cobaltstrike | 245b45f332244a2aa1750b7b66a231ca8b2b570f3777115427bc4a801d7b0361

Analysis

max time kernel
110s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20250211-en
resource tags

arch:x64arch:x86image:win10v2004-20250211-enlocale:en-usos:windows10-2004-x64system
submitted
16/02/2025, 19:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b58f692b4e969e37af63ab86a0081599
SHA1

0cb5dd43a91f0077d83929dfb7b5ec565a6b336c
SHA256

245b45f332244a2aa1750b7b66a231ca8b2b570f3777115427bc4a801d7b0361
SHA512

0eff3d44152f1f6dfc181571b6041bf61138ff0989e267ad65b5fd4bd0f54d91bd0120637aa93a13dd6291d958e02860db0e92ac380856d45b74b4f9541c19bf
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUr:T+q56utgpPF8u/7r

Score

10^/10

cobaltstrike xmrig 0 backdoor discovery miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0004000000022b30-4.dat	cobalt_reflective_dll
behavioral2/files/0x0003000000022b37-11.dat	cobalt_reflective_dll
behavioral2/files/0x0002000000022b38-10.dat	cobalt_reflective_dll
behavioral2/files/0x0002000000022b39-24.dat	cobalt_reflective_dll
behavioral2/files/0x0004000000022c1a-29.dat	cobalt_reflective_dll
behavioral2/files/0x0002000000022c1e-35.dat	cobalt_reflective_dll
behavioral2/files/0x0003000000022b35-46.dat	cobalt_reflective_dll
behavioral2/files/0x001b000000023627-53.dat	cobalt_reflective_dll
behavioral2/files/0x0023000000023635-62.dat	cobalt_reflective_dll
behavioral2/files/0x001e000000023624-42.dat	cobalt_reflective_dll
behavioral2/files/0x0024000000023638-67.dat	cobalt_reflective_dll
behavioral2/files/0x0016000000023a5a-75.dat	cobalt_reflective_dll
behavioral2/files/0x000f000000023b78-82.dat	cobalt_reflective_dll
behavioral2/files/0x000e000000023b79-91.dat	cobalt_reflective_dll
behavioral2/files/0x000e000000023b7a-95.dat	cobalt_reflective_dll
behavioral2/files/0x000f000000023b7b-102.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023c78-109.dat	cobalt_reflective_dll
behavioral2/files/0x000c000000023ca6-115.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cac-125.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cad-141.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cb0-152.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cb4-172.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cb3-166.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cb2-162.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cb1-160.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cae-137.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023caf-136.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cb6-180.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cb8-193.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cb9-201.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cb7-197.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cb5-185.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4396-0-0x00007FF6EC8D0000-0x00007FF6ECC24000-memory.dmp	xmrig
behavioral2/files/0x0004000000022b30-4.dat	xmrig
behavioral2/memory/2736-8-0x00007FF607C80000-0x00007FF607FD4000-memory.dmp	xmrig
behavioral2/files/0x0003000000022b37-11.dat	xmrig
behavioral2/memory/4316-14-0x00007FF7A5460000-0x00007FF7A57B4000-memory.dmp	xmrig
behavioral2/files/0x0002000000022b38-10.dat	xmrig
behavioral2/memory/772-20-0x00007FF790BB0000-0x00007FF790F04000-memory.dmp	xmrig
behavioral2/memory/4660-25-0x00007FF722850000-0x00007FF722BA4000-memory.dmp	xmrig
behavioral2/files/0x0002000000022b39-24.dat	xmrig
behavioral2/files/0x0004000000022c1a-29.dat	xmrig
behavioral2/memory/2108-30-0x00007FF6C5710000-0x00007FF6C5A64000-memory.dmp	xmrig
behavioral2/files/0x0002000000022c1e-35.dat	xmrig
behavioral2/memory/4800-38-0x00007FF680D50000-0x00007FF6810A4000-memory.dmp	xmrig
behavioral2/memory/732-44-0x00007FF63DA90000-0x00007FF63DDE4000-memory.dmp	xmrig
behavioral2/files/0x0003000000022b35-46.dat	xmrig
behavioral2/files/0x001b000000023627-53.dat	xmrig
behavioral2/memory/4724-55-0x00007FF62AB30000-0x00007FF62AE84000-memory.dmp	xmrig
behavioral2/memory/3100-61-0x00007FF6DC870000-0x00007FF6DCBC4000-memory.dmp	xmrig
behavioral2/files/0x0023000000023635-62.dat	xmrig
behavioral2/memory/4396-60-0x00007FF6EC8D0000-0x00007FF6ECC24000-memory.dmp	xmrig
behavioral2/memory/4468-58-0x00007FF775740000-0x00007FF775A94000-memory.dmp	xmrig
behavioral2/files/0x001e000000023624-42.dat	xmrig
behavioral2/files/0x0024000000023638-67.dat	xmrig
behavioral2/files/0x0016000000023a5a-75.dat	xmrig
behavioral2/memory/3416-78-0x00007FF6559C0000-0x00007FF655D14000-memory.dmp	xmrig
behavioral2/files/0x000f000000023b78-82.dat	xmrig
behavioral2/memory/772-73-0x00007FF790BB0000-0x00007FF790F04000-memory.dmp	xmrig
behavioral2/memory/4316-71-0x00007FF7A5460000-0x00007FF7A57B4000-memory.dmp	xmrig
behavioral2/memory/3632-70-0x00007FF7C5D50000-0x00007FF7C60A4000-memory.dmp	xmrig
behavioral2/memory/2736-69-0x00007FF607C80000-0x00007FF607FD4000-memory.dmp	xmrig
behavioral2/memory/4660-84-0x00007FF722850000-0x00007FF722BA4000-memory.dmp	xmrig
behavioral2/files/0x000e000000023b79-91.dat	xmrig
behavioral2/memory/2108-89-0x00007FF6C5710000-0x00007FF6C5A64000-memory.dmp	xmrig
behavioral2/memory/5104-90-0x00007FF623320000-0x00007FF623674000-memory.dmp	xmrig
behavioral2/files/0x000e000000023b7a-95.dat	xmrig
behavioral2/files/0x000f000000023b7b-102.dat	xmrig
behavioral2/files/0x000b000000023c78-109.dat	xmrig
behavioral2/files/0x000c000000023ca6-115.dat	xmrig
behavioral2/files/0x000a000000023cac-125.dat	xmrig
behavioral2/memory/4292-131-0x00007FF7FF170000-0x00007FF7FF4C4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023cad-141.dat	xmrig
behavioral2/memory/3352-153-0x00007FF6A6A10000-0x00007FF6A6D64000-memory.dmp	xmrig
behavioral2/files/0x000a000000023cb0-152.dat	xmrig
behavioral2/memory/3488-165-0x00007FF7444F0000-0x00007FF744844000-memory.dmp	xmrig
behavioral2/memory/2228-174-0x00007FF702AE0000-0x00007FF702E34000-memory.dmp	xmrig
behavioral2/files/0x000a000000023cb4-172.dat	xmrig
behavioral2/memory/952-171-0x00007FF641AC0000-0x00007FF641E14000-memory.dmp	xmrig
behavioral2/memory/3416-170-0x00007FF6559C0000-0x00007FF655D14000-memory.dmp	xmrig
behavioral2/files/0x000a000000023cb3-166.dat	xmrig
behavioral2/memory/1580-164-0x00007FF6EB820000-0x00007FF6EBB74000-memory.dmp	xmrig
behavioral2/files/0x000a000000023cb2-162.dat	xmrig
behavioral2/files/0x000a000000023cb1-160.dat	xmrig
behavioral2/memory/912-158-0x00007FF601A80000-0x00007FF601DD4000-memory.dmp	xmrig
behavioral2/memory/488-148-0x00007FF79CF00000-0x00007FF79D254000-memory.dmp	xmrig
behavioral2/files/0x000a000000023cae-137.dat	xmrig
behavioral2/files/0x000a000000023caf-136.dat	xmrig
behavioral2/memory/2732-134-0x00007FF747870000-0x00007FF747BC4000-memory.dmp	xmrig
behavioral2/memory/3100-123-0x00007FF6DC870000-0x00007FF6DCBC4000-memory.dmp	xmrig
behavioral2/memory/4152-116-0x00007FF76F580000-0x00007FF76F8D4000-memory.dmp	xmrig
behavioral2/memory/4936-113-0x00007FF69ECB0000-0x00007FF69F004000-memory.dmp	xmrig
behavioral2/memory/4408-104-0x00007FF6B76A0000-0x00007FF6B79F4000-memory.dmp	xmrig
behavioral2/memory/732-103-0x00007FF63DA90000-0x00007FF63DDE4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023cb6-180.dat	xmrig
behavioral2/files/0x000a000000023cb8-193.dat	xmrig

Downloads MZ/PE file 1 IoCs

flow	pid	Process
18	6376	Process not Found

Executes dropped EXE 64 IoCs

pid	Process
2736	WVcLXHq.exe
4316	wgwRjZQ.exe
772	upPcpvs.exe
4660	isWZsnz.exe
2108	cTnXxEy.exe
4800	BVXejAK.exe
732	BTRQDoA.exe
4724	wsXprLf.exe
4468	huVpBzs.exe
3100	zbkYEqZ.exe
3632	qAMacGh.exe
3416	PmPxbIv.exe
5008	YwEdJPd.exe
5104	QLDmKoD.exe
1156	LbdnbJH.exe
4408	UGsgvAi.exe
4936	kYVbKfE.exe
4152	vQmAvBf.exe
4292	tihBduJ.exe
488	TGHkflV.exe
2732	dhHiYtq.exe
3352	ouaPBUi.exe
3488	oKAKbON.exe
912	ikMajQT.exe
1580	tDCMIWj.exe
952	tQTBznJ.exe
2228	CtHMfjh.exe
5024	szcjTid.exe
2484	ZqnyLTW.exe
820	xbTaVmM.exe
4252	JHCuyVI.exe
4912	xomyzdL.exe
5088	pDIRSSI.exe
3600	zwLiStP.exe
544	SyEOWpy.exe
4452	qYQnVRs.exe
2288	fHvBWkQ.exe
2304	SFgAXGv.exe
3448	vbxyIjE.exe
4248	wwfqtwT.exe
1788	TFeRhkO.exe
4604	MMCGwjd.exe
4872	vPOMmOE.exe
3656	VGgdsMJ.exe
3076	UpSZwER.exe
752	ZvmxNzp.exe
2476	ytVyPIZ.exe
4580	RaXJbsu.exe
764	WGmYAVF.exe
484	lfPdVbO.exe
4412	hzdYOIQ.exe
4044	vbLKfHR.exe
452	ZrszerW.exe
2004	XiLLQJu.exe
3876	QECleQQ.exe
4200	XxnaoiC.exe
1496	zxWgXuI.exe
4504	JLUuLZa.exe
1916	PFgZZgy.exe
60	dNmDkjr.exe
1832	ImsylGQ.exe
5028	aIIhVlD.exe
4888	vFNYlCJ.exe
3164	DOpfHTN.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4396-0-0x00007FF6EC8D0000-0x00007FF6ECC24000-memory.dmp	upx
behavioral2/files/0x0004000000022b30-4.dat	upx
behavioral2/memory/2736-8-0x00007FF607C80000-0x00007FF607FD4000-memory.dmp	upx
behavioral2/files/0x0003000000022b37-11.dat	upx
behavioral2/memory/4316-14-0x00007FF7A5460000-0x00007FF7A57B4000-memory.dmp	upx
behavioral2/files/0x0002000000022b38-10.dat	upx
behavioral2/memory/772-20-0x00007FF790BB0000-0x00007FF790F04000-memory.dmp	upx
behavioral2/memory/4660-25-0x00007FF722850000-0x00007FF722BA4000-memory.dmp	upx
behavioral2/files/0x0002000000022b39-24.dat	upx
behavioral2/files/0x0004000000022c1a-29.dat	upx
behavioral2/memory/2108-30-0x00007FF6C5710000-0x00007FF6C5A64000-memory.dmp	upx
behavioral2/files/0x0002000000022c1e-35.dat	upx
behavioral2/memory/4800-38-0x00007FF680D50000-0x00007FF6810A4000-memory.dmp	upx
behavioral2/memory/732-44-0x00007FF63DA90000-0x00007FF63DDE4000-memory.dmp	upx
behavioral2/files/0x0003000000022b35-46.dat	upx
behavioral2/files/0x001b000000023627-53.dat	upx
behavioral2/memory/4724-55-0x00007FF62AB30000-0x00007FF62AE84000-memory.dmp	upx
behavioral2/memory/3100-61-0x00007FF6DC870000-0x00007FF6DCBC4000-memory.dmp	upx
behavioral2/files/0x0023000000023635-62.dat	upx
behavioral2/memory/4396-60-0x00007FF6EC8D0000-0x00007FF6ECC24000-memory.dmp	upx
behavioral2/memory/4468-58-0x00007FF775740000-0x00007FF775A94000-memory.dmp	upx
behavioral2/files/0x001e000000023624-42.dat	upx
behavioral2/files/0x0024000000023638-67.dat	upx
behavioral2/files/0x0016000000023a5a-75.dat	upx
behavioral2/memory/3416-78-0x00007FF6559C0000-0x00007FF655D14000-memory.dmp	upx
behavioral2/files/0x000f000000023b78-82.dat	upx
behavioral2/memory/772-73-0x00007FF790BB0000-0x00007FF790F04000-memory.dmp	upx
behavioral2/memory/4316-71-0x00007FF7A5460000-0x00007FF7A57B4000-memory.dmp	upx
behavioral2/memory/3632-70-0x00007FF7C5D50000-0x00007FF7C60A4000-memory.dmp	upx
behavioral2/memory/2736-69-0x00007FF607C80000-0x00007FF607FD4000-memory.dmp	upx
behavioral2/memory/4660-84-0x00007FF722850000-0x00007FF722BA4000-memory.dmp	upx
behavioral2/files/0x000e000000023b79-91.dat	upx
behavioral2/memory/2108-89-0x00007FF6C5710000-0x00007FF6C5A64000-memory.dmp	upx
behavioral2/memory/5104-90-0x00007FF623320000-0x00007FF623674000-memory.dmp	upx
behavioral2/files/0x000e000000023b7a-95.dat	upx
behavioral2/files/0x000f000000023b7b-102.dat	upx
behavioral2/files/0x000b000000023c78-109.dat	upx
behavioral2/files/0x000c000000023ca6-115.dat	upx
behavioral2/files/0x000a000000023cac-125.dat	upx
behavioral2/memory/4292-131-0x00007FF7FF170000-0x00007FF7FF4C4000-memory.dmp	upx
behavioral2/files/0x000a000000023cad-141.dat	upx
behavioral2/memory/3352-153-0x00007FF6A6A10000-0x00007FF6A6D64000-memory.dmp	upx
behavioral2/files/0x000a000000023cb0-152.dat	upx
behavioral2/memory/3488-165-0x00007FF7444F0000-0x00007FF744844000-memory.dmp	upx
behavioral2/memory/2228-174-0x00007FF702AE0000-0x00007FF702E34000-memory.dmp	upx
behavioral2/files/0x000a000000023cb4-172.dat	upx
behavioral2/memory/952-171-0x00007FF641AC0000-0x00007FF641E14000-memory.dmp	upx
behavioral2/memory/3416-170-0x00007FF6559C0000-0x00007FF655D14000-memory.dmp	upx
behavioral2/files/0x000a000000023cb3-166.dat	upx
behavioral2/memory/1580-164-0x00007FF6EB820000-0x00007FF6EBB74000-memory.dmp	upx
behavioral2/files/0x000a000000023cb2-162.dat	upx
behavioral2/files/0x000a000000023cb1-160.dat	upx
behavioral2/memory/912-158-0x00007FF601A80000-0x00007FF601DD4000-memory.dmp	upx
behavioral2/memory/488-148-0x00007FF79CF00000-0x00007FF79D254000-memory.dmp	upx
behavioral2/files/0x000a000000023cae-137.dat	upx
behavioral2/files/0x000a000000023caf-136.dat	upx
behavioral2/memory/2732-134-0x00007FF747870000-0x00007FF747BC4000-memory.dmp	upx
behavioral2/memory/3100-123-0x00007FF6DC870000-0x00007FF6DCBC4000-memory.dmp	upx
behavioral2/memory/4152-116-0x00007FF76F580000-0x00007FF76F8D4000-memory.dmp	upx
behavioral2/memory/4936-113-0x00007FF69ECB0000-0x00007FF69F004000-memory.dmp	upx
behavioral2/memory/4408-104-0x00007FF6B76A0000-0x00007FF6B79F4000-memory.dmp	upx
behavioral2/memory/732-103-0x00007FF63DA90000-0x00007FF63DDE4000-memory.dmp	upx
behavioral2/files/0x000a000000023cb6-180.dat	upx
behavioral2/files/0x000a000000023cb8-193.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\dRpdDOQ.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LqdsgHl.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hfEBtVD.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\URlTqVZ.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aXLauct.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VBuGldZ.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nLOYFsg.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NBDQGMS.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bkjkCNr.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YhLzhrF.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xBmDkQw.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CNyVxYA.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KUYHHzw.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lyGIvmA.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cxnlwXP.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QdUukvN.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iqPqTAW.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WVEtklZ.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EfTSLIv.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YwEdJPd.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TLxaGMe.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iqKHOfA.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jQckOyO.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WyYdntA.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WGgWznO.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IHNqkGJ.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BUJUNrG.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OyUorEn.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\weDhOUt.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XBNOoeM.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aZXCLms.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CfiYwiq.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\szcjTid.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zxWgXuI.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yOWNmWs.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VJBlRrk.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EhAIqEd.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eHIbbWZ.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PmPxbIv.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DARdtKO.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kZAkzwb.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VwyZHbN.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sehlbBN.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kEBKReq.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KlvqVya.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hpTbVWA.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nXLBasp.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BKVVOau.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rvpvvCH.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EnfqWVw.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QrmiIEi.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nsDMISQ.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zXXcaVt.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HlfLSYT.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pPJUBKO.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TujtBAI.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZvmxNzp.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BNuZsdA.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jKTXcsI.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kTVGSti.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aOPGGCw.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aqbTTAy.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LbdnbJH.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cRyrUll.exe	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
4888	MicrosoftEdgeUpdate.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4396 wrote to memory of 2736	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4396 wrote to memory of 2736	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4396 wrote to memory of 4316	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4396 wrote to memory of 4316	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4396 wrote to memory of 772	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4396 wrote to memory of 772	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4396 wrote to memory of 4660	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4396 wrote to memory of 4660	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4396 wrote to memory of 2108	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4396 wrote to memory of 2108	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4396 wrote to memory of 4800	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4396 wrote to memory of 4800	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4396 wrote to memory of 732	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4396 wrote to memory of 732	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4396 wrote to memory of 4724	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4396 wrote to memory of 4724	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4396 wrote to memory of 4468	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4396 wrote to memory of 4468	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4396 wrote to memory of 3100	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4396 wrote to memory of 3100	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4396 wrote to memory of 3632	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4396 wrote to memory of 3632	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4396 wrote to memory of 3416	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4396 wrote to memory of 3416	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4396 wrote to memory of 5008	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4396 wrote to memory of 5008	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4396 wrote to memory of 5104	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4396 wrote to memory of 5104	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4396 wrote to memory of 1156	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4396 wrote to memory of 1156	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4396 wrote to memory of 4408	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4396 wrote to memory of 4408	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4396 wrote to memory of 4936	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4396 wrote to memory of 4936	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4396 wrote to memory of 4152	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4396 wrote to memory of 4152	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4396 wrote to memory of 4292	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4396 wrote to memory of 4292	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4396 wrote to memory of 488	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4396 wrote to memory of 488	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4396 wrote to memory of 2732	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4396 wrote to memory of 2732	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4396 wrote to memory of 3352	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4396 wrote to memory of 3352	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4396 wrote to memory of 1580	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4396 wrote to memory of 1580	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4396 wrote to memory of 3488	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4396 wrote to memory of 3488	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4396 wrote to memory of 912	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4396 wrote to memory of 912	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4396 wrote to memory of 952	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 4396 wrote to memory of 952	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 4396 wrote to memory of 2228	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 4396 wrote to memory of 2228	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 4396 wrote to memory of 5024	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 4396 wrote to memory of 5024	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 4396 wrote to memory of 2484	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 4396 wrote to memory of 2484	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 4396 wrote to memory of 820	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	119
PID 4396 wrote to memory of 820	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	119
PID 4396 wrote to memory of 4252	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	120
PID 4396 wrote to memory of 4252	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	120
PID 4396 wrote to memory of 4912	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	121
PID 4396 wrote to memory of 4912	4396	2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe	121

C:\Users\Admin\AppData\Local\Temp\2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-16_b58f692b4e969e37af63ab86a0081599_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4396
- C:\Windows\System\WVcLXHq.exe
  C:\Windows\System\WVcLXHq.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\wgwRjZQ.exe
  C:\Windows\System\wgwRjZQ.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\upPcpvs.exe
  C:\Windows\System\upPcpvs.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\isWZsnz.exe
  C:\Windows\System\isWZsnz.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System\cTnXxEy.exe
  C:\Windows\System\cTnXxEy.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\BVXejAK.exe
  C:\Windows\System\BVXejAK.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\BTRQDoA.exe
  C:\Windows\System\BTRQDoA.exe
  2⤵
  - Executes dropped EXE
  PID:732
- C:\Windows\System\wsXprLf.exe
  C:\Windows\System\wsXprLf.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\huVpBzs.exe
  C:\Windows\System\huVpBzs.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\zbkYEqZ.exe
  C:\Windows\System\zbkYEqZ.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System\qAMacGh.exe
  C:\Windows\System\qAMacGh.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System\PmPxbIv.exe
  C:\Windows\System\PmPxbIv.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System\YwEdJPd.exe
  C:\Windows\System\YwEdJPd.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\QLDmKoD.exe
  C:\Windows\System\QLDmKoD.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\LbdnbJH.exe
  C:\Windows\System\LbdnbJH.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\UGsgvAi.exe
  C:\Windows\System\UGsgvAi.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\kYVbKfE.exe
  C:\Windows\System\kYVbKfE.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\vQmAvBf.exe
  C:\Windows\System\vQmAvBf.exe
  2⤵
  - Executes dropped EXE
  PID:4152
- C:\Windows\System\tihBduJ.exe
  C:\Windows\System\tihBduJ.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\TGHkflV.exe
  C:\Windows\System\TGHkflV.exe
  2⤵
  - Executes dropped EXE
  PID:488
- C:\Windows\System\dhHiYtq.exe
  C:\Windows\System\dhHiYtq.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\ouaPBUi.exe
  C:\Windows\System\ouaPBUi.exe
  2⤵
  - Executes dropped EXE
  PID:3352
- C:\Windows\System\tDCMIWj.exe
  C:\Windows\System\tDCMIWj.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\oKAKbON.exe
  C:\Windows\System\oKAKbON.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\ikMajQT.exe
  C:\Windows\System\ikMajQT.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\tQTBznJ.exe
  C:\Windows\System\tQTBznJ.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\CtHMfjh.exe
  C:\Windows\System\CtHMfjh.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\szcjTid.exe
  C:\Windows\System\szcjTid.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\ZqnyLTW.exe
  C:\Windows\System\ZqnyLTW.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\xbTaVmM.exe
  C:\Windows\System\xbTaVmM.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\JHCuyVI.exe
  C:\Windows\System\JHCuyVI.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System\xomyzdL.exe
  C:\Windows\System\xomyzdL.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\pDIRSSI.exe
  C:\Windows\System\pDIRSSI.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\zwLiStP.exe
  C:\Windows\System\zwLiStP.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System\SyEOWpy.exe
  C:\Windows\System\SyEOWpy.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\qYQnVRs.exe
  C:\Windows\System\qYQnVRs.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\fHvBWkQ.exe
  C:\Windows\System\fHvBWkQ.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\SFgAXGv.exe
  C:\Windows\System\SFgAXGv.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\vbxyIjE.exe
  C:\Windows\System\vbxyIjE.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System\wwfqtwT.exe
  C:\Windows\System\wwfqtwT.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\TFeRhkO.exe
  C:\Windows\System\TFeRhkO.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\MMCGwjd.exe
  C:\Windows\System\MMCGwjd.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\vPOMmOE.exe
  C:\Windows\System\vPOMmOE.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\VGgdsMJ.exe
  C:\Windows\System\VGgdsMJ.exe
  2⤵
  - Executes dropped EXE
  PID:3656
- C:\Windows\System\UpSZwER.exe
  C:\Windows\System\UpSZwER.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\ZvmxNzp.exe
  C:\Windows\System\ZvmxNzp.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\ytVyPIZ.exe
  C:\Windows\System\ytVyPIZ.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\RaXJbsu.exe
  C:\Windows\System\RaXJbsu.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\WGmYAVF.exe
  C:\Windows\System\WGmYAVF.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\lfPdVbO.exe
  C:\Windows\System\lfPdVbO.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\hzdYOIQ.exe
  C:\Windows\System\hzdYOIQ.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\vbLKfHR.exe
  C:\Windows\System\vbLKfHR.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\ZrszerW.exe
  C:\Windows\System\ZrszerW.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\XiLLQJu.exe
  C:\Windows\System\XiLLQJu.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\QECleQQ.exe
  C:\Windows\System\QECleQQ.exe
  2⤵
  - Executes dropped EXE
  PID:3876
- C:\Windows\System\XxnaoiC.exe
  C:\Windows\System\XxnaoiC.exe
  2⤵
  - Executes dropped EXE
  PID:4200
- C:\Windows\System\zxWgXuI.exe
  C:\Windows\System\zxWgXuI.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\JLUuLZa.exe
  C:\Windows\System\JLUuLZa.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\PFgZZgy.exe
  C:\Windows\System\PFgZZgy.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\dNmDkjr.exe
  C:\Windows\System\dNmDkjr.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\ImsylGQ.exe
  C:\Windows\System\ImsylGQ.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\aIIhVlD.exe
  C:\Windows\System\aIIhVlD.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\vFNYlCJ.exe
  C:\Windows\System\vFNYlCJ.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\DOpfHTN.exe
  C:\Windows\System\DOpfHTN.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\vqZGQwV.exe
  C:\Windows\System\vqZGQwV.exe
  2⤵
  PID:5100
- C:\Windows\System\RrPIgrI.exe
  C:\Windows\System\RrPIgrI.exe
  2⤵
  PID:568
- C:\Windows\System\GRfCjON.exe
  C:\Windows\System\GRfCjON.exe
  2⤵
  PID:4708
- C:\Windows\System\RQMcYuv.exe
  C:\Windows\System\RQMcYuv.exe
  2⤵
  PID:1468
- C:\Windows\System\cZFrClA.exe
  C:\Windows\System\cZFrClA.exe
  2⤵
  PID:1092
- C:\Windows\System\YDqkavy.exe
  C:\Windows\System\YDqkavy.exe
  2⤵
  PID:3088
- C:\Windows\System\TnfWfYq.exe
  C:\Windows\System\TnfWfYq.exe
  2⤵
  PID:1576
- C:\Windows\System\hqohwFh.exe
  C:\Windows\System\hqohwFh.exe
  2⤵
  PID:428
- C:\Windows\System\JBdWlws.exe
  C:\Windows\System\JBdWlws.exe
  2⤵
  PID:1380
- C:\Windows\System\QSPaBfA.exe
  C:\Windows\System\QSPaBfA.exe
  2⤵
  PID:4440
- C:\Windows\System\TLxaGMe.exe
  C:\Windows\System\TLxaGMe.exe
  2⤵
  PID:3376
- C:\Windows\System\JaOCUuU.exe
  C:\Windows\System\JaOCUuU.exe
  2⤵
  PID:5076
- C:\Windows\System\PciGazd.exe
  C:\Windows\System\PciGazd.exe
  2⤵
  PID:3904
- C:\Windows\System\VsnBzSO.exe
  C:\Windows\System\VsnBzSO.exe
  2⤵
  PID:4984
- C:\Windows\System\VOUlULz.exe
  C:\Windows\System\VOUlULz.exe
  2⤵
  PID:5132
- C:\Windows\System\TNdlbDZ.exe
  C:\Windows\System\TNdlbDZ.exe
  2⤵
  PID:5148
- C:\Windows\System\AXmSjYu.exe
  C:\Windows\System\AXmSjYu.exe
  2⤵
  PID:5184
- C:\Windows\System\MoJiRGm.exe
  C:\Windows\System\MoJiRGm.exe
  2⤵
  PID:5216
- C:\Windows\System\PsGzRST.exe
  C:\Windows\System\PsGzRST.exe
  2⤵
  PID:5244
- C:\Windows\System\DmKdlhS.exe
  C:\Windows\System\DmKdlhS.exe
  2⤵
  PID:5272
- C:\Windows\System\wSHDtty.exe
  C:\Windows\System\wSHDtty.exe
  2⤵
  PID:5296
- C:\Windows\System\GeLlQbN.exe
  C:\Windows\System\GeLlQbN.exe
  2⤵
  PID:5328
- C:\Windows\System\LaQTFLx.exe
  C:\Windows\System\LaQTFLx.exe
  2⤵
  PID:5356
- C:\Windows\System\BUJUNrG.exe
  C:\Windows\System\BUJUNrG.exe
  2⤵
  PID:5384
- C:\Windows\System\uRIcEmb.exe
  C:\Windows\System\uRIcEmb.exe
  2⤵
  PID:5416
- C:\Windows\System\iBGGBEE.exe
  C:\Windows\System\iBGGBEE.exe
  2⤵
  PID:5444
- C:\Windows\System\kNwoPYa.exe
  C:\Windows\System\kNwoPYa.exe
  2⤵
  PID:5468
- C:\Windows\System\DieopEj.exe
  C:\Windows\System\DieopEj.exe
  2⤵
  PID:5488
- C:\Windows\System\AblNMhK.exe
  C:\Windows\System\AblNMhK.exe
  2⤵
  PID:5524
- C:\Windows\System\GIyKztL.exe
  C:\Windows\System\GIyKztL.exe
  2⤵
  PID:5564
- C:\Windows\System\rjHsPzz.exe
  C:\Windows\System\rjHsPzz.exe
  2⤵
  PID:5592
- C:\Windows\System\HiuoOCd.exe
  C:\Windows\System\HiuoOCd.exe
  2⤵
  PID:5616
- C:\Windows\System\zmFilxE.exe
  C:\Windows\System\zmFilxE.exe
  2⤵
  PID:5644
- C:\Windows\System\iqKHOfA.exe
  C:\Windows\System\iqKHOfA.exe
  2⤵
  PID:5676
- C:\Windows\System\FAYnvwA.exe
  C:\Windows\System\FAYnvwA.exe
  2⤵
  PID:5704
- C:\Windows\System\SdyozlE.exe
  C:\Windows\System\SdyozlE.exe
  2⤵
  PID:5732
- C:\Windows\System\uFXdcTV.exe
  C:\Windows\System\uFXdcTV.exe
  2⤵
  PID:5760
- C:\Windows\System\apOwnwj.exe
  C:\Windows\System\apOwnwj.exe
  2⤵
  PID:5788
- C:\Windows\System\wntRMMw.exe
  C:\Windows\System\wntRMMw.exe
  2⤵
  PID:5820
- C:\Windows\System\jMNFByK.exe
  C:\Windows\System\jMNFByK.exe
  2⤵
  PID:5844
- C:\Windows\System\GKDadpc.exe
  C:\Windows\System\GKDadpc.exe
  2⤵
  PID:5876
- C:\Windows\System\jQckOyO.exe
  C:\Windows\System\jQckOyO.exe
  2⤵
  PID:5904
- C:\Windows\System\YmqRFyh.exe
  C:\Windows\System\YmqRFyh.exe
  2⤵
  PID:5932
- C:\Windows\System\DVAxNCU.exe
  C:\Windows\System\DVAxNCU.exe
  2⤵
  PID:5956
- C:\Windows\System\MXVtXbX.exe
  C:\Windows\System\MXVtXbX.exe
  2⤵
  PID:5984
- C:\Windows\System\MoDkRJD.exe
  C:\Windows\System\MoDkRJD.exe
  2⤵
  PID:6012
- C:\Windows\System\kiqexYl.exe
  C:\Windows\System\kiqexYl.exe
  2⤵
  PID:6044
- C:\Windows\System\cRyrUll.exe
  C:\Windows\System\cRyrUll.exe
  2⤵
  PID:6072
- C:\Windows\System\PrlRDsk.exe
  C:\Windows\System\PrlRDsk.exe
  2⤵
  PID:6104
- C:\Windows\System\AyuxbgL.exe
  C:\Windows\System\AyuxbgL.exe
  2⤵
  PID:6120
- C:\Windows\System\tnqtBMg.exe
  C:\Windows\System\tnqtBMg.exe
  2⤵
  PID:5140
- C:\Windows\System\UYyxQhK.exe
  C:\Windows\System\UYyxQhK.exe
  2⤵
  PID:5196
- C:\Windows\System\jlGNHkJ.exe
  C:\Windows\System\jlGNHkJ.exe
  2⤵
  PID:5264
- C:\Windows\System\mQoYhDR.exe
  C:\Windows\System\mQoYhDR.exe
  2⤵
  PID:5336
- C:\Windows\System\BiFtDaI.exe
  C:\Windows\System\BiFtDaI.exe
  2⤵
  PID:5376
- C:\Windows\System\qJogRPF.exe
  C:\Windows\System\qJogRPF.exe
  2⤵
  PID:5424
- C:\Windows\System\eVimvFi.exe
  C:\Windows\System\eVimvFi.exe
  2⤵
  PID:5508
- C:\Windows\System\eheEqvk.exe
  C:\Windows\System\eheEqvk.exe
  2⤵
  PID:5588
- C:\Windows\System\kaYlFzT.exe
  C:\Windows\System\kaYlFzT.exe
  2⤵
  PID:5652
- C:\Windows\System\DARdtKO.exe
  C:\Windows\System\DARdtKO.exe
  2⤵
  PID:5684
- C:\Windows\System\lxmIwgJ.exe
  C:\Windows\System\lxmIwgJ.exe
  2⤵
  PID:5748
- C:\Windows\System\mYJyCgt.exe
  C:\Windows\System\mYJyCgt.exe
  2⤵
  PID:3304
- C:\Windows\System\RnmcPQc.exe
  C:\Windows\System\RnmcPQc.exe
  2⤵
  PID:5868
- C:\Windows\System\FsPWgqD.exe
  C:\Windows\System\FsPWgqD.exe
  2⤵
  PID:5920
- C:\Windows\System\yHyBFGt.exe
  C:\Windows\System\yHyBFGt.exe
  2⤵
  PID:6020
- C:\Windows\System\mwrwYwq.exe
  C:\Windows\System\mwrwYwq.exe
  2⤵
  PID:6056
- C:\Windows\System\WiTWWMR.exe
  C:\Windows\System\WiTWWMR.exe
  2⤵
  PID:6136
- C:\Windows\System\xGiTMZn.exe
  C:\Windows\System\xGiTMZn.exe
  2⤵
  PID:5224
- C:\Windows\System\nsDMISQ.exe
  C:\Windows\System\nsDMISQ.exe
  2⤵
  PID:1944
- C:\Windows\System\lgwbYfb.exe
  C:\Windows\System\lgwbYfb.exe
  2⤵
  PID:5536
- C:\Windows\System\WyYdntA.exe
  C:\Windows\System\WyYdntA.exe
  2⤵
  PID:5628
- C:\Windows\System\hcurUvN.exe
  C:\Windows\System\hcurUvN.exe
  2⤵
  PID:5780
- C:\Windows\System\iKIvJqw.exe
  C:\Windows\System\iKIvJqw.exe
  2⤵
  PID:5900
- C:\Windows\System\zPjFvfp.exe
  C:\Windows\System\zPjFvfp.exe
  2⤵
  PID:6100
- C:\Windows\System\zXXcaVt.exe
  C:\Windows\System\zXXcaVt.exe
  2⤵
  PID:5348
- C:\Windows\System\OsfWoEe.exe
  C:\Windows\System\OsfWoEe.exe
  2⤵
  PID:5672
- C:\Windows\System\BNuZsdA.exe
  C:\Windows\System\BNuZsdA.exe
  2⤵
  PID:6024
- C:\Windows\System\nVaYvde.exe
  C:\Windows\System\nVaYvde.exe
  2⤵
  PID:5552
- C:\Windows\System\gsMbQLE.exe
  C:\Windows\System\gsMbQLE.exe
  2⤵
  PID:5404
- C:\Windows\System\hpTbVWA.exe
  C:\Windows\System\hpTbVWA.exe
  2⤵
  PID:6152
- C:\Windows\System\KahpwCt.exe
  C:\Windows\System\KahpwCt.exe
  2⤵
  PID:6180
- C:\Windows\System\xxbphhQ.exe
  C:\Windows\System\xxbphhQ.exe
  2⤵
  PID:6208
- C:\Windows\System\VzHvLBx.exe
  C:\Windows\System\VzHvLBx.exe
  2⤵
  PID:6236
- C:\Windows\System\ZsUaDbH.exe
  C:\Windows\System\ZsUaDbH.exe
  2⤵
  PID:6264
- C:\Windows\System\ywYljXF.exe
  C:\Windows\System\ywYljXF.exe
  2⤵
  PID:6296
- C:\Windows\System\vxETikx.exe
  C:\Windows\System\vxETikx.exe
  2⤵
  PID:6328
- C:\Windows\System\egIqpCz.exe
  C:\Windows\System\egIqpCz.exe
  2⤵
  PID:6352
- C:\Windows\System\VayNNsC.exe
  C:\Windows\System\VayNNsC.exe
  2⤵
  PID:6412
- C:\Windows\System\HNOWQeD.exe
  C:\Windows\System\HNOWQeD.exe
  2⤵
  PID:6476
- C:\Windows\System\HnWaJfq.exe
  C:\Windows\System\HnWaJfq.exe
  2⤵
  PID:6508
- C:\Windows\System\dXKdIpT.exe
  C:\Windows\System\dXKdIpT.exe
  2⤵
  PID:6532
- C:\Windows\System\nXLBasp.exe
  C:\Windows\System\nXLBasp.exe
  2⤵
  PID:6568
- C:\Windows\System\akbmaix.exe
  C:\Windows\System\akbmaix.exe
  2⤵
  PID:6600
- C:\Windows\System\sPhfAin.exe
  C:\Windows\System\sPhfAin.exe
  2⤵
  PID:6628
- C:\Windows\System\GziSrvT.exe
  C:\Windows\System\GziSrvT.exe
  2⤵
  PID:6660
- C:\Windows\System\MlJMkuH.exe
  C:\Windows\System\MlJMkuH.exe
  2⤵
  PID:6684
- C:\Windows\System\fhtrDyo.exe
  C:\Windows\System\fhtrDyo.exe
  2⤵
  PID:6712
- C:\Windows\System\JxWrhLA.exe
  C:\Windows\System\JxWrhLA.exe
  2⤵
  PID:6740
- C:\Windows\System\CPkONud.exe
  C:\Windows\System\CPkONud.exe
  2⤵
  PID:6772
- C:\Windows\System\XxDtJbk.exe
  C:\Windows\System\XxDtJbk.exe
  2⤵
  PID:6796
- C:\Windows\System\NQAbrCc.exe
  C:\Windows\System\NQAbrCc.exe
  2⤵
  PID:6824
- C:\Windows\System\joXAUSI.exe
  C:\Windows\System\joXAUSI.exe
  2⤵
  PID:6852
- C:\Windows\System\GqTvHux.exe
  C:\Windows\System\GqTvHux.exe
  2⤵
  PID:6884
- C:\Windows\System\llriTnQ.exe
  C:\Windows\System\llriTnQ.exe
  2⤵
  PID:6908
- C:\Windows\System\NzPzoQf.exe
  C:\Windows\System\NzPzoQf.exe
  2⤵
  PID:6936
- C:\Windows\System\PNCVFAn.exe
  C:\Windows\System\PNCVFAn.exe
  2⤵
  PID:6968
- C:\Windows\System\gzmcBwE.exe
  C:\Windows\System\gzmcBwE.exe
  2⤵
  PID:6992
- C:\Windows\System\mTqRBdg.exe
  C:\Windows\System\mTqRBdg.exe
  2⤵
  PID:7020
- C:\Windows\System\lnoHUFE.exe
  C:\Windows\System\lnoHUFE.exe
  2⤵
  PID:7052
- C:\Windows\System\RVvgJFx.exe
  C:\Windows\System\RVvgJFx.exe
  2⤵
  PID:7084
- C:\Windows\System\lFmWYSy.exe
  C:\Windows\System\lFmWYSy.exe
  2⤵
  PID:7100
- C:\Windows\System\yuyjvhf.exe
  C:\Windows\System\yuyjvhf.exe
  2⤵
  PID:7136
- C:\Windows\System\yTMHmOr.exe
  C:\Windows\System\yTMHmOr.exe
  2⤵
  PID:7164
- C:\Windows\System\HhRkdbK.exe
  C:\Windows\System\HhRkdbK.exe
  2⤵
  PID:6196
- C:\Windows\System\ZpYxKGK.exe
  C:\Windows\System\ZpYxKGK.exe
  2⤵
  PID:6276
- C:\Windows\System\qAbwHpw.exe
  C:\Windows\System\qAbwHpw.exe
  2⤵
  PID:6316
- C:\Windows\System\NPNFGxz.exe
  C:\Windows\System\NPNFGxz.exe
  2⤵
  PID:6464
- C:\Windows\System\noHoBuR.exe
  C:\Windows\System\noHoBuR.exe
  2⤵
  PID:6516
- C:\Windows\System\XgrIMGd.exe
  C:\Windows\System\XgrIMGd.exe
  2⤵
  PID:6588
- C:\Windows\System\YLlzcXu.exe
  C:\Windows\System\YLlzcXu.exe
  2⤵
  PID:6648
- C:\Windows\System\OVeUDBV.exe
  C:\Windows\System\OVeUDBV.exe
  2⤵
  PID:6724
- C:\Windows\System\aPUMSVN.exe
  C:\Windows\System\aPUMSVN.exe
  2⤵
  PID:6788
- C:\Windows\System\hwUATmC.exe
  C:\Windows\System\hwUATmC.exe
  2⤵
  PID:6860
- C:\Windows\System\rZDGGXa.exe
  C:\Windows\System\rZDGGXa.exe
  2⤵
  PID:6916
- C:\Windows\System\xpZQZgN.exe
  C:\Windows\System\xpZQZgN.exe
  2⤵
  PID:6956
- C:\Windows\System\AHpuven.exe
  C:\Windows\System\AHpuven.exe
  2⤵
  PID:7048
- C:\Windows\System\tMIEtOw.exe
  C:\Windows\System\tMIEtOw.exe
  2⤵
  PID:7068
- C:\Windows\System\iUxzejg.exe
  C:\Windows\System\iUxzejg.exe
  2⤵
  PID:6160
- C:\Windows\System\qPZwJlR.exe
  C:\Windows\System\qPZwJlR.exe
  2⤵
  PID:6304
- C:\Windows\System\PCrXNIX.exe
  C:\Windows\System\PCrXNIX.exe
  2⤵
  PID:6420
- C:\Windows\System\ewkQvCP.exe
  C:\Windows\System\ewkQvCP.exe
  2⤵
  PID:6624
- C:\Windows\System\XoiegFf.exe
  C:\Windows\System\XoiegFf.exe
  2⤵
  PID:6768
- C:\Windows\System\ecebACG.exe
  C:\Windows\System\ecebACG.exe
  2⤵
  PID:6928
- C:\Windows\System\URgBSNU.exe
  C:\Windows\System\URgBSNU.exe
  2⤵
  PID:7060
- C:\Windows\System\HlfLSYT.exe
  C:\Windows\System\HlfLSYT.exe
  2⤵
  PID:1376
- C:\Windows\System\xEkoVcY.exe
  C:\Windows\System\xEkoVcY.exe
  2⤵
  PID:6816
- C:\Windows\System\MKxAMxR.exe
  C:\Windows\System\MKxAMxR.exe
  2⤵
  PID:7112
- C:\Windows\System\KUYHHzw.exe
  C:\Windows\System\KUYHHzw.exe
  2⤵
  PID:2628
- C:\Windows\System\OtiJXFs.exe
  C:\Windows\System\OtiJXFs.exe
  2⤵
  PID:6348
- C:\Windows\System\jKTXcsI.exe
  C:\Windows\System\jKTXcsI.exe
  2⤵
  PID:7172
- C:\Windows\System\HoFWnju.exe
  C:\Windows\System\HoFWnju.exe
  2⤵
  PID:7200
- C:\Windows\System\XRrvjlL.exe
  C:\Windows\System\XRrvjlL.exe
  2⤵
  PID:7228
- C:\Windows\System\RxIFoXd.exe
  C:\Windows\System\RxIFoXd.exe
  2⤵
  PID:7256
- C:\Windows\System\LqdsgHl.exe
  C:\Windows\System\LqdsgHl.exe
  2⤵
  PID:7284
- C:\Windows\System\CkadEuB.exe
  C:\Windows\System\CkadEuB.exe
  2⤵
  PID:7316
- C:\Windows\System\qTfCvUR.exe
  C:\Windows\System\qTfCvUR.exe
  2⤵
  PID:7344
- C:\Windows\System\qPZyeHJ.exe
  C:\Windows\System\qPZyeHJ.exe
  2⤵
  PID:7368
- C:\Windows\System\AKZvNht.exe
  C:\Windows\System\AKZvNht.exe
  2⤵
  PID:7400
- C:\Windows\System\kTVGSti.exe
  C:\Windows\System\kTVGSti.exe
  2⤵
  PID:7428
- C:\Windows\System\MXjGARN.exe
  C:\Windows\System\MXjGARN.exe
  2⤵
  PID:7460
- C:\Windows\System\PJjGueS.exe
  C:\Windows\System\PJjGueS.exe
  2⤵
  PID:7476
- C:\Windows\System\BurYCXF.exe
  C:\Windows\System\BurYCXF.exe
  2⤵
  PID:7508
- C:\Windows\System\CQPYUug.exe
  C:\Windows\System\CQPYUug.exe
  2⤵
  PID:7540
- C:\Windows\System\TCjLCbC.exe
  C:\Windows\System\TCjLCbC.exe
  2⤵
  PID:7576
- C:\Windows\System\JJxFfVp.exe
  C:\Windows\System\JJxFfVp.exe
  2⤵
  PID:7604
- C:\Windows\System\tYizrNr.exe
  C:\Windows\System\tYizrNr.exe
  2⤵
  PID:7640
- C:\Windows\System\cTOKWCW.exe
  C:\Windows\System\cTOKWCW.exe
  2⤵
  PID:7716
- C:\Windows\System\wqyPULk.exe
  C:\Windows\System\wqyPULk.exe
  2⤵
  PID:7740
- C:\Windows\System\OyUorEn.exe
  C:\Windows\System\OyUorEn.exe
  2⤵
  PID:7768
- C:\Windows\System\JNGfuJq.exe
  C:\Windows\System\JNGfuJq.exe
  2⤵
  PID:7800
- C:\Windows\System\weDhOUt.exe
  C:\Windows\System\weDhOUt.exe
  2⤵
  PID:7828
- C:\Windows\System\PFaZtrC.exe
  C:\Windows\System\PFaZtrC.exe
  2⤵
  PID:7860
- C:\Windows\System\YfCDdPE.exe
  C:\Windows\System\YfCDdPE.exe
  2⤵
  PID:7892
- C:\Windows\System\mQKiaOZ.exe
  C:\Windows\System\mQKiaOZ.exe
  2⤵
  PID:7920
- C:\Windows\System\sJpwIPS.exe
  C:\Windows\System\sJpwIPS.exe
  2⤵
  PID:7936
- C:\Windows\System\WandDCW.exe
  C:\Windows\System\WandDCW.exe
  2⤵
  PID:7964
- C:\Windows\System\NEUFiRS.exe
  C:\Windows\System\NEUFiRS.exe
  2⤵
  PID:7992
- C:\Windows\System\LQiFDMp.exe
  C:\Windows\System\LQiFDMp.exe
  2⤵
  PID:8020
- C:\Windows\System\PftxrPC.exe
  C:\Windows\System\PftxrPC.exe
  2⤵
  PID:8052
- C:\Windows\System\mbFgudB.exe
  C:\Windows\System\mbFgudB.exe
  2⤵
  PID:8084
- C:\Windows\System\LtDCgGl.exe
  C:\Windows\System\LtDCgGl.exe
  2⤵
  PID:8112
- C:\Windows\System\alPWlNV.exe
  C:\Windows\System\alPWlNV.exe
  2⤵
  PID:8136
- C:\Windows\System\dMBPKCP.exe
  C:\Windows\System\dMBPKCP.exe
  2⤵
  PID:8164
- C:\Windows\System\swCTkOQ.exe
  C:\Windows\System\swCTkOQ.exe
  2⤵
  PID:4112
- C:\Windows\System\HgpKFlo.exe
  C:\Windows\System\HgpKFlo.exe
  2⤵
  PID:7236
- C:\Windows\System\szbgfwX.exe
  C:\Windows\System\szbgfwX.exe
  2⤵
  PID:7296
- C:\Windows\System\WXlAoAj.exe
  C:\Windows\System\WXlAoAj.exe
  2⤵
  PID:7384
- C:\Windows\System\pydkSeg.exe
  C:\Windows\System\pydkSeg.exe
  2⤵
  PID:6544
- C:\Windows\System\MTGGMgX.exe
  C:\Windows\System\MTGGMgX.exe
  2⤵
  PID:7472
- C:\Windows\System\OvnjrfC.exe
  C:\Windows\System\OvnjrfC.exe
  2⤵
  PID:7548
- C:\Windows\System\XvQzXQk.exe
  C:\Windows\System\XvQzXQk.exe
  2⤵
  PID:7680
- C:\Windows\System\WweRMOy.exe
  C:\Windows\System\WweRMOy.exe
  2⤵
  PID:7748
- C:\Windows\System\nRjIMCK.exe
  C:\Windows\System\nRjIMCK.exe
  2⤵
  PID:7836
- C:\Windows\System\BNXFsmO.exe
  C:\Windows\System\BNXFsmO.exe
  2⤵
  PID:7872
- C:\Windows\System\YMIGLqw.exe
  C:\Windows\System\YMIGLqw.exe
  2⤵
  PID:7932
- C:\Windows\System\eePaxlV.exe
  C:\Windows\System\eePaxlV.exe
  2⤵
  PID:8016
- C:\Windows\System\RHiBHng.exe
  C:\Windows\System\RHiBHng.exe
  2⤵
  PID:8068
- C:\Windows\System\kZAkzwb.exe
  C:\Windows\System\kZAkzwb.exe
  2⤵
  PID:8132
- C:\Windows\System\NyAPcwE.exe
  C:\Windows\System\NyAPcwE.exe
  2⤵
  PID:8160
- C:\Windows\System\nJzWjYC.exe
  C:\Windows\System\nJzWjYC.exe
  2⤵
  PID:7276
- C:\Windows\System\qsiELRJ.exe
  C:\Windows\System\qsiELRJ.exe
  2⤵
  PID:7408
- C:\Windows\System\LtsjtgL.exe
  C:\Windows\System\LtsjtgL.exe
  2⤵
  PID:7532
- C:\Windows\System\gCXEJee.exe
  C:\Windows\System\gCXEJee.exe
  2⤵
  PID:7732
- C:\Windows\System\DMoIkID.exe
  C:\Windows\System\DMoIkID.exe
  2⤵
  PID:7900
- C:\Windows\System\xjhveqk.exe
  C:\Windows\System\xjhveqk.exe
  2⤵
  PID:8096
- C:\Windows\System\XBNOoeM.exe
  C:\Windows\System\XBNOoeM.exe
  2⤵
  PID:7552
- C:\Windows\System\wcitWZo.exe
  C:\Windows\System\wcitWZo.exe
  2⤵
  PID:7468
- C:\Windows\System\UAzQQXK.exe
  C:\Windows\System\UAzQQXK.exe
  2⤵
  PID:7856
- C:\Windows\System\FqRCFAe.exe
  C:\Windows\System\FqRCFAe.exe
  2⤵
  PID:7352
- C:\Windows\System\JBLyTUq.exe
  C:\Windows\System\JBLyTUq.exe
  2⤵
  PID:2828
- C:\Windows\System\BKVVOau.exe
  C:\Windows\System\BKVVOau.exe
  2⤵
  PID:8124
- C:\Windows\System\JPNLxlS.exe
  C:\Windows\System\JPNLxlS.exe
  2⤵
  PID:8220
- C:\Windows\System\qPSnLYI.exe
  C:\Windows\System\qPSnLYI.exe
  2⤵
  PID:8248
- C:\Windows\System\zDVzfdf.exe
  C:\Windows\System\zDVzfdf.exe
  2⤵
  PID:8272
- C:\Windows\System\dXmBRzW.exe
  C:\Windows\System\dXmBRzW.exe
  2⤵
  PID:8304
- C:\Windows\System\txnDGTo.exe
  C:\Windows\System\txnDGTo.exe
  2⤵
  PID:8324
- C:\Windows\System\QBSEwRr.exe
  C:\Windows\System\QBSEwRr.exe
  2⤵
  PID:8352
- C:\Windows\System\BQsnlwF.exe
  C:\Windows\System\BQsnlwF.exe
  2⤵
  PID:8388
- C:\Windows\System\DYLkcLZ.exe
  C:\Windows\System\DYLkcLZ.exe
  2⤵
  PID:8416
- C:\Windows\System\aOPGGCw.exe
  C:\Windows\System\aOPGGCw.exe
  2⤵
  PID:8436
- C:\Windows\System\fVICrBb.exe
  C:\Windows\System\fVICrBb.exe
  2⤵
  PID:8464
- C:\Windows\System\NftpGBj.exe
  C:\Windows\System\NftpGBj.exe
  2⤵
  PID:8492
- C:\Windows\System\dPrlbGa.exe
  C:\Windows\System\dPrlbGa.exe
  2⤵
  PID:8536
- C:\Windows\System\kkktOAy.exe
  C:\Windows\System\kkktOAy.exe
  2⤵
  PID:8552
- C:\Windows\System\imVZFbZ.exe
  C:\Windows\System\imVZFbZ.exe
  2⤵
  PID:8580
- C:\Windows\System\pPJUBKO.exe
  C:\Windows\System\pPJUBKO.exe
  2⤵
  PID:8612
- C:\Windows\System\fbiGIwi.exe
  C:\Windows\System\fbiGIwi.exe
  2⤵
  PID:8644
- C:\Windows\System\HaUaZJJ.exe
  C:\Windows\System\HaUaZJJ.exe
  2⤵
  PID:8664
- C:\Windows\System\ShBjYsH.exe
  C:\Windows\System\ShBjYsH.exe
  2⤵
  PID:8692
- C:\Windows\System\tgsprfT.exe
  C:\Windows\System\tgsprfT.exe
  2⤵
  PID:8724
- C:\Windows\System\aCOjkCy.exe
  C:\Windows\System\aCOjkCy.exe
  2⤵
  PID:8756
- C:\Windows\System\qsKrZed.exe
  C:\Windows\System\qsKrZed.exe
  2⤵
  PID:8776
- C:\Windows\System\AIZPmKs.exe
  C:\Windows\System\AIZPmKs.exe
  2⤵
  PID:8804
- C:\Windows\System\yDDLvwp.exe
  C:\Windows\System\yDDLvwp.exe
  2⤵
  PID:8840
- C:\Windows\System\WGgWznO.exe
  C:\Windows\System\WGgWznO.exe
  2⤵
  PID:8860
- C:\Windows\System\FrgtSuT.exe
  C:\Windows\System\FrgtSuT.exe
  2⤵
  PID:8888
- C:\Windows\System\JVLKGzC.exe
  C:\Windows\System\JVLKGzC.exe
  2⤵
  PID:8916
- C:\Windows\System\aLMIgiG.exe
  C:\Windows\System\aLMIgiG.exe
  2⤵
  PID:8948
- C:\Windows\System\OOfvzUH.exe
  C:\Windows\System\OOfvzUH.exe
  2⤵
  PID:8972
- C:\Windows\System\fvVePoI.exe
  C:\Windows\System\fvVePoI.exe
  2⤵
  PID:9004
- C:\Windows\System\qtnwVNP.exe
  C:\Windows\System\qtnwVNP.exe
  2⤵
  PID:9028
- C:\Windows\System\wHduAjY.exe
  C:\Windows\System\wHduAjY.exe
  2⤵
  PID:9064
- C:\Windows\System\CSmWiAq.exe
  C:\Windows\System\CSmWiAq.exe
  2⤵
  PID:9084
- C:\Windows\System\hfEBtVD.exe
  C:\Windows\System\hfEBtVD.exe
  2⤵
  PID:9112
- C:\Windows\System\SwZtMfF.exe
  C:\Windows\System\SwZtMfF.exe
  2⤵
  PID:9148
- C:\Windows\System\NiXjozz.exe
  C:\Windows\System\NiXjozz.exe
  2⤵
  PID:9168
- C:\Windows\System\sKlJaKg.exe
  C:\Windows\System\sKlJaKg.exe
  2⤵
  PID:9204
- C:\Windows\System\AHrKEYD.exe
  C:\Windows\System\AHrKEYD.exe
  2⤵
  PID:8256
- C:\Windows\System\CeSODZC.exe
  C:\Windows\System\CeSODZC.exe
  2⤵
  PID:8288
- C:\Windows\System\CGEQtam.exe
  C:\Windows\System\CGEQtam.exe
  2⤵
  PID:8364
- C:\Windows\System\UtMSiXs.exe
  C:\Windows\System\UtMSiXs.exe
  2⤵
  PID:8428
- C:\Windows\System\znRrDXN.exe
  C:\Windows\System\znRrDXN.exe
  2⤵
  PID:8476
- C:\Windows\System\jPxKUJf.exe
  C:\Windows\System\jPxKUJf.exe
  2⤵
  PID:8544
- C:\Windows\System\MhWjqRk.exe
  C:\Windows\System\MhWjqRk.exe
  2⤵
  PID:8604
- C:\Windows\System\wgoLdCj.exe
  C:\Windows\System\wgoLdCj.exe
  2⤵
  PID:5496
- C:\Windows\System\SnDFcgT.exe
  C:\Windows\System\SnDFcgT.exe
  2⤵
  PID:8712
- C:\Windows\System\NZePPMI.exe
  C:\Windows\System\NZePPMI.exe
  2⤵
  PID:8788
- C:\Windows\System\vxSVJAB.exe
  C:\Windows\System\vxSVJAB.exe
  2⤵
  PID:8828
- C:\Windows\System\EWBwfgc.exe
  C:\Windows\System\EWBwfgc.exe
  2⤵
  PID:8900
- C:\Windows\System\yjfjVJT.exe
  C:\Windows\System\yjfjVJT.exe
  2⤵
  PID:8956
- C:\Windows\System\yrjQckN.exe
  C:\Windows\System\yrjQckN.exe
  2⤵
  PID:9020
- C:\Windows\System\eEjpbXF.exe
  C:\Windows\System\eEjpbXF.exe
  2⤵
  PID:9076
- C:\Windows\System\gMIoBLV.exe
  C:\Windows\System\gMIoBLV.exe
  2⤵
  PID:9136
- C:\Windows\System\fDMHorW.exe
  C:\Windows\System\fDMHorW.exe
  2⤵
  PID:8196
- C:\Windows\System\FEiQxRS.exe
  C:\Windows\System\FEiQxRS.exe
  2⤵
  PID:8336
- C:\Windows\System\zzrsiAB.exe
  C:\Windows\System\zzrsiAB.exe
  2⤵
  PID:8504
- C:\Windows\System\TAHXVLk.exe
  C:\Windows\System\TAHXVLk.exe
  2⤵
  PID:8764
- C:\Windows\System\XIxPMmZ.exe
  C:\Windows\System\XIxPMmZ.exe
  2⤵
  PID:8880
- C:\Windows\System\zHkqyyv.exe
  C:\Windows\System\zHkqyyv.exe
  2⤵
  PID:8984
- C:\Windows\System\gJStLRS.exe
  C:\Windows\System\gJStLRS.exe
  2⤵
  PID:9132
- C:\Windows\System\qjaFuXM.exe
  C:\Windows\System\qjaFuXM.exe
  2⤵
  PID:8204
- C:\Windows\System\RjByxzA.exe
  C:\Windows\System\RjByxzA.exe
  2⤵
  PID:8564
- C:\Windows\System\pfuQjVO.exe
  C:\Windows\System\pfuQjVO.exe
  2⤵
  PID:2976
- C:\Windows\System\wnHyHnC.exe
  C:\Windows\System\wnHyHnC.exe
  2⤵
  PID:8936
- C:\Windows\System\XpvPpPY.exe
  C:\Windows\System\XpvPpPY.exe
  2⤵
  PID:8460
- C:\Windows\System\EjTxknr.exe
  C:\Windows\System\EjTxknr.exe
  2⤵
  PID:9052
- C:\Windows\System\lyGIvmA.exe
  C:\Windows\System\lyGIvmA.exe
  2⤵
  PID:8572
- C:\Windows\System\wkeEzHb.exe
  C:\Windows\System\wkeEzHb.exe
  2⤵
  PID:4820
- C:\Windows\System\qznujzN.exe
  C:\Windows\System\qznujzN.exe
  2⤵
  PID:9240
- C:\Windows\System\wXSiZBa.exe
  C:\Windows\System\wXSiZBa.exe
  2⤵
  PID:9276
- C:\Windows\System\tdzWDnl.exe
  C:\Windows\System\tdzWDnl.exe
  2⤵
  PID:9296
- C:\Windows\System\ycXkUTf.exe
  C:\Windows\System\ycXkUTf.exe
  2⤵
  PID:9332
- C:\Windows\System\SgegUFK.exe
  C:\Windows\System\SgegUFK.exe
  2⤵
  PID:9352
- C:\Windows\System\aqbTTAy.exe
  C:\Windows\System\aqbTTAy.exe
  2⤵
  PID:9388
- C:\Windows\System\oHvFChI.exe
  C:\Windows\System\oHvFChI.exe
  2⤵
  PID:9408
- C:\Windows\System\bGTCTiW.exe
  C:\Windows\System\bGTCTiW.exe
  2⤵
  PID:9444
- C:\Windows\System\aNFzOOs.exe
  C:\Windows\System\aNFzOOs.exe
  2⤵
  PID:9464
- C:\Windows\System\xphvTwY.exe
  C:\Windows\System\xphvTwY.exe
  2⤵
  PID:9492
- C:\Windows\System\bFhVNBa.exe
  C:\Windows\System\bFhVNBa.exe
  2⤵
  PID:9524
- C:\Windows\System\wOoXBwW.exe
  C:\Windows\System\wOoXBwW.exe
  2⤵
  PID:9556
- C:\Windows\System\KcQNbfU.exe
  C:\Windows\System\KcQNbfU.exe
  2⤵
  PID:9580
- C:\Windows\System\ifGkaiO.exe
  C:\Windows\System\ifGkaiO.exe
  2⤵
  PID:9604
- C:\Windows\System\VCxjiar.exe
  C:\Windows\System\VCxjiar.exe
  2⤵
  PID:9644
- C:\Windows\System\XbhaHmC.exe
  C:\Windows\System\XbhaHmC.exe
  2⤵
  PID:9664
- C:\Windows\System\TXKrzhx.exe
  C:\Windows\System\TXKrzhx.exe
  2⤵
  PID:9692
- C:\Windows\System\yBwgAaD.exe
  C:\Windows\System\yBwgAaD.exe
  2⤵
  PID:9732
- C:\Windows\System\sxUliNi.exe
  C:\Windows\System\sxUliNi.exe
  2⤵
  PID:9752
- C:\Windows\System\eaFSJtO.exe
  C:\Windows\System\eaFSJtO.exe
  2⤵
  PID:9780
- C:\Windows\System\byfktnM.exe
  C:\Windows\System\byfktnM.exe
  2⤵
  PID:9808
- C:\Windows\System\LZJLpwe.exe
  C:\Windows\System\LZJLpwe.exe
  2⤵
  PID:9836
- C:\Windows\System\pUKblKX.exe
  C:\Windows\System\pUKblKX.exe
  2⤵
  PID:9864
- C:\Windows\System\QItiwvB.exe
  C:\Windows\System\QItiwvB.exe
  2⤵
  PID:9892
- C:\Windows\System\QtWHngO.exe
  C:\Windows\System\QtWHngO.exe
  2⤵
  PID:9920
- C:\Windows\System\mDCGKOP.exe
  C:\Windows\System\mDCGKOP.exe
  2⤵
  PID:9948
- C:\Windows\System\dRVbzOC.exe
  C:\Windows\System\dRVbzOC.exe
  2⤵
  PID:9976
- C:\Windows\System\xApCzmt.exe
  C:\Windows\System\xApCzmt.exe
  2⤵
  PID:10004
- C:\Windows\System\vlWHcCG.exe
  C:\Windows\System\vlWHcCG.exe
  2⤵
  PID:10044
- C:\Windows\System\TrMQtEP.exe
  C:\Windows\System\TrMQtEP.exe
  2⤵
  PID:10060
- C:\Windows\System\lwjrpTU.exe
  C:\Windows\System\lwjrpTU.exe
  2⤵
  PID:10088
- C:\Windows\System\xddQTBR.exe
  C:\Windows\System\xddQTBR.exe
  2⤵
  PID:10116
- C:\Windows\System\PJvREap.exe
  C:\Windows\System\PJvREap.exe
  2⤵
  PID:10144
- C:\Windows\System\mVDmCPv.exe
  C:\Windows\System\mVDmCPv.exe
  2⤵
  PID:10176
- C:\Windows\System\ziTzoLI.exe
  C:\Windows\System\ziTzoLI.exe
  2⤵
  PID:10200
- C:\Windows\System\riiakrQ.exe
  C:\Windows\System\riiakrQ.exe
  2⤵
  PID:10228
- C:\Windows\System\YKvPvLx.exe
  C:\Windows\System\YKvPvLx.exe
  2⤵
  PID:9264
- C:\Windows\System\ZyWnTMk.exe
  C:\Windows\System\ZyWnTMk.exe
  2⤵
  PID:9348
- C:\Windows\System\VQNThBm.exe
  C:\Windows\System\VQNThBm.exe
  2⤵
  PID:9396
- C:\Windows\System\bjXHFkw.exe
  C:\Windows\System\bjXHFkw.exe
  2⤵
  PID:2644
- C:\Windows\System\lmpFAgJ.exe
  C:\Windows\System\lmpFAgJ.exe
  2⤵
  PID:9624
- C:\Windows\System\IdiuTmR.exe
  C:\Windows\System\IdiuTmR.exe
  2⤵
  PID:9680
- C:\Windows\System\ovUDHKG.exe
  C:\Windows\System\ovUDHKG.exe
  2⤵
  PID:9764
- C:\Windows\System\gClLZme.exe
  C:\Windows\System\gClLZme.exe
  2⤵
  PID:9932
- C:\Windows\System\prELyzN.exe
  C:\Windows\System\prELyzN.exe
  2⤵
  PID:10056
- C:\Windows\System\NtnyaYb.exe
  C:\Windows\System\NtnyaYb.exe
  2⤵
  PID:2480
- C:\Windows\System\VwyZHbN.exe
  C:\Windows\System\VwyZHbN.exe
  2⤵
  PID:10224
- C:\Windows\System\rvpvvCH.exe
  C:\Windows\System\rvpvvCH.exe
  2⤵
  PID:9292
- C:\Windows\System\vzZWzOd.exe
  C:\Windows\System\vzZWzOd.exe
  2⤵
  PID:1184
- C:\Windows\System\CbkvbTa.exe
  C:\Windows\System\CbkvbTa.exe
  2⤵
  PID:9432
- C:\Windows\System\erNdhHs.exe
  C:\Windows\System\erNdhHs.exe
  2⤵
  PID:9704
- C:\Windows\System\vWvYVHp.exe
  C:\Windows\System\vWvYVHp.exe
  2⤵
  PID:10140
- C:\Windows\System\AxejMCL.exe
  C:\Windows\System\AxejMCL.exe
  2⤵
  PID:4536
- C:\Windows\System\aibMmge.exe
  C:\Windows\System\aibMmge.exe
  2⤵
  PID:9904
- C:\Windows\System\aguqUll.exe
  C:\Windows\System\aguqUll.exe
  2⤵
  PID:3176
- C:\Windows\System\TsmJtlp.exe
  C:\Windows\System\TsmJtlp.exe
  2⤵
  PID:4556
- C:\Windows\System\EuvuPpe.exe
  C:\Windows\System\EuvuPpe.exe
  2⤵
  PID:10084
- C:\Windows\System\kgBtWMz.exe
  C:\Windows\System\kgBtWMz.exe
  2⤵
  PID:10256
- C:\Windows\System\rbdPiSz.exe
  C:\Windows\System\rbdPiSz.exe
  2⤵
  PID:10344
- C:\Windows\System\feLtBBJ.exe
  C:\Windows\System\feLtBBJ.exe
  2⤵
  PID:10380
- C:\Windows\System\ajsAvKb.exe
  C:\Windows\System\ajsAvKb.exe
  2⤵
  PID:10400
- C:\Windows\System\aoNlBcq.exe
  C:\Windows\System\aoNlBcq.exe
  2⤵
  PID:10428
- C:\Windows\System\TLmyasu.exe
  C:\Windows\System\TLmyasu.exe
  2⤵
  PID:10456
- C:\Windows\System\HXRJhqz.exe
  C:\Windows\System\HXRJhqz.exe
  2⤵
  PID:10484
- C:\Windows\System\nJZZsub.exe
  C:\Windows\System\nJZZsub.exe
  2⤵
  PID:10520
- C:\Windows\System\UEnuQdU.exe
  C:\Windows\System\UEnuQdU.exe
  2⤵
  PID:10540
- C:\Windows\System\XfidSXI.exe
  C:\Windows\System\XfidSXI.exe
  2⤵
  PID:10568
- C:\Windows\System\XIsfouQ.exe
  C:\Windows\System\XIsfouQ.exe
  2⤵
  PID:10596
- C:\Windows\System\anLEDYw.exe
  C:\Windows\System\anLEDYw.exe
  2⤵
  PID:10624
- C:\Windows\System\JIpHRQz.exe
  C:\Windows\System\JIpHRQz.exe
  2⤵
  PID:10652
- C:\Windows\System\EnfqWVw.exe
  C:\Windows\System\EnfqWVw.exe
  2⤵
  PID:10680
- C:\Windows\System\URrMXUm.exe
  C:\Windows\System\URrMXUm.exe
  2⤵
  PID:10708
- C:\Windows\System\XjsuztJ.exe
  C:\Windows\System\XjsuztJ.exe
  2⤵
  PID:10748
- C:\Windows\System\TcrOwxS.exe
  C:\Windows\System\TcrOwxS.exe
  2⤵
  PID:10768
- C:\Windows\System\BYElYsq.exe
  C:\Windows\System\BYElYsq.exe
  2⤵
  PID:10796
- C:\Windows\System\WVEtklZ.exe
  C:\Windows\System\WVEtklZ.exe
  2⤵
  PID:10832
- C:\Windows\System\lxZPyiT.exe
  C:\Windows\System\lxZPyiT.exe
  2⤵
  PID:10852
- C:\Windows\System\ptFgZPW.exe
  C:\Windows\System\ptFgZPW.exe
  2⤵
  PID:10880
- C:\Windows\System\tPOSBzC.exe
  C:\Windows\System\tPOSBzC.exe
  2⤵
  PID:10916
- C:\Windows\System\ixsQvzD.exe
  C:\Windows\System\ixsQvzD.exe
  2⤵
  PID:10936
- C:\Windows\System\YxPFgCO.exe
  C:\Windows\System\YxPFgCO.exe
  2⤵
  PID:10972
- C:\Windows\System\zFxFILG.exe
  C:\Windows\System\zFxFILG.exe
  2⤵
  PID:10992
- C:\Windows\System\CpyQsNc.exe
  C:\Windows\System\CpyQsNc.exe
  2⤵
  PID:11028
- C:\Windows\System\iZLCYuK.exe
  C:\Windows\System\iZLCYuK.exe
  2⤵
  PID:11048
- C:\Windows\System\pheiKof.exe
  C:\Windows\System\pheiKof.exe
  2⤵
  PID:11076
- C:\Windows\System\UtMbeBg.exe
  C:\Windows\System\UtMbeBg.exe
  2⤵
  PID:11108
- C:\Windows\System\JnVCClO.exe
  C:\Windows\System\JnVCClO.exe
  2⤵
  PID:11136
- C:\Windows\System\wNEztVP.exe
  C:\Windows\System\wNEztVP.exe
  2⤵
  PID:11164
- C:\Windows\System\SFpKVnk.exe
  C:\Windows\System\SFpKVnk.exe
  2⤵
  PID:11192
- C:\Windows\System\SqOrFVK.exe
  C:\Windows\System\SqOrFVK.exe
  2⤵
  PID:11220
- C:\Windows\System\pclytBF.exe
  C:\Windows\System\pclytBF.exe
  2⤵
  PID:11252
- C:\Windows\System\StGIcwG.exe
  C:\Windows\System\StGIcwG.exe
  2⤵
  PID:10288
- C:\Windows\System\ZigJaaT.exe
  C:\Windows\System\ZigJaaT.exe
  2⤵
  PID:10320
- C:\Windows\System\VRFxyia.exe
  C:\Windows\System\VRFxyia.exe
  2⤵
  PID:10336
- C:\Windows\System\wBCnsiy.exe
  C:\Windows\System\wBCnsiy.exe
  2⤵
  PID:1076
- C:\Windows\System\KcygeNf.exe
  C:\Windows\System\KcygeNf.exe
  2⤵
  PID:1612
- C:\Windows\System\mJVXnoD.exe
  C:\Windows\System\mJVXnoD.exe
  2⤵
  PID:10392
- C:\Windows\System\yGyqhrg.exe
  C:\Windows\System\yGyqhrg.exe
  2⤵
  PID:3680
- C:\Windows\System\SSdnxtQ.exe
  C:\Windows\System\SSdnxtQ.exe
  2⤵
  PID:10496
- C:\Windows\System\kvAyVcU.exe
  C:\Windows\System\kvAyVcU.exe
  2⤵
  PID:10560
- C:\Windows\System\xrcpglb.exe
  C:\Windows\System\xrcpglb.exe
  2⤵
  PID:10644
- C:\Windows\System\GKPqQMC.exe
  C:\Windows\System\GKPqQMC.exe
  2⤵
  PID:10676
- C:\Windows\System\kWJjEcD.exe
  C:\Windows\System\kWJjEcD.exe
  2⤵
  PID:10728
- C:\Windows\System\UHnaLVg.exe
  C:\Windows\System\UHnaLVg.exe
  2⤵
  PID:10792
- C:\Windows\System\FlWxCVK.exe
  C:\Windows\System\FlWxCVK.exe
  2⤵
  PID:10848
- C:\Windows\System\zyEPhir.exe
  C:\Windows\System\zyEPhir.exe
  2⤵
  PID:10932
- C:\Windows\System\ROIrNam.exe
  C:\Windows\System\ROIrNam.exe
  2⤵
  PID:10980
- C:\Windows\System\QsdjWOi.exe
  C:\Windows\System\QsdjWOi.exe
  2⤵
  PID:11040
- C:\Windows\System\QrmiIEi.exe
  C:\Windows\System\QrmiIEi.exe
  2⤵
  PID:11100
- C:\Windows\System\sEwmFir.exe
  C:\Windows\System\sEwmFir.exe
  2⤵
  PID:11176
- C:\Windows\System\VDNtMSv.exe
  C:\Windows\System\VDNtMSv.exe
  2⤵
  PID:11232
- C:\Windows\System\VVhlzrC.exe
  C:\Windows\System\VVhlzrC.exe
  2⤵
  PID:2560
- C:\Windows\System\ukmjrPo.exe
  C:\Windows\System\ukmjrPo.exe
  2⤵
  PID:9232
- C:\Windows\System\JbiwLlT.exe
  C:\Windows\System\JbiwLlT.exe
  2⤵
  PID:2452
- C:\Windows\System\sYeRGSe.exe
  C:\Windows\System\sYeRGSe.exe
  2⤵
  PID:10468
- C:\Windows\System\zXAlKNI.exe
  C:\Windows\System\zXAlKNI.exe
  2⤵
  PID:4908
- C:\Windows\System\XBrnnmy.exe
  C:\Windows\System\XBrnnmy.exe
  2⤵
  PID:10720
- C:\Windows\System\hEiAact.exe
  C:\Windows\System\hEiAact.exe
  2⤵
  PID:10844
- C:\Windows\System\wGeMDDS.exe
  C:\Windows\System\wGeMDDS.exe
  2⤵
  PID:10956
- C:\Windows\System\HDoJDFs.exe
  C:\Windows\System\HDoJDFs.exe
  2⤵
  PID:2588
- C:\Windows\System\aiIytZX.exe
  C:\Windows\System\aiIytZX.exe
  2⤵
  PID:11212
- C:\Windows\System\FxsMuuT.exe
  C:\Windows\System\FxsMuuT.exe
  2⤵
  PID:4996
- C:\Windows\System\aZXCLms.exe
  C:\Windows\System\aZXCLms.exe
  2⤵
  PID:10552
- C:\Windows\System\duwugSD.exe
  C:\Windows\System\duwugSD.exe
  2⤵
  PID:10840
- C:\Windows\System\nQUuACq.exe
  C:\Windows\System\nQUuACq.exe
  2⤵
  PID:11156
- C:\Windows\System\gSwoQvw.exe
  C:\Windows\System\gSwoQvw.exe
  2⤵
  PID:4348
- C:\Windows\System\itTbGwT.exe
  C:\Windows\System\itTbGwT.exe
  2⤵
  PID:1180
- C:\Windows\System\rNXOcSc.exe
  C:\Windows\System\rNXOcSc.exe
  2⤵
  PID:5060
- C:\Windows\System\McjfesX.exe
  C:\Windows\System\McjfesX.exe
  2⤵
  PID:10672
- C:\Windows\System\DlXOaOj.exe
  C:\Windows\System\DlXOaOj.exe
  2⤵
  PID:11276
- C:\Windows\System\CcUvokP.exe
  C:\Windows\System\CcUvokP.exe
  2⤵
  PID:11304
- C:\Windows\System\IykoawY.exe
  C:\Windows\System\IykoawY.exe
  2⤵
  PID:11340
- C:\Windows\System\NBDQGMS.exe
  C:\Windows\System\NBDQGMS.exe
  2⤵
  PID:11368
- C:\Windows\System\ACitRrq.exe
  C:\Windows\System\ACitRrq.exe
  2⤵
  PID:11396
- C:\Windows\System\czUsgvG.exe
  C:\Windows\System\czUsgvG.exe
  2⤵
  PID:11416
- C:\Windows\System\tPmOUvS.exe
  C:\Windows\System\tPmOUvS.exe
  2⤵
  PID:11444
- C:\Windows\System\LzwnRzh.exe
  C:\Windows\System\LzwnRzh.exe
  2⤵
  PID:11472
- C:\Windows\System\cjxBkcd.exe
  C:\Windows\System\cjxBkcd.exe
  2⤵
  PID:11500
- C:\Windows\System\kVmZTEM.exe
  C:\Windows\System\kVmZTEM.exe
  2⤵
  PID:11528
- C:\Windows\System\ZFgcfVC.exe
  C:\Windows\System\ZFgcfVC.exe
  2⤵
  PID:11568
- C:\Windows\System\TNUiInW.exe
  C:\Windows\System\TNUiInW.exe
  2⤵
  PID:11588
- C:\Windows\System\oFMSVel.exe
  C:\Windows\System\oFMSVel.exe
  2⤵
  PID:11628
- C:\Windows\System\EfTSLIv.exe
  C:\Windows\System\EfTSLIv.exe
  2⤵
  PID:11652
- C:\Windows\System\HiGySss.exe
  C:\Windows\System\HiGySss.exe
  2⤵
  PID:11676
- C:\Windows\System\kwJxaHy.exe
  C:\Windows\System\kwJxaHy.exe
  2⤵
  PID:11700
- C:\Windows\System\mpUVDxV.exe
  C:\Windows\System\mpUVDxV.exe
  2⤵
  PID:11728
- C:\Windows\System\hAjSrGL.exe
  C:\Windows\System\hAjSrGL.exe
  2⤵
  PID:11756
- C:\Windows\System\yOWNmWs.exe
  C:\Windows\System\yOWNmWs.exe
  2⤵
  PID:11784
- C:\Windows\System\sbbYbDC.exe
  C:\Windows\System\sbbYbDC.exe
  2⤵
  PID:11812
- C:\Windows\System\pqfaNpx.exe
  C:\Windows\System\pqfaNpx.exe
  2⤵
  PID:11840
- C:\Windows\System\hsZUsSc.exe
  C:\Windows\System\hsZUsSc.exe
  2⤵
  PID:11868
- C:\Windows\System\pliJRdX.exe
  C:\Windows\System\pliJRdX.exe
  2⤵
  PID:11896
- C:\Windows\System\vKZnQpk.exe
  C:\Windows\System\vKZnQpk.exe
  2⤵
  PID:11924
- C:\Windows\System\jJcsrmi.exe
  C:\Windows\System\jJcsrmi.exe
  2⤵
  PID:11952
- C:\Windows\System\rfJsTdU.exe
  C:\Windows\System\rfJsTdU.exe
  2⤵
  PID:11980
- C:\Windows\System\OUTDiII.exe
  C:\Windows\System\OUTDiII.exe
  2⤵
  PID:12008
- C:\Windows\System\hDRDPyt.exe
  C:\Windows\System\hDRDPyt.exe
  2⤵
  PID:12036
- C:\Windows\System\zMWlKnz.exe
  C:\Windows\System\zMWlKnz.exe
  2⤵
  PID:12064
- C:\Windows\System\SnyIdca.exe
  C:\Windows\System\SnyIdca.exe
  2⤵
  PID:12092
- C:\Windows\System\ZiuuQae.exe
  C:\Windows\System\ZiuuQae.exe
  2⤵
  PID:12120
- C:\Windows\System\gOroEax.exe
  C:\Windows\System\gOroEax.exe
  2⤵
  PID:12148
- C:\Windows\System\HOjqPpN.exe
  C:\Windows\System\HOjqPpN.exe
  2⤵
  PID:12192
- C:\Windows\System\Dxmclhz.exe
  C:\Windows\System\Dxmclhz.exe
  2⤵
  PID:12208
- C:\Windows\System\cxnlwXP.exe
  C:\Windows\System\cxnlwXP.exe
  2⤵
  PID:12236
- C:\Windows\System\MGHjEMF.exe
  C:\Windows\System\MGHjEMF.exe
  2⤵
  PID:12280
- C:\Windows\System\zHWfnXW.exe
  C:\Windows\System\zHWfnXW.exe
  2⤵
  PID:11288
- C:\Windows\System\hBepluS.exe
  C:\Windows\System\hBepluS.exe
  2⤵
  PID:11216
- C:\Windows\System\fLSmpWk.exe
  C:\Windows\System\fLSmpWk.exe
  2⤵
  PID:11404
- C:\Windows\System\tlYYwMV.exe
  C:\Windows\System\tlYYwMV.exe
  2⤵
  PID:11468
- C:\Windows\System\ZKFIkjj.exe
  C:\Windows\System\ZKFIkjj.exe
  2⤵
  PID:11512
- C:\Windows\System\XzXjgfJ.exe
  C:\Windows\System\XzXjgfJ.exe
  2⤵
  PID:11600
- C:\Windows\System\IHNqkGJ.exe
  C:\Windows\System\IHNqkGJ.exe
  2⤵
  PID:11640
- C:\Windows\System\kGjQnVI.exe
  C:\Windows\System\kGjQnVI.exe
  2⤵
  PID:11696
- C:\Windows\System\aMGlanJ.exe
  C:\Windows\System\aMGlanJ.exe
  2⤵
  PID:11748
- C:\Windows\System\sKtSuEE.exe
  C:\Windows\System\sKtSuEE.exe
  2⤵
  PID:11808
- C:\Windows\System\URlTqVZ.exe
  C:\Windows\System\URlTqVZ.exe
  2⤵
  PID:11864
- C:\Windows\System\QdUukvN.exe
  C:\Windows\System\QdUukvN.exe
  2⤵
  PID:11936
- C:\Windows\System\TujtBAI.exe
  C:\Windows\System\TujtBAI.exe
  2⤵
  PID:12000
- C:\Windows\System\oteuimx.exe
  C:\Windows\System\oteuimx.exe
  2⤵
  PID:12060
- C:\Windows\System\CsNVMTG.exe
  C:\Windows\System\CsNVMTG.exe
  2⤵
  PID:12144
- C:\Windows\System\DdrzpLN.exe
  C:\Windows\System\DdrzpLN.exe
  2⤵
  PID:12172
- C:\Windows\System\QLKlfUD.exe
  C:\Windows\System\QLKlfUD.exe
  2⤵
  PID:12260
- C:\Windows\System\CeSlIId.exe
  C:\Windows\System\CeSlIId.exe
  2⤵
  PID:11348
- C:\Windows\System\FwSgRPI.exe
  C:\Windows\System\FwSgRPI.exe
  2⤵
  PID:4424
- C:\Windows\System\bkjkCNr.exe
  C:\Windows\System\bkjkCNr.exe
  2⤵
  PID:11608
- C:\Windows\System\cdxrTpr.exe
  C:\Windows\System\cdxrTpr.exe
  2⤵
  PID:464
- C:\Windows\System\HLLtpyO.exe
  C:\Windows\System\HLLtpyO.exe
  2⤵
  PID:11892
- C:\Windows\System\Hjqwtbf.exe
  C:\Windows\System\Hjqwtbf.exe
  2⤵
  PID:12028
- C:\Windows\System\iMizuae.exe
  C:\Windows\System\iMizuae.exe
  2⤵
  PID:12112
- C:\Windows\System\BNcMkGh.exe
  C:\Windows\System\BNcMkGh.exe
  2⤵
  PID:11316
- C:\Windows\System\XIhCjUy.exe
  C:\Windows\System\XIhCjUy.exe
  2⤵
  PID:4020
- C:\Windows\System\NDIryTC.exe
  C:\Windows\System\NDIryTC.exe
  2⤵
  PID:12276
- C:\Windows\System\scyLqGq.exe
  C:\Windows\System\scyLqGq.exe
  2⤵
  PID:12248
- C:\Windows\System\jIOBgEL.exe
  C:\Windows\System\jIOBgEL.exe
  2⤵
  PID:11860
- C:\Windows\System\sVpiCqQ.exe
  C:\Windows\System\sVpiCqQ.exe
  2⤵
  PID:12292
- C:\Windows\System\MhOkStK.exe
  C:\Windows\System\MhOkStK.exe
  2⤵
  PID:12320
- C:\Windows\System\EuKooJR.exe
  C:\Windows\System\EuKooJR.exe
  2⤵
  PID:12348
- C:\Windows\System\nOhRLOr.exe
  C:\Windows\System\nOhRLOr.exe
  2⤵
  PID:12376
- C:\Windows\System\olNdARX.exe
  C:\Windows\System\olNdARX.exe
  2⤵
  PID:12404
- C:\Windows\System\BNIUrvb.exe
  C:\Windows\System\BNIUrvb.exe
  2⤵
  PID:12432
- C:\Windows\System\bYkPZsQ.exe
  C:\Windows\System\bYkPZsQ.exe
  2⤵
  PID:12460
- C:\Windows\System\iZlYAHU.exe
  C:\Windows\System\iZlYAHU.exe
  2⤵
  PID:12488
- C:\Windows\System\VCyZxqm.exe
  C:\Windows\System\VCyZxqm.exe
  2⤵
  PID:12516
- C:\Windows\System\jzYltoi.exe
  C:\Windows\System\jzYltoi.exe
  2⤵
  PID:12552
- C:\Windows\System\isKhLqv.exe
  C:\Windows\System\isKhLqv.exe
  2⤵
  PID:12572
- C:\Windows\System\WtoSapC.exe
  C:\Windows\System\WtoSapC.exe
  2⤵
  PID:12604
- C:\Windows\System\vXhBubH.exe
  C:\Windows\System\vXhBubH.exe
  2⤵
  PID:12628
- C:\Windows\System\diuINDi.exe
  C:\Windows\System\diuINDi.exe
  2⤵
  PID:12656
- C:\Windows\System\BYbrfrA.exe
  C:\Windows\System\BYbrfrA.exe
  2⤵
  PID:12688
- C:\Windows\System\aXLauct.exe
  C:\Windows\System\aXLauct.exe
  2⤵
  PID:12712
- C:\Windows\System\ljmtBgu.exe
  C:\Windows\System\ljmtBgu.exe
  2⤵
  PID:12740
- C:\Windows\System\dQhuosp.exe
  C:\Windows\System\dQhuosp.exe
  2⤵
  PID:12768
- C:\Windows\System\xkmSfqS.exe
  C:\Windows\System\xkmSfqS.exe
  2⤵
  PID:12796
- C:\Windows\System\SkWulFs.exe
  C:\Windows\System\SkWulFs.exe
  2⤵
  PID:12824
- C:\Windows\System\litzcjF.exe
  C:\Windows\System\litzcjF.exe
  2⤵
  PID:12852
- C:\Windows\System\QgTfpFT.exe
  C:\Windows\System\QgTfpFT.exe
  2⤵
  PID:12880
- C:\Windows\System\IshSRaH.exe
  C:\Windows\System\IshSRaH.exe
  2⤵
  PID:12908
- C:\Windows\System\HOZWdbf.exe
  C:\Windows\System\HOZWdbf.exe
  2⤵
  PID:12936
- C:\Windows\System\jAOEYFZ.exe
  C:\Windows\System\jAOEYFZ.exe
  2⤵
  PID:12972
- C:\Windows\System\mEppKku.exe
  C:\Windows\System\mEppKku.exe
  2⤵
  PID:12992
- C:\Windows\System\DuJEkDf.exe
  C:\Windows\System\DuJEkDf.exe
  2⤵
  PID:13020
- C:\Windows\System\ELYirUD.exe
  C:\Windows\System\ELYirUD.exe
  2⤵
  PID:13048
- C:\Windows\System\PDiVYBU.exe
  C:\Windows\System\PDiVYBU.exe
  2⤵
  PID:13076
- C:\Windows\System\SjcnmPK.exe
  C:\Windows\System\SjcnmPK.exe
  2⤵
  PID:13108
- C:\Windows\System\eQTbLTp.exe
  C:\Windows\System\eQTbLTp.exe
  2⤵
  PID:13144
- C:\Windows\System\uJXBkrX.exe
  C:\Windows\System\uJXBkrX.exe
  2⤵
  PID:13172
- C:\Windows\System\JkaNpFM.exe
  C:\Windows\System\JkaNpFM.exe
  2⤵
  PID:13200
- C:\Windows\System\ooDZQaR.exe
  C:\Windows\System\ooDZQaR.exe
  2⤵
  PID:13228
- C:\Windows\System\VJBlRrk.exe
  C:\Windows\System\VJBlRrk.exe
  2⤵
  PID:13256
- C:\Windows\System\HKMKwFh.exe
  C:\Windows\System\HKMKwFh.exe
  2⤵
  PID:13284
- C:\Windows\System\jeYZAwV.exe
  C:\Windows\System\jeYZAwV.exe
  2⤵
  PID:11852
- C:\Windows\System\HtDizBl.exe
  C:\Windows\System\HtDizBl.exe
  2⤵
  PID:12344
- C:\Windows\System\NKvplTu.exe
  C:\Windows\System\NKvplTu.exe
  2⤵
  PID:12428
- C:\Windows\System\naVeGtC.exe
  C:\Windows\System\naVeGtC.exe
  2⤵
  PID:12500
- C:\Windows\System\zXknmpO.exe
  C:\Windows\System\zXknmpO.exe
  2⤵
  PID:12564
- C:\Windows\System\EfeWxJu.exe
  C:\Windows\System\EfeWxJu.exe
  2⤵
  PID:12624
- C:\Windows\System\qhCnhUq.exe
  C:\Windows\System\qhCnhUq.exe
  2⤵
  PID:12696
- C:\Windows\System\QJQCVoR.exe
  C:\Windows\System\QJQCVoR.exe
  2⤵
  PID:12780
- C:\Windows\System\OXpaydf.exe
  C:\Windows\System\OXpaydf.exe
  2⤵
  PID:12820
- C:\Windows\System\VBuGldZ.exe
  C:\Windows\System\VBuGldZ.exe
  2⤵
  PID:12892
- C:\Windows\System\eoiffLJ.exe
  C:\Windows\System\eoiffLJ.exe
  2⤵
  PID:12948
- C:\Windows\System\eQDiEfG.exe
  C:\Windows\System\eQDiEfG.exe
  2⤵
  PID:13016
- C:\Windows\System\ZlEzOiF.exe
  C:\Windows\System\ZlEzOiF.exe
  2⤵
  PID:13088
- C:\Windows\System\VXjXLLu.exe
  C:\Windows\System\VXjXLLu.exe
  2⤵
  PID:4312
- C:\Windows\System\drOvUld.exe
  C:\Windows\System\drOvUld.exe
  2⤵
  PID:13164
- C:\Windows\System\uwyBazM.exe
  C:\Windows\System\uwyBazM.exe
  2⤵
  PID:13224
- C:\Windows\System\rmaPXgH.exe
  C:\Windows\System\rmaPXgH.exe
  2⤵
  PID:13296
- C:\Windows\System\ZRWMfig.exe
  C:\Windows\System\ZRWMfig.exe
  2⤵
  PID:12416
- C:\Windows\System\jyJZgMN.exe
  C:\Windows\System\jyJZgMN.exe
  2⤵
  PID:12560
- C:\Windows\System\YIdraVQ.exe
  C:\Windows\System\YIdraVQ.exe
  2⤵
  PID:12680
- C:\Windows\System\dFyIWTE.exe
  C:\Windows\System\dFyIWTE.exe
  2⤵
  PID:12848
- C:\Windows\System\RCoxIqy.exe
  C:\Windows\System\RCoxIqy.exe
  2⤵
  PID:13004
- C:\Windows\System\TXXJqsT.exe
  C:\Windows\System\TXXJqsT.exe
  2⤵
  PID:4256
- C:\Windows\System\yCwPWgw.exe
  C:\Windows\System\yCwPWgw.exe
  2⤵
  PID:13156
- C:\Windows\System\pkcDeHM.exe
  C:\Windows\System\pkcDeHM.exe
  2⤵
  PID:13276
- C:\Windows\System\tgAEwaY.exe
  C:\Windows\System\tgAEwaY.exe
  2⤵
  PID:13096
- C:\Windows\System\claonav.exe
  C:\Windows\System\claonav.exe
  2⤵
  PID:444
- C:\Windows\System\cLrKNnf.exe
  C:\Windows\System\cLrKNnf.exe
  2⤵
  PID:12904
- C:\Windows\System\qBUJIlJ.exe
  C:\Windows\System\qBUJIlJ.exe
  2⤵
  PID:4272
- C:\Windows\System\QQIZjdD.exe
  C:\Windows\System\QQIZjdD.exe
  2⤵
  PID:13252
- C:\Windows\System\aLYcSns.exe
  C:\Windows\System\aLYcSns.exe
  2⤵
  PID:432
- C:\Windows\System\tbknOUY.exe
  C:\Windows\System\tbknOUY.exe
  2⤵
  PID:12816
- C:\Windows\System\HgvUdCf.exe
  C:\Windows\System\HgvUdCf.exe
  2⤵
  PID:960
- C:\Windows\System\qpJKfow.exe
  C:\Windows\System\qpJKfow.exe
  2⤵
  PID:12676
- C:\Windows\System\rJpZuxx.exe
  C:\Windows\System\rJpZuxx.exe
  2⤵
  PID:2816
- C:\Windows\System\plQoIjo.exe
  C:\Windows\System\plQoIjo.exe
  2⤵
  PID:1896
- C:\Windows\System\sehlbBN.exe
  C:\Windows\System\sehlbBN.exe
  2⤵
  PID:3864
- C:\Windows\System\wGyBsTl.exe
  C:\Windows\System\wGyBsTl.exe
  2⤵
  PID:12988
- C:\Windows\System\TxCYkxL.exe
  C:\Windows\System\TxCYkxL.exe
  2⤵
  PID:13336
- C:\Windows\System\kfQYRLu.exe
  C:\Windows\System\kfQYRLu.exe
  2⤵
  PID:13356
- C:\Windows\System\lEIpSue.exe
  C:\Windows\System\lEIpSue.exe
  2⤵
  PID:13392
- C:\Windows\System\RedbwPU.exe
  C:\Windows\System\RedbwPU.exe
  2⤵
  PID:13420
- C:\Windows\System\opunMiB.exe
  C:\Windows\System\opunMiB.exe
  2⤵
  PID:13456
- C:\Windows\System\QVLXYBd.exe
  C:\Windows\System\QVLXYBd.exe
  2⤵
  PID:13496
- C:\Windows\System\MkYMeYO.exe
  C:\Windows\System\MkYMeYO.exe
  2⤵
  PID:13516
- C:\Windows\System\QbKdJqx.exe
  C:\Windows\System\QbKdJqx.exe
  2⤵
  PID:13548
- C:\Windows\System\IMAsDHP.exe
  C:\Windows\System\IMAsDHP.exe
  2⤵
  PID:13580
- C:\Windows\System\eXPJazy.exe
  C:\Windows\System\eXPJazy.exe
  2⤵
  PID:13624
- C:\Windows\System\UOmVuPg.exe
  C:\Windows\System\UOmVuPg.exe
  2⤵
  PID:13644
- C:\Windows\System\sumVwHP.exe
  C:\Windows\System\sumVwHP.exe
  2⤵
  PID:13672
- C:\Windows\System\Mzywgmp.exe
  C:\Windows\System\Mzywgmp.exe
  2⤵
  PID:13700
- C:\Windows\System\gDwHzeg.exe
  C:\Windows\System\gDwHzeg.exe
  2⤵
  PID:13728
- C:\Windows\System\YhLzhrF.exe
  C:\Windows\System\YhLzhrF.exe
  2⤵
  PID:13760
- C:\Windows\System\JNPJEAK.exe
  C:\Windows\System\JNPJEAK.exe
  2⤵
  PID:13788
- C:\Windows\System\KlvqVya.exe
  C:\Windows\System\KlvqVya.exe
  2⤵
  PID:13816
- C:\Windows\System\xcrKtgt.exe
  C:\Windows\System\xcrKtgt.exe
  2⤵
  PID:13848
- C:\Windows\System\RLbLcqu.exe
  C:\Windows\System\RLbLcqu.exe
  2⤵
  PID:13880
- C:\Windows\System\JUoILKr.exe
  C:\Windows\System\JUoILKr.exe
  2⤵
  PID:13908
- C:\Windows\System\kMrDnrM.exe
  C:\Windows\System\kMrDnrM.exe
  2⤵
  PID:13940
- C:\Windows\System\qXNyCPW.exe
  C:\Windows\System\qXNyCPW.exe
  2⤵
  PID:13984
- C:\Windows\System\hpJCALF.exe
  C:\Windows\System\hpJCALF.exe
  2⤵
  PID:14008
- C:\Windows\System\EhAIqEd.exe
  C:\Windows\System\EhAIqEd.exe
  2⤵
  PID:14048
- C:\Windows\System\nLOYFsg.exe
  C:\Windows\System\nLOYFsg.exe
  2⤵
  PID:14076
- C:\Windows\System\bxwzSaj.exe
  C:\Windows\System\bxwzSaj.exe
  2⤵
  PID:14104
- C:\Windows\System\YbaLvkp.exe
  C:\Windows\System\YbaLvkp.exe
  2⤵
  PID:14132
- C:\Windows\System\NrSSgdT.exe
  C:\Windows\System\NrSSgdT.exe
  2⤵
  PID:14172
- C:\Windows\System\ZtGfXhz.exe
  C:\Windows\System\ZtGfXhz.exe
  2⤵
  PID:14192
- C:\Windows\System\kAXHvIn.exe
  C:\Windows\System\kAXHvIn.exe
  2⤵
  PID:14220
- C:\Windows\System\RDgfcIv.exe
  C:\Windows\System\RDgfcIv.exe
  2⤵
  PID:14256
- C:\Windows\System\zsUVXmi.exe
  C:\Windows\System\zsUVXmi.exe
  2⤵
  PID:14276
- C:\Windows\System\auQeGUp.exe
  C:\Windows\System\auQeGUp.exe
  2⤵
  PID:14304
- C:\Windows\System\WXSZpvp.exe
  C:\Windows\System\WXSZpvp.exe
  2⤵
  PID:14332
- C:\Windows\System\AdSzTRR.exe
  C:\Windows\System\AdSzTRR.exe
  2⤵
  PID:3672
- C:\Windows\System\QYXwjdi.exe
  C:\Windows\System\QYXwjdi.exe
  2⤵
  PID:13324
- C:\Windows\System\MUpfPST.exe
  C:\Windows\System\MUpfPST.exe
  2⤵
  PID:2968
- C:\Windows\System\jFBvygF.exe
  C:\Windows\System\jFBvygF.exe
  2⤵
  PID:4588
- C:\Windows\System\solYWcV.exe
  C:\Windows\System\solYWcV.exe
  2⤵
  PID:13412
- C:\Windows\System\ImRPRrN.exe
  C:\Windows\System\ImRPRrN.exe
  2⤵
  PID:13452
- C:\Windows\System\VtszVYq.exe
  C:\Windows\System\VtszVYq.exe
  2⤵
  PID:13504
- C:\Windows\System\UlayyNv.exe
  C:\Windows\System\UlayyNv.exe
  2⤵
  PID:13544
- C:\Windows\System\gYMEETk.exe
  C:\Windows\System\gYMEETk.exe
  2⤵
  PID:5036
- C:\Windows\System\uMYhYrx.exe
  C:\Windows\System\uMYhYrx.exe
  2⤵
  PID:13632
- C:\Windows\System\UCJbLZK.exe
  C:\Windows\System\UCJbLZK.exe
  2⤵
  PID:13684
- C:\Windows\System\ensOSiS.exe
  C:\Windows\System\ensOSiS.exe
  2⤵
  PID:13724
- C:\Windows\System\FVEzLKc.exe
  C:\Windows\System\FVEzLKc.exe
  2⤵
  PID:9876
- C:\Windows\System\CpfsQdz.exe
  C:\Windows\System\CpfsQdz.exe
  2⤵
  PID:13780
- C:\Windows\System\NhqLTns.exe
  C:\Windows\System\NhqLTns.exe
  2⤵
  PID:13828
- C:\Windows\System\LHpbZeG.exe
  C:\Windows\System\LHpbZeG.exe
  2⤵
  PID:13872
- C:\Windows\System\GhLPnRF.exe
  C:\Windows\System\GhLPnRF.exe
  2⤵
  PID:2436
- C:\Windows\System\KrqSZZX.exe
  C:\Windows\System\KrqSZZX.exe
  2⤵
  PID:3200
- C:\Windows\System\jDSQOxH.exe
  C:\Windows\System\jDSQOxH.exe
  2⤵
  PID:1844
- C:\Windows\System\PhTmazk.exe
  C:\Windows\System\PhTmazk.exe
  2⤵
  PID:3872
- C:\Windows\System\rQaUaSK.exe
  C:\Windows\System\rQaUaSK.exe
  2⤵
  PID:3512
- C:\Windows\System\IlaJJNz.exe
  C:\Windows\System\IlaJJNz.exe
  2⤵
  PID:2808
- C:\Windows\System\ZWcosXk.exe
  C:\Windows\System\ZWcosXk.exe
  2⤵
  PID:728
- C:\Windows\System\zRIbnZn.exe
  C:\Windows\System\zRIbnZn.exe
  2⤵
  PID:4180
- C:\Windows\System\OABecqF.exe
  C:\Windows\System\OABecqF.exe
  2⤵
  PID:14212
- C:\Windows\System\JAIoyne.exe
  C:\Windows\System\JAIoyne.exe
  2⤵
  PID:3888
- C:\Windows\System\mAbBhpc.exe
  C:\Windows\System\mAbBhpc.exe
  2⤵
  PID:14272
- C:\Windows\System\mSpzXtt.exe
  C:\Windows\System\mSpzXtt.exe
  2⤵
  PID:712
- C:\Windows\System\NdaVxcQ.exe
  C:\Windows\System\NdaVxcQ.exe
  2⤵
  PID:1968
- C:\Windows\System\SSoSVoa.exe
  C:\Windows\System\SSoSVoa.exe
  2⤵
  PID:13404
- C:\Windows\System\yjeHiZZ.exe
  C:\Windows\System\yjeHiZZ.exe
  2⤵
  PID:13484
- C:\Windows\System\qiyMqkB.exe
  C:\Windows\System\qiyMqkB.exe
  2⤵
  PID:4496
- C:\Windows\System\DargBEL.exe
  C:\Windows\System\DargBEL.exe
  2⤵
  PID:13692
- C:\Windows\System\vVTlmvv.exe
  C:\Windows\System\vVTlmvv.exe
  2⤵
  PID:3412
- C:\Windows\System\IkdmYFp.exe
  C:\Windows\System\IkdmYFp.exe
  2⤵
  PID:5156
- C:\Windows\System\AxDwiOG.exe
  C:\Windows\System\AxDwiOG.exe
  2⤵
  PID:2780
- C:\Windows\System\EFFvcQr.exe
  C:\Windows\System\EFFvcQr.exe
  2⤵
  PID:13900
- C:\Windows\System\CUKuTTf.exe
  C:\Windows\System\CUKuTTf.exe
  2⤵
  PID:5308
- C:\Windows\System\wTVuXFo.exe
  C:\Windows\System\wTVuXFo.exe
  2⤵
  PID:5344
- C:\Windows\System\VvklyNP.exe
  C:\Windows\System\VvklyNP.exe
  2⤵
  PID:5412
- C:\Windows\System\DeEAhhi.exe
  C:\Windows\System\DeEAhhi.exe
  2⤵
  PID:14116
- C:\Windows\System\eHIbbWZ.exe
  C:\Windows\System\eHIbbWZ.exe
  2⤵
  PID:5520
- C:\Windows\System\NHMzZhN.exe
  C:\Windows\System\NHMzZhN.exe
  2⤵
  PID:5548
- C:\Windows\System\CfiYwiq.exe
  C:\Windows\System\CfiYwiq.exe
  2⤵
  PID:492
- C:\Windows\System\LxuKOuT.exe
  C:\Windows\System\LxuKOuT.exe
  2⤵
  PID:14328
- C:\Windows\System\cXunvGV.exe
  C:\Windows\System\cXunvGV.exe
  2⤵
  PID:5688
- C:\Windows\System\TLwchNZ.exe
  C:\Windows\System\TLwchNZ.exe
  2⤵
  PID:5776
- C:\Windows\System\FSWPaKn.exe
  C:\Windows\System\FSWPaKn.exe
  2⤵
  PID:13600
- C:\Windows\System\OpIblpK.exe
  C:\Windows\System\OpIblpK.exe
  2⤵
  PID:5832
- C:\Windows\System\NTYyknQ.exe
  C:\Windows\System\NTYyknQ.exe
  2⤵
  PID:5888
- C:\Windows\System\RlHSZyl.exe
  C:\Windows\System\RlHSZyl.exe
  2⤵
  PID:5232
- C:\Windows\System\MBCizwB.exe
  C:\Windows\System\MBCizwB.exe
  2⤵
  PID:4652
- C:\Windows\System\SxSXgiP.exe
  C:\Windows\System\SxSXgiP.exe
  2⤵
  PID:14000
- C:\Windows\System\fuIkdgg.exe
  C:\Windows\System\fuIkdgg.exe
  2⤵
  PID:3360
- C:\Windows\System\zIhiQmo.exe
  C:\Windows\System\zIhiQmo.exe
  2⤵
  PID:6088
- C:\Windows\System\LNYixrj.exe
  C:\Windows\System\LNYixrj.exe
  2⤵
  PID:6140
- C:\Windows\System\wyUMhkB.exe
  C:\Windows\System\wyUMhkB.exe
  2⤵
  PID:5632
- C:\Windows\System\kEBKReq.exe
  C:\Windows\System\kEBKReq.exe
  2⤵
  PID:5256
- C:\Windows\System\bsuYvra.exe
  C:\Windows\System\bsuYvra.exe
  2⤵
  PID:13540
- C:\Windows\System\OmXAUEA.exe
  C:\Windows\System\OmXAUEA.exe
  2⤵
  PID:3628
- C:\Windows\System\kpTXhxM.exe
  C:\Windows\System\kpTXhxM.exe
  2⤵
  PID:5924
- C:\Windows\System\mmSVWfU.exe
  C:\Windows\System\mmSVWfU.exe
  2⤵
  PID:4812
- C:\Windows\System\jjMZXxF.exe
  C:\Windows\System\jjMZXxF.exe
  2⤵
  PID:5092
- C:\Windows\System\DiqzuSX.exe
  C:\Windows\System\DiqzuSX.exe
  2⤵
  PID:5772
- C:\Windows\System\ecTryJp.exe
  C:\Windows\System\ecTryJp.exe
  2⤵
  PID:4968
- C:\Windows\System\ZrSupCn.exe
  C:\Windows\System\ZrSupCn.exe
  2⤵
  PID:948
- C:\Windows\System\VFxwmTg.exe
  C:\Windows\System\VFxwmTg.exe
  2⤵
  PID:1260
- C:\Windows\System\ZlmAous.exe
  C:\Windows\System\ZlmAous.exe
  2⤵
  PID:5316
- C:\Windows\System\djtlxcC.exe
  C:\Windows\System\djtlxcC.exe
  2⤵
  PID:6112

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MUUxNzIxQUEtREYwRC00MzdCLTk1NUMtMTM0QTM1RUFGRUQ0fSIgdXNlcmlkPSJ7QkRCRDlCQkEtNTlFNy00RUU1LTlGNEYtRkE2MjUxMjQ0QzU1fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NkUyREVFMzQtQjdBNC00MjU2LUIwNTUtN0YxNjU4MTA1ODQ1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI1IiBpbnN0YWxsZGF0ZXRpbWU9IjE3MzkyODIxNjkiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4Mzc1MzE4NTEwMTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0ODIzMjczNjgxIi8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:4888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BTRQDoA.exe

Filesize
6.0MB

MD5
57fa6ebdcd0deb0babf44626e86ba2cf

SHA1
9fb108579ab5ec901d31a907779f53fd2f26be55

SHA256
89571b2edaa883c61b99b86cec80f1222e481576ad979dbfa71ddfd51f5f1e8e

SHA512
738c96adca2ad7417202670865ea25a574be973513ff359c1ca51c426eef10d3edd15052387f04498e3e2b70fbaa6dd47e9ac626bbec80d7827f9aa098b433e4

Download Submit
C:\Windows\System\BVXejAK.exe

Filesize
6.0MB

MD5
5715ef2ce6a504fd603a2c933ba709b5

SHA1
fea00d3b651a4c78f8682b9d0715efda827b8c8c

SHA256
95262107445b9a7a09d74bdeb0440f0e74a7cfc528c510600dbfb596186b4495

SHA512
845b6712197f47952adaf63da27c567a3b2c896397797d2125bdd4173e8403b3b5e95b3abb3bf18a43c9d28cea15159477a1e7c7b6ea696b6e3a0f2763dc5c71

Download Submit
C:\Windows\System\CtHMfjh.exe

Filesize
6.0MB

MD5
f0d193f3bb011d7be47f6442aafa42e5

SHA1
a40e34639b8ddfea3cfecda31ea0cb5af2429461

SHA256
1d27f7ed35ab570d4a4b3de348a01cac0504f39b5eb2326777acc737e7452876

SHA512
055eb47392e29d0a40277ea9b66ebf3d4e9e5ba6078993ed3cf7df118915bed8de68c0f0bfe1f6d1e0e8c09d2d7a127917f5e9ae6ef58048a98252dd1cda4e8c

Download Submit
C:\Windows\System\JHCuyVI.exe

Filesize
6.0MB

MD5
aeb4e9719245ca6ed711cda63c17efa3

SHA1
a3dfcfae04b023842b23cf10641f257bc97a7ef9

SHA256
60c49b49bab0924bd45d5d5ee809d72542afe8dfc8cc80ff81144bbc4d6f27f5

SHA512
6ba0af0e10634c6e68011e5c9e04b29e649ba966d22c20e29082d9452e0fac886e36acc41ec8d4b2b53e12ac65a0fa83908982ea22b318a89ae032a61b406ff0

Download Submit
C:\Windows\System\LbdnbJH.exe

Filesize
6.0MB

MD5
a726b3862e6566de4a22208a23e32e9c

SHA1
f3752c73697779a25315b45f4816e64670384a77

SHA256
09f4ed2d406b1a6a97c38b38ea8281628b5be2aff89eb74ba7e1d2b042167354

SHA512
f73d4b6c68595c0dd6c73e1b7a75c0434379a28fdd460cc7f87ba618960e88968bf6dedfa66e9d69e7ffb943800f65ba445eee120a5d1c37dafc96370b2e9637

Download Submit
C:\Windows\System\PmPxbIv.exe

Filesize
6.0MB

MD5
7152018e4bcdf98f872147c44b48b788

SHA1
a2aead2cfb9b1b0bf8098141c6457a6622a7a5ef

SHA256
9d93342f44a8d88f504a776e0e748fcdec74245337816233752d852ed534c04a

SHA512
42fb8c6650a6d4d48ea36f003eedf17a7abc0711147a4698ed185103909ea04cb23956d36c912bbc703c7b69c33ace72ed8d46f1f7e659da08cd9e03f0d53457

Download Submit
C:\Windows\System\QLDmKoD.exe

Filesize
6.0MB

MD5
1b68b9622c94bc90703d6c8fa81f9269

SHA1
fe6557863274aaaa232506022b749970af3fe4b6

SHA256
89e4b30f1debeb1d0c7ae13334f842fd0db33482c425c710465a25b5d7e5c8dc

SHA512
afe7276b445f0221d693781ad14df9aef02c09b733c38c698b4ae7d8ea13876560272db573861c52d259ac229aa27ca0936e3557a1d5dee78e114e48a7a68227

Download Submit
C:\Windows\System\TGHkflV.exe

Filesize
6.0MB

MD5
901fca4be466b17f5895d66e1ed96146

SHA1
e6cfadfc8627d36e8227511bd3476f38a4f204ee

SHA256
2759c6e641dfe11750d98e043a69b3edbf0ba9106e7124af8eada02b13b1e1ec

SHA512
9b55608214d21abd10def20ed12fa0d7302ccda341f8c8ab21396e9276e7846d94465e273461e609b27e66d143df2b7f9b2de6fb44b5ebae5fed1d2d255fe063

Download Submit
C:\Windows\System\UGsgvAi.exe

Filesize
6.0MB

MD5
6803ee4c71f1b7298dd5704daae7d47e

SHA1
1bcbcc5196c007dd8ba898a02b623448c113303a

SHA256
7c1752be4b38f1829078bd2c77ea866ecefad2ae6904f1b929a08bc47a8bed81

SHA512
992ef28daa6d2cdecb28c7f11d2f42530c9f7a620a04f80bfbc34ba40d22b47556eb6a7ee33f221c343185a4e2a5c61230ea292c14be62a02dd03b9f7fdde16c

Download Submit
C:\Windows\System\WVcLXHq.exe

Filesize
6.0MB

MD5
d4e56a4583e2e0bf46134c3fef8b82b2

SHA1
030c539707c06e08506f49fb27c2e39c3c729b21

SHA256
cd3608d882b31aa9ff60b57b97ce198866e2105b164f00e1270a2f3bfcc60d76

SHA512
7154fd94a5be1f7f2eedcb8b2b85a448d1331a829d190cf31bfc518de44dce120d89ade6499f379fc88b984b53a8ea8b4e8b24c7f3cc0967dc909f2877fc4655

Download Submit
C:\Windows\System\YwEdJPd.exe

Filesize
6.0MB

MD5
17e8631dc15a750d2a07aae35e36d6d1

SHA1
94d3d5bd7b66756f1ae7269aecead9cfd38ccfd9

SHA256
fbb40288ace7954412aabd04862afee36225c3a588d72b0783871a35ee5267ea

SHA512
5eb4cbda2d59e4369c21ac02c6c7f4790a9519567e294541fb1b31413c89ed2110e0a675a298ae7911ddece114adef5be90ba6ef57a90ea7e5651d07c48c0ab5

Download Submit
C:\Windows\System\ZqnyLTW.exe

Filesize
6.0MB

MD5
878612f6338220a49cc04fd2b096809b

SHA1
04cc4f0a5c133f3985e7a015c67374c455d4300d

SHA256
fd80d4c29abad8eb036542cc3acd1ea91a362ec5243e36d083c9300726135bb1

SHA512
c4a51c9e54cd834ed019cbc3707262e86b682591f0eaa35d402a4bcbc6fb1e18140ab3f22704a2f820ca45ec31114faa06550c49155a5027dd1037773abdfc6c

Download Submit
C:\Windows\System\cTnXxEy.exe

Filesize
6.0MB

MD5
e1d5d94dacc90df794284aea72a28746

SHA1
253f4ea1a22e238739215cd7b4d9b04311397c05

SHA256
ac84c050efe3ae5a9637b4a695c729fe60a4c3e7efcef02be50853905d33aea1

SHA512
1a15732dc01368e8a3a9c9da9b97ea6cc14434a6c95aa34a3467790415eea5e819710a3defb1a559efaa2b102c1edc6d622fb90f5fee3b60b54a4f14a2ffb994

Download Submit
C:\Windows\System\dhHiYtq.exe

Filesize
6.0MB

MD5
878795581a032d600e2d074975b60577

SHA1
4389caaaec251ada3189f8f302e979ea0ef71708

SHA256
adaa5ae4f58c70796a11c83113025389438307ac8010049bf0dfed329de3d947

SHA512
1915b3991516f6b91a91c0eaa787f5468e411199dafd8da61ca2d08172070294b43f161a96a042c6b06205f06306b41f9b942b2c2d47d631f66b526fca9fe25d

Download Submit
C:\Windows\System\huVpBzs.exe

Filesize
6.0MB

MD5
f41174c8dabe38a9e11e7aef914f2726

SHA1
eab177a3a0b2ab947e701bdac193e96e6324f11b

SHA256
6bb3942b0b3a714570f2527ffd05f9b46d95172798c94993a9c9defa37e45621

SHA512
1a61fb01bae66de1e6ff2f7cf70a7ec26819305edde3ce2371fb5c82f119d813dc58f58a73cb027dd27bbe78d6ef575dfbfe24760976704836b341dd853a8c35

Download Submit
C:\Windows\System\ikMajQT.exe

Filesize
6.0MB

MD5
f3b65627e31d4dfc9a8e671aaf384468

SHA1
3544931d43538d5eac852764c8b13322209ae8ba

SHA256
c3a50a3ffa564b7f2413e4614df8b8bd4b417e0cc709aadae3fea1f55c80911b

SHA512
aa1b2f2ce44d92ce24d8ed120c6e205f5ff297402bf09d57e2e6e5f38644b273c06d250ce6c7dbaa234c8b6e5dcb7b1e2b64eb09d221c0719ed7f54d20890332

Download Submit
C:\Windows\System\isWZsnz.exe

Filesize
6.0MB

MD5
8c040e289102523589f0fc8bfc96aad5

SHA1
98541fbbb45cc6b233559828bfcc4e839505319a

SHA256
a86af60afafc120ecc7b5a24a3858496c62550351d30f82143275ed2da292364

SHA512
c7f76e05d82fca1e68763b5df2c1b276b731aefd52b61ed405f1256eefd2c37b8444dfd7392e7306a73e911e916df707e0dad76fd3ee5dbd3cde4de9599bc2c8

Download Submit
C:\Windows\System\kYVbKfE.exe

Filesize
6.0MB

MD5
a278cceca39b694f7078c81bbf566312

SHA1
1aa760f77b45f70ad4505372f551f5809d8b2d5c

SHA256
1b72ecf828c10105af4b674a18ef9c4e2d09ad18cbaf90560b899fef615c5040

SHA512
38554078c70c9705b167822bd6144fb4ca56da6a4b4e258262280f99d99b6a45d267ab712b3ab717c24abf48b68a909e8993fcb0389ce8782cb8713a6ce1cdbd

Download Submit
C:\Windows\System\oKAKbON.exe

Filesize
6.0MB

MD5
9351e312ebe92dc0b9f9d6bdbcbc4f64

SHA1
db361f1242a280a80c6165196c293cc00d5005ba

SHA256
395e6b1f574e46b3fe95ac1286e4c0c101700686c93e71f58cee670ab3d65131

SHA512
b435562e17a6a2ac75586e133758e893ae5bd04a4d5430b6648111f9792ee5fb9f59044be7e23620b84c630c3e088a21426ce26510a07fc522338bcda56bc591

Download Submit
C:\Windows\System\ouaPBUi.exe

Filesize
6.0MB

MD5
19fc6ad83268cf442a76cc1d3c977ff2

SHA1
cc2cbf1e895e4a25c2952664ebb61f488189ba96

SHA256
121617ffd41bcac8ca4dd379160c00c6f59fe0eb797eb5cb8964c3da760b8075

SHA512
e8547989d8f2a795e20b5fb3dc400edbacdb3579779bc321da4218c5ba22a57c2dbcf4ad246fad6c2cf36fa112865f11dc9f2e6f680a7dd43947c9cb5be5bb99

Download Submit
C:\Windows\System\qAMacGh.exe

Filesize
6.0MB

MD5
eda5839d63ebfb5392b43b6ef60563d3

SHA1
3dbdf990c469ecaa9e6532cf7796bd69d73484f3

SHA256
443a0cc915adfa85b63b38ff5ff9725d8347bb2a90334c200b212fee7bd5f1e0

SHA512
d9da1585ca671e382acca72376786fc4ebc1f8956d30738c62d8e506c752bbf023ec3903d93acd1484247a3a784a4420c7451f960d6171d82e61068a926ee53e

Download Submit
C:\Windows\System\szcjTid.exe

Filesize
6.0MB

MD5
a000f06d3225c3984970c740af1ffac6

SHA1
16dc9f128be8666af7859105c6f10382e842a6a8

SHA256
d65c14b8443d0a9dcc9a8cc82d535e08ff46a7ab6e42cba1ff006fe4a849f019

SHA512
148a68f0a28229d4921ba3bee12583a0e24f1c24879f9ae0ce1cddf6cd9b52e3473fb05e485131a54df4fd1e1c16702b5fe7a7cdbbe43d5ac4910a23e61eab58

Download Submit
C:\Windows\System\tDCMIWj.exe

Filesize
6.0MB

MD5
8b9cea5100efbc971ffdf0652893d700

SHA1
734609453ce9ee3633900a3cfd9c06a332fd8167

SHA256
0a4fdded68467ad377aa953566dbdc58b39b01fe7ae5f63ff239faefe0ad6ae1

SHA512
cfb9311260f4fc85d9a210948a3f55fbe228577afaaa28c5fa6fcebc74eb12be08d2122611550b339c63e0cb6ce0d119a2b37d54d5e6e8aa136a6f497bfe2814

Download Submit
C:\Windows\System\tQTBznJ.exe

Filesize
6.0MB

MD5
069591139fc6d3975990bc02ff7d617a

SHA1
f6e31e1239e61f4d63059fe988a192441059625e

SHA256
4e50c5d985912ef1d28d3dae5566883fc0e7ca7ec478565b50fae03f8c5627d6

SHA512
cef961813c8206448271b50b0ffb064e767b67e562faa2478c01e739c4258d52564de2dc1fa607b1953b67a8cf562c42746371bf79cfbe5c822353f834c1e601

Download Submit
C:\Windows\System\tihBduJ.exe

Filesize
6.0MB

MD5
7f57482244132d5ffc36929fa5eaca0a

SHA1
eee07ed7f099fbcb30ce92384b76aa252266463e

SHA256
3d7587efce8469ce072a531722447c5bb4f63cd875cbc2c396c4d09909d5c973

SHA512
edc5a678e99e43dccad4172e6f8e74491896fab6ba013fa034d267f671aef6fbd78d3123dff0ea272bc68680e02898f3626abee33bfb4ce2402174aadfd802ac

Download Submit
C:\Windows\System\upPcpvs.exe

Filesize
6.0MB

MD5
59dd244abde077d86126831d4b37c5bf

SHA1
7a89504e12cd17247bacd1b3ad8a732fb46d2cd4

SHA256
f8e37576783f197aee705e51ff9ad042b54a59609cb071460fa71922d3d39008

SHA512
0a049b3a15bb422414202f32900717b4724cac9ac36c32b3125555212ec57c6c760dcba87db8d879fc0ac151850151ef292d6a929ed15a63871f4f7a49ba7879

Download Submit
C:\Windows\System\vQmAvBf.exe

Filesize
6.0MB

MD5
7bc1c0c20af2141d06af175a61a423ef

SHA1
a654b9d74ff51b5055f99c1c15717c02609ad280

SHA256
02882e5e265a14bfb1f455600a53b08048331c4d558458aeb3a3a2990334a878

SHA512
85ac37a93b18ed8cccf9ea3c547c539d3dfbfe5e047bb32ac7233cfb5ed168a1e3d6a30d89f900b1cdd8cd4adfe8a9c901238c8c97a4ca31a78d43685c874a0b

Download Submit
C:\Windows\System\wgwRjZQ.exe

Filesize
6.0MB

MD5
737ab9de83ee8d06d6e9dc3c8071f1a8

SHA1
64dfd31c96ada5cab0db59f0cc85010e984bcbf0

SHA256
038272149a2c1e713cdac9ff3627f36cae955a84d330f96268d5d4cd864d3a08

SHA512
8484e6734040881af0b4bfd2f9f3a829292ae93bbadddbf72deb83c708a46f00693cde4fd71e948a8ad5cca87b95845aa0c855873587eec639df6c50352e04d0

Download Submit
C:\Windows\System\wsXprLf.exe

Filesize
6.0MB

MD5
5718463d18d2ab0ed273b15746973bec

SHA1
5b4d952f7bb9a42ae5d497cbec1f99674d0db41c

SHA256
97b9f3d717511fcdb32af88f13f4cae91dc3a046ed23e87a7e463a3f958d7dad

SHA512
517e32d99ae022e788e8c50cc3b9c55d7c18d85fb6e23bcbefd9e99718323f8310d9720db0e8e2002e764116f30accf09dd729260c2c2df5aeb484c1f6a39b32

Download Submit
C:\Windows\System\xbTaVmM.exe

Filesize
6.0MB

MD5
0b593778f12f83cd04be454de6dd6be1

SHA1
2efa39c26ff503f3988fbeaba48171fbfb637705

SHA256
bc6d16bae3492ff1a7fb2c4c0ab1e5fa30085839a82daa80d0ace40d6b9e38c5

SHA512
53005f4f0e1a9745b9f954677776e589a9be7d83f4498ed8a96945fed1ca1547cab68e86c083afe52f782ad1d8e85caa2a79b9570a83220f55987007f351b571

Download Submit
C:\Windows\System\xomyzdL.exe

Filesize
6.0MB

MD5
20351435e1de3a1b50662080960fed64

SHA1
d9474fa724aeb90cdcecc601b9a7ded853575134

SHA256
e6e44818c017184497ae7aa74c38d27e75ee3b115bfc3a218995b8719328f942

SHA512
6b0d57b96488b7deea9acf410b9512c32c2e61951c4fadc1f0a4ccb961cd3ed864687f0c7c016e4c6be889f2b5a5a9eaeedcbcaa91fb31f45af1106911fe5e86

Download Submit
C:\Windows\System\zbkYEqZ.exe

Filesize
6.0MB

MD5
8df3d692f4acf56cc29631d9f07275ee

SHA1
25be158cd05008f5568b3ba77204ebbbd1961841

SHA256
61f61734604d4c25eed45be2cdce0283570bacb598634223f1ea195da5cdc3d1

SHA512
03a5ff499ee25938aa11a333b7df51dc9c63055ea10568500730bf3decc728f3144de5e086fe55d06abc9f5b0833badb18ca76af2f1288dec2b901661d42f1ac

Download Submit
memory/488-148-0x00007FF79CF00000-0x00007FF79D254000-memory.dmp

Filesize
3.3MB

Download
memory/488-2188-0x00007FF79CF00000-0x00007FF79D254000-memory.dmp

Filesize
3.3MB

Download
memory/488-347-0x00007FF79CF00000-0x00007FF79D254000-memory.dmp

Filesize
3.3MB

Download
memory/732-103-0x00007FF63DA90000-0x00007FF63DDE4000-memory.dmp

Filesize
3.3MB

Download
memory/732-1983-0x00007FF63DA90000-0x00007FF63DDE4000-memory.dmp

Filesize
3.3MB

Download
memory/732-44-0x00007FF63DA90000-0x00007FF63DDE4000-memory.dmp

Filesize
3.3MB

Download
memory/772-1946-0x00007FF790BB0000-0x00007FF790F04000-memory.dmp

Filesize
3.3MB

Download
memory/772-20-0x00007FF790BB0000-0x00007FF790F04000-memory.dmp

Filesize
3.3MB

Download
memory/772-73-0x00007FF790BB0000-0x00007FF790F04000-memory.dmp

Filesize
3.3MB

Download
memory/912-2211-0x00007FF601A80000-0x00007FF601DD4000-memory.dmp

Filesize
3.3MB

Download
memory/912-158-0x00007FF601A80000-0x00007FF601DD4000-memory.dmp

Filesize
3.3MB

Download
memory/912-386-0x00007FF601A80000-0x00007FF601DD4000-memory.dmp

Filesize
3.3MB

Download
memory/952-2216-0x00007FF641AC0000-0x00007FF641E14000-memory.dmp

Filesize
3.3MB

Download
memory/952-171-0x00007FF641AC0000-0x00007FF641E14000-memory.dmp

Filesize
3.3MB

Download
memory/1156-99-0x00007FF672AB0000-0x00007FF672E04000-memory.dmp

Filesize
3.3MB

Download
memory/1156-2143-0x00007FF672AB0000-0x00007FF672E04000-memory.dmp

Filesize
3.3MB

Download
memory/1580-387-0x00007FF6EB820000-0x00007FF6EBB74000-memory.dmp

Filesize
3.3MB

Download
memory/1580-164-0x00007FF6EB820000-0x00007FF6EBB74000-memory.dmp

Filesize
3.3MB

Download
memory/1580-2218-0x00007FF6EB820000-0x00007FF6EBB74000-memory.dmp

Filesize
3.3MB

Download
memory/2108-30-0x00007FF6C5710000-0x00007FF6C5A64000-memory.dmp

Filesize
3.3MB

Download
memory/2108-1960-0x00007FF6C5710000-0x00007FF6C5A64000-memory.dmp

Filesize
3.3MB

Download
memory/2108-89-0x00007FF6C5710000-0x00007FF6C5A64000-memory.dmp

Filesize
3.3MB

Download
memory/2228-2222-0x00007FF702AE0000-0x00007FF702E34000-memory.dmp

Filesize
3.3MB

Download
memory/2228-174-0x00007FF702AE0000-0x00007FF702E34000-memory.dmp

Filesize
3.3MB

Download
memory/2228-520-0x00007FF702AE0000-0x00007FF702E34000-memory.dmp

Filesize
3.3MB

Download
memory/2484-2352-0x00007FF71D7D0000-0x00007FF71DB24000-memory.dmp

Filesize
3.3MB

Download
memory/2484-187-0x00007FF71D7D0000-0x00007FF71DB24000-memory.dmp

Filesize
3.3MB

Download
memory/2732-134-0x00007FF747870000-0x00007FF747BC4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-2192-0x00007FF747870000-0x00007FF747BC4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-346-0x00007FF747870000-0x00007FF747BC4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-8-0x00007FF607C80000-0x00007FF607FD4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-69-0x00007FF607C80000-0x00007FF607FD4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-1929-0x00007FF607C80000-0x00007FF607FD4000-memory.dmp

Filesize
3.3MB

Download
memory/3100-2004-0x00007FF6DC870000-0x00007FF6DCBC4000-memory.dmp

Filesize
3.3MB

Download
memory/3100-61-0x00007FF6DC870000-0x00007FF6DCBC4000-memory.dmp

Filesize
3.3MB

Download
memory/3100-123-0x00007FF6DC870000-0x00007FF6DCBC4000-memory.dmp

Filesize
3.3MB

Download
memory/3352-153-0x00007FF6A6A10000-0x00007FF6A6D64000-memory.dmp

Filesize
3.3MB

Download
memory/3352-2189-0x00007FF6A6A10000-0x00007FF6A6D64000-memory.dmp

Filesize
3.3MB

Download
memory/3416-78-0x00007FF6559C0000-0x00007FF655D14000-memory.dmp

Filesize
3.3MB

Download
memory/3416-2080-0x00007FF6559C0000-0x00007FF655D14000-memory.dmp

Filesize
3.3MB

Download
memory/3416-170-0x00007FF6559C0000-0x00007FF655D14000-memory.dmp

Filesize
3.3MB

Download
memory/3488-165-0x00007FF7444F0000-0x00007FF744844000-memory.dmp

Filesize
3.3MB

Download
memory/3488-2209-0x00007FF7444F0000-0x00007FF744844000-memory.dmp

Filesize
3.3MB

Download
memory/3632-2073-0x00007FF7C5D50000-0x00007FF7C60A4000-memory.dmp

Filesize
3.3MB

Download
memory/3632-70-0x00007FF7C5D50000-0x00007FF7C60A4000-memory.dmp

Filesize
3.3MB

Download
memory/4152-262-0x00007FF76F580000-0x00007FF76F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/4152-2179-0x00007FF76F580000-0x00007FF76F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/4152-116-0x00007FF76F580000-0x00007FF76F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/4292-306-0x00007FF7FF170000-0x00007FF7FF4C4000-memory.dmp

Filesize
3.3MB

Download
memory/4292-2177-0x00007FF7FF170000-0x00007FF7FF4C4000-memory.dmp

Filesize
3.3MB

Download
memory/4292-131-0x00007FF7FF170000-0x00007FF7FF4C4000-memory.dmp

Filesize
3.3MB

Download
memory/4316-1938-0x00007FF7A5460000-0x00007FF7A57B4000-memory.dmp

Filesize
3.3MB

Download
memory/4316-71-0x00007FF7A5460000-0x00007FF7A57B4000-memory.dmp

Filesize
3.3MB

Download
memory/4316-14-0x00007FF7A5460000-0x00007FF7A57B4000-memory.dmp

Filesize
3.3MB

Download
memory/4396-60-0x00007FF6EC8D0000-0x00007FF6ECC24000-memory.dmp

Filesize
3.3MB

Download
memory/4396-1-0x000001D8EDF60000-0x000001D8EDF70000-memory.dmp

Filesize
64KB

Download
memory/4396-0-0x00007FF6EC8D0000-0x00007FF6ECC24000-memory.dmp

Filesize
3.3MB

Download
memory/4408-207-0x00007FF6B76A0000-0x00007FF6B79F4000-memory.dmp

Filesize
3.3MB

Download
memory/4408-104-0x00007FF6B76A0000-0x00007FF6B79F4000-memory.dmp

Filesize
3.3MB

Download
memory/4408-2155-0x00007FF6B76A0000-0x00007FF6B79F4000-memory.dmp

Filesize
3.3MB

Download
memory/4468-1997-0x00007FF775740000-0x00007FF775A94000-memory.dmp

Filesize
3.3MB

Download
memory/4468-58-0x00007FF775740000-0x00007FF775A94000-memory.dmp

Filesize
3.3MB

Download
memory/4660-1948-0x00007FF722850000-0x00007FF722BA4000-memory.dmp

Filesize
3.3MB

Download
memory/4660-25-0x00007FF722850000-0x00007FF722BA4000-memory.dmp

Filesize
3.3MB

Download
memory/4660-84-0x00007FF722850000-0x00007FF722BA4000-memory.dmp

Filesize
3.3MB

Download
memory/4724-55-0x00007FF62AB30000-0x00007FF62AE84000-memory.dmp

Filesize
3.3MB

Download
memory/4724-1989-0x00007FF62AB30000-0x00007FF62AE84000-memory.dmp

Filesize
3.3MB

Download
memory/4800-1978-0x00007FF680D50000-0x00007FF6810A4000-memory.dmp

Filesize
3.3MB

Download
memory/4800-38-0x00007FF680D50000-0x00007FF6810A4000-memory.dmp

Filesize
3.3MB

Download
memory/4800-98-0x00007FF680D50000-0x00007FF6810A4000-memory.dmp

Filesize
3.3MB

Download
memory/4936-259-0x00007FF69ECB0000-0x00007FF69F004000-memory.dmp

Filesize
3.3MB

Download
memory/4936-113-0x00007FF69ECB0000-0x00007FF69F004000-memory.dmp

Filesize
3.3MB

Download
memory/4936-2160-0x00007FF69ECB0000-0x00007FF69F004000-memory.dmp

Filesize
3.3MB

Download
memory/5008-2088-0x00007FF7182C0000-0x00007FF718614000-memory.dmp

Filesize
3.3MB

Download
memory/5008-87-0x00007FF7182C0000-0x00007FF718614000-memory.dmp

Filesize
3.3MB

Download
memory/5024-636-0x00007FF6DFFA0000-0x00007FF6E02F4000-memory.dmp

Filesize
3.3MB

Download
memory/5024-182-0x00007FF6DFFA0000-0x00007FF6E02F4000-memory.dmp

Filesize
3.3MB

Download
memory/5024-2353-0x00007FF6DFFA0000-0x00007FF6E02F4000-memory.dmp

Filesize
3.3MB

Download
memory/5104-178-0x00007FF623320000-0x00007FF623674000-memory.dmp

Filesize
3.3MB

Download
memory/5104-2124-0x00007FF623320000-0x00007FF623674000-memory.dmp

Filesize
3.3MB

Download
memory/5104-90-0x00007FF623320000-0x00007FF623674000-memory.dmp

Filesize
3.3MB

Download