cobaltstrike | 41bb94e6068afb4a88250dd721ec3f622ffa610fff8f0f7e9f8812e6419ba751

Analysis

max time kernel
112s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20250211-en
resource tags

arch:x64arch:x86image:win10v2004-20250211-enlocale:en-usos:windows10-2004-x64system
submitted
16/02/2025, 23:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

fac225f10fb90c547a11c4b41e2f840f
SHA1

2a2158595a88ac287bfd67c01191b67d7e34091c
SHA256

41bb94e6068afb4a88250dd721ec3f622ffa610fff8f0f7e9f8812e6419ba751
SHA512

480f5204efcbd35b3b12472e72a02406f8fecf7a534cb97983582efbec7a8b6ef5e534e6a6e97879b0a20f87e45d3bbb23f6855a5ea525d4cbf81934850370b6
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUD:T+q56utgpPF8u/7D

Score

10^/10

cobaltstrike xmrig 0 backdoor discovery miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000c000000023c77-5.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023ccb-12.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ccc-11.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023ccd-28.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023cc9-24.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023cce-36.dat	cobalt_reflective_dll
behavioral2/files/0x000300000001e656-41.dat	cobalt_reflective_dll
behavioral2/files/0x000300000001e657-46.dat	cobalt_reflective_dll
behavioral2/files/0x000300000001e658-58.dat	cobalt_reflective_dll
behavioral2/files/0x000400000001e65b-60.dat	cobalt_reflective_dll
behavioral2/files/0x000200000001e792-67.dat	cobalt_reflective_dll
behavioral2/files/0x000200000001e805-73.dat	cobalt_reflective_dll
behavioral2/files/0x000200000001e809-80.dat	cobalt_reflective_dll
behavioral2/files/0x000300000001e80a-88.dat	cobalt_reflective_dll
behavioral2/files/0x000600000001e85e-98.dat	cobalt_reflective_dll
behavioral2/files/0x000200000001e862-106.dat	cobalt_reflective_dll
behavioral2/files/0x000300000001e87c-111.dat	cobalt_reflective_dll
behavioral2/files/0x000200000001e8a4-117.dat	cobalt_reflective_dll
behavioral2/files/0x000300000001e8a6-129.dat	cobalt_reflective_dll
behavioral2/files/0x000200000001e8b9-135.dat	cobalt_reflective_dll
behavioral2/files/0x000200000001e8bf-139.dat	cobalt_reflective_dll
behavioral2/files/0x000200000001e8b7-133.dat	cobalt_reflective_dll
behavioral2/files/0x000300000001e87b-114.dat	cobalt_reflective_dll
behavioral2/files/0x000600000001e7c4-166.dat	cobalt_reflective_dll
behavioral2/files/0x000500000001e9c4-180.dat	cobalt_reflective_dll
behavioral2/files/0x000200000001ea1d-201.dat	cobalt_reflective_dll
behavioral2/files/0x000800000001ea05-198.dat	cobalt_reflective_dll
behavioral2/files/0x000200000001e9dc-189.dat	cobalt_reflective_dll
behavioral2/files/0x000400000001e8c4-179.dat	cobalt_reflective_dll
behavioral2/files/0x000500000001e9c3-176.dat	cobalt_reflective_dll
behavioral2/files/0x000400000001e7c2-162.dat	cobalt_reflective_dll
behavioral2/files/0x000300000001e8c2-155.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/5072-0-0x00007FF6D1430000-0x00007FF6D1784000-memory.dmp	xmrig
behavioral2/files/0x000c000000023c77-5.dat	xmrig
behavioral2/memory/4628-8-0x00007FF68E6F0000-0x00007FF68EA44000-memory.dmp	xmrig
behavioral2/files/0x000b000000023ccb-12.dat	xmrig
behavioral2/memory/3984-14-0x00007FF7E61B0000-0x00007FF7E6504000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ccc-11.dat	xmrig
behavioral2/files/0x0031000000023ccd-28.dat	xmrig
behavioral2/files/0x000b000000023cc9-24.dat	xmrig
behavioral2/memory/2172-29-0x00007FF7E5D40000-0x00007FF7E6094000-memory.dmp	xmrig
behavioral2/memory/2236-31-0x00007FF660850000-0x00007FF660BA4000-memory.dmp	xmrig
behavioral2/memory/1944-18-0x00007FF632E20000-0x00007FF633174000-memory.dmp	xmrig
behavioral2/files/0x0031000000023cce-36.dat	xmrig
behavioral2/memory/3092-38-0x00007FF712370000-0x00007FF7126C4000-memory.dmp	xmrig
behavioral2/files/0x000300000001e656-41.dat	xmrig
behavioral2/files/0x000300000001e657-46.dat	xmrig
behavioral2/memory/3000-48-0x00007FF6AB1E0000-0x00007FF6AB534000-memory.dmp	xmrig
behavioral2/files/0x000300000001e658-58.dat	xmrig
behavioral2/memory/3984-62-0x00007FF7E61B0000-0x00007FF7E6504000-memory.dmp	xmrig
behavioral2/memory/1632-63-0x00007FF6A2330000-0x00007FF6A2684000-memory.dmp	xmrig
behavioral2/memory/2916-61-0x00007FF783950000-0x00007FF783CA4000-memory.dmp	xmrig
behavioral2/files/0x000400000001e65b-60.dat	xmrig
behavioral2/memory/4628-55-0x00007FF68E6F0000-0x00007FF68EA44000-memory.dmp	xmrig
behavioral2/memory/372-54-0x00007FF72BAA0000-0x00007FF72BDF4000-memory.dmp	xmrig
behavioral2/memory/5072-50-0x00007FF6D1430000-0x00007FF6D1784000-memory.dmp	xmrig
behavioral2/files/0x000200000001e792-67.dat	xmrig
behavioral2/files/0x000200000001e805-73.dat	xmrig
behavioral2/memory/4344-76-0x00007FF70B190000-0x00007FF70B4E4000-memory.dmp	xmrig
behavioral2/memory/736-70-0x00007FF632D40000-0x00007FF633094000-memory.dmp	xmrig
behavioral2/memory/1944-69-0x00007FF632E20000-0x00007FF633174000-memory.dmp	xmrig
behavioral2/files/0x000200000001e809-80.dat	xmrig
behavioral2/memory/3036-83-0x00007FF7D95B0000-0x00007FF7D9904000-memory.dmp	xmrig
behavioral2/memory/2236-81-0x00007FF660850000-0x00007FF660BA4000-memory.dmp	xmrig
behavioral2/files/0x000300000001e80a-88.dat	xmrig
behavioral2/memory/1460-90-0x00007FF7A8830000-0x00007FF7A8B84000-memory.dmp	xmrig
behavioral2/memory/3092-89-0x00007FF712370000-0x00007FF7126C4000-memory.dmp	xmrig
behavioral2/files/0x000600000001e85e-98.dat	xmrig
behavioral2/memory/1864-99-0x00007FF714D20000-0x00007FF715074000-memory.dmp	xmrig
behavioral2/files/0x000200000001e862-106.dat	xmrig
behavioral2/files/0x000300000001e87c-111.dat	xmrig
behavioral2/memory/2712-112-0x00007FF769E70000-0x00007FF76A1C4000-memory.dmp	xmrig
behavioral2/files/0x000200000001e8a4-117.dat	xmrig
behavioral2/files/0x000300000001e8a6-129.dat	xmrig
behavioral2/files/0x000200000001e8b9-135.dat	xmrig
behavioral2/files/0x000200000001e8bf-139.dat	xmrig
behavioral2/memory/1632-142-0x00007FF6A2330000-0x00007FF6A2684000-memory.dmp	xmrig
behavioral2/memory/1532-144-0x00007FF60C580000-0x00007FF60C8D4000-memory.dmp	xmrig
behavioral2/memory/4744-143-0x00007FF6A6DA0000-0x00007FF6A70F4000-memory.dmp	xmrig
behavioral2/memory/2856-141-0x00007FF7D1AA0000-0x00007FF7D1DF4000-memory.dmp	xmrig
behavioral2/memory/4984-140-0x00007FF7702E0000-0x00007FF770634000-memory.dmp	xmrig
behavioral2/memory/1300-138-0x00007FF639CD0000-0x00007FF63A024000-memory.dmp	xmrig
behavioral2/files/0x000200000001e8b7-133.dat	xmrig
behavioral2/memory/4240-125-0x00007FF7F67B0000-0x00007FF7F6B04000-memory.dmp	xmrig
behavioral2/files/0x000300000001e87b-114.dat	xmrig
behavioral2/memory/2916-104-0x00007FF783950000-0x00007FF783CA4000-memory.dmp	xmrig
behavioral2/memory/1148-100-0x00007FF6A15F0000-0x00007FF6A1944000-memory.dmp	xmrig
behavioral2/files/0x000600000001e7c4-166.dat	xmrig
behavioral2/files/0x000500000001e9c4-180.dat	xmrig
behavioral2/files/0x000200000001ea1d-201.dat	xmrig
behavioral2/files/0x000800000001ea05-198.dat	xmrig
behavioral2/memory/1464-195-0x00007FF7F43B0000-0x00007FF7F4704000-memory.dmp	xmrig
behavioral2/memory/4488-191-0x00007FF67A2B0000-0x00007FF67A604000-memory.dmp	xmrig
behavioral2/files/0x000200000001e9dc-189.dat	xmrig
behavioral2/memory/4320-186-0x00007FF685AD0000-0x00007FF685E24000-memory.dmp	xmrig
behavioral2/files/0x000400000001e8c4-179.dat	xmrig

Downloads MZ/PE file 1 IoCs

flow	pid	Process
47	12012	Process not Found

Executes dropped EXE 64 IoCs

pid	Process
4628	appiIjr.exe
3984	wJuUgVe.exe
1944	YcWEuMQ.exe
2172	KUNfASW.exe
2236	YkcwoKG.exe
3092	rXixfJV.exe
3000	soYELXb.exe
372	qXVMeFQ.exe
2916	LSzZBAS.exe
1632	AlvvSRk.exe
736	WYRjMwa.exe
4344	XSOpeXY.exe
3036	lsqZBIS.exe
1460	ItTNNvp.exe
1864	RuViWje.exe
1148	ruCvCXf.exe
2712	UcUEoCc.exe
4240	OUBePlh.exe
4744	AJyoQSi.exe
1300	RHqKKaK.exe
4984	CJbekyJ.exe
2856	JtpIJUY.exe
1532	QDRWreI.exe
2196	IieFpPj.exe
4512	akHsbqc.exe
4392	TzWWPTZ.exe
4488	uIXVmVX.exe
4320	WCwDJzr.exe
1464	DwaphbZ.exe
4040	sVRKHBD.exe
3948	pLDNlYI.exe
4648	DcBmtRL.exe
2376	AIlwMOF.exe
3384	sQnpAec.exe
4952	pHIXubW.exe
3128	RGIcIik.exe
1860	FqGSpUL.exe
2144	FzAKorq.exe
4652	MVfGPsY.exe
2896	hoKBSGN.exe
2992	rQYxuoL.exe
1604	tsCEoyf.exe
4396	VxeoKmr.exe
4884	SKfWuQm.exe
3184	SUrbnnc.exe
2904	pupWUlR.exe
3896	SrWDDxV.exe
3596	lmhANpN.exe
3216	dfoiVGz.exe
2480	wencaze.exe
3964	PPfHjau.exe
3744	jlgdazx.exe
4696	yqtVjrO.exe
804	KThTnMj.exe
4460	yDIuKzp.exe
3200	kuhQhcS.exe
2248	zinQtcw.exe
1092	HAMDJoH.exe
1744	kDqmBSu.exe
1132	sNTxTNI.exe
3016	KUZwKjt.exe
1716	SczWfuo.exe
884	kaoECnH.exe
1268	tURnQCd.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5072-0-0x00007FF6D1430000-0x00007FF6D1784000-memory.dmp	upx
behavioral2/files/0x000c000000023c77-5.dat	upx
behavioral2/memory/4628-8-0x00007FF68E6F0000-0x00007FF68EA44000-memory.dmp	upx
behavioral2/files/0x000b000000023ccb-12.dat	upx
behavioral2/memory/3984-14-0x00007FF7E61B0000-0x00007FF7E6504000-memory.dmp	upx
behavioral2/files/0x000a000000023ccc-11.dat	upx
behavioral2/files/0x0031000000023ccd-28.dat	upx
behavioral2/files/0x000b000000023cc9-24.dat	upx
behavioral2/memory/2172-29-0x00007FF7E5D40000-0x00007FF7E6094000-memory.dmp	upx
behavioral2/memory/2236-31-0x00007FF660850000-0x00007FF660BA4000-memory.dmp	upx
behavioral2/memory/1944-18-0x00007FF632E20000-0x00007FF633174000-memory.dmp	upx
behavioral2/files/0x0031000000023cce-36.dat	upx
behavioral2/memory/3092-38-0x00007FF712370000-0x00007FF7126C4000-memory.dmp	upx
behavioral2/files/0x000300000001e656-41.dat	upx
behavioral2/files/0x000300000001e657-46.dat	upx
behavioral2/memory/3000-48-0x00007FF6AB1E0000-0x00007FF6AB534000-memory.dmp	upx
behavioral2/files/0x000300000001e658-58.dat	upx
behavioral2/memory/3984-62-0x00007FF7E61B0000-0x00007FF7E6504000-memory.dmp	upx
behavioral2/memory/1632-63-0x00007FF6A2330000-0x00007FF6A2684000-memory.dmp	upx
behavioral2/memory/2916-61-0x00007FF783950000-0x00007FF783CA4000-memory.dmp	upx
behavioral2/files/0x000400000001e65b-60.dat	upx
behavioral2/memory/4628-55-0x00007FF68E6F0000-0x00007FF68EA44000-memory.dmp	upx
behavioral2/memory/372-54-0x00007FF72BAA0000-0x00007FF72BDF4000-memory.dmp	upx
behavioral2/memory/5072-50-0x00007FF6D1430000-0x00007FF6D1784000-memory.dmp	upx
behavioral2/files/0x000200000001e792-67.dat	upx
behavioral2/files/0x000200000001e805-73.dat	upx
behavioral2/memory/4344-76-0x00007FF70B190000-0x00007FF70B4E4000-memory.dmp	upx
behavioral2/memory/736-70-0x00007FF632D40000-0x00007FF633094000-memory.dmp	upx
behavioral2/memory/1944-69-0x00007FF632E20000-0x00007FF633174000-memory.dmp	upx
behavioral2/files/0x000200000001e809-80.dat	upx
behavioral2/memory/3036-83-0x00007FF7D95B0000-0x00007FF7D9904000-memory.dmp	upx
behavioral2/memory/2236-81-0x00007FF660850000-0x00007FF660BA4000-memory.dmp	upx
behavioral2/files/0x000300000001e80a-88.dat	upx
behavioral2/memory/1460-90-0x00007FF7A8830000-0x00007FF7A8B84000-memory.dmp	upx
behavioral2/memory/3092-89-0x00007FF712370000-0x00007FF7126C4000-memory.dmp	upx
behavioral2/files/0x000600000001e85e-98.dat	upx
behavioral2/memory/1864-99-0x00007FF714D20000-0x00007FF715074000-memory.dmp	upx
behavioral2/files/0x000200000001e862-106.dat	upx
behavioral2/files/0x000300000001e87c-111.dat	upx
behavioral2/memory/2712-112-0x00007FF769E70000-0x00007FF76A1C4000-memory.dmp	upx
behavioral2/files/0x000200000001e8a4-117.dat	upx
behavioral2/files/0x000300000001e8a6-129.dat	upx
behavioral2/files/0x000200000001e8b9-135.dat	upx
behavioral2/files/0x000200000001e8bf-139.dat	upx
behavioral2/memory/1632-142-0x00007FF6A2330000-0x00007FF6A2684000-memory.dmp	upx
behavioral2/memory/1532-144-0x00007FF60C580000-0x00007FF60C8D4000-memory.dmp	upx
behavioral2/memory/4744-143-0x00007FF6A6DA0000-0x00007FF6A70F4000-memory.dmp	upx
behavioral2/memory/2856-141-0x00007FF7D1AA0000-0x00007FF7D1DF4000-memory.dmp	upx
behavioral2/memory/4984-140-0x00007FF7702E0000-0x00007FF770634000-memory.dmp	upx
behavioral2/memory/1300-138-0x00007FF639CD0000-0x00007FF63A024000-memory.dmp	upx
behavioral2/files/0x000200000001e8b7-133.dat	upx
behavioral2/memory/4240-125-0x00007FF7F67B0000-0x00007FF7F6B04000-memory.dmp	upx
behavioral2/files/0x000300000001e87b-114.dat	upx
behavioral2/memory/2916-104-0x00007FF783950000-0x00007FF783CA4000-memory.dmp	upx
behavioral2/memory/1148-100-0x00007FF6A15F0000-0x00007FF6A1944000-memory.dmp	upx
behavioral2/files/0x000600000001e7c4-166.dat	upx
behavioral2/files/0x000500000001e9c4-180.dat	upx
behavioral2/files/0x000200000001ea1d-201.dat	upx
behavioral2/files/0x000800000001ea05-198.dat	upx
behavioral2/memory/1464-195-0x00007FF7F43B0000-0x00007FF7F4704000-memory.dmp	upx
behavioral2/memory/4488-191-0x00007FF67A2B0000-0x00007FF67A604000-memory.dmp	upx
behavioral2/files/0x000200000001e9dc-189.dat	upx
behavioral2/memory/4320-186-0x00007FF685AD0000-0x00007FF685E24000-memory.dmp	upx
behavioral2/files/0x000400000001e8c4-179.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\YzHtnTZ.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fgpDYLK.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nfkQSax.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fRfmIIx.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mtlEnYN.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\chlobVc.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BbJcIkv.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cohJQUe.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WxZegWF.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qFWFrvS.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YLwTMAG.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fGBUcwq.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qGTVmlC.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\frbVogX.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xnjZstY.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tMvHPYV.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sBWkzVE.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wDdLOCC.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qbetvUM.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kSAZcxa.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cSSHwNG.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NOSlmse.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qGpqQIg.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vqMsNEQ.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iKkZzGh.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eCjNaVI.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZniqmBO.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xfIJNMu.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BzYNPLg.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IMNiNoi.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XtdxmzZ.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XzTBdFK.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pRKFnFx.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bDEWQwW.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uwfOoRU.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FzyGMJz.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xGkUWZb.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ftNZGXe.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wGkeZLk.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YQsFJdX.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lsqZBIS.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZjGMgSb.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XWxhxrV.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TmCsukZ.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FEcJesq.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PuCYRhP.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uIXVmVX.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zinQtcw.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qLdguvB.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iCgodmC.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kMZMNpd.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aCVaIcI.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vFFUiDe.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\inTSufx.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CRkGWVP.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GiJtIoP.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tfhZdeZ.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\stTUAaA.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DuUHNKg.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KgZVrYT.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SrQmQOp.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rUrzWnT.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HYvvNPo.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ahEirkW.exe	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
10324	MicrosoftEdgeUpdate.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 4628	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 5072 wrote to memory of 4628	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 5072 wrote to memory of 3984	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 5072 wrote to memory of 3984	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 5072 wrote to memory of 1944	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 5072 wrote to memory of 1944	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 5072 wrote to memory of 2172	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 5072 wrote to memory of 2172	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 5072 wrote to memory of 2236	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 5072 wrote to memory of 2236	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 5072 wrote to memory of 3092	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 5072 wrote to memory of 3092	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 5072 wrote to memory of 3000	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 5072 wrote to memory of 3000	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 5072 wrote to memory of 372	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 5072 wrote to memory of 372	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 5072 wrote to memory of 2916	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 5072 wrote to memory of 2916	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 5072 wrote to memory of 1632	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 5072 wrote to memory of 1632	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 5072 wrote to memory of 736	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 5072 wrote to memory of 736	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 5072 wrote to memory of 4344	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 5072 wrote to memory of 4344	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 5072 wrote to memory of 3036	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 5072 wrote to memory of 3036	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 5072 wrote to memory of 1460	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 5072 wrote to memory of 1460	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 5072 wrote to memory of 1864	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 5072 wrote to memory of 1864	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 5072 wrote to memory of 1148	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 5072 wrote to memory of 1148	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 5072 wrote to memory of 2712	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 5072 wrote to memory of 2712	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 5072 wrote to memory of 4240	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 5072 wrote to memory of 4240	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 5072 wrote to memory of 4744	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 5072 wrote to memory of 4744	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 5072 wrote to memory of 1300	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 5072 wrote to memory of 1300	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 5072 wrote to memory of 4984	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 5072 wrote to memory of 4984	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 5072 wrote to memory of 2856	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 5072 wrote to memory of 2856	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 5072 wrote to memory of 1532	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 5072 wrote to memory of 1532	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 5072 wrote to memory of 2196	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 5072 wrote to memory of 2196	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 5072 wrote to memory of 4512	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 5072 wrote to memory of 4512	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 5072 wrote to memory of 4392	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 5072 wrote to memory of 4392	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 5072 wrote to memory of 4488	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 5072 wrote to memory of 4488	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 5072 wrote to memory of 4320	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 5072 wrote to memory of 4320	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 5072 wrote to memory of 1464	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	119
PID 5072 wrote to memory of 1464	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	119
PID 5072 wrote to memory of 4040	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	120
PID 5072 wrote to memory of 4040	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	120
PID 5072 wrote to memory of 3948	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	121
PID 5072 wrote to memory of 3948	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	121
PID 5072 wrote to memory of 4648	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	123
PID 5072 wrote to memory of 4648	5072	2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe	123

C:\Users\Admin\AppData\Local\Temp\2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-16_fac225f10fb90c547a11c4b41e2f840f_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Windows\System\appiIjr.exe
  C:\Windows\System\appiIjr.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\wJuUgVe.exe
  C:\Windows\System\wJuUgVe.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\YcWEuMQ.exe
  C:\Windows\System\YcWEuMQ.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\KUNfASW.exe
  C:\Windows\System\KUNfASW.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\YkcwoKG.exe
  C:\Windows\System\YkcwoKG.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\rXixfJV.exe
  C:\Windows\System\rXixfJV.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\soYELXb.exe
  C:\Windows\System\soYELXb.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\qXVMeFQ.exe
  C:\Windows\System\qXVMeFQ.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\LSzZBAS.exe
  C:\Windows\System\LSzZBAS.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\AlvvSRk.exe
  C:\Windows\System\AlvvSRk.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\WYRjMwa.exe
  C:\Windows\System\WYRjMwa.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\XSOpeXY.exe
  C:\Windows\System\XSOpeXY.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\lsqZBIS.exe
  C:\Windows\System\lsqZBIS.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\ItTNNvp.exe
  C:\Windows\System\ItTNNvp.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\RuViWje.exe
  C:\Windows\System\RuViWje.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\ruCvCXf.exe
  C:\Windows\System\ruCvCXf.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\UcUEoCc.exe
  C:\Windows\System\UcUEoCc.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\OUBePlh.exe
  C:\Windows\System\OUBePlh.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System\AJyoQSi.exe
  C:\Windows\System\AJyoQSi.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\RHqKKaK.exe
  C:\Windows\System\RHqKKaK.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\CJbekyJ.exe
  C:\Windows\System\CJbekyJ.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\JtpIJUY.exe
  C:\Windows\System\JtpIJUY.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\QDRWreI.exe
  C:\Windows\System\QDRWreI.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\IieFpPj.exe
  C:\Windows\System\IieFpPj.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\akHsbqc.exe
  C:\Windows\System\akHsbqc.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\TzWWPTZ.exe
  C:\Windows\System\TzWWPTZ.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System\uIXVmVX.exe
  C:\Windows\System\uIXVmVX.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\WCwDJzr.exe
  C:\Windows\System\WCwDJzr.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System\DwaphbZ.exe
  C:\Windows\System\DwaphbZ.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\sVRKHBD.exe
  C:\Windows\System\sVRKHBD.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\pLDNlYI.exe
  C:\Windows\System\pLDNlYI.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\DcBmtRL.exe
  C:\Windows\System\DcBmtRL.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System\AIlwMOF.exe
  C:\Windows\System\AIlwMOF.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\sQnpAec.exe
  C:\Windows\System\sQnpAec.exe
  2⤵
  - Executes dropped EXE
  PID:3384
- C:\Windows\System\RGIcIik.exe
  C:\Windows\System\RGIcIik.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\pHIXubW.exe
  C:\Windows\System\pHIXubW.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\FqGSpUL.exe
  C:\Windows\System\FqGSpUL.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\FzAKorq.exe
  C:\Windows\System\FzAKorq.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\MVfGPsY.exe
  C:\Windows\System\MVfGPsY.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\hoKBSGN.exe
  C:\Windows\System\hoKBSGN.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\rQYxuoL.exe
  C:\Windows\System\rQYxuoL.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\tsCEoyf.exe
  C:\Windows\System\tsCEoyf.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\VxeoKmr.exe
  C:\Windows\System\VxeoKmr.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\SKfWuQm.exe
  C:\Windows\System\SKfWuQm.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\SUrbnnc.exe
  C:\Windows\System\SUrbnnc.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\pupWUlR.exe
  C:\Windows\System\pupWUlR.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\dfoiVGz.exe
  C:\Windows\System\dfoiVGz.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\SrWDDxV.exe
  C:\Windows\System\SrWDDxV.exe
  2⤵
  - Executes dropped EXE
  PID:3896
- C:\Windows\System\lmhANpN.exe
  C:\Windows\System\lmhANpN.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\wencaze.exe
  C:\Windows\System\wencaze.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\PPfHjau.exe
  C:\Windows\System\PPfHjau.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\jlgdazx.exe
  C:\Windows\System\jlgdazx.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\yqtVjrO.exe
  C:\Windows\System\yqtVjrO.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\KThTnMj.exe
  C:\Windows\System\KThTnMj.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\yDIuKzp.exe
  C:\Windows\System\yDIuKzp.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\kuhQhcS.exe
  C:\Windows\System\kuhQhcS.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\zinQtcw.exe
  C:\Windows\System\zinQtcw.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\HAMDJoH.exe
  C:\Windows\System\HAMDJoH.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\kDqmBSu.exe
  C:\Windows\System\kDqmBSu.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\sNTxTNI.exe
  C:\Windows\System\sNTxTNI.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\KUZwKjt.exe
  C:\Windows\System\KUZwKjt.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\SczWfuo.exe
  C:\Windows\System\SczWfuo.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\kaoECnH.exe
  C:\Windows\System\kaoECnH.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\tURnQCd.exe
  C:\Windows\System\tURnQCd.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\SdBsLxx.exe
  C:\Windows\System\SdBsLxx.exe
  2⤵
  PID:2544
- C:\Windows\System\ZXQZscl.exe
  C:\Windows\System\ZXQZscl.exe
  2⤵
  PID:4060
- C:\Windows\System\GXokvnb.exe
  C:\Windows\System\GXokvnb.exe
  2⤵
  PID:4496
- C:\Windows\System\buvoUzX.exe
  C:\Windows\System\buvoUzX.exe
  2⤵
  PID:4636
- C:\Windows\System\xngOzKx.exe
  C:\Windows\System\xngOzKx.exe
  2⤵
  PID:1812
- C:\Windows\System\iPDIdIw.exe
  C:\Windows\System\iPDIdIw.exe
  2⤵
  PID:4840
- C:\Windows\System\qLdguvB.exe
  C:\Windows\System\qLdguvB.exe
  2⤵
  PID:1576
- C:\Windows\System\iyOsRjp.exe
  C:\Windows\System\iyOsRjp.exe
  2⤵
  PID:4260
- C:\Windows\System\YLwTMAG.exe
  C:\Windows\System\YLwTMAG.exe
  2⤵
  PID:940
- C:\Windows\System\kMvLczt.exe
  C:\Windows\System\kMvLczt.exe
  2⤵
  PID:1564
- C:\Windows\System\QpXEQpt.exe
  C:\Windows\System\QpXEQpt.exe
  2⤵
  PID:4624
- C:\Windows\System\CpAwKWJ.exe
  C:\Windows\System\CpAwKWJ.exe
  2⤵
  PID:4672
- C:\Windows\System\vPFQmJT.exe
  C:\Windows\System\vPFQmJT.exe
  2⤵
  PID:1308
- C:\Windows\System\mlMdFro.exe
  C:\Windows\System\mlMdFro.exe
  2⤵
  PID:224
- C:\Windows\System\yUiOqDY.exe
  C:\Windows\System\yUiOqDY.exe
  2⤵
  PID:2684
- C:\Windows\System\GMVwSaS.exe
  C:\Windows\System\GMVwSaS.exe
  2⤵
  PID:4324
- C:\Windows\System\NmRkglR.exe
  C:\Windows\System\NmRkglR.exe
  2⤵
  PID:1336
- C:\Windows\System\MeFExEv.exe
  C:\Windows\System\MeFExEv.exe
  2⤵
  PID:1548
- C:\Windows\System\picDEJm.exe
  C:\Windows\System\picDEJm.exe
  2⤵
  PID:3676
- C:\Windows\System\gWgHQys.exe
  C:\Windows\System\gWgHQys.exe
  2⤵
  PID:4716
- C:\Windows\System\wMxgoUV.exe
  C:\Windows\System\wMxgoUV.exe
  2⤵
  PID:2744
- C:\Windows\System\YzHtnTZ.exe
  C:\Windows\System\YzHtnTZ.exe
  2⤵
  PID:2472
- C:\Windows\System\QFpVTcZ.exe
  C:\Windows\System\QFpVTcZ.exe
  2⤵
  PID:808
- C:\Windows\System\NFtTWwD.exe
  C:\Windows\System\NFtTWwD.exe
  2⤵
  PID:5128
- C:\Windows\System\dPPZztU.exe
  C:\Windows\System\dPPZztU.exe
  2⤵
  PID:5156
- C:\Windows\System\Ooqcjqm.exe
  C:\Windows\System\Ooqcjqm.exe
  2⤵
  PID:5184
- C:\Windows\System\nSgzJOt.exe
  C:\Windows\System\nSgzJOt.exe
  2⤵
  PID:5212
- C:\Windows\System\DHoVDDf.exe
  C:\Windows\System\DHoVDDf.exe
  2⤵
  PID:5240
- C:\Windows\System\aRgxboJ.exe
  C:\Windows\System\aRgxboJ.exe
  2⤵
  PID:5268
- C:\Windows\System\UMpmyaN.exe
  C:\Windows\System\UMpmyaN.exe
  2⤵
  PID:5296
- C:\Windows\System\DKmIKtI.exe
  C:\Windows\System\DKmIKtI.exe
  2⤵
  PID:5324
- C:\Windows\System\uelyChw.exe
  C:\Windows\System\uelyChw.exe
  2⤵
  PID:5352
- C:\Windows\System\oeGBPoq.exe
  C:\Windows\System\oeGBPoq.exe
  2⤵
  PID:5368
- C:\Windows\System\pFjiZBH.exe
  C:\Windows\System\pFjiZBH.exe
  2⤵
  PID:5400
- C:\Windows\System\jQlvahf.exe
  C:\Windows\System\jQlvahf.exe
  2⤵
  PID:5444
- C:\Windows\System\QfAKSrK.exe
  C:\Windows\System\QfAKSrK.exe
  2⤵
  PID:5464
- C:\Windows\System\RCHOASw.exe
  C:\Windows\System\RCHOASw.exe
  2⤵
  PID:5504
- C:\Windows\System\yZubyEP.exe
  C:\Windows\System\yZubyEP.exe
  2⤵
  PID:5532
- C:\Windows\System\jkgTIZO.exe
  C:\Windows\System\jkgTIZO.exe
  2⤵
  PID:5564
- C:\Windows\System\tqytvwG.exe
  C:\Windows\System\tqytvwG.exe
  2⤵
  PID:5592
- C:\Windows\System\ugxDjuA.exe
  C:\Windows\System\ugxDjuA.exe
  2⤵
  PID:5612
- C:\Windows\System\rUqCpve.exe
  C:\Windows\System\rUqCpve.exe
  2⤵
  PID:5648
- C:\Windows\System\mrYTVds.exe
  C:\Windows\System\mrYTVds.exe
  2⤵
  PID:5680
- C:\Windows\System\SwEGhEc.exe
  C:\Windows\System\SwEGhEc.exe
  2⤵
  PID:5708
- C:\Windows\System\MrpBmRJ.exe
  C:\Windows\System\MrpBmRJ.exe
  2⤵
  PID:5736
- C:\Windows\System\sOqfydZ.exe
  C:\Windows\System\sOqfydZ.exe
  2⤵
  PID:5768
- C:\Windows\System\lHfqehQ.exe
  C:\Windows\System\lHfqehQ.exe
  2⤵
  PID:5796
- C:\Windows\System\seeNXBi.exe
  C:\Windows\System\seeNXBi.exe
  2⤵
  PID:5824
- C:\Windows\System\SVwYOjM.exe
  C:\Windows\System\SVwYOjM.exe
  2⤵
  PID:5852
- C:\Windows\System\LLamxJv.exe
  C:\Windows\System\LLamxJv.exe
  2⤵
  PID:5880
- C:\Windows\System\MPYARZO.exe
  C:\Windows\System\MPYARZO.exe
  2⤵
  PID:5904
- C:\Windows\System\iCgodmC.exe
  C:\Windows\System\iCgodmC.exe
  2⤵
  PID:5928
- C:\Windows\System\KqoBODk.exe
  C:\Windows\System\KqoBODk.exe
  2⤵
  PID:5956
- C:\Windows\System\wDdLOCC.exe
  C:\Windows\System\wDdLOCC.exe
  2⤵
  PID:5992
- C:\Windows\System\zJIWeib.exe
  C:\Windows\System\zJIWeib.exe
  2⤵
  PID:6024
- C:\Windows\System\WMbZzJG.exe
  C:\Windows\System\WMbZzJG.exe
  2⤵
  PID:6052
- C:\Windows\System\jBOxFUg.exe
  C:\Windows\System\jBOxFUg.exe
  2⤵
  PID:6080
- C:\Windows\System\MmMbdBC.exe
  C:\Windows\System\MmMbdBC.exe
  2⤵
  PID:6108
- C:\Windows\System\juEWelP.exe
  C:\Windows\System\juEWelP.exe
  2⤵
  PID:6132
- C:\Windows\System\SHTkEKh.exe
  C:\Windows\System\SHTkEKh.exe
  2⤵
  PID:5144
- C:\Windows\System\NvSYGwh.exe
  C:\Windows\System\NvSYGwh.exe
  2⤵
  PID:5232
- C:\Windows\System\EgniAMT.exe
  C:\Windows\System\EgniAMT.exe
  2⤵
  PID:5304
- C:\Windows\System\dUVtnmK.exe
  C:\Windows\System\dUVtnmK.exe
  2⤵
  PID:5360
- C:\Windows\System\mTiJsMc.exe
  C:\Windows\System\mTiJsMc.exe
  2⤵
  PID:5424
- C:\Windows\System\VJUcrCJ.exe
  C:\Windows\System\VJUcrCJ.exe
  2⤵
  PID:5476
- C:\Windows\System\iOEOvAD.exe
  C:\Windows\System\iOEOvAD.exe
  2⤵
  PID:5552
- C:\Windows\System\lgHmWFh.exe
  C:\Windows\System\lgHmWFh.exe
  2⤵
  PID:1588
- C:\Windows\System\qpRyUTO.exe
  C:\Windows\System\qpRyUTO.exe
  2⤵
  PID:3996
- C:\Windows\System\osXIMjz.exe
  C:\Windows\System\osXIMjz.exe
  2⤵
  PID:4272
- C:\Windows\System\XQzHvQw.exe
  C:\Windows\System\XQzHvQw.exe
  2⤵
  PID:3800
- C:\Windows\System\jKeVVyE.exe
  C:\Windows\System\jKeVVyE.exe
  2⤵
  PID:5588
- C:\Windows\System\vHdczUi.exe
  C:\Windows\System\vHdczUi.exe
  2⤵
  PID:5636
- C:\Windows\System\AfRFjjU.exe
  C:\Windows\System\AfRFjjU.exe
  2⤵
  PID:5688
- C:\Windows\System\slAOUSu.exe
  C:\Windows\System\slAOUSu.exe
  2⤵
  PID:5792
- C:\Windows\System\QbNkWyb.exe
  C:\Windows\System\QbNkWyb.exe
  2⤵
  PID:5868
- C:\Windows\System\kgVITfA.exe
  C:\Windows\System\kgVITfA.exe
  2⤵
  PID:5940
- C:\Windows\System\JJeaGrE.exe
  C:\Windows\System\JJeaGrE.exe
  2⤵
  PID:6004
- C:\Windows\System\nKtHlot.exe
  C:\Windows\System\nKtHlot.exe
  2⤵
  PID:6060
- C:\Windows\System\OmTUrlb.exe
  C:\Windows\System\OmTUrlb.exe
  2⤵
  PID:6124
- C:\Windows\System\OZlPtAM.exe
  C:\Windows\System\OZlPtAM.exe
  2⤵
  PID:5200
- C:\Windows\System\IgKuCib.exe
  C:\Windows\System\IgKuCib.exe
  2⤵
  PID:5364
- C:\Windows\System\zuDCBTs.exe
  C:\Windows\System\zuDCBTs.exe
  2⤵
  PID:5512
- C:\Windows\System\yqoAbNS.exe
  C:\Windows\System\yqoAbNS.exe
  2⤵
  PID:4000
- C:\Windows\System\xQyNEoE.exe
  C:\Windows\System\xQyNEoE.exe
  2⤵
  PID:5572
- C:\Windows\System\SJBOuim.exe
  C:\Windows\System\SJBOuim.exe
  2⤵
  PID:5720
- C:\Windows\System\GGJDLUr.exe
  C:\Windows\System\GGJDLUr.exe
  2⤵
  PID:5888
- C:\Windows\System\WLlSZIs.exe
  C:\Windows\System\WLlSZIs.exe
  2⤵
  PID:6020
- C:\Windows\System\fHyDFoq.exe
  C:\Windows\System\fHyDFoq.exe
  2⤵
  PID:5124
- C:\Windows\System\TPWShRZ.exe
  C:\Windows\System\TPWShRZ.exe
  2⤵
  PID:5412
- C:\Windows\System\xXPIeVj.exe
  C:\Windows\System\xXPIeVj.exe
  2⤵
  PID:4160
- C:\Windows\System\FeqluQT.exe
  C:\Windows\System\FeqluQT.exe
  2⤵
  PID:5924
- C:\Windows\System\SdktWaF.exe
  C:\Windows\System\SdktWaF.exe
  2⤵
  PID:5320
- C:\Windows\System\hzfEIZB.exe
  C:\Windows\System\hzfEIZB.exe
  2⤵
  PID:5668
- C:\Windows\System\bvkjgRi.exe
  C:\Windows\System\bvkjgRi.exe
  2⤵
  PID:5980
- C:\Windows\System\fGBUcwq.exe
  C:\Windows\System\fGBUcwq.exe
  2⤵
  PID:6160
- C:\Windows\System\uKLyWFQ.exe
  C:\Windows\System\uKLyWFQ.exe
  2⤵
  PID:6188
- C:\Windows\System\KUTDLcR.exe
  C:\Windows\System\KUTDLcR.exe
  2⤵
  PID:6212
- C:\Windows\System\jfKWFph.exe
  C:\Windows\System\jfKWFph.exe
  2⤵
  PID:6240
- C:\Windows\System\WIvVDkh.exe
  C:\Windows\System\WIvVDkh.exe
  2⤵
  PID:6272
- C:\Windows\System\aovWqGA.exe
  C:\Windows\System\aovWqGA.exe
  2⤵
  PID:6300
- C:\Windows\System\OxqNwAU.exe
  C:\Windows\System\OxqNwAU.exe
  2⤵
  PID:6324
- C:\Windows\System\LMkJtkW.exe
  C:\Windows\System\LMkJtkW.exe
  2⤵
  PID:6356
- C:\Windows\System\RHhAtpa.exe
  C:\Windows\System\RHhAtpa.exe
  2⤵
  PID:6384
- C:\Windows\System\qGTVmlC.exe
  C:\Windows\System\qGTVmlC.exe
  2⤵
  PID:6428
- C:\Windows\System\zFiyEWe.exe
  C:\Windows\System\zFiyEWe.exe
  2⤵
  PID:6500
- C:\Windows\System\uHVHlME.exe
  C:\Windows\System\uHVHlME.exe
  2⤵
  PID:6532
- C:\Windows\System\IufgbhI.exe
  C:\Windows\System\IufgbhI.exe
  2⤵
  PID:6552
- C:\Windows\System\xTFXoGL.exe
  C:\Windows\System\xTFXoGL.exe
  2⤵
  PID:6640
- C:\Windows\System\qgdPWLS.exe
  C:\Windows\System\qgdPWLS.exe
  2⤵
  PID:6708
- C:\Windows\System\PzWFtEH.exe
  C:\Windows\System\PzWFtEH.exe
  2⤵
  PID:6740
- C:\Windows\System\gvGeHrG.exe
  C:\Windows\System\gvGeHrG.exe
  2⤵
  PID:6776
- C:\Windows\System\SkSGpmq.exe
  C:\Windows\System\SkSGpmq.exe
  2⤵
  PID:6800
- C:\Windows\System\ARrMDXB.exe
  C:\Windows\System\ARrMDXB.exe
  2⤵
  PID:6824
- C:\Windows\System\RqHMTct.exe
  C:\Windows\System\RqHMTct.exe
  2⤵
  PID:6844
- C:\Windows\System\yyTBhpl.exe
  C:\Windows\System\yyTBhpl.exe
  2⤵
  PID:6880
- C:\Windows\System\PCzhUXQ.exe
  C:\Windows\System\PCzhUXQ.exe
  2⤵
  PID:6916
- C:\Windows\System\DAIQssK.exe
  C:\Windows\System\DAIQssK.exe
  2⤵
  PID:6944
- C:\Windows\System\xQADmKA.exe
  C:\Windows\System\xQADmKA.exe
  2⤵
  PID:6976
- C:\Windows\System\GjYHNmz.exe
  C:\Windows\System\GjYHNmz.exe
  2⤵
  PID:7004
- C:\Windows\System\oVLJUFx.exe
  C:\Windows\System\oVLJUFx.exe
  2⤵
  PID:7032
- C:\Windows\System\GlqAoBe.exe
  C:\Windows\System\GlqAoBe.exe
  2⤵
  PID:7060
- C:\Windows\System\piOFLKt.exe
  C:\Windows\System\piOFLKt.exe
  2⤵
  PID:7088
- C:\Windows\System\TPzNPFG.exe
  C:\Windows\System\TPzNPFG.exe
  2⤵
  PID:7112
- C:\Windows\System\WpzIJuA.exe
  C:\Windows\System\WpzIJuA.exe
  2⤵
  PID:7144
- C:\Windows\System\sVAipdc.exe
  C:\Windows\System\sVAipdc.exe
  2⤵
  PID:6148
- C:\Windows\System\YDuglwx.exe
  C:\Windows\System\YDuglwx.exe
  2⤵
  PID:6220
- C:\Windows\System\wmisOEn.exe
  C:\Windows\System\wmisOEn.exe
  2⤵
  PID:6288
- C:\Windows\System\YEMJDLG.exe
  C:\Windows\System\YEMJDLG.exe
  2⤵
  PID:6352
- C:\Windows\System\CJSIYli.exe
  C:\Windows\System\CJSIYli.exe
  2⤵
  PID:6416
- C:\Windows\System\EHZWEQN.exe
  C:\Windows\System\EHZWEQN.exe
  2⤵
  PID:6408
- C:\Windows\System\IHYUcYr.exe
  C:\Windows\System\IHYUcYr.exe
  2⤵
  PID:6528
- C:\Windows\System\frbVogX.exe
  C:\Windows\System\frbVogX.exe
  2⤵
  PID:6688
- C:\Windows\System\zYKVEjp.exe
  C:\Windows\System\zYKVEjp.exe
  2⤵
  PID:6760
- C:\Windows\System\yZuIyDF.exe
  C:\Windows\System\yZuIyDF.exe
  2⤵
  PID:6792
- C:\Windows\System\mlnXBuh.exe
  C:\Windows\System\mlnXBuh.exe
  2⤵
  PID:6860
- C:\Windows\System\wmVvQKT.exe
  C:\Windows\System\wmVvQKT.exe
  2⤵
  PID:6924
- C:\Windows\System\KgZVrYT.exe
  C:\Windows\System\KgZVrYT.exe
  2⤵
  PID:6984
- C:\Windows\System\KhEUDxq.exe
  C:\Windows\System\KhEUDxq.exe
  2⤵
  PID:7048
- C:\Windows\System\UQGfjcV.exe
  C:\Windows\System\UQGfjcV.exe
  2⤵
  PID:7104
- C:\Windows\System\kDuJAys.exe
  C:\Windows\System\kDuJAys.exe
  2⤵
  PID:6168
- C:\Windows\System\oxEsUZZ.exe
  C:\Windows\System\oxEsUZZ.exe
  2⤵
  PID:6308
- C:\Windows\System\HiduTUr.exe
  C:\Windows\System\HiduTUr.exe
  2⤵
  PID:6404
- C:\Windows\System\oIYbIWs.exe
  C:\Windows\System\oIYbIWs.exe
  2⤵
  PID:6652
- C:\Windows\System\GTiuDiT.exe
  C:\Windows\System\GTiuDiT.exe
  2⤵
  PID:6784
- C:\Windows\System\aCLhbmn.exe
  C:\Windows\System\aCLhbmn.exe
  2⤵
  PID:6952
- C:\Windows\System\WESzcpp.exe
  C:\Windows\System\WESzcpp.exe
  2⤵
  PID:7076
- C:\Windows\System\kMZMNpd.exe
  C:\Windows\System\kMZMNpd.exe
  2⤵
  PID:6280
- C:\Windows\System\OLbMjEF.exe
  C:\Windows\System\OLbMjEF.exe
  2⤵
  PID:6704
- C:\Windows\System\dYOaHcx.exe
  C:\Windows\System\dYOaHcx.exe
  2⤵
  PID:7020
- C:\Windows\System\SxaePLv.exe
  C:\Windows\System\SxaePLv.exe
  2⤵
  PID:6520
- C:\Windows\System\fBdHHCY.exe
  C:\Windows\System\fBdHHCY.exe
  2⤵
  PID:6764
- C:\Windows\System\qaZjEBS.exe
  C:\Windows\System\qaZjEBS.exe
  2⤵
  PID:6900
- C:\Windows\System\zPlNzgM.exe
  C:\Windows\System\zPlNzgM.exe
  2⤵
  PID:7184
- C:\Windows\System\sAxAPQr.exe
  C:\Windows\System\sAxAPQr.exe
  2⤵
  PID:7212
- C:\Windows\System\blWilJl.exe
  C:\Windows\System\blWilJl.exe
  2⤵
  PID:7252
- C:\Windows\System\svcCyfN.exe
  C:\Windows\System\svcCyfN.exe
  2⤵
  PID:7280
- C:\Windows\System\xcIysWM.exe
  C:\Windows\System\xcIysWM.exe
  2⤵
  PID:7304
- C:\Windows\System\UHgBAys.exe
  C:\Windows\System\UHgBAys.exe
  2⤵
  PID:7332
- C:\Windows\System\eefyPpt.exe
  C:\Windows\System\eefyPpt.exe
  2⤵
  PID:7364
- C:\Windows\System\eYisYWs.exe
  C:\Windows\System\eYisYWs.exe
  2⤵
  PID:7396
- C:\Windows\System\nCTDgmh.exe
  C:\Windows\System\nCTDgmh.exe
  2⤵
  PID:7428
- C:\Windows\System\FzyGMJz.exe
  C:\Windows\System\FzyGMJz.exe
  2⤵
  PID:7456
- C:\Windows\System\SCnuODv.exe
  C:\Windows\System\SCnuODv.exe
  2⤵
  PID:7484
- C:\Windows\System\zsDUDub.exe
  C:\Windows\System\zsDUDub.exe
  2⤵
  PID:7512
- C:\Windows\System\nyrjAKL.exe
  C:\Windows\System\nyrjAKL.exe
  2⤵
  PID:7540
- C:\Windows\System\uHVlABi.exe
  C:\Windows\System\uHVlABi.exe
  2⤵
  PID:7572
- C:\Windows\System\dfiXAiE.exe
  C:\Windows\System\dfiXAiE.exe
  2⤵
  PID:7596
- C:\Windows\System\MEOboPL.exe
  C:\Windows\System\MEOboPL.exe
  2⤵
  PID:7628
- C:\Windows\System\jaOmqQf.exe
  C:\Windows\System\jaOmqQf.exe
  2⤵
  PID:7656
- C:\Windows\System\qXVGbxe.exe
  C:\Windows\System\qXVGbxe.exe
  2⤵
  PID:7684
- C:\Windows\System\ucpNfIL.exe
  C:\Windows\System\ucpNfIL.exe
  2⤵
  PID:7712
- C:\Windows\System\eOWYgGo.exe
  C:\Windows\System\eOWYgGo.exe
  2⤵
  PID:7736
- C:\Windows\System\RrCcmpC.exe
  C:\Windows\System\RrCcmpC.exe
  2⤵
  PID:7768
- C:\Windows\System\kvCNZhe.exe
  C:\Windows\System\kvCNZhe.exe
  2⤵
  PID:7792
- C:\Windows\System\dnwksOW.exe
  C:\Windows\System\dnwksOW.exe
  2⤵
  PID:7820
- C:\Windows\System\QwhWmie.exe
  C:\Windows\System\QwhWmie.exe
  2⤵
  PID:7852
- C:\Windows\System\KJBuxSE.exe
  C:\Windows\System\KJBuxSE.exe
  2⤵
  PID:7884
- C:\Windows\System\FzBEHjJ.exe
  C:\Windows\System\FzBEHjJ.exe
  2⤵
  PID:7908
- C:\Windows\System\xnjZstY.exe
  C:\Windows\System\xnjZstY.exe
  2⤵
  PID:7928
- C:\Windows\System\mveTVys.exe
  C:\Windows\System\mveTVys.exe
  2⤵
  PID:7956
- C:\Windows\System\xsuGYkj.exe
  C:\Windows\System\xsuGYkj.exe
  2⤵
  PID:7984
- C:\Windows\System\NlfhqhG.exe
  C:\Windows\System\NlfhqhG.exe
  2⤵
  PID:8012
- C:\Windows\System\ACgReCM.exe
  C:\Windows\System\ACgReCM.exe
  2⤵
  PID:8040
- C:\Windows\System\DokJsSc.exe
  C:\Windows\System\DokJsSc.exe
  2⤵
  PID:8072
- C:\Windows\System\blhPAhy.exe
  C:\Windows\System\blhPAhy.exe
  2⤵
  PID:8100
- C:\Windows\System\LcdPfPa.exe
  C:\Windows\System\LcdPfPa.exe
  2⤵
  PID:8128
- C:\Windows\System\ITDgqRC.exe
  C:\Windows\System\ITDgqRC.exe
  2⤵
  PID:8160
- C:\Windows\System\qbetvUM.exe
  C:\Windows\System\qbetvUM.exe
  2⤵
  PID:8188
- C:\Windows\System\JYroGSQ.exe
  C:\Windows\System\JYroGSQ.exe
  2⤵
  PID:7208
- C:\Windows\System\TytTmCL.exe
  C:\Windows\System\TytTmCL.exe
  2⤵
  PID:7260
- C:\Windows\System\GMWYwhR.exe
  C:\Windows\System\GMWYwhR.exe
  2⤵
  PID:7312
- C:\Windows\System\DXMtZlQ.exe
  C:\Windows\System\DXMtZlQ.exe
  2⤵
  PID:7372
- C:\Windows\System\HRxuBSV.exe
  C:\Windows\System\HRxuBSV.exe
  2⤵
  PID:7436
- C:\Windows\System\TDYacsL.exe
  C:\Windows\System\TDYacsL.exe
  2⤵
  PID:7496
- C:\Windows\System\ElzQgzJ.exe
  C:\Windows\System\ElzQgzJ.exe
  2⤵
  PID:7560
- C:\Windows\System\TmEBSkJ.exe
  C:\Windows\System\TmEBSkJ.exe
  2⤵
  PID:7616
- C:\Windows\System\SegxfrK.exe
  C:\Windows\System\SegxfrK.exe
  2⤵
  PID:7692
- C:\Windows\System\xthuiPc.exe
  C:\Windows\System\xthuiPc.exe
  2⤵
  PID:7756
- C:\Windows\System\PgQbedI.exe
  C:\Windows\System\PgQbedI.exe
  2⤵
  PID:7828
- C:\Windows\System\CnnBzUv.exe
  C:\Windows\System\CnnBzUv.exe
  2⤵
  PID:7896
- C:\Windows\System\MlhFXUQ.exe
  C:\Windows\System\MlhFXUQ.exe
  2⤵
  PID:7948
- C:\Windows\System\kSAZcxa.exe
  C:\Windows\System\kSAZcxa.exe
  2⤵
  PID:8008
- C:\Windows\System\wLMOjmC.exe
  C:\Windows\System\wLMOjmC.exe
  2⤵
  PID:8080
- C:\Windows\System\TmCsukZ.exe
  C:\Windows\System\TmCsukZ.exe
  2⤵
  PID:8152
- C:\Windows\System\PIoIZjV.exe
  C:\Windows\System\PIoIZjV.exe
  2⤵
  PID:7204
- C:\Windows\System\lfhKtib.exe
  C:\Windows\System\lfhKtib.exe
  2⤵
  PID:3900
- C:\Windows\System\xGkUWZb.exe
  C:\Windows\System\xGkUWZb.exe
  2⤵
  PID:7524
- C:\Windows\System\XkyPTRZ.exe
  C:\Windows\System\XkyPTRZ.exe
  2⤵
  PID:7584
- C:\Windows\System\zQHxBkQ.exe
  C:\Windows\System\zQHxBkQ.exe
  2⤵
  PID:7744
- C:\Windows\System\iwwbhwa.exe
  C:\Windows\System\iwwbhwa.exe
  2⤵
  PID:7388
- C:\Windows\System\PHIvFtD.exe
  C:\Windows\System\PHIvFtD.exe
  2⤵
  PID:8060
- C:\Windows\System\guEZkGL.exe
  C:\Windows\System\guEZkGL.exe
  2⤵
  PID:672
- C:\Windows\System\tlRuqjp.exe
  C:\Windows\System\tlRuqjp.exe
  2⤵
  PID:7464
- C:\Windows\System\ZknnwQx.exe
  C:\Windows\System\ZknnwQx.exe
  2⤵
  PID:7672
- C:\Windows\System\ycQiymW.exe
  C:\Windows\System\ycQiymW.exe
  2⤵
  PID:8004
- C:\Windows\System\lMZOxax.exe
  C:\Windows\System\lMZOxax.exe
  2⤵
  PID:7404
- C:\Windows\System\yrIFBAU.exe
  C:\Windows\System\yrIFBAU.exe
  2⤵
  PID:8140
- C:\Windows\System\wPBQfHL.exe
  C:\Windows\System\wPBQfHL.exe
  2⤵
  PID:7996
- C:\Windows\System\ylHywDm.exe
  C:\Windows\System\ylHywDm.exe
  2⤵
  PID:8224
- C:\Windows\System\stbTyVi.exe
  C:\Windows\System\stbTyVi.exe
  2⤵
  PID:8248
- C:\Windows\System\WbeAPbb.exe
  C:\Windows\System\WbeAPbb.exe
  2⤵
  PID:8276
- C:\Windows\System\wqWUkFf.exe
  C:\Windows\System\wqWUkFf.exe
  2⤵
  PID:8304
- C:\Windows\System\TuWYiAW.exe
  C:\Windows\System\TuWYiAW.exe
  2⤵
  PID:8332
- C:\Windows\System\vgKWVWE.exe
  C:\Windows\System\vgKWVWE.exe
  2⤵
  PID:8364
- C:\Windows\System\aYnXWGP.exe
  C:\Windows\System\aYnXWGP.exe
  2⤵
  PID:8388
- C:\Windows\System\cuHZpFc.exe
  C:\Windows\System\cuHZpFc.exe
  2⤵
  PID:8416
- C:\Windows\System\SrQmQOp.exe
  C:\Windows\System\SrQmQOp.exe
  2⤵
  PID:8448
- C:\Windows\System\PBWzJZc.exe
  C:\Windows\System\PBWzJZc.exe
  2⤵
  PID:8476
- C:\Windows\System\RwBJOpS.exe
  C:\Windows\System\RwBJOpS.exe
  2⤵
  PID:8500
- C:\Windows\System\rBKpIdA.exe
  C:\Windows\System\rBKpIdA.exe
  2⤵
  PID:8536
- C:\Windows\System\UWqbzeY.exe
  C:\Windows\System\UWqbzeY.exe
  2⤵
  PID:8556
- C:\Windows\System\PETFgxL.exe
  C:\Windows\System\PETFgxL.exe
  2⤵
  PID:8584
- C:\Windows\System\NiuztsM.exe
  C:\Windows\System\NiuztsM.exe
  2⤵
  PID:8612
- C:\Windows\System\KyCtDvY.exe
  C:\Windows\System\KyCtDvY.exe
  2⤵
  PID:8640
- C:\Windows\System\FEcJesq.exe
  C:\Windows\System\FEcJesq.exe
  2⤵
  PID:8668
- C:\Windows\System\upqTYIX.exe
  C:\Windows\System\upqTYIX.exe
  2⤵
  PID:8696
- C:\Windows\System\pUhwYXe.exe
  C:\Windows\System\pUhwYXe.exe
  2⤵
  PID:8724
- C:\Windows\System\PcuRVkz.exe
  C:\Windows\System\PcuRVkz.exe
  2⤵
  PID:8752
- C:\Windows\System\RviHvIT.exe
  C:\Windows\System\RviHvIT.exe
  2⤵
  PID:8780
- C:\Windows\System\ftNZGXe.exe
  C:\Windows\System\ftNZGXe.exe
  2⤵
  PID:8808
- C:\Windows\System\yCvcUTE.exe
  C:\Windows\System\yCvcUTE.exe
  2⤵
  PID:8836
- C:\Windows\System\tyFYKKG.exe
  C:\Windows\System\tyFYKKG.exe
  2⤵
  PID:8864
- C:\Windows\System\YSdoRJi.exe
  C:\Windows\System\YSdoRJi.exe
  2⤵
  PID:8904
- C:\Windows\System\IMNiNoi.exe
  C:\Windows\System\IMNiNoi.exe
  2⤵
  PID:8920
- C:\Windows\System\TyWLyYV.exe
  C:\Windows\System\TyWLyYV.exe
  2⤵
  PID:8952
- C:\Windows\System\XFqcPBn.exe
  C:\Windows\System\XFqcPBn.exe
  2⤵
  PID:8984
- C:\Windows\System\RgLEvzb.exe
  C:\Windows\System\RgLEvzb.exe
  2⤵
  PID:9012
- C:\Windows\System\rUrzWnT.exe
  C:\Windows\System\rUrzWnT.exe
  2⤵
  PID:9040
- C:\Windows\System\oxQcdHP.exe
  C:\Windows\System\oxQcdHP.exe
  2⤵
  PID:9068
- C:\Windows\System\JgGLDMc.exe
  C:\Windows\System\JgGLDMc.exe
  2⤵
  PID:9096
- C:\Windows\System\tIaVDkN.exe
  C:\Windows\System\tIaVDkN.exe
  2⤵
  PID:9124
- C:\Windows\System\vFFUiDe.exe
  C:\Windows\System\vFFUiDe.exe
  2⤵
  PID:9156
- C:\Windows\System\uaoZmDW.exe
  C:\Windows\System\uaoZmDW.exe
  2⤵
  PID:9188
- C:\Windows\System\wGkeZLk.exe
  C:\Windows\System\wGkeZLk.exe
  2⤵
  PID:9212
- C:\Windows\System\HiOJwnN.exe
  C:\Windows\System\HiOJwnN.exe
  2⤵
  PID:8260
- C:\Windows\System\bAVsRMV.exe
  C:\Windows\System\bAVsRMV.exe
  2⤵
  PID:8316
- C:\Windows\System\hRCRfOK.exe
  C:\Windows\System\hRCRfOK.exe
  2⤵
  PID:8356
- C:\Windows\System\yxUEPoM.exe
  C:\Windows\System\yxUEPoM.exe
  2⤵
  PID:8428
- C:\Windows\System\MsHYoOq.exe
  C:\Windows\System\MsHYoOq.exe
  2⤵
  PID:8492
- C:\Windows\System\WxZegWF.exe
  C:\Windows\System\WxZegWF.exe
  2⤵
  PID:8552
- C:\Windows\System\vJrwMoT.exe
  C:\Windows\System\vJrwMoT.exe
  2⤵
  PID:8632
- C:\Windows\System\hWcRGSh.exe
  C:\Windows\System\hWcRGSh.exe
  2⤵
  PID:8692
- C:\Windows\System\UAQbHKE.exe
  C:\Windows\System\UAQbHKE.exe
  2⤵
  PID:8764
- C:\Windows\System\NrySNOS.exe
  C:\Windows\System\NrySNOS.exe
  2⤵
  PID:8820
- C:\Windows\System\LicfodT.exe
  C:\Windows\System\LicfodT.exe
  2⤵
  PID:8884
- C:\Windows\System\WyjisQB.exe
  C:\Windows\System\WyjisQB.exe
  2⤵
  PID:8948
- C:\Windows\System\pQgTRbv.exe
  C:\Windows\System\pQgTRbv.exe
  2⤵
  PID:9024
- C:\Windows\System\otSbBPN.exe
  C:\Windows\System\otSbBPN.exe
  2⤵
  PID:9088
- C:\Windows\System\vwqEsSR.exe
  C:\Windows\System\vwqEsSR.exe
  2⤵
  PID:9152
- C:\Windows\System\GzFnPqN.exe
  C:\Windows\System\GzFnPqN.exe
  2⤵
  PID:8212
- C:\Windows\System\YQsFJdX.exe
  C:\Windows\System\YQsFJdX.exe
  2⤵
  PID:8344
- C:\Windows\System\BLvEKEG.exe
  C:\Windows\System\BLvEKEG.exe
  2⤵
  PID:8484
- C:\Windows\System\LqzaIoP.exe
  C:\Windows\System\LqzaIoP.exe
  2⤵
  PID:8660
- C:\Windows\System\mquaJDG.exe
  C:\Windows\System\mquaJDG.exe
  2⤵
  PID:8792
- C:\Windows\System\vxhGcRh.exe
  C:\Windows\System\vxhGcRh.exe
  2⤵
  PID:8932
- C:\Windows\System\eFpKNDo.exe
  C:\Windows\System\eFpKNDo.exe
  2⤵
  PID:8940
- C:\Windows\System\FchFohA.exe
  C:\Windows\System\FchFohA.exe
  2⤵
  PID:8272
- C:\Windows\System\vqMsNEQ.exe
  C:\Windows\System\vqMsNEQ.exe
  2⤵
  PID:8608
- C:\Windows\System\QyzJZAy.exe
  C:\Windows\System\QyzJZAy.exe
  2⤵
  PID:8912
- C:\Windows\System\lwLckLo.exe
  C:\Windows\System\lwLckLo.exe
  2⤵
  PID:8468
- C:\Windows\System\IDrSpDO.exe
  C:\Windows\System\IDrSpDO.exe
  2⤵
  PID:9204
- C:\Windows\System\RwXqiqu.exe
  C:\Windows\System\RwXqiqu.exe
  2⤵
  PID:9224
- C:\Windows\System\lvvJUVL.exe
  C:\Windows\System\lvvJUVL.exe
  2⤵
  PID:9252
- C:\Windows\System\znyiLGJ.exe
  C:\Windows\System\znyiLGJ.exe
  2⤵
  PID:9280
- C:\Windows\System\XnaQkUC.exe
  C:\Windows\System\XnaQkUC.exe
  2⤵
  PID:9308
- C:\Windows\System\HGVMlzU.exe
  C:\Windows\System\HGVMlzU.exe
  2⤵
  PID:9336
- C:\Windows\System\zvbUuxV.exe
  C:\Windows\System\zvbUuxV.exe
  2⤵
  PID:9364
- C:\Windows\System\JDpKBTL.exe
  C:\Windows\System\JDpKBTL.exe
  2⤵
  PID:9392
- C:\Windows\System\kyjdIdv.exe
  C:\Windows\System\kyjdIdv.exe
  2⤵
  PID:9420
- C:\Windows\System\YLyztpy.exe
  C:\Windows\System\YLyztpy.exe
  2⤵
  PID:9448
- C:\Windows\System\mRPWIte.exe
  C:\Windows\System\mRPWIte.exe
  2⤵
  PID:9476
- C:\Windows\System\FCoyjGD.exe
  C:\Windows\System\FCoyjGD.exe
  2⤵
  PID:9504
- C:\Windows\System\XtdxmzZ.exe
  C:\Windows\System\XtdxmzZ.exe
  2⤵
  PID:9532
- C:\Windows\System\HYvvNPo.exe
  C:\Windows\System\HYvvNPo.exe
  2⤵
  PID:9560
- C:\Windows\System\CWykScx.exe
  C:\Windows\System\CWykScx.exe
  2⤵
  PID:9588
- C:\Windows\System\qTVmIHG.exe
  C:\Windows\System\qTVmIHG.exe
  2⤵
  PID:9616
- C:\Windows\System\CnxBdyE.exe
  C:\Windows\System\CnxBdyE.exe
  2⤵
  PID:9644
- C:\Windows\System\jzhDLsJ.exe
  C:\Windows\System\jzhDLsJ.exe
  2⤵
  PID:9672
- C:\Windows\System\lyYAnkF.exe
  C:\Windows\System\lyYAnkF.exe
  2⤵
  PID:9700
- C:\Windows\System\xVGoFwP.exe
  C:\Windows\System\xVGoFwP.exe
  2⤵
  PID:9736
- C:\Windows\System\KvlUdOe.exe
  C:\Windows\System\KvlUdOe.exe
  2⤵
  PID:9756
- C:\Windows\System\OVleuUS.exe
  C:\Windows\System\OVleuUS.exe
  2⤵
  PID:9788
- C:\Windows\System\osoLBcq.exe
  C:\Windows\System\osoLBcq.exe
  2⤵
  PID:9812
- C:\Windows\System\HJjMsbF.exe
  C:\Windows\System\HJjMsbF.exe
  2⤵
  PID:9840
- C:\Windows\System\tWVgfWO.exe
  C:\Windows\System\tWVgfWO.exe
  2⤵
  PID:9868
- C:\Windows\System\GQfCfhG.exe
  C:\Windows\System\GQfCfhG.exe
  2⤵
  PID:9900
- C:\Windows\System\cHwOlhs.exe
  C:\Windows\System\cHwOlhs.exe
  2⤵
  PID:9932
- C:\Windows\System\ZtoePjN.exe
  C:\Windows\System\ZtoePjN.exe
  2⤵
  PID:9976
- C:\Windows\System\ZrrkEVt.exe
  C:\Windows\System\ZrrkEVt.exe
  2⤵
  PID:9992
- C:\Windows\System\MmFclol.exe
  C:\Windows\System\MmFclol.exe
  2⤵
  PID:10020
- C:\Windows\System\wrahVGg.exe
  C:\Windows\System\wrahVGg.exe
  2⤵
  PID:10048
- C:\Windows\System\rjMFvQe.exe
  C:\Windows\System\rjMFvQe.exe
  2⤵
  PID:10076
- C:\Windows\System\qFWFrvS.exe
  C:\Windows\System\qFWFrvS.exe
  2⤵
  PID:10104
- C:\Windows\System\EukrBOl.exe
  C:\Windows\System\EukrBOl.exe
  2⤵
  PID:10132
- C:\Windows\System\CLiGXso.exe
  C:\Windows\System\CLiGXso.exe
  2⤵
  PID:10160
- C:\Windows\System\UcsLVNi.exe
  C:\Windows\System\UcsLVNi.exe
  2⤵
  PID:10188
- C:\Windows\System\LqzdQRd.exe
  C:\Windows\System\LqzdQRd.exe
  2⤵
  PID:10216
- C:\Windows\System\cSSHwNG.exe
  C:\Windows\System\cSSHwNG.exe
  2⤵
  PID:9220
- C:\Windows\System\fgpDYLK.exe
  C:\Windows\System\fgpDYLK.exe
  2⤵
  PID:9276
- C:\Windows\System\XkcDMLS.exe
  C:\Windows\System\XkcDMLS.exe
  2⤵
  PID:9360
- C:\Windows\System\LhgRJjo.exe
  C:\Windows\System\LhgRJjo.exe
  2⤵
  PID:9412
- C:\Windows\System\ClSBIMV.exe
  C:\Windows\System\ClSBIMV.exe
  2⤵
  PID:9472
- C:\Windows\System\VKRHBdb.exe
  C:\Windows\System\VKRHBdb.exe
  2⤵
  PID:9500
- C:\Windows\System\kIlsOWD.exe
  C:\Windows\System\kIlsOWD.exe
  2⤵
  PID:9572
- C:\Windows\System\zHIiAww.exe
  C:\Windows\System\zHIiAww.exe
  2⤵
  PID:9636
- C:\Windows\System\RzXyzvQ.exe
  C:\Windows\System\RzXyzvQ.exe
  2⤵
  PID:9692
- C:\Windows\System\XzTBdFK.exe
  C:\Windows\System\XzTBdFK.exe
  2⤵
  PID:9752
- C:\Windows\System\wonHlYi.exe
  C:\Windows\System\wonHlYi.exe
  2⤵
  PID:9824
- C:\Windows\System\yncmKsj.exe
  C:\Windows\System\yncmKsj.exe
  2⤵
  PID:9892
- C:\Windows\System\OQjmbHo.exe
  C:\Windows\System\OQjmbHo.exe
  2⤵
  PID:9948
- C:\Windows\System\TXJIyNU.exe
  C:\Windows\System\TXJIyNU.exe
  2⤵
  PID:10004
- C:\Windows\System\RgKYEgS.exe
  C:\Windows\System\RgKYEgS.exe
  2⤵
  PID:10068
- C:\Windows\System\IqVrukQ.exe
  C:\Windows\System\IqVrukQ.exe
  2⤵
  PID:10144
- C:\Windows\System\uMwdKgt.exe
  C:\Windows\System\uMwdKgt.exe
  2⤵
  PID:10208
- C:\Windows\System\SyDXcwV.exe
  C:\Windows\System\SyDXcwV.exe
  2⤵
  PID:9272
- C:\Windows\System\bMpUQmz.exe
  C:\Windows\System\bMpUQmz.exe
  2⤵
  PID:9440
- C:\Windows\System\ZlWtAdw.exe
  C:\Windows\System\ZlWtAdw.exe
  2⤵
  PID:9552
- C:\Windows\System\HOLQQTy.exe
  C:\Windows\System\HOLQQTy.exe
  2⤵
  PID:9684
- C:\Windows\System\rhLgFRz.exe
  C:\Windows\System\rhLgFRz.exe
  2⤵
  PID:9804
- C:\Windows\System\OYRxjZa.exe
  C:\Windows\System\OYRxjZa.exe
  2⤵
  PID:4312
- C:\Windows\System\iOITVoC.exe
  C:\Windows\System\iOITVoC.exe
  2⤵
  PID:10124
- C:\Windows\System\XScPblh.exe
  C:\Windows\System\XScPblh.exe
  2⤵
  PID:9264
- C:\Windows\System\ZFOChhj.exe
  C:\Windows\System\ZFOChhj.exe
  2⤵
  PID:9612
- C:\Windows\System\NOSlmse.exe
  C:\Windows\System\NOSlmse.exe
  2⤵
  PID:9924
- C:\Windows\System\ADJYsoW.exe
  C:\Windows\System\ADJYsoW.exe
  2⤵
  PID:9248
- C:\Windows\System\qrGLfuB.exe
  C:\Windows\System\qrGLfuB.exe
  2⤵
  PID:1956
- C:\Windows\System\NMLUcrs.exe
  C:\Windows\System\NMLUcrs.exe
  2⤵
  PID:9404
- C:\Windows\System\tOACohR.exe
  C:\Windows\System\tOACohR.exe
  2⤵
  PID:10248
- C:\Windows\System\xGkQbSw.exe
  C:\Windows\System\xGkQbSw.exe
  2⤵
  PID:10276
- C:\Windows\System\guXyKCj.exe
  C:\Windows\System\guXyKCj.exe
  2⤵
  PID:10304
- C:\Windows\System\ibIMupV.exe
  C:\Windows\System\ibIMupV.exe
  2⤵
  PID:10332
- C:\Windows\System\DTgGngO.exe
  C:\Windows\System\DTgGngO.exe
  2⤵
  PID:10360
- C:\Windows\System\JJKTahg.exe
  C:\Windows\System\JJKTahg.exe
  2⤵
  PID:10388
- C:\Windows\System\AKfILZu.exe
  C:\Windows\System\AKfILZu.exe
  2⤵
  PID:10416
- C:\Windows\System\YKQMjYq.exe
  C:\Windows\System\YKQMjYq.exe
  2⤵
  PID:10444
- C:\Windows\System\WDmHuFw.exe
  C:\Windows\System\WDmHuFw.exe
  2⤵
  PID:10472
- C:\Windows\System\PYDBqSI.exe
  C:\Windows\System\PYDBqSI.exe
  2⤵
  PID:10504
- C:\Windows\System\inTSufx.exe
  C:\Windows\System\inTSufx.exe
  2⤵
  PID:10532
- C:\Windows\System\idxGOoH.exe
  C:\Windows\System\idxGOoH.exe
  2⤵
  PID:10564
- C:\Windows\System\drtOlBB.exe
  C:\Windows\System\drtOlBB.exe
  2⤵
  PID:10592
- C:\Windows\System\GZYhhbN.exe
  C:\Windows\System\GZYhhbN.exe
  2⤵
  PID:10620
- C:\Windows\System\NeGJhei.exe
  C:\Windows\System\NeGJhei.exe
  2⤵
  PID:10648
- C:\Windows\System\lyGWwIk.exe
  C:\Windows\System\lyGWwIk.exe
  2⤵
  PID:10676
- C:\Windows\System\XoVxXDJ.exe
  C:\Windows\System\XoVxXDJ.exe
  2⤵
  PID:10704
- C:\Windows\System\fRfmIIx.exe
  C:\Windows\System\fRfmIIx.exe
  2⤵
  PID:10740
- C:\Windows\System\SWoxMAS.exe
  C:\Windows\System\SWoxMAS.exe
  2⤵
  PID:10768
- C:\Windows\System\hMBrFaH.exe
  C:\Windows\System\hMBrFaH.exe
  2⤵
  PID:10788
- C:\Windows\System\kHiRlMU.exe
  C:\Windows\System\kHiRlMU.exe
  2⤵
  PID:10820
- C:\Windows\System\eOiprby.exe
  C:\Windows\System\eOiprby.exe
  2⤵
  PID:10852
- C:\Windows\System\nziMAUF.exe
  C:\Windows\System\nziMAUF.exe
  2⤵
  PID:10880
- C:\Windows\System\QWpzMhm.exe
  C:\Windows\System\QWpzMhm.exe
  2⤵
  PID:10908
- C:\Windows\System\pOWTFdm.exe
  C:\Windows\System\pOWTFdm.exe
  2⤵
  PID:10936
- C:\Windows\System\hdKXcCy.exe
  C:\Windows\System\hdKXcCy.exe
  2⤵
  PID:10964
- C:\Windows\System\vEntbYI.exe
  C:\Windows\System\vEntbYI.exe
  2⤵
  PID:10996
- C:\Windows\System\ahEirkW.exe
  C:\Windows\System\ahEirkW.exe
  2⤵
  PID:11024
- C:\Windows\System\kUqdelc.exe
  C:\Windows\System\kUqdelc.exe
  2⤵
  PID:11048
- C:\Windows\System\QpIcxtm.exe
  C:\Windows\System\QpIcxtm.exe
  2⤵
  PID:11072
- C:\Windows\System\QDZCavG.exe
  C:\Windows\System\QDZCavG.exe
  2⤵
  PID:11108
- C:\Windows\System\xdbOukq.exe
  C:\Windows\System\xdbOukq.exe
  2⤵
  PID:11136
- C:\Windows\System\PuCYRhP.exe
  C:\Windows\System\PuCYRhP.exe
  2⤵
  PID:11164
- C:\Windows\System\hQQkFer.exe
  C:\Windows\System\hQQkFer.exe
  2⤵
  PID:11192
- C:\Windows\System\iKkZzGh.exe
  C:\Windows\System\iKkZzGh.exe
  2⤵
  PID:11220
- C:\Windows\System\ljMLUCl.exe
  C:\Windows\System\ljMLUCl.exe
  2⤵
  PID:11248
- C:\Windows\System\PNBguyv.exe
  C:\Windows\System\PNBguyv.exe
  2⤵
  PID:5076
- C:\Windows\System\nahCQXs.exe
  C:\Windows\System\nahCQXs.exe
  2⤵
  PID:9148
- C:\Windows\System\uLmCzAV.exe
  C:\Windows\System\uLmCzAV.exe
  2⤵
  PID:6444
- C:\Windows\System\vJMBCNI.exe
  C:\Windows\System\vJMBCNI.exe
  2⤵
  PID:10328
- C:\Windows\System\UTdghMO.exe
  C:\Windows\System\UTdghMO.exe
  2⤵
  PID:10372
- C:\Windows\System\NHSzzhM.exe
  C:\Windows\System\NHSzzhM.exe
  2⤵
  PID:10436
- C:\Windows\System\PxlTpvg.exe
  C:\Windows\System\PxlTpvg.exe
  2⤵
  PID:10500
- C:\Windows\System\sXXjfWR.exe
  C:\Windows\System\sXXjfWR.exe
  2⤵
  PID:10560
- C:\Windows\System\coqKMyZ.exe
  C:\Windows\System\coqKMyZ.exe
  2⤵
  PID:10632
- C:\Windows\System\TYGekGB.exe
  C:\Windows\System\TYGekGB.exe
  2⤵
  PID:3536
- C:\Windows\System\FkUEUbj.exe
  C:\Windows\System\FkUEUbj.exe
  2⤵
  PID:3080
- C:\Windows\System\ugwvRTo.exe
  C:\Windows\System\ugwvRTo.exe
  2⤵
  PID:10776
- C:\Windows\System\TwZCcEt.exe
  C:\Windows\System\TwZCcEt.exe
  2⤵
  PID:10872
- C:\Windows\System\hbatriP.exe
  C:\Windows\System\hbatriP.exe
  2⤵
  PID:11008
- C:\Windows\System\gxGMaEK.exe
  C:\Windows\System\gxGMaEK.exe
  2⤵
  PID:10992
- C:\Windows\System\rlyTols.exe
  C:\Windows\System\rlyTols.exe
  2⤵
  PID:6600
- C:\Windows\System\KDlnAVk.exe
  C:\Windows\System\KDlnAVk.exe
  2⤵
  PID:11188
- C:\Windows\System\tDNcUSC.exe
  C:\Windows\System\tDNcUSC.exe
  2⤵
  PID:11244
- C:\Windows\System\ppVuWut.exe
  C:\Windows\System\ppVuWut.exe
  2⤵
  PID:6572
- C:\Windows\System\oMPVxSd.exe
  C:\Windows\System\oMPVxSd.exe
  2⤵
  PID:10428
- C:\Windows\System\tfhZdeZ.exe
  C:\Windows\System\tfhZdeZ.exe
  2⤵
  PID:10528
- C:\Windows\System\stTUAaA.exe
  C:\Windows\System\stTUAaA.exe
  2⤵
  PID:4812
- C:\Windows\System\CRkGWVP.exe
  C:\Windows\System\CRkGWVP.exe
  2⤵
  PID:11032
- C:\Windows\System\wwAIizS.exe
  C:\Windows\System\wwAIizS.exe
  2⤵
  PID:11184
- C:\Windows\System\SWEZHFg.exe
  C:\Windows\System\SWEZHFg.exe
  2⤵
  PID:10296
- C:\Windows\System\GzLoZvv.exe
  C:\Windows\System\GzLoZvv.exe
  2⤵
  PID:10616
- C:\Windows\System\UVjovuM.exe
  C:\Windows\System\UVjovuM.exe
  2⤵
  PID:11132
- C:\Windows\System\tfmBGdw.exe
  C:\Windows\System\tfmBGdw.exe
  2⤵
  PID:10848
- C:\Windows\System\tUejuin.exe
  C:\Windows\System\tUejuin.exe
  2⤵
  PID:11272
- C:\Windows\System\wzbyiHO.exe
  C:\Windows\System\wzbyiHO.exe
  2⤵
  PID:11300
- C:\Windows\System\MKRwcQg.exe
  C:\Windows\System\MKRwcQg.exe
  2⤵
  PID:11332
- C:\Windows\System\DEpGnKD.exe
  C:\Windows\System\DEpGnKD.exe
  2⤵
  PID:11376
- C:\Windows\System\iiyVAdd.exe
  C:\Windows\System\iiyVAdd.exe
  2⤵
  PID:11404
- C:\Windows\System\ovFnqoy.exe
  C:\Windows\System\ovFnqoy.exe
  2⤵
  PID:11436
- C:\Windows\System\ZjGMgSb.exe
  C:\Windows\System\ZjGMgSb.exe
  2⤵
  PID:11464
- C:\Windows\System\aImOlTj.exe
  C:\Windows\System\aImOlTj.exe
  2⤵
  PID:11492
- C:\Windows\System\dcAxpKC.exe
  C:\Windows\System\dcAxpKC.exe
  2⤵
  PID:11520
- C:\Windows\System\SdeYcFy.exe
  C:\Windows\System\SdeYcFy.exe
  2⤵
  PID:11548
- C:\Windows\System\kTPRzFU.exe
  C:\Windows\System\kTPRzFU.exe
  2⤵
  PID:11576
- C:\Windows\System\lVYJzmM.exe
  C:\Windows\System\lVYJzmM.exe
  2⤵
  PID:11604
- C:\Windows\System\ueOtqnw.exe
  C:\Windows\System\ueOtqnw.exe
  2⤵
  PID:11632
- C:\Windows\System\lyjqBNn.exe
  C:\Windows\System\lyjqBNn.exe
  2⤵
  PID:11660
- C:\Windows\System\bHZZtnD.exe
  C:\Windows\System\bHZZtnD.exe
  2⤵
  PID:11688
- C:\Windows\System\mgSjSsW.exe
  C:\Windows\System\mgSjSsW.exe
  2⤵
  PID:11716
- C:\Windows\System\vLYvJEx.exe
  C:\Windows\System\vLYvJEx.exe
  2⤵
  PID:11744
- C:\Windows\System\YwnEOLE.exe
  C:\Windows\System\YwnEOLE.exe
  2⤵
  PID:11776
- C:\Windows\System\eCjNaVI.exe
  C:\Windows\System\eCjNaVI.exe
  2⤵
  PID:11804
- C:\Windows\System\ZRWylCJ.exe
  C:\Windows\System\ZRWylCJ.exe
  2⤵
  PID:11832
- C:\Windows\System\xMzmVlj.exe
  C:\Windows\System\xMzmVlj.exe
  2⤵
  PID:11860
- C:\Windows\System\OrLfvOH.exe
  C:\Windows\System\OrLfvOH.exe
  2⤵
  PID:11888
- C:\Windows\System\NBrBGgV.exe
  C:\Windows\System\NBrBGgV.exe
  2⤵
  PID:11916
- C:\Windows\System\hTowhmb.exe
  C:\Windows\System\hTowhmb.exe
  2⤵
  PID:11944
- C:\Windows\System\fzoFPEM.exe
  C:\Windows\System\fzoFPEM.exe
  2⤵
  PID:11972
- C:\Windows\System\tSDOieG.exe
  C:\Windows\System\tSDOieG.exe
  2⤵
  PID:12000
- C:\Windows\System\JFpvyPy.exe
  C:\Windows\System\JFpvyPy.exe
  2⤵
  PID:12032
- C:\Windows\System\nMeQCzd.exe
  C:\Windows\System\nMeQCzd.exe
  2⤵
  PID:12060
- C:\Windows\System\poylsSK.exe
  C:\Windows\System\poylsSK.exe
  2⤵
  PID:12088
- C:\Windows\System\AdREgNk.exe
  C:\Windows\System\AdREgNk.exe
  2⤵
  PID:12116
- C:\Windows\System\wtmchBL.exe
  C:\Windows\System\wtmchBL.exe
  2⤵
  PID:12144
- C:\Windows\System\ghSpIgE.exe
  C:\Windows\System\ghSpIgE.exe
  2⤵
  PID:12172
- C:\Windows\System\AVERtMC.exe
  C:\Windows\System\AVERtMC.exe
  2⤵
  PID:12200
- C:\Windows\System\sQSTlIh.exe
  C:\Windows\System\sQSTlIh.exe
  2⤵
  PID:12228
- C:\Windows\System\EOdcclX.exe
  C:\Windows\System\EOdcclX.exe
  2⤵
  PID:12256
- C:\Windows\System\puLnaua.exe
  C:\Windows\System\puLnaua.exe
  2⤵
  PID:6464
- C:\Windows\System\xhbYihw.exe
  C:\Windows\System\xhbYihw.exe
  2⤵
  PID:11348
- C:\Windows\System\RCKRgoi.exe
  C:\Windows\System\RCKRgoi.exe
  2⤵
  PID:11372
- C:\Windows\System\czreSBC.exe
  C:\Windows\System\czreSBC.exe
  2⤵
  PID:11432
- C:\Windows\System\BnOKtAI.exe
  C:\Windows\System\BnOKtAI.exe
  2⤵
  PID:11488
- C:\Windows\System\DrpQJYT.exe
  C:\Windows\System\DrpQJYT.exe
  2⤵
  PID:11560
- C:\Windows\System\HuiUouM.exe
  C:\Windows\System\HuiUouM.exe
  2⤵
  PID:11616
- C:\Windows\System\gSSpXgZ.exe
  C:\Windows\System\gSSpXgZ.exe
  2⤵
  PID:11680
- C:\Windows\System\wXybiVz.exe
  C:\Windows\System\wXybiVz.exe
  2⤵
  PID:11760
- C:\Windows\System\VpeZCok.exe
  C:\Windows\System\VpeZCok.exe
  2⤵
  PID:11816
- C:\Windows\System\HaNTnuI.exe
  C:\Windows\System\HaNTnuI.exe
  2⤵
  PID:11884
- C:\Windows\System\SmPyszF.exe
  C:\Windows\System\SmPyszF.exe
  2⤵
  PID:11964
- C:\Windows\System\VHYinqI.exe
  C:\Windows\System\VHYinqI.exe
  2⤵
  PID:10412
- C:\Windows\System\FncJtah.exe
  C:\Windows\System\FncJtah.exe
  2⤵
  PID:12056
- C:\Windows\System\bepWyBy.exe
  C:\Windows\System\bepWyBy.exe
  2⤵
  PID:12184
- C:\Windows\System\VONUWew.exe
  C:\Windows\System\VONUWew.exe
  2⤵
  PID:12252
- C:\Windows\System\CMlwsEd.exe
  C:\Windows\System\CMlwsEd.exe
  2⤵
  PID:11312
- C:\Windows\System\hInKzIU.exe
  C:\Windows\System\hInKzIU.exe
  2⤵
  PID:11452
- C:\Windows\System\heYpBMS.exe
  C:\Windows\System\heYpBMS.exe
  2⤵
  PID:11596
- C:\Windows\System\zaESamQ.exe
  C:\Windows\System\zaESamQ.exe
  2⤵
  PID:11788
- C:\Windows\System\VYsAgWe.exe
  C:\Windows\System\VYsAgWe.exe
  2⤵
  PID:11880
- C:\Windows\System\GiJtIoP.exe
  C:\Windows\System\GiJtIoP.exe
  2⤵
  PID:10324
- C:\Windows\System\ybJwmte.exe
  C:\Windows\System\ybJwmte.exe
  2⤵
  PID:4736
- C:\Windows\System\bcsTtrv.exe
  C:\Windows\System\bcsTtrv.exe
  2⤵
  PID:11368
- C:\Windows\System\aHufjYn.exe
  C:\Windows\System\aHufjYn.exe
  2⤵
  PID:4212
- C:\Windows\System\cVqJmKN.exe
  C:\Windows\System\cVqJmKN.exe
  2⤵
  PID:3580
- C:\Windows\System\QnAUupK.exe
  C:\Windows\System\QnAUupK.exe
  2⤵
  PID:11544
- C:\Windows\System\LtCTGxK.exe
  C:\Windows\System\LtCTGxK.exe
  2⤵
  PID:11820
- C:\Windows\System\nkyaDPs.exe
  C:\Windows\System\nkyaDPs.exe
  2⤵
  PID:12308
- C:\Windows\System\kbomVqP.exe
  C:\Windows\System\kbomVqP.exe
  2⤵
  PID:12348
- C:\Windows\System\DDkEXpz.exe
  C:\Windows\System\DDkEXpz.exe
  2⤵
  PID:12376
- C:\Windows\System\WSqQCAi.exe
  C:\Windows\System\WSqQCAi.exe
  2⤵
  PID:12408
- C:\Windows\System\zMSRpmy.exe
  C:\Windows\System\zMSRpmy.exe
  2⤵
  PID:12440
- C:\Windows\System\WbxbjOr.exe
  C:\Windows\System\WbxbjOr.exe
  2⤵
  PID:12468
- C:\Windows\System\GqTkaMD.exe
  C:\Windows\System\GqTkaMD.exe
  2⤵
  PID:12496
- C:\Windows\System\WaCjcSv.exe
  C:\Windows\System\WaCjcSv.exe
  2⤵
  PID:12524
- C:\Windows\System\YZSWFrD.exe
  C:\Windows\System\YZSWFrD.exe
  2⤵
  PID:12552
- C:\Windows\System\XSqkJdd.exe
  C:\Windows\System\XSqkJdd.exe
  2⤵
  PID:12580
- C:\Windows\System\XkTOMQE.exe
  C:\Windows\System\XkTOMQE.exe
  2⤵
  PID:12608
- C:\Windows\System\EqKyeqw.exe
  C:\Windows\System\EqKyeqw.exe
  2⤵
  PID:12636
- C:\Windows\System\LdDyReK.exe
  C:\Windows\System\LdDyReK.exe
  2⤵
  PID:12664
- C:\Windows\System\mTKDVRj.exe
  C:\Windows\System\mTKDVRj.exe
  2⤵
  PID:12692
- C:\Windows\System\KPtzWmk.exe
  C:\Windows\System\KPtzWmk.exe
  2⤵
  PID:12720
- C:\Windows\System\KSZchhP.exe
  C:\Windows\System\KSZchhP.exe
  2⤵
  PID:12748
- C:\Windows\System\fJrUUIg.exe
  C:\Windows\System\fJrUUIg.exe
  2⤵
  PID:12776
- C:\Windows\System\hXPrQGK.exe
  C:\Windows\System\hXPrQGK.exe
  2⤵
  PID:12808
- C:\Windows\System\iSggjty.exe
  C:\Windows\System\iSggjty.exe
  2⤵
  PID:12836
- C:\Windows\System\sQBScgz.exe
  C:\Windows\System\sQBScgz.exe
  2⤵
  PID:12864
- C:\Windows\System\wtGNOsJ.exe
  C:\Windows\System\wtGNOsJ.exe
  2⤵
  PID:12892
- C:\Windows\System\PeZifOp.exe
  C:\Windows\System\PeZifOp.exe
  2⤵
  PID:12920
- C:\Windows\System\dczyALJ.exe
  C:\Windows\System\dczyALJ.exe
  2⤵
  PID:12948
- C:\Windows\System\EQxdgfg.exe
  C:\Windows\System\EQxdgfg.exe
  2⤵
  PID:12976
- C:\Windows\System\DuUHNKg.exe
  C:\Windows\System\DuUHNKg.exe
  2⤵
  PID:13004
- C:\Windows\System\nJBlWyg.exe
  C:\Windows\System\nJBlWyg.exe
  2⤵
  PID:13032
- C:\Windows\System\xJdYzzq.exe
  C:\Windows\System\xJdYzzq.exe
  2⤵
  PID:13060
- C:\Windows\System\uKKyagp.exe
  C:\Windows\System\uKKyagp.exe
  2⤵
  PID:13088
- C:\Windows\System\mbowyBb.exe
  C:\Windows\System\mbowyBb.exe
  2⤵
  PID:13116
- C:\Windows\System\TVMoZob.exe
  C:\Windows\System\TVMoZob.exe
  2⤵
  PID:13144
- C:\Windows\System\yemhvTg.exe
  C:\Windows\System\yemhvTg.exe
  2⤵
  PID:13172
- C:\Windows\System\JyStHvL.exe
  C:\Windows\System\JyStHvL.exe
  2⤵
  PID:13200
- C:\Windows\System\XDjXARS.exe
  C:\Windows\System\XDjXARS.exe
  2⤵
  PID:13228
- C:\Windows\System\dzygOEb.exe
  C:\Windows\System\dzygOEb.exe
  2⤵
  PID:13256
- C:\Windows\System\LPtgzSC.exe
  C:\Windows\System\LPtgzSC.exe
  2⤵
  PID:13284
- C:\Windows\System\vuaEJup.exe
  C:\Windows\System\vuaEJup.exe
  2⤵
  PID:12292
- C:\Windows\System\EkJUgVo.exe
  C:\Windows\System\EkJUgVo.exe
  2⤵
  PID:12360
- C:\Windows\System\ePLYJMw.exe
  C:\Windows\System\ePLYJMw.exe
  2⤵
  PID:12432
- C:\Windows\System\rbSAkMp.exe
  C:\Windows\System\rbSAkMp.exe
  2⤵
  PID:12332
- C:\Windows\System\pRKFnFx.exe
  C:\Windows\System\pRKFnFx.exe
  2⤵
  PID:12464
- C:\Windows\System\EXwGqIE.exe
  C:\Windows\System\EXwGqIE.exe
  2⤵
  PID:12536
- C:\Windows\System\kiMGhKh.exe
  C:\Windows\System\kiMGhKh.exe
  2⤵
  PID:12600
- C:\Windows\System\muoLcHE.exe
  C:\Windows\System\muoLcHE.exe
  2⤵
  PID:12660
- C:\Windows\System\PDgxtDV.exe
  C:\Windows\System\PDgxtDV.exe
  2⤵
  PID:12732
- C:\Windows\System\nfkQSax.exe
  C:\Windows\System\nfkQSax.exe
  2⤵
  PID:1640
- C:\Windows\System\mNAqCnW.exe
  C:\Windows\System\mNAqCnW.exe
  2⤵
  PID:12800
- C:\Windows\System\pnDajrq.exe
  C:\Windows\System\pnDajrq.exe
  2⤵
  PID:12860
- C:\Windows\System\vCgDPTT.exe
  C:\Windows\System\vCgDPTT.exe
  2⤵
  PID:12912
- C:\Windows\System\QFbgMEU.exe
  C:\Windows\System\QFbgMEU.exe
  2⤵
  PID:12968
- C:\Windows\System\wvCFWab.exe
  C:\Windows\System\wvCFWab.exe
  2⤵
  PID:13028
- C:\Windows\System\aCVaIcI.exe
  C:\Windows\System\aCVaIcI.exe
  2⤵
  PID:13084
- C:\Windows\System\cnrWnDh.exe
  C:\Windows\System\cnrWnDh.exe
  2⤵
  PID:2276
- C:\Windows\System\gCPFuGc.exe
  C:\Windows\System\gCPFuGc.exe
  2⤵
  PID:13184
- C:\Windows\System\tcufIDI.exe
  C:\Windows\System\tcufIDI.exe
  2⤵
  PID:13248
- C:\Windows\System\mZuySIw.exe
  C:\Windows\System\mZuySIw.exe
  2⤵
  PID:13308
- C:\Windows\System\SQGygNb.exe
  C:\Windows\System\SQGygNb.exe
  2⤵
  PID:12420
- C:\Windows\System\nOIEpjT.exe
  C:\Windows\System\nOIEpjT.exe
  2⤵
  PID:12492
- C:\Windows\System\GOYvzZm.exe
  C:\Windows\System\GOYvzZm.exe
  2⤵
  PID:12576
- C:\Windows\System\NLcUqsg.exe
  C:\Windows\System\NLcUqsg.exe
  2⤵
  PID:12712
- C:\Windows\System\brztVSF.exe
  C:\Windows\System\brztVSF.exe
  2⤵
  PID:12240
- C:\Windows\System\KazLFbR.exe
  C:\Windows\System\KazLFbR.exe
  2⤵
  PID:1456
- C:\Windows\System\XdTfMAT.exe
  C:\Windows\System\XdTfMAT.exe
  2⤵
  PID:13056
- C:\Windows\System\MMRiwsj.exe
  C:\Windows\System\MMRiwsj.exe
  2⤵
  PID:13156
- C:\Windows\System\OiCuLdk.exe
  C:\Windows\System\OiCuLdk.exe
  2⤵
  PID:1936
- C:\Windows\System\BTvJytn.exe
  C:\Windows\System\BTvJytn.exe
  2⤵
  PID:12220
- C:\Windows\System\KKFBZfY.exe
  C:\Windows\System\KKFBZfY.exe
  2⤵
  PID:4472
- C:\Windows\System\yUSZKnh.exe
  C:\Windows\System\yUSZKnh.exe
  2⤵
  PID:12888
- C:\Windows\System\XSTNymZ.exe
  C:\Windows\System\XSTNymZ.exe
  2⤵
  PID:13140
- C:\Windows\System\yVOBTkQ.exe
  C:\Windows\System\yVOBTkQ.exe
  2⤵
  PID:4768
- C:\Windows\System\KWekNjB.exe
  C:\Windows\System\KWekNjB.exe
  2⤵
  PID:2444
- C:\Windows\System\zdeeafB.exe
  C:\Windows\System\zdeeafB.exe
  2⤵
  PID:3400
- C:\Windows\System\JPPSeXK.exe
  C:\Windows\System\JPPSeXK.exe
  2⤵
  PID:13332
- C:\Windows\System\TkMCEvz.exe
  C:\Windows\System\TkMCEvz.exe
  2⤵
  PID:13364
- C:\Windows\System\IfnBOjb.exe
  C:\Windows\System\IfnBOjb.exe
  2⤵
  PID:13392
- C:\Windows\System\kGNLfDl.exe
  C:\Windows\System\kGNLfDl.exe
  2⤵
  PID:13420
- C:\Windows\System\ydiNVUP.exe
  C:\Windows\System\ydiNVUP.exe
  2⤵
  PID:13448
- C:\Windows\System\nRFHLUB.exe
  C:\Windows\System\nRFHLUB.exe
  2⤵
  PID:13476
- C:\Windows\System\wxGADYt.exe
  C:\Windows\System\wxGADYt.exe
  2⤵
  PID:13504
- C:\Windows\System\tZTCUVi.exe
  C:\Windows\System\tZTCUVi.exe
  2⤵
  PID:13532
- C:\Windows\System\dTyHqjL.exe
  C:\Windows\System\dTyHqjL.exe
  2⤵
  PID:13560
- C:\Windows\System\RvGbIZx.exe
  C:\Windows\System\RvGbIZx.exe
  2⤵
  PID:13588
- C:\Windows\System\WPFcrnM.exe
  C:\Windows\System\WPFcrnM.exe
  2⤵
  PID:13616
- C:\Windows\System\VmfIGwQ.exe
  C:\Windows\System\VmfIGwQ.exe
  2⤵
  PID:13644
- C:\Windows\System\VxfsYKc.exe
  C:\Windows\System\VxfsYKc.exe
  2⤵
  PID:13672
- C:\Windows\System\BuWVTdi.exe
  C:\Windows\System\BuWVTdi.exe
  2⤵
  PID:13700
- C:\Windows\System\RKCtfgu.exe
  C:\Windows\System\RKCtfgu.exe
  2⤵
  PID:13744
- C:\Windows\System\KgAOeyW.exe
  C:\Windows\System\KgAOeyW.exe
  2⤵
  PID:13760
- C:\Windows\System\bqyofHe.exe
  C:\Windows\System\bqyofHe.exe
  2⤵
  PID:13796
- C:\Windows\System\NEeyATF.exe
  C:\Windows\System\NEeyATF.exe
  2⤵
  PID:13820
- C:\Windows\System\nSSpCeq.exe
  C:\Windows\System\nSSpCeq.exe
  2⤵
  PID:13848
- C:\Windows\System\mtlEnYN.exe
  C:\Windows\System\mtlEnYN.exe
  2⤵
  PID:13880
- C:\Windows\System\OIHvuDJ.exe
  C:\Windows\System\OIHvuDJ.exe
  2⤵
  PID:13908
- C:\Windows\System\QOhNGlu.exe
  C:\Windows\System\QOhNGlu.exe
  2⤵
  PID:13936
- C:\Windows\System\uwfOoRU.exe
  C:\Windows\System\uwfOoRU.exe
  2⤵
  PID:13964
- C:\Windows\System\EKjfXXx.exe
  C:\Windows\System\EKjfXXx.exe
  2⤵
  PID:13992
- C:\Windows\System\rlXqHRq.exe
  C:\Windows\System\rlXqHRq.exe
  2⤵
  PID:14024
- C:\Windows\System\LvWgKFX.exe
  C:\Windows\System\LvWgKFX.exe
  2⤵
  PID:14060
- C:\Windows\System\wCbcgKt.exe
  C:\Windows\System\wCbcgKt.exe
  2⤵
  PID:14080
- C:\Windows\System\LbXEIzn.exe
  C:\Windows\System\LbXEIzn.exe
  2⤵
  PID:14108
- C:\Windows\System\yODqWBe.exe
  C:\Windows\System\yODqWBe.exe
  2⤵
  PID:14140
- C:\Windows\System\mHDvKCE.exe
  C:\Windows\System\mHDvKCE.exe
  2⤵
  PID:14192
- C:\Windows\System\VrVDWnT.exe
  C:\Windows\System\VrVDWnT.exe
  2⤵
  PID:14208
- C:\Windows\System\CwGhheG.exe
  C:\Windows\System\CwGhheG.exe
  2⤵
  PID:14248
- C:\Windows\System\cBizeqp.exe
  C:\Windows\System\cBizeqp.exe
  2⤵
  PID:14276
- C:\Windows\System\vxJqbzb.exe
  C:\Windows\System\vxJqbzb.exe
  2⤵
  PID:14308
- C:\Windows\System\gizZOvR.exe
  C:\Windows\System\gizZOvR.exe
  2⤵
  PID:14332
- C:\Windows\System\NUTaSEn.exe
  C:\Windows\System\NUTaSEn.exe
  2⤵
  PID:13376
- C:\Windows\System\FxBalJO.exe
  C:\Windows\System\FxBalJO.exe
  2⤵
  PID:13440
- C:\Windows\System\ZniqmBO.exe
  C:\Windows\System\ZniqmBO.exe
  2⤵
  PID:13500
- C:\Windows\System\QHIrNlY.exe
  C:\Windows\System\QHIrNlY.exe
  2⤵
  PID:13572
- C:\Windows\System\iZNljLQ.exe
  C:\Windows\System\iZNljLQ.exe
  2⤵
  PID:13636
- C:\Windows\System\dAjTorl.exe
  C:\Windows\System\dAjTorl.exe
  2⤵
  PID:13696
- C:\Windows\System\NUKVDeb.exe
  C:\Windows\System\NUKVDeb.exe
  2⤵
  PID:13752
- C:\Windows\System\bDEWQwW.exe
  C:\Windows\System\bDEWQwW.exe
  2⤵
  PID:13808
- C:\Windows\System\ZZSBRjK.exe
  C:\Windows\System\ZZSBRjK.exe
  2⤵
  PID:436
- C:\Windows\System\yIckNhq.exe
  C:\Windows\System\yIckNhq.exe
  2⤵
  PID:13872
- C:\Windows\System\chlobVc.exe
  C:\Windows\System\chlobVc.exe
  2⤵
  PID:13932
- C:\Windows\System\GBzzsDU.exe
  C:\Windows\System\GBzzsDU.exe
  2⤵
  PID:14004
- C:\Windows\System\LHQJIOn.exe
  C:\Windows\System\LHQJIOn.exe
  2⤵
  PID:14076
- C:\Windows\System\uZZpRhp.exe
  C:\Windows\System\uZZpRhp.exe
  2⤵
  PID:14124
- C:\Windows\System\CLACtfz.exe
  C:\Windows\System\CLACtfz.exe
  2⤵
  PID:14116
- C:\Windows\System\VxfanYG.exe
  C:\Windows\System\VxfanYG.exe
  2⤵
  PID:2076
- C:\Windows\System\RpFStgF.exe
  C:\Windows\System\RpFStgF.exe
  2⤵
  PID:14180
- C:\Windows\System\evyURJh.exe
  C:\Windows\System\evyURJh.exe
  2⤵
  PID:14256
- C:\Windows\System\dJItorV.exe
  C:\Windows\System\dJItorV.exe
  2⤵
  PID:14176
- C:\Windows\System\SnxxdVL.exe
  C:\Windows\System\SnxxdVL.exe
  2⤵
  PID:13360
- C:\Windows\System\etCNepl.exe
  C:\Windows\System\etCNepl.exe
  2⤵
  PID:13528
- C:\Windows\System\WqoADZy.exe
  C:\Windows\System\WqoADZy.exe
  2⤵
  PID:13664
- C:\Windows\System\TEGcQgm.exe
  C:\Windows\System\TEGcQgm.exe
  2⤵
  PID:13804
- C:\Windows\System\qoWVtaD.exe
  C:\Windows\System\qoWVtaD.exe
  2⤵
  PID:13928
- C:\Windows\System\PLrxMcR.exe
  C:\Windows\System\PLrxMcR.exe
  2⤵
  PID:14032
- C:\Windows\System\fOfbFiX.exe
  C:\Windows\System\fOfbFiX.exe
  2⤵
  PID:14016
- C:\Windows\System\fCKiKES.exe
  C:\Windows\System\fCKiKES.exe
  2⤵
  PID:14204
- C:\Windows\System\vzowWkb.exe
  C:\Windows\System\vzowWkb.exe
  2⤵
  PID:14316
- C:\Windows\System\WYXVDkU.exe
  C:\Windows\System\WYXVDkU.exe
  2⤵
  PID:13600
- C:\Windows\System\LrXXvcZ.exe
  C:\Windows\System\LrXXvcZ.exe
  2⤵
  PID:13832
- C:\Windows\System\DpTRSeS.exe
  C:\Windows\System\DpTRSeS.exe
  2⤵
  PID:3592
- C:\Windows\System\TBsmPaq.exe
  C:\Windows\System\TBsmPaq.exe
  2⤵
  PID:5096
- C:\Windows\System\iJWzdOO.exe
  C:\Windows\System\iJWzdOO.exe
  2⤵
  PID:2508
- C:\Windows\System\gNkARZq.exe
  C:\Windows\System\gNkARZq.exe
  2⤵
  PID:1248
- C:\Windows\System\lVzuhFW.exe
  C:\Windows\System\lVzuhFW.exe
  2⤵
  PID:8
- C:\Windows\System\KjtgTzO.exe
  C:\Windows\System\KjtgTzO.exe
  2⤵
  PID:13844
- C:\Windows\System\wXcybih.exe
  C:\Windows\System\wXcybih.exe
  2⤵
  PID:2756
- C:\Windows\System\JadcrBO.exe
  C:\Windows\System\JadcrBO.exe
  2⤵
  PID:3956
- C:\Windows\System\wAPSqhe.exe
  C:\Windows\System\wAPSqhe.exe
  2⤵
  PID:13988
- C:\Windows\System\KzjtUyp.exe
  C:\Windows\System\KzjtUyp.exe
  2⤵
  PID:4440
- C:\Windows\System\REDDIrC.exe
  C:\Windows\System\REDDIrC.exe
  2⤵
  PID:13416
- C:\Windows\System\AucLgtL.exe
  C:\Windows\System\AucLgtL.exe
  2⤵
  PID:13468
- C:\Windows\System\NfuvxXm.exe
  C:\Windows\System\NfuvxXm.exe
  2⤵
  PID:3868
- C:\Windows\System\ExYXnlQ.exe
  C:\Windows\System\ExYXnlQ.exe
  2⤵
  PID:14364
- C:\Windows\System\mFLgcoI.exe
  C:\Windows\System\mFLgcoI.exe
  2⤵
  PID:14392
- C:\Windows\System\vmrfmHM.exe
  C:\Windows\System\vmrfmHM.exe
  2⤵
  PID:14420
- C:\Windows\System\ogOcBAJ.exe
  C:\Windows\System\ogOcBAJ.exe
  2⤵
  PID:14460
- C:\Windows\System\tMvHPYV.exe
  C:\Windows\System\tMvHPYV.exe
  2⤵
  PID:14488
- C:\Windows\System\oYXAyqs.exe
  C:\Windows\System\oYXAyqs.exe
  2⤵
  PID:14516
- C:\Windows\System\QpQoHEz.exe
  C:\Windows\System\QpQoHEz.exe
  2⤵
  PID:14544
- C:\Windows\System\MCqbzry.exe
  C:\Windows\System\MCqbzry.exe
  2⤵
  PID:14580
- C:\Windows\System\JqkXWHN.exe
  C:\Windows\System\JqkXWHN.exe
  2⤵
  PID:14608
- C:\Windows\System\AfAeYiM.exe
  C:\Windows\System\AfAeYiM.exe
  2⤵
  PID:14636
- C:\Windows\System\pSWRuDG.exe
  C:\Windows\System\pSWRuDG.exe
  2⤵
  PID:14664
- C:\Windows\System\slOlMOk.exe
  C:\Windows\System\slOlMOk.exe
  2⤵
  PID:14692
- C:\Windows\System\llslmbg.exe
  C:\Windows\System\llslmbg.exe
  2⤵
  PID:14728
- C:\Windows\System\sBWkzVE.exe
  C:\Windows\System\sBWkzVE.exe
  2⤵
  PID:14756
- C:\Windows\System\vbfcwmg.exe
  C:\Windows\System\vbfcwmg.exe
  2⤵
  PID:14784
- C:\Windows\System\bGtvxJS.exe
  C:\Windows\System\bGtvxJS.exe
  2⤵
  PID:14812
- C:\Windows\System\clAxyCn.exe
  C:\Windows\System\clAxyCn.exe
  2⤵
  PID:14840
- C:\Windows\System\ZtueGSI.exe
  C:\Windows\System\ZtueGSI.exe
  2⤵
  PID:14868
- C:\Windows\System\XsRINPg.exe
  C:\Windows\System\XsRINPg.exe
  2⤵
  PID:14896
- C:\Windows\System\rVbQWfW.exe
  C:\Windows\System\rVbQWfW.exe
  2⤵
  PID:14924
- C:\Windows\System\nhpdwhD.exe
  C:\Windows\System\nhpdwhD.exe
  2⤵
  PID:14952
- C:\Windows\System\lhwYPdm.exe
  C:\Windows\System\lhwYPdm.exe
  2⤵
  PID:14980
- C:\Windows\System\eepoJcM.exe
  C:\Windows\System\eepoJcM.exe
  2⤵
  PID:15008
- C:\Windows\System\BzYNPLg.exe
  C:\Windows\System\BzYNPLg.exe
  2⤵
  PID:15036
- C:\Windows\System\OjNDDct.exe
  C:\Windows\System\OjNDDct.exe
  2⤵
  PID:15064
- C:\Windows\System\SqCyIlR.exe
  C:\Windows\System\SqCyIlR.exe
  2⤵
  PID:15092
- C:\Windows\System\TRTqkzW.exe
  C:\Windows\System\TRTqkzW.exe
  2⤵
  PID:15120
- C:\Windows\System\OmEJNpO.exe
  C:\Windows\System\OmEJNpO.exe
  2⤵
  PID:15148
- C:\Windows\System\UjyxiUk.exe
  C:\Windows\System\UjyxiUk.exe
  2⤵
  PID:15176
- C:\Windows\System\himAUmz.exe
  C:\Windows\System\himAUmz.exe
  2⤵
  PID:15208
- C:\Windows\System\riiUbue.exe
  C:\Windows\System\riiUbue.exe
  2⤵
  PID:15236
- C:\Windows\System\YQyUWrO.exe
  C:\Windows\System\YQyUWrO.exe
  2⤵
  PID:15264
- C:\Windows\System\zhSHvuf.exe
  C:\Windows\System\zhSHvuf.exe
  2⤵
  PID:15292
- C:\Windows\System\aCRJTvk.exe
  C:\Windows\System\aCRJTvk.exe
  2⤵
  PID:15320
- C:\Windows\System\mcdHBJL.exe
  C:\Windows\System\mcdHBJL.exe
  2⤵
  PID:15348
- C:\Windows\System\xiTHEcX.exe
  C:\Windows\System\xiTHEcX.exe
  2⤵
  PID:4864

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RkNDOUQxMTktOTdBQS00N0JFLUJEQkYtMjhENjIyMkI5QkFGfSIgdXNlcmlkPSJ7MjEzNkNGODctNEMwMy00MzRDLTkzRjgtNDc0NkM3Mjc3MDk0fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7RDk0N0I5MUMtMjlCMC00RURBLUI4ODQtMkM1MURERDhFMzc2fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI1IiBpbnN0YWxsZGF0ZXRpbWU9IjE3MzkyODMzNzEiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4Mzc1NDE5Mjc1MzAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MjU4NzU2MTk1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:10324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AJyoQSi.exe

Filesize
6.0MB

MD5
40ba565d60fe1722da9fd99671b07377

SHA1
ba071581562faddcccf3ea84cfbd36d94bafbf09

SHA256
1424819da8e335a535bf61f3dbe644fb3d3da15df6b6328ec62036aad9b38a32

SHA512
27d8903ce21dde8ce0ece8cadae7171889c08a5d906ce2e50e540306824800956413f6cb04407cebcea372251b7b4b024db23f82114b2a94841851c93153a9b6

Download Submit
C:\Windows\System\AlvvSRk.exe

Filesize
6.0MB

MD5
a805b504d3c727441333a94b47d8dddc

SHA1
18c5446fcddf371627634f5de622575ed39d4567

SHA256
0cc0d93ddee37434f4648f258f58bebba9594fa56e40c072b1a41499c022059e

SHA512
bdae544018766f2bb7ebfa5b4bc53c5954de0a197ff0efd09ee1ccf45cb6b1d08339b0e70091fa1b494087e8e76fb5e3e28c7a63a9a751e95df4b34aef57cd1e

Download Submit
C:\Windows\System\CJbekyJ.exe

Filesize
6.0MB

MD5
540a6779217af4d4641023608cad574c

SHA1
9a4d6454f1536dbd9770c446b68bbfb14e37bbd5

SHA256
9c3ec5c756e3d31d229be849eee8d028df34225efe49487c729114b32bcaab2a

SHA512
66cca63e650b1e522dda262962741b0ee7eeb14cf39830c258ecc978d3f9d45d2e09213e0cf18ab1d8e9121a1cb019e072f5c4ec6f13225208aadfcdc9571242

Download Submit
C:\Windows\System\DcBmtRL.exe

Filesize
6.0MB

MD5
8a240ac68d26bcdb11189e80e0af82ff

SHA1
cf098a4adb84be64292a7fed1365f0ed040608ea

SHA256
bd7868a2bbdd4cad20e0acbef9a8bce38853402e99e7bc0446c100757ffb480d

SHA512
c422da5c0161437ac4f29bcc83433e0423b38bf52c9e7edcdeb8764198ea948afb6a8570e7c44be01b0d9d0184cac50504be90f11cba8e13dca1f3fb09e47a32

Download Submit
C:\Windows\System\DwaphbZ.exe

Filesize
6.0MB

MD5
2227a7835ab078084f69ed7c4f4fbd7b

SHA1
54a2edf242cf543877f482d2effd399350b0c565

SHA256
d503b23c0166fb0d63fe15e79132e95242953e4c976070aec7de93c4e5889992

SHA512
d1944966ac7f42e5bde5f1edbdb2bb050c96f3ca5b28914e2b5ab024c43581bda7d5b797586033a5e28125ce19fb527a094fcaa3cd9e59c4da538f8431f8e29b

Download Submit
C:\Windows\System\IieFpPj.exe

Filesize
6.0MB

MD5
a7f5c3eea02226224f2676a971ca47b6

SHA1
828ba298345790a7c8ebe9dfbac0807f65143e64

SHA256
041dff5a7c706a39743b42fb306eb77b783274ab063f118a779dcca925cb36fa

SHA512
3cbfe8f18b42eb01c32989582a368d33709f43f20da59d70e98e7d1591c08c6bd5113890d538f9d646cd94742c93377c206aabeb13c948445913a60d90b40292

Download Submit
C:\Windows\System\ItTNNvp.exe

Filesize
6.0MB

MD5
ae12ce24d1dd754cc8958241b31ebede

SHA1
dd351288d31766cc2ad4db7d996e9ac39877b17f

SHA256
c0927ce2a8c0afdc6095e903a39d9c6d862ec30eaed6a4699d73dcab6cc9bdd2

SHA512
f623b868b4f497d2d0feb01c9f13cec14d1de626d05ecd40f69a787e89caea681f725cbfd754fec0cd05472fc0b01789e4d33800dfb268e833f8aa7ed7afee83

Download Submit
C:\Windows\System\JtpIJUY.exe

Filesize
6.0MB

MD5
dd1546f6b6b62e9c1b0b6afdb7dd6630

SHA1
c4c587b8465b593d4b435a7f96b73923f6608ca8

SHA256
16dc4abc2206440469b49be943b8b8c8a3c2626ad3e5a54f4713410b85955442

SHA512
e683ee383e5a0470735c81a473307d1cda7ee6383f4858e73a358ae3641e4f0da1335ce90cdf0eda466a084de7923bd79ce10fddcbc2308b264c99de00690cd2

Download Submit
C:\Windows\System\KUNfASW.exe

Filesize
6.0MB

MD5
e4fba2e1df822fccca37d90f4d2f7ef8

SHA1
468d6e927bbc3b1ad7bb5c5ddb8b7024ae9d98d9

SHA256
23791a3684581b8e58acfa5003caeb008adc3bc188d93b5713de3655989f0781

SHA512
f4cb4f42a472424c95db9ea7cbeff4fd109b961d2702f3dba54285b6ff28e691e8a309a1352ae78bb2c5d501990b8a92e5af339c7d6acccf2dd217060e8e07b6

Download Submit
C:\Windows\System\LSzZBAS.exe

Filesize
6.0MB

MD5
f76df8a02fbb00b087058ea2e757b813

SHA1
7bbfde3a3b88c32e02a89ebfe79cd64bdd3408be

SHA256
2319d46f93e7ae4ec03c90b3b9266dc83a99705321bc5848c21cd2907782176c

SHA512
5d0b92ad5342028ae5ddfa125e4a4854b8fec0cbb5736aa630b1c9d4171cec58305a9a9d4285fe30b7a518d0dfc411d3b31cae320ee5c8597d4441f3eee9d1c4

Download Submit
C:\Windows\System\OUBePlh.exe

Filesize
6.0MB

MD5
1b0317b2f8e737357b45291abfa560d7

SHA1
5e307f325310dd4fc690f1b8d44a33e4e5457ded

SHA256
6a2e86c2907815e9a9a6e3c53f0aa8d400c50f4d13c9130800fcc2ee42cc2e8f

SHA512
6a263118186523d838cea4f8c6bcfdaa24d63e089058c579f17563de1fdf75b5596cb1549e406d1025b5cee0fecc05d33e6e1af047396e618489182d0cc45796

Download Submit
C:\Windows\System\QDRWreI.exe

Filesize
6.0MB

MD5
4fe870b5e1207a7b29f72425cc9b4d55

SHA1
cd9e4b4df09ad8421c335d61a57232513b9b4549

SHA256
156467a47eb0cbc4087ac5d69593a561035d23d6bc90b5e66ba710c04c7e8f00

SHA512
50e7ad33540d570f596b179c648a4854a67517c11eb65b6ba3429ceed338c03cf2745599f5def0d7d76d1fd9813bb6a69c7e2d8fb66a4b51b1d3d40913e30c41

Download Submit
C:\Windows\System\RHqKKaK.exe

Filesize
6.0MB

MD5
6df4577bf758e13bd1dbea1ab452b634

SHA1
78b240c6a0f5716708820bdd360ec7223a1f7488

SHA256
96ede9b8a688b903031d419290ed2d708f0f51e317e0a0a8e91833f794c55c88

SHA512
866ecb7e632d952d75c67f44a54674521991e69ce831e2ddb7218143941ad525643d2e62ecbf8fa8fe2245443dcd437161649e76261dfa44784532bd5b99fdbc

Download Submit
C:\Windows\System\RuViWje.exe

Filesize
6.0MB

MD5
11986a1b356c7c0acadb5f8bf62a8225

SHA1
182013ec2804cfddaa1955c43837240a4e6a5cd5

SHA256
3f03195d429a1c51c409d0e32420607ddec8d9f2ac4311eb689e509b72e5b168

SHA512
721d73d660a9ae503bfd11b3378a8ccf062a3072edd506300325cb8a31b8c0cff43422589afa596bde6345f4e6f3971a3f724c4d08dd575175bb8f68eb118c88

Download Submit
C:\Windows\System\TzWWPTZ.exe

Filesize
6.0MB

MD5
9d6bd6461cc29fb5dbeb3fee35be50e6

SHA1
68ab92bbc7586e96a44b49c31224440208c0a367

SHA256
69da2a9596af8560ff1bb6b2a54070247a18a8eedbcbeeaa856adc988fb437f6

SHA512
a30bf6cfc32cb7b0942cd9d57b65452cd332a1cee97792ba00af9aba3a59ad79d3b278d0b3c852691ce1395e347d99a0fdc5f3110af5ee6d7796d1e5d6dfb9d1

Download Submit
C:\Windows\System\UcUEoCc.exe

Filesize
6.0MB

MD5
edc67e2b1a07fe81dac54dbd97ecfa88

SHA1
4b973fd00c98915dfc959ba150fbd163d4b06986

SHA256
bf91af967041a03be95798c23d106dd7456af73db06ae31b092e15f7d7d5b8c3

SHA512
76d7620b041891bb2c8a7debbc41b43953ed18dea848edf8027b3f4a3bd8b61089d0bac116c65490f40d7b1f37d140db835e6ad1012ffc0dc3d25fb03534b719

Download Submit
C:\Windows\System\WCwDJzr.exe

Filesize
6.0MB

MD5
304287821c8f217cc1de051caf9c49fe

SHA1
8af456d0cb4df465f46bc20927fec471b06babf6

SHA256
65ceb709cd53e97608aa5e4477d41b87f611a54f4123e07096305531a6d5ab26

SHA512
f0cf2188af0bfbefd19fc1d2aae0403e11fb453f3ff529a517234668e48892947b5541d8b3368ee9a1be7b50a505535d257a843eca7943b33b6fe3fd227e5c61

Download Submit
C:\Windows\System\WYRjMwa.exe

Filesize
6.0MB

MD5
f34ff17cb3b2bf40292a28d698164c46

SHA1
c9f92191989b9d0d1f741b1d46a458ded47109ff

SHA256
379326598a074c41bcb816a47bb806d40b02d1f5ec9becf93e345fb19ec17d22

SHA512
843921b3783c5c6419955864ba72382dfd9ee1ffdd06e51292dd9a2ffa90721dacbbc39dd2ce80e8693d2743298429b7e6d59c4a531397e322913ebe9184f9ac

Download Submit
C:\Windows\System\XSOpeXY.exe

Filesize
6.0MB

MD5
1b136f5a35cb60173fad898d25a1e1db

SHA1
536675a3dbe5a4bb7755a9680b807599f07ea4a9

SHA256
fb46802553b0cb7551066570e3ec11aadc80ed29f66e58e5a8e5dee885289b51

SHA512
2751e7f0348ccbb37298d51c7d11c5dd94a22727d25eb2724c68cac53f9e490c5b437b18a2a011f3372c7dc26cabe04537061c9628389ed260f821a89b0b3f8f

Download Submit
C:\Windows\System\YcWEuMQ.exe

Filesize
6.0MB

MD5
16fb1277e831043bceb2f2c0e6de2938

SHA1
c684855b2e28333a8332ffc5e4bfcdedf9e79e4c

SHA256
205ad05661489adb015b62f40ac0b05b9fd152e62cd11e701f1c326e54ac62fb

SHA512
70cd0be6b2a3af96107721f4328b400692c5b198778032acd1823c7f853f166450b7d9e6fa7b6cfd3f543f45db113800ce5b06c6dbd3890f80df3a68c1c123e4

Download Submit
C:\Windows\System\YkcwoKG.exe

Filesize
6.0MB

MD5
122757a54c6a60a411cc09c59db0b574

SHA1
29e25cf4875e52dc6a9557f4cad31a10e72bab59

SHA256
f8c79f3461dd0a407015a10f68f77bfe22cfc44ca118b987fe3d0f0861ddcb45

SHA512
8b6ed9b9c8cc32910143a7389bab5d9087ef63ca6736627e8960bf96672298732c2959dda2a996f3b7bd9daebdf1b228b20ed58e51a9408f128c7c2496a743a2

Download Submit
C:\Windows\System\akHsbqc.exe

Filesize
6.0MB

MD5
2e9a7171210e2477136035bc35e407e1

SHA1
bba4606c75516fdb37b8b793bccc919340ee2645

SHA256
0527e3855c8772d396ffbd69453ac64af3085d9ea3b62f1a50074b6ac4ca51e7

SHA512
bc5a89753b943013fdda302d9f13d134f180a711e82dadd3085f968889a9b1aeaf1e1ce598cf74fb99398d3f2c34b0fcbb44018ea57bddee879128a1c4af71b3

Download Submit
C:\Windows\System\appiIjr.exe

Filesize
6.0MB

MD5
c9f91852a0649d55a2ccbdc4346a6d09

SHA1
f14770b3311fd8503a3c4081868d5971fa5d162a

SHA256
ef3d4ea26117048b17f51fd446e0b4c8717cfa1ec0f2835b91a25acce9bc85bc

SHA512
200cc1a5a36735e6ea610e1263b5bc7fe10e2c7258b98cf0b6715d4d28b25c76a66415777aa2cad41ea5de5410f61d90e4926ca411dcd8cad040e68edc7f8419

Download Submit
C:\Windows\System\lsqZBIS.exe

Filesize
6.0MB

MD5
d66d1c644f26cde0c8ddf81b5371ce53

SHA1
d72880dc8d29fb2d5cd33532a123dcee6bafd73f

SHA256
8866b0f2dd9d77a691c9e34e6a1636689d8accceed019e54251c29ead65ca665

SHA512
2ba49fb5936abc0290675f3a41d8fb9b53c5a5ab597406d7d22ca357bab4505d8c8e7751e8841765ea3418c43867e616c4a11037293b6246da71e9d43d8c42db

Download Submit
C:\Windows\System\pLDNlYI.exe

Filesize
6.0MB

MD5
fffe65a007bb57fafc987f03c06c71e8

SHA1
4a4101fd2c9dd8ed6d39d546550d3a726dfc1637

SHA256
34506b43290beef4965db78e5197b6cfc16144e7cc3a6b1e735249219cfbb489

SHA512
a8d4814bf0ec6abb5c06b08d4d1c56831cab043e62e04c0959e42097ae8c37aafe96ed83bd6354e3bc1af34c72340cfe574dc460da938ab4f24b38d9c516678a

Download Submit
C:\Windows\System\qXVMeFQ.exe

Filesize
6.0MB

MD5
593642fd52aee42da40d41c642b490ff

SHA1
81131d79b3739da62bc481a66ed3cc7dddf44be7

SHA256
bd9b62d0c2d5e69f5912ff7c98c5d0e9d0c9764c6b47fee8f100480c0fd10906

SHA512
300d002d24767a0b42f4da1510186e3645eb2cacb24879825c1eb4cfd84089555c30e0846777eb93e6e8f967d0d87acb36128283cf6411b54bace2b2b22c936a

Download Submit
C:\Windows\System\rXixfJV.exe

Filesize
6.0MB

MD5
15df6bfcdba6ccae6b98b4d9a83bd6d2

SHA1
d0ed9b900b508a751f368e7e3b765e7a9796f879

SHA256
1dd9a089a0329df32371dc5d843314f413561da3ccbf925fa62573dfa92c775b

SHA512
4e800cc7b93c729a4644aa56b0d62fa7d6713cb9a929ccd6879660524e5e17dc0f488523855513257886385dc6c38c062be64b4066984d05c4401f1cb2c05f5a

Download Submit
C:\Windows\System\ruCvCXf.exe

Filesize
6.0MB

MD5
8c253341f91094289dcbaaabfadc11b5

SHA1
4b764ba9ff2a268531b4202b6ba4e7c22e9495d1

SHA256
a391c68ac806b0698cc92bbfab7b9c8921b6aff75e4c3c8d9d22012089ed5eaa

SHA512
08a8765322a84cd218dc1d210ada1c84ef485c51cdcfbfb896e308ea436bf2056837eae7bd47c63bde09a8f61bd0379e7fbbb2a4bed3642d51065660ea50826b

Download Submit
C:\Windows\System\sVRKHBD.exe

Filesize
6.0MB

MD5
19f7351218c88af21d686261399db514

SHA1
27594f8769af2501a1207805a9b58863da1aee7c

SHA256
66605f875317f77908d37b5e0f631c10bd7822f72c0e3ea72703e789337f3915

SHA512
90716da49793dd1558153a25aa5f67e217664cf987873f4b981b287cc70ef6d492cdaa428788ef842f12918e57cd5a4a13aa9ca4d21f1cffd693d83c63b2033d

Download Submit
C:\Windows\System\soYELXb.exe

Filesize
6.0MB

MD5
fb540a79fda0d48262c4ed837a219f8f

SHA1
4922536451f4282b99a72a0e7303de19c13309e3

SHA256
5b219f20802e500f59fbc90b5eb1fb94d417ec4614f41c9f98f3f385c817991a

SHA512
bcf98603adf69484a8ec295a3256fd8100edeebc23c10004071ffe77513832f5c55359efb490353520f750980958e88a49cbef26494e1b36808b5ad98b852602

Download Submit
C:\Windows\System\uIXVmVX.exe

Filesize
6.0MB

MD5
893cbec7d58c60746f35d32582f014d6

SHA1
9e8cdb04af154bcb98d8a421dce32ad3e0d829c6

SHA256
e9ee77dfdc3e829844b47186a97331875c65a4b4235bc2ec2f78622a3555a925

SHA512
5c8121ac4bb72ec33643eccc9dfec210f76f25eda1f4d966d5eed49c0cc6882c817d736dff198d5d82205d473155ba4415e5731f7b4d60ecf1f811680a76405b

Download Submit
C:\Windows\System\wJuUgVe.exe

Filesize
6.0MB

MD5
22d98b000fcb0873457e285872e76830

SHA1
a0aa45628bf3eb7afdc25b24263d2839d99127ac

SHA256
cce8b577956ed10661d7f0765359a9698ec46812e4cbbcd7d96e968f50e2a15f

SHA512
39573b4acc0aef097ba184e07c4febc237f862c02a30a01a27215793839f0578067610ead567fb3c3fced32e662d634ae098d81886eb8e6f0a1a913a17e140af

Download Submit
memory/372-54-0x00007FF72BAA0000-0x00007FF72BDF4000-memory.dmp

Filesize
3.3MB

Download
memory/372-1710-0x00007FF72BAA0000-0x00007FF72BDF4000-memory.dmp

Filesize
3.3MB

Download
memory/736-70-0x00007FF632D40000-0x00007FF633094000-memory.dmp

Filesize
3.3MB

Download
memory/736-1912-0x00007FF632D40000-0x00007FF633094000-memory.dmp

Filesize
3.3MB

Download
memory/736-153-0x00007FF632D40000-0x00007FF633094000-memory.dmp

Filesize
3.3MB

Download
memory/1148-100-0x00007FF6A15F0000-0x00007FF6A1944000-memory.dmp

Filesize
3.3MB

Download
memory/1148-267-0x00007FF6A15F0000-0x00007FF6A1944000-memory.dmp

Filesize
3.3MB

Download
memory/1148-2036-0x00007FF6A15F0000-0x00007FF6A1944000-memory.dmp

Filesize
3.3MB

Download
memory/1300-2048-0x00007FF639CD0000-0x00007FF63A024000-memory.dmp

Filesize
3.3MB

Download
memory/1300-138-0x00007FF639CD0000-0x00007FF63A024000-memory.dmp

Filesize
3.3MB

Download
memory/1460-248-0x00007FF7A8830000-0x00007FF7A8B84000-memory.dmp

Filesize
3.3MB

Download
memory/1460-90-0x00007FF7A8830000-0x00007FF7A8B84000-memory.dmp

Filesize
3.3MB

Download
memory/1460-2028-0x00007FF7A8830000-0x00007FF7A8B84000-memory.dmp

Filesize
3.3MB

Download
memory/1464-2362-0x00007FF7F43B0000-0x00007FF7F4704000-memory.dmp

Filesize
3.3MB

Download
memory/1464-195-0x00007FF7F43B0000-0x00007FF7F4704000-memory.dmp

Filesize
3.3MB

Download
memory/1532-144-0x00007FF60C580000-0x00007FF60C8D4000-memory.dmp

Filesize
3.3MB

Download
memory/1532-455-0x00007FF60C580000-0x00007FF60C8D4000-memory.dmp

Filesize
3.3MB

Download
memory/1532-2206-0x00007FF60C580000-0x00007FF60C8D4000-memory.dmp

Filesize
3.3MB

Download
memory/1632-142-0x00007FF6A2330000-0x00007FF6A2684000-memory.dmp

Filesize
3.3MB

Download
memory/1632-1722-0x00007FF6A2330000-0x00007FF6A2684000-memory.dmp

Filesize
3.3MB

Download
memory/1632-63-0x00007FF6A2330000-0x00007FF6A2684000-memory.dmp

Filesize
3.3MB

Download
memory/1864-2040-0x00007FF714D20000-0x00007FF715074000-memory.dmp

Filesize
3.3MB

Download
memory/1864-266-0x00007FF714D20000-0x00007FF715074000-memory.dmp

Filesize
3.3MB

Download
memory/1864-99-0x00007FF714D20000-0x00007FF715074000-memory.dmp

Filesize
3.3MB

Download
memory/1944-1540-0x00007FF632E20000-0x00007FF633174000-memory.dmp

Filesize
3.3MB

Download
memory/1944-69-0x00007FF632E20000-0x00007FF633174000-memory.dmp

Filesize
3.3MB

Download
memory/1944-18-0x00007FF632E20000-0x00007FF633174000-memory.dmp

Filesize
3.3MB

Download
memory/2172-1543-0x00007FF7E5D40000-0x00007FF7E6094000-memory.dmp

Filesize
3.3MB

Download
memory/2172-29-0x00007FF7E5D40000-0x00007FF7E6094000-memory.dmp

Filesize
3.3MB

Download
memory/2196-158-0x00007FF62DA10000-0x00007FF62DD64000-memory.dmp

Filesize
3.3MB

Download
memory/2196-518-0x00007FF62DA10000-0x00007FF62DD64000-memory.dmp

Filesize
3.3MB

Download
memory/2236-1550-0x00007FF660850000-0x00007FF660BA4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-81-0x00007FF660850000-0x00007FF660BA4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-31-0x00007FF660850000-0x00007FF660BA4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-2045-0x00007FF769E70000-0x00007FF76A1C4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-398-0x00007FF769E70000-0x00007FF76A1C4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-112-0x00007FF769E70000-0x00007FF76A1C4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-2207-0x00007FF7D1AA0000-0x00007FF7D1DF4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-399-0x00007FF7D1AA0000-0x00007FF7D1DF4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-141-0x00007FF7D1AA0000-0x00007FF7D1DF4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-1718-0x00007FF783950000-0x00007FF783CA4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-61-0x00007FF783950000-0x00007FF783CA4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-104-0x00007FF783950000-0x00007FF783CA4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-1701-0x00007FF6AB1E0000-0x00007FF6AB534000-memory.dmp

Filesize
3.3MB

Download
memory/3000-48-0x00007FF6AB1E0000-0x00007FF6AB534000-memory.dmp

Filesize
3.3MB

Download
memory/3036-168-0x00007FF7D95B0000-0x00007FF7D9904000-memory.dmp

Filesize
3.3MB

Download
memory/3036-1936-0x00007FF7D95B0000-0x00007FF7D9904000-memory.dmp

Filesize
3.3MB

Download
memory/3036-83-0x00007FF7D95B0000-0x00007FF7D9904000-memory.dmp

Filesize
3.3MB

Download
memory/3092-89-0x00007FF712370000-0x00007FF7126C4000-memory.dmp

Filesize
3.3MB

Download
memory/3092-38-0x00007FF712370000-0x00007FF7126C4000-memory.dmp

Filesize
3.3MB

Download
memory/3092-1656-0x00007FF712370000-0x00007FF7126C4000-memory.dmp

Filesize
3.3MB

Download
memory/3984-1428-0x00007FF7E61B0000-0x00007FF7E6504000-memory.dmp

Filesize
3.3MB

Download
memory/3984-14-0x00007FF7E61B0000-0x00007FF7E6504000-memory.dmp

Filesize
3.3MB

Download
memory/3984-62-0x00007FF7E61B0000-0x00007FF7E6504000-memory.dmp

Filesize
3.3MB

Download
memory/4240-125-0x00007FF7F67B0000-0x00007FF7F6B04000-memory.dmp

Filesize
3.3MB

Download
memory/4240-337-0x00007FF7F67B0000-0x00007FF7F6B04000-memory.dmp

Filesize
3.3MB

Download
memory/4240-2046-0x00007FF7F67B0000-0x00007FF7F6B04000-memory.dmp

Filesize
3.3MB

Download
memory/4320-186-0x00007FF685AD0000-0x00007FF685E24000-memory.dmp

Filesize
3.3MB

Download
memory/4320-2360-0x00007FF685AD0000-0x00007FF685E24000-memory.dmp

Filesize
3.3MB

Download
memory/4344-1914-0x00007FF70B190000-0x00007FF70B4E4000-memory.dmp

Filesize
3.3MB

Download
memory/4344-159-0x00007FF70B190000-0x00007FF70B4E4000-memory.dmp

Filesize
3.3MB

Download
memory/4344-76-0x00007FF70B190000-0x00007FF70B4E4000-memory.dmp

Filesize
3.3MB

Download
memory/4392-2359-0x00007FF682690000-0x00007FF6829E4000-memory.dmp

Filesize
3.3MB

Download
memory/4392-171-0x00007FF682690000-0x00007FF6829E4000-memory.dmp

Filesize
3.3MB

Download
memory/4392-643-0x00007FF682690000-0x00007FF6829E4000-memory.dmp

Filesize
3.3MB

Download
memory/4488-2361-0x00007FF67A2B0000-0x00007FF67A604000-memory.dmp

Filesize
3.3MB

Download
memory/4488-191-0x00007FF67A2B0000-0x00007FF67A604000-memory.dmp

Filesize
3.3MB

Download
memory/4512-580-0x00007FF6BAA30000-0x00007FF6BAD84000-memory.dmp

Filesize
3.3MB

Download
memory/4512-167-0x00007FF6BAA30000-0x00007FF6BAD84000-memory.dmp

Filesize
3.3MB

Download
memory/4628-55-0x00007FF68E6F0000-0x00007FF68EA44000-memory.dmp

Filesize
3.3MB

Download
memory/4628-8-0x00007FF68E6F0000-0x00007FF68EA44000-memory.dmp

Filesize
3.3MB

Download
memory/4628-1400-0x00007FF68E6F0000-0x00007FF68EA44000-memory.dmp

Filesize
3.3MB

Download
memory/4744-2051-0x00007FF6A6DA0000-0x00007FF6A70F4000-memory.dmp

Filesize
3.3MB

Download
memory/4744-143-0x00007FF6A6DA0000-0x00007FF6A70F4000-memory.dmp

Filesize
3.3MB

Download
memory/4984-2047-0x00007FF7702E0000-0x00007FF770634000-memory.dmp

Filesize
3.3MB

Download
memory/4984-140-0x00007FF7702E0000-0x00007FF770634000-memory.dmp

Filesize
3.3MB

Download
memory/5072-50-0x00007FF6D1430000-0x00007FF6D1784000-memory.dmp

Filesize
3.3MB

Download
memory/5072-1-0x0000024A7B1F0000-0x0000024A7B200000-memory.dmp

Filesize
64KB

Download
memory/5072-0-0x00007FF6D1430000-0x00007FF6D1784000-memory.dmp

Filesize
3.3MB

Download