cobaltstrike | 563d1f7b352def928c31d4c4fe2ce9025f3c83b79ceab586021844cf1f2025ac

Analysis

max time kernel
106s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
30/03/2025, 18:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

5.7MB
MD5

6f9929e5e0ee793a871206a82c51ada9
SHA1

adb0589aaff277c47de7308da04485b16d413fae
SHA256

563d1f7b352def928c31d4c4fe2ce9025f3c83b79ceab586021844cf1f2025ac
SHA512

b206f74fe484208663d3182f945a5444dfcac134e4eab69523f168296e958e1a9173ebb151c3bba54eaa7f0a2b6afe0279649e7fe359da18af41f1d50719b7e4
SSDEEP

98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lUd:j+R56utgpPF8u/7d

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000a0000000227cb-6.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242ed-11.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242ee-10.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242f0-29.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242f4-53.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242f5-58.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242ff-64.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024300-71.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242f3-47.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242f2-42.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242f1-36.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242ef-24.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024301-77.dat	cobalt_reflective_dll
behavioral2/files/0x000b00000002413e-90.dat	cobalt_reflective_dll
behavioral2/files/0x000c00000002415d-108.dat	cobalt_reflective_dll
behavioral2/files/0x000b00000002413c-101.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000024174-112.dat	cobalt_reflective_dll
behavioral2/files/0x000c000000024151-96.dat	cobalt_reflective_dll
behavioral2/files/0x00080000000242ea-84.dat	cobalt_reflective_dll
behavioral2/files/0x000c00000002415c-125.dat	cobalt_reflective_dll
behavioral2/files/0x000500000001e0ce-120.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000024176-131.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024302-140.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024304-149.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024303-144.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002430b-163.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002430c-168.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002430f-185.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024310-190.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002430e-180.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002430d-177.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024305-156.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4652-0-0x00007FF64DDC0000-0x00007FF64E10D000-memory.dmp	xmrig
behavioral2/memory/2252-7-0x00007FF6DA580000-0x00007FF6DA8CD000-memory.dmp	xmrig
behavioral2/files/0x000a0000000227cb-6.dat	xmrig
behavioral2/files/0x00070000000242ed-11.dat	xmrig
behavioral2/files/0x00070000000242ee-10.dat	xmrig
behavioral2/memory/3436-13-0x00007FF7BBB60000-0x00007FF7BBEAD000-memory.dmp	xmrig
behavioral2/memory/2468-19-0x00007FF6AAA50000-0x00007FF6AAD9D000-memory.dmp	xmrig
behavioral2/files/0x00070000000242f0-29.dat	xmrig
behavioral2/memory/1040-43-0x00007FF70A1F0000-0x00007FF70A53D000-memory.dmp	xmrig
behavioral2/memory/6072-49-0x00007FF681CD0000-0x00007FF68201D000-memory.dmp	xmrig
behavioral2/files/0x00070000000242f4-53.dat	xmrig
behavioral2/memory/4196-55-0x00007FF78E2D0000-0x00007FF78E61D000-memory.dmp	xmrig
behavioral2/files/0x00070000000242f5-58.dat	xmrig
behavioral2/memory/5888-61-0x00007FF710D50000-0x00007FF71109D000-memory.dmp	xmrig
behavioral2/files/0x00070000000242ff-64.dat	xmrig
behavioral2/memory/4672-70-0x00007FF7E0440000-0x00007FF7E078D000-memory.dmp	xmrig
behavioral2/memory/4784-72-0x00007FF6FDD00000-0x00007FF6FE04D000-memory.dmp	xmrig
behavioral2/files/0x0007000000024300-71.dat	xmrig
behavioral2/files/0x00070000000242f3-47.dat	xmrig
behavioral2/files/0x00070000000242f2-42.dat	xmrig
behavioral2/memory/764-37-0x00007FF73FF00000-0x00007FF74024D000-memory.dmp	xmrig
behavioral2/files/0x00070000000242f1-36.dat	xmrig
behavioral2/memory/2844-31-0x00007FF756630000-0x00007FF75697D000-memory.dmp	xmrig
behavioral2/memory/2600-25-0x00007FF6DBFD0000-0x00007FF6DC31D000-memory.dmp	xmrig
behavioral2/files/0x00070000000242ef-24.dat	xmrig
behavioral2/files/0x0007000000024301-77.dat	xmrig
behavioral2/memory/4636-79-0x00007FF7E91C0000-0x00007FF7E950D000-memory.dmp	xmrig
behavioral2/memory/5808-85-0x00007FF663800000-0x00007FF663B4D000-memory.dmp	xmrig
behavioral2/files/0x000b00000002413e-90.dat	xmrig
behavioral2/memory/2292-91-0x00007FF7A2680000-0x00007FF7A29CD000-memory.dmp	xmrig
behavioral2/memory/4764-97-0x00007FF7E3330000-0x00007FF7E367D000-memory.dmp	xmrig
behavioral2/memory/4912-103-0x00007FF64A0E0000-0x00007FF64A42D000-memory.dmp	xmrig
behavioral2/memory/3604-109-0x00007FF6E64E0000-0x00007FF6E682D000-memory.dmp	xmrig
behavioral2/files/0x000c00000002415d-108.dat	xmrig
behavioral2/files/0x000b00000002413c-101.dat	xmrig
behavioral2/memory/4984-115-0x00007FF6330E0000-0x00007FF63342D000-memory.dmp	xmrig
behavioral2/files/0x000b000000024174-112.dat	xmrig
behavioral2/files/0x000c000000024151-96.dat	xmrig
behavioral2/files/0x00080000000242ea-84.dat	xmrig
behavioral2/memory/4900-121-0x00007FF6A1F20000-0x00007FF6A226D000-memory.dmp	xmrig
behavioral2/files/0x000c00000002415c-125.dat	xmrig
behavioral2/memory/1648-127-0x00007FF6A6340000-0x00007FF6A668D000-memory.dmp	xmrig
behavioral2/files/0x000500000001e0ce-120.dat	xmrig
behavioral2/files/0x000b000000024176-131.dat	xmrig
behavioral2/memory/5776-136-0x00007FF6F7460000-0x00007FF6F77AD000-memory.dmp	xmrig
behavioral2/files/0x0007000000024302-140.dat	xmrig
behavioral2/memory/3792-145-0x00007FF627A60000-0x00007FF627DAD000-memory.dmp	xmrig
behavioral2/memory/3560-150-0x00007FF6B45A0000-0x00007FF6B48ED000-memory.dmp	xmrig
behavioral2/files/0x0007000000024304-149.dat	xmrig
behavioral2/files/0x0007000000024303-144.dat	xmrig
behavioral2/memory/2944-141-0x00007FF6C0D60000-0x00007FF6C10AD000-memory.dmp	xmrig
behavioral2/memory/2156-157-0x00007FF6C52F0000-0x00007FF6C563D000-memory.dmp	xmrig
behavioral2/files/0x000700000002430b-163.dat	xmrig
behavioral2/memory/2440-169-0x00007FF7AE8C0000-0x00007FF7AEC0D000-memory.dmp	xmrig
behavioral2/files/0x000700000002430c-168.dat	xmrig
behavioral2/files/0x000700000002430f-185.dat	xmrig
behavioral2/memory/4980-187-0x00007FF697360000-0x00007FF6976AD000-memory.dmp	xmrig
behavioral2/files/0x0007000000024310-190.dat	xmrig
behavioral2/memory/3452-181-0x00007FF709BA0000-0x00007FF709EED000-memory.dmp	xmrig
behavioral2/files/0x000700000002430e-180.dat	xmrig
behavioral2/memory/2628-178-0x00007FF6DCBC0000-0x00007FF6DCF0D000-memory.dmp	xmrig
behavioral2/files/0x000700000002430d-177.dat	xmrig
behavioral2/memory/6140-166-0x00007FF7F0830000-0x00007FF7F0B7D000-memory.dmp	xmrig
behavioral2/files/0x0007000000024305-156.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2252	VQGnZHE.exe
3436	jNZfFsY.exe
2468	qvQxbwO.exe
2600	aifGppi.exe
2844	LhNtQcG.exe
764	rTBvDmO.exe
1040	udlzoeE.exe
6072	BWxrBzk.exe
4196	IwWlQJD.exe
5888	sKPWenV.exe
4672	cHLdQWX.exe
4784	uDIUjzO.exe
4636	xngyChg.exe
5808	PIITSWZ.exe
2292	abgisLy.exe
4764	bQGwTkp.exe
4912	duePvlZ.exe
3604	eUBVSbD.exe
4984	dzmrboq.exe
4900	KaiIxqf.exe
1648	vBYJxRd.exe
5776	lnLhBkn.exe
2944	JVfSxun.exe
3792	dfGayJr.exe
3560	naQuGpd.exe
2156	geJiIVJ.exe
6140	VJEzwFY.exe
2440	wxCfNmS.exe
2628	NRZhytp.exe
3452	KZMSfOr.exe
4980	ITmUidX.exe
2028	JHCKTRI.exe
3524	mfjEAMa.exe
3020	ltyGcmo.exe
2164	GYrIGcH.exe
1944	qkCxLLc.exe
2448	uXJajnv.exe
5620	UzgjDSf.exe
4104	AjIuRXD.exe
1028	LeTGqOO.exe
3732	neyZpsW.exe
2820	wHZBFwd.exe
1588	OSAvUmp.exe
2544	TzNRLUW.exe
2308	qKrEuWC.exe
2768	jpTCBGX.exe
1980	tlgOAQS.exe
5828	YQTzSMN.exe
1556	UxXFEmv.exe
5868	CiWuPvp.exe
5476	fIRxtvm.exe
4188	IIAkNAW.exe
3012	itdPAKJ.exe
3156	rfGOXqH.exe
1728	MfyXiWH.exe
1420	ROsvdXS.exe
1064	cRFhLlI.exe
3896	TMqhxrP.exe
2656	YdBwihA.exe
5448	nHwvnIq.exe
5608	hXTtrEt.exe
2300	afaOvVf.exe
5564	MULScIL.exe
5328	lpMDZbz.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\adsBPHA.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ujIBrLG.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oyJjUOP.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uieGcsG.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TVLhFRQ.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LdvRBdp.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DINpgZa.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QfLgdYf.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yefLcdr.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EtTrRxd.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TAjEHzo.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\myqbInF.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ITmUidX.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OOrJxcQ.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WizNKlW.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ODFKqVj.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UnJXbhx.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SyoVUOs.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QJEjQse.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ERDntDY.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rpnPQiK.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qGBxklw.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\geMNylR.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EgWAdDe.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RUrZnRV.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WYSoGoO.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WJBoXNb.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gXTVOFb.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YQWFKvR.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pNLJYbf.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HeRQPIQ.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rrjsxZn.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\iTxgwyR.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CkTXTZc.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jQkJGMm.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IyiKQnZ.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gcXtrZk.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BoRVBdg.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JrQUPJQ.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NCDeLyJ.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IDCelyg.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qxunRRu.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NGWrgjJ.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gUeUwDi.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ftyNsOi.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AhesOMq.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YPqCrkq.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oZgbolm.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IhHnzdu.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\sCYouTy.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VqdqAxD.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\iatGaYO.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DXXLZwD.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nzFgzUb.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NUmQTRs.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\Fgmunxk.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AlvhEFs.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LvVTnOt.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\komEBGJ.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MGhoaAH.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TMqhxrP.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hkGEceB.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yuvvOKP.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EdPnvPb.exe	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4652 wrote to memory of 2252	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 4652 wrote to memory of 2252	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 4652 wrote to memory of 3436	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 4652 wrote to memory of 3436	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 4652 wrote to memory of 2468	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 4652 wrote to memory of 2468	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 4652 wrote to memory of 2600	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 4652 wrote to memory of 2600	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 4652 wrote to memory of 2844	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 4652 wrote to memory of 2844	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 4652 wrote to memory of 764	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 4652 wrote to memory of 764	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 4652 wrote to memory of 1040	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 4652 wrote to memory of 1040	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 4652 wrote to memory of 6072	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 4652 wrote to memory of 6072	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 4652 wrote to memory of 4196	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 4652 wrote to memory of 4196	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 4652 wrote to memory of 5888	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 4652 wrote to memory of 5888	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 4652 wrote to memory of 4672	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 4652 wrote to memory of 4672	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 4652 wrote to memory of 4784	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 4652 wrote to memory of 4784	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 4652 wrote to memory of 4636	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 4652 wrote to memory of 4636	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 4652 wrote to memory of 5808	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 4652 wrote to memory of 5808	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 4652 wrote to memory of 2292	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 4652 wrote to memory of 2292	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 4652 wrote to memory of 4764	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 4652 wrote to memory of 4764	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 4652 wrote to memory of 4912	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 4652 wrote to memory of 4912	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 4652 wrote to memory of 3604	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 4652 wrote to memory of 3604	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 4652 wrote to memory of 4984	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 4652 wrote to memory of 4984	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 4652 wrote to memory of 4900	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 4652 wrote to memory of 4900	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 4652 wrote to memory of 1648	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 4652 wrote to memory of 1648	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 4652 wrote to memory of 5776	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 4652 wrote to memory of 5776	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 4652 wrote to memory of 2944	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 4652 wrote to memory of 2944	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 4652 wrote to memory of 3792	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 4652 wrote to memory of 3792	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 4652 wrote to memory of 3560	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 4652 wrote to memory of 3560	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 4652 wrote to memory of 2156	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 4652 wrote to memory of 2156	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 4652 wrote to memory of 6140	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 4652 wrote to memory of 6140	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 4652 wrote to memory of 2440	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 4652 wrote to memory of 2440	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 4652 wrote to memory of 2628	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 4652 wrote to memory of 2628	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 4652 wrote to memory of 3452	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 4652 wrote to memory of 3452	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 4652 wrote to memory of 4980	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 4652 wrote to memory of 4980	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 4652 wrote to memory of 2028	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121
PID 4652 wrote to memory of 2028	4652	2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121

C:\Users\Admin\AppData\Local\Temp\2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-30_6f9929e5e0ee793a871206a82c51ada9_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4652
- C:\Windows\System\VQGnZHE.exe
  C:\Windows\System\VQGnZHE.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\jNZfFsY.exe
  C:\Windows\System\jNZfFsY.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System\qvQxbwO.exe
  C:\Windows\System\qvQxbwO.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\aifGppi.exe
  C:\Windows\System\aifGppi.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\LhNtQcG.exe
  C:\Windows\System\LhNtQcG.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\rTBvDmO.exe
  C:\Windows\System\rTBvDmO.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\udlzoeE.exe
  C:\Windows\System\udlzoeE.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\BWxrBzk.exe
  C:\Windows\System\BWxrBzk.exe
  2⤵
  - Executes dropped EXE
  PID:6072
- C:\Windows\System\IwWlQJD.exe
  C:\Windows\System\IwWlQJD.exe
  2⤵
  - Executes dropped EXE
  PID:4196
- C:\Windows\System\sKPWenV.exe
  C:\Windows\System\sKPWenV.exe
  2⤵
  - Executes dropped EXE
  PID:5888
- C:\Windows\System\cHLdQWX.exe
  C:\Windows\System\cHLdQWX.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\uDIUjzO.exe
  C:\Windows\System\uDIUjzO.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\xngyChg.exe
  C:\Windows\System\xngyChg.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\PIITSWZ.exe
  C:\Windows\System\PIITSWZ.exe
  2⤵
  - Executes dropped EXE
  PID:5808
- C:\Windows\System\abgisLy.exe
  C:\Windows\System\abgisLy.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\bQGwTkp.exe
  C:\Windows\System\bQGwTkp.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\duePvlZ.exe
  C:\Windows\System\duePvlZ.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\eUBVSbD.exe
  C:\Windows\System\eUBVSbD.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\dzmrboq.exe
  C:\Windows\System\dzmrboq.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\KaiIxqf.exe
  C:\Windows\System\KaiIxqf.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\vBYJxRd.exe
  C:\Windows\System\vBYJxRd.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\lnLhBkn.exe
  C:\Windows\System\lnLhBkn.exe
  2⤵
  - Executes dropped EXE
  PID:5776
- C:\Windows\System\JVfSxun.exe
  C:\Windows\System\JVfSxun.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\dfGayJr.exe
  C:\Windows\System\dfGayJr.exe
  2⤵
  - Executes dropped EXE
  PID:3792
- C:\Windows\System\naQuGpd.exe
  C:\Windows\System\naQuGpd.exe
  2⤵
  - Executes dropped EXE
  PID:3560
- C:\Windows\System\geJiIVJ.exe
  C:\Windows\System\geJiIVJ.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\VJEzwFY.exe
  C:\Windows\System\VJEzwFY.exe
  2⤵
  - Executes dropped EXE
  PID:6140
- C:\Windows\System\wxCfNmS.exe
  C:\Windows\System\wxCfNmS.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\NRZhytp.exe
  C:\Windows\System\NRZhytp.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\KZMSfOr.exe
  C:\Windows\System\KZMSfOr.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\ITmUidX.exe
  C:\Windows\System\ITmUidX.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\JHCKTRI.exe
  C:\Windows\System\JHCKTRI.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\mfjEAMa.exe
  C:\Windows\System\mfjEAMa.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\ltyGcmo.exe
  C:\Windows\System\ltyGcmo.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\GYrIGcH.exe
  C:\Windows\System\GYrIGcH.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\qkCxLLc.exe
  C:\Windows\System\qkCxLLc.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\uXJajnv.exe
  C:\Windows\System\uXJajnv.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\UzgjDSf.exe
  C:\Windows\System\UzgjDSf.exe
  2⤵
  - Executes dropped EXE
  PID:5620
- C:\Windows\System\AjIuRXD.exe
  C:\Windows\System\AjIuRXD.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\LeTGqOO.exe
  C:\Windows\System\LeTGqOO.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\neyZpsW.exe
  C:\Windows\System\neyZpsW.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System\wHZBFwd.exe
  C:\Windows\System\wHZBFwd.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\OSAvUmp.exe
  C:\Windows\System\OSAvUmp.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\TzNRLUW.exe
  C:\Windows\System\TzNRLUW.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\qKrEuWC.exe
  C:\Windows\System\qKrEuWC.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\jpTCBGX.exe
  C:\Windows\System\jpTCBGX.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\tlgOAQS.exe
  C:\Windows\System\tlgOAQS.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\YQTzSMN.exe
  C:\Windows\System\YQTzSMN.exe
  2⤵
  - Executes dropped EXE
  PID:5828
- C:\Windows\System\UxXFEmv.exe
  C:\Windows\System\UxXFEmv.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\CiWuPvp.exe
  C:\Windows\System\CiWuPvp.exe
  2⤵
  - Executes dropped EXE
  PID:5868
- C:\Windows\System\fIRxtvm.exe
  C:\Windows\System\fIRxtvm.exe
  2⤵
  - Executes dropped EXE
  PID:5476
- C:\Windows\System\IIAkNAW.exe
  C:\Windows\System\IIAkNAW.exe
  2⤵
  - Executes dropped EXE
  PID:4188
- C:\Windows\System\itdPAKJ.exe
  C:\Windows\System\itdPAKJ.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\rfGOXqH.exe
  C:\Windows\System\rfGOXqH.exe
  2⤵
  - Executes dropped EXE
  PID:3156
- C:\Windows\System\MfyXiWH.exe
  C:\Windows\System\MfyXiWH.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\ROsvdXS.exe
  C:\Windows\System\ROsvdXS.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\cRFhLlI.exe
  C:\Windows\System\cRFhLlI.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\TMqhxrP.exe
  C:\Windows\System\TMqhxrP.exe
  2⤵
  - Executes dropped EXE
  PID:3896
- C:\Windows\System\YdBwihA.exe
  C:\Windows\System\YdBwihA.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\nHwvnIq.exe
  C:\Windows\System\nHwvnIq.exe
  2⤵
  - Executes dropped EXE
  PID:5448
- C:\Windows\System\hXTtrEt.exe
  C:\Windows\System\hXTtrEt.exe
  2⤵
  - Executes dropped EXE
  PID:5608
- C:\Windows\System\afaOvVf.exe
  C:\Windows\System\afaOvVf.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\MULScIL.exe
  C:\Windows\System\MULScIL.exe
  2⤵
  - Executes dropped EXE
  PID:5564
- C:\Windows\System\lpMDZbz.exe
  C:\Windows\System\lpMDZbz.exe
  2⤵
  - Executes dropped EXE
  PID:5328
- C:\Windows\System\szmjoJZ.exe
  C:\Windows\System\szmjoJZ.exe
  2⤵
  PID:2376
- C:\Windows\System\YaXvjyN.exe
  C:\Windows\System\YaXvjyN.exe
  2⤵
  PID:5372
- C:\Windows\System\dTmLmNA.exe
  C:\Windows\System\dTmLmNA.exe
  2⤵
  PID:4880
- C:\Windows\System\hydmpIm.exe
  C:\Windows\System\hydmpIm.exe
  2⤵
  PID:4768
- C:\Windows\System\NPgPqfH.exe
  C:\Windows\System\NPgPqfH.exe
  2⤵
  PID:6024
- C:\Windows\System\InNyCoX.exe
  C:\Windows\System\InNyCoX.exe
  2⤵
  PID:3848
- C:\Windows\System\uRJYwVs.exe
  C:\Windows\System\uRJYwVs.exe
  2⤵
  PID:3288
- C:\Windows\System\YczgOta.exe
  C:\Windows\System\YczgOta.exe
  2⤵
  PID:5148
- C:\Windows\System\EgWAdDe.exe
  C:\Windows\System\EgWAdDe.exe
  2⤵
  PID:5920
- C:\Windows\System\WPnHmjx.exe
  C:\Windows\System\WPnHmjx.exe
  2⤵
  PID:3788
- C:\Windows\System\yLgwniu.exe
  C:\Windows\System\yLgwniu.exe
  2⤵
  PID:2496
- C:\Windows\System\fDXkmSU.exe
  C:\Windows\System\fDXkmSU.exe
  2⤵
  PID:4632
- C:\Windows\System\JbyveNU.exe
  C:\Windows\System\JbyveNU.exe
  2⤵
  PID:5424
- C:\Windows\System\QkydtWa.exe
  C:\Windows\System\QkydtWa.exe
  2⤵
  PID:6132
- C:\Windows\System\WtRwzJw.exe
  C:\Windows\System\WtRwzJw.exe
  2⤵
  PID:4384
- C:\Windows\System\PQFkuXx.exe
  C:\Windows\System\PQFkuXx.exe
  2⤵
  PID:3948
- C:\Windows\System\NTCvobD.exe
  C:\Windows\System\NTCvobD.exe
  2⤵
  PID:5344
- C:\Windows\System\UxIXiHx.exe
  C:\Windows\System\UxIXiHx.exe
  2⤵
  PID:5652
- C:\Windows\System\jRjOOWv.exe
  C:\Windows\System\jRjOOWv.exe
  2⤵
  PID:4848
- C:\Windows\System\fNbCQnt.exe
  C:\Windows\System\fNbCQnt.exe
  2⤵
  PID:2360
- C:\Windows\System\pOnYchu.exe
  C:\Windows\System\pOnYchu.exe
  2⤵
  PID:5480
- C:\Windows\System\XhfsOhQ.exe
  C:\Windows\System\XhfsOhQ.exe
  2⤵
  PID:4160
- C:\Windows\System\jnkXUSY.exe
  C:\Windows\System\jnkXUSY.exe
  2⤵
  PID:5256
- C:\Windows\System\VFNNxyl.exe
  C:\Windows\System\VFNNxyl.exe
  2⤵
  PID:3984
- C:\Windows\System\VopWOXl.exe
  C:\Windows\System\VopWOXl.exe
  2⤵
  PID:1652
- C:\Windows\System\hQexyZz.exe
  C:\Windows\System\hQexyZz.exe
  2⤵
  PID:4804
- C:\Windows\System\BlXUtUF.exe
  C:\Windows\System\BlXUtUF.exe
  2⤵
  PID:2736
- C:\Windows\System\TXCTKxm.exe
  C:\Windows\System\TXCTKxm.exe
  2⤵
  PID:1188
- C:\Windows\System\PaXongL.exe
  C:\Windows\System\PaXongL.exe
  2⤵
  PID:4756
- C:\Windows\System\hHPEdfF.exe
  C:\Windows\System\hHPEdfF.exe
  2⤵
  PID:5104
- C:\Windows\System\YmfKbmq.exe
  C:\Windows\System\YmfKbmq.exe
  2⤵
  PID:1904
- C:\Windows\System\dFdjfBo.exe
  C:\Windows\System\dFdjfBo.exe
  2⤵
  PID:1600
- C:\Windows\System\xfpcFIT.exe
  C:\Windows\System\xfpcFIT.exe
  2⤵
  PID:4328
- C:\Windows\System\XboELTF.exe
  C:\Windows\System\XboELTF.exe
  2⤵
  PID:3888
- C:\Windows\System\tptEzIR.exe
  C:\Windows\System\tptEzIR.exe
  2⤵
  PID:2916
- C:\Windows\System\UMPiocr.exe
  C:\Windows\System\UMPiocr.exe
  2⤵
  PID:5968
- C:\Windows\System\bRGwIPu.exe
  C:\Windows\System\bRGwIPu.exe
  2⤵
  PID:4796
- C:\Windows\System\VYiPHhj.exe
  C:\Windows\System\VYiPHhj.exe
  2⤵
  PID:3080
- C:\Windows\System\WeEOsGE.exe
  C:\Windows\System\WeEOsGE.exe
  2⤵
  PID:2860
- C:\Windows\System\DeNJGgE.exe
  C:\Windows\System\DeNJGgE.exe
  2⤵
  PID:3084
- C:\Windows\System\ugBbRlK.exe
  C:\Windows\System\ugBbRlK.exe
  2⤵
  PID:4808
- C:\Windows\System\dLKuZFX.exe
  C:\Windows\System\dLKuZFX.exe
  2⤵
  PID:3128
- C:\Windows\System\ahGNqnm.exe
  C:\Windows\System\ahGNqnm.exe
  2⤵
  PID:2564
- C:\Windows\System\auwkUqZ.exe
  C:\Windows\System\auwkUqZ.exe
  2⤵
  PID:3572
- C:\Windows\System\vIkPXem.exe
  C:\Windows\System\vIkPXem.exe
  2⤵
  PID:5660
- C:\Windows\System\SARPXeB.exe
  C:\Windows\System\SARPXeB.exe
  2⤵
  PID:4816
- C:\Windows\System\AIbqVKQ.exe
  C:\Windows\System\AIbqVKQ.exe
  2⤵
  PID:1956
- C:\Windows\System\LzLmcAf.exe
  C:\Windows\System\LzLmcAf.exe
  2⤵
  PID:6120
- C:\Windows\System\ruuBCJk.exe
  C:\Windows\System\ruuBCJk.exe
  2⤵
  PID:6096
- C:\Windows\System\phgSBaI.exe
  C:\Windows\System\phgSBaI.exe
  2⤵
  PID:456
- C:\Windows\System\KHBxXLb.exe
  C:\Windows\System\KHBxXLb.exe
  2⤵
  PID:5944
- C:\Windows\System\ZEXnCvT.exe
  C:\Windows\System\ZEXnCvT.exe
  2⤵
  PID:1304
- C:\Windows\System\zymeyfQ.exe
  C:\Windows\System\zymeyfQ.exe
  2⤵
  PID:1120
- C:\Windows\System\VqdqAxD.exe
  C:\Windows\System\VqdqAxD.exe
  2⤵
  PID:460
- C:\Windows\System\QzLnjOi.exe
  C:\Windows\System\QzLnjOi.exe
  2⤵
  PID:4292
- C:\Windows\System\SmuhrLh.exe
  C:\Windows\System\SmuhrLh.exe
  2⤵
  PID:5488
- C:\Windows\System\cmiYhrp.exe
  C:\Windows\System\cmiYhrp.exe
  2⤵
  PID:4692
- C:\Windows\System\WZptwLr.exe
  C:\Windows\System\WZptwLr.exe
  2⤵
  PID:1016
- C:\Windows\System\PhtSnlT.exe
  C:\Windows\System\PhtSnlT.exe
  2⤵
  PID:2508
- C:\Windows\System\YPEebDD.exe
  C:\Windows\System\YPEebDD.exe
  2⤵
  PID:5012
- C:\Windows\System\fJUCHir.exe
  C:\Windows\System\fJUCHir.exe
  2⤵
  PID:5720
- C:\Windows\System\zvVQwyG.exe
  C:\Windows\System\zvVQwyG.exe
  2⤵
  PID:1840
- C:\Windows\System\Vgytave.exe
  C:\Windows\System\Vgytave.exe
  2⤵
  PID:5324
- C:\Windows\System\MvcPtEV.exe
  C:\Windows\System\MvcPtEV.exe
  2⤵
  PID:1208
- C:\Windows\System\CgrRBCF.exe
  C:\Windows\System\CgrRBCF.exe
  2⤵
  PID:5848
- C:\Windows\System\aiUHtBC.exe
  C:\Windows\System\aiUHtBC.exe
  2⤵
  PID:876
- C:\Windows\System\WeTimcy.exe
  C:\Windows\System\WeTimcy.exe
  2⤵
  PID:5196
- C:\Windows\System\vrQtnjk.exe
  C:\Windows\System\vrQtnjk.exe
  2⤵
  PID:5996
- C:\Windows\System\VUrhDkY.exe
  C:\Windows\System\VUrhDkY.exe
  2⤵
  PID:3844
- C:\Windows\System\hpqXTxy.exe
  C:\Windows\System\hpqXTxy.exe
  2⤵
  PID:1456
- C:\Windows\System\iatGaYO.exe
  C:\Windows\System\iatGaYO.exe
  2⤵
  PID:3376
- C:\Windows\System\RKsNIpQ.exe
  C:\Windows\System\RKsNIpQ.exe
  2⤵
  PID:4744
- C:\Windows\System\EBZhnvG.exe
  C:\Windows\System\EBZhnvG.exe
  2⤵
  PID:3380
- C:\Windows\System\avpPVNO.exe
  C:\Windows\System\avpPVNO.exe
  2⤵
  PID:5764
- C:\Windows\System\mNbHWnd.exe
  C:\Windows\System\mNbHWnd.exe
  2⤵
  PID:3448
- C:\Windows\System\YQWFKvR.exe
  C:\Windows\System\YQWFKvR.exe
  2⤵
  PID:5348
- C:\Windows\System\GfhAiHR.exe
  C:\Windows\System\GfhAiHR.exe
  2⤵
  PID:6176
- C:\Windows\System\ZVotfuJ.exe
  C:\Windows\System\ZVotfuJ.exe
  2⤵
  PID:6208
- C:\Windows\System\REyYdRG.exe
  C:\Windows\System\REyYdRG.exe
  2⤵
  PID:6240
- C:\Windows\System\ZPmzgjW.exe
  C:\Windows\System\ZPmzgjW.exe
  2⤵
  PID:6272
- C:\Windows\System\IcfQeTj.exe
  C:\Windows\System\IcfQeTj.exe
  2⤵
  PID:6304
- C:\Windows\System\oZSZGoA.exe
  C:\Windows\System\oZSZGoA.exe
  2⤵
  PID:6336
- C:\Windows\System\HyuYWdd.exe
  C:\Windows\System\HyuYWdd.exe
  2⤵
  PID:6376
- C:\Windows\System\tFMKBTy.exe
  C:\Windows\System\tFMKBTy.exe
  2⤵
  PID:6400
- C:\Windows\System\qSdeSHb.exe
  C:\Windows\System\qSdeSHb.exe
  2⤵
  PID:6432
- C:\Windows\System\RwMVMeo.exe
  C:\Windows\System\RwMVMeo.exe
  2⤵
  PID:6464
- C:\Windows\System\xBWqMyM.exe
  C:\Windows\System\xBWqMyM.exe
  2⤵
  PID:6496
- C:\Windows\System\biqJJko.exe
  C:\Windows\System\biqJJko.exe
  2⤵
  PID:6524
- C:\Windows\System\DbeYPIg.exe
  C:\Windows\System\DbeYPIg.exe
  2⤵
  PID:6560
- C:\Windows\System\jIGZtyq.exe
  C:\Windows\System\jIGZtyq.exe
  2⤵
  PID:6592
- C:\Windows\System\roQWflO.exe
  C:\Windows\System\roQWflO.exe
  2⤵
  PID:6624
- C:\Windows\System\OOrJxcQ.exe
  C:\Windows\System\OOrJxcQ.exe
  2⤵
  PID:6652
- C:\Windows\System\KhbXNQx.exe
  C:\Windows\System\KhbXNQx.exe
  2⤵
  PID:6688
- C:\Windows\System\ofSRtDu.exe
  C:\Windows\System\ofSRtDu.exe
  2⤵
  PID:6712
- C:\Windows\System\FuhaRuM.exe
  C:\Windows\System\FuhaRuM.exe
  2⤵
  PID:6748
- C:\Windows\System\PnGIWHN.exe
  C:\Windows\System\PnGIWHN.exe
  2⤵
  PID:6784
- C:\Windows\System\AJBHLqC.exe
  C:\Windows\System\AJBHLqC.exe
  2⤵
  PID:6816
- C:\Windows\System\GhAyHsv.exe
  C:\Windows\System\GhAyHsv.exe
  2⤵
  PID:6844
- C:\Windows\System\aSlAtpw.exe
  C:\Windows\System\aSlAtpw.exe
  2⤵
  PID:6872
- C:\Windows\System\OOIODQU.exe
  C:\Windows\System\OOIODQU.exe
  2⤵
  PID:6908
- C:\Windows\System\yCGOBgq.exe
  C:\Windows\System\yCGOBgq.exe
  2⤵
  PID:6936
- C:\Windows\System\ReJikLd.exe
  C:\Windows\System\ReJikLd.exe
  2⤵
  PID:6972
- C:\Windows\System\AhVQoUj.exe
  C:\Windows\System\AhVQoUj.exe
  2⤵
  PID:7008
- C:\Windows\System\RSBZduq.exe
  C:\Windows\System\RSBZduq.exe
  2⤵
  PID:7040
- C:\Windows\System\vQJbfpo.exe
  C:\Windows\System\vQJbfpo.exe
  2⤵
  PID:7064
- C:\Windows\System\kKhbcbm.exe
  C:\Windows\System\kKhbcbm.exe
  2⤵
  PID:7104
- C:\Windows\System\QfLgdYf.exe
  C:\Windows\System\QfLgdYf.exe
  2⤵
  PID:7136
- C:\Windows\System\pNLJYbf.exe
  C:\Windows\System\pNLJYbf.exe
  2⤵
  PID:7160
- C:\Windows\System\GdLiFug.exe
  C:\Windows\System\GdLiFug.exe
  2⤵
  PID:6216
- C:\Windows\System\NTMWsNu.exe
  C:\Windows\System\NTMWsNu.exe
  2⤵
  PID:6280
- C:\Windows\System\fTazDYh.exe
  C:\Windows\System\fTazDYh.exe
  2⤵
  PID:6344
- C:\Windows\System\caOiulK.exe
  C:\Windows\System\caOiulK.exe
  2⤵
  PID:6408
- C:\Windows\System\nxmnZrs.exe
  C:\Windows\System\nxmnZrs.exe
  2⤵
  PID:6448
- C:\Windows\System\ueuyaZv.exe
  C:\Windows\System\ueuyaZv.exe
  2⤵
  PID:6532
- C:\Windows\System\OOkCMBN.exe
  C:\Windows\System\OOkCMBN.exe
  2⤵
  PID:6600
- C:\Windows\System\aZyhoRX.exe
  C:\Windows\System\aZyhoRX.exe
  2⤵
  PID:6676
- C:\Windows\System\qGBxklw.exe
  C:\Windows\System\qGBxklw.exe
  2⤵
  PID:6792
- C:\Windows\System\eJYpXbS.exe
  C:\Windows\System\eJYpXbS.exe
  2⤵
  PID:6836
- C:\Windows\System\DphhOJP.exe
  C:\Windows\System\DphhOJP.exe
  2⤵
  PID:6920
- C:\Windows\System\dNHWnTM.exe
  C:\Windows\System\dNHWnTM.exe
  2⤵
  PID:6984
- C:\Windows\System\kTDxNbZ.exe
  C:\Windows\System\kTDxNbZ.exe
  2⤵
  PID:7052
- C:\Windows\System\DFSdGRV.exe
  C:\Windows\System\DFSdGRV.exe
  2⤵
  PID:7116
- C:\Windows\System\EgHQkSC.exe
  C:\Windows\System\EgHQkSC.exe
  2⤵
  PID:6188
- C:\Windows\System\olpjlsH.exe
  C:\Windows\System\olpjlsH.exe
  2⤵
  PID:6288
- C:\Windows\System\vqMHqxK.exe
  C:\Windows\System\vqMHqxK.exe
  2⤵
  PID:6360
- C:\Windows\System\wdhgCqY.exe
  C:\Windows\System\wdhgCqY.exe
  2⤵
  PID:6544
- C:\Windows\System\sBGmhxz.exe
  C:\Windows\System\sBGmhxz.exe
  2⤵
  PID:6672
- C:\Windows\System\hkGEceB.exe
  C:\Windows\System\hkGEceB.exe
  2⤵
  PID:6828
- C:\Windows\System\RhVEkun.exe
  C:\Windows\System\RhVEkun.exe
  2⤵
  PID:6960
- C:\Windows\System\GikvSww.exe
  C:\Windows\System\GikvSww.exe
  2⤵
  PID:7124
- C:\Windows\System\AhSkwYh.exe
  C:\Windows\System\AhSkwYh.exe
  2⤵
  PID:6248
- C:\Windows\System\pBoBuko.exe
  C:\Windows\System\pBoBuko.exe
  2⤵
  PID:6572
- C:\Windows\System\aVoXstq.exe
  C:\Windows\System\aVoXstq.exe
  2⤵
  PID:6800
- C:\Windows\System\JAfHyRw.exe
  C:\Windows\System\JAfHyRw.exe
  2⤵
  PID:7076
- C:\Windows\System\FLeXKSn.exe
  C:\Windows\System\FLeXKSn.exe
  2⤵
  PID:6444
- C:\Windows\System\DGDTkGe.exe
  C:\Windows\System\DGDTkGe.exe
  2⤵
  PID:6184
- C:\Windows\System\rneZbLm.exe
  C:\Windows\System\rneZbLm.exe
  2⤵
  PID:6312
- C:\Windows\System\zOqYkbU.exe
  C:\Windows\System\zOqYkbU.exe
  2⤵
  PID:7176
- C:\Windows\System\nWdZYKl.exe
  C:\Windows\System\nWdZYKl.exe
  2⤵
  PID:7208
- C:\Windows\System\pxatpwo.exe
  C:\Windows\System\pxatpwo.exe
  2⤵
  PID:7232
- C:\Windows\System\daoBxuP.exe
  C:\Windows\System\daoBxuP.exe
  2⤵
  PID:7272
- C:\Windows\System\RHjHyUD.exe
  C:\Windows\System\RHjHyUD.exe
  2⤵
  PID:7296
- C:\Windows\System\QJEjQse.exe
  C:\Windows\System\QJEjQse.exe
  2⤵
  PID:7332
- C:\Windows\System\wcGbCoQ.exe
  C:\Windows\System\wcGbCoQ.exe
  2⤵
  PID:7368
- C:\Windows\System\rjRDSPK.exe
  C:\Windows\System\rjRDSPK.exe
  2⤵
  PID:7400
- C:\Windows\System\yEXrJKn.exe
  C:\Windows\System\yEXrJKn.exe
  2⤵
  PID:7432
- C:\Windows\System\MSAnAZf.exe
  C:\Windows\System\MSAnAZf.exe
  2⤵
  PID:7456
- C:\Windows\System\BqecofK.exe
  C:\Windows\System\BqecofK.exe
  2⤵
  PID:7488
- C:\Windows\System\XpqJMKB.exe
  C:\Windows\System\XpqJMKB.exe
  2⤵
  PID:7520
- C:\Windows\System\ysNEgiO.exe
  C:\Windows\System\ysNEgiO.exe
  2⤵
  PID:7560
- C:\Windows\System\SKwMWIj.exe
  C:\Windows\System\SKwMWIj.exe
  2⤵
  PID:7584
- C:\Windows\System\PLakPYA.exe
  C:\Windows\System\PLakPYA.exe
  2⤵
  PID:7616
- C:\Windows\System\gbXkONh.exe
  C:\Windows\System\gbXkONh.exe
  2⤵
  PID:7648
- C:\Windows\System\jQkJGMm.exe
  C:\Windows\System\jQkJGMm.exe
  2⤵
  PID:7684
- C:\Windows\System\OXzIQqs.exe
  C:\Windows\System\OXzIQqs.exe
  2⤵
  PID:7720
- C:\Windows\System\geMNylR.exe
  C:\Windows\System\geMNylR.exe
  2⤵
  PID:7744
- C:\Windows\System\anqfOtE.exe
  C:\Windows\System\anqfOtE.exe
  2⤵
  PID:7776
- C:\Windows\System\OTLkvOp.exe
  C:\Windows\System\OTLkvOp.exe
  2⤵
  PID:7808
- C:\Windows\System\osnsSOl.exe
  C:\Windows\System\osnsSOl.exe
  2⤵
  PID:7844
- C:\Windows\System\ngFdxpr.exe
  C:\Windows\System\ngFdxpr.exe
  2⤵
  PID:7872
- C:\Windows\System\SDgIyIg.exe
  C:\Windows\System\SDgIyIg.exe
  2⤵
  PID:7908
- C:\Windows\System\fykoeeW.exe
  C:\Windows\System\fykoeeW.exe
  2⤵
  PID:7940
- C:\Windows\System\tCTZpgT.exe
  C:\Windows\System\tCTZpgT.exe
  2⤵
  PID:7972
- C:\Windows\System\MkekHHk.exe
  C:\Windows\System\MkekHHk.exe
  2⤵
  PID:8000
- C:\Windows\System\aOQIWOG.exe
  C:\Windows\System\aOQIWOG.exe
  2⤵
  PID:8032
- C:\Windows\System\FZhDwVq.exe
  C:\Windows\System\FZhDwVq.exe
  2⤵
  PID:8068
- C:\Windows\System\WlaojJa.exe
  C:\Windows\System\WlaojJa.exe
  2⤵
  PID:8096
- C:\Windows\System\cEPITWh.exe
  C:\Windows\System\cEPITWh.exe
  2⤵
  PID:8128
- C:\Windows\System\VQeGilp.exe
  C:\Windows\System\VQeGilp.exe
  2⤵
  PID:8168
- C:\Windows\System\UVLgnOy.exe
  C:\Windows\System\UVLgnOy.exe
  2⤵
  PID:6756
- C:\Windows\System\wAmPPfB.exe
  C:\Windows\System\wAmPPfB.exe
  2⤵
  PID:7248
- C:\Windows\System\ERDntDY.exe
  C:\Windows\System\ERDntDY.exe
  2⤵
  PID:7292
- C:\Windows\System\mNVpSkC.exe
  C:\Windows\System\mNVpSkC.exe
  2⤵
  PID:7380
- C:\Windows\System\bAHEZDZ.exe
  C:\Windows\System\bAHEZDZ.exe
  2⤵
  PID:7420
- C:\Windows\System\CkTXTZc.exe
  C:\Windows\System\CkTXTZc.exe
  2⤵
  PID:7484
- C:\Windows\System\mjHigiu.exe
  C:\Windows\System\mjHigiu.exe
  2⤵
  PID:7572
- C:\Windows\System\WYSoGoO.exe
  C:\Windows\System\WYSoGoO.exe
  2⤵
  PID:7612
- C:\Windows\System\EnVzbOu.exe
  C:\Windows\System\EnVzbOu.exe
  2⤵
  PID:7696
- C:\Windows\System\skluYEn.exe
  C:\Windows\System\skluYEn.exe
  2⤵
  PID:7760
- C:\Windows\System\DiSgrZS.exe
  C:\Windows\System\DiSgrZS.exe
  2⤵
  PID:7804
- C:\Windows\System\alLgudI.exe
  C:\Windows\System\alLgudI.exe
  2⤵
  PID:7868
- C:\Windows\System\TyjRkhg.exe
  C:\Windows\System\TyjRkhg.exe
  2⤵
  PID:7952
- C:\Windows\System\bzsiLXn.exe
  C:\Windows\System\bzsiLXn.exe
  2⤵
  PID:8016
- C:\Windows\System\dbugoNk.exe
  C:\Windows\System\dbugoNk.exe
  2⤵
  PID:8080
- C:\Windows\System\nSRMKHn.exe
  C:\Windows\System\nSRMKHn.exe
  2⤵
  PID:8140
- C:\Windows\System\uRedbTr.exe
  C:\Windows\System\uRedbTr.exe
  2⤵
  PID:8188
- C:\Windows\System\GSUqVcH.exe
  C:\Windows\System\GSUqVcH.exe
  2⤵
  PID:7288
- C:\Windows\System\VIbvMiN.exe
  C:\Windows\System\VIbvMiN.exe
  2⤵
  PID:7416
- C:\Windows\System\gGfVhMt.exe
  C:\Windows\System\gGfVhMt.exe
  2⤵
  PID:7544
- C:\Windows\System\YYOVylx.exe
  C:\Windows\System\YYOVylx.exe
  2⤵
  PID:7728
- C:\Windows\System\MnjtntX.exe
  C:\Windows\System\MnjtntX.exe
  2⤵
  PID:7832
- C:\Windows\System\wFnVzho.exe
  C:\Windows\System\wFnVzho.exe
  2⤵
  PID:7928
- C:\Windows\System\fkbapdo.exe
  C:\Windows\System\fkbapdo.exe
  2⤵
  PID:8092
- C:\Windows\System\UwHXfJz.exe
  C:\Windows\System\UwHXfJz.exe
  2⤵
  PID:8184
- C:\Windows\System\LqYzbJJ.exe
  C:\Windows\System\LqYzbJJ.exe
  2⤵
  PID:7480
- C:\Windows\System\rgAUHpk.exe
  C:\Windows\System\rgAUHpk.exe
  2⤵
  PID:7788
- C:\Windows\System\lUXNskV.exe
  C:\Windows\System\lUXNskV.exe
  2⤵
  PID:7348
- C:\Windows\System\FTpNCIY.exe
  C:\Windows\System\FTpNCIY.exe
  2⤵
  PID:7992
- C:\Windows\System\Zmkarfn.exe
  C:\Windows\System\Zmkarfn.exe
  2⤵
  PID:8252
- C:\Windows\System\XuBxRch.exe
  C:\Windows\System\XuBxRch.exe
  2⤵
  PID:8296
- C:\Windows\System\fGXGdes.exe
  C:\Windows\System\fGXGdes.exe
  2⤵
  PID:8332
- C:\Windows\System\nYBxPXm.exe
  C:\Windows\System\nYBxPXm.exe
  2⤵
  PID:8360
- C:\Windows\System\NvSIZJd.exe
  C:\Windows\System\NvSIZJd.exe
  2⤵
  PID:8384
- C:\Windows\System\lArfNwe.exe
  C:\Windows\System\lArfNwe.exe
  2⤵
  PID:8424
- C:\Windows\System\ejxfgCJ.exe
  C:\Windows\System\ejxfgCJ.exe
  2⤵
  PID:8464
- C:\Windows\System\yuvvOKP.exe
  C:\Windows\System\yuvvOKP.exe
  2⤵
  PID:8500
- C:\Windows\System\emfrsTY.exe
  C:\Windows\System\emfrsTY.exe
  2⤵
  PID:8536
- C:\Windows\System\pZxfYbS.exe
  C:\Windows\System\pZxfYbS.exe
  2⤵
  PID:8572
- C:\Windows\System\aTXRYOM.exe
  C:\Windows\System\aTXRYOM.exe
  2⤵
  PID:8604
- C:\Windows\System\daORodv.exe
  C:\Windows\System\daORodv.exe
  2⤵
  PID:8632
- C:\Windows\System\TaYtHOm.exe
  C:\Windows\System\TaYtHOm.exe
  2⤵
  PID:8660
- C:\Windows\System\edAoFdY.exe
  C:\Windows\System\edAoFdY.exe
  2⤵
  PID:8696
- C:\Windows\System\XEFsGOI.exe
  C:\Windows\System\XEFsGOI.exe
  2⤵
  PID:8724
- C:\Windows\System\LFvmeQn.exe
  C:\Windows\System\LFvmeQn.exe
  2⤵
  PID:8760
- C:\Windows\System\sjXPKCQ.exe
  C:\Windows\System\sjXPKCQ.exe
  2⤵
  PID:8792
- C:\Windows\System\cadgKkw.exe
  C:\Windows\System\cadgKkw.exe
  2⤵
  PID:8820
- C:\Windows\System\tpZWGkx.exe
  C:\Windows\System\tpZWGkx.exe
  2⤵
  PID:8856
- C:\Windows\System\lXOtsby.exe
  C:\Windows\System\lXOtsby.exe
  2⤵
  PID:8888
- C:\Windows\System\HQJCAVX.exe
  C:\Windows\System\HQJCAVX.exe
  2⤵
  PID:8924
- C:\Windows\System\iTxgwyR.exe
  C:\Windows\System\iTxgwyR.exe
  2⤵
  PID:8948
- C:\Windows\System\lNYWvPD.exe
  C:\Windows\System\lNYWvPD.exe
  2⤵
  PID:8988
- C:\Windows\System\EFDRqBL.exe
  C:\Windows\System\EFDRqBL.exe
  2⤵
  PID:9016
- C:\Windows\System\QeSsMkA.exe
  C:\Windows\System\QeSsMkA.exe
  2⤵
  PID:9044
- C:\Windows\System\oXjasdp.exe
  C:\Windows\System\oXjasdp.exe
  2⤵
  PID:9080
- C:\Windows\System\redHDxY.exe
  C:\Windows\System\redHDxY.exe
  2⤵
  PID:9108
- C:\Windows\System\RZprZql.exe
  C:\Windows\System\RZprZql.exe
  2⤵
  PID:9144
- C:\Windows\System\mBoiWbr.exe
  C:\Windows\System\mBoiWbr.exe
  2⤵
  PID:9176
- C:\Windows\System\tQNoYZT.exe
  C:\Windows\System\tQNoYZT.exe
  2⤵
  PID:9208
- C:\Windows\System\QxlKHGr.exe
  C:\Windows\System\QxlKHGr.exe
  2⤵
  PID:8312
- C:\Windows\System\RSdehZC.exe
  C:\Windows\System\RSdehZC.exe
  2⤵
  PID:8324
- C:\Windows\System\HjwyDub.exe
  C:\Windows\System\HjwyDub.exe
  2⤵
  PID:8436
- C:\Windows\System\kxxUymU.exe
  C:\Windows\System\kxxUymU.exe
  2⤵
  PID:8496
- C:\Windows\System\NuLCyvU.exe
  C:\Windows\System\NuLCyvU.exe
  2⤵
  PID:8548
- C:\Windows\System\ySQhRbD.exe
  C:\Windows\System\ySQhRbD.exe
  2⤵
  PID:8616
- C:\Windows\System\KYIesjs.exe
  C:\Windows\System\KYIesjs.exe
  2⤵
  PID:8688
- C:\Windows\System\SDMMIbb.exe
  C:\Windows\System\SDMMIbb.exe
  2⤵
  PID:8740
- C:\Windows\System\DZJJquE.exe
  C:\Windows\System\DZJJquE.exe
  2⤵
  PID:8804
- C:\Windows\System\ZODTlky.exe
  C:\Windows\System\ZODTlky.exe
  2⤵
  PID:8876
- C:\Windows\System\UuUgsWq.exe
  C:\Windows\System\UuUgsWq.exe
  2⤵
  PID:8936
- C:\Windows\System\NQLieiu.exe
  C:\Windows\System\NQLieiu.exe
  2⤵
  PID:9000
- C:\Windows\System\UxyKBxr.exe
  C:\Windows\System\UxyKBxr.exe
  2⤵
  PID:9072
- C:\Windows\System\cOsvgYS.exe
  C:\Windows\System\cOsvgYS.exe
  2⤵
  PID:9120
- C:\Windows\System\sERbAMm.exe
  C:\Windows\System\sERbAMm.exe
  2⤵
  PID:9184
- C:\Windows\System\TNTpAGv.exe
  C:\Windows\System\TNTpAGv.exe
  2⤵
  PID:8288
- C:\Windows\System\EPPXDll.exe
  C:\Windows\System\EPPXDll.exe
  2⤵
  PID:8452
- C:\Windows\System\wrsPapo.exe
  C:\Windows\System\wrsPapo.exe
  2⤵
  PID:8580
- C:\Windows\System\xfbtuQO.exe
  C:\Windows\System\xfbtuQO.exe
  2⤵
  PID:8708
- C:\Windows\System\fIAOQsN.exe
  C:\Windows\System\fIAOQsN.exe
  2⤵
  PID:8832
- C:\Windows\System\uKoFlbw.exe
  C:\Windows\System\uKoFlbw.exe
  2⤵
  PID:8960
- C:\Windows\System\ufoVJHV.exe
  C:\Windows\System\ufoVJHV.exe
  2⤵
  PID:9068
- C:\Windows\System\GLvsGzk.exe
  C:\Windows\System\GLvsGzk.exe
  2⤵
  PID:8212
- C:\Windows\System\xshAluO.exe
  C:\Windows\System\xshAluO.exe
  2⤵
  PID:8512
- C:\Windows\System\HhcmbhA.exe
  C:\Windows\System\HhcmbhA.exe
  2⤵
  PID:8768
- C:\Windows\System\oIjZUnR.exe
  C:\Windows\System\oIjZUnR.exe
  2⤵
  PID:9028
- C:\Windows\System\HqAKyZa.exe
  C:\Windows\System\HqAKyZa.exe
  2⤵
  PID:8368
- C:\Windows\System\gMWGFFp.exe
  C:\Windows\System\gMWGFFp.exe
  2⤵
  PID:8864
- C:\Windows\System\Qwyrrvo.exe
  C:\Windows\System\Qwyrrvo.exe
  2⤵
  PID:8612
- C:\Windows\System\XKgPPHP.exe
  C:\Windows\System\XKgPPHP.exe
  2⤵
  PID:8736
- C:\Windows\System\NPtmFjt.exe
  C:\Windows\System\NPtmFjt.exe
  2⤵
  PID:9236
- C:\Windows\System\EUlZqJO.exe
  C:\Windows\System\EUlZqJO.exe
  2⤵
  PID:9268
- C:\Windows\System\irdnpgk.exe
  C:\Windows\System\irdnpgk.exe
  2⤵
  PID:9300
- C:\Windows\System\RUYJEGT.exe
  C:\Windows\System\RUYJEGT.exe
  2⤵
  PID:9332
- C:\Windows\System\jybMinJ.exe
  C:\Windows\System\jybMinJ.exe
  2⤵
  PID:9364
- C:\Windows\System\kFSGlHt.exe
  C:\Windows\System\kFSGlHt.exe
  2⤵
  PID:9396
- C:\Windows\System\xPoONQF.exe
  C:\Windows\System\xPoONQF.exe
  2⤵
  PID:9428
- C:\Windows\System\DhsuxkJ.exe
  C:\Windows\System\DhsuxkJ.exe
  2⤵
  PID:9460
- C:\Windows\System\VnJDTFK.exe
  C:\Windows\System\VnJDTFK.exe
  2⤵
  PID:9496
- C:\Windows\System\pRcTmzL.exe
  C:\Windows\System\pRcTmzL.exe
  2⤵
  PID:9528
- C:\Windows\System\BklQGTw.exe
  C:\Windows\System\BklQGTw.exe
  2⤵
  PID:9560
- C:\Windows\System\lPDilHG.exe
  C:\Windows\System\lPDilHG.exe
  2⤵
  PID:9592
- C:\Windows\System\UkWyLxe.exe
  C:\Windows\System\UkWyLxe.exe
  2⤵
  PID:9624
- C:\Windows\System\jWuXhyU.exe
  C:\Windows\System\jWuXhyU.exe
  2⤵
  PID:9656
- C:\Windows\System\ZlSBcIU.exe
  C:\Windows\System\ZlSBcIU.exe
  2⤵
  PID:9688
- C:\Windows\System\ivrgSds.exe
  C:\Windows\System\ivrgSds.exe
  2⤵
  PID:9720
- C:\Windows\System\kgYMVAh.exe
  C:\Windows\System\kgYMVAh.exe
  2⤵
  PID:9752
- C:\Windows\System\agvLGfk.exe
  C:\Windows\System\agvLGfk.exe
  2⤵
  PID:9784
- C:\Windows\System\EdPnvPb.exe
  C:\Windows\System\EdPnvPb.exe
  2⤵
  PID:9816
- C:\Windows\System\TUiBhSf.exe
  C:\Windows\System\TUiBhSf.exe
  2⤵
  PID:9848
- C:\Windows\System\IJPVfbY.exe
  C:\Windows\System\IJPVfbY.exe
  2⤵
  PID:9896
- C:\Windows\System\vZWcIaB.exe
  C:\Windows\System\vZWcIaB.exe
  2⤵
  PID:9912
- C:\Windows\System\ifMCsLz.exe
  C:\Windows\System\ifMCsLz.exe
  2⤵
  PID:9944
- C:\Windows\System\MxNllHf.exe
  C:\Windows\System\MxNllHf.exe
  2⤵
  PID:9976
- C:\Windows\System\mlKMhtm.exe
  C:\Windows\System\mlKMhtm.exe
  2⤵
  PID:10000
- C:\Windows\System\QRgQEKP.exe
  C:\Windows\System\QRgQEKP.exe
  2⤵
  PID:10040
- C:\Windows\System\NOBtDLE.exe
  C:\Windows\System\NOBtDLE.exe
  2⤵
  PID:10076
- C:\Windows\System\mDFnySo.exe
  C:\Windows\System\mDFnySo.exe
  2⤵
  PID:10108
- C:\Windows\System\yeZGMJa.exe
  C:\Windows\System\yeZGMJa.exe
  2⤵
  PID:10140
- C:\Windows\System\jScvGGI.exe
  C:\Windows\System\jScvGGI.exe
  2⤵
  PID:10172
- C:\Windows\System\lnCVewf.exe
  C:\Windows\System\lnCVewf.exe
  2⤵
  PID:10204
- C:\Windows\System\KYCdbiU.exe
  C:\Windows\System\KYCdbiU.exe
  2⤵
  PID:10236
- C:\Windows\System\QzYbZQY.exe
  C:\Windows\System\QzYbZQY.exe
  2⤵
  PID:9264
- C:\Windows\System\mJsGwjo.exe
  C:\Windows\System\mJsGwjo.exe
  2⤵
  PID:9328
- C:\Windows\System\XXUcDCs.exe
  C:\Windows\System\XXUcDCs.exe
  2⤵
  PID:9392
- C:\Windows\System\QXeHbdY.exe
  C:\Windows\System\QXeHbdY.exe
  2⤵
  PID:9456
- C:\Windows\System\rpnPQiK.exe
  C:\Windows\System\rpnPQiK.exe
  2⤵
  PID:9524
- C:\Windows\System\HeRQPIQ.exe
  C:\Windows\System\HeRQPIQ.exe
  2⤵
  PID:9588
- C:\Windows\System\yxthVky.exe
  C:\Windows\System\yxthVky.exe
  2⤵
  PID:9652
- C:\Windows\System\KzsCHwE.exe
  C:\Windows\System\KzsCHwE.exe
  2⤵
  PID:9716
- C:\Windows\System\drpdpIM.exe
  C:\Windows\System\drpdpIM.exe
  2⤵
  PID:9780
- C:\Windows\System\TKOHMNN.exe
  C:\Windows\System\TKOHMNN.exe
  2⤵
  PID:9860
- C:\Windows\System\nvIUzSo.exe
  C:\Windows\System\nvIUzSo.exe
  2⤵
  PID:9908
- C:\Windows\System\WtEMalj.exe
  C:\Windows\System\WtEMalj.exe
  2⤵
  PID:9960
- C:\Windows\System\WJBoXNb.exe
  C:\Windows\System\WJBoXNb.exe
  2⤵
  PID:10032
- C:\Windows\System\mvtOnSz.exe
  C:\Windows\System\mvtOnSz.exe
  2⤵
  PID:3960
- C:\Windows\System\DXXLZwD.exe
  C:\Windows\System\DXXLZwD.exe
  2⤵
  PID:3248
- C:\Windows\System\mBFPkaj.exe
  C:\Windows\System\mBFPkaj.exe
  2⤵
  PID:4944
- C:\Windows\System\qUwMoIm.exe
  C:\Windows\System\qUwMoIm.exe
  2⤵
  PID:10168
- C:\Windows\System\DNcJnxX.exe
  C:\Windows\System\DNcJnxX.exe
  2⤵
  PID:10232
- C:\Windows\System\IEHSMvj.exe
  C:\Windows\System\IEHSMvj.exe
  2⤵
  PID:9324
- C:\Windows\System\MGhoaAH.exe
  C:\Windows\System\MGhoaAH.exe
  2⤵
  PID:9452
- C:\Windows\System\oEPVmBb.exe
  C:\Windows\System\oEPVmBb.exe
  2⤵
  PID:9584
- C:\Windows\System\vJkbkYS.exe
  C:\Windows\System\vJkbkYS.exe
  2⤵
  PID:9712
- C:\Windows\System\wjPMmZg.exe
  C:\Windows\System\wjPMmZg.exe
  2⤵
  PID:9840
- C:\Windows\System\AgtVlgA.exe
  C:\Windows\System\AgtVlgA.exe
  2⤵
  PID:9956
- C:\Windows\System\jHWCGwx.exe
  C:\Windows\System\jHWCGwx.exe
  2⤵
  PID:4708
- C:\Windows\System\QVjEkRZ.exe
  C:\Windows\System\QVjEkRZ.exe
  2⤵
  PID:4876
- C:\Windows\System\YzTTmfR.exe
  C:\Windows\System\YzTTmfR.exe
  2⤵
  PID:10228
- C:\Windows\System\zahzsQX.exe
  C:\Windows\System\zahzsQX.exe
  2⤵
  PID:9424
- C:\Windows\System\CGqVmQH.exe
  C:\Windows\System\CGqVmQH.exe
  2⤵
  PID:9812
- C:\Windows\System\ZukXzPS.exe
  C:\Windows\System\ZukXzPS.exe
  2⤵
  PID:9972
- C:\Windows\System\hZFleZq.exe
  C:\Windows\System\hZFleZq.exe
  2⤵
  PID:10196
- C:\Windows\System\ManQXKX.exe
  C:\Windows\System\ManQXKX.exe
  2⤵
  PID:9640
- C:\Windows\System\jPsQDau.exe
  C:\Windows\System\jPsQDau.exe
  2⤵
  PID:2660
- C:\Windows\System\IGuQOMy.exe
  C:\Windows\System\IGuQOMy.exe
  2⤵
  PID:9648
- C:\Windows\System\cRulpsb.exe
  C:\Windows\System\cRulpsb.exe
  2⤵
  PID:10244
- C:\Windows\System\AaPLrLh.exe
  C:\Windows\System\AaPLrLh.exe
  2⤵
  PID:10264
- C:\Windows\System\anWDCiS.exe
  C:\Windows\System\anWDCiS.exe
  2⤵
  PID:10296
- C:\Windows\System\TzJwtYu.exe
  C:\Windows\System\TzJwtYu.exe
  2⤵
  PID:10348
- C:\Windows\System\wMWUKtA.exe
  C:\Windows\System\wMWUKtA.exe
  2⤵
  PID:10380
- C:\Windows\System\ihIMLqc.exe
  C:\Windows\System\ihIMLqc.exe
  2⤵
  PID:10412
- C:\Windows\System\fWbOUHc.exe
  C:\Windows\System\fWbOUHc.exe
  2⤵
  PID:10428
- C:\Windows\System\YmORNRW.exe
  C:\Windows\System\YmORNRW.exe
  2⤵
  PID:10472
- C:\Windows\System\VcfRcGM.exe
  C:\Windows\System\VcfRcGM.exe
  2⤵
  PID:10496
- C:\Windows\System\VMUSEDk.exe
  C:\Windows\System\VMUSEDk.exe
  2⤵
  PID:10524
- C:\Windows\System\SICHjqe.exe
  C:\Windows\System\SICHjqe.exe
  2⤵
  PID:10540
- C:\Windows\System\jNdvGXk.exe
  C:\Windows\System\jNdvGXk.exe
  2⤵
  PID:10596
- C:\Windows\System\fHSWlJn.exe
  C:\Windows\System\fHSWlJn.exe
  2⤵
  PID:10628
- C:\Windows\System\kckuAzh.exe
  C:\Windows\System\kckuAzh.exe
  2⤵
  PID:10668
- C:\Windows\System\eSGTLkB.exe
  C:\Windows\System\eSGTLkB.exe
  2⤵
  PID:10692
- C:\Windows\System\JRjTCzY.exe
  C:\Windows\System\JRjTCzY.exe
  2⤵
  PID:10712
- C:\Windows\System\yefLcdr.exe
  C:\Windows\System\yefLcdr.exe
  2⤵
  PID:10756
- C:\Windows\System\HPdXajV.exe
  C:\Windows\System\HPdXajV.exe
  2⤵
  PID:10788
- C:\Windows\System\VMDpGPS.exe
  C:\Windows\System\VMDpGPS.exe
  2⤵
  PID:10824
- C:\Windows\System\jHqwxcn.exe
  C:\Windows\System\jHqwxcn.exe
  2⤵
  PID:10852
- C:\Windows\System\SrrkjhU.exe
  C:\Windows\System\SrrkjhU.exe
  2⤵
  PID:10900
- C:\Windows\System\RGQtiYV.exe
  C:\Windows\System\RGQtiYV.exe
  2⤵
  PID:10932
- C:\Windows\System\ikOSlxm.exe
  C:\Windows\System\ikOSlxm.exe
  2⤵
  PID:10968
- C:\Windows\System\VZjLdkc.exe
  C:\Windows\System\VZjLdkc.exe
  2⤵
  PID:10992
- C:\Windows\System\adsBPHA.exe
  C:\Windows\System\adsBPHA.exe
  2⤵
  PID:11032
- C:\Windows\System\rTLhxHc.exe
  C:\Windows\System\rTLhxHc.exe
  2⤵
  PID:11064
- C:\Windows\System\VfFvVaz.exe
  C:\Windows\System\VfFvVaz.exe
  2⤵
  PID:11096
- C:\Windows\System\vwEEEcr.exe
  C:\Windows\System\vwEEEcr.exe
  2⤵
  PID:11128
- C:\Windows\System\mAoIrvA.exe
  C:\Windows\System\mAoIrvA.exe
  2⤵
  PID:11160
- C:\Windows\System\HzFbxIV.exe
  C:\Windows\System\HzFbxIV.exe
  2⤵
  PID:11192
- C:\Windows\System\EtTrRxd.exe
  C:\Windows\System\EtTrRxd.exe
  2⤵
  PID:11224
- C:\Windows\System\DfMWBjQ.exe
  C:\Windows\System\DfMWBjQ.exe
  2⤵
  PID:11240
- C:\Windows\System\AVOSmDy.exe
  C:\Windows\System\AVOSmDy.exe
  2⤵
  PID:9388
- C:\Windows\System\jmnuHkV.exe
  C:\Windows\System\jmnuHkV.exe
  2⤵
  PID:10336
- C:\Windows\System\EJihsIE.exe
  C:\Windows\System\EJihsIE.exe
  2⤵
  PID:10340
- C:\Windows\System\nxDodnl.exe
  C:\Windows\System\nxDodnl.exe
  2⤵
  PID:10424
- C:\Windows\System\udoqRNn.exe
  C:\Windows\System\udoqRNn.exe
  2⤵
  PID:10484
- C:\Windows\System\LnuDdfp.exe
  C:\Windows\System\LnuDdfp.exe
  2⤵
  PID:10512
- C:\Windows\System\lawgiKA.exe
  C:\Windows\System\lawgiKA.exe
  2⤵
  PID:10516
- C:\Windows\System\wZAFWDd.exe
  C:\Windows\System\wZAFWDd.exe
  2⤵
  PID:10608
- C:\Windows\System\sRKoDHo.exe
  C:\Windows\System\sRKoDHo.exe
  2⤵
  PID:10700
- C:\Windows\System\EhlokMG.exe
  C:\Windows\System\EhlokMG.exe
  2⤵
  PID:10808
- C:\Windows\System\ThHycfy.exe
  C:\Windows\System\ThHycfy.exe
  2⤵
  PID:10800
- C:\Windows\System\NGWrgjJ.exe
  C:\Windows\System\NGWrgjJ.exe
  2⤵
  PID:10916
- C:\Windows\System\lVNKbTd.exe
  C:\Windows\System\lVNKbTd.exe
  2⤵
  PID:11000
- C:\Windows\System\hLgYAGF.exe
  C:\Windows\System\hLgYAGF.exe
  2⤵
  PID:11080
- C:\Windows\System\RoVxQiW.exe
  C:\Windows\System\RoVxQiW.exe
  2⤵
  PID:11144
- C:\Windows\System\GrmTXbe.exe
  C:\Windows\System\GrmTXbe.exe
  2⤵
  PID:11232
- C:\Windows\System\SYYlJmR.exe
  C:\Windows\System\SYYlJmR.exe
  2⤵
  PID:11252
- C:\Windows\System\IyiKQnZ.exe
  C:\Windows\System\IyiKQnZ.exe
  2⤵
  PID:10360
- C:\Windows\System\GSbYrcX.exe
  C:\Windows\System\GSbYrcX.exe
  2⤵
  PID:10420
- C:\Windows\System\gcXtrZk.exe
  C:\Windows\System\gcXtrZk.exe
  2⤵
  PID:10556
- C:\Windows\System\rCiWEeu.exe
  C:\Windows\System\rCiWEeu.exe
  2⤵
  PID:10744
- C:\Windows\System\YhJKKKY.exe
  C:\Windows\System\YhJKKKY.exe
  2⤵
  PID:10952
- C:\Windows\System\uqWQpZb.exe
  C:\Windows\System\uqWQpZb.exe
  2⤵
  PID:11044
- C:\Windows\System\vnSekYT.exe
  C:\Windows\System\vnSekYT.exe
  2⤵
  PID:11212
- C:\Windows\System\edqpnve.exe
  C:\Windows\System\edqpnve.exe
  2⤵
  PID:10328
- C:\Windows\System\GYrflwD.exe
  C:\Windows\System\GYrflwD.exe
  2⤵
  PID:10572
- C:\Windows\System\MYQnwDz.exe
  C:\Windows\System\MYQnwDz.exe
  2⤵
  PID:1032
- C:\Windows\System\BoRVBdg.exe
  C:\Windows\System\BoRVBdg.exe
  2⤵
  PID:1080
- C:\Windows\System\qbxhExH.exe
  C:\Windows\System\qbxhExH.exe
  2⤵
  PID:10980
- C:\Windows\System\fSKoXbD.exe
  C:\Windows\System\fSKoXbD.exe
  2⤵
  PID:4416
- C:\Windows\System\kOOYIGE.exe
  C:\Windows\System\kOOYIGE.exe
  2⤵
  PID:3976
- C:\Windows\System\hMkygue.exe
  C:\Windows\System\hMkygue.exe
  2⤵
  PID:2540
- C:\Windows\System\YKtjgDI.exe
  C:\Windows\System\YKtjgDI.exe
  2⤵
  PID:5272
- C:\Windows\System\mGLLwEl.exe
  C:\Windows\System\mGLLwEl.exe
  2⤵
  PID:5280
- C:\Windows\System\cilVMxt.exe
  C:\Windows\System\cilVMxt.exe
  2⤵
  PID:3804
- C:\Windows\System\QknKMFr.exe
  C:\Windows\System\QknKMFr.exe
  2⤵
  PID:11300
- C:\Windows\System\CzVsxNq.exe
  C:\Windows\System\CzVsxNq.exe
  2⤵
  PID:11336
- C:\Windows\System\aMERUds.exe
  C:\Windows\System\aMERUds.exe
  2⤵
  PID:11356
- C:\Windows\System\jwTaMyS.exe
  C:\Windows\System\jwTaMyS.exe
  2⤵
  PID:11412
- C:\Windows\System\vowdWeg.exe
  C:\Windows\System\vowdWeg.exe
  2⤵
  PID:11436
- C:\Windows\System\TgwHyVY.exe
  C:\Windows\System\TgwHyVY.exe
  2⤵
  PID:11460
- C:\Windows\System\MrSVOOw.exe
  C:\Windows\System\MrSVOOw.exe
  2⤵
  PID:11508
- C:\Windows\System\bwaOUGU.exe
  C:\Windows\System\bwaOUGU.exe
  2⤵
  PID:11540
- C:\Windows\System\JrQUPJQ.exe
  C:\Windows\System\JrQUPJQ.exe
  2⤵
  PID:11572
- C:\Windows\System\EWeCkSt.exe
  C:\Windows\System\EWeCkSt.exe
  2⤵
  PID:11608
- C:\Windows\System\gXTVOFb.exe
  C:\Windows\System\gXTVOFb.exe
  2⤵
  PID:11640
- C:\Windows\System\uieGcsG.exe
  C:\Windows\System\uieGcsG.exe
  2⤵
  PID:11668
- C:\Windows\System\FbPOLnV.exe
  C:\Windows\System\FbPOLnV.exe
  2⤵
  PID:11704
- C:\Windows\System\CSqaIAI.exe
  C:\Windows\System\CSqaIAI.exe
  2⤵
  PID:11740
- C:\Windows\System\LXRekIe.exe
  C:\Windows\System\LXRekIe.exe
  2⤵
  PID:11776
- C:\Windows\System\tlEviSQ.exe
  C:\Windows\System\tlEviSQ.exe
  2⤵
  PID:11796
- C:\Windows\System\ycFMbwR.exe
  C:\Windows\System\ycFMbwR.exe
  2⤵
  PID:11824
- C:\Windows\System\mgPhlic.exe
  C:\Windows\System\mgPhlic.exe
  2⤵
  PID:11864
- C:\Windows\System\HqlWKDH.exe
  C:\Windows\System\HqlWKDH.exe
  2⤵
  PID:11896
- C:\Windows\System\wTcoIjO.exe
  C:\Windows\System\wTcoIjO.exe
  2⤵
  PID:11932
- C:\Windows\System\iSSwlGA.exe
  C:\Windows\System\iSSwlGA.exe
  2⤵
  PID:11968
- C:\Windows\System\VQFIXdq.exe
  C:\Windows\System\VQFIXdq.exe
  2⤵
  PID:11992
- C:\Windows\System\gUeUwDi.exe
  C:\Windows\System\gUeUwDi.exe
  2⤵
  PID:12008
- C:\Windows\System\ftyNsOi.exe
  C:\Windows\System\ftyNsOi.exe
  2⤵
  PID:12064
- C:\Windows\System\VFmhZbX.exe
  C:\Windows\System\VFmhZbX.exe
  2⤵
  PID:12092
- C:\Windows\System\eDeVpCR.exe
  C:\Windows\System\eDeVpCR.exe
  2⤵
  PID:12108
- C:\Windows\System\vsSqqLK.exe
  C:\Windows\System\vsSqqLK.exe
  2⤵
  PID:12124
- C:\Windows\System\Fxctksa.exe
  C:\Windows\System\Fxctksa.exe
  2⤵
  PID:12144
- C:\Windows\System\PKQIDbz.exe
  C:\Windows\System\PKQIDbz.exe
  2⤵
  PID:12212
- C:\Windows\System\bBDwmqJ.exe
  C:\Windows\System\bBDwmqJ.exe
  2⤵
  PID:12236
- C:\Windows\System\WeVTBex.exe
  C:\Windows\System\WeVTBex.exe
  2⤵
  PID:12268
- C:\Windows\System\rmGSsSh.exe
  C:\Windows\System\rmGSsSh.exe
  2⤵
  PID:2236
- C:\Windows\System\YcQYijf.exe
  C:\Windows\System\YcQYijf.exe
  2⤵
  PID:6100
- C:\Windows\System\WizNKlW.exe
  C:\Windows\System\WizNKlW.exe
  2⤵
  PID:11312
- C:\Windows\System\iKapGGs.exe
  C:\Windows\System\iKapGGs.exe
  2⤵
  PID:11368
- C:\Windows\System\AElfiSk.exe
  C:\Windows\System\AElfiSk.exe
  2⤵
  PID:4720
- C:\Windows\System\denoesB.exe
  C:\Windows\System\denoesB.exe
  2⤵
  PID:11532
- C:\Windows\System\uNaPWhA.exe
  C:\Windows\System\uNaPWhA.exe
  2⤵
  PID:11592
- C:\Windows\System\USnqJDf.exe
  C:\Windows\System\USnqJDf.exe
  2⤵
  PID:544
- C:\Windows\System\kOKiCdM.exe
  C:\Windows\System\kOKiCdM.exe
  2⤵
  PID:11652
- C:\Windows\System\iQunoBr.exe
  C:\Windows\System\iQunoBr.exe
  2⤵
  PID:11720
- C:\Windows\System\KJcfLly.exe
  C:\Windows\System\KJcfLly.exe
  2⤵
  PID:11756
- C:\Windows\System\WIDBrwb.exe
  C:\Windows\System\WIDBrwb.exe
  2⤵
  PID:11880
- C:\Windows\System\yuteTCD.exe
  C:\Windows\System\yuteTCD.exe
  2⤵
  PID:11980
- C:\Windows\System\hxpCSoL.exe
  C:\Windows\System\hxpCSoL.exe
  2⤵
  PID:12084
- C:\Windows\System\tDhhhec.exe
  C:\Windows\System\tDhhhec.exe
  2⤵
  PID:12020
- C:\Windows\System\UnJXbhx.exe
  C:\Windows\System\UnJXbhx.exe
  2⤵
  PID:12168
- C:\Windows\System\MhcpjvV.exe
  C:\Windows\System\MhcpjvV.exe
  2⤵
  PID:12248
- C:\Windows\System\nzFgzUb.exe
  C:\Windows\System\nzFgzUb.exe
  2⤵
  PID:11268
- C:\Windows\System\stfJQbz.exe
  C:\Windows\System\stfJQbz.exe
  2⤵
  PID:11344
- C:\Windows\System\JFHqqZR.exe
  C:\Windows\System\JFHqqZR.exe
  2⤵
  PID:11528
- C:\Windows\System\vEqvJcK.exe
  C:\Windows\System\vEqvJcK.exe
  2⤵
  PID:11524
- C:\Windows\System\yKGduds.exe
  C:\Windows\System\yKGduds.exe
  2⤵
  PID:11628
- C:\Windows\System\GpDnpbM.exe
  C:\Windows\System\GpDnpbM.exe
  2⤵
  PID:11768
- C:\Windows\System\tjOGbEn.exe
  C:\Windows\System\tjOGbEn.exe
  2⤵
  PID:11784
- C:\Windows\System\mSLGccJ.exe
  C:\Windows\System\mSLGccJ.exe
  2⤵
  PID:12024
- C:\Windows\System\ehhuSVa.exe
  C:\Windows\System\ehhuSVa.exe
  2⤵
  PID:12132
- C:\Windows\System\eDiIzle.exe
  C:\Windows\System\eDiIzle.exe
  2⤵
  PID:12252
- C:\Windows\System\XdTJOEw.exe
  C:\Windows\System\XdTJOEw.exe
  2⤵
  PID:12264
- C:\Windows\System\mcGnZkO.exe
  C:\Windows\System\mcGnZkO.exe
  2⤵
  PID:4588
- C:\Windows\System\tMvNPTH.exe
  C:\Windows\System\tMvNPTH.exe
  2⤵
  PID:11400
- C:\Windows\System\NCDeLyJ.exe
  C:\Windows\System\NCDeLyJ.exe
  2⤵
  PID:11684
- C:\Windows\System\VWfdjPY.exe
  C:\Windows\System\VWfdjPY.exe
  2⤵
  PID:11688
- C:\Windows\System\WVCQYCn.exe
  C:\Windows\System\WVCQYCn.exe
  2⤵
  PID:12156
- C:\Windows\System\zRrhnod.exe
  C:\Windows\System\zRrhnod.exe
  2⤵
  PID:1224
- C:\Windows\System\nSZiRgj.exe
  C:\Windows\System\nSZiRgj.exe
  2⤵
  PID:12296
- C:\Windows\System\IDCelyg.exe
  C:\Windows\System\IDCelyg.exe
  2⤵
  PID:12328
- C:\Windows\System\chmVEiN.exe
  C:\Windows\System\chmVEiN.exe
  2⤵
  PID:12360
- C:\Windows\System\qQvoAzs.exe
  C:\Windows\System\qQvoAzs.exe
  2⤵
  PID:12396
- C:\Windows\System\KmklvaN.exe
  C:\Windows\System\KmklvaN.exe
  2⤵
  PID:12424
- C:\Windows\System\qvkeNkb.exe
  C:\Windows\System\qvkeNkb.exe
  2⤵
  PID:12476
- C:\Windows\System\UurLLlV.exe
  C:\Windows\System\UurLLlV.exe
  2⤵
  PID:12512
- C:\Windows\System\kNhMHsw.exe
  C:\Windows\System\kNhMHsw.exe
  2⤵
  PID:12528
- C:\Windows\System\GnHkEdV.exe
  C:\Windows\System\GnHkEdV.exe
  2⤵
  PID:12568
- C:\Windows\System\WqMATZd.exe
  C:\Windows\System\WqMATZd.exe
  2⤵
  PID:12608
- C:\Windows\System\cqdxZWP.exe
  C:\Windows\System\cqdxZWP.exe
  2⤵
  PID:12636
- C:\Windows\System\TJEHGuu.exe
  C:\Windows\System\TJEHGuu.exe
  2⤵
  PID:12684
- C:\Windows\System\cdgSYZp.exe
  C:\Windows\System\cdgSYZp.exe
  2⤵
  PID:12704
- C:\Windows\System\epucYXe.exe
  C:\Windows\System\epucYXe.exe
  2⤵
  PID:12752
- C:\Windows\System\QThXcAD.exe
  C:\Windows\System\QThXcAD.exe
  2⤵
  PID:12768
- C:\Windows\System\NUmQTRs.exe
  C:\Windows\System\NUmQTRs.exe
  2⤵
  PID:12788
- C:\Windows\System\pacbvii.exe
  C:\Windows\System\pacbvii.exe
  2⤵
  PID:12812
- C:\Windows\System\fNwOyCW.exe
  C:\Windows\System\fNwOyCW.exe
  2⤵
  PID:12856
- C:\Windows\System\slEvTfD.exe
  C:\Windows\System\slEvTfD.exe
  2⤵
  PID:12892
- C:\Windows\System\jXKzVom.exe
  C:\Windows\System\jXKzVom.exe
  2⤵
  PID:12924
- C:\Windows\System\GyhMqsY.exe
  C:\Windows\System\GyhMqsY.exe
  2⤵
  PID:12964
- C:\Windows\System\dyxVSeK.exe
  C:\Windows\System\dyxVSeK.exe
  2⤵
  PID:13012
- C:\Windows\System\tMHqYBs.exe
  C:\Windows\System\tMHqYBs.exe
  2⤵
  PID:13052
- C:\Windows\System\dCSnezI.exe
  C:\Windows\System\dCSnezI.exe
  2⤵
  PID:13068
- C:\Windows\System\qDpFlvg.exe
  C:\Windows\System\qDpFlvg.exe
  2⤵
  PID:13120
- C:\Windows\System\QwTdDPT.exe
  C:\Windows\System\QwTdDPT.exe
  2⤵
  PID:13152
- C:\Windows\System\spoiHoZ.exe
  C:\Windows\System\spoiHoZ.exe
  2⤵
  PID:13176
- C:\Windows\System\PWlUUSE.exe
  C:\Windows\System\PWlUUSE.exe
  2⤵
  PID:13216
- C:\Windows\System\zhGzZqc.exe
  C:\Windows\System\zhGzZqc.exe
  2⤵
  PID:13248
- C:\Windows\System\sjgKVLL.exe
  C:\Windows\System\sjgKVLL.exe
  2⤵
  PID:13280
- C:\Windows\System\TAjEHzo.exe
  C:\Windows\System\TAjEHzo.exe
  2⤵
  PID:12260
- C:\Windows\System\rugELsB.exe
  C:\Windows\System\rugELsB.exe
  2⤵
  PID:11724
- C:\Windows\System\lsTmSEI.exe
  C:\Windows\System\lsTmSEI.exe
  2⤵
  PID:12104
- C:\Windows\System\KcCKfDy.exe
  C:\Windows\System\KcCKfDy.exe
  2⤵
  PID:12440
- C:\Windows\System\EcCTaKR.exe
  C:\Windows\System\EcCTaKR.exe
  2⤵
  PID:12408
- C:\Windows\System\awqJfbG.exe
  C:\Windows\System\awqJfbG.exe
  2⤵
  PID:12468
- C:\Windows\System\nJtHxYF.exe
  C:\Windows\System\nJtHxYF.exe
  2⤵
  PID:12596
- C:\Windows\System\Fgmunxk.exe
  C:\Windows\System\Fgmunxk.exe
  2⤵
  PID:12660
- C:\Windows\System\BVmcCJQ.exe
  C:\Windows\System\BVmcCJQ.exe
  2⤵
  PID:12620
- C:\Windows\System\oZgbolm.exe
  C:\Windows\System\oZgbolm.exe
  2⤵
  PID:12796
- C:\Windows\System\nTjaIGJ.exe
  C:\Windows\System\nTjaIGJ.exe
  2⤵
  PID:12764
- C:\Windows\System\YskteaC.exe
  C:\Windows\System\YskteaC.exe
  2⤵
  PID:12828
- C:\Windows\System\kzLsait.exe
  C:\Windows\System\kzLsait.exe
  2⤵
  PID:12868
- C:\Windows\System\kQIslZv.exe
  C:\Windows\System\kQIslZv.exe
  2⤵
  PID:12984
- C:\Windows\System\FWQslfb.exe
  C:\Windows\System\FWQslfb.exe
  2⤵
  PID:12936
- C:\Windows\System\PNYmIms.exe
  C:\Windows\System\PNYmIms.exe
  2⤵
  PID:13040
- C:\Windows\System\pZWBjlm.exe
  C:\Windows\System\pZWBjlm.exe
  2⤵
  PID:13100
- C:\Windows\System\wgCuhLe.exe
  C:\Windows\System\wgCuhLe.exe
  2⤵
  PID:13132
- C:\Windows\System\uyEjaiX.exe
  C:\Windows\System\uyEjaiX.exe
  2⤵
  PID:13236
- C:\Windows\System\EzwbOpO.exe
  C:\Windows\System\EzwbOpO.exe
  2⤵
  PID:12036
- C:\Windows\System\xmohIIe.exe
  C:\Windows\System\xmohIIe.exe
  2⤵
  PID:12320
- C:\Windows\System\MafDeyY.exe
  C:\Windows\System\MafDeyY.exe
  2⤵
  PID:12392
- C:\Windows\System\AhesOMq.exe
  C:\Windows\System\AhesOMq.exe
  2⤵
  PID:12540
- C:\Windows\System\vMaqEuE.exe
  C:\Windows\System\vMaqEuE.exe
  2⤵
  PID:12728
- C:\Windows\System\AiyUdcS.exe
  C:\Windows\System\AiyUdcS.exe
  2⤵
  PID:12776
- C:\Windows\System\ckHQHmx.exe
  C:\Windows\System\ckHQHmx.exe
  2⤵
  PID:12884
- C:\Windows\System\qnbkLAI.exe
  C:\Windows\System\qnbkLAI.exe
  2⤵
  PID:12912
- C:\Windows\System\JbmmtHS.exe
  C:\Windows\System\JbmmtHS.exe
  2⤵
  PID:13196
- C:\Windows\System\aJNaKeI.exe
  C:\Windows\System\aJNaKeI.exe
  2⤵
  PID:13108
- C:\Windows\System\QUeyAHM.exe
  C:\Windows\System\QUeyAHM.exe
  2⤵
  PID:12340
- C:\Windows\System\EWcIquu.exe
  C:\Windows\System\EWcIquu.exe
  2⤵
  PID:12492
- C:\Windows\System\HYEeLGJ.exe
  C:\Windows\System\HYEeLGJ.exe
  2⤵
  PID:12700
- C:\Windows\System\fabyRLg.exe
  C:\Windows\System\fabyRLg.exe
  2⤵
  PID:12804
- C:\Windows\System\zsenigj.exe
  C:\Windows\System\zsenigj.exe
  2⤵
  PID:13200
- C:\Windows\System\UvlKjjm.exe
  C:\Windows\System\UvlKjjm.exe
  2⤵
  PID:13304
- C:\Windows\System\fhGAiTW.exe
  C:\Windows\System\fhGAiTW.exe
  2⤵
  PID:3692
- C:\Windows\System\vRoRIrJ.exe
  C:\Windows\System\vRoRIrJ.exe
  2⤵
  PID:12944
- C:\Windows\System\oUDsUyf.exe
  C:\Windows\System\oUDsUyf.exe
  2⤵
  PID:13264
- C:\Windows\System\PrWDkTm.exe
  C:\Windows\System\PrWDkTm.exe
  2⤵
  PID:12420
- C:\Windows\System\oXXBeFN.exe
  C:\Windows\System\oXXBeFN.exe
  2⤵
  PID:13316
- C:\Windows\System\cZxaATF.exe
  C:\Windows\System\cZxaATF.exe
  2⤵
  PID:13332
- C:\Windows\System\dBYlPkV.exe
  C:\Windows\System\dBYlPkV.exe
  2⤵
  PID:13360
- C:\Windows\System\zdoAKcr.exe
  C:\Windows\System\zdoAKcr.exe
  2⤵
  PID:13476
- C:\Windows\System\tAtacak.exe
  C:\Windows\System\tAtacak.exe
  2⤵
  PID:13492
- C:\Windows\System\LdvRBdp.exe
  C:\Windows\System\LdvRBdp.exe
  2⤵
  PID:13524
- C:\Windows\System\WBhyDEZ.exe
  C:\Windows\System\WBhyDEZ.exe
  2⤵
  PID:13544
- C:\Windows\System\QPstEmv.exe
  C:\Windows\System\QPstEmv.exe
  2⤵
  PID:13576
- C:\Windows\System\ZkvcKBQ.exe
  C:\Windows\System\ZkvcKBQ.exe
  2⤵
  PID:13604
- C:\Windows\System\Dqficmq.exe
  C:\Windows\System\Dqficmq.exe
  2⤵
  PID:13636
- C:\Windows\System\XPtRMTY.exe
  C:\Windows\System\XPtRMTY.exe
  2⤵
  PID:13668
- C:\Windows\System\xRZQktv.exe
  C:\Windows\System\xRZQktv.exe
  2⤵
  PID:13696
- C:\Windows\System\dMzzSPl.exe
  C:\Windows\System\dMzzSPl.exe
  2⤵
  PID:13728
- C:\Windows\System\FWgVqPZ.exe
  C:\Windows\System\FWgVqPZ.exe
  2⤵
  PID:13756
- C:\Windows\System\fCvAYgO.exe
  C:\Windows\System\fCvAYgO.exe
  2⤵
  PID:13788
- C:\Windows\System\ZUkktIK.exe
  C:\Windows\System\ZUkktIK.exe
  2⤵
  PID:13828
- C:\Windows\System\VFlpNQJ.exe
  C:\Windows\System\VFlpNQJ.exe
  2⤵
  PID:13860
- C:\Windows\System\KUpxCzg.exe
  C:\Windows\System\KUpxCzg.exe
  2⤵
  PID:13892
- C:\Windows\System\DhKcfZB.exe
  C:\Windows\System\DhKcfZB.exe
  2⤵
  PID:13924
- C:\Windows\System\KkRvCjN.exe
  C:\Windows\System\KkRvCjN.exe
  2⤵
  PID:13960
- C:\Windows\System\eAJgocO.exe
  C:\Windows\System\eAJgocO.exe
  2⤵
  PID:13988
- C:\Windows\System\ooyLmeA.exe
  C:\Windows\System\ooyLmeA.exe
  2⤵
  PID:14004
- C:\Windows\System\WPznRkM.exe
  C:\Windows\System\WPznRkM.exe
  2⤵
  PID:14020
- C:\Windows\System\dQMaHbs.exe
  C:\Windows\System\dQMaHbs.exe
  2⤵
  PID:14036
- C:\Windows\System\qBDAaDA.exe
  C:\Windows\System\qBDAaDA.exe
  2⤵
  PID:14052
- C:\Windows\System\CzgxnQq.exe
  C:\Windows\System\CzgxnQq.exe
  2⤵
  PID:14080
- C:\Windows\System\sfeRvyn.exe
  C:\Windows\System\sfeRvyn.exe
  2⤵
  PID:14120
- C:\Windows\System\gvLZqKc.exe
  C:\Windows\System\gvLZqKc.exe
  2⤵
  PID:14144
- C:\Windows\System\ZFcQrha.exe
  C:\Windows\System\ZFcQrha.exe
  2⤵
  PID:14192
- C:\Windows\System\pItTawH.exe
  C:\Windows\System\pItTawH.exe
  2⤵
  PID:14236
- C:\Windows\System\SzOdGmD.exe
  C:\Windows\System\SzOdGmD.exe
  2⤵
  PID:14280
- C:\Windows\System\cQOPoIf.exe
  C:\Windows\System\cQOPoIf.exe
  2⤵
  PID:14328
- C:\Windows\System\lsxoyNL.exe
  C:\Windows\System\lsxoyNL.exe
  2⤵
  PID:13344
- C:\Windows\System\xQCdAhA.exe
  C:\Windows\System\xQCdAhA.exe
  2⤵
  PID:12324
- C:\Windows\System\oJxIIGC.exe
  C:\Windows\System\oJxIIGC.exe
  2⤵
  PID:13456
- C:\Windows\System\sFfvTun.exe
  C:\Windows\System\sFfvTun.exe
  2⤵
  PID:13568
- C:\Windows\System\McjGNdd.exe
  C:\Windows\System\McjGNdd.exe
  2⤵
  PID:13620
- C:\Windows\System\MUodsfD.exe
  C:\Windows\System\MUodsfD.exe
  2⤵
  PID:13648
- C:\Windows\System\GpEIONR.exe
  C:\Windows\System\GpEIONR.exe
  2⤵
  PID:3508
- C:\Windows\System\EslIMJf.exe
  C:\Windows\System\EslIMJf.exe
  2⤵
  PID:2240
- C:\Windows\System\lRnjbeJ.exe
  C:\Windows\System\lRnjbeJ.exe
  2⤵
  PID:13820
- C:\Windows\System\CvRGamG.exe
  C:\Windows\System\CvRGamG.exe
  2⤵
  PID:13884
- C:\Windows\System\KlBcAse.exe
  C:\Windows\System\KlBcAse.exe
  2⤵
  PID:13936
- C:\Windows\System\GDNXhNl.exe
  C:\Windows\System\GDNXhNl.exe
  2⤵
  PID:14016
- C:\Windows\System\plcHhir.exe
  C:\Windows\System\plcHhir.exe
  2⤵
  PID:14068
- C:\Windows\System\lusUewG.exe
  C:\Windows\System\lusUewG.exe
  2⤵
  PID:14072
- C:\Windows\System\OksHjae.exe
  C:\Windows\System\OksHjae.exe
  2⤵
  PID:14128
- C:\Windows\System\nTMOqfd.exe
  C:\Windows\System\nTMOqfd.exe
  2⤵
  PID:5704
- C:\Windows\System\xKSNmgB.exe
  C:\Windows\System\xKSNmgB.exe
  2⤵
  PID:14268
- C:\Windows\System\lbPEkcC.exe
  C:\Windows\System\lbPEkcC.exe
  2⤵
  PID:14300
- C:\Windows\System\wXntzch.exe
  C:\Windows\System\wXntzch.exe
  2⤵
  PID:13272
- C:\Windows\System\KRhTxBp.exe
  C:\Windows\System\KRhTxBp.exe
  2⤵
  PID:13424
- C:\Windows\System\McQrEGh.exe
  C:\Windows\System\McQrEGh.exe
  2⤵
  PID:13484
- C:\Windows\System\HNLhaeY.exe
  C:\Windows\System\HNLhaeY.exe
  2⤵
  PID:13504
- C:\Windows\System\AuOijHb.exe
  C:\Windows\System\AuOijHb.exe
  2⤵
  PID:13616
- C:\Windows\System\VwfLEPN.exe
  C:\Windows\System\VwfLEPN.exe
  2⤵
  PID:13708
- C:\Windows\System\ESCMtMN.exe
  C:\Windows\System\ESCMtMN.exe
  2⤵
  PID:13772
- C:\Windows\System\UHwSEyr.exe
  C:\Windows\System\UHwSEyr.exe
  2⤵
  PID:13976
- C:\Windows\System\MLcFYAi.exe
  C:\Windows\System\MLcFYAi.exe
  2⤵
  PID:14112
- C:\Windows\System\JRKQPUo.exe
  C:\Windows\System\JRKQPUo.exe
  2⤵
  PID:14272
- C:\Windows\System\gRqmyCn.exe
  C:\Windows\System\gRqmyCn.exe
  2⤵
  PID:3568
- C:\Windows\System\btAAYRF.exe
  C:\Windows\System\btAAYRF.exe
  2⤵
  PID:14032
- C:\Windows\System\GebbGJl.exe
  C:\Windows\System\GebbGJl.exe
  2⤵
  PID:13704
- C:\Windows\System\uwfJZiI.exe
  C:\Windows\System\uwfJZiI.exe
  2⤵
  PID:14160
- C:\Windows\System\mqjGoSZ.exe
  C:\Windows\System\mqjGoSZ.exe
  2⤵
  PID:13596
- C:\Windows\System\ZRbgekc.exe
  C:\Windows\System\ZRbgekc.exe
  2⤵
  PID:14356
- C:\Windows\System\EhHlaFL.exe
  C:\Windows\System\EhHlaFL.exe
  2⤵
  PID:14392
- C:\Windows\System\nrKbuBp.exe
  C:\Windows\System\nrKbuBp.exe
  2⤵
  PID:14412
- C:\Windows\System\aFzlkIU.exe
  C:\Windows\System\aFzlkIU.exe
  2⤵
  PID:14452
- C:\Windows\System\kLPYqFb.exe
  C:\Windows\System\kLPYqFb.exe
  2⤵
  PID:14488
- C:\Windows\System\snLbNCz.exe
  C:\Windows\System\snLbNCz.exe
  2⤵
  PID:14508
- C:\Windows\System\RUrZnRV.exe
  C:\Windows\System\RUrZnRV.exe
  2⤵
  PID:14564
- C:\Windows\System\QIBmxTw.exe
  C:\Windows\System\QIBmxTw.exe
  2⤵
  PID:14600
- C:\Windows\System\WFWypCz.exe
  C:\Windows\System\WFWypCz.exe
  2⤵
  PID:14632
- C:\Windows\System\SyoVUOs.exe
  C:\Windows\System\SyoVUOs.exe
  2⤵
  PID:14648
- C:\Windows\System\DRjrOrW.exe
  C:\Windows\System\DRjrOrW.exe
  2⤵
  PID:14672
- C:\Windows\System\YdAcZJZ.exe
  C:\Windows\System\YdAcZJZ.exe
  2⤵
  PID:14688
- C:\Windows\System\zOKwkMv.exe
  C:\Windows\System\zOKwkMv.exe
  2⤵
  PID:14712
- C:\Windows\System\PipLkrS.exe
  C:\Windows\System\PipLkrS.exe
  2⤵
  PID:14740
- C:\Windows\System\Fsukbdx.exe
  C:\Windows\System\Fsukbdx.exe
  2⤵
  PID:14756
- C:\Windows\System\gGqyeZL.exe
  C:\Windows\System\gGqyeZL.exe
  2⤵
  PID:14796
- C:\Windows\System\XhkCSYz.exe
  C:\Windows\System\XhkCSYz.exe
  2⤵
  PID:14820
- C:\Windows\System\CgrSUHj.exe
  C:\Windows\System\CgrSUHj.exe
  2⤵
  PID:14864
- C:\Windows\System\uaNmpbh.exe
  C:\Windows\System\uaNmpbh.exe
  2⤵
  PID:14900
- C:\Windows\System\fLLvVCI.exe
  C:\Windows\System\fLLvVCI.exe
  2⤵
  PID:14932
- C:\Windows\System\LJflcEg.exe
  C:\Windows\System\LJflcEg.exe
  2⤵
  PID:14976
- C:\Windows\System\RORslNi.exe
  C:\Windows\System\RORslNi.exe
  2⤵
  PID:15016
- C:\Windows\System\AudIxBM.exe
  C:\Windows\System\AudIxBM.exe
  2⤵
  PID:15048
- C:\Windows\System\HwjPVfz.exe
  C:\Windows\System\HwjPVfz.exe
  2⤵
  PID:15076
- C:\Windows\System\NrKMRHr.exe
  C:\Windows\System\NrKMRHr.exe
  2⤵
  PID:15108
- C:\Windows\System\jnbVfqb.exe
  C:\Windows\System\jnbVfqb.exe
  2⤵
  PID:15148
- C:\Windows\System\bQAPdfL.exe
  C:\Windows\System\bQAPdfL.exe
  2⤵
  PID:15200
- C:\Windows\System\clImHYC.exe
  C:\Windows\System\clImHYC.exe
  2⤵
  PID:15240
- C:\Windows\System\cjmiZCi.exe
  C:\Windows\System\cjmiZCi.exe
  2⤵
  PID:15268
- C:\Windows\System\ywaLqpO.exe
  C:\Windows\System\ywaLqpO.exe
  2⤵
  PID:15296
- C:\Windows\System\EyGXaud.exe
  C:\Windows\System\EyGXaud.exe
  2⤵
  PID:15332
- C:\Windows\System\wMhYDdM.exe
  C:\Windows\System\wMhYDdM.exe
  2⤵
  PID:15352
- C:\Windows\System\hNSPjgF.exe
  C:\Windows\System\hNSPjgF.exe
  2⤵
  PID:14348
- C:\Windows\System\NFBhfTO.exe
  C:\Windows\System\NFBhfTO.exe
  2⤵
  PID:14400
- C:\Windows\System\oUPnvJU.exe
  C:\Windows\System\oUPnvJU.exe
  2⤵
  PID:14428
- C:\Windows\System\qyJnvKl.exe
  C:\Windows\System\qyJnvKl.exe
  2⤵
  PID:14464
- C:\Windows\System\GvYuiKW.exe
  C:\Windows\System\GvYuiKW.exe
  2⤵
  PID:14596
- C:\Windows\System\gvQHNAi.exe
  C:\Windows\System\gvQHNAi.exe
  2⤵
  PID:14640
- C:\Windows\System\EUJQEIw.exe
  C:\Windows\System\EUJQEIw.exe
  2⤵
  PID:14708
- C:\Windows\System\gxvOftN.exe
  C:\Windows\System\gxvOftN.exe
  2⤵
  PID:14724
- C:\Windows\System\LZIJyKU.exe
  C:\Windows\System\LZIJyKU.exe
  2⤵
  PID:14860
- C:\Windows\System\qxunRRu.exe
  C:\Windows\System\qxunRRu.exe
  2⤵
  PID:14832
- C:\Windows\System\vSfYWby.exe
  C:\Windows\System\vSfYWby.exe
  2⤵
  PID:15012
- C:\Windows\System\DvGcgsO.exe
  C:\Windows\System\DvGcgsO.exe
  2⤵
  PID:5128
- C:\Windows\System\POAvMmG.exe
  C:\Windows\System\POAvMmG.exe
  2⤵
  PID:15024
- C:\Windows\System\YKOSGZa.exe
  C:\Windows\System\YKOSGZa.exe
  2⤵
  PID:15156
- C:\Windows\System\ohFhrKE.exe
  C:\Windows\System\ohFhrKE.exe
  2⤵
  PID:15172
- C:\Windows\System\TVLhFRQ.exe
  C:\Windows\System\TVLhFRQ.exe
  2⤵
  PID:15144
- C:\Windows\System\eUYqZvd.exe
  C:\Windows\System\eUYqZvd.exe
  2⤵
  PID:15308
- C:\Windows\System\myqbInF.exe
  C:\Windows\System\myqbInF.exe
  2⤵
  PID:14176
- C:\Windows\System\RXUYtnx.exe
  C:\Windows\System\RXUYtnx.exe
  2⤵
  PID:13720
- C:\Windows\System\CoFQavw.exe
  C:\Windows\System\CoFQavw.exe
  2⤵
  PID:14552
- C:\Windows\System\KortOzU.exe
  C:\Windows\System\KortOzU.exe
  2⤵
  PID:14684
- C:\Windows\System\OtrEvxZ.exe
  C:\Windows\System\OtrEvxZ.exe
  2⤵
  PID:14748
- C:\Windows\System\HGNaSSP.exe
  C:\Windows\System\HGNaSSP.exe
  2⤵
  PID:14888
- C:\Windows\System\imgxgYs.exe
  C:\Windows\System\imgxgYs.exe
  2⤵
  PID:5396
- C:\Windows\System\FeqMBBJ.exe
  C:\Windows\System\FeqMBBJ.exe
  2⤵
  PID:15104
- C:\Windows\System\XxgwCyB.exe
  C:\Windows\System\XxgwCyB.exe
  2⤵
  PID:15256
- C:\Windows\System\SsnxcJs.exe
  C:\Windows\System\SsnxcJs.exe
  2⤵
  PID:15304
- C:\Windows\System\KhUkqpe.exe
  C:\Windows\System\KhUkqpe.exe
  2⤵
  PID:14576
- C:\Windows\System\xnHUvMi.exe
  C:\Windows\System\xnHUvMi.exe
  2⤵
  PID:14836
- C:\Windows\System\cxgwRux.exe
  C:\Windows\System\cxgwRux.exe
  2⤵
  PID:14992
- C:\Windows\System\qQafJSf.exe
  C:\Windows\System\qQafJSf.exe
  2⤵
  PID:15252
- C:\Windows\System\AlvhEFs.exe
  C:\Windows\System\AlvhEFs.exe
  2⤵
  PID:14556
- C:\Windows\System\YqKzSNJ.exe
  C:\Windows\System\YqKzSNJ.exe
  2⤵
  PID:14704
- C:\Windows\System\IoISdkp.exe
  C:\Windows\System\IoISdkp.exe
  2⤵
  PID:14612
- C:\Windows\System\LvVTnOt.exe
  C:\Windows\System\LvVTnOt.exe
  2⤵
  PID:648
- C:\Windows\System\EVJVxfk.exe
  C:\Windows\System\EVJVxfk.exe
  2⤵
  PID:14448
- C:\Windows\System\KIGwZyf.exe
  C:\Windows\System\KIGwZyf.exe
  2⤵
  PID:3556
- C:\Windows\System\GtCjoOv.exe
  C:\Windows\System\GtCjoOv.exe
  2⤵
  PID:15368
- C:\Windows\System\EItBelE.exe
  C:\Windows\System\EItBelE.exe
  2⤵
  PID:15396
- C:\Windows\System\WRnqqcc.exe
  C:\Windows\System\WRnqqcc.exe
  2⤵
  PID:15452
- C:\Windows\System\VHRcYCW.exe
  C:\Windows\System\VHRcYCW.exe
  2⤵
  PID:15496
- C:\Windows\System\nrROQaE.exe
  C:\Windows\System\nrROQaE.exe
  2⤵
  PID:15528
- C:\Windows\System\SKqUqZA.exe
  C:\Windows\System\SKqUqZA.exe
  2⤵
  PID:15560
- C:\Windows\System\BqrVYAC.exe
  C:\Windows\System\BqrVYAC.exe
  2⤵
  PID:15580
- C:\Windows\System\oeunKzu.exe
  C:\Windows\System\oeunKzu.exe
  2⤵
  PID:15624
- C:\Windows\System\aLPoZOU.exe
  C:\Windows\System\aLPoZOU.exe
  2⤵
  PID:15640
- C:\Windows\System\mnCURvl.exe
  C:\Windows\System\mnCURvl.exe
  2⤵
  PID:15684
- C:\Windows\System\kDXSEaA.exe
  C:\Windows\System\kDXSEaA.exe
  2⤵
  PID:15704
- C:\Windows\System\QwrVkol.exe
  C:\Windows\System\QwrVkol.exe
  2⤵
  PID:15748
- C:\Windows\System\qlgkTjW.exe
  C:\Windows\System\qlgkTjW.exe
  2⤵
  PID:15768
- C:\Windows\System\VJyIaFE.exe
  C:\Windows\System\VJyIaFE.exe
  2⤵
  PID:15784
- C:\Windows\System\FcLKtVE.exe
  C:\Windows\System\FcLKtVE.exe
  2⤵
  PID:15832
- C:\Windows\System\fCHmJDk.exe
  C:\Windows\System\fCHmJDk.exe
  2⤵
  PID:15864
- C:\Windows\System\stMqalX.exe
  C:\Windows\System\stMqalX.exe
  2⤵
  PID:15896
- C:\Windows\System\VPYbrwG.exe
  C:\Windows\System\VPYbrwG.exe
  2⤵
  PID:15928
- C:\Windows\System\sIIBJRF.exe
  C:\Windows\System\sIIBJRF.exe
  2⤵
  PID:15968
- C:\Windows\System\DINpgZa.exe
  C:\Windows\System\DINpgZa.exe
  2⤵
  PID:15984
- C:\Windows\System\nbHmHuy.exe
  C:\Windows\System\nbHmHuy.exe
  2⤵
  PID:16036
- C:\Windows\System\dJiSlzl.exe
  C:\Windows\System\dJiSlzl.exe
  2⤵
  PID:16060
- C:\Windows\System\CpTMnVX.exe
  C:\Windows\System\CpTMnVX.exe
  2⤵
  PID:16088
- C:\Windows\System\BdSKgix.exe
  C:\Windows\System\BdSKgix.exe
  2⤵
  PID:16112
- C:\Windows\System\llEmoOj.exe
  C:\Windows\System\llEmoOj.exe
  2⤵
  PID:16152
- C:\Windows\System\NMBPEsg.exe
  C:\Windows\System\NMBPEsg.exe
  2⤵
  PID:16188
- C:\Windows\System\sGNqeBg.exe
  C:\Windows\System\sGNqeBg.exe
  2⤵
  PID:16224
- C:\Windows\System\dOcYkmG.exe
  C:\Windows\System\dOcYkmG.exe
  2⤵
  PID:16256
- C:\Windows\System\YHLqeeK.exe
  C:\Windows\System\YHLqeeK.exe
  2⤵
  PID:16296
- C:\Windows\System\YNoslsL.exe
  C:\Windows\System\YNoslsL.exe
  2⤵
  PID:16316
- C:\Windows\System\JsKZFry.exe
  C:\Windows\System\JsKZFry.exe
  2⤵
  PID:16352
- C:\Windows\System\limYMOB.exe
  C:\Windows\System\limYMOB.exe
  2⤵
  PID:16376
- C:\Windows\System\qJtHyBS.exe
  C:\Windows\System\qJtHyBS.exe
  2⤵
  PID:15384
- C:\Windows\System\dMcwiYl.exe
  C:\Windows\System\dMcwiYl.exe
  2⤵
  PID:15472
- C:\Windows\System\afsvUDY.exe
  C:\Windows\System\afsvUDY.exe
  2⤵
  PID:15512
- C:\Windows\System\TdXrcxx.exe
  C:\Windows\System\TdXrcxx.exe
  2⤵
  PID:15596
- C:\Windows\System\PULtPUP.exe
  C:\Windows\System\PULtPUP.exe
  2⤵
  PID:15676
- C:\Windows\System\LOSsxcN.exe
  C:\Windows\System\LOSsxcN.exe
  2⤵
  PID:15716
- C:\Windows\System\LbTZjkh.exe
  C:\Windows\System\LbTZjkh.exe
  2⤵
  PID:15764
- C:\Windows\System\ChVhapv.exe
  C:\Windows\System\ChVhapv.exe
  2⤵
  PID:15776
- C:\Windows\System\dukWune.exe
  C:\Windows\System\dukWune.exe
  2⤵
  PID:15924
- C:\Windows\System\LWEnjXw.exe
  C:\Windows\System\LWEnjXw.exe
  2⤵
  PID:15920
- C:\Windows\System\UtZIPke.exe
  C:\Windows\System\UtZIPke.exe
  2⤵
  PID:16004
- C:\Windows\System\eDtCXBO.exe
  C:\Windows\System\eDtCXBO.exe
  2⤵
  PID:16136
- C:\Windows\System\ujIBrLG.exe
  C:\Windows\System\ujIBrLG.exe
  2⤵
  PID:16168
- C:\Windows\System\cbPvLLz.exe
  C:\Windows\System\cbPvLLz.exe
  2⤵
  PID:16236
- C:\Windows\System\kXVBsJM.exe
  C:\Windows\System\kXVBsJM.exe
  2⤵
  PID:16280
- C:\Windows\System\bPKdORY.exe
  C:\Windows\System\bPKdORY.exe
  2⤵
  PID:16336
- C:\Windows\System\pBMQVDV.exe
  C:\Windows\System\pBMQVDV.exe
  2⤵
  PID:15440
- C:\Windows\System\TGWZoaD.exe
  C:\Windows\System\TGWZoaD.exe
  2⤵
  PID:15448
- C:\Windows\System\zjvYSIu.exe
  C:\Windows\System\zjvYSIu.exe
  2⤵
  PID:15680
- C:\Windows\System\VqhUDre.exe
  C:\Windows\System\VqhUDre.exe
  2⤵
  PID:15656
- C:\Windows\System\IhHnzdu.exe
  C:\Windows\System\IhHnzdu.exe
  2⤵
  PID:15880
- C:\Windows\System\mAVfLlT.exe
  C:\Windows\System\mAVfLlT.exe
  2⤵
  PID:16020
- C:\Windows\System\yUIqiiV.exe
  C:\Windows\System\yUIqiiV.exe
  2⤵
  PID:15980
- C:\Windows\System\ZxtsKQr.exe
  C:\Windows\System\ZxtsKQr.exe
  2⤵
  PID:16196
- C:\Windows\System\xdWnCnU.exe
  C:\Windows\System\xdWnCnU.exe
  2⤵
  PID:16328
- C:\Windows\System\MaUJlvC.exe
  C:\Windows\System\MaUJlvC.exe
  2⤵
  PID:15744
- C:\Windows\System\BVnKmcl.exe
  C:\Windows\System\BVnKmcl.exe
  2⤵
  PID:15780
- C:\Windows\System\cJaBscg.exe
  C:\Windows\System\cJaBscg.exe
  2⤵
  PID:4600
- C:\Windows\System\KevTQHc.exe
  C:\Windows\System\KevTQHc.exe
  2⤵
  PID:16176
- C:\Windows\System\TQUyeuw.exe
  C:\Windows\System\TQUyeuw.exe
  2⤵
  PID:15540
- C:\Windows\System\Agtoknp.exe
  C:\Windows\System\Agtoknp.exe
  2⤵
  PID:15576
- C:\Windows\System\SRETlge.exe
  C:\Windows\System\SRETlge.exe
  2⤵
  PID:16080
- C:\Windows\System\fwysaSy.exe
  C:\Windows\System\fwysaSy.exe
  2⤵
  PID:15468
- C:\Windows\System\YYhBMGw.exe
  C:\Windows\System\YYhBMGw.exe
  2⤵
  PID:1604
- C:\Windows\System\EjGtVvi.exe
  C:\Windows\System\EjGtVvi.exe
  2⤵
  PID:2480
- C:\Windows\System\Pdhhlkh.exe
  C:\Windows\System\Pdhhlkh.exe
  2⤵
  PID:5416
- C:\Windows\System\VIUevQS.exe
  C:\Windows\System\VIUevQS.exe
  2⤵
  PID:16416
- C:\Windows\System\QJJbztd.exe
  C:\Windows\System\QJJbztd.exe
  2⤵
  PID:16448
- C:\Windows\System\cWJueEL.exe
  C:\Windows\System\cWJueEL.exe
  2⤵
  PID:16464
- C:\Windows\System\eAxyMOS.exe
  C:\Windows\System\eAxyMOS.exe
  2⤵
  PID:16496
- C:\Windows\System\lqiDpnA.exe
  C:\Windows\System\lqiDpnA.exe
  2⤵
  PID:16532
- C:\Windows\System\yOdMzOK.exe
  C:\Windows\System\yOdMzOK.exe
  2⤵
  PID:16552
- C:\Windows\System\nKxQcBz.exe
  C:\Windows\System\nKxQcBz.exe
  2⤵
  PID:16592
- C:\Windows\System\YPqCrkq.exe
  C:\Windows\System\YPqCrkq.exe
  2⤵
  PID:16628
- C:\Windows\System\ISfmDwZ.exe
  C:\Windows\System\ISfmDwZ.exe
  2⤵
  PID:16656
- C:\Windows\System\UpPQgnB.exe
  C:\Windows\System\UpPQgnB.exe
  2⤵
  PID:16676
- C:\Windows\System\ghOtQiA.exe
  C:\Windows\System\ghOtQiA.exe
  2⤵
  PID:16720
- C:\Windows\System\gOBwnkZ.exe
  C:\Windows\System\gOBwnkZ.exe
  2⤵
  PID:16752
- C:\Windows\System\aWjfVQn.exe
  C:\Windows\System\aWjfVQn.exe
  2⤵
  PID:16784
- C:\Windows\System\QTuypsT.exe
  C:\Windows\System\QTuypsT.exe
  2⤵
  PID:16804
- C:\Windows\System\JGxhfTW.exe
  C:\Windows\System\JGxhfTW.exe
  2⤵
  PID:16828
- C:\Windows\System\NLAsNjY.exe
  C:\Windows\System\NLAsNjY.exe
  2⤵
  PID:16844
- C:\Windows\System\QxBSOkf.exe
  C:\Windows\System\QxBSOkf.exe
  2⤵
  PID:16864
- C:\Windows\System\DIUkrue.exe
  C:\Windows\System\DIUkrue.exe
  2⤵
  PID:16884
- C:\Windows\System\tnhKHyA.exe
  C:\Windows\System\tnhKHyA.exe
  2⤵
  PID:16916
- C:\Windows\System\IuFqHvV.exe
  C:\Windows\System\IuFqHvV.exe
  2⤵
  PID:16932
- C:\Windows\System\McGAwKU.exe
  C:\Windows\System\McGAwKU.exe
  2⤵
  PID:16948
- C:\Windows\System\QwXcmEg.exe
  C:\Windows\System\QwXcmEg.exe
  2⤵
  PID:16988
- C:\Windows\System\jpWmfvz.exe
  C:\Windows\System\jpWmfvz.exe
  2⤵
  PID:17044
- C:\Windows\System\cNiOKvV.exe
  C:\Windows\System\cNiOKvV.exe
  2⤵
  PID:17080
- C:\Windows\System\pJIjkeQ.exe
  C:\Windows\System\pJIjkeQ.exe
  2⤵
  PID:17112
- C:\Windows\System\AaSkhdt.exe
  C:\Windows\System\AaSkhdt.exe
  2⤵
  PID:17140
- C:\Windows\System\HBXJUqY.exe
  C:\Windows\System\HBXJUqY.exe
  2⤵
  PID:17196
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 17196 -s 248
    3⤵
    PID:17252
- C:\Windows\System\fzxPJMP.exe
  C:\Windows\System\fzxPJMP.exe
  2⤵
  PID:17268
- C:\Windows\System\uxExymt.exe
  C:\Windows\System\uxExymt.exe
  2⤵
  PID:17288
- C:\Windows\System\GyWCYJR.exe
  C:\Windows\System\GyWCYJR.exe
  2⤵
  PID:17372
- C:\Windows\System\TAywGva.exe
  C:\Windows\System\TAywGva.exe
  2⤵
  PID:3472
- C:\Windows\System\JTNrryN.exe
  C:\Windows\System\JTNrryN.exe
  2⤵
  PID:16484
- C:\Windows\System\yAmpREL.exe
  C:\Windows\System\yAmpREL.exe
  2⤵
  PID:16648
- C:\Windows\System\kFWETEf.exe
  C:\Windows\System\kFWETEf.exe
  2⤵
  PID:16672
- C:\Windows\System\yBbsjYo.exe
  C:\Windows\System\yBbsjYo.exe
  2⤵
  PID:16900
- C:\Windows\System\NriJiGg.exe
  C:\Windows\System\NriJiGg.exe
  2⤵
  PID:16908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BWxrBzk.exe

Filesize
5.7MB

MD5
4a296a59685072667193816b73da1915

SHA1
6e7a2b870651b561805d9400b4308cbff37693d5

SHA256
bb0b663f338cb89d7b6a36bc17b7704ec8b4019a4cf43e99008f55635193ec16

SHA512
4959e4ed7ab4653a18113e2e296b7c9d919f56da36362b668c74aa68b31921bca98034150b158bc7c3c971f1b2248bbc1fb3c9f5bf0410caa8c00105045b2a2c

Download Submit
C:\Windows\System\ITmUidX.exe

Filesize
5.7MB

MD5
0b0ac18ff337c6fb3b87fcdafa384d51

SHA1
482de5926a47d4ae504f1b6f5d7999d917a61bb2

SHA256
9cb8cb2c1c746039568c79ac04c946983533d28c61c2bd0c10e6520ca9628955

SHA512
a7e3f2addbc021449d065ff61aacc5c24a4952159b5a513b88e044868240e3a84714a6bf0450f850058f7fc527a1622fe1a53a028d2ae2b2f50e9920b3385e9c

Download Submit
C:\Windows\System\IwWlQJD.exe

Filesize
5.7MB

MD5
c0e573ff9bff08d051ab7ec8ee16a467

SHA1
062d81bfaa70ddf29d3cf2c05e608eebd2e10bd7

SHA256
f456483d9c2b871e252030a5e78e9a5d376e075cd2b20da8c722db36d4582158

SHA512
7b0c7af1869fa2dcca9cc7ab8926045c1aeca76d7ba10e10c82f5eeb8c3d3aa905b47819204e696c6ad7299a23d600476ac5ad1bceb8f555bb78ca2d1adc5142

Download Submit
C:\Windows\System\JHCKTRI.exe

Filesize
5.7MB

MD5
ca96a0130c1230b8019cc78922d71e36

SHA1
8860eb6baf21efd6de83cd9a07b4e83f9ee2e3b2

SHA256
0df231b541253fd140ca61896860369d0db1b90774bbf3b9cf104ebf8a5b3dc3

SHA512
cf1c016d38d446b2984dc8bda90bfdd69ef44f82d4eb7f3ee1e10cd729505b178f662072e44f6163baa23ec0af706e514d5ad6ab5af9d686c6f98e6fe085de13

Download Submit
C:\Windows\System\JVfSxun.exe

Filesize
5.7MB

MD5
77ea08e38843155c42c2381ca8a9c127

SHA1
c5bda1794c5a91f8f0966ae09c3efe786374a447

SHA256
61f1fcdd851455bca899e1f24e1525dd473059e2ed8d0ad5f6146b5f8cb7149f

SHA512
86d192d2328c252b8c910569b53a72ccac561cfa0cdbc88cbdd135bf3687f39bc65f574eee6686dc60ac12ad89c92169faa3c7c35c2d381e48db6be222a97331

Download Submit
C:\Windows\System\KZMSfOr.exe

Filesize
5.7MB

MD5
ff60f3267beb07578c2c02f3f25d5050

SHA1
ae358f3603044e9d4e5a55256c8b4d8cc69f9b5d

SHA256
fc6627b85b24912b92f78ea27b95f97ffad5bb809278c56e157c8dcf5d325e89

SHA512
24effba0d4b7d30c8c6e8d7fac8c8fddbd8973f56b8573175d3d918a23623ce02021577e3ebe22c34c201bfe39cda2f18c258ded87f0292d035dc029a78ae63d

Download Submit
C:\Windows\System\KaiIxqf.exe

Filesize
5.7MB

MD5
d1b19ebfa0e5d3877810a477ff137f9e

SHA1
46418cdda9bf7bef86579077ba099ee3d213d8e3

SHA256
4d964d049047dc498d426ed1d201a244f72c385e02079eab84b9a2958217fc19

SHA512
fd9e715982382b4cadc7bcc927be33367c3c58841fe2d0a100673f87a7f853d765144854a77f716858e5c6e84942ee7351b6b2e54ab6f8cab1145bc8921d80a4

Download Submit
C:\Windows\System\LhNtQcG.exe

Filesize
5.7MB

MD5
4e6f4abd97487c6b223096202498186a

SHA1
ce0de8b25ec273859c3147d89fc9516cbd584398

SHA256
56d44ccecadf33fd7daac4791dd3d6fa7c00b159bfd2f8f10aeb04215650d05d

SHA512
e2511fb83f8d14d7b73f78cd1de1e7457319402abd197db61e53de4dc47a8771456f56f1d93d6568aee84d801f559fdd4928eba5bf577172c92c83bf1f735984

Download Submit
C:\Windows\System\NRZhytp.exe

Filesize
5.7MB

MD5
00eecdf9598a3813575ea17e7b745961

SHA1
5340b543b486b8a416cba2c46253c3f7c6d2d1b4

SHA256
fa95838b4157005626ca889df7902d311427c64a8a04c1fc3f1373bd80a0f0eb

SHA512
1058fc0761467c65f4d14a46a6ba965618af8f5578b2e822d0d3d068ce849bc1cc706a38cf5f280987ad2461ae328ce04fbeb4ef7dc0adb686609ade01c2bf82

Download Submit
C:\Windows\System\PIITSWZ.exe

Filesize
5.7MB

MD5
c98218f48b35556df4f4304491b54a81

SHA1
839df4b818e208791a6e995aab285a1a355e4bbc

SHA256
4e57b018622989060d42adf79dcd714d0fb03209b99c999f4524d06741c45861

SHA512
19b42b5c0bd2eb57a7523947bcd6e5b41b6cce9fa86ddd19d987e15dcafb16abefde3ed1fd9e67b3ea00c12ff1510d12e6dc704efc8d4cb4ba9fa1cfe0e7902a

Download Submit
C:\Windows\System\VJEzwFY.exe

Filesize
5.7MB

MD5
cef87e530ea9d14fb8f390c6a632fd2e

SHA1
61f14074a26ec432a048722f9d9bb142058adc7a

SHA256
a76219e6eb6172565509fa2e59b981dae6e703d4e021fc7488a3a21bcee14cec

SHA512
88bb725624443bbc937d24edbc0d16e5ac0a833c3434dd264e180bbfe38efd471c831a12bd6e1c8b9e9a1b64ac741fa99bfc17244390f1f320c41ec410f24dc9

Download Submit
C:\Windows\System\VQGnZHE.exe

Filesize
5.7MB

MD5
758583b9b2cb6112389940ae909fa05d

SHA1
34cbec057d4de6bd7060dedf69cc908e2cfd208a

SHA256
10877904ccd3f657d006c7f2a7aff25019bd4a2c73eaf95b71b769bc426df2c1

SHA512
8d86012303b7685388be8c4d9a009cb611a460e99d36a1f3f09aad66259cf0e9e204be2185a931d1f20488e4282653324759e6530775aeffa8c593e4df93a3e4

Download Submit
C:\Windows\System\abgisLy.exe

Filesize
5.7MB

MD5
7fd0eedf117e0145fd69f41661959043

SHA1
2f4fa3601652ead722d9098ac9c713ad332b2bd6

SHA256
6bd5739a1f92635d10c8bbc71801d872dae1ab8472c2d2dfea5fc17d35c654f9

SHA512
2d3621e4340a9c5f25d848385fe9b80d4ac453410d243bcd2da10f9dba24ec9bd433306ef3f214173549fef4bad70eb8f47e1340005ed47bf166d3c2549f1fc3

Download Submit
C:\Windows\System\aifGppi.exe

Filesize
5.7MB

MD5
aea05b6cfe48ee780b9c0f8eb730f734

SHA1
2d3debc51578213e51a523d904ecf6e74bcf100e

SHA256
7c6d896d6bf7fa9c443e9875a58cdac1acc5f696f7e807323e2db7cf75685ab9

SHA512
1b1ba90764b38c3584be6d9ea7cb205559189f7d2e0917aa3e3efe8bbce145d55bac8bd38af7e6059be4c0cea128248ce2935bcb79a1d2b181b78f75ca73e092

Download Submit
C:\Windows\System\bQGwTkp.exe

Filesize
5.7MB

MD5
33f43bbdde545cc202caa71e8f30f665

SHA1
c5f911e9c019ff4ef5f76672fd84c047baf77cca

SHA256
c953763e179ae6747332d4ba816289ca8fc900e85c2ff940bb30fd73d4e6cf8c

SHA512
198e58dad95e03263e9321939e6d5d9d86b1a766973411d204708a62e4db3081c1e967c19f53563f7301a86c08f0a8aeb6ab4fe4e8a4c864bf5fd5a16d84aaff

Download Submit
C:\Windows\System\cHLdQWX.exe

Filesize
5.7MB

MD5
79701c2736f09feadfbc00c4c85e5050

SHA1
f4d0ceb512b72dc64bf86372e71f3cad4d1e6db0

SHA256
27eae3222ab367ca9e35fd91466420284b825598512785b60715c76860be32fb

SHA512
4c9248aaa1c344e14686b18b0aac121b98245598ad9bf454dc1f0967547c801f59eb8e88c9ba77142a97d85c881f7b0f008cc4546fffaba2100e901e34bfbf7f

Download Submit
C:\Windows\System\dfGayJr.exe

Filesize
5.7MB

MD5
ee39662221ef54e419ab60b38622dea5

SHA1
dfe25b557f8e164b17bcb386355de8d015c54108

SHA256
cb35b96c48fd9c8d29f8d297485290b946578455efd2915d247648b00725f913

SHA512
215818f2387d4910d276a35d76533bd19728e4b58e4e0d61834d3300c3674daf27c8d2386fd78135473e7558d6c6b533d6d91318630be73d2862afac5c57ba2b

Download Submit
C:\Windows\System\duePvlZ.exe

Filesize
5.7MB

MD5
abd13b01426d65a19a1d058165d85747

SHA1
b3ce3d668222ceff630b52e19336c31598318c19

SHA256
2c13bc042ef433ad06d5817f33eabfbca64a099f4592469434d577dda8c56d7a

SHA512
0e2a09f0e66a2915a037807aceef3c602cb97d462d60c30a6b102fd54d7d4cf6be5c34383316b851a844b3fce1e15387befa6a3332f1539356a43e63ad23575d

Download Submit
C:\Windows\System\dzmrboq.exe

Filesize
5.7MB

MD5
d0cf42087adcd3a3eb9bb3e3344810bb

SHA1
ca845f16e19d90bf1913331e409914ef8929c96e

SHA256
86b638d6b071e20e283ada3623e59911dae4b762be63143ffeb866fb4fd13bd8

SHA512
c0c3266e939994536300908a03e2da4c2d55ba26d91ebc554fc3400183612a723fcecfa94b4457d9699659ba884f6d271798e536ee91c0d16f90c6e2f1503a46

Download Submit
C:\Windows\System\eUBVSbD.exe

Filesize
5.7MB

MD5
9003f48d87662e7cc1fe3eb01ac3a8fa

SHA1
a3335bb7c587a589a4b9d5bf0203c8a26d77e492

SHA256
00648871bcef3f14076e56cf8d48705bdc49203b9bff881600451ac7e6dccf8e

SHA512
5dc4268ee5522c9691ac04284cdcfb5b9d52483c792752ea25551f381de531c406ccfa0fafecadde179f9b272cffaad3035208b14d0c3fe74e3eb330384d1521

Download Submit
C:\Windows\System\geJiIVJ.exe

Filesize
5.7MB

MD5
2d621384baa079d9e07257a892a6396b

SHA1
f9897430ad6615071343e8be8e6eba45cc037a4f

SHA256
f239819bd129b2af7c94f3d48a0106037979e64e19dc302c4b7448fad18bc031

SHA512
4fbd1f9bb2c4da7485f5b42f9139ddeaf8d8e87a52dc8d452d2864bf39c9414067c7176a85c0e81f345de3fd8ab702376ab86465c2913510f295cba3e869cf52

Download Submit
C:\Windows\System\jNZfFsY.exe

Filesize
5.7MB

MD5
2595d807686fd8bb8f5302b28406768c

SHA1
b952a564f24ed025cc5859a582bae20c1cc0f723

SHA256
730d9a5b539da270d3a4cff496bbfe1175af31265950653be3f566725cfc24f4

SHA512
755b90cccc3cba9d26f2a43a1d6e45d6a5d3768a345946621a56f05d43688a0246a919aa2004e74bd433119596280d52db413cc9fada3624dce2325d5c2411b1

Download Submit
C:\Windows\System\lnLhBkn.exe

Filesize
5.7MB

MD5
c4d490a07864ebcab82e8a95ed32f9f6

SHA1
d1262678bda9c2846484aaad1e8e48ad1e2f9f0e

SHA256
b2df6050165317d11858251141b09b9d02d8218d7d82091a604fe6e26e66bd75

SHA512
b7d9d4073acbb4556f7392ee366d5bccf3f4f1c659f696397f83f8aaa8c3f8e280028a41cc5605c7ffd44d45be1dddb15ab021a9da155c1a6dcbc15e198bbd47

Download Submit
C:\Windows\System\naQuGpd.exe

Filesize
5.7MB

MD5
3f6e1b54f30193c3631dea585e617626

SHA1
173e42b9349b0b0fab53ab1eff4284269b192188

SHA256
a89728e99eb9cadae810108e5af649bacdb9e75a0019b7307550786a78869bd4

SHA512
61cebcc4a1fa7e24ce3db76f01ed0c29a760c88aafb4282f1e007c4794d0c5df967d30c87a2bb964844beb38a08871ed18a3c1866759e3e6beb8b05e3182bb70

Download Submit
C:\Windows\System\qvQxbwO.exe

Filesize
5.7MB

MD5
71d4094fcf087c5ac25bb51f61c5a814

SHA1
59077d9ca28fcbd4f696409f43580cf726effe2b

SHA256
4b0a514b4e09078e339958fb6d17a48fcb19642221eda8cf0d51353432ec8233

SHA512
f1fd314a1de675b9b884ae47eb8d78c2e3dc924e2bdf6c8a02830ff048392666ff0e8b296fa8103535ba5aeed03379e2f582fa78f39d31dd5472de4de640877e

Download Submit
C:\Windows\System\rTBvDmO.exe

Filesize
5.7MB

MD5
609cd736ab4748970b57cf698b90b7e1

SHA1
cbd280a5f7c8324a65ea5fc2b5005aa8e5cc4c56

SHA256
40892611a1be3fb139e21aa7e32885e95f5bb6ba93a82f23170fe59337b351cd

SHA512
2501d2d6875fe20164dc7db94227895b5d77187a88a958f0a5e66df8ff7e30c9e17afe05390fee237b7b4bf7feac14bd8df3bad363c263aad6984482a8fe98fe

Download Submit
C:\Windows\System\sKPWenV.exe

Filesize
5.7MB

MD5
464ca2571ad5cd327791cce7651b0e98

SHA1
b5c243e9bcdeadcb9e657641254ed4e983053571

SHA256
d1a8d33106274f3bd3f3bf217f25a77a9a3a6a55e620ada9f712eb9dc3f372ef

SHA512
e34d668ba8c3d64a7877c793a406cfc308bbf8d38c9565228742c034f42cab9d3c252fc144c132df61b1fedf406070755df7857fac29dd4b9356212c83d8d3d6

Download Submit
C:\Windows\System\uDIUjzO.exe

Filesize
5.7MB

MD5
b142b35b1da166ae8f37844a44146b24

SHA1
947aa999d367635c4b68b6ebeb4e6bf5b4d5b1ef

SHA256
330e25c2d4720d6841404b64efc895fb9a20eb83d65aa4859b8e3f38a46e6bac

SHA512
9a31f1a329dd2ee68fc40040c487d3342c0e4b21fd65dcf7b9f77d2fe1a3c4009ad59ac1d5cbee93d9c047ed8f701554769bc9b2a242991fc6e0751bd917800d

Download Submit
C:\Windows\System\udlzoeE.exe

Filesize
5.7MB

MD5
8a368635d1c61740382b51bbd884bb9f

SHA1
308af6623a997cf9b9bd738cd4d139f0d9154a74

SHA256
c936c15a5275fd16219f7a513f5108ba88f1eb509fa58805d71e163a650964d1

SHA512
869cd05c96dee3708527ca736668b0ecfe328be5ec4b0196517a48b8664a37fb365f2c7c8cf7242ce8218eb95471391b230a5c916e8bda96692155abecb3bcb2

Download Submit
C:\Windows\System\vBYJxRd.exe

Filesize
5.7MB

MD5
80f4e9bde0d1b1036f3b3d2501c7d516

SHA1
a66ff206b36d1e24178701dd36cee53d23d1185c

SHA256
5fc6b92251e16b9cd760598f2f5e1107fe28770d98aff3cd365425332756e130

SHA512
d5cc7035c20e51cc180a28359b964c712de0ce3242230096ca9729f8dec53c5aa6e1c15c543f5bf9c4c98b159405bdec0757f6151c206cf0e8d37b9bb97ecf72

Download Submit
C:\Windows\System\wxCfNmS.exe

Filesize
5.7MB

MD5
e6a2a945e53c04db304622c327efa8bc

SHA1
ce991f82edea2d94bd1ca207b4b0a14aee90d530

SHA256
ba63f7436f08a50fdf42db9b5a5bab15db1075ac6ab3b7d519215148d1b64a5e

SHA512
3f2f4369334a488d1f2150738355b6a950fc1edb121e8330659de32bdee43247fd6492506c9d718d3e1ea4d7584b5471a17312dc3da3eb6ce8ced9ea43872b15

Download Submit
C:\Windows\System\xngyChg.exe

Filesize
5.7MB

MD5
0272a28579e3f44aa358291520b24aa9

SHA1
5ac6a2229467ac2731c30c88909684ad16a0a18d

SHA256
ddd58cbdbc523c89366f43eb03db6ec8181aeb0d5bfeaf46c770cde3a836d189

SHA512
bc3774f19f0a79c2f4e7bfbaffcdb85b29af46c820af877ca71fa62bea281a0ff0b3a0d56fd24d6ea654f2ed8b9ab17b8b0e863071db9856c0cc9a856220bc70

Download Submit
memory/764-37-0x00007FF73FF00000-0x00007FF74024D000-memory.dmp

Filesize
3.3MB

Download
memory/1040-43-0x00007FF70A1F0000-0x00007FF70A53D000-memory.dmp

Filesize
3.3MB

Download
memory/1648-127-0x00007FF6A6340000-0x00007FF6A668D000-memory.dmp

Filesize
3.3MB

Download
memory/2156-157-0x00007FF6C52F0000-0x00007FF6C563D000-memory.dmp

Filesize
3.3MB

Download
memory/2252-7-0x00007FF6DA580000-0x00007FF6DA8CD000-memory.dmp

Filesize
3.3MB

Download
memory/2292-91-0x00007FF7A2680000-0x00007FF7A29CD000-memory.dmp

Filesize
3.3MB

Download
memory/2440-169-0x00007FF7AE8C0000-0x00007FF7AEC0D000-memory.dmp

Filesize
3.3MB

Download
memory/2468-19-0x00007FF6AAA50000-0x00007FF6AAD9D000-memory.dmp

Filesize
3.3MB

Download
memory/2600-25-0x00007FF6DBFD0000-0x00007FF6DC31D000-memory.dmp

Filesize
3.3MB

Download
memory/2628-178-0x00007FF6DCBC0000-0x00007FF6DCF0D000-memory.dmp

Filesize
3.3MB

Download
memory/2844-31-0x00007FF756630000-0x00007FF75697D000-memory.dmp

Filesize
3.3MB

Download
memory/2944-141-0x00007FF6C0D60000-0x00007FF6C10AD000-memory.dmp

Filesize
3.3MB

Download
memory/3436-13-0x00007FF7BBB60000-0x00007FF7BBEAD000-memory.dmp

Filesize
3.3MB

Download
memory/3452-181-0x00007FF709BA0000-0x00007FF709EED000-memory.dmp

Filesize
3.3MB

Download
memory/3560-150-0x00007FF6B45A0000-0x00007FF6B48ED000-memory.dmp

Filesize
3.3MB

Download
memory/3604-109-0x00007FF6E64E0000-0x00007FF6E682D000-memory.dmp

Filesize
3.3MB

Download
memory/3792-145-0x00007FF627A60000-0x00007FF627DAD000-memory.dmp

Filesize
3.3MB

Download
memory/4196-55-0x00007FF78E2D0000-0x00007FF78E61D000-memory.dmp

Filesize
3.3MB

Download
memory/4636-79-0x00007FF7E91C0000-0x00007FF7E950D000-memory.dmp

Filesize
3.3MB

Download
memory/4652-1-0x0000024227700000-0x0000024227710000-memory.dmp

Filesize
64KB

Download
memory/4652-0-0x00007FF64DDC0000-0x00007FF64E10D000-memory.dmp

Filesize
3.3MB

Download
memory/4672-70-0x00007FF7E0440000-0x00007FF7E078D000-memory.dmp

Filesize
3.3MB

Download
memory/4764-97-0x00007FF7E3330000-0x00007FF7E367D000-memory.dmp

Filesize
3.3MB

Download
memory/4784-72-0x00007FF6FDD00000-0x00007FF6FE04D000-memory.dmp

Filesize
3.3MB

Download
memory/4900-121-0x00007FF6A1F20000-0x00007FF6A226D000-memory.dmp

Filesize
3.3MB

Download
memory/4912-103-0x00007FF64A0E0000-0x00007FF64A42D000-memory.dmp

Filesize
3.3MB

Download
memory/4980-187-0x00007FF697360000-0x00007FF6976AD000-memory.dmp

Filesize
3.3MB

Download
memory/4984-115-0x00007FF6330E0000-0x00007FF63342D000-memory.dmp

Filesize
3.3MB

Download
memory/5776-136-0x00007FF6F7460000-0x00007FF6F77AD000-memory.dmp

Filesize
3.3MB

Download
memory/5808-85-0x00007FF663800000-0x00007FF663B4D000-memory.dmp

Filesize
3.3MB

Download
memory/5888-61-0x00007FF710D50000-0x00007FF71109D000-memory.dmp

Filesize
3.3MB

Download
memory/6072-49-0x00007FF681CD0000-0x00007FF68201D000-memory.dmp

Filesize
3.3MB

Download
memory/6140-166-0x00007FF7F0830000-0x00007FF7F0B7D000-memory.dmp

Filesize
3.3MB

Download