cobaltstrike | 2d0dd8c14114a6a721514855c7a346874de796abd1a4dad887edc3956a2cddf9

Analysis

max time kernel
149s
max time network
19s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
27/02/2025, 02:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.7MB
MD5

4e8774e31dd6db05773f14fcd68648f5
SHA1

e40f3d023f7e7afb1634eeb0afd614b62c61f19d
SHA256

2d0dd8c14114a6a721514855c7a346874de796abd1a4dad887edc3956a2cddf9
SHA512

1b06c49e19f7e025030b33d79b21abd94183287d3b2097a45b98592eba42cee9ebd7fec943b1b4a0292a33ebd97d245ad6b7eb495e2f7f33ed89d807489b8d00
SSDEEP

98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lUS:j+R56utgpPF8u/7S

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 36 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b00000001225e-6.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186c6-7.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186ca-10.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186d9-21.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018710-35.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019240-44.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41d-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a359-178.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a1-101.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09e-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a075-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961e-92.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f8a-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d8e-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-83.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cba-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3e-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a307-175.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07e-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f94-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dbf-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cca-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c57-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019926-107.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-98.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961c-90.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960a-77.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019608-72.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016e09-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019606-60.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019605-51.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018718-42.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186dd-30.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1940-0-0x000000013F6F0000-0x000000013FA3D000-memory.dmp	xmrig
behavioral1/files/0x000b00000001225e-6.dat	xmrig
behavioral1/files/0x00060000000186c6-7.dat	xmrig
behavioral1/files/0x00070000000186ca-10.dat	xmrig
behavioral1/memory/824-18-0x000000013FCC0000-0x000000014000D000-memory.dmp	xmrig
behavioral1/files/0x00060000000186d9-21.dat	xmrig
behavioral1/memory/2884-15-0x000000013F670000-0x000000013F9BD000-memory.dmp	xmrig
behavioral1/memory/2688-14-0x000000013F6C0000-0x000000013FA0D000-memory.dmp	xmrig
behavioral1/memory/3020-31-0x000000013F6B0000-0x000000013F9FD000-memory.dmp	xmrig
behavioral1/files/0x0006000000018710-35.dat	xmrig
behavioral1/memory/2712-37-0x000000013F750000-0x000000013FA9D000-memory.dmp	xmrig
behavioral1/files/0x0007000000019240-44.dat	xmrig
behavioral1/memory/2612-61-0x000000013F640000-0x000000013F98D000-memory.dmp	xmrig
behavioral1/memory/2108-67-0x000000013FDB0000-0x00000001400FD000-memory.dmp	xmrig
behavioral1/memory/1120-73-0x000000013F7F0000-0x000000013FB3D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c3c-117.dat	xmrig
behavioral1/memory/2892-132-0x000000013F930000-0x000000013FC7D000-memory.dmp	xmrig
behavioral1/memory/572-290-0x000000013F040000-0x000000013F38D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c34-110.dat	xmrig
behavioral1/files/0x000500000001a41d-187.dat	xmrig
behavioral1/files/0x000500000001a359-178.dat	xmrig
behavioral1/memory/1904-100-0x000000013F140000-0x000000013F48D000-memory.dmp	xmrig
behavioral1/files/0x00050000000196a1-101.dat	xmrig
behavioral1/files/0x000500000001a09e-170.dat	xmrig
behavioral1/memory/2232-160-0x000000013FBF0000-0x000000013FF3D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a075-161.dat	xmrig
behavioral1/files/0x000500000001961e-92.dat	xmrig
behavioral1/files/0x0005000000019f8a-150.dat	xmrig
behavioral1/memory/2516-149-0x000000013F830000-0x000000013FB7D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d8e-138.dat	xmrig
behavioral1/memory/804-85-0x000000013F990000-0x000000013FCDD000-memory.dmp	xmrig
behavioral1/files/0x000500000001960c-83.dat	xmrig
behavioral1/files/0x0005000000019cba-129.dat	xmrig
behavioral1/memory/1964-128-0x000000013FD40000-0x000000014008D000-memory.dmp	xmrig
behavioral1/memory/1440-229-0x000000013FC50000-0x000000013FF9D000-memory.dmp	xmrig
behavioral1/memory/3052-228-0x000000013F3F0000-0x000000013F73D000-memory.dmp	xmrig
behavioral1/memory/2912-226-0x000000013FCF0000-0x000000014003D000-memory.dmp	xmrig
behavioral1/memory/2692-225-0x000000013FF50000-0x000000014029D000-memory.dmp	xmrig
behavioral1/memory/820-224-0x000000013F5B0000-0x000000013F8FD000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c3e-119.dat	xmrig
behavioral1/memory/2428-193-0x000000013FBB0000-0x000000013FEFD000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41b-184.dat	xmrig
behavioral1/files/0x000500000001a307-175.dat	xmrig
behavioral1/memory/2016-169-0x000000013FCD0000-0x000000014001D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a07e-167.dat	xmrig
behavioral1/files/0x0005000000019f94-158.dat	xmrig
behavioral1/memory/3040-154-0x000000013F410000-0x000000013F75D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019dbf-147.dat	xmrig
behavioral1/memory/1848-137-0x000000013FF30000-0x000000014027D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019cca-135.dat	xmrig
behavioral1/files/0x0005000000019c57-126.dat	xmrig
behavioral1/memory/2484-118-0x000000013F950000-0x000000013FC9D000-memory.dmp	xmrig
behavioral1/memory/1960-109-0x000000013F3B0000-0x000000013F6FD000-memory.dmp	xmrig
behavioral1/files/0x0005000000019926-107.dat	xmrig
behavioral1/files/0x0005000000019667-98.dat	xmrig
behavioral1/memory/2288-91-0x000000013FBE0000-0x000000013FF2D000-memory.dmp	xmrig
behavioral1/files/0x000500000001961c-90.dat	xmrig
behavioral1/memory/1944-79-0x000000013F290000-0x000000013F5DD000-memory.dmp	xmrig
behavioral1/files/0x000500000001960a-77.dat	xmrig
behavioral1/files/0x0005000000019608-72.dat	xmrig
behavioral1/files/0x0009000000016e09-65.dat	xmrig
behavioral1/files/0x0005000000019606-60.dat	xmrig
behavioral1/memory/2760-55-0x000000013F050000-0x000000013F39D000-memory.dmp	xmrig
behavioral1/memory/2844-53-0x000000013F9F0000-0x000000013FD3D000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2884	OhgmthA.exe
2688	EfgkGnx.exe
824	cfABvin.exe
2820	duwPIMX.exe
3020	auDDIzl.exe
2712	gwJpTcb.exe
2632	HkZPfrX.exe
2760	alYhxfv.exe
2844	UStTzqp.exe
2612	wphKOeH.exe
2108	tgsaUyz.exe
1120	NRwlbyD.exe
1944	fkRnybW.exe
804	AVtVpiv.exe
2288	FDXWaMY.exe
1904	mLDTzig.exe
1960	AcFfgoj.exe
2484	SZBACQO.exe
1964	TcTNTwm.exe
2892	cgOqnuC.exe
1848	KhlAWZE.exe
2516	ZBVBLBH.exe
3040	HfGqKTK.exe
2232	rsHnjDS.exe
2016	SXcehqG.exe
1724	TGIHrcn.exe
920	ZeMPlRg.exe
2428	ZcKLHDl.exe
2184	gttAdgp.exe
1660	SpmeDDg.exe
820	wPXDths.exe
2912	RMfSeYc.exe
3052	TGGpmXT.exe
1440	vvcPvdt.exe
2692	cJcZSNO.exe
1316	arAfIjq.exe
1928	dTwaPzF.exe
1500	UHrNITR.exe
880	QQJEXik.exe
1720	TPtPOlB.exe
1436	OoAsrmx.exe
2604	PhHpjdg.exe
2684	fzRKkbh.exe
2608	rkHbQhF.exe
2972	BEqWrlg.exe
1976	rfweoiH.exe
1924	PdzOEFD.exe
572	BaoTjdE.exe
1104	oxAWeqX.exe
2140	HvvczWP.exe
1408	anSrWKQ.exe
1600	WtMkUmd.exe
2448	rQzVsLs.exe
2364	pkBlezB.exe
564	umzxZIb.exe
2468	XDywqsj.exe
1336	taVlwEW.exe
464	OXowSyh.exe
1632	XYbInNd.exe
1696	zvelayP.exe
2152	pzoovXN.exe
1488	fNGdoBV.exe
1084	qSSavpd.exe
2928	kQjLTgm.exe

Loads dropped DLL 64 IoCs

pid	Process
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\rQzVsLs.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mgdrcDf.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eupCopG.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DuvQWqM.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gzqyAbr.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CKBplDt.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eAfkmJq.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lWrmQZn.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JMOglsc.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kaFziTO.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LnLQnfv.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jqEEnuq.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sdEtQXo.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MgFeXNA.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rsHnjDS.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zchdaYR.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qNwIXos.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HFvshHJ.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WMZXwSR.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fEchrzT.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lnMsalm.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MOXvmKC.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WttrVLp.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hAQcxFS.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RpXOBxa.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eLQeAug.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qbNoJIN.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OXowSyh.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ERGyWJy.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nKTNrsw.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OEbAurC.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RByZMbu.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PQNvtaQ.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jHlrGym.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KnylJDs.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GpTZOQC.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lUdesiM.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pNYCQod.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xqiAwCS.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vDzIPmO.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pUpPtEg.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oHdvZnm.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bzeFrOy.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wbyjiMx.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YbPuFDo.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AOchgKS.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KmIqgDv.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VinougO.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HaMXzrj.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QClAeRo.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XpFUqzr.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HVlnTmO.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CNEOrdB.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZzIdZir.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\luqHJpS.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QNIFnCr.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aDCniBr.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hFSwekm.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KRqNRpP.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uOuXrVv.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IJYzCCt.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sxZbzej.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZPhsGFv.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UiTzPgf.exe	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 2884	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1940 wrote to memory of 2884	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1940 wrote to memory of 2884	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1940 wrote to memory of 2688	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1940 wrote to memory of 2688	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1940 wrote to memory of 2688	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1940 wrote to memory of 824	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1940 wrote to memory of 824	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1940 wrote to memory of 824	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1940 wrote to memory of 2820	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1940 wrote to memory of 2820	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1940 wrote to memory of 2820	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1940 wrote to memory of 3020	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1940 wrote to memory of 3020	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1940 wrote to memory of 3020	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1940 wrote to memory of 2712	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1940 wrote to memory of 2712	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1940 wrote to memory of 2712	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1940 wrote to memory of 2632	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1940 wrote to memory of 2632	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1940 wrote to memory of 2632	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1940 wrote to memory of 2844	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1940 wrote to memory of 2844	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1940 wrote to memory of 2844	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1940 wrote to memory of 2760	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1940 wrote to memory of 2760	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1940 wrote to memory of 2760	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1940 wrote to memory of 2612	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1940 wrote to memory of 2612	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1940 wrote to memory of 2612	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1940 wrote to memory of 2108	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1940 wrote to memory of 2108	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1940 wrote to memory of 2108	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1940 wrote to memory of 1120	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1940 wrote to memory of 1120	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1940 wrote to memory of 1120	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1940 wrote to memory of 1944	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1940 wrote to memory of 1944	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1940 wrote to memory of 1944	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1940 wrote to memory of 804	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1940 wrote to memory of 804	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1940 wrote to memory of 804	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1940 wrote to memory of 2288	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1940 wrote to memory of 2288	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1940 wrote to memory of 2288	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1940 wrote to memory of 1964	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1940 wrote to memory of 1964	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1940 wrote to memory of 1964	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1940 wrote to memory of 1904	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1940 wrote to memory of 1904	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1940 wrote to memory of 1904	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1940 wrote to memory of 2516	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1940 wrote to memory of 2516	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1940 wrote to memory of 2516	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1940 wrote to memory of 1960	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1940 wrote to memory of 1960	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1940 wrote to memory of 1960	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1940 wrote to memory of 2428	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1940 wrote to memory of 2428	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1940 wrote to memory of 2428	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1940 wrote to memory of 2484	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1940 wrote to memory of 2484	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1940 wrote to memory of 2484	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1940 wrote to memory of 2692	1940	2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-27_4e8774e31dd6db05773f14fcd68648f5_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Windows\System\OhgmthA.exe
  C:\Windows\System\OhgmthA.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\EfgkGnx.exe
  C:\Windows\System\EfgkGnx.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\cfABvin.exe
  C:\Windows\System\cfABvin.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\duwPIMX.exe
  C:\Windows\System\duwPIMX.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\auDDIzl.exe
  C:\Windows\System\auDDIzl.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\gwJpTcb.exe
  C:\Windows\System\gwJpTcb.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\HkZPfrX.exe
  C:\Windows\System\HkZPfrX.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\UStTzqp.exe
  C:\Windows\System\UStTzqp.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\alYhxfv.exe
  C:\Windows\System\alYhxfv.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\wphKOeH.exe
  C:\Windows\System\wphKOeH.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\tgsaUyz.exe
  C:\Windows\System\tgsaUyz.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\NRwlbyD.exe
  C:\Windows\System\NRwlbyD.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\fkRnybW.exe
  C:\Windows\System\fkRnybW.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\AVtVpiv.exe
  C:\Windows\System\AVtVpiv.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\FDXWaMY.exe
  C:\Windows\System\FDXWaMY.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\TcTNTwm.exe
  C:\Windows\System\TcTNTwm.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\mLDTzig.exe
  C:\Windows\System\mLDTzig.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\ZBVBLBH.exe
  C:\Windows\System\ZBVBLBH.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\AcFfgoj.exe
  C:\Windows\System\AcFfgoj.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\ZcKLHDl.exe
  C:\Windows\System\ZcKLHDl.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\SZBACQO.exe
  C:\Windows\System\SZBACQO.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\cJcZSNO.exe
  C:\Windows\System\cJcZSNO.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\cgOqnuC.exe
  C:\Windows\System\cgOqnuC.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\BaoTjdE.exe
  C:\Windows\System\BaoTjdE.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\KhlAWZE.exe
  C:\Windows\System\KhlAWZE.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\oxAWeqX.exe
  C:\Windows\System\oxAWeqX.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\HfGqKTK.exe
  C:\Windows\System\HfGqKTK.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\HvvczWP.exe
  C:\Windows\System\HvvczWP.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\rsHnjDS.exe
  C:\Windows\System\rsHnjDS.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\anSrWKQ.exe
  C:\Windows\System\anSrWKQ.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\SXcehqG.exe
  C:\Windows\System\SXcehqG.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\WtMkUmd.exe
  C:\Windows\System\WtMkUmd.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\TGIHrcn.exe
  C:\Windows\System\TGIHrcn.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\rQzVsLs.exe
  C:\Windows\System\rQzVsLs.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\ZeMPlRg.exe
  C:\Windows\System\ZeMPlRg.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\zvelayP.exe
  C:\Windows\System\zvelayP.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\gttAdgp.exe
  C:\Windows\System\gttAdgp.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\pzoovXN.exe
  C:\Windows\System\pzoovXN.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\SpmeDDg.exe
  C:\Windows\System\SpmeDDg.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\fNGdoBV.exe
  C:\Windows\System\fNGdoBV.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\wPXDths.exe
  C:\Windows\System\wPXDths.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\qSSavpd.exe
  C:\Windows\System\qSSavpd.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\RMfSeYc.exe
  C:\Windows\System\RMfSeYc.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\kQjLTgm.exe
  C:\Windows\System\kQjLTgm.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\TGGpmXT.exe
  C:\Windows\System\TGGpmXT.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\DxUotjQ.exe
  C:\Windows\System\DxUotjQ.exe
  2⤵
  PID:2936
- C:\Windows\System\vvcPvdt.exe
  C:\Windows\System\vvcPvdt.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\qgRuEkb.exe
  C:\Windows\System\qgRuEkb.exe
  2⤵
  PID:780
- C:\Windows\System\arAfIjq.exe
  C:\Windows\System\arAfIjq.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\mZTOUsK.exe
  C:\Windows\System\mZTOUsK.exe
  2⤵
  PID:2920
- C:\Windows\System\dTwaPzF.exe
  C:\Windows\System\dTwaPzF.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\zKuGURI.exe
  C:\Windows\System\zKuGURI.exe
  2⤵
  PID:1992
- C:\Windows\System\UHrNITR.exe
  C:\Windows\System\UHrNITR.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\IIHThLD.exe
  C:\Windows\System\IIHThLD.exe
  2⤵
  PID:868
- C:\Windows\System\QQJEXik.exe
  C:\Windows\System\QQJEXik.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\jwQOTrp.exe
  C:\Windows\System\jwQOTrp.exe
  2⤵
  PID:1312
- C:\Windows\System\TPtPOlB.exe
  C:\Windows\System\TPtPOlB.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\NjplPWC.exe
  C:\Windows\System\NjplPWC.exe
  2⤵
  PID:1608
- C:\Windows\System\OoAsrmx.exe
  C:\Windows\System\OoAsrmx.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\VIusQpt.exe
  C:\Windows\System\VIusQpt.exe
  2⤵
  PID:2804
- C:\Windows\System\PhHpjdg.exe
  C:\Windows\System\PhHpjdg.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\rzTxXgT.exe
  C:\Windows\System\rzTxXgT.exe
  2⤵
  PID:2868
- C:\Windows\System\fzRKkbh.exe
  C:\Windows\System\fzRKkbh.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\qbNoJIN.exe
  C:\Windows\System\qbNoJIN.exe
  2⤵
  PID:2756
- C:\Windows\System\rkHbQhF.exe
  C:\Windows\System\rkHbQhF.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\ZAJsSZh.exe
  C:\Windows\System\ZAJsSZh.exe
  2⤵
  PID:2732
- C:\Windows\System\BEqWrlg.exe
  C:\Windows\System\BEqWrlg.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\ENePjDY.exe
  C:\Windows\System\ENePjDY.exe
  2⤵
  PID:1044
- C:\Windows\System\rfweoiH.exe
  C:\Windows\System\rfweoiH.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\FKRixlR.exe
  C:\Windows\System\FKRixlR.exe
  2⤵
  PID:2292
- C:\Windows\System\PdzOEFD.exe
  C:\Windows\System\PdzOEFD.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\ThYTRYG.exe
  C:\Windows\System\ThYTRYG.exe
  2⤵
  PID:3048
- C:\Windows\System\pkBlezB.exe
  C:\Windows\System\pkBlezB.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\QbytkzG.exe
  C:\Windows\System\QbytkzG.exe
  2⤵
  PID:1180
- C:\Windows\System\umzxZIb.exe
  C:\Windows\System\umzxZIb.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\wbyjiMx.exe
  C:\Windows\System\wbyjiMx.exe
  2⤵
  PID:2000
- C:\Windows\System\XDywqsj.exe
  C:\Windows\System\XDywqsj.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\WbpPNRx.exe
  C:\Windows\System\WbpPNRx.exe
  2⤵
  PID:1740
- C:\Windows\System\taVlwEW.exe
  C:\Windows\System\taVlwEW.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\BIlhgSF.exe
  C:\Windows\System\BIlhgSF.exe
  2⤵
  PID:2300
- C:\Windows\System\OXowSyh.exe
  C:\Windows\System\OXowSyh.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\duafnSf.exe
  C:\Windows\System\duafnSf.exe
  2⤵
  PID:2724
- C:\Windows\System\XYbInNd.exe
  C:\Windows\System\XYbInNd.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\yrleDAb.exe
  C:\Windows\System\yrleDAb.exe
  2⤵
  PID:3100
- C:\Windows\System\mVUlmor.exe
  C:\Windows\System\mVUlmor.exe
  2⤵
  PID:3128
- C:\Windows\System\AZuqQXY.exe
  C:\Windows\System\AZuqQXY.exe
  2⤵
  PID:3192
- C:\Windows\System\wjPWQmF.exe
  C:\Windows\System\wjPWQmF.exe
  2⤵
  PID:3216
- C:\Windows\System\MlumiOI.exe
  C:\Windows\System\MlumiOI.exe
  2⤵
  PID:3232
- C:\Windows\System\ZUhsUnX.exe
  C:\Windows\System\ZUhsUnX.exe
  2⤵
  PID:3248
- C:\Windows\System\AUCECDz.exe
  C:\Windows\System\AUCECDz.exe
  2⤵
  PID:3264
- C:\Windows\System\FRutBEE.exe
  C:\Windows\System\FRutBEE.exe
  2⤵
  PID:3288
- C:\Windows\System\qgcHndt.exe
  C:\Windows\System\qgcHndt.exe
  2⤵
  PID:3308
- C:\Windows\System\ArUjwGX.exe
  C:\Windows\System\ArUjwGX.exe
  2⤵
  PID:3348
- C:\Windows\System\BTGmCTW.exe
  C:\Windows\System\BTGmCTW.exe
  2⤵
  PID:3384
- C:\Windows\System\aXcRCzW.exe
  C:\Windows\System\aXcRCzW.exe
  2⤵
  PID:3408
- C:\Windows\System\jYEVsKf.exe
  C:\Windows\System\jYEVsKf.exe
  2⤵
  PID:3428
- C:\Windows\System\xuqrAmO.exe
  C:\Windows\System\xuqrAmO.exe
  2⤵
  PID:3444
- C:\Windows\System\KUdkWwZ.exe
  C:\Windows\System\KUdkWwZ.exe
  2⤵
  PID:3460
- C:\Windows\System\EiSXcQC.exe
  C:\Windows\System\EiSXcQC.exe
  2⤵
  PID:3476
- C:\Windows\System\XXEwrzU.exe
  C:\Windows\System\XXEwrzU.exe
  2⤵
  PID:3492
- C:\Windows\System\lnMsalm.exe
  C:\Windows\System\lnMsalm.exe
  2⤵
  PID:3508
- C:\Windows\System\XPXrLXL.exe
  C:\Windows\System\XPXrLXL.exe
  2⤵
  PID:3524
- C:\Windows\System\RENtfSu.exe
  C:\Windows\System\RENtfSu.exe
  2⤵
  PID:3540
- C:\Windows\System\AStkYqr.exe
  C:\Windows\System\AStkYqr.exe
  2⤵
  PID:3556
- C:\Windows\System\GWlWvZp.exe
  C:\Windows\System\GWlWvZp.exe
  2⤵
  PID:3576
- C:\Windows\System\dkSaCTf.exe
  C:\Windows\System\dkSaCTf.exe
  2⤵
  PID:3604
- C:\Windows\System\NuVOjoc.exe
  C:\Windows\System\NuVOjoc.exe
  2⤵
  PID:4064
- C:\Windows\System\deihuTG.exe
  C:\Windows\System\deihuTG.exe
  2⤵
  PID:4092
- C:\Windows\System\WIAEZDB.exe
  C:\Windows\System\WIAEZDB.exe
  2⤵
  PID:2456
- C:\Windows\System\oSNqsUA.exe
  C:\Windows\System\oSNqsUA.exe
  2⤵
  PID:1952
- C:\Windows\System\MMmJWsi.exe
  C:\Windows\System\MMmJWsi.exe
  2⤵
  PID:2164
- C:\Windows\System\zMBjpsq.exe
  C:\Windows\System\zMBjpsq.exe
  2⤵
  PID:2652
- C:\Windows\System\bxsDsCn.exe
  C:\Windows\System\bxsDsCn.exe
  2⤵
  PID:2552
- C:\Windows\System\JBEbfob.exe
  C:\Windows\System\JBEbfob.exe
  2⤵
  PID:2004
- C:\Windows\System\qGbCRyp.exe
  C:\Windows\System\qGbCRyp.exe
  2⤵
  PID:1148
- C:\Windows\System\geAzPYb.exe
  C:\Windows\System\geAzPYb.exe
  2⤵
  PID:1872
- C:\Windows\System\YLkLxBx.exe
  C:\Windows\System\YLkLxBx.exe
  2⤵
  PID:2320
- C:\Windows\System\VxYHRrN.exe
  C:\Windows\System\VxYHRrN.exe
  2⤵
  PID:2984
- C:\Windows\System\InwIFul.exe
  C:\Windows\System\InwIFul.exe
  2⤵
  PID:2404
- C:\Windows\System\nlqPYmz.exe
  C:\Windows\System\nlqPYmz.exe
  2⤵
  PID:2316
- C:\Windows\System\twKDcjC.exe
  C:\Windows\System\twKDcjC.exe
  2⤵
  PID:3076
- C:\Windows\System\VjpEvtd.exe
  C:\Windows\System\VjpEvtd.exe
  2⤵
  PID:3136
- C:\Windows\System\UTuASZa.exe
  C:\Windows\System\UTuASZa.exe
  2⤵
  PID:3152
- C:\Windows\System\jNFTnxG.exe
  C:\Windows\System\jNFTnxG.exe
  2⤵
  PID:3184
- C:\Windows\System\dzckGjy.exe
  C:\Windows\System\dzckGjy.exe
  2⤵
  PID:3256
- C:\Windows\System\EXZEUVX.exe
  C:\Windows\System\EXZEUVX.exe
  2⤵
  PID:3304
- C:\Windows\System\HVlnTmO.exe
  C:\Windows\System\HVlnTmO.exe
  2⤵
  PID:3368
- C:\Windows\System\hnEHuVi.exe
  C:\Windows\System\hnEHuVi.exe
  2⤵
  PID:3452
- C:\Windows\System\lJANevY.exe
  C:\Windows\System\lJANevY.exe
  2⤵
  PID:3548
- C:\Windows\System\tDDBjNs.exe
  C:\Windows\System\tDDBjNs.exe
  2⤵
  PID:3596
- C:\Windows\System\anQVxof.exe
  C:\Windows\System\anQVxof.exe
  2⤵
  PID:2672
- C:\Windows\System\MOPUlzl.exe
  C:\Windows\System\MOPUlzl.exe
  2⤵
  PID:452
- C:\Windows\System\AZFjTsb.exe
  C:\Windows\System\AZFjTsb.exe
  2⤵
  PID:836
- C:\Windows\System\rkXTHHI.exe
  C:\Windows\System\rkXTHHI.exe
  2⤵
  PID:764
- C:\Windows\System\kEkGgJW.exe
  C:\Windows\System\kEkGgJW.exe
  2⤵
  PID:3116
- C:\Windows\System\iMbZlEy.exe
  C:\Windows\System\iMbZlEy.exe
  2⤵
  PID:3204
- C:\Windows\System\ymMMbEE.exe
  C:\Windows\System\ymMMbEE.exe
  2⤵
  PID:3276
- C:\Windows\System\vppdEjb.exe
  C:\Windows\System\vppdEjb.exe
  2⤵
  PID:3328
- C:\Windows\System\XYPXYhG.exe
  C:\Windows\System\XYPXYhG.exe
  2⤵
  PID:3396
- C:\Windows\System\QtGpoop.exe
  C:\Windows\System\QtGpoop.exe
  2⤵
  PID:3468
- C:\Windows\System\PQoHPbO.exe
  C:\Windows\System\PQoHPbO.exe
  2⤵
  PID:3532
- C:\Windows\System\WoUREjH.exe
  C:\Windows\System\WoUREjH.exe
  2⤵
  PID:3612
- C:\Windows\System\HQmJBug.exe
  C:\Windows\System\HQmJBug.exe
  2⤵
  PID:1528
- C:\Windows\System\VZoLuYv.exe
  C:\Windows\System\VZoLuYv.exe
  2⤵
  PID:1596
- C:\Windows\System\IHUyQka.exe
  C:\Windows\System\IHUyQka.exe
  2⤵
  PID:2332
- C:\Windows\System\VpzToGR.exe
  C:\Windows\System\VpzToGR.exe
  2⤵
  PID:1080
- C:\Windows\System\OJefLIq.exe
  C:\Windows\System\OJefLIq.exe
  2⤵
  PID:3688
- C:\Windows\System\gMjNciC.exe
  C:\Windows\System\gMjNciC.exe
  2⤵
  PID:3704
- C:\Windows\System\CaXksgu.exe
  C:\Windows\System\CaXksgu.exe
  2⤵
  PID:3720
- C:\Windows\System\eAfkmJq.exe
  C:\Windows\System\eAfkmJq.exe
  2⤵
  PID:3740
- C:\Windows\System\uhvjxLl.exe
  C:\Windows\System\uhvjxLl.exe
  2⤵
  PID:3756
- C:\Windows\System\CNkGmJY.exe
  C:\Windows\System\CNkGmJY.exe
  2⤵
  PID:3784
- C:\Windows\System\nlEYKFe.exe
  C:\Windows\System\nlEYKFe.exe
  2⤵
  PID:3808
- C:\Windows\System\oUlILjB.exe
  C:\Windows\System\oUlILjB.exe
  2⤵
  PID:3832
- C:\Windows\System\HBFKYFE.exe
  C:\Windows\System\HBFKYFE.exe
  2⤵
  PID:3900
- C:\Windows\System\DMQDzCR.exe
  C:\Windows\System\DMQDzCR.exe
  2⤵
  PID:3884
- C:\Windows\System\MUxMClS.exe
  C:\Windows\System\MUxMClS.exe
  2⤵
  PID:3860
- C:\Windows\System\NDRtTyF.exe
  C:\Windows\System\NDRtTyF.exe
  2⤵
  PID:3996
- C:\Windows\System\jbfobpv.exe
  C:\Windows\System\jbfobpv.exe
  2⤵
  PID:3980
- C:\Windows\System\Kglpedv.exe
  C:\Windows\System\Kglpedv.exe
  2⤵
  PID:3960
- C:\Windows\System\QynOkud.exe
  C:\Windows\System\QynOkud.exe
  2⤵
  PID:3944
- C:\Windows\System\ABfEWdl.exe
  C:\Windows\System\ABfEWdl.exe
  2⤵
  PID:3916
- C:\Windows\System\CsExpaq.exe
  C:\Windows\System\CsExpaq.exe
  2⤵
  PID:4012
- C:\Windows\System\cCkTzCV.exe
  C:\Windows\System\cCkTzCV.exe
  2⤵
  PID:4032
- C:\Windows\System\udrXVMy.exe
  C:\Windows\System\udrXVMy.exe
  2⤵
  PID:4060
- C:\Windows\System\GpsaOPy.exe
  C:\Windows\System\GpsaOPy.exe
  2⤵
  PID:2188
- C:\Windows\System\JHHhnuA.exe
  C:\Windows\System\JHHhnuA.exe
  2⤵
  PID:2872
- C:\Windows\System\AMVFDqx.exe
  C:\Windows\System\AMVFDqx.exe
  2⤵
  PID:980
- C:\Windows\System\VYddcTW.exe
  C:\Windows\System\VYddcTW.exe
  2⤵
  PID:1392
- C:\Windows\System\EDrEmhH.exe
  C:\Windows\System\EDrEmhH.exe
  2⤵
  PID:3088
- C:\Windows\System\aMTQaCj.exe
  C:\Windows\System\aMTQaCj.exe
  2⤵
  PID:3172
- C:\Windows\System\NrEThvY.exe
  C:\Windows\System\NrEThvY.exe
  2⤵
  PID:3376
- C:\Windows\System\sbmWFCy.exe
  C:\Windows\System\sbmWFCy.exe
  2⤵
  PID:3424
- C:\Windows\System\yLyEkmN.exe
  C:\Windows\System\yLyEkmN.exe
  2⤵
  PID:3588
- C:\Windows\System\DXBqdwx.exe
  C:\Windows\System\DXBqdwx.exe
  2⤵
  PID:2900
- C:\Windows\System\AWPScSv.exe
  C:\Windows\System\AWPScSv.exe
  2⤵
  PID:2200
- C:\Windows\System\VHryEel.exe
  C:\Windows\System\VHryEel.exe
  2⤵
  PID:3324
- C:\Windows\System\fvKaPDr.exe
  C:\Windows\System\fvKaPDr.exe
  2⤵
  PID:3564
- C:\Windows\System\COiQoRP.exe
  C:\Windows\System\COiQoRP.exe
  2⤵
  PID:3636
- C:\Windows\System\vZJYJRF.exe
  C:\Windows\System\vZJYJRF.exe
  2⤵
  PID:3696
- C:\Windows\System\sxZbzej.exe
  C:\Windows\System\sxZbzej.exe
  2⤵
  PID:3744
- C:\Windows\System\nCkmIcf.exe
  C:\Windows\System\nCkmIcf.exe
  2⤵
  PID:3820
- C:\Windows\System\lJZFaUv.exe
  C:\Windows\System\lJZFaUv.exe
  2⤵
  PID:3888
- C:\Windows\System\YPQTLtU.exe
  C:\Windows\System\YPQTLtU.exe
  2⤵
  PID:3972
- C:\Windows\System\ZlWzemX.exe
  C:\Windows\System\ZlWzemX.exe
  2⤵
  PID:3920
- C:\Windows\System\tPGdBKe.exe
  C:\Windows\System\tPGdBKe.exe
  2⤵
  PID:4088
- C:\Windows\System\efUSTMB.exe
  C:\Windows\System\efUSTMB.exe
  2⤵
  PID:1736
- C:\Windows\System\bJuOTPL.exe
  C:\Windows\System\bJuOTPL.exe
  2⤵
  PID:3296
- C:\Windows\System\HqFovdv.exe
  C:\Windows\System\HqFovdv.exe
  2⤵
  PID:2776
- C:\Windows\System\LWNzYQQ.exe
  C:\Windows\System\LWNzYQQ.exe
  2⤵
  PID:2800
- C:\Windows\System\ySjQuSb.exe
  C:\Windows\System\ySjQuSb.exe
  2⤵
  PID:2624
- C:\Windows\System\lMIgUKu.exe
  C:\Windows\System\lMIgUKu.exe
  2⤵
  PID:4004
- C:\Windows\System\lWrmQZn.exe
  C:\Windows\System\lWrmQZn.exe
  2⤵
  PID:4100
- C:\Windows\System\ZyVNdex.exe
  C:\Windows\System\ZyVNdex.exe
  2⤵
  PID:4120
- C:\Windows\System\CTSadJl.exe
  C:\Windows\System\CTSadJl.exe
  2⤵
  PID:4148
- C:\Windows\System\nLqSAAn.exe
  C:\Windows\System\nLqSAAn.exe
  2⤵
  PID:4164
- C:\Windows\System\ZAfDitb.exe
  C:\Windows\System\ZAfDitb.exe
  2⤵
  PID:4180
- C:\Windows\System\PATtMLv.exe
  C:\Windows\System\PATtMLv.exe
  2⤵
  PID:4196
- C:\Windows\System\YXvxUaH.exe
  C:\Windows\System\YXvxUaH.exe
  2⤵
  PID:4212
- C:\Windows\System\ARPlioo.exe
  C:\Windows\System\ARPlioo.exe
  2⤵
  PID:4228
- C:\Windows\System\UcyjYer.exe
  C:\Windows\System\UcyjYer.exe
  2⤵
  PID:4244
- C:\Windows\System\NlUApqj.exe
  C:\Windows\System\NlUApqj.exe
  2⤵
  PID:4260
- C:\Windows\System\fvPaMpU.exe
  C:\Windows\System\fvPaMpU.exe
  2⤵
  PID:4284
- C:\Windows\System\vaxrLUI.exe
  C:\Windows\System\vaxrLUI.exe
  2⤵
  PID:4300
- C:\Windows\System\zpqkLmZ.exe
  C:\Windows\System\zpqkLmZ.exe
  2⤵
  PID:4316
- C:\Windows\System\frWLbxe.exe
  C:\Windows\System\frWLbxe.exe
  2⤵
  PID:4332
- C:\Windows\System\PFJQlUO.exe
  C:\Windows\System\PFJQlUO.exe
  2⤵
  PID:4348
- C:\Windows\System\KLIEKQz.exe
  C:\Windows\System\KLIEKQz.exe
  2⤵
  PID:4432
- C:\Windows\System\LlSjuep.exe
  C:\Windows\System\LlSjuep.exe
  2⤵
  PID:4448
- C:\Windows\System\BxhhvQK.exe
  C:\Windows\System\BxhhvQK.exe
  2⤵
  PID:4476
- C:\Windows\System\MLSlWCh.exe
  C:\Windows\System\MLSlWCh.exe
  2⤵
  PID:4496
- C:\Windows\System\HEHMwaV.exe
  C:\Windows\System\HEHMwaV.exe
  2⤵
  PID:4520
- C:\Windows\System\xIvFvnY.exe
  C:\Windows\System\xIvFvnY.exe
  2⤵
  PID:4544
- C:\Windows\System\ZmqRDpM.exe
  C:\Windows\System\ZmqRDpM.exe
  2⤵
  PID:4560
- C:\Windows\System\KCSzKRd.exe
  C:\Windows\System\KCSzKRd.exe
  2⤵
  PID:4576
- C:\Windows\System\kVrlgnS.exe
  C:\Windows\System\kVrlgnS.exe
  2⤵
  PID:4604
- C:\Windows\System\VRdwcBJ.exe
  C:\Windows\System\VRdwcBJ.exe
  2⤵
  PID:4620
- C:\Windows\System\IAEmWKZ.exe
  C:\Windows\System\IAEmWKZ.exe
  2⤵
  PID:4636
- C:\Windows\System\cdWVWRW.exe
  C:\Windows\System\cdWVWRW.exe
  2⤵
  PID:4652
- C:\Windows\System\OYXyOgZ.exe
  C:\Windows\System\OYXyOgZ.exe
  2⤵
  PID:4684
- C:\Windows\System\PKWwhqU.exe
  C:\Windows\System\PKWwhqU.exe
  2⤵
  PID:4700
- C:\Windows\System\SJGMjJA.exe
  C:\Windows\System\SJGMjJA.exe
  2⤵
  PID:4720
- C:\Windows\System\SSNnnvR.exe
  C:\Windows\System\SSNnnvR.exe
  2⤵
  PID:4736
- C:\Windows\System\CpLcljn.exe
  C:\Windows\System\CpLcljn.exe
  2⤵
  PID:4752
- C:\Windows\System\hkGaYDw.exe
  C:\Windows\System\hkGaYDw.exe
  2⤵
  PID:4768
- C:\Windows\System\WLyPrcA.exe
  C:\Windows\System\WLyPrcA.exe
  2⤵
  PID:4784
- C:\Windows\System\wSzJIzC.exe
  C:\Windows\System\wSzJIzC.exe
  2⤵
  PID:4800
- C:\Windows\System\bkzXjVw.exe
  C:\Windows\System\bkzXjVw.exe
  2⤵
  PID:4816
- C:\Windows\System\yFXoaDp.exe
  C:\Windows\System\yFXoaDp.exe
  2⤵
  PID:4832
- C:\Windows\System\absqFti.exe
  C:\Windows\System\absqFti.exe
  2⤵
  PID:4848
- C:\Windows\System\AFDUfrr.exe
  C:\Windows\System\AFDUfrr.exe
  2⤵
  PID:4864
- C:\Windows\System\lXhsfNw.exe
  C:\Windows\System\lXhsfNw.exe
  2⤵
  PID:4880
- C:\Windows\System\bNARImY.exe
  C:\Windows\System\bNARImY.exe
  2⤵
  PID:4896
- C:\Windows\System\PDszlCr.exe
  C:\Windows\System\PDszlCr.exe
  2⤵
  PID:4912
- C:\Windows\System\SEpNXsE.exe
  C:\Windows\System\SEpNXsE.exe
  2⤵
  PID:4928
- C:\Windows\System\GogWPIO.exe
  C:\Windows\System\GogWPIO.exe
  2⤵
  PID:4944
- C:\Windows\System\pHFvPsa.exe
  C:\Windows\System\pHFvPsa.exe
  2⤵
  PID:4960
- C:\Windows\System\GSprbwm.exe
  C:\Windows\System\GSprbwm.exe
  2⤵
  PID:5000
- C:\Windows\System\cOsjTBA.exe
  C:\Windows\System\cOsjTBA.exe
  2⤵
  PID:4392
- C:\Windows\System\kQRIAsj.exe
  C:\Windows\System\kQRIAsj.exe
  2⤵
  PID:4412
- C:\Windows\System\lPNaIMU.exe
  C:\Windows\System\lPNaIMU.exe
  2⤵
  PID:4424
- C:\Windows\System\pNIHhtl.exe
  C:\Windows\System\pNIHhtl.exe
  2⤵
  PID:4460
- C:\Windows\System\qHWVtXQ.exe
  C:\Windows\System\qHWVtXQ.exe
  2⤵
  PID:4504
- C:\Windows\System\UzQdvTp.exe
  C:\Windows\System\UzQdvTp.exe
  2⤵
  PID:1272
- C:\Windows\System\XIkJzTF.exe
  C:\Windows\System\XIkJzTF.exe
  2⤵
  PID:4588
- C:\Windows\System\LZXJnzu.exe
  C:\Windows\System\LZXJnzu.exe
  2⤵
  PID:4628
- C:\Windows\System\PehujSu.exe
  C:\Windows\System\PehujSu.exe
  2⤵
  PID:4668
- C:\Windows\System\IzQMknz.exe
  C:\Windows\System\IzQMknz.exe
  2⤵
  PID:2980
- C:\Windows\System\rtxkveJ.exe
  C:\Windows\System\rtxkveJ.exe
  2⤵
  PID:2436
- C:\Windows\System\wIDApDu.exe
  C:\Windows\System\wIDApDu.exe
  2⤵
  PID:4812
- C:\Windows\System\LEnCBhP.exe
  C:\Windows\System\LEnCBhP.exe
  2⤵
  PID:4872
- C:\Windows\System\ERGyWJy.exe
  C:\Windows\System\ERGyWJy.exe
  2⤵
  PID:4904
- C:\Windows\System\NazXtqa.exe
  C:\Windows\System\NazXtqa.exe
  2⤵
  PID:4980
- C:\Windows\System\LgEaoEN.exe
  C:\Windows\System\LgEaoEN.exe
  2⤵
  PID:4440
- C:\Windows\System\qfEBoUu.exe
  C:\Windows\System\qfEBoUu.exe
  2⤵
  PID:2264
- C:\Windows\System\UlkvAVJ.exe
  C:\Windows\System\UlkvAVJ.exe
  2⤵
  PID:2304
- C:\Windows\System\jmuQypH.exe
  C:\Windows\System\jmuQypH.exe
  2⤵
  PID:1708
- C:\Windows\System\FjFbdtp.exe
  C:\Windows\System\FjFbdtp.exe
  2⤵
  PID:3224
- C:\Windows\System\iMJNmep.exe
  C:\Windows\System\iMJNmep.exe
  2⤵
  PID:3108
- C:\Windows\System\aHhrpWy.exe
  C:\Windows\System\aHhrpWy.exe
  2⤵
  PID:3244
- C:\Windows\System\BkFNkNw.exe
  C:\Windows\System\BkFNkNw.exe
  2⤵
  PID:3344
- C:\Windows\System\YbPuFDo.exe
  C:\Windows\System\YbPuFDo.exe
  2⤵
  PID:1988
- C:\Windows\System\xwclkfA.exe
  C:\Windows\System\xwclkfA.exe
  2⤵
  PID:3716
- C:\Windows\System\KOrDRrl.exe
  C:\Windows\System\KOrDRrl.exe
  2⤵
  PID:3796
- C:\Windows\System\sFayACb.exe
  C:\Windows\System\sFayACb.exe
  2⤵
  PID:3848
- C:\Windows\System\IxntAYK.exe
  C:\Windows\System\IxntAYK.exe
  2⤵
  PID:3952
- C:\Windows\System\TMEQZwx.exe
  C:\Windows\System\TMEQZwx.exe
  2⤵
  PID:3016
- C:\Windows\System\qefSJit.exe
  C:\Windows\System\qefSJit.exe
  2⤵
  PID:2472
- C:\Windows\System\OHmvXUK.exe
  C:\Windows\System\OHmvXUK.exe
  2⤵
  PID:2416
- C:\Windows\System\euvCywN.exe
  C:\Windows\System\euvCywN.exe
  2⤵
  PID:3732
- C:\Windows\System\UhWTyIi.exe
  C:\Windows\System\UhWTyIi.exe
  2⤵
  PID:3928
- C:\Windows\System\mOYvLLv.exe
  C:\Windows\System\mOYvLLv.exe
  2⤵
  PID:1984
- C:\Windows\System\kLvlHOH.exe
  C:\Windows\System\kLvlHOH.exe
  2⤵
  PID:3584
- C:\Windows\System\ZyfRsiW.exe
  C:\Windows\System\ZyfRsiW.exe
  2⤵
  PID:4008
- C:\Windows\System\tbmBZIb.exe
  C:\Windows\System\tbmBZIb.exe
  2⤵
  PID:4132
- C:\Windows\System\xUNjbWZ.exe
  C:\Windows\System\xUNjbWZ.exe
  2⤵
  PID:4172
- C:\Windows\System\QTHoUdp.exe
  C:\Windows\System\QTHoUdp.exe
  2⤵
  PID:4236
- C:\Windows\System\yrgLouw.exe
  C:\Windows\System\yrgLouw.exe
  2⤵
  PID:4276
- C:\Windows\System\gnvwHMn.exe
  C:\Windows\System\gnvwHMn.exe
  2⤵
  PID:4484
- C:\Windows\System\uXPRnBX.exe
  C:\Windows\System\uXPRnBX.exe
  2⤵
  PID:4536
- C:\Windows\System\ChxBhOe.exe
  C:\Windows\System\ChxBhOe.exe
  2⤵
  PID:4572
- C:\Windows\System\HeLXWsI.exe
  C:\Windows\System\HeLXWsI.exe
  2⤵
  PID:4692
- C:\Windows\System\NvzmJED.exe
  C:\Windows\System\NvzmJED.exe
  2⤵
  PID:4760
- C:\Windows\System\ajoyRDB.exe
  C:\Windows\System\ajoyRDB.exe
  2⤵
  PID:604
- C:\Windows\System\PAcCqTx.exe
  C:\Windows\System\PAcCqTx.exe
  2⤵
  PID:4824
- C:\Windows\System\aHeTquv.exe
  C:\Windows\System\aHeTquv.exe
  2⤵
  PID:4888
- C:\Windows\System\bghnrjk.exe
  C:\Windows\System\bghnrjk.exe
  2⤵
  PID:4952
- C:\Windows\System\JMOglsc.exe
  C:\Windows\System\JMOglsc.exe
  2⤵
  PID:2044
- C:\Windows\System\nSDlDZs.exe
  C:\Windows\System\nSDlDZs.exe
  2⤵
  PID:4112
- C:\Windows\System\TaiEenp.exe
  C:\Windows\System\TaiEenp.exe
  2⤵
  PID:5016
- C:\Windows\System\KyOHMDP.exe
  C:\Windows\System\KyOHMDP.exe
  2⤵
  PID:5032
- C:\Windows\System\AuwOXGn.exe
  C:\Windows\System\AuwOXGn.exe
  2⤵
  PID:5048
- C:\Windows\System\yRMugxu.exe
  C:\Windows\System\yRMugxu.exe
  2⤵
  PID:5064
- C:\Windows\System\cwjxkQr.exe
  C:\Windows\System\cwjxkQr.exe
  2⤵
  PID:5080
- C:\Windows\System\HfaMLSy.exe
  C:\Windows\System\HfaMLSy.exe
  2⤵
  PID:4156
- C:\Windows\System\sXutJoP.exe
  C:\Windows\System\sXutJoP.exe
  2⤵
  PID:2120
- C:\Windows\System\xqiAwCS.exe
  C:\Windows\System\xqiAwCS.exe
  2⤵
  PID:2720
- C:\Windows\System\ZESJsmx.exe
  C:\Windows\System\ZESJsmx.exe
  2⤵
  PID:3180
- C:\Windows\System\SxJPidU.exe
  C:\Windows\System\SxJPidU.exe
  2⤵
  PID:1604
- C:\Windows\System\oTnkxel.exe
  C:\Windows\System\oTnkxel.exe
  2⤵
  PID:3816
- C:\Windows\System\KsMJTJs.exe
  C:\Windows\System\KsMJTJs.exe
  2⤵
  PID:4188
- C:\Windows\System\sFjZRAg.exe
  C:\Windows\System\sFjZRAg.exe
  2⤵
  PID:4256
- C:\Windows\System\icBZZko.exe
  C:\Windows\System\icBZZko.exe
  2⤵
  PID:4324
- C:\Windows\System\cATYSRu.exe
  C:\Windows\System\cATYSRu.exe
  2⤵
  PID:2768
- C:\Windows\System\LyVxven.exe
  C:\Windows\System\LyVxven.exe
  2⤵
  PID:4416
- C:\Windows\System\WJzDUPa.exe
  C:\Windows\System\WJzDUPa.exe
  2⤵
  PID:1368
- C:\Windows\System\ydmsHwj.exe
  C:\Windows\System\ydmsHwj.exe
  2⤵
  PID:3936
- C:\Windows\System\GQSacCJ.exe
  C:\Windows\System\GQSacCJ.exe
  2⤵
  PID:4080
- C:\Windows\System\SgeKdGU.exe
  C:\Windows\System\SgeKdGU.exe
  2⤵
  PID:4308
- C:\Windows\System\VAMlWmi.exe
  C:\Windows\System\VAMlWmi.exe
  2⤵
  PID:4728
- C:\Windows\System\rywmvKu.exe
  C:\Windows\System\rywmvKu.exe
  2⤵
  PID:4860
- C:\Windows\System\sTQAGVZ.exe
  C:\Windows\System\sTQAGVZ.exe
  2⤵
  PID:5008
- C:\Windows\System\agusIXf.exe
  C:\Windows\System\agusIXf.exe
  2⤵
  PID:2092
- C:\Windows\System\HfRduyM.exe
  C:\Windows\System\HfRduyM.exe
  2⤵
  PID:5024
- C:\Windows\System\vOSENqL.exe
  C:\Windows\System\vOSENqL.exe
  2⤵
  PID:5072
- C:\Windows\System\DDZNQhc.exe
  C:\Windows\System\DDZNQhc.exe
  2⤵
  PID:5056
- C:\Windows\System\qECwRjE.exe
  C:\Windows\System\qECwRjE.exe
  2⤵
  PID:2992
- C:\Windows\System\NudeLiL.exe
  C:\Windows\System\NudeLiL.exe
  2⤵
  PID:5112
- C:\Windows\System\vSAXGGc.exe
  C:\Windows\System\vSAXGGc.exe
  2⤵
  PID:4220
- C:\Windows\System\DoZtZMS.exe
  C:\Windows\System\DoZtZMS.exe
  2⤵
  PID:1760
- C:\Windows\System\qOiiDtL.exe
  C:\Windows\System\qOiiDtL.exe
  2⤵
  PID:1204
- C:\Windows\System\wBxfbbY.exe
  C:\Windows\System\wBxfbbY.exe
  2⤵
  PID:4516
- C:\Windows\System\NfJiRGc.exe
  C:\Windows\System\NfJiRGc.exe
  2⤵
  PID:2396
- C:\Windows\System\AyFgPGh.exe
  C:\Windows\System\AyFgPGh.exe
  2⤵
  PID:4372
- C:\Windows\System\tBMZzJR.exe
  C:\Windows\System\tBMZzJR.exe
  2⤵
  PID:2488
- C:\Windows\System\ridgmBI.exe
  C:\Windows\System\ridgmBI.exe
  2⤵
  PID:4400
- C:\Windows\System\LJIRrKN.exe
  C:\Windows\System\LJIRrKN.exe
  2⤵
  PID:4472
- C:\Windows\System\wFkTCtB.exe
  C:\Windows\System\wFkTCtB.exe
  2⤵
  PID:4708
- C:\Windows\System\KEhGQGc.exe
  C:\Windows\System\KEhGQGc.exe
  2⤵
  PID:4584
- C:\Windows\System\GvnYFOL.exe
  C:\Windows\System\GvnYFOL.exe
  2⤵
  PID:2508
- C:\Windows\System\TxCQJDw.exe
  C:\Windows\System\TxCQJDw.exe
  2⤵
  PID:3760
- C:\Windows\System\YZjheVq.exe
  C:\Windows\System\YZjheVq.exe
  2⤵
  PID:2352
- C:\Windows\System\pfZwWZl.exe
  C:\Windows\System\pfZwWZl.exe
  2⤵
  PID:3792
- C:\Windows\System\GdGEAVp.exe
  C:\Windows\System\GdGEAVp.exe
  2⤵
  PID:3868
- C:\Windows\System\LBHrRBi.exe
  C:\Windows\System\LBHrRBi.exe
  2⤵
  PID:4056
- C:\Windows\System\OmxgOWo.exe
  C:\Windows\System\OmxgOWo.exe
  2⤵
  PID:2876
- C:\Windows\System\Kwuzdbv.exe
  C:\Windows\System\Kwuzdbv.exe
  2⤵
  PID:3736
- C:\Windows\System\EkKsuvc.exe
  C:\Windows\System\EkKsuvc.exe
  2⤵
  PID:3436
- C:\Windows\System\zrTmqoc.exe
  C:\Windows\System\zrTmqoc.exe
  2⤵
  PID:3484
- C:\Windows\System\oHLPToB.exe
  C:\Windows\System\oHLPToB.exe
  2⤵
  PID:2548
- C:\Windows\System\PcEeWag.exe
  C:\Windows\System\PcEeWag.exe
  2⤵
  PID:4528
- C:\Windows\System\UwQIJTE.exe
  C:\Windows\System\UwQIJTE.exe
  2⤵
  PID:4268
- C:\Windows\System\nKTNrsw.exe
  C:\Windows\System\nKTNrsw.exe
  2⤵
  PID:1228
- C:\Windows\System\QqXIIWC.exe
  C:\Windows\System\QqXIIWC.exe
  2⤵
  PID:2704
- C:\Windows\System\MbUZGHS.exe
  C:\Windows\System\MbUZGHS.exe
  2⤵
  PID:4044
- C:\Windows\System\ShwhMFi.exe
  C:\Windows\System\ShwhMFi.exe
  2⤵
  PID:3168
- C:\Windows\System\eeFdWDv.exe
  C:\Windows\System\eeFdWDv.exe
  2⤵
  PID:1972
- C:\Windows\System\gFgNEzP.exe
  C:\Windows\System\gFgNEzP.exe
  2⤵
  PID:4568
- C:\Windows\System\mUjtFmM.exe
  C:\Windows\System\mUjtFmM.exe
  2⤵
  PID:2372
- C:\Windows\System\iUFmGUE.exe
  C:\Windows\System\iUFmGUE.exe
  2⤵
  PID:4108
- C:\Windows\System\ChISzNf.exe
  C:\Windows\System\ChISzNf.exe
  2⤵
  PID:5088
- C:\Windows\System\TDdekZZ.exe
  C:\Windows\System\TDdekZZ.exe
  2⤵
  PID:2908
- C:\Windows\System\PyThGVp.exe
  C:\Windows\System\PyThGVp.exe
  2⤵
  PID:1640
- C:\Windows\System\UbSDvVV.exe
  C:\Windows\System\UbSDvVV.exe
  2⤵
  PID:1716
- C:\Windows\System\DParNmU.exe
  C:\Windows\System\DParNmU.exe
  2⤵
  PID:5028
- C:\Windows\System\GysNmAC.exe
  C:\Windows\System\GysNmAC.exe
  2⤵
  PID:4776
- C:\Windows\System\RLlLgVS.exe
  C:\Windows\System\RLlLgVS.exe
  2⤵
  PID:4384
- C:\Windows\System\YgstvUg.exe
  C:\Windows\System\YgstvUg.exe
  2⤵
  PID:4660
- C:\Windows\System\VTUQxZi.exe
  C:\Windows\System\VTUQxZi.exe
  2⤵
  PID:4664
- C:\Windows\System\IoHFQdQ.exe
  C:\Windows\System\IoHFQdQ.exe
  2⤵
  PID:2148
- C:\Windows\System\ShWIADl.exe
  C:\Windows\System\ShWIADl.exe
  2⤵
  PID:4716
- C:\Windows\System\eaMJmxh.exe
  C:\Windows\System\eaMJmxh.exe
  2⤵
  PID:2344
- C:\Windows\System\hcQISpu.exe
  C:\Windows\System\hcQISpu.exe
  2⤵
  PID:2088
- C:\Windows\System\NaMDKGE.exe
  C:\Windows\System\NaMDKGE.exe
  2⤵
  PID:3148
- C:\Windows\System\zWABYKx.exe
  C:\Windows\System\zWABYKx.exe
  2⤵
  PID:472
- C:\Windows\System\vSnTHFG.exe
  C:\Windows\System\vSnTHFG.exe
  2⤵
  PID:3872
- C:\Windows\System\OdgGbLU.exe
  C:\Windows\System\OdgGbLU.exe
  2⤵
  PID:4844
- C:\Windows\System\IJWSCFr.exe
  C:\Windows\System\IJWSCFr.exe
  2⤵
  PID:3440
- C:\Windows\System\aFERWyP.exe
  C:\Windows\System\aFERWyP.exe
  2⤵
  PID:4908
- C:\Windows\System\zFGEdoa.exe
  C:\Windows\System\zFGEdoa.exe
  2⤵
  PID:264
- C:\Windows\System\VQEILwF.exe
  C:\Windows\System\VQEILwF.exe
  2⤵
  PID:4140
- C:\Windows\System\OEbAurC.exe
  C:\Windows\System\OEbAurC.exe
  2⤵
  PID:3804
- C:\Windows\System\wdOEQlf.exe
  C:\Windows\System\wdOEQlf.exe
  2⤵
  PID:4144
- C:\Windows\System\AOchgKS.exe
  C:\Windows\System\AOchgKS.exe
  2⤵
  PID:2392
- C:\Windows\System\pxpXDDK.exe
  C:\Windows\System\pxpXDDK.exe
  2⤵
  PID:1432
- C:\Windows\System\bJcWBla.exe
  C:\Windows\System\bJcWBla.exe
  2⤵
  PID:3712
- C:\Windows\System\nauVxKf.exe
  C:\Windows\System\nauVxKf.exe
  2⤵
  PID:3908
- C:\Windows\System\iiotZBW.exe
  C:\Windows\System\iiotZBW.exe
  2⤵
  PID:3624
- C:\Windows\System\MmGcnKm.exe
  C:\Windows\System\MmGcnKm.exe
  2⤵
  PID:1896
- C:\Windows\System\MoWdztU.exe
  C:\Windows\System\MoWdztU.exe
  2⤵
  PID:4968
- C:\Windows\System\imtPDOR.exe
  C:\Windows\System\imtPDOR.exe
  2⤵
  PID:4556
- C:\Windows\System\RahhuUB.exe
  C:\Windows\System\RahhuUB.exe
  2⤵
  PID:1880
- C:\Windows\System\DlyQHCA.exe
  C:\Windows\System\DlyQHCA.exe
  2⤵
  PID:1892
- C:\Windows\System\OYiApGW.exe
  C:\Windows\System\OYiApGW.exe
  2⤵
  PID:348
- C:\Windows\System\mICEczM.exe
  C:\Windows\System\mICEczM.exe
  2⤵
  PID:3092
- C:\Windows\System\zchdaYR.exe
  C:\Windows\System\zchdaYR.exe
  2⤵
  PID:3316
- C:\Windows\System\MqdCNRq.exe
  C:\Windows\System\MqdCNRq.exe
  2⤵
  PID:4364
- C:\Windows\System\ngZWsCx.exe
  C:\Windows\System\ngZWsCx.exe
  2⤵
  PID:3964
- C:\Windows\System\cLfyIjI.exe
  C:\Windows\System\cLfyIjI.exe
  2⤵
  PID:2424
- C:\Windows\System\UTZWiHq.exe
  C:\Windows\System\UTZWiHq.exe
  2⤵
  PID:2116
- C:\Windows\System\DVbhiGw.exe
  C:\Windows\System\DVbhiGw.exe
  2⤵
  PID:3632
- C:\Windows\System\lVmaUuP.exe
  C:\Windows\System\lVmaUuP.exe
  2⤵
  PID:4792
- C:\Windows\System\FTfBEMt.exe
  C:\Windows\System\FTfBEMt.exe
  2⤵
  PID:2060
- C:\Windows\System\fSUlvCv.exe
  C:\Windows\System\fSUlvCv.exe
  2⤵
  PID:2216
- C:\Windows\System\WQMNqUi.exe
  C:\Windows\System\WQMNqUi.exe
  2⤵
  PID:2384
- C:\Windows\System\fTGDXtA.exe
  C:\Windows\System\fTGDXtA.exe
  2⤵
  PID:2620
- C:\Windows\System\EYKEyFP.exe
  C:\Windows\System\EYKEyFP.exe
  2⤵
  PID:2964
- C:\Windows\System\MOXvmKC.exe
  C:\Windows\System\MOXvmKC.exe
  2⤵
  PID:1840
- C:\Windows\System\snaTZPS.exe
  C:\Windows\System\snaTZPS.exe
  2⤵
  PID:2628
- C:\Windows\System\xMjfHwx.exe
  C:\Windows\System\xMjfHwx.exe
  2⤵
  PID:1580
- C:\Windows\System\msRhphb.exe
  C:\Windows\System\msRhphb.exe
  2⤵
  PID:1480
- C:\Windows\System\fMmUFUh.exe
  C:\Windows\System\fMmUFUh.exe
  2⤵
  PID:2864
- C:\Windows\System\gdBCVoH.exe
  C:\Windows\System\gdBCVoH.exe
  2⤵
  PID:4404
- C:\Windows\System\oBXCRrG.exe
  C:\Windows\System\oBXCRrG.exe
  2⤵
  PID:3160
- C:\Windows\System\pamRPqG.exe
  C:\Windows\System\pamRPqG.exe
  2⤵
  PID:3620
- C:\Windows\System\UDcWlqU.exe
  C:\Windows\System\UDcWlqU.exe
  2⤵
  PID:2792
- C:\Windows\System\nBmWSOn.exe
  C:\Windows\System\nBmWSOn.exe
  2⤵
  PID:5140
- C:\Windows\System\VXEduis.exe
  C:\Windows\System\VXEduis.exe
  2⤵
  PID:5204
- C:\Windows\System\fdpaiGY.exe
  C:\Windows\System\fdpaiGY.exe
  2⤵
  PID:5228
- C:\Windows\System\Yexaoan.exe
  C:\Windows\System\Yexaoan.exe
  2⤵
  PID:5244
- C:\Windows\System\OGXCQYN.exe
  C:\Windows\System\OGXCQYN.exe
  2⤵
  PID:5264
- C:\Windows\System\fyPhOsA.exe
  C:\Windows\System\fyPhOsA.exe
  2⤵
  PID:5296
- C:\Windows\System\QpfPKte.exe
  C:\Windows\System\QpfPKte.exe
  2⤵
  PID:5324
- C:\Windows\System\lMeawGE.exe
  C:\Windows\System\lMeawGE.exe
  2⤵
  PID:5340
- C:\Windows\System\mKyGXTv.exe
  C:\Windows\System\mKyGXTv.exe
  2⤵
  PID:5356
- C:\Windows\System\ecsHcsg.exe
  C:\Windows\System\ecsHcsg.exe
  2⤵
  PID:5372
- C:\Windows\System\AiGBBdO.exe
  C:\Windows\System\AiGBBdO.exe
  2⤵
  PID:5388
- C:\Windows\System\FcfYVGz.exe
  C:\Windows\System\FcfYVGz.exe
  2⤵
  PID:5404
- C:\Windows\System\cdfulxn.exe
  C:\Windows\System\cdfulxn.exe
  2⤵
  PID:5496
- C:\Windows\System\GGTFtDO.exe
  C:\Windows\System\GGTFtDO.exe
  2⤵
  PID:5536
- C:\Windows\System\lWryOFg.exe
  C:\Windows\System\lWryOFg.exe
  2⤵
  PID:5552
- C:\Windows\System\KjAVVuO.exe
  C:\Windows\System\KjAVVuO.exe
  2⤵
  PID:5568
- C:\Windows\System\AiAQYaj.exe
  C:\Windows\System\AiAQYaj.exe
  2⤵
  PID:5584
- C:\Windows\System\fnRGBGL.exe
  C:\Windows\System\fnRGBGL.exe
  2⤵
  PID:5600
- C:\Windows\System\IYdnPhp.exe
  C:\Windows\System\IYdnPhp.exe
  2⤵
  PID:5616
- C:\Windows\System\YSHzZHw.exe
  C:\Windows\System\YSHzZHw.exe
  2⤵
  PID:5632
- C:\Windows\System\RPNjcMf.exe
  C:\Windows\System\RPNjcMf.exe
  2⤵
  PID:5652
- C:\Windows\System\LcJGvmI.exe
  C:\Windows\System\LcJGvmI.exe
  2⤵
  PID:5728
- C:\Windows\System\kdJkrOx.exe
  C:\Windows\System\kdJkrOx.exe
  2⤵
  PID:5744
- C:\Windows\System\IvquhHN.exe
  C:\Windows\System\IvquhHN.exe
  2⤵
  PID:5760
- C:\Windows\System\LNbUMgh.exe
  C:\Windows\System\LNbUMgh.exe
  2⤵
  PID:5784
- C:\Windows\System\fvKusdS.exe
  C:\Windows\System\fvKusdS.exe
  2⤵
  PID:5800
- C:\Windows\System\zfRpRGg.exe
  C:\Windows\System\zfRpRGg.exe
  2⤵
  PID:5816
- C:\Windows\System\jTmgnPs.exe
  C:\Windows\System\jTmgnPs.exe
  2⤵
  PID:5832
- C:\Windows\System\HIarpzG.exe
  C:\Windows\System\HIarpzG.exe
  2⤵
  PID:5852
- C:\Windows\System\zMqieAf.exe
  C:\Windows\System\zMqieAf.exe
  2⤵
  PID:5868
- C:\Windows\System\KnylJDs.exe
  C:\Windows\System\KnylJDs.exe
  2⤵
  PID:5888
- C:\Windows\System\BfvNKoL.exe
  C:\Windows\System\BfvNKoL.exe
  2⤵
  PID:5904
- C:\Windows\System\ZPhsGFv.exe
  C:\Windows\System\ZPhsGFv.exe
  2⤵
  PID:5920
- C:\Windows\System\asZynAR.exe
  C:\Windows\System\asZynAR.exe
  2⤵
  PID:5936
- C:\Windows\System\pIlVRlW.exe
  C:\Windows\System\pIlVRlW.exe
  2⤵
  PID:5952
- C:\Windows\System\UPLrprl.exe
  C:\Windows\System\UPLrprl.exe
  2⤵
  PID:5972
- C:\Windows\System\YSzTWhI.exe
  C:\Windows\System\YSzTWhI.exe
  2⤵
  PID:5992
- C:\Windows\System\uVmdVXY.exe
  C:\Windows\System\uVmdVXY.exe
  2⤵
  PID:6008
- C:\Windows\System\rCxoqUQ.exe
  C:\Windows\System\rCxoqUQ.exe
  2⤵
  PID:6024
- C:\Windows\System\yygNNHp.exe
  C:\Windows\System\yygNNHp.exe
  2⤵
  PID:6044
- C:\Windows\System\zjXOxDI.exe
  C:\Windows\System\zjXOxDI.exe
  2⤵
  PID:6060
- C:\Windows\System\YuoCdvI.exe
  C:\Windows\System\YuoCdvI.exe
  2⤵
  PID:6076
- C:\Windows\System\hFQiBeO.exe
  C:\Windows\System\hFQiBeO.exe
  2⤵
  PID:6092
- C:\Windows\System\hAehjBZ.exe
  C:\Windows\System\hAehjBZ.exe
  2⤵
  PID:6112
- C:\Windows\System\TmWPMzq.exe
  C:\Windows\System\TmWPMzq.exe
  2⤵
  PID:6132
- C:\Windows\System\AtfTEoi.exe
  C:\Windows\System\AtfTEoi.exe
  2⤵
  PID:1476
- C:\Windows\System\LPXzqpu.exe
  C:\Windows\System\LPXzqpu.exe
  2⤵
  PID:2636
- C:\Windows\System\qABDmLY.exe
  C:\Windows\System\qABDmLY.exe
  2⤵
  PID:2464
- C:\Windows\System\lIRtAkn.exe
  C:\Windows\System\lIRtAkn.exe
  2⤵
  PID:4540
- C:\Windows\System\WCUqfSk.exe
  C:\Windows\System\WCUqfSk.exe
  2⤵
  PID:556
- C:\Windows\System\SRXFDPj.exe
  C:\Windows\System\SRXFDPj.exe
  2⤵
  PID:5212
- C:\Windows\System\seKUbSF.exe
  C:\Windows\System\seKUbSF.exe
  2⤵
  PID:5252
- C:\Windows\System\BQXNcdG.exe
  C:\Windows\System\BQXNcdG.exe
  2⤵
  PID:5316
- C:\Windows\System\MYIiQey.exe
  C:\Windows\System\MYIiQey.exe
  2⤵
  PID:5380
- C:\Windows\System\ayfJogs.exe
  C:\Windows\System\ayfJogs.exe
  2⤵
  PID:4920
- C:\Windows\System\cmUtotP.exe
  C:\Windows\System\cmUtotP.exe
  2⤵
  PID:5240
- C:\Windows\System\mlrCAWU.exe
  C:\Windows\System\mlrCAWU.exe
  2⤵
  PID:5440
- C:\Windows\System\wqFodQo.exe
  C:\Windows\System\wqFodQo.exe
  2⤵
  PID:5456
- C:\Windows\System\ssJfGNw.exe
  C:\Windows\System\ssJfGNw.exe
  2⤵
  PID:5332
- C:\Windows\System\tgCHrnw.exe
  C:\Windows\System\tgCHrnw.exe
  2⤵
  PID:5160
- C:\Windows\System\UEPUKTh.exe
  C:\Windows\System\UEPUKTh.exe
  2⤵
  PID:5176
- C:\Windows\System\KlBKUvI.exe
  C:\Windows\System\KlBKUvI.exe
  2⤵
  PID:5200
- C:\Windows\System\fAgXsqa.exe
  C:\Windows\System\fAgXsqa.exe
  2⤵
  PID:5396
- C:\Windows\System\KqOoNuh.exe
  C:\Windows\System\KqOoNuh.exe
  2⤵
  PID:5476
- C:\Windows\System\NPvPSsC.exe
  C:\Windows\System\NPvPSsC.exe
  2⤵
  PID:5488
- C:\Windows\System\qIRMLtZ.exe
  C:\Windows\System\qIRMLtZ.exe
  2⤵
  PID:5508
- C:\Windows\System\kaFziTO.exe
  C:\Windows\System\kaFziTO.exe
  2⤵
  PID:5528
- C:\Windows\System\GrukNVu.exe
  C:\Windows\System\GrukNVu.exe
  2⤵
  PID:5548
- C:\Windows\System\CPSKwoL.exe
  C:\Windows\System\CPSKwoL.exe
  2⤵
  PID:5608
- C:\Windows\System\VScRnqH.exe
  C:\Windows\System\VScRnqH.exe
  2⤵
  PID:5664
- C:\Windows\System\SfzXUra.exe
  C:\Windows\System\SfzXUra.exe
  2⤵
  PID:5648
- C:\Windows\System\RXWCPCK.exe
  C:\Windows\System\RXWCPCK.exe
  2⤵
  PID:5680
- C:\Windows\System\PBqyyWD.exe
  C:\Windows\System\PBqyyWD.exe
  2⤵
  PID:5896
- C:\Windows\System\ASJhODu.exe
  C:\Windows\System\ASJhODu.exe
  2⤵
  PID:5432
- C:\Windows\System\QJkdzmc.exe
  C:\Windows\System\QJkdzmc.exe
  2⤵
  PID:5172
- C:\Windows\System\JrwrZmt.exe
  C:\Windows\System\JrwrZmt.exe
  2⤵
  PID:3520
- C:\Windows\System\tAgKiPA.exe
  C:\Windows\System\tAgKiPA.exe
  2⤵
  PID:5464
- C:\Windows\System\wtclDsb.exe
  C:\Windows\System\wtclDsb.exe
  2⤵
  PID:5628
- C:\Windows\System\PWBDRdN.exe
  C:\Windows\System\PWBDRdN.exe
  2⤵
  PID:5592
- C:\Windows\System\ZqjVfQY.exe
  C:\Windows\System\ZqjVfQY.exe
  2⤵
  PID:5416
- C:\Windows\System\UZPYqwE.exe
  C:\Windows\System\UZPYqwE.exe
  2⤵
  PID:5928
- C:\Windows\System\JXweXKi.exe
  C:\Windows\System\JXweXKi.exe
  2⤵
  PID:2592
- C:\Windows\System\fhXTmVp.exe
  C:\Windows\System\fhXTmVp.exe
  2⤵
  PID:6032
- C:\Windows\System\turoqYy.exe
  C:\Windows\System\turoqYy.exe
  2⤵
  PID:6104
- C:\Windows\System\bTGQHWj.exe
  C:\Windows\System\bTGQHWj.exe
  2⤵
  PID:2580
- C:\Windows\System\GRwlIEB.exe
  C:\Windows\System\GRwlIEB.exe
  2⤵
  PID:5128
- C:\Windows\System\IBCwkkb.exe
  C:\Windows\System\IBCwkkb.exe
  2⤵
  PID:5864
- C:\Windows\System\DPkhjvN.exe
  C:\Windows\System\DPkhjvN.exe
  2⤵
  PID:5660
- C:\Windows\System\CcYGxpS.exe
  C:\Windows\System\CcYGxpS.exe
  2⤵
  PID:5612
- C:\Windows\System\WmnAHPN.exe
  C:\Windows\System\WmnAHPN.exe
  2⤵
  PID:5352
- C:\Windows\System\CLtBfMx.exe
  C:\Windows\System\CLtBfMx.exe
  2⤵
  PID:2388
- C:\Windows\System\sCaycOd.exe
  C:\Windows\System\sCaycOd.exe
  2⤵
  PID:5772
- C:\Windows\System\ypAIAux.exe
  C:\Windows\System\ypAIAux.exe
  2⤵
  PID:5884
- C:\Windows\System\CKMzDmF.exe
  C:\Windows\System\CKMzDmF.exe
  2⤵
  PID:5984
- C:\Windows\System\QOSXkkw.exe
  C:\Windows\System\QOSXkkw.exe
  2⤵
  PID:6084
- C:\Windows\System\PXYgQWc.exe
  C:\Windows\System\PXYgQWc.exe
  2⤵
  PID:6124
- C:\Windows\System\CMfZxEA.exe
  C:\Windows\System\CMfZxEA.exe
  2⤵
  PID:4996
- C:\Windows\System\sgrcOnj.exe
  C:\Windows\System\sgrcOnj.exe
  2⤵
  PID:5304
- C:\Windows\System\xoWilWf.exe
  C:\Windows\System\xoWilWf.exe
  2⤵
  PID:5132
- C:\Windows\System\ShLqsMw.exe
  C:\Windows\System\ShLqsMw.exe
  2⤵
  PID:5308
- C:\Windows\System\joAvrDN.exe
  C:\Windows\System\joAvrDN.exe
  2⤵
  PID:5428
- C:\Windows\System\uAIRWep.exe
  C:\Windows\System\uAIRWep.exe
  2⤵
  PID:2740
- C:\Windows\System\fCxrPCa.exe
  C:\Windows\System\fCxrPCa.exe
  2⤵
  PID:5412
- C:\Windows\System\BZVhLws.exe
  C:\Windows\System\BZVhLws.exe
  2⤵
  PID:5460
- C:\Windows\System\KcHsGlt.exe
  C:\Windows\System\KcHsGlt.exe
  2⤵
  PID:6072
- C:\Windows\System\ygfJUDJ.exe
  C:\Windows\System\ygfJUDJ.exe
  2⤵
  PID:5136
- C:\Windows\System\tGxctuA.exe
  C:\Windows\System\tGxctuA.exe
  2⤵
  PID:5452
- C:\Windows\System\XlQbatH.exe
  C:\Windows\System\XlQbatH.exe
  2⤵
  PID:5700
- C:\Windows\System\tckTrMF.exe
  C:\Windows\System\tckTrMF.exe
  2⤵
  PID:5968
- C:\Windows\System\KJvtJHH.exe
  C:\Windows\System\KJvtJHH.exe
  2⤵
  PID:5756
- C:\Windows\System\CPANuNm.exe
  C:\Windows\System\CPANuNm.exe
  2⤵
  PID:5880
- C:\Windows\System\yQGlSEa.exe
  C:\Windows\System\yQGlSEa.exe
  2⤵
  PID:5752
- C:\Windows\System\ZGtFeye.exe
  C:\Windows\System\ZGtFeye.exe
  2⤵
  PID:5724
- C:\Windows\System\ygHJNxg.exe
  C:\Windows\System\ygHJNxg.exe
  2⤵
  PID:5716
- C:\Windows\System\ETKNerm.exe
  C:\Windows\System\ETKNerm.exe
  2⤵
  PID:6120
- C:\Windows\System\BrcBRpy.exe
  C:\Windows\System\BrcBRpy.exe
  2⤵
  PID:3504
- C:\Windows\System\jxerFlZ.exe
  C:\Windows\System\jxerFlZ.exe
  2⤵
  PID:5288
- C:\Windows\System\uZQZVoR.exe
  C:\Windows\System\uZQZVoR.exe
  2⤵
  PID:6052
- C:\Windows\System\EpsNnqs.exe
  C:\Windows\System\EpsNnqs.exe
  2⤵
  PID:5184
- C:\Windows\System\tKyIllF.exe
  C:\Windows\System\tKyIllF.exe
  2⤵
  PID:5220
- C:\Windows\System\aSTiLKp.exe
  C:\Windows\System\aSTiLKp.exe
  2⤵
  PID:6036
- C:\Windows\System\jiovNot.exe
  C:\Windows\System\jiovNot.exe
  2⤵
  PID:5848
- C:\Windows\System\zmdlOJp.exe
  C:\Windows\System\zmdlOJp.exe
  2⤵
  PID:5292
- C:\Windows\System\TezUypS.exe
  C:\Windows\System\TezUypS.exe
  2⤵
  PID:5564
- C:\Windows\System\MAaMsBa.exe
  C:\Windows\System\MAaMsBa.exe
  2⤵
  PID:5192
- C:\Windows\System\yqLmKAi.exe
  C:\Windows\System\yqLmKAi.exe
  2⤵
  PID:5196
- C:\Windows\System\VoTWIcl.exe
  C:\Windows\System\VoTWIcl.exe
  2⤵
  PID:5512
- C:\Windows\System\NryKogb.exe
  C:\Windows\System\NryKogb.exe
  2⤵
  PID:5364
- C:\Windows\System\VkHodgq.exe
  C:\Windows\System\VkHodgq.exe
  2⤵
  PID:5596
- C:\Windows\System\mCnugXU.exe
  C:\Windows\System\mCnugXU.exe
  2⤵
  PID:5988
- C:\Windows\System\fGcoeAp.exe
  C:\Windows\System\fGcoeAp.exe
  2⤵
  PID:3340
- C:\Windows\System\UxUBYQL.exe
  C:\Windows\System\UxUBYQL.exe
  2⤵
  PID:5828
- C:\Windows\System\hFSwekm.exe
  C:\Windows\System\hFSwekm.exe
  2⤵
  PID:5768
- C:\Windows\System\HJwhpKC.exe
  C:\Windows\System\HJwhpKC.exe
  2⤵
  PID:5900
- C:\Windows\System\YzkCIEW.exe
  C:\Windows\System\YzkCIEW.exe
  2⤵
  PID:6140
- C:\Windows\System\DOFNlcU.exe
  C:\Windows\System\DOFNlcU.exe
  2⤵
  PID:6000
- C:\Windows\System\HjtSYrY.exe
  C:\Windows\System\HjtSYrY.exe
  2⤵
  PID:1912
- C:\Windows\System\hUSadwW.exe
  C:\Windows\System\hUSadwW.exe
  2⤵
  PID:5812
- C:\Windows\System\MPEtZtn.exe
  C:\Windows\System\MPEtZtn.exe
  2⤵
  PID:6004
- C:\Windows\System\xXeJOpk.exe
  C:\Windows\System\xXeJOpk.exe
  2⤵
  PID:5424
- C:\Windows\System\lwaRMfR.exe
  C:\Windows\System\lwaRMfR.exe
  2⤵
  PID:5780
- C:\Windows\System\jfowNBI.exe
  C:\Windows\System\jfowNBI.exe
  2⤵
  PID:1980
- C:\Windows\System\insfBnh.exe
  C:\Windows\System\insfBnh.exe
  2⤵
  PID:5792
- C:\Windows\System\NjIRIMX.exe
  C:\Windows\System\NjIRIMX.exe
  2⤵
  PID:6148
- C:\Windows\System\bbEwYfC.exe
  C:\Windows\System\bbEwYfC.exe
  2⤵
  PID:6168
- C:\Windows\System\sznocFD.exe
  C:\Windows\System\sznocFD.exe
  2⤵
  PID:6184
- C:\Windows\System\oeTjJBu.exe
  C:\Windows\System\oeTjJBu.exe
  2⤵
  PID:6208
- C:\Windows\System\ZwfykJO.exe
  C:\Windows\System\ZwfykJO.exe
  2⤵
  PID:6224
- C:\Windows\System\uBYjAAx.exe
  C:\Windows\System\uBYjAAx.exe
  2⤵
  PID:6240
- C:\Windows\System\fFZIkzK.exe
  C:\Windows\System\fFZIkzK.exe
  2⤵
  PID:6256
- C:\Windows\System\bvgjmOf.exe
  C:\Windows\System\bvgjmOf.exe
  2⤵
  PID:6272
- C:\Windows\System\nKsngnh.exe
  C:\Windows\System\nKsngnh.exe
  2⤵
  PID:6288
- C:\Windows\System\HqrMysJ.exe
  C:\Windows\System\HqrMysJ.exe
  2⤵
  PID:6304
- C:\Windows\System\QGcgXNO.exe
  C:\Windows\System\QGcgXNO.exe
  2⤵
  PID:6324
- C:\Windows\System\qvcBRXi.exe
  C:\Windows\System\qvcBRXi.exe
  2⤵
  PID:6340
- C:\Windows\System\TuYeRYo.exe
  C:\Windows\System\TuYeRYo.exe
  2⤵
  PID:6356
- C:\Windows\System\MYTMFDH.exe
  C:\Windows\System\MYTMFDH.exe
  2⤵
  PID:6372
- C:\Windows\System\LgVhvCr.exe
  C:\Windows\System\LgVhvCr.exe
  2⤵
  PID:6388
- C:\Windows\System\tWPssMe.exe
  C:\Windows\System\tWPssMe.exe
  2⤵
  PID:6404
- C:\Windows\System\bmIdxiW.exe
  C:\Windows\System\bmIdxiW.exe
  2⤵
  PID:6420
- C:\Windows\System\oZoOMwO.exe
  C:\Windows\System\oZoOMwO.exe
  2⤵
  PID:6440
- C:\Windows\System\qFqJioY.exe
  C:\Windows\System\qFqJioY.exe
  2⤵
  PID:6456
- C:\Windows\System\vAmvFEA.exe
  C:\Windows\System\vAmvFEA.exe
  2⤵
  PID:6472
- C:\Windows\System\YEzUjYt.exe
  C:\Windows\System\YEzUjYt.exe
  2⤵
  PID:6488
- C:\Windows\System\LbiKdEH.exe
  C:\Windows\System\LbiKdEH.exe
  2⤵
  PID:6504
- C:\Windows\System\ITWNraG.exe
  C:\Windows\System\ITWNraG.exe
  2⤵
  PID:6520
- C:\Windows\System\uQycurW.exe
  C:\Windows\System\uQycurW.exe
  2⤵
  PID:6536
- C:\Windows\System\COdMFCB.exe
  C:\Windows\System\COdMFCB.exe
  2⤵
  PID:6552
- C:\Windows\System\WgBOmcK.exe
  C:\Windows\System\WgBOmcK.exe
  2⤵
  PID:6568
- C:\Windows\System\rnWrcGJ.exe
  C:\Windows\System\rnWrcGJ.exe
  2⤵
  PID:6584
- C:\Windows\System\KmIqgDv.exe
  C:\Windows\System\KmIqgDv.exe
  2⤵
  PID:6604
- C:\Windows\System\hEKcqEw.exe
  C:\Windows\System\hEKcqEw.exe
  2⤵
  PID:6620
- C:\Windows\System\TrGwhgn.exe
  C:\Windows\System\TrGwhgn.exe
  2⤵
  PID:6636
- C:\Windows\System\KBuLojg.exe
  C:\Windows\System\KBuLojg.exe
  2⤵
  PID:6652
- C:\Windows\System\gNltvxZ.exe
  C:\Windows\System\gNltvxZ.exe
  2⤵
  PID:6668
- C:\Windows\System\bLnwlWy.exe
  C:\Windows\System\bLnwlWy.exe
  2⤵
  PID:6684
- C:\Windows\System\GnURMtm.exe
  C:\Windows\System\GnURMtm.exe
  2⤵
  PID:6700
- C:\Windows\System\qcTiIsy.exe
  C:\Windows\System\qcTiIsy.exe
  2⤵
  PID:6720
- C:\Windows\System\sjzlYYF.exe
  C:\Windows\System\sjzlYYF.exe
  2⤵
  PID:6736
- C:\Windows\System\RByZMbu.exe
  C:\Windows\System\RByZMbu.exe
  2⤵
  PID:6752
- C:\Windows\System\eHPIeEX.exe
  C:\Windows\System\eHPIeEX.exe
  2⤵
  PID:6768
- C:\Windows\System\iYvclTc.exe
  C:\Windows\System\iYvclTc.exe
  2⤵
  PID:6784
- C:\Windows\System\VBKjcwq.exe
  C:\Windows\System\VBKjcwq.exe
  2⤵
  PID:6800
- C:\Windows\System\cwUvKSg.exe
  C:\Windows\System\cwUvKSg.exe
  2⤵
  PID:6820
- C:\Windows\System\oGGuNHY.exe
  C:\Windows\System\oGGuNHY.exe
  2⤵
  PID:6836
- C:\Windows\System\VinougO.exe
  C:\Windows\System\VinougO.exe
  2⤵
  PID:6856
- C:\Windows\System\gDbfFmT.exe
  C:\Windows\System\gDbfFmT.exe
  2⤵
  PID:6872
- C:\Windows\System\pgcvSHz.exe
  C:\Windows\System\pgcvSHz.exe
  2⤵
  PID:6892
- C:\Windows\System\QtFyQmt.exe
  C:\Windows\System\QtFyQmt.exe
  2⤵
  PID:6908
- C:\Windows\System\EpqeQOx.exe
  C:\Windows\System\EpqeQOx.exe
  2⤵
  PID:6924
- C:\Windows\System\udXktmD.exe
  C:\Windows\System\udXktmD.exe
  2⤵
  PID:6940
- C:\Windows\System\SIRwzea.exe
  C:\Windows\System\SIRwzea.exe
  2⤵
  PID:6956
- C:\Windows\System\DoRRnkm.exe
  C:\Windows\System\DoRRnkm.exe
  2⤵
  PID:6976
- C:\Windows\System\WiGdAUO.exe
  C:\Windows\System\WiGdAUO.exe
  2⤵
  PID:6992
- C:\Windows\System\gRFZmms.exe
  C:\Windows\System\gRFZmms.exe
  2⤵
  PID:7012
- C:\Windows\System\BJnMZJE.exe
  C:\Windows\System\BJnMZJE.exe
  2⤵
  PID:7028
- C:\Windows\System\gxOHtfY.exe
  C:\Windows\System\gxOHtfY.exe
  2⤵
  PID:7044
- C:\Windows\System\kDqpyym.exe
  C:\Windows\System\kDqpyym.exe
  2⤵
  PID:7064
- C:\Windows\System\dzBuVln.exe
  C:\Windows\System\dzBuVln.exe
  2⤵
  PID:7080
- C:\Windows\System\WLyJfGf.exe
  C:\Windows\System\WLyJfGf.exe
  2⤵
  PID:7096
- C:\Windows\System\olnGfUW.exe
  C:\Windows\System\olnGfUW.exe
  2⤵
  PID:7112
- C:\Windows\System\SczxCNZ.exe
  C:\Windows\System\SczxCNZ.exe
  2⤵
  PID:7128
- C:\Windows\System\fhPSTNC.exe
  C:\Windows\System\fhPSTNC.exe
  2⤵
  PID:7148
- C:\Windows\System\YkFgtwT.exe
  C:\Windows\System\YkFgtwT.exe
  2⤵
  PID:7164
- C:\Windows\System\sBBhFHr.exe
  C:\Windows\System\sBBhFHr.exe
  2⤵
  PID:6192
- C:\Windows\System\wAuUfrv.exe
  C:\Windows\System\wAuUfrv.exe
  2⤵
  PID:5720
- C:\Windows\System\glcQEET.exe
  C:\Windows\System\glcQEET.exe
  2⤵
  PID:5624
- C:\Windows\System\sospJwf.exe
  C:\Windows\System\sospJwf.exe
  2⤵
  PID:6220
- C:\Windows\System\bTIsKrY.exe
  C:\Windows\System\bTIsKrY.exe
  2⤵
  PID:6236
- C:\Windows\System\ZRLICPi.exe
  C:\Windows\System\ZRLICPi.exe
  2⤵
  PID:6300
- C:\Windows\System\jSafrjD.exe
  C:\Windows\System\jSafrjD.exe
  2⤵
  PID:6368
- C:\Windows\System\iLoqUQd.exe
  C:\Windows\System\iLoqUQd.exe
  2⤵
  PID:6528
- C:\Windows\System\TIyJXEO.exe
  C:\Windows\System\TIyJXEO.exe
  2⤵
  PID:6464
- C:\Windows\System\CEtrcmc.exe
  C:\Windows\System\CEtrcmc.exe
  2⤵
  PID:6560
- C:\Windows\System\Pizcyrb.exe
  C:\Windows\System\Pizcyrb.exe
  2⤵
  PID:6248
- C:\Windows\System\xwrysdS.exe
  C:\Windows\System\xwrysdS.exe
  2⤵
  PID:6284
- C:\Windows\System\JMVqOYX.exe
  C:\Windows\System\JMVqOYX.exe
  2⤵
  PID:6348
- C:\Windows\System\eXNLqlx.exe
  C:\Windows\System\eXNLqlx.exe
  2⤵
  PID:6416
- C:\Windows\System\IyquXnx.exe
  C:\Windows\System\IyquXnx.exe
  2⤵
  PID:6484
- C:\Windows\System\XDNcVmC.exe
  C:\Windows\System\XDNcVmC.exe
  2⤵
  PID:6548
- C:\Windows\System\dnfNcwg.exe
  C:\Windows\System\dnfNcwg.exe
  2⤵
  PID:6632
- C:\Windows\System\JpErOnz.exe
  C:\Windows\System\JpErOnz.exe
  2⤵
  PID:6648
- C:\Windows\System\yAdzinj.exe
  C:\Windows\System\yAdzinj.exe
  2⤵
  PID:6692
- C:\Windows\System\VJGBivd.exe
  C:\Windows\System\VJGBivd.exe
  2⤵
  PID:6760
- C:\Windows\System\lIAELJV.exe
  C:\Windows\System\lIAELJV.exe
  2⤵
  PID:6832
- C:\Windows\System\wLBXJlz.exe
  C:\Windows\System\wLBXJlz.exe
  2⤵
  PID:6900
- C:\Windows\System\mepgYnC.exe
  C:\Windows\System\mepgYnC.exe
  2⤵
  PID:6936
- C:\Windows\System\VkEkBHA.exe
  C:\Windows\System\VkEkBHA.exe
  2⤵
  PID:6884
- C:\Windows\System\xrtLtkR.exe
  C:\Windows\System\xrtLtkR.exe
  2⤵
  PID:6676
- C:\Windows\System\HNRFwzM.exe
  C:\Windows\System\HNRFwzM.exe
  2⤵
  PID:6748
- C:\Windows\System\xPgUCeh.exe
  C:\Windows\System\xPgUCeh.exe
  2⤵
  PID:7040
- C:\Windows\System\cLHETki.exe
  C:\Windows\System\cLHETki.exe
  2⤵
  PID:6716
- C:\Windows\System\kzasWks.exe
  C:\Windows\System\kzasWks.exe
  2⤵
  PID:6848
- C:\Windows\System\YgqDiNT.exe
  C:\Windows\System\YgqDiNT.exe
  2⤵
  PID:6920
- C:\Windows\System\iZSIYCH.exe
  C:\Windows\System\iZSIYCH.exe
  2⤵
  PID:7136
- C:\Windows\System\eHJyExo.exe
  C:\Windows\System\eHJyExo.exe
  2⤵
  PID:7056
- C:\Windows\System\xThswUz.exe
  C:\Windows\System\xThswUz.exe
  2⤵
  PID:7024
- C:\Windows\System\ErYJkYH.exe
  C:\Windows\System\ErYJkYH.exe
  2⤵
  PID:7156
- C:\Windows\System\KoIgfIf.exe
  C:\Windows\System\KoIgfIf.exe
  2⤵
  PID:7140
- C:\Windows\System\DNOeUdS.exe
  C:\Windows\System\DNOeUdS.exe
  2⤵
  PID:6296
- C:\Windows\System\FUJxJyn.exe
  C:\Windows\System\FUJxJyn.exe
  2⤵
  PID:6428
- C:\Windows\System\SUrpZdv.exe
  C:\Windows\System\SUrpZdv.exe
  2⤵
  PID:5260
- C:\Windows\System\eiXpaOB.exe
  C:\Windows\System\eiXpaOB.exe
  2⤵
  PID:6532
- C:\Windows\System\ZZmepos.exe
  C:\Windows\System\ZZmepos.exe
  2⤵
  PID:6412
- C:\Windows\System\vaHaqWr.exe
  C:\Windows\System\vaHaqWr.exe
  2⤵
  PID:6580
- C:\Windows\System\krMgEYt.exe
  C:\Windows\System\krMgEYt.exe
  2⤵
  PID:6336
- C:\Windows\System\HSlPbdr.exe
  C:\Windows\System\HSlPbdr.exe
  2⤵
  PID:6592
- C:\Windows\System\FyUCSkL.exe
  C:\Windows\System\FyUCSkL.exe
  2⤵
  PID:6452
- C:\Windows\System\jNsOPyn.exe
  C:\Windows\System\jNsOPyn.exe
  2⤵
  PID:6792
- C:\Windows\System\bkjAhap.exe
  C:\Windows\System\bkjAhap.exe
  2⤵
  PID:7036
- C:\Windows\System\rUQqBxy.exe
  C:\Windows\System\rUQqBxy.exe
  2⤵
  PID:6972
- C:\Windows\System\ecHopYG.exe
  C:\Windows\System\ecHopYG.exe
  2⤵
  PID:7104
- C:\Windows\System\cLNrxmn.exe
  C:\Windows\System\cLNrxmn.exe
  2⤵
  PID:6808
- C:\Windows\System\TDlWRNQ.exe
  C:\Windows\System\TDlWRNQ.exe
  2⤵
  PID:7108
- C:\Windows\System\LnLQnfv.exe
  C:\Windows\System\LnLQnfv.exe
  2⤵
  PID:7160
- C:\Windows\System\xcruudx.exe
  C:\Windows\System\xcruudx.exe
  2⤵
  PID:6432
- C:\Windows\System\KrmzOmj.exe
  C:\Windows\System\KrmzOmj.exe
  2⤵
  PID:6100
- C:\Windows\System\lXtaxgK.exe
  C:\Windows\System\lXtaxgK.exe
  2⤵
  PID:6164
- C:\Windows\System\mnpiJmw.exe
  C:\Windows\System\mnpiJmw.exe
  2⤵
  PID:7092
- C:\Windows\System\iVHdvWn.exe
  C:\Windows\System\iVHdvWn.exe
  2⤵
  PID:6732
- C:\Windows\System\PlbFyFV.exe
  C:\Windows\System\PlbFyFV.exe
  2⤵
  PID:6496
- C:\Windows\System\GpTZOQC.exe
  C:\Windows\System\GpTZOQC.exe
  2⤵
  PID:7008
- C:\Windows\System\CgXNksM.exe
  C:\Windows\System\CgXNksM.exe
  2⤵
  PID:6708
- C:\Windows\System\rYCZIpq.exe
  C:\Windows\System\rYCZIpq.exe
  2⤵
  PID:6160
- C:\Windows\System\eeHKxfA.exe
  C:\Windows\System\eeHKxfA.exe
  2⤵
  PID:6984
- C:\Windows\System\vGlCQBy.exe
  C:\Windows\System\vGlCQBy.exe
  2⤵
  PID:7052
- C:\Windows\System\vZwGcaC.exe
  C:\Windows\System\vZwGcaC.exe
  2⤵
  PID:6644
- C:\Windows\System\LyMyWNk.exe
  C:\Windows\System\LyMyWNk.exe
  2⤵
  PID:5796
- C:\Windows\System\IcwYKql.exe
  C:\Windows\System\IcwYKql.exe
  2⤵
  PID:7172
- C:\Windows\System\WAERojd.exe
  C:\Windows\System\WAERojd.exe
  2⤵
  PID:7188
- C:\Windows\System\aVUsQdA.exe
  C:\Windows\System\aVUsQdA.exe
  2⤵
  PID:7204
- C:\Windows\System\sbuJter.exe
  C:\Windows\System\sbuJter.exe
  2⤵
  PID:7220
- C:\Windows\System\IrDJHcT.exe
  C:\Windows\System\IrDJHcT.exe
  2⤵
  PID:7236
- C:\Windows\System\bInuZgc.exe
  C:\Windows\System\bInuZgc.exe
  2⤵
  PID:7256
- C:\Windows\System\IRnzpKG.exe
  C:\Windows\System\IRnzpKG.exe
  2⤵
  PID:7272
- C:\Windows\System\lXiVenj.exe
  C:\Windows\System\lXiVenj.exe
  2⤵
  PID:7288
- C:\Windows\System\RvJIXwS.exe
  C:\Windows\System\RvJIXwS.exe
  2⤵
  PID:7304
- C:\Windows\System\TSAuvLS.exe
  C:\Windows\System\TSAuvLS.exe
  2⤵
  PID:7320
- C:\Windows\System\RZWzjYp.exe
  C:\Windows\System\RZWzjYp.exe
  2⤵
  PID:7336
- C:\Windows\System\gyEBgXw.exe
  C:\Windows\System\gyEBgXw.exe
  2⤵
  PID:7352
- C:\Windows\System\NgGUKJj.exe
  C:\Windows\System\NgGUKJj.exe
  2⤵
  PID:7368
- C:\Windows\System\kJAbSRc.exe
  C:\Windows\System\kJAbSRc.exe
  2⤵
  PID:7384
- C:\Windows\System\PAGmgAo.exe
  C:\Windows\System\PAGmgAo.exe
  2⤵
  PID:7400
- C:\Windows\System\yGQoueD.exe
  C:\Windows\System\yGQoueD.exe
  2⤵
  PID:7416
- C:\Windows\System\TcjowcP.exe
  C:\Windows\System\TcjowcP.exe
  2⤵
  PID:7432
- C:\Windows\System\RAitVlG.exe
  C:\Windows\System\RAitVlG.exe
  2⤵
  PID:7452
- C:\Windows\System\zzgEttP.exe
  C:\Windows\System\zzgEttP.exe
  2⤵
  PID:7468
- C:\Windows\System\AyHlPNJ.exe
  C:\Windows\System\AyHlPNJ.exe
  2⤵
  PID:7484
- C:\Windows\System\bfLddcI.exe
  C:\Windows\System\bfLddcI.exe
  2⤵
  PID:7500
- C:\Windows\System\SGQLshw.exe
  C:\Windows\System\SGQLshw.exe
  2⤵
  PID:7516
- C:\Windows\System\DIemfLM.exe
  C:\Windows\System\DIemfLM.exe
  2⤵
  PID:7532
- C:\Windows\System\iheTQOL.exe
  C:\Windows\System\iheTQOL.exe
  2⤵
  PID:7552
- C:\Windows\System\gQouvIp.exe
  C:\Windows\System\gQouvIp.exe
  2⤵
  PID:7568
- C:\Windows\System\cOwOkNj.exe
  C:\Windows\System\cOwOkNj.exe
  2⤵
  PID:7584
- C:\Windows\System\IbWxEhX.exe
  C:\Windows\System\IbWxEhX.exe
  2⤵
  PID:7604
- C:\Windows\System\YQlUQsw.exe
  C:\Windows\System\YQlUQsw.exe
  2⤵
  PID:7620
- C:\Windows\System\PCdXapG.exe
  C:\Windows\System\PCdXapG.exe
  2⤵
  PID:7636
- C:\Windows\System\MFyxhaE.exe
  C:\Windows\System\MFyxhaE.exe
  2⤵
  PID:7652
- C:\Windows\System\uuDbbxf.exe
  C:\Windows\System\uuDbbxf.exe
  2⤵
  PID:7668
- C:\Windows\System\vMZnjTO.exe
  C:\Windows\System\vMZnjTO.exe
  2⤵
  PID:7684
- C:\Windows\System\ekdWoim.exe
  C:\Windows\System\ekdWoim.exe
  2⤵
  PID:7700
- C:\Windows\System\fpJvDCy.exe
  C:\Windows\System\fpJvDCy.exe
  2⤵
  PID:7716
- C:\Windows\System\PUaoDmf.exe
  C:\Windows\System\PUaoDmf.exe
  2⤵
  PID:7736
- C:\Windows\System\vGgAOOS.exe
  C:\Windows\System\vGgAOOS.exe
  2⤵
  PID:7752
- C:\Windows\System\lLBuGMx.exe
  C:\Windows\System\lLBuGMx.exe
  2⤵
  PID:7768
- C:\Windows\System\FOISryy.exe
  C:\Windows\System\FOISryy.exe
  2⤵
  PID:7784
- C:\Windows\System\txatQCZ.exe
  C:\Windows\System\txatQCZ.exe
  2⤵
  PID:7800
- C:\Windows\System\NtCOPgF.exe
  C:\Windows\System\NtCOPgF.exe
  2⤵
  PID:7816
- C:\Windows\System\lnhKLvC.exe
  C:\Windows\System\lnhKLvC.exe
  2⤵
  PID:7832
- C:\Windows\System\jhwLYxh.exe
  C:\Windows\System\jhwLYxh.exe
  2⤵
  PID:7848
- C:\Windows\System\XUVZDoK.exe
  C:\Windows\System\XUVZDoK.exe
  2⤵
  PID:7864
- C:\Windows\System\bTzRazf.exe
  C:\Windows\System\bTzRazf.exe
  2⤵
  PID:7880
- C:\Windows\System\UHcPRhD.exe
  C:\Windows\System\UHcPRhD.exe
  2⤵
  PID:7896
- C:\Windows\System\ljMJGnC.exe
  C:\Windows\System\ljMJGnC.exe
  2⤵
  PID:7912
- C:\Windows\System\rwDwghB.exe
  C:\Windows\System\rwDwghB.exe
  2⤵
  PID:7928
- C:\Windows\System\rhVTFsk.exe
  C:\Windows\System\rhVTFsk.exe
  2⤵
  PID:7944
- C:\Windows\System\fiqpUpX.exe
  C:\Windows\System\fiqpUpX.exe
  2⤵
  PID:7960
- C:\Windows\System\ndaCeql.exe
  C:\Windows\System\ndaCeql.exe
  2⤵
  PID:7976
- C:\Windows\System\ziwaHTS.exe
  C:\Windows\System\ziwaHTS.exe
  2⤵
  PID:7996
- C:\Windows\System\RnbFAGI.exe
  C:\Windows\System\RnbFAGI.exe
  2⤵
  PID:8012
- C:\Windows\System\rRawbps.exe
  C:\Windows\System\rRawbps.exe
  2⤵
  PID:8028
- C:\Windows\System\xNdywIR.exe
  C:\Windows\System\xNdywIR.exe
  2⤵
  PID:8044
- C:\Windows\System\ttLnziF.exe
  C:\Windows\System\ttLnziF.exe
  2⤵
  PID:8060
- C:\Windows\System\fTjsbaw.exe
  C:\Windows\System\fTjsbaw.exe
  2⤵
  PID:8076
- C:\Windows\System\tXYpJCd.exe
  C:\Windows\System\tXYpJCd.exe
  2⤵
  PID:8092
- C:\Windows\System\BxvqPnn.exe
  C:\Windows\System\BxvqPnn.exe
  2⤵
  PID:8108
- C:\Windows\System\njapVXD.exe
  C:\Windows\System\njapVXD.exe
  2⤵
  PID:8132
- C:\Windows\System\azMGhCq.exe
  C:\Windows\System\azMGhCq.exe
  2⤵
  PID:8152
- C:\Windows\System\bWRSGvL.exe
  C:\Windows\System\bWRSGvL.exe
  2⤵
  PID:8168
- C:\Windows\System\oowdYsL.exe
  C:\Windows\System\oowdYsL.exe
  2⤵
  PID:8184
- C:\Windows\System\cREXpwy.exe
  C:\Windows\System\cREXpwy.exe
  2⤵
  PID:7076
- C:\Windows\System\qZENcKL.exe
  C:\Windows\System\qZENcKL.exe
  2⤵
  PID:6952
- C:\Windows\System\nvUFKQp.exe
  C:\Windows\System\nvUFKQp.exe
  2⤵
  PID:6200
- C:\Windows\System\izvJdww.exe
  C:\Windows\System\izvJdww.exe
  2⤵
  PID:7200
- C:\Windows\System\DpNhBwM.exe
  C:\Windows\System\DpNhBwM.exe
  2⤵
  PID:7212
- C:\Windows\System\duLWSNM.exe
  C:\Windows\System\duLWSNM.exe
  2⤵
  PID:7248
- C:\Windows\System\fGMhwib.exe
  C:\Windows\System\fGMhwib.exe
  2⤵
  PID:7312
- C:\Windows\System\oMUyukl.exe
  C:\Windows\System\oMUyukl.exe
  2⤵
  PID:7296
- C:\Windows\System\OHDYnyo.exe
  C:\Windows\System\OHDYnyo.exe
  2⤵
  PID:7360
- C:\Windows\System\BQUeRQr.exe
  C:\Windows\System\BQUeRQr.exe
  2⤵
  PID:7424
- C:\Windows\System\esRRBfc.exe
  C:\Windows\System\esRRBfc.exe
  2⤵
  PID:7464
- C:\Windows\System\tzZWeON.exe
  C:\Windows\System\tzZWeON.exe
  2⤵
  PID:7524
- C:\Windows\System\MWyYqbq.exe
  C:\Windows\System\MWyYqbq.exe
  2⤵
  PID:7560
- C:\Windows\System\ZKsNQvq.exe
  C:\Windows\System\ZKsNQvq.exe
  2⤵
  PID:7380
- C:\Windows\System\fwdiVfD.exe
  C:\Windows\System\fwdiVfD.exe
  2⤵
  PID:7540
- C:\Windows\System\dVbmHMo.exe
  C:\Windows\System\dVbmHMo.exe
  2⤵
  PID:7592
- C:\Windows\System\sScbULv.exe
  C:\Windows\System\sScbULv.exe
  2⤵
  PID:7600
- C:\Windows\System\RpXOBxa.exe
  C:\Windows\System\RpXOBxa.exe
  2⤵
  PID:7576
- C:\Windows\System\gSwyWTU.exe
  C:\Windows\System\gSwyWTU.exe
  2⤵
  PID:7612
- C:\Windows\System\GPibEgb.exe
  C:\Windows\System\GPibEgb.exe
  2⤵
  PID:7760
- C:\Windows\System\XPrLOTJ.exe
  C:\Windows\System\XPrLOTJ.exe
  2⤵
  PID:7796
- C:\Windows\System\tfvOTUh.exe
  C:\Windows\System\tfvOTUh.exe
  2⤵
  PID:7648
- C:\Windows\System\uVDjaPw.exe
  C:\Windows\System\uVDjaPw.exe
  2⤵
  PID:7708
- C:\Windows\System\LWMqCQd.exe
  C:\Windows\System\LWMqCQd.exe
  2⤵
  PID:7812
- C:\Windows\System\dBJvNEv.exe
  C:\Windows\System\dBJvNEv.exe
  2⤵
  PID:7840
- C:\Windows\System\mgdrcDf.exe
  C:\Windows\System\mgdrcDf.exe
  2⤵
  PID:7888
- C:\Windows\System\yisrCKc.exe
  C:\Windows\System\yisrCKc.exe
  2⤵
  PID:7952
- C:\Windows\System\eupCopG.exe
  C:\Windows\System\eupCopG.exe
  2⤵
  PID:7988
- C:\Windows\System\bAxdnTz.exe
  C:\Windows\System\bAxdnTz.exe
  2⤵
  PID:8052
- C:\Windows\System\JPchFRK.exe
  C:\Windows\System\JPchFRK.exe
  2⤵
  PID:8088
- C:\Windows\System\cPHVVYu.exe
  C:\Windows\System\cPHVVYu.exe
  2⤵
  PID:7936
- C:\Windows\System\REvNmLP.exe
  C:\Windows\System\REvNmLP.exe
  2⤵
  PID:8004
- C:\Windows\System\tEeFtGc.exe
  C:\Windows\System\tEeFtGc.exe
  2⤵
  PID:8104
- C:\Windows\System\ICtOwTv.exe
  C:\Windows\System\ICtOwTv.exe
  2⤵
  PID:8180
- C:\Windows\System\TKZGbAv.exe
  C:\Windows\System\TKZGbAv.exe
  2⤵
  PID:7244
- C:\Windows\System\gukJeRl.exe
  C:\Windows\System\gukJeRl.exe
  2⤵
  PID:8128
- C:\Windows\System\hlVHGjW.exe
  C:\Windows\System\hlVHGjW.exe
  2⤵
  PID:6664
- C:\Windows\System\SHIvQfD.exe
  C:\Windows\System\SHIvQfD.exe
  2⤵
  PID:7232
- C:\Windows\System\HaMXzrj.exe
  C:\Windows\System\HaMXzrj.exe
  2⤵
  PID:7824
- C:\Windows\System\EIldPOE.exe
  C:\Windows\System\EIldPOE.exe
  2⤵
  PID:7748
- C:\Windows\System\GvTqlKb.exe
  C:\Windows\System\GvTqlKb.exe
  2⤵
  PID:7268
- C:\Windows\System\YzyQzLI.exe
  C:\Windows\System\YzyQzLI.exe
  2⤵
  PID:8020
- C:\Windows\System\CMDpGDn.exe
  C:\Windows\System\CMDpGDn.exe
  2⤵
  PID:8144
- C:\Windows\System\UiTzPgf.exe
  C:\Windows\System\UiTzPgf.exe
  2⤵
  PID:8176
- C:\Windows\System\gkphJfg.exe
  C:\Windows\System\gkphJfg.exe
  2⤵
  PID:6600
- C:\Windows\System\TDgoiDs.exe
  C:\Windows\System\TDgoiDs.exe
  2⤵
  PID:7632
- C:\Windows\System\KQqLCiP.exe
  C:\Windows\System\KQqLCiP.exe
  2⤵
  PID:7644
- C:\Windows\System\GrpZMfK.exe
  C:\Windows\System\GrpZMfK.exe
  2⤵
  PID:7872
- C:\Windows\System\pLpvKaR.exe
  C:\Windows\System\pLpvKaR.exe
  2⤵
  PID:8084
- C:\Windows\System\rHpcOvJ.exe
  C:\Windows\System\rHpcOvJ.exe
  2⤵
  PID:6628
- C:\Windows\System\NLvKtwS.exe
  C:\Windows\System\NLvKtwS.exe
  2⤵
  PID:8124
- C:\Windows\System\WRGiHfZ.exe
  C:\Windows\System\WRGiHfZ.exe
  2⤵
  PID:7284
- C:\Windows\System\zbtDdyb.exe
  C:\Windows\System\zbtDdyb.exe
  2⤵
  PID:7460
- C:\Windows\System\iBuLeYV.exe
  C:\Windows\System\iBuLeYV.exe
  2⤵
  PID:7548
- C:\Windows\System\RasalFH.exe
  C:\Windows\System\RasalFH.exe
  2⤵
  PID:7664
- C:\Windows\System\UEGsImj.exe
  C:\Windows\System\UEGsImj.exe
  2⤵
  PID:7216
- C:\Windows\System\rpQBBwW.exe
  C:\Windows\System\rpQBBwW.exe
  2⤵
  PID:7392
- C:\Windows\System\nWcqYdY.exe
  C:\Windows\System\nWcqYdY.exe
  2⤵
  PID:6712
- C:\Windows\System\byTLRyL.exe
  C:\Windows\System\byTLRyL.exe
  2⤵
  PID:7196
- C:\Windows\System\PBJeWHh.exe
  C:\Windows\System\PBJeWHh.exe
  2⤵
  PID:6380
- C:\Windows\System\brporII.exe
  C:\Windows\System\brporII.exe
  2⤵
  PID:8040
- C:\Windows\System\SmlKOnz.exe
  C:\Windows\System\SmlKOnz.exe
  2⤵
  PID:7328
- C:\Windows\System\oZDPHcH.exe
  C:\Windows\System\oZDPHcH.exe
  2⤵
  PID:8024
- C:\Windows\System\YjAeKrd.exe
  C:\Windows\System\YjAeKrd.exe
  2⤵
  PID:7628
- C:\Windows\System\IXzHFjL.exe
  C:\Windows\System\IXzHFjL.exe
  2⤵
  PID:7512
- C:\Windows\System\VecDEhS.exe
  C:\Windows\System\VecDEhS.exe
  2⤵
  PID:8204
- C:\Windows\System\JsIYnKw.exe
  C:\Windows\System\JsIYnKw.exe
  2⤵
  PID:8220
- C:\Windows\System\IBSRNSg.exe
  C:\Windows\System\IBSRNSg.exe
  2⤵
  PID:8236
- C:\Windows\System\EHLRRDa.exe
  C:\Windows\System\EHLRRDa.exe
  2⤵
  PID:8252
- C:\Windows\System\QUjyZJd.exe
  C:\Windows\System\QUjyZJd.exe
  2⤵
  PID:8268
- C:\Windows\System\ApMyUlX.exe
  C:\Windows\System\ApMyUlX.exe
  2⤵
  PID:8284
- C:\Windows\System\VGSUFvI.exe
  C:\Windows\System\VGSUFvI.exe
  2⤵
  PID:8300
- C:\Windows\System\KAOUUrY.exe
  C:\Windows\System\KAOUUrY.exe
  2⤵
  PID:8316
- C:\Windows\System\gGrZKZO.exe
  C:\Windows\System\gGrZKZO.exe
  2⤵
  PID:8332
- C:\Windows\System\HupJdNV.exe
  C:\Windows\System\HupJdNV.exe
  2⤵
  PID:8348
- C:\Windows\System\UwtVtNJ.exe
  C:\Windows\System\UwtVtNJ.exe
  2⤵
  PID:8364
- C:\Windows\System\iMiQXhB.exe
  C:\Windows\System\iMiQXhB.exe
  2⤵
  PID:8380
- C:\Windows\System\wuHYAsN.exe
  C:\Windows\System\wuHYAsN.exe
  2⤵
  PID:8396
- C:\Windows\System\GDjFwCn.exe
  C:\Windows\System\GDjFwCn.exe
  2⤵
  PID:8412
- C:\Windows\System\mGaXyuM.exe
  C:\Windows\System\mGaXyuM.exe
  2⤵
  PID:8432
- C:\Windows\System\rGZoluY.exe
  C:\Windows\System\rGZoluY.exe
  2⤵
  PID:8448
- C:\Windows\System\XOfuhso.exe
  C:\Windows\System\XOfuhso.exe
  2⤵
  PID:8464
- C:\Windows\System\kpCNaxV.exe
  C:\Windows\System\kpCNaxV.exe
  2⤵
  PID:8480
- C:\Windows\System\lqNGfsM.exe
  C:\Windows\System\lqNGfsM.exe
  2⤵
  PID:8496
- C:\Windows\System\jfXIVbS.exe
  C:\Windows\System\jfXIVbS.exe
  2⤵
  PID:8512
- C:\Windows\System\MSJyHtd.exe
  C:\Windows\System\MSJyHtd.exe
  2⤵
  PID:8528
- C:\Windows\System\ryLdAoI.exe
  C:\Windows\System\ryLdAoI.exe
  2⤵
  PID:8548
- C:\Windows\System\PQNvtaQ.exe
  C:\Windows\System\PQNvtaQ.exe
  2⤵
  PID:8564
- C:\Windows\System\aZUwzyK.exe
  C:\Windows\System\aZUwzyK.exe
  2⤵
  PID:8600
- C:\Windows\System\yjwhnYn.exe
  C:\Windows\System\yjwhnYn.exe
  2⤵
  PID:8616
- C:\Windows\System\cGMezse.exe
  C:\Windows\System\cGMezse.exe
  2⤵
  PID:8652
- C:\Windows\System\ueAbEJe.exe
  C:\Windows\System\ueAbEJe.exe
  2⤵
  PID:8672
- C:\Windows\System\RHZbpFS.exe
  C:\Windows\System\RHZbpFS.exe
  2⤵
  PID:8692
- C:\Windows\System\oxDxdsR.exe
  C:\Windows\System\oxDxdsR.exe
  2⤵
  PID:8708
- C:\Windows\System\PEEDYvG.exe
  C:\Windows\System\PEEDYvG.exe
  2⤵
  PID:8732
- C:\Windows\System\JYhoxzV.exe
  C:\Windows\System\JYhoxzV.exe
  2⤵
  PID:8748
- C:\Windows\System\lUccAjp.exe
  C:\Windows\System\lUccAjp.exe
  2⤵
  PID:8780
- C:\Windows\System\YZWuDez.exe
  C:\Windows\System\YZWuDez.exe
  2⤵
  PID:8796
- C:\Windows\System\zJuIDxH.exe
  C:\Windows\System\zJuIDxH.exe
  2⤵
  PID:8812
- C:\Windows\System\bGBcIWa.exe
  C:\Windows\System\bGBcIWa.exe
  2⤵
  PID:8828
- C:\Windows\System\ZHdsicT.exe
  C:\Windows\System\ZHdsicT.exe
  2⤵
  PID:8844
- C:\Windows\System\emDReiR.exe
  C:\Windows\System\emDReiR.exe
  2⤵
  PID:8860
- C:\Windows\System\iDNPzap.exe
  C:\Windows\System\iDNPzap.exe
  2⤵
  PID:8880
- C:\Windows\System\fQfSMRl.exe
  C:\Windows\System\fQfSMRl.exe
  2⤵
  PID:8896
- C:\Windows\System\dsviiMk.exe
  C:\Windows\System\dsviiMk.exe
  2⤵
  PID:8912
- C:\Windows\System\nOHwByH.exe
  C:\Windows\System\nOHwByH.exe
  2⤵
  PID:8928
- C:\Windows\System\eflSajU.exe
  C:\Windows\System\eflSajU.exe
  2⤵
  PID:8944
- C:\Windows\System\eywOVoB.exe
  C:\Windows\System\eywOVoB.exe
  2⤵
  PID:8968
- C:\Windows\System\oUqrYxY.exe
  C:\Windows\System\oUqrYxY.exe
  2⤵
  PID:8984
- C:\Windows\System\IeAgGxp.exe
  C:\Windows\System\IeAgGxp.exe
  2⤵
  PID:9000
- C:\Windows\System\qNwIXos.exe
  C:\Windows\System\qNwIXos.exe
  2⤵
  PID:9020
- C:\Windows\System\CwrLELN.exe
  C:\Windows\System\CwrLELN.exe
  2⤵
  PID:9036
- C:\Windows\System\NIORAEG.exe
  C:\Windows\System\NIORAEG.exe
  2⤵
  PID:9052
- C:\Windows\System\jORYJZk.exe
  C:\Windows\System\jORYJZk.exe
  2⤵
  PID:9068
- C:\Windows\System\wUNZThY.exe
  C:\Windows\System\wUNZThY.exe
  2⤵
  PID:9100
- C:\Windows\System\ChYCLCD.exe
  C:\Windows\System\ChYCLCD.exe
  2⤵
  PID:9116
- C:\Windows\System\nYftVgQ.exe
  C:\Windows\System\nYftVgQ.exe
  2⤵
  PID:9132
- C:\Windows\System\WKkCInS.exe
  C:\Windows\System\WKkCInS.exe
  2⤵
  PID:9148
- C:\Windows\System\dfpAibN.exe
  C:\Windows\System\dfpAibN.exe
  2⤵
  PID:9164
- C:\Windows\System\OIzECwX.exe
  C:\Windows\System\OIzECwX.exe
  2⤵
  PID:9180
- C:\Windows\System\OJQWzDo.exe
  C:\Windows\System\OJQWzDo.exe
  2⤵
  PID:9196
- C:\Windows\System\jKVtbAT.exe
  C:\Windows\System\jKVtbAT.exe
  2⤵
  PID:9212
- C:\Windows\System\QClAeRo.exe
  C:\Windows\System\QClAeRo.exe
  2⤵
  PID:7728
- C:\Windows\System\xAWHSIL.exe
  C:\Windows\System\xAWHSIL.exe
  2⤵
  PID:7792
- C:\Windows\System\HkpVXpM.exe
  C:\Windows\System\HkpVXpM.exe
  2⤵
  PID:8200
- C:\Windows\System\goFmqCE.exe
  C:\Windows\System\goFmqCE.exe
  2⤵
  PID:8068
- C:\Windows\System\IjHTYmX.exe
  C:\Windows\System\IjHTYmX.exe
  2⤵
  PID:8216
- C:\Windows\System\TwwmRkP.exe
  C:\Windows\System\TwwmRkP.exe
  2⤵
  PID:8276
- C:\Windows\System\dtQYdnh.exe
  C:\Windows\System\dtQYdnh.exe
  2⤵
  PID:8312
- C:\Windows\System\fvWvaoX.exe
  C:\Windows\System\fvWvaoX.exe
  2⤵
  PID:8264
- C:\Windows\System\ouNiuSp.exe
  C:\Windows\System\ouNiuSp.exe
  2⤵
  PID:8476
- C:\Windows\System\AnfpmBB.exe
  C:\Windows\System\AnfpmBB.exe
  2⤵
  PID:8488
- C:\Windows\System\xyJDylr.exe
  C:\Windows\System\xyJDylr.exe
  2⤵
  PID:8560
- C:\Windows\System\xlBbFmn.exe
  C:\Windows\System\xlBbFmn.exe
  2⤵
  PID:8504
- C:\Windows\System\SaCjsWo.exe
  C:\Windows\System\SaCjsWo.exe
  2⤵
  PID:8536
- C:\Windows\System\lEkABma.exe
  C:\Windows\System\lEkABma.exe
  2⤵
  PID:8592
- C:\Windows\System\vNnNhBA.exe
  C:\Windows\System\vNnNhBA.exe
  2⤵
  PID:8628
- C:\Windows\System\TJzWwtT.exe
  C:\Windows\System\TJzWwtT.exe
  2⤵
  PID:8644
- C:\Windows\System\bKiHKOI.exe
  C:\Windows\System\bKiHKOI.exe
  2⤵
  PID:8716
- C:\Windows\System\uwspzJi.exe
  C:\Windows\System\uwspzJi.exe
  2⤵
  PID:8524
- C:\Windows\System\YvXhFDz.exe
  C:\Windows\System\YvXhFDz.exe
  2⤵
  PID:8772
- C:\Windows\System\gtsPPac.exe
  C:\Windows\System\gtsPPac.exe
  2⤵
  PID:8836
- C:\Windows\System\fFYzPnd.exe
  C:\Windows\System\fFYzPnd.exe
  2⤵
  PID:8876
- C:\Windows\System\nDLajze.exe
  C:\Windows\System\nDLajze.exe
  2⤵
  PID:8976
- C:\Windows\System\PSxMdfg.exe
  C:\Windows\System\PSxMdfg.exe
  2⤵
  PID:9012
- C:\Windows\System\dMHFbxF.exe
  C:\Windows\System\dMHFbxF.exe
  2⤵
  PID:8956
- C:\Windows\System\YBkXHiM.exe
  C:\Windows\System\YBkXHiM.exe
  2⤵
  PID:8700
- C:\Windows\System\aLnMZxW.exe
  C:\Windows\System\aLnMZxW.exe
  2⤵
  PID:9028
- C:\Windows\System\HFvshHJ.exe
  C:\Windows\System\HFvshHJ.exe
  2⤵
  PID:9084
- C:\Windows\System\ABKLyqa.exe
  C:\Windows\System\ABKLyqa.exe
  2⤵
  PID:9096
- C:\Windows\System\WiBLUKx.exe
  C:\Windows\System\WiBLUKx.exe
  2⤵
  PID:9108
- C:\Windows\System\sDbaGcu.exe
  C:\Windows\System\sDbaGcu.exe
  2⤵
  PID:9140
- C:\Windows\System\fstSJCL.exe
  C:\Windows\System\fstSJCL.exe
  2⤵
  PID:9188
- C:\Windows\System\mIfKPYR.exe
  C:\Windows\System\mIfKPYR.exe
  2⤵
  PID:9204
- C:\Windows\System\peNrqZe.exe
  C:\Windows\System\peNrqZe.exe
  2⤵
  PID:7680
- C:\Windows\System\QQrszLj.exe
  C:\Windows\System\QQrszLj.exe
  2⤵
  PID:8212
- C:\Windows\System\CuJqTlI.exe
  C:\Windows\System\CuJqTlI.exe
  2⤵
  PID:8292
- C:\Windows\System\JbUmlzV.exe
  C:\Windows\System\JbUmlzV.exe
  2⤵
  PID:8372
- C:\Windows\System\TbzWrAK.exe
  C:\Windows\System\TbzWrAK.exe
  2⤵
  PID:8376
- C:\Windows\System\chLUxqu.exe
  C:\Windows\System\chLUxqu.exe
  2⤵
  PID:8408
- C:\Windows\System\PfdTSiv.exe
  C:\Windows\System\PfdTSiv.exe
  2⤵
  PID:8456
- C:\Windows\System\ERfiEsF.exe
  C:\Windows\System\ERfiEsF.exe
  2⤵
  PID:8492
- C:\Windows\System\DxfhEZC.exe
  C:\Windows\System\DxfhEZC.exe
  2⤵
  PID:8680
- C:\Windows\System\DZieWDa.exe
  C:\Windows\System\DZieWDa.exe
  2⤵
  PID:8760
- C:\Windows\System\SqSToHI.exe
  C:\Windows\System\SqSToHI.exe
  2⤵
  PID:8804
- C:\Windows\System\TBcobdo.exe
  C:\Windows\System\TBcobdo.exe
  2⤵
  PID:8908
- C:\Windows\System\AwxMDMM.exe
  C:\Windows\System\AwxMDMM.exe
  2⤵
  PID:8808
- C:\Windows\System\VVWabDU.exe
  C:\Windows\System\VVWabDU.exe
  2⤵
  PID:8768
- C:\Windows\System\ZsyHvmr.exe
  C:\Windows\System\ZsyHvmr.exe
  2⤵
  PID:9048
- C:\Windows\System\KehqYET.exe
  C:\Windows\System\KehqYET.exe
  2⤵
  PID:8852
- C:\Windows\System\zjYlAJq.exe
  C:\Windows\System\zjYlAJq.exe
  2⤵
  PID:8920
- C:\Windows\System\qBgODRc.exe
  C:\Windows\System\qBgODRc.exe
  2⤵
  PID:9080
- C:\Windows\System\DuvQWqM.exe
  C:\Windows\System\DuvQWqM.exe
  2⤵
  PID:9172
- C:\Windows\System\HpXXNDD.exe
  C:\Windows\System\HpXXNDD.exe
  2⤵
  PID:8992
- C:\Windows\System\MMgIwDS.exe
  C:\Windows\System\MMgIwDS.exe
  2⤵
  PID:8328
- C:\Windows\System\nLJbair.exe
  C:\Windows\System\nLJbair.exe
  2⤵
  PID:7828
- C:\Windows\System\GuVAyvv.exe
  C:\Windows\System\GuVAyvv.exe
  2⤵
  PID:6660
- C:\Windows\System\DCVtqim.exe
  C:\Windows\System\DCVtqim.exe
  2⤵
  PID:7596
- C:\Windows\System\KjTdPeI.exe
  C:\Windows\System\KjTdPeI.exe
  2⤵
  PID:8472
- C:\Windows\System\rwVHrSd.exe
  C:\Windows\System\rwVHrSd.exe
  2⤵
  PID:8892
- C:\Windows\System\qPSlipe.exe
  C:\Windows\System\qPSlipe.exe
  2⤵
  PID:9076
- C:\Windows\System\HHwtpXD.exe
  C:\Windows\System\HHwtpXD.exe
  2⤵
  PID:8636
- C:\Windows\System\nHMarBx.exe
  C:\Windows\System\nHMarBx.exe
  2⤵
  PID:8940
- C:\Windows\System\kptGVJy.exe
  C:\Windows\System\kptGVJy.exe
  2⤵
  PID:9124
- C:\Windows\System\mjuUpPy.exe
  C:\Windows\System\mjuUpPy.exe
  2⤵
  PID:9156
- C:\Windows\System\OzHzclt.exe
  C:\Windows\System\OzHzclt.exe
  2⤵
  PID:8428
- C:\Windows\System\GzJuafL.exe
  C:\Windows\System\GzJuafL.exe
  2⤵
  PID:8996
- C:\Windows\System\iSuIFCm.exe
  C:\Windows\System\iSuIFCm.exe
  2⤵
  PID:8308
- C:\Windows\System\LiJotlj.exe
  C:\Windows\System\LiJotlj.exe
  2⤵
  PID:8424
- C:\Windows\System\vZvbKWS.exe
  C:\Windows\System\vZvbKWS.exe
  2⤵
  PID:8612
- C:\Windows\System\lsxUxRn.exe
  C:\Windows\System\lsxUxRn.exe
  2⤵
  PID:9232
- C:\Windows\System\rpAfKUT.exe
  C:\Windows\System\rpAfKUT.exe
  2⤵
  PID:9248
- C:\Windows\System\HeExFJD.exe
  C:\Windows\System\HeExFJD.exe
  2⤵
  PID:9264
- C:\Windows\System\EmPxROm.exe
  C:\Windows\System\EmPxROm.exe
  2⤵
  PID:9280
- C:\Windows\System\dQzROhp.exe
  C:\Windows\System\dQzROhp.exe
  2⤵
  PID:9296
- C:\Windows\System\YLKatla.exe
  C:\Windows\System\YLKatla.exe
  2⤵
  PID:9316
- C:\Windows\System\pBkzgOm.exe
  C:\Windows\System\pBkzgOm.exe
  2⤵
  PID:9332
- C:\Windows\System\gByQwMy.exe
  C:\Windows\System\gByQwMy.exe
  2⤵
  PID:9348
- C:\Windows\System\auwUQEu.exe
  C:\Windows\System\auwUQEu.exe
  2⤵
  PID:9368
- C:\Windows\System\xkHTPLb.exe
  C:\Windows\System\xkHTPLb.exe
  2⤵
  PID:9384
- C:\Windows\System\agHVhEV.exe
  C:\Windows\System\agHVhEV.exe
  2⤵
  PID:9424
- C:\Windows\System\ZmLZpAD.exe
  C:\Windows\System\ZmLZpAD.exe
  2⤵
  PID:9444
- C:\Windows\System\geAXJuu.exe
  C:\Windows\System\geAXJuu.exe
  2⤵
  PID:9464
- C:\Windows\System\xedFtzL.exe
  C:\Windows\System\xedFtzL.exe
  2⤵
  PID:9484
- C:\Windows\System\FEBQpLD.exe
  C:\Windows\System\FEBQpLD.exe
  2⤵
  PID:9504
- C:\Windows\System\iGIbGdo.exe
  C:\Windows\System\iGIbGdo.exe
  2⤵
  PID:9544
- C:\Windows\System\FCjuBEn.exe
  C:\Windows\System\FCjuBEn.exe
  2⤵
  PID:9560
- C:\Windows\System\fWTLhrP.exe
  C:\Windows\System\fWTLhrP.exe
  2⤵
  PID:9844
- C:\Windows\System\BAwRYkO.exe
  C:\Windows\System\BAwRYkO.exe
  2⤵
  PID:9860
- C:\Windows\System\OeIiaKc.exe
  C:\Windows\System\OeIiaKc.exe
  2⤵
  PID:9876
- C:\Windows\System\kOnfZiC.exe
  C:\Windows\System\kOnfZiC.exe
  2⤵
  PID:9892
- C:\Windows\System\ETvnaIE.exe
  C:\Windows\System\ETvnaIE.exe
  2⤵
  PID:9908
- C:\Windows\System\eholXuX.exe
  C:\Windows\System\eholXuX.exe
  2⤵
  PID:9924
- C:\Windows\System\GHeMxBo.exe
  C:\Windows\System\GHeMxBo.exe
  2⤵
  PID:9940
- C:\Windows\System\KRqNRpP.exe
  C:\Windows\System\KRqNRpP.exe
  2⤵
  PID:9956
- C:\Windows\System\USdHcIi.exe
  C:\Windows\System\USdHcIi.exe
  2⤵
  PID:9972
- C:\Windows\System\nyQwOmr.exe
  C:\Windows\System\nyQwOmr.exe
  2⤵
  PID:9988
- C:\Windows\System\ltEQgfu.exe
  C:\Windows\System\ltEQgfu.exe
  2⤵
  PID:10004
- C:\Windows\System\GwnfKlE.exe
  C:\Windows\System\GwnfKlE.exe
  2⤵
  PID:10020
- C:\Windows\System\LWnwCCI.exe
  C:\Windows\System\LWnwCCI.exe
  2⤵
  PID:10036
- C:\Windows\System\wDOhkUk.exe
  C:\Windows\System\wDOhkUk.exe
  2⤵
  PID:10052
- C:\Windows\System\zbnWNTN.exe
  C:\Windows\System\zbnWNTN.exe
  2⤵
  PID:10068
- C:\Windows\System\hedBRWP.exe
  C:\Windows\System\hedBRWP.exe
  2⤵
  PID:10084
- C:\Windows\System\jLGPTQB.exe
  C:\Windows\System\jLGPTQB.exe
  2⤵
  PID:10100
- C:\Windows\System\SxIWrui.exe
  C:\Windows\System\SxIWrui.exe
  2⤵
  PID:10116
- C:\Windows\System\PyuHmey.exe
  C:\Windows\System\PyuHmey.exe
  2⤵
  PID:10132
- C:\Windows\System\PfFjboT.exe
  C:\Windows\System\PfFjboT.exe
  2⤵
  PID:10148
- C:\Windows\System\VbhlwKg.exe
  C:\Windows\System\VbhlwKg.exe
  2⤵
  PID:10164
- C:\Windows\System\GzTcHWy.exe
  C:\Windows\System\GzTcHWy.exe
  2⤵
  PID:10180
- C:\Windows\System\yLpnESv.exe
  C:\Windows\System\yLpnESv.exe
  2⤵
  PID:10196
- C:\Windows\System\GkntOSI.exe
  C:\Windows\System\GkntOSI.exe
  2⤵
  PID:10212
- C:\Windows\System\XLtPAkK.exe
  C:\Windows\System\XLtPAkK.exe
  2⤵
  PID:10228
- C:\Windows\System\vDzIPmO.exe
  C:\Windows\System\vDzIPmO.exe
  2⤵
  PID:9224
- C:\Windows\System\UzEyBsb.exe
  C:\Windows\System\UzEyBsb.exe
  2⤵
  PID:8540
- C:\Windows\System\uAQSAHY.exe
  C:\Windows\System\uAQSAHY.exe
  2⤵
  PID:7396
- C:\Windows\System\QfnSdHD.exe
  C:\Windows\System\QfnSdHD.exe
  2⤵
  PID:9288
- C:\Windows\System\GRhHEqd.exe
  C:\Windows\System\GRhHEqd.exe
  2⤵
  PID:8588
- C:\Windows\System\syYfDLt.exe
  C:\Windows\System\syYfDLt.exe
  2⤵
  PID:9304
- C:\Windows\System\HTyNATs.exe
  C:\Windows\System\HTyNATs.exe
  2⤵
  PID:9356
- C:\Windows\System\PyVVZgb.exe
  C:\Windows\System\PyVVZgb.exe
  2⤵
  PID:8688
- C:\Windows\System\BOfvUTd.exe
  C:\Windows\System\BOfvUTd.exe
  2⤵
  PID:9344
- C:\Windows\System\uYrdUKO.exe
  C:\Windows\System\uYrdUKO.exe
  2⤵
  PID:9380
- C:\Windows\System\HbHARKH.exe
  C:\Windows\System\HbHARKH.exe
  2⤵
  PID:9404
- C:\Windows\System\yGxMjvP.exe
  C:\Windows\System\yGxMjvP.exe
  2⤵
  PID:9420
- C:\Windows\System\RHdEQVI.exe
  C:\Windows\System\RHdEQVI.exe
  2⤵
  PID:9452
- C:\Windows\System\GOTUmIW.exe
  C:\Windows\System\GOTUmIW.exe
  2⤵
  PID:9476
- C:\Windows\System\ONvEfEh.exe
  C:\Windows\System\ONvEfEh.exe
  2⤵
  PID:9496
- C:\Windows\System\afzuWBU.exe
  C:\Windows\System\afzuWBU.exe
  2⤵
  PID:9524
- C:\Windows\System\lpDeWIS.exe
  C:\Windows\System\lpDeWIS.exe
  2⤵
  PID:9308
- C:\Windows\System\pKNLylh.exe
  C:\Windows\System\pKNLylh.exe
  2⤵
  PID:9568
- C:\Windows\System\qhhWLtx.exe
  C:\Windows\System\qhhWLtx.exe
  2⤵
  PID:9584
- C:\Windows\System\kvkFoKZ.exe
  C:\Windows\System\kvkFoKZ.exe
  2⤵
  PID:9616
- C:\Windows\System\yBuhQcV.exe
  C:\Windows\System\yBuhQcV.exe
  2⤵
  PID:9612
- C:\Windows\System\IlwIBvF.exe
  C:\Windows\System\IlwIBvF.exe
  2⤵
  PID:9632
- C:\Windows\System\otaBtah.exe
  C:\Windows\System\otaBtah.exe
  2⤵
  PID:9664
- C:\Windows\System\qMCbNMy.exe
  C:\Windows\System\qMCbNMy.exe
  2⤵
  PID:9640
- C:\Windows\System\jWuScvW.exe
  C:\Windows\System\jWuScvW.exe
  2⤵
  PID:9668
- C:\Windows\System\SZaGCLI.exe
  C:\Windows\System\SZaGCLI.exe
  2⤵
  PID:9696
- C:\Windows\System\fZRTwwY.exe
  C:\Windows\System\fZRTwwY.exe
  2⤵
  PID:9712
- C:\Windows\System\fDZXJCE.exe
  C:\Windows\System\fDZXJCE.exe
  2⤵
  PID:9728
- C:\Windows\System\RDPNIKs.exe
  C:\Windows\System\RDPNIKs.exe
  2⤵
  PID:9744
- C:\Windows\System\AhxhXkN.exe
  C:\Windows\System\AhxhXkN.exe
  2⤵
  PID:9760
- C:\Windows\System\QWjNPOo.exe
  C:\Windows\System\QWjNPOo.exe
  2⤵
  PID:9540
- C:\Windows\System\BwbHPcm.exe
  C:\Windows\System\BwbHPcm.exe
  2⤵
  PID:9812
- C:\Windows\System\PfCuxwy.exe
  C:\Windows\System\PfCuxwy.exe
  2⤵
  PID:9828
- C:\Windows\System\TkcmKzW.exe
  C:\Windows\System\TkcmKzW.exe
  2⤵
  PID:9808
- C:\Windows\System\fHeJBNr.exe
  C:\Windows\System\fHeJBNr.exe
  2⤵
  PID:9840
- C:\Windows\System\NURFrRI.exe
  C:\Windows\System\NURFrRI.exe
  2⤵
  PID:9888
- C:\Windows\System\aNnajLu.exe
  C:\Windows\System\aNnajLu.exe
  2⤵
  PID:9980
- C:\Windows\System\VzjrEtp.exe
  C:\Windows\System\VzjrEtp.exe
  2⤵
  PID:9904
- C:\Windows\System\xuBVbfh.exe
  C:\Windows\System\xuBVbfh.exe
  2⤵
  PID:10048
- C:\Windows\System\vaJWZra.exe
  C:\Windows\System\vaJWZra.exe
  2⤵
  PID:10112
- C:\Windows\System\RytacXc.exe
  C:\Windows\System\RytacXc.exe
  2⤵
  PID:9900
- C:\Windows\System\bqegwuS.exe
  C:\Windows\System\bqegwuS.exe
  2⤵
  PID:10124
- C:\Windows\System\LgOVOOe.exe
  C:\Windows\System\LgOVOOe.exe
  2⤵
  PID:9996
- C:\Windows\System\gzqyAbr.exe
  C:\Windows\System\gzqyAbr.exe
  2⤵
  PID:10092
- C:\Windows\System\UJWVGUQ.exe
  C:\Windows\System\UJWVGUQ.exe
  2⤵
  PID:10160
- C:\Windows\System\RwUBPUf.exe
  C:\Windows\System\RwUBPUf.exe
  2⤵
  PID:10128
- C:\Windows\System\dXiPlFe.exe
  C:\Windows\System\dXiPlFe.exe
  2⤵
  PID:10224
- C:\Windows\System\fbISkLN.exe
  C:\Windows\System\fbISkLN.exe
  2⤵
  PID:7924
- C:\Windows\System\YAumPEx.exe
  C:\Windows\System\YAumPEx.exe
  2⤵
  PID:9044
- C:\Windows\System\IoFhTpx.exe
  C:\Windows\System\IoFhTpx.exe
  2⤵
  PID:8788
- C:\Windows\System\jSVYgAq.exe
  C:\Windows\System\jSVYgAq.exe
  2⤵
  PID:9400
- C:\Windows\System\MmHhlGG.exe
  C:\Windows\System\MmHhlGG.exe
  2⤵
  PID:9480
- C:\Windows\System\RQbhCDT.exe
  C:\Windows\System\RQbhCDT.exe
  2⤵
  PID:9576
- C:\Windows\System\zPCbkNS.exe
  C:\Windows\System\zPCbkNS.exe
  2⤵
  PID:9652
- C:\Windows\System\YYyYzpR.exe
  C:\Windows\System\YYyYzpR.exe
  2⤵
  PID:9600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AVtVpiv.exe

Filesize
5.7MB

MD5
a05f9a979e52b49836fb152fc9b7500a

SHA1
353827a6c22bc1883730ff1e7dfd2645406589e4

SHA256
15fd4e67511e945081857df342c871a60537f38e6e40267b4f4f72604b6b35fe

SHA512
4a5594e3291d709b926d9efe1193824cdd768258942fd1a061ea2e47b223c89ff85f0a9dcb1ddad7785d5f81e30e3edb2cd33f3d736edb396326098a3b7b6c17

Download Submit
C:\Windows\system\AcFfgoj.exe

Filesize
5.7MB

MD5
2df9412ff4b3adb77ac1690e72f7d8d0

SHA1
04429a77fa7e8ad6768a1cc8ef09c0ed5d6c7942

SHA256
19b986593b9c3993f98b6fd7e3ba6f4c42aeb63f6e5f1aad3999a614a9ccb64d

SHA512
a4c9a51d990825924fcdfa8a5180f0fe633b82af598a8ffde57ef2866af656f4f783cc00624c750449fbf85e834a942182eab025b637224351989c73baed0dfb

Download Submit
C:\Windows\system\FDXWaMY.exe

Filesize
5.7MB

MD5
84c3fadd6c6980df0a7ec335f02d67b2

SHA1
aafc701d680b3e57ad9353b084af5ac1f15d56a1

SHA256
47643955e6a68cdb2c80035b2988b2108b13739bf04489eafbfd340c3e2791ee

SHA512
9a665064d3d27650a739f0179cf180a66ef524c9c5e8b30e5766a07e330895514624e566d7837b891ceeb5145b85e998c290d7822750bcd742000b92ce0b952b

Download Submit
C:\Windows\system\HfGqKTK.exe

Filesize
5.7MB

MD5
071dd284f5006f9f14ef506f78afe6b8

SHA1
484bf8ebf5fcd258f4e37419fdd8603a54000072

SHA256
efbf798f648cfabed5115a937ea871e1345b15f7e174291327beb2d5fa70cda7

SHA512
278ecc44a6fe0f9bfaa87b8b8d99e037064dbc3f9161f743da894f4e8d0be14f14efc53624f4a1dc0acc005eff5bdf7b1e69025e1ef63bdde6417bfb397eb12a

Download Submit
C:\Windows\system\HkZPfrX.exe

Filesize
5.7MB

MD5
b101670577653d0b41f479799883fba7

SHA1
8677a286a46b78e925eb7c4f31120739895261a1

SHA256
ef075a37e9bc76c0edd56766cc2b6e358d60d6b2c0208c79d4dc4bde8e12fafe

SHA512
334843ef59e395260f019eb566c3ebd10ea0ea3afa0dad75cdf7e64158b119cb103dec1708fb545008270c7e9eca84f000f31d066a0666d4f040ce6e0478a11a

Download Submit
C:\Windows\system\KhlAWZE.exe

Filesize
5.7MB

MD5
73be4a78b761c8fb62e77e525207555d

SHA1
cbc276458a8ed5844f47a51f27ca86f8706dbea2

SHA256
d960506d6f362b8a74fdb94e3c1e3222a89ead527f8ff179e688000900caf4fa

SHA512
75a53d5bb4862d973c613a3f2db45ee382638d553e6bf89e86db7c60b773272eba53edeb9a581042b33aae498a8a62b36d5d01b15c509dd06e23cbe84acee6d8

Download Submit
C:\Windows\system\NRwlbyD.exe

Filesize
5.7MB

MD5
1c6bf4f5972f56715952d90c7871714a

SHA1
637c4e43d21cc832005cafce2a03d0bb674bf038

SHA256
939694d63b6bab1d5be1b8dd44dfaabe85d37b50f6de16bada6a568585497015

SHA512
9e4a8bd66049e0319fd121c921f2395b1eea59ea4853719bf71d597c523a614b275871cde7f48c95e046609003c13c57d13fcac429d698f872447a685e8d8ec5

Download Submit
C:\Windows\system\OhgmthA.exe

Filesize
5.7MB

MD5
47bf1d09f5cfe1ecaee0efa9c240fcbd

SHA1
fec25075025f428c8b5f606d351c24d5983cb656

SHA256
48c97ce62aa0278d972a768bc99bb399178ea2218b4af0fa9df55ccefdec12c3

SHA512
9c29b45e0a6a0eb452741d3ae2d4a65c7f314004ae869131d405f81ff314c9b5800e2fe7c119d4c6d80b10bcd9fee22a9cfc1bad61f1a0bffd19b2dceef31ab8

Download Submit
C:\Windows\system\SXcehqG.exe

Filesize
5.7MB

MD5
ea04630e5b479f53645236aa3901bb0c

SHA1
9f44c0ddef04ab245fe9eb86fee54ce8d6804b12

SHA256
f11447ddfdc15d7ef3f887e2c5de53f4d5ca7703d7f54865e1fdc6b4978083a9

SHA512
4019f8d287cadb40c309b0b854ccf1744bec4d55d85d678179a544fd1d950f4f576b1e7e1633509a9698a7d584e3253c0ace0007bca6c1dcc536e432c60c594a

Download Submit
C:\Windows\system\SZBACQO.exe

Filesize
5.7MB

MD5
91005dea4fa609cf15a869268fa8db9a

SHA1
6d886cb511e4b1ecf4f5512d06ef52b7f022d8d7

SHA256
7f7eaecb86629cb99fefbc32310a6c171f8ad4af17a60760deb28fe2a45586ac

SHA512
5832fd5784c89bd6c544993d066e6ed0c930063153a6a095f4f6894dc5bd7ccabee0fea71dc83319f36ec90810fa8fe972ecc20771982b930b1fc82374b8c8eb

Download Submit
C:\Windows\system\TGIHrcn.exe

Filesize
5.7MB

MD5
2e401fc94f05f003030fdb9ebc9f9868

SHA1
a851d3421ab8a3380f366fc8251f8c580202d3df

SHA256
6a2c3894c6963d0317d3f4d928d669beb51067fedef8f82830e20966cc447a21

SHA512
184d3f7ff33854bb60ca91ff0cbdb9fec24e1807b024981a4a0ba437c02f7e0722f6decf01c490c95be54266d52fdf4c845c283c1c98dbe76fea7c8076d7a87d

Download Submit
C:\Windows\system\ZeMPlRg.exe

Filesize
5.7MB

MD5
9ead84fc79838af75b73ada7681a6712

SHA1
2e38db763e5fe91b7fb361ae9566b8f53e26d872

SHA256
3b0e1e9f967777b9342cc86ce52400db02690f4c4a7150ac2fd76f0b887f505e

SHA512
009c63bc5bacaae9823e7aaf1296ea4cbd7567da16e8d65eb0b311835925ec5cea5295fbfe36549926f80e55a7f9f7e74affe4993aad09924f624e33dc1f89be

Download Submit
C:\Windows\system\alYhxfv.exe

Filesize
5.7MB

MD5
ceb5de732fd11892e9dd1311a6668931

SHA1
d190f96a9c9b6d1ce40e54c3939996043e4deb6a

SHA256
f119095f80610a7551b9e5eff636347d02cc8a1b317505c0813ea840a69a134b

SHA512
5fd1c0d9b2389981fef465d2f80fb6e12bc1471f76cff282cbd76561c436ca0b1cdb8cd92d883c5d3e72ad4f7e0bee03c763cb294ab29ee438a14c5e0883bf24

Download Submit
C:\Windows\system\auDDIzl.exe

Filesize
5.7MB

MD5
e65bfff4246e2ca49187376a45757a88

SHA1
c987b1da3f477ae1a570762a478c13c1f5b667a7

SHA256
87a8ffd017e4a297b17f776849de54c482894266f2379de24988c9418dac50a9

SHA512
f380d8d590328292844c5c5cc85a8d908162af6b1becc220de5351834b1c360cf538b34eac751e07ee87f64c996e8e21f1d6c5bcf69c8f628e171d1c613191d6

Download Submit
C:\Windows\system\cfABvin.exe

Filesize
5.7MB

MD5
3827f28eb73af91db4fe755458d8df0b

SHA1
25e58261a8216dd309359bc42f72732fbdd50955

SHA256
2d1cc742ecb9735ec7c9bfc6c3cc9ff77df9d521a7fa672c3e07e01af82a4eeb

SHA512
3f3f88bd1be3e881af75c0d09338caeec98e08755e7530a865435d3ae4b2c9eae2edda473eebb49b2bc1cb4554a769c57eaee5b4df5b6c1e9ce317a3aa53bffd

Download Submit
C:\Windows\system\cgOqnuC.exe

Filesize
5.7MB

MD5
0ab41d54a28cbceff3354fba00475beb

SHA1
13d490ec78c84cdcf14b8e7877797280c9d86039

SHA256
a97e9ea5e3219c36629a109696247d56093b25632f994fa4ed0c9c393ea0dacd

SHA512
db5c32d3d59c2d3f049ea63e174e133f470005815e46205883bb06b073989e9b121e6044fa659379d12b10cbf09f98e9330873d1e67c85803e9baee4698be883

Download Submit
C:\Windows\system\fkRnybW.exe

Filesize
5.7MB

MD5
8aa861e40c75b27c9cca9f3304f24858

SHA1
3c94383acbd6b00e039136a1c3dba74b6d96192b

SHA256
4486cfc348eea261dec022b34c6cd143bbf8c5548a8f69d18c42cc1c9a861180

SHA512
60141bb8fe9f4295696b30de72a9c13473b814effa23b4933604aa3d73f51469d4f0dd6a3e8dfbe4221bfd0ec120fbb30050137fe118a778613a47f991ac7a92

Download Submit
C:\Windows\system\gwJpTcb.exe

Filesize
5.7MB

MD5
05efb6aa6d59100c91d46d7ea50c353a

SHA1
3128e8587a8c1bc2f96bd40e688beae69b135652

SHA256
2b0f824cef9ae682c87f4c85adfc1e0953c96466986ae33de235d21bbb68f45c

SHA512
15d54e3b8260af557b4f3ae0fcccdd6556f05f94f17bf3b8f1094543a6299cdc7b39f082e6de5a4497fd467b02a867c83670fa2b39b6119ff319cf5acbc9be0e

Download Submit
C:\Windows\system\mLDTzig.exe

Filesize
5.7MB

MD5
d03f850de4c580cdafc6272dca0af508

SHA1
2cfd81045eac22f71faed6f52e1882d7daf1967a

SHA256
8f3fb9da99b8d05ebb6dd346b6dce091c5606ae75ab7719df3e6819f7860c1cb

SHA512
8b8af8a95abeab636882f8a1d2ecf2cb32e2f04ddabeef7073fac769eac409fe46f42d9a1d3c2bccee9808dcdfbac7f55f66af15e2b6e0d99b40715ddc356a73

Download Submit
C:\Windows\system\rsHnjDS.exe

Filesize
5.7MB

MD5
a1839907a37c53fd77a2ab391b6ac564

SHA1
dfd09321041d1874d68f107f3644dfca8c699ba3

SHA256
4ed40571d51436667d431a88c89fe3332f984a663d8802a375ed6ddaede0e913

SHA512
aea3fdd4e30ca9ae1708bf4eec1163434ed745ec476bbf18279f1b9f926cd01ed1284a00c3f4cc73de543782314e95eeed85e43a291e835a2a3fe5f6232a3a08

Download Submit
C:\Windows\system\tgsaUyz.exe

Filesize
5.7MB

MD5
985830efa763c8321f5e462228260ffb

SHA1
006e4edf488b214942623b25dae6876ce9e29f37

SHA256
cb49f266d30329304820198012f80b463e68d63450d558953889206a50528c76

SHA512
8e4dc8e87b3eba937a9085412ee7346e6b33129a3c13f9fc595150e6047faf0f7c6cb6153333afb2d3a95e9eb3ee627675de0a55af9c76ec6061dc92ea4d96e1

Download Submit
C:\Windows\system\wphKOeH.exe

Filesize
5.7MB

MD5
8b9592918fe7c727d67b49f331822f5e

SHA1
9c9bbca009efffd2d26486346cbee32793db92ab

SHA256
abe7307fbc6c2fc13b2a968a4d6a4505edc6a78b3ce86ee10012b87eae78e605

SHA512
908d71c82174f7af41d762f7a29ea61f2c5730a71504da1517d318516e3ba597adc36e3323d5f98e9887c5a462175ead268a7f4ab6ffb7b57cb18a8c1d0be511

Download Submit
\Windows\system\BaoTjdE.exe

Filesize
5.7MB

MD5
e3c9b9655b7a03d589dec2f4660d6ac4

SHA1
dea589a33d393596436283d69e3e0ef47206fb83

SHA256
896f379f82207a1d58552be7aeb241806b0f56e991af835ce61ff73182c4226c

SHA512
7c1214426f1ea120e18dcbceea698cad1833f0be13a0e76a8999ff545e64911f68bccbcd6da0e124f6c0d6ddc0ae13eeb4b530181ff1beff30d4664e82463cf4

Download Submit
\Windows\system\EfgkGnx.exe

Filesize
5.7MB

MD5
63bf526c3b169163dd13ed4fe97d6ce9

SHA1
6e334993f52bc33f277bec6e9cce105bc7012b41

SHA256
90b32ba2c613bc2eb9c7e4a30875a59ec91cd17123b0d12b4fc866a753e196b9

SHA512
a4965d24cc11322c47416b254931b06a91e98cb5134395e61c972d296dcd88923e8afc9a4bf597ff710a9993dfe2b76013b48e869986b675365452c951f4e125

Download Submit
\Windows\system\HvvczWP.exe

Filesize
5.7MB

MD5
2be3d17d93318fcf063bc9c9e3572e1f

SHA1
1a951eb0e6070346f4bd3afa84243d7571b2e9e9

SHA256
b486d28a8395166683dd987606801689941d53c33a5e824644f6040813a1db18

SHA512
4a630ecfac518663bca99b0b68981cee6670da76de0ae6c7ab8527daac75b60c70b14123a0b1aa7e7bc625c733562a74db19b481683a609d39c9f0a02d430baa

Download Submit
\Windows\system\TcTNTwm.exe

Filesize
5.7MB

MD5
1266fbd6ad6dcc66d92de7ae477424fe

SHA1
69912c87cd13885a4114c6eeba875184352b385c

SHA256
698b6b33077b589f846a6fcb61cfb9fe2e6694aa5dbdd1b875b56b51942d592f

SHA512
5066aba409ded99fcb883c63a53609f2143f9944c8d10a8ce018a1827f731e41b2bf9465ff4a87e979679425dccbc63f6bd1eb10c045a2330355aa97a635bfdf

Download Submit
\Windows\system\UStTzqp.exe

Filesize
5.7MB

MD5
359b6e7abed93f03522c8ed817e466f0

SHA1
464269c3c1028f61c254f03638b8263d553cb88e

SHA256
f5180e2a4f3cdced461465280ce0331a9c4a59f0a10d022276c4a9d1d1f575cd

SHA512
89a3979e6606bcfd3759b1ac7ea7e7ab4b592af1bbc2eaf5d5c4d15ea55e6f9f0dbbf3574dc00f16549a76113b7918db549dab823bbaf0ab1d3485b56270bfe0

Download Submit
\Windows\system\WtMkUmd.exe

Filesize
5.7MB

MD5
b06b451ed28503138fbbf64b6902e609

SHA1
e343d9abdfa44e57fe2d765d6d237670b80009d1

SHA256
d4f6d1e9a48fbc4bc072eb89e3db12d25d7ae055716534aea9d0504d0187a409

SHA512
69ffe7ec1685803861e636e0d1560e7d337d188ccdd267c4173f6dbb81fdda81451fec214940fcd37ad322cb5a2bdc2e47a9db315873776af9ffeebcdd9c9cc7

Download Submit
\Windows\system\ZBVBLBH.exe

Filesize
5.7MB

MD5
01f94f471333cf6192fdcf653a74049d

SHA1
f2431771c0e7f0b020f10c1e5d3afd4114b4b99f

SHA256
2e0be89f7404e379877637ecd76ed24432a04f381824e90b02364fdcd6d95dd3

SHA512
64e3f8f8f07966c82ccd36d96fde7b30b7e1e9ef1b1e9dbba7e6bf9e9ceb1ade784e0583c99e61bcff641f1ab00915ee80069faa1730fffd0d604e53ed3a5c61

Download Submit
\Windows\system\ZcKLHDl.exe

Filesize
5.7MB

MD5
671325795d089b236df22091099e943f

SHA1
891e8c709047507e0455529d5ab7cf67ccc6f040

SHA256
88175b70e778242c1023a1a4c13f42d6a9d0854e0b39d293303ad7eae64bd752

SHA512
21c4f2196ad516fe950f6f8825ee0fd5c7114eb5ed71d95ab46ec38fd84ff22ba84c471f715c6b124b446c2f8f80d38369e1c327d4b0cba6aa9281d6ef2bae01

Download Submit
\Windows\system\anSrWKQ.exe

Filesize
5.7MB

MD5
6bc16dd71b864d00efcc92df0f6769be

SHA1
c63d609af0d612884714997e826f393cdd26b28d

SHA256
befe1529f45ae85c81add62b0c32f96e12dd65befe72e1bab02d9d6b10018973

SHA512
9ac418edc915b198d48918a1db9c97092a82e8bd4ae89ea4bca5521e0b530677052b980633e166fbbba29134f97ec680efe1f5133bd7088f9ea9503ee3beeb32

Download Submit
\Windows\system\cJcZSNO.exe

Filesize
5.7MB

MD5
c5fd47c052af2fb438f28d63b197f76a

SHA1
fedc8986edb4586b6c540dc4fbf9bd5628d70e1a

SHA256
4af7396ba57f498e4aa6a24faccf842b4acd860015548fc1893a9ed74e327fa9

SHA512
b411f3d142ab0f26e078a7a4a73b44695c82da35bea91aa194041f5cd14b9df6f457a4975e56cbff8ff92e5bca8bb88851420ca2071679a922abc3f2d0ad57b6

Download Submit
\Windows\system\duwPIMX.exe

Filesize
5.7MB

MD5
4ec39e362a281c5565af9f99ea839936

SHA1
441db0ecec0308964b4e1479747c2b6f317aa634

SHA256
74e0a31aebc42577cbf037a47cf4225606b1fe6671593f8c50f8f2485dfc834c

SHA512
94300f0ee61302cf28b0ba18b4ab316d4b90e8cfe1a34e7a97e6e4086977c0b90615d1343d78dbfc850a8c0170fe7496fa225cbc3cd23c3fc4ac02152f040af1

Download Submit
\Windows\system\oxAWeqX.exe

Filesize
5.7MB

MD5
07d3b5ae71fb19ab76d846e6cac0ef86

SHA1
0376e0e07924a6681b61c50be0ed3176dccf41fc

SHA256
ca0d9521bc8cc3e16be45d70585ff6a4baeb6f359a50a2d7555f7e0b764d1261

SHA512
3ad4a32229282c2d59583f913d19cd240cecda92fe04d0bc602f5ed99aa7b779cd9217906e94b116ebb6e66ffcbc2ad0be45bbeb4677bb2fb84ad0910a34bd3f

Download Submit
\Windows\system\rQzVsLs.exe

Filesize
5.7MB

MD5
3378169fe3ed4e69267f8fdb62f0e30e

SHA1
380bdfab443995645d31d9b9cd052276c48dcc45

SHA256
cf878e9003934ceac505889d08e0c54f44089eaa79953ec6a96df8e116a12d5d

SHA512
945c04b68f1146e2a6148c05523ec324590648b0dbde583f5b54e61fd8e381f773f96f62b61015a9dc16a6f56cafd34ffa351d31a4451fe72c2a895d0a9beacc

Download Submit
\Windows\system\zvelayP.exe

Filesize
5.7MB

MD5
3ad4b295e058c8aa1677fb01b0a955ea

SHA1
53bad1703e1938da5bde6ffe5565af28fb28ff11

SHA256
aad04d6ebf6cb59ffea22b96d9e06cd7f25cbdf77c254ca3ebcb977ff98926ce

SHA512
48f11bfd57a92377632f2800a4049bdfdf06b4713e02131f519ed7a50a51f3e26da753cfd8087ab84447f3f3dbacc2a6ca245c20802e704b6ba715090ed52c7a

Download Submit
memory/572-290-0x000000013F040000-0x000000013F38D000-memory.dmp

Filesize
3.3MB

Download
memory/804-85-0x000000013F990000-0x000000013FCDD000-memory.dmp

Filesize
3.3MB

Download
memory/820-224-0x000000013F5B0000-0x000000013F8FD000-memory.dmp

Filesize
3.3MB

Download
memory/824-18-0x000000013FCC0000-0x000000014000D000-memory.dmp

Filesize
3.3MB

Download
memory/1120-73-0x000000013F7F0000-0x000000013FB3D000-memory.dmp

Filesize
3.3MB

Download
memory/1440-229-0x000000013FC50000-0x000000013FF9D000-memory.dmp

Filesize
3.3MB

Download
memory/1848-137-0x000000013FF30000-0x000000014027D000-memory.dmp

Filesize
3.3MB

Download
memory/1904-100-0x000000013F140000-0x000000013F48D000-memory.dmp

Filesize
3.3MB

Download
memory/1940-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1940-0-0x000000013F6F0000-0x000000013FA3D000-memory.dmp

Filesize
3.3MB

Download
memory/1944-79-0x000000013F290000-0x000000013F5DD000-memory.dmp

Filesize
3.3MB

Download
memory/1960-109-0x000000013F3B0000-0x000000013F6FD000-memory.dmp

Filesize
3.3MB

Download
memory/1964-128-0x000000013FD40000-0x000000014008D000-memory.dmp

Filesize
3.3MB

Download
memory/2016-169-0x000000013FCD0000-0x000000014001D000-memory.dmp

Filesize
3.3MB

Download
memory/2108-67-0x000000013FDB0000-0x00000001400FD000-memory.dmp

Filesize
3.3MB

Download
memory/2232-160-0x000000013FBF0000-0x000000013FF3D000-memory.dmp

Filesize
3.3MB

Download
memory/2288-91-0x000000013FBE0000-0x000000013FF2D000-memory.dmp

Filesize
3.3MB

Download
memory/2428-193-0x000000013FBB0000-0x000000013FEFD000-memory.dmp

Filesize
3.3MB

Download
memory/2484-118-0x000000013F950000-0x000000013FC9D000-memory.dmp

Filesize
3.3MB

Download
memory/2516-149-0x000000013F830000-0x000000013FB7D000-memory.dmp

Filesize
3.3MB

Download
memory/2612-61-0x000000013F640000-0x000000013F98D000-memory.dmp

Filesize
3.3MB

Download
memory/2632-43-0x000000013F540000-0x000000013F88D000-memory.dmp

Filesize
3.3MB

Download
memory/2688-14-0x000000013F6C0000-0x000000013FA0D000-memory.dmp

Filesize
3.3MB

Download
memory/2692-225-0x000000013FF50000-0x000000014029D000-memory.dmp

Filesize
3.3MB

Download
memory/2712-37-0x000000013F750000-0x000000013FA9D000-memory.dmp

Filesize
3.3MB

Download
memory/2760-55-0x000000013F050000-0x000000013F39D000-memory.dmp

Filesize
3.3MB

Download
memory/2820-25-0x000000013FA90000-0x000000013FDDD000-memory.dmp

Filesize
3.3MB

Download
memory/2844-53-0x000000013F9F0000-0x000000013FD3D000-memory.dmp

Filesize
3.3MB

Download
memory/2884-15-0x000000013F670000-0x000000013F9BD000-memory.dmp

Filesize
3.3MB

Download
memory/2892-132-0x000000013F930000-0x000000013FC7D000-memory.dmp

Filesize
3.3MB

Download
memory/2912-226-0x000000013FCF0000-0x000000014003D000-memory.dmp

Filesize
3.3MB

Download
memory/3020-31-0x000000013F6B0000-0x000000013F9FD000-memory.dmp

Filesize
3.3MB

Download
memory/3040-154-0x000000013F410000-0x000000013F75D000-memory.dmp

Filesize
3.3MB

Download
memory/3052-228-0x000000013F3F0000-0x000000013F73D000-memory.dmp

Filesize
3.3MB

Download