cobaltstrike | 387da5c3384b299c5c87a509ca27c819a47d109b02d3bfa14a71cf8723e4e81a

Analysis

max time kernel
95s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-11-2024 14:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

3fbea383bc513ec86dd8ccd8e4a37a21
SHA1

ec13273d6d265db8fd041fbd918c489f90c3de00
SHA256

387da5c3384b299c5c87a509ca27c819a47d109b02d3bfa14a71cf8723e4e81a
SHA512

572f11047fce43eaad32c7423150cd8dedd357e0539a6c189900b7abe692c7be309f89a205a0d3b9e3a6ec50a3ced339bcac0b6181119054cbcacc1e012c4395
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUf:T+q56utgpPF8u/7f

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
C:\Windows\System\cCdzDrx.exe	cobalt_reflective_dll
C:\Windows\System\niZLNZP.exe	cobalt_reflective_dll
C:\Windows\System\CwIsSYx.exe	cobalt_reflective_dll
C:\Windows\System\OKQMXDJ.exe	cobalt_reflective_dll
C:\Windows\System\shTVEMN.exe	cobalt_reflective_dll
C:\Windows\System\phgOUdf.exe	cobalt_reflective_dll
C:\Windows\System\ADKUPhw.exe	cobalt_reflective_dll
C:\Windows\System\FxmEcxm.exe	cobalt_reflective_dll
C:\Windows\System\AYFpKsF.exe	cobalt_reflective_dll
C:\Windows\System\ANdPpBQ.exe	cobalt_reflective_dll
C:\Windows\System\hAZGVnk.exe	cobalt_reflective_dll
C:\Windows\System\PfgDHyv.exe	cobalt_reflective_dll
C:\Windows\System\MPweHzt.exe	cobalt_reflective_dll
C:\Windows\System\hNraUEb.exe	cobalt_reflective_dll
C:\Windows\System\nGQeRwl.exe	cobalt_reflective_dll
C:\Windows\System\hCqlsmq.exe	cobalt_reflective_dll
C:\Windows\System\GzSgxPc.exe	cobalt_reflective_dll
C:\Windows\System\HfVpbAe.exe	cobalt_reflective_dll
C:\Windows\System\wQqjQUp.exe	cobalt_reflective_dll
C:\Windows\System\WNvPmEI.exe	cobalt_reflective_dll
C:\Windows\System\NVIEOKp.exe	cobalt_reflective_dll
C:\Windows\System\SWLSZtV.exe	cobalt_reflective_dll
C:\Windows\System\PIePfVE.exe	cobalt_reflective_dll
C:\Windows\System\cnYbsUD.exe	cobalt_reflective_dll
C:\Windows\System\xCMMCqy.exe	cobalt_reflective_dll
C:\Windows\System\xwEDgxO.exe	cobalt_reflective_dll
C:\Windows\System\xuhWsSD.exe	cobalt_reflective_dll
C:\Windows\System\GugSqEI.exe	cobalt_reflective_dll
C:\Windows\System\IdgraTu.exe	cobalt_reflective_dll
C:\Windows\System\QQgzIFj.exe	cobalt_reflective_dll
C:\Windows\System\GJAdPLL.exe	cobalt_reflective_dll
C:\Windows\System\agqxRVa.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/3196-0-0x00007FF618320000-0x00007FF618674000-memory.dmp	xmrig
C:\Windows\System\cCdzDrx.exe	xmrig
C:\Windows\System\niZLNZP.exe	xmrig
behavioral2/memory/4500-8-0x00007FF7B3070000-0x00007FF7B33C4000-memory.dmp	xmrig
C:\Windows\System\CwIsSYx.exe	xmrig
C:\Windows\System\OKQMXDJ.exe	xmrig
behavioral2/memory/4820-42-0x00007FF779430000-0x00007FF779784000-memory.dmp	xmrig
behavioral2/memory/2344-51-0x00007FF6BD7B0000-0x00007FF6BDB04000-memory.dmp	xmrig
C:\Windows\System\shTVEMN.exe	xmrig
behavioral2/memory/368-56-0x00007FF690520000-0x00007FF690874000-memory.dmp	xmrig
C:\Windows\System\phgOUdf.exe	xmrig
C:\Windows\System\ADKUPhw.exe	xmrig
behavioral2/memory/312-46-0x00007FF7E3030000-0x00007FF7E3384000-memory.dmp	xmrig
C:\Windows\System\FxmEcxm.exe	xmrig
C:\Windows\System\AYFpKsF.exe	xmrig
behavioral2/memory/3804-31-0x00007FF697560000-0x00007FF6978B4000-memory.dmp	xmrig
behavioral2/memory/4716-23-0x00007FF752610000-0x00007FF752964000-memory.dmp	xmrig
C:\Windows\System\ANdPpBQ.exe	xmrig
behavioral2/memory/4160-16-0x00007FF66FEF0000-0x00007FF670244000-memory.dmp	xmrig
behavioral2/memory/436-62-0x00007FF63E440000-0x00007FF63E794000-memory.dmp	xmrig
behavioral2/memory/4212-75-0x00007FF78A250000-0x00007FF78A5A4000-memory.dmp	xmrig
C:\Windows\System\hAZGVnk.exe	xmrig
C:\Windows\System\PfgDHyv.exe	xmrig
behavioral2/memory/2360-64-0x00007FF769790000-0x00007FF769AE4000-memory.dmp	xmrig
behavioral2/memory/5068-61-0x00007FF6D5500000-0x00007FF6D5854000-memory.dmp	xmrig
C:\Windows\System\MPweHzt.exe	xmrig
behavioral2/memory/3196-83-0x00007FF618320000-0x00007FF618674000-memory.dmp	xmrig
behavioral2/memory/4500-88-0x00007FF7B3070000-0x00007FF7B33C4000-memory.dmp	xmrig
behavioral2/memory/2872-85-0x00007FF6A9590000-0x00007FF6A98E4000-memory.dmp	xmrig
behavioral2/memory/4812-84-0x00007FF73C7F0000-0x00007FF73CB44000-memory.dmp	xmrig
C:\Windows\System\hNraUEb.exe	xmrig
C:\Windows\System\nGQeRwl.exe	xmrig
behavioral2/memory/4160-96-0x00007FF66FEF0000-0x00007FF670244000-memory.dmp	xmrig
behavioral2/memory/4716-100-0x00007FF752610000-0x00007FF752964000-memory.dmp	xmrig
behavioral2/memory/3968-103-0x00007FF6B88A0000-0x00007FF6B8BF4000-memory.dmp	xmrig
behavioral2/memory/3528-106-0x00007FF69E900000-0x00007FF69EC54000-memory.dmp	xmrig
behavioral2/memory/312-109-0x00007FF7E3030000-0x00007FF7E3384000-memory.dmp	xmrig
C:\Windows\System\hCqlsmq.exe	xmrig
behavioral2/memory/4820-108-0x00007FF779430000-0x00007FF779784000-memory.dmp	xmrig
C:\Windows\System\GzSgxPc.exe	xmrig
behavioral2/memory/3804-104-0x00007FF697560000-0x00007FF6978B4000-memory.dmp	xmrig
behavioral2/memory/4616-101-0x00007FF666C00000-0x00007FF666F54000-memory.dmp	xmrig
C:\Windows\System\HfVpbAe.exe	xmrig
behavioral2/memory/368-119-0x00007FF690520000-0x00007FF690874000-memory.dmp	xmrig
C:\Windows\System\wQqjQUp.exe	xmrig
behavioral2/memory/3636-125-0x00007FF618750000-0x00007FF618AA4000-memory.dmp	xmrig
behavioral2/memory/2360-124-0x00007FF769790000-0x00007FF769AE4000-memory.dmp	xmrig
behavioral2/memory/436-123-0x00007FF63E440000-0x00007FF63E794000-memory.dmp	xmrig
behavioral2/memory/1932-118-0x00007FF7DFA30000-0x00007FF7DFD84000-memory.dmp	xmrig
behavioral2/memory/5068-117-0x00007FF6D5500000-0x00007FF6D5854000-memory.dmp	xmrig
C:\Windows\System\WNvPmEI.exe	xmrig
behavioral2/memory/5012-132-0x00007FF68E020000-0x00007FF68E374000-memory.dmp	xmrig
behavioral2/memory/4212-130-0x00007FF78A250000-0x00007FF78A5A4000-memory.dmp	xmrig
C:\Windows\System\NVIEOKp.exe	xmrig
behavioral2/memory/4904-141-0x00007FF7BA2E0000-0x00007FF7BA634000-memory.dmp	xmrig
C:\Windows\System\SWLSZtV.exe	xmrig
C:\Windows\System\PIePfVE.exe	xmrig
behavioral2/memory/3968-151-0x00007FF6B88A0000-0x00007FF6B8BF4000-memory.dmp	xmrig
C:\Windows\System\cnYbsUD.exe	xmrig
behavioral2/memory/3604-158-0x00007FF7EBBB0000-0x00007FF7EBF04000-memory.dmp	xmrig
behavioral2/memory/3788-152-0x00007FF6CB910000-0x00007FF6CBC64000-memory.dmp	xmrig
behavioral2/memory/3628-146-0x00007FF6E9580000-0x00007FF6E98D4000-memory.dmp	xmrig
behavioral2/memory/4812-138-0x00007FF73C7F0000-0x00007FF73CB44000-memory.dmp	xmrig
behavioral2/memory/3528-161-0x00007FF69E900000-0x00007FF69EC54000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

cCdzDrx.exeniZLNZP.exeANdPpBQ.exeOKQMXDJ.exeCwIsSYx.exeAYFpKsF.exeADKUPhw.exeshTVEMN.exeFxmEcxm.exephgOUdf.exehAZGVnk.exePfgDHyv.exeMPweHzt.exehNraUEb.exenGQeRwl.exeGzSgxPc.exehCqlsmq.exeHfVpbAe.exewQqjQUp.exeWNvPmEI.exeNVIEOKp.exeSWLSZtV.exePIePfVE.execnYbsUD.exexCMMCqy.exexwEDgxO.exexuhWsSD.exeagqxRVa.exeGJAdPLL.exeGugSqEI.exeQQgzIFj.exeIdgraTu.exelXldufT.exeZlIUhoV.exeCYAeHEi.exeXyxMzXd.exemTjaShF.exeuIpZqne.exeoHufJjk.exeCWbJGoX.exeUmOlkwE.exeCHxpcAb.exeMZEXoFD.exeOdFzsxY.exenyrUsYj.exeJjxBwrh.exeoURxSzR.exeJSMgBJf.exebDKpcUu.exeVkSUTYH.exeoerlzxP.exekDoUnxG.exeOfeUHqf.exeSqGgiKj.exeBfEvPXX.exetvruenH.exeRXDrNwK.exexVdKGWk.exeDphTRpk.exehcKsBXj.exeuPVCoMZ.exeSlnfSry.exeYECrAQp.exefvAjvJJ.exe

pid	process
4500	cCdzDrx.exe
4160	niZLNZP.exe
4716	ANdPpBQ.exe
3804	OKQMXDJ.exe
4820	CwIsSYx.exe
2344	AYFpKsF.exe
312	ADKUPhw.exe
368	shTVEMN.exe
436	FxmEcxm.exe
5068	phgOUdf.exe
2360	hAZGVnk.exe
4212	PfgDHyv.exe
4812	MPweHzt.exe
2872	hNraUEb.exe
4616	nGQeRwl.exe
3968	GzSgxPc.exe
3528	hCqlsmq.exe
1932	HfVpbAe.exe
3636	wQqjQUp.exe
5012	WNvPmEI.exe
4904	NVIEOKp.exe
3628	SWLSZtV.exe
3788	PIePfVE.exe
3604	cnYbsUD.exe
4664	xCMMCqy.exe
3428	xwEDgxO.exe
1816	xuhWsSD.exe
2104	agqxRVa.exe
4408	GJAdPLL.exe
3208	GugSqEI.exe
2256	QQgzIFj.exe
1940	IdgraTu.exe
3304	lXldufT.exe
4128	ZlIUhoV.exe
4344	CYAeHEi.exe
3004	XyxMzXd.exe
3152	mTjaShF.exe
736	uIpZqne.exe
3156	oHufJjk.exe
1632	CWbJGoX.exe
2676	UmOlkwE.exe
3108	CHxpcAb.exe
4200	MZEXoFD.exe
832	OdFzsxY.exe
4952	nyrUsYj.exe
4040	JjxBwrh.exe
4628	oURxSzR.exe
4852	JSMgBJf.exe
452	bDKpcUu.exe
2136	VkSUTYH.exe
1572	oerlzxP.exe
3492	kDoUnxG.exe
3140	OfeUHqf.exe
680	SqGgiKj.exe
224	BfEvPXX.exe
972	tvruenH.exe
2744	RXDrNwK.exe
4136	xVdKGWk.exe
880	DphTRpk.exe
720	hcKsBXj.exe
5004	uPVCoMZ.exe
2580	SlnfSry.exe
1856	YECrAQp.exe
3160	fvAjvJJ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/3196-0-0x00007FF618320000-0x00007FF618674000-memory.dmp	upx
C:\Windows\System\cCdzDrx.exe	upx
C:\Windows\System\niZLNZP.exe	upx
behavioral2/memory/4500-8-0x00007FF7B3070000-0x00007FF7B33C4000-memory.dmp	upx
C:\Windows\System\CwIsSYx.exe	upx
C:\Windows\System\OKQMXDJ.exe	upx
behavioral2/memory/4820-42-0x00007FF779430000-0x00007FF779784000-memory.dmp	upx
behavioral2/memory/2344-51-0x00007FF6BD7B0000-0x00007FF6BDB04000-memory.dmp	upx
C:\Windows\System\shTVEMN.exe	upx
behavioral2/memory/368-56-0x00007FF690520000-0x00007FF690874000-memory.dmp	upx
C:\Windows\System\phgOUdf.exe	upx
C:\Windows\System\ADKUPhw.exe	upx
behavioral2/memory/312-46-0x00007FF7E3030000-0x00007FF7E3384000-memory.dmp	upx
C:\Windows\System\FxmEcxm.exe	upx
C:\Windows\System\AYFpKsF.exe	upx
behavioral2/memory/3804-31-0x00007FF697560000-0x00007FF6978B4000-memory.dmp	upx
behavioral2/memory/4716-23-0x00007FF752610000-0x00007FF752964000-memory.dmp	upx
C:\Windows\System\ANdPpBQ.exe	upx
behavioral2/memory/4160-16-0x00007FF66FEF0000-0x00007FF670244000-memory.dmp	upx
behavioral2/memory/436-62-0x00007FF63E440000-0x00007FF63E794000-memory.dmp	upx
behavioral2/memory/4212-75-0x00007FF78A250000-0x00007FF78A5A4000-memory.dmp	upx
C:\Windows\System\hAZGVnk.exe	upx
C:\Windows\System\PfgDHyv.exe	upx
behavioral2/memory/2360-64-0x00007FF769790000-0x00007FF769AE4000-memory.dmp	upx
behavioral2/memory/5068-61-0x00007FF6D5500000-0x00007FF6D5854000-memory.dmp	upx
C:\Windows\System\MPweHzt.exe	upx
behavioral2/memory/3196-83-0x00007FF618320000-0x00007FF618674000-memory.dmp	upx
behavioral2/memory/4500-88-0x00007FF7B3070000-0x00007FF7B33C4000-memory.dmp	upx
behavioral2/memory/2872-85-0x00007FF6A9590000-0x00007FF6A98E4000-memory.dmp	upx
behavioral2/memory/4812-84-0x00007FF73C7F0000-0x00007FF73CB44000-memory.dmp	upx
C:\Windows\System\hNraUEb.exe	upx
C:\Windows\System\nGQeRwl.exe	upx
behavioral2/memory/4160-96-0x00007FF66FEF0000-0x00007FF670244000-memory.dmp	upx
behavioral2/memory/4716-100-0x00007FF752610000-0x00007FF752964000-memory.dmp	upx
behavioral2/memory/3968-103-0x00007FF6B88A0000-0x00007FF6B8BF4000-memory.dmp	upx
behavioral2/memory/3528-106-0x00007FF69E900000-0x00007FF69EC54000-memory.dmp	upx
behavioral2/memory/312-109-0x00007FF7E3030000-0x00007FF7E3384000-memory.dmp	upx
C:\Windows\System\hCqlsmq.exe	upx
behavioral2/memory/4820-108-0x00007FF779430000-0x00007FF779784000-memory.dmp	upx
C:\Windows\System\GzSgxPc.exe	upx
behavioral2/memory/3804-104-0x00007FF697560000-0x00007FF6978B4000-memory.dmp	upx
behavioral2/memory/4616-101-0x00007FF666C00000-0x00007FF666F54000-memory.dmp	upx
C:\Windows\System\HfVpbAe.exe	upx
behavioral2/memory/368-119-0x00007FF690520000-0x00007FF690874000-memory.dmp	upx
C:\Windows\System\wQqjQUp.exe	upx
behavioral2/memory/3636-125-0x00007FF618750000-0x00007FF618AA4000-memory.dmp	upx
behavioral2/memory/2360-124-0x00007FF769790000-0x00007FF769AE4000-memory.dmp	upx
behavioral2/memory/436-123-0x00007FF63E440000-0x00007FF63E794000-memory.dmp	upx
behavioral2/memory/1932-118-0x00007FF7DFA30000-0x00007FF7DFD84000-memory.dmp	upx
behavioral2/memory/5068-117-0x00007FF6D5500000-0x00007FF6D5854000-memory.dmp	upx
C:\Windows\System\WNvPmEI.exe	upx
behavioral2/memory/5012-132-0x00007FF68E020000-0x00007FF68E374000-memory.dmp	upx
behavioral2/memory/4212-130-0x00007FF78A250000-0x00007FF78A5A4000-memory.dmp	upx
C:\Windows\System\NVIEOKp.exe	upx
behavioral2/memory/4904-141-0x00007FF7BA2E0000-0x00007FF7BA634000-memory.dmp	upx
C:\Windows\System\SWLSZtV.exe	upx
C:\Windows\System\PIePfVE.exe	upx
behavioral2/memory/3968-151-0x00007FF6B88A0000-0x00007FF6B8BF4000-memory.dmp	upx
C:\Windows\System\cnYbsUD.exe	upx
behavioral2/memory/3604-158-0x00007FF7EBBB0000-0x00007FF7EBF04000-memory.dmp	upx
behavioral2/memory/3788-152-0x00007FF6CB910000-0x00007FF6CBC64000-memory.dmp	upx
behavioral2/memory/3628-146-0x00007FF6E9580000-0x00007FF6E98D4000-memory.dmp	upx
behavioral2/memory/4812-138-0x00007FF73C7F0000-0x00007FF73CB44000-memory.dmp	upx
behavioral2/memory/3528-161-0x00007FF69E900000-0x00007FF69EC54000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\EKLwqqZ.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JiduVSv.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QbzBjrh.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oURxSzR.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cRtyMHp.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\slPAjis.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SkGtdPV.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gIGBfQd.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fZfBhMk.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xxqzIad.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ApHmiHs.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AYFpKsF.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mJZCcbr.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bxnLVMX.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CwIsSYx.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JXxSiCs.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NpFaWVd.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HSexZfh.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QwSmuil.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SNPKEWq.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JSMgBJf.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wihUQzo.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xwHMILa.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lXLTtWz.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oZnYUzU.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ADKUPhw.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MZEXoFD.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DFNPLxZ.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MlsUMZv.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QqkelTz.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lXldufT.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xqauNvP.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PfyZmse.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qttGGVy.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mSVlYYi.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vXlMxWi.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QQgzIFj.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JIKWRZu.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IwmsnKt.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PfgDHyv.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XQeDlaW.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tbqUYCl.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CpelnaP.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EPcVPaX.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eoOwxPL.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RukvHZS.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\perPije.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kAfvxBX.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\atxZqIT.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BYCnvPt.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dzzJogf.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fNURnJA.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\inINJCn.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NbqPKkw.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EGHgrmU.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aFeWXzW.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qMHKVcl.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bUzWFPd.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VDUzqsU.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oerlzxP.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vYGtVHN.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oNqQIiZ.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PNveiJW.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BtBhmPv.exe	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 3196 wrote to memory of 4500	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	cCdzDrx.exe
PID 3196 wrote to memory of 4500	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	cCdzDrx.exe
PID 3196 wrote to memory of 4160	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	niZLNZP.exe
PID 3196 wrote to memory of 4160	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	niZLNZP.exe
PID 3196 wrote to memory of 4716	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	ANdPpBQ.exe
PID 3196 wrote to memory of 4716	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	ANdPpBQ.exe
PID 3196 wrote to memory of 3804	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	OKQMXDJ.exe
PID 3196 wrote to memory of 3804	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	OKQMXDJ.exe
PID 3196 wrote to memory of 4820	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	CwIsSYx.exe
PID 3196 wrote to memory of 4820	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	CwIsSYx.exe
PID 3196 wrote to memory of 2344	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	AYFpKsF.exe
PID 3196 wrote to memory of 2344	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	AYFpKsF.exe
PID 3196 wrote to memory of 312	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	ADKUPhw.exe
PID 3196 wrote to memory of 312	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	ADKUPhw.exe
PID 3196 wrote to memory of 436	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	FxmEcxm.exe
PID 3196 wrote to memory of 436	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	FxmEcxm.exe
PID 3196 wrote to memory of 368	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	shTVEMN.exe
PID 3196 wrote to memory of 368	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	shTVEMN.exe
PID 3196 wrote to memory of 5068	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	phgOUdf.exe
PID 3196 wrote to memory of 5068	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	phgOUdf.exe
PID 3196 wrote to memory of 2360	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	hAZGVnk.exe
PID 3196 wrote to memory of 2360	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	hAZGVnk.exe
PID 3196 wrote to memory of 4212	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	PfgDHyv.exe
PID 3196 wrote to memory of 4212	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	PfgDHyv.exe
PID 3196 wrote to memory of 4812	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	MPweHzt.exe
PID 3196 wrote to memory of 4812	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	MPweHzt.exe
PID 3196 wrote to memory of 2872	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	hNraUEb.exe
PID 3196 wrote to memory of 2872	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	hNraUEb.exe
PID 3196 wrote to memory of 4616	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	nGQeRwl.exe
PID 3196 wrote to memory of 4616	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	nGQeRwl.exe
PID 3196 wrote to memory of 3968	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	GzSgxPc.exe
PID 3196 wrote to memory of 3968	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	GzSgxPc.exe
PID 3196 wrote to memory of 3528	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	hCqlsmq.exe
PID 3196 wrote to memory of 3528	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	hCqlsmq.exe
PID 3196 wrote to memory of 1932	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	HfVpbAe.exe
PID 3196 wrote to memory of 1932	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	HfVpbAe.exe
PID 3196 wrote to memory of 3636	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	wQqjQUp.exe
PID 3196 wrote to memory of 3636	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	wQqjQUp.exe
PID 3196 wrote to memory of 5012	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	WNvPmEI.exe
PID 3196 wrote to memory of 5012	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	WNvPmEI.exe
PID 3196 wrote to memory of 4904	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	NVIEOKp.exe
PID 3196 wrote to memory of 4904	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	NVIEOKp.exe
PID 3196 wrote to memory of 3628	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	SWLSZtV.exe
PID 3196 wrote to memory of 3628	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	SWLSZtV.exe
PID 3196 wrote to memory of 3788	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	PIePfVE.exe
PID 3196 wrote to memory of 3788	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	PIePfVE.exe
PID 3196 wrote to memory of 3604	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	cnYbsUD.exe
PID 3196 wrote to memory of 3604	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	cnYbsUD.exe
PID 3196 wrote to memory of 4664	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	xCMMCqy.exe
PID 3196 wrote to memory of 4664	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	xCMMCqy.exe
PID 3196 wrote to memory of 3428	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	xwEDgxO.exe
PID 3196 wrote to memory of 3428	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	xwEDgxO.exe
PID 3196 wrote to memory of 1816	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	xuhWsSD.exe
PID 3196 wrote to memory of 1816	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	xuhWsSD.exe
PID 3196 wrote to memory of 2104	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	agqxRVa.exe
PID 3196 wrote to memory of 2104	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	agqxRVa.exe
PID 3196 wrote to memory of 4408	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	GJAdPLL.exe
PID 3196 wrote to memory of 4408	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	GJAdPLL.exe
PID 3196 wrote to memory of 1940	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	IdgraTu.exe
PID 3196 wrote to memory of 1940	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	IdgraTu.exe
PID 3196 wrote to memory of 3208	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	GugSqEI.exe
PID 3196 wrote to memory of 3208	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	GugSqEI.exe
PID 3196 wrote to memory of 2256	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	QQgzIFj.exe
PID 3196 wrote to memory of 2256	3196	2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe	QQgzIFj.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-22_3fbea383bc513ec86dd8ccd8e4a37a21_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3196
- C:\Windows\System\cCdzDrx.exe
  C:\Windows\System\cCdzDrx.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\niZLNZP.exe
  C:\Windows\System\niZLNZP.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\ANdPpBQ.exe
  C:\Windows\System\ANdPpBQ.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\OKQMXDJ.exe
  C:\Windows\System\OKQMXDJ.exe
  2⤵
  - Executes dropped EXE
  PID:3804
- C:\Windows\System\CwIsSYx.exe
  C:\Windows\System\CwIsSYx.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\AYFpKsF.exe
  C:\Windows\System\AYFpKsF.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\ADKUPhw.exe
  C:\Windows\System\ADKUPhw.exe
  2⤵
  - Executes dropped EXE
  PID:312
- C:\Windows\System\FxmEcxm.exe
  C:\Windows\System\FxmEcxm.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\shTVEMN.exe
  C:\Windows\System\shTVEMN.exe
  2⤵
  - Executes dropped EXE
  PID:368
- C:\Windows\System\phgOUdf.exe
  C:\Windows\System\phgOUdf.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\hAZGVnk.exe
  C:\Windows\System\hAZGVnk.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\PfgDHyv.exe
  C:\Windows\System\PfgDHyv.exe
  2⤵
  - Executes dropped EXE
  PID:4212
- C:\Windows\System\MPweHzt.exe
  C:\Windows\System\MPweHzt.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\hNraUEb.exe
  C:\Windows\System\hNraUEb.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\nGQeRwl.exe
  C:\Windows\System\nGQeRwl.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\GzSgxPc.exe
  C:\Windows\System\GzSgxPc.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\hCqlsmq.exe
  C:\Windows\System\hCqlsmq.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\HfVpbAe.exe
  C:\Windows\System\HfVpbAe.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\wQqjQUp.exe
  C:\Windows\System\wQqjQUp.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\WNvPmEI.exe
  C:\Windows\System\WNvPmEI.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\NVIEOKp.exe
  C:\Windows\System\NVIEOKp.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\SWLSZtV.exe
  C:\Windows\System\SWLSZtV.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\PIePfVE.exe
  C:\Windows\System\PIePfVE.exe
  2⤵
  - Executes dropped EXE
  PID:3788
- C:\Windows\System\cnYbsUD.exe
  C:\Windows\System\cnYbsUD.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\xCMMCqy.exe
  C:\Windows\System\xCMMCqy.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\xwEDgxO.exe
  C:\Windows\System\xwEDgxO.exe
  2⤵
  - Executes dropped EXE
  PID:3428
- C:\Windows\System\xuhWsSD.exe
  C:\Windows\System\xuhWsSD.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\agqxRVa.exe
  C:\Windows\System\agqxRVa.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\GJAdPLL.exe
  C:\Windows\System\GJAdPLL.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\IdgraTu.exe
  C:\Windows\System\IdgraTu.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\GugSqEI.exe
  C:\Windows\System\GugSqEI.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\QQgzIFj.exe
  C:\Windows\System\QQgzIFj.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\lXldufT.exe
  C:\Windows\System\lXldufT.exe
  2⤵
  - Executes dropped EXE
  PID:3304
- C:\Windows\System\ZlIUhoV.exe
  C:\Windows\System\ZlIUhoV.exe
  2⤵
  - Executes dropped EXE
  PID:4128
- C:\Windows\System\CYAeHEi.exe
  C:\Windows\System\CYAeHEi.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\mTjaShF.exe
  C:\Windows\System\mTjaShF.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\XyxMzXd.exe
  C:\Windows\System\XyxMzXd.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\uIpZqne.exe
  C:\Windows\System\uIpZqne.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\oHufJjk.exe
  C:\Windows\System\oHufJjk.exe
  2⤵
  - Executes dropped EXE
  PID:3156
- C:\Windows\System\CWbJGoX.exe
  C:\Windows\System\CWbJGoX.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\UmOlkwE.exe
  C:\Windows\System\UmOlkwE.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\CHxpcAb.exe
  C:\Windows\System\CHxpcAb.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System\MZEXoFD.exe
  C:\Windows\System\MZEXoFD.exe
  2⤵
  - Executes dropped EXE
  PID:4200
- C:\Windows\System\OdFzsxY.exe
  C:\Windows\System\OdFzsxY.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\nyrUsYj.exe
  C:\Windows\System\nyrUsYj.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\JjxBwrh.exe
  C:\Windows\System\JjxBwrh.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\oURxSzR.exe
  C:\Windows\System\oURxSzR.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\JSMgBJf.exe
  C:\Windows\System\JSMgBJf.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\bDKpcUu.exe
  C:\Windows\System\bDKpcUu.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\VkSUTYH.exe
  C:\Windows\System\VkSUTYH.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\oerlzxP.exe
  C:\Windows\System\oerlzxP.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\kDoUnxG.exe
  C:\Windows\System\kDoUnxG.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\OfeUHqf.exe
  C:\Windows\System\OfeUHqf.exe
  2⤵
  - Executes dropped EXE
  PID:3140
- C:\Windows\System\SqGgiKj.exe
  C:\Windows\System\SqGgiKj.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\BfEvPXX.exe
  C:\Windows\System\BfEvPXX.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\tvruenH.exe
  C:\Windows\System\tvruenH.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\RXDrNwK.exe
  C:\Windows\System\RXDrNwK.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\xVdKGWk.exe
  C:\Windows\System\xVdKGWk.exe
  2⤵
  - Executes dropped EXE
  PID:4136
- C:\Windows\System\DphTRpk.exe
  C:\Windows\System\DphTRpk.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\hcKsBXj.exe
  C:\Windows\System\hcKsBXj.exe
  2⤵
  - Executes dropped EXE
  PID:720
- C:\Windows\System\uPVCoMZ.exe
  C:\Windows\System\uPVCoMZ.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\SlnfSry.exe
  C:\Windows\System\SlnfSry.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\YECrAQp.exe
  C:\Windows\System\YECrAQp.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\fvAjvJJ.exe
  C:\Windows\System\fvAjvJJ.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\pszEQwJ.exe
  C:\Windows\System\pszEQwJ.exe
  2⤵
  PID:2484
- C:\Windows\System\IxrnZdG.exe
  C:\Windows\System\IxrnZdG.exe
  2⤵
  PID:1228
- C:\Windows\System\SEbveFz.exe
  C:\Windows\System\SEbveFz.exe
  2⤵
  PID:5088
- C:\Windows\System\yFgpgIR.exe
  C:\Windows\System\yFgpgIR.exe
  2⤵
  PID:4636
- C:\Windows\System\JUpkdJe.exe
  C:\Windows\System\JUpkdJe.exe
  2⤵
  PID:2972
- C:\Windows\System\wxSeceW.exe
  C:\Windows\System\wxSeceW.exe
  2⤵
  PID:3944
- C:\Windows\System\fPIGJQw.exe
  C:\Windows\System\fPIGJQw.exe
  2⤵
  PID:2468
- C:\Windows\System\TjWODCh.exe
  C:\Windows\System\TjWODCh.exe
  2⤵
  PID:3744
- C:\Windows\System\UtMwnRV.exe
  C:\Windows\System\UtMwnRV.exe
  2⤵
  PID:920
- C:\Windows\System\HAbopjs.exe
  C:\Windows\System\HAbopjs.exe
  2⤵
  PID:1760
- C:\Windows\System\ApHmiHs.exe
  C:\Windows\System\ApHmiHs.exe
  2⤵
  PID:3864
- C:\Windows\System\kAfvxBX.exe
  C:\Windows\System\kAfvxBX.exe
  2⤵
  PID:2812
- C:\Windows\System\WvTBxnN.exe
  C:\Windows\System\WvTBxnN.exe
  2⤵
  PID:744
- C:\Windows\System\ariEjJY.exe
  C:\Windows\System\ariEjJY.exe
  2⤵
  PID:1936
- C:\Windows\System\SZPgzRv.exe
  C:\Windows\System\SZPgzRv.exe
  2⤵
  PID:4736
- C:\Windows\System\AYMoWWD.exe
  C:\Windows\System\AYMoWWD.exe
  2⤵
  PID:1056
- C:\Windows\System\niytgGc.exe
  C:\Windows\System\niytgGc.exe
  2⤵
  PID:4496
- C:\Windows\System\XEtEZTx.exe
  C:\Windows\System\XEtEZTx.exe
  2⤵
  PID:2044
- C:\Windows\System\QznoNCu.exe
  C:\Windows\System\QznoNCu.exe
  2⤵
  PID:1232
- C:\Windows\System\UXRMBtD.exe
  C:\Windows\System\UXRMBtD.exe
  2⤵
  PID:4816
- C:\Windows\System\qXRLqFt.exe
  C:\Windows\System\qXRLqFt.exe
  2⤵
  PID:2076
- C:\Windows\System\rZOyvhX.exe
  C:\Windows\System\rZOyvhX.exe
  2⤵
  PID:1848
- C:\Windows\System\orwtCfn.exe
  C:\Windows\System\orwtCfn.exe
  2⤵
  PID:3840
- C:\Windows\System\hgGUxES.exe
  C:\Windows\System\hgGUxES.exe
  2⤵
  PID:944
- C:\Windows\System\XQeDlaW.exe
  C:\Windows\System\XQeDlaW.exe
  2⤵
  PID:1348
- C:\Windows\System\TKhWMbI.exe
  C:\Windows\System\TKhWMbI.exe
  2⤵
  PID:1852
- C:\Windows\System\saybUiE.exe
  C:\Windows\System\saybUiE.exe
  2⤵
  PID:5096
- C:\Windows\System\dUhagXF.exe
  C:\Windows\System\dUhagXF.exe
  2⤵
  PID:3392
- C:\Windows\System\fDlzTlI.exe
  C:\Windows\System\fDlzTlI.exe
  2⤵
  PID:4960
- C:\Windows\System\DpnURLN.exe
  C:\Windows\System\DpnURLN.exe
  2⤵
  PID:3856
- C:\Windows\System\vDuPQyk.exe
  C:\Windows\System\vDuPQyk.exe
  2⤵
  PID:2584
- C:\Windows\System\cTvFmSt.exe
  C:\Windows\System\cTvFmSt.exe
  2⤵
  PID:4992
- C:\Windows\System\NbKtJzY.exe
  C:\Windows\System\NbKtJzY.exe
  2⤵
  PID:540
- C:\Windows\System\mvjwjUC.exe
  C:\Windows\System\mvjwjUC.exe
  2⤵
  PID:5164
- C:\Windows\System\dCzSRMT.exe
  C:\Windows\System\dCzSRMT.exe
  2⤵
  PID:5208
- C:\Windows\System\GLkeINW.exe
  C:\Windows\System\GLkeINW.exe
  2⤵
  PID:5252
- C:\Windows\System\sGcbCNZ.exe
  C:\Windows\System\sGcbCNZ.exe
  2⤵
  PID:5288
- C:\Windows\System\uDFFpLA.exe
  C:\Windows\System\uDFFpLA.exe
  2⤵
  PID:5312
- C:\Windows\System\VyqPCar.exe
  C:\Windows\System\VyqPCar.exe
  2⤵
  PID:5340
- C:\Windows\System\FXMjChI.exe
  C:\Windows\System\FXMjChI.exe
  2⤵
  PID:5372
- C:\Windows\System\NRJqCtA.exe
  C:\Windows\System\NRJqCtA.exe
  2⤵
  PID:5400
- C:\Windows\System\THOeAAA.exe
  C:\Windows\System\THOeAAA.exe
  2⤵
  PID:5428
- C:\Windows\System\quJCkGj.exe
  C:\Windows\System\quJCkGj.exe
  2⤵
  PID:5456
- C:\Windows\System\RSGZhMH.exe
  C:\Windows\System\RSGZhMH.exe
  2⤵
  PID:5484
- C:\Windows\System\aRYlsHG.exe
  C:\Windows\System\aRYlsHG.exe
  2⤵
  PID:5508
- C:\Windows\System\cwWZxkl.exe
  C:\Windows\System\cwWZxkl.exe
  2⤵
  PID:5536
- C:\Windows\System\nFcToiE.exe
  C:\Windows\System\nFcToiE.exe
  2⤵
  PID:5568
- C:\Windows\System\ldBXFdC.exe
  C:\Windows\System\ldBXFdC.exe
  2⤵
  PID:5596
- C:\Windows\System\hwPVxyl.exe
  C:\Windows\System\hwPVxyl.exe
  2⤵
  PID:5624
- C:\Windows\System\RDGYSWY.exe
  C:\Windows\System\RDGYSWY.exe
  2⤵
  PID:5656
- C:\Windows\System\YoSfZuW.exe
  C:\Windows\System\YoSfZuW.exe
  2⤵
  PID:5680
- C:\Windows\System\KeddSUL.exe
  C:\Windows\System\KeddSUL.exe
  2⤵
  PID:5712
- C:\Windows\System\REitjqv.exe
  C:\Windows\System\REitjqv.exe
  2⤵
  PID:5744
- C:\Windows\System\aeWXYoa.exe
  C:\Windows\System\aeWXYoa.exe
  2⤵
  PID:5764
- C:\Windows\System\ssLWcRA.exe
  C:\Windows\System\ssLWcRA.exe
  2⤵
  PID:5796
- C:\Windows\System\wihUQzo.exe
  C:\Windows\System\wihUQzo.exe
  2⤵
  PID:5828
- C:\Windows\System\fNCjTFB.exe
  C:\Windows\System\fNCjTFB.exe
  2⤵
  PID:5856
- C:\Windows\System\SUJbSti.exe
  C:\Windows\System\SUJbSti.exe
  2⤵
  PID:5880
- C:\Windows\System\BhcWUyp.exe
  C:\Windows\System\BhcWUyp.exe
  2⤵
  PID:5912
- C:\Windows\System\ifHuaJY.exe
  C:\Windows\System\ifHuaJY.exe
  2⤵
  PID:5940
- C:\Windows\System\AbvRViM.exe
  C:\Windows\System\AbvRViM.exe
  2⤵
  PID:5964
- C:\Windows\System\jxUuQYM.exe
  C:\Windows\System\jxUuQYM.exe
  2⤵
  PID:5996
- C:\Windows\System\xivIiaG.exe
  C:\Windows\System\xivIiaG.exe
  2⤵
  PID:6020
- C:\Windows\System\xuJIAvr.exe
  C:\Windows\System\xuJIAvr.exe
  2⤵
  PID:6048
- C:\Windows\System\uVwtXrP.exe
  C:\Windows\System\uVwtXrP.exe
  2⤵
  PID:6080
- C:\Windows\System\SNjIlEK.exe
  C:\Windows\System\SNjIlEK.exe
  2⤵
  PID:6108
- C:\Windows\System\qkcoJom.exe
  C:\Windows\System\qkcoJom.exe
  2⤵
  PID:6136
- C:\Windows\System\xyZZXef.exe
  C:\Windows\System\xyZZXef.exe
  2⤵
  PID:5180
- C:\Windows\System\kBovPtT.exe
  C:\Windows\System\kBovPtT.exe
  2⤵
  PID:5240
- C:\Windows\System\XNymUhq.exe
  C:\Windows\System\XNymUhq.exe
  2⤵
  PID:5284
- C:\Windows\System\qtJAdUK.exe
  C:\Windows\System\qtJAdUK.exe
  2⤵
  PID:5304
- C:\Windows\System\jqUBdWw.exe
  C:\Windows\System\jqUBdWw.exe
  2⤵
  PID:5360
- C:\Windows\System\XXBHUzc.exe
  C:\Windows\System\XXBHUzc.exe
  2⤵
  PID:5436
- C:\Windows\System\OMzftgd.exe
  C:\Windows\System\OMzftgd.exe
  2⤵
  PID:5500
- C:\Windows\System\FWPQuOJ.exe
  C:\Windows\System\FWPQuOJ.exe
  2⤵
  PID:5580
- C:\Windows\System\cQinVcZ.exe
  C:\Windows\System\cQinVcZ.exe
  2⤵
  PID:5644
- C:\Windows\System\VQxuTdO.exe
  C:\Windows\System\VQxuTdO.exe
  2⤵
  PID:5700
- C:\Windows\System\OLUZfev.exe
  C:\Windows\System\OLUZfev.exe
  2⤵
  PID:5756
- C:\Windows\System\JXxSiCs.exe
  C:\Windows\System\JXxSiCs.exe
  2⤵
  PID:5816
- C:\Windows\System\GDgJWQt.exe
  C:\Windows\System\GDgJWQt.exe
  2⤵
  PID:5892
- C:\Windows\System\slPAjis.exe
  C:\Windows\System\slPAjis.exe
  2⤵
  PID:5972
- C:\Windows\System\MKSpSow.exe
  C:\Windows\System\MKSpSow.exe
  2⤵
  PID:6028
- C:\Windows\System\lozDcBL.exe
  C:\Windows\System\lozDcBL.exe
  2⤵
  PID:6088
- C:\Windows\System\SkGtdPV.exe
  C:\Windows\System\SkGtdPV.exe
  2⤵
  PID:5124
- C:\Windows\System\XsoDdXE.exe
  C:\Windows\System\XsoDdXE.exe
  2⤵
  PID:5224
- C:\Windows\System\TSmRueU.exe
  C:\Windows\System\TSmRueU.exe
  2⤵
  PID:5352
- C:\Windows\System\tfOzehv.exe
  C:\Windows\System\tfOzehv.exe
  2⤵
  PID:5520
- C:\Windows\System\EBpyEHN.exe
  C:\Windows\System\EBpyEHN.exe
  2⤵
  PID:5664
- C:\Windows\System\zBTRJHT.exe
  C:\Windows\System\zBTRJHT.exe
  2⤵
  PID:5852
- C:\Windows\System\nVpGjTi.exe
  C:\Windows\System\nVpGjTi.exe
  2⤵
  PID:5956
- C:\Windows\System\ZjtJasG.exe
  C:\Windows\System\ZjtJasG.exe
  2⤵
  PID:6132
- C:\Windows\System\MHYCohN.exe
  C:\Windows\System\MHYCohN.exe
  2⤵
  PID:3496
- C:\Windows\System\umEoyix.exe
  C:\Windows\System\umEoyix.exe
  2⤵
  PID:5740
- C:\Windows\System\JACRVEr.exe
  C:\Windows\System\JACRVEr.exe
  2⤵
  PID:6032
- C:\Windows\System\WTzwiOu.exe
  C:\Windows\System\WTzwiOu.exe
  2⤵
  PID:5576
- C:\Windows\System\wybNHtj.exe
  C:\Windows\System\wybNHtj.exe
  2⤵
  PID:1648
- C:\Windows\System\mJZCcbr.exe
  C:\Windows\System\mJZCcbr.exe
  2⤵
  PID:6156
- C:\Windows\System\IdcSoOA.exe
  C:\Windows\System\IdcSoOA.exe
  2⤵
  PID:6180
- C:\Windows\System\dwEBmKE.exe
  C:\Windows\System\dwEBmKE.exe
  2⤵
  PID:6212
- C:\Windows\System\sFEmLVN.exe
  C:\Windows\System\sFEmLVN.exe
  2⤵
  PID:6264
- C:\Windows\System\lLKAQSW.exe
  C:\Windows\System\lLKAQSW.exe
  2⤵
  PID:6320
- C:\Windows\System\ksKJdkY.exe
  C:\Windows\System\ksKJdkY.exe
  2⤵
  PID:6376
- C:\Windows\System\dIuKtKd.exe
  C:\Windows\System\dIuKtKd.exe
  2⤵
  PID:6476
- C:\Windows\System\pJPfWIR.exe
  C:\Windows\System\pJPfWIR.exe
  2⤵
  PID:6528
- C:\Windows\System\NPoSVbK.exe
  C:\Windows\System\NPoSVbK.exe
  2⤵
  PID:6552
- C:\Windows\System\tbqUYCl.exe
  C:\Windows\System\tbqUYCl.exe
  2⤵
  PID:6580
- C:\Windows\System\hzBCQCw.exe
  C:\Windows\System\hzBCQCw.exe
  2⤵
  PID:6632
- C:\Windows\System\vaAHjrA.exe
  C:\Windows\System\vaAHjrA.exe
  2⤵
  PID:6672
- C:\Windows\System\CArjXFV.exe
  C:\Windows\System\CArjXFV.exe
  2⤵
  PID:6720
- C:\Windows\System\SIKMYeG.exe
  C:\Windows\System\SIKMYeG.exe
  2⤵
  PID:6744
- C:\Windows\System\pMzRwBm.exe
  C:\Windows\System\pMzRwBm.exe
  2⤵
  PID:6780
- C:\Windows\System\ersLRop.exe
  C:\Windows\System\ersLRop.exe
  2⤵
  PID:6812
- C:\Windows\System\mIcMctm.exe
  C:\Windows\System\mIcMctm.exe
  2⤵
  PID:6836
- C:\Windows\System\PktGtiF.exe
  C:\Windows\System\PktGtiF.exe
  2⤵
  PID:6868
- C:\Windows\System\lTvLexN.exe
  C:\Windows\System\lTvLexN.exe
  2⤵
  PID:6900
- C:\Windows\System\TkLqLtC.exe
  C:\Windows\System\TkLqLtC.exe
  2⤵
  PID:6932
- C:\Windows\System\dKwNBRK.exe
  C:\Windows\System\dKwNBRK.exe
  2⤵
  PID:6952
- C:\Windows\System\aZROkUw.exe
  C:\Windows\System\aZROkUw.exe
  2⤵
  PID:6980
- C:\Windows\System\qYzubsA.exe
  C:\Windows\System\qYzubsA.exe
  2⤵
  PID:7008
- C:\Windows\System\rVWrdNu.exe
  C:\Windows\System\rVWrdNu.exe
  2⤵
  PID:7048
- C:\Windows\System\ydFkqip.exe
  C:\Windows\System\ydFkqip.exe
  2⤵
  PID:7068
- C:\Windows\System\IXXeoDA.exe
  C:\Windows\System\IXXeoDA.exe
  2⤵
  PID:7104
- C:\Windows\System\wSKHqVr.exe
  C:\Windows\System\wSKHqVr.exe
  2⤵
  PID:7136
- C:\Windows\System\mJcIZUs.exe
  C:\Windows\System\mJcIZUs.exe
  2⤵
  PID:7164
- C:\Windows\System\rtkDGKr.exe
  C:\Windows\System\rtkDGKr.exe
  2⤵
  PID:6192
- C:\Windows\System\yjxZjFx.exe
  C:\Windows\System\yjxZjFx.exe
  2⤵
  PID:6296
- C:\Windows\System\cfJZFfO.exe
  C:\Windows\System\cfJZFfO.exe
  2⤵
  PID:6396
- C:\Windows\System\luxLpQV.exe
  C:\Windows\System\luxLpQV.exe
  2⤵
  PID:2900
- C:\Windows\System\ZVzpHJk.exe
  C:\Windows\System\ZVzpHJk.exe
  2⤵
  PID:6548
- C:\Windows\System\BVZTnhN.exe
  C:\Windows\System\BVZTnhN.exe
  2⤵
  PID:6652
- C:\Windows\System\WxawEWu.exe
  C:\Windows\System\WxawEWu.exe
  2⤵
  PID:6728
- C:\Windows\System\DiNZCIT.exe
  C:\Windows\System\DiNZCIT.exe
  2⤵
  PID:6688
- C:\Windows\System\gWpWQEM.exe
  C:\Windows\System\gWpWQEM.exe
  2⤵
  PID:3436
- C:\Windows\System\mvLBVRv.exe
  C:\Windows\System\mvLBVRv.exe
  2⤵
  PID:1128
- C:\Windows\System\kWnRSgf.exe
  C:\Windows\System\kWnRSgf.exe
  2⤵
  PID:1148
- C:\Windows\System\jaMSFFg.exe
  C:\Windows\System\jaMSFFg.exe
  2⤵
  PID:6912
- C:\Windows\System\tYCVNGV.exe
  C:\Windows\System\tYCVNGV.exe
  2⤵
  PID:6964
- C:\Windows\System\WoqFlDC.exe
  C:\Windows\System\WoqFlDC.exe
  2⤵
  PID:6248
- C:\Windows\System\GwSvtHt.exe
  C:\Windows\System\GwSvtHt.exe
  2⤵
  PID:7080
- C:\Windows\System\sfSjFXi.exe
  C:\Windows\System\sfSjFXi.exe
  2⤵
  PID:6104
- C:\Windows\System\tJVlnaQ.exe
  C:\Windows\System\tJVlnaQ.exe
  2⤵
  PID:6244
- C:\Windows\System\SyvCUos.exe
  C:\Windows\System\SyvCUos.exe
  2⤵
  PID:6544
- C:\Windows\System\TswHCcv.exe
  C:\Windows\System\TswHCcv.exe
  2⤵
  PID:6756
- C:\Windows\System\BmyAxoo.exe
  C:\Windows\System\BmyAxoo.exe
  2⤵
  PID:6340
- C:\Windows\System\Vypzyji.exe
  C:\Windows\System\Vypzyji.exe
  2⤵
  PID:6856
- C:\Windows\System\iReDPEv.exe
  C:\Windows\System\iReDPEv.exe
  2⤵
  PID:7004
- C:\Windows\System\XxlAfYN.exe
  C:\Windows\System\XxlAfYN.exe
  2⤵
  PID:6168
- C:\Windows\System\WjEiROp.exe
  C:\Windows\System\WjEiROp.exe
  2⤵
  PID:6616
- C:\Windows\System\efOJjTg.exe
  C:\Windows\System\efOJjTg.exe
  2⤵
  PID:6808
- C:\Windows\System\WGlnyUT.exe
  C:\Windows\System\WGlnyUT.exe
  2⤵
  PID:7112
- C:\Windows\System\MrfoXBC.exe
  C:\Windows\System\MrfoXBC.exe
  2⤵
  PID:6908
- C:\Windows\System\gzTnPcN.exe
  C:\Windows\System\gzTnPcN.exe
  2⤵
  PID:6252
- C:\Windows\System\vJUUDpq.exe
  C:\Windows\System\vJUUDpq.exe
  2⤵
  PID:7192
- C:\Windows\System\bJOkFeg.exe
  C:\Windows\System\bJOkFeg.exe
  2⤵
  PID:7220
- C:\Windows\System\vcCQwhD.exe
  C:\Windows\System\vcCQwhD.exe
  2⤵
  PID:7248
- C:\Windows\System\RtztxUQ.exe
  C:\Windows\System\RtztxUQ.exe
  2⤵
  PID:7268
- C:\Windows\System\dKqihyO.exe
  C:\Windows\System\dKqihyO.exe
  2⤵
  PID:7300
- C:\Windows\System\qttGGVy.exe
  C:\Windows\System\qttGGVy.exe
  2⤵
  PID:7328
- C:\Windows\System\JJSgGqe.exe
  C:\Windows\System\JJSgGqe.exe
  2⤵
  PID:7348
- C:\Windows\System\WeaGfbo.exe
  C:\Windows\System\WeaGfbo.exe
  2⤵
  PID:7376
- C:\Windows\System\dhvqVwx.exe
  C:\Windows\System\dhvqVwx.exe
  2⤵
  PID:7396
- C:\Windows\System\MTTqYGN.exe
  C:\Windows\System\MTTqYGN.exe
  2⤵
  PID:7420
- C:\Windows\System\WbwxLPK.exe
  C:\Windows\System\WbwxLPK.exe
  2⤵
  PID:7444
- C:\Windows\System\Rqtekpa.exe
  C:\Windows\System\Rqtekpa.exe
  2⤵
  PID:7484
- C:\Windows\System\MBeqpOL.exe
  C:\Windows\System\MBeqpOL.exe
  2⤵
  PID:7508
- C:\Windows\System\mrCAGCT.exe
  C:\Windows\System\mrCAGCT.exe
  2⤵
  PID:7532
- C:\Windows\System\pclNYqI.exe
  C:\Windows\System\pclNYqI.exe
  2⤵
  PID:7588
- C:\Windows\System\mjMdEGr.exe
  C:\Windows\System\mjMdEGr.exe
  2⤵
  PID:7636
- C:\Windows\System\hHoOlCu.exe
  C:\Windows\System\hHoOlCu.exe
  2⤵
  PID:7668
- C:\Windows\System\AjUdDHG.exe
  C:\Windows\System\AjUdDHG.exe
  2⤵
  PID:7696
- C:\Windows\System\pmSIitJ.exe
  C:\Windows\System\pmSIitJ.exe
  2⤵
  PID:7724
- C:\Windows\System\UsxAKoH.exe
  C:\Windows\System\UsxAKoH.exe
  2⤵
  PID:7764
- C:\Windows\System\HMomRKh.exe
  C:\Windows\System\HMomRKh.exe
  2⤵
  PID:7800
- C:\Windows\System\PqzagNi.exe
  C:\Windows\System\PqzagNi.exe
  2⤵
  PID:7836
- C:\Windows\System\rqKCpVq.exe
  C:\Windows\System\rqKCpVq.exe
  2⤵
  PID:7868
- C:\Windows\System\obiwDCb.exe
  C:\Windows\System\obiwDCb.exe
  2⤵
  PID:7896
- C:\Windows\System\uuNDIUl.exe
  C:\Windows\System\uuNDIUl.exe
  2⤵
  PID:7936
- C:\Windows\System\CpelnaP.exe
  C:\Windows\System\CpelnaP.exe
  2⤵
  PID:7964
- C:\Windows\System\waexbOh.exe
  C:\Windows\System\waexbOh.exe
  2⤵
  PID:7996
- C:\Windows\System\fRwzAeK.exe
  C:\Windows\System\fRwzAeK.exe
  2⤵
  PID:8012
- C:\Windows\System\GpJKnDe.exe
  C:\Windows\System\GpJKnDe.exe
  2⤵
  PID:8040
- C:\Windows\System\sapwAvg.exe
  C:\Windows\System\sapwAvg.exe
  2⤵
  PID:8080
- C:\Windows\System\LfvJyvy.exe
  C:\Windows\System\LfvJyvy.exe
  2⤵
  PID:8108
- C:\Windows\System\fCNUiJf.exe
  C:\Windows\System\fCNUiJf.exe
  2⤵
  PID:8132
- C:\Windows\System\TUFAqUH.exe
  C:\Windows\System\TUFAqUH.exe
  2⤵
  PID:8164
- C:\Windows\System\MiMHaTC.exe
  C:\Windows\System\MiMHaTC.exe
  2⤵
  PID:7172
- C:\Windows\System\wASdokk.exe
  C:\Windows\System\wASdokk.exe
  2⤵
  PID:7240
- C:\Windows\System\dWixQbe.exe
  C:\Windows\System\dWixQbe.exe
  2⤵
  PID:7308
- C:\Windows\System\UjaCSVS.exe
  C:\Windows\System\UjaCSVS.exe
  2⤵
  PID:7372
- C:\Windows\System\NASoDiX.exe
  C:\Windows\System\NASoDiX.exe
  2⤵
  PID:7440
- C:\Windows\System\inINJCn.exe
  C:\Windows\System\inINJCn.exe
  2⤵
  PID:7496
- C:\Windows\System\lXzzsTK.exe
  C:\Windows\System\lXzzsTK.exe
  2⤵
  PID:7576
- C:\Windows\System\sjxNQtC.exe
  C:\Windows\System\sjxNQtC.exe
  2⤵
  PID:7664
- C:\Windows\System\ZHCnBVU.exe
  C:\Windows\System\ZHCnBVU.exe
  2⤵
  PID:6612
- C:\Windows\System\EKLwqqZ.exe
  C:\Windows\System\EKLwqqZ.exe
  2⤵
  PID:7688
- C:\Windows\System\gIGBfQd.exe
  C:\Windows\System\gIGBfQd.exe
  2⤵
  PID:7748
- C:\Windows\System\uAEQRBF.exe
  C:\Windows\System\uAEQRBF.exe
  2⤵
  PID:2100
- C:\Windows\System\DkkoCVz.exe
  C:\Windows\System\DkkoCVz.exe
  2⤵
  PID:7892
- C:\Windows\System\pJtGMsJ.exe
  C:\Windows\System\pJtGMsJ.exe
  2⤵
  PID:7972
- C:\Windows\System\VbnwCWj.exe
  C:\Windows\System\VbnwCWj.exe
  2⤵
  PID:8020
- C:\Windows\System\tgcTjFk.exe
  C:\Windows\System\tgcTjFk.exe
  2⤵
  PID:1160
- C:\Windows\System\EFnIDlb.exe
  C:\Windows\System\EFnIDlb.exe
  2⤵
  PID:1420
- C:\Windows\System\tXOrHLa.exe
  C:\Windows\System\tXOrHLa.exe
  2⤵
  PID:432
- C:\Windows\System\jINevYY.exe
  C:\Windows\System\jINevYY.exe
  2⤵
  PID:6456
- C:\Windows\System\znThreN.exe
  C:\Windows\System\znThreN.exe
  2⤵
  PID:7200
- C:\Windows\System\kLeuWXz.exe
  C:\Windows\System\kLeuWXz.exe
  2⤵
  PID:7344
- C:\Windows\System\EPcVPaX.exe
  C:\Windows\System\EPcVPaX.exe
  2⤵
  PID:7472
- C:\Windows\System\ueDUvvD.exe
  C:\Windows\System\ueDUvvD.exe
  2⤵
  PID:6608
- C:\Windows\System\USSSSoO.exe
  C:\Windows\System\USSSSoO.exe
  2⤵
  PID:7736
- C:\Windows\System\WkITrTL.exe
  C:\Windows\System\WkITrTL.exe
  2⤵
  PID:7856
- C:\Windows\System\qqpSRVC.exe
  C:\Windows\System\qqpSRVC.exe
  2⤵
  PID:8008
- C:\Windows\System\iVZvwRD.exe
  C:\Windows\System\iVZvwRD.exe
  2⤵
  PID:4404
- C:\Windows\System\yylxpyI.exe
  C:\Windows\System\yylxpyI.exe
  2⤵
  PID:8156
- C:\Windows\System\RNZFHuw.exe
  C:\Windows\System\RNZFHuw.exe
  2⤵
  PID:7480
- C:\Windows\System\DRJMJMz.exe
  C:\Windows\System\DRJMJMz.exe
  2⤵
  PID:7716
- C:\Windows\System\htTpZUZ.exe
  C:\Windows\System\htTpZUZ.exe
  2⤵
  PID:5008
- C:\Windows\System\lvmJKzQ.exe
  C:\Windows\System\lvmJKzQ.exe
  2⤵
  PID:7336
- C:\Windows\System\lhJDTUy.exe
  C:\Windows\System\lhJDTUy.exe
  2⤵
  PID:3360
- C:\Windows\System\hyphVdB.exe
  C:\Windows\System\hyphVdB.exe
  2⤵
  PID:7260
- C:\Windows\System\lBzIzEh.exe
  C:\Windows\System\lBzIzEh.exe
  2⤵
  PID:8212
- C:\Windows\System\CGdeOgT.exe
  C:\Windows\System\CGdeOgT.exe
  2⤵
  PID:8240
- C:\Windows\System\PmkulPI.exe
  C:\Windows\System\PmkulPI.exe
  2⤵
  PID:8268
- C:\Windows\System\XxAkSbZ.exe
  C:\Windows\System\XxAkSbZ.exe
  2⤵
  PID:8304
- C:\Windows\System\JLzdWAW.exe
  C:\Windows\System\JLzdWAW.exe
  2⤵
  PID:8324
- C:\Windows\System\vddZGas.exe
  C:\Windows\System\vddZGas.exe
  2⤵
  PID:8352
- C:\Windows\System\BvwbTKr.exe
  C:\Windows\System\BvwbTKr.exe
  2⤵
  PID:8380
- C:\Windows\System\EjmWGTz.exe
  C:\Windows\System\EjmWGTz.exe
  2⤵
  PID:8408
- C:\Windows\System\KepGlfZ.exe
  C:\Windows\System\KepGlfZ.exe
  2⤵
  PID:8436
- C:\Windows\System\hjgOlhk.exe
  C:\Windows\System\hjgOlhk.exe
  2⤵
  PID:8464
- C:\Windows\System\bxnLVMX.exe
  C:\Windows\System\bxnLVMX.exe
  2⤵
  PID:8492
- C:\Windows\System\XDlkgLZ.exe
  C:\Windows\System\XDlkgLZ.exe
  2⤵
  PID:8520
- C:\Windows\System\wCEgaSZ.exe
  C:\Windows\System\wCEgaSZ.exe
  2⤵
  PID:8560
- C:\Windows\System\DefmSKE.exe
  C:\Windows\System\DefmSKE.exe
  2⤵
  PID:8576
- C:\Windows\System\UkznJig.exe
  C:\Windows\System\UkznJig.exe
  2⤵
  PID:8604
- C:\Windows\System\eJmscuN.exe
  C:\Windows\System\eJmscuN.exe
  2⤵
  PID:8632
- C:\Windows\System\IMiFOwc.exe
  C:\Windows\System\IMiFOwc.exe
  2⤵
  PID:8664
- C:\Windows\System\hwjPaJk.exe
  C:\Windows\System\hwjPaJk.exe
  2⤵
  PID:8692
- C:\Windows\System\rnsNQAw.exe
  C:\Windows\System\rnsNQAw.exe
  2⤵
  PID:8720
- C:\Windows\System\sCVnqWM.exe
  C:\Windows\System\sCVnqWM.exe
  2⤵
  PID:8748
- C:\Windows\System\vXlMxWi.exe
  C:\Windows\System\vXlMxWi.exe
  2⤵
  PID:8776
- C:\Windows\System\hHjtpYC.exe
  C:\Windows\System\hHjtpYC.exe
  2⤵
  PID:8804
- C:\Windows\System\muAeUEM.exe
  C:\Windows\System\muAeUEM.exe
  2⤵
  PID:8832
- C:\Windows\System\bRjMCvc.exe
  C:\Windows\System\bRjMCvc.exe
  2⤵
  PID:8860
- C:\Windows\System\jcSbPDZ.exe
  C:\Windows\System\jcSbPDZ.exe
  2⤵
  PID:8888
- C:\Windows\System\xwHMILa.exe
  C:\Windows\System\xwHMILa.exe
  2⤵
  PID:8916
- C:\Windows\System\OOpmWEq.exe
  C:\Windows\System\OOpmWEq.exe
  2⤵
  PID:8944
- C:\Windows\System\MRDjLEC.exe
  C:\Windows\System\MRDjLEC.exe
  2⤵
  PID:8972
- C:\Windows\System\JmeLFxF.exe
  C:\Windows\System\JmeLFxF.exe
  2⤵
  PID:9000
- C:\Windows\System\rCoYXnE.exe
  C:\Windows\System\rCoYXnE.exe
  2⤵
  PID:9028
- C:\Windows\System\cfqFjms.exe
  C:\Windows\System\cfqFjms.exe
  2⤵
  PID:9056
- C:\Windows\System\mSVlYYi.exe
  C:\Windows\System\mSVlYYi.exe
  2⤵
  PID:9084
- C:\Windows\System\HFXqFba.exe
  C:\Windows\System\HFXqFba.exe
  2⤵
  PID:9112
- C:\Windows\System\lRrmtTZ.exe
  C:\Windows\System\lRrmtTZ.exe
  2⤵
  PID:9140
- C:\Windows\System\XfniMlQ.exe
  C:\Windows\System\XfniMlQ.exe
  2⤵
  PID:9168
- C:\Windows\System\AladWFz.exe
  C:\Windows\System\AladWFz.exe
  2⤵
  PID:9196
- C:\Windows\System\OsfgvJc.exe
  C:\Windows\System\OsfgvJc.exe
  2⤵
  PID:8208
- C:\Windows\System\ScLQagz.exe
  C:\Windows\System\ScLQagz.exe
  2⤵
  PID:8280
- C:\Windows\System\KwkyicA.exe
  C:\Windows\System\KwkyicA.exe
  2⤵
  PID:8344
- C:\Windows\System\PQRjXtZ.exe
  C:\Windows\System\PQRjXtZ.exe
  2⤵
  PID:8404
- C:\Windows\System\YRPkFXG.exe
  C:\Windows\System\YRPkFXG.exe
  2⤵
  PID:8476
- C:\Windows\System\tadHoJu.exe
  C:\Windows\System\tadHoJu.exe
  2⤵
  PID:8532
- C:\Windows\System\ksxnFtY.exe
  C:\Windows\System\ksxnFtY.exe
  2⤵
  PID:8588
- C:\Windows\System\xXnivOV.exe
  C:\Windows\System\xXnivOV.exe
  2⤵
  PID:8656
- C:\Windows\System\MQTFdKj.exe
  C:\Windows\System\MQTFdKj.exe
  2⤵
  PID:8716
- C:\Windows\System\KCJlbpl.exe
  C:\Windows\System\KCJlbpl.exe
  2⤵
  PID:8796
- C:\Windows\System\LCaxVOE.exe
  C:\Windows\System\LCaxVOE.exe
  2⤵
  PID:8852
- C:\Windows\System\JiduVSv.exe
  C:\Windows\System\JiduVSv.exe
  2⤵
  PID:8912
- C:\Windows\System\VsZRGNM.exe
  C:\Windows\System\VsZRGNM.exe
  2⤵
  PID:8992
- C:\Windows\System\pSXzRhu.exe
  C:\Windows\System\pSXzRhu.exe
  2⤵
  PID:9052
- C:\Windows\System\iUtKmfU.exe
  C:\Windows\System\iUtKmfU.exe
  2⤵
  PID:9124
- C:\Windows\System\dJXBuVG.exe
  C:\Windows\System\dJXBuVG.exe
  2⤵
  PID:9188
- C:\Windows\System\EKBWJQC.exe
  C:\Windows\System\EKBWJQC.exe
  2⤵
  PID:8264
- C:\Windows\System\XUbkMug.exe
  C:\Windows\System\XUbkMug.exe
  2⤵
  PID:8432
- C:\Windows\System\WUsltkO.exe
  C:\Windows\System\WUsltkO.exe
  2⤵
  PID:100
- C:\Windows\System\uEDGSwA.exe
  C:\Windows\System\uEDGSwA.exe
  2⤵
  PID:8704
- C:\Windows\System\BKzHTJr.exe
  C:\Windows\System\BKzHTJr.exe
  2⤵
  PID:8844
- C:\Windows\System\rxnrtPV.exe
  C:\Windows\System\rxnrtPV.exe
  2⤵
  PID:9020
- C:\Windows\System\GihTlRb.exe
  C:\Windows\System\GihTlRb.exe
  2⤵
  PID:9164
- C:\Windows\System\hWfdgZG.exe
  C:\Windows\System\hWfdgZG.exe
  2⤵
  PID:8400
- C:\Windows\System\XhZgaXM.exe
  C:\Windows\System\XhZgaXM.exe
  2⤵
  PID:8768
- C:\Windows\System\XsrHueA.exe
  C:\Windows\System\XsrHueA.exe
  2⤵
  PID:9108
- C:\Windows\System\UFvwDBI.exe
  C:\Windows\System\UFvwDBI.exe
  2⤵
  PID:8684
- C:\Windows\System\eoOwxPL.exe
  C:\Windows\System\eoOwxPL.exe
  2⤵
  PID:9080
- C:\Windows\System\NbqPKkw.exe
  C:\Windows\System\NbqPKkw.exe
  2⤵
  PID:9236
- C:\Windows\System\wznTGZh.exe
  C:\Windows\System\wznTGZh.exe
  2⤵
  PID:9264
- C:\Windows\System\iEbaQuD.exe
  C:\Windows\System\iEbaQuD.exe
  2⤵
  PID:9292
- C:\Windows\System\IpmEUwR.exe
  C:\Windows\System\IpmEUwR.exe
  2⤵
  PID:9320
- C:\Windows\System\FVqBcLR.exe
  C:\Windows\System\FVqBcLR.exe
  2⤵
  PID:9348
- C:\Windows\System\NnbphsC.exe
  C:\Windows\System\NnbphsC.exe
  2⤵
  PID:9376
- C:\Windows\System\fzoKGUY.exe
  C:\Windows\System\fzoKGUY.exe
  2⤵
  PID:9404
- C:\Windows\System\cfRWNVx.exe
  C:\Windows\System\cfRWNVx.exe
  2⤵
  PID:9448
- C:\Windows\System\iwOlsxj.exe
  C:\Windows\System\iwOlsxj.exe
  2⤵
  PID:9476
- C:\Windows\System\KClsEed.exe
  C:\Windows\System\KClsEed.exe
  2⤵
  PID:9504
- C:\Windows\System\UuoGsru.exe
  C:\Windows\System\UuoGsru.exe
  2⤵
  PID:9532
- C:\Windows\System\BExeepp.exe
  C:\Windows\System\BExeepp.exe
  2⤵
  PID:9560
- C:\Windows\System\kNBRKWr.exe
  C:\Windows\System\kNBRKWr.exe
  2⤵
  PID:9588
- C:\Windows\System\hoHmMCk.exe
  C:\Windows\System\hoHmMCk.exe
  2⤵
  PID:9616
- C:\Windows\System\VyVWmIV.exe
  C:\Windows\System\VyVWmIV.exe
  2⤵
  PID:9644
- C:\Windows\System\AETZFqS.exe
  C:\Windows\System\AETZFqS.exe
  2⤵
  PID:9672
- C:\Windows\System\QQEWrWs.exe
  C:\Windows\System\QQEWrWs.exe
  2⤵
  PID:9700
- C:\Windows\System\ANMuSaT.exe
  C:\Windows\System\ANMuSaT.exe
  2⤵
  PID:9736
- C:\Windows\System\GeGiaQR.exe
  C:\Windows\System\GeGiaQR.exe
  2⤵
  PID:9764
- C:\Windows\System\jpZbZUI.exe
  C:\Windows\System\jpZbZUI.exe
  2⤵
  PID:9788
- C:\Windows\System\kzTsCFW.exe
  C:\Windows\System\kzTsCFW.exe
  2⤵
  PID:9816
- C:\Windows\System\DjELjQB.exe
  C:\Windows\System\DjELjQB.exe
  2⤵
  PID:9844
- C:\Windows\System\LgxoVsS.exe
  C:\Windows\System\LgxoVsS.exe
  2⤵
  PID:9872
- C:\Windows\System\cWCYJig.exe
  C:\Windows\System\cWCYJig.exe
  2⤵
  PID:9900
- C:\Windows\System\RukvHZS.exe
  C:\Windows\System\RukvHZS.exe
  2⤵
  PID:9928
- C:\Windows\System\swYAIyn.exe
  C:\Windows\System\swYAIyn.exe
  2⤵
  PID:9956
- C:\Windows\System\DJdEdBr.exe
  C:\Windows\System\DJdEdBr.exe
  2⤵
  PID:9984
- C:\Windows\System\fZfBhMk.exe
  C:\Windows\System\fZfBhMk.exe
  2⤵
  PID:10012
- C:\Windows\System\TsBnEXr.exe
  C:\Windows\System\TsBnEXr.exe
  2⤵
  PID:10040
- C:\Windows\System\KWkrpyL.exe
  C:\Windows\System\KWkrpyL.exe
  2⤵
  PID:10068
- C:\Windows\System\mQrpzUL.exe
  C:\Windows\System\mQrpzUL.exe
  2⤵
  PID:10096
- C:\Windows\System\UQtzAIc.exe
  C:\Windows\System\UQtzAIc.exe
  2⤵
  PID:10124
- C:\Windows\System\IzJreHw.exe
  C:\Windows\System\IzJreHw.exe
  2⤵
  PID:10164
- C:\Windows\System\jRGgrDh.exe
  C:\Windows\System\jRGgrDh.exe
  2⤵
  PID:10180
- C:\Windows\System\YVIDOkq.exe
  C:\Windows\System\YVIDOkq.exe
  2⤵
  PID:10216
- C:\Windows\System\kCgsIsU.exe
  C:\Windows\System\kCgsIsU.exe
  2⤵
  PID:10236
- C:\Windows\System\heRPUZn.exe
  C:\Windows\System\heRPUZn.exe
  2⤵
  PID:9276
- C:\Windows\System\nnSHaFS.exe
  C:\Windows\System\nnSHaFS.exe
  2⤵
  PID:9340
- C:\Windows\System\VTtJGRo.exe
  C:\Windows\System\VTtJGRo.exe
  2⤵
  PID:9400
- C:\Windows\System\HTmnQbc.exe
  C:\Windows\System\HTmnQbc.exe
  2⤵
  PID:4492
- C:\Windows\System\PUYjMEg.exe
  C:\Windows\System\PUYjMEg.exe
  2⤵
  PID:8964
- C:\Windows\System\QdYjTDD.exe
  C:\Windows\System\QdYjTDD.exe
  2⤵
  PID:9552
- C:\Windows\System\baSypaE.exe
  C:\Windows\System\baSypaE.exe
  2⤵
  PID:9612
- C:\Windows\System\gQJrbUA.exe
  C:\Windows\System\gQJrbUA.exe
  2⤵
  PID:9684
- C:\Windows\System\IBembdP.exe
  C:\Windows\System\IBembdP.exe
  2⤵
  PID:9756
- C:\Windows\System\lDDGohB.exe
  C:\Windows\System\lDDGohB.exe
  2⤵
  PID:9828
- C:\Windows\System\KEXDxxe.exe
  C:\Windows\System\KEXDxxe.exe
  2⤵
  PID:9892
- C:\Windows\System\deqmNbU.exe
  C:\Windows\System\deqmNbU.exe
  2⤵
  PID:2760
- C:\Windows\System\GfQIeOT.exe
  C:\Windows\System\GfQIeOT.exe
  2⤵
  PID:9996
- C:\Windows\System\ZyybruA.exe
  C:\Windows\System\ZyybruA.exe
  2⤵
  PID:10060
- C:\Windows\System\ryFienT.exe
  C:\Windows\System\ryFienT.exe
  2⤵
  PID:10120
- C:\Windows\System\kheWlpY.exe
  C:\Windows\System\kheWlpY.exe
  2⤵
  PID:10192
- C:\Windows\System\PXKuZAB.exe
  C:\Windows\System\PXKuZAB.exe
  2⤵
  PID:9716
- C:\Windows\System\NpFaWVd.exe
  C:\Windows\System\NpFaWVd.exe
  2⤵
  PID:9388
- C:\Windows\System\AImkvYC.exe
  C:\Windows\System\AImkvYC.exe
  2⤵
  PID:9488
- C:\Windows\System\fvIDKbh.exe
  C:\Windows\System\fvIDKbh.exe
  2⤵
  PID:9640
- C:\Windows\System\DFNPLxZ.exe
  C:\Windows\System\DFNPLxZ.exe
  2⤵
  PID:9808
- C:\Windows\System\hpjyULJ.exe
  C:\Windows\System\hpjyULJ.exe
  2⤵
  PID:9940
- C:\Windows\System\TaZMRcg.exe
  C:\Windows\System\TaZMRcg.exe
  2⤵
  PID:10088
- C:\Windows\System\KaBdNqL.exe
  C:\Windows\System\KaBdNqL.exe
  2⤵
  PID:10232
- C:\Windows\System\eUppqUk.exe
  C:\Windows\System\eUppqUk.exe
  2⤵
  PID:9472
- C:\Windows\System\oEhsrCG.exe
  C:\Windows\System\oEhsrCG.exe
  2⤵
  PID:9868
- C:\Windows\System\YfOvzEn.exe
  C:\Windows\System\YfOvzEn.exe
  2⤵
  PID:10176
- C:\Windows\System\zrdVEwx.exe
  C:\Windows\System\zrdVEwx.exe
  2⤵
  PID:9784
- C:\Windows\System\QZGmWld.exe
  C:\Windows\System\QZGmWld.exe
  2⤵
  PID:10160
- C:\Windows\System\PNveiJW.exe
  C:\Windows\System\PNveiJW.exe
  2⤵
  PID:10260
- C:\Windows\System\ByuqVxx.exe
  C:\Windows\System\ByuqVxx.exe
  2⤵
  PID:10288
- C:\Windows\System\kjEDrqY.exe
  C:\Windows\System\kjEDrqY.exe
  2⤵
  PID:10316
- C:\Windows\System\mnjzxRL.exe
  C:\Windows\System\mnjzxRL.exe
  2⤵
  PID:10344
- C:\Windows\System\VEOYJvW.exe
  C:\Windows\System\VEOYJvW.exe
  2⤵
  PID:10372
- C:\Windows\System\FrWvMwG.exe
  C:\Windows\System\FrWvMwG.exe
  2⤵
  PID:10400
- C:\Windows\System\QAnvfGb.exe
  C:\Windows\System\QAnvfGb.exe
  2⤵
  PID:10428
- C:\Windows\System\BVnHDvu.exe
  C:\Windows\System\BVnHDvu.exe
  2⤵
  PID:10456
- C:\Windows\System\ktfoaiT.exe
  C:\Windows\System\ktfoaiT.exe
  2⤵
  PID:10484
- C:\Windows\System\XWFsJHL.exe
  C:\Windows\System\XWFsJHL.exe
  2⤵
  PID:10512
- C:\Windows\System\icmcVDT.exe
  C:\Windows\System\icmcVDT.exe
  2⤵
  PID:10544
- C:\Windows\System\ktZkqMl.exe
  C:\Windows\System\ktZkqMl.exe
  2⤵
  PID:10572
- C:\Windows\System\dQLBHiX.exe
  C:\Windows\System\dQLBHiX.exe
  2⤵
  PID:10600
- C:\Windows\System\HVOrnJi.exe
  C:\Windows\System\HVOrnJi.exe
  2⤵
  PID:10628
- C:\Windows\System\swPEVon.exe
  C:\Windows\System\swPEVon.exe
  2⤵
  PID:10656
- C:\Windows\System\CiuuiYu.exe
  C:\Windows\System\CiuuiYu.exe
  2⤵
  PID:10684
- C:\Windows\System\wnkaBvX.exe
  C:\Windows\System\wnkaBvX.exe
  2⤵
  PID:10712
- C:\Windows\System\FkPUlsD.exe
  C:\Windows\System\FkPUlsD.exe
  2⤵
  PID:10752
- C:\Windows\System\qrcYuCG.exe
  C:\Windows\System\qrcYuCG.exe
  2⤵
  PID:10768
- C:\Windows\System\dZCLamt.exe
  C:\Windows\System\dZCLamt.exe
  2⤵
  PID:10796
- C:\Windows\System\FNeBaRL.exe
  C:\Windows\System\FNeBaRL.exe
  2⤵
  PID:10824
- C:\Windows\System\dDxYgUE.exe
  C:\Windows\System\dDxYgUE.exe
  2⤵
  PID:10852
- C:\Windows\System\iDgqWDg.exe
  C:\Windows\System\iDgqWDg.exe
  2⤵
  PID:10872
- C:\Windows\System\TiqiEIN.exe
  C:\Windows\System\TiqiEIN.exe
  2⤵
  PID:10900
- C:\Windows\System\ZpXGLPD.exe
  C:\Windows\System\ZpXGLPD.exe
  2⤵
  PID:10932
- C:\Windows\System\rqBFJfh.exe
  C:\Windows\System\rqBFJfh.exe
  2⤵
  PID:10956
- C:\Windows\System\OkbXoyA.exe
  C:\Windows\System\OkbXoyA.exe
  2⤵
  PID:10988
- C:\Windows\System\HSexZfh.exe
  C:\Windows\System\HSexZfh.exe
  2⤵
  PID:11024
- C:\Windows\System\lZgehew.exe
  C:\Windows\System\lZgehew.exe
  2⤵
  PID:11044
- C:\Windows\System\MtRGawp.exe
  C:\Windows\System\MtRGawp.exe
  2⤵
  PID:11076
- C:\Windows\System\ccvCTyS.exe
  C:\Windows\System\ccvCTyS.exe
  2⤵
  PID:11096
- C:\Windows\System\AojXlUU.exe
  C:\Windows\System\AojXlUU.exe
  2⤵
  PID:11124
- C:\Windows\System\vgjEAKd.exe
  C:\Windows\System\vgjEAKd.exe
  2⤵
  PID:11152
- C:\Windows\System\tyRFtzz.exe
  C:\Windows\System\tyRFtzz.exe
  2⤵
  PID:11200
- C:\Windows\System\UZrXQZs.exe
  C:\Windows\System\UZrXQZs.exe
  2⤵
  PID:11248
- C:\Windows\System\FsBEdJp.exe
  C:\Windows\System\FsBEdJp.exe
  2⤵
  PID:10256
- C:\Windows\System\PVMeaSX.exe
  C:\Windows\System\PVMeaSX.exe
  2⤵
  PID:10300
- C:\Windows\System\Ihbnahr.exe
  C:\Windows\System\Ihbnahr.exe
  2⤵
  PID:10364
- C:\Windows\System\guVNLbk.exe
  C:\Windows\System\guVNLbk.exe
  2⤵
  PID:10440
- C:\Windows\System\iylRkMB.exe
  C:\Windows\System\iylRkMB.exe
  2⤵
  PID:10496
- C:\Windows\System\hluJxEE.exe
  C:\Windows\System\hluJxEE.exe
  2⤵
  PID:10536
- C:\Windows\System\WDjkLkC.exe
  C:\Windows\System\WDjkLkC.exe
  2⤵
  PID:10640
- C:\Windows\System\OoHOkiZ.exe
  C:\Windows\System\OoHOkiZ.exe
  2⤵
  PID:10760
- C:\Windows\System\Foqakuv.exe
  C:\Windows\System\Foqakuv.exe
  2⤵
  PID:10820
- C:\Windows\System\bGBLNym.exe
  C:\Windows\System\bGBLNym.exe
  2⤵
  PID:10868
- C:\Windows\System\bDuThPz.exe
  C:\Windows\System\bDuThPz.exe
  2⤵
  PID:10944
- C:\Windows\System\rfNIdPl.exe
  C:\Windows\System\rfNIdPl.exe
  2⤵
  PID:11008
- C:\Windows\System\mAsyzBk.exe
  C:\Windows\System\mAsyzBk.exe
  2⤵
  PID:11064
- C:\Windows\System\qqKgEhR.exe
  C:\Windows\System\qqKgEhR.exe
  2⤵
  PID:11084
- C:\Windows\System\PMYFYng.exe
  C:\Windows\System\PMYFYng.exe
  2⤵
  PID:2480
- C:\Windows\System\KMOJCqz.exe
  C:\Windows\System\KMOJCqz.exe
  2⤵
  PID:11216
- C:\Windows\System\nlAXNLA.exe
  C:\Windows\System\nlAXNLA.exe
  2⤵
  PID:11120
- C:\Windows\System\yteACRj.exe
  C:\Windows\System\yteACRj.exe
  2⤵
  PID:2064
- C:\Windows\System\rFaVgPe.exe
  C:\Windows\System\rFaVgPe.exe
  2⤵
  PID:1652
- C:\Windows\System\xqauNvP.exe
  C:\Windows\System\xqauNvP.exe
  2⤵
  PID:10524
- C:\Windows\System\RvvalOZ.exe
  C:\Windows\System\RvvalOZ.exe
  2⤵
  PID:10612
- C:\Windows\System\YiFOnWl.exe
  C:\Windows\System\YiFOnWl.exe
  2⤵
  PID:10680
- C:\Windows\System\WUNVJYg.exe
  C:\Windows\System\WUNVJYg.exe
  2⤵
  PID:10908
- C:\Windows\System\qksNaEP.exe
  C:\Windows\System\qksNaEP.exe
  2⤵
  PID:11032
- C:\Windows\System\DlzoFwc.exe
  C:\Windows\System\DlzoFwc.exe
  2⤵
  PID:10312
- C:\Windows\System\UiHZByS.exe
  C:\Windows\System\UiHZByS.exe
  2⤵
  PID:2868
- C:\Windows\System\pwYLhZV.exe
  C:\Windows\System\pwYLhZV.exe
  2⤵
  PID:11236
- C:\Windows\System\RbnbvzL.exe
  C:\Windows\System\RbnbvzL.exe
  2⤵
  PID:3616
- C:\Windows\System\ecGgTmM.exe
  C:\Windows\System\ecGgTmM.exe
  2⤵
  PID:10596
- C:\Windows\System\XXFjFPk.exe
  C:\Windows\System\XXFjFPk.exe
  2⤵
  PID:10892
- C:\Windows\System\LeOhnRd.exe
  C:\Windows\System\LeOhnRd.exe
  2⤵
  PID:4740
- C:\Windows\System\vcPGfcV.exe
  C:\Windows\System\vcPGfcV.exe
  2⤵
  PID:10280
- C:\Windows\System\AOWjVBR.exe
  C:\Windows\System\AOWjVBR.exe
  2⤵
  PID:10780
- C:\Windows\System\VrBGaDA.exe
  C:\Windows\System\VrBGaDA.exe
  2⤵
  PID:11224
- C:\Windows\System\ytRtofA.exe
  C:\Windows\System\ytRtofA.exe
  2⤵
  PID:1076
- C:\Windows\System\ihHpkKN.exe
  C:\Windows\System\ihHpkKN.exe
  2⤵
  PID:11280
- C:\Windows\System\DggdwXo.exe
  C:\Windows\System\DggdwXo.exe
  2⤵
  PID:11308
- C:\Windows\System\IpMdAYo.exe
  C:\Windows\System\IpMdAYo.exe
  2⤵
  PID:11344
- C:\Windows\System\qMymfvK.exe
  C:\Windows\System\qMymfvK.exe
  2⤵
  PID:11364
- C:\Windows\System\WbuixiT.exe
  C:\Windows\System\WbuixiT.exe
  2⤵
  PID:11392
- C:\Windows\System\OxrkNoL.exe
  C:\Windows\System\OxrkNoL.exe
  2⤵
  PID:11420
- C:\Windows\System\xHLErMD.exe
  C:\Windows\System\xHLErMD.exe
  2⤵
  PID:11448
- C:\Windows\System\vEEyCok.exe
  C:\Windows\System\vEEyCok.exe
  2⤵
  PID:11476
- C:\Windows\System\shpscRM.exe
  C:\Windows\System\shpscRM.exe
  2⤵
  PID:11504
- C:\Windows\System\IScqhuF.exe
  C:\Windows\System\IScqhuF.exe
  2⤵
  PID:11532
- C:\Windows\System\eRFgYmT.exe
  C:\Windows\System\eRFgYmT.exe
  2⤵
  PID:11560
- C:\Windows\System\GNgRqVX.exe
  C:\Windows\System\GNgRqVX.exe
  2⤵
  PID:11588
- C:\Windows\System\AjMHjpC.exe
  C:\Windows\System\AjMHjpC.exe
  2⤵
  PID:11616
- C:\Windows\System\nLgHdOE.exe
  C:\Windows\System\nLgHdOE.exe
  2⤵
  PID:11656
- C:\Windows\System\perPije.exe
  C:\Windows\System\perPije.exe
  2⤵
  PID:11672
- C:\Windows\System\FqiOfql.exe
  C:\Windows\System\FqiOfql.exe
  2⤵
  PID:11704
- C:\Windows\System\RZzSXrE.exe
  C:\Windows\System\RZzSXrE.exe
  2⤵
  PID:11732
- C:\Windows\System\MlEdujT.exe
  C:\Windows\System\MlEdujT.exe
  2⤵
  PID:11760
- C:\Windows\System\jecSxPf.exe
  C:\Windows\System\jecSxPf.exe
  2⤵
  PID:11788
- C:\Windows\System\LOJKihR.exe
  C:\Windows\System\LOJKihR.exe
  2⤵
  PID:11816
- C:\Windows\System\vpnVIcu.exe
  C:\Windows\System\vpnVIcu.exe
  2⤵
  PID:11844
- C:\Windows\System\kZlRiOT.exe
  C:\Windows\System\kZlRiOT.exe
  2⤵
  PID:11872
- C:\Windows\System\LvoleWb.exe
  C:\Windows\System\LvoleWb.exe
  2⤵
  PID:11900
- C:\Windows\System\wwepkHQ.exe
  C:\Windows\System\wwepkHQ.exe
  2⤵
  PID:11928
- C:\Windows\System\lYsrVPU.exe
  C:\Windows\System\lYsrVPU.exe
  2⤵
  PID:11956
- C:\Windows\System\MrcTFqC.exe
  C:\Windows\System\MrcTFqC.exe
  2⤵
  PID:11984
- C:\Windows\System\wRiJwkg.exe
  C:\Windows\System\wRiJwkg.exe
  2⤵
  PID:12012
- C:\Windows\System\YtvCmvK.exe
  C:\Windows\System\YtvCmvK.exe
  2⤵
  PID:12040
- C:\Windows\System\jHFyglm.exe
  C:\Windows\System\jHFyglm.exe
  2⤵
  PID:12068
- C:\Windows\System\lXLTtWz.exe
  C:\Windows\System\lXLTtWz.exe
  2⤵
  PID:12096
- C:\Windows\System\nBfkIEq.exe
  C:\Windows\System\nBfkIEq.exe
  2⤵
  PID:12124
- C:\Windows\System\pRAmcIj.exe
  C:\Windows\System\pRAmcIj.exe
  2⤵
  PID:12152
- C:\Windows\System\WqygWKU.exe
  C:\Windows\System\WqygWKU.exe
  2⤵
  PID:12180
- C:\Windows\System\TfufCSY.exe
  C:\Windows\System\TfufCSY.exe
  2⤵
  PID:12208
- C:\Windows\System\PBNJCce.exe
  C:\Windows\System\PBNJCce.exe
  2⤵
  PID:12236
- C:\Windows\System\MKgyZLq.exe
  C:\Windows\System\MKgyZLq.exe
  2⤵
  PID:12264
- C:\Windows\System\IeKubBA.exe
  C:\Windows\System\IeKubBA.exe
  2⤵
  PID:11272
- C:\Windows\System\nyNLxWv.exe
  C:\Windows\System\nyNLxWv.exe
  2⤵
  PID:11332
- C:\Windows\System\kpTzkAy.exe
  C:\Windows\System\kpTzkAy.exe
  2⤵
  PID:4872
- C:\Windows\System\ZjPQwMh.exe
  C:\Windows\System\ZjPQwMh.exe
  2⤵
  PID:11444
- C:\Windows\System\HMObHhi.exe
  C:\Windows\System\HMObHhi.exe
  2⤵
  PID:11500
- C:\Windows\System\RoEoBkX.exe
  C:\Windows\System\RoEoBkX.exe
  2⤵
  PID:11556
- C:\Windows\System\waZbQvT.exe
  C:\Windows\System\waZbQvT.exe
  2⤵
  PID:11628
- C:\Windows\System\WkoUXlU.exe
  C:\Windows\System\WkoUXlU.exe
  2⤵
  PID:11696
- C:\Windows\System\MpRVUTI.exe
  C:\Windows\System\MpRVUTI.exe
  2⤵
  PID:11756
- C:\Windows\System\IPRqDcs.exe
  C:\Windows\System\IPRqDcs.exe
  2⤵
  PID:11784
- C:\Windows\System\WvINnYk.exe
  C:\Windows\System\WvINnYk.exe
  2⤵
  PID:11840
- C:\Windows\System\HjsXowe.exe
  C:\Windows\System\HjsXowe.exe
  2⤵
  PID:11892
- C:\Windows\System\RajvkfF.exe
  C:\Windows\System\RajvkfF.exe
  2⤵
  PID:11940
- C:\Windows\System\hPZhfED.exe
  C:\Windows\System\hPZhfED.exe
  2⤵
  PID:12004
- C:\Windows\System\QsJIdje.exe
  C:\Windows\System\QsJIdje.exe
  2⤵
  PID:12064
- C:\Windows\System\hRtWTpd.exe
  C:\Windows\System\hRtWTpd.exe
  2⤵
  PID:12136
- C:\Windows\System\BMqsZak.exe
  C:\Windows\System\BMqsZak.exe
  2⤵
  PID:12200
- C:\Windows\System\oaAsAap.exe
  C:\Windows\System\oaAsAap.exe
  2⤵
  PID:12260
- C:\Windows\System\UfNVkXg.exe
  C:\Windows\System\UfNVkXg.exe
  2⤵
  PID:11360
- C:\Windows\System\oHERzCI.exe
  C:\Windows\System\oHERzCI.exe
  2⤵
  PID:11468
- C:\Windows\System\ATSikdh.exe
  C:\Windows\System\ATSikdh.exe
  2⤵
  PID:11608
- C:\Windows\System\PfyZmse.exe
  C:\Windows\System\PfyZmse.exe
  2⤵
  PID:11752
- C:\Windows\System\IilNXMa.exe
  C:\Windows\System\IilNXMa.exe
  2⤵
  PID:8
- C:\Windows\System\EwFkGqf.exe
  C:\Windows\System\EwFkGqf.exe
  2⤵
  PID:11980
- C:\Windows\System\iTGkogM.exe
  C:\Windows\System\iTGkogM.exe
  2⤵
  PID:12176
- C:\Windows\System\QpQgRUf.exe
  C:\Windows\System\QpQgRUf.exe
  2⤵
  PID:3684
- C:\Windows\System\oZnYUzU.exe
  C:\Windows\System\oZnYUzU.exe
  2⤵
  PID:11552
- C:\Windows\System\THjBEJy.exe
  C:\Windows\System\THjBEJy.exe
  2⤵
  PID:11828
- C:\Windows\System\dvVpQAT.exe
  C:\Windows\System\dvVpQAT.exe
  2⤵
  PID:12228
- C:\Windows\System\UDtbqDk.exe
  C:\Windows\System\UDtbqDk.exe
  2⤵
  PID:11780
- C:\Windows\System\QaSnsRm.exe
  C:\Windows\System\QaSnsRm.exe
  2⤵
  PID:11724
- C:\Windows\System\TZIneAP.exe
  C:\Windows\System\TZIneAP.exe
  2⤵
  PID:12304
- C:\Windows\System\dYiTaVB.exe
  C:\Windows\System\dYiTaVB.exe
  2⤵
  PID:12332
- C:\Windows\System\hjyOAnl.exe
  C:\Windows\System\hjyOAnl.exe
  2⤵
  PID:12360
- C:\Windows\System\cgPmFmG.exe
  C:\Windows\System\cgPmFmG.exe
  2⤵
  PID:12388
- C:\Windows\System\bYcuUCq.exe
  C:\Windows\System\bYcuUCq.exe
  2⤵
  PID:12416
- C:\Windows\System\eThjSBK.exe
  C:\Windows\System\eThjSBK.exe
  2⤵
  PID:12444
- C:\Windows\System\lNWCWJD.exe
  C:\Windows\System\lNWCWJD.exe
  2⤵
  PID:12472
- C:\Windows\System\QQtkSPn.exe
  C:\Windows\System\QQtkSPn.exe
  2⤵
  PID:12500
- C:\Windows\System\fgmynDS.exe
  C:\Windows\System\fgmynDS.exe
  2⤵
  PID:12528
- C:\Windows\System\ayHjVcV.exe
  C:\Windows\System\ayHjVcV.exe
  2⤵
  PID:12556
- C:\Windows\System\fNURnJA.exe
  C:\Windows\System\fNURnJA.exe
  2⤵
  PID:12588
- C:\Windows\System\hCpkUZE.exe
  C:\Windows\System\hCpkUZE.exe
  2⤵
  PID:12616
- C:\Windows\System\hixBwqv.exe
  C:\Windows\System\hixBwqv.exe
  2⤵
  PID:12644
- C:\Windows\System\tbtwbSU.exe
  C:\Windows\System\tbtwbSU.exe
  2⤵
  PID:12672
- C:\Windows\System\UHKUpPO.exe
  C:\Windows\System\UHKUpPO.exe
  2⤵
  PID:12700
- C:\Windows\System\mEvTSmk.exe
  C:\Windows\System\mEvTSmk.exe
  2⤵
  PID:12728
- C:\Windows\System\dsemcck.exe
  C:\Windows\System\dsemcck.exe
  2⤵
  PID:12756
- C:\Windows\System\ENoaVLT.exe
  C:\Windows\System\ENoaVLT.exe
  2⤵
  PID:12784
- C:\Windows\System\qsfeKAt.exe
  C:\Windows\System\qsfeKAt.exe
  2⤵
  PID:12812
- C:\Windows\System\vbgzUjc.exe
  C:\Windows\System\vbgzUjc.exe
  2⤵
  PID:12840
- C:\Windows\System\lTVuNpD.exe
  C:\Windows\System\lTVuNpD.exe
  2⤵
  PID:12868
- C:\Windows\System\XceBCCm.exe
  C:\Windows\System\XceBCCm.exe
  2⤵
  PID:12896
- C:\Windows\System\uZSjasH.exe
  C:\Windows\System\uZSjasH.exe
  2⤵
  PID:12932
- C:\Windows\System\JKDFUAg.exe
  C:\Windows\System\JKDFUAg.exe
  2⤵
  PID:12952
- C:\Windows\System\fbdqXkv.exe
  C:\Windows\System\fbdqXkv.exe
  2⤵
  PID:12980
- C:\Windows\System\FXkMqXi.exe
  C:\Windows\System\FXkMqXi.exe
  2⤵
  PID:13008
- C:\Windows\System\TjYjELu.exe
  C:\Windows\System\TjYjELu.exe
  2⤵
  PID:13036
- C:\Windows\System\tRmiKHf.exe
  C:\Windows\System\tRmiKHf.exe
  2⤵
  PID:13064
- C:\Windows\System\jRvzNlT.exe
  C:\Windows\System\jRvzNlT.exe
  2⤵
  PID:13092
- C:\Windows\System\ZKZNLHU.exe
  C:\Windows\System\ZKZNLHU.exe
  2⤵
  PID:13120
- C:\Windows\System\cPPZool.exe
  C:\Windows\System\cPPZool.exe
  2⤵
  PID:13148
- C:\Windows\System\Lybraej.exe
  C:\Windows\System\Lybraej.exe
  2⤵
  PID:13176
- C:\Windows\System\OIlnwGc.exe
  C:\Windows\System\OIlnwGc.exe
  2⤵
  PID:13204
- C:\Windows\System\hewBKZB.exe
  C:\Windows\System\hewBKZB.exe
  2⤵
  PID:13232
- C:\Windows\System\CquddAb.exe
  C:\Windows\System\CquddAb.exe
  2⤵
  PID:13260
- C:\Windows\System\JNFHZqb.exe
  C:\Windows\System\JNFHZqb.exe
  2⤵
  PID:13288
- C:\Windows\System\RnXXKzn.exe
  C:\Windows\System\RnXXKzn.exe
  2⤵
  PID:12296
- C:\Windows\System\zutQZyn.exe
  C:\Windows\System\zutQZyn.exe
  2⤵
  PID:12352
- C:\Windows\System\bWwFNTP.exe
  C:\Windows\System\bWwFNTP.exe
  2⤵
  PID:12412
- C:\Windows\System\HEhTsgN.exe
  C:\Windows\System\HEhTsgN.exe
  2⤵
  PID:12484
- C:\Windows\System\FGHuuXy.exe
  C:\Windows\System\FGHuuXy.exe
  2⤵
  PID:12552
- C:\Windows\System\petUvoI.exe
  C:\Windows\System\petUvoI.exe
  2⤵
  PID:12628
- C:\Windows\System\yiAPBIj.exe
  C:\Windows\System\yiAPBIj.exe
  2⤵
  PID:12692
- C:\Windows\System\JIKWRZu.exe
  C:\Windows\System\JIKWRZu.exe
  2⤵
  PID:12752
- C:\Windows\System\UpFvHQK.exe
  C:\Windows\System\UpFvHQK.exe
  2⤵
  PID:12824
- C:\Windows\System\hbuhZBz.exe
  C:\Windows\System\hbuhZBz.exe
  2⤵
  PID:12888
- C:\Windows\System\EGHgrmU.exe
  C:\Windows\System\EGHgrmU.exe
  2⤵
  PID:12948
- C:\Windows\System\GWDsCXq.exe
  C:\Windows\System\GWDsCXq.exe
  2⤵
  PID:13020
- C:\Windows\System\XhiaByZ.exe
  C:\Windows\System\XhiaByZ.exe
  2⤵
  PID:13084
- C:\Windows\System\IsFTtRT.exe
  C:\Windows\System\IsFTtRT.exe
  2⤵
  PID:13144
- C:\Windows\System\fMmqVXF.exe
  C:\Windows\System\fMmqVXF.exe
  2⤵
  PID:13200
- C:\Windows\System\OurVssg.exe
  C:\Windows\System\OurVssg.exe
  2⤵
  PID:13272
- C:\Windows\System\HmCQwAP.exe
  C:\Windows\System\HmCQwAP.exe
  2⤵
  PID:12344
- C:\Windows\System\xwckBeI.exe
  C:\Windows\System\xwckBeI.exe
  2⤵
  PID:12468
- C:\Windows\System\jomHBnF.exe
  C:\Windows\System\jomHBnF.exe
  2⤵
  PID:12656
- C:\Windows\System\fBTNoEg.exe
  C:\Windows\System\fBTNoEg.exe
  2⤵
  PID:12780
- C:\Windows\System\EqhaSvf.exe
  C:\Windows\System\EqhaSvf.exe
  2⤵
  PID:12880
- C:\Windows\System\TpUiuvF.exe
  C:\Windows\System\TpUiuvF.exe
  2⤵
  PID:13048
- C:\Windows\System\oxrbfuq.exe
  C:\Windows\System\oxrbfuq.exe
  2⤵
  PID:2204
- C:\Windows\System\aFeWXzW.exe
  C:\Windows\System\aFeWXzW.exe
  2⤵
  PID:13196
- C:\Windows\System\ZtbWHWs.exe
  C:\Windows\System\ZtbWHWs.exe
  2⤵
  PID:12400
- C:\Windows\System\leqbfpB.exe
  C:\Windows\System\leqbfpB.exe
  2⤵
  PID:12740
- C:\Windows\System\IffhNny.exe
  C:\Windows\System\IffhNny.exe
  2⤵
  PID:13004
- C:\Windows\System\uvfcown.exe
  C:\Windows\System\uvfcown.exe
  2⤵
  PID:12324
- C:\Windows\System\AkhhGZu.exe
  C:\Windows\System\AkhhGZu.exe
  2⤵
  PID:2800
- C:\Windows\System\fYTHchp.exe
  C:\Windows\System\fYTHchp.exe
  2⤵
  PID:3144
- C:\Windows\System\okIJxNX.exe
  C:\Windows\System\okIJxNX.exe
  2⤵
  PID:13340
- C:\Windows\System\HYLMLgu.exe
  C:\Windows\System\HYLMLgu.exe
  2⤵
  PID:13356
- C:\Windows\System\xYbgOLE.exe
  C:\Windows\System\xYbgOLE.exe
  2⤵
  PID:13408
- C:\Windows\System\ddoWcUH.exe
  C:\Windows\System\ddoWcUH.exe
  2⤵
  PID:13436
- C:\Windows\System\JvkxQhv.exe
  C:\Windows\System\JvkxQhv.exe
  2⤵
  PID:13464
- C:\Windows\System\QUmFWfe.exe
  C:\Windows\System\QUmFWfe.exe
  2⤵
  PID:13492
- C:\Windows\System\jiIuZFz.exe
  C:\Windows\System\jiIuZFz.exe
  2⤵
  PID:13520
- C:\Windows\System\qMHKVcl.exe
  C:\Windows\System\qMHKVcl.exe
  2⤵
  PID:13548
- C:\Windows\System\QMucBGL.exe
  C:\Windows\System\QMucBGL.exe
  2⤵
  PID:13576
- C:\Windows\System\UwPQekj.exe
  C:\Windows\System\UwPQekj.exe
  2⤵
  PID:13604
- C:\Windows\System\PLfSxxC.exe
  C:\Windows\System\PLfSxxC.exe
  2⤵
  PID:13632
- C:\Windows\System\iWpfKAc.exe
  C:\Windows\System\iWpfKAc.exe
  2⤵
  PID:13660
- C:\Windows\System\HsFTVcU.exe
  C:\Windows\System\HsFTVcU.exe
  2⤵
  PID:13688
- C:\Windows\System\uOdlDPh.exe
  C:\Windows\System\uOdlDPh.exe
  2⤵
  PID:13716
- C:\Windows\System\fhGGrId.exe
  C:\Windows\System\fhGGrId.exe
  2⤵
  PID:13760
- C:\Windows\System\MYVKAOy.exe
  C:\Windows\System\MYVKAOy.exe
  2⤵
  PID:13776
- C:\Windows\System\dYudxkc.exe
  C:\Windows\System\dYudxkc.exe
  2⤵
  PID:13808
- C:\Windows\System\DqEJSFz.exe
  C:\Windows\System\DqEJSFz.exe
  2⤵
  PID:13836
- C:\Windows\System\DiGgeBZ.exe
  C:\Windows\System\DiGgeBZ.exe
  2⤵
  PID:13864
- C:\Windows\System\uyDFeIJ.exe
  C:\Windows\System\uyDFeIJ.exe
  2⤵
  PID:13892
- C:\Windows\System\cRtyMHp.exe
  C:\Windows\System\cRtyMHp.exe
  2⤵
  PID:13920
- C:\Windows\System\EMCxWzQ.exe
  C:\Windows\System\EMCxWzQ.exe
  2⤵
  PID:13948
- C:\Windows\System\cMafSCH.exe
  C:\Windows\System\cMafSCH.exe
  2⤵
  PID:13976
- C:\Windows\System\KbDeNNo.exe
  C:\Windows\System\KbDeNNo.exe
  2⤵
  PID:14004
- C:\Windows\System\yvytSaQ.exe
  C:\Windows\System\yvytSaQ.exe
  2⤵
  PID:14032
- C:\Windows\System\PXRgOqu.exe
  C:\Windows\System\PXRgOqu.exe
  2⤵
  PID:14060
- C:\Windows\System\CeIdaAA.exe
  C:\Windows\System\CeIdaAA.exe
  2⤵
  PID:14088
- C:\Windows\System\WHLjocY.exe
  C:\Windows\System\WHLjocY.exe
  2⤵
  PID:14116
- C:\Windows\System\ktZqAzY.exe
  C:\Windows\System\ktZqAzY.exe
  2⤵
  PID:14144
- C:\Windows\System\bUzWFPd.exe
  C:\Windows\System\bUzWFPd.exe
  2⤵
  PID:14172
- C:\Windows\System\eZnolug.exe
  C:\Windows\System\eZnolug.exe
  2⤵
  PID:14200
- C:\Windows\System\cWrTXyY.exe
  C:\Windows\System\cWrTXyY.exe
  2⤵
  PID:14228
- C:\Windows\System\LaddUZs.exe
  C:\Windows\System\LaddUZs.exe
  2⤵
  PID:14256
- C:\Windows\System\VdDPONb.exe
  C:\Windows\System\VdDPONb.exe
  2⤵
  PID:14284
- C:\Windows\System\pzcMkZF.exe
  C:\Windows\System\pzcMkZF.exe
  2⤵
  PID:14312
- C:\Windows\System\QwSmuil.exe
  C:\Windows\System\QwSmuil.exe
  2⤵
  PID:12524
- C:\Windows\System\FIwuBDL.exe
  C:\Windows\System\FIwuBDL.exe
  2⤵
  PID:4272
- C:\Windows\System\HlkZmcf.exe
  C:\Windows\System\HlkZmcf.exe
  2⤵
  PID:13384
- C:\Windows\System\WwHBjdZ.exe
  C:\Windows\System\WwHBjdZ.exe
  2⤵
  PID:13404
- C:\Windows\System\xFRDnrS.exe
  C:\Windows\System\xFRDnrS.exe
  2⤵
  PID:13476
- C:\Windows\System\BtBhmPv.exe
  C:\Windows\System\BtBhmPv.exe
  2⤵
  PID:13540
- C:\Windows\System\wbsSIOr.exe
  C:\Windows\System\wbsSIOr.exe
  2⤵
  PID:13600
- C:\Windows\System\WYzpWuW.exe
  C:\Windows\System\WYzpWuW.exe
  2⤵
  PID:13700
- C:\Windows\System\DEONuaS.exe
  C:\Windows\System\DEONuaS.exe
  2⤵
  PID:13736
- C:\Windows\System\DkOuQpK.exe
  C:\Windows\System\DkOuQpK.exe
  2⤵
  PID:13804
- C:\Windows\System\dJniKGj.exe
  C:\Windows\System\dJniKGj.exe
  2⤵
  PID:13860
- C:\Windows\System\gzyKRkT.exe
  C:\Windows\System\gzyKRkT.exe
  2⤵
  PID:13932
- C:\Windows\System\RWLlChZ.exe
  C:\Windows\System\RWLlChZ.exe
  2⤵
  PID:14000
- C:\Windows\System\eWXSqzt.exe
  C:\Windows\System\eWXSqzt.exe
  2⤵
  PID:14072
- C:\Windows\System\HAKxeKq.exe
  C:\Windows\System\HAKxeKq.exe
  2⤵
  PID:14136
- C:\Windows\System\MWeSAum.exe
  C:\Windows\System\MWeSAum.exe
  2⤵
  PID:14196
- C:\Windows\System\XNgqxpW.exe
  C:\Windows\System\XNgqxpW.exe
  2⤵
  PID:14268
- C:\Windows\System\qIWsayf.exe
  C:\Windows\System\qIWsayf.exe
  2⤵
  PID:14332
- C:\Windows\System\SNPKEWq.exe
  C:\Windows\System\SNPKEWq.exe
  2⤵
  PID:13368
- C:\Windows\System\HmxQHwS.exe
  C:\Windows\System\HmxQHwS.exe
  2⤵
  PID:13504
- C:\Windows\System\AJTAFoA.exe
  C:\Windows\System\AJTAFoA.exe
  2⤵
  PID:13628
- C:\Windows\System\GuVcZCd.exe
  C:\Windows\System\GuVcZCd.exe
  2⤵
  PID:13788
- C:\Windows\System\rMRnQNf.exe
  C:\Windows\System\rMRnQNf.exe
  2⤵
  PID:13916
- C:\Windows\System\BkFmtpW.exe
  C:\Windows\System\BkFmtpW.exe
  2⤵
  PID:14100
- C:\Windows\System\SdcaWET.exe
  C:\Windows\System\SdcaWET.exe
  2⤵
  PID:14248
- C:\Windows\System\broSZkq.exe
  C:\Windows\System\broSZkq.exe
  2⤵
  PID:13352
- C:\Windows\System\JpOqCTh.exe
  C:\Windows\System\JpOqCTh.exe
  2⤵
  PID:13656
- C:\Windows\System\UCrBPvD.exe
  C:\Windows\System\UCrBPvD.exe
  2⤵
  PID:14052
- C:\Windows\System\cjAYrez.exe
  C:\Windows\System\cjAYrez.exe
  2⤵
  PID:13332
- C:\Windows\System\yHJqpNa.exe
  C:\Windows\System\yHJqpNa.exe
  2⤵
  PID:14192
- C:\Windows\System\QbzBjrh.exe
  C:\Windows\System\QbzBjrh.exe
  2⤵
  PID:13996
- C:\Windows\System\wVXoLCK.exe
  C:\Windows\System\wVXoLCK.exe
  2⤵
  PID:14364
- C:\Windows\System\FbssAxF.exe
  C:\Windows\System\FbssAxF.exe
  2⤵
  PID:14392
- C:\Windows\System\IwmsnKt.exe
  C:\Windows\System\IwmsnKt.exe
  2⤵
  PID:14420
- C:\Windows\System\QgiEWub.exe
  C:\Windows\System\QgiEWub.exe
  2⤵
  PID:14448
- C:\Windows\System\ifOOhwy.exe
  C:\Windows\System\ifOOhwy.exe
  2⤵
  PID:14476
- C:\Windows\System\hYXgNMM.exe
  C:\Windows\System\hYXgNMM.exe
  2⤵
  PID:14504
- C:\Windows\System\egyNtKj.exe
  C:\Windows\System\egyNtKj.exe
  2⤵
  PID:14532
- C:\Windows\System\hlhZSMJ.exe
  C:\Windows\System\hlhZSMJ.exe
  2⤵
  PID:14560
- C:\Windows\System\igKpBng.exe
  C:\Windows\System\igKpBng.exe
  2⤵
  PID:14588
- C:\Windows\System\xlvoMIA.exe
  C:\Windows\System\xlvoMIA.exe
  2⤵
  PID:14616
- C:\Windows\System\pLHBjFH.exe
  C:\Windows\System\pLHBjFH.exe
  2⤵
  PID:14656
- C:\Windows\System\fNYmebe.exe
  C:\Windows\System\fNYmebe.exe
  2⤵
  PID:14676
- C:\Windows\System\XZHescQ.exe
  C:\Windows\System\XZHescQ.exe
  2⤵
  PID:14704
- C:\Windows\System\zltzjqe.exe
  C:\Windows\System\zltzjqe.exe
  2⤵
  PID:14732
- C:\Windows\System\OloBTLK.exe
  C:\Windows\System\OloBTLK.exe
  2⤵
  PID:14760
- C:\Windows\System\mLYGqXp.exe
  C:\Windows\System\mLYGqXp.exe
  2⤵
  PID:14788
- C:\Windows\System\qetoFYs.exe
  C:\Windows\System\qetoFYs.exe
  2⤵
  PID:14816
- C:\Windows\System\SHyXldj.exe
  C:\Windows\System\SHyXldj.exe
  2⤵
  PID:14844
- C:\Windows\System\pAHEXni.exe
  C:\Windows\System\pAHEXni.exe
  2⤵
  PID:14872
- C:\Windows\System\wqPDcVY.exe
  C:\Windows\System\wqPDcVY.exe
  2⤵
  PID:14900
- C:\Windows\System\VDUzqsU.exe
  C:\Windows\System\VDUzqsU.exe
  2⤵
  PID:14928
- C:\Windows\System\yIisUkY.exe
  C:\Windows\System\yIisUkY.exe
  2⤵
  PID:14956
- C:\Windows\System\LUHcgrr.exe
  C:\Windows\System\LUHcgrr.exe
  2⤵
  PID:14984
- C:\Windows\System\PHcZjlc.exe
  C:\Windows\System\PHcZjlc.exe
  2⤵
  PID:15016
- C:\Windows\System\KzXBmHU.exe
  C:\Windows\System\KzXBmHU.exe
  2⤵
  PID:15048
- C:\Windows\System\oNqQIiZ.exe
  C:\Windows\System\oNqQIiZ.exe
  2⤵
  PID:15068
- C:\Windows\System\nFCLMGh.exe
  C:\Windows\System\nFCLMGh.exe
  2⤵
  PID:15104
- C:\Windows\System\QaUnzXL.exe
  C:\Windows\System\QaUnzXL.exe
  2⤵
  PID:15132
- C:\Windows\System\xodtLWb.exe
  C:\Windows\System\xodtLWb.exe
  2⤵
  PID:15160
- C:\Windows\System\vYGtVHN.exe
  C:\Windows\System\vYGtVHN.exe
  2⤵
  PID:15188
- C:\Windows\System\AzOzWpw.exe
  C:\Windows\System\AzOzWpw.exe
  2⤵
  PID:15216
- C:\Windows\System\IryvIYZ.exe
  C:\Windows\System\IryvIYZ.exe
  2⤵
  PID:15244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ADKUPhw.exe

Filesize
6.0MB

MD5
9a0fda058e47124a9129cab1a3526080

SHA1
5bbe43aad463dd4f84adc79af1e60c0fb63fddbb

SHA256
d8a19b981cf75654cac27a5d79063f31fd5ac473324e4e1398e90f98a1aa8020

SHA512
f3bf8d2b46096cbe91be126df316ee6e4fb73d73ee153515bbf00adb850085d6a79b7f80cbb3fc54848b3e441b7021f34f1abb3122b609c9adbbc7c3f96ac314

Download Submit
C:\Windows\System\ANdPpBQ.exe

Filesize
6.0MB

MD5
8e352297de3103c0359a9f3e7bd4820b

SHA1
998ef785c59d557408a089bb9e97a992fb2f8502

SHA256
2626a6b9e1570eed6a13c87644a6db3ac89f42e78933bddce50729ec0cf7db93

SHA512
6c239d6edd5b5cc955e6aca664b04088aa38f4b1f6eab2f82be4a03cd933be97b186359b3b6a3216ffa20ce77d356cfbe8a845296d40a0b1a46d9e30aac9b5d3

Download Submit
C:\Windows\System\AYFpKsF.exe

Filesize
6.0MB

MD5
515960a965946df3500e6485ecd20eb3

SHA1
8073d55cefbb01c0f5d41a496e07634595188b57

SHA256
e9017afd4c1c780c6aa4dd5445f453bb2b5958e4a16132a1857e2d9bda5789ff

SHA512
c1ea83e776f8d96b4ac844124fa3c8ff0f83def01c6c6faa75b2bfa89eea321e873cdb809f9b8760abcff398731fd08e2f2ebef4b4488275f9a594a8277f05ee

Download Submit
C:\Windows\System\CwIsSYx.exe

Filesize
6.0MB

MD5
b9c48378c50f1ddc95c67ed8a980ece6

SHA1
0a51f631989d03b628d6d1b3bf620d297b90f01d

SHA256
57e56b349741170fba71f519be70cfed81c55f8a76b66d672c1b786fbef8d877

SHA512
375eba9e885b3cdf71aa3370484159a10681126f1e6897352857a605de676f678fbc06562b552b90f850551fa8cb13bbbe86c6a6b377c1fd70d5ddffa2e4edb3

Download Submit
C:\Windows\System\FxmEcxm.exe

Filesize
6.0MB

MD5
ecaa68e93ab650ed94dee99adf31ef3d

SHA1
c11d5cbfe93299f22aaf6c3a44e845fa379ba91c

SHA256
80d19ba454d48692ecae0e6905e6c9c42631b83714bb69f240895b46013d3b44

SHA512
538e9f30c435d71d8466f97e6b2dc43716b4b8fd9f4c6ce22ff24a17f4981ebb5362b0fd15589468ca992a5f04dd247b86fea607b0e5e6769442b417d7fb2c2e

Download Submit
C:\Windows\System\GJAdPLL.exe

Filesize
6.0MB

MD5
055d0cba1e25b83cc93ae4a3b94de53a

SHA1
1fd2a42b9ffb1bb60792ec61f24c1e045d26ce48

SHA256
6fa4bbee9a3496978050570a3ab71f69fae5d41efde3dcf6ede2e2857536b47b

SHA512
a67ada62824005524e190d19a3986f722f7e8c456edf19ccff07bf13c624c873abb128b761907d4f371868198070a92dcf2d2ebff3478d9439e9646cc4902322

Download Submit
C:\Windows\System\GugSqEI.exe

Filesize
6.0MB

MD5
e7cf1a8a8f1673ea046ae6ea94fdde46

SHA1
8f4b18a8d19bde6dd72f77b14e0f55612b052c9b

SHA256
8dbac472d913a3b3dff022f8c77547392d1d2f89d0d4525a0b346138b3062454

SHA512
7ee921d545d3447c73eea4cf3e6853ef34efbe86b04c134739f66623a7024ac6ceb15d2f12ea46a50f4f6ef20e618c6cfb8639484ceec96cf42a96c1143462e4

Download Submit
C:\Windows\System\GzSgxPc.exe

Filesize
6.0MB

MD5
90ceee70ed1208a5a96c07e16352b2e7

SHA1
f5c3f8036616cdd0157079cb3cd3b9446d5de2e9

SHA256
9443267cf2bce434c963b9ae7fcd7638f222b26c0398bda60b43aae94d5fcbc9

SHA512
ed5a3fb81c016a8829f288c91628fa92825b5a27f2c3ace2f22325fbbd782906d63b65b99846a203f2c1bedba50dbea01d4bf891bbbf9a593556cd85c28f88bb

Download Submit
C:\Windows\System\HfVpbAe.exe

Filesize
6.0MB

MD5
2be7857ba196c5a174201dce7eaea88a

SHA1
6923cdb3eeb74b78ced15b1281483cec3fb215bf

SHA256
720e23a79b7c5549618eba001f9a0fb2cb596e8096bc5f2794552879412852ac

SHA512
3491265ef187576277dcb044072c0ff54bcc0bcd383246d82550193bc4486c8406b1977a9c573264bd0e712c2bba97b7709b84ea8a1209b2211e7ef32fe48ac1

Download Submit
C:\Windows\System\IdgraTu.exe

Filesize
6.0MB

MD5
3de9f82a3d7814a9c2115e3c82b5c290

SHA1
4e9ece09707097fa8e1fdda59a4cd5867ed2e5da

SHA256
eea819174a7936f5ee570f19f109308ed288a316a25987cefd5e0a230803871f

SHA512
9aedca61234b47664c6cf1ef12e95f76fefc0ffecc0e6fe04de4218df6b51c0e593317611e6358168622cfeebba27d0dbf942f0c06501bcb60904ae067e7ebd0

Download Submit
C:\Windows\System\MPweHzt.exe

Filesize
6.0MB

MD5
247cd7a98e69e2c19467822a564d4ceb

SHA1
090a135119a85ca15b876202c461bff0e877e692

SHA256
420057532339db6c361a6397e2befb35f3ce408dfa86e1bd29fef52b66596dbd

SHA512
dda750ced01f07cdb723281259b39cdb95c4793e1f766caa26e0415d355b605f926c1933781f506457f9415417d551a3cc87b10332c6c34d17a0215a129bc757

Download Submit
C:\Windows\System\NVIEOKp.exe

Filesize
6.0MB

MD5
44f6d4f64828029408fc9997d28247dd

SHA1
1f8aff4cb731b98a0a6f006e7be343f48e995025

SHA256
47c3685c3952a0f44851818e8f337cabf0eebbe8e8a2842497ba94080cafac78

SHA512
be749df0053592dd301597b4415a3f749214ff2513454238363851a43ab37b634ee5cb09821d921c79cde6eef062b122ac03c50026372d1c5b13cca127591561

Download Submit
C:\Windows\System\OKQMXDJ.exe

Filesize
6.0MB

MD5
fd1e04d6ddf7680cafc3b837f4c8a2b2

SHA1
d411fbc29c0727a76c9fa9363fc7385a78c90e09

SHA256
1e5204c90bf3a90bceea3587eca532072401abbc9564a16ffb60ad39de8fa5bc

SHA512
0e0f0a9b2e412efda19fa1466522f1e499f437dab4c9eaff3c0b3c8f3bfbf149efee3f8bf09ff90ccbc1804ad4d8a4e6b1988564d4759b2bcb0c25ed1cb11357

Download Submit
C:\Windows\System\PIePfVE.exe

Filesize
6.0MB

MD5
f590af978d2f1168c6c8e7b9ea2ea30d

SHA1
64cb08dbec504a10f37ce4bd2216bfc1f5c85e08

SHA256
198e4c560eaed67a8539592102e803ce0c09c44253eb073667e091aab1887db1

SHA512
a2dc0c414bb8e7e7109c6fb72c9b9b16aeb5913c66389e7a3b15aa381362e1c351a37455b2acd2c99b18659b9df389ba7f7c376e2b3354604bacaf025b2f8681

Download Submit
C:\Windows\System\PfgDHyv.exe

Filesize
6.0MB

MD5
a05135b91dcd542bcc14a0b6aea0ffc1

SHA1
5d5a6bd2b91a209fcbf655a69234971f099a6674

SHA256
99f56b837b0db6a37439804add5a396841567a53fe8b5bbc26a64cd75015f7f9

SHA512
0ca5e80b8411ad2ba2fd26309285ca2b8cada394f7eb167acff48fce8fb223b66ba6584f892fc21fb8a1e8d979cb2f7dbb77fe9efe38d25b7d9c4f15a129e039

Download Submit
C:\Windows\System\QQgzIFj.exe

Filesize
6.0MB

MD5
261a4a65c3c08a416e074b0633d1674e

SHA1
f62223d6aed61c39c1caf36af1467d05805389b1

SHA256
b7f174e0b2c2200e8f2a02e28cf925acff7ec9e62154674319b632c0067fd78c

SHA512
23f83363ec2473de40b37e58b71fc4ef918e9edfd763e43cdf6512e82ea8043d2eaf9771699cdfd089ab183a2b13c663f1576946da932e40816f222a65050058

Download Submit
C:\Windows\System\SWLSZtV.exe

Filesize
6.0MB

MD5
b247845c53b18d0b1e916361d7677bbc

SHA1
d39b1f9bfd85781a1f48e28a316b448414b837b6

SHA256
3e39dba2ac52950616164eeebf100651ede324eb20f0cdacb31e9703d7dbf39a

SHA512
0ee952c43c73675e90326445c13fadc68c588068f9c22dae92237dc1337a02a8473fd690529e40fa53180e1ec23f9e842ffce597d4da2ca94fb123eab84647fc

Download Submit
C:\Windows\System\WNvPmEI.exe

Filesize
6.0MB

MD5
76c63abe63f261ce90f86bb0ca26454e

SHA1
04b32fbb20cd8ffde6627efb402df1ae7936d623

SHA256
ac83a69991c2d73b19ecb7819e97067a3f188a40d79f19cf8ae7cba99f37498d

SHA512
1f5263b627db1d54d19add7357e7f0802081fa04f1533e2c64da85053e51815ebc6b8ad6275f2619babd3ffb23316057c3656a8f9c20d2bd3b091800891d615b

Download Submit
C:\Windows\System\agqxRVa.exe

Filesize
6.0MB

MD5
a89b6b27e29a010270167a64b7fec218

SHA1
0442501c7a41017ea7ce007eb1a2dbd1dbdfb700

SHA256
44068b682dcec3db9c66de5a90b88c44d4bed5d7050f01aa80d0caecec33efd1

SHA512
df73310de57518b8cff6c4ec330edad47d43d4f2f4763c9a80229a8b3de8091f9973df8b5434b2443b33613b1aa02540bf498ad8147cd6ae0fa513d534a2f1de

Download Submit
C:\Windows\System\cCdzDrx.exe

Filesize
6.0MB

MD5
3af9bd54fea475639d0a9ef5d2bcc4b8

SHA1
dd9ca25bcc0823e2fb668ffcd839a5bb0a850570

SHA256
193027a35eac39109c11b49ec41c03319e1af48a26308f5da5997cf0a33ed288

SHA512
fe0e3595c190a11ee73ea68c9e78cd783e3f7806105bcce472ce461645be0158c1879d4fa0fff4ddabb7323b29747f43759c725c1981f1cd3b28baf1f74d1ec6

Download Submit
C:\Windows\System\cnYbsUD.exe

Filesize
6.0MB

MD5
095edc4de8e3ad9ce9c60b05f1850b15

SHA1
3b3acf245fe385389044ee54839aad57a0073467

SHA256
76db9ce225013b4c7ea10b2e1ce66a4d7a6fa5f02841c6d7b3eb7e6bfd34f81d

SHA512
3944c3f132f0efc79408d2ddfe993fe71bf1eb49499cf627f5e286d918965afe3e06d478475a24ed8034f63fc3a3a7fc8b0c2c724fcc9d80d5529fe3fdb06031

Download Submit
C:\Windows\System\hAZGVnk.exe

Filesize
6.0MB

MD5
0eba7c94a24de1dc48ca482ad5b5a346

SHA1
7fb501bb5a45078e0bfea13801e1f0239dfda33a

SHA256
71e57168b8fb2b95ed0d45d7baa51416eb1f0cbcb96ba6da4c2635b979d473ce

SHA512
a3ce4a9cea99d470230bb248f0e9ddfeae46c49e0c5640c3b10587e4cdd1eee2755a1d57e8e4b172301978bdb3a0e21bd7243010ec895758437c5395ef817661

Download Submit
C:\Windows\System\hCqlsmq.exe

Filesize
6.0MB

MD5
81d8ca585d082fbc2f62af12f9ac6c66

SHA1
783e45816789825c9d8570c9bf3a6e7456a93229

SHA256
a2b513b3414cc39c1eb02b81a1786c60e9582155c079b2b46a6814c9ae3cfba5

SHA512
69e823cb711ee70e68f3ea1146acc395fb47475a4b6dcf35616dc74e2e4e93924e6e7cfa718152eb4412145a17fbe66eb7e767fe8965105ccc60faa4ce3cdb0c

Download Submit
C:\Windows\System\hNraUEb.exe

Filesize
6.0MB

MD5
3da4d52719cc4238007424ecf46ddde8

SHA1
1e922f8f7e20b274ffae582754bbdf7bf6bd559f

SHA256
aa03093b7075bcabc470071650ba2eee6cab4f2bfe7c428b33e3ef45dcdaae08

SHA512
9c8d562f5c32dd8fc6434c263cba207aae9f901f81a9faff826d6941e71b9e13af5cac50e35945ad475858a6f5e23b1b214ef8f1124baa57a81aba46230a5f94

Download Submit
C:\Windows\System\nGQeRwl.exe

Filesize
6.0MB

MD5
22d79809bed91249f6d253063a8aec1a

SHA1
4023abcc5508ab2b5d032fb7a3a24309dafad6cc

SHA256
b3b0ec3f53ef6326838c960fb1ba44332d0d3d29b37b410de7c89144c581ba78

SHA512
ed438591148419b44146a03add507fee2ef9832e56e37d8235526a1925339eff80fb161ad60a98521300424c9f12a8c2081931bdec1fe48c0984485e03cd2ba4

Download Submit
C:\Windows\System\niZLNZP.exe

Filesize
6.0MB

MD5
b9a017d605d63a3b05bec1f713155462

SHA1
8900537334cc639b2ef710e720a591d069898d8d

SHA256
f24eaa27e08e853c437054cd7d00edbf5cfe10c8a83e7d1f29e0195b96793788

SHA512
5be6c5c47660ef0630256a31445bd52394c1ac5a5ec4e8f26529ba01f411686c15405dd9a2c4ee698ded76801b4fcf9e1f3ba0a2f707aaed344845d1f7c580bf

Download Submit
C:\Windows\System\phgOUdf.exe

Filesize
6.0MB

MD5
8fdad1762f24d7d55c4a192ec8452a47

SHA1
1a4c4fe9976c2070d87a917826f459a07c8eae52

SHA256
c91fb6527ec39b537ab94b71ffd5492480fa18585cd57762c265ca510b3937cb

SHA512
44fbc69bf1ae016b64272c3f2ddd0a0da890c91c3468aa19227fac851b4e6f3aab5c8962cd31c76de7c71d0cf7421b76c69b20e21a7eee794142ca2297e7c537

Download Submit
C:\Windows\System\shTVEMN.exe

Filesize
6.0MB

MD5
9d51535720ba310fb6745084cfc9a05d

SHA1
774296629592ac6630313cc8343ecfafb00a0ce4

SHA256
5260c5cf041711ae3f714056d7eb23066ed0acf5bbc556dbb6778e0849bd1267

SHA512
127c1917407d49e05ef0a362688e6d32dd12a9ad5a61c15d6e4481b71e14183071cce39a7f197e6149d8bc75cf035e68c0ed30e45740f60fef196fb651263438

Download Submit
C:\Windows\System\wQqjQUp.exe

Filesize
6.0MB

MD5
3ea806856d5a8f11088b0ce6bbe4bf1e

SHA1
3c089645d689ae2fbd2f00178faececa95d13d09

SHA256
d063c7e0e4144c7568c9baa8f7bb9d149175d0bcb52aaeb3d316d07f214e5aff

SHA512
40661c90374df0776b0c32205e4c1f425a7cbfbdb74f698b59d05cc31fc38d32d99684a0ebfc4a7765c0b40b76cc6c7fdfed3cac61f79a21af57980801fa293b

Download Submit
C:\Windows\System\xCMMCqy.exe

Filesize
6.0MB

MD5
3d42b74df0f92135d8b4b785a3d6515b

SHA1
6ba68be51651818cf9db640b6bbdd3f4a101ee27

SHA256
e1a7b8826277686eb069f4297cb2fefa3b0ca3bd53510c51a8baf617a1245715

SHA512
98d5fcb23cc981aa3a0ca4f90bd730ddc44245c24fe2fc6987e1219c794afe4c990b68339ef9f3df65ca776a4908b47ca11411a38c1ec6a5ea5b6fd90db45e28

Download Submit
C:\Windows\System\xuhWsSD.exe

Filesize
6.0MB

MD5
0ab6d599896e652ca7efa6a1d8eb21a7

SHA1
9498f6f1c1a584f73d009f92ceb709cfe053f945

SHA256
acb13b42daa6df1c27d160a6a7c73e04a712a8cc597e7996cc9ddbc69c2301a9

SHA512
3c83781b2ecd6632eeb64eb275014cb9d4a70dbe355e8a82cb5e96d233e561fc60c16ac0823b555a919c889fcf1bcde9912d68ef295fc4b4480c7f7c55f56246

Download Submit
C:\Windows\System\xwEDgxO.exe

Filesize
6.0MB

MD5
2aa621cf19a62dfcf850814660e0cbdc

SHA1
f98181aba64002e7f7870e0be1b3cdd6bee6b20a

SHA256
4c6d59368034809118a796eebf8788e6f6a9c9d10db931829a19137a9292a54b

SHA512
ae123c8bc36d86b28a8d3960d585dfff8cc47fe901a661b054ac9fc9b3a209f8882e20909d8fa7837ae48e025531bd9432b511cfc2001f5cc274c28c96b1b535

Download Submit
memory/312-1468-0x00007FF7E3030000-0x00007FF7E3384000-memory.dmp

Filesize
3.3MB

Download
memory/312-109-0x00007FF7E3030000-0x00007FF7E3384000-memory.dmp

Filesize
3.3MB

Download
memory/312-46-0x00007FF7E3030000-0x00007FF7E3384000-memory.dmp

Filesize
3.3MB

Download
memory/368-119-0x00007FF690520000-0x00007FF690874000-memory.dmp

Filesize
3.3MB

Download
memory/368-56-0x00007FF690520000-0x00007FF690874000-memory.dmp

Filesize
3.3MB

Download
memory/368-1466-0x00007FF690520000-0x00007FF690874000-memory.dmp

Filesize
3.3MB

Download
memory/436-123-0x00007FF63E440000-0x00007FF63E794000-memory.dmp

Filesize
3.3MB

Download
memory/436-62-0x00007FF63E440000-0x00007FF63E794000-memory.dmp

Filesize
3.3MB

Download
memory/436-1471-0x00007FF63E440000-0x00007FF63E794000-memory.dmp

Filesize
3.3MB

Download
memory/1816-2337-0x00007FF684340000-0x00007FF684694000-memory.dmp

Filesize
3.3MB

Download
memory/1816-189-0x00007FF684340000-0x00007FF684694000-memory.dmp

Filesize
3.3MB

Download
memory/1932-2244-0x00007FF7DFA30000-0x00007FF7DFD84000-memory.dmp

Filesize
3.3MB

Download
memory/1932-118-0x00007FF7DFA30000-0x00007FF7DFD84000-memory.dmp

Filesize
3.3MB

Download
memory/2104-193-0x00007FF628490000-0x00007FF6287E4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-2338-0x00007FF628490000-0x00007FF6287E4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-51-0x00007FF6BD7B0000-0x00007FF6BDB04000-memory.dmp

Filesize
3.3MB

Download
memory/2344-1452-0x00007FF6BD7B0000-0x00007FF6BDB04000-memory.dmp

Filesize
3.3MB

Download
memory/2360-124-0x00007FF769790000-0x00007FF769AE4000-memory.dmp

Filesize
3.3MB

Download
memory/2360-1467-0x00007FF769790000-0x00007FF769AE4000-memory.dmp

Filesize
3.3MB

Download
memory/2360-64-0x00007FF769790000-0x00007FF769AE4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-1962-0x00007FF6A9590000-0x00007FF6A98E4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-85-0x00007FF6A9590000-0x00007FF6A98E4000-memory.dmp

Filesize
3.3MB

Download
memory/3196-83-0x00007FF618320000-0x00007FF618674000-memory.dmp

Filesize
3.3MB

Download
memory/3196-0-0x00007FF618320000-0x00007FF618674000-memory.dmp

Filesize
3.3MB

Download
memory/3196-1-0x0000028388E90000-0x0000028388EA0000-memory.dmp

Filesize
64KB

Download
memory/3428-2336-0x00007FF796DB0000-0x00007FF797104000-memory.dmp

Filesize
3.3MB

Download
memory/3428-175-0x00007FF796DB0000-0x00007FF797104000-memory.dmp

Filesize
3.3MB

Download
memory/3428-655-0x00007FF796DB0000-0x00007FF797104000-memory.dmp

Filesize
3.3MB

Download
memory/3528-161-0x00007FF69E900000-0x00007FF69EC54000-memory.dmp

Filesize
3.3MB

Download
memory/3528-1973-0x00007FF69E900000-0x00007FF69EC54000-memory.dmp

Filesize
3.3MB

Download
memory/3528-106-0x00007FF69E900000-0x00007FF69EC54000-memory.dmp

Filesize
3.3MB

Download
memory/3604-158-0x00007FF7EBBB0000-0x00007FF7EBF04000-memory.dmp

Filesize
3.3MB

Download
memory/3604-462-0x00007FF7EBBB0000-0x00007FF7EBF04000-memory.dmp

Filesize
3.3MB

Download
memory/3604-2334-0x00007FF7EBBB0000-0x00007FF7EBF04000-memory.dmp

Filesize
3.3MB

Download
memory/3628-146-0x00007FF6E9580000-0x00007FF6E98D4000-memory.dmp

Filesize
3.3MB

Download
memory/3628-2332-0x00007FF6E9580000-0x00007FF6E98D4000-memory.dmp

Filesize
3.3MB

Download
memory/3628-341-0x00007FF6E9580000-0x00007FF6E98D4000-memory.dmp

Filesize
3.3MB

Download
memory/3636-184-0x00007FF618750000-0x00007FF618AA4000-memory.dmp

Filesize
3.3MB

Download
memory/3636-2248-0x00007FF618750000-0x00007FF618AA4000-memory.dmp

Filesize
3.3MB

Download
memory/3636-125-0x00007FF618750000-0x00007FF618AA4000-memory.dmp

Filesize
3.3MB

Download
memory/3788-2333-0x00007FF6CB910000-0x00007FF6CBC64000-memory.dmp

Filesize
3.3MB

Download
memory/3788-152-0x00007FF6CB910000-0x00007FF6CBC64000-memory.dmp

Filesize
3.3MB

Download
memory/3788-398-0x00007FF6CB910000-0x00007FF6CBC64000-memory.dmp

Filesize
3.3MB

Download
memory/3804-104-0x00007FF697560000-0x00007FF6978B4000-memory.dmp

Filesize
3.3MB

Download
memory/3804-31-0x00007FF697560000-0x00007FF6978B4000-memory.dmp

Filesize
3.3MB

Download
memory/3804-1447-0x00007FF697560000-0x00007FF6978B4000-memory.dmp

Filesize
3.3MB

Download
memory/3968-1970-0x00007FF6B88A0000-0x00007FF6B8BF4000-memory.dmp

Filesize
3.3MB

Download
memory/3968-103-0x00007FF6B88A0000-0x00007FF6B8BF4000-memory.dmp

Filesize
3.3MB

Download
memory/3968-151-0x00007FF6B88A0000-0x00007FF6B8BF4000-memory.dmp

Filesize
3.3MB

Download
memory/4160-1431-0x00007FF66FEF0000-0x00007FF670244000-memory.dmp

Filesize
3.3MB

Download
memory/4160-96-0x00007FF66FEF0000-0x00007FF670244000-memory.dmp

Filesize
3.3MB

Download
memory/4160-16-0x00007FF66FEF0000-0x00007FF670244000-memory.dmp

Filesize
3.3MB

Download
memory/4212-130-0x00007FF78A250000-0x00007FF78A5A4000-memory.dmp

Filesize
3.3MB

Download
memory/4212-75-0x00007FF78A250000-0x00007FF78A5A4000-memory.dmp

Filesize
3.3MB

Download
memory/4212-1964-0x00007FF78A250000-0x00007FF78A5A4000-memory.dmp

Filesize
3.3MB

Download
memory/4408-195-0x00007FF740000000-0x00007FF740354000-memory.dmp

Filesize
3.3MB

Download
memory/4408-2339-0x00007FF740000000-0x00007FF740354000-memory.dmp

Filesize
3.3MB

Download
memory/4500-1416-0x00007FF7B3070000-0x00007FF7B33C4000-memory.dmp

Filesize
3.3MB

Download
memory/4500-88-0x00007FF7B3070000-0x00007FF7B33C4000-memory.dmp

Filesize
3.3MB

Download
memory/4500-8-0x00007FF7B3070000-0x00007FF7B33C4000-memory.dmp

Filesize
3.3MB

Download
memory/4616-101-0x00007FF666C00000-0x00007FF666F54000-memory.dmp

Filesize
3.3MB

Download
memory/4616-1971-0x00007FF666C00000-0x00007FF666F54000-memory.dmp

Filesize
3.3MB

Download
memory/4664-2335-0x00007FF761000000-0x00007FF761354000-memory.dmp

Filesize
3.3MB

Download
memory/4664-590-0x00007FF761000000-0x00007FF761354000-memory.dmp

Filesize
3.3MB

Download
memory/4664-169-0x00007FF761000000-0x00007FF761354000-memory.dmp

Filesize
3.3MB

Download
memory/4716-100-0x00007FF752610000-0x00007FF752964000-memory.dmp

Filesize
3.3MB

Download
memory/4716-1443-0x00007FF752610000-0x00007FF752964000-memory.dmp

Filesize
3.3MB

Download
memory/4716-23-0x00007FF752610000-0x00007FF752964000-memory.dmp

Filesize
3.3MB

Download
memory/4812-84-0x00007FF73C7F0000-0x00007FF73CB44000-memory.dmp

Filesize
3.3MB

Download
memory/4812-138-0x00007FF73C7F0000-0x00007FF73CB44000-memory.dmp

Filesize
3.3MB

Download
memory/4812-1967-0x00007FF73C7F0000-0x00007FF73CB44000-memory.dmp

Filesize
3.3MB

Download
memory/4820-1458-0x00007FF779430000-0x00007FF779784000-memory.dmp

Filesize
3.3MB

Download
memory/4820-42-0x00007FF779430000-0x00007FF779784000-memory.dmp

Filesize
3.3MB

Download
memory/4820-108-0x00007FF779430000-0x00007FF779784000-memory.dmp

Filesize
3.3MB

Download
memory/4904-141-0x00007FF7BA2E0000-0x00007FF7BA634000-memory.dmp

Filesize
3.3MB

Download
memory/5012-208-0x00007FF68E020000-0x00007FF68E374000-memory.dmp

Filesize
3.3MB

Download
memory/5012-132-0x00007FF68E020000-0x00007FF68E374000-memory.dmp

Filesize
3.3MB

Download
memory/5068-117-0x00007FF6D5500000-0x00007FF6D5854000-memory.dmp

Filesize
3.3MB

Download
memory/5068-61-0x00007FF6D5500000-0x00007FF6D5854000-memory.dmp

Filesize
3.3MB

Download
memory/5068-1475-0x00007FF6D5500000-0x00007FF6D5854000-memory.dmp

Filesize
3.3MB

Download