cobaltstrike | df9d5ff15669b92f0943e29d1cd74fc65a280e08b09567753c42278204bc3867

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
26-12-2024 11:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

c0be6da9b85793703988b2a77bacb7aa
SHA1

452947f08cb6511e6a11a4d80af407fc2cbcec25
SHA256

df9d5ff15669b92f0943e29d1cd74fc65a280e08b09567753c42278204bc3867
SHA512

61b8655d433e3e88fc1fa6341a22861311375cdaabdb686fc3310f3e2199f2449f6c4451e0d183f93255888933da0c6b5a3439409f04bd73ad82a16c56159632
SSDEEP

98304:XemTLkNdfE0pZrD56utgpPFotBER/mQ32lU/:O+q56utgpPF8u/7/

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00090000000120f9-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d49-11.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d5a-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017342-39.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019371-111.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000191df-70.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001937b-126.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193a8-138.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001948d-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958b-167.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-161.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001945c-154.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193f0-150.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193e6-146.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193d1-142.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001938e-134.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019382-130.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019369-106.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019329-98.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001921d-91.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019214-77.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000191cf-65.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000017355-64.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019345-114.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019232-104.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019219-84.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000191f8-83.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000191d1-76.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001739f-58.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017349-45.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d71-38.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016f45-31.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2272-0-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x00090000000120f9-6.dat	xmrig
behavioral1/files/0x0008000000016d49-11.dat	xmrig
behavioral1/files/0x0009000000016d5a-12.dat	xmrig
behavioral1/files/0x0007000000017342-39.dat	xmrig
behavioral1/files/0x0006000000019371-111.dat	xmrig
behavioral1/files/0x00060000000191df-70.dat	xmrig
behavioral1/files/0x000600000001937b-126.dat	xmrig
behavioral1/files/0x00060000000193a8-138.dat	xmrig
behavioral1/files/0x000600000001948d-155.dat	xmrig
behavioral1/memory/2560-259-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/3032-410-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/1276-415-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2928-414-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2880-413-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/1884-412-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2636-411-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2272-416-0x0000000002420000-0x0000000002774000-memory.dmp	xmrig
behavioral1/files/0x000500000001958b-167.dat	xmrig
behavioral1/memory/2580-164-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2948-163-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/files/0x00050000000194e2-161.dat	xmrig
behavioral1/files/0x000600000001945c-154.dat	xmrig
behavioral1/files/0x00060000000193f0-150.dat	xmrig
behavioral1/files/0x00060000000193e6-146.dat	xmrig
behavioral1/files/0x00060000000193d1-142.dat	xmrig
behavioral1/files/0x000600000001938e-134.dat	xmrig
behavioral1/files/0x0006000000019382-130.dat	xmrig
behavioral1/files/0x0006000000019369-106.dat	xmrig
behavioral1/files/0x0006000000019329-98.dat	xmrig
behavioral1/files/0x000600000001921d-91.dat	xmrig
behavioral1/files/0x0006000000019214-77.dat	xmrig
behavioral1/memory/2272-66-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x00060000000191cf-65.dat	xmrig
behavioral1/files/0x0009000000017355-64.dat	xmrig
behavioral1/memory/2592-117-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019345-114.dat	xmrig
behavioral1/files/0x0006000000019232-104.dat	xmrig
behavioral1/memory/1276-90-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2928-89-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2880-88-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/1884-87-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2636-86-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2272-85-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/files/0x0006000000019219-84.dat	xmrig
behavioral1/files/0x00060000000191f8-83.dat	xmrig
behavioral1/files/0x00060000000191d1-76.dat	xmrig
behavioral1/memory/3032-60-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2580-41-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2948-40-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/files/0x000800000001739f-58.dat	xmrig
behavioral1/memory/2560-47-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x0007000000017349-45.dat	xmrig
behavioral1/files/0x0008000000016d71-38.dat	xmrig
behavioral1/memory/2592-36-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2272-34-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2784-33-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016f45-31.dat	xmrig
behavioral1/memory/2684-30-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/2820-20-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2684-3585-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/2592-3590-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2784-3594-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2580-3615-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2784	MVYoviv.exe
2820	lfttdJE.exe
2684	cZNLmkX.exe
2592	OihIofc.exe
2948	MmRFjsP.exe
2580	ojKypiw.exe
2560	hOJVoyS.exe
3032	rrcZljp.exe
2636	BnZsmGL.exe
1884	yUkOLOW.exe
2880	DryUVCi.exe
2928	MNCSsjk.exe
1276	knJClCq.exe
2068	TVgIRbs.exe
760	bTusKjH.exe
2620	zdEADPH.exe
2932	zgZaOmb.exe
3048	vmIljeI.exe
1128	itzTlFF.exe
2376	rkaEQof.exe
1636	EQqUZGd.exe
1316	dzSeVGr.exe
1960	mrqLetK.exe
2252	vKNXnCp.exe
2284	xSJRcBR.exe
1792	Yvlbajn.exe
1004	HtfSbro.exe
404	dinvtZq.exe
1988	PtXlHfw.exe
1860	EsUCtCR.exe
960	apXVGdJ.exe
2516	ZNgQcxm.exe
912	biacWRp.exe
1708	WDhOdbT.exe
1256	DMuCvYP.exe
564	xhFeIZr.exe
2428	LjrrVGf.exe
1336	vfLZvOB.exe
2316	teUCILF.exe
1480	WHetJcg.exe
272	WChwoSS.exe
1692	vhDZwhh.exe
3016	YBSlVNr.exe
996	TgrmhiS.exe
376	uATHUYW.exe
1632	kLmavVC.exe
2028	nCCMLNT.exe
1264	CZsgUfl.exe
2348	XoAhbgq.exe
1648	DnmqZHp.exe
2328	aqMsSkI.exe
1880	PmSoDPd.exe
2452	DgXUHuk.exe
2456	hQmivAs.exe
904	BZfKTiD.exe
2220	HxGAfoX.exe
2992	WdWcChu.exe
2344	hJpGgMP.exe
1588	LlMXhZF.exe
2468	GKBTsLg.exe
2808	pvAPwpR.exe
2564	onzdvpx.exe
2584	KincnPi.exe
2720	mEeRBCr.exe

Loads dropped DLL 64 IoCs

pid	Process
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\tesiyUd.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NbTHrLM.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rYAolHP.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VEvslXO.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gsozmyq.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VisltKk.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NQUuRPh.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PfSbvjR.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZbRHJgL.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VzednZf.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WkWZpaP.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XidbqoL.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FuBGXzO.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qRDrcao.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qzXjMTZ.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yjGoQqa.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zJYLcZR.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SclTwFw.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YSHWOcq.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CuOEzgt.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EQqUZGd.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HTVYUms.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dXpDpGM.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vddgrba.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EEXFncp.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WdWcChu.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uHSpNdR.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aHKEvHW.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CmgOFoT.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qGyceYV.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QsNeHht.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tpsWJhN.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vYGXgPQ.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cbfDzhG.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FuLJrOG.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WkNuvHb.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZNgQcxm.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xiZvZuR.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XorYtYO.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IBFTijR.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gspYctR.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Viccspn.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OpaEbpd.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zOzbqhr.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CXWfwej.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NUvPZGn.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vtcNgjG.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dnmkmwv.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UKbeOGW.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XbUiHsS.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iygCyIt.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BnBYfga.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eXcPAHa.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NITEUjz.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NufjrLj.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\InxGaTq.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rLmNrqB.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XyILoED.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EoFNCZm.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hUyAdXg.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BHNrHRh.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cdAZvIR.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xCPdIAI.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CErIOMo.exe	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2272 wrote to memory of 2784	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2272 wrote to memory of 2784	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2272 wrote to memory of 2784	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2272 wrote to memory of 2820	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2272 wrote to memory of 2820	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2272 wrote to memory of 2820	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2272 wrote to memory of 2684	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2272 wrote to memory of 2684	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2272 wrote to memory of 2684	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2272 wrote to memory of 2948	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2272 wrote to memory of 2948	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2272 wrote to memory of 2948	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2272 wrote to memory of 2592	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2272 wrote to memory of 2592	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2272 wrote to memory of 2592	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2272 wrote to memory of 2580	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2272 wrote to memory of 2580	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2272 wrote to memory of 2580	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2272 wrote to memory of 2560	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2272 wrote to memory of 2560	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2272 wrote to memory of 2560	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2272 wrote to memory of 2636	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2272 wrote to memory of 2636	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2272 wrote to memory of 2636	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2272 wrote to memory of 3032	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2272 wrote to memory of 3032	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2272 wrote to memory of 3032	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2272 wrote to memory of 1884	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2272 wrote to memory of 1884	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2272 wrote to memory of 1884	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2272 wrote to memory of 2880	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2272 wrote to memory of 2880	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2272 wrote to memory of 2880	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2272 wrote to memory of 2932	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2272 wrote to memory of 2932	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2272 wrote to memory of 2932	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2272 wrote to memory of 2928	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2272 wrote to memory of 2928	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2272 wrote to memory of 2928	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2272 wrote to memory of 3048	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2272 wrote to memory of 3048	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2272 wrote to memory of 3048	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2272 wrote to memory of 1276	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2272 wrote to memory of 1276	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2272 wrote to memory of 1276	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2272 wrote to memory of 1128	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2272 wrote to memory of 1128	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2272 wrote to memory of 1128	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2272 wrote to memory of 2068	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2272 wrote to memory of 2068	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2272 wrote to memory of 2068	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2272 wrote to memory of 2376	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2272 wrote to memory of 2376	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2272 wrote to memory of 2376	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2272 wrote to memory of 760	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2272 wrote to memory of 760	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2272 wrote to memory of 760	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2272 wrote to memory of 1636	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2272 wrote to memory of 1636	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2272 wrote to memory of 1636	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2272 wrote to memory of 2620	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2272 wrote to memory of 2620	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2272 wrote to memory of 2620	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2272 wrote to memory of 1316	2272	2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-26_c0be6da9b85793703988b2a77bacb7aa_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2272
- C:\Windows\System\MVYoviv.exe
  C:\Windows\System\MVYoviv.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\lfttdJE.exe
  C:\Windows\System\lfttdJE.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\cZNLmkX.exe
  C:\Windows\System\cZNLmkX.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\MmRFjsP.exe
  C:\Windows\System\MmRFjsP.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\OihIofc.exe
  C:\Windows\System\OihIofc.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\ojKypiw.exe
  C:\Windows\System\ojKypiw.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\hOJVoyS.exe
  C:\Windows\System\hOJVoyS.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\BnZsmGL.exe
  C:\Windows\System\BnZsmGL.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\rrcZljp.exe
  C:\Windows\System\rrcZljp.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\yUkOLOW.exe
  C:\Windows\System\yUkOLOW.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\DryUVCi.exe
  C:\Windows\System\DryUVCi.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\zgZaOmb.exe
  C:\Windows\System\zgZaOmb.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\MNCSsjk.exe
  C:\Windows\System\MNCSsjk.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\vmIljeI.exe
  C:\Windows\System\vmIljeI.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\knJClCq.exe
  C:\Windows\System\knJClCq.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\itzTlFF.exe
  C:\Windows\System\itzTlFF.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\TVgIRbs.exe
  C:\Windows\System\TVgIRbs.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\rkaEQof.exe
  C:\Windows\System\rkaEQof.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\bTusKjH.exe
  C:\Windows\System\bTusKjH.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\EQqUZGd.exe
  C:\Windows\System\EQqUZGd.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\zdEADPH.exe
  C:\Windows\System\zdEADPH.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\dzSeVGr.exe
  C:\Windows\System\dzSeVGr.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\mrqLetK.exe
  C:\Windows\System\mrqLetK.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\vKNXnCp.exe
  C:\Windows\System\vKNXnCp.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\xSJRcBR.exe
  C:\Windows\System\xSJRcBR.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\Yvlbajn.exe
  C:\Windows\System\Yvlbajn.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\HtfSbro.exe
  C:\Windows\System\HtfSbro.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\dinvtZq.exe
  C:\Windows\System\dinvtZq.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\PtXlHfw.exe
  C:\Windows\System\PtXlHfw.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\EsUCtCR.exe
  C:\Windows\System\EsUCtCR.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\apXVGdJ.exe
  C:\Windows\System\apXVGdJ.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\ZNgQcxm.exe
  C:\Windows\System\ZNgQcxm.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\biacWRp.exe
  C:\Windows\System\biacWRp.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\WDhOdbT.exe
  C:\Windows\System\WDhOdbT.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\DMuCvYP.exe
  C:\Windows\System\DMuCvYP.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\xhFeIZr.exe
  C:\Windows\System\xhFeIZr.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\LjrrVGf.exe
  C:\Windows\System\LjrrVGf.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\vfLZvOB.exe
  C:\Windows\System\vfLZvOB.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\teUCILF.exe
  C:\Windows\System\teUCILF.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\WHetJcg.exe
  C:\Windows\System\WHetJcg.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\WChwoSS.exe
  C:\Windows\System\WChwoSS.exe
  2⤵
  - Executes dropped EXE
  PID:272
- C:\Windows\System\vhDZwhh.exe
  C:\Windows\System\vhDZwhh.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\YBSlVNr.exe
  C:\Windows\System\YBSlVNr.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\TgrmhiS.exe
  C:\Windows\System\TgrmhiS.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\uATHUYW.exe
  C:\Windows\System\uATHUYW.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\kLmavVC.exe
  C:\Windows\System\kLmavVC.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\nCCMLNT.exe
  C:\Windows\System\nCCMLNT.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\CZsgUfl.exe
  C:\Windows\System\CZsgUfl.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\XoAhbgq.exe
  C:\Windows\System\XoAhbgq.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\DnmqZHp.exe
  C:\Windows\System\DnmqZHp.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\aqMsSkI.exe
  C:\Windows\System\aqMsSkI.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\PmSoDPd.exe
  C:\Windows\System\PmSoDPd.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\DgXUHuk.exe
  C:\Windows\System\DgXUHuk.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\hQmivAs.exe
  C:\Windows\System\hQmivAs.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\BZfKTiD.exe
  C:\Windows\System\BZfKTiD.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\HxGAfoX.exe
  C:\Windows\System\HxGAfoX.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\WdWcChu.exe
  C:\Windows\System\WdWcChu.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\hJpGgMP.exe
  C:\Windows\System\hJpGgMP.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\LlMXhZF.exe
  C:\Windows\System\LlMXhZF.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\GKBTsLg.exe
  C:\Windows\System\GKBTsLg.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\pvAPwpR.exe
  C:\Windows\System\pvAPwpR.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\onzdvpx.exe
  C:\Windows\System\onzdvpx.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\KincnPi.exe
  C:\Windows\System\KincnPi.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\mEeRBCr.exe
  C:\Windows\System\mEeRBCr.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\NnDwIOM.exe
  C:\Windows\System\NnDwIOM.exe
  2⤵
  PID:2364
- C:\Windows\System\LZNOLPl.exe
  C:\Windows\System\LZNOLPl.exe
  2⤵
  PID:2832
- C:\Windows\System\aaEHQVY.exe
  C:\Windows\System\aaEHQVY.exe
  2⤵
  PID:2836
- C:\Windows\System\UxgYhBb.exe
  C:\Windows\System\UxgYhBb.exe
  2⤵
  PID:264
- C:\Windows\System\JeUEctL.exe
  C:\Windows\System\JeUEctL.exe
  2⤵
  PID:1740
- C:\Windows\System\kaEshgr.exe
  C:\Windows\System\kaEshgr.exe
  2⤵
  PID:2912
- C:\Windows\System\KpCNtiQ.exe
  C:\Windows\System\KpCNtiQ.exe
  2⤵
  PID:1440
- C:\Windows\System\RolatZN.exe
  C:\Windows\System\RolatZN.exe
  2⤵
  PID:2544
- C:\Windows\System\qGyceYV.exe
  C:\Windows\System\qGyceYV.exe
  2⤵
  PID:1848
- C:\Windows\System\MhQVxCy.exe
  C:\Windows\System\MhQVxCy.exe
  2⤵
  PID:304
- C:\Windows\System\DFSlQYo.exe
  C:\Windows\System\DFSlQYo.exe
  2⤵
  PID:1972
- C:\Windows\System\rfRuLXw.exe
  C:\Windows\System\rfRuLXw.exe
  2⤵
  PID:1288
- C:\Windows\System\UNErADc.exe
  C:\Windows\System\UNErADc.exe
  2⤵
  PID:852
- C:\Windows\System\ZRAQnEC.exe
  C:\Windows\System\ZRAQnEC.exe
  2⤵
  PID:964
- C:\Windows\System\LcQTyBW.exe
  C:\Windows\System\LcQTyBW.exe
  2⤵
  PID:544
- C:\Windows\System\ndKVbwa.exe
  C:\Windows\System\ndKVbwa.exe
  2⤵
  PID:2412
- C:\Windows\System\AdTCyCi.exe
  C:\Windows\System\AdTCyCi.exe
  2⤵
  PID:1532
- C:\Windows\System\IKlBTwu.exe
  C:\Windows\System\IKlBTwu.exe
  2⤵
  PID:1984
- C:\Windows\System\vxMCHjs.exe
  C:\Windows\System\vxMCHjs.exe
  2⤵
  PID:1992
- C:\Windows\System\SaoClZc.exe
  C:\Windows\System\SaoClZc.exe
  2⤵
  PID:2040
- C:\Windows\System\NbTHrLM.exe
  C:\Windows\System\NbTHrLM.exe
  2⤵
  PID:2000
- C:\Windows\System\JwJBGzn.exe
  C:\Windows\System\JwJBGzn.exe
  2⤵
  PID:2332
- C:\Windows\System\wgJalKS.exe
  C:\Windows\System\wgJalKS.exe
  2⤵
  PID:1844
- C:\Windows\System\LXfwDjt.exe
  C:\Windows\System\LXfwDjt.exe
  2⤵
  PID:1012
- C:\Windows\System\NXpOmTT.exe
  C:\Windows\System\NXpOmTT.exe
  2⤵
  PID:1200
- C:\Windows\System\AEYCoKX.exe
  C:\Windows\System\AEYCoKX.exe
  2⤵
  PID:2940
- C:\Windows\System\gspYctR.exe
  C:\Windows\System\gspYctR.exe
  2⤵
  PID:1592
- C:\Windows\System\CbEBXoZ.exe
  C:\Windows\System\CbEBXoZ.exe
  2⤵
  PID:2796
- C:\Windows\System\UZTKjtK.exe
  C:\Windows\System\UZTKjtK.exe
  2⤵
  PID:2616
- C:\Windows\System\uhijulh.exe
  C:\Windows\System\uhijulh.exe
  2⤵
  PID:2660
- C:\Windows\System\UzXvzkn.exe
  C:\Windows\System\UzXvzkn.exe
  2⤵
  PID:3080
- C:\Windows\System\dsMAdMg.exe
  C:\Windows\System\dsMAdMg.exe
  2⤵
  PID:3096
- C:\Windows\System\thIxZNq.exe
  C:\Windows\System\thIxZNq.exe
  2⤵
  PID:3112
- C:\Windows\System\qvChizF.exe
  C:\Windows\System\qvChizF.exe
  2⤵
  PID:3128
- C:\Windows\System\jviHpzm.exe
  C:\Windows\System\jviHpzm.exe
  2⤵
  PID:3144
- C:\Windows\System\OBnNdDL.exe
  C:\Windows\System\OBnNdDL.exe
  2⤵
  PID:3160
- C:\Windows\System\eahLXtz.exe
  C:\Windows\System\eahLXtz.exe
  2⤵
  PID:3176
- C:\Windows\System\oSlDylx.exe
  C:\Windows\System\oSlDylx.exe
  2⤵
  PID:3192
- C:\Windows\System\eLHBdyK.exe
  C:\Windows\System\eLHBdyK.exe
  2⤵
  PID:3208
- C:\Windows\System\ZKPknAI.exe
  C:\Windows\System\ZKPknAI.exe
  2⤵
  PID:3224
- C:\Windows\System\VHtmpeo.exe
  C:\Windows\System\VHtmpeo.exe
  2⤵
  PID:3240
- C:\Windows\System\eUngOZu.exe
  C:\Windows\System\eUngOZu.exe
  2⤵
  PID:3256
- C:\Windows\System\QaZaKwl.exe
  C:\Windows\System\QaZaKwl.exe
  2⤵
  PID:3272
- C:\Windows\System\eFZBSjF.exe
  C:\Windows\System\eFZBSjF.exe
  2⤵
  PID:3288
- C:\Windows\System\dxqxbOz.exe
  C:\Windows\System\dxqxbOz.exe
  2⤵
  PID:3304
- C:\Windows\System\VBUkojn.exe
  C:\Windows\System\VBUkojn.exe
  2⤵
  PID:3320
- C:\Windows\System\vQodeWP.exe
  C:\Windows\System\vQodeWP.exe
  2⤵
  PID:3540
- C:\Windows\System\TtOlHCi.exe
  C:\Windows\System\TtOlHCi.exe
  2⤵
  PID:3772
- C:\Windows\System\RgUgacs.exe
  C:\Windows\System\RgUgacs.exe
  2⤵
  PID:3792
- C:\Windows\System\vvBprUG.exe
  C:\Windows\System\vvBprUG.exe
  2⤵
  PID:3824
- C:\Windows\System\ombkfKe.exe
  C:\Windows\System\ombkfKe.exe
  2⤵
  PID:3892
- C:\Windows\System\aFMWlWV.exe
  C:\Windows\System\aFMWlWV.exe
  2⤵
  PID:3912
- C:\Windows\System\yqRXYNh.exe
  C:\Windows\System\yqRXYNh.exe
  2⤵
  PID:3928
- C:\Windows\System\CdlKSrp.exe
  C:\Windows\System\CdlKSrp.exe
  2⤵
  PID:3944
- C:\Windows\System\HYwfaBr.exe
  C:\Windows\System\HYwfaBr.exe
  2⤵
  PID:3960
- C:\Windows\System\GblEijd.exe
  C:\Windows\System\GblEijd.exe
  2⤵
  PID:3976
- C:\Windows\System\tAPcVOH.exe
  C:\Windows\System\tAPcVOH.exe
  2⤵
  PID:3996
- C:\Windows\System\dNKBYEm.exe
  C:\Windows\System\dNKBYEm.exe
  2⤵
  PID:4028
- C:\Windows\System\EXpRHjO.exe
  C:\Windows\System\EXpRHjO.exe
  2⤵
  PID:4064
- C:\Windows\System\KJkoGgi.exe
  C:\Windows\System\KJkoGgi.exe
  2⤵
  PID:4084
- C:\Windows\System\bndRgZB.exe
  C:\Windows\System\bndRgZB.exe
  2⤵
  PID:2240
- C:\Windows\System\yirdUnc.exe
  C:\Windows\System\yirdUnc.exe
  2⤵
  PID:1832
- C:\Windows\System\dwviOLQ.exe
  C:\Windows\System\dwviOLQ.exe
  2⤵
  PID:2360
- C:\Windows\System\OORdomp.exe
  C:\Windows\System\OORdomp.exe
  2⤵
  PID:840
- C:\Windows\System\sqRqRXB.exe
  C:\Windows\System\sqRqRXB.exe
  2⤵
  PID:2988
- C:\Windows\System\tigSIwe.exe
  C:\Windows\System\tigSIwe.exe
  2⤵
  PID:884
- C:\Windows\System\nqoCeaI.exe
  C:\Windows\System\nqoCeaI.exe
  2⤵
  PID:1544
- C:\Windows\System\ntXnIHU.exe
  C:\Windows\System\ntXnIHU.exe
  2⤵
  PID:1688
- C:\Windows\System\lEoYMMG.exe
  C:\Windows\System\lEoYMMG.exe
  2⤵
  PID:3060
- C:\Windows\System\beOHOoI.exe
  C:\Windows\System\beOHOoI.exe
  2⤵
  PID:2788
- C:\Windows\System\zczTfoU.exe
  C:\Windows\System\zczTfoU.exe
  2⤵
  PID:3036
- C:\Windows\System\mYoHfry.exe
  C:\Windows\System\mYoHfry.exe
  2⤵
  PID:3124
- C:\Windows\System\oBkcMHi.exe
  C:\Windows\System\oBkcMHi.exe
  2⤵
  PID:3188
- C:\Windows\System\bzKHguj.exe
  C:\Windows\System\bzKHguj.exe
  2⤵
  PID:3280
- C:\Windows\System\rdvBiDt.exe
  C:\Windows\System\rdvBiDt.exe
  2⤵
  PID:2876
- C:\Windows\System\eXcPAHa.exe
  C:\Windows\System\eXcPAHa.exe
  2⤵
  PID:3108
- C:\Windows\System\RnwzjLX.exe
  C:\Windows\System\RnwzjLX.exe
  2⤵
  PID:3172
- C:\Windows\System\dFssYdl.exe
  C:\Windows\System\dFssYdl.exe
  2⤵
  PID:3236
- C:\Windows\System\gKGxDPP.exe
  C:\Windows\System\gKGxDPP.exe
  2⤵
  PID:3300
- C:\Windows\System\QgbtTTj.exe
  C:\Windows\System\QgbtTTj.exe
  2⤵
  PID:3552
- C:\Windows\System\WtyljvB.exe
  C:\Windows\System\WtyljvB.exe
  2⤵
  PID:3568
- C:\Windows\System\LfMxwwo.exe
  C:\Windows\System\LfMxwwo.exe
  2⤵
  PID:3584
- C:\Windows\System\auUvfAU.exe
  C:\Windows\System\auUvfAU.exe
  2⤵
  PID:3600
- C:\Windows\System\upuwWFA.exe
  C:\Windows\System\upuwWFA.exe
  2⤵
  PID:3616
- C:\Windows\System\bsAuGen.exe
  C:\Windows\System\bsAuGen.exe
  2⤵
  PID:3632
- C:\Windows\System\XpzdnPy.exe
  C:\Windows\System\XpzdnPy.exe
  2⤵
  PID:3648
- C:\Windows\System\ZNUWwAR.exe
  C:\Windows\System\ZNUWwAR.exe
  2⤵
  PID:3664
- C:\Windows\System\FebiFQx.exe
  C:\Windows\System\FebiFQx.exe
  2⤵
  PID:3360
- C:\Windows\System\rYAolHP.exe
  C:\Windows\System\rYAolHP.exe
  2⤵
  PID:3452
- C:\Windows\System\InQVWeS.exe
  C:\Windows\System\InQVWeS.exe
  2⤵
  PID:3468
- C:\Windows\System\NNVRHLt.exe
  C:\Windows\System\NNVRHLt.exe
  2⤵
  PID:3484
- C:\Windows\System\pRtlJAF.exe
  C:\Windows\System\pRtlJAF.exe
  2⤵
  PID:3500
- C:\Windows\System\teJZHzr.exe
  C:\Windows\System\teJZHzr.exe
  2⤵
  PID:3516
- C:\Windows\System\fKzaQXX.exe
  C:\Windows\System\fKzaQXX.exe
  2⤵
  PID:3532
- C:\Windows\System\JduiklJ.exe
  C:\Windows\System\JduiklJ.exe
  2⤵
  PID:2624
- C:\Windows\System\WtBvxIt.exe
  C:\Windows\System\WtBvxIt.exe
  2⤵
  PID:3720
- C:\Windows\System\yYKMoYZ.exe
  C:\Windows\System\yYKMoYZ.exe
  2⤵
  PID:2728
- C:\Windows\System\DJSmKXg.exe
  C:\Windows\System\DJSmKXg.exe
  2⤵
  PID:2628
- C:\Windows\System\nrHoWdI.exe
  C:\Windows\System\nrHoWdI.exe
  2⤵
  PID:108
- C:\Windows\System\mtCVqbV.exe
  C:\Windows\System\mtCVqbV.exe
  2⤵
  PID:2860
- C:\Windows\System\yrcLrjh.exe
  C:\Windows\System\yrcLrjh.exe
  2⤵
  PID:2884
- C:\Windows\System\simHhaf.exe
  C:\Windows\System\simHhaf.exe
  2⤵
  PID:2812
- C:\Windows\System\GgyJQrl.exe
  C:\Windows\System\GgyJQrl.exe
  2⤵
  PID:2956
- C:\Windows\System\FHWvkhU.exe
  C:\Windows\System\FHWvkhU.exe
  2⤵
  PID:3736
- C:\Windows\System\KkMsTQQ.exe
  C:\Windows\System\KkMsTQQ.exe
  2⤵
  PID:3052
- C:\Windows\System\FuLJrOG.exe
  C:\Windows\System\FuLJrOG.exe
  2⤵
  PID:2848
- C:\Windows\System\EyBSFDq.exe
  C:\Windows\System\EyBSFDq.exe
  2⤵
  PID:1764
- C:\Windows\System\kTSNElq.exe
  C:\Windows\System\kTSNElq.exe
  2⤵
  PID:3712
- C:\Windows\System\soHfyYU.exe
  C:\Windows\System\soHfyYU.exe
  2⤵
  PID:3764
- C:\Windows\System\wGZyZXF.exe
  C:\Windows\System\wGZyZXF.exe
  2⤵
  PID:3800
- C:\Windows\System\xNiHdMm.exe
  C:\Windows\System\xNiHdMm.exe
  2⤵
  PID:3780
- C:\Windows\System\tHqZwtr.exe
  C:\Windows\System\tHqZwtr.exe
  2⤵
  PID:3820
- C:\Windows\System\JoXQlHg.exe
  C:\Windows\System\JoXQlHg.exe
  2⤵
  PID:2840
- C:\Windows\System\UkSWbyW.exe
  C:\Windows\System\UkSWbyW.exe
  2⤵
  PID:772
- C:\Windows\System\WDAiKBg.exe
  C:\Windows\System\WDAiKBg.exe
  2⤵
  PID:3840
- C:\Windows\System\fTJRxgO.exe
  C:\Windows\System\fTJRxgO.exe
  2⤵
  PID:3880
- C:\Windows\System\NNMdZtQ.exe
  C:\Windows\System\NNMdZtQ.exe
  2⤵
  PID:2648
- C:\Windows\System\lyXLRAY.exe
  C:\Windows\System\lyXLRAY.exe
  2⤵
  PID:3904
- C:\Windows\System\jzhNyPQ.exe
  C:\Windows\System\jzhNyPQ.exe
  2⤵
  PID:3844
- C:\Windows\System\igNaolm.exe
  C:\Windows\System\igNaolm.exe
  2⤵
  PID:4004
- C:\Windows\System\HjwtABm.exe
  C:\Windows\System\HjwtABm.exe
  2⤵
  PID:4020
- C:\Windows\System\hrxfCzd.exe
  C:\Windows\System\hrxfCzd.exe
  2⤵
  PID:1724
- C:\Windows\System\qnTuoBq.exe
  C:\Windows\System\qnTuoBq.exe
  2⤵
  PID:4052
- C:\Windows\System\UhrTFzV.exe
  C:\Windows\System\UhrTFzV.exe
  2⤵
  PID:1908
- C:\Windows\System\DOHGjYg.exe
  C:\Windows\System\DOHGjYg.exe
  2⤵
  PID:2164
- C:\Windows\System\GqWGnQE.exe
  C:\Windows\System\GqWGnQE.exe
  2⤵
  PID:1008
- C:\Windows\System\jvBihCv.exe
  C:\Windows\System\jvBihCv.exe
  2⤵
  PID:2156
- C:\Windows\System\fuZMdCi.exe
  C:\Windows\System\fuZMdCi.exe
  2⤵
  PID:2944
- C:\Windows\System\KdzhGLR.exe
  C:\Windows\System\KdzhGLR.exe
  2⤵
  PID:3740
- C:\Windows\System\AiUOzqC.exe
  C:\Windows\System\AiUOzqC.exe
  2⤵
  PID:3068
- C:\Windows\System\evjcNqg.exe
  C:\Windows\System\evjcNqg.exe
  2⤵
  PID:2380
- C:\Windows\System\cxNIXsu.exe
  C:\Windows\System\cxNIXsu.exe
  2⤵
  PID:372
- C:\Windows\System\lAePKvM.exe
  C:\Windows\System\lAePKvM.exe
  2⤵
  PID:696
- C:\Windows\System\MHHLsWO.exe
  C:\Windows\System\MHHLsWO.exe
  2⤵
  PID:3184
- C:\Windows\System\aoISqoa.exe
  C:\Windows\System\aoISqoa.exe
  2⤵
  PID:3312
- C:\Windows\System\sKXIHqc.exe
  C:\Windows\System\sKXIHqc.exe
  2⤵
  PID:3204
- C:\Windows\System\QsNeHht.exe
  C:\Windows\System\QsNeHht.exe
  2⤵
  PID:3612
- C:\Windows\System\TMiobXX.exe
  C:\Windows\System\TMiobXX.exe
  2⤵
  PID:3672
- C:\Windows\System\PUekaDH.exe
  C:\Windows\System\PUekaDH.exe
  2⤵
  PID:3168
- C:\Windows\System\TiDOqtF.exe
  C:\Windows\System\TiDOqtF.exe
  2⤵
  PID:3296
- C:\Windows\System\qnGSsXK.exe
  C:\Windows\System\qnGSsXK.exe
  2⤵
  PID:3628
- C:\Windows\System\HwHCKUy.exe
  C:\Windows\System\HwHCKUy.exe
  2⤵
  PID:3316
- C:\Windows\System\DPUwMDO.exe
  C:\Windows\System\DPUwMDO.exe
  2⤵
  PID:3404
- C:\Windows\System\CZmdOmI.exe
  C:\Windows\System\CZmdOmI.exe
  2⤵
  PID:3420
- C:\Windows\System\YwxJxWS.exe
  C:\Windows\System\YwxJxWS.exe
  2⤵
  PID:3432
- C:\Windows\System\qOSscLX.exe
  C:\Windows\System\qOSscLX.exe
  2⤵
  PID:3444
- C:\Windows\System\ThGzSRU.exe
  C:\Windows\System\ThGzSRU.exe
  2⤵
  PID:3464
- C:\Windows\System\NITEUjz.exe
  C:\Windows\System\NITEUjz.exe
  2⤵
  PID:2604
- C:\Windows\System\CXWfwej.exe
  C:\Windows\System\CXWfwej.exe
  2⤵
  PID:588
- C:\Windows\System\gCBGdhu.exe
  C:\Windows\System\gCBGdhu.exe
  2⤵
  PID:3688
- C:\Windows\System\FDKewNd.exe
  C:\Windows\System\FDKewNd.exe
  2⤵
  PID:860
- C:\Windows\System\PwgyyAw.exe
  C:\Windows\System\PwgyyAw.exe
  2⤵
  PID:3752
- C:\Windows\System\wtvoFoI.exe
  C:\Windows\System\wtvoFoI.exe
  2⤵
  PID:2656
- C:\Windows\System\pUmrSFY.exe
  C:\Windows\System\pUmrSFY.exe
  2⤵
  PID:3728
- C:\Windows\System\bwDNpix.exe
  C:\Windows\System\bwDNpix.exe
  2⤵
  PID:2872
- C:\Windows\System\PCWSwif.exe
  C:\Windows\System\PCWSwif.exe
  2⤵
  PID:3744
- C:\Windows\System\aWogZln.exe
  C:\Windows\System\aWogZln.exe
  2⤵
  PID:1696
- C:\Windows\System\qIllLSi.exe
  C:\Windows\System\qIllLSi.exe
  2⤵
  PID:2868
- C:\Windows\System\EoxilRO.exe
  C:\Windows\System\EoxilRO.exe
  2⤵
  PID:3788
- C:\Windows\System\HJgurwz.exe
  C:\Windows\System\HJgurwz.exe
  2⤵
  PID:3940
- C:\Windows\System\JCovgJp.exe
  C:\Windows\System\JCovgJp.exe
  2⤵
  PID:3924
- C:\Windows\System\QVCPsqm.exe
  C:\Windows\System\QVCPsqm.exe
  2⤵
  PID:3724
- C:\Windows\System\caKoZsN.exe
  C:\Windows\System\caKoZsN.exe
  2⤵
  PID:4080
- C:\Windows\System\gpALsAg.exe
  C:\Windows\System\gpALsAg.exe
  2⤵
  PID:2192
- C:\Windows\System\yTIZbms.exe
  C:\Windows\System\yTIZbms.exe
  2⤵
  PID:684
- C:\Windows\System\OrjLBZC.exe
  C:\Windows\System\OrjLBZC.exe
  2⤵
  PID:3812
- C:\Windows\System\MuEizft.exe
  C:\Windows\System\MuEizft.exe
  2⤵
  PID:3856
- C:\Windows\System\dmvRIKn.exe
  C:\Windows\System\dmvRIKn.exe
  2⤵
  PID:4016
- C:\Windows\System\WFzYiJm.exe
  C:\Windows\System\WFzYiJm.exe
  2⤵
  PID:2292
- C:\Windows\System\VhVWbex.exe
  C:\Windows\System\VhVWbex.exe
  2⤵
  PID:2100
- C:\Windows\System\hPTlnaz.exe
  C:\Windows\System\hPTlnaz.exe
  2⤵
  PID:464
- C:\Windows\System\JYLCCeo.exe
  C:\Windows\System\JYLCCeo.exe
  2⤵
  PID:2524
- C:\Windows\System\EVyvPiV.exe
  C:\Windows\System\EVyvPiV.exe
  2⤵
  PID:1252
- C:\Windows\System\qHOqntR.exe
  C:\Windows\System\qHOqntR.exe
  2⤵
  PID:3332
- C:\Windows\System\CzIXhRe.exe
  C:\Windows\System\CzIXhRe.exe
  2⤵
  PID:3220
- C:\Windows\System\IfTogQj.exe
  C:\Windows\System\IfTogQj.exe
  2⤵
  PID:3564
- C:\Windows\System\IXhcFvi.exe
  C:\Windows\System\IXhcFvi.exe
  2⤵
  PID:3412
- C:\Windows\System\BEYPiUS.exe
  C:\Windows\System\BEYPiUS.exe
  2⤵
  PID:3580
- C:\Windows\System\RgyIcES.exe
  C:\Windows\System\RgyIcES.exe
  2⤵
  PID:3392
- C:\Windows\System\oSKSxbt.exe
  C:\Windows\System\oSKSxbt.exe
  2⤵
  PID:3476
- C:\Windows\System\gLZabNf.exe
  C:\Windows\System\gLZabNf.exe
  2⤵
  PID:1668
- C:\Windows\System\LvlEqjl.exe
  C:\Windows\System\LvlEqjl.exe
  2⤵
  PID:3692
- C:\Windows\System\mLNBuHb.exe
  C:\Windows\System\mLNBuHb.exe
  2⤵
  PID:2588
- C:\Windows\System\iOnIgkn.exe
  C:\Windows\System\iOnIgkn.exe
  2⤵
  PID:2124
- C:\Windows\System\nWpjkiK.exe
  C:\Windows\System\nWpjkiK.exe
  2⤵
  PID:1148
- C:\Windows\System\qXilIzA.exe
  C:\Windows\System\qXilIzA.exe
  2⤵
  PID:3848
- C:\Windows\System\olMZHgq.exe
  C:\Windows\System\olMZHgq.exe
  2⤵
  PID:1840
- C:\Windows\System\KxeyAVG.exe
  C:\Windows\System\KxeyAVG.exe
  2⤵
  PID:2576
- C:\Windows\System\HvgGNcC.exe
  C:\Windows\System\HvgGNcC.exe
  2⤵
  PID:1500
- C:\Windows\System\EZKsiaL.exe
  C:\Windows\System\EZKsiaL.exe
  2⤵
  PID:3268
- C:\Windows\System\AdQjFqR.exe
  C:\Windows\System\AdQjFqR.exe
  2⤵
  PID:2780
- C:\Windows\System\pZzlNqz.exe
  C:\Windows\System\pZzlNqz.exe
  2⤵
  PID:1056
- C:\Windows\System\XwoxQBO.exe
  C:\Windows\System\XwoxQBO.exe
  2⤵
  PID:3748
- C:\Windows\System\fzSohgO.exe
  C:\Windows\System\fzSohgO.exe
  2⤵
  PID:2224
- C:\Windows\System\ZPOKALs.exe
  C:\Windows\System\ZPOKALs.exe
  2⤵
  PID:3756
- C:\Windows\System\YUviEjz.exe
  C:\Windows\System\YUviEjz.exe
  2⤵
  PID:2520
- C:\Windows\System\uvepaFf.exe
  C:\Windows\System\uvepaFf.exe
  2⤵
  PID:2144
- C:\Windows\System\rvMgGrK.exe
  C:\Windows\System\rvMgGrK.exe
  2⤵
  PID:3092
- C:\Windows\System\UnQVOLd.exe
  C:\Windows\System\UnQVOLd.exe
  2⤵
  PID:3624
- C:\Windows\System\zSpLytl.exe
  C:\Windows\System\zSpLytl.exe
  2⤵
  PID:3428
- C:\Windows\System\TLlASQd.exe
  C:\Windows\System\TLlASQd.exe
  2⤵
  PID:3676
- C:\Windows\System\fzbsbYi.exe
  C:\Windows\System\fzbsbYi.exe
  2⤵
  PID:1664
- C:\Windows\System\NUvPZGn.exe
  C:\Windows\System\NUvPZGn.exe
  2⤵
  PID:2800
- C:\Windows\System\rCCBQtj.exe
  C:\Windows\System\rCCBQtj.exe
  2⤵
  PID:2232
- C:\Windows\System\kViEYLc.exe
  C:\Windows\System\kViEYLc.exe
  2⤵
  PID:2852
- C:\Windows\System\hgukUZB.exe
  C:\Windows\System\hgukUZB.exe
  2⤵
  PID:2020
- C:\Windows\System\ttVECFL.exe
  C:\Windows\System\ttVECFL.exe
  2⤵
  PID:3984
- C:\Windows\System\ZASzftg.exe
  C:\Windows\System\ZASzftg.exe
  2⤵
  PID:800
- C:\Windows\System\ohvqrUA.exe
  C:\Windows\System\ohvqrUA.exe
  2⤵
  PID:1340
- C:\Windows\System\RzJXvno.exe
  C:\Windows\System\RzJXvno.exe
  2⤵
  PID:1244
- C:\Windows\System\Iqxizqj.exe
  C:\Windows\System\Iqxizqj.exe
  2⤵
  PID:4100
- C:\Windows\System\jjItSQq.exe
  C:\Windows\System\jjItSQq.exe
  2⤵
  PID:4116
- C:\Windows\System\yjGoQqa.exe
  C:\Windows\System\yjGoQqa.exe
  2⤵
  PID:4132
- C:\Windows\System\rDDNjdX.exe
  C:\Windows\System\rDDNjdX.exe
  2⤵
  PID:4208
- C:\Windows\System\TAoMBkK.exe
  C:\Windows\System\TAoMBkK.exe
  2⤵
  PID:4224
- C:\Windows\System\lDzhxlD.exe
  C:\Windows\System\lDzhxlD.exe
  2⤵
  PID:4240
- C:\Windows\System\EuaZxUP.exe
  C:\Windows\System\EuaZxUP.exe
  2⤵
  PID:4256
- C:\Windows\System\WoyoAFf.exe
  C:\Windows\System\WoyoAFf.exe
  2⤵
  PID:4272
- C:\Windows\System\JJGViUt.exe
  C:\Windows\System\JJGViUt.exe
  2⤵
  PID:4288
- C:\Windows\System\gQzAAHj.exe
  C:\Windows\System\gQzAAHj.exe
  2⤵
  PID:4304
- C:\Windows\System\owxiaHc.exe
  C:\Windows\System\owxiaHc.exe
  2⤵
  PID:4320
- C:\Windows\System\whaavgX.exe
  C:\Windows\System\whaavgX.exe
  2⤵
  PID:4336
- C:\Windows\System\uLfUkeg.exe
  C:\Windows\System\uLfUkeg.exe
  2⤵
  PID:4352
- C:\Windows\System\VPFzxgs.exe
  C:\Windows\System\VPFzxgs.exe
  2⤵
  PID:4368
- C:\Windows\System\valoYcP.exe
  C:\Windows\System\valoYcP.exe
  2⤵
  PID:4384
- C:\Windows\System\eXZoZCT.exe
  C:\Windows\System\eXZoZCT.exe
  2⤵
  PID:4400
- C:\Windows\System\NufjrLj.exe
  C:\Windows\System\NufjrLj.exe
  2⤵
  PID:4416
- C:\Windows\System\mgWpihy.exe
  C:\Windows\System\mgWpihy.exe
  2⤵
  PID:4432
- C:\Windows\System\fonbNRq.exe
  C:\Windows\System\fonbNRq.exe
  2⤵
  PID:4448
- C:\Windows\System\rTwRmvf.exe
  C:\Windows\System\rTwRmvf.exe
  2⤵
  PID:4464
- C:\Windows\System\xzuYSkX.exe
  C:\Windows\System\xzuYSkX.exe
  2⤵
  PID:4480
- C:\Windows\System\CzxyCzJ.exe
  C:\Windows\System\CzxyCzJ.exe
  2⤵
  PID:4496
- C:\Windows\System\QrtdRPZ.exe
  C:\Windows\System\QrtdRPZ.exe
  2⤵
  PID:4512
- C:\Windows\System\GzZSVTB.exe
  C:\Windows\System\GzZSVTB.exe
  2⤵
  PID:4532
- C:\Windows\System\jnaHDpU.exe
  C:\Windows\System\jnaHDpU.exe
  2⤵
  PID:4548
- C:\Windows\System\geDUJms.exe
  C:\Windows\System\geDUJms.exe
  2⤵
  PID:4564
- C:\Windows\System\MoajSsx.exe
  C:\Windows\System\MoajSsx.exe
  2⤵
  PID:4580
- C:\Windows\System\jtjfZhK.exe
  C:\Windows\System\jtjfZhK.exe
  2⤵
  PID:4596
- C:\Windows\System\WxVklgH.exe
  C:\Windows\System\WxVklgH.exe
  2⤵
  PID:4612
- C:\Windows\System\Ldqizff.exe
  C:\Windows\System\Ldqizff.exe
  2⤵
  PID:4628
- C:\Windows\System\lALmmRl.exe
  C:\Windows\System\lALmmRl.exe
  2⤵
  PID:4644
- C:\Windows\System\jeMvcGV.exe
  C:\Windows\System\jeMvcGV.exe
  2⤵
  PID:4660
- C:\Windows\System\sGawQfL.exe
  C:\Windows\System\sGawQfL.exe
  2⤵
  PID:4680
- C:\Windows\System\uNzjhZW.exe
  C:\Windows\System\uNzjhZW.exe
  2⤵
  PID:4700
- C:\Windows\System\InAylZW.exe
  C:\Windows\System\InAylZW.exe
  2⤵
  PID:4720
- C:\Windows\System\IlXDyEv.exe
  C:\Windows\System\IlXDyEv.exe
  2⤵
  PID:4736
- C:\Windows\System\QqBRvxv.exe
  C:\Windows\System\QqBRvxv.exe
  2⤵
  PID:4756
- C:\Windows\System\PvrNPbA.exe
  C:\Windows\System\PvrNPbA.exe
  2⤵
  PID:4776
- C:\Windows\System\Otuihkf.exe
  C:\Windows\System\Otuihkf.exe
  2⤵
  PID:4796
- C:\Windows\System\cWBdMra.exe
  C:\Windows\System\cWBdMra.exe
  2⤵
  PID:4824
- C:\Windows\System\blmoOqh.exe
  C:\Windows\System\blmoOqh.exe
  2⤵
  PID:4844
- C:\Windows\System\NUILEll.exe
  C:\Windows\System\NUILEll.exe
  2⤵
  PID:4976
- C:\Windows\System\nSFuBhY.exe
  C:\Windows\System\nSFuBhY.exe
  2⤵
  PID:4992
- C:\Windows\System\aVszdrK.exe
  C:\Windows\System\aVszdrK.exe
  2⤵
  PID:5012
- C:\Windows\System\rgWBWpw.exe
  C:\Windows\System\rgWBWpw.exe
  2⤵
  PID:5040
- C:\Windows\System\vmCCLLw.exe
  C:\Windows\System\vmCCLLw.exe
  2⤵
  PID:5056
- C:\Windows\System\KvJTbtw.exe
  C:\Windows\System\KvJTbtw.exe
  2⤵
  PID:5072
- C:\Windows\System\raRamqp.exe
  C:\Windows\System\raRamqp.exe
  2⤵
  PID:5088
- C:\Windows\System\MUwSVIn.exe
  C:\Windows\System\MUwSVIn.exe
  2⤵
  PID:5104
- C:\Windows\System\SkockMF.exe
  C:\Windows\System\SkockMF.exe
  2⤵
  PID:712
- C:\Windows\System\rPXyaMw.exe
  C:\Windows\System\rPXyaMw.exe
  2⤵
  PID:1868
- C:\Windows\System\ubwipBY.exe
  C:\Windows\System\ubwipBY.exe
  2⤵
  PID:2128
- C:\Windows\System\srIyiPS.exe
  C:\Windows\System\srIyiPS.exe
  2⤵
  PID:1916
- C:\Windows\System\qADGvIN.exe
  C:\Windows\System\qADGvIN.exe
  2⤵
  PID:4128
- C:\Windows\System\JPOYpRb.exe
  C:\Windows\System\JPOYpRb.exe
  2⤵
  PID:1560
- C:\Windows\System\oXpXnIp.exe
  C:\Windows\System\oXpXnIp.exe
  2⤵
  PID:3120
- C:\Windows\System\rLRoTFg.exe
  C:\Windows\System\rLRoTFg.exe
  2⤵
  PID:4140
- C:\Windows\System\mqIqPvy.exe
  C:\Windows\System\mqIqPvy.exe
  2⤵
  PID:4160
- C:\Windows\System\TerVXjm.exe
  C:\Windows\System\TerVXjm.exe
  2⤵
  PID:4176
- C:\Windows\System\tPFIPYh.exe
  C:\Windows\System\tPFIPYh.exe
  2⤵
  PID:4196
- C:\Windows\System\uHSpNdR.exe
  C:\Windows\System\uHSpNdR.exe
  2⤵
  PID:4232
- C:\Windows\System\NZMhAEM.exe
  C:\Windows\System\NZMhAEM.exe
  2⤵
  PID:4252
- C:\Windows\System\vdJRufQ.exe
  C:\Windows\System\vdJRufQ.exe
  2⤵
  PID:4344
- C:\Windows\System\RtyIsvq.exe
  C:\Windows\System\RtyIsvq.exe
  2⤵
  PID:4408
- C:\Windows\System\mqRUznC.exe
  C:\Windows\System\mqRUznC.exe
  2⤵
  PID:4504
- C:\Windows\System\fSUIBbY.exe
  C:\Windows\System\fSUIBbY.exe
  2⤵
  PID:4604
- C:\Windows\System\raAYDyh.exe
  C:\Windows\System\raAYDyh.exe
  2⤵
  PID:4392
- C:\Windows\System\BEsYvXy.exe
  C:\Windows\System\BEsYvXy.exe
  2⤵
  PID:4396
- C:\Windows\System\sKGEmRe.exe
  C:\Windows\System\sKGEmRe.exe
  2⤵
  PID:4460
- C:\Windows\System\NtPvoSt.exe
  C:\Windows\System\NtPvoSt.exe
  2⤵
  PID:4524
- C:\Windows\System\OcojaOb.exe
  C:\Windows\System\OcojaOb.exe
  2⤵
  PID:4592
- C:\Windows\System\odrwmRV.exe
  C:\Windows\System\odrwmRV.exe
  2⤵
  PID:4688
- C:\Windows\System\khfzuGc.exe
  C:\Windows\System\khfzuGc.exe
  2⤵
  PID:4768
- C:\Windows\System\PynDAWs.exe
  C:\Windows\System\PynDAWs.exe
  2⤵
  PID:4816
- C:\Windows\System\LAMXhtI.exe
  C:\Windows\System\LAMXhtI.exe
  2⤵
  PID:4284
- C:\Windows\System\xvaIGPV.exe
  C:\Windows\System\xvaIGPV.exe
  2⤵
  PID:4508
- C:\Windows\System\rCNWnqk.exe
  C:\Windows\System\rCNWnqk.exe
  2⤵
  PID:4716
- C:\Windows\System\DmroQBc.exe
  C:\Windows\System\DmroQBc.exe
  2⤵
  PID:4884
- C:\Windows\System\zVquVZu.exe
  C:\Windows\System\zVquVZu.exe
  2⤵
  PID:4900
- C:\Windows\System\sgtXJjw.exe
  C:\Windows\System\sgtXJjw.exe
  2⤵
  PID:4920
- C:\Windows\System\PFRVjDY.exe
  C:\Windows\System\PFRVjDY.exe
  2⤵
  PID:4932
- C:\Windows\System\NJPQyTM.exe
  C:\Windows\System\NJPQyTM.exe
  2⤵
  PID:4948
- C:\Windows\System\lYzbtgb.exe
  C:\Windows\System\lYzbtgb.exe
  2⤵
  PID:5020
- C:\Windows\System\DDsgrDu.exe
  C:\Windows\System\DDsgrDu.exe
  2⤵
  PID:4968
- C:\Windows\System\BpQTvIv.exe
  C:\Windows\System\BpQTvIv.exe
  2⤵
  PID:5024
- C:\Windows\System\fCxDzIg.exe
  C:\Windows\System\fCxDzIg.exe
  2⤵
  PID:2148
- C:\Windows\System\VEvslXO.exe
  C:\Windows\System\VEvslXO.exe
  2⤵
  PID:2036
- C:\Windows\System\rvLoWAI.exe
  C:\Windows\System\rvLoWAI.exe
  2⤵
  PID:5112
- C:\Windows\System\NRTASVc.exe
  C:\Windows\System\NRTASVc.exe
  2⤵
  PID:3640
- C:\Windows\System\yQrYYnW.exe
  C:\Windows\System\yQrYYnW.exe
  2⤵
  PID:2464
- C:\Windows\System\xyIOMSl.exe
  C:\Windows\System\xyIOMSl.exe
  2⤵
  PID:2744
- C:\Windows\System\ujgdNzh.exe
  C:\Windows\System\ujgdNzh.exe
  2⤵
  PID:4376
- C:\Windows\System\EHuxGZC.exe
  C:\Windows\System\EHuxGZC.exe
  2⤵
  PID:4156
- C:\Windows\System\PtzIhTa.exe
  C:\Windows\System\PtzIhTa.exe
  2⤵
  PID:4248
- C:\Windows\System\NQFdHay.exe
  C:\Windows\System\NQFdHay.exe
  2⤵
  PID:4328
- C:\Windows\System\NCqOxYp.exe
  C:\Windows\System\NCqOxYp.exe
  2⤵
  PID:4728
- C:\Windows\System\kGPIvWI.exe
  C:\Windows\System\kGPIvWI.exe
  2⤵
  PID:4172
- C:\Windows\System\MkHKnVU.exe
  C:\Windows\System\MkHKnVU.exe
  2⤵
  PID:4440
- C:\Windows\System\tpsWJhN.exe
  C:\Windows\System\tpsWJhN.exe
  2⤵
  PID:4560
- C:\Windows\System\vCMPYPf.exe
  C:\Windows\System\vCMPYPf.exe
  2⤵
  PID:4624
- C:\Windows\System\omsrARh.exe
  C:\Windows\System\omsrARh.exe
  2⤵
  PID:4804
- C:\Windows\System\FmohMGY.exe
  C:\Windows\System\FmohMGY.exe
  2⤵
  PID:4656
- C:\Windows\System\AlmzWqf.exe
  C:\Windows\System\AlmzWqf.exe
  2⤵
  PID:4896
- C:\Windows\System\WKYpWXs.exe
  C:\Windows\System\WKYpWXs.exe
  2⤵
  PID:3340
- C:\Windows\System\eXpeOYx.exe
  C:\Windows\System\eXpeOYx.exe
  2⤵
  PID:5052
- C:\Windows\System\sECEYKB.exe
  C:\Windows\System\sECEYKB.exe
  2⤵
  PID:4788
- C:\Windows\System\IfVlMRW.exe
  C:\Windows\System\IfVlMRW.exe
  2⤵
  PID:4860
- C:\Windows\System\CgTMmNc.exe
  C:\Windows\System\CgTMmNc.exe
  2⤵
  PID:2692
- C:\Windows\System\ZTwobpc.exe
  C:\Windows\System\ZTwobpc.exe
  2⤵
  PID:4752
- C:\Windows\System\GATXULp.exe
  C:\Windows\System\GATXULp.exe
  2⤵
  PID:1876
- C:\Windows\System\rOmNrvh.exe
  C:\Windows\System\rOmNrvh.exe
  2⤵
  PID:5084
- C:\Windows\System\MAGPVAQ.exe
  C:\Windows\System\MAGPVAQ.exe
  2⤵
  PID:2672
- C:\Windows\System\MIjSpGS.exe
  C:\Windows\System\MIjSpGS.exe
  2⤵
  PID:4108
- C:\Windows\System\bpiliwM.exe
  C:\Windows\System\bpiliwM.exe
  2⤵
  PID:4168
- C:\Windows\System\tueObLK.exe
  C:\Windows\System\tueObLK.exe
  2⤵
  PID:4188
- C:\Windows\System\TMIhhuI.exe
  C:\Windows\System\TMIhhuI.exe
  2⤵
  PID:3396
- C:\Windows\System\TuHsOSY.exe
  C:\Windows\System\TuHsOSY.exe
  2⤵
  PID:4192
- C:\Windows\System\GNMMMHl.exe
  C:\Windows\System\GNMMMHl.exe
  2⤵
  PID:4640
- C:\Windows\System\liutSNT.exe
  C:\Windows\System\liutSNT.exe
  2⤵
  PID:4764
- C:\Windows\System\ObuuxxE.exe
  C:\Windows\System\ObuuxxE.exe
  2⤵
  PID:4868
- C:\Windows\System\hgVRYZY.exe
  C:\Windows\System\hgVRYZY.exe
  2⤵
  PID:3708
- C:\Windows\System\PVScbUa.exe
  C:\Windows\System\PVScbUa.exe
  2⤵
  PID:4300
- C:\Windows\System\eMORZzQ.exe
  C:\Windows\System\eMORZzQ.exe
  2⤵
  PID:4652
- C:\Windows\System\vTPsmBm.exe
  C:\Windows\System\vTPsmBm.exe
  2⤵
  PID:4476
- C:\Windows\System\eUbYNzZ.exe
  C:\Windows\System\eUbYNzZ.exe
  2⤵
  PID:4912
- C:\Windows\System\RpkmWvf.exe
  C:\Windows\System\RpkmWvf.exe
  2⤵
  PID:5068
- C:\Windows\System\IFHEatO.exe
  C:\Windows\System\IFHEatO.exe
  2⤵
  PID:4924
- C:\Windows\System\SjUhXcP.exe
  C:\Windows\System\SjUhXcP.exe
  2⤵
  PID:5096
- C:\Windows\System\Izktxwt.exe
  C:\Windows\System\Izktxwt.exe
  2⤵
  PID:4872
- C:\Windows\System\KxYzxvv.exe
  C:\Windows\System\KxYzxvv.exe
  2⤵
  PID:4556
- C:\Windows\System\ksXbASL.exe
  C:\Windows\System\ksXbASL.exe
  2⤵
  PID:4696
- C:\Windows\System\KmJxKnv.exe
  C:\Windows\System\KmJxKnv.exe
  2⤵
  PID:4944
- C:\Windows\System\IjcoDUj.exe
  C:\Windows\System\IjcoDUj.exe
  2⤵
  PID:4456
- C:\Windows\System\FZVNYTL.exe
  C:\Windows\System\FZVNYTL.exe
  2⤵
  PID:4360
- C:\Windows\System\rtiGQKx.exe
  C:\Windows\System\rtiGQKx.exe
  2⤵
  PID:4472
- C:\Windows\System\DRWrpBL.exe
  C:\Windows\System\DRWrpBL.exe
  2⤵
  PID:4940
- C:\Windows\System\cCthYtH.exe
  C:\Windows\System\cCthYtH.exe
  2⤵
  PID:4112
- C:\Windows\System\JYDPtun.exe
  C:\Windows\System\JYDPtun.exe
  2⤵
  PID:3852
- C:\Windows\System\LWQnnTf.exe
  C:\Windows\System\LWQnnTf.exe
  2⤵
  PID:4312
- C:\Windows\System\wtOXnBm.exe
  C:\Windows\System\wtOXnBm.exe
  2⤵
  PID:4152
- C:\Windows\System\uhvCSHF.exe
  C:\Windows\System\uhvCSHF.exe
  2⤵
  PID:5128
- C:\Windows\System\vwrbXBx.exe
  C:\Windows\System\vwrbXBx.exe
  2⤵
  PID:5144
- C:\Windows\System\msaQrQf.exe
  C:\Windows\System\msaQrQf.exe
  2⤵
  PID:5176
- C:\Windows\System\rSjtobt.exe
  C:\Windows\System\rSjtobt.exe
  2⤵
  PID:5196
- C:\Windows\System\NCtGWSM.exe
  C:\Windows\System\NCtGWSM.exe
  2⤵
  PID:5212
- C:\Windows\System\YxsRRrJ.exe
  C:\Windows\System\YxsRRrJ.exe
  2⤵
  PID:5228
- C:\Windows\System\vpczwPs.exe
  C:\Windows\System\vpczwPs.exe
  2⤵
  PID:5248
- C:\Windows\System\lMcrREK.exe
  C:\Windows\System\lMcrREK.exe
  2⤵
  PID:5264
- C:\Windows\System\HTVYUms.exe
  C:\Windows\System\HTVYUms.exe
  2⤵
  PID:5284
- C:\Windows\System\JESeGJm.exe
  C:\Windows\System\JESeGJm.exe
  2⤵
  PID:5300
- C:\Windows\System\lSZPCSt.exe
  C:\Windows\System\lSZPCSt.exe
  2⤵
  PID:5316
- C:\Windows\System\thyyJRW.exe
  C:\Windows\System\thyyJRW.exe
  2⤵
  PID:5332
- C:\Windows\System\ElyoMgo.exe
  C:\Windows\System\ElyoMgo.exe
  2⤵
  PID:5348
- C:\Windows\System\uqfUoqq.exe
  C:\Windows\System\uqfUoqq.exe
  2⤵
  PID:5368
- C:\Windows\System\qewYBRU.exe
  C:\Windows\System\qewYBRU.exe
  2⤵
  PID:5388
- C:\Windows\System\oosdYLN.exe
  C:\Windows\System\oosdYLN.exe
  2⤵
  PID:5444
- C:\Windows\System\pxeEgRn.exe
  C:\Windows\System\pxeEgRn.exe
  2⤵
  PID:5464
- C:\Windows\System\PUikFaF.exe
  C:\Windows\System\PUikFaF.exe
  2⤵
  PID:5484
- C:\Windows\System\kUfOZcE.exe
  C:\Windows\System\kUfOZcE.exe
  2⤵
  PID:5500
- C:\Windows\System\YYdkAaz.exe
  C:\Windows\System\YYdkAaz.exe
  2⤵
  PID:5516
- C:\Windows\System\VIfbtOR.exe
  C:\Windows\System\VIfbtOR.exe
  2⤵
  PID:5532
- C:\Windows\System\YnHGUfg.exe
  C:\Windows\System\YnHGUfg.exe
  2⤵
  PID:5548
- C:\Windows\System\vNecoZf.exe
  C:\Windows\System\vNecoZf.exe
  2⤵
  PID:5588
- C:\Windows\System\pAtoSYJ.exe
  C:\Windows\System\pAtoSYJ.exe
  2⤵
  PID:5604
- C:\Windows\System\bOsmrXd.exe
  C:\Windows\System\bOsmrXd.exe
  2⤵
  PID:5624
- C:\Windows\System\PbrwIyA.exe
  C:\Windows\System\PbrwIyA.exe
  2⤵
  PID:5640
- C:\Windows\System\UMFIjJA.exe
  C:\Windows\System\UMFIjJA.exe
  2⤵
  PID:5656
- C:\Windows\System\xdWELLJ.exe
  C:\Windows\System\xdWELLJ.exe
  2⤵
  PID:5672
- C:\Windows\System\SMyXKnT.exe
  C:\Windows\System\SMyXKnT.exe
  2⤵
  PID:5688
- C:\Windows\System\NAUXCmX.exe
  C:\Windows\System\NAUXCmX.exe
  2⤵
  PID:5704
- C:\Windows\System\WCFiRFj.exe
  C:\Windows\System\WCFiRFj.exe
  2⤵
  PID:5720
- C:\Windows\System\QYJNfCD.exe
  C:\Windows\System\QYJNfCD.exe
  2⤵
  PID:5740
- C:\Windows\System\GOhIlUG.exe
  C:\Windows\System\GOhIlUG.exe
  2⤵
  PID:5772
- C:\Windows\System\plqugLR.exe
  C:\Windows\System\plqugLR.exe
  2⤵
  PID:5800
- C:\Windows\System\geiEvra.exe
  C:\Windows\System\geiEvra.exe
  2⤵
  PID:5816
- C:\Windows\System\xDMSOOD.exe
  C:\Windows\System\xDMSOOD.exe
  2⤵
  PID:5836
- C:\Windows\System\FybRfXM.exe
  C:\Windows\System\FybRfXM.exe
  2⤵
  PID:5868
- C:\Windows\System\XZayUta.exe
  C:\Windows\System\XZayUta.exe
  2⤵
  PID:5884
- C:\Windows\System\bmWeAqf.exe
  C:\Windows\System\bmWeAqf.exe
  2⤵
  PID:5900
- C:\Windows\System\KEIatVp.exe
  C:\Windows\System\KEIatVp.exe
  2⤵
  PID:5920
- C:\Windows\System\lCyLjTM.exe
  C:\Windows\System\lCyLjTM.exe
  2⤵
  PID:5936
- C:\Windows\System\aHaJaih.exe
  C:\Windows\System\aHaJaih.exe
  2⤵
  PID:5952
- C:\Windows\System\AKZqjDg.exe
  C:\Windows\System\AKZqjDg.exe
  2⤵
  PID:5968
- C:\Windows\System\gsozmyq.exe
  C:\Windows\System\gsozmyq.exe
  2⤵
  PID:5984
- C:\Windows\System\srPBbIz.exe
  C:\Windows\System\srPBbIz.exe
  2⤵
  PID:6012
- C:\Windows\System\LFvHTOA.exe
  C:\Windows\System\LFvHTOA.exe
  2⤵
  PID:6028
- C:\Windows\System\ahCpxPV.exe
  C:\Windows\System\ahCpxPV.exe
  2⤵
  PID:6044
- C:\Windows\System\JXRuGNq.exe
  C:\Windows\System\JXRuGNq.exe
  2⤵
  PID:6064
- C:\Windows\System\QzwnZPf.exe
  C:\Windows\System\QzwnZPf.exe
  2⤵
  PID:6108
- C:\Windows\System\xmReYLa.exe
  C:\Windows\System\xmReYLa.exe
  2⤵
  PID:6124
- C:\Windows\System\IlkROtx.exe
  C:\Windows\System\IlkROtx.exe
  2⤵
  PID:6140
- C:\Windows\System\IqcEGgn.exe
  C:\Windows\System\IqcEGgn.exe
  2⤵
  PID:5164
- C:\Windows\System\zSQauuo.exe
  C:\Windows\System\zSQauuo.exe
  2⤵
  PID:4832
- C:\Windows\System\DQQvdKr.exe
  C:\Windows\System\DQQvdKr.exe
  2⤵
  PID:5168
- C:\Windows\System\KPHtkqt.exe
  C:\Windows\System\KPHtkqt.exe
  2⤵
  PID:5208
- C:\Windows\System\xcSqDaV.exe
  C:\Windows\System\xcSqDaV.exe
  2⤵
  PID:5240
- C:\Windows\System\aBdxWSh.exe
  C:\Windows\System\aBdxWSh.exe
  2⤵
  PID:5184
- C:\Windows\System\BvhmcVV.exe
  C:\Windows\System\BvhmcVV.exe
  2⤵
  PID:5384
- C:\Windows\System\bnneitR.exe
  C:\Windows\System\bnneitR.exe
  2⤵
  PID:5408
- C:\Windows\System\yuWqcdc.exe
  C:\Windows\System\yuWqcdc.exe
  2⤵
  PID:5396
- C:\Windows\System\kxpZUDe.exe
  C:\Windows\System\kxpZUDe.exe
  2⤵
  PID:5328
- C:\Windows\System\VSeozNk.exe
  C:\Windows\System\VSeozNk.exe
  2⤵
  PID:5400
- C:\Windows\System\vqSGEOa.exe
  C:\Windows\System\vqSGEOa.exe
  2⤵
  PID:5472
- C:\Windows\System\CTafUpT.exe
  C:\Windows\System\CTafUpT.exe
  2⤵
  PID:5512
- C:\Windows\System\QwoXLjA.exe
  C:\Windows\System\QwoXLjA.exe
  2⤵
  PID:5556
- C:\Windows\System\CMFysWl.exe
  C:\Windows\System\CMFysWl.exe
  2⤵
  PID:4984
- C:\Windows\System\oAbkOZG.exe
  C:\Windows\System\oAbkOZG.exe
  2⤵
  PID:5648
- C:\Windows\System\KnazRfu.exe
  C:\Windows\System\KnazRfu.exe
  2⤵
  PID:5616
- C:\Windows\System\wVmSYNp.exe
  C:\Windows\System\wVmSYNp.exe
  2⤵
  PID:5684
- C:\Windows\System\JNBreub.exe
  C:\Windows\System\JNBreub.exe
  2⤵
  PID:5668
- C:\Windows\System\aJviCSV.exe
  C:\Windows\System\aJviCSV.exe
  2⤵
  PID:5716
- C:\Windows\System\KlooIwk.exe
  C:\Windows\System\KlooIwk.exe
  2⤵
  PID:5760
- C:\Windows\System\wkGyhJf.exe
  C:\Windows\System\wkGyhJf.exe
  2⤵
  PID:5792
- C:\Windows\System\YnBYcmL.exe
  C:\Windows\System\YnBYcmL.exe
  2⤵
  PID:5848
- C:\Windows\System\TTaPDXl.exe
  C:\Windows\System\TTaPDXl.exe
  2⤵
  PID:5828
- C:\Windows\System\byTEPSE.exe
  C:\Windows\System\byTEPSE.exe
  2⤵
  PID:5932
- C:\Windows\System\DbmHIkz.exe
  C:\Windows\System\DbmHIkz.exe
  2⤵
  PID:5964
- C:\Windows\System\xcSmlMH.exe
  C:\Windows\System\xcSmlMH.exe
  2⤵
  PID:5944
- C:\Windows\System\tDpRMfP.exe
  C:\Windows\System\tDpRMfP.exe
  2⤵
  PID:6020
- C:\Windows\System\VisltKk.exe
  C:\Windows\System\VisltKk.exe
  2⤵
  PID:5912
- C:\Windows\System\crTwCud.exe
  C:\Windows\System\crTwCud.exe
  2⤵
  PID:6040
- C:\Windows\System\EwNQfik.exe
  C:\Windows\System\EwNQfik.exe
  2⤵
  PID:6132
- C:\Windows\System\JJMLwlA.exe
  C:\Windows\System\JJMLwlA.exe
  2⤵
  PID:6100
- C:\Windows\System\EoFNCZm.exe
  C:\Windows\System\EoFNCZm.exe
  2⤵
  PID:6116
- C:\Windows\System\KdnpFlZ.exe
  C:\Windows\System\KdnpFlZ.exe
  2⤵
  PID:4236
- C:\Windows\System\PfSbvjR.exe
  C:\Windows\System\PfSbvjR.exe
  2⤵
  PID:5272
- C:\Windows\System\BoCSdxt.exe
  C:\Windows\System\BoCSdxt.exe
  2⤵
  PID:5380
- C:\Windows\System\CRhPxQc.exe
  C:\Windows\System\CRhPxQc.exe
  2⤵
  PID:5428
- C:\Windows\System\pOnetUa.exe
  C:\Windows\System\pOnetUa.exe
  2⤵
  PID:5360
- C:\Windows\System\KKbqHhL.exe
  C:\Windows\System\KKbqHhL.exe
  2⤵
  PID:5424
- C:\Windows\System\TkAnqGC.exe
  C:\Windows\System\TkAnqGC.exe
  2⤵
  PID:5544
- C:\Windows\System\FuBGXzO.exe
  C:\Windows\System\FuBGXzO.exe
  2⤵
  PID:5652
- C:\Windows\System\nadrjGy.exe
  C:\Windows\System\nadrjGy.exe
  2⤵
  PID:5728
- C:\Windows\System\hEVzUgm.exe
  C:\Windows\System\hEVzUgm.exe
  2⤵
  PID:5844
- C:\Windows\System\UbgnJWA.exe
  C:\Windows\System\UbgnJWA.exe
  2⤵
  PID:5480
- C:\Windows\System\loCUMxD.exe
  C:\Windows\System\loCUMxD.exe
  2⤵
  PID:5632
- C:\Windows\System\VtztDpC.exe
  C:\Windows\System\VtztDpC.exe
  2⤵
  PID:5824
- C:\Windows\System\CErIOMo.exe
  C:\Windows\System\CErIOMo.exe
  2⤵
  PID:5992
- C:\Windows\System\TdWpgaq.exe
  C:\Windows\System\TdWpgaq.exe
  2⤵
  PID:6136
- C:\Windows\System\LxIKbtd.exe
  C:\Windows\System\LxIKbtd.exe
  2⤵
  PID:5928
- C:\Windows\System\nSdSsdy.exe
  C:\Windows\System\nSdSsdy.exe
  2⤵
  PID:6076
- C:\Windows\System\ZBfszZZ.exe
  C:\Windows\System\ZBfszZZ.exe
  2⤵
  PID:5308
- C:\Windows\System\nxQQDys.exe
  C:\Windows\System\nxQQDys.exe
  2⤵
  PID:6056
- C:\Windows\System\ddjPqKX.exe
  C:\Windows\System\ddjPqKX.exe
  2⤵
  PID:5152
- C:\Windows\System\ByZjJey.exe
  C:\Windows\System\ByZjJey.exe
  2⤵
  PID:5356
- C:\Windows\System\bQOJwCI.exe
  C:\Windows\System\bQOJwCI.exe
  2⤵
  PID:5564
- C:\Windows\System\iKcxcbT.exe
  C:\Windows\System\iKcxcbT.exe
  2⤵
  PID:5416
- C:\Windows\System\CvTseUw.exe
  C:\Windows\System\CvTseUw.exe
  2⤵
  PID:5700
- C:\Windows\System\gkKQcMj.exe
  C:\Windows\System\gkKQcMj.exe
  2⤵
  PID:5788
- C:\Windows\System\KukbUzo.exe
  C:\Windows\System\KukbUzo.exe
  2⤵
  PID:5796
- C:\Windows\System\bgUYfQK.exe
  C:\Windows\System\bgUYfQK.exe
  2⤵
  PID:6088
- C:\Windows\System\crfhrWX.exe
  C:\Windows\System\crfhrWX.exe
  2⤵
  PID:2024
- C:\Windows\System\xFbIJiK.exe
  C:\Windows\System\xFbIJiK.exe
  2⤵
  PID:2312
- C:\Windows\System\LuEFsaJ.exe
  C:\Windows\System\LuEFsaJ.exe
  2⤵
  PID:6024
- C:\Windows\System\jiRPTuO.exe
  C:\Windows\System\jiRPTuO.exe
  2⤵
  PID:5344
- C:\Windows\System\GDpfLgr.exe
  C:\Windows\System\GDpfLgr.exe
  2⤵
  PID:5124
- C:\Windows\System\fEVtyjq.exe
  C:\Windows\System\fEVtyjq.exe
  2⤵
  PID:5376
- C:\Windows\System\nwTtKbS.exe
  C:\Windows\System\nwTtKbS.exe
  2⤵
  PID:5896
- C:\Windows\System\sgOTvuK.exe
  C:\Windows\System\sgOTvuK.exe
  2⤵
  PID:5736
- C:\Windows\System\rtyRQuh.exe
  C:\Windows\System\rtyRQuh.exe
  2⤵
  PID:5756
- C:\Windows\System\LDREZht.exe
  C:\Windows\System\LDREZht.exe
  2⤵
  PID:5996
- C:\Windows\System\CjeSyCC.exe
  C:\Windows\System\CjeSyCC.exe
  2⤵
  PID:5880
- C:\Windows\System\VpgTsJT.exe
  C:\Windows\System\VpgTsJT.exe
  2⤵
  PID:6052
- C:\Windows\System\OCoHhFd.exe
  C:\Windows\System\OCoHhFd.exe
  2⤵
  PID:5140
- C:\Windows\System\RDGpDKc.exe
  C:\Windows\System\RDGpDKc.exe
  2⤵
  PID:5612
- C:\Windows\System\YgNPBfu.exe
  C:\Windows\System\YgNPBfu.exe
  2⤵
  PID:5812
- C:\Windows\System\PhhJDsF.exe
  C:\Windows\System\PhhJDsF.exe
  2⤵
  PID:5580
- C:\Windows\System\CFtsmzb.exe
  C:\Windows\System\CFtsmzb.exe
  2⤵
  PID:6000
- C:\Windows\System\wLdhnBl.exe
  C:\Windows\System\wLdhnBl.exe
  2⤵
  PID:3864
- C:\Windows\System\LmMMvaY.exe
  C:\Windows\System\LmMMvaY.exe
  2⤵
  PID:6148
- C:\Windows\System\AnCaJta.exe
  C:\Windows\System\AnCaJta.exe
  2⤵
  PID:6172
- C:\Windows\System\bKjvwsy.exe
  C:\Windows\System\bKjvwsy.exe
  2⤵
  PID:6192
- C:\Windows\System\UuFBkdV.exe
  C:\Windows\System\UuFBkdV.exe
  2⤵
  PID:6208
- C:\Windows\System\BZpSfyv.exe
  C:\Windows\System\BZpSfyv.exe
  2⤵
  PID:6224
- C:\Windows\System\JTkkSZO.exe
  C:\Windows\System\JTkkSZO.exe
  2⤵
  PID:6240
- C:\Windows\System\iVfPzab.exe
  C:\Windows\System\iVfPzab.exe
  2⤵
  PID:6256
- C:\Windows\System\nyLsPbg.exe
  C:\Windows\System\nyLsPbg.exe
  2⤵
  PID:6272
- C:\Windows\System\HxCWBsd.exe
  C:\Windows\System\HxCWBsd.exe
  2⤵
  PID:6288
- C:\Windows\System\QRzVROj.exe
  C:\Windows\System\QRzVROj.exe
  2⤵
  PID:6304
- C:\Windows\System\GkxMUju.exe
  C:\Windows\System\GkxMUju.exe
  2⤵
  PID:6320
- C:\Windows\System\XbUiHsS.exe
  C:\Windows\System\XbUiHsS.exe
  2⤵
  PID:6384
- C:\Windows\System\PuRYCrh.exe
  C:\Windows\System\PuRYCrh.exe
  2⤵
  PID:6404
- C:\Windows\System\sLTJeum.exe
  C:\Windows\System\sLTJeum.exe
  2⤵
  PID:6424
- C:\Windows\System\EADrWyU.exe
  C:\Windows\System\EADrWyU.exe
  2⤵
  PID:6444
- C:\Windows\System\yFSNJuR.exe
  C:\Windows\System\yFSNJuR.exe
  2⤵
  PID:6464
- C:\Windows\System\SvLHhNn.exe
  C:\Windows\System\SvLHhNn.exe
  2⤵
  PID:6484
- C:\Windows\System\VJwJLku.exe
  C:\Windows\System\VJwJLku.exe
  2⤵
  PID:6500
- C:\Windows\System\QnMeCDM.exe
  C:\Windows\System\QnMeCDM.exe
  2⤵
  PID:6516
- C:\Windows\System\AgWWsVJ.exe
  C:\Windows\System\AgWWsVJ.exe
  2⤵
  PID:6532
- C:\Windows\System\QWuhmpI.exe
  C:\Windows\System\QWuhmpI.exe
  2⤵
  PID:6548
- C:\Windows\System\rojLtpK.exe
  C:\Windows\System\rojLtpK.exe
  2⤵
  PID:6580
- C:\Windows\System\ZfteIlp.exe
  C:\Windows\System\ZfteIlp.exe
  2⤵
  PID:6596
- C:\Windows\System\xiZvZuR.exe
  C:\Windows\System\xiZvZuR.exe
  2⤵
  PID:6612
- C:\Windows\System\ZTlowYC.exe
  C:\Windows\System\ZTlowYC.exe
  2⤵
  PID:6628
- C:\Windows\System\JUzPZBK.exe
  C:\Windows\System\JUzPZBK.exe
  2⤵
  PID:6644
- C:\Windows\System\JsSLOXr.exe
  C:\Windows\System\JsSLOXr.exe
  2⤵
  PID:6660
- C:\Windows\System\sLxDYhM.exe
  C:\Windows\System\sLxDYhM.exe
  2⤵
  PID:6676
- C:\Windows\System\vsKkOwT.exe
  C:\Windows\System\vsKkOwT.exe
  2⤵
  PID:6692
- C:\Windows\System\oXwDAeR.exe
  C:\Windows\System\oXwDAeR.exe
  2⤵
  PID:6708
- C:\Windows\System\VwYcaqW.exe
  C:\Windows\System\VwYcaqW.exe
  2⤵
  PID:6724
- C:\Windows\System\qoHwXAc.exe
  C:\Windows\System\qoHwXAc.exe
  2⤵
  PID:6752
- C:\Windows\System\GKJGXZk.exe
  C:\Windows\System\GKJGXZk.exe
  2⤵
  PID:6772
- C:\Windows\System\URerVWz.exe
  C:\Windows\System\URerVWz.exe
  2⤵
  PID:6788
- C:\Windows\System\mJWEGfn.exe
  C:\Windows\System\mJWEGfn.exe
  2⤵
  PID:6804
- C:\Windows\System\pgRLkGs.exe
  C:\Windows\System\pgRLkGs.exe
  2⤵
  PID:6820
- C:\Windows\System\uqHDqWJ.exe
  C:\Windows\System\uqHDqWJ.exe
  2⤵
  PID:6840
- C:\Windows\System\qmAClNM.exe
  C:\Windows\System\qmAClNM.exe
  2⤵
  PID:6856
- C:\Windows\System\uSquzlD.exe
  C:\Windows\System\uSquzlD.exe
  2⤵
  PID:6876
- C:\Windows\System\EabBsfx.exe
  C:\Windows\System\EabBsfx.exe
  2⤵
  PID:6892
- C:\Windows\System\Viccspn.exe
  C:\Windows\System\Viccspn.exe
  2⤵
  PID:6908
- C:\Windows\System\OCDlOpE.exe
  C:\Windows\System\OCDlOpE.exe
  2⤵
  PID:6924
- C:\Windows\System\SYdMMFW.exe
  C:\Windows\System\SYdMMFW.exe
  2⤵
  PID:6940
- C:\Windows\System\FvzSkMK.exe
  C:\Windows\System\FvzSkMK.exe
  2⤵
  PID:6956
- C:\Windows\System\rqpJeJy.exe
  C:\Windows\System\rqpJeJy.exe
  2⤵
  PID:6980
- C:\Windows\System\cdPxhlm.exe
  C:\Windows\System\cdPxhlm.exe
  2⤵
  PID:6996
- C:\Windows\System\XvoFomG.exe
  C:\Windows\System\XvoFomG.exe
  2⤵
  PID:7012
- C:\Windows\System\AbDFTuL.exe
  C:\Windows\System\AbDFTuL.exe
  2⤵
  PID:7028
- C:\Windows\System\xwQYmSP.exe
  C:\Windows\System\xwQYmSP.exe
  2⤵
  PID:7044
- C:\Windows\System\EDWusSw.exe
  C:\Windows\System\EDWusSw.exe
  2⤵
  PID:7060
- C:\Windows\System\IiFZbZD.exe
  C:\Windows\System\IiFZbZD.exe
  2⤵
  PID:7076
- C:\Windows\System\DwlAYpP.exe
  C:\Windows\System\DwlAYpP.exe
  2⤵
  PID:7092
- C:\Windows\System\aHKEvHW.exe
  C:\Windows\System\aHKEvHW.exe
  2⤵
  PID:7108
- C:\Windows\System\vYGXgPQ.exe
  C:\Windows\System\vYGXgPQ.exe
  2⤵
  PID:7124
- C:\Windows\System\QTKNFdf.exe
  C:\Windows\System\QTKNFdf.exe
  2⤵
  PID:7140
- C:\Windows\System\LNODQbT.exe
  C:\Windows\System\LNODQbT.exe
  2⤵
  PID:7156
- C:\Windows\System\khJJqYb.exe
  C:\Windows\System\khJJqYb.exe
  2⤵
  PID:6036
- C:\Windows\System\CjhOkkW.exe
  C:\Windows\System\CjhOkkW.exe
  2⤵
  PID:6168
- C:\Windows\System\KUcwVhZ.exe
  C:\Windows\System\KUcwVhZ.exe
  2⤵
  PID:5576
- C:\Windows\System\XTugZhq.exe
  C:\Windows\System\XTugZhq.exe
  2⤵
  PID:5256
- C:\Windows\System\WqkOHWW.exe
  C:\Windows\System\WqkOHWW.exe
  2⤵
  PID:5560
- C:\Windows\System\hJWylXX.exe
  C:\Windows\System\hJWylXX.exe
  2⤵
  PID:3004
- C:\Windows\System\izhKxLs.exe
  C:\Windows\System\izhKxLs.exe
  2⤵
  PID:6252
- C:\Windows\System\bmJwNRD.exe
  C:\Windows\System\bmJwNRD.exe
  2⤵
  PID:6392
- C:\Windows\System\QSRdxvj.exe
  C:\Windows\System\QSRdxvj.exe
  2⤵
  PID:6300
- C:\Windows\System\HzWgkuw.exe
  C:\Windows\System\HzWgkuw.exe
  2⤵
  PID:1892
- C:\Windows\System\QTibjAS.exe
  C:\Windows\System\QTibjAS.exe
  2⤵
  PID:1380
- C:\Windows\System\xpSoLQs.exe
  C:\Windows\System\xpSoLQs.exe
  2⤵
  PID:6352
- C:\Windows\System\PqlVMpc.exe
  C:\Windows\System\PqlVMpc.exe
  2⤵
  PID:6368
- C:\Windows\System\unrtNFa.exe
  C:\Windows\System\unrtNFa.exe
  2⤵
  PID:6204
- C:\Windows\System\Yqqmnqc.exe
  C:\Windows\System\Yqqmnqc.exe
  2⤵
  PID:6452
- C:\Windows\System\pFHACsC.exe
  C:\Windows\System\pFHACsC.exe
  2⤵
  PID:6496
- C:\Windows\System\zJYLcZR.exe
  C:\Windows\System\zJYLcZR.exe
  2⤵
  PID:6560
- C:\Windows\System\YzYHArq.exe
  C:\Windows\System\YzYHArq.exe
  2⤵
  PID:6576
- C:\Windows\System\SclTwFw.exe
  C:\Windows\System\SclTwFw.exe
  2⤵
  PID:6436
- C:\Windows\System\AxUoQwh.exe
  C:\Windows\System\AxUoQwh.exe
  2⤵
  PID:6480
- C:\Windows\System\cZQAspF.exe
  C:\Windows\System\cZQAspF.exe
  2⤵
  PID:6640
- C:\Windows\System\jBwErJo.exe
  C:\Windows\System\jBwErJo.exe
  2⤵
  PID:6656
- C:\Windows\System\eTGpbRh.exe
  C:\Windows\System\eTGpbRh.exe
  2⤵
  PID:6668
- C:\Windows\System\PzGcdjT.exe
  C:\Windows\System\PzGcdjT.exe
  2⤵
  PID:6732
- C:\Windows\System\sAusAht.exe
  C:\Windows\System\sAusAht.exe
  2⤵
  PID:6780
- C:\Windows\System\IuBdXNd.exe
  C:\Windows\System\IuBdXNd.exe
  2⤵
  PID:6736
- C:\Windows\System\FfEhJWR.exe
  C:\Windows\System\FfEhJWR.exe
  2⤵
  PID:6888
- C:\Windows\System\TVyHKcQ.exe
  C:\Windows\System\TVyHKcQ.exe
  2⤵
  PID:6948
- C:\Windows\System\AyAUONN.exe
  C:\Windows\System\AyAUONN.exe
  2⤵
  PID:6720
- C:\Windows\System\DDqPcSv.exe
  C:\Windows\System\DDqPcSv.exe
  2⤵
  PID:6760
- C:\Windows\System\LRtTsBH.exe
  C:\Windows\System\LRtTsBH.exe
  2⤵
  PID:7052
- C:\Windows\System\YCTRJXe.exe
  C:\Windows\System\YCTRJXe.exe
  2⤵
  PID:7116
- C:\Windows\System\WqVIUod.exe
  C:\Windows\System\WqVIUod.exe
  2⤵
  PID:6800
- C:\Windows\System\hUyAdXg.exe
  C:\Windows\System\hUyAdXg.exe
  2⤵
  PID:7152
- C:\Windows\System\CKlbbbX.exe
  C:\Windows\System\CKlbbbX.exe
  2⤵
  PID:6312
- C:\Windows\System\mWPZDcB.exe
  C:\Windows\System\mWPZDcB.exe
  2⤵
  PID:6832
- C:\Windows\System\AFeyVHe.exe
  C:\Windows\System\AFeyVHe.exe
  2⤵
  PID:6872
- C:\Windows\System\PAmOdnR.exe
  C:\Windows\System\PAmOdnR.exe
  2⤵
  PID:6936
- C:\Windows\System\oMcYRBy.exe
  C:\Windows\System\oMcYRBy.exe
  2⤵
  PID:6968
- C:\Windows\System\XgUoelb.exe
  C:\Windows\System\XgUoelb.exe
  2⤵
  PID:6344
- C:\Windows\System\gxECPSv.exe
  C:\Windows\System\gxECPSv.exe
  2⤵
  PID:6460
- C:\Windows\System\JRZpfRS.exe
  C:\Windows\System\JRZpfRS.exe
  2⤵
  PID:7164
- C:\Windows\System\tfuxviB.exe
  C:\Windows\System\tfuxviB.exe
  2⤵
  PID:7036
- C:\Windows\System\sNnvygV.exe
  C:\Windows\System\sNnvygV.exe
  2⤵
  PID:7104
- C:\Windows\System\aeyAOqz.exe
  C:\Windows\System\aeyAOqz.exe
  2⤵
  PID:6216
- C:\Windows\System\fBtutJE.exe
  C:\Windows\System\fBtutJE.exe
  2⤵
  PID:6360
- C:\Windows\System\tjtGNql.exe
  C:\Windows\System\tjtGNql.exe
  2⤵
  PID:6400
- C:\Windows\System\lGSvbGS.exe
  C:\Windows\System\lGSvbGS.exe
  2⤵
  PID:6476
- C:\Windows\System\XbnKupK.exe
  C:\Windows\System\XbnKupK.exe
  2⤵
  PID:6704
- C:\Windows\System\VCOXFZW.exe
  C:\Windows\System\VCOXFZW.exe
  2⤵
  PID:6988
- C:\Windows\System\ugDjsuv.exe
  C:\Windows\System\ugDjsuv.exe
  2⤵
  PID:7088
- C:\Windows\System\yFlLPAU.exe
  C:\Windows\System\yFlLPAU.exe
  2⤵
  PID:6280
- C:\Windows\System\mehrMGx.exe
  C:\Windows\System\mehrMGx.exe
  2⤵
  PID:6336
- C:\Windows\System\mkxqURz.exe
  C:\Windows\System\mkxqURz.exe
  2⤵
  PID:7072
- C:\Windows\System\InxGaTq.exe
  C:\Windows\System\InxGaTq.exe
  2⤵
  PID:6556
- C:\Windows\System\SVKsFpd.exe
  C:\Windows\System\SVKsFpd.exe
  2⤵
  PID:6472
- C:\Windows\System\rLmNrqB.exe
  C:\Windows\System\rLmNrqB.exe
  2⤵
  PID:6624
- C:\Windows\System\ErKKzVZ.exe
  C:\Windows\System\ErKKzVZ.exe
  2⤵
  PID:6376
- C:\Windows\System\EIZWFeX.exe
  C:\Windows\System\EIZWFeX.exe
  2⤵
  PID:6852
- C:\Windows\System\IyWGxLI.exe
  C:\Windows\System\IyWGxLI.exe
  2⤵
  PID:7020
- C:\Windows\System\PPtPxID.exe
  C:\Windows\System\PPtPxID.exe
  2⤵
  PID:6248
- C:\Windows\System\HxgqUTA.exe
  C:\Windows\System\HxgqUTA.exe
  2⤵
  PID:7100
- C:\Windows\System\vlKeAhO.exe
  C:\Windows\System\vlKeAhO.exe
  2⤵
  PID:2300
- C:\Windows\System\ZvCghmi.exe
  C:\Windows\System\ZvCghmi.exe
  2⤵
  PID:6700
- C:\Windows\System\mSxvuxw.exe
  C:\Windows\System\mSxvuxw.exe
  2⤵
  PID:7068
- C:\Windows\System\GlVFUkO.exe
  C:\Windows\System\GlVFUkO.exe
  2⤵
  PID:6188
- C:\Windows\System\sQhvTGR.exe
  C:\Windows\System\sQhvTGR.exe
  2⤵
  PID:6540
- C:\Windows\System\BZSqCof.exe
  C:\Windows\System\BZSqCof.exe
  2⤵
  PID:7008
- C:\Windows\System\bwmTjbX.exe
  C:\Windows\System\bwmTjbX.exe
  2⤵
  PID:6572
- C:\Windows\System\ToozOuV.exe
  C:\Windows\System\ToozOuV.exe
  2⤵
  PID:6420
- C:\Windows\System\PJzycZD.exe
  C:\Windows\System\PJzycZD.exe
  2⤵
  PID:6744
- C:\Windows\System\xuCoHkD.exe
  C:\Windows\System\xuCoHkD.exe
  2⤵
  PID:6868
- C:\Windows\System\qJfxGom.exe
  C:\Windows\System\qJfxGom.exe
  2⤵
  PID:6768
- C:\Windows\System\dXpDpGM.exe
  C:\Windows\System\dXpDpGM.exe
  2⤵
  PID:7176
- C:\Windows\System\pWOmQRt.exe
  C:\Windows\System\pWOmQRt.exe
  2⤵
  PID:7192
- C:\Windows\System\KnYyFwj.exe
  C:\Windows\System\KnYyFwj.exe
  2⤵
  PID:7208
- C:\Windows\System\wPkPCar.exe
  C:\Windows\System\wPkPCar.exe
  2⤵
  PID:7224
- C:\Windows\System\CpztrAq.exe
  C:\Windows\System\CpztrAq.exe
  2⤵
  PID:7240
- C:\Windows\System\hnsWjxf.exe
  C:\Windows\System\hnsWjxf.exe
  2⤵
  PID:7260
- C:\Windows\System\WbjJKmm.exe
  C:\Windows\System\WbjJKmm.exe
  2⤵
  PID:7276
- C:\Windows\System\AGkLqDi.exe
  C:\Windows\System\AGkLqDi.exe
  2⤵
  PID:7292
- C:\Windows\System\KBAfLaf.exe
  C:\Windows\System\KBAfLaf.exe
  2⤵
  PID:7308
- C:\Windows\System\azDOuyh.exe
  C:\Windows\System\azDOuyh.exe
  2⤵
  PID:7324
- C:\Windows\System\pKxYtob.exe
  C:\Windows\System\pKxYtob.exe
  2⤵
  PID:7340
- C:\Windows\System\fbmBrpj.exe
  C:\Windows\System\fbmBrpj.exe
  2⤵
  PID:7356
- C:\Windows\System\Dpavyjq.exe
  C:\Windows\System\Dpavyjq.exe
  2⤵
  PID:7372
- C:\Windows\System\eBsltGg.exe
  C:\Windows\System\eBsltGg.exe
  2⤵
  PID:7388
- C:\Windows\System\OWRHZDa.exe
  C:\Windows\System\OWRHZDa.exe
  2⤵
  PID:7404
- C:\Windows\System\nfPZHVO.exe
  C:\Windows\System\nfPZHVO.exe
  2⤵
  PID:7420
- C:\Windows\System\JrRqzMy.exe
  C:\Windows\System\JrRqzMy.exe
  2⤵
  PID:7436
- C:\Windows\System\DKdAGsj.exe
  C:\Windows\System\DKdAGsj.exe
  2⤵
  PID:7452
- C:\Windows\System\mrsqmcP.exe
  C:\Windows\System\mrsqmcP.exe
  2⤵
  PID:7468
- C:\Windows\System\fyXdCvs.exe
  C:\Windows\System\fyXdCvs.exe
  2⤵
  PID:7484
- C:\Windows\System\LnjKxLo.exe
  C:\Windows\System\LnjKxLo.exe
  2⤵
  PID:7500
- C:\Windows\System\vHgQovD.exe
  C:\Windows\System\vHgQovD.exe
  2⤵
  PID:7516
- C:\Windows\System\tGBQxOo.exe
  C:\Windows\System\tGBQxOo.exe
  2⤵
  PID:7532
- C:\Windows\System\WsaIfkg.exe
  C:\Windows\System\WsaIfkg.exe
  2⤵
  PID:7548
- C:\Windows\System\gUMWZfc.exe
  C:\Windows\System\gUMWZfc.exe
  2⤵
  PID:7564
- C:\Windows\System\rhdeusb.exe
  C:\Windows\System\rhdeusb.exe
  2⤵
  PID:7580
- C:\Windows\System\AHjDJbP.exe
  C:\Windows\System\AHjDJbP.exe
  2⤵
  PID:7596
- C:\Windows\System\oRHJBHW.exe
  C:\Windows\System\oRHJBHW.exe
  2⤵
  PID:7612
- C:\Windows\System\XYhIdwt.exe
  C:\Windows\System\XYhIdwt.exe
  2⤵
  PID:7628
- C:\Windows\System\ZthmcbL.exe
  C:\Windows\System\ZthmcbL.exe
  2⤵
  PID:7644
- C:\Windows\System\WnnIDIn.exe
  C:\Windows\System\WnnIDIn.exe
  2⤵
  PID:7660
- C:\Windows\System\mOpiRDt.exe
  C:\Windows\System\mOpiRDt.exe
  2⤵
  PID:7676
- C:\Windows\System\gpollFO.exe
  C:\Windows\System\gpollFO.exe
  2⤵
  PID:7692
- C:\Windows\System\kjvlwhq.exe
  C:\Windows\System\kjvlwhq.exe
  2⤵
  PID:7708
- C:\Windows\System\DjKrbii.exe
  C:\Windows\System\DjKrbii.exe
  2⤵
  PID:7724
- C:\Windows\System\YnqCqQb.exe
  C:\Windows\System\YnqCqQb.exe
  2⤵
  PID:7740
- C:\Windows\System\AWYGQAH.exe
  C:\Windows\System\AWYGQAH.exe
  2⤵
  PID:7756
- C:\Windows\System\HknPkOB.exe
  C:\Windows\System\HknPkOB.exe
  2⤵
  PID:7772
- C:\Windows\System\VGnvPrJ.exe
  C:\Windows\System\VGnvPrJ.exe
  2⤵
  PID:7788
- C:\Windows\System\iaTQMcs.exe
  C:\Windows\System\iaTQMcs.exe
  2⤵
  PID:7804
- C:\Windows\System\WWgFUzy.exe
  C:\Windows\System\WWgFUzy.exe
  2⤵
  PID:7820
- C:\Windows\System\GmYlYYU.exe
  C:\Windows\System\GmYlYYU.exe
  2⤵
  PID:7836
- C:\Windows\System\vsFstsy.exe
  C:\Windows\System\vsFstsy.exe
  2⤵
  PID:7852
- C:\Windows\System\BHNrHRh.exe
  C:\Windows\System\BHNrHRh.exe
  2⤵
  PID:7868
- C:\Windows\System\wFgabee.exe
  C:\Windows\System\wFgabee.exe
  2⤵
  PID:7884
- C:\Windows\System\EcJJhrs.exe
  C:\Windows\System\EcJJhrs.exe
  2⤵
  PID:7900
- C:\Windows\System\fIZgTyB.exe
  C:\Windows\System\fIZgTyB.exe
  2⤵
  PID:7916
- C:\Windows\System\qBSSnWS.exe
  C:\Windows\System\qBSSnWS.exe
  2⤵
  PID:7932
- C:\Windows\System\jsyzNFi.exe
  C:\Windows\System\jsyzNFi.exe
  2⤵
  PID:7948
- C:\Windows\System\gMgTmOS.exe
  C:\Windows\System\gMgTmOS.exe
  2⤵
  PID:7964
- C:\Windows\System\peEHdlV.exe
  C:\Windows\System\peEHdlV.exe
  2⤵
  PID:7980
- C:\Windows\System\PmjQAjC.exe
  C:\Windows\System\PmjQAjC.exe
  2⤵
  PID:7996
- C:\Windows\System\DdzhHkB.exe
  C:\Windows\System\DdzhHkB.exe
  2⤵
  PID:8012
- C:\Windows\System\hfxsGcD.exe
  C:\Windows\System\hfxsGcD.exe
  2⤵
  PID:8028
- C:\Windows\System\xetWuYz.exe
  C:\Windows\System\xetWuYz.exe
  2⤵
  PID:8044
- C:\Windows\System\RInQsTM.exe
  C:\Windows\System\RInQsTM.exe
  2⤵
  PID:8060
- C:\Windows\System\ofpSYno.exe
  C:\Windows\System\ofpSYno.exe
  2⤵
  PID:8080
- C:\Windows\System\pLAWEOB.exe
  C:\Windows\System\pLAWEOB.exe
  2⤵
  PID:8100
- C:\Windows\System\YBNDFXk.exe
  C:\Windows\System\YBNDFXk.exe
  2⤵
  PID:8124
- C:\Windows\System\VfYBjHa.exe
  C:\Windows\System\VfYBjHa.exe
  2⤵
  PID:8140
- C:\Windows\System\ZcNPRZz.exe
  C:\Windows\System\ZcNPRZz.exe
  2⤵
  PID:8156
- C:\Windows\System\kMCejaz.exe
  C:\Windows\System\kMCejaz.exe
  2⤵
  PID:8172
- C:\Windows\System\hhBFSAU.exe
  C:\Windows\System\hhBFSAU.exe
  2⤵
  PID:8188
- C:\Windows\System\UpnRiVA.exe
  C:\Windows\System\UpnRiVA.exe
  2⤵
  PID:7204
- C:\Windows\System\lbDQqjZ.exe
  C:\Windows\System\lbDQqjZ.exe
  2⤵
  PID:6920
- C:\Windows\System\DrAAvqg.exe
  C:\Windows\System\DrAAvqg.exe
  2⤵
  PID:7272
- C:\Windows\System\PycyhMy.exe
  C:\Windows\System\PycyhMy.exe
  2⤵
  PID:7304
- C:\Windows\System\ffvZhRv.exe
  C:\Windows\System\ffvZhRv.exe
  2⤵
  PID:6932
- C:\Windows\System\cdAZvIR.exe
  C:\Windows\System\cdAZvIR.exe
  2⤵
  PID:7252
- C:\Windows\System\EISsMFb.exe
  C:\Windows\System\EISsMFb.exe
  2⤵
  PID:7320
- C:\Windows\System\aNyHOaj.exe
  C:\Windows\System\aNyHOaj.exe
  2⤵
  PID:7368
- C:\Windows\System\BCluXNm.exe
  C:\Windows\System\BCluXNm.exe
  2⤵
  PID:7432
- C:\Windows\System\SvwsWXC.exe
  C:\Windows\System\SvwsWXC.exe
  2⤵
  PID:7380
- C:\Windows\System\zgyvWAF.exe
  C:\Windows\System\zgyvWAF.exe
  2⤵
  PID:7412
- C:\Windows\System\HUcIXsp.exe
  C:\Windows\System\HUcIXsp.exe
  2⤵
  PID:7448
- C:\Windows\System\kCAnqjf.exe
  C:\Windows\System\kCAnqjf.exe
  2⤵
  PID:7524
- C:\Windows\System\UsyUkGc.exe
  C:\Windows\System\UsyUkGc.exe
  2⤵
  PID:7512
- C:\Windows\System\BznecdR.exe
  C:\Windows\System\BznecdR.exe
  2⤵
  PID:7588
- C:\Windows\System\IULgKJX.exe
  C:\Windows\System\IULgKJX.exe
  2⤵
  PID:7652
- C:\Windows\System\eomOYNk.exe
  C:\Windows\System\eomOYNk.exe
  2⤵
  PID:7716
- C:\Windows\System\dQozsGd.exe
  C:\Windows\System\dQozsGd.exe
  2⤵
  PID:7572
- C:\Windows\System\xiNGnHw.exe
  C:\Windows\System\xiNGnHw.exe
  2⤵
  PID:7668
- C:\Windows\System\KpPxNcO.exe
  C:\Windows\System\KpPxNcO.exe
  2⤵
  PID:7640
- C:\Windows\System\YFVunws.exe
  C:\Windows\System\YFVunws.exe
  2⤵
  PID:7736
- C:\Windows\System\fChEdbs.exe
  C:\Windows\System\fChEdbs.exe
  2⤵
  PID:7816
- C:\Windows\System\TuHPanZ.exe
  C:\Windows\System\TuHPanZ.exe
  2⤵
  PID:7844
- C:\Windows\System\ZOmpmOY.exe
  C:\Windows\System\ZOmpmOY.exe
  2⤵
  PID:7912
- C:\Windows\System\UvhzgDC.exe
  C:\Windows\System\UvhzgDC.exe
  2⤵
  PID:8008
- C:\Windows\System\dISJCJt.exe
  C:\Windows\System\dISJCJt.exe
  2⤵
  PID:7832
- C:\Windows\System\yimIphT.exe
  C:\Windows\System\yimIphT.exe
  2⤵
  PID:7828
- C:\Windows\System\XCwDlmH.exe
  C:\Windows\System\XCwDlmH.exe
  2⤵
  PID:7892
- C:\Windows\System\muuuNqM.exe
  C:\Windows\System\muuuNqM.exe
  2⤵
  PID:7960
- C:\Windows\System\omWGjxU.exe
  C:\Windows\System\omWGjxU.exe
  2⤵
  PID:8052
- C:\Windows\System\ottKgWm.exe
  C:\Windows\System\ottKgWm.exe
  2⤵
  PID:8076
- C:\Windows\System\rPLKgiC.exe
  C:\Windows\System\rPLKgiC.exe
  2⤵
  PID:8112
- C:\Windows\System\wigVisD.exe
  C:\Windows\System\wigVisD.exe
  2⤵
  PID:8152
- C:\Windows\System\NdHvlYM.exe
  C:\Windows\System\NdHvlYM.exe
  2⤵
  PID:6164
- C:\Windows\System\ZCZlrQb.exe
  C:\Windows\System\ZCZlrQb.exe
  2⤵
  PID:7172
- C:\Windows\System\nYHdKAr.exe
  C:\Windows\System\nYHdKAr.exe
  2⤵
  PID:7200
- C:\Windows\System\NwdMncw.exe
  C:\Windows\System\NwdMncw.exe
  2⤵
  PID:7288
- C:\Windows\System\SmwdtEj.exe
  C:\Windows\System\SmwdtEj.exe
  2⤵
  PID:7384
- C:\Windows\System\wdpBHjm.exe
  C:\Windows\System\wdpBHjm.exe
  2⤵
  PID:7480
- C:\Windows\System\sDkzzLx.exe
  C:\Windows\System\sDkzzLx.exe
  2⤵
  PID:7608
- C:\Windows\System\NvagToO.exe
  C:\Windows\System\NvagToO.exe
  2⤵
  PID:7880
- C:\Windows\System\iCFBJDz.exe
  C:\Windows\System\iCFBJDz.exe
  2⤵
  PID:7556
- C:\Windows\System\IhKySZB.exe
  C:\Windows\System\IhKySZB.exe
  2⤵
  PID:6620
- C:\Windows\System\iOnLdUg.exe
  C:\Windows\System\iOnLdUg.exe
  2⤵
  PID:7300
- C:\Windows\System\KrdPaWw.exe
  C:\Windows\System\KrdPaWw.exe
  2⤵
  PID:6316
- C:\Windows\System\vtcNgjG.exe
  C:\Windows\System\vtcNgjG.exe
  2⤵
  PID:7764
- C:\Windows\System\CwlYMFD.exe
  C:\Windows\System\CwlYMFD.exe
  2⤵
  PID:7784
- C:\Windows\System\mbQFixb.exe
  C:\Windows\System\mbQFixb.exe
  2⤵
  PID:7188
- C:\Windows\System\ClvJGyb.exe
  C:\Windows\System\ClvJGyb.exe
  2⤵
  PID:7624
- C:\Windows\System\ItdutXi.exe
  C:\Windows\System\ItdutXi.exe
  2⤵
  PID:7256
- C:\Windows\System\MSUCBng.exe
  C:\Windows\System\MSUCBng.exe
  2⤵
  PID:8168
- C:\Windows\System\wgYDbLq.exe
  C:\Windows\System\wgYDbLq.exe
  2⤵
  PID:8164
- C:\Windows\System\NaZuLVH.exe
  C:\Windows\System\NaZuLVH.exe
  2⤵
  PID:8148
- C:\Windows\System\MPoPIZp.exe
  C:\Windows\System\MPoPIZp.exe
  2⤵
  PID:7780
- C:\Windows\System\tSPceBp.exe
  C:\Windows\System\tSPceBp.exe
  2⤵
  PID:7972
- C:\Windows\System\JIIpfcu.exe
  C:\Windows\System\JIIpfcu.exe
  2⤵
  PID:7684
- C:\Windows\System\JRXoUBg.exe
  C:\Windows\System\JRXoUBg.exe
  2⤵
  PID:7336
- C:\Windows\System\wJJrxkg.exe
  C:\Windows\System\wJJrxkg.exe
  2⤵
  PID:7752
- C:\Windows\System\svwsUrN.exe
  C:\Windows\System\svwsUrN.exe
  2⤵
  PID:7928
- C:\Windows\System\fLtPvzJ.exe
  C:\Windows\System\fLtPvzJ.exe
  2⤵
  PID:7704
- C:\Windows\System\PGZUDkj.exe
  C:\Windows\System\PGZUDkj.exe
  2⤵
  PID:7364
- C:\Windows\System\VTzlLog.exe
  C:\Windows\System\VTzlLog.exe
  2⤵
  PID:7220
- C:\Windows\System\zKzAYAl.exe
  C:\Windows\System\zKzAYAl.exe
  2⤵
  PID:8036
- C:\Windows\System\AlxXlWv.exe
  C:\Windows\System\AlxXlWv.exe
  2⤵
  PID:8108
- C:\Windows\System\PsxTAqK.exe
  C:\Windows\System\PsxTAqK.exe
  2⤵
  PID:7956
- C:\Windows\System\wrKSHrI.exe
  C:\Windows\System\wrKSHrI.exe
  2⤵
  PID:8204
- C:\Windows\System\SbLBpPH.exe
  C:\Windows\System\SbLBpPH.exe
  2⤵
  PID:8220
- C:\Windows\System\WcOyoMo.exe
  C:\Windows\System\WcOyoMo.exe
  2⤵
  PID:8236
- C:\Windows\System\msCoZOq.exe
  C:\Windows\System\msCoZOq.exe
  2⤵
  PID:8252
- C:\Windows\System\OUovSEM.exe
  C:\Windows\System\OUovSEM.exe
  2⤵
  PID:8268
- C:\Windows\System\iygCyIt.exe
  C:\Windows\System\iygCyIt.exe
  2⤵
  PID:8284
- C:\Windows\System\wUJHWVm.exe
  C:\Windows\System\wUJHWVm.exe
  2⤵
  PID:8300
- C:\Windows\System\bJkYmXe.exe
  C:\Windows\System\bJkYmXe.exe
  2⤵
  PID:8316
- C:\Windows\System\GKnyDPS.exe
  C:\Windows\System\GKnyDPS.exe
  2⤵
  PID:8332
- C:\Windows\System\gTDUmtS.exe
  C:\Windows\System\gTDUmtS.exe
  2⤵
  PID:8348
- C:\Windows\System\ylxnpMr.exe
  C:\Windows\System\ylxnpMr.exe
  2⤵
  PID:8364
- C:\Windows\System\dMtXNbo.exe
  C:\Windows\System\dMtXNbo.exe
  2⤵
  PID:8380
- C:\Windows\System\VAPdglx.exe
  C:\Windows\System\VAPdglx.exe
  2⤵
  PID:8396
- C:\Windows\System\PqYMcWv.exe
  C:\Windows\System\PqYMcWv.exe
  2⤵
  PID:8412
- C:\Windows\System\xfaxQNm.exe
  C:\Windows\System\xfaxQNm.exe
  2⤵
  PID:8428
- C:\Windows\System\WniRAhx.exe
  C:\Windows\System\WniRAhx.exe
  2⤵
  PID:8444
- C:\Windows\System\PdzWCFR.exe
  C:\Windows\System\PdzWCFR.exe
  2⤵
  PID:8460
- C:\Windows\System\MRuXeaU.exe
  C:\Windows\System\MRuXeaU.exe
  2⤵
  PID:8476
- C:\Windows\System\SEIKScg.exe
  C:\Windows\System\SEIKScg.exe
  2⤵
  PID:8492
- C:\Windows\System\YBKBdrF.exe
  C:\Windows\System\YBKBdrF.exe
  2⤵
  PID:8508
- C:\Windows\System\UvcVMgc.exe
  C:\Windows\System\UvcVMgc.exe
  2⤵
  PID:8524
- C:\Windows\System\wEGDnls.exe
  C:\Windows\System\wEGDnls.exe
  2⤵
  PID:8540
- C:\Windows\System\MzjGshe.exe
  C:\Windows\System\MzjGshe.exe
  2⤵
  PID:8556
- C:\Windows\System\iJRgAvH.exe
  C:\Windows\System\iJRgAvH.exe
  2⤵
  PID:8572
- C:\Windows\System\NlTZXpX.exe
  C:\Windows\System\NlTZXpX.exe
  2⤵
  PID:8588
- C:\Windows\System\MZuWtdS.exe
  C:\Windows\System\MZuWtdS.exe
  2⤵
  PID:8604
- C:\Windows\System\TvrvMZw.exe
  C:\Windows\System\TvrvMZw.exe
  2⤵
  PID:8620
- C:\Windows\System\LHCHeuk.exe
  C:\Windows\System\LHCHeuk.exe
  2⤵
  PID:8636
- C:\Windows\System\KCReUqT.exe
  C:\Windows\System\KCReUqT.exe
  2⤵
  PID:8652
- C:\Windows\System\LKxqNQv.exe
  C:\Windows\System\LKxqNQv.exe
  2⤵
  PID:8668
- C:\Windows\System\cjiVZBx.exe
  C:\Windows\System\cjiVZBx.exe
  2⤵
  PID:8684
- C:\Windows\System\orVLVhl.exe
  C:\Windows\System\orVLVhl.exe
  2⤵
  PID:8700
- C:\Windows\System\hdNhlJk.exe
  C:\Windows\System\hdNhlJk.exe
  2⤵
  PID:8716
- C:\Windows\System\GeOAIvX.exe
  C:\Windows\System\GeOAIvX.exe
  2⤵
  PID:8732
- C:\Windows\System\LHpeNCn.exe
  C:\Windows\System\LHpeNCn.exe
  2⤵
  PID:8748
- C:\Windows\System\FtjktKn.exe
  C:\Windows\System\FtjktKn.exe
  2⤵
  PID:8764
- C:\Windows\System\obWXqkZ.exe
  C:\Windows\System\obWXqkZ.exe
  2⤵
  PID:8780
- C:\Windows\System\jSGcTvI.exe
  C:\Windows\System\jSGcTvI.exe
  2⤵
  PID:8796
- C:\Windows\System\Jzdhwcr.exe
  C:\Windows\System\Jzdhwcr.exe
  2⤵
  PID:8812
- C:\Windows\System\luisOcQ.exe
  C:\Windows\System\luisOcQ.exe
  2⤵
  PID:8828
- C:\Windows\System\FrPtlya.exe
  C:\Windows\System\FrPtlya.exe
  2⤵
  PID:8844
- C:\Windows\System\NriOKPh.exe
  C:\Windows\System\NriOKPh.exe
  2⤵
  PID:8860
- C:\Windows\System\sBKmndN.exe
  C:\Windows\System\sBKmndN.exe
  2⤵
  PID:8876
- C:\Windows\System\xIYlvxQ.exe
  C:\Windows\System\xIYlvxQ.exe
  2⤵
  PID:8892
- C:\Windows\System\HCqLEJJ.exe
  C:\Windows\System\HCqLEJJ.exe
  2⤵
  PID:8908
- C:\Windows\System\XtZFglh.exe
  C:\Windows\System\XtZFglh.exe
  2⤵
  PID:8924
- C:\Windows\System\EFCYqGS.exe
  C:\Windows\System\EFCYqGS.exe
  2⤵
  PID:8940
- C:\Windows\System\TwCIXiQ.exe
  C:\Windows\System\TwCIXiQ.exe
  2⤵
  PID:8956
- C:\Windows\System\gfERFUj.exe
  C:\Windows\System\gfERFUj.exe
  2⤵
  PID:8976
- C:\Windows\System\VGGAfIT.exe
  C:\Windows\System\VGGAfIT.exe
  2⤵
  PID:8992
- C:\Windows\System\yEyWcdu.exe
  C:\Windows\System\yEyWcdu.exe
  2⤵
  PID:9008
- C:\Windows\System\HaaanFt.exe
  C:\Windows\System\HaaanFt.exe
  2⤵
  PID:9024
- C:\Windows\System\FPywIip.exe
  C:\Windows\System\FPywIip.exe
  2⤵
  PID:9040
- C:\Windows\System\QUOUKMC.exe
  C:\Windows\System\QUOUKMC.exe
  2⤵
  PID:9056
- C:\Windows\System\nrHtNeO.exe
  C:\Windows\System\nrHtNeO.exe
  2⤵
  PID:9072
- C:\Windows\System\JDwwzPb.exe
  C:\Windows\System\JDwwzPb.exe
  2⤵
  PID:9088
- C:\Windows\System\MsQWHvO.exe
  C:\Windows\System\MsQWHvO.exe
  2⤵
  PID:9104
- C:\Windows\System\XBaFaYg.exe
  C:\Windows\System\XBaFaYg.exe
  2⤵
  PID:9120
- C:\Windows\System\zvXjbqB.exe
  C:\Windows\System\zvXjbqB.exe
  2⤵
  PID:9136
- C:\Windows\System\XorYtYO.exe
  C:\Windows\System\XorYtYO.exe
  2⤵
  PID:9152
- C:\Windows\System\sUOUHfV.exe
  C:\Windows\System\sUOUHfV.exe
  2⤵
  PID:9168
- C:\Windows\System\UdhnlJE.exe
  C:\Windows\System\UdhnlJE.exe
  2⤵
  PID:9184
- C:\Windows\System\SZkTRLI.exe
  C:\Windows\System\SZkTRLI.exe
  2⤵
  PID:9200
- C:\Windows\System\rFYlRAo.exe
  C:\Windows\System\rFYlRAo.exe
  2⤵
  PID:7864
- C:\Windows\System\FnAQxlE.exe
  C:\Windows\System\FnAQxlE.exe
  2⤵
  PID:7444
- C:\Windows\System\NkMJeMJ.exe
  C:\Windows\System\NkMJeMJ.exe
  2⤵
  PID:8092
- C:\Windows\System\AYdxxke.exe
  C:\Windows\System\AYdxxke.exe
  2⤵
  PID:8228
- C:\Windows\System\edIVZNd.exe
  C:\Windows\System\edIVZNd.exe
  2⤵
  PID:8292
- C:\Windows\System\lAthEcX.exe
  C:\Windows\System\lAthEcX.exe
  2⤵
  PID:8328
- C:\Windows\System\zjxGkYA.exe
  C:\Windows\System\zjxGkYA.exe
  2⤵
  PID:8248
- C:\Windows\System\kqgzYJP.exe
  C:\Windows\System\kqgzYJP.exe
  2⤵
  PID:8312
- C:\Windows\System\NlNNEtJ.exe
  C:\Windows\System\NlNNEtJ.exe
  2⤵
  PID:8372
- C:\Windows\System\MIftQAI.exe
  C:\Windows\System\MIftQAI.exe
  2⤵
  PID:8420
- C:\Windows\System\HoaofLy.exe
  C:\Windows\System\HoaofLy.exe
  2⤵
  PID:8484
- C:\Windows\System\dEPOVBw.exe
  C:\Windows\System\dEPOVBw.exe
  2⤵
  PID:8548
- C:\Windows\System\HzyHiZb.exe
  C:\Windows\System\HzyHiZb.exe
  2⤵
  PID:8584
- C:\Windows\System\zzGtTda.exe
  C:\Windows\System\zzGtTda.exe
  2⤵
  PID:8676
- C:\Windows\System\rxCPAlD.exe
  C:\Windows\System\rxCPAlD.exe
  2⤵
  PID:8408
- C:\Windows\System\cyMYWTC.exe
  C:\Windows\System\cyMYWTC.exe
  2⤵
  PID:8468
- C:\Windows\System\fYXPGGR.exe
  C:\Windows\System\fYXPGGR.exe
  2⤵
  PID:8536
- C:\Windows\System\weimIbT.exe
  C:\Windows\System\weimIbT.exe
  2⤵
  PID:8600
- C:\Windows\System\MGALHZg.exe
  C:\Windows\System\MGALHZg.exe
  2⤵
  PID:8664
- C:\Windows\System\jBaHbIS.exe
  C:\Windows\System\jBaHbIS.exe
  2⤵
  PID:8740
- C:\Windows\System\upsVTXQ.exe
  C:\Windows\System\upsVTXQ.exe
  2⤵
  PID:8804
- C:\Windows\System\qiWuRZz.exe
  C:\Windows\System\qiWuRZz.exe
  2⤵
  PID:8724
- C:\Windows\System\FSccipZ.exe
  C:\Windows\System\FSccipZ.exe
  2⤵
  PID:8760
- C:\Windows\System\NTAJfLZ.exe
  C:\Windows\System\NTAJfLZ.exe
  2⤵
  PID:8824
- C:\Windows\System\koYlevs.exe
  C:\Windows\System\koYlevs.exe
  2⤵
  PID:8904
- C:\Windows\System\wJoPxrA.exe
  C:\Windows\System\wJoPxrA.exe
  2⤵
  PID:8968
- C:\Windows\System\ErjvdiR.exe
  C:\Windows\System\ErjvdiR.exe
  2⤵
  PID:8916
- C:\Windows\System\cDMiadY.exe
  C:\Windows\System\cDMiadY.exe
  2⤵
  PID:8948
- C:\Windows\System\zvNCwFl.exe
  C:\Windows\System\zvNCwFl.exe
  2⤵
  PID:9004
- C:\Windows\System\QABGsnu.exe
  C:\Windows\System\QABGsnu.exe
  2⤵
  PID:9068
- C:\Windows\System\UjsTewN.exe
  C:\Windows\System\UjsTewN.exe
  2⤵
  PID:9100
- C:\Windows\System\GflpATH.exe
  C:\Windows\System\GflpATH.exe
  2⤵
  PID:9160
- C:\Windows\System\oPDUPKD.exe
  C:\Windows\System\oPDUPKD.exe
  2⤵
  PID:7944
- C:\Windows\System\oZWgloB.exe
  C:\Windows\System\oZWgloB.exe
  2⤵
  PID:8324
- C:\Windows\System\cBDhQOT.exe
  C:\Windows\System\cBDhQOT.exe
  2⤵
  PID:9112
- C:\Windows\System\ZbRHJgL.exe
  C:\Windows\System\ZbRHJgL.exe
  2⤵
  PID:9208
- C:\Windows\System\vKdRUXo.exe
  C:\Windows\System\vKdRUXo.exe
  2⤵
  PID:8232
- C:\Windows\System\LPuJkkI.exe
  C:\Windows\System\LPuJkkI.exe
  2⤵
  PID:7576
- C:\Windows\System\RkDUoAF.exe
  C:\Windows\System\RkDUoAF.exe
  2⤵
  PID:8308
- C:\Windows\System\hEWoyEv.exe
  C:\Windows\System\hEWoyEv.exe
  2⤵
  PID:8488
- C:\Windows\System\KYjfLEN.exe
  C:\Windows\System\KYjfLEN.exe
  2⤵
  PID:8356
- C:\Windows\System\iffjKqv.exe
  C:\Windows\System\iffjKqv.exe
  2⤵
  PID:8452
- C:\Windows\System\EfrKJRE.exe
  C:\Windows\System\EfrKJRE.exe
  2⤵
  PID:8696
- C:\Windows\System\gjvHJBu.exe
  C:\Windows\System\gjvHJBu.exe
  2⤵
  PID:8840
- C:\Windows\System\nhrozLB.exe
  C:\Windows\System\nhrozLB.exe
  2⤵
  PID:8504
- C:\Windows\System\PGGRiyL.exe
  C:\Windows\System\PGGRiyL.exe
  2⤵
  PID:8776
- C:\Windows\System\rxEeAQD.exe
  C:\Windows\System\rxEeAQD.exe
  2⤵
  PID:8852
- C:\Windows\System\RInXHxH.exe
  C:\Windows\System\RInXHxH.exe
  2⤵
  PID:8936
- C:\Windows\System\cAymyHU.exe
  C:\Windows\System\cAymyHU.exe
  2⤵
  PID:9000
- C:\Windows\System\yQHqlex.exe
  C:\Windows\System\yQHqlex.exe
  2⤵
  PID:9132
- C:\Windows\System\fYdiodN.exe
  C:\Windows\System\fYdiodN.exe
  2⤵
  PID:9196
- C:\Windows\System\WetJHHO.exe
  C:\Windows\System\WetJHHO.exe
  2⤵
  PID:9048
- C:\Windows\System\WfLekWa.exe
  C:\Windows\System\WfLekWa.exe
  2⤵
  PID:9180
- C:\Windows\System\zNvYvPM.exe
  C:\Windows\System\zNvYvPM.exe
  2⤵
  PID:8276
- C:\Windows\System\uzUSnuH.exe
  C:\Windows\System\uzUSnuH.exe
  2⤵
  PID:8388
- C:\Windows\System\DNmCEKc.exe
  C:\Windows\System\DNmCEKc.exe
  2⤵
  PID:8580
- C:\Windows\System\iQrqxJu.exe
  C:\Windows\System\iQrqxJu.exe
  2⤵
  PID:8708
- C:\Windows\System\KWDGqMJ.exe
  C:\Windows\System\KWDGqMJ.exe
  2⤵
  PID:8180
- C:\Windows\System\KKeSjJi.exe
  C:\Windows\System\KKeSjJi.exe
  2⤵
  PID:8972
- C:\Windows\System\kqyJCJZ.exe
  C:\Windows\System\kqyJCJZ.exe
  2⤵
  PID:8660
- C:\Windows\System\qHrdfey.exe
  C:\Windows\System\qHrdfey.exe
  2⤵
  PID:9016
- C:\Windows\System\lHvpubW.exe
  C:\Windows\System\lHvpubW.exe
  2⤵
  PID:9144
- C:\Windows\System\ErebKcu.exe
  C:\Windows\System\ErebKcu.exe
  2⤵
  PID:8596
- C:\Windows\System\uFuAueS.exe
  C:\Windows\System\uFuAueS.exe
  2⤵
  PID:9064
- C:\Windows\System\zbFKAZJ.exe
  C:\Windows\System\zbFKAZJ.exe
  2⤵
  PID:9052
- C:\Windows\System\hPtEkGS.exe
  C:\Windows\System\hPtEkGS.exe
  2⤵
  PID:8772
- C:\Windows\System\BwHomdP.exe
  C:\Windows\System\BwHomdP.exe
  2⤵
  PID:8756
- C:\Windows\System\gmxHZNw.exe
  C:\Windows\System\gmxHZNw.exe
  2⤵
  PID:9224
- C:\Windows\System\aTWyJPj.exe
  C:\Windows\System\aTWyJPj.exe
  2⤵
  PID:9240
- C:\Windows\System\AfbucoB.exe
  C:\Windows\System\AfbucoB.exe
  2⤵
  PID:9256
- C:\Windows\System\mBSvjPS.exe
  C:\Windows\System\mBSvjPS.exe
  2⤵
  PID:9272
- C:\Windows\System\PNOdiIJ.exe
  C:\Windows\System\PNOdiIJ.exe
  2⤵
  PID:9288
- C:\Windows\System\YfYBknA.exe
  C:\Windows\System\YfYBknA.exe
  2⤵
  PID:9304
- C:\Windows\System\RDtKtMg.exe
  C:\Windows\System\RDtKtMg.exe
  2⤵
  PID:9320
- C:\Windows\System\dbenopx.exe
  C:\Windows\System\dbenopx.exe
  2⤵
  PID:9336
- C:\Windows\System\NFTDztZ.exe
  C:\Windows\System\NFTDztZ.exe
  2⤵
  PID:9352
- C:\Windows\System\xCjwLKT.exe
  C:\Windows\System\xCjwLKT.exe
  2⤵
  PID:9368
- C:\Windows\System\qfKcZsy.exe
  C:\Windows\System\qfKcZsy.exe
  2⤵
  PID:9384
- C:\Windows\System\CjHbxqZ.exe
  C:\Windows\System\CjHbxqZ.exe
  2⤵
  PID:9400
- C:\Windows\System\GpZgdbn.exe
  C:\Windows\System\GpZgdbn.exe
  2⤵
  PID:9416
- C:\Windows\System\ojTBnap.exe
  C:\Windows\System\ojTBnap.exe
  2⤵
  PID:9432
- C:\Windows\System\EQJMPmy.exe
  C:\Windows\System\EQJMPmy.exe
  2⤵
  PID:9448
- C:\Windows\System\UNwarFg.exe
  C:\Windows\System\UNwarFg.exe
  2⤵
  PID:9464
- C:\Windows\System\pcLvBhc.exe
  C:\Windows\System\pcLvBhc.exe
  2⤵
  PID:9480
- C:\Windows\System\LuUSyKV.exe
  C:\Windows\System\LuUSyKV.exe
  2⤵
  PID:9496
- C:\Windows\System\hjthZyL.exe
  C:\Windows\System\hjthZyL.exe
  2⤵
  PID:9512
- C:\Windows\System\UByipLA.exe
  C:\Windows\System\UByipLA.exe
  2⤵
  PID:9528
- C:\Windows\System\Rckxyux.exe
  C:\Windows\System\Rckxyux.exe
  2⤵
  PID:9544
- C:\Windows\System\jmjOAwF.exe
  C:\Windows\System\jmjOAwF.exe
  2⤵
  PID:9560
- C:\Windows\System\xOFBUvO.exe
  C:\Windows\System\xOFBUvO.exe
  2⤵
  PID:9576
- C:\Windows\System\zKFavDU.exe
  C:\Windows\System\zKFavDU.exe
  2⤵
  PID:9592
- C:\Windows\System\xAeomIE.exe
  C:\Windows\System\xAeomIE.exe
  2⤵
  PID:9608
- C:\Windows\System\xQXaKCo.exe
  C:\Windows\System\xQXaKCo.exe
  2⤵
  PID:9624
- C:\Windows\System\jMLUmpY.exe
  C:\Windows\System\jMLUmpY.exe
  2⤵
  PID:9640
- C:\Windows\System\HzPisll.exe
  C:\Windows\System\HzPisll.exe
  2⤵
  PID:9656
- C:\Windows\System\QHzaTPe.exe
  C:\Windows\System\QHzaTPe.exe
  2⤵
  PID:9672
- C:\Windows\System\MJbtkYw.exe
  C:\Windows\System\MJbtkYw.exe
  2⤵
  PID:9688
- C:\Windows\System\NNslSNQ.exe
  C:\Windows\System\NNslSNQ.exe
  2⤵
  PID:9704
- C:\Windows\System\StTyrNP.exe
  C:\Windows\System\StTyrNP.exe
  2⤵
  PID:9720
- C:\Windows\System\SGqPduC.exe
  C:\Windows\System\SGqPduC.exe
  2⤵
  PID:9736
- C:\Windows\System\cbfDzhG.exe
  C:\Windows\System\cbfDzhG.exe
  2⤵
  PID:9752
- C:\Windows\System\PJMpmEO.exe
  C:\Windows\System\PJMpmEO.exe
  2⤵
  PID:9768
- C:\Windows\System\CmgOFoT.exe
  C:\Windows\System\CmgOFoT.exe
  2⤵
  PID:9784
- C:\Windows\System\cBCYMCI.exe
  C:\Windows\System\cBCYMCI.exe
  2⤵
  PID:9800
- C:\Windows\System\vfeFnpC.exe
  C:\Windows\System\vfeFnpC.exe
  2⤵
  PID:9816
- C:\Windows\System\WsUyAtp.exe
  C:\Windows\System\WsUyAtp.exe
  2⤵
  PID:9832
- C:\Windows\System\nCyYjbw.exe
  C:\Windows\System\nCyYjbw.exe
  2⤵
  PID:9848
- C:\Windows\System\YrGwBSH.exe
  C:\Windows\System\YrGwBSH.exe
  2⤵
  PID:9864
- C:\Windows\System\wWuoNWw.exe
  C:\Windows\System\wWuoNWw.exe
  2⤵
  PID:9880
- C:\Windows\System\YzfdHHK.exe
  C:\Windows\System\YzfdHHK.exe
  2⤵
  PID:9896
- C:\Windows\System\xuHFNIE.exe
  C:\Windows\System\xuHFNIE.exe
  2⤵
  PID:9912
- C:\Windows\System\ondbIGK.exe
  C:\Windows\System\ondbIGK.exe
  2⤵
  PID:9928
- C:\Windows\System\JeUztPY.exe
  C:\Windows\System\JeUztPY.exe
  2⤵
  PID:9944
- C:\Windows\System\vddgrba.exe
  C:\Windows\System\vddgrba.exe
  2⤵
  PID:9960
- C:\Windows\System\ywWPAnC.exe
  C:\Windows\System\ywWPAnC.exe
  2⤵
  PID:9976
- C:\Windows\System\uDeWVVR.exe
  C:\Windows\System\uDeWVVR.exe
  2⤵
  PID:9992
- C:\Windows\System\lLYHxmn.exe
  C:\Windows\System\lLYHxmn.exe
  2⤵
  PID:10008
- C:\Windows\System\GJQvsQj.exe
  C:\Windows\System\GJQvsQj.exe
  2⤵
  PID:10028
- C:\Windows\System\WtBxMdL.exe
  C:\Windows\System\WtBxMdL.exe
  2⤵
  PID:10044
- C:\Windows\System\nkkNvpY.exe
  C:\Windows\System\nkkNvpY.exe
  2⤵
  PID:10060
- C:\Windows\System\IHUwaLN.exe
  C:\Windows\System\IHUwaLN.exe
  2⤵
  PID:10076
- C:\Windows\System\alFYlfe.exe
  C:\Windows\System\alFYlfe.exe
  2⤵
  PID:10092
- C:\Windows\System\PREFGmt.exe
  C:\Windows\System\PREFGmt.exe
  2⤵
  PID:10108
- C:\Windows\System\FSjfURU.exe
  C:\Windows\System\FSjfURU.exe
  2⤵
  PID:10128
- C:\Windows\System\YyITBqH.exe
  C:\Windows\System\YyITBqH.exe
  2⤵
  PID:10144
- C:\Windows\System\iRylwCK.exe
  C:\Windows\System\iRylwCK.exe
  2⤵
  PID:10160
- C:\Windows\System\zWfQgRY.exe
  C:\Windows\System\zWfQgRY.exe
  2⤵
  PID:10176
- C:\Windows\System\hdBpjTC.exe
  C:\Windows\System\hdBpjTC.exe
  2⤵
  PID:10192
- C:\Windows\System\AoUpqPa.exe
  C:\Windows\System\AoUpqPa.exe
  2⤵
  PID:10212
- C:\Windows\System\EseJrAu.exe
  C:\Windows\System\EseJrAu.exe
  2⤵
  PID:10228
- C:\Windows\System\qRDrcao.exe
  C:\Windows\System\qRDrcao.exe
  2⤵
  PID:7428
- C:\Windows\System\MqoBcVh.exe
  C:\Windows\System\MqoBcVh.exe
  2⤵
  PID:9252
- C:\Windows\System\kYsdPyy.exe
  C:\Windows\System\kYsdPyy.exe
  2⤵
  PID:9280
- C:\Windows\System\MYrqPUj.exe
  C:\Windows\System\MYrqPUj.exe
  2⤵
  PID:9316
- C:\Windows\System\UOqNvoE.exe
  C:\Windows\System\UOqNvoE.exe
  2⤵
  PID:9348
- C:\Windows\System\VUAHolh.exe
  C:\Windows\System\VUAHolh.exe
  2⤵
  PID:9300
- C:\Windows\System\cochfBH.exe
  C:\Windows\System\cochfBH.exe
  2⤵
  PID:9380
- C:\Windows\System\wuQbwSp.exe
  C:\Windows\System\wuQbwSp.exe
  2⤵
  PID:9396
- C:\Windows\System\ZoABnro.exe
  C:\Windows\System\ZoABnro.exe
  2⤵
  PID:9460
- C:\Windows\System\KgsLpaZ.exe
  C:\Windows\System\KgsLpaZ.exe
  2⤵
  PID:9492
- C:\Windows\System\lxLnZQN.exe
  C:\Windows\System\lxLnZQN.exe
  2⤵
  PID:9472
- C:\Windows\System\RWoClUe.exe
  C:\Windows\System\RWoClUe.exe
  2⤵
  PID:9568
- C:\Windows\System\vWQJSqk.exe
  C:\Windows\System\vWQJSqk.exe
  2⤵
  PID:9444
- C:\Windows\System\WoSpoWz.exe
  C:\Windows\System\WoSpoWz.exe
  2⤵
  PID:9632
- C:\Windows\System\CREFnjF.exe
  C:\Windows\System\CREFnjF.exe
  2⤵
  PID:9700
- C:\Windows\System\bVHKjYX.exe
  C:\Windows\System\bVHKjYX.exe
  2⤵
  PID:9760
- C:\Windows\System\dPuQugf.exe
  C:\Windows\System\dPuQugf.exe
  2⤵
  PID:9684
- C:\Windows\System\jmsqLJt.exe
  C:\Windows\System\jmsqLJt.exe
  2⤵
  PID:9652
- C:\Windows\System\TaZIdvU.exe
  C:\Windows\System\TaZIdvU.exe
  2⤵
  PID:9712
- C:\Windows\System\AzhUrwp.exe
  C:\Windows\System\AzhUrwp.exe
  2⤵
  PID:9796
- C:\Windows\System\ZgfVxgM.exe
  C:\Windows\System\ZgfVxgM.exe
  2⤵
  PID:9924
- C:\Windows\System\YVguVzE.exe
  C:\Windows\System\YVguVzE.exe
  2⤵
  PID:9892
- C:\Windows\System\rmxtTAe.exe
  C:\Windows\System\rmxtTAe.exe
  2⤵
  PID:9808
- C:\Windows\System\RHlZUFd.exe
  C:\Windows\System\RHlZUFd.exe
  2⤵
  PID:9988
- C:\Windows\System\EEldAcS.exe
  C:\Windows\System\EEldAcS.exe
  2⤵
  PID:9876
- C:\Windows\System\uIOpdAP.exe
  C:\Windows\System\uIOpdAP.exe
  2⤵
  PID:10000
- C:\Windows\System\aRNXxxk.exe
  C:\Windows\System\aRNXxxk.exe
  2⤵
  PID:10052
- C:\Windows\System\iSTyryq.exe
  C:\Windows\System\iSTyryq.exe
  2⤵
  PID:10036
- C:\Windows\System\ZgqCTNT.exe
  C:\Windows\System\ZgqCTNT.exe
  2⤵
  PID:10072
- C:\Windows\System\kDqRWpv.exe
  C:\Windows\System\kDqRWpv.exe
  2⤵
  PID:10136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BnZsmGL.exe

Filesize
6.0MB

MD5
64c4c7da3d6f652307a21b90b449e7bb

SHA1
7a708c56580b86fa68bea59e81da42360a5f39ff

SHA256
4b355822814be5380b9e411a5ed2ee7cbbada422e40545c317937ca3d55f7f6e

SHA512
9617a7583218d54712b7807688d16c88e8c8f80ede58c3ca7570c863d89016d0d642314f32bf465e5553419ce29dc0103775624ba41480b89e441d479084fd48

Download Submit
C:\Windows\system\DryUVCi.exe

Filesize
6.0MB

MD5
02b07624499dad675f81c831df7fb831

SHA1
78387cdbca694676c9b99542b08a420852795a17

SHA256
badda451e4f52a61bda51a062e44ddc8cbb437f5a8de10ee2fb8b0a763c778bd

SHA512
1bbbf58c3b841a493911bedd2a24d82173efeb0b148227da565ff67614f5fb95b9025ec7999d7e20c69778c4115596c46dcb8cf4f09134af798f0bf9ba421ec6

Download Submit
C:\Windows\system\HtfSbro.exe

Filesize
6.0MB

MD5
baca7ddefa6ddc58a1b420b910d7097e

SHA1
d63813922fe21b3389bbca9d9fd5b00caf03a045

SHA256
236372f3582147f6ca3fb4ea279cbff7ef175fb06d3225bd87423aa2a0dc3e25

SHA512
8338f6becc3ad22dc050a09bfc735f72025d881de54cc14364f9c8104f972541cef621fb6f5414579175684ed5e1393f415240b4832a141f588fb1fe9de16912

Download Submit
C:\Windows\system\MNCSsjk.exe

Filesize
6.0MB

MD5
02695abdddebdbc351c3f36303ba6308

SHA1
12b9d1a6b1ad576cfefd1b177a410402058d908d

SHA256
7245efe414c680b1c389228c304b9e7cae566e44406104e8020ea48a88f51ec8

SHA512
555230d55299417d93262521c7e5f42516dd4a48d33e93193e227433b62d34bd6faee89872251b77fe2690545f50cb344587af6b60aec45ee8ac68ff7c3e6c20

Download Submit
C:\Windows\system\MVYoviv.exe

Filesize
6.0MB

MD5
7d9a0ea018f413ac8496229ea7151bc8

SHA1
460d1994f2c18b2e0e49703412332e304dc05002

SHA256
675efbf0123defe52a39dad8e356d8870028752542d570d9deef9c859c7b658f

SHA512
facc7bb8ee68f4b3cc67b9604a8f29756f85deb744158785d5219c5d74fe7f8daf044702a4b192015e72e1b22f71c7c82744636393b847894c566dbe2af3cc8f

Download Submit
C:\Windows\system\MmRFjsP.exe

Filesize
6.0MB

MD5
18caf50d7ce61824f0fcdd7e07a7214b

SHA1
a6128eb84849d1bc442c767b09a113a93876b827

SHA256
c3ff64978ea1fa64a971dc22a0f3e3f9375bf47d32589eb2204993102d964300

SHA512
397b6213988fc65b3751bac730441a322d453140743f97706101ebc7e4142e1647ebe220ece99dcc3f3515ffd2deb6939ec61998fd24d01cf497bc3dc7f75840

Download Submit
C:\Windows\system\OihIofc.exe

Filesize
6.0MB

MD5
167d3143890c30ad3ac5f9a7a5a3efd7

SHA1
306fff8e1b18150a6d3893ef83538f08670047af

SHA256
0e3feaf962cedfd2a8a61b2c50e355fa1ad1718a2968beb44e0119a0f4dd9d29

SHA512
006f1df73ea14116be72f026779743c3aa950eb06980a467d66dae0eae5f2fedda0b7ab1d2a72e88cbd30c219200572bb956d099611469ef66fe70c86cc26750

Download Submit
C:\Windows\system\PtXlHfw.exe

Filesize
6.0MB

MD5
f5715ba17bcba7531da606cd6d28ce53

SHA1
048fc9c709fbd57b6647534142dc7069ad186ddb

SHA256
dc0fa1e88f8e6cf419dc0ba5ac1b72fa2e7a7263189dae7055cecb4bf6b8c4b4

SHA512
f929274e7a6e94bd5d29148873d25c515a336d2fd108d817c4a3bcae5df787b424165739f416abf9644fee5b546676fb76de6fb0dbe218d0fba39e7cf114b831

Download Submit
C:\Windows\system\TVgIRbs.exe

Filesize
6.0MB

MD5
8202dd8041716aa0c775a7ce138d801f

SHA1
117cc6d6ee128b965c2ac31bcf98d390b029d450

SHA256
a30eb90cc91bb20cb925b14ff375685ef4f4c874fcfdfd870c0338b535c6463b

SHA512
806bc3f42095085261e737a63df28a247b6980c2bf6949b049e89aeb4973d9dc39a183cbbcb95e0cb7f28aa708a818bf2580cb5bb8a42b8e2dad89e2198c2df5

Download Submit
C:\Windows\system\Yvlbajn.exe

Filesize
6.0MB

MD5
2d16914eaae46b9765c84bd17dacc134

SHA1
52a02de1bbd6ded8881585913ffe7a5acaa08189

SHA256
a7ce11b50eeee815aeb9c9df722a05992c680116559159cf49e8e45802aeb068

SHA512
6e07bbe71a82121167894928edf2a8ff9170b8151178bc78d71a386d36f97613c765e224e2a027b9c26f573238a1cea11a28197e5bffb4c0fe96a5e38cbff530

Download Submit
C:\Windows\system\ZNgQcxm.exe

Filesize
6.0MB

MD5
de30dceafbb0b6531d7ce27c99eccf74

SHA1
73841377012bc8db39679698fb59aff62bb349c7

SHA256
4b3e3baa4161eec7fa1ae3935331c26cd1f0f9dbc060ecc27f93b4bd2ab8966e

SHA512
282c6cdd979c7b1eb5a0c4bafd739c4be491f25bf9c7776ef76dcf53d3f67602c1f8d3aec7c98b262635e975b97c1d0c4cba7d4eaaf5d7368a3741652c7bc32f

Download Submit
C:\Windows\system\apXVGdJ.exe

Filesize
6.0MB

MD5
c7e61adf5f89ef97a1790c96cba69d51

SHA1
abbd7c4397fe1ad87df0d78ba40c4bad866c6619

SHA256
7b9df3ea8fca897f143149a60f0874a3d64ae4f4ebfae481eaefa6ef3990c7e8

SHA512
3de7154fa60e197becf61f8b5a81b9601ad61cf142e4902e1e11ec13479cf0e7b8ba6527d1c2d7e98dbf3ae551e62b1852eb7c57085dcc087e9dd36adcc474c2

Download Submit
C:\Windows\system\bTusKjH.exe

Filesize
6.0MB

MD5
edef3d924b0c806731c398829cad58e0

SHA1
d7e9df0cf27edc38a758b1b069cfc6f89b3005ea

SHA256
cf4b332bfc641dc6f325a06757e7a47e04c2d094aadf1e86dee842ef5d70ec86

SHA512
74f096792886f4b042083972f008b1b85a966feba112d25d53c6aeeba33e1efd667b4b8540452c5cd70c9fcefa8e03d667c0a3d84829d36442eafc54698d9bc0

Download Submit
C:\Windows\system\dinvtZq.exe

Filesize
6.0MB

MD5
e5dbad8bc7e24d538687c1eacb8fe5db

SHA1
523207c663ed596940cf3a60faf99a30a196d9c1

SHA256
5b2757f7f1976ae245f403dd040d95b59b16285591856bd7a215247c88668b8f

SHA512
5db1291ab177b91d2f7ed0d797d19cc64e4e108666acd0bd242996a7cfdc96de0775eeff748816f79d3f53ef024fd453904ecefd4486a1213c79f5f81313b40b

Download Submit
C:\Windows\system\dzSeVGr.exe

Filesize
6.0MB

MD5
54c8055ea01269f1128fd9098710ed30

SHA1
eef3074386f5275eaf1603a66eb7740eecec9eda

SHA256
8e7fd00b7e15b7d88f3b7001cba8eb54f7a4348d4ff07db893648f1115012461

SHA512
1da97931f8a292b5f12785d9a3641cf15b5e026fe4679a90295155919c920bdd17f4aae0b7f55f5c0c1af80166db7285040ca6e41ac6009830ca920acd8ef676

Download Submit
C:\Windows\system\hOJVoyS.exe

Filesize
6.0MB

MD5
f3846a05bae73c206b7c811bdad7920e

SHA1
ee9d83dc08ccc8d182def2e66a45f388be0f8eef

SHA256
47f8748e5c68301eb3a32c1ba3e21150072d66ad5bdc0d4f62b8e0efc7e25276

SHA512
289108cd0557ea4c7bd7b4b56dd0735bf60f0e9728e5ba368eeecd6a2b92f0294cc2849f01e6696ac102fa9aef7f5dad20562c0855dd4252a6129007551f5f29

Download Submit
C:\Windows\system\knJClCq.exe

Filesize
6.0MB

MD5
270f3ca8da3bb862c882ba2cbbd6e9e1

SHA1
458d4c1a2813645f98f9d3253db2ae2e9b003ba7

SHA256
7bc9e731b23e77f4071080dca3605e5573460b95fe2ded2e1c2e4bc85c528409

SHA512
4acd1962f6651d80c6fb0da3f5faa49634d09d8a4ad22518b936158ceddb97b440cb26a1d0242eebeddbd3dc656ba9a74ece3e8d1a2250ea59d0c2c85dcd7199

Download Submit
C:\Windows\system\lfttdJE.exe

Filesize
6.0MB

MD5
ae47d3220669032fefd4e4a187a564bc

SHA1
4d63b85a1c4372e4e615d7d659e98463c823e772

SHA256
f105a75d762fc039185e7380096e35ed276a84f1111de0c7738c346307a935d5

SHA512
3f08463df8d6ca99288206ca4e3bad6e62d0d2a4abec28ed3f20742da629927508b7f0baac1e10669d108413ed4db9eaf5a07ac2dbc396e7831d349097c55fba

Download Submit
C:\Windows\system\mrqLetK.exe

Filesize
6.0MB

MD5
3a5ac7d19f8d2272897715d63ac8d756

SHA1
becd3be71ed4accb8d494ef8b5f1d71ec87be261

SHA256
fc4f9b3d6626af5eab90da5d5f606610c874331b3fba754e8c5995154d7067e1

SHA512
f103d03c34bf1db62e7c47c45cb6a80872ba636495418df3b7969d1ad6387e58b3f6730042b89ef8b2f0cb127854e77e5805848d9411b39556c5d236be5ee948

Download Submit
C:\Windows\system\ojKypiw.exe

Filesize
6.0MB

MD5
2fb613a8fd2cf2693bbe59f762a50749

SHA1
499e28bdfaf5e590fbefdda6e6d6b63aff11e8b5

SHA256
133658ebd56870a8d8e394e3bc72802d3462657b469d2ce70bcca21d7e5b40fa

SHA512
70218d0430ed0ab6930da270b555c9998a3a0a66745abc24476438acde650816729bc6d5995fb4a1e66d3d2ea1b06b4002a6e889540fc07296b11a5273f5f681

Download Submit
C:\Windows\system\rrcZljp.exe

Filesize
6.0MB

MD5
6ecbfc7b4ff372771a32025af2aa3ffe

SHA1
b4c4ec7163faf4aaa42eddb013ccdae296329d8d

SHA256
ffd973faeb416b6d2d52c4f14c29f5a1f7604c851139d1ed997f3062da42f653

SHA512
14adaa77a33593cbdef5c551e6b31637a9197477b471cce3cee6240abd51de7c7f7cad39b52049c4853806fb165c195b80ad440fb727c50f5cc5960de99230a2

Download Submit
C:\Windows\system\vKNXnCp.exe

Filesize
6.0MB

MD5
1fc69aeb373fb887d7c18c530e9309dd

SHA1
f2c6d1c8d0b3f58eac7b8cedab13287d08a3a1b4

SHA256
77d69db2a2dd71b19fd92ef5061d9ab14986b6e39412c1d27790f4e01da856ec

SHA512
564acc7a927cef9d726a826539aaae2a19344e1c67542c6acc4c693c98cd6e4fccf994c8584e61021c365374d89382ff71a8cdff1e0772811fc5d2c61d1f3b4e

Download Submit
C:\Windows\system\xSJRcBR.exe

Filesize
6.0MB

MD5
d2d7a5bfba306fe2cd5eea5effbb60a0

SHA1
144df9e7a8acad00e890d8dc2d3ce59a9db6ea64

SHA256
c038b9e440186410e6724f9c972339ba1ec0d139a1009cefd0f8c83522e8a1fb

SHA512
94893a8d6287a8cf965bacf3dc6aaa889597f035d3e01bc064d6c8e45bb90701fc694172a1df9856de351d5ead44a712c7dc38c29af82ac1f2706769ed6d5681

Download Submit
C:\Windows\system\yUkOLOW.exe

Filesize
6.0MB

MD5
9a7e374f14c554e2f26fd0310c35f31f

SHA1
4821fdd9c52c1174703f3237c55560e5cc526ea0

SHA256
cccca826fc81ac0a19379994e423d83a9b2abab4d30c85a99561d37d938e7ad6

SHA512
c95805c90592de6629ae7ffd244a9ee301f9a054755fbef370caae056d2128e0e55f165780b334926b550752a575a6168c9dc4d476bf209696d0378a59abede2

Download Submit
\Windows\system\EQqUZGd.exe

Filesize
6.0MB

MD5
10b36c66aab723c6482ebc70ff383ab2

SHA1
7dad336141731d63e24e34e26cfd6027d594f78d

SHA256
2a9d5e4fb49250620a86ecb38dd5d1514321b8c6649e851d876526a843c3b4e9

SHA512
5293446576734cd43c46b7c8cb951cb01681cc823dcf47e44aba65191b0ac19b222b794fadbf9a6b38fe84cc35049ff6e019cc8231f7a1203da6a44f97c2f1c2

Download Submit
\Windows\system\EsUCtCR.exe

Filesize
6.0MB

MD5
5433b4f1ae3845a001d44b1b9819d56e

SHA1
d52258574c9de69c7a464906ced9eb2135035b89

SHA256
d16790950129d96ffa22e30703a21d3b8b9ebffef0fd2c203f67ba72060bc113

SHA512
c290981460ff8c2d6f0c9f19328460bb5b9e9cef8dc8c39b048306e4ee44c3cb0cdfd51c596483560518d2c0bd999f46d24b908d93f1ed9c34f2925d2b6ffb86

Download Submit
\Windows\system\cZNLmkX.exe

Filesize
6.0MB

MD5
e5c01202cd37f04a8a006939575d97da

SHA1
36abe01bd1087c3ec2f0c50003892fe92383c6a2

SHA256
217ad9d42b87ed2ef19754967788495a86b0856ff601264790d438d89b383684

SHA512
d9ca1ac9094795ba88d7eb4f3d719745bb0852958ae42750653a93b3419830a27c2cd673ea7898d70f558e1a6c35bebb9d50db6873331597383555d29da05ca4

Download Submit
\Windows\system\itzTlFF.exe

Filesize
6.0MB

MD5
1e49d12761a288e4598b02d9c92bb424

SHA1
6a8206e00b501951f70945c5a87b3ee639993b65

SHA256
2e209b5978b18e1ae014e2e7f59b53c1aa34d3d936178009c6d889272546381f

SHA512
c003a54e40d4a06e89a949e7039465f4dabe67a615e7bd2e60833fb888dfe991d795f66abbdbc3c0dc573ee465923f8f4ad3c92518fe9c4df2438593c6485f95

Download Submit
\Windows\system\rkaEQof.exe

Filesize
6.0MB

MD5
7d94c4dbcae00f6d2d76f9b637281b96

SHA1
98543ad2145deea4c68a748f61cb6a087bf1ad93

SHA256
5401fe5c61adbc7e83e923a5ee7335461262335ba7eb8a0a561c1bd84e2002a3

SHA512
b88ac2ca6085752167dca14ef2a174dd72a1c3056c4665181bd488b6a2263b7041bdd6dce32f0dd703f3a1477526e8d382916299d474a45bb1ea7c32b1b15ee2

Download Submit
\Windows\system\vmIljeI.exe

Filesize
6.0MB

MD5
9a616bbc149d5cdee88aa3a2fecc8691

SHA1
b62c7d4e5a3256423a2da102ba9e6fc4db765340

SHA256
e8864e0f21c5b2efda21996dee8231b3ded6ea3e85f5c3ee6f8a23fae38533d3

SHA512
5474bb73f31df2bc026c2281e1c9b54c2725b9047fc2471c0098133570ea58cc780a5e0e803d10b7b7a36e1607a517c545fb7c159cd51697741fcef250f55a87

Download Submit
\Windows\system\zdEADPH.exe

Filesize
6.0MB

MD5
c76cd30b7707dfc8fdc393a1532bd000

SHA1
5b3b951408db4e61902ed05b0b4696aac87133a6

SHA256
9aede603e5950dd82b918d1e319e1f81e004d6749aa3027188ea8067993b42bb

SHA512
0f5760565c36df8479ba68555c959260ba8ea1dce27ad65115576b64694bf544ebc35200321cef5f5c43f0ce4e5741dc135639da399aa470f3864ab612e0429b

Download Submit
\Windows\system\zgZaOmb.exe

Filesize
6.0MB

MD5
de41ccd461c15c169255b81fa3394c02

SHA1
3a5082a0de6bdff0e40337c74d63b6319fa1b304

SHA256
d98387f0748ba7b0e6eb1839cacd1b9c97320314f9c1dee4377492d365491373

SHA512
0a44f84153cf54adf8837952f87a24f252f623b523386c52b7864100549e90983b528aead2226d528b26043332605c8044211fd0df241deeca19a9070ad5b7ec

Download Submit
memory/1276-3753-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/1276-90-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/1276-415-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/1884-87-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/1884-412-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/1884-3874-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2272-34-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2272-19-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2272-32-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2272-116-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2272-94-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2272-105-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2272-109-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2272-110-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2272-1-0x0000000000100000-0x0000000000110000-memory.dmp

Filesize
64KB

Download
memory/2272-54-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2272-409-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2272-0-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2272-85-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2272-35-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2272-416-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2272-17-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2272-66-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2272-59-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2272-46-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2272-24-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2560-47-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2560-3628-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2560-259-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2580-3615-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-41-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-164-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-3590-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-36-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-117-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-411-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2636-86-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2636-3875-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2684-3585-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2684-30-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2784-33-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-3594-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-3640-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2820-20-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2880-88-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2880-413-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2880-3757-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2928-414-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2928-3758-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2928-89-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2948-40-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2948-163-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2948-4126-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/3032-60-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/3032-3749-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/3032-410-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download