cobaltstrike | 7a40e25a0a22c0c802cd377d7d1abceef7702e0d1a8135e289561c0d8cd128cf

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250207-en
resource tags

arch:x64arch:x86image:win10v2004-20250207-enlocale:en-usos:windows10-2004-x64system
submitted
16/02/2025, 21:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

fd8dc203bc30a3a7e0dcfdb57bb1b41e
SHA1

4e5f034940ca7e4039e5fea4c6424207e4fb8a34
SHA256

7a40e25a0a22c0c802cd377d7d1abceef7702e0d1a8135e289561c0d8cd128cf
SHA512

c1e0079c85061dabe798d54d761a0bb71a38089f2956370a25b83671e6533910f7b0c6dc4f29dbe93b2617d3f5956737bcd17980c58eaf0af812f3dd03c9c88f
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUo:T+q56utgpPF8u/7o

Score

10^/10

cobaltstrike xmrig 0 backdoor discovery miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000a000000023d14-4.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023de6-12.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023deb-16.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023dec-22.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ded-29.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023dee-35.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023def-40.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023df0-48.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023de7-53.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023df2-64.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023df1-66.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023df4-80.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023df6-95.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023df7-99.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023df8-108.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023df9-113.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023dfa-124.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023dfb-129.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023dfc-135.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023dff-149.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e04-174.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e01-172.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e05-192.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e00-188.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e03-186.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e02-182.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023dfe-151.dat	cobalt_reflective_dll
behavioral2/files/0x000a00000001da3e-203.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e06-201.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023dfd-141.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023df5-90.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023df3-72.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4912-0-0x00007FF771800000-0x00007FF771B54000-memory.dmp	xmrig
behavioral2/files/0x000a000000023d14-4.dat	xmrig
behavioral2/memory/4336-8-0x00007FF6C5230000-0x00007FF6C5584000-memory.dmp	xmrig
behavioral2/files/0x0008000000023de6-12.dat	xmrig
behavioral2/memory/4604-14-0x00007FF6F0B40000-0x00007FF6F0E94000-memory.dmp	xmrig
behavioral2/files/0x0007000000023deb-16.dat	xmrig
behavioral2/memory/692-18-0x00007FF7F52A0000-0x00007FF7F55F4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023dec-22.dat	xmrig
behavioral2/memory/4424-26-0x00007FF7C4EB0000-0x00007FF7C5204000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ded-29.dat	xmrig
behavioral2/files/0x0007000000023dee-35.dat	xmrig
behavioral2/files/0x0007000000023def-40.dat	xmrig
behavioral2/memory/1308-43-0x00007FF6EC4D0000-0x00007FF6EC824000-memory.dmp	xmrig
behavioral2/memory/3604-38-0x00007FF67C320000-0x00007FF67C674000-memory.dmp	xmrig
behavioral2/files/0x0007000000023df0-48.dat	xmrig
behavioral2/files/0x0008000000023de7-53.dat	xmrig
behavioral2/memory/3488-55-0x00007FF754720000-0x00007FF754A74000-memory.dmp	xmrig
behavioral2/files/0x0007000000023df2-64.dat	xmrig
behavioral2/memory/4748-69-0x00007FF7D89A0000-0x00007FF7D8CF4000-memory.dmp	xmrig
behavioral2/memory/4336-68-0x00007FF6C5230000-0x00007FF6C5584000-memory.dmp	xmrig
behavioral2/memory/3328-63-0x00007FF779F00000-0x00007FF77A254000-memory.dmp	xmrig
behavioral2/files/0x0007000000023df1-66.dat	xmrig
behavioral2/memory/4912-59-0x00007FF771800000-0x00007FF771B54000-memory.dmp	xmrig
behavioral2/memory/1528-50-0x00007FF656D20000-0x00007FF657074000-memory.dmp	xmrig
behavioral2/memory/1412-77-0x00007FF725F10000-0x00007FF726264000-memory.dmp	xmrig
behavioral2/files/0x0007000000023df4-80.dat	xmrig
behavioral2/memory/4424-88-0x00007FF7C4EB0000-0x00007FF7C5204000-memory.dmp	xmrig
behavioral2/files/0x0007000000023df6-95.dat	xmrig
behavioral2/files/0x0007000000023df7-99.dat	xmrig
behavioral2/files/0x0007000000023df8-108.dat	xmrig
behavioral2/memory/4720-115-0x00007FF6B8A00000-0x00007FF6B8D54000-memory.dmp	xmrig
behavioral2/memory/3488-118-0x00007FF754720000-0x00007FF754A74000-memory.dmp	xmrig
behavioral2/memory/1528-117-0x00007FF656D20000-0x00007FF657074000-memory.dmp	xmrig
behavioral2/memory/1460-116-0x00007FF645460000-0x00007FF6457B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023df9-113.dat	xmrig
behavioral2/memory/1308-110-0x00007FF6EC4D0000-0x00007FF6EC824000-memory.dmp	xmrig
behavioral2/memory/3328-122-0x00007FF779F00000-0x00007FF77A254000-memory.dmp	xmrig
behavioral2/files/0x0007000000023dfa-124.dat	xmrig
behavioral2/memory/3428-123-0x00007FF783ED0000-0x00007FF784224000-memory.dmp	xmrig
behavioral2/memory/2356-105-0x00007FF7FF1D0000-0x00007FF7FF524000-memory.dmp	xmrig
behavioral2/memory/852-100-0x00007FF6C2B30000-0x00007FF6C2E84000-memory.dmp	xmrig
behavioral2/files/0x0007000000023dfb-129.dat	xmrig
behavioral2/files/0x0007000000023dfc-135.dat	xmrig
behavioral2/files/0x0007000000023dff-149.dat	xmrig
behavioral2/memory/1560-156-0x00007FF699150000-0x00007FF6994A4000-memory.dmp	xmrig
behavioral2/memory/4212-161-0x00007FF7D7080000-0x00007FF7D73D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e04-174.dat	xmrig
behavioral2/files/0x0007000000023e01-172.dat	xmrig
behavioral2/memory/4312-180-0x00007FF7523B0000-0x00007FF752704000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e05-192.dat	xmrig
behavioral2/files/0x0007000000023e00-188.dat	xmrig
behavioral2/files/0x0007000000023e03-186.dat	xmrig
behavioral2/memory/1856-185-0x00007FF6B4EB0000-0x00007FF6B5204000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e02-182.dat	xmrig
behavioral2/memory/1124-181-0x00007FF771700000-0x00007FF771A54000-memory.dmp	xmrig
behavioral2/memory/1536-170-0x00007FF6E41D0000-0x00007FF6E4524000-memory.dmp	xmrig
behavioral2/memory/1384-175-0x00007FF633AF0000-0x00007FF633E44000-memory.dmp	xmrig
behavioral2/memory/3612-157-0x00007FF74A8B0000-0x00007FF74AC04000-memory.dmp	xmrig
behavioral2/files/0x0007000000023dfe-151.dat	xmrig
behavioral2/memory/1180-146-0x00007FF6AA400000-0x00007FF6AA754000-memory.dmp	xmrig
behavioral2/memory/2888-150-0x00007FF6D5160000-0x00007FF6D54B4000-memory.dmp	xmrig
behavioral2/memory/4720-194-0x00007FF6B8A00000-0x00007FF6B8D54000-memory.dmp	xmrig
behavioral2/files/0x000a00000001da3e-203.dat	xmrig
behavioral2/files/0x0007000000023e06-201.dat	xmrig

Downloads MZ/PE file 1 IoCs

flow	pid	Process
37	10772	Process not Found

Executes dropped EXE 64 IoCs

pid	Process
4336	EFgbjyf.exe
4604	BYggptY.exe
692	aNxGwcY.exe
4424	kwHufgs.exe
2104	MCaXvgf.exe
3604	sZOBOOj.exe
1308	whUokqD.exe
1528	QQvTtMn.exe
3488	jbvhOpr.exe
3328	DxyqgDT.exe
4748	VlZTgxx.exe
1412	cZERqhk.exe
2888	PQoJOjb.exe
4212	mTzweYm.exe
852	xOuCsxe.exe
2356	EbXlBHO.exe
4720	OkvQCue.exe
1460	hTIeBcK.exe
3428	mEFhgXX.exe
4364	vRwGnCi.exe
4788	hUvQNWe.exe
1180	GpmdVBw.exe
1560	gcefgIM.exe
3612	MKOqxUj.exe
1536	WtnuHWO.exe
1124	OZdNwbH.exe
1384	hqmKpbJ.exe
1856	YElwfZu.exe
4312	zsTjVoa.exe
3632	AAyKXtk.exe
3728	ylBvMwy.exe
4284	QjtdDOT.exe
5052	bDhdaDW.exe
1988	ZPNNCEb.exe
3036	mLHpjSc.exe
5064	AVcVIsJ.exe
232	SwKRRyy.exe
4488	erTHgEV.exe
1232	ZaYLpuU.exe
5028	EmSWmDa.exe
2768	SCgSQMz.exe
2436	jRoCnsz.exe
1784	QFnEMqr.exe
3640	DgvCvDI.exe
372	tKIAySh.exe
3228	xuhAimT.exe
4440	zrcWvAa.exe
1300	bkBjpqQ.exe
3324	mZFeRWC.exe
820	hQPkDEd.exe
1080	AKmhRPo.exe
4856	cKOOeJW.exe
2148	VgObGIL.exe
32	VuvDUxs.exe
952	jFtfcHu.exe
4308	sWiaYtv.exe
4820	yKXAzlS.exe
4904	XqgOPqn.exe
4780	qiizXzt.exe
4704	zklbVLc.exe
184	mEhDqgJ.exe
1448	PdTGOSu.exe
212	sAfjTNp.exe
3232	GBnsmqo.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4912-0-0x00007FF771800000-0x00007FF771B54000-memory.dmp	upx
behavioral2/files/0x000a000000023d14-4.dat	upx
behavioral2/memory/4336-8-0x00007FF6C5230000-0x00007FF6C5584000-memory.dmp	upx
behavioral2/files/0x0008000000023de6-12.dat	upx
behavioral2/memory/4604-14-0x00007FF6F0B40000-0x00007FF6F0E94000-memory.dmp	upx
behavioral2/files/0x0007000000023deb-16.dat	upx
behavioral2/memory/692-18-0x00007FF7F52A0000-0x00007FF7F55F4000-memory.dmp	upx
behavioral2/files/0x0007000000023dec-22.dat	upx
behavioral2/memory/4424-26-0x00007FF7C4EB0000-0x00007FF7C5204000-memory.dmp	upx
behavioral2/files/0x0007000000023ded-29.dat	upx
behavioral2/files/0x0007000000023dee-35.dat	upx
behavioral2/files/0x0007000000023def-40.dat	upx
behavioral2/memory/1308-43-0x00007FF6EC4D0000-0x00007FF6EC824000-memory.dmp	upx
behavioral2/memory/3604-38-0x00007FF67C320000-0x00007FF67C674000-memory.dmp	upx
behavioral2/files/0x0007000000023df0-48.dat	upx
behavioral2/files/0x0008000000023de7-53.dat	upx
behavioral2/memory/3488-55-0x00007FF754720000-0x00007FF754A74000-memory.dmp	upx
behavioral2/files/0x0007000000023df2-64.dat	upx
behavioral2/memory/4748-69-0x00007FF7D89A0000-0x00007FF7D8CF4000-memory.dmp	upx
behavioral2/memory/4336-68-0x00007FF6C5230000-0x00007FF6C5584000-memory.dmp	upx
behavioral2/memory/3328-63-0x00007FF779F00000-0x00007FF77A254000-memory.dmp	upx
behavioral2/files/0x0007000000023df1-66.dat	upx
behavioral2/memory/4912-59-0x00007FF771800000-0x00007FF771B54000-memory.dmp	upx
behavioral2/memory/1528-50-0x00007FF656D20000-0x00007FF657074000-memory.dmp	upx
behavioral2/memory/1412-77-0x00007FF725F10000-0x00007FF726264000-memory.dmp	upx
behavioral2/files/0x0007000000023df4-80.dat	upx
behavioral2/memory/4424-88-0x00007FF7C4EB0000-0x00007FF7C5204000-memory.dmp	upx
behavioral2/files/0x0007000000023df6-95.dat	upx
behavioral2/files/0x0007000000023df7-99.dat	upx
behavioral2/files/0x0007000000023df8-108.dat	upx
behavioral2/memory/4720-115-0x00007FF6B8A00000-0x00007FF6B8D54000-memory.dmp	upx
behavioral2/memory/3488-118-0x00007FF754720000-0x00007FF754A74000-memory.dmp	upx
behavioral2/memory/1528-117-0x00007FF656D20000-0x00007FF657074000-memory.dmp	upx
behavioral2/memory/1460-116-0x00007FF645460000-0x00007FF6457B4000-memory.dmp	upx
behavioral2/files/0x0007000000023df9-113.dat	upx
behavioral2/memory/1308-110-0x00007FF6EC4D0000-0x00007FF6EC824000-memory.dmp	upx
behavioral2/memory/3328-122-0x00007FF779F00000-0x00007FF77A254000-memory.dmp	upx
behavioral2/files/0x0007000000023dfa-124.dat	upx
behavioral2/memory/3428-123-0x00007FF783ED0000-0x00007FF784224000-memory.dmp	upx
behavioral2/memory/2356-105-0x00007FF7FF1D0000-0x00007FF7FF524000-memory.dmp	upx
behavioral2/memory/852-100-0x00007FF6C2B30000-0x00007FF6C2E84000-memory.dmp	upx
behavioral2/files/0x0007000000023dfb-129.dat	upx
behavioral2/files/0x0007000000023dfc-135.dat	upx
behavioral2/files/0x0007000000023dff-149.dat	upx
behavioral2/memory/1560-156-0x00007FF699150000-0x00007FF6994A4000-memory.dmp	upx
behavioral2/memory/4212-161-0x00007FF7D7080000-0x00007FF7D73D4000-memory.dmp	upx
behavioral2/files/0x0007000000023e04-174.dat	upx
behavioral2/files/0x0007000000023e01-172.dat	upx
behavioral2/memory/4312-180-0x00007FF7523B0000-0x00007FF752704000-memory.dmp	upx
behavioral2/files/0x0007000000023e05-192.dat	upx
behavioral2/files/0x0007000000023e00-188.dat	upx
behavioral2/files/0x0007000000023e03-186.dat	upx
behavioral2/memory/1856-185-0x00007FF6B4EB0000-0x00007FF6B5204000-memory.dmp	upx
behavioral2/files/0x0007000000023e02-182.dat	upx
behavioral2/memory/1124-181-0x00007FF771700000-0x00007FF771A54000-memory.dmp	upx
behavioral2/memory/1536-170-0x00007FF6E41D0000-0x00007FF6E4524000-memory.dmp	upx
behavioral2/memory/1384-175-0x00007FF633AF0000-0x00007FF633E44000-memory.dmp	upx
behavioral2/memory/3612-157-0x00007FF74A8B0000-0x00007FF74AC04000-memory.dmp	upx
behavioral2/files/0x0007000000023dfe-151.dat	upx
behavioral2/memory/1180-146-0x00007FF6AA400000-0x00007FF6AA754000-memory.dmp	upx
behavioral2/memory/2888-150-0x00007FF6D5160000-0x00007FF6D54B4000-memory.dmp	upx
behavioral2/memory/4720-194-0x00007FF6B8A00000-0x00007FF6B8D54000-memory.dmp	upx
behavioral2/files/0x000a00000001da3e-203.dat	upx
behavioral2/files/0x0007000000023e06-201.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\mLHpjSc.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AKmhRPo.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bZUSUjb.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rPLzDRw.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dPHtDgT.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iyEYQna.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\huQtNyk.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pLFZBbu.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vRkKqPO.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PzAMYcJ.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DaJNbSq.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MKOqxUj.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ylBvMwy.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\STHJpHH.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wmNSLZp.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DKjsHGi.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RCtZXmj.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ewvgptP.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OEtsxkV.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NMJOMnx.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XqgOPqn.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mEhDqgJ.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ciSxvgS.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OKkNKkr.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ifWoipj.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oBtVkoT.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pnyhoZV.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HmNOxJL.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tFLzwOB.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BFlLKaZ.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mEFhgXX.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GevjNQO.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\efXhaUp.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SkeCnWJ.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FJVjMeo.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bfADbIb.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JgWmyFF.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\klmXhmL.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\whUokqD.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jNNKBKj.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nYvuibb.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sDHUsqg.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AIGAJRS.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\euQtauT.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XJxtWcK.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gpfEEiN.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vVuQuGe.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jpOnNpz.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SSuEbfh.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cBGEkZr.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WqfZXWR.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KWLcOqT.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LNckahw.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AvkaQnc.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AQLMABV.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\whltiyL.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vEYaTRl.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Tqzybmj.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jTsegMU.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CzKTlWZ.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\biSgcOI.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qtEGnGY.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IshHJOC.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CdHMvMH.exe	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
5916	MicrosoftEdgeUpdate.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4912 wrote to memory of 4336	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4912 wrote to memory of 4336	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4912 wrote to memory of 4604	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4912 wrote to memory of 4604	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4912 wrote to memory of 692	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4912 wrote to memory of 692	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4912 wrote to memory of 4424	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4912 wrote to memory of 4424	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4912 wrote to memory of 2104	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4912 wrote to memory of 2104	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4912 wrote to memory of 3604	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4912 wrote to memory of 3604	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4912 wrote to memory of 1308	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4912 wrote to memory of 1308	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4912 wrote to memory of 1528	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4912 wrote to memory of 1528	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4912 wrote to memory of 3488	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4912 wrote to memory of 3488	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4912 wrote to memory of 3328	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4912 wrote to memory of 3328	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4912 wrote to memory of 4748	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4912 wrote to memory of 4748	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4912 wrote to memory of 1412	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4912 wrote to memory of 1412	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4912 wrote to memory of 2888	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4912 wrote to memory of 2888	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4912 wrote to memory of 4212	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4912 wrote to memory of 4212	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4912 wrote to memory of 852	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4912 wrote to memory of 852	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4912 wrote to memory of 2356	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4912 wrote to memory of 2356	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4912 wrote to memory of 4720	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4912 wrote to memory of 4720	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4912 wrote to memory of 1460	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4912 wrote to memory of 1460	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4912 wrote to memory of 3428	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4912 wrote to memory of 3428	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4912 wrote to memory of 4364	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4912 wrote to memory of 4364	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4912 wrote to memory of 4788	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4912 wrote to memory of 4788	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4912 wrote to memory of 1180	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4912 wrote to memory of 1180	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4912 wrote to memory of 1560	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4912 wrote to memory of 1560	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4912 wrote to memory of 3612	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4912 wrote to memory of 3612	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4912 wrote to memory of 1124	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 4912 wrote to memory of 1124	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 4912 wrote to memory of 1536	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 4912 wrote to memory of 1536	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 4912 wrote to memory of 1384	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 4912 wrote to memory of 1384	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 4912 wrote to memory of 1856	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 4912 wrote to memory of 1856	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 4912 wrote to memory of 4312	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	119
PID 4912 wrote to memory of 4312	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	119
PID 4912 wrote to memory of 3632	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	120
PID 4912 wrote to memory of 3632	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	120
PID 4912 wrote to memory of 3728	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	121
PID 4912 wrote to memory of 3728	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	121
PID 4912 wrote to memory of 4284	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	122
PID 4912 wrote to memory of 4284	4912	2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe	122

C:\Users\Admin\AppData\Local\Temp\2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-16_fd8dc203bc30a3a7e0dcfdb57bb1b41e_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4912
- C:\Windows\System\EFgbjyf.exe
  C:\Windows\System\EFgbjyf.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\BYggptY.exe
  C:\Windows\System\BYggptY.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\aNxGwcY.exe
  C:\Windows\System\aNxGwcY.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\kwHufgs.exe
  C:\Windows\System\kwHufgs.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\MCaXvgf.exe
  C:\Windows\System\MCaXvgf.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\sZOBOOj.exe
  C:\Windows\System\sZOBOOj.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\whUokqD.exe
  C:\Windows\System\whUokqD.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\QQvTtMn.exe
  C:\Windows\System\QQvTtMn.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\jbvhOpr.exe
  C:\Windows\System\jbvhOpr.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\DxyqgDT.exe
  C:\Windows\System\DxyqgDT.exe
  2⤵
  - Executes dropped EXE
  PID:3328
- C:\Windows\System\VlZTgxx.exe
  C:\Windows\System\VlZTgxx.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\cZERqhk.exe
  C:\Windows\System\cZERqhk.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\PQoJOjb.exe
  C:\Windows\System\PQoJOjb.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\mTzweYm.exe
  C:\Windows\System\mTzweYm.exe
  2⤵
  - Executes dropped EXE
  PID:4212
- C:\Windows\System\xOuCsxe.exe
  C:\Windows\System\xOuCsxe.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\EbXlBHO.exe
  C:\Windows\System\EbXlBHO.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\OkvQCue.exe
  C:\Windows\System\OkvQCue.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\hTIeBcK.exe
  C:\Windows\System\hTIeBcK.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\mEFhgXX.exe
  C:\Windows\System\mEFhgXX.exe
  2⤵
  - Executes dropped EXE
  PID:3428
- C:\Windows\System\vRwGnCi.exe
  C:\Windows\System\vRwGnCi.exe
  2⤵
  - Executes dropped EXE
  PID:4364
- C:\Windows\System\hUvQNWe.exe
  C:\Windows\System\hUvQNWe.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\GpmdVBw.exe
  C:\Windows\System\GpmdVBw.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\gcefgIM.exe
  C:\Windows\System\gcefgIM.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\MKOqxUj.exe
  C:\Windows\System\MKOqxUj.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\OZdNwbH.exe
  C:\Windows\System\OZdNwbH.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\WtnuHWO.exe
  C:\Windows\System\WtnuHWO.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\hqmKpbJ.exe
  C:\Windows\System\hqmKpbJ.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\YElwfZu.exe
  C:\Windows\System\YElwfZu.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\zsTjVoa.exe
  C:\Windows\System\zsTjVoa.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\AAyKXtk.exe
  C:\Windows\System\AAyKXtk.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System\ylBvMwy.exe
  C:\Windows\System\ylBvMwy.exe
  2⤵
  - Executes dropped EXE
  PID:3728
- C:\Windows\System\QjtdDOT.exe
  C:\Windows\System\QjtdDOT.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\bDhdaDW.exe
  C:\Windows\System\bDhdaDW.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\ZPNNCEb.exe
  C:\Windows\System\ZPNNCEb.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\mLHpjSc.exe
  C:\Windows\System\mLHpjSc.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\AVcVIsJ.exe
  C:\Windows\System\AVcVIsJ.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\SwKRRyy.exe
  C:\Windows\System\SwKRRyy.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\erTHgEV.exe
  C:\Windows\System\erTHgEV.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\ZaYLpuU.exe
  C:\Windows\System\ZaYLpuU.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\EmSWmDa.exe
  C:\Windows\System\EmSWmDa.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\SCgSQMz.exe
  C:\Windows\System\SCgSQMz.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\jRoCnsz.exe
  C:\Windows\System\jRoCnsz.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\QFnEMqr.exe
  C:\Windows\System\QFnEMqr.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\DgvCvDI.exe
  C:\Windows\System\DgvCvDI.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\tKIAySh.exe
  C:\Windows\System\tKIAySh.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\xuhAimT.exe
  C:\Windows\System\xuhAimT.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\zrcWvAa.exe
  C:\Windows\System\zrcWvAa.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\bkBjpqQ.exe
  C:\Windows\System\bkBjpqQ.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\mZFeRWC.exe
  C:\Windows\System\mZFeRWC.exe
  2⤵
  - Executes dropped EXE
  PID:3324
- C:\Windows\System\hQPkDEd.exe
  C:\Windows\System\hQPkDEd.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\AKmhRPo.exe
  C:\Windows\System\AKmhRPo.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\cKOOeJW.exe
  C:\Windows\System\cKOOeJW.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\VgObGIL.exe
  C:\Windows\System\VgObGIL.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\VuvDUxs.exe
  C:\Windows\System\VuvDUxs.exe
  2⤵
  - Executes dropped EXE
  PID:32
- C:\Windows\System\jFtfcHu.exe
  C:\Windows\System\jFtfcHu.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\sWiaYtv.exe
  C:\Windows\System\sWiaYtv.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System\yKXAzlS.exe
  C:\Windows\System\yKXAzlS.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\XqgOPqn.exe
  C:\Windows\System\XqgOPqn.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\qiizXzt.exe
  C:\Windows\System\qiizXzt.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\zklbVLc.exe
  C:\Windows\System\zklbVLc.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\mEhDqgJ.exe
  C:\Windows\System\mEhDqgJ.exe
  2⤵
  - Executes dropped EXE
  PID:184
- C:\Windows\System\PdTGOSu.exe
  C:\Windows\System\PdTGOSu.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\sAfjTNp.exe
  C:\Windows\System\sAfjTNp.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\GBnsmqo.exe
  C:\Windows\System\GBnsmqo.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System\trQsCmO.exe
  C:\Windows\System\trQsCmO.exe
  2⤵
  PID:3500
- C:\Windows\System\PXLyOeY.exe
  C:\Windows\System\PXLyOeY.exe
  2⤵
  PID:3288
- C:\Windows\System\JvejFjW.exe
  C:\Windows\System\JvejFjW.exe
  2⤵
  PID:4548
- C:\Windows\System\RQKNHRD.exe
  C:\Windows\System\RQKNHRD.exe
  2⤵
  PID:2408
- C:\Windows\System\hzHeZpy.exe
  C:\Windows\System\hzHeZpy.exe
  2⤵
  PID:5140
- C:\Windows\System\vUtuhuV.exe
  C:\Windows\System\vUtuhuV.exe
  2⤵
  PID:5160
- C:\Windows\System\OdAqTmZ.exe
  C:\Windows\System\OdAqTmZ.exe
  2⤵
  PID:5220
- C:\Windows\System\PTQadXx.exe
  C:\Windows\System\PTQadXx.exe
  2⤵
  PID:5244
- C:\Windows\System\cJAhtYC.exe
  C:\Windows\System\cJAhtYC.exe
  2⤵
  PID:5280
- C:\Windows\System\FHtfWVe.exe
  C:\Windows\System\FHtfWVe.exe
  2⤵
  PID:5320
- C:\Windows\System\JRsjzxb.exe
  C:\Windows\System\JRsjzxb.exe
  2⤵
  PID:5360
- C:\Windows\System\HIaChUw.exe
  C:\Windows\System\HIaChUw.exe
  2⤵
  PID:5376
- C:\Windows\System\illitUt.exe
  C:\Windows\System\illitUt.exe
  2⤵
  PID:5412
- C:\Windows\System\QoOCxSe.exe
  C:\Windows\System\QoOCxSe.exe
  2⤵
  PID:5488
- C:\Windows\System\Foexmae.exe
  C:\Windows\System\Foexmae.exe
  2⤵
  PID:5548
- C:\Windows\System\GHvdBWV.exe
  C:\Windows\System\GHvdBWV.exe
  2⤵
  PID:5580
- C:\Windows\System\WGNDQEC.exe
  C:\Windows\System\WGNDQEC.exe
  2⤵
  PID:5600
- C:\Windows\System\NIabGBZ.exe
  C:\Windows\System\NIabGBZ.exe
  2⤵
  PID:5636
- C:\Windows\System\uafXiYy.exe
  C:\Windows\System\uafXiYy.exe
  2⤵
  PID:5668
- C:\Windows\System\FfvQljJ.exe
  C:\Windows\System\FfvQljJ.exe
  2⤵
  PID:5688
- C:\Windows\System\EOtJTbk.exe
  C:\Windows\System\EOtJTbk.exe
  2⤵
  PID:5720
- C:\Windows\System\kniHADc.exe
  C:\Windows\System\kniHADc.exe
  2⤵
  PID:5764
- C:\Windows\System\lJGwXru.exe
  C:\Windows\System\lJGwXru.exe
  2⤵
  PID:5788
- C:\Windows\System\SXltRkk.exe
  C:\Windows\System\SXltRkk.exe
  2⤵
  PID:5816
- C:\Windows\System\HfGfQkF.exe
  C:\Windows\System\HfGfQkF.exe
  2⤵
  PID:5848
- C:\Windows\System\ZuaZedd.exe
  C:\Windows\System\ZuaZedd.exe
  2⤵
  PID:5864
- C:\Windows\System\OoYnlso.exe
  C:\Windows\System\OoYnlso.exe
  2⤵
  PID:5908
- C:\Windows\System\CkWLavW.exe
  C:\Windows\System\CkWLavW.exe
  2⤵
  PID:5944
- C:\Windows\System\tsHUQJv.exe
  C:\Windows\System\tsHUQJv.exe
  2⤵
  PID:5992
- C:\Windows\System\qtEGnGY.exe
  C:\Windows\System\qtEGnGY.exe
  2⤵
  PID:6020
- C:\Windows\System\UaHXpvJ.exe
  C:\Windows\System\UaHXpvJ.exe
  2⤵
  PID:6060
- C:\Windows\System\xPSdasd.exe
  C:\Windows\System\xPSdasd.exe
  2⤵
  PID:6088
- C:\Windows\System\YJzgdNH.exe
  C:\Windows\System\YJzgdNH.exe
  2⤵
  PID:6120
- C:\Windows\System\XccZRTD.exe
  C:\Windows\System\XccZRTD.exe
  2⤵
  PID:2724
- C:\Windows\System\lTzPSbK.exe
  C:\Windows\System\lTzPSbK.exe
  2⤵
  PID:3996
- C:\Windows\System\ZaNlpvT.exe
  C:\Windows\System\ZaNlpvT.exe
  2⤵
  PID:5196
- C:\Windows\System\iBAEzLA.exe
  C:\Windows\System\iBAEzLA.exe
  2⤵
  PID:5268
- C:\Windows\System\decNVVG.exe
  C:\Windows\System\decNVVG.exe
  2⤵
  PID:5352
- C:\Windows\System\whltiyL.exe
  C:\Windows\System\whltiyL.exe
  2⤵
  PID:5400
- C:\Windows\System\TzBvwxE.exe
  C:\Windows\System\TzBvwxE.exe
  2⤵
  PID:5480
- C:\Windows\System\oKudeub.exe
  C:\Windows\System\oKudeub.exe
  2⤵
  PID:5560
- C:\Windows\System\vLpgBDo.exe
  C:\Windows\System\vLpgBDo.exe
  2⤵
  PID:5648
- C:\Windows\System\zYnczDY.exe
  C:\Windows\System\zYnczDY.exe
  2⤵
  PID:5716
- C:\Windows\System\jqKucFe.exe
  C:\Windows\System\jqKucFe.exe
  2⤵
  PID:5804
- C:\Windows\System\EZBTQOv.exe
  C:\Windows\System\EZBTQOv.exe
  2⤵
  PID:5836
- C:\Windows\System\qNlFcUN.exe
  C:\Windows\System\qNlFcUN.exe
  2⤵
  PID:5888
- C:\Windows\System\ORDjFSd.exe
  C:\Windows\System\ORDjFSd.exe
  2⤵
  PID:6032
- C:\Windows\System\tDibJyK.exe
  C:\Windows\System\tDibJyK.exe
  2⤵
  PID:6100
- C:\Windows\System\WrFuMRe.exe
  C:\Windows\System\WrFuMRe.exe
  2⤵
  PID:5128
- C:\Windows\System\eDIcWnh.exe
  C:\Windows\System\eDIcWnh.exe
  2⤵
  PID:1452
- C:\Windows\System\sFkmtbw.exe
  C:\Windows\System\sFkmtbw.exe
  2⤵
  PID:5328
- C:\Windows\System\GdgFhYE.exe
  C:\Windows\System\GdgFhYE.exe
  2⤵
  PID:5596
- C:\Windows\System\TVqgfZb.exe
  C:\Windows\System\TVqgfZb.exe
  2⤵
  PID:5644
- C:\Windows\System\rUBOcYf.exe
  C:\Windows\System\rUBOcYf.exe
  2⤵
  PID:5920
- C:\Windows\System\OsNnCVt.exe
  C:\Windows\System\OsNnCVt.exe
  2⤵
  PID:5372
- C:\Windows\System\XVgAFvk.exe
  C:\Windows\System\XVgAFvk.exe
  2⤵
  PID:5940
- C:\Windows\System\lOceOLR.exe
  C:\Windows\System\lOceOLR.exe
  2⤵
  PID:6096
- C:\Windows\System\kaBRKbY.exe
  C:\Windows\System\kaBRKbY.exe
  2⤵
  PID:6040
- C:\Windows\System\lMlYaNO.exe
  C:\Windows\System\lMlYaNO.exe
  2⤵
  PID:5556
- C:\Windows\System\ITyhPsm.exe
  C:\Windows\System\ITyhPsm.exe
  2⤵
  PID:5796
- C:\Windows\System\ktMmEYO.exe
  C:\Windows\System\ktMmEYO.exe
  2⤵
  PID:6016
- C:\Windows\System\jNNKBKj.exe
  C:\Windows\System\jNNKBKj.exe
  2⤵
  PID:6136
- C:\Windows\System\eWAUtdb.exe
  C:\Windows\System\eWAUtdb.exe
  2⤵
  PID:5952
- C:\Windows\System\mkyzxdo.exe
  C:\Windows\System\mkyzxdo.exe
  2⤵
  PID:6004
- C:\Windows\System\JuEbzFe.exe
  C:\Windows\System\JuEbzFe.exe
  2⤵
  PID:5828
- C:\Windows\System\KqZTDPF.exe
  C:\Windows\System\KqZTDPF.exe
  2⤵
  PID:5740
- C:\Windows\System\IMiXNDx.exe
  C:\Windows\System\IMiXNDx.exe
  2⤵
  PID:6176
- C:\Windows\System\WORSqVg.exe
  C:\Windows\System\WORSqVg.exe
  2⤵
  PID:6196
- C:\Windows\System\ciSxvgS.exe
  C:\Windows\System\ciSxvgS.exe
  2⤵
  PID:6224
- C:\Windows\System\xXwcPJl.exe
  C:\Windows\System\xXwcPJl.exe
  2⤵
  PID:6268
- C:\Windows\System\bPmzfWG.exe
  C:\Windows\System\bPmzfWG.exe
  2⤵
  PID:6296
- C:\Windows\System\AxqlEUH.exe
  C:\Windows\System\AxqlEUH.exe
  2⤵
  PID:6324
- C:\Windows\System\oLTqKym.exe
  C:\Windows\System\oLTqKym.exe
  2⤵
  PID:6352
- C:\Windows\System\FETIrFp.exe
  C:\Windows\System\FETIrFp.exe
  2⤵
  PID:6384
- C:\Windows\System\vYWbJDG.exe
  C:\Windows\System\vYWbJDG.exe
  2⤵
  PID:6412
- C:\Windows\System\ltJBtWD.exe
  C:\Windows\System\ltJBtWD.exe
  2⤵
  PID:6436
- C:\Windows\System\VKVnVPw.exe
  C:\Windows\System\VKVnVPw.exe
  2⤵
  PID:6468
- C:\Windows\System\yCeSujF.exe
  C:\Windows\System\yCeSujF.exe
  2⤵
  PID:6496
- C:\Windows\System\QvzWROA.exe
  C:\Windows\System\QvzWROA.exe
  2⤵
  PID:6520
- C:\Windows\System\TVVSBGO.exe
  C:\Windows\System\TVVSBGO.exe
  2⤵
  PID:6548
- C:\Windows\System\pAIAAxa.exe
  C:\Windows\System\pAIAAxa.exe
  2⤵
  PID:6580
- C:\Windows\System\cFeBjLZ.exe
  C:\Windows\System\cFeBjLZ.exe
  2⤵
  PID:6604
- C:\Windows\System\nuwKgOu.exe
  C:\Windows\System\nuwKgOu.exe
  2⤵
  PID:6624
- C:\Windows\System\STHJpHH.exe
  C:\Windows\System\STHJpHH.exe
  2⤵
  PID:6664
- C:\Windows\System\eSufEgJ.exe
  C:\Windows\System\eSufEgJ.exe
  2⤵
  PID:6688
- C:\Windows\System\GevjNQO.exe
  C:\Windows\System\GevjNQO.exe
  2⤵
  PID:6720
- C:\Windows\System\GDqfgZa.exe
  C:\Windows\System\GDqfgZa.exe
  2⤵
  PID:6752
- C:\Windows\System\uHyVcmK.exe
  C:\Windows\System\uHyVcmK.exe
  2⤵
  PID:6784
- C:\Windows\System\weLUVNh.exe
  C:\Windows\System\weLUVNh.exe
  2⤵
  PID:6804
- C:\Windows\System\QiALoSQ.exe
  C:\Windows\System\QiALoSQ.exe
  2⤵
  PID:6840
- C:\Windows\System\ISBYArL.exe
  C:\Windows\System\ISBYArL.exe
  2⤵
  PID:6868
- C:\Windows\System\EFgBnsg.exe
  C:\Windows\System\EFgBnsg.exe
  2⤵
  PID:6896
- C:\Windows\System\EqVRMYp.exe
  C:\Windows\System\EqVRMYp.exe
  2⤵
  PID:6928
- C:\Windows\System\UTXxwOX.exe
  C:\Windows\System\UTXxwOX.exe
  2⤵
  PID:6956
- C:\Windows\System\mlLKDta.exe
  C:\Windows\System\mlLKDta.exe
  2⤵
  PID:6980
- C:\Windows\System\EWGgpYk.exe
  C:\Windows\System\EWGgpYk.exe
  2⤵
  PID:7008
- C:\Windows\System\EZCwuGT.exe
  C:\Windows\System\EZCwuGT.exe
  2⤵
  PID:7036
- C:\Windows\System\LAldMrk.exe
  C:\Windows\System\LAldMrk.exe
  2⤵
  PID:7068
- C:\Windows\System\KhyOkhm.exe
  C:\Windows\System\KhyOkhm.exe
  2⤵
  PID:7092
- C:\Windows\System\lBDXtYL.exe
  C:\Windows\System\lBDXtYL.exe
  2⤵
  PID:7124
- C:\Windows\System\IshHJOC.exe
  C:\Windows\System\IshHJOC.exe
  2⤵
  PID:7152
- C:\Windows\System\AOpVjed.exe
  C:\Windows\System\AOpVjed.exe
  2⤵
  PID:6168
- C:\Windows\System\WaaZxFd.exe
  C:\Windows\System\WaaZxFd.exe
  2⤵
  PID:6236
- C:\Windows\System\kzDwBNz.exe
  C:\Windows\System\kzDwBNz.exe
  2⤵
  PID:6308
- C:\Windows\System\fUJCdkt.exe
  C:\Windows\System\fUJCdkt.exe
  2⤵
  PID:6360
- C:\Windows\System\CQEhCDF.exe
  C:\Windows\System\CQEhCDF.exe
  2⤵
  PID:6444
- C:\Windows\System\cDiEVZF.exe
  C:\Windows\System\cDiEVZF.exe
  2⤵
  PID:6504
- C:\Windows\System\Dyxwnjq.exe
  C:\Windows\System\Dyxwnjq.exe
  2⤵
  PID:6576
- C:\Windows\System\lUcuBfu.exe
  C:\Windows\System\lUcuBfu.exe
  2⤵
  PID:6636
- C:\Windows\System\FeJlIUF.exe
  C:\Windows\System\FeJlIUF.exe
  2⤵
  PID:6680
- C:\Windows\System\htCVdwn.exe
  C:\Windows\System\htCVdwn.exe
  2⤵
  PID:6768
- C:\Windows\System\wVSwIjV.exe
  C:\Windows\System\wVSwIjV.exe
  2⤵
  PID:6824
- C:\Windows\System\tauAwYV.exe
  C:\Windows\System\tauAwYV.exe
  2⤵
  PID:6876
- C:\Windows\System\iZEvQkd.exe
  C:\Windows\System\iZEvQkd.exe
  2⤵
  PID:6920
- C:\Windows\System\Kfkjdvp.exe
  C:\Windows\System\Kfkjdvp.exe
  2⤵
  PID:6992
- C:\Windows\System\zRubmth.exe
  C:\Windows\System\zRubmth.exe
  2⤵
  PID:7064
- C:\Windows\System\bZUSUjb.exe
  C:\Windows\System\bZUSUjb.exe
  2⤵
  PID:7104
- C:\Windows\System\soFLaHx.exe
  C:\Windows\System\soFLaHx.exe
  2⤵
  PID:6048
- C:\Windows\System\oNmJiPK.exe
  C:\Windows\System\oNmJiPK.exe
  2⤵
  PID:6280
- C:\Windows\System\LuNZirW.exe
  C:\Windows\System\LuNZirW.exe
  2⤵
  PID:6424
- C:\Windows\System\fYOpCXr.exe
  C:\Windows\System\fYOpCXr.exe
  2⤵
  PID:6588
- C:\Windows\System\GCwLMwC.exe
  C:\Windows\System\GCwLMwC.exe
  2⤵
  PID:6700
- C:\Windows\System\OKkNKkr.exe
  C:\Windows\System\OKkNKkr.exe
  2⤵
  PID:6816
- C:\Windows\System\wmNSLZp.exe
  C:\Windows\System\wmNSLZp.exe
  2⤵
  PID:6420
- C:\Windows\System\AuKxhms.exe
  C:\Windows\System\AuKxhms.exe
  2⤵
  PID:7100
- C:\Windows\System\iGVcBRD.exe
  C:\Windows\System\iGVcBRD.exe
  2⤵
  PID:6264
- C:\Windows\System\cBGEkZr.exe
  C:\Windows\System\cBGEkZr.exe
  2⤵
  PID:6620
- C:\Windows\System\rPLzDRw.exe
  C:\Windows\System\rPLzDRw.exe
  2⤵
  PID:6732
- C:\Windows\System\pLFZBbu.exe
  C:\Windows\System\pLFZBbu.exe
  2⤵
  PID:6304
- C:\Windows\System\yDaRDCW.exe
  C:\Windows\System\yDaRDCW.exe
  2⤵
  PID:6736
- C:\Windows\System\ekJENPJ.exe
  C:\Windows\System\ekJENPJ.exe
  2⤵
  PID:6972
- C:\Windows\System\CyZJuog.exe
  C:\Windows\System\CyZJuog.exe
  2⤵
  PID:4480
- C:\Windows\System\JFcLNvC.exe
  C:\Windows\System\JFcLNvC.exe
  2⤵
  PID:4428
- C:\Windows\System\IIfZqYn.exe
  C:\Windows\System\IIfZqYn.exe
  2⤵
  PID:796
- C:\Windows\System\POnCpYx.exe
  C:\Windows\System\POnCpYx.exe
  2⤵
  PID:4956
- C:\Windows\System\GrgNfjX.exe
  C:\Windows\System\GrgNfjX.exe
  2⤵
  PID:2984
- C:\Windows\System\UjpaIfC.exe
  C:\Windows\System\UjpaIfC.exe
  2⤵
  PID:4192
- C:\Windows\System\yJEGwtc.exe
  C:\Windows\System\yJEGwtc.exe
  2⤵
  PID:7200
- C:\Windows\System\umuzvBe.exe
  C:\Windows\System\umuzvBe.exe
  2⤵
  PID:7228
- C:\Windows\System\fTNKfgl.exe
  C:\Windows\System\fTNKfgl.exe
  2⤵
  PID:7256
- C:\Windows\System\PmgQsHD.exe
  C:\Windows\System\PmgQsHD.exe
  2⤵
  PID:7288
- C:\Windows\System\rtKwhTj.exe
  C:\Windows\System\rtKwhTj.exe
  2⤵
  PID:7316
- C:\Windows\System\XPReVxa.exe
  C:\Windows\System\XPReVxa.exe
  2⤵
  PID:7344
- C:\Windows\System\NuynYsX.exe
  C:\Windows\System\NuynYsX.exe
  2⤵
  PID:7376
- C:\Windows\System\IEbLZxE.exe
  C:\Windows\System\IEbLZxE.exe
  2⤵
  PID:7396
- C:\Windows\System\UANfDid.exe
  C:\Windows\System\UANfDid.exe
  2⤵
  PID:7432
- C:\Windows\System\mGTpKND.exe
  C:\Windows\System\mGTpKND.exe
  2⤵
  PID:7452
- C:\Windows\System\THfonOz.exe
  C:\Windows\System\THfonOz.exe
  2⤵
  PID:7492
- C:\Windows\System\RmZRULM.exe
  C:\Windows\System\RmZRULM.exe
  2⤵
  PID:7516
- C:\Windows\System\DelykIY.exe
  C:\Windows\System\DelykIY.exe
  2⤵
  PID:7548
- C:\Windows\System\WqfZXWR.exe
  C:\Windows\System\WqfZXWR.exe
  2⤵
  PID:7576
- C:\Windows\System\fiuMjUo.exe
  C:\Windows\System\fiuMjUo.exe
  2⤵
  PID:7604
- C:\Windows\System\AOdewtl.exe
  C:\Windows\System\AOdewtl.exe
  2⤵
  PID:7636
- C:\Windows\System\mtMhKAk.exe
  C:\Windows\System\mtMhKAk.exe
  2⤵
  PID:7664
- C:\Windows\System\QbRmvam.exe
  C:\Windows\System\QbRmvam.exe
  2⤵
  PID:7696
- C:\Windows\System\efXhaUp.exe
  C:\Windows\System\efXhaUp.exe
  2⤵
  PID:7720
- C:\Windows\System\NMGyKcv.exe
  C:\Windows\System\NMGyKcv.exe
  2⤵
  PID:7752
- C:\Windows\System\dSKifMo.exe
  C:\Windows\System\dSKifMo.exe
  2⤵
  PID:7776
- C:\Windows\System\MESrDqC.exe
  C:\Windows\System\MESrDqC.exe
  2⤵
  PID:7804
- C:\Windows\System\kchcftL.exe
  C:\Windows\System\kchcftL.exe
  2⤵
  PID:7836
- C:\Windows\System\EKNyRKa.exe
  C:\Windows\System\EKNyRKa.exe
  2⤵
  PID:7864
- C:\Windows\System\sDxRyEy.exe
  C:\Windows\System\sDxRyEy.exe
  2⤵
  PID:7888
- C:\Windows\System\wLYNJpG.exe
  C:\Windows\System\wLYNJpG.exe
  2⤵
  PID:7920
- C:\Windows\System\dxdrSdC.exe
  C:\Windows\System\dxdrSdC.exe
  2⤵
  PID:7944
- C:\Windows\System\LaQWveA.exe
  C:\Windows\System\LaQWveA.exe
  2⤵
  PID:7976
- C:\Windows\System\Scbuzaf.exe
  C:\Windows\System\Scbuzaf.exe
  2⤵
  PID:8004
- C:\Windows\System\dXVXeTa.exe
  C:\Windows\System\dXVXeTa.exe
  2⤵
  PID:8024
- C:\Windows\System\PqkuSyi.exe
  C:\Windows\System\PqkuSyi.exe
  2⤵
  PID:8052
- C:\Windows\System\ZiMlLgl.exe
  C:\Windows\System\ZiMlLgl.exe
  2⤵
  PID:8088
- C:\Windows\System\VfOvPYP.exe
  C:\Windows\System\VfOvPYP.exe
  2⤵
  PID:8116
- C:\Windows\System\CdHMvMH.exe
  C:\Windows\System\CdHMvMH.exe
  2⤵
  PID:8144
- C:\Windows\System\LOtMIwY.exe
  C:\Windows\System\LOtMIwY.exe
  2⤵
  PID:8164
- C:\Windows\System\TtdNlRK.exe
  C:\Windows\System\TtdNlRK.exe
  2⤵
  PID:7176
- C:\Windows\System\pwyidsU.exe
  C:\Windows\System\pwyidsU.exe
  2⤵
  PID:7248
- C:\Windows\System\gSqdOAA.exe
  C:\Windows\System\gSqdOAA.exe
  2⤵
  PID:7312
- C:\Windows\System\ZigZotQ.exe
  C:\Windows\System\ZigZotQ.exe
  2⤵
  PID:7372
- C:\Windows\System\nCHUDSe.exe
  C:\Windows\System\nCHUDSe.exe
  2⤵
  PID:7440
- C:\Windows\System\OGyXeBK.exe
  C:\Windows\System\OGyXeBK.exe
  2⤵
  PID:7508
- C:\Windows\System\GUWIUpS.exe
  C:\Windows\System\GUWIUpS.exe
  2⤵
  PID:7560
- C:\Windows\System\wCAjQCZ.exe
  C:\Windows\System\wCAjQCZ.exe
  2⤵
  PID:7616
- C:\Windows\System\FJNUcHA.exe
  C:\Windows\System\FJNUcHA.exe
  2⤵
  PID:7688
- C:\Windows\System\RolTlMy.exe
  C:\Windows\System\RolTlMy.exe
  2⤵
  PID:7744
- C:\Windows\System\fHTKjUK.exe
  C:\Windows\System\fHTKjUK.exe
  2⤵
  PID:7796
- C:\Windows\System\KnYTDEF.exe
  C:\Windows\System\KnYTDEF.exe
  2⤵
  PID:7852
- C:\Windows\System\lakfPGn.exe
  C:\Windows\System\lakfPGn.exe
  2⤵
  PID:7916
- C:\Windows\System\jIhGFOk.exe
  C:\Windows\System\jIhGFOk.exe
  2⤵
  PID:7972
- C:\Windows\System\NyRWwwt.exe
  C:\Windows\System\NyRWwwt.exe
  2⤵
  PID:8012
- C:\Windows\System\jLbdohE.exe
  C:\Windows\System\jLbdohE.exe
  2⤵
  PID:8072
- C:\Windows\System\aBestsT.exe
  C:\Windows\System\aBestsT.exe
  2⤵
  PID:8128
- C:\Windows\System\BcMfnbe.exe
  C:\Windows\System\BcMfnbe.exe
  2⤵
  PID:7208
- C:\Windows\System\ilgqpTW.exe
  C:\Windows\System\ilgqpTW.exe
  2⤵
  PID:7296
- C:\Windows\System\OZjLtbK.exe
  C:\Windows\System\OZjLtbK.exe
  2⤵
  PID:7488
- C:\Windows\System\JsXFcpQ.exe
  C:\Windows\System\JsXFcpQ.exe
  2⤵
  PID:7532
- C:\Windows\System\FIRfrWA.exe
  C:\Windows\System\FIRfrWA.exe
  2⤵
  PID:7728
- C:\Windows\System\lXmplOd.exe
  C:\Windows\System\lXmplOd.exe
  2⤵
  PID:7324
- C:\Windows\System\qyeSULe.exe
  C:\Windows\System\qyeSULe.exe
  2⤵
  PID:3020
- C:\Windows\System\bXZPGPv.exe
  C:\Windows\System\bXZPGPv.exe
  2⤵
  PID:8064
- C:\Windows\System\yeLczJA.exe
  C:\Windows\System\yeLczJA.exe
  2⤵
  PID:7276
- C:\Windows\System\DGqftOn.exe
  C:\Windows\System\DGqftOn.exe
  2⤵
  PID:3560
- C:\Windows\System\pTUIuWO.exe
  C:\Windows\System\pTUIuWO.exe
  2⤵
  PID:7896
- C:\Windows\System\gMpVZbg.exe
  C:\Windows\System\gMpVZbg.exe
  2⤵
  PID:3820
- C:\Windows\System\ckHvVDF.exe
  C:\Windows\System\ckHvVDF.exe
  2⤵
  PID:7408
- C:\Windows\System\TfZDxsC.exe
  C:\Windows\System\TfZDxsC.exe
  2⤵
  PID:7352
- C:\Windows\System\oGhGvQp.exe
  C:\Windows\System\oGhGvQp.exe
  2⤵
  PID:8204
- C:\Windows\System\qpJCGwD.exe
  C:\Windows\System\qpJCGwD.exe
  2⤵
  PID:8236
- C:\Windows\System\xlTNxqz.exe
  C:\Windows\System\xlTNxqz.exe
  2⤵
  PID:8260
- C:\Windows\System\tZPbvfO.exe
  C:\Windows\System\tZPbvfO.exe
  2⤵
  PID:8280
- C:\Windows\System\MfpXzjw.exe
  C:\Windows\System\MfpXzjw.exe
  2⤵
  PID:8312
- C:\Windows\System\jlDUMtM.exe
  C:\Windows\System\jlDUMtM.exe
  2⤵
  PID:8344
- C:\Windows\System\BPrNnyf.exe
  C:\Windows\System\BPrNnyf.exe
  2⤵
  PID:8372
- C:\Windows\System\HlNYrCJ.exe
  C:\Windows\System\HlNYrCJ.exe
  2⤵
  PID:8396
- C:\Windows\System\kFEMmED.exe
  C:\Windows\System\kFEMmED.exe
  2⤵
  PID:8420
- C:\Windows\System\lpDzQjL.exe
  C:\Windows\System\lpDzQjL.exe
  2⤵
  PID:8456
- C:\Windows\System\UTnyArX.exe
  C:\Windows\System\UTnyArX.exe
  2⤵
  PID:8496
- C:\Windows\System\qCtwbXC.exe
  C:\Windows\System\qCtwbXC.exe
  2⤵
  PID:8512
- C:\Windows\System\CIRwyAH.exe
  C:\Windows\System\CIRwyAH.exe
  2⤵
  PID:8548
- C:\Windows\System\IsgXgMK.exe
  C:\Windows\System\IsgXgMK.exe
  2⤵
  PID:8580
- C:\Windows\System\FLLUDPJ.exe
  C:\Windows\System\FLLUDPJ.exe
  2⤵
  PID:8604
- C:\Windows\System\yLIXGLX.exe
  C:\Windows\System\yLIXGLX.exe
  2⤵
  PID:8636
- C:\Windows\System\fjqmmvd.exe
  C:\Windows\System\fjqmmvd.exe
  2⤵
  PID:8664
- C:\Windows\System\QpqgRWW.exe
  C:\Windows\System\QpqgRWW.exe
  2⤵
  PID:8684
- C:\Windows\System\aHHZEys.exe
  C:\Windows\System\aHHZEys.exe
  2⤵
  PID:8724
- C:\Windows\System\xdzqRax.exe
  C:\Windows\System\xdzqRax.exe
  2⤵
  PID:8744
- C:\Windows\System\yCmwxby.exe
  C:\Windows\System\yCmwxby.exe
  2⤵
  PID:8780
- C:\Windows\System\TVljStn.exe
  C:\Windows\System\TVljStn.exe
  2⤵
  PID:8812
- C:\Windows\System\DCTgjbg.exe
  C:\Windows\System\DCTgjbg.exe
  2⤵
  PID:8832
- C:\Windows\System\Ynlkndj.exe
  C:\Windows\System\Ynlkndj.exe
  2⤵
  PID:8860
- C:\Windows\System\UlQKgtY.exe
  C:\Windows\System\UlQKgtY.exe
  2⤵
  PID:8888
- C:\Windows\System\IASVQLc.exe
  C:\Windows\System\IASVQLc.exe
  2⤵
  PID:8916
- C:\Windows\System\vmtyttf.exe
  C:\Windows\System\vmtyttf.exe
  2⤵
  PID:8956
- C:\Windows\System\TijHZkJ.exe
  C:\Windows\System\TijHZkJ.exe
  2⤵
  PID:8980
- C:\Windows\System\UQDrHnW.exe
  C:\Windows\System\UQDrHnW.exe
  2⤵
  PID:9000
- C:\Windows\System\SywWOsp.exe
  C:\Windows\System\SywWOsp.exe
  2⤵
  PID:9028
- C:\Windows\System\DKjsHGi.exe
  C:\Windows\System\DKjsHGi.exe
  2⤵
  PID:9060
- C:\Windows\System\udXBYIa.exe
  C:\Windows\System\udXBYIa.exe
  2⤵
  PID:9088
- C:\Windows\System\qIpHjEZ.exe
  C:\Windows\System\qIpHjEZ.exe
  2⤵
  PID:9124
- C:\Windows\System\zSeJKtm.exe
  C:\Windows\System\zSeJKtm.exe
  2⤵
  PID:9152
- C:\Windows\System\nantUeh.exe
  C:\Windows\System\nantUeh.exe
  2⤵
  PID:9180
- C:\Windows\System\mYvIxcP.exe
  C:\Windows\System\mYvIxcP.exe
  2⤵
  PID:9200
- C:\Windows\System\zSByyMc.exe
  C:\Windows\System\zSByyMc.exe
  2⤵
  PID:1656
- C:\Windows\System\uIxGvSG.exe
  C:\Windows\System\uIxGvSG.exe
  2⤵
  PID:8272
- C:\Windows\System\FCoLIIw.exe
  C:\Windows\System\FCoLIIw.exe
  2⤵
  PID:8352
- C:\Windows\System\IFrhIcQ.exe
  C:\Windows\System\IFrhIcQ.exe
  2⤵
  PID:8380
- C:\Windows\System\okfNMtQ.exe
  C:\Windows\System\okfNMtQ.exe
  2⤵
  PID:2928
- C:\Windows\System\ZbYWIjd.exe
  C:\Windows\System\ZbYWIjd.exe
  2⤵
  PID:2932
- C:\Windows\System\GCNsiVZ.exe
  C:\Windows\System\GCNsiVZ.exe
  2⤵
  PID:1808
- C:\Windows\System\FZJoeYN.exe
  C:\Windows\System\FZJoeYN.exe
  2⤵
  PID:2992
- C:\Windows\System\pXGYsSM.exe
  C:\Windows\System\pXGYsSM.exe
  2⤵
  PID:8596
- C:\Windows\System\baTSfpa.exe
  C:\Windows\System\baTSfpa.exe
  2⤵
  PID:8648
- C:\Windows\System\RCtZXmj.exe
  C:\Windows\System\RCtZXmj.exe
  2⤵
  PID:8736
- C:\Windows\System\tWdczGM.exe
  C:\Windows\System\tWdczGM.exe
  2⤵
  PID:8792
- C:\Windows\System\SJjOPDA.exe
  C:\Windows\System\SJjOPDA.exe
  2⤵
  PID:8820
- C:\Windows\System\BIJwRUa.exe
  C:\Windows\System\BIJwRUa.exe
  2⤵
  PID:8856
- C:\Windows\System\kntWSJz.exe
  C:\Windows\System\kntWSJz.exe
  2⤵
  PID:8912
- C:\Windows\System\rXzKDFo.exe
  C:\Windows\System\rXzKDFo.exe
  2⤵
  PID:8996
- C:\Windows\System\baubXdA.exe
  C:\Windows\System\baubXdA.exe
  2⤵
  PID:9040
- C:\Windows\System\sDJyCKo.exe
  C:\Windows\System\sDJyCKo.exe
  2⤵
  PID:9100
- C:\Windows\System\oUDNznX.exe
  C:\Windows\System\oUDNznX.exe
  2⤵
  PID:9160
- C:\Windows\System\SdSyIRy.exe
  C:\Windows\System\SdSyIRy.exe
  2⤵
  PID:8212
- C:\Windows\System\dPHtDgT.exe
  C:\Windows\System\dPHtDgT.exe
  2⤵
  PID:8304
- C:\Windows\System\vEYaTRl.exe
  C:\Windows\System\vEYaTRl.exe
  2⤵
  PID:8404
- C:\Windows\System\bUgpxGI.exe
  C:\Windows\System\bUgpxGI.exe
  2⤵
  PID:3012
- C:\Windows\System\HvpKeCn.exe
  C:\Windows\System\HvpKeCn.exe
  2⤵
  PID:8588
- C:\Windows\System\bvCcAWb.exe
  C:\Windows\System\bvCcAWb.exe
  2⤵
  PID:8704
- C:\Windows\System\MChRauR.exe
  C:\Windows\System\MChRauR.exe
  2⤵
  PID:3044
- C:\Windows\System\ZjJhRSa.exe
  C:\Windows\System\ZjJhRSa.exe
  2⤵
  PID:8952
- C:\Windows\System\ifWoipj.exe
  C:\Windows\System\ifWoipj.exe
  2⤵
  PID:9084
- C:\Windows\System\JPdTwcb.exe
  C:\Windows\System\JPdTwcb.exe
  2⤵
  PID:9212
- C:\Windows\System\PEonQyL.exe
  C:\Windows\System\PEonQyL.exe
  2⤵
  PID:3816
- C:\Windows\System\pDNrnsq.exe
  C:\Windows\System\pDNrnsq.exe
  2⤵
  PID:8644
- C:\Windows\System\PPiHXUw.exe
  C:\Windows\System\PPiHXUw.exe
  2⤵
  PID:1424
- C:\Windows\System\OfsIGCy.exe
  C:\Windows\System\OfsIGCy.exe
  2⤵
  PID:9188
- C:\Windows\System\lfHHxrw.exe
  C:\Windows\System\lfHHxrw.exe
  2⤵
  PID:8768
- C:\Windows\System\NkAzyXN.exe
  C:\Windows\System\NkAzyXN.exe
  2⤵
  PID:1860
- C:\Windows\System\JzlnZDn.exe
  C:\Windows\System\JzlnZDn.exe
  2⤵
  PID:9136
- C:\Windows\System\MXqLzxM.exe
  C:\Windows\System\MXqLzxM.exe
  2⤵
  PID:9232
- C:\Windows\System\fHEuYgT.exe
  C:\Windows\System\fHEuYgT.exe
  2⤵
  PID:9260
- C:\Windows\System\gJGNVau.exe
  C:\Windows\System\gJGNVau.exe
  2⤵
  PID:9292
- C:\Windows\System\mILOAmf.exe
  C:\Windows\System\mILOAmf.exe
  2⤵
  PID:9320
- C:\Windows\System\nmusEQT.exe
  C:\Windows\System\nmusEQT.exe
  2⤵
  PID:9348
- C:\Windows\System\Tqzybmj.exe
  C:\Windows\System\Tqzybmj.exe
  2⤵
  PID:9376
- C:\Windows\System\CRZvMvm.exe
  C:\Windows\System\CRZvMvm.exe
  2⤵
  PID:9404
- C:\Windows\System\xmdoUZE.exe
  C:\Windows\System\xmdoUZE.exe
  2⤵
  PID:9432
- C:\Windows\System\ofGavab.exe
  C:\Windows\System\ofGavab.exe
  2⤵
  PID:9464
- C:\Windows\System\QRsNfAm.exe
  C:\Windows\System\QRsNfAm.exe
  2⤵
  PID:9488
- C:\Windows\System\nYvuibb.exe
  C:\Windows\System\nYvuibb.exe
  2⤵
  PID:9524
- C:\Windows\System\aTwPslO.exe
  C:\Windows\System\aTwPslO.exe
  2⤵
  PID:9544
- C:\Windows\System\SKaMyKT.exe
  C:\Windows\System\SKaMyKT.exe
  2⤵
  PID:9572
- C:\Windows\System\WAquUjX.exe
  C:\Windows\System\WAquUjX.exe
  2⤵
  PID:9600
- C:\Windows\System\YLkhRKv.exe
  C:\Windows\System\YLkhRKv.exe
  2⤵
  PID:9628
- C:\Windows\System\qvwTcHM.exe
  C:\Windows\System\qvwTcHM.exe
  2⤵
  PID:9660
- C:\Windows\System\jTsegMU.exe
  C:\Windows\System\jTsegMU.exe
  2⤵
  PID:9688
- C:\Windows\System\PxmcIJP.exe
  C:\Windows\System\PxmcIJP.exe
  2⤵
  PID:9712
- C:\Windows\System\llgtUre.exe
  C:\Windows\System\llgtUre.exe
  2⤵
  PID:9740
- C:\Windows\System\UNXlVMb.exe
  C:\Windows\System\UNXlVMb.exe
  2⤵
  PID:9768
- C:\Windows\System\qVBlPaj.exe
  C:\Windows\System\qVBlPaj.exe
  2⤵
  PID:9796
- C:\Windows\System\sugxmTD.exe
  C:\Windows\System\sugxmTD.exe
  2⤵
  PID:9824
- C:\Windows\System\SkeCnWJ.exe
  C:\Windows\System\SkeCnWJ.exe
  2⤵
  PID:9852
- C:\Windows\System\zVqdKJx.exe
  C:\Windows\System\zVqdKJx.exe
  2⤵
  PID:9896
- C:\Windows\System\hrKjbrd.exe
  C:\Windows\System\hrKjbrd.exe
  2⤵
  PID:9924
- C:\Windows\System\FSlIqKD.exe
  C:\Windows\System\FSlIqKD.exe
  2⤵
  PID:9948
- C:\Windows\System\qaBrVIt.exe
  C:\Windows\System\qaBrVIt.exe
  2⤵
  PID:9984
- C:\Windows\System\ULQcNXN.exe
  C:\Windows\System\ULQcNXN.exe
  2⤵
  PID:10004
- C:\Windows\System\jxdzFdw.exe
  C:\Windows\System\jxdzFdw.exe
  2⤵
  PID:10044
- C:\Windows\System\UuojICt.exe
  C:\Windows\System\UuojICt.exe
  2⤵
  PID:10072
- C:\Windows\System\FlbnlAO.exe
  C:\Windows\System\FlbnlAO.exe
  2⤵
  PID:10096
- C:\Windows\System\mIzuiwm.exe
  C:\Windows\System\mIzuiwm.exe
  2⤵
  PID:10120
- C:\Windows\System\EjvVWAN.exe
  C:\Windows\System\EjvVWAN.exe
  2⤵
  PID:10148
- C:\Windows\System\yUDlUxf.exe
  C:\Windows\System\yUDlUxf.exe
  2⤵
  PID:10176
- C:\Windows\System\ewvgptP.exe
  C:\Windows\System\ewvgptP.exe
  2⤵
  PID:10204
- C:\Windows\System\SRMJavT.exe
  C:\Windows\System\SRMJavT.exe
  2⤵
  PID:9224
- C:\Windows\System\rivuAyY.exe
  C:\Windows\System\rivuAyY.exe
  2⤵
  PID:9300
- C:\Windows\System\sDHUsqg.exe
  C:\Windows\System\sDHUsqg.exe
  2⤵
  PID:9360
- C:\Windows\System\sDQLorK.exe
  C:\Windows\System\sDQLorK.exe
  2⤵
  PID:9396
- C:\Windows\System\XQrdhgn.exe
  C:\Windows\System\XQrdhgn.exe
  2⤵
  PID:9472
- C:\Windows\System\FsHNfBA.exe
  C:\Windows\System\FsHNfBA.exe
  2⤵
  PID:9540
- C:\Windows\System\Ktrrlha.exe
  C:\Windows\System\Ktrrlha.exe
  2⤵
  PID:9612
- C:\Windows\System\PnuKHZb.exe
  C:\Windows\System\PnuKHZb.exe
  2⤵
  PID:9652
- C:\Windows\System\zBuErxN.exe
  C:\Windows\System\zBuErxN.exe
  2⤵
  PID:9308
- C:\Windows\System\aufPYBb.exe
  C:\Windows\System\aufPYBb.exe
  2⤵
  PID:9792
- C:\Windows\System\DPsiItT.exe
  C:\Windows\System\DPsiItT.exe
  2⤵
  PID:9944
- C:\Windows\System\CfPjCBy.exe
  C:\Windows\System\CfPjCBy.exe
  2⤵
  PID:10024
- C:\Windows\System\IqIgKxc.exe
  C:\Windows\System\IqIgKxc.exe
  2⤵
  PID:10088
- C:\Windows\System\cyBvcZH.exe
  C:\Windows\System\cyBvcZH.exe
  2⤵
  PID:9284
- C:\Windows\System\oBtVkoT.exe
  C:\Windows\System\oBtVkoT.exe
  2⤵
  PID:9640
- C:\Windows\System\AIGAJRS.exe
  C:\Windows\System\AIGAJRS.exe
  2⤵
  PID:724
- C:\Windows\System\bJNvlym.exe
  C:\Windows\System\bJNvlym.exe
  2⤵
  PID:9932
- C:\Windows\System\SaLIaMM.exe
  C:\Windows\System\SaLIaMM.exe
  2⤵
  PID:10080
- C:\Windows\System\LierCVY.exe
  C:\Windows\System\LierCVY.exe
  2⤵
  PID:9568
- C:\Windows\System\PYKzNir.exe
  C:\Windows\System\PYKzNir.exe
  2⤵
  PID:2776
- C:\Windows\System\abGkjfA.exe
  C:\Windows\System\abGkjfA.exe
  2⤵
  PID:2064
- C:\Windows\System\mAPrvTg.exe
  C:\Windows\System\mAPrvTg.exe
  2⤵
  PID:9876
- C:\Windows\System\JtTtyxw.exe
  C:\Windows\System\JtTtyxw.exe
  2⤵
  PID:4380
- C:\Windows\System\OxfwaaA.exe
  C:\Windows\System\OxfwaaA.exe
  2⤵
  PID:10248
- C:\Windows\System\pnyhoZV.exe
  C:\Windows\System\pnyhoZV.exe
  2⤵
  PID:10268
- C:\Windows\System\smUNUvZ.exe
  C:\Windows\System\smUNUvZ.exe
  2⤵
  PID:10296
- C:\Windows\System\TqMRzJK.exe
  C:\Windows\System\TqMRzJK.exe
  2⤵
  PID:10332
- C:\Windows\System\ONnVlaf.exe
  C:\Windows\System\ONnVlaf.exe
  2⤵
  PID:10352
- C:\Windows\System\dwgbdmS.exe
  C:\Windows\System\dwgbdmS.exe
  2⤵
  PID:10384
- C:\Windows\System\ALAcdeN.exe
  C:\Windows\System\ALAcdeN.exe
  2⤵
  PID:10420
- C:\Windows\System\zIUgoyr.exe
  C:\Windows\System\zIUgoyr.exe
  2⤵
  PID:10436
- C:\Windows\System\YUKtRXb.exe
  C:\Windows\System\YUKtRXb.exe
  2⤵
  PID:10472
- C:\Windows\System\RSCZMdR.exe
  C:\Windows\System\RSCZMdR.exe
  2⤵
  PID:10492
- C:\Windows\System\lSuUCSL.exe
  C:\Windows\System\lSuUCSL.exe
  2⤵
  PID:10520
- C:\Windows\System\CmvmWnO.exe
  C:\Windows\System\CmvmWnO.exe
  2⤵
  PID:10548
- C:\Windows\System\gJlOZUc.exe
  C:\Windows\System\gJlOZUc.exe
  2⤵
  PID:10576
- C:\Windows\System\lEsWWcl.exe
  C:\Windows\System\lEsWWcl.exe
  2⤵
  PID:10604
- C:\Windows\System\FdmQrnw.exe
  C:\Windows\System\FdmQrnw.exe
  2⤵
  PID:10636
- C:\Windows\System\FMBvBru.exe
  C:\Windows\System\FMBvBru.exe
  2⤵
  PID:10668
- C:\Windows\System\HfhtSvs.exe
  C:\Windows\System\HfhtSvs.exe
  2⤵
  PID:10692
- C:\Windows\System\zSyqtzt.exe
  C:\Windows\System\zSyqtzt.exe
  2⤵
  PID:10720
- C:\Windows\System\nGUwgmc.exe
  C:\Windows\System\nGUwgmc.exe
  2⤵
  PID:10752
- C:\Windows\System\xYLbrkm.exe
  C:\Windows\System\xYLbrkm.exe
  2⤵
  PID:10792
- C:\Windows\System\mswVCXf.exe
  C:\Windows\System\mswVCXf.exe
  2⤵
  PID:10848
- C:\Windows\System\ZWCLQuq.exe
  C:\Windows\System\ZWCLQuq.exe
  2⤵
  PID:10920
- C:\Windows\System\euQtauT.exe
  C:\Windows\System\euQtauT.exe
  2⤵
  PID:10936
- C:\Windows\System\bAlINdc.exe
  C:\Windows\System\bAlINdc.exe
  2⤵
  PID:10976
- C:\Windows\System\uSEdwcQ.exe
  C:\Windows\System\uSEdwcQ.exe
  2⤵
  PID:10996
- C:\Windows\System\eurBGkb.exe
  C:\Windows\System\eurBGkb.exe
  2⤵
  PID:11024
- C:\Windows\System\mZaHjWI.exe
  C:\Windows\System\mZaHjWI.exe
  2⤵
  PID:11060
- C:\Windows\System\hEhbAJz.exe
  C:\Windows\System\hEhbAJz.exe
  2⤵
  PID:11080
- C:\Windows\System\PGAILyt.exe
  C:\Windows\System\PGAILyt.exe
  2⤵
  PID:11108
- C:\Windows\System\WgHqufU.exe
  C:\Windows\System\WgHqufU.exe
  2⤵
  PID:11136
- C:\Windows\System\IbcekWU.exe
  C:\Windows\System\IbcekWU.exe
  2⤵
  PID:11168
- C:\Windows\System\UxiwNLc.exe
  C:\Windows\System\UxiwNLc.exe
  2⤵
  PID:11192
- C:\Windows\System\UDHTLJY.exe
  C:\Windows\System\UDHTLJY.exe
  2⤵
  PID:11220
- C:\Windows\System\pnybvFV.exe
  C:\Windows\System\pnybvFV.exe
  2⤵
  PID:11248
- C:\Windows\System\FsbsLKJ.exe
  C:\Windows\System\FsbsLKJ.exe
  2⤵
  PID:4540
- C:\Windows\System\xafpXZW.exe
  C:\Windows\System\xafpXZW.exe
  2⤵
  PID:10316
- C:\Windows\System\LkCnutg.exe
  C:\Windows\System\LkCnutg.exe
  2⤵
  PID:10416
- C:\Windows\System\fHxIVNZ.exe
  C:\Windows\System\fHxIVNZ.exe
  2⤵
  PID:324
- C:\Windows\System\wboLZuo.exe
  C:\Windows\System\wboLZuo.exe
  2⤵
  PID:10484
- C:\Windows\System\slbfvnS.exe
  C:\Windows\System\slbfvnS.exe
  2⤵
  PID:10544
- C:\Windows\System\WAtOxAn.exe
  C:\Windows\System\WAtOxAn.exe
  2⤵
  PID:9996
- C:\Windows\System\XnDsoNn.exe
  C:\Windows\System\XnDsoNn.exe
  2⤵
  PID:10660
- C:\Windows\System\ikmAkOU.exe
  C:\Windows\System\ikmAkOU.exe
  2⤵
  PID:10732
- C:\Windows\System\ZhHEKXU.exe
  C:\Windows\System\ZhHEKXU.exe
  2⤵
  PID:10832
- C:\Windows\System\NziWUgu.exe
  C:\Windows\System\NziWUgu.exe
  2⤵
  PID:10928
- C:\Windows\System\LWwzyEH.exe
  C:\Windows\System\LWwzyEH.exe
  2⤵
  PID:10992
- C:\Windows\System\vRkKqPO.exe
  C:\Windows\System\vRkKqPO.exe
  2⤵
  PID:11068
- C:\Windows\System\pmvnZbG.exe
  C:\Windows\System\pmvnZbG.exe
  2⤵
  PID:11128
- C:\Windows\System\VAMcyhh.exe
  C:\Windows\System\VAMcyhh.exe
  2⤵
  PID:11204
- C:\Windows\System\gISVlVY.exe
  C:\Windows\System\gISVlVY.exe
  2⤵
  PID:10256
- C:\Windows\System\GFznpBq.exe
  C:\Windows\System\GFznpBq.exe
  2⤵
  PID:2592
- C:\Windows\System\xgXAZQp.exe
  C:\Windows\System\xgXAZQp.exe
  2⤵
  PID:10404
- C:\Windows\System\FlrBJAK.exe
  C:\Windows\System\FlrBJAK.exe
  2⤵
  PID:10532
- C:\Windows\System\wDBlFey.exe
  C:\Windows\System\wDBlFey.exe
  2⤵
  PID:1688
- C:\Windows\System\rFMzrNh.exe
  C:\Windows\System\rFMzrNh.exe
  2⤵
  PID:10764
- C:\Windows\System\LQiEMse.exe
  C:\Windows\System\LQiEMse.exe
  2⤵
  PID:10984
- C:\Windows\System\xSMuacQ.exe
  C:\Windows\System\xSMuacQ.exe
  2⤵
  PID:11120
- C:\Windows\System\ahhSlto.exe
  C:\Windows\System\ahhSlto.exe
  2⤵
  PID:10292
- C:\Windows\System\iYPoEGt.exe
  C:\Windows\System\iYPoEGt.exe
  2⤵
  PID:4188
- C:\Windows\System\NWjYLCq.exe
  C:\Windows\System\NWjYLCq.exe
  2⤵
  PID:10716
- C:\Windows\System\mdJZgPK.exe
  C:\Windows\System\mdJZgPK.exe
  2⤵
  PID:11104
- C:\Windows\System\EqZpEeu.exe
  C:\Windows\System\EqZpEeu.exe
  2⤵
  PID:10648
- C:\Windows\System\OXpQvZE.exe
  C:\Windows\System\OXpQvZE.exe
  2⤵
  PID:4372
- C:\Windows\System\VWoeDJO.exe
  C:\Windows\System\VWoeDJO.exe
  2⤵
  PID:11280
- C:\Windows\System\uoOzjKI.exe
  C:\Windows\System\uoOzjKI.exe
  2⤵
  PID:11300
- C:\Windows\System\WPygLYl.exe
  C:\Windows\System\WPygLYl.exe
  2⤵
  PID:11328
- C:\Windows\System\dEkHqVZ.exe
  C:\Windows\System\dEkHqVZ.exe
  2⤵
  PID:11356
- C:\Windows\System\oeqMzJm.exe
  C:\Windows\System\oeqMzJm.exe
  2⤵
  PID:11384
- C:\Windows\System\ERpnUJu.exe
  C:\Windows\System\ERpnUJu.exe
  2⤵
  PID:11424
- C:\Windows\System\aFGSJqJ.exe
  C:\Windows\System\aFGSJqJ.exe
  2⤵
  PID:11440
- C:\Windows\System\cYbsZZP.exe
  C:\Windows\System\cYbsZZP.exe
  2⤵
  PID:11468
- C:\Windows\System\pAKSfBY.exe
  C:\Windows\System\pAKSfBY.exe
  2⤵
  PID:11504
- C:\Windows\System\QluAiAj.exe
  C:\Windows\System\QluAiAj.exe
  2⤵
  PID:11528
- C:\Windows\System\gyazJnD.exe
  C:\Windows\System\gyazJnD.exe
  2⤵
  PID:11552
- C:\Windows\System\VqAgQdL.exe
  C:\Windows\System\VqAgQdL.exe
  2⤵
  PID:11580
- C:\Windows\System\NWniAjH.exe
  C:\Windows\System\NWniAjH.exe
  2⤵
  PID:11608
- C:\Windows\System\IZotxTO.exe
  C:\Windows\System\IZotxTO.exe
  2⤵
  PID:11636
- C:\Windows\System\IKjQjkj.exe
  C:\Windows\System\IKjQjkj.exe
  2⤵
  PID:11672
- C:\Windows\System\hUkJIon.exe
  C:\Windows\System\hUkJIon.exe
  2⤵
  PID:11696
- C:\Windows\System\dSZMCcD.exe
  C:\Windows\System\dSZMCcD.exe
  2⤵
  PID:11732
- C:\Windows\System\vnTqHHU.exe
  C:\Windows\System\vnTqHHU.exe
  2⤵
  PID:11752
- C:\Windows\System\riwQvIc.exe
  C:\Windows\System\riwQvIc.exe
  2⤵
  PID:11780
- C:\Windows\System\exeYwnp.exe
  C:\Windows\System\exeYwnp.exe
  2⤵
  PID:11808
- C:\Windows\System\HmNOxJL.exe
  C:\Windows\System\HmNOxJL.exe
  2⤵
  PID:11836
- C:\Windows\System\CzPlOFX.exe
  C:\Windows\System\CzPlOFX.exe
  2⤵
  PID:11864
- C:\Windows\System\akqewOM.exe
  C:\Windows\System\akqewOM.exe
  2⤵
  PID:11900
- C:\Windows\System\RHtFZcN.exe
  C:\Windows\System\RHtFZcN.exe
  2⤵
  PID:11920
- C:\Windows\System\pbnbFJt.exe
  C:\Windows\System\pbnbFJt.exe
  2⤵
  PID:11948
- C:\Windows\System\Gwlnfxp.exe
  C:\Windows\System\Gwlnfxp.exe
  2⤵
  PID:11984
- C:\Windows\System\ygwPyaq.exe
  C:\Windows\System\ygwPyaq.exe
  2⤵
  PID:12020
- C:\Windows\System\XJxtWcK.exe
  C:\Windows\System\XJxtWcK.exe
  2⤵
  PID:12036
- C:\Windows\System\xHfmAij.exe
  C:\Windows\System\xHfmAij.exe
  2⤵
  PID:12064
- C:\Windows\System\hiwCiwe.exe
  C:\Windows\System\hiwCiwe.exe
  2⤵
  PID:12092
- C:\Windows\System\zfrqTWR.exe
  C:\Windows\System\zfrqTWR.exe
  2⤵
  PID:12120
- C:\Windows\System\uACuwTN.exe
  C:\Windows\System\uACuwTN.exe
  2⤵
  PID:12148
- C:\Windows\System\lrTUliy.exe
  C:\Windows\System\lrTUliy.exe
  2⤵
  PID:12188
- C:\Windows\System\yZXdHFG.exe
  C:\Windows\System\yZXdHFG.exe
  2⤵
  PID:12204
- C:\Windows\System\usJUziU.exe
  C:\Windows\System\usJUziU.exe
  2⤵
  PID:12232
- C:\Windows\System\UJrlMpv.exe
  C:\Windows\System\UJrlMpv.exe
  2⤵
  PID:12260
- C:\Windows\System\bTDiUoO.exe
  C:\Windows\System\bTDiUoO.exe
  2⤵
  PID:11092
- C:\Windows\System\yRfcKHM.exe
  C:\Windows\System\yRfcKHM.exe
  2⤵
  PID:11324
- C:\Windows\System\lVipvvR.exe
  C:\Windows\System\lVipvvR.exe
  2⤵
  PID:11396
- C:\Windows\System\PhtzWrq.exe
  C:\Windows\System\PhtzWrq.exe
  2⤵
  PID:11452
- C:\Windows\System\xJHSaXx.exe
  C:\Windows\System\xJHSaXx.exe
  2⤵
  PID:11512
- C:\Windows\System\lVPFXia.exe
  C:\Windows\System\lVPFXia.exe
  2⤵
  PID:11572
- C:\Windows\System\gpfEEiN.exe
  C:\Windows\System\gpfEEiN.exe
  2⤵
  PID:11660
- C:\Windows\System\jhwubHF.exe
  C:\Windows\System\jhwubHF.exe
  2⤵
  PID:11720
- C:\Windows\System\RBQeTDH.exe
  C:\Windows\System\RBQeTDH.exe
  2⤵
  PID:11792
- C:\Windows\System\AGOhUXr.exe
  C:\Windows\System\AGOhUXr.exe
  2⤵
  PID:11856
- C:\Windows\System\IfQEsoD.exe
  C:\Windows\System\IfQEsoD.exe
  2⤵
  PID:11916
- C:\Windows\System\WSdVJXj.exe
  C:\Windows\System\WSdVJXj.exe
  2⤵
  PID:396
- C:\Windows\System\BCKTMKE.exe
  C:\Windows\System\BCKTMKE.exe
  2⤵
  PID:1132
- C:\Windows\System\ayugqgW.exe
  C:\Windows\System\ayugqgW.exe
  2⤵
  PID:12060
- C:\Windows\System\gRfnAUK.exe
  C:\Windows\System\gRfnAUK.exe
  2⤵
  PID:12116
- C:\Windows\System\wstXmja.exe
  C:\Windows\System\wstXmja.exe
  2⤵
  PID:11656
- C:\Windows\System\jKHUfKe.exe
  C:\Windows\System\jKHUfKe.exe
  2⤵
  PID:12284
- C:\Windows\System\aaUYnQD.exe
  C:\Windows\System\aaUYnQD.exe
  2⤵
  PID:11240
- C:\Windows\System\CyhCrRx.exe
  C:\Windows\System\CyhCrRx.exe
  2⤵
  PID:10956
- C:\Windows\System\FOjUrLi.exe
  C:\Windows\System\FOjUrLi.exe
  2⤵
  PID:11748
- C:\Windows\System\gGNootl.exe
  C:\Windows\System\gGNootl.exe
  2⤵
  PID:11908
- C:\Windows\System\hcGxWmz.exe
  C:\Windows\System\hcGxWmz.exe
  2⤵
  PID:3520
- C:\Windows\System\wdaULjA.exe
  C:\Windows\System\wdaULjA.exe
  2⤵
  PID:608
- C:\Windows\System\sdqABif.exe
  C:\Windows\System\sdqABif.exe
  2⤵
  PID:11576
- C:\Windows\System\IExONLO.exe
  C:\Windows\System\IExONLO.exe
  2⤵
  PID:11960
- C:\Windows\System\nxXfzFB.exe
  C:\Windows\System\nxXfzFB.exe
  2⤵
  PID:12160
- C:\Windows\System\AHOGIpt.exe
  C:\Windows\System\AHOGIpt.exe
  2⤵
  PID:11820
- C:\Windows\System\KWLcOqT.exe
  C:\Windows\System\KWLcOqT.exe
  2⤵
  PID:12296
- C:\Windows\System\LBrYhuU.exe
  C:\Windows\System\LBrYhuU.exe
  2⤵
  PID:12328
- C:\Windows\System\tVKsmua.exe
  C:\Windows\System\tVKsmua.exe
  2⤵
  PID:12356
- C:\Windows\System\fBniEnn.exe
  C:\Windows\System\fBniEnn.exe
  2⤵
  PID:12376
- C:\Windows\System\bJysjIJ.exe
  C:\Windows\System\bJysjIJ.exe
  2⤵
  PID:12404
- C:\Windows\System\hsYOxld.exe
  C:\Windows\System\hsYOxld.exe
  2⤵
  PID:12432
- C:\Windows\System\wsRFiii.exe
  C:\Windows\System\wsRFiii.exe
  2⤵
  PID:12460
- C:\Windows\System\dMultmR.exe
  C:\Windows\System\dMultmR.exe
  2⤵
  PID:12480
- C:\Windows\System\vWiZPwt.exe
  C:\Windows\System\vWiZPwt.exe
  2⤵
  PID:12504
- C:\Windows\System\onOFada.exe
  C:\Windows\System\onOFada.exe
  2⤵
  PID:12544
- C:\Windows\System\LWXZgbF.exe
  C:\Windows\System\LWXZgbF.exe
  2⤵
  PID:12576
- C:\Windows\System\fziTrfz.exe
  C:\Windows\System\fziTrfz.exe
  2⤵
  PID:12604
- C:\Windows\System\fhtoppp.exe
  C:\Windows\System\fhtoppp.exe
  2⤵
  PID:12660
- C:\Windows\System\rIEHjWn.exe
  C:\Windows\System\rIEHjWn.exe
  2⤵
  PID:12704
- C:\Windows\System\ezdcxyp.exe
  C:\Windows\System\ezdcxyp.exe
  2⤵
  PID:12740
- C:\Windows\System\kqPtcxm.exe
  C:\Windows\System\kqPtcxm.exe
  2⤵
  PID:12764
- C:\Windows\System\ZEVzqId.exe
  C:\Windows\System\ZEVzqId.exe
  2⤵
  PID:12792
- C:\Windows\System\GgXOXiE.exe
  C:\Windows\System\GgXOXiE.exe
  2⤵
  PID:12828
- C:\Windows\System\nEuauZu.exe
  C:\Windows\System\nEuauZu.exe
  2⤵
  PID:12856
- C:\Windows\System\jXPvLFx.exe
  C:\Windows\System\jXPvLFx.exe
  2⤵
  PID:12876
- C:\Windows\System\iXxtZqM.exe
  C:\Windows\System\iXxtZqM.exe
  2⤵
  PID:12904
- C:\Windows\System\ZNDfssH.exe
  C:\Windows\System\ZNDfssH.exe
  2⤵
  PID:12940
- C:\Windows\System\waoFmLw.exe
  C:\Windows\System\waoFmLw.exe
  2⤵
  PID:12964
- C:\Windows\System\oFJSAnD.exe
  C:\Windows\System\oFJSAnD.exe
  2⤵
  PID:12988
- C:\Windows\System\jwXkyMJ.exe
  C:\Windows\System\jwXkyMJ.exe
  2⤵
  PID:13020
- C:\Windows\System\wtrbcbz.exe
  C:\Windows\System\wtrbcbz.exe
  2⤵
  PID:13044
- C:\Windows\System\PaSkPEP.exe
  C:\Windows\System\PaSkPEP.exe
  2⤵
  PID:13084
- C:\Windows\System\bjVAboD.exe
  C:\Windows\System\bjVAboD.exe
  2⤵
  PID:13108
- C:\Windows\System\CzKTlWZ.exe
  C:\Windows\System\CzKTlWZ.exe
  2⤵
  PID:13144
- C:\Windows\System\NbNsmiJ.exe
  C:\Windows\System\NbNsmiJ.exe
  2⤵
  PID:13164
- C:\Windows\System\NFUAtjH.exe
  C:\Windows\System\NFUAtjH.exe
  2⤵
  PID:13192
- C:\Windows\System\WQSrHna.exe
  C:\Windows\System\WQSrHna.exe
  2⤵
  PID:13228
- C:\Windows\System\vKFRxgp.exe
  C:\Windows\System\vKFRxgp.exe
  2⤵
  PID:13256
- C:\Windows\System\rYqEXWB.exe
  C:\Windows\System\rYqEXWB.exe
  2⤵
  PID:13288
- C:\Windows\System\zAzJgAu.exe
  C:\Windows\System\zAzJgAu.exe
  2⤵
  PID:12308
- C:\Windows\System\vfUrtzO.exe
  C:\Windows\System\vfUrtzO.exe
  2⤵
  PID:12400
- C:\Windows\System\dSXvCcO.exe
  C:\Windows\System\dSXvCcO.exe
  2⤵
  PID:12540
- C:\Windows\System\LNckahw.exe
  C:\Windows\System\LNckahw.exe
  2⤵
  PID:3872
- C:\Windows\System\jyrUrCA.exe
  C:\Windows\System\jyrUrCA.exe
  2⤵
  PID:12700
- C:\Windows\System\hGerZHp.exe
  C:\Windows\System\hGerZHp.exe
  2⤵
  PID:12724
- C:\Windows\System\uLjZIPn.exe
  C:\Windows\System\uLjZIPn.exe
  2⤵
  PID:12784
- C:\Windows\System\OEtsxkV.exe
  C:\Windows\System\OEtsxkV.exe
  2⤵
  PID:12916
- C:\Windows\System\tXqLGzn.exe
  C:\Windows\System\tXqLGzn.exe
  2⤵
  PID:12952
- C:\Windows\System\YkLAeWz.exe
  C:\Windows\System\YkLAeWz.exe
  2⤵
  PID:13008
- C:\Windows\System\BpAgWyz.exe
  C:\Windows\System\BpAgWyz.exe
  2⤵
  PID:900
- C:\Windows\System\FJVjMeo.exe
  C:\Windows\System\FJVjMeo.exe
  2⤵
  PID:1388
- C:\Windows\System\ZsdJEPY.exe
  C:\Windows\System\ZsdJEPY.exe
  2⤵
  PID:13184
- C:\Windows\System\LvOOJGE.exe
  C:\Windows\System\LvOOJGE.exe
  2⤵
  PID:13248
- C:\Windows\System\LtHeXOS.exe
  C:\Windows\System\LtHeXOS.exe
  2⤵
  PID:368
- C:\Windows\System\PRkTDet.exe
  C:\Windows\System\PRkTDet.exe
  2⤵
  PID:12424
- C:\Windows\System\wupjkSK.exe
  C:\Windows\System\wupjkSK.exe
  2⤵
  PID:12636
- C:\Windows\System\HzgItOu.exe
  C:\Windows\System\HzgItOu.exe
  2⤵
  PID:12900
- C:\Windows\System\vVuQuGe.exe
  C:\Windows\System\vVuQuGe.exe
  2⤵
  PID:12984
- C:\Windows\System\JpcqbjJ.exe
  C:\Windows\System\JpcqbjJ.exe
  2⤵
  PID:13124
- C:\Windows\System\AbRmZqk.exe
  C:\Windows\System\AbRmZqk.exe
  2⤵
  PID:3028
- C:\Windows\System\FJzcoFI.exe
  C:\Windows\System\FJzcoFI.exe
  2⤵
  PID:12596
- C:\Windows\System\vYzMRlm.exe
  C:\Windows\System\vYzMRlm.exe
  2⤵
  PID:13116
- C:\Windows\System\ioCUvvN.exe
  C:\Windows\System\ioCUvvN.exe
  2⤵
  PID:12760
- C:\Windows\System\abuzWvZ.exe
  C:\Windows\System\abuzWvZ.exe
  2⤵
  PID:12364
- C:\Windows\System\bfADbIb.exe
  C:\Windows\System\bfADbIb.exe
  2⤵
  PID:856
- C:\Windows\System\MpvQGHa.exe
  C:\Windows\System\MpvQGHa.exe
  2⤵
  PID:13332
- C:\Windows\System\KqLzFfW.exe
  C:\Windows\System\KqLzFfW.exe
  2⤵
  PID:13360
- C:\Windows\System\qITiiBM.exe
  C:\Windows\System\qITiiBM.exe
  2⤵
  PID:13388
- C:\Windows\System\xYWjAbY.exe
  C:\Windows\System\xYWjAbY.exe
  2⤵
  PID:13416
- C:\Windows\System\OrbaRWE.exe
  C:\Windows\System\OrbaRWE.exe
  2⤵
  PID:13444
- C:\Windows\System\WYZWVFz.exe
  C:\Windows\System\WYZWVFz.exe
  2⤵
  PID:13472
- C:\Windows\System\ormvGgU.exe
  C:\Windows\System\ormvGgU.exe
  2⤵
  PID:13500
- C:\Windows\System\nsgPaNU.exe
  C:\Windows\System\nsgPaNU.exe
  2⤵
  PID:13528
- C:\Windows\System\ThahwBp.exe
  C:\Windows\System\ThahwBp.exe
  2⤵
  PID:13556
- C:\Windows\System\CineMgz.exe
  C:\Windows\System\CineMgz.exe
  2⤵
  PID:13584
- C:\Windows\System\iyEYQna.exe
  C:\Windows\System\iyEYQna.exe
  2⤵
  PID:13612
- C:\Windows\System\SKZltEu.exe
  C:\Windows\System\SKZltEu.exe
  2⤵
  PID:13640
- C:\Windows\System\GZmwCyN.exe
  C:\Windows\System\GZmwCyN.exe
  2⤵
  PID:13668
- C:\Windows\System\IeRsgfE.exe
  C:\Windows\System\IeRsgfE.exe
  2⤵
  PID:13696
- C:\Windows\System\eJJMsOq.exe
  C:\Windows\System\eJJMsOq.exe
  2⤵
  PID:13724
- C:\Windows\System\pJbxvnV.exe
  C:\Windows\System\pJbxvnV.exe
  2⤵
  PID:13752
- C:\Windows\System\SfNgWKb.exe
  C:\Windows\System\SfNgWKb.exe
  2⤵
  PID:13780
- C:\Windows\System\pHamzFS.exe
  C:\Windows\System\pHamzFS.exe
  2⤵
  PID:13808
- C:\Windows\System\BBpXBfh.exe
  C:\Windows\System\BBpXBfh.exe
  2⤵
  PID:13836
- C:\Windows\System\dqLjZTK.exe
  C:\Windows\System\dqLjZTK.exe
  2⤵
  PID:13864
- C:\Windows\System\YRkfPKG.exe
  C:\Windows\System\YRkfPKG.exe
  2⤵
  PID:13900
- C:\Windows\System\VksUfYm.exe
  C:\Windows\System\VksUfYm.exe
  2⤵
  PID:13920
- C:\Windows\System\eeVwPun.exe
  C:\Windows\System\eeVwPun.exe
  2⤵
  PID:13952
- C:\Windows\System\qxXRBcN.exe
  C:\Windows\System\qxXRBcN.exe
  2⤵
  PID:13980
- C:\Windows\System\lgYNxZe.exe
  C:\Windows\System\lgYNxZe.exe
  2⤵
  PID:14008
- C:\Windows\System\jQeCMrt.exe
  C:\Windows\System\jQeCMrt.exe
  2⤵
  PID:14044
- C:\Windows\System\TEXWuXq.exe
  C:\Windows\System\TEXWuXq.exe
  2⤵
  PID:14076
- C:\Windows\System\IqXpElr.exe
  C:\Windows\System\IqXpElr.exe
  2⤵
  PID:14112
- C:\Windows\System\oyFVpMg.exe
  C:\Windows\System\oyFVpMg.exe
  2⤵
  PID:14132
- C:\Windows\System\pLaPoVd.exe
  C:\Windows\System\pLaPoVd.exe
  2⤵
  PID:14160
- C:\Windows\System\uCXSoTd.exe
  C:\Windows\System\uCXSoTd.exe
  2⤵
  PID:14188
- C:\Windows\System\rDvzxNg.exe
  C:\Windows\System\rDvzxNg.exe
  2⤵
  PID:14216
- C:\Windows\System\fxbGQxw.exe
  C:\Windows\System\fxbGQxw.exe
  2⤵
  PID:14244
- C:\Windows\System\dEAAdVJ.exe
  C:\Windows\System\dEAAdVJ.exe
  2⤵
  PID:14272
- C:\Windows\System\fYBzTrx.exe
  C:\Windows\System\fYBzTrx.exe
  2⤵
  PID:14300
- C:\Windows\System\CofAqIv.exe
  C:\Windows\System\CofAqIv.exe
  2⤵
  PID:13316
- C:\Windows\System\ltUKTEv.exe
  C:\Windows\System\ltUKTEv.exe
  2⤵
  PID:13344
- C:\Windows\System\TdroOnM.exe
  C:\Windows\System\TdroOnM.exe
  2⤵
  PID:13400
- C:\Windows\System\olvDzWg.exe
  C:\Windows\System\olvDzWg.exe
  2⤵
  PID:13428
- C:\Windows\System\XSgogya.exe
  C:\Windows\System\XSgogya.exe
  2⤵
  PID:13520
- C:\Windows\System\UCBMPZp.exe
  C:\Windows\System\UCBMPZp.exe
  2⤵
  PID:13580
- C:\Windows\System\EwVhuJh.exe
  C:\Windows\System\EwVhuJh.exe
  2⤵
  PID:3900
- C:\Windows\System\ClJVGmA.exe
  C:\Windows\System\ClJVGmA.exe
  2⤵
  PID:13680
- C:\Windows\System\DGYUaLa.exe
  C:\Windows\System\DGYUaLa.exe
  2⤵
  PID:4828
- C:\Windows\System\hTxegHH.exe
  C:\Windows\System\hTxegHH.exe
  2⤵
  PID:13744
- C:\Windows\System\eOVDfay.exe
  C:\Windows\System\eOVDfay.exe
  2⤵
  PID:13804
- C:\Windows\System\vnOUroA.exe
  C:\Windows\System\vnOUroA.exe
  2⤵
  PID:13876
- C:\Windows\System\ghUhxSO.exe
  C:\Windows\System\ghUhxSO.exe
  2⤵
  PID:13916
- C:\Windows\System\tFLzwOB.exe
  C:\Windows\System\tFLzwOB.exe
  2⤵
  PID:4348
- C:\Windows\System\BerZIwd.exe
  C:\Windows\System\BerZIwd.exe
  2⤵
  PID:1956
- C:\Windows\System\HGmAENe.exe
  C:\Windows\System\HGmAENe.exe
  2⤵
  PID:14068
- C:\Windows\System\LzrwhBO.exe
  C:\Windows\System\LzrwhBO.exe
  2⤵
  PID:14120
- C:\Windows\System\JgWmyFF.exe
  C:\Windows\System\JgWmyFF.exe
  2⤵
  PID:14236
- C:\Windows\System\mfMPJUQ.exe
  C:\Windows\System\mfMPJUQ.exe
  2⤵
  PID:5176
- C:\Windows\System\pzpYrfs.exe
  C:\Windows\System\pzpYrfs.exe
  2⤵
  PID:14268
- C:\Windows\System\jSSyfnJ.exe
  C:\Windows\System\jSSyfnJ.exe
  2⤵
  PID:14324
- C:\Windows\System\ECaUSGY.exe
  C:\Windows\System\ECaUSGY.exe
  2⤵
  PID:13380
- C:\Windows\System\LeuDYgL.exe
  C:\Windows\System\LeuDYgL.exe
  2⤵
  PID:13512
- C:\Windows\System\YGohnct.exe
  C:\Windows\System\YGohnct.exe
  2⤵
  PID:4036
- C:\Windows\System\SjQeiBA.exe
  C:\Windows\System\SjQeiBA.exe
  2⤵
  PID:13608
- C:\Windows\System\AvkaQnc.exe
  C:\Windows\System\AvkaQnc.exe
  2⤵
  PID:5384
- C:\Windows\System\iVPASqK.exe
  C:\Windows\System\iVPASqK.exe
  2⤵
  PID:1928
- C:\Windows\System\BkaiVHq.exe
  C:\Windows\System\BkaiVHq.exe
  2⤵
  PID:13860
- C:\Windows\System\EhSBpBR.exe
  C:\Windows\System\EhSBpBR.exe
  2⤵
  PID:3240
- C:\Windows\System\FonszZK.exe
  C:\Windows\System\FonszZK.exe
  2⤵
  PID:14052
- C:\Windows\System\nmzKDWD.exe
  C:\Windows\System\nmzKDWD.exe
  2⤵
  PID:14100
- C:\Windows\System\ryqcdpQ.exe
  C:\Windows\System\ryqcdpQ.exe
  2⤵
  PID:5624
- C:\Windows\System\MUkIXlo.exe
  C:\Windows\System\MUkIXlo.exe
  2⤵
  PID:5704
- C:\Windows\System\hJWybVf.exe
  C:\Windows\System\hJWybVf.exe
  2⤵
  PID:5748
- C:\Windows\System\DmucZBP.exe
  C:\Windows\System\DmucZBP.exe
  2⤵
  PID:5780
- C:\Windows\System\biSgcOI.exe
  C:\Windows\System\biSgcOI.exe
  2⤵
  PID:2420
- C:\Windows\System\HoqNiGM.exe
  C:\Windows\System\HoqNiGM.exe
  2⤵
  PID:14296
- C:\Windows\System\klmXhmL.exe
  C:\Windows\System\klmXhmL.exe
  2⤵
  PID:13408
- C:\Windows\System\WqKMhen.exe
  C:\Windows\System\WqKMhen.exe
  2⤵
  PID:5892
- C:\Windows\System\JLOrCOb.exe
  C:\Windows\System\JLOrCOb.exe
  2⤵
  PID:5968
- C:\Windows\System\csXtcvn.exe
  C:\Windows\System\csXtcvn.exe
  2⤵
  PID:13736
- C:\Windows\System\IdrWDrU.exe
  C:\Windows\System\IdrWDrU.exe
  2⤵
  PID:13832
- C:\Windows\System\zLDWOtL.exe
  C:\Windows\System\zLDWOtL.exe
  2⤵
  PID:6076
- C:\Windows\System\RlPdGEF.exe
  C:\Windows\System\RlPdGEF.exe
  2⤵
  PID:14096
- C:\Windows\System\vgAqFye.exe
  C:\Windows\System\vgAqFye.exe
  2⤵
  PID:1952
- C:\Windows\System\TwkECZe.exe
  C:\Windows\System\TwkECZe.exe
  2⤵
  PID:2152
- C:\Windows\System\efJfKfY.exe
  C:\Windows\System\efJfKfY.exe
  2⤵
  PID:14152
- C:\Windows\System\GycLoJR.exe
  C:\Windows\System\GycLoJR.exe
  2⤵
  PID:14256
- C:\Windows\System\FNNNVfS.exe
  C:\Windows\System\FNNNVfS.exe
  2⤵
  PID:5080
- C:\Windows\System\IrXykku.exe
  C:\Windows\System\IrXykku.exe
  2⤵
  PID:4796
- C:\Windows\System\pMjGEMZ.exe
  C:\Windows\System\pMjGEMZ.exe
  2⤵
  PID:5408
- C:\Windows\System\pBFXBXn.exe
  C:\Windows\System\pBFXBXn.exe
  2⤵
  PID:3160
- C:\Windows\System\dMzRUPP.exe
  C:\Windows\System\dMzRUPP.exe
  2⤵
  PID:5256
- C:\Windows\System\goESYCu.exe
  C:\Windows\System\goESYCu.exe
  2⤵
  PID:5208
- C:\Windows\System\EFSoTlO.exe
  C:\Windows\System\EFSoTlO.exe
  2⤵
  PID:6012
- C:\Windows\System\YhezOZE.exe
  C:\Windows\System\YhezOZE.exe
  2⤵
  PID:5772
- C:\Windows\System\WpTFPxo.exe
  C:\Windows\System\WpTFPxo.exe
  2⤵
  PID:5228
- C:\Windows\System\SacgxeZ.exe
  C:\Windows\System\SacgxeZ.exe
  2⤵
  PID:5476
- C:\Windows\System\cnMiLBE.exe
  C:\Windows\System\cnMiLBE.exe
  2⤵
  PID:13692
- C:\Windows\System\aEVvAxt.exe
  C:\Windows\System\aEVvAxt.exe
  2⤵
  PID:6072
- C:\Windows\System\jpOnNpz.exe
  C:\Windows\System\jpOnNpz.exe
  2⤵
  PID:5340
- C:\Windows\System\peSUeWs.exe
  C:\Windows\System\peSUeWs.exe
  2⤵
  PID:1824
- C:\Windows\System\wPUWlYk.exe
  C:\Windows\System\wPUWlYk.exe
  2⤵
  PID:5800
- C:\Windows\System\aWeJGsb.exe
  C:\Windows\System\aWeJGsb.exe
  2⤵
  PID:14348
- C:\Windows\System\nwDRiTK.exe
  C:\Windows\System\nwDRiTK.exe
  2⤵
  PID:14380
- C:\Windows\System\GiUBgyA.exe
  C:\Windows\System\GiUBgyA.exe
  2⤵
  PID:14408
- C:\Windows\System\lEbccNU.exe
  C:\Windows\System\lEbccNU.exe
  2⤵
  PID:14444
- C:\Windows\System\JeAXwEi.exe
  C:\Windows\System\JeAXwEi.exe
  2⤵
  PID:14472
- C:\Windows\System\PzAMYcJ.exe
  C:\Windows\System\PzAMYcJ.exe
  2⤵
  PID:14512
- C:\Windows\System\oZxmfrU.exe
  C:\Windows\System\oZxmfrU.exe
  2⤵
  PID:14532
- C:\Windows\System\AQLMABV.exe
  C:\Windows\System\AQLMABV.exe
  2⤵
  PID:14560
- C:\Windows\System\ucqxGEu.exe
  C:\Windows\System\ucqxGEu.exe
  2⤵
  PID:14596
- C:\Windows\System\KhhOrlc.exe
  C:\Windows\System\KhhOrlc.exe
  2⤵
  PID:14616
- C:\Windows\System\rswkqZx.exe
  C:\Windows\System\rswkqZx.exe
  2⤵
  PID:14648
- C:\Windows\System\bfIutNv.exe
  C:\Windows\System\bfIutNv.exe
  2⤵
  PID:14676
- C:\Windows\System\qjWmOvH.exe
  C:\Windows\System\qjWmOvH.exe
  2⤵
  PID:14708
- C:\Windows\System\AmSklZp.exe
  C:\Windows\System\AmSklZp.exe
  2⤵
  PID:14740
- C:\Windows\System\zTttnHE.exe
  C:\Windows\System\zTttnHE.exe
  2⤵
  PID:14776
- C:\Windows\System\kFOhxtz.exe
  C:\Windows\System\kFOhxtz.exe
  2⤵
  PID:14812
- C:\Windows\System\SSuEbfh.exe
  C:\Windows\System\SSuEbfh.exe
  2⤵
  PID:14832
- C:\Windows\System\xxOethJ.exe
  C:\Windows\System\xxOethJ.exe
  2⤵
  PID:14860
- C:\Windows\System\BFlLKaZ.exe
  C:\Windows\System\BFlLKaZ.exe
  2⤵
  PID:14888

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NjQwNkM5RDgtMTVBMy00RkMxLTkwRjctODZEQTEzMTk3RTkzfSIgdXNlcmlkPSJ7RjQ3RDU5MzgtODQ1RS00MTY3LTlFRkMtRkJCMTdGQTY0NjI1fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7M0ZGRDEyMDYtOEMxMi00NEExLUE1NTItNjRERjA3Q0E2Mjg4fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI5IiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDcxNzgiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxOTY4MDM3MTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0OTI1MDU4NDU1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:5916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AAyKXtk.exe

Filesize
6.0MB

MD5
77f9f8f0006e864c60e353549d8387c2

SHA1
0daec2a943dbcd7efd50dab2562ae4e4c4b4f26d

SHA256
8cac0e3fb98c1e978bca2bf56f851e499f4d756133fe06ff7e048dd6023383e5

SHA512
f2c52e81ca6b46105844116bb50f8ba620547f312f462c7e0bab48f28eaafa22daba04e934b3af11b17431ca7dbf25429b3e77ea549b4033e5823d9d4cf7c55e

Download Submit
C:\Windows\System\BYggptY.exe

Filesize
6.0MB

MD5
1f36a50e7718ed0674a630b205479f1e

SHA1
3b96186184383078dd318e0e3755264d4118530c

SHA256
095630e39208ec85d1e98d4c6f21399166e661d7cbfbf1d6219c722644a3d292

SHA512
a6c31b3d3b36a6b7a6caa0b38688d39088ab244e87753b097d9a866cd33d9931886782cc2cef02080448e9fd2b31093f238cafaef26e94412e1826ff6fbca8fc

Download Submit
C:\Windows\System\DxyqgDT.exe

Filesize
6.0MB

MD5
a600f49310f02385879c32fda01d8bbd

SHA1
16f72a17c86de4e7e622973974c7c3f9c2e1f820

SHA256
64c621f569dc1fbb34c392b04edf6537a4e53c5f5935af0ed45b47a8a8833573

SHA512
5e09e708e664a262c169166b998cec923966c7f188cb21ba9bf59dc4d09a2a7abb4b419779b142c3628b831a209376300f1d0591094028ec10c9389f9f086051

Download Submit
C:\Windows\System\EFgbjyf.exe

Filesize
6.0MB

MD5
9c419b6837d601e8494009cdebf5c502

SHA1
b687b10fa21a5f61d9889f68730cb8bb3952ddf2

SHA256
0b7a13710b7659fa25de4d5ea85327c86ea92c51a31a59b051629ae22c0a997d

SHA512
a714db3d7850c43c9cfd580638186f5ee685cf284f03eef98fff740929ea1a69a02e75e64ae143284592731fef4647ee6da35658ad7abc12d781bde08f1a7a54

Download Submit
C:\Windows\System\EbXlBHO.exe

Filesize
6.0MB

MD5
8af04e8adfd907f9b6c3d764f6c87bff

SHA1
9cdc2dc1104bfe3f99df8eabb0155a8058857e6f

SHA256
b38afef4c9f75149f4c56b5269153a353fef7e9e40c6a4d34383f2604b31e3b8

SHA512
607013cf8389d5927cf292cd01e1dcb1143dbc596b09c6b6a1ec09723f0216f0eb7cab8882fe9fb19324c8ae31e05e8a881cc63962ba6a653146bc8da415477a

Download Submit
C:\Windows\System\GpmdVBw.exe

Filesize
6.0MB

MD5
c3502e30ac2900139793622aa749ea3f

SHA1
e2e89d1f1e6f3d06de4d845802f16de99e488a77

SHA256
5eaa12a4de7308eecba747fe7b36262c0883a5849f542da4f3e53b0c0d305a66

SHA512
46fbc18e038a409cd16fe606e147bedaf56c4bb05d527642739c78f57810197f8a1df717f92682b1862e0a7f424f42b204423548166b0b4d04c8c8623066535b

Download Submit
C:\Windows\System\MCaXvgf.exe

Filesize
6.0MB

MD5
d3a41db61cc099c3d6f455a79cee5062

SHA1
9ee40678ee04b3de0c227ee0940cab6173d7fb9e

SHA256
f22973285b50573981abc6026b39cb515e26ca01594dc67213382bb7f651e94c

SHA512
4411f6af28d2603dd2e829dceae6bc63c158d4e18651e715b30c5e295eeab06b77f3f022f4986ca315c715649c4cef1dd49d5ea2a1967178baca63efe0879cba

Download Submit
C:\Windows\System\MKOqxUj.exe

Filesize
6.0MB

MD5
f470df75049d1fb8e43d54fa8a9a56fe

SHA1
42beeffd47c73cb633a6db8def2ea53f8f4f00cd

SHA256
678e8ed8c8c0fc8b5fa961da22a4eaed8c56a8fc3c58eca4be08a4cb94ba3c85

SHA512
c369b432554d5fc64bf60ba38128093e3d3578f3abfcebadcf3554af968790b684c4919c6a4fed11319167541ee66be79bc718aa6190b5fcc9ee9d38252ca1c2

Download Submit
C:\Windows\System\OZdNwbH.exe

Filesize
6.0MB

MD5
b43a1c7524aa9ca6dde29c7f951594d4

SHA1
83603fb8c453c75f88d206c7582426179c06c57e

SHA256
78593b384d7aa8ea7eaa8ebdc9c9f2fea1d3a8eff82b3a4b5de3f610fb06e7d4

SHA512
22234d59f21ccb7cca7b8510c5a4170717cb03a194fcf4e0363adcd30459b5b93f34280b7efc9820b2fdaf45e5f8bc1abc0fe21f57392223c2e40a2d5b264155

Download Submit
C:\Windows\System\OkvQCue.exe

Filesize
6.0MB

MD5
aaaa0f2f1d22a84957c31f509016e2c0

SHA1
fcc4d0ca4a39e0a6966f6b35c93d3b69cc4a3da8

SHA256
bca18de87094869289ce423cc8413ce2acb5922249393d81f74b5e863e15a221

SHA512
b4d636e42d0841cc5c1a3ded80814126a65cc717c11b46fa0280c919d1d7132b75e2d2abd0b06f7b3ce8d72100ba14c54909df71817d8f4b52490cff2d47c855

Download Submit
C:\Windows\System\PQoJOjb.exe

Filesize
6.0MB

MD5
64345567446c7e519e86dea7b78795f7

SHA1
82efbed6820c73d9f392fc92a4d22d050b6b0f07

SHA256
1006f02e55963cd5405db881e0b6941b2c72cbcbd570e546447a5815616bcffe

SHA512
453517bb332fe62a8656ac62c03428fd37ffbd6a3e501157b63ff21b3a44dd26bfcc4b832ec5bc45fb846886056cee8feb055bd70bc55696b4df7c57e6e893bf

Download Submit
C:\Windows\System\QQvTtMn.exe

Filesize
6.0MB

MD5
a534eb17126b3c409117e68895468762

SHA1
9b937eda8cda9ac08b701d0394647d44bdbc4e13

SHA256
6982e5251fd9154765524761a048ce6d2c2903d4ae19843d2335dbece115d975

SHA512
c3688483a788d97a66f17e4e706c95a3be15684a60c4254c1855343c77742a8cb36f22bede9199ad78108b00b31c392dca2c3e8d934e58ad31871101842a6687

Download Submit
C:\Windows\System\QjtdDOT.exe

Filesize
6.0MB

MD5
72b7aec9131c07b42e3a3f855b7cbf3c

SHA1
c955bfe10e12e86de03530e97d38a9f3b0a4f43f

SHA256
0cdedf1d12001f32a9354ca715eb17db276e581e5e762b01b6bdf9c8f8a42ab8

SHA512
96e38e826839ea36353b9862b92fcd1186b87fc9219c2fcc0d76e245441961217b6f5e779021cd42e16929ea370e8f35067c7d004d50335920e051adc6f2b92e

Download Submit
C:\Windows\System\VlZTgxx.exe

Filesize
6.0MB

MD5
92cb13e00c4525874061998399382cbf

SHA1
ab6e0152a490157cc7664ff46c1529333d2eb8c7

SHA256
6e16748298b28c230215dc33409da1979655c571ea63295985709068529c3b8c

SHA512
7fa8b6a7dfe7055b36e8c09e123e7b23c15cbd5cb1e57f1f16748a6a51692c10e83088032508375453a092c5d9a38b08291caed7a2d4daa9fd3972c5f09303b1

Download Submit
C:\Windows\System\WtnuHWO.exe

Filesize
6.0MB

MD5
39c94e5adec02c960831520d9dd7ab51

SHA1
5bf891ff68ccfcd6ee9d12f70ffd98fc354ad4af

SHA256
a89de870aae0893bc0c132babbe41147dee15290b6bf12400926c86c659423aa

SHA512
93da1fa450891dd52407ad1e50ed49662047aa89b11598c3f3bf4d1d37984d5e2e4beb6a50898c9b6cfa2e9558501c6a133ba689789f0ff05615ad52dafb7754

Download Submit
C:\Windows\System\YElwfZu.exe

Filesize
6.0MB

MD5
c712234831133197685e36d9f5e31bb9

SHA1
ff4833c693d8445f6cbbee26acd83bf851c44104

SHA256
ef609b858704ef547bbf69a09daa4ecdf5662bb8d76f48d0947bf373dab0104f

SHA512
e7fc379eb14fce7488d76d6658ddf1658ae714d6355acb533931086080c67f3402a463ca33593c984501a85ec9c63987529cf0f85f5a1b36c7049b0f97cd8d0c

Download Submit
C:\Windows\System\aNxGwcY.exe

Filesize
6.0MB

MD5
da41aaa1108650210b6cd82931f93f73

SHA1
6a13ed52a0e7e23deb1b6dd7b9ad90a16a38d5e6

SHA256
096d021115770b2530833182a5c8ba10aff928f4388519ea7e605377c8b0ffd0

SHA512
774400ea2e3eb764ba50d3d3932336505c27a6d037e297dba81d07ece0ddf4a4c0406980961f4dc92e2dcb96ba8683cb45d7fdcf0dfee22fcc3e756a985a8819

Download Submit
C:\Windows\System\cZERqhk.exe

Filesize
6.0MB

MD5
8586b7783411a4c92b9213ff5bbab9d7

SHA1
f23f2477671592d0adf30302a43bb1305da04a15

SHA256
3709fe35dd9fc3ca6d0010f7c03e12858d230f3cfb643b52040f2bd283c20ee7

SHA512
88c20b8a77dd692a2cac7000552ca5fcd584c4b4ce7f5272a81018897634f59db12afcfe96f63261bd46364109579732a3406e1af85e6dc55c6ccdff348cc338

Download Submit
C:\Windows\System\gcefgIM.exe

Filesize
6.0MB

MD5
2990eb1df8333b1a18be3e669cc3aaaa

SHA1
37e3d840267c8d21accfe7a35779fef95eb4ac30

SHA256
824d70597f75c36f91040f81279b1d0bc0966d7df08c4f3b00701f5ef4babc4b

SHA512
32b7e0e7076fc57f4ef3d4b688ef70e77deffb53c3751fc1709a32d3505ae6859d295118c4954bb5fb932453fb164f6e89a5fb61b5d651fba6185506124b200a

Download Submit
C:\Windows\System\hTIeBcK.exe

Filesize
6.0MB

MD5
e0b1952e4649aa92621838f0cd91417c

SHA1
8626e7d72101ea5ee0f57707793879cab4817d07

SHA256
c5a3c1635cd52139be473c54d8fdbd780582f533974840fbc754232cea941a56

SHA512
624460ad3861873e2e28dec6f48b540130c41c039b2a49084e5d5457b34e54c6816192683d57edff7d99081144e9ac302a8556d55682df355141a5d5da5ed39e

Download Submit
C:\Windows\System\hUvQNWe.exe

Filesize
6.0MB

MD5
43ed716f24c31d5840740bcf870ab4ad

SHA1
9d5deaa971fb375787ab5a13c741bc8130fc3633

SHA256
0babfaaa8d48c99ea093fa834e62ae941d1c10577afb26050f533fe819837ff7

SHA512
748ee527b3db33143e58726cfebba1c13a6185781f333eb3b12e796a8c8df6379a9a74496b36091f927c8abf8ad7d9f1e71d4e7ce047286b90687acc1ae7bd3b

Download Submit
C:\Windows\System\hqmKpbJ.exe

Filesize
6.0MB

MD5
e0c2b4c6a6abb7e51d1c7fc65e6bfd7f

SHA1
73721acfd39f0fa260282c90ccf3cd35b75bbb9d

SHA256
7cf7813e62dfd46edd89e266bf2fb276be43d0925b7a2669462b08b0e043f0ad

SHA512
196042a1236cb012cacb52aa143be53d3271c3f0fef29db957a48c3e45a8a3b455dd14dd62b15c4e789a8c232bdf5e17f9b60c16213b93fdf314d6cb38c10774

Download Submit
C:\Windows\System\jbvhOpr.exe

Filesize
6.0MB

MD5
e2cbc0216610cf6e8436c3787bfdb55f

SHA1
b931ba3575698efef9d7635508e1be8f6f48c120

SHA256
73dfa1bf0d1a51b813104e829addf628c3634ba3aae7057e1f0efe5692a82cef

SHA512
22dac1b8cb84e0a07bfd972fe63e1a700ec8d19a74238c1b3235cd3de8977407e85517ff70420580f95e104d064e64cec26cab1a807cbfd4e78232f75ed216fb

Download Submit
C:\Windows\System\kwHufgs.exe

Filesize
6.0MB

MD5
fdfb2b26a0409df13d3de7ca9cffc94b

SHA1
c33fabc26d45b168d75e79afda3053c2964923dd

SHA256
531bf8ef875e68ae7b2005e5f666a3ca45f045819501b74523c98077dc5417f1

SHA512
d139277b3e52ab772088d34d9007d1cf57c4cb0450a1e0c07b84376615b965c0326285cbfbb846969fc29d8423c1ebac12b45652aed3528732a94c3edce31d6c

Download Submit
C:\Windows\System\mEFhgXX.exe

Filesize
6.0MB

MD5
aa9e5f010e4165d88b1cee5b540fa824

SHA1
c6c4c1fae27a3fc07c5942543e0150e4910a151d

SHA256
3d6e1f17e1f19f45e3e757404a5655e91b7f81556a4c32b09bc8d6f69d094f87

SHA512
5bcbd1e635cc5d4f8c9e3e16e1d74664a2789502bab811f5bf1b2171554d421ec9d8c8e029d9e26fa5a789a14e3fa39434b6ccfbc4d486862b7f4e82acc14c70

Download Submit
C:\Windows\System\mTzweYm.exe

Filesize
6.0MB

MD5
d7929f7bb5b880f3f41e1275bb71f975

SHA1
59c16409a131d768f7c4ebedc4c75f548390f338

SHA256
92f2f89cd0f7b545436a031af29fbd6f96459a29121425578fa0dc76b73094d0

SHA512
fa60f13c246bd372f3c92683c3a4c74e7102c4d9025865afe7a5888bef4a6ec20ae8ebccc7e06ca2508791c838a21f918a241b4c0c8b68cf410b0fef1360226d

Download Submit
C:\Windows\System\sZOBOOj.exe

Filesize
6.0MB

MD5
3df513a7c55293b561cc9b120f802158

SHA1
bc1212157fa963e9198e4976335ba03a0c4a1ad0

SHA256
b128225e4d3d5e300c2e0d374e17e5400d689e2651ca6d5fde670837ca9d6397

SHA512
d9e37b7cfe79d76b3fb4de586ca33107b88f2f9945537ad653db018ef6ec72b0314c865b356f4759281cc235c2cbf429075f1c88bbf6390e861dd2cdfbab7cd4

Download Submit
C:\Windows\System\vRwGnCi.exe

Filesize
6.0MB

MD5
cd1300087394c40008925cb4abbbdffd

SHA1
95b9c87b68072fb277f927fdbd1d4d031b10a667

SHA256
174082b41472d5af104938af3a87d38048e23ee566a02beea1fd486e63ff9d0e

SHA512
f1475702623308cdd9e8a50b3e2ff7a7d42d693263d0f08dd16174c77ee9eab77d649ad2b018a29ef9f22f535cb31f39cbf8a3158e2a271aae3ee7cce6142183

Download Submit
C:\Windows\System\whUokqD.exe

Filesize
6.0MB

MD5
ff02e0e48675c380c047f11fff9a7362

SHA1
bff3c77bfc81259f57565a5b294a652a52b1af7d

SHA256
995a0fce0ab3c4696256f1315a85eb06e3cb1aa9028ce9ee611e758877feba4c

SHA512
45486cd184151572910afbb433ac7e2ca6ce8549539e0c919f2b2e566cf1af02669d4c2ac349aaf41081e626de0e75e324a073b74f81ff45c924e5f68c2a790b

Download Submit
C:\Windows\System\xOuCsxe.exe

Filesize
6.0MB

MD5
31fcdced7cfac1c91d986004e6beefb6

SHA1
6a4b1f91de1015871452d618ec10408d6805fa8f

SHA256
ad8e0b19614eda29e4bf308865a0fe311b29525e1fa36feb8a26e2dc050e669b

SHA512
03fd8950e89188519d524e192371b413f7c1a90c758f35c457003b607c0bb64d20a08e14bd0ebee92c6b32632da5a3117fddb0daf25d14738ed46bf0052bd2a5

Download Submit
C:\Windows\System\ylBvMwy.exe

Filesize
6.0MB

MD5
db21d51f54652333415c4e0ebbd29d90

SHA1
d361e4afe310f6a2e77b06b0a33f58de767bf200

SHA256
ec28a5a8755ba4b90e180276914669764d8b40139a62515901c57c66685c0a2a

SHA512
084aaad5216345e68be85a83e0306f2e7812a6124cb3472ed6a9724f06f95228e1916171e1b0db5a4fb9b40bf237b2c1873b95a2fd8f706dd73d5967fbb647c9

Download Submit
C:\Windows\System\zsTjVoa.exe

Filesize
6.0MB

MD5
4d38131d57f5313ca5999bf709d010c4

SHA1
a6cb2cdfe35fbd805852b383c224f9cfc5b59233

SHA256
4da7f93119e4ca8bbb978111615eeb30da6b0b2328201f96ec0f99cbac0e9bf1

SHA512
1a246b038eb954a5b9233ca204ab300604ca0307907e0c725a2e7d05a77cc97d722f85ef116b5f16b97e000a312a1401b2e61dbd26dcae3581472cd047f81e13

Download Submit
memory/692-2017-0x00007FF7F52A0000-0x00007FF7F55F4000-memory.dmp

Filesize
3.3MB

Download
memory/692-18-0x00007FF7F52A0000-0x00007FF7F55F4000-memory.dmp

Filesize
3.3MB

Download
memory/692-81-0x00007FF7F52A0000-0x00007FF7F55F4000-memory.dmp

Filesize
3.3MB

Download
memory/852-2098-0x00007FF6C2B30000-0x00007FF6C2E84000-memory.dmp

Filesize
3.3MB

Download
memory/852-100-0x00007FF6C2B30000-0x00007FF6C2E84000-memory.dmp

Filesize
3.3MB

Download
memory/1124-181-0x00007FF771700000-0x00007FF771A54000-memory.dmp

Filesize
3.3MB

Download
memory/1124-565-0x00007FF771700000-0x00007FF771A54000-memory.dmp

Filesize
3.3MB

Download
memory/1124-2228-0x00007FF771700000-0x00007FF771A54000-memory.dmp

Filesize
3.3MB

Download
memory/1180-146-0x00007FF6AA400000-0x00007FF6AA754000-memory.dmp

Filesize
3.3MB

Download
memory/1180-2183-0x00007FF6AA400000-0x00007FF6AA754000-memory.dmp

Filesize
3.3MB

Download
memory/1308-110-0x00007FF6EC4D0000-0x00007FF6EC824000-memory.dmp

Filesize
3.3MB

Download
memory/1308-2030-0x00007FF6EC4D0000-0x00007FF6EC824000-memory.dmp

Filesize
3.3MB

Download
memory/1308-43-0x00007FF6EC4D0000-0x00007FF6EC824000-memory.dmp

Filesize
3.3MB

Download
memory/1384-175-0x00007FF633AF0000-0x00007FF633E44000-memory.dmp

Filesize
3.3MB

Download
memory/1384-2222-0x00007FF633AF0000-0x00007FF633E44000-memory.dmp

Filesize
3.3MB

Download
memory/1384-462-0x00007FF633AF0000-0x00007FF633E44000-memory.dmp

Filesize
3.3MB

Download
memory/1412-2079-0x00007FF725F10000-0x00007FF726264000-memory.dmp

Filesize
3.3MB

Download
memory/1412-77-0x00007FF725F10000-0x00007FF726264000-memory.dmp

Filesize
3.3MB

Download
memory/1460-2111-0x00007FF645460000-0x00007FF6457B4000-memory.dmp

Filesize
3.3MB

Download
memory/1460-116-0x00007FF645460000-0x00007FF6457B4000-memory.dmp

Filesize
3.3MB

Download
memory/1528-2031-0x00007FF656D20000-0x00007FF657074000-memory.dmp

Filesize
3.3MB

Download
memory/1528-50-0x00007FF656D20000-0x00007FF657074000-memory.dmp

Filesize
3.3MB

Download
memory/1528-117-0x00007FF656D20000-0x00007FF657074000-memory.dmp

Filesize
3.3MB

Download
memory/1536-2213-0x00007FF6E41D0000-0x00007FF6E4524000-memory.dmp

Filesize
3.3MB

Download
memory/1536-170-0x00007FF6E41D0000-0x00007FF6E4524000-memory.dmp

Filesize
3.3MB

Download
memory/1536-459-0x00007FF6E41D0000-0x00007FF6E4524000-memory.dmp

Filesize
3.3MB

Download
memory/1560-2190-0x00007FF699150000-0x00007FF6994A4000-memory.dmp

Filesize
3.3MB

Download
memory/1560-413-0x00007FF699150000-0x00007FF6994A4000-memory.dmp

Filesize
3.3MB

Download
memory/1560-156-0x00007FF699150000-0x00007FF6994A4000-memory.dmp

Filesize
3.3MB

Download
memory/1856-2224-0x00007FF6B4EB0000-0x00007FF6B5204000-memory.dmp

Filesize
3.3MB

Download
memory/1856-185-0x00007FF6B4EB0000-0x00007FF6B5204000-memory.dmp

Filesize
3.3MB

Download
memory/1856-566-0x00007FF6B4EB0000-0x00007FF6B5204000-memory.dmp

Filesize
3.3MB

Download
memory/2104-32-0x00007FF768FF0000-0x00007FF769344000-memory.dmp

Filesize
3.3MB

Download
memory/2104-2028-0x00007FF768FF0000-0x00007FF769344000-memory.dmp

Filesize
3.3MB

Download
memory/2356-2101-0x00007FF7FF1D0000-0x00007FF7FF524000-memory.dmp

Filesize
3.3MB

Download
memory/2356-105-0x00007FF7FF1D0000-0x00007FF7FF524000-memory.dmp

Filesize
3.3MB

Download
memory/2888-2090-0x00007FF6D5160000-0x00007FF6D54B4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-150-0x00007FF6D5160000-0x00007FF6D54B4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-83-0x00007FF6D5160000-0x00007FF6D54B4000-memory.dmp

Filesize
3.3MB

Download
memory/3328-63-0x00007FF779F00000-0x00007FF77A254000-memory.dmp

Filesize
3.3MB

Download
memory/3328-2041-0x00007FF779F00000-0x00007FF77A254000-memory.dmp

Filesize
3.3MB

Download
memory/3328-122-0x00007FF779F00000-0x00007FF77A254000-memory.dmp

Filesize
3.3MB

Download
memory/3428-230-0x00007FF783ED0000-0x00007FF784224000-memory.dmp

Filesize
3.3MB

Download
memory/3428-2138-0x00007FF783ED0000-0x00007FF784224000-memory.dmp

Filesize
3.3MB

Download
memory/3428-123-0x00007FF783ED0000-0x00007FF784224000-memory.dmp

Filesize
3.3MB

Download
memory/3488-55-0x00007FF754720000-0x00007FF754A74000-memory.dmp

Filesize
3.3MB

Download
memory/3488-2038-0x00007FF754720000-0x00007FF754A74000-memory.dmp

Filesize
3.3MB

Download
memory/3488-118-0x00007FF754720000-0x00007FF754A74000-memory.dmp

Filesize
3.3MB

Download
memory/3604-2029-0x00007FF67C320000-0x00007FF67C674000-memory.dmp

Filesize
3.3MB

Download
memory/3604-38-0x00007FF67C320000-0x00007FF67C674000-memory.dmp

Filesize
3.3MB

Download
memory/3612-416-0x00007FF74A8B0000-0x00007FF74AC04000-memory.dmp

Filesize
3.3MB

Download
memory/3612-2196-0x00007FF74A8B0000-0x00007FF74AC04000-memory.dmp

Filesize
3.3MB

Download
memory/3612-157-0x00007FF74A8B0000-0x00007FF74AC04000-memory.dmp

Filesize
3.3MB

Download
memory/4212-161-0x00007FF7D7080000-0x00007FF7D73D4000-memory.dmp

Filesize
3.3MB

Download
memory/4212-89-0x00007FF7D7080000-0x00007FF7D73D4000-memory.dmp

Filesize
3.3MB

Download
memory/4212-2095-0x00007FF7D7080000-0x00007FF7D73D4000-memory.dmp

Filesize
3.3MB

Download
memory/4312-180-0x00007FF7523B0000-0x00007FF752704000-memory.dmp

Filesize
3.3MB

Download
memory/4312-2227-0x00007FF7523B0000-0x00007FF752704000-memory.dmp

Filesize
3.3MB

Download
memory/4312-513-0x00007FF7523B0000-0x00007FF752704000-memory.dmp

Filesize
3.3MB

Download
memory/4336-2004-0x00007FF6C5230000-0x00007FF6C5584000-memory.dmp

Filesize
3.3MB

Download
memory/4336-8-0x00007FF6C5230000-0x00007FF6C5584000-memory.dmp

Filesize
3.3MB

Download
memory/4336-68-0x00007FF6C5230000-0x00007FF6C5584000-memory.dmp

Filesize
3.3MB

Download
memory/4364-130-0x00007FF6813D0000-0x00007FF681724000-memory.dmp

Filesize
3.3MB

Download
memory/4364-2171-0x00007FF6813D0000-0x00007FF681724000-memory.dmp

Filesize
3.3MB

Download
memory/4364-272-0x00007FF6813D0000-0x00007FF681724000-memory.dmp

Filesize
3.3MB

Download
memory/4424-88-0x00007FF7C4EB0000-0x00007FF7C5204000-memory.dmp

Filesize
3.3MB

Download
memory/4424-26-0x00007FF7C4EB0000-0x00007FF7C5204000-memory.dmp

Filesize
3.3MB

Download
memory/4424-2027-0x00007FF7C4EB0000-0x00007FF7C5204000-memory.dmp

Filesize
3.3MB

Download
memory/4604-14-0x00007FF6F0B40000-0x00007FF6F0E94000-memory.dmp

Filesize
3.3MB

Download
memory/4604-2012-0x00007FF6F0B40000-0x00007FF6F0E94000-memory.dmp

Filesize
3.3MB

Download
memory/4604-73-0x00007FF6F0B40000-0x00007FF6F0E94000-memory.dmp

Filesize
3.3MB

Download
memory/4720-2113-0x00007FF6B8A00000-0x00007FF6B8D54000-memory.dmp

Filesize
3.3MB

Download
memory/4720-115-0x00007FF6B8A00000-0x00007FF6B8D54000-memory.dmp

Filesize
3.3MB

Download
memory/4720-194-0x00007FF6B8A00000-0x00007FF6B8D54000-memory.dmp

Filesize
3.3MB

Download
memory/4748-2076-0x00007FF7D89A0000-0x00007FF7D8CF4000-memory.dmp

Filesize
3.3MB

Download
memory/4748-69-0x00007FF7D89A0000-0x00007FF7D8CF4000-memory.dmp

Filesize
3.3MB

Download
memory/4748-136-0x00007FF7D89A0000-0x00007FF7D8CF4000-memory.dmp

Filesize
3.3MB

Download
memory/4788-137-0x00007FF7B0520000-0x00007FF7B0874000-memory.dmp

Filesize
3.3MB

Download
memory/4788-332-0x00007FF7B0520000-0x00007FF7B0874000-memory.dmp

Filesize
3.3MB

Download
memory/4788-2181-0x00007FF7B0520000-0x00007FF7B0874000-memory.dmp

Filesize
3.3MB

Download
memory/4912-0-0x00007FF771800000-0x00007FF771B54000-memory.dmp

Filesize
3.3MB

Download
memory/4912-59-0x00007FF771800000-0x00007FF771B54000-memory.dmp

Filesize
3.3MB

Download
memory/4912-1-0x000001CBB95D0000-0x000001CBB95E0000-memory.dmp

Filesize
64KB

Download