cobaltstrike | ef7672a43b6aa6fe53a53fc9b25d1539a460904b28ee9953ef8062e005fae70a

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250207-en
resource tags

arch:x64arch:x86image:win10v2004-20250207-enlocale:en-usos:windows10-2004-x64system
submitted
16/02/2025, 23:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

f817ddf0c0c78432de01a460972609c3
SHA1

367d0d7ce032843a94e12f053a20a3b8af3cdf14
SHA256

ef7672a43b6aa6fe53a53fc9b25d1539a460904b28ee9953ef8062e005fae70a
SHA512

38292ac749d53f82803a1309bb6d2a953e339a0e6fac8c7250824a71b1c2d8364993fb67d6d0d57ad39b2f76e4e1a6a1b9f3257670ef7cbcda550b1cfac40f99
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU2:T+q56utgpPF8u/72

Score

10^/10

cobaltstrike xmrig 0 backdoor discovery miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000a000000023e19-6.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e20-12.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e22-22.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e23-30.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e24-37.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e21-16.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e25-42.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023e1d-47.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e26-54.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e27-60.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e28-69.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e29-78.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e2a-82.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e2b-90.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e2c-96.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e2e-109.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e2d-106.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e2f-119.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e36-136.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e37-148.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e35-134.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e33-126.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e38-152.dat	cobalt_reflective_dll
behavioral2/files/0x000900000001da78-159.dat	cobalt_reflective_dll
behavioral2/files/0x000d000000023cee-164.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023e31-168.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e39-183.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e3a-195.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e3b-200.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023e34-184.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e3c-205.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e3d-208.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1076-0-0x00007FF66E610000-0x00007FF66E964000-memory.dmp	xmrig
behavioral2/memory/852-8-0x00007FF6FEC90000-0x00007FF6FEFE4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023e19-6.dat	xmrig
behavioral2/files/0x0007000000023e20-12.dat	xmrig
behavioral2/files/0x0007000000023e22-22.dat	xmrig
behavioral2/memory/3272-18-0x00007FF6B7CA0000-0x00007FF6B7FF4000-memory.dmp	xmrig
behavioral2/memory/3520-28-0x00007FF723620000-0x00007FF723974000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e23-30.dat	xmrig
behavioral2/files/0x0007000000023e24-37.dat	xmrig
behavioral2/memory/4768-36-0x00007FF603050000-0x00007FF6033A4000-memory.dmp	xmrig
behavioral2/memory/1092-24-0x00007FF7E63D0000-0x00007FF7E6724000-memory.dmp	xmrig
behavioral2/memory/4884-17-0x00007FF6F18A0000-0x00007FF6F1BF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e21-16.dat	xmrig
behavioral2/files/0x0007000000023e25-42.dat	xmrig
behavioral2/files/0x0008000000023e1d-47.dat	xmrig
behavioral2/files/0x0007000000023e26-54.dat	xmrig
behavioral2/memory/4912-55-0x00007FF7C4300000-0x00007FF7C4654000-memory.dmp	xmrig
behavioral2/memory/3188-49-0x00007FF7DFA80000-0x00007FF7DFDD4000-memory.dmp	xmrig
behavioral2/memory/552-43-0x00007FF6C05F0000-0x00007FF6C0944000-memory.dmp	xmrig
behavioral2/memory/1076-58-0x00007FF66E610000-0x00007FF66E964000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e27-60.dat	xmrig
behavioral2/memory/3104-64-0x00007FF7C3F10000-0x00007FF7C4264000-memory.dmp	xmrig
behavioral2/memory/4884-63-0x00007FF6F18A0000-0x00007FF6F1BF4000-memory.dmp	xmrig
behavioral2/memory/852-62-0x00007FF6FEC90000-0x00007FF6FEFE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e28-69.dat	xmrig
behavioral2/memory/3708-72-0x00007FF623780000-0x00007FF623AD4000-memory.dmp	xmrig
behavioral2/memory/3272-76-0x00007FF6B7CA0000-0x00007FF6B7FF4000-memory.dmp	xmrig
behavioral2/memory/5020-77-0x00007FF6F4D30000-0x00007FF6F5084000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e29-78.dat	xmrig
behavioral2/files/0x0007000000023e2a-82.dat	xmrig
behavioral2/memory/4728-84-0x00007FF797390000-0x00007FF7976E4000-memory.dmp	xmrig
behavioral2/memory/1092-83-0x00007FF7E63D0000-0x00007FF7E6724000-memory.dmp	xmrig
behavioral2/memory/3520-87-0x00007FF723620000-0x00007FF723974000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e2b-90.dat	xmrig
behavioral2/memory/3928-92-0x00007FF6E0620000-0x00007FF6E0974000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e2c-96.dat	xmrig
behavioral2/memory/4768-91-0x00007FF603050000-0x00007FF6033A4000-memory.dmp	xmrig
behavioral2/memory/2444-103-0x00007FF62E170000-0x00007FF62E4C4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e2e-109.dat	xmrig
behavioral2/memory/4792-110-0x00007FF72C490000-0x00007FF72C7E4000-memory.dmp	xmrig
behavioral2/memory/4912-112-0x00007FF7C4300000-0x00007FF7C4654000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e2d-106.dat	xmrig
behavioral2/memory/3188-105-0x00007FF7DFA80000-0x00007FF7DFDD4000-memory.dmp	xmrig
behavioral2/memory/552-100-0x00007FF6C05F0000-0x00007FF6C0944000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e2f-119.dat	xmrig
behavioral2/memory/3568-123-0x00007FF6C5B70000-0x00007FF6C5EC4000-memory.dmp	xmrig
behavioral2/memory/3104-125-0x00007FF7C3F10000-0x00007FF7C4264000-memory.dmp	xmrig
behavioral2/memory/2660-131-0x00007FF7CC1A0000-0x00007FF7CC4F4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e36-136.dat	xmrig
behavioral2/memory/2196-139-0x00007FF6A8180000-0x00007FF6A84D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e37-148.dat	xmrig
behavioral2/memory/4024-147-0x00007FF617510000-0x00007FF617864000-memory.dmp	xmrig
behavioral2/memory/4728-145-0x00007FF797390000-0x00007FF7976E4000-memory.dmp	xmrig
behavioral2/memory/5020-138-0x00007FF6F4D30000-0x00007FF6F5084000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e35-134.dat	xmrig
behavioral2/memory/1880-132-0x00007FF7E76E0000-0x00007FF7E7A34000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e33-126.dat	xmrig
behavioral2/memory/3460-115-0x00007FF7A67F0000-0x00007FF7A6B44000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e38-152.dat	xmrig
behavioral2/files/0x000900000001da78-159.dat	xmrig
behavioral2/files/0x000d000000023cee-164.dat	xmrig
behavioral2/files/0x0008000000023e31-168.dat	xmrig
behavioral2/memory/2892-166-0x00007FF792A20000-0x00007FF792D74000-memory.dmp	xmrig
behavioral2/memory/4840-156-0x00007FF665EA0000-0x00007FF6661F4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
852	EBlrkIi.exe
4884	jwTnLAf.exe
3272	LybPSgq.exe
1092	tPZIEJD.exe
3520	zdValOD.exe
4768	BHgPLSY.exe
552	xisjvmD.exe
3188	jdKGiGX.exe
4912	OvefprK.exe
3104	WJtrHSn.exe
3708	XKlkhNX.exe
5020	reQacDF.exe
4728	qAFNSPr.exe
3928	pWklXQi.exe
2444	GOCemca.exe
4792	IGyQjWq.exe
3460	xZkRlZb.exe
3568	oexECyK.exe
2660	NgAoOZU.exe
1880	pSmFuVa.exe
2196	isoSEnW.exe
4024	TdzLplR.exe
4840	SIWEqJX.exe
2892	BbdEctr.exe
2708	mMYEnvo.exe
2316	pDBkPwz.exe
1664	oQNexXF.exe
4136	ZpAexbL.exe
2456	GXaTnxR.exe
2496	gCuYBAo.exe
2512	CmcdqeV.exe
2284	pUdvUpL.exe
2328	JxOcLct.exe
764	xyhkKvj.exe
2252	LvVIiPu.exe
704	CIcbPpx.exe
2140	teuWrCx.exe
768	yGnTORa.exe
1740	ofLAFZx.exe
4108	XIQfhaV.exe
4404	dRCIHpG.exe
3700	UmYxHek.exe
4004	hemxexV.exe
2256	GvVIWeN.exe
1356	ICZmmTL.exe
1424	uaNCrpS.exe
8	CjiFweH.exe
2752	YqNOvvb.exe
1916	xOMAYWX.exe
1248	yyJBsOu.exe
1240	tnZunhh.exe
2020	aeiQVmG.exe
2688	WWvmgLd.exe
1920	clWeUlf.exe
5096	nvGoqAx.exe
2396	xHtVmQR.exe
2084	dCIeFtP.exe
2292	vDCEGSA.exe
2036	enEiKqA.exe
4272	tKZZetF.exe
2228	oGrxTtV.exe
1016	YVhMbPA.exe
4512	yWUjwdA.exe
232	GkCZOCF.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1076-0-0x00007FF66E610000-0x00007FF66E964000-memory.dmp	upx
behavioral2/memory/852-8-0x00007FF6FEC90000-0x00007FF6FEFE4000-memory.dmp	upx
behavioral2/files/0x000a000000023e19-6.dat	upx
behavioral2/files/0x0007000000023e20-12.dat	upx
behavioral2/files/0x0007000000023e22-22.dat	upx
behavioral2/memory/3272-18-0x00007FF6B7CA0000-0x00007FF6B7FF4000-memory.dmp	upx
behavioral2/memory/3520-28-0x00007FF723620000-0x00007FF723974000-memory.dmp	upx
behavioral2/files/0x0007000000023e23-30.dat	upx
behavioral2/files/0x0007000000023e24-37.dat	upx
behavioral2/memory/4768-36-0x00007FF603050000-0x00007FF6033A4000-memory.dmp	upx
behavioral2/memory/1092-24-0x00007FF7E63D0000-0x00007FF7E6724000-memory.dmp	upx
behavioral2/memory/4884-17-0x00007FF6F18A0000-0x00007FF6F1BF4000-memory.dmp	upx
behavioral2/files/0x0007000000023e21-16.dat	upx
behavioral2/files/0x0007000000023e25-42.dat	upx
behavioral2/files/0x0008000000023e1d-47.dat	upx
behavioral2/files/0x0007000000023e26-54.dat	upx
behavioral2/memory/4912-55-0x00007FF7C4300000-0x00007FF7C4654000-memory.dmp	upx
behavioral2/memory/3188-49-0x00007FF7DFA80000-0x00007FF7DFDD4000-memory.dmp	upx
behavioral2/memory/552-43-0x00007FF6C05F0000-0x00007FF6C0944000-memory.dmp	upx
behavioral2/memory/1076-58-0x00007FF66E610000-0x00007FF66E964000-memory.dmp	upx
behavioral2/files/0x0007000000023e27-60.dat	upx
behavioral2/memory/3104-64-0x00007FF7C3F10000-0x00007FF7C4264000-memory.dmp	upx
behavioral2/memory/4884-63-0x00007FF6F18A0000-0x00007FF6F1BF4000-memory.dmp	upx
behavioral2/memory/852-62-0x00007FF6FEC90000-0x00007FF6FEFE4000-memory.dmp	upx
behavioral2/files/0x0007000000023e28-69.dat	upx
behavioral2/memory/3708-72-0x00007FF623780000-0x00007FF623AD4000-memory.dmp	upx
behavioral2/memory/3272-76-0x00007FF6B7CA0000-0x00007FF6B7FF4000-memory.dmp	upx
behavioral2/memory/5020-77-0x00007FF6F4D30000-0x00007FF6F5084000-memory.dmp	upx
behavioral2/files/0x0007000000023e29-78.dat	upx
behavioral2/files/0x0007000000023e2a-82.dat	upx
behavioral2/memory/4728-84-0x00007FF797390000-0x00007FF7976E4000-memory.dmp	upx
behavioral2/memory/1092-83-0x00007FF7E63D0000-0x00007FF7E6724000-memory.dmp	upx
behavioral2/memory/3520-87-0x00007FF723620000-0x00007FF723974000-memory.dmp	upx
behavioral2/files/0x0007000000023e2b-90.dat	upx
behavioral2/memory/3928-92-0x00007FF6E0620000-0x00007FF6E0974000-memory.dmp	upx
behavioral2/files/0x0007000000023e2c-96.dat	upx
behavioral2/memory/4768-91-0x00007FF603050000-0x00007FF6033A4000-memory.dmp	upx
behavioral2/memory/2444-103-0x00007FF62E170000-0x00007FF62E4C4000-memory.dmp	upx
behavioral2/files/0x0007000000023e2e-109.dat	upx
behavioral2/memory/4792-110-0x00007FF72C490000-0x00007FF72C7E4000-memory.dmp	upx
behavioral2/memory/4912-112-0x00007FF7C4300000-0x00007FF7C4654000-memory.dmp	upx
behavioral2/files/0x0007000000023e2d-106.dat	upx
behavioral2/memory/3188-105-0x00007FF7DFA80000-0x00007FF7DFDD4000-memory.dmp	upx
behavioral2/memory/552-100-0x00007FF6C05F0000-0x00007FF6C0944000-memory.dmp	upx
behavioral2/files/0x0007000000023e2f-119.dat	upx
behavioral2/memory/3568-123-0x00007FF6C5B70000-0x00007FF6C5EC4000-memory.dmp	upx
behavioral2/memory/3104-125-0x00007FF7C3F10000-0x00007FF7C4264000-memory.dmp	upx
behavioral2/memory/2660-131-0x00007FF7CC1A0000-0x00007FF7CC4F4000-memory.dmp	upx
behavioral2/files/0x0007000000023e36-136.dat	upx
behavioral2/memory/2196-139-0x00007FF6A8180000-0x00007FF6A84D4000-memory.dmp	upx
behavioral2/files/0x0007000000023e37-148.dat	upx
behavioral2/memory/4024-147-0x00007FF617510000-0x00007FF617864000-memory.dmp	upx
behavioral2/memory/4728-145-0x00007FF797390000-0x00007FF7976E4000-memory.dmp	upx
behavioral2/memory/5020-138-0x00007FF6F4D30000-0x00007FF6F5084000-memory.dmp	upx
behavioral2/files/0x0007000000023e35-134.dat	upx
behavioral2/memory/1880-132-0x00007FF7E76E0000-0x00007FF7E7A34000-memory.dmp	upx
behavioral2/files/0x0007000000023e33-126.dat	upx
behavioral2/memory/3460-115-0x00007FF7A67F0000-0x00007FF7A6B44000-memory.dmp	upx
behavioral2/files/0x0007000000023e38-152.dat	upx
behavioral2/files/0x000900000001da78-159.dat	upx
behavioral2/files/0x000d000000023cee-164.dat	upx
behavioral2/files/0x0008000000023e31-168.dat	upx
behavioral2/memory/2892-166-0x00007FF792A20000-0x00007FF792D74000-memory.dmp	upx
behavioral2/memory/4840-156-0x00007FF665EA0000-0x00007FF6661F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ofLAFZx.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\enEiKqA.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lqBXQeZ.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pvYahQi.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rwhAPfc.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WGmHAzp.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UGrOmrB.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rLYDdJI.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RJvjnQQ.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\raOOeij.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CVVJObx.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qmEimka.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SfUzYJD.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ptGOmmQ.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xJqLuTC.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IQaCDgD.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hEkwtrr.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lbDebMj.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PYtjtso.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ieMBCqe.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GEZvUjD.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XCXyvEd.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SlvirKy.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MpzeaRl.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cGjKaYn.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PtvUGOK.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ULmVqgv.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FwWYoeJ.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MkPtNFe.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eOkjkCA.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sBRtQyt.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XIQfhaV.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fsCpppu.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKGZgZQ.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iLEGvic.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZMLtFJj.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oBVPcRD.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tRMWzbd.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RWXWSsU.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MhsDJuh.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FZPbCVn.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AJBBsVq.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ToPhOjP.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CpIwqAg.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ILsWsZs.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xJIpyNa.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tcUykQj.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vpNTeWC.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Kabpgyh.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\omylGlV.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VKcsMKz.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hIWTNvo.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\atjLrxE.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZARCWzr.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\recyFoS.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vIAcoCK.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gxgxiQX.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aFaDfgn.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jvjcARo.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qgwZtOB.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NmKnXRE.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tnZunhh.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rQXOSzl.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nFFpdAN.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3772	MicrosoftEdgeUpdate.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1076 wrote to memory of 852	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1076 wrote to memory of 852	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1076 wrote to memory of 4884	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1076 wrote to memory of 4884	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1076 wrote to memory of 3272	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1076 wrote to memory of 3272	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1076 wrote to memory of 1092	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1076 wrote to memory of 1092	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1076 wrote to memory of 3520	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1076 wrote to memory of 3520	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1076 wrote to memory of 4768	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1076 wrote to memory of 4768	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1076 wrote to memory of 552	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1076 wrote to memory of 552	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1076 wrote to memory of 3188	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1076 wrote to memory of 3188	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1076 wrote to memory of 4912	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1076 wrote to memory of 4912	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1076 wrote to memory of 3104	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1076 wrote to memory of 3104	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1076 wrote to memory of 3708	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1076 wrote to memory of 3708	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1076 wrote to memory of 5020	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1076 wrote to memory of 5020	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1076 wrote to memory of 4728	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1076 wrote to memory of 4728	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1076 wrote to memory of 3928	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1076 wrote to memory of 3928	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1076 wrote to memory of 2444	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1076 wrote to memory of 2444	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1076 wrote to memory of 4792	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1076 wrote to memory of 4792	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1076 wrote to memory of 3460	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1076 wrote to memory of 3460	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1076 wrote to memory of 3568	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1076 wrote to memory of 3568	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1076 wrote to memory of 2660	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1076 wrote to memory of 2660	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1076 wrote to memory of 1880	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1076 wrote to memory of 1880	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1076 wrote to memory of 2196	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1076 wrote to memory of 2196	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1076 wrote to memory of 4024	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1076 wrote to memory of 4024	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1076 wrote to memory of 4840	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 1076 wrote to memory of 4840	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 1076 wrote to memory of 2892	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 1076 wrote to memory of 2892	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 1076 wrote to memory of 2708	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 1076 wrote to memory of 2708	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 1076 wrote to memory of 2316	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 1076 wrote to memory of 2316	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 1076 wrote to memory of 1664	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	119
PID 1076 wrote to memory of 1664	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	119
PID 1076 wrote to memory of 4136	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	120
PID 1076 wrote to memory of 4136	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	120
PID 1076 wrote to memory of 2456	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	121
PID 1076 wrote to memory of 2456	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	121
PID 1076 wrote to memory of 2496	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	122
PID 1076 wrote to memory of 2496	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	122
PID 1076 wrote to memory of 2512	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	123
PID 1076 wrote to memory of 2512	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	123
PID 1076 wrote to memory of 2284	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	124
PID 1076 wrote to memory of 2284	1076	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	124

C:\Users\Admin\AppData\Local\Temp\2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1076
- C:\Windows\System\EBlrkIi.exe
  C:\Windows\System\EBlrkIi.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\jwTnLAf.exe
  C:\Windows\System\jwTnLAf.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\LybPSgq.exe
  C:\Windows\System\LybPSgq.exe
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\System\tPZIEJD.exe
  C:\Windows\System\tPZIEJD.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\zdValOD.exe
  C:\Windows\System\zdValOD.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\BHgPLSY.exe
  C:\Windows\System\BHgPLSY.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\xisjvmD.exe
  C:\Windows\System\xisjvmD.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\jdKGiGX.exe
  C:\Windows\System\jdKGiGX.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\OvefprK.exe
  C:\Windows\System\OvefprK.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\WJtrHSn.exe
  C:\Windows\System\WJtrHSn.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\XKlkhNX.exe
  C:\Windows\System\XKlkhNX.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\reQacDF.exe
  C:\Windows\System\reQacDF.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\qAFNSPr.exe
  C:\Windows\System\qAFNSPr.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\pWklXQi.exe
  C:\Windows\System\pWklXQi.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\GOCemca.exe
  C:\Windows\System\GOCemca.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\IGyQjWq.exe
  C:\Windows\System\IGyQjWq.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\xZkRlZb.exe
  C:\Windows\System\xZkRlZb.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\oexECyK.exe
  C:\Windows\System\oexECyK.exe
  2⤵
  - Executes dropped EXE
  PID:3568
- C:\Windows\System\NgAoOZU.exe
  C:\Windows\System\NgAoOZU.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\pSmFuVa.exe
  C:\Windows\System\pSmFuVa.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\isoSEnW.exe
  C:\Windows\System\isoSEnW.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\TdzLplR.exe
  C:\Windows\System\TdzLplR.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\SIWEqJX.exe
  C:\Windows\System\SIWEqJX.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\BbdEctr.exe
  C:\Windows\System\BbdEctr.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\mMYEnvo.exe
  C:\Windows\System\mMYEnvo.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\pDBkPwz.exe
  C:\Windows\System\pDBkPwz.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\oQNexXF.exe
  C:\Windows\System\oQNexXF.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\ZpAexbL.exe
  C:\Windows\System\ZpAexbL.exe
  2⤵
  - Executes dropped EXE
  PID:4136
- C:\Windows\System\GXaTnxR.exe
  C:\Windows\System\GXaTnxR.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\gCuYBAo.exe
  C:\Windows\System\gCuYBAo.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\CmcdqeV.exe
  C:\Windows\System\CmcdqeV.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\pUdvUpL.exe
  C:\Windows\System\pUdvUpL.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\JxOcLct.exe
  C:\Windows\System\JxOcLct.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\xyhkKvj.exe
  C:\Windows\System\xyhkKvj.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\LvVIiPu.exe
  C:\Windows\System\LvVIiPu.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\CIcbPpx.exe
  C:\Windows\System\CIcbPpx.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\teuWrCx.exe
  C:\Windows\System\teuWrCx.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\yGnTORa.exe
  C:\Windows\System\yGnTORa.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\ofLAFZx.exe
  C:\Windows\System\ofLAFZx.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\XIQfhaV.exe
  C:\Windows\System\XIQfhaV.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\dRCIHpG.exe
  C:\Windows\System\dRCIHpG.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\UmYxHek.exe
  C:\Windows\System\UmYxHek.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\hemxexV.exe
  C:\Windows\System\hemxexV.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\GvVIWeN.exe
  C:\Windows\System\GvVIWeN.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\ICZmmTL.exe
  C:\Windows\System\ICZmmTL.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\uaNCrpS.exe
  C:\Windows\System\uaNCrpS.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\CjiFweH.exe
  C:\Windows\System\CjiFweH.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\YqNOvvb.exe
  C:\Windows\System\YqNOvvb.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\xOMAYWX.exe
  C:\Windows\System\xOMAYWX.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\yyJBsOu.exe
  C:\Windows\System\yyJBsOu.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\tnZunhh.exe
  C:\Windows\System\tnZunhh.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\aeiQVmG.exe
  C:\Windows\System\aeiQVmG.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\WWvmgLd.exe
  C:\Windows\System\WWvmgLd.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\clWeUlf.exe
  C:\Windows\System\clWeUlf.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\nvGoqAx.exe
  C:\Windows\System\nvGoqAx.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\xHtVmQR.exe
  C:\Windows\System\xHtVmQR.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\dCIeFtP.exe
  C:\Windows\System\dCIeFtP.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\vDCEGSA.exe
  C:\Windows\System\vDCEGSA.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\enEiKqA.exe
  C:\Windows\System\enEiKqA.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\tKZZetF.exe
  C:\Windows\System\tKZZetF.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\oGrxTtV.exe
  C:\Windows\System\oGrxTtV.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\YVhMbPA.exe
  C:\Windows\System\YVhMbPA.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\yWUjwdA.exe
  C:\Windows\System\yWUjwdA.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\GkCZOCF.exe
  C:\Windows\System\GkCZOCF.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\FpRHGDw.exe
  C:\Windows\System\FpRHGDw.exe
  2⤵
  PID:2216
- C:\Windows\System\YQTqRUU.exe
  C:\Windows\System\YQTqRUU.exe
  2⤵
  PID:4640
- C:\Windows\System\iXrOvLT.exe
  C:\Windows\System\iXrOvLT.exe
  2⤵
  PID:784
- C:\Windows\System\HSXAKMe.exe
  C:\Windows\System\HSXAKMe.exe
  2⤵
  PID:2576
- C:\Windows\System\nlxJSLm.exe
  C:\Windows\System\nlxJSLm.exe
  2⤵
  PID:2516
- C:\Windows\System\vwuGCjG.exe
  C:\Windows\System\vwuGCjG.exe
  2⤵
  PID:4696
- C:\Windows\System\CbTCZRr.exe
  C:\Windows\System\CbTCZRr.exe
  2⤵
  PID:4384
- C:\Windows\System\tgJrvFR.exe
  C:\Windows\System\tgJrvFR.exe
  2⤵
  PID:2996
- C:\Windows\System\RhnACHj.exe
  C:\Windows\System\RhnACHj.exe
  2⤵
  PID:2124
- C:\Windows\System\LnYNUTm.exe
  C:\Windows\System\LnYNUTm.exe
  2⤵
  PID:2388
- C:\Windows\System\nvONbJm.exe
  C:\Windows\System\nvONbJm.exe
  2⤵
  PID:32
- C:\Windows\System\tzpTXrQ.exe
  C:\Windows\System\tzpTXrQ.exe
  2⤵
  PID:4324
- C:\Windows\System\ibRtjoT.exe
  C:\Windows\System\ibRtjoT.exe
  2⤵
  PID:2132
- C:\Windows\System\dkLtZaS.exe
  C:\Windows\System\dkLtZaS.exe
  2⤵
  PID:4516
- C:\Windows\System\RjolBxn.exe
  C:\Windows\System\RjolBxn.exe
  2⤵
  PID:392
- C:\Windows\System\SRgiOHw.exe
  C:\Windows\System\SRgiOHw.exe
  2⤵
  PID:1972
- C:\Windows\System\HtsspAx.exe
  C:\Windows\System\HtsspAx.exe
  2⤵
  PID:3448
- C:\Windows\System\yKaZdBY.exe
  C:\Windows\System\yKaZdBY.exe
  2⤵
  PID:5128
- C:\Windows\System\zPjHSkU.exe
  C:\Windows\System\zPjHSkU.exe
  2⤵
  PID:5156
- C:\Windows\System\xpLPDNL.exe
  C:\Windows\System\xpLPDNL.exe
  2⤵
  PID:5184
- C:\Windows\System\XmQfOZc.exe
  C:\Windows\System\XmQfOZc.exe
  2⤵
  PID:5200
- C:\Windows\System\Wzaeuuc.exe
  C:\Windows\System\Wzaeuuc.exe
  2⤵
  PID:5240
- C:\Windows\System\xDaLTbk.exe
  C:\Windows\System\xDaLTbk.exe
  2⤵
  PID:5268
- C:\Windows\System\NCNDuRK.exe
  C:\Windows\System\NCNDuRK.exe
  2⤵
  PID:5296
- C:\Windows\System\IQaCDgD.exe
  C:\Windows\System\IQaCDgD.exe
  2⤵
  PID:5324
- C:\Windows\System\MJqoGMo.exe
  C:\Windows\System\MJqoGMo.exe
  2⤵
  PID:5352
- C:\Windows\System\CyMfKiD.exe
  C:\Windows\System\CyMfKiD.exe
  2⤵
  PID:5380
- C:\Windows\System\xVSUKTs.exe
  C:\Windows\System\xVSUKTs.exe
  2⤵
  PID:5408
- C:\Windows\System\cGjKaYn.exe
  C:\Windows\System\cGjKaYn.exe
  2⤵
  PID:5436
- C:\Windows\System\CTmFlXK.exe
  C:\Windows\System\CTmFlXK.exe
  2⤵
  PID:5464
- C:\Windows\System\aFaDfgn.exe
  C:\Windows\System\aFaDfgn.exe
  2⤵
  PID:5492
- C:\Windows\System\raiGozJ.exe
  C:\Windows\System\raiGozJ.exe
  2⤵
  PID:5520
- C:\Windows\System\xJIpyNa.exe
  C:\Windows\System\xJIpyNa.exe
  2⤵
  PID:5548
- C:\Windows\System\XAgJZVl.exe
  C:\Windows\System\XAgJZVl.exe
  2⤵
  PID:5576
- C:\Windows\System\aNpJgEI.exe
  C:\Windows\System\aNpJgEI.exe
  2⤵
  PID:5608
- C:\Windows\System\XoxcdpL.exe
  C:\Windows\System\XoxcdpL.exe
  2⤵
  PID:5636
- C:\Windows\System\ZBHpUUS.exe
  C:\Windows\System\ZBHpUUS.exe
  2⤵
  PID:5660
- C:\Windows\System\gbYATAD.exe
  C:\Windows\System\gbYATAD.exe
  2⤵
  PID:5692
- C:\Windows\System\raOOeij.exe
  C:\Windows\System\raOOeij.exe
  2⤵
  PID:5720
- C:\Windows\System\eBHjDzX.exe
  C:\Windows\System\eBHjDzX.exe
  2⤵
  PID:5748
- C:\Windows\System\ndMhbdl.exe
  C:\Windows\System\ndMhbdl.exe
  2⤵
  PID:5776
- C:\Windows\System\bTpjjzh.exe
  C:\Windows\System\bTpjjzh.exe
  2⤵
  PID:5804
- C:\Windows\System\AbQOIFT.exe
  C:\Windows\System\AbQOIFT.exe
  2⤵
  PID:5828
- C:\Windows\System\WTmcIlC.exe
  C:\Windows\System\WTmcIlC.exe
  2⤵
  PID:5856
- C:\Windows\System\NrlFBCo.exe
  C:\Windows\System\NrlFBCo.exe
  2⤵
  PID:5884
- C:\Windows\System\xHMVAXP.exe
  C:\Windows\System\xHMVAXP.exe
  2⤵
  PID:5916
- C:\Windows\System\tFbthpw.exe
  C:\Windows\System\tFbthpw.exe
  2⤵
  PID:5944
- C:\Windows\System\IQoIrRH.exe
  C:\Windows\System\IQoIrRH.exe
  2⤵
  PID:5968
- C:\Windows\System\WbOJMGB.exe
  C:\Windows\System\WbOJMGB.exe
  2⤵
  PID:6000
- C:\Windows\System\prpEZLl.exe
  C:\Windows\System\prpEZLl.exe
  2⤵
  PID:6028
- C:\Windows\System\ALHTdnp.exe
  C:\Windows\System\ALHTdnp.exe
  2⤵
  PID:6056
- C:\Windows\System\CtBOzca.exe
  C:\Windows\System\CtBOzca.exe
  2⤵
  PID:6084
- C:\Windows\System\BTBeZSZ.exe
  C:\Windows\System\BTBeZSZ.exe
  2⤵
  PID:6112
- C:\Windows\System\rQXOSzl.exe
  C:\Windows\System\rQXOSzl.exe
  2⤵
  PID:6140
- C:\Windows\System\shzaRHk.exe
  C:\Windows\System\shzaRHk.exe
  2⤵
  PID:5164
- C:\Windows\System\KoUvGkY.exe
  C:\Windows\System\KoUvGkY.exe
  2⤵
  PID:5236
- C:\Windows\System\pdaQAue.exe
  C:\Windows\System\pdaQAue.exe
  2⤵
  PID:5304
- C:\Windows\System\cxYMWGX.exe
  C:\Windows\System\cxYMWGX.exe
  2⤵
  PID:5368
- C:\Windows\System\fJUyvNk.exe
  C:\Windows\System\fJUyvNk.exe
  2⤵
  PID:5428
- C:\Windows\System\CxHqmJr.exe
  C:\Windows\System\CxHqmJr.exe
  2⤵
  PID:5480
- C:\Windows\System\SLnhYDT.exe
  C:\Windows\System\SLnhYDT.exe
  2⤵
  PID:5564
- C:\Windows\System\YoVniRD.exe
  C:\Windows\System\YoVniRD.exe
  2⤵
  PID:5624
- C:\Windows\System\pdYKyQh.exe
  C:\Windows\System\pdYKyQh.exe
  2⤵
  PID:5700
- C:\Windows\System\zVFECFF.exe
  C:\Windows\System\zVFECFF.exe
  2⤵
  PID:5764
- C:\Windows\System\RpyROVg.exe
  C:\Windows\System\RpyROVg.exe
  2⤵
  PID:5836
- C:\Windows\System\fsCpppu.exe
  C:\Windows\System\fsCpppu.exe
  2⤵
  PID:5896
- C:\Windows\System\SDSJznh.exe
  C:\Windows\System\SDSJznh.exe
  2⤵
  PID:5960
- C:\Windows\System\HfiyZhj.exe
  C:\Windows\System\HfiyZhj.exe
  2⤵
  PID:6044
- C:\Windows\System\pHMEuyV.exe
  C:\Windows\System\pHMEuyV.exe
  2⤵
  PID:6120
- C:\Windows\System\xGiEzDz.exe
  C:\Windows\System\xGiEzDz.exe
  2⤵
  PID:5344
- C:\Windows\System\zJvDpOJ.exe
  C:\Windows\System\zJvDpOJ.exe
  2⤵
  PID:5452
- C:\Windows\System\eLfBHJL.exe
  C:\Windows\System\eLfBHJL.exe
  2⤵
  PID:5604
- C:\Windows\System\hEkwtrr.exe
  C:\Windows\System\hEkwtrr.exe
  2⤵
  PID:6024
- C:\Windows\System\BQKWhtd.exe
  C:\Windows\System\BQKWhtd.exe
  2⤵
  PID:5416
- C:\Windows\System\sgFzEez.exe
  C:\Windows\System\sgFzEez.exe
  2⤵
  PID:3044
- C:\Windows\System\KqqeHtC.exe
  C:\Windows\System\KqqeHtC.exe
  2⤵
  PID:6156
- C:\Windows\System\EmIuwmg.exe
  C:\Windows\System\EmIuwmg.exe
  2⤵
  PID:6184
- C:\Windows\System\pnGDAHJ.exe
  C:\Windows\System\pnGDAHJ.exe
  2⤵
  PID:6200
- C:\Windows\System\zKydLuK.exe
  C:\Windows\System\zKydLuK.exe
  2⤵
  PID:6220
- C:\Windows\System\trFQFBL.exe
  C:\Windows\System\trFQFBL.exe
  2⤵
  PID:6264
- C:\Windows\System\zzZOiqH.exe
  C:\Windows\System\zzZOiqH.exe
  2⤵
  PID:6304
- C:\Windows\System\uJVCAcQ.exe
  C:\Windows\System\uJVCAcQ.exe
  2⤵
  PID:6332
- C:\Windows\System\Xcxzqhh.exe
  C:\Windows\System\Xcxzqhh.exe
  2⤵
  PID:6360
- C:\Windows\System\JxErpgf.exe
  C:\Windows\System\JxErpgf.exe
  2⤵
  PID:6388
- C:\Windows\System\Vkevjtw.exe
  C:\Windows\System\Vkevjtw.exe
  2⤵
  PID:6416
- C:\Windows\System\lqBXQeZ.exe
  C:\Windows\System\lqBXQeZ.exe
  2⤵
  PID:6444
- C:\Windows\System\UczhxaB.exe
  C:\Windows\System\UczhxaB.exe
  2⤵
  PID:6472
- C:\Windows\System\LkXLQIp.exe
  C:\Windows\System\LkXLQIp.exe
  2⤵
  PID:6500
- C:\Windows\System\dppXQpk.exe
  C:\Windows\System\dppXQpk.exe
  2⤵
  PID:6528
- C:\Windows\System\AfdhClu.exe
  C:\Windows\System\AfdhClu.exe
  2⤵
  PID:6560
- C:\Windows\System\RIZsyWu.exe
  C:\Windows\System\RIZsyWu.exe
  2⤵
  PID:6588
- C:\Windows\System\YuNrAqT.exe
  C:\Windows\System\YuNrAqT.exe
  2⤵
  PID:6612
- C:\Windows\System\HRKodtp.exe
  C:\Windows\System\HRKodtp.exe
  2⤵
  PID:6644
- C:\Windows\System\EcGPXIa.exe
  C:\Windows\System\EcGPXIa.exe
  2⤵
  PID:6664
- C:\Windows\System\wVlnSYv.exe
  C:\Windows\System\wVlnSYv.exe
  2⤵
  PID:6700
- C:\Windows\System\Kabpgyh.exe
  C:\Windows\System\Kabpgyh.exe
  2⤵
  PID:6720
- C:\Windows\System\xWzwCAa.exe
  C:\Windows\System\xWzwCAa.exe
  2⤵
  PID:6748
- C:\Windows\System\TWLazlk.exe
  C:\Windows\System\TWLazlk.exe
  2⤵
  PID:6788
- C:\Windows\System\HjzLOnq.exe
  C:\Windows\System\HjzLOnq.exe
  2⤵
  PID:6804
- C:\Windows\System\UyzzNYz.exe
  C:\Windows\System\UyzzNYz.exe
  2⤵
  PID:6840
- C:\Windows\System\FjwkNbL.exe
  C:\Windows\System\FjwkNbL.exe
  2⤵
  PID:6872
- C:\Windows\System\WuyKgVX.exe
  C:\Windows\System\WuyKgVX.exe
  2⤵
  PID:6904
- C:\Windows\System\OjuGwzr.exe
  C:\Windows\System\OjuGwzr.exe
  2⤵
  PID:6932
- C:\Windows\System\MhsDJuh.exe
  C:\Windows\System\MhsDJuh.exe
  2⤵
  PID:6960
- C:\Windows\System\oblUVsW.exe
  C:\Windows\System\oblUVsW.exe
  2⤵
  PID:6988
- C:\Windows\System\sIoQkev.exe
  C:\Windows\System\sIoQkev.exe
  2⤵
  PID:7012
- C:\Windows\System\MwNwBam.exe
  C:\Windows\System\MwNwBam.exe
  2⤵
  PID:7040
- C:\Windows\System\WAIerPZ.exe
  C:\Windows\System\WAIerPZ.exe
  2⤵
  PID:7068
- C:\Windows\System\YfnEPWp.exe
  C:\Windows\System\YfnEPWp.exe
  2⤵
  PID:7100
- C:\Windows\System\StXqGvX.exe
  C:\Windows\System\StXqGvX.exe
  2⤵
  PID:7128
- C:\Windows\System\GIAGrQL.exe
  C:\Windows\System\GIAGrQL.exe
  2⤵
  PID:7156
- C:\Windows\System\nViqiHB.exe
  C:\Windows\System\nViqiHB.exe
  2⤵
  PID:6164
- C:\Windows\System\DumsmGy.exe
  C:\Windows\System\DumsmGy.exe
  2⤵
  PID:6192
- C:\Windows\System\iEMbulx.exe
  C:\Windows\System\iEMbulx.exe
  2⤵
  PID:6276
- C:\Windows\System\EGwlDWG.exe
  C:\Windows\System\EGwlDWG.exe
  2⤵
  PID:4928
- C:\Windows\System\eOkDKVm.exe
  C:\Windows\System\eOkDKVm.exe
  2⤵
  PID:6384
- C:\Windows\System\GIZmLSr.exe
  C:\Windows\System\GIZmLSr.exe
  2⤵
  PID:6424
- C:\Windows\System\VPlslJW.exe
  C:\Windows\System\VPlslJW.exe
  2⤵
  PID:6488
- C:\Windows\System\cMAXKIa.exe
  C:\Windows\System\cMAXKIa.exe
  2⤵
  PID:6568
- C:\Windows\System\ETyFSMv.exe
  C:\Windows\System\ETyFSMv.exe
  2⤵
  PID:6640
- C:\Windows\System\YtlHwyx.exe
  C:\Windows\System\YtlHwyx.exe
  2⤵
  PID:6688
- C:\Windows\System\EndldQf.exe
  C:\Windows\System\EndldQf.exe
  2⤵
  PID:6760
- C:\Windows\System\pnLnnmh.exe
  C:\Windows\System\pnLnnmh.exe
  2⤵
  PID:6816
- C:\Windows\System\sMmpYjc.exe
  C:\Windows\System\sMmpYjc.exe
  2⤵
  PID:6884
- C:\Windows\System\WLqCcKF.exe
  C:\Windows\System\WLqCcKF.exe
  2⤵
  PID:2844
- C:\Windows\System\UIiBXGN.exe
  C:\Windows\System\UIiBXGN.exe
  2⤵
  PID:3552
- C:\Windows\System\sZBHuPF.exe
  C:\Windows\System\sZBHuPF.exe
  2⤵
  PID:7048
- C:\Windows\System\FZPbCVn.exe
  C:\Windows\System\FZPbCVn.exe
  2⤵
  PID:7108
- C:\Windows\System\MbjKTCE.exe
  C:\Windows\System\MbjKTCE.exe
  2⤵
  PID:6152
- C:\Windows\System\PGTQyrV.exe
  C:\Windows\System\PGTQyrV.exe
  2⤵
  PID:6256
- C:\Windows\System\cKoZCRz.exe
  C:\Windows\System\cKoZCRz.exe
  2⤵
  PID:3080
- C:\Windows\System\olimWpj.exe
  C:\Windows\System\olimWpj.exe
  2⤵
  PID:6524
- C:\Windows\System\xVCkzlY.exe
  C:\Windows\System\xVCkzlY.exe
  2⤵
  PID:6652
- C:\Windows\System\nKGDqaH.exe
  C:\Windows\System\nKGDqaH.exe
  2⤵
  PID:6800
- C:\Windows\System\HQkqrWi.exe
  C:\Windows\System\HQkqrWi.exe
  2⤵
  PID:6920
- C:\Windows\System\MYfLeaC.exe
  C:\Windows\System\MYfLeaC.exe
  2⤵
  PID:7060
- C:\Windows\System\vMrmaJV.exe
  C:\Windows\System\vMrmaJV.exe
  2⤵
  PID:3592
- C:\Windows\System\loLgVwZ.exe
  C:\Windows\System\loLgVwZ.exe
  2⤵
  PID:4788
- C:\Windows\System\npURFng.exe
  C:\Windows\System\npURFng.exe
  2⤵
  PID:6828
- C:\Windows\System\ciQjVva.exe
  C:\Windows\System\ciQjVva.exe
  2⤵
  PID:7144
- C:\Windows\System\kfZqYdy.exe
  C:\Windows\System\kfZqYdy.exe
  2⤵
  PID:6780
- C:\Windows\System\VEBvKvD.exe
  C:\Windows\System\VEBvKvD.exe
  2⤵
  PID:6680
- C:\Windows\System\otqQJeV.exe
  C:\Windows\System\otqQJeV.exe
  2⤵
  PID:7196
- C:\Windows\System\mHQyQAv.exe
  C:\Windows\System\mHQyQAv.exe
  2⤵
  PID:7220
- C:\Windows\System\sePqEXy.exe
  C:\Windows\System\sePqEXy.exe
  2⤵
  PID:7248
- C:\Windows\System\AoIfWJQ.exe
  C:\Windows\System\AoIfWJQ.exe
  2⤵
  PID:7280
- C:\Windows\System\YBxmqnC.exe
  C:\Windows\System\YBxmqnC.exe
  2⤵
  PID:7308
- C:\Windows\System\MeKIuWi.exe
  C:\Windows\System\MeKIuWi.exe
  2⤵
  PID:7336
- C:\Windows\System\FscLQKv.exe
  C:\Windows\System\FscLQKv.exe
  2⤵
  PID:7364
- C:\Windows\System\TLlKgFV.exe
  C:\Windows\System\TLlKgFV.exe
  2⤵
  PID:7396
- C:\Windows\System\mmhgNnI.exe
  C:\Windows\System\mmhgNnI.exe
  2⤵
  PID:7424
- C:\Windows\System\mGsrpfx.exe
  C:\Windows\System\mGsrpfx.exe
  2⤵
  PID:7448
- C:\Windows\System\pAcBjUI.exe
  C:\Windows\System\pAcBjUI.exe
  2⤵
  PID:7480
- C:\Windows\System\igsKNfg.exe
  C:\Windows\System\igsKNfg.exe
  2⤵
  PID:7508
- C:\Windows\System\CVVJObx.exe
  C:\Windows\System\CVVJObx.exe
  2⤵
  PID:7536
- C:\Windows\System\AUgpxxN.exe
  C:\Windows\System\AUgpxxN.exe
  2⤵
  PID:7568
- C:\Windows\System\IWkHnic.exe
  C:\Windows\System\IWkHnic.exe
  2⤵
  PID:7596
- C:\Windows\System\aLLYXFu.exe
  C:\Windows\System\aLLYXFu.exe
  2⤵
  PID:7624
- C:\Windows\System\XeVFKEu.exe
  C:\Windows\System\XeVFKEu.exe
  2⤵
  PID:7640
- C:\Windows\System\gKRpQfY.exe
  C:\Windows\System\gKRpQfY.exe
  2⤵
  PID:7660
- C:\Windows\System\ksHOcfl.exe
  C:\Windows\System\ksHOcfl.exe
  2⤵
  PID:7684
- C:\Windows\System\gqzbpuP.exe
  C:\Windows\System\gqzbpuP.exe
  2⤵
  PID:7732
- C:\Windows\System\KLooLPc.exe
  C:\Windows\System\KLooLPc.exe
  2⤵
  PID:7752
- C:\Windows\System\AohUrur.exe
  C:\Windows\System\AohUrur.exe
  2⤵
  PID:7784
- C:\Windows\System\oIjcdXB.exe
  C:\Windows\System\oIjcdXB.exe
  2⤵
  PID:7808
- C:\Windows\System\jycvwae.exe
  C:\Windows\System\jycvwae.exe
  2⤵
  PID:7848
- C:\Windows\System\UtXUAvh.exe
  C:\Windows\System\UtXUAvh.exe
  2⤵
  PID:7864
- C:\Windows\System\CAMXKtZ.exe
  C:\Windows\System\CAMXKtZ.exe
  2⤵
  PID:7892
- C:\Windows\System\gysVgGt.exe
  C:\Windows\System\gysVgGt.exe
  2⤵
  PID:7924
- C:\Windows\System\TUmOUxZ.exe
  C:\Windows\System\TUmOUxZ.exe
  2⤵
  PID:7948
- C:\Windows\System\JPVSiJB.exe
  C:\Windows\System\JPVSiJB.exe
  2⤵
  PID:7976
- C:\Windows\System\pujOzIb.exe
  C:\Windows\System\pujOzIb.exe
  2⤵
  PID:8004
- C:\Windows\System\YOHCOYb.exe
  C:\Windows\System\YOHCOYb.exe
  2⤵
  PID:8040
- C:\Windows\System\skkxavW.exe
  C:\Windows\System\skkxavW.exe
  2⤵
  PID:8068
- C:\Windows\System\wVZmKCc.exe
  C:\Windows\System\wVZmKCc.exe
  2⤵
  PID:8092
- C:\Windows\System\SZikMnH.exe
  C:\Windows\System\SZikMnH.exe
  2⤵
  PID:8120
- C:\Windows\System\nFFpdAN.exe
  C:\Windows\System\nFFpdAN.exe
  2⤵
  PID:8152
- C:\Windows\System\UgRqmIt.exe
  C:\Windows\System\UgRqmIt.exe
  2⤵
  PID:8176
- C:\Windows\System\CwHvsuk.exe
  C:\Windows\System\CwHvsuk.exe
  2⤵
  PID:7188
- C:\Windows\System\tcUykQj.exe
  C:\Windows\System\tcUykQj.exe
  2⤵
  PID:7240
- C:\Windows\System\xYfTAcd.exe
  C:\Windows\System\xYfTAcd.exe
  2⤵
  PID:7304
- C:\Windows\System\PtvUGOK.exe
  C:\Windows\System\PtvUGOK.exe
  2⤵
  PID:7376
- C:\Windows\System\QoOSxpi.exe
  C:\Windows\System\QoOSxpi.exe
  2⤵
  PID:7440
- C:\Windows\System\svSPxqr.exe
  C:\Windows\System\svSPxqr.exe
  2⤵
  PID:7504
- C:\Windows\System\WClFSxy.exe
  C:\Windows\System\WClFSxy.exe
  2⤵
  PID:7564
- C:\Windows\System\ZEJWszc.exe
  C:\Windows\System\ZEJWszc.exe
  2⤵
  PID:7612
- C:\Windows\System\lfoQerX.exe
  C:\Windows\System\lfoQerX.exe
  2⤵
  PID:7672
- C:\Windows\System\JhyxDhA.exe
  C:\Windows\System\JhyxDhA.exe
  2⤵
  PID:7748
- C:\Windows\System\wyDHFRE.exe
  C:\Windows\System\wyDHFRE.exe
  2⤵
  PID:7804
- C:\Windows\System\DNHJNuN.exe
  C:\Windows\System\DNHJNuN.exe
  2⤵
  PID:7860
- C:\Windows\System\uXbGHIj.exe
  C:\Windows\System\uXbGHIj.exe
  2⤵
  PID:7940
- C:\Windows\System\BUTeBiJ.exe
  C:\Windows\System\BUTeBiJ.exe
  2⤵
  PID:6396
- C:\Windows\System\AGtcKjh.exe
  C:\Windows\System\AGtcKjh.exe
  2⤵
  PID:8056
- C:\Windows\System\dQvHCiR.exe
  C:\Windows\System\dQvHCiR.exe
  2⤵
  PID:8116
- C:\Windows\System\kwoFCrO.exe
  C:\Windows\System\kwoFCrO.exe
  2⤵
  PID:8188
- C:\Windows\System\gYTpRli.exe
  C:\Windows\System\gYTpRli.exe
  2⤵
  PID:7296
- C:\Windows\System\uKuzrOt.exe
  C:\Windows\System\uKuzrOt.exe
  2⤵
  PID:7472
- C:\Windows\System\omylGlV.exe
  C:\Windows\System\omylGlV.exe
  2⤵
  PID:7604
- C:\Windows\System\vpNTeWC.exe
  C:\Windows\System\vpNTeWC.exe
  2⤵
  PID:7740
- C:\Windows\System\DBeFxgF.exe
  C:\Windows\System\DBeFxgF.exe
  2⤵
  PID:7912
- C:\Windows\System\KdFKUba.exe
  C:\Windows\System\KdFKUba.exe
  2⤵
  PID:8032
- C:\Windows\System\OMiihlW.exe
  C:\Windows\System\OMiihlW.exe
  2⤵
  PID:8172
- C:\Windows\System\vsovCeG.exe
  C:\Windows\System\vsovCeG.exe
  2⤵
  PID:7360
- C:\Windows\System\NiTOVIq.exe
  C:\Windows\System\NiTOVIq.exe
  2⤵
  PID:7720
- C:\Windows\System\VcZDIdY.exe
  C:\Windows\System\VcZDIdY.exe
  2⤵
  PID:8112
- C:\Windows\System\geKmAyX.exe
  C:\Windows\System\geKmAyX.exe
  2⤵
  PID:7656
- C:\Windows\System\xumwWJa.exe
  C:\Windows\System\xumwWJa.exe
  2⤵
  PID:4100
- C:\Windows\System\ULmVqgv.exe
  C:\Windows\System\ULmVqgv.exe
  2⤵
  PID:3052
- C:\Windows\System\UONIUfd.exe
  C:\Windows\System\UONIUfd.exe
  2⤵
  PID:8220
- C:\Windows\System\TFgAAmg.exe
  C:\Windows\System\TFgAAmg.exe
  2⤵
  PID:8260
- C:\Windows\System\jBEixNs.exe
  C:\Windows\System\jBEixNs.exe
  2⤵
  PID:8280
- C:\Windows\System\jYUgwIv.exe
  C:\Windows\System\jYUgwIv.exe
  2⤵
  PID:8308
- C:\Windows\System\DoQERcQ.exe
  C:\Windows\System\DoQERcQ.exe
  2⤵
  PID:8336
- C:\Windows\System\NYinazM.exe
  C:\Windows\System\NYinazM.exe
  2⤵
  PID:8372
- C:\Windows\System\cgjWSPx.exe
  C:\Windows\System\cgjWSPx.exe
  2⤵
  PID:8400
- C:\Windows\System\rGAfSLK.exe
  C:\Windows\System\rGAfSLK.exe
  2⤵
  PID:8420
- C:\Windows\System\OnoWcPD.exe
  C:\Windows\System\OnoWcPD.exe
  2⤵
  PID:8448
- C:\Windows\System\ChQzPrb.exe
  C:\Windows\System\ChQzPrb.exe
  2⤵
  PID:8476
- C:\Windows\System\RZMmZNp.exe
  C:\Windows\System\RZMmZNp.exe
  2⤵
  PID:8504
- C:\Windows\System\WLcNDyO.exe
  C:\Windows\System\WLcNDyO.exe
  2⤵
  PID:8532
- C:\Windows\System\DPIOdoz.exe
  C:\Windows\System\DPIOdoz.exe
  2⤵
  PID:8560
- C:\Windows\System\jXFTUFb.exe
  C:\Windows\System\jXFTUFb.exe
  2⤵
  PID:8588
- C:\Windows\System\psVOcTo.exe
  C:\Windows\System\psVOcTo.exe
  2⤵
  PID:8616
- C:\Windows\System\uMnUjJZ.exe
  C:\Windows\System\uMnUjJZ.exe
  2⤵
  PID:8644
- C:\Windows\System\bozBExG.exe
  C:\Windows\System\bozBExG.exe
  2⤵
  PID:8672
- C:\Windows\System\OtfMfsL.exe
  C:\Windows\System\OtfMfsL.exe
  2⤵
  PID:8700
- C:\Windows\System\aToCtEw.exe
  C:\Windows\System\aToCtEw.exe
  2⤵
  PID:8728
- C:\Windows\System\AgjYHbA.exe
  C:\Windows\System\AgjYHbA.exe
  2⤵
  PID:8756
- C:\Windows\System\gtwbgxr.exe
  C:\Windows\System\gtwbgxr.exe
  2⤵
  PID:8784
- C:\Windows\System\kjnOhSL.exe
  C:\Windows\System\kjnOhSL.exe
  2⤵
  PID:8812
- C:\Windows\System\aYFoiuO.exe
  C:\Windows\System\aYFoiuO.exe
  2⤵
  PID:8840
- C:\Windows\System\bbXvHuw.exe
  C:\Windows\System\bbXvHuw.exe
  2⤵
  PID:8876
- C:\Windows\System\QFrYdco.exe
  C:\Windows\System\QFrYdco.exe
  2⤵
  PID:8904
- C:\Windows\System\PHTkXyE.exe
  C:\Windows\System\PHTkXyE.exe
  2⤵
  PID:8932
- C:\Windows\System\EWfYmwZ.exe
  C:\Windows\System\EWfYmwZ.exe
  2⤵
  PID:8960
- C:\Windows\System\PWmcedj.exe
  C:\Windows\System\PWmcedj.exe
  2⤵
  PID:8988
- C:\Windows\System\WVqdwzd.exe
  C:\Windows\System\WVqdwzd.exe
  2⤵
  PID:9020
- C:\Windows\System\lYgWAdw.exe
  C:\Windows\System\lYgWAdw.exe
  2⤵
  PID:9048
- C:\Windows\System\xqHTgut.exe
  C:\Windows\System\xqHTgut.exe
  2⤵
  PID:9076
- C:\Windows\System\gdZjGQl.exe
  C:\Windows\System\gdZjGQl.exe
  2⤵
  PID:9112
- C:\Windows\System\PiuUWeL.exe
  C:\Windows\System\PiuUWeL.exe
  2⤵
  PID:9136
- C:\Windows\System\hfZZasq.exe
  C:\Windows\System\hfZZasq.exe
  2⤵
  PID:9164
- C:\Windows\System\CiuMBIe.exe
  C:\Windows\System\CiuMBIe.exe
  2⤵
  PID:9192
- C:\Windows\System\cPdLfrI.exe
  C:\Windows\System\cPdLfrI.exe
  2⤵
  PID:8208
- C:\Windows\System\aDdvVuE.exe
  C:\Windows\System\aDdvVuE.exe
  2⤵
  PID:8272
- C:\Windows\System\RXSLAdg.exe
  C:\Windows\System\RXSLAdg.exe
  2⤵
  PID:8332
- C:\Windows\System\IahihZV.exe
  C:\Windows\System\IahihZV.exe
  2⤵
  PID:8408
- C:\Windows\System\mhdBURg.exe
  C:\Windows\System\mhdBURg.exe
  2⤵
  PID:8468
- C:\Windows\System\QAdZVTW.exe
  C:\Windows\System\QAdZVTW.exe
  2⤵
  PID:8528
- C:\Windows\System\vLjLjXt.exe
  C:\Windows\System\vLjLjXt.exe
  2⤵
  PID:8600
- C:\Windows\System\fHQxKWV.exe
  C:\Windows\System\fHQxKWV.exe
  2⤵
  PID:8664
- C:\Windows\System\ZTWMUrO.exe
  C:\Windows\System\ZTWMUrO.exe
  2⤵
  PID:8724
- C:\Windows\System\wxXotSY.exe
  C:\Windows\System\wxXotSY.exe
  2⤵
  PID:8776
- C:\Windows\System\aMNWpiA.exe
  C:\Windows\System\aMNWpiA.exe
  2⤵
  PID:5112
- C:\Windows\System\kyZrhxE.exe
  C:\Windows\System\kyZrhxE.exe
  2⤵
  PID:8888
- C:\Windows\System\DKhaEwo.exe
  C:\Windows\System\DKhaEwo.exe
  2⤵
  PID:8952
- C:\Windows\System\ieMBCqe.exe
  C:\Windows\System\ieMBCqe.exe
  2⤵
  PID:9016
- C:\Windows\System\ApabSbZ.exe
  C:\Windows\System\ApabSbZ.exe
  2⤵
  PID:9088
- C:\Windows\System\BNDVpfm.exe
  C:\Windows\System\BNDVpfm.exe
  2⤵
  PID:9148
- C:\Windows\System\QMMxlwr.exe
  C:\Windows\System\QMMxlwr.exe
  2⤵
  PID:7988
- C:\Windows\System\VdRPGUu.exe
  C:\Windows\System\VdRPGUu.exe
  2⤵
  PID:8360
- C:\Windows\System\IzHlMXN.exe
  C:\Windows\System\IzHlMXN.exe
  2⤵
  PID:8516
- C:\Windows\System\bKTeeAl.exe
  C:\Windows\System\bKTeeAl.exe
  2⤵
  PID:7432
- C:\Windows\System\YtgwMjF.exe
  C:\Windows\System\YtgwMjF.exe
  2⤵
  PID:8804
- C:\Windows\System\sXddkIq.exe
  C:\Windows\System\sXddkIq.exe
  2⤵
  PID:8924
- C:\Windows\System\VKcsMKz.exe
  C:\Windows\System\VKcsMKz.exe
  2⤵
  PID:9068
- C:\Windows\System\Bushieo.exe
  C:\Windows\System\Bushieo.exe
  2⤵
  PID:8268
- C:\Windows\System\xJaEqYX.exe
  C:\Windows\System\xJaEqYX.exe
  2⤵
  PID:8632
- C:\Windows\System\YsjAQyP.exe
  C:\Windows\System\YsjAQyP.exe
  2⤵
  PID:9212
- C:\Windows\System\LQveRQp.exe
  C:\Windows\System\LQveRQp.exe
  2⤵
  PID:9220
- C:\Windows\System\uwebcsd.exe
  C:\Windows\System\uwebcsd.exe
  2⤵
  PID:9248
- C:\Windows\System\oGmbkaU.exe
  C:\Windows\System\oGmbkaU.exe
  2⤵
  PID:9276
- C:\Windows\System\AkkdyqO.exe
  C:\Windows\System\AkkdyqO.exe
  2⤵
  PID:9304
- C:\Windows\System\ISQViZW.exe
  C:\Windows\System\ISQViZW.exe
  2⤵
  PID:9332
- C:\Windows\System\goBGElr.exe
  C:\Windows\System\goBGElr.exe
  2⤵
  PID:9364
- C:\Windows\System\uoIiwUr.exe
  C:\Windows\System\uoIiwUr.exe
  2⤵
  PID:9392
- C:\Windows\System\yOediDN.exe
  C:\Windows\System\yOediDN.exe
  2⤵
  PID:9420
- C:\Windows\System\LDjHRYJ.exe
  C:\Windows\System\LDjHRYJ.exe
  2⤵
  PID:9448
- C:\Windows\System\lkmOhft.exe
  C:\Windows\System\lkmOhft.exe
  2⤵
  PID:9476
- C:\Windows\System\GuaknYn.exe
  C:\Windows\System\GuaknYn.exe
  2⤵
  PID:9504
- C:\Windows\System\mwxdito.exe
  C:\Windows\System\mwxdito.exe
  2⤵
  PID:9532
- C:\Windows\System\TcUcyMe.exe
  C:\Windows\System\TcUcyMe.exe
  2⤵
  PID:9560
- C:\Windows\System\mkBPwJi.exe
  C:\Windows\System\mkBPwJi.exe
  2⤵
  PID:9588
- C:\Windows\System\hbAfary.exe
  C:\Windows\System\hbAfary.exe
  2⤵
  PID:9616
- C:\Windows\System\zrIdDQH.exe
  C:\Windows\System\zrIdDQH.exe
  2⤵
  PID:9644
- C:\Windows\System\MYnYbso.exe
  C:\Windows\System\MYnYbso.exe
  2⤵
  PID:9672
- C:\Windows\System\vLhwvlU.exe
  C:\Windows\System\vLhwvlU.exe
  2⤵
  PID:9708
- C:\Windows\System\reDguwy.exe
  C:\Windows\System\reDguwy.exe
  2⤵
  PID:9740
- C:\Windows\System\eIsLRCi.exe
  C:\Windows\System\eIsLRCi.exe
  2⤵
  PID:9768
- C:\Windows\System\rkZGtnP.exe
  C:\Windows\System\rkZGtnP.exe
  2⤵
  PID:9796
- C:\Windows\System\kyWghTQ.exe
  C:\Windows\System\kyWghTQ.exe
  2⤵
  PID:9856
- C:\Windows\System\YNDVUrt.exe
  C:\Windows\System\YNDVUrt.exe
  2⤵
  PID:9888
- C:\Windows\System\GEZvUjD.exe
  C:\Windows\System\GEZvUjD.exe
  2⤵
  PID:9964
- C:\Windows\System\pFXaIqz.exe
  C:\Windows\System\pFXaIqz.exe
  2⤵
  PID:9996
- C:\Windows\System\fQnuOIK.exe
  C:\Windows\System\fQnuOIK.exe
  2⤵
  PID:10024
- C:\Windows\System\FYAzAPV.exe
  C:\Windows\System\FYAzAPV.exe
  2⤵
  PID:10052
- C:\Windows\System\omLVkEg.exe
  C:\Windows\System\omLVkEg.exe
  2⤵
  PID:10088
- C:\Windows\System\BJyuGQc.exe
  C:\Windows\System\BJyuGQc.exe
  2⤵
  PID:10136
- C:\Windows\System\FQUSeVa.exe
  C:\Windows\System\FQUSeVa.exe
  2⤵
  PID:10156
- C:\Windows\System\WixdeIi.exe
  C:\Windows\System\WixdeIi.exe
  2⤵
  PID:10184
- C:\Windows\System\qmEstnw.exe
  C:\Windows\System\qmEstnw.exe
  2⤵
  PID:10220
- C:\Windows\System\iiKNXjM.exe
  C:\Windows\System\iiKNXjM.exe
  2⤵
  PID:8860
- C:\Windows\System\VdujXWc.exe
  C:\Windows\System\VdujXWc.exe
  2⤵
  PID:9288
- C:\Windows\System\nMrlEuI.exe
  C:\Windows\System\nMrlEuI.exe
  2⤵
  PID:9356
- C:\Windows\System\TIbhdGX.exe
  C:\Windows\System\TIbhdGX.exe
  2⤵
  PID:9432
- C:\Windows\System\uecodFn.exe
  C:\Windows\System\uecodFn.exe
  2⤵
  PID:9496
- C:\Windows\System\HCHKmSl.exe
  C:\Windows\System\HCHKmSl.exe
  2⤵
  PID:9552
- C:\Windows\System\WjbGXSz.exe
  C:\Windows\System\WjbGXSz.exe
  2⤵
  PID:9612
- C:\Windows\System\oZlMFWH.exe
  C:\Windows\System\oZlMFWH.exe
  2⤵
  PID:9664
- C:\Windows\System\SyePBks.exe
  C:\Windows\System\SyePBks.exe
  2⤵
  PID:9760
- C:\Windows\System\MEApbAn.exe
  C:\Windows\System\MEApbAn.exe
  2⤵
  PID:1040
- C:\Windows\System\VCHPfpm.exe
  C:\Windows\System\VCHPfpm.exe
  2⤵
  PID:9952
- C:\Windows\System\ujqyqot.exe
  C:\Windows\System\ujqyqot.exe
  2⤵
  PID:10016
- C:\Windows\System\TmQEtcT.exe
  C:\Windows\System\TmQEtcT.exe
  2⤵
  PID:10144
- C:\Windows\System\ilCOxek.exe
  C:\Windows\System\ilCOxek.exe
  2⤵
  PID:10204
- C:\Windows\System\JJvRSzm.exe
  C:\Windows\System\JJvRSzm.exe
  2⤵
  PID:9328
- C:\Windows\System\FKGZgZQ.exe
  C:\Windows\System\FKGZgZQ.exe
  2⤵
  PID:9460
- C:\Windows\System\dcPuPMu.exe
  C:\Windows\System\dcPuPMu.exe
  2⤵
  PID:9544
- C:\Windows\System\utFTecQ.exe
  C:\Windows\System\utFTecQ.exe
  2⤵
  PID:9700
- C:\Windows\System\GErBXvH.exe
  C:\Windows\System\GErBXvH.exe
  2⤵
  PID:9808
- C:\Windows\System\JvLAQsV.exe
  C:\Windows\System\JvLAQsV.exe
  2⤵
  PID:9988
- C:\Windows\System\iRTOxgV.exe
  C:\Windows\System\iRTOxgV.exe
  2⤵
  PID:5788
- C:\Windows\System\zdtNLAu.exe
  C:\Windows\System\zdtNLAu.exe
  2⤵
  PID:9388
- C:\Windows\System\TppULqn.exe
  C:\Windows\System\TppULqn.exe
  2⤵
  PID:9528
- C:\Windows\System\yEzfljD.exe
  C:\Windows\System\yEzfljD.exe
  2⤵
  PID:9300
- C:\Windows\System\NKBXwXV.exe
  C:\Windows\System\NKBXwXV.exe
  2⤵
  PID:9272
- C:\Windows\System\uZVsceq.exe
  C:\Windows\System\uZVsceq.exe
  2⤵
  PID:10180
- C:\Windows\System\PYluWPy.exe
  C:\Windows\System\PYluWPy.exe
  2⤵
  PID:5116
- C:\Windows\System\aLxxhwI.exe
  C:\Windows\System\aLxxhwI.exe
  2⤵
  PID:10264
- C:\Windows\System\GcUizZy.exe
  C:\Windows\System\GcUizZy.exe
  2⤵
  PID:10296
- C:\Windows\System\NsWDivf.exe
  C:\Windows\System\NsWDivf.exe
  2⤵
  PID:10320
- C:\Windows\System\hIWTNvo.exe
  C:\Windows\System\hIWTNvo.exe
  2⤵
  PID:10356
- C:\Windows\System\kPBVTEO.exe
  C:\Windows\System\kPBVTEO.exe
  2⤵
  PID:10388
- C:\Windows\System\FQNUzuX.exe
  C:\Windows\System\FQNUzuX.exe
  2⤵
  PID:10412
- C:\Windows\System\jvjcARo.exe
  C:\Windows\System\jvjcARo.exe
  2⤵
  PID:10448
- C:\Windows\System\ORdWSRu.exe
  C:\Windows\System\ORdWSRu.exe
  2⤵
  PID:10500
- C:\Windows\System\HGbTlgy.exe
  C:\Windows\System\HGbTlgy.exe
  2⤵
  PID:10544
- C:\Windows\System\HWavDJs.exe
  C:\Windows\System\HWavDJs.exe
  2⤵
  PID:10572
- C:\Windows\System\eSBGbyu.exe
  C:\Windows\System\eSBGbyu.exe
  2⤵
  PID:10608
- C:\Windows\System\IMTyhoJ.exe
  C:\Windows\System\IMTyhoJ.exe
  2⤵
  PID:10640
- C:\Windows\System\XgQVKLH.exe
  C:\Windows\System\XgQVKLH.exe
  2⤵
  PID:10672
- C:\Windows\System\oDtAild.exe
  C:\Windows\System\oDtAild.exe
  2⤵
  PID:10716
- C:\Windows\System\bJCQKdo.exe
  C:\Windows\System\bJCQKdo.exe
  2⤵
  PID:10752
- C:\Windows\System\SpbYnXx.exe
  C:\Windows\System\SpbYnXx.exe
  2⤵
  PID:10780
- C:\Windows\System\BSaWKqk.exe
  C:\Windows\System\BSaWKqk.exe
  2⤵
  PID:10812
- C:\Windows\System\aaOJghS.exe
  C:\Windows\System\aaOJghS.exe
  2⤵
  PID:10852
- C:\Windows\System\EuAobJn.exe
  C:\Windows\System\EuAobJn.exe
  2⤵
  PID:10896
- C:\Windows\System\zZdrPzc.exe
  C:\Windows\System\zZdrPzc.exe
  2⤵
  PID:10920
- C:\Windows\System\tedsQtn.exe
  C:\Windows\System\tedsQtn.exe
  2⤵
  PID:10956
- C:\Windows\System\wGqPDqj.exe
  C:\Windows\System\wGqPDqj.exe
  2⤵
  PID:10980
- C:\Windows\System\Ucjksqb.exe
  C:\Windows\System\Ucjksqb.exe
  2⤵
  PID:11008
- C:\Windows\System\BfRzkIz.exe
  C:\Windows\System\BfRzkIz.exe
  2⤵
  PID:11036
- C:\Windows\System\Emlvkiw.exe
  C:\Windows\System\Emlvkiw.exe
  2⤵
  PID:11064
- C:\Windows\System\ZBODWHo.exe
  C:\Windows\System\ZBODWHo.exe
  2⤵
  PID:11092
- C:\Windows\System\fEDeyGo.exe
  C:\Windows\System\fEDeyGo.exe
  2⤵
  PID:11120
- C:\Windows\System\jmPxuPA.exe
  C:\Windows\System\jmPxuPA.exe
  2⤵
  PID:11148
- C:\Windows\System\JDwXnPr.exe
  C:\Windows\System\JDwXnPr.exe
  2⤵
  PID:11184
- C:\Windows\System\xwruIsS.exe
  C:\Windows\System\xwruIsS.exe
  2⤵
  PID:11216
- C:\Windows\System\kxdvjGV.exe
  C:\Windows\System\kxdvjGV.exe
  2⤵
  PID:11232
- C:\Windows\System\spzwMei.exe
  C:\Windows\System\spzwMei.exe
  2⤵
  PID:11260
- C:\Windows\System\QgbsQog.exe
  C:\Windows\System\QgbsQog.exe
  2⤵
  PID:10288
- C:\Windows\System\QivopnU.exe
  C:\Windows\System\QivopnU.exe
  2⤵
  PID:10340
- C:\Windows\System\khHsNDH.exe
  C:\Windows\System\khHsNDH.exe
  2⤵
  PID:3476
- C:\Windows\System\kceEjDE.exe
  C:\Windows\System\kceEjDE.exe
  2⤵
  PID:10376
- C:\Windows\System\bbZjuHA.exe
  C:\Windows\System\bbZjuHA.exe
  2⤵
  PID:10444
- C:\Windows\System\SIgjcsW.exe
  C:\Windows\System\SIgjcsW.exe
  2⤵
  PID:10600
- C:\Windows\System\OcCFvRJ.exe
  C:\Windows\System\OcCFvRJ.exe
  2⤵
  PID:10724
- C:\Windows\System\zZHUWRY.exe
  C:\Windows\System\zZHUWRY.exe
  2⤵
  PID:10808
- C:\Windows\System\CvFpdGC.exe
  C:\Windows\System\CvFpdGC.exe
  2⤵
  PID:10904
- C:\Windows\System\aHVsEIm.exe
  C:\Windows\System\aHVsEIm.exe
  2⤵
  PID:10964
- C:\Windows\System\CCasCOl.exe
  C:\Windows\System\CCasCOl.exe
  2⤵
  PID:11028
- C:\Windows\System\oYZnJLB.exe
  C:\Windows\System\oYZnJLB.exe
  2⤵
  PID:11088
- C:\Windows\System\UTbRVbn.exe
  C:\Windows\System\UTbRVbn.exe
  2⤵
  PID:11168
- C:\Windows\System\fqmuGmU.exe
  C:\Windows\System\fqmuGmU.exe
  2⤵
  PID:11224
- C:\Windows\System\bkwyayv.exe
  C:\Windows\System\bkwyayv.exe
  2⤵
  PID:2280
- C:\Windows\System\uGrqhaY.exe
  C:\Windows\System\uGrqhaY.exe
  2⤵
  PID:1524
- C:\Windows\System\rjQCJty.exe
  C:\Windows\System\rjQCJty.exe
  2⤵
  PID:10492
- C:\Windows\System\lUXCSTZ.exe
  C:\Windows\System\lUXCSTZ.exe
  2⤵
  PID:5172
- C:\Windows\System\rbnsXLf.exe
  C:\Windows\System\rbnsXLf.exe
  2⤵
  PID:5932
- C:\Windows\System\RJYkWKO.exe
  C:\Windows\System\RJYkWKO.exe
  2⤵
  PID:10932
- C:\Windows\System\XCXyvEd.exe
  C:\Windows\System\XCXyvEd.exe
  2⤵
  PID:11056
- C:\Windows\System\vMjsiWS.exe
  C:\Windows\System\vMjsiWS.exe
  2⤵
  PID:11196
- C:\Windows\System\TacQbfu.exe
  C:\Windows\System\TacQbfu.exe
  2⤵
  PID:10280
- C:\Windows\System\zwHxFUP.exe
  C:\Windows\System\zwHxFUP.exe
  2⤵
  PID:5672
- C:\Windows\System\TxHxEKf.exe
  C:\Windows\System\TxHxEKf.exe
  2⤵
  PID:11000
- C:\Windows\System\wUnVkjj.exe
  C:\Windows\System\wUnVkjj.exe
  2⤵
  PID:10312
- C:\Windows\System\MxlpBFr.exe
  C:\Windows\System\MxlpBFr.exe
  2⤵
  PID:4056
- C:\Windows\System\mEPQGnV.exe
  C:\Windows\System\mEPQGnV.exe
  2⤵
  PID:1532
- C:\Windows\System\gqrnwnZ.exe
  C:\Windows\System\gqrnwnZ.exe
  2⤵
  PID:1348
- C:\Windows\System\taELJjP.exe
  C:\Windows\System\taELJjP.exe
  2⤵
  PID:3028
- C:\Windows\System\FdALsbe.exe
  C:\Windows\System\FdALsbe.exe
  2⤵
  PID:5220
- C:\Windows\System\kKsEhhP.exe
  C:\Windows\System\kKsEhhP.exe
  2⤵
  PID:3656
- C:\Windows\System\PLCfssl.exe
  C:\Windows\System\PLCfssl.exe
  2⤵
  PID:2644
- C:\Windows\System\glLBiso.exe
  C:\Windows\System\glLBiso.exe
  2⤵
  PID:2624
- C:\Windows\System\yAfmxCD.exe
  C:\Windows\System\yAfmxCD.exe
  2⤵
  PID:11280
- C:\Windows\System\dYfNBlD.exe
  C:\Windows\System\dYfNBlD.exe
  2⤵
  PID:11308
- C:\Windows\System\qmEimka.exe
  C:\Windows\System\qmEimka.exe
  2⤵
  PID:11336
- C:\Windows\System\wVLJjuj.exe
  C:\Windows\System\wVLJjuj.exe
  2⤵
  PID:11368
- C:\Windows\System\bQdrNeA.exe
  C:\Windows\System\bQdrNeA.exe
  2⤵
  PID:11416
- C:\Windows\System\GCikvNg.exe
  C:\Windows\System\GCikvNg.exe
  2⤵
  PID:11468
- C:\Windows\System\atjLrxE.exe
  C:\Windows\System\atjLrxE.exe
  2⤵
  PID:11544
- C:\Windows\System\XxqUsqe.exe
  C:\Windows\System\XxqUsqe.exe
  2⤵
  PID:11580
- C:\Windows\System\pvYahQi.exe
  C:\Windows\System\pvYahQi.exe
  2⤵
  PID:11600
- C:\Windows\System\SCIsAPC.exe
  C:\Windows\System\SCIsAPC.exe
  2⤵
  PID:11632
- C:\Windows\System\yZvmRJt.exe
  C:\Windows\System\yZvmRJt.exe
  2⤵
  PID:11660
- C:\Windows\System\ZIgIdBY.exe
  C:\Windows\System\ZIgIdBY.exe
  2⤵
  PID:11688
- C:\Windows\System\bzWUgPi.exe
  C:\Windows\System\bzWUgPi.exe
  2⤵
  PID:11720
- C:\Windows\System\EzfhvHX.exe
  C:\Windows\System\EzfhvHX.exe
  2⤵
  PID:11748
- C:\Windows\System\slkhjai.exe
  C:\Windows\System\slkhjai.exe
  2⤵
  PID:11784
- C:\Windows\System\TMDatUT.exe
  C:\Windows\System\TMDatUT.exe
  2⤵
  PID:11808
- C:\Windows\System\fsrWFfB.exe
  C:\Windows\System\fsrWFfB.exe
  2⤵
  PID:11832
- C:\Windows\System\wnjBSaQ.exe
  C:\Windows\System\wnjBSaQ.exe
  2⤵
  PID:11864
- C:\Windows\System\YYWjtaQ.exe
  C:\Windows\System\YYWjtaQ.exe
  2⤵
  PID:11888
- C:\Windows\System\cWFgNgw.exe
  C:\Windows\System\cWFgNgw.exe
  2⤵
  PID:11924
- C:\Windows\System\dVNDnzk.exe
  C:\Windows\System\dVNDnzk.exe
  2⤵
  PID:11952
- C:\Windows\System\dfaTupa.exe
  C:\Windows\System\dfaTupa.exe
  2⤵
  PID:11976
- C:\Windows\System\yQcpYpR.exe
  C:\Windows\System\yQcpYpR.exe
  2⤵
  PID:12000
- C:\Windows\System\EeFBXoK.exe
  C:\Windows\System\EeFBXoK.exe
  2⤵
  PID:12032
- C:\Windows\System\dZysqud.exe
  C:\Windows\System\dZysqud.exe
  2⤵
  PID:12064
- C:\Windows\System\SlvirKy.exe
  C:\Windows\System\SlvirKy.exe
  2⤵
  PID:12100
- C:\Windows\System\KwpDVHr.exe
  C:\Windows\System\KwpDVHr.exe
  2⤵
  PID:12128
- C:\Windows\System\YQoTehv.exe
  C:\Windows\System\YQoTehv.exe
  2⤵
  PID:12148
- C:\Windows\System\xQJZxWa.exe
  C:\Windows\System\xQJZxWa.exe
  2⤵
  PID:12176
- C:\Windows\System\KReYwyb.exe
  C:\Windows\System\KReYwyb.exe
  2⤵
  PID:12204
- C:\Windows\System\vUESafS.exe
  C:\Windows\System\vUESafS.exe
  2⤵
  PID:12232
- C:\Windows\System\lrEPUXJ.exe
  C:\Windows\System\lrEPUXJ.exe
  2⤵
  PID:12264
- C:\Windows\System\sRNjFVZ.exe
  C:\Windows\System\sRNjFVZ.exe
  2⤵
  PID:11272
- C:\Windows\System\JzjgzQE.exe
  C:\Windows\System\JzjgzQE.exe
  2⤵
  PID:11348
- C:\Windows\System\iLEGvic.exe
  C:\Windows\System\iLEGvic.exe
  2⤵
  PID:11424
- C:\Windows\System\aESvqgs.exe
  C:\Windows\System\aESvqgs.exe
  2⤵
  PID:11520
- C:\Windows\System\edCBdDJ.exe
  C:\Windows\System\edCBdDJ.exe
  2⤵
  PID:11596
- C:\Windows\System\RqmbTOI.exe
  C:\Windows\System\RqmbTOI.exe
  2⤵
  PID:11516
- C:\Windows\System\NDjGXdU.exe
  C:\Windows\System\NDjGXdU.exe
  2⤵
  PID:11644
- C:\Windows\System\rwhAPfc.exe
  C:\Windows\System\rwhAPfc.exe
  2⤵
  PID:11716
- C:\Windows\System\TRIfaTJ.exe
  C:\Windows\System\TRIfaTJ.exe
  2⤵
  PID:11796
- C:\Windows\System\KakqxrN.exe
  C:\Windows\System\KakqxrN.exe
  2⤵
  PID:1216
- C:\Windows\System\FnIuEZo.exe
  C:\Windows\System\FnIuEZo.exe
  2⤵
  PID:3628
- C:\Windows\System\wMvWqUB.exe
  C:\Windows\System\wMvWqUB.exe
  2⤵
  PID:2992
- C:\Windows\System\BEsZbLN.exe
  C:\Windows\System\BEsZbLN.exe
  2⤵
  PID:11988
- C:\Windows\System\xaiouIL.exe
  C:\Windows\System\xaiouIL.exe
  2⤵
  PID:12056
- C:\Windows\System\EZKopcm.exe
  C:\Windows\System\EZKopcm.exe
  2⤵
  PID:12116
- C:\Windows\System\hiBHQis.exe
  C:\Windows\System\hiBHQis.exe
  2⤵
  PID:12172
- C:\Windows\System\ZMLtFJj.exe
  C:\Windows\System\ZMLtFJj.exe
  2⤵
  PID:12228
- C:\Windows\System\dXiuQpI.exe
  C:\Windows\System\dXiuQpI.exe
  2⤵
  PID:11300
- C:\Windows\System\QWTfewK.exe
  C:\Windows\System\QWTfewK.exe
  2⤵
  PID:11480
- C:\Windows\System\FeSBHHp.exe
  C:\Windows\System\FeSBHHp.exe
  2⤵
  PID:11504
- C:\Windows\System\QhskjZj.exe
  C:\Windows\System\QhskjZj.exe
  2⤵
  PID:2588
- C:\Windows\System\KoBtDew.exe
  C:\Windows\System\KoBtDew.exe
  2⤵
  PID:11684
- C:\Windows\System\pUvEZvf.exe
  C:\Windows\System\pUvEZvf.exe
  2⤵
  PID:11884
- C:\Windows\System\VaKFajR.exe
  C:\Windows\System\VaKFajR.exe
  2⤵
  PID:11964
- C:\Windows\System\ubbJrMg.exe
  C:\Windows\System\ubbJrMg.exe
  2⤵
  PID:12112
- C:\Windows\System\JbCDHrG.exe
  C:\Windows\System\JbCDHrG.exe
  2⤵
  PID:12256
- C:\Windows\System\DAOfjgY.exe
  C:\Windows\System\DAOfjgY.exe
  2⤵
  PID:11508
- C:\Windows\System\QmrJQyP.exe
  C:\Windows\System\QmrJQyP.exe
  2⤵
  PID:11792
- C:\Windows\System\wWDtuzA.exe
  C:\Windows\System\wWDtuzA.exe
  2⤵
  PID:12048
- C:\Windows\System\GUpfuXh.exe
  C:\Windows\System\GUpfuXh.exe
  2⤵
  PID:3136
- C:\Windows\System\gBTUhec.exe
  C:\Windows\System\gBTUhec.exe
  2⤵
  PID:11404
- C:\Windows\System\oBVPcRD.exe
  C:\Windows\System\oBVPcRD.exe
  2⤵
  PID:4740
- C:\Windows\System\RwmEotj.exe
  C:\Windows\System\RwmEotj.exe
  2⤵
  PID:4352
- C:\Windows\System\YxYtryE.exe
  C:\Windows\System\YxYtryE.exe
  2⤵
  PID:8872
- C:\Windows\System\eLPURgP.exe
  C:\Windows\System\eLPURgP.exe
  2⤵
  PID:9824
- C:\Windows\System\FwWYoeJ.exe
  C:\Windows\System\FwWYoeJ.exe
  2⤵
  PID:1488
- C:\Windows\System\KhUoQFA.exe
  C:\Windows\System\KhUoQFA.exe
  2⤵
  PID:3660
- C:\Windows\System\fOvrche.exe
  C:\Windows\System\fOvrche.exe
  2⤵
  PID:4264
- C:\Windows\System\hOsixKx.exe
  C:\Windows\System\hOsixKx.exe
  2⤵
  PID:12224
- C:\Windows\System\VvGWcwZ.exe
  C:\Windows\System\VvGWcwZ.exe
  2⤵
  PID:12308
- C:\Windows\System\PzeKucn.exe
  C:\Windows\System\PzeKucn.exe
  2⤵
  PID:12336
- C:\Windows\System\AJBBsVq.exe
  C:\Windows\System\AJBBsVq.exe
  2⤵
  PID:12364
- C:\Windows\System\uhOPpDg.exe
  C:\Windows\System\uhOPpDg.exe
  2⤵
  PID:12392
- C:\Windows\System\tujBNjJ.exe
  C:\Windows\System\tujBNjJ.exe
  2⤵
  PID:12420
- C:\Windows\System\AGGWIgC.exe
  C:\Windows\System\AGGWIgC.exe
  2⤵
  PID:12448
- C:\Windows\System\rcRdfgS.exe
  C:\Windows\System\rcRdfgS.exe
  2⤵
  PID:12476
- C:\Windows\System\zdmKDBH.exe
  C:\Windows\System\zdmKDBH.exe
  2⤵
  PID:12504
- C:\Windows\System\ZhyYqEB.exe
  C:\Windows\System\ZhyYqEB.exe
  2⤵
  PID:12532
- C:\Windows\System\BIUDXNT.exe
  C:\Windows\System\BIUDXNT.exe
  2⤵
  PID:12560
- C:\Windows\System\yDOuHcg.exe
  C:\Windows\System\yDOuHcg.exe
  2⤵
  PID:12588
- C:\Windows\System\hlFGuVi.exe
  C:\Windows\System\hlFGuVi.exe
  2⤵
  PID:12616
- C:\Windows\System\cyNDBYR.exe
  C:\Windows\System\cyNDBYR.exe
  2⤵
  PID:12644
- C:\Windows\System\ConcTad.exe
  C:\Windows\System\ConcTad.exe
  2⤵
  PID:12672
- C:\Windows\System\WGmHAzp.exe
  C:\Windows\System\WGmHAzp.exe
  2⤵
  PID:12700
- C:\Windows\System\TgSZyfl.exe
  C:\Windows\System\TgSZyfl.exe
  2⤵
  PID:12732
- C:\Windows\System\emHzHzg.exe
  C:\Windows\System\emHzHzg.exe
  2⤵
  PID:12772
- C:\Windows\System\vBIXFwv.exe
  C:\Windows\System\vBIXFwv.exe
  2⤵
  PID:12800
- C:\Windows\System\ciVWVjy.exe
  C:\Windows\System\ciVWVjy.exe
  2⤵
  PID:12828
- C:\Windows\System\shRTEdA.exe
  C:\Windows\System\shRTEdA.exe
  2⤵
  PID:12856
- C:\Windows\System\wVBqiGb.exe
  C:\Windows\System\wVBqiGb.exe
  2⤵
  PID:12884
- C:\Windows\System\ljdWqWt.exe
  C:\Windows\System\ljdWqWt.exe
  2⤵
  PID:12912
- C:\Windows\System\orflHnt.exe
  C:\Windows\System\orflHnt.exe
  2⤵
  PID:12940
- C:\Windows\System\aYSSRxn.exe
  C:\Windows\System\aYSSRxn.exe
  2⤵
  PID:12980
- C:\Windows\System\curxGpH.exe
  C:\Windows\System\curxGpH.exe
  2⤵
  PID:12996
- C:\Windows\System\uUGNzlQ.exe
  C:\Windows\System\uUGNzlQ.exe
  2⤵
  PID:13024
- C:\Windows\System\SfUzYJD.exe
  C:\Windows\System\SfUzYJD.exe
  2⤵
  PID:13052
- C:\Windows\System\vCZGwZl.exe
  C:\Windows\System\vCZGwZl.exe
  2⤵
  PID:13080
- C:\Windows\System\ixqorbM.exe
  C:\Windows\System\ixqorbM.exe
  2⤵
  PID:13108
- C:\Windows\System\FPfUZwc.exe
  C:\Windows\System\FPfUZwc.exe
  2⤵
  PID:13136
- C:\Windows\System\puAiXjh.exe
  C:\Windows\System\puAiXjh.exe
  2⤵
  PID:13164
- C:\Windows\System\joGGOfQ.exe
  C:\Windows\System\joGGOfQ.exe
  2⤵
  PID:13192
- C:\Windows\System\lPQjBgo.exe
  C:\Windows\System\lPQjBgo.exe
  2⤵
  PID:13228
- C:\Windows\System\pPFFCge.exe
  C:\Windows\System\pPFFCge.exe
  2⤵
  PID:13252
- C:\Windows\System\bFzMOPo.exe
  C:\Windows\System\bFzMOPo.exe
  2⤵
  PID:13280
- C:\Windows\System\IrIfvEx.exe
  C:\Windows\System\IrIfvEx.exe
  2⤵
  PID:13308
- C:\Windows\System\UiVNDQG.exe
  C:\Windows\System\UiVNDQG.exe
  2⤵
  PID:12320
- C:\Windows\System\HmZvSIv.exe
  C:\Windows\System\HmZvSIv.exe
  2⤵
  PID:12384
- C:\Windows\System\JcInMMu.exe
  C:\Windows\System\JcInMMu.exe
  2⤵
  PID:12444
- C:\Windows\System\NrNRTTo.exe
  C:\Windows\System\NrNRTTo.exe
  2⤵
  PID:12516
- C:\Windows\System\qKGYBzo.exe
  C:\Windows\System\qKGYBzo.exe
  2⤵
  PID:12580
- C:\Windows\System\hwJbvAM.exe
  C:\Windows\System\hwJbvAM.exe
  2⤵
  PID:12640
- C:\Windows\System\UNZtLSk.exe
  C:\Windows\System\UNZtLSk.exe
  2⤵
  PID:4480
- C:\Windows\System\GZBZgmg.exe
  C:\Windows\System\GZBZgmg.exe
  2⤵
  PID:12720
- C:\Windows\System\iNPPiPT.exe
  C:\Windows\System\iNPPiPT.exe
  2⤵
  PID:3100
- C:\Windows\System\IAxeICe.exe
  C:\Windows\System\IAxeICe.exe
  2⤵
  PID:12764
- C:\Windows\System\OLKNxEx.exe
  C:\Windows\System\OLKNxEx.exe
  2⤵
  PID:12824
- C:\Windows\System\KhxdEDK.exe
  C:\Windows\System\KhxdEDK.exe
  2⤵
  PID:12908
- C:\Windows\System\LgfNxMf.exe
  C:\Windows\System\LgfNxMf.exe
  2⤵
  PID:12960
- C:\Windows\System\lBdhtxS.exe
  C:\Windows\System\lBdhtxS.exe
  2⤵
  PID:13020
- C:\Windows\System\LwCcCWi.exe
  C:\Windows\System\LwCcCWi.exe
  2⤵
  PID:13096
- C:\Windows\System\JwLrtKr.exe
  C:\Windows\System\JwLrtKr.exe
  2⤵
  PID:13156
- C:\Windows\System\zsOdQIW.exe
  C:\Windows\System\zsOdQIW.exe
  2⤵
  PID:13216
- C:\Windows\System\qgwZtOB.exe
  C:\Windows\System\qgwZtOB.exe
  2⤵
  PID:12768
- C:\Windows\System\hUtCXHM.exe
  C:\Windows\System\hUtCXHM.exe
  2⤵
  PID:12348
- C:\Windows\System\UIhTLsW.exe
  C:\Windows\System\UIhTLsW.exe
  2⤵
  PID:12496
- C:\Windows\System\ZARCWzr.exe
  C:\Windows\System\ZARCWzr.exe
  2⤵
  PID:12636
- C:\Windows\System\OTEXnSg.exe
  C:\Windows\System\OTEXnSg.exe
  2⤵
  PID:1404
- C:\Windows\System\bIOXnmx.exe
  C:\Windows\System\bIOXnmx.exe
  2⤵
  PID:12796
- C:\Windows\System\fIsZPiQ.exe
  C:\Windows\System\fIsZPiQ.exe
  2⤵
  PID:12936
- C:\Windows\System\HftBbxP.exe
  C:\Windows\System\HftBbxP.exe
  2⤵
  PID:13076
- C:\Windows\System\aXLAQgS.exe
  C:\Windows\System\aXLAQgS.exe
  2⤵
  PID:13248
- C:\Windows\System\ByJWlTi.exe
  C:\Windows\System\ByJWlTi.exe
  2⤵
  PID:12440
- C:\Windows\System\zItHBWp.exe
  C:\Windows\System\zItHBWp.exe
  2⤵
  PID:12752
- C:\Windows\System\kkcAgHF.exe
  C:\Windows\System\kkcAgHF.exe
  2⤵
  PID:13016
- C:\Windows\System\WrGzUUY.exe
  C:\Windows\System\WrGzUUY.exe
  2⤵
  PID:12692
- C:\Windows\System\lxzXWGQ.exe
  C:\Windows\System\lxzXWGQ.exe
  2⤵
  PID:12880
- C:\Windows\System\YoPdAnE.exe
  C:\Windows\System\YoPdAnE.exe
  2⤵
  PID:12852
- C:\Windows\System\BlXJjFR.exe
  C:\Windows\System\BlXJjFR.exe
  2⤵
  PID:13328
- C:\Windows\System\EXsDGEw.exe
  C:\Windows\System\EXsDGEw.exe
  2⤵
  PID:13368
- C:\Windows\System\gYKiylO.exe
  C:\Windows\System\gYKiylO.exe
  2⤵
  PID:13388
- C:\Windows\System\eGpVfff.exe
  C:\Windows\System\eGpVfff.exe
  2⤵
  PID:13428
- C:\Windows\System\RJgFfNT.exe
  C:\Windows\System\RJgFfNT.exe
  2⤵
  PID:13464
- C:\Windows\System\MkPtNFe.exe
  C:\Windows\System\MkPtNFe.exe
  2⤵
  PID:13484
- C:\Windows\System\HMFIhtC.exe
  C:\Windows\System\HMFIhtC.exe
  2⤵
  PID:13524
- C:\Windows\System\MpzeaRl.exe
  C:\Windows\System\MpzeaRl.exe
  2⤵
  PID:13548
- C:\Windows\System\LcSAOnk.exe
  C:\Windows\System\LcSAOnk.exe
  2⤵
  PID:13580
- C:\Windows\System\ycjvNJP.exe
  C:\Windows\System\ycjvNJP.exe
  2⤵
  PID:13608
- C:\Windows\System\KBdrmSM.exe
  C:\Windows\System\KBdrmSM.exe
  2⤵
  PID:13636
- C:\Windows\System\lBmkWxD.exe
  C:\Windows\System\lBmkWxD.exe
  2⤵
  PID:13664
- C:\Windows\System\oFLYjOP.exe
  C:\Windows\System\oFLYjOP.exe
  2⤵
  PID:13692
- C:\Windows\System\sExJtTV.exe
  C:\Windows\System\sExJtTV.exe
  2⤵
  PID:13720
- C:\Windows\System\CPCUMoB.exe
  C:\Windows\System\CPCUMoB.exe
  2⤵
  PID:13748
- C:\Windows\System\BBsrRoG.exe
  C:\Windows\System\BBsrRoG.exe
  2⤵
  PID:13780
- C:\Windows\System\HYPHHJp.exe
  C:\Windows\System\HYPHHJp.exe
  2⤵
  PID:13808
- C:\Windows\System\lYBBAds.exe
  C:\Windows\System\lYBBAds.exe
  2⤵
  PID:13836
- C:\Windows\System\ptGOmmQ.exe
  C:\Windows\System\ptGOmmQ.exe
  2⤵
  PID:13864
- C:\Windows\System\sJULiim.exe
  C:\Windows\System\sJULiim.exe
  2⤵
  PID:13892
- C:\Windows\System\IlcoYrh.exe
  C:\Windows\System\IlcoYrh.exe
  2⤵
  PID:13920
- C:\Windows\System\ZjZUiOT.exe
  C:\Windows\System\ZjZUiOT.exe
  2⤵
  PID:13948
- C:\Windows\System\vImUGNx.exe
  C:\Windows\System\vImUGNx.exe
  2⤵
  PID:13976
- C:\Windows\System\NAGFgxv.exe
  C:\Windows\System\NAGFgxv.exe
  2⤵
  PID:14004
- C:\Windows\System\tDxAgmm.exe
  C:\Windows\System\tDxAgmm.exe
  2⤵
  PID:14032
- C:\Windows\System\geYgWJi.exe
  C:\Windows\System\geYgWJi.exe
  2⤵
  PID:14060
- C:\Windows\System\zBsBUuD.exe
  C:\Windows\System\zBsBUuD.exe
  2⤵
  PID:14088
- C:\Windows\System\lCVwzNz.exe
  C:\Windows\System\lCVwzNz.exe
  2⤵
  PID:14116
- C:\Windows\System\WSJPDmE.exe
  C:\Windows\System\WSJPDmE.exe
  2⤵
  PID:14144
- C:\Windows\System\hkIjRHU.exe
  C:\Windows\System\hkIjRHU.exe
  2⤵
  PID:14172
- C:\Windows\System\IOTjVRK.exe
  C:\Windows\System\IOTjVRK.exe
  2⤵
  PID:14200
- C:\Windows\System\VpHIOYf.exe
  C:\Windows\System\VpHIOYf.exe
  2⤵
  PID:14228
- C:\Windows\System\UGrOmrB.exe
  C:\Windows\System\UGrOmrB.exe
  2⤵
  PID:14256
- C:\Windows\System\lBrmWLD.exe
  C:\Windows\System\lBrmWLD.exe
  2⤵
  PID:14284
- C:\Windows\System\recyFoS.exe
  C:\Windows\System\recyFoS.exe
  2⤵
  PID:14312
- C:\Windows\System\RvcvjNt.exe
  C:\Windows\System\RvcvjNt.exe
  2⤵
  PID:13320
- C:\Windows\System\gxZORkN.exe
  C:\Windows\System\gxZORkN.exe
  2⤵
  PID:1464
- C:\Windows\System\rLOxwJp.exe
  C:\Windows\System\rLOxwJp.exe
  2⤵
  PID:13420
- C:\Windows\System\uUEDoLH.exe
  C:\Windows\System\uUEDoLH.exe
  2⤵
  PID:1480
- C:\Windows\System\FiGyqgn.exe
  C:\Windows\System\FiGyqgn.exe
  2⤵
  PID:3588
- C:\Windows\System\rOYHquP.exe
  C:\Windows\System\rOYHquP.exe
  2⤵
  PID:4876
- C:\Windows\System\wQbujGg.exe
  C:\Windows\System\wQbujGg.exe
  2⤵
  PID:3548
- C:\Windows\System\cpuVqIb.exe
  C:\Windows\System\cpuVqIb.exe
  2⤵
  PID:13572
- C:\Windows\System\vSmQEen.exe
  C:\Windows\System\vSmQEen.exe
  2⤵
  PID:1700
- C:\Windows\System\mAnFeyf.exe
  C:\Windows\System\mAnFeyf.exe
  2⤵
  PID:13620
- C:\Windows\System\PidGmWh.exe
  C:\Windows\System\PidGmWh.exe
  2⤵
  PID:13660
- C:\Windows\System\NmKnXRE.exe
  C:\Windows\System\NmKnXRE.exe
  2⤵
  PID:4624
- C:\Windows\System\wIjjCmk.exe
  C:\Windows\System\wIjjCmk.exe
  2⤵
  PID:13744
- C:\Windows\System\ufjIuVw.exe
  C:\Windows\System\ufjIuVw.exe
  2⤵
  PID:3684
- C:\Windows\System\jfhjuJh.exe
  C:\Windows\System\jfhjuJh.exe
  2⤵
  PID:13828
- C:\Windows\System\bEEJIYj.exe
  C:\Windows\System\bEEJIYj.exe
  2⤵
  PID:13876
- C:\Windows\System\EsrwTAv.exe
  C:\Windows\System\EsrwTAv.exe
  2⤵
  PID:13912
- C:\Windows\System\QWUcPmU.exe
  C:\Windows\System\QWUcPmU.exe
  2⤵
  PID:13944
- C:\Windows\System\oxdmNfN.exe
  C:\Windows\System\oxdmNfN.exe
  2⤵
  PID:2304
- C:\Windows\System\OwFbMiH.exe
  C:\Windows\System\OwFbMiH.exe
  2⤵
  PID:14028
- C:\Windows\System\GHLPZZy.exe
  C:\Windows\System\GHLPZZy.exe
  2⤵
  PID:376
- C:\Windows\System\QjuQXPb.exe
  C:\Windows\System\QjuQXPb.exe
  2⤵
  PID:3948
- C:\Windows\System\RnKZPGn.exe
  C:\Windows\System\RnKZPGn.exe
  2⤵
  PID:3920
- C:\Windows\System\twXhhjC.exe
  C:\Windows\System\twXhhjC.exe
  2⤵
  PID:14196
- C:\Windows\System\lbDebMj.exe
  C:\Windows\System\lbDebMj.exe
  2⤵
  PID:1484
- C:\Windows\System\xxwGYgN.exe
  C:\Windows\System\xxwGYgN.exe
  2⤵
  PID:14276
- C:\Windows\System\meILNeO.exe
  C:\Windows\System\meILNeO.exe
  2⤵
  PID:14308
- C:\Windows\System\SCRMaOt.exe
  C:\Windows\System\SCRMaOt.exe
  2⤵
  PID:14332
- C:\Windows\System\jSnyWUA.exe
  C:\Windows\System\jSnyWUA.exe
  2⤵
  PID:4224
- C:\Windows\System\RyMjnan.exe
  C:\Windows\System\RyMjnan.exe
  2⤵
  PID:13408
- C:\Windows\System\jUSpNXW.exe
  C:\Windows\System\jUSpNXW.exe
  2⤵
  PID:648
- C:\Windows\System\nTmzZFK.exe
  C:\Windows\System\nTmzZFK.exe
  2⤵
  PID:13496
- C:\Windows\System\QolqKIN.exe
  C:\Windows\System\QolqKIN.exe
  2⤵
  PID:4344
- C:\Windows\System\fcFPIkp.exe
  C:\Windows\System\fcFPIkp.exe
  2⤵
  PID:224
- C:\Windows\System\YbuWyWW.exe
  C:\Windows\System\YbuWyWW.exe
  2⤵
  PID:13656
- C:\Windows\System\bqsVFhq.exe
  C:\Windows\System\bqsVFhq.exe
  2⤵
  PID:4376
- C:\Windows\System\VxvxZOM.exe
  C:\Windows\System\VxvxZOM.exe
  2⤵
  PID:13776
- C:\Windows\System\uTHsZSZ.exe
  C:\Windows\System\uTHsZSZ.exe
  2⤵
  PID:13860
- C:\Windows\System\aduntiN.exe
  C:\Windows\System\aduntiN.exe
  2⤵
  PID:3284
- C:\Windows\System\OamrDnw.exe
  C:\Windows\System\OamrDnw.exe
  2⤵
  PID:4832
- C:\Windows\System\tEakXxA.exe
  C:\Windows\System\tEakXxA.exe
  2⤵
  PID:720
- C:\Windows\System\RjbGzvG.exe
  C:\Windows\System\RjbGzvG.exe
  2⤵
  PID:5736
- C:\Windows\System\eOkjkCA.exe
  C:\Windows\System\eOkjkCA.exe
  2⤵
  PID:14136
- C:\Windows\System\UxhEJYX.exe
  C:\Windows\System\UxhEJYX.exe
  2⤵
  PID:5252
- C:\Windows\System\WsRLbok.exe
  C:\Windows\System\WsRLbok.exe
  2⤵
  PID:14240
- C:\Windows\System\qDCrGkP.exe
  C:\Windows\System\qDCrGkP.exe
  2⤵
  PID:2676
- C:\Windows\System\hKGqfmp.exe
  C:\Windows\System\hKGqfmp.exe
  2⤵
  PID:1640
- C:\Windows\System\rLYDdJI.exe
  C:\Windows\System\rLYDdJI.exe
  2⤵
  PID:5400
- C:\Windows\System\qAHzBGQ.exe
  C:\Windows\System\qAHzBGQ.exe
  2⤵
  PID:13440
- C:\Windows\System\mzhnhvY.exe
  C:\Windows\System\mzhnhvY.exe
  2⤵
  PID:2404
- C:\Windows\System\yEfzIpX.exe
  C:\Windows\System\yEfzIpX.exe
  2⤵
  PID:13600
- C:\Windows\System\MGRHCYt.exe
  C:\Windows\System\MGRHCYt.exe
  2⤵
  PID:2548
- C:\Windows\System\sBRtQyt.exe
  C:\Windows\System\sBRtQyt.exe
  2⤵
  PID:4932
- C:\Windows\System\kOCaobs.exe
  C:\Windows\System\kOCaobs.exe
  2⤵
  PID:2220
- C:\Windows\System\vOuXZIK.exe
  C:\Windows\System\vOuXZIK.exe
  2⤵
  PID:3424
- C:\Windows\System\qQfAYWF.exe
  C:\Windows\System\qQfAYWF.exe
  2⤵
  PID:5704
- C:\Windows\System\PmKsWJB.exe
  C:\Windows\System\PmKsWJB.exe
  2⤵
  PID:5260
- C:\Windows\System\nURvMtB.exe
  C:\Windows\System\nURvMtB.exe
  2⤵
  PID:2604
- C:\Windows\System\Ocaqkbu.exe
  C:\Windows\System\Ocaqkbu.exe
  2⤵
  PID:5824
- C:\Windows\System\BcYhiLK.exe
  C:\Windows\System\BcYhiLK.exe
  2⤵
  PID:3152
- C:\Windows\System\rjcqIWO.exe
  C:\Windows\System\rjcqIWO.exe
  2⤵
  PID:5424
- C:\Windows\System\sjCdiOD.exe
  C:\Windows\System\sjCdiOD.exe
  2⤵
  PID:1492
- C:\Windows\System\zZFHceZ.exe
  C:\Windows\System\zZFHceZ.exe
  2⤵
  PID:13652
- C:\Windows\System\XzrhpGf.exe
  C:\Windows\System\XzrhpGf.exe
  2⤵
  PID:5484
- C:\Windows\System\dkIDQyN.exe
  C:\Windows\System\dkIDQyN.exe
  2⤵
  PID:6132
- C:\Windows\System\hUvcefW.exe
  C:\Windows\System\hUvcefW.exe
  2⤵
  PID:5284
- C:\Windows\System\nqquZGv.exe
  C:\Windows\System\nqquZGv.exe
  2⤵
  PID:4240
- C:\Windows\System\tRMWzbd.exe
  C:\Windows\System\tRMWzbd.exe
  2⤵
  PID:13940
- C:\Windows\System\qzmAoAu.exe
  C:\Windows\System\qzmAoAu.exe
  2⤵
  PID:5528
- C:\Windows\System\sDhOcgW.exe
  C:\Windows\System\sDhOcgW.exe
  2⤵
  PID:5732
- C:\Windows\System\wNRYbZF.exe
  C:\Windows\System\wNRYbZF.exe
  2⤵
  PID:5340
- C:\Windows\System\YyshfhJ.exe
  C:\Windows\System\YyshfhJ.exe
  2⤵
  PID:5800
- C:\Windows\System\QphKqEs.exe
  C:\Windows\System\QphKqEs.exe
  2⤵
  PID:5864
- C:\Windows\System\AUmBsNK.exe
  C:\Windows\System\AUmBsNK.exe
  2⤵
  PID:5568
- C:\Windows\System\RWXWSsU.exe
  C:\Windows\System\RWXWSsU.exe
  2⤵
  PID:6036
- C:\Windows\System\fFfIlOx.exe
  C:\Windows\System\fFfIlOx.exe
  2⤵
  PID:5144
- C:\Windows\System\MqKswHg.exe
  C:\Windows\System\MqKswHg.exe
  2⤵
  PID:5592
- C:\Windows\System\VcAwCip.exe
  C:\Windows\System\VcAwCip.exe
  2⤵
  PID:5508
- C:\Windows\System\lIuLsmH.exe
  C:\Windows\System\lIuLsmH.exe
  2⤵
  PID:4856
- C:\Windows\System\WaaoZZz.exe
  C:\Windows\System\WaaoZZz.exe
  2⤵
  PID:3980
- C:\Windows\System\wZXrdoi.exe
  C:\Windows\System\wZXrdoi.exe
  2⤵
  PID:6168
- C:\Windows\System\BfqHgWl.exe
  C:\Windows\System\BfqHgWl.exe
  2⤵
  PID:10940
- C:\Windows\System\gKMQPCY.exe
  C:\Windows\System\gKMQPCY.exe
  2⤵
  PID:5316
- C:\Windows\System\YQwJrZl.exe
  C:\Windows\System\YQwJrZl.exe
  2⤵
  PID:5600
- C:\Windows\System\beGkbdk.exe
  C:\Windows\System\beGkbdk.exe
  2⤵
  PID:5228
- C:\Windows\System\odGthEt.exe
  C:\Windows\System\odGthEt.exe
  2⤵
  PID:10468
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 10468 -s 252
    3⤵
    PID:5556
- C:\Windows\System\vIAcoCK.exe
  C:\Windows\System\vIAcoCK.exe
  2⤵
  PID:5812
- C:\Windows\System\MjEtTuP.exe
  C:\Windows\System\MjEtTuP.exe
  2⤵
  PID:6572
- C:\Windows\System\ERbLTEr.exe
  C:\Windows\System\ERbLTEr.exe
  2⤵
  PID:6628

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource core
1⤵
- System Location Discovery: System Language Discovery
PID:2220

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTQ5OEFEMUEtRkM0QS00M0IzLTgyRjUtNTQ1OTNGRTNEM0REfSIgdXNlcmlkPSJ7Njk4NENGMUUtMDEyMy00QjQyLUIxQTktNEZFNEZCRkM0MUJFfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MzZFRkUwNkMtRTU3Qy00QTY3LUEzMUQtMzczRTE4NTBDQTlDfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI5IiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDU5MjEiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxODE5ODA3NzAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MDQ1MDczNDc1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:3772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
404KB

MD5
41660d1ce17629d61a7faf1183f81bee

SHA1
ade381805b96a9a8113a134a2d796325d60c907e

SHA256
d4dbe5e2bf7879b57037014377dcd8c4f8450eb2b05423d4aca7116841dfc8d7

SHA512
6c39f41b4f5dc81f7cd0493ed298358f2608a5b158faa6c645f06ac620e3635d98516f29f885567597333475591f7bbb851381be623239b1a0c3a9062cfcb4b5

Download Submit
C:\Windows\System\BHgPLSY.exe

Filesize
6.0MB

MD5
1568e03ce0e510f6b965cd62dc793905

SHA1
ca1ac39720b148c7a2aa4c9db92a3b922777947d

SHA256
a47a4669c63d838e3a475860875c73255a176f13f7f8c8c0970aa9fccd0946bb

SHA512
0fc82bc03bd76dc01bbda88446e773e41c77b80324086c65cc14c39d226bf1e96e58dfd14f70539d8152ffdf3cb80e4ab86cc1f1aec5f4f6655cee038388136a

Download Submit
C:\Windows\System\BbdEctr.exe

Filesize
6.0MB

MD5
557c17637f9ea46cab595ad4f4244295

SHA1
923e0ef7c0d64da6d2dcc91ca4056c4265ffcce6

SHA256
fe61115d8a16618b9c988a0671bc16275b5f79f7b8eb61199d81b84346d33458

SHA512
e427f87e2881e557746e743c3e5369362324807f297970e5b8775818435fbecf37be89ae24067c0000cab77c316c5f0a9ac2435d8d040af3c89d3216091b89d1

Download Submit
C:\Windows\System\CmcdqeV.exe

Filesize
6.0MB

MD5
6d77d3ed1022f06ad705df5d3425cb4a

SHA1
9726da3be45ce49ea6134ad4d4f1a42b64629cf1

SHA256
26d206bff3b352e3d69865cdfbc5a0c65526c4c974f9fcf8e4eb7bcd7391b341

SHA512
59621c3e424724cd893ffb1e481d41a7b7c98ed10bc3d7e7dac5c089d46d139925bdd88c99019274c6abd9beb9bd91f7a304cbc7e62484521d0e976181f6dfed

Download Submit
C:\Windows\System\EBlrkIi.exe

Filesize
6.0MB

MD5
b628af09b830eb907ff6d3f09ffa0a84

SHA1
9b0a20e1e7a718802ef5a384fb96a3714ec23aee

SHA256
7e63f190239fb5115905ad72e0106d0f476867e1a30e0a646a7c0dd6146f2ed3

SHA512
bf7139156531a5231dff27c9594c3ccca1a297c1f2daad8b84cd5086a9b2ebea1f7e8815d978485c4032b8485fd81b2d4aab57f5c5a877354f49026586349a06

Download Submit
C:\Windows\System\GOCemca.exe

Filesize
6.0MB

MD5
5f2a0fc4f5561b833073c5633a4eef42

SHA1
cb20bdaea25318ab77db6fbfbcc073096b4c6d24

SHA256
44907bb4c9603b36e64d3509ee4e5e4b019c6ea567a01955bb229e11df5d6eab

SHA512
0f809a5cc50645b2067e86442e1c46b26265eaed3012b8e3fe69299486c66ccd08503aed1bcb23181924fe6971a936dd0ba7eeca7157cf0ac02f8595ca74d295

Download Submit
C:\Windows\System\GXaTnxR.exe

Filesize
6.0MB

MD5
6c83063104afaa1558d441df03b3147c

SHA1
083bea887ca485c8d3fbcc9bcb6352111310c48e

SHA256
559d8fd49f2f81e09df7ab7bc6fae1f12f1ee3a6792f1f1af713c6f0ba986d4f

SHA512
492e23c8007cbbccb5d2319e52ab3c88371d312e2ba0dc7a845b99048f24b812e3b730752a3a5ec20615da03e3dd9083f02cb3c3afc4c0e5c2e990bde17f4890

Download Submit
C:\Windows\System\IGyQjWq.exe

Filesize
6.0MB

MD5
978949571a302f6f7d21dca390e47263

SHA1
b6d7990057b9be5a7ae813d20d5fc44d5a07d84a

SHA256
7bf2bd758e877c89bbb64316d406929aa38c8e282bc0981f268c68d1fd63001a

SHA512
ea4191092ca804440a6cb9123f76df7d69642e794a6413abdad6aa15e28325448988e7cd775821e91861d6a0666f22601bac05fc15baecefdb7d10e5c2e7021c

Download Submit
C:\Windows\System\LybPSgq.exe

Filesize
6.0MB

MD5
ff7d56d44456420a92e327734cd28383

SHA1
2456a174989016b19028eb614c885b562a4ef37c

SHA256
552893ecde310adfac5ba8e71b9f21fb481bbdeaef7627ffb8694453faf768f8

SHA512
fad7a7b504bb84b26b734e98e7ca3947d41e47f5f9438cce6b39415770d0fcfbb0cb8fb21c09879b70ba99686dbd1a9e7b60361f8bf22eba1b51c234b8ce276e

Download Submit
C:\Windows\System\NgAoOZU.exe

Filesize
6.0MB

MD5
4905e4e8dc8db3804c78582b234b0910

SHA1
5e5d0874a773b402c7cf8b23c8fd90d1d735f01d

SHA256
13e93f09c67551106ed5afc0ec225c9a1ce48f5dac7a3ed9ea7253329135c6a9

SHA512
901852dfabcf48f69d951252e77dea479ddf8af9d0c1102390cf4712a312d408eca15debbb3bc5e38440b19ef0e54e002e5bf786030b274f726e8cbf853ac418

Download Submit
C:\Windows\System\OvefprK.exe

Filesize
6.0MB

MD5
2d3842c50102271a48d369384892e018

SHA1
300e0986405b034647c8d51b02f3bd7f349922aa

SHA256
9e1d04858b2ba35e83c27945307b7f6ae172c622073434d95c21615d069439bb

SHA512
647c40db7070433846aa5f688de4b911b3df2b4cde539d2f52575f9744b007447de20d8c27ebd41a77833255f7a029299ea3bba4d68b32fea3ccb274395b54c9

Download Submit
C:\Windows\System\SIWEqJX.exe

Filesize
6.0MB

MD5
90154e6ac43b5f902beea84d32d2baba

SHA1
e94777ee0d3bc4f5705958645346cc67c50af59d

SHA256
7ec5d25eb814adbe988592a1415a2fd9cffe107835c45c5ce7fcb281c5ede58e

SHA512
9420c3bfe050fb328dc2d69971310ae2bb86cd3cdedc3a142c38075ba2dbcf1f0c88f3a84f2d3c0335802aa6939e63725dfa7627d1acbdfd4c98f5aa4b6b0bb7

Download Submit
C:\Windows\System\TdzLplR.exe

Filesize
6.0MB

MD5
8bda7484c321de66dd28203be115e1cf

SHA1
a8a8e0b68cd879a7a4936bb4065519a0e2b2a726

SHA256
8f6ebb3c067e05ccef8b49abe98fa4a29e5faefcf5841fe9333313bce0d7d439

SHA512
49d353ae235c78638530a44bbc13ed12adc39bc65960c6135282a13fa4d469bae2bc5392a46c9ff30831d1cfcf98e012705c7770f1b8d3354521ad942e0ac09e

Download Submit
C:\Windows\System\WJtrHSn.exe

Filesize
6.0MB

MD5
a2403864c1791a411af32b678ba5d948

SHA1
069f41a4f412f5e628a374100ba6ec72b5267cc4

SHA256
3f42b72534840192748779f0376804f3ee7beb46564bbad775904903bb806c34

SHA512
e2aab6e7a33d843400d60c44b2d2ef2bc074a62a8dc3422cf0fe6947852df52270b515b198be71e8ce989834a183f60533863b589a1377b08b84404560a43b30

Download Submit
C:\Windows\System\XKlkhNX.exe

Filesize
6.0MB

MD5
d7a28242d8339a2b92d7f2d7353f75aa

SHA1
7f2e556ff2e47d47fa4e931a18c847433184c40e

SHA256
8d9119f4da2de40ccb62d42f84cadb8f9d2c099c9dda2b0d5bda24ad5c2c4969

SHA512
ac99bcb36ecd1cbf34c87341f833b5ca158e4ba375b0f88e90e03f911abd897b1cae5039bc2354a3b208dbef6aa1a88cca28d53d959f55ab16f47875ea48214e

Download Submit
C:\Windows\System\ZpAexbL.exe

Filesize
6.0MB

MD5
4a354af8410ca92b0108cc12e50b5a30

SHA1
559a8be96b1b9c5706a69728d1028859f4bbfa79

SHA256
099b9fab9729b28c399ca78bfee5c6eb806ef2148ce5a06bfc98f9f341e4cbe2

SHA512
9499ae3ebb79e2c34ff6f6192706486111d9d544f1378b6d679e93703fd7e5343053d4087d27a33b76e087006d73ceaa95084ebf9269fb3c6863ed7e29c107c7

Download Submit
C:\Windows\System\gCuYBAo.exe

Filesize
6.0MB

MD5
0ec8fcfcc4000118bb46a0dcb46592f3

SHA1
228301fd105a99cd7902d56a4879602a6ce26e41

SHA256
633628dbecb33545aba0354559ab9615a4579438e00eabcf6f28d99f9618ddc9

SHA512
22e8e5eec2549784b3095e0cec5dc434cf666821e2d22bb0253daee950ca2da1ee9fd7ebb485f8f7c867dfb7b9e0205916cbd97ed32a4db1567ce5cd02b5e634

Download Submit
C:\Windows\System\isoSEnW.exe

Filesize
6.0MB

MD5
db7a5b9088c4f3180ad32974cc57bc03

SHA1
f0a6eb130bd6f1e426646db326034f70ed5c9768

SHA256
cffd83c4163fe76d8b6d6df06df69f19118500195b0e0754f8b89a4c6f466c4a

SHA512
ae4591c5a84b215e50761fb62340a8ed00f8a3ddea60773f6be0e7450a608d48b2ff2ba065c32da54a416808a17b6ae60364bbe72841683a77af0e750f0ca4d2

Download Submit
C:\Windows\System\jdKGiGX.exe

Filesize
6.0MB

MD5
cff086592a65d8166ea193b26f87d801

SHA1
ed0d2c74e7e7e1e1074e61bd3cd07416fb75341a

SHA256
787d6b136da32871103a6891eee6bd746ca08ce0a1ce1a66b789f5714e5ace4c

SHA512
7b20fb52d00aace4fedf3f0e66ad0500b85ea600cf079e70f9b06f096b5aa5d9f73546758825a6fb80c50cb51822d02280fbc4c8afdf5ceda58634757a841c6d

Download Submit
C:\Windows\System\jwTnLAf.exe

Filesize
6.0MB

MD5
2480a7da0ac858a83b10dab53b70378b

SHA1
bf3bc12e1274d1ed686cb00a155ad235dc3ea14a

SHA256
3aef1b96764b3573e8a3f7e04223692f43073b141280fc7d7f9f79f5573cfadb

SHA512
5cfc3a1438db9cdca919fb07ce27c78697b8f6309b30fa2ce8e902a1a951ede945559ba47770815222091b527f9ae697bb4da6d5fbc3e9cbd570829c1d5272a0

Download Submit
C:\Windows\System\mMYEnvo.exe

Filesize
6.0MB

MD5
e0146849c6f9f6198b07bed1073a5666

SHA1
8cfeed6488ad9a75474dfded3a85fbd76f8149ee

SHA256
84b1b71080d143d7040b85e2542d171026237071e4f796d885958e3befae706a

SHA512
57df510da745dabe05972cfd216514cf496f7deed92ed966174861efcf8cebf49136b392f5321c21c067e4680dcfe6acf693f62d8dc586608d3be432eb5e737a

Download Submit
C:\Windows\System\oQNexXF.exe

Filesize
6.0MB

MD5
c45a5e91e19cac2c0f4bdfac4300a074

SHA1
5901266d4278979cd2fcd5b48d93fa8a7a07fab6

SHA256
1387d14aaf8b36db81470bc207bea2b897f210143296a78d9f364fe152c49cfb

SHA512
76f4e93041b5ef408bcca79d0ab7b4f63be0944c54d46dfc0414d268ceffc82992e86e4d4b0ff17853d23bf70755c850c8c733412f69a40dac4e4b566799381f

Download Submit
C:\Windows\System\oexECyK.exe

Filesize
6.0MB

MD5
f59a003b0b743b7e8a4504495572bc74

SHA1
b808f84da5dd28b844a538a7cf00a653bfdb2b6c

SHA256
f53af43a117647e9a21e9f70ce245e41202eb277ffd7d57f260b712320aff11d

SHA512
1100f0bff3b76c23b28f8168a9c7193e560b8380a9141440ab790f31139b0a23c15569be8ba7f1b6c0f3a5cfedc0351648206f97851e4f00abda95314ef351b7

Download Submit
C:\Windows\System\pDBkPwz.exe

Filesize
6.0MB

MD5
77f1cb8c8b864ffbe54b8d09eba66392

SHA1
25b8e988fa18693c9048ec63eef82654de84e0fa

SHA256
e68362f4f8b0585488ee98c5239b81bc03eb22a4675cf86a550405fa734e8583

SHA512
05018c971e21a9a03960b759ecf8409489699e5a8217973e8d1f73e38285806c2e23365afa2d9306cfebda55b1ce8d43cd036de0324a77b1821efe698594a3d2

Download Submit
C:\Windows\System\pSmFuVa.exe

Filesize
6.0MB

MD5
def9595710abe5d894a5f9fcbdbcd106

SHA1
c9b48699549b522903f9e5a5d5ac14c0f88ce8f5

SHA256
15a390c1c39435c466040548edb748b3ba67b05aeb6296134c376cb2305918e6

SHA512
2ad338abfd44f404ff6526dd8a78c5f7e8ce409bc47abcae3d569e6a73130f8bab61990a883fb61bbb3ebfb9c78f2f04723b0d4f2b7335466b819f209b8082a1

Download Submit
C:\Windows\System\pUdvUpL.exe

Filesize
6.0MB

MD5
4bc98e511ef100066100c5190f7d451f

SHA1
a19ce9a98af2846a5adccb9ff48bc5c9b7e85126

SHA256
6ea46ebf3b691d256a115dafda4c87fe35dc14194b122860d6a81f6e6f9ccb30

SHA512
39ce7aa39ec23692deb1039c8200a18011ca19441776f503af7011108a0b3e83b7841fa95abef477d34db2c102900db17bb179b66bc29868d237975ce50191aa

Download Submit
C:\Windows\System\pWklXQi.exe

Filesize
6.0MB

MD5
67209f0fd464453970c576febd564b3b

SHA1
f35e9b4fc212179ae3dcf935811afeff30fd5f0d

SHA256
c846ca8ee929cb032d57e8a46c9d7e47ac34e52d8fccefaeab1272987eabc7de

SHA512
dee159cc1f1031c98eca67d999759c420cd8b79c57777638665d4f6d0993998afe5f7d3d80da058c98312f2f370f4e17129f1f7866cdcc0ac15aff40d7dbb2ab

Download Submit
C:\Windows\System\qAFNSPr.exe

Filesize
6.0MB

MD5
4e5c69956949eebf4eb4f0e10b203372

SHA1
b58d694b36d526b0565bd2c9846a202d21c0f187

SHA256
48daffd83f835d56286a121ba56e8075041454699cb7ed069209e6dae0386605

SHA512
4c4a91136b4e6cb3fb0dcbe74fdfb92a1c64305cf56974693ff2b8b3959490d1a05aa9d2f88f207e38ecf4f3329331bb40416784c1fb7decd3d3f9cec18588db

Download Submit
C:\Windows\System\reQacDF.exe

Filesize
6.0MB

MD5
bd28baf3da5a43a43c543d417fe0baf7

SHA1
9688081cc430b20ccbc3ee4fb7ff06b1d75a7c94

SHA256
1934ac73d2ead102098dd89e54ddd23339d8c74e9ec0739fc0e9e57284771c45

SHA512
7595c4c3d627ec668aac5ac46231b5294284ce5c557478e067993579d629ab1b9bbc441ed0c0e884e79f621bf48864ad5bf3fdd945d489af7ce8dcfe62984cef

Download Submit
C:\Windows\System\tPZIEJD.exe

Filesize
6.0MB

MD5
acedb002a97106d794134eb199237a2b

SHA1
f3770245e738eabbbdf0130a9f3c4fb348f93179

SHA256
d71fe1994f03ece19b806db00dd6286ff77fb29eb4bfcddcb01b521f39e99312

SHA512
83867a8993dadd457b716a2056940001c22f8b9ee9ea1386d2f6612ed2312d5d29203266ca99d685238c66d718245659e28e3dec38914189c0367f299231c993

Download Submit
C:\Windows\System\xZkRlZb.exe

Filesize
6.0MB

MD5
58b5b71c769ab6b7761b268bda4d8d80

SHA1
5ab5960f7edcf6221f92a71c75338cace960bc9b

SHA256
c049e30f9434490bfec0741042b4a4035a3def7827777259262dc8ba09447c0a

SHA512
bf139626e3dfb5a51e4d5e908fe421a902a5edeee76ecd7a6b762cba4f5fe1b05b2c7d9e13e9b55f9576febf6a077878c009201dac8686dbd1ded2ba30d8b10d

Download Submit
C:\Windows\System\xisjvmD.exe

Filesize
6.0MB

MD5
d8ae4de56df8c01954b699d294c18b59

SHA1
c944e57919dab0027c41159eae20c5930e0968d2

SHA256
f839ea440220778d9003427fb7145acb80d4b34213e007c1ba9c5642135bd010

SHA512
20d8593e43728a7350c6d35f8a84c68afe2a8657027ab10f2142f1c0eed28e9d93cff1fae553433b9a84f37aba82ef0a68ec9374402b15ec29d41953a671a960

Download Submit
C:\Windows\System\zdValOD.exe

Filesize
6.0MB

MD5
c5250b09a5d38973fc15c9c6caf0a05c

SHA1
21a593671e35d8892fd1ba3b3305ef2a6970da9a

SHA256
daf7f90355b794961c9903a62efa85144074d45c1f2ad8277665de968a3b821f

SHA512
18cbf322de6418c59c9a303dbd10d0f0e2b796670605e97248e2602b29fe514093ed3cf0bc78608341fb1bc02d8dad9f07eca4a59d9f6e8e6384e0bacb61ffc2

Download Submit
memory/552-1297-0x00007FF6C05F0000-0x00007FF6C0944000-memory.dmp

Filesize
3.3MB

Download
memory/552-43-0x00007FF6C05F0000-0x00007FF6C0944000-memory.dmp

Filesize
3.3MB

Download
memory/552-100-0x00007FF6C05F0000-0x00007FF6C0944000-memory.dmp

Filesize
3.3MB

Download
memory/852-8-0x00007FF6FEC90000-0x00007FF6FEFE4000-memory.dmp

Filesize
3.3MB

Download
memory/852-62-0x00007FF6FEC90000-0x00007FF6FEFE4000-memory.dmp

Filesize
3.3MB

Download
memory/852-1216-0x00007FF6FEC90000-0x00007FF6FEFE4000-memory.dmp

Filesize
3.3MB

Download
memory/1076-1-0x0000016542D10000-0x0000016542D20000-memory.dmp

Filesize
64KB

Download
memory/1076-0-0x00007FF66E610000-0x00007FF66E964000-memory.dmp

Filesize
3.3MB

Download
memory/1076-58-0x00007FF66E610000-0x00007FF66E964000-memory.dmp

Filesize
3.3MB

Download
memory/1092-24-0x00007FF7E63D0000-0x00007FF7E6724000-memory.dmp

Filesize
3.3MB

Download
memory/1092-83-0x00007FF7E63D0000-0x00007FF7E6724000-memory.dmp

Filesize
3.3MB

Download
memory/1092-1247-0x00007FF7E63D0000-0x00007FF7E6724000-memory.dmp

Filesize
3.3MB

Download
memory/1664-180-0x00007FF77FD00000-0x00007FF780054000-memory.dmp

Filesize
3.3MB

Download
memory/1664-538-0x00007FF77FD00000-0x00007FF780054000-memory.dmp

Filesize
3.3MB

Download
memory/1880-132-0x00007FF7E76E0000-0x00007FF7E7A34000-memory.dmp

Filesize
3.3MB

Download
memory/1880-1941-0x00007FF7E76E0000-0x00007FF7E7A34000-memory.dmp

Filesize
3.3MB

Download
memory/1880-186-0x00007FF7E76E0000-0x00007FF7E7A34000-memory.dmp

Filesize
3.3MB

Download
memory/2196-1938-0x00007FF6A8180000-0x00007FF6A84D4000-memory.dmp

Filesize
3.3MB

Download
memory/2196-139-0x00007FF6A8180000-0x00007FF6A84D4000-memory.dmp

Filesize
3.3MB

Download
memory/2196-193-0x00007FF6A8180000-0x00007FF6A84D4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-175-0x00007FF71FB40000-0x00007FF71FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2316-2188-0x00007FF71FB40000-0x00007FF71FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2444-103-0x00007FF62E170000-0x00007FF62E4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-1764-0x00007FF62E170000-0x00007FF62E4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2456-652-0x00007FF66C0D0000-0x00007FF66C424000-memory.dmp

Filesize
3.3MB

Download
memory/2456-194-0x00007FF66C0D0000-0x00007FF66C424000-memory.dmp

Filesize
3.3MB

Download
memory/2660-1936-0x00007FF7CC1A0000-0x00007FF7CC4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-131-0x00007FF7CC1A0000-0x00007FF7CC4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-178-0x00007FF7CC1A0000-0x00007FF7CC4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-2187-0x00007FF78AC20000-0x00007FF78AF74000-memory.dmp

Filesize
3.3MB

Download
memory/2708-173-0x00007FF78AC20000-0x00007FF78AF74000-memory.dmp

Filesize
3.3MB

Download
memory/2892-166-0x00007FF792A20000-0x00007FF792D74000-memory.dmp

Filesize
3.3MB

Download
memory/2892-2184-0x00007FF792A20000-0x00007FF792D74000-memory.dmp

Filesize
3.3MB

Download
memory/3104-64-0x00007FF7C3F10000-0x00007FF7C4264000-memory.dmp

Filesize
3.3MB

Download
memory/3104-125-0x00007FF7C3F10000-0x00007FF7C4264000-memory.dmp

Filesize
3.3MB

Download
memory/3104-1567-0x00007FF7C3F10000-0x00007FF7C4264000-memory.dmp

Filesize
3.3MB

Download
memory/3188-105-0x00007FF7DFA80000-0x00007FF7DFDD4000-memory.dmp

Filesize
3.3MB

Download
memory/3188-1302-0x00007FF7DFA80000-0x00007FF7DFDD4000-memory.dmp

Filesize
3.3MB

Download
memory/3188-49-0x00007FF7DFA80000-0x00007FF7DFDD4000-memory.dmp

Filesize
3.3MB

Download
memory/3272-76-0x00007FF6B7CA0000-0x00007FF6B7FF4000-memory.dmp

Filesize
3.3MB

Download
memory/3272-1239-0x00007FF6B7CA0000-0x00007FF6B7FF4000-memory.dmp

Filesize
3.3MB

Download
memory/3272-18-0x00007FF6B7CA0000-0x00007FF6B7FF4000-memory.dmp

Filesize
3.3MB

Download
memory/3460-115-0x00007FF7A67F0000-0x00007FF7A6B44000-memory.dmp

Filesize
3.3MB

Download
memory/3460-1925-0x00007FF7A67F0000-0x00007FF7A6B44000-memory.dmp

Filesize
3.3MB

Download
memory/3460-174-0x00007FF7A67F0000-0x00007FF7A6B44000-memory.dmp

Filesize
3.3MB

Download
memory/3520-28-0x00007FF723620000-0x00007FF723974000-memory.dmp

Filesize
3.3MB

Download
memory/3520-87-0x00007FF723620000-0x00007FF723974000-memory.dmp

Filesize
3.3MB

Download
memory/3520-1246-0x00007FF723620000-0x00007FF723974000-memory.dmp

Filesize
3.3MB

Download
memory/3568-1928-0x00007FF6C5B70000-0x00007FF6C5EC4000-memory.dmp

Filesize
3.3MB

Download
memory/3568-123-0x00007FF6C5B70000-0x00007FF6C5EC4000-memory.dmp

Filesize
3.3MB

Download
memory/3708-1617-0x00007FF623780000-0x00007FF623AD4000-memory.dmp

Filesize
3.3MB

Download
memory/3708-72-0x00007FF623780000-0x00007FF623AD4000-memory.dmp

Filesize
3.3MB

Download
memory/3928-155-0x00007FF6E0620000-0x00007FF6E0974000-memory.dmp

Filesize
3.3MB

Download
memory/3928-1761-0x00007FF6E0620000-0x00007FF6E0974000-memory.dmp

Filesize
3.3MB

Download
memory/3928-92-0x00007FF6E0620000-0x00007FF6E0974000-memory.dmp

Filesize
3.3MB

Download
memory/4024-212-0x00007FF617510000-0x00007FF617864000-memory.dmp

Filesize
3.3MB

Download
memory/4024-1942-0x00007FF617510000-0x00007FF617864000-memory.dmp

Filesize
3.3MB

Download
memory/4024-147-0x00007FF617510000-0x00007FF617864000-memory.dmp

Filesize
3.3MB

Download
memory/4136-593-0x00007FF736630000-0x00007FF736984000-memory.dmp

Filesize
3.3MB

Download
memory/4136-187-0x00007FF736630000-0x00007FF736984000-memory.dmp

Filesize
3.3MB

Download
memory/4728-84-0x00007FF797390000-0x00007FF7976E4000-memory.dmp

Filesize
3.3MB

Download
memory/4728-1713-0x00007FF797390000-0x00007FF7976E4000-memory.dmp

Filesize
3.3MB

Download
memory/4728-145-0x00007FF797390000-0x00007FF7976E4000-memory.dmp

Filesize
3.3MB

Download
memory/4768-1250-0x00007FF603050000-0x00007FF6033A4000-memory.dmp

Filesize
3.3MB

Download
memory/4768-36-0x00007FF603050000-0x00007FF6033A4000-memory.dmp

Filesize
3.3MB

Download
memory/4768-91-0x00007FF603050000-0x00007FF6033A4000-memory.dmp

Filesize
3.3MB

Download
memory/4792-110-0x00007FF72C490000-0x00007FF72C7E4000-memory.dmp

Filesize
3.3MB

Download
memory/4792-1766-0x00007FF72C490000-0x00007FF72C7E4000-memory.dmp

Filesize
3.3MB

Download
memory/4840-2180-0x00007FF665EA0000-0x00007FF6661F4000-memory.dmp

Filesize
3.3MB

Download
memory/4840-156-0x00007FF665EA0000-0x00007FF6661F4000-memory.dmp

Filesize
3.3MB

Download
memory/4884-63-0x00007FF6F18A0000-0x00007FF6F1BF4000-memory.dmp

Filesize
3.3MB

Download
memory/4884-17-0x00007FF6F18A0000-0x00007FF6F1BF4000-memory.dmp

Filesize
3.3MB

Download
memory/4884-1236-0x00007FF6F18A0000-0x00007FF6F1BF4000-memory.dmp

Filesize
3.3MB

Download
memory/4912-55-0x00007FF7C4300000-0x00007FF7C4654000-memory.dmp

Filesize
3.3MB

Download
memory/4912-112-0x00007FF7C4300000-0x00007FF7C4654000-memory.dmp

Filesize
3.3MB

Download
memory/4912-1308-0x00007FF7C4300000-0x00007FF7C4654000-memory.dmp

Filesize
3.3MB

Download
memory/5020-1621-0x00007FF6F4D30000-0x00007FF6F5084000-memory.dmp

Filesize
3.3MB

Download
memory/5020-77-0x00007FF6F4D30000-0x00007FF6F5084000-memory.dmp

Filesize
3.3MB

Download
memory/5020-138-0x00007FF6F4D30000-0x00007FF6F5084000-memory.dmp

Filesize
3.3MB

Download