cobaltstrike | 15f5ac392d68532ef7502a279c56aa20a36101d0eafc770418ea94869546bf58

Analysis

max time kernel
103s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250211-en
resource tags

arch:x64arch:x86image:win10v2004-20250211-enlocale:en-usos:windows10-2004-x64system
submitted
16/02/2025, 19:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

a1226d70c220ef83f397e1663f06bc19
SHA1

3077012efc1554c49bdc445150926de7aebfe2dc
SHA256

15f5ac392d68532ef7502a279c56aa20a36101d0eafc770418ea94869546bf58
SHA512

ec58dd7bcac3c30f8cb068b198c6942c141dfa7b52207bef0cfa1ff97180e928ffea58d6374103c0a72cd50c0662a7f71f9b4619e8bd60d945ee8cd87d3909d1
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUh:T+q56utgpPF8u/7h

Score

10^/10

cobaltstrike xmrig 0 backdoor discovery miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000b000000023cb0-4.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023cb6-10.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cb7-17.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cb8-24.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cb9-27.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cba-34.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cbb-40.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cbc-41.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cbe-59.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cbf-61.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cbd-65.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cc5-110.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cc7-107.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cc9-129.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ccc-145.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ccb-144.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cca-134.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cc8-132.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cc6-116.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cc0-106.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cc4-104.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cc3-102.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cc2-94.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cc1-91.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023cb4-82.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023ccd-158.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023ccf-169.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cd1-179.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cd2-186.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cd4-195.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cd0-184.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cd3-190.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023cce-164.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/5044-0-0x00007FF74F570000-0x00007FF74F8C4000-memory.dmp	xmrig
behavioral2/files/0x000b000000023cb0-4.dat	xmrig
behavioral2/files/0x000b000000023cb6-10.dat	xmrig
behavioral2/files/0x000a000000023cb7-17.dat	xmrig
behavioral2/memory/5088-18-0x00007FF618390000-0x00007FF6186E4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023cb8-24.dat	xmrig
behavioral2/files/0x000a000000023cb9-27.dat	xmrig
behavioral2/files/0x000a000000023cba-34.dat	xmrig
behavioral2/files/0x000a000000023cbb-40.dat	xmrig
behavioral2/files/0x000a000000023cbc-41.dat	xmrig
behavioral2/files/0x000a000000023cbe-59.dat	xmrig
behavioral2/files/0x000a000000023cbf-61.dat	xmrig
behavioral2/files/0x000a000000023cbd-65.dat	xmrig
behavioral2/memory/440-74-0x00007FF6DA9D0000-0x00007FF6DAD24000-memory.dmp	xmrig
behavioral2/files/0x000a000000023cc5-110.dat	xmrig
behavioral2/files/0x000a000000023cc7-107.dat	xmrig
behavioral2/memory/2100-121-0x00007FF682A70000-0x00007FF682DC4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023cc9-129.dat	xmrig
behavioral2/memory/2820-138-0x00007FF79F7D0000-0x00007FF79FB24000-memory.dmp	xmrig
behavioral2/memory/3964-141-0x00007FF639BE0000-0x00007FF639F34000-memory.dmp	xmrig
behavioral2/memory/5044-148-0x00007FF74F570000-0x00007FF74F8C4000-memory.dmp	xmrig
behavioral2/memory/4276-149-0x00007FF637B10000-0x00007FF637E64000-memory.dmp	xmrig
behavioral2/memory/840-147-0x00007FF71E850000-0x00007FF71EBA4000-memory.dmp	xmrig
behavioral2/memory/4396-146-0x00007FF7534A0000-0x00007FF7537F4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ccc-145.dat	xmrig
behavioral2/files/0x000a000000023ccb-144.dat	xmrig
behavioral2/memory/4000-137-0x00007FF6737E0000-0x00007FF673B34000-memory.dmp	xmrig
behavioral2/memory/4176-136-0x00007FF786110000-0x00007FF786464000-memory.dmp	xmrig
behavioral2/files/0x000a000000023cca-134.dat	xmrig
behavioral2/files/0x000a000000023cc8-132.dat	xmrig
behavioral2/memory/2208-131-0x00007FF748870000-0x00007FF748BC4000-memory.dmp	xmrig
behavioral2/memory/2292-127-0x00007FF6ADF70000-0x00007FF6AE2C4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023cc6-116.dat	xmrig
behavioral2/memory/4944-115-0x00007FF715EF0000-0x00007FF716244000-memory.dmp	xmrig
behavioral2/files/0x000a000000023cc0-106.dat	xmrig
behavioral2/files/0x000a000000023cc4-104.dat	xmrig
behavioral2/files/0x000a000000023cc3-102.dat	xmrig
behavioral2/memory/2088-100-0x00007FF714A60000-0x00007FF714DB4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023cc2-94.dat	xmrig
behavioral2/files/0x000a000000023cc1-91.dat	xmrig
behavioral2/memory/3556-90-0x00007FF700930000-0x00007FF700C84000-memory.dmp	xmrig
behavioral2/files/0x000b000000023cb4-82.dat	xmrig
behavioral2/memory/1312-66-0x00007FF65D240000-0x00007FF65D594000-memory.dmp	xmrig
behavioral2/memory/1848-63-0x00007FF7C1090000-0x00007FF7C13E4000-memory.dmp	xmrig
behavioral2/memory/2756-62-0x00007FF6B5E70000-0x00007FF6B61C4000-memory.dmp	xmrig
behavioral2/memory/4872-54-0x00007FF7138C0000-0x00007FF713C14000-memory.dmp	xmrig
behavioral2/memory/4400-48-0x00007FF7FC130000-0x00007FF7FC484000-memory.dmp	xmrig
behavioral2/memory/3012-45-0x00007FF72C6F0000-0x00007FF72CA44000-memory.dmp	xmrig
behavioral2/memory/1620-43-0x00007FF654000000-0x00007FF654354000-memory.dmp	xmrig
behavioral2/memory/4408-42-0x00007FF7E80A0000-0x00007FF7E83F4000-memory.dmp	xmrig
behavioral2/memory/1220-20-0x00007FF777570000-0x00007FF7778C4000-memory.dmp	xmrig
behavioral2/memory/60-8-0x00007FF6248B0000-0x00007FF624C04000-memory.dmp	xmrig
behavioral2/files/0x0031000000023ccd-158.dat	xmrig
behavioral2/memory/60-159-0x00007FF6248B0000-0x00007FF624C04000-memory.dmp	xmrig
behavioral2/memory/5088-163-0x00007FF618390000-0x00007FF6186E4000-memory.dmp	xmrig
behavioral2/files/0x0031000000023ccf-169.dat	xmrig
behavioral2/files/0x000a000000023cd1-179.dat	xmrig
behavioral2/files/0x000a000000023cd2-186.dat	xmrig
behavioral2/files/0x000a000000023cd4-195.dat	xmrig
behavioral2/memory/2104-192-0x00007FF686380000-0x00007FF6866D4000-memory.dmp	xmrig
behavioral2/memory/4472-191-0x00007FF622720000-0x00007FF622A74000-memory.dmp	xmrig
behavioral2/files/0x000a000000023cd0-184.dat	xmrig
behavioral2/memory/2780-183-0x00007FF7204A0000-0x00007FF7207F4000-memory.dmp	xmrig
behavioral2/memory/1220-182-0x00007FF777570000-0x00007FF7778C4000-memory.dmp	xmrig

Downloads MZ/PE file 1 IoCs

flow	pid	Process
47	6580	Process not Found

Executes dropped EXE 64 IoCs

pid	Process
60	WMDXgmu.exe
5088	UnUxmhr.exe
1220	bOfIuuk.exe
4408	KiAsosy.exe
4872	iOyDmOI.exe
1620	OxWifcg.exe
3012	hIedExk.exe
4400	eiAqByS.exe
2756	qCpGbXe.exe
440	CnojHiM.exe
1848	mXHdGdo.exe
1312	CqnxZNB.exe
2208	qrcDVoi.exe
3556	AWcowLD.exe
4176	aETZXCo.exe
2088	lzccrWv.exe
4944	WflOaxB.exe
4000	MgBOBwY.exe
2100	WOlpIlm.exe
2292	DurlxNT.exe
2820	tosLTIy.exe
3964	YTZCwyB.exe
4396	qyeFCkx.exe
840	FHcxnnm.exe
4276	eAWXTMh.exe
4760	UbxCalN.exe
2780	nzjHLND.exe
4472	AQsjkwX.exe
2104	jJPsJje.exe
3464	FPfwXnk.exe
3036	QyVChvW.exe
2228	EnmNLPz.exe
4908	tKLOkxu.exe
3660	HJdWQXK.exe
3300	uEkSvYl.exe
4180	KeTfNMr.exe
5032	yIgGoBp.exe
1696	UfOzjNf.exe
2556	tzDvbWU.exe
2184	zrJDnAX.exe
3200	wfkwhna.exe
3924	lWTrycr.exe
3736	xSLEUKb.exe
2288	mIPYxzZ.exe
3420	bjkaSxq.exe
3812	eMDQVYA.exe
2760	wBymjHM.exe
4968	PTFtaJr.exe
2068	LeffchR.exe
1380	xpNMssz.exe
2964	ELIHREv.exe
4460	lcEpaMu.exe
1688	PEwEmgL.exe
4264	eKvYvxD.exe
2808	xcidCAQ.exe
1528	elTASPJ.exe
4584	MNDandx.exe
3328	hbUlBkc.exe
2732	QHsikgt.exe
1784	ZiYaqgA.exe
3188	tGcbHYE.exe
812	YfdsQmc.exe
512	ntGYLEm.exe
3076	shJgWYg.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5044-0-0x00007FF74F570000-0x00007FF74F8C4000-memory.dmp	upx
behavioral2/files/0x000b000000023cb0-4.dat	upx
behavioral2/files/0x000b000000023cb6-10.dat	upx
behavioral2/files/0x000a000000023cb7-17.dat	upx
behavioral2/memory/5088-18-0x00007FF618390000-0x00007FF6186E4000-memory.dmp	upx
behavioral2/files/0x000a000000023cb8-24.dat	upx
behavioral2/files/0x000a000000023cb9-27.dat	upx
behavioral2/files/0x000a000000023cba-34.dat	upx
behavioral2/files/0x000a000000023cbb-40.dat	upx
behavioral2/files/0x000a000000023cbc-41.dat	upx
behavioral2/files/0x000a000000023cbe-59.dat	upx
behavioral2/files/0x000a000000023cbf-61.dat	upx
behavioral2/files/0x000a000000023cbd-65.dat	upx
behavioral2/memory/440-74-0x00007FF6DA9D0000-0x00007FF6DAD24000-memory.dmp	upx
behavioral2/files/0x000a000000023cc5-110.dat	upx
behavioral2/files/0x000a000000023cc7-107.dat	upx
behavioral2/memory/2100-121-0x00007FF682A70000-0x00007FF682DC4000-memory.dmp	upx
behavioral2/files/0x000a000000023cc9-129.dat	upx
behavioral2/memory/2820-138-0x00007FF79F7D0000-0x00007FF79FB24000-memory.dmp	upx
behavioral2/memory/3964-141-0x00007FF639BE0000-0x00007FF639F34000-memory.dmp	upx
behavioral2/memory/5044-148-0x00007FF74F570000-0x00007FF74F8C4000-memory.dmp	upx
behavioral2/memory/4276-149-0x00007FF637B10000-0x00007FF637E64000-memory.dmp	upx
behavioral2/memory/840-147-0x00007FF71E850000-0x00007FF71EBA4000-memory.dmp	upx
behavioral2/memory/4396-146-0x00007FF7534A0000-0x00007FF7537F4000-memory.dmp	upx
behavioral2/files/0x000a000000023ccc-145.dat	upx
behavioral2/files/0x000a000000023ccb-144.dat	upx
behavioral2/memory/4000-137-0x00007FF6737E0000-0x00007FF673B34000-memory.dmp	upx
behavioral2/memory/4176-136-0x00007FF786110000-0x00007FF786464000-memory.dmp	upx
behavioral2/files/0x000a000000023cca-134.dat	upx
behavioral2/files/0x000a000000023cc8-132.dat	upx
behavioral2/memory/2208-131-0x00007FF748870000-0x00007FF748BC4000-memory.dmp	upx
behavioral2/memory/2292-127-0x00007FF6ADF70000-0x00007FF6AE2C4000-memory.dmp	upx
behavioral2/files/0x000a000000023cc6-116.dat	upx
behavioral2/memory/4944-115-0x00007FF715EF0000-0x00007FF716244000-memory.dmp	upx
behavioral2/files/0x000a000000023cc0-106.dat	upx
behavioral2/files/0x000a000000023cc4-104.dat	upx
behavioral2/files/0x000a000000023cc3-102.dat	upx
behavioral2/memory/2088-100-0x00007FF714A60000-0x00007FF714DB4000-memory.dmp	upx
behavioral2/files/0x000a000000023cc2-94.dat	upx
behavioral2/files/0x000a000000023cc1-91.dat	upx
behavioral2/memory/3556-90-0x00007FF700930000-0x00007FF700C84000-memory.dmp	upx
behavioral2/files/0x000b000000023cb4-82.dat	upx
behavioral2/memory/1312-66-0x00007FF65D240000-0x00007FF65D594000-memory.dmp	upx
behavioral2/memory/1848-63-0x00007FF7C1090000-0x00007FF7C13E4000-memory.dmp	upx
behavioral2/memory/2756-62-0x00007FF6B5E70000-0x00007FF6B61C4000-memory.dmp	upx
behavioral2/memory/4872-54-0x00007FF7138C0000-0x00007FF713C14000-memory.dmp	upx
behavioral2/memory/4400-48-0x00007FF7FC130000-0x00007FF7FC484000-memory.dmp	upx
behavioral2/memory/3012-45-0x00007FF72C6F0000-0x00007FF72CA44000-memory.dmp	upx
behavioral2/memory/1620-43-0x00007FF654000000-0x00007FF654354000-memory.dmp	upx
behavioral2/memory/4408-42-0x00007FF7E80A0000-0x00007FF7E83F4000-memory.dmp	upx
behavioral2/memory/1220-20-0x00007FF777570000-0x00007FF7778C4000-memory.dmp	upx
behavioral2/memory/60-8-0x00007FF6248B0000-0x00007FF624C04000-memory.dmp	upx
behavioral2/files/0x0031000000023ccd-158.dat	upx
behavioral2/memory/60-159-0x00007FF6248B0000-0x00007FF624C04000-memory.dmp	upx
behavioral2/memory/5088-163-0x00007FF618390000-0x00007FF6186E4000-memory.dmp	upx
behavioral2/files/0x0031000000023ccf-169.dat	upx
behavioral2/files/0x000a000000023cd1-179.dat	upx
behavioral2/files/0x000a000000023cd2-186.dat	upx
behavioral2/files/0x000a000000023cd4-195.dat	upx
behavioral2/memory/2104-192-0x00007FF686380000-0x00007FF6866D4000-memory.dmp	upx
behavioral2/memory/4472-191-0x00007FF622720000-0x00007FF622A74000-memory.dmp	upx
behavioral2/files/0x000a000000023cd0-184.dat	upx
behavioral2/memory/2780-183-0x00007FF7204A0000-0x00007FF7207F4000-memory.dmp	upx
behavioral2/memory/1220-182-0x00007FF777570000-0x00007FF7778C4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ofZFkhe.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bNJXllE.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uSPlUuk.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hYAqQor.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FABUkol.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FXUcUMp.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jchELYu.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kdIdhNA.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dOvLVPp.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cHFUVls.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WJkViHN.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ypwFIYf.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RwOwsZb.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\akXABHF.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YlfLltj.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GPBeTEQ.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\INKygpC.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iOyDmOI.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yUJALyv.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xHpUBZO.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dmPffOf.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PqxUKOM.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yIgGoBp.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zAQAUVc.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SDYYWUg.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bPkgvRn.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\keVzlHa.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VMphofx.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cvSRQlG.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mhrjJZL.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dSHICyT.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oUNZhyX.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gAFzPLe.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bbTeKjK.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eEpZPSG.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FVEmleC.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HJdWQXK.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VNmEXRz.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lhGagUY.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nWgvlEt.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tvVwZJK.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DpCruqo.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rJpeCDy.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Euawqyl.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iFKDCon.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LZuOYyD.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MtuknFh.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QOwRbEI.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xcidCAQ.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UTYgitt.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hCsRrbk.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ImVMXbl.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\flmkxFo.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XxXQreA.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xnQmDny.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iUdeOqk.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kffubIX.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qdDjCcx.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NIpnnwn.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\snQCiyl.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lgsrvKJ.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iSYboFT.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CKbhnLj.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dWrSVUG.exe	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
11428	MicrosoftEdgeUpdate.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5044 wrote to memory of 60	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 5044 wrote to memory of 60	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 5044 wrote to memory of 5088	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 5044 wrote to memory of 5088	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 5044 wrote to memory of 1220	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 5044 wrote to memory of 1220	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 5044 wrote to memory of 4408	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 5044 wrote to memory of 4408	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 5044 wrote to memory of 4872	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 5044 wrote to memory of 4872	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 5044 wrote to memory of 1620	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 5044 wrote to memory of 1620	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 5044 wrote to memory of 3012	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 5044 wrote to memory of 3012	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 5044 wrote to memory of 4400	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 5044 wrote to memory of 4400	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 5044 wrote to memory of 2756	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 5044 wrote to memory of 2756	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 5044 wrote to memory of 440	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 5044 wrote to memory of 440	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 5044 wrote to memory of 1848	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 5044 wrote to memory of 1848	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 5044 wrote to memory of 1312	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 5044 wrote to memory of 1312	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 5044 wrote to memory of 4944	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 5044 wrote to memory of 4944	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 5044 wrote to memory of 2208	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 5044 wrote to memory of 2208	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 5044 wrote to memory of 3556	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 5044 wrote to memory of 3556	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 5044 wrote to memory of 4176	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 5044 wrote to memory of 4176	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 5044 wrote to memory of 2088	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 5044 wrote to memory of 2088	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 5044 wrote to memory of 2292	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 5044 wrote to memory of 2292	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 5044 wrote to memory of 4000	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 5044 wrote to memory of 4000	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 5044 wrote to memory of 2100	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 5044 wrote to memory of 2100	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 5044 wrote to memory of 3964	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 5044 wrote to memory of 3964	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 5044 wrote to memory of 2820	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 5044 wrote to memory of 2820	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 5044 wrote to memory of 4396	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 5044 wrote to memory of 4396	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 5044 wrote to memory of 840	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 5044 wrote to memory of 840	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 5044 wrote to memory of 4276	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 5044 wrote to memory of 4276	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 5044 wrote to memory of 4760	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 5044 wrote to memory of 4760	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 5044 wrote to memory of 2780	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 5044 wrote to memory of 2780	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 5044 wrote to memory of 4472	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 5044 wrote to memory of 4472	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 5044 wrote to memory of 2104	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 5044 wrote to memory of 2104	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 5044 wrote to memory of 3464	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 5044 wrote to memory of 3464	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 5044 wrote to memory of 3036	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	119
PID 5044 wrote to memory of 3036	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	119
PID 5044 wrote to memory of 2228	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	120
PID 5044 wrote to memory of 2228	5044	2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe	120

C:\Users\Admin\AppData\Local\Temp\2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-16_a1226d70c220ef83f397e1663f06bc19_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:5044
- C:\Windows\System\WMDXgmu.exe
  C:\Windows\System\WMDXgmu.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\UnUxmhr.exe
  C:\Windows\System\UnUxmhr.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\bOfIuuk.exe
  C:\Windows\System\bOfIuuk.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\KiAsosy.exe
  C:\Windows\System\KiAsosy.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\iOyDmOI.exe
  C:\Windows\System\iOyDmOI.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\OxWifcg.exe
  C:\Windows\System\OxWifcg.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\hIedExk.exe
  C:\Windows\System\hIedExk.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\eiAqByS.exe
  C:\Windows\System\eiAqByS.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\qCpGbXe.exe
  C:\Windows\System\qCpGbXe.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\CnojHiM.exe
  C:\Windows\System\CnojHiM.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\mXHdGdo.exe
  C:\Windows\System\mXHdGdo.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\CqnxZNB.exe
  C:\Windows\System\CqnxZNB.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\WflOaxB.exe
  C:\Windows\System\WflOaxB.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\qrcDVoi.exe
  C:\Windows\System\qrcDVoi.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\AWcowLD.exe
  C:\Windows\System\AWcowLD.exe
  2⤵
  - Executes dropped EXE
  PID:3556
- C:\Windows\System\aETZXCo.exe
  C:\Windows\System\aETZXCo.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\lzccrWv.exe
  C:\Windows\System\lzccrWv.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\DurlxNT.exe
  C:\Windows\System\DurlxNT.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\MgBOBwY.exe
  C:\Windows\System\MgBOBwY.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System\WOlpIlm.exe
  C:\Windows\System\WOlpIlm.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\YTZCwyB.exe
  C:\Windows\System\YTZCwyB.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\tosLTIy.exe
  C:\Windows\System\tosLTIy.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\qyeFCkx.exe
  C:\Windows\System\qyeFCkx.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\FHcxnnm.exe
  C:\Windows\System\FHcxnnm.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\eAWXTMh.exe
  C:\Windows\System\eAWXTMh.exe
  2⤵
  - Executes dropped EXE
  PID:4276
- C:\Windows\System\UbxCalN.exe
  C:\Windows\System\UbxCalN.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\nzjHLND.exe
  C:\Windows\System\nzjHLND.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\AQsjkwX.exe
  C:\Windows\System\AQsjkwX.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\jJPsJje.exe
  C:\Windows\System\jJPsJje.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\FPfwXnk.exe
  C:\Windows\System\FPfwXnk.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\QyVChvW.exe
  C:\Windows\System\QyVChvW.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\EnmNLPz.exe
  C:\Windows\System\EnmNLPz.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\tKLOkxu.exe
  C:\Windows\System\tKLOkxu.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\HJdWQXK.exe
  C:\Windows\System\HJdWQXK.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\uEkSvYl.exe
  C:\Windows\System\uEkSvYl.exe
  2⤵
  - Executes dropped EXE
  PID:3300
- C:\Windows\System\KeTfNMr.exe
  C:\Windows\System\KeTfNMr.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System\yIgGoBp.exe
  C:\Windows\System\yIgGoBp.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\UfOzjNf.exe
  C:\Windows\System\UfOzjNf.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\tzDvbWU.exe
  C:\Windows\System\tzDvbWU.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\zrJDnAX.exe
  C:\Windows\System\zrJDnAX.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\wfkwhna.exe
  C:\Windows\System\wfkwhna.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\lWTrycr.exe
  C:\Windows\System\lWTrycr.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\xSLEUKb.exe
  C:\Windows\System\xSLEUKb.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\mIPYxzZ.exe
  C:\Windows\System\mIPYxzZ.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\bjkaSxq.exe
  C:\Windows\System\bjkaSxq.exe
  2⤵
  - Executes dropped EXE
  PID:3420
- C:\Windows\System\eMDQVYA.exe
  C:\Windows\System\eMDQVYA.exe
  2⤵
  - Executes dropped EXE
  PID:3812
- C:\Windows\System\wBymjHM.exe
  C:\Windows\System\wBymjHM.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\PTFtaJr.exe
  C:\Windows\System\PTFtaJr.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\LeffchR.exe
  C:\Windows\System\LeffchR.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\xpNMssz.exe
  C:\Windows\System\xpNMssz.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\ELIHREv.exe
  C:\Windows\System\ELIHREv.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\lcEpaMu.exe
  C:\Windows\System\lcEpaMu.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\PEwEmgL.exe
  C:\Windows\System\PEwEmgL.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\eKvYvxD.exe
  C:\Windows\System\eKvYvxD.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\xcidCAQ.exe
  C:\Windows\System\xcidCAQ.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\elTASPJ.exe
  C:\Windows\System\elTASPJ.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\MNDandx.exe
  C:\Windows\System\MNDandx.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\hbUlBkc.exe
  C:\Windows\System\hbUlBkc.exe
  2⤵
  - Executes dropped EXE
  PID:3328
- C:\Windows\System\QHsikgt.exe
  C:\Windows\System\QHsikgt.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\ZiYaqgA.exe
  C:\Windows\System\ZiYaqgA.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\tGcbHYE.exe
  C:\Windows\System\tGcbHYE.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\YfdsQmc.exe
  C:\Windows\System\YfdsQmc.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\ntGYLEm.exe
  C:\Windows\System\ntGYLEm.exe
  2⤵
  - Executes dropped EXE
  PID:512
- C:\Windows\System\shJgWYg.exe
  C:\Windows\System\shJgWYg.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\PDBuqWU.exe
  C:\Windows\System\PDBuqWU.exe
  2⤵
  PID:4008
- C:\Windows\System\RpashoY.exe
  C:\Windows\System\RpashoY.exe
  2⤵
  PID:3460
- C:\Windows\System\ucGyEAt.exe
  C:\Windows\System\ucGyEAt.exe
  2⤵
  PID:3500
- C:\Windows\System\nsQHmMB.exe
  C:\Windows\System\nsQHmMB.exe
  2⤵
  PID:4848
- C:\Windows\System\VMphofx.exe
  C:\Windows\System\VMphofx.exe
  2⤵
  PID:3048
- C:\Windows\System\xjVWgUO.exe
  C:\Windows\System\xjVWgUO.exe
  2⤵
  PID:2976
- C:\Windows\System\uTdlifV.exe
  C:\Windows\System\uTdlifV.exe
  2⤵
  PID:4800
- C:\Windows\System\OkNcZfp.exe
  C:\Windows\System\OkNcZfp.exe
  2⤵
  PID:1164
- C:\Windows\System\gymXAvj.exe
  C:\Windows\System\gymXAvj.exe
  2⤵
  PID:1592
- C:\Windows\System\xBJuGaH.exe
  C:\Windows\System\xBJuGaH.exe
  2⤵
  PID:2928
- C:\Windows\System\HjsEcpr.exe
  C:\Windows\System\HjsEcpr.exe
  2⤵
  PID:2280
- C:\Windows\System\oarXsPK.exe
  C:\Windows\System\oarXsPK.exe
  2⤵
  PID:1516
- C:\Windows\System\KWlpOsO.exe
  C:\Windows\System\KWlpOsO.exe
  2⤵
  PID:5028
- C:\Windows\System\NIpnnwn.exe
  C:\Windows\System\NIpnnwn.exe
  2⤵
  PID:1512
- C:\Windows\System\ZvhTsAJ.exe
  C:\Windows\System\ZvhTsAJ.exe
  2⤵
  PID:816
- C:\Windows\System\mCMvJcn.exe
  C:\Windows\System\mCMvJcn.exe
  2⤵
  PID:2248
- C:\Windows\System\JhihjdP.exe
  C:\Windows\System\JhihjdP.exe
  2⤵
  PID:2372
- C:\Windows\System\BfvzIIJ.exe
  C:\Windows\System\BfvzIIJ.exe
  2⤵
  PID:4032
- C:\Windows\System\jbLUCUA.exe
  C:\Windows\System\jbLUCUA.exe
  2⤵
  PID:4864
- C:\Windows\System\gpfhqHs.exe
  C:\Windows\System\gpfhqHs.exe
  2⤵
  PID:1292
- C:\Windows\System\rEBZFaq.exe
  C:\Windows\System\rEBZFaq.exe
  2⤵
  PID:4844
- C:\Windows\System\XIiNlvH.exe
  C:\Windows\System\XIiNlvH.exe
  2⤵
  PID:4224
- C:\Windows\System\TZqEbLp.exe
  C:\Windows\System\TZqEbLp.exe
  2⤵
  PID:3520
- C:\Windows\System\bFXWnpu.exe
  C:\Windows\System\bFXWnpu.exe
  2⤵
  PID:4840
- C:\Windows\System\IDQMuol.exe
  C:\Windows\System\IDQMuol.exe
  2⤵
  PID:5136
- C:\Windows\System\alEBCOZ.exe
  C:\Windows\System\alEBCOZ.exe
  2⤵
  PID:5180
- C:\Windows\System\WnnWGPY.exe
  C:\Windows\System\WnnWGPY.exe
  2⤵
  PID:5200
- C:\Windows\System\tInACPr.exe
  C:\Windows\System\tInACPr.exe
  2⤵
  PID:5232
- C:\Windows\System\hokZZhQ.exe
  C:\Windows\System\hokZZhQ.exe
  2⤵
  PID:5264
- C:\Windows\System\AcxQofU.exe
  C:\Windows\System\AcxQofU.exe
  2⤵
  PID:5292
- C:\Windows\System\wKxjmHi.exe
  C:\Windows\System\wKxjmHi.exe
  2⤵
  PID:5328
- C:\Windows\System\MIwhTji.exe
  C:\Windows\System\MIwhTji.exe
  2⤵
  PID:5360
- C:\Windows\System\ymuvQBq.exe
  C:\Windows\System\ymuvQBq.exe
  2⤵
  PID:5396
- C:\Windows\System\lDUMKRe.exe
  C:\Windows\System\lDUMKRe.exe
  2⤵
  PID:5452
- C:\Windows\System\KioLsAV.exe
  C:\Windows\System\KioLsAV.exe
  2⤵
  PID:5488
- C:\Windows\System\zAQAUVc.exe
  C:\Windows\System\zAQAUVc.exe
  2⤵
  PID:5524
- C:\Windows\System\wZOlGOT.exe
  C:\Windows\System\wZOlGOT.exe
  2⤵
  PID:5568
- C:\Windows\System\DkCJJeD.exe
  C:\Windows\System\DkCJJeD.exe
  2⤵
  PID:5604
- C:\Windows\System\RglKtTB.exe
  C:\Windows\System\RglKtTB.exe
  2⤵
  PID:5640
- C:\Windows\System\cWDBVTh.exe
  C:\Windows\System\cWDBVTh.exe
  2⤵
  PID:5680
- C:\Windows\System\sQMhlyC.exe
  C:\Windows\System\sQMhlyC.exe
  2⤵
  PID:5712
- C:\Windows\System\gvsniAD.exe
  C:\Windows\System\gvsniAD.exe
  2⤵
  PID:5740
- C:\Windows\System\ZZgdiKu.exe
  C:\Windows\System\ZZgdiKu.exe
  2⤵
  PID:5764
- C:\Windows\System\iJtjjoq.exe
  C:\Windows\System\iJtjjoq.exe
  2⤵
  PID:5788
- C:\Windows\System\cvSRQlG.exe
  C:\Windows\System\cvSRQlG.exe
  2⤵
  PID:5824
- C:\Windows\System\LPXpCHU.exe
  C:\Windows\System\LPXpCHU.exe
  2⤵
  PID:5860
- C:\Windows\System\BuozPNY.exe
  C:\Windows\System\BuozPNY.exe
  2⤵
  PID:5888
- C:\Windows\System\yUJALyv.exe
  C:\Windows\System\yUJALyv.exe
  2⤵
  PID:5916
- C:\Windows\System\nUVjhVz.exe
  C:\Windows\System\nUVjhVz.exe
  2⤵
  PID:5944
- C:\Windows\System\IHPxGBY.exe
  C:\Windows\System\IHPxGBY.exe
  2⤵
  PID:5980
- C:\Windows\System\ofZFkhe.exe
  C:\Windows\System\ofZFkhe.exe
  2⤵
  PID:6008
- C:\Windows\System\TjXnECi.exe
  C:\Windows\System\TjXnECi.exe
  2⤵
  PID:6048
- C:\Windows\System\dfTRbIk.exe
  C:\Windows\System\dfTRbIk.exe
  2⤵
  PID:6072
- C:\Windows\System\Euawqyl.exe
  C:\Windows\System\Euawqyl.exe
  2⤵
  PID:6108
- C:\Windows\System\kRpIOao.exe
  C:\Windows\System\kRpIOao.exe
  2⤵
  PID:6136
- C:\Windows\System\gPvJcKT.exe
  C:\Windows\System\gPvJcKT.exe
  2⤵
  PID:5160
- C:\Windows\System\RKzKNok.exe
  C:\Windows\System\RKzKNok.exe
  2⤵
  PID:5212
- C:\Windows\System\CZcJVph.exe
  C:\Windows\System\CZcJVph.exe
  2⤵
  PID:5312
- C:\Windows\System\eiTavdq.exe
  C:\Windows\System\eiTavdq.exe
  2⤵
  PID:5380
- C:\Windows\System\RwOwsZb.exe
  C:\Windows\System\RwOwsZb.exe
  2⤵
  PID:5428
- C:\Windows\System\ntvfpck.exe
  C:\Windows\System\ntvfpck.exe
  2⤵
  PID:5444
- C:\Windows\System\VNmEXRz.exe
  C:\Windows\System\VNmEXRz.exe
  2⤵
  PID:5480
- C:\Windows\System\mhrjJZL.exe
  C:\Windows\System\mhrjJZL.exe
  2⤵
  PID:5560
- C:\Windows\System\AwWtCwe.exe
  C:\Windows\System\AwWtCwe.exe
  2⤵
  PID:5620
- C:\Windows\System\wupyiXR.exe
  C:\Windows\System\wupyiXR.exe
  2⤵
  PID:5708
- C:\Windows\System\NAnJJgP.exe
  C:\Windows\System\NAnJJgP.exe
  2⤵
  PID:5776
- C:\Windows\System\PnQmzeU.exe
  C:\Windows\System\PnQmzeU.exe
  2⤵
  PID:5876
- C:\Windows\System\YCuXyeb.exe
  C:\Windows\System\YCuXyeb.exe
  2⤵
  PID:5940
- C:\Windows\System\OTXSuTI.exe
  C:\Windows\System\OTXSuTI.exe
  2⤵
  PID:6000
- C:\Windows\System\IUpaiGl.exe
  C:\Windows\System\IUpaiGl.exe
  2⤵
  PID:6088
- C:\Windows\System\YOqUzrp.exe
  C:\Windows\System\YOqUzrp.exe
  2⤵
  PID:5188
- C:\Windows\System\EUxhika.exe
  C:\Windows\System\EUxhika.exe
  2⤵
  PID:5304
- C:\Windows\System\vBRBPUX.exe
  C:\Windows\System\vBRBPUX.exe
  2⤵
  PID:5476
- C:\Windows\System\bNJXllE.exe
  C:\Windows\System\bNJXllE.exe
  2⤵
  PID:5672
- C:\Windows\System\ScALCRw.exe
  C:\Windows\System\ScALCRw.exe
  2⤵
  PID:5748
- C:\Windows\System\uakjGXe.exe
  C:\Windows\System\uakjGXe.exe
  2⤵
  PID:5384
- C:\Windows\System\snQCiyl.exe
  C:\Windows\System\snQCiyl.exe
  2⤵
  PID:5804
- C:\Windows\System\YIklXZb.exe
  C:\Windows\System\YIklXZb.exe
  2⤵
  PID:4084
- C:\Windows\System\hALbFuK.exe
  C:\Windows\System\hALbFuK.exe
  2⤵
  PID:6180
- C:\Windows\System\fyQoSNb.exe
  C:\Windows\System\fyQoSNb.exe
  2⤵
  PID:6260
- C:\Windows\System\xHpUBZO.exe
  C:\Windows\System\xHpUBZO.exe
  2⤵
  PID:6296
- C:\Windows\System\aGGzYDg.exe
  C:\Windows\System\aGGzYDg.exe
  2⤵
  PID:6328
- C:\Windows\System\rYppvoZ.exe
  C:\Windows\System\rYppvoZ.exe
  2⤵
  PID:6356
- C:\Windows\System\KIexhuy.exe
  C:\Windows\System\KIexhuy.exe
  2⤵
  PID:6396
- C:\Windows\System\dSHICyT.exe
  C:\Windows\System\dSHICyT.exe
  2⤵
  PID:6420
- C:\Windows\System\JUCLhYn.exe
  C:\Windows\System\JUCLhYn.exe
  2⤵
  PID:6448
- C:\Windows\System\MrTrqkI.exe
  C:\Windows\System\MrTrqkI.exe
  2⤵
  PID:6476
- C:\Windows\System\uoRxTRv.exe
  C:\Windows\System\uoRxTRv.exe
  2⤵
  PID:6504
- C:\Windows\System\uSPlUuk.exe
  C:\Windows\System\uSPlUuk.exe
  2⤵
  PID:6536
- C:\Windows\System\COTqSCD.exe
  C:\Windows\System\COTqSCD.exe
  2⤵
  PID:6564
- C:\Windows\System\UNhYNwN.exe
  C:\Windows\System\UNhYNwN.exe
  2⤵
  PID:6588
- C:\Windows\System\LbEjfXh.exe
  C:\Windows\System\LbEjfXh.exe
  2⤵
  PID:6616
- C:\Windows\System\ojlpKHP.exe
  C:\Windows\System\ojlpKHP.exe
  2⤵
  PID:6648
- C:\Windows\System\rowAmwu.exe
  C:\Windows\System\rowAmwu.exe
  2⤵
  PID:6676
- C:\Windows\System\nunJVhZ.exe
  C:\Windows\System\nunJVhZ.exe
  2⤵
  PID:6704
- C:\Windows\System\XydDofF.exe
  C:\Windows\System\XydDofF.exe
  2⤵
  PID:6732
- C:\Windows\System\PAKuZvF.exe
  C:\Windows\System\PAKuZvF.exe
  2⤵
  PID:6764
- C:\Windows\System\ZDTYXpz.exe
  C:\Windows\System\ZDTYXpz.exe
  2⤵
  PID:6792
- C:\Windows\System\gnQPtwH.exe
  C:\Windows\System\gnQPtwH.exe
  2⤵
  PID:6824
- C:\Windows\System\EqTihwP.exe
  C:\Windows\System\EqTihwP.exe
  2⤵
  PID:6844
- C:\Windows\System\kTTUcTG.exe
  C:\Windows\System\kTTUcTG.exe
  2⤵
  PID:6872
- C:\Windows\System\yNnssVf.exe
  C:\Windows\System\yNnssVf.exe
  2⤵
  PID:6912
- C:\Windows\System\MEpzBel.exe
  C:\Windows\System\MEpzBel.exe
  2⤵
  PID:6940
- C:\Windows\System\LfJBXeB.exe
  C:\Windows\System\LfJBXeB.exe
  2⤵
  PID:6968
- C:\Windows\System\gxCzbaO.exe
  C:\Windows\System\gxCzbaO.exe
  2⤵
  PID:7000
- C:\Windows\System\wuLaZvQ.exe
  C:\Windows\System\wuLaZvQ.exe
  2⤵
  PID:7032
- C:\Windows\System\ndYlIeL.exe
  C:\Windows\System\ndYlIeL.exe
  2⤵
  PID:7056
- C:\Windows\System\GjsKkTu.exe
  C:\Windows\System\GjsKkTu.exe
  2⤵
  PID:7088
- C:\Windows\System\HIWpCRn.exe
  C:\Windows\System\HIWpCRn.exe
  2⤵
  PID:7120
- C:\Windows\System\MpYCNvz.exe
  C:\Windows\System\MpYCNvz.exe
  2⤵
  PID:7148
- C:\Windows\System\aSrllgq.exe
  C:\Windows\System\aSrllgq.exe
  2⤵
  PID:6188
- C:\Windows\System\HTBuFTP.exe
  C:\Windows\System\HTBuFTP.exe
  2⤵
  PID:6284
- C:\Windows\System\PaojkiY.exe
  C:\Windows\System\PaojkiY.exe
  2⤵
  PID:4040
- C:\Windows\System\aakgPKp.exe
  C:\Windows\System\aakgPKp.exe
  2⤵
  PID:4304
- C:\Windows\System\FJwpbft.exe
  C:\Windows\System\FJwpbft.exe
  2⤵
  PID:6440
- C:\Windows\System\JNydxSB.exe
  C:\Windows\System\JNydxSB.exe
  2⤵
  PID:6528
- C:\Windows\System\GkxZwzL.exe
  C:\Windows\System\GkxZwzL.exe
  2⤵
  PID:4568
- C:\Windows\System\WCWhroT.exe
  C:\Windows\System\WCWhroT.exe
  2⤵
  PID:6628
- C:\Windows\System\IlBgYJW.exe
  C:\Windows\System\IlBgYJW.exe
  2⤵
  PID:6692
- C:\Windows\System\wTvcGIz.exe
  C:\Windows\System\wTvcGIz.exe
  2⤵
  PID:6304
- C:\Windows\System\RTFYyhf.exe
  C:\Windows\System\RTFYyhf.exe
  2⤵
  PID:6832
- C:\Windows\System\WouHGyz.exe
  C:\Windows\System\WouHGyz.exe
  2⤵
  PID:6896
- C:\Windows\System\bbqVjWJ.exe
  C:\Windows\System\bbqVjWJ.exe
  2⤵
  PID:6976
- C:\Windows\System\RxWnfoO.exe
  C:\Windows\System\RxWnfoO.exe
  2⤵
  PID:7040
- C:\Windows\System\ciunvPu.exe
  C:\Windows\System\ciunvPu.exe
  2⤵
  PID:7096
- C:\Windows\System\WPAQNZN.exe
  C:\Windows\System\WPAQNZN.exe
  2⤵
  PID:7156
- C:\Windows\System\aRprBDf.exe
  C:\Windows\System\aRprBDf.exe
  2⤵
  PID:6348
- C:\Windows\System\FhvNfQn.exe
  C:\Windows\System\FhvNfQn.exe
  2⤵
  PID:6432
- C:\Windows\System\htNzplC.exe
  C:\Windows\System\htNzplC.exe
  2⤵
  PID:6572
- C:\Windows\System\iRkdIOS.exe
  C:\Windows\System\iRkdIOS.exe
  2⤵
  PID:6636
- C:\Windows\System\yhVWyoA.exe
  C:\Windows\System\yhVWyoA.exe
  2⤵
  PID:6800
- C:\Windows\System\KgZrwZk.exe
  C:\Windows\System\KgZrwZk.exe
  2⤵
  PID:6988
- C:\Windows\System\hYAqQor.exe
  C:\Windows\System\hYAqQor.exe
  2⤵
  PID:7136
- C:\Windows\System\OEvrfmW.exe
  C:\Windows\System\OEvrfmW.exe
  2⤵
  PID:6496
- C:\Windows\System\ZgUJmJx.exe
  C:\Windows\System\ZgUJmJx.exe
  2⤵
  PID:6744
- C:\Windows\System\oCQluAA.exe
  C:\Windows\System\oCQluAA.exe
  2⤵
  PID:6232
- C:\Windows\System\JoFwUwe.exe
  C:\Windows\System\JoFwUwe.exe
  2⤵
  PID:6920
- C:\Windows\System\XCcLpxJ.exe
  C:\Windows\System\XCcLpxJ.exe
  2⤵
  PID:7064
- C:\Windows\System\jzjDgRF.exe
  C:\Windows\System\jzjDgRF.exe
  2⤵
  PID:7184
- C:\Windows\System\UtOKqUJ.exe
  C:\Windows\System\UtOKqUJ.exe
  2⤵
  PID:7216
- C:\Windows\System\IZeSmHF.exe
  C:\Windows\System\IZeSmHF.exe
  2⤵
  PID:7232
- C:\Windows\System\XEouFoW.exe
  C:\Windows\System\XEouFoW.exe
  2⤵
  PID:7268
- C:\Windows\System\ykrnEWi.exe
  C:\Windows\System\ykrnEWi.exe
  2⤵
  PID:7300
- C:\Windows\System\ovYbAeA.exe
  C:\Windows\System\ovYbAeA.exe
  2⤵
  PID:7328
- C:\Windows\System\VwIaZbs.exe
  C:\Windows\System\VwIaZbs.exe
  2⤵
  PID:7356
- C:\Windows\System\lfkVgBX.exe
  C:\Windows\System\lfkVgBX.exe
  2⤵
  PID:7384
- C:\Windows\System\mPuNkLX.exe
  C:\Windows\System\mPuNkLX.exe
  2⤵
  PID:7408
- C:\Windows\System\JyPpTTb.exe
  C:\Windows\System\JyPpTTb.exe
  2⤵
  PID:7436
- C:\Windows\System\kxBNDdK.exe
  C:\Windows\System\kxBNDdK.exe
  2⤵
  PID:7468
- C:\Windows\System\LkzePLm.exe
  C:\Windows\System\LkzePLm.exe
  2⤵
  PID:7496
- C:\Windows\System\yFZeUSq.exe
  C:\Windows\System\yFZeUSq.exe
  2⤵
  PID:7528
- C:\Windows\System\oNSQwOi.exe
  C:\Windows\System\oNSQwOi.exe
  2⤵
  PID:7556
- C:\Windows\System\JpoGTJq.exe
  C:\Windows\System\JpoGTJq.exe
  2⤵
  PID:7584
- C:\Windows\System\lIhFbnW.exe
  C:\Windows\System\lIhFbnW.exe
  2⤵
  PID:7612
- C:\Windows\System\DETpQUI.exe
  C:\Windows\System\DETpQUI.exe
  2⤵
  PID:7640
- C:\Windows\System\SCfedBf.exe
  C:\Windows\System\SCfedBf.exe
  2⤵
  PID:7672
- C:\Windows\System\WhhgWZH.exe
  C:\Windows\System\WhhgWZH.exe
  2⤵
  PID:7696
- C:\Windows\System\OcUdXgU.exe
  C:\Windows\System\OcUdXgU.exe
  2⤵
  PID:7724
- C:\Windows\System\LduPyAH.exe
  C:\Windows\System\LduPyAH.exe
  2⤵
  PID:7756
- C:\Windows\System\jilIYTK.exe
  C:\Windows\System\jilIYTK.exe
  2⤵
  PID:7784
- C:\Windows\System\FXDJxaz.exe
  C:\Windows\System\FXDJxaz.exe
  2⤵
  PID:7812
- C:\Windows\System\QxxsJyF.exe
  C:\Windows\System\QxxsJyF.exe
  2⤵
  PID:7840
- C:\Windows\System\lVveOrd.exe
  C:\Windows\System\lVveOrd.exe
  2⤵
  PID:7868
- C:\Windows\System\OfehsEO.exe
  C:\Windows\System\OfehsEO.exe
  2⤵
  PID:7900
- C:\Windows\System\qvkcKTK.exe
  C:\Windows\System\qvkcKTK.exe
  2⤵
  PID:7928
- C:\Windows\System\xGBvGxG.exe
  C:\Windows\System\xGBvGxG.exe
  2⤵
  PID:7956
- C:\Windows\System\fMVnHeI.exe
  C:\Windows\System\fMVnHeI.exe
  2⤵
  PID:7980
- C:\Windows\System\kdeYekh.exe
  C:\Windows\System\kdeYekh.exe
  2⤵
  PID:8012
- C:\Windows\System\JmcOTId.exe
  C:\Windows\System\JmcOTId.exe
  2⤵
  PID:8032
- C:\Windows\System\EWmLQyC.exe
  C:\Windows\System\EWmLQyC.exe
  2⤵
  PID:8064
- C:\Windows\System\HrWbmJd.exe
  C:\Windows\System\HrWbmJd.exe
  2⤵
  PID:8096
- C:\Windows\System\yMdvULA.exe
  C:\Windows\System\yMdvULA.exe
  2⤵
  PID:8124
- C:\Windows\System\JnqBhgO.exe
  C:\Windows\System\JnqBhgO.exe
  2⤵
  PID:8144
- C:\Windows\System\RSfEyFe.exe
  C:\Windows\System\RSfEyFe.exe
  2⤵
  PID:8176
- C:\Windows\System\eejkCVo.exe
  C:\Windows\System\eejkCVo.exe
  2⤵
  PID:7208
- C:\Windows\System\GLsrTcF.exe
  C:\Windows\System\GLsrTcF.exe
  2⤵
  PID:7252
- C:\Windows\System\cHFUVls.exe
  C:\Windows\System\cHFUVls.exe
  2⤵
  PID:7308
- C:\Windows\System\TfceNub.exe
  C:\Windows\System\TfceNub.exe
  2⤵
  PID:7372
- C:\Windows\System\VQSVWcO.exe
  C:\Windows\System\VQSVWcO.exe
  2⤵
  PID:7440
- C:\Windows\System\gbXQzMM.exe
  C:\Windows\System\gbXQzMM.exe
  2⤵
  PID:7524
- C:\Windows\System\IqrgJmS.exe
  C:\Windows\System\IqrgJmS.exe
  2⤵
  PID:7536
- C:\Windows\System\ECInGTz.exe
  C:\Windows\System\ECInGTz.exe
  2⤵
  PID:7592
- C:\Windows\System\btZYVqk.exe
  C:\Windows\System\btZYVqk.exe
  2⤵
  PID:7664
- C:\Windows\System\jdiRpmM.exe
  C:\Windows\System\jdiRpmM.exe
  2⤵
  PID:7740
- C:\Windows\System\SMktkjk.exe
  C:\Windows\System\SMktkjk.exe
  2⤵
  PID:7800
- C:\Windows\System\ktoIaWn.exe
  C:\Windows\System\ktoIaWn.exe
  2⤵
  PID:7888
- C:\Windows\System\yhfnayA.exe
  C:\Windows\System\yhfnayA.exe
  2⤵
  PID:7936
- C:\Windows\System\huTOZtL.exe
  C:\Windows\System\huTOZtL.exe
  2⤵
  PID:8008
- C:\Windows\System\eUDdSTx.exe
  C:\Windows\System\eUDdSTx.exe
  2⤵
  PID:8072
- C:\Windows\System\PRGmVEa.exe
  C:\Windows\System\PRGmVEa.exe
  2⤵
  PID:8136
- C:\Windows\System\CQEEHUn.exe
  C:\Windows\System\CQEEHUn.exe
  2⤵
  PID:7224
- C:\Windows\System\JkLLckw.exe
  C:\Windows\System\JkLLckw.exe
  2⤵
  PID:7736
- C:\Windows\System\zznEGCa.exe
  C:\Windows\System\zznEGCa.exe
  2⤵
  PID:7456
- C:\Windows\System\moQgwQH.exe
  C:\Windows\System\moQgwQH.exe
  2⤵
  PID:7576
- C:\Windows\System\nnlvVpS.exe
  C:\Windows\System\nnlvVpS.exe
  2⤵
  PID:7768
- C:\Windows\System\zhBIsWM.exe
  C:\Windows\System\zhBIsWM.exe
  2⤵
  PID:7924
- C:\Windows\System\SDYYWUg.exe
  C:\Windows\System\SDYYWUg.exe
  2⤵
  PID:8056
- C:\Windows\System\OZKBqLO.exe
  C:\Windows\System\OZKBqLO.exe
  2⤵
  PID:7244
- C:\Windows\System\rSTabIk.exe
  C:\Windows\System\rSTabIk.exe
  2⤵
  PID:3372
- C:\Windows\System\iFKDCon.exe
  C:\Windows\System\iFKDCon.exe
  2⤵
  PID:7860
- C:\Windows\System\wGnzEAp.exe
  C:\Windows\System\wGnzEAp.exe
  2⤵
  PID:7428
- C:\Windows\System\lhGagUY.exe
  C:\Windows\System\lhGagUY.exe
  2⤵
  PID:8132
- C:\Windows\System\CcpTnss.exe
  C:\Windows\System\CcpTnss.exe
  2⤵
  PID:7828
- C:\Windows\System\qoZXEbf.exe
  C:\Windows\System\qoZXEbf.exe
  2⤵
  PID:8216
- C:\Windows\System\KkzFnsS.exe
  C:\Windows\System\KkzFnsS.exe
  2⤵
  PID:8252
- C:\Windows\System\uYdpVNU.exe
  C:\Windows\System\uYdpVNU.exe
  2⤵
  PID:8272
- C:\Windows\System\fAPUCsl.exe
  C:\Windows\System\fAPUCsl.exe
  2⤵
  PID:8304
- C:\Windows\System\SiOJdeD.exe
  C:\Windows\System\SiOJdeD.exe
  2⤵
  PID:8344
- C:\Windows\System\mlmyHjC.exe
  C:\Windows\System\mlmyHjC.exe
  2⤵
  PID:8360
- C:\Windows\System\SxmzPEA.exe
  C:\Windows\System\SxmzPEA.exe
  2⤵
  PID:8396
- C:\Windows\System\rvKcNaf.exe
  C:\Windows\System\rvKcNaf.exe
  2⤵
  PID:8420
- C:\Windows\System\HMkzWBr.exe
  C:\Windows\System\HMkzWBr.exe
  2⤵
  PID:8452
- C:\Windows\System\KqClIQC.exe
  C:\Windows\System\KqClIQC.exe
  2⤵
  PID:8476
- C:\Windows\System\VXhmMEk.exe
  C:\Windows\System\VXhmMEk.exe
  2⤵
  PID:8508
- C:\Windows\System\YLVTfxI.exe
  C:\Windows\System\YLVTfxI.exe
  2⤵
  PID:8532
- C:\Windows\System\jjqJMGd.exe
  C:\Windows\System\jjqJMGd.exe
  2⤵
  PID:8560
- C:\Windows\System\oUNZhyX.exe
  C:\Windows\System\oUNZhyX.exe
  2⤵
  PID:8588
- C:\Windows\System\qfSAbrm.exe
  C:\Windows\System\qfSAbrm.exe
  2⤵
  PID:8616
- C:\Windows\System\VZposYo.exe
  C:\Windows\System\VZposYo.exe
  2⤵
  PID:8644
- C:\Windows\System\oFSFqId.exe
  C:\Windows\System\oFSFqId.exe
  2⤵
  PID:8672
- C:\Windows\System\GUEhemU.exe
  C:\Windows\System\GUEhemU.exe
  2⤵
  PID:8704
- C:\Windows\System\FLueqhA.exe
  C:\Windows\System\FLueqhA.exe
  2⤵
  PID:8728
- C:\Windows\System\vwleRNU.exe
  C:\Windows\System\vwleRNU.exe
  2⤵
  PID:8756
- C:\Windows\System\qrUblGE.exe
  C:\Windows\System\qrUblGE.exe
  2⤵
  PID:8784
- C:\Windows\System\uZhUXPN.exe
  C:\Windows\System\uZhUXPN.exe
  2⤵
  PID:8812
- C:\Windows\System\RpXCfCA.exe
  C:\Windows\System\RpXCfCA.exe
  2⤵
  PID:8840
- C:\Windows\System\fgknHmx.exe
  C:\Windows\System\fgknHmx.exe
  2⤵
  PID:8868
- C:\Windows\System\vwPFpKo.exe
  C:\Windows\System\vwPFpKo.exe
  2⤵
  PID:8904
- C:\Windows\System\yhQUEXv.exe
  C:\Windows\System\yhQUEXv.exe
  2⤵
  PID:8924
- C:\Windows\System\cOYnKHj.exe
  C:\Windows\System\cOYnKHj.exe
  2⤵
  PID:8952
- C:\Windows\System\rEvhvwv.exe
  C:\Windows\System\rEvhvwv.exe
  2⤵
  PID:8980
- C:\Windows\System\LZuOYyD.exe
  C:\Windows\System\LZuOYyD.exe
  2⤵
  PID:9008
- C:\Windows\System\aOMWiEn.exe
  C:\Windows\System\aOMWiEn.exe
  2⤵
  PID:9036
- C:\Windows\System\NUAfYFJ.exe
  C:\Windows\System\NUAfYFJ.exe
  2⤵
  PID:9064
- C:\Windows\System\pmUjJhw.exe
  C:\Windows\System\pmUjJhw.exe
  2⤵
  PID:9100
- C:\Windows\System\rASTpZS.exe
  C:\Windows\System\rASTpZS.exe
  2⤵
  PID:9120
- C:\Windows\System\gAFzPLe.exe
  C:\Windows\System\gAFzPLe.exe
  2⤵
  PID:9148
- C:\Windows\System\vIuzyQT.exe
  C:\Windows\System\vIuzyQT.exe
  2⤵
  PID:9176
- C:\Windows\System\nWgvlEt.exe
  C:\Windows\System\nWgvlEt.exe
  2⤵
  PID:9208
- C:\Windows\System\LJyaUEp.exe
  C:\Windows\System\LJyaUEp.exe
  2⤵
  PID:8236
- C:\Windows\System\wgGusNL.exe
  C:\Windows\System\wgGusNL.exe
  2⤵
  PID:8300
- C:\Windows\System\dmPffOf.exe
  C:\Windows\System\dmPffOf.exe
  2⤵
  PID:8372
- C:\Windows\System\PtQORdo.exe
  C:\Windows\System\PtQORdo.exe
  2⤵
  PID:8440
- C:\Windows\System\mNlMEzZ.exe
  C:\Windows\System\mNlMEzZ.exe
  2⤵
  PID:8500
- C:\Windows\System\hSPtTJK.exe
  C:\Windows\System\hSPtTJK.exe
  2⤵
  PID:8572
- C:\Windows\System\aFqtopf.exe
  C:\Windows\System\aFqtopf.exe
  2⤵
  PID:8636
- C:\Windows\System\fYrQcYh.exe
  C:\Windows\System\fYrQcYh.exe
  2⤵
  PID:8696
- C:\Windows\System\QoDSzoy.exe
  C:\Windows\System\QoDSzoy.exe
  2⤵
  PID:8768
- C:\Windows\System\joMUtzF.exe
  C:\Windows\System\joMUtzF.exe
  2⤵
  PID:8832
- C:\Windows\System\bPkgvRn.exe
  C:\Windows\System\bPkgvRn.exe
  2⤵
  PID:8892
- C:\Windows\System\mJUvlSw.exe
  C:\Windows\System\mJUvlSw.exe
  2⤵
  PID:8964
- C:\Windows\System\CHZGxjo.exe
  C:\Windows\System\CHZGxjo.exe
  2⤵
  PID:9020
- C:\Windows\System\TocBgqh.exe
  C:\Windows\System\TocBgqh.exe
  2⤵
  PID:9084
- C:\Windows\System\xiSvfnb.exe
  C:\Windows\System\xiSvfnb.exe
  2⤵
  PID:9144
- C:\Windows\System\uylKfiO.exe
  C:\Windows\System\uylKfiO.exe
  2⤵
  PID:8208
- C:\Windows\System\vkWglvS.exe
  C:\Windows\System\vkWglvS.exe
  2⤵
  PID:8352
- C:\Windows\System\MZumhUk.exe
  C:\Windows\System\MZumhUk.exe
  2⤵
  PID:8488
- C:\Windows\System\gouxMeR.exe
  C:\Windows\System\gouxMeR.exe
  2⤵
  PID:8664
- C:\Windows\System\rcEsZqE.exe
  C:\Windows\System\rcEsZqE.exe
  2⤵
  PID:8808
- C:\Windows\System\llzWvhM.exe
  C:\Windows\System\llzWvhM.exe
  2⤵
  PID:8944
- C:\Windows\System\akXABHF.exe
  C:\Windows\System\akXABHF.exe
  2⤵
  PID:9112
- C:\Windows\System\xVtzvVm.exe
  C:\Windows\System\xVtzvVm.exe
  2⤵
  PID:8340
- C:\Windows\System\UTYgitt.exe
  C:\Windows\System\UTYgitt.exe
  2⤵
  PID:8724
- C:\Windows\System\DxcwbsA.exe
  C:\Windows\System\DxcwbsA.exe
  2⤵
  PID:9060
- C:\Windows\System\DERTJXe.exe
  C:\Windows\System\DERTJXe.exe
  2⤵
  PID:8612
- C:\Windows\System\WKPjkaj.exe
  C:\Windows\System\WKPjkaj.exe
  2⤵
  PID:8496
- C:\Windows\System\UGTFtLr.exe
  C:\Windows\System\UGTFtLr.exe
  2⤵
  PID:9232
- C:\Windows\System\IKNEJgd.exe
  C:\Windows\System\IKNEJgd.exe
  2⤵
  PID:9260
- C:\Windows\System\eOHaDlg.exe
  C:\Windows\System\eOHaDlg.exe
  2⤵
  PID:9292
- C:\Windows\System\ejTMwTh.exe
  C:\Windows\System\ejTMwTh.exe
  2⤵
  PID:9332
- C:\Windows\System\gExaqbs.exe
  C:\Windows\System\gExaqbs.exe
  2⤵
  PID:9348
- C:\Windows\System\qDYGDGW.exe
  C:\Windows\System\qDYGDGW.exe
  2⤵
  PID:9376
- C:\Windows\System\rWciYgy.exe
  C:\Windows\System\rWciYgy.exe
  2⤵
  PID:9400
- C:\Windows\System\WYCnvxy.exe
  C:\Windows\System\WYCnvxy.exe
  2⤵
  PID:9428
- C:\Windows\System\ukFNeZL.exe
  C:\Windows\System\ukFNeZL.exe
  2⤵
  PID:9448
- C:\Windows\System\aKHRMtC.exe
  C:\Windows\System\aKHRMtC.exe
  2⤵
  PID:9488
- C:\Windows\System\yBCDRCn.exe
  C:\Windows\System\yBCDRCn.exe
  2⤵
  PID:9520
- C:\Windows\System\TmgGiqR.exe
  C:\Windows\System\TmgGiqR.exe
  2⤵
  PID:9548
- C:\Windows\System\RwZUlXc.exe
  C:\Windows\System\RwZUlXc.exe
  2⤵
  PID:9576
- C:\Windows\System\tvVwZJK.exe
  C:\Windows\System\tvVwZJK.exe
  2⤵
  PID:9604
- C:\Windows\System\KqAoNNL.exe
  C:\Windows\System\KqAoNNL.exe
  2⤵
  PID:9632
- C:\Windows\System\EQyBcyb.exe
  C:\Windows\System\EQyBcyb.exe
  2⤵
  PID:9660
- C:\Windows\System\ZwZhXEd.exe
  C:\Windows\System\ZwZhXEd.exe
  2⤵
  PID:9692
- C:\Windows\System\qvGGFVB.exe
  C:\Windows\System\qvGGFVB.exe
  2⤵
  PID:9720
- C:\Windows\System\sNuRbyL.exe
  C:\Windows\System\sNuRbyL.exe
  2⤵
  PID:9748
- C:\Windows\System\hCsRrbk.exe
  C:\Windows\System\hCsRrbk.exe
  2⤵
  PID:9776
- C:\Windows\System\XLOaGso.exe
  C:\Windows\System\XLOaGso.exe
  2⤵
  PID:9808
- C:\Windows\System\Tmbmexf.exe
  C:\Windows\System\Tmbmexf.exe
  2⤵
  PID:9832
- C:\Windows\System\YrlQDqF.exe
  C:\Windows\System\YrlQDqF.exe
  2⤵
  PID:9860
- C:\Windows\System\HebGlqZ.exe
  C:\Windows\System\HebGlqZ.exe
  2⤵
  PID:9888
- C:\Windows\System\XJxSNom.exe
  C:\Windows\System\XJxSNom.exe
  2⤵
  PID:9916
- C:\Windows\System\RtdlsSF.exe
  C:\Windows\System\RtdlsSF.exe
  2⤵
  PID:9944
- C:\Windows\System\VcSGTeG.exe
  C:\Windows\System\VcSGTeG.exe
  2⤵
  PID:9972
- C:\Windows\System\bxRIMes.exe
  C:\Windows\System\bxRIMes.exe
  2⤵
  PID:10004
- C:\Windows\System\jHCPFkM.exe
  C:\Windows\System\jHCPFkM.exe
  2⤵
  PID:10032
- C:\Windows\System\JSZOLTK.exe
  C:\Windows\System\JSZOLTK.exe
  2⤵
  PID:10064
- C:\Windows\System\DWNyapM.exe
  C:\Windows\System\DWNyapM.exe
  2⤵
  PID:10092
- C:\Windows\System\IEJasHy.exe
  C:\Windows\System\IEJasHy.exe
  2⤵
  PID:10108
- C:\Windows\System\uEhDDPl.exe
  C:\Windows\System\uEhDDPl.exe
  2⤵
  PID:10148
- C:\Windows\System\DNVVIUn.exe
  C:\Windows\System\DNVVIUn.exe
  2⤵
  PID:10172
- C:\Windows\System\BibjGmu.exe
  C:\Windows\System\BibjGmu.exe
  2⤵
  PID:10212
- C:\Windows\System\cpfDLVo.exe
  C:\Windows\System\cpfDLVo.exe
  2⤵
  PID:10228
- C:\Windows\System\ImqztgZ.exe
  C:\Windows\System\ImqztgZ.exe
  2⤵
  PID:9304
- C:\Windows\System\ewHkGwV.exe
  C:\Windows\System\ewHkGwV.exe
  2⤵
  PID:9388
- C:\Windows\System\BYhkWUR.exe
  C:\Windows\System\BYhkWUR.exe
  2⤵
  PID:9424
- C:\Windows\System\NXFqVmX.exe
  C:\Windows\System\NXFqVmX.exe
  2⤵
  PID:5168
- C:\Windows\System\jMdPYyv.exe
  C:\Windows\System\jMdPYyv.exe
  2⤵
  PID:6104
- C:\Windows\System\dPwIPAu.exe
  C:\Windows\System\dPwIPAu.exe
  2⤵
  PID:9560
- C:\Windows\System\QknEMbM.exe
  C:\Windows\System\QknEMbM.exe
  2⤵
  PID:9656
- C:\Windows\System\UHKzrrq.exe
  C:\Windows\System\UHKzrrq.exe
  2⤵
  PID:9816
- C:\Windows\System\bLjdcgF.exe
  C:\Windows\System\bLjdcgF.exe
  2⤵
  PID:9856
- C:\Windows\System\HVQdOmN.exe
  C:\Windows\System\HVQdOmN.exe
  2⤵
  PID:9908
- C:\Windows\System\vMlbABt.exe
  C:\Windows\System\vMlbABt.exe
  2⤵
  PID:9984
- C:\Windows\System\xboePhN.exe
  C:\Windows\System\xboePhN.exe
  2⤵
  PID:10052
- C:\Windows\System\RncyZCa.exe
  C:\Windows\System\RncyZCa.exe
  2⤵
  PID:4724
- C:\Windows\System\KXovSLg.exe
  C:\Windows\System\KXovSLg.exe
  2⤵
  PID:10156
- C:\Windows\System\iqYtPAq.exe
  C:\Windows\System\iqYtPAq.exe
  2⤵
  PID:10060
- C:\Windows\System\CXvuXNK.exe
  C:\Windows\System\CXvuXNK.exe
  2⤵
  PID:10188
- C:\Windows\System\GtSYdpY.exe
  C:\Windows\System\GtSYdpY.exe
  2⤵
  PID:9340
- C:\Windows\System\yusINpu.exe
  C:\Windows\System\yusINpu.exe
  2⤵
  PID:9372
- C:\Windows\System\aqyQOHa.exe
  C:\Windows\System\aqyQOHa.exe
  2⤵
  PID:9368
- C:\Windows\System\UCMdAAI.exe
  C:\Windows\System\UCMdAAI.exe
  2⤵
  PID:3336
- C:\Windows\System\wOXjYeX.exe
  C:\Windows\System\wOXjYeX.exe
  2⤵
  PID:4148
- C:\Windows\System\HeNhzZe.exe
  C:\Windows\System\HeNhzZe.exe
  2⤵
  PID:8296
- C:\Windows\System\fqpUHPo.exe
  C:\Windows\System\fqpUHPo.exe
  2⤵
  PID:2752
- C:\Windows\System\AEumKKU.exe
  C:\Windows\System\AEumKKU.exe
  2⤵
  PID:4600
- C:\Windows\System\iQRissq.exe
  C:\Windows\System\iQRissq.exe
  2⤵
  PID:3168
- C:\Windows\System\FABUkol.exe
  C:\Windows\System\FABUkol.exe
  2⤵
  PID:9900
- C:\Windows\System\CawbRTT.exe
  C:\Windows\System\CawbRTT.exe
  2⤵
  PID:10024
- C:\Windows\System\AoAnoNg.exe
  C:\Windows\System\AoAnoNg.exe
  2⤵
  PID:10100
- C:\Windows\System\LGopEKg.exe
  C:\Windows\System\LGopEKg.exe
  2⤵
  PID:9760
- C:\Windows\System\TMKyvSK.exe
  C:\Windows\System\TMKyvSK.exe
  2⤵
  PID:10224
- C:\Windows\System\NRTmgZs.exe
  C:\Windows\System\NRTmgZs.exe
  2⤵
  PID:6152
- C:\Windows\System\pxaTwrl.exe
  C:\Windows\System\pxaTwrl.exe
  2⤵
  PID:3740
- C:\Windows\System\FXUcUMp.exe
  C:\Windows\System\FXUcUMp.exe
  2⤵
  PID:7008
- C:\Windows\System\sZZxZaj.exe
  C:\Windows\System\sZZxZaj.exe
  2⤵
  PID:2072
- C:\Windows\System\bbTeKjK.exe
  C:\Windows\System\bbTeKjK.exe
  2⤵
  PID:9516
- C:\Windows\System\LiiVvLW.exe
  C:\Windows\System\LiiVvLW.exe
  2⤵
  PID:9716
- C:\Windows\System\HQDIIvZ.exe
  C:\Windows\System\HQDIIvZ.exe
  2⤵
  PID:4448
- C:\Windows\System\BXWjoHJ.exe
  C:\Windows\System\BXWjoHJ.exe
  2⤵
  PID:9540
- C:\Windows\System\wmxIXMN.exe
  C:\Windows\System\wmxIXMN.exe
  2⤵
  PID:9844
- C:\Windows\System\lgsrvKJ.exe
  C:\Windows\System\lgsrvKJ.exe
  2⤵
  PID:10000
- C:\Windows\System\XBLJJWA.exe
  C:\Windows\System\XBLJJWA.exe
  2⤵
  PID:10056
- C:\Windows\System\ddgjKxz.exe
  C:\Windows\System\ddgjKxz.exe
  2⤵
  PID:4464
- C:\Windows\System\hHDnriK.exe
  C:\Windows\System\hHDnriK.exe
  2⤵
  PID:10276
- C:\Windows\System\pTKMtZd.exe
  C:\Windows\System\pTKMtZd.exe
  2⤵
  PID:10308
- C:\Windows\System\zgwaXUn.exe
  C:\Windows\System\zgwaXUn.exe
  2⤵
  PID:10332
- C:\Windows\System\lFcWOcM.exe
  C:\Windows\System\lFcWOcM.exe
  2⤵
  PID:10352
- C:\Windows\System\IncQgvy.exe
  C:\Windows\System\IncQgvy.exe
  2⤵
  PID:10380
- C:\Windows\System\UxovuHr.exe
  C:\Windows\System\UxovuHr.exe
  2⤵
  PID:10408
- C:\Windows\System\DhcXRpY.exe
  C:\Windows\System\DhcXRpY.exe
  2⤵
  PID:10436
- C:\Windows\System\mfQqzwv.exe
  C:\Windows\System\mfQqzwv.exe
  2⤵
  PID:10464
- C:\Windows\System\asFBNPs.exe
  C:\Windows\System\asFBNPs.exe
  2⤵
  PID:10492
- C:\Windows\System\AkqhjhK.exe
  C:\Windows\System\AkqhjhK.exe
  2⤵
  PID:10520
- C:\Windows\System\SwtpWbg.exe
  C:\Windows\System\SwtpWbg.exe
  2⤵
  PID:10548
- C:\Windows\System\WJkViHN.exe
  C:\Windows\System\WJkViHN.exe
  2⤵
  PID:10576
- C:\Windows\System\JFMalFN.exe
  C:\Windows\System\JFMalFN.exe
  2⤵
  PID:10604
- C:\Windows\System\DtyRMTZ.exe
  C:\Windows\System\DtyRMTZ.exe
  2⤵
  PID:10632
- C:\Windows\System\HOKKKFo.exe
  C:\Windows\System\HOKKKFo.exe
  2⤵
  PID:10668
- C:\Windows\System\gFLRKpe.exe
  C:\Windows\System\gFLRKpe.exe
  2⤵
  PID:10692
- C:\Windows\System\UdnGBEU.exe
  C:\Windows\System\UdnGBEU.exe
  2⤵
  PID:10716
- C:\Windows\System\OJhPTdL.exe
  C:\Windows\System\OJhPTdL.exe
  2⤵
  PID:10744
- C:\Windows\System\IqiRiiG.exe
  C:\Windows\System\IqiRiiG.exe
  2⤵
  PID:10772
- C:\Windows\System\PlFDGmU.exe
  C:\Windows\System\PlFDGmU.exe
  2⤵
  PID:10800
- C:\Windows\System\FGknJUs.exe
  C:\Windows\System\FGknJUs.exe
  2⤵
  PID:10828
- C:\Windows\System\GxNurkQ.exe
  C:\Windows\System\GxNurkQ.exe
  2⤵
  PID:10856
- C:\Windows\System\ZRSYwBg.exe
  C:\Windows\System\ZRSYwBg.exe
  2⤵
  PID:10884
- C:\Windows\System\EhUsQXG.exe
  C:\Windows\System\EhUsQXG.exe
  2⤵
  PID:10912
- C:\Windows\System\ypdbtTy.exe
  C:\Windows\System\ypdbtTy.exe
  2⤵
  PID:10944
- C:\Windows\System\MtuknFh.exe
  C:\Windows\System\MtuknFh.exe
  2⤵
  PID:10968
- C:\Windows\System\pMNqcyA.exe
  C:\Windows\System\pMNqcyA.exe
  2⤵
  PID:11000
- C:\Windows\System\sANNAaa.exe
  C:\Windows\System\sANNAaa.exe
  2⤵
  PID:11028
- C:\Windows\System\pjhTtZj.exe
  C:\Windows\System\pjhTtZj.exe
  2⤵
  PID:11056
- C:\Windows\System\rVLeBEk.exe
  C:\Windows\System\rVLeBEk.exe
  2⤵
  PID:11084
- C:\Windows\System\jybbbKV.exe
  C:\Windows\System\jybbbKV.exe
  2⤵
  PID:11112
- C:\Windows\System\AIAShTx.exe
  C:\Windows\System\AIAShTx.exe
  2⤵
  PID:11140
- C:\Windows\System\EDXrBQf.exe
  C:\Windows\System\EDXrBQf.exe
  2⤵
  PID:11168
- C:\Windows\System\pgzXgAj.exe
  C:\Windows\System\pgzXgAj.exe
  2⤵
  PID:11196
- C:\Windows\System\SCzIllU.exe
  C:\Windows\System\SCzIllU.exe
  2⤵
  PID:11224
- C:\Windows\System\vzgImIz.exe
  C:\Windows\System\vzgImIz.exe
  2⤵
  PID:11252
- C:\Windows\System\DpCruqo.exe
  C:\Windows\System\DpCruqo.exe
  2⤵
  PID:10284
- C:\Windows\System\AjhFNEx.exe
  C:\Windows\System\AjhFNEx.exe
  2⤵
  PID:10344
- C:\Windows\System\mvpSuCk.exe
  C:\Windows\System\mvpSuCk.exe
  2⤵
  PID:10404
- C:\Windows\System\YFdGvIG.exe
  C:\Windows\System\YFdGvIG.exe
  2⤵
  PID:10476
- C:\Windows\System\gzHDlMP.exe
  C:\Windows\System\gzHDlMP.exe
  2⤵
  PID:10540
- C:\Windows\System\OJVngVM.exe
  C:\Windows\System\OJVngVM.exe
  2⤵
  PID:10600
- C:\Windows\System\AtdsAGE.exe
  C:\Windows\System\AtdsAGE.exe
  2⤵
  PID:10676
- C:\Windows\System\wWBkxzc.exe
  C:\Windows\System\wWBkxzc.exe
  2⤵
  PID:10736
- C:\Windows\System\ndrCWpM.exe
  C:\Windows\System\ndrCWpM.exe
  2⤵
  PID:10792
- C:\Windows\System\MTUJvMK.exe
  C:\Windows\System\MTUJvMK.exe
  2⤵
  PID:10852
- C:\Windows\System\YhgdzsW.exe
  C:\Windows\System\YhgdzsW.exe
  2⤵
  PID:10924
- C:\Windows\System\ynMeoPz.exe
  C:\Windows\System\ynMeoPz.exe
  2⤵
  PID:10992
- C:\Windows\System\pHxMuYS.exe
  C:\Windows\System\pHxMuYS.exe
  2⤵
  PID:11052
- C:\Windows\System\RMMGbCy.exe
  C:\Windows\System\RMMGbCy.exe
  2⤵
  PID:11124
- C:\Windows\System\VsvIfga.exe
  C:\Windows\System\VsvIfga.exe
  2⤵
  PID:11188
- C:\Windows\System\NKokMOR.exe
  C:\Windows\System\NKokMOR.exe
  2⤵
  PID:11248
- C:\Windows\System\ZtyhJuI.exe
  C:\Windows\System\ZtyhJuI.exe
  2⤵
  PID:10372
- C:\Windows\System\FwLoXEg.exe
  C:\Windows\System\FwLoXEg.exe
  2⤵
  PID:10516
- C:\Windows\System\CycPkLi.exe
  C:\Windows\System\CycPkLi.exe
  2⤵
  PID:10728
- C:\Windows\System\ZddrbtN.exe
  C:\Windows\System\ZddrbtN.exe
  2⤵
  PID:10904
- C:\Windows\System\gbrgjYV.exe
  C:\Windows\System\gbrgjYV.exe
  2⤵
  PID:11040
- C:\Windows\System\jQJmXYa.exe
  C:\Windows\System\jQJmXYa.exe
  2⤵
  PID:11180
- C:\Windows\System\yFhXtJw.exe
  C:\Windows\System\yFhXtJw.exe
  2⤵
  PID:10432
- C:\Windows\System\vAnSWeK.exe
  C:\Windows\System\vAnSWeK.exe
  2⤵
  PID:10700
- C:\Windows\System\UgXYQip.exe
  C:\Windows\System\UgXYQip.exe
  2⤵
  PID:10988
- C:\Windows\System\sudthrl.exe
  C:\Windows\System\sudthrl.exe
  2⤵
  PID:10340
- C:\Windows\System\lqmrjar.exe
  C:\Windows\System\lqmrjar.exe
  2⤵
  PID:11152
- C:\Windows\System\jchELYu.exe
  C:\Windows\System\jchELYu.exe
  2⤵
  PID:10964
- C:\Windows\System\ZUkLfwJ.exe
  C:\Windows\System\ZUkLfwJ.exe
  2⤵
  PID:11304
- C:\Windows\System\APoemoI.exe
  C:\Windows\System\APoemoI.exe
  2⤵
  PID:11328
- C:\Windows\System\nujUvne.exe
  C:\Windows\System\nujUvne.exe
  2⤵
  PID:11348
- C:\Windows\System\PLvkxkf.exe
  C:\Windows\System\PLvkxkf.exe
  2⤵
  PID:11376
- C:\Windows\System\eHkhNTb.exe
  C:\Windows\System\eHkhNTb.exe
  2⤵
  PID:11404
- C:\Windows\System\YPcPvtx.exe
  C:\Windows\System\YPcPvtx.exe
  2⤵
  PID:11432
- C:\Windows\System\rXPcbnW.exe
  C:\Windows\System\rXPcbnW.exe
  2⤵
  PID:11468
- C:\Windows\System\fNlGkuM.exe
  C:\Windows\System\fNlGkuM.exe
  2⤵
  PID:11488
- C:\Windows\System\YJPbVJP.exe
  C:\Windows\System\YJPbVJP.exe
  2⤵
  PID:11516
- C:\Windows\System\rtpbFkV.exe
  C:\Windows\System\rtpbFkV.exe
  2⤵
  PID:11544
- C:\Windows\System\DZZmUMH.exe
  C:\Windows\System\DZZmUMH.exe
  2⤵
  PID:11572
- C:\Windows\System\cVAzVew.exe
  C:\Windows\System\cVAzVew.exe
  2⤵
  PID:11604
- C:\Windows\System\kfhmsMO.exe
  C:\Windows\System\kfhmsMO.exe
  2⤵
  PID:11628
- C:\Windows\System\iUdeOqk.exe
  C:\Windows\System\iUdeOqk.exe
  2⤵
  PID:11672
- C:\Windows\System\ntXtkMQ.exe
  C:\Windows\System\ntXtkMQ.exe
  2⤵
  PID:11688
- C:\Windows\System\iSYboFT.exe
  C:\Windows\System\iSYboFT.exe
  2⤵
  PID:11716
- C:\Windows\System\FImUtUP.exe
  C:\Windows\System\FImUtUP.exe
  2⤵
  PID:11744
- C:\Windows\System\lHQrvDp.exe
  C:\Windows\System\lHQrvDp.exe
  2⤵
  PID:11772
- C:\Windows\System\lDplZEQ.exe
  C:\Windows\System\lDplZEQ.exe
  2⤵
  PID:11800
- C:\Windows\System\osyBtYn.exe
  C:\Windows\System\osyBtYn.exe
  2⤵
  PID:11836
- C:\Windows\System\TDkoMuj.exe
  C:\Windows\System\TDkoMuj.exe
  2⤵
  PID:11856
- C:\Windows\System\rxQbdAX.exe
  C:\Windows\System\rxQbdAX.exe
  2⤵
  PID:11884
- C:\Windows\System\DvOhRRm.exe
  C:\Windows\System\DvOhRRm.exe
  2⤵
  PID:11912
- C:\Windows\System\kYfruSs.exe
  C:\Windows\System\kYfruSs.exe
  2⤵
  PID:11948
- C:\Windows\System\yISbPNW.exe
  C:\Windows\System\yISbPNW.exe
  2⤵
  PID:11968
- C:\Windows\System\MFWMZgc.exe
  C:\Windows\System\MFWMZgc.exe
  2⤵
  PID:11996
- C:\Windows\System\hiwDTVZ.exe
  C:\Windows\System\hiwDTVZ.exe
  2⤵
  PID:12028
- C:\Windows\System\XJSzrjF.exe
  C:\Windows\System\XJSzrjF.exe
  2⤵
  PID:12052
- C:\Windows\System\soLAfvT.exe
  C:\Windows\System\soLAfvT.exe
  2⤵
  PID:12080
- C:\Windows\System\xTkKBCh.exe
  C:\Windows\System\xTkKBCh.exe
  2⤵
  PID:12108
- C:\Windows\System\zpgWMiz.exe
  C:\Windows\System\zpgWMiz.exe
  2⤵
  PID:12136
- C:\Windows\System\LAHbgnS.exe
  C:\Windows\System\LAHbgnS.exe
  2⤵
  PID:12176
- C:\Windows\System\qeOXhFF.exe
  C:\Windows\System\qeOXhFF.exe
  2⤵
  PID:12228
- C:\Windows\System\HoRyxSv.exe
  C:\Windows\System\HoRyxSv.exe
  2⤵
  PID:12264
- C:\Windows\System\SbJMhkw.exe
  C:\Windows\System\SbJMhkw.exe
  2⤵
  PID:720
- C:\Windows\System\bOdWJYx.exe
  C:\Windows\System\bOdWJYx.exe
  2⤵
  PID:1304
- C:\Windows\System\DSITZMb.exe
  C:\Windows\System\DSITZMb.exe
  2⤵
  PID:3868
- C:\Windows\System\WTlFVgW.exe
  C:\Windows\System\WTlFVgW.exe
  2⤵
  PID:11368
- C:\Windows\System\WYYeQBM.exe
  C:\Windows\System\WYYeQBM.exe
  2⤵
  PID:11476
- C:\Windows\System\NSlrgOo.exe
  C:\Windows\System\NSlrgOo.exe
  2⤵
  PID:11536
- C:\Windows\System\pMVrejn.exe
  C:\Windows\System\pMVrejn.exe
  2⤵
  PID:11620
- C:\Windows\System\aOxsoeV.exe
  C:\Windows\System\aOxsoeV.exe
  2⤵
  PID:11728
- C:\Windows\System\OrNtXCq.exe
  C:\Windows\System\OrNtXCq.exe
  2⤵
  PID:11820
- C:\Windows\System\WlljmHl.exe
  C:\Windows\System\WlljmHl.exe
  2⤵
  PID:11852
- C:\Windows\System\ADEqYcS.exe
  C:\Windows\System\ADEqYcS.exe
  2⤵
  PID:11924
- C:\Windows\System\nKLByvj.exe
  C:\Windows\System\nKLByvj.exe
  2⤵
  PID:12008
- C:\Windows\System\uFnRNyi.exe
  C:\Windows\System\uFnRNyi.exe
  2⤵
  PID:12048
- C:\Windows\System\YlfLltj.exe
  C:\Windows\System\YlfLltj.exe
  2⤵
  PID:12120
- C:\Windows\System\IYGlKkp.exe
  C:\Windows\System\IYGlKkp.exe
  2⤵
  PID:12208
- C:\Windows\System\fiiXTcF.exe
  C:\Windows\System\fiiXTcF.exe
  2⤵
  PID:10588
- C:\Windows\System\NbyOdGh.exe
  C:\Windows\System\NbyOdGh.exe
  2⤵
  PID:3824
- C:\Windows\System\YDgnqQc.exe
  C:\Windows\System\YDgnqQc.exe
  2⤵
  PID:11512
- C:\Windows\System\oIvGaNB.exe
  C:\Windows\System\oIvGaNB.exe
  2⤵
  PID:11708
- C:\Windows\System\tyUVIjj.exe
  C:\Windows\System\tyUVIjj.exe
  2⤵
  PID:11848
- C:\Windows\System\rJpeCDy.exe
  C:\Windows\System\rJpeCDy.exe
  2⤵
  PID:12036
- C:\Windows\System\knszCYc.exe
  C:\Windows\System\knszCYc.exe
  2⤵
  PID:12172
- C:\Windows\System\pyVKiCH.exe
  C:\Windows\System\pyVKiCH.exe
  2⤵
  PID:11288
- C:\Windows\System\sxvGgxU.exe
  C:\Windows\System\sxvGgxU.exe
  2⤵
  PID:11812
- C:\Windows\System\bUZUjvI.exe
  C:\Windows\System\bUZUjvI.exe
  2⤵
  PID:12104
- C:\Windows\System\KVpyKLy.exe
  C:\Windows\System\KVpyKLy.exe
  2⤵
  PID:11664
- C:\Windows\System\OQJGSbF.exe
  C:\Windows\System\OQJGSbF.exe
  2⤵
  PID:11612
- C:\Windows\System\HggXWSM.exe
  C:\Windows\System\HggXWSM.exe
  2⤵
  PID:12304
- C:\Windows\System\nuymfAx.exe
  C:\Windows\System\nuymfAx.exe
  2⤵
  PID:12332
- C:\Windows\System\HFirMyC.exe
  C:\Windows\System\HFirMyC.exe
  2⤵
  PID:12360
- C:\Windows\System\kdacWfm.exe
  C:\Windows\System\kdacWfm.exe
  2⤵
  PID:12392
- C:\Windows\System\mlKHLqk.exe
  C:\Windows\System\mlKHLqk.exe
  2⤵
  PID:12428
- C:\Windows\System\OaxGTdL.exe
  C:\Windows\System\OaxGTdL.exe
  2⤵
  PID:12452
- C:\Windows\System\qYyiamR.exe
  C:\Windows\System\qYyiamR.exe
  2⤵
  PID:12476
- C:\Windows\System\SVklaqF.exe
  C:\Windows\System\SVklaqF.exe
  2⤵
  PID:12504
- C:\Windows\System\QlmfLxn.exe
  C:\Windows\System\QlmfLxn.exe
  2⤵
  PID:12540
- C:\Windows\System\MkYtOmQ.exe
  C:\Windows\System\MkYtOmQ.exe
  2⤵
  PID:12568
- C:\Windows\System\KJFYZbm.exe
  C:\Windows\System\KJFYZbm.exe
  2⤵
  PID:12588
- C:\Windows\System\VhyRLQt.exe
  C:\Windows\System\VhyRLQt.exe
  2⤵
  PID:12616
- C:\Windows\System\pzHrvCk.exe
  C:\Windows\System\pzHrvCk.exe
  2⤵
  PID:12652
- C:\Windows\System\VLPxmCf.exe
  C:\Windows\System\VLPxmCf.exe
  2⤵
  PID:12672
- C:\Windows\System\eEpZPSG.exe
  C:\Windows\System\eEpZPSG.exe
  2⤵
  PID:12704
- C:\Windows\System\lXaAPCo.exe
  C:\Windows\System\lXaAPCo.exe
  2⤵
  PID:12728
- C:\Windows\System\OmEJjTG.exe
  C:\Windows\System\OmEJjTG.exe
  2⤵
  PID:12756
- C:\Windows\System\fPFhdBT.exe
  C:\Windows\System\fPFhdBT.exe
  2⤵
  PID:12784
- C:\Windows\System\BoprnyN.exe
  C:\Windows\System\BoprnyN.exe
  2⤵
  PID:12812
- C:\Windows\System\ebutIOJ.exe
  C:\Windows\System\ebutIOJ.exe
  2⤵
  PID:12840
- C:\Windows\System\nMTSAoR.exe
  C:\Windows\System\nMTSAoR.exe
  2⤵
  PID:12868
- C:\Windows\System\oRrgkNA.exe
  C:\Windows\System\oRrgkNA.exe
  2⤵
  PID:12896
- C:\Windows\System\ZDURnBd.exe
  C:\Windows\System\ZDURnBd.exe
  2⤵
  PID:12924
- C:\Windows\System\CKbhnLj.exe
  C:\Windows\System\CKbhnLj.exe
  2⤵
  PID:12952
- C:\Windows\System\pRwcVKZ.exe
  C:\Windows\System\pRwcVKZ.exe
  2⤵
  PID:12980
- C:\Windows\System\YmADMKg.exe
  C:\Windows\System\YmADMKg.exe
  2⤵
  PID:13008
- C:\Windows\System\xYCdZpI.exe
  C:\Windows\System\xYCdZpI.exe
  2⤵
  PID:13036
- C:\Windows\System\DYgXPES.exe
  C:\Windows\System\DYgXPES.exe
  2⤵
  PID:13064
- C:\Windows\System\jOmPnGY.exe
  C:\Windows\System\jOmPnGY.exe
  2⤵
  PID:13092
- C:\Windows\System\ESiYXNo.exe
  C:\Windows\System\ESiYXNo.exe
  2⤵
  PID:13120
- C:\Windows\System\ypwFIYf.exe
  C:\Windows\System\ypwFIYf.exe
  2⤵
  PID:13148
- C:\Windows\System\qeQrJUM.exe
  C:\Windows\System\qeQrJUM.exe
  2⤵
  PID:13180
- C:\Windows\System\gFTPnOJ.exe
  C:\Windows\System\gFTPnOJ.exe
  2⤵
  PID:13208
- C:\Windows\System\fLPFMGZ.exe
  C:\Windows\System\fLPFMGZ.exe
  2⤵
  PID:13236
- C:\Windows\System\YdJRfQR.exe
  C:\Windows\System\YdJRfQR.exe
  2⤵
  PID:13264
- C:\Windows\System\ftDIGrz.exe
  C:\Windows\System\ftDIGrz.exe
  2⤵
  PID:13292
- C:\Windows\System\nsexqEQ.exe
  C:\Windows\System\nsexqEQ.exe
  2⤵
  PID:12300
- C:\Windows\System\TtqHpbN.exe
  C:\Windows\System\TtqHpbN.exe
  2⤵
  PID:12372
- C:\Windows\System\cFrkhMu.exe
  C:\Windows\System\cFrkhMu.exe
  2⤵
  PID:12416
- C:\Windows\System\okemYBD.exe
  C:\Windows\System\okemYBD.exe
  2⤵
  PID:12488
- C:\Windows\System\fTdJsOz.exe
  C:\Windows\System\fTdJsOz.exe
  2⤵
  PID:12552
- C:\Windows\System\XShuhiE.exe
  C:\Windows\System\XShuhiE.exe
  2⤵
  PID:12612
- C:\Windows\System\DpwqxrP.exe
  C:\Windows\System\DpwqxrP.exe
  2⤵
  PID:12684
- C:\Windows\System\gJxoVAP.exe
  C:\Windows\System\gJxoVAP.exe
  2⤵
  PID:12748
- C:\Windows\System\MpVcpuL.exe
  C:\Windows\System\MpVcpuL.exe
  2⤵
  PID:12808
- C:\Windows\System\OdpkvtA.exe
  C:\Windows\System\OdpkvtA.exe
  2⤵
  PID:9668
- C:\Windows\System\AhbztsA.exe
  C:\Windows\System\AhbztsA.exe
  2⤵
  PID:12936
- C:\Windows\System\QRrqDGk.exe
  C:\Windows\System\QRrqDGk.exe
  2⤵
  PID:12992
- C:\Windows\System\HwAmcoj.exe
  C:\Windows\System\HwAmcoj.exe
  2⤵
  PID:13056
- C:\Windows\System\kdIdhNA.exe
  C:\Windows\System\kdIdhNA.exe
  2⤵
  PID:13104
- C:\Windows\System\hIVSmfU.exe
  C:\Windows\System\hIVSmfU.exe
  2⤵
  PID:4256
- C:\Windows\System\vRNkYIf.exe
  C:\Windows\System\vRNkYIf.exe
  2⤵
  PID:13176
- C:\Windows\System\QlEjgdZ.exe
  C:\Windows\System\QlEjgdZ.exe
  2⤵
  PID:13228
- C:\Windows\System\TgYjsLN.exe
  C:\Windows\System\TgYjsLN.exe
  2⤵
  PID:13284
- C:\Windows\System\rElSPXi.exe
  C:\Windows\System\rElSPXi.exe
  2⤵
  PID:12356
- C:\Windows\System\VEkqLEA.exe
  C:\Windows\System\VEkqLEA.exe
  2⤵
  PID:5040
- C:\Windows\System\FbvibYo.exe
  C:\Windows\System\FbvibYo.exe
  2⤵
  PID:12548
- C:\Windows\System\NPrKGdd.exe
  C:\Windows\System\NPrKGdd.exe
  2⤵
  PID:4604
- C:\Windows\System\sGWKcas.exe
  C:\Windows\System\sGWKcas.exe
  2⤵
  PID:1596
- C:\Windows\System\aKcwbao.exe
  C:\Windows\System\aKcwbao.exe
  2⤵
  PID:12740
- C:\Windows\System\QDsQgNG.exe
  C:\Windows\System\QDsQgNG.exe
  2⤵
  PID:3480
- C:\Windows\System\rMxzUAR.exe
  C:\Windows\System\rMxzUAR.exe
  2⤵
  PID:12916
- C:\Windows\System\FVEmleC.exe
  C:\Windows\System\FVEmleC.exe
  2⤵
  PID:3400
- C:\Windows\System\ndhrUUX.exe
  C:\Windows\System\ndhrUUX.exe
  2⤵
  PID:3592
- C:\Windows\System\tFrGVuh.exe
  C:\Windows\System\tFrGVuh.exe
  2⤵
  PID:4368
- C:\Windows\System\dWrSVUG.exe
  C:\Windows\System\dWrSVUG.exe
  2⤵
  PID:13276
- C:\Windows\System\mEmlZAb.exe
  C:\Windows\System\mEmlZAb.exe
  2⤵
  PID:12468
- C:\Windows\System\LeVVKFL.exe
  C:\Windows\System\LeVVKFL.exe
  2⤵
  PID:2272
- C:\Windows\System\NtObAkO.exe
  C:\Windows\System\NtObAkO.exe
  2⤵
  PID:4016
- C:\Windows\System\GPBeTEQ.exe
  C:\Windows\System\GPBeTEQ.exe
  2⤵
  PID:3060
- C:\Windows\System\phnlNeZ.exe
  C:\Windows\System\phnlNeZ.exe
  2⤵
  PID:3296
- C:\Windows\System\AsmbftU.exe
  C:\Windows\System\AsmbftU.exe
  2⤵
  PID:13088
- C:\Windows\System\QytgIer.exe
  C:\Windows\System\QytgIer.exe
  2⤵
  PID:2980
- C:\Windows\System\gBVXoQI.exe
  C:\Windows\System\gBVXoQI.exe
  2⤵
  PID:12328
- C:\Windows\System\XiYxrRC.exe
  C:\Windows\System\XiYxrRC.exe
  2⤵
  PID:1776
- C:\Windows\System\syWLoxB.exe
  C:\Windows\System\syWLoxB.exe
  2⤵
  PID:1988
- C:\Windows\System\kWnaalN.exe
  C:\Windows\System\kWnaalN.exe
  2⤵
  PID:1092
- C:\Windows\System\yOcAnnR.exe
  C:\Windows\System\yOcAnnR.exe
  2⤵
  PID:2400
- C:\Windows\System\FjLnbwU.exe
  C:\Windows\System\FjLnbwU.exe
  2⤵
  PID:892
- C:\Windows\System\IBhcmMi.exe
  C:\Windows\System\IBhcmMi.exe
  2⤵
  PID:4532
- C:\Windows\System\KARMdhA.exe
  C:\Windows\System\KARMdhA.exe
  2⤵
  PID:3112
- C:\Windows\System\joIeUDR.exe
  C:\Windows\System\joIeUDR.exe
  2⤵
  PID:4004
- C:\Windows\System\bwEGLmE.exe
  C:\Windows\System\bwEGLmE.exe
  2⤵
  PID:2560
- C:\Windows\System\ruLUViz.exe
  C:\Windows\System\ruLUViz.exe
  2⤵
  PID:13084
- C:\Windows\System\fWYDExO.exe
  C:\Windows\System\fWYDExO.exe
  2⤵
  PID:4456
- C:\Windows\System\RENWXfF.exe
  C:\Windows\System\RENWXfF.exe
  2⤵
  PID:1612
- C:\Windows\System\iOXEjPT.exe
  C:\Windows\System\iOXEjPT.exe
  2⤵
  PID:3080
- C:\Windows\System\czGUaco.exe
  C:\Windows\System\czGUaco.exe
  2⤵
  PID:2092
- C:\Windows\System\jFBKDpa.exe
  C:\Windows\System\jFBKDpa.exe
  2⤵
  PID:4508
- C:\Windows\System\yQqlKRA.exe
  C:\Windows\System\yQqlKRA.exe
  2⤵
  PID:13332
- C:\Windows\System\tmXqbvp.exe
  C:\Windows\System\tmXqbvp.exe
  2⤵
  PID:13360
- C:\Windows\System\ZvjMpYI.exe
  C:\Windows\System\ZvjMpYI.exe
  2⤵
  PID:13388
- C:\Windows\System\UJIBmMN.exe
  C:\Windows\System\UJIBmMN.exe
  2⤵
  PID:13416
- C:\Windows\System\kffubIX.exe
  C:\Windows\System\kffubIX.exe
  2⤵
  PID:13444
- C:\Windows\System\xVcrYsY.exe
  C:\Windows\System\xVcrYsY.exe
  2⤵
  PID:13472
- C:\Windows\System\xDsODVO.exe
  C:\Windows\System\xDsODVO.exe
  2⤵
  PID:13500
- C:\Windows\System\DucwTHg.exe
  C:\Windows\System\DucwTHg.exe
  2⤵
  PID:13528
- C:\Windows\System\LYqpBFd.exe
  C:\Windows\System\LYqpBFd.exe
  2⤵
  PID:13556
- C:\Windows\System\PZjLGIB.exe
  C:\Windows\System\PZjLGIB.exe
  2⤵
  PID:13584
- C:\Windows\System\ozZWJTb.exe
  C:\Windows\System\ozZWJTb.exe
  2⤵
  PID:13612
- C:\Windows\System\CvSNwqa.exe
  C:\Windows\System\CvSNwqa.exe
  2⤵
  PID:13640
- C:\Windows\System\fNyYBJn.exe
  C:\Windows\System\fNyYBJn.exe
  2⤵
  PID:13668
- C:\Windows\System\JwrXvTe.exe
  C:\Windows\System\JwrXvTe.exe
  2⤵
  PID:13696
- C:\Windows\System\jEyIfyx.exe
  C:\Windows\System\jEyIfyx.exe
  2⤵
  PID:13724
- C:\Windows\System\qSOeAGv.exe
  C:\Windows\System\qSOeAGv.exe
  2⤵
  PID:13752
- C:\Windows\System\DOzSUUK.exe
  C:\Windows\System\DOzSUUK.exe
  2⤵
  PID:13780
- C:\Windows\System\HRDkGwL.exe
  C:\Windows\System\HRDkGwL.exe
  2⤵
  PID:13808
- C:\Windows\System\iFNZbON.exe
  C:\Windows\System\iFNZbON.exe
  2⤵
  PID:13836
- C:\Windows\System\oqjiFyH.exe
  C:\Windows\System\oqjiFyH.exe
  2⤵
  PID:13864
- C:\Windows\System\QOwRbEI.exe
  C:\Windows\System\QOwRbEI.exe
  2⤵
  PID:13892
- C:\Windows\System\zMOYyfv.exe
  C:\Windows\System\zMOYyfv.exe
  2⤵
  PID:13936
- C:\Windows\System\WGKXKIr.exe
  C:\Windows\System\WGKXKIr.exe
  2⤵
  PID:13952
- C:\Windows\System\niRzPDS.exe
  C:\Windows\System\niRzPDS.exe
  2⤵
  PID:13988
- C:\Windows\System\nhuGCCR.exe
  C:\Windows\System\nhuGCCR.exe
  2⤵
  PID:14008
- C:\Windows\System\sRuQgBy.exe
  C:\Windows\System\sRuQgBy.exe
  2⤵
  PID:14036
- C:\Windows\System\fhxqAnk.exe
  C:\Windows\System\fhxqAnk.exe
  2⤵
  PID:14064
- C:\Windows\System\vmpJcmP.exe
  C:\Windows\System\vmpJcmP.exe
  2⤵
  PID:14092
- C:\Windows\System\juRWEUP.exe
  C:\Windows\System\juRWEUP.exe
  2⤵
  PID:14120
- C:\Windows\System\alSDSMn.exe
  C:\Windows\System\alSDSMn.exe
  2⤵
  PID:14148
- C:\Windows\System\cRcUors.exe
  C:\Windows\System\cRcUors.exe
  2⤵
  PID:14176
- C:\Windows\System\pdnUkOt.exe
  C:\Windows\System\pdnUkOt.exe
  2⤵
  PID:14204
- C:\Windows\System\usGzQRD.exe
  C:\Windows\System\usGzQRD.exe
  2⤵
  PID:14232
- C:\Windows\System\ruPwWUG.exe
  C:\Windows\System\ruPwWUG.exe
  2⤵
  PID:14260
- C:\Windows\System\HIjLSzU.exe
  C:\Windows\System\HIjLSzU.exe
  2⤵
  PID:14288
- C:\Windows\System\uzoFBRC.exe
  C:\Windows\System\uzoFBRC.exe
  2⤵
  PID:14316
- C:\Windows\System\oaAlCwz.exe
  C:\Windows\System\oaAlCwz.exe
  2⤵
  PID:1828
- C:\Windows\System\hBQnpWF.exe
  C:\Windows\System\hBQnpWF.exe
  2⤵
  PID:13372
- C:\Windows\System\xoJLSFx.exe
  C:\Windows\System\xoJLSFx.exe
  2⤵
  PID:13436
- C:\Windows\System\wGkhmxS.exe
  C:\Windows\System\wGkhmxS.exe
  2⤵
  PID:13484
- C:\Windows\System\MVRCGiC.exe
  C:\Windows\System\MVRCGiC.exe
  2⤵
  PID:13540
- C:\Windows\System\CItCSuB.exe
  C:\Windows\System\CItCSuB.exe
  2⤵
  PID:13596
- C:\Windows\System\LCJrEjD.exe
  C:\Windows\System\LCJrEjD.exe
  2⤵
  PID:13660
- C:\Windows\System\CKyhFOQ.exe
  C:\Windows\System\CKyhFOQ.exe
  2⤵
  PID:5368
- C:\Windows\System\dKpNDiH.exe
  C:\Windows\System\dKpNDiH.exe
  2⤵
  PID:13744
- C:\Windows\System\ImVMXbl.exe
  C:\Windows\System\ImVMXbl.exe
  2⤵
  PID:1176
- C:\Windows\System\RxsoYoA.exe
  C:\Windows\System\RxsoYoA.exe
  2⤵
  PID:13776
- C:\Windows\System\AsNtAIj.exe
  C:\Windows\System\AsNtAIj.exe
  2⤵
  PID:13876
- C:\Windows\System\VasKUGc.exe
  C:\Windows\System\VasKUGc.exe
  2⤵
  PID:13912
- C:\Windows\System\XpKAICO.exe
  C:\Windows\System\XpKAICO.exe
  2⤵
  PID:13964
- C:\Windows\System\qdDjCcx.exe
  C:\Windows\System\qdDjCcx.exe
  2⤵
  PID:5540
- C:\Windows\System\RzHYcnX.exe
  C:\Windows\System\RzHYcnX.exe
  2⤵
  PID:5564
- C:\Windows\System\RUNglXT.exe
  C:\Windows\System\RUNglXT.exe
  2⤵
  PID:14084
- C:\Windows\System\zSHqxgM.exe
  C:\Windows\System\zSHqxgM.exe
  2⤵
  PID:5696
- C:\Windows\System\psbLFpq.exe
  C:\Windows\System\psbLFpq.exe
  2⤵
  PID:14160
- C:\Windows\System\GGTTCYc.exe
  C:\Windows\System\GGTTCYc.exe
  2⤵
  PID:14224
- C:\Windows\System\keVzlHa.exe
  C:\Windows\System\keVzlHa.exe
  2⤵
  PID:5844
- C:\Windows\System\nyDXuyF.exe
  C:\Windows\System\nyDXuyF.exe
  2⤵
  PID:14328
- C:\Windows\System\xIOHEzP.exe
  C:\Windows\System\xIOHEzP.exe
  2⤵
  PID:5912
- C:\Windows\System\pydCguY.exe
  C:\Windows\System\pydCguY.exe
  2⤵
  PID:5164
- C:\Windows\System\cCeLanL.exe
  C:\Windows\System\cCeLanL.exe
  2⤵
  PID:13552
- C:\Windows\System\zgbxhWc.exe
  C:\Windows\System\zgbxhWc.exe
  2⤵
  PID:6004
- C:\Windows\System\gRYSxZr.exe
  C:\Windows\System\gRYSxZr.exe
  2⤵
  PID:6032
- C:\Windows\System\KgsNHim.exe
  C:\Windows\System\KgsNHim.exe
  2⤵
  PID:5404
- C:\Windows\System\flmkxFo.exe
  C:\Windows\System\flmkxFo.exe
  2⤵
  PID:13772
- C:\Windows\System\biMEapX.exe
  C:\Windows\System\biMEapX.exe
  2⤵
  PID:13856
- C:\Windows\System\eycypPm.exe
  C:\Windows\System\eycypPm.exe
  2⤵
  PID:5468
- C:\Windows\System\LZapQaI.exe
  C:\Windows\System\LZapQaI.exe
  2⤵
  PID:13972
- C:\Windows\System\XxXQreA.exe
  C:\Windows\System\XxXQreA.exe
  2⤵
  PID:5580
- C:\Windows\System\sptDpVI.exe
  C:\Windows\System\sptDpVI.exe
  2⤵
  PID:14116
- C:\Windows\System\fcAeVJx.exe
  C:\Windows\System\fcAeVJx.exe
  2⤵
  PID:14140
- C:\Windows\System\mTpedeP.exe
  C:\Windows\System\mTpedeP.exe
  2⤵
  PID:5700
- C:\Windows\System\gprBEdh.exe
  C:\Windows\System\gprBEdh.exe
  2⤵
  PID:5760
- C:\Windows\System\dOvLVPp.exe
  C:\Windows\System\dOvLVPp.exe
  2⤵
  PID:13412
- C:\Windows\System\mpLwjxC.exe
  C:\Windows\System\mpLwjxC.exe
  2⤵
  PID:13576
- C:\Windows\System\ibaVVoR.exe
  C:\Windows\System\ibaVVoR.exe
  2⤵
  PID:13688
- C:\Windows\System\QnOshDK.exe
  C:\Windows\System\QnOshDK.exe
  2⤵
  PID:5308
- C:\Windows\System\OGXfUny.exe
  C:\Windows\System\OGXfUny.exe
  2⤵
  PID:5420
- C:\Windows\System\ZapwGXA.exe
  C:\Windows\System\ZapwGXA.exe
  2⤵
  PID:13904
- C:\Windows\System\oBFYPMO.exe
  C:\Windows\System\oBFYPMO.exe
  2⤵
  PID:14032
- C:\Windows\System\sDSXpjL.exe
  C:\Windows\System\sDSXpjL.exe
  2⤵
  PID:5616
- C:\Windows\System\eDkpslk.exe
  C:\Windows\System\eDkpslk.exe
  2⤵
  PID:5516
- C:\Windows\System\gMTmGhm.exe
  C:\Windows\System\gMTmGhm.exe
  2⤵
  PID:11444
- C:\Windows\System\nIZDiCP.exe
  C:\Windows\System\nIZDiCP.exe
  2⤵
  PID:5816
- C:\Windows\System\sUaxXud.exe
  C:\Windows\System\sUaxXud.exe
  2⤵
  PID:3560
- C:\Windows\System\VOGONTu.exe
  C:\Windows\System\VOGONTu.exe
  2⤵
  PID:5880
- C:\Windows\System\ycIwZBw.exe
  C:\Windows\System\ycIwZBw.exe
  2⤵
  PID:11428
- C:\Windows\System\XQgxBsQ.exe
  C:\Windows\System\XQgxBsQ.exe
  2⤵
  PID:5972
- C:\Windows\System\VAFQyNy.exe
  C:\Windows\System\VAFQyNy.exe
  2⤵
  PID:3960
- C:\Windows\System\xHDxxzd.exe
  C:\Windows\System\xHDxxzd.exe
  2⤵
  PID:6444
- C:\Windows\System\yBquejs.exe
  C:\Windows\System\yBquejs.exe
  2⤵
  PID:13720
- C:\Windows\System\AUaKwml.exe
  C:\Windows\System\AUaKwml.exe
  2⤵
  PID:5124
- C:\Windows\System\dKCgzBd.exe
  C:\Windows\System\dKCgzBd.exe
  2⤵
  PID:4228
- C:\Windows\System\BNdrHec.exe
  C:\Windows\System\BNdrHec.exe
  2⤵
  PID:6576
- C:\Windows\System\RgnNpOp.exe
  C:\Windows\System\RgnNpOp.exe
  2⤵
  PID:6632
- C:\Windows\System\JRELTSZ.exe
  C:\Windows\System\JRELTSZ.exe
  2⤵
  PID:11556
- C:\Windows\System\AqiExqg.exe
  C:\Windows\System\AqiExqg.exe
  2⤵
  PID:5628
- C:\Windows\System\spLcFOY.exe
  C:\Windows\System\spLcFOY.exe
  2⤵
  PID:6280
- C:\Windows\System\tzkPLKT.exe
  C:\Windows\System\tzkPLKT.exe
  2⤵
  PID:6780
- C:\Windows\System\CoPFxIP.exe
  C:\Windows\System\CoPFxIP.exe
  2⤵
  PID:4612
- C:\Windows\System\INKygpC.exe
  C:\Windows\System\INKygpC.exe
  2⤵
  PID:13932
- C:\Windows\System\UwlJEwb.exe
  C:\Windows\System\UwlJEwb.exe
  2⤵
  PID:5388
- C:\Windows\System\SQIloFt.exe
  C:\Windows\System\SQIloFt.exe
  2⤵
  PID:6020
- C:\Windows\System\brOliYu.exe
  C:\Windows\System\brOliYu.exe
  2⤵
  PID:6932
- C:\Windows\System\iIAGoFe.exe
  C:\Windows\System\iIAGoFe.exe
  2⤵
  PID:5144
- C:\Windows\System\tyrRvoR.exe
  C:\Windows\System\tyrRvoR.exe
  2⤵
  PID:7024
- C:\Windows\System\yazOVce.exe
  C:\Windows\System\yazOVce.exe
  2⤵
  PID:7052
- C:\Windows\System\CpthHPM.exe
  C:\Windows\System\CpthHPM.exe
  2⤵
  PID:6100
- C:\Windows\System\xnQmDny.exe
  C:\Windows\System\xnQmDny.exe
  2⤵
  PID:7140
- C:\Windows\System\PqxUKOM.exe
  C:\Windows\System\PqxUKOM.exe
  2⤵
  PID:6984
- C:\Windows\System\cwFktvh.exe
  C:\Windows\System\cwFktvh.exe
  2⤵
  PID:5148
- C:\Windows\System\coKrmRh.exe
  C:\Windows\System\coKrmRh.exe
  2⤵
  PID:6880

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTVFRUJGQkYtOEI2NS00MjVDLUFDNUUtRkU4MkQ1NURDQjc5fSIgdXNlcmlkPSJ7QjMzOEI5NTgtRDAxNS00MkIxLUE3NkItNDJGRjEzRTE1MENBfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NTBBQ0VDQ0YtMDQ5RS00ODNCLUEzRDYtRUEyRkE5NTVEODUwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI1IiBpbnN0YWxsZGF0ZXRpbWU9IjE3MzkyODMzNzEiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4Mzc1NDE5Mjc1MzAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1Mjc3MzY4OTI5Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:11428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AQsjkwX.exe

Filesize
6.0MB

MD5
df6374574d97757e21b7c8b6cfa79ceb

SHA1
64e2acfd4282e56e250aa9e06d576dc2e3df0b54

SHA256
a6f610a98eb02d06cc1e93477485c57ee91aa177ec479cca63754c437e078ce1

SHA512
a28830c60529d92adca2a170c368bf6286055ba04086837d88203f001b8965a293a357cd57d089099113ef24360f68932124dadb9fcfeb2634bcca0798dc22ee

Download Submit
C:\Windows\System\AWcowLD.exe

Filesize
6.0MB

MD5
8e92f0cecba47411ee527afa53e27dd5

SHA1
29a4734480f05e1d3fe607aa88790de3f29e21b3

SHA256
a51359ae8223c4a48713d9d40ce91e8251ae848a2aa66e8fd5fc00ebed4aeed7

SHA512
4c4579f7987663f89b3615126098c6930f562c571766ff1183853642efe3ecf93740aa0d3bc1be4a38669e766bdea3588ae295ee1462fb09a48b1d39a8450891

Download Submit
C:\Windows\System\CnojHiM.exe

Filesize
6.0MB

MD5
2d7dbb9ddd6b795af2ea80a2d417ad5b

SHA1
d18ca508b6ed15ea2da41f13358640e382dbd325

SHA256
bfafe5e25a60a3c6165ff67b6d24e0c8502937dcf930565c3bf52cfc32538ae9

SHA512
f5e1a24558adaa94989a1a08757ec06588580fd20cb464fae7e5fe6aa6be4a94a70531c0e3b2527f253a44693350aeaafbc43ba2e6af477fdd6f8027cde4c6f7

Download Submit
C:\Windows\System\CqnxZNB.exe

Filesize
6.0MB

MD5
4f75f7e78df46ae0db3a050b54c67cf9

SHA1
8cefbe9fa38c9d0fe4d57c538666cdd5f107afe9

SHA256
92cb1e010fdd51e0b4025b5862752ab8f559290a26852879f533f6e1e0bf867c

SHA512
bf128cb53760cdce4b5e0bfc5b117e1481a82b342a67469cef2c480c1771f5af467e777f24eb95c38b1bea73bdc39f52c2ac85c70968f815c7430adabae93a36

Download Submit
C:\Windows\System\DurlxNT.exe

Filesize
6.0MB

MD5
4e3b5e3085a7cc28412b36e7bbe46262

SHA1
600d1a6dbcd4e50cddeffd263122d190965b9ffc

SHA256
9d91b1455225d24a762d8ba8915f5c99ccc33e9e5184b0f64992397ecf157bc4

SHA512
0672bf01c616ff698c1f82c654811b1fca3b91d9443f7fa52cb63d96ac249a5668d647b8336bbc6e9e258d3075cf91946f0b9311999bb0e55ab77dcccd7b9159

Download Submit
C:\Windows\System\EnmNLPz.exe

Filesize
6.0MB

MD5
82fd6a874f11b41a15c7a8d7beea0829

SHA1
c0429e20ad5c51e5e9356e06523929e19230d7b8

SHA256
5c10ac5c1c6d2ae8c3b12cd1ef1a7d0df2c3f71ac19635bbf0ca9f349c20df4d

SHA512
6468b1a9ba34dfcade4fea8c9a42955ebeb406682930142165f1a0815e166c9d7572f182120c4403047b18cb28911785f0b0cd5196f98c7db0f19e9eb934977e

Download Submit
C:\Windows\System\FHcxnnm.exe

Filesize
6.0MB

MD5
2589be34e6e667071949992e56ab7c4b

SHA1
578c12ae02b5f9c041294ba20b02cdea04ca80be

SHA256
dd13d70ca2febdff1d82b032f979905254517591571883c156e88dcfa4fc3035

SHA512
73c348f88c046414c36ebea5d4a4c973bb0fb6e3128d056279ec0f6b700315ffd5efdc1436650240f116b779ba06a80a37c49f26e24e5514387f5a796413bc76

Download Submit
C:\Windows\System\FPfwXnk.exe

Filesize
6.0MB

MD5
d141f83f29c2433012beff83d0e344df

SHA1
82ab0fb483de72591fbe4a6559746175db88dc33

SHA256
8fcb8049fc42a8f886ba00b7325274e772461bcebae5af38e1fd1143522b44da

SHA512
34b732e27bd22caf4a35a94659a59dc1307690529629496170fa797614c8cab8462c56c0ee06ac8a328c2d48bb0d05c8d7e3132347c68a4ae4ef602676c9922b

Download Submit
C:\Windows\System\KiAsosy.exe

Filesize
6.0MB

MD5
32a8abb88861ec1358b6c08228fcbe32

SHA1
117ed5c93238d23c4a19aeeffa168d66b17d6996

SHA256
f23ed2955b62619ba491f9eefcc78203e9528fd54eb6d0fb4285cc4526ec4380

SHA512
458045d3346c091a437608922ea047b920d99f02eaca41d2fd155e4ac3d470620b80107dc27addf863b0ffa1c161de6ed6e233a1ec1b1e3026a068ee195428c6

Download Submit
C:\Windows\System\MgBOBwY.exe

Filesize
6.0MB

MD5
769ab27fad9a9b08c298cbef8fd3cde7

SHA1
16ed0d317a880e0dd53371603d516306db3b64f0

SHA256
47fd4626fcd22fc754199607c4d27bfc41c34dec4b7c0465cae4aebb7737c331

SHA512
100af12fb3c17d9432f35536bc358766760493733f2f9c3300e44499a5bbeb792a321e2a7e64431e92fe1f7e3f6c464f6716d51bedd4bdd826caaf94832746ec

Download Submit
C:\Windows\System\OxWifcg.exe

Filesize
6.0MB

MD5
7ce96451c36b7dd02a262263f2399494

SHA1
ee34c4654d77a3ca615d4618ea156b58839e6b0c

SHA256
e9cba1276156873ffada4f4a64b4206f2b4ec2af4a251aab55bfe820a901b39c

SHA512
8fa92d881dad9427a2ce7b4f4bb236817c901075528eb3b718b3aa30f149dc1a60ba6ec754b18ed4d026259df1419ba51fe7c3b81a4c7bd3b71ce5f9dc744a17

Download Submit
C:\Windows\System\QyVChvW.exe

Filesize
6.0MB

MD5
ddcc2365668f7fdeb8f4b480baa86617

SHA1
997dda52ea9a6b98a9b366f0cbdccee4e8c43f87

SHA256
b03701c16434252a63ba005757eed81a18575cdaeb48e891a42965fb00603333

SHA512
5ce7e817cf8a56f0a99027b33400b8dc753cc8559c71f366162e92c8fafe8c1a799423c710fa9d7c85ffc66e5d2a40eb24a46a1e0715446ffb3db806dd07e4c0

Download Submit
C:\Windows\System\UbxCalN.exe

Filesize
6.0MB

MD5
d511a8a4d26833ed0b1c7181e9f51f47

SHA1
12dce4082df38bb2effb1195f77b9ffcb3b04f66

SHA256
bd9c7d987f0106a04881a539b33d2d2b0d93d6b4f3211bd85e3fa0e456523c22

SHA512
d40e1cbded7d435f3c8d13aaa2a6cc0365b33a8a21a13d630ebfe6195a1c0b9754dccee9296d984e364db5f742df7b1e5554293254330813e0237d55542512a5

Download Submit
C:\Windows\System\UnUxmhr.exe

Filesize
6.0MB

MD5
de2de9f137232fb2418006e0848c0bdb

SHA1
4ea220522fbbefad24886beb1f22738eaefebf83

SHA256
adb5a785dc9ec1264928eb7ef0004d4e011eff9cdfc8677c87c93e96a5f4de46

SHA512
dfb68caf918dbc493e8faefa7079562743b120b10c8f121e01262eddced0c6b28efd1f0299e4aab533b7499c272bb15e1aca3376251e422016e260b60e74f1d0

Download Submit
C:\Windows\System\WMDXgmu.exe

Filesize
6.0MB

MD5
efdb889b00b3d9f1cb6ca8f530f68e66

SHA1
b7bf653d6a3162318d7af6439d5faa73e2978692

SHA256
755818811d04f0870fbf3512e8984472514817bf285e907fec48f2b3f45a2723

SHA512
79868ec873c6d60bb0611f065b3d1c98781d027f002ea87f8820a1a1d385ca5f3f6157a5fc99c2cb54ca509668bd0f2ce34be8c98964505c31c6bf9411c8b612

Download Submit
C:\Windows\System\WOlpIlm.exe

Filesize
6.0MB

MD5
61c1880ee94e8429fc66069ab629291f

SHA1
210b873160e71321de7ef81ecbc2d1b50f7dbbc8

SHA256
dabc38009a4ad82bfdb01d88c8cf8b0d0a28053ae1c062be1b0af946c399efca

SHA512
b6e783c084172186b687fdbb7aee8ffaf57968fa008c83a37b0c1fdf7432d2b30bda46ff4416346d36d1955906a8ce1dd15375d108a161fee121511e7b828dfe

Download Submit
C:\Windows\System\WflOaxB.exe

Filesize
6.0MB

MD5
368ed1e21da1786b1549e2eaa61df3a4

SHA1
365a7a77930cf2f1d12b809d455289af63dd69fd

SHA256
4e51efc89d60483091608de90f0da7096a4b4c831a1964dd2d8a22e25fc17c8e

SHA512
1e8699f0ca099975367a6160512e99c13821e61d69b43c683a8a51071915d13d601be1ab4fb49661627f4c00c69cfbae44e1f2367b4a71bced435ee4a7c79138

Download Submit
C:\Windows\System\YTZCwyB.exe

Filesize
6.0MB

MD5
eaa2593a213711adf6b91ee67bd9cd09

SHA1
33cc42ad866c8a5c0afef259567ac380f587dbe5

SHA256
79d1ad7a5fa1fbf9d83ab6857bb935be5d9fdabda02ab7e2e04d53d6d134dd3b

SHA512
7fb0781d6a3337c2759745e6222d183bf43fb1a49aa4a7bda5201d862ab1836149d333f87d9a8295e189eeb16d272f907b357801cc33f36a2007a04f94e2c63b

Download Submit
C:\Windows\System\aETZXCo.exe

Filesize
6.0MB

MD5
780655b3d0b1c1618f9a7ceee27bb7d0

SHA1
6b512886fdd7548a3f7245ebbc921f6f39a3287e

SHA256
436ec712cd4be8e37b56fc81e7ef419bf1d03ac60f8ededd021d32654195b1d8

SHA512
7e3271eedca258c308743954964286f0f549e5de55a75ec408eebcb1fba377132c3ea6df15b3aff90ce8b003ac55222b9f44a57b89ca4e6f291a17d5a45fe405

Download Submit
C:\Windows\System\bOfIuuk.exe

Filesize
6.0MB

MD5
4c5f6615c874e04d969b5d05270648be

SHA1
46718d86fa10b4f8567416907d6eb080ec45a9ea

SHA256
a9f42422ee774b8b6c5d69523b1c3cc1aa6c240cefbff7dc997dd5f2d882acec

SHA512
0685715ec41d8d733066f68b176ef594bba66833882194b49a7d9089b6a525863e6b5d93056e0718827dda4c90c728dcb0dc373fc5078de087cfd732eee764db

Download Submit
C:\Windows\System\eAWXTMh.exe

Filesize
6.0MB

MD5
ef95b7a0d9d096a81b3b63ee6cec621a

SHA1
16daabd6d1c03cf8abc4fa9573a7583380f49c99

SHA256
8f5e7f3c034392ad72b54fdbdc78db33f49a4fa750902f2e039a5579ec107379

SHA512
461f5a374c6ee07f28665fe74f9dfed4e2ae33a892b709d87d158bf050c9b71ac6f5894bef80dd32623386bc6fe397ba8eca6525ccacdbad723311c8e449fbbd

Download Submit
C:\Windows\System\eiAqByS.exe

Filesize
6.0MB

MD5
025c4ba2f8dac9fb65652cf042c49f46

SHA1
fc2c77b6ac4e13d1426f54f31e0abf4456687519

SHA256
70063d845b364082b8dc7a8ae5c349f03cec8d6f02fd58882f69cfc1b6b53404

SHA512
982a8ef1aef094a6d841be2150593938f4096880db1ec4ce4847172ff738e9c400b39a898a11a810139f1309349c988dbc2c41c68bfdc54a3ecdf36eb6ecd5c0

Download Submit
C:\Windows\System\hIedExk.exe

Filesize
6.0MB

MD5
94fe7292776d05641e14130a091fdfec

SHA1
78bc8f885a224d456b06cc5df57d6765c87378a0

SHA256
7c9dc23680991a76a67f6f99d016566024ae4e0aceff9c1606c25d32c8aa54d6

SHA512
150a8deabe32f012a3cbc0d45a54e4e9c00d56a22d5880bbcc32f7ab3b5079763432ada24f9259205dc195f24997c9a5994565c9de8c31e711e060c23b24aa11

Download Submit
C:\Windows\System\iOyDmOI.exe

Filesize
6.0MB

MD5
aa8d33745f47b1b0e872938c098896ac

SHA1
62ccd17848462bb13a504969f41bae07b90d06d6

SHA256
ce77a4e726a1f51906de117149c25fa99433938a1b10561858b5f0359135d64b

SHA512
abdbcf56fa938604b081344ddd9d5754448f9d923cb2b22732ec586090d3c0bca9b3f50e5896dc35b3cb491b1af6dcd0b888fa739259ee751f2c451746ab01db

Download Submit
C:\Windows\System\jJPsJje.exe

Filesize
6.0MB

MD5
2b992b83827528152849d5be3d022a86

SHA1
6eb139a8278e84f0b48d14e1592a8346ae6ede97

SHA256
eb36fb8ea5c1e0de6d6869d313b49a50c61844516ae5681d5392f92c871d554a

SHA512
2f738fd8f5e2c82badf735522c85e09f3cfdfa52f2e2869b98191b2160e6124e92546636b59e4105a56d7adc88c22f0c087bb4e1e54756a50f2ab38f7e724fb5

Download Submit
C:\Windows\System\lzccrWv.exe

Filesize
6.0MB

MD5
d5dab75b51ec8cdf2bf9c4e6d0090d30

SHA1
d941fa965f971a04bd2a56b80d3827d00d66083d

SHA256
9b931402fe61732e551cb0f70f4c4f97d0268f632068c272cda9cd1956b70d26

SHA512
38e2be56bbddd7bc77cd320a4002b4df31ae97f4e69050760f0c3aa0cdcf1b6be367c519f4b8f72502312cc38423f0eb958e44e3bce30ade29d227a5f0c5dbfe

Download Submit
C:\Windows\System\mXHdGdo.exe

Filesize
6.0MB

MD5
06650c7ee86fca0ee353de093843601e

SHA1
c9bf3a35717b916084ed5006e4012b3cbedeca14

SHA256
b8f6118a6789f763d36d1fe437a95dd3335b90b9a0ad54f591a5528ba054ad29

SHA512
a881ade2d70b8c26f9483a103a7aeaf184dcbb692323cb68e02eb1645c1b4aaf4246dda03d8e730f9834c508eaa0553356f9e34da16077a8547ea0e3b52f5f92

Download Submit
C:\Windows\System\nzjHLND.exe

Filesize
6.0MB

MD5
e25e0ce11a14c41b2ae302e9fb865c72

SHA1
7884b71e4c005826c98a9c381ed6dc865fdac808

SHA256
f8a404e950398fa28978dde3bdb9f7a3795b6199451e649a9d717283956519ff

SHA512
b517f94c8affad1a0f9b2e7117a2104d5c560d391711131b91fea98c5a8ed3f7fff4c7a470e53a838267bd92b5718010a400e17cf94b3fcb0b887183fd333e3b

Download Submit
C:\Windows\System\qCpGbXe.exe

Filesize
6.0MB

MD5
dac80acd44ac469b40a999595b5457f6

SHA1
93bff8a3af5e2fac336a4b7871da93aa44e56a0d

SHA256
cdd8d40909f1d18949aab99c07961df371c31ad0dd575fbd7d8626efb5ffbae5

SHA512
dbeca49693bd054d2ddfe583e98147e6c358be53222f485da5008bccab6fc38ab8ef39f121d94f457501dddea01db626eb4e272ed6feeb14257bb67542eeae9f

Download Submit
C:\Windows\System\qrcDVoi.exe

Filesize
6.0MB

MD5
18254314524249067dd24edf17845953

SHA1
d701b3ff44bc16e121b65be3658b18f82de367e7

SHA256
5cbc4be8041396190dc438331505b2687d99299ec18053aaf32b699952f38248

SHA512
09cfcc305de11bf032acd1b0db8ae9f91f4532c559a55cc890db6611be5e0e814368a9f3bc61f7156981fd12f9ae301f83cfaee02595ce4da569151dee64bcfa

Download Submit
C:\Windows\System\qyeFCkx.exe

Filesize
6.0MB

MD5
94e1191ca960292b91314261955e2871

SHA1
9520462d4d3bdd84106216f2e1f00574b465ca27

SHA256
7da5d8feafb640ff4d8ddb8581c480b355a37bf4e3539d10cb5d689a1755283d

SHA512
c9e819c4c0868edf32b193e8a9cd58eb59f8c689ecb71b3df5dee8b7a379303ef045f20290f4b48093003c5515d318c3d5b798df97faf6a1935a6ab3363902b6

Download Submit
C:\Windows\System\tKLOkxu.exe

Filesize
6.0MB

MD5
9fb3fe30abce2db754f4e90ebc9bbeb2

SHA1
c26393ea348434d124bb7868b271ccb1cd256920

SHA256
caec6aea101beaa8c1db2977c2c0ba59e0e6622c3a4eb3d39aca6969586a7113

SHA512
362390f841da021db988cb26779b5168a395f62094e4199ad04f4c7ae875a9066e5d2a010c31f6cd59848b10d07b0fcce3dbb34a8a0f1ce27827039319adce03

Download Submit
C:\Windows\System\tosLTIy.exe

Filesize
6.0MB

MD5
ddb28b08949b6fdf3b0cb22e88a4415b

SHA1
84f621681858c5ec3de5fa076090ca6f8473407e

SHA256
ba2cd64fd152f19056807c81ec485d92d30ea4a7af734ce0b463b19b0cddbf61

SHA512
feaa13921f29ceaf1f1ebd1c3706a6675fb55720e2fc75165ee74c249e8ede2b38017d8dd14abb0336f048cb68d9c1820aaf377c9c390613b36ce567b2fce0a5

Download Submit
memory/60-159-0x00007FF6248B0000-0x00007FF624C04000-memory.dmp

Filesize
3.3MB

Download
memory/60-1189-0x00007FF6248B0000-0x00007FF624C04000-memory.dmp

Filesize
3.3MB

Download
memory/60-8-0x00007FF6248B0000-0x00007FF624C04000-memory.dmp

Filesize
3.3MB

Download
memory/440-381-0x00007FF6DA9D0000-0x00007FF6DAD24000-memory.dmp

Filesize
3.3MB

Download
memory/440-74-0x00007FF6DA9D0000-0x00007FF6DAD24000-memory.dmp

Filesize
3.3MB

Download
memory/440-1229-0x00007FF6DA9D0000-0x00007FF6DAD24000-memory.dmp

Filesize
3.3MB

Download
memory/840-147-0x00007FF71E850000-0x00007FF71EBA4000-memory.dmp

Filesize
3.3MB

Download
memory/840-545-0x00007FF71E850000-0x00007FF71EBA4000-memory.dmp

Filesize
3.3MB

Download
memory/840-1309-0x00007FF71E850000-0x00007FF71EBA4000-memory.dmp

Filesize
3.3MB

Download
memory/1220-20-0x00007FF777570000-0x00007FF7778C4000-memory.dmp

Filesize
3.3MB

Download
memory/1220-182-0x00007FF777570000-0x00007FF7778C4000-memory.dmp

Filesize
3.3MB

Download
memory/1220-1203-0x00007FF777570000-0x00007FF7778C4000-memory.dmp

Filesize
3.3MB

Download
memory/1312-378-0x00007FF65D240000-0x00007FF65D594000-memory.dmp

Filesize
3.3MB

Download
memory/1312-1235-0x00007FF65D240000-0x00007FF65D594000-memory.dmp

Filesize
3.3MB

Download
memory/1312-66-0x00007FF65D240000-0x00007FF65D594000-memory.dmp

Filesize
3.3MB

Download
memory/1620-1217-0x00007FF654000000-0x00007FF654354000-memory.dmp

Filesize
3.3MB

Download
memory/1620-43-0x00007FF654000000-0x00007FF654354000-memory.dmp

Filesize
3.3MB

Download
memory/1848-1232-0x00007FF7C1090000-0x00007FF7C13E4000-memory.dmp

Filesize
3.3MB

Download
memory/1848-63-0x00007FF7C1090000-0x00007FF7C13E4000-memory.dmp

Filesize
3.3MB

Download
memory/1848-375-0x00007FF7C1090000-0x00007FF7C13E4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-100-0x00007FF714A60000-0x00007FF714DB4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-1242-0x00007FF714A60000-0x00007FF714DB4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-423-0x00007FF714A60000-0x00007FF714DB4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-121-0x00007FF682A70000-0x00007FF682DC4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-1247-0x00007FF682A70000-0x00007FF682DC4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-192-0x00007FF686380000-0x00007FF6866D4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-2229-0x00007FF686380000-0x00007FF6866D4000-memory.dmp

Filesize
3.3MB

Download
memory/2208-1243-0x00007FF748870000-0x00007FF748BC4000-memory.dmp

Filesize
3.3MB

Download
memory/2208-131-0x00007FF748870000-0x00007FF748BC4000-memory.dmp

Filesize
3.3MB

Download
memory/2292-382-0x00007FF6ADF70000-0x00007FF6AE2C4000-memory.dmp

Filesize
3.3MB

Download
memory/2292-127-0x00007FF6ADF70000-0x00007FF6AE2C4000-memory.dmp

Filesize
3.3MB

Download
memory/2292-1250-0x00007FF6ADF70000-0x00007FF6AE2C4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-327-0x00007FF6B5E70000-0x00007FF6B61C4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1228-0x00007FF6B5E70000-0x00007FF6B61C4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-62-0x00007FF6B5E70000-0x00007FF6B61C4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-183-0x00007FF7204A0000-0x00007FF7207F4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-2220-0x00007FF7204A0000-0x00007FF7207F4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-138-0x00007FF79F7D0000-0x00007FF79FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2820-1254-0x00007FF79F7D0000-0x00007FF79FB24000-memory.dmp

Filesize
3.3MB

Download
memory/3012-1218-0x00007FF72C6F0000-0x00007FF72CA44000-memory.dmp

Filesize
3.3MB

Download
memory/3012-274-0x00007FF72C6F0000-0x00007FF72CA44000-memory.dmp

Filesize
3.3MB

Download
memory/3012-45-0x00007FF72C6F0000-0x00007FF72CA44000-memory.dmp

Filesize
3.3MB

Download
memory/3556-90-0x00007FF700930000-0x00007FF700C84000-memory.dmp

Filesize
3.3MB

Download
memory/3556-1245-0x00007FF700930000-0x00007FF700C84000-memory.dmp

Filesize
3.3MB

Download
memory/3556-420-0x00007FF700930000-0x00007FF700C84000-memory.dmp

Filesize
3.3MB

Download
memory/3964-1261-0x00007FF639BE0000-0x00007FF639F34000-memory.dmp

Filesize
3.3MB

Download
memory/3964-141-0x00007FF639BE0000-0x00007FF639F34000-memory.dmp

Filesize
3.3MB

Download
memory/4000-137-0x00007FF6737E0000-0x00007FF673B34000-memory.dmp

Filesize
3.3MB

Download
memory/4000-1240-0x00007FF6737E0000-0x00007FF673B34000-memory.dmp

Filesize
3.3MB

Download
memory/4176-136-0x00007FF786110000-0x00007FF786464000-memory.dmp

Filesize
3.3MB

Download
memory/4176-1244-0x00007FF786110000-0x00007FF786464000-memory.dmp

Filesize
3.3MB

Download
memory/4276-1312-0x00007FF637B10000-0x00007FF637E64000-memory.dmp

Filesize
3.3MB

Download
memory/4276-598-0x00007FF637B10000-0x00007FF637E64000-memory.dmp

Filesize
3.3MB

Download
memory/4276-149-0x00007FF637B10000-0x00007FF637E64000-memory.dmp

Filesize
3.3MB

Download
memory/4396-1258-0x00007FF7534A0000-0x00007FF7537F4000-memory.dmp

Filesize
3.3MB

Download
memory/4396-146-0x00007FF7534A0000-0x00007FF7537F4000-memory.dmp

Filesize
3.3MB

Download
memory/4400-1222-0x00007FF7FC130000-0x00007FF7FC484000-memory.dmp

Filesize
3.3MB

Download
memory/4400-48-0x00007FF7FC130000-0x00007FF7FC484000-memory.dmp

Filesize
3.3MB

Download
memory/4400-275-0x00007FF7FC130000-0x00007FF7FC484000-memory.dmp

Filesize
3.3MB

Download
memory/4408-42-0x00007FF7E80A0000-0x00007FF7E83F4000-memory.dmp

Filesize
3.3MB

Download
memory/4408-173-0x00007FF7E80A0000-0x00007FF7E83F4000-memory.dmp

Filesize
3.3MB

Download
memory/4408-1214-0x00007FF7E80A0000-0x00007FF7E83F4000-memory.dmp

Filesize
3.3MB

Download
memory/4472-2224-0x00007FF622720000-0x00007FF622A74000-memory.dmp

Filesize
3.3MB

Download
memory/4472-191-0x00007FF622720000-0x00007FF622A74000-memory.dmp

Filesize
3.3MB

Download
memory/4760-2228-0x00007FF6D9170000-0x00007FF6D94C4000-memory.dmp

Filesize
3.3MB

Download
memory/4760-174-0x00007FF6D9170000-0x00007FF6D94C4000-memory.dmp

Filesize
3.3MB

Download
memory/4760-644-0x00007FF6D9170000-0x00007FF6D94C4000-memory.dmp

Filesize
3.3MB

Download
memory/4872-1211-0x00007FF7138C0000-0x00007FF713C14000-memory.dmp

Filesize
3.3MB

Download
memory/4872-54-0x00007FF7138C0000-0x00007FF713C14000-memory.dmp

Filesize
3.3MB

Download
memory/4944-1241-0x00007FF715EF0000-0x00007FF716244000-memory.dmp

Filesize
3.3MB

Download
memory/4944-115-0x00007FF715EF0000-0x00007FF716244000-memory.dmp

Filesize
3.3MB

Download
memory/5044-0-0x00007FF74F570000-0x00007FF74F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/5044-148-0x00007FF74F570000-0x00007FF74F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/5044-1-0x000001A401300000-0x000001A401310000-memory.dmp

Filesize
64KB

Download
memory/5088-1195-0x00007FF618390000-0x00007FF6186E4000-memory.dmp

Filesize
3.3MB

Download
memory/5088-18-0x00007FF618390000-0x00007FF6186E4000-memory.dmp

Filesize
3.3MB

Download
memory/5088-163-0x00007FF618390000-0x00007FF6186E4000-memory.dmp

Filesize
3.3MB

Download