xmrig | 8015a762cb7ca48ff553d5d8275e294c91f2d143da3c490d8a592f60db64ee50

Analysis

max time kernel
104s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
07/04/2025, 11:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
Size

3.9MB
MD5

d0370b2d94fe5faf8d7dca9466b20075
SHA1

4d63ac64d692d2ccc6e90ca68c93b6a12c744470
SHA256

8015a762cb7ca48ff553d5d8275e294c91f2d143da3c490d8a592f60db64ee50
SHA512

00649caa653f3982f59f317a192d09f8c1943510c951004961c1c776a03ce1612c9b36133271bc6b1f4472f0b54fa99849335b0b53d186bed4e77ff3f791dd7c
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIt56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3GdAOE:oemTLkNdfE0pZrt56utgpPFotBER//

Score

10^/10

xmrig miner upx

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/3808-0-0x00007FF66DC60000-0x00007FF66DFB4000-memory.dmp	xmrig
behavioral1/files/0x000d000000023e9a-5.dat	xmrig
behavioral1/files/0x0007000000024055-7.dat	xmrig
behavioral1/memory/2900-10-0x00007FF779F00000-0x00007FF77A254000-memory.dmp	xmrig
behavioral1/memory/3312-14-0x00007FF6927E0000-0x00007FF692B34000-memory.dmp	xmrig
behavioral1/files/0x0007000000024056-19.dat	xmrig
behavioral1/files/0x0007000000024057-25.dat	xmrig
behavioral1/files/0x000700000002405a-43.dat	xmrig
behavioral1/files/0x000700000002405b-66.dat	xmrig
behavioral1/memory/3292-76-0x00007FF7894A0000-0x00007FF7897F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024060-82.dat	xmrig
behavioral1/memory/4560-85-0x00007FF7AE0B0000-0x00007FF7AE404000-memory.dmp	xmrig
behavioral1/memory/4808-84-0x00007FF74AFB0000-0x00007FF74B304000-memory.dmp	xmrig
behavioral1/memory/220-81-0x00007FF713F20000-0x00007FF714274000-memory.dmp	xmrig
behavioral1/memory/1876-80-0x00007FF6BCCC0000-0x00007FF6BD014000-memory.dmp	xmrig
behavioral1/files/0x000700000002405f-78.dat	xmrig
behavioral1/memory/4812-77-0x00007FF770B60000-0x00007FF770EB4000-memory.dmp	xmrig
behavioral1/files/0x000700000002405d-74.dat	xmrig
behavioral1/memory/2596-71-0x00007FF7487F0000-0x00007FF748B44000-memory.dmp	xmrig
behavioral1/memory/3508-70-0x00007FF6F1D90000-0x00007FF6F20E4000-memory.dmp	xmrig
behavioral1/files/0x000700000002405c-68.dat	xmrig
behavioral1/files/0x0007000000024058-61.dat	xmrig
behavioral1/files/0x000700000002405e-59.dat	xmrig
behavioral1/memory/3240-56-0x00007FF68C510000-0x00007FF68C864000-memory.dmp	xmrig
behavioral1/memory/748-49-0x00007FF60CBA0000-0x00007FF60CEF4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024059-37.dat	xmrig
behavioral1/memory/2144-36-0x00007FF64B7F0000-0x00007FF64BB44000-memory.dmp	xmrig
behavioral1/memory/5088-27-0x00007FF6BDED0000-0x00007FF6BE224000-memory.dmp	xmrig
behavioral1/files/0x0007000000024054-17.dat	xmrig
behavioral1/files/0x0007000000024061-93.dat	xmrig
behavioral1/files/0x0008000000024051-94.dat	xmrig
behavioral1/memory/1996-90-0x00007FF667FC0000-0x00007FF668314000-memory.dmp	xmrig
behavioral1/memory/3572-99-0x00007FF6E1770000-0x00007FF6E1AC4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024063-103.dat	xmrig
behavioral1/files/0x0007000000024064-112.dat	xmrig
behavioral1/files/0x0007000000024065-115.dat	xmrig
behavioral1/files/0x0007000000024066-119.dat	xmrig
behavioral1/files/0x0007000000024068-129.dat	xmrig
behavioral1/memory/3356-132-0x00007FF7A0870000-0x00007FF7A0BC4000-memory.dmp	xmrig
behavioral1/memory/2900-141-0x00007FF779F00000-0x00007FF77A254000-memory.dmp	xmrig
behavioral1/files/0x0007000000024069-147.dat	xmrig
behavioral1/files/0x000700000002406a-151.dat	xmrig
behavioral1/memory/3508-167-0x00007FF6F1D90000-0x00007FF6F20E4000-memory.dmp	xmrig
behavioral1/files/0x000700000002406e-178.dat	xmrig
behavioral1/memory/748-183-0x00007FF60CBA0000-0x00007FF60CEF4000-memory.dmp	xmrig
behavioral1/memory/2324-182-0x00007FF7AB570000-0x00007FF7AB8C4000-memory.dmp	xmrig
behavioral1/memory/4828-181-0x00007FF70DA20000-0x00007FF70DD74000-memory.dmp	xmrig
behavioral1/memory/2308-180-0x00007FF631D40000-0x00007FF632094000-memory.dmp	xmrig
behavioral1/files/0x000700000002406d-176.dat	xmrig
behavioral1/files/0x000700000002406c-174.dat	xmrig
behavioral1/files/0x000700000002406b-172.dat	xmrig
behavioral1/memory/2840-171-0x00007FF75C930000-0x00007FF75CC84000-memory.dmp	xmrig
behavioral1/memory/1944-168-0x00007FF673BB0000-0x00007FF673F04000-memory.dmp	xmrig
behavioral1/memory/2144-162-0x00007FF64B7F0000-0x00007FF64BB44000-memory.dmp	xmrig
behavioral1/memory/5088-161-0x00007FF6BDED0000-0x00007FF6BE224000-memory.dmp	xmrig
behavioral1/memory/3312-160-0x00007FF6927E0000-0x00007FF692B34000-memory.dmp	xmrig
behavioral1/memory/4704-146-0x00007FF770570000-0x00007FF7708C4000-memory.dmp	xmrig
behavioral1/memory/3596-145-0x00007FF7EAE40000-0x00007FF7EB194000-memory.dmp	xmrig
behavioral1/memory/3660-144-0x00007FF6AEA70000-0x00007FF6AEDC4000-memory.dmp	xmrig
behavioral1/memory/1724-143-0x00007FF6C23F0000-0x00007FF6C2744000-memory.dmp	xmrig
behavioral1/memory/3808-140-0x00007FF66DC60000-0x00007FF66DFB4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024067-134.dat	xmrig
behavioral1/memory/4884-133-0x00007FF7B0C10000-0x00007FF7B0F64000-memory.dmp	xmrig
behavioral1/memory/2392-130-0x00007FF79D040000-0x00007FF79D394000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2900	uSkjrXP.exe
3312	zwhJCCP.exe
5088	NcqnfHz.exe
2144	rhdvGgP.exe
748	vwFSdOr.exe
3240	ZlcwAKh.exe
1876	ipzArkz.exe
3508	rSCyfKc.exe
2596	FrTlTUt.exe
3292	ADjJabi.exe
220	KHkCKUk.exe
4808	hRAltAG.exe
4812	fiUgMQb.exe
4560	ZStlMUE.exe
1996	QTHfmdM.exe
3572	SzhpqhB.exe
4960	BMwlocs.exe
2392	rvzDuVi.exe
1724	NXIFMmk.exe
3660	LzRYOtO.exe
3356	nrQnneN.exe
3596	ahFUPvo.exe
4884	rKGWzwV.exe
4704	eESrUPK.exe
1944	MPxIAfg.exe
2324	BzeDzFB.exe
2840	UVNCTgJ.exe
2308	NIpKLfU.exe
4828	KYNaxSj.exe
3960	ASYlqGf.exe
2296	qHDxBmf.exe
5036	UHcXtgH.exe
1036	RgfnUgP.exe
596	btGlFik.exe
4792	fFeKvaH.exe
3628	LenwLgV.exe
2848	EailciE.exe
392	bzZrYka.exe
1604	czmgsVg.exe
2616	Etquolr.exe
648	tQDNhBG.exe
1780	CzJGcdw.exe
1476	NkrgNZz.exe
4492	SevkkDf.exe
4640	KfAYjgW.exe
1536	pngiwHS.exe
2032	eQDntOp.exe
5112	Wwhvobk.exe
2100	DuDWdMR.exe
2052	wjezWwE.exe
3220	NIXnJkK.exe
968	bdHHcJD.exe
4868	xkUMokM.exe
4520	sXewUqB.exe
1312	nLamOcv.exe
2740	IoUTOxW.exe
468	AeoIfuC.exe
4256	MFWBHUj.exe
3132	QjPYUmo.exe
3052	GohpCdo.exe
1096	RsPhEhq.exe
4564	HIVMBVh.exe
3652	jpmWETS.exe
5116	xMbLEQz.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3808-0-0x00007FF66DC60000-0x00007FF66DFB4000-memory.dmp	upx
behavioral1/files/0x000d000000023e9a-5.dat	upx
behavioral1/files/0x0007000000024055-7.dat	upx
behavioral1/memory/2900-10-0x00007FF779F00000-0x00007FF77A254000-memory.dmp	upx
behavioral1/memory/3312-14-0x00007FF6927E0000-0x00007FF692B34000-memory.dmp	upx
behavioral1/files/0x0007000000024056-19.dat	upx
behavioral1/files/0x0007000000024057-25.dat	upx
behavioral1/files/0x000700000002405a-43.dat	upx
behavioral1/files/0x000700000002405b-66.dat	upx
behavioral1/memory/3292-76-0x00007FF7894A0000-0x00007FF7897F4000-memory.dmp	upx
behavioral1/files/0x0007000000024060-82.dat	upx
behavioral1/memory/4560-85-0x00007FF7AE0B0000-0x00007FF7AE404000-memory.dmp	upx
behavioral1/memory/4808-84-0x00007FF74AFB0000-0x00007FF74B304000-memory.dmp	upx
behavioral1/memory/220-81-0x00007FF713F20000-0x00007FF714274000-memory.dmp	upx
behavioral1/memory/1876-80-0x00007FF6BCCC0000-0x00007FF6BD014000-memory.dmp	upx
behavioral1/files/0x000700000002405f-78.dat	upx
behavioral1/memory/4812-77-0x00007FF770B60000-0x00007FF770EB4000-memory.dmp	upx
behavioral1/files/0x000700000002405d-74.dat	upx
behavioral1/memory/2596-71-0x00007FF7487F0000-0x00007FF748B44000-memory.dmp	upx
behavioral1/memory/3508-70-0x00007FF6F1D90000-0x00007FF6F20E4000-memory.dmp	upx
behavioral1/files/0x000700000002405c-68.dat	upx
behavioral1/files/0x0007000000024058-61.dat	upx
behavioral1/files/0x000700000002405e-59.dat	upx
behavioral1/memory/3240-56-0x00007FF68C510000-0x00007FF68C864000-memory.dmp	upx
behavioral1/memory/748-49-0x00007FF60CBA0000-0x00007FF60CEF4000-memory.dmp	upx
behavioral1/files/0x0007000000024059-37.dat	upx
behavioral1/memory/2144-36-0x00007FF64B7F0000-0x00007FF64BB44000-memory.dmp	upx
behavioral1/memory/5088-27-0x00007FF6BDED0000-0x00007FF6BE224000-memory.dmp	upx
behavioral1/files/0x0007000000024054-17.dat	upx
behavioral1/files/0x0007000000024061-93.dat	upx
behavioral1/files/0x0008000000024051-94.dat	upx
behavioral1/memory/1996-90-0x00007FF667FC0000-0x00007FF668314000-memory.dmp	upx
behavioral1/memory/3572-99-0x00007FF6E1770000-0x00007FF6E1AC4000-memory.dmp	upx
behavioral1/files/0x0007000000024063-103.dat	upx
behavioral1/files/0x0007000000024064-112.dat	upx
behavioral1/files/0x0007000000024065-115.dat	upx
behavioral1/files/0x0007000000024066-119.dat	upx
behavioral1/files/0x0007000000024068-129.dat	upx
behavioral1/memory/3356-132-0x00007FF7A0870000-0x00007FF7A0BC4000-memory.dmp	upx
behavioral1/memory/2900-141-0x00007FF779F00000-0x00007FF77A254000-memory.dmp	upx
behavioral1/files/0x0007000000024069-147.dat	upx
behavioral1/files/0x000700000002406a-151.dat	upx
behavioral1/memory/3508-167-0x00007FF6F1D90000-0x00007FF6F20E4000-memory.dmp	upx
behavioral1/files/0x000700000002406e-178.dat	upx
behavioral1/memory/748-183-0x00007FF60CBA0000-0x00007FF60CEF4000-memory.dmp	upx
behavioral1/memory/2324-182-0x00007FF7AB570000-0x00007FF7AB8C4000-memory.dmp	upx
behavioral1/memory/4828-181-0x00007FF70DA20000-0x00007FF70DD74000-memory.dmp	upx
behavioral1/memory/2308-180-0x00007FF631D40000-0x00007FF632094000-memory.dmp	upx
behavioral1/files/0x000700000002406d-176.dat	upx
behavioral1/files/0x000700000002406c-174.dat	upx
behavioral1/files/0x000700000002406b-172.dat	upx
behavioral1/memory/2840-171-0x00007FF75C930000-0x00007FF75CC84000-memory.dmp	upx
behavioral1/memory/1944-168-0x00007FF673BB0000-0x00007FF673F04000-memory.dmp	upx
behavioral1/memory/2144-162-0x00007FF64B7F0000-0x00007FF64BB44000-memory.dmp	upx
behavioral1/memory/5088-161-0x00007FF6BDED0000-0x00007FF6BE224000-memory.dmp	upx
behavioral1/memory/3312-160-0x00007FF6927E0000-0x00007FF692B34000-memory.dmp	upx
behavioral1/memory/4704-146-0x00007FF770570000-0x00007FF7708C4000-memory.dmp	upx
behavioral1/memory/3596-145-0x00007FF7EAE40000-0x00007FF7EB194000-memory.dmp	upx
behavioral1/memory/3660-144-0x00007FF6AEA70000-0x00007FF6AEDC4000-memory.dmp	upx
behavioral1/memory/1724-143-0x00007FF6C23F0000-0x00007FF6C2744000-memory.dmp	upx
behavioral1/memory/3808-140-0x00007FF66DC60000-0x00007FF66DFB4000-memory.dmp	upx
behavioral1/files/0x0007000000024067-134.dat	upx
behavioral1/memory/4884-133-0x00007FF7B0C10000-0x00007FF7B0F64000-memory.dmp	upx
behavioral1/memory/2392-130-0x00007FF79D040000-0x00007FF79D394000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\YFtZPox.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\zEtGEhw.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\HUNloZD.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\TtyIZbc.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\FQCoaju.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\LiBFLZE.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\HbTjrvy.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\exqoEdg.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\LnktzFe.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\mgQYXks.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\tKVsYCn.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\jLxHbsq.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\Ayibltw.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\XfjUxpQ.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\NBQxSss.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\KkxsZLP.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\AIEDgnJ.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\rdRtKDc.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\emePtHp.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\sDcOfOK.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\nyofvYr.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\yyVPzbK.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\CSawIXT.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\uuQUgpQ.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\OvOsgov.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\BivKlLf.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\OjyzDKL.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\XQKPxBX.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\BshvEeI.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\OQFbsWr.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\bdHHcJD.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\wfzTXyM.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\VBGSHkv.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\UaznJXt.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\eAWVvTA.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\FqSltKi.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\rSCyfKc.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\BSthRWl.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\rqqrtlu.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\NyVMsBi.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\RHlAgQf.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\WxYbqDB.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\GLVbhVL.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\XYvwrYw.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\YuiowiH.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\RHqBAHV.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\jvwvLqe.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\rKGWzwV.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\DuDWdMR.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\zivsYwJ.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\MispIQF.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\qIVZHDT.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\OofBfWS.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\qvmOaRb.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\ASMbhnS.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\NsIgiXO.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\HkPCIjS.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\iZlcDlx.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\wzduZwG.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\tTzkaUw.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\stlIbOR.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\aXIShSy.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\ddZjWvK.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\eRvrGbv.exe	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3808 wrote to memory of 2900	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	88
PID 3808 wrote to memory of 2900	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	88
PID 3808 wrote to memory of 3312	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	89
PID 3808 wrote to memory of 3312	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	89
PID 3808 wrote to memory of 5088	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	90
PID 3808 wrote to memory of 5088	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	90
PID 3808 wrote to memory of 2144	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	91
PID 3808 wrote to memory of 2144	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	91
PID 3808 wrote to memory of 748	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	92
PID 3808 wrote to memory of 748	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	92
PID 3808 wrote to memory of 1876	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	93
PID 3808 wrote to memory of 1876	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	93
PID 3808 wrote to memory of 3240	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	94
PID 3808 wrote to memory of 3240	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	94
PID 3808 wrote to memory of 3508	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	95
PID 3808 wrote to memory of 3508	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	95
PID 3808 wrote to memory of 2596	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	96
PID 3808 wrote to memory of 2596	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	96
PID 3808 wrote to memory of 3292	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	97
PID 3808 wrote to memory of 3292	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	97
PID 3808 wrote to memory of 220	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	98
PID 3808 wrote to memory of 220	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	98
PID 3808 wrote to memory of 4808	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	99
PID 3808 wrote to memory of 4808	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	99
PID 3808 wrote to memory of 4812	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	100
PID 3808 wrote to memory of 4812	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	100
PID 3808 wrote to memory of 4560	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	101
PID 3808 wrote to memory of 4560	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	101
PID 3808 wrote to memory of 1996	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	102
PID 3808 wrote to memory of 1996	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	102
PID 3808 wrote to memory of 3572	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	103
PID 3808 wrote to memory of 3572	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	103
PID 3808 wrote to memory of 4960	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	104
PID 3808 wrote to memory of 4960	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	104
PID 3808 wrote to memory of 2392	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	105
PID 3808 wrote to memory of 2392	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	105
PID 3808 wrote to memory of 1724	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	106
PID 3808 wrote to memory of 1724	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	106
PID 3808 wrote to memory of 3660	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	107
PID 3808 wrote to memory of 3660	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	107
PID 3808 wrote to memory of 3356	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	108
PID 3808 wrote to memory of 3356	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	108
PID 3808 wrote to memory of 3596	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	109
PID 3808 wrote to memory of 3596	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	109
PID 3808 wrote to memory of 4884	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	110
PID 3808 wrote to memory of 4884	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	110
PID 3808 wrote to memory of 4704	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	111
PID 3808 wrote to memory of 4704	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	111
PID 3808 wrote to memory of 1944	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	112
PID 3808 wrote to memory of 1944	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	112
PID 3808 wrote to memory of 2324	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	113
PID 3808 wrote to memory of 2324	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	113
PID 3808 wrote to memory of 2840	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	114
PID 3808 wrote to memory of 2840	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	114
PID 3808 wrote to memory of 2308	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	115
PID 3808 wrote to memory of 2308	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	115
PID 3808 wrote to memory of 4828	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	116
PID 3808 wrote to memory of 4828	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	116
PID 3808 wrote to memory of 3960	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	117
PID 3808 wrote to memory of 3960	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	117
PID 3808 wrote to memory of 2296	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	118
PID 3808 wrote to memory of 2296	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	118
PID 3808 wrote to memory of 5036	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	120
PID 3808 wrote to memory of 5036	3808	2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe	120

C:\Users\Admin\AppData\Local\Temp\2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-04-07_d0370b2d94fe5faf8d7dca9466b20075_cobalt-strike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3808
- C:\Windows\System\uSkjrXP.exe
  C:\Windows\System\uSkjrXP.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\zwhJCCP.exe
  C:\Windows\System\zwhJCCP.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\NcqnfHz.exe
  C:\Windows\System\NcqnfHz.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\rhdvGgP.exe
  C:\Windows\System\rhdvGgP.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\vwFSdOr.exe
  C:\Windows\System\vwFSdOr.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\ipzArkz.exe
  C:\Windows\System\ipzArkz.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\ZlcwAKh.exe
  C:\Windows\System\ZlcwAKh.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\rSCyfKc.exe
  C:\Windows\System\rSCyfKc.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\FrTlTUt.exe
  C:\Windows\System\FrTlTUt.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\ADjJabi.exe
  C:\Windows\System\ADjJabi.exe
  2⤵
  - Executes dropped EXE
  PID:3292
- C:\Windows\System\KHkCKUk.exe
  C:\Windows\System\KHkCKUk.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\hRAltAG.exe
  C:\Windows\System\hRAltAG.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\fiUgMQb.exe
  C:\Windows\System\fiUgMQb.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\ZStlMUE.exe
  C:\Windows\System\ZStlMUE.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\QTHfmdM.exe
  C:\Windows\System\QTHfmdM.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\SzhpqhB.exe
  C:\Windows\System\SzhpqhB.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System\BMwlocs.exe
  C:\Windows\System\BMwlocs.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\rvzDuVi.exe
  C:\Windows\System\rvzDuVi.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\NXIFMmk.exe
  C:\Windows\System\NXIFMmk.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\LzRYOtO.exe
  C:\Windows\System\LzRYOtO.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\nrQnneN.exe
  C:\Windows\System\nrQnneN.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\ahFUPvo.exe
  C:\Windows\System\ahFUPvo.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\rKGWzwV.exe
  C:\Windows\System\rKGWzwV.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\eESrUPK.exe
  C:\Windows\System\eESrUPK.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\MPxIAfg.exe
  C:\Windows\System\MPxIAfg.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\BzeDzFB.exe
  C:\Windows\System\BzeDzFB.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\UVNCTgJ.exe
  C:\Windows\System\UVNCTgJ.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\NIpKLfU.exe
  C:\Windows\System\NIpKLfU.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\KYNaxSj.exe
  C:\Windows\System\KYNaxSj.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\ASYlqGf.exe
  C:\Windows\System\ASYlqGf.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\qHDxBmf.exe
  C:\Windows\System\qHDxBmf.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\UHcXtgH.exe
  C:\Windows\System\UHcXtgH.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\RgfnUgP.exe
  C:\Windows\System\RgfnUgP.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\btGlFik.exe
  C:\Windows\System\btGlFik.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\fFeKvaH.exe
  C:\Windows\System\fFeKvaH.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\LenwLgV.exe
  C:\Windows\System\LenwLgV.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\EailciE.exe
  C:\Windows\System\EailciE.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\bzZrYka.exe
  C:\Windows\System\bzZrYka.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\Etquolr.exe
  C:\Windows\System\Etquolr.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\czmgsVg.exe
  C:\Windows\System\czmgsVg.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\tQDNhBG.exe
  C:\Windows\System\tQDNhBG.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\CzJGcdw.exe
  C:\Windows\System\CzJGcdw.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\NkrgNZz.exe
  C:\Windows\System\NkrgNZz.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\SevkkDf.exe
  C:\Windows\System\SevkkDf.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\KfAYjgW.exe
  C:\Windows\System\KfAYjgW.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\pngiwHS.exe
  C:\Windows\System\pngiwHS.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\eQDntOp.exe
  C:\Windows\System\eQDntOp.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\Wwhvobk.exe
  C:\Windows\System\Wwhvobk.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\DuDWdMR.exe
  C:\Windows\System\DuDWdMR.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\wjezWwE.exe
  C:\Windows\System\wjezWwE.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\NIXnJkK.exe
  C:\Windows\System\NIXnJkK.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System\bdHHcJD.exe
  C:\Windows\System\bdHHcJD.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\xkUMokM.exe
  C:\Windows\System\xkUMokM.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\sXewUqB.exe
  C:\Windows\System\sXewUqB.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\nLamOcv.exe
  C:\Windows\System\nLamOcv.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\IoUTOxW.exe
  C:\Windows\System\IoUTOxW.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\AeoIfuC.exe
  C:\Windows\System\AeoIfuC.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\MFWBHUj.exe
  C:\Windows\System\MFWBHUj.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\QjPYUmo.exe
  C:\Windows\System\QjPYUmo.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System\GohpCdo.exe
  C:\Windows\System\GohpCdo.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\RsPhEhq.exe
  C:\Windows\System\RsPhEhq.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\HIVMBVh.exe
  C:\Windows\System\HIVMBVh.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\jpmWETS.exe
  C:\Windows\System\jpmWETS.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\xMbLEQz.exe
  C:\Windows\System\xMbLEQz.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\YWLrulz.exe
  C:\Windows\System\YWLrulz.exe
  2⤵
  PID:1152
- C:\Windows\System\tJscOZr.exe
  C:\Windows\System\tJscOZr.exe
  2⤵
  PID:1132
- C:\Windows\System\TpfagfB.exe
  C:\Windows\System\TpfagfB.exe
  2⤵
  PID:2160
- C:\Windows\System\zENAKLQ.exe
  C:\Windows\System\zENAKLQ.exe
  2⤵
  PID:4344
- C:\Windows\System\lvvuAit.exe
  C:\Windows\System\lvvuAit.exe
  2⤵
  PID:5012
- C:\Windows\System\dCuxGMy.exe
  C:\Windows\System\dCuxGMy.exe
  2⤵
  PID:4800
- C:\Windows\System\KBzooQF.exe
  C:\Windows\System\KBzooQF.exe
  2⤵
  PID:3152
- C:\Windows\System\RVBWOgu.exe
  C:\Windows\System\RVBWOgu.exe
  2⤵
  PID:1992
- C:\Windows\System\GPDFCKA.exe
  C:\Windows\System\GPDFCKA.exe
  2⤵
  PID:4300
- C:\Windows\System\eIZWSmc.exe
  C:\Windows\System\eIZWSmc.exe
  2⤵
  PID:5052
- C:\Windows\System\tvWetfG.exe
  C:\Windows\System\tvWetfG.exe
  2⤵
  PID:3416
- C:\Windows\System\CAKdLuY.exe
  C:\Windows\System\CAKdLuY.exe
  2⤵
  PID:1120
- C:\Windows\System\lgxXDaT.exe
  C:\Windows\System\lgxXDaT.exe
  2⤵
  PID:3404
- C:\Windows\System\LjJRSCu.exe
  C:\Windows\System\LjJRSCu.exe
  2⤵
  PID:5044
- C:\Windows\System\iZlcDlx.exe
  C:\Windows\System\iZlcDlx.exe
  2⤵
  PID:4016
- C:\Windows\System\gbngxwJ.exe
  C:\Windows\System\gbngxwJ.exe
  2⤵
  PID:1636
- C:\Windows\System\xSkBhvx.exe
  C:\Windows\System\xSkBhvx.exe
  2⤵
  PID:4532
- C:\Windows\System\QBDOtnE.exe
  C:\Windows\System\QBDOtnE.exe
  2⤵
  PID:4508
- C:\Windows\System\nCpRWPD.exe
  C:\Windows\System\nCpRWPD.exe
  2⤵
  PID:2516
- C:\Windows\System\vicPbGP.exe
  C:\Windows\System\vicPbGP.exe
  2⤵
  PID:1576
- C:\Windows\System\yquBIFw.exe
  C:\Windows\System\yquBIFw.exe
  2⤵
  PID:4180
- C:\Windows\System\wYulwPc.exe
  C:\Windows\System\wYulwPc.exe
  2⤵
  PID:1220
- C:\Windows\System\qVLbWcH.exe
  C:\Windows\System\qVLbWcH.exe
  2⤵
  PID:3992
- C:\Windows\System\qvmOaRb.exe
  C:\Windows\System\qvmOaRb.exe
  2⤵
  PID:940
- C:\Windows\System\ETLuHfp.exe
  C:\Windows\System\ETLuHfp.exe
  2⤵
  PID:1840
- C:\Windows\System\zivsYwJ.exe
  C:\Windows\System\zivsYwJ.exe
  2⤵
  PID:4740
- C:\Windows\System\ymTRHje.exe
  C:\Windows\System\ymTRHje.exe
  2⤵
  PID:3420
- C:\Windows\System\VPCwoHW.exe
  C:\Windows\System\VPCwoHW.exe
  2⤵
  PID:1544
- C:\Windows\System\zHcVMgZ.exe
  C:\Windows\System\zHcVMgZ.exe
  2⤵
  PID:1028
- C:\Windows\System\mimiPSj.exe
  C:\Windows\System\mimiPSj.exe
  2⤵
  PID:4780
- C:\Windows\System\KEeDBje.exe
  C:\Windows\System\KEeDBje.exe
  2⤵
  PID:5132
- C:\Windows\System\GrmXRFQ.exe
  C:\Windows\System\GrmXRFQ.exe
  2⤵
  PID:5168
- C:\Windows\System\sWSCCKX.exe
  C:\Windows\System\sWSCCKX.exe
  2⤵
  PID:5196
- C:\Windows\System\cKawFCr.exe
  C:\Windows\System\cKawFCr.exe
  2⤵
  PID:5244
- C:\Windows\System\MwphUjJ.exe
  C:\Windows\System\MwphUjJ.exe
  2⤵
  PID:5276
- C:\Windows\System\wfzTXyM.exe
  C:\Windows\System\wfzTXyM.exe
  2⤵
  PID:5304
- C:\Windows\System\HGvjpFi.exe
  C:\Windows\System\HGvjpFi.exe
  2⤵
  PID:5336
- C:\Windows\System\ASMbhnS.exe
  C:\Windows\System\ASMbhnS.exe
  2⤵
  PID:5364
- C:\Windows\System\sREbghy.exe
  C:\Windows\System\sREbghy.exe
  2⤵
  PID:5388
- C:\Windows\System\hRWArgd.exe
  C:\Windows\System\hRWArgd.exe
  2⤵
  PID:5420
- C:\Windows\System\qpBWlxs.exe
  C:\Windows\System\qpBWlxs.exe
  2⤵
  PID:5452
- C:\Windows\System\JVTwCuy.exe
  C:\Windows\System\JVTwCuy.exe
  2⤵
  PID:5496
- C:\Windows\System\lxVCGuy.exe
  C:\Windows\System\lxVCGuy.exe
  2⤵
  PID:5528
- C:\Windows\System\PqcVaLZ.exe
  C:\Windows\System\PqcVaLZ.exe
  2⤵
  PID:5556
- C:\Windows\System\XQDQKjx.exe
  C:\Windows\System\XQDQKjx.exe
  2⤵
  PID:5580
- C:\Windows\System\LQicKPn.exe
  C:\Windows\System\LQicKPn.exe
  2⤵
  PID:5612
- C:\Windows\System\huVQFCs.exe
  C:\Windows\System\huVQFCs.exe
  2⤵
  PID:5644
- C:\Windows\System\Ayibltw.exe
  C:\Windows\System\Ayibltw.exe
  2⤵
  PID:5672
- C:\Windows\System\BivKlLf.exe
  C:\Windows\System\BivKlLf.exe
  2⤵
  PID:5700
- C:\Windows\System\vcbJQPQ.exe
  C:\Windows\System\vcbJQPQ.exe
  2⤵
  PID:5732
- C:\Windows\System\RGGzXWb.exe
  C:\Windows\System\RGGzXWb.exe
  2⤵
  PID:5764
- C:\Windows\System\BDPBEut.exe
  C:\Windows\System\BDPBEut.exe
  2⤵
  PID:5792
- C:\Windows\System\RYqQrlP.exe
  C:\Windows\System\RYqQrlP.exe
  2⤵
  PID:5820
- C:\Windows\System\zdfwreD.exe
  C:\Windows\System\zdfwreD.exe
  2⤵
  PID:5848
- C:\Windows\System\iGFhptB.exe
  C:\Windows\System\iGFhptB.exe
  2⤵
  PID:5880
- C:\Windows\System\HSdukPm.exe
  C:\Windows\System\HSdukPm.exe
  2⤵
  PID:5912
- C:\Windows\System\Erhmbkz.exe
  C:\Windows\System\Erhmbkz.exe
  2⤵
  PID:5940
- C:\Windows\System\KerItBM.exe
  C:\Windows\System\KerItBM.exe
  2⤵
  PID:5976
- C:\Windows\System\rikOdHS.exe
  C:\Windows\System\rikOdHS.exe
  2⤵
  PID:5996
- C:\Windows\System\OvsnQyt.exe
  C:\Windows\System\OvsnQyt.exe
  2⤵
  PID:6024
- C:\Windows\System\takobHr.exe
  C:\Windows\System\takobHr.exe
  2⤵
  PID:6052
- C:\Windows\System\YAKDqnh.exe
  C:\Windows\System\YAKDqnh.exe
  2⤵
  PID:6084
- C:\Windows\System\pUibvTb.exe
  C:\Windows\System\pUibvTb.exe
  2⤵
  PID:6112
- C:\Windows\System\YFtZPox.exe
  C:\Windows\System\YFtZPox.exe
  2⤵
  PID:5124
- C:\Windows\System\drCljDE.exe
  C:\Windows\System\drCljDE.exe
  2⤵
  PID:5180
- C:\Windows\System\VVNPKJv.exe
  C:\Windows\System\VVNPKJv.exe
  2⤵
  PID:5272
- C:\Windows\System\agkddMJ.exe
  C:\Windows\System\agkddMJ.exe
  2⤵
  PID:5344
- C:\Windows\System\zEtGEhw.exe
  C:\Windows\System\zEtGEhw.exe
  2⤵
  PID:5408
- C:\Windows\System\NZbaSYX.exe
  C:\Windows\System\NZbaSYX.exe
  2⤵
  PID:5488
- C:\Windows\System\wsHUenb.exe
  C:\Windows\System\wsHUenb.exe
  2⤵
  PID:5564
- C:\Windows\System\RSXhFRX.exe
  C:\Windows\System\RSXhFRX.exe
  2⤵
  PID:5620
- C:\Windows\System\Aaiyoki.exe
  C:\Windows\System\Aaiyoki.exe
  2⤵
  PID:5696
- C:\Windows\System\TVIDLcl.exe
  C:\Windows\System\TVIDLcl.exe
  2⤵
  PID:5740
- C:\Windows\System\SkmOuxK.exe
  C:\Windows\System\SkmOuxK.exe
  2⤵
  PID:5788
- C:\Windows\System\xWAmkTZ.exe
  C:\Windows\System\xWAmkTZ.exe
  2⤵
  PID:5860
- C:\Windows\System\PpBPGvK.exe
  C:\Windows\System\PpBPGvK.exe
  2⤵
  PID:5952
- C:\Windows\System\ZQijiOM.exe
  C:\Windows\System\ZQijiOM.exe
  2⤵
  PID:6064
- C:\Windows\System\hcVPREm.exe
  C:\Windows\System\hcVPREm.exe
  2⤵
  PID:6104
- C:\Windows\System\QFQcOBS.exe
  C:\Windows\System\QFQcOBS.exe
  2⤵
  PID:6132
- C:\Windows\System\uCHGDlF.exe
  C:\Windows\System\uCHGDlF.exe
  2⤵
  PID:5372
- C:\Windows\System\oGFExhw.exe
  C:\Windows\System\oGFExhw.exe
  2⤵
  PID:3784
- C:\Windows\System\CSawIXT.exe
  C:\Windows\System\CSawIXT.exe
  2⤵
  PID:5652
- C:\Windows\System\HUNloZD.exe
  C:\Windows\System\HUNloZD.exe
  2⤵
  PID:5844
- C:\Windows\System\GDzARbH.exe
  C:\Windows\System\GDzARbH.exe
  2⤵
  PID:6020
- C:\Windows\System\DzfXocg.exe
  C:\Windows\System\DzfXocg.exe
  2⤵
  PID:6136
- C:\Windows\System\JxnVLPH.exe
  C:\Windows\System\JxnVLPH.exe
  2⤵
  PID:5440
- C:\Windows\System\hidXrbY.exe
  C:\Windows\System\hidXrbY.exe
  2⤵
  PID:5776
- C:\Windows\System\ghJcMYJ.exe
  C:\Windows\System\ghJcMYJ.exe
  2⤵
  PID:6124
- C:\Windows\System\IQKxbjF.exe
  C:\Windows\System\IQKxbjF.exe
  2⤵
  PID:5908
- C:\Windows\System\GsiwLsX.exe
  C:\Windows\System\GsiwLsX.exe
  2⤵
  PID:5600
- C:\Windows\System\uHTBdjk.exe
  C:\Windows\System\uHTBdjk.exe
  2⤵
  PID:6168
- C:\Windows\System\JrXLrqC.exe
  C:\Windows\System\JrXLrqC.exe
  2⤵
  PID:6184
- C:\Windows\System\NIyrayE.exe
  C:\Windows\System\NIyrayE.exe
  2⤵
  PID:6200
- C:\Windows\System\GTheSOm.exe
  C:\Windows\System\GTheSOm.exe
  2⤵
  PID:6236
- C:\Windows\System\ZyuDmrE.exe
  C:\Windows\System\ZyuDmrE.exe
  2⤵
  PID:6280
- C:\Windows\System\CajIWku.exe
  C:\Windows\System\CajIWku.exe
  2⤵
  PID:6312
- C:\Windows\System\XGSbhna.exe
  C:\Windows\System\XGSbhna.exe
  2⤵
  PID:6340
- C:\Windows\System\HNJUALN.exe
  C:\Windows\System\HNJUALN.exe
  2⤵
  PID:6376
- C:\Windows\System\hrbghUC.exe
  C:\Windows\System\hrbghUC.exe
  2⤵
  PID:6400
- C:\Windows\System\OmfpPjy.exe
  C:\Windows\System\OmfpPjy.exe
  2⤵
  PID:6428
- C:\Windows\System\zuCmREF.exe
  C:\Windows\System\zuCmREF.exe
  2⤵
  PID:6448
- C:\Windows\System\BSthRWl.exe
  C:\Windows\System\BSthRWl.exe
  2⤵
  PID:6472
- C:\Windows\System\fbJeiEE.exe
  C:\Windows\System\fbJeiEE.exe
  2⤵
  PID:6492
- C:\Windows\System\LutvGQq.exe
  C:\Windows\System\LutvGQq.exe
  2⤵
  PID:6516
- C:\Windows\System\CYQBTok.exe
  C:\Windows\System\CYQBTok.exe
  2⤵
  PID:6548
- C:\Windows\System\xjnHkMl.exe
  C:\Windows\System\xjnHkMl.exe
  2⤵
  PID:6564
- C:\Windows\System\qGOvbhh.exe
  C:\Windows\System\qGOvbhh.exe
  2⤵
  PID:6604
- C:\Windows\System\PkOcTSy.exe
  C:\Windows\System\PkOcTSy.exe
  2⤵
  PID:6676
- C:\Windows\System\BohoVPo.exe
  C:\Windows\System\BohoVPo.exe
  2⤵
  PID:6700
- C:\Windows\System\dPJviGy.exe
  C:\Windows\System\dPJviGy.exe
  2⤵
  PID:6740
- C:\Windows\System\pMRGTNG.exe
  C:\Windows\System\pMRGTNG.exe
  2⤵
  PID:6784
- C:\Windows\System\zWyMFch.exe
  C:\Windows\System\zWyMFch.exe
  2⤵
  PID:6812
- C:\Windows\System\GolHUdY.exe
  C:\Windows\System\GolHUdY.exe
  2⤵
  PID:6840
- C:\Windows\System\kdYLXbR.exe
  C:\Windows\System\kdYLXbR.exe
  2⤵
  PID:6888
- C:\Windows\System\QEzQdZJ.exe
  C:\Windows\System\QEzQdZJ.exe
  2⤵
  PID:6908
- C:\Windows\System\vaCVNmf.exe
  C:\Windows\System\vaCVNmf.exe
  2⤵
  PID:6940
- C:\Windows\System\XcKkVfX.exe
  C:\Windows\System\XcKkVfX.exe
  2⤵
  PID:6964
- C:\Windows\System\GLVbhVL.exe
  C:\Windows\System\GLVbhVL.exe
  2⤵
  PID:6992
- C:\Windows\System\RjlNvqa.exe
  C:\Windows\System\RjlNvqa.exe
  2⤵
  PID:7024
- C:\Windows\System\nIipJqt.exe
  C:\Windows\System\nIipJqt.exe
  2⤵
  PID:7048
- C:\Windows\System\YVCWQhC.exe
  C:\Windows\System\YVCWQhC.exe
  2⤵
  PID:7080
- C:\Windows\System\uJGGvAW.exe
  C:\Windows\System\uJGGvAW.exe
  2⤵
  PID:7104
- C:\Windows\System\LVPMZic.exe
  C:\Windows\System\LVPMZic.exe
  2⤵
  PID:7132
- C:\Windows\System\xEvwEDU.exe
  C:\Windows\System\xEvwEDU.exe
  2⤵
  PID:7164
- C:\Windows\System\CkTnIys.exe
  C:\Windows\System\CkTnIys.exe
  2⤵
  PID:6196
- C:\Windows\System\RKLMKcv.exe
  C:\Windows\System\RKLMKcv.exe
  2⤵
  PID:6276
- C:\Windows\System\SFjPrvW.exe
  C:\Windows\System\SFjPrvW.exe
  2⤵
  PID:6324
- C:\Windows\System\ZFdQtZD.exe
  C:\Windows\System\ZFdQtZD.exe
  2⤵
  PID:6392
- C:\Windows\System\ShuNlkE.exe
  C:\Windows\System\ShuNlkE.exe
  2⤵
  PID:6484
- C:\Windows\System\yFdqZTI.exe
  C:\Windows\System\yFdqZTI.exe
  2⤵
  PID:6512
- C:\Windows\System\mmDoKOt.exe
  C:\Windows\System\mmDoKOt.exe
  2⤵
  PID:6556
- C:\Windows\System\emqHMCn.exe
  C:\Windows\System\emqHMCn.exe
  2⤵
  PID:6668
- C:\Windows\System\mKqKIGu.exe
  C:\Windows\System\mKqKIGu.exe
  2⤵
  PID:6732
- C:\Windows\System\LiHOUQD.exe
  C:\Windows\System\LiHOUQD.exe
  2⤵
  PID:6824
- C:\Windows\System\lorZQmg.exe
  C:\Windows\System\lorZQmg.exe
  2⤵
  PID:6928
- C:\Windows\System\BLOFrsi.exe
  C:\Windows\System\BLOFrsi.exe
  2⤵
  PID:6984
- C:\Windows\System\MYKThpB.exe
  C:\Windows\System\MYKThpB.exe
  2⤵
  PID:7060
- C:\Windows\System\TjqndWt.exe
  C:\Windows\System\TjqndWt.exe
  2⤵
  PID:7124
- C:\Windows\System\rQMWCMY.exe
  C:\Windows\System\rQMWCMY.exe
  2⤵
  PID:6220
- C:\Windows\System\kDBHvwC.exe
  C:\Windows\System\kDBHvwC.exe
  2⤵
  PID:6460
- C:\Windows\System\DwQDleZ.exe
  C:\Windows\System\DwQDleZ.exe
  2⤵
  PID:6716
- C:\Windows\System\LHGXipk.exe
  C:\Windows\System\LHGXipk.exe
  2⤵
  PID:7032
- C:\Windows\System\tSPePTw.exe
  C:\Windows\System\tSPePTw.exe
  2⤵
  PID:6508
- C:\Windows\System\HAehZmb.exe
  C:\Windows\System\HAehZmb.exe
  2⤵
  PID:7044
- C:\Windows\System\yyqkavS.exe
  C:\Windows\System\yyqkavS.exe
  2⤵
  PID:7172
- C:\Windows\System\udsOWXi.exe
  C:\Windows\System\udsOWXi.exe
  2⤵
  PID:7208
- C:\Windows\System\sqgmyxD.exe
  C:\Windows\System\sqgmyxD.exe
  2⤵
  PID:7260
- C:\Windows\System\KdUvVTd.exe
  C:\Windows\System\KdUvVTd.exe
  2⤵
  PID:7288
- C:\Windows\System\JoStgdE.exe
  C:\Windows\System\JoStgdE.exe
  2⤵
  PID:7332
- C:\Windows\System\aqBXjFh.exe
  C:\Windows\System\aqBXjFh.exe
  2⤵
  PID:7360
- C:\Windows\System\XfjUxpQ.exe
  C:\Windows\System\XfjUxpQ.exe
  2⤵
  PID:7400
- C:\Windows\System\gLnXhbP.exe
  C:\Windows\System\gLnXhbP.exe
  2⤵
  PID:7440
- C:\Windows\System\YCSCpSz.exe
  C:\Windows\System\YCSCpSz.exe
  2⤵
  PID:7472
- C:\Windows\System\fddpTJJ.exe
  C:\Windows\System\fddpTJJ.exe
  2⤵
  PID:7500
- C:\Windows\System\rTmxcUn.exe
  C:\Windows\System\rTmxcUn.exe
  2⤵
  PID:7516
- C:\Windows\System\AMpVTZI.exe
  C:\Windows\System\AMpVTZI.exe
  2⤵
  PID:7544
- C:\Windows\System\tVyqPiX.exe
  C:\Windows\System\tVyqPiX.exe
  2⤵
  PID:7580
- C:\Windows\System\XtYAKhH.exe
  C:\Windows\System\XtYAKhH.exe
  2⤵
  PID:7620
- C:\Windows\System\wdzmpvh.exe
  C:\Windows\System\wdzmpvh.exe
  2⤵
  PID:7652
- C:\Windows\System\sMDkVso.exe
  C:\Windows\System\sMDkVso.exe
  2⤵
  PID:7672
- C:\Windows\System\OWXifYA.exe
  C:\Windows\System\OWXifYA.exe
  2⤵
  PID:7708
- C:\Windows\System\nEerAtZ.exe
  C:\Windows\System\nEerAtZ.exe
  2⤵
  PID:7744
- C:\Windows\System\hRrntbt.exe
  C:\Windows\System\hRrntbt.exe
  2⤵
  PID:7780
- C:\Windows\System\PnZlGsu.exe
  C:\Windows\System\PnZlGsu.exe
  2⤵
  PID:7796
- C:\Windows\System\ZVgYNuQ.exe
  C:\Windows\System\ZVgYNuQ.exe
  2⤵
  PID:7840
- C:\Windows\System\SoCpFje.exe
  C:\Windows\System\SoCpFje.exe
  2⤵
  PID:7860
- C:\Windows\System\blcfSqZ.exe
  C:\Windows\System\blcfSqZ.exe
  2⤵
  PID:7884
- C:\Windows\System\jKqXUhE.exe
  C:\Windows\System\jKqXUhE.exe
  2⤵
  PID:7912
- C:\Windows\System\zDsWWnr.exe
  C:\Windows\System\zDsWWnr.exe
  2⤵
  PID:7928
- C:\Windows\System\LceCCUY.exe
  C:\Windows\System\LceCCUY.exe
  2⤵
  PID:7968
- C:\Windows\System\pdySLEA.exe
  C:\Windows\System\pdySLEA.exe
  2⤵
  PID:7992
- C:\Windows\System\MispIQF.exe
  C:\Windows\System\MispIQF.exe
  2⤵
  PID:8012
- C:\Windows\System\SYBoPYA.exe
  C:\Windows\System\SYBoPYA.exe
  2⤵
  PID:8060
- C:\Windows\System\uuQUgpQ.exe
  C:\Windows\System\uuQUgpQ.exe
  2⤵
  PID:8084
- C:\Windows\System\gIMQiLC.exe
  C:\Windows\System\gIMQiLC.exe
  2⤵
  PID:8108
- C:\Windows\System\pKcUZYf.exe
  C:\Windows\System\pKcUZYf.exe
  2⤵
  PID:8140
- C:\Windows\System\OjyzDKL.exe
  C:\Windows\System\OjyzDKL.exe
  2⤵
  PID:8176
- C:\Windows\System\TormJwf.exe
  C:\Windows\System\TormJwf.exe
  2⤵
  PID:6588
- C:\Windows\System\HJvsrNc.exe
  C:\Windows\System\HJvsrNc.exe
  2⤵
  PID:7320
- C:\Windows\System\EHXzQxK.exe
  C:\Windows\System\EHXzQxK.exe
  2⤵
  PID:7380
- C:\Windows\System\CapZWqb.exe
  C:\Windows\System\CapZWqb.exe
  2⤵
  PID:7460
- C:\Windows\System\BbXMEPS.exe
  C:\Windows\System\BbXMEPS.exe
  2⤵
  PID:3464
- C:\Windows\System\TFKQJuR.exe
  C:\Windows\System\TFKQJuR.exe
  2⤵
  PID:7568
- C:\Windows\System\ddZjWvK.exe
  C:\Windows\System\ddZjWvK.exe
  2⤵
  PID:7660
- C:\Windows\System\bAAVLxQ.exe
  C:\Windows\System\bAAVLxQ.exe
  2⤵
  PID:7736
- C:\Windows\System\gIrdUPU.exe
  C:\Windows\System\gIrdUPU.exe
  2⤵
  PID:7792
- C:\Windows\System\GGGCVWb.exe
  C:\Windows\System\GGGCVWb.exe
  2⤵
  PID:7876
- C:\Windows\System\Zibfhru.exe
  C:\Windows\System\Zibfhru.exe
  2⤵
  PID:7924
- C:\Windows\System\EsdCmuO.exe
  C:\Windows\System\EsdCmuO.exe
  2⤵
  PID:8008
- C:\Windows\System\RIoSLAL.exe
  C:\Windows\System\RIoSLAL.exe
  2⤵
  PID:8080
- C:\Windows\System\XHkwBOM.exe
  C:\Windows\System\XHkwBOM.exe
  2⤵
  PID:8136
- C:\Windows\System\sVYKrDC.exe
  C:\Windows\System\sVYKrDC.exe
  2⤵
  PID:7252
- C:\Windows\System\eRvrGbv.exe
  C:\Windows\System\eRvrGbv.exe
  2⤵
  PID:7508
- C:\Windows\System\VfsGghu.exe
  C:\Windows\System\VfsGghu.exe
  2⤵
  PID:7700
- C:\Windows\System\VktATuZ.exe
  C:\Windows\System\VktATuZ.exe
  2⤵
  PID:7900
- C:\Windows\System\RYoihCJ.exe
  C:\Windows\System\RYoihCJ.exe
  2⤵
  PID:8036
- C:\Windows\System\RLHGmaG.exe
  C:\Windows\System\RLHGmaG.exe
  2⤵
  PID:8184
- C:\Windows\System\mORVgtm.exe
  C:\Windows\System\mORVgtm.exe
  2⤵
  PID:7512
- C:\Windows\System\MbAvsVI.exe
  C:\Windows\System\MbAvsVI.exe
  2⤵
  PID:7788
- C:\Windows\System\IKdNlqO.exe
  C:\Windows\System\IKdNlqO.exe
  2⤵
  PID:8032
- C:\Windows\System\QQIBpRL.exe
  C:\Windows\System\QQIBpRL.exe
  2⤵
  PID:8212
- C:\Windows\System\GpwrZIp.exe
  C:\Windows\System\GpwrZIp.exe
  2⤵
  PID:8244
- C:\Windows\System\TljmMyQ.exe
  C:\Windows\System\TljmMyQ.exe
  2⤵
  PID:8312
- C:\Windows\System\wSRNyYE.exe
  C:\Windows\System\wSRNyYE.exe
  2⤵
  PID:8352
- C:\Windows\System\mTKvrsD.exe
  C:\Windows\System\mTKvrsD.exe
  2⤵
  PID:8388
- C:\Windows\System\kvYtoFh.exe
  C:\Windows\System\kvYtoFh.exe
  2⤵
  PID:8404
- C:\Windows\System\pkAetpq.exe
  C:\Windows\System\pkAetpq.exe
  2⤵
  PID:8440
- C:\Windows\System\JxgfzVN.exe
  C:\Windows\System\JxgfzVN.exe
  2⤵
  PID:8472
- C:\Windows\System\dDUzsAv.exe
  C:\Windows\System\dDUzsAv.exe
  2⤵
  PID:8496
- C:\Windows\System\ARYRsJq.exe
  C:\Windows\System\ARYRsJq.exe
  2⤵
  PID:8528
- C:\Windows\System\mypunxY.exe
  C:\Windows\System\mypunxY.exe
  2⤵
  PID:8544
- C:\Windows\System\ZUIgGxq.exe
  C:\Windows\System\ZUIgGxq.exe
  2⤵
  PID:8584
- C:\Windows\System\xpEXITh.exe
  C:\Windows\System\xpEXITh.exe
  2⤵
  PID:8616
- C:\Windows\System\SobTJHB.exe
  C:\Windows\System\SobTJHB.exe
  2⤵
  PID:8652
- C:\Windows\System\xBKctnT.exe
  C:\Windows\System\xBKctnT.exe
  2⤵
  PID:8680
- C:\Windows\System\VXnmmQu.exe
  C:\Windows\System\VXnmmQu.exe
  2⤵
  PID:8696
- C:\Windows\System\fpuyxfc.exe
  C:\Windows\System\fpuyxfc.exe
  2⤵
  PID:8736
- C:\Windows\System\JRWCqfY.exe
  C:\Windows\System\JRWCqfY.exe
  2⤵
  PID:8764
- C:\Windows\System\XGXiaHy.exe
  C:\Windows\System\XGXiaHy.exe
  2⤵
  PID:8792
- C:\Windows\System\DqzFxmp.exe
  C:\Windows\System\DqzFxmp.exe
  2⤵
  PID:8820
- C:\Windows\System\XZeagHk.exe
  C:\Windows\System\XZeagHk.exe
  2⤵
  PID:8848
- C:\Windows\System\TkAAYrL.exe
  C:\Windows\System\TkAAYrL.exe
  2⤵
  PID:8864
- C:\Windows\System\HGIrydA.exe
  C:\Windows\System\HGIrydA.exe
  2⤵
  PID:8904
- C:\Windows\System\cFxldhH.exe
  C:\Windows\System\cFxldhH.exe
  2⤵
  PID:8924
- C:\Windows\System\YsoTiHw.exe
  C:\Windows\System\YsoTiHw.exe
  2⤵
  PID:8948
- C:\Windows\System\NmuLyMF.exe
  C:\Windows\System\NmuLyMF.exe
  2⤵
  PID:8988
- C:\Windows\System\earWWrD.exe
  C:\Windows\System\earWWrD.exe
  2⤵
  PID:9024
- C:\Windows\System\QMPGWjQ.exe
  C:\Windows\System\QMPGWjQ.exe
  2⤵
  PID:9048
- C:\Windows\System\ZTlGwQI.exe
  C:\Windows\System\ZTlGwQI.exe
  2⤵
  PID:9092
- C:\Windows\System\yqckgQe.exe
  C:\Windows\System\yqckgQe.exe
  2⤵
  PID:9128
- C:\Windows\System\NVXGHvE.exe
  C:\Windows\System\NVXGHvE.exe
  2⤵
  PID:9160
- C:\Windows\System\sBmzFjf.exe
  C:\Windows\System\sBmzFjf.exe
  2⤵
  PID:9180
- C:\Windows\System\fslxjod.exe
  C:\Windows\System\fslxjod.exe
  2⤵
  PID:9208
- C:\Windows\System\XYvwrYw.exe
  C:\Windows\System\XYvwrYw.exe
  2⤵
  PID:7728
- C:\Windows\System\GEIsDlc.exe
  C:\Windows\System\GEIsDlc.exe
  2⤵
  PID:8292
- C:\Windows\System\YuiowiH.exe
  C:\Windows\System\YuiowiH.exe
  2⤵
  PID:8344
- C:\Windows\System\ouMYRSM.exe
  C:\Windows\System\ouMYRSM.exe
  2⤵
  PID:8416
- C:\Windows\System\DycjjbY.exe
  C:\Windows\System\DycjjbY.exe
  2⤵
  PID:8464
- C:\Windows\System\WERvbsB.exe
  C:\Windows\System\WERvbsB.exe
  2⤵
  PID:8520
- C:\Windows\System\MBNdspp.exe
  C:\Windows\System\MBNdspp.exe
  2⤵
  PID:8568
- C:\Windows\System\ODcsBTx.exe
  C:\Windows\System\ODcsBTx.exe
  2⤵
  PID:8664
- C:\Windows\System\fzoofrZ.exe
  C:\Windows\System\fzoofrZ.exe
  2⤵
  PID:8732
- C:\Windows\System\hZugIiH.exe
  C:\Windows\System\hZugIiH.exe
  2⤵
  PID:8788
- C:\Windows\System\AIEDgnJ.exe
  C:\Windows\System\AIEDgnJ.exe
  2⤵
  PID:8856
- C:\Windows\System\XcuVgTQ.exe
  C:\Windows\System\XcuVgTQ.exe
  2⤵
  PID:8932
- C:\Windows\System\XQKPxBX.exe
  C:\Windows\System\XQKPxBX.exe
  2⤵
  PID:9008
- C:\Windows\System\twnseQL.exe
  C:\Windows\System\twnseQL.exe
  2⤵
  PID:9072
- C:\Windows\System\VBGSHkv.exe
  C:\Windows\System\VBGSHkv.exe
  2⤵
  PID:9148
- C:\Windows\System\ugrmPgk.exe
  C:\Windows\System\ugrmPgk.exe
  2⤵
  PID:9204
- C:\Windows\System\nKskNYz.exe
  C:\Windows\System\nKskNYz.exe
  2⤵
  PID:8264
- C:\Windows\System\OfWsJnm.exe
  C:\Windows\System\OfWsJnm.exe
  2⤵
  PID:8432
- C:\Windows\System\LdAHQeS.exe
  C:\Windows\System\LdAHQeS.exe
  2⤵
  PID:8556
- C:\Windows\System\lvlRTns.exe
  C:\Windows\System\lvlRTns.exe
  2⤵
  PID:8724
- C:\Windows\System\hkWzicW.exe
  C:\Windows\System\hkWzicW.exe
  2⤵
  PID:8884
- C:\Windows\System\zudIkck.exe
  C:\Windows\System\zudIkck.exe
  2⤵
  PID:9104
- C:\Windows\System\sDaFITh.exe
  C:\Windows\System\sDaFITh.exe
  2⤵
  PID:8232
- C:\Windows\System\CRdTIqR.exe
  C:\Windows\System\CRdTIqR.exe
  2⤵
  PID:8840
- C:\Windows\System\GshKzdd.exe
  C:\Windows\System\GshKzdd.exe
  2⤵
  PID:9176
- C:\Windows\System\dFpjzmb.exe
  C:\Windows\System\dFpjzmb.exe
  2⤵
  PID:9032
- C:\Windows\System\QMuTkRV.exe
  C:\Windows\System\QMuTkRV.exe
  2⤵
  PID:9236
- C:\Windows\System\JePrbvK.exe
  C:\Windows\System\JePrbvK.exe
  2⤵
  PID:9264
- C:\Windows\System\oEriFNf.exe
  C:\Windows\System\oEriFNf.exe
  2⤵
  PID:9296
- C:\Windows\System\jglwKQb.exe
  C:\Windows\System\jglwKQb.exe
  2⤵
  PID:9324
- C:\Windows\System\QtORmJP.exe
  C:\Windows\System\QtORmJP.exe
  2⤵
  PID:9352
- C:\Windows\System\nqjxvwF.exe
  C:\Windows\System\nqjxvwF.exe
  2⤵
  PID:9380
- C:\Windows\System\bzJYvzl.exe
  C:\Windows\System\bzJYvzl.exe
  2⤵
  PID:9408
- C:\Windows\System\RSkaiJp.exe
  C:\Windows\System\RSkaiJp.exe
  2⤵
  PID:9456
- C:\Windows\System\guHmCKd.exe
  C:\Windows\System\guHmCKd.exe
  2⤵
  PID:9492
- C:\Windows\System\HZezZeO.exe
  C:\Windows\System\HZezZeO.exe
  2⤵
  PID:9528
- C:\Windows\System\FwiCAph.exe
  C:\Windows\System\FwiCAph.exe
  2⤵
  PID:9556
- C:\Windows\System\WMgthOi.exe
  C:\Windows\System\WMgthOi.exe
  2⤵
  PID:9584
- C:\Windows\System\lCwSwQn.exe
  C:\Windows\System\lCwSwQn.exe
  2⤵
  PID:9612
- C:\Windows\System\vGrgZfu.exe
  C:\Windows\System\vGrgZfu.exe
  2⤵
  PID:9648
- C:\Windows\System\nvfcZMr.exe
  C:\Windows\System\nvfcZMr.exe
  2⤵
  PID:9676
- C:\Windows\System\rxlXUDZ.exe
  C:\Windows\System\rxlXUDZ.exe
  2⤵
  PID:9700
- C:\Windows\System\DYGIGXe.exe
  C:\Windows\System\DYGIGXe.exe
  2⤵
  PID:9724
- C:\Windows\System\HMpmjyq.exe
  C:\Windows\System\HMpmjyq.exe
  2⤵
  PID:9752
- C:\Windows\System\qbXxooE.exe
  C:\Windows\System\qbXxooE.exe
  2⤵
  PID:9788
- C:\Windows\System\rdRtKDc.exe
  C:\Windows\System\rdRtKDc.exe
  2⤵
  PID:9820
- C:\Windows\System\DHKJaal.exe
  C:\Windows\System\DHKJaal.exe
  2⤵
  PID:9848
- C:\Windows\System\RKTEasA.exe
  C:\Windows\System\RKTEasA.exe
  2⤵
  PID:9876
- C:\Windows\System\dppDJKD.exe
  C:\Windows\System\dppDJKD.exe
  2⤵
  PID:9908
- C:\Windows\System\TwbOHfl.exe
  C:\Windows\System\TwbOHfl.exe
  2⤵
  PID:9940
- C:\Windows\System\emePtHp.exe
  C:\Windows\System\emePtHp.exe
  2⤵
  PID:9968
- C:\Windows\System\uvPlZZc.exe
  C:\Windows\System\uvPlZZc.exe
  2⤵
  PID:9996
- C:\Windows\System\HAMuwct.exe
  C:\Windows\System\HAMuwct.exe
  2⤵
  PID:10024
- C:\Windows\System\RHqBAHV.exe
  C:\Windows\System\RHqBAHV.exe
  2⤵
  PID:10052
- C:\Windows\System\lBOSwSr.exe
  C:\Windows\System\lBOSwSr.exe
  2⤵
  PID:10080
- C:\Windows\System\yrGijqf.exe
  C:\Windows\System\yrGijqf.exe
  2⤵
  PID:10108
- C:\Windows\System\wzduZwG.exe
  C:\Windows\System\wzduZwG.exe
  2⤵
  PID:10136
- C:\Windows\System\NzwCion.exe
  C:\Windows\System\NzwCion.exe
  2⤵
  PID:10164
- C:\Windows\System\IyhyzWu.exe
  C:\Windows\System\IyhyzWu.exe
  2⤵
  PID:10188
- C:\Windows\System\eUhRvPJ.exe
  C:\Windows\System\eUhRvPJ.exe
  2⤵
  PID:10220
- C:\Windows\System\KmucInM.exe
  C:\Windows\System\KmucInM.exe
  2⤵
  PID:9220
- C:\Windows\System\UaznJXt.exe
  C:\Windows\System\UaznJXt.exe
  2⤵
  PID:8688
- C:\Windows\System\DnJfDHb.exe
  C:\Windows\System\DnJfDHb.exe
  2⤵
  PID:9344
- C:\Windows\System\mWeqWFG.exe
  C:\Windows\System\mWeqWFG.exe
  2⤵
  PID:9376
- C:\Windows\System\JrAnfeU.exe
  C:\Windows\System\JrAnfeU.exe
  2⤵
  PID:692
- C:\Windows\System\QGNGqbN.exe
  C:\Windows\System\QGNGqbN.exe
  2⤵
  PID:9488
- C:\Windows\System\fbyCJmf.exe
  C:\Windows\System\fbyCJmf.exe
  2⤵
  PID:9552
- C:\Windows\System\PMRYfZR.exe
  C:\Windows\System\PMRYfZR.exe
  2⤵
  PID:9624
- C:\Windows\System\IcdBATY.exe
  C:\Windows\System\IcdBATY.exe
  2⤵
  PID:9684
- C:\Windows\System\kGuoaVC.exe
  C:\Windows\System\kGuoaVC.exe
  2⤵
  PID:9772
- C:\Windows\System\QntibPo.exe
  C:\Windows\System\QntibPo.exe
  2⤵
  PID:9864
- C:\Windows\System\OEnIMiB.exe
  C:\Windows\System\OEnIMiB.exe
  2⤵
  PID:9932
- C:\Windows\System\BshvEeI.exe
  C:\Windows\System\BshvEeI.exe
  2⤵
  PID:2976
- C:\Windows\System\owndcAu.exe
  C:\Windows\System\owndcAu.exe
  2⤵
  PID:10036
- C:\Windows\System\FbuuCNe.exe
  C:\Windows\System\FbuuCNe.exe
  2⤵
  PID:10092
- C:\Windows\System\tNSOZkq.exe
  C:\Windows\System\tNSOZkq.exe
  2⤵
  PID:10148
- C:\Windows\System\JepQbBM.exe
  C:\Windows\System\JepQbBM.exe
  2⤵
  PID:10216
- C:\Windows\System\OQFbsWr.exe
  C:\Windows\System\OQFbsWr.exe
  2⤵
  PID:9308
- C:\Windows\System\fguVnHo.exe
  C:\Windows\System\fguVnHo.exe
  2⤵
  PID:8784
- C:\Windows\System\dNGdVDn.exe
  C:\Windows\System\dNGdVDn.exe
  2⤵
  PID:1088
- C:\Windows\System\QyinRyD.exe
  C:\Windows\System\QyinRyD.exe
  2⤵
  PID:9576
- C:\Windows\System\rqqrtlu.exe
  C:\Windows\System\rqqrtlu.exe
  2⤵
  PID:9744
- C:\Windows\System\GRymYAq.exe
  C:\Windows\System\GRymYAq.exe
  2⤵
  PID:9892
- C:\Windows\System\vCQgcKD.exe
  C:\Windows\System\vCQgcKD.exe
  2⤵
  PID:4332
- C:\Windows\System\sJhSOyk.exe
  C:\Windows\System\sJhSOyk.exe
  2⤵
  PID:10196
- C:\Windows\System\guTilNr.exe
  C:\Windows\System\guTilNr.exe
  2⤵
  PID:8692
- C:\Windows\System\OpicRzJ.exe
  C:\Windows\System\OpicRzJ.exe
  2⤵
  PID:9400
- C:\Windows\System\eGnFTJB.exe
  C:\Windows\System\eGnFTJB.exe
  2⤵
  PID:9816
- C:\Windows\System\wJtplqY.exe
  C:\Windows\System\wJtplqY.exe
  2⤵
  PID:10076
- C:\Windows\System\SFkneEl.exe
  C:\Windows\System\SFkneEl.exe
  2⤵
  PID:9660
- C:\Windows\System\GJhmsTo.exe
  C:\Windows\System\GJhmsTo.exe
  2⤵
  PID:3648
- C:\Windows\System\DJWPglz.exe
  C:\Windows\System\DJWPglz.exe
  2⤵
  PID:10268
- C:\Windows\System\SudiwZr.exe
  C:\Windows\System\SudiwZr.exe
  2⤵
  PID:10292
- C:\Windows\System\ptTmJGM.exe
  C:\Windows\System\ptTmJGM.exe
  2⤵
  PID:10320
- C:\Windows\System\mvmVztt.exe
  C:\Windows\System\mvmVztt.exe
  2⤵
  PID:10356
- C:\Windows\System\jwKkbqs.exe
  C:\Windows\System\jwKkbqs.exe
  2⤵
  PID:10392
- C:\Windows\System\NkYVism.exe
  C:\Windows\System\NkYVism.exe
  2⤵
  PID:10436
- C:\Windows\System\UpsXQOO.exe
  C:\Windows\System\UpsXQOO.exe
  2⤵
  PID:10472
- C:\Windows\System\LfIcYMp.exe
  C:\Windows\System\LfIcYMp.exe
  2⤵
  PID:10512
- C:\Windows\System\ZDhQnuZ.exe
  C:\Windows\System\ZDhQnuZ.exe
  2⤵
  PID:10536
- C:\Windows\System\tetMaTU.exe
  C:\Windows\System\tetMaTU.exe
  2⤵
  PID:10564
- C:\Windows\System\CIKdKOx.exe
  C:\Windows\System\CIKdKOx.exe
  2⤵
  PID:10600
- C:\Windows\System\KRjBtdK.exe
  C:\Windows\System\KRjBtdK.exe
  2⤵
  PID:10664
- C:\Windows\System\gOeKaeo.exe
  C:\Windows\System\gOeKaeo.exe
  2⤵
  PID:10708
- C:\Windows\System\HIRSKwM.exe
  C:\Windows\System\HIRSKwM.exe
  2⤵
  PID:10740
- C:\Windows\System\RMILZST.exe
  C:\Windows\System\RMILZST.exe
  2⤵
  PID:10760
- C:\Windows\System\NBQxSss.exe
  C:\Windows\System\NBQxSss.exe
  2⤵
  PID:10776
- C:\Windows\System\GWAcOec.exe
  C:\Windows\System\GWAcOec.exe
  2⤵
  PID:10804
- C:\Windows\System\KkGhBYi.exe
  C:\Windows\System\KkGhBYi.exe
  2⤵
  PID:10824
- C:\Windows\System\ommZdDU.exe
  C:\Windows\System\ommZdDU.exe
  2⤵
  PID:10860
- C:\Windows\System\IpHEemV.exe
  C:\Windows\System\IpHEemV.exe
  2⤵
  PID:10908
- C:\Windows\System\MAgsVYC.exe
  C:\Windows\System\MAgsVYC.exe
  2⤵
  PID:10936
- C:\Windows\System\bLDUjPv.exe
  C:\Windows\System\bLDUjPv.exe
  2⤵
  PID:10960
- C:\Windows\System\yeaehbi.exe
  C:\Windows\System\yeaehbi.exe
  2⤵
  PID:10992
- C:\Windows\System\AGOXWqg.exe
  C:\Windows\System\AGOXWqg.exe
  2⤵
  PID:11024
- C:\Windows\System\HBgQqcu.exe
  C:\Windows\System\HBgQqcu.exe
  2⤵
  PID:11052
- C:\Windows\System\qOpiZYG.exe
  C:\Windows\System\qOpiZYG.exe
  2⤵
  PID:11080
- C:\Windows\System\rSNOMDS.exe
  C:\Windows\System\rSNOMDS.exe
  2⤵
  PID:11112
- C:\Windows\System\QMmnLyX.exe
  C:\Windows\System\QMmnLyX.exe
  2⤵
  PID:11136
- C:\Windows\System\TjkgJPY.exe
  C:\Windows\System\TjkgJPY.exe
  2⤵
  PID:11164
- C:\Windows\System\BbWmfyH.exe
  C:\Windows\System\BbWmfyH.exe
  2⤵
  PID:11204
- C:\Windows\System\BOMudST.exe
  C:\Windows\System\BOMudST.exe
  2⤵
  PID:11232
- C:\Windows\System\EGAVWsi.exe
  C:\Windows\System\EGAVWsi.exe
  2⤵
  PID:11248
- C:\Windows\System\skSjSbq.exe
  C:\Windows\System\skSjSbq.exe
  2⤵
  PID:10252
- C:\Windows\System\CTlztWC.exe
  C:\Windows\System\CTlztWC.exe
  2⤵
  PID:10336
- C:\Windows\System\mUHLiPa.exe
  C:\Windows\System\mUHLiPa.exe
  2⤵
  PID:7184
- C:\Windows\System\gdCLIvr.exe
  C:\Windows\System\gdCLIvr.exe
  2⤵
  PID:10468
- C:\Windows\System\ZVYSSZl.exe
  C:\Windows\System\ZVYSSZl.exe
  2⤵
  PID:10528
- C:\Windows\System\cteWzhN.exe
  C:\Windows\System\cteWzhN.exe
  2⤵
  PID:10616
- C:\Windows\System\EDYIuuz.exe
  C:\Windows\System\EDYIuuz.exe
  2⤵
  PID:10656
- C:\Windows\System\Tsmtsxb.exe
  C:\Windows\System\Tsmtsxb.exe
  2⤵
  PID:10784
- C:\Windows\System\NdpFJBq.exe
  C:\Windows\System\NdpFJBq.exe
  2⤵
  PID:10896
- C:\Windows\System\cLqRevh.exe
  C:\Windows\System\cLqRevh.exe
  2⤵
  PID:10872
- C:\Windows\System\OFYfOsS.exe
  C:\Windows\System\OFYfOsS.exe
  2⤵
  PID:10932
- C:\Windows\System\asjDOiX.exe
  C:\Windows\System\asjDOiX.exe
  2⤵
  PID:11044
- C:\Windows\System\ZXLulAJ.exe
  C:\Windows\System\ZXLulAJ.exe
  2⤵
  PID:11096
- C:\Windows\System\RpMGFrz.exe
  C:\Windows\System\RpMGFrz.exe
  2⤵
  PID:11176
- C:\Windows\System\BiDmhsv.exe
  C:\Windows\System\BiDmhsv.exe
  2⤵
  PID:11244
- C:\Windows\System\dGEeeJK.exe
  C:\Windows\System\dGEeeJK.exe
  2⤵
  PID:10368
- C:\Windows\System\CRNiZLt.exe
  C:\Windows\System\CRNiZLt.exe
  2⤵
  PID:10456
- C:\Windows\System\ipuHzBb.exe
  C:\Windows\System\ipuHzBb.exe
  2⤵
  PID:10556
- C:\Windows\System\LuzsQMe.exe
  C:\Windows\System\LuzsQMe.exe
  2⤵
  PID:10888
- C:\Windows\System\mSpBDbz.exe
  C:\Windows\System\mSpBDbz.exe
  2⤵
  PID:10904
- C:\Windows\System\DPGSVYh.exe
  C:\Windows\System\DPGSVYh.exe
  2⤵
  PID:11148
- C:\Windows\System\iOkeGpf.exe
  C:\Windows\System\iOkeGpf.exe
  2⤵
  PID:11224
- C:\Windows\System\fJEtINz.exe
  C:\Windows\System\fJEtINz.exe
  2⤵
  PID:10632
- C:\Windows\System\omQgexz.exe
  C:\Windows\System\omQgexz.exe
  2⤵
  PID:11036
- C:\Windows\System\yzWgAeX.exe
  C:\Windows\System\yzWgAeX.exe
  2⤵
  PID:10504
- C:\Windows\System\sHRwkYt.exe
  C:\Windows\System\sHRwkYt.exe
  2⤵
  PID:10344
- C:\Windows\System\vHiKYxd.exe
  C:\Windows\System\vHiKYxd.exe
  2⤵
  PID:11284
- C:\Windows\System\CixfGRS.exe
  C:\Windows\System\CixfGRS.exe
  2⤵
  PID:11312
- C:\Windows\System\NtdSAac.exe
  C:\Windows\System\NtdSAac.exe
  2⤵
  PID:11328
- C:\Windows\System\YEolDkf.exe
  C:\Windows\System\YEolDkf.exe
  2⤵
  PID:11356
- C:\Windows\System\VDGHqab.exe
  C:\Windows\System\VDGHqab.exe
  2⤵
  PID:11388
- C:\Windows\System\gvEzOsN.exe
  C:\Windows\System\gvEzOsN.exe
  2⤵
  PID:11416
- C:\Windows\System\CCnExwt.exe
  C:\Windows\System\CCnExwt.exe
  2⤵
  PID:11452
- C:\Windows\System\nVVkYrR.exe
  C:\Windows\System\nVVkYrR.exe
  2⤵
  PID:11480
- C:\Windows\System\vEWyHrI.exe
  C:\Windows\System\vEWyHrI.exe
  2⤵
  PID:11524
- C:\Windows\System\VMoVkKU.exe
  C:\Windows\System\VMoVkKU.exe
  2⤵
  PID:11540
- C:\Windows\System\OvOsgov.exe
  C:\Windows\System\OvOsgov.exe
  2⤵
  PID:11568
- C:\Windows\System\VXuLcRP.exe
  C:\Windows\System\VXuLcRP.exe
  2⤵
  PID:11596
- C:\Windows\System\AcDHMXc.exe
  C:\Windows\System\AcDHMXc.exe
  2⤵
  PID:11624
- C:\Windows\System\WeaRoFg.exe
  C:\Windows\System\WeaRoFg.exe
  2⤵
  PID:11652
- C:\Windows\System\RXeQIPx.exe
  C:\Windows\System\RXeQIPx.exe
  2⤵
  PID:11676
- C:\Windows\System\JWlVVkR.exe
  C:\Windows\System\JWlVVkR.exe
  2⤵
  PID:11708
- C:\Windows\System\aJofmlK.exe
  C:\Windows\System\aJofmlK.exe
  2⤵
  PID:11736
- C:\Windows\System\NsIgiXO.exe
  C:\Windows\System\NsIgiXO.exe
  2⤵
  PID:11760
- C:\Windows\System\tDmXagY.exe
  C:\Windows\System\tDmXagY.exe
  2⤵
  PID:11792
- C:\Windows\System\OslBvim.exe
  C:\Windows\System\OslBvim.exe
  2⤵
  PID:11820
- C:\Windows\System\UaVkxyC.exe
  C:\Windows\System\UaVkxyC.exe
  2⤵
  PID:11856
- C:\Windows\System\vjOtNsF.exe
  C:\Windows\System\vjOtNsF.exe
  2⤵
  PID:11884
- C:\Windows\System\XQaXQDr.exe
  C:\Windows\System\XQaXQDr.exe
  2⤵
  PID:11912
- C:\Windows\System\FWnrATS.exe
  C:\Windows\System\FWnrATS.exe
  2⤵
  PID:11940
- C:\Windows\System\BwOjlBK.exe
  C:\Windows\System\BwOjlBK.exe
  2⤵
  PID:11968
- C:\Windows\System\RDDveCi.exe
  C:\Windows\System\RDDveCi.exe
  2⤵
  PID:11996
- C:\Windows\System\Sqraxrz.exe
  C:\Windows\System\Sqraxrz.exe
  2⤵
  PID:12036
- C:\Windows\System\WRoBRko.exe
  C:\Windows\System\WRoBRko.exe
  2⤵
  PID:12052
- C:\Windows\System\mKTTClj.exe
  C:\Windows\System\mKTTClj.exe
  2⤵
  PID:12080
- C:\Windows\System\SATNBRJ.exe
  C:\Windows\System\SATNBRJ.exe
  2⤵
  PID:12108
- C:\Windows\System\tTzkaUw.exe
  C:\Windows\System\tTzkaUw.exe
  2⤵
  PID:12140
- C:\Windows\System\pFTMfTm.exe
  C:\Windows\System\pFTMfTm.exe
  2⤵
  PID:12168
- C:\Windows\System\VKkZyPt.exe
  C:\Windows\System\VKkZyPt.exe
  2⤵
  PID:12196
- C:\Windows\System\cncgVWo.exe
  C:\Windows\System\cncgVWo.exe
  2⤵
  PID:12224
- C:\Windows\System\kkffxQg.exe
  C:\Windows\System\kkffxQg.exe
  2⤵
  PID:12252
- C:\Windows\System\Auiuccl.exe
  C:\Windows\System\Auiuccl.exe
  2⤵
  PID:12280
- C:\Windows\System\LZvGEhU.exe
  C:\Windows\System\LZvGEhU.exe
  2⤵
  PID:11296
- C:\Windows\System\kOYtPBR.exe
  C:\Windows\System\kOYtPBR.exe
  2⤵
  PID:11324
- C:\Windows\System\Nnzqspc.exe
  C:\Windows\System\Nnzqspc.exe
  2⤵
  PID:11424
- C:\Windows\System\ZJFAMsR.exe
  C:\Windows\System\ZJFAMsR.exe
  2⤵
  PID:11464
- C:\Windows\System\UnssUdx.exe
  C:\Windows\System\UnssUdx.exe
  2⤵
  PID:11532
- C:\Windows\System\exqoEdg.exe
  C:\Windows\System\exqoEdg.exe
  2⤵
  PID:11580
- C:\Windows\System\YdqHksu.exe
  C:\Windows\System\YdqHksu.exe
  2⤵
  PID:11644
- C:\Windows\System\wvgyDgb.exe
  C:\Windows\System\wvgyDgb.exe
  2⤵
  PID:11720
- C:\Windows\System\prunsel.exe
  C:\Windows\System\prunsel.exe
  2⤵
  PID:11816
- C:\Windows\System\dXGbMcg.exe
  C:\Windows\System\dXGbMcg.exe
  2⤵
  PID:11880
- C:\Windows\System\DtwJmLA.exe
  C:\Windows\System\DtwJmLA.exe
  2⤵
  PID:11952
- C:\Windows\System\sDcOfOK.exe
  C:\Windows\System\sDcOfOK.exe
  2⤵
  PID:12020
- C:\Windows\System\gdiRwnZ.exe
  C:\Windows\System\gdiRwnZ.exe
  2⤵
  PID:12072
- C:\Windows\System\msMcQbr.exe
  C:\Windows\System\msMcQbr.exe
  2⤵
  PID:12132
- C:\Windows\System\sqrqTCS.exe
  C:\Windows\System\sqrqTCS.exe
  2⤵
  PID:12208
- C:\Windows\System\ydlVllj.exe
  C:\Windows\System\ydlVllj.exe
  2⤵
  PID:12264
- C:\Windows\System\vLKSNUE.exe
  C:\Windows\System\vLKSNUE.exe
  2⤵
  PID:11344
- C:\Windows\System\snbxPhA.exe
  C:\Windows\System\snbxPhA.exe
  2⤵
  PID:11616
- C:\Windows\System\PMCDybU.exe
  C:\Windows\System\PMCDybU.exe
  2⤵
  PID:11592
- C:\Windows\System\TtyIZbc.exe
  C:\Windows\System\TtyIZbc.exe
  2⤵
  PID:11852
- C:\Windows\System\IEHLlYI.exe
  C:\Windows\System\IEHLlYI.exe
  2⤵
  PID:11992
- C:\Windows\System\vICwzPC.exe
  C:\Windows\System\vICwzPC.exe
  2⤵
  PID:12100
- C:\Windows\System\QOCFCNR.exe
  C:\Windows\System\QOCFCNR.exe
  2⤵
  PID:11320
- C:\Windows\System\SWIRFpA.exe
  C:\Windows\System\SWIRFpA.exe
  2⤵
  PID:4480
- C:\Windows\System\TXEwaJA.exe
  C:\Windows\System\TXEwaJA.exe
  2⤵
  PID:11924
- C:\Windows\System\mkPnyOA.exe
  C:\Windows\System\mkPnyOA.exe
  2⤵
  PID:11448
- C:\Windows\System\kYyrIKD.exe
  C:\Windows\System\kYyrIKD.exe
  2⤵
  PID:12236
- C:\Windows\System\eWpbLho.exe
  C:\Windows\System\eWpbLho.exe
  2⤵
  PID:12296
- C:\Windows\System\jVCMJxF.exe
  C:\Windows\System\jVCMJxF.exe
  2⤵
  PID:12324
- C:\Windows\System\rCzumkT.exe
  C:\Windows\System\rCzumkT.exe
  2⤵
  PID:12360
- C:\Windows\System\stlIbOR.exe
  C:\Windows\System\stlIbOR.exe
  2⤵
  PID:12376
- C:\Windows\System\WrxZATz.exe
  C:\Windows\System\WrxZATz.exe
  2⤵
  PID:12404
- C:\Windows\System\eGeaseW.exe
  C:\Windows\System\eGeaseW.exe
  2⤵
  PID:12432
- C:\Windows\System\tmQOKZh.exe
  C:\Windows\System\tmQOKZh.exe
  2⤵
  PID:12448
- C:\Windows\System\cvTVRwv.exe
  C:\Windows\System\cvTVRwv.exe
  2⤵
  PID:12472
- C:\Windows\System\cGNfqEq.exe
  C:\Windows\System\cGNfqEq.exe
  2⤵
  PID:12500
- C:\Windows\System\RzVhtfi.exe
  C:\Windows\System\RzVhtfi.exe
  2⤵
  PID:12528
- C:\Windows\System\SMZOVUv.exe
  C:\Windows\System\SMZOVUv.exe
  2⤵
  PID:12548
- C:\Windows\System\UYHjCUE.exe
  C:\Windows\System\UYHjCUE.exe
  2⤵
  PID:12572
- C:\Windows\System\KSvcazR.exe
  C:\Windows\System\KSvcazR.exe
  2⤵
  PID:12604
- C:\Windows\System\CNkwJuS.exe
  C:\Windows\System\CNkwJuS.exe
  2⤵
  PID:12636
- C:\Windows\System\RldEtth.exe
  C:\Windows\System\RldEtth.exe
  2⤵
  PID:12672
- C:\Windows\System\TOusdNx.exe
  C:\Windows\System\TOusdNx.exe
  2⤵
  PID:12720
- C:\Windows\System\leJQmxI.exe
  C:\Windows\System\leJQmxI.exe
  2⤵
  PID:12744
- C:\Windows\System\FQCoaju.exe
  C:\Windows\System\FQCoaju.exe
  2⤵
  PID:12780
- C:\Windows\System\qaYzeum.exe
  C:\Windows\System\qaYzeum.exe
  2⤵
  PID:12796
- C:\Windows\System\CBKbvVL.exe
  C:\Windows\System\CBKbvVL.exe
  2⤵
  PID:12832
- C:\Windows\System\yYUwPAk.exe
  C:\Windows\System\yYUwPAk.exe
  2⤵
  PID:12864
- C:\Windows\System\qHNZFnV.exe
  C:\Windows\System\qHNZFnV.exe
  2⤵
  PID:12880
- C:\Windows\System\wLlDVYF.exe
  C:\Windows\System\wLlDVYF.exe
  2⤵
  PID:12908
- C:\Windows\System\GkPiiCq.exe
  C:\Windows\System\GkPiiCq.exe
  2⤵
  PID:12948
- C:\Windows\System\sFMXpdd.exe
  C:\Windows\System\sFMXpdd.exe
  2⤵
  PID:12976
- C:\Windows\System\NPIfkLT.exe
  C:\Windows\System\NPIfkLT.exe
  2⤵
  PID:12992
- C:\Windows\System\FQGztDr.exe
  C:\Windows\System\FQGztDr.exe
  2⤵
  PID:13020
- C:\Windows\System\XGlKjCz.exe
  C:\Windows\System\XGlKjCz.exe
  2⤵
  PID:13060
- C:\Windows\System\flzODbx.exe
  C:\Windows\System\flzODbx.exe
  2⤵
  PID:13080
- C:\Windows\System\cBTricc.exe
  C:\Windows\System\cBTricc.exe
  2⤵
  PID:13104
- C:\Windows\System\QDIBNTk.exe
  C:\Windows\System\QDIBNTk.exe
  2⤵
  PID:13120
- C:\Windows\System\FvYrGtW.exe
  C:\Windows\System\FvYrGtW.exe
  2⤵
  PID:13156
- C:\Windows\System\ksdMgtd.exe
  C:\Windows\System\ksdMgtd.exe
  2⤵
  PID:13196
- C:\Windows\System\aXIShSy.exe
  C:\Windows\System\aXIShSy.exe
  2⤵
  PID:13220
- C:\Windows\System\GwpNILK.exe
  C:\Windows\System\GwpNILK.exe
  2⤵
  PID:13256
- C:\Windows\System\RnilGMX.exe
  C:\Windows\System\RnilGMX.exe
  2⤵
  PID:13284
- C:\Windows\System\xswyyQH.exe
  C:\Windows\System\xswyyQH.exe
  2⤵
  PID:12304
- C:\Windows\System\nSdZDNx.exe
  C:\Windows\System\nSdZDNx.exe
  2⤵
  PID:12332
- C:\Windows\System\rYkDyVe.exe
  C:\Windows\System\rYkDyVe.exe
  2⤵
  PID:12440
- C:\Windows\System\XiqBuYe.exe
  C:\Windows\System\XiqBuYe.exe
  2⤵
  PID:12524
- C:\Windows\System\UYZjxBQ.exe
  C:\Windows\System\UYZjxBQ.exe
  2⤵
  PID:12580
- C:\Windows\System\BoygLnT.exe
  C:\Windows\System\BoygLnT.exe
  2⤵
  PID:12680
- C:\Windows\System\SpQsdTR.exe
  C:\Windows\System\SpQsdTR.exe
  2⤵
  PID:12708
- C:\Windows\System\bKxTviz.exe
  C:\Windows\System\bKxTviz.exe
  2⤵
  PID:6872
- C:\Windows\System\LnktzFe.exe
  C:\Windows\System\LnktzFe.exe
  2⤵
  PID:6896
- C:\Windows\System\Qnmarns.exe
  C:\Windows\System\Qnmarns.exe
  2⤵
  PID:6748
- C:\Windows\System\cXwHuWN.exe
  C:\Windows\System\cXwHuWN.exe
  2⤵
  PID:12872
- C:\Windows\System\AMpCOtT.exe
  C:\Windows\System\AMpCOtT.exe
  2⤵
  PID:12904
- C:\Windows\System\XADesol.exe
  C:\Windows\System\XADesol.exe
  2⤵
  PID:12944
- C:\Windows\System\NyVMsBi.exe
  C:\Windows\System\NyVMsBi.exe
  2⤵
  PID:13040
- C:\Windows\System\LwvtKUo.exe
  C:\Windows\System\LwvtKUo.exe
  2⤵
  PID:13112
- C:\Windows\System\TfQEzLT.exe
  C:\Windows\System\TfQEzLT.exe
  2⤵
  PID:13204
- C:\Windows\System\JIpcWEg.exe
  C:\Windows\System\JIpcWEg.exe
  2⤵
  PID:13268
- C:\Windows\System\nMrfAyR.exe
  C:\Windows\System\nMrfAyR.exe
  2⤵
  PID:12104
- C:\Windows\System\bBCySEl.exe
  C:\Windows\System\bBCySEl.exe
  2⤵
  PID:12460
- C:\Windows\System\PSmopcj.exe
  C:\Windows\System\PSmopcj.exe
  2⤵
  PID:12584
- C:\Windows\System\YncAAdQ.exe
  C:\Windows\System\YncAAdQ.exe
  2⤵
  PID:6768
- C:\Windows\System\EQqEETQ.exe
  C:\Windows\System\EQqEETQ.exe
  2⤵
  PID:12792
- C:\Windows\System\ZAOzuZl.exe
  C:\Windows\System\ZAOzuZl.exe
  2⤵
  PID:12896
- C:\Windows\System\SfnOpZo.exe
  C:\Windows\System\SfnOpZo.exe
  2⤵
  PID:13016
- C:\Windows\System\YwHhpXq.exe
  C:\Windows\System\YwHhpXq.exe
  2⤵
  PID:13148
- C:\Windows\System\ioEipCS.exe
  C:\Windows\System\ioEipCS.exe
  2⤵
  PID:13236
- C:\Windows\System\vzuozJL.exe
  C:\Windows\System\vzuozJL.exe
  2⤵
  PID:3504
- C:\Windows\System\PEFjTIU.exe
  C:\Windows\System\PEFjTIU.exe
  2⤵
  PID:12892
- C:\Windows\System\FihMZVp.exe
  C:\Windows\System\FihMZVp.exe
  2⤵
  PID:13172
- C:\Windows\System\CZCADbM.exe
  C:\Windows\System\CZCADbM.exe
  2⤵
  PID:13336
- C:\Windows\System\SlbRuIV.exe
  C:\Windows\System\SlbRuIV.exe
  2⤵
  PID:13352
- C:\Windows\System\LyJtvyB.exe
  C:\Windows\System\LyJtvyB.exe
  2⤵
  PID:13392
- C:\Windows\System\VlRhZDg.exe
  C:\Windows\System\VlRhZDg.exe
  2⤵
  PID:13428
- C:\Windows\System\ZDRmvrm.exe
  C:\Windows\System\ZDRmvrm.exe
  2⤵
  PID:13460
- C:\Windows\System\qbJsjFz.exe
  C:\Windows\System\qbJsjFz.exe
  2⤵
  PID:13488
- C:\Windows\System\KLVqoNG.exe
  C:\Windows\System\KLVqoNG.exe
  2⤵
  PID:13516
- C:\Windows\System\dEpJmRu.exe
  C:\Windows\System\dEpJmRu.exe
  2⤵
  PID:13544
- C:\Windows\System\asZOGKn.exe
  C:\Windows\System\asZOGKn.exe
  2⤵
  PID:13572
- C:\Windows\System\BrReVHP.exe
  C:\Windows\System\BrReVHP.exe
  2⤵
  PID:13592
- C:\Windows\System\nyofvYr.exe
  C:\Windows\System\nyofvYr.exe
  2⤵
  PID:13620
- C:\Windows\System\eAWVvTA.exe
  C:\Windows\System\eAWVvTA.exe
  2⤵
  PID:13664
- C:\Windows\System\SmkRBmJ.exe
  C:\Windows\System\SmkRBmJ.exe
  2⤵
  PID:13692
- C:\Windows\System\LiBFLZE.exe
  C:\Windows\System\LiBFLZE.exe
  2⤵
  PID:13720
- C:\Windows\System\mplxFYC.exe
  C:\Windows\System\mplxFYC.exe
  2⤵
  PID:13748
- C:\Windows\System\gbuFJVL.exe
  C:\Windows\System\gbuFJVL.exe
  2⤵
  PID:13772
- C:\Windows\System\kQivtsE.exe
  C:\Windows\System\kQivtsE.exe
  2⤵
  PID:13804
- C:\Windows\System\UyjqWuv.exe
  C:\Windows\System\UyjqWuv.exe
  2⤵
  PID:13828
- C:\Windows\System\DsjwSSt.exe
  C:\Windows\System\DsjwSSt.exe
  2⤵
  PID:13860
- C:\Windows\System\zjVvHfb.exe
  C:\Windows\System\zjVvHfb.exe
  2⤵
  PID:13888
- C:\Windows\System\kXrSshx.exe
  C:\Windows\System\kXrSshx.exe
  2⤵
  PID:13916
- C:\Windows\System\pLNvHKv.exe
  C:\Windows\System\pLNvHKv.exe
  2⤵
  PID:13944
- C:\Windows\System\mkKlQRG.exe
  C:\Windows\System\mkKlQRG.exe
  2⤵
  PID:13972
- C:\Windows\System\fwWGPPe.exe
  C:\Windows\System\fwWGPPe.exe
  2⤵
  PID:14000
- C:\Windows\System\VzOKocL.exe
  C:\Windows\System\VzOKocL.exe
  2⤵
  PID:14028
- C:\Windows\System\mcLOImN.exe
  C:\Windows\System\mcLOImN.exe
  2⤵
  PID:14056
- C:\Windows\System\ELNsTHF.exe
  C:\Windows\System\ELNsTHF.exe
  2⤵
  PID:14072
- C:\Windows\System\OtxwsTD.exe
  C:\Windows\System\OtxwsTD.exe
  2⤵
  PID:14112
- C:\Windows\System\XISAWUD.exe
  C:\Windows\System\XISAWUD.exe
  2⤵
  PID:14140
- C:\Windows\System\RHlAgQf.exe
  C:\Windows\System\RHlAgQf.exe
  2⤵
  PID:14164
- C:\Windows\System\HuRjJPe.exe
  C:\Windows\System\HuRjJPe.exe
  2⤵
  PID:14184
- C:\Windows\System\WxYbqDB.exe
  C:\Windows\System\WxYbqDB.exe
  2⤵
  PID:14224
- C:\Windows\System\XtcFOgm.exe
  C:\Windows\System\XtcFOgm.exe
  2⤵
  PID:14252
- C:\Windows\System\uhQCJJE.exe
  C:\Windows\System\uhQCJJE.exe
  2⤵
  PID:14280
- C:\Windows\System\lGTBFfo.exe
  C:\Windows\System\lGTBFfo.exe
  2⤵
  PID:14308
- C:\Windows\System\jWyeDdH.exe
  C:\Windows\System\jWyeDdH.exe
  2⤵
  PID:12988
- C:\Windows\System\wfhyxDc.exe
  C:\Windows\System\wfhyxDc.exe
  2⤵
  PID:13360
- C:\Windows\System\mjNgWom.exe
  C:\Windows\System\mjNgWom.exe
  2⤵
  PID:13408
- C:\Windows\System\XTIgIzB.exe
  C:\Windows\System\XTIgIzB.exe
  2⤵
  PID:13476
- C:\Windows\System\OQyEIFB.exe
  C:\Windows\System\OQyEIFB.exe
  2⤵
  PID:13536
- C:\Windows\System\elwiBoX.exe
  C:\Windows\System\elwiBoX.exe
  2⤵
  PID:13600
- C:\Windows\System\YAZElDH.exe
  C:\Windows\System\YAZElDH.exe
  2⤵
  PID:13636
- C:\Windows\System\lgUZcjF.exe
  C:\Windows\System\lgUZcjF.exe
  2⤵
  PID:13704
- C:\Windows\System\fTWoyIh.exe
  C:\Windows\System\fTWoyIh.exe
  2⤵
  PID:13756
- C:\Windows\System\NhiFFhT.exe
  C:\Windows\System\NhiFFhT.exe
  2⤵
  PID:13824
- C:\Windows\System\WNBhBjw.exe
  C:\Windows\System\WNBhBjw.exe
  2⤵
  PID:13900
- C:\Windows\System\WKJLHpz.exe
  C:\Windows\System\WKJLHpz.exe
  2⤵
  PID:13964
- C:\Windows\System\juecEuK.exe
  C:\Windows\System\juecEuK.exe
  2⤵
  PID:14020
- C:\Windows\System\KpBmxxG.exe
  C:\Windows\System\KpBmxxG.exe
  2⤵
  PID:14064
- C:\Windows\System\iOtygXB.exe
  C:\Windows\System\iOtygXB.exe
  2⤵
  PID:14148
- C:\Windows\System\lYBRMyq.exe
  C:\Windows\System\lYBRMyq.exe
  2⤵
  PID:14220
- C:\Windows\System\FzAXxct.exe
  C:\Windows\System\FzAXxct.exe
  2⤵
  PID:14272
- C:\Windows\System\xzLZAMQ.exe
  C:\Windows\System\xzLZAMQ.exe
  2⤵
  PID:12372
- C:\Windows\System\ykGVvGo.exe
  C:\Windows\System\ykGVvGo.exe
  2⤵
  PID:13448
- C:\Windows\System\QrUNdWP.exe
  C:\Windows\System\QrUNdWP.exe
  2⤵
  PID:13612
- C:\Windows\System\EFqhdWP.exe
  C:\Windows\System\EFqhdWP.exe
  2⤵
  PID:13744
- C:\Windows\System\YwXXtSn.exe
  C:\Windows\System\YwXXtSn.exe
  2⤵
  PID:13856
- C:\Windows\System\JMRLhcJ.exe
  C:\Windows\System\JMRLhcJ.exe
  2⤵
  PID:14012
- C:\Windows\System\zglNBEe.exe
  C:\Windows\System\zglNBEe.exe
  2⤵
  PID:14176
- C:\Windows\System\cBsMUBc.exe
  C:\Windows\System\cBsMUBc.exe
  2⤵
  PID:14300
- C:\Windows\System\GtWxPhd.exe
  C:\Windows\System\GtWxPhd.exe
  2⤵
  PID:14320
- C:\Windows\System\EUycmUI.exe
  C:\Windows\System\EUycmUI.exe
  2⤵
  PID:13528
- C:\Windows\System\HbTjrvy.exe
  C:\Windows\System\HbTjrvy.exe
  2⤵
  PID:13800
- C:\Windows\System\DYDkXIp.exe
  C:\Windows\System\DYDkXIp.exe
  2⤵
  PID:13984
- C:\Windows\System\QWruCpS.exe
  C:\Windows\System\QWruCpS.exe
  2⤵
  PID:592
- C:\Windows\System\mvNkdBX.exe
  C:\Windows\System\mvNkdBX.exe
  2⤵
  PID:3048
- C:\Windows\System\tAVMFAM.exe
  C:\Windows\System\tAVMFAM.exe
  2⤵
  PID:4592
- C:\Windows\System\iejaClC.exe
  C:\Windows\System\iejaClC.exe
  2⤵
  PID:228
- C:\Windows\System\ZnmPZlO.exe
  C:\Windows\System\ZnmPZlO.exe
  2⤵
  PID:4068
- C:\Windows\System\PUSTeDt.exe
  C:\Windows\System\PUSTeDt.exe
  2⤵
  PID:14352
- C:\Windows\System\bSXTozB.exe
  C:\Windows\System\bSXTozB.exe
  2⤵
  PID:14380
- C:\Windows\System\ZCatPFw.exe
  C:\Windows\System\ZCatPFw.exe
  2⤵
  PID:14408
- C:\Windows\System\faeYckL.exe
  C:\Windows\System\faeYckL.exe
  2⤵
  PID:14436
- C:\Windows\System\RGrjkTT.exe
  C:\Windows\System\RGrjkTT.exe
  2⤵
  PID:14452
- C:\Windows\System\NhamxPZ.exe
  C:\Windows\System\NhamxPZ.exe
  2⤵
  PID:14480
- C:\Windows\System\mOofcgf.exe
  C:\Windows\System\mOofcgf.exe
  2⤵
  PID:14516
- C:\Windows\System\gWreRnp.exe
  C:\Windows\System\gWreRnp.exe
  2⤵
  PID:14536
- C:\Windows\System\xARwUrD.exe
  C:\Windows\System\xARwUrD.exe
  2⤵
  PID:14552
- C:\Windows\System\THWeWEg.exe
  C:\Windows\System\THWeWEg.exe
  2⤵
  PID:14592
- C:\Windows\System\XCLIVQk.exe
  C:\Windows\System\XCLIVQk.exe
  2⤵
  PID:14620
- C:\Windows\System\iZOTpNq.exe
  C:\Windows\System\iZOTpNq.exe
  2⤵
  PID:14660
- C:\Windows\System\kCpxNLZ.exe
  C:\Windows\System\kCpxNLZ.exe
  2⤵
  PID:14688
- C:\Windows\System\LoBjCpN.exe
  C:\Windows\System\LoBjCpN.exe
  2⤵
  PID:14716
- C:\Windows\System\vlFzjsP.exe
  C:\Windows\System\vlFzjsP.exe
  2⤵
  PID:14744
- C:\Windows\System\VWRzvUd.exe
  C:\Windows\System\VWRzvUd.exe
  2⤵
  PID:14760
- C:\Windows\System\aRCdyYE.exe
  C:\Windows\System\aRCdyYE.exe
  2⤵
  PID:14800
- C:\Windows\System\orAklWL.exe
  C:\Windows\System\orAklWL.exe
  2⤵
  PID:14828
- C:\Windows\System\ZqEaOvi.exe
  C:\Windows\System\ZqEaOvi.exe
  2⤵
  PID:14848
- C:\Windows\System\lwRSNsh.exe
  C:\Windows\System\lwRSNsh.exe
  2⤵
  PID:14880
- C:\Windows\System\RHPyPJL.exe
  C:\Windows\System\RHPyPJL.exe
  2⤵
  PID:14912
- C:\Windows\System\xOpZoMW.exe
  C:\Windows\System\xOpZoMW.exe
  2⤵
  PID:14936
- C:\Windows\System\egWJBEV.exe
  C:\Windows\System\egWJBEV.exe
  2⤵
  PID:14972
- C:\Windows\System\geTdClR.exe
  C:\Windows\System\geTdClR.exe
  2⤵
  PID:14996
- C:\Windows\System\mgQYXks.exe
  C:\Windows\System\mgQYXks.exe
  2⤵
  PID:15024
- C:\Windows\System\nBjnIbl.exe
  C:\Windows\System\nBjnIbl.exe
  2⤵
  PID:15048
- C:\Windows\System\oTcXRYl.exe
  C:\Windows\System\oTcXRYl.exe
  2⤵
  PID:15068
- C:\Windows\System\TsdjkWt.exe
  C:\Windows\System\TsdjkWt.exe
  2⤵
  PID:15088
- C:\Windows\System\PhirXpv.exe
  C:\Windows\System\PhirXpv.exe
  2⤵
  PID:15112
- C:\Windows\System\BLAzqhg.exe
  C:\Windows\System\BLAzqhg.exe
  2⤵
  PID:15144
- C:\Windows\System\yyVPzbK.exe
  C:\Windows\System\yyVPzbK.exe
  2⤵
  PID:15188
- C:\Windows\System\jfASfWG.exe
  C:\Windows\System\jfASfWG.exe
  2⤵
  PID:15204
- C:\Windows\System\RvfmAeM.exe
  C:\Windows\System\RvfmAeM.exe
  2⤵
  PID:15228
- C:\Windows\System\kAFntgB.exe
  C:\Windows\System\kAFntgB.exe
  2⤵
  PID:15244
- C:\Windows\System\kGbvUkY.exe
  C:\Windows\System\kGbvUkY.exe
  2⤵
  PID:15268
- C:\Windows\System\HkPCIjS.exe
  C:\Windows\System\HkPCIjS.exe
  2⤵
  PID:15312
- C:\Windows\System\vewxIgG.exe
  C:\Windows\System\vewxIgG.exe
  2⤵
  PID:15340
- C:\Windows\System\qIVZHDT.exe
  C:\Windows\System\qIVZHDT.exe
  2⤵
  PID:14376
- C:\Windows\System\oZQIlfM.exe
  C:\Windows\System\oZQIlfM.exe
  2⤵
  PID:14420
- C:\Windows\System\PXknmRL.exe
  C:\Windows\System\PXknmRL.exe
  2⤵
  PID:14500
- C:\Windows\System\EbsBrCB.exe
  C:\Windows\System\EbsBrCB.exe
  2⤵
  PID:14548
- C:\Windows\System\KjMjKyv.exe
  C:\Windows\System\KjMjKyv.exe
  2⤵
  PID:14608
- C:\Windows\System\dligFGX.exe
  C:\Windows\System\dligFGX.exe
  2⤵
  PID:14772
- C:\Windows\System\GEVCIFg.exe
  C:\Windows\System\GEVCIFg.exe
  2⤵
  PID:14856
- C:\Windows\System\nEGIBDv.exe
  C:\Windows\System\nEGIBDv.exe
  2⤵
  PID:14888
- C:\Windows\System\rbXDbZD.exe
  C:\Windows\System\rbXDbZD.exe
  2⤵
  PID:14992
- C:\Windows\System\zEJaRdj.exe
  C:\Windows\System\zEJaRdj.exe
  2⤵
  PID:15060
- C:\Windows\System\QSFWjYW.exe
  C:\Windows\System\QSFWjYW.exe
  2⤵
  PID:15104
- C:\Windows\System\YpjqtLr.exe
  C:\Windows\System\YpjqtLr.exe
  2⤵
  PID:15172
- C:\Windows\System\fwhSoNo.exe
  C:\Windows\System\fwhSoNo.exe
  2⤵
  PID:15256
- C:\Windows\System\UxEhbCQ.exe
  C:\Windows\System\UxEhbCQ.exe
  2⤵
  PID:15292
- C:\Windows\System\IGQdvLx.exe
  C:\Windows\System\IGQdvLx.exe
  2⤵
  PID:15336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ADjJabi.exe

Filesize
3.9MB

MD5
fdfd0bc04362cbe9f3572c911629a27a

SHA1
11e894f7331872803a887a7cd17e705b0aad5121

SHA256
affb6e26d14690d830306b326af6adcfee8d6b09e0e7940589afcc4d4f256fe8

SHA512
d2bc77aaec9434057565556d5d32f4c6846b963be81c80313e8e5ebdd3d8c9a800a161a4bcfeda5450b6631ee2b03378ff39ebf9ae4c7f1f7535d197462c11e9

Download Submit
C:\Windows\System\ASYlqGf.exe

Filesize
3.9MB

MD5
ac220cb5bf374023a5570cb37aada86e

SHA1
63ec03c8298993aaa330f339d4a8afc20a0dcb79

SHA256
224e250c3e34109cd1ba3ff70baea1b148d615ba29b3b53182943d60d15aedf0

SHA512
48242c42eca2583817de6947ce7aa16078014cf2ae40e1d0e9190815741252d374575a84565841253549b691ed5c8550afebe4d6513553f1ae029ba2bfe87005

Download Submit
C:\Windows\System\BMwlocs.exe

Filesize
3.9MB

MD5
7e92faa772f33c81418c7c6c6a34de66

SHA1
448b8e9578aa78e4c93ffc3d426b267333eed615

SHA256
ad50929953d53a590faf806aeaacb4fe6b3975b46003238fd17e24d96b1d082b

SHA512
3246e4ec2e7c58902317ce6b25630a5ed5c2445df72ea5713307986670d3477b1d5224cf09408926e53d491a62c8a157a87c3eb05d638937708e035965edde56

Download Submit
C:\Windows\System\BzeDzFB.exe

Filesize
3.9MB

MD5
0c21b5e493fa9d78b0916bdff7e4f84e

SHA1
789f5d949f631b10319f471a5160d7c248f34db9

SHA256
c9858564e9d07c59163754f23037f6e9125f6b2c6dc3ee8ece40463cb78e06dc

SHA512
e9b1fa413a5077ed1a6c5996957950ac9677ba0de10dfef24c1c7d74b46667746a5ee6c509fe91297ad74dad7416e7f2d488612f5504af91a942c0e95f89ecca

Download Submit
C:\Windows\System\FrTlTUt.exe

Filesize
3.9MB

MD5
b511eae85a2c8075c011b9ef52626394

SHA1
15521e8283adcd248cfb414001f5076df87326bf

SHA256
0afc6d6011afa0903b773c2d7488656c9f2123172565462dc0f4f4c9d3e97679

SHA512
7e778104ddf19e8d92dac8df99c9033e6b64681b1e9f29b27ea3423f92158696b832b777d98140d260c9ddebac42021a3d753fa9fc5838e8743a5d86dc0583fd

Download Submit
C:\Windows\System\KHkCKUk.exe

Filesize
3.9MB

MD5
ad911ea27c51ee49ef9703422aa57064

SHA1
75b9f210845d2521b7033f3a2f1f42605c5c3617

SHA256
7e251a7e84e38c9ac0a160b4ae83d12ad3113b01595e03d7647e238cb5b69fe5

SHA512
9b4091d71f2c4658f4617d54befa121e9b0f5585fb02f3da3886970049a2dfc53767af6e20916f598783473998e40c1eb17b392af8c4ffebc17c20c8f2ca22bb

Download Submit
C:\Windows\System\KYNaxSj.exe

Filesize
3.9MB

MD5
5615f1cc42125f747c6e3cbb5029f42c

SHA1
ecf1d41c2eb03f95640b464588c113b28c0584b2

SHA256
04c89d4a22af3dd6e7c987a3aa34e8a6941a61f7d389e88851d0f548376c625d

SHA512
11d915d8ec790bd7cf9aa25b2ac68aa721b076c880671b76f1f60b49c08f875ada2a2a488f244168942d55f25a3354eb716088b64155a5e480343e8d8f1b3c6e

Download Submit
C:\Windows\System\LzRYOtO.exe

Filesize
3.9MB

MD5
2404a1fb47bebefdc6433355e734ab61

SHA1
793f60896a9cceb126e1af81fd58e1f1cc61639c

SHA256
d19d5fac9e138077155e743d5d780eb50454e1e143198dac2024ff8ddc71511a

SHA512
70a00f99bc9d63de2895cde5b28aacb73b6b889c27a69dd48c9d7d317b839d632b1fd4844e27060f0824083ff6385d9d9093f677de7a58b97e3de52305f39bf7

Download Submit
C:\Windows\System\MPxIAfg.exe

Filesize
3.9MB

MD5
771b21cf1102bfc62c31ba1fe5483883

SHA1
15f89bd9072253b80cdf93a4ecac912cb7bac794

SHA256
1253a07fa37cf813fe9eeb3638fdac8a5ca760080ae49dc7960e18876fa25250

SHA512
01012f14a685b4c7ffb1ba4fc72de1e6e423a03bc35bf0ca071c58473bc1b08b5e07c2a6f1b496c1863d03acce0901d97082f4167c2930ccac9cd11d9dd35d50

Download Submit
C:\Windows\System\NIpKLfU.exe

Filesize
3.9MB

MD5
7f11973417d5b30796e0f0e400546641

SHA1
2dece94edce11e5e58c34a5eaf1347da9a0da0d0

SHA256
8888af678acf0a93dfdc6e1903c4d8c7fb552844c41d28f6f6398669df3fa865

SHA512
b2ec20f3e025bf6e6eb1212a3edd096c61586742782f9afcb46ddc21e60ffb0fdd9dbf8971cf5929338ea84929196457e667e5473401c0440106a8307794c1f0

Download Submit
C:\Windows\System\NXIFMmk.exe

Filesize
3.9MB

MD5
313d8d993be55cec9e865b484c7decc3

SHA1
2c7a40dfd92ef3433e2affed8ba6dc7a1739d47a

SHA256
1440f1e90aa153f5f61bc04f9b4f0d4af09d859f2a8cd3f09d1c8996895a84a0

SHA512
a45b98fb38d62e5e4036ed06704ef62dad3d2c3af60914e9eb1c68a33b68555d7fc1d80ff0c752edb3f57047ac4a5c6c0209f78b6edb3f0e13a39abdaf6619af

Download Submit
C:\Windows\System\NcqnfHz.exe

Filesize
3.9MB

MD5
13913fe4e1d7461a2eb2be5cc8d9da2c

SHA1
5cd5d142be2838515513a1975405715cd07f8dee

SHA256
f010a151503a18cc3c73430041ea5b8abea7e8a539af28337852fbdd2154ea99

SHA512
e7791cfaec9baf608d28768450187dacb5bf0caee29b19e27d00b6d93f64e1ae9febcafd783bd59d397d3dd6686f67e8e6d748b81d4462f7a86c3b7d4ce67358

Download Submit
C:\Windows\System\QTHfmdM.exe

Filesize
3.9MB

MD5
c6d4cb444399be35bac00f7375a590e8

SHA1
9adbee8c2b97e0e4a90da6a38d924ed8b3c51a79

SHA256
9b4dc4f59b3e46b7bd613440c27cf8d7116c9657056acf003cda9908b9199e0b

SHA512
38531e81f944ba3878bf85f7c966ac3acb326f7dbb350c1b26e3d904ef7261fac5f41db1fc808b435e2c14d02c88d13edf9c6e8b524c36467dcaf67d011aef02

Download Submit
C:\Windows\System\SzhpqhB.exe

Filesize
3.9MB

MD5
150805d73b842b0da500a5c04fefd568

SHA1
fc4897c3fd01b1b7c8ca62a93ae38325084838bb

SHA256
0c1769a60d97720b3c742f857823b8ff201cfa562149b34fd2e38297a81ac89b

SHA512
d681485a9fb3bb19c84c2546e09d61dacef6876688ece739250a7c9b766b3170884192658382352fd306cf1a7d83d3db82149d761e4e8ea65197d1db87026bec

Download Submit
C:\Windows\System\UHcXtgH.exe

Filesize
3.9MB

MD5
90c725176b10f4204ae8f783d2f0e605

SHA1
8eb8d4ec24aa7b6629c30af671473c5804d5d3f5

SHA256
438140dc27ae3919786da50e492244a81760be36c768b40302b87932806f9506

SHA512
eece7c301ac1cd08754aa193dfbba36664f72cb4cfa131b1100d5f87ba76025797b3d291f91095dade54ae15dd3748aaa636451e22535b9070831fa50bf6d217

Download Submit
C:\Windows\System\UVNCTgJ.exe

Filesize
3.9MB

MD5
bc89df8970303ead335e8ed8a1580b06

SHA1
799e0f8614910aa8fa6387097b1326f0881d26de

SHA256
e55c5427c13718bc591ea5b33a0c5f837ace6820559c5e184e7ea1a23b821487

SHA512
21aaabfef2514f6057e5083a4ff80a153ced2a341c0d942a5218b3a347b43c3b66d5e2769a2759d07e3d5ec0f8de3f2f3c4cbb239f6c4016cba2f294eecb795d

Download Submit
C:\Windows\System\ZStlMUE.exe

Filesize
3.9MB

MD5
1cfb865b427b96230bf18bfe6c49b8c9

SHA1
f1458b5687a2f8252eaf7b993d289aae14749630

SHA256
292694b0823734c5033c93d6046b48a51bb2a41d2e9c495bd1dbe5b3818cb2f4

SHA512
6f51401d7c82581d09cda022ce7e2034b1f7bacd1e8c161f315c469e3f28c9e5a90c3da3414e754f32062f453402671cba6a1609b21ac8bd0f6ef552c15ee1c7

Download Submit
C:\Windows\System\ZlcwAKh.exe

Filesize
3.9MB

MD5
ae2637b8f9ea2d1b5045af94942b60cd

SHA1
2c026cb8f6c701d3832d4a757057190ed07e928f

SHA256
406c17c1c51e1df913906a5da7d9da2a4242e20b0382031bbc60a60d9a6bf5af

SHA512
1cdeb1050cf9cb13cc21e4ae58e92e2c9c6bf972a1774d2ce11239a9a0a3e16b2415620a03989a2cb5fce40bd684e9b5abf39ccb280668b3d893be5eb308a4d2

Download Submit
C:\Windows\System\ahFUPvo.exe

Filesize
3.9MB

MD5
ceabc846aceb906efd220656a0fd0596

SHA1
09804d1b521af4bccac28884b8cce4535ae8073a

SHA256
02c103b0b0d23d01bad1eca6b00433952849ad280a433ac0b7ece60ce61a43e3

SHA512
8cb9fe3a19c7e133b11d4035387358745ff0b7db7e1470cdfb011e3253f788a17591a6713a410e9103b9fb9d5f185230b8a7d1f9b922fd4be462830b54f243ed

Download Submit
C:\Windows\System\eESrUPK.exe

Filesize
3.9MB

MD5
1dc90b32d459c3bfb414209eab05a43a

SHA1
dffe7c76669c3bae1deba46bc165c959b250d34f

SHA256
89ea2137da43c771fa3cd0726b1675cff0a0b13e064a47f807c3ca60c1da0fd8

SHA512
829103891b8e7085e6cce104c019bebc2c6a603fb6df9511ce23a64eb2b60184f260dc6268898589c379a4344537b640f97f86a0fa2f3b27acadd1aaf76bba3a

Download Submit
C:\Windows\System\fiUgMQb.exe

Filesize
3.9MB

MD5
c91aec8a473133eafe98134123257f50

SHA1
f4c7147a29f084826f4ba94ace95b95295e64940

SHA256
f317656ab9f46b3165444217a9e688390ed8cbaf18f634b503d31edb3d4bc521

SHA512
fca71f1675e912079a24e703e2c8aab974a6f3ae09f75b7af3917c8654f974789109bd4419bfd6e2cc099fe8b3ab83a93ac63c9622c4c33061c2f923d4c9a316

Download Submit
C:\Windows\System\hRAltAG.exe

Filesize
3.9MB

MD5
f064a4ea85afb9fe142af46e0ab032a1

SHA1
3c0477deb1c2f74db837ceb27a51595d7255d807

SHA256
9607a3daa02afdf942c8cc6a59d3c46a135db1a9681379e393fccb8e4d41c585

SHA512
ec48f3021f2b8fc954be8155f4f87a1ae918a89bb10450add05398e27a4d5a9a06559f75f909a305a2366f005bb2e5feb041f689836bcc50a210e3fd0dfa06c2

Download Submit
C:\Windows\System\ipzArkz.exe

Filesize
3.9MB

MD5
5f1164f75523e0a7d477056e81126712

SHA1
d1c285b302f2fa543dc61e424065af37bd361473

SHA256
2ddac018eec25d4d6d00a1e3c803f0977cd0227695cc4607b91c5a0af53afc1b

SHA512
766e3439d02f6f5d8746d7714f45da408c5dc787c416600e3d60a230862691a5a9884de1d40cee5e7161c4cf3bda8b67c4e213316e3f8e53b18aa0cb94cedb42

Download Submit
C:\Windows\System\nrQnneN.exe

Filesize
3.9MB

MD5
7b75e10e4b51d49b66baa183a06bf3db

SHA1
9083e93d16fc454788f61a410d3f0ab762a8ff7d

SHA256
b484af6093d566099a29c95788763ffa0bbe210973cfd2c6d000d7febfee9e26

SHA512
a6953214dcdecfc0b53445eab177a54ef32fe081648f323bce54af4a40cf562860feda81e4d231a6d71b90d4f4cc3e3195851ca2ecec6e0d72b7871aec0e5930

Download Submit
C:\Windows\System\qHDxBmf.exe

Filesize
3.9MB

MD5
37e3092d6475bff504f0f76d030a6534

SHA1
92ff090c6a7b78480f9376d54298ce731ff996b9

SHA256
dbd3d154c73d14be491e3a3d76f97f225c95cecce366159465d9fb94e13f5adc

SHA512
65aaa08997a9ea1c58f761fab6af1ab947ba0f6b9c5228a285866e0847288898ecedbf50cf6df74c2b433e538c6b05fe90ac29d3961f2e964b4c23392e2e1481

Download Submit
C:\Windows\System\rKGWzwV.exe

Filesize
3.9MB

MD5
d9184bcd8753ea67edede0d16262b102

SHA1
9d99610cee567502e6536da83661b6e1ac21c00c

SHA256
33fcdcf45dbb94313fe679dbe15491e87aaebfdb90152d93c9507da77834c49b

SHA512
35fd72f05414f26aecdb9d8077937a5fcb3d753d5688db35c21e1c4acc5f24607153281c11afe4187c845d8fc1d6c0081c6b982280ab5068db2ef4bf5800e8ef

Download Submit
C:\Windows\System\rSCyfKc.exe

Filesize
3.9MB

MD5
660c4fc8bad536d929ad9d9dd9f84f3c

SHA1
dd423cbd414df36cffb01e58fa25fee3b3c855c4

SHA256
8ba5b039559a8091563140bb77129ab2625b9b0bfe34f3099bb176e1b54de5a2

SHA512
6395004042c1bcb4ed96445c3f651bb8cf70dfbac95b98cb795bc12616836ed667607bf48f06abcc149ab6b0ff0d4d251b7057dd2b0154c65a82e2d135a5e110

Download Submit
C:\Windows\System\rhdvGgP.exe

Filesize
3.9MB

MD5
11d187b7845e204e07a651e1cec84d47

SHA1
bf5a8ab5a924ed38a46955ae0c801a6030c1d7bd

SHA256
e537d4b4c8600ce409b11d1459f8671aa78816eaac0c54e49c61f9b62f85c097

SHA512
0d9e2b4eec5570ffe38bdd15dd6391fc47549cd63abc7de3cbbdae8ef3af1da7ccf52172970bb18e25422751327a68bb485f2cd871a0ed2100eab056f53ec023

Download Submit
C:\Windows\System\rvzDuVi.exe

Filesize
3.9MB

MD5
0bec054437b2f18363ad7793a3f29fd5

SHA1
6570d67a48bb9d29a38201dc165be48190aa9965

SHA256
156c17d7555556bee45c21cf9e29f8c1f8674e86ada08614c5944ba212fba3d4

SHA512
1508a3331ee6ba847b38d5d0b8049918468f36b3ca6bcd3cc3880916d51dc76ff394968d3b76bb5c156103d7665a9551e83dabc6a9eadeb06d031ba365bd88bf

Download Submit
C:\Windows\System\uSkjrXP.exe

Filesize
3.9MB

MD5
d179a2ed7005e5d03ee0c4db4e6076ee

SHA1
87baf21d45bd199b6da65ad8387a5460ec0441d0

SHA256
9c696b187f3c3f298268d31ca80a0c613ae52f9c0575b04749076e3e9956a5f7

SHA512
4886625d2ca718e44316510d912f15c4ecd2d4f883ba7e93905c0065ea4b9b43a286291b366ec54fb435ed2048aafc934d0f5c313e3ee95f42121eaac382a75a

Download Submit
C:\Windows\System\vwFSdOr.exe

Filesize
3.9MB

MD5
500282cafdd7a54f1971f5807f3a361b

SHA1
968637f19970670089146cba7eb020d77b62b8e1

SHA256
7520cacd41c692ae65cac17f6e8a8dbe46faab3c98dba20be15d90681659e470

SHA512
e2b9e24b3948aefb7f2ca4cac63eb4cb862afba452c5d14d4be9137274e83459e708da8adfc42725188303c00388cfe656055d67ef14e6d09857636fca8bff17

Download Submit
C:\Windows\System\zwhJCCP.exe

Filesize
3.9MB

MD5
026c2c670fda11dd3a76ab5c8d8b021e

SHA1
896cff936e641b200f7327e8e23b5969c13efb5f

SHA256
7d55e24d61feab63e31865ad95ec0fc79150a6ddf92824f0367447f965ffbbf0

SHA512
7537309a61561ce11b43fdc6faf8525ebd56710b934ae163c1e18acd2d6f535e9861aeb36873d8edb7cfbd49846fe75c30a243a1dec2d1051248315216cddac8

Download Submit
memory/220-81-0x00007FF713F20000-0x00007FF714274000-memory.dmp

Filesize
3.3MB

Download
memory/220-2259-0x00007FF713F20000-0x00007FF714274000-memory.dmp

Filesize
3.3MB

Download
memory/748-2258-0x00007FF60CBA0000-0x00007FF60CEF4000-memory.dmp

Filesize
3.3MB

Download
memory/748-183-0x00007FF60CBA0000-0x00007FF60CEF4000-memory.dmp

Filesize
3.3MB

Download
memory/748-49-0x00007FF60CBA0000-0x00007FF60CEF4000-memory.dmp

Filesize
3.3MB

Download
memory/1724-143-0x00007FF6C23F0000-0x00007FF6C2744000-memory.dmp

Filesize
3.3MB

Download
memory/1724-2267-0x00007FF6C23F0000-0x00007FF6C2744000-memory.dmp

Filesize
3.3MB

Download
memory/1876-2260-0x00007FF6BCCC0000-0x00007FF6BD014000-memory.dmp

Filesize
3.3MB

Download
memory/1876-80-0x00007FF6BCCC0000-0x00007FF6BD014000-memory.dmp

Filesize
3.3MB

Download
memory/1944-168-0x00007FF673BB0000-0x00007FF673F04000-memory.dmp

Filesize
3.3MB

Download
memory/1944-2277-0x00007FF673BB0000-0x00007FF673F04000-memory.dmp

Filesize
3.3MB

Download
memory/1944-884-0x00007FF673BB0000-0x00007FF673F04000-memory.dmp

Filesize
3.3MB

Download
memory/1996-90-0x00007FF667FC0000-0x00007FF668314000-memory.dmp

Filesize
3.3MB

Download
memory/1996-2263-0x00007FF667FC0000-0x00007FF668314000-memory.dmp

Filesize
3.3MB

Download
memory/1996-322-0x00007FF667FC0000-0x00007FF668314000-memory.dmp

Filesize
3.3MB

Download
memory/2144-162-0x00007FF64B7F0000-0x00007FF64BB44000-memory.dmp

Filesize
3.3MB

Download
memory/2144-36-0x00007FF64B7F0000-0x00007FF64BB44000-memory.dmp

Filesize
3.3MB

Download
memory/2308-180-0x00007FF631D40000-0x00007FF632094000-memory.dmp

Filesize
3.3MB

Download
memory/2308-2274-0x00007FF631D40000-0x00007FF632094000-memory.dmp

Filesize
3.3MB

Download
memory/2308-887-0x00007FF631D40000-0x00007FF632094000-memory.dmp

Filesize
3.3MB

Download
memory/2324-182-0x00007FF7AB570000-0x00007FF7AB8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2324-2276-0x00007FF7AB570000-0x00007FF7AB8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2266-0x00007FF79D040000-0x00007FF79D394000-memory.dmp

Filesize
3.3MB

Download
memory/2392-130-0x00007FF79D040000-0x00007FF79D394000-memory.dmp

Filesize
3.3MB

Download
memory/2596-71-0x00007FF7487F0000-0x00007FF748B44000-memory.dmp

Filesize
3.3MB

Download
memory/2596-2257-0x00007FF7487F0000-0x00007FF748B44000-memory.dmp

Filesize
3.3MB

Download
memory/2840-2275-0x00007FF75C930000-0x00007FF75CC84000-memory.dmp

Filesize
3.3MB

Download
memory/2840-885-0x00007FF75C930000-0x00007FF75CC84000-memory.dmp

Filesize
3.3MB

Download
memory/2840-171-0x00007FF75C930000-0x00007FF75CC84000-memory.dmp

Filesize
3.3MB

Download
memory/2900-141-0x00007FF779F00000-0x00007FF77A254000-memory.dmp

Filesize
3.3MB

Download
memory/2900-10-0x00007FF779F00000-0x00007FF77A254000-memory.dmp

Filesize
3.3MB

Download
memory/3240-56-0x00007FF68C510000-0x00007FF68C864000-memory.dmp

Filesize
3.3MB

Download
memory/3240-2249-0x00007FF68C510000-0x00007FF68C864000-memory.dmp

Filesize
3.3MB

Download
memory/3292-76-0x00007FF7894A0000-0x00007FF7897F4000-memory.dmp

Filesize
3.3MB

Download
memory/3292-2255-0x00007FF7894A0000-0x00007FF7897F4000-memory.dmp

Filesize
3.3MB

Download
memory/3312-160-0x00007FF6927E0000-0x00007FF692B34000-memory.dmp

Filesize
3.3MB

Download
memory/3312-14-0x00007FF6927E0000-0x00007FF692B34000-memory.dmp

Filesize
3.3MB

Download
memory/3356-2270-0x00007FF7A0870000-0x00007FF7A0BC4000-memory.dmp

Filesize
3.3MB

Download
memory/3356-132-0x00007FF7A0870000-0x00007FF7A0BC4000-memory.dmp

Filesize
3.3MB

Download
memory/3508-2254-0x00007FF6F1D90000-0x00007FF6F20E4000-memory.dmp

Filesize
3.3MB

Download
memory/3508-70-0x00007FF6F1D90000-0x00007FF6F20E4000-memory.dmp

Filesize
3.3MB

Download
memory/3508-167-0x00007FF6F1D90000-0x00007FF6F20E4000-memory.dmp

Filesize
3.3MB

Download
memory/3572-99-0x00007FF6E1770000-0x00007FF6E1AC4000-memory.dmp

Filesize
3.3MB

Download
memory/3572-509-0x00007FF6E1770000-0x00007FF6E1AC4000-memory.dmp

Filesize
3.3MB

Download
memory/3572-2264-0x00007FF6E1770000-0x00007FF6E1AC4000-memory.dmp

Filesize
3.3MB

Download
memory/3596-145-0x00007FF7EAE40000-0x00007FF7EB194000-memory.dmp

Filesize
3.3MB

Download
memory/3596-2269-0x00007FF7EAE40000-0x00007FF7EB194000-memory.dmp

Filesize
3.3MB

Download
memory/3660-144-0x00007FF6AEA70000-0x00007FF6AEDC4000-memory.dmp

Filesize
3.3MB

Download
memory/3660-2271-0x00007FF6AEA70000-0x00007FF6AEDC4000-memory.dmp

Filesize
3.3MB

Download
memory/3808-140-0x00007FF66DC60000-0x00007FF66DFB4000-memory.dmp

Filesize
3.3MB

Download
memory/3808-1-0x0000029ED1DB0000-0x0000029ED1DC0000-memory.dmp

Filesize
64KB

Download
memory/3808-0-0x00007FF66DC60000-0x00007FF66DFB4000-memory.dmp

Filesize
3.3MB

Download
memory/4560-85-0x00007FF7AE0B0000-0x00007FF7AE404000-memory.dmp

Filesize
3.3MB

Download
memory/4560-2262-0x00007FF7AE0B0000-0x00007FF7AE404000-memory.dmp

Filesize
3.3MB

Download
memory/4704-146-0x00007FF770570000-0x00007FF7708C4000-memory.dmp

Filesize
3.3MB

Download
memory/4704-2272-0x00007FF770570000-0x00007FF7708C4000-memory.dmp

Filesize
3.3MB

Download
memory/4704-787-0x00007FF770570000-0x00007FF7708C4000-memory.dmp

Filesize
3.3MB

Download
memory/4808-84-0x00007FF74AFB0000-0x00007FF74B304000-memory.dmp

Filesize
3.3MB

Download
memory/4808-2253-0x00007FF74AFB0000-0x00007FF74B304000-memory.dmp

Filesize
3.3MB

Download
memory/4812-191-0x00007FF770B60000-0x00007FF770EB4000-memory.dmp

Filesize
3.3MB

Download
memory/4812-2261-0x00007FF770B60000-0x00007FF770EB4000-memory.dmp

Filesize
3.3MB

Download
memory/4812-77-0x00007FF770B60000-0x00007FF770EB4000-memory.dmp

Filesize
3.3MB

Download
memory/4828-181-0x00007FF70DA20000-0x00007FF70DD74000-memory.dmp

Filesize
3.3MB

Download
memory/4828-2273-0x00007FF70DA20000-0x00007FF70DD74000-memory.dmp

Filesize
3.3MB

Download
memory/4884-2268-0x00007FF7B0C10000-0x00007FF7B0F64000-memory.dmp

Filesize
3.3MB

Download
memory/4884-599-0x00007FF7B0C10000-0x00007FF7B0F64000-memory.dmp

Filesize
3.3MB

Download
memory/4884-133-0x00007FF7B0C10000-0x00007FF7B0F64000-memory.dmp

Filesize
3.3MB

Download
memory/4960-2265-0x00007FF6F5600000-0x00007FF6F5954000-memory.dmp

Filesize
3.3MB

Download
memory/4960-122-0x00007FF6F5600000-0x00007FF6F5954000-memory.dmp

Filesize
3.3MB

Download
memory/5088-2252-0x00007FF6BDED0000-0x00007FF6BE224000-memory.dmp

Filesize
3.3MB

Download
memory/5088-161-0x00007FF6BDED0000-0x00007FF6BE224000-memory.dmp

Filesize
3.3MB

Download
memory/5088-27-0x00007FF6BDED0000-0x00007FF6BE224000-memory.dmp

Filesize
3.3MB

Download