cobaltstrike | 67fdb89e5b18cf11452a538df2b1e939a43ca26c960116d78361d445d5a03544

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-12-2024 04:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

df1eae127bcaff31be9ae66ec3416a09
SHA1

6f20973d2370fe4d9910660191fdb2fa06e83e97
SHA256

67fdb89e5b18cf11452a538df2b1e939a43ca26c960116d78361d445d5a03544
SHA512

0290920f8fdcad03e5ced810582c83a227058a69d972b247c97375ccc3f5a8e65c028bf19d4f2d4e43e33531d2d80710edc5a8322557e5a983238213ea5e581d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUz:T+q56utgpPF8u/7z

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0009000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001878c-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018bf3-11.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001922c-21.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019261-30.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001926a-35.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019279-39.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952f-58.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-71.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-91.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-104.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-108.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-128.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018731-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-97.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e6-78.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957e-77.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c54-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c58-182.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962b-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c56-176.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000199b9-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001970b-172.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196c0-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001963b-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001967f-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-132.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194fc-56.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019506-51.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000192a9-43.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2112-0-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/files/0x0009000000012117-6.dat	xmrig
behavioral1/files/0x000700000001878c-12.dat	xmrig
behavioral1/memory/2920-14-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/files/0x0008000000018bf3-11.dat	xmrig
behavioral1/memory/2388-15-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/files/0x000700000001922c-21.dat	xmrig
behavioral1/memory/2128-26-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/864-31-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/files/0x0006000000019261-30.dat	xmrig
behavioral1/files/0x000600000001926a-35.dat	xmrig
behavioral1/files/0x0006000000019279-39.dat	xmrig
behavioral1/files/0x000500000001952f-58.dat	xmrig
behavioral1/files/0x00050000000195a7-71.dat	xmrig
behavioral1/files/0x000500000001961f-91.dat	xmrig
behavioral1/memory/2676-103-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2112-107-0x0000000002300000-0x0000000002654000-memory.dmp	xmrig
behavioral1/files/0x0005000000019621-104.dat	xmrig
behavioral1/memory/2764-90-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/files/0x0005000000019622-108.dat	xmrig
behavioral1/memory/2808-102-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x0005000000019623-117.dat	xmrig
behavioral1/files/0x0005000000019625-128.dat	xmrig
behavioral1/files/0x0007000000018731-125.dat	xmrig
behavioral1/files/0x000500000001961d-97.dat	xmrig
behavioral1/memory/2112-96-0x0000000002300000-0x0000000002654000-memory.dmp	xmrig
behavioral1/memory/3024-95-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2656-92-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2772-85-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2112-82-0x0000000002300000-0x0000000002654000-memory.dmp	xmrig
behavioral1/memory/2756-79-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195e6-78.dat	xmrig
behavioral1/files/0x000500000001957e-77.dat	xmrig
behavioral1/memory/2704-68-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/files/0x0005000000019629-134.dat	xmrig
behavioral1/files/0x0005000000019c54-157.dat	xmrig
behavioral1/memory/2112-321-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/3020-762-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2388-4013-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/864-4015-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2428-4016-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/memory/3020-4017-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/3024-4022-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2676-4025-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2772-4024-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2808-4023-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2656-4021-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2756-4020-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2704-4019-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2764-4018-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/2128-4014-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c58-182.dat	xmrig
behavioral1/files/0x000500000001962b-163.dat	xmrig
behavioral1/files/0x0005000000019c56-176.dat	xmrig
behavioral1/files/0x00050000000199b9-174.dat	xmrig
behavioral1/files/0x000500000001970b-172.dat	xmrig
behavioral1/files/0x00050000000196c0-170.dat	xmrig
behavioral1/files/0x000500000001963b-166.dat	xmrig
behavioral1/files/0x000500000001967f-164.dat	xmrig
behavioral1/files/0x0005000000019627-132.dat	xmrig
behavioral1/files/0x00050000000194fc-56.dat	xmrig
behavioral1/files/0x0005000000019506-51.dat	xmrig
behavioral1/files/0x00080000000192a9-43.dat	xmrig
behavioral1/memory/3020-41-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2920	phpIiNx.exe
2388	NiXvgez.exe
2128	wInIYoY.exe
864	coiZiNq.exe
2428	GRCvCOS.exe
3020	aksxDCp.exe
2704	VurgtId.exe
2764	mQxrsmv.exe
2656	uBhVPvk.exe
3024	QHbgMBV.exe
2756	LmIbnfn.exe
2808	hlxGVKS.exe
2772	udsEQae.exe
2676	EHTtOMv.exe
2932	XjkqEgE.exe
3028	PQvJZvL.exe
1140	BVIKApM.exe
2324	YpPIOAT.exe
1244	TKKbDfk.exe
2484	FnHEQXD.exe
1248	baXEUyQ.exe
1876	woPwWbO.exe
1036	XkeAzgc.exe
1632	ZRUIjaj.exe
2684	thJoLoB.exe
2824	WRXGgis.exe
2948	HIhgcbR.exe
2836	khVEMKu.exe
2020	GrRaQLE.exe
2576	BjfOHhY.exe
1388	USegUcn.exe
584	ILbOkXb.exe
1908	CuSKANp.exe
956	jVDrynO.exe
1932	uRjyRBd.exe
1524	uPLUuzk.exe
996	qhmeTCY.exe
108	EBdtpZm.exe
1460	DQIBHKw.exe
1552	MlYXaOS.exe
2188	xizBMwY.exe
908	DSUHmhB.exe
1692	ikqZJpL.exe
2480	IfUrohN.exe
3048	odYwtJH.exe
2068	HQKyiZf.exe
2432	MhnsHlu.exe
1860	AMqBsyz.exe
348	zEcNzZR.exe
2348	jKYKgJa.exe
2272	TurLQah.exe
1636	QYkoyBZ.exe
1408	NioitqH.exe
2992	efjOzWF.exe
2988	mdiLpCb.exe
2124	ULgoVCy.exe
2952	mqLqMWa.exe
2792	IzQgtoZ.exe
2668	wQLQamn.exe
3016	nkhjWas.exe
2516	VnRcjPT.exe
2644	GwoBWJw.exe
2968	wMMrJug.exe
2620	eigkkSm.exe

Loads dropped DLL 64 IoCs

pid	Process
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2112-0-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/files/0x0009000000012117-6.dat	upx
behavioral1/files/0x000700000001878c-12.dat	upx
behavioral1/memory/2920-14-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/files/0x0008000000018bf3-11.dat	upx
behavioral1/memory/2388-15-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/files/0x000700000001922c-21.dat	upx
behavioral1/memory/2128-26-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/864-31-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/files/0x0006000000019261-30.dat	upx
behavioral1/files/0x000600000001926a-35.dat	upx
behavioral1/files/0x0006000000019279-39.dat	upx
behavioral1/files/0x000500000001952f-58.dat	upx
behavioral1/files/0x00050000000195a7-71.dat	upx
behavioral1/files/0x000500000001961f-91.dat	upx
behavioral1/memory/2676-103-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/files/0x0005000000019621-104.dat	upx
behavioral1/memory/2764-90-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/files/0x0005000000019622-108.dat	upx
behavioral1/memory/2808-102-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x0005000000019623-117.dat	upx
behavioral1/files/0x0005000000019625-128.dat	upx
behavioral1/files/0x0007000000018731-125.dat	upx
behavioral1/files/0x000500000001961d-97.dat	upx
behavioral1/memory/3024-95-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2656-92-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2772-85-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2756-79-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/files/0x00050000000195e6-78.dat	upx
behavioral1/files/0x000500000001957e-77.dat	upx
behavioral1/memory/2704-68-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/files/0x0005000000019629-134.dat	upx
behavioral1/files/0x0005000000019c54-157.dat	upx
behavioral1/memory/2112-321-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/3020-762-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2388-4013-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/864-4015-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2428-4016-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/memory/3020-4017-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/3024-4022-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2676-4025-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2772-4024-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2808-4023-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2656-4021-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2756-4020-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2704-4019-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2764-4018-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/2128-4014-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/files/0x0005000000019c58-182.dat	upx
behavioral1/files/0x000500000001962b-163.dat	upx
behavioral1/files/0x0005000000019c56-176.dat	upx
behavioral1/files/0x00050000000199b9-174.dat	upx
behavioral1/files/0x000500000001970b-172.dat	upx
behavioral1/files/0x00050000000196c0-170.dat	upx
behavioral1/files/0x000500000001963b-166.dat	upx
behavioral1/files/0x000500000001967f-164.dat	upx
behavioral1/files/0x0005000000019627-132.dat	upx
behavioral1/files/0x00050000000194fc-56.dat	upx
behavioral1/files/0x0005000000019506-51.dat	upx
behavioral1/files/0x00080000000192a9-43.dat	upx
behavioral1/memory/3020-41-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2428-37-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\PkbPAll.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MjlqvgO.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NjytWlA.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mQxrsmv.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GqPjzFX.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kJttXIj.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xDMaDTJ.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ybGcCWT.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uLttogt.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lmJOLRp.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PUlnNSh.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eMAYKMu.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NWcLvCf.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GjoCSRy.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kAdVQqs.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LUxLVmA.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kFTiyUJ.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BCOTKIq.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\huoduII.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BJkpMBe.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yQCgeeJ.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PyQBsMs.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qLnhFLy.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RKsmLOP.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mKMZkAD.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OYXzGpA.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CJjhcpv.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xUwHjZg.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FXYgsaA.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HuSbHDR.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tGQvoFx.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rHhcGmL.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YfGzAyC.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FMjbIXi.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aaszhRz.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uJBExgG.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\amiJfpe.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ypJkooM.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DndiAdH.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XITpZlJ.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JNTtsma.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fjBsjof.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\awbZJHd.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZJalwlW.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GrRaQLE.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DAgtHVA.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MjhhsUN.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tHDBTjI.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SeQsZha.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yChNZGk.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EXmGhWr.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XmeBkii.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VpRIjjX.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ddSuBmK.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NXBeMxj.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kPGEwrL.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TUZtONy.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GIgeIzr.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uRjyRBd.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GQKrcib.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bfhrKel.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WQmbUKw.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RQuHgBg.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WmJvSFQ.exe	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 2920	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2112 wrote to memory of 2920	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2112 wrote to memory of 2920	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2112 wrote to memory of 2388	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2112 wrote to memory of 2388	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2112 wrote to memory of 2388	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2112 wrote to memory of 2128	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2112 wrote to memory of 2128	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2112 wrote to memory of 2128	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2112 wrote to memory of 864	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2112 wrote to memory of 864	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2112 wrote to memory of 864	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2112 wrote to memory of 2428	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2112 wrote to memory of 2428	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2112 wrote to memory of 2428	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2112 wrote to memory of 3020	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2112 wrote to memory of 3020	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2112 wrote to memory of 3020	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2112 wrote to memory of 2704	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2112 wrote to memory of 2704	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2112 wrote to memory of 2704	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2112 wrote to memory of 2764	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2112 wrote to memory of 2764	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2112 wrote to memory of 2764	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2112 wrote to memory of 2656	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2112 wrote to memory of 2656	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2112 wrote to memory of 2656	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2112 wrote to memory of 2756	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2112 wrote to memory of 2756	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2112 wrote to memory of 2756	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2112 wrote to memory of 3024	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2112 wrote to memory of 3024	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2112 wrote to memory of 3024	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2112 wrote to memory of 2808	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2112 wrote to memory of 2808	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2112 wrote to memory of 2808	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2112 wrote to memory of 2676	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2112 wrote to memory of 2676	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2112 wrote to memory of 2676	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2112 wrote to memory of 2772	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2112 wrote to memory of 2772	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2112 wrote to memory of 2772	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2112 wrote to memory of 2932	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2112 wrote to memory of 2932	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2112 wrote to memory of 2932	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2112 wrote to memory of 3028	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2112 wrote to memory of 3028	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2112 wrote to memory of 3028	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2112 wrote to memory of 1140	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2112 wrote to memory of 1140	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2112 wrote to memory of 1140	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2112 wrote to memory of 2324	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2112 wrote to memory of 2324	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2112 wrote to memory of 2324	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2112 wrote to memory of 2484	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2112 wrote to memory of 2484	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2112 wrote to memory of 2484	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2112 wrote to memory of 1244	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2112 wrote to memory of 1244	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2112 wrote to memory of 1244	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2112 wrote to memory of 1248	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2112 wrote to memory of 1248	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2112 wrote to memory of 1248	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2112 wrote to memory of 1876	2112	2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25_df1eae127bcaff31be9ae66ec3416a09_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Windows\System\phpIiNx.exe
  C:\Windows\System\phpIiNx.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\NiXvgez.exe
  C:\Windows\System\NiXvgez.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\wInIYoY.exe
  C:\Windows\System\wInIYoY.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\coiZiNq.exe
  C:\Windows\System\coiZiNq.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\GRCvCOS.exe
  C:\Windows\System\GRCvCOS.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\aksxDCp.exe
  C:\Windows\System\aksxDCp.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\VurgtId.exe
  C:\Windows\System\VurgtId.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\mQxrsmv.exe
  C:\Windows\System\mQxrsmv.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\uBhVPvk.exe
  C:\Windows\System\uBhVPvk.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\LmIbnfn.exe
  C:\Windows\System\LmIbnfn.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\QHbgMBV.exe
  C:\Windows\System\QHbgMBV.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\hlxGVKS.exe
  C:\Windows\System\hlxGVKS.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\EHTtOMv.exe
  C:\Windows\System\EHTtOMv.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\udsEQae.exe
  C:\Windows\System\udsEQae.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\XjkqEgE.exe
  C:\Windows\System\XjkqEgE.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\PQvJZvL.exe
  C:\Windows\System\PQvJZvL.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\BVIKApM.exe
  C:\Windows\System\BVIKApM.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\YpPIOAT.exe
  C:\Windows\System\YpPIOAT.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\FnHEQXD.exe
  C:\Windows\System\FnHEQXD.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\TKKbDfk.exe
  C:\Windows\System\TKKbDfk.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\baXEUyQ.exe
  C:\Windows\System\baXEUyQ.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\woPwWbO.exe
  C:\Windows\System\woPwWbO.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\XkeAzgc.exe
  C:\Windows\System\XkeAzgc.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\ZRUIjaj.exe
  C:\Windows\System\ZRUIjaj.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\WRXGgis.exe
  C:\Windows\System\WRXGgis.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\thJoLoB.exe
  C:\Windows\System\thJoLoB.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\HIhgcbR.exe
  C:\Windows\System\HIhgcbR.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\khVEMKu.exe
  C:\Windows\System\khVEMKu.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\BjfOHhY.exe
  C:\Windows\System\BjfOHhY.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\GrRaQLE.exe
  C:\Windows\System\GrRaQLE.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\USegUcn.exe
  C:\Windows\System\USegUcn.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\ILbOkXb.exe
  C:\Windows\System\ILbOkXb.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\CuSKANp.exe
  C:\Windows\System\CuSKANp.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\jVDrynO.exe
  C:\Windows\System\jVDrynO.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\qhmeTCY.exe
  C:\Windows\System\qhmeTCY.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\uRjyRBd.exe
  C:\Windows\System\uRjyRBd.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\MlYXaOS.exe
  C:\Windows\System\MlYXaOS.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\uPLUuzk.exe
  C:\Windows\System\uPLUuzk.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\xizBMwY.exe
  C:\Windows\System\xizBMwY.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\EBdtpZm.exe
  C:\Windows\System\EBdtpZm.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\DSUHmhB.exe
  C:\Windows\System\DSUHmhB.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\DQIBHKw.exe
  C:\Windows\System\DQIBHKw.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\IfUrohN.exe
  C:\Windows\System\IfUrohN.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\ikqZJpL.exe
  C:\Windows\System\ikqZJpL.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\odYwtJH.exe
  C:\Windows\System\odYwtJH.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\HQKyiZf.exe
  C:\Windows\System\HQKyiZf.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\MhnsHlu.exe
  C:\Windows\System\MhnsHlu.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\AMqBsyz.exe
  C:\Windows\System\AMqBsyz.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\zEcNzZR.exe
  C:\Windows\System\zEcNzZR.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\jKYKgJa.exe
  C:\Windows\System\jKYKgJa.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\NioitqH.exe
  C:\Windows\System\NioitqH.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\TurLQah.exe
  C:\Windows\System\TurLQah.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\efjOzWF.exe
  C:\Windows\System\efjOzWF.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\QYkoyBZ.exe
  C:\Windows\System\QYkoyBZ.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\mdiLpCb.exe
  C:\Windows\System\mdiLpCb.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\ULgoVCy.exe
  C:\Windows\System\ULgoVCy.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\IzQgtoZ.exe
  C:\Windows\System\IzQgtoZ.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\mqLqMWa.exe
  C:\Windows\System\mqLqMWa.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\wQLQamn.exe
  C:\Windows\System\wQLQamn.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\nkhjWas.exe
  C:\Windows\System\nkhjWas.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\VnRcjPT.exe
  C:\Windows\System\VnRcjPT.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\GwoBWJw.exe
  C:\Windows\System\GwoBWJw.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\eigkkSm.exe
  C:\Windows\System\eigkkSm.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\wMMrJug.exe
  C:\Windows\System\wMMrJug.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\CzJYAkw.exe
  C:\Windows\System\CzJYAkw.exe
  2⤵
  PID:1188
- C:\Windows\System\IMxQzCc.exe
  C:\Windows\System\IMxQzCc.exe
  2⤵
  PID:2296
- C:\Windows\System\XVDjlyG.exe
  C:\Windows\System\XVDjlyG.exe
  2⤵
  PID:1728
- C:\Windows\System\TParGJu.exe
  C:\Windows\System\TParGJu.exe
  2⤵
  PID:1736
- C:\Windows\System\zQnQAGE.exe
  C:\Windows\System\zQnQAGE.exe
  2⤵
  PID:1772
- C:\Windows\System\sPsCwAN.exe
  C:\Windows\System\sPsCwAN.exe
  2⤵
  PID:1216
- C:\Windows\System\aFjshbR.exe
  C:\Windows\System\aFjshbR.exe
  2⤵
  PID:2724
- C:\Windows\System\wqlLeYG.exe
  C:\Windows\System\wqlLeYG.exe
  2⤵
  PID:2256
- C:\Windows\System\DtWpWTh.exe
  C:\Windows\System\DtWpWTh.exe
  2⤵
  PID:2488
- C:\Windows\System\rysZTYJ.exe
  C:\Windows\System\rysZTYJ.exe
  2⤵
  PID:336
- C:\Windows\System\tBzzrXi.exe
  C:\Windows\System\tBzzrXi.exe
  2⤵
  PID:2148
- C:\Windows\System\ByLjnPS.exe
  C:\Windows\System\ByLjnPS.exe
  2⤵
  PID:1644
- C:\Windows\System\qKHBfwG.exe
  C:\Windows\System\qKHBfwG.exe
  2⤵
  PID:1588
- C:\Windows\System\npbdUJv.exe
  C:\Windows\System\npbdUJv.exe
  2⤵
  PID:1648
- C:\Windows\System\GiiQTjp.exe
  C:\Windows\System\GiiQTjp.exe
  2⤵
  PID:1972
- C:\Windows\System\JJVrHUO.exe
  C:\Windows\System\JJVrHUO.exe
  2⤵
  PID:3040
- C:\Windows\System\FpzOmwy.exe
  C:\Windows\System\FpzOmwy.exe
  2⤵
  PID:3008
- C:\Windows\System\PUlnNSh.exe
  C:\Windows\System\PUlnNSh.exe
  2⤵
  PID:2184
- C:\Windows\System\SaJULdH.exe
  C:\Windows\System\SaJULdH.exe
  2⤵
  PID:568
- C:\Windows\System\LhTbVCW.exe
  C:\Windows\System\LhTbVCW.exe
  2⤵
  PID:1880
- C:\Windows\System\GROLyUJ.exe
  C:\Windows\System\GROLyUJ.exe
  2⤵
  PID:2224
- C:\Windows\System\dMhGzNE.exe
  C:\Windows\System\dMhGzNE.exe
  2⤵
  PID:764
- C:\Windows\System\URdmwlp.exe
  C:\Windows\System\URdmwlp.exe
  2⤵
  PID:2364
- C:\Windows\System\nMbeJvX.exe
  C:\Windows\System\nMbeJvX.exe
  2⤵
  PID:2980
- C:\Windows\System\ndnbkkV.exe
  C:\Windows\System\ndnbkkV.exe
  2⤵
  PID:2392
- C:\Windows\System\VymastY.exe
  C:\Windows\System\VymastY.exe
  2⤵
  PID:2900
- C:\Windows\System\hopPxtu.exe
  C:\Windows\System\hopPxtu.exe
  2⤵
  PID:2700
- C:\Windows\System\SRjLbSy.exe
  C:\Windows\System\SRjLbSy.exe
  2⤵
  PID:2508
- C:\Windows\System\LjCCQMS.exe
  C:\Windows\System\LjCCQMS.exe
  2⤵
  PID:2752
- C:\Windows\System\LJnnBIJ.exe
  C:\Windows\System\LJnnBIJ.exe
  2⤵
  PID:2248
- C:\Windows\System\DeXDXcz.exe
  C:\Windows\System\DeXDXcz.exe
  2⤵
  PID:660
- C:\Windows\System\ZcTZtVO.exe
  C:\Windows\System\ZcTZtVO.exe
  2⤵
  PID:1828
- C:\Windows\System\oKJIMCY.exe
  C:\Windows\System\oKJIMCY.exe
  2⤵
  PID:3052
- C:\Windows\System\QShfDrN.exe
  C:\Windows\System\QShfDrN.exe
  2⤵
  PID:1980
- C:\Windows\System\nkfpKDU.exe
  C:\Windows\System\nkfpKDU.exe
  2⤵
  PID:1976
- C:\Windows\System\elDmWMR.exe
  C:\Windows\System\elDmWMR.exe
  2⤵
  PID:1604
- C:\Windows\System\wxDxNLz.exe
  C:\Windows\System\wxDxNLz.exe
  2⤵
  PID:1528
- C:\Windows\System\dPmIcsD.exe
  C:\Windows\System\dPmIcsD.exe
  2⤵
  PID:2840
- C:\Windows\System\kDQqgQv.exe
  C:\Windows\System\kDQqgQv.exe
  2⤵
  PID:552
- C:\Windows\System\wBhkhTz.exe
  C:\Windows\System\wBhkhTz.exe
  2⤵
  PID:2740
- C:\Windows\System\PSaDZiY.exe
  C:\Windows\System\PSaDZiY.exe
  2⤵
  PID:2904
- C:\Windows\System\jofsnpG.exe
  C:\Windows\System\jofsnpG.exe
  2⤵
  PID:2060
- C:\Windows\System\VCzwJlp.exe
  C:\Windows\System\VCzwJlp.exe
  2⤵
  PID:2424
- C:\Windows\System\CQRCLol.exe
  C:\Windows\System\CQRCLol.exe
  2⤵
  PID:1520
- C:\Windows\System\HnAMURg.exe
  C:\Windows\System\HnAMURg.exe
  2⤵
  PID:2420
- C:\Windows\System\nXuXyle.exe
  C:\Windows\System\nXuXyle.exe
  2⤵
  PID:1424
- C:\Windows\System\wBNZwmH.exe
  C:\Windows\System\wBNZwmH.exe
  2⤵
  PID:1492
- C:\Windows\System\aKSwDAG.exe
  C:\Windows\System\aKSwDAG.exe
  2⤵
  PID:1716
- C:\Windows\System\khmMbLj.exe
  C:\Windows\System\khmMbLj.exe
  2⤵
  PID:936
- C:\Windows\System\njGMOnF.exe
  C:\Windows\System\njGMOnF.exe
  2⤵
  PID:2512
- C:\Windows\System\zPKdHDN.exe
  C:\Windows\System\zPKdHDN.exe
  2⤵
  PID:868
- C:\Windows\System\IfndjbS.exe
  C:\Windows\System\IfndjbS.exe
  2⤵
  PID:2616
- C:\Windows\System\GmsumWY.exe
  C:\Windows\System\GmsumWY.exe
  2⤵
  PID:2624
- C:\Windows\System\SKiIEyz.exe
  C:\Windows\System\SKiIEyz.exe
  2⤵
  PID:288
- C:\Windows\System\mqzlSjW.exe
  C:\Windows\System\mqzlSjW.exe
  2⤵
  PID:1608
- C:\Windows\System\AYLyuWi.exe
  C:\Windows\System\AYLyuWi.exe
  2⤵
  PID:812
- C:\Windows\System\keepoKx.exe
  C:\Windows\System\keepoKx.exe
  2⤵
  PID:1852
- C:\Windows\System\KBWhSds.exe
  C:\Windows\System\KBWhSds.exe
  2⤵
  PID:3084
- C:\Windows\System\OEaBsag.exe
  C:\Windows\System\OEaBsag.exe
  2⤵
  PID:3104
- C:\Windows\System\vgcaMWu.exe
  C:\Windows\System\vgcaMWu.exe
  2⤵
  PID:3120
- C:\Windows\System\plMHGtW.exe
  C:\Windows\System\plMHGtW.exe
  2⤵
  PID:3136
- C:\Windows\System\GqPjzFX.exe
  C:\Windows\System\GqPjzFX.exe
  2⤵
  PID:3152
- C:\Windows\System\xYMQpce.exe
  C:\Windows\System\xYMQpce.exe
  2⤵
  PID:3200
- C:\Windows\System\ZtOUoOp.exe
  C:\Windows\System\ZtOUoOp.exe
  2⤵
  PID:3224
- C:\Windows\System\UBIYOnH.exe
  C:\Windows\System\UBIYOnH.exe
  2⤵
  PID:3244
- C:\Windows\System\TcYDvNt.exe
  C:\Windows\System\TcYDvNt.exe
  2⤵
  PID:3260
- C:\Windows\System\FXYgsaA.exe
  C:\Windows\System\FXYgsaA.exe
  2⤵
  PID:3276
- C:\Windows\System\zNhFtHD.exe
  C:\Windows\System\zNhFtHD.exe
  2⤵
  PID:3292
- C:\Windows\System\LUxLVmA.exe
  C:\Windows\System\LUxLVmA.exe
  2⤵
  PID:3312
- C:\Windows\System\HgiAsTs.exe
  C:\Windows\System\HgiAsTs.exe
  2⤵
  PID:3332
- C:\Windows\System\EKCZlYC.exe
  C:\Windows\System\EKCZlYC.exe
  2⤵
  PID:3352
- C:\Windows\System\FVBlaZc.exe
  C:\Windows\System\FVBlaZc.exe
  2⤵
  PID:3368
- C:\Windows\System\mtkhkdW.exe
  C:\Windows\System\mtkhkdW.exe
  2⤵
  PID:3404
- C:\Windows\System\yHtBswS.exe
  C:\Windows\System\yHtBswS.exe
  2⤵
  PID:3420
- C:\Windows\System\KhoBpMZ.exe
  C:\Windows\System\KhoBpMZ.exe
  2⤵
  PID:3440
- C:\Windows\System\QaMsdaa.exe
  C:\Windows\System\QaMsdaa.exe
  2⤵
  PID:3456
- C:\Windows\System\PzzMYfg.exe
  C:\Windows\System\PzzMYfg.exe
  2⤵
  PID:3476
- C:\Windows\System\qgAVAlg.exe
  C:\Windows\System\qgAVAlg.exe
  2⤵
  PID:3492
- C:\Windows\System\LEHvSze.exe
  C:\Windows\System\LEHvSze.exe
  2⤵
  PID:3520
- C:\Windows\System\HLDwngk.exe
  C:\Windows\System\HLDwngk.exe
  2⤵
  PID:3540
- C:\Windows\System\fodqsIU.exe
  C:\Windows\System\fodqsIU.exe
  2⤵
  PID:3564
- C:\Windows\System\dMDJZEZ.exe
  C:\Windows\System\dMDJZEZ.exe
  2⤵
  PID:3580
- C:\Windows\System\iWHmxaq.exe
  C:\Windows\System\iWHmxaq.exe
  2⤵
  PID:3600
- C:\Windows\System\BHvbuCn.exe
  C:\Windows\System\BHvbuCn.exe
  2⤵
  PID:3616
- C:\Windows\System\dgqUKuA.exe
  C:\Windows\System\dgqUKuA.exe
  2⤵
  PID:3640
- C:\Windows\System\cHCzfJH.exe
  C:\Windows\System\cHCzfJH.exe
  2⤵
  PID:3656
- C:\Windows\System\HFbANeu.exe
  C:\Windows\System\HFbANeu.exe
  2⤵
  PID:3672
- C:\Windows\System\ADiLBvk.exe
  C:\Windows\System\ADiLBvk.exe
  2⤵
  PID:3700
- C:\Windows\System\fIhczPy.exe
  C:\Windows\System\fIhczPy.exe
  2⤵
  PID:3716
- C:\Windows\System\xlLFvBy.exe
  C:\Windows\System\xlLFvBy.exe
  2⤵
  PID:3732
- C:\Windows\System\moOosKm.exe
  C:\Windows\System\moOosKm.exe
  2⤵
  PID:3756
- C:\Windows\System\MUXhCKq.exe
  C:\Windows\System\MUXhCKq.exe
  2⤵
  PID:3780
- C:\Windows\System\cwSvKuT.exe
  C:\Windows\System\cwSvKuT.exe
  2⤵
  PID:3800
- C:\Windows\System\znMhKZe.exe
  C:\Windows\System\znMhKZe.exe
  2⤵
  PID:3816
- C:\Windows\System\HWCVGYj.exe
  C:\Windows\System\HWCVGYj.exe
  2⤵
  PID:3832
- C:\Windows\System\mBnEZjH.exe
  C:\Windows\System\mBnEZjH.exe
  2⤵
  PID:3864
- C:\Windows\System\XMfrnMs.exe
  C:\Windows\System\XMfrnMs.exe
  2⤵
  PID:3880
- C:\Windows\System\lIBZelr.exe
  C:\Windows\System\lIBZelr.exe
  2⤵
  PID:3900
- C:\Windows\System\rFkBofG.exe
  C:\Windows\System\rFkBofG.exe
  2⤵
  PID:3916
- C:\Windows\System\blBvHpy.exe
  C:\Windows\System\blBvHpy.exe
  2⤵
  PID:3932
- C:\Windows\System\UlzmecT.exe
  C:\Windows\System\UlzmecT.exe
  2⤵
  PID:3952
- C:\Windows\System\NunQWeX.exe
  C:\Windows\System\NunQWeX.exe
  2⤵
  PID:3976
- C:\Windows\System\ikIXgVK.exe
  C:\Windows\System\ikIXgVK.exe
  2⤵
  PID:4004
- C:\Windows\System\jrGVoAe.exe
  C:\Windows\System\jrGVoAe.exe
  2⤵
  PID:4024
- C:\Windows\System\tSWjPko.exe
  C:\Windows\System\tSWjPko.exe
  2⤵
  PID:4040
- C:\Windows\System\ybDdZTq.exe
  C:\Windows\System\ybDdZTq.exe
  2⤵
  PID:4056
- C:\Windows\System\lGCjPrA.exe
  C:\Windows\System\lGCjPrA.exe
  2⤵
  PID:4072
- C:\Windows\System\vYTAQTc.exe
  C:\Windows\System\vYTAQTc.exe
  2⤵
  PID:2052
- C:\Windows\System\CeROgEe.exe
  C:\Windows\System\CeROgEe.exe
  2⤵
  PID:320
- C:\Windows\System\tqcgSNR.exe
  C:\Windows\System\tqcgSNR.exe
  2⤵
  PID:3004
- C:\Windows\System\mdxShZZ.exe
  C:\Windows\System\mdxShZZ.exe
  2⤵
  PID:2232
- C:\Windows\System\IRbaoOD.exe
  C:\Windows\System\IRbaoOD.exe
  2⤵
  PID:3080
- C:\Windows\System\uazGeup.exe
  C:\Windows\System\uazGeup.exe
  2⤵
  PID:3132
- C:\Windows\System\UGQFuBm.exe
  C:\Windows\System\UGQFuBm.exe
  2⤵
  PID:3176
- C:\Windows\System\BqtSDkh.exe
  C:\Windows\System\BqtSDkh.exe
  2⤵
  PID:3196
- C:\Windows\System\rSKvqCh.exe
  C:\Windows\System\rSKvqCh.exe
  2⤵
  PID:3144
- C:\Windows\System\AaCEyUi.exe
  C:\Windows\System\AaCEyUi.exe
  2⤵
  PID:3220
- C:\Windows\System\uqOQOQG.exe
  C:\Windows\System\uqOQOQG.exe
  2⤵
  PID:3272
- C:\Windows\System\IqiPfGp.exe
  C:\Windows\System\IqiPfGp.exe
  2⤵
  PID:3340
- C:\Windows\System\bxHRQFV.exe
  C:\Windows\System\bxHRQFV.exe
  2⤵
  PID:3256
- C:\Windows\System\aFRufad.exe
  C:\Windows\System\aFRufad.exe
  2⤵
  PID:3324
- C:\Windows\System\KkyOxep.exe
  C:\Windows\System\KkyOxep.exe
  2⤵
  PID:3384
- C:\Windows\System\PhWjnow.exe
  C:\Windows\System\PhWjnow.exe
  2⤵
  PID:3400
- C:\Windows\System\daJgTeB.exe
  C:\Windows\System\daJgTeB.exe
  2⤵
  PID:3448
- C:\Windows\System\wosvrbt.exe
  C:\Windows\System\wosvrbt.exe
  2⤵
  PID:3472
- C:\Windows\System\APNRrna.exe
  C:\Windows\System\APNRrna.exe
  2⤵
  PID:3516
- C:\Windows\System\TxaNOgf.exe
  C:\Windows\System\TxaNOgf.exe
  2⤵
  PID:3536
- C:\Windows\System\BAprAde.exe
  C:\Windows\System\BAprAde.exe
  2⤵
  PID:3572
- C:\Windows\System\kJttXIj.exe
  C:\Windows\System\kJttXIj.exe
  2⤵
  PID:3636
- C:\Windows\System\xMDJNPA.exe
  C:\Windows\System\xMDJNPA.exe
  2⤵
  PID:3628
- C:\Windows\System\fmyDESs.exe
  C:\Windows\System\fmyDESs.exe
  2⤵
  PID:3680
- C:\Windows\System\teHDwOI.exe
  C:\Windows\System\teHDwOI.exe
  2⤵
  PID:3788
- C:\Windows\System\HdnVngT.exe
  C:\Windows\System\HdnVngT.exe
  2⤵
  PID:3776
- C:\Windows\System\BAiWrvt.exe
  C:\Windows\System\BAiWrvt.exe
  2⤵
  PID:3768
- C:\Windows\System\MiPiNhf.exe
  C:\Windows\System\MiPiNhf.exe
  2⤵
  PID:3856
- C:\Windows\System\WJiVHGh.exe
  C:\Windows\System\WJiVHGh.exe
  2⤵
  PID:3872
- C:\Windows\System\bseNmYw.exe
  C:\Windows\System\bseNmYw.exe
  2⤵
  PID:3912
- C:\Windows\System\BCvkrIq.exe
  C:\Windows\System\BCvkrIq.exe
  2⤵
  PID:3892
- C:\Windows\System\WduVngQ.exe
  C:\Windows\System\WduVngQ.exe
  2⤵
  PID:3992
- C:\Windows\System\sCfqmbv.exe
  C:\Windows\System\sCfqmbv.exe
  2⤵
  PID:3964
- C:\Windows\System\AVQBkqo.exe
  C:\Windows\System\AVQBkqo.exe
  2⤵
  PID:4016
- C:\Windows\System\OqTWTip.exe
  C:\Windows\System\OqTWTip.exe
  2⤵
  PID:2416
- C:\Windows\System\ZRWBwVE.exe
  C:\Windows\System\ZRWBwVE.exe
  2⤵
  PID:4088
- C:\Windows\System\YXamduB.exe
  C:\Windows\System\YXamduB.exe
  2⤵
  PID:1512
- C:\Windows\System\WyJjFVX.exe
  C:\Windows\System\WyJjFVX.exe
  2⤵
  PID:1892
- C:\Windows\System\rlJRzZA.exe
  C:\Windows\System\rlJRzZA.exe
  2⤵
  PID:3188
- C:\Windows\System\mDetnao.exe
  C:\Windows\System\mDetnao.exe
  2⤵
  PID:3304
- C:\Windows\System\NMFDLTK.exe
  C:\Windows\System\NMFDLTK.exe
  2⤵
  PID:3308
- C:\Windows\System\ctSjnGF.exe
  C:\Windows\System\ctSjnGF.exe
  2⤵
  PID:3392
- C:\Windows\System\ddptKhq.exe
  C:\Windows\System\ddptKhq.exe
  2⤵
  PID:3468
- C:\Windows\System\PQcCJtc.exe
  C:\Windows\System\PQcCJtc.exe
  2⤵
  PID:3532
- C:\Windows\System\JTPhfCV.exe
  C:\Windows\System\JTPhfCV.exe
  2⤵
  PID:3512
- C:\Windows\System\YxmmmTR.exe
  C:\Windows\System\YxmmmTR.exe
  2⤵
  PID:3556
- C:\Windows\System\xphrvMq.exe
  C:\Windows\System\xphrvMq.exe
  2⤵
  PID:1968
- C:\Windows\System\bqQkkxt.exe
  C:\Windows\System\bqQkkxt.exe
  2⤵
  PID:3664
- C:\Windows\System\NSKDkTw.exe
  C:\Windows\System\NSKDkTw.exe
  2⤵
  PID:3608
- C:\Windows\System\xiOXerH.exe
  C:\Windows\System\xiOXerH.exe
  2⤵
  PID:3724
- C:\Windows\System\AzLSesQ.exe
  C:\Windows\System\AzLSesQ.exe
  2⤵
  PID:3748
- C:\Windows\System\RZwAwqo.exe
  C:\Windows\System\RZwAwqo.exe
  2⤵
  PID:3772
- C:\Windows\System\eMAYKMu.exe
  C:\Windows\System\eMAYKMu.exe
  2⤵
  PID:3908
- C:\Windows\System\oWkJKcI.exe
  C:\Windows\System\oWkJKcI.exe
  2⤵
  PID:3972
- C:\Windows\System\FIEGvLA.exe
  C:\Windows\System\FIEGvLA.exe
  2⤵
  PID:3960
- C:\Windows\System\uCCTTOU.exe
  C:\Windows\System\uCCTTOU.exe
  2⤵
  PID:3944
- C:\Windows\System\WQmbUKw.exe
  C:\Windows\System\WQmbUKw.exe
  2⤵
  PID:4084
- C:\Windows\System\XDQkBBV.exe
  C:\Windows\System\XDQkBBV.exe
  2⤵
  PID:4064
- C:\Windows\System\jXXMkFY.exe
  C:\Windows\System\jXXMkFY.exe
  2⤵
  PID:4052
- C:\Windows\System\UIWcQzu.exe
  C:\Windows\System\UIWcQzu.exe
  2⤵
  PID:3076
- C:\Windows\System\ylvAXjY.exe
  C:\Windows\System\ylvAXjY.exe
  2⤵
  PID:3216
- C:\Windows\System\kolsRcQ.exe
  C:\Windows\System\kolsRcQ.exe
  2⤵
  PID:3596
- C:\Windows\System\tOjUVAt.exe
  C:\Windows\System\tOjUVAt.exe
  2⤵
  PID:3504
- C:\Windows\System\JPykGVV.exe
  C:\Windows\System\JPykGVV.exe
  2⤵
  PID:3284
- C:\Windows\System\OHkJpUI.exe
  C:\Windows\System\OHkJpUI.exe
  2⤵
  PID:4080
- C:\Windows\System\xjiiXVM.exe
  C:\Windows\System\xjiiXVM.exe
  2⤵
  PID:3668
- C:\Windows\System\UvhExvt.exe
  C:\Windows\System\UvhExvt.exe
  2⤵
  PID:3696
- C:\Windows\System\Zrfadpf.exe
  C:\Windows\System\Zrfadpf.exe
  2⤵
  PID:3812
- C:\Windows\System\RdAlKGv.exe
  C:\Windows\System\RdAlKGv.exe
  2⤵
  PID:1864
- C:\Windows\System\LCqxtlJ.exe
  C:\Windows\System\LCqxtlJ.exe
  2⤵
  PID:3744
- C:\Windows\System\cRXUbpy.exe
  C:\Windows\System\cRXUbpy.exe
  2⤵
  PID:896
- C:\Windows\System\TKYhJww.exe
  C:\Windows\System\TKYhJww.exe
  2⤵
  PID:3348
- C:\Windows\System\bFANRZv.exe
  C:\Windows\System\bFANRZv.exe
  2⤵
  PID:3428
- C:\Windows\System\bsREtuT.exe
  C:\Windows\System\bsREtuT.exe
  2⤵
  PID:3624
- C:\Windows\System\TyQAQoq.exe
  C:\Windows\System\TyQAQoq.exe
  2⤵
  PID:4116
- C:\Windows\System\vAltbJF.exe
  C:\Windows\System\vAltbJF.exe
  2⤵
  PID:4136
- C:\Windows\System\KYcnBEb.exe
  C:\Windows\System\KYcnBEb.exe
  2⤵
  PID:4160
- C:\Windows\System\WuczySa.exe
  C:\Windows\System\WuczySa.exe
  2⤵
  PID:4180
- C:\Windows\System\OoudKHZ.exe
  C:\Windows\System\OoudKHZ.exe
  2⤵
  PID:4196
- C:\Windows\System\YfGzAyC.exe
  C:\Windows\System\YfGzAyC.exe
  2⤵
  PID:4212
- C:\Windows\System\owuPUkh.exe
  C:\Windows\System\owuPUkh.exe
  2⤵
  PID:4248
- C:\Windows\System\mVpaGDm.exe
  C:\Windows\System\mVpaGDm.exe
  2⤵
  PID:4272
- C:\Windows\System\EsKmLWm.exe
  C:\Windows\System\EsKmLWm.exe
  2⤵
  PID:4288
- C:\Windows\System\lZreSYw.exe
  C:\Windows\System\lZreSYw.exe
  2⤵
  PID:4308
- C:\Windows\System\Zztxufs.exe
  C:\Windows\System\Zztxufs.exe
  2⤵
  PID:4348
- C:\Windows\System\uExlEev.exe
  C:\Windows\System\uExlEev.exe
  2⤵
  PID:4384
- C:\Windows\System\fGHMIYe.exe
  C:\Windows\System\fGHMIYe.exe
  2⤵
  PID:4404
- C:\Windows\System\sOAVOEG.exe
  C:\Windows\System\sOAVOEG.exe
  2⤵
  PID:4424
- C:\Windows\System\dCcVzNi.exe
  C:\Windows\System\dCcVzNi.exe
  2⤵
  PID:4448
- C:\Windows\System\yQCgeeJ.exe
  C:\Windows\System\yQCgeeJ.exe
  2⤵
  PID:4468
- C:\Windows\System\vwxIjJe.exe
  C:\Windows\System\vwxIjJe.exe
  2⤵
  PID:4484
- C:\Windows\System\muTrMEK.exe
  C:\Windows\System\muTrMEK.exe
  2⤵
  PID:4504
- C:\Windows\System\jrUDthE.exe
  C:\Windows\System\jrUDthE.exe
  2⤵
  PID:4520
- C:\Windows\System\VOWCbwn.exe
  C:\Windows\System\VOWCbwn.exe
  2⤵
  PID:4540
- C:\Windows\System\kqBorqU.exe
  C:\Windows\System\kqBorqU.exe
  2⤵
  PID:4568
- C:\Windows\System\tqYjcnI.exe
  C:\Windows\System\tqYjcnI.exe
  2⤵
  PID:4584
- C:\Windows\System\lUVvPkF.exe
  C:\Windows\System\lUVvPkF.exe
  2⤵
  PID:4600
- C:\Windows\System\dICEhjy.exe
  C:\Windows\System\dICEhjy.exe
  2⤵
  PID:4620
- C:\Windows\System\FvRnCAw.exe
  C:\Windows\System\FvRnCAw.exe
  2⤵
  PID:4644
- C:\Windows\System\tZEcmvb.exe
  C:\Windows\System\tZEcmvb.exe
  2⤵
  PID:4664
- C:\Windows\System\NjlPEAZ.exe
  C:\Windows\System\NjlPEAZ.exe
  2⤵
  PID:4692
- C:\Windows\System\DAPXqnD.exe
  C:\Windows\System\DAPXqnD.exe
  2⤵
  PID:4708
- C:\Windows\System\dnYzLNp.exe
  C:\Windows\System\dnYzLNp.exe
  2⤵
  PID:4724
- C:\Windows\System\tSaYYak.exe
  C:\Windows\System\tSaYYak.exe
  2⤵
  PID:4740
- C:\Windows\System\KwWIfRx.exe
  C:\Windows\System\KwWIfRx.exe
  2⤵
  PID:4756
- C:\Windows\System\afHYOBB.exe
  C:\Windows\System\afHYOBB.exe
  2⤵
  PID:4772
- C:\Windows\System\ruXXejm.exe
  C:\Windows\System\ruXXejm.exe
  2⤵
  PID:4788
- C:\Windows\System\SeQsZha.exe
  C:\Windows\System\SeQsZha.exe
  2⤵
  PID:4804
- C:\Windows\System\qtEiuwQ.exe
  C:\Windows\System\qtEiuwQ.exe
  2⤵
  PID:4840
- C:\Windows\System\GaWjEkI.exe
  C:\Windows\System\GaWjEkI.exe
  2⤵
  PID:4864
- C:\Windows\System\RyonJml.exe
  C:\Windows\System\RyonJml.exe
  2⤵
  PID:4880
- C:\Windows\System\kQqxuYy.exe
  C:\Windows\System\kQqxuYy.exe
  2⤵
  PID:4908
- C:\Windows\System\LPUyFSd.exe
  C:\Windows\System\LPUyFSd.exe
  2⤵
  PID:4924
- C:\Windows\System\plzYADZ.exe
  C:\Windows\System\plzYADZ.exe
  2⤵
  PID:4952
- C:\Windows\System\OrhkaXG.exe
  C:\Windows\System\OrhkaXG.exe
  2⤵
  PID:4976
- C:\Windows\System\oLMTiBq.exe
  C:\Windows\System\oLMTiBq.exe
  2⤵
  PID:4992
- C:\Windows\System\KsqGIfI.exe
  C:\Windows\System\KsqGIfI.exe
  2⤵
  PID:5012
- C:\Windows\System\aXzgBYF.exe
  C:\Windows\System\aXzgBYF.exe
  2⤵
  PID:5036
- C:\Windows\System\osNElQH.exe
  C:\Windows\System\osNElQH.exe
  2⤵
  PID:5056
- C:\Windows\System\aRxMcMc.exe
  C:\Windows\System\aRxMcMc.exe
  2⤵
  PID:5084
- C:\Windows\System\rKyXAYa.exe
  C:\Windows\System\rKyXAYa.exe
  2⤵
  PID:5104
- C:\Windows\System\PThhewi.exe
  C:\Windows\System\PThhewi.exe
  2⤵
  PID:3984
- C:\Windows\System\KUtUhxp.exe
  C:\Windows\System\KUtUhxp.exe
  2⤵
  PID:3612
- C:\Windows\System\JHXpnzO.exe
  C:\Windows\System\JHXpnzO.exe
  2⤵
  PID:3236
- C:\Windows\System\txJChqx.exe
  C:\Windows\System\txJChqx.exe
  2⤵
  PID:3852
- C:\Windows\System\laCgWMp.exe
  C:\Windows\System\laCgWMp.exe
  2⤵
  PID:4108
- C:\Windows\System\PmvmSbj.exe
  C:\Windows\System\PmvmSbj.exe
  2⤵
  PID:4188
- C:\Windows\System\oxbDwSp.exe
  C:\Windows\System\oxbDwSp.exe
  2⤵
  PID:4232
- C:\Windows\System\itTDayI.exe
  C:\Windows\System\itTDayI.exe
  2⤵
  PID:4280
- C:\Windows\System\vwYkXyM.exe
  C:\Windows\System\vwYkXyM.exe
  2⤵
  PID:2560
- C:\Windows\System\xIctEui.exe
  C:\Windows\System\xIctEui.exe
  2⤵
  PID:3112
- C:\Windows\System\uZEPZzm.exe
  C:\Windows\System\uZEPZzm.exe
  2⤵
  PID:4132
- C:\Windows\System\SWyvium.exe
  C:\Windows\System\SWyvium.exe
  2⤵
  PID:4336
- C:\Windows\System\xwofPiZ.exe
  C:\Windows\System\xwofPiZ.exe
  2⤵
  PID:4264
- C:\Windows\System\PuCphhh.exe
  C:\Windows\System\PuCphhh.exe
  2⤵
  PID:4304
- C:\Windows\System\wzsiwTe.exe
  C:\Windows\System\wzsiwTe.exe
  2⤵
  PID:4396
- C:\Windows\System\NWcLvCf.exe
  C:\Windows\System\NWcLvCf.exe
  2⤵
  PID:4412
- C:\Windows\System\lutGtDz.exe
  C:\Windows\System\lutGtDz.exe
  2⤵
  PID:4516
- C:\Windows\System\ONpAxQD.exe
  C:\Windows\System\ONpAxQD.exe
  2⤵
  PID:4564
- C:\Windows\System\ISpPPaW.exe
  C:\Windows\System\ISpPPaW.exe
  2⤵
  PID:4532
- C:\Windows\System\UdpnKWv.exe
  C:\Windows\System\UdpnKWv.exe
  2⤵
  PID:4496
- C:\Windows\System\AiNNAob.exe
  C:\Windows\System\AiNNAob.exe
  2⤵
  PID:4456
- C:\Windows\System\tWfGVKD.exe
  C:\Windows\System\tWfGVKD.exe
  2⤵
  PID:4632
- C:\Windows\System\IyWqfqG.exe
  C:\Windows\System\IyWqfqG.exe
  2⤵
  PID:4652
- C:\Windows\System\dpNJqrt.exe
  C:\Windows\System\dpNJqrt.exe
  2⤵
  PID:4672
- C:\Windows\System\xruaOjh.exe
  C:\Windows\System\xruaOjh.exe
  2⤵
  PID:4676
- C:\Windows\System\xrBETzL.exe
  C:\Windows\System\xrBETzL.exe
  2⤵
  PID:4824
- C:\Windows\System\qxzfpmi.exe
  C:\Windows\System\qxzfpmi.exe
  2⤵
  PID:4828
- C:\Windows\System\xXxIBBS.exe
  C:\Windows\System\xXxIBBS.exe
  2⤵
  PID:4920
- C:\Windows\System\tLkmEFs.exe
  C:\Windows\System\tLkmEFs.exe
  2⤵
  PID:4768
- C:\Windows\System\hhouZha.exe
  C:\Windows\System\hhouZha.exe
  2⤵
  PID:4932
- C:\Windows\System\WfXRJeQ.exe
  C:\Windows\System\WfXRJeQ.exe
  2⤵
  PID:4900
- C:\Windows\System\GejQRGQ.exe
  C:\Windows\System\GejQRGQ.exe
  2⤵
  PID:5052
- C:\Windows\System\VPuaTzF.exe
  C:\Windows\System\VPuaTzF.exe
  2⤵
  PID:4948
- C:\Windows\System\gyveCUv.exe
  C:\Windows\System\gyveCUv.exe
  2⤵
  PID:5020
- C:\Windows\System\pNpFTwU.exe
  C:\Windows\System\pNpFTwU.exe
  2⤵
  PID:5068
- C:\Windows\System\DFvIKvy.exe
  C:\Windows\System\DFvIKvy.exe
  2⤵
  PID:5112
- C:\Windows\System\gAVOZhb.exe
  C:\Windows\System\gAVOZhb.exe
  2⤵
  PID:3740
- C:\Windows\System\mGgmRcZ.exe
  C:\Windows\System\mGgmRcZ.exe
  2⤵
  PID:3172
- C:\Windows\System\NxTHaRQ.exe
  C:\Windows\System\NxTHaRQ.exe
  2⤵
  PID:3828
- C:\Windows\System\hGmRneL.exe
  C:\Windows\System\hGmRneL.exe
  2⤵
  PID:3948
- C:\Windows\System\RkJykXT.exe
  C:\Windows\System\RkJykXT.exe
  2⤵
  PID:2628
- C:\Windows\System\AXqEFMv.exe
  C:\Windows\System\AXqEFMv.exe
  2⤵
  PID:4256
- C:\Windows\System\zAUTMPa.exe
  C:\Windows\System\zAUTMPa.exe
  2⤵
  PID:4048
- C:\Windows\System\mpqeZGL.exe
  C:\Windows\System\mpqeZGL.exe
  2⤵
  PID:4204
- C:\Windows\System\SQlUyzf.exe
  C:\Windows\System\SQlUyzf.exe
  2⤵
  PID:4296
- C:\Windows\System\yagzBoR.exe
  C:\Windows\System\yagzBoR.exe
  2⤵
  PID:4380
- C:\Windows\System\QFWISYH.exe
  C:\Windows\System\QFWISYH.exe
  2⤵
  PID:4476
- C:\Windows\System\FvGIcwF.exe
  C:\Windows\System\FvGIcwF.exe
  2⤵
  PID:4592
- C:\Windows\System\oOdrbYk.exe
  C:\Windows\System\oOdrbYk.exe
  2⤵
  PID:4684
- C:\Windows\System\COHyQez.exe
  C:\Windows\System\COHyQez.exe
  2⤵
  PID:4628
- C:\Windows\System\VAuWFfJ.exe
  C:\Windows\System\VAuWFfJ.exe
  2⤵
  PID:4680
- C:\Windows\System\WoFtDpG.exe
  C:\Windows\System\WoFtDpG.exe
  2⤵
  PID:4780
- C:\Windows\System\eKwhuKX.exe
  C:\Windows\System\eKwhuKX.exe
  2⤵
  PID:2088
- C:\Windows\System\MMHVgXz.exe
  C:\Windows\System\MMHVgXz.exe
  2⤵
  PID:4968
- C:\Windows\System\QItxNHW.exe
  C:\Windows\System\QItxNHW.exe
  2⤵
  PID:2524
- C:\Windows\System\DAgtHVA.exe
  C:\Windows\System\DAgtHVA.exe
  2⤵
  PID:2640
- C:\Windows\System\xuBMrii.exe
  C:\Windows\System\xuBMrii.exe
  2⤵
  PID:4888
- C:\Windows\System\OqpSycl.exe
  C:\Windows\System\OqpSycl.exe
  2⤵
  PID:5096
- C:\Windows\System\lkomchU.exe
  C:\Windows\System\lkomchU.exe
  2⤵
  PID:5032
- C:\Windows\System\lNcqQaZ.exe
  C:\Windows\System\lNcqQaZ.exe
  2⤵
  PID:276
- C:\Windows\System\qcRXXGi.exe
  C:\Windows\System\qcRXXGi.exe
  2⤵
  PID:3652
- C:\Windows\System\cROJNkw.exe
  C:\Windows\System\cROJNkw.exe
  2⤵
  PID:4220
- C:\Windows\System\RoMvGRG.exe
  C:\Windows\System\RoMvGRG.exe
  2⤵
  PID:3576
- C:\Windows\System\hDhYcQp.exe
  C:\Windows\System\hDhYcQp.exe
  2⤵
  PID:3328
- C:\Windows\System\pXbssCh.exe
  C:\Windows\System\pXbssCh.exe
  2⤵
  PID:4124
- C:\Windows\System\DBSoNGv.exe
  C:\Windows\System\DBSoNGv.exe
  2⤵
  PID:4320
- C:\Windows\System\nCzGdLY.exe
  C:\Windows\System\nCzGdLY.exe
  2⤵
  PID:4596
- C:\Windows\System\PyQBsMs.exe
  C:\Windows\System\PyQBsMs.exe
  2⤵
  PID:4836
- C:\Windows\System\nbeMrWv.exe
  C:\Windows\System\nbeMrWv.exe
  2⤵
  PID:1180
- C:\Windows\System\lXpxNrf.exe
  C:\Windows\System\lXpxNrf.exe
  2⤵
  PID:4812
- C:\Windows\System\vIgISyc.exe
  C:\Windows\System\vIgISyc.exe
  2⤵
  PID:4732
- C:\Windows\System\tKxZidw.exe
  C:\Windows\System\tKxZidw.exe
  2⤵
  PID:4144
- C:\Windows\System\JbfBUWi.exe
  C:\Windows\System\JbfBUWi.exe
  2⤵
  PID:2788
- C:\Windows\System\PUXKCev.exe
  C:\Windows\System\PUXKCev.exe
  2⤵
  PID:4228
- C:\Windows\System\gWIcsFW.exe
  C:\Windows\System\gWIcsFW.exe
  2⤵
  PID:4104
- C:\Windows\System\allnsEL.exe
  C:\Windows\System\allnsEL.exe
  2⤵
  PID:4860
- C:\Windows\System\YWlOZQF.exe
  C:\Windows\System\YWlOZQF.exe
  2⤵
  PID:4328
- C:\Windows\System\LsqcBXG.exe
  C:\Windows\System\LsqcBXG.exe
  2⤵
  PID:4512
- C:\Windows\System\NxMFldK.exe
  C:\Windows\System\NxMFldK.exe
  2⤵
  PID:2468
- C:\Windows\System\xHPSFAD.exe
  C:\Windows\System\xHPSFAD.exe
  2⤵
  PID:4616
- C:\Windows\System\eNZHKzF.exe
  C:\Windows\System\eNZHKzF.exe
  2⤵
  PID:5100
- C:\Windows\System\vvRAZVI.exe
  C:\Windows\System\vvRAZVI.exe
  2⤵
  PID:4576
- C:\Windows\System\CDpGPUf.exe
  C:\Windows\System\CDpGPUf.exe
  2⤵
  PID:3252
- C:\Windows\System\yajBGqK.exe
  C:\Windows\System\yajBGqK.exe
  2⤵
  PID:5148
- C:\Windows\System\OqQWGPl.exe
  C:\Windows\System\OqQWGPl.exe
  2⤵
  PID:5168
- C:\Windows\System\cJIlVJM.exe
  C:\Windows\System\cJIlVJM.exe
  2⤵
  PID:5184
- C:\Windows\System\kHbvziO.exe
  C:\Windows\System\kHbvziO.exe
  2⤵
  PID:5200
- C:\Windows\System\oBaUHce.exe
  C:\Windows\System\oBaUHce.exe
  2⤵
  PID:5232
- C:\Windows\System\KaUFMtY.exe
  C:\Windows\System\KaUFMtY.exe
  2⤵
  PID:5248
- C:\Windows\System\YarCaQM.exe
  C:\Windows\System\YarCaQM.exe
  2⤵
  PID:5264
- C:\Windows\System\vYKAtMh.exe
  C:\Windows\System\vYKAtMh.exe
  2⤵
  PID:5284
- C:\Windows\System\EpBFKJW.exe
  C:\Windows\System\EpBFKJW.exe
  2⤵
  PID:5300
- C:\Windows\System\KthLgya.exe
  C:\Windows\System\KthLgya.exe
  2⤵
  PID:5324
- C:\Windows\System\mZlhMAx.exe
  C:\Windows\System\mZlhMAx.exe
  2⤵
  PID:5340
- C:\Windows\System\eBXyLDr.exe
  C:\Windows\System\eBXyLDr.exe
  2⤵
  PID:5360
- C:\Windows\System\RYkOXFU.exe
  C:\Windows\System\RYkOXFU.exe
  2⤵
  PID:5376
- C:\Windows\System\sImSWGE.exe
  C:\Windows\System\sImSWGE.exe
  2⤵
  PID:5412
- C:\Windows\System\xUHJEzt.exe
  C:\Windows\System\xUHJEzt.exe
  2⤵
  PID:5428
- C:\Windows\System\mWuSiNw.exe
  C:\Windows\System\mWuSiNw.exe
  2⤵
  PID:5448
- C:\Windows\System\rkGGcdf.exe
  C:\Windows\System\rkGGcdf.exe
  2⤵
  PID:5496
- C:\Windows\System\GAqvhXX.exe
  C:\Windows\System\GAqvhXX.exe
  2⤵
  PID:5512
- C:\Windows\System\AEYjVgZ.exe
  C:\Windows\System\AEYjVgZ.exe
  2⤵
  PID:5540
- C:\Windows\System\IVeVxPi.exe
  C:\Windows\System\IVeVxPi.exe
  2⤵
  PID:5556
- C:\Windows\System\WnVzDGO.exe
  C:\Windows\System\WnVzDGO.exe
  2⤵
  PID:5572
- C:\Windows\System\ltUBAXj.exe
  C:\Windows\System\ltUBAXj.exe
  2⤵
  PID:5592
- C:\Windows\System\amiJfpe.exe
  C:\Windows\System\amiJfpe.exe
  2⤵
  PID:5608
- C:\Windows\System\WnYOlYy.exe
  C:\Windows\System\WnYOlYy.exe
  2⤵
  PID:5624
- C:\Windows\System\esqfLqE.exe
  C:\Windows\System\esqfLqE.exe
  2⤵
  PID:5640
- C:\Windows\System\qEoFSzw.exe
  C:\Windows\System\qEoFSzw.exe
  2⤵
  PID:5656
- C:\Windows\System\MSJtsKU.exe
  C:\Windows\System\MSJtsKU.exe
  2⤵
  PID:5672
- C:\Windows\System\TCWStGJ.exe
  C:\Windows\System\TCWStGJ.exe
  2⤵
  PID:5688
- C:\Windows\System\tmExPRh.exe
  C:\Windows\System\tmExPRh.exe
  2⤵
  PID:5708
- C:\Windows\System\VyndVmW.exe
  C:\Windows\System\VyndVmW.exe
  2⤵
  PID:5728
- C:\Windows\System\QmOAnyl.exe
  C:\Windows\System\QmOAnyl.exe
  2⤵
  PID:5744
- C:\Windows\System\yEatpVJ.exe
  C:\Windows\System\yEatpVJ.exe
  2⤵
  PID:5760
- C:\Windows\System\unHmlyK.exe
  C:\Windows\System\unHmlyK.exe
  2⤵
  PID:5808
- C:\Windows\System\keVCUSL.exe
  C:\Windows\System\keVCUSL.exe
  2⤵
  PID:5832
- C:\Windows\System\fjLpVMX.exe
  C:\Windows\System\fjLpVMX.exe
  2⤵
  PID:5848
- C:\Windows\System\gFFDKkx.exe
  C:\Windows\System\gFFDKkx.exe
  2⤵
  PID:5868
- C:\Windows\System\ErPwzmX.exe
  C:\Windows\System\ErPwzmX.exe
  2⤵
  PID:5884
- C:\Windows\System\NzHGbRW.exe
  C:\Windows\System\NzHGbRW.exe
  2⤵
  PID:5900
- C:\Windows\System\IgIkNGl.exe
  C:\Windows\System\IgIkNGl.exe
  2⤵
  PID:5928
- C:\Windows\System\IIZNBCv.exe
  C:\Windows\System\IIZNBCv.exe
  2⤵
  PID:5948
- C:\Windows\System\wrblWQw.exe
  C:\Windows\System\wrblWQw.exe
  2⤵
  PID:5980
- C:\Windows\System\MvSWltQ.exe
  C:\Windows\System\MvSWltQ.exe
  2⤵
  PID:5996
- C:\Windows\System\LELLnzF.exe
  C:\Windows\System\LELLnzF.exe
  2⤵
  PID:6020
- C:\Windows\System\PxEUaCb.exe
  C:\Windows\System\PxEUaCb.exe
  2⤵
  PID:6040
- C:\Windows\System\sPNcoNA.exe
  C:\Windows\System\sPNcoNA.exe
  2⤵
  PID:6056
- C:\Windows\System\ocKpPMs.exe
  C:\Windows\System\ocKpPMs.exe
  2⤵
  PID:6072
- C:\Windows\System\iYSwWYC.exe
  C:\Windows\System\iYSwWYC.exe
  2⤵
  PID:6092
- C:\Windows\System\fzKAUlt.exe
  C:\Windows\System\fzKAUlt.exe
  2⤵
  PID:6120
- C:\Windows\System\FkLbhJW.exe
  C:\Windows\System\FkLbhJW.exe
  2⤵
  PID:4316
- C:\Windows\System\MjhhsUN.exe
  C:\Windows\System\MjhhsUN.exe
  2⤵
  PID:2600
- C:\Windows\System\LuHbpRK.exe
  C:\Windows\System\LuHbpRK.exe
  2⤵
  PID:4752
- C:\Windows\System\ycBbLxV.exe
  C:\Windows\System\ycBbLxV.exe
  2⤵
  PID:5128
- C:\Windows\System\IbOnCJm.exe
  C:\Windows\System\IbOnCJm.exe
  2⤵
  PID:5176
- C:\Windows\System\XSOfTNz.exe
  C:\Windows\System\XSOfTNz.exe
  2⤵
  PID:5220
- C:\Windows\System\MDTjkzV.exe
  C:\Windows\System\MDTjkzV.exe
  2⤵
  PID:5292
- C:\Windows\System\FSTpjxW.exe
  C:\Windows\System\FSTpjxW.exe
  2⤵
  PID:5368
- C:\Windows\System\eEgFruv.exe
  C:\Windows\System\eEgFruv.exe
  2⤵
  PID:5244
- C:\Windows\System\BfUVzXC.exe
  C:\Windows\System\BfUVzXC.exe
  2⤵
  PID:5472
- C:\Windows\System\tDzprVy.exe
  C:\Windows\System\tDzprVy.exe
  2⤵
  PID:5192
- C:\Windows\System\xUJirCp.exe
  C:\Windows\System\xUJirCp.exe
  2⤵
  PID:2708
- C:\Windows\System\CjVNSLP.exe
  C:\Windows\System\CjVNSLP.exe
  2⤵
  PID:4556
- C:\Windows\System\AixJxjm.exe
  C:\Windows\System\AixJxjm.exe
  2⤵
  PID:4988
- C:\Windows\System\NQfNmAy.exe
  C:\Windows\System\NQfNmAy.exe
  2⤵
  PID:5388
- C:\Windows\System\ujDwauV.exe
  C:\Windows\System\ujDwauV.exe
  2⤵
  PID:5408
- C:\Windows\System\UcSxnuc.exe
  C:\Windows\System\UcSxnuc.exe
  2⤵
  PID:5444
- C:\Windows\System\PtvELPX.exe
  C:\Windows\System\PtvELPX.exe
  2⤵
  PID:5320
- C:\Windows\System\fMaWTjA.exe
  C:\Windows\System\fMaWTjA.exe
  2⤵
  PID:5384
- C:\Windows\System\sspultA.exe
  C:\Windows\System\sspultA.exe
  2⤵
  PID:5524
- C:\Windows\System\QkuPItj.exe
  C:\Windows\System\QkuPItj.exe
  2⤵
  PID:5564
- C:\Windows\System\ASemUzc.exe
  C:\Windows\System\ASemUzc.exe
  2⤵
  PID:5620
- C:\Windows\System\xzDkdTu.exe
  C:\Windows\System\xzDkdTu.exe
  2⤵
  PID:5600
- C:\Windows\System\zantAMw.exe
  C:\Windows\System\zantAMw.exe
  2⤵
  PID:5704
- C:\Windows\System\XITpZlJ.exe
  C:\Windows\System\XITpZlJ.exe
  2⤵
  PID:5772
- C:\Windows\System\MCBAUjg.exe
  C:\Windows\System\MCBAUjg.exe
  2⤵
  PID:5792
- C:\Windows\System\CmvDgDb.exe
  C:\Windows\System\CmvDgDb.exe
  2⤵
  PID:5716
- C:\Windows\System\nlrqxzC.exe
  C:\Windows\System\nlrqxzC.exe
  2⤵
  PID:5804
- C:\Windows\System\mKMZkAD.exe
  C:\Windows\System\mKMZkAD.exe
  2⤵
  PID:5864
- C:\Windows\System\uGnwrNV.exe
  C:\Windows\System\uGnwrNV.exe
  2⤵
  PID:5920
- C:\Windows\System\NlmLiQM.exe
  C:\Windows\System\NlmLiQM.exe
  2⤵
  PID:5892
- C:\Windows\System\RvufgHk.exe
  C:\Windows\System\RvufgHk.exe
  2⤵
  PID:5960
- C:\Windows\System\zNxfbqq.exe
  C:\Windows\System\zNxfbqq.exe
  2⤵
  PID:5940
- C:\Windows\System\lIOvmmD.exe
  C:\Windows\System\lIOvmmD.exe
  2⤵
  PID:6016
- C:\Windows\System\GsgiSgf.exe
  C:\Windows\System\GsgiSgf.exe
  2⤵
  PID:6068
- C:\Windows\System\aRqOzvy.exe
  C:\Windows\System\aRqOzvy.exe
  2⤵
  PID:6112
- C:\Windows\System\sSHtjiC.exe
  C:\Windows\System\sSHtjiC.exe
  2⤵
  PID:6140
- C:\Windows\System\cjXLmNO.exe
  C:\Windows\System\cjXLmNO.exe
  2⤵
  PID:2996
- C:\Windows\System\BFIqhmm.exe
  C:\Windows\System\BFIqhmm.exe
  2⤵
  PID:5228
- C:\Windows\System\bgNGSiu.exe
  C:\Windows\System\bgNGSiu.exe
  2⤵
  PID:5212
- C:\Windows\System\iIgCvhH.exe
  C:\Windows\System\iIgCvhH.exe
  2⤵
  PID:6104
- C:\Windows\System\oOvSeFZ.exe
  C:\Windows\System\oOvSeFZ.exe
  2⤵
  PID:6116
- C:\Windows\System\UMCxEkF.exe
  C:\Windows\System\UMCxEkF.exe
  2⤵
  PID:4244
- C:\Windows\System\xDMaDTJ.exe
  C:\Windows\System\xDMaDTJ.exe
  2⤵
  PID:5160
- C:\Windows\System\jfZOziW.exe
  C:\Windows\System\jfZOziW.exe
  2⤵
  PID:5272
- C:\Windows\System\arekpSC.exe
  C:\Windows\System\arekpSC.exe
  2⤵
  PID:5440
- C:\Windows\System\rJcORfz.exe
  C:\Windows\System\rJcORfz.exe
  2⤵
  PID:5684
- C:\Windows\System\tcGXIcl.exe
  C:\Windows\System\tcGXIcl.exe
  2⤵
  PID:5092
- C:\Windows\System\xgmdhhR.exe
  C:\Windows\System\xgmdhhR.exe
  2⤵
  PID:5580
- C:\Windows\System\TkBIBeM.exe
  C:\Windows\System\TkBIBeM.exe
  2⤵
  PID:5636
- C:\Windows\System\FMjbIXi.exe
  C:\Windows\System\FMjbIXi.exe
  2⤵
  PID:5780
- C:\Windows\System\bvNXdYe.exe
  C:\Windows\System\bvNXdYe.exe
  2⤵
  PID:5044
- C:\Windows\System\HGMLYYD.exe
  C:\Windows\System\HGMLYYD.exe
  2⤵
  PID:5876
- C:\Windows\System\YaqKOqY.exe
  C:\Windows\System\YaqKOqY.exe
  2⤵
  PID:5828
- C:\Windows\System\nGuTEBp.exe
  C:\Windows\System\nGuTEBp.exe
  2⤵
  PID:5552
- C:\Windows\System\IYCoJFj.exe
  C:\Windows\System\IYCoJFj.exe
  2⤵
  PID:5968
- C:\Windows\System\vjDGCmG.exe
  C:\Windows\System\vjDGCmG.exe
  2⤵
  PID:2784
- C:\Windows\System\rhZdGpz.exe
  C:\Windows\System\rhZdGpz.exe
  2⤵
  PID:6008
- C:\Windows\System\tgdgOZc.exe
  C:\Windows\System\tgdgOZc.exe
  2⤵
  PID:5140
- C:\Windows\System\NXBeMxj.exe
  C:\Windows\System\NXBeMxj.exe
  2⤵
  PID:4892
- C:\Windows\System\CelRziB.exe
  C:\Windows\System\CelRziB.exe
  2⤵
  PID:2384
- C:\Windows\System\eTVwJEc.exe
  C:\Windows\System\eTVwJEc.exe
  2⤵
  PID:5476
- C:\Windows\System\CisZGwh.exe
  C:\Windows\System\CisZGwh.exe
  2⤵
  PID:5260
- C:\Windows\System\QXbNygY.exe
  C:\Windows\System\QXbNygY.exe
  2⤵
  PID:5468
- C:\Windows\System\OrDmHKH.exe
  C:\Windows\System\OrDmHKH.exe
  2⤵
  PID:5352
- C:\Windows\System\BqWmQwY.exe
  C:\Windows\System\BqWmQwY.exe
  2⤵
  PID:5520
- C:\Windows\System\oRxffiT.exe
  C:\Windows\System\oRxffiT.exe
  2⤵
  PID:5696
- C:\Windows\System\ApcZRbJ.exe
  C:\Windows\System\ApcZRbJ.exe
  2⤵
  PID:5816
- C:\Windows\System\yChNZGk.exe
  C:\Windows\System\yChNZGk.exe
  2⤵
  PID:5616
- C:\Windows\System\kPGEwrL.exe
  C:\Windows\System\kPGEwrL.exe
  2⤵
  PID:5632
- C:\Windows\System\BhbZCOv.exe
  C:\Windows\System\BhbZCOv.exe
  2⤵
  PID:5400
- C:\Windows\System\qFQTWBy.exe
  C:\Windows\System\qFQTWBy.exe
  2⤵
  PID:5584
- C:\Windows\System\ylXhULm.exe
  C:\Windows\System\ylXhULm.exe
  2⤵
  PID:6136
- C:\Windows\System\gkWkJcw.exe
  C:\Windows\System\gkWkJcw.exe
  2⤵
  PID:2636
- C:\Windows\System\kbpIjCV.exe
  C:\Windows\System\kbpIjCV.exe
  2⤵
  PID:5156
- C:\Windows\System\dknqTXi.exe
  C:\Windows\System\dknqTXi.exe
  2⤵
  PID:4300
- C:\Windows\System\kKFzsjh.exe
  C:\Windows\System\kKFzsjh.exe
  2⤵
  PID:5528
- C:\Windows\System\lcDmGJN.exe
  C:\Windows\System\lcDmGJN.exe
  2⤵
  PID:5680
- C:\Windows\System\hIEJZAw.exe
  C:\Windows\System\hIEJZAw.exe
  2⤵
  PID:5824
- C:\Windows\System\cTXvJms.exe
  C:\Windows\System\cTXvJms.exe
  2⤵
  PID:5964
- C:\Windows\System\xshfOJI.exe
  C:\Windows\System\xshfOJI.exe
  2⤵
  PID:5316
- C:\Windows\System\lnYGhge.exe
  C:\Windows\System\lnYGhge.exe
  2⤵
  PID:6064
- C:\Windows\System\VxNxrIu.exe
  C:\Windows\System\VxNxrIu.exe
  2⤵
  PID:5164
- C:\Windows\System\vPEzFbc.exe
  C:\Windows\System\vPEzFbc.exe
  2⤵
  PID:6088
- C:\Windows\System\qOViQox.exe
  C:\Windows\System\qOViQox.exe
  2⤵
  PID:5436
- C:\Windows\System\xbqVNok.exe
  C:\Windows\System\xbqVNok.exe
  2⤵
  PID:6148
- C:\Windows\System\vYGTQKJ.exe
  C:\Windows\System\vYGTQKJ.exe
  2⤵
  PID:6164
- C:\Windows\System\AOCiyJE.exe
  C:\Windows\System\AOCiyJE.exe
  2⤵
  PID:6180
- C:\Windows\System\hwdbdre.exe
  C:\Windows\System\hwdbdre.exe
  2⤵
  PID:6232
- C:\Windows\System\pmzFXuP.exe
  C:\Windows\System\pmzFXuP.exe
  2⤵
  PID:6248
- C:\Windows\System\zlyzipb.exe
  C:\Windows\System\zlyzipb.exe
  2⤵
  PID:6264
- C:\Windows\System\vRIwiav.exe
  C:\Windows\System\vRIwiav.exe
  2⤵
  PID:6284
- C:\Windows\System\kTLktEk.exe
  C:\Windows\System\kTLktEk.exe
  2⤵
  PID:6300
- C:\Windows\System\shAwpUx.exe
  C:\Windows\System\shAwpUx.exe
  2⤵
  PID:6316
- C:\Windows\System\iFIGYyc.exe
  C:\Windows\System\iFIGYyc.exe
  2⤵
  PID:6336
- C:\Windows\System\BPMVhyh.exe
  C:\Windows\System\BPMVhyh.exe
  2⤵
  PID:6352
- C:\Windows\System\ajxmlGA.exe
  C:\Windows\System\ajxmlGA.exe
  2⤵
  PID:6368
- C:\Windows\System\xqkMmnV.exe
  C:\Windows\System\xqkMmnV.exe
  2⤵
  PID:6384
- C:\Windows\System\HUtTFXE.exe
  C:\Windows\System\HUtTFXE.exe
  2⤵
  PID:6400
- C:\Windows\System\oPXEuLB.exe
  C:\Windows\System\oPXEuLB.exe
  2⤵
  PID:6416
- C:\Windows\System\MRjvGIm.exe
  C:\Windows\System\MRjvGIm.exe
  2⤵
  PID:6456
- C:\Windows\System\HbsupDf.exe
  C:\Windows\System\HbsupDf.exe
  2⤵
  PID:6476
- C:\Windows\System\JWtLzpv.exe
  C:\Windows\System\JWtLzpv.exe
  2⤵
  PID:6508
- C:\Windows\System\uVmNOdb.exe
  C:\Windows\System\uVmNOdb.exe
  2⤵
  PID:6524
- C:\Windows\System\VRmXpMB.exe
  C:\Windows\System\VRmXpMB.exe
  2⤵
  PID:6540
- C:\Windows\System\MEMXZEX.exe
  C:\Windows\System\MEMXZEX.exe
  2⤵
  PID:6568
- C:\Windows\System\RegrvYp.exe
  C:\Windows\System\RegrvYp.exe
  2⤵
  PID:6584
- C:\Windows\System\DSmxRTE.exe
  C:\Windows\System\DSmxRTE.exe
  2⤵
  PID:6604
- C:\Windows\System\DMBOKZM.exe
  C:\Windows\System\DMBOKZM.exe
  2⤵
  PID:6620
- C:\Windows\System\DpymTiQ.exe
  C:\Windows\System\DpymTiQ.exe
  2⤵
  PID:6636
- C:\Windows\System\TSIJTJh.exe
  C:\Windows\System\TSIJTJh.exe
  2⤵
  PID:6652
- C:\Windows\System\GjoCSRy.exe
  C:\Windows\System\GjoCSRy.exe
  2⤵
  PID:6668
- C:\Windows\System\MuVrTcS.exe
  C:\Windows\System\MuVrTcS.exe
  2⤵
  PID:6684
- C:\Windows\System\hpbiiMW.exe
  C:\Windows\System\hpbiiMW.exe
  2⤵
  PID:6700
- C:\Windows\System\TtUMsCP.exe
  C:\Windows\System\TtUMsCP.exe
  2⤵
  PID:6716
- C:\Windows\System\GHqdFIe.exe
  C:\Windows\System\GHqdFIe.exe
  2⤵
  PID:6740
- C:\Windows\System\QwJmcXj.exe
  C:\Windows\System\QwJmcXj.exe
  2⤵
  PID:6756
- C:\Windows\System\LplkyTJ.exe
  C:\Windows\System\LplkyTJ.exe
  2⤵
  PID:6772
- C:\Windows\System\wuXhWJG.exe
  C:\Windows\System\wuXhWJG.exe
  2⤵
  PID:6792
- C:\Windows\System\GmNcSEf.exe
  C:\Windows\System\GmNcSEf.exe
  2⤵
  PID:6816
- C:\Windows\System\KzDtrSn.exe
  C:\Windows\System\KzDtrSn.exe
  2⤵
  PID:6832
- C:\Windows\System\ErzoDqe.exe
  C:\Windows\System\ErzoDqe.exe
  2⤵
  PID:6848
- C:\Windows\System\nRMrump.exe
  C:\Windows\System\nRMrump.exe
  2⤵
  PID:6904
- C:\Windows\System\zWugTgy.exe
  C:\Windows\System\zWugTgy.exe
  2⤵
  PID:6920
- C:\Windows\System\NtHuexp.exe
  C:\Windows\System\NtHuexp.exe
  2⤵
  PID:6936
- C:\Windows\System\LaBVsIs.exe
  C:\Windows\System\LaBVsIs.exe
  2⤵
  PID:6952
- C:\Windows\System\IcZemUh.exe
  C:\Windows\System\IcZemUh.exe
  2⤵
  PID:6988
- C:\Windows\System\TDiHnjv.exe
  C:\Windows\System\TDiHnjv.exe
  2⤵
  PID:7004
- C:\Windows\System\PgUwbBi.exe
  C:\Windows\System\PgUwbBi.exe
  2⤵
  PID:7024
- C:\Windows\System\RQuHgBg.exe
  C:\Windows\System\RQuHgBg.exe
  2⤵
  PID:7044
- C:\Windows\System\RuwNDTc.exe
  C:\Windows\System\RuwNDTc.exe
  2⤵
  PID:7060
- C:\Windows\System\eAXYBIX.exe
  C:\Windows\System\eAXYBIX.exe
  2⤵
  PID:7076
- C:\Windows\System\ZBSHUEq.exe
  C:\Windows\System\ZBSHUEq.exe
  2⤵
  PID:7096
- C:\Windows\System\dpHyChW.exe
  C:\Windows\System\dpHyChW.exe
  2⤵
  PID:7116
- C:\Windows\System\tKhqvRm.exe
  C:\Windows\System\tKhqvRm.exe
  2⤵
  PID:7132
- C:\Windows\System\CrLcwbk.exe
  C:\Windows\System\CrLcwbk.exe
  2⤵
  PID:7152
- C:\Windows\System\JGUEmLj.exe
  C:\Windows\System\JGUEmLj.exe
  2⤵
  PID:5768
- C:\Windows\System\MXCfaBL.exe
  C:\Windows\System\MXCfaBL.exe
  2⤵
  PID:1856
- C:\Windows\System\GAHGUOi.exe
  C:\Windows\System\GAHGUOi.exe
  2⤵
  PID:6172
- C:\Windows\System\dGJARWi.exe
  C:\Windows\System\dGJARWi.exe
  2⤵
  PID:5456
- C:\Windows\System\tIYuwMj.exe
  C:\Windows\System\tIYuwMj.exe
  2⤵
  PID:6160
- C:\Windows\System\RPIkUuP.exe
  C:\Windows\System\RPIkUuP.exe
  2⤵
  PID:6212
- C:\Windows\System\uvAyNNP.exe
  C:\Windows\System\uvAyNNP.exe
  2⤵
  PID:6224
- C:\Windows\System\zVntzfT.exe
  C:\Windows\System\zVntzfT.exe
  2⤵
  PID:6296
- C:\Windows\System\CYIUyQr.exe
  C:\Windows\System\CYIUyQr.exe
  2⤵
  PID:6428
- C:\Windows\System\ZcnodCW.exe
  C:\Windows\System\ZcnodCW.exe
  2⤵
  PID:6244
- C:\Windows\System\rHQPglP.exe
  C:\Windows\System\rHQPglP.exe
  2⤵
  PID:6312
- C:\Windows\System\aznCaoH.exe
  C:\Windows\System\aznCaoH.exe
  2⤵
  PID:6452
- C:\Windows\System\xbLtQHo.exe
  C:\Windows\System\xbLtQHo.exe
  2⤵
  PID:6484
- C:\Windows\System\GxNHskm.exe
  C:\Windows\System\GxNHskm.exe
  2⤵
  PID:6520
- C:\Windows\System\bcslqzk.exe
  C:\Windows\System\bcslqzk.exe
  2⤵
  PID:6500
- C:\Windows\System\XuFMMLs.exe
  C:\Windows\System\XuFMMLs.exe
  2⤵
  PID:6556
- C:\Windows\System\QpXHPlC.exe
  C:\Windows\System\QpXHPlC.exe
  2⤵
  PID:6612
- C:\Windows\System\iFcCyZf.exe
  C:\Windows\System\iFcCyZf.exe
  2⤵
  PID:6644
- C:\Windows\System\TUZtONy.exe
  C:\Windows\System\TUZtONy.exe
  2⤵
  PID:6752
- C:\Windows\System\WTxMosP.exe
  C:\Windows\System\WTxMosP.exe
  2⤵
  PID:6824
- C:\Windows\System\szRLWeF.exe
  C:\Windows\System\szRLWeF.exe
  2⤵
  PID:6692
- C:\Windows\System\phyyBlg.exe
  C:\Windows\System\phyyBlg.exe
  2⤵
  PID:6876
- C:\Windows\System\tkIYKBU.exe
  C:\Windows\System\tkIYKBU.exe
  2⤵
  PID:6592
- C:\Windows\System\HbdjPna.exe
  C:\Windows\System\HbdjPna.exe
  2⤵
  PID:6628
- C:\Windows\System\RmiaXVh.exe
  C:\Windows\System\RmiaXVh.exe
  2⤵
  PID:6724
- C:\Windows\System\okqNNke.exe
  C:\Windows\System\okqNNke.exe
  2⤵
  PID:6892
- C:\Windows\System\jhjyhdj.exe
  C:\Windows\System\jhjyhdj.exe
  2⤵
  PID:6916
- C:\Windows\System\uLAlWOX.exe
  C:\Windows\System\uLAlWOX.exe
  2⤵
  PID:6948
- C:\Windows\System\GoqRZTn.exe
  C:\Windows\System\GoqRZTn.exe
  2⤵
  PID:6968
- C:\Windows\System\OTNAPIb.exe
  C:\Windows\System\OTNAPIb.exe
  2⤵
  PID:7052
- C:\Windows\System\Izwxcht.exe
  C:\Windows\System\Izwxcht.exe
  2⤵
  PID:7124
- C:\Windows\System\aplQiSV.exe
  C:\Windows\System\aplQiSV.exe
  2⤵
  PID:5464
- C:\Windows\System\hExTUxW.exe
  C:\Windows\System\hExTUxW.exe
  2⤵
  PID:6156
- C:\Windows\System\lZMQQvK.exe
  C:\Windows\System\lZMQQvK.exe
  2⤵
  PID:6328
- C:\Windows\System\oyqYTIY.exe
  C:\Windows\System\oyqYTIY.exe
  2⤵
  PID:7032
- C:\Windows\System\QmIeGGF.exe
  C:\Windows\System\QmIeGGF.exe
  2⤵
  PID:6192
- C:\Windows\System\EUPPUpi.exe
  C:\Windows\System\EUPPUpi.exe
  2⤵
  PID:7140
- C:\Windows\System\vtaWWtC.exe
  C:\Windows\System\vtaWWtC.exe
  2⤵
  PID:6364
- C:\Windows\System\BrrQcNZ.exe
  C:\Windows\System\BrrQcNZ.exe
  2⤵
  PID:6260
- C:\Windows\System\UFoBJqr.exe
  C:\Windows\System\UFoBJqr.exe
  2⤵
  PID:5332
- C:\Windows\System\HBhKetq.exe
  C:\Windows\System\HBhKetq.exe
  2⤵
  PID:6444
- C:\Windows\System\PqkobfI.exe
  C:\Windows\System\PqkobfI.exe
  2⤵
  PID:6280
- C:\Windows\System\xImyGIo.exe
  C:\Windows\System\xImyGIo.exe
  2⤵
  PID:6348
- C:\Windows\System\tHDBTjI.exe
  C:\Windows\System\tHDBTjI.exe
  2⤵
  PID:6492
- C:\Windows\System\udbVgjo.exe
  C:\Windows\System\udbVgjo.exe
  2⤵
  PID:6564
- C:\Windows\System\mShVrug.exe
  C:\Windows\System\mShVrug.exe
  2⤵
  PID:6748
- C:\Windows\System\buSnALw.exe
  C:\Windows\System\buSnALw.exe
  2⤵
  PID:6860
- C:\Windows\System\OYXzGpA.exe
  C:\Windows\System\OYXzGpA.exe
  2⤵
  PID:6800
- C:\Windows\System\oVYFxBK.exe
  C:\Windows\System\oVYFxBK.exe
  2⤵
  PID:6660
- C:\Windows\System\TEDfwky.exe
  C:\Windows\System\TEDfwky.exe
  2⤵
  PID:6928
- C:\Windows\System\hbUYNzh.exe
  C:\Windows\System\hbUYNzh.exe
  2⤵
  PID:6976
- C:\Windows\System\cXDjQyz.exe
  C:\Windows\System\cXDjQyz.exe
  2⤵
  PID:6960
- C:\Windows\System\aaszhRz.exe
  C:\Windows\System\aaszhRz.exe
  2⤵
  PID:7088
- C:\Windows\System\djVEQvq.exe
  C:\Windows\System\djVEQvq.exe
  2⤵
  PID:1616
- C:\Windows\System\ogpeNyB.exe
  C:\Windows\System\ogpeNyB.exe
  2⤵
  PID:6084
- C:\Windows\System\wSENoAH.exe
  C:\Windows\System\wSENoAH.exe
  2⤵
  PID:7040
- C:\Windows\System\oNVIBcc.exe
  C:\Windows\System\oNVIBcc.exe
  2⤵
  PID:6204
- C:\Windows\System\SmkwTzM.exe
  C:\Windows\System\SmkwTzM.exe
  2⤵
  PID:6424
- C:\Windows\System\WoglgaO.exe
  C:\Windows\System\WoglgaO.exe
  2⤵
  PID:6376
- C:\Windows\System\AvKWiVt.exe
  C:\Windows\System\AvKWiVt.exe
  2⤵
  PID:6412
- C:\Windows\System\tSjpbwl.exe
  C:\Windows\System\tSjpbwl.exe
  2⤵
  PID:6856
- C:\Windows\System\hksXCdD.exe
  C:\Windows\System\hksXCdD.exe
  2⤵
  PID:6392
- C:\Windows\System\KWWgsqq.exe
  C:\Windows\System\KWWgsqq.exe
  2⤵
  PID:6580
- C:\Windows\System\rBGOKWq.exe
  C:\Windows\System\rBGOKWq.exe
  2⤵
  PID:6788
- C:\Windows\System\wJpguaX.exe
  C:\Windows\System\wJpguaX.exe
  2⤵
  PID:6980
- C:\Windows\System\iyhaiLO.exe
  C:\Windows\System\iyhaiLO.exe
  2⤵
  PID:7020
- C:\Windows\System\UqFtfdi.exe
  C:\Windows\System\UqFtfdi.exe
  2⤵
  PID:7000
- C:\Windows\System\swcXglx.exe
  C:\Windows\System\swcXglx.exe
  2⤵
  PID:2976
- C:\Windows\System\XmCJNPh.exe
  C:\Windows\System\XmCJNPh.exe
  2⤵
  PID:6996
- C:\Windows\System\NTjVcnQ.exe
  C:\Windows\System\NTjVcnQ.exe
  2⤵
  PID:6396
- C:\Windows\System\tCijsXK.exe
  C:\Windows\System\tCijsXK.exe
  2⤵
  PID:6516
- C:\Windows\System\wnhQCab.exe
  C:\Windows\System\wnhQCab.exe
  2⤵
  PID:6600
- C:\Windows\System\nOVSwRd.exe
  C:\Windows\System\nOVSwRd.exe
  2⤵
  PID:6872
- C:\Windows\System\DIJaOyO.exe
  C:\Windows\System\DIJaOyO.exe
  2⤵
  PID:6888
- C:\Windows\System\wvQeGUu.exe
  C:\Windows\System\wvQeGUu.exe
  2⤵
  PID:6840
- C:\Windows\System\YkLfpQd.exe
  C:\Windows\System\YkLfpQd.exe
  2⤵
  PID:7092
- C:\Windows\System\ywnNMos.exe
  C:\Windows\System\ywnNMos.exe
  2⤵
  PID:6488
- C:\Windows\System\uIeugML.exe
  C:\Windows\System\uIeugML.exe
  2⤵
  PID:6712
- C:\Windows\System\JPQAcdI.exe
  C:\Windows\System\JPQAcdI.exe
  2⤵
  PID:6616
- C:\Windows\System\QKipOWa.exe
  C:\Windows\System\QKipOWa.exe
  2⤵
  PID:6208
- C:\Windows\System\ZrepGWg.exe
  C:\Windows\System\ZrepGWg.exe
  2⤵
  PID:6440
- C:\Windows\System\WrYbxeb.exe
  C:\Windows\System\WrYbxeb.exe
  2⤵
  PID:6868
- C:\Windows\System\PtpZPVA.exe
  C:\Windows\System\PtpZPVA.exe
  2⤵
  PID:7108
- C:\Windows\System\JOwnEiR.exe
  C:\Windows\System\JOwnEiR.exe
  2⤵
  PID:6696
- C:\Windows\System\BKxaukL.exe
  C:\Windows\System\BKxaukL.exe
  2⤵
  PID:7180
- C:\Windows\System\GHxnapB.exe
  C:\Windows\System\GHxnapB.exe
  2⤵
  PID:7196
- C:\Windows\System\lGvfTSJ.exe
  C:\Windows\System\lGvfTSJ.exe
  2⤵
  PID:7212
- C:\Windows\System\ypJkooM.exe
  C:\Windows\System\ypJkooM.exe
  2⤵
  PID:7232
- C:\Windows\System\MCkFEjk.exe
  C:\Windows\System\MCkFEjk.exe
  2⤵
  PID:7252
- C:\Windows\System\IRNupzN.exe
  C:\Windows\System\IRNupzN.exe
  2⤵
  PID:7272
- C:\Windows\System\kEpvfah.exe
  C:\Windows\System\kEpvfah.exe
  2⤵
  PID:7316
- C:\Windows\System\sLmAgUk.exe
  C:\Windows\System\sLmAgUk.exe
  2⤵
  PID:7332
- C:\Windows\System\mVYDDvp.exe
  C:\Windows\System\mVYDDvp.exe
  2⤵
  PID:7348
- C:\Windows\System\cZeIdcN.exe
  C:\Windows\System\cZeIdcN.exe
  2⤵
  PID:7364
- C:\Windows\System\EXmGhWr.exe
  C:\Windows\System\EXmGhWr.exe
  2⤵
  PID:7380
- C:\Windows\System\UYqQCPX.exe
  C:\Windows\System\UYqQCPX.exe
  2⤵
  PID:7396
- C:\Windows\System\bHkIlGd.exe
  C:\Windows\System\bHkIlGd.exe
  2⤵
  PID:7428
- C:\Windows\System\AtSqiNh.exe
  C:\Windows\System\AtSqiNh.exe
  2⤵
  PID:7448
- C:\Windows\System\YXdLofN.exe
  C:\Windows\System\YXdLofN.exe
  2⤵
  PID:7464
- C:\Windows\System\dzQgcUt.exe
  C:\Windows\System\dzQgcUt.exe
  2⤵
  PID:7480
- C:\Windows\System\vXEsqyF.exe
  C:\Windows\System\vXEsqyF.exe
  2⤵
  PID:7496
- C:\Windows\System\bZDEfAu.exe
  C:\Windows\System\bZDEfAu.exe
  2⤵
  PID:7512
- C:\Windows\System\VXBjRxA.exe
  C:\Windows\System\VXBjRxA.exe
  2⤵
  PID:7528
- C:\Windows\System\cmUzeda.exe
  C:\Windows\System\cmUzeda.exe
  2⤵
  PID:7576
- C:\Windows\System\uWeAPCZ.exe
  C:\Windows\System\uWeAPCZ.exe
  2⤵
  PID:7592
- C:\Windows\System\PiLKTjG.exe
  C:\Windows\System\PiLKTjG.exe
  2⤵
  PID:7612
- C:\Windows\System\GkUPJRW.exe
  C:\Windows\System\GkUPJRW.exe
  2⤵
  PID:7636
- C:\Windows\System\rUhLHQF.exe
  C:\Windows\System\rUhLHQF.exe
  2⤵
  PID:7652
- C:\Windows\System\CZNEPde.exe
  C:\Windows\System\CZNEPde.exe
  2⤵
  PID:7668
- C:\Windows\System\sUCTXJi.exe
  C:\Windows\System\sUCTXJi.exe
  2⤵
  PID:7684
- C:\Windows\System\DALaKha.exe
  C:\Windows\System\DALaKha.exe
  2⤵
  PID:7700
- C:\Windows\System\bUHzpGp.exe
  C:\Windows\System\bUHzpGp.exe
  2⤵
  PID:7716
- C:\Windows\System\ZHOluwo.exe
  C:\Windows\System\ZHOluwo.exe
  2⤵
  PID:7760
- C:\Windows\System\DXuaBLj.exe
  C:\Windows\System\DXuaBLj.exe
  2⤵
  PID:7776
- C:\Windows\System\nCgHNKQ.exe
  C:\Windows\System\nCgHNKQ.exe
  2⤵
  PID:7796
- C:\Windows\System\lUqorXi.exe
  C:\Windows\System\lUqorXi.exe
  2⤵
  PID:7812
- C:\Windows\System\ofEkXeJ.exe
  C:\Windows\System\ofEkXeJ.exe
  2⤵
  PID:7832
- C:\Windows\System\aJCGmVe.exe
  C:\Windows\System\aJCGmVe.exe
  2⤵
  PID:7856
- C:\Windows\System\ZwDXghe.exe
  C:\Windows\System\ZwDXghe.exe
  2⤵
  PID:7880
- C:\Windows\System\OUJOZyj.exe
  C:\Windows\System\OUJOZyj.exe
  2⤵
  PID:7896
- C:\Windows\System\EkPSUlM.exe
  C:\Windows\System\EkPSUlM.exe
  2⤵
  PID:7912
- C:\Windows\System\RWBxWyB.exe
  C:\Windows\System\RWBxWyB.exe
  2⤵
  PID:7932
- C:\Windows\System\ijdbLVk.exe
  C:\Windows\System\ijdbLVk.exe
  2⤵
  PID:7948
- C:\Windows\System\xEHWlgs.exe
  C:\Windows\System\xEHWlgs.exe
  2⤵
  PID:7968
- C:\Windows\System\rrqnBQh.exe
  C:\Windows\System\rrqnBQh.exe
  2⤵
  PID:7988
- C:\Windows\System\SJmSUhO.exe
  C:\Windows\System\SJmSUhO.exe
  2⤵
  PID:8008
- C:\Windows\System\BlhtdLH.exe
  C:\Windows\System\BlhtdLH.exe
  2⤵
  PID:8036
- C:\Windows\System\NtbfDaQ.exe
  C:\Windows\System\NtbfDaQ.exe
  2⤵
  PID:8052
- C:\Windows\System\yNmbkxy.exe
  C:\Windows\System\yNmbkxy.exe
  2⤵
  PID:8076
- C:\Windows\System\ajTuTPR.exe
  C:\Windows\System\ajTuTPR.exe
  2⤵
  PID:8092
- C:\Windows\System\ZhhHbQY.exe
  C:\Windows\System\ZhhHbQY.exe
  2⤵
  PID:8120
- C:\Windows\System\vkXdFuK.exe
  C:\Windows\System\vkXdFuK.exe
  2⤵
  PID:8144
- C:\Windows\System\PmGdFio.exe
  C:\Windows\System\PmGdFio.exe
  2⤵
  PID:8168
- C:\Windows\System\BkKQSPb.exe
  C:\Windows\System\BkKQSPb.exe
  2⤵
  PID:8184
- C:\Windows\System\GXPMPCn.exe
  C:\Windows\System\GXPMPCn.exe
  2⤵
  PID:7172
- C:\Windows\System\vPlrbJX.exe
  C:\Windows\System\vPlrbJX.exe
  2⤵
  PID:6220
- C:\Windows\System\nBuPUet.exe
  C:\Windows\System\nBuPUet.exe
  2⤵
  PID:7248
- C:\Windows\System\ybGcCWT.exe
  C:\Windows\System\ybGcCWT.exe
  2⤵
  PID:7264
- C:\Windows\System\VrVgLao.exe
  C:\Windows\System\VrVgLao.exe
  2⤵
  PID:7300
- C:\Windows\System\PmbWBLB.exe
  C:\Windows\System\PmbWBLB.exe
  2⤵
  PID:7224
- C:\Windows\System\RnFsbOQ.exe
  C:\Windows\System\RnFsbOQ.exe
  2⤵
  PID:7304
- C:\Windows\System\yFnMKKu.exe
  C:\Windows\System\yFnMKKu.exe
  2⤵
  PID:7376
- C:\Windows\System\kFTiyUJ.exe
  C:\Windows\System\kFTiyUJ.exe
  2⤵
  PID:7412
- C:\Windows\System\eIdrLCP.exe
  C:\Windows\System\eIdrLCP.exe
  2⤵
  PID:7328
- C:\Windows\System\XmeBkii.exe
  C:\Windows\System\XmeBkii.exe
  2⤵
  PID:7472
- C:\Windows\System\rhqpPQE.exe
  C:\Windows\System\rhqpPQE.exe
  2⤵
  PID:7488
- C:\Windows\System\WmJvSFQ.exe
  C:\Windows\System\WmJvSFQ.exe
  2⤵
  PID:7548
- C:\Windows\System\oWOPtCm.exe
  C:\Windows\System\oWOPtCm.exe
  2⤵
  PID:7564
- C:\Windows\System\hAMNKMx.exe
  C:\Windows\System\hAMNKMx.exe
  2⤵
  PID:7588
- C:\Windows\System\TJIFtdB.exe
  C:\Windows\System\TJIFtdB.exe
  2⤵
  PID:7608
- C:\Windows\System\vfRuMnS.exe
  C:\Windows\System\vfRuMnS.exe
  2⤵
  PID:7632
- C:\Windows\System\byjCAbH.exe
  C:\Windows\System\byjCAbH.exe
  2⤵
  PID:7680
- C:\Windows\System\WvCTeIO.exe
  C:\Windows\System\WvCTeIO.exe
  2⤵
  PID:7692
- C:\Windows\System\phMTASY.exe
  C:\Windows\System\phMTASY.exe
  2⤵
  PID:7728
- C:\Windows\System\YrcqjaO.exe
  C:\Windows\System\YrcqjaO.exe
  2⤵
  PID:7752
- C:\Windows\System\VsAVEdD.exe
  C:\Windows\System\VsAVEdD.exe
  2⤵
  PID:7788
- C:\Windows\System\LRIStkH.exe
  C:\Windows\System\LRIStkH.exe
  2⤵
  PID:7864
- C:\Windows\System\iUQOiTe.exe
  C:\Windows\System\iUQOiTe.exe
  2⤵
  PID:7772
- C:\Windows\System\xiOgtpN.exe
  C:\Windows\System\xiOgtpN.exe
  2⤵
  PID:7944
- C:\Windows\System\jefoVau.exe
  C:\Windows\System\jefoVau.exe
  2⤵
  PID:7956
- C:\Windows\System\anMwEiL.exe
  C:\Windows\System\anMwEiL.exe
  2⤵
  PID:7888
- C:\Windows\System\EMrTUvp.exe
  C:\Windows\System\EMrTUvp.exe
  2⤵
  PID:2504
- C:\Windows\System\zRgffRB.exe
  C:\Windows\System\zRgffRB.exe
  2⤵
  PID:8100
- C:\Windows\System\OlEZIhI.exe
  C:\Windows\System\OlEZIhI.exe
  2⤵
  PID:8084
- C:\Windows\System\TJneUUE.exe
  C:\Windows\System\TJneUUE.exe
  2⤵
  PID:8108
- C:\Windows\System\jTlAxFw.exe
  C:\Windows\System\jTlAxFw.exe
  2⤵
  PID:5488
- C:\Windows\System\HSdiGvt.exe
  C:\Windows\System\HSdiGvt.exe
  2⤵
  PID:8152
- C:\Windows\System\FydqgFU.exe
  C:\Windows\System\FydqgFU.exe
  2⤵
  PID:6240
- C:\Windows\System\gLXvFqj.exe
  C:\Windows\System\gLXvFqj.exe
  2⤵
  PID:7296
- C:\Windows\System\NwpcDYi.exe
  C:\Windows\System\NwpcDYi.exe
  2⤵
  PID:8180
- C:\Windows\System\XEnCaZc.exe
  C:\Windows\System\XEnCaZc.exe
  2⤵
  PID:7420
- C:\Windows\System\JDUcopR.exe
  C:\Windows\System\JDUcopR.exe
  2⤵
  PID:7288
- C:\Windows\System\rANEuDI.exe
  C:\Windows\System\rANEuDI.exe
  2⤵
  PID:7344
- C:\Windows\System\Ovnwfrr.exe
  C:\Windows\System\Ovnwfrr.exe
  2⤵
  PID:892
- C:\Windows\System\xGAJjth.exe
  C:\Windows\System\xGAJjth.exe
  2⤵
  PID:7540
- C:\Windows\System\yESvVZc.exe
  C:\Windows\System\yESvVZc.exe
  2⤵
  PID:2120
- C:\Windows\System\ObsScep.exe
  C:\Windows\System\ObsScep.exe
  2⤵
  PID:7744
- C:\Windows\System\ZOQuBkQ.exe
  C:\Windows\System\ZOQuBkQ.exe
  2⤵
  PID:7804
- C:\Windows\System\UWxVSVe.exe
  C:\Windows\System\UWxVSVe.exe
  2⤵
  PID:7560
- C:\Windows\System\ePpEPvp.exe
  C:\Windows\System\ePpEPvp.exe
  2⤵
  PID:7644
- C:\Windows\System\knCJcxf.exe
  C:\Windows\System\knCJcxf.exe
  2⤵
  PID:7792
- C:\Windows\System\aUMJuyW.exe
  C:\Windows\System\aUMJuyW.exe
  2⤵
  PID:7876
- C:\Windows\System\MfcQaVQ.exe
  C:\Windows\System\MfcQaVQ.exe
  2⤵
  PID:7808
- C:\Windows\System\OZNoueI.exe
  C:\Windows\System\OZNoueI.exe
  2⤵
  PID:7996
- C:\Windows\System\YzlOZWn.exe
  C:\Windows\System\YzlOZWn.exe
  2⤵
  PID:8024
- C:\Windows\System\NaJOJrO.exe
  C:\Windows\System\NaJOJrO.exe
  2⤵
  PID:8028
- C:\Windows\System\mfycInM.exe
  C:\Windows\System\mfycInM.exe
  2⤵
  PID:8136
- C:\Windows\System\OKLIOXX.exe
  C:\Windows\System\OKLIOXX.exe
  2⤵
  PID:7312
- C:\Windows\System\fbYGPqq.exe
  C:\Windows\System\fbYGPqq.exe
  2⤵
  PID:4852
- C:\Windows\System\JexLPoR.exe
  C:\Windows\System\JexLPoR.exe
  2⤵
  PID:2648
- C:\Windows\System\JkbPNez.exe
  C:\Windows\System\JkbPNez.exe
  2⤵
  PID:7240
- C:\Windows\System\GZydEjI.exe
  C:\Windows\System\GZydEjI.exe
  2⤵
  PID:7408
- C:\Windows\System\huVQvyb.exe
  C:\Windows\System\huVQvyb.exe
  2⤵
  PID:7192
- C:\Windows\System\XMTZvMm.exe
  C:\Windows\System\XMTZvMm.exe
  2⤵
  PID:7584
- C:\Windows\System\SuIfhtl.exe
  C:\Windows\System\SuIfhtl.exe
  2⤵
  PID:7664
- C:\Windows\System\SYsJEHq.exe
  C:\Windows\System\SYsJEHq.exe
  2⤵
  PID:7904
- C:\Windows\System\oKAwIfw.exe
  C:\Windows\System\oKAwIfw.exe
  2⤵
  PID:7920
- C:\Windows\System\heeltat.exe
  C:\Windows\System\heeltat.exe
  2⤵
  PID:8164
- C:\Windows\System\IcfhNiD.exe
  C:\Windows\System\IcfhNiD.exe
  2⤵
  PID:8004
- C:\Windows\System\XfUyVWk.exe
  C:\Windows\System\XfUyVWk.exe
  2⤵
  PID:7964
- C:\Windows\System\TVzxtFr.exe
  C:\Windows\System\TVzxtFr.exe
  2⤵
  PID:7404
- C:\Windows\System\eNduVMp.exe
  C:\Windows\System\eNduVMp.exe
  2⤵
  PID:7280
- C:\Windows\System\CgCYZYJ.exe
  C:\Windows\System\CgCYZYJ.exe
  2⤵
  PID:7740
- C:\Windows\System\QxwALqt.exe
  C:\Windows\System\QxwALqt.exe
  2⤵
  PID:7456
- C:\Windows\System\BSTACFo.exe
  C:\Windows\System\BSTACFo.exe
  2⤵
  PID:7552
- C:\Windows\System\iGgzqMw.exe
  C:\Windows\System\iGgzqMw.exe
  2⤵
  PID:7960
- C:\Windows\System\IihdbUO.exe
  C:\Windows\System\IihdbUO.exe
  2⤵
  PID:7844
- C:\Windows\System\FFoZUYq.exe
  C:\Windows\System\FFoZUYq.exe
  2⤵
  PID:2536
- C:\Windows\System\AGmjuaZ.exe
  C:\Windows\System\AGmjuaZ.exe
  2⤵
  PID:7824
- C:\Windows\System\CBziZfl.exe
  C:\Windows\System\CBziZfl.exe
  2⤵
  PID:2356
- C:\Windows\System\dtqjqjm.exe
  C:\Windows\System\dtqjqjm.exe
  2⤵
  PID:1744
- C:\Windows\System\LnOKoeu.exe
  C:\Windows\System\LnOKoeu.exe
  2⤵
  PID:7572
- C:\Windows\System\VGxNqNs.exe
  C:\Windows\System\VGxNqNs.exe
  2⤵
  PID:4036
- C:\Windows\System\rQUuebs.exe
  C:\Windows\System\rQUuebs.exe
  2⤵
  PID:7460
- C:\Windows\System\zUpdINs.exe
  C:\Windows\System\zUpdINs.exe
  2⤵
  PID:8128
- C:\Windows\System\qLnhFLy.exe
  C:\Windows\System\qLnhFLy.exe
  2⤵
  PID:1868
- C:\Windows\System\wNNyuMW.exe
  C:\Windows\System\wNNyuMW.exe
  2⤵
  PID:7984
- C:\Windows\System\gARJqng.exe
  C:\Windows\System\gARJqng.exe
  2⤵
  PID:8048
- C:\Windows\System\fsLvQuh.exe
  C:\Windows\System\fsLvQuh.exe
  2⤵
  PID:1848
- C:\Windows\System\NKokRKs.exe
  C:\Windows\System\NKokRKs.exe
  2⤵
  PID:2924
- C:\Windows\System\VBDYzCN.exe
  C:\Windows\System\VBDYzCN.exe
  2⤵
  PID:7176
- C:\Windows\System\QHPycKS.exe
  C:\Windows\System\QHPycKS.exe
  2⤵
  PID:2584
- C:\Windows\System\gwaqdox.exe
  C:\Windows\System\gwaqdox.exe
  2⤵
  PID:8200
- C:\Windows\System\EXRYQlZ.exe
  C:\Windows\System\EXRYQlZ.exe
  2⤵
  PID:8232
- C:\Windows\System\UdhCwlL.exe
  C:\Windows\System\UdhCwlL.exe
  2⤵
  PID:8248
- C:\Windows\System\ayLlCua.exe
  C:\Windows\System\ayLlCua.exe
  2⤵
  PID:8264
- C:\Windows\System\eghyAyP.exe
  C:\Windows\System\eghyAyP.exe
  2⤵
  PID:8284
- C:\Windows\System\jhEYxtV.exe
  C:\Windows\System\jhEYxtV.exe
  2⤵
  PID:8320
- C:\Windows\System\ValTOng.exe
  C:\Windows\System\ValTOng.exe
  2⤵
  PID:8340
- C:\Windows\System\eGLitly.exe
  C:\Windows\System\eGLitly.exe
  2⤵
  PID:8356
- C:\Windows\System\iAoBumW.exe
  C:\Windows\System\iAoBumW.exe
  2⤵
  PID:8372
- C:\Windows\System\QSOmVec.exe
  C:\Windows\System\QSOmVec.exe
  2⤵
  PID:8388
- C:\Windows\System\ZaBphmf.exe
  C:\Windows\System\ZaBphmf.exe
  2⤵
  PID:8404
- C:\Windows\System\tWeaGqK.exe
  C:\Windows\System\tWeaGqK.exe
  2⤵
  PID:8424
- C:\Windows\System\neCbRwQ.exe
  C:\Windows\System\neCbRwQ.exe
  2⤵
  PID:8444
- C:\Windows\System\bDPqXRY.exe
  C:\Windows\System\bDPqXRY.exe
  2⤵
  PID:8460
- C:\Windows\System\CWDDpPT.exe
  C:\Windows\System\CWDDpPT.exe
  2⤵
  PID:8476
- C:\Windows\System\frBqqYu.exe
  C:\Windows\System\frBqqYu.exe
  2⤵
  PID:8504
- C:\Windows\System\lvyQcJQ.exe
  C:\Windows\System\lvyQcJQ.exe
  2⤵
  PID:8544
- C:\Windows\System\LvXKLly.exe
  C:\Windows\System\LvXKLly.exe
  2⤵
  PID:8560
- C:\Windows\System\DgydHGI.exe
  C:\Windows\System\DgydHGI.exe
  2⤵
  PID:8584
- C:\Windows\System\YIMBQtZ.exe
  C:\Windows\System\YIMBQtZ.exe
  2⤵
  PID:8600
- C:\Windows\System\gzioKbu.exe
  C:\Windows\System\gzioKbu.exe
  2⤵
  PID:8616
- C:\Windows\System\OqoBtei.exe
  C:\Windows\System\OqoBtei.exe
  2⤵
  PID:8636
- C:\Windows\System\BCOTKIq.exe
  C:\Windows\System\BCOTKIq.exe
  2⤵
  PID:8708
- C:\Windows\System\GQKrcib.exe
  C:\Windows\System\GQKrcib.exe
  2⤵
  PID:8724
- C:\Windows\System\JNTtsma.exe
  C:\Windows\System\JNTtsma.exe
  2⤵
  PID:8744
- C:\Windows\System\vpLTqyx.exe
  C:\Windows\System\vpLTqyx.exe
  2⤵
  PID:8784
- C:\Windows\System\EowlISh.exe
  C:\Windows\System\EowlISh.exe
  2⤵
  PID:8800
- C:\Windows\System\rInYTMh.exe
  C:\Windows\System\rInYTMh.exe
  2⤵
  PID:8816
- C:\Windows\System\pJDSKwa.exe
  C:\Windows\System\pJDSKwa.exe
  2⤵
  PID:8836
- C:\Windows\System\TlZgIlE.exe
  C:\Windows\System\TlZgIlE.exe
  2⤵
  PID:8864
- C:\Windows\System\ZmwdFpv.exe
  C:\Windows\System\ZmwdFpv.exe
  2⤵
  PID:8880
- C:\Windows\System\tEIeIpy.exe
  C:\Windows\System\tEIeIpy.exe
  2⤵
  PID:8900
- C:\Windows\System\bajhReV.exe
  C:\Windows\System\bajhReV.exe
  2⤵
  PID:8916
- C:\Windows\System\IscjxJX.exe
  C:\Windows\System\IscjxJX.exe
  2⤵
  PID:8948
- C:\Windows\System\GIgeIzr.exe
  C:\Windows\System\GIgeIzr.exe
  2⤵
  PID:8964
- C:\Windows\System\mMOZOCO.exe
  C:\Windows\System\mMOZOCO.exe
  2⤵
  PID:8988
- C:\Windows\System\zkZlBeJ.exe
  C:\Windows\System\zkZlBeJ.exe
  2⤵
  PID:9008
- C:\Windows\System\IuQPUrh.exe
  C:\Windows\System\IuQPUrh.exe
  2⤵
  PID:9024
- C:\Windows\System\jhSHEQM.exe
  C:\Windows\System\jhSHEQM.exe
  2⤵
  PID:9040
- C:\Windows\System\UhuhqEi.exe
  C:\Windows\System\UhuhqEi.exe
  2⤵
  PID:9060
- C:\Windows\System\kAhOXbh.exe
  C:\Windows\System\kAhOXbh.exe
  2⤵
  PID:9076
- C:\Windows\System\FqGpmfG.exe
  C:\Windows\System\FqGpmfG.exe
  2⤵
  PID:9100
- C:\Windows\System\LuBycoR.exe
  C:\Windows\System\LuBycoR.exe
  2⤵
  PID:9116
- C:\Windows\System\NzzhZPL.exe
  C:\Windows\System\NzzhZPL.exe
  2⤵
  PID:9132
- C:\Windows\System\arUioZI.exe
  C:\Windows\System\arUioZI.exe
  2⤵
  PID:9148
- C:\Windows\System\KxSUzEG.exe
  C:\Windows\System\KxSUzEG.exe
  2⤵
  PID:9168
- C:\Windows\System\PkbPAll.exe
  C:\Windows\System\PkbPAll.exe
  2⤵
  PID:9184
- C:\Windows\System\NljdzAB.exe
  C:\Windows\System\NljdzAB.exe
  2⤵
  PID:9204
- C:\Windows\System\HHxwUpg.exe
  C:\Windows\System\HHxwUpg.exe
  2⤵
  PID:8196
- C:\Windows\System\fyZrZqt.exe
  C:\Windows\System\fyZrZqt.exe
  2⤵
  PID:8156
- C:\Windows\System\ZcQzfYc.exe
  C:\Windows\System\ZcQzfYc.exe
  2⤵
  PID:8212
- C:\Windows\System\eNboifU.exe
  C:\Windows\System\eNboifU.exe
  2⤵
  PID:8244
- C:\Windows\System\LhsaQEA.exe
  C:\Windows\System\LhsaQEA.exe
  2⤵
  PID:8276
- C:\Windows\System\pdqShAY.exe
  C:\Windows\System\pdqShAY.exe
  2⤵
  PID:8260
- C:\Windows\System\cSdsVbX.exe
  C:\Windows\System\cSdsVbX.exe
  2⤵
  PID:8308
- C:\Windows\System\rRphQJx.exe
  C:\Windows\System\rRphQJx.exe
  2⤵
  PID:8336
- C:\Windows\System\IPwgEpr.exe
  C:\Windows\System\IPwgEpr.exe
  2⤵
  PID:8436
- C:\Windows\System\azvvFLW.exe
  C:\Windows\System\azvvFLW.exe
  2⤵
  PID:8352
- C:\Windows\System\dYwfDkt.exe
  C:\Windows\System\dYwfDkt.exe
  2⤵
  PID:8416
- C:\Windows\System\FaZKkxc.exe
  C:\Windows\System\FaZKkxc.exe
  2⤵
  PID:8488
- C:\Windows\System\GuzfDgv.exe
  C:\Windows\System\GuzfDgv.exe
  2⤵
  PID:8520
- C:\Windows\System\uenNtlF.exe
  C:\Windows\System\uenNtlF.exe
  2⤵
  PID:8528
- C:\Windows\System\eLRjAON.exe
  C:\Windows\System\eLRjAON.exe
  2⤵
  PID:8624
- C:\Windows\System\hAekAzE.exe
  C:\Windows\System\hAekAzE.exe
  2⤵
  PID:8732
- C:\Windows\System\xRMIBZR.exe
  C:\Windows\System\xRMIBZR.exe
  2⤵
  PID:8716
- C:\Windows\System\XXPUHqS.exe
  C:\Windows\System\XXPUHqS.exe
  2⤵
  PID:8760
- C:\Windows\System\ZgSOaDG.exe
  C:\Windows\System\ZgSOaDG.exe
  2⤵
  PID:8312
- C:\Windows\System\CYRODKT.exe
  C:\Windows\System\CYRODKT.exe
  2⤵
  PID:4848
- C:\Windows\System\cMBfPqw.exe
  C:\Windows\System\cMBfPqw.exe
  2⤵
  PID:8832
- C:\Windows\System\TppmcJN.exe
  C:\Windows\System\TppmcJN.exe
  2⤵
  PID:8852
- C:\Windows\System\ZuGkzzJ.exe
  C:\Windows\System\ZuGkzzJ.exe
  2⤵
  PID:8872
- C:\Windows\System\ppVmDph.exe
  C:\Windows\System\ppVmDph.exe
  2⤵
  PID:8896
- C:\Windows\System\fKtwCys.exe
  C:\Windows\System\fKtwCys.exe
  2⤵
  PID:8932
- C:\Windows\System\lABhigM.exe
  C:\Windows\System\lABhigM.exe
  2⤵
  PID:8944
- C:\Windows\System\XNgBPER.exe
  C:\Windows\System\XNgBPER.exe
  2⤵
  PID:8976
- C:\Windows\System\SfBNRVS.exe
  C:\Windows\System\SfBNRVS.exe
  2⤵
  PID:8984
- C:\Windows\System\HGLayKa.exe
  C:\Windows\System\HGLayKa.exe
  2⤵
  PID:9032
- C:\Windows\System\kYbTbVx.exe
  C:\Windows\System\kYbTbVx.exe
  2⤵
  PID:9036
- C:\Windows\System\TYlbDfv.exe
  C:\Windows\System\TYlbDfv.exe
  2⤵
  PID:2520
- C:\Windows\System\QBIbiUQ.exe
  C:\Windows\System\QBIbiUQ.exe
  2⤵
  PID:8208
- C:\Windows\System\WzErJvQ.exe
  C:\Windows\System\WzErJvQ.exe
  2⤵
  PID:8304
- C:\Windows\System\BBPCGGa.exe
  C:\Windows\System\BBPCGGa.exe
  2⤵
  PID:8368
- C:\Windows\System\MOGmUqx.exe
  C:\Windows\System\MOGmUqx.exe
  2⤵
  PID:2372
- C:\Windows\System\WOPJTEI.exe
  C:\Windows\System\WOPJTEI.exe
  2⤵
  PID:9088
- C:\Windows\System\huoduII.exe
  C:\Windows\System\huoduII.exe
  2⤵
  PID:8384
- C:\Windows\System\uLttogt.exe
  C:\Windows\System\uLttogt.exe
  2⤵
  PID:8516
- C:\Windows\System\Ywywrly.exe
  C:\Windows\System\Ywywrly.exe
  2⤵
  PID:2284
- C:\Windows\System\uRBnLRE.exe
  C:\Windows\System\uRBnLRE.exe
  2⤵
  PID:9192
- C:\Windows\System\nyiDucl.exe
  C:\Windows\System\nyiDucl.exe
  2⤵
  PID:9128
- C:\Windows\System\uwMBFfL.exe
  C:\Windows\System\uwMBFfL.exe
  2⤵
  PID:8524
- C:\Windows\System\LyUNcBa.exe
  C:\Windows\System\LyUNcBa.exe
  2⤵
  PID:8552
- C:\Windows\System\GSANBDz.exe
  C:\Windows\System\GSANBDz.exe
  2⤵
  PID:8576
- C:\Windows\System\MrGXaUA.exe
  C:\Windows\System\MrGXaUA.exe
  2⤵
  PID:4392
- C:\Windows\System\LhvOYqn.exe
  C:\Windows\System\LhvOYqn.exe
  2⤵
  PID:6036
- C:\Windows\System\QETjuZM.exe
  C:\Windows\System\QETjuZM.exe
  2⤵
  PID:8736
- C:\Windows\System\IwHsjaJ.exe
  C:\Windows\System\IwHsjaJ.exe
  2⤵
  PID:8780
- C:\Windows\System\mKKLsHb.exe
  C:\Windows\System\mKKLsHb.exe
  2⤵
  PID:8792
- C:\Windows\System\PqxluIk.exe
  C:\Windows\System\PqxluIk.exe
  2⤵
  PID:8856
- C:\Windows\System\soHfjWp.exe
  C:\Windows\System\soHfjWp.exe
  2⤵
  PID:1696
- C:\Windows\System\zjQhJVw.exe
  C:\Windows\System\zjQhJVw.exe
  2⤵
  PID:8928
- C:\Windows\System\zCuxqOY.exe
  C:\Windows\System\zCuxqOY.exe
  2⤵
  PID:9004
- C:\Windows\System\OpKbKuu.exe
  C:\Windows\System\OpKbKuu.exe
  2⤵
  PID:8776
- C:\Windows\System\HuSbHDR.exe
  C:\Windows\System\HuSbHDR.exe
  2⤵
  PID:2876
- C:\Windows\System\SuDSIlV.exe
  C:\Windows\System\SuDSIlV.exe
  2⤵
  PID:9112
- C:\Windows\System\qHFLVmX.exe
  C:\Windows\System\qHFLVmX.exe
  2⤵
  PID:8272
- C:\Windows\System\pwygGWo.exe
  C:\Windows\System\pwygGWo.exe
  2⤵
  PID:1964
- C:\Windows\System\mssFtSJ.exe
  C:\Windows\System\mssFtSJ.exe
  2⤵
  PID:8220
- C:\Windows\System\pAAfzCq.exe
  C:\Windows\System\pAAfzCq.exe
  2⤵
  PID:8224
- C:\Windows\System\GnWmdta.exe
  C:\Windows\System\GnWmdta.exe
  2⤵
  PID:2664
- C:\Windows\System\racFAEy.exe
  C:\Windows\System\racFAEy.exe
  2⤵
  PID:9124
- C:\Windows\System\upVnuWr.exe
  C:\Windows\System\upVnuWr.exe
  2⤵
  PID:9056
- C:\Windows\System\AxJJWcw.exe
  C:\Windows\System\AxJJWcw.exe
  2⤵
  PID:8540
- C:\Windows\System\byQTkPO.exe
  C:\Windows\System\byQTkPO.exe
  2⤵
  PID:8704
- C:\Windows\System\eGQhpWU.exe
  C:\Windows\System\eGQhpWU.exe
  2⤵
  PID:8824
- C:\Windows\System\RORiJBx.exe
  C:\Windows\System\RORiJBx.exe
  2⤵
  PID:2572
- C:\Windows\System\MjlqvgO.exe
  C:\Windows\System\MjlqvgO.exe
  2⤵
  PID:2796
- C:\Windows\System\tqGrEhg.exe
  C:\Windows\System\tqGrEhg.exe
  2⤵
  PID:2844
- C:\Windows\System\vkytvil.exe
  C:\Windows\System\vkytvil.exe
  2⤵
  PID:8860
- C:\Windows\System\MWgEEav.exe
  C:\Windows\System\MWgEEav.exe
  2⤵
  PID:9020
- C:\Windows\System\HXmuIuZ.exe
  C:\Windows\System\HXmuIuZ.exe
  2⤵
  PID:9108
- C:\Windows\System\rqVoLWK.exe
  C:\Windows\System\rqVoLWK.exe
  2⤵
  PID:8348
- C:\Windows\System\YJhdYFe.exe
  C:\Windows\System\YJhdYFe.exe
  2⤵
  PID:9196
- C:\Windows\System\qZUrqCX.exe
  C:\Windows\System\qZUrqCX.exe
  2⤵
  PID:9092
- C:\Windows\System\nwDwadV.exe
  C:\Windows\System\nwDwadV.exe
  2⤵
  PID:8300
- C:\Windows\System\ppkJMqc.exe
  C:\Windows\System\ppkJMqc.exe
  2⤵
  PID:4816
- C:\Windows\System\qjMYBPw.exe
  C:\Windows\System\qjMYBPw.exe
  2⤵
  PID:9084
- C:\Windows\System\HNdqpaJ.exe
  C:\Windows\System\HNdqpaJ.exe
  2⤵
  PID:8808
- C:\Windows\System\Fnqhpsd.exe
  C:\Windows\System\Fnqhpsd.exe
  2⤵
  PID:4608
- C:\Windows\System\PZwqUmt.exe
  C:\Windows\System\PZwqUmt.exe
  2⤵
  PID:8924
- C:\Windows\System\ATvMNom.exe
  C:\Windows\System\ATvMNom.exe
  2⤵
  PID:9072
- C:\Windows\System\ewEUJck.exe
  C:\Windows\System\ewEUJck.exe
  2⤵
  PID:8400
- C:\Windows\System\HwSYgUR.exe
  C:\Windows\System\HwSYgUR.exe
  2⤵
  PID:1680
- C:\Windows\System\OyPWzNI.exe
  C:\Windows\System\OyPWzNI.exe
  2⤵
  PID:8700
- C:\Windows\System\WzjtFAA.exe
  C:\Windows\System\WzjtFAA.exe
  2⤵
  PID:2780
- C:\Windows\System\WGxSnQS.exe
  C:\Windows\System\WGxSnQS.exe
  2⤵
  PID:8768
- C:\Windows\System\Qulcqkc.exe
  C:\Windows\System\Qulcqkc.exe
  2⤵
  PID:8104
- C:\Windows\System\xWBvNHS.exe
  C:\Windows\System\xWBvNHS.exe
  2⤵
  PID:8972
- C:\Windows\System\TWnkCAA.exe
  C:\Windows\System\TWnkCAA.exe
  2⤵
  PID:8608
- C:\Windows\System\MOfPeFL.exe
  C:\Windows\System\MOfPeFL.exe
  2⤵
  PID:9140
- C:\Windows\System\JnDPkij.exe
  C:\Windows\System\JnDPkij.exe
  2⤵
  PID:8888
- C:\Windows\System\fOffIkw.exe
  C:\Windows\System\fOffIkw.exe
  2⤵
  PID:2812
- C:\Windows\System\hOoytjc.exe
  C:\Windows\System\hOoytjc.exe
  2⤵
  PID:2172
- C:\Windows\System\RUQTtVT.exe
  C:\Windows\System\RUQTtVT.exe
  2⤵
  PID:448
- C:\Windows\System\hDHSMMh.exe
  C:\Windows\System\hDHSMMh.exe
  2⤵
  PID:8296
- C:\Windows\System\JqYCZyJ.exe
  C:\Windows\System\JqYCZyJ.exe
  2⤵
  PID:9240
- C:\Windows\System\Bfqrost.exe
  C:\Windows\System\Bfqrost.exe
  2⤵
  PID:9260
- C:\Windows\System\QNSOPZK.exe
  C:\Windows\System\QNSOPZK.exe
  2⤵
  PID:9276
- C:\Windows\System\gKJRKQr.exe
  C:\Windows\System\gKJRKQr.exe
  2⤵
  PID:9292
- C:\Windows\System\BazpxAm.exe
  C:\Windows\System\BazpxAm.exe
  2⤵
  PID:9316
- C:\Windows\System\GhGjJSn.exe
  C:\Windows\System\GhGjJSn.exe
  2⤵
  PID:9332
- C:\Windows\System\FBcyHST.exe
  C:\Windows\System\FBcyHST.exe
  2⤵
  PID:9348
- C:\Windows\System\xHkZXwf.exe
  C:\Windows\System\xHkZXwf.exe
  2⤵
  PID:9384
- C:\Windows\System\GyKQcvV.exe
  C:\Windows\System\GyKQcvV.exe
  2⤵
  PID:9400
- C:\Windows\System\DGDPZeK.exe
  C:\Windows\System\DGDPZeK.exe
  2⤵
  PID:9416
- C:\Windows\System\KtwMeHY.exe
  C:\Windows\System\KtwMeHY.exe
  2⤵
  PID:9436
- C:\Windows\System\grYLrjf.exe
  C:\Windows\System\grYLrjf.exe
  2⤵
  PID:9456
- C:\Windows\System\DPBBTrI.exe
  C:\Windows\System\DPBBTrI.exe
  2⤵
  PID:9472
- C:\Windows\System\WbKntSS.exe
  C:\Windows\System\WbKntSS.exe
  2⤵
  PID:9492
- C:\Windows\System\RKsmLOP.exe
  C:\Windows\System\RKsmLOP.exe
  2⤵
  PID:9512
- C:\Windows\System\ShETzzj.exe
  C:\Windows\System\ShETzzj.exe
  2⤵
  PID:9528
- C:\Windows\System\cKUtECu.exe
  C:\Windows\System\cKUtECu.exe
  2⤵
  PID:9544
- C:\Windows\System\kzhzORl.exe
  C:\Windows\System\kzhzORl.exe
  2⤵
  PID:9564
- C:\Windows\System\hsXGHVu.exe
  C:\Windows\System\hsXGHVu.exe
  2⤵
  PID:9592
- C:\Windows\System\BJkpMBe.exe
  C:\Windows\System\BJkpMBe.exe
  2⤵
  PID:9628
- C:\Windows\System\DKsTxAt.exe
  C:\Windows\System\DKsTxAt.exe
  2⤵
  PID:9644
- C:\Windows\System\vOEqthy.exe
  C:\Windows\System\vOEqthy.exe
  2⤵
  PID:9660
- C:\Windows\System\ebkeRnH.exe
  C:\Windows\System\ebkeRnH.exe
  2⤵
  PID:9688
- C:\Windows\System\JnFVMpT.exe
  C:\Windows\System\JnFVMpT.exe
  2⤵
  PID:9704
- C:\Windows\System\lFZQSVy.exe
  C:\Windows\System\lFZQSVy.exe
  2⤵
  PID:9720
- C:\Windows\System\ulFQSmb.exe
  C:\Windows\System\ulFQSmb.exe
  2⤵
  PID:9736
- C:\Windows\System\YfcaXbP.exe
  C:\Windows\System\YfcaXbP.exe
  2⤵
  PID:9752
- C:\Windows\System\efjeSzC.exe
  C:\Windows\System\efjeSzC.exe
  2⤵
  PID:9768
- C:\Windows\System\OjSIMQH.exe
  C:\Windows\System\OjSIMQH.exe
  2⤵
  PID:9796
- C:\Windows\System\TBXBnQB.exe
  C:\Windows\System\TBXBnQB.exe
  2⤵
  PID:9812
- C:\Windows\System\jZazkUK.exe
  C:\Windows\System\jZazkUK.exe
  2⤵
  PID:9832
- C:\Windows\System\GGlTnTG.exe
  C:\Windows\System\GGlTnTG.exe
  2⤵
  PID:9852
- C:\Windows\System\kNdugnd.exe
  C:\Windows\System\kNdugnd.exe
  2⤵
  PID:9868
- C:\Windows\System\moiLluV.exe
  C:\Windows\System\moiLluV.exe
  2⤵
  PID:9892
- C:\Windows\System\ZezfEmV.exe
  C:\Windows\System\ZezfEmV.exe
  2⤵
  PID:9912
- C:\Windows\System\PdKwsjq.exe
  C:\Windows\System\PdKwsjq.exe
  2⤵
  PID:9928
- C:\Windows\System\vMZNFUq.exe
  C:\Windows\System\vMZNFUq.exe
  2⤵
  PID:9944
- C:\Windows\System\IFjGHvA.exe
  C:\Windows\System\IFjGHvA.exe
  2⤵
  PID:9964
- C:\Windows\System\dVhPeis.exe
  C:\Windows\System\dVhPeis.exe
  2⤵
  PID:9988
- C:\Windows\System\GWQBNqr.exe
  C:\Windows\System\GWQBNqr.exe
  2⤵
  PID:10004
- C:\Windows\System\MMVLLMq.exe
  C:\Windows\System\MMVLLMq.exe
  2⤵
  PID:10036
- C:\Windows\System\TvOAzJj.exe
  C:\Windows\System\TvOAzJj.exe
  2⤵
  PID:10056
- C:\Windows\System\fjBsjof.exe
  C:\Windows\System\fjBsjof.exe
  2⤵
  PID:10072
- C:\Windows\System\jsgyPtj.exe
  C:\Windows\System\jsgyPtj.exe
  2⤵
  PID:10108
- C:\Windows\System\sFhYeLr.exe
  C:\Windows\System\sFhYeLr.exe
  2⤵
  PID:10128
- C:\Windows\System\JlZRzJt.exe
  C:\Windows\System\JlZRzJt.exe
  2⤵
  PID:10160
- C:\Windows\System\zWsxmMB.exe
  C:\Windows\System\zWsxmMB.exe
  2⤵
  PID:10176
- C:\Windows\System\ieHLgvo.exe
  C:\Windows\System\ieHLgvo.exe
  2⤵
  PID:10200
- C:\Windows\System\bNXsblm.exe
  C:\Windows\System\bNXsblm.exe
  2⤵
  PID:10220
- C:\Windows\System\dJyEvng.exe
  C:\Windows\System\dJyEvng.exe
  2⤵
  PID:3000
- C:\Windows\System\XduYqxo.exe
  C:\Windows\System\XduYqxo.exe
  2⤵
  PID:9236
- C:\Windows\System\SYuGVzQ.exe
  C:\Windows\System\SYuGVzQ.exe
  2⤵
  PID:9304
- C:\Windows\System\YYlckUa.exe
  C:\Windows\System\YYlckUa.exe
  2⤵
  PID:9248
- C:\Windows\System\lmJOLRp.exe
  C:\Windows\System\lmJOLRp.exe
  2⤵
  PID:9340
- C:\Windows\System\RYPIgbM.exe
  C:\Windows\System\RYPIgbM.exe
  2⤵
  PID:9428
- C:\Windows\System\ORBpfBN.exe
  C:\Windows\System\ORBpfBN.exe
  2⤵
  PID:9500
- C:\Windows\System\tGQvoFx.exe
  C:\Windows\System\tGQvoFx.exe
  2⤵
  PID:9540
- C:\Windows\System\TarIWwK.exe
  C:\Windows\System\TarIWwK.exe
  2⤵
  PID:9572
- C:\Windows\System\cUvrbqv.exe
  C:\Windows\System\cUvrbqv.exe
  2⤵
  PID:9356
- C:\Windows\System\JLEimTl.exe
  C:\Windows\System\JLEimTl.exe
  2⤵
  PID:9520
- C:\Windows\System\nflincf.exe
  C:\Windows\System\nflincf.exe
  2⤵
  PID:9444
- C:\Windows\System\WtlbVcO.exe
  C:\Windows\System\WtlbVcO.exe
  2⤵
  PID:9588
- C:\Windows\System\lobLvgk.exe
  C:\Windows\System\lobLvgk.exe
  2⤵
  PID:9624
- C:\Windows\System\xrTPvio.exe
  C:\Windows\System\xrTPvio.exe
  2⤵
  PID:9636
- C:\Windows\System\BYnhdOS.exe
  C:\Windows\System\BYnhdOS.exe
  2⤵
  PID:9676
- C:\Windows\System\SbcHKIC.exe
  C:\Windows\System\SbcHKIC.exe
  2⤵
  PID:9744
- C:\Windows\System\YNCUIvN.exe
  C:\Windows\System\YNCUIvN.exe
  2⤵
  PID:9776
- C:\Windows\System\VhFNBlL.exe
  C:\Windows\System\VhFNBlL.exe
  2⤵
  PID:9828
- C:\Windows\System\oeGjBPm.exe
  C:\Windows\System\oeGjBPm.exe
  2⤵
  PID:1004
- C:\Windows\System\toHHkqY.exe
  C:\Windows\System\toHHkqY.exe
  2⤵
  PID:9940
- C:\Windows\System\UposUdY.exe
  C:\Windows\System\UposUdY.exe
  2⤵
  PID:10000
- C:\Windows\System\YjwFmhZ.exe
  C:\Windows\System\YjwFmhZ.exe
  2⤵
  PID:9952
- C:\Windows\System\YGiRVch.exe
  C:\Windows\System\YGiRVch.exe
  2⤵
  PID:9848
- C:\Windows\System\pgVGYGu.exe
  C:\Windows\System\pgVGYGu.exe
  2⤵
  PID:9764
- C:\Windows\System\UNpxJZO.exe
  C:\Windows\System\UNpxJZO.exe
  2⤵
  PID:10048
- C:\Windows\System\yTqgcfX.exe
  C:\Windows\System\yTqgcfX.exe
  2⤵
  PID:9984
- C:\Windows\System\RXciihy.exe
  C:\Windows\System\RXciihy.exe
  2⤵
  PID:10024
- C:\Windows\System\CxtNAZa.exe
  C:\Windows\System\CxtNAZa.exe
  2⤵
  PID:10068
- C:\Windows\System\HugZzwh.exe
  C:\Windows\System\HugZzwh.exe
  2⤵
  PID:10088
- C:\Windows\System\kWhNtyw.exe
  C:\Windows\System\kWhNtyw.exe
  2⤵
  PID:10136
- C:\Windows\System\GBBTmRi.exe
  C:\Windows\System\GBBTmRi.exe
  2⤵
  PID:10172
- C:\Windows\System\rPHCRWr.exe
  C:\Windows\System\rPHCRWr.exe
  2⤵
  PID:10208
- C:\Windows\System\pOUgdDG.exe
  C:\Windows\System\pOUgdDG.exe
  2⤵
  PID:10232
- C:\Windows\System\MOPlfWh.exe
  C:\Windows\System\MOPlfWh.exe
  2⤵
  PID:9272
- C:\Windows\System\anaUNek.exe
  C:\Windows\System\anaUNek.exe
  2⤵
  PID:9392
- C:\Windows\System\sDzaemo.exe
  C:\Windows\System\sDzaemo.exe
  2⤵
  PID:9464
- C:\Windows\System\BfyqPgt.exe
  C:\Windows\System\BfyqPgt.exe
  2⤵
  PID:9360
- C:\Windows\System\jyLriAj.exe
  C:\Windows\System\jyLriAj.exe
  2⤵
  PID:9552
- C:\Windows\System\RyXOrmd.exe
  C:\Windows\System\RyXOrmd.exe
  2⤵
  PID:9452
- C:\Windows\System\QFXDuPz.exe
  C:\Windows\System\QFXDuPz.exe
  2⤵
  PID:9652
- C:\Windows\System\zUkibvJ.exe
  C:\Windows\System\zUkibvJ.exe
  2⤵
  PID:9616
- C:\Windows\System\FGdxEua.exe
  C:\Windows\System\FGdxEua.exe
  2⤵
  PID:9864
- C:\Windows\System\FBpVNma.exe
  C:\Windows\System\FBpVNma.exe
  2⤵
  PID:9716
- C:\Windows\System\wBaPXnP.exe
  C:\Windows\System\wBaPXnP.exe
  2⤵
  PID:9880
- C:\Windows\System\SgmjpQN.exe
  C:\Windows\System\SgmjpQN.exe
  2⤵
  PID:9788
- C:\Windows\System\BQRDNRy.exe
  C:\Windows\System\BQRDNRy.exe
  2⤵
  PID:10064
- C:\Windows\System\QLVCsgV.exe
  C:\Windows\System\QLVCsgV.exe
  2⤵
  PID:9976
- C:\Windows\System\QybqFgi.exe
  C:\Windows\System\QybqFgi.exe
  2⤵
  PID:10020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BjfOHhY.exe

Filesize
6.0MB

MD5
0dfc10e507da4727edc495238f05f4fc

SHA1
fdaa9549853410b1693c7ea3522af956db0b904b

SHA256
70310fe4ac97567bd11f027bc83e98f71ed22cdc42fc82fec1fa9e0c6897924e

SHA512
d9bfc7c60ff2bbe68086ee55fd2e80039370419db7ff92f79caf28369180314cc4092ceb77557a0313df4370156fa2b748f88f776a53561b4c2c103770b29606

Download Submit
C:\Windows\system\FnHEQXD.exe

Filesize
6.0MB

MD5
93dbfddbaf42bbd4a7d53e131ca83bfa

SHA1
e38ddb3ab7a2c547048b9ae40b5b7eb30d0febef

SHA256
7c9411b93a8be0064b68da27b459922b9e753c5084532b1dbb64bd575be4eaab

SHA512
81ab0e319124725c48a47bf841ed319db0d7ce24c29fee211aa2320f90cc798c0516de9cbbcb9fab4e907303ae90202d7edc222806072b4597d1e2ef0f3da739

Download Submit
C:\Windows\system\GRCvCOS.exe

Filesize
6.0MB

MD5
a302d1dfa51db1bc528cb6d86d86f2bd

SHA1
530a294b9391d2e144013418234ed77e364dd7e4

SHA256
31cbafb70ef8d417f68b90951fb17a05f04b722f66a3dffe90e25a2be99a6cd1

SHA512
cdbd9cb6eb54c131481dbf6a3355514eaa1598494e93bc6bf71366cf848f3ba520f06971cf758de8f94c68022b3f133fea2c4dfd43c3ca5b9219bed299aec0b6

Download Submit
C:\Windows\system\HIhgcbR.exe

Filesize
6.0MB

MD5
17e37e9339af5951466c04b7ac2e7abe

SHA1
67f027e6c197239f5551585bdf6e327063b11be0

SHA256
db4b2fe192b707f6421aefbd751d5e4c8d8b6c67a6c3f710b6adbf946b18bea9

SHA512
f0ab1026498f93bc0f5587e74bb00886cc9598345c76e7c90eced3539916620072f2d689279018946a076089a2718b77892c9ad3a026a77aabaad4ea5b71e223

Download Submit
C:\Windows\system\ILbOkXb.exe

Filesize
6.0MB

MD5
16b69564bcdd35ae85a795f326da9b49

SHA1
fac8002c6341039ba850007f35c96948ba633dff

SHA256
7dedb58ba27c86fd57c36e374455a206bc6a96e7da017ba5c686a17597fd4011

SHA512
e9d9ba9bd09d09e068cc2d470aa3ac9929084bb14a00453e2ae958d1343911fe9c94cc454d95c572307c0bbd59575f41368c4ea7ef5165ed69466f5500b5b605

Download Submit
C:\Windows\system\NiXvgez.exe

Filesize
6.0MB

MD5
d9d94280d52565d10c567bc2758468cf

SHA1
a7d3bea402c684809722768dc77382638731840f

SHA256
4da74cc9dca185a5e43bdcca27844b7695c00dcc6945048c8c6b352673ff1686

SHA512
29f62a6aac8b8fc8b904610e8607f57ceed86295624bbecd5d349777f6fed3d258b11cd114a66f73f5a2ba68d62d40bf1f25e11cc30033545789c132e4deb622

Download Submit
C:\Windows\system\USegUcn.exe

Filesize
6.0MB

MD5
31f194a5546867a3b0d312e8c1767220

SHA1
24a4d6bcd5daaf9fff40a046eb8838588be585a8

SHA256
2d39de4b316e9681fc78f5dbc6441aa925a2db56b3d15088ea9fce4a20d7fe73

SHA512
98967b572c0ca4ad3c70d3c1b0c2e005ef5b321612e46a7a2d4a7468be5aea9bd6431c20af8eef76d5344f7b5d5bb132e48c63dfb98cd6253fdf5354fb64114e

Download Submit
C:\Windows\system\WRXGgis.exe

Filesize
6.0MB

MD5
d0a8502adb0a3f92f92431c100e5e6ac

SHA1
013a1c342d4a55cbf73c4d449dd0cb594c11d2e4

SHA256
ab0170035ac69fe430ce8fc526847bdea4fc8bf9e8ee1706999ec34f4cf4bba3

SHA512
d66d62f171b58aaf6ac3b3fb0510e52a3a4ca2e55ba90ea11d3af73c153ef4dc7715ea0b208b190efe0ae28787c0ebffc29b7ce87cd5b9f0b2b9e46169afad6f

Download Submit
C:\Windows\system\XjkqEgE.exe

Filesize
6.0MB

MD5
8c2b90dfe439dbb8625ef9bbbffb17e2

SHA1
1c84b4235f134d3c1fd7eba300b72a662e9448b3

SHA256
67ae6c8bf133074993f92ac2fdc6c635c1a01179d89b873109f54c852a5a74a5

SHA512
39b96e1f3fded77b55462181c9d0534a187e7d8c002aec916ce66e83a39ac57f14c108c49cce9ff4027ff85d1682fcdeb97bd36d92d31300d0b9ee7e1f974fb9

Download Submit
C:\Windows\system\ZRUIjaj.exe

Filesize
6.0MB

MD5
f7f3598b6c01e5adb9ed6a9e4293b8d2

SHA1
f6480f55fce049bace442ca9f6bb6db229f859d7

SHA256
9812dcb7c3e8c8dc52483ec8b934110243529299ba1b80f4e7ef82a945962d69

SHA512
2f5c9be8429462f7c81cfa33d31fafbd6016c35bf053fd42cb4ffc2fdeaf72b5170f4be2db2c8adae57deb2f6be60286cfa12993762e8ff4ab390a117ad4b3f6

Download Submit
C:\Windows\system\aksxDCp.exe

Filesize
6.0MB

MD5
0af5593fb066599a6d080a8e4c1aec20

SHA1
46f76cb6eec44383023945ffc6ecc6108feeb2fb

SHA256
a6d2d88310be262f80886775d40ecfed7a860e8d5786dac0730e96f9297c04db

SHA512
4d49688e1f3c2fc882632d5487c072d01fbfca05f450dd8044fb863e9fe1eb182308ec6cde483328eb5bef61058397bb66440911c62af5da692be73a0c6b52b0

Download Submit
C:\Windows\system\baXEUyQ.exe

Filesize
6.0MB

MD5
e76067d9e06784a4044d05d7def61ae7

SHA1
e0a085079b6404c67251043b998ce6d9f2821af0

SHA256
2304c3baedaaa0d854ff304f1a9e9f2f014863a5745e0070d164f8d7c607b9d5

SHA512
f3ed00d0705ee0cdeb4e5111415cccacf6e421d572a1dc37ed5e721e888bf90eb6c23f21560d1b04aa6b6fd1c581c63c1be6ec80d1353a54f8703e674561985f

Download Submit
C:\Windows\system\hlxGVKS.exe

Filesize
6.0MB

MD5
18c0b1011ac3290f9bdbe6afdbc40e59

SHA1
efda9c29df9ea357862f6fdcc6384be0261425ae

SHA256
0e4e2d1d8f833990fe5e072dc1d1d8cf99790f3d30a63d8099fdfd0a64331287

SHA512
57c0b644c1a9521edbbf81b26ae0a00dc7e01eba13cc1ef0729f5833a9ef62b5bc77e38bd5f7808b9ede2e6b5fab5e0a8be74c0d104b173352a1403671999421

Download Submit
C:\Windows\system\khVEMKu.exe

Filesize
6.0MB

MD5
44c126b10ba238d7ce5594019e77a002

SHA1
c0accc62f3d3b96a24db66c364aa5569b10e825e

SHA256
b6f5695e6ed16c64c3508b7f36086c023e45d735215c9fcbe0f4e618be5631af

SHA512
78e24c578d76ddd1df6b13bc1299e6af57fc9bb0f82e1b6fca6a562176fff8d89ff8258a92f2d55221232a280e10cbb39ea97bce8088e285032bdc662382a344

Download Submit
C:\Windows\system\phpIiNx.exe

Filesize
6.0MB

MD5
b1c56c411e66ff97a83636e6f6fe7e72

SHA1
c043e6e0f7e6cc10931658f9270a95a84dbb3dbc

SHA256
530f0e2e31fd057b02062f9b898b25bb05bb9460ff7e23e8c0f63732e9104e0c

SHA512
eb6d2680040bec02940517dd2b486200c0a42338aa7285793ab2791b54668e3501c2381e0e55dadbe2a3507c22d5f27c03ebafeb1e04b7aec4dd987604b28a7c

Download Submit
C:\Windows\system\thJoLoB.exe

Filesize
6.0MB

MD5
1cccf4f80af8e40838a373297dfda038

SHA1
9cf2937b77cf43cddbe2f655234da2be4638d997

SHA256
641e0c1a524ffe6b8b026f28a3e2d52d2747ed71d1f8310586b96975744ccc65

SHA512
dd52397ff3b6965d32565ed02f0de5a1af83f246973089a01ce933c0fa24b693e69601bebb6edbd5a38141b74799d3575237b6d7e14e7cbe3d644c18cc51d6e5

Download Submit
C:\Windows\system\uBhVPvk.exe

Filesize
6.0MB

MD5
22e58f458ed56d112723da9bbf1382d8

SHA1
abf903dac0648bd5246fe49030aabbc65d30ee25

SHA256
c2adc327f35a2f9123bd1c67b473c7e2f9c7196404f795fd70a3a371210e8187

SHA512
d618cdf7f9a0b5b30c47c075b3a712d72593a1d91294511cf2646694434f0636303a79a42996b0a7f8719a7b1a96ef1d393257487354f0b5fd055b659081152e

Download Submit
C:\Windows\system\udsEQae.exe

Filesize
6.0MB

MD5
4f49b758ff1c2b4dcec4d9166428431c

SHA1
fd85f3e9d6e10ac9b7e09d950ad10e4926fd3042

SHA256
ddeb47a63f915a95b0bf7f983873d50791bcb64201d0f89cdd63ba9573be0681

SHA512
e070892b2e5fb7f9613dd9379fa42dd5f27bd9f506d2c045793e20bf00aec8e58f4eb453dfe2728aee2b7d1a0c5d4ca959246991cc4dec2050686c38d6ffaa09

Download Submit
C:\Windows\system\wInIYoY.exe

Filesize
6.0MB

MD5
c9473e00b44889bafdfe0984bdf5218a

SHA1
bf9d34300a44b2bec9d6eac02f996449b81184bf

SHA256
023e96d16ceef038f7844d41e710ff6664512ba793b7bd40b67891ca99a5e9e2

SHA512
145438b6ae2602d71d38782b4718b3e4e974c3b00140a69fbfd4ed99b23e800e3bc8d9796b38aaac10744b2a4b4d9767dbe9058cec5ed3922a856027bc25345e

Download Submit
C:\Windows\system\woPwWbO.exe

Filesize
6.0MB

MD5
516cf22e99eb36c45d42f44accdb8040

SHA1
c00b14ba3a5be542e1d55df10015f802ad3f28d1

SHA256
381a57e5cc06decd526c8dab5f3012852c0411b55dc90313fa338771e4e3346f

SHA512
903dcc0716bf19a3fc997f20f3a3cbd5c5e8db6ed3d4ae95c088e26c6794933e6f5a2f6e35be1e07bf68371b05f76619a291e9a54fccd49e009a6e32f4d2e9ca

Download Submit
\Windows\system\BVIKApM.exe

Filesize
6.0MB

MD5
8985571a6107e9c31e172e7d262a2022

SHA1
0146b59b6385ac6c58f9956e86ae087aba24b304

SHA256
3fff2a09a6db7db497663dd21c2fbe4dcf7afcee4d322b0480b36d725290c285

SHA512
870214a423179905ce23e98fbc5eaa81a7932396a18cea9aaba3befa03c74d6493ebaeb8a3fd6e113934adc40792c12b08c802a893e55079530f4531b9f04a86

Download Submit
\Windows\system\EHTtOMv.exe

Filesize
6.0MB

MD5
3d3d3490e91ef7550e30ddd235bcd386

SHA1
e9eab9b633f234fde39025830ed9a905efa7b142

SHA256
87c02550d88ae21a382b45beb7dd7627365d44221b1126bec7eb01620e302c82

SHA512
c2e81e0e32637ea8e5a12fa1b2fd23126672b1c9768f079e279c0c6610c302a91af5310bc6ad46640c642b2ca9165aec1f5b7b69554c2992bbff6fb345e44407

Download Submit
\Windows\system\GrRaQLE.exe

Filesize
6.0MB

MD5
40c565c21537612c2f02dcf45d5a4e98

SHA1
2009cc07d94306b5bbec2f3fa3282fea5670ed25

SHA256
56b36d19921915df1119d5dfba61871f1ba9eb7bb9dac0c96f74bd46ef02f298

SHA512
cc80d5da1da39c3e8bc7d774227dc3ce0a355959f08dc3ef77125ffa7d36bcb41dae05b1b8d4e23529422f65487135da92c413b2881bc0e827c6e0da3e435475

Download Submit
\Windows\system\LmIbnfn.exe

Filesize
6.0MB

MD5
339ff0123f001ccc110e45c2e34c6a7b

SHA1
de80f1d8d52df23fe4095c2588a9d363fe9026ae

SHA256
045a695c54d948d5f0ab6d527861dff95167bd1656c88b703d55ae13479c059f

SHA512
2fd3b2e2353a102f306dcf8d8bac065f730d04ee57fb1e4792929ba82d972b7be4e614cffcbfb40c319bb75fa451b5be1176635e9f8fd602deeaa054317b5cd9

Download Submit
\Windows\system\PQvJZvL.exe

Filesize
6.0MB

MD5
6704bcfa70f0ab3d8c8764ef50192599

SHA1
186d6bf25579b52d9112a961c5c56306c0ffdc23

SHA256
d23d33522157d209d5c492be7012eab9bb5477ce8424afdac779e2b139dc7f6b

SHA512
69a67d2c568cafb3ddde8378edb63ff053d2dce5273a9ef19d0f609f5b277e950c99ae348e4e2b1a2bcbd2c8a0bb9067a6a7a6068f76df7e477b1fdd04ff0524

Download Submit
\Windows\system\QHbgMBV.exe

Filesize
6.0MB

MD5
a64e8540e4de21926c806208dfeb990f

SHA1
485f35dae7ddf3ec3b1337f12b1cd025e584e773

SHA256
f2ae33907335692738bb4903daa1a08577bbc8ee48ef4cab2a49dd6e4ba0f7e3

SHA512
56e07d662e33fb1661f0b6d8bb8bdce2bcc7c094dff140df0239cad98840151aa21d3b331993ea6a94a92e6813a8440d76ebae2b47eeb954c8031c5e67ce0c78

Download Submit
\Windows\system\TKKbDfk.exe

Filesize
6.0MB

MD5
4ea346b436f4747004753bbd2bb58c8b

SHA1
d3c40039a396408ef223e7aaad1992e61c7c5971

SHA256
40d7e1786504c1a4a1446c10b5001c2032e1cbe4c21bdbd5e45d2d816d90ad37

SHA512
02b0f1196b586c43650c7c450a45bb70586750371b4c433c0d3ddd2e75916ebfdeba900aab36e3256a2d853cac70d23abfe36d3af362e5052073d2e0344c2e10

Download Submit
\Windows\system\VurgtId.exe

Filesize
6.0MB

MD5
e4e6df6962cc4c55258a8a5cc4ece449

SHA1
68897fa322f92be4afa7c1c9a1732130cb3e5a79

SHA256
e65bec2497b1be8aa6e5976078f8937a8645165e1b7262173c46569f665ae284

SHA512
cc620720db5680764dcf3818b54059423f14039a7c9c28f80077d372c1191d73f2a056e230b3d8bc0864f5cce3bcd2ec8b6d503449b1fd576b3bfb9c574c6515

Download Submit
\Windows\system\XkeAzgc.exe

Filesize
6.0MB

MD5
a26061dad3f8fe96e3a768464164b72c

SHA1
8af2679da6619a39ca1ce8955b79852ef774624b

SHA256
d4c5a3a642ffc3ec63a6d650c9313b04ebec0c42bd489a8081089b040fb7ab1c

SHA512
665aad7d8003e5ccf95e8b52ddce5b7982f557317bce7890bb59fbbe12ad08658ad951b169b8f73d902e91da9fb284ee6046cfee96ddfb6ab454e1432eb28728

Download Submit
\Windows\system\YpPIOAT.exe

Filesize
6.0MB

MD5
7827919a53d66721075cf0f1c59e5ada

SHA1
5e61430f9b4daf1c3d42a7762d30d39c91c9a93e

SHA256
45b54530aa64432179880111660447a1705ace92afaa5d5c679f85e3285bba8e

SHA512
c80fb331ff8771af9c6159c93a89dd22643281813dd4fe0494cb0d353fcd6aea144a6b297c562f73bf16c501eee68014bb50fd08468588dd75e83cf7fde3ff5f

Download Submit
\Windows\system\coiZiNq.exe

Filesize
6.0MB

MD5
7d5aa9f82a7e51a8ca2db1944b7b2f1a

SHA1
847504da9eb5e3a00b63942d95fbb130e558f589

SHA256
01ad2da287fd01ec8f64a46ce52efcef8ede50f1a003ea58e210f691b72eb288

SHA512
5732a84c833be9d3c29772f2fa9eae38f1cad11d3d1c6a1d5d8dbc658f20f3882fbf5ae5547883eb8c076c168aa3b6cf64bbe3a7d9a5f01f404a0cc9972f1bb5

Download Submit
\Windows\system\mQxrsmv.exe

Filesize
6.0MB

MD5
46f6563e19a75a248a2c9b3b441fd866

SHA1
f446a4c398c1607cbac50ee75b0b70a5466ce984

SHA256
b065800b69272debf874ba575d33dbbab730776b014adb9486b3348b75d8f51b

SHA512
e938d5b5969f12144990c5970002abf62cf05713c052b7430b7054482e5999e0c37329127d00d570b516e8fa9f81329865a46825a28dc99d6ec6eaa73dd71e22

Download Submit
memory/864-31-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/864-4015-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2112-321-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-1172-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2112-82-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2112-96-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2112-1352-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2112-86-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2112-0-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-606-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2112-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2112-926-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-1044-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2112-1046-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2112-1158-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2112-934-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2112-927-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2112-99-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2112-53-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2112-61-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2112-9-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2112-107-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2128-26-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-4014-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2388-15-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2388-4013-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-4016-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-37-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-92-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-4021-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-103-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2676-4025-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2704-4019-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2704-68-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2756-4020-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-79-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-90-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2764-4018-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2772-4024-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2772-85-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2808-4023-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2808-102-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2920-14-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/3020-4017-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/3020-762-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/3020-41-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/3024-4022-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/3024-95-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download