00007FF61B950000-0x00007FF61BC9D000-memory.dmp	xmrig
behavioral2/memory/2460-163-0x00007FF686910000-0x00007FF686C5D000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b81-162.dat	xmrig
behavioral2/files/0x000a000000023b82-168.dat	xmrig
behavioral2/memory/2240-178-0x00007FF7A63A0000-0x00007FF7A66ED000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b85-181.dat	xmrig
behavioral2/files/0x000a000000023b83-177.dat	xmrig
behavioral2/files/0x000a000000023b84-176.dat	xmrig
behavioral2/memory/5092-169-0x00007FF7CF9A0000-0x00007FF7CFCED000-memory.dmp	xmrig
behavioral2/memory/2292-157-0x00007FF7DB620000-0x00007FF7DB96D000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b80-155.dat	xmrig
behavioral2/memory/1700-185-0x00007FF781230000-0x00007FF78157D000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b86-190.dat	xmrig
behavioral2/memory/3656-189-0x00007FF7E63C0000-0x00007FF7E670D000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2356	GdhnGJy.exe
2100	YRXDlUb.exe
1452	EFaYpSQ.exe
4568	HHALyrX.exe
5032	UMQJeel.exe
3756	pVMnjfw.exe
4896	ZjdJBhX.exe
1252	ZSWoXKL.exe
3764	oAfMKSg.exe
1012	IsYVLZA.exe
2496	kAvaRRr.exe
1416	Azoxqqh.exe
2128	oMlGoJX.exe
3532	gsxepch.exe
2864	YZhlOIA.exe
1340	KpsPvhb.exe
3608	lCbRmzv.exe
2532	cQKVwoc.exe
3628	cREiMFd.exe
4420	yleJJWN.exe
2188	AlsGlld.exe
1040	ldDGiad.exe
1744	tLQFNxX.exe
1780	ofDLrdk.exe
3868	lYjUoNp.exe
2292	lyiXRUS.exe
2460	qdomjcY.exe
5092	lhUpTKY.exe
2240	CiDOMEq.exe
1700	DkpinKr.exe
3656	CnbKMHv.exe
4776	OkguaeL.exe
4440	ejtFlHB.exe
3008	ucARftO.exe
2132	IuVygtt.exe
1928	wJDLAeP.exe
4572	WmbGDus.exe
1088	KdUFYJc.exe
916	JivlyAw.exe
4380	MHpIjny.exe
2380	gBJrDNf.exe
1112	vopHtvH.exe
220	UfZslzt.exe
4404	vNoSfbG.exe
1020	VXzNCLe.exe
1256	hmXiqUB.exe
3792	ibiWUZb.exe
1984	tyiwcBj.exe
1860	ShyBLGz.exe
1376	TdvqGUq.exe
1712	VBjawcb.exe
3816	NNNSMnO.exe
4880	agDLSPP.exe
2576	ixUdfIG.exe
3772	QtyrFNV.exe
2340	SqwWSLu.exe
3796	iawZncO.exe
212	WLJNTPi.exe
716	FJGgWgQ.exe
4224	pospbzb.exe
5060	rmZtfrg.exe
1596	AQEbBZf.exe
3548	zYVgWEy.exe
2396	gnWljMK.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\HHALyrX.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aCznLhc.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yEVpXPb.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kMvJEJh.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AjsUIda.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JDGsCxN.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xsczoaB.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nvqfQDX.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CJxDFJp.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pPhanQC.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sBsMVyO.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qOgQEvR.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CTkeCuq.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OkguaeL.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zSlewOC.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EBDlVhz.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nZLPiaD.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PctQMSF.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SWccNUM.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OzYrxvY.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IsYVLZA.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QMkqBef.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WxfTIJI.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IDkxmAz.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GdVspKa.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uZXyGUT.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KqLPVfq.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ixUdfIG.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NyYieRX.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oSFBSJx.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dcJvkrV.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZjdJBhX.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EjtyCiW.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PryOfVD.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZMWOwXu.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NxVoBPP.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cEsRprk.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dcfcQEb.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KpsPvhb.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yDsbDdl.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QhBDPqD.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NxQgJTI.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\krulTvC.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UHMUiyN.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EHSlkNk.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WlZZvqL.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AkrOXNG.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\heRmfKH.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iMJtzvo.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CUJnVeC.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CriWavM.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UjdOYYq.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SivHDgC.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cAtekNv.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GbvTdzr.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qkabAJr.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fITCNiB.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zuxfOkc.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mHgeGoh.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HCmkRax.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sSKVhii.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yjnUufU.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vnUftUX.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ucARftO.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 968 wrote to memory of 2356	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 968 wrote to memory of 2356	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 968 wrote to memory of 2100	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 968 wrote to memory of 2100	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 968 wrote to memory of 4568	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 968 wrote to memory of 4568	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 968 wrote to memory of 1452	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 968 wrote to memory of 1452	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 968 wrote to memory of 5032	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 968 wrote to memory of 5032	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 968 wrote to memory of 3756	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 968 wrote to memory of 3756	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 968 wrote to memory of 1252	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 968 wrote to memory of 1252	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 968 wrote to memory of 4896	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 968 wrote to memory of 4896	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 968 wrote to memory of 3764	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 968 wrote to memory of 3764	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 968 wrote to memory of 1012	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 968 wrote to memory of 1012	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 968 wrote to memory of 2496	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 968 wrote to memory of 2496	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 968 wrote to memory of 1416	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 968 wrote to memory of 1416	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 968 wrote to memory of 2128	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 968 wrote to memory of 2128	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 968 wrote to memory of 3532	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 968 wrote to memory of 3532	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 968 wrote to memory of 2864	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 968 wrote to memory of 2864	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 968 wrote to memory of 1340	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 968 wrote to memory of 1340	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 968 wrote to memory of 2532	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 968 wrote to memory of 2532	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 968 wrote to memory of 3608	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 968 wrote to memory of 3608	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 968 wrote to memory of 3628	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 968 wrote to memory of 3628	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 968 wrote to memory of 4420	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 968 wrote to memory of 4420	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 968 wrote to memory of 2188	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 968 wrote to memory of 2188	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 968 wrote to memory of 1040	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 968 wrote to memory of 1040	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 968 wrote to memory of 1744	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 968 wrote to memory of 1744	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 968 wrote to memory of 1780	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 968 wrote to memory of 1780	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 968 wrote to memory of 3868	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 968 wrote to memory of 3868	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 968 wrote to memory of 2292	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 968 wrote to memory of 2292	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 968 wrote to memory of 2460	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 968 wrote to memory of 2460	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 968 wrote to memory of 5092	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 968 wrote to memory of 5092	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 968 wrote to memory of 2240	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 968 wrote to memory of 2240	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 968 wrote to memory of 1700	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 968 wrote to memory of 1700	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 968 wrote to memory of 3656	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 968 wrote to memory of 3656	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 968 wrote to memory of 4776	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 968 wrote to memory of 4776	968	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	114

C:\Users\Admin\AppData\Local\Temp\2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:968
- C:\Windows\System\GdhnGJy.exe
  C:\Windows\System\GdhnGJy.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\YRXDlUb.exe
  C:\Windows\System\YRXDlUb.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\HHALyrX.exe
  C:\Windows\System\HHALyrX.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\EFaYpSQ.exe
  C:\Windows\System\EFaYpSQ.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\UMQJeel.exe
  C:\Windows\System\UMQJeel.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\pVMnjfw.exe
  C:\Windows\System\pVMnjfw.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\ZSWoXKL.exe
  C:\Windows\System\ZSWoXKL.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\ZjdJBhX.exe
  C:\Windows\System\ZjdJBhX.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\oAfMKSg.exe
  C:\Windows\System\oAfMKSg.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System\IsYVLZA.exe
  C:\Windows\System\IsYVLZA.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\kAvaRRr.exe
  C:\Windows\System\kAvaRRr.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\Azoxqqh.exe
  C:\Windows\System\Azoxqqh.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\oMlGoJX.exe
  C:\Windows\System\oMlGoJX.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\gsxepch.exe
  C:\Windows\System\gsxepch.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\YZhlOIA.exe
  C:\Windows\System\YZhlOIA.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\KpsPvhb.exe
  C:\Windows\System\KpsPvhb.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\cQKVwoc.exe
  C:\Windows\System\cQKVwoc.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\lCbRmzv.exe
  C:\Windows\System\lCbRmzv.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\cREiMFd.exe
  C:\Windows\System\cREiMFd.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\yleJJWN.exe
  C:\Windows\System\yleJJWN.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\AlsGlld.exe
  C:\Windows\System\AlsGlld.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\ldDGiad.exe
  C:\Windows\System\ldDGiad.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\tLQFNxX.exe
  C:\Windows\System\tLQFNxX.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\ofDLrdk.exe
  C:\Windows\System\ofDLrdk.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\lYjUoNp.exe
  C:\Windows\System\lYjUoNp.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\lyiXRUS.exe
  C:\Windows\System\lyiXRUS.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\qdomjcY.exe
  C:\Windows\System\qdomjcY.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\lhUpTKY.exe
  C:\Windows\System\lhUpTKY.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System\CiDOMEq.exe
  C:\Windows\System\CiDOMEq.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\DkpinKr.exe
  C:\Windows\System\DkpinKr.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\CnbKMHv.exe
  C:\Windows\System\CnbKMHv.exe
  2⤵
  - Executes dropped EXE
  PID:3656
- C:\Windows\System\OkguaeL.exe
  C:\Windows\System\OkguaeL.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\ejtFlHB.exe
  C:\Windows\System\ejtFlHB.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\ucARftO.exe
  C:\Windows\System\ucARftO.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\IuVygtt.exe
  C:\Windows\System\IuVygtt.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\wJDLAeP.exe
  C:\Windows\System\wJDLAeP.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\WmbGDus.exe
  C:\Windows\System\WmbGDus.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\KdUFYJc.exe
  C:\Windows\System\KdUFYJc.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\JivlyAw.exe
  C:\Windows\System\JivlyAw.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\MHpIjny.exe
  C:\Windows\System\MHpIjny.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\gBJrDNf.exe
  C:\Windows\System\gBJrDNf.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\vopHtvH.exe
  C:\Windows\System\vopHtvH.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\UfZslzt.exe
  C:\Windows\System\UfZslzt.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\vNoSfbG.exe
  C:\Windows\System\vNoSfbG.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\VXzNCLe.exe
  C:\Windows\System\VXzNCLe.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\hmXiqUB.exe
  C:\Windows\System\hmXiqUB.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\ibiWUZb.exe
  C:\Windows\System\ibiWUZb.exe
  2⤵
  - Executes dropped EXE
  PID:3792
- C:\Windows\System\tyiwcBj.exe
  C:\Windows\System\tyiwcBj.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\ShyBLGz.exe
  C:\Windows\System\ShyBLGz.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\TdvqGUq.exe
  C:\Windows\System\TdvqGUq.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\VBjawcb.exe
  C:\Windows\System\VBjawcb.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\NNNSMnO.exe
  C:\Windows\System\NNNSMnO.exe
  2⤵
  - Executes dropped EXE
  PID:3816
- C:\Windows\System\agDLSPP.exe
  C:\Windows\System\agDLSPP.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\ixUdfIG.exe
  C:\Windows\System\ixUdfIG.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\QtyrFNV.exe
  C:\Windows\System\QtyrFNV.exe
  2⤵
  - Executes dropped EXE
  PID:3772
- C:\Windows\System\SqwWSLu.exe
  C:\Windows\System\SqwWSLu.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\iawZncO.exe
  C:\Windows\System\iawZncO.exe
  2⤵
  - Executes dropped EXE
  PID:3796
- C:\Windows\System\WLJNTPi.exe
  C:\Windows\System\WLJNTPi.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\FJGgWgQ.exe
  C:\Windows\System\FJGgWgQ.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\pospbzb.exe
  C:\Windows\System\pospbzb.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\rmZtfrg.exe
  C:\Windows\System\rmZtfrg.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\AQEbBZf.exe
  C:\Windows\System\AQEbBZf.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\zYVgWEy.exe
  C:\Windows\System\zYVgWEy.exe
  2⤵
  - Executes dropped EXE
  PID:3548
- C:\Windows\System\gnWljMK.exe
  C:\Windows\System\gnWljMK.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\lVafSKR.exe
  C:\Windows\System\lVafSKR.exe
  2⤵
  PID:3280
- C:\Windows\System\FEJrFwd.exe
  C:\Windows\System\FEJrFwd.exe
  2⤵
  PID:4212
- C:\Windows\System\RuRmezi.exe
  C:\Windows\System\RuRmezi.exe
  2⤵
  PID:508
- C:\Windows\System\qBLtbLo.exe
  C:\Windows\System\qBLtbLo.exe
  2⤵
  PID:4736
- C:\Windows\System\lfHOxvn.exe
  C:\Windows\System\lfHOxvn.exe
  2⤵
  PID:1628
- C:\Windows\System\GOXfKgh.exe
  C:\Windows\System\GOXfKgh.exe
  2⤵
  PID:1604
- C:\Windows\System\OGeqFFi.exe
  C:\Windows\System\OGeqFFi.exe
  2⤵
  PID:2680
- C:\Windows\System\hhxIWgm.exe
  C:\Windows\System\hhxIWgm.exe
  2⤵
  PID:1728
- C:\Windows\System\MAqrxaE.exe
  C:\Windows\System\MAqrxaE.exe
  2⤵
  PID:1204
- C:\Windows\System\kXzuvUG.exe
  C:\Windows\System\kXzuvUG.exe
  2⤵
  PID:2952
- C:\Windows\System\cTYkDCe.exe
  C:\Windows\System\cTYkDCe.exe
  2⤵
  PID:1716
- C:\Windows\System\LXuqRsm.exe
  C:\Windows\System\LXuqRsm.exe
  2⤵
  PID:2568
- C:\Windows\System\uXfseDQ.exe
  C:\Windows\System\uXfseDQ.exe
  2⤵
  PID:1140
- C:\Windows\System\awksOPz.exe
  C:\Windows\System\awksOPz.exe
  2⤵
  PID:3508
- C:\Windows\System\IzxRyJi.exe
  C:\Windows\System\IzxRyJi.exe
  2⤵
  PID:1988
- C:\Windows\System\mGXHpHA.exe
  C:\Windows\System\mGXHpHA.exe
  2⤵
  PID:116
- C:\Windows\System\mFXGOqh.exe
  C:\Windows\System\mFXGOqh.exe
  2⤵
  PID:3740
- C:\Windows\System\gfPWHBi.exe
  C:\Windows\System\gfPWHBi.exe
  2⤵
  PID:3024
- C:\Windows\System\WbqAmCb.exe
  C:\Windows\System\WbqAmCb.exe
  2⤵
  PID:1328
- C:\Windows\System\pkMtzHa.exe
  C:\Windows\System\pkMtzHa.exe
  2⤵
  PID:344
- C:\Windows\System\axVGszq.exe
  C:\Windows\System\axVGszq.exe
  2⤵
  PID:1560
- C:\Windows\System\qICSLhh.exe
  C:\Windows\System\qICSLhh.exe
  2⤵
  PID:1748
- C:\Windows\System\vdFhjLV.exe
  C:\Windows\System\vdFhjLV.exe
  2⤵
  PID:3664
- C:\Windows\System\uPWYcWA.exe
  C:\Windows\System\uPWYcWA.exe
  2⤵
  PID:1764
- C:\Windows\System\JOHoqIo.exe
  C:\Windows\System\JOHoqIo.exe
  2⤵
  PID:2612
- C:\Windows\System\wsECbHq.exe
  C:\Windows\System\wsECbHq.exe
  2⤵
  PID:392
- C:\Windows\System\RLJiTFA.exe
  C:\Windows\System\RLJiTFA.exe
  2⤵
  PID:1976
- C:\Windows\System\EITQdjM.exe
  C:\Windows\System\EITQdjM.exe
  2⤵
  PID:3484
- C:\Windows\System\OAUlzQI.exe
  C:\Windows\System\OAUlzQI.exe
  2⤵
  PID:4988
- C:\Windows\System\pPtmLcX.exe
  C:\Windows\System\pPtmLcX.exe
  2⤵
  PID:3204
- C:\Windows\System\OGyiNyf.exe
  C:\Windows\System\OGyiNyf.exe
  2⤵
  PID:3032
- C:\Windows\System\LKsHYmT.exe
  C:\Windows\System\LKsHYmT.exe
  2⤵
  PID:1164
- C:\Windows\System\CEbIsZm.exe
  C:\Windows\System\CEbIsZm.exe
  2⤵
  PID:3624
- C:\Windows\System\FtMpbbQ.exe
  C:\Windows\System\FtMpbbQ.exe
  2⤵
  PID:1912
- C:\Windows\System\jnJKLQM.exe
  C:\Windows\System\jnJKLQM.exe
  2⤵
  PID:4940
- C:\Windows\System\fRdLHRC.exe
  C:\Windows\System\fRdLHRC.exe
  2⤵
  PID:4340
- C:\Windows\System\zEThrwI.exe
  C:\Windows\System\zEThrwI.exe
  2⤵
  PID:2472
- C:\Windows\System\NwEAlww.exe
  C:\Windows\System\NwEAlww.exe
  2⤵
  PID:4648
- C:\Windows\System\QNvFcvo.exe
  C:\Windows\System\QNvFcvo.exe
  2⤵
  PID:3240
- C:\Windows\System\yDsbDdl.exe
  C:\Windows\System\yDsbDdl.exe
  2⤵
  PID:2120
- C:\Windows\System\jzPzehz.exe
  C:\Windows\System\jzPzehz.exe
  2⤵
  PID:2504
- C:\Windows\System\TrcabXi.exe
  C:\Windows\System\TrcabXi.exe
  2⤵
  PID:4716
- C:\Windows\System\knEMtCS.exe
  C:\Windows\System\knEMtCS.exe
  2⤵
  PID:4116
- C:\Windows\System\xRhZrBH.exe
  C:\Windows\System\xRhZrBH.exe
  2⤵
  PID:1128
- C:\Windows\System\NIRIuru.exe
  C:\Windows\System\NIRIuru.exe
  2⤵
  PID:4720
- C:\Windows\System\GgOifPb.exe
  C:\Windows\System\GgOifPb.exe
  2⤵
  PID:2456
- C:\Windows\System\rdchajg.exe
  C:\Windows\System\rdchajg.exe
  2⤵
  PID:4624
- C:\Windows\System\dgivTod.exe
  C:\Windows\System\dgivTod.exe
  2⤵
  PID:4308
- C:\Windows\System\BXYowur.exe
  C:\Windows\System\BXYowur.exe
  2⤵
  PID:5144
- C:\Windows\System\IkmrmNc.exe
  C:\Windows\System\IkmrmNc.exe
  2⤵
  PID:5180
- C:\Windows\System\ZdXEdTE.exe
  C:\Windows\System\ZdXEdTE.exe
  2⤵
  PID:5212
- C:\Windows\System\mxwpYyV.exe
  C:\Windows\System\mxwpYyV.exe
  2⤵
  PID:5244
- C:\Windows\System\EjtyCiW.exe
  C:\Windows\System\EjtyCiW.exe
  2⤵
  PID:5268
- C:\Windows\System\EldZKhY.exe
  C:\Windows\System\EldZKhY.exe
  2⤵
  PID:5308
- C:\Windows\System\RDzQzvz.exe
  C:\Windows\System\RDzQzvz.exe
  2⤵
  PID:5340
- C:\Windows\System\OMWXqnq.exe
  C:\Windows\System\OMWXqnq.exe
  2⤵
  PID:5372
- C:\Windows\System\KqLPVfq.exe
  C:\Windows\System\KqLPVfq.exe
  2⤵
  PID:5396
- C:\Windows\System\VwsLSXY.exe
  C:\Windows\System\VwsLSXY.exe
  2⤵
  PID:5436
- C:\Windows\System\cPXucCW.exe
  C:\Windows\System\cPXucCW.exe
  2⤵
  PID:5468
- C:\Windows\System\TutdawT.exe
  C:\Windows\System\TutdawT.exe
  2⤵
  PID:5500
- C:\Windows\System\BlxEQBF.exe
  C:\Windows\System\BlxEQBF.exe
  2⤵
  PID:5532
- C:\Windows\System\NxQgJTI.exe
  C:\Windows\System\NxQgJTI.exe
  2⤵
  PID:5572
- C:\Windows\System\IYuUBpl.exe
  C:\Windows\System\IYuUBpl.exe
  2⤵
  PID:5596
- C:\Windows\System\hVXcegI.exe
  C:\Windows\System\hVXcegI.exe
  2⤵
  PID:5628
- C:\Windows\System\JfylPOZ.exe
  C:\Windows\System\JfylPOZ.exe
  2⤵
  PID:5656
- C:\Windows\System\GHcDUsK.exe
  C:\Windows\System\GHcDUsK.exe
  2⤵
  PID:5692
- C:\Windows\System\eUvGHah.exe
  C:\Windows\System\eUvGHah.exe
  2⤵
  PID:5724
- C:\Windows\System\SeykIgG.exe
  C:\Windows\System\SeykIgG.exe
  2⤵
  PID:5772
- C:\Windows\System\aCznLhc.exe
  C:\Windows\System\aCznLhc.exe
  2⤵
  PID:5804
- C:\Windows\System\OtBqVYE.exe
  C:\Windows\System\OtBqVYE.exe
  2⤵
  PID:5828
- C:\Windows\System\ZQtSkMi.exe
  C:\Windows\System\ZQtSkMi.exe
  2⤵
  PID:5872
- C:\Windows\System\lzvhpQh.exe
  C:\Windows\System\lzvhpQh.exe
  2⤵
  PID:5908
- C:\Windows\System\qNPBVeF.exe
  C:\Windows\System\qNPBVeF.exe
  2⤵
  PID:5932
- C:\Windows\System\ERjvmVf.exe
  C:\Windows\System\ERjvmVf.exe
  2⤵
  PID:5960
- C:\Windows\System\EWvLEKo.exe
  C:\Windows\System\EWvLEKo.exe
  2⤵
  PID:6000
- C:\Windows\System\UWKWlqg.exe
  C:\Windows\System\UWKWlqg.exe
  2⤵
  PID:6032
- C:\Windows\System\tqffqKU.exe
  C:\Windows\System\tqffqKU.exe
  2⤵
  PID:6064
- C:\Windows\System\KKzJuWh.exe
  C:\Windows\System\KKzJuWh.exe
  2⤵
  PID:6100
- C:\Windows\System\PGgyFZl.exe
  C:\Windows\System\PGgyFZl.exe
  2⤵
  PID:6132
- C:\Windows\System\yjnUufU.exe
  C:\Windows\System\yjnUufU.exe
  2⤵
  PID:5132
- C:\Windows\System\hYydJwo.exe
  C:\Windows\System\hYydJwo.exe
  2⤵
  PID:5224
- C:\Windows\System\zIIjPsI.exe
  C:\Windows\System\zIIjPsI.exe
  2⤵
  PID:5284
- C:\Windows\System\vZsnuMo.exe
  C:\Windows\System\vZsnuMo.exe
  2⤵
  PID:5352
- C:\Windows\System\blVaIkc.exe
  C:\Windows\System\blVaIkc.exe
  2⤵
  PID:5412
- C:\Windows\System\IkPvMDD.exe
  C:\Windows\System\IkPvMDD.exe
  2⤵
  PID:5476
- C:\Windows\System\FVUKIvO.exe
  C:\Windows\System\FVUKIvO.exe
  2⤵
  PID:5540
- C:\Windows\System\ypdHNRA.exe
  C:\Windows\System\ypdHNRA.exe
  2⤵
  PID:5604
- C:\Windows\System\oPeVkhj.exe
  C:\Windows\System\oPeVkhj.exe
  2⤵
  PID:5648
- C:\Windows\System\keFQdLI.exe
  C:\Windows\System\keFQdLI.exe
  2⤵
  PID:5732
- C:\Windows\System\GNLasDx.exe
  C:\Windows\System\GNLasDx.exe
  2⤵
  PID:5792
- C:\Windows\System\QNjjBwU.exe
  C:\Windows\System\QNjjBwU.exe
  2⤵
  PID:5852
- C:\Windows\System\KxAacYJ.exe
  C:\Windows\System\KxAacYJ.exe
  2⤵
  PID:5900
- C:\Windows\System\fcCNfdM.exe
  C:\Windows\System\fcCNfdM.exe
  2⤵
  PID:5968
- C:\Windows\System\CPJRTKR.exe
  C:\Windows\System\CPJRTKR.exe
  2⤵
  PID:6040
- C:\Windows\System\UDVpaEM.exe
  C:\Windows\System\UDVpaEM.exe
  2⤵
  PID:6080
- C:\Windows\System\AAdEQDb.exe
  C:\Windows\System\AAdEQDb.exe
  2⤵
  PID:5164
- C:\Windows\System\LeMejzg.exe
  C:\Windows\System\LeMejzg.exe
  2⤵
  PID:5256
- C:\Windows\System\gaeSZDU.exe
  C:\Windows\System\gaeSZDU.exe
  2⤵
  PID:5384
- C:\Windows\System\LKGOHtN.exe
  C:\Windows\System\LKGOHtN.exe
  2⤵
  PID:5568
- C:\Windows\System\krulTvC.exe
  C:\Windows\System\krulTvC.exe
  2⤵
  PID:5676
- C:\Windows\System\ZDcIlnX.exe
  C:\Windows\System\ZDcIlnX.exe
  2⤵
  PID:5788
- C:\Windows\System\dDkXimN.exe
  C:\Windows\System\dDkXimN.exe
  2⤵
  PID:5884
- C:\Windows\System\iWOzPdA.exe
  C:\Windows\System\iWOzPdA.exe
  2⤵
  PID:6012
- C:\Windows\System\PfFURML.exe
  C:\Windows\System\PfFURML.exe
  2⤵
  PID:6140
- C:\Windows\System\YHACaJJ.exe
  C:\Windows\System\YHACaJJ.exe
  2⤵
  PID:5360
- C:\Windows\System\qZBmXlp.exe
  C:\Windows\System\qZBmXlp.exe
  2⤵
  PID:5616
- C:\Windows\System\kSPdbWl.exe
  C:\Windows\System\kSPdbWl.exe
  2⤵
  PID:5868
- C:\Windows\System\VCBuXbh.exe
  C:\Windows\System\VCBuXbh.exe
  2⤵
  PID:6112
- C:\Windows\System\SFzzhdd.exe
  C:\Windows\System\SFzzhdd.exe
  2⤵
  PID:5512
- C:\Windows\System\dZkooiu.exe
  C:\Windows\System\dZkooiu.exe
  2⤵
  PID:5232
- C:\Windows\System\LBACjGl.exe
  C:\Windows\System\LBACjGl.exe
  2⤵
  PID:5760
- C:\Windows\System\dZnaFBr.exe
  C:\Windows\System\dZnaFBr.exe
  2⤵
  PID:5740
- C:\Windows\System\CnFvdqU.exe
  C:\Windows\System\CnFvdqU.exe
  2⤵
  PID:6176
- C:\Windows\System\RrulxPp.exe
  C:\Windows\System\RrulxPp.exe
  2⤵
  PID:6216
- C:\Windows\System\sBcHchJ.exe
  C:\Windows\System\sBcHchJ.exe
  2⤵
  PID:6256
- C:\Windows\System\knjCYkd.exe
  C:\Windows\System\knjCYkd.exe
  2⤵
  PID:6288
- C:\Windows\System\Snvaoqh.exe
  C:\Windows\System\Snvaoqh.exe
  2⤵
  PID:6332
- C:\Windows\System\wSgIZNY.exe
  C:\Windows\System\wSgIZNY.exe
  2⤵
  PID:6360
- C:\Windows\System\PVyoEBr.exe
  C:\Windows\System\PVyoEBr.exe
  2⤵
  PID:6392
- C:\Windows\System\SWccNUM.exe
  C:\Windows\System\SWccNUM.exe
  2⤵
  PID:6432
- C:\Windows\System\fchvouL.exe
  C:\Windows\System\fchvouL.exe
  2⤵
  PID:6464
- C:\Windows\System\oZYNAYU.exe
  C:\Windows\System\oZYNAYU.exe
  2⤵
  PID:6504
- C:\Windows\System\qlaxoVL.exe
  C:\Windows\System\qlaxoVL.exe
  2⤵
  PID:6556
- C:\Windows\System\EOKchFl.exe
  C:\Windows\System\EOKchFl.exe
  2⤵
  PID:6596
- C:\Windows\System\MDiVrdh.exe
  C:\Windows\System\MDiVrdh.exe
  2⤵
  PID:6636
- C:\Windows\System\twLgNcn.exe
  C:\Windows\System\twLgNcn.exe
  2⤵
  PID:6668
- C:\Windows\System\XqPhxJt.exe
  C:\Windows\System\XqPhxJt.exe
  2⤵
  PID:6700
- C:\Windows\System\nfxjvaF.exe
  C:\Windows\System\nfxjvaF.exe
  2⤵
  PID:6724
- C:\Windows\System\zSlewOC.exe
  C:\Windows\System\zSlewOC.exe
  2⤵
  PID:6756
- C:\Windows\System\jFJQtHe.exe
  C:\Windows\System\jFJQtHe.exe
  2⤵
  PID:6788
- C:\Windows\System\cyGCPli.exe
  C:\Windows\System\cyGCPli.exe
  2⤵
  PID:6820
- C:\Windows\System\clpWScM.exe
  C:\Windows\System\clpWScM.exe
  2⤵
  PID:6856
- C:\Windows\System\LQlBuhQ.exe
  C:\Windows\System\LQlBuhQ.exe
  2⤵
  PID:6892
- C:\Windows\System\XyazkYk.exe
  C:\Windows\System\XyazkYk.exe
  2⤵
  PID:6936
- C:\Windows\System\SvgGeTX.exe
  C:\Windows\System\SvgGeTX.exe
  2⤵
  PID:6956
- C:\Windows\System\FZmRKuS.exe
  C:\Windows\System\FZmRKuS.exe
  2⤵
  PID:6992
- C:\Windows\System\KzcdwFb.exe
  C:\Windows\System\KzcdwFb.exe
  2⤵
  PID:7020
- C:\Windows\System\rvQVfDX.exe
  C:\Windows\System\rvQVfDX.exe
  2⤵
  PID:7052
- C:\Windows\System\QVrScHR.exe
  C:\Windows\System\QVrScHR.exe
  2⤵
  PID:7092
- C:\Windows\System\TaOVJcr.exe
  C:\Windows\System\TaOVJcr.exe
  2⤵
  PID:7120
- C:\Windows\System\EcwvAer.exe
  C:\Windows\System\EcwvAer.exe
  2⤵
  PID:7148
- C:\Windows\System\YpZYzkh.exe
  C:\Windows\System\YpZYzkh.exe
  2⤵
  PID:6160
- C:\Windows\System\HTKTMBp.exe
  C:\Windows\System\HTKTMBp.exe
  2⤵
  PID:6236
- C:\Windows\System\WokWBNP.exe
  C:\Windows\System\WokWBNP.exe
  2⤵
  PID:6312
- C:\Windows\System\LBZTQmD.exe
  C:\Windows\System\LBZTQmD.exe
  2⤵
  PID:6328
- C:\Windows\System\aEfVEJg.exe
  C:\Windows\System\aEfVEJg.exe
  2⤵
  PID:6420
- C:\Windows\System\pvUGIgY.exe
  C:\Windows\System\pvUGIgY.exe
  2⤵
  PID:6500
- C:\Windows\System\KrCLWUC.exe
  C:\Windows\System\KrCLWUC.exe
  2⤵
  PID:6588
- C:\Windows\System\KjZtnMH.exe
  C:\Windows\System\KjZtnMH.exe
  2⤵
  PID:6684
- C:\Windows\System\GXtAdNl.exe
  C:\Windows\System\GXtAdNl.exe
  2⤵
  PID:6748
- C:\Windows\System\UHMUiyN.exe
  C:\Windows\System\UHMUiyN.exe
  2⤵
  PID:6844
- C:\Windows\System\OWzLaRi.exe
  C:\Windows\System\OWzLaRi.exe
  2⤵
  PID:6928
- C:\Windows\System\QjfmvFS.exe
  C:\Windows\System\QjfmvFS.exe
  2⤵
  PID:7076
- C:\Windows\System\NyYieRX.exe
  C:\Windows\System\NyYieRX.exe
  2⤵
  PID:7164
- C:\Windows\System\fHKYmlj.exe
  C:\Windows\System\fHKYmlj.exe
  2⤵
  PID:6384
- C:\Windows\System\WTcqnQn.exe
  C:\Windows\System\WTcqnQn.exe
  2⤵
  PID:6712
- C:\Windows\System\sZtqRsE.exe
  C:\Windows\System\sZtqRsE.exe
  2⤵
  PID:6780
- C:\Windows\System\tUoCzjU.exe
  C:\Windows\System\tUoCzjU.exe
  2⤵
  PID:7104
- C:\Windows\System\AlfmkOu.exe
  C:\Windows\System\AlfmkOu.exe
  2⤵
  PID:6740
- C:\Windows\System\ZyIyaOe.exe
  C:\Windows\System\ZyIyaOe.exe
  2⤵
  PID:4100
- C:\Windows\System\WGFDiNI.exe
  C:\Windows\System\WGFDiNI.exe
  2⤵
  PID:7188
- C:\Windows\System\zqdHxUc.exe
  C:\Windows\System\zqdHxUc.exe
  2⤵
  PID:7220
- C:\Windows\System\eKkuKfT.exe
  C:\Windows\System\eKkuKfT.exe
  2⤵
  PID:7248
- C:\Windows\System\PryOfVD.exe
  C:\Windows\System\PryOfVD.exe
  2⤵
  PID:7280
- C:\Windows\System\GZCkOEY.exe
  C:\Windows\System\GZCkOEY.exe
  2⤵
  PID:7312
- C:\Windows\System\MtrnHnI.exe
  C:\Windows\System\MtrnHnI.exe
  2⤵
  PID:7340
- C:\Windows\System\bsIXyIy.exe
  C:\Windows\System\bsIXyIy.exe
  2⤵
  PID:7372
- C:\Windows\System\qWuRhhA.exe
  C:\Windows\System\qWuRhhA.exe
  2⤵
  PID:7408
- C:\Windows\System\PJgwBwL.exe
  C:\Windows\System\PJgwBwL.exe
  2⤵
  PID:7448
- C:\Windows\System\yziaxUf.exe
  C:\Windows\System\yziaxUf.exe
  2⤵
  PID:7472
- C:\Windows\System\ktXCLAU.exe
  C:\Windows\System\ktXCLAU.exe
  2⤵
  PID:7532
- C:\Windows\System\Pxhynkh.exe
  C:\Windows\System\Pxhynkh.exe
  2⤵
  PID:7560
- C:\Windows\System\npvrmYo.exe
  C:\Windows\System\npvrmYo.exe
  2⤵
  PID:7592
- C:\Windows\System\aHuhhBr.exe
  C:\Windows\System\aHuhhBr.exe
  2⤵
  PID:7620
- C:\Windows\System\oHcZVkY.exe
  C:\Windows\System\oHcZVkY.exe
  2⤵
  PID:7660
- C:\Windows\System\txJeVHQ.exe
  C:\Windows\System\txJeVHQ.exe
  2⤵
  PID:7692
- C:\Windows\System\BAyMGNq.exe
  C:\Windows\System\BAyMGNq.exe
  2⤵
  PID:7716
- C:\Windows\System\qhXfxnq.exe
  C:\Windows\System\qhXfxnq.exe
  2⤵
  PID:7748
- C:\Windows\System\MsnvhHp.exe
  C:\Windows\System\MsnvhHp.exe
  2⤵
  PID:7788
- C:\Windows\System\heRmfKH.exe
  C:\Windows\System\heRmfKH.exe
  2⤵
  PID:7824
- C:\Windows\System\ZCyqsVq.exe
  C:\Windows\System\ZCyqsVq.exe
  2⤵
  PID:7856
- C:\Windows\System\epXeQEZ.exe
  C:\Windows\System\epXeQEZ.exe
  2⤵
  PID:7888
- C:\Windows\System\ICpaSaQ.exe
  C:\Windows\System\ICpaSaQ.exe
  2⤵
  PID:7920
- C:\Windows\System\WTQWiku.exe
  C:\Windows\System\WTQWiku.exe
  2⤵
  PID:7944
- C:\Windows\System\ngCOHYZ.exe
  C:\Windows\System\ngCOHYZ.exe
  2⤵
  PID:7984
- C:\Windows\System\vaMXLac.exe
  C:\Windows\System\vaMXLac.exe
  2⤵
  PID:8008
- C:\Windows\System\xHlFlLE.exe
  C:\Windows\System\xHlFlLE.exe
  2⤵
  PID:8044
- C:\Windows\System\DTutEpL.exe
  C:\Windows\System\DTutEpL.exe
  2⤵
  PID:8076
- C:\Windows\System\XxAWRTc.exe
  C:\Windows\System\XxAWRTc.exe
  2⤵
  PID:8112
- C:\Windows\System\yoSaNaq.exe
  C:\Windows\System\yoSaNaq.exe
  2⤵
  PID:8140
- C:\Windows\System\gVmKoRZ.exe
  C:\Windows\System\gVmKoRZ.exe
  2⤵
  PID:8168
- C:\Windows\System\sxEjzmS.exe
  C:\Windows\System\sxEjzmS.exe
  2⤵
  PID:7204
- C:\Windows\System\IXYWRxg.exe
  C:\Windows\System\IXYWRxg.exe
  2⤵
  PID:7264
- C:\Windows\System\ALulIDO.exe
  C:\Windows\System\ALulIDO.exe
  2⤵
  PID:7320
- C:\Windows\System\GbvTdzr.exe
  C:\Windows\System\GbvTdzr.exe
  2⤵
  PID:7384
- C:\Windows\System\sWSHYso.exe
  C:\Windows\System\sWSHYso.exe
  2⤵
  PID:7464
- C:\Windows\System\BSYHMfU.exe
  C:\Windows\System\BSYHMfU.exe
  2⤵
  PID:7540
- C:\Windows\System\rIvHTEd.exe
  C:\Windows\System\rIvHTEd.exe
  2⤵
  PID:7612
- C:\Windows\System\hwFcpdN.exe
  C:\Windows\System\hwFcpdN.exe
  2⤵
  PID:7668
- C:\Windows\System\ROynByD.exe
  C:\Windows\System\ROynByD.exe
  2⤵
  PID:7740
- C:\Windows\System\AjsUIda.exe
  C:\Windows\System\AjsUIda.exe
  2⤵
  PID:7796
- C:\Windows\System\rxLIvLb.exe
  C:\Windows\System\rxLIvLb.exe
  2⤵
  PID:7864
- C:\Windows\System\AQwtJmV.exe
  C:\Windows\System\AQwtJmV.exe
  2⤵
  PID:7932
- C:\Windows\System\gHxGBdn.exe
  C:\Windows\System\gHxGBdn.exe
  2⤵
  PID:7996
- C:\Windows\System\maCrMcd.exe
  C:\Windows\System\maCrMcd.exe
  2⤵
  PID:8056
- C:\Windows\System\QmKClXe.exe
  C:\Windows\System\QmKClXe.exe
  2⤵
  PID:8124
- C:\Windows\System\ehbaoNK.exe
  C:\Windows\System\ehbaoNK.exe
  2⤵
  PID:8180
- C:\Windows\System\vYrINgx.exe
  C:\Windows\System\vYrINgx.exe
  2⤵
  PID:7288
- C:\Windows\System\fDbvXLk.exe
  C:\Windows\System\fDbvXLk.exe
  2⤵
  PID:7400
- C:\Windows\System\JEWwwYR.exe
  C:\Windows\System\JEWwwYR.exe
  2⤵
  PID:7584
- C:\Windows\System\ysFKYWP.exe
  C:\Windows\System\ysFKYWP.exe
  2⤵
  PID:7700
- C:\Windows\System\UjdOYYq.exe
  C:\Windows\System\UjdOYYq.exe
  2⤵
  PID:7832
- C:\Windows\System\JSVgNHK.exe
  C:\Windows\System\JSVgNHK.exe
  2⤵
  PID:7960
- C:\Windows\System\iildumY.exe
  C:\Windows\System\iildumY.exe
  2⤵
  PID:8092
- C:\Windows\System\TOOEcze.exe
  C:\Windows\System\TOOEcze.exe
  2⤵
  PID:6944
- C:\Windows\System\MtCmRXn.exe
  C:\Windows\System\MtCmRXn.exe
  2⤵
  PID:7484
- C:\Windows\System\TxXSOnw.exe
  C:\Windows\System\TxXSOnw.exe
  2⤵
  PID:7760
- C:\Windows\System\srVjDks.exe
  C:\Windows\System\srVjDks.exe
  2⤵
  PID:8020
- C:\Windows\System\aNmWZTV.exe
  C:\Windows\System\aNmWZTV.exe
  2⤵
  PID:7352
- C:\Windows\System\vbwZfwG.exe
  C:\Windows\System\vbwZfwG.exe
  2⤵
  PID:7812
- C:\Windows\System\JNZbehH.exe
  C:\Windows\System\JNZbehH.exe
  2⤵
  PID:7436
- C:\Windows\System\ZASGLcp.exe
  C:\Windows\System\ZASGLcp.exe
  2⤵
  PID:7680
- C:\Windows\System\PhYVloi.exe
  C:\Windows\System\PhYVloi.exe
  2⤵
  PID:8216
- C:\Windows\System\jnUUeTE.exe
  C:\Windows\System\jnUUeTE.exe
  2⤵
  PID:8248
- C:\Windows\System\wQVmJyN.exe
  C:\Windows\System\wQVmJyN.exe
  2⤵
  PID:8280
- C:\Windows\System\KCxkbvH.exe
  C:\Windows\System\KCxkbvH.exe
  2⤵
  PID:8312
- C:\Windows\System\yFzXLnf.exe
  C:\Windows\System\yFzXLnf.exe
  2⤵
  PID:8344
- C:\Windows\System\cRFuqHu.exe
  C:\Windows\System\cRFuqHu.exe
  2⤵
  PID:8376
- C:\Windows\System\QzixcCx.exe
  C:\Windows\System\QzixcCx.exe
  2⤵
  PID:8408
- C:\Windows\System\NstHUhr.exe
  C:\Windows\System\NstHUhr.exe
  2⤵
  PID:8440
- C:\Windows\System\xURadSF.exe
  C:\Windows\System\xURadSF.exe
  2⤵
  PID:8472
- C:\Windows\System\sNJTzzk.exe
  C:\Windows\System\sNJTzzk.exe
  2⤵
  PID:8504
- C:\Windows\System\EoYIBTv.exe
  C:\Windows\System\EoYIBTv.exe
  2⤵
  PID:8536
- C:\Windows\System\yJhjJFU.exe
  C:\Windows\System\yJhjJFU.exe
  2⤵
  PID:8584
- C:\Windows\System\gzFMxEG.exe
  C:\Windows\System\gzFMxEG.exe
  2⤵
  PID:8600
- C:\Windows\System\jpzEfpt.exe
  C:\Windows\System\jpzEfpt.exe
  2⤵
  PID:8644
- C:\Windows\System\rVnXJFJ.exe
  C:\Windows\System\rVnXJFJ.exe
  2⤵
  PID:8688
- C:\Windows\System\VWroevs.exe
  C:\Windows\System\VWroevs.exe
  2⤵
  PID:8740
- C:\Windows\System\ECLoaVX.exe
  C:\Windows\System\ECLoaVX.exe
  2⤵
  PID:8764
- C:\Windows\System\aJwrrrE.exe
  C:\Windows\System\aJwrrrE.exe
  2⤵
  PID:8804
- C:\Windows\System\SvZEzsx.exe
  C:\Windows\System\SvZEzsx.exe
  2⤵
  PID:8832
- C:\Windows\System\rWtyAQB.exe
  C:\Windows\System\rWtyAQB.exe
  2⤵
  PID:8864
- C:\Windows\System\wPaQgAI.exe
  C:\Windows\System\wPaQgAI.exe
  2⤵
  PID:8896
- C:\Windows\System\ofmEjgR.exe
  C:\Windows\System\ofmEjgR.exe
  2⤵
  PID:8928
- C:\Windows\System\fwXHiAz.exe
  C:\Windows\System\fwXHiAz.exe
  2⤵
  PID:8960
- C:\Windows\System\SShqofC.exe
  C:\Windows\System\SShqofC.exe
  2⤵
  PID:8992
- C:\Windows\System\DYXnMzy.exe
  C:\Windows\System\DYXnMzy.exe
  2⤵
  PID:9024
- C:\Windows\System\iMZZRYv.exe
  C:\Windows\System\iMZZRYv.exe
  2⤵
  PID:9056
- C:\Windows\System\UuyAeGY.exe
  C:\Windows\System\UuyAeGY.exe
  2⤵
  PID:9088
- C:\Windows\System\KDLflzn.exe
  C:\Windows\System\KDLflzn.exe
  2⤵
  PID:9120
- C:\Windows\System\cgqxhSf.exe
  C:\Windows\System\cgqxhSf.exe
  2⤵
  PID:9152
- C:\Windows\System\omtFPVr.exe
  C:\Windows\System\omtFPVr.exe
  2⤵
  PID:9184
- C:\Windows\System\azrHFWv.exe
  C:\Windows\System\azrHFWv.exe
  2⤵
  PID:7228
- C:\Windows\System\OmLvZjH.exe
  C:\Windows\System\OmLvZjH.exe
  2⤵
  PID:8244
- C:\Windows\System\LlNMEIz.exe
  C:\Windows\System\LlNMEIz.exe
  2⤵
  PID:8308
- C:\Windows\System\BSoUYfp.exe
  C:\Windows\System\BSoUYfp.exe
  2⤵
  PID:8372
- C:\Windows\System\HRlZKMr.exe
  C:\Windows\System\HRlZKMr.exe
  2⤵
  PID:8468
- C:\Windows\System\JhUcKdI.exe
  C:\Windows\System\JhUcKdI.exe
  2⤵
  PID:7904
- C:\Windows\System\rEVQQJC.exe
  C:\Windows\System\rEVQQJC.exe
  2⤵
  PID:8564
- C:\Windows\System\zEDminR.exe
  C:\Windows\System\zEDminR.exe
  2⤵
  PID:8636
- C:\Windows\System\DHYGgyi.exe
  C:\Windows\System\DHYGgyi.exe
  2⤵
  PID:8724
- C:\Windows\System\dwqufXf.exe
  C:\Windows\System\dwqufXf.exe
  2⤵
  PID:8812
- C:\Windows\System\SnOAQWE.exe
  C:\Windows\System\SnOAQWE.exe
  2⤵
  PID:8844
- C:\Windows\System\pnXVLfj.exe
  C:\Windows\System\pnXVLfj.exe
  2⤵
  PID:8912
- C:\Windows\System\QRbRQDC.exe
  C:\Windows\System\QRbRQDC.exe
  2⤵
  PID:8984
- C:\Windows\System\DjSMIxd.exe
  C:\Windows\System\DjSMIxd.exe
  2⤵
  PID:9048
- C:\Windows\System\MCeqEml.exe
  C:\Windows\System\MCeqEml.exe
  2⤵
  PID:9112
- C:\Windows\System\keXNKGY.exe
  C:\Windows\System\keXNKGY.exe
  2⤵
  PID:9176
- C:\Windows\System\NIKcmsW.exe
  C:\Windows\System\NIKcmsW.exe
  2⤵
  PID:8232
- C:\Windows\System\GsPryEc.exe
  C:\Windows\System\GsPryEc.exe
  2⤵
  PID:8404
- C:\Windows\System\rdLfIQs.exe
  C:\Windows\System\rdLfIQs.exe
  2⤵
  PID:8788
- C:\Windows\System\XcuvYUj.exe
  C:\Windows\System\XcuvYUj.exe
  2⤵
  PID:8596
- C:\Windows\System\mHgeGoh.exe
  C:\Windows\System\mHgeGoh.exe
  2⤵
  PID:8748
- C:\Windows\System\JULTCoU.exe
  C:\Windows\System\JULTCoU.exe
  2⤵
  PID:8892
- C:\Windows\System\IlCDuFa.exe
  C:\Windows\System\IlCDuFa.exe
  2⤵
  PID:9008
- C:\Windows\System\IpoAiHT.exe
  C:\Windows\System\IpoAiHT.exe
  2⤵
  PID:9136
- C:\Windows\System\sRnHkUp.exe
  C:\Windows\System\sRnHkUp.exe
  2⤵
  PID:8276
- C:\Windows\System\rYJEkzM.exe
  C:\Windows\System\rYJEkzM.exe
  2⤵
  PID:8528
- C:\Windows\System\RzIGCUp.exe
  C:\Windows\System\RzIGCUp.exe
  2⤵
  PID:8776
- C:\Windows\System\iMJtzvo.exe
  C:\Windows\System\iMJtzvo.exe
  2⤵
  PID:9080
- C:\Windows\System\EBDlVhz.exe
  C:\Windows\System\EBDlVhz.exe
  2⤵
  PID:8420
- C:\Windows\System\fPMNuBE.exe
  C:\Windows\System\fPMNuBE.exe
  2⤵
  PID:8972
- C:\Windows\System\heApWPO.exe
  C:\Windows\System\heApWPO.exe
  2⤵
  PID:8664
- C:\Windows\System\DBvWSkf.exe
  C:\Windows\System\DBvWSkf.exe
  2⤵
  PID:9208
- C:\Windows\System\GgHNFbF.exe
  C:\Windows\System\GgHNFbF.exe
  2⤵
  PID:9240
- C:\Windows\System\wYvcnBK.exe
  C:\Windows\System\wYvcnBK.exe
  2⤵
  PID:9272
- C:\Windows\System\nKcjLRu.exe
  C:\Windows\System\nKcjLRu.exe
  2⤵
  PID:9304
- C:\Windows\System\kcRblFR.exe
  C:\Windows\System\kcRblFR.exe
  2⤵
  PID:9336
- C:\Windows\System\crwTcTD.exe
  C:\Windows\System\crwTcTD.exe
  2⤵
  PID:9368
- C:\Windows\System\CFefgMh.exe
  C:\Windows\System\CFefgMh.exe
  2⤵
  PID:9404
- C:\Windows\System\GULRmNW.exe
  C:\Windows\System\GULRmNW.exe
  2⤵
  PID:9432
- C:\Windows\System\UMEJbFF.exe
  C:\Windows\System\UMEJbFF.exe
  2⤵
  PID:9464
- C:\Windows\System\xICyxHZ.exe
  C:\Windows\System\xICyxHZ.exe
  2⤵
  PID:9496
- C:\Windows\System\zVaxCKk.exe
  C:\Windows\System\zVaxCKk.exe
  2⤵
  PID:9528
- C:\Windows\System\JldoYrR.exe
  C:\Windows\System\JldoYrR.exe
  2⤵
  PID:9560
- C:\Windows\System\qDRlUvj.exe
  C:\Windows\System\qDRlUvj.exe
  2⤵
  PID:9592
- C:\Windows\System\TMaHNBQ.exe
  C:\Windows\System\TMaHNBQ.exe
  2⤵
  PID:9624
- C:\Windows\System\qqZNTLc.exe
  C:\Windows\System\qqZNTLc.exe
  2⤵
  PID:9656
- C:\Windows\System\kBHTmlL.exe
  C:\Windows\System\kBHTmlL.exe
  2⤵
  PID:9688
- C:\Windows\System\WvQFQeD.exe
  C:\Windows\System\WvQFQeD.exe
  2⤵
  PID:9712
- C:\Windows\System\sURsPIy.exe
  C:\Windows\System\sURsPIy.exe
  2⤵
  PID:9756
- C:\Windows\System\XTGibcP.exe
  C:\Windows\System\XTGibcP.exe
  2⤵
  PID:9788
- C:\Windows\System\CrcdUnw.exe
  C:\Windows\System\CrcdUnw.exe
  2⤵
  PID:9820
- C:\Windows\System\WRUAfMT.exe
  C:\Windows\System\WRUAfMT.exe
  2⤵
  PID:9856
- C:\Windows\System\SsAKsfx.exe
  C:\Windows\System\SsAKsfx.exe
  2⤵
  PID:9884
- C:\Windows\System\xoQiFnY.exe
  C:\Windows\System\xoQiFnY.exe
  2⤵
  PID:9916
- C:\Windows\System\caaVKCC.exe
  C:\Windows\System\caaVKCC.exe
  2⤵
  PID:9948
- C:\Windows\System\NBGZLZF.exe
  C:\Windows\System\NBGZLZF.exe
  2⤵
  PID:9984
- C:\Windows\System\uXpcCen.exe
  C:\Windows\System\uXpcCen.exe
  2⤵
  PID:10020
- C:\Windows\System\FgqcPmZ.exe
  C:\Windows\System\FgqcPmZ.exe
  2⤵
  PID:10044
- C:\Windows\System\joAaOLp.exe
  C:\Windows\System\joAaOLp.exe
  2⤵
  PID:10076
- C:\Windows\System\fxDZyLb.exe
  C:\Windows\System\fxDZyLb.exe
  2⤵
  PID:10120
- C:\Windows\System\oJyhxsA.exe
  C:\Windows\System\oJyhxsA.exe
  2⤵
  PID:10184
- C:\Windows\System\pHSGZsl.exe
  C:\Windows\System\pHSGZsl.exe
  2⤵
  PID:10220
- C:\Windows\System\EVQaXqi.exe
  C:\Windows\System\EVQaXqi.exe
  2⤵
  PID:9236
- C:\Windows\System\DOwYHJw.exe
  C:\Windows\System\DOwYHJw.exe
  2⤵
  PID:9320
- C:\Windows\System\xVDxrXk.exe
  C:\Windows\System\xVDxrXk.exe
  2⤵
  PID:9364
- C:\Windows\System\cSITtTF.exe
  C:\Windows\System\cSITtTF.exe
  2⤵
  PID:9456
- C:\Windows\System\ZMWOwXu.exe
  C:\Windows\System\ZMWOwXu.exe
  2⤵
  PID:9588
- C:\Windows\System\LatFMCY.exe
  C:\Windows\System\LatFMCY.exe
  2⤵
  PID:9672
- C:\Windows\System\YNBWXbA.exe
  C:\Windows\System\YNBWXbA.exe
  2⤵
  PID:9748
- C:\Windows\System\DWYmRge.exe
  C:\Windows\System\DWYmRge.exe
  2⤵
  PID:9804
- C:\Windows\System\NVHPuaJ.exe
  C:\Windows\System\NVHPuaJ.exe
  2⤵
  PID:9880
- C:\Windows\System\LgfwQnS.exe
  C:\Windows\System\LgfwQnS.exe
  2⤵
  PID:9944
- C:\Windows\System\QNJpxTQ.exe
  C:\Windows\System\QNJpxTQ.exe
  2⤵
  PID:10008
- C:\Windows\System\dmtvelq.exe
  C:\Windows\System\dmtvelq.exe
  2⤵
  PID:10072
- C:\Windows\System\KLSzDgx.exe
  C:\Windows\System\KLSzDgx.exe
  2⤵
  PID:10172
- C:\Windows\System\mjNTaKS.exe
  C:\Windows\System\mjNTaKS.exe
  2⤵
  PID:10232
- C:\Windows\System\eRNNkCc.exe
  C:\Windows\System\eRNNkCc.exe
  2⤵
  PID:9416
- C:\Windows\System\HcrwjMv.exe
  C:\Windows\System\HcrwjMv.exe
  2⤵
  PID:9640
- C:\Windows\System\UQVfqsj.exe
  C:\Windows\System\UQVfqsj.exe
  2⤵
  PID:9784
- C:\Windows\System\JvQAaSC.exe
  C:\Windows\System\JvQAaSC.exe
  2⤵
  PID:9876
- C:\Windows\System\kySlXdK.exe
  C:\Windows\System\kySlXdK.exe
  2⤵
  PID:10036
- C:\Windows\System\bsiSbif.exe
  C:\Windows\System\bsiSbif.exe
  2⤵
  PID:9268
- C:\Windows\System\KXfjTkP.exe
  C:\Windows\System\KXfjTkP.exe
  2⤵
  PID:9620
- C:\Windows\System\AkPCVLj.exe
  C:\Windows\System\AkPCVLj.exe
  2⤵
  PID:9848
- C:\Windows\System\ysREqtw.exe
  C:\Windows\System\ysREqtw.exe
  2⤵
  PID:9224
- C:\Windows\System\cbVndNS.exe
  C:\Windows\System\cbVndNS.exe
  2⤵
  PID:9728
- C:\Windows\System\uGeQPmc.exe
  C:\Windows\System\uGeQPmc.exe
  2⤵
  PID:9396
- C:\Windows\System\ukxBkuR.exe
  C:\Windows\System\ukxBkuR.exe
  2⤵
  PID:9908
- C:\Windows\System\PjdGRSu.exe
  C:\Windows\System\PjdGRSu.exe
  2⤵
  PID:10272
- C:\Windows\System\LTTCaQa.exe
  C:\Windows\System\LTTCaQa.exe
  2⤵
  PID:10304
- C:\Windows\System\NiofcUF.exe
  C:\Windows\System\NiofcUF.exe
  2⤵
  PID:10336
- C:\Windows\System\MWaxTML.exe
  C:\Windows\System\MWaxTML.exe
  2⤵
  PID:10368
- C:\Windows\System\GLyLkeI.exe
  C:\Windows\System\GLyLkeI.exe
  2⤵
  PID:10400
- C:\Windows\System\rDQvPoI.exe
  C:\Windows\System\rDQvPoI.exe
  2⤵
  PID:10432
- C:\Windows\System\oKuoBwu.exe
  C:\Windows\System\oKuoBwu.exe
  2⤵
  PID:10464
- C:\Windows\System\BMcSFLQ.exe
  C:\Windows\System\BMcSFLQ.exe
  2⤵
  PID:10496
- C:\Windows\System\LIGwqvO.exe
  C:\Windows\System\LIGwqvO.exe
  2⤵
  PID:10528
- C:\Windows\System\lLfVcJU.exe
  C:\Windows\System\lLfVcJU.exe
  2⤵
  PID:10552
- C:\Windows\System\JxTQtmo.exe
  C:\Windows\System\JxTQtmo.exe
  2⤵
  PID:10576
- C:\Windows\System\WFOvNEm.exe
  C:\Windows\System\WFOvNEm.exe
  2⤵
  PID:10600
- C:\Windows\System\aEigkwu.exe
  C:\Windows\System\aEigkwu.exe
  2⤵
  PID:10624
- C:\Windows\System\FUQaeWC.exe
  C:\Windows\System\FUQaeWC.exe
  2⤵
  PID:10684
- C:\Windows\System\iGVwDQc.exe
  C:\Windows\System\iGVwDQc.exe
  2⤵
  PID:10716
- C:\Windows\System\ZQRmjSt.exe
  C:\Windows\System\ZQRmjSt.exe
  2⤵
  PID:10752
- C:\Windows\System\HFkoMMJ.exe
  C:\Windows\System\HFkoMMJ.exe
  2⤵
  PID:10784
- C:\Windows\System\lvfBEuW.exe
  C:\Windows\System\lvfBEuW.exe
  2⤵
  PID:10816
- C:\Windows\System\wUcVXAC.exe
  C:\Windows\System\wUcVXAC.exe
  2⤵
  PID:10848
- C:\Windows\System\gaxIatO.exe
  C:\Windows\System\gaxIatO.exe
  2⤵
  PID:10880
- C:\Windows\System\FfoQFIm.exe
  C:\Windows\System\FfoQFIm.exe
  2⤵
  PID:10912
- C:\Windows\System\nvqfQDX.exe
  C:\Windows\System\nvqfQDX.exe
  2⤵
  PID:10944
- C:\Windows\System\gDviQEL.exe
  C:\Windows\System\gDviQEL.exe
  2⤵
  PID:10976
- C:\Windows\System\WjBJMui.exe
  C:\Windows\System\WjBJMui.exe
  2⤵
  PID:11008
- C:\Windows\System\lkIWeMK.exe
  C:\Windows\System\lkIWeMK.exe
  2⤵
  PID:11040
- C:\Windows\System\yilbxBO.exe
  C:\Windows\System\yilbxBO.exe
  2⤵
  PID:11072
- C:\Windows\System\iKVAarW.exe
  C:\Windows\System\iKVAarW.exe
  2⤵
  PID:11108
- C:\Windows\System\bQFexrN.exe
  C:\Windows\System\bQFexrN.exe
  2⤵
  PID:11140
- C:\Windows\System\vOqbqua.exe
  C:\Windows\System\vOqbqua.exe
  2⤵
  PID:11172
- C:\Windows\System\GpBqEXa.exe
  C:\Windows\System\GpBqEXa.exe
  2⤵
  PID:11204
- C:\Windows\System\QMkqBef.exe
  C:\Windows\System\QMkqBef.exe
  2⤵
  PID:11236
- C:\Windows\System\IGBFMuR.exe
  C:\Windows\System\IGBFMuR.exe
  2⤵
  PID:11256
- C:\Windows\System\JlLCdhq.exe
  C:\Windows\System\JlLCdhq.exe
  2⤵
  PID:10284
- C:\Windows\System\Boudfxy.exe
  C:\Windows\System\Boudfxy.exe
  2⤵
  PID:10380
- C:\Windows\System\ymMsAjW.exe
  C:\Windows\System\ymMsAjW.exe
  2⤵
  PID:10416
- C:\Windows\System\nlaVVTn.exe
  C:\Windows\System\nlaVVTn.exe
  2⤵
  PID:10508
- C:\Windows\System\axUkYRp.exe
  C:\Windows\System\axUkYRp.exe
  2⤵
  PID:10560
- C:\Windows\System\sruzjcK.exe
  C:\Windows\System\sruzjcK.exe
  2⤵
  PID:10596
- C:\Windows\System\DGbvPcw.exe
  C:\Windows\System\DGbvPcw.exe
  2⤵
  PID:10620
- C:\Windows\System\cgxpCUW.exe
  C:\Windows\System\cgxpCUW.exe
  2⤵
  PID:10736
- C:\Windows\System\QecYjut.exe
  C:\Windows\System\QecYjut.exe
  2⤵
  PID:10828
- C:\Windows\System\EjgaKfM.exe
  C:\Windows\System\EjgaKfM.exe
  2⤵
  PID:10892
- C:\Windows\System\sLDSwib.exe
  C:\Windows\System\sLDSwib.exe
  2⤵
  PID:10940
- C:\Windows\System\trkPxry.exe
  C:\Windows\System\trkPxry.exe
  2⤵
  PID:11004
- C:\Windows\System\fPhmZZV.exe
  C:\Windows\System\fPhmZZV.exe
  2⤵
  PID:11052
- C:\Windows\System\QfNWXBC.exe
  C:\Windows\System\QfNWXBC.exe
  2⤵
  PID:11136
- C:\Windows\System\cZDRXkn.exe
  C:\Windows\System\cZDRXkn.exe
  2⤵
  PID:11200
- C:\Windows\System\iRKsOhZ.exe
  C:\Windows\System\iRKsOhZ.exe
  2⤵
  PID:10252
- C:\Windows\System\qNDFRmE.exe
  C:\Windows\System\qNDFRmE.exe
  2⤵
  PID:10316
- C:\Windows\System\fBXbyoD.exe
  C:\Windows\System\fBXbyoD.exe
  2⤵
  PID:10460
- C:\Windows\System\nlBVidP.exe
  C:\Windows\System\nlBVidP.exe
  2⤵
  PID:10616
- C:\Windows\System\CjNHkXc.exe
  C:\Windows\System\CjNHkXc.exe
  2⤵
  PID:10776
- C:\Windows\System\vOKgEMq.exe
  C:\Windows\System\vOKgEMq.exe
  2⤵
  PID:10876
- C:\Windows\System\IgwAZlc.exe
  C:\Windows\System\IgwAZlc.exe
  2⤵
  PID:10936
- C:\Windows\System\IBFMtkx.exe
  C:\Windows\System\IBFMtkx.exe
  2⤵
  PID:11224
- C:\Windows\System\BGYRuym.exe
  C:\Windows\System\BGYRuym.exe
  2⤵
  PID:10332
- C:\Windows\System\IzgXFMN.exe
  C:\Windows\System\IzgXFMN.exe
  2⤵
  PID:10588
- C:\Windows\System\hWUlNfo.exe
  C:\Windows\System\hWUlNfo.exe
  2⤵
  PID:10872
- C:\Windows\System\jmlibSw.exe
  C:\Windows\System\jmlibSw.exe
  2⤵
  PID:10992
- C:\Windows\System\IvRiZbr.exe
  C:\Windows\System\IvRiZbr.exe
  2⤵
  PID:11132
- C:\Windows\System\Njkslpw.exe
  C:\Windows\System\Njkslpw.exe
  2⤵
  PID:10860
- C:\Windows\System\MOIvzBP.exe
  C:\Windows\System\MOIvzBP.exe
  2⤵
  PID:10636
- C:\Windows\System\gWaeaRw.exe
  C:\Windows\System\gWaeaRw.exe
  2⤵
  PID:10568
- C:\Windows\System\KdeUaFh.exe
  C:\Windows\System\KdeUaFh.exe
  2⤵
  PID:11300
- C:\Windows\System\dwUTlmn.exe
  C:\Windows\System\dwUTlmn.exe
  2⤵
  PID:11336
- C:\Windows\System\sfZTXgl.exe
  C:\Windows\System\sfZTXgl.exe
  2⤵
  PID:11352
- C:\Windows\System\rCMOqkR.exe
  C:\Windows\System\rCMOqkR.exe
  2⤵
  PID:11388
- C:\Windows\System\TkPpGPe.exe
  C:\Windows\System\TkPpGPe.exe
  2⤵
  PID:11416
- C:\Windows\System\fDksXbK.exe
  C:\Windows\System\fDksXbK.exe
  2⤵
  PID:11464
- C:\Windows\System\yWdKqYm.exe
  C:\Windows\System\yWdKqYm.exe
  2⤵
  PID:11480
- C:\Windows\System\gzuQKbO.exe
  C:\Windows\System\gzuQKbO.exe
  2⤵
  PID:11524
- C:\Windows\System\eVRNBiH.exe
  C:\Windows\System\eVRNBiH.exe
  2⤵
  PID:11548
- C:\Windows\System\ADpzpQu.exe
  C:\Windows\System\ADpzpQu.exe
  2⤵
  PID:11576
- C:\Windows\System\EHSlkNk.exe
  C:\Windows\System\EHSlkNk.exe
  2⤵
  PID:11624
- C:\Windows\System\uGFInPX.exe
  C:\Windows\System\uGFInPX.exe
  2⤵
  PID:11660
- C:\Windows\System\MJKzMud.exe
  C:\Windows\System\MJKzMud.exe
  2⤵
  PID:11696
- C:\Windows\System\SivHDgC.exe
  C:\Windows\System\SivHDgC.exe
  2⤵
  PID:11716
- C:\Windows\System\hTniXFm.exe
  C:\Windows\System\hTniXFm.exe
  2⤵
  PID:11744
- C:\Windows\System\ygTPiNC.exe
  C:\Windows\System\ygTPiNC.exe
  2⤵
  PID:11792
- C:\Windows\System\pPuqXaz.exe
  C:\Windows\System\pPuqXaz.exe
  2⤵
  PID:11816
- C:\Windows\System\hiOShgf.exe
  C:\Windows\System\hiOShgf.exe
  2⤵
  PID:11832
- C:\Windows\System\MXmJBOZ.exe
  C:\Windows\System\MXmJBOZ.exe
  2⤵
  PID:11868
- C:\Windows\System\ApHcydw.exe
  C:\Windows\System\ApHcydw.exe
  2⤵
  PID:11916
- C:\Windows\System\bXPsLor.exe
  C:\Windows\System\bXPsLor.exe
  2⤵
  PID:11948
- C:\Windows\System\oSFBSJx.exe
  C:\Windows\System\oSFBSJx.exe
  2⤵
  PID:11980
- C:\Windows\System\bvwOytF.exe
  C:\Windows\System\bvwOytF.exe
  2⤵
  PID:12028
- C:\Windows\System\FUoupcu.exe
  C:\Windows\System\FUoupcu.exe
  2⤵
  PID:12048
- C:\Windows\System\VIRvlOS.exe
  C:\Windows\System\VIRvlOS.exe
  2⤵
  PID:12076
- C:\Windows\System\jKcoEit.exe
  C:\Windows\System\jKcoEit.exe
  2⤵
  PID:12108
- C:\Windows\System\wrjSKeL.exe
  C:\Windows\System\wrjSKeL.exe
  2⤵
  PID:12140
- C:\Windows\System\gKGiskh.exe
  C:\Windows\System\gKGiskh.exe
  2⤵
  PID:12172
- C:\Windows\System\IwzEpci.exe
  C:\Windows\System\IwzEpci.exe
  2⤵
  PID:12204
- C:\Windows\System\TCLfbYJ.exe
  C:\Windows\System\TCLfbYJ.exe
  2⤵
  PID:12236
- C:\Windows\System\UWmHlun.exe
  C:\Windows\System\UWmHlun.exe
  2⤵
  PID:12276
- C:\Windows\System\QarBXHT.exe
  C:\Windows\System\QarBXHT.exe
  2⤵
  PID:11024
- C:\Windows\System\RrcwMXr.exe
  C:\Windows\System\RrcwMXr.exe
  2⤵
  PID:11328
- C:\Windows\System\QavJdKg.exe
  C:\Windows\System\QavJdKg.exe
  2⤵
  PID:11452
- C:\Windows\System\wFVdvTT.exe
  C:\Windows\System\wFVdvTT.exe
  2⤵
  PID:11516
- C:\Windows\System\cVbZmzX.exe
  C:\Windows\System\cVbZmzX.exe
  2⤵
  PID:11564
- C:\Windows\System\ApaqSJZ.exe
  C:\Windows\System\ApaqSJZ.exe
  2⤵
  PID:11704
- C:\Windows\System\isqaTBL.exe
  C:\Windows\System\isqaTBL.exe
  2⤵
  PID:11824
- C:\Windows\System\QyIQLla.exe
  C:\Windows\System\QyIQLla.exe
  2⤵
  PID:11812
- C:\Windows\System\uynBtMB.exe
  C:\Windows\System\uynBtMB.exe
  2⤵
  PID:11848
- C:\Windows\System\XgeNmfO.exe
  C:\Windows\System\XgeNmfO.exe
  2⤵
  PID:11880
- C:\Windows\System\HCmkRax.exe
  C:\Windows\System\HCmkRax.exe
  2⤵
  PID:11896
- C:\Windows\System\WiaSebc.exe
  C:\Windows\System\WiaSebc.exe
  2⤵
  PID:12092
- C:\Windows\System\aJrZgdI.exe
  C:\Windows\System\aJrZgdI.exe
  2⤵
  PID:12124
- C:\Windows\System\vvwSBhH.exe
  C:\Windows\System\vvwSBhH.exe
  2⤵
  PID:12192
- C:\Windows\System\geYcufM.exe
  C:\Windows\System\geYcufM.exe
  2⤵
  PID:11268
- C:\Windows\System\mwPyaXq.exe
  C:\Windows\System\mwPyaXq.exe
  2⤵
  PID:2588
- C:\Windows\System\GZYtlYk.exe
  C:\Windows\System\GZYtlYk.exe
  2⤵
  PID:1424
- C:\Windows\System\ngErZse.exe
  C:\Windows\System\ngErZse.exe
  2⤵
  PID:2844
- C:\Windows\System\MyeSjmc.exe
  C:\Windows\System\MyeSjmc.exe
  2⤵
  PID:11592
- C:\Windows\System\TiwGmmo.exe
  C:\Windows\System\TiwGmmo.exe
  2⤵
  PID:6552
- C:\Windows\System\LhHdGlB.exe
  C:\Windows\System\LhHdGlB.exe
  2⤵
  PID:3968
- C:\Windows\System\zrJTcZF.exe
  C:\Windows\System\zrJTcZF.exe
  2⤵
  PID:11932
- C:\Windows\System\FRvmppW.exe
  C:\Windows\System\FRvmppW.exe
  2⤵
  PID:11992
- C:\Windows\System\QFjigLM.exe
  C:\Windows\System\QFjigLM.exe
  2⤵
  PID:12152
- C:\Windows\System\tWTfnhC.exe
  C:\Windows\System\tWTfnhC.exe
  2⤵
  PID:10196
- C:\Windows\System\TKHYvuG.exe
  C:\Windows\System\TKHYvuG.exe
  2⤵
  PID:11476
- C:\Windows\System\bnqKalE.exe
  C:\Windows\System\bnqKalE.exe
  2⤵
  PID:11448
- C:\Windows\System\KNCFagt.exe
  C:\Windows\System\KNCFagt.exe
  2⤵
  PID:11556
- C:\Windows\System\ifHUjQB.exe
  C:\Windows\System\ifHUjQB.exe
  2⤵
  PID:848
- C:\Windows\System\dKULecC.exe
  C:\Windows\System\dKULecC.exe
  2⤵
  PID:1552
- C:\Windows\System\pIyTBxZ.exe
  C:\Windows\System\pIyTBxZ.exe
  2⤵
  PID:11536
- C:\Windows\System\fIkcouk.exe
  C:\Windows\System\fIkcouk.exe
  2⤵
  PID:1832
- C:\Windows\System\jxvhqxw.exe
  C:\Windows\System\jxvhqxw.exe
  2⤵
  PID:11940
- C:\Windows\System\RkihZzJ.exe
  C:\Windows\System\RkihZzJ.exe
  2⤵
  PID:12260
- C:\Windows\System\IiBAKkK.exe
  C:\Windows\System\IiBAKkK.exe
  2⤵
  PID:4576
- C:\Windows\System\oOOSdow.exe
  C:\Windows\System\oOOSdow.exe
  2⤵
  PID:12304
- C:\Windows\System\PwDURcT.exe
  C:\Windows\System\PwDURcT.exe
  2⤵
  PID:12360
- C:\Windows\System\muSayMc.exe
  C:\Windows\System\muSayMc.exe
  2⤵
  PID:12388
- C:\Windows\System\vgRnnEN.exe
  C:\Windows\System\vgRnnEN.exe
  2⤵
  PID:12412
- C:\Windows\System\piHZPeo.exe
  C:\Windows\System\piHZPeo.exe
  2⤵
  PID:12456
- C:\Windows\System\jrSYJMw.exe
  C:\Windows\System\jrSYJMw.exe
  2⤵
  PID:12488
- C:\Windows\System\cAtekNv.exe
  C:\Windows\System\cAtekNv.exe
  2⤵
  PID:12508
- C:\Windows\System\tZKHinN.exe
  C:\Windows\System\tZKHinN.exe
  2⤵
  PID:12536
- C:\Windows\System\CJxDFJp.exe
  C:\Windows\System\CJxDFJp.exe
  2⤵
  PID:12552
- C:\Windows\System\VETSRfj.exe
  C:\Windows\System\VETSRfj.exe
  2⤵
  PID:12584
- C:\Windows\System\qRKMltw.exe
  C:\Windows\System\qRKMltw.exe
  2⤵
  PID:12604
- C:\Windows\System\sWzQHjj.exe
  C:\Windows\System\sWzQHjj.exe
  2⤵
  PID:12648
- C:\Windows\System\INTOhLS.exe
  C:\Windows\System\INTOhLS.exe
  2⤵
  PID:12668
- C:\Windows\System\mqvTnQr.exe
  C:\Windows\System\mqvTnQr.exe
  2⤵
  PID:12720
- C:\Windows\System\jbJwTXG.exe
  C:\Windows\System\jbJwTXG.exe
  2⤵
  PID:12752
- C:\Windows\System\LSyhwxs.exe
  C:\Windows\System\LSyhwxs.exe
  2⤵
  PID:12792
- C:\Windows\System\dVVSLSR.exe
  C:\Windows\System\dVVSLSR.exe
  2⤵
  PID:12816
- C:\Windows\System\LHJCNlH.exe
  C:\Windows\System\LHJCNlH.exe
  2⤵
  PID:12864
- C:\Windows\System\WJSQClM.exe
  C:\Windows\System\WJSQClM.exe
  2⤵
  PID:12912
- C:\Windows\System\eQBHSzV.exe
  C:\Windows\System\eQBHSzV.exe
  2⤵
  PID:12948
- C:\Windows\System\rLUaLoj.exe
  C:\Windows\System\rLUaLoj.exe
  2⤵
  PID:12976
- C:\Windows\System\lxGzUas.exe
  C:\Windows\System\lxGzUas.exe
  2⤵
  PID:13012
- C:\Windows\System\qrAUhJz.exe
  C:\Windows\System\qrAUhJz.exe
  2⤵
  PID:13044
- C:\Windows\System\QhBDPqD.exe
  C:\Windows\System\QhBDPqD.exe
  2⤵
  PID:13060
- C:\Windows\System\YNBMcrB.exe
  C:\Windows\System\YNBMcrB.exe
  2⤵
  PID:13076
- C:\Windows\System\sDFrqYt.exe
  C:\Windows\System\sDFrqYt.exe
  2⤵
  PID:13120
- C:\Windows\System\JqvfDPS.exe
  C:\Windows\System\JqvfDPS.exe
  2⤵
  PID:13144
- C:\Windows\System\YkTFZho.exe
  C:\Windows\System\YkTFZho.exe
  2⤵
  PID:13196
- C:\Windows\System\qqhYodL.exe
  C:\Windows\System\qqhYodL.exe
  2⤵
  PID:13228
- C:\Windows\System\UwfnfSH.exe
  C:\Windows\System\UwfnfSH.exe
  2⤵
  PID:13260
- C:\Windows\System\lvtlMjK.exe
  C:\Windows\System\lvtlMjK.exe
  2⤵
  PID:13296
- C:\Windows\System\rfwAIMd.exe
  C:\Windows\System\rfwAIMd.exe
  2⤵
  PID:11432
- C:\Windows\System\pgTArgx.exe
  C:\Windows\System\pgTArgx.exe
  2⤵
  PID:12344
- C:\Windows\System\ndmAZyO.exe
  C:\Windows\System\ndmAZyO.exe
  2⤵
  PID:12436
- C:\Windows\System\UQUPRkn.exe
  C:\Windows\System\UQUPRkn.exe
  2⤵
  PID:12484
- C:\Windows\System\cMGamer.exe
  C:\Windows\System\cMGamer.exe
  2⤵
  PID:12576
- C:\Windows\System\LJOeBIB.exe
  C:\Windows\System\LJOeBIB.exe
  2⤵
  PID:12616
- C:\Windows\System\eOMAyiN.exe
  C:\Windows\System\eOMAyiN.exe
  2⤵
  PID:12680
- C:\Windows\System\xJxYJtK.exe
  C:\Windows\System\xJxYJtK.exe
  2⤵
  PID:12716
- C:\Windows\System\aPSQJcj.exe
  C:\Windows\System\aPSQJcj.exe
  2⤵
  PID:12812
- C:\Windows\System\jTEWzyR.exe
  C:\Windows\System\jTEWzyR.exe
  2⤵
  PID:12840
- C:\Windows\System\aEGuUPn.exe
  C:\Windows\System\aEGuUPn.exe
  2⤵
  PID:12876
- C:\Windows\System\puABzJX.exe
  C:\Windows\System\puABzJX.exe
  2⤵
  PID:12992
- C:\Windows\System\jruxwlQ.exe
  C:\Windows\System\jruxwlQ.exe
  2⤵
  PID:13072
- C:\Windows\System\oEimAUB.exe
  C:\Windows\System\oEimAUB.exe
  2⤵
  PID:13088
- C:\Windows\System\wwChxVR.exe
  C:\Windows\System\wwChxVR.exe
  2⤵
  PID:13092
- C:\Windows\System\WlZZvqL.exe
  C:\Windows\System\WlZZvqL.exe
  2⤵
  PID:13244
- C:\Windows\System\OGucgwf.exe
  C:\Windows\System\OGucgwf.exe
  2⤵
  PID:13288
- C:\Windows\System\doQrOHf.exe
  C:\Windows\System\doQrOHf.exe
  2⤵
  PID:12348
- C:\Windows\System\dCIMROd.exe
  C:\Windows\System\dCIMROd.exe
  2⤵
  PID:12312
- C:\Windows\System\ISfXSpZ.exe
  C:\Windows\System\ISfXSpZ.exe
  2⤵
  PID:12452
- C:\Windows\System\OtSyNXe.exe
  C:\Windows\System\OtSyNXe.exe
  2⤵
  PID:12532
- C:\Windows\System\ZkPXKDX.exe
  C:\Windows\System\ZkPXKDX.exe
  2⤵
  PID:1144
- C:\Windows\System\pPhanQC.exe
  C:\Windows\System\pPhanQC.exe
  2⤵
  PID:12740
- C:\Windows\System\XvWTIlI.exe
  C:\Windows\System\XvWTIlI.exe
  2⤵
  PID:12960
- C:\Windows\System\OjepNHJ.exe
  C:\Windows\System\OjepNHJ.exe
  2⤵
  PID:13140
- C:\Windows\System\xWHAEcU.exe
  C:\Windows\System\xWHAEcU.exe
  2⤵
  PID:13192
- C:\Windows\System\fukQcOw.exe
  C:\Windows\System\fukQcOw.exe
  2⤵
  PID:12292
- C:\Windows\System\aQQEZbI.exe
  C:\Windows\System\aQQEZbI.exe
  2⤵
  PID:12636
- C:\Windows\System\EKEloMz.exe
  C:\Windows\System\EKEloMz.exe
  2⤵
  PID:12808
- C:\Windows\System\raxaGgE.exe
  C:\Windows\System\raxaGgE.exe
  2⤵
  PID:13160
- C:\Windows\System\NxVoBPP.exe
  C:\Windows\System\NxVoBPP.exe
  2⤵
  PID:13272
- C:\Windows\System\VQRaLJP.exe
  C:\Windows\System\VQRaLJP.exe
  2⤵
  PID:12936
- C:\Windows\System\sHqdCTB.exe
  C:\Windows\System\sHqdCTB.exe
  2⤵
  PID:13276
- C:\Windows\System\yWioDUd.exe
  C:\Windows\System\yWioDUd.exe
  2⤵
  PID:12564
- C:\Windows\System\yEVpXPb.exe
  C:\Windows\System\yEVpXPb.exe
  2⤵
  PID:12380
- C:\Windows\System\UrakMqx.exe
  C:\Windows\System\UrakMqx.exe
  2⤵
  PID:13104
- C:\Windows\System\ovxceEp.exe
  C:\Windows\System\ovxceEp.exe
  2⤵
  PID:13344
- C:\Windows\System\lsetCCd.exe
  C:\Windows\System\lsetCCd.exe
  2⤵
  PID:13384
- C:\Windows\System\PGktjOq.exe
  C:\Windows\System\PGktjOq.exe
  2⤵
  PID:13416
- C:\Windows\System\tAhGAnQ.exe
  C:\Windows\System\tAhGAnQ.exe
  2⤵
  PID:13448
- C:\Windows\System\vnUftUX.exe
  C:\Windows\System\vnUftUX.exe
  2⤵
  PID:13480
- C:\Windows\System\dUKIpkn.exe
  C:\Windows\System\dUKIpkn.exe
  2⤵
  PID:13512
- C:\Windows\System\pgwXfHM.exe
  C:\Windows\System\pgwXfHM.exe
  2⤵
  PID:13528
- C:\Windows\System\kMvJEJh.exe
  C:\Windows\System\kMvJEJh.exe
  2⤵
  PID:13544
- C:\Windows\System\conZuDa.exe
  C:\Windows\System\conZuDa.exe
  2⤵
  PID:13560
- C:\Windows\System\sDlXaWA.exe
  C:\Windows\System\sDlXaWA.exe
  2⤵
  PID:13584
- C:\Windows\System\HbfDPQO.exe
  C:\Windows\System\HbfDPQO.exe
  2⤵
  PID:13620
- C:\Windows\System\ngwFgil.exe
  C:\Windows\System\ngwFgil.exe
  2⤵
  PID:13664
- C:\Windows\System\RirFevp.exe
  C:\Windows\System\RirFevp.exe
  2⤵
  PID:13708
- C:\Windows\System\YcqLFiu.exe
  C:\Windows\System\YcqLFiu.exe
  2⤵
  PID:13748
- C:\Windows\System\sjdCVeH.exe
  C:\Windows\System\sjdCVeH.exe
  2⤵
  PID:13772
- C:\Windows\System\wSTRTkk.exe
  C:\Windows\System\wSTRTkk.exe
  2⤵
  PID:13820
- C:\Windows\System\CXUFOoW.exe
  C:\Windows\System\CXUFOoW.exe
  2⤵
  PID:13852
- C:\Windows\System\UPwaSlw.exe
  C:\Windows\System\UPwaSlw.exe
  2⤵
  PID:13900
- C:\Windows\System\GdVspKa.exe
  C:\Windows\System\GdVspKa.exe
  2⤵
  PID:13916
- C:\Windows\System\JDGsCxN.exe
  C:\Windows\System\JDGsCxN.exe
  2⤵
  PID:13956
- C:\Windows\System\OzYrxvY.exe
  C:\Windows\System\OzYrxvY.exe
  2⤵
  PID:13980
- C:\Windows\System\GRdBGrU.exe
  C:\Windows\System\GRdBGrU.exe
  2⤵
  PID:14004
- C:\Windows\System\jnPOIcu.exe
  C:\Windows\System\jnPOIcu.exe
  2⤵
  PID:14028
- C:\Windows\System\ikzfkDO.exe
  C:\Windows\System\ikzfkDO.exe
  2⤵
  PID:14044
- C:\Windows\System\wjyKTqN.exe
  C:\Windows\System\wjyKTqN.exe
  2⤵
  PID:14072
- C:\Windows\System\ImFKZTe.exe
  C:\Windows\System\ImFKZTe.exe
  2⤵
  PID:14116
- C:\Windows\System\tJELtXJ.exe
  C:\Windows\System\tJELtXJ.exe
  2⤵
  PID:14156
- C:\Windows\System\qMGUBzu.exe
  C:\Windows\System\qMGUBzu.exe
  2⤵
  PID:14176
- C:\Windows\System\WUPclVy.exe
  C:\Windows\System\WUPclVy.exe
  2⤵
  PID:14196
- C:\Windows\System\kJxFbuN.exe
  C:\Windows\System\kJxFbuN.exe
  2⤵
  PID:14216
- C:\Windows\System\AkrOXNG.exe
  C:\Windows\System\AkrOXNG.exe
  2⤵
  PID:14232
- C:\Windows\System\RHKRnFr.exe
  C:\Windows\System\RHKRnFr.exe
  2⤵
  PID:14264
- C:\Windows\System\FBeRiKj.exe
  C:\Windows\System\FBeRiKj.exe
  2⤵
  PID:14284
- C:\Windows\System\zAKoakH.exe
  C:\Windows\System\zAKoakH.exe
  2⤵
  PID:14312
- C:\Windows\System\WxfTIJI.exe
  C:\Windows\System\WxfTIJI.exe
  2⤵
  PID:13380
- C:\Windows\System\cEsRprk.exe
  C:\Windows\System\cEsRprk.exe
  2⤵
  PID:13476
- C:\Windows\System\qfixDUZ.exe
  C:\Windows\System\qfixDUZ.exe
  2⤵
  PID:13536
- C:\Windows\System\VVCgghU.exe
  C:\Windows\System\VVCgghU.exe
  2⤵
  PID:13608
- C:\Windows\System\gpwHkIa.exe
  C:\Windows\System\gpwHkIa.exe
  2⤵
  PID:13700
- C:\Windows\System\jtChDeO.exe
  C:\Windows\System\jtChDeO.exe
  2⤵
  PID:13788
- C:\Windows\System\sNjIuah.exe
  C:\Windows\System\sNjIuah.exe
  2⤵
  PID:1092
- C:\Windows\System\qkabAJr.exe
  C:\Windows\System\qkabAJr.exe
  2⤵
  PID:13944
- C:\Windows\System\DPmVkwA.exe
  C:\Windows\System\DPmVkwA.exe
  2⤵
  PID:13996
- C:\Windows\System\ToKtucx.exe
  C:\Windows\System\ToKtucx.exe
  2⤵
  PID:14108
- C:\Windows\System\RWIWunh.exe
  C:\Windows\System\RWIWunh.exe
  2⤵
  PID:14192
- C:\Windows\System\iNDnilD.exe
  C:\Windows\System\iNDnilD.exe
  2⤵
  PID:14204
- C:\Windows\System\NIkGNRW.exe
  C:\Windows\System\NIkGNRW.exe
  2⤵
  PID:14280
- C:\Windows\System\YVykmGE.exe
  C:\Windows\System\YVykmGE.exe
  2⤵
  PID:13400
- C:\Windows\System\prhkank.exe
  C:\Windows\System\prhkank.exe
  2⤵
  PID:14324
- C:\Windows\System\ZYMWmhJ.exe
  C:\Windows\System\ZYMWmhJ.exe
  2⤵
  PID:13736
- C:\Windows\System\CjNhxYE.exe
  C:\Windows\System\CjNhxYE.exe
  2⤵
  PID:13844
- C:\Windows\System\xvnctAP.exe
  C:\Windows\System\xvnctAP.exe
  2⤵
  PID:13912
- C:\Windows\System\SLnJpHe.exe
  C:\Windows\System\SLnJpHe.exe
  2⤵
  PID:14304
- C:\Windows\System\uZXyGUT.exe
  C:\Windows\System\uZXyGUT.exe
  2⤵
  PID:13520
- C:\Windows\System\buUPgMU.exe
  C:\Windows\System\buUPgMU.exe
  2⤵
  PID:13524
- C:\Windows\System\fSRiHQp.exe
  C:\Windows\System\fSRiHQp.exe
  2⤵
  PID:13432
- C:\Windows\System\JWFFIrq.exe
  C:\Windows\System\JWFFIrq.exe
  2⤵
  PID:13680
- C:\Windows\System\vkEIWhj.exe
  C:\Windows\System\vkEIWhj.exe
  2⤵
  PID:11492
- C:\Windows\System\YUBQKGt.exe
  C:\Windows\System\YUBQKGt.exe
  2⤵
  PID:13872
- C:\Windows\System\suXNOTd.exe
  C:\Windows\System\suXNOTd.exe
  2⤵
  PID:11408
- C:\Windows\System\DzxPQcv.exe
  C:\Windows\System\DzxPQcv.exe
  2⤵
  PID:14184
- C:\Windows\System\KjJYlPP.exe
  C:\Windows\System\KjJYlPP.exe
  2⤵
  PID:13952
- C:\Windows\System\iFOkGmb.exe
  C:\Windows\System\iFOkGmb.exe
  2⤵
  PID:13336
- C:\Windows\System\fITCNiB.exe
  C:\Windows\System\fITCNiB.exe
  2⤵
  PID:14360
- C:\Windows\System\ffhZCwG.exe
  C:\Windows\System\ffhZCwG.exe
  2⤵
  PID:14400
- C:\Windows\System\dHGmcPh.exe
  C:\Windows\System\dHGmcPh.exe
  2⤵
  PID:14428
- C:\Windows\System\nZLPiaD.exe
  C:\Windows\System\nZLPiaD.exe
  2⤵
  PID:14500
- C:\Windows\System\vZvxcRu.exe
  C:\Windows\System\vZvxcRu.exe
  2⤵
  PID:14532
- C:\Windows\System\QpwkvGR.exe
  C:\Windows\System\QpwkvGR.exe
  2⤵
  PID:14552
- C:\Windows\System\fNbfGft.exe
  C:\Windows\System\fNbfGft.exe
  2⤵
  PID:14584
- C:\Windows\System\UqHmquq.exe
  C:\Windows\System\UqHmquq.exe
  2⤵
  PID:14628
- C:\Windows\System\yvCnlIq.exe
  C:\Windows\System\yvCnlIq.exe
  2⤵
  PID:14664
- C:\Windows\System\vPBwyeZ.exe
  C:\Windows\System\vPBwyeZ.exe
  2⤵
  PID:14696
- C:\Windows\System\sBsMVyO.exe
  C:\Windows\System\sBsMVyO.exe
  2⤵
  PID:14748
- C:\Windows\System\PctQMSF.exe
  C:\Windows\System\PctQMSF.exe
  2⤵
  PID:14772
- C:\Windows\System\FnWhNia.exe
  C:\Windows\System\FnWhNia.exe
  2⤵
  PID:14812
- C:\Windows\System\YJJWJQZ.exe
  C:\Windows\System\YJJWJQZ.exe
  2⤵
  PID:14828
- C:\Windows\System\ehjyDBd.exe
  C:\Windows\System\ehjyDBd.exe
  2⤵
  PID:14876
- C:\Windows\System\nRxxsJl.exe
  C:\Windows\System\nRxxsJl.exe
  2⤵
  PID:14900
- C:\Windows\System\rHQCWkn.exe
  C:\Windows\System\rHQCWkn.exe
  2⤵
  PID:14924
- C:\Windows\System\IYWNLJJ.exe
  C:\Windows\System\IYWNLJJ.exe
  2⤵
  PID:14940
- C:\Windows\System\haKbzUn.exe
  C:\Windows\System\haKbzUn.exe
  2⤵
  PID:14972
- C:\Windows\System\TBByQrK.exe
  C:\Windows\System\TBByQrK.exe
  2⤵
  PID:15008
- C:\Windows\System\iFPGzDc.exe
  C:\Windows\System\iFPGzDc.exe
  2⤵
  PID:15056
- C:\Windows\System\PdDzNpc.exe
  C:\Windows\System\PdDzNpc.exe
  2⤵
  PID:15100
- C:\Windows\System\qOgQEvR.exe
  C:\Windows\System\qOgQEvR.exe
  2⤵
  PID:15120
- C:\Windows\System\vINQvvZ.exe
  C:\Windows\System\vINQvvZ.exe
  2⤵
  PID:15156
- C:\Windows\System\zuxfOkc.exe
  C:\Windows\System\zuxfOkc.exe
  2⤵
  PID:15196
- C:\Windows\System\aPIiYvX.exe
  C:\Windows\System\aPIiYvX.exe
  2⤵
  PID:15220
- C:\Windows\System\qtutdiZ.exe
  C:\Windows\System\qtutdiZ.exe
  2⤵
  PID:15260
- C:\Windows\System\BmCbJNL.exe
  C:\Windows\System\BmCbJNL.exe
  2⤵
  PID:15284
- C:\Windows\System\OWCbWic.exe
  C:\Windows\System\OWCbWic.exe
  2⤵
  PID:15312
- C:\Windows\System\akWgAmt.exe
  C:\Windows\System\akWgAmt.exe
  2⤵
  PID:15356
- C:\Windows\System\dndJvrN.exe
  C:\Windows\System\dndJvrN.exe
  2⤵
  PID:14172
- C:\Windows\System\oMgfWcO.exe
  C:\Windows\System\oMgfWcO.exe
  2⤵
  PID:12944
- C:\Windows\System\CSWQrMf.exe
  C:\Windows\System\CSWQrMf.exe
  2⤵
  PID:14444
- C:\Windows\System\HsxTmFB.exe
  C:\Windows\System\HsxTmFB.exe
  2⤵
  PID:14484
- C:\Windows\System\eurLgit.exe
  C:\Windows\System\eurLgit.exe
  2⤵
  PID:14524
- C:\Windows\System\uIOjlyS.exe
  C:\Windows\System\uIOjlyS.exe
  2⤵
  PID:14616
- C:\Windows\System\yAOFVJa.exe
  C:\Windows\System\yAOFVJa.exe
  2⤵
  PID:3936
- C:\Windows\System\pCwuEtq.exe
  C:\Windows\System\pCwuEtq.exe
  2⤵
  PID:14712
- C:\Windows\System\KcKpREn.exe
  C:\Windows\System\KcKpREn.exe
  2⤵
  PID:14768
- C:\Windows\System\sPBxkZz.exe
  C:\Windows\System\sPBxkZz.exe
  2⤵
  PID:14844
- C:\Windows\System\tERtJZp.exe
  C:\Windows\System\tERtJZp.exe
  2⤵
  PID:14932
- C:\Windows\System\AtfnsXv.exe
  C:\Windows\System\AtfnsXv.exe
  2⤵
  PID:14964
- C:\Windows\System\MzjNWBA.exe
  C:\Windows\System\MzjNWBA.exe
  2⤵
  PID:14996
- C:\Windows\System\RqOzghi.exe
  C:\Windows\System\RqOzghi.exe
  2⤵
  PID:15064
- C:\Windows\System\aYxsUVx.exe
  C:\Windows\System\aYxsUVx.exe
  2⤵
  PID:15152
- C:\Windows\System\vlaoqcr.exe
  C:\Windows\System\vlaoqcr.exe
  2⤵
  PID:2732
- C:\Windows\System\ouitmpM.exe
  C:\Windows\System\ouitmpM.exe
  2⤵
  PID:15268
- C:\Windows\System\DpAGsFg.exe
  C:\Windows\System\DpAGsFg.exe
  2⤵
  PID:15336
- C:\Windows\System\VHqGktD.exe
  C:\Windows\System\VHqGktD.exe
  2⤵
  PID:12640
- C:\Windows\System\eKfiyUj.exe
  C:\Windows\System\eKfiyUj.exe
  2⤵
  PID:14424
- C:\Windows\System\qjidEVi.exe
  C:\Windows\System\qjidEVi.exe
  2⤵
  PID:14520
- C:\Windows\System\rnmddfD.exe
  C:\Windows\System\rnmddfD.exe
  2⤵
  PID:14596
- C:\Windows\System\ZcMzaOz.exe
  C:\Windows\System\ZcMzaOz.exe
  2⤵
  PID:14728
- C:\Windows\System\KrhNYha.exe
  C:\Windows\System\KrhNYha.exe
  2⤵
  PID:14884
- C:\Windows\System\BJGzsTo.exe
  C:\Windows\System\BJGzsTo.exe
  2⤵
  PID:14984
- C:\Windows\System\wQjQklp.exe
  C:\Windows\System\wQjQklp.exe
  2⤵
  PID:15112
- C:\Windows\System\tcHNHvJ.exe
  C:\Windows\System\tcHNHvJ.exe
  2⤵
  PID:15240
- C:\Windows\System\UTZUgOD.exe
  C:\Windows\System\UTZUgOD.exe
  2⤵
  PID:13696
- C:\Windows\System\ftXvlqE.exe
  C:\Windows\System\ftXvlqE.exe
  2⤵
  PID:14568
- C:\Windows\System\GCictzn.exe
  C:\Windows\System\GCictzn.exe
  2⤵
  PID:14680
- C:\Windows\System\YlBapoR.exe
  C:\Windows\System\YlBapoR.exe
  2⤵
  PID:14892
- C:\Windows\System\yHxSofg.exe
  C:\Windows\System\yHxSofg.exe
  2⤵
  PID:15136
- C:\Windows\System\wybvcaP.exe
  C:\Windows\System\wybvcaP.exe
  2⤵
  PID:872
- C:\Windows\System\pQmywEY.exe
  C:\Windows\System\pQmywEY.exe
  2⤵
  PID:14724
- C:\Windows\System\egpFYXo.exe
  C:\Windows\System\egpFYXo.exe
  2⤵
  PID:15132
- C:\Windows\System\lxPnhDE.exe
  C:\Windows\System\lxPnhDE.exe
  2⤵
  PID:15300
- C:\Windows\System\IRgzzOM.exe
  C:\Windows\System\IRgzzOM.exe
  2⤵
  PID:15376
- C:\Windows\System\yYfJgkT.exe
  C:\Windows\System\yYfJgkT.exe
  2⤵
  PID:15408
- C:\Windows\System\INkWsaB.exe
  C:\Windows\System\INkWsaB.exe
  2⤵
  PID:15440
- C:\Windows\System\CTkeCuq.exe
  C:\Windows\System\CTkeCuq.exe
  2⤵
  PID:15472
- C:\Windows\System\mjbqvZS.exe
  C:\Windows\System\mjbqvZS.exe
  2⤵
  PID:15520
- C:\Windows\System\uNWQktx.exe
  C:\Windows\System\uNWQktx.exe
  2⤵
  PID:15540
- C:\Windows\System\syRGkby.exe
  C:\Windows\System\syRGkby.exe
  2⤵
  PID:15572
- C:\Windows\System\PQTduoS.exe
  C:\Windows\System\PQTduoS.exe
  2⤵
  PID:15604
- C:\Windows\System\oivWmdu.exe
  C:\Windows\System\oivWmdu.exe
  2⤵
  PID:15636
- C:\Windows\System\QdMmgOf.exe
  C:\Windows\System\QdMmgOf.exe
  2⤵
  PID:15668
- C:\Windows\System\JIDzNVQ.exe
  C:\Windows\System\JIDzNVQ.exe
  2⤵
  PID:15712
- C:\Windows\System\uAgzLen.exe
  C:\Windows\System\uAgzLen.exe
  2⤵
  PID:15736
- C:\Windows\System\OYbUCbI.exe
  C:\Windows\System\OYbUCbI.exe
  2⤵
  PID:15768
- C:\Windows\System\cIseIgw.exe
  C:\Windows\System\cIseIgw.exe
  2⤵
  PID:15800
- C:\Windows\System\mjrIftR.exe
  C:\Windows\System\mjrIftR.exe
  2⤵
  PID:15832
- C:\Windows\System\IGjvIJY.exe
  C:\Windows\System\IGjvIJY.exe
  2⤵
  PID:15864
- C:\Windows\System\KdcYakm.exe
  C:\Windows\System\KdcYakm.exe
  2⤵
  PID:15896
- C:\Windows\System\rtbwNSG.exe
  C:\Windows\System\rtbwNSG.exe
  2⤵
  PID:15928
- C:\Windows\System\hdPDsKd.exe
  C:\Windows\System\hdPDsKd.exe
  2⤵
  PID:15960
- C:\Windows\System\dykcfaA.exe
  C:\Windows\System\dykcfaA.exe
  2⤵
  PID:15992
- C:\Windows\System\sBPyKyO.exe
  C:\Windows\System\sBPyKyO.exe
  2⤵
  PID:16032
- C:\Windows\System\aDZllyQ.exe
  C:\Windows\System\aDZllyQ.exe
  2⤵
  PID:16056
- C:\Windows\System\UsEAPTO.exe
  C:\Windows\System\UsEAPTO.exe
  2⤵
  PID:16088
- C:\Windows\System\miKECMG.exe
  C:\Windows\System\miKECMG.exe
  2⤵
  PID:16120
- C:\Windows\System\wAYsHGC.exe
  C:\Windows\System\wAYsHGC.exe
  2⤵
  PID:16152
- C:\Windows\System\yyZITBI.exe
  C:\Windows\System\yyZITBI.exe
  2⤵
  PID:16184
- C:\Windows\System\YCMnSlO.exe
  C:\Windows\System\YCMnSlO.exe
  2⤵
  PID:16216
- C:\Windows\System\NkSRFaQ.exe
  C:\Windows\System\NkSRFaQ.exe
  2⤵
  PID:16248
- C:\Windows\System\cnRPDfH.exe
  C:\Windows\System\cnRPDfH.exe
  2⤵
  PID:16280
- C:\Windows\System\tpkSNyo.exe
  C:\Windows\System\tpkSNyo.exe
  2⤵
  PID:16312
- C:\Windows\System\PcyHwsa.exe
  C:\Windows\System\PcyHwsa.exe
  2⤵
  PID:16344
- C:\Windows\System\YFPHBRE.exe
  C:\Windows\System\YFPHBRE.exe
  2⤵
  PID:16376
- C:\Windows\System\CUJnVeC.exe
  C:\Windows\System\CUJnVeC.exe
  2⤵
  PID:4936
- C:\Windows\System\RjjYYcg.exe
  C:\Windows\System\RjjYYcg.exe
  2⤵
  PID:15460
- C:\Windows\System\NjLfNOq.exe
  C:\Windows\System\NjLfNOq.exe
  2⤵
  PID:15500
- C:\Windows\System\luPkmPv.exe
  C:\Windows\System\luPkmPv.exe
  2⤵
  PID:15568
- C:\Windows\System\MWJJqyA.exe
  C:\Windows\System\MWJJqyA.exe
  2⤵
  PID:15632
- C:\Windows\System\mPCvhGR.exe
  C:\Windows\System\mPCvhGR.exe
  2⤵
  PID:15696
- C:\Windows\System\jThilya.exe
  C:\Windows\System\jThilya.exe
  2⤵
  PID:15764
- C:\Windows\System\trOzajy.exe
  C:\Windows\System\trOzajy.exe
  2⤵
  PID:15828
- C:\Windows\System\ueFsGWQ.exe
  C:\Windows\System\ueFsGWQ.exe
  2⤵
  PID:15880
- C:\Windows\System\gQMxLXo.exe
  C:\Windows\System\gQMxLXo.exe
  2⤵
  PID:15920
- C:\Windows\System\bBkpXSt.exe
  C:\Windows\System\bBkpXSt.exe
  2⤵
  PID:16012
- C:\Windows\System\GIaYlLb.exe
  C:\Windows\System\GIaYlLb.exe
  2⤵
  PID:16068
- C:\Windows\System\RWHyKqW.exe
  C:\Windows\System\RWHyKqW.exe
  2⤵
  PID:3880
- C:\Windows\System\bHehMMf.exe
  C:\Windows\System\bHehMMf.exe
  2⤵
  PID:16168
- C:\Windows\System\XCHxcmp.exe
  C:\Windows\System\XCHxcmp.exe
  2⤵
  PID:15480
- C:\Windows\System\tsIFDsn.exe
  C:\Windows\System\tsIFDsn.exe
  2⤵
  PID:16260
- C:\Windows\System\bSxlkOT.exe
  C:\Windows\System\bSxlkOT.exe
  2⤵
  PID:16328
- C:\Windows\System\sfcqXWQ.exe
  C:\Windows\System\sfcqXWQ.exe
  2⤵
  PID:3128
- C:\Windows\System\DSIBztk.exe
  C:\Windows\System\DSIBztk.exe
  2⤵
  PID:15404
- C:\Windows\System\xGgeeIp.exe
  C:\Windows\System\xGgeeIp.exe
  2⤵
  PID:15508
- C:\Windows\System\GvMGSTO.exe
  C:\Windows\System\GvMGSTO.exe
  2⤵
  PID:15596
- C:\Windows\System\gjhEFyb.exe
  C:\Windows\System\gjhEFyb.exe
  2⤵
  PID:15728
- C:\Windows\System\WmTkgLE.exe
  C:\Windows\System\WmTkgLE.exe
  2⤵
  PID:15860
- C:\Windows\System\ZPAmAgE.exe
  C:\Windows\System\ZPAmAgE.exe
  2⤵
  PID:4020
- C:\Windows\System\jyQHqGK.exe
  C:\Windows\System\jyQHqGK.exe
  2⤵
  PID:2224
- C:\Windows\System\NxMJnaz.exe
  C:\Windows\System\NxMJnaz.exe
  2⤵
  PID:372
- C:\Windows\System\DKVCjBu.exe
  C:\Windows\System\DKVCjBu.exe
  2⤵
  PID:16180
- C:\Windows\System\CriWavM.exe
  C:\Windows\System\CriWavM.exe
  2⤵
  PID:4600
- C:\Windows\System\IDkxmAz.exe
  C:\Windows\System\IDkxmAz.exe
  2⤵
  PID:16304
- C:\Windows\System\ZAlTXGD.exe
  C:\Windows\System\ZAlTXGD.exe
  2⤵
  PID:2740
- C:\Windows\System\FQFJkmH.exe
  C:\Windows\System\FQFJkmH.exe
  2⤵
  PID:15392
- C:\Windows\System\YVdNRiA.exe
  C:\Windows\System\YVdNRiA.exe
  2⤵
  PID:15464
- C:\Windows\System\sSKVhii.exe
  C:\Windows\System\sSKVhii.exe
  2⤵
  PID:3092
- C:\Windows\System\LDVAQTa.exe
  C:\Windows\System\LDVAQTa.exe
  2⤵
  PID:15816
- C:\Windows\System\HyJeMLN.exe
  C:\Windows\System\HyJeMLN.exe
  2⤵
  PID:15984
- C:\Windows\System\AANYgEN.exe
  C:\Windows\System\AANYgEN.exe
  2⤵
  PID:624
- C:\Windows\System\ksZuMbf.exe
  C:\Windows\System\ksZuMbf.exe
  2⤵
  PID:5112
- C:\Windows\System\ZuEBHMF.exe
  C:\Windows\System\ZuEBHMF.exe
  2⤵
  PID:15492
- C:\Windows\System\eICGpdl.exe
  C:\Windows\System\eICGpdl.exe
  2⤵
  PID:888
- C:\Windows\System\mLoZyPg.exe
  C:\Windows\System\mLoZyPg.exe
  2⤵
  PID:1760
- C:\Windows\System\ADwxBZK.exe
  C:\Windows\System\ADwxBZK.exe
  2⤵
  PID:15564
- C:\Windows\System\FBsguTE.exe
  C:\Windows\System\FBsguTE.exe
  2⤵
  PID:2892
- C:\Windows\System\wnrUegs.exe
  C:\Windows\System\wnrUegs.exe
  2⤵
  PID:784
- C:\Windows\System\xTQMypF.exe
  C:\Windows\System\xTQMypF.exe
  2⤵
  PID:1000
- C:\Windows\System\DgqUIml.exe
  C:\Windows\System\DgqUIml.exe
  2⤵
  PID:4408
- C:\Windows\System\zhqLMbf.exe
  C:\Windows\System\zhqLMbf.exe
  2⤵
  PID:4804
- C:\Windows\System\qvefrZy.exe
  C:\Windows\System\qvefrZy.exe
  2⤵
  PID:2688
- C:\Windows\System\meEEJJZ.exe
  C:\Windows\System\meEEJJZ.exe
  2⤵
  PID:428
- C:\Windows\System\zsEHHCU.exe
  C:\Windows\System\zsEHHCU.exe
  2⤵
  PID:3408
- C:\Windows\System\dcJvkrV.exe
  C:\Windows\System\dcJvkrV.exe
  2⤵
  PID:3928
- C:\Windows\System\zHeWVoT.exe
  C:\Windows\System\zHeWVoT.exe
  2⤵
  PID:3636
- C:\Windows\System\jXNRDwG.exe
  C:\Windows\System\jXNRDwG.exe
  2⤵
  PID:3860
- C:\Windows\System\wigOMRA.exe
  C:\Windows\System\wigOMRA.exe
  2⤵
  PID:16360
- C:\Windows\System\CLRAMNp.exe
  C:\Windows\System\CLRAMNp.exe
  2⤵
  PID:1284
- C:\Windows\System\qZQGSAz.exe
  C:\Windows\System\qZQGSAz.exe
  2⤵
  PID:3808
- C:\Windows\System\oqCBNYS.exe
  C:\Windows\System\oqCBNYS.exe
  2⤵
  PID:4296
- C:\Windows\System\STTMatz.exe
  C:\Windows\System\STTMatz.exe
  2⤵
  PID:1868
- C:\Windows\System\nuZpYfQ.exe
  C:\Windows\System\nuZpYfQ.exe
  2⤵
  PID:16392
- C:\Windows\System\kQaPLUO.exe
  C:\Windows\System\kQaPLUO.exe
  2⤵
  PID:16416
- C:\Windows\System\xsczoaB.exe
  C:\Windows\System\xsczoaB.exe
  2⤵
  PID:16456
- C:\Windows\System\tBYgkni.exe
  C:\Windows\System\tBYgkni.exe
  2⤵
  PID:16488
- C:\Windows\System\dcfcQEb.exe
  C:\Windows\System\dcfcQEb.exe
  2⤵
  PID:16520
- C:\Windows\System\BWcPkeY.exe
  C:\Windows\System\BWcPkeY.exe
  2⤵
  PID:16552
- C:\Windows\System\yRYDgvt.exe
  C:\Windows\System\yRYDgvt.exe
  2⤵
  PID:16592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AlsGlld.exe

Filesize
5.7MB

MD5
66d53607ea545036bbee970ce6dfdcb6

SHA1
f0233ad293f2ebd361e19ef401fbc2b26ee75a7c

SHA256
66267e5ad38bccccf4314a074166177de7e763974add7a5b713aa41af816ed29

SHA512
fb528baf7d0bee39c723256bbef97c35d4cefd3cac7e3ec1cce4d35b15476fc2875ce22e6aadea35fe6ee60d70ebd45efa15ff16d23147d515ded32acb9da5f7

Download Submit
C:\Windows\System\Azoxqqh.exe

Filesize
5.7MB

MD5
e74f2bf285fc015423af8005bae39341

SHA1
8263599ea7110db3f23bd92e99e3391abb765da2

SHA256
dad84756e8eb50a1c9a755a098b1216988547b646454ddfeaa6978870c878c22

SHA512
281037820cb92e64533faf4bf6405bf71421c92244652a93932329848f5fb220f31d7cb4e83ab9af7ab74cee864c60d450549da1cbb4da2f54adca40fec78bc2

Download Submit
C:\Windows\System\CiDOMEq.exe

Filesize
5.7MB

MD5
ff3714ec0ca4408a5d884a8691b22bdc

SHA1
da866959667421685d3de4e03ca480d782253473

SHA256
becf9cf977d9b861d5cf43c112e89d9cea26cfb6faf6d25154a5456f3eecf1dd

SHA512
7e36d9c411718abd7f5a1629195d43239e58d5c7e808efdaca87e57ea0333478a5008a13db066520b06c82248399dbb4968725548c52298ff528ae56e76ea045

Download Submit
C:\Windows\System\CnbKMHv.exe

Filesize
5.7MB

MD5
59314ec4dab7b2bbb118384f7292a216

SHA1
986e9510864503c64a28185d55c2fa576e2097be

SHA256
048ea0f41ad7450b15cafdf1b6cbf42bb08f90df4f4ce57872496914ac0c0ae5

SHA512
45d98a2f78d797335477388dd12d0c515a10a2c26b7bc5973382f11ac6e35a348c0caf7457736e85823abb69bbff131f9664dac298c5519a780d43b3782c15f5

Download Submit
C:\Windows\System\DkpinKr.exe

Filesize
5.7MB

MD5
5a627cc6904ff083e4b3b1d8ca58289c

SHA1
e586c493fbc52c5ad2dc6b6216ba3f82cf201653

SHA256
4240b2cafa8846275e2160e0cb141dd5d3ac0b05e57bac0719f96dfbbca2543b

SHA512
3f9ba6e66616430f27f289317c6762ace36767417d1b7c85252198aab8dad81a2718fb74ea736fd35eb1c5bed7230c7a9a156e92f6eccadc64b7bb196a8a894b

Download Submit
C:\Windows\System\EFaYpSQ.exe

Filesize
5.7MB

MD5
6a03255226aee09a9f835d41b04b5912

SHA1
1481cbf765c09101d1ba44acf6624fedaa0aaec8

SHA256
db777f865c66b857e1540ddea68cb598b3ae1c55d94993ca042fd0072ff740ab

SHA512
6372cd88c16c6a6c0a19a1ff94c86f507064238f206d79473b468c2128c45bf66028820462cc1c6fc5fd39eefb197af3e7471ec44941b7ae94b39a649311a55a

Download Submit
C:\Windows\System\GdhnGJy.exe

Filesize
5.7MB

MD5
585cac73a5dee7fb235f2fb1a943344e

SHA1
76f1315823d40103ae36abd40c73466bdbe8d1d3

SHA256
d94b8cfe35a324e1fbdb5c49ad23c7d68711c01e1876ab2275c2486426332947

SHA512
2ae6040b7351bf15b4688463e1adda534047f05f4faa37f3d93f1b2728b389db6af65b88c1becda039b3bfb0329b27fb225d00d8f14c2f5f71cdec0960edf7a0

Download Submit
C:\Windows\System\HHALyrX.exe

Filesize
5.7MB

MD5
d8efbaf724e06275bff6d27bdfd69e12

SHA1
5f35b30eca1df1190c5e541e1ff52009701f74e6

SHA256
2f621cbb036f882a2bcdb856b5e6c6eac521dede31c3718df00d5377ec82a62d

SHA512
12c93c36b1f80b70d2b88b82c28b0aa3a9a3a0920b2b60ae9b2a24b524a37fd7ffa17c2b12219d108971b826d64b52f33538c18d9d3a772113944b934baade2d

Download Submit
C:\Windows\System\IsYVLZA.exe

Filesize
5.7MB

MD5
3f9cabe5cdfe7b1698b1a2cc51621f9e

SHA1
4a14b20f7c7500d9238c8284cf26289d13a37118

SHA256
e2b9f502c3d8559fcd0870bd422615d34276c1e9fd39e1c33b857082c5197c0d

SHA512
6c1992aef30f17432f159c0e21939cf2af8ae76c6e3e3f589b078691cc1a09be663c80fe2e955f968104043cc29578f3a41bb14b4b808320b3e334d1212869c1

Download Submit
C:\Windows\System\KpsPvhb.exe

Filesize
5.7MB

MD5
9cd1635f805f92d6350255804a571a65

SHA1
6d03954d69de3bef73b62c741cf212ff331524cb

SHA256
7f4c37e260dd8da0e1adbbd6a3d0ae26f3e07474630f572b7263a0c6037c5bc9

SHA512
a37623c789a5dee5490b167754957f9015e43a76413fe6b3c6d4bcc685adbac4a69018d3c90c4e1a5fb04e32e554cac5fcc83c8d33d44d960751ba0ee16f7be7

Download Submit
C:\Windows\System\OkguaeL.exe

Filesize
5.7MB

MD5
d49733a4751004572bd79ade5399e5f3

SHA1
e6852d4dc36db6115b3c49455f8bc3ed7a286ef2

SHA256
341e06b26cfc5e26255bfcee9cecce2267c3dd453590263b8b9d6ed8b8752981

SHA512
0782f44df65965151eead807b4a14971c6aa5acfdf002be33b85eaddf4005a9c26c63d9941ecedb4c4ff573d43192fb896f096ded88fbaa4bd085d905211ea20

Download Submit
C:\Windows\System\UMQJeel.exe

Filesize
5.7MB

MD5
2eb6eb3cdb9e49f6f270fa6581551a99

SHA1
267153d65af9f0e6dd7b153c8ae78ef1f7adad00

SHA256
129d72a61d2614229430eda2e6672c6bb6127cd8248ade4bd13bb67f8c3bc418

SHA512
b1359c1f70067f07a68c493a569c3c5c466162fbc4cf8df8fd3db241de3fa28ddb804a80b8cc59cdd36506bbefad3f46acdf1c7c421addb205a772c9f726cf55

Download Submit
C:\Windows\System\YRXDlUb.exe

Filesize
5.7MB

MD5
219613192a6062b5b3d8a68da60b33d7

SHA1
5a3b6e7b056871d4435f359a85a81daaf2087985

SHA256
6248a989538f705a4a542bf026cb63e0d629af97686bbe5bd5f7d620852410dd

SHA512
9182eb64161aa96fd317dcc0ffbeda59ff7a720954ffdefd97414849183991c33afadfebde49e6f9dfa4ce57b8f8d455e253f26a249c4a86e0a41df3ff57b728

Download Submit
C:\Windows\System\YZhlOIA.exe

Filesize
5.7MB

MD5
039b85db264ef7932e6f624e6750fbb7

SHA1
07f864a159c44913703b23c4a9dd98f93e86b6bf

SHA256
dc6d45aea58176ab379bafadf2478b6255a719c48f93ab7955860808cecf6a91

SHA512
e7b60cce450a977e49a72fa6391d473faa096a0e23df865d222336182fd90efa651cf4bdb70a110b76f1db8d6b6e851fe0b3fd0c85776190d0f515027d9e60e7

Download Submit
C:\Windows\System\ZSWoXKL.exe

Filesize
5.7MB

MD5
76387cf0ce459cde72f30d5b63e0ebd6

SHA1
ec5f0679cc2a49864081dd3d44df46d71b410d8b

SHA256
c4cb7a737f587535a874bebfaaafb564349e2857bac3063984b3b4f12311f68b

SHA512
d750aaa60eccee4a69d5ee95e8cfdf666c761d22b119c3fc0d651bd1631211029d0bb6369df84f365ead1b5c1913ea69abf50a5fe12bce728636a0210c24de31

Download Submit
C:\Windows\System\ZjdJBhX.exe

Filesize
5.7MB

MD5
9dae5371604391bd0c354821e3f0084a

SHA1
52b42a5a78e2484fce95b3c9c484329b6451c2e6

SHA256
419835dd852b7f8f7aa98abc1a08087cec130b4cd93d8267ed112e840ef06f1a

SHA512
1e89e0cba623602936367e2de1c20ae00a48f7c32027cde1cf3c2b24130f50c1bed81595642a9e9f8b4c314fcf2f41ccc96b29b8dbdb3acd8d7c17781d4cdc18

Download Submit
C:\Windows\System\cQKVwoc.exe

Filesize
5.7MB

MD5
436bea930476ffd1c47299c68c5e5091

SHA1
b0610cd823c92f34a5fe3a8903874e9213dbc3f6

SHA256
4a68cf929b9489e114cc713d95ecb62fd5f98819a7fa2c7253baa7cc16d48ef7

SHA512
a371ae2a2c51b065d2f2b012911b29038898663a003e6b0ddd6f438bec97d3851585e975a518fcbf0c212ab8a2ce65df1dfb610dfaa988a6321671afa27588f6

Download Submit
C:\Windows\System\cREiMFd.exe

Filesize
5.7MB

MD5
482760efcf0587c5d83f96b6bf256d2f

SHA1
0faf7f3aa7585195888dfd15aedd55dd76334fe5

SHA256
63cc24dfb0ae94737a956803ed60ce10a5f3d7e00eaa243ceb74cf06d5d20d0d

SHA512
a3fc1a35d104eefe22eff29dcc9f2d3c52121bcef93b7f00e89234e53161e7d155d5e38d020843b8e6de996344f503f241bd3592f8c79ef439c2b76b72fb62d7

Download Submit
C:\Windows\System\gsxepch.exe

Filesize
5.7MB

MD5
a872b8b03b423f9b8b1a2fee95b94a48

SHA1
2b070c5fecb0d2ed1b93571d5693727cc42a4074

SHA256
e90de86adcab2ec74018abf1eb661917c48b0864252f00d5ffe6b49da89863e1

SHA512
c75515a079b4ef9eb5e5916297fd5a4150690b9e3b2323a1bfa7fa0b4e8fc1c1ced1f960817ecabb13f6369161ead0802d6b1a0298def3a7390de901aeccb522

Download Submit
C:\Windows\System\kAvaRRr.exe

Filesize
5.7MB

MD5
ff1ec1e823ff213254ad5d84596d1113

SHA1
f97e11622c47824c76271fc196a159aea3558b51

SHA256
ba98c280280336764a619c8eb9838f6e2289fea012ed9fbd0b4613161b275919

SHA512
de6c15fd2590e2d41a40519843630a89443d9041aa4d926d3b298c120ae0f0b708ea6670a46e7a228a4e475e08e95078bade4c4aa8147cb2133df22c30cd24ff

Download Submit
C:\Windows\System\lCbRmzv.exe

Filesize
5.7MB

MD5
5b5112995e298f51177b76dc9ba85f0c

SHA1
cb0cf233647525f49f639d64db6e4291818fa64f

SHA256
0ca8aafab19177ed7ed2215d331b0d01780c9c5adb9428aa533a68a440c330bc

SHA512
a2d83d910f0a8bb43d64cd2fad7ccd351640a06e25d16170cea83566490788c660ecdf747f43eb979bb36fff3f9289c6678b044d485f6b83bd670953c80ccabc

Download Submit
C:\Windows\System\lYjUoNp.exe

Filesize
5.7MB

MD5
abeef433cadbe6edb1453f276123b815

SHA1
642e1adc234dc4cfebb92349993088ea610c2a12

SHA256
1247b535f8eca7a3e9c2aca4569c900febe2ee51e21fc79f858a94c4eb7c9447

SHA512
963e90228db986d8bb723d0feaf16c67ed5b24b206f220d85c3f7d46e80c95bdf769404a489caca0b57650f217ea5e00ccb0ae0863cc402faeffc91f4b93d2d6

Download Submit
C:\Windows\System\ldDGiad.exe

Filesize
5.7MB

MD5
61ed9582db8b6c8b105dc97057e6ab8f

SHA1
80cd25500166a1528614ce082566a174833cac89

SHA256
59f43605c034674b26d50a09cbc0e51c7983a1b6d34bd5952b68b4041bf53cbd

SHA512
cc500d45e60623b44f2cc0caaa9696ba164542b2c79b1ac6da47a8ac088c9cc693f6c21d17ecbc95087771a9dbaaa9bf2898cadf24bac9e90c6d6929b6a67719

Download Submit
C:\Windows\System\lhUpTKY.exe

Filesize
5.7MB

MD5
81003727b28ad790f74a7e14278b0ea5

SHA1
e36239997cb85f9d1fabc7e35141b1723ee30ec4

SHA256
9b04fa025e20270739fbe44612860d34540ec8a0d85f25e877338ecf2b1b597d

SHA512
2f0f7017db99799ff4fef066e6cb89f080b55beff7cf078071baa2ee34d34eda04427c9d5d30f22288c78900bd535385e8c52e3a8dbf322b39bf11824517bf05

Download Submit
C:\Windows\System\lyiXRUS.exe

Filesize
5.7MB

MD5
f5cd24fcbd2aa0c1bc8f874dce6b12b3

SHA1
464aa972d98bcae02b5f37026d6d83af12106838

SHA256
d186d0d272f23f2c8366b61a650009604ea43c8c31eb254c3fc0c67cc29bc5bf

SHA512
534d04be0eadf421f4bd7517a3aeed2713ef12a80054b03e2ea06f9c8b160c7b596629e6ceae183dcc38b5e3182a66b3f09a5b02bd9a458381eedd70c1639443

Download Submit
C:\Windows\System\oAfMKSg.exe

Filesize
5.7MB

MD5
3483d9be2da522a32701ee3e12136c8c

SHA1
4852c387003325b68c89601aebfd358f5f2ec66d

SHA256
779e30ddefdedc76ede0735def4c85c50d079235bece2d8d5f81f772c9d26b9f

SHA512
ca6aab922d2131c93edb1ffab6b00d07141bd0917e65ef278637344ec0caf50a841e9225d494b9a5476d7075cd1c99e5d211588e939275744f2238dc8ce3ec52

Download Submit
C:\Windows\System\oMlGoJX.exe

Filesize
5.7MB

MD5
ee891ef50d7e99eaf3a54c69b4e82856

SHA1
a01632007f7435505fd5c344e3f45cacf1ccb5d5

SHA256
cc058e5526b4681ab98852e0e180f718faa84d9d6a24662007304732e076a866

SHA512
234f6cba26ba0db299ebd665bcc789584acb3f2e5026c095c6b602321a26e5ada294fb834b6927492c8a8a1a698f2d1b659a1a0531a3db66908e53375bb309c0

Download Submit
C:\Windows\System\ofDLrdk.exe

Filesize
5.7MB

MD5
0a18b6068fdba6c9850f0b92398a96c0

SHA1
f846a0d3cc59fdab56ee647dc67de8bea8999aa0

SHA256
0e858f9c10e18c57178a8bde31c12b52e7ecb8985d50c4a670f3c83f118a47df

SHA512
c839405799213bb584bc3bbe0913ff57e73a69e6f847fc2275a06239f5e339f604d897f3a2c53643dc338b450b634ef8e6857be4404c77ad9352a579a4d0eb4c

Download Submit
C:\Windows\System\pVMnjfw.exe

Filesize
5.7MB

MD5
6c6eb5acc507a60f306cce832db0d67f

SHA1
7dbc05dab6679a36268cf4e049bd91d0c0c9b312

SHA256
5d0f8f6ebd66c660ae2d13e804cf3b6c79d560a75b0408ced54d13c237352c85

SHA512
d452b9fcacf9036defea0efba420626d573a4583c6ab575abb5c93c3378d9c76d0783daccdbe457ce27184704e9083c81b0f59ab24b2a7aca258c1e94e24a8b6

Download Submit
C:\Windows\System\qdomjcY.exe

Filesize
5.7MB

MD5
3c071ce0ef178eb2057036b947c82a97

SHA1
a00e7708ea65a0445b83ea4370718bf4d96eb1b7

SHA256
058feb95e327c37a5bad8582cf3c46fe181c1b273889cf6538b60aa4d5e427ab

SHA512
800c5a01d1d98241585cbdc2df4e301763310398e0adaa006e738245896bcdc010d3ecbaf1eba9142c5694ba578a1f343a0ff9b68c4d3c900a53fa7cc6388928

Download Submit
C:\Windows\System\tLQFNxX.exe

Filesize
5.7MB

MD5
4c121b1b59572bd1d1f45a3cbe9b5d3b

SHA1
e42cec2180aecc48eedc51fdaa3b829e352c1ea0

SHA256
0c81498ba00640e7526073351f6b12538ce2ad8a143022b40ce954e8e8a4dce4

SHA512
0abedd334bfd40b52192337f206d2293a03c951ed4af7b913433f20ae1cc3290ea937985fd54697fc44af2132155afdcb364adf6640420b9656c4f48cd91cbf1

Download Submit
C:\Windows\System\yleJJWN.exe

Filesize
5.7MB

MD5
858b8487178b9f4aa247661d23bf4a6c

SHA1
6ab08acc1c7c12702999f327502e6798476f0bf3

SHA256
582ba6d8b332bf4bef38584545ae340fd00e240e4df32254206fec3d18d665d1

SHA512
dafeb547db37010abb39fa32593b3c33ea92b9111bfd31942907112f3a63aa41e551d40f81811333a945a12e2bf94e549a485b57010fd003a304e0fa964731bc

Download Submit
memory/968-0-0x00007FF7EE7F0000-0x00007FF7EEB3D000-memory.dmp

Filesize
3.3MB

Download
memory/968-1-0x00000252DD610000-0x00000252DD620000-memory.dmp

Filesize
64KB

Download
memory/1012-61-0x00007FF641A80000-0x00007FF641DCD000-memory.dmp

Filesize
3.3MB

Download
memory/1040-132-0x00007FF7C7260000-0x00007FF7C75AD000-memory.dmp

Filesize
3.3MB

Download
memory/1252-48-0x00007FF6F89E0000-0x00007FF6F8D2D000-memory.dmp

Filesize
3.3MB

Download
memory/1340-97-0x00007FF6D4790000-0x00007FF6D4ADD000-memory.dmp

Filesize
3.3MB

Download
memory/1416-73-0x00007FF6AD610000-0x00007FF6AD95D000-memory.dmp

Filesize
3.3MB

Download
memory/1452-22-0x00007FF669B60000-0x00007FF669EAD000-memory.dmp

Filesize
3.3MB

Download
memory/1700-185-0x00007FF781230000-0x00007FF78157D000-memory.dmp

Filesize
3.3MB

Download
memory/1744-139-0x00007FF649FB0000-0x00007FF64A2FD000-memory.dmp

Filesize
3.3MB

Download
memory/1780-145-0x00007FF61B950000-0x00007FF61BC9D000-memory.dmp

Filesize
3.3MB

Download
memory/2100-13-0x00007FF6A6B20000-0x00007FF6A6E6D000-memory.dmp

Filesize
3.3MB

Download
memory/2128-79-0x00007FF7C5AD0000-0x00007FF7C5E1D000-memory.dmp

Filesize
3.3MB

Download
memory/2188-127-0x00007FF76E410000-0x00007FF76E75D000-memory.dmp

Filesize
3.3MB

Download
memory/2240-178-0x00007FF7A63A0000-0x00007FF7A66ED000-memory.dmp

Filesize
3.3MB

Download
memory/2292-157-0x00007FF7DB620000-0x00007FF7DB96D000-memory.dmp

Filesize
3.3MB

Download
memory/2356-7-0x00007FF6490F0000-0x00007FF64943D000-memory.dmp

Filesize
3.3MB

Download
memory/2460-163-0x00007FF686910000-0x00007FF686C5D000-memory.dmp

Filesize
3.3MB

Download
memory/2496-67-0x00007FF648240000-0x00007FF64858D000-memory.dmp

Filesize
3.3MB

Download
memory/2532-112-0x00007FF64AB90000-0x00007FF64AEDD000-memory.dmp

Filesize
3.3MB

Download
memory/2864-91-0x00007FF63C0D0000-0x00007FF63C41D000-memory.dmp

Filesize
3.3MB

Download
memory/3532-85-0x00007FF6CCAA0000-0x00007FF6CCDED000-memory.dmp

Filesize
3.3MB

Download
memory/3608-109-0x00007FF737EE0000-0x00007FF73822D000-memory.dmp

Filesize
3.3MB

Download
memory/3628-116-0x00007FF74C260000-0x00007FF74C5AD000-memory.dmp

Filesize
3.3MB

Download
memory/3656-189-0x00007FF7E63C0000-0x00007FF7E670D000-memory.dmp

Filesize
3.3MB

Download
memory/3756-39-0x00007FF71EB60000-0x00007FF71EEAD000-memory.dmp

Filesize
3.3MB

Download
memory/3764-54-0x00007FF7CBAA0000-0x00007FF7CBDED000-memory.dmp

Filesize
3.3MB

Download
memory/3868-151-0x00007FF72B840000-0x00007FF72BB8D000-memory.dmp

Filesize
3.3MB

Download
memory/4420-121-0x00007FF73F130000-0x00007FF73F47D000-memory.dmp

Filesize
3.3MB

Download
memory/4568-28-0x00007FF7C7D30000-0x00007FF7C807D000-memory.dmp

Filesize
3.3MB

Download
memory/4896-45-0x00007FF6EF4D0000-0x00007FF6EF81D000-memory.dmp

Filesize
3.3MB

Download
memory/5032-34-0x00007FF67B350000-0x00007FF67B69D000-memory.dmp

Filesize
3.3MB

Download
memory/5092-169-0x00007FF7CF9A0000-0x00007FF7CFCED000-memory.dmp

Filesize
3.3MB

Download