cobaltstrike | fd3493e2de144f933411e458d8b13265d04688201179c4531c0a7c0b7641180a

Analysis

max time kernel
124s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20250207-en
resource tags

arch:x64arch:x86image:win10v2004-20250207-enlocale:en-usos:windows10-2004-x64system
submitted
16/02/2025, 19:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

2eb3581cc407d94fd7e88424db659e40
SHA1

4176a6922f5ea8854abde25634e964a426a03e39
SHA256

fd3493e2de144f933411e458d8b13265d04688201179c4531c0a7c0b7641180a
SHA512

ba518813c3884501f0a80aa80bf714721b25a5d98fefbaf6d7c917a3ce60602b9468917359487a94a8b2e6ff88b91d7afe6a3ad3a751c4812f23b9990ef95bd6
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU3:T+q56utgpPF8u/73

Score

10^/10

cobaltstrike xmrig 0 backdoor discovery miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 45 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0008000000023e47-4.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e4b-10.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e4c-11.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023e48-24.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e4d-28.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e4f-39.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e50-47.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e52-56.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e51-54.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e4e-34.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e53-65.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e56-78.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e5a-98.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e5b-102.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e5f-114.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e63-126.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e68-141.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e6b-150.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e6e-159.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e73-174.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e75-180.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e59-187.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e76-186.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e74-177.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e72-171.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e71-168.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e70-165.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e6f-162.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e6d-156.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e6c-153.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e6a-147.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e69-144.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e67-138.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e66-135.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e65-131.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e64-129.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e62-123.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e61-119.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e60-117.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e5e-111.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e5d-108.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e5c-105.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e58-92.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e57-88.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023e55-76.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3336-0-0x00007FF7564D0000-0x00007FF756824000-memory.dmp	xmrig
behavioral2/files/0x0008000000023e47-4.dat	xmrig
behavioral2/memory/4620-8-0x00007FF7C8660000-0x00007FF7C89B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e4b-10.dat	xmrig
behavioral2/files/0x0007000000023e4c-11.dat	xmrig
behavioral2/memory/1740-14-0x00007FF724410000-0x00007FF724764000-memory.dmp	xmrig
behavioral2/memory/3108-20-0x00007FF789C40000-0x00007FF789F94000-memory.dmp	xmrig
behavioral2/files/0x0008000000023e48-24.dat	xmrig
behavioral2/memory/2620-26-0x00007FF75A470000-0x00007FF75A7C4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e4d-28.dat	xmrig
behavioral2/memory/2068-35-0x00007FF677E50000-0x00007FF6781A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e4f-39.dat	xmrig
behavioral2/files/0x0007000000023e50-47.dat	xmrig
behavioral2/memory/4460-49-0x00007FF6DCA20000-0x00007FF6DCD74000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e52-56.dat	xmrig
behavioral2/memory/5016-60-0x00007FF661980000-0x00007FF661CD4000-memory.dmp	xmrig
behavioral2/memory/5048-59-0x00007FF724DF0000-0x00007FF725144000-memory.dmp	xmrig
behavioral2/memory/5076-58-0x00007FF611C20000-0x00007FF611F74000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e51-54.dat	xmrig
behavioral2/memory/3644-44-0x00007FF695800000-0x00007FF695B54000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e4e-34.dat	xmrig
behavioral2/files/0x0007000000023e53-65.dat	xmrig
behavioral2/memory/4320-71-0x00007FF65FA50000-0x00007FF65FDA4000-memory.dmp	xmrig
behavioral2/memory/3336-68-0x00007FF7564D0000-0x00007FF756824000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e56-78.dat	xmrig
behavioral2/memory/3328-91-0x00007FF6FED80000-0x00007FF6FF0D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e5a-98.dat	xmrig
behavioral2/files/0x0007000000023e5b-102.dat	xmrig
behavioral2/files/0x0007000000023e5f-114.dat	xmrig
behavioral2/files/0x0007000000023e63-126.dat	xmrig
behavioral2/files/0x0007000000023e68-141.dat	xmrig
behavioral2/files/0x0007000000023e6b-150.dat	xmrig
behavioral2/files/0x0007000000023e6e-159.dat	xmrig
behavioral2/files/0x0007000000023e73-174.dat	xmrig
behavioral2/files/0x0007000000023e75-180.dat	xmrig
behavioral2/memory/1684-200-0x00007FF628F40000-0x00007FF629294000-memory.dmp	xmrig
behavioral2/memory/4156-204-0x00007FF79F750000-0x00007FF79FAA4000-memory.dmp	xmrig
behavioral2/memory/3036-210-0x00007FF6AE310000-0x00007FF6AE664000-memory.dmp	xmrig
behavioral2/memory/3260-213-0x00007FF7B2A40000-0x00007FF7B2D94000-memory.dmp	xmrig
behavioral2/memory/2068-237-0x00007FF677E50000-0x00007FF6781A4000-memory.dmp	xmrig
behavioral2/memory/2620-233-0x00007FF75A470000-0x00007FF75A7C4000-memory.dmp	xmrig
behavioral2/memory/3404-232-0x00007FF6A6E50000-0x00007FF6A71A4000-memory.dmp	xmrig
behavioral2/memory/404-212-0x00007FF72B9C0000-0x00007FF72BD14000-memory.dmp	xmrig
behavioral2/memory/2040-211-0x00007FF607640000-0x00007FF607994000-memory.dmp	xmrig
behavioral2/memory/4904-209-0x00007FF6DD4E0000-0x00007FF6DD834000-memory.dmp	xmrig
behavioral2/memory/752-208-0x00007FF7AEC80000-0x00007FF7AEFD4000-memory.dmp	xmrig
behavioral2/memory/3856-207-0x00007FF7D0390000-0x00007FF7D06E4000-memory.dmp	xmrig
behavioral2/memory/3080-206-0x00007FF6D6640000-0x00007FF6D6994000-memory.dmp	xmrig
behavioral2/memory/4324-205-0x00007FF7254D0000-0x00007FF725824000-memory.dmp	xmrig
behavioral2/memory/1060-203-0x00007FF608B40000-0x00007FF608E94000-memory.dmp	xmrig
behavioral2/memory/3768-202-0x00007FF66E5B0000-0x00007FF66E904000-memory.dmp	xmrig
behavioral2/memory/1000-201-0x00007FF7F7AC0000-0x00007FF7F7E14000-memory.dmp	xmrig
behavioral2/memory/3108-199-0x00007FF789C40000-0x00007FF789F94000-memory.dmp	xmrig
behavioral2/files/0x0007000000023e59-187.dat	xmrig
behavioral2/files/0x0007000000023e76-186.dat	xmrig
behavioral2/files/0x0007000000023e74-177.dat	xmrig
behavioral2/files/0x0007000000023e72-171.dat	xmrig
behavioral2/files/0x0007000000023e71-168.dat	xmrig
behavioral2/files/0x0007000000023e70-165.dat	xmrig
behavioral2/files/0x0007000000023e6f-162.dat	xmrig
behavioral2/files/0x0007000000023e6d-156.dat	xmrig
behavioral2/files/0x0007000000023e6c-153.dat	xmrig
behavioral2/files/0x0007000000023e6a-147.dat	xmrig
behavioral2/files/0x0007000000023e69-144.dat	xmrig

Downloads MZ/PE file 1 IoCs

flow	pid	Process
50	15224	Process not Found

Executes dropped EXE 64 IoCs

pid	Process
4620	xiEnnOp.exe
1740	SbzhHse.exe
3108	TmKlrPA.exe
2620	UhKodaZ.exe
2068	arcVeVG.exe
3644	reYowyL.exe
4460	wVRGkdG.exe
5048	QMxskIx.exe
5076	UTMJyOu.exe
5016	ntzjAys.exe
4320	tzeJHdc.exe
4788	gXvftxf.exe
1408	bZWMUiP.exe
3328	lyjZEXC.exe
1684	mIpkoOM.exe
3404	tHLbAii.exe
1000	ZqLFxNp.exe
3768	RODcTtH.exe
1060	lSorMvP.exe
4156	ewqFnlP.exe
4324	mJmSAyM.exe
3080	xKdaAjE.exe
3856	fPjbavo.exe
752	qXItaCy.exe
4904	cheblTQ.exe
3036	bZYZLkv.exe
2040	JiwqZLJ.exe
404	XVDKuhS.exe
3260	uFkaIQn.exe
1104	bGQcwLf.exe
1824	AnySOZo.exe
2020	WCrjYap.exe
1864	sQbGlGF.exe
2504	mffSHeq.exe
2672	rdlniKP.exe
4292	PnVoPpd.exe
1124	TjtbEmA.exe
3332	euOGCHB.exe
824	DMdWAua.exe
2628	dPZoBIu.exe
3492	JUAJvgV.exe
4924	TLZVuaa.exe
4384	fMRFqJm.exe
2124	hIQWdXv.exe
2748	UDYwBpi.exe
212	evNqMAW.exe
2856	JhccZbs.exe
2436	VhvWWgT.exe
1924	bFInMCe.exe
5020	SMxiBMX.exe
1488	HTaKqgg.exe
468	KPEMfrS.exe
2036	fvDBTRm.exe
1588	kyEnTNn.exe
1560	CRRwLUd.exe
4276	kcKmBHg.exe
1680	TkWKlqa.exe
1036	uBHQlSg.exe
2784	nhLEiRG.exe
1792	SDPgKgZ.exe
1644	kgEzvQO.exe
4436	MCwOijM.exe
4776	HNLwgzG.exe
4340	jzYEpzu.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3336-0-0x00007FF7564D0000-0x00007FF756824000-memory.dmp	upx
behavioral2/files/0x0008000000023e47-4.dat	upx
behavioral2/memory/4620-8-0x00007FF7C8660000-0x00007FF7C89B4000-memory.dmp	upx
behavioral2/files/0x0007000000023e4b-10.dat	upx
behavioral2/files/0x0007000000023e4c-11.dat	upx
behavioral2/memory/1740-14-0x00007FF724410000-0x00007FF724764000-memory.dmp	upx
behavioral2/memory/3108-20-0x00007FF789C40000-0x00007FF789F94000-memory.dmp	upx
behavioral2/files/0x0008000000023e48-24.dat	upx
behavioral2/memory/2620-26-0x00007FF75A470000-0x00007FF75A7C4000-memory.dmp	upx
behavioral2/files/0x0007000000023e4d-28.dat	upx
behavioral2/memory/2068-35-0x00007FF677E50000-0x00007FF6781A4000-memory.dmp	upx
behavioral2/files/0x0007000000023e4f-39.dat	upx
behavioral2/files/0x0007000000023e50-47.dat	upx
behavioral2/memory/4460-49-0x00007FF6DCA20000-0x00007FF6DCD74000-memory.dmp	upx
behavioral2/files/0x0007000000023e52-56.dat	upx
behavioral2/memory/5016-60-0x00007FF661980000-0x00007FF661CD4000-memory.dmp	upx
behavioral2/memory/5048-59-0x00007FF724DF0000-0x00007FF725144000-memory.dmp	upx
behavioral2/memory/5076-58-0x00007FF611C20000-0x00007FF611F74000-memory.dmp	upx
behavioral2/files/0x0007000000023e51-54.dat	upx
behavioral2/memory/3644-44-0x00007FF695800000-0x00007FF695B54000-memory.dmp	upx
behavioral2/files/0x0007000000023e4e-34.dat	upx
behavioral2/files/0x0007000000023e53-65.dat	upx
behavioral2/memory/4320-71-0x00007FF65FA50000-0x00007FF65FDA4000-memory.dmp	upx
behavioral2/memory/3336-68-0x00007FF7564D0000-0x00007FF756824000-memory.dmp	upx
behavioral2/files/0x0007000000023e56-78.dat	upx
behavioral2/memory/3328-91-0x00007FF6FED80000-0x00007FF6FF0D4000-memory.dmp	upx
behavioral2/files/0x0007000000023e5a-98.dat	upx
behavioral2/files/0x0007000000023e5b-102.dat	upx
behavioral2/files/0x0007000000023e5f-114.dat	upx
behavioral2/files/0x0007000000023e63-126.dat	upx
behavioral2/files/0x0007000000023e68-141.dat	upx
behavioral2/files/0x0007000000023e6b-150.dat	upx
behavioral2/files/0x0007000000023e6e-159.dat	upx
behavioral2/files/0x0007000000023e73-174.dat	upx
behavioral2/files/0x0007000000023e75-180.dat	upx
behavioral2/memory/1684-200-0x00007FF628F40000-0x00007FF629294000-memory.dmp	upx
behavioral2/memory/4156-204-0x00007FF79F750000-0x00007FF79FAA4000-memory.dmp	upx
behavioral2/memory/3036-210-0x00007FF6AE310000-0x00007FF6AE664000-memory.dmp	upx
behavioral2/memory/3260-213-0x00007FF7B2A40000-0x00007FF7B2D94000-memory.dmp	upx
behavioral2/memory/2068-237-0x00007FF677E50000-0x00007FF6781A4000-memory.dmp	upx
behavioral2/memory/2620-233-0x00007FF75A470000-0x00007FF75A7C4000-memory.dmp	upx
behavioral2/memory/3404-232-0x00007FF6A6E50000-0x00007FF6A71A4000-memory.dmp	upx
behavioral2/memory/404-212-0x00007FF72B9C0000-0x00007FF72BD14000-memory.dmp	upx
behavioral2/memory/2040-211-0x00007FF607640000-0x00007FF607994000-memory.dmp	upx
behavioral2/memory/4904-209-0x00007FF6DD4E0000-0x00007FF6DD834000-memory.dmp	upx
behavioral2/memory/752-208-0x00007FF7AEC80000-0x00007FF7AEFD4000-memory.dmp	upx
behavioral2/memory/3856-207-0x00007FF7D0390000-0x00007FF7D06E4000-memory.dmp	upx
behavioral2/memory/3080-206-0x00007FF6D6640000-0x00007FF6D6994000-memory.dmp	upx
behavioral2/memory/4324-205-0x00007FF7254D0000-0x00007FF725824000-memory.dmp	upx
behavioral2/memory/1060-203-0x00007FF608B40000-0x00007FF608E94000-memory.dmp	upx
behavioral2/memory/3768-202-0x00007FF66E5B0000-0x00007FF66E904000-memory.dmp	upx
behavioral2/memory/1000-201-0x00007FF7F7AC0000-0x00007FF7F7E14000-memory.dmp	upx
behavioral2/memory/3108-199-0x00007FF789C40000-0x00007FF789F94000-memory.dmp	upx
behavioral2/files/0x0007000000023e59-187.dat	upx
behavioral2/files/0x0007000000023e76-186.dat	upx
behavioral2/files/0x0007000000023e74-177.dat	upx
behavioral2/files/0x0007000000023e72-171.dat	upx
behavioral2/files/0x0007000000023e71-168.dat	upx
behavioral2/files/0x0007000000023e70-165.dat	upx
behavioral2/files/0x0007000000023e6f-162.dat	upx
behavioral2/files/0x0007000000023e6d-156.dat	upx
behavioral2/files/0x0007000000023e6c-153.dat	upx
behavioral2/files/0x0007000000023e6a-147.dat	upx
behavioral2/files/0x0007000000023e69-144.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\bYnPPzu.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PFqOwfS.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yfyuMcG.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZdqPEwc.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nQMYrwa.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bZYZLkv.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jGbHZJn.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ADMWFZc.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WtbahbK.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nSmpCOE.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IhxDWts.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aQicZsn.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xsxwFDb.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HDRJRND.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AnySOZo.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DMdWAua.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xrgLVqW.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YrrTHBA.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvCzwHD.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WfWONBn.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IKnuaGk.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GCpjyvd.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bRieshX.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DzyMyxg.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XRoxJYb.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\euOGCHB.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rbxNtlk.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SuYYzqy.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvEFszG.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vStgGIt.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yuiwpiv.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wNzqvHs.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VpjZACA.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DwZrxiB.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cifNbMo.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GAIgaXh.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BWGdEPm.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wMJHaYN.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dewzttj.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JgYxUrf.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PoVxeoS.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uSKtoPo.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WXXtCcu.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cBJKJqB.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NFUHxcQ.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wmsgGHS.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DdAlQqx.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pReutAj.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mffSHeq.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TLZVuaa.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lLuUBjJ.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nhLEiRG.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZlDHWeY.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CaNbvEQ.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AAwphFq.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hXsIvZF.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gyHpxJt.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tucxiBk.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UdQQXCQ.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RODcTtH.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NUCoyaS.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EFkzrbi.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TDDsZtR.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HTanTFJ.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
312	MicrosoftEdgeUpdate.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3336 wrote to memory of 4620	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 3336 wrote to memory of 4620	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 3336 wrote to memory of 1740	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3336 wrote to memory of 1740	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3336 wrote to memory of 3108	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 3336 wrote to memory of 3108	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 3336 wrote to memory of 2620	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3336 wrote to memory of 2620	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3336 wrote to memory of 2068	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3336 wrote to memory of 2068	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3336 wrote to memory of 3644	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 3336 wrote to memory of 3644	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 3336 wrote to memory of 4460	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3336 wrote to memory of 4460	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3336 wrote to memory of 5048	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3336 wrote to memory of 5048	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3336 wrote to memory of 5076	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3336 wrote to memory of 5076	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3336 wrote to memory of 5016	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3336 wrote to memory of 5016	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3336 wrote to memory of 4320	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3336 wrote to memory of 4320	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3336 wrote to memory of 4788	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3336 wrote to memory of 4788	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3336 wrote to memory of 1408	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3336 wrote to memory of 1408	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3336 wrote to memory of 3328	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3336 wrote to memory of 3328	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3336 wrote to memory of 1684	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3336 wrote to memory of 1684	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3336 wrote to memory of 3404	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 3336 wrote to memory of 3404	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 3336 wrote to memory of 1000	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3336 wrote to memory of 1000	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3336 wrote to memory of 3768	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3336 wrote to memory of 3768	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3336 wrote to memory of 1060	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3336 wrote to memory of 1060	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3336 wrote to memory of 4156	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3336 wrote to memory of 4156	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3336 wrote to memory of 4324	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3336 wrote to memory of 4324	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3336 wrote to memory of 3080	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3336 wrote to memory of 3080	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3336 wrote to memory of 3856	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3336 wrote to memory of 3856	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3336 wrote to memory of 752	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 3336 wrote to memory of 752	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 3336 wrote to memory of 4904	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 3336 wrote to memory of 4904	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 3336 wrote to memory of 3036	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 3336 wrote to memory of 3036	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 3336 wrote to memory of 2040	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 3336 wrote to memory of 2040	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 3336 wrote to memory of 404	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 3336 wrote to memory of 404	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 3336 wrote to memory of 3260	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	119
PID 3336 wrote to memory of 3260	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	119
PID 3336 wrote to memory of 1104	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	120
PID 3336 wrote to memory of 1104	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	120
PID 3336 wrote to memory of 1824	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	121
PID 3336 wrote to memory of 1824	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	121
PID 3336 wrote to memory of 2020	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	122
PID 3336 wrote to memory of 2020	3336	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	122

C:\Users\Admin\AppData\Local\Temp\2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3336
- C:\Windows\System\xiEnnOp.exe
  C:\Windows\System\xiEnnOp.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\SbzhHse.exe
  C:\Windows\System\SbzhHse.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\TmKlrPA.exe
  C:\Windows\System\TmKlrPA.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System\UhKodaZ.exe
  C:\Windows\System\UhKodaZ.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\arcVeVG.exe
  C:\Windows\System\arcVeVG.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\reYowyL.exe
  C:\Windows\System\reYowyL.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\wVRGkdG.exe
  C:\Windows\System\wVRGkdG.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\QMxskIx.exe
  C:\Windows\System\QMxskIx.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\UTMJyOu.exe
  C:\Windows\System\UTMJyOu.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\ntzjAys.exe
  C:\Windows\System\ntzjAys.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\tzeJHdc.exe
  C:\Windows\System\tzeJHdc.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System\gXvftxf.exe
  C:\Windows\System\gXvftxf.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\bZWMUiP.exe
  C:\Windows\System\bZWMUiP.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\lyjZEXC.exe
  C:\Windows\System\lyjZEXC.exe
  2⤵
  - Executes dropped EXE
  PID:3328
- C:\Windows\System\mIpkoOM.exe
  C:\Windows\System\mIpkoOM.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\tHLbAii.exe
  C:\Windows\System\tHLbAii.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System\ZqLFxNp.exe
  C:\Windows\System\ZqLFxNp.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\RODcTtH.exe
  C:\Windows\System\RODcTtH.exe
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Windows\System\lSorMvP.exe
  C:\Windows\System\lSorMvP.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\ewqFnlP.exe
  C:\Windows\System\ewqFnlP.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System\mJmSAyM.exe
  C:\Windows\System\mJmSAyM.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\xKdaAjE.exe
  C:\Windows\System\xKdaAjE.exe
  2⤵
  - Executes dropped EXE
  PID:3080
- C:\Windows\System\fPjbavo.exe
  C:\Windows\System\fPjbavo.exe
  2⤵
  - Executes dropped EXE
  PID:3856
- C:\Windows\System\qXItaCy.exe
  C:\Windows\System\qXItaCy.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\cheblTQ.exe
  C:\Windows\System\cheblTQ.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\bZYZLkv.exe
  C:\Windows\System\bZYZLkv.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\JiwqZLJ.exe
  C:\Windows\System\JiwqZLJ.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\XVDKuhS.exe
  C:\Windows\System\XVDKuhS.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\uFkaIQn.exe
  C:\Windows\System\uFkaIQn.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System\bGQcwLf.exe
  C:\Windows\System\bGQcwLf.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\AnySOZo.exe
  C:\Windows\System\AnySOZo.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\WCrjYap.exe
  C:\Windows\System\WCrjYap.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\sQbGlGF.exe
  C:\Windows\System\sQbGlGF.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\mffSHeq.exe
  C:\Windows\System\mffSHeq.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\rdlniKP.exe
  C:\Windows\System\rdlniKP.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\PnVoPpd.exe
  C:\Windows\System\PnVoPpd.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\TjtbEmA.exe
  C:\Windows\System\TjtbEmA.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\euOGCHB.exe
  C:\Windows\System\euOGCHB.exe
  2⤵
  - Executes dropped EXE
  PID:3332
- C:\Windows\System\DMdWAua.exe
  C:\Windows\System\DMdWAua.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\dPZoBIu.exe
  C:\Windows\System\dPZoBIu.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\JUAJvgV.exe
  C:\Windows\System\JUAJvgV.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\TLZVuaa.exe
  C:\Windows\System\TLZVuaa.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\fMRFqJm.exe
  C:\Windows\System\fMRFqJm.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System\hIQWdXv.exe
  C:\Windows\System\hIQWdXv.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\UDYwBpi.exe
  C:\Windows\System\UDYwBpi.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\evNqMAW.exe
  C:\Windows\System\evNqMAW.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\JhccZbs.exe
  C:\Windows\System\JhccZbs.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\VhvWWgT.exe
  C:\Windows\System\VhvWWgT.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\bFInMCe.exe
  C:\Windows\System\bFInMCe.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\SMxiBMX.exe
  C:\Windows\System\SMxiBMX.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\HTaKqgg.exe
  C:\Windows\System\HTaKqgg.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\KPEMfrS.exe
  C:\Windows\System\KPEMfrS.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\fvDBTRm.exe
  C:\Windows\System\fvDBTRm.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\kyEnTNn.exe
  C:\Windows\System\kyEnTNn.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\CRRwLUd.exe
  C:\Windows\System\CRRwLUd.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\kcKmBHg.exe
  C:\Windows\System\kcKmBHg.exe
  2⤵
  - Executes dropped EXE
  PID:4276
- C:\Windows\System\TkWKlqa.exe
  C:\Windows\System\TkWKlqa.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\uBHQlSg.exe
  C:\Windows\System\uBHQlSg.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\nhLEiRG.exe
  C:\Windows\System\nhLEiRG.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\SDPgKgZ.exe
  C:\Windows\System\SDPgKgZ.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\kgEzvQO.exe
  C:\Windows\System\kgEzvQO.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\MCwOijM.exe
  C:\Windows\System\MCwOijM.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\HNLwgzG.exe
  C:\Windows\System\HNLwgzG.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\jzYEpzu.exe
  C:\Windows\System\jzYEpzu.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\DEWOGZw.exe
  C:\Windows\System\DEWOGZw.exe
  2⤵
  PID:3852
- C:\Windows\System\BLPOcLo.exe
  C:\Windows\System\BLPOcLo.exe
  2⤵
  PID:3620
- C:\Windows\System\SksfXPI.exe
  C:\Windows\System\SksfXPI.exe
  2⤵
  PID:4984
- C:\Windows\System\vvFJgIl.exe
  C:\Windows\System\vvFJgIl.exe
  2⤵
  PID:4376
- C:\Windows\System\hZTCixz.exe
  C:\Windows\System\hZTCixz.exe
  2⤵
  PID:1736
- C:\Windows\System\yokaOrS.exe
  C:\Windows\System\yokaOrS.exe
  2⤵
  PID:4680
- C:\Windows\System\pNhflYU.exe
  C:\Windows\System\pNhflYU.exe
  2⤵
  PID:3116
- C:\Windows\System\fIXtRZv.exe
  C:\Windows\System\fIXtRZv.exe
  2⤵
  PID:4032
- C:\Windows\System\wVVIQKz.exe
  C:\Windows\System\wVVIQKz.exe
  2⤵
  PID:532
- C:\Windows\System\elpaKer.exe
  C:\Windows\System\elpaKer.exe
  2⤵
  PID:3880
- C:\Windows\System\vvKTbbQ.exe
  C:\Windows\System\vvKTbbQ.exe
  2⤵
  PID:1796
- C:\Windows\System\pvkaYSJ.exe
  C:\Windows\System\pvkaYSJ.exe
  2⤵
  PID:4136
- C:\Windows\System\YYWLHYX.exe
  C:\Windows\System\YYWLHYX.exe
  2⤵
  PID:4048
- C:\Windows\System\QsMOAMb.exe
  C:\Windows\System\QsMOAMb.exe
  2⤵
  PID:5152
- C:\Windows\System\zWmrHcC.exe
  C:\Windows\System\zWmrHcC.exe
  2⤵
  PID:5176
- C:\Windows\System\JgYxUrf.exe
  C:\Windows\System\JgYxUrf.exe
  2⤵
  PID:5196
- C:\Windows\System\kIDXjgk.exe
  C:\Windows\System\kIDXjgk.exe
  2⤵
  PID:5240
- C:\Windows\System\UCjozhr.exe
  C:\Windows\System\UCjozhr.exe
  2⤵
  PID:5264
- C:\Windows\System\GhlCcuk.exe
  C:\Windows\System\GhlCcuk.exe
  2⤵
  PID:5292
- C:\Windows\System\xrgLVqW.exe
  C:\Windows\System\xrgLVqW.exe
  2⤵
  PID:5324
- C:\Windows\System\UVAsVRC.exe
  C:\Windows\System\UVAsVRC.exe
  2⤵
  PID:5348
- C:\Windows\System\NYCjqck.exe
  C:\Windows\System\NYCjqck.exe
  2⤵
  PID:5376
- C:\Windows\System\aTakAgj.exe
  C:\Windows\System\aTakAgj.exe
  2⤵
  PID:5404
- C:\Windows\System\dkGxKzr.exe
  C:\Windows\System\dkGxKzr.exe
  2⤵
  PID:5424
- C:\Windows\System\LMSeEsK.exe
  C:\Windows\System\LMSeEsK.exe
  2⤵
  PID:5460
- C:\Windows\System\LHcEYux.exe
  C:\Windows\System\LHcEYux.exe
  2⤵
  PID:5480
- C:\Windows\System\lLuUBjJ.exe
  C:\Windows\System\lLuUBjJ.exe
  2⤵
  PID:5524
- C:\Windows\System\ORiVOfZ.exe
  C:\Windows\System\ORiVOfZ.exe
  2⤵
  PID:5548
- C:\Windows\System\fcscOVC.exe
  C:\Windows\System\fcscOVC.exe
  2⤵
  PID:5580
- C:\Windows\System\lMEQtcd.exe
  C:\Windows\System\lMEQtcd.exe
  2⤵
  PID:5596
- C:\Windows\System\zFRkxPy.exe
  C:\Windows\System\zFRkxPy.exe
  2⤵
  PID:5624
- C:\Windows\System\VWvnuvj.exe
  C:\Windows\System\VWvnuvj.exe
  2⤵
  PID:5664
- C:\Windows\System\yjvQpXS.exe
  C:\Windows\System\yjvQpXS.exe
  2⤵
  PID:5696
- C:\Windows\System\rJGcSkr.exe
  C:\Windows\System\rJGcSkr.exe
  2⤵
  PID:5728
- C:\Windows\System\MprRRxO.exe
  C:\Windows\System\MprRRxO.exe
  2⤵
  PID:5756
- C:\Windows\System\jJBQpCo.exe
  C:\Windows\System\jJBQpCo.exe
  2⤵
  PID:5776
- C:\Windows\System\GlJicqa.exe
  C:\Windows\System\GlJicqa.exe
  2⤵
  PID:5804
- C:\Windows\System\ZJLfJKL.exe
  C:\Windows\System\ZJLfJKL.exe
  2⤵
  PID:5836
- C:\Windows\System\rbxNtlk.exe
  C:\Windows\System\rbxNtlk.exe
  2⤵
  PID:5872
- C:\Windows\System\uaaFyjU.exe
  C:\Windows\System\uaaFyjU.exe
  2⤵
  PID:5888
- C:\Windows\System\oWAOlgq.exe
  C:\Windows\System\oWAOlgq.exe
  2⤵
  PID:5916
- C:\Windows\System\SksedrP.exe
  C:\Windows\System\SksedrP.exe
  2⤵
  PID:5936
- C:\Windows\System\yoCFjEA.exe
  C:\Windows\System\yoCFjEA.exe
  2⤵
  PID:5980
- C:\Windows\System\siwmEXl.exe
  C:\Windows\System\siwmEXl.exe
  2⤵
  PID:6024
- C:\Windows\System\ggGoLmS.exe
  C:\Windows\System\ggGoLmS.exe
  2⤵
  PID:6048
- C:\Windows\System\JYGlMYE.exe
  C:\Windows\System\JYGlMYE.exe
  2⤵
  PID:6080
- C:\Windows\System\cYXOefI.exe
  C:\Windows\System\cYXOefI.exe
  2⤵
  PID:5132
- C:\Windows\System\xalLsux.exe
  C:\Windows\System\xalLsux.exe
  2⤵
  PID:4632
- C:\Windows\System\bjJwofg.exe
  C:\Windows\System\bjJwofg.exe
  2⤵
  PID:5252
- C:\Windows\System\nlMHbPb.exe
  C:\Windows\System\nlMHbPb.exe
  2⤵
  PID:5356
- C:\Windows\System\SlCdFpn.exe
  C:\Windows\System\SlCdFpn.exe
  2⤵
  PID:5416
- C:\Windows\System\SrwaPNr.exe
  C:\Windows\System\SrwaPNr.exe
  2⤵
  PID:5476
- C:\Windows\System\hgKOGZx.exe
  C:\Windows\System\hgKOGZx.exe
  2⤵
  PID:5556
- C:\Windows\System\RFPjCwK.exe
  C:\Windows\System\RFPjCwK.exe
  2⤵
  PID:5632
- C:\Windows\System\kBUeZEl.exe
  C:\Windows\System\kBUeZEl.exe
  2⤵
  PID:5688
- C:\Windows\System\RqOelLY.exe
  C:\Windows\System\RqOelLY.exe
  2⤵
  PID:5736
- C:\Windows\System\xhxetHE.exe
  C:\Windows\System\xhxetHE.exe
  2⤵
  PID:1648
- C:\Windows\System\OeTSoMY.exe
  C:\Windows\System\OeTSoMY.exe
  2⤵
  PID:5848
- C:\Windows\System\aWlACaL.exe
  C:\Windows\System\aWlACaL.exe
  2⤵
  PID:5912
- C:\Windows\System\EKngWhx.exe
  C:\Windows\System\EKngWhx.exe
  2⤵
  PID:6004
- C:\Windows\System\IFOWYcB.exe
  C:\Windows\System\IFOWYcB.exe
  2⤵
  PID:6072
- C:\Windows\System\GoQwjcD.exe
  C:\Windows\System\GoQwjcD.exe
  2⤵
  PID:4556
- C:\Windows\System\njUZlHe.exe
  C:\Windows\System\njUZlHe.exe
  2⤵
  PID:5372
- C:\Windows\System\mTInnRa.exe
  C:\Windows\System\mTInnRa.exe
  2⤵
  PID:5588
- C:\Windows\System\yIQQkcM.exe
  C:\Windows\System\yIQQkcM.exe
  2⤵
  PID:5928
- C:\Windows\System\kGkgDUs.exe
  C:\Windows\System\kGkgDUs.exe
  2⤵
  PID:5160
- C:\Windows\System\hdlFUdq.exe
  C:\Windows\System\hdlFUdq.exe
  2⤵
  PID:6160
- C:\Windows\System\YiPZgKa.exe
  C:\Windows\System\YiPZgKa.exe
  2⤵
  PID:6192
- C:\Windows\System\oOMvnOG.exe
  C:\Windows\System\oOMvnOG.exe
  2⤵
  PID:6228
- C:\Windows\System\mILDjEr.exe
  C:\Windows\System\mILDjEr.exe
  2⤵
  PID:6252
- C:\Windows\System\gPxXHgO.exe
  C:\Windows\System\gPxXHgO.exe
  2⤵
  PID:6284
- C:\Windows\System\uYOmBHI.exe
  C:\Windows\System\uYOmBHI.exe
  2⤵
  PID:6324
- C:\Windows\System\KVhGzyt.exe
  C:\Windows\System\KVhGzyt.exe
  2⤵
  PID:6348
- C:\Windows\System\iGISCEF.exe
  C:\Windows\System\iGISCEF.exe
  2⤵
  PID:6396
- C:\Windows\System\yrohNUY.exe
  C:\Windows\System\yrohNUY.exe
  2⤵
  PID:6416
- C:\Windows\System\MoAAjOE.exe
  C:\Windows\System\MoAAjOE.exe
  2⤵
  PID:6456
- C:\Windows\System\enzXQjK.exe
  C:\Windows\System\enzXQjK.exe
  2⤵
  PID:6480
- C:\Windows\System\uQNeUJl.exe
  C:\Windows\System\uQNeUJl.exe
  2⤵
  PID:6516
- C:\Windows\System\nSmpCOE.exe
  C:\Windows\System\nSmpCOE.exe
  2⤵
  PID:6556
- C:\Windows\System\NUCoyaS.exe
  C:\Windows\System\NUCoyaS.exe
  2⤵
  PID:6584
- C:\Windows\System\NvKMWvo.exe
  C:\Windows\System\NvKMWvo.exe
  2⤵
  PID:6604
- C:\Windows\System\nxxVIin.exe
  C:\Windows\System\nxxVIin.exe
  2⤵
  PID:6632
- C:\Windows\System\jRbxGOv.exe
  C:\Windows\System\jRbxGOv.exe
  2⤵
  PID:6660
- C:\Windows\System\VPSkvuq.exe
  C:\Windows\System\VPSkvuq.exe
  2⤵
  PID:6700
- C:\Windows\System\qWgjIOM.exe
  C:\Windows\System\qWgjIOM.exe
  2⤵
  PID:6720
- C:\Windows\System\zjzuPoK.exe
  C:\Windows\System\zjzuPoK.exe
  2⤵
  PID:6756
- C:\Windows\System\sxwHeEj.exe
  C:\Windows\System\sxwHeEj.exe
  2⤵
  PID:6772
- C:\Windows\System\wohhhma.exe
  C:\Windows\System\wohhhma.exe
  2⤵
  PID:6788
- C:\Windows\System\jcNfvAF.exe
  C:\Windows\System\jcNfvAF.exe
  2⤵
  PID:6832
- C:\Windows\System\EUQwsdP.exe
  C:\Windows\System\EUQwsdP.exe
  2⤵
  PID:6872
- C:\Windows\System\QcZWKVA.exe
  C:\Windows\System\QcZWKVA.exe
  2⤵
  PID:6900
- C:\Windows\System\nGZimwd.exe
  C:\Windows\System\nGZimwd.exe
  2⤵
  PID:6928
- C:\Windows\System\BSuPipw.exe
  C:\Windows\System\BSuPipw.exe
  2⤵
  PID:6952
- C:\Windows\System\aErcPOc.exe
  C:\Windows\System\aErcPOc.exe
  2⤵
  PID:6980
- C:\Windows\System\oEHlMph.exe
  C:\Windows\System\oEHlMph.exe
  2⤵
  PID:7000
- C:\Windows\System\dVAZiNt.exe
  C:\Windows\System\dVAZiNt.exe
  2⤵
  PID:7028
- C:\Windows\System\LvOOSLF.exe
  C:\Windows\System\LvOOSLF.exe
  2⤵
  PID:7068
- C:\Windows\System\VqWeQQL.exe
  C:\Windows\System\VqWeQQL.exe
  2⤵
  PID:7096
- C:\Windows\System\RUFPVFU.exe
  C:\Windows\System\RUFPVFU.exe
  2⤵
  PID:7128
- C:\Windows\System\VdVrrNA.exe
  C:\Windows\System\VdVrrNA.exe
  2⤵
  PID:7144
- C:\Windows\System\RqKVbNP.exe
  C:\Windows\System\RqKVbNP.exe
  2⤵
  PID:6168
- C:\Windows\System\jGbHZJn.exe
  C:\Windows\System\jGbHZJn.exe
  2⤵
  PID:6264
- C:\Windows\System\BsUmisz.exe
  C:\Windows\System\BsUmisz.exe
  2⤵
  PID:6332
- C:\Windows\System\PgznAow.exe
  C:\Windows\System\PgznAow.exe
  2⤵
  PID:6408
- C:\Windows\System\tZgZwnd.exe
  C:\Windows\System\tZgZwnd.exe
  2⤵
  PID:6452
- C:\Windows\System\pTEkCqy.exe
  C:\Windows\System\pTEkCqy.exe
  2⤵
  PID:6532
- C:\Windows\System\YvEGCmh.exe
  C:\Windows\System\YvEGCmh.exe
  2⤵
  PID:6592
- C:\Windows\System\WqEJnDA.exe
  C:\Windows\System\WqEJnDA.exe
  2⤵
  PID:6652
- C:\Windows\System\vgqMDnh.exe
  C:\Windows\System\vgqMDnh.exe
  2⤵
  PID:6696
- C:\Windows\System\WPCalJO.exe
  C:\Windows\System\WPCalJO.exe
  2⤵
  PID:6764
- C:\Windows\System\EFkzrbi.exe
  C:\Windows\System\EFkzrbi.exe
  2⤵
  PID:6804
- C:\Windows\System\SuYYzqy.exe
  C:\Windows\System\SuYYzqy.exe
  2⤵
  PID:6896
- C:\Windows\System\tPWUJoa.exe
  C:\Windows\System\tPWUJoa.exe
  2⤵
  PID:6964
- C:\Windows\System\ByEkAra.exe
  C:\Windows\System\ByEkAra.exe
  2⤵
  PID:7012
- C:\Windows\System\Fyelyda.exe
  C:\Windows\System\Fyelyda.exe
  2⤵
  PID:7104
- C:\Windows\System\zIPufDx.exe
  C:\Windows\System\zIPufDx.exe
  2⤵
  PID:6380
- C:\Windows\System\TILkGnI.exe
  C:\Windows\System\TILkGnI.exe
  2⤵
  PID:6572
- C:\Windows\System\suGiuSG.exe
  C:\Windows\System\suGiuSG.exe
  2⤵
  PID:6672
- C:\Windows\System\RtWvHQN.exe
  C:\Windows\System\RtWvHQN.exe
  2⤵
  PID:6844
- C:\Windows\System\WQUzusP.exe
  C:\Windows\System\WQUzusP.exe
  2⤵
  PID:6524
- C:\Windows\System\NZkVIDk.exe
  C:\Windows\System\NZkVIDk.exe
  2⤵
  PID:7080
- C:\Windows\System\DTwcEEr.exe
  C:\Windows\System\DTwcEEr.exe
  2⤵
  PID:6644
- C:\Windows\System\qiBQlYY.exe
  C:\Windows\System\qiBQlYY.exe
  2⤵
  PID:6908
- C:\Windows\System\AKZvKeZ.exe
  C:\Windows\System\AKZvKeZ.exe
  2⤵
  PID:6488
- C:\Windows\System\zpWNvPn.exe
  C:\Windows\System\zpWNvPn.exe
  2⤵
  PID:4820
- C:\Windows\System\Jyfowdv.exe
  C:\Windows\System\Jyfowdv.exe
  2⤵
  PID:3932
- C:\Windows\System\NQbpOCv.exe
  C:\Windows\System\NQbpOCv.exe
  2⤵
  PID:900
- C:\Windows\System\BmKnMnp.exe
  C:\Windows\System\BmKnMnp.exe
  2⤵
  PID:2084
- C:\Windows\System\UhwxfSR.exe
  C:\Windows\System\UhwxfSR.exe
  2⤵
  PID:6828
- C:\Windows\System\wNzqvHs.exe
  C:\Windows\System\wNzqvHs.exe
  2⤵
  PID:2052
- C:\Windows\System\gWOYsNA.exe
  C:\Windows\System\gWOYsNA.exe
  2⤵
  PID:5028
- C:\Windows\System\zrYAEUp.exe
  C:\Windows\System\zrYAEUp.exe
  2⤵
  PID:5676
- C:\Windows\System\TnKMnuZ.exe
  C:\Windows\System\TnKMnuZ.exe
  2⤵
  PID:7196
- C:\Windows\System\dqpSdxa.exe
  C:\Windows\System\dqpSdxa.exe
  2⤵
  PID:7224
- C:\Windows\System\VSLGoLO.exe
  C:\Windows\System\VSLGoLO.exe
  2⤵
  PID:7256
- C:\Windows\System\RkVYXPo.exe
  C:\Windows\System\RkVYXPo.exe
  2⤵
  PID:7280
- C:\Windows\System\unJThNI.exe
  C:\Windows\System\unJThNI.exe
  2⤵
  PID:7312
- C:\Windows\System\ZBEqQYm.exe
  C:\Windows\System\ZBEqQYm.exe
  2⤵
  PID:7344
- C:\Windows\System\YSqEhuq.exe
  C:\Windows\System\YSqEhuq.exe
  2⤵
  PID:7368
- C:\Windows\System\hbnwKWn.exe
  C:\Windows\System\hbnwKWn.exe
  2⤵
  PID:7396
- C:\Windows\System\fdFTTrB.exe
  C:\Windows\System\fdFTTrB.exe
  2⤵
  PID:7416
- C:\Windows\System\WhtExlM.exe
  C:\Windows\System\WhtExlM.exe
  2⤵
  PID:7444
- C:\Windows\System\IgpGtAg.exe
  C:\Windows\System\IgpGtAg.exe
  2⤵
  PID:7484
- C:\Windows\System\mASMzyJ.exe
  C:\Windows\System\mASMzyJ.exe
  2⤵
  PID:7500
- C:\Windows\System\AEBbxxK.exe
  C:\Windows\System\AEBbxxK.exe
  2⤵
  PID:7536
- C:\Windows\System\DYACXtO.exe
  C:\Windows\System\DYACXtO.exe
  2⤵
  PID:7564
- C:\Windows\System\MkrhaQl.exe
  C:\Windows\System\MkrhaQl.exe
  2⤵
  PID:7592
- C:\Windows\System\PufntBG.exe
  C:\Windows\System\PufntBG.exe
  2⤵
  PID:7620
- C:\Windows\System\IhxDWts.exe
  C:\Windows\System\IhxDWts.exe
  2⤵
  PID:7648
- C:\Windows\System\zgbctFA.exe
  C:\Windows\System\zgbctFA.exe
  2⤵
  PID:7676
- C:\Windows\System\jtadVIY.exe
  C:\Windows\System\jtadVIY.exe
  2⤵
  PID:7704
- C:\Windows\System\ckmiFWZ.exe
  C:\Windows\System\ckmiFWZ.exe
  2⤵
  PID:7732
- C:\Windows\System\KmDQjIJ.exe
  C:\Windows\System\KmDQjIJ.exe
  2⤵
  PID:7764
- C:\Windows\System\sQyNBKA.exe
  C:\Windows\System\sQyNBKA.exe
  2⤵
  PID:7784
- C:\Windows\System\PoVxeoS.exe
  C:\Windows\System\PoVxeoS.exe
  2⤵
  PID:7812
- C:\Windows\System\XtjmehW.exe
  C:\Windows\System\XtjmehW.exe
  2⤵
  PID:7840
- C:\Windows\System\SNwfvOV.exe
  C:\Windows\System\SNwfvOV.exe
  2⤵
  PID:7872
- C:\Windows\System\YKGeYfM.exe
  C:\Windows\System\YKGeYfM.exe
  2⤵
  PID:7896
- C:\Windows\System\TqokbzB.exe
  C:\Windows\System\TqokbzB.exe
  2⤵
  PID:7924
- C:\Windows\System\cYHSHpl.exe
  C:\Windows\System\cYHSHpl.exe
  2⤵
  PID:7956
- C:\Windows\System\GhEGLYx.exe
  C:\Windows\System\GhEGLYx.exe
  2⤵
  PID:7984
- C:\Windows\System\uznoMVr.exe
  C:\Windows\System\uznoMVr.exe
  2⤵
  PID:8012
- C:\Windows\System\DXBvwMS.exe
  C:\Windows\System\DXBvwMS.exe
  2⤵
  PID:8040
- C:\Windows\System\hHfNdRR.exe
  C:\Windows\System\hHfNdRR.exe
  2⤵
  PID:8068
- C:\Windows\System\sDgpcxk.exe
  C:\Windows\System\sDgpcxk.exe
  2⤵
  PID:8096
- C:\Windows\System\bBjOMXY.exe
  C:\Windows\System\bBjOMXY.exe
  2⤵
  PID:8132
- C:\Windows\System\xSmSXzU.exe
  C:\Windows\System\xSmSXzU.exe
  2⤵
  PID:7204
- C:\Windows\System\waRtFzE.exe
  C:\Windows\System\waRtFzE.exe
  2⤵
  PID:7244
- C:\Windows\System\ZlDHWeY.exe
  C:\Windows\System\ZlDHWeY.exe
  2⤵
  PID:7300
- C:\Windows\System\EbVHRel.exe
  C:\Windows\System\EbVHRel.exe
  2⤵
  PID:7380
- C:\Windows\System\mbbzwAp.exe
  C:\Windows\System\mbbzwAp.exe
  2⤵
  PID:7440
- C:\Windows\System\yUbPTTB.exe
  C:\Windows\System\yUbPTTB.exe
  2⤵
  PID:7496
- C:\Windows\System\KYLRxje.exe
  C:\Windows\System\KYLRxje.exe
  2⤵
  PID:7572
- C:\Windows\System\NLJtBRC.exe
  C:\Windows\System\NLJtBRC.exe
  2⤵
  PID:7604
- C:\Windows\System\bQdrMyc.exe
  C:\Windows\System\bQdrMyc.exe
  2⤵
  PID:7660
- C:\Windows\System\WuISVrK.exe
  C:\Windows\System\WuISVrK.exe
  2⤵
  PID:7720
- C:\Windows\System\GgaOaQG.exe
  C:\Windows\System\GgaOaQG.exe
  2⤵
  PID:7800
- C:\Windows\System\ivdVHtZ.exe
  C:\Windows\System\ivdVHtZ.exe
  2⤵
  PID:7320
- C:\Windows\System\ADMWFZc.exe
  C:\Windows\System\ADMWFZc.exe
  2⤵
  PID:6988
- C:\Windows\System\izBsPgF.exe
  C:\Windows\System\izBsPgF.exe
  2⤵
  PID:7976
- C:\Windows\System\NLMOsTr.exe
  C:\Windows\System\NLMOsTr.exe
  2⤵
  PID:1620
- C:\Windows\System\psDjuMP.exe
  C:\Windows\System\psDjuMP.exe
  2⤵
  PID:8064
- C:\Windows\System\PAjWmIX.exe
  C:\Windows\System\PAjWmIX.exe
  2⤵
  PID:8116
- C:\Windows\System\YabsZfB.exe
  C:\Windows\System\YabsZfB.exe
  2⤵
  PID:7232
- C:\Windows\System\zyGLEnx.exe
  C:\Windows\System\zyGLEnx.exe
  2⤵
  PID:7364
- C:\Windows\System\XQyDfqd.exe
  C:\Windows\System\XQyDfqd.exe
  2⤵
  PID:7492
- C:\Windows\System\FmRyFwA.exe
  C:\Windows\System\FmRyFwA.exe
  2⤵
  PID:7632
- C:\Windows\System\HorAbPf.exe
  C:\Windows\System\HorAbPf.exe
  2⤵
  PID:3264
- C:\Windows\System\XtTlwXD.exe
  C:\Windows\System\XtTlwXD.exe
  2⤵
  PID:7908
- C:\Windows\System\zvRoOKc.exe
  C:\Windows\System\zvRoOKc.exe
  2⤵
  PID:8024
- C:\Windows\System\piyYXuy.exe
  C:\Windows\System\piyYXuy.exe
  2⤵
  PID:5056
- C:\Windows\System\RxRDDUa.exe
  C:\Windows\System\RxRDDUa.exe
  2⤵
  PID:7292
- C:\Windows\System\oUQUacj.exe
  C:\Windows\System\oUQUacj.exe
  2⤵
  PID:7476
- C:\Windows\System\TMqJjzH.exe
  C:\Windows\System\TMqJjzH.exe
  2⤵
  PID:7752
- C:\Windows\System\ojgExGN.exe
  C:\Windows\System\ojgExGN.exe
  2⤵
  PID:8032
- C:\Windows\System\QRYBYJh.exe
  C:\Windows\System\QRYBYJh.exe
  2⤵
  PID:7328
- C:\Windows\System\bMozJaf.exe
  C:\Windows\System\bMozJaf.exe
  2⤵
  PID:7952
- C:\Windows\System\JmGEHhp.exe
  C:\Windows\System\JmGEHhp.exe
  2⤵
  PID:2740
- C:\Windows\System\UXZXVRf.exe
  C:\Windows\System\UXZXVRf.exe
  2⤵
  PID:2380
- C:\Windows\System\oUimXAH.exe
  C:\Windows\System\oUimXAH.exe
  2⤵
  PID:8212
- C:\Windows\System\RjLSgAo.exe
  C:\Windows\System\RjLSgAo.exe
  2⤵
  PID:8240
- C:\Windows\System\YNqvUtC.exe
  C:\Windows\System\YNqvUtC.exe
  2⤵
  PID:8268
- C:\Windows\System\vJGnfNg.exe
  C:\Windows\System\vJGnfNg.exe
  2⤵
  PID:8296
- C:\Windows\System\ozuyJCk.exe
  C:\Windows\System\ozuyJCk.exe
  2⤵
  PID:8324
- C:\Windows\System\ZnUkNeO.exe
  C:\Windows\System\ZnUkNeO.exe
  2⤵
  PID:8352
- C:\Windows\System\JUTBBIA.exe
  C:\Windows\System\JUTBBIA.exe
  2⤵
  PID:8380
- C:\Windows\System\gLkVUlV.exe
  C:\Windows\System\gLkVUlV.exe
  2⤵
  PID:8408
- C:\Windows\System\aQicZsn.exe
  C:\Windows\System\aQicZsn.exe
  2⤵
  PID:8436
- C:\Windows\System\uSKtoPo.exe
  C:\Windows\System\uSKtoPo.exe
  2⤵
  PID:8464
- C:\Windows\System\vHkgRyH.exe
  C:\Windows\System\vHkgRyH.exe
  2⤵
  PID:8492
- C:\Windows\System\NWPecsj.exe
  C:\Windows\System\NWPecsj.exe
  2⤵
  PID:8520
- C:\Windows\System\cifNbMo.exe
  C:\Windows\System\cifNbMo.exe
  2⤵
  PID:8548
- C:\Windows\System\aRfYRhg.exe
  C:\Windows\System\aRfYRhg.exe
  2⤵
  PID:8576
- C:\Windows\System\RnqxzJD.exe
  C:\Windows\System\RnqxzJD.exe
  2⤵
  PID:8604
- C:\Windows\System\JamCrzC.exe
  C:\Windows\System\JamCrzC.exe
  2⤵
  PID:8632
- C:\Windows\System\zfnYAIP.exe
  C:\Windows\System\zfnYAIP.exe
  2⤵
  PID:8668
- C:\Windows\System\fqcrCUH.exe
  C:\Windows\System\fqcrCUH.exe
  2⤵
  PID:8692
- C:\Windows\System\wNYWhtM.exe
  C:\Windows\System\wNYWhtM.exe
  2⤵
  PID:8720
- C:\Windows\System\jkKNAxY.exe
  C:\Windows\System\jkKNAxY.exe
  2⤵
  PID:8748
- C:\Windows\System\gaUQrVI.exe
  C:\Windows\System\gaUQrVI.exe
  2⤵
  PID:8776
- C:\Windows\System\sqDjjRl.exe
  C:\Windows\System\sqDjjRl.exe
  2⤵
  PID:8804
- C:\Windows\System\xhEeyoa.exe
  C:\Windows\System\xhEeyoa.exe
  2⤵
  PID:8832
- C:\Windows\System\wAxmOIq.exe
  C:\Windows\System\wAxmOIq.exe
  2⤵
  PID:8860
- C:\Windows\System\EbSRLWd.exe
  C:\Windows\System\EbSRLWd.exe
  2⤵
  PID:8888
- C:\Windows\System\TlpYMLK.exe
  C:\Windows\System\TlpYMLK.exe
  2⤵
  PID:8916
- C:\Windows\System\cXtHqwt.exe
  C:\Windows\System\cXtHqwt.exe
  2⤵
  PID:8944
- C:\Windows\System\wOGDhYK.exe
  C:\Windows\System\wOGDhYK.exe
  2⤵
  PID:8972
- C:\Windows\System\fuVWnIT.exe
  C:\Windows\System\fuVWnIT.exe
  2⤵
  PID:9000
- C:\Windows\System\LjXZfjn.exe
  C:\Windows\System\LjXZfjn.exe
  2⤵
  PID:9028
- C:\Windows\System\QRyzANx.exe
  C:\Windows\System\QRyzANx.exe
  2⤵
  PID:9056
- C:\Windows\System\DlQsRNt.exe
  C:\Windows\System\DlQsRNt.exe
  2⤵
  PID:9084
- C:\Windows\System\hrlMkXq.exe
  C:\Windows\System\hrlMkXq.exe
  2⤵
  PID:9112
- C:\Windows\System\KzlsplV.exe
  C:\Windows\System\KzlsplV.exe
  2⤵
  PID:9152
- C:\Windows\System\MenPmMX.exe
  C:\Windows\System\MenPmMX.exe
  2⤵
  PID:9172
- C:\Windows\System\lFHBzFg.exe
  C:\Windows\System\lFHBzFg.exe
  2⤵
  PID:9200
- C:\Windows\System\UHtDmeG.exe
  C:\Windows\System\UHtDmeG.exe
  2⤵
  PID:8264
- C:\Windows\System\yIIeeAw.exe
  C:\Windows\System\yIIeeAw.exe
  2⤵
  PID:8404
- C:\Windows\System\aEIIOQT.exe
  C:\Windows\System\aEIIOQT.exe
  2⤵
  PID:8448
- C:\Windows\System\vsleRRv.exe
  C:\Windows\System\vsleRRv.exe
  2⤵
  PID:8540
- C:\Windows\System\nGNVklu.exe
  C:\Windows\System\nGNVklu.exe
  2⤵
  PID:8600
- C:\Windows\System\MMlMnMY.exe
  C:\Windows\System\MMlMnMY.exe
  2⤵
  PID:8660
- C:\Windows\System\sTHgTwu.exe
  C:\Windows\System\sTHgTwu.exe
  2⤵
  PID:8740
- C:\Windows\System\vzYHbIe.exe
  C:\Windows\System\vzYHbIe.exe
  2⤵
  PID:8800
- C:\Windows\System\kozRDJZ.exe
  C:\Windows\System\kozRDJZ.exe
  2⤵
  PID:8884
- C:\Windows\System\wPLMJAI.exe
  C:\Windows\System\wPLMJAI.exe
  2⤵
  PID:8928
- C:\Windows\System\wTcjdOp.exe
  C:\Windows\System\wTcjdOp.exe
  2⤵
  PID:8992
- C:\Windows\System\UwHgQLS.exe
  C:\Windows\System\UwHgQLS.exe
  2⤵
  PID:9052
- C:\Windows\System\JTGqPoj.exe
  C:\Windows\System\JTGqPoj.exe
  2⤵
  PID:9124
- C:\Windows\System\nkynTyn.exe
  C:\Windows\System\nkynTyn.exe
  2⤵
  PID:5436
- C:\Windows\System\solLrGf.exe
  C:\Windows\System\solLrGf.exe
  2⤵
  PID:4520
- C:\Windows\System\dGuzQyr.exe
  C:\Windows\System\dGuzQyr.exe
  2⤵
  PID:8516
- C:\Windows\System\bYnPPzu.exe
  C:\Windows\System\bYnPPzu.exe
  2⤵
  PID:8652
- C:\Windows\System\WwVlvkb.exe
  C:\Windows\System\WwVlvkb.exe
  2⤵
  PID:8828
- C:\Windows\System\PFqOwfS.exe
  C:\Windows\System\PFqOwfS.exe
  2⤵
  PID:8988
- C:\Windows\System\odgJghW.exe
  C:\Windows\System\odgJghW.exe
  2⤵
  PID:9108
- C:\Windows\System\NHGUYWU.exe
  C:\Windows\System\NHGUYWU.exe
  2⤵
  PID:8252
- C:\Windows\System\qMTaJyn.exe
  C:\Windows\System\qMTaJyn.exe
  2⤵
  PID:8768
- C:\Windows\System\LmvkAVh.exe
  C:\Windows\System\LmvkAVh.exe
  2⤵
  PID:9100
- C:\Windows\System\TDDsZtR.exe
  C:\Windows\System\TDDsZtR.exe
  2⤵
  PID:8644
- C:\Windows\System\LRPgQWR.exe
  C:\Windows\System\LRPgQWR.exe
  2⤵
  PID:8624
- C:\Windows\System\SAwFtVo.exe
  C:\Windows\System\SAwFtVo.exe
  2⤵
  PID:9232
- C:\Windows\System\wHCkdcB.exe
  C:\Windows\System\wHCkdcB.exe
  2⤵
  PID:9260
- C:\Windows\System\hNSujfh.exe
  C:\Windows\System\hNSujfh.exe
  2⤵
  PID:9288
- C:\Windows\System\cjlJdDR.exe
  C:\Windows\System\cjlJdDR.exe
  2⤵
  PID:9316
- C:\Windows\System\dIlAyii.exe
  C:\Windows\System\dIlAyii.exe
  2⤵
  PID:9344
- C:\Windows\System\wowxisC.exe
  C:\Windows\System\wowxisC.exe
  2⤵
  PID:9372
- C:\Windows\System\pDPnLXg.exe
  C:\Windows\System\pDPnLXg.exe
  2⤵
  PID:9400
- C:\Windows\System\JFbYtdL.exe
  C:\Windows\System\JFbYtdL.exe
  2⤵
  PID:9428
- C:\Windows\System\iQcqMSz.exe
  C:\Windows\System\iQcqMSz.exe
  2⤵
  PID:9456
- C:\Windows\System\BcdNOkN.exe
  C:\Windows\System\BcdNOkN.exe
  2⤵
  PID:9484
- C:\Windows\System\mcBmDaH.exe
  C:\Windows\System\mcBmDaH.exe
  2⤵
  PID:9516
- C:\Windows\System\DPLBmTQ.exe
  C:\Windows\System\DPLBmTQ.exe
  2⤵
  PID:9544
- C:\Windows\System\dazGTVc.exe
  C:\Windows\System\dazGTVc.exe
  2⤵
  PID:9580
- C:\Windows\System\ixNPpkU.exe
  C:\Windows\System\ixNPpkU.exe
  2⤵
  PID:9616
- C:\Windows\System\LVBTtxI.exe
  C:\Windows\System\LVBTtxI.exe
  2⤵
  PID:9644
- C:\Windows\System\rLqllLj.exe
  C:\Windows\System\rLqllLj.exe
  2⤵
  PID:9700
- C:\Windows\System\lQytDHH.exe
  C:\Windows\System\lQytDHH.exe
  2⤵
  PID:9740
- C:\Windows\System\aMMYFsg.exe
  C:\Windows\System\aMMYFsg.exe
  2⤵
  PID:9760
- C:\Windows\System\lxqNZOC.exe
  C:\Windows\System\lxqNZOC.exe
  2⤵
  PID:9788
- C:\Windows\System\meVSsAM.exe
  C:\Windows\System\meVSsAM.exe
  2⤵
  PID:9828
- C:\Windows\System\GAIgaXh.exe
  C:\Windows\System\GAIgaXh.exe
  2⤵
  PID:9856
- C:\Windows\System\BNQMrlr.exe
  C:\Windows\System\BNQMrlr.exe
  2⤵
  PID:9884
- C:\Windows\System\SIYtoIg.exe
  C:\Windows\System\SIYtoIg.exe
  2⤵
  PID:9912
- C:\Windows\System\slgVPBY.exe
  C:\Windows\System\slgVPBY.exe
  2⤵
  PID:9940
- C:\Windows\System\ekAIVVd.exe
  C:\Windows\System\ekAIVVd.exe
  2⤵
  PID:9972
- C:\Windows\System\gyAakAw.exe
  C:\Windows\System\gyAakAw.exe
  2⤵
  PID:10000
- C:\Windows\System\LRYqhQZ.exe
  C:\Windows\System\LRYqhQZ.exe
  2⤵
  PID:10028
- C:\Windows\System\sFrUGJX.exe
  C:\Windows\System\sFrUGJX.exe
  2⤵
  PID:10056
- C:\Windows\System\uKuFpPP.exe
  C:\Windows\System\uKuFpPP.exe
  2⤵
  PID:10084
- C:\Windows\System\ebgjLlb.exe
  C:\Windows\System\ebgjLlb.exe
  2⤵
  PID:10112
- C:\Windows\System\RoYzQKm.exe
  C:\Windows\System\RoYzQKm.exe
  2⤵
  PID:10144
- C:\Windows\System\PHORVLv.exe
  C:\Windows\System\PHORVLv.exe
  2⤵
  PID:10168
- C:\Windows\System\zLoGwqS.exe
  C:\Windows\System\zLoGwqS.exe
  2⤵
  PID:10196
- C:\Windows\System\MjYTkjA.exe
  C:\Windows\System\MjYTkjA.exe
  2⤵
  PID:10224
- C:\Windows\System\XrsVObE.exe
  C:\Windows\System\XrsVObE.exe
  2⤵
  PID:9248
- C:\Windows\System\XESXWRU.exe
  C:\Windows\System\XESXWRU.exe
  2⤵
  PID:8684
- C:\Windows\System\uvCzwHD.exe
  C:\Windows\System\uvCzwHD.exe
  2⤵
  PID:9364
- C:\Windows\System\TpmDBYn.exe
  C:\Windows\System\TpmDBYn.exe
  2⤵
  PID:9424
- C:\Windows\System\oUxvsva.exe
  C:\Windows\System\oUxvsva.exe
  2⤵
  PID:9480
- C:\Windows\System\tolFSlt.exe
  C:\Windows\System\tolFSlt.exe
  2⤵
  PID:9556
- C:\Windows\System\yHDwQfM.exe
  C:\Windows\System\yHDwQfM.exe
  2⤵
  PID:9612
- C:\Windows\System\lgldeLk.exe
  C:\Windows\System\lgldeLk.exe
  2⤵
  PID:9696
- C:\Windows\System\eSYvuQo.exe
  C:\Windows\System\eSYvuQo.exe
  2⤵
  PID:3020
- C:\Windows\System\sVfsGuY.exe
  C:\Windows\System\sVfsGuY.exe
  2⤵
  PID:9780
- C:\Windows\System\pMjPsvS.exe
  C:\Windows\System\pMjPsvS.exe
  2⤵
  PID:9852
- C:\Windows\System\uHbmSte.exe
  C:\Windows\System\uHbmSte.exe
  2⤵
  PID:9924
- C:\Windows\System\LTEQyAS.exe
  C:\Windows\System\LTEQyAS.exe
  2⤵
  PID:9992
- C:\Windows\System\QqrNUmb.exe
  C:\Windows\System\QqrNUmb.exe
  2⤵
  PID:10024
- C:\Windows\System\iNqMTSI.exe
  C:\Windows\System\iNqMTSI.exe
  2⤵
  PID:10076
- C:\Windows\System\WljJlAA.exe
  C:\Windows\System\WljJlAA.exe
  2⤵
  PID:10136
- C:\Windows\System\vCyVTey.exe
  C:\Windows\System\vCyVTey.exe
  2⤵
  PID:10180
- C:\Windows\System\nQXkfaz.exe
  C:\Windows\System\nQXkfaz.exe
  2⤵
  PID:9220
- C:\Windows\System\hcmanam.exe
  C:\Windows\System\hcmanam.exe
  2⤵
  PID:9340
- C:\Windows\System\MTqrqXU.exe
  C:\Windows\System\MTqrqXU.exe
  2⤵
  PID:3300
- C:\Windows\System\cBJKJqB.exe
  C:\Windows\System\cBJKJqB.exe
  2⤵
  PID:2004
- C:\Windows\System\mtHOUPK.exe
  C:\Windows\System\mtHOUPK.exe
  2⤵
  PID:9748
- C:\Windows\System\SgoeMnO.exe
  C:\Windows\System\SgoeMnO.exe
  2⤵
  PID:9880
- C:\Windows\System\cZamZvt.exe
  C:\Windows\System\cZamZvt.exe
  2⤵
  PID:2320
- C:\Windows\System\wmVNNPv.exe
  C:\Windows\System\wmVNNPv.exe
  2⤵
  PID:10132
- C:\Windows\System\VpjZACA.exe
  C:\Windows\System\VpjZACA.exe
  2⤵
  PID:4224
- C:\Windows\System\qzpWQjj.exe
  C:\Windows\System\qzpWQjj.exe
  2⤵
  PID:2500
- C:\Windows\System\DwdMLYT.exe
  C:\Windows\System\DwdMLYT.exe
  2⤵
  PID:4792
- C:\Windows\System\TrItrNU.exe
  C:\Windows\System\TrItrNU.exe
  2⤵
  PID:9984
- C:\Windows\System\wDSvpLz.exe
  C:\Windows\System\wDSvpLz.exe
  2⤵
  PID:6116
- C:\Windows\System\SIlBLFc.exe
  C:\Windows\System\SIlBLFc.exe
  2⤵
  PID:6092
- C:\Windows\System\RFWvbQX.exe
  C:\Windows\System\RFWvbQX.exe
  2⤵
  PID:3536
- C:\Windows\System\tqWBMxF.exe
  C:\Windows\System\tqWBMxF.exe
  2⤵
  PID:9420
- C:\Windows\System\HKQpRIf.exe
  C:\Windows\System\HKQpRIf.exe
  2⤵
  PID:10108
- C:\Windows\System\wClltEU.exe
  C:\Windows\System\wClltEU.exe
  2⤵
  PID:1032
- C:\Windows\System\PKQEHko.exe
  C:\Windows\System\PKQEHko.exe
  2⤵
  PID:9848
- C:\Windows\System\cGtsKak.exe
  C:\Windows\System\cGtsKak.exe
  2⤵
  PID:10164
- C:\Windows\System\ghYIEAm.exe
  C:\Windows\System\ghYIEAm.exe
  2⤵
  PID:10260
- C:\Windows\System\otJIqDb.exe
  C:\Windows\System\otJIqDb.exe
  2⤵
  PID:10288
- C:\Windows\System\zaaLTXs.exe
  C:\Windows\System\zaaLTXs.exe
  2⤵
  PID:10316
- C:\Windows\System\qXSPzCy.exe
  C:\Windows\System\qXSPzCy.exe
  2⤵
  PID:10344
- C:\Windows\System\suSLQpc.exe
  C:\Windows\System\suSLQpc.exe
  2⤵
  PID:10372
- C:\Windows\System\bjnNyWJ.exe
  C:\Windows\System\bjnNyWJ.exe
  2⤵
  PID:10400
- C:\Windows\System\CPPqDQk.exe
  C:\Windows\System\CPPqDQk.exe
  2⤵
  PID:10428
- C:\Windows\System\sGgZvYg.exe
  C:\Windows\System\sGgZvYg.exe
  2⤵
  PID:10468
- C:\Windows\System\DWkorCL.exe
  C:\Windows\System\DWkorCL.exe
  2⤵
  PID:10484
- C:\Windows\System\APLiWiM.exe
  C:\Windows\System\APLiWiM.exe
  2⤵
  PID:10512
- C:\Windows\System\galWnMK.exe
  C:\Windows\System\galWnMK.exe
  2⤵
  PID:10540
- C:\Windows\System\beBrUBS.exe
  C:\Windows\System\beBrUBS.exe
  2⤵
  PID:10568
- C:\Windows\System\yVplThc.exe
  C:\Windows\System\yVplThc.exe
  2⤵
  PID:10596
- C:\Windows\System\PfMpyqV.exe
  C:\Windows\System\PfMpyqV.exe
  2⤵
  PID:10624
- C:\Windows\System\GAFDHjt.exe
  C:\Windows\System\GAFDHjt.exe
  2⤵
  PID:10652
- C:\Windows\System\WnTyikk.exe
  C:\Windows\System\WnTyikk.exe
  2⤵
  PID:10680
- C:\Windows\System\GBTtkpU.exe
  C:\Windows\System\GBTtkpU.exe
  2⤵
  PID:10708
- C:\Windows\System\XxadVnz.exe
  C:\Windows\System\XxadVnz.exe
  2⤵
  PID:10740
- C:\Windows\System\NFUHxcQ.exe
  C:\Windows\System\NFUHxcQ.exe
  2⤵
  PID:10768
- C:\Windows\System\tTytABI.exe
  C:\Windows\System\tTytABI.exe
  2⤵
  PID:10796
- C:\Windows\System\DvJMStN.exe
  C:\Windows\System\DvJMStN.exe
  2⤵
  PID:10824
- C:\Windows\System\rthlmKP.exe
  C:\Windows\System\rthlmKP.exe
  2⤵
  PID:10852
- C:\Windows\System\czVDlTw.exe
  C:\Windows\System\czVDlTw.exe
  2⤵
  PID:10884
- C:\Windows\System\XqLYRNg.exe
  C:\Windows\System\XqLYRNg.exe
  2⤵
  PID:10912
- C:\Windows\System\xZyfPRb.exe
  C:\Windows\System\xZyfPRb.exe
  2⤵
  PID:10948
- C:\Windows\System\KrdALLD.exe
  C:\Windows\System\KrdALLD.exe
  2⤵
  PID:10968
- C:\Windows\System\KClFoYA.exe
  C:\Windows\System\KClFoYA.exe
  2⤵
  PID:10996
- C:\Windows\System\KSIxURE.exe
  C:\Windows\System\KSIxURE.exe
  2⤵
  PID:11028
- C:\Windows\System\JkbTtUh.exe
  C:\Windows\System\JkbTtUh.exe
  2⤵
  PID:11056
- C:\Windows\System\rNWxLdy.exe
  C:\Windows\System\rNWxLdy.exe
  2⤵
  PID:11084
- C:\Windows\System\HXmbXBT.exe
  C:\Windows\System\HXmbXBT.exe
  2⤵
  PID:11112
- C:\Windows\System\WGXaIzD.exe
  C:\Windows\System\WGXaIzD.exe
  2⤵
  PID:11140
- C:\Windows\System\XTWTlQR.exe
  C:\Windows\System\XTWTlQR.exe
  2⤵
  PID:11168
- C:\Windows\System\auXSVfD.exe
  C:\Windows\System\auXSVfD.exe
  2⤵
  PID:11196
- C:\Windows\System\jROMjGH.exe
  C:\Windows\System\jROMjGH.exe
  2⤵
  PID:11224
- C:\Windows\System\jNzPUyO.exe
  C:\Windows\System\jNzPUyO.exe
  2⤵
  PID:11252
- C:\Windows\System\MYqAWkC.exe
  C:\Windows\System\MYqAWkC.exe
  2⤵
  PID:10308
- C:\Windows\System\PzNCRyJ.exe
  C:\Windows\System\PzNCRyJ.exe
  2⤵
  PID:10360
- C:\Windows\System\snMWroq.exe
  C:\Windows\System\snMWroq.exe
  2⤵
  PID:10416
- C:\Windows\System\SnRfMFR.exe
  C:\Windows\System\SnRfMFR.exe
  2⤵
  PID:10480
- C:\Windows\System\qarPwGx.exe
  C:\Windows\System\qarPwGx.exe
  2⤵
  PID:10532
- C:\Windows\System\FEjMQvE.exe
  C:\Windows\System\FEjMQvE.exe
  2⤵
  PID:10592
- C:\Windows\System\FEOyipp.exe
  C:\Windows\System\FEOyipp.exe
  2⤵
  PID:10664
- C:\Windows\System\kFFwdcz.exe
  C:\Windows\System\kFFwdcz.exe
  2⤵
  PID:10720
- C:\Windows\System\YEpgBmj.exe
  C:\Windows\System\YEpgBmj.exe
  2⤵
  PID:10788
- C:\Windows\System\FmVkPka.exe
  C:\Windows\System\FmVkPka.exe
  2⤵
  PID:10848
- C:\Windows\System\pTDMTRX.exe
  C:\Windows\System\pTDMTRX.exe
  2⤵
  PID:10908
- C:\Windows\System\sQlJELK.exe
  C:\Windows\System\sQlJELK.exe
  2⤵
  PID:3400
- C:\Windows\System\bsyvMKz.exe
  C:\Windows\System\bsyvMKz.exe
  2⤵
  PID:11012
- C:\Windows\System\qegsHEs.exe
  C:\Windows\System\qegsHEs.exe
  2⤵
  PID:11076
- C:\Windows\System\ZOKdHHF.exe
  C:\Windows\System\ZOKdHHF.exe
  2⤵
  PID:888
- C:\Windows\System\PVJDjNB.exe
  C:\Windows\System\PVJDjNB.exe
  2⤵
  PID:11180
- C:\Windows\System\wzebtLX.exe
  C:\Windows\System\wzebtLX.exe
  2⤵
  PID:11244
- C:\Windows\System\AmaqLgh.exe
  C:\Windows\System\AmaqLgh.exe
  2⤵
  PID:10340
- C:\Windows\System\jREpxZr.exe
  C:\Windows\System\jREpxZr.exe
  2⤵
  PID:10504
- C:\Windows\System\yfyuMcG.exe
  C:\Windows\System\yfyuMcG.exe
  2⤵
  PID:10880
- C:\Windows\System\DezUFru.exe
  C:\Windows\System\DezUFru.exe
  2⤵
  PID:10752
- C:\Windows\System\xfvxXXD.exe
  C:\Windows\System\xfvxXXD.exe
  2⤵
  PID:10896
- C:\Windows\System\QCIlFHd.exe
  C:\Windows\System\QCIlFHd.exe
  2⤵
  PID:10992
- C:\Windows\System\efFyCqF.exe
  C:\Windows\System\efFyCqF.exe
  2⤵
  PID:11136
- C:\Windows\System\fcsWIGT.exe
  C:\Windows\System\fcsWIGT.exe
  2⤵
  PID:10328
- C:\Windows\System\IWlAUaI.exe
  C:\Windows\System\IWlAUaI.exe
  2⤵
  PID:10588
- C:\Windows\System\DwZrxiB.exe
  C:\Windows\System\DwZrxiB.exe
  2⤵
  PID:3908
- C:\Windows\System\zvEhTeT.exe
  C:\Windows\System\zvEhTeT.exe
  2⤵
  PID:11240
- C:\Windows\System\RWjyweG.exe
  C:\Windows\System\RWjyweG.exe
  2⤵
  PID:10876
- C:\Windows\System\GSUfyHe.exe
  C:\Windows\System\GSUfyHe.exe
  2⤵
  PID:11272
- C:\Windows\System\oGngAef.exe
  C:\Windows\System\oGngAef.exe
  2⤵
  PID:11296
- C:\Windows\System\MXKOaOu.exe
  C:\Windows\System\MXKOaOu.exe
  2⤵
  PID:11316
- C:\Windows\System\RJqZBnv.exe
  C:\Windows\System\RJqZBnv.exe
  2⤵
  PID:11344
- C:\Windows\System\OneLtDD.exe
  C:\Windows\System\OneLtDD.exe
  2⤵
  PID:11372
- C:\Windows\System\uISKDdj.exe
  C:\Windows\System\uISKDdj.exe
  2⤵
  PID:11400
- C:\Windows\System\egwMwAD.exe
  C:\Windows\System\egwMwAD.exe
  2⤵
  PID:11428
- C:\Windows\System\qLtCmAJ.exe
  C:\Windows\System\qLtCmAJ.exe
  2⤵
  PID:11456
- C:\Windows\System\mdUgYkO.exe
  C:\Windows\System\mdUgYkO.exe
  2⤵
  PID:11484
- C:\Windows\System\peGmVzx.exe
  C:\Windows\System\peGmVzx.exe
  2⤵
  PID:11512
- C:\Windows\System\nQPYTXE.exe
  C:\Windows\System\nQPYTXE.exe
  2⤵
  PID:11540
- C:\Windows\System\yXNgwvU.exe
  C:\Windows\System\yXNgwvU.exe
  2⤵
  PID:11568
- C:\Windows\System\CnCbCly.exe
  C:\Windows\System\CnCbCly.exe
  2⤵
  PID:11596
- C:\Windows\System\aXbiZma.exe
  C:\Windows\System\aXbiZma.exe
  2⤵
  PID:11628
- C:\Windows\System\WtHveCC.exe
  C:\Windows\System\WtHveCC.exe
  2⤵
  PID:11656
- C:\Windows\System\auantMu.exe
  C:\Windows\System\auantMu.exe
  2⤵
  PID:11684
- C:\Windows\System\dFEXsvV.exe
  C:\Windows\System\dFEXsvV.exe
  2⤵
  PID:11712
- C:\Windows\System\IxfYfHl.exe
  C:\Windows\System\IxfYfHl.exe
  2⤵
  PID:11740
- C:\Windows\System\lewfAFF.exe
  C:\Windows\System\lewfAFF.exe
  2⤵
  PID:11768
- C:\Windows\System\HFMoAAu.exe
  C:\Windows\System\HFMoAAu.exe
  2⤵
  PID:11796
- C:\Windows\System\aewkPhX.exe
  C:\Windows\System\aewkPhX.exe
  2⤵
  PID:11824
- C:\Windows\System\miGQGnA.exe
  C:\Windows\System\miGQGnA.exe
  2⤵
  PID:11852
- C:\Windows\System\dPTOUeO.exe
  C:\Windows\System\dPTOUeO.exe
  2⤵
  PID:11880
- C:\Windows\System\GCpjyvd.exe
  C:\Windows\System\GCpjyvd.exe
  2⤵
  PID:11908
- C:\Windows\System\Oqgjcto.exe
  C:\Windows\System\Oqgjcto.exe
  2⤵
  PID:11936
- C:\Windows\System\ygVGFdS.exe
  C:\Windows\System\ygVGFdS.exe
  2⤵
  PID:11964
- C:\Windows\System\HqvzuSx.exe
  C:\Windows\System\HqvzuSx.exe
  2⤵
  PID:11992
- C:\Windows\System\SpuECdZ.exe
  C:\Windows\System\SpuECdZ.exe
  2⤵
  PID:12020
- C:\Windows\System\fkCdyni.exe
  C:\Windows\System\fkCdyni.exe
  2⤵
  PID:12048
- C:\Windows\System\nRAZCYq.exe
  C:\Windows\System\nRAZCYq.exe
  2⤵
  PID:12076
- C:\Windows\System\tXPRyEQ.exe
  C:\Windows\System\tXPRyEQ.exe
  2⤵
  PID:12104
- C:\Windows\System\brNvJme.exe
  C:\Windows\System\brNvJme.exe
  2⤵
  PID:12132
- C:\Windows\System\CZUuERm.exe
  C:\Windows\System\CZUuERm.exe
  2⤵
  PID:12160
- C:\Windows\System\bnRGgxn.exe
  C:\Windows\System\bnRGgxn.exe
  2⤵
  PID:12188
- C:\Windows\System\HCQVJUk.exe
  C:\Windows\System\HCQVJUk.exe
  2⤵
  PID:12216
- C:\Windows\System\BWGdEPm.exe
  C:\Windows\System\BWGdEPm.exe
  2⤵
  PID:12244
- C:\Windows\System\ITtPyty.exe
  C:\Windows\System\ITtPyty.exe
  2⤵
  PID:12272
- C:\Windows\System\aidSaQJ.exe
  C:\Windows\System\aidSaQJ.exe
  2⤵
  PID:11284
- C:\Windows\System\aesyjhw.exe
  C:\Windows\System\aesyjhw.exe
  2⤵
  PID:11356
- C:\Windows\System\GoaQBGt.exe
  C:\Windows\System\GoaQBGt.exe
  2⤵
  PID:11068
- C:\Windows\System\EOZojNe.exe
  C:\Windows\System\EOZojNe.exe
  2⤵
  PID:11468
- C:\Windows\System\nkoWmtO.exe
  C:\Windows\System\nkoWmtO.exe
  2⤵
  PID:11532
- C:\Windows\System\baOOACB.exe
  C:\Windows\System\baOOACB.exe
  2⤵
  PID:11592
- C:\Windows\System\akdHdUK.exe
  C:\Windows\System\akdHdUK.exe
  2⤵
  PID:11668
- C:\Windows\System\LuXcTHM.exe
  C:\Windows\System\LuXcTHM.exe
  2⤵
  PID:11724
- C:\Windows\System\GuCxOxu.exe
  C:\Windows\System\GuCxOxu.exe
  2⤵
  PID:11792
- C:\Windows\System\gLulaWK.exe
  C:\Windows\System\gLulaWK.exe
  2⤵
  PID:11864
- C:\Windows\System\WEEOlqN.exe
  C:\Windows\System\WEEOlqN.exe
  2⤵
  PID:11928
- C:\Windows\System\uFuXkHG.exe
  C:\Windows\System\uFuXkHG.exe
  2⤵
  PID:4516
- C:\Windows\System\rNUDFGS.exe
  C:\Windows\System\rNUDFGS.exe
  2⤵
  PID:12044
- C:\Windows\System\jOwgMbs.exe
  C:\Windows\System\jOwgMbs.exe
  2⤵
  PID:12116
- C:\Windows\System\BohKQeS.exe
  C:\Windows\System\BohKQeS.exe
  2⤵
  PID:12172
- C:\Windows\System\VceLWZg.exe
  C:\Windows\System\VceLWZg.exe
  2⤵
  PID:12236
- C:\Windows\System\PykuEcG.exe
  C:\Windows\System\PykuEcG.exe
  2⤵
  PID:10844
- C:\Windows\System\eOxciHg.exe
  C:\Windows\System\eOxciHg.exe
  2⤵
  PID:11412
- C:\Windows\System\lDoLWWS.exe
  C:\Windows\System\lDoLWWS.exe
  2⤵
  PID:11560
- C:\Windows\System\BCXmymW.exe
  C:\Windows\System\BCXmymW.exe
  2⤵
  PID:11708
- C:\Windows\System\RAuafZx.exe
  C:\Windows\System\RAuafZx.exe
  2⤵
  PID:11844
- C:\Windows\System\uvEFszG.exe
  C:\Windows\System\uvEFszG.exe
  2⤵
  PID:11988
- C:\Windows\System\PyqzMGv.exe
  C:\Windows\System\PyqzMGv.exe
  2⤵
  PID:12144
- C:\Windows\System\PogJDLk.exe
  C:\Windows\System\PogJDLk.exe
  2⤵
  PID:12264
- C:\Windows\System\veLSmWa.exe
  C:\Windows\System\veLSmWa.exe
  2⤵
  PID:11508
- C:\Windows\System\WdUfBoV.exe
  C:\Windows\System\WdUfBoV.exe
  2⤵
  PID:11788
- C:\Windows\System\ZdqPEwc.exe
  C:\Windows\System\ZdqPEwc.exe
  2⤵
  PID:12100
- C:\Windows\System\sqgjALE.exe
  C:\Windows\System\sqgjALE.exe
  2⤵
  PID:11652
- C:\Windows\System\zYGnhgQ.exe
  C:\Windows\System\zYGnhgQ.exe
  2⤵
  PID:11396
- C:\Windows\System\EZdTiek.exe
  C:\Windows\System\EZdTiek.exe
  2⤵
  PID:12308
- C:\Windows\System\aLPAgox.exe
  C:\Windows\System\aLPAgox.exe
  2⤵
  PID:12324
- C:\Windows\System\IfUvAnC.exe
  C:\Windows\System\IfUvAnC.exe
  2⤵
  PID:12352
- C:\Windows\System\iRGmhUy.exe
  C:\Windows\System\iRGmhUy.exe
  2⤵
  PID:12380
- C:\Windows\System\MhJfXPt.exe
  C:\Windows\System\MhJfXPt.exe
  2⤵
  PID:12408
- C:\Windows\System\bRieshX.exe
  C:\Windows\System\bRieshX.exe
  2⤵
  PID:12440
- C:\Windows\System\lvbnkyO.exe
  C:\Windows\System\lvbnkyO.exe
  2⤵
  PID:12468
- C:\Windows\System\oXVFsBJ.exe
  C:\Windows\System\oXVFsBJ.exe
  2⤵
  PID:12496
- C:\Windows\System\xMAPuFv.exe
  C:\Windows\System\xMAPuFv.exe
  2⤵
  PID:12524
- C:\Windows\System\ulnFXQq.exe
  C:\Windows\System\ulnFXQq.exe
  2⤵
  PID:12552
- C:\Windows\System\wegVaDU.exe
  C:\Windows\System\wegVaDU.exe
  2⤵
  PID:12580
- C:\Windows\System\HGjitbn.exe
  C:\Windows\System\HGjitbn.exe
  2⤵
  PID:12608
- C:\Windows\System\KItVwaQ.exe
  C:\Windows\System\KItVwaQ.exe
  2⤵
  PID:12636
- C:\Windows\System\QqbktfB.exe
  C:\Windows\System\QqbktfB.exe
  2⤵
  PID:12664
- C:\Windows\System\TBUWkUe.exe
  C:\Windows\System\TBUWkUe.exe
  2⤵
  PID:12692
- C:\Windows\System\RftzVnq.exe
  C:\Windows\System\RftzVnq.exe
  2⤵
  PID:12720
- C:\Windows\System\yAdnvES.exe
  C:\Windows\System\yAdnvES.exe
  2⤵
  PID:12748
- C:\Windows\System\QyQJJHC.exe
  C:\Windows\System\QyQJJHC.exe
  2⤵
  PID:12776
- C:\Windows\System\gsmRsLY.exe
  C:\Windows\System\gsmRsLY.exe
  2⤵
  PID:12804
- C:\Windows\System\gBxyoIj.exe
  C:\Windows\System\gBxyoIj.exe
  2⤵
  PID:12832
- C:\Windows\System\egBQZAH.exe
  C:\Windows\System\egBQZAH.exe
  2⤵
  PID:12860
- C:\Windows\System\cHDGkFP.exe
  C:\Windows\System\cHDGkFP.exe
  2⤵
  PID:12888
- C:\Windows\System\OxgCQNE.exe
  C:\Windows\System\OxgCQNE.exe
  2⤵
  PID:12916
- C:\Windows\System\lKUyddA.exe
  C:\Windows\System\lKUyddA.exe
  2⤵
  PID:12944
- C:\Windows\System\xgoIorj.exe
  C:\Windows\System\xgoIorj.exe
  2⤵
  PID:12972
- C:\Windows\System\ksOZeUg.exe
  C:\Windows\System\ksOZeUg.exe
  2⤵
  PID:13000
- C:\Windows\System\hIwAdAL.exe
  C:\Windows\System\hIwAdAL.exe
  2⤵
  PID:13028
- C:\Windows\System\PPqbIMl.exe
  C:\Windows\System\PPqbIMl.exe
  2⤵
  PID:13056
- C:\Windows\System\lcoyqnn.exe
  C:\Windows\System\lcoyqnn.exe
  2⤵
  PID:13084
- C:\Windows\System\KkTVxAU.exe
  C:\Windows\System\KkTVxAU.exe
  2⤵
  PID:13112
- C:\Windows\System\WfWONBn.exe
  C:\Windows\System\WfWONBn.exe
  2⤵
  PID:13140
- C:\Windows\System\wHMLmfV.exe
  C:\Windows\System\wHMLmfV.exe
  2⤵
  PID:13168
- C:\Windows\System\cBdeTxA.exe
  C:\Windows\System\cBdeTxA.exe
  2⤵
  PID:13196
- C:\Windows\System\XoAusBa.exe
  C:\Windows\System\XoAusBa.exe
  2⤵
  PID:13224
- C:\Windows\System\nQFvPzf.exe
  C:\Windows\System\nQFvPzf.exe
  2⤵
  PID:13252
- C:\Windows\System\sVcHDOT.exe
  C:\Windows\System\sVcHDOT.exe
  2⤵
  PID:13284
- C:\Windows\System\uVXdBqC.exe
  C:\Windows\System\uVXdBqC.exe
  2⤵
  PID:12292
- C:\Windows\System\UvEYdaC.exe
  C:\Windows\System\UvEYdaC.exe
  2⤵
  PID:12344
- C:\Windows\System\nkUhAog.exe
  C:\Windows\System\nkUhAog.exe
  2⤵
  PID:12404
- C:\Windows\System\rKlsCaF.exe
  C:\Windows\System\rKlsCaF.exe
  2⤵
  PID:12480
- C:\Windows\System\ktDHPEs.exe
  C:\Windows\System\ktDHPEs.exe
  2⤵
  PID:12564
- C:\Windows\System\ssVQjPE.exe
  C:\Windows\System\ssVQjPE.exe
  2⤵
  PID:12628
- C:\Windows\System\IrtLPVS.exe
  C:\Windows\System\IrtLPVS.exe
  2⤵
  PID:12688
- C:\Windows\System\HIijYjY.exe
  C:\Windows\System\HIijYjY.exe
  2⤵
  PID:12768
- C:\Windows\System\kVANBmV.exe
  C:\Windows\System\kVANBmV.exe
  2⤵
  PID:12824
- C:\Windows\System\vStgGIt.exe
  C:\Windows\System\vStgGIt.exe
  2⤵
  PID:12884
- C:\Windows\System\ufcaIrG.exe
  C:\Windows\System\ufcaIrG.exe
  2⤵
  PID:12956
- C:\Windows\System\DSaIIld.exe
  C:\Windows\System\DSaIIld.exe
  2⤵
  PID:13020
- C:\Windows\System\uUiQmZo.exe
  C:\Windows\System\uUiQmZo.exe
  2⤵
  PID:13076
- C:\Windows\System\FJydODn.exe
  C:\Windows\System\FJydODn.exe
  2⤵
  PID:13136
- C:\Windows\System\DzyMyxg.exe
  C:\Windows\System\DzyMyxg.exe
  2⤵
  PID:13208
- C:\Windows\System\nDZEKYV.exe
  C:\Windows\System\nDZEKYV.exe
  2⤵
  PID:13276
- C:\Windows\System\aBwfWRs.exe
  C:\Windows\System\aBwfWRs.exe
  2⤵
  PID:12336
- C:\Windows\System\IKnuaGk.exe
  C:\Windows\System\IKnuaGk.exe
  2⤵
  PID:12508
- C:\Windows\System\tZnTqnX.exe
  C:\Windows\System\tZnTqnX.exe
  2⤵
  PID:12676
- C:\Windows\System\xfHVuHm.exe
  C:\Windows\System\xfHVuHm.exe
  2⤵
  PID:12816
- C:\Windows\System\wMJHaYN.exe
  C:\Windows\System\wMJHaYN.exe
  2⤵
  PID:12984
- C:\Windows\System\nQMYrwa.exe
  C:\Windows\System\nQMYrwa.exe
  2⤵
  PID:13124
- C:\Windows\System\wwmWicC.exe
  C:\Windows\System\wwmWicC.exe
  2⤵
  PID:12320
- C:\Windows\System\DUSCkLu.exe
  C:\Windows\System\DUSCkLu.exe
  2⤵
  PID:12464
- C:\Windows\System\hChaqMq.exe
  C:\Windows\System\hChaqMq.exe
  2⤵
  PID:12936
- C:\Windows\System\PxkzIKi.exe
  C:\Windows\System\PxkzIKi.exe
  2⤵
  PID:13308
- C:\Windows\System\PGwjoal.exe
  C:\Windows\System\PGwjoal.exe
  2⤵
  PID:13188
- C:\Windows\System\wvpBWeW.exe
  C:\Windows\System\wvpBWeW.exe
  2⤵
  PID:13320
- C:\Windows\System\aFvUNle.exe
  C:\Windows\System\aFvUNle.exe
  2⤵
  PID:13348
- C:\Windows\System\jBtnWGG.exe
  C:\Windows\System\jBtnWGG.exe
  2⤵
  PID:13376
- C:\Windows\System\ceNeMHK.exe
  C:\Windows\System\ceNeMHK.exe
  2⤵
  PID:13404
- C:\Windows\System\HiMPZxv.exe
  C:\Windows\System\HiMPZxv.exe
  2⤵
  PID:13432
- C:\Windows\System\puHnPea.exe
  C:\Windows\System\puHnPea.exe
  2⤵
  PID:13460
- C:\Windows\System\eZBpLLj.exe
  C:\Windows\System\eZBpLLj.exe
  2⤵
  PID:13488
- C:\Windows\System\QNafyDt.exe
  C:\Windows\System\QNafyDt.exe
  2⤵
  PID:13516
- C:\Windows\System\cGwnWfi.exe
  C:\Windows\System\cGwnWfi.exe
  2⤵
  PID:13544
- C:\Windows\System\ZxclNbq.exe
  C:\Windows\System\ZxclNbq.exe
  2⤵
  PID:13572
- C:\Windows\System\WKapQOb.exe
  C:\Windows\System\WKapQOb.exe
  2⤵
  PID:13600
- C:\Windows\System\LyxdKRD.exe
  C:\Windows\System\LyxdKRD.exe
  2⤵
  PID:13632
- C:\Windows\System\MgriPmq.exe
  C:\Windows\System\MgriPmq.exe
  2⤵
  PID:13664
- C:\Windows\System\uijsdLR.exe
  C:\Windows\System\uijsdLR.exe
  2⤵
  PID:13692
- C:\Windows\System\AHITmBd.exe
  C:\Windows\System\AHITmBd.exe
  2⤵
  PID:13720
- C:\Windows\System\alZZzbm.exe
  C:\Windows\System\alZZzbm.exe
  2⤵
  PID:13748
- C:\Windows\System\caCRsFa.exe
  C:\Windows\System\caCRsFa.exe
  2⤵
  PID:13776
- C:\Windows\System\WCVePcp.exe
  C:\Windows\System\WCVePcp.exe
  2⤵
  PID:13804
- C:\Windows\System\YWGPwdR.exe
  C:\Windows\System\YWGPwdR.exe
  2⤵
  PID:13832
- C:\Windows\System\fIDoSxb.exe
  C:\Windows\System\fIDoSxb.exe
  2⤵
  PID:13860
- C:\Windows\System\qgFMxzp.exe
  C:\Windows\System\qgFMxzp.exe
  2⤵
  PID:13884
- C:\Windows\System\oNXnNQb.exe
  C:\Windows\System\oNXnNQb.exe
  2⤵
  PID:13916
- C:\Windows\System\xboHLKv.exe
  C:\Windows\System\xboHLKv.exe
  2⤵
  PID:13944
- C:\Windows\System\GXBVVXD.exe
  C:\Windows\System\GXBVVXD.exe
  2⤵
  PID:13976
- C:\Windows\System\preNiFX.exe
  C:\Windows\System\preNiFX.exe
  2⤵
  PID:14004
- C:\Windows\System\mAxHePG.exe
  C:\Windows\System\mAxHePG.exe
  2⤵
  PID:14032
- C:\Windows\System\WYYPIdj.exe
  C:\Windows\System\WYYPIdj.exe
  2⤵
  PID:14060
- C:\Windows\System\lXOCAkB.exe
  C:\Windows\System\lXOCAkB.exe
  2⤵
  PID:14080
- C:\Windows\System\nECdgmu.exe
  C:\Windows\System\nECdgmu.exe
  2⤵
  PID:14112
- C:\Windows\System\kNNvbYK.exe
  C:\Windows\System\kNNvbYK.exe
  2⤵
  PID:14132
- C:\Windows\System\rkhmJxj.exe
  C:\Windows\System\rkhmJxj.exe
  2⤵
  PID:14164
- C:\Windows\System\GoCqsmA.exe
  C:\Windows\System\GoCqsmA.exe
  2⤵
  PID:14208
- C:\Windows\System\klGyrVn.exe
  C:\Windows\System\klGyrVn.exe
  2⤵
  PID:14244
- C:\Windows\System\DRUlNOe.exe
  C:\Windows\System\DRUlNOe.exe
  2⤵
  PID:14284
- C:\Windows\System\cmSQCXJ.exe
  C:\Windows\System\cmSQCXJ.exe
  2⤵
  PID:14316
- C:\Windows\System\AAwphFq.exe
  C:\Windows\System\AAwphFq.exe
  2⤵
  PID:13388
- C:\Windows\System\WskQjBD.exe
  C:\Windows\System\WskQjBD.exe
  2⤵
  PID:13444
- C:\Windows\System\WMcdFQX.exe
  C:\Windows\System\WMcdFQX.exe
  2⤵
  PID:13536
- C:\Windows\System\EYhiupw.exe
  C:\Windows\System\EYhiupw.exe
  2⤵
  PID:2772
- C:\Windows\System\yhxzzdd.exe
  C:\Windows\System\yhxzzdd.exe
  2⤵
  PID:13676
- C:\Windows\System\BaRhveR.exe
  C:\Windows\System\BaRhveR.exe
  2⤵
  PID:13716
- C:\Windows\System\MFzWWNl.exe
  C:\Windows\System\MFzWWNl.exe
  2⤵
  PID:13788
- C:\Windows\System\SIORLIh.exe
  C:\Windows\System\SIORLIh.exe
  2⤵
  PID:13896
- C:\Windows\System\aOZkoKC.exe
  C:\Windows\System\aOZkoKC.exe
  2⤵
  PID:13936
- C:\Windows\System\MCnyHLt.exe
  C:\Windows\System\MCnyHLt.exe
  2⤵
  PID:14000
- C:\Windows\System\djDGfMQ.exe
  C:\Windows\System\djDGfMQ.exe
  2⤵
  PID:14092
- C:\Windows\System\CitRjzR.exe
  C:\Windows\System\CitRjzR.exe
  2⤵
  PID:13620
- C:\Windows\System\eEUBFsu.exe
  C:\Windows\System\eEUBFsu.exe
  2⤵
  PID:14220
- C:\Windows\System\JAjrWYY.exe
  C:\Windows\System\JAjrWYY.exe
  2⤵
  PID:14304
- C:\Windows\System\DjQqQap.exe
  C:\Windows\System\DjQqQap.exe
  2⤵
  PID:13416
- C:\Windows\System\tucxiBk.exe
  C:\Windows\System\tucxiBk.exe
  2⤵
  PID:13500
- C:\Windows\System\ArUTtZJ.exe
  C:\Windows\System\ArUTtZJ.exe
  2⤵
  PID:14152
- C:\Windows\System\ogfmyCL.exe
  C:\Windows\System\ogfmyCL.exe
  2⤵
  PID:10128
- C:\Windows\System\CwCSJMs.exe
  C:\Windows\System\CwCSJMs.exe
  2⤵
  PID:1296
- C:\Windows\System\KmCjDhC.exe
  C:\Windows\System\KmCjDhC.exe
  2⤵
  PID:3276
- C:\Windows\System\BLhhxeM.exe
  C:\Windows\System\BLhhxeM.exe
  2⤵
  PID:13704
- C:\Windows\System\KofKAVk.exe
  C:\Windows\System\KofKAVk.exe
  2⤵
  PID:13856
- C:\Windows\System\EimQEsd.exe
  C:\Windows\System\EimQEsd.exe
  2⤵
  PID:14324
- C:\Windows\System\TFQmkXE.exe
  C:\Windows\System\TFQmkXE.exe
  2⤵
  PID:13400
- C:\Windows\System\vFbpCVR.exe
  C:\Windows\System\vFbpCVR.exe
  2⤵
  PID:1920
- C:\Windows\System\bRefNeZ.exe
  C:\Windows\System\bRefNeZ.exe
  2⤵
  PID:14160
- C:\Windows\System\UHwRpmG.exe
  C:\Windows\System\UHwRpmG.exe
  2⤵
  PID:14300
- C:\Windows\System\eYJSsva.exe
  C:\Windows\System\eYJSsva.exe
  2⤵
  PID:13372
- C:\Windows\System\VGKvGWF.exe
  C:\Windows\System\VGKvGWF.exe
  2⤵
  PID:9808
- C:\Windows\System\WbSmvrZ.exe
  C:\Windows\System\WbSmvrZ.exe
  2⤵
  PID:4980
- C:\Windows\System\DSAHNgy.exe
  C:\Windows\System\DSAHNgy.exe
  2⤵
  PID:5032
- C:\Windows\System\dewzttj.exe
  C:\Windows\System\dewzttj.exe
  2⤵
  PID:1096
- C:\Windows\System\PSpwfXn.exe
  C:\Windows\System\PSpwfXn.exe
  2⤵
  PID:3916
- C:\Windows\System\TuStEXg.exe
  C:\Windows\System\TuStEXg.exe
  2⤵
  PID:14232
- C:\Windows\System\nOrkjIH.exe
  C:\Windows\System\nOrkjIH.exe
  2⤵
  PID:2076
- C:\Windows\System\QTQjyIf.exe
  C:\Windows\System\QTQjyIf.exe
  2⤵
  PID:14256
- C:\Windows\System\zGvvSZj.exe
  C:\Windows\System\zGvvSZj.exe
  2⤵
  PID:14028
- C:\Windows\System\bGevNhY.exe
  C:\Windows\System\bGevNhY.exe
  2⤵
  PID:3936
- C:\Windows\System\cUnlIoI.exe
  C:\Windows\System\cUnlIoI.exe
  2⤵
  PID:2880
- C:\Windows\System\ecyzXJQ.exe
  C:\Windows\System\ecyzXJQ.exe
  2⤵
  PID:3728
- C:\Windows\System\RnBQLmD.exe
  C:\Windows\System\RnBQLmD.exe
  2⤵
  PID:4648
- C:\Windows\System\BKJXbiJ.exe
  C:\Windows\System\BKJXbiJ.exe
  2⤵
  PID:4076
- C:\Windows\System\PjzPfKZ.exe
  C:\Windows\System\PjzPfKZ.exe
  2⤵
  PID:1492
- C:\Windows\System\WhoawcW.exe
  C:\Windows\System\WhoawcW.exe
  2⤵
  PID:9712
- C:\Windows\System\cFkBbDR.exe
  C:\Windows\System\cFkBbDR.exe
  2⤵
  PID:2028
- C:\Windows\System\WXXtCcu.exe
  C:\Windows\System\WXXtCcu.exe
  2⤵
  PID:5232
- C:\Windows\System\onQjviN.exe
  C:\Windows\System\onQjviN.exe
  2⤵
  PID:5288
- C:\Windows\System\cnwJsgQ.exe
  C:\Windows\System\cnwJsgQ.exe
  2⤵
  PID:14352
- C:\Windows\System\thnHADy.exe
  C:\Windows\System\thnHADy.exe
  2⤵
  PID:14380
- C:\Windows\System\lmhrwce.exe
  C:\Windows\System\lmhrwce.exe
  2⤵
  PID:14412
- C:\Windows\System\StjDWmi.exe
  C:\Windows\System\StjDWmi.exe
  2⤵
  PID:14440
- C:\Windows\System\ggFwaPk.exe
  C:\Windows\System\ggFwaPk.exe
  2⤵
  PID:14468
- C:\Windows\System\WtbahbK.exe
  C:\Windows\System\WtbahbK.exe
  2⤵
  PID:14496
- C:\Windows\System\jBgKShQ.exe
  C:\Windows\System\jBgKShQ.exe
  2⤵
  PID:14524
- C:\Windows\System\RKuNUrC.exe
  C:\Windows\System\RKuNUrC.exe
  2⤵
  PID:14556
- C:\Windows\System\EvyCvbs.exe
  C:\Windows\System\EvyCvbs.exe
  2⤵
  PID:14580
- C:\Windows\System\HTanTFJ.exe
  C:\Windows\System\HTanTFJ.exe
  2⤵
  PID:14616
- C:\Windows\System\HVvoSym.exe
  C:\Windows\System\HVvoSym.exe
  2⤵
  PID:14640
- C:\Windows\System\vmsEgOw.exe
  C:\Windows\System\vmsEgOw.exe
  2⤵
  PID:14668
- C:\Windows\System\uNJKhiD.exe
  C:\Windows\System\uNJKhiD.exe
  2⤵
  PID:14684
- C:\Windows\System\rSuThRc.exe
  C:\Windows\System\rSuThRc.exe
  2⤵
  PID:14700
- C:\Windows\System\OVwUIOW.exe
  C:\Windows\System\OVwUIOW.exe
  2⤵
  PID:14736
- C:\Windows\System\prrQjHw.exe
  C:\Windows\System\prrQjHw.exe
  2⤵
  PID:14868
- C:\Windows\System\FTaiyAT.exe
  C:\Windows\System\FTaiyAT.exe
  2⤵
  PID:14892
- C:\Windows\System\PhJeDiS.exe
  C:\Windows\System\PhJeDiS.exe
  2⤵
  PID:14932
- C:\Windows\System\lSiugLg.exe
  C:\Windows\System\lSiugLg.exe
  2⤵
  PID:14948
- C:\Windows\System\GOuibob.exe
  C:\Windows\System\GOuibob.exe
  2⤵
  PID:14976
- C:\Windows\System\CaNbvEQ.exe
  C:\Windows\System\CaNbvEQ.exe
  2⤵
  PID:15004
- C:\Windows\System\lmGSAoJ.exe
  C:\Windows\System\lmGSAoJ.exe
  2⤵
  PID:15024
- C:\Windows\System\VTxhrBt.exe
  C:\Windows\System\VTxhrBt.exe
  2⤵
  PID:15060
- C:\Windows\System\BbaUhey.exe
  C:\Windows\System\BbaUhey.exe
  2⤵
  PID:15092
- C:\Windows\System\sCJrJOx.exe
  C:\Windows\System\sCJrJOx.exe
  2⤵
  PID:15120
- C:\Windows\System\HiIgwwP.exe
  C:\Windows\System\HiIgwwP.exe
  2⤵
  PID:15148
- C:\Windows\System\FQBRIoR.exe
  C:\Windows\System\FQBRIoR.exe
  2⤵
  PID:15176
- C:\Windows\System\xcPYWwB.exe
  C:\Windows\System\xcPYWwB.exe
  2⤵
  PID:15204
- C:\Windows\System\QkYVkxj.exe
  C:\Windows\System\QkYVkxj.exe
  2⤵
  PID:15240
- C:\Windows\System\PqxFRos.exe
  C:\Windows\System\PqxFRos.exe
  2⤵
  PID:15280
- C:\Windows\System\OALAQCx.exe
  C:\Windows\System\OALAQCx.exe
  2⤵
  PID:15320
- C:\Windows\System\KVovqqE.exe
  C:\Windows\System\KVovqqE.exe
  2⤵
  PID:14368
- C:\Windows\System\ZSzCMBw.exe
  C:\Windows\System\ZSzCMBw.exe
  2⤵
  PID:14424
- C:\Windows\System\riiYRMH.exe
  C:\Windows\System\riiYRMH.exe
  2⤵
  PID:14480
- C:\Windows\System\EEXOUxw.exe
  C:\Windows\System\EEXOUxw.exe
  2⤵
  PID:5432
- C:\Windows\System\iaAGpob.exe
  C:\Windows\System\iaAGpob.exe
  2⤵
  PID:5496
- C:\Windows\System\yIkGIsN.exe
  C:\Windows\System\yIkGIsN.exe
  2⤵
  PID:916
- C:\Windows\System\hBvHWeY.exe
  C:\Windows\System\hBvHWeY.exe
  2⤵
  PID:14608
- C:\Windows\System\mPOmnvf.exe
  C:\Windows\System\mPOmnvf.exe
  2⤵
  PID:4200
- C:\Windows\System\WfhQSIm.exe
  C:\Windows\System\WfhQSIm.exe
  2⤵
  PID:5608
- C:\Windows\System\TGFlvEQ.exe
  C:\Windows\System\TGFlvEQ.exe
  2⤵
  PID:5636
- C:\Windows\System\VgXLJdd.exe
  C:\Windows\System\VgXLJdd.exe
  2⤵
  PID:14696
- C:\Windows\System\fqrNEOn.exe
  C:\Windows\System\fqrNEOn.exe
  2⤵
  PID:14752
- C:\Windows\System\UzHcipO.exe
  C:\Windows\System\UzHcipO.exe
  2⤵
  PID:5712
- C:\Windows\System\YXNjYkP.exe
  C:\Windows\System\YXNjYkP.exe
  2⤵
  PID:5832
- C:\Windows\System\vNRpuog.exe
  C:\Windows\System\vNRpuog.exe
  2⤵
  PID:4312
- C:\Windows\System\QVDhtEt.exe
  C:\Windows\System\QVDhtEt.exe
  2⤵
  PID:3804
- C:\Windows\System\xsxwFDb.exe
  C:\Windows\System\xsxwFDb.exe
  2⤵
  PID:3864
- C:\Windows\System\ObEQGPn.exe
  C:\Windows\System\ObEQGPn.exe
  2⤵
  PID:5952
- C:\Windows\System\XIpMbvy.exe
  C:\Windows\System\XIpMbvy.exe
  2⤵
  PID:3528
- C:\Windows\System\oWSIIXT.exe
  C:\Windows\System\oWSIIXT.exe
  2⤵
  PID:872
- C:\Windows\System\mKfFIPG.exe
  C:\Windows\System\mKfFIPG.exe
  2⤵
  PID:14800

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTdDMjQzMzUtN0JFRi00MjkxLTlGNTMtMTIyQjI5MDlDMjkzfSIgdXNlcmlkPSJ7RDRENTkyMUUtRDNBMy00QTZFLTg5M0ItM0I1Q0M0QTg3Mjg2fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NzJFNTJDMTktRTA3My00MDY4LUI1ODMtQzk5ODcwOUFFNzBBfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI5IiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDY0MzMiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxODc1OTU2NTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MzU0NTAxNTYzIi8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AnySOZo.exe

Filesize
6.0MB

MD5
5c514310d7ece7959f6384d2c080a88a

SHA1
a2086dd22e800f4a9a9461efc41d673374bde4ad

SHA256
058b23bea33192d569fe7d1fde91bee80a6bb1a06f5f426700ab61fa1ad85c91

SHA512
6b6b6f46107ddc7f7e38b97c1313bad38bd34dfdffb124bc6a4e0590ab1f165448c9b3fc38cd7f33f0ea03bbe11550f3416d4bda7ec5ee32b5ebbb6a78ba20ad

Download Submit
C:\Windows\System\DMdWAua.exe

Filesize
6.0MB

MD5
69a1087f65a784b9401836dc46802970

SHA1
5aac49fcad8f2eec618527642c9538474248b257

SHA256
7ed70c2545854afde66480c631cc452226322aa8eafe752b1a00d0439e70c42f

SHA512
8b26c3f8fb12a52ab7efa64e8481229513147748e00d4743665e2e7e0a4a68041688e5e83e55bfe4451c8d5888987405fb8418d4dd176366c9c8482c1424aefc

Download Submit
C:\Windows\System\JUAJvgV.exe

Filesize
6.0MB

MD5
ce55ed7ef70c7010596507c360ea6a78

SHA1
7a179eda4cd6f1ae0da89bc9d85cd5a4cfcb8e6a

SHA256
2812eaa1e2437ced3dbea654d51106ca082533e67b4b0714a10ffd116cfaf590

SHA512
de9f43dcf4abc63d2528f8864b9a6704228cff07b409c0e159e627121c0dbb3e6ffecf5a2140722e7838a6b4633378c1bef3865cc477b6d19ddcfde641e0b4f9

Download Submit
C:\Windows\System\JiwqZLJ.exe

Filesize
6.0MB

MD5
cd385ea2c652db5b474b80a37698f2d5

SHA1
719ec4dfffb946b86ad2c580a283c5953e3fe355

SHA256
2bf5e67294ead0eac6d0b18ba33458c3a945e984aaf02106b1b459728206ea15

SHA512
dd206c323cb7938bec1402aa61b565c4f21202cfbef4534ae30135f8a501c6f1d264f26d3982d8b9a235d289b26d1c1e66864338066b92046e9e073d321d5d3b

Download Submit
C:\Windows\System\PnVoPpd.exe

Filesize
6.0MB

MD5
d6ce5c50874eac64058f7859360f8703

SHA1
d70a8761079089e48ae1922c40bba5b9c7459e42

SHA256
40aeadbefffd1b6039da0ca092e0d4611718b261ff166eedc7a1ddb4b4bc7ba2

SHA512
3cd9faab1e914ebf3af649f0b577ed577ad8505cca8b8b9cbbd026fd541544cd275ead11e069d09311c9610120843d3fb406a90f141f0b7e09fcd99232048905

Download Submit
C:\Windows\System\QMxskIx.exe

Filesize
6.0MB

MD5
ccfbf1450f2e211c5dfabcfb43ca61c3

SHA1
1c19a5a6d610de1749a37ec2002e28bc61b57a8a

SHA256
4925b672432849738725b4c0ab524d1556cc8b5ad8e7fc9b35ff4bd37cb4ab3b

SHA512
9cdd1e6482a9a3ceeb93c045201a028da8ccde9e6a3215382c3f384103277c222043acf7edb19f05329941e4b2bc24e2c978a6eecd20f5a06c08b845bb06a8e9

Download Submit
C:\Windows\System\RODcTtH.exe

Filesize
6.0MB

MD5
8469b4b931b17d0fe1379699a058cd6d

SHA1
ec6787c224455409a5ba8dd51953b4c1ba65b5bb

SHA256
6dab48819e86100297719e817f66d5e0c5af0af5f808ff70f0a1cab5498810ed

SHA512
f6faf266555a2fdc811f3b6cebfecba2f4422e6b77c17a1e82fcd566a4df0ae31a16b455d19b27f48109ab058223fbbd5786525860bee54202dc46d4d7831cb5

Download Submit
C:\Windows\System\SbzhHse.exe

Filesize
6.0MB

MD5
d239947b5de7bc2b0ffe9f3f7b5c655b

SHA1
725f43151ec17254055367799312655d14752518

SHA256
6ae4ee279c77a5ab43a47e500085adff9ab460344f6303aedf72b228345ebf4f

SHA512
0cfe9e67f1aec30688c727652b52f2d5c4f3645dd7123164c243e92115c58e620ac68d8594c4420101f5dc91685c0446cffb75eefba404e32c44cbcde3bb1438

Download Submit
C:\Windows\System\TLZVuaa.exe

Filesize
6.0MB

MD5
a1c52394313cbab44d8ca9845ad0c828

SHA1
97c5e02e8439ca0b46115f0e725b1c07a7db9c38

SHA256
e6683cbb2cca39cd1e0621e9aa1f153c44ad9853a901055d328197db78ac8448

SHA512
3257cbe56998ba7292cec427ca48992f13014e1791dbba227efc57ed12a7bf1a1e8efc302479509dcebf7db97b0c5fdb1d98b165272bbb83bbec29f381f10a42

Download Submit
C:\Windows\System\TjtbEmA.exe

Filesize
6.0MB

MD5
a3129263e24cc5929cee89345f2ea1b7

SHA1
e7f7277d24bb0fa48bb19c11fa96173b9a1e4a0e

SHA256
557b1682e5dddca9a9ddd929ddf4fdc9cfc9f14a7acea5fb44458d72ae258192

SHA512
fa3e0ff35fa7fdc2c7ac906f1fca1c371260326ee1b2059ccc99ad57da0942239770ba536a60313b4787dd5974740cf6265c6d5f441c51112003491bd3177c8d

Download Submit
C:\Windows\System\TmKlrPA.exe

Filesize
6.0MB

MD5
39cae07e4e848dcf2ab3faaab50eb019

SHA1
419c0db16a58df4f065830e51a08ef153e5f7aa7

SHA256
3816cb7d7beb551bb39bfcb5d551fdcfb7b255165ebb898f0374416837070744

SHA512
a8812ca846460ce8dc10af3b7858bc8842e406985da811bc0a37be9f5cb90c31206a96d778a13ffc5c71b4d217f59c07798c551a2d4f17cb5879a26a0dd18d14

Download Submit
C:\Windows\System\UDYwBpi.exe

Filesize
6.0MB

MD5
fd000d173e7ccdce05b4731f5c5f8088

SHA1
b7e4a026d1d6d45602d27fb66260d0871c861836

SHA256
04505b2fb679d382dcc5b62a3b15ce2bbf480ec61ae49dbd9dddc0b614bb4d54

SHA512
a80a6d7319e1cb764bf43629df0b7847c523e34087d1785abcc7ac008adfe33548ffe7383435ed68069d0d98eb4ba665eb5eb037a122d3339969651a602898d0

Download Submit
C:\Windows\System\UTMJyOu.exe

Filesize
6.0MB

MD5
22bceaa61cfb871f2620d2a0797abd97

SHA1
6fcde1858d17cda4dca37ddad19e1022a1b47020

SHA256
832468133ce11817957541a78fb4c724704edc834dd950805e0f9cd8749b0dcb

SHA512
ae1d7bc970592f46bb53282197750e40948a33dcd76c0b6def8a8d1b964b642b8f75808db2b193d6ab1f2062087ff28f122d461d82b125721622ea8b99c13219

Download Submit
C:\Windows\System\UhKodaZ.exe

Filesize
6.0MB

MD5
395955b245f4f6c3710224f49a9c18e9

SHA1
ec84d135d13fa6703e7937f39f5617762ac8c15b

SHA256
ff8e63a4b1b52fe5ad17ce9e2f63bb81c3c4ef2bdf50abce7096a9b604887316

SHA512
16afdb6475429148fb355c0c5fbcc4325fcee48bd6aa84c0020c12c80bb7816fdee4dd334b416b632c61c2d0a7d3d070065efa18f34334cd58de3b60f028c961

Download Submit
C:\Windows\System\WCrjYap.exe

Filesize
6.0MB

MD5
5cf1b4ec623420e6f7a1d4799844abd2

SHA1
62a247caa86641c75b67c073722c92b856c741e6

SHA256
9c87ece4123eb44692ea66686592b5a3bea284f1d8c48a6f46b3f58f6f79af8f

SHA512
e44fddcca158f0a0ff681fdddecf9cdc18b2723ab74d635a09957cf2f11232d1c07a9ec79aa326793822b57c6b0617707ef9d4f85ed5113d77f2186d319237e1

Download Submit
C:\Windows\System\XVDKuhS.exe

Filesize
6.0MB

MD5
4576c72c6c2fe92fcd030ab8784f325c

SHA1
3635823df8259612e46b219fb27435f93fae94d9

SHA256
c55e39835971d006042b55637582e408f67ca0d61766fa8900c2791698b3e8bc

SHA512
91ea515f20a41a36e93fe58ec8b241804faeb4e8e7c1a6262acbcaba14e85ac589d44f81c1746fa00cec5d03a77df0de7483c5e17ef49b64f183c9fbf8a71737

Download Submit
C:\Windows\System\ZqLFxNp.exe

Filesize
6.0MB

MD5
f4483d503ab9b322c68848b5bb308074

SHA1
194d3ca76a75d2fca45c8d338aeb201164dadb0e

SHA256
04fbe6c50218a2e16a35bf0d017467dc1f644649de154726c187c4991a1f8c9b

SHA512
870fd1217b7536ff93aa771db63c46ad56465eb21b893cfe8623be22fd8ec5c559c892d002e78b1996e606027b94ebb942397c740715e5692b043f727f71232d

Download Submit
C:\Windows\System\arcVeVG.exe

Filesize
6.0MB

MD5
0b386506b7ee65ec7acb3502054dc846

SHA1
3e5b5ba3cb242d7e542b8f0640580481a8499996

SHA256
4443bfda50d896ab6eac5891849debf725c94e3a12c3b2918060f3779f6cb8fc

SHA512
47da538c61e80c3c09d4a6e4c70ccd0232d893c12897416e1c37488a272a1f913af774c8b203c12dc6cc064356da66d02b7e520f9e54ddc149151d91dd99e288

Download Submit
C:\Windows\System\bGQcwLf.exe

Filesize
6.0MB

MD5
04754050c029af965fa150df4b954ab2

SHA1
fd62f92ab4729bcbe9ee222f68fa16733e406b5d

SHA256
db58167da2a97ea5bc4dca8c01cd855b237b56192fdaf5106a9968d75dc5af2d

SHA512
02ecf3ebe81e99297c22c2b02be24ca8cf6a909efad741f70d601ead3be0caca27d1a0d950e496f54f7da6a8006ff209374813ea0a9c02f831f82da51f85daac

Download Submit
C:\Windows\System\bZWMUiP.exe

Filesize
6.0MB

MD5
bf738b193e73f88dc3f49c65409cd96d

SHA1
d47b588ecff6b465ac26a442210e1695f1b25a1e

SHA256
1ad26b8a0509e69c3a8778a98b94ae085ba682e1fd4b89e502bd60143954d15c

SHA512
6177f8463663efb3e3589fa09b2fb3e035dbac8cfb3e26c48a656d1c3640aa4d8c326a9c84391e33abba7476187f110a0469060376fea353f7eb557241c23305

Download Submit
C:\Windows\System\bZYZLkv.exe

Filesize
6.0MB

MD5
0513ec833b3c6fa4234ccee51b5f1ebd

SHA1
a25cacabaf821a94b17890d13faaaed869d8106c

SHA256
60f3af426e22610408e57e79f686cf6dc9e2170fc641d0949735514a7ae8c562

SHA512
9f9ff80706e0c84dfbc676e13938b29a775a9405249d371d12c6a635068554e4678828874390d93c18f9b4bef49cdd2fdb36514086e9da97d00f6fd28d6d45f7

Download Submit
C:\Windows\System\cheblTQ.exe

Filesize
6.0MB

MD5
0974c40ee32b80e6d67de47819045404

SHA1
40f2c9831bc7ba03577b2303a89b18fb214b4ea4

SHA256
6070eb25996b06e9fc7ecda8c4cc8214a8a566d2612c3dc00c5b1e1165607796

SHA512
e7085bf3bb7ff55aa576933ab9b5813d45bc1a9029de9cb12038fde9c74948cebfa1bb35c762784f330c3c9dc9c59bccaa8ad969f168b908a1c2ca6e3f5b8484

Download Submit
C:\Windows\System\dPZoBIu.exe

Filesize
6.0MB

MD5
238a35ff0d622d971f76ed0255aeb54f

SHA1
270870c9427785dafaf74cc447fab7d8aff42414

SHA256
5b47f31491d02bd7a31e0bb4ec4c8164e692608cb461bc166deca26cc30c89bc

SHA512
2b477658dc5915002e35afe6554d80d0d6ac71c41eeb09e30bee74abd0706a7d49fa85e58adc6f277ad28af22b1206112fb8ace93432706da13a6c6e2b0261a0

Download Submit
C:\Windows\System\euOGCHB.exe

Filesize
6.0MB

MD5
e8a1a7da7ab75b2b634ea29e84bf1fe9

SHA1
1c92ecf9d4ceb2fb207ec696b433f19a509f2d60

SHA256
5074560de71ffdcb0b380124de321266b12c15648da5ab3fbc8afa4030e19505

SHA512
286eb45c43d11041170054d20a070561326df9f01fcf563a297ecffa08aa577d9c574c2cec3efa277ae7867b095d3cf35b3b744f8fc0a132ecd951d0af74f4fe

Download Submit
C:\Windows\System\ewqFnlP.exe

Filesize
6.0MB

MD5
0c71aeecc1edc47a1ee32b43ee6a73ae

SHA1
6323640b4096c708e30d515caafb8e0589d73f61

SHA256
beec48fbf9373d3e6e372769bb672f7cd8a2a1e5c9e120c4915a4c7c5d9ffb90

SHA512
21e9465c576860bd73b1d36debd5f7bfce938aebc48290bf7a97bf0c38f8a483f6a2f47bac72faeb97f5ba2bfe726be35c896e68f1c71f0088d4c5d2d289a0ee

Download Submit
C:\Windows\System\fMRFqJm.exe

Filesize
6.0MB

MD5
3dd8db142ed2599a36e015aeb0927902

SHA1
bcb259e0d5119d1b5e62c65fb51891b1afe2ba6f

SHA256
1d6f65ff5099753123266803464a0d7bce8ea9e8945652f6ac16a0e0d1b600e6

SHA512
4b45ae5a8ed933ce2f04a0a63db720beab4a8906b9e27ab94f801ebbbc3d40637f219aa377253c73148640b05aa1a00437891c5769ebee3372aea8742812e20c

Download Submit
C:\Windows\System\fPjbavo.exe

Filesize
6.0MB

MD5
f8577548626b939b3a6d1a3028ccc52f

SHA1
54eea42c6179cae16af92c58d5eebd609b5f1bfa

SHA256
353f2ca56e4db7ceade2104c9c3debe0aa8a3a719441ca2144ba8bfe8264a5ac

SHA512
79e6e912cfae1660c5bed733056ff8f7736987a09e85d9b3b5844673218f51e02cd622a54872624a3d44905cf58fe3adcd84d492f58ef33f4ccdec4c4401fd4d

Download Submit
C:\Windows\System\gXvftxf.exe

Filesize
6.0MB

MD5
f18f3b5b8d1ffc984b52c82035ba776c

SHA1
787dfb82e4b14b791326c9f3d001f7da2357c09e

SHA256
5a137de226e17776b7ead254d31735526e526210e528462735c3c9791a75490d

SHA512
583b4e2f84eaf8e81e7fbe4e2053f6094311368122f749ec1a0036bb80f6935d0dfb3fb4caf1fb2a8a66355818f2c8f334684b56b7b9ffc5b30bc95eb3560181

Download Submit
C:\Windows\System\hIQWdXv.exe

Filesize
6.0MB

MD5
b27b57e2c6b02fe700c0228c7d5b0d4b

SHA1
1417644064edabda8b8cd9958014ee4d1bb74388

SHA256
384cd1b3c0a33ff73e2e3466de4c514c15cf7c14824ff71352d0a0dcfb845f6a

SHA512
6edc6f0d37f39c6745064d125fc63f199823d5e1c4dbcca55e8c2c0b71a25cb5ec49580d0def84d3800222c4e8a659db17767730583f64e9ccbced6ccd78e84a

Download Submit
C:\Windows\System\lSorMvP.exe

Filesize
6.0MB

MD5
c1b4bfdc92aaed509d7484371c39be0f

SHA1
5fc917443de8c34db321b2bcad34b45f6fb741f5

SHA256
02fa0cb91fd1f024b028ecb0a2f89e595a9903fd226aa45e1e2b699d6a32dcb8

SHA512
cbfe79c3f42de965721b2cd62b22f44b64031a35884c1893900761dfa6947f7d859a9e7b630b2960d4ec397479be868560007abc24ee336b3c0ff9bfe3e42eb3

Download Submit
C:\Windows\System\lyjZEXC.exe

Filesize
6.0MB

MD5
43a995a80c5fe65f08a92c8f3943e147

SHA1
8c02e9713805811b540552a177a865565a704677

SHA256
0883acad54c98064dbacbb34a978f9e510d48eb638828efb53391fc0de570e11

SHA512
3621cd80ecb99f4d477deb9bbcbb46b240d2ba00651363638e64b32e798a938aac8dddcc2c48732ee53994ed4124e6f2edf993e0fe3bc613f9d6d4945c7dcaa3

Download Submit
C:\Windows\System\mIpkoOM.exe

Filesize
6.0MB

MD5
c1a407511930773f12ea07c42a1af1fa

SHA1
a761cc5e012eebb9206b514743ef6bf6968ca143

SHA256
c050aecdc2ffcb18f44b49c8fb7ed8d131f86e22a1aa315739d628b4de5c044f

SHA512
068a430debfd781b7ac6455be619011da474306ed0b0a4b6072972fa092bc86aeeafac6735c5fbdf7715a770547c03b201947c4d401ec1e91136afece2f55be2

Download Submit
C:\Windows\System\mJmSAyM.exe

Filesize
6.0MB

MD5
4f7cbee5bbf581373898e6647eefb769

SHA1
c024cf0442bae49085c6fae5756e98247f99213a

SHA256
8587d465c784c498794e4220b37c5d0f4ab93cb5487ec1936a43c1cf0d979253

SHA512
678798f9b5ff6af3632a812eeac0d27b779be5740b8a20b29af32a396577295489a180e300098460f7b88182f813ea124093788fe1e6be0bfae2e456205f9893

Download Submit
C:\Windows\System\mffSHeq.exe

Filesize
6.0MB

MD5
35ff0e61ffead0de439d594e118fd6b3

SHA1
6c6c170ee612ad77735e24c70fe9bb687dd8c4cb

SHA256
ee0e325853ceb99a7b40c93aaca6b46aa30453d1248b7cfb4f7eb01b83e300d4

SHA512
52feaa7d9e22fd7627acea9f8701f63216bd797511e3312dbe488a9f2c0df700e28245834518d0de20bd3532d9ce1eaeb077e4f7554e76003d5100d0e6683bd6

Download Submit
C:\Windows\System\ntzjAys.exe

Filesize
6.0MB

MD5
c09cfa5c1e82a0a96feddef20ee18a24

SHA1
7e17685fdae6661211253921c28bcf0683059f46

SHA256
9d17042331d1f7bd5ed39963e248c24ea76119a643c0ebdac2b3e28ed4cdda60

SHA512
a4828a22f79cc5a4075714d722e59c74b7e6671b67826ab7eade3506168920dc6200e34c3243ae706e32232be801de2c470b55c3f2dbc6ec695db0032fbbfb70

Download Submit
C:\Windows\System\qXItaCy.exe

Filesize
6.0MB

MD5
3c6137b389221dbc0dc1f325a15ac8b7

SHA1
68ce41ded5ab6ecab7a0fdeb983e707db86d9ed2

SHA256
d83c94e838c3d316f1a3f1001216f787187c4905c3e456eecee3de64f62b11d7

SHA512
a466eab4b36411f1ab69de385a17f777378b9e01a2920b53598dc665fb4238655f7cf11152398732100730f28dad00ba31199e99e2d2c44d1a13856b2d929369

Download Submit
C:\Windows\System\rdlniKP.exe

Filesize
6.0MB

MD5
e811e2eec7563c424bb96fc53395cb16

SHA1
a0d7b78b18750e090c9de13ea3600dc50f619743

SHA256
dcf487a87f41e1272f6085a4b8bcb5fc2ad54d4f81d8136b9a24404f6650e241

SHA512
ce5d844cdab65b83474e421e3faa998fc0251dd05b31be04a5c28e0f76d84961a449eff9614a3eb3eb3c51335b18b74f3405e1ef3ce6edc5aa30c046098b70bb

Download Submit
C:\Windows\System\reYowyL.exe

Filesize
6.0MB

MD5
3882f31c988dfd9bfffd49c79891e5b9

SHA1
61ddee1fdbba4e4a17f0d9d3a45d17369c4857ef

SHA256
39c03b6232c9a4daad596dd3302d974d94ee4cbfa8404f72dbe330debf3e1030

SHA512
1e0599ebcfd984f20ab2ebc523037f36747a21cf85d44b0e94e669eb8de3977c458bc0221c1fb9457ec3337ccca4e7f71b5c2cb09c38d212c0f3e8ef5e05d5ef

Download Submit
C:\Windows\System\sQbGlGF.exe

Filesize
6.0MB

MD5
8568242ec7ca6b2d55a0281d747db7c8

SHA1
231231e4f2202a523fc3908c1440c77dcab41d6a

SHA256
c1a52053525218b5171156ec413584ae13af45228746379a7aeb317d8eb9e407

SHA512
fc349bca1e3bec12c7dc73f7c4cf11f6b79b913b7009b6da9f1e4c363ed140f8bdf00eeb62afddf9f651ccfabcaaff0875b9d18a5becb29eecaba69ee865426a

Download Submit
C:\Windows\System\tHLbAii.exe

Filesize
6.0MB

MD5
b272636ee88c1260c208cc647fed4323

SHA1
d5287fcf9e42474c62f10d661982fdc6b29ed496

SHA256
e38c730f1fa22b691bb8f720de27465b430f4d1fc813d8006bd1b76cfb6ebc6e

SHA512
51f6a7303d4e9df7a68fa752ceeff86ea5174d7ad74b58887d0a57ad7b4979ab4a1221311c7733705f66ef1268a44df34d10e0487f2b30ecad224109b80390a5

Download Submit
C:\Windows\System\tzeJHdc.exe

Filesize
6.0MB

MD5
d2cd54a61ddcaa2f18fd42a1b589c32e

SHA1
5ffeb171051b28bc0eccb6d9a618b1bca476bf2e

SHA256
0c0673d82883f1209d5a34aa0db8c4adc168cd94100fbd9434e064c9ecef5100

SHA512
23227588fa61eea0b18767aad092de43995a14baabb80aec6e0e7a0e19c9a5312ba9717a483d294dedbe2dbd9ce5d24a58485cc44d5ba994cb8c71c053e272c2

Download Submit
C:\Windows\System\uFkaIQn.exe

Filesize
6.0MB

MD5
20a4a92de36293abbd2831a5b8d54e30

SHA1
263278bde70d52e8579ce5ab9131b8585e33b373

SHA256
4890e7d61b4b475e46d721c892cd9dbf6da6e1df18090d43e1a8f79863a7e99f

SHA512
4511cc5325212fbf848770b63c8cbf1e5cd5a4e15e66fdbf869e84e55dfb48d7a3e6674bf40b2683ec3ebc6cd1389235a7120b2f28be3fffea7e551171947b2f

Download Submit
C:\Windows\System\wVRGkdG.exe

Filesize
6.0MB

MD5
07f1817ce5be5bba48b5521524d512b4

SHA1
b46e10ca7ef755dbc483a5ec619d198039840c12

SHA256
f560887db83a2e06d1d3ce7df4167f93eaa9f72f5bddc6cbdbd91f0759f6e652

SHA512
e1356567ffcb58a511e1e2c0f50ba64025cb263e646ba749106f67e38e144b1d3ef7020abbfe307698ed568fdac265a9667305fe0b4264db0135403362a9329b

Download Submit
C:\Windows\System\xKdaAjE.exe

Filesize
6.0MB

MD5
0796aa90378f69b6e2b44f06dd6ca45a

SHA1
b692d7ac309d8127be5a4bcb0d98e3a2f3084faa

SHA256
68dac4f993f1883188c6efe7e79439e32933d1a4e51ca11d0a04ede609669a5f

SHA512
766b9cd90ae1671b189e54369a66de08cccbd09d973454af3bf5b60dd462e904d4ebba3542e3883dfae6e6c8d965c9d697e26cfdb0676f128c3574efb6689042

Download Submit
C:\Windows\System\xiEnnOp.exe

Filesize
6.0MB

MD5
19f1372c9b125cb44ecde3032b623f0f

SHA1
8b56954e807b9f2c467e36a6ff500853590fb0ab

SHA256
229e077163dd02589a119c447a95439d4df806f797c215d8fd17b283563fc698

SHA512
e845b49dab19995da5d789c4140c862dba9e84e035b9dde990a73dd3cf98693eefbdd30ef51beb2878c7d4260299201bbea5b2c27141b60459d9515e9519ac4b

Download Submit
memory/404-212-0x00007FF72B9C0000-0x00007FF72BD14000-memory.dmp

Filesize
3.3MB

Download
memory/404-639-0x00007FF72B9C0000-0x00007FF72BD14000-memory.dmp

Filesize
3.3MB

Download
memory/404-2189-0x00007FF72B9C0000-0x00007FF72BD14000-memory.dmp

Filesize
3.3MB

Download
memory/752-208-0x00007FF7AEC80000-0x00007FF7AEFD4000-memory.dmp

Filesize
3.3MB

Download
memory/752-2193-0x00007FF7AEC80000-0x00007FF7AEFD4000-memory.dmp

Filesize
3.3MB

Download
memory/752-632-0x00007FF7AEC80000-0x00007FF7AEFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1000-201-0x00007FF7F7AC0000-0x00007FF7F7E14000-memory.dmp

Filesize
3.3MB

Download
memory/1000-2165-0x00007FF7F7AC0000-0x00007FF7F7E14000-memory.dmp

Filesize
3.3MB

Download
memory/1060-203-0x00007FF608B40000-0x00007FF608E94000-memory.dmp

Filesize
3.3MB

Download
memory/1060-2171-0x00007FF608B40000-0x00007FF608E94000-memory.dmp

Filesize
3.3MB

Download
memory/1408-2040-0x00007FF7ABAA0000-0x00007FF7ABDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1408-86-0x00007FF7ABAA0000-0x00007FF7ABDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-2154-0x00007FF628F40000-0x00007FF629294000-memory.dmp

Filesize
3.3MB

Download
memory/1684-200-0x00007FF628F40000-0x00007FF629294000-memory.dmp

Filesize
3.3MB

Download
memory/1740-87-0x00007FF724410000-0x00007FF724764000-memory.dmp

Filesize
3.3MB

Download
memory/1740-14-0x00007FF724410000-0x00007FF724764000-memory.dmp

Filesize
3.3MB

Download
memory/1740-1911-0x00007FF724410000-0x00007FF724764000-memory.dmp

Filesize
3.3MB

Download
memory/2040-211-0x00007FF607640000-0x00007FF607994000-memory.dmp

Filesize
3.3MB

Download
memory/2040-2190-0x00007FF607640000-0x00007FF607994000-memory.dmp

Filesize
3.3MB

Download
memory/2040-638-0x00007FF607640000-0x00007FF607994000-memory.dmp

Filesize
3.3MB

Download
memory/2068-1982-0x00007FF677E50000-0x00007FF6781A4000-memory.dmp

Filesize
3.3MB

Download
memory/2068-35-0x00007FF677E50000-0x00007FF6781A4000-memory.dmp

Filesize
3.3MB

Download
memory/2068-237-0x00007FF677E50000-0x00007FF6781A4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-233-0x00007FF75A470000-0x00007FF75A7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-1969-0x00007FF75A470000-0x00007FF75A7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-26-0x00007FF75A470000-0x00007FF75A7C4000-memory.dmp

Filesize
3.3MB

Download
memory/3036-635-0x00007FF6AE310000-0x00007FF6AE664000-memory.dmp

Filesize
3.3MB

Download
memory/3036-2191-0x00007FF6AE310000-0x00007FF6AE664000-memory.dmp

Filesize
3.3MB

Download
memory/3036-210-0x00007FF6AE310000-0x00007FF6AE664000-memory.dmp

Filesize
3.3MB

Download
memory/3080-2182-0x00007FF6D6640000-0x00007FF6D6994000-memory.dmp

Filesize
3.3MB

Download
memory/3080-206-0x00007FF6D6640000-0x00007FF6D6994000-memory.dmp

Filesize
3.3MB

Download
memory/3108-20-0x00007FF789C40000-0x00007FF789F94000-memory.dmp

Filesize
3.3MB

Download
memory/3108-199-0x00007FF789C40000-0x00007FF789F94000-memory.dmp

Filesize
3.3MB

Download
memory/3108-1966-0x00007FF789C40000-0x00007FF789F94000-memory.dmp

Filesize
3.3MB

Download
memory/3260-640-0x00007FF7B2A40000-0x00007FF7B2D94000-memory.dmp

Filesize
3.3MB

Download
memory/3260-2188-0x00007FF7B2A40000-0x00007FF7B2D94000-memory.dmp

Filesize
3.3MB

Download
memory/3260-213-0x00007FF7B2A40000-0x00007FF7B2D94000-memory.dmp

Filesize
3.3MB

Download
memory/3328-2052-0x00007FF6FED80000-0x00007FF6FF0D4000-memory.dmp

Filesize
3.3MB

Download
memory/3328-91-0x00007FF6FED80000-0x00007FF6FF0D4000-memory.dmp

Filesize
3.3MB

Download
memory/3336-0-0x00007FF7564D0000-0x00007FF756824000-memory.dmp

Filesize
3.3MB

Download
memory/3336-1-0x0000022122770000-0x0000022122780000-memory.dmp

Filesize
64KB

Download
memory/3336-68-0x00007FF7564D0000-0x00007FF756824000-memory.dmp

Filesize
3.3MB

Download
memory/3404-2160-0x00007FF6A6E50000-0x00007FF6A71A4000-memory.dmp

Filesize
3.3MB

Download
memory/3404-232-0x00007FF6A6E50000-0x00007FF6A71A4000-memory.dmp

Filesize
3.3MB

Download
memory/3644-1979-0x00007FF695800000-0x00007FF695B54000-memory.dmp

Filesize
3.3MB

Download
memory/3644-44-0x00007FF695800000-0x00007FF695B54000-memory.dmp

Filesize
3.3MB

Download
memory/3768-202-0x00007FF66E5B0000-0x00007FF66E904000-memory.dmp

Filesize
3.3MB

Download
memory/3768-2166-0x00007FF66E5B0000-0x00007FF66E904000-memory.dmp

Filesize
3.3MB

Download
memory/3856-629-0x00007FF7D0390000-0x00007FF7D06E4000-memory.dmp

Filesize
3.3MB

Download
memory/3856-207-0x00007FF7D0390000-0x00007FF7D06E4000-memory.dmp

Filesize
3.3MB

Download
memory/3856-2194-0x00007FF7D0390000-0x00007FF7D06E4000-memory.dmp

Filesize
3.3MB

Download
memory/4156-204-0x00007FF79F750000-0x00007FF79FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/4156-2170-0x00007FF79F750000-0x00007FF79FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/4320-2029-0x00007FF65FA50000-0x00007FF65FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/4320-71-0x00007FF65FA50000-0x00007FF65FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/4324-205-0x00007FF7254D0000-0x00007FF725824000-memory.dmp

Filesize
3.3MB

Download
memory/4324-2169-0x00007FF7254D0000-0x00007FF725824000-memory.dmp

Filesize
3.3MB

Download
memory/4460-1983-0x00007FF6DCA20000-0x00007FF6DCD74000-memory.dmp

Filesize
3.3MB

Download
memory/4460-49-0x00007FF6DCA20000-0x00007FF6DCD74000-memory.dmp

Filesize
3.3MB

Download
memory/4620-82-0x00007FF7C8660000-0x00007FF7C89B4000-memory.dmp

Filesize
3.3MB

Download
memory/4620-8-0x00007FF7C8660000-0x00007FF7C89B4000-memory.dmp

Filesize
3.3MB

Download
memory/4620-1907-0x00007FF7C8660000-0x00007FF7C89B4000-memory.dmp

Filesize
3.3MB

Download
memory/4788-2037-0x00007FF7ACC60000-0x00007FF7ACFB4000-memory.dmp

Filesize
3.3MB

Download
memory/4788-83-0x00007FF7ACC60000-0x00007FF7ACFB4000-memory.dmp

Filesize
3.3MB

Download
memory/4904-209-0x00007FF6DD4E0000-0x00007FF6DD834000-memory.dmp

Filesize
3.3MB

Download
memory/4904-634-0x00007FF6DD4E0000-0x00007FF6DD834000-memory.dmp

Filesize
3.3MB

Download
memory/4904-2192-0x00007FF6DD4E0000-0x00007FF6DD834000-memory.dmp

Filesize
3.3MB

Download
memory/5016-1998-0x00007FF661980000-0x00007FF661CD4000-memory.dmp

Filesize
3.3MB

Download
memory/5016-380-0x00007FF661980000-0x00007FF661CD4000-memory.dmp

Filesize
3.3MB

Download
memory/5016-60-0x00007FF661980000-0x00007FF661CD4000-memory.dmp

Filesize
3.3MB

Download
memory/5048-1988-0x00007FF724DF0000-0x00007FF725144000-memory.dmp

Filesize
3.3MB

Download
memory/5048-59-0x00007FF724DF0000-0x00007FF725144000-memory.dmp

Filesize
3.3MB

Download
memory/5076-1997-0x00007FF611C20000-0x00007FF611F74000-memory.dmp

Filesize
3.3MB

Download
memory/5076-58-0x00007FF611C20000-0x00007FF611F74000-memory.dmp

Filesize
3.3MB

Download