cobaltstrike | 729f12157878fbd0c3b477f73c8b251ea30fa85eaada9fe6664bf9761a894d88

Analysis

max time kernel
112s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-11-2024 02:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

d524cfa31a8ebdcc13241592ae36139d
SHA1

c81497963fcac7aa37d27082748379c07c046896
SHA256

729f12157878fbd0c3b477f73c8b251ea30fa85eaada9fe6664bf9761a894d88
SHA512

39dab037ee6ab75737dbf6f9c3999dd5c5b9287d14e01911a54ef7f9b59a8ad490962ecc46948641328690cf7a1dc85c889de1cf2ba043d36abb7250cc2345a3
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUL:T+q56utgpPF8u/7L

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
C:\Windows\System\UIPrAnE.exe	cobalt_reflective_dll
C:\Windows\System\MmvzQAn.exe	cobalt_reflective_dll
C:\Windows\System\IrBnGya.exe	cobalt_reflective_dll
C:\Windows\System\boGmUqj.exe	cobalt_reflective_dll
C:\Windows\System\vfTmuhS.exe	cobalt_reflective_dll
C:\Windows\System\fgaqKtI.exe	cobalt_reflective_dll
C:\Windows\System\mvvAlsO.exe	cobalt_reflective_dll
C:\Windows\System\zSkJvnA.exe	cobalt_reflective_dll
C:\Windows\System\JSvnKkD.exe	cobalt_reflective_dll
C:\Windows\System\NfFjDnI.exe	cobalt_reflective_dll
C:\Windows\System\NmFTwnJ.exe	cobalt_reflective_dll
C:\Windows\System\wujwkhE.exe	cobalt_reflective_dll
C:\Windows\System\pXpJCbV.exe	cobalt_reflective_dll
C:\Windows\System\rwrZkqd.exe	cobalt_reflective_dll
C:\Windows\System\EBksLPs.exe	cobalt_reflective_dll
C:\Windows\System\GYcjdPP.exe	cobalt_reflective_dll
C:\Windows\System\udCcaOD.exe	cobalt_reflective_dll
C:\Windows\System\hLlBnfW.exe	cobalt_reflective_dll
C:\Windows\System\UFcohLp.exe	cobalt_reflective_dll
C:\Windows\System\cHNkVzY.exe	cobalt_reflective_dll
C:\Windows\System\nJInkby.exe	cobalt_reflective_dll
C:\Windows\System\MlfOxYs.exe	cobalt_reflective_dll
C:\Windows\System\fyFGcFO.exe	cobalt_reflective_dll
C:\Windows\System\gDliwuG.exe	cobalt_reflective_dll
C:\Windows\System\vGiWtcr.exe	cobalt_reflective_dll
C:\Windows\System\ulTxBmW.exe	cobalt_reflective_dll
C:\Windows\System\DCUgfVQ.exe	cobalt_reflective_dll
C:\Windows\System\LOOMjaj.exe	cobalt_reflective_dll
C:\Windows\System\GMAjyPB.exe	cobalt_reflective_dll
C:\Windows\System\WUkRgRM.exe	cobalt_reflective_dll
C:\Windows\System\isaYtAL.exe	cobalt_reflective_dll
C:\Windows\System\tFPDhDs.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/2676-0-0x00007FF624C90000-0x00007FF624FE4000-memory.dmp	xmrig
C:\Windows\System\UIPrAnE.exe	xmrig
behavioral2/memory/4520-8-0x00007FF721B10000-0x00007FF721E64000-memory.dmp	xmrig
C:\Windows\System\MmvzQAn.exe	xmrig
C:\Windows\System\IrBnGya.exe	xmrig
behavioral2/memory/4192-14-0x00007FF746050000-0x00007FF7463A4000-memory.dmp	xmrig
behavioral2/memory/4784-26-0x00007FF697D40000-0x00007FF698094000-memory.dmp	xmrig
C:\Windows\System\boGmUqj.exe	xmrig
C:\Windows\System\vfTmuhS.exe	xmrig
behavioral2/memory/2712-38-0x00007FF6AEE30000-0x00007FF6AF184000-memory.dmp	xmrig
C:\Windows\System\fgaqKtI.exe	xmrig
behavioral2/memory/1144-41-0x00007FF72AAD0000-0x00007FF72AE24000-memory.dmp	xmrig
behavioral2/memory/4156-36-0x00007FF66F3A0000-0x00007FF66F6F4000-memory.dmp	xmrig
C:\Windows\System\mvvAlsO.exe	xmrig
behavioral2/memory/928-29-0x00007FF7CD8C0000-0x00007FF7CDC14000-memory.dmp	xmrig
C:\Windows\System\zSkJvnA.exe	xmrig
behavioral2/memory/2080-48-0x00007FF6F2870000-0x00007FF6F2BC4000-memory.dmp	xmrig
C:\Windows\System\JSvnKkD.exe	xmrig
behavioral2/memory/2668-56-0x00007FF7B0690000-0x00007FF7B09E4000-memory.dmp	xmrig
C:\Windows\System\NfFjDnI.exe	xmrig
C:\Windows\System\NmFTwnJ.exe	xmrig
C:\Windows\System\wujwkhE.exe	xmrig
behavioral2/memory/4304-72-0x00007FF7CEAB0000-0x00007FF7CEE04000-memory.dmp	xmrig
behavioral2/memory/2676-76-0x00007FF624C90000-0x00007FF624FE4000-memory.dmp	xmrig
C:\Windows\System\pXpJCbV.exe	xmrig
behavioral2/memory/4520-79-0x00007FF721B10000-0x00007FF721E64000-memory.dmp	xmrig
C:\Windows\System\rwrZkqd.exe	xmrig
behavioral2/memory/1104-88-0x00007FF611760000-0x00007FF611AB4000-memory.dmp	xmrig
C:\Windows\System\EBksLPs.exe	xmrig
behavioral2/memory/2044-103-0x00007FF6CC450000-0x00007FF6CC7A4000-memory.dmp	xmrig
behavioral2/memory/1144-108-0x00007FF72AAD0000-0x00007FF72AE24000-memory.dmp	xmrig
C:\Windows\System\GYcjdPP.exe	xmrig
behavioral2/memory/4280-109-0x00007FF792BA0000-0x00007FF792EF4000-memory.dmp	xmrig
C:\Windows\System\udCcaOD.exe	xmrig
behavioral2/memory/2712-102-0x00007FF6AEE30000-0x00007FF6AF184000-memory.dmp	xmrig
behavioral2/memory/1308-96-0x00007FF713EE0000-0x00007FF714234000-memory.dmp	xmrig
behavioral2/memory/4156-95-0x00007FF66F3A0000-0x00007FF66F6F4000-memory.dmp	xmrig
behavioral2/memory/4784-94-0x00007FF697D40000-0x00007FF698094000-memory.dmp	xmrig
behavioral2/memory/928-87-0x00007FF7CD8C0000-0x00007FF7CDC14000-memory.dmp	xmrig
behavioral2/memory/4192-86-0x00007FF746050000-0x00007FF7463A4000-memory.dmp	xmrig
behavioral2/memory/776-80-0x00007FF6B3210000-0x00007FF6B3564000-memory.dmp	xmrig
behavioral2/memory/4844-77-0x00007FF64AA60000-0x00007FF64ADB4000-memory.dmp	xmrig
behavioral2/memory/1748-73-0x00007FF7EC4B0000-0x00007FF7EC804000-memory.dmp	xmrig
C:\Windows\System\hLlBnfW.exe	xmrig
behavioral2/memory/2080-116-0x00007FF6F2870000-0x00007FF6F2BC4000-memory.dmp	xmrig
behavioral2/memory/3168-119-0x00007FF610D30000-0x00007FF611084000-memory.dmp	xmrig
C:\Windows\System\UFcohLp.exe	xmrig
C:\Windows\System\cHNkVzY.exe	xmrig
behavioral2/memory/3932-132-0x00007FF74E9B0000-0x00007FF74ED04000-memory.dmp	xmrig
behavioral2/memory/2812-125-0x00007FF6B0FD0000-0x00007FF6B1324000-memory.dmp	xmrig
behavioral2/memory/4304-124-0x00007FF7CEAB0000-0x00007FF7CEE04000-memory.dmp	xmrig
behavioral2/memory/2668-123-0x00007FF7B0690000-0x00007FF7B09E4000-memory.dmp	xmrig
C:\Windows\System\nJInkby.exe	xmrig
behavioral2/memory/736-137-0x00007FF7A0050000-0x00007FF7A03A4000-memory.dmp	xmrig
C:\Windows\System\MlfOxYs.exe	xmrig
behavioral2/memory/776-143-0x00007FF6B3210000-0x00007FF6B3564000-memory.dmp	xmrig
behavioral2/memory/1104-148-0x00007FF611760000-0x00007FF611AB4000-memory.dmp	xmrig
C:\Windows\System\fyFGcFO.exe	xmrig
behavioral2/memory/2032-160-0x00007FF7BF290000-0x00007FF7BF5E4000-memory.dmp	xmrig
C:\Windows\System\gDliwuG.exe	xmrig
C:\Windows\System\vGiWtcr.exe	xmrig
C:\Windows\System\ulTxBmW.exe	xmrig
behavioral2/memory/3168-184-0x00007FF610D30000-0x00007FF611084000-memory.dmp	xmrig
behavioral2/memory/2812-191-0x00007FF6B0FD0000-0x00007FF6B1324000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

UIPrAnE.exeIrBnGya.exeMmvzQAn.exemvvAlsO.exevfTmuhS.exeboGmUqj.exefgaqKtI.exezSkJvnA.exeJSvnKkD.exeNfFjDnI.exeNmFTwnJ.exewujwkhE.exepXpJCbV.exerwrZkqd.exeEBksLPs.exeudCcaOD.exeGYcjdPP.exehLlBnfW.exeUFcohLp.execHNkVzY.exenJInkby.exeMlfOxYs.exetFPDhDs.exefyFGcFO.exegDliwuG.exevGiWtcr.exeulTxBmW.exeisaYtAL.exeWUkRgRM.exeGMAjyPB.exeLOOMjaj.exeDCUgfVQ.exeDkucCeR.exeXvSRrJq.exerOnmkab.exeASSYhtx.exefEXtzdx.exeUrripJE.exeilcTXPO.exeInDHqsS.exeUgODBzV.exeFLXnOAj.exeBcYYqxe.exeDqVXETK.exegKIDsAV.exeEAknIqi.exetitjuPw.exelYxsBBU.exeucVZsgE.exeuRusgWe.exegtJSJPD.exeYwTmjnE.exeiKXKdCa.exezdfbqGV.exeqhRzvHu.exesiLEnPo.exeOrBIeoK.exeKgNMmfx.exeleoABKa.exeNZpmxug.exeJlKAKDt.exeZngkMJP.exeacxMCRL.exeiCjHufV.exe

pid	process
4520	UIPrAnE.exe
4192	IrBnGya.exe
4784	MmvzQAn.exe
928	mvvAlsO.exe
4156	vfTmuhS.exe
2712	boGmUqj.exe
1144	fgaqKtI.exe
2080	zSkJvnA.exe
2668	JSvnKkD.exe
4304	NfFjDnI.exe
4844	NmFTwnJ.exe
1748	wujwkhE.exe
776	pXpJCbV.exe
1104	rwrZkqd.exe
1308	EBksLPs.exe
2044	udCcaOD.exe
4280	GYcjdPP.exe
3168	hLlBnfW.exe
2812	UFcohLp.exe
3932	cHNkVzY.exe
736	nJInkby.exe
3176	MlfOxYs.exe
4148	tFPDhDs.exe
2032	fyFGcFO.exe
2924	gDliwuG.exe
2588	vGiWtcr.exe
1468	ulTxBmW.exe
4600	isaYtAL.exe
3428	WUkRgRM.exe
868	GMAjyPB.exe
4444	LOOMjaj.exe
3600	DCUgfVQ.exe
2340	DkucCeR.exe
112	XvSRrJq.exe
4992	rOnmkab.exe
4532	ASSYhtx.exe
2680	fEXtzdx.exe
3224	UrripJE.exe
3796	ilcTXPO.exe
4608	InDHqsS.exe
4592	UgODBzV.exe
3312	FLXnOAj.exe
5080	BcYYqxe.exe
4064	DqVXETK.exe
4468	gKIDsAV.exe
1940	EAknIqi.exe
3064	titjuPw.exe
4928	lYxsBBU.exe
4572	ucVZsgE.exe
2736	uRusgWe.exe
2512	gtJSJPD.exe
1484	YwTmjnE.exe
4384	iKXKdCa.exe
4568	zdfbqGV.exe
3956	qhRzvHu.exe
116	siLEnPo.exe
4432	OrBIeoK.exe
1064	KgNMmfx.exe
1552	leoABKa.exe
4748	NZpmxug.exe
2324	JlKAKDt.exe
1420	ZngkMJP.exe
1360	acxMCRL.exe
4916	iCjHufV.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2676-0-0x00007FF624C90000-0x00007FF624FE4000-memory.dmp	upx
C:\Windows\System\UIPrAnE.exe	upx
behavioral2/memory/4520-8-0x00007FF721B10000-0x00007FF721E64000-memory.dmp	upx
C:\Windows\System\MmvzQAn.exe	upx
C:\Windows\System\IrBnGya.exe	upx
behavioral2/memory/4192-14-0x00007FF746050000-0x00007FF7463A4000-memory.dmp	upx
behavioral2/memory/4784-26-0x00007FF697D40000-0x00007FF698094000-memory.dmp	upx
C:\Windows\System\boGmUqj.exe	upx
C:\Windows\System\vfTmuhS.exe	upx
behavioral2/memory/2712-38-0x00007FF6AEE30000-0x00007FF6AF184000-memory.dmp	upx
C:\Windows\System\fgaqKtI.exe	upx
behavioral2/memory/1144-41-0x00007FF72AAD0000-0x00007FF72AE24000-memory.dmp	upx
behavioral2/memory/4156-36-0x00007FF66F3A0000-0x00007FF66F6F4000-memory.dmp	upx
C:\Windows\System\mvvAlsO.exe	upx
behavioral2/memory/928-29-0x00007FF7CD8C0000-0x00007FF7CDC14000-memory.dmp	upx
C:\Windows\System\zSkJvnA.exe	upx
behavioral2/memory/2080-48-0x00007FF6F2870000-0x00007FF6F2BC4000-memory.dmp	upx
C:\Windows\System\JSvnKkD.exe	upx
behavioral2/memory/2668-56-0x00007FF7B0690000-0x00007FF7B09E4000-memory.dmp	upx
C:\Windows\System\NfFjDnI.exe	upx
C:\Windows\System\NmFTwnJ.exe	upx
C:\Windows\System\wujwkhE.exe	upx
behavioral2/memory/4304-72-0x00007FF7CEAB0000-0x00007FF7CEE04000-memory.dmp	upx
behavioral2/memory/2676-76-0x00007FF624C90000-0x00007FF624FE4000-memory.dmp	upx
C:\Windows\System\pXpJCbV.exe	upx
behavioral2/memory/4520-79-0x00007FF721B10000-0x00007FF721E64000-memory.dmp	upx
C:\Windows\System\rwrZkqd.exe	upx
behavioral2/memory/1104-88-0x00007FF611760000-0x00007FF611AB4000-memory.dmp	upx
C:\Windows\System\EBksLPs.exe	upx
behavioral2/memory/2044-103-0x00007FF6CC450000-0x00007FF6CC7A4000-memory.dmp	upx
behavioral2/memory/1144-108-0x00007FF72AAD0000-0x00007FF72AE24000-memory.dmp	upx
C:\Windows\System\GYcjdPP.exe	upx
behavioral2/memory/4280-109-0x00007FF792BA0000-0x00007FF792EF4000-memory.dmp	upx
C:\Windows\System\udCcaOD.exe	upx
behavioral2/memory/2712-102-0x00007FF6AEE30000-0x00007FF6AF184000-memory.dmp	upx
behavioral2/memory/1308-96-0x00007FF713EE0000-0x00007FF714234000-memory.dmp	upx
behavioral2/memory/4156-95-0x00007FF66F3A0000-0x00007FF66F6F4000-memory.dmp	upx
behavioral2/memory/4784-94-0x00007FF697D40000-0x00007FF698094000-memory.dmp	upx
behavioral2/memory/928-87-0x00007FF7CD8C0000-0x00007FF7CDC14000-memory.dmp	upx
behavioral2/memory/4192-86-0x00007FF746050000-0x00007FF7463A4000-memory.dmp	upx
behavioral2/memory/776-80-0x00007FF6B3210000-0x00007FF6B3564000-memory.dmp	upx
behavioral2/memory/4844-77-0x00007FF64AA60000-0x00007FF64ADB4000-memory.dmp	upx
behavioral2/memory/1748-73-0x00007FF7EC4B0000-0x00007FF7EC804000-memory.dmp	upx
C:\Windows\System\hLlBnfW.exe	upx
behavioral2/memory/2080-116-0x00007FF6F2870000-0x00007FF6F2BC4000-memory.dmp	upx
behavioral2/memory/3168-119-0x00007FF610D30000-0x00007FF611084000-memory.dmp	upx
C:\Windows\System\UFcohLp.exe	upx
C:\Windows\System\cHNkVzY.exe	upx
behavioral2/memory/3932-132-0x00007FF74E9B0000-0x00007FF74ED04000-memory.dmp	upx
behavioral2/memory/2812-125-0x00007FF6B0FD0000-0x00007FF6B1324000-memory.dmp	upx
behavioral2/memory/4304-124-0x00007FF7CEAB0000-0x00007FF7CEE04000-memory.dmp	upx
behavioral2/memory/2668-123-0x00007FF7B0690000-0x00007FF7B09E4000-memory.dmp	upx
C:\Windows\System\nJInkby.exe	upx
behavioral2/memory/736-137-0x00007FF7A0050000-0x00007FF7A03A4000-memory.dmp	upx
C:\Windows\System\MlfOxYs.exe	upx
behavioral2/memory/776-143-0x00007FF6B3210000-0x00007FF6B3564000-memory.dmp	upx
behavioral2/memory/1104-148-0x00007FF611760000-0x00007FF611AB4000-memory.dmp	upx
C:\Windows\System\fyFGcFO.exe	upx
behavioral2/memory/2032-160-0x00007FF7BF290000-0x00007FF7BF5E4000-memory.dmp	upx
C:\Windows\System\gDliwuG.exe	upx
C:\Windows\System\vGiWtcr.exe	upx
C:\Windows\System\ulTxBmW.exe	upx
behavioral2/memory/3168-184-0x00007FF610D30000-0x00007FF611084000-memory.dmp	upx
behavioral2/memory/2812-191-0x00007FF6B0FD0000-0x00007FF6B1324000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\KmfriQq.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wekmjuN.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nSMKHjh.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WrpVlcg.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AlYbeoz.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dPyxbna.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wNmsKra.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uSacbTf.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XjvEBAq.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jgJRhby.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KeogWyw.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RcNdZGZ.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sESQEWq.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IqChQOk.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ukLGTaO.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\glOhNAx.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RjxmlPP.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZgihxvP.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JRudydH.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IhOmWJA.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XrASjCb.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KqfJyxT.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZDwhGfk.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yUfFcDv.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yZBriwX.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WtdgVcz.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GBQyBrJ.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nNdeIQi.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LBPhSys.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KaQhPva.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gPoEmXw.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oDqsDob.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nNNfhqo.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Utuucua.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PRoyXbj.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GIOYoHU.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TUHKxdr.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\REGSDba.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BbUZBPY.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gJxwGUG.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HRcPMTF.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ttPiaPI.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FvGGsxv.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XMzFGkn.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tDdstob.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XhsuWDu.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\awubOLQ.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PNmFAMX.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ISeQIkO.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DhgyDHO.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RlrKPEB.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tCFuvnW.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rBZrUqs.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zSkJvnA.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DkucCeR.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZmIvBxZ.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RHkypgo.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WgplCHa.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PXNqvgY.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\edgiXpP.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ivQdGVs.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CfuiaxK.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BEwiYYF.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yWIcABI.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 2676 wrote to memory of 4520	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	UIPrAnE.exe
PID 2676 wrote to memory of 4520	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	UIPrAnE.exe
PID 2676 wrote to memory of 4192	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	IrBnGya.exe
PID 2676 wrote to memory of 4192	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	IrBnGya.exe
PID 2676 wrote to memory of 4784	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	MmvzQAn.exe
PID 2676 wrote to memory of 4784	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	MmvzQAn.exe
PID 2676 wrote to memory of 928	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	mvvAlsO.exe
PID 2676 wrote to memory of 928	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	mvvAlsO.exe
PID 2676 wrote to memory of 4156	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	vfTmuhS.exe
PID 2676 wrote to memory of 4156	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	vfTmuhS.exe
PID 2676 wrote to memory of 2712	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	boGmUqj.exe
PID 2676 wrote to memory of 2712	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	boGmUqj.exe
PID 2676 wrote to memory of 1144	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	fgaqKtI.exe
PID 2676 wrote to memory of 1144	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	fgaqKtI.exe
PID 2676 wrote to memory of 2080	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	zSkJvnA.exe
PID 2676 wrote to memory of 2080	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	zSkJvnA.exe
PID 2676 wrote to memory of 2668	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	JSvnKkD.exe
PID 2676 wrote to memory of 2668	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	JSvnKkD.exe
PID 2676 wrote to memory of 4304	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	NfFjDnI.exe
PID 2676 wrote to memory of 4304	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	NfFjDnI.exe
PID 2676 wrote to memory of 4844	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	NmFTwnJ.exe
PID 2676 wrote to memory of 4844	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	NmFTwnJ.exe
PID 2676 wrote to memory of 1748	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	wujwkhE.exe
PID 2676 wrote to memory of 1748	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	wujwkhE.exe
PID 2676 wrote to memory of 776	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	pXpJCbV.exe
PID 2676 wrote to memory of 776	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	pXpJCbV.exe
PID 2676 wrote to memory of 1104	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	rwrZkqd.exe
PID 2676 wrote to memory of 1104	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	rwrZkqd.exe
PID 2676 wrote to memory of 1308	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	EBksLPs.exe
PID 2676 wrote to memory of 1308	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	EBksLPs.exe
PID 2676 wrote to memory of 2044	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	udCcaOD.exe
PID 2676 wrote to memory of 2044	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	udCcaOD.exe
PID 2676 wrote to memory of 4280	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	GYcjdPP.exe
PID 2676 wrote to memory of 4280	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	GYcjdPP.exe
PID 2676 wrote to memory of 3168	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	hLlBnfW.exe
PID 2676 wrote to memory of 3168	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	hLlBnfW.exe
PID 2676 wrote to memory of 2812	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	UFcohLp.exe
PID 2676 wrote to memory of 2812	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	UFcohLp.exe
PID 2676 wrote to memory of 3932	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	cHNkVzY.exe
PID 2676 wrote to memory of 3932	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	cHNkVzY.exe
PID 2676 wrote to memory of 736	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	nJInkby.exe
PID 2676 wrote to memory of 736	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	nJInkby.exe
PID 2676 wrote to memory of 3176	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	MlfOxYs.exe
PID 2676 wrote to memory of 3176	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	MlfOxYs.exe
PID 2676 wrote to memory of 4148	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	tFPDhDs.exe
PID 2676 wrote to memory of 4148	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	tFPDhDs.exe
PID 2676 wrote to memory of 2032	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	fyFGcFO.exe
PID 2676 wrote to memory of 2032	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	fyFGcFO.exe
PID 2676 wrote to memory of 2924	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	gDliwuG.exe
PID 2676 wrote to memory of 2924	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	gDliwuG.exe
PID 2676 wrote to memory of 2588	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	vGiWtcr.exe
PID 2676 wrote to memory of 2588	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	vGiWtcr.exe
PID 2676 wrote to memory of 1468	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	ulTxBmW.exe
PID 2676 wrote to memory of 1468	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	ulTxBmW.exe
PID 2676 wrote to memory of 4600	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	isaYtAL.exe
PID 2676 wrote to memory of 4600	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	isaYtAL.exe
PID 2676 wrote to memory of 3428	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	WUkRgRM.exe
PID 2676 wrote to memory of 3428	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	WUkRgRM.exe
PID 2676 wrote to memory of 868	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	GMAjyPB.exe
PID 2676 wrote to memory of 868	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	GMAjyPB.exe
PID 2676 wrote to memory of 4444	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	LOOMjaj.exe
PID 2676 wrote to memory of 4444	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	LOOMjaj.exe
PID 2676 wrote to memory of 3600	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	DCUgfVQ.exe
PID 2676 wrote to memory of 3600	2676	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	DCUgfVQ.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Windows\System\UIPrAnE.exe
  C:\Windows\System\UIPrAnE.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\IrBnGya.exe
  C:\Windows\System\IrBnGya.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\MmvzQAn.exe
  C:\Windows\System\MmvzQAn.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\mvvAlsO.exe
  C:\Windows\System\mvvAlsO.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\vfTmuhS.exe
  C:\Windows\System\vfTmuhS.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System\boGmUqj.exe
  C:\Windows\System\boGmUqj.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\fgaqKtI.exe
  C:\Windows\System\fgaqKtI.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\zSkJvnA.exe
  C:\Windows\System\zSkJvnA.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\JSvnKkD.exe
  C:\Windows\System\JSvnKkD.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\NfFjDnI.exe
  C:\Windows\System\NfFjDnI.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\NmFTwnJ.exe
  C:\Windows\System\NmFTwnJ.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\wujwkhE.exe
  C:\Windows\System\wujwkhE.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\pXpJCbV.exe
  C:\Windows\System\pXpJCbV.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\rwrZkqd.exe
  C:\Windows\System\rwrZkqd.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\EBksLPs.exe
  C:\Windows\System\EBksLPs.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\udCcaOD.exe
  C:\Windows\System\udCcaOD.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\GYcjdPP.exe
  C:\Windows\System\GYcjdPP.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\hLlBnfW.exe
  C:\Windows\System\hLlBnfW.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System\UFcohLp.exe
  C:\Windows\System\UFcohLp.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\cHNkVzY.exe
  C:\Windows\System\cHNkVzY.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\nJInkby.exe
  C:\Windows\System\nJInkby.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\MlfOxYs.exe
  C:\Windows\System\MlfOxYs.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\tFPDhDs.exe
  C:\Windows\System\tFPDhDs.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\fyFGcFO.exe
  C:\Windows\System\fyFGcFO.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\gDliwuG.exe
  C:\Windows\System\gDliwuG.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\vGiWtcr.exe
  C:\Windows\System\vGiWtcr.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\ulTxBmW.exe
  C:\Windows\System\ulTxBmW.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\isaYtAL.exe
  C:\Windows\System\isaYtAL.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\WUkRgRM.exe
  C:\Windows\System\WUkRgRM.exe
  2⤵
  - Executes dropped EXE
  PID:3428
- C:\Windows\System\GMAjyPB.exe
  C:\Windows\System\GMAjyPB.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\LOOMjaj.exe
  C:\Windows\System\LOOMjaj.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\DCUgfVQ.exe
  C:\Windows\System\DCUgfVQ.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System\DkucCeR.exe
  C:\Windows\System\DkucCeR.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\XvSRrJq.exe
  C:\Windows\System\XvSRrJq.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\rOnmkab.exe
  C:\Windows\System\rOnmkab.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\ASSYhtx.exe
  C:\Windows\System\ASSYhtx.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\fEXtzdx.exe
  C:\Windows\System\fEXtzdx.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\UrripJE.exe
  C:\Windows\System\UrripJE.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\ilcTXPO.exe
  C:\Windows\System\ilcTXPO.exe
  2⤵
  - Executes dropped EXE
  PID:3796
- C:\Windows\System\InDHqsS.exe
  C:\Windows\System\InDHqsS.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\UgODBzV.exe
  C:\Windows\System\UgODBzV.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\FLXnOAj.exe
  C:\Windows\System\FLXnOAj.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\BcYYqxe.exe
  C:\Windows\System\BcYYqxe.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\DqVXETK.exe
  C:\Windows\System\DqVXETK.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System\gKIDsAV.exe
  C:\Windows\System\gKIDsAV.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\EAknIqi.exe
  C:\Windows\System\EAknIqi.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\titjuPw.exe
  C:\Windows\System\titjuPw.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\lYxsBBU.exe
  C:\Windows\System\lYxsBBU.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\ucVZsgE.exe
  C:\Windows\System\ucVZsgE.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\uRusgWe.exe
  C:\Windows\System\uRusgWe.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\gtJSJPD.exe
  C:\Windows\System\gtJSJPD.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\YwTmjnE.exe
  C:\Windows\System\YwTmjnE.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\iKXKdCa.exe
  C:\Windows\System\iKXKdCa.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System\zdfbqGV.exe
  C:\Windows\System\zdfbqGV.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\qhRzvHu.exe
  C:\Windows\System\qhRzvHu.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\siLEnPo.exe
  C:\Windows\System\siLEnPo.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\OrBIeoK.exe
  C:\Windows\System\OrBIeoK.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\KgNMmfx.exe
  C:\Windows\System\KgNMmfx.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\leoABKa.exe
  C:\Windows\System\leoABKa.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\NZpmxug.exe
  C:\Windows\System\NZpmxug.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\JlKAKDt.exe
  C:\Windows\System\JlKAKDt.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\ZngkMJP.exe
  C:\Windows\System\ZngkMJP.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\acxMCRL.exe
  C:\Windows\System\acxMCRL.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\iCjHufV.exe
  C:\Windows\System\iCjHufV.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\huqEvnj.exe
  C:\Windows\System\huqEvnj.exe
  2⤵
  PID:916
- C:\Windows\System\xZXWZSs.exe
  C:\Windows\System\xZXWZSs.exe
  2⤵
  PID:812
- C:\Windows\System\INrVQTh.exe
  C:\Windows\System\INrVQTh.exe
  2⤵
  PID:1800
- C:\Windows\System\xIbEmIM.exe
  C:\Windows\System\xIbEmIM.exe
  2⤵
  PID:696
- C:\Windows\System\TCnEbuS.exe
  C:\Windows\System\TCnEbuS.exe
  2⤵
  PID:4560
- C:\Windows\System\sNyyMUV.exe
  C:\Windows\System\sNyyMUV.exe
  2⤵
  PID:2904
- C:\Windows\System\bKDiFvr.exe
  C:\Windows\System\bKDiFvr.exe
  2⤵
  PID:3904
- C:\Windows\System\dwMycrA.exe
  C:\Windows\System\dwMycrA.exe
  2⤵
  PID:3748
- C:\Windows\System\LSTgjtF.exe
  C:\Windows\System\LSTgjtF.exe
  2⤵
  PID:2036
- C:\Windows\System\fGeTGqG.exe
  C:\Windows\System\fGeTGqG.exe
  2⤵
  PID:5068
- C:\Windows\System\tnfBsiZ.exe
  C:\Windows\System\tnfBsiZ.exe
  2⤵
  PID:5148
- C:\Windows\System\ZDwhGfk.exe
  C:\Windows\System\ZDwhGfk.exe
  2⤵
  PID:5164
- C:\Windows\System\MjGFiMr.exe
  C:\Windows\System\MjGFiMr.exe
  2⤵
  PID:5204
- C:\Windows\System\ZKUZwLN.exe
  C:\Windows\System\ZKUZwLN.exe
  2⤵
  PID:5232
- C:\Windows\System\sAAnprr.exe
  C:\Windows\System\sAAnprr.exe
  2⤵
  PID:5248
- C:\Windows\System\ffuRSgA.exe
  C:\Windows\System\ffuRSgA.exe
  2⤵
  PID:5276
- C:\Windows\System\TkSwzCf.exe
  C:\Windows\System\TkSwzCf.exe
  2⤵
  PID:5316
- C:\Windows\System\NkVdvzI.exe
  C:\Windows\System\NkVdvzI.exe
  2⤵
  PID:5344
- C:\Windows\System\FZnScnk.exe
  C:\Windows\System\FZnScnk.exe
  2⤵
  PID:5360
- C:\Windows\System\ZdWSUJq.exe
  C:\Windows\System\ZdWSUJq.exe
  2⤵
  PID:5388
- C:\Windows\System\wiUxSwo.exe
  C:\Windows\System\wiUxSwo.exe
  2⤵
  PID:5416
- C:\Windows\System\emyKfpk.exe
  C:\Windows\System\emyKfpk.exe
  2⤵
  PID:5432
- C:\Windows\System\TIwTQaB.exe
  C:\Windows\System\TIwTQaB.exe
  2⤵
  PID:5472
- C:\Windows\System\MMKPvll.exe
  C:\Windows\System\MMKPvll.exe
  2⤵
  PID:5500
- C:\Windows\System\zgVFEce.exe
  C:\Windows\System\zgVFEce.exe
  2⤵
  PID:5528
- C:\Windows\System\pVIgOsF.exe
  C:\Windows\System\pVIgOsF.exe
  2⤵
  PID:5556
- C:\Windows\System\ObPorOj.exe
  C:\Windows\System\ObPorOj.exe
  2⤵
  PID:5584
- C:\Windows\System\fpikPbq.exe
  C:\Windows\System\fpikPbq.exe
  2⤵
  PID:5612
- C:\Windows\System\knCCeae.exe
  C:\Windows\System\knCCeae.exe
  2⤵
  PID:5640
- C:\Windows\System\mvskixr.exe
  C:\Windows\System\mvskixr.exe
  2⤵
  PID:5668
- C:\Windows\System\ooxvTyq.exe
  C:\Windows\System\ooxvTyq.exe
  2⤵
  PID:5696
- C:\Windows\System\RjYdDyT.exe
  C:\Windows\System\RjYdDyT.exe
  2⤵
  PID:5724
- C:\Windows\System\KWsDtAx.exe
  C:\Windows\System\KWsDtAx.exe
  2⤵
  PID:5752
- C:\Windows\System\ciUXnLN.exe
  C:\Windows\System\ciUXnLN.exe
  2⤵
  PID:5780
- C:\Windows\System\SyDpIOl.exe
  C:\Windows\System\SyDpIOl.exe
  2⤵
  PID:5820
- C:\Windows\System\xsqauac.exe
  C:\Windows\System\xsqauac.exe
  2⤵
  PID:5836
- C:\Windows\System\MuZenmM.exe
  C:\Windows\System\MuZenmM.exe
  2⤵
  PID:5864
- C:\Windows\System\YMbJcIz.exe
  C:\Windows\System\YMbJcIz.exe
  2⤵
  PID:5892
- C:\Windows\System\mByzwwO.exe
  C:\Windows\System\mByzwwO.exe
  2⤵
  PID:5932
- C:\Windows\System\aebXNOy.exe
  C:\Windows\System\aebXNOy.exe
  2⤵
  PID:5948
- C:\Windows\System\fLrJvbl.exe
  C:\Windows\System\fLrJvbl.exe
  2⤵
  PID:5976
- C:\Windows\System\wwRtMUM.exe
  C:\Windows\System\wwRtMUM.exe
  2⤵
  PID:6004
- C:\Windows\System\HQwANUy.exe
  C:\Windows\System\HQwANUy.exe
  2⤵
  PID:6044
- C:\Windows\System\oZkOEBB.exe
  C:\Windows\System\oZkOEBB.exe
  2⤵
  PID:6072
- C:\Windows\System\jPgbxHI.exe
  C:\Windows\System\jPgbxHI.exe
  2⤵
  PID:6088
- C:\Windows\System\rMajmTY.exe
  C:\Windows\System\rMajmTY.exe
  2⤵
  PID:6116
- C:\Windows\System\LFkwMBD.exe
  C:\Windows\System\LFkwMBD.exe
  2⤵
  PID:3688
- C:\Windows\System\zGDLgQU.exe
  C:\Windows\System\zGDLgQU.exe
  2⤵
  PID:1796
- C:\Windows\System\xhKsKdx.exe
  C:\Windows\System\xhKsKdx.exe
  2⤵
  PID:5176
- C:\Windows\System\RsdEpdJ.exe
  C:\Windows\System\RsdEpdJ.exe
  2⤵
  PID:5240
- C:\Windows\System\VOEkltn.exe
  C:\Windows\System\VOEkltn.exe
  2⤵
  PID:5272
- C:\Windows\System\sKsfJfF.exe
  C:\Windows\System\sKsfJfF.exe
  2⤵
  PID:5372
- C:\Windows\System\pOFGRLH.exe
  C:\Windows\System\pOFGRLH.exe
  2⤵
  PID:5404
- C:\Windows\System\jmNCEVB.exe
  C:\Windows\System\jmNCEVB.exe
  2⤵
  PID:5464
- C:\Windows\System\sGqwHJp.exe
  C:\Windows\System\sGqwHJp.exe
  2⤵
  PID:1688
- C:\Windows\System\FZxuLSl.exe
  C:\Windows\System\FZxuLSl.exe
  2⤵
  PID:5624
- C:\Windows\System\uxGkIFA.exe
  C:\Windows\System\uxGkIFA.exe
  2⤵
  PID:5656
- C:\Windows\System\BrOLuvP.exe
  C:\Windows\System\BrOLuvP.exe
  2⤵
  PID:5720
- C:\Windows\System\mfiRiGP.exe
  C:\Windows\System\mfiRiGP.exe
  2⤵
  PID:5804
- C:\Windows\System\DEHioIQ.exe
  C:\Windows\System\DEHioIQ.exe
  2⤵
  PID:5876
- C:\Windows\System\fCcZEqH.exe
  C:\Windows\System\fCcZEqH.exe
  2⤵
  PID:5940
- C:\Windows\System\ZIBGZGy.exe
  C:\Windows\System\ZIBGZGy.exe
  2⤵
  PID:5968
- C:\Windows\System\NzihnOW.exe
  C:\Windows\System\NzihnOW.exe
  2⤵
  PID:6036
- C:\Windows\System\eCNCYwL.exe
  C:\Windows\System\eCNCYwL.exe
  2⤵
  PID:6108
- C:\Windows\System\CMIaKiH.exe
  C:\Windows\System\CMIaKiH.exe
  2⤵
  PID:6136
- C:\Windows\System\ZBtltrx.exe
  C:\Windows\System\ZBtltrx.exe
  2⤵
  PID:1256
- C:\Windows\System\TnTkZJR.exe
  C:\Windows\System\TnTkZJR.exe
  2⤵
  PID:5304
- C:\Windows\System\phiczbn.exe
  C:\Windows\System\phiczbn.exe
  2⤵
  PID:5444
- C:\Windows\System\GwHOKFo.exe
  C:\Windows\System\GwHOKFo.exe
  2⤵
  PID:5596
- C:\Windows\System\zuRDrQM.exe
  C:\Windows\System\zuRDrQM.exe
  2⤵
  PID:5688
- C:\Windows\System\ERmKjrl.exe
  C:\Windows\System\ERmKjrl.exe
  2⤵
  PID:5832
- C:\Windows\System\DhgyDHO.exe
  C:\Windows\System\DhgyDHO.exe
  2⤵
  PID:3660
- C:\Windows\System\XbubnUD.exe
  C:\Windows\System\XbubnUD.exe
  2⤵
  PID:6080
- C:\Windows\System\hPujbuq.exe
  C:\Windows\System\hPujbuq.exe
  2⤵
  PID:5004
- C:\Windows\System\lXkiBxI.exe
  C:\Windows\System\lXkiBxI.exe
  2⤵
  PID:5352
- C:\Windows\System\SsXtvMw.exe
  C:\Windows\System\SsXtvMw.exe
  2⤵
  PID:5652
- C:\Windows\System\vRvpUuD.exe
  C:\Windows\System\vRvpUuD.exe
  2⤵
  PID:5904
- C:\Windows\System\BtmKTzY.exe
  C:\Windows\System\BtmKTzY.exe
  2⤵
  PID:4708
- C:\Windows\System\NfnSqDW.exe
  C:\Windows\System\NfnSqDW.exe
  2⤵
  PID:5264
- C:\Windows\System\DwOCHLv.exe
  C:\Windows\System\DwOCHLv.exe
  2⤵
  PID:4260
- C:\Windows\System\Zuymtdw.exe
  C:\Windows\System\Zuymtdw.exe
  2⤵
  PID:6160
- C:\Windows\System\poksJsA.exe
  C:\Windows\System\poksJsA.exe
  2⤵
  PID:6200
- C:\Windows\System\AUGfAMy.exe
  C:\Windows\System\AUGfAMy.exe
  2⤵
  PID:6228
- C:\Windows\System\UDJtxhH.exe
  C:\Windows\System\UDJtxhH.exe
  2⤵
  PID:6256
- C:\Windows\System\ZmIvBxZ.exe
  C:\Windows\System\ZmIvBxZ.exe
  2⤵
  PID:6284
- C:\Windows\System\FSHwFVH.exe
  C:\Windows\System\FSHwFVH.exe
  2⤵
  PID:6300
- C:\Windows\System\lLPlxTV.exe
  C:\Windows\System\lLPlxTV.exe
  2⤵
  PID:6328
- C:\Windows\System\oJbIbGT.exe
  C:\Windows\System\oJbIbGT.exe
  2⤵
  PID:6368
- C:\Windows\System\AUDpkUW.exe
  C:\Windows\System\AUDpkUW.exe
  2⤵
  PID:6384
- C:\Windows\System\GebOJFW.exe
  C:\Windows\System\GebOJFW.exe
  2⤵
  PID:6412
- C:\Windows\System\tvKPOyO.exe
  C:\Windows\System\tvKPOyO.exe
  2⤵
  PID:6440
- C:\Windows\System\CCJwFVE.exe
  C:\Windows\System\CCJwFVE.exe
  2⤵
  PID:6468
- C:\Windows\System\GBQyBrJ.exe
  C:\Windows\System\GBQyBrJ.exe
  2⤵
  PID:6516
- C:\Windows\System\fKLfhFd.exe
  C:\Windows\System\fKLfhFd.exe
  2⤵
  PID:6548
- C:\Windows\System\lDKXjpG.exe
  C:\Windows\System\lDKXjpG.exe
  2⤵
  PID:6640
- C:\Windows\System\brsalMw.exe
  C:\Windows\System\brsalMw.exe
  2⤵
  PID:6668
- C:\Windows\System\CpxwLEB.exe
  C:\Windows\System\CpxwLEB.exe
  2⤵
  PID:6720
- C:\Windows\System\MjSWMrf.exe
  C:\Windows\System\MjSWMrf.exe
  2⤵
  PID:6760
- C:\Windows\System\dVHzuMS.exe
  C:\Windows\System\dVHzuMS.exe
  2⤵
  PID:6788
- C:\Windows\System\wpsuibG.exe
  C:\Windows\System\wpsuibG.exe
  2⤵
  PID:6824
- C:\Windows\System\JXjFtRZ.exe
  C:\Windows\System\JXjFtRZ.exe
  2⤵
  PID:6840
- C:\Windows\System\RONZruB.exe
  C:\Windows\System\RONZruB.exe
  2⤵
  PID:6872
- C:\Windows\System\oDqsDob.exe
  C:\Windows\System\oDqsDob.exe
  2⤵
  PID:6896
- C:\Windows\System\ThELEVV.exe
  C:\Windows\System\ThELEVV.exe
  2⤵
  PID:6924
- C:\Windows\System\DObBFyB.exe
  C:\Windows\System\DObBFyB.exe
  2⤵
  PID:6956
- C:\Windows\System\oFQeLgL.exe
  C:\Windows\System\oFQeLgL.exe
  2⤵
  PID:6996
- C:\Windows\System\wPYXFkE.exe
  C:\Windows\System\wPYXFkE.exe
  2⤵
  PID:7016
- C:\Windows\System\edgiXpP.exe
  C:\Windows\System\edgiXpP.exe
  2⤵
  PID:7056
- C:\Windows\System\VbGijbZ.exe
  C:\Windows\System\VbGijbZ.exe
  2⤵
  PID:7080
- C:\Windows\System\fKNhvei.exe
  C:\Windows\System\fKNhvei.exe
  2⤵
  PID:7136
- C:\Windows\System\zdZSURe.exe
  C:\Windows\System\zdZSURe.exe
  2⤵
  PID:4588
- C:\Windows\System\JmCOnPN.exe
  C:\Windows\System\JmCOnPN.exe
  2⤵
  PID:6216
- C:\Windows\System\hPJlHBG.exe
  C:\Windows\System\hPJlHBG.exe
  2⤵
  PID:6360
- C:\Windows\System\gpFfjdK.exe
  C:\Windows\System\gpFfjdK.exe
  2⤵
  PID:3812
- C:\Windows\System\YLbZWpB.exe
  C:\Windows\System\YLbZWpB.exe
  2⤵
  PID:6544
- C:\Windows\System\JRudydH.exe
  C:\Windows\System\JRudydH.exe
  2⤵
  PID:1844
- C:\Windows\System\EWAprIT.exe
  C:\Windows\System\EWAprIT.exe
  2⤵
  PID:1840
- C:\Windows\System\grJvOSU.exe
  C:\Windows\System\grJvOSU.exe
  2⤵
  PID:4964
- C:\Windows\System\TgyDSVL.exe
  C:\Windows\System\TgyDSVL.exe
  2⤵
  PID:6632
- C:\Windows\System\VTWbgRX.exe
  C:\Windows\System\VTWbgRX.exe
  2⤵
  PID:1052
- C:\Windows\System\vRFZpke.exe
  C:\Windows\System\vRFZpke.exe
  2⤵
  PID:6660
- C:\Windows\System\wQLPMlf.exe
  C:\Windows\System\wQLPMlf.exe
  2⤵
  PID:2972
- C:\Windows\System\njQCUDR.exe
  C:\Windows\System\njQCUDR.exe
  2⤵
  PID:6712
- C:\Windows\System\OgDzDFJ.exe
  C:\Windows\System\OgDzDFJ.exe
  2⤵
  PID:6756
- C:\Windows\System\IqChQOk.exe
  C:\Windows\System\IqChQOk.exe
  2⤵
  PID:6836
- C:\Windows\System\DRliWSW.exe
  C:\Windows\System\DRliWSW.exe
  2⤵
  PID:6888
- C:\Windows\System\wNmsKra.exe
  C:\Windows\System\wNmsKra.exe
  2⤵
  PID:6980
- C:\Windows\System\ZNjEcXf.exe
  C:\Windows\System\ZNjEcXf.exe
  2⤵
  PID:7012
- C:\Windows\System\BjgZbsf.exe
  C:\Windows\System\BjgZbsf.exe
  2⤵
  PID:6984
- C:\Windows\System\NgcHixH.exe
  C:\Windows\System\NgcHixH.exe
  2⤵
  PID:6620
- C:\Windows\System\dfkKXxq.exe
  C:\Windows\System\dfkKXxq.exe
  2⤵
  PID:6244
- C:\Windows\System\mAfLnxq.exe
  C:\Windows\System\mAfLnxq.exe
  2⤵
  PID:6484
- C:\Windows\System\UsPLibs.exe
  C:\Windows\System\UsPLibs.exe
  2⤵
  PID:1388
- C:\Windows\System\ChCOFnn.exe
  C:\Windows\System\ChCOFnn.exe
  2⤵
  PID:4860
- C:\Windows\System\eVXpQCU.exe
  C:\Windows\System\eVXpQCU.exe
  2⤵
  PID:3612
- C:\Windows\System\nNdeIQi.exe
  C:\Windows\System\nNdeIQi.exe
  2⤵
  PID:1780
- C:\Windows\System\bcyABOd.exe
  C:\Windows\System\bcyABOd.exe
  2⤵
  PID:6880
- C:\Windows\System\BSrOUCI.exe
  C:\Windows\System\BSrOUCI.exe
  2⤵
  PID:7068
- C:\Windows\System\IpmnvBd.exe
  C:\Windows\System\IpmnvBd.exe
  2⤵
  PID:6172
- C:\Windows\System\lGRyMgJ.exe
  C:\Windows\System\lGRyMgJ.exe
  2⤵
  PID:3220
- C:\Windows\System\tbocHcR.exe
  C:\Windows\System\tbocHcR.exe
  2⤵
  PID:3708
- C:\Windows\System\ZlndFNA.exe
  C:\Windows\System\ZlndFNA.exe
  2⤵
  PID:6496
- C:\Windows\System\fLzESht.exe
  C:\Windows\System\fLzESht.exe
  2⤵
  PID:1868
- C:\Windows\System\eUKmZnA.exe
  C:\Windows\System\eUKmZnA.exe
  2⤵
  PID:1700
- C:\Windows\System\LQoqxGB.exe
  C:\Windows\System\LQoqxGB.exe
  2⤵
  PID:7176
- C:\Windows\System\vfkHPGC.exe
  C:\Windows\System\vfkHPGC.exe
  2⤵
  PID:7204
- C:\Windows\System\POBMaOJ.exe
  C:\Windows\System\POBMaOJ.exe
  2⤵
  PID:7236
- C:\Windows\System\HfPOych.exe
  C:\Windows\System\HfPOych.exe
  2⤵
  PID:7264
- C:\Windows\System\FFMIJrk.exe
  C:\Windows\System\FFMIJrk.exe
  2⤵
  PID:7284
- C:\Windows\System\BkuTKcn.exe
  C:\Windows\System\BkuTKcn.exe
  2⤵
  PID:7312
- C:\Windows\System\ZfgVWDW.exe
  C:\Windows\System\ZfgVWDW.exe
  2⤵
  PID:7352
- C:\Windows\System\jgJRhby.exe
  C:\Windows\System\jgJRhby.exe
  2⤵
  PID:7376
- C:\Windows\System\pCjPyfW.exe
  C:\Windows\System\pCjPyfW.exe
  2⤵
  PID:7408
- C:\Windows\System\PbpDFad.exe
  C:\Windows\System\PbpDFad.exe
  2⤵
  PID:7440
- C:\Windows\System\gSaWfDo.exe
  C:\Windows\System\gSaWfDo.exe
  2⤵
  PID:7464
- C:\Windows\System\KlmHJZn.exe
  C:\Windows\System\KlmHJZn.exe
  2⤵
  PID:7488
- C:\Windows\System\euaPNeD.exe
  C:\Windows\System\euaPNeD.exe
  2⤵
  PID:7528
- C:\Windows\System\BivvfMv.exe
  C:\Windows\System\BivvfMv.exe
  2⤵
  PID:7544
- C:\Windows\System\zaJFGje.exe
  C:\Windows\System\zaJFGje.exe
  2⤵
  PID:7584
- C:\Windows\System\ctFazbI.exe
  C:\Windows\System\ctFazbI.exe
  2⤵
  PID:7612
- C:\Windows\System\rkkSdPR.exe
  C:\Windows\System\rkkSdPR.exe
  2⤵
  PID:7668
- C:\Windows\System\zMNEWDb.exe
  C:\Windows\System\zMNEWDb.exe
  2⤵
  PID:7700
- C:\Windows\System\jDcdNRp.exe
  C:\Windows\System\jDcdNRp.exe
  2⤵
  PID:7732
- C:\Windows\System\UsgnChR.exe
  C:\Windows\System\UsgnChR.exe
  2⤵
  PID:7760
- C:\Windows\System\YuCFTMw.exe
  C:\Windows\System\YuCFTMw.exe
  2⤵
  PID:7792
- C:\Windows\System\nNNfhqo.exe
  C:\Windows\System\nNNfhqo.exe
  2⤵
  PID:7816
- C:\Windows\System\zhxQmfU.exe
  C:\Windows\System\zhxQmfU.exe
  2⤵
  PID:7856
- C:\Windows\System\bWMrVNu.exe
  C:\Windows\System\bWMrVNu.exe
  2⤵
  PID:7876
- C:\Windows\System\MFIvRHt.exe
  C:\Windows\System\MFIvRHt.exe
  2⤵
  PID:7908
- C:\Windows\System\mnrjLkR.exe
  C:\Windows\System\mnrjLkR.exe
  2⤵
  PID:7932
- C:\Windows\System\cIsxRIk.exe
  C:\Windows\System\cIsxRIk.exe
  2⤵
  PID:7960
- C:\Windows\System\dpnQhgq.exe
  C:\Windows\System\dpnQhgq.exe
  2⤵
  PID:8000
- C:\Windows\System\KtnNaQk.exe
  C:\Windows\System\KtnNaQk.exe
  2⤵
  PID:8044
- C:\Windows\System\AvPtTQc.exe
  C:\Windows\System\AvPtTQc.exe
  2⤵
  PID:8072
- C:\Windows\System\YSkXsMp.exe
  C:\Windows\System\YSkXsMp.exe
  2⤵
  PID:8100
- C:\Windows\System\etQQsfO.exe
  C:\Windows\System\etQQsfO.exe
  2⤵
  PID:8140
- C:\Windows\System\fpHgTkG.exe
  C:\Windows\System\fpHgTkG.exe
  2⤵
  PID:8168
- C:\Windows\System\GVYqiZS.exe
  C:\Windows\System\GVYqiZS.exe
  2⤵
  PID:8188
- C:\Windows\System\SmyuURa.exe
  C:\Windows\System\SmyuURa.exe
  2⤵
  PID:7212
- C:\Windows\System\TtjJqdh.exe
  C:\Windows\System\TtjJqdh.exe
  2⤵
  PID:7324
- C:\Windows\System\dIilZKo.exe
  C:\Windows\System\dIilZKo.exe
  2⤵
  PID:7368
- C:\Windows\System\LBPhSys.exe
  C:\Windows\System\LBPhSys.exe
  2⤵
  PID:7452
- C:\Windows\System\TuosdwG.exe
  C:\Windows\System\TuosdwG.exe
  2⤵
  PID:7516
- C:\Windows\System\UYgbWAI.exe
  C:\Windows\System\UYgbWAI.exe
  2⤵
  PID:7604
- C:\Windows\System\mgWAdKE.exe
  C:\Windows\System\mgWAdKE.exe
  2⤵
  PID:7696
- C:\Windows\System\CnzCOqB.exe
  C:\Windows\System\CnzCOqB.exe
  2⤵
  PID:6692
- C:\Windows\System\nxiOzgm.exe
  C:\Windows\System\nxiOzgm.exe
  2⤵
  PID:7724
- C:\Windows\System\eUlXdVW.exe
  C:\Windows\System\eUlXdVW.exe
  2⤵
  PID:7780
- C:\Windows\System\owAhdbX.exe
  C:\Windows\System\owAhdbX.exe
  2⤵
  PID:7864
- C:\Windows\System\dPijusK.exe
  C:\Windows\System\dPijusK.exe
  2⤵
  PID:7928
- C:\Windows\System\ZlsBlhS.exe
  C:\Windows\System\ZlsBlhS.exe
  2⤵
  PID:7980
- C:\Windows\System\sDOntSC.exe
  C:\Windows\System\sDOntSC.exe
  2⤵
  PID:8064
- C:\Windows\System\QHxjQcn.exe
  C:\Windows\System\QHxjQcn.exe
  2⤵
  PID:3524
- C:\Windows\System\TeaAxvo.exe
  C:\Windows\System\TeaAxvo.exe
  2⤵
  PID:1628
- C:\Windows\System\qlUoDZi.exe
  C:\Windows\System\qlUoDZi.exe
  2⤵
  PID:2440
- C:\Windows\System\Myenudp.exe
  C:\Windows\System\Myenudp.exe
  2⤵
  PID:8184
- C:\Windows\System\KaQhPva.exe
  C:\Windows\System\KaQhPva.exe
  2⤵
  PID:7276
- C:\Windows\System\HzlTGAF.exe
  C:\Windows\System\HzlTGAF.exe
  2⤵
  PID:7420
- C:\Windows\System\SCPNskb.exe
  C:\Windows\System\SCPNskb.exe
  2⤵
  PID:7536
- C:\Windows\System\DvGZVCQ.exe
  C:\Windows\System\DvGZVCQ.exe
  2⤵
  PID:7556
- C:\Windows\System\cWpWzrr.exe
  C:\Windows\System\cWpWzrr.exe
  2⤵
  PID:7756
- C:\Windows\System\dkctfLF.exe
  C:\Windows\System\dkctfLF.exe
  2⤵
  PID:1128
- C:\Windows\System\xaYznNs.exe
  C:\Windows\System\xaYznNs.exe
  2⤵
  PID:8036
- C:\Windows\System\MlVMUiu.exe
  C:\Windows\System\MlVMUiu.exe
  2⤵
  PID:3468
- C:\Windows\System\qiJrmTB.exe
  C:\Windows\System\qiJrmTB.exe
  2⤵
  PID:8136
- C:\Windows\System\XNKarmc.exe
  C:\Windows\System\XNKarmc.exe
  2⤵
  PID:2232
- C:\Windows\System\qUVHmJo.exe
  C:\Windows\System\qUVHmJo.exe
  2⤵
  PID:728
- C:\Windows\System\kqvyEzv.exe
  C:\Windows\System\kqvyEzv.exe
  2⤵
  PID:7476
- C:\Windows\System\vXEclaK.exe
  C:\Windows\System\vXEclaK.exe
  2⤵
  PID:2796
- C:\Windows\System\sgXWrcq.exe
  C:\Windows\System\sgXWrcq.exe
  2⤵
  PID:7808
- C:\Windows\System\BGBJtQj.exe
  C:\Windows\System\BGBJtQj.exe
  2⤵
  PID:4200
- C:\Windows\System\krOFGCD.exe
  C:\Windows\System\krOFGCD.exe
  2⤵
  PID:412
- C:\Windows\System\oyVFnud.exe
  C:\Windows\System\oyVFnud.exe
  2⤵
  PID:1076
- C:\Windows\System\mesgGhX.exe
  C:\Windows\System\mesgGhX.exe
  2⤵
  PID:2344
- C:\Windows\System\BcLLaKb.exe
  C:\Windows\System\BcLLaKb.exe
  2⤵
  PID:8180
- C:\Windows\System\maDZvNw.exe
  C:\Windows\System\maDZvNw.exe
  2⤵
  PID:2104
- C:\Windows\System\sYSTsUG.exe
  C:\Windows\System\sYSTsUG.exe
  2⤵
  PID:7680
- C:\Windows\System\SlMIGBm.exe
  C:\Windows\System\SlMIGBm.exe
  2⤵
  PID:2052
- C:\Windows\System\WAPsANP.exe
  C:\Windows\System\WAPsANP.exe
  2⤵
  PID:8216
- C:\Windows\System\jjynYQO.exe
  C:\Windows\System\jjynYQO.exe
  2⤵
  PID:8240
- C:\Windows\System\iuQySBr.exe
  C:\Windows\System\iuQySBr.exe
  2⤵
  PID:8272
- C:\Windows\System\QWeeBuF.exe
  C:\Windows\System\QWeeBuF.exe
  2⤵
  PID:8296
- C:\Windows\System\zOeMcPX.exe
  C:\Windows\System\zOeMcPX.exe
  2⤵
  PID:8320
- C:\Windows\System\EmVOWya.exe
  C:\Windows\System\EmVOWya.exe
  2⤵
  PID:8340
- C:\Windows\System\hMUqZUV.exe
  C:\Windows\System\hMUqZUV.exe
  2⤵
  PID:8392
- C:\Windows\System\BbUZBPY.exe
  C:\Windows\System\BbUZBPY.exe
  2⤵
  PID:8408
- C:\Windows\System\fnEylwa.exe
  C:\Windows\System\fnEylwa.exe
  2⤵
  PID:8444
- C:\Windows\System\QLmOxfk.exe
  C:\Windows\System\QLmOxfk.exe
  2⤵
  PID:8472
- C:\Windows\System\ToEIrwK.exe
  C:\Windows\System\ToEIrwK.exe
  2⤵
  PID:8500
- C:\Windows\System\TUHKxdr.exe
  C:\Windows\System\TUHKxdr.exe
  2⤵
  PID:8528
- C:\Windows\System\LrBJEEF.exe
  C:\Windows\System\LrBJEEF.exe
  2⤵
  PID:8552
- C:\Windows\System\jBVeTZa.exe
  C:\Windows\System\jBVeTZa.exe
  2⤵
  PID:8588
- C:\Windows\System\OFkiwjK.exe
  C:\Windows\System\OFkiwjK.exe
  2⤵
  PID:8616
- C:\Windows\System\TBqUgSA.exe
  C:\Windows\System\TBqUgSA.exe
  2⤵
  PID:8636
- C:\Windows\System\UoQPLFu.exe
  C:\Windows\System\UoQPLFu.exe
  2⤵
  PID:8668
- C:\Windows\System\ZODfjCl.exe
  C:\Windows\System\ZODfjCl.exe
  2⤵
  PID:8692
- C:\Windows\System\TWQwrpN.exe
  C:\Windows\System\TWQwrpN.exe
  2⤵
  PID:8720
- C:\Windows\System\KmfriQq.exe
  C:\Windows\System\KmfriQq.exe
  2⤵
  PID:8748
- C:\Windows\System\ezKQjag.exe
  C:\Windows\System\ezKQjag.exe
  2⤵
  PID:8776
- C:\Windows\System\yvbytvI.exe
  C:\Windows\System\yvbytvI.exe
  2⤵
  PID:8804
- C:\Windows\System\VEuRGNP.exe
  C:\Windows\System\VEuRGNP.exe
  2⤵
  PID:8832
- C:\Windows\System\vwYgmxz.exe
  C:\Windows\System\vwYgmxz.exe
  2⤵
  PID:8864
- C:\Windows\System\YERWDNY.exe
  C:\Windows\System\YERWDNY.exe
  2⤵
  PID:8892
- C:\Windows\System\KZOaiYj.exe
  C:\Windows\System\KZOaiYj.exe
  2⤵
  PID:8920
- C:\Windows\System\ywNXJFc.exe
  C:\Windows\System\ywNXJFc.exe
  2⤵
  PID:8948
- C:\Windows\System\rrINyJo.exe
  C:\Windows\System\rrINyJo.exe
  2⤵
  PID:8976
- C:\Windows\System\EhImqmp.exe
  C:\Windows\System\EhImqmp.exe
  2⤵
  PID:9004
- C:\Windows\System\WXWHJNq.exe
  C:\Windows\System\WXWHJNq.exe
  2⤵
  PID:9032
- C:\Windows\System\lJZgcjf.exe
  C:\Windows\System\lJZgcjf.exe
  2⤵
  PID:9060
- C:\Windows\System\flAgaFA.exe
  C:\Windows\System\flAgaFA.exe
  2⤵
  PID:9088
- C:\Windows\System\zOcPTyM.exe
  C:\Windows\System\zOcPTyM.exe
  2⤵
  PID:9124
- C:\Windows\System\QWBDuvC.exe
  C:\Windows\System\QWBDuvC.exe
  2⤵
  PID:9144
- C:\Windows\System\XMzFGkn.exe
  C:\Windows\System\XMzFGkn.exe
  2⤵
  PID:9180
- C:\Windows\System\timGYCS.exe
  C:\Windows\System\timGYCS.exe
  2⤵
  PID:9204
- C:\Windows\System\gJUfqLz.exe
  C:\Windows\System\gJUfqLz.exe
  2⤵
  PID:8252
- C:\Windows\System\evgpPFr.exe
  C:\Windows\System\evgpPFr.exe
  2⤵
  PID:8312
- C:\Windows\System\tzRhwDX.exe
  C:\Windows\System\tzRhwDX.exe
  2⤵
  PID:8388
- C:\Windows\System\xKJmkyj.exe
  C:\Windows\System\xKJmkyj.exe
  2⤵
  PID:8424
- C:\Windows\System\GTcJriZ.exe
  C:\Windows\System\GTcJriZ.exe
  2⤵
  PID:8480
- C:\Windows\System\gqoBxIU.exe
  C:\Windows\System\gqoBxIU.exe
  2⤵
  PID:8572
- C:\Windows\System\eAoJNHT.exe
  C:\Windows\System\eAoJNHT.exe
  2⤵
  PID:8628
- C:\Windows\System\JfyVPhc.exe
  C:\Windows\System\JfyVPhc.exe
  2⤵
  PID:8688
- C:\Windows\System\WewfgBm.exe
  C:\Windows\System\WewfgBm.exe
  2⤵
  PID:8760
- C:\Windows\System\yIqIjtE.exe
  C:\Windows\System\yIqIjtE.exe
  2⤵
  PID:8828
- C:\Windows\System\DIeOMTt.exe
  C:\Windows\System\DIeOMTt.exe
  2⤵
  PID:8880
- C:\Windows\System\sxNkDJz.exe
  C:\Windows\System\sxNkDJz.exe
  2⤵
  PID:8960
- C:\Windows\System\PxXjXmB.exe
  C:\Windows\System\PxXjXmB.exe
  2⤵
  PID:9024
- C:\Windows\System\FMOtjDH.exe
  C:\Windows\System\FMOtjDH.exe
  2⤵
  PID:8540
- C:\Windows\System\ahXBICM.exe
  C:\Windows\System\ahXBICM.exe
  2⤵
  PID:9136
- C:\Windows\System\eGrYTeZ.exe
  C:\Windows\System\eGrYTeZ.exe
  2⤵
  PID:9212
- C:\Windows\System\aJKDooz.exe
  C:\Windows\System\aJKDooz.exe
  2⤵
  PID:8376
- C:\Windows\System\CrneUkk.exe
  C:\Windows\System\CrneUkk.exe
  2⤵
  PID:8508
- C:\Windows\System\AKzDfhD.exe
  C:\Windows\System\AKzDfhD.exe
  2⤵
  PID:8604
- C:\Windows\System\NczgAvJ.exe
  C:\Windows\System\NczgAvJ.exe
  2⤵
  PID:8860
- C:\Windows\System\GqUpJra.exe
  C:\Windows\System\GqUpJra.exe
  2⤵
  PID:9076
- C:\Windows\System\hXgpdDF.exe
  C:\Windows\System\hXgpdDF.exe
  2⤵
  PID:9196
- C:\Windows\System\maVmtFj.exe
  C:\Windows\System\maVmtFj.exe
  2⤵
  PID:8456
- C:\Windows\System\xgbXmxj.exe
  C:\Windows\System\xgbXmxj.exe
  2⤵
  PID:8740
- C:\Windows\System\TtMGxzs.exe
  C:\Windows\System\TtMGxzs.exe
  2⤵
  PID:9048
- C:\Windows\System\wPhRHsA.exe
  C:\Windows\System\wPhRHsA.exe
  2⤵
  PID:9156
- C:\Windows\System\QDmgVki.exe
  C:\Windows\System\QDmgVki.exe
  2⤵
  PID:1548
- C:\Windows\System\JfLwdbR.exe
  C:\Windows\System\JfLwdbR.exe
  2⤵
  PID:8404
- C:\Windows\System\zAbKbfJ.exe
  C:\Windows\System\zAbKbfJ.exe
  2⤵
  PID:9192
- C:\Windows\System\drLgPCI.exe
  C:\Windows\System\drLgPCI.exe
  2⤵
  PID:9252
- C:\Windows\System\honyRYR.exe
  C:\Windows\System\honyRYR.exe
  2⤵
  PID:9284
- C:\Windows\System\kDaxJjD.exe
  C:\Windows\System\kDaxJjD.exe
  2⤵
  PID:9308
- C:\Windows\System\UOJFOJv.exe
  C:\Windows\System\UOJFOJv.exe
  2⤵
  PID:9340
- C:\Windows\System\omiqLaV.exe
  C:\Windows\System\omiqLaV.exe
  2⤵
  PID:9368
- C:\Windows\System\wEnQAYJ.exe
  C:\Windows\System\wEnQAYJ.exe
  2⤵
  PID:9396
- C:\Windows\System\fgaupoY.exe
  C:\Windows\System\fgaupoY.exe
  2⤵
  PID:9424
- C:\Windows\System\Lhwfebp.exe
  C:\Windows\System\Lhwfebp.exe
  2⤵
  PID:9444
- C:\Windows\System\KXnDyTb.exe
  C:\Windows\System\KXnDyTb.exe
  2⤵
  PID:9480
- C:\Windows\System\RlrKPEB.exe
  C:\Windows\System\RlrKPEB.exe
  2⤵
  PID:9508
- C:\Windows\System\rcDQlXS.exe
  C:\Windows\System\rcDQlXS.exe
  2⤵
  PID:9528
- C:\Windows\System\gTcHUAy.exe
  C:\Windows\System\gTcHUAy.exe
  2⤵
  PID:9564
- C:\Windows\System\VfqZCRz.exe
  C:\Windows\System\VfqZCRz.exe
  2⤵
  PID:9592
- C:\Windows\System\haiijSS.exe
  C:\Windows\System\haiijSS.exe
  2⤵
  PID:9620
- C:\Windows\System\oxZYDcu.exe
  C:\Windows\System\oxZYDcu.exe
  2⤵
  PID:9648
- C:\Windows\System\KTwRKqC.exe
  C:\Windows\System\KTwRKqC.exe
  2⤵
  PID:9676
- C:\Windows\System\XjyIjuQ.exe
  C:\Windows\System\XjyIjuQ.exe
  2⤵
  PID:9708
- C:\Windows\System\ryhCwKJ.exe
  C:\Windows\System\ryhCwKJ.exe
  2⤵
  PID:9728
- C:\Windows\System\eVFOwYU.exe
  C:\Windows\System\eVFOwYU.exe
  2⤵
  PID:9760
- C:\Windows\System\lgaQVzA.exe
  C:\Windows\System\lgaQVzA.exe
  2⤵
  PID:9792
- C:\Windows\System\RXpHoIk.exe
  C:\Windows\System\RXpHoIk.exe
  2⤵
  PID:9812
- C:\Windows\System\FEnHgtB.exe
  C:\Windows\System\FEnHgtB.exe
  2⤵
  PID:9840
- C:\Windows\System\PNsGEfX.exe
  C:\Windows\System\PNsGEfX.exe
  2⤵
  PID:9876
- C:\Windows\System\psBqYfZ.exe
  C:\Windows\System\psBqYfZ.exe
  2⤵
  PID:9900
- C:\Windows\System\GCatMGd.exe
  C:\Windows\System\GCatMGd.exe
  2⤵
  PID:9924
- C:\Windows\System\uEzWKpG.exe
  C:\Windows\System\uEzWKpG.exe
  2⤵
  PID:9960
- C:\Windows\System\QWeflaU.exe
  C:\Windows\System\QWeflaU.exe
  2⤵
  PID:9992
- C:\Windows\System\WQmCDPw.exe
  C:\Windows\System\WQmCDPw.exe
  2⤵
  PID:10024
- C:\Windows\System\jlQblmP.exe
  C:\Windows\System\jlQblmP.exe
  2⤵
  PID:10048
- C:\Windows\System\yenebah.exe
  C:\Windows\System\yenebah.exe
  2⤵
  PID:10076
- C:\Windows\System\seNTTcL.exe
  C:\Windows\System\seNTTcL.exe
  2⤵
  PID:10096
- C:\Windows\System\BFquUNl.exe
  C:\Windows\System\BFquUNl.exe
  2⤵
  PID:10124
- C:\Windows\System\qfzKbMj.exe
  C:\Windows\System\qfzKbMj.exe
  2⤵
  PID:10156
- C:\Windows\System\OYxgtSu.exe
  C:\Windows\System\OYxgtSu.exe
  2⤵
  PID:10188
- C:\Windows\System\qFrbidL.exe
  C:\Windows\System\qFrbidL.exe
  2⤵
  PID:10216
- C:\Windows\System\zyzvnTv.exe
  C:\Windows\System\zyzvnTv.exe
  2⤵
  PID:9228
- C:\Windows\System\jqDWWtG.exe
  C:\Windows\System\jqDWWtG.exe
  2⤵
  PID:9292
- C:\Windows\System\XwbifUn.exe
  C:\Windows\System\XwbifUn.exe
  2⤵
  PID:9376
- C:\Windows\System\mZkXpSw.exe
  C:\Windows\System\mZkXpSw.exe
  2⤵
  PID:9432
- C:\Windows\System\aHdWVPl.exe
  C:\Windows\System\aHdWVPl.exe
  2⤵
  PID:9492
- C:\Windows\System\kSbYmpb.exe
  C:\Windows\System\kSbYmpb.exe
  2⤵
  PID:9540
- C:\Windows\System\NgJSpsJ.exe
  C:\Windows\System\NgJSpsJ.exe
  2⤵
  PID:9600
- C:\Windows\System\krhleLP.exe
  C:\Windows\System\krhleLP.exe
  2⤵
  PID:9684
- C:\Windows\System\wEEiSst.exe
  C:\Windows\System\wEEiSst.exe
  2⤵
  PID:9740
- C:\Windows\System\cMvnzcG.exe
  C:\Windows\System\cMvnzcG.exe
  2⤵
  PID:9780
- C:\Windows\System\zbZTEFg.exe
  C:\Windows\System\zbZTEFg.exe
  2⤵
  PID:9832
- C:\Windows\System\ORaWMrs.exe
  C:\Windows\System\ORaWMrs.exe
  2⤵
  PID:9892
- C:\Windows\System\jzBvZst.exe
  C:\Windows\System\jzBvZst.exe
  2⤵
  PID:9972
- C:\Windows\System\zYaKxyL.exe
  C:\Windows\System\zYaKxyL.exe
  2⤵
  PID:10056
- C:\Windows\System\hqsLuas.exe
  C:\Windows\System\hqsLuas.exe
  2⤵
  PID:10108
- C:\Windows\System\KjKMDtV.exe
  C:\Windows\System\KjKMDtV.exe
  2⤵
  PID:10164
- C:\Windows\System\cHpyOuK.exe
  C:\Windows\System\cHpyOuK.exe
  2⤵
  PID:9240
- C:\Windows\System\ivQdGVs.exe
  C:\Windows\System\ivQdGVs.exe
  2⤵
  PID:9384
- C:\Windows\System\jyfkZmY.exe
  C:\Windows\System\jyfkZmY.exe
  2⤵
  PID:9516
- C:\Windows\System\MrHmyrV.exe
  C:\Windows\System\MrHmyrV.exe
  2⤵
  PID:9628
- C:\Windows\System\XPgtKzo.exe
  C:\Windows\System\XPgtKzo.exe
  2⤵
  PID:9752
- C:\Windows\System\gocibiT.exe
  C:\Windows\System\gocibiT.exe
  2⤵
  PID:9888
- C:\Windows\System\IteaRtw.exe
  C:\Windows\System\IteaRtw.exe
  2⤵
  PID:10064
- C:\Windows\System\okJYkgH.exe
  C:\Windows\System\okJYkgH.exe
  2⤵
  PID:10204
- C:\Windows\System\qqnnHnp.exe
  C:\Windows\System\qqnnHnp.exe
  2⤵
  PID:9464
- C:\Windows\System\sqrBITG.exe
  C:\Windows\System\sqrBITG.exe
  2⤵
  PID:220
- C:\Windows\System\RiwfNLP.exe
  C:\Windows\System\RiwfNLP.exe
  2⤵
  PID:10120
- C:\Windows\System\XbvMUTi.exe
  C:\Windows\System\XbvMUTi.exe
  2⤵
  PID:7148
- C:\Windows\System\iKLkzCt.exe
  C:\Windows\System\iKLkzCt.exe
  2⤵
  PID:9576
- C:\Windows\System\YjisNOn.exe
  C:\Windows\System\YjisNOn.exe
  2⤵
  PID:10256
- C:\Windows\System\ncZJwAl.exe
  C:\Windows\System\ncZJwAl.exe
  2⤵
  PID:10284
- C:\Windows\System\NUVHAyZ.exe
  C:\Windows\System\NUVHAyZ.exe
  2⤵
  PID:10312
- C:\Windows\System\BcOoKvr.exe
  C:\Windows\System\BcOoKvr.exe
  2⤵
  PID:10344
- C:\Windows\System\yUfFcDv.exe
  C:\Windows\System\yUfFcDv.exe
  2⤵
  PID:10372
- C:\Windows\System\hxoDPLt.exe
  C:\Windows\System\hxoDPLt.exe
  2⤵
  PID:10400
- C:\Windows\System\rglLKen.exe
  C:\Windows\System\rglLKen.exe
  2⤵
  PID:10428
- C:\Windows\System\uPloMrf.exe
  C:\Windows\System\uPloMrf.exe
  2⤵
  PID:10460
- C:\Windows\System\tDNtfyL.exe
  C:\Windows\System\tDNtfyL.exe
  2⤵
  PID:10492
- C:\Windows\System\esaoRxL.exe
  C:\Windows\System\esaoRxL.exe
  2⤵
  PID:10524
- C:\Windows\System\tgVeBLt.exe
  C:\Windows\System\tgVeBLt.exe
  2⤵
  PID:10552
- C:\Windows\System\arhTYWj.exe
  C:\Windows\System\arhTYWj.exe
  2⤵
  PID:10580
- C:\Windows\System\HkTPOHy.exe
  C:\Windows\System\HkTPOHy.exe
  2⤵
  PID:10620
- C:\Windows\System\JYSUVLH.exe
  C:\Windows\System\JYSUVLH.exe
  2⤵
  PID:10652
- C:\Windows\System\TIMsryB.exe
  C:\Windows\System\TIMsryB.exe
  2⤵
  PID:10676
- C:\Windows\System\YpcjWQt.exe
  C:\Windows\System\YpcjWQt.exe
  2⤵
  PID:10704
- C:\Windows\System\lKXHrJH.exe
  C:\Windows\System\lKXHrJH.exe
  2⤵
  PID:10732
- C:\Windows\System\tQLIvBO.exe
  C:\Windows\System\tQLIvBO.exe
  2⤵
  PID:10760
- C:\Windows\System\ShWjZBX.exe
  C:\Windows\System\ShWjZBX.exe
  2⤵
  PID:10788
- C:\Windows\System\VSvVmOv.exe
  C:\Windows\System\VSvVmOv.exe
  2⤵
  PID:10820
- C:\Windows\System\zCYVcqb.exe
  C:\Windows\System\zCYVcqb.exe
  2⤵
  PID:10848
- C:\Windows\System\yQffGPe.exe
  C:\Windows\System\yQffGPe.exe
  2⤵
  PID:10876
- C:\Windows\System\yZkgeJB.exe
  C:\Windows\System\yZkgeJB.exe
  2⤵
  PID:10904
- C:\Windows\System\RHkypgo.exe
  C:\Windows\System\RHkypgo.exe
  2⤵
  PID:10932
- C:\Windows\System\vztVuqM.exe
  C:\Windows\System\vztVuqM.exe
  2⤵
  PID:10960
- C:\Windows\System\sGeAwFa.exe
  C:\Windows\System\sGeAwFa.exe
  2⤵
  PID:10988
- C:\Windows\System\OuTKjWI.exe
  C:\Windows\System\OuTKjWI.exe
  2⤵
  PID:11016
- C:\Windows\System\GIjEren.exe
  C:\Windows\System\GIjEren.exe
  2⤵
  PID:11044
- C:\Windows\System\cWKqevO.exe
  C:\Windows\System\cWKqevO.exe
  2⤵
  PID:11072
- C:\Windows\System\bfXSMcI.exe
  C:\Windows\System\bfXSMcI.exe
  2⤵
  PID:11100
- C:\Windows\System\nmfwFUj.exe
  C:\Windows\System\nmfwFUj.exe
  2⤵
  PID:11128
- C:\Windows\System\vzFKPYs.exe
  C:\Windows\System\vzFKPYs.exe
  2⤵
  PID:11168
- C:\Windows\System\yCEyCAQ.exe
  C:\Windows\System\yCEyCAQ.exe
  2⤵
  PID:11184
- C:\Windows\System\fCYfpkQ.exe
  C:\Windows\System\fCYfpkQ.exe
  2⤵
  PID:11212
- C:\Windows\System\HVPZjMX.exe
  C:\Windows\System\HVPZjMX.exe
  2⤵
  PID:11240
- C:\Windows\System\nfPgbOD.exe
  C:\Windows\System\nfPgbOD.exe
  2⤵
  PID:10248
- C:\Windows\System\TkevyuD.exe
  C:\Windows\System\TkevyuD.exe
  2⤵
  PID:10304
- C:\Windows\System\iFDwVYj.exe
  C:\Windows\System\iFDwVYj.exe
  2⤵
  PID:4968
- C:\Windows\System\mHbDHyQ.exe
  C:\Windows\System\mHbDHyQ.exe
  2⤵
  PID:10368
- C:\Windows\System\BpNywFn.exe
  C:\Windows\System\BpNywFn.exe
  2⤵
  PID:10456
- C:\Windows\System\qfdNqlC.exe
  C:\Windows\System\qfdNqlC.exe
  2⤵
  PID:10480
- C:\Windows\System\AaGmJle.exe
  C:\Windows\System\AaGmJle.exe
  2⤵
  PID:10504
- C:\Windows\System\tAiTRlT.exe
  C:\Windows\System\tAiTRlT.exe
  2⤵
  PID:2140
- C:\Windows\System\beKzIOg.exe
  C:\Windows\System\beKzIOg.exe
  2⤵
  PID:10632
- C:\Windows\System\pyIZzDj.exe
  C:\Windows\System\pyIZzDj.exe
  2⤵
  PID:10672
- C:\Windows\System\MnGqkVK.exe
  C:\Windows\System\MnGqkVK.exe
  2⤵
  PID:10728
- C:\Windows\System\LXjzyar.exe
  C:\Windows\System\LXjzyar.exe
  2⤵
  PID:10780
- C:\Windows\System\ukLGTaO.exe
  C:\Windows\System\ukLGTaO.exe
  2⤵
  PID:10844
- C:\Windows\System\OYcmCdp.exe
  C:\Windows\System\OYcmCdp.exe
  2⤵
  PID:10916
- C:\Windows\System\TpOdlDH.exe
  C:\Windows\System\TpOdlDH.exe
  2⤵
  PID:10448
- C:\Windows\System\nNcGiWR.exe
  C:\Windows\System\nNcGiWR.exe
  2⤵
  PID:11036
- C:\Windows\System\fCqmGeu.exe
  C:\Windows\System\fCqmGeu.exe
  2⤵
  PID:11096
- C:\Windows\System\mVZkMTF.exe
  C:\Windows\System\mVZkMTF.exe
  2⤵
  PID:11152
- C:\Windows\System\CfuiaxK.exe
  C:\Windows\System\CfuiaxK.exe
  2⤵
  PID:11232
- C:\Windows\System\DAbLtfQ.exe
  C:\Windows\System\DAbLtfQ.exe
  2⤵
  PID:10796
- C:\Windows\System\iHfYonI.exe
  C:\Windows\System\iHfYonI.exe
  2⤵
  PID:2784
- C:\Windows\System\EWKOkcO.exe
  C:\Windows\System\EWKOkcO.exe
  2⤵
  PID:10452
- C:\Windows\System\wyjKFpg.exe
  C:\Windows\System\wyjKFpg.exe
  2⤵
  PID:10512
- C:\Windows\System\lMNGZdn.exe
  C:\Windows\System\lMNGZdn.exe
  2⤵
  PID:4544
- C:\Windows\System\OxcxZVO.exe
  C:\Windows\System\OxcxZVO.exe
  2⤵
  PID:2092
- C:\Windows\System\UIxsWXm.exe
  C:\Windows\System\UIxsWXm.exe
  2⤵
  PID:216
- C:\Windows\System\nORjIEI.exe
  C:\Windows\System\nORjIEI.exe
  2⤵
  PID:10724
- C:\Windows\System\EmWQUXd.exe
  C:\Windows\System\EmWQUXd.exe
  2⤵
  PID:10832
- C:\Windows\System\VYHpQqn.exe
  C:\Windows\System\VYHpQqn.exe
  2⤵
  PID:10972
- C:\Windows\System\IscIiFO.exe
  C:\Windows\System\IscIiFO.exe
  2⤵
  PID:11140
- C:\Windows\System\QoozJdz.exe
  C:\Windows\System\QoozJdz.exe
  2⤵
  PID:4132
- C:\Windows\System\sbaCfnw.exe
  C:\Windows\System\sbaCfnw.exe
  2⤵
  PID:10392
- C:\Windows\System\UpdYGbE.exe
  C:\Windows\System\UpdYGbE.exe
  2⤵
  PID:1416
- C:\Windows\System\IhgEPQz.exe
  C:\Windows\System\IhgEPQz.exe
  2⤵
  PID:2040
- C:\Windows\System\SPschIx.exe
  C:\Windows\System\SPschIx.exe
  2⤵
  PID:10772
- C:\Windows\System\fHkroYb.exe
  C:\Windows\System\fHkroYb.exe
  2⤵
  PID:11088
- C:\Windows\System\dbaVYjO.exe
  C:\Windows\System\dbaVYjO.exe
  2⤵
  PID:2132
- C:\Windows\System\Zcqdfzu.exe
  C:\Windows\System\Zcqdfzu.exe
  2⤵
  PID:10548
- C:\Windows\System\fuZuUzK.exe
  C:\Windows\System\fuZuUzK.exe
  2⤵
  PID:11032
- C:\Windows\System\QRFPDWY.exe
  C:\Windows\System\QRFPDWY.exe
  2⤵
  PID:10896
- C:\Windows\System\hnkxAjQ.exe
  C:\Windows\System\hnkxAjQ.exe
  2⤵
  PID:10516
- C:\Windows\System\PcQNrdU.exe
  C:\Windows\System\PcQNrdU.exe
  2⤵
  PID:11284
- C:\Windows\System\nyIkmHX.exe
  C:\Windows\System\nyIkmHX.exe
  2⤵
  PID:11312
- C:\Windows\System\udLIHCr.exe
  C:\Windows\System\udLIHCr.exe
  2⤵
  PID:11340
- C:\Windows\System\VxZAIfp.exe
  C:\Windows\System\VxZAIfp.exe
  2⤵
  PID:11368
- C:\Windows\System\NEGfhSq.exe
  C:\Windows\System\NEGfhSq.exe
  2⤵
  PID:11400
- C:\Windows\System\HltWfcW.exe
  C:\Windows\System\HltWfcW.exe
  2⤵
  PID:11428
- C:\Windows\System\MZMZVmp.exe
  C:\Windows\System\MZMZVmp.exe
  2⤵
  PID:11456
- C:\Windows\System\aRfoivf.exe
  C:\Windows\System\aRfoivf.exe
  2⤵
  PID:11484
- C:\Windows\System\wcjVpsv.exe
  C:\Windows\System\wcjVpsv.exe
  2⤵
  PID:11512
- C:\Windows\System\HpVwigv.exe
  C:\Windows\System\HpVwigv.exe
  2⤵
  PID:11540
- C:\Windows\System\sLsZCjY.exe
  C:\Windows\System\sLsZCjY.exe
  2⤵
  PID:11568
- C:\Windows\System\AVctkbJ.exe
  C:\Windows\System\AVctkbJ.exe
  2⤵
  PID:11596
- C:\Windows\System\uNSwDRi.exe
  C:\Windows\System\uNSwDRi.exe
  2⤵
  PID:11624
- C:\Windows\System\KqVKcOd.exe
  C:\Windows\System\KqVKcOd.exe
  2⤵
  PID:11652
- C:\Windows\System\JCSXcYo.exe
  C:\Windows\System\JCSXcYo.exe
  2⤵
  PID:11680
- C:\Windows\System\yZBriwX.exe
  C:\Windows\System\yZBriwX.exe
  2⤵
  PID:11708
- C:\Windows\System\zlEhRxP.exe
  C:\Windows\System\zlEhRxP.exe
  2⤵
  PID:11736
- C:\Windows\System\KiUXRxa.exe
  C:\Windows\System\KiUXRxa.exe
  2⤵
  PID:11764
- C:\Windows\System\BEwiYYF.exe
  C:\Windows\System\BEwiYYF.exe
  2⤵
  PID:11792
- C:\Windows\System\Portqgx.exe
  C:\Windows\System\Portqgx.exe
  2⤵
  PID:11820
- C:\Windows\System\PNyXoWW.exe
  C:\Windows\System\PNyXoWW.exe
  2⤵
  PID:11848
- C:\Windows\System\UOmeOLT.exe
  C:\Windows\System\UOmeOLT.exe
  2⤵
  PID:11876
- C:\Windows\System\ahhFolA.exe
  C:\Windows\System\ahhFolA.exe
  2⤵
  PID:11904
- C:\Windows\System\lNJwOHo.exe
  C:\Windows\System\lNJwOHo.exe
  2⤵
  PID:11944
- C:\Windows\System\KYZUUga.exe
  C:\Windows\System\KYZUUga.exe
  2⤵
  PID:11960
- C:\Windows\System\GHeoWTA.exe
  C:\Windows\System\GHeoWTA.exe
  2⤵
  PID:11988
- C:\Windows\System\ZzyXKmZ.exe
  C:\Windows\System\ZzyXKmZ.exe
  2⤵
  PID:12016
- C:\Windows\System\yHiTEYk.exe
  C:\Windows\System\yHiTEYk.exe
  2⤵
  PID:12044
- C:\Windows\System\gkoMewe.exe
  C:\Windows\System\gkoMewe.exe
  2⤵
  PID:12076
- C:\Windows\System\afvOCzt.exe
  C:\Windows\System\afvOCzt.exe
  2⤵
  PID:12104
- C:\Windows\System\iJqSzdO.exe
  C:\Windows\System\iJqSzdO.exe
  2⤵
  PID:12132
- C:\Windows\System\TNmGMif.exe
  C:\Windows\System\TNmGMif.exe
  2⤵
  PID:12160
- C:\Windows\System\RaiPlAl.exe
  C:\Windows\System\RaiPlAl.exe
  2⤵
  PID:12188
- C:\Windows\System\uwZjKBN.exe
  C:\Windows\System\uwZjKBN.exe
  2⤵
  PID:12224
- C:\Windows\System\zvEpaxj.exe
  C:\Windows\System\zvEpaxj.exe
  2⤵
  PID:12244
- C:\Windows\System\MPSxLha.exe
  C:\Windows\System\MPSxLha.exe
  2⤵
  PID:12272
- C:\Windows\System\iGgnqVG.exe
  C:\Windows\System\iGgnqVG.exe
  2⤵
  PID:11296
- C:\Windows\System\VgrDlcc.exe
  C:\Windows\System\VgrDlcc.exe
  2⤵
  PID:11332
- C:\Windows\System\ZwXdERi.exe
  C:\Windows\System\ZwXdERi.exe
  2⤵
  PID:1252
- C:\Windows\System\qxxPmlJ.exe
  C:\Windows\System\qxxPmlJ.exe
  2⤵
  PID:11440
- C:\Windows\System\JeSvICh.exe
  C:\Windows\System\JeSvICh.exe
  2⤵
  PID:11496
- C:\Windows\System\ywTfqQP.exe
  C:\Windows\System\ywTfqQP.exe
  2⤵
  PID:11552
- C:\Windows\System\ZofFxsh.exe
  C:\Windows\System\ZofFxsh.exe
  2⤵
  PID:11616
- C:\Windows\System\NCXDHQy.exe
  C:\Windows\System\NCXDHQy.exe
  2⤵
  PID:11676
- C:\Windows\System\RRqTRME.exe
  C:\Windows\System\RRqTRME.exe
  2⤵
  PID:11748
- C:\Windows\System\wekmjuN.exe
  C:\Windows\System\wekmjuN.exe
  2⤵
  PID:11812
- C:\Windows\System\iYXJmYP.exe
  C:\Windows\System\iYXJmYP.exe
  2⤵
  PID:11872
- C:\Windows\System\rAYtNyI.exe
  C:\Windows\System\rAYtNyI.exe
  2⤵
  PID:11924
- C:\Windows\System\jofvJnQ.exe
  C:\Windows\System\jofvJnQ.exe
  2⤵
  PID:11980
- C:\Windows\System\fSUCmQQ.exe
  C:\Windows\System\fSUCmQQ.exe
  2⤵
  PID:12056
- C:\Windows\System\UPtraEH.exe
  C:\Windows\System\UPtraEH.exe
  2⤵
  PID:12096
- C:\Windows\System\MYMuqaD.exe
  C:\Windows\System\MYMuqaD.exe
  2⤵
  PID:5300
- C:\Windows\System\ipsPqmm.exe
  C:\Windows\System\ipsPqmm.exe
  2⤵
  PID:12208
- C:\Windows\System\USPWiGb.exe
  C:\Windows\System\USPWiGb.exe
  2⤵
  PID:11268
- C:\Windows\System\HNxOxQy.exe
  C:\Windows\System\HNxOxQy.exe
  2⤵
  PID:11384
- C:\Windows\System\UoHicVU.exe
  C:\Windows\System\UoHicVU.exe
  2⤵
  PID:11480
- C:\Windows\System\cpZjTqi.exe
  C:\Windows\System\cpZjTqi.exe
  2⤵
  PID:11644
- C:\Windows\System\VuZLmwa.exe
  C:\Windows\System\VuZLmwa.exe
  2⤵
  PID:11788
- C:\Windows\System\FFQvoTJ.exe
  C:\Windows\System\FFQvoTJ.exe
  2⤵
  PID:12064
- C:\Windows\System\CtjRMIU.exe
  C:\Windows\System\CtjRMIU.exe
  2⤵
  PID:12040
- C:\Windows\System\nSMKHjh.exe
  C:\Windows\System\nSMKHjh.exe
  2⤵
  PID:12172
- C:\Windows\System\yWIcABI.exe
  C:\Windows\System\yWIcABI.exe
  2⤵
  PID:800
- C:\Windows\System\oPQxsjY.exe
  C:\Windows\System\oPQxsjY.exe
  2⤵
  PID:11608
- C:\Windows\System\WgplCHa.exe
  C:\Windows\System\WgplCHa.exe
  2⤵
  PID:11972
- C:\Windows\System\rONnNrc.exe
  C:\Windows\System\rONnNrc.exe
  2⤵
  PID:12268
- C:\Windows\System\RZVGJio.exe
  C:\Windows\System\RZVGJio.exe
  2⤵
  PID:4488
- C:\Windows\System\cZfzFFH.exe
  C:\Windows\System\cZfzFFH.exe
  2⤵
  PID:11920
- C:\Windows\System\NDKhGSQ.exe
  C:\Windows\System\NDKhGSQ.exe
  2⤵
  PID:12304
- C:\Windows\System\BAzhzaV.exe
  C:\Windows\System\BAzhzaV.exe
  2⤵
  PID:12332
- C:\Windows\System\YFWHwzY.exe
  C:\Windows\System\YFWHwzY.exe
  2⤵
  PID:12364
- C:\Windows\System\bSwtxdk.exe
  C:\Windows\System\bSwtxdk.exe
  2⤵
  PID:12388
- C:\Windows\System\gJxwGUG.exe
  C:\Windows\System\gJxwGUG.exe
  2⤵
  PID:12416
- C:\Windows\System\REGSDba.exe
  C:\Windows\System\REGSDba.exe
  2⤵
  PID:12444
- C:\Windows\System\KrVHCwt.exe
  C:\Windows\System\KrVHCwt.exe
  2⤵
  PID:12472
- C:\Windows\System\eVAWHmS.exe
  C:\Windows\System\eVAWHmS.exe
  2⤵
  PID:12500
- C:\Windows\System\WFsAQyA.exe
  C:\Windows\System\WFsAQyA.exe
  2⤵
  PID:12528
- C:\Windows\System\RwOQTnZ.exe
  C:\Windows\System\RwOQTnZ.exe
  2⤵
  PID:12556
- C:\Windows\System\HRcPMTF.exe
  C:\Windows\System\HRcPMTF.exe
  2⤵
  PID:12584
- C:\Windows\System\NrTtQpJ.exe
  C:\Windows\System\NrTtQpJ.exe
  2⤵
  PID:12612
- C:\Windows\System\ISeQIkO.exe
  C:\Windows\System\ISeQIkO.exe
  2⤵
  PID:12644
- C:\Windows\System\qjeUscD.exe
  C:\Windows\System\qjeUscD.exe
  2⤵
  PID:12672
- C:\Windows\System\uUsOMAJ.exe
  C:\Windows\System\uUsOMAJ.exe
  2⤵
  PID:12700
- C:\Windows\System\fktnoBS.exe
  C:\Windows\System\fktnoBS.exe
  2⤵
  PID:12728
- C:\Windows\System\jHGbzUo.exe
  C:\Windows\System\jHGbzUo.exe
  2⤵
  PID:12756
- C:\Windows\System\JwHPeub.exe
  C:\Windows\System\JwHPeub.exe
  2⤵
  PID:12784
- C:\Windows\System\AuZcRPM.exe
  C:\Windows\System\AuZcRPM.exe
  2⤵
  PID:12812
- C:\Windows\System\PXNqvgY.exe
  C:\Windows\System\PXNqvgY.exe
  2⤵
  PID:12840
- C:\Windows\System\nsygoPd.exe
  C:\Windows\System\nsygoPd.exe
  2⤵
  PID:12868
- C:\Windows\System\oPYkuSX.exe
  C:\Windows\System\oPYkuSX.exe
  2⤵
  PID:12896
- C:\Windows\System\HiWlXQE.exe
  C:\Windows\System\HiWlXQE.exe
  2⤵
  PID:12924
- C:\Windows\System\XlVLiQA.exe
  C:\Windows\System\XlVLiQA.exe
  2⤵
  PID:12952
- C:\Windows\System\TejuZni.exe
  C:\Windows\System\TejuZni.exe
  2⤵
  PID:12980
- C:\Windows\System\AemAFdR.exe
  C:\Windows\System\AemAFdR.exe
  2⤵
  PID:13008
- C:\Windows\System\LjcZVNR.exe
  C:\Windows\System\LjcZVNR.exe
  2⤵
  PID:13036
- C:\Windows\System\lbnPocN.exe
  C:\Windows\System\lbnPocN.exe
  2⤵
  PID:13064
- C:\Windows\System\olEWgxH.exe
  C:\Windows\System\olEWgxH.exe
  2⤵
  PID:13092
- C:\Windows\System\tizJEES.exe
  C:\Windows\System\tizJEES.exe
  2⤵
  PID:13120
- C:\Windows\System\lBLZguQ.exe
  C:\Windows\System\lBLZguQ.exe
  2⤵
  PID:13148
- C:\Windows\System\PLSeGSK.exe
  C:\Windows\System\PLSeGSK.exe
  2⤵
  PID:13176
- C:\Windows\System\OBATgtb.exe
  C:\Windows\System\OBATgtb.exe
  2⤵
  PID:13204
- C:\Windows\System\TvDipxb.exe
  C:\Windows\System\TvDipxb.exe
  2⤵
  PID:13232
- C:\Windows\System\doFYbCr.exe
  C:\Windows\System\doFYbCr.exe
  2⤵
  PID:13260
- C:\Windows\System\RjxmlPP.exe
  C:\Windows\System\RjxmlPP.exe
  2⤵
  PID:13288
- C:\Windows\System\jZGWpDh.exe
  C:\Windows\System\jZGWpDh.exe
  2⤵
  PID:12296
- C:\Windows\System\HdjVkVC.exe
  C:\Windows\System\HdjVkVC.exe
  2⤵
  PID:12356
- C:\Windows\System\gWqYFNd.exe
  C:\Windows\System\gWqYFNd.exe
  2⤵
  PID:12412
- C:\Windows\System\qyvRiWw.exe
  C:\Windows\System\qyvRiWw.exe
  2⤵
  PID:12468
- C:\Windows\System\iczWTZS.exe
  C:\Windows\System\iczWTZS.exe
  2⤵
  PID:12552
- C:\Windows\System\jsFGwTD.exe
  C:\Windows\System\jsFGwTD.exe
  2⤵
  PID:12604
- C:\Windows\System\mcFpecs.exe
  C:\Windows\System\mcFpecs.exe
  2⤵
  PID:12668
- C:\Windows\System\ttPiaPI.exe
  C:\Windows\System\ttPiaPI.exe
  2⤵
  PID:12740
- C:\Windows\System\tbuTpKN.exe
  C:\Windows\System\tbuTpKN.exe
  2⤵
  PID:12804
- C:\Windows\System\WrpVlcg.exe
  C:\Windows\System\WrpVlcg.exe
  2⤵
  PID:12860
- C:\Windows\System\bAhpYqZ.exe
  C:\Windows\System\bAhpYqZ.exe
  2⤵
  PID:12920
- C:\Windows\System\DHBWNdO.exe
  C:\Windows\System\DHBWNdO.exe
  2⤵
  PID:12992
- C:\Windows\System\ZmlqRDp.exe
  C:\Windows\System\ZmlqRDp.exe
  2⤵
  PID:13048
- C:\Windows\System\kfZflmB.exe
  C:\Windows\System\kfZflmB.exe
  2⤵
  PID:13112
- C:\Windows\System\rWNPpwK.exe
  C:\Windows\System\rWNPpwK.exe
  2⤵
  PID:13172
- C:\Windows\System\EdegmXx.exe
  C:\Windows\System\EdegmXx.exe
  2⤵
  PID:5848
- C:\Windows\System\GnWWabN.exe
  C:\Windows\System\GnWWabN.exe
  2⤵
  PID:13272
- C:\Windows\System\IjWNYQe.exe
  C:\Windows\System\IjWNYQe.exe
  2⤵
  PID:12352
- C:\Windows\System\NZwzezj.exe
  C:\Windows\System\NZwzezj.exe
  2⤵
  PID:12460
- C:\Windows\System\jprjgvu.exe
  C:\Windows\System\jprjgvu.exe
  2⤵
  PID:12600
- C:\Windows\System\KeogWyw.exe
  C:\Windows\System\KeogWyw.exe
  2⤵
  PID:12780
- C:\Windows\System\RcNdZGZ.exe
  C:\Windows\System\RcNdZGZ.exe
  2⤵
  PID:12916
- C:\Windows\System\sOfRBQU.exe
  C:\Windows\System\sOfRBQU.exe
  2⤵
  PID:13076
- C:\Windows\System\JBcwdbT.exe
  C:\Windows\System\JBcwdbT.exe
  2⤵
  PID:5860
- C:\Windows\System\TawmvpD.exe
  C:\Windows\System\TawmvpD.exe
  2⤵
  PID:6040
- C:\Windows\System\KnHptft.exe
  C:\Windows\System\KnHptft.exe
  2⤵
  PID:1772
- C:\Windows\System\hMHNFTB.exe
  C:\Windows\System\hMHNFTB.exe
  2⤵
  PID:12832
- C:\Windows\System\pUGikex.exe
  C:\Windows\System\pUGikex.exe
  2⤵
  PID:13256
- C:\Windows\System\QNepSWI.exe
  C:\Windows\System\QNepSWI.exe
  2⤵
  PID:13196
- C:\Windows\System\jITVUBM.exe
  C:\Windows\System\jITVUBM.exe
  2⤵
  PID:12580
- C:\Windows\System\gPoEmXw.exe
  C:\Windows\System\gPoEmXw.exe
  2⤵
  PID:6348
- C:\Windows\System\jcPzgCO.exe
  C:\Windows\System\jcPzgCO.exe
  2⤵
  PID:6280
- C:\Windows\System\Utuucua.exe
  C:\Windows\System\Utuucua.exe
  2⤵
  PID:1932
- C:\Windows\System\cHxarHX.exe
  C:\Windows\System\cHxarHX.exe
  2⤵
  PID:6364
- C:\Windows\System\PtuTsCb.exe
  C:\Windows\System\PtuTsCb.exe
  2⤵
  PID:13340
- C:\Windows\System\yQwjEKu.exe
  C:\Windows\System\yQwjEKu.exe
  2⤵
  PID:13368
- C:\Windows\System\PkUCtyt.exe
  C:\Windows\System\PkUCtyt.exe
  2⤵
  PID:13396
- C:\Windows\System\OcrNiXT.exe
  C:\Windows\System\OcrNiXT.exe
  2⤵
  PID:13424
- C:\Windows\System\sjLwuFr.exe
  C:\Windows\System\sjLwuFr.exe
  2⤵
  PID:13456
- C:\Windows\System\moSlzhF.exe
  C:\Windows\System\moSlzhF.exe
  2⤵
  PID:13480
- C:\Windows\System\foQChLC.exe
  C:\Windows\System\foQChLC.exe
  2⤵
  PID:13500
- C:\Windows\System\znsGBXg.exe
  C:\Windows\System\znsGBXg.exe
  2⤵
  PID:13528
- C:\Windows\System\DsSXXyU.exe
  C:\Windows\System\DsSXXyU.exe
  2⤵
  PID:13564
- C:\Windows\System\wsrcdPc.exe
  C:\Windows\System\wsrcdPc.exe
  2⤵
  PID:13588
- C:\Windows\System\SZplRZN.exe
  C:\Windows\System\SZplRZN.exe
  2⤵
  PID:13628
- C:\Windows\System\kUygnOE.exe
  C:\Windows\System\kUygnOE.exe
  2⤵
  PID:13656
- C:\Windows\System\ffgpsXs.exe
  C:\Windows\System\ffgpsXs.exe
  2⤵
  PID:13684
- C:\Windows\System\IkXdNDV.exe
  C:\Windows\System\IkXdNDV.exe
  2⤵
  PID:13712
- C:\Windows\System\PTpPyRi.exe
  C:\Windows\System\PTpPyRi.exe
  2⤵
  PID:13740
- C:\Windows\System\pMboiQW.exe
  C:\Windows\System\pMboiQW.exe
  2⤵
  PID:13768
- C:\Windows\System\CBEsCQl.exe
  C:\Windows\System\CBEsCQl.exe
  2⤵
  PID:13796
- C:\Windows\System\FvVTfOC.exe
  C:\Windows\System\FvVTfOC.exe
  2⤵
  PID:13824
- C:\Windows\System\PRoyXbj.exe
  C:\Windows\System\PRoyXbj.exe
  2⤵
  PID:13852
- C:\Windows\System\RYKCvFx.exe
  C:\Windows\System\RYKCvFx.exe
  2⤵
  PID:13880
- C:\Windows\System\TmRwtcI.exe
  C:\Windows\System\TmRwtcI.exe
  2⤵
  PID:13908
- C:\Windows\System\UqnRoZh.exe
  C:\Windows\System\UqnRoZh.exe
  2⤵
  PID:13944
- C:\Windows\System\apIQXTu.exe
  C:\Windows\System\apIQXTu.exe
  2⤵
  PID:13968
- C:\Windows\System\rAEyMqN.exe
  C:\Windows\System\rAEyMqN.exe
  2⤵
  PID:14000
- C:\Windows\System\BCqFgrz.exe
  C:\Windows\System\BCqFgrz.exe
  2⤵
  PID:14028
- C:\Windows\System\hhMXAyn.exe
  C:\Windows\System\hhMXAyn.exe
  2⤵
  PID:14072
- C:\Windows\System\KqfJyxT.exe
  C:\Windows\System\KqfJyxT.exe
  2⤵
  PID:14116
- C:\Windows\System\ianKkbl.exe
  C:\Windows\System\ianKkbl.exe
  2⤵
  PID:14136
- C:\Windows\System\NoDUKAg.exe
  C:\Windows\System\NoDUKAg.exe
  2⤵
  PID:14156
- C:\Windows\System\FfMgdwL.exe
  C:\Windows\System\FfMgdwL.exe
  2⤵
  PID:14196
- C:\Windows\System\NlpfPXJ.exe
  C:\Windows\System\NlpfPXJ.exe
  2⤵
  PID:14224
- C:\Windows\System\EDcvylK.exe
  C:\Windows\System\EDcvylK.exe
  2⤵
  PID:14252
- C:\Windows\System\TAnADsK.exe
  C:\Windows\System\TAnADsK.exe
  2⤵
  PID:14280
- C:\Windows\System\OzkitgB.exe
  C:\Windows\System\OzkitgB.exe
  2⤵
  PID:14308
- C:\Windows\System\PkLsJzF.exe
  C:\Windows\System\PkLsJzF.exe
  2⤵
  PID:13324
- C:\Windows\System\GrpSPVK.exe
  C:\Windows\System\GrpSPVK.exe
  2⤵
  PID:13388
- C:\Windows\System\wFeEWiy.exe
  C:\Windows\System\wFeEWiy.exe
  2⤵
  PID:13448
- C:\Windows\System\tTFtZcs.exe
  C:\Windows\System\tTFtZcs.exe
  2⤵
  PID:13520
- C:\Windows\System\NsdOkwL.exe
  C:\Windows\System\NsdOkwL.exe
  2⤵
  PID:13576
- C:\Windows\System\fVsnWWa.exe
  C:\Windows\System\fVsnWWa.exe
  2⤵
  PID:13640
- C:\Windows\System\xNUvQke.exe
  C:\Windows\System\xNUvQke.exe
  2⤵
  PID:13696
- C:\Windows\System\JKUpJDU.exe
  C:\Windows\System\JKUpJDU.exe
  2⤵
  PID:13788
- C:\Windows\System\NsGiGwN.exe
  C:\Windows\System\NsGiGwN.exe
  2⤵
  PID:13848
- C:\Windows\System\QhJtTVt.exe
  C:\Windows\System\QhJtTVt.exe
  2⤵
  PID:13920
- C:\Windows\System\WdgNBLa.exe
  C:\Windows\System\WdgNBLa.exe
  2⤵
  PID:13956
- C:\Windows\System\ypZceEM.exe
  C:\Windows\System\ypZceEM.exe
  2⤵
  PID:2248
- C:\Windows\System\EWIDzDK.exe
  C:\Windows\System\EWIDzDK.exe
  2⤵
  PID:4668
- C:\Windows\System\vLniazQ.exe
  C:\Windows\System\vLniazQ.exe
  2⤵
  PID:392
- C:\Windows\System\uouFdMT.exe
  C:\Windows\System\uouFdMT.exe
  2⤵
  PID:3436
- C:\Windows\System\AAuOCjp.exe
  C:\Windows\System\AAuOCjp.exe
  2⤵
  PID:4480
- C:\Windows\System\qKFrxAR.exe
  C:\Windows\System\qKFrxAR.exe
  2⤵
  PID:14060
- C:\Windows\System\pLUSaHB.exe
  C:\Windows\System\pLUSaHB.exe
  2⤵
  PID:6800
- C:\Windows\System\CfCSAXK.exe
  C:\Windows\System\CfCSAXK.exe
  2⤵
  PID:14080
- C:\Windows\System\fknSgOH.exe
  C:\Windows\System\fknSgOH.exe
  2⤵
  PID:14188
- C:\Windows\System\SchUwWV.exe
  C:\Windows\System\SchUwWV.exe
  2⤵
  PID:2912
- C:\Windows\System\ACUKRjd.exe
  C:\Windows\System\ACUKRjd.exe
  2⤵
  PID:4120
- C:\Windows\System\CYUGrvK.exe
  C:\Windows\System\CYUGrvK.exe
  2⤵
  PID:14264
- C:\Windows\System\hlugwjt.exe
  C:\Windows\System\hlugwjt.exe
  2⤵
  PID:3280
- C:\Windows\System\yUvxaTn.exe
  C:\Windows\System\yUvxaTn.exe
  2⤵
  PID:2536
- C:\Windows\System\SFEGUOU.exe
  C:\Windows\System\SFEGUOU.exe
  2⤵
  PID:7052
- C:\Windows\System\zAWQZoS.exe
  C:\Windows\System\zAWQZoS.exe
  2⤵
  PID:6572
- C:\Windows\System\gmAyVul.exe
  C:\Windows\System\gmAyVul.exe
  2⤵
  PID:13616
- C:\Windows\System\AuUCigW.exe
  C:\Windows\System\AuUCigW.exe
  2⤵
  PID:1568
- C:\Windows\System\nwcGfzm.exe
  C:\Windows\System\nwcGfzm.exe
  2⤵
  PID:13780
- C:\Windows\System\wAjeCHM.exe
  C:\Windows\System\wAjeCHM.exe
  2⤵
  PID:4144
- C:\Windows\System\GXFvrTV.exe
  C:\Windows\System\GXFvrTV.exe
  2⤵
  PID:4252
- C:\Windows\System\HZcIHKl.exe
  C:\Windows\System\HZcIHKl.exe
  2⤵
  PID:4052
- C:\Windows\System\sESQEWq.exe
  C:\Windows\System\sESQEWq.exe
  2⤵
  PID:6428
- C:\Windows\System\TfTJUIY.exe
  C:\Windows\System\TfTJUIY.exe
  2⤵
  PID:6500
- C:\Windows\System\ZiQDSHW.exe
  C:\Windows\System\ZiQDSHW.exe
  2⤵
  PID:14152
- C:\Windows\System\TjpuBdh.exe
  C:\Windows\System\TjpuBdh.exe
  2⤵
  PID:4484
- C:\Windows\System\IOvsPzT.exe
  C:\Windows\System\IOvsPzT.exe
  2⤵
  PID:4056
- C:\Windows\System\ZgihxvP.exe
  C:\Windows\System\ZgihxvP.exe
  2⤵
  PID:14192
- C:\Windows\System\kqZovRR.exe
  C:\Windows\System\kqZovRR.exe
  2⤵
  PID:4832
- C:\Windows\System\sSbnofp.exe
  C:\Windows\System\sSbnofp.exe
  2⤵
  PID:3836
- C:\Windows\System\ENfaPAS.exe
  C:\Windows\System\ENfaPAS.exe
  2⤵
  PID:14300
- C:\Windows\System\lwTHtAZ.exe
  C:\Windows\System\lwTHtAZ.exe
  2⤵
  PID:4548
- C:\Windows\System\qnDiffS.exe
  C:\Windows\System\qnDiffS.exe
  2⤵
  PID:13544
- C:\Windows\System\svZXCfL.exe
  C:\Windows\System\svZXCfL.exe
  2⤵
  PID:13668
- C:\Windows\System\eMKUmgI.exe
  C:\Windows\System\eMKUmgI.exe
  2⤵
  PID:2484
- C:\Windows\System\pppxBjO.exe
  C:\Windows\System\pppxBjO.exe
  2⤵
  PID:13876
- C:\Windows\System\xnYCZEa.exe
  C:\Windows\System\xnYCZEa.exe
  2⤵
  PID:13984
- C:\Windows\System\SqZlbcS.exe
  C:\Windows\System\SqZlbcS.exe
  2⤵
  PID:4456
- C:\Windows\System\XncugYZ.exe
  C:\Windows\System\XncugYZ.exe
  2⤵
  PID:6676
- C:\Windows\System\GzGCGwa.exe
  C:\Windows\System\GzGCGwa.exe
  2⤵
  PID:2216
- C:\Windows\System\ptdZrZw.exe
  C:\Windows\System\ptdZrZw.exe
  2⤵
  PID:4448
- C:\Windows\System\hxPrJTa.exe
  C:\Windows\System\hxPrJTa.exe
  2⤵
  PID:5092
- C:\Windows\System\pNOzpUK.exe
  C:\Windows\System\pNOzpUK.exe
  2⤵
  PID:1636
- C:\Windows\System\fhgrwWi.exe
  C:\Windows\System\fhgrwWi.exe
  2⤵
  PID:14292
- C:\Windows\System\bhFjasD.exe
  C:\Windows\System\bhFjasD.exe
  2⤵
  PID:4880
- C:\Windows\System\SNKDhKZ.exe
  C:\Windows\System\SNKDhKZ.exe
  2⤵
  PID:448
- C:\Windows\System\lZmklrO.exe
  C:\Windows\System\lZmklrO.exe
  2⤵
  PID:13452
- C:\Windows\System\ICFUlXD.exe
  C:\Windows\System\ICFUlXD.exe
  2⤵
  PID:13680
- C:\Windows\System\HMyMggI.exe
  C:\Windows\System\HMyMggI.exe
  2⤵
  PID:1084
- C:\Windows\System\wiGmAap.exe
  C:\Windows\System\wiGmAap.exe
  2⤵
  PID:5256
- C:\Windows\System\lgOdZdU.exe
  C:\Windows\System\lgOdZdU.exe
  2⤵
  PID:4364
- C:\Windows\System\uvihVaw.exe
  C:\Windows\System\uvihVaw.exe
  2⤵
  PID:14128
- C:\Windows\System\yLMKMXE.exe
  C:\Windows\System\yLMKMXE.exe
  2⤵
  PID:6868
- C:\Windows\System\LvXyTSd.exe
  C:\Windows\System\LvXyTSd.exe
  2⤵
  PID:2464
- C:\Windows\System\jQoAhVk.exe
  C:\Windows\System\jQoAhVk.exe
  2⤵
  PID:5376
- C:\Windows\System\xBQCPNG.exe
  C:\Windows\System\xBQCPNG.exe
  2⤵
  PID:13444
- C:\Windows\System\iFBiTrt.exe
  C:\Windows\System\iFBiTrt.exe
  2⤵
  PID:13380
- C:\Windows\System\NZrrRph.exe
  C:\Windows\System\NZrrRph.exe
  2⤵
  PID:5212
- C:\Windows\System\PNmFAMX.exe
  C:\Windows\System\PNmFAMX.exe
  2⤵
  PID:7044
- C:\Windows\System\bkdOwPz.exe
  C:\Windows\System\bkdOwPz.exe
  2⤵
  PID:4188
- C:\Windows\System\LLALmmX.exe
  C:\Windows\System\LLALmmX.exe
  2⤵
  PID:5496
- C:\Windows\System\dzmGXeo.exe
  C:\Windows\System\dzmGXeo.exe
  2⤵
  PID:1968
- C:\Windows\System\hojwpuI.exe
  C:\Windows\System\hojwpuI.exe
  2⤵
  PID:7336
- C:\Windows\System\jzoSeqt.exe
  C:\Windows\System\jzoSeqt.exe
  2⤵
  PID:4312
- C:\Windows\System\ReWaFEf.exe
  C:\Windows\System\ReWaFEf.exe
  2⤵
  PID:13352
- C:\Windows\System\HqkKfRX.exe
  C:\Windows\System\HqkKfRX.exe
  2⤵
  PID:7432
- C:\Windows\System\pvUEeDd.exe
  C:\Windows\System\pvUEeDd.exe
  2⤵
  PID:7192
- C:\Windows\System\gRyMTUg.exe
  C:\Windows\System\gRyMTUg.exe
  2⤵
  PID:5628
- C:\Windows\System\glOhNAx.exe
  C:\Windows\System\glOhNAx.exe
  2⤵
  PID:7504
- C:\Windows\System\JpyWpjN.exe
  C:\Windows\System\JpyWpjN.exe
  2⤵
  PID:7328
- C:\Windows\System\ZKlMbvx.exe
  C:\Windows\System\ZKlMbvx.exe
  2⤵
  PID:7344
- C:\Windows\System\LkxqnfO.exe
  C:\Windows\System\LkxqnfO.exe
  2⤵
  PID:5704
- C:\Windows\System\mkUFzza.exe
  C:\Windows\System\mkUFzza.exe
  2⤵
  PID:6424
- C:\Windows\System\qAJprur.exe
  C:\Windows\System\qAJprur.exe
  2⤵
  PID:5608
- C:\Windows\System\NoaurXv.exe
  C:\Windows\System\NoaurXv.exe
  2⤵
  PID:7228
- C:\Windows\System\EACMURD.exe
  C:\Windows\System\EACMURD.exe
  2⤵
  PID:7748
- C:\Windows\System\IhOmWJA.exe
  C:\Windows\System\IhOmWJA.exe
  2⤵
  PID:7552
- C:\Windows\System\fXksMUw.exe
  C:\Windows\System\fXksMUw.exe
  2⤵
  PID:7568
- C:\Windows\System\uiYsDWT.exe
  C:\Windows\System\uiYsDWT.exe
  2⤵
  PID:7828
- C:\Windows\System\CroMmiq.exe
  C:\Windows\System\CroMmiq.exe
  2⤵
  PID:7676
- C:\Windows\System\WpfTiRE.exe
  C:\Windows\System\WpfTiRE.exe
  2⤵
  PID:5816
- C:\Windows\System\unsnjYi.exe
  C:\Windows\System\unsnjYi.exe
  2⤵
  PID:7940
- C:\Windows\System\JUoNVIb.exe
  C:\Windows\System\JUoNVIb.exe
  2⤵
  PID:5564
- C:\Windows\System\inlJvri.exe
  C:\Windows\System\inlJvri.exe
  2⤵
  PID:5900
- C:\Windows\System\pMdmMwt.exe
  C:\Windows\System\pMdmMwt.exe
  2⤵
  PID:7708
- C:\Windows\System\XhsuWDu.exe
  C:\Windows\System\XhsuWDu.exe
  2⤵
  PID:6052
- C:\Windows\System\DsExhkR.exe
  C:\Windows\System\DsExhkR.exe
  2⤵
  PID:6812
- C:\Windows\System\eXudQXT.exe
  C:\Windows\System\eXudQXT.exe
  2⤵
  PID:2064
- C:\Windows\System\olLqXET.exe
  C:\Windows\System\olLqXET.exe
  2⤵
  PID:6124
- C:\Windows\System\cmocttp.exe
  C:\Windows\System\cmocttp.exe
  2⤵
  PID:7224
- C:\Windows\System\sQmuSkN.exe
  C:\Windows\System\sQmuSkN.exe
  2⤵
  PID:6096
- C:\Windows\System\QJYNKay.exe
  C:\Windows\System\QJYNKay.exe
  2⤵
  PID:3960
- C:\Windows\System\zargHMo.exe
  C:\Windows\System\zargHMo.exe
  2⤵
  PID:5160
- C:\Windows\System\FpTJQpK.exe
  C:\Windows\System\FpTJQpK.exe
  2⤵
  PID:8116
- C:\Windows\System\VXGulUP.exe
  C:\Windows\System\VXGulUP.exe
  2⤵
  PID:8164
- C:\Windows\System\SLqgqyZ.exe
  C:\Windows\System\SLqgqyZ.exe
  2⤵
  PID:7632
- C:\Windows\System\uSacbTf.exe
  C:\Windows\System\uSacbTf.exe
  2⤵
  PID:5192
- C:\Windows\System\mscYCaE.exe
  C:\Windows\System\mscYCaE.exe
  2⤵
  PID:5716
- C:\Windows\System\ZXJDQMH.exe
  C:\Windows\System\ZXJDQMH.exe
  2⤵
  PID:6728
- C:\Windows\System\eyMbrkD.exe
  C:\Windows\System\eyMbrkD.exe
  2⤵
  PID:5460
- C:\Windows\System\ppwoRLr.exe
  C:\Windows\System\ppwoRLr.exe
  2⤵
  PID:5844
- C:\Windows\System\dCbwvJf.exe
  C:\Windows\System\dCbwvJf.exe
  2⤵
  PID:7884
- C:\Windows\System\XPEfYBN.exe
  C:\Windows\System\XPEfYBN.exe
  2⤵
  PID:7956
- C:\Windows\System\sKwIQRR.exe
  C:\Windows\System\sKwIQRR.exe
  2⤵
  PID:1508
- C:\Windows\System\nZJvNnU.exe
  C:\Windows\System\nZJvNnU.exe
  2⤵
  PID:4032
- C:\Windows\System\lnzwmKe.exe
  C:\Windows\System\lnzwmKe.exe
  2⤵
  PID:5604
- C:\Windows\System\tgIPfDd.exe
  C:\Windows\System\tgIPfDd.exe
  2⤵
  PID:1196
- C:\Windows\System\lkIGLMZ.exe
  C:\Windows\System\lkIGLMZ.exe
  2⤵
  PID:2408
- C:\Windows\System\oNTbyGU.exe
  C:\Windows\System\oNTbyGU.exe
  2⤵
  PID:7188
- C:\Windows\System\VXxROMp.exe
  C:\Windows\System\VXxROMp.exe
  2⤵
  PID:3128
- C:\Windows\System\awubOLQ.exe
  C:\Windows\System\awubOLQ.exe
  2⤵
  PID:8176
- C:\Windows\System\KzfICXo.exe
  C:\Windows\System\KzfICXo.exe
  2⤵
  PID:14356
- C:\Windows\System\eROObqt.exe
  C:\Windows\System\eROObqt.exe
  2⤵
  PID:14384
- C:\Windows\System\NMuqVfR.exe
  C:\Windows\System\NMuqVfR.exe
  2⤵
  PID:14412
- C:\Windows\System\YMXqByY.exe
  C:\Windows\System\YMXqByY.exe
  2⤵
  PID:14440
- C:\Windows\System\nbfrRXO.exe
  C:\Windows\System\nbfrRXO.exe
  2⤵
  PID:14468
- C:\Windows\System\IlVtNWW.exe
  C:\Windows\System\IlVtNWW.exe
  2⤵
  PID:14496
- C:\Windows\System\eEYgXNI.exe
  C:\Windows\System\eEYgXNI.exe
  2⤵
  PID:14524
- C:\Windows\System\AlYbeoz.exe
  C:\Windows\System\AlYbeoz.exe
  2⤵
  PID:14552
- C:\Windows\System\JYxAStr.exe
  C:\Windows\System\JYxAStr.exe
  2⤵
  PID:14580
- C:\Windows\System\sAQQQNK.exe
  C:\Windows\System\sAQQQNK.exe
  2⤵
  PID:14608
- C:\Windows\System\bOvByAv.exe
  C:\Windows\System\bOvByAv.exe
  2⤵
  PID:14636
- C:\Windows\System\jUJucTW.exe
  C:\Windows\System\jUJucTW.exe
  2⤵
  PID:14664
- C:\Windows\System\TfQeyiI.exe
  C:\Windows\System\TfQeyiI.exe
  2⤵
  PID:14696
- C:\Windows\System\jjAMEVZ.exe
  C:\Windows\System\jjAMEVZ.exe
  2⤵
  PID:14724
- C:\Windows\System\EWExKZU.exe
  C:\Windows\System\EWExKZU.exe
  2⤵
  PID:14752
- C:\Windows\System\TAbRZOQ.exe
  C:\Windows\System\TAbRZOQ.exe
  2⤵
  PID:14780
- C:\Windows\System\czPrgeS.exe
  C:\Windows\System\czPrgeS.exe
  2⤵
  PID:14808
- C:\Windows\System\dPyxbna.exe
  C:\Windows\System\dPyxbna.exe
  2⤵
  PID:14836
- C:\Windows\System\gPKOOeY.exe
  C:\Windows\System\gPKOOeY.exe
  2⤵
  PID:14864
- C:\Windows\System\WliFOnj.exe
  C:\Windows\System\WliFOnj.exe
  2⤵
  PID:14892
- C:\Windows\System\HVTVUrt.exe
  C:\Windows\System\HVTVUrt.exe
  2⤵
  PID:14920
- C:\Windows\System\zVpgtKQ.exe
  C:\Windows\System\zVpgtKQ.exe
  2⤵
  PID:14948
- C:\Windows\System\qWPFyew.exe
  C:\Windows\System\qWPFyew.exe
  2⤵
  PID:14976
- C:\Windows\System\rqwkCtl.exe
  C:\Windows\System\rqwkCtl.exe
  2⤵
  PID:15004
- C:\Windows\System\irVeEAp.exe
  C:\Windows\System\irVeEAp.exe
  2⤵
  PID:15032
- C:\Windows\System\XAzFJrC.exe
  C:\Windows\System\XAzFJrC.exe
  2⤵
  PID:15060
- C:\Windows\System\TbqiewY.exe
  C:\Windows\System\TbqiewY.exe
  2⤵
  PID:15088
- C:\Windows\System\looiOco.exe
  C:\Windows\System\looiOco.exe
  2⤵
  PID:15116
- C:\Windows\System\zmjMJuY.exe
  C:\Windows\System\zmjMJuY.exe
  2⤵
  PID:15144
- C:\Windows\System\GIOYoHU.exe
  C:\Windows\System\GIOYoHU.exe
  2⤵
  PID:15172
- C:\Windows\System\kkFcrCb.exe
  C:\Windows\System\kkFcrCb.exe
  2⤵
  PID:15200
- C:\Windows\System\PIVxyxP.exe
  C:\Windows\System\PIVxyxP.exe
  2⤵
  PID:15228
- C:\Windows\System\rNbAnIt.exe
  C:\Windows\System\rNbAnIt.exe
  2⤵
  PID:15256
- C:\Windows\System\xEkRGvr.exe
  C:\Windows\System\xEkRGvr.exe
  2⤵
  PID:15284
- C:\Windows\System\tpTWDfa.exe
  C:\Windows\System\tpTWDfa.exe
  2⤵
  PID:15312
- C:\Windows\System\ibzYXVa.exe
  C:\Windows\System\ibzYXVa.exe
  2⤵
  PID:15340
- C:\Windows\System\ujZDvdY.exe
  C:\Windows\System\ujZDvdY.exe
  2⤵
  PID:14340
- C:\Windows\System\bjCehdD.exe
  C:\Windows\System\bjCehdD.exe
  2⤵
  PID:468
- C:\Windows\System\BAJUGxG.exe
  C:\Windows\System\BAJUGxG.exe
  2⤵
  PID:14380
- C:\Windows\System\fRsXKsE.exe
  C:\Windows\System\fRsXKsE.exe
  2⤵
  PID:7976
- C:\Windows\System\DAVpdzo.exe
  C:\Windows\System\DAVpdzo.exe
  2⤵
  PID:14464
- C:\Windows\System\FUAvkYb.exe
  C:\Windows\System\FUAvkYb.exe
  2⤵
  PID:516
- C:\Windows\System\OedLrwJ.exe
  C:\Windows\System\OedLrwJ.exe
  2⤵
  PID:5216
- C:\Windows\System\bgATChZ.exe
  C:\Windows\System\bgATChZ.exe
  2⤵
  PID:5328
- C:\Windows\System\tCFuvnW.exe
  C:\Windows\System\tCFuvnW.exe
  2⤵
  PID:7400
- C:\Windows\System\NdRkowV.exe
  C:\Windows\System\NdRkowV.exe
  2⤵
  PID:5492
- C:\Windows\System\VDSqZgi.exe
  C:\Windows\System\VDSqZgi.exe
  2⤵
  PID:7844
- C:\Windows\System\YRbowsB.exe
  C:\Windows\System\YRbowsB.exe
  2⤵
  PID:5812
- C:\Windows\System\WtdgVcz.exe
  C:\Windows\System\WtdgVcz.exe
  2⤵
  PID:14720
- C:\Windows\System\ySCMXJI.exe
  C:\Windows\System\ySCMXJI.exe
  2⤵
  PID:7348
- C:\Windows\System\NFVowpR.exe
  C:\Windows\System\NFVowpR.exe
  2⤵
  PID:6020
- C:\Windows\System\cUdSrkZ.exe
  C:\Windows\System\cUdSrkZ.exe
  2⤵
  PID:14828
- C:\Windows\System\MzhzoYA.exe
  C:\Windows\System\MzhzoYA.exe
  2⤵
  PID:14856
- C:\Windows\System\wzbnZrn.exe
  C:\Windows\System\wzbnZrn.exe
  2⤵
  PID:14884
- C:\Windows\System\GAsepvq.exe
  C:\Windows\System\GAsepvq.exe
  2⤵
  PID:14916
- C:\Windows\System\rcCZDRt.exe
  C:\Windows\System\rcCZDRt.exe
  2⤵
  PID:14944
- C:\Windows\System\OVFKzuC.exe
  C:\Windows\System\OVFKzuC.exe
  2⤵
  PID:8264
- C:\Windows\System\eBrHTFY.exe
  C:\Windows\System\eBrHTFY.exe
  2⤵
  PID:5140
- C:\Windows\System\nZajTza.exe
  C:\Windows\System\nZajTza.exe
  2⤵
  PID:15056
- C:\Windows\System\JmtjHOG.exe
  C:\Windows\System\JmtjHOG.exe
  2⤵
  PID:15084
- C:\Windows\System\dXObBYl.exe
  C:\Windows\System\dXObBYl.exe
  2⤵
  PID:15136
- C:\Windows\System\oWJqrRw.exe
  C:\Windows\System\oWJqrRw.exe
  2⤵
  PID:15168
- C:\Windows\System\XrASjCb.exe
  C:\Windows\System\XrASjCb.exe
  2⤵
  PID:15192
- C:\Windows\System\nNhxOMO.exe
  C:\Windows\System\nNhxOMO.exe
  2⤵
  PID:15240
- C:\Windows\System\LSysAfg.exe
  C:\Windows\System\LSysAfg.exe
  2⤵
  PID:15276
- C:\Windows\System\aXclAvj.exe
  C:\Windows\System\aXclAvj.exe
  2⤵
  PID:8524
- C:\Windows\System\SWzHADl.exe
  C:\Windows\System\SWzHADl.exe
  2⤵
  PID:15352
- C:\Windows\System\uBlPPYH.exe
  C:\Windows\System\uBlPPYH.exe
  2⤵
  PID:6344
- C:\Windows\System\RAvINHg.exe
  C:\Windows\System\RAvINHg.exe
  2⤵
  PID:6060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\DCUgfVQ.exe

Filesize
6.0MB

MD5
fb854510af75f8fe242d054ce659f183

SHA1
de325a72897449b1bdf8bd69c00a025263dbf80a

SHA256
25b0242795e0115d5839c38bcb599411612ba4d271fd298d51571b61fe37b112

SHA512
28eb62661d52c1b544f7545a209d142766f02cd192ac308ef96fa2ea03386187518c2c000e311cda7765c37315c20a60318654c228b9d6c5234cf19ca351593b

Download Submit
C:\Windows\System\EBksLPs.exe

Filesize
6.0MB

MD5
544d110c38bec1ed2bd940bb734639b0

SHA1
9568932ae0ac5d72d13d18de93e07f03963a4214

SHA256
9a6d4135d34c9c0137f2df8e802ce7b06c5a071acb6d5e21467b0cbcd2bef37e

SHA512
1be4937d30c752657720cbb1cba23298dd81243394ec143158be927fd4e698e302422dc68b3d3afad947cbb5c90f12c0f589d38a437f37953b8262cc7a26e3b6

Download Submit
C:\Windows\System\GMAjyPB.exe

Filesize
6.0MB

MD5
78005ae6fc786898138988d0bf77681d

SHA1
7f2c0090d1e3b3f0b3e801fb86e99f095b30fe0b

SHA256
2b5930408b6e1c18d09c779bad7cb7af15025b741a5dfd6843b891d35c1dce25

SHA512
83d802156b1135d8cf571e884d038104d048a789f8f9cb877d2d1712f6813ebc96fff17c1558d23a56bdc8e9071e9bb90ae8601579b9bd910dcbed0ff1cf93ab

Download Submit
C:\Windows\System\GYcjdPP.exe

Filesize
6.0MB

MD5
16b9e770754f3948d478fc1eab5d5da5

SHA1
ba1853ccb50e54f038f28b52ae87680e3c2e1861

SHA256
b3b3ce4c02d7efaa530f56f134a0cb5f2becc46a0517b0d67a7a8f539e9c0b19

SHA512
fc28ac33a0d6fc2d1f78e794b9bfe0ca18e9c80e4fdf8fc2ec0c9ff8c9decac0db28b614e6a32e1dc2ed31fd8671861cb9c1ac2aa3a9143db684fb464b9810c5

Download Submit
C:\Windows\System\IrBnGya.exe

Filesize
6.0MB

MD5
0f711f04b13192d8b4e8936c45994920

SHA1
d2cc9a78fed4a5f71c374649e46b66cf21eed759

SHA256
4d17d35efa223a78fbfb7ca5e8f824cc8a74bc58c0aaa28860638fc90962df34

SHA512
5754aa725bf8079192e432822bded99993184716777f7379709e3cb0baa4b3a3e4d5e5ccc745513c3ff32333b52431a2792d9077bbf12038cea76f5dc00187ea

Download Submit
C:\Windows\System\JSvnKkD.exe

Filesize
6.0MB

MD5
f4a0a2b558a9b489f94378220b3639cc

SHA1
c2030302ea9d72b6e8d882739b130cb2ca99524d

SHA256
4138a24bf68267d16989381ee513d0055137d94ba84a6027c252cbb07cddb411

SHA512
7b51e163f31275a13a7e60a0710afc7b48774c3c88bd2d4c0249f4a991066eb7a2403f973fb256bd4081bba1d8565f0437054a7d026544e2445c6bfcb8071d83

Download Submit
C:\Windows\System\LOOMjaj.exe

Filesize
6.0MB

MD5
f8591422fbba05945984c01522bbd424

SHA1
ade8c731f67cb10128550b6711d26c85435b8399

SHA256
380a92657c714eb7339ebdf5d80119a2c4995a58040b602153e2e9fdc8c99966

SHA512
90cb22b1efaefe9534f35d289247db2c9c4113288151a77edde65fec65c8d5b41ce865852b1a5a55e3318f58a4785324911f49e80530b5cc84ce8960e2bc1ac5

Download Submit
C:\Windows\System\MlfOxYs.exe

Filesize
6.0MB

MD5
5efed17a1c4eac90d85f948b48f6f2f1

SHA1
08ff134290868654f5e4d3862a5b5c97a0c8d26e

SHA256
0474a5d6eb862db32ad1966596f348c2c5152187095a7a5289fb6dde1c08eb6e

SHA512
dda9ed5389fd34bf839037dd88cfe9e82c307c5ffce68c9718a6c9c691cb543470c52febdb04c4d5b9f96d44ca328ee65bf59bbc02e45d254ea0fd5c1d12bb53

Download Submit
C:\Windows\System\MmvzQAn.exe

Filesize
6.0MB

MD5
91b5ca750ff0bfcabc217bfa514b5bba

SHA1
4dd12744df4b0488f267093206f1692228fe1bd8

SHA256
50d32a68baf4665db4a205d6a13f32199881e16a2e7113cf0cd662437acc41b8

SHA512
c69c7d99aa6b9a69581b0c2e26a160e340eb645cd8db8994a390486eb80ba73bb4e3b5cdff2bcc5a98cad664bec71033e3074d4c77c49b3719e3fe20ad51284b

Download Submit
C:\Windows\System\NfFjDnI.exe

Filesize
6.0MB

MD5
e8aae4d35a4289506ca95fbf9af24374

SHA1
8b952693e81727394f751db4787b3221b55c2ac2

SHA256
2d302a23d30d354b98f6b8d50826f6b63352b400a8e71357ab8c2b27788fab61

SHA512
6e515a7e3f32510af1a2681da86ff1fac582442edd211876105dc3d26b1c3d571da6d78cfe242bd88064938f0e3263533189d69fd062be174e3b881951a7b814

Download Submit
C:\Windows\System\NmFTwnJ.exe

Filesize
6.0MB

MD5
83c785c1885acf72859028a3ce373a2d

SHA1
bc22f63df6ccc1fd3354a034cae9495dd71d1ff3

SHA256
7bca482b8bd9b4bdda26dc8571d6398a91c10e005b4340e70b5cf8a7e727d8c4

SHA512
5a2b9e787f061f75dfb28a8d2c92b14b4efc75840aacfe1d4192ba1570b4d456d0f8e876da8f79f75c21cd7b2b5cc356fb5be783880c253abb6ce0bf7ea133fd

Download Submit
C:\Windows\System\UFcohLp.exe

Filesize
6.0MB

MD5
b74116dea08d5aa13c4165242c68defe

SHA1
1f3c5ac9f9d884768b20c9192644772b34b8ac33

SHA256
d2801254331047d14e500c4bcd81d0ac7ba0ab1a3929cda8efed7b5edfd037e4

SHA512
699de180dc55824634ee6a250591119753a93fa8f4ac447a052d0b031ca7fd094da2b5d214a7eee9b08d04e6c2508238358b0ba47ebdbb231aeb7b830e8eb5ae

Download Submit
C:\Windows\System\UIPrAnE.exe

Filesize
6.0MB

MD5
4ccd3da276f3d1d7d343d158ef902d42

SHA1
6f71717832e632de7688379807245c76f2b9b1e4

SHA256
f64f5359147b95eb70283de26fdce56889dcad4a927a4ecaef21e8c638fd0d88

SHA512
6310fdbd10c7c5d372ed9ae6fac111ee7848d371475c46fcb504a6808dc550a403a611234107f3ea7ed95ab5a6ce5d198989d92d6e8488abda33e8240ca2fe5a

Download Submit
C:\Windows\System\WUkRgRM.exe

Filesize
6.0MB

MD5
d6a7dd1923fbf907777c7d84e9b9cae7

SHA1
62d92ead4948932422aec19e1af71e5d8f55b005

SHA256
a48119d5b903e5c4f98246339a4214061901958fbaff9513574fa99c8ceaf2c9

SHA512
1b5199346afa4418b1870ae2162b91a9bba12f99a8e8a3b54a30ff6398563b6cd7c4c75014051b90e3bcd6303e0a9ba7ef9ec848b21e1dbac0cab5fa6b89d7f1

Download Submit
C:\Windows\System\boGmUqj.exe

Filesize
6.0MB

MD5
d61c341658a24184ba3e24a9dd780081

SHA1
74d9c0e491a9a9b642d2b450afc4674cd1e70eff

SHA256
af3ed76b9972c68396f745c345f68f3e0b834208db80ff8ed3c04bb1b62a0fad

SHA512
be27ea44c3d90f97442bc461e56a6e96ff686ca05d9fb8e1148f6142b8f98051cdfeb8d1202010422238ecb8c72c3387053ec2098a731f82440273d5d9972984

Download Submit
C:\Windows\System\cHNkVzY.exe

Filesize
6.0MB

MD5
5396b1d31c62a402f999f29586dac291

SHA1
6929275acefecde49fceb43fad0c9bef050e8741

SHA256
2cb01320788253696956725167d0e241d238cfcba1ad56ce386a7a6a058ac0b7

SHA512
2a2a8433fd212c557fccc506aa25fb9879da5f2d859779efa3186e9277d9c27ac935e185e6f4ceb54f3d10c049ca6d5c6ea29a63412249fa7c18619a84481bae

Download Submit
C:\Windows\System\fgaqKtI.exe

Filesize
6.0MB

MD5
e3c3b2d3eead7caec83ab96e7f1232c4

SHA1
34e4dc294b1373b882c2904c271b321b26c7874a

SHA256
6f753b533c2eb917ba6c695d3abff823478ab466b8f0c8e9e595286316e9a8c9

SHA512
3d9cbe963a25ae63e816902c522fa11116f2d1e5a2765fe621f28c99355c2be258b9aea3e5933accb5cbf1c6ff787bf99b1d5e65a15f461ec58f0197eabcd6d8

Download Submit
C:\Windows\System\fyFGcFO.exe

Filesize
6.0MB

MD5
1c0f031726f6d74ce9c2d82614dad102

SHA1
431b4c03be603e6e3db5d42d7105be8b08d0d87e

SHA256
ef5db9e98544b9045f09c7a8aa8af9a5be39c53f09bf597bf97f530c0e02a644

SHA512
eeaf60a05fda5835bfd8f0d71baad54d5e8d1d868d052356abfc74a54184ff985811f925198bdba943eb9233b6d412d8d6f6f491a7d3d6ddbe85a4cb636790cc

Download Submit
C:\Windows\System\gDliwuG.exe

Filesize
6.0MB

MD5
c324f16f042b4dbf49f3c4bd77a9ad4e

SHA1
24d1ec947bd97924b51937a5a6861a7b7964e335

SHA256
62965a404b31bfb2b90a1ed460fbf9598d4c038b25d14b99803ad70244d818ef

SHA512
9427291fa129f3c252d69d5621d45c632d39b9a989ddb65ab08d5db4f16e098ff46c124ea2bedd13762e9bc58359a7eea88e146e28da189fe932aab5a6e77cf4

Download Submit
C:\Windows\System\hLlBnfW.exe

Filesize
6.0MB

MD5
c98fd643cf9f5edb46d13b507cf00d2b

SHA1
04e7bc760f388eabc5abe79a8c7ce154a7278ff1

SHA256
d8e67f7d0c0eeadd70124776c9c75fa3ac1f75a27a5d13883835c505d606fe69

SHA512
99e470d325f14796eceaef5587c51887db4442a81c25ef853af3462ad76e480b6e32aa796c12487d9b42203131c9f97b0dda22a429c3ddc81dc24d2bb8c9faef

Download Submit
C:\Windows\System\isaYtAL.exe

Filesize
6.0MB

MD5
d193dc7cf9af2b8bf0f0e65e8062eea8

SHA1
a505dfadfb49d48c0d67aa4a1a56d5080f10ef27

SHA256
fb5432ed9204c71f05cc1d015a1e037446b4e72207cad44e819600a85c15b520

SHA512
2e1d86b22e4d37d7a894c0950c24b593c5e19c286384051201c9438ea3b27f3e391a3cb88f705ac0df6146514269b55940ae80916e9003361153ca769a1bee9d

Download Submit
C:\Windows\System\mvvAlsO.exe

Filesize
6.0MB

MD5
ec9b57162d6751b5800d887205f1b8b7

SHA1
41fb4dbebac6f1025a22b2a0d6510381c2088ccc

SHA256
85f333bfc07fabc206e1ae9d84e89c6f0450becaaf6804e1df3b9e0504b5be54

SHA512
91ab86c902b33dfce8aeb3f669d42a8d1a846febf4bd27a41d3298c038b818f3b0b593c6748905655ed3d1a6266b66523ed1630fda5f46f1d049cf5a2105e9a6

Download Submit
C:\Windows\System\nJInkby.exe

Filesize
6.0MB

MD5
e9e849aff4234c784b75492adef54be3

SHA1
8097923b84229878214083c551da60ced28a164f

SHA256
00c98066433d81ae916d2e0c0542e42ce01bb6ca02d7188ec6d0bd74cb56fe4c

SHA512
c6e19a731a173747bcb4b259f41839e232b6fb199cd31ef1688e5debc3d05ca3bb6957c7db1990dae7c284d4b33b2a0fd727d0e34aad06e7b173c6efc0405682

Download Submit
C:\Windows\System\pXpJCbV.exe

Filesize
6.0MB

MD5
40249056f158dafa110c70c0cbe59115

SHA1
3249b2ece6c4d07618fbdf2d0e5deec736c34edd

SHA256
0aa76aed98a650f4d6a409bb14147bbb8109fbec7ac77c0b6a68dac272390fbd

SHA512
829cb1e50992abeb6b4108334709dc0d1b3675fee16d2627db3b0c685c8b9db5e455cde361d5a443b4f188fefa0099fc9be0934c5750764ace25eaeaa455e4f3

Download Submit
C:\Windows\System\rwrZkqd.exe

Filesize
6.0MB

MD5
5f9a4ba93f444cd0ee3c980b0ab59a54

SHA1
694c2906be399092e0422d389a68ab8d1b3b0cf0

SHA256
9430b3201eb1f27abff578402c84c8e8937a9f3f5907797e240ca49dad335ae2

SHA512
ed481371b4b9e8c0273b11ae48c70b24c76b1efe9323eea744174f5b25f71f84cdb5223b46b549dc1ac17bd4e8f04f72f0d5891c4cfd867699da128c21bc462f

Download Submit
C:\Windows\System\tFPDhDs.exe

Filesize
6.0MB

MD5
afdd4efa33f1c5ca816f7b437d1978ba

SHA1
169bbd878a6b5cba5c6a021316643528b7372fae

SHA256
475411fa26c271e33201ef440c1b21f9087d97caf6a7653616a6e6434071369f

SHA512
648085e65d31608aa0edc335d1c3416a928a427e701a5f43f7484e28ea7646f6b8ec2684e4a9b734a8c55819f521d8e7b5f27bc1c793a08dacfcfd8fa8b9eb5c

Download Submit
C:\Windows\System\udCcaOD.exe

Filesize
6.0MB

MD5
a794f371caeb9e508f368a09e50dcbf9

SHA1
e85e36504cb979d4f03f5bd5b213ce2a5e2838e9

SHA256
fe72f619611fb018aa6362217e7105889631495ab940c8b19d417b18d6711951

SHA512
9106c7d0f1668e482e5c4575bb3842793bfd593304968ad266ba9ff5ab5319a3c1505b1ab0136a91815707b7f9ab3905e39f5706b05b93130715ae0d3538ecf8

Download Submit
C:\Windows\System\ulTxBmW.exe

Filesize
6.0MB

MD5
340037ffd2066a4c47e0b93872216c8b

SHA1
4e7097828ecb4f432f7c5b30ba41f411efdb040e

SHA256
54edd1c95b29c0fdab5ec1b90aaf20d2050e1c952cfd79f33099d979bba6ae2d

SHA512
586e744c8c3122faf1affaed4f3d8bf239c7a9a9a37b35d027da2132fceb78da1ddf899824a3ae5a2db9e0cb15ee484722bb7b6c64f8b3f01632799f32f18e1d

Download Submit
C:\Windows\System\vGiWtcr.exe

Filesize
6.0MB

MD5
f52b67aacaa5eb6f903f12952b8e9b32

SHA1
7c029d0001c4e6e944b50fae34bb976f5e8a4a87

SHA256
59ceba13bc3be86713c4f45fe0cd64947db641efea1a74aae5e1012cfad8f271

SHA512
91ef99a37773f1cc233e6ba33b6881c8d1939a26c6f4d97dd3cbde78ae3e2b25073c28d50a558b0c0e7cd75dcf9f3b284b13c4a4ddf938c46c296209c6be9b72

Download Submit
C:\Windows\System\vfTmuhS.exe

Filesize
6.0MB

MD5
1b2dfdb17c1a5a1966a0f1e437d038e6

SHA1
37c15db87ad9bbc0164a5e6dba60c9d79129d004

SHA256
93d6de2b1a88f1c3918402ad18be568b93405384b8219fa8e1883fe62b6c0e25

SHA512
ef6d0cca0cad4bf01972c70949b1f225659960afda201a05ffefcff7587f5c57e00fb9311155edcd170f8ebb1a1f8cf796fea8f31d12aa719b6bc91ada76f42a

Download Submit
C:\Windows\System\wujwkhE.exe

Filesize
6.0MB

MD5
a7c0d69e19398a07cca48f315809143d

SHA1
e25f430fa97e03dd5272c0cb59a7ef496f20bf52

SHA256
a5194c8624d94370c812e2a5868aa4aa00edc2140a825eb67864c8afb25a6c3d

SHA512
eee62d78c91d43a437cc09b34373520f313901a2b28ab4fc76b349df6ba4e5117501e39a4296f1f612a158bf06ee3d2ae522e9d29d2066ad3cebbf7ba44b58d2

Download Submit
C:\Windows\System\zSkJvnA.exe

Filesize
6.0MB

MD5
8f6c0f87fea02fa18010e09b16243754

SHA1
92bd3d765411119f9603817f381714af43aa3fef

SHA256
174d089a3ed701be3b7b38e6fae780cbe9c6d029beb41264d82dbb34e093ddb4

SHA512
79d7ec8d24ee4b595bb7d099eb3bbfd8367af9e995c9f1457191e475068a5e8a0c0165d35e3d4eb01313e23dab11e84db333263457df01f3de71aff88f2d23f4

Download Submit
memory/736-621-0x00007FF7A0050000-0x00007FF7A03A4000-memory.dmp

Filesize
3.3MB

Download
memory/736-137-0x00007FF7A0050000-0x00007FF7A03A4000-memory.dmp

Filesize
3.3MB

Download
memory/736-2026-0x00007FF7A0050000-0x00007FF7A03A4000-memory.dmp

Filesize
3.3MB

Download
memory/776-143-0x00007FF6B3210000-0x00007FF6B3564000-memory.dmp

Filesize
3.3MB

Download
memory/776-80-0x00007FF6B3210000-0x00007FF6B3564000-memory.dmp

Filesize
3.3MB

Download
memory/776-1478-0x00007FF6B3210000-0x00007FF6B3564000-memory.dmp

Filesize
3.3MB

Download
memory/928-1134-0x00007FF7CD8C0000-0x00007FF7CDC14000-memory.dmp

Filesize
3.3MB

Download
memory/928-87-0x00007FF7CD8C0000-0x00007FF7CDC14000-memory.dmp

Filesize
3.3MB

Download
memory/928-29-0x00007FF7CD8C0000-0x00007FF7CDC14000-memory.dmp

Filesize
3.3MB

Download
memory/1104-148-0x00007FF611760000-0x00007FF611AB4000-memory.dmp

Filesize
3.3MB

Download
memory/1104-1480-0x00007FF611760000-0x00007FF611AB4000-memory.dmp

Filesize
3.3MB

Download
memory/1104-88-0x00007FF611760000-0x00007FF611AB4000-memory.dmp

Filesize
3.3MB

Download
memory/1144-108-0x00007FF72AAD0000-0x00007FF72AE24000-memory.dmp

Filesize
3.3MB

Download
memory/1144-1139-0x00007FF72AAD0000-0x00007FF72AE24000-memory.dmp

Filesize
3.3MB

Download
memory/1144-41-0x00007FF72AAD0000-0x00007FF72AE24000-memory.dmp

Filesize
3.3MB

Download
memory/1308-155-0x00007FF713EE0000-0x00007FF714234000-memory.dmp

Filesize
3.3MB

Download
memory/1308-96-0x00007FF713EE0000-0x00007FF714234000-memory.dmp

Filesize
3.3MB

Download
memory/1308-1485-0x00007FF713EE0000-0x00007FF714234000-memory.dmp

Filesize
3.3MB

Download
memory/1468-179-0x00007FF680970000-0x00007FF680CC4000-memory.dmp

Filesize
3.3MB

Download
memory/1468-915-0x00007FF680970000-0x00007FF680CC4000-memory.dmp

Filesize
3.3MB

Download
memory/1468-2092-0x00007FF680970000-0x00007FF680CC4000-memory.dmp

Filesize
3.3MB

Download
memory/1748-1399-0x00007FF7EC4B0000-0x00007FF7EC804000-memory.dmp

Filesize
3.3MB

Download
memory/1748-73-0x00007FF7EC4B0000-0x00007FF7EC804000-memory.dmp

Filesize
3.3MB

Download
memory/2032-2086-0x00007FF7BF290000-0x00007FF7BF5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2032-160-0x00007FF7BF290000-0x00007FF7BF5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2044-1493-0x00007FF6CC450000-0x00007FF6CC7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2044-103-0x00007FF6CC450000-0x00007FF6CC7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2044-164-0x00007FF6CC450000-0x00007FF6CC7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1383-0x00007FF6F2870000-0x00007FF6F2BC4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-116-0x00007FF6F2870000-0x00007FF6F2BC4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-48-0x00007FF6F2870000-0x00007FF6F2BC4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-857-0x00007FF6B54F0000-0x00007FF6B5844000-memory.dmp

Filesize
3.3MB

Download
memory/2588-2093-0x00007FF6B54F0000-0x00007FF6B5844000-memory.dmp

Filesize
3.3MB

Download
memory/2588-172-0x00007FF6B54F0000-0x00007FF6B5844000-memory.dmp

Filesize
3.3MB

Download
memory/2668-1387-0x00007FF7B0690000-0x00007FF7B09E4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-123-0x00007FF7B0690000-0x00007FF7B09E4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-56-0x00007FF7B0690000-0x00007FF7B09E4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-76-0x00007FF624C90000-0x00007FF624FE4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1-0x00000274960A0000-0x00000274960B0000-memory.dmp

Filesize
64KB

Download
memory/2676-0-0x00007FF624C90000-0x00007FF624FE4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-38-0x00007FF6AEE30000-0x00007FF6AF184000-memory.dmp

Filesize
3.3MB

Download
memory/2712-1140-0x00007FF6AEE30000-0x00007FF6AF184000-memory.dmp

Filesize
3.3MB

Download
memory/2712-102-0x00007FF6AEE30000-0x00007FF6AF184000-memory.dmp

Filesize
3.3MB

Download
memory/2812-1980-0x00007FF6B0FD0000-0x00007FF6B1324000-memory.dmp

Filesize
3.3MB

Download
memory/2812-125-0x00007FF6B0FD0000-0x00007FF6B1324000-memory.dmp

Filesize
3.3MB

Download
memory/2812-191-0x00007FF6B0FD0000-0x00007FF6B1324000-memory.dmp

Filesize
3.3MB

Download
memory/2924-802-0x00007FF647B30000-0x00007FF647E84000-memory.dmp

Filesize
3.3MB

Download
memory/2924-2090-0x00007FF647B30000-0x00007FF647E84000-memory.dmp

Filesize
3.3MB

Download
memory/2924-165-0x00007FF647B30000-0x00007FF647E84000-memory.dmp

Filesize
3.3MB

Download
memory/3168-119-0x00007FF610D30000-0x00007FF611084000-memory.dmp

Filesize
3.3MB

Download
memory/3168-1967-0x00007FF610D30000-0x00007FF611084000-memory.dmp

Filesize
3.3MB

Download
memory/3168-184-0x00007FF610D30000-0x00007FF611084000-memory.dmp

Filesize
3.3MB

Download
memory/3176-147-0x00007FF73EDA0000-0x00007FF73F0F4000-memory.dmp

Filesize
3.3MB

Download
memory/3176-623-0x00007FF73EDA0000-0x00007FF73F0F4000-memory.dmp

Filesize
3.3MB

Download
memory/3176-2077-0x00007FF73EDA0000-0x00007FF73F0F4000-memory.dmp

Filesize
3.3MB

Download
memory/3428-194-0x00007FF6E56D0000-0x00007FF6E5A24000-memory.dmp

Filesize
3.3MB

Download
memory/3428-1034-0x00007FF6E56D0000-0x00007FF6E5A24000-memory.dmp

Filesize
3.3MB

Download
memory/3428-2098-0x00007FF6E56D0000-0x00007FF6E5A24000-memory.dmp

Filesize
3.3MB

Download
memory/3932-585-0x00007FF74E9B0000-0x00007FF74ED04000-memory.dmp

Filesize
3.3MB

Download
memory/3932-1978-0x00007FF74E9B0000-0x00007FF74ED04000-memory.dmp

Filesize
3.3MB

Download
memory/3932-132-0x00007FF74E9B0000-0x00007FF74ED04000-memory.dmp

Filesize
3.3MB

Download
memory/4148-2084-0x00007FF745D80000-0x00007FF7460D4000-memory.dmp

Filesize
3.3MB

Download
memory/4148-701-0x00007FF745D80000-0x00007FF7460D4000-memory.dmp

Filesize
3.3MB

Download
memory/4148-152-0x00007FF745D80000-0x00007FF7460D4000-memory.dmp

Filesize
3.3MB

Download
memory/4156-1137-0x00007FF66F3A0000-0x00007FF66F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/4156-95-0x00007FF66F3A0000-0x00007FF66F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/4156-36-0x00007FF66F3A0000-0x00007FF66F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/4192-14-0x00007FF746050000-0x00007FF7463A4000-memory.dmp

Filesize
3.3MB

Download
memory/4192-1119-0x00007FF746050000-0x00007FF7463A4000-memory.dmp

Filesize
3.3MB

Download
memory/4192-86-0x00007FF746050000-0x00007FF7463A4000-memory.dmp

Filesize
3.3MB

Download
memory/4280-1494-0x00007FF792BA0000-0x00007FF792EF4000-memory.dmp

Filesize
3.3MB

Download
memory/4280-171-0x00007FF792BA0000-0x00007FF792EF4000-memory.dmp

Filesize
3.3MB

Download
memory/4280-109-0x00007FF792BA0000-0x00007FF792EF4000-memory.dmp

Filesize
3.3MB

Download
memory/4304-1398-0x00007FF7CEAB0000-0x00007FF7CEE04000-memory.dmp

Filesize
3.3MB

Download
memory/4304-124-0x00007FF7CEAB0000-0x00007FF7CEE04000-memory.dmp

Filesize
3.3MB

Download
memory/4304-72-0x00007FF7CEAB0000-0x00007FF7CEE04000-memory.dmp

Filesize
3.3MB

Download
memory/4520-8-0x00007FF721B10000-0x00007FF721E64000-memory.dmp

Filesize
3.3MB

Download
memory/4520-1113-0x00007FF721B10000-0x00007FF721E64000-memory.dmp

Filesize
3.3MB

Download
memory/4520-79-0x00007FF721B10000-0x00007FF721E64000-memory.dmp

Filesize
3.3MB

Download
memory/4600-186-0x00007FF795BC0000-0x00007FF795F14000-memory.dmp

Filesize
3.3MB

Download
memory/4600-978-0x00007FF795BC0000-0x00007FF795F14000-memory.dmp

Filesize
3.3MB

Download
memory/4600-2096-0x00007FF795BC0000-0x00007FF795F14000-memory.dmp

Filesize
3.3MB

Download
memory/4784-1129-0x00007FF697D40000-0x00007FF698094000-memory.dmp

Filesize
3.3MB

Download
memory/4784-26-0x00007FF697D40000-0x00007FF698094000-memory.dmp

Filesize
3.3MB

Download
memory/4784-94-0x00007FF697D40000-0x00007FF698094000-memory.dmp

Filesize
3.3MB

Download
memory/4844-77-0x00007FF64AA60000-0x00007FF64ADB4000-memory.dmp

Filesize
3.3MB

Download
memory/4844-1402-0x00007FF64AA60000-0x00007FF64ADB4000-memory.dmp

Filesize
3.3MB

Download