cobaltstrike | ef943b7fce8c90a07dc42b3c5d40372485bf5dda3a146ea4511d875523db2acc

Analysis

max time kernel
107s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20250211-en
resource tags

arch:x64arch:x86image:win10v2004-20250211-enlocale:en-usos:windows10-2004-x64system
submitted
16/02/2025, 21:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

ffb538f26ad1d34681a5485742456c1d
SHA1

cc3b2c6fcfb59d9963c21ca5bcd02375ca984fb1
SHA256

ef943b7fce8c90a07dc42b3c5d40372485bf5dda3a146ea4511d875523db2acc
SHA512

0f43cc1c0b7538c61bcd2829630ff1a76da339400a3708751a05a6fab9c4e070bd4ef7799f7667ae951a2af0314df673e5f2a528a5355e04fe29b109614592a4
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUr:T+q56utgpPF8u/7r

Score

10^/10

cobaltstrike xmrig 0 backdoor discovery miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000e00000001e59b-4.dat	cobalt_reflective_dll
behavioral2/files/0x000500000001ec1b-11.dat	cobalt_reflective_dll
behavioral2/files/0x000400000001ec1c-16.dat	cobalt_reflective_dll
behavioral2/files/0x0012000000023b5c-25.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023c80-31.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023c84-35.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023c85-43.dat	cobalt_reflective_dll
behavioral2/files/0x0013000000023b06-23.dat	cobalt_reflective_dll
behavioral2/files/0x000500000001ec13-52.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023d78-58.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023d79-74.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023d7b-78.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023d7a-76.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023d7c-83.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023d91-92.dat	cobalt_reflective_dll
behavioral2/files/0x0016000000023d92-94.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023d9c-106.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023d98-110.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023da9-119.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023da8-122.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023dab-125.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023dac-146.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023db0-157.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023db1-168.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023db2-178.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023daf-165.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023dae-161.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023dad-150.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023daa-148.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023dbb-185.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023dbe-190.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023dbf-194.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2264-0-0x00007FF6947B0000-0x00007FF694B04000-memory.dmp	xmrig
behavioral2/files/0x000e00000001e59b-4.dat	xmrig
behavioral2/memory/4288-8-0x00007FF6F2790000-0x00007FF6F2AE4000-memory.dmp	xmrig
behavioral2/files/0x000500000001ec1b-11.dat	xmrig
behavioral2/files/0x000400000001ec1c-16.dat	xmrig
behavioral2/files/0x0012000000023b5c-25.dat	xmrig
behavioral2/files/0x000b000000023c80-31.dat	xmrig
behavioral2/files/0x000b000000023c84-35.dat	xmrig
behavioral2/memory/2184-40-0x00007FF60F490000-0x00007FF60F7E4000-memory.dmp	xmrig
behavioral2/memory/1504-44-0x00007FF65BCD0000-0x00007FF65C024000-memory.dmp	xmrig
behavioral2/memory/3352-46-0x00007FF642DD0000-0x00007FF643124000-memory.dmp	xmrig
behavioral2/memory/2532-47-0x00007FF7286B0000-0x00007FF728A04000-memory.dmp	xmrig
behavioral2/memory/3676-45-0x00007FF630C80000-0x00007FF630FD4000-memory.dmp	xmrig
behavioral2/files/0x000b000000023c85-43.dat	xmrig
behavioral2/memory/2256-29-0x00007FF659D80000-0x00007FF65A0D4000-memory.dmp	xmrig
behavioral2/memory/520-21-0x00007FF72FC30000-0x00007FF72FF84000-memory.dmp	xmrig
behavioral2/files/0x0013000000023b06-23.dat	xmrig
behavioral2/files/0x000500000001ec13-52.dat	xmrig
behavioral2/memory/1140-59-0x00007FF6969F0000-0x00007FF696D44000-memory.dmp	xmrig
behavioral2/files/0x0009000000023d78-58.dat	xmrig
behavioral2/memory/2364-71-0x00007FF749970000-0x00007FF749CC4000-memory.dmp	xmrig
behavioral2/memory/4464-72-0x00007FF73FFB0000-0x00007FF740304000-memory.dmp	xmrig
behavioral2/files/0x0008000000023d79-74.dat	xmrig
behavioral2/files/0x0008000000023d7b-78.dat	xmrig
behavioral2/files/0x0008000000023d7a-76.dat	xmrig
behavioral2/memory/2568-73-0x00007FF720C00000-0x00007FF720F54000-memory.dmp	xmrig
behavioral2/memory/3952-67-0x00007FF6467E0000-0x00007FF646B34000-memory.dmp	xmrig
behavioral2/memory/2264-81-0x00007FF6947B0000-0x00007FF694B04000-memory.dmp	xmrig
behavioral2/files/0x0008000000023d7c-83.dat	xmrig
behavioral2/memory/520-87-0x00007FF72FC30000-0x00007FF72FF84000-memory.dmp	xmrig
behavioral2/memory/2256-90-0x00007FF659D80000-0x00007FF65A0D4000-memory.dmp	xmrig
behavioral2/files/0x000b000000023d91-92.dat	xmrig
behavioral2/files/0x0016000000023d92-94.dat	xmrig
behavioral2/memory/4432-96-0x00007FF726660000-0x00007FF7269B4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023d9c-106.dat	xmrig
behavioral2/files/0x0008000000023d98-110.dat	xmrig
behavioral2/files/0x0008000000023da9-119.dat	xmrig
behavioral2/files/0x0008000000023da8-122.dat	xmrig
behavioral2/files/0x0008000000023dab-125.dat	xmrig
behavioral2/memory/3676-134-0x00007FF630C80000-0x00007FF630FD4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023dac-146.dat	xmrig
behavioral2/files/0x0008000000023db0-157.dat	xmrig
behavioral2/files/0x0008000000023db1-168.dat	xmrig
behavioral2/memory/2532-174-0x00007FF7286B0000-0x00007FF728A04000-memory.dmp	xmrig
behavioral2/memory/2296-181-0x00007FF6FED60000-0x00007FF6FF0B4000-memory.dmp	xmrig
behavioral2/memory/2188-182-0x00007FF7738E0000-0x00007FF773C34000-memory.dmp	xmrig
behavioral2/memory/5068-180-0x00007FF72DD40000-0x00007FF72E094000-memory.dmp	xmrig
behavioral2/files/0x0008000000023db2-178.dat	xmrig
behavioral2/memory/2212-177-0x00007FF691560000-0x00007FF6918B4000-memory.dmp	xmrig
behavioral2/memory/3300-171-0x00007FF7E0540000-0x00007FF7E0894000-memory.dmp	xmrig
behavioral2/memory/4792-170-0x00007FF72AC00000-0x00007FF72AF54000-memory.dmp	xmrig
behavioral2/memory/2068-166-0x00007FF63E200000-0x00007FF63E554000-memory.dmp	xmrig
behavioral2/files/0x0008000000023daf-165.dat	xmrig
behavioral2/files/0x0008000000023dae-161.dat	xmrig
behavioral2/files/0x0008000000023dad-150.dat	xmrig
behavioral2/files/0x0008000000023daa-148.dat	xmrig
behavioral2/memory/2804-145-0x00007FF6FCC20000-0x00007FF6FCF74000-memory.dmp	xmrig
behavioral2/memory/4128-140-0x00007FF67BDE0000-0x00007FF67C134000-memory.dmp	xmrig
behavioral2/memory/2904-137-0x00007FF6972B0000-0x00007FF697604000-memory.dmp	xmrig
behavioral2/memory/2776-135-0x00007FF6BE9A0000-0x00007FF6BECF4000-memory.dmp	xmrig
behavioral2/memory/2796-129-0x00007FF7FE170000-0x00007FF7FE4C4000-memory.dmp	xmrig
behavioral2/memory/4672-113-0x00007FF6A6790000-0x00007FF6A6AE4000-memory.dmp	xmrig
behavioral2/memory/2908-109-0x00007FF7B6170000-0x00007FF7B64C4000-memory.dmp	xmrig
behavioral2/memory/1504-103-0x00007FF65BCD0000-0x00007FF65C024000-memory.dmp	xmrig

Downloads MZ/PE file 1 IoCs

flow	pid	Process
52	12256	Process not Found

Executes dropped EXE 64 IoCs

pid	Process
4288	zANYcWY.exe
520	yVIccUv.exe
2184	jVakpFf.exe
2256	aQhVmKP.exe
1504	SwBEFFI.exe
3352	IsCqOGa.exe
3676	LqVXoZi.exe
2532	RoBIgIT.exe
1140	gFZBoKz.exe
3952	EuSaEjg.exe
2364	xXCdSMM.exe
2568	AGMrLIk.exe
4464	uXHTSkS.exe
4432	XGaJYlk.exe
2908	jMoWeBd.exe
4476	PUWxyPJ.exe
4672	OJxEotd.exe
2776	Bhhajir.exe
2904	aSofiSj.exe
2796	gKTpUfx.exe
4128	VbJryKW.exe
2212	uQUjREe.exe
2804	YtdfgBU.exe
2068	OoDTXke.exe
5068	qfOimls.exe
2296	btzMbZW.exe
4792	irCoRnb.exe
2188	ErvJKQw.exe
3300	YoJnKSX.exe
3760	DVumlXa.exe
3124	MdwRfbB.exe
3372	yoRhKJK.exe
4384	nZIEnGk.exe
1872	KmwvpsI.exe
1600	PcYcEbk.exe
1368	TYXijZV.exe
4924	XUNinpq.exe
4572	eLThMOL.exe
2808	twtQCjX.exe
4360	TPlgvCj.exe
3784	EVkMFwP.exe
1612	MkqUbgj.exe
3640	cqcBqeT.exe
3340	sIyJeDu.exe
1624	yUbkpOD.exe
4492	oDBTwNW.exe
3256	hSSdTKd.exe
4412	BBHGJnU.exe
728	kiNXYGT.exe
2084	GefoAsN.exe
3980	YHdPmLT.exe
1844	YucLLcK.exe
5076	PVPvjeO.exe
1992	BBLKYXl.exe
2544	SaggmHX.exe
212	RQkOUgU.exe
632	uprkzem.exe
1812	hmtIazg.exe
3164	reKTguQ.exe
1224	XePEnis.exe
2856	FWTPMLt.exe
2412	yaEAtRx.exe
4984	FHwHJpa.exe
5048	PJZkjTV.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2264-0-0x00007FF6947B0000-0x00007FF694B04000-memory.dmp	upx
behavioral2/files/0x000e00000001e59b-4.dat	upx
behavioral2/memory/4288-8-0x00007FF6F2790000-0x00007FF6F2AE4000-memory.dmp	upx
behavioral2/files/0x000500000001ec1b-11.dat	upx
behavioral2/files/0x000400000001ec1c-16.dat	upx
behavioral2/files/0x0012000000023b5c-25.dat	upx
behavioral2/files/0x000b000000023c80-31.dat	upx
behavioral2/files/0x000b000000023c84-35.dat	upx
behavioral2/memory/2184-40-0x00007FF60F490000-0x00007FF60F7E4000-memory.dmp	upx
behavioral2/memory/1504-44-0x00007FF65BCD0000-0x00007FF65C024000-memory.dmp	upx
behavioral2/memory/3352-46-0x00007FF642DD0000-0x00007FF643124000-memory.dmp	upx
behavioral2/memory/2532-47-0x00007FF7286B0000-0x00007FF728A04000-memory.dmp	upx
behavioral2/memory/3676-45-0x00007FF630C80000-0x00007FF630FD4000-memory.dmp	upx
behavioral2/files/0x000b000000023c85-43.dat	upx
behavioral2/memory/2256-29-0x00007FF659D80000-0x00007FF65A0D4000-memory.dmp	upx
behavioral2/memory/520-21-0x00007FF72FC30000-0x00007FF72FF84000-memory.dmp	upx
behavioral2/files/0x0013000000023b06-23.dat	upx
behavioral2/files/0x000500000001ec13-52.dat	upx
behavioral2/memory/1140-59-0x00007FF6969F0000-0x00007FF696D44000-memory.dmp	upx
behavioral2/files/0x0009000000023d78-58.dat	upx
behavioral2/memory/2364-71-0x00007FF749970000-0x00007FF749CC4000-memory.dmp	upx
behavioral2/memory/4464-72-0x00007FF73FFB0000-0x00007FF740304000-memory.dmp	upx
behavioral2/files/0x0008000000023d79-74.dat	upx
behavioral2/files/0x0008000000023d7b-78.dat	upx
behavioral2/files/0x0008000000023d7a-76.dat	upx
behavioral2/memory/2568-73-0x00007FF720C00000-0x00007FF720F54000-memory.dmp	upx
behavioral2/memory/3952-67-0x00007FF6467E0000-0x00007FF646B34000-memory.dmp	upx
behavioral2/memory/2264-81-0x00007FF6947B0000-0x00007FF694B04000-memory.dmp	upx
behavioral2/files/0x0008000000023d7c-83.dat	upx
behavioral2/memory/520-87-0x00007FF72FC30000-0x00007FF72FF84000-memory.dmp	upx
behavioral2/memory/2256-90-0x00007FF659D80000-0x00007FF65A0D4000-memory.dmp	upx
behavioral2/files/0x000b000000023d91-92.dat	upx
behavioral2/files/0x0016000000023d92-94.dat	upx
behavioral2/memory/4432-96-0x00007FF726660000-0x00007FF7269B4000-memory.dmp	upx
behavioral2/files/0x0008000000023d9c-106.dat	upx
behavioral2/files/0x0008000000023d98-110.dat	upx
behavioral2/files/0x0008000000023da9-119.dat	upx
behavioral2/files/0x0008000000023da8-122.dat	upx
behavioral2/files/0x0008000000023dab-125.dat	upx
behavioral2/memory/3676-134-0x00007FF630C80000-0x00007FF630FD4000-memory.dmp	upx
behavioral2/files/0x0008000000023dac-146.dat	upx
behavioral2/files/0x0008000000023db0-157.dat	upx
behavioral2/files/0x0008000000023db1-168.dat	upx
behavioral2/memory/2532-174-0x00007FF7286B0000-0x00007FF728A04000-memory.dmp	upx
behavioral2/memory/2296-181-0x00007FF6FED60000-0x00007FF6FF0B4000-memory.dmp	upx
behavioral2/memory/2188-182-0x00007FF7738E0000-0x00007FF773C34000-memory.dmp	upx
behavioral2/memory/5068-180-0x00007FF72DD40000-0x00007FF72E094000-memory.dmp	upx
behavioral2/files/0x0008000000023db2-178.dat	upx
behavioral2/memory/2212-177-0x00007FF691560000-0x00007FF6918B4000-memory.dmp	upx
behavioral2/memory/3300-171-0x00007FF7E0540000-0x00007FF7E0894000-memory.dmp	upx
behavioral2/memory/4792-170-0x00007FF72AC00000-0x00007FF72AF54000-memory.dmp	upx
behavioral2/memory/2068-166-0x00007FF63E200000-0x00007FF63E554000-memory.dmp	upx
behavioral2/files/0x0008000000023daf-165.dat	upx
behavioral2/files/0x0008000000023dae-161.dat	upx
behavioral2/files/0x0008000000023dad-150.dat	upx
behavioral2/files/0x0008000000023daa-148.dat	upx
behavioral2/memory/2804-145-0x00007FF6FCC20000-0x00007FF6FCF74000-memory.dmp	upx
behavioral2/memory/4128-140-0x00007FF67BDE0000-0x00007FF67C134000-memory.dmp	upx
behavioral2/memory/2904-137-0x00007FF6972B0000-0x00007FF697604000-memory.dmp	upx
behavioral2/memory/2776-135-0x00007FF6BE9A0000-0x00007FF6BECF4000-memory.dmp	upx
behavioral2/memory/2796-129-0x00007FF7FE170000-0x00007FF7FE4C4000-memory.dmp	upx
behavioral2/memory/4672-113-0x00007FF6A6790000-0x00007FF6A6AE4000-memory.dmp	upx
behavioral2/memory/2908-109-0x00007FF7B6170000-0x00007FF7B64C4000-memory.dmp	upx
behavioral2/memory/1504-103-0x00007FF65BCD0000-0x00007FF65C024000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\gzHeKdB.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gKTpUfx.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wVriBMc.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BUveKCA.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\teAbawH.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QzwBBBu.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wZGLhKI.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KIWZYgN.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nPHlRTy.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZKwSXxm.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qIgJMhU.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BlrTvew.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NvOigZe.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mvmewEJ.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OrYyXlQ.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BBLKYXl.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zqEjOdA.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EQkSQSj.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bEKErmk.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AEaqQWT.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JrYpjwh.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qfDGxeO.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HnjCxCm.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AqyvtxJ.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nSotEYe.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qZsdeZA.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AGMrLIk.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PVPvjeO.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xCjThgR.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NxpxfWL.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cKScmZB.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pEdqgUU.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VSjypSn.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RIzwgtu.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GcokOdD.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SKOHkvp.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pJoFuRy.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VxiwDLU.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SdaQEzb.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NgmRXiB.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fqgfuCe.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lNoYGie.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RezcowR.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\heGUzXx.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uavcaNs.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\orlpTKe.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qzuOKfv.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dhuJNRb.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BQhHrQI.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XHIhPPq.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MENzqMD.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kKNoDiU.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SZqJWXU.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KmwvpsI.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RVCnPxN.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VxMszRf.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZFmXecl.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\enXwtXJ.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XGLmUgx.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\okAjSoS.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AJENzWQ.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DjcoKdc.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VXFTDJN.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pvvpgfD.exe	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
5968	MicrosoftEdgeUpdate.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 4288	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 2264 wrote to memory of 4288	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 2264 wrote to memory of 520	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 2264 wrote to memory of 520	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 2264 wrote to memory of 2184	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 2264 wrote to memory of 2184	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 2264 wrote to memory of 2256	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 2264 wrote to memory of 2256	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 2264 wrote to memory of 1504	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 2264 wrote to memory of 1504	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 2264 wrote to memory of 3352	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 2264 wrote to memory of 3352	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 2264 wrote to memory of 3676	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 2264 wrote to memory of 3676	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 2264 wrote to memory of 2532	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 2264 wrote to memory of 2532	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 2264 wrote to memory of 1140	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 2264 wrote to memory of 1140	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 2264 wrote to memory of 3952	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 2264 wrote to memory of 3952	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 2264 wrote to memory of 2364	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 2264 wrote to memory of 2364	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 2264 wrote to memory of 2568	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 2264 wrote to memory of 2568	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 2264 wrote to memory of 4464	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 2264 wrote to memory of 4464	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 2264 wrote to memory of 4432	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 2264 wrote to memory of 4432	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 2264 wrote to memory of 2908	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 2264 wrote to memory of 2908	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 2264 wrote to memory of 4476	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 2264 wrote to memory of 4476	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 2264 wrote to memory of 4672	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 2264 wrote to memory of 4672	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 2264 wrote to memory of 2776	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 2264 wrote to memory of 2776	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 2264 wrote to memory of 2904	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 2264 wrote to memory of 2904	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 2264 wrote to memory of 2796	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 2264 wrote to memory of 2796	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 2264 wrote to memory of 2804	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 2264 wrote to memory of 2804	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 2264 wrote to memory of 4128	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 2264 wrote to memory of 4128	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 2264 wrote to memory of 2212	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 2264 wrote to memory of 2212	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 2264 wrote to memory of 2068	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 2264 wrote to memory of 2068	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 2264 wrote to memory of 5068	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 2264 wrote to memory of 5068	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 2264 wrote to memory of 2296	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 2264 wrote to memory of 2296	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 2264 wrote to memory of 4792	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 2264 wrote to memory of 4792	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 2264 wrote to memory of 2188	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 2264 wrote to memory of 2188	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 2264 wrote to memory of 3300	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 2264 wrote to memory of 3300	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 2264 wrote to memory of 3760	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 2264 wrote to memory of 3760	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 2264 wrote to memory of 3124	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	119
PID 2264 wrote to memory of 3124	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	119
PID 2264 wrote to memory of 3372	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	120
PID 2264 wrote to memory of 3372	2264	2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe	120

C:\Users\Admin\AppData\Local\Temp\2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-16_ffb538f26ad1d34681a5485742456c1d_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Windows\System\zANYcWY.exe
  C:\Windows\System\zANYcWY.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\yVIccUv.exe
  C:\Windows\System\yVIccUv.exe
  2⤵
  - Executes dropped EXE
  PID:520
- C:\Windows\System\jVakpFf.exe
  C:\Windows\System\jVakpFf.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\aQhVmKP.exe
  C:\Windows\System\aQhVmKP.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\SwBEFFI.exe
  C:\Windows\System\SwBEFFI.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\IsCqOGa.exe
  C:\Windows\System\IsCqOGa.exe
  2⤵
  - Executes dropped EXE
  PID:3352
- C:\Windows\System\LqVXoZi.exe
  C:\Windows\System\LqVXoZi.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System\RoBIgIT.exe
  C:\Windows\System\RoBIgIT.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\gFZBoKz.exe
  C:\Windows\System\gFZBoKz.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\EuSaEjg.exe
  C:\Windows\System\EuSaEjg.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\xXCdSMM.exe
  C:\Windows\System\xXCdSMM.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\AGMrLIk.exe
  C:\Windows\System\AGMrLIk.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\uXHTSkS.exe
  C:\Windows\System\uXHTSkS.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\XGaJYlk.exe
  C:\Windows\System\XGaJYlk.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\jMoWeBd.exe
  C:\Windows\System\jMoWeBd.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\PUWxyPJ.exe
  C:\Windows\System\PUWxyPJ.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\OJxEotd.exe
  C:\Windows\System\OJxEotd.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\Bhhajir.exe
  C:\Windows\System\Bhhajir.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\aSofiSj.exe
  C:\Windows\System\aSofiSj.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\gKTpUfx.exe
  C:\Windows\System\gKTpUfx.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\YtdfgBU.exe
  C:\Windows\System\YtdfgBU.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\VbJryKW.exe
  C:\Windows\System\VbJryKW.exe
  2⤵
  - Executes dropped EXE
  PID:4128
- C:\Windows\System\uQUjREe.exe
  C:\Windows\System\uQUjREe.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\OoDTXke.exe
  C:\Windows\System\OoDTXke.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\qfOimls.exe
  C:\Windows\System\qfOimls.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\btzMbZW.exe
  C:\Windows\System\btzMbZW.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\irCoRnb.exe
  C:\Windows\System\irCoRnb.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\ErvJKQw.exe
  C:\Windows\System\ErvJKQw.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\YoJnKSX.exe
  C:\Windows\System\YoJnKSX.exe
  2⤵
  - Executes dropped EXE
  PID:3300
- C:\Windows\System\DVumlXa.exe
  C:\Windows\System\DVumlXa.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\MdwRfbB.exe
  C:\Windows\System\MdwRfbB.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\yoRhKJK.exe
  C:\Windows\System\yoRhKJK.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System\nZIEnGk.exe
  C:\Windows\System\nZIEnGk.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System\KmwvpsI.exe
  C:\Windows\System\KmwvpsI.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\PcYcEbk.exe
  C:\Windows\System\PcYcEbk.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\TYXijZV.exe
  C:\Windows\System\TYXijZV.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\XUNinpq.exe
  C:\Windows\System\XUNinpq.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\eLThMOL.exe
  C:\Windows\System\eLThMOL.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\twtQCjX.exe
  C:\Windows\System\twtQCjX.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\TPlgvCj.exe
  C:\Windows\System\TPlgvCj.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\EVkMFwP.exe
  C:\Windows\System\EVkMFwP.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System\MkqUbgj.exe
  C:\Windows\System\MkqUbgj.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\cqcBqeT.exe
  C:\Windows\System\cqcBqeT.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\sIyJeDu.exe
  C:\Windows\System\sIyJeDu.exe
  2⤵
  - Executes dropped EXE
  PID:3340
- C:\Windows\System\yUbkpOD.exe
  C:\Windows\System\yUbkpOD.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\oDBTwNW.exe
  C:\Windows\System\oDBTwNW.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\hSSdTKd.exe
  C:\Windows\System\hSSdTKd.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\BBHGJnU.exe
  C:\Windows\System\BBHGJnU.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\kiNXYGT.exe
  C:\Windows\System\kiNXYGT.exe
  2⤵
  - Executes dropped EXE
  PID:728
- C:\Windows\System\GefoAsN.exe
  C:\Windows\System\GefoAsN.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\YHdPmLT.exe
  C:\Windows\System\YHdPmLT.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System\YucLLcK.exe
  C:\Windows\System\YucLLcK.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\PVPvjeO.exe
  C:\Windows\System\PVPvjeO.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\BBLKYXl.exe
  C:\Windows\System\BBLKYXl.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\SaggmHX.exe
  C:\Windows\System\SaggmHX.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\RQkOUgU.exe
  C:\Windows\System\RQkOUgU.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\uprkzem.exe
  C:\Windows\System\uprkzem.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\hmtIazg.exe
  C:\Windows\System\hmtIazg.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\reKTguQ.exe
  C:\Windows\System\reKTguQ.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\XePEnis.exe
  C:\Windows\System\XePEnis.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\FWTPMLt.exe
  C:\Windows\System\FWTPMLt.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\yaEAtRx.exe
  C:\Windows\System\yaEAtRx.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\FHwHJpa.exe
  C:\Windows\System\FHwHJpa.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\PJZkjTV.exe
  C:\Windows\System\PJZkjTV.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\cZLFdhk.exe
  C:\Windows\System\cZLFdhk.exe
  2⤵
  PID:928
- C:\Windows\System\pJoFuRy.exe
  C:\Windows\System\pJoFuRy.exe
  2⤵
  PID:3524
- C:\Windows\System\HWigreO.exe
  C:\Windows\System\HWigreO.exe
  2⤵
  PID:3884
- C:\Windows\System\isSkzPj.exe
  C:\Windows\System\isSkzPj.exe
  2⤵
  PID:760
- C:\Windows\System\qIgJMhU.exe
  C:\Windows\System\qIgJMhU.exe
  2⤵
  PID:1648
- C:\Windows\System\nWbNsNY.exe
  C:\Windows\System\nWbNsNY.exe
  2⤵
  PID:3024
- C:\Windows\System\QKRYqSX.exe
  C:\Windows\System\QKRYqSX.exe
  2⤵
  PID:4460
- C:\Windows\System\evEgfYa.exe
  C:\Windows\System\evEgfYa.exe
  2⤵
  PID:1920
- C:\Windows\System\lRTRhxA.exe
  C:\Windows\System\lRTRhxA.exe
  2⤵
  PID:3344
- C:\Windows\System\VBvjLgM.exe
  C:\Windows\System\VBvjLgM.exe
  2⤵
  PID:1160
- C:\Windows\System\yjFIXpH.exe
  C:\Windows\System\yjFIXpH.exe
  2⤵
  PID:516
- C:\Windows\System\SBHaAfL.exe
  C:\Windows\System\SBHaAfL.exe
  2⤵
  PID:3280
- C:\Windows\System\BlrTvew.exe
  C:\Windows\System\BlrTvew.exe
  2⤵
  PID:684
- C:\Windows\System\xsMvAeK.exe
  C:\Windows\System\xsMvAeK.exe
  2⤵
  PID:3324
- C:\Windows\System\oHiuiQi.exe
  C:\Windows\System\oHiuiQi.exe
  2⤵
  PID:5004
- C:\Windows\System\HlWqlhh.exe
  C:\Windows\System\HlWqlhh.exe
  2⤵
  PID:2488
- C:\Windows\System\TYnZhMX.exe
  C:\Windows\System\TYnZhMX.exe
  2⤵
  PID:3136
- C:\Windows\System\YzmfGhz.exe
  C:\Windows\System\YzmfGhz.exe
  2⤵
  PID:4920
- C:\Windows\System\McIBDnC.exe
  C:\Windows\System\McIBDnC.exe
  2⤵
  PID:4600
- C:\Windows\System\RVCnPxN.exe
  C:\Windows\System\RVCnPxN.exe
  2⤵
  PID:220
- C:\Windows\System\PYPrimh.exe
  C:\Windows\System\PYPrimh.exe
  2⤵
  PID:4564
- C:\Windows\System\aOobsYy.exe
  C:\Windows\System\aOobsYy.exe
  2⤵
  PID:3636
- C:\Windows\System\xpqOoai.exe
  C:\Windows\System\xpqOoai.exe
  2⤵
  PID:3808
- C:\Windows\System\MrrDiGv.exe
  C:\Windows\System\MrrDiGv.exe
  2⤵
  PID:2748
- C:\Windows\System\sxHZnVk.exe
  C:\Windows\System\sxHZnVk.exe
  2⤵
  PID:1248
- C:\Windows\System\CpHdQVJ.exe
  C:\Windows\System\CpHdQVJ.exe
  2⤵
  PID:3900
- C:\Windows\System\LgMkIjE.exe
  C:\Windows\System\LgMkIjE.exe
  2⤵
  PID:1912
- C:\Windows\System\anIaUwd.exe
  C:\Windows\System\anIaUwd.exe
  2⤵
  PID:5164
- C:\Windows\System\nVHuDbz.exe
  C:\Windows\System\nVHuDbz.exe
  2⤵
  PID:5204
- C:\Windows\System\uJRGatb.exe
  C:\Windows\System\uJRGatb.exe
  2⤵
  PID:5232
- C:\Windows\System\MRYeyFg.exe
  C:\Windows\System\MRYeyFg.exe
  2⤵
  PID:5292
- C:\Windows\System\ZTZBZQo.exe
  C:\Windows\System\ZTZBZQo.exe
  2⤵
  PID:5364
- C:\Windows\System\lmZVfLN.exe
  C:\Windows\System\lmZVfLN.exe
  2⤵
  PID:5404
- C:\Windows\System\HWcGKHA.exe
  C:\Windows\System\HWcGKHA.exe
  2⤵
  PID:5448
- C:\Windows\System\ZCpKqCo.exe
  C:\Windows\System\ZCpKqCo.exe
  2⤵
  PID:5488
- C:\Windows\System\slHSabN.exe
  C:\Windows\System\slHSabN.exe
  2⤵
  PID:5520
- C:\Windows\System\vHeXPkK.exe
  C:\Windows\System\vHeXPkK.exe
  2⤵
  PID:5548
- C:\Windows\System\qQkIcqi.exe
  C:\Windows\System\qQkIcqi.exe
  2⤵
  PID:5588
- C:\Windows\System\quLUQrj.exe
  C:\Windows\System\quLUQrj.exe
  2⤵
  PID:5612
- C:\Windows\System\eshpVYs.exe
  C:\Windows\System\eshpVYs.exe
  2⤵
  PID:5644
- C:\Windows\System\pzIUVuH.exe
  C:\Windows\System\pzIUVuH.exe
  2⤵
  PID:5672
- C:\Windows\System\mWedMev.exe
  C:\Windows\System\mWedMev.exe
  2⤵
  PID:5700
- C:\Windows\System\tlGIooi.exe
  C:\Windows\System\tlGIooi.exe
  2⤵
  PID:5728
- C:\Windows\System\VszOEdr.exe
  C:\Windows\System\VszOEdr.exe
  2⤵
  PID:5756
- C:\Windows\System\UTkIVPL.exe
  C:\Windows\System\UTkIVPL.exe
  2⤵
  PID:5784
- C:\Windows\System\lDsQEuI.exe
  C:\Windows\System\lDsQEuI.exe
  2⤵
  PID:5812
- C:\Windows\System\jSttdGn.exe
  C:\Windows\System\jSttdGn.exe
  2⤵
  PID:5840
- C:\Windows\System\VJKCSBk.exe
  C:\Windows\System\VJKCSBk.exe
  2⤵
  PID:5872
- C:\Windows\System\GZvxMqV.exe
  C:\Windows\System\GZvxMqV.exe
  2⤵
  PID:5900
- C:\Windows\System\zqEjOdA.exe
  C:\Windows\System\zqEjOdA.exe
  2⤵
  PID:5928
- C:\Windows\System\VuVXSuD.exe
  C:\Windows\System\VuVXSuD.exe
  2⤵
  PID:5960
- C:\Windows\System\fefaQfa.exe
  C:\Windows\System\fefaQfa.exe
  2⤵
  PID:5996
- C:\Windows\System\vPRjXrr.exe
  C:\Windows\System\vPRjXrr.exe
  2⤵
  PID:6024
- C:\Windows\System\EQinYul.exe
  C:\Windows\System\EQinYul.exe
  2⤵
  PID:6052
- C:\Windows\System\nagKSsy.exe
  C:\Windows\System\nagKSsy.exe
  2⤵
  PID:6072
- C:\Windows\System\BsFnfUv.exe
  C:\Windows\System\BsFnfUv.exe
  2⤵
  PID:6112
- C:\Windows\System\kZRylJp.exe
  C:\Windows\System\kZRylJp.exe
  2⤵
  PID:6136
- C:\Windows\System\odThZgj.exe
  C:\Windows\System\odThZgj.exe
  2⤵
  PID:5148
- C:\Windows\System\wRXawCh.exe
  C:\Windows\System\wRXawCh.exe
  2⤵
  PID:5220
- C:\Windows\System\ZIuEKKD.exe
  C:\Windows\System\ZIuEKKD.exe
  2⤵
  PID:5380
- C:\Windows\System\PRKPYWL.exe
  C:\Windows\System\PRKPYWL.exe
  2⤵
  PID:5472
- C:\Windows\System\boSPmCM.exe
  C:\Windows\System\boSPmCM.exe
  2⤵
  PID:5508
- C:\Windows\System\OkIpCQG.exe
  C:\Windows\System\OkIpCQG.exe
  2⤵
  PID:5596
- C:\Windows\System\OTgLzRq.exe
  C:\Windows\System\OTgLzRq.exe
  2⤵
  PID:5660
- C:\Windows\System\ULcyAbi.exe
  C:\Windows\System\ULcyAbi.exe
  2⤵
  PID:5724
- C:\Windows\System\tChNPmk.exe
  C:\Windows\System\tChNPmk.exe
  2⤵
  PID:5212
- C:\Windows\System\XlIvpzU.exe
  C:\Windows\System\XlIvpzU.exe
  2⤵
  PID:5836
- C:\Windows\System\YFtgJdA.exe
  C:\Windows\System\YFtgJdA.exe
  2⤵
  PID:5924
- C:\Windows\System\XyoKpos.exe
  C:\Windows\System\XyoKpos.exe
  2⤵
  PID:5976
- C:\Windows\System\DLpAqGA.exe
  C:\Windows\System\DLpAqGA.exe
  2⤵
  PID:6040
- C:\Windows\System\xywzRqX.exe
  C:\Windows\System\xywzRqX.exe
  2⤵
  PID:6120
- C:\Windows\System\gNMigXB.exe
  C:\Windows\System\gNMigXB.exe
  2⤵
  PID:2260
- C:\Windows\System\FlmnCKL.exe
  C:\Windows\System\FlmnCKL.exe
  2⤵
  PID:2064
- C:\Windows\System\XyKiNyo.exe
  C:\Windows\System\XyKiNyo.exe
  2⤵
  PID:5696
- C:\Windows\System\mUOujLs.exe
  C:\Windows\System\mUOujLs.exe
  2⤵
  PID:6100
- C:\Windows\System\yryaeFf.exe
  C:\Windows\System\yryaeFf.exe
  2⤵
  PID:5800
- C:\Windows\System\pRBBKBC.exe
  C:\Windows\System\pRBBKBC.exe
  2⤵
  PID:6068
- C:\Windows\System\NvOigZe.exe
  C:\Windows\System\NvOigZe.exe
  2⤵
  PID:5984
- C:\Windows\System\yPRLFdd.exe
  C:\Windows\System\yPRLFdd.exe
  2⤵
  PID:6184
- C:\Windows\System\jgHWHfp.exe
  C:\Windows\System\jgHWHfp.exe
  2⤵
  PID:6216
- C:\Windows\System\CnJMMdy.exe
  C:\Windows\System\CnJMMdy.exe
  2⤵
  PID:6252
- C:\Windows\System\zYBbnUH.exe
  C:\Windows\System\zYBbnUH.exe
  2⤵
  PID:6292
- C:\Windows\System\qxRavQY.exe
  C:\Windows\System\qxRavQY.exe
  2⤵
  PID:6320
- C:\Windows\System\RRZDihV.exe
  C:\Windows\System\RRZDihV.exe
  2⤵
  PID:6348
- C:\Windows\System\zdsqAqq.exe
  C:\Windows\System\zdsqAqq.exe
  2⤵
  PID:6384
- C:\Windows\System\zMawCEb.exe
  C:\Windows\System\zMawCEb.exe
  2⤵
  PID:6412
- C:\Windows\System\OfLbUqQ.exe
  C:\Windows\System\OfLbUqQ.exe
  2⤵
  PID:6452
- C:\Windows\System\uoUdYfE.exe
  C:\Windows\System\uoUdYfE.exe
  2⤵
  PID:6476
- C:\Windows\System\doDVCLB.exe
  C:\Windows\System\doDVCLB.exe
  2⤵
  PID:6504
- C:\Windows\System\taTeQaE.exe
  C:\Windows\System\taTeQaE.exe
  2⤵
  PID:6532
- C:\Windows\System\xCjThgR.exe
  C:\Windows\System\xCjThgR.exe
  2⤵
  PID:6568
- C:\Windows\System\jbNIjbw.exe
  C:\Windows\System\jbNIjbw.exe
  2⤵
  PID:6588
- C:\Windows\System\kFvFrwv.exe
  C:\Windows\System\kFvFrwv.exe
  2⤵
  PID:6616
- C:\Windows\System\OmpbvJV.exe
  C:\Windows\System\OmpbvJV.exe
  2⤵
  PID:6644
- C:\Windows\System\LmAIaKI.exe
  C:\Windows\System\LmAIaKI.exe
  2⤵
  PID:6664
- C:\Windows\System\RgTLTHB.exe
  C:\Windows\System\RgTLTHB.exe
  2⤵
  PID:6700
- C:\Windows\System\ikSDchP.exe
  C:\Windows\System\ikSDchP.exe
  2⤵
  PID:6748
- C:\Windows\System\VxiwDLU.exe
  C:\Windows\System\VxiwDLU.exe
  2⤵
  PID:6772
- C:\Windows\System\QOzbHBZ.exe
  C:\Windows\System\QOzbHBZ.exe
  2⤵
  PID:6804
- C:\Windows\System\LVXeuPf.exe
  C:\Windows\System\LVXeuPf.exe
  2⤵
  PID:6868
- C:\Windows\System\soZfiol.exe
  C:\Windows\System\soZfiol.exe
  2⤵
  PID:6904
- C:\Windows\System\saJNkgW.exe
  C:\Windows\System\saJNkgW.exe
  2⤵
  PID:6936
- C:\Windows\System\tgQRgaR.exe
  C:\Windows\System\tgQRgaR.exe
  2⤵
  PID:6960
- C:\Windows\System\SjSVBWp.exe
  C:\Windows\System\SjSVBWp.exe
  2⤵
  PID:6988
- C:\Windows\System\FRYsjWt.exe
  C:\Windows\System\FRYsjWt.exe
  2⤵
  PID:7036
- C:\Windows\System\NKPkTcH.exe
  C:\Windows\System\NKPkTcH.exe
  2⤵
  PID:7064
- C:\Windows\System\iiiyFZv.exe
  C:\Windows\System\iiiyFZv.exe
  2⤵
  PID:7096
- C:\Windows\System\pZshCOC.exe
  C:\Windows\System\pZshCOC.exe
  2⤵
  PID:7124
- C:\Windows\System\OVTkjMO.exe
  C:\Windows\System\OVTkjMO.exe
  2⤵
  PID:7144
- C:\Windows\System\YsMaUUi.exe
  C:\Windows\System\YsMaUUi.exe
  2⤵
  PID:6164
- C:\Windows\System\vCXnjkG.exe
  C:\Windows\System\vCXnjkG.exe
  2⤵
  PID:6284
- C:\Windows\System\WaOBFXQ.exe
  C:\Windows\System\WaOBFXQ.exe
  2⤵
  PID:6316
- C:\Windows\System\qoRZVYt.exe
  C:\Windows\System\qoRZVYt.exe
  2⤵
  PID:6132
- C:\Windows\System\FYokPSW.exe
  C:\Windows\System\FYokPSW.exe
  2⤵
  PID:6376
- C:\Windows\System\iEzBtBQ.exe
  C:\Windows\System\iEzBtBQ.exe
  2⤵
  PID:6448
- C:\Windows\System\EGtCmMv.exe
  C:\Windows\System\EGtCmMv.exe
  2⤵
  PID:6500
- C:\Windows\System\bOkpVgz.exe
  C:\Windows\System\bOkpVgz.exe
  2⤵
  PID:6576
- C:\Windows\System\uWskZjL.exe
  C:\Windows\System\uWskZjL.exe
  2⤵
  PID:6636
- C:\Windows\System\cCDZbbv.exe
  C:\Windows\System\cCDZbbv.exe
  2⤵
  PID:6696
- C:\Windows\System\lOwzIwO.exe
  C:\Windows\System\lOwzIwO.exe
  2⤵
  PID:6784
- C:\Windows\System\slXwoSJ.exe
  C:\Windows\System\slXwoSJ.exe
  2⤵
  PID:6888
- C:\Windows\System\wFHhaNG.exe
  C:\Windows\System\wFHhaNG.exe
  2⤵
  PID:6980
- C:\Windows\System\XHIhPPq.exe
  C:\Windows\System\XHIhPPq.exe
  2⤵
  PID:7056
- C:\Windows\System\ZjEBxvN.exe
  C:\Windows\System\ZjEBxvN.exe
  2⤵
  PID:7132
- C:\Windows\System\SCebXxV.exe
  C:\Windows\System\SCebXxV.exe
  2⤵
  PID:6152
- C:\Windows\System\fnTbTZi.exe
  C:\Windows\System\fnTbTZi.exe
  2⤵
  PID:4720
- C:\Windows\System\qFDwIqD.exe
  C:\Windows\System\qFDwIqD.exe
  2⤵
  PID:6396
- C:\Windows\System\SjlJqIf.exe
  C:\Windows\System\SjlJqIf.exe
  2⤵
  PID:5968
- C:\Windows\System\WBtBfvl.exe
  C:\Windows\System\WBtBfvl.exe
  2⤵
  PID:6672
- C:\Windows\System\MqkdGsO.exe
  C:\Windows\System\MqkdGsO.exe
  2⤵
  PID:4192
- C:\Windows\System\MOjJYAm.exe
  C:\Windows\System\MOjJYAm.exe
  2⤵
  PID:6924
- C:\Windows\System\NxpxfWL.exe
  C:\Windows\System\NxpxfWL.exe
  2⤵
  PID:7076
- C:\Windows\System\ErytRkv.exe
  C:\Windows\System\ErytRkv.exe
  2⤵
  PID:6312
- C:\Windows\System\bMSxlgp.exe
  C:\Windows\System\bMSxlgp.exe
  2⤵
  PID:6520
- C:\Windows\System\wVriBMc.exe
  C:\Windows\System\wVriBMc.exe
  2⤵
  PID:644
- C:\Windows\System\SdaQEzb.exe
  C:\Windows\System\SdaQEzb.exe
  2⤵
  PID:6304
- C:\Windows\System\YNHCcWk.exe
  C:\Windows\System\YNHCcWk.exe
  2⤵
  PID:2384
- C:\Windows\System\qtWhKsX.exe
  C:\Windows\System\qtWhKsX.exe
  2⤵
  PID:6408
- C:\Windows\System\AgdvRsq.exe
  C:\Windows\System\AgdvRsq.exe
  2⤵
  PID:7180
- C:\Windows\System\VdsLltx.exe
  C:\Windows\System\VdsLltx.exe
  2⤵
  PID:7204
- C:\Windows\System\SvxTEMc.exe
  C:\Windows\System\SvxTEMc.exe
  2⤵
  PID:7248
- C:\Windows\System\MOXWtmo.exe
  C:\Windows\System\MOXWtmo.exe
  2⤵
  PID:7284
- C:\Windows\System\YkLxmcW.exe
  C:\Windows\System\YkLxmcW.exe
  2⤵
  PID:7304
- C:\Windows\System\EpGpElR.exe
  C:\Windows\System\EpGpElR.exe
  2⤵
  PID:7344
- C:\Windows\System\QqDkLke.exe
  C:\Windows\System\QqDkLke.exe
  2⤵
  PID:7372
- C:\Windows\System\DsJqUbv.exe
  C:\Windows\System\DsJqUbv.exe
  2⤵
  PID:7396
- C:\Windows\System\SrAuZCy.exe
  C:\Windows\System\SrAuZCy.exe
  2⤵
  PID:7424
- C:\Windows\System\UUPjTsk.exe
  C:\Windows\System\UUPjTsk.exe
  2⤵
  PID:7456
- C:\Windows\System\AHKkHTS.exe
  C:\Windows\System\AHKkHTS.exe
  2⤵
  PID:7480
- C:\Windows\System\mTYmhyl.exe
  C:\Windows\System\mTYmhyl.exe
  2⤵
  PID:7508
- C:\Windows\System\dFwFRIX.exe
  C:\Windows\System\dFwFRIX.exe
  2⤵
  PID:7544
- C:\Windows\System\gzsHNZJ.exe
  C:\Windows\System\gzsHNZJ.exe
  2⤵
  PID:7580
- C:\Windows\System\YKnCEys.exe
  C:\Windows\System\YKnCEys.exe
  2⤵
  PID:7616
- C:\Windows\System\JaaCmXf.exe
  C:\Windows\System\JaaCmXf.exe
  2⤵
  PID:7644
- C:\Windows\System\cHwWZoB.exe
  C:\Windows\System\cHwWZoB.exe
  2⤵
  PID:7676
- C:\Windows\System\XoljXzA.exe
  C:\Windows\System\XoljXzA.exe
  2⤵
  PID:7704
- C:\Windows\System\ljgqtdO.exe
  C:\Windows\System\ljgqtdO.exe
  2⤵
  PID:7732
- C:\Windows\System\mXMGdWh.exe
  C:\Windows\System\mXMGdWh.exe
  2⤵
  PID:7756
- C:\Windows\System\AEbQade.exe
  C:\Windows\System\AEbQade.exe
  2⤵
  PID:7784
- C:\Windows\System\NgmRXiB.exe
  C:\Windows\System\NgmRXiB.exe
  2⤵
  PID:7816
- C:\Windows\System\VSjypSn.exe
  C:\Windows\System\VSjypSn.exe
  2⤵
  PID:7840
- C:\Windows\System\nhONxaM.exe
  C:\Windows\System\nhONxaM.exe
  2⤵
  PID:7868
- C:\Windows\System\ckQyyVt.exe
  C:\Windows\System\ckQyyVt.exe
  2⤵
  PID:7900
- C:\Windows\System\KGikHEv.exe
  C:\Windows\System\KGikHEv.exe
  2⤵
  PID:7932
- C:\Windows\System\mvmewEJ.exe
  C:\Windows\System\mvmewEJ.exe
  2⤵
  PID:7956
- C:\Windows\System\UjuayIA.exe
  C:\Windows\System\UjuayIA.exe
  2⤵
  PID:7988
- C:\Windows\System\IytjsHp.exe
  C:\Windows\System\IytjsHp.exe
  2⤵
  PID:8004
- C:\Windows\System\HQEEpnp.exe
  C:\Windows\System\HQEEpnp.exe
  2⤵
  PID:8036
- C:\Windows\System\brgaRRQ.exe
  C:\Windows\System\brgaRRQ.exe
  2⤵
  PID:8072
- C:\Windows\System\gcaHhie.exe
  C:\Windows\System\gcaHhie.exe
  2⤵
  PID:8108
- C:\Windows\System\ktnvwXg.exe
  C:\Windows\System\ktnvwXg.exe
  2⤵
  PID:8140
- C:\Windows\System\jdEsZNb.exe
  C:\Windows\System\jdEsZNb.exe
  2⤵
  PID:8168
- C:\Windows\System\RIzwgtu.exe
  C:\Windows\System\RIzwgtu.exe
  2⤵
  PID:336
- C:\Windows\System\fNDQlAv.exe
  C:\Windows\System\fNDQlAv.exe
  2⤵
  PID:7232
- C:\Windows\System\qndtClf.exe
  C:\Windows\System\qndtClf.exe
  2⤵
  PID:7292
- C:\Windows\System\jOowPRH.exe
  C:\Windows\System\jOowPRH.exe
  2⤵
  PID:7360
- C:\Windows\System\tPPViZu.exe
  C:\Windows\System\tPPViZu.exe
  2⤵
  PID:7432
- C:\Windows\System\vYIVmMn.exe
  C:\Windows\System\vYIVmMn.exe
  2⤵
  PID:7492
- C:\Windows\System\PPrnDlk.exe
  C:\Windows\System\PPrnDlk.exe
  2⤵
  PID:7536
- C:\Windows\System\gNvHZIS.exe
  C:\Windows\System\gNvHZIS.exe
  2⤵
  PID:7604
- C:\Windows\System\MENzqMD.exe
  C:\Windows\System\MENzqMD.exe
  2⤵
  PID:7672
- C:\Windows\System\idNvrmm.exe
  C:\Windows\System\idNvrmm.exe
  2⤵
  PID:7728
- C:\Windows\System\ChZucxB.exe
  C:\Windows\System\ChZucxB.exe
  2⤵
  PID:7792
- C:\Windows\System\aLYaoTs.exe
  C:\Windows\System\aLYaoTs.exe
  2⤵
  PID:7852
- C:\Windows\System\aKVQXNT.exe
  C:\Windows\System\aKVQXNT.exe
  2⤵
  PID:7928
- C:\Windows\System\woAchuM.exe
  C:\Windows\System\woAchuM.exe
  2⤵
  PID:7976
- C:\Windows\System\GuUyEAi.exe
  C:\Windows\System\GuUyEAi.exe
  2⤵
  PID:8048
- C:\Windows\System\wZGLhKI.exe
  C:\Windows\System\wZGLhKI.exe
  2⤵
  PID:8096
- C:\Windows\System\lJECRQS.exe
  C:\Windows\System\lJECRQS.exe
  2⤵
  PID:8160
- C:\Windows\System\mKwERaQ.exe
  C:\Windows\System\mKwERaQ.exe
  2⤵
  PID:7260
- C:\Windows\System\sOignCB.exe
  C:\Windows\System\sOignCB.exe
  2⤵
  PID:7408
- C:\Windows\System\CKzLXTn.exe
  C:\Windows\System\CKzLXTn.exe
  2⤵
  PID:7528
- C:\Windows\System\nrtIWEa.exe
  C:\Windows\System\nrtIWEa.exe
  2⤵
  PID:7668
- C:\Windows\System\lIYvwRv.exe
  C:\Windows\System\lIYvwRv.exe
  2⤵
  PID:7804
- C:\Windows\System\GlAeDyU.exe
  C:\Windows\System\GlAeDyU.exe
  2⤵
  PID:7912
- C:\Windows\System\pygzmlX.exe
  C:\Windows\System\pygzmlX.exe
  2⤵
  PID:8064
- C:\Windows\System\yZpMYkm.exe
  C:\Windows\System\yZpMYkm.exe
  2⤵
  PID:7196
- C:\Windows\System\ESWjZFU.exe
  C:\Windows\System\ESWjZFU.exe
  2⤵
  PID:7200
- C:\Windows\System\BVZzNky.exe
  C:\Windows\System\BVZzNky.exe
  2⤵
  PID:7884
- C:\Windows\System\dPJhnvq.exe
  C:\Windows\System\dPJhnvq.exe
  2⤵
  PID:8188
- C:\Windows\System\JWRGare.exe
  C:\Windows\System\JWRGare.exe
  2⤵
  PID:7848
- C:\Windows\System\pKEAlmf.exe
  C:\Windows\System\pKEAlmf.exe
  2⤵
  PID:8152
- C:\Windows\System\mjtgemf.exe
  C:\Windows\System\mjtgemf.exe
  2⤵
  PID:8212
- C:\Windows\System\DsSRwfs.exe
  C:\Windows\System\DsSRwfs.exe
  2⤵
  PID:8240
- C:\Windows\System\kbefYXZ.exe
  C:\Windows\System\kbefYXZ.exe
  2⤵
  PID:8268
- C:\Windows\System\hRfAWKb.exe
  C:\Windows\System\hRfAWKb.exe
  2⤵
  PID:8296
- C:\Windows\System\QUNwbGE.exe
  C:\Windows\System\QUNwbGE.exe
  2⤵
  PID:8324
- C:\Windows\System\moubDTU.exe
  C:\Windows\System\moubDTU.exe
  2⤵
  PID:8356
- C:\Windows\System\AJENzWQ.exe
  C:\Windows\System\AJENzWQ.exe
  2⤵
  PID:8380
- C:\Windows\System\ABfsOjG.exe
  C:\Windows\System\ABfsOjG.exe
  2⤵
  PID:8408
- C:\Windows\System\mYUdSLo.exe
  C:\Windows\System\mYUdSLo.exe
  2⤵
  PID:8436
- C:\Windows\System\VsZocok.exe
  C:\Windows\System\VsZocok.exe
  2⤵
  PID:8464
- C:\Windows\System\ZwaeKQi.exe
  C:\Windows\System\ZwaeKQi.exe
  2⤵
  PID:8504
- C:\Windows\System\XVxyRvl.exe
  C:\Windows\System\XVxyRvl.exe
  2⤵
  PID:8536
- C:\Windows\System\DjcoKdc.exe
  C:\Windows\System\DjcoKdc.exe
  2⤵
  PID:8564
- C:\Windows\System\URVYovl.exe
  C:\Windows\System\URVYovl.exe
  2⤵
  PID:8592
- C:\Windows\System\KIWZYgN.exe
  C:\Windows\System\KIWZYgN.exe
  2⤵
  PID:8620
- C:\Windows\System\mMiVHUN.exe
  C:\Windows\System\mMiVHUN.exe
  2⤵
  PID:8660
- C:\Windows\System\HRmzEdd.exe
  C:\Windows\System\HRmzEdd.exe
  2⤵
  PID:8680
- C:\Windows\System\NMIXnlu.exe
  C:\Windows\System\NMIXnlu.exe
  2⤵
  PID:8712
- C:\Windows\System\GrCCzyB.exe
  C:\Windows\System\GrCCzyB.exe
  2⤵
  PID:8736
- C:\Windows\System\AEaqQWT.exe
  C:\Windows\System\AEaqQWT.exe
  2⤵
  PID:8764
- C:\Windows\System\URZUTqp.exe
  C:\Windows\System\URZUTqp.exe
  2⤵
  PID:8800
- C:\Windows\System\lFzamhd.exe
  C:\Windows\System\lFzamhd.exe
  2⤵
  PID:8820
- C:\Windows\System\PUDDfJx.exe
  C:\Windows\System\PUDDfJx.exe
  2⤵
  PID:8848
- C:\Windows\System\OEflLxv.exe
  C:\Windows\System\OEflLxv.exe
  2⤵
  PID:8876
- C:\Windows\System\YgtNTkh.exe
  C:\Windows\System\YgtNTkh.exe
  2⤵
  PID:8908
- C:\Windows\System\ubxXQJY.exe
  C:\Windows\System\ubxXQJY.exe
  2⤵
  PID:8936
- C:\Windows\System\clMgMUn.exe
  C:\Windows\System\clMgMUn.exe
  2⤵
  PID:8968
- C:\Windows\System\DBCNHec.exe
  C:\Windows\System\DBCNHec.exe
  2⤵
  PID:8992
- C:\Windows\System\EgNaMWH.exe
  C:\Windows\System\EgNaMWH.exe
  2⤵
  PID:9020
- C:\Windows\System\VXFTDJN.exe
  C:\Windows\System\VXFTDJN.exe
  2⤵
  PID:9072
- C:\Windows\System\nZHAPVW.exe
  C:\Windows\System\nZHAPVW.exe
  2⤵
  PID:9100
- C:\Windows\System\LIzIBsh.exe
  C:\Windows\System\LIzIBsh.exe
  2⤵
  PID:9116
- C:\Windows\System\mCaHHhp.exe
  C:\Windows\System\mCaHHhp.exe
  2⤵
  PID:9156
- C:\Windows\System\wOvdJGB.exe
  C:\Windows\System\wOvdJGB.exe
  2⤵
  PID:9184
- C:\Windows\System\VRJSEeh.exe
  C:\Windows\System\VRJSEeh.exe
  2⤵
  PID:9212
- C:\Windows\System\LSpgLLZ.exe
  C:\Windows\System\LSpgLLZ.exe
  2⤵
  PID:8252
- C:\Windows\System\nPHlRTy.exe
  C:\Windows\System\nPHlRTy.exe
  2⤵
  PID:8316
- C:\Windows\System\htjmQHP.exe
  C:\Windows\System\htjmQHP.exe
  2⤵
  PID:8372
- C:\Windows\System\TKMOsHJ.exe
  C:\Windows\System\TKMOsHJ.exe
  2⤵
  PID:8432
- C:\Windows\System\mCflslQ.exe
  C:\Windows\System\mCflslQ.exe
  2⤵
  PID:8516
- C:\Windows\System\VxMszRf.exe
  C:\Windows\System\VxMszRf.exe
  2⤵
  PID:8584
- C:\Windows\System\bBRRIhP.exe
  C:\Windows\System\bBRRIhP.exe
  2⤵
  PID:8656
- C:\Windows\System\GcokOdD.exe
  C:\Windows\System\GcokOdD.exe
  2⤵
  PID:8700
- C:\Windows\System\BgrztMj.exe
  C:\Windows\System\BgrztMj.exe
  2⤵
  PID:8748
- C:\Windows\System\gOInhtx.exe
  C:\Windows\System\gOInhtx.exe
  2⤵
  PID:8808
- C:\Windows\System\AxSgjDC.exe
  C:\Windows\System\AxSgjDC.exe
  2⤵
  PID:8868
- C:\Windows\System\QSyFrWK.exe
  C:\Windows\System\QSyFrWK.exe
  2⤵
  PID:5268
- C:\Windows\System\tdzXHjq.exe
  C:\Windows\System\tdzXHjq.exe
  2⤵
  PID:1948
- C:\Windows\System\dYRfAdO.exe
  C:\Windows\System\dYRfAdO.exe
  2⤵
  PID:8984
- C:\Windows\System\GMYGewZ.exe
  C:\Windows\System\GMYGewZ.exe
  2⤵
  PID:4996
- C:\Windows\System\FajYqLX.exe
  C:\Windows\System\FajYqLX.exe
  2⤵
  PID:2132
- C:\Windows\System\UtwyYhl.exe
  C:\Windows\System\UtwyYhl.exe
  2⤵
  PID:9064
- C:\Windows\System\isEBvAC.exe
  C:\Windows\System\isEBvAC.exe
  2⤵
  PID:9108
- C:\Windows\System\faqzXKX.exe
  C:\Windows\System\faqzXKX.exe
  2⤵
  PID:9168
- C:\Windows\System\mKRZSgk.exe
  C:\Windows\System\mKRZSgk.exe
  2⤵
  PID:8232
- C:\Windows\System\KneRxKY.exe
  C:\Windows\System\KneRxKY.exe
  2⤵
  PID:8364
- C:\Windows\System\UqjTMQi.exe
  C:\Windows\System\UqjTMQi.exe
  2⤵
  PID:8548
- C:\Windows\System\HnjCxCm.exe
  C:\Windows\System\HnjCxCm.exe
  2⤵
  PID:3960
- C:\Windows\System\dqadKQZ.exe
  C:\Windows\System\dqadKQZ.exe
  2⤵
  PID:8844
- C:\Windows\System\tQqGRwk.exe
  C:\Windows\System\tQqGRwk.exe
  2⤵
  PID:8892
- C:\Windows\System\pJcleii.exe
  C:\Windows\System\pJcleii.exe
  2⤵
  PID:1828
- C:\Windows\System\pvvpgfD.exe
  C:\Windows\System\pvvpgfD.exe
  2⤵
  PID:4816
- C:\Windows\System\VKCfpXm.exe
  C:\Windows\System\VKCfpXm.exe
  2⤵
  PID:9152
- C:\Windows\System\uKvRblV.exe
  C:\Windows\System\uKvRblV.exe
  2⤵
  PID:8428
- C:\Windows\System\hHCYyIA.exe
  C:\Windows\System\hHCYyIA.exe
  2⤵
  PID:4396
- C:\Windows\System\TbTMwDu.exe
  C:\Windows\System\TbTMwDu.exe
  2⤵
  PID:1540
- C:\Windows\System\uahXbei.exe
  C:\Windows\System\uahXbei.exe
  2⤵
  PID:8208
- C:\Windows\System\ZsYOcnY.exe
  C:\Windows\System\ZsYOcnY.exe
  2⤵
  PID:8956
- C:\Windows\System\LsmwciL.exe
  C:\Windows\System\LsmwciL.exe
  2⤵
  PID:8920
- C:\Windows\System\khhQRhH.exe
  C:\Windows\System\khhQRhH.exe
  2⤵
  PID:9232
- C:\Windows\System\DIJXzNE.exe
  C:\Windows\System\DIJXzNE.exe
  2⤵
  PID:9260
- C:\Windows\System\xkqOgCd.exe
  C:\Windows\System\xkqOgCd.exe
  2⤵
  PID:9288
- C:\Windows\System\uTvPahm.exe
  C:\Windows\System\uTvPahm.exe
  2⤵
  PID:9324
- C:\Windows\System\ZIfvFHd.exe
  C:\Windows\System\ZIfvFHd.exe
  2⤵
  PID:9348
- C:\Windows\System\rnjOXdq.exe
  C:\Windows\System\rnjOXdq.exe
  2⤵
  PID:9372
- C:\Windows\System\MwmCBlr.exe
  C:\Windows\System\MwmCBlr.exe
  2⤵
  PID:9400
- C:\Windows\System\QxUIUMD.exe
  C:\Windows\System\QxUIUMD.exe
  2⤵
  PID:9428
- C:\Windows\System\QJvQmBU.exe
  C:\Windows\System\QJvQmBU.exe
  2⤵
  PID:9456
- C:\Windows\System\TbNAYIj.exe
  C:\Windows\System\TbNAYIj.exe
  2⤵
  PID:9484
- C:\Windows\System\joYDWGb.exe
  C:\Windows\System\joYDWGb.exe
  2⤵
  PID:9516
- C:\Windows\System\HeavpqV.exe
  C:\Windows\System\HeavpqV.exe
  2⤵
  PID:9540
- C:\Windows\System\uxEBwSJ.exe
  C:\Windows\System\uxEBwSJ.exe
  2⤵
  PID:9568
- C:\Windows\System\INfWGTs.exe
  C:\Windows\System\INfWGTs.exe
  2⤵
  PID:9608
- C:\Windows\System\FpBiDAe.exe
  C:\Windows\System\FpBiDAe.exe
  2⤵
  PID:9628
- C:\Windows\System\uCgmxhm.exe
  C:\Windows\System\uCgmxhm.exe
  2⤵
  PID:9656
- C:\Windows\System\flpiXoR.exe
  C:\Windows\System\flpiXoR.exe
  2⤵
  PID:9684
- C:\Windows\System\wbLEpCM.exe
  C:\Windows\System\wbLEpCM.exe
  2⤵
  PID:9712
- C:\Windows\System\ediQHhm.exe
  C:\Windows\System\ediQHhm.exe
  2⤵
  PID:9752
- C:\Windows\System\UXZXzoU.exe
  C:\Windows\System\UXZXzoU.exe
  2⤵
  PID:9768
- C:\Windows\System\SkEiarb.exe
  C:\Windows\System\SkEiarb.exe
  2⤵
  PID:9796
- C:\Windows\System\LYLlPgm.exe
  C:\Windows\System\LYLlPgm.exe
  2⤵
  PID:9824
- C:\Windows\System\NbmkaqR.exe
  C:\Windows\System\NbmkaqR.exe
  2⤵
  PID:9856
- C:\Windows\System\galzFHO.exe
  C:\Windows\System\galzFHO.exe
  2⤵
  PID:9884
- C:\Windows\System\TQTlnLc.exe
  C:\Windows\System\TQTlnLc.exe
  2⤵
  PID:9912
- C:\Windows\System\fciwbIg.exe
  C:\Windows\System\fciwbIg.exe
  2⤵
  PID:9952
- C:\Windows\System\ADFJELE.exe
  C:\Windows\System\ADFJELE.exe
  2⤵
  PID:9968
- C:\Windows\System\lBSubju.exe
  C:\Windows\System\lBSubju.exe
  2⤵
  PID:9996
- C:\Windows\System\AqyvtxJ.exe
  C:\Windows\System\AqyvtxJ.exe
  2⤵
  PID:10024
- C:\Windows\System\xhZHGIn.exe
  C:\Windows\System\xhZHGIn.exe
  2⤵
  PID:10052
- C:\Windows\System\XfTdlrI.exe
  C:\Windows\System\XfTdlrI.exe
  2⤵
  PID:10080
- C:\Windows\System\DnYmtMP.exe
  C:\Windows\System\DnYmtMP.exe
  2⤵
  PID:10108
- C:\Windows\System\rhIjnBN.exe
  C:\Windows\System\rhIjnBN.exe
  2⤵
  PID:10136
- C:\Windows\System\INkJXMa.exe
  C:\Windows\System\INkJXMa.exe
  2⤵
  PID:10164
- C:\Windows\System\enXwtXJ.exe
  C:\Windows\System\enXwtXJ.exe
  2⤵
  PID:10192
- C:\Windows\System\glPfGsb.exe
  C:\Windows\System\glPfGsb.exe
  2⤵
  PID:10228
- C:\Windows\System\wlXYcVO.exe
  C:\Windows\System\wlXYcVO.exe
  2⤵
  PID:9228
- C:\Windows\System\AaAQFGe.exe
  C:\Windows\System\AaAQFGe.exe
  2⤵
  PID:9300
- C:\Windows\System\nDjEfsy.exe
  C:\Windows\System\nDjEfsy.exe
  2⤵
  PID:9368
- C:\Windows\System\gueGAGq.exe
  C:\Windows\System\gueGAGq.exe
  2⤵
  PID:9424
- C:\Windows\System\CGROojz.exe
  C:\Windows\System\CGROojz.exe
  2⤵
  PID:9496
- C:\Windows\System\AXXbHJE.exe
  C:\Windows\System\AXXbHJE.exe
  2⤵
  PID:9560
- C:\Windows\System\HgQYMcr.exe
  C:\Windows\System\HgQYMcr.exe
  2⤵
  PID:9624
- C:\Windows\System\tssbHOR.exe
  C:\Windows\System\tssbHOR.exe
  2⤵
  PID:9696
- C:\Windows\System\yXFSzAf.exe
  C:\Windows\System\yXFSzAf.exe
  2⤵
  PID:9760
- C:\Windows\System\lhdVZuk.exe
  C:\Windows\System\lhdVZuk.exe
  2⤵
  PID:9816
- C:\Windows\System\EQkSQSj.exe
  C:\Windows\System\EQkSQSj.exe
  2⤵
  PID:9904
- C:\Windows\System\BFTzzEn.exe
  C:\Windows\System\BFTzzEn.exe
  2⤵
  PID:9960
- C:\Windows\System\IdUjmeX.exe
  C:\Windows\System\IdUjmeX.exe
  2⤵
  PID:10044
- C:\Windows\System\EcAfDbc.exe
  C:\Windows\System\EcAfDbc.exe
  2⤵
  PID:10120
- C:\Windows\System\Aheicod.exe
  C:\Windows\System\Aheicod.exe
  2⤵
  PID:10184
- C:\Windows\System\TqHPjNX.exe
  C:\Windows\System\TqHPjNX.exe
  2⤵
  PID:9280
- C:\Windows\System\IcFPZGF.exe
  C:\Windows\System\IcFPZGF.exe
  2⤵
  PID:1528
- C:\Windows\System\sUQmucD.exe
  C:\Windows\System\sUQmucD.exe
  2⤵
  PID:9536
- C:\Windows\System\keeLmKG.exe
  C:\Windows\System\keeLmKG.exe
  2⤵
  PID:9652
- C:\Windows\System\kKNoDiU.exe
  C:\Windows\System\kKNoDiU.exe
  2⤵
  PID:9788
- C:\Windows\System\ellVUft.exe
  C:\Windows\System\ellVUft.exe
  2⤵
  PID:9836
- C:\Windows\System\wnLGBQM.exe
  C:\Windows\System\wnLGBQM.exe
  2⤵
  PID:9876
- C:\Windows\System\KDExPHE.exe
  C:\Windows\System\KDExPHE.exe
  2⤵
  PID:10016
- C:\Windows\System\UVdmgmQ.exe
  C:\Windows\System\UVdmgmQ.exe
  2⤵
  PID:4976
- C:\Windows\System\aJEZAxM.exe
  C:\Windows\System\aJEZAxM.exe
  2⤵
  PID:10160
- C:\Windows\System\MnmqFeW.exe
  C:\Windows\System\MnmqFeW.exe
  2⤵
  PID:9452
- C:\Windows\System\EzcqDLC.exe
  C:\Windows\System\EzcqDLC.exe
  2⤵
  PID:9620
- C:\Windows\System\wxPObDs.exe
  C:\Windows\System\wxPObDs.exe
  2⤵
  PID:4168
- C:\Windows\System\GooFBni.exe
  C:\Windows\System\GooFBni.exe
  2⤵
  PID:9932
- C:\Windows\System\FsZKcry.exe
  C:\Windows\System\FsZKcry.exe
  2⤵
  PID:9332
- C:\Windows\System\DOfukug.exe
  C:\Windows\System\DOfukug.exe
  2⤵
  PID:9880
- C:\Windows\System\XEOMgDf.exe
  C:\Windows\System\XEOMgDf.exe
  2⤵
  PID:540
- C:\Windows\System\PEEnsIk.exe
  C:\Windows\System\PEEnsIk.exe
  2⤵
  PID:4756
- C:\Windows\System\pRienmh.exe
  C:\Windows\System\pRienmh.exe
  2⤵
  PID:10268
- C:\Windows\System\OHzoGaT.exe
  C:\Windows\System\OHzoGaT.exe
  2⤵
  PID:10300
- C:\Windows\System\TfwSjgH.exe
  C:\Windows\System\TfwSjgH.exe
  2⤵
  PID:10328
- C:\Windows\System\wejDibb.exe
  C:\Windows\System\wejDibb.exe
  2⤵
  PID:10356
- C:\Windows\System\KBUdNDH.exe
  C:\Windows\System\KBUdNDH.exe
  2⤵
  PID:10384
- C:\Windows\System\RqoMkLY.exe
  C:\Windows\System\RqoMkLY.exe
  2⤵
  PID:10412
- C:\Windows\System\UxcrBro.exe
  C:\Windows\System\UxcrBro.exe
  2⤵
  PID:10444
- C:\Windows\System\GirYqNC.exe
  C:\Windows\System\GirYqNC.exe
  2⤵
  PID:10472
- C:\Windows\System\nZZRJYm.exe
  C:\Windows\System\nZZRJYm.exe
  2⤵
  PID:10500
- C:\Windows\System\EGfMLlX.exe
  C:\Windows\System\EGfMLlX.exe
  2⤵
  PID:10528
- C:\Windows\System\rsBQQyB.exe
  C:\Windows\System\rsBQQyB.exe
  2⤵
  PID:10556
- C:\Windows\System\pbRZDbJ.exe
  C:\Windows\System\pbRZDbJ.exe
  2⤵
  PID:10584
- C:\Windows\System\TpKiMhl.exe
  C:\Windows\System\TpKiMhl.exe
  2⤵
  PID:10612
- C:\Windows\System\yEaOBEx.exe
  C:\Windows\System\yEaOBEx.exe
  2⤵
  PID:10640
- C:\Windows\System\iLGBWoj.exe
  C:\Windows\System\iLGBWoj.exe
  2⤵
  PID:10668
- C:\Windows\System\YRGjcHs.exe
  C:\Windows\System\YRGjcHs.exe
  2⤵
  PID:10696
- C:\Windows\System\jSVpYUM.exe
  C:\Windows\System\jSVpYUM.exe
  2⤵
  PID:10724
- C:\Windows\System\OxmNdoU.exe
  C:\Windows\System\OxmNdoU.exe
  2⤵
  PID:10752
- C:\Windows\System\WgpUjvq.exe
  C:\Windows\System\WgpUjvq.exe
  2⤵
  PID:10780
- C:\Windows\System\OPSJCVE.exe
  C:\Windows\System\OPSJCVE.exe
  2⤵
  PID:10808
- C:\Windows\System\JrYpjwh.exe
  C:\Windows\System\JrYpjwh.exe
  2⤵
  PID:10836
- C:\Windows\System\ZzRFKNW.exe
  C:\Windows\System\ZzRFKNW.exe
  2⤵
  PID:10864
- C:\Windows\System\xHMEzRW.exe
  C:\Windows\System\xHMEzRW.exe
  2⤵
  PID:10892
- C:\Windows\System\KLFKxnj.exe
  C:\Windows\System\KLFKxnj.exe
  2⤵
  PID:10920
- C:\Windows\System\WfOkwZy.exe
  C:\Windows\System\WfOkwZy.exe
  2⤵
  PID:10948
- C:\Windows\System\dkFoEqG.exe
  C:\Windows\System\dkFoEqG.exe
  2⤵
  PID:10976
- C:\Windows\System\qwBkdXt.exe
  C:\Windows\System\qwBkdXt.exe
  2⤵
  PID:11004
- C:\Windows\System\KjyeQsE.exe
  C:\Windows\System\KjyeQsE.exe
  2⤵
  PID:11032
- C:\Windows\System\TIgRunY.exe
  C:\Windows\System\TIgRunY.exe
  2⤵
  PID:11064
- C:\Windows\System\edtWssS.exe
  C:\Windows\System\edtWssS.exe
  2⤵
  PID:11088
- C:\Windows\System\cPIuEgZ.exe
  C:\Windows\System\cPIuEgZ.exe
  2⤵
  PID:11116
- C:\Windows\System\vJQEsni.exe
  C:\Windows\System\vJQEsni.exe
  2⤵
  PID:11144
- C:\Windows\System\XTSrawd.exe
  C:\Windows\System\XTSrawd.exe
  2⤵
  PID:11176
- C:\Windows\System\zCQeORq.exe
  C:\Windows\System\zCQeORq.exe
  2⤵
  PID:11204
- C:\Windows\System\LKHWSqx.exe
  C:\Windows\System\LKHWSqx.exe
  2⤵
  PID:11232
- C:\Windows\System\ttyWwTI.exe
  C:\Windows\System\ttyWwTI.exe
  2⤵
  PID:11260
- C:\Windows\System\qfDGxeO.exe
  C:\Windows\System\qfDGxeO.exe
  2⤵
  PID:10296
- C:\Windows\System\plWZrWo.exe
  C:\Windows\System\plWZrWo.exe
  2⤵
  PID:10368
- C:\Windows\System\Kadesfo.exe
  C:\Windows\System\Kadesfo.exe
  2⤵
  PID:10436
- C:\Windows\System\tyGnNOP.exe
  C:\Windows\System\tyGnNOP.exe
  2⤵
  PID:10524
- C:\Windows\System\CCfBqmE.exe
  C:\Windows\System\CCfBqmE.exe
  2⤵
  PID:10568
- C:\Windows\System\rvAGcpD.exe
  C:\Windows\System\rvAGcpD.exe
  2⤵
  PID:10632
- C:\Windows\System\DHIOYLv.exe
  C:\Windows\System\DHIOYLv.exe
  2⤵
  PID:10692
- C:\Windows\System\nqjaXlq.exe
  C:\Windows\System\nqjaXlq.exe
  2⤵
  PID:10764
- C:\Windows\System\NWfykHy.exe
  C:\Windows\System\NWfykHy.exe
  2⤵
  PID:10828
- C:\Windows\System\vlnhqyJ.exe
  C:\Windows\System\vlnhqyJ.exe
  2⤵
  PID:10888
- C:\Windows\System\LDZhxDw.exe
  C:\Windows\System\LDZhxDw.exe
  2⤵
  PID:10960
- C:\Windows\System\jhzkKTn.exe
  C:\Windows\System\jhzkKTn.exe
  2⤵
  PID:11016
- C:\Windows\System\MxdCRwV.exe
  C:\Windows\System\MxdCRwV.exe
  2⤵
  PID:11080
- C:\Windows\System\aAhwnJm.exe
  C:\Windows\System\aAhwnJm.exe
  2⤵
  PID:11140
- C:\Windows\System\FejsNwE.exe
  C:\Windows\System\FejsNwE.exe
  2⤵
  PID:11216
- C:\Windows\System\TCCHqXK.exe
  C:\Windows\System\TCCHqXK.exe
  2⤵
  PID:10284
- C:\Windows\System\RoTxpQT.exe
  C:\Windows\System\RoTxpQT.exe
  2⤵
  PID:10520
- C:\Windows\System\vbTVWdS.exe
  C:\Windows\System\vbTVWdS.exe
  2⤵
  PID:10596
- C:\Windows\System\cmykxcY.exe
  C:\Windows\System\cmykxcY.exe
  2⤵
  PID:10744
- C:\Windows\System\UMJqRmd.exe
  C:\Windows\System\UMJqRmd.exe
  2⤵
  PID:10884
- C:\Windows\System\nVYMWBi.exe
  C:\Windows\System\nVYMWBi.exe
  2⤵
  PID:11044
- C:\Windows\System\GGLHWNn.exe
  C:\Windows\System\GGLHWNn.exe
  2⤵
  PID:11196
- C:\Windows\System\AtEYtLT.exe
  C:\Windows\System\AtEYtLT.exe
  2⤵
  PID:10484
- C:\Windows\System\eFWosak.exe
  C:\Windows\System\eFWosak.exe
  2⤵
  PID:10820
- C:\Windows\System\RjleeTZ.exe
  C:\Windows\System\RjleeTZ.exe
  2⤵
  PID:11136
- C:\Windows\System\KBayiSm.exe
  C:\Windows\System\KBayiSm.exe
  2⤵
  PID:10720
- C:\Windows\System\JDExxRD.exe
  C:\Windows\System\JDExxRD.exe
  2⤵
  PID:11108
- C:\Windows\System\spVsWLJ.exe
  C:\Windows\System\spVsWLJ.exe
  2⤵
  PID:11284
- C:\Windows\System\kIzsJff.exe
  C:\Windows\System\kIzsJff.exe
  2⤵
  PID:11312
- C:\Windows\System\MiPawRA.exe
  C:\Windows\System\MiPawRA.exe
  2⤵
  PID:11340
- C:\Windows\System\aKPIOnF.exe
  C:\Windows\System\aKPIOnF.exe
  2⤵
  PID:11368
- C:\Windows\System\RqBJJde.exe
  C:\Windows\System\RqBJJde.exe
  2⤵
  PID:11396
- C:\Windows\System\wUmGmHt.exe
  C:\Windows\System\wUmGmHt.exe
  2⤵
  PID:11436
- C:\Windows\System\buBwBEd.exe
  C:\Windows\System\buBwBEd.exe
  2⤵
  PID:11452
- C:\Windows\System\NOTCjNr.exe
  C:\Windows\System\NOTCjNr.exe
  2⤵
  PID:11480
- C:\Windows\System\gLhHAOl.exe
  C:\Windows\System\gLhHAOl.exe
  2⤵
  PID:11508
- C:\Windows\System\CvkDuKA.exe
  C:\Windows\System\CvkDuKA.exe
  2⤵
  PID:11540
- C:\Windows\System\SsIDDzi.exe
  C:\Windows\System\SsIDDzi.exe
  2⤵
  PID:11568
- C:\Windows\System\XlXMPeF.exe
  C:\Windows\System\XlXMPeF.exe
  2⤵
  PID:11596
- C:\Windows\System\vjngmfM.exe
  C:\Windows\System\vjngmfM.exe
  2⤵
  PID:11624
- C:\Windows\System\BEROkXj.exe
  C:\Windows\System\BEROkXj.exe
  2⤵
  PID:11652
- C:\Windows\System\DdkMfYr.exe
  C:\Windows\System\DdkMfYr.exe
  2⤵
  PID:11684
- C:\Windows\System\UqdpIAq.exe
  C:\Windows\System\UqdpIAq.exe
  2⤵
  PID:11712
- C:\Windows\System\ZKwSXxm.exe
  C:\Windows\System\ZKwSXxm.exe
  2⤵
  PID:11740
- C:\Windows\System\nSotEYe.exe
  C:\Windows\System\nSotEYe.exe
  2⤵
  PID:11772
- C:\Windows\System\RnhnxYs.exe
  C:\Windows\System\RnhnxYs.exe
  2⤵
  PID:11800
- C:\Windows\System\njULFcU.exe
  C:\Windows\System\njULFcU.exe
  2⤵
  PID:11832
- C:\Windows\System\FZTNYsW.exe
  C:\Windows\System\FZTNYsW.exe
  2⤵
  PID:11856
- C:\Windows\System\BNHzfvj.exe
  C:\Windows\System\BNHzfvj.exe
  2⤵
  PID:11900
- C:\Windows\System\emuEmss.exe
  C:\Windows\System\emuEmss.exe
  2⤵
  PID:11920
- C:\Windows\System\BGAuBru.exe
  C:\Windows\System\BGAuBru.exe
  2⤵
  PID:11960
- C:\Windows\System\vUcmHeu.exe
  C:\Windows\System\vUcmHeu.exe
  2⤵
  PID:11996
- C:\Windows\System\EPlzPDw.exe
  C:\Windows\System\EPlzPDw.exe
  2⤵
  PID:12028
- C:\Windows\System\SKOHkvp.exe
  C:\Windows\System\SKOHkvp.exe
  2⤵
  PID:12072
- C:\Windows\System\HZxznAY.exe
  C:\Windows\System\HZxznAY.exe
  2⤵
  PID:12096
- C:\Windows\System\CnSetWK.exe
  C:\Windows\System\CnSetWK.exe
  2⤵
  PID:12124
- C:\Windows\System\gMIaeXY.exe
  C:\Windows\System\gMIaeXY.exe
  2⤵
  PID:12164
- C:\Windows\System\fqgfuCe.exe
  C:\Windows\System\fqgfuCe.exe
  2⤵
  PID:12184
- C:\Windows\System\wPmoYEs.exe
  C:\Windows\System\wPmoYEs.exe
  2⤵
  PID:12224
- C:\Windows\System\WeImqfn.exe
  C:\Windows\System\WeImqfn.exe
  2⤵
  PID:12272
- C:\Windows\System\KhRZORk.exe
  C:\Windows\System\KhRZORk.exe
  2⤵
  PID:11360
- C:\Windows\System\qZsdeZA.exe
  C:\Windows\System\qZsdeZA.exe
  2⤵
  PID:11444
- C:\Windows\System\QOYXWsa.exe
  C:\Windows\System\QOYXWsa.exe
  2⤵
  PID:11552
- C:\Windows\System\FSxKisJ.exe
  C:\Windows\System\FSxKisJ.exe
  2⤵
  PID:11620
- C:\Windows\System\owDWKhz.exe
  C:\Windows\System\owDWKhz.exe
  2⤵
  PID:11696
- C:\Windows\System\ogyNlzR.exe
  C:\Windows\System\ogyNlzR.exe
  2⤵
  PID:11736
- C:\Windows\System\ICXlLIH.exe
  C:\Windows\System\ICXlLIH.exe
  2⤵
  PID:11796
- C:\Windows\System\KROZDSV.exe
  C:\Windows\System\KROZDSV.exe
  2⤵
  PID:2236
- C:\Windows\System\EBwxTxM.exe
  C:\Windows\System\EBwxTxM.exe
  2⤵
  PID:11892
- C:\Windows\System\IHjEMKk.exe
  C:\Windows\System\IHjEMKk.exe
  2⤵
  PID:11940
- C:\Windows\System\QAKjVTs.exe
  C:\Windows\System\QAKjVTs.exe
  2⤵
  PID:12004
- C:\Windows\System\elPfnVx.exe
  C:\Windows\System\elPfnVx.exe
  2⤵
  PID:11908
- C:\Windows\System\kJKCSJp.exe
  C:\Windows\System\kJKCSJp.exe
  2⤵
  PID:4560
- C:\Windows\System\Cgaobsp.exe
  C:\Windows\System\Cgaobsp.exe
  2⤵
  PID:636
- C:\Windows\System\vnBrWVs.exe
  C:\Windows\System\vnBrWVs.exe
  2⤵
  PID:12060
- C:\Windows\System\lzFXTKy.exe
  C:\Windows\System\lzFXTKy.exe
  2⤵
  PID:12120
- C:\Windows\System\RYClqAC.exe
  C:\Windows\System\RYClqAC.exe
  2⤵
  PID:2404
- C:\Windows\System\jaYylWH.exe
  C:\Windows\System\jaYylWH.exe
  2⤵
  PID:2472
- C:\Windows\System\JewZYpJ.exe
  C:\Windows\System\JewZYpJ.exe
  2⤵
  PID:420
- C:\Windows\System\IckoLDS.exe
  C:\Windows\System\IckoLDS.exe
  2⤵
  PID:12172
- C:\Windows\System\BUveKCA.exe
  C:\Windows\System\BUveKCA.exe
  2⤵
  PID:12236
- C:\Windows\System\tlfXIIM.exe
  C:\Windows\System\tlfXIIM.exe
  2⤵
  PID:11336
- C:\Windows\System\RNlNozI.exe
  C:\Windows\System\RNlNozI.exe
  2⤵
  PID:11588
- C:\Windows\System\UzdZHgb.exe
  C:\Windows\System\UzdZHgb.exe
  2⤵
  PID:11660
- C:\Windows\System\jqLRgla.exe
  C:\Windows\System\jqLRgla.exe
  2⤵
  PID:11828
- C:\Windows\System\uavcaNs.exe
  C:\Windows\System\uavcaNs.exe
  2⤵
  PID:11988
- C:\Windows\System\DOMoRxQ.exe
  C:\Windows\System\DOMoRxQ.exe
  2⤵
  PID:3744
- C:\Windows\System\WdZHuoF.exe
  C:\Windows\System\WdZHuoF.exe
  2⤵
  PID:12144
- C:\Windows\System\oPxcQtS.exe
  C:\Windows\System\oPxcQtS.exe
  2⤵
  PID:3380
- C:\Windows\System\JfqNLdQ.exe
  C:\Windows\System\JfqNLdQ.exe
  2⤵
  PID:12112
- C:\Windows\System\cYnBIzg.exe
  C:\Windows\System\cYnBIzg.exe
  2⤵
  PID:11308
- C:\Windows\System\gBGeeMs.exe
  C:\Windows\System\gBGeeMs.exe
  2⤵
  PID:2596
- C:\Windows\System\wZRuKhu.exe
  C:\Windows\System\wZRuKhu.exe
  2⤵
  PID:952
- C:\Windows\System\YZbiGuu.exe
  C:\Windows\System\YZbiGuu.exe
  2⤵
  PID:12020
- C:\Windows\System\OASPasE.exe
  C:\Windows\System\OASPasE.exe
  2⤵
  PID:4156
- C:\Windows\System\jEsKXbZ.exe
  C:\Windows\System\jEsKXbZ.exe
  2⤵
  PID:4408
- C:\Windows\System\dvEJIlg.exe
  C:\Windows\System\dvEJIlg.exe
  2⤵
  PID:12220
- C:\Windows\System\WQnQAWe.exe
  C:\Windows\System\WQnQAWe.exe
  2⤵
  PID:5092
- C:\Windows\System\HNkTAyh.exe
  C:\Windows\System\HNkTAyh.exe
  2⤵
  PID:11808
- C:\Windows\System\FEbsnxy.exe
  C:\Windows\System\FEbsnxy.exe
  2⤵
  PID:4456
- C:\Windows\System\mgVAdoW.exe
  C:\Windows\System\mgVAdoW.exe
  2⤵
  PID:11304
- C:\Windows\System\rVVnIzu.exe
  C:\Windows\System\rVVnIzu.exe
  2⤵
  PID:440
- C:\Windows\System\JLUNizX.exe
  C:\Windows\System\JLUNizX.exe
  2⤵
  PID:11536
- C:\Windows\System\ihOlziG.exe
  C:\Windows\System\ihOlziG.exe
  2⤵
  PID:4236
- C:\Windows\System\mGnLwqA.exe
  C:\Windows\System\mGnLwqA.exe
  2⤵
  PID:3936
- C:\Windows\System\IFAQqER.exe
  C:\Windows\System\IFAQqER.exe
  2⤵
  PID:12308
- C:\Windows\System\OSJsYkA.exe
  C:\Windows\System\OSJsYkA.exe
  2⤵
  PID:12336
- C:\Windows\System\orlpTKe.exe
  C:\Windows\System\orlpTKe.exe
  2⤵
  PID:12364
- C:\Windows\System\AQpTzIL.exe
  C:\Windows\System\AQpTzIL.exe
  2⤵
  PID:12392
- C:\Windows\System\XpUKRzO.exe
  C:\Windows\System\XpUKRzO.exe
  2⤵
  PID:12420
- C:\Windows\System\qtfbQzo.exe
  C:\Windows\System\qtfbQzo.exe
  2⤵
  PID:12448
- C:\Windows\System\twakwmx.exe
  C:\Windows\System\twakwmx.exe
  2⤵
  PID:12476
- C:\Windows\System\NccmgYC.exe
  C:\Windows\System\NccmgYC.exe
  2⤵
  PID:12504
- C:\Windows\System\NjxiFOt.exe
  C:\Windows\System\NjxiFOt.exe
  2⤵
  PID:12532
- C:\Windows\System\GwtjCmJ.exe
  C:\Windows\System\GwtjCmJ.exe
  2⤵
  PID:12564
- C:\Windows\System\StCDdAP.exe
  C:\Windows\System\StCDdAP.exe
  2⤵
  PID:12592
- C:\Windows\System\GFyyhgN.exe
  C:\Windows\System\GFyyhgN.exe
  2⤵
  PID:12632
- C:\Windows\System\hLTvcGZ.exe
  C:\Windows\System\hLTvcGZ.exe
  2⤵
  PID:12648
- C:\Windows\System\rxNXIrO.exe
  C:\Windows\System\rxNXIrO.exe
  2⤵
  PID:12676
- C:\Windows\System\CyUQkpD.exe
  C:\Windows\System\CyUQkpD.exe
  2⤵
  PID:12704
- C:\Windows\System\dQQofCe.exe
  C:\Windows\System\dQQofCe.exe
  2⤵
  PID:12732
- C:\Windows\System\ZFmXecl.exe
  C:\Windows\System\ZFmXecl.exe
  2⤵
  PID:12760
- C:\Windows\System\FRuCfQK.exe
  C:\Windows\System\FRuCfQK.exe
  2⤵
  PID:12788
- C:\Windows\System\XOBoTNf.exe
  C:\Windows\System\XOBoTNf.exe
  2⤵
  PID:12816
- C:\Windows\System\mlyzsmS.exe
  C:\Windows\System\mlyzsmS.exe
  2⤵
  PID:12844
- C:\Windows\System\vIYBPjf.exe
  C:\Windows\System\vIYBPjf.exe
  2⤵
  PID:12872
- C:\Windows\System\oPxFGwY.exe
  C:\Windows\System\oPxFGwY.exe
  2⤵
  PID:12900
- C:\Windows\System\tNVFngF.exe
  C:\Windows\System\tNVFngF.exe
  2⤵
  PID:12928
- C:\Windows\System\TNfcVHd.exe
  C:\Windows\System\TNfcVHd.exe
  2⤵
  PID:12956
- C:\Windows\System\HBwcixy.exe
  C:\Windows\System\HBwcixy.exe
  2⤵
  PID:12984
- C:\Windows\System\CsyKCKl.exe
  C:\Windows\System\CsyKCKl.exe
  2⤵
  PID:13012
- C:\Windows\System\GMelmoY.exe
  C:\Windows\System\GMelmoY.exe
  2⤵
  PID:13040
- C:\Windows\System\CfmzuRv.exe
  C:\Windows\System\CfmzuRv.exe
  2⤵
  PID:13068
- C:\Windows\System\oySmyaP.exe
  C:\Windows\System\oySmyaP.exe
  2⤵
  PID:13096
- C:\Windows\System\ceHcHOz.exe
  C:\Windows\System\ceHcHOz.exe
  2⤵
  PID:13124
- C:\Windows\System\FmZEWUk.exe
  C:\Windows\System\FmZEWUk.exe
  2⤵
  PID:13152
- C:\Windows\System\SkVPhue.exe
  C:\Windows\System\SkVPhue.exe
  2⤵
  PID:13180
- C:\Windows\System\tsaneGp.exe
  C:\Windows\System\tsaneGp.exe
  2⤵
  PID:13208
- C:\Windows\System\YIioaQo.exe
  C:\Windows\System\YIioaQo.exe
  2⤵
  PID:13236
- C:\Windows\System\SkmLhEb.exe
  C:\Windows\System\SkmLhEb.exe
  2⤵
  PID:13264
- C:\Windows\System\GxeDmJj.exe
  C:\Windows\System\GxeDmJj.exe
  2⤵
  PID:13292
- C:\Windows\System\qkricSW.exe
  C:\Windows\System\qkricSW.exe
  2⤵
  PID:12300
- C:\Windows\System\IjBILMH.exe
  C:\Windows\System\IjBILMH.exe
  2⤵
  PID:2356
- C:\Windows\System\LlzlPkG.exe
  C:\Windows\System\LlzlPkG.exe
  2⤵
  PID:3512
- C:\Windows\System\kdXznKa.exe
  C:\Windows\System\kdXznKa.exe
  2⤵
  PID:2220
- C:\Windows\System\wEFdkLB.exe
  C:\Windows\System\wEFdkLB.exe
  2⤵
  PID:12468
- C:\Windows\System\GxJmKlH.exe
  C:\Windows\System\GxJmKlH.exe
  2⤵
  PID:12516
- C:\Windows\System\urdVRFa.exe
  C:\Windows\System\urdVRFa.exe
  2⤵
  PID:12556
- C:\Windows\System\gFVamFN.exe
  C:\Windows\System\gFVamFN.exe
  2⤵
  PID:12612
- C:\Windows\System\gNZbmjU.exe
  C:\Windows\System\gNZbmjU.exe
  2⤵
  PID:3384
- C:\Windows\System\QzwBBBu.exe
  C:\Windows\System\QzwBBBu.exe
  2⤵
  PID:12700
- C:\Windows\System\ivhMWTf.exe
  C:\Windows\System\ivhMWTf.exe
  2⤵
  PID:12772
- C:\Windows\System\OrYyXlQ.exe
  C:\Windows\System\OrYyXlQ.exe
  2⤵
  PID:5080
- C:\Windows\System\tnEvLBS.exe
  C:\Windows\System\tnEvLBS.exe
  2⤵
  PID:12864
- C:\Windows\System\rbTESZf.exe
  C:\Windows\System\rbTESZf.exe
  2⤵
  PID:12912
- C:\Windows\System\SZqJWXU.exe
  C:\Windows\System\SZqJWXU.exe
  2⤵
  PID:1376
- C:\Windows\System\UtJDqGk.exe
  C:\Windows\System\UtJDqGk.exe
  2⤵
  PID:13032
- C:\Windows\System\PBiDdlX.exe
  C:\Windows\System\PBiDdlX.exe
  2⤵
  PID:13088
- C:\Windows\System\xTFMObp.exe
  C:\Windows\System\xTFMObp.exe
  2⤵
  PID:13144
- C:\Windows\System\qAdyzOf.exe
  C:\Windows\System\qAdyzOf.exe
  2⤵
  PID:13176
- C:\Windows\System\MyVtvCV.exe
  C:\Windows\System\MyVtvCV.exe
  2⤵
  PID:2916
- C:\Windows\System\esAGOMa.exe
  C:\Windows\System\esAGOMa.exe
  2⤵
  PID:13256
- C:\Windows\System\NTmgobL.exe
  C:\Windows\System\NTmgobL.exe
  2⤵
  PID:13288
- C:\Windows\System\kZRaOyw.exe
  C:\Windows\System\kZRaOyw.exe
  2⤵
  PID:4972
- C:\Windows\System\nqUIEFD.exe
  C:\Windows\System\nqUIEFD.exe
  2⤵
  PID:4568
- C:\Windows\System\mLOpaOA.exe
  C:\Windows\System\mLOpaOA.exe
  2⤵
  PID:3520
- C:\Windows\System\yFVDrnb.exe
  C:\Windows\System\yFVDrnb.exe
  2⤵
  PID:3464
- C:\Windows\System\elrFXmp.exe
  C:\Windows\System\elrFXmp.exe
  2⤵
  PID:5160
- C:\Windows\System\RZewBMd.exe
  C:\Windows\System\RZewBMd.exe
  2⤵
  PID:5188
- C:\Windows\System\WCxolcG.exe
  C:\Windows\System\WCxolcG.exe
  2⤵
  PID:12752
- C:\Windows\System\RRnHrwe.exe
  C:\Windows\System\RRnHrwe.exe
  2⤵
  PID:12840
- C:\Windows\System\KdeVTdY.exe
  C:\Windows\System\KdeVTdY.exe
  2⤵
  PID:12896
- C:\Windows\System\KwTRcpM.exe
  C:\Windows\System\KwTRcpM.exe
  2⤵
  PID:1620
- C:\Windows\System\jQGKKTi.exe
  C:\Windows\System\jQGKKTi.exe
  2⤵
  PID:5484
- C:\Windows\System\UURsItG.exe
  C:\Windows\System\UURsItG.exe
  2⤵
  PID:2060
- C:\Windows\System\SOHTvIT.exe
  C:\Windows\System\SOHTvIT.exe
  2⤵
  PID:1840
- C:\Windows\System\qzuOKfv.exe
  C:\Windows\System\qzuOKfv.exe
  2⤵
  PID:5564
- C:\Windows\System\DaeoTBK.exe
  C:\Windows\System\DaeoTBK.exe
  2⤵
  PID:2268
- C:\Windows\System\cwESVAo.exe
  C:\Windows\System\cwESVAo.exe
  2⤵
  PID:12388
- C:\Windows\System\MnoZTvt.exe
  C:\Windows\System\MnoZTvt.exe
  2⤵
  PID:5664
- C:\Windows\System\lNoYGie.exe
  C:\Windows\System\lNoYGie.exe
  2⤵
  PID:2844
- C:\Windows\System\LFEFdbD.exe
  C:\Windows\System\LFEFdbD.exe
  2⤵
  PID:12696
- C:\Windows\System\tqxFrsl.exe
  C:\Windows\System\tqxFrsl.exe
  2⤵
  PID:12828
- C:\Windows\System\PvEVFXw.exe
  C:\Windows\System\PvEVFXw.exe
  2⤵
  PID:5804
- C:\Windows\System\ULHnEsV.exe
  C:\Windows\System\ULHnEsV.exe
  2⤵
  PID:2764
- C:\Windows\System\fiwzCCN.exe
  C:\Windows\System\fiwzCCN.exe
  2⤵
  PID:5884
- C:\Windows\System\SaTSYlk.exe
  C:\Windows\System\SaTSYlk.exe
  2⤵
  PID:5540
- C:\Windows\System\bPdIuRT.exe
  C:\Windows\System\bPdIuRT.exe
  2⤵
  PID:13284
- C:\Windows\System\fktbhcs.exe
  C:\Windows\System\fktbhcs.exe
  2⤵
  PID:6020
- C:\Windows\System\nLHzEHE.exe
  C:\Windows\System\nLHzEHE.exe
  2⤵
  PID:5720
- C:\Windows\System\bEKErmk.exe
  C:\Windows\System\bEKErmk.exe
  2⤵
  PID:12812
- C:\Windows\System\WmbnLVh.exe
  C:\Windows\System\WmbnLVh.exe
  2⤵
  PID:5832
- C:\Windows\System\eSDaIDg.exe
  C:\Windows\System\eSDaIDg.exe
  2⤵
  PID:13172
- C:\Windows\System\bZDCFXC.exe
  C:\Windows\System\bZDCFXC.exe
  2⤵
  PID:12384
- C:\Windows\System\kJUvDTv.exe
  C:\Windows\System\kJUvDTv.exe
  2⤵
  PID:5304
- C:\Windows\System\xfWxmsV.exe
  C:\Windows\System\xfWxmsV.exe
  2⤵
  PID:2156
- C:\Windows\System\dvtpHFi.exe
  C:\Windows\System\dvtpHFi.exe
  2⤵
  PID:4300
- C:\Windows\System\niByYkU.exe
  C:\Windows\System\niByYkU.exe
  2⤵
  PID:4588
- C:\Windows\System\GcTXdjb.exe
  C:\Windows\System\GcTXdjb.exe
  2⤵
  PID:2608
- C:\Windows\System\RlhYvIC.exe
  C:\Windows\System\RlhYvIC.exe
  2⤵
  PID:5740
- C:\Windows\System\XGLmUgx.exe
  C:\Windows\System\XGLmUgx.exe
  2⤵
  PID:5688
- C:\Windows\System\OzIooQY.exe
  C:\Windows\System\OzIooQY.exe
  2⤵
  PID:12940
- C:\Windows\System\WodoMaY.exe
  C:\Windows\System\WodoMaY.exe
  2⤵
  PID:5752
- C:\Windows\System\RezcowR.exe
  C:\Windows\System\RezcowR.exe
  2⤵
  PID:5780
- C:\Windows\System\IoLtBho.exe
  C:\Windows\System\IoLtBho.exe
  2⤵
  PID:13340
- C:\Windows\System\PXtvvDC.exe
  C:\Windows\System\PXtvvDC.exe
  2⤵
  PID:13368
- C:\Windows\System\BQhHrQI.exe
  C:\Windows\System\BQhHrQI.exe
  2⤵
  PID:13400
- C:\Windows\System\WvNNxUW.exe
  C:\Windows\System\WvNNxUW.exe
  2⤵
  PID:13428
- C:\Windows\System\BeqaBES.exe
  C:\Windows\System\BeqaBES.exe
  2⤵
  PID:13456
- C:\Windows\System\DeVGHie.exe
  C:\Windows\System\DeVGHie.exe
  2⤵
  PID:13484
- C:\Windows\System\AgTZfvq.exe
  C:\Windows\System\AgTZfvq.exe
  2⤵
  PID:13512
- C:\Windows\System\EmBRwLI.exe
  C:\Windows\System\EmBRwLI.exe
  2⤵
  PID:13540
- C:\Windows\System\dXAtygA.exe
  C:\Windows\System\dXAtygA.exe
  2⤵
  PID:13568
- C:\Windows\System\axMALbR.exe
  C:\Windows\System\axMALbR.exe
  2⤵
  PID:13596
- C:\Windows\System\okAjSoS.exe
  C:\Windows\System\okAjSoS.exe
  2⤵
  PID:13624
- C:\Windows\System\QuDxZmY.exe
  C:\Windows\System\QuDxZmY.exe
  2⤵
  PID:13652
- C:\Windows\System\OCPSGnM.exe
  C:\Windows\System\OCPSGnM.exe
  2⤵
  PID:13680
- C:\Windows\System\qlXQSyv.exe
  C:\Windows\System\qlXQSyv.exe
  2⤵
  PID:13708
- C:\Windows\System\SZFRnHb.exe
  C:\Windows\System\SZFRnHb.exe
  2⤵
  PID:13736
- C:\Windows\System\HiGBfIl.exe
  C:\Windows\System\HiGBfIl.exe
  2⤵
  PID:13764
- C:\Windows\System\VDyTMMN.exe
  C:\Windows\System\VDyTMMN.exe
  2⤵
  PID:13796
- C:\Windows\System\gkuRYeh.exe
  C:\Windows\System\gkuRYeh.exe
  2⤵
  PID:13824
- C:\Windows\System\jiTenFM.exe
  C:\Windows\System\jiTenFM.exe
  2⤵
  PID:13852
- C:\Windows\System\pbkmeAh.exe
  C:\Windows\System\pbkmeAh.exe
  2⤵
  PID:13880
- C:\Windows\System\mtrCOVf.exe
  C:\Windows\System\mtrCOVf.exe
  2⤵
  PID:13908
- C:\Windows\System\yHGIXyy.exe
  C:\Windows\System\yHGIXyy.exe
  2⤵
  PID:13936
- C:\Windows\System\cKScmZB.exe
  C:\Windows\System\cKScmZB.exe
  2⤵
  PID:13964
- C:\Windows\System\KCHBGNz.exe
  C:\Windows\System\KCHBGNz.exe
  2⤵
  PID:13992
- C:\Windows\System\UflXIzQ.exe
  C:\Windows\System\UflXIzQ.exe
  2⤵
  PID:14020
- C:\Windows\System\UIqDIfL.exe
  C:\Windows\System\UIqDIfL.exe
  2⤵
  PID:14048
- C:\Windows\System\pjtSTJI.exe
  C:\Windows\System\pjtSTJI.exe
  2⤵
  PID:14076
- C:\Windows\System\GDyBOKn.exe
  C:\Windows\System\GDyBOKn.exe
  2⤵
  PID:14104
- C:\Windows\System\nYcProB.exe
  C:\Windows\System\nYcProB.exe
  2⤵
  PID:14132
- C:\Windows\System\teAbawH.exe
  C:\Windows\System\teAbawH.exe
  2⤵
  PID:14160
- C:\Windows\System\VqTJEVP.exe
  C:\Windows\System\VqTJEVP.exe
  2⤵
  PID:14200
- C:\Windows\System\vvTLUhT.exe
  C:\Windows\System\vvTLUhT.exe
  2⤵
  PID:14216
- C:\Windows\System\ImfuEiI.exe
  C:\Windows\System\ImfuEiI.exe
  2⤵
  PID:14244
- C:\Windows\System\mmYkgqb.exe
  C:\Windows\System\mmYkgqb.exe
  2⤵
  PID:14272
- C:\Windows\System\sDDmEJt.exe
  C:\Windows\System\sDDmEJt.exe
  2⤵
  PID:14300
- C:\Windows\System\zeFIFDM.exe
  C:\Windows\System\zeFIFDM.exe
  2⤵
  PID:14328
- C:\Windows\System\DWzTlFa.exe
  C:\Windows\System\DWzTlFa.exe
  2⤵
  PID:13360
- C:\Windows\System\zDYsfQL.exe
  C:\Windows\System\zDYsfQL.exe
  2⤵
  PID:3692
- C:\Windows\System\WGdNbHf.exe
  C:\Windows\System\WGdNbHf.exe
  2⤵
  PID:1392
- C:\Windows\System\tEFVrtt.exe
  C:\Windows\System\tEFVrtt.exe
  2⤵
  PID:13440
- C:\Windows\System\cbMNuQr.exe
  C:\Windows\System\cbMNuQr.exe
  2⤵
  PID:13504
- C:\Windows\System\YKkcWCj.exe
  C:\Windows\System\YKkcWCj.exe
  2⤵
  PID:13536
- C:\Windows\System\fDILKvp.exe
  C:\Windows\System\fDILKvp.exe
  2⤵
  PID:13608
- C:\Windows\System\VSVNhqJ.exe
  C:\Windows\System\VSVNhqJ.exe
  2⤵
  PID:13672
- C:\Windows\System\xbyDJbi.exe
  C:\Windows\System\xbyDJbi.exe
  2⤵
  PID:13720
- C:\Windows\System\itpNjsc.exe
  C:\Windows\System\itpNjsc.exe
  2⤵
  PID:13760
- C:\Windows\System\sQeOMFx.exe
  C:\Windows\System\sQeOMFx.exe
  2⤵
  PID:13816
- C:\Windows\System\FrkNFzm.exe
  C:\Windows\System\FrkNFzm.exe
  2⤵
  PID:13876
- C:\Windows\System\cpZTdqh.exe
  C:\Windows\System\cpZTdqh.exe
  2⤵
  PID:13928
- C:\Windows\System\SvetWSD.exe
  C:\Windows\System\SvetWSD.exe
  2⤵
  PID:13988
- C:\Windows\System\wlGNAnt.exe
  C:\Windows\System\wlGNAnt.exe
  2⤵
  PID:14032
- C:\Windows\System\bSaslNR.exe
  C:\Windows\System\bSaslNR.exe
  2⤵
  PID:14096
- C:\Windows\System\jDpWjsS.exe
  C:\Windows\System\jDpWjsS.exe
  2⤵
  PID:14140
- C:\Windows\System\cOErrVd.exe
  C:\Windows\System\cOErrVd.exe
  2⤵
  PID:5224
- C:\Windows\System\gzHeKdB.exe
  C:\Windows\System\gzHeKdB.exe
  2⤵
  PID:4824
- C:\Windows\System\XXdDryD.exe
  C:\Windows\System\XXdDryD.exe
  2⤵
  PID:14208
- C:\Windows\System\Zwieblt.exe
  C:\Windows\System\Zwieblt.exe
  2⤵
  PID:14256
- C:\Windows\System\wyTvGfS.exe
  C:\Windows\System\wyTvGfS.exe
  2⤵
  PID:6436
- C:\Windows\System\bqQatBl.exe
  C:\Windows\System\bqQatBl.exe
  2⤵
  PID:6472
- C:\Windows\System\aHOkLQf.exe
  C:\Windows\System\aHOkLQf.exe
  2⤵
  PID:4656
- C:\Windows\System\qVAZAJB.exe
  C:\Windows\System\qVAZAJB.exe
  2⤵
  PID:13420
- C:\Windows\System\TzIIcCD.exe
  C:\Windows\System\TzIIcCD.exe
  2⤵
  PID:5776
- C:\Windows\System\YyRksgH.exe
  C:\Windows\System\YyRksgH.exe
  2⤵
  PID:13588
- C:\Windows\System\LXnOPmN.exe
  C:\Windows\System\LXnOPmN.exe
  2⤵
  PID:5500
- C:\Windows\System\SpCFGag.exe
  C:\Windows\System\SpCFGag.exe
  2⤵
  PID:6004
- C:\Windows\System\QpLhnfh.exe
  C:\Windows\System\QpLhnfh.exe
  2⤵
  PID:6740
- C:\Windows\System\ddhkTzp.exe
  C:\Windows\System\ddhkTzp.exe
  2⤵
  PID:6768
- C:\Windows\System\pAjgapy.exe
  C:\Windows\System\pAjgapy.exe
  2⤵
  PID:14012
- C:\Windows\System\pEdqgUU.exe
  C:\Windows\System\pEdqgUU.exe
  2⤵
  PID:14088
- C:\Windows\System\bHySUsK.exe
  C:\Windows\System\bHySUsK.exe
  2⤵
  PID:4348
- C:\Windows\System\uJKfKKo.exe
  C:\Windows\System\uJKfKKo.exe
  2⤵
  PID:5140
- C:\Windows\System\EhAvfsf.exe
  C:\Windows\System\EhAvfsf.exe
  2⤵
  PID:6996
- C:\Windows\System\naJkpQz.exe
  C:\Windows\System\naJkpQz.exe
  2⤵
  PID:7020
- C:\Windows\System\dhuJNRb.exe
  C:\Windows\System\dhuJNRb.exe
  2⤵
  PID:13384
- C:\Windows\System\ytPSXkv.exe
  C:\Windows\System\ytPSXkv.exe
  2⤵
  PID:13468
- C:\Windows\System\eAvRyRJ.exe
  C:\Windows\System\eAvRyRJ.exe
  2⤵
  PID:6596
- C:\Windows\System\dKSXavq.exe
  C:\Windows\System\dKSXavq.exe
  2⤵
  PID:6264
- C:\Windows\System\LRsUPeA.exe
  C:\Windows\System\LRsUPeA.exe
  2⤵
  PID:6488
- C:\Windows\System\HABKPuO.exe
  C:\Windows\System\HABKPuO.exe
  2⤵
  PID:6880
- C:\Windows\System\jLdvsvJ.exe
  C:\Windows\System\jLdvsvJ.exe
  2⤵
  PID:6196
- C:\Windows\System\jWZKFFP.exe
  C:\Windows\System\jWZKFFP.exe
  2⤵
  PID:14148
- C:\Windows\System\Ysswspk.exe
  C:\Windows\System\Ysswspk.exe
  2⤵
  PID:6328
- C:\Windows\System\shlNlww.exe
  C:\Windows\System\shlNlww.exe
  2⤵
  PID:6496
- C:\Windows\System\oTURcHe.exe
  C:\Windows\System\oTURcHe.exe
  2⤵
  PID:6548
- C:\Windows\System\icDtGtz.exe
  C:\Windows\System\icDtGtz.exe
  2⤵
  PID:6600
- C:\Windows\System\zcFFyUh.exe
  C:\Windows\System\zcFFyUh.exe
  2⤵
  PID:6688
- C:\Windows\System\EAQkbHu.exe
  C:\Windows\System\EAQkbHu.exe
  2⤵
  PID:13892
- C:\Windows\System\LsMCfjF.exe
  C:\Windows\System\LsMCfjF.exe
  2⤵
  PID:6160
- C:\Windows\System\aeXBYRR.exe
  C:\Windows\System\aeXBYRR.exe
  2⤵
  PID:6920

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzkxQzU2QjEtRjVGMS00NUIwLTkyMzEtNERBQzY1NTNBQzc4fSIgdXNlcmlkPSJ7OTIyMzFENkYtN0EyMi00N0Q3LUJFNzAtRENBODQ5NUM2NDM1fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NUJCMDEyODAtODk4Ni00ODMzLUEzNTItREM4NDAzOTZEOUEzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI1IiBpbnN0YWxsZGF0ZXRpbWU9IjE3MzkyODMzNzEiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4Mzc1NDE5Mjc1MzAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MjkxNzYzNzM0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:5968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AGMrLIk.exe

Filesize
6.0MB

MD5
49110e6e0f6ed5bf1f38c7a456a61ea4

SHA1
ba8917bb85642d8d80a5a683b38a6c25e15c9f84

SHA256
d4e2fd3c7a64a42ec6219aa77313a9eeb03349c34248ded0e5d154ae975c0c84

SHA512
6cfbda99e224f7adc5dac61a76ba8cc2bb3b80d89a72fc8c215ddd5052955bef6eb86753a7c3147f3806cc5a095004504593226984dcaed22f3a9d40d8e5646d

Download Submit
C:\Windows\System\Bhhajir.exe

Filesize
6.0MB

MD5
a54ac894b157b6f3903d309c02a20bd0

SHA1
adcefdb3721d6d5af3ed1c1f75e3aaef2e02066e

SHA256
54f61917c0ac5dea787c563350c084a7b32a09dcbd36e6f5f35f9dc3445f0615

SHA512
41721689918c27894c93084636479a539d1892fc576ee669fc9e01bd1d69b74153cb23059c4bd5b319a250e9604ce79ebeac37ba37ff2980220f28b8d63d72a4

Download Submit
C:\Windows\System\DVumlXa.exe

Filesize
6.0MB

MD5
64e9e422d99dcc4caba01c908b936f17

SHA1
5e2127a5e373734d5ffe63dc40aed77b355215fc

SHA256
9855a7b3e9db730704dd418111b9a269d815d608da7cb723084ad3df23c0bc02

SHA512
c733f0abc898449ad0449c57c3ee27f958167f43e8adad83e7d79af484032098dc94e127bcfcd3fca1f2457b293763ea256b8e2ee660835ec30e4d294c812329

Download Submit
C:\Windows\System\ErvJKQw.exe

Filesize
6.0MB

MD5
3c7759356edcd78c1aa08af824e7bebb

SHA1
c14969b8fe77b68cf38906418bc002c593168a70

SHA256
ac9d26385022c3800483bc9f32f9701a1da330ba0b45c2b77bf537e627094040

SHA512
b437315a2916a2ed956efb397d6f77586e2dd38e699e96ad006f7621256f2db94bbb4fa6c069271ce3c0af0a3ea9cd3fe716ea7eec3a3243b875c9337ebce1cb

Download Submit
C:\Windows\System\EuSaEjg.exe

Filesize
6.0MB

MD5
570d9647b123bf98b27c4d0b3b47c22f

SHA1
3c0d5eb9f818178e685971ef9ed0254112c4c429

SHA256
ffb5e69b3bc9fda7e719120d1aafceb706989633b06b44ab545ba6aeb05b7929

SHA512
297b9a66b23bb58c961e8575a6ef4f37b725bf9c9aaba2d86b7f3581d75c7ee6c31a946f9d1737761e31230836e39fb89226f76fa07a485309d514edd6d746a9

Download Submit
C:\Windows\System\IsCqOGa.exe

Filesize
6.0MB

MD5
e8710217825a69875724a0ee99242824

SHA1
733cde47c5e5e10ee2513c600bf4c86e389b3271

SHA256
d523ce1778e4ff248d5fa1da6d3265600f876bdca3fbfadaa34a87e7e84d48bf

SHA512
a1591164a79f17704bfdd5c7769a0552d98640ea20a765ee59c4811905bda6003b963af2305ab0a251a25f4e97c6de6dc5e2086f49cad9a8f58cd396f46b2f66

Download Submit
C:\Windows\System\LqVXoZi.exe

Filesize
6.0MB

MD5
30b01fb3a6fba09dff657cf7c69d4010

SHA1
7e226a0facc09b2cc65c9d21cb5dff50e9278f4c

SHA256
d27e1304b3ae4c6640b013815ff261c7be2992bffa9f662e99277b345fbc4dad

SHA512
b3a35373ec73bdd65dd9bb601d70bd60482798ec5b73457a4bb4143cbfba493009ba2db0ad812c80d97631141847d4f5fb5e9e86a74a7cb22b3b0266921e17fd

Download Submit
C:\Windows\System\MdwRfbB.exe

Filesize
6.0MB

MD5
24173e4f8be4e348c5ae2caed04a5d81

SHA1
9543ddcb83feac0bc67101b0482c30ff85feb1c2

SHA256
94ddbe0f9cf90726c0078b4f38bcad2035ff379c8441a8fcd2da9dc8670a553b

SHA512
c086f66e5367c984d1d40557d763135d76d3fc84e26dd1720e3af316f3759fc9c16bf161e47416e1ea670fe345736d06ba2c789de9cdc959a33bfd89a40788a3

Download Submit
C:\Windows\System\OJxEotd.exe

Filesize
6.0MB

MD5
80386948886d2f6c0eda9750cab934b0

SHA1
d6cdcaa3c396a5297105fb532fe13d79b1a4b73b

SHA256
d44f5e84b54463b41d1e261bb94b88e960c481cd797b5c2818fb0fcc8ae32de0

SHA512
d0d685f5c9d3d92f9204e618f80c6ab10add5ca9a090edaee7c8712c76deda178f4713df198f268a6811bb58e9d7733cd7780960da7150731780c403b6fbf4f2

Download Submit
C:\Windows\System\OoDTXke.exe

Filesize
6.0MB

MD5
08bd5a376678604e7f06ae4fbd8c59cc

SHA1
11d15a872b257516f11260cfd4fe3d9cb667ae6a

SHA256
46c74bd5c82beef35ef39da45ff7b96dbf0cdcb6e70e82d7e73d1ef99fb4ca86

SHA512
b272695955769c304afe528c785a6ebe22058246dc6f5e26f0dc4431777359816b97155affa1435b959c6463e5f5970a5dd7546614a66130a2e70892ba9663b2

Download Submit
C:\Windows\System\PUWxyPJ.exe

Filesize
6.0MB

MD5
2aabfb0c97c74d911e7b7f9ccd15e577

SHA1
fb5fa4da3816ffbd02b58702627688effe1cdbcf

SHA256
989838d2796f31b7e36f0440041485c08a9d30182e2ccf2bbcffdf9cda11e1cd

SHA512
d80619fdc78dc921921c4cc715c7e02cd1b01c224b80b3d8aca63adceda7a39a349f89d96f58613c24a6fbabb4793c18c5473022a5aee61dee42052bfbfab977

Download Submit
C:\Windows\System\RoBIgIT.exe

Filesize
6.0MB

MD5
632242e4b307dccf308fd820ef9138f8

SHA1
bc8c56deb8e1692d1d742bc179c46cccdf9fd1ef

SHA256
e696f29ace89603e50db06ce79bc8954593d00d93a6e80bf4ff6d4abcb5466f9

SHA512
22484654390d48cab193c02ccae2576ed9463c55c53f5f4f1c2d914148c98432891c5725cf6906e4d129dcf6e62617e0f12f093199a343922727cbe15bbafe99

Download Submit
C:\Windows\System\SwBEFFI.exe

Filesize
6.0MB

MD5
1d1c8375dc3de76b12fbd7af639e1e9c

SHA1
ed61207714b84518cf141058e4c6458c1e3d9246

SHA256
c60b75b8d332e4ac8be84edf9e6507ae68fd4c884c8ef1227526d6e52dc3230c

SHA512
b327debeaedc2418285d0ef6955a258a5d2bc99fe9973a698aaafb53ca05903f4681874fc7872b1cebd3f1f71026b162c7f4349d5e2ec8e7219610705a6f1544

Download Submit
C:\Windows\System\VbJryKW.exe

Filesize
6.0MB

MD5
4e3ccd04fbee94c97a3bacbb58dfc589

SHA1
5b5d45cce80cd7c97551422f3fe06099ce32382b

SHA256
e057a8f60586710d7ff582c773433365e00eed95735d7f9d5832e2ce1a16929f

SHA512
a683a4f10e99aa12e2723e8fb096b42503470d5f1c5698efbdc10b5637767d330e1cb715e7e554eecda25c64cf2e3a48f1b78bc759e0c42c1f3bdbce16701692

Download Submit
C:\Windows\System\XGaJYlk.exe

Filesize
6.0MB

MD5
ceed3a9ac08edb7719875f40da7ef592

SHA1
00a9bec569c3c124471518345ffca874e71ce62f

SHA256
c1271f8019ae32ee066ac9fc025f5ee2dd99f243b58cf9f54e3f10952e7d30f6

SHA512
c8c0f52d29ab4f8aac4a58db3bf38eca0c8a59341e9ef6c51604bdddd7a7bad061e6ecc7a648b9bb19ff66d0b712cf1646b8838f83c22e422b807fade7056835

Download Submit
C:\Windows\System\YoJnKSX.exe

Filesize
6.0MB

MD5
bb3d1711b304f61c3983f4959a50c3b1

SHA1
85efc6969ba45773bf17e69d49c2ed171da1adc7

SHA256
0a1acbb9777bbb1b7f67d63c246889fac8ec882b5ffda9fbe95d19b60b9c913e

SHA512
ca2fc3dcdd135cf5df06dcb72c7057cac898095be4171b026d8573c27dbef5dfd4df6e9c88db894103e4879e1f50a5e053c0a0213d072338202d0b07e4e96c0c

Download Submit
C:\Windows\System\YtdfgBU.exe

Filesize
6.0MB

MD5
548a3c2eb94fd9a8ae4b09a4ad64a8f9

SHA1
f90e49ce3e2009687729f990165ed27e6aec5199

SHA256
92db2aeea03a20e69cea1d5c3d23d10cfecd91f154b1064604d56c9e21eafe9f

SHA512
3e8990fcccadb81b8316bec580665ff013faecee58b62928d0215b170f3635c8cb2b9d80f8c097a638d35782418da6fbd9f77080233d694fafdb3d3b5e7d9163

Download Submit
C:\Windows\System\aQhVmKP.exe

Filesize
6.0MB

MD5
c6e1e462520d295ac88175a36857e666

SHA1
cf42d377cb6896c3fa1706fa18d0918db23b645f

SHA256
ffe38c17ef89f0b2c76c61bd43f8969d39cf8cc84e61d7994d1821e3b59e87e6

SHA512
b980868dd0dc0ecdd71c1d53c8c759ce4c23898997f2023dc5a20272bbe2c74093bb7539718314c37ece86f3642ea281578050e40752d38d1691df8663010a34

Download Submit
C:\Windows\System\aSofiSj.exe

Filesize
6.0MB

MD5
57a0300a5d4fc66693637052a1d5b0c1

SHA1
ce07490d0fe1d428d19a05bc338d8c8719595e57

SHA256
ac503aa29e8d8735f0bde6d91926a074e9c76badddfa10c2db00d44f80493a3b

SHA512
26f17c3fa5ebcaf00e6d2fe336c4b0c60dc7adc27b7c4cef9427387029b148fd06fcfb9519239791fddea24f0719dd98f4fbd143764771d6266f2d416eded83a

Download Submit
C:\Windows\System\btzMbZW.exe

Filesize
6.0MB

MD5
492b8a60fc7feccfbb23c1e873fd026e

SHA1
5addcc30721d4faffcc4170354f9b73abfabce0e

SHA256
f8a79b2395b376a5a5d436d02c09cf875f1d721103cf0b758a212011abc1c1d7

SHA512
03a124f7a18ae74e6cf5959c27c00580df18e2a55b315cc09d2a8b5b29a75dc4e172716e82cf33a8b972b55a3019e0b4bf4d2610b52d4c821415c0d1a6184ded

Download Submit
C:\Windows\System\gFZBoKz.exe

Filesize
6.0MB

MD5
aafa46b40b7eed964d652911c559edd6

SHA1
ea135ae257f5b05bca48bd249d09c3a24f1858d7

SHA256
1558d9f8c2f564d90368df098831ac3594ef12bf7e67d00519addc264324e320

SHA512
14b8c96446db46d00d6d56389b3079564cb33c6643f3311a9c164dceb6291947d89974fbf9bae76f1e6159e08766c0de2853218baa92fb34b1e8527341304874

Download Submit
C:\Windows\System\gKTpUfx.exe

Filesize
6.0MB

MD5
b1d23c7086943609505528ab9ff5cc1e

SHA1
6d0cdbf3c1495575a66fedb32e2734ff47af2dd2

SHA256
f086a9c676f46e0c7eb0c68114ab4166b2e6d55e53e7143c25a2ae8eae6a6784

SHA512
f3b0b104af347003ae710df51389d3802188311cf89bee57ad889e9d4a965c1a21387126c34e76c4b4826fff04190c3bc934f33d281b6f2dc4ded2294db90204

Download Submit
C:\Windows\System\irCoRnb.exe

Filesize
6.0MB

MD5
7b25a503e12a1bbe4135119878220213

SHA1
214487f240147b2d55c1e57b298cbf1f27ff4b30

SHA256
69bb8076fa807888bff03c2475a24686e4836cd1649479a975955e7d519a4e62

SHA512
eab8142bd710884d4a488376fcbd39419fd00e0e2d62e95f4daa82982b0756a96c1ca8e8dc0bacd92ae6466e1c6a338384597f856c97af7bb3acbafca26c847a

Download Submit
C:\Windows\System\jMoWeBd.exe

Filesize
6.0MB

MD5
9a2c09556ae7deed892f1b3e8a1b5747

SHA1
3ad7276085f6bdb874c8ac0b77c24523c2798b7d

SHA256
66be77aeecb0fc2d4ceb92926f1e113033b110ee8b35f5ba522cb2b505578934

SHA512
50aed5afbc37389483016fedc3b6ba710f6b49e69439e047b7389d49b6012652a126a33140ae362f9a0dd89595beffd8b9c762624108520d37a8f9fe7215338d

Download Submit
C:\Windows\System\jVakpFf.exe

Filesize
6.0MB

MD5
4e0a8905b6efceee550fbbd772fc75c9

SHA1
f7c26f078e890a084d1ff541d8a48c35d8d1b598

SHA256
92fb9ae92f93fa59d69948f8c886067a9aae1dba253cb575785bf5d88e75bf3b

SHA512
8d96385d1888aea75e8281b3c765304d9e0aaca762c569815a2e6aced1a4fdac559e30e3ad76ee30800194d06b70bfca680ef3f83a39f03b585e12f395f2507b

Download Submit
C:\Windows\System\qfOimls.exe

Filesize
6.0MB

MD5
a7373bfa8290b2d4e1d346dcb11e95c4

SHA1
36e19277851b5bd8bf732d192344c3e40c25ba16

SHA256
d683800122d64f0edb8b532fb13f2b401084361fcf72e55cef616a4ccfba2408

SHA512
4687af72e78d7b9d6d2f201e0abff82dd0186e978d4da6cea2369102b8ead7bed91e58ed6a3ff12a10870b494ff2c9d29787d8fa3e3d1cd9840d7a3e762d6378

Download Submit
C:\Windows\System\uQUjREe.exe

Filesize
6.0MB

MD5
a384a5fb67949fb0fbb872215f1cb3a2

SHA1
5c5aec0bf29ffa8c41317db1b0cf348ad32d5c8d

SHA256
3e3a66fa4d7bc62ec04f533c9a2e925c1ddeff9958a47471052490b08b9f1390

SHA512
fc8ee2e16b391d4084208dc7e6105d87d3b254b467e08618cc85475c28c06b91a9328b53b129b49788e55f2a20f108602fde267d35e08953d4da8a66e62fabdf

Download Submit
C:\Windows\System\uXHTSkS.exe

Filesize
6.0MB

MD5
82e765f5c5a64a8f756a87ff87cee9a7

SHA1
7d1c4dfd8f48f7221cbf48b3638fe8e78b3cd84b

SHA256
1edd9c169a29dd125ad7bcb94d41bddba0a5cd80ea0781b41fdd5a12f0c1ae61

SHA512
59e6de1fb25b6ca84e98c13e51f31fa0874d8122626c7967607b4edba357177426eb53effb031121607574eeb10140dae1a9e728013970832c53637c9540fac7

Download Submit
C:\Windows\System\xXCdSMM.exe

Filesize
6.0MB

MD5
1086ccab26e12d415b08ee0d63df48d4

SHA1
bac0c49f99d9c718d251bf4c8232b7d4b7fd6794

SHA256
43f67ac47c005fab1d3bc612e3890e6b88f7d57d578bc76c6c172e50cb41b229

SHA512
dddf82a61b390525f69e96ae195bf22d7efd519a9092862972cf1d741524d56314986b5c772719d8fb44a97c316cccfd35dca78d3fa756fac0f64d5b6c31283e

Download Submit
C:\Windows\System\yVIccUv.exe

Filesize
6.0MB

MD5
9f4720ac67e005999d4f035d948f1b26

SHA1
fb4d229d2f069f5e8df2db793274b3b301cb6bb4

SHA256
6c6d6cba87fa5d2f2b89cd6f05269e27b81774c061ad3157fe3319f326bcf881

SHA512
64a8a40440e3331ec8862811e64dd1963bfcede63ca022d08d0cec7602559ff20d1b4643b20e48dd32c2fb0cb9da13e0d5470c96e2a0346bd37d93b59ba39323

Download Submit
C:\Windows\System\yoRhKJK.exe

Filesize
6.0MB

MD5
48efb3077437cb950317b6147dd87609

SHA1
fbfba017c8ef4b47aee22f523ae4b06639c4f0cf

SHA256
59d1d3196b754dffb1dec591b0ff1c4e73354aaf9751a0b8218496e86bb954df

SHA512
fa879d9d26f24bcd3de7ce174b33a7b8436d71e44ef29ab3e647f3f60b323656a55c042a1b5187e6c21f8ef3db83e51c3d726f0bc26718496a411443af04a413

Download Submit
C:\Windows\System\zANYcWY.exe

Filesize
6.0MB

MD5
f773b6fa3552a32e42353e006f5fb8e2

SHA1
60132092d6a901a46bace0ff683ed198daf86ecc

SHA256
e75b2264ddaccb7559d4fc39be402c416fb5d616ddbc590dea445600096ef0d1

SHA512
dd3f47321be9e4f8108b10edef56961de16aeaeabf0e0f0b6d2c6869d16f7ea07344146d3c80ab6b56f64a9c47cde7956f30e99015551a390d63794a90614ce3

Download Submit
memory/520-87-0x00007FF72FC30000-0x00007FF72FF84000-memory.dmp

Filesize
3.3MB

Download
memory/520-982-0x00007FF72FC30000-0x00007FF72FF84000-memory.dmp

Filesize
3.3MB

Download
memory/520-21-0x00007FF72FC30000-0x00007FF72FF84000-memory.dmp

Filesize
3.3MB

Download
memory/1140-1258-0x00007FF6969F0000-0x00007FF696D44000-memory.dmp

Filesize
3.3MB

Download
memory/1140-59-0x00007FF6969F0000-0x00007FF696D44000-memory.dmp

Filesize
3.3MB

Download
memory/1504-999-0x00007FF65BCD0000-0x00007FF65C024000-memory.dmp

Filesize
3.3MB

Download
memory/1504-44-0x00007FF65BCD0000-0x00007FF65C024000-memory.dmp

Filesize
3.3MB

Download
memory/1504-103-0x00007FF65BCD0000-0x00007FF65C024000-memory.dmp

Filesize
3.3MB

Download
memory/2068-1611-0x00007FF63E200000-0x00007FF63E554000-memory.dmp

Filesize
3.3MB

Download
memory/2068-166-0x00007FF63E200000-0x00007FF63E554000-memory.dmp

Filesize
3.3MB

Download
memory/2184-40-0x00007FF60F490000-0x00007FF60F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-988-0x00007FF60F490000-0x00007FF60F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2188-1616-0x00007FF7738E0000-0x00007FF773C34000-memory.dmp

Filesize
3.3MB

Download
memory/2188-182-0x00007FF7738E0000-0x00007FF773C34000-memory.dmp

Filesize
3.3MB

Download
memory/2212-177-0x00007FF691560000-0x00007FF6918B4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-1603-0x00007FF691560000-0x00007FF6918B4000-memory.dmp

Filesize
3.3MB

Download
memory/2256-994-0x00007FF659D80000-0x00007FF65A0D4000-memory.dmp

Filesize
3.3MB

Download
memory/2256-29-0x00007FF659D80000-0x00007FF65A0D4000-memory.dmp

Filesize
3.3MB

Download
memory/2256-90-0x00007FF659D80000-0x00007FF65A0D4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-0-0x00007FF6947B0000-0x00007FF694B04000-memory.dmp

Filesize
3.3MB

Download
memory/2264-1-0x0000027313E20000-0x0000027313E30000-memory.dmp

Filesize
64KB

Download
memory/2264-81-0x00007FF6947B0000-0x00007FF694B04000-memory.dmp

Filesize
3.3MB

Download
memory/2296-1620-0x00007FF6FED60000-0x00007FF6FF0B4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-181-0x00007FF6FED60000-0x00007FF6FF0B4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-257-0x00007FF749970000-0x00007FF749CC4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-71-0x00007FF749970000-0x00007FF749CC4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-1266-0x00007FF749970000-0x00007FF749CC4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-47-0x00007FF7286B0000-0x00007FF728A04000-memory.dmp

Filesize
3.3MB

Download
memory/2532-174-0x00007FF7286B0000-0x00007FF728A04000-memory.dmp

Filesize
3.3MB

Download
memory/2532-1262-0x00007FF7286B0000-0x00007FF728A04000-memory.dmp

Filesize
3.3MB

Download
memory/2568-73-0x00007FF720C00000-0x00007FF720F54000-memory.dmp

Filesize
3.3MB

Download
memory/2568-1267-0x00007FF720C00000-0x00007FF720F54000-memory.dmp

Filesize
3.3MB

Download
memory/2568-307-0x00007FF720C00000-0x00007FF720F54000-memory.dmp

Filesize
3.3MB

Download
memory/2776-135-0x00007FF6BE9A0000-0x00007FF6BECF4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-1587-0x00007FF6BE9A0000-0x00007FF6BECF4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-1622-0x00007FF7FE170000-0x00007FF7FE4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-129-0x00007FF7FE170000-0x00007FF7FE4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-460-0x00007FF7FE170000-0x00007FF7FE4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-1604-0x00007FF6FCC20000-0x00007FF6FCF74000-memory.dmp

Filesize
3.3MB

Download
memory/2804-504-0x00007FF6FCC20000-0x00007FF6FCF74000-memory.dmp

Filesize
3.3MB

Download
memory/2804-145-0x00007FF6FCC20000-0x00007FF6FCF74000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1595-0x00007FF6972B0000-0x00007FF697604000-memory.dmp

Filesize
3.3MB

Download
memory/2904-137-0x00007FF6972B0000-0x00007FF697604000-memory.dmp

Filesize
3.3MB

Download
memory/2908-503-0x00007FF7B6170000-0x00007FF7B64C4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-1588-0x00007FF7B6170000-0x00007FF7B64C4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-109-0x00007FF7B6170000-0x00007FF7B64C4000-memory.dmp

Filesize
3.3MB

Download
memory/3300-171-0x00007FF7E0540000-0x00007FF7E0894000-memory.dmp

Filesize
3.3MB

Download
memory/3300-1614-0x00007FF7E0540000-0x00007FF7E0894000-memory.dmp

Filesize
3.3MB

Download
memory/3300-540-0x00007FF7E0540000-0x00007FF7E0894000-memory.dmp

Filesize
3.3MB

Download
memory/3352-998-0x00007FF642DD0000-0x00007FF643124000-memory.dmp

Filesize
3.3MB

Download
memory/3352-46-0x00007FF642DD0000-0x00007FF643124000-memory.dmp

Filesize
3.3MB

Download
memory/3676-1261-0x00007FF630C80000-0x00007FF630FD4000-memory.dmp

Filesize
3.3MB

Download
memory/3676-134-0x00007FF630C80000-0x00007FF630FD4000-memory.dmp

Filesize
3.3MB

Download
memory/3676-45-0x00007FF630C80000-0x00007FF630FD4000-memory.dmp

Filesize
3.3MB

Download
memory/3952-219-0x00007FF6467E0000-0x00007FF646B34000-memory.dmp

Filesize
3.3MB

Download
memory/3952-1270-0x00007FF6467E0000-0x00007FF646B34000-memory.dmp

Filesize
3.3MB

Download
memory/3952-67-0x00007FF6467E0000-0x00007FF646B34000-memory.dmp

Filesize
3.3MB

Download
memory/4128-1599-0x00007FF67BDE0000-0x00007FF67C134000-memory.dmp

Filesize
3.3MB

Download
memory/4128-140-0x00007FF67BDE0000-0x00007FF67C134000-memory.dmp

Filesize
3.3MB

Download
memory/4128-539-0x00007FF67BDE0000-0x00007FF67C134000-memory.dmp

Filesize
3.3MB

Download
memory/4288-8-0x00007FF6F2790000-0x00007FF6F2AE4000-memory.dmp

Filesize
3.3MB

Download
memory/4288-960-0x00007FF6F2790000-0x00007FF6F2AE4000-memory.dmp

Filesize
3.3MB

Download
memory/4432-1566-0x00007FF726660000-0x00007FF7269B4000-memory.dmp

Filesize
3.3MB

Download
memory/4432-96-0x00007FF726660000-0x00007FF7269B4000-memory.dmp

Filesize
3.3MB

Download
memory/4464-1265-0x00007FF73FFB0000-0x00007FF740304000-memory.dmp

Filesize
3.3MB

Download
memory/4464-305-0x00007FF73FFB0000-0x00007FF740304000-memory.dmp

Filesize
3.3MB

Download
memory/4464-72-0x00007FF73FFB0000-0x00007FF740304000-memory.dmp

Filesize
3.3MB

Download
memory/4476-1577-0x00007FF7EAB70000-0x00007FF7EAEC4000-memory.dmp

Filesize
3.3MB

Download
memory/4476-456-0x00007FF7EAB70000-0x00007FF7EAEC4000-memory.dmp

Filesize
3.3MB

Download
memory/4476-97-0x00007FF7EAB70000-0x00007FF7EAEC4000-memory.dmp

Filesize
3.3MB

Download
memory/4672-1583-0x00007FF6A6790000-0x00007FF6A6AE4000-memory.dmp

Filesize
3.3MB

Download
memory/4672-459-0x00007FF6A6790000-0x00007FF6A6AE4000-memory.dmp

Filesize
3.3MB

Download
memory/4672-113-0x00007FF6A6790000-0x00007FF6A6AE4000-memory.dmp

Filesize
3.3MB

Download
memory/4792-170-0x00007FF72AC00000-0x00007FF72AF54000-memory.dmp

Filesize
3.3MB

Download
memory/4792-505-0x00007FF72AC00000-0x00007FF72AF54000-memory.dmp

Filesize
3.3MB

Download
memory/4792-1617-0x00007FF72AC00000-0x00007FF72AF54000-memory.dmp

Filesize
3.3MB

Download
memory/5068-180-0x00007FF72DD40000-0x00007FF72E094000-memory.dmp

Filesize
3.3MB

Download
memory/5068-1621-0x00007FF72DD40000-0x00007FF72E094000-memory.dmp

Filesize
3.3MB

Download