cobaltstrike | 80cc9732f768129914c2ce70c3a284476da5e05476d7c9c0b2bfdeadcaf9f532

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250207-en
resource tags

arch:x64arch:x86image:win10v2004-20250207-enlocale:en-usos:windows10-2004-x64system
submitted
16/02/2025, 19:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

4ddff675cf1a1726a6296dd8f2a2ec60
SHA1

4cf47774f9fd7bfa3c2dc62f88bf67d36de7aa5e
SHA256

80cc9732f768129914c2ce70c3a284476da5e05476d7c9c0b2bfdeadcaf9f532
SHA512

7c81d1f187ea29d3664460a28b221f1a886468741a4084605ca45283547cc024e933c3e55c4e6a75737ad2b2b7c76b011cb0e0758ddf807050f6e7bd5c6ce81d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUV:T+q56utgpPF8u/7V

Score

10^/10

cobaltstrike xmrig 0 backdoor discovery miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000a000000023de6-5.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e43-10.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e42-11.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e44-23.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e45-28.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e46-36.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e47-41.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023e3f-46.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e48-53.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e49-60.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e4b-80.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e4c-95.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e4f-111.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e50-109.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e51-123.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e53-132.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e52-130.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e4e-98.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e4d-91.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e4a-70.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e54-136.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e56-152.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e57-151.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e59-167.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e58-170.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e55-160.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e5c-185.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e5a-181.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e5d-193.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e5e-201.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e60-214.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e5f-209.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/976-0-0x00007FF72E2F0000-0x00007FF72E644000-memory.dmp	xmrig
behavioral2/files/0x000a000000023de6-5.dat	xmrig
behavioral2/memory/3040-7-0x00007FF6C9250000-0x00007FF6C95A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e43-10.dat	xmrig
behavioral2/files/0x0007000000023e42-11.dat	xmrig
behavioral2/memory/3032-18-0x00007FF793DB0000-0x00007FF794104000-memory.dmp	xmrig
behavioral2/memory/2452-12-0x00007FF7ED040000-0x00007FF7ED394000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e44-23.dat	xmrig
behavioral2/files/0x0007000000023e45-28.dat	xmrig
behavioral2/files/0x0007000000023e46-36.dat	xmrig
behavioral2/memory/4176-35-0x00007FF7E3820000-0x00007FF7E3B74000-memory.dmp	xmrig
behavioral2/memory/4992-30-0x00007FF7B5CA0000-0x00007FF7B5FF4000-memory.dmp	xmrig
behavioral2/memory/3588-24-0x00007FF615A00000-0x00007FF615D54000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e47-41.dat	xmrig
behavioral2/memory/5016-45-0x00007FF7630C0000-0x00007FF763414000-memory.dmp	xmrig
behavioral2/files/0x0008000000023e3f-46.dat	xmrig
behavioral2/files/0x0007000000023e48-53.dat	xmrig
behavioral2/memory/4436-55-0x00007FF7C3A30000-0x00007FF7C3D84000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e49-60.dat	xmrig
behavioral2/memory/3016-71-0x00007FF6B7650000-0x00007FF6B79A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e4b-80.dat	xmrig
behavioral2/memory/316-85-0x00007FF681BF0000-0x00007FF681F44000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e4c-95.dat	xmrig
behavioral2/memory/4992-102-0x00007FF7B5CA0000-0x00007FF7B5FF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e4f-111.dat	xmrig
behavioral2/files/0x0007000000023e50-109.dat	xmrig
behavioral2/memory/5016-108-0x00007FF7630C0000-0x00007FF763414000-memory.dmp	xmrig
behavioral2/memory/2208-107-0x00007FF7BE950000-0x00007FF7BECA4000-memory.dmp	xmrig
behavioral2/memory/3076-106-0x00007FF6AE910000-0x00007FF6AEC64000-memory.dmp	xmrig
behavioral2/memory/4176-105-0x00007FF7E3820000-0x00007FF7E3B74000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e51-123.dat	xmrig
behavioral2/files/0x0007000000023e53-132.dat	xmrig
behavioral2/files/0x0007000000023e52-130.dat	xmrig
behavioral2/memory/2984-129-0x00007FF624F50000-0x00007FF6252A4000-memory.dmp	xmrig
behavioral2/memory/4436-128-0x00007FF7C3A30000-0x00007FF7C3D84000-memory.dmp	xmrig
behavioral2/memory/3660-127-0x00007FF6C4A90000-0x00007FF6C4DE4000-memory.dmp	xmrig
behavioral2/memory/2040-126-0x00007FF61FF50000-0x00007FF6202A4000-memory.dmp	xmrig
behavioral2/memory/100-125-0x00007FF7B7D90000-0x00007FF7B80E4000-memory.dmp	xmrig
behavioral2/memory/588-120-0x00007FF682D10000-0x00007FF683064000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e4e-98.dat	xmrig
behavioral2/memory/2500-97-0x00007FF69B410000-0x00007FF69B764000-memory.dmp	xmrig
behavioral2/memory/4292-90-0x00007FF6198D0000-0x00007FF619C24000-memory.dmp	xmrig
behavioral2/memory/3588-89-0x00007FF615A00000-0x00007FF615D54000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e4d-91.dat	xmrig
behavioral2/memory/4040-79-0x00007FF74B6E0000-0x00007FF74BA34000-memory.dmp	xmrig
behavioral2/memory/3032-78-0x00007FF793DB0000-0x00007FF794104000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e4a-70.dat	xmrig
behavioral2/memory/2452-66-0x00007FF7ED040000-0x00007FF7ED394000-memory.dmp	xmrig
behavioral2/memory/2984-65-0x00007FF624F50000-0x00007FF6252A4000-memory.dmp	xmrig
behavioral2/memory/3040-61-0x00007FF6C9250000-0x00007FF6C95A4000-memory.dmp	xmrig
behavioral2/memory/976-54-0x00007FF72E2F0000-0x00007FF72E644000-memory.dmp	xmrig
behavioral2/memory/100-47-0x00007FF7B7D90000-0x00007FF7B80E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e54-136.dat	xmrig
behavioral2/memory/3016-141-0x00007FF6B7650000-0x00007FF6B79A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e56-152.dat	xmrig
behavioral2/files/0x0007000000023e57-151.dat	xmrig
behavioral2/files/0x0007000000023e59-167.dat	xmrig
behavioral2/memory/2208-173-0x00007FF7BE950000-0x00007FF7BECA4000-memory.dmp	xmrig
behavioral2/memory/4604-175-0x00007FF733E90000-0x00007FF7341E4000-memory.dmp	xmrig
behavioral2/memory/3076-172-0x00007FF6AE910000-0x00007FF6AEC64000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e58-170.dat	xmrig
behavioral2/memory/4692-164-0x00007FF728480000-0x00007FF7287D4000-memory.dmp	xmrig
behavioral2/memory/4292-163-0x00007FF6198D0000-0x00007FF619C24000-memory.dmp	xmrig
behavioral2/memory/760-159-0x00007FF7645B0000-0x00007FF764904000-memory.dmp	xmrig

Downloads MZ/PE file 1 IoCs

flow	pid	Process
46	14140	Process not Found

Executes dropped EXE 64 IoCs

pid	Process
3040	tqKaKpD.exe
2452	YZhpGlN.exe
3032	zCsLXUk.exe
3588	WMOwzTu.exe
4992	JlDprIy.exe
4176	HnSNcxB.exe
5016	EASaUMi.exe
100	nWwEkjm.exe
4436	gvJEwll.exe
2984	tlPJwgH.exe
3016	cPzJrYQ.exe
4040	tsYykmL.exe
316	OllgYBt.exe
4292	CBMpzHQ.exe
2500	fwcQNxm.exe
3076	jEmSaOc.exe
2208	fRhleaX.exe
588	jIsoYlU.exe
2040	yKwcXqV.exe
3660	rYavJFU.exe
920	jcdLFjL.exe
4460	SSBnLyx.exe
760	LvFIavg.exe
3416	rHUryGY.exe
4692	DKBnPuA.exe
4604	HrNsUCk.exe
4896	TazXITb.exe
784	GfsnecG.exe
3160	OcOzKlH.exe
3868	GzbhHaG.exe
3312	yAFbLOt.exe
4172	jxahxug.exe
2976	QVPFlUJ.exe
60	uxnuqyc.exe
4704	bqHLRli.exe
1124	AyWtRPx.exe
2832	YxGHvcv.exe
1064	FyYmjhi.exe
1208	pjWKRsI.exe
3504	ahUKcLT.exe
3612	hgVTJqa.exe
1488	ZWRmwEZ.exe
2996	OQzAhJn.exe
5000	BcscYFY.exe
4036	vCGnNaI.exe
2744	kVqciAK.exe
752	kPhFawi.exe
4952	lvQjbLS.exe
232	YzYOegU.exe
1972	qXJjOAh.exe
4224	sJCsvOZ.exe
3616	sHvdmtQ.exe
1080	lCJiRwP.exe
3820	vSHxXOs.exe
1348	XhZkIZU.exe
3084	vAzzQQH.exe
3260	iFaJOAJ.exe
1368	liTlHzM.exe
4184	OFEfgNs.exe
2380	cmagcUP.exe
1560	NYTsxEP.exe
3488	wsgOaaa.exe
1652	oiLYeUo.exe
4588	xVOlKEy.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/976-0-0x00007FF72E2F0000-0x00007FF72E644000-memory.dmp	upx
behavioral2/files/0x000a000000023de6-5.dat	upx
behavioral2/memory/3040-7-0x00007FF6C9250000-0x00007FF6C95A4000-memory.dmp	upx
behavioral2/files/0x0007000000023e43-10.dat	upx
behavioral2/files/0x0007000000023e42-11.dat	upx
behavioral2/memory/3032-18-0x00007FF793DB0000-0x00007FF794104000-memory.dmp	upx
behavioral2/memory/2452-12-0x00007FF7ED040000-0x00007FF7ED394000-memory.dmp	upx
behavioral2/files/0x0007000000023e44-23.dat	upx
behavioral2/files/0x0007000000023e45-28.dat	upx
behavioral2/files/0x0007000000023e46-36.dat	upx
behavioral2/memory/4176-35-0x00007FF7E3820000-0x00007FF7E3B74000-memory.dmp	upx
behavioral2/memory/4992-30-0x00007FF7B5CA0000-0x00007FF7B5FF4000-memory.dmp	upx
behavioral2/memory/3588-24-0x00007FF615A00000-0x00007FF615D54000-memory.dmp	upx
behavioral2/files/0x0007000000023e47-41.dat	upx
behavioral2/memory/5016-45-0x00007FF7630C0000-0x00007FF763414000-memory.dmp	upx
behavioral2/files/0x0008000000023e3f-46.dat	upx
behavioral2/files/0x0007000000023e48-53.dat	upx
behavioral2/memory/4436-55-0x00007FF7C3A30000-0x00007FF7C3D84000-memory.dmp	upx
behavioral2/files/0x0007000000023e49-60.dat	upx
behavioral2/memory/3016-71-0x00007FF6B7650000-0x00007FF6B79A4000-memory.dmp	upx
behavioral2/files/0x0007000000023e4b-80.dat	upx
behavioral2/memory/316-85-0x00007FF681BF0000-0x00007FF681F44000-memory.dmp	upx
behavioral2/files/0x0007000000023e4c-95.dat	upx
behavioral2/memory/4992-102-0x00007FF7B5CA0000-0x00007FF7B5FF4000-memory.dmp	upx
behavioral2/files/0x0007000000023e4f-111.dat	upx
behavioral2/files/0x0007000000023e50-109.dat	upx
behavioral2/memory/5016-108-0x00007FF7630C0000-0x00007FF763414000-memory.dmp	upx
behavioral2/memory/2208-107-0x00007FF7BE950000-0x00007FF7BECA4000-memory.dmp	upx
behavioral2/memory/3076-106-0x00007FF6AE910000-0x00007FF6AEC64000-memory.dmp	upx
behavioral2/memory/4176-105-0x00007FF7E3820000-0x00007FF7E3B74000-memory.dmp	upx
behavioral2/files/0x0007000000023e51-123.dat	upx
behavioral2/files/0x0007000000023e53-132.dat	upx
behavioral2/files/0x0007000000023e52-130.dat	upx
behavioral2/memory/2984-129-0x00007FF624F50000-0x00007FF6252A4000-memory.dmp	upx
behavioral2/memory/4436-128-0x00007FF7C3A30000-0x00007FF7C3D84000-memory.dmp	upx
behavioral2/memory/3660-127-0x00007FF6C4A90000-0x00007FF6C4DE4000-memory.dmp	upx
behavioral2/memory/2040-126-0x00007FF61FF50000-0x00007FF6202A4000-memory.dmp	upx
behavioral2/memory/100-125-0x00007FF7B7D90000-0x00007FF7B80E4000-memory.dmp	upx
behavioral2/memory/588-120-0x00007FF682D10000-0x00007FF683064000-memory.dmp	upx
behavioral2/files/0x0007000000023e4e-98.dat	upx
behavioral2/memory/2500-97-0x00007FF69B410000-0x00007FF69B764000-memory.dmp	upx
behavioral2/memory/4292-90-0x00007FF6198D0000-0x00007FF619C24000-memory.dmp	upx
behavioral2/memory/3588-89-0x00007FF615A00000-0x00007FF615D54000-memory.dmp	upx
behavioral2/files/0x0007000000023e4d-91.dat	upx
behavioral2/memory/4040-79-0x00007FF74B6E0000-0x00007FF74BA34000-memory.dmp	upx
behavioral2/memory/3032-78-0x00007FF793DB0000-0x00007FF794104000-memory.dmp	upx
behavioral2/files/0x0007000000023e4a-70.dat	upx
behavioral2/memory/2452-66-0x00007FF7ED040000-0x00007FF7ED394000-memory.dmp	upx
behavioral2/memory/2984-65-0x00007FF624F50000-0x00007FF6252A4000-memory.dmp	upx
behavioral2/memory/3040-61-0x00007FF6C9250000-0x00007FF6C95A4000-memory.dmp	upx
behavioral2/memory/976-54-0x00007FF72E2F0000-0x00007FF72E644000-memory.dmp	upx
behavioral2/memory/100-47-0x00007FF7B7D90000-0x00007FF7B80E4000-memory.dmp	upx
behavioral2/files/0x0007000000023e54-136.dat	upx
behavioral2/memory/3016-141-0x00007FF6B7650000-0x00007FF6B79A4000-memory.dmp	upx
behavioral2/files/0x0007000000023e56-152.dat	upx
behavioral2/files/0x0007000000023e57-151.dat	upx
behavioral2/files/0x0007000000023e59-167.dat	upx
behavioral2/memory/2208-173-0x00007FF7BE950000-0x00007FF7BECA4000-memory.dmp	upx
behavioral2/memory/4604-175-0x00007FF733E90000-0x00007FF7341E4000-memory.dmp	upx
behavioral2/memory/3076-172-0x00007FF6AE910000-0x00007FF6AEC64000-memory.dmp	upx
behavioral2/files/0x0007000000023e58-170.dat	upx
behavioral2/memory/4692-164-0x00007FF728480000-0x00007FF7287D4000-memory.dmp	upx
behavioral2/memory/4292-163-0x00007FF6198D0000-0x00007FF619C24000-memory.dmp	upx
behavioral2/memory/760-159-0x00007FF7645B0000-0x00007FF764904000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\gOXROla.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZhwNgSl.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WwQzQSR.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jxahxug.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vSHxXOs.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kjBESHS.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nnpJgQG.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iSeqIEx.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UJBOxTX.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FVKzuzR.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jpMFzMX.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AXHmQhc.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GZzLqTT.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\moiTNvT.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TfzNImO.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\phHhLWB.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DwXVHtX.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eMwpAQb.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EQMPbtQ.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gbpjYKk.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\woxctYm.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UXAjIzf.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fWZcnkv.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pnaxLLX.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\axKezXJ.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PrSEJaL.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XHOWklM.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OGcSiXp.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LuWHLvV.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TxEiYnI.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wGNsAKF.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uhLnHfc.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Hajmvuh.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JlDprIy.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jcdLFjL.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vCGnNaI.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WbiOQcf.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GYSqhab.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fnQFskU.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sbPSzmQ.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yoYEOBs.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\izNmiLz.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vpxvmKq.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lOWaGRT.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DCSEWqr.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lkPNiqa.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IEkNNvj.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UzJAWdf.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jKcgGIF.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fbbUmeI.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wdleseu.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OcOzKlH.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AyWtRPx.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LYLBrYA.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oXQGmLt.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ubNAPQQ.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EORwKaU.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zCsLXUk.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vxPKlCu.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LMAiQWT.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hFOkzVf.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jzISrno.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lnKLOXe.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AzTysMW.exe	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
11504	MicrosoftEdgeUpdate.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 976 wrote to memory of 3040	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 976 wrote to memory of 3040	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 976 wrote to memory of 2452	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 976 wrote to memory of 2452	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 976 wrote to memory of 3032	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 976 wrote to memory of 3032	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 976 wrote to memory of 3588	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 976 wrote to memory of 3588	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 976 wrote to memory of 4992	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 976 wrote to memory of 4992	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 976 wrote to memory of 4176	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 976 wrote to memory of 4176	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 976 wrote to memory of 5016	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 976 wrote to memory of 5016	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 976 wrote to memory of 100	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 976 wrote to memory of 100	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 976 wrote to memory of 4436	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 976 wrote to memory of 4436	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 976 wrote to memory of 2984	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 976 wrote to memory of 2984	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 976 wrote to memory of 3016	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 976 wrote to memory of 3016	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 976 wrote to memory of 4040	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 976 wrote to memory of 4040	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 976 wrote to memory of 316	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 976 wrote to memory of 316	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 976 wrote to memory of 4292	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 976 wrote to memory of 4292	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 976 wrote to memory of 2500	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 976 wrote to memory of 2500	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 976 wrote to memory of 2208	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 976 wrote to memory of 2208	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 976 wrote to memory of 3076	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 976 wrote to memory of 3076	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 976 wrote to memory of 588	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 976 wrote to memory of 588	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 976 wrote to memory of 2040	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 976 wrote to memory of 2040	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 976 wrote to memory of 3660	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 976 wrote to memory of 3660	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 976 wrote to memory of 920	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 976 wrote to memory of 920	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 976 wrote to memory of 760	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 976 wrote to memory of 760	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 976 wrote to memory of 4460	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 976 wrote to memory of 4460	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 976 wrote to memory of 3416	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 976 wrote to memory of 3416	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 976 wrote to memory of 4692	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 976 wrote to memory of 4692	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 976 wrote to memory of 4604	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 976 wrote to memory of 4604	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 976 wrote to memory of 4896	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 976 wrote to memory of 4896	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 976 wrote to memory of 784	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 976 wrote to memory of 784	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 976 wrote to memory of 3160	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	119
PID 976 wrote to memory of 3160	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	119
PID 976 wrote to memory of 3868	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	120
PID 976 wrote to memory of 3868	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	120
PID 976 wrote to memory of 3312	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	121
PID 976 wrote to memory of 3312	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	121
PID 976 wrote to memory of 4172	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	122
PID 976 wrote to memory of 4172	976	2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe	122

C:\Users\Admin\AppData\Local\Temp\2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-16_4ddff675cf1a1726a6296dd8f2a2ec60_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:976
- C:\Windows\System\tqKaKpD.exe
  C:\Windows\System\tqKaKpD.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\YZhpGlN.exe
  C:\Windows\System\YZhpGlN.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\zCsLXUk.exe
  C:\Windows\System\zCsLXUk.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\WMOwzTu.exe
  C:\Windows\System\WMOwzTu.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System\JlDprIy.exe
  C:\Windows\System\JlDprIy.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\HnSNcxB.exe
  C:\Windows\System\HnSNcxB.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\EASaUMi.exe
  C:\Windows\System\EASaUMi.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\nWwEkjm.exe
  C:\Windows\System\nWwEkjm.exe
  2⤵
  - Executes dropped EXE
  PID:100
- C:\Windows\System\gvJEwll.exe
  C:\Windows\System\gvJEwll.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\tlPJwgH.exe
  C:\Windows\System\tlPJwgH.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\cPzJrYQ.exe
  C:\Windows\System\cPzJrYQ.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\tsYykmL.exe
  C:\Windows\System\tsYykmL.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\OllgYBt.exe
  C:\Windows\System\OllgYBt.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\CBMpzHQ.exe
  C:\Windows\System\CBMpzHQ.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\fwcQNxm.exe
  C:\Windows\System\fwcQNxm.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\fRhleaX.exe
  C:\Windows\System\fRhleaX.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\jEmSaOc.exe
  C:\Windows\System\jEmSaOc.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\jIsoYlU.exe
  C:\Windows\System\jIsoYlU.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\yKwcXqV.exe
  C:\Windows\System\yKwcXqV.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\rYavJFU.exe
  C:\Windows\System\rYavJFU.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\jcdLFjL.exe
  C:\Windows\System\jcdLFjL.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\LvFIavg.exe
  C:\Windows\System\LvFIavg.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\SSBnLyx.exe
  C:\Windows\System\SSBnLyx.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\rHUryGY.exe
  C:\Windows\System\rHUryGY.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System\DKBnPuA.exe
  C:\Windows\System\DKBnPuA.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\HrNsUCk.exe
  C:\Windows\System\HrNsUCk.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\TazXITb.exe
  C:\Windows\System\TazXITb.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\GfsnecG.exe
  C:\Windows\System\GfsnecG.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\OcOzKlH.exe
  C:\Windows\System\OcOzKlH.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\GzbhHaG.exe
  C:\Windows\System\GzbhHaG.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\yAFbLOt.exe
  C:\Windows\System\yAFbLOt.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\jxahxug.exe
  C:\Windows\System\jxahxug.exe
  2⤵
  - Executes dropped EXE
  PID:4172
- C:\Windows\System\QVPFlUJ.exe
  C:\Windows\System\QVPFlUJ.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\uxnuqyc.exe
  C:\Windows\System\uxnuqyc.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\bqHLRli.exe
  C:\Windows\System\bqHLRli.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\AyWtRPx.exe
  C:\Windows\System\AyWtRPx.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\YxGHvcv.exe
  C:\Windows\System\YxGHvcv.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\FyYmjhi.exe
  C:\Windows\System\FyYmjhi.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\pjWKRsI.exe
  C:\Windows\System\pjWKRsI.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\ahUKcLT.exe
  C:\Windows\System\ahUKcLT.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System\hgVTJqa.exe
  C:\Windows\System\hgVTJqa.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\ZWRmwEZ.exe
  C:\Windows\System\ZWRmwEZ.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\OQzAhJn.exe
  C:\Windows\System\OQzAhJn.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\BcscYFY.exe
  C:\Windows\System\BcscYFY.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\vCGnNaI.exe
  C:\Windows\System\vCGnNaI.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\kVqciAK.exe
  C:\Windows\System\kVqciAK.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\kPhFawi.exe
  C:\Windows\System\kPhFawi.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\lvQjbLS.exe
  C:\Windows\System\lvQjbLS.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\YzYOegU.exe
  C:\Windows\System\YzYOegU.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\qXJjOAh.exe
  C:\Windows\System\qXJjOAh.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\sJCsvOZ.exe
  C:\Windows\System\sJCsvOZ.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\sHvdmtQ.exe
  C:\Windows\System\sHvdmtQ.exe
  2⤵
  - Executes dropped EXE
  PID:3616
- C:\Windows\System\lCJiRwP.exe
  C:\Windows\System\lCJiRwP.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\vSHxXOs.exe
  C:\Windows\System\vSHxXOs.exe
  2⤵
  - Executes dropped EXE
  PID:3820
- C:\Windows\System\XhZkIZU.exe
  C:\Windows\System\XhZkIZU.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\vAzzQQH.exe
  C:\Windows\System\vAzzQQH.exe
  2⤵
  - Executes dropped EXE
  PID:3084
- C:\Windows\System\iFaJOAJ.exe
  C:\Windows\System\iFaJOAJ.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System\liTlHzM.exe
  C:\Windows\System\liTlHzM.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\OFEfgNs.exe
  C:\Windows\System\OFEfgNs.exe
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Windows\System\cmagcUP.exe
  C:\Windows\System\cmagcUP.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\NYTsxEP.exe
  C:\Windows\System\NYTsxEP.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\wsgOaaa.exe
  C:\Windows\System\wsgOaaa.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\oiLYeUo.exe
  C:\Windows\System\oiLYeUo.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\xVOlKEy.exe
  C:\Windows\System\xVOlKEy.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\qBLrkjx.exe
  C:\Windows\System\qBLrkjx.exe
  2⤵
  PID:2788
- C:\Windows\System\gIdhbwn.exe
  C:\Windows\System\gIdhbwn.exe
  2⤵
  PID:3908
- C:\Windows\System\HoNRYTg.exe
  C:\Windows\System\HoNRYTg.exe
  2⤵
  PID:2944
- C:\Windows\System\Kckfcfd.exe
  C:\Windows\System\Kckfcfd.exe
  2⤵
  PID:4168
- C:\Windows\System\GfvYXsA.exe
  C:\Windows\System\GfvYXsA.exe
  2⤵
  PID:2876
- C:\Windows\System\zaUBHND.exe
  C:\Windows\System\zaUBHND.exe
  2⤵
  PID:2664
- C:\Windows\System\BysHVOh.exe
  C:\Windows\System\BysHVOh.exe
  2⤵
  PID:812
- C:\Windows\System\rpeHryK.exe
  C:\Windows\System\rpeHryK.exe
  2⤵
  PID:4008
- C:\Windows\System\LHlFErk.exe
  C:\Windows\System\LHlFErk.exe
  2⤵
  PID:3720
- C:\Windows\System\jzISrno.exe
  C:\Windows\System\jzISrno.exe
  2⤵
  PID:3676
- C:\Windows\System\eUaTDad.exe
  C:\Windows\System\eUaTDad.exe
  2⤵
  PID:2060
- C:\Windows\System\QoeYotQ.exe
  C:\Windows\System\QoeYotQ.exe
  2⤵
  PID:3928
- C:\Windows\System\JVKablS.exe
  C:\Windows\System\JVKablS.exe
  2⤵
  PID:4392
- C:\Windows\System\zTfveip.exe
  C:\Windows\System\zTfveip.exe
  2⤵
  PID:3972
- C:\Windows\System\TsfiywQ.exe
  C:\Windows\System\TsfiywQ.exe
  2⤵
  PID:3100
- C:\Windows\System\FhffKuS.exe
  C:\Windows\System\FhffKuS.exe
  2⤵
  PID:2580
- C:\Windows\System\OYTHJHi.exe
  C:\Windows\System\OYTHJHi.exe
  2⤵
  PID:1612
- C:\Windows\System\wzwCPPj.exe
  C:\Windows\System\wzwCPPj.exe
  2⤵
  PID:5132
- C:\Windows\System\JGTiviI.exe
  C:\Windows\System\JGTiviI.exe
  2⤵
  PID:5164
- C:\Windows\System\aHajBeZ.exe
  C:\Windows\System\aHajBeZ.exe
  2⤵
  PID:5188
- C:\Windows\System\EEhTfUF.exe
  C:\Windows\System\EEhTfUF.exe
  2⤵
  PID:5224
- C:\Windows\System\lnKLOXe.exe
  C:\Windows\System\lnKLOXe.exe
  2⤵
  PID:5240
- C:\Windows\System\tGFAnYt.exe
  C:\Windows\System\tGFAnYt.exe
  2⤵
  PID:5284
- C:\Windows\System\IFiAfjW.exe
  C:\Windows\System\IFiAfjW.exe
  2⤵
  PID:5320
- C:\Windows\System\oUGAdYx.exe
  C:\Windows\System\oUGAdYx.exe
  2⤵
  PID:5400
- C:\Windows\System\TbHnKks.exe
  C:\Windows\System\TbHnKks.exe
  2⤵
  PID:5440
- C:\Windows\System\vUhZWMf.exe
  C:\Windows\System\vUhZWMf.exe
  2⤵
  PID:5476
- C:\Windows\System\jyzBpol.exe
  C:\Windows\System\jyzBpol.exe
  2⤵
  PID:5552
- C:\Windows\System\akVIjfx.exe
  C:\Windows\System\akVIjfx.exe
  2⤵
  PID:5608
- C:\Windows\System\xkbUwtZ.exe
  C:\Windows\System\xkbUwtZ.exe
  2⤵
  PID:5644
- C:\Windows\System\DpAkFBz.exe
  C:\Windows\System\DpAkFBz.exe
  2⤵
  PID:5700
- C:\Windows\System\FMgImCz.exe
  C:\Windows\System\FMgImCz.exe
  2⤵
  PID:5732
- C:\Windows\System\xpGEYoi.exe
  C:\Windows\System\xpGEYoi.exe
  2⤵
  PID:5756
- C:\Windows\System\TmmUtgX.exe
  C:\Windows\System\TmmUtgX.exe
  2⤵
  PID:5784
- C:\Windows\System\TJbLrPD.exe
  C:\Windows\System\TJbLrPD.exe
  2⤵
  PID:5812
- C:\Windows\System\QXeELAX.exe
  C:\Windows\System\QXeELAX.exe
  2⤵
  PID:5836
- C:\Windows\System\nOzCjDn.exe
  C:\Windows\System\nOzCjDn.exe
  2⤵
  PID:5868
- C:\Windows\System\xWHDjPn.exe
  C:\Windows\System\xWHDjPn.exe
  2⤵
  PID:5900
- C:\Windows\System\UnlRtNo.exe
  C:\Windows\System\UnlRtNo.exe
  2⤵
  PID:5928
- C:\Windows\System\nOdXFkA.exe
  C:\Windows\System\nOdXFkA.exe
  2⤵
  PID:5960
- C:\Windows\System\hSNzovD.exe
  C:\Windows\System\hSNzovD.exe
  2⤵
  PID:5988
- C:\Windows\System\ZdnHXgJ.exe
  C:\Windows\System\ZdnHXgJ.exe
  2⤵
  PID:6012
- C:\Windows\System\rlIXoLq.exe
  C:\Windows\System\rlIXoLq.exe
  2⤵
  PID:6040
- C:\Windows\System\pnaxLLX.exe
  C:\Windows\System\pnaxLLX.exe
  2⤵
  PID:6076
- C:\Windows\System\XffLWhp.exe
  C:\Windows\System\XffLWhp.exe
  2⤵
  PID:6092
- C:\Windows\System\SeltQrt.exe
  C:\Windows\System\SeltQrt.exe
  2⤵
  PID:6136
- C:\Windows\System\MbLUzdj.exe
  C:\Windows\System\MbLUzdj.exe
  2⤵
  PID:2708
- C:\Windows\System\BnfRKfQ.exe
  C:\Windows\System\BnfRKfQ.exe
  2⤵
  PID:3556
- C:\Windows\System\Gorgbjq.exe
  C:\Windows\System\Gorgbjq.exe
  2⤵
  PID:2112
- C:\Windows\System\xQBUvdk.exe
  C:\Windows\System\xQBUvdk.exe
  2⤵
  PID:4316
- C:\Windows\System\UXRoitR.exe
  C:\Windows\System\UXRoitR.exe
  2⤵
  PID:4504
- C:\Windows\System\iGZqLMx.exe
  C:\Windows\System\iGZqLMx.exe
  2⤵
  PID:5232
- C:\Windows\System\hDSrSpv.exe
  C:\Windows\System\hDSrSpv.exe
  2⤵
  PID:5332
- C:\Windows\System\AzTysMW.exe
  C:\Windows\System\AzTysMW.exe
  2⤵
  PID:5428
- C:\Windows\System\kjBESHS.exe
  C:\Windows\System\kjBESHS.exe
  2⤵
  PID:5596
- C:\Windows\System\GllaLrh.exe
  C:\Windows\System\GllaLrh.exe
  2⤵
  PID:5656
- C:\Windows\System\lughPJX.exe
  C:\Windows\System\lughPJX.exe
  2⤵
  PID:3628
- C:\Windows\System\wlqNFyi.exe
  C:\Windows\System\wlqNFyi.exe
  2⤵
  PID:5884
- C:\Windows\System\GOeYKyW.exe
  C:\Windows\System\GOeYKyW.exe
  2⤵
  PID:5936
- C:\Windows\System\izNmiLz.exe
  C:\Windows\System\izNmiLz.exe
  2⤵
  PID:6004
- C:\Windows\System\GZBvnSC.exe
  C:\Windows\System\GZBvnSC.exe
  2⤵
  PID:6060
- C:\Windows\System\UzJAWdf.exe
  C:\Windows\System\UzJAWdf.exe
  2⤵
  PID:6124
- C:\Windows\System\VsFPpBy.exe
  C:\Windows\System\VsFPpBy.exe
  2⤵
  PID:2360
- C:\Windows\System\RIcASVw.exe
  C:\Windows\System\RIcASVw.exe
  2⤵
  PID:4028
- C:\Windows\System\YJVbQvm.exe
  C:\Windows\System\YJVbQvm.exe
  2⤵
  PID:6120
- C:\Windows\System\KOXdIxS.exe
  C:\Windows\System\KOXdIxS.exe
  2⤵
  PID:5464
- C:\Windows\System\sZcDkQl.exe
  C:\Windows\System\sZcDkQl.exe
  2⤵
  PID:3620
- C:\Windows\System\mOmMLJy.exe
  C:\Windows\System\mOmMLJy.exe
  2⤵
  PID:5876
- C:\Windows\System\AgSoPsS.exe
  C:\Windows\System\AgSoPsS.exe
  2⤵
  PID:6028
- C:\Windows\System\Damfzcv.exe
  C:\Windows\System\Damfzcv.exe
  2⤵
  PID:5160
- C:\Windows\System\CoExASu.exe
  C:\Windows\System\CoExASu.exe
  2⤵
  PID:4048
- C:\Windows\System\lbxrtWr.exe
  C:\Windows\System\lbxrtWr.exe
  2⤵
  PID:5684
- C:\Windows\System\lrJodDm.exe
  C:\Windows\System\lrJodDm.exe
  2⤵
  PID:6088
- C:\Windows\System\ShfzNry.exe
  C:\Windows\System\ShfzNry.exe
  2⤵
  PID:1572
- C:\Windows\System\HAIOOdn.exe
  C:\Windows\System\HAIOOdn.exe
  2⤵
  PID:2724
- C:\Windows\System\SVRoOvA.exe
  C:\Windows\System\SVRoOvA.exe
  2⤵
  PID:4416
- C:\Windows\System\hIXVNnY.exe
  C:\Windows\System\hIXVNnY.exe
  2⤵
  PID:6152
- C:\Windows\System\jeLjrbC.exe
  C:\Windows\System\jeLjrbC.exe
  2⤵
  PID:6180
- C:\Windows\System\DtnHceM.exe
  C:\Windows\System\DtnHceM.exe
  2⤵
  PID:6212
- C:\Windows\System\rUsRhaG.exe
  C:\Windows\System\rUsRhaG.exe
  2⤵
  PID:6236
- C:\Windows\System\ouJiTww.exe
  C:\Windows\System\ouJiTww.exe
  2⤵
  PID:6264
- C:\Windows\System\IRrwGuH.exe
  C:\Windows\System\IRrwGuH.exe
  2⤵
  PID:6292
- C:\Windows\System\ZctkXjI.exe
  C:\Windows\System\ZctkXjI.exe
  2⤵
  PID:6316
- C:\Windows\System\MwyKIHt.exe
  C:\Windows\System\MwyKIHt.exe
  2⤵
  PID:6356
- C:\Windows\System\vMsYEZH.exe
  C:\Windows\System\vMsYEZH.exe
  2⤵
  PID:6384
- C:\Windows\System\BAsxkRD.exe
  C:\Windows\System\BAsxkRD.exe
  2⤵
  PID:6408
- C:\Windows\System\gSFHUdI.exe
  C:\Windows\System\gSFHUdI.exe
  2⤵
  PID:6436
- C:\Windows\System\AXHmQhc.exe
  C:\Windows\System\AXHmQhc.exe
  2⤵
  PID:6472
- C:\Windows\System\NHgEBdc.exe
  C:\Windows\System\NHgEBdc.exe
  2⤵
  PID:6496
- C:\Windows\System\dSUvXLI.exe
  C:\Windows\System\dSUvXLI.exe
  2⤵
  PID:6528
- C:\Windows\System\eJISkGT.exe
  C:\Windows\System\eJISkGT.exe
  2⤵
  PID:6560
- C:\Windows\System\vxPKlCu.exe
  C:\Windows\System\vxPKlCu.exe
  2⤵
  PID:6588
- C:\Windows\System\QjKprns.exe
  C:\Windows\System\QjKprns.exe
  2⤵
  PID:6616
- C:\Windows\System\aFwFTbX.exe
  C:\Windows\System\aFwFTbX.exe
  2⤵
  PID:6648
- C:\Windows\System\UTpsFzI.exe
  C:\Windows\System\UTpsFzI.exe
  2⤵
  PID:6676
- C:\Windows\System\UVUvPAf.exe
  C:\Windows\System\UVUvPAf.exe
  2⤵
  PID:6704
- C:\Windows\System\aaKNJmO.exe
  C:\Windows\System\aaKNJmO.exe
  2⤵
  PID:6732
- C:\Windows\System\dqoecIS.exe
  C:\Windows\System\dqoecIS.exe
  2⤵
  PID:6752
- C:\Windows\System\xkVMZyY.exe
  C:\Windows\System\xkVMZyY.exe
  2⤵
  PID:6780
- C:\Windows\System\nFmKbVg.exe
  C:\Windows\System\nFmKbVg.exe
  2⤵
  PID:6816
- C:\Windows\System\ZnsKvIr.exe
  C:\Windows\System\ZnsKvIr.exe
  2⤵
  PID:6844
- C:\Windows\System\cuvqUrX.exe
  C:\Windows\System\cuvqUrX.exe
  2⤵
  PID:6872
- C:\Windows\System\GskbShy.exe
  C:\Windows\System\GskbShy.exe
  2⤵
  PID:6900
- C:\Windows\System\RBEFRTN.exe
  C:\Windows\System\RBEFRTN.exe
  2⤵
  PID:6928
- C:\Windows\System\uNiZwjC.exe
  C:\Windows\System\uNiZwjC.exe
  2⤵
  PID:6956
- C:\Windows\System\jKcgGIF.exe
  C:\Windows\System\jKcgGIF.exe
  2⤵
  PID:6984
- C:\Windows\System\itXFbTb.exe
  C:\Windows\System\itXFbTb.exe
  2⤵
  PID:7012
- C:\Windows\System\dOxIcBo.exe
  C:\Windows\System\dOxIcBo.exe
  2⤵
  PID:7040
- C:\Windows\System\UAnQGiT.exe
  C:\Windows\System\UAnQGiT.exe
  2⤵
  PID:7068
- C:\Windows\System\YUxwjUD.exe
  C:\Windows\System\YUxwjUD.exe
  2⤵
  PID:7100
- C:\Windows\System\kYNVWtW.exe
  C:\Windows\System\kYNVWtW.exe
  2⤵
  PID:7128
- C:\Windows\System\XVFHuUe.exe
  C:\Windows\System\XVFHuUe.exe
  2⤵
  PID:7156
- C:\Windows\System\cePIxVz.exe
  C:\Windows\System\cePIxVz.exe
  2⤵
  PID:6188
- C:\Windows\System\VYfgorE.exe
  C:\Windows\System\VYfgorE.exe
  2⤵
  PID:6244
- C:\Windows\System\JXfgjsS.exe
  C:\Windows\System\JXfgjsS.exe
  2⤵
  PID:1904
- C:\Windows\System\EjIuyes.exe
  C:\Windows\System\EjIuyes.exe
  2⤵
  PID:6352
- C:\Windows\System\iqCXrDY.exe
  C:\Windows\System\iqCXrDY.exe
  2⤵
  PID:6416
- C:\Windows\System\VwzIqAW.exe
  C:\Windows\System\VwzIqAW.exe
  2⤵
  PID:6468
- C:\Windows\System\ZDdKKrO.exe
  C:\Windows\System\ZDdKKrO.exe
  2⤵
  PID:6624
- C:\Windows\System\OQxuBgr.exe
  C:\Windows\System\OQxuBgr.exe
  2⤵
  PID:6692
- C:\Windows\System\HPGsmmQ.exe
  C:\Windows\System\HPGsmmQ.exe
  2⤵
  PID:6776
- C:\Windows\System\hEdSGtl.exe
  C:\Windows\System\hEdSGtl.exe
  2⤵
  PID:6852
- C:\Windows\System\DPPqcZI.exe
  C:\Windows\System\DPPqcZI.exe
  2⤵
  PID:6912
- C:\Windows\System\AARhZBW.exe
  C:\Windows\System\AARhZBW.exe
  2⤵
  PID:6992
- C:\Windows\System\pCpWBMN.exe
  C:\Windows\System\pCpWBMN.exe
  2⤵
  PID:7052
- C:\Windows\System\czeoUjK.exe
  C:\Windows\System\czeoUjK.exe
  2⤵
  PID:7108
- C:\Windows\System\SCgQtke.exe
  C:\Windows\System\SCgQtke.exe
  2⤵
  PID:6172
- C:\Windows\System\rRynbfG.exe
  C:\Windows\System\rRynbfG.exe
  2⤵
  PID:6272
- C:\Windows\System\dzzleXZ.exe
  C:\Windows\System\dzzleXZ.exe
  2⤵
  PID:5308
- C:\Windows\System\dcYdoXu.exe
  C:\Windows\System\dcYdoXu.exe
  2⤵
  PID:6664
- C:\Windows\System\LRWpPRT.exe
  C:\Windows\System\LRWpPRT.exe
  2⤵
  PID:6800
- C:\Windows\System\VcNfPnW.exe
  C:\Windows\System\VcNfPnW.exe
  2⤵
  PID:6884
- C:\Windows\System\EQMPbtQ.exe
  C:\Windows\System\EQMPbtQ.exe
  2⤵
  PID:7028
- C:\Windows\System\KLkDpqW.exe
  C:\Windows\System\KLkDpqW.exe
  2⤵
  PID:6204
- C:\Windows\System\OkzKoCu.exe
  C:\Windows\System\OkzKoCu.exe
  2⤵
  PID:6644
- C:\Windows\System\oAsTcDR.exe
  C:\Windows\System\oAsTcDR.exe
  2⤵
  PID:6940
- C:\Windows\System\flWlwiu.exe
  C:\Windows\System\flWlwiu.exe
  2⤵
  PID:4320
- C:\Windows\System\vPFsMIN.exe
  C:\Windows\System\vPFsMIN.exe
  2⤵
  PID:6964
- C:\Windows\System\AjpENtR.exe
  C:\Windows\System\AjpENtR.exe
  2⤵
  PID:6424
- C:\Windows\System\UjsaFQv.exe
  C:\Windows\System\UjsaFQv.exe
  2⤵
  PID:7176
- C:\Windows\System\LfWIXyz.exe
  C:\Windows\System\LfWIXyz.exe
  2⤵
  PID:7204
- C:\Windows\System\meXlFYZ.exe
  C:\Windows\System\meXlFYZ.exe
  2⤵
  PID:7236
- C:\Windows\System\iLYBrQj.exe
  C:\Windows\System\iLYBrQj.exe
  2⤵
  PID:7264
- C:\Windows\System\gyLHtAv.exe
  C:\Windows\System\gyLHtAv.exe
  2⤵
  PID:7292
- C:\Windows\System\GZzLqTT.exe
  C:\Windows\System\GZzLqTT.exe
  2⤵
  PID:7320
- C:\Windows\System\gbpjYKk.exe
  C:\Windows\System\gbpjYKk.exe
  2⤵
  PID:7348
- C:\Windows\System\XmqDnpJ.exe
  C:\Windows\System\XmqDnpJ.exe
  2⤵
  PID:7376
- C:\Windows\System\SJXOYPM.exe
  C:\Windows\System\SJXOYPM.exe
  2⤵
  PID:7400
- C:\Windows\System\nnpJgQG.exe
  C:\Windows\System\nnpJgQG.exe
  2⤵
  PID:7436
- C:\Windows\System\OjfIjTP.exe
  C:\Windows\System\OjfIjTP.exe
  2⤵
  PID:7460
- C:\Windows\System\eQWQWqh.exe
  C:\Windows\System\eQWQWqh.exe
  2⤵
  PID:7480
- C:\Windows\System\gQmUchn.exe
  C:\Windows\System\gQmUchn.exe
  2⤵
  PID:7508
- C:\Windows\System\xrKtWFe.exe
  C:\Windows\System\xrKtWFe.exe
  2⤵
  PID:7536
- C:\Windows\System\wrAgFMF.exe
  C:\Windows\System\wrAgFMF.exe
  2⤵
  PID:7568
- C:\Windows\System\WBzkWWT.exe
  C:\Windows\System\WBzkWWT.exe
  2⤵
  PID:7592
- C:\Windows\System\uRjUfMz.exe
  C:\Windows\System\uRjUfMz.exe
  2⤵
  PID:7620
- C:\Windows\System\gBqKbYs.exe
  C:\Windows\System\gBqKbYs.exe
  2⤵
  PID:7648
- C:\Windows\System\QsGYMRs.exe
  C:\Windows\System\QsGYMRs.exe
  2⤵
  PID:7676
- C:\Windows\System\QyeeigH.exe
  C:\Windows\System\QyeeigH.exe
  2⤵
  PID:7704
- C:\Windows\System\BObmnHY.exe
  C:\Windows\System\BObmnHY.exe
  2⤵
  PID:7732
- C:\Windows\System\boDHDPI.exe
  C:\Windows\System\boDHDPI.exe
  2⤵
  PID:7760
- C:\Windows\System\NtYluIO.exe
  C:\Windows\System\NtYluIO.exe
  2⤵
  PID:7788
- C:\Windows\System\tCHsmqy.exe
  C:\Windows\System\tCHsmqy.exe
  2⤵
  PID:7816
- C:\Windows\System\anvKEcr.exe
  C:\Windows\System\anvKEcr.exe
  2⤵
  PID:7844
- C:\Windows\System\rzTFzGk.exe
  C:\Windows\System\rzTFzGk.exe
  2⤵
  PID:7880
- C:\Windows\System\YAgDCTZ.exe
  C:\Windows\System\YAgDCTZ.exe
  2⤵
  PID:7956
- C:\Windows\System\xuVndkv.exe
  C:\Windows\System\xuVndkv.exe
  2⤵
  PID:7988
- C:\Windows\System\moiTNvT.exe
  C:\Windows\System\moiTNvT.exe
  2⤵
  PID:8016
- C:\Windows\System\yabxaqr.exe
  C:\Windows\System\yabxaqr.exe
  2⤵
  PID:8064
- C:\Windows\System\TfzNImO.exe
  C:\Windows\System\TfzNImO.exe
  2⤵
  PID:8084
- C:\Windows\System\modEKbn.exe
  C:\Windows\System\modEKbn.exe
  2⤵
  PID:8120
- C:\Windows\System\dXBhqpM.exe
  C:\Windows\System\dXBhqpM.exe
  2⤵
  PID:8152
- C:\Windows\System\zIRVVva.exe
  C:\Windows\System\zIRVVva.exe
  2⤵
  PID:8168
- C:\Windows\System\WbiOQcf.exe
  C:\Windows\System\WbiOQcf.exe
  2⤵
  PID:7184
- C:\Windows\System\TToRfHc.exe
  C:\Windows\System\TToRfHc.exe
  2⤵
  PID:7248
- C:\Windows\System\CrRNBaF.exe
  C:\Windows\System\CrRNBaF.exe
  2⤵
  PID:7312
- C:\Windows\System\GdsWRaK.exe
  C:\Windows\System\GdsWRaK.exe
  2⤵
  PID:7388
- C:\Windows\System\KmwUcNF.exe
  C:\Windows\System\KmwUcNF.exe
  2⤵
  PID:7444
- C:\Windows\System\kfXkJoP.exe
  C:\Windows\System\kfXkJoP.exe
  2⤵
  PID:7504
- C:\Windows\System\Chfrfbq.exe
  C:\Windows\System\Chfrfbq.exe
  2⤵
  PID:7576
- C:\Windows\System\eRNIwqJ.exe
  C:\Windows\System\eRNIwqJ.exe
  2⤵
  PID:6760
- C:\Windows\System\ZjExuvV.exe
  C:\Windows\System\ZjExuvV.exe
  2⤵
  PID:7696
- C:\Windows\System\BTzqAzN.exe
  C:\Windows\System\BTzqAzN.exe
  2⤵
  PID:7752
- C:\Windows\System\weLiTiT.exe
  C:\Windows\System\weLiTiT.exe
  2⤵
  PID:7828
- C:\Windows\System\FaEtaub.exe
  C:\Windows\System\FaEtaub.exe
  2⤵
  PID:7872
- C:\Windows\System\jleOjmg.exe
  C:\Windows\System\jleOjmg.exe
  2⤵
  PID:4908
- C:\Windows\System\qLPkaBb.exe
  C:\Windows\System\qLPkaBb.exe
  2⤵
  PID:7936
- C:\Windows\System\azWzCrE.exe
  C:\Windows\System\azWzCrE.exe
  2⤵
  PID:2084
- C:\Windows\System\VqRtXAx.exe
  C:\Windows\System\VqRtXAx.exe
  2⤵
  PID:8036
- C:\Windows\System\vksCPkc.exe
  C:\Windows\System\vksCPkc.exe
  2⤵
  PID:3180
- C:\Windows\System\WurzbPl.exe
  C:\Windows\System\WurzbPl.exe
  2⤵
  PID:5272
- C:\Windows\System\DyCuLjB.exe
  C:\Windows\System\DyCuLjB.exe
  2⤵
  PID:3020
- C:\Windows\System\NhqYdKX.exe
  C:\Windows\System\NhqYdKX.exe
  2⤵
  PID:8148
- C:\Windows\System\mYYqEqi.exe
  C:\Windows\System\mYYqEqi.exe
  2⤵
  PID:7228
- C:\Windows\System\btzEnAp.exe
  C:\Windows\System\btzEnAp.exe
  2⤵
  PID:7368
- C:\Windows\System\sLVwqgV.exe
  C:\Windows\System\sLVwqgV.exe
  2⤵
  PID:7492
- C:\Windows\System\WrorXbc.exe
  C:\Windows\System\WrorXbc.exe
  2⤵
  PID:7604
- C:\Windows\System\FlTRkbs.exe
  C:\Windows\System\FlTRkbs.exe
  2⤵
  PID:7216
- C:\Windows\System\CkERawI.exe
  C:\Windows\System\CkERawI.exe
  2⤵
  PID:7856
- C:\Windows\System\BAlPNpg.exe
  C:\Windows\System\BAlPNpg.exe
  2⤵
  PID:1604
- C:\Windows\System\ZkggxRV.exe
  C:\Windows\System\ZkggxRV.exe
  2⤵
  PID:8028
- C:\Windows\System\pnqtRGs.exe
  C:\Windows\System\pnqtRGs.exe
  2⤵
  PID:1688
- C:\Windows\System\USoDHuZ.exe
  C:\Windows\System\USoDHuZ.exe
  2⤵
  PID:5908
- C:\Windows\System\hyMKrUw.exe
  C:\Windows\System\hyMKrUw.exe
  2⤵
  PID:7428
- C:\Windows\System\LMkXZpC.exe
  C:\Windows\System\LMkXZpC.exe
  2⤵
  PID:7688
- C:\Windows\System\aQEKZwL.exe
  C:\Windows\System\aQEKZwL.exe
  2⤵
  PID:1568
- C:\Windows\System\hOVtFYc.exe
  C:\Windows\System\hOVtFYc.exe
  2⤵
  PID:8108
- C:\Windows\System\ijghjnU.exe
  C:\Windows\System\ijghjnU.exe
  2⤵
  PID:2728
- C:\Windows\System\QEOKyWO.exe
  C:\Windows\System\QEOKyWO.exe
  2⤵
  PID:4748
- C:\Windows\System\vDtRiQh.exe
  C:\Windows\System\vDtRiQh.exe
  2⤵
  PID:2736
- C:\Windows\System\TvldOQz.exe
  C:\Windows\System\TvldOQz.exe
  2⤵
  PID:7812
- C:\Windows\System\UQpdFVF.exe
  C:\Windows\System\UQpdFVF.exe
  2⤵
  PID:8212
- C:\Windows\System\NSdlFbB.exe
  C:\Windows\System\NSdlFbB.exe
  2⤵
  PID:8248
- C:\Windows\System\iSeqIEx.exe
  C:\Windows\System\iSeqIEx.exe
  2⤵
  PID:8276
- C:\Windows\System\wHMYnBp.exe
  C:\Windows\System\wHMYnBp.exe
  2⤵
  PID:8312
- C:\Windows\System\HDYyTdS.exe
  C:\Windows\System\HDYyTdS.exe
  2⤵
  PID:8332
- C:\Windows\System\NAJhBQH.exe
  C:\Windows\System\NAJhBQH.exe
  2⤵
  PID:8360
- C:\Windows\System\FojoNla.exe
  C:\Windows\System\FojoNla.exe
  2⤵
  PID:8388
- C:\Windows\System\wgzdbCt.exe
  C:\Windows\System\wgzdbCt.exe
  2⤵
  PID:8416
- C:\Windows\System\ybwdSBd.exe
  C:\Windows\System\ybwdSBd.exe
  2⤵
  PID:8444
- C:\Windows\System\pnRTGKQ.exe
  C:\Windows\System\pnRTGKQ.exe
  2⤵
  PID:8472
- C:\Windows\System\hYcVeqz.exe
  C:\Windows\System\hYcVeqz.exe
  2⤵
  PID:8500
- C:\Windows\System\kLjmEkq.exe
  C:\Windows\System\kLjmEkq.exe
  2⤵
  PID:8528
- C:\Windows\System\oKcZnnG.exe
  C:\Windows\System\oKcZnnG.exe
  2⤵
  PID:8556
- C:\Windows\System\oPcwvIp.exe
  C:\Windows\System\oPcwvIp.exe
  2⤵
  PID:8584
- C:\Windows\System\zHvrEqa.exe
  C:\Windows\System\zHvrEqa.exe
  2⤵
  PID:8612
- C:\Windows\System\ymPksPx.exe
  C:\Windows\System\ymPksPx.exe
  2⤵
  PID:8640
- C:\Windows\System\FPVBvHp.exe
  C:\Windows\System\FPVBvHp.exe
  2⤵
  PID:8668
- C:\Windows\System\MqIZOlG.exe
  C:\Windows\System\MqIZOlG.exe
  2⤵
  PID:8696
- C:\Windows\System\byeOWGG.exe
  C:\Windows\System\byeOWGG.exe
  2⤵
  PID:8736
- C:\Windows\System\upuFqDL.exe
  C:\Windows\System\upuFqDL.exe
  2⤵
  PID:8752
- C:\Windows\System\IlSJggO.exe
  C:\Windows\System\IlSJggO.exe
  2⤵
  PID:8780
- C:\Windows\System\mTNrJsr.exe
  C:\Windows\System\mTNrJsr.exe
  2⤵
  PID:8808
- C:\Windows\System\gDOPBkA.exe
  C:\Windows\System\gDOPBkA.exe
  2⤵
  PID:8840
- C:\Windows\System\AymKARx.exe
  C:\Windows\System\AymKARx.exe
  2⤵
  PID:8864
- C:\Windows\System\cNlkatu.exe
  C:\Windows\System\cNlkatu.exe
  2⤵
  PID:8892
- C:\Windows\System\PLTSlFB.exe
  C:\Windows\System\PLTSlFB.exe
  2⤵
  PID:8920
- C:\Windows\System\PXvqHEW.exe
  C:\Windows\System\PXvqHEW.exe
  2⤵
  PID:8948
- C:\Windows\System\WvAChJV.exe
  C:\Windows\System\WvAChJV.exe
  2⤵
  PID:8976
- C:\Windows\System\LcoTEFB.exe
  C:\Windows\System\LcoTEFB.exe
  2⤵
  PID:9004
- C:\Windows\System\feNTyzv.exe
  C:\Windows\System\feNTyzv.exe
  2⤵
  PID:9032
- C:\Windows\System\xksBIlT.exe
  C:\Windows\System\xksBIlT.exe
  2⤵
  PID:9064
- C:\Windows\System\FJBNuCp.exe
  C:\Windows\System\FJBNuCp.exe
  2⤵
  PID:9092
- C:\Windows\System\cNzzyMW.exe
  C:\Windows\System\cNzzyMW.exe
  2⤵
  PID:9120
- C:\Windows\System\PimVUnj.exe
  C:\Windows\System\PimVUnj.exe
  2⤵
  PID:9148
- C:\Windows\System\JzCnweb.exe
  C:\Windows\System\JzCnweb.exe
  2⤵
  PID:9176
- C:\Windows\System\wtlhfeG.exe
  C:\Windows\System\wtlhfeG.exe
  2⤵
  PID:9204
- C:\Windows\System\LMAiQWT.exe
  C:\Windows\System\LMAiQWT.exe
  2⤵
  PID:8224
- C:\Windows\System\jyDTEUZ.exe
  C:\Windows\System\jyDTEUZ.exe
  2⤵
  PID:8268
- C:\Windows\System\yCeyYUY.exe
  C:\Windows\System\yCeyYUY.exe
  2⤵
  PID:8328
- C:\Windows\System\rJRJTKb.exe
  C:\Windows\System\rJRJTKb.exe
  2⤵
  PID:8400
- C:\Windows\System\rnjPkHc.exe
  C:\Windows\System\rnjPkHc.exe
  2⤵
  PID:8464
- C:\Windows\System\PVWMAEa.exe
  C:\Windows\System\PVWMAEa.exe
  2⤵
  PID:8524
- C:\Windows\System\enuqoZh.exe
  C:\Windows\System\enuqoZh.exe
  2⤵
  PID:8596
- C:\Windows\System\KnDkGYq.exe
  C:\Windows\System\KnDkGYq.exe
  2⤵
  PID:8660
- C:\Windows\System\wxtByvx.exe
  C:\Windows\System\wxtByvx.exe
  2⤵
  PID:8732
- C:\Windows\System\OdtimwH.exe
  C:\Windows\System\OdtimwH.exe
  2⤵
  PID:8744
- C:\Windows\System\xsOmcjS.exe
  C:\Windows\System\xsOmcjS.exe
  2⤵
  PID:8804
- C:\Windows\System\lzmKBMU.exe
  C:\Windows\System\lzmKBMU.exe
  2⤵
  PID:8860
- C:\Windows\System\SIpThUG.exe
  C:\Windows\System\SIpThUG.exe
  2⤵
  PID:8936
- C:\Windows\System\dWPbybD.exe
  C:\Windows\System\dWPbybD.exe
  2⤵
  PID:8996
- C:\Windows\System\QUvVVHI.exe
  C:\Windows\System\QUvVVHI.exe
  2⤵
  PID:9060
- C:\Windows\System\KGdKhSd.exe
  C:\Windows\System\KGdKhSd.exe
  2⤵
  PID:9132
- C:\Windows\System\gDxTjhH.exe
  C:\Windows\System\gDxTjhH.exe
  2⤵
  PID:9196
- C:\Windows\System\nQKWvfO.exe
  C:\Windows\System\nQKWvfO.exe
  2⤵
  PID:5508
- C:\Windows\System\lGuePxU.exe
  C:\Windows\System\lGuePxU.exe
  2⤵
  PID:8428
- C:\Windows\System\hHqCNoA.exe
  C:\Windows\System\hHqCNoA.exe
  2⤵
  PID:8576
- C:\Windows\System\WucshPY.exe
  C:\Windows\System\WucshPY.exe
  2⤵
  PID:8716
- C:\Windows\System\MdJieyB.exe
  C:\Windows\System\MdJieyB.exe
  2⤵
  PID:8832
- C:\Windows\System\FPiFSTj.exe
  C:\Windows\System\FPiFSTj.exe
  2⤵
  PID:8968
- C:\Windows\System\sKvYsbs.exe
  C:\Windows\System\sKvYsbs.exe
  2⤵
  PID:9116
- C:\Windows\System\iwdoiCa.exe
  C:\Windows\System\iwdoiCa.exe
  2⤵
  PID:8324
- C:\Windows\System\ldigksX.exe
  C:\Windows\System\ldigksX.exe
  2⤵
  PID:8688
- C:\Windows\System\XLcYoGf.exe
  C:\Windows\System\XLcYoGf.exe
  2⤵
  PID:8960
- C:\Windows\System\hMrUcEJ.exe
  C:\Windows\System\hMrUcEJ.exe
  2⤵
  PID:8492
- C:\Windows\System\FkzWgfh.exe
  C:\Windows\System\FkzWgfh.exe
  2⤵
  PID:8256
- C:\Windows\System\hzUqIIF.exe
  C:\Windows\System\hzUqIIF.exe
  2⤵
  PID:8888
- C:\Windows\System\NHCReRa.exe
  C:\Windows\System\NHCReRa.exe
  2⤵
  PID:9244
- C:\Windows\System\SrehRcA.exe
  C:\Windows\System\SrehRcA.exe
  2⤵
  PID:9272
- C:\Windows\System\fusACnT.exe
  C:\Windows\System\fusACnT.exe
  2⤵
  PID:9300
- C:\Windows\System\EXIrCrm.exe
  C:\Windows\System\EXIrCrm.exe
  2⤵
  PID:9328
- C:\Windows\System\XBEAuvk.exe
  C:\Windows\System\XBEAuvk.exe
  2⤵
  PID:9356
- C:\Windows\System\jKHTsYf.exe
  C:\Windows\System\jKHTsYf.exe
  2⤵
  PID:9384
- C:\Windows\System\hFOkzVf.exe
  C:\Windows\System\hFOkzVf.exe
  2⤵
  PID:9412
- C:\Windows\System\TvaYpyZ.exe
  C:\Windows\System\TvaYpyZ.exe
  2⤵
  PID:9440
- C:\Windows\System\iRPkmNV.exe
  C:\Windows\System\iRPkmNV.exe
  2⤵
  PID:9468
- C:\Windows\System\woxctYm.exe
  C:\Windows\System\woxctYm.exe
  2⤵
  PID:9496
- C:\Windows\System\AaMtKwY.exe
  C:\Windows\System\AaMtKwY.exe
  2⤵
  PID:9524
- C:\Windows\System\cPyHBPx.exe
  C:\Windows\System\cPyHBPx.exe
  2⤵
  PID:9552
- C:\Windows\System\SotqlRf.exe
  C:\Windows\System\SotqlRf.exe
  2⤵
  PID:9580
- C:\Windows\System\dGtZgio.exe
  C:\Windows\System\dGtZgio.exe
  2⤵
  PID:9608
- C:\Windows\System\zUHJYMq.exe
  C:\Windows\System\zUHJYMq.exe
  2⤵
  PID:9636
- C:\Windows\System\aklVFNM.exe
  C:\Windows\System\aklVFNM.exe
  2⤵
  PID:9664
- C:\Windows\System\xSYzAMy.exe
  C:\Windows\System\xSYzAMy.exe
  2⤵
  PID:9692
- C:\Windows\System\oyrBcgV.exe
  C:\Windows\System\oyrBcgV.exe
  2⤵
  PID:9720
- C:\Windows\System\reRvMuq.exe
  C:\Windows\System\reRvMuq.exe
  2⤵
  PID:9748
- C:\Windows\System\VCcEDtK.exe
  C:\Windows\System\VCcEDtK.exe
  2⤵
  PID:9776
- C:\Windows\System\fuaMikG.exe
  C:\Windows\System\fuaMikG.exe
  2⤵
  PID:9804
- C:\Windows\System\ATZROAr.exe
  C:\Windows\System\ATZROAr.exe
  2⤵
  PID:9832
- C:\Windows\System\TUahgUf.exe
  C:\Windows\System\TUahgUf.exe
  2⤵
  PID:9860
- C:\Windows\System\RqSbUZJ.exe
  C:\Windows\System\RqSbUZJ.exe
  2⤵
  PID:9888
- C:\Windows\System\PodrTWw.exe
  C:\Windows\System\PodrTWw.exe
  2⤵
  PID:9920
- C:\Windows\System\cLYSBSY.exe
  C:\Windows\System\cLYSBSY.exe
  2⤵
  PID:9952
- C:\Windows\System\qQmuOqB.exe
  C:\Windows\System\qQmuOqB.exe
  2⤵
  PID:9980
- C:\Windows\System\sPzJNSM.exe
  C:\Windows\System\sPzJNSM.exe
  2⤵
  PID:10008
- C:\Windows\System\axKezXJ.exe
  C:\Windows\System\axKezXJ.exe
  2⤵
  PID:10036
- C:\Windows\System\zLjhqFf.exe
  C:\Windows\System\zLjhqFf.exe
  2⤵
  PID:10064
- C:\Windows\System\VdYxGHG.exe
  C:\Windows\System\VdYxGHG.exe
  2⤵
  PID:10092
- C:\Windows\System\JTWSXYN.exe
  C:\Windows\System\JTWSXYN.exe
  2⤵
  PID:10120
- C:\Windows\System\cowEnEz.exe
  C:\Windows\System\cowEnEz.exe
  2⤵
  PID:10148
- C:\Windows\System\IvXRANy.exe
  C:\Windows\System\IvXRANy.exe
  2⤵
  PID:10176
- C:\Windows\System\gsoOVWT.exe
  C:\Windows\System\gsoOVWT.exe
  2⤵
  PID:10204
- C:\Windows\System\gbXIzTl.exe
  C:\Windows\System\gbXIzTl.exe
  2⤵
  PID:10232
- C:\Windows\System\TxEiYnI.exe
  C:\Windows\System\TxEiYnI.exe
  2⤵
  PID:9268
- C:\Windows\System\hLSrcAz.exe
  C:\Windows\System\hLSrcAz.exe
  2⤵
  PID:9340
- C:\Windows\System\bJtsUbL.exe
  C:\Windows\System\bJtsUbL.exe
  2⤵
  PID:9404
- C:\Windows\System\SjbTlWD.exe
  C:\Windows\System\SjbTlWD.exe
  2⤵
  PID:9464
- C:\Windows\System\hmFsXYM.exe
  C:\Windows\System\hmFsXYM.exe
  2⤵
  PID:9536
- C:\Windows\System\BJLbwli.exe
  C:\Windows\System\BJLbwli.exe
  2⤵
  PID:9600
- C:\Windows\System\zQKoGBO.exe
  C:\Windows\System\zQKoGBO.exe
  2⤵
  PID:9660
- C:\Windows\System\ayZmgVm.exe
  C:\Windows\System\ayZmgVm.exe
  2⤵
  PID:9716
- C:\Windows\System\BbnHLQA.exe
  C:\Windows\System\BbnHLQA.exe
  2⤵
  PID:9788
- C:\Windows\System\pBwhgRM.exe
  C:\Windows\System\pBwhgRM.exe
  2⤵
  PID:9852
- C:\Windows\System\IBZJnDq.exe
  C:\Windows\System\IBZJnDq.exe
  2⤵
  PID:9916
- C:\Windows\System\iwxrQsA.exe
  C:\Windows\System\iwxrQsA.exe
  2⤵
  PID:9992
- C:\Windows\System\KowrYvH.exe
  C:\Windows\System\KowrYvH.exe
  2⤵
  PID:10112
- C:\Windows\System\VNvBTTY.exe
  C:\Windows\System\VNvBTTY.exe
  2⤵
  PID:10144
- C:\Windows\System\JSnjAJn.exe
  C:\Windows\System\JSnjAJn.exe
  2⤵
  PID:10216
- C:\Windows\System\QRpRLba.exe
  C:\Windows\System\QRpRLba.exe
  2⤵
  PID:9320
- C:\Windows\System\HRgksxN.exe
  C:\Windows\System\HRgksxN.exe
  2⤵
  PID:9460
- C:\Windows\System\vgrJXvF.exe
  C:\Windows\System\vgrJXvF.exe
  2⤵
  PID:9844
- C:\Windows\System\XUhkaKS.exe
  C:\Windows\System\XUhkaKS.exe
  2⤵
  PID:10020
- C:\Windows\System\vhsJngK.exe
  C:\Windows\System\vhsJngK.exe
  2⤵
  PID:10048
- C:\Windows\System\biQBalq.exe
  C:\Windows\System\biQBalq.exe
  2⤵
  PID:9396
- C:\Windows\System\PrSEJaL.exe
  C:\Windows\System\PrSEJaL.exe
  2⤵
  PID:9908
- C:\Windows\System\XbsyEPV.exe
  C:\Windows\System\XbsyEPV.exe
  2⤵
  PID:8056
- C:\Windows\System\GfuTENu.exe
  C:\Windows\System\GfuTENu.exe
  2⤵
  PID:4808
- C:\Windows\System\IVmLpKd.exe
  C:\Windows\System\IVmLpKd.exe
  2⤵
  PID:9656
- C:\Windows\System\MDMynRc.exe
  C:\Windows\System\MDMynRc.exe
  2⤵
  PID:7948
- C:\Windows\System\qViIxUI.exe
  C:\Windows\System\qViIxUI.exe
  2⤵
  PID:7772
- C:\Windows\System\mLNbQOG.exe
  C:\Windows\System\mLNbQOG.exe
  2⤵
  PID:10264
- C:\Windows\System\tMHXuEq.exe
  C:\Windows\System\tMHXuEq.exe
  2⤵
  PID:10292
- C:\Windows\System\zYZlApd.exe
  C:\Windows\System\zYZlApd.exe
  2⤵
  PID:10320
- C:\Windows\System\tBjuNys.exe
  C:\Windows\System\tBjuNys.exe
  2⤵
  PID:10348
- C:\Windows\System\vSwbwcw.exe
  C:\Windows\System\vSwbwcw.exe
  2⤵
  PID:10376
- C:\Windows\System\rUnJanL.exe
  C:\Windows\System\rUnJanL.exe
  2⤵
  PID:10404
- C:\Windows\System\kEBhJSh.exe
  C:\Windows\System\kEBhJSh.exe
  2⤵
  PID:10432
- C:\Windows\System\PJklCgf.exe
  C:\Windows\System\PJklCgf.exe
  2⤵
  PID:10460
- C:\Windows\System\UrZRAKT.exe
  C:\Windows\System\UrZRAKT.exe
  2⤵
  PID:10488
- C:\Windows\System\TXSCHQO.exe
  C:\Windows\System\TXSCHQO.exe
  2⤵
  PID:10516
- C:\Windows\System\TbkgHGS.exe
  C:\Windows\System\TbkgHGS.exe
  2⤵
  PID:10544
- C:\Windows\System\GknUZaS.exe
  C:\Windows\System\GknUZaS.exe
  2⤵
  PID:10572
- C:\Windows\System\bloEYyr.exe
  C:\Windows\System\bloEYyr.exe
  2⤵
  PID:10600
- C:\Windows\System\vhFpqhM.exe
  C:\Windows\System\vhFpqhM.exe
  2⤵
  PID:10628
- C:\Windows\System\BRDeZFE.exe
  C:\Windows\System\BRDeZFE.exe
  2⤵
  PID:10656
- C:\Windows\System\hmKXKNR.exe
  C:\Windows\System\hmKXKNR.exe
  2⤵
  PID:10684
- C:\Windows\System\iRTNfKn.exe
  C:\Windows\System\iRTNfKn.exe
  2⤵
  PID:10712
- C:\Windows\System\XHOWklM.exe
  C:\Windows\System\XHOWklM.exe
  2⤵
  PID:10740
- C:\Windows\System\ZDtbEIG.exe
  C:\Windows\System\ZDtbEIG.exe
  2⤵
  PID:10768
- C:\Windows\System\gOXROla.exe
  C:\Windows\System\gOXROla.exe
  2⤵
  PID:10796
- C:\Windows\System\oaLaFFL.exe
  C:\Windows\System\oaLaFFL.exe
  2⤵
  PID:10824
- C:\Windows\System\EIuODtZ.exe
  C:\Windows\System\EIuODtZ.exe
  2⤵
  PID:10852
- C:\Windows\System\aPvoowS.exe
  C:\Windows\System\aPvoowS.exe
  2⤵
  PID:10880
- C:\Windows\System\eczJbRD.exe
  C:\Windows\System\eczJbRD.exe
  2⤵
  PID:10912
- C:\Windows\System\xfVAmde.exe
  C:\Windows\System\xfVAmde.exe
  2⤵
  PID:10940
- C:\Windows\System\UmTDFAs.exe
  C:\Windows\System\UmTDFAs.exe
  2⤵
  PID:10968
- C:\Windows\System\vpxvmKq.exe
  C:\Windows\System\vpxvmKq.exe
  2⤵
  PID:10996
- C:\Windows\System\qjmgAXK.exe
  C:\Windows\System\qjmgAXK.exe
  2⤵
  PID:11032
- C:\Windows\System\lOWaGRT.exe
  C:\Windows\System\lOWaGRT.exe
  2⤵
  PID:11076
- C:\Windows\System\hibyitk.exe
  C:\Windows\System\hibyitk.exe
  2⤵
  PID:11104
- C:\Windows\System\vwLemYS.exe
  C:\Windows\System\vwLemYS.exe
  2⤵
  PID:11136
- C:\Windows\System\NipdrOb.exe
  C:\Windows\System\NipdrOb.exe
  2⤵
  PID:11164
- C:\Windows\System\FTIPbrA.exe
  C:\Windows\System\FTIPbrA.exe
  2⤵
  PID:11196
- C:\Windows\System\TnrHoha.exe
  C:\Windows\System\TnrHoha.exe
  2⤵
  PID:11228
- C:\Windows\System\fbbUmeI.exe
  C:\Windows\System\fbbUmeI.exe
  2⤵
  PID:11260
- C:\Windows\System\CACvaPA.exe
  C:\Windows\System\CACvaPA.exe
  2⤵
  PID:10332
- C:\Windows\System\xRswZUM.exe
  C:\Windows\System\xRswZUM.exe
  2⤵
  PID:10372
- C:\Windows\System\SghvLPR.exe
  C:\Windows\System\SghvLPR.exe
  2⤵
  PID:10444
- C:\Windows\System\VExhQrw.exe
  C:\Windows\System\VExhQrw.exe
  2⤵
  PID:10508
- C:\Windows\System\UDnwOhg.exe
  C:\Windows\System\UDnwOhg.exe
  2⤵
  PID:10568
- C:\Windows\System\rgSyaJx.exe
  C:\Windows\System\rgSyaJx.exe
  2⤵
  PID:10640
- C:\Windows\System\HvFxfXC.exe
  C:\Windows\System\HvFxfXC.exe
  2⤵
  PID:10680
- C:\Windows\System\RYQgrhN.exe
  C:\Windows\System\RYQgrhN.exe
  2⤵
  PID:10736
- C:\Windows\System\vaegNYv.exe
  C:\Windows\System\vaegNYv.exe
  2⤵
  PID:10816
- C:\Windows\System\NwWkoFc.exe
  C:\Windows\System\NwWkoFc.exe
  2⤵
  PID:10872
- C:\Windows\System\DJWUezF.exe
  C:\Windows\System\DJWUezF.exe
  2⤵
  PID:10936
- C:\Windows\System\aZZIuzE.exe
  C:\Windows\System\aZZIuzE.exe
  2⤵
  PID:11008
- C:\Windows\System\BcfQyqI.exe
  C:\Windows\System\BcfQyqI.exe
  2⤵
  PID:11072
- C:\Windows\System\tcpnCJh.exe
  C:\Windows\System\tcpnCJh.exe
  2⤵
  PID:11128
- C:\Windows\System\IKFMcKQ.exe
  C:\Windows\System\IKFMcKQ.exe
  2⤵
  PID:11192
- C:\Windows\System\UJBOxTX.exe
  C:\Windows\System\UJBOxTX.exe
  2⤵
  PID:876
- C:\Windows\System\XDZHYzb.exe
  C:\Windows\System\XDZHYzb.exe
  2⤵
  PID:10368
- C:\Windows\System\prpjFLt.exe
  C:\Windows\System\prpjFLt.exe
  2⤵
  PID:10536
- C:\Windows\System\WKsZNru.exe
  C:\Windows\System\WKsZNru.exe
  2⤵
  PID:10668
- C:\Windows\System\IcKwAwe.exe
  C:\Windows\System\IcKwAwe.exe
  2⤵
  PID:10732
- C:\Windows\System\vDTnUvv.exe
  C:\Windows\System\vDTnUvv.exe
  2⤵
  PID:10932
- C:\Windows\System\voVNHIj.exe
  C:\Windows\System\voVNHIj.exe
  2⤵
  PID:11096
- C:\Windows\System\hPPgybX.exe
  C:\Windows\System\hPPgybX.exe
  2⤵
  PID:10288
- C:\Windows\System\hxdPHYY.exe
  C:\Windows\System\hxdPHYY.exe
  2⤵
  PID:10596
- C:\Windows\System\iWdluaE.exe
  C:\Windows\System\iWdluaE.exe
  2⤵
  PID:10924
- C:\Windows\System\ifjReNN.exe
  C:\Windows\System\ifjReNN.exe
  2⤵
  PID:11256
- C:\Windows\System\MTmtivs.exe
  C:\Windows\System\MTmtivs.exe
  2⤵
  PID:4152
- C:\Windows\System\MprVxbT.exe
  C:\Windows\System\MprVxbT.exe
  2⤵
  PID:11268
- C:\Windows\System\TblJMkl.exe
  C:\Windows\System\TblJMkl.exe
  2⤵
  PID:11296
- C:\Windows\System\NDtwHBD.exe
  C:\Windows\System\NDtwHBD.exe
  2⤵
  PID:11324
- C:\Windows\System\MLwTUGI.exe
  C:\Windows\System\MLwTUGI.exe
  2⤵
  PID:11352
- C:\Windows\System\DrtLZmV.exe
  C:\Windows\System\DrtLZmV.exe
  2⤵
  PID:11380
- C:\Windows\System\wGNsAKF.exe
  C:\Windows\System\wGNsAKF.exe
  2⤵
  PID:11396
- C:\Windows\System\OrBtUFs.exe
  C:\Windows\System\OrBtUFs.exe
  2⤵
  PID:11436
- C:\Windows\System\ZSOpBED.exe
  C:\Windows\System\ZSOpBED.exe
  2⤵
  PID:11468
- C:\Windows\System\nwOjJig.exe
  C:\Windows\System\nwOjJig.exe
  2⤵
  PID:11496
- C:\Windows\System\FuDQXKG.exe
  C:\Windows\System\FuDQXKG.exe
  2⤵
  PID:11532
- C:\Windows\System\OGcSiXp.exe
  C:\Windows\System\OGcSiXp.exe
  2⤵
  PID:11560
- C:\Windows\System\fOqZXnx.exe
  C:\Windows\System\fOqZXnx.exe
  2⤵
  PID:11588
- C:\Windows\System\emXynjE.exe
  C:\Windows\System\emXynjE.exe
  2⤵
  PID:11620
- C:\Windows\System\FpgYQOi.exe
  C:\Windows\System\FpgYQOi.exe
  2⤵
  PID:11652
- C:\Windows\System\bfvTZAA.exe
  C:\Windows\System\bfvTZAA.exe
  2⤵
  PID:11668
- C:\Windows\System\iwoEreP.exe
  C:\Windows\System\iwoEreP.exe
  2⤵
  PID:11692
- C:\Windows\System\bgrHFyx.exe
  C:\Windows\System\bgrHFyx.exe
  2⤵
  PID:11736
- C:\Windows\System\OmGEyFP.exe
  C:\Windows\System\OmGEyFP.exe
  2⤵
  PID:11772
- C:\Windows\System\XBVxtVe.exe
  C:\Windows\System\XBVxtVe.exe
  2⤵
  PID:11812
- C:\Windows\System\xZWEpZx.exe
  C:\Windows\System\xZWEpZx.exe
  2⤵
  PID:11836
- C:\Windows\System\ZWsrWke.exe
  C:\Windows\System\ZWsrWke.exe
  2⤵
  PID:11864
- C:\Windows\System\TZgMZZO.exe
  C:\Windows\System\TZgMZZO.exe
  2⤵
  PID:11892
- C:\Windows\System\yenvCxr.exe
  C:\Windows\System\yenvCxr.exe
  2⤵
  PID:11920
- C:\Windows\System\upEjIXp.exe
  C:\Windows\System\upEjIXp.exe
  2⤵
  PID:11948
- C:\Windows\System\lOLPRNN.exe
  C:\Windows\System\lOLPRNN.exe
  2⤵
  PID:11976
- C:\Windows\System\wdleseu.exe
  C:\Windows\System\wdleseu.exe
  2⤵
  PID:12008
- C:\Windows\System\mbiSNPT.exe
  C:\Windows\System\mbiSNPT.exe
  2⤵
  PID:12044
- C:\Windows\System\QmvlpJP.exe
  C:\Windows\System\QmvlpJP.exe
  2⤵
  PID:12064
- C:\Windows\System\AMzXymn.exe
  C:\Windows\System\AMzXymn.exe
  2⤵
  PID:12096
- C:\Windows\System\AxlrGKr.exe
  C:\Windows\System\AxlrGKr.exe
  2⤵
  PID:12124
- C:\Windows\System\huFcUGs.exe
  C:\Windows\System\huFcUGs.exe
  2⤵
  PID:12152
- C:\Windows\System\lRSndQD.exe
  C:\Windows\System\lRSndQD.exe
  2⤵
  PID:12180
- C:\Windows\System\QMxLKdC.exe
  C:\Windows\System\QMxLKdC.exe
  2⤵
  PID:12216
- C:\Windows\System\uhLnHfc.exe
  C:\Windows\System\uhLnHfc.exe
  2⤵
  PID:12240
- C:\Windows\System\DCSEWqr.exe
  C:\Windows\System\DCSEWqr.exe
  2⤵
  PID:1296
- C:\Windows\System\WeSsjxH.exe
  C:\Windows\System\WeSsjxH.exe
  2⤵
  PID:11288
- C:\Windows\System\lkPNiqa.exe
  C:\Windows\System\lkPNiqa.exe
  2⤵
  PID:11344
- C:\Windows\System\fzfvuym.exe
  C:\Windows\System\fzfvuym.exe
  2⤵
  PID:11408
- C:\Windows\System\BENNzoK.exe
  C:\Windows\System\BENNzoK.exe
  2⤵
  PID:4404
- C:\Windows\System\fWZcnkv.exe
  C:\Windows\System\fWZcnkv.exe
  2⤵
  PID:11520
- C:\Windows\System\ScvnYfC.exe
  C:\Windows\System\ScvnYfC.exe
  2⤵
  PID:11572
- C:\Windows\System\Uifztng.exe
  C:\Windows\System\Uifztng.exe
  2⤵
  PID:11612
- C:\Windows\System\yoEmOFL.exe
  C:\Windows\System\yoEmOFL.exe
  2⤵
  PID:11664
- C:\Windows\System\loFndgj.exe
  C:\Windows\System\loFndgj.exe
  2⤵
  PID:11764
- C:\Windows\System\HxyjvQa.exe
  C:\Windows\System\HxyjvQa.exe
  2⤵
  PID:11860
- C:\Windows\System\ubNAPQQ.exe
  C:\Windows\System\ubNAPQQ.exe
  2⤵
  PID:11944
- C:\Windows\System\ETEtSZQ.exe
  C:\Windows\System\ETEtSZQ.exe
  2⤵
  PID:11988
- C:\Windows\System\eelJVeM.exe
  C:\Windows\System\eelJVeM.exe
  2⤵
  PID:12056
- C:\Windows\System\VZQyIGB.exe
  C:\Windows\System\VZQyIGB.exe
  2⤵
  PID:12116
- C:\Windows\System\XwxujfZ.exe
  C:\Windows\System\XwxujfZ.exe
  2⤵
  PID:12164
- C:\Windows\System\FknPIMT.exe
  C:\Windows\System\FknPIMT.exe
  2⤵
  PID:12268
- C:\Windows\System\OoSCurh.exe
  C:\Windows\System\OoSCurh.exe
  2⤵
  PID:11372
- C:\Windows\System\qOEGeDc.exe
  C:\Windows\System\qOEGeDc.exe
  2⤵
  PID:11492
- C:\Windows\System\icwTMiE.exe
  C:\Windows\System\icwTMiE.exe
  2⤵
  PID:12072
- C:\Windows\System\lftrkuG.exe
  C:\Windows\System\lftrkuG.exe
  2⤵
  PID:11660
- C:\Windows\System\fHPXphE.exe
  C:\Windows\System\fHPXphE.exe
  2⤵
  PID:11856
- C:\Windows\System\JbsLJyA.exe
  C:\Windows\System\JbsLJyA.exe
  2⤵
  PID:3444
- C:\Windows\System\HaBnTQX.exe
  C:\Windows\System\HaBnTQX.exe
  2⤵
  PID:12088
- C:\Windows\System\auyMbcQ.exe
  C:\Windows\System\auyMbcQ.exe
  2⤵
  PID:12252
- C:\Windows\System\XFuVdXc.exe
  C:\Windows\System\XFuVdXc.exe
  2⤵
  PID:10788
- C:\Windows\System\ephQjZw.exe
  C:\Windows\System\ephQjZw.exe
  2⤵
  PID:11644
- C:\Windows\System\ngSXjlY.exe
  C:\Windows\System\ngSXjlY.exe
  2⤵
  PID:12228
- C:\Windows\System\uDdFBIO.exe
  C:\Windows\System\uDdFBIO.exe
  2⤵
  PID:12052
- C:\Windows\System\cQJMLBY.exe
  C:\Windows\System\cQJMLBY.exe
  2⤵
  PID:4760
- C:\Windows\System\bXtEPbr.exe
  C:\Windows\System\bXtEPbr.exe
  2⤵
  PID:11604
- C:\Windows\System\bydZYPN.exe
  C:\Windows\System\bydZYPN.exe
  2⤵
  PID:3232
- C:\Windows\System\aeXyeCh.exe
  C:\Windows\System\aeXyeCh.exe
  2⤵
  PID:12036
- C:\Windows\System\GTqlbwp.exe
  C:\Windows\System\GTqlbwp.exe
  2⤵
  PID:12272
- C:\Windows\System\YOVvYuj.exe
  C:\Windows\System\YOVvYuj.exe
  2⤵
  PID:11912
- C:\Windows\System\NyFPuLH.exe
  C:\Windows\System\NyFPuLH.exe
  2⤵
  PID:4112
- C:\Windows\System\UIziipP.exe
  C:\Windows\System\UIziipP.exe
  2⤵
  PID:4564
- C:\Windows\System\UcaCsdv.exe
  C:\Windows\System\UcaCsdv.exe
  2⤵
  PID:12304
- C:\Windows\System\bIhyRzY.exe
  C:\Windows\System\bIhyRzY.exe
  2⤵
  PID:12332
- C:\Windows\System\DIyFJUX.exe
  C:\Windows\System\DIyFJUX.exe
  2⤵
  PID:12360
- C:\Windows\System\hXdcAub.exe
  C:\Windows\System\hXdcAub.exe
  2⤵
  PID:12388
- C:\Windows\System\DWTrXEH.exe
  C:\Windows\System\DWTrXEH.exe
  2⤵
  PID:12416
- C:\Windows\System\JnLrsgA.exe
  C:\Windows\System\JnLrsgA.exe
  2⤵
  PID:12444
- C:\Windows\System\OugYyCG.exe
  C:\Windows\System\OugYyCG.exe
  2⤵
  PID:12472
- C:\Windows\System\ODDRvZY.exe
  C:\Windows\System\ODDRvZY.exe
  2⤵
  PID:12500
- C:\Windows\System\qPhfQAF.exe
  C:\Windows\System\qPhfQAF.exe
  2⤵
  PID:12528
- C:\Windows\System\PlJXEvG.exe
  C:\Windows\System\PlJXEvG.exe
  2⤵
  PID:12556
- C:\Windows\System\rueaccD.exe
  C:\Windows\System\rueaccD.exe
  2⤵
  PID:12584
- C:\Windows\System\itxdjYC.exe
  C:\Windows\System\itxdjYC.exe
  2⤵
  PID:12612
- C:\Windows\System\jAmvgRI.exe
  C:\Windows\System\jAmvgRI.exe
  2⤵
  PID:12640
- C:\Windows\System\WSvmtvw.exe
  C:\Windows\System\WSvmtvw.exe
  2⤵
  PID:12672
- C:\Windows\System\sbPSzmQ.exe
  C:\Windows\System\sbPSzmQ.exe
  2⤵
  PID:12700
- C:\Windows\System\FAvyoAq.exe
  C:\Windows\System\FAvyoAq.exe
  2⤵
  PID:12728
- C:\Windows\System\ZhwNgSl.exe
  C:\Windows\System\ZhwNgSl.exe
  2⤵
  PID:12756
- C:\Windows\System\FVKzuzR.exe
  C:\Windows\System\FVKzuzR.exe
  2⤵
  PID:12784
- C:\Windows\System\lrweerj.exe
  C:\Windows\System\lrweerj.exe
  2⤵
  PID:12812
- C:\Windows\System\ZjpPjCh.exe
  C:\Windows\System\ZjpPjCh.exe
  2⤵
  PID:12840
- C:\Windows\System\AWuxSxl.exe
  C:\Windows\System\AWuxSxl.exe
  2⤵
  PID:12868
- C:\Windows\System\ewtNaMC.exe
  C:\Windows\System\ewtNaMC.exe
  2⤵
  PID:12896
- C:\Windows\System\Hajmvuh.exe
  C:\Windows\System\Hajmvuh.exe
  2⤵
  PID:12924
- C:\Windows\System\FiBREXt.exe
  C:\Windows\System\FiBREXt.exe
  2⤵
  PID:12952
- C:\Windows\System\CvpEjtH.exe
  C:\Windows\System\CvpEjtH.exe
  2⤵
  PID:12980
- C:\Windows\System\YzeAazO.exe
  C:\Windows\System\YzeAazO.exe
  2⤵
  PID:13008
- C:\Windows\System\iVFnLIn.exe
  C:\Windows\System\iVFnLIn.exe
  2⤵
  PID:13036
- C:\Windows\System\iBVtgzE.exe
  C:\Windows\System\iBVtgzE.exe
  2⤵
  PID:13064
- C:\Windows\System\ImnTTAf.exe
  C:\Windows\System\ImnTTAf.exe
  2⤵
  PID:13092
- C:\Windows\System\zKDIIaR.exe
  C:\Windows\System\zKDIIaR.exe
  2⤵
  PID:13120
- C:\Windows\System\xBnLCmp.exe
  C:\Windows\System\xBnLCmp.exe
  2⤵
  PID:13148
- C:\Windows\System\ZguUUHa.exe
  C:\Windows\System\ZguUUHa.exe
  2⤵
  PID:13176
- C:\Windows\System\NfrRqDZ.exe
  C:\Windows\System\NfrRqDZ.exe
  2⤵
  PID:13204
- C:\Windows\System\hQUGQJA.exe
  C:\Windows\System\hQUGQJA.exe
  2⤵
  PID:13232
- C:\Windows\System\LrCfGEj.exe
  C:\Windows\System\LrCfGEj.exe
  2⤵
  PID:13260
- C:\Windows\System\LXERWKq.exe
  C:\Windows\System\LXERWKq.exe
  2⤵
  PID:13288
- C:\Windows\System\HLeshNa.exe
  C:\Windows\System\HLeshNa.exe
  2⤵
  PID:12296
- C:\Windows\System\mKspFHG.exe
  C:\Windows\System\mKspFHG.exe
  2⤵
  PID:3432
- C:\Windows\System\RbyLRtm.exe
  C:\Windows\System\RbyLRtm.exe
  2⤵
  PID:12384
- C:\Windows\System\DDifZjP.exe
  C:\Windows\System\DDifZjP.exe
  2⤵
  PID:12436
- C:\Windows\System\LupazPn.exe
  C:\Windows\System\LupazPn.exe
  2⤵
  PID:12464
- C:\Windows\System\GYSqhab.exe
  C:\Windows\System\GYSqhab.exe
  2⤵
  PID:12520
- C:\Windows\System\gVbOZQx.exe
  C:\Windows\System\gVbOZQx.exe
  2⤵
  PID:1068
- C:\Windows\System\XPdQyUd.exe
  C:\Windows\System\XPdQyUd.exe
  2⤵
  PID:12624
- C:\Windows\System\nopbuAH.exe
  C:\Windows\System\nopbuAH.exe
  2⤵
  PID:12668
- C:\Windows\System\EEsnEdP.exe
  C:\Windows\System\EEsnEdP.exe
  2⤵
  PID:12720
- C:\Windows\System\rULAQeV.exe
  C:\Windows\System\rULAQeV.exe
  2⤵
  PID:12768
- C:\Windows\System\JTuplZi.exe
  C:\Windows\System\JTuplZi.exe
  2⤵
  PID:12804
- C:\Windows\System\tDhhdtP.exe
  C:\Windows\System\tDhhdtP.exe
  2⤵
  PID:12852
- C:\Windows\System\xNsWGUC.exe
  C:\Windows\System\xNsWGUC.exe
  2⤵
  PID:12892
- C:\Windows\System\zDcmdDB.exe
  C:\Windows\System\zDcmdDB.exe
  2⤵
  PID:12944
- C:\Windows\System\Frhoztm.exe
  C:\Windows\System\Frhoztm.exe
  2⤵
  PID:12992
- C:\Windows\System\RAnpdTm.exe
  C:\Windows\System\RAnpdTm.exe
  2⤵
  PID:4924
- C:\Windows\System\sWeXkxG.exe
  C:\Windows\System\sWeXkxG.exe
  2⤵
  PID:2352
- C:\Windows\System\plJKIZA.exe
  C:\Windows\System\plJKIZA.exe
  2⤵
  PID:13172
- C:\Windows\System\mUjbiPJ.exe
  C:\Windows\System\mUjbiPJ.exe
  2⤵
  PID:3492
- C:\Windows\System\zsSLDUM.exe
  C:\Windows\System\zsSLDUM.exe
  2⤵
  PID:2432
- C:\Windows\System\rshbsjU.exe
  C:\Windows\System\rshbsjU.exe
  2⤵
  PID:1100
- C:\Windows\System\uSmGdOX.exe
  C:\Windows\System\uSmGdOX.exe
  2⤵
  PID:13284
- C:\Windows\System\UXAjIzf.exe
  C:\Windows\System\UXAjIzf.exe
  2⤵
  PID:4192
- C:\Windows\System\IsARYJs.exe
  C:\Windows\System\IsARYJs.exe
  2⤵
  PID:1600
- C:\Windows\System\crmFBhQ.exe
  C:\Windows\System\crmFBhQ.exe
  2⤵
  PID:3092
- C:\Windows\System\YWQxcNS.exe
  C:\Windows\System\YWQxcNS.exe
  2⤵
  PID:12552
- C:\Windows\System\mXpARMB.exe
  C:\Windows\System\mXpARMB.exe
  2⤵
  PID:12656
- C:\Windows\System\RYCbXsz.exe
  C:\Windows\System\RYCbXsz.exe
  2⤵
  PID:1896
- C:\Windows\System\RDHUJtZ.exe
  C:\Windows\System\RDHUJtZ.exe
  2⤵
  PID:12776
- C:\Windows\System\VPKYEMv.exe
  C:\Windows\System\VPKYEMv.exe
  2⤵
  PID:4532
- C:\Windows\System\uokFmuL.exe
  C:\Windows\System\uokFmuL.exe
  2⤵
  PID:12880
- C:\Windows\System\WIgCiAv.exe
  C:\Windows\System\WIgCiAv.exe
  2⤵
  PID:4188
- C:\Windows\System\jpMFzMX.exe
  C:\Windows\System\jpMFzMX.exe
  2⤵
  PID:13084
- C:\Windows\System\UxLXoIK.exe
  C:\Windows\System\UxLXoIK.exe
  2⤵
  PID:13168
- C:\Windows\System\Ibfkopa.exe
  C:\Windows\System\Ibfkopa.exe
  2⤵
  PID:5128
- C:\Windows\System\cVlekjF.exe
  C:\Windows\System\cVlekjF.exe
  2⤵
  PID:5156
- C:\Windows\System\QpqZXKU.exe
  C:\Windows\System\QpqZXKU.exe
  2⤵
  PID:13308
- C:\Windows\System\gYLzTaS.exe
  C:\Windows\System\gYLzTaS.exe
  2⤵
  PID:2020
- C:\Windows\System\jskuspj.exe
  C:\Windows\System\jskuspj.exe
  2⤵
  PID:2160
- C:\Windows\System\kwORQfm.exe
  C:\Windows\System\kwORQfm.exe
  2⤵
  PID:5256
- C:\Windows\System\VufCOFd.exe
  C:\Windows\System\VufCOFd.exe
  2⤵
  PID:1232
- C:\Windows\System\yxQBEdV.exe
  C:\Windows\System\yxQBEdV.exe
  2⤵
  PID:4880
- C:\Windows\System\SYxPDRz.exe
  C:\Windows\System\SYxPDRz.exe
  2⤵
  PID:12832
- C:\Windows\System\nNHLMmi.exe
  C:\Windows\System\nNHLMmi.exe
  2⤵
  PID:3564
- C:\Windows\System\wywSqSu.exe
  C:\Windows\System\wywSqSu.exe
  2⤵
  PID:13056
- C:\Windows\System\TensWma.exe
  C:\Windows\System\TensWma.exe
  2⤵
  PID:5660
- C:\Windows\System\eaoxEGQ.exe
  C:\Windows\System\eaoxEGQ.exe
  2⤵
  PID:13224
- C:\Windows\System\nIXfVgB.exe
  C:\Windows\System\nIXfVgB.exe
  2⤵
  PID:5208
- C:\Windows\System\HNIpxac.exe
  C:\Windows\System\HNIpxac.exe
  2⤵
  PID:4852
- C:\Windows\System\YTPdsbI.exe
  C:\Windows\System\YTPdsbI.exe
  2⤵
  PID:5848
- C:\Windows\System\hsSEiDr.exe
  C:\Windows\System\hsSEiDr.exe
  2⤵
  PID:5328
- C:\Windows\System\CdZyNOw.exe
  C:\Windows\System\CdZyNOw.exe
  2⤵
  PID:5892
- C:\Windows\System\YlitJnn.exe
  C:\Windows\System\YlitJnn.exe
  2⤵
  PID:5948
- C:\Windows\System\pVYBKYp.exe
  C:\Windows\System\pVYBKYp.exe
  2⤵
  PID:5680
- C:\Windows\System\rSkTWRE.exe
  C:\Windows\System\rSkTWRE.exe
  2⤵
  PID:2320
- C:\Windows\System\CkHcUeS.exe
  C:\Windows\System\CkHcUeS.exe
  2⤵
  PID:6128
- C:\Windows\System\lFgBXRs.exe
  C:\Windows\System\lFgBXRs.exe
  2⤵
  PID:5152
- C:\Windows\System\EORwKaU.exe
  C:\Windows\System\EORwKaU.exe
  2⤵
  PID:5916
- C:\Windows\System\pZliCqN.exe
  C:\Windows\System\pZliCqN.exe
  2⤵
  PID:1608
- C:\Windows\System\dHweVGM.exe
  C:\Windows\System\dHweVGM.exe
  2⤵
  PID:516
- C:\Windows\System\KesgXDD.exe
  C:\Windows\System\KesgXDD.exe
  2⤵
  PID:3112
- C:\Windows\System\rhHxIkM.exe
  C:\Windows\System\rhHxIkM.exe
  2⤵
  PID:5276
- C:\Windows\System\VOXBhom.exe
  C:\Windows\System\VOXBhom.exe
  2⤵
  PID:648
- C:\Windows\System\IjYqiZA.exe
  C:\Windows\System\IjYqiZA.exe
  2⤵
  PID:1816
- C:\Windows\System\AgfcJEc.exe
  C:\Windows\System\AgfcJEc.exe
  2⤵
  PID:1788
- C:\Windows\System\LuWHLvV.exe
  C:\Windows\System\LuWHLvV.exe
  2⤵
  PID:3200
- C:\Windows\System\yoYEOBs.exe
  C:\Windows\System\yoYEOBs.exe
  2⤵
  PID:3436
- C:\Windows\System\ayFjphL.exe
  C:\Windows\System\ayFjphL.exe
  2⤵
  PID:6036
- C:\Windows\System\IGChacR.exe
  C:\Windows\System\IGChacR.exe
  2⤵
  PID:13332
- C:\Windows\System\gTybVXn.exe
  C:\Windows\System\gTybVXn.exe
  2⤵
  PID:13360
- C:\Windows\System\OutoLKM.exe
  C:\Windows\System\OutoLKM.exe
  2⤵
  PID:13388
- C:\Windows\System\MNzCnIR.exe
  C:\Windows\System\MNzCnIR.exe
  2⤵
  PID:13416
- C:\Windows\System\WwQzQSR.exe
  C:\Windows\System\WwQzQSR.exe
  2⤵
  PID:13444
- C:\Windows\System\qefhQvg.exe
  C:\Windows\System\qefhQvg.exe
  2⤵
  PID:13472
- C:\Windows\System\phHhLWB.exe
  C:\Windows\System\phHhLWB.exe
  2⤵
  PID:13500
- C:\Windows\System\OyePsiy.exe
  C:\Windows\System\OyePsiy.exe
  2⤵
  PID:13528
- C:\Windows\System\GarGCQx.exe
  C:\Windows\System\GarGCQx.exe
  2⤵
  PID:13556
- C:\Windows\System\qJAzwum.exe
  C:\Windows\System\qJAzwum.exe
  2⤵
  PID:13584
- C:\Windows\System\nbOveAt.exe
  C:\Windows\System\nbOveAt.exe
  2⤵
  PID:13612
- C:\Windows\System\ydzCuJc.exe
  C:\Windows\System\ydzCuJc.exe
  2⤵
  PID:13640
- C:\Windows\System\orzUzsU.exe
  C:\Windows\System\orzUzsU.exe
  2⤵
  PID:13668
- C:\Windows\System\ZNGFBvd.exe
  C:\Windows\System\ZNGFBvd.exe
  2⤵
  PID:13696
- C:\Windows\System\ZTqnMgb.exe
  C:\Windows\System\ZTqnMgb.exe
  2⤵
  PID:13724
- C:\Windows\System\HrWjmcB.exe
  C:\Windows\System\HrWjmcB.exe
  2⤵
  PID:13752
- C:\Windows\System\sTMuBZt.exe
  C:\Windows\System\sTMuBZt.exe
  2⤵
  PID:13780
- C:\Windows\System\KXTpBDQ.exe
  C:\Windows\System\KXTpBDQ.exe
  2⤵
  PID:13808
- C:\Windows\System\AgccmpH.exe
  C:\Windows\System\AgccmpH.exe
  2⤵
  PID:13836
- C:\Windows\System\SmfYTUW.exe
  C:\Windows\System\SmfYTUW.exe
  2⤵
  PID:13864
- C:\Windows\System\LYLBrYA.exe
  C:\Windows\System\LYLBrYA.exe
  2⤵
  PID:13892
- C:\Windows\System\owCERFJ.exe
  C:\Windows\System\owCERFJ.exe
  2⤵
  PID:13920
- C:\Windows\System\zzvNGWN.exe
  C:\Windows\System\zzvNGWN.exe
  2⤵
  PID:13948
- C:\Windows\System\swgICNk.exe
  C:\Windows\System\swgICNk.exe
  2⤵
  PID:13976
- C:\Windows\System\lhUCksO.exe
  C:\Windows\System\lhUCksO.exe
  2⤵
  PID:14008
- C:\Windows\System\WXzmGIe.exe
  C:\Windows\System\WXzmGIe.exe
  2⤵
  PID:14036
- C:\Windows\System\FIbXbPb.exe
  C:\Windows\System\FIbXbPb.exe
  2⤵
  PID:14064
- C:\Windows\System\NqOUuUG.exe
  C:\Windows\System\NqOUuUG.exe
  2⤵
  PID:14092
- C:\Windows\System\lMRqHnZ.exe
  C:\Windows\System\lMRqHnZ.exe
  2⤵
  PID:14120
- C:\Windows\System\dYojaPY.exe
  C:\Windows\System\dYojaPY.exe
  2⤵
  PID:14148
- C:\Windows\System\Xpsuhsn.exe
  C:\Windows\System\Xpsuhsn.exe
  2⤵
  PID:14176
- C:\Windows\System\giIVLoZ.exe
  C:\Windows\System\giIVLoZ.exe
  2⤵
  PID:14204
- C:\Windows\System\LFGOSGC.exe
  C:\Windows\System\LFGOSGC.exe
  2⤵
  PID:14232
- C:\Windows\System\QaZaHfI.exe
  C:\Windows\System\QaZaHfI.exe
  2⤵
  PID:14268
- C:\Windows\System\BJtaFjk.exe
  C:\Windows\System\BJtaFjk.exe
  2⤵
  PID:14296
- C:\Windows\System\oaohKJf.exe
  C:\Windows\System\oaohKJf.exe
  2⤵
  PID:13372
- C:\Windows\System\FQERICI.exe
  C:\Windows\System\FQERICI.exe
  2⤵
  PID:13436
- C:\Windows\System\hBwkWZM.exe
  C:\Windows\System\hBwkWZM.exe
  2⤵
  PID:13524
- C:\Windows\System\YQSOIWD.exe
  C:\Windows\System\YQSOIWD.exe
  2⤵
  PID:4068
- C:\Windows\System\ijxpDPz.exe
  C:\Windows\System\ijxpDPz.exe
  2⤵
  PID:13624
- C:\Windows\System\IrJFuab.exe
  C:\Windows\System\IrJFuab.exe
  2⤵
  PID:13660
- C:\Windows\System\oLboAAp.exe
  C:\Windows\System\oLboAAp.exe
  2⤵
  PID:13708
- C:\Windows\System\cMBDJDb.exe
  C:\Windows\System\cMBDJDb.exe
  2⤵
  PID:5844
- C:\Windows\System\SbAENqU.exe
  C:\Windows\System\SbAENqU.exe
  2⤵
  PID:13764
- C:\Windows\System\wUzHMeB.exe
  C:\Windows\System\wUzHMeB.exe
  2⤵
  PID:5996
- C:\Windows\System\jWiMsRU.exe
  C:\Windows\System\jWiMsRU.exe
  2⤵
  PID:2800
- C:\Windows\System\IczhtSV.exe
  C:\Windows\System\IczhtSV.exe
  2⤵
  PID:13888
- C:\Windows\System\jGFXPlp.exe
  C:\Windows\System\jGFXPlp.exe
  2⤵
  PID:1504
- C:\Windows\System\nKBDUDx.exe
  C:\Windows\System\nKBDUDx.exe
  2⤵
  PID:13972
- C:\Windows\System\oXQGmLt.exe
  C:\Windows\System\oXQGmLt.exe
  2⤵
  PID:14028
- C:\Windows\System\qbdMEwi.exe
  C:\Windows\System\qbdMEwi.exe
  2⤵
  PID:5984
- C:\Windows\System\cbZIcQE.exe
  C:\Windows\System\cbZIcQE.exe
  2⤵
  PID:14116
- C:\Windows\System\ChyIEmd.exe
  C:\Windows\System\ChyIEmd.exe
  2⤵
  PID:14188
- C:\Windows\System\JiGxlYj.exe
  C:\Windows\System\JiGxlYj.exe
  2⤵
  PID:5852
- C:\Windows\System\IEkNNvj.exe
  C:\Windows\System\IEkNNvj.exe
  2⤵
  PID:6168
- C:\Windows\System\ivbbHfg.exe
  C:\Windows\System\ivbbHfg.exe
  2⤵
  PID:13464
- C:\Windows\System\lIVjeTm.exe
  C:\Windows\System\lIVjeTm.exe
  2⤵
  PID:6260
- C:\Windows\System\SXQqsjc.exe
  C:\Windows\System\SXQqsjc.exe
  2⤵
  PID:13596
- C:\Windows\System\YcIBUka.exe
  C:\Windows\System\YcIBUka.exe
  2⤵
  PID:13688
- C:\Windows\System\xombhgM.exe
  C:\Windows\System\xombhgM.exe
  2⤵
  PID:6372
- C:\Windows\System\lgnSWIK.exe
  C:\Windows\System\lgnSWIK.exe
  2⤵
  PID:13772
- C:\Windows\System\mwQvwWp.exe
  C:\Windows\System\mwQvwWp.exe
  2⤵
  PID:13800
- C:\Windows\System\IHcahat.exe
  C:\Windows\System\IHcahat.exe
  2⤵
  PID:14004
- C:\Windows\System\mUjYjkb.exe
  C:\Windows\System\mUjYjkb.exe
  2⤵
  PID:2704
- C:\Windows\System\kjJgjmn.exe
  C:\Windows\System\kjJgjmn.exe
  2⤵
  PID:6544
- C:\Windows\System\wuunOus.exe
  C:\Windows\System\wuunOus.exe
  2⤵
  PID:4608
- C:\Windows\System\fnQFskU.exe
  C:\Windows\System\fnQFskU.exe
  2⤵
  PID:2028
- C:\Windows\System\xfLfNUV.exe
  C:\Windows\System\xfLfNUV.exe
  2⤵
  PID:13968
- C:\Windows\System\abrXRcN.exe
  C:\Windows\System\abrXRcN.exe
  2⤵
  PID:13032
- C:\Windows\System\nOFBdTY.exe
  C:\Windows\System\nOFBdTY.exe
  2⤵
  PID:6768

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OTA3QzNGNzktMzgzOS00NTQ4LUJBQjYtOUVDQjA5MDNDNkZEfSIgdXNlcmlkPSJ7N0E3ODlGRTQtMEIxMC00NzM4LUE4REQtQkNERUU0NTI4QThFfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MEJEOUQ4NTgtOTlGQi00RUM3LThGRTAtOTM3Q0ZFQzRFRDdEfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI5IiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDY4ODkiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxOTM2NTgwOTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MzI1MTM5MTg4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:11504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CBMpzHQ.exe

Filesize
6.0MB

MD5
582d6ac343a5c50ccaca8979b2815918

SHA1
834879a53bf5e99197995bb746754a1c236b32e0

SHA256
1195bb5b2216b614e0ea4caf74d8048ee979251239193b6e63f86ec8c406de3a

SHA512
0a717c7c1fb9927ff26b6dbf5176087714bf289ce5b4340591d2e069feb3e54af800548f6375a8bba39233ee7107830799ca00cdc634460c496dc0cccda9a7e9

Download Submit
C:\Windows\System\DKBnPuA.exe

Filesize
6.0MB

MD5
805bed9d1d44fffc009794beb971c27d

SHA1
304bc41e2e6f1f6d87a736b2acdcd3ae06a3d072

SHA256
9874ecad8f6b9f09626615077249efe5544ea7d03e8abb5c221e6804954eb841

SHA512
6efd2b715107016d00c2090704e2007a6a54d5262fc77460e6ed94b5d95fb493a4d567e5aeaeeb6e48b04848aa22c5b95785eccb4a638127591e0a0b720482df

Download Submit
C:\Windows\System\EASaUMi.exe

Filesize
6.0MB

MD5
a615e1c2d048a1d7eccb66af0a98e227

SHA1
0d0f8c5eacb8fd96c13357c26ef9cb9e047d7b98

SHA256
9106ad675fb23acd61ebdf9075dce237b8de2c20b16c0855182f1b0effcd3d84

SHA512
ac648bdd8a67c8402a16cccca2b02107d3b7f1d1861774581791eff4ff0a3efdf7c5d3302c55eccfece82af3a2c267eb3206f5a495f5104cbae90c1bb075bd6b

Download Submit
C:\Windows\System\GfsnecG.exe

Filesize
6.0MB

MD5
d99d3af06ca77073003f38e6db005cad

SHA1
5aee9ccae10657f4fdb40478ccc86e5df17186bd

SHA256
1a56f6d23279de16700966789563a67d67a400c92867c47b7c837ac1b05389e2

SHA512
ed37501315b958183cabade61e7d591b51f8279497a4122c926f289f7a4ca945153bab38e988211a6b1e82f096971155f5997dbf860ebb30d77d37331bfe6404

Download Submit
C:\Windows\System\GzbhHaG.exe

Filesize
6.0MB

MD5
3327db6b180a50d070de211e3f2b4ca5

SHA1
8f21a514904ad62cb75250000c231e92edf115e3

SHA256
9f2e4a540b9beaa486c1dce144bb8cd280080ad19c67df54cb25056c92b25719

SHA512
2f0d061d794fceb1f6f1b39896acab8a483e68d4787e872767cc90e76dbab9c9314bebb19c1e80de9e1e723bb476547d660762f6a38da0a367c58d028243e9bc

Download Submit
C:\Windows\System\HnSNcxB.exe

Filesize
6.0MB

MD5
7be0db6fef8ddecf854a1a9d3f669701

SHA1
adfbdbd0d511da4d7bf475ee5f0aae9624dc0b77

SHA256
2023a20524448967081ad4d129b6506684aae135892443dc47b6ca653c16bf24

SHA512
da48e5ddda0b3a9830aac14ff01dd179d425cf4180740af9bfa024c432a33139800f83c275a3e93c4ea184da7f791925a85945c61275747fdd9f0525de2322dc

Download Submit
C:\Windows\System\HrNsUCk.exe

Filesize
6.0MB

MD5
de93d9be0939ee617226c9a435bbdeb0

SHA1
1d727008ba4c2f711a75b19ec1eb40b87fad33c0

SHA256
16314c96b9c14da1985a4938a95e724b40da5c3fe6043910b4da0f3ec1ca407e

SHA512
1b3f0cb9073f98ac6d207eb579420da7768e2525b988caa692b522f30a5d51bf86c9e028c223729dd1b8da16cf7c380f64e234512850397d89efff882688f117

Download Submit
C:\Windows\System\JlDprIy.exe

Filesize
6.0MB

MD5
80013fe9d16106026bbda10f7aa29ce5

SHA1
bc56e39832031dfe9c1a38c548eff552b7cb2d62

SHA256
99867f5e1e593e1c0abdec8684c5d82f52c57b77fc78d6a2468da8596be38a30

SHA512
4a30ba5701f072255c224447c73b144dd961782fa47218bb5b012ab639d3763d5dab41976b04ecdde931227a465dcd698539ee0f6afee34e8673183f9b883cde

Download Submit
C:\Windows\System\LvFIavg.exe

Filesize
6.0MB

MD5
6d81b29d87e0048b4d5ad762ccf8c800

SHA1
cdf47be705857e2f7d65f668700c9b64a323f711

SHA256
fcfcfa022aa69da8756b61418cc10372f84c17bf3d5d16e1ba989cbdfa753332

SHA512
52c40d11659c988c59efaa4506eea362e13f530c58ce0cecfb0eaa8dc48e151f925b54dce9886c4ace393f2dd2c72c64bbcc3cf9fd5ccd1807141a8273530032

Download Submit
C:\Windows\System\OcOzKlH.exe

Filesize
6.0MB

MD5
57c98270c11acf54cd7e68588b6194bb

SHA1
1240ad56f823cc02ecffd949b288057e8d6c42a6

SHA256
5f210a37f83352f261c2a30f433f94ebfe9de66d63157f0ab2623474a83d1e42

SHA512
1910cd714bd46c6896f30fa37ca77b2104f9d452354087a01aef712b638c9ac65ca6025070778a889bc3f76d53faca8cb8f8a426982f400c6ad344607d60ae47

Download Submit
C:\Windows\System\OllgYBt.exe

Filesize
6.0MB

MD5
2c9696e0fadd15065208d3725da5457a

SHA1
aa2597d0c049611ca28b2ee7c9dc87c4c1bc13c2

SHA256
04236120d009327464442d65f9fbd9b2f36e013f88fe7ae695218c94ab27bc46

SHA512
6829a3a1afd58a24aad6f4ff5e08c2edc3c4d90167586d351cb505c628993feeb5e556209d1070d728c3b72c4c72f6e4ef0eb153eb1cfbd608c757aeaf7a7446

Download Submit
C:\Windows\System\SSBnLyx.exe

Filesize
6.0MB

MD5
80ecebf68258cf69dc6d44d2adc43d63

SHA1
f37a20c9afa7e0c0812d111ec18a54dede430427

SHA256
4b4d574800ec4de173e134d7d67b9a8e6a0e401cc5a1b9205b9319c547671f48

SHA512
be6858ab87155d2e91b60640146553a2fae2922aa2c353eb38d69f2f7c07e327fc1f483f07413ce70870ca91117f84618cebb236a33a58a3fd901d81cdafee6c

Download Submit
C:\Windows\System\TazXITb.exe

Filesize
6.0MB

MD5
20a5ae8dcdf508ac82ced3c43759eafe

SHA1
a6291e799906de01ce1f3017ad60c470f61fba6e

SHA256
4733092e837854cdf1ea5f40dcc8c8aa50e2c2e1da3f11caf471976721cbab63

SHA512
9476757fe450074b9fb72ee90ac0f29100f37df3d875fb296a78c3da1bee2bd164a0f13e8976cf67518187bc26f407c75795be7adec1cee7b04205556e1fe258

Download Submit
C:\Windows\System\WMOwzTu.exe

Filesize
6.0MB

MD5
5832de2ce17bd39015e0a0f39a9f5b3a

SHA1
f4cffe507fa3294ccb4051dc82ea2e4bf2f565ec

SHA256
4935962fd378169602104b222a9cee64e78f5f53623c3b6509fed313a6411e08

SHA512
9b467467f67e7fc9a942ac25650f647bdb359137bab2548ed6c4075f1df7c4d510125232ae5c43594fb780f502cd99b671ef6f7565e288fa6d817995be96deb8

Download Submit
C:\Windows\System\YZhpGlN.exe

Filesize
6.0MB

MD5
e96179ebaf5c1adc43ce89409e1459e9

SHA1
4ee99a0781d35c9dc5526c5523f9ded8f09848ea

SHA256
d2c37e00a48fedb6e188be5eb563c4fc80d7f00300f13f912f0e2a1c091e651e

SHA512
0a33d80bcff45dad6741384dc152c38f63995bd35c052ff92e62c75006d65f29bb8f3b753c2e896e2ed68a59fceaad1703ecc14137033be8aa9dd60d163d2641

Download Submit
C:\Windows\System\cPzJrYQ.exe

Filesize
6.0MB

MD5
3380a0264e178fa3908272edcb1a8027

SHA1
eaa742bfb0b48e826c5bb9515fd07eb2f7ccc618

SHA256
646b38aad19ca668c2d5418b74b8d58b5f4f749e93294345f362e2296486b032

SHA512
d349d3d6e44a070c51d04f2efb565fad29d16d85618e461abc63d5de64314f81391e909902d0d9b7e87147585e4ca857dce987ccf64fd5a5f3b4eb68855179c1

Download Submit
C:\Windows\System\fRhleaX.exe

Filesize
6.0MB

MD5
96d5676ddb9144b48539bcb25e4f9f31

SHA1
effae6d5a87724687e81d2ff7d76402db1e9cc87

SHA256
08893a7b9d6ce14e5dc1c02fa18a74c1fc3e705a6b8aceaa1ca863db99db9554

SHA512
2be4639273c20de9d2e90294b9674dfc628651147d6510d6dd234fe4690c127ab1661985d62a9f72766a64dae4ac4f0dd19b0b507a28bffe6a015ce05c58026a

Download Submit
C:\Windows\System\fwcQNxm.exe

Filesize
6.0MB

MD5
98a81bbfd83b80190792b4acb8219fe4

SHA1
cbe23efaada844b605d6764b4f81dea2ebdbad33

SHA256
15b6907827f08c0e8f69603f29b645ca07cf92bee3b884e6bcf4925c83695596

SHA512
3ff96332f17a8e7207ea290594bfd6c3d9592bd07a74849f34c521dbb5fff938acf4ee3e093ee95ced2dad3aca63fa957108c558f3efdf7b88424e4b9b1d9aee

Download Submit
C:\Windows\System\gvJEwll.exe

Filesize
6.0MB

MD5
77ca57597fa42ab4174b120aa22e3d7f

SHA1
8c6da124a888a515b5fb3017c73d049a73237af7

SHA256
14035e497bc8abace0db803f92186b68a263525e4adb41de44fc854b61e9c464

SHA512
3175adca210e07b2cdcb9370db2db023083795034b05c59c8e2212e36418cda0c4efd805e32b94afc8443417b7607cacd86dbbaeaf0188266c83fb2d0d6d872d

Download Submit
C:\Windows\System\jEmSaOc.exe

Filesize
6.0MB

MD5
07e9e0af7a3b057951c5afe00b338ed4

SHA1
473ce890879560ded81a90e2060b6ee78aee3a46

SHA256
0e20ad403d32108b391ce81c0c873adb01ef0dc04578fd489e814d26344f66ee

SHA512
91a42790dea2945146439bf02fef6fb52c5a599a0ed2d8edda0d20790bd3d87eb201b700e7814174e5e046160d201bac952ef51b8b900e9e8de32f38ac50562a

Download Submit
C:\Windows\System\jIsoYlU.exe

Filesize
6.0MB

MD5
c5b880a96c20ff94ccd393284e4cfdf5

SHA1
55f10d2a49bc3294b8b0f4c8e0179b1487777c09

SHA256
c950bf2300dd7ad85edf482cc8f8a95ee875eaf5f81cd399058ae12abef8038e

SHA512
c4fabf932fd50e2b80c890d467d3b01d5681e5f3dd22d8944c24b7e3d6e9ecb70fdaa66926614b4613891a63c589f17a467b1cef32ee2d8af6dbfaba8f54a7f9

Download Submit
C:\Windows\System\jcdLFjL.exe

Filesize
6.0MB

MD5
5596a291383f9d66ce31a956bf9ba698

SHA1
ae97e66ec8efa3aa8dbb89844a84df3d14563d07

SHA256
429d1b2df0077cbc5e6d8dbad96103d0fb0cacfa810a1ebbb1d2f323b1702131

SHA512
1623d71165f59d4364cd53a6fe3f79a5b1b5da967f715a33315164199320e33817e979ffd35426eb0cbe5e4e6be3b9cef5ebea617171b9ba0b4cf50d62c6edb6

Download Submit
C:\Windows\System\jxahxug.exe

Filesize
6.0MB

MD5
eefc2f15faa34aeebb4deab956b25c5b

SHA1
6a11e602afc9eb73bf2d0cd6fc084b2584f66f38

SHA256
f51eb6e6d8bfd3673cbc427cc1e126df985a6f2a8777e6d502c0abcf1491cd37

SHA512
334b1572c77a73f351edbbe134ef70727d01ceb1453d36196420286d7dc786c3f772912b1e424d3d62f84b7786788f45fc897bcbf5e2d1b966804f3983d09ce8

Download Submit
C:\Windows\System\nWwEkjm.exe

Filesize
6.0MB

MD5
412a523c7d9291edce6a437d1fe2c8da

SHA1
57727c23aa0e1017834373b6682dce24f9beceb8

SHA256
4fa1121aad72ad1a4fb221c6a2fc44f58093a08ba8a089ca0498995b729dc8b2

SHA512
9c07ae06c0ee9cd3dc1069f194e9de5990c9b276cd70bfadda4dbd58df533c4473ad9e303b339daa8f2e5ccb5c620b9ad334ddeb2166574e15d821dc2dd0b7e6

Download Submit
C:\Windows\System\rHUryGY.exe

Filesize
6.0MB

MD5
088da2699a7a386a9e1d41f1cb4b3e63

SHA1
0b922f56060af5886f823f72d9647f53601a27d2

SHA256
18e1aebe97fdbdb259927a986d07deb6363c461103b02e0b3f8aa08f42299576

SHA512
5871348ea35687903f707e7d0b0175ddfb7472030fb8a42a3486d2b9b74be76ff1a0012607f208d879f9b8734db00760fd11f27c4b4792ea1e21df3f33986d45

Download Submit
C:\Windows\System\rYavJFU.exe

Filesize
6.0MB

MD5
02f9df09ad4b26ab19814c8f739205e5

SHA1
02964f17b6e92977acdebd9ab493336ddc2074be

SHA256
71d778cbbc13920461eef805376e5e9417a4ec25dd0fa2d986de4c3fa4b30d41

SHA512
d425e3f86396934f1ed297dcca31f837ea2512251aab52e221e156b96e2a84d668c9619ffb0f563ebb394079ed97a8414455418c94ed48e7b7590c7f37797661

Download Submit
C:\Windows\System\tlPJwgH.exe

Filesize
6.0MB

MD5
0e372da18857a391c33f7fc8762a88c3

SHA1
697ef344397f6149d2da6019ec748542543d962d

SHA256
5d55d0ea4dd711d12780c7b7c3610c76bf1e456b0058cb005486734de4f08412

SHA512
f83585376de400d42970b6644363997e3c5303821b7d9c99deb1a5798572ae763600aeb9c031cd0a13142b4b257e57df0b4a0c49172975d0fa189a20cb098a43

Download Submit
C:\Windows\System\tqKaKpD.exe

Filesize
6.0MB

MD5
bd79b2f628fe3538dea09c4d5de8aef4

SHA1
b3cc044afd01a495ce772e71988b8b63defbe41e

SHA256
8c6c6d9fdbc5951afe7ad7ae50eea74fe9523801c6210a6d8f90fee516c8f7a9

SHA512
f0c4c041f2f1dbdd37b5798029c0c63fe168db31c7abd87e3bd6ab6b594386cc4821badb8748cacc2578a115521dd1658883b2f0ba65af7d75eeeb343e600a81

Download Submit
C:\Windows\System\tsYykmL.exe

Filesize
6.0MB

MD5
ff90968cea8bbe65777b784909e9e4b8

SHA1
b699578ef041003501704c556982e8f0e2c9275f

SHA256
c9c2741d5a721a0c6913307a6d629a59cb4aa236cd61cde9cde1d3cb54b94237

SHA512
9a53fad7be138a73dcd8baf0ab85623712b0e0d2a804bfc316e10bc53b19a7807fef17e3acd90829be5cc46d39be84b18411b4a859f9c0e40b5e9aed96cc6072

Download Submit
C:\Windows\System\yAFbLOt.exe

Filesize
6.0MB

MD5
cd08205e67dcb46b0b22c70fba0c3c8a

SHA1
fddf33d99f6abadcf361d639e7dbd10e7e9e0380

SHA256
7ebc10eac37e306ab017b38dcc759d19ba66744197d9e18b465ee10a2dc5f952

SHA512
e197e8c92cd520877e1ef7efd872b2ad378b207964f2ec940da61b395ee4067a7cad1a88a4359eff0b72a4a60ab7ceffa2019c414a8f0de9da3515c8fb19b930

Download Submit
C:\Windows\System\yKwcXqV.exe

Filesize
6.0MB

MD5
90be0a6103cda05f5c06cf7620d78b95

SHA1
5916be9a4f3e95ad1e357467c7c824dd4208d4aa

SHA256
9a6063ff97afd3d7cdd357f2b6d60ba7dc22cd44931b36208f6df30fd8e1a111

SHA512
70f90d9cc360a34de4161f60164fc2b57e04c6c85335b1dfb89992277538e62c02404cadc2847ee4557ac6ceb8717c232ae4c1b2f30b97a7d182e080023b5141

Download Submit
C:\Windows\System\zCsLXUk.exe

Filesize
6.0MB

MD5
ff811e62804180c865472f2ae97f3ef7

SHA1
01d28f03e7074e57082897c84cace1a97e428a9a

SHA256
b5d164072c4396f9ab4b50ff336feaba2645a9a133f199746840395ff26c44c1

SHA512
f96988dd17c7be5918c64411a22e4fd4d5827f65da32199fdfb7890792b56cfebb87d9427a95cb8dba710eaa694b5778851eb045189f5beb4fdaefd914aa19f8

Download Submit
memory/100-47-0x00007FF7B7D90000-0x00007FF7B80E4000-memory.dmp

Filesize
3.3MB

Download
memory/100-125-0x00007FF7B7D90000-0x00007FF7B80E4000-memory.dmp

Filesize
3.3MB

Download
memory/100-1518-0x00007FF7B7D90000-0x00007FF7B80E4000-memory.dmp

Filesize
3.3MB

Download
memory/316-1579-0x00007FF681BF0000-0x00007FF681F44000-memory.dmp

Filesize
3.3MB

Download
memory/316-149-0x00007FF681BF0000-0x00007FF681F44000-memory.dmp

Filesize
3.3MB

Download
memory/316-85-0x00007FF681BF0000-0x00007FF681F44000-memory.dmp

Filesize
3.3MB

Download
memory/588-1637-0x00007FF682D10000-0x00007FF683064000-memory.dmp

Filesize
3.3MB

Download
memory/588-180-0x00007FF682D10000-0x00007FF683064000-memory.dmp

Filesize
3.3MB

Download
memory/588-120-0x00007FF682D10000-0x00007FF683064000-memory.dmp

Filesize
3.3MB

Download
memory/760-281-0x00007FF7645B0000-0x00007FF764904000-memory.dmp

Filesize
3.3MB

Download
memory/760-2032-0x00007FF7645B0000-0x00007FF764904000-memory.dmp

Filesize
3.3MB

Download
memory/760-159-0x00007FF7645B0000-0x00007FF764904000-memory.dmp

Filesize
3.3MB

Download
memory/784-2217-0x00007FF7703E0000-0x00007FF770734000-memory.dmp

Filesize
3.3MB

Download
memory/784-487-0x00007FF7703E0000-0x00007FF770734000-memory.dmp

Filesize
3.3MB

Download
memory/784-188-0x00007FF7703E0000-0x00007FF770734000-memory.dmp

Filesize
3.3MB

Download
memory/920-138-0x00007FF686D50000-0x00007FF6870A4000-memory.dmp

Filesize
3.3MB

Download
memory/920-203-0x00007FF686D50000-0x00007FF6870A4000-memory.dmp

Filesize
3.3MB

Download
memory/920-2025-0x00007FF686D50000-0x00007FF6870A4000-memory.dmp

Filesize
3.3MB

Download
memory/976-54-0x00007FF72E2F0000-0x00007FF72E644000-memory.dmp

Filesize
3.3MB

Download
memory/976-1-0x00000215834F0000-0x0000021583500000-memory.dmp

Filesize
64KB

Download
memory/976-0-0x00007FF72E2F0000-0x00007FF72E644000-memory.dmp

Filesize
3.3MB

Download
memory/2040-126-0x00007FF61FF50000-0x00007FF6202A4000-memory.dmp

Filesize
3.3MB

Download
memory/2040-186-0x00007FF61FF50000-0x00007FF6202A4000-memory.dmp

Filesize
3.3MB

Download
memory/2040-1642-0x00007FF61FF50000-0x00007FF6202A4000-memory.dmp

Filesize
3.3MB

Download
memory/2208-107-0x00007FF7BE950000-0x00007FF7BECA4000-memory.dmp

Filesize
3.3MB

Download
memory/2208-1589-0x00007FF7BE950000-0x00007FF7BECA4000-memory.dmp

Filesize
3.3MB

Download
memory/2208-173-0x00007FF7BE950000-0x00007FF7BECA4000-memory.dmp

Filesize
3.3MB

Download
memory/2452-66-0x00007FF7ED040000-0x00007FF7ED394000-memory.dmp

Filesize
3.3MB

Download
memory/2452-1425-0x00007FF7ED040000-0x00007FF7ED394000-memory.dmp

Filesize
3.3MB

Download
memory/2452-12-0x00007FF7ED040000-0x00007FF7ED394000-memory.dmp

Filesize
3.3MB

Download
memory/2500-156-0x00007FF69B410000-0x00007FF69B764000-memory.dmp

Filesize
3.3MB

Download
memory/2500-1582-0x00007FF69B410000-0x00007FF69B764000-memory.dmp

Filesize
3.3MB

Download
memory/2500-97-0x00007FF69B410000-0x00007FF69B764000-memory.dmp

Filesize
3.3MB

Download
memory/2984-1568-0x00007FF624F50000-0x00007FF6252A4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-65-0x00007FF624F50000-0x00007FF6252A4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-129-0x00007FF624F50000-0x00007FF6252A4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-71-0x00007FF6B7650000-0x00007FF6B79A4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-141-0x00007FF6B7650000-0x00007FF6B79A4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-1550-0x00007FF6B7650000-0x00007FF6B79A4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-78-0x00007FF793DB0000-0x00007FF794104000-memory.dmp

Filesize
3.3MB

Download
memory/3032-18-0x00007FF793DB0000-0x00007FF794104000-memory.dmp

Filesize
3.3MB

Download
memory/3032-1432-0x00007FF793DB0000-0x00007FF794104000-memory.dmp

Filesize
3.3MB

Download
memory/3040-61-0x00007FF6C9250000-0x00007FF6C95A4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-1417-0x00007FF6C9250000-0x00007FF6C95A4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-7-0x00007FF6C9250000-0x00007FF6C95A4000-memory.dmp

Filesize
3.3MB

Download
memory/3076-172-0x00007FF6AE910000-0x00007FF6AEC64000-memory.dmp

Filesize
3.3MB

Download
memory/3076-1592-0x00007FF6AE910000-0x00007FF6AEC64000-memory.dmp

Filesize
3.3MB

Download
memory/3076-106-0x00007FF6AE910000-0x00007FF6AEC64000-memory.dmp

Filesize
3.3MB

Download
memory/3160-607-0x00007FF7D9310000-0x00007FF7D9664000-memory.dmp

Filesize
3.3MB

Download
memory/3160-2272-0x00007FF7D9310000-0x00007FF7D9664000-memory.dmp

Filesize
3.3MB

Download
memory/3160-196-0x00007FF7D9310000-0x00007FF7D9664000-memory.dmp

Filesize
3.3MB

Download
memory/3416-2033-0x00007FF669CF0000-0x00007FF66A044000-memory.dmp

Filesize
3.3MB

Download
memory/3416-205-0x00007FF669CF0000-0x00007FF66A044000-memory.dmp

Filesize
3.3MB

Download
memory/3416-155-0x00007FF669CF0000-0x00007FF66A044000-memory.dmp

Filesize
3.3MB

Download
memory/3588-24-0x00007FF615A00000-0x00007FF615D54000-memory.dmp

Filesize
3.3MB

Download
memory/3588-1439-0x00007FF615A00000-0x00007FF615D54000-memory.dmp

Filesize
3.3MB

Download
memory/3588-89-0x00007FF615A00000-0x00007FF615D54000-memory.dmp

Filesize
3.3MB

Download
memory/3660-1641-0x00007FF6C4A90000-0x00007FF6C4DE4000-memory.dmp

Filesize
3.3MB

Download
memory/3660-187-0x00007FF6C4A90000-0x00007FF6C4DE4000-memory.dmp

Filesize
3.3MB

Download
memory/3660-127-0x00007FF6C4A90000-0x00007FF6C4DE4000-memory.dmp

Filesize
3.3MB

Download
memory/4040-79-0x00007FF74B6E0000-0x00007FF74BA34000-memory.dmp

Filesize
3.3MB

Download
memory/4040-148-0x00007FF74B6E0000-0x00007FF74BA34000-memory.dmp

Filesize
3.3MB

Download
memory/4040-1560-0x00007FF74B6E0000-0x00007FF74BA34000-memory.dmp

Filesize
3.3MB

Download
memory/4176-1445-0x00007FF7E3820000-0x00007FF7E3B74000-memory.dmp

Filesize
3.3MB

Download
memory/4176-35-0x00007FF7E3820000-0x00007FF7E3B74000-memory.dmp

Filesize
3.3MB

Download
memory/4176-105-0x00007FF7E3820000-0x00007FF7E3B74000-memory.dmp

Filesize
3.3MB

Download
memory/4292-163-0x00007FF6198D0000-0x00007FF619C24000-memory.dmp

Filesize
3.3MB

Download
memory/4292-90-0x00007FF6198D0000-0x00007FF619C24000-memory.dmp

Filesize
3.3MB

Download
memory/4292-1572-0x00007FF6198D0000-0x00007FF619C24000-memory.dmp

Filesize
3.3MB

Download
memory/4436-55-0x00007FF7C3A30000-0x00007FF7C3D84000-memory.dmp

Filesize
3.3MB

Download
memory/4436-1529-0x00007FF7C3A30000-0x00007FF7C3D84000-memory.dmp

Filesize
3.3MB

Download
memory/4436-128-0x00007FF7C3A30000-0x00007FF7C3D84000-memory.dmp

Filesize
3.3MB

Download
memory/4460-2029-0x00007FF679F70000-0x00007FF67A2C4000-memory.dmp

Filesize
3.3MB

Download
memory/4460-204-0x00007FF679F70000-0x00007FF67A2C4000-memory.dmp

Filesize
3.3MB

Download
memory/4460-154-0x00007FF679F70000-0x00007FF67A2C4000-memory.dmp

Filesize
3.3MB

Download
memory/4604-175-0x00007FF733E90000-0x00007FF7341E4000-memory.dmp

Filesize
3.3MB

Download
memory/4604-386-0x00007FF733E90000-0x00007FF7341E4000-memory.dmp

Filesize
3.3MB

Download
memory/4604-2201-0x00007FF733E90000-0x00007FF7341E4000-memory.dmp

Filesize
3.3MB

Download
memory/4692-2036-0x00007FF728480000-0x00007FF7287D4000-memory.dmp

Filesize
3.3MB

Download
memory/4692-338-0x00007FF728480000-0x00007FF7287D4000-memory.dmp

Filesize
3.3MB

Download
memory/4692-164-0x00007FF728480000-0x00007FF7287D4000-memory.dmp

Filesize
3.3MB

Download
memory/4896-182-0x00007FF707260000-0x00007FF7075B4000-memory.dmp

Filesize
3.3MB

Download
memory/4896-2220-0x00007FF707260000-0x00007FF7075B4000-memory.dmp

Filesize
3.3MB

Download
memory/4896-471-0x00007FF707260000-0x00007FF7075B4000-memory.dmp

Filesize
3.3MB

Download
memory/4992-1442-0x00007FF7B5CA0000-0x00007FF7B5FF4000-memory.dmp

Filesize
3.3MB

Download
memory/4992-30-0x00007FF7B5CA0000-0x00007FF7B5FF4000-memory.dmp

Filesize
3.3MB

Download
memory/4992-102-0x00007FF7B5CA0000-0x00007FF7B5FF4000-memory.dmp

Filesize
3.3MB

Download
memory/5016-45-0x00007FF7630C0000-0x00007FF763414000-memory.dmp

Filesize
3.3MB

Download
memory/5016-1512-0x00007FF7630C0000-0x00007FF763414000-memory.dmp

Filesize
3.3MB

Download
memory/5016-108-0x00007FF7630C0000-0x00007FF763414000-memory.dmp

Filesize
3.3MB

Download