cobaltstrike | a04fa4b23996db736736df5185e29f400f5b159fa677628bb1224eb37ec3b574

Analysis

max time kernel
103s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
30/03/2025, 15:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

5.7MB
MD5

c37696cbd04658973352b0f40ae79bd5
SHA1

820ee7253bf371114f2f258f45d4e1b566a43fc1
SHA256

a04fa4b23996db736736df5185e29f400f5b159fa677628bb1224eb37ec3b574
SHA512

d4fdbcb79380cb3e949121d42642668c23315e64f0b5e7df0d11b61af858bd7dd043d7383f244b9e0ab76c2b9b11a41ba2b8cc35371ed0cd5d1aeeaa0b0a8476
SSDEEP

98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lUJ:j+R56utgpPF8u/7J

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0008000000024236-5.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000024239-11.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002423d-14.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002423f-23.dat	cobalt_reflective_dll
behavioral2/files/0x000800000002423a-30.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024240-35.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024242-47.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024243-53.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024241-43.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024244-59.dat	cobalt_reflective_dll
behavioral2/files/0x000c000000023fe0-66.dat	cobalt_reflective_dll
behavioral2/files/0x0004000000016918-71.dat	cobalt_reflective_dll
behavioral2/files/0x000400000001da2c-78.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000022ecf-84.dat	cobalt_reflective_dll
behavioral2/files/0x0006000000022edd-89.dat	cobalt_reflective_dll
behavioral2/files/0x000c000000023fe7-96.dat	cobalt_reflective_dll
behavioral2/files/0x001f000000024026-101.dat	cobalt_reflective_dll
behavioral2/files/0x0012000000024058-106.dat	cobalt_reflective_dll
behavioral2/files/0x000f00000002405e-114.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024245-126.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024246-131.dat	cobalt_reflective_dll
behavioral2/files/0x000d00000002406a-120.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024247-136.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024248-144.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024249-150.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002424a-158.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002424c-160.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002424d-166.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002424f-179.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024250-185.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024252-194.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024251-188.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002424e-176.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3220-0-0x00007FF79BDC0000-0x00007FF79C10D000-memory.dmp	xmrig
behavioral2/files/0x0008000000024236-5.dat	xmrig
behavioral2/memory/5004-7-0x00007FF6F1120000-0x00007FF6F146D000-memory.dmp	xmrig
behavioral2/files/0x0008000000024239-11.dat	xmrig
behavioral2/memory/5228-12-0x00007FF7417C0000-0x00007FF741B0D000-memory.dmp	xmrig
behavioral2/files/0x000700000002423d-14.dat	xmrig
behavioral2/memory/1448-19-0x00007FF63CBC0000-0x00007FF63CF0D000-memory.dmp	xmrig
behavioral2/files/0x000700000002423f-23.dat	xmrig
behavioral2/memory/1212-25-0x00007FF667500000-0x00007FF66784D000-memory.dmp	xmrig
behavioral2/memory/4948-31-0x00007FF7C1840000-0x00007FF7C1B8D000-memory.dmp	xmrig
behavioral2/files/0x000800000002423a-30.dat	xmrig
behavioral2/files/0x0007000000024240-35.dat	xmrig
behavioral2/memory/5160-39-0x00007FF7E16C0000-0x00007FF7E1A0D000-memory.dmp	xmrig
behavioral2/memory/4460-46-0x00007FF77A160000-0x00007FF77A4AD000-memory.dmp	xmrig
behavioral2/files/0x0007000000024242-47.dat	xmrig
behavioral2/files/0x0007000000024243-53.dat	xmrig
behavioral2/memory/4556-55-0x00007FF601080000-0x00007FF6013CD000-memory.dmp	xmrig
behavioral2/memory/4424-49-0x00007FF600790000-0x00007FF600ADD000-memory.dmp	xmrig
behavioral2/files/0x0007000000024241-43.dat	xmrig
behavioral2/files/0x0007000000024244-59.dat	xmrig
behavioral2/memory/4560-61-0x00007FF6A8F90000-0x00007FF6A92DD000-memory.dmp	xmrig
behavioral2/files/0x000c000000023fe0-66.dat	xmrig
behavioral2/memory/4768-67-0x00007FF6179E0000-0x00007FF617D2D000-memory.dmp	xmrig
behavioral2/files/0x0004000000016918-71.dat	xmrig
behavioral2/memory/3408-73-0x00007FF7AE600000-0x00007FF7AE94D000-memory.dmp	xmrig
behavioral2/files/0x000400000001da2c-78.dat	xmrig
behavioral2/memory/5040-79-0x00007FF72BB70000-0x00007FF72BEBD000-memory.dmp	xmrig
behavioral2/memory/4348-85-0x00007FF6C9850000-0x00007FF6C9B9D000-memory.dmp	xmrig
behavioral2/files/0x0007000000022ecf-84.dat	xmrig
behavioral2/files/0x0006000000022edd-89.dat	xmrig
behavioral2/memory/4296-90-0x00007FF6F4230000-0x00007FF6F457D000-memory.dmp	xmrig
behavioral2/files/0x000c000000023fe7-96.dat	xmrig
behavioral2/memory/5176-97-0x00007FF702590000-0x00007FF7028DD000-memory.dmp	xmrig
behavioral2/files/0x001f000000024026-101.dat	xmrig
behavioral2/files/0x0012000000024058-106.dat	xmrig
behavioral2/memory/6104-107-0x00007FF754E00000-0x00007FF75514D000-memory.dmp	xmrig
behavioral2/memory/5424-109-0x00007FF7C1480000-0x00007FF7C17CD000-memory.dmp	xmrig
behavioral2/memory/60-115-0x00007FF7E23D0000-0x00007FF7E271D000-memory.dmp	xmrig
behavioral2/files/0x000f00000002405e-114.dat	xmrig
behavioral2/memory/5076-121-0x00007FF6BE740000-0x00007FF6BEA8D000-memory.dmp	xmrig
behavioral2/files/0x0007000000024245-126.dat	xmrig
behavioral2/files/0x0007000000024246-131.dat	xmrig
behavioral2/memory/816-133-0x00007FF6A3FE0000-0x00007FF6A432D000-memory.dmp	xmrig
behavioral2/memory/5388-127-0x00007FF7856F0000-0x00007FF785A3D000-memory.dmp	xmrig
behavioral2/files/0x000d00000002406a-120.dat	xmrig
behavioral2/files/0x0007000000024247-136.dat	xmrig
behavioral2/memory/1432-139-0x00007FF766510000-0x00007FF76685D000-memory.dmp	xmrig
behavioral2/files/0x0007000000024248-144.dat	xmrig
behavioral2/memory/5896-145-0x00007FF667320000-0x00007FF66766D000-memory.dmp	xmrig
behavioral2/memory/3608-151-0x00007FF7D4A10000-0x00007FF7D4D5D000-memory.dmp	xmrig
behavioral2/files/0x0007000000024249-150.dat	xmrig
behavioral2/files/0x000700000002424a-158.dat	xmrig
behavioral2/files/0x000700000002424c-160.dat	xmrig
behavioral2/memory/2108-159-0x00007FF6717F0000-0x00007FF671B3D000-memory.dmp	xmrig
behavioral2/files/0x000700000002424d-166.dat	xmrig
behavioral2/memory/3948-165-0x00007FF789720000-0x00007FF789A6D000-memory.dmp	xmrig
behavioral2/files/0x000700000002424f-179.dat	xmrig
behavioral2/files/0x0007000000024250-185.dat	xmrig
behavioral2/memory/4920-190-0x00007FF7B4590000-0x00007FF7B48DD000-memory.dmp	xmrig
behavioral2/files/0x0007000000024252-194.dat	xmrig
behavioral2/files/0x0007000000024251-188.dat	xmrig
behavioral2/memory/4992-177-0x00007FF720110000-0x00007FF72045D000-memory.dmp	xmrig
behavioral2/files/0x000700000002424e-176.dat	xmrig
behavioral2/memory/3180-180-0x00007FF796270000-0x00007FF7965BD000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
5004	Vpjxohi.exe
5228	lMIiVYu.exe
1448	EVBvECQ.exe
1212	vIjQjpz.exe
4948	LGQRWpe.exe
5160	GbDkBno.exe
4460	ivexztq.exe
4424	iwUkZEz.exe
4556	eKGlKrh.exe
4560	mjtuAWP.exe
4768	SWKTLML.exe
3408	zGJQQgy.exe
5040	KbQVqfg.exe
4348	qdVLZZz.exe
4296	sXJJbiB.exe
5176	OdBMFmm.exe
5424	cdmMUGH.exe
6104	kJYCyRy.exe
60	AfqVcqp.exe
5076	UBllqGU.exe
5388	SRXEGfj.exe
816	wjyBsNr.exe
1432	LPvcXvH.exe
5896	IYuqHlw.exe
3608	JTJOGMe.exe
2108	OvWXBwK.exe
3948	kAzkXOY.exe
5844	vNcuBRU.exe
4992	rQvxLJi.exe
3180	OuoUifD.exe
4920	biZdDFC.exe
4528	bNTEgtf.exe
5588	gxYSyzr.exe
2236	JhFqLCg.exe
3308	UIaTiIb.exe
3016	yzyDpCo.exe
5760	OiUDVtx.exe
3196	alwnLOi.exe
5624	lMGtHJC.exe
4888	RDkwSMg.exe
6060	mVcZbeJ.exe
3532	XiJJBLZ.exe
1912	mkNOgOE.exe
628	xJmaCtd.exe
2388	neYOLQz.exe
1028	LzfHbkg.exe
5204	SxTBkRH.exe
5640	SVwXvEC.exe
936	GuTsBuM.exe
1844	YIyVHce.exe
4308	MZgWpxa.exe
5656	ZYogwXb.exe
4652	XdDqaVa.exe
2476	wNTYlPu.exe
1696	OYXZnYU.exe
5900	jSWxzeu.exe
3024	cjAxVWh.exe
5396	UteujOs.exe
4796	OBlvJml.exe
5540	zQDPahi.exe
5500	AKomCfG.exe
456	sntVvbY.exe
1692	NcyoMrM.exe
2464	mQBEoCw.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\FVQPtoG.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IFavbMN.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aBSNpug.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SWKTLML.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\irDYYIY.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wPVllSl.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FjMsZga.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EUQncNe.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QmWpGxi.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HfmGBJo.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RlLQHlr.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OVAcasM.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jWtGtfv.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CKOLIbw.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MPpDZUj.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vXdLINk.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\sqIULHI.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MfSbHOZ.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zfHqBAg.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bFEIdQi.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tbAdyWh.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yNwXCcK.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PMtrqJq.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qRuWkVW.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jQLWmMK.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oWwvGQj.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mMIxmYS.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xJmaCtd.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BdZbuPS.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PzrKXir.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nIKWJBS.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vEvveFm.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aIFhwya.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qOmEJvU.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JOXnFmS.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jSWxzeu.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SVwXvEC.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gWhCuoa.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\iMDhQLa.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YIBsyMP.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UNQzmeD.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kvtVAZZ.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kIbPrVB.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\brFLPDE.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wejTxWc.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\eDYJmyC.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BvpoQWC.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yIRrsoM.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EiirinD.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gxUvEKT.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UqfkqMR.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mkwAZTV.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GuTsBuM.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UXVsodV.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uatrZqb.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xBTKvEv.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vLkaWZP.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MoyPyIU.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AfVdjRv.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fTprKWH.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PABptcB.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PChpPCO.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xtEfMqX.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EyqeUEZ.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3220 wrote to memory of 5004	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	86
PID 3220 wrote to memory of 5004	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	86
PID 3220 wrote to memory of 5228	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 3220 wrote to memory of 5228	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 3220 wrote to memory of 1448	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 3220 wrote to memory of 1448	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 3220 wrote to memory of 1212	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 3220 wrote to memory of 1212	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 3220 wrote to memory of 4948	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 3220 wrote to memory of 4948	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 3220 wrote to memory of 5160	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 3220 wrote to memory of 5160	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 3220 wrote to memory of 4460	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 3220 wrote to memory of 4460	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 3220 wrote to memory of 4424	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 3220 wrote to memory of 4424	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 3220 wrote to memory of 4556	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 3220 wrote to memory of 4556	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 3220 wrote to memory of 4560	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 3220 wrote to memory of 4560	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 3220 wrote to memory of 4768	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 3220 wrote to memory of 4768	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 3220 wrote to memory of 3408	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 3220 wrote to memory of 3408	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 3220 wrote to memory of 5040	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 3220 wrote to memory of 5040	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 3220 wrote to memory of 4348	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 3220 wrote to memory of 4348	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 3220 wrote to memory of 4296	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 3220 wrote to memory of 4296	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 3220 wrote to memory of 5176	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 3220 wrote to memory of 5176	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 3220 wrote to memory of 5424	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 3220 wrote to memory of 5424	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 3220 wrote to memory of 6104	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 3220 wrote to memory of 6104	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 3220 wrote to memory of 60	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 3220 wrote to memory of 60	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 3220 wrote to memory of 5076	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 3220 wrote to memory of 5076	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 3220 wrote to memory of 5388	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 3220 wrote to memory of 5388	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 3220 wrote to memory of 816	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 3220 wrote to memory of 816	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 3220 wrote to memory of 1432	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 3220 wrote to memory of 1432	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 3220 wrote to memory of 5896	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 3220 wrote to memory of 5896	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 3220 wrote to memory of 3608	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 3220 wrote to memory of 3608	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 3220 wrote to memory of 2108	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 3220 wrote to memory of 2108	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 3220 wrote to memory of 3948	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 3220 wrote to memory of 3948	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 3220 wrote to memory of 5844	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 3220 wrote to memory of 5844	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 3220 wrote to memory of 4992	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 3220 wrote to memory of 4992	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 3220 wrote to memory of 3180	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 3220 wrote to memory of 3180	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 3220 wrote to memory of 4920	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 3220 wrote to memory of 4920	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 3220 wrote to memory of 4528	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 3220 wrote to memory of 4528	3220	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120

C:\Users\Admin\AppData\Local\Temp\2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3220
- C:\Windows\System\Vpjxohi.exe
  C:\Windows\System\Vpjxohi.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\lMIiVYu.exe
  C:\Windows\System\lMIiVYu.exe
  2⤵
  - Executes dropped EXE
  PID:5228
- C:\Windows\System\EVBvECQ.exe
  C:\Windows\System\EVBvECQ.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\vIjQjpz.exe
  C:\Windows\System\vIjQjpz.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\LGQRWpe.exe
  C:\Windows\System\LGQRWpe.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\GbDkBno.exe
  C:\Windows\System\GbDkBno.exe
  2⤵
  - Executes dropped EXE
  PID:5160
- C:\Windows\System\ivexztq.exe
  C:\Windows\System\ivexztq.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\iwUkZEz.exe
  C:\Windows\System\iwUkZEz.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\eKGlKrh.exe
  C:\Windows\System\eKGlKrh.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\mjtuAWP.exe
  C:\Windows\System\mjtuAWP.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\SWKTLML.exe
  C:\Windows\System\SWKTLML.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\zGJQQgy.exe
  C:\Windows\System\zGJQQgy.exe
  2⤵
  - Executes dropped EXE
  PID:3408
- C:\Windows\System\KbQVqfg.exe
  C:\Windows\System\KbQVqfg.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\qdVLZZz.exe
  C:\Windows\System\qdVLZZz.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\sXJJbiB.exe
  C:\Windows\System\sXJJbiB.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\OdBMFmm.exe
  C:\Windows\System\OdBMFmm.exe
  2⤵
  - Executes dropped EXE
  PID:5176
- C:\Windows\System\cdmMUGH.exe
  C:\Windows\System\cdmMUGH.exe
  2⤵
  - Executes dropped EXE
  PID:5424
- C:\Windows\System\kJYCyRy.exe
  C:\Windows\System\kJYCyRy.exe
  2⤵
  - Executes dropped EXE
  PID:6104
- C:\Windows\System\AfqVcqp.exe
  C:\Windows\System\AfqVcqp.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\UBllqGU.exe
  C:\Windows\System\UBllqGU.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\SRXEGfj.exe
  C:\Windows\System\SRXEGfj.exe
  2⤵
  - Executes dropped EXE
  PID:5388
- C:\Windows\System\wjyBsNr.exe
  C:\Windows\System\wjyBsNr.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\LPvcXvH.exe
  C:\Windows\System\LPvcXvH.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\IYuqHlw.exe
  C:\Windows\System\IYuqHlw.exe
  2⤵
  - Executes dropped EXE
  PID:5896
- C:\Windows\System\JTJOGMe.exe
  C:\Windows\System\JTJOGMe.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\OvWXBwK.exe
  C:\Windows\System\OvWXBwK.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\kAzkXOY.exe
  C:\Windows\System\kAzkXOY.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\vNcuBRU.exe
  C:\Windows\System\vNcuBRU.exe
  2⤵
  - Executes dropped EXE
  PID:5844
- C:\Windows\System\rQvxLJi.exe
  C:\Windows\System\rQvxLJi.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\OuoUifD.exe
  C:\Windows\System\OuoUifD.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\biZdDFC.exe
  C:\Windows\System\biZdDFC.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\bNTEgtf.exe
  C:\Windows\System\bNTEgtf.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\gxYSyzr.exe
  C:\Windows\System\gxYSyzr.exe
  2⤵
  - Executes dropped EXE
  PID:5588
- C:\Windows\System\JhFqLCg.exe
  C:\Windows\System\JhFqLCg.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\UIaTiIb.exe
  C:\Windows\System\UIaTiIb.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System\yzyDpCo.exe
  C:\Windows\System\yzyDpCo.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\OiUDVtx.exe
  C:\Windows\System\OiUDVtx.exe
  2⤵
  - Executes dropped EXE
  PID:5760
- C:\Windows\System\alwnLOi.exe
  C:\Windows\System\alwnLOi.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\lMGtHJC.exe
  C:\Windows\System\lMGtHJC.exe
  2⤵
  - Executes dropped EXE
  PID:5624
- C:\Windows\System\RDkwSMg.exe
  C:\Windows\System\RDkwSMg.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\mVcZbeJ.exe
  C:\Windows\System\mVcZbeJ.exe
  2⤵
  - Executes dropped EXE
  PID:6060
- C:\Windows\System\XiJJBLZ.exe
  C:\Windows\System\XiJJBLZ.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\mkNOgOE.exe
  C:\Windows\System\mkNOgOE.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\xJmaCtd.exe
  C:\Windows\System\xJmaCtd.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\neYOLQz.exe
  C:\Windows\System\neYOLQz.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\LzfHbkg.exe
  C:\Windows\System\LzfHbkg.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\SxTBkRH.exe
  C:\Windows\System\SxTBkRH.exe
  2⤵
  - Executes dropped EXE
  PID:5204
- C:\Windows\System\SVwXvEC.exe
  C:\Windows\System\SVwXvEC.exe
  2⤵
  - Executes dropped EXE
  PID:5640
- C:\Windows\System\GuTsBuM.exe
  C:\Windows\System\GuTsBuM.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\YIyVHce.exe
  C:\Windows\System\YIyVHce.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\MZgWpxa.exe
  C:\Windows\System\MZgWpxa.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System\ZYogwXb.exe
  C:\Windows\System\ZYogwXb.exe
  2⤵
  - Executes dropped EXE
  PID:5656
- C:\Windows\System\XdDqaVa.exe
  C:\Windows\System\XdDqaVa.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\wNTYlPu.exe
  C:\Windows\System\wNTYlPu.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\OYXZnYU.exe
  C:\Windows\System\OYXZnYU.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\jSWxzeu.exe
  C:\Windows\System\jSWxzeu.exe
  2⤵
  - Executes dropped EXE
  PID:5900
- C:\Windows\System\cjAxVWh.exe
  C:\Windows\System\cjAxVWh.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\UteujOs.exe
  C:\Windows\System\UteujOs.exe
  2⤵
  - Executes dropped EXE
  PID:5396
- C:\Windows\System\OBlvJml.exe
  C:\Windows\System\OBlvJml.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\zQDPahi.exe
  C:\Windows\System\zQDPahi.exe
  2⤵
  - Executes dropped EXE
  PID:5540
- C:\Windows\System\AKomCfG.exe
  C:\Windows\System\AKomCfG.exe
  2⤵
  - Executes dropped EXE
  PID:5500
- C:\Windows\System\sntVvbY.exe
  C:\Windows\System\sntVvbY.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\NcyoMrM.exe
  C:\Windows\System\NcyoMrM.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\mQBEoCw.exe
  C:\Windows\System\mQBEoCw.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\LHRhHPO.exe
  C:\Windows\System\LHRhHPO.exe
  2⤵
  PID:2040
- C:\Windows\System\poEKaqz.exe
  C:\Windows\System\poEKaqz.exe
  2⤵
  PID:3572
- C:\Windows\System\HkwfdEq.exe
  C:\Windows\System\HkwfdEq.exe
  2⤵
  PID:5032
- C:\Windows\System\HPDtbuX.exe
  C:\Windows\System\HPDtbuX.exe
  2⤵
  PID:4356
- C:\Windows\System\TGEfYTO.exe
  C:\Windows\System\TGEfYTO.exe
  2⤵
  PID:5992
- C:\Windows\System\fcduxgx.exe
  C:\Windows\System\fcduxgx.exe
  2⤵
  PID:5972
- C:\Windows\System\PyceqeP.exe
  C:\Windows\System\PyceqeP.exe
  2⤵
  PID:4552
- C:\Windows\System\mzgxPZf.exe
  C:\Windows\System\mzgxPZf.exe
  2⤵
  PID:4708
- C:\Windows\System\QKSRBFb.exe
  C:\Windows\System\QKSRBFb.exe
  2⤵
  PID:4660
- C:\Windows\System\bzoAEPo.exe
  C:\Windows\System\bzoAEPo.exe
  2⤵
  PID:4692
- C:\Windows\System\MrgIiek.exe
  C:\Windows\System\MrgIiek.exe
  2⤵
  PID:4500
- C:\Windows\System\XoaZDjN.exe
  C:\Windows\System\XoaZDjN.exe
  2⤵
  PID:5392
- C:\Windows\System\AwpPpru.exe
  C:\Windows\System\AwpPpru.exe
  2⤵
  PID:2940
- C:\Windows\System\GUxHtFH.exe
  C:\Windows\System\GUxHtFH.exe
  2⤵
  PID:3060
- C:\Windows\System\AzLKApo.exe
  C:\Windows\System\AzLKApo.exe
  2⤵
  PID:1936
- C:\Windows\System\DQhrwuj.exe
  C:\Windows\System\DQhrwuj.exe
  2⤵
  PID:2652
- C:\Windows\System\jOowHDt.exe
  C:\Windows\System\jOowHDt.exe
  2⤵
  PID:3252
- C:\Windows\System\pLweSrs.exe
  C:\Windows\System\pLweSrs.exe
  2⤵
  PID:828
- C:\Windows\System\hHyQhGV.exe
  C:\Windows\System\hHyQhGV.exe
  2⤵
  PID:5428
- C:\Windows\System\UssAQQN.exe
  C:\Windows\System\UssAQQN.exe
  2⤵
  PID:4092
- C:\Windows\System\sztFxbe.exe
  C:\Windows\System\sztFxbe.exe
  2⤵
  PID:4116
- C:\Windows\System\vXdLINk.exe
  C:\Windows\System\vXdLINk.exe
  2⤵
  PID:4972
- C:\Windows\System\WzaqXIo.exe
  C:\Windows\System\WzaqXIo.exe
  2⤵
  PID:4372
- C:\Windows\System\wWLjxqw.exe
  C:\Windows\System\wWLjxqw.exe
  2⤵
  PID:4120
- C:\Windows\System\mzBmmiY.exe
  C:\Windows\System\mzBmmiY.exe
  2⤵
  PID:1348
- C:\Windows\System\YwdTVSd.exe
  C:\Windows\System\YwdTVSd.exe
  2⤵
  PID:5832
- C:\Windows\System\DVheCZH.exe
  C:\Windows\System\DVheCZH.exe
  2⤵
  PID:5728
- C:\Windows\System\VGmkWce.exe
  C:\Windows\System\VGmkWce.exe
  2⤵
  PID:4428
- C:\Windows\System\FMTPxCl.exe
  C:\Windows\System\FMTPxCl.exe
  2⤵
  PID:872
- C:\Windows\System\mggpaLG.exe
  C:\Windows\System\mggpaLG.exe
  2⤵
  PID:2964
- C:\Windows\System\UsTKoXo.exe
  C:\Windows\System\UsTKoXo.exe
  2⤵
  PID:1956
- C:\Windows\System\PlUutIQ.exe
  C:\Windows\System\PlUutIQ.exe
  2⤵
  PID:1252
- C:\Windows\System\viBoLpO.exe
  C:\Windows\System\viBoLpO.exe
  2⤵
  PID:6036
- C:\Windows\System\cRRlPhx.exe
  C:\Windows\System\cRRlPhx.exe
  2⤵
  PID:4892
- C:\Windows\System\FzQKJHE.exe
  C:\Windows\System\FzQKJHE.exe
  2⤵
  PID:1436
- C:\Windows\System\YVcykjw.exe
  C:\Windows\System\YVcykjw.exe
  2⤵
  PID:3336
- C:\Windows\System\esNuYmq.exe
  C:\Windows\System\esNuYmq.exe
  2⤵
  PID:5292
- C:\Windows\System\ZWJYKHv.exe
  C:\Windows\System\ZWJYKHv.exe
  2⤵
  PID:3324
- C:\Windows\System\ZlcNLcN.exe
  C:\Windows\System\ZlcNLcN.exe
  2⤵
  PID:3544
- C:\Windows\System\TOSXsvX.exe
  C:\Windows\System\TOSXsvX.exe
  2⤵
  PID:4628
- C:\Windows\System\sqIULHI.exe
  C:\Windows\System\sqIULHI.exe
  2⤵
  PID:6080
- C:\Windows\System\EwawzbQ.exe
  C:\Windows\System\EwawzbQ.exe
  2⤵
  PID:4480
- C:\Windows\System\wzAAckn.exe
  C:\Windows\System\wzAAckn.exe
  2⤵
  PID:5984
- C:\Windows\System\lcMzuqh.exe
  C:\Windows\System\lcMzuqh.exe
  2⤵
  PID:5824
- C:\Windows\System\LTQTmWl.exe
  C:\Windows\System\LTQTmWl.exe
  2⤵
  PID:4676
- C:\Windows\System\MfSbHOZ.exe
  C:\Windows\System\MfSbHOZ.exe
  2⤵
  PID:212
- C:\Windows\System\MYrYMph.exe
  C:\Windows\System\MYrYMph.exe
  2⤵
  PID:3740
- C:\Windows\System\UyAfsbx.exe
  C:\Windows\System\UyAfsbx.exe
  2⤵
  PID:4404
- C:\Windows\System\nCDSDnt.exe
  C:\Windows\System\nCDSDnt.exe
  2⤵
  PID:2708
- C:\Windows\System\cLlwiXv.exe
  C:\Windows\System\cLlwiXv.exe
  2⤵
  PID:5288
- C:\Windows\System\vJPHBTD.exe
  C:\Windows\System\vJPHBTD.exe
  2⤵
  PID:4300
- C:\Windows\System\qPwNFNb.exe
  C:\Windows\System\qPwNFNb.exe
  2⤵
  PID:5412
- C:\Windows\System\WFlpztj.exe
  C:\Windows\System\WFlpztj.exe
  2⤵
  PID:4724
- C:\Windows\System\AlIoBjl.exe
  C:\Windows\System\AlIoBjl.exe
  2⤵
  PID:1828
- C:\Windows\System\RgSiQnT.exe
  C:\Windows\System\RgSiQnT.exe
  2⤵
  PID:2696
- C:\Windows\System\hwuQAIS.exe
  C:\Windows\System\hwuQAIS.exe
  2⤵
  PID:5460
- C:\Windows\System\QcVdWyo.exe
  C:\Windows\System\QcVdWyo.exe
  2⤵
  PID:6004
- C:\Windows\System\yPKGVLR.exe
  C:\Windows\System\yPKGVLR.exe
  2⤵
  PID:2384
- C:\Windows\System\hwQSNMT.exe
  C:\Windows\System\hwQSNMT.exe
  2⤵
  PID:5884
- C:\Windows\System\RTChLmx.exe
  C:\Windows\System\RTChLmx.exe
  2⤵
  PID:2272
- C:\Windows\System\kSfzzhZ.exe
  C:\Windows\System\kSfzzhZ.exe
  2⤵
  PID:228
- C:\Windows\System\nGBmkBN.exe
  C:\Windows\System\nGBmkBN.exe
  2⤵
  PID:3260
- C:\Windows\System\MKebQOw.exe
  C:\Windows\System\MKebQOw.exe
  2⤵
  PID:116
- C:\Windows\System\LcbPTbT.exe
  C:\Windows\System\LcbPTbT.exe
  2⤵
  PID:6016
- C:\Windows\System\TnHZDJP.exe
  C:\Windows\System\TnHZDJP.exe
  2⤵
  PID:2196
- C:\Windows\System\zEXHmHv.exe
  C:\Windows\System\zEXHmHv.exe
  2⤵
  PID:1376
- C:\Windows\System\yIioEtj.exe
  C:\Windows\System\yIioEtj.exe
  2⤵
  PID:4332
- C:\Windows\System\xUgeojO.exe
  C:\Windows\System\xUgeojO.exe
  2⤵
  PID:5560
- C:\Windows\System\zvfLFrx.exe
  C:\Windows\System\zvfLFrx.exe
  2⤵
  PID:5376
- C:\Windows\System\kNQouVB.exe
  C:\Windows\System\kNQouVB.exe
  2⤵
  PID:2988
- C:\Windows\System\joiGfsr.exe
  C:\Windows\System\joiGfsr.exe
  2⤵
  PID:1156
- C:\Windows\System\yONrlJS.exe
  C:\Windows\System\yONrlJS.exe
  2⤵
  PID:1208
- C:\Windows\System\FdVUVME.exe
  C:\Windows\System\FdVUVME.exe
  2⤵
  PID:5744
- C:\Windows\System\lkGEwjh.exe
  C:\Windows\System\lkGEwjh.exe
  2⤵
  PID:3924
- C:\Windows\System\LtMSYvx.exe
  C:\Windows\System\LtMSYvx.exe
  2⤵
  PID:5068
- C:\Windows\System\GpIiUOO.exe
  C:\Windows\System\GpIiUOO.exe
  2⤵
  PID:6180
- C:\Windows\System\bBxioXg.exe
  C:\Windows\System\bBxioXg.exe
  2⤵
  PID:6220
- C:\Windows\System\qiwjZCt.exe
  C:\Windows\System\qiwjZCt.exe
  2⤵
  PID:6248
- C:\Windows\System\uBpfKlV.exe
  C:\Windows\System\uBpfKlV.exe
  2⤵
  PID:6276
- C:\Windows\System\lHyLDQM.exe
  C:\Windows\System\lHyLDQM.exe
  2⤵
  PID:6308
- C:\Windows\System\lxmRIQB.exe
  C:\Windows\System\lxmRIQB.exe
  2⤵
  PID:6340
- C:\Windows\System\vPJMpkF.exe
  C:\Windows\System\vPJMpkF.exe
  2⤵
  PID:6372
- C:\Windows\System\HYsUBMq.exe
  C:\Windows\System\HYsUBMq.exe
  2⤵
  PID:6404
- C:\Windows\System\KmWOgLY.exe
  C:\Windows\System\KmWOgLY.exe
  2⤵
  PID:6436
- C:\Windows\System\QKsRcOe.exe
  C:\Windows\System\QKsRcOe.exe
  2⤵
  PID:6472
- C:\Windows\System\xKjBONW.exe
  C:\Windows\System\xKjBONW.exe
  2⤵
  PID:6500
- C:\Windows\System\JcefVBM.exe
  C:\Windows\System\JcefVBM.exe
  2⤵
  PID:6532
- C:\Windows\System\VYvJxhQ.exe
  C:\Windows\System\VYvJxhQ.exe
  2⤵
  PID:6564
- C:\Windows\System\WpGKEwc.exe
  C:\Windows\System\WpGKEwc.exe
  2⤵
  PID:6596
- C:\Windows\System\PgDQliQ.exe
  C:\Windows\System\PgDQliQ.exe
  2⤵
  PID:6652
- C:\Windows\System\YmRiffX.exe
  C:\Windows\System\YmRiffX.exe
  2⤵
  PID:6684
- C:\Windows\System\bDtiMEj.exe
  C:\Windows\System\bDtiMEj.exe
  2⤵
  PID:6720
- C:\Windows\System\NlePGNU.exe
  C:\Windows\System\NlePGNU.exe
  2⤵
  PID:6752
- C:\Windows\System\ohIRkYg.exe
  C:\Windows\System\ohIRkYg.exe
  2⤵
  PID:6792
- C:\Windows\System\UBRTnGr.exe
  C:\Windows\System\UBRTnGr.exe
  2⤵
  PID:6832
- C:\Windows\System\YXXChJl.exe
  C:\Windows\System\YXXChJl.exe
  2⤵
  PID:6860
- C:\Windows\System\JSBqSPr.exe
  C:\Windows\System\JSBqSPr.exe
  2⤵
  PID:6900
- C:\Windows\System\dOLxroG.exe
  C:\Windows\System\dOLxroG.exe
  2⤵
  PID:6924
- C:\Windows\System\fPNOkiq.exe
  C:\Windows\System\fPNOkiq.exe
  2⤵
  PID:6956
- C:\Windows\System\YVGUgxy.exe
  C:\Windows\System\YVGUgxy.exe
  2⤵
  PID:6988
- C:\Windows\System\fTprKWH.exe
  C:\Windows\System\fTprKWH.exe
  2⤵
  PID:7020
- C:\Windows\System\jlJfmtm.exe
  C:\Windows\System\jlJfmtm.exe
  2⤵
  PID:7056
- C:\Windows\System\ZYGRcEu.exe
  C:\Windows\System\ZYGRcEu.exe
  2⤵
  PID:7088
- C:\Windows\System\fOHIWUe.exe
  C:\Windows\System\fOHIWUe.exe
  2⤵
  PID:7124
- C:\Windows\System\gzLbDYa.exe
  C:\Windows\System\gzLbDYa.exe
  2⤵
  PID:7152
- C:\Windows\System\CLFdMCb.exe
  C:\Windows\System\CLFdMCb.exe
  2⤵
  PID:6168
- C:\Windows\System\AnVbgcL.exe
  C:\Windows\System\AnVbgcL.exe
  2⤵
  PID:6228
- C:\Windows\System\fGlMskD.exe
  C:\Windows\System\fGlMskD.exe
  2⤵
  PID:6324
- C:\Windows\System\RJPhkXT.exe
  C:\Windows\System\RJPhkXT.exe
  2⤵
  PID:6388
- C:\Windows\System\TGGOYBQ.exe
  C:\Windows\System\TGGOYBQ.exe
  2⤵
  PID:6480
- C:\Windows\System\gqHulhV.exe
  C:\Windows\System\gqHulhV.exe
  2⤵
  PID:6576
- C:\Windows\System\irDYYIY.exe
  C:\Windows\System\irDYYIY.exe
  2⤵
  PID:6620
- C:\Windows\System\DRzYmlA.exe
  C:\Windows\System\DRzYmlA.exe
  2⤵
  PID:6696
- C:\Windows\System\UXVsodV.exe
  C:\Windows\System\UXVsodV.exe
  2⤵
  PID:6768
- C:\Windows\System\nHMGtOv.exe
  C:\Windows\System\nHMGtOv.exe
  2⤵
  PID:6852
- C:\Windows\System\KYNdXsB.exe
  C:\Windows\System\KYNdXsB.exe
  2⤵
  PID:6920
- C:\Windows\System\GuaNLLh.exe
  C:\Windows\System\GuaNLLh.exe
  2⤵
  PID:6980
- C:\Windows\System\kHUHFkD.exe
  C:\Windows\System\kHUHFkD.exe
  2⤵
  PID:7016
- C:\Windows\System\jHhfyPr.exe
  C:\Windows\System\jHhfyPr.exe
  2⤵
  PID:7116
- C:\Windows\System\wXxNEBi.exe
  C:\Windows\System\wXxNEBi.exe
  2⤵
  PID:2412
- C:\Windows\System\wQCBEQh.exe
  C:\Windows\System\wQCBEQh.exe
  2⤵
  PID:6356
- C:\Windows\System\meARBie.exe
  C:\Windows\System\meARBie.exe
  2⤵
  PID:6492
- C:\Windows\System\WQkKclY.exe
  C:\Windows\System\WQkKclY.exe
  2⤵
  PID:6544
- C:\Windows\System\ehsSekf.exe
  C:\Windows\System\ehsSekf.exe
  2⤵
  PID:6748
- C:\Windows\System\iLIFUNU.exe
  C:\Windows\System\iLIFUNU.exe
  2⤵
  PID:6908
- C:\Windows\System\JRKGGAH.exe
  C:\Windows\System\JRKGGAH.exe
  2⤵
  PID:7028
- C:\Windows\System\KmiFNBn.exe
  C:\Windows\System\KmiFNBn.exe
  2⤵
  PID:7148
- C:\Windows\System\IjEEQru.exe
  C:\Windows\System\IjEEQru.exe
  2⤵
  PID:6464
- C:\Windows\System\PLtZIUr.exe
  C:\Windows\System\PLtZIUr.exe
  2⤵
  PID:6732
- C:\Windows\System\mFsCiLU.exe
  C:\Windows\System\mFsCiLU.exe
  2⤵
  PID:7004
- C:\Windows\System\HEikGRt.exe
  C:\Windows\System\HEikGRt.exe
  2⤵
  PID:6288
- C:\Windows\System\rQImzaj.exe
  C:\Windows\System\rQImzaj.exe
  2⤵
  PID:6844
- C:\Windows\System\ptXhluB.exe
  C:\Windows\System\ptXhluB.exe
  2⤵
  PID:6808
- C:\Windows\System\DweWpjI.exe
  C:\Windows\System\DweWpjI.exe
  2⤵
  PID:6208
- C:\Windows\System\eVciQyh.exe
  C:\Windows\System\eVciQyh.exe
  2⤵
  PID:5776
- C:\Windows\System\oicyekR.exe
  C:\Windows\System\oicyekR.exe
  2⤵
  PID:1176
- C:\Windows\System\mveaqvn.exe
  C:\Windows\System\mveaqvn.exe
  2⤵
  PID:5252
- C:\Windows\System\zJSOOFe.exe
  C:\Windows\System\zJSOOFe.exe
  2⤵
  PID:3460
- C:\Windows\System\XPaGxvL.exe
  C:\Windows\System\XPaGxvL.exe
  2⤵
  PID:548
- C:\Windows\System\wopnSzV.exe
  C:\Windows\System\wopnSzV.exe
  2⤵
  PID:4100
- C:\Windows\System\bHPDpBe.exe
  C:\Windows\System\bHPDpBe.exe
  2⤵
  PID:7144
- C:\Windows\System\auHqmzB.exe
  C:\Windows\System\auHqmzB.exe
  2⤵
  PID:7172
- C:\Windows\System\wejTxWc.exe
  C:\Windows\System\wejTxWc.exe
  2⤵
  PID:7196
- C:\Windows\System\AvqlghF.exe
  C:\Windows\System\AvqlghF.exe
  2⤵
  PID:7236
- C:\Windows\System\fIxsFSb.exe
  C:\Windows\System\fIxsFSb.exe
  2⤵
  PID:7264
- C:\Windows\System\CvQjvTD.exe
  C:\Windows\System\CvQjvTD.exe
  2⤵
  PID:7296
- C:\Windows\System\WNYOQBr.exe
  C:\Windows\System\WNYOQBr.exe
  2⤵
  PID:7324
- C:\Windows\System\MyElkuW.exe
  C:\Windows\System\MyElkuW.exe
  2⤵
  PID:7364
- C:\Windows\System\tmaiVgt.exe
  C:\Windows\System\tmaiVgt.exe
  2⤵
  PID:7388
- C:\Windows\System\iAazdeP.exe
  C:\Windows\System\iAazdeP.exe
  2⤵
  PID:7420
- C:\Windows\System\vtRjwoV.exe
  C:\Windows\System\vtRjwoV.exe
  2⤵
  PID:7452
- C:\Windows\System\PABptcB.exe
  C:\Windows\System\PABptcB.exe
  2⤵
  PID:7492
- C:\Windows\System\tWvlGsD.exe
  C:\Windows\System\tWvlGsD.exe
  2⤵
  PID:7524
- C:\Windows\System\fSOTblX.exe
  C:\Windows\System\fSOTblX.exe
  2⤵
  PID:7548
- C:\Windows\System\JVmTInv.exe
  C:\Windows\System\JVmTInv.exe
  2⤵
  PID:7580
- C:\Windows\System\sisPfcq.exe
  C:\Windows\System\sisPfcq.exe
  2⤵
  PID:7616
- C:\Windows\System\tymFieH.exe
  C:\Windows\System\tymFieH.exe
  2⤵
  PID:7644
- C:\Windows\System\eBhGbFL.exe
  C:\Windows\System\eBhGbFL.exe
  2⤵
  PID:7680
- C:\Windows\System\IhrjvGV.exe
  C:\Windows\System\IhrjvGV.exe
  2⤵
  PID:7720
- C:\Windows\System\fpZwdwL.exe
  C:\Windows\System\fpZwdwL.exe
  2⤵
  PID:7744
- C:\Windows\System\WhdnieN.exe
  C:\Windows\System\WhdnieN.exe
  2⤵
  PID:7780
- C:\Windows\System\OLrOSwT.exe
  C:\Windows\System\OLrOSwT.exe
  2⤵
  PID:7808
- C:\Windows\System\iUoNuik.exe
  C:\Windows\System\iUoNuik.exe
  2⤵
  PID:7840
- C:\Windows\System\ToJXxYq.exe
  C:\Windows\System\ToJXxYq.exe
  2⤵
  PID:7872
- C:\Windows\System\ZDOBsQx.exe
  C:\Windows\System\ZDOBsQx.exe
  2⤵
  PID:7904
- C:\Windows\System\QsCzXzj.exe
  C:\Windows\System\QsCzXzj.exe
  2⤵
  PID:7936
- C:\Windows\System\gyQcCNh.exe
  C:\Windows\System\gyQcCNh.exe
  2⤵
  PID:7972
- C:\Windows\System\PDReSAO.exe
  C:\Windows\System\PDReSAO.exe
  2⤵
  PID:8000
- C:\Windows\System\kpsJZpO.exe
  C:\Windows\System\kpsJZpO.exe
  2⤵
  PID:8032
- C:\Windows\System\layzgYa.exe
  C:\Windows\System\layzgYa.exe
  2⤵
  PID:8064
- C:\Windows\System\QDIHCTq.exe
  C:\Windows\System\QDIHCTq.exe
  2⤵
  PID:8100
- C:\Windows\System\tjzkGWs.exe
  C:\Windows\System\tjzkGWs.exe
  2⤵
  PID:8128
- C:\Windows\System\UsslheV.exe
  C:\Windows\System\UsslheV.exe
  2⤵
  PID:8160
- C:\Windows\System\WgJqqMV.exe
  C:\Windows\System\WgJqqMV.exe
  2⤵
  PID:6664
- C:\Windows\System\XOTJfGn.exe
  C:\Windows\System\XOTJfGn.exe
  2⤵
  PID:7256
- C:\Windows\System\OZkHPZL.exe
  C:\Windows\System\OZkHPZL.exe
  2⤵
  PID:7288
- C:\Windows\System\SaTlmLq.exe
  C:\Windows\System\SaTlmLq.exe
  2⤵
  PID:7352
- C:\Windows\System\ybXWGef.exe
  C:\Windows\System\ybXWGef.exe
  2⤵
  PID:7416
- C:\Windows\System\JQYDvpg.exe
  C:\Windows\System\JQYDvpg.exe
  2⤵
  PID:7536
- C:\Windows\System\RkpZzIO.exe
  C:\Windows\System\RkpZzIO.exe
  2⤵
  PID:7624
- C:\Windows\System\gYhPOwi.exe
  C:\Windows\System\gYhPOwi.exe
  2⤵
  PID:7704
- C:\Windows\System\PMtrqJq.exe
  C:\Windows\System\PMtrqJq.exe
  2⤵
  PID:7832
- C:\Windows\System\xtxcdQa.exe
  C:\Windows\System\xtxcdQa.exe
  2⤵
  PID:7932
- C:\Windows\System\BHegTNf.exe
  C:\Windows\System\BHegTNf.exe
  2⤵
  PID:8016
- C:\Windows\System\ruXYrlF.exe
  C:\Windows\System\ruXYrlF.exe
  2⤵
  PID:8088
- C:\Windows\System\SOxBFIv.exe
  C:\Windows\System\SOxBFIv.exe
  2⤵
  PID:8156
- C:\Windows\System\IRbczRm.exe
  C:\Windows\System\IRbczRm.exe
  2⤵
  PID:7220
- C:\Windows\System\TtTkZLL.exe
  C:\Windows\System\TtTkZLL.exe
  2⤵
  PID:7404
- C:\Windows\System\RtnJYYk.exe
  C:\Windows\System\RtnJYYk.exe
  2⤵
  PID:7540
- C:\Windows\System\fGqXmcg.exe
  C:\Windows\System\fGqXmcg.exe
  2⤵
  PID:7760
- C:\Windows\System\HVezbZE.exe
  C:\Windows\System\HVezbZE.exe
  2⤵
  PID:7980
- C:\Windows\System\fwmapqq.exe
  C:\Windows\System\fwmapqq.exe
  2⤵
  PID:8112
- C:\Windows\System\SxwlWrR.exe
  C:\Windows\System\SxwlWrR.exe
  2⤵
  PID:7348
- C:\Windows\System\mfjCoJJ.exe
  C:\Windows\System\mfjCoJJ.exe
  2⤵
  PID:7640
- C:\Windows\System\JNbRLTD.exe
  C:\Windows\System\JNbRLTD.exe
  2⤵
  PID:8012
- C:\Windows\System\gWhCuoa.exe
  C:\Windows\System\gWhCuoa.exe
  2⤵
  PID:7448
- C:\Windows\System\MPFIfQc.exe
  C:\Windows\System\MPFIfQc.exe
  2⤵
  PID:4384
- C:\Windows\System\KFNvdpc.exe
  C:\Windows\System\KFNvdpc.exe
  2⤵
  PID:8076
- C:\Windows\System\dcjlPsB.exe
  C:\Windows\System\dcjlPsB.exe
  2⤵
  PID:8196
- C:\Windows\System\HPWHGFF.exe
  C:\Windows\System\HPWHGFF.exe
  2⤵
  PID:8224
- C:\Windows\System\NvyUAPM.exe
  C:\Windows\System\NvyUAPM.exe
  2⤵
  PID:8260
- C:\Windows\System\XTcFgGf.exe
  C:\Windows\System\XTcFgGf.exe
  2⤵
  PID:8288
- C:\Windows\System\sFjvZxt.exe
  C:\Windows\System\sFjvZxt.exe
  2⤵
  PID:8324
- C:\Windows\System\xyvLVfP.exe
  C:\Windows\System\xyvLVfP.exe
  2⤵
  PID:8360
- C:\Windows\System\UyvqCyN.exe
  C:\Windows\System\UyvqCyN.exe
  2⤵
  PID:8392
- C:\Windows\System\MAfBRsz.exe
  C:\Windows\System\MAfBRsz.exe
  2⤵
  PID:8416
- C:\Windows\System\xFtLubR.exe
  C:\Windows\System\xFtLubR.exe
  2⤵
  PID:8448
- C:\Windows\System\ojIdJQb.exe
  C:\Windows\System\ojIdJQb.exe
  2⤵
  PID:8480
- C:\Windows\System\zQfjsxg.exe
  C:\Windows\System\zQfjsxg.exe
  2⤵
  PID:8512
- C:\Windows\System\vYaLhJJ.exe
  C:\Windows\System\vYaLhJJ.exe
  2⤵
  PID:8544
- C:\Windows\System\arHJiZU.exe
  C:\Windows\System\arHJiZU.exe
  2⤵
  PID:8580
- C:\Windows\System\VZLbGOV.exe
  C:\Windows\System\VZLbGOV.exe
  2⤵
  PID:8612
- C:\Windows\System\vCCASAd.exe
  C:\Windows\System\vCCASAd.exe
  2⤵
  PID:8644
- C:\Windows\System\nQVglIu.exe
  C:\Windows\System\nQVglIu.exe
  2⤵
  PID:8676
- C:\Windows\System\sQcwjDh.exe
  C:\Windows\System\sQcwjDh.exe
  2⤵
  PID:8708
- C:\Windows\System\eMZngRZ.exe
  C:\Windows\System\eMZngRZ.exe
  2⤵
  PID:8740
- C:\Windows\System\EygQVgP.exe
  C:\Windows\System\EygQVgP.exe
  2⤵
  PID:8772
- C:\Windows\System\woUcsaO.exe
  C:\Windows\System\woUcsaO.exe
  2⤵
  PID:8812
- C:\Windows\System\goKeEqy.exe
  C:\Windows\System\goKeEqy.exe
  2⤵
  PID:8844
- C:\Windows\System\kbjEvtT.exe
  C:\Windows\System\kbjEvtT.exe
  2⤵
  PID:8868
- C:\Windows\System\ywcUdHz.exe
  C:\Windows\System\ywcUdHz.exe
  2⤵
  PID:8900
- C:\Windows\System\nnRRvrJ.exe
  C:\Windows\System\nnRRvrJ.exe
  2⤵
  PID:8932
- C:\Windows\System\PDdPzKk.exe
  C:\Windows\System\PDdPzKk.exe
  2⤵
  PID:8964
- C:\Windows\System\qIcnHOA.exe
  C:\Windows\System\qIcnHOA.exe
  2⤵
  PID:9000
- C:\Windows\System\PChpPCO.exe
  C:\Windows\System\PChpPCO.exe
  2⤵
  PID:9028
- C:\Windows\System\JNdlwkc.exe
  C:\Windows\System\JNdlwkc.exe
  2⤵
  PID:9060
- C:\Windows\System\Hlhofmi.exe
  C:\Windows\System\Hlhofmi.exe
  2⤵
  PID:9092
- C:\Windows\System\yGfcfzk.exe
  C:\Windows\System\yGfcfzk.exe
  2⤵
  PID:9124
- C:\Windows\System\JzZNElb.exe
  C:\Windows\System\JzZNElb.exe
  2⤵
  PID:9156
- C:\Windows\System\QYvalhi.exe
  C:\Windows\System\QYvalhi.exe
  2⤵
  PID:9188
- C:\Windows\System\enzvNmm.exe
  C:\Windows\System\enzvNmm.exe
  2⤵
  PID:8204
- C:\Windows\System\QsqKKXV.exe
  C:\Windows\System\QsqKKXV.exe
  2⤵
  PID:8272
- C:\Windows\System\HrEnQLQ.exe
  C:\Windows\System\HrEnQLQ.exe
  2⤵
  PID:8348
- C:\Windows\System\ubFwvAd.exe
  C:\Windows\System\ubFwvAd.exe
  2⤵
  PID:8400
- C:\Windows\System\qRuWkVW.exe
  C:\Windows\System\qRuWkVW.exe
  2⤵
  PID:8460
- C:\Windows\System\GeBctpC.exe
  C:\Windows\System\GeBctpC.exe
  2⤵
  PID:8524
- C:\Windows\System\zfHqBAg.exe
  C:\Windows\System\zfHqBAg.exe
  2⤵
  PID:8568
- C:\Windows\System\wcFsVIE.exe
  C:\Windows\System\wcFsVIE.exe
  2⤵
  PID:8640
- C:\Windows\System\awXyaTT.exe
  C:\Windows\System\awXyaTT.exe
  2⤵
  PID:8692
- C:\Windows\System\ToLjNfL.exe
  C:\Windows\System\ToLjNfL.exe
  2⤵
  PID:8764
- C:\Windows\System\oGouniJ.exe
  C:\Windows\System\oGouniJ.exe
  2⤵
  PID:8824
- C:\Windows\System\VcAirlJ.exe
  C:\Windows\System\VcAirlJ.exe
  2⤵
  PID:8860
- C:\Windows\System\wPVllSl.exe
  C:\Windows\System\wPVllSl.exe
  2⤵
  PID:8924
- C:\Windows\System\byWJvcg.exe
  C:\Windows\System\byWJvcg.exe
  2⤵
  PID:8992
- C:\Windows\System\XDuGIIo.exe
  C:\Windows\System\XDuGIIo.exe
  2⤵
  PID:9052
- C:\Windows\System\xnmSlfQ.exe
  C:\Windows\System\xnmSlfQ.exe
  2⤵
  PID:9116
- C:\Windows\System\SNkUCVX.exe
  C:\Windows\System\SNkUCVX.exe
  2⤵
  PID:9204
- C:\Windows\System\DfptGPf.exe
  C:\Windows\System\DfptGPf.exe
  2⤵
  PID:8252
- C:\Windows\System\YLknHcm.exe
  C:\Windows\System\YLknHcm.exe
  2⤵
  PID:8376
- C:\Windows\System\oqDiUtp.exe
  C:\Windows\System\oqDiUtp.exe
  2⤵
  PID:8504
- C:\Windows\System\TeQUMfo.exe
  C:\Windows\System\TeQUMfo.exe
  2⤵
  PID:8628
- C:\Windows\System\qsOxWOx.exe
  C:\Windows\System\qsOxWOx.exe
  2⤵
  PID:8736
- C:\Windows\System\pDdHbar.exe
  C:\Windows\System\pDdHbar.exe
  2⤵
  PID:8852
- C:\Windows\System\EtDqqoT.exe
  C:\Windows\System\EtDqqoT.exe
  2⤵
  PID:8980
- C:\Windows\System\ouyRbOG.exe
  C:\Windows\System\ouyRbOG.exe
  2⤵
  PID:9176
- C:\Windows\System\QFzelAV.exe
  C:\Windows\System\QFzelAV.exe
  2⤵
  PID:8236
- C:\Windows\System\oOuwKTt.exe
  C:\Windows\System\oOuwKTt.exe
  2⤵
  PID:8476
- C:\Windows\System\DZgcWqu.exe
  C:\Windows\System\DZgcWqu.exe
  2⤵
  PID:8720
- C:\Windows\System\cjTnoop.exe
  C:\Windows\System\cjTnoop.exe
  2⤵
  PID:8960
- C:\Windows\System\YDVWvgr.exe
  C:\Windows\System\YDVWvgr.exe
  2⤵
  PID:5780
- C:\Windows\System\kJClucQ.exe
  C:\Windows\System\kJClucQ.exe
  2⤵
  PID:8688
- C:\Windows\System\bFEIdQi.exe
  C:\Windows\System\bFEIdQi.exe
  2⤵
  PID:5544
- C:\Windows\System\OOdMGsk.exe
  C:\Windows\System\OOdMGsk.exe
  2⤵
  PID:4880
- C:\Windows\System\HwpuJlM.exe
  C:\Windows\System\HwpuJlM.exe
  2⤵
  PID:5920
- C:\Windows\System\gqaGPzr.exe
  C:\Windows\System\gqaGPzr.exe
  2⤵
  PID:9148
- C:\Windows\System\cBwWQhl.exe
  C:\Windows\System\cBwWQhl.exe
  2⤵
  PID:4024
- C:\Windows\System\KpFuAeD.exe
  C:\Windows\System\KpFuAeD.exe
  2⤵
  PID:5072
- C:\Windows\System\qvtDRRW.exe
  C:\Windows\System\qvtDRRW.exe
  2⤵
  PID:9228
- C:\Windows\System\eOJuWpT.exe
  C:\Windows\System\eOJuWpT.exe
  2⤵
  PID:9260
- C:\Windows\System\deaANjU.exe
  C:\Windows\System\deaANjU.exe
  2⤵
  PID:9296
- C:\Windows\System\xHnHnck.exe
  C:\Windows\System\xHnHnck.exe
  2⤵
  PID:9324
- C:\Windows\System\KEYqlmU.exe
  C:\Windows\System\KEYqlmU.exe
  2⤵
  PID:9356
- C:\Windows\System\rEJaogu.exe
  C:\Windows\System\rEJaogu.exe
  2⤵
  PID:9392
- C:\Windows\System\MBmWhlb.exe
  C:\Windows\System\MBmWhlb.exe
  2⤵
  PID:9420
- C:\Windows\System\fePOgIx.exe
  C:\Windows\System\fePOgIx.exe
  2⤵
  PID:9452
- C:\Windows\System\pSFgNTb.exe
  C:\Windows\System\pSFgNTb.exe
  2⤵
  PID:9484
- C:\Windows\System\WrwFezV.exe
  C:\Windows\System\WrwFezV.exe
  2⤵
  PID:9516
- C:\Windows\System\eDYJmyC.exe
  C:\Windows\System\eDYJmyC.exe
  2⤵
  PID:9556
- C:\Windows\System\xtEfMqX.exe
  C:\Windows\System\xtEfMqX.exe
  2⤵
  PID:9580
- C:\Windows\System\jQLWmMK.exe
  C:\Windows\System\jQLWmMK.exe
  2⤵
  PID:9612
- C:\Windows\System\hRObawS.exe
  C:\Windows\System\hRObawS.exe
  2⤵
  PID:9644
- C:\Windows\System\nCsmNeu.exe
  C:\Windows\System\nCsmNeu.exe
  2⤵
  PID:9676
- C:\Windows\System\rvAWzgq.exe
  C:\Windows\System\rvAWzgq.exe
  2⤵
  PID:9708
- C:\Windows\System\bnhZtOS.exe
  C:\Windows\System\bnhZtOS.exe
  2⤵
  PID:9740
- C:\Windows\System\BvpoQWC.exe
  C:\Windows\System\BvpoQWC.exe
  2⤵
  PID:9772
- C:\Windows\System\UgqhwGF.exe
  C:\Windows\System\UgqhwGF.exe
  2⤵
  PID:9804
- C:\Windows\System\RXDidLS.exe
  C:\Windows\System\RXDidLS.exe
  2⤵
  PID:9836
- C:\Windows\System\bjGjlHJ.exe
  C:\Windows\System\bjGjlHJ.exe
  2⤵
  PID:9868
- C:\Windows\System\mOCxVTi.exe
  C:\Windows\System\mOCxVTi.exe
  2⤵
  PID:9900
- C:\Windows\System\ozNWVWZ.exe
  C:\Windows\System\ozNWVWZ.exe
  2⤵
  PID:9948
- C:\Windows\System\EnwCPkg.exe
  C:\Windows\System\EnwCPkg.exe
  2⤵
  PID:9976
- C:\Windows\System\QqmGinE.exe
  C:\Windows\System\QqmGinE.exe
  2⤵
  PID:10008
- C:\Windows\System\RoXnUxc.exe
  C:\Windows\System\RoXnUxc.exe
  2⤵
  PID:10032
- C:\Windows\System\sUoFNVQ.exe
  C:\Windows\System\sUoFNVQ.exe
  2⤵
  PID:10076
- C:\Windows\System\TyZmKHa.exe
  C:\Windows\System\TyZmKHa.exe
  2⤵
  PID:10096
- C:\Windows\System\zdcQVoF.exe
  C:\Windows\System\zdcQVoF.exe
  2⤵
  PID:10128
- C:\Windows\System\mDcBfec.exe
  C:\Windows\System\mDcBfec.exe
  2⤵
  PID:10144
- C:\Windows\System\TTqpVuJ.exe
  C:\Windows\System\TTqpVuJ.exe
  2⤵
  PID:10180
- C:\Windows\System\pelSVBC.exe
  C:\Windows\System\pelSVBC.exe
  2⤵
  PID:10216
- C:\Windows\System\GknISJT.exe
  C:\Windows\System\GknISJT.exe
  2⤵
  PID:9244
- C:\Windows\System\QLYSctf.exe
  C:\Windows\System\QLYSctf.exe
  2⤵
  PID:9308
- C:\Windows\System\VaobJNe.exe
  C:\Windows\System\VaobJNe.exe
  2⤵
  PID:9372
- C:\Windows\System\IicAahJ.exe
  C:\Windows\System\IicAahJ.exe
  2⤵
  PID:9432
- C:\Windows\System\tEgRvhW.exe
  C:\Windows\System\tEgRvhW.exe
  2⤵
  PID:9500
- C:\Windows\System\ZtwHRyz.exe
  C:\Windows\System\ZtwHRyz.exe
  2⤵
  PID:9572
- C:\Windows\System\VCTHfaH.exe
  C:\Windows\System\VCTHfaH.exe
  2⤵
  PID:9660
- C:\Windows\System\ACtpamb.exe
  C:\Windows\System\ACtpamb.exe
  2⤵
  PID:9720
- C:\Windows\System\hnuAptl.exe
  C:\Windows\System\hnuAptl.exe
  2⤵
  PID:9788
- C:\Windows\System\KyBfqGq.exe
  C:\Windows\System\KyBfqGq.exe
  2⤵
  PID:9848
- C:\Windows\System\myjEERM.exe
  C:\Windows\System\myjEERM.exe
  2⤵
  PID:9924
- C:\Windows\System\WsgbHbi.exe
  C:\Windows\System\WsgbHbi.exe
  2⤵
  PID:9988
- C:\Windows\System\azWPXAA.exe
  C:\Windows\System\azWPXAA.exe
  2⤵
  PID:10048
- C:\Windows\System\lrBNoiG.exe
  C:\Windows\System\lrBNoiG.exe
  2⤵
  PID:10124
- C:\Windows\System\PPEZuJe.exe
  C:\Windows\System\PPEZuJe.exe
  2⤵
  PID:10168
- C:\Windows\System\TonZBkK.exe
  C:\Windows\System\TonZBkK.exe
  2⤵
  PID:9220
- C:\Windows\System\NFFxAix.exe
  C:\Windows\System\NFFxAix.exe
  2⤵
  PID:9288
- C:\Windows\System\uatrZqb.exe
  C:\Windows\System\uatrZqb.exe
  2⤵
  PID:9468
- C:\Windows\System\jYPGUhw.exe
  C:\Windows\System\jYPGUhw.exe
  2⤵
  PID:9596
- C:\Windows\System\jqbWvXL.exe
  C:\Windows\System\jqbWvXL.exe
  2⤵
  PID:9688
- C:\Windows\System\xOlzxsl.exe
  C:\Windows\System\xOlzxsl.exe
  2⤵
  PID:9832
- C:\Windows\System\RNJGXsn.exe
  C:\Windows\System\RNJGXsn.exe
  2⤵
  PID:9964
- C:\Windows\System\JbcUWNv.exe
  C:\Windows\System\JbcUWNv.exe
  2⤵
  PID:10088
- C:\Windows\System\EpVAEzT.exe
  C:\Windows\System\EpVAEzT.exe
  2⤵
  PID:10228
- C:\Windows\System\MbORZUS.exe
  C:\Windows\System\MbORZUS.exe
  2⤵
  PID:9416
- C:\Windows\System\ZgVrzXU.exe
  C:\Windows\System\ZgVrzXU.exe
  2⤵
  PID:9700
- C:\Windows\System\AIjgbsr.exe
  C:\Windows\System\AIjgbsr.exe
  2⤵
  PID:9940
- C:\Windows\System\vzIWnss.exe
  C:\Windows\System\vzIWnss.exe
  2⤵
  PID:10196
- C:\Windows\System\YCPucMA.exe
  C:\Windows\System\YCPucMA.exe
  2⤵
  PID:9628
- C:\Windows\System\FDCPYoo.exe
  C:\Windows\System\FDCPYoo.exe
  2⤵
  PID:10160
- C:\Windows\System\iMDhQLa.exe
  C:\Windows\System\iMDhQLa.exe
  2⤵
  PID:10028
- C:\Windows\System\iJiLqmx.exe
  C:\Windows\System\iJiLqmx.exe
  2⤵
  PID:9412
- C:\Windows\System\VWzKemA.exe
  C:\Windows\System\VWzKemA.exe
  2⤵
  PID:10272
- C:\Windows\System\SSRUojW.exe
  C:\Windows\System\SSRUojW.exe
  2⤵
  PID:10304
- C:\Windows\System\SlamGCS.exe
  C:\Windows\System\SlamGCS.exe
  2⤵
  PID:10336
- C:\Windows\System\tAGaqHm.exe
  C:\Windows\System\tAGaqHm.exe
  2⤵
  PID:10368
- C:\Windows\System\wOvBQPq.exe
  C:\Windows\System\wOvBQPq.exe
  2⤵
  PID:10400
- C:\Windows\System\CSYpcgf.exe
  C:\Windows\System\CSYpcgf.exe
  2⤵
  PID:10432
- C:\Windows\System\THoWQIB.exe
  C:\Windows\System\THoWQIB.exe
  2⤵
  PID:10464
- C:\Windows\System\pZKhglC.exe
  C:\Windows\System\pZKhglC.exe
  2⤵
  PID:10496
- C:\Windows\System\AXQRZsv.exe
  C:\Windows\System\AXQRZsv.exe
  2⤵
  PID:10528
- C:\Windows\System\bIEmlxQ.exe
  C:\Windows\System\bIEmlxQ.exe
  2⤵
  PID:10560
- C:\Windows\System\REjtoFJ.exe
  C:\Windows\System\REjtoFJ.exe
  2⤵
  PID:10592
- C:\Windows\System\ISHfumv.exe
  C:\Windows\System\ISHfumv.exe
  2⤵
  PID:10624
- C:\Windows\System\cNzjjnm.exe
  C:\Windows\System\cNzjjnm.exe
  2⤵
  PID:10656
- C:\Windows\System\eSLNYib.exe
  C:\Windows\System\eSLNYib.exe
  2⤵
  PID:10688
- C:\Windows\System\SdFaYpZ.exe
  C:\Windows\System\SdFaYpZ.exe
  2⤵
  PID:10720
- C:\Windows\System\IvMZBAq.exe
  C:\Windows\System\IvMZBAq.exe
  2⤵
  PID:10768
- C:\Windows\System\ZuZlzYH.exe
  C:\Windows\System\ZuZlzYH.exe
  2⤵
  PID:10784
- C:\Windows\System\VesDVHC.exe
  C:\Windows\System\VesDVHC.exe
  2⤵
  PID:10816
- C:\Windows\System\HIPMGJj.exe
  C:\Windows\System\HIPMGJj.exe
  2⤵
  PID:10848
- C:\Windows\System\qDyiQpa.exe
  C:\Windows\System\qDyiQpa.exe
  2⤵
  PID:10880
- C:\Windows\System\tTplRqr.exe
  C:\Windows\System\tTplRqr.exe
  2⤵
  PID:10912
- C:\Windows\System\ZRnCssv.exe
  C:\Windows\System\ZRnCssv.exe
  2⤵
  PID:10944
- C:\Windows\System\ZCLUZLq.exe
  C:\Windows\System\ZCLUZLq.exe
  2⤵
  PID:10976
- C:\Windows\System\PRZVOFr.exe
  C:\Windows\System\PRZVOFr.exe
  2⤵
  PID:11008
- C:\Windows\System\BdZbuPS.exe
  C:\Windows\System\BdZbuPS.exe
  2⤵
  PID:11040
- C:\Windows\System\nWXCfTu.exe
  C:\Windows\System\nWXCfTu.exe
  2⤵
  PID:11072
- C:\Windows\System\uOVblFz.exe
  C:\Windows\System\uOVblFz.exe
  2⤵
  PID:11104
- C:\Windows\System\HkYkjuv.exe
  C:\Windows\System\HkYkjuv.exe
  2⤵
  PID:11136
- C:\Windows\System\bLxzuQN.exe
  C:\Windows\System\bLxzuQN.exe
  2⤵
  PID:11168
- C:\Windows\System\niZWEti.exe
  C:\Windows\System\niZWEti.exe
  2⤵
  PID:11200
- C:\Windows\System\mhJRiww.exe
  C:\Windows\System\mhJRiww.exe
  2⤵
  PID:11232
- C:\Windows\System\FoDrxQG.exe
  C:\Windows\System\FoDrxQG.exe
  2⤵
  PID:9896
- C:\Windows\System\hAlnEVu.exe
  C:\Windows\System\hAlnEVu.exe
  2⤵
  PID:10300
- C:\Windows\System\ibreLMZ.exe
  C:\Windows\System\ibreLMZ.exe
  2⤵
  PID:10364
- C:\Windows\System\tbAdyWh.exe
  C:\Windows\System\tbAdyWh.exe
  2⤵
  PID:10412
- C:\Windows\System\EaIxjYa.exe
  C:\Windows\System\EaIxjYa.exe
  2⤵
  PID:10480
- C:\Windows\System\YILFjRK.exe
  C:\Windows\System\YILFjRK.exe
  2⤵
  PID:10540
- C:\Windows\System\SCNstOr.exe
  C:\Windows\System\SCNstOr.exe
  2⤵
  PID:10608
- C:\Windows\System\ugQmavF.exe
  C:\Windows\System\ugQmavF.exe
  2⤵
  PID:10652
- C:\Windows\System\xFCmmcI.exe
  C:\Windows\System\xFCmmcI.exe
  2⤵
  PID:10716
- C:\Windows\System\KiDDzPM.exe
  C:\Windows\System\KiDDzPM.exe
  2⤵
  PID:10780
- C:\Windows\System\PCimmfY.exe
  C:\Windows\System\PCimmfY.exe
  2⤵
  PID:10844
- C:\Windows\System\mOYzVAi.exe
  C:\Windows\System\mOYzVAi.exe
  2⤵
  PID:10908
- C:\Windows\System\JyXeGxH.exe
  C:\Windows\System\JyXeGxH.exe
  2⤵
  PID:10972
- C:\Windows\System\CtCGIgV.exe
  C:\Windows\System\CtCGIgV.exe
  2⤵
  PID:11036
- C:\Windows\System\tdDXmCs.exe
  C:\Windows\System\tdDXmCs.exe
  2⤵
  PID:11100
- C:\Windows\System\vRrizfb.exe
  C:\Windows\System\vRrizfb.exe
  2⤵
  PID:11212
- C:\Windows\System\ZCAkwrE.exe
  C:\Windows\System\ZCAkwrE.exe
  2⤵
  PID:11244
- C:\Windows\System\rCMxjyE.exe
  C:\Windows\System\rCMxjyE.exe
  2⤵
  PID:10328
- C:\Windows\System\tuiMitn.exe
  C:\Windows\System\tuiMitn.exe
  2⤵
  PID:10460
- C:\Windows\System\GNQIaqf.exe
  C:\Windows\System\GNQIaqf.exe
  2⤵
  PID:10588
- C:\Windows\System\qtnzVBC.exe
  C:\Windows\System\qtnzVBC.exe
  2⤵
  PID:10684
- C:\Windows\System\jwWaDSk.exe
  C:\Windows\System\jwWaDSk.exe
  2⤵
  PID:10812
- C:\Windows\System\Frocsmg.exe
  C:\Windows\System\Frocsmg.exe
  2⤵
  PID:10928
- C:\Windows\System\pDthKbp.exe
  C:\Windows\System\pDthKbp.exe
  2⤵
  PID:11084
- C:\Windows\System\JoaSrhW.exe
  C:\Windows\System\JoaSrhW.exe
  2⤵
  PID:11192
- C:\Windows\System\Wtngjpz.exe
  C:\Windows\System\Wtngjpz.exe
  2⤵
  PID:10392
- C:\Windows\System\jUJvbpM.exe
  C:\Windows\System\jUJvbpM.exe
  2⤵
  PID:10620
- C:\Windows\System\sOuNuEF.exe
  C:\Windows\System\sOuNuEF.exe
  2⤵
  PID:10840
- C:\Windows\System\vOvxdlz.exe
  C:\Windows\System\vOvxdlz.exe
  2⤵
  PID:11096
- C:\Windows\System\DRrQldA.exe
  C:\Windows\System\DRrQldA.exe
  2⤵
  PID:10416
- C:\Windows\System\izLoRKT.exe
  C:\Windows\System\izLoRKT.exe
  2⤵
  PID:10968
- C:\Windows\System\KQLNvYU.exe
  C:\Windows\System\KQLNvYU.exe
  2⤵
  PID:10648
- C:\Windows\System\HNQlYoX.exe
  C:\Windows\System\HNQlYoX.exe
  2⤵
  PID:11268
- C:\Windows\System\UzZVYhU.exe
  C:\Windows\System\UzZVYhU.exe
  2⤵
  PID:11300
- C:\Windows\System\avHEmod.exe
  C:\Windows\System\avHEmod.exe
  2⤵
  PID:11332
- C:\Windows\System\mIuwkRP.exe
  C:\Windows\System\mIuwkRP.exe
  2⤵
  PID:11364
- C:\Windows\System\HLMBWKN.exe
  C:\Windows\System\HLMBWKN.exe
  2⤵
  PID:11396
- C:\Windows\System\sRPZqyr.exe
  C:\Windows\System\sRPZqyr.exe
  2⤵
  PID:11428
- C:\Windows\System\kSXzWxu.exe
  C:\Windows\System\kSXzWxu.exe
  2⤵
  PID:11460
- C:\Windows\System\ydUXHis.exe
  C:\Windows\System\ydUXHis.exe
  2⤵
  PID:11492
- C:\Windows\System\xxmNIdU.exe
  C:\Windows\System\xxmNIdU.exe
  2⤵
  PID:11524
- C:\Windows\System\yWzKDKQ.exe
  C:\Windows\System\yWzKDKQ.exe
  2⤵
  PID:11556
- C:\Windows\System\saHGbtp.exe
  C:\Windows\System\saHGbtp.exe
  2⤵
  PID:11588
- C:\Windows\System\PQuxwML.exe
  C:\Windows\System\PQuxwML.exe
  2⤵
  PID:11620
- C:\Windows\System\jdrmyHR.exe
  C:\Windows\System\jdrmyHR.exe
  2⤵
  PID:11652
- C:\Windows\System\PzOprsP.exe
  C:\Windows\System\PzOprsP.exe
  2⤵
  PID:11684
- C:\Windows\System\lBBjbUO.exe
  C:\Windows\System\lBBjbUO.exe
  2⤵
  PID:11716
- C:\Windows\System\zRlgbKZ.exe
  C:\Windows\System\zRlgbKZ.exe
  2⤵
  PID:11748
- C:\Windows\System\GkPkmTu.exe
  C:\Windows\System\GkPkmTu.exe
  2⤵
  PID:11780
- C:\Windows\System\WwYtbXP.exe
  C:\Windows\System\WwYtbXP.exe
  2⤵
  PID:11812
- C:\Windows\System\WChWaEG.exe
  C:\Windows\System\WChWaEG.exe
  2⤵
  PID:11848
- C:\Windows\System\dqEXZZP.exe
  C:\Windows\System\dqEXZZP.exe
  2⤵
  PID:11880
- C:\Windows\System\etEMcXc.exe
  C:\Windows\System\etEMcXc.exe
  2⤵
  PID:11912
- C:\Windows\System\YPLhZsk.exe
  C:\Windows\System\YPLhZsk.exe
  2⤵
  PID:11952
- C:\Windows\System\qqTSYGK.exe
  C:\Windows\System\qqTSYGK.exe
  2⤵
  PID:11976
- C:\Windows\System\fCwYVOz.exe
  C:\Windows\System\fCwYVOz.exe
  2⤵
  PID:12008
- C:\Windows\System\fgACxQx.exe
  C:\Windows\System\fgACxQx.exe
  2⤵
  PID:12040
- C:\Windows\System\tSkwwYa.exe
  C:\Windows\System\tSkwwYa.exe
  2⤵
  PID:12072
- C:\Windows\System\yIRrsoM.exe
  C:\Windows\System\yIRrsoM.exe
  2⤵
  PID:12104
- C:\Windows\System\ofeFfhp.exe
  C:\Windows\System\ofeFfhp.exe
  2⤵
  PID:12136
- C:\Windows\System\ipLqhFD.exe
  C:\Windows\System\ipLqhFD.exe
  2⤵
  PID:12168
- C:\Windows\System\ESkgHvh.exe
  C:\Windows\System\ESkgHvh.exe
  2⤵
  PID:12200
- C:\Windows\System\rLBKrmP.exe
  C:\Windows\System\rLBKrmP.exe
  2⤵
  PID:12232
- C:\Windows\System\mzXivQM.exe
  C:\Windows\System\mzXivQM.exe
  2⤵
  PID:12264
- C:\Windows\System\azyCoRu.exe
  C:\Windows\System\azyCoRu.exe
  2⤵
  PID:10776
- C:\Windows\System\PzrKXir.exe
  C:\Windows\System\PzrKXir.exe
  2⤵
  PID:11356
- C:\Windows\System\lwFVMmo.exe
  C:\Windows\System\lwFVMmo.exe
  2⤵
  PID:11376
- C:\Windows\System\obQWpkP.exe
  C:\Windows\System\obQWpkP.exe
  2⤵
  PID:11440
- C:\Windows\System\QsxCCnQ.exe
  C:\Windows\System\QsxCCnQ.exe
  2⤵
  PID:11504
- C:\Windows\System\oklGjjC.exe
  C:\Windows\System\oklGjjC.exe
  2⤵
  PID:11540
- C:\Windows\System\JOCMlfV.exe
  C:\Windows\System\JOCMlfV.exe
  2⤵
  PID:11668
- C:\Windows\System\IjLucGs.exe
  C:\Windows\System\IjLucGs.exe
  2⤵
  PID:11772
- C:\Windows\System\TCaxNFl.exe
  C:\Windows\System\TCaxNFl.exe
  2⤵
  PID:11844
- C:\Windows\System\tEciXVR.exe
  C:\Windows\System\tEciXVR.exe
  2⤵
  PID:11904
- C:\Windows\System\taOqumW.exe
  C:\Windows\System\taOqumW.exe
  2⤵
  PID:11972
- C:\Windows\System\ayVEncu.exe
  C:\Windows\System\ayVEncu.exe
  2⤵
  PID:12052
- C:\Windows\System\fizZigq.exe
  C:\Windows\System\fizZigq.exe
  2⤵
  PID:12152
- C:\Windows\System\jzPvEeq.exe
  C:\Windows\System\jzPvEeq.exe
  2⤵
  PID:12212
- C:\Windows\System\peJRKSA.exe
  C:\Windows\System\peJRKSA.exe
  2⤵
  PID:12280
- C:\Windows\System\kToMvjZ.exe
  C:\Windows\System\kToMvjZ.exe
  2⤵
  PID:11344
- C:\Windows\System\vNUZPuG.exe
  C:\Windows\System\vNUZPuG.exe
  2⤵
  PID:11472
- C:\Windows\System\coLdffQ.exe
  C:\Windows\System\coLdffQ.exe
  2⤵
  PID:11600
- C:\Windows\System\EiirinD.exe
  C:\Windows\System\EiirinD.exe
  2⤵
  PID:5284
- C:\Windows\System\cEFjyMc.exe
  C:\Windows\System\cEFjyMc.exe
  2⤵
  PID:11796
- C:\Windows\System\LSYQfDj.exe
  C:\Windows\System\LSYQfDj.exe
  2⤵
  PID:11936
- C:\Windows\System\TDNvYDE.exe
  C:\Windows\System\TDNvYDE.exe
  2⤵
  PID:12084
- C:\Windows\System\BzuGPoW.exe
  C:\Windows\System\BzuGPoW.exe
  2⤵
  PID:12196
- C:\Windows\System\FjMsZga.exe
  C:\Windows\System\FjMsZga.exe
  2⤵
  PID:11312
- C:\Windows\System\YPopUCc.exe
  C:\Windows\System\YPopUCc.exe
  2⤵
  PID:5964
- C:\Windows\System\oKkCIOP.exe
  C:\Windows\System\oKkCIOP.exe
  2⤵
  PID:11760
- C:\Windows\System\OhcNbRg.exe
  C:\Windows\System\OhcNbRg.exe
  2⤵
  PID:12004
- C:\Windows\System\wSpQrZW.exe
  C:\Windows\System\wSpQrZW.exe
  2⤵
  PID:396
- C:\Windows\System\CkZicuD.exe
  C:\Windows\System\CkZicuD.exe
  2⤵
  PID:3912
- C:\Windows\System\OIdoSJA.exe
  C:\Windows\System\OIdoSJA.exe
  2⤵
  PID:11928
- C:\Windows\System\OKbFMYl.exe
  C:\Windows\System\OKbFMYl.exe
  2⤵
  PID:11892
- C:\Windows\System\WseLFXN.exe
  C:\Windows\System\WseLFXN.exe
  2⤵
  PID:3244
- C:\Windows\System\kvtVAZZ.exe
  C:\Windows\System\kvtVAZZ.exe
  2⤵
  PID:12304
- C:\Windows\System\twLUIUW.exe
  C:\Windows\System\twLUIUW.exe
  2⤵
  PID:12336
- C:\Windows\System\QAUZzPE.exe
  C:\Windows\System\QAUZzPE.exe
  2⤵
  PID:12368
- C:\Windows\System\YlCFDuy.exe
  C:\Windows\System\YlCFDuy.exe
  2⤵
  PID:12400
- C:\Windows\System\RhbnnRr.exe
  C:\Windows\System\RhbnnRr.exe
  2⤵
  PID:12432
- C:\Windows\System\RAZjrgN.exe
  C:\Windows\System\RAZjrgN.exe
  2⤵
  PID:12464
- C:\Windows\System\VxCpqCb.exe
  C:\Windows\System\VxCpqCb.exe
  2⤵
  PID:12500
- C:\Windows\System\zEyTNCi.exe
  C:\Windows\System\zEyTNCi.exe
  2⤵
  PID:12532
- C:\Windows\System\eSFvmLh.exe
  C:\Windows\System\eSFvmLh.exe
  2⤵
  PID:12564
- C:\Windows\System\HfmGBJo.exe
  C:\Windows\System\HfmGBJo.exe
  2⤵
  PID:12596
- C:\Windows\System\TlTzYwl.exe
  C:\Windows\System\TlTzYwl.exe
  2⤵
  PID:12628
- C:\Windows\System\MHBJEAy.exe
  C:\Windows\System\MHBJEAy.exe
  2⤵
  PID:12660
- C:\Windows\System\gGrlKld.exe
  C:\Windows\System\gGrlKld.exe
  2⤵
  PID:12692
- C:\Windows\System\nFaNSnk.exe
  C:\Windows\System\nFaNSnk.exe
  2⤵
  PID:12724
- C:\Windows\System\EsmZDmf.exe
  C:\Windows\System\EsmZDmf.exe
  2⤵
  PID:12756
- C:\Windows\System\kmvXNaB.exe
  C:\Windows\System\kmvXNaB.exe
  2⤵
  PID:12792
- C:\Windows\System\xBTKvEv.exe
  C:\Windows\System\xBTKvEv.exe
  2⤵
  PID:12824
- C:\Windows\System\bAzFcik.exe
  C:\Windows\System\bAzFcik.exe
  2⤵
  PID:12860
- C:\Windows\System\YWgYiCa.exe
  C:\Windows\System\YWgYiCa.exe
  2⤵
  PID:12888
- C:\Windows\System\HPBJJxe.exe
  C:\Windows\System\HPBJJxe.exe
  2⤵
  PID:12924
- C:\Windows\System\NhzPmaE.exe
  C:\Windows\System\NhzPmaE.exe
  2⤵
  PID:12956
- C:\Windows\System\QEbTohm.exe
  C:\Windows\System\QEbTohm.exe
  2⤵
  PID:12972
- C:\Windows\System\zSQyFww.exe
  C:\Windows\System\zSQyFww.exe
  2⤵
  PID:13004
- C:\Windows\System\GGHKPUV.exe
  C:\Windows\System\GGHKPUV.exe
  2⤵
  PID:13052
- C:\Windows\System\cgpASmH.exe
  C:\Windows\System\cgpASmH.exe
  2⤵
  PID:13072
- C:\Windows\System\QqPYauh.exe
  C:\Windows\System\QqPYauh.exe
  2⤵
  PID:13116
- C:\Windows\System\VnVVdHz.exe
  C:\Windows\System\VnVVdHz.exe
  2⤵
  PID:13164
- C:\Windows\System\cuzXiLR.exe
  C:\Windows\System\cuzXiLR.exe
  2⤵
  PID:13188
- C:\Windows\System\tQqglIk.exe
  C:\Windows\System\tQqglIk.exe
  2⤵
  PID:13212
- C:\Windows\System\CmRmoYd.exe
  C:\Windows\System\CmRmoYd.exe
  2⤵
  PID:13248
- C:\Windows\System\XjGneup.exe
  C:\Windows\System\XjGneup.exe
  2⤵
  PID:13276
- C:\Windows\System\bpzsWqg.exe
  C:\Windows\System\bpzsWqg.exe
  2⤵
  PID:13308
- C:\Windows\System\ZrYXWJP.exe
  C:\Windows\System\ZrYXWJP.exe
  2⤵
  PID:12352
- C:\Windows\System\EdKQTMq.exe
  C:\Windows\System\EdKQTMq.exe
  2⤵
  PID:12412
- C:\Windows\System\yCwlhKP.exe
  C:\Windows\System\yCwlhKP.exe
  2⤵
  PID:12484
- C:\Windows\System\uuoExrL.exe
  C:\Windows\System\uuoExrL.exe
  2⤵
  PID:12548
- C:\Windows\System\faKalDl.exe
  C:\Windows\System\faKalDl.exe
  2⤵
  PID:12608
- C:\Windows\System\aWwJSMh.exe
  C:\Windows\System\aWwJSMh.exe
  2⤵
  PID:12676
- C:\Windows\System\kIbPrVB.exe
  C:\Windows\System\kIbPrVB.exe
  2⤵
  PID:12740
- C:\Windows\System\vqQIlwm.exe
  C:\Windows\System\vqQIlwm.exe
  2⤵
  PID:12808
- C:\Windows\System\uKwmPlP.exe
  C:\Windows\System\uKwmPlP.exe
  2⤵
  PID:12872
- C:\Windows\System\MNdQUIU.exe
  C:\Windows\System\MNdQUIU.exe
  2⤵
  PID:12940
- C:\Windows\System\JjXwhME.exe
  C:\Windows\System\JjXwhME.exe
  2⤵
  PID:13000
- C:\Windows\System\IAaSSFx.exe
  C:\Windows\System\IAaSSFx.exe
  2⤵
  PID:13084
- C:\Windows\System\YNnsvUz.exe
  C:\Windows\System\YNnsvUz.exe
  2⤵
  PID:13128
- C:\Windows\System\FaXCrLL.exe
  C:\Windows\System\FaXCrLL.exe
  2⤵
  PID:13176
- C:\Windows\System\XaaOGnu.exe
  C:\Windows\System\XaaOGnu.exe
  2⤵
  PID:13208
- C:\Windows\System\yCbMbqX.exe
  C:\Windows\System\yCbMbqX.exe
  2⤵
  PID:13304
- C:\Windows\System\fFhbhCA.exe
  C:\Windows\System\fFhbhCA.exe
  2⤵
  PID:12396
- C:\Windows\System\EyrgoxD.exe
  C:\Windows\System\EyrgoxD.exe
  2⤵
  PID:12516
- C:\Windows\System\ZzsDSTP.exe
  C:\Windows\System\ZzsDSTP.exe
  2⤵
  PID:12644
- C:\Windows\System\FmKtXHA.exe
  C:\Windows\System\FmKtXHA.exe
  2⤵
  PID:12736
- C:\Windows\System\YiZoHWn.exe
  C:\Windows\System\YiZoHWn.exe
  2⤵
  PID:12868
- C:\Windows\System\snqNpfc.exe
  C:\Windows\System\snqNpfc.exe
  2⤵
  PID:12996
- C:\Windows\System\TXVkfur.exe
  C:\Windows\System\TXVkfur.exe
  2⤵
  PID:13132
- C:\Windows\System\vbCoHjM.exe
  C:\Windows\System\vbCoHjM.exe
  2⤵
  PID:13268
- C:\Windows\System\vLkaWZP.exe
  C:\Windows\System\vLkaWZP.exe
  2⤵
  PID:12476
- C:\Windows\System\gBpcBAU.exe
  C:\Windows\System\gBpcBAU.exe
  2⤵
  PID:12640
- C:\Windows\System\LWRIlvk.exe
  C:\Windows\System\LWRIlvk.exe
  2⤵
  PID:12804
- C:\Windows\System\CUtIcGp.exe
  C:\Windows\System\CUtIcGp.exe
  2⤵
  PID:12964
- C:\Windows\System\cdIMcMS.exe
  C:\Windows\System\cdIMcMS.exe
  2⤵
  PID:13204
- C:\Windows\System\vAFtpLQ.exe
  C:\Windows\System\vAFtpLQ.exe
  2⤵
  PID:12580
- C:\Windows\System\VDglADY.exe
  C:\Windows\System\VDglADY.exe
  2⤵
  PID:12936
- C:\Windows\System\cZCKipP.exe
  C:\Windows\System\cZCKipP.exe
  2⤵
  PID:12328
- C:\Windows\System\TwEjwof.exe
  C:\Windows\System\TwEjwof.exe
  2⤵
  PID:13292
- C:\Windows\System\afGawsC.exe
  C:\Windows\System\afGawsC.exe
  2⤵
  PID:13100
- C:\Windows\System\fGGgAtz.exe
  C:\Windows\System\fGGgAtz.exe
  2⤵
  PID:13344
- C:\Windows\System\ahuqvLb.exe
  C:\Windows\System\ahuqvLb.exe
  2⤵
  PID:13376
- C:\Windows\System\FiCFFKL.exe
  C:\Windows\System\FiCFFKL.exe
  2⤵
  PID:13408
- C:\Windows\System\DfSDDZb.exe
  C:\Windows\System\DfSDDZb.exe
  2⤵
  PID:13440
- C:\Windows\System\pPxqWcq.exe
  C:\Windows\System\pPxqWcq.exe
  2⤵
  PID:13456
- C:\Windows\System\BgSMuJN.exe
  C:\Windows\System\BgSMuJN.exe
  2⤵
  PID:13488
- C:\Windows\System\vLOWIYf.exe
  C:\Windows\System\vLOWIYf.exe
  2⤵
  PID:13520
- C:\Windows\System\ADtWQkm.exe
  C:\Windows\System\ADtWQkm.exe
  2⤵
  PID:13552
- C:\Windows\System\PIGWRBN.exe
  C:\Windows\System\PIGWRBN.exe
  2⤵
  PID:13600
- C:\Windows\System\UYVgipH.exe
  C:\Windows\System\UYVgipH.exe
  2⤵
  PID:13632
- C:\Windows\System\xWrLInb.exe
  C:\Windows\System\xWrLInb.exe
  2⤵
  PID:13664
- C:\Windows\System\TgBHZFW.exe
  C:\Windows\System\TgBHZFW.exe
  2⤵
  PID:13696
- C:\Windows\System\adoukpG.exe
  C:\Windows\System\adoukpG.exe
  2⤵
  PID:13728
- C:\Windows\System\bHcYWpU.exe
  C:\Windows\System\bHcYWpU.exe
  2⤵
  PID:13760
- C:\Windows\System\FbxFikz.exe
  C:\Windows\System\FbxFikz.exe
  2⤵
  PID:13792
- C:\Windows\System\XeuMNuE.exe
  C:\Windows\System\XeuMNuE.exe
  2⤵
  PID:13824
- C:\Windows\System\TntHJgC.exe
  C:\Windows\System\TntHJgC.exe
  2⤵
  PID:13856
- C:\Windows\System\QWKfHma.exe
  C:\Windows\System\QWKfHma.exe
  2⤵
  PID:13888
- C:\Windows\System\QNOZgZn.exe
  C:\Windows\System\QNOZgZn.exe
  2⤵
  PID:13920
- C:\Windows\System\BetWKQM.exe
  C:\Windows\System\BetWKQM.exe
  2⤵
  PID:13952
- C:\Windows\System\zJtpAbL.exe
  C:\Windows\System\zJtpAbL.exe
  2⤵
  PID:13984
- C:\Windows\System\PfTVtZW.exe
  C:\Windows\System\PfTVtZW.exe
  2⤵
  PID:14016
- C:\Windows\System\mspIjXC.exe
  C:\Windows\System\mspIjXC.exe
  2⤵
  PID:14048
- C:\Windows\System\qdawqAd.exe
  C:\Windows\System\qdawqAd.exe
  2⤵
  PID:14080
- C:\Windows\System\SKDduRZ.exe
  C:\Windows\System\SKDduRZ.exe
  2⤵
  PID:14112
- C:\Windows\System\YIBsyMP.exe
  C:\Windows\System\YIBsyMP.exe
  2⤵
  PID:14144
- C:\Windows\System\WqRheok.exe
  C:\Windows\System\WqRheok.exe
  2⤵
  PID:14176
- C:\Windows\System\xiESvop.exe
  C:\Windows\System\xiESvop.exe
  2⤵
  PID:14208
- C:\Windows\System\VlnLmfq.exe
  C:\Windows\System\VlnLmfq.exe
  2⤵
  PID:14256
- C:\Windows\System\pZwUxDv.exe
  C:\Windows\System\pZwUxDv.exe
  2⤵
  PID:14272
- C:\Windows\System\sDclHYP.exe
  C:\Windows\System\sDclHYP.exe
  2⤵
  PID:14304
- C:\Windows\System\gxUvEKT.exe
  C:\Windows\System\gxUvEKT.exe
  2⤵
  PID:5448
- C:\Windows\System\nIKWJBS.exe
  C:\Windows\System\nIKWJBS.exe
  2⤵
  PID:13372
- C:\Windows\System\YDAZJaJ.exe
  C:\Windows\System\YDAZJaJ.exe
  2⤵
  PID:13420
- C:\Windows\System\eqmuCsA.exe
  C:\Windows\System\eqmuCsA.exe
  2⤵
  PID:13484
- C:\Windows\System\wweCoot.exe
  C:\Windows\System\wweCoot.exe
  2⤵
  PID:13536
- C:\Windows\System\WOAmefL.exe
  C:\Windows\System\WOAmefL.exe
  2⤵
  PID:13596
- C:\Windows\System\UqfkqMR.exe
  C:\Windows\System\UqfkqMR.exe
  2⤵
  PID:13656
- C:\Windows\System\mkwAZTV.exe
  C:\Windows\System\mkwAZTV.exe
  2⤵
  PID:13712
- C:\Windows\System\iRfGevV.exe
  C:\Windows\System\iRfGevV.exe
  2⤵
  PID:13772
- C:\Windows\System\RlLQHlr.exe
  C:\Windows\System\RlLQHlr.exe
  2⤵
  PID:13816
- C:\Windows\System\CZkjmel.exe
  C:\Windows\System\CZkjmel.exe
  2⤵
  PID:13868
- C:\Windows\System\ASrGJAq.exe
  C:\Windows\System\ASrGJAq.exe
  2⤵
  PID:13912
- C:\Windows\System\RxsHFeo.exe
  C:\Windows\System\RxsHFeo.exe
  2⤵
  PID:13976
- C:\Windows\System\EUQncNe.exe
  C:\Windows\System\EUQncNe.exe
  2⤵
  PID:14032
- C:\Windows\System\ChBOZoJ.exe
  C:\Windows\System\ChBOZoJ.exe
  2⤵
  PID:14092
- C:\Windows\System\UNQzmeD.exe
  C:\Windows\System\UNQzmeD.exe
  2⤵
  PID:14160
- C:\Windows\System\XKebbzX.exe
  C:\Windows\System\XKebbzX.exe
  2⤵
  PID:14224
- C:\Windows\System\WMZRICj.exe
  C:\Windows\System\WMZRICj.exe
  2⤵
  PID:14264
- C:\Windows\System\eLcPhGl.exe
  C:\Windows\System\eLcPhGl.exe
  2⤵
  PID:14324
- C:\Windows\System\cxSMEmw.exe
  C:\Windows\System\cxSMEmw.exe
  2⤵
  PID:13336
- C:\Windows\System\ZfxFNOY.exe
  C:\Windows\System\ZfxFNOY.exe
  2⤵
  PID:13508
- C:\Windows\System\FwVFAqR.exe
  C:\Windows\System\FwVFAqR.exe
  2⤵
  PID:13592
- C:\Windows\System\uxaykNt.exe
  C:\Windows\System\uxaykNt.exe
  2⤵
  PID:13612
- C:\Windows\System\EcLJmzS.exe
  C:\Windows\System\EcLJmzS.exe
  2⤵
  PID:13744
- C:\Windows\System\cjmiDDA.exe
  C:\Windows\System\cjmiDDA.exe
  2⤵
  PID:13944
- C:\Windows\System\AcNVjhN.exe
  C:\Windows\System\AcNVjhN.exe
  2⤵
  PID:14060
- C:\Windows\System\rCELGRC.exe
  C:\Windows\System\rCELGRC.exe
  2⤵
  PID:14188
- C:\Windows\System\FoUxKKf.exe
  C:\Windows\System\FoUxKKf.exe
  2⤵
  PID:13452
- C:\Windows\System\IkfsUYk.exe
  C:\Windows\System\IkfsUYk.exe
  2⤵
  PID:13676
- C:\Windows\System\LPdhpze.exe
  C:\Windows\System\LPdhpze.exe
  2⤵
  PID:3512
- C:\Windows\System\WTtbLOR.exe
  C:\Windows\System\WTtbLOR.exe
  2⤵
  PID:14140
- C:\Windows\System\jfRanOa.exe
  C:\Windows\System\jfRanOa.exe
  2⤵
  PID:4820
- C:\Windows\System\OVAcasM.exe
  C:\Windows\System\OVAcasM.exe
  2⤵
  PID:11700
- C:\Windows\System\zwbgzZO.exe
  C:\Windows\System\zwbgzZO.exe
  2⤵
  PID:2264
- C:\Windows\System\LvWXMYi.exe
  C:\Windows\System\LvWXMYi.exe
  2⤵
  PID:14284
- C:\Windows\System\RpwPwCt.exe
  C:\Windows\System\RpwPwCt.exe
  2⤵
  PID:11992
- C:\Windows\System\GTdAHAF.exe
  C:\Windows\System\GTdAHAF.exe
  2⤵
  PID:14076
- C:\Windows\System\ZsYrbaL.exe
  C:\Windows\System\ZsYrbaL.exe
  2⤵
  PID:14072
- C:\Windows\System\owceyDD.exe
  C:\Windows\System\owceyDD.exe
  2⤵
  PID:14352
- C:\Windows\System\qZdAtrk.exe
  C:\Windows\System\qZdAtrk.exe
  2⤵
  PID:14384
- C:\Windows\System\jWtGtfv.exe
  C:\Windows\System\jWtGtfv.exe
  2⤵
  PID:14416
- C:\Windows\System\bIjioFl.exe
  C:\Windows\System\bIjioFl.exe
  2⤵
  PID:14448
- C:\Windows\System\PUAfoCb.exe
  C:\Windows\System\PUAfoCb.exe
  2⤵
  PID:14480
- C:\Windows\System\BNfpKBA.exe
  C:\Windows\System\BNfpKBA.exe
  2⤵
  PID:14512
- C:\Windows\System\BgNiKCz.exe
  C:\Windows\System\BgNiKCz.exe
  2⤵
  PID:14544
- C:\Windows\System\TMCuaFL.exe
  C:\Windows\System\TMCuaFL.exe
  2⤵
  PID:14576
- C:\Windows\System\HgCuaOU.exe
  C:\Windows\System\HgCuaOU.exe
  2⤵
  PID:14608
- C:\Windows\System\OqSttHX.exe
  C:\Windows\System\OqSttHX.exe
  2⤵
  PID:14644
- C:\Windows\System\lEODgTt.exe
  C:\Windows\System\lEODgTt.exe
  2⤵
  PID:14672
- C:\Windows\System\LFkgzsy.exe
  C:\Windows\System\LFkgzsy.exe
  2⤵
  PID:14704
- C:\Windows\System\roTJFgh.exe
  C:\Windows\System\roTJFgh.exe
  2⤵
  PID:14736
- C:\Windows\System\NGNKfVf.exe
  C:\Windows\System\NGNKfVf.exe
  2⤵
  PID:14768
- C:\Windows\System\QJebUCy.exe
  C:\Windows\System\QJebUCy.exe
  2⤵
  PID:14800
- C:\Windows\System\KynIAmt.exe
  C:\Windows\System\KynIAmt.exe
  2⤵
  PID:14832
- C:\Windows\System\cgKSKIE.exe
  C:\Windows\System\cgKSKIE.exe
  2⤵
  PID:14864
- C:\Windows\System\RJDWfaV.exe
  C:\Windows\System\RJDWfaV.exe
  2⤵
  PID:14896
- C:\Windows\System\brFLPDE.exe
  C:\Windows\System\brFLPDE.exe
  2⤵
  PID:14928
- C:\Windows\System\FCPDlGH.exe
  C:\Windows\System\FCPDlGH.exe
  2⤵
  PID:14960
- C:\Windows\System\DhGRDXD.exe
  C:\Windows\System\DhGRDXD.exe
  2⤵
  PID:14992
- C:\Windows\System\vCwWgtO.exe
  C:\Windows\System\vCwWgtO.exe
  2⤵
  PID:15024
- C:\Windows\System\lrJEBaZ.exe
  C:\Windows\System\lrJEBaZ.exe
  2⤵
  PID:15056
- C:\Windows\System\LncPoVN.exe
  C:\Windows\System\LncPoVN.exe
  2⤵
  PID:15088
- C:\Windows\System\YMgujjf.exe
  C:\Windows\System\YMgujjf.exe
  2⤵
  PID:15120
- C:\Windows\System\tsjhDpf.exe
  C:\Windows\System\tsjhDpf.exe
  2⤵
  PID:15152
- C:\Windows\System\wkbcSoi.exe
  C:\Windows\System\wkbcSoi.exe
  2⤵
  PID:15184
- C:\Windows\System\yrOxrzh.exe
  C:\Windows\System\yrOxrzh.exe
  2⤵
  PID:15216
- C:\Windows\System\sfJNnaZ.exe
  C:\Windows\System\sfJNnaZ.exe
  2⤵
  PID:15248
- C:\Windows\System\XMLpwhR.exe
  C:\Windows\System\XMLpwhR.exe
  2⤵
  PID:15280
- C:\Windows\System\YSKMhXx.exe
  C:\Windows\System\YSKMhXx.exe
  2⤵
  PID:15312
- C:\Windows\System\vFNpeVH.exe
  C:\Windows\System\vFNpeVH.exe
  2⤵
  PID:15344
- C:\Windows\System\BHVtdjY.exe
  C:\Windows\System\BHVtdjY.exe
  2⤵
  PID:14344
- C:\Windows\System\AmyEpMC.exe
  C:\Windows\System\AmyEpMC.exe
  2⤵
  PID:14408
- C:\Windows\System\bPkbpEY.exe
  C:\Windows\System\bPkbpEY.exe
  2⤵
  PID:2812
- C:\Windows\System\GjtJwYt.exe
  C:\Windows\System\GjtJwYt.exe
  2⤵
  PID:3580
- C:\Windows\System\nUNcUjA.exe
  C:\Windows\System\nUNcUjA.exe
  2⤵
  PID:14568
- C:\Windows\System\QGAoMBE.exe
  C:\Windows\System\QGAoMBE.exe
  2⤵
  PID:14636
- C:\Windows\System\NNgRKgC.exe
  C:\Windows\System\NNgRKgC.exe
  2⤵
  PID:14696
- C:\Windows\System\lZWEHfE.exe
  C:\Windows\System\lZWEHfE.exe
  2⤵
  PID:14760
- C:\Windows\System\qJwJDxX.exe
  C:\Windows\System\qJwJDxX.exe
  2⤵
  PID:14824
- C:\Windows\System\xyiMukt.exe
  C:\Windows\System\xyiMukt.exe
  2⤵
  PID:14888
- C:\Windows\System\BsqKaSO.exe
  C:\Windows\System\BsqKaSO.exe
  2⤵
  PID:14952
- C:\Windows\System\VSbAqHf.exe
  C:\Windows\System\VSbAqHf.exe
  2⤵
  PID:15016
- C:\Windows\System\RiVQAWl.exe
  C:\Windows\System\RiVQAWl.exe
  2⤵
  PID:15080
- C:\Windows\System\nOzEyig.exe
  C:\Windows\System\nOzEyig.exe
  2⤵
  PID:15144
- C:\Windows\System\Qozfzfk.exe
  C:\Windows\System\Qozfzfk.exe
  2⤵
  PID:15208
- C:\Windows\System\RpMGCJW.exe
  C:\Windows\System\RpMGCJW.exe
  2⤵
  PID:15272
- C:\Windows\System\VuYmpCT.exe
  C:\Windows\System\VuYmpCT.exe
  2⤵
  PID:15336
- C:\Windows\System\mZkhtkc.exe
  C:\Windows\System\mZkhtkc.exe
  2⤵
  PID:3076
- C:\Windows\System\XIYnOiG.exe
  C:\Windows\System\XIYnOiG.exe
  2⤵
  PID:14464
- C:\Windows\System\fWqMkNF.exe
  C:\Windows\System\fWqMkNF.exe
  2⤵
  PID:14560
- C:\Windows\System\EisZOzh.exe
  C:\Windows\System\EisZOzh.exe
  2⤵
  PID:14688
- C:\Windows\System\lhzVctq.exe
  C:\Windows\System\lhzVctq.exe
  2⤵
  PID:14812
- C:\Windows\System\LZLlKkJ.exe
  C:\Windows\System\LZLlKkJ.exe
  2⤵
  PID:14972
- C:\Windows\System\lVqUzXm.exe
  C:\Windows\System\lVqUzXm.exe
  2⤵
  PID:15072
- C:\Windows\System\CZOuWRz.exe
  C:\Windows\System\CZOuWRz.exe
  2⤵
  PID:15168
- C:\Windows\System\UeQzlvg.exe
  C:\Windows\System\UeQzlvg.exe
  2⤵
  PID:15264
- C:\Windows\System\RtjSBCh.exe
  C:\Windows\System\RtjSBCh.exe
  2⤵
  PID:232
- C:\Windows\System\QsSyGcp.exe
  C:\Windows\System\QsSyGcp.exe
  2⤵
  PID:3588
- C:\Windows\System\PAbDLOP.exe
  C:\Windows\System\PAbDLOP.exe
  2⤵
  PID:14796
- C:\Windows\System\YzDxgkB.exe
  C:\Windows\System\YzDxgkB.exe
  2⤵
  PID:15008
- C:\Windows\System\KMSDVtf.exe
  C:\Windows\System\KMSDVtf.exe
  2⤵
  PID:15132
- C:\Windows\System\vbPECRf.exe
  C:\Windows\System\vbPECRf.exe
  2⤵
  PID:5804
- C:\Windows\System\YStKZvS.exe
  C:\Windows\System\YStKZvS.exe
  2⤵
  PID:624
- C:\Windows\System\OLvWVyK.exe
  C:\Windows\System\OLvWVyK.exe
  2⤵
  PID:14624
- C:\Windows\System\SbcxPYV.exe
  C:\Windows\System\SbcxPYV.exe
  2⤵
  PID:15112
- C:\Windows\System\BBBcfsW.exe
  C:\Windows\System\BBBcfsW.exe
  2⤵
  PID:908
- C:\Windows\System\pbwCgIU.exe
  C:\Windows\System\pbwCgIU.exe
  2⤵
  PID:2640
- C:\Windows\System\MSYbaBi.exe
  C:\Windows\System\MSYbaBi.exe
  2⤵
  PID:14604
- C:\Windows\System\AkMbPpM.exe
  C:\Windows\System\AkMbPpM.exe
  2⤵
  PID:15372
- C:\Windows\System\LWgbFha.exe
  C:\Windows\System\LWgbFha.exe
  2⤵
  PID:15404
- C:\Windows\System\YXvntdw.exe
  C:\Windows\System\YXvntdw.exe
  2⤵
  PID:15436
- C:\Windows\System\lJBMPoE.exe
  C:\Windows\System\lJBMPoE.exe
  2⤵
  PID:15468
- C:\Windows\System\DcGBVYZ.exe
  C:\Windows\System\DcGBVYZ.exe
  2⤵
  PID:15500
- C:\Windows\System\swlqNna.exe
  C:\Windows\System\swlqNna.exe
  2⤵
  PID:15532
- C:\Windows\System\OJVChOl.exe
  C:\Windows\System\OJVChOl.exe
  2⤵
  PID:15564
- C:\Windows\System\KzQQcKu.exe
  C:\Windows\System\KzQQcKu.exe
  2⤵
  PID:15596
- C:\Windows\System\XYYhIuE.exe
  C:\Windows\System\XYYhIuE.exe
  2⤵
  PID:15628
- C:\Windows\System\tlgXIft.exe
  C:\Windows\System\tlgXIft.exe
  2⤵
  PID:15660
- C:\Windows\System\KDnluKi.exe
  C:\Windows\System\KDnluKi.exe
  2⤵
  PID:15692
- C:\Windows\System\tziRJAY.exe
  C:\Windows\System\tziRJAY.exe
  2⤵
  PID:15724
- C:\Windows\System\oHRKxPl.exe
  C:\Windows\System\oHRKxPl.exe
  2⤵
  PID:15756
- C:\Windows\System\kvRODhC.exe
  C:\Windows\System\kvRODhC.exe
  2⤵
  PID:15788
- C:\Windows\System\ZQQBhWF.exe
  C:\Windows\System\ZQQBhWF.exe
  2⤵
  PID:15820
- C:\Windows\System\XdITHXa.exe
  C:\Windows\System\XdITHXa.exe
  2⤵
  PID:15852
- C:\Windows\System\CsdjjDy.exe
  C:\Windows\System\CsdjjDy.exe
  2⤵
  PID:15884
- C:\Windows\System\kuJKOQW.exe
  C:\Windows\System\kuJKOQW.exe
  2⤵
  PID:15916
- C:\Windows\System\cBiKMGI.exe
  C:\Windows\System\cBiKMGI.exe
  2⤵
  PID:15948
- C:\Windows\System\GxnPbps.exe
  C:\Windows\System\GxnPbps.exe
  2⤵
  PID:15980
- C:\Windows\System\yqlqNUn.exe
  C:\Windows\System\yqlqNUn.exe
  2⤵
  PID:16012
- C:\Windows\System\xjkOFMt.exe
  C:\Windows\System\xjkOFMt.exe
  2⤵
  PID:16044
- C:\Windows\System\MhBVKKj.exe
  C:\Windows\System\MhBVKKj.exe
  2⤵
  PID:16076
- C:\Windows\System\vBVRufw.exe
  C:\Windows\System\vBVRufw.exe
  2⤵
  PID:16108
- C:\Windows\System\FVQPtoG.exe
  C:\Windows\System\FVQPtoG.exe
  2⤵
  PID:16140
- C:\Windows\System\TAOgvdm.exe
  C:\Windows\System\TAOgvdm.exe
  2⤵
  PID:16172
- C:\Windows\System\cUQcckn.exe
  C:\Windows\System\cUQcckn.exe
  2⤵
  PID:16204
- C:\Windows\System\yNOmpQc.exe
  C:\Windows\System\yNOmpQc.exe
  2⤵
  PID:16236
- C:\Windows\System\gDJMpwO.exe
  C:\Windows\System\gDJMpwO.exe
  2⤵
  PID:16264
- C:\Windows\System\NSNsIKY.exe
  C:\Windows\System\NSNsIKY.exe
  2⤵
  PID:16300
- C:\Windows\System\aCLUORZ.exe
  C:\Windows\System\aCLUORZ.exe
  2⤵
  PID:16332
- C:\Windows\System\KBENYvj.exe
  C:\Windows\System\KBENYvj.exe
  2⤵
  PID:16364
- C:\Windows\System\vtylSRz.exe
  C:\Windows\System\vtylSRz.exe
  2⤵
  PID:15364
- C:\Windows\System\dgogftB.exe
  C:\Windows\System\dgogftB.exe
  2⤵
  PID:15432
- C:\Windows\System\EyqeUEZ.exe
  C:\Windows\System\EyqeUEZ.exe
  2⤵
  PID:15496
- C:\Windows\System\MoyPyIU.exe
  C:\Windows\System\MoyPyIU.exe
  2⤵
  PID:15560
- C:\Windows\System\TSCQfab.exe
  C:\Windows\System\TSCQfab.exe
  2⤵
  PID:15624
- C:\Windows\System\hhvGXfX.exe
  C:\Windows\System\hhvGXfX.exe
  2⤵
  PID:15688
- C:\Windows\System\nwKuATi.exe
  C:\Windows\System\nwKuATi.exe
  2⤵
  PID:15748
- C:\Windows\System\uacrZjN.exe
  C:\Windows\System\uacrZjN.exe
  2⤵
  PID:15784
- C:\Windows\System\wZWuFTI.exe
  C:\Windows\System\wZWuFTI.exe
  2⤵
  PID:15848
- C:\Windows\System\VcjuqSZ.exe
  C:\Windows\System\VcjuqSZ.exe
  2⤵
  PID:15900
- C:\Windows\System\GFUfsdN.exe
  C:\Windows\System\GFUfsdN.exe
  2⤵
  PID:15964
- C:\Windows\System\InbQHHT.exe
  C:\Windows\System\InbQHHT.exe
  2⤵
  PID:16028
- C:\Windows\System\lbxYrSq.exe
  C:\Windows\System\lbxYrSq.exe
  2⤵
  PID:16088
- C:\Windows\System\TRdAYXW.exe
  C:\Windows\System\TRdAYXW.exe
  2⤵
  PID:16152
- C:\Windows\System\rsfAHHK.exe
  C:\Windows\System\rsfAHHK.exe
  2⤵
  PID:5788
- C:\Windows\System\kyKqcdL.exe
  C:\Windows\System\kyKqcdL.exe
  2⤵
  PID:16280
- C:\Windows\System\PPyzLut.exe
  C:\Windows\System\PPyzLut.exe
  2⤵
  PID:16324
- C:\Windows\System\lKPnWMU.exe
  C:\Windows\System\lKPnWMU.exe
  2⤵
  PID:16380
- C:\Windows\System\DIdOtWJ.exe
  C:\Windows\System\DIdOtWJ.exe
  2⤵
  PID:15420
- C:\Windows\System\jGCqWiX.exe
  C:\Windows\System\jGCqWiX.exe
  2⤵
  PID:15524
- C:\Windows\System\bQafBHf.exe
  C:\Windows\System\bQafBHf.exe
  2⤵
  PID:4216
- C:\Windows\System\mIvunyE.exe
  C:\Windows\System\mIvunyE.exe
  2⤵
  PID:15740
- C:\Windows\System\vEvveFm.exe
  C:\Windows\System\vEvveFm.exe
  2⤵
  PID:15812
- C:\Windows\System\WvLOOan.exe
  C:\Windows\System\WvLOOan.exe
  2⤵
  PID:15928
- C:\Windows\System\wSFEviJ.exe
  C:\Windows\System\wSFEviJ.exe
  2⤵
  PID:1140
- C:\Windows\System\FMXEVBM.exe
  C:\Windows\System\FMXEVBM.exe
  2⤵
  PID:16056
- C:\Windows\System\dHTYzex.exe
  C:\Windows\System\dHTYzex.exe
  2⤵
  PID:16136
- C:\Windows\System\EaivAug.exe
  C:\Windows\System\EaivAug.exe
  2⤵
  PID:5880
- C:\Windows\System\YvMcJdy.exe
  C:\Windows\System\YvMcJdy.exe
  2⤵
  PID:16296
- C:\Windows\System\NqSMYhT.exe
  C:\Windows\System\NqSMYhT.exe
  2⤵
  PID:16360
- C:\Windows\System\SgYUhHI.exe
  C:\Windows\System\SgYUhHI.exe
  2⤵
  PID:544
- C:\Windows\System\mKooLZv.exe
  C:\Windows\System\mKooLZv.exe
  2⤵
  PID:15608
- C:\Windows\System\lBpCXXu.exe
  C:\Windows\System\lBpCXXu.exe
  2⤵
  PID:15772
- C:\Windows\System\ezyrGWw.exe
  C:\Windows\System\ezyrGWw.exe
  2⤵
  PID:15876
- C:\Windows\System\qiRwnwl.exe
  C:\Windows\System\qiRwnwl.exe
  2⤵
  PID:16004
- C:\Windows\System\IFavbMN.exe
  C:\Windows\System\IFavbMN.exe
  2⤵
  PID:1832
- C:\Windows\System\AiBzSKT.exe
  C:\Windows\System\AiBzSKT.exe
  2⤵
  PID:16284
- C:\Windows\System\vDNiVIC.exe
  C:\Windows\System\vDNiVIC.exe
  2⤵
  PID:5236
- C:\Windows\System\QciLeZo.exe
  C:\Windows\System\QciLeZo.exe
  2⤵
  PID:15396
- C:\Windows\System\OGbtGrm.exe
  C:\Windows\System\OGbtGrm.exe
  2⤵
  PID:15716
- C:\Windows\System\AfVdjRv.exe
  C:\Windows\System\AfVdjRv.exe
  2⤵
  PID:4760
- C:\Windows\System\KgltmbH.exe
  C:\Windows\System\KgltmbH.exe
  2⤵
  PID:4456
- C:\Windows\System\aBSNpug.exe
  C:\Windows\System\aBSNpug.exe
  2⤵
  PID:4412
- C:\Windows\System\PpwSnUn.exe
  C:\Windows\System\PpwSnUn.exe
  2⤵
  PID:16344
- C:\Windows\System\bRYFErM.exe
  C:\Windows\System\bRYFErM.exe
  2⤵
  PID:1760
- C:\Windows\System\sMuDtnF.exe
  C:\Windows\System\sMuDtnF.exe
  2⤵
  PID:880
- C:\Windows\System\uGyxsON.exe
  C:\Windows\System\uGyxsON.exe
  2⤵
  PID:15976
- C:\Windows\System\qTnTXxE.exe
  C:\Windows\System\qTnTXxE.exe
  2⤵
  PID:16312
- C:\Windows\System\daOEXvS.exe
  C:\Windows\System\daOEXvS.exe
  2⤵
  PID:6000
- C:\Windows\System\cxGVKnF.exe
  C:\Windows\System\cxGVKnF.exe
  2⤵
  PID:4340
- C:\Windows\System\CKOLIbw.exe
  C:\Windows\System\CKOLIbw.exe
  2⤵
  PID:16292
- C:\Windows\System\JbBOOoh.exe
  C:\Windows\System\JbBOOoh.exe
  2⤵
  PID:3364
- C:\Windows\System\oWwvGQj.exe
  C:\Windows\System\oWwvGQj.exe
  2⤵
  PID:16196
- C:\Windows\System\eHcVjzs.exe
  C:\Windows\System\eHcVjzs.exe
  2⤵
  PID:4380
- C:\Windows\System\nWixKvr.exe
  C:\Windows\System\nWixKvr.exe
  2⤵
  PID:2104
- C:\Windows\System\rBiTKpN.exe
  C:\Windows\System\rBiTKpN.exe
  2⤵
  PID:2592
- C:\Windows\System\vlAdQku.exe
  C:\Windows\System\vlAdQku.exe
  2⤵
  PID:5152
- C:\Windows\System\CxsCtBG.exe
  C:\Windows\System\CxsCtBG.exe
  2⤵
  PID:1256
- C:\Windows\System\dWhsaEj.exe
  C:\Windows\System\dWhsaEj.exe
  2⤵
  PID:16428
- C:\Windows\System\rhVeRaq.exe
  C:\Windows\System\rhVeRaq.exe
  2⤵
  PID:16480
- C:\Windows\System\HqUDJwW.exe
  C:\Windows\System\HqUDJwW.exe
  2⤵
  PID:16624
- C:\Windows\System\DlRjTSU.exe
  C:\Windows\System\DlRjTSU.exe
  2⤵
  PID:16640
- C:\Windows\System\WIyotBj.exe
  C:\Windows\System\WIyotBj.exe
  2⤵
  PID:16672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AfqVcqp.exe

Filesize
5.7MB

MD5
22c8b37593b9950086c1ad6929d1ce9a

SHA1
3c069f8a4ad1a3ee058ce3064d4ebb0005130868

SHA256
e269f96a15ad0231b4da49974eaddb50397bd2083fe1dee120b267a40e085d21

SHA512
2091db33751be521c70af18d5813784a959a7a06ed9e3f05bc42bb3c1780813eef9b405e12f362c4ae6bf3a44f659d9d4b1a08c2700e3b8e0389c0bf12035047

Download Submit
C:\Windows\System\EVBvECQ.exe

Filesize
5.7MB

MD5
65f521a0374039078afbfaf9c77cf9e2

SHA1
f5d3013fbc1c5c64e8e0248ae79aa603e71d81f7

SHA256
8e330675c9a8d695b72829af950669f77cc8a066d28135b3990584925733806e

SHA512
e2f34106ae9ee48c9607d9515dc2f24bca5240e3fe6bd1c84d6bd7bd0f5ed3106e1d739ae79452283ad2ff1d9dbd636e9bd27f5fd03a0055ccd90172b36b84af

Download Submit
C:\Windows\System\GbDkBno.exe

Filesize
5.7MB

MD5
4d6b55c7dad0bb1a8efcfc76f659d8a1

SHA1
a37c82633c992cca9d2cf7225754207638cd46a4

SHA256
68e2a0cd73bb1b55821e4e441235c4a6d129fd5c2c976897dd2818aa1dbebc11

SHA512
8cae2a68b1f1223975b3f685cdc81c153edae5f2148a342aa693eef3df6a458769a66d0d11e8edab041fd71a57ebb14c258dfde08d95f2095fd61c35469b063d

Download Submit
C:\Windows\System\IYuqHlw.exe

Filesize
5.7MB

MD5
2e4743219327edf1994978f5d12fe5b1

SHA1
87659f7e01d37f847e564b3204e3278b165591ad

SHA256
498542dac4cb4542d1a515e6f4585f15e2baef545fb57fc107df32772e7d3c44

SHA512
0392757243ff34012f94f22800abf5b515e914fc5732ba59ed529292f1b86a2deefc5eac3a05292d3801607b4663bd5e44ce63d1626e653d738dc79dc6f1cb64

Download Submit
C:\Windows\System\JTJOGMe.exe

Filesize
5.7MB

MD5
818cff2452be591c87bdcea85117d6b5

SHA1
f2ba8fca06196e066bb981b83d1c5ca9cdceec25

SHA256
42761560ca0cedb40601abe4e1d54846668c115f052ecc64ebf2ae5f5dba1e7c

SHA512
94efda66b66069ff65430aeffc8e06ea40815ebfb5534434f637acc22fd94018b35159b8f72471a678237feee0ff4dee883238a84deb96f9dd0893d13837c772

Download Submit
C:\Windows\System\KbQVqfg.exe

Filesize
5.7MB

MD5
eff778327e42085195db95f0759fc121

SHA1
9c69de2102ea4c387e49a67c6548f14af41df196

SHA256
503c213bcc88584da69e47d11b51dbbaabf514c810bf288e829e20d8139f7097

SHA512
8c1467ea11741ed6346abaa5316ccd02469fa2b3946cffc60c4ff968d6b0387311dd76b66980b044a9a6b844360195864cbf6539b2d62d007470aa7b5a8744e5

Download Submit
C:\Windows\System\LGQRWpe.exe

Filesize
5.7MB

MD5
028ba0ebaae233d39041277960c1b4bf

SHA1
190a11706520e8e9a45515635da2139672eb23a9

SHA256
c3967154fd768dea5b79517baca44977d3086616326251dd3a0a1b700bed101a

SHA512
83e9a4d26151c7d641087e09d9157ecb02c452bdb924d3d371f9f3b0e8efe667e1c2e024122907fb18ac0476877296b30ef7a320d60ecf81e4d1035f0f7df713

Download Submit
C:\Windows\System\LPvcXvH.exe

Filesize
5.7MB

MD5
faeda9f93ed252e78ea614d1684245f1

SHA1
d82b74fd1f5f4d683cc60245b14ca72c0d06b14f

SHA256
b2d986b4a67a7b2fb66bf72e2b8eaa2e22a5cc7cef09e8bc64aeb6ba07867b77

SHA512
39a2a6ae8680c64cd31659053cefa5cfa83f10035527eb6fab32d5a40734e940b7fe252224de7d9a2bd3f448c136cf5224741f8cbb56590708138f6100c2a421

Download Submit
C:\Windows\System\OdBMFmm.exe

Filesize
5.7MB

MD5
c6c3c7591b353d81a7a74d3db150fb78

SHA1
42ff4abf2cf89dca8d25bcfd6c647ea22d28b30d

SHA256
0b43a9a65e61f87acfcb8a45cb0e074c4cd1cb3253594f02db0c2ffb42a44705

SHA512
be97bd5db2ef41aec3443cbd3b1d39a21c65da129b1f0794ff1f21e63b59f21b9cedfb959b6c3fb03be2f40c2c47635d0848e774ac092181f04654b0145b017e

Download Submit
C:\Windows\System\OuoUifD.exe

Filesize
5.7MB

MD5
7cf92b20791be0d37b8a0701b358a53a

SHA1
ecdd6944c0c87cedffb2630e2f8ce0e8bd259319

SHA256
85faf697d2c0402ad455100178681dab4db7c54eed37e60555bdf0e766ecda77

SHA512
d5a7f34bced5852db30f9d84d2cda30b9db756aa8d60ca122eb627d801081962eab1b155e2e70c4efb268d49574001152da1eec510fede7593d230e940dfeac1

Download Submit
C:\Windows\System\OvWXBwK.exe

Filesize
5.7MB

MD5
156ca0dee71d81a608e19061b2be5712

SHA1
27f0ae31f5c13037c7a05d67d77973632489d923

SHA256
ed24bcc828ae50f0e752bcc870231f6f1b2fba5386ab380bb7aa1033464ce3a1

SHA512
2962253d169a4a8a8c69bee88c1cb70d35da37fa34a0af2f7bc96d063791f34121a9c1ac2f7515336e1824ff3a5342cc1c14c5d215704f2be7888de77e5b968b

Download Submit
C:\Windows\System\SRXEGfj.exe

Filesize
5.7MB

MD5
ec24a99049750302de557c69ab034620

SHA1
c0778e68f7d8ce468ccd485abd567204c151b326

SHA256
ad364006021554eca288cd275f62ef2501dcea7d7a7d2b62d1dada74e50bc18d

SHA512
8e1690aa1ce7cdb1deecda42846eb055e966aae0f4e52bca00f13c74eeb1f0a163920d5aa6339feaa67d3d49766131d54cee3df7a0f065471805ae213937706c

Download Submit
C:\Windows\System\SWKTLML.exe

Filesize
5.7MB

MD5
fed87a642f878e3188df4e2c10f679e4

SHA1
b6e10ccfd595bd5c13e09a6d8b7b7f0c4418db32

SHA256
bdf31d289da8832049050a3292aab9c7086f3d41713f5fa70aea609dce5abc8e

SHA512
6d6110bdfb9cf425598c443a1f3d4e29058cf08a2da870125e11cf069f31898293cd3fa2ebde75c04c510532324984eeafb3922d49b30cb748cc329e1ed7acbf

Download Submit
C:\Windows\System\UBllqGU.exe

Filesize
5.7MB

MD5
f6c7d269cf9cfc7af20c0c1776f7ebcd

SHA1
f49b6cf0f22fe426d67a888ebec5d7bda5553059

SHA256
6b2aaad8d60e8317996957a13e5781508fdc147af39be9a9c6de9e93eea31d6f

SHA512
119dfd5a0b5b7eaf1d18a6559afc06ae1cdb649f0fa1cf63acca979339a3f07f6ddf58f53e3c7017f4e935d5dc2a32e85426c317b8acbc8ae2cd3f6b68e04534

Download Submit
C:\Windows\System\Vpjxohi.exe

Filesize
5.7MB

MD5
0eb13ea7ad0339474f69ce04d77535ef

SHA1
2d63d7efe22b3ac9d24e5c32e94a9c6bb54cbae0

SHA256
9976bfb6fc7fdee53f38873b6fa5ffa8404b4a60f0a79ab281384e7af82b570a

SHA512
443ce4b0407ed0432652061989534f0b2bf6935352f92c1184f321b75e23af6dd6c6f4eedcdcedb01c35070e5aba4c2ff8dfe647ca8e586bb4b05afe2a78101c

Download Submit
C:\Windows\System\bNTEgtf.exe

Filesize
5.7MB

MD5
148ca0c7277ff20c588b4d484c9ea731

SHA1
5b6268cb7f22d5b10300ddf783a4aa788810e9a6

SHA256
5593f429a77cd4c3b420f7fd996d5c05d4cc0ef79241a44230d26a3b79efeaf1

SHA512
578dcb5044a0b6e258431da2bc5e64384ffa68a93f1e4d8ed0c0ec2a847de0719ad7edd560bdc5b9fe860663826c3189d859b08dc7ca66c409822fc2c9610a3c

Download Submit
C:\Windows\System\biZdDFC.exe

Filesize
5.7MB

MD5
7414fdb2a988a9262f2a0bc6cb1c07bb

SHA1
dd53aa916dd48961a43a624e5c08497cb602bf00

SHA256
88fc13a814f378ef959254a7c66b5d7202fa78cbd2f23eb7d3437c72ddd40d2c

SHA512
a4863ac0c93b5c447fb2e4ab1f039c0952f68d3fd64145e1b7f9b8d3f6c0a74781130c13bbc5632bc0d2dbd08011d7af13b978014b92ad5816a4d76b4f01a41e

Download Submit
C:\Windows\System\cdmMUGH.exe

Filesize
5.7MB

MD5
806fb6956c032a29430d931593a307e5

SHA1
9b3f2d44883b77b1dc22f610fe1bdcf6c158ffb3

SHA256
9fe88651a7dd5b5146c7d04fda241a1541c59f682f40887cdd301af16d20831f

SHA512
4e8a07c305fbdd7bec41c3d0166297550efa394f7b8df72f86acaf088efe26e6ef50d04da56f5a16f8a5e30bf1f60a2ab1647ea57732ab6cceff0ad60594a380

Download Submit
C:\Windows\System\eKGlKrh.exe

Filesize
5.7MB

MD5
6d494163ec0757ac8830d289845e1659

SHA1
5b09b2de7492c8f084ccba57b6a0a1306bad79ae

SHA256
f53cb6d45abe7a7ca17de2e1716b4114d19eb08a404664cdb93967138a6e4a84

SHA512
fa5423762dd7594cedf0fee8b20e758f7e7a7bdacc169ffe48570abe7bcfb35c916186463e97e56f20aa6fda8d4f8f04aae21538d35417355359ae905d8d14f2

Download Submit
C:\Windows\System\gxYSyzr.exe

Filesize
5.7MB

MD5
f778d9c8915917f3c6dd4fb544845576

SHA1
e26e371e3963e29768b94f78dbcd461115c5f8e7

SHA256
9b784749608489b2af4bb97e9c35ba3e2f024d519c59a249ffd366571b5e2255

SHA512
db90ea3ca915897276c9f52459bfceadebbbb21608db1bf80597435f3401cbb339182c0dc616891ec95f8662104755767ef18e5a44b02251ab4f42bb720b1aab

Download Submit
C:\Windows\System\ivexztq.exe

Filesize
5.7MB

MD5
039cd10f15716f35911156d1ad9d4219

SHA1
ff9e8f455f2343702675b8b1972ddf1d67029f68

SHA256
9c42e3d7fe8a403f7583f196c3c3153981990f76d8eec4a8660952f1deb94dcd

SHA512
6567b128e2afd58110727542ddf53ac2d9b152cb4fe21015fb43916e21f1f0ef7b12e032c625a61f621ff182ebfb85c334f2819faccc65f6aa3918cdf426c114

Download Submit
C:\Windows\System\iwUkZEz.exe

Filesize
5.7MB

MD5
8d4b8c5e70b966618b8d1d14c0aef3e1

SHA1
4d5f5864a56c36a7329134d916af57e0b3b30b7c

SHA256
6a423d5fa1be62a8bfaf734de83c8b483dd5b06e8f10f415eeb26c81aaac29f9

SHA512
cbcfb9f086b8539b20dda3d5c09ed5a86a34d162003e46940cc60f0565a9f5630cef4eff3a393c7765631609091b36972efa1b7a0ecdc9e5c0e2a7af60505854

Download Submit
C:\Windows\System\kAzkXOY.exe

Filesize
5.7MB

MD5
f9a88f7d2be9c6a6e51830887171a5f9

SHA1
d45d8d199f6f4236c22d33d6cdd2074900f7d3b7

SHA256
77403ebd482b5e1ec9225762a959f7d2898546baf7aa603703c54728ef486796

SHA512
998af1d43f4a7dd6beccd1fc0223f905ed4313c6ab2fe4244d3c3f4ccc1a4ba5415f4e947a2924c0dff9190f2f941e4dc05651ea1065a9d46c557f40179b70cb

Download Submit
C:\Windows\System\kJYCyRy.exe

Filesize
5.7MB

MD5
770e07fd036a3081b073e7d0f57ec8f5

SHA1
f4969742993f10fb35c7dca9d60b887554905691

SHA256
026b2a9917cd9d5d2320a0e28bde8f5b184681ae26c32160275108ddbff7944c

SHA512
5669a811560be8e945e6ccbac40ac0dee4b259e9c5b175846c1c7b62d05b5fcd58465dd2538269e0365f601503ee9463ae4e25bd4a3a8ab641343eaae0e958e3

Download Submit
C:\Windows\System\lMIiVYu.exe

Filesize
5.7MB

MD5
a97b33e346ac57146e83d3f6bfca6e21

SHA1
bdf63504a736c2a505bd9e54bd3bec70d588e851

SHA256
9123a56fe490b3c78d16dca45dc90806dcda3e20e5d605a4c26e34654be4e0c4

SHA512
355f9cc12f701d02a028526a14e975199bd726b91ebc1274e77c63819f7706ad6dc37354e5b0da91d40b770a49eea5a57aa65fa240957d1b6c1cc01a367e2e0a

Download Submit
C:\Windows\System\mjtuAWP.exe

Filesize
5.7MB

MD5
b98887789e82ac0b24c982ebafc7f423

SHA1
94ff80c4a5c8644ff3860d09093f7d71c96462b7

SHA256
bf820ec833ece44730cc503d91ef177b16a682755430eb49c69cafdd3cf3f0e2

SHA512
cd9909a2bc561f4b56455d1cbdcfeaf223d15279e4d546823a0137e6a671f2086300ac5b75a163bd62263c0b79d33de9d7144474e49406b9b0c8da1c85fdebaa

Download Submit
C:\Windows\System\qdVLZZz.exe

Filesize
5.7MB

MD5
77d663a8b6f3d21e14bf8cb3f0f323cb

SHA1
f58bfed3b879430a730e4162726ed7ee201367db

SHA256
e180ab4f74d8435ea17cbd718b65cba333324a3b61101aba5dcd21e17c5d4d96

SHA512
1e32d4a0ea4b5c73f380928fa1aa9475219ae378dddd2b37faf6d50cbece5b9591a030a911443b138e011dc5f2e90d6d0b035fdfbfbcabce376b4af41b3d647e

Download Submit
C:\Windows\System\rQvxLJi.exe

Filesize
5.7MB

MD5
443c07f25c538cf6b50bdf2c6522f8e4

SHA1
51a7dc3bbb2e83c9815e3116c856fa6a7e0e34d7

SHA256
f71ce2cfab19b253645d799e4e409724f30a791b82083d6ed104535f68e2101a

SHA512
c40fa3e3a5e21ccef3243aeb755c3230ab71a89b60d8f5530aa1a1b42f56161f6366baa86e6d2eaf1d7196503f5070e3e3d789779ba4f8daa64d96ab54ba7881

Download Submit
C:\Windows\System\sXJJbiB.exe

Filesize
5.7MB

MD5
7c365b06b603ae6e9d061992293eb137

SHA1
5941b05910c31b8f17e305c34fbd73d9965dcb5f

SHA256
49c2e590554c5053a67969e917cea41400541b7c7c0859bd99bded378ec8668f

SHA512
861013c2e6c22b41209d574dc6b22ba1fe171f6ac1b2da4ce76d27283b6f661ef9930f00bac0955ef5800d05389443bbb8e1bde73d991b330acb6a7ccff32310

Download Submit
C:\Windows\System\vIjQjpz.exe

Filesize
5.7MB

MD5
2be349c57c2ce933e1db11bc8e42de19

SHA1
de53de8973124601c1f94d5402d6f954db99673c

SHA256
33a4709ec2728f63a9ec81b18ff17636e395f4a942a17f79903c14fb44299d66

SHA512
2a643b6a38fd82e2c8acddacf434093f9913a13d7ae459ab3b6b64da5ad676a68e85ca92ef4d98a60b185f1da5bae81f26b6c730392f46d8de6b0403b9cae765

Download Submit
C:\Windows\System\vNcuBRU.exe

Filesize
5.7MB

MD5
77dd51c1d9c4d307f3db07a169316625

SHA1
38818c8178ef3ec5ce31c7a1ff9263b75d1e17f6

SHA256
31a8b0cc180d0d01c716e64d69017711d05808077a0e41fbdd2f3e83abe55e9b

SHA512
348c48e13dd6ebb4721de164a5c6b40c34ae5915ed2d2f47b118428f1f0f7193621cb0f517cceb96ce93a19772f0b357775daab018eb7499d755ef25d020a4bf

Download Submit
C:\Windows\System\wjyBsNr.exe

Filesize
5.7MB

MD5
84d174868fdaee72a3639cc0608c2755

SHA1
df81e5393a286144840acb005d1a3c78887186b9

SHA256
950eadc2322563f1c019d714e1ed1c5a8b9100d021daf94a138d842938158eb7

SHA512
84685d5dd93b955651f1916363ba31874618fa8b9ffd7fbe580d02e7ba6f7f2506bbdb99e0db47f3462b99c38aafaebd34fea20f08d96e9e958e1c043a1a59c5

Download Submit
C:\Windows\System\zGJQQgy.exe

Filesize
5.7MB

MD5
bfe6fc648f831d5f1de3f9de03974eff

SHA1
529e09a817aadbd6b161790802e2acde299329ef

SHA256
66496022d3442ecca1d44cf9764b7fddf85cbdaf1867b637aa0da3a0299f26ba

SHA512
de6ebd112bad3bd096aff787b7c224cfac345c762cb00d19d462b1ad4b34dec0e01de8c44615121d792401ae11849e16d7733dc76e76b1aadaf80bed779b8fb0

Download Submit
memory/60-115-0x00007FF7E23D0000-0x00007FF7E271D000-memory.dmp

Filesize
3.3MB

Download
memory/816-133-0x00007FF6A3FE0000-0x00007FF6A432D000-memory.dmp

Filesize
3.3MB

Download
memory/1212-25-0x00007FF667500000-0x00007FF66784D000-memory.dmp

Filesize
3.3MB

Download
memory/1432-139-0x00007FF766510000-0x00007FF76685D000-memory.dmp

Filesize
3.3MB

Download
memory/1448-19-0x00007FF63CBC0000-0x00007FF63CF0D000-memory.dmp

Filesize
3.3MB

Download
memory/2108-159-0x00007FF6717F0000-0x00007FF671B3D000-memory.dmp

Filesize
3.3MB

Download
memory/3180-180-0x00007FF796270000-0x00007FF7965BD000-memory.dmp

Filesize
3.3MB

Download
memory/3220-1-0x00000260B6E80000-0x00000260B6E90000-memory.dmp

Filesize
64KB

Download
memory/3220-0-0x00007FF79BDC0000-0x00007FF79C10D000-memory.dmp

Filesize
3.3MB

Download
memory/3408-73-0x00007FF7AE600000-0x00007FF7AE94D000-memory.dmp

Filesize
3.3MB

Download
memory/3608-151-0x00007FF7D4A10000-0x00007FF7D4D5D000-memory.dmp

Filesize
3.3MB

Download
memory/3948-165-0x00007FF789720000-0x00007FF789A6D000-memory.dmp

Filesize
3.3MB

Download
memory/4296-90-0x00007FF6F4230000-0x00007FF6F457D000-memory.dmp

Filesize
3.3MB

Download
memory/4348-85-0x00007FF6C9850000-0x00007FF6C9B9D000-memory.dmp

Filesize
3.3MB

Download
memory/4424-49-0x00007FF600790000-0x00007FF600ADD000-memory.dmp

Filesize
3.3MB

Download
memory/4460-46-0x00007FF77A160000-0x00007FF77A4AD000-memory.dmp

Filesize
3.3MB

Download
memory/4556-55-0x00007FF601080000-0x00007FF6013CD000-memory.dmp

Filesize
3.3MB

Download
memory/4560-61-0x00007FF6A8F90000-0x00007FF6A92DD000-memory.dmp

Filesize
3.3MB

Download
memory/4768-67-0x00007FF6179E0000-0x00007FF617D2D000-memory.dmp

Filesize
3.3MB

Download
memory/4920-190-0x00007FF7B4590000-0x00007FF7B48DD000-memory.dmp

Filesize
3.3MB

Download
memory/4948-31-0x00007FF7C1840000-0x00007FF7C1B8D000-memory.dmp

Filesize
3.3MB

Download
memory/4992-177-0x00007FF720110000-0x00007FF72045D000-memory.dmp

Filesize
3.3MB

Download
memory/5004-7-0x00007FF6F1120000-0x00007FF6F146D000-memory.dmp

Filesize
3.3MB

Download
memory/5040-79-0x00007FF72BB70000-0x00007FF72BEBD000-memory.dmp

Filesize
3.3MB

Download
memory/5076-121-0x00007FF6BE740000-0x00007FF6BEA8D000-memory.dmp

Filesize
3.3MB

Download
memory/5160-39-0x00007FF7E16C0000-0x00007FF7E1A0D000-memory.dmp

Filesize
3.3MB

Download
memory/5176-97-0x00007FF702590000-0x00007FF7028DD000-memory.dmp

Filesize
3.3MB

Download
memory/5228-12-0x00007FF7417C0000-0x00007FF741B0D000-memory.dmp

Filesize
3.3MB

Download
memory/5388-127-0x00007FF7856F0000-0x00007FF785A3D000-memory.dmp

Filesize
3.3MB

Download
memory/5424-109-0x00007FF7C1480000-0x00007FF7C17CD000-memory.dmp

Filesize
3.3MB

Download
memory/5844-171-0x00007FF643050000-0x00007FF64339D000-memory.dmp

Filesize
3.3MB

Download
memory/5896-145-0x00007FF667320000-0x00007FF66766D000-memory.dmp

Filesize
3.3MB

Download
memory/6104-107-0x00007FF754E00000-0x00007FF75514D000-memory.dmp

Filesize
3.3MB

Download