cobaltstrike | d02e47a1d2d9ce85ad9b29c2573cdbe184a18e9a46e3f5f2a13666189e36724d

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02/02/2025, 20:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

1390b395f81653bad12ffa10f160026a
SHA1

f9cf03b687a61f656c131bcf113df876564a655e
SHA256

d02e47a1d2d9ce85ad9b29c2573cdbe184a18e9a46e3f5f2a13666189e36724d
SHA512

5ddf2480297f2f1cdddaed77c72b6930a999668575bd143a045de996e3e0f36c55cb95c4a9e7f4fd43875ce2df29b2e4c1d5dbeb965a5c17fea6fcf5c4b00a65
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUA:T+q56utgpPF8u/7A

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000e000000013ab3-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016db5-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016da7-7.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016de4-23.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d47-30.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016de8-38.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001707c-52.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001904c-69.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d2-86.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e1-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945b-198.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019450-193.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019446-188.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019433-183.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-178.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b3-173.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a4-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019387-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019365-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001929a-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019275-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019268-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-118.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f6-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019217-104.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018f65-64.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016eb8-49.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1924-0-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x000e000000013ab3-3.dat	xmrig
behavioral1/files/0x0008000000016db5-12.dat	xmrig
behavioral1/memory/1924-9-0x0000000002410000-0x0000000002764000-memory.dmp	xmrig
behavioral1/files/0x0008000000016da7-7.dat	xmrig
behavioral1/files/0x0007000000016de4-23.dat	xmrig
behavioral1/memory/1924-24-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2500-21-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2040-19-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/2952-15-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/352-28-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d47-30.dat	xmrig
behavioral1/files/0x0007000000016de8-38.dat	xmrig
behavioral1/memory/2880-45-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/1924-39-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2732-35-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/files/0x000800000001707c-52.dat	xmrig
behavioral1/memory/1144-59-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/files/0x000600000001904c-69.dat	xmrig
behavioral1/memory/2648-74-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/files/0x00050000000191d2-86.dat	xmrig
behavioral1/files/0x00060000000190e1-80.dat	xmrig
behavioral1/memory/2568-105-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2648-231-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2076-400-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/1680-903-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2868-763-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/1924-674-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2772-593-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001945b-198.dat	xmrig
behavioral1/files/0x0005000000019450-193.dat	xmrig
behavioral1/files/0x0005000000019446-188.dat	xmrig
behavioral1/files/0x0005000000019433-183.dat	xmrig
behavioral1/files/0x00050000000193c1-178.dat	xmrig
behavioral1/files/0x00050000000193b3-173.dat	xmrig
behavioral1/files/0x00050000000193a4-168.dat	xmrig
behavioral1/files/0x0005000000019387-163.dat	xmrig
behavioral1/files/0x0005000000019377-158.dat	xmrig
behavioral1/files/0x0005000000019365-153.dat	xmrig
behavioral1/files/0x0005000000019319-147.dat	xmrig
behavioral1/files/0x000500000001929a-143.dat	xmrig
behavioral1/files/0x0005000000019278-138.dat	xmrig
behavioral1/files/0x0005000000019275-133.dat	xmrig
behavioral1/files/0x000500000001926c-128.dat	xmrig
behavioral1/files/0x0005000000019268-123.dat	xmrig
behavioral1/files/0x0005000000019240-113.dat	xmrig
behavioral1/files/0x0005000000019259-118.dat	xmrig
behavioral1/memory/2868-97-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/1144-96-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/files/0x00050000000191f6-95.dat	xmrig
behavioral1/memory/1680-106-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/files/0x0005000000019217-104.dat	xmrig
behavioral1/memory/1924-92-0x0000000002410000-0x0000000002764000-memory.dmp	xmrig
behavioral1/memory/2076-81-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2772-88-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/2708-87-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2568-66-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/352-65-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/files/0x0007000000018f65-64.dat	xmrig
behavioral1/memory/2732-73-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2500-58-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/1924-54-0x0000000002410000-0x0000000002764000-memory.dmp	xmrig
behavioral1/memory/2040-53-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/2708-50-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2952	TXFksRc.exe
2040	KQXGjht.exe
2500	YmXKrUM.exe
352	kYGTgVv.exe
2732	FKXitwv.exe
2880	ieYpHxx.exe
2708	XqtqlkC.exe
1144	kvuptKW.exe
2568	MKYKiMM.exe
2648	WFZptOs.exe
2076	UdawsKh.exe
2772	EapWwSa.exe
2868	FUSVVsN.exe
1680	YKWuxXO.exe
2896	toMBaPu.exe
1956	xeIzdql.exe
2092	RbBlQBU.exe
316	nTXpBsB.exe
1972	uCCpBOY.exe
1044	MpKqAEf.exe
2436	vollMpd.exe
1728	mVqzghe.exe
1796	HIHEvNR.exe
2476	GWqyneY.exe
1800	hfCVApx.exe
2984	uxqtHrr.exe
1032	ePhdRpU.exe
1320	BzpCrzI.exe
676	JAmHNKh.exe
1344	RLoNDiI.exe
108	SEnoOVA.exe
2028	KPrRNWF.exe
1504	LzoQWed.exe
2932	wQUteVn.exe
2924	KNBjFta.exe
556	oYKaKbK.exe
1808	cgazdrQ.exe
1584	pXIRHhb.exe
1672	dWnmSvL.exe
1356	lfGYfAP.exe
2520	hTPmBqm.exe
1484	lVbuTdK.exe
3016	LDLiBeN.exe
2124	sVucyOD.exe
1780	JOceRts.exe
1824	KnvPAIJ.exe
1996	CPzUeJy.exe
2264	shLLWcp.exe
2252	UGbtOEa.exe
2116	hFZKYWu.exe
1692	Bputnam.exe
2652	EJJqqSH.exe
2472	ybuUxGm.exe
2136	slIPEAo.exe
2812	OEtqCHq.exe
2832	uZiWYSg.exe
2616	dqEYTPd.exe
2620	hOSelWQ.exe
2644	dpjPFpw.exe
2788	FfhUCHH.exe
264	QYVtUlm.exe
2004	wpeKUhX.exe
3020	uqFoVaV.exe
2144	eUEHcaS.exe

Loads dropped DLL 64 IoCs

pid	Process
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1924-0-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/files/0x000e000000013ab3-3.dat	upx
behavioral1/files/0x0008000000016db5-12.dat	upx
behavioral1/memory/1924-9-0x0000000002410000-0x0000000002764000-memory.dmp	upx
behavioral1/files/0x0008000000016da7-7.dat	upx
behavioral1/files/0x0007000000016de4-23.dat	upx
behavioral1/memory/2500-21-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2040-19-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2952-15-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/352-28-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/files/0x0009000000016d47-30.dat	upx
behavioral1/files/0x0007000000016de8-38.dat	upx
behavioral1/memory/2880-45-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/1924-39-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2732-35-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/files/0x000800000001707c-52.dat	upx
behavioral1/memory/1144-59-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/files/0x000600000001904c-69.dat	upx
behavioral1/memory/2648-74-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/files/0x00050000000191d2-86.dat	upx
behavioral1/files/0x00060000000190e1-80.dat	upx
behavioral1/memory/2568-105-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2648-231-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2076-400-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/1680-903-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2868-763-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2772-593-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/files/0x000500000001945b-198.dat	upx
behavioral1/files/0x0005000000019450-193.dat	upx
behavioral1/files/0x0005000000019446-188.dat	upx
behavioral1/files/0x0005000000019433-183.dat	upx
behavioral1/files/0x00050000000193c1-178.dat	upx
behavioral1/files/0x00050000000193b3-173.dat	upx
behavioral1/files/0x00050000000193a4-168.dat	upx
behavioral1/files/0x0005000000019387-163.dat	upx
behavioral1/files/0x0005000000019377-158.dat	upx
behavioral1/files/0x0005000000019365-153.dat	upx
behavioral1/files/0x0005000000019319-147.dat	upx
behavioral1/files/0x000500000001929a-143.dat	upx
behavioral1/files/0x0005000000019278-138.dat	upx
behavioral1/files/0x0005000000019275-133.dat	upx
behavioral1/files/0x000500000001926c-128.dat	upx
behavioral1/files/0x0005000000019268-123.dat	upx
behavioral1/files/0x0005000000019240-113.dat	upx
behavioral1/files/0x0005000000019259-118.dat	upx
behavioral1/memory/2868-97-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/1144-96-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/files/0x00050000000191f6-95.dat	upx
behavioral1/memory/1680-106-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/files/0x0005000000019217-104.dat	upx
behavioral1/memory/2076-81-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2772-88-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/2708-87-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2568-66-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/352-65-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/files/0x0007000000018f65-64.dat	upx
behavioral1/memory/2732-73-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2500-58-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2040-53-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2708-50-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/files/0x0007000000016eb8-49.dat	upx
behavioral1/memory/2040-3354-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2952-3368-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2500-3391-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\QOhuXRI.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\txeyMUe.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JmeFamP.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QHppjBS.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MNzJxgV.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fJjDQiQ.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GaSzjnc.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KPrRNWF.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TEbEXmH.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JdAFOAQ.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VMAVtxV.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lRdhSYH.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OxKIOjg.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WeURljU.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RRipldk.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IKqlahU.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ymwCaBA.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yRpiXsD.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qkSkUcx.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HzJNlTd.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QIHrnQK.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WeNwIwe.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BDBRavF.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\miClFoS.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FPfkjam.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QlzIMcx.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dbnugbl.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zjWHAYS.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lyoMoLN.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JzCsjnp.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NPtJzCO.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rXlXpBb.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WxjAifV.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fwXAQoK.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TPcnAbP.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cVpsxsf.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UtUZsLC.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hyZAkVF.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LgIZUHP.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pcAjdVb.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qfEGYfP.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fZirRdn.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lEWBNJd.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IeHKejP.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tjrDrbX.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FXGlmjk.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EcpshUR.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\joBmtlD.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hqFofrE.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gMGeLci.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NcgAZrF.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wWVtMgq.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tyARiaP.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QJTfYkR.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KKFgvnO.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TGicMVy.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fwolHMB.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mjYwBkU.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xlfThYp.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OlZLOqI.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LuSzYOW.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FaBEAxI.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hmvcDSL.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QcTqNiU.exe	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 2952	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1924 wrote to memory of 2952	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1924 wrote to memory of 2952	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1924 wrote to memory of 2040	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1924 wrote to memory of 2040	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1924 wrote to memory of 2040	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1924 wrote to memory of 2500	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1924 wrote to memory of 2500	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1924 wrote to memory of 2500	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1924 wrote to memory of 352	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1924 wrote to memory of 352	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1924 wrote to memory of 352	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1924 wrote to memory of 2732	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1924 wrote to memory of 2732	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1924 wrote to memory of 2732	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1924 wrote to memory of 2880	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1924 wrote to memory of 2880	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1924 wrote to memory of 2880	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1924 wrote to memory of 2708	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1924 wrote to memory of 2708	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1924 wrote to memory of 2708	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1924 wrote to memory of 1144	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1924 wrote to memory of 1144	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1924 wrote to memory of 1144	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1924 wrote to memory of 2568	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1924 wrote to memory of 2568	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1924 wrote to memory of 2568	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1924 wrote to memory of 2648	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1924 wrote to memory of 2648	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1924 wrote to memory of 2648	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1924 wrote to memory of 2076	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1924 wrote to memory of 2076	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1924 wrote to memory of 2076	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1924 wrote to memory of 2772	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1924 wrote to memory of 2772	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1924 wrote to memory of 2772	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1924 wrote to memory of 2868	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1924 wrote to memory of 2868	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1924 wrote to memory of 2868	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1924 wrote to memory of 1680	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1924 wrote to memory of 1680	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1924 wrote to memory of 1680	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1924 wrote to memory of 2896	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1924 wrote to memory of 2896	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1924 wrote to memory of 2896	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1924 wrote to memory of 1956	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1924 wrote to memory of 1956	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1924 wrote to memory of 1956	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1924 wrote to memory of 2092	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1924 wrote to memory of 2092	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1924 wrote to memory of 2092	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1924 wrote to memory of 316	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1924 wrote to memory of 316	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1924 wrote to memory of 316	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1924 wrote to memory of 1972	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1924 wrote to memory of 1972	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1924 wrote to memory of 1972	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1924 wrote to memory of 1044	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1924 wrote to memory of 1044	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1924 wrote to memory of 1044	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1924 wrote to memory of 2436	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1924 wrote to memory of 2436	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1924 wrote to memory of 2436	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1924 wrote to memory of 1728	1924	2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-02_1390b395f81653bad12ffa10f160026a_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Windows\System\TXFksRc.exe
  C:\Windows\System\TXFksRc.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\KQXGjht.exe
  C:\Windows\System\KQXGjht.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\YmXKrUM.exe
  C:\Windows\System\YmXKrUM.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\kYGTgVv.exe
  C:\Windows\System\kYGTgVv.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\FKXitwv.exe
  C:\Windows\System\FKXitwv.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\ieYpHxx.exe
  C:\Windows\System\ieYpHxx.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\XqtqlkC.exe
  C:\Windows\System\XqtqlkC.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\kvuptKW.exe
  C:\Windows\System\kvuptKW.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\MKYKiMM.exe
  C:\Windows\System\MKYKiMM.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\WFZptOs.exe
  C:\Windows\System\WFZptOs.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\UdawsKh.exe
  C:\Windows\System\UdawsKh.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\EapWwSa.exe
  C:\Windows\System\EapWwSa.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\FUSVVsN.exe
  C:\Windows\System\FUSVVsN.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\YKWuxXO.exe
  C:\Windows\System\YKWuxXO.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\toMBaPu.exe
  C:\Windows\System\toMBaPu.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\xeIzdql.exe
  C:\Windows\System\xeIzdql.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\RbBlQBU.exe
  C:\Windows\System\RbBlQBU.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\nTXpBsB.exe
  C:\Windows\System\nTXpBsB.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\uCCpBOY.exe
  C:\Windows\System\uCCpBOY.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\MpKqAEf.exe
  C:\Windows\System\MpKqAEf.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\vollMpd.exe
  C:\Windows\System\vollMpd.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\mVqzghe.exe
  C:\Windows\System\mVqzghe.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\HIHEvNR.exe
  C:\Windows\System\HIHEvNR.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\GWqyneY.exe
  C:\Windows\System\GWqyneY.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\hfCVApx.exe
  C:\Windows\System\hfCVApx.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\uxqtHrr.exe
  C:\Windows\System\uxqtHrr.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\ePhdRpU.exe
  C:\Windows\System\ePhdRpU.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\BzpCrzI.exe
  C:\Windows\System\BzpCrzI.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\JAmHNKh.exe
  C:\Windows\System\JAmHNKh.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\RLoNDiI.exe
  C:\Windows\System\RLoNDiI.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\SEnoOVA.exe
  C:\Windows\System\SEnoOVA.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\KPrRNWF.exe
  C:\Windows\System\KPrRNWF.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\LzoQWed.exe
  C:\Windows\System\LzoQWed.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\wQUteVn.exe
  C:\Windows\System\wQUteVn.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\KNBjFta.exe
  C:\Windows\System\KNBjFta.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\oYKaKbK.exe
  C:\Windows\System\oYKaKbK.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\cgazdrQ.exe
  C:\Windows\System\cgazdrQ.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\pXIRHhb.exe
  C:\Windows\System\pXIRHhb.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\dWnmSvL.exe
  C:\Windows\System\dWnmSvL.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\lfGYfAP.exe
  C:\Windows\System\lfGYfAP.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\hTPmBqm.exe
  C:\Windows\System\hTPmBqm.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\lVbuTdK.exe
  C:\Windows\System\lVbuTdK.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\LDLiBeN.exe
  C:\Windows\System\LDLiBeN.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\sVucyOD.exe
  C:\Windows\System\sVucyOD.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\JOceRts.exe
  C:\Windows\System\JOceRts.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\KnvPAIJ.exe
  C:\Windows\System\KnvPAIJ.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\CPzUeJy.exe
  C:\Windows\System\CPzUeJy.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\shLLWcp.exe
  C:\Windows\System\shLLWcp.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\UGbtOEa.exe
  C:\Windows\System\UGbtOEa.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\hFZKYWu.exe
  C:\Windows\System\hFZKYWu.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\Bputnam.exe
  C:\Windows\System\Bputnam.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\EJJqqSH.exe
  C:\Windows\System\EJJqqSH.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\ybuUxGm.exe
  C:\Windows\System\ybuUxGm.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\slIPEAo.exe
  C:\Windows\System\slIPEAo.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\OEtqCHq.exe
  C:\Windows\System\OEtqCHq.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\uZiWYSg.exe
  C:\Windows\System\uZiWYSg.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\dqEYTPd.exe
  C:\Windows\System\dqEYTPd.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\hOSelWQ.exe
  C:\Windows\System\hOSelWQ.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\dpjPFpw.exe
  C:\Windows\System\dpjPFpw.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\FfhUCHH.exe
  C:\Windows\System\FfhUCHH.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\QYVtUlm.exe
  C:\Windows\System\QYVtUlm.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\wpeKUhX.exe
  C:\Windows\System\wpeKUhX.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\uqFoVaV.exe
  C:\Windows\System\uqFoVaV.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\eUEHcaS.exe
  C:\Windows\System\eUEHcaS.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\iqWZwER.exe
  C:\Windows\System\iqWZwER.exe
  2⤵
  PID:1788
- C:\Windows\System\pEpQZVo.exe
  C:\Windows\System\pEpQZVo.exe
  2⤵
  PID:1776
- C:\Windows\System\MniNmev.exe
  C:\Windows\System\MniNmev.exe
  2⤵
  PID:1304
- C:\Windows\System\CkUvLDT.exe
  C:\Windows\System\CkUvLDT.exe
  2⤵
  PID:1540
- C:\Windows\System\EKmoQKW.exe
  C:\Windows\System\EKmoQKW.exe
  2⤵
  PID:1916
- C:\Windows\System\rzKjPnj.exe
  C:\Windows\System\rzKjPnj.exe
  2⤵
  PID:1280
- C:\Windows\System\tERkhmO.exe
  C:\Windows\System\tERkhmO.exe
  2⤵
  PID:1640
- C:\Windows\System\ATKtDpC.exe
  C:\Windows\System\ATKtDpC.exe
  2⤵
  PID:628
- C:\Windows\System\uFmWhGw.exe
  C:\Windows\System\uFmWhGw.exe
  2⤵
  PID:940
- C:\Windows\System\ZwZEbpg.exe
  C:\Windows\System\ZwZEbpg.exe
  2⤵
  PID:1028
- C:\Windows\System\ENqIsKT.exe
  C:\Windows\System\ENqIsKT.exe
  2⤵
  PID:348
- C:\Windows\System\iCskvrm.exe
  C:\Windows\System\iCskvrm.exe
  2⤵
  PID:2260
- C:\Windows\System\bdZeYzt.exe
  C:\Windows\System\bdZeYzt.exe
  2⤵
  PID:2128
- C:\Windows\System\HKXWvMV.exe
  C:\Windows\System\HKXWvMV.exe
  2⤵
  PID:328
- C:\Windows\System\fUCzcOa.exe
  C:\Windows\System\fUCzcOa.exe
  2⤵
  PID:784
- C:\Windows\System\PXOZJIB.exe
  C:\Windows\System\PXOZJIB.exe
  2⤵
  PID:752
- C:\Windows\System\kfGYFns.exe
  C:\Windows\System\kfGYFns.exe
  2⤵
  PID:1644
- C:\Windows\System\AycQgqE.exe
  C:\Windows\System\AycQgqE.exe
  2⤵
  PID:1604
- C:\Windows\System\QIHrnQK.exe
  C:\Windows\System\QIHrnQK.exe
  2⤵
  PID:2208
- C:\Windows\System\sLYuKXY.exe
  C:\Windows\System\sLYuKXY.exe
  2⤵
  PID:3048
- C:\Windows\System\WhjbDkI.exe
  C:\Windows\System\WhjbDkI.exe
  2⤵
  PID:2332
- C:\Windows\System\rzDvRWj.exe
  C:\Windows\System\rzDvRWj.exe
  2⤵
  PID:3036
- C:\Windows\System\GEWOpLy.exe
  C:\Windows\System\GEWOpLy.exe
  2⤵
  PID:2212
- C:\Windows\System\OlZLOqI.exe
  C:\Windows\System\OlZLOqI.exe
  2⤵
  PID:2556
- C:\Windows\System\HbjApPW.exe
  C:\Windows\System\HbjApPW.exe
  2⤵
  PID:1784
- C:\Windows\System\mQLCalo.exe
  C:\Windows\System\mQLCalo.exe
  2⤵
  PID:1932
- C:\Windows\System\YeNffnz.exe
  C:\Windows\System\YeNffnz.exe
  2⤵
  PID:2084
- C:\Windows\System\NcgAZrF.exe
  C:\Windows\System\NcgAZrF.exe
  2⤵
  PID:2428
- C:\Windows\System\YsENVGV.exe
  C:\Windows\System\YsENVGV.exe
  2⤵
  PID:1628
- C:\Windows\System\AFCcPaQ.exe
  C:\Windows\System\AFCcPaQ.exe
  2⤵
  PID:1324
- C:\Windows\System\xEslsTx.exe
  C:\Windows\System\xEslsTx.exe
  2⤵
  PID:832
- C:\Windows\System\sCLHZtt.exe
  C:\Windows\System\sCLHZtt.exe
  2⤵
  PID:2456
- C:\Windows\System\QNCkOor.exe
  C:\Windows\System\QNCkOor.exe
  2⤵
  PID:2448
- C:\Windows\System\aHDjAGM.exe
  C:\Windows\System\aHDjAGM.exe
  2⤵
  PID:976
- C:\Windows\System\lCRfsMQ.exe
  C:\Windows\System\lCRfsMQ.exe
  2⤵
  PID:2404
- C:\Windows\System\MLUtkZf.exe
  C:\Windows\System\MLUtkZf.exe
  2⤵
  PID:1148
- C:\Windows\System\zxpIOcT.exe
  C:\Windows\System\zxpIOcT.exe
  2⤵
  PID:1564
- C:\Windows\System\YriumDW.exe
  C:\Windows\System\YriumDW.exe
  2⤵
  PID:2908
- C:\Windows\System\PFYdDOq.exe
  C:\Windows\System\PFYdDOq.exe
  2⤵
  PID:2940
- C:\Windows\System\QrfwYoi.exe
  C:\Windows\System\QrfwYoi.exe
  2⤵
  PID:2608
- C:\Windows\System\TLrjqlB.exe
  C:\Windows\System\TLrjqlB.exe
  2⤵
  PID:2316
- C:\Windows\System\dGnnTmj.exe
  C:\Windows\System\dGnnTmj.exe
  2⤵
  PID:1904
- C:\Windows\System\QoJEnlL.exe
  C:\Windows\System\QoJEnlL.exe
  2⤵
  PID:684
- C:\Windows\System\mdfDvQK.exe
  C:\Windows\System\mdfDvQK.exe
  2⤵
  PID:984
- C:\Windows\System\qvEboJa.exe
  C:\Windows\System\qvEboJa.exe
  2⤵
  PID:1544
- C:\Windows\System\IsGMzXU.exe
  C:\Windows\System\IsGMzXU.exe
  2⤵
  PID:1816
- C:\Windows\System\qKluTXA.exe
  C:\Windows\System\qKluTXA.exe
  2⤵
  PID:3092
- C:\Windows\System\zkQzEyq.exe
  C:\Windows\System\zkQzEyq.exe
  2⤵
  PID:3112
- C:\Windows\System\lEEXBlH.exe
  C:\Windows\System\lEEXBlH.exe
  2⤵
  PID:3132
- C:\Windows\System\gnopbpD.exe
  C:\Windows\System\gnopbpD.exe
  2⤵
  PID:3152
- C:\Windows\System\aGYgJoC.exe
  C:\Windows\System\aGYgJoC.exe
  2⤵
  PID:3172
- C:\Windows\System\aKwNTAy.exe
  C:\Windows\System\aKwNTAy.exe
  2⤵
  PID:3192
- C:\Windows\System\RagAmPZ.exe
  C:\Windows\System\RagAmPZ.exe
  2⤵
  PID:3212
- C:\Windows\System\CBySkZT.exe
  C:\Windows\System\CBySkZT.exe
  2⤵
  PID:3232
- C:\Windows\System\ZADQlGC.exe
  C:\Windows\System\ZADQlGC.exe
  2⤵
  PID:3252
- C:\Windows\System\tjrDrbX.exe
  C:\Windows\System\tjrDrbX.exe
  2⤵
  PID:3272
- C:\Windows\System\oLQQhzo.exe
  C:\Windows\System\oLQQhzo.exe
  2⤵
  PID:3292
- C:\Windows\System\qCOMWGy.exe
  C:\Windows\System\qCOMWGy.exe
  2⤵
  PID:3312
- C:\Windows\System\nKirFeX.exe
  C:\Windows\System\nKirFeX.exe
  2⤵
  PID:3332
- C:\Windows\System\xBySMVT.exe
  C:\Windows\System\xBySMVT.exe
  2⤵
  PID:3352
- C:\Windows\System\JYMzEiF.exe
  C:\Windows\System\JYMzEiF.exe
  2⤵
  PID:3372
- C:\Windows\System\fPuHwAG.exe
  C:\Windows\System\fPuHwAG.exe
  2⤵
  PID:3392
- C:\Windows\System\DeaEqXj.exe
  C:\Windows\System\DeaEqXj.exe
  2⤵
  PID:3412
- C:\Windows\System\AMkyuku.exe
  C:\Windows\System\AMkyuku.exe
  2⤵
  PID:3436
- C:\Windows\System\ZukQOWc.exe
  C:\Windows\System\ZukQOWc.exe
  2⤵
  PID:3456
- C:\Windows\System\PPtvHLE.exe
  C:\Windows\System\PPtvHLE.exe
  2⤵
  PID:3476
- C:\Windows\System\JTPhBVz.exe
  C:\Windows\System\JTPhBVz.exe
  2⤵
  PID:3496
- C:\Windows\System\AlqQMwu.exe
  C:\Windows\System\AlqQMwu.exe
  2⤵
  PID:3516
- C:\Windows\System\BxITPCa.exe
  C:\Windows\System\BxITPCa.exe
  2⤵
  PID:3536
- C:\Windows\System\fRFHJZb.exe
  C:\Windows\System\fRFHJZb.exe
  2⤵
  PID:3556
- C:\Windows\System\PQhkQnE.exe
  C:\Windows\System\PQhkQnE.exe
  2⤵
  PID:3576
- C:\Windows\System\pXslYZj.exe
  C:\Windows\System\pXslYZj.exe
  2⤵
  PID:3596
- C:\Windows\System\ARUTOsa.exe
  C:\Windows\System\ARUTOsa.exe
  2⤵
  PID:3616
- C:\Windows\System\NmoDMpt.exe
  C:\Windows\System\NmoDMpt.exe
  2⤵
  PID:3636
- C:\Windows\System\igfPkzx.exe
  C:\Windows\System\igfPkzx.exe
  2⤵
  PID:3656
- C:\Windows\System\hGgYhuM.exe
  C:\Windows\System\hGgYhuM.exe
  2⤵
  PID:3676
- C:\Windows\System\HSyMLEG.exe
  C:\Windows\System\HSyMLEG.exe
  2⤵
  PID:3696
- C:\Windows\System\hnBIHIL.exe
  C:\Windows\System\hnBIHIL.exe
  2⤵
  PID:3716
- C:\Windows\System\uFQFHoi.exe
  C:\Windows\System\uFQFHoi.exe
  2⤵
  PID:3736
- C:\Windows\System\HMCnBxz.exe
  C:\Windows\System\HMCnBxz.exe
  2⤵
  PID:3756
- C:\Windows\System\OrnODIb.exe
  C:\Windows\System\OrnODIb.exe
  2⤵
  PID:3776
- C:\Windows\System\GssMbyw.exe
  C:\Windows\System\GssMbyw.exe
  2⤵
  PID:3796
- C:\Windows\System\IJKetrk.exe
  C:\Windows\System\IJKetrk.exe
  2⤵
  PID:3816
- C:\Windows\System\YnrIhBo.exe
  C:\Windows\System\YnrIhBo.exe
  2⤵
  PID:3836
- C:\Windows\System\mmgGugf.exe
  C:\Windows\System\mmgGugf.exe
  2⤵
  PID:3856
- C:\Windows\System\PdoZnTX.exe
  C:\Windows\System\PdoZnTX.exe
  2⤵
  PID:3876
- C:\Windows\System\MNzJxgV.exe
  C:\Windows\System\MNzJxgV.exe
  2⤵
  PID:3896
- C:\Windows\System\zAzIcsd.exe
  C:\Windows\System\zAzIcsd.exe
  2⤵
  PID:3916
- C:\Windows\System\CNSZEcw.exe
  C:\Windows\System\CNSZEcw.exe
  2⤵
  PID:3936
- C:\Windows\System\EanahLq.exe
  C:\Windows\System\EanahLq.exe
  2⤵
  PID:3956
- C:\Windows\System\fJjQUXz.exe
  C:\Windows\System\fJjQUXz.exe
  2⤵
  PID:3976
- C:\Windows\System\gqorPSk.exe
  C:\Windows\System\gqorPSk.exe
  2⤵
  PID:3996
- C:\Windows\System\YHJnhMC.exe
  C:\Windows\System\YHJnhMC.exe
  2⤵
  PID:4016
- C:\Windows\System\jzAKUmO.exe
  C:\Windows\System\jzAKUmO.exe
  2⤵
  PID:4036
- C:\Windows\System\LWCJodI.exe
  C:\Windows\System\LWCJodI.exe
  2⤵
  PID:4056
- C:\Windows\System\joqFhiG.exe
  C:\Windows\System\joqFhiG.exe
  2⤵
  PID:4076
- C:\Windows\System\sLYqqKw.exe
  C:\Windows\System\sLYqqKw.exe
  2⤵
  PID:2304
- C:\Windows\System\bmhuKBa.exe
  C:\Windows\System\bmhuKBa.exe
  2⤵
  PID:884
- C:\Windows\System\NawDHQO.exe
  C:\Windows\System\NawDHQO.exe
  2⤵
  PID:2776
- C:\Windows\System\EbKNbRP.exe
  C:\Windows\System\EbKNbRP.exe
  2⤵
  PID:780
- C:\Windows\System\lJqALzv.exe
  C:\Windows\System\lJqALzv.exe
  2⤵
  PID:888
- C:\Windows\System\SHNRvtP.exe
  C:\Windows\System\SHNRvtP.exe
  2⤵
  PID:2668
- C:\Windows\System\NNrGDBo.exe
  C:\Windows\System\NNrGDBo.exe
  2⤵
  PID:1388
- C:\Windows\System\wjPcJUp.exe
  C:\Windows\System\wjPcJUp.exe
  2⤵
  PID:3088
- C:\Windows\System\wbomrkW.exe
  C:\Windows\System\wbomrkW.exe
  2⤵
  PID:3128
- C:\Windows\System\GKdsJRI.exe
  C:\Windows\System\GKdsJRI.exe
  2⤵
  PID:3160
- C:\Windows\System\DVuuQNh.exe
  C:\Windows\System\DVuuQNh.exe
  2⤵
  PID:3164
- C:\Windows\System\tipBdlE.exe
  C:\Windows\System\tipBdlE.exe
  2⤵
  PID:3204
- C:\Windows\System\JbKQWmK.exe
  C:\Windows\System\JbKQWmK.exe
  2⤵
  PID:3244
- C:\Windows\System\WmXLAYh.exe
  C:\Windows\System\WmXLAYh.exe
  2⤵
  PID:3288
- C:\Windows\System\CykGppk.exe
  C:\Windows\System\CykGppk.exe
  2⤵
  PID:3328
- C:\Windows\System\AWQXSkf.exe
  C:\Windows\System\AWQXSkf.exe
  2⤵
  PID:3340
- C:\Windows\System\xHWAuSc.exe
  C:\Windows\System\xHWAuSc.exe
  2⤵
  PID:3400
- C:\Windows\System\lpBFxNi.exe
  C:\Windows\System\lpBFxNi.exe
  2⤵
  PID:3404
- C:\Windows\System\kHELDkv.exe
  C:\Windows\System\kHELDkv.exe
  2⤵
  PID:3444
- C:\Windows\System\sIvjVlr.exe
  C:\Windows\System\sIvjVlr.exe
  2⤵
  PID:3492
- C:\Windows\System\apEBmls.exe
  C:\Windows\System\apEBmls.exe
  2⤵
  PID:3524
- C:\Windows\System\xWkghZg.exe
  C:\Windows\System\xWkghZg.exe
  2⤵
  PID:3564
- C:\Windows\System\EmFhhhY.exe
  C:\Windows\System\EmFhhhY.exe
  2⤵
  PID:3552
- C:\Windows\System\pxaEwVf.exe
  C:\Windows\System\pxaEwVf.exe
  2⤵
  PID:3592
- C:\Windows\System\adFXoWy.exe
  C:\Windows\System\adFXoWy.exe
  2⤵
  PID:3648
- C:\Windows\System\JaNfHro.exe
  C:\Windows\System\JaNfHro.exe
  2⤵
  PID:3664
- C:\Windows\System\rfvLNRS.exe
  C:\Windows\System\rfvLNRS.exe
  2⤵
  PID:3732
- C:\Windows\System\cbdPDCd.exe
  C:\Windows\System\cbdPDCd.exe
  2⤵
  PID:3764
- C:\Windows\System\FjLufdN.exe
  C:\Windows\System\FjLufdN.exe
  2⤵
  PID:3752
- C:\Windows\System\umWlvdw.exe
  C:\Windows\System\umWlvdw.exe
  2⤵
  PID:3792
- C:\Windows\System\jKQXNoH.exe
  C:\Windows\System\jKQXNoH.exe
  2⤵
  PID:3824
- C:\Windows\System\AQCmLbv.exe
  C:\Windows\System\AQCmLbv.exe
  2⤵
  PID:3888
- C:\Windows\System\DcaFOsy.exe
  C:\Windows\System\DcaFOsy.exe
  2⤵
  PID:3932
- C:\Windows\System\uSklciI.exe
  C:\Windows\System\uSklciI.exe
  2⤵
  PID:3944
- C:\Windows\System\sbotECM.exe
  C:\Windows\System\sbotECM.exe
  2⤵
  PID:3952
- C:\Windows\System\KvYgGMX.exe
  C:\Windows\System\KvYgGMX.exe
  2⤵
  PID:3992
- C:\Windows\System\nTpBhvK.exe
  C:\Windows\System\nTpBhvK.exe
  2⤵
  PID:4028
- C:\Windows\System\nFsdRmO.exe
  C:\Windows\System\nFsdRmO.exe
  2⤵
  PID:4068
- C:\Windows\System\swWicYy.exe
  C:\Windows\System\swWicYy.exe
  2⤵
  PID:1676
- C:\Windows\System\ICuaVeJ.exe
  C:\Windows\System\ICuaVeJ.exe
  2⤵
  PID:2744
- C:\Windows\System\FurvFga.exe
  C:\Windows\System\FurvFga.exe
  2⤵
  PID:2328
- C:\Windows\System\vkFqwKa.exe
  C:\Windows\System\vkFqwKa.exe
  2⤵
  PID:956
- C:\Windows\System\uWfLPyE.exe
  C:\Windows\System\uWfLPyE.exe
  2⤵
  PID:3080
- C:\Windows\System\SAUCYNF.exe
  C:\Windows\System\SAUCYNF.exe
  2⤵
  PID:3168
- C:\Windows\System\RRipldk.exe
  C:\Windows\System\RRipldk.exe
  2⤵
  PID:3180
- C:\Windows\System\jhLQBHf.exe
  C:\Windows\System\jhLQBHf.exe
  2⤵
  PID:3240
- C:\Windows\System\QUTcESE.exe
  C:\Windows\System\QUTcESE.exe
  2⤵
  PID:3260
- C:\Windows\System\UHlZEKY.exe
  C:\Windows\System\UHlZEKY.exe
  2⤵
  PID:3364
- C:\Windows\System\VZodnQN.exe
  C:\Windows\System\VZodnQN.exe
  2⤵
  PID:3380
- C:\Windows\System\ZZjERSZ.exe
  C:\Windows\System\ZZjERSZ.exe
  2⤵
  PID:3428
- C:\Windows\System\aBAhzbD.exe
  C:\Windows\System\aBAhzbD.exe
  2⤵
  PID:3484
- C:\Windows\System\UjjgSaT.exe
  C:\Windows\System\UjjgSaT.exe
  2⤵
  PID:3532
- C:\Windows\System\zWrFcdm.exe
  C:\Windows\System\zWrFcdm.exe
  2⤵
  PID:3652
- C:\Windows\System\TNTqXTu.exe
  C:\Windows\System\TNTqXTu.exe
  2⤵
  PID:3628
- C:\Windows\System\XLIDaoP.exe
  C:\Windows\System\XLIDaoP.exe
  2⤵
  PID:3684
- C:\Windows\System\TtMRtuj.exe
  C:\Windows\System\TtMRtuj.exe
  2⤵
  PID:3744
- C:\Windows\System\YjBxcUq.exe
  C:\Windows\System\YjBxcUq.exe
  2⤵
  PID:3848
- C:\Windows\System\UjRrwrd.exe
  C:\Windows\System\UjRrwrd.exe
  2⤵
  PID:3892
- C:\Windows\System\MjcKywv.exe
  C:\Windows\System\MjcKywv.exe
  2⤵
  PID:3928
- C:\Windows\System\zxRpcli.exe
  C:\Windows\System\zxRpcli.exe
  2⤵
  PID:4004
- C:\Windows\System\yaFCcbc.exe
  C:\Windows\System\yaFCcbc.exe
  2⤵
  PID:4052
- C:\Windows\System\WfyVbdP.exe
  C:\Windows\System\WfyVbdP.exe
  2⤵
  PID:4092
- C:\Windows\System\dRoOxxN.exe
  C:\Windows\System\dRoOxxN.exe
  2⤵
  PID:2488
- C:\Windows\System\UdMDITT.exe
  C:\Windows\System\UdMDITT.exe
  2⤵
  PID:3120
- C:\Windows\System\BnbylvH.exe
  C:\Windows\System\BnbylvH.exe
  2⤵
  PID:3108
- C:\Windows\System\lzZVjAZ.exe
  C:\Windows\System\lzZVjAZ.exe
  2⤵
  PID:3224
- C:\Windows\System\vFWTpVt.exe
  C:\Windows\System\vFWTpVt.exe
  2⤵
  PID:3248
- C:\Windows\System\TvloBVZ.exe
  C:\Windows\System\TvloBVZ.exe
  2⤵
  PID:3368
- C:\Windows\System\khapXmY.exe
  C:\Windows\System\khapXmY.exe
  2⤵
  PID:3384
- C:\Windows\System\oBtmltv.exe
  C:\Windows\System\oBtmltv.exe
  2⤵
  PID:3612
- C:\Windows\System\aGumbHF.exe
  C:\Windows\System\aGumbHF.exe
  2⤵
  PID:3724
- C:\Windows\System\JBxRiOl.exe
  C:\Windows\System\JBxRiOl.exe
  2⤵
  PID:3584
- C:\Windows\System\tlNTPzy.exe
  C:\Windows\System\tlNTPzy.exe
  2⤵
  PID:3812
- C:\Windows\System\llCNINp.exe
  C:\Windows\System\llCNINp.exe
  2⤵
  PID:3924
- C:\Windows\System\LIafBeQ.exe
  C:\Windows\System\LIafBeQ.exe
  2⤵
  PID:4116
- C:\Windows\System\OAsQNKw.exe
  C:\Windows\System\OAsQNKw.exe
  2⤵
  PID:4140
- C:\Windows\System\NKcyUBG.exe
  C:\Windows\System\NKcyUBG.exe
  2⤵
  PID:4160
- C:\Windows\System\nNbUWBt.exe
  C:\Windows\System\nNbUWBt.exe
  2⤵
  PID:4180
- C:\Windows\System\uTvtdyY.exe
  C:\Windows\System\uTvtdyY.exe
  2⤵
  PID:4200
- C:\Windows\System\GPGjXAC.exe
  C:\Windows\System\GPGjXAC.exe
  2⤵
  PID:4220
- C:\Windows\System\ZAACFGv.exe
  C:\Windows\System\ZAACFGv.exe
  2⤵
  PID:4240
- C:\Windows\System\bhZJXhx.exe
  C:\Windows\System\bhZJXhx.exe
  2⤵
  PID:4260
- C:\Windows\System\oXIaIso.exe
  C:\Windows\System\oXIaIso.exe
  2⤵
  PID:4280
- C:\Windows\System\hDjOoSP.exe
  C:\Windows\System\hDjOoSP.exe
  2⤵
  PID:4296
- C:\Windows\System\piOpvBY.exe
  C:\Windows\System\piOpvBY.exe
  2⤵
  PID:4320
- C:\Windows\System\OlObTcA.exe
  C:\Windows\System\OlObTcA.exe
  2⤵
  PID:4340
- C:\Windows\System\uklYrOW.exe
  C:\Windows\System\uklYrOW.exe
  2⤵
  PID:4360
- C:\Windows\System\rLkuOYD.exe
  C:\Windows\System\rLkuOYD.exe
  2⤵
  PID:4380
- C:\Windows\System\oAOTZgn.exe
  C:\Windows\System\oAOTZgn.exe
  2⤵
  PID:4404
- C:\Windows\System\ZlqKfmX.exe
  C:\Windows\System\ZlqKfmX.exe
  2⤵
  PID:4424
- C:\Windows\System\RugCQQX.exe
  C:\Windows\System\RugCQQX.exe
  2⤵
  PID:4444
- C:\Windows\System\OLMOkue.exe
  C:\Windows\System\OLMOkue.exe
  2⤵
  PID:4464
- C:\Windows\System\xsjEuwB.exe
  C:\Windows\System\xsjEuwB.exe
  2⤵
  PID:4484
- C:\Windows\System\oaryWRo.exe
  C:\Windows\System\oaryWRo.exe
  2⤵
  PID:4504
- C:\Windows\System\iDbAdUm.exe
  C:\Windows\System\iDbAdUm.exe
  2⤵
  PID:4524
- C:\Windows\System\OLYLwDB.exe
  C:\Windows\System\OLYLwDB.exe
  2⤵
  PID:4544
- C:\Windows\System\ZeRcTZz.exe
  C:\Windows\System\ZeRcTZz.exe
  2⤵
  PID:4568
- C:\Windows\System\HrNgtyx.exe
  C:\Windows\System\HrNgtyx.exe
  2⤵
  PID:4588
- C:\Windows\System\lJepKcZ.exe
  C:\Windows\System\lJepKcZ.exe
  2⤵
  PID:4608
- C:\Windows\System\nHQOava.exe
  C:\Windows\System\nHQOava.exe
  2⤵
  PID:4628
- C:\Windows\System\PYMMskj.exe
  C:\Windows\System\PYMMskj.exe
  2⤵
  PID:4648
- C:\Windows\System\nVgteGI.exe
  C:\Windows\System\nVgteGI.exe
  2⤵
  PID:4668
- C:\Windows\System\NebKNHO.exe
  C:\Windows\System\NebKNHO.exe
  2⤵
  PID:4688
- C:\Windows\System\gUxWNln.exe
  C:\Windows\System\gUxWNln.exe
  2⤵
  PID:4708
- C:\Windows\System\uEeNlsG.exe
  C:\Windows\System\uEeNlsG.exe
  2⤵
  PID:4732
- C:\Windows\System\vYmdhZI.exe
  C:\Windows\System\vYmdhZI.exe
  2⤵
  PID:4752
- C:\Windows\System\zbGnKtf.exe
  C:\Windows\System\zbGnKtf.exe
  2⤵
  PID:4772
- C:\Windows\System\oDRiYft.exe
  C:\Windows\System\oDRiYft.exe
  2⤵
  PID:4792
- C:\Windows\System\YMwXbYa.exe
  C:\Windows\System\YMwXbYa.exe
  2⤵
  PID:4812
- C:\Windows\System\oNriMdm.exe
  C:\Windows\System\oNriMdm.exe
  2⤵
  PID:4832
- C:\Windows\System\BPXZHHQ.exe
  C:\Windows\System\BPXZHHQ.exe
  2⤵
  PID:4852
- C:\Windows\System\fuDjXgj.exe
  C:\Windows\System\fuDjXgj.exe
  2⤵
  PID:4872
- C:\Windows\System\fwbPNYa.exe
  C:\Windows\System\fwbPNYa.exe
  2⤵
  PID:4892
- C:\Windows\System\ytksDnu.exe
  C:\Windows\System\ytksDnu.exe
  2⤵
  PID:4912
- C:\Windows\System\tgcMkgC.exe
  C:\Windows\System\tgcMkgC.exe
  2⤵
  PID:4932
- C:\Windows\System\fJjDQiQ.exe
  C:\Windows\System\fJjDQiQ.exe
  2⤵
  PID:4952
- C:\Windows\System\qdBvaPG.exe
  C:\Windows\System\qdBvaPG.exe
  2⤵
  PID:4972
- C:\Windows\System\zqmcVRT.exe
  C:\Windows\System\zqmcVRT.exe
  2⤵
  PID:4992
- C:\Windows\System\ZqVjtYQ.exe
  C:\Windows\System\ZqVjtYQ.exe
  2⤵
  PID:5012
- C:\Windows\System\EOjqmGS.exe
  C:\Windows\System\EOjqmGS.exe
  2⤵
  PID:5032
- C:\Windows\System\xvpupsS.exe
  C:\Windows\System\xvpupsS.exe
  2⤵
  PID:5052
- C:\Windows\System\BbqAKcw.exe
  C:\Windows\System\BbqAKcw.exe
  2⤵
  PID:5072
- C:\Windows\System\awHAGCP.exe
  C:\Windows\System\awHAGCP.exe
  2⤵
  PID:5092
- C:\Windows\System\lNiNxvy.exe
  C:\Windows\System\lNiNxvy.exe
  2⤵
  PID:5112
- C:\Windows\System\qPiMLDH.exe
  C:\Windows\System\qPiMLDH.exe
  2⤵
  PID:3968
- C:\Windows\System\UTCrkzz.exe
  C:\Windows\System\UTCrkzz.exe
  2⤵
  PID:3908
- C:\Windows\System\fZPuscp.exe
  C:\Windows\System\fZPuscp.exe
  2⤵
  PID:2352
- C:\Windows\System\ylptrut.exe
  C:\Windows\System\ylptrut.exe
  2⤵
  PID:2508
- C:\Windows\System\QcOUNzF.exe
  C:\Windows\System\QcOUNzF.exe
  2⤵
  PID:2892
- C:\Windows\System\AUMYwVN.exe
  C:\Windows\System\AUMYwVN.exe
  2⤵
  PID:3468
- C:\Windows\System\ibGnPjM.exe
  C:\Windows\System\ibGnPjM.exe
  2⤵
  PID:4048
- C:\Windows\System\TFIdXkC.exe
  C:\Windows\System\TFIdXkC.exe
  2⤵
  PID:3432
- C:\Windows\System\MjsSTSN.exe
  C:\Windows\System\MjsSTSN.exe
  2⤵
  PID:4112
- C:\Windows\System\JpRlhFW.exe
  C:\Windows\System\JpRlhFW.exe
  2⤵
  PID:4128
- C:\Windows\System\jAqDewk.exe
  C:\Windows\System\jAqDewk.exe
  2⤵
  PID:4188
- C:\Windows\System\dumhytu.exe
  C:\Windows\System\dumhytu.exe
  2⤵
  PID:4176
- C:\Windows\System\GkbycoZ.exe
  C:\Windows\System\GkbycoZ.exe
  2⤵
  PID:4212
- C:\Windows\System\Vzxaais.exe
  C:\Windows\System\Vzxaais.exe
  2⤵
  PID:4272
- C:\Windows\System\xjAtGIk.exe
  C:\Windows\System\xjAtGIk.exe
  2⤵
  PID:4304
- C:\Windows\System\oozRKVf.exe
  C:\Windows\System\oozRKVf.exe
  2⤵
  PID:4328
- C:\Windows\System\zovfiwC.exe
  C:\Windows\System\zovfiwC.exe
  2⤵
  PID:4336
- C:\Windows\System\pBZPyof.exe
  C:\Windows\System\pBZPyof.exe
  2⤵
  PID:4372
- C:\Windows\System\qRjVaTF.exe
  C:\Windows\System\qRjVaTF.exe
  2⤵
  PID:4432
- C:\Windows\System\CLLPUhl.exe
  C:\Windows\System\CLLPUhl.exe
  2⤵
  PID:4472
- C:\Windows\System\JVyDGJx.exe
  C:\Windows\System\JVyDGJx.exe
  2⤵
  PID:4476
- C:\Windows\System\fBEFtDc.exe
  C:\Windows\System\fBEFtDc.exe
  2⤵
  PID:4520
- C:\Windows\System\yaJRlqd.exe
  C:\Windows\System\yaJRlqd.exe
  2⤵
  PID:4540
- C:\Windows\System\KwULmJK.exe
  C:\Windows\System\KwULmJK.exe
  2⤵
  PID:4600
- C:\Windows\System\FqnCDeQ.exe
  C:\Windows\System\FqnCDeQ.exe
  2⤵
  PID:4636
- C:\Windows\System\IMBxsqK.exe
  C:\Windows\System\IMBxsqK.exe
  2⤵
  PID:4656
- C:\Windows\System\XPFgjzG.exe
  C:\Windows\System\XPFgjzG.exe
  2⤵
  PID:4664
- C:\Windows\System\vHBTfcw.exe
  C:\Windows\System\vHBTfcw.exe
  2⤵
  PID:4704
- C:\Windows\System\pccyYFm.exe
  C:\Windows\System\pccyYFm.exe
  2⤵
  PID:4744
- C:\Windows\System\vjDRLJq.exe
  C:\Windows\System\vjDRLJq.exe
  2⤵
  PID:4808
- C:\Windows\System\kBbOiNA.exe
  C:\Windows\System\kBbOiNA.exe
  2⤵
  PID:4804
- C:\Windows\System\UPnnLGe.exe
  C:\Windows\System\UPnnLGe.exe
  2⤵
  PID:4844
- C:\Windows\System\EmePJpS.exe
  C:\Windows\System\EmePJpS.exe
  2⤵
  PID:4888
- C:\Windows\System\arpNcRT.exe
  C:\Windows\System\arpNcRT.exe
  2⤵
  PID:4920
- C:\Windows\System\iBmOzrH.exe
  C:\Windows\System\iBmOzrH.exe
  2⤵
  PID:4960
- C:\Windows\System\FRfzJQn.exe
  C:\Windows\System\FRfzJQn.exe
  2⤵
  PID:4968
- C:\Windows\System\XmddeQG.exe
  C:\Windows\System\XmddeQG.exe
  2⤵
  PID:5004
- C:\Windows\System\hfmvScj.exe
  C:\Windows\System\hfmvScj.exe
  2⤵
  PID:5048
- C:\Windows\System\XLstQbL.exe
  C:\Windows\System\XLstQbL.exe
  2⤵
  PID:5088
- C:\Windows\System\MvzqwCQ.exe
  C:\Windows\System\MvzqwCQ.exe
  2⤵
  PID:3844
- C:\Windows\System\EkKfSnF.exe
  C:\Windows\System\EkKfSnF.exe
  2⤵
  PID:2824
- C:\Windows\System\uTwDZRg.exe
  C:\Windows\System\uTwDZRg.exe
  2⤵
  PID:2764
- C:\Windows\System\CZVptWY.exe
  C:\Windows\System\CZVptWY.exe
  2⤵
  PID:2760
- C:\Windows\System\DNkSVsC.exe
  C:\Windows\System\DNkSVsC.exe
  2⤵
  PID:3308
- C:\Windows\System\iorGfng.exe
  C:\Windows\System\iorGfng.exe
  2⤵
  PID:3708
- C:\Windows\System\EYwAFZX.exe
  C:\Windows\System\EYwAFZX.exe
  2⤵
  PID:4148
- C:\Windows\System\FYkbJKn.exe
  C:\Windows\System\FYkbJKn.exe
  2⤵
  PID:4228
- C:\Windows\System\ZTDBaIL.exe
  C:\Windows\System\ZTDBaIL.exe
  2⤵
  PID:4236
- C:\Windows\System\NaNAREt.exe
  C:\Windows\System\NaNAREt.exe
  2⤵
  PID:2804
- C:\Windows\System\ZxmaRqk.exe
  C:\Windows\System\ZxmaRqk.exe
  2⤵
  PID:4356
- C:\Windows\System\TEbEXmH.exe
  C:\Windows\System\TEbEXmH.exe
  2⤵
  PID:3280
- C:\Windows\System\YvMlCPO.exe
  C:\Windows\System\YvMlCPO.exe
  2⤵
  PID:3608
- C:\Windows\System\gvmPkqB.exe
  C:\Windows\System\gvmPkqB.exe
  2⤵
  PID:4420
- C:\Windows\System\ZUEIZew.exe
  C:\Windows\System\ZUEIZew.exe
  2⤵
  PID:4496
- C:\Windows\System\JjPYBeG.exe
  C:\Windows\System\JjPYBeG.exe
  2⤵
  PID:4616
- C:\Windows\System\qMIHQlU.exe
  C:\Windows\System\qMIHQlU.exe
  2⤵
  PID:4684
- C:\Windows\System\PTlKcqD.exe
  C:\Windows\System\PTlKcqD.exe
  2⤵
  PID:4716
- C:\Windows\System\CwVdsbn.exe
  C:\Windows\System\CwVdsbn.exe
  2⤵
  PID:4748
- C:\Windows\System\qarJmmL.exe
  C:\Windows\System\qarJmmL.exe
  2⤵
  PID:4800
- C:\Windows\System\GalcLnR.exe
  C:\Windows\System\GalcLnR.exe
  2⤵
  PID:4848
- C:\Windows\System\vAVOteo.exe
  C:\Windows\System\vAVOteo.exe
  2⤵
  PID:4908
- C:\Windows\System\XrxScNT.exe
  C:\Windows\System\XrxScNT.exe
  2⤵
  PID:5008
- C:\Windows\System\KAxirZl.exe
  C:\Windows\System\KAxirZl.exe
  2⤵
  PID:4984
- C:\Windows\System\XmYHdoF.exe
  C:\Windows\System\XmYHdoF.exe
  2⤵
  PID:5020
- C:\Windows\System\rUffBUW.exe
  C:\Windows\System\rUffBUW.exe
  2⤵
  PID:5084
- C:\Windows\System\SFJfuYV.exe
  C:\Windows\System\SFJfuYV.exe
  2⤵
  PID:1772
- C:\Windows\System\weDUFzE.exe
  C:\Windows\System\weDUFzE.exe
  2⤵
  PID:852
- C:\Windows\System\ClkLChD.exe
  C:\Windows\System\ClkLChD.exe
  2⤵
  PID:4104
- C:\Windows\System\MyyMHrW.exe
  C:\Windows\System\MyyMHrW.exe
  2⤵
  PID:3868
- C:\Windows\System\dYqfgvt.exe
  C:\Windows\System\dYqfgvt.exe
  2⤵
  PID:4252
- C:\Windows\System\nQJwZTc.exe
  C:\Windows\System\nQJwZTc.exe
  2⤵
  PID:2624
- C:\Windows\System\BgNcwSG.exe
  C:\Windows\System\BgNcwSG.exe
  2⤵
  PID:4308
- C:\Windows\System\jZWnzgn.exe
  C:\Windows\System\jZWnzgn.exe
  2⤵
  PID:4368
- C:\Windows\System\uxeqPjI.exe
  C:\Windows\System\uxeqPjI.exe
  2⤵
  PID:4552
- C:\Windows\System\LEqDeBe.exe
  C:\Windows\System\LEqDeBe.exe
  2⤵
  PID:4640
- C:\Windows\System\GLKKyVv.exe
  C:\Windows\System\GLKKyVv.exe
  2⤵
  PID:4760
- C:\Windows\System\OUhHrQu.exe
  C:\Windows\System\OUhHrQu.exe
  2⤵
  PID:4788
- C:\Windows\System\TsDfcwG.exe
  C:\Windows\System\TsDfcwG.exe
  2⤵
  PID:4904
- C:\Windows\System\cNxHekN.exe
  C:\Windows\System\cNxHekN.exe
  2⤵
  PID:2716
- C:\Windows\System\JETdhYF.exe
  C:\Windows\System\JETdhYF.exe
  2⤵
  PID:4864
- C:\Windows\System\PKtdvYA.exe
  C:\Windows\System\PKtdvYA.exe
  2⤵
  PID:5040
- C:\Windows\System\parsAXA.exe
  C:\Windows\System\parsAXA.exe
  2⤵
  PID:4012
- C:\Windows\System\pkkzlaC.exe
  C:\Windows\System\pkkzlaC.exe
  2⤵
  PID:4152
- C:\Windows\System\faXwhbU.exe
  C:\Windows\System\faXwhbU.exe
  2⤵
  PID:3040
- C:\Windows\System\AfVeEjh.exe
  C:\Windows\System\AfVeEjh.exe
  2⤵
  PID:4208
- C:\Windows\System\FIVdnyp.exe
  C:\Windows\System\FIVdnyp.exe
  2⤵
  PID:4396
- C:\Windows\System\WkygKoo.exe
  C:\Windows\System\WkygKoo.exe
  2⤵
  PID:2808
- C:\Windows\System\jlBnIEb.exe
  C:\Windows\System\jlBnIEb.exe
  2⤵
  PID:5140
- C:\Windows\System\qWPHuUi.exe
  C:\Windows\System\qWPHuUi.exe
  2⤵
  PID:5160
- C:\Windows\System\Rllxawj.exe
  C:\Windows\System\Rllxawj.exe
  2⤵
  PID:5180
- C:\Windows\System\ZohflHU.exe
  C:\Windows\System\ZohflHU.exe
  2⤵
  PID:5200
- C:\Windows\System\NSwhQqp.exe
  C:\Windows\System\NSwhQqp.exe
  2⤵
  PID:5220
- C:\Windows\System\KJTfQdA.exe
  C:\Windows\System\KJTfQdA.exe
  2⤵
  PID:5240
- C:\Windows\System\CDRRfxH.exe
  C:\Windows\System\CDRRfxH.exe
  2⤵
  PID:5260
- C:\Windows\System\RaYyZaa.exe
  C:\Windows\System\RaYyZaa.exe
  2⤵
  PID:5280
- C:\Windows\System\ulLibUQ.exe
  C:\Windows\System\ulLibUQ.exe
  2⤵
  PID:5300
- C:\Windows\System\sCwtraj.exe
  C:\Windows\System\sCwtraj.exe
  2⤵
  PID:5320
- C:\Windows\System\YmfRDzR.exe
  C:\Windows\System\YmfRDzR.exe
  2⤵
  PID:5340
- C:\Windows\System\VFqMKpI.exe
  C:\Windows\System\VFqMKpI.exe
  2⤵
  PID:5360
- C:\Windows\System\GyurNaZ.exe
  C:\Windows\System\GyurNaZ.exe
  2⤵
  PID:5380
- C:\Windows\System\oKWcPTs.exe
  C:\Windows\System\oKWcPTs.exe
  2⤵
  PID:5400
- C:\Windows\System\NbYaaaG.exe
  C:\Windows\System\NbYaaaG.exe
  2⤵
  PID:5420
- C:\Windows\System\TMommHV.exe
  C:\Windows\System\TMommHV.exe
  2⤵
  PID:5440
- C:\Windows\System\lhUUXjx.exe
  C:\Windows\System\lhUUXjx.exe
  2⤵
  PID:5460
- C:\Windows\System\nvDODsb.exe
  C:\Windows\System\nvDODsb.exe
  2⤵
  PID:5480
- C:\Windows\System\hKhjdfW.exe
  C:\Windows\System\hKhjdfW.exe
  2⤵
  PID:5500
- C:\Windows\System\mBgxOEp.exe
  C:\Windows\System\mBgxOEp.exe
  2⤵
  PID:5520
- C:\Windows\System\edNbVZt.exe
  C:\Windows\System\edNbVZt.exe
  2⤵
  PID:5540
- C:\Windows\System\mwrcXdo.exe
  C:\Windows\System\mwrcXdo.exe
  2⤵
  PID:5560
- C:\Windows\System\vqqXkVq.exe
  C:\Windows\System\vqqXkVq.exe
  2⤵
  PID:5576
- C:\Windows\System\SjQXnAE.exe
  C:\Windows\System\SjQXnAE.exe
  2⤵
  PID:5600
- C:\Windows\System\uspBWIY.exe
  C:\Windows\System\uspBWIY.exe
  2⤵
  PID:5620
- C:\Windows\System\ITpqWxh.exe
  C:\Windows\System\ITpqWxh.exe
  2⤵
  PID:5640
- C:\Windows\System\KvPdTTQ.exe
  C:\Windows\System\KvPdTTQ.exe
  2⤵
  PID:5656
- C:\Windows\System\YekOhpp.exe
  C:\Windows\System\YekOhpp.exe
  2⤵
  PID:5676
- C:\Windows\System\GofHMga.exe
  C:\Windows\System\GofHMga.exe
  2⤵
  PID:5696
- C:\Windows\System\FsZYpIC.exe
  C:\Windows\System\FsZYpIC.exe
  2⤵
  PID:5720
- C:\Windows\System\drTgyZv.exe
  C:\Windows\System\drTgyZv.exe
  2⤵
  PID:5740
- C:\Windows\System\scNPdFn.exe
  C:\Windows\System\scNPdFn.exe
  2⤵
  PID:5764
- C:\Windows\System\RcWSqfy.exe
  C:\Windows\System\RcWSqfy.exe
  2⤵
  PID:5780
- C:\Windows\System\qcNFdmk.exe
  C:\Windows\System\qcNFdmk.exe
  2⤵
  PID:5800
- C:\Windows\System\QXWYRgp.exe
  C:\Windows\System\QXWYRgp.exe
  2⤵
  PID:5824
- C:\Windows\System\vXuFoXV.exe
  C:\Windows\System\vXuFoXV.exe
  2⤵
  PID:5844
- C:\Windows\System\ihmOcRw.exe
  C:\Windows\System\ihmOcRw.exe
  2⤵
  PID:5860
- C:\Windows\System\QmmQNAJ.exe
  C:\Windows\System\QmmQNAJ.exe
  2⤵
  PID:5884
- C:\Windows\System\wBPfpZU.exe
  C:\Windows\System\wBPfpZU.exe
  2⤵
  PID:5904
- C:\Windows\System\Ijycntj.exe
  C:\Windows\System\Ijycntj.exe
  2⤵
  PID:5924
- C:\Windows\System\BMCzuHr.exe
  C:\Windows\System\BMCzuHr.exe
  2⤵
  PID:5944
- C:\Windows\System\aziazPu.exe
  C:\Windows\System\aziazPu.exe
  2⤵
  PID:5964
- C:\Windows\System\fkKxyQe.exe
  C:\Windows\System\fkKxyQe.exe
  2⤵
  PID:5980
- C:\Windows\System\REzEzBK.exe
  C:\Windows\System\REzEzBK.exe
  2⤵
  PID:6004
- C:\Windows\System\ETtSAuq.exe
  C:\Windows\System\ETtSAuq.exe
  2⤵
  PID:6024
- C:\Windows\System\LmHOWBh.exe
  C:\Windows\System\LmHOWBh.exe
  2⤵
  PID:6044
- C:\Windows\System\QXyipVy.exe
  C:\Windows\System\QXyipVy.exe
  2⤵
  PID:6064
- C:\Windows\System\eFWUaDp.exe
  C:\Windows\System\eFWUaDp.exe
  2⤵
  PID:6084
- C:\Windows\System\wdFVKvA.exe
  C:\Windows\System\wdFVKvA.exe
  2⤵
  PID:6104
- C:\Windows\System\KyNcOux.exe
  C:\Windows\System\KyNcOux.exe
  2⤵
  PID:6124
- C:\Windows\System\LmzWqtw.exe
  C:\Windows\System\LmzWqtw.exe
  2⤵
  PID:4564
- C:\Windows\System\fwXAQoK.exe
  C:\Windows\System\fwXAQoK.exe
  2⤵
  PID:4556
- C:\Windows\System\cTEKRvR.exe
  C:\Windows\System\cTEKRvR.exe
  2⤵
  PID:4596
- C:\Windows\System\udAzHcq.exe
  C:\Windows\System\udAzHcq.exe
  2⤵
  PID:4924
- C:\Windows\System\jcAkRsC.exe
  C:\Windows\System\jcAkRsC.exe
  2⤵
  PID:5080
- C:\Windows\System\eGQZSUW.exe
  C:\Windows\System\eGQZSUW.exe
  2⤵
  PID:3504
- C:\Windows\System\BiAKddd.exe
  C:\Windows\System\BiAKddd.exe
  2⤵
  PID:4172
- C:\Windows\System\cOKLgWh.exe
  C:\Windows\System\cOKLgWh.exe
  2⤵
  PID:2248
- C:\Windows\System\GEKEnZo.exe
  C:\Windows\System\GEKEnZo.exe
  2⤵
  PID:4288
- C:\Windows\System\HBNkmcF.exe
  C:\Windows\System\HBNkmcF.exe
  2⤵
  PID:4268
- C:\Windows\System\OxCAZqY.exe
  C:\Windows\System\OxCAZqY.exe
  2⤵
  PID:5168
- C:\Windows\System\njdfUYQ.exe
  C:\Windows\System\njdfUYQ.exe
  2⤵
  PID:2580
- C:\Windows\System\UKNdwbG.exe
  C:\Windows\System\UKNdwbG.exe
  2⤵
  PID:5232
- C:\Windows\System\LNlIaUj.exe
  C:\Windows\System\LNlIaUj.exe
  2⤵
  PID:5276
- C:\Windows\System\fITkxmD.exe
  C:\Windows\System\fITkxmD.exe
  2⤵
  PID:5308
- C:\Windows\System\KtaItqT.exe
  C:\Windows\System\KtaItqT.exe
  2⤵
  PID:5292
- C:\Windows\System\VGKHZwb.exe
  C:\Windows\System\VGKHZwb.exe
  2⤵
  PID:5388
- C:\Windows\System\JyGtgWJ.exe
  C:\Windows\System\JyGtgWJ.exe
  2⤵
  PID:5392
- C:\Windows\System\ExOXggr.exe
  C:\Windows\System\ExOXggr.exe
  2⤵
  PID:5468
- C:\Windows\System\PYSGRcV.exe
  C:\Windows\System\PYSGRcV.exe
  2⤵
  PID:5408
- C:\Windows\System\gHfUiTD.exe
  C:\Windows\System\gHfUiTD.exe
  2⤵
  PID:5512
- C:\Windows\System\cvwjqdM.exe
  C:\Windows\System\cvwjqdM.exe
  2⤵
  PID:5452
- C:\Windows\System\gckHpWl.exe
  C:\Windows\System\gckHpWl.exe
  2⤵
  PID:5492
- C:\Windows\System\qJVMJNl.exe
  C:\Windows\System\qJVMJNl.exe
  2⤵
  PID:5596
- C:\Windows\System\JZaUjFR.exe
  C:\Windows\System\JZaUjFR.exe
  2⤵
  PID:2600
- C:\Windows\System\LuSzYOW.exe
  C:\Windows\System\LuSzYOW.exe
  2⤵
  PID:5568
- C:\Windows\System\MKXwxKt.exe
  C:\Windows\System\MKXwxKt.exe
  2⤵
  PID:5616
- C:\Windows\System\FkvyFhJ.exe
  C:\Windows\System\FkvyFhJ.exe
  2⤵
  PID:5652
- C:\Windows\System\zCSROdB.exe
  C:\Windows\System\zCSROdB.exe
  2⤵
  PID:5684
- C:\Windows\System\ksPOLgo.exe
  C:\Windows\System\ksPOLgo.exe
  2⤵
  PID:5728
- C:\Windows\System\BUpMUgF.exe
  C:\Windows\System\BUpMUgF.exe
  2⤵
  PID:5756
- C:\Windows\System\kWGdkxW.exe
  C:\Windows\System\kWGdkxW.exe
  2⤵
  PID:5792
- C:\Windows\System\seHiLFw.exe
  C:\Windows\System\seHiLFw.exe
  2⤵
  PID:5836
- C:\Windows\System\mSPoMZV.exe
  C:\Windows\System\mSPoMZV.exe
  2⤵
  PID:5868
- C:\Windows\System\AgYQUXy.exe
  C:\Windows\System\AgYQUXy.exe
  2⤵
  PID:5880
- C:\Windows\System\SGVEIuj.exe
  C:\Windows\System\SGVEIuj.exe
  2⤵
  PID:5920
- C:\Windows\System\ocaTLne.exe
  C:\Windows\System\ocaTLne.exe
  2⤵
  PID:5940
- C:\Windows\System\kiTXFbi.exe
  C:\Windows\System\kiTXFbi.exe
  2⤵
  PID:5992
- C:\Windows\System\CWoUHsM.exe
  C:\Windows\System\CWoUHsM.exe
  2⤵
  PID:5972
- C:\Windows\System\YHvUXTt.exe
  C:\Windows\System\YHvUXTt.exe
  2⤵
  PID:6016
- C:\Windows\System\yGcVnST.exe
  C:\Windows\System\yGcVnST.exe
  2⤵
  PID:6060
- C:\Windows\System\IhiqAjt.exe
  C:\Windows\System\IhiqAjt.exe
  2⤵
  PID:6120
- C:\Windows\System\CwEiuSa.exe
  C:\Windows\System\CwEiuSa.exe
  2⤵
  PID:4680
- C:\Windows\System\eSJUgUH.exe
  C:\Windows\System\eSJUgUH.exe
  2⤵
  PID:4604
- C:\Windows\System\HIMQPiy.exe
  C:\Windows\System\HIMQPiy.exe
  2⤵
  PID:4828
- C:\Windows\System\YBNfBWU.exe
  C:\Windows\System\YBNfBWU.exe
  2⤵
  PID:4880
- C:\Windows\System\XpULhpw.exe
  C:\Windows\System\XpULhpw.exe
  2⤵
  PID:3912
- C:\Windows\System\CkexOYe.exe
  C:\Windows\System\CkexOYe.exe
  2⤵
  PID:5148
- C:\Windows\System\HbWdLoS.exe
  C:\Windows\System\HbWdLoS.exe
  2⤵
  PID:5192
- C:\Windows\System\UBaLEIB.exe
  C:\Windows\System\UBaLEIB.exe
  2⤵
  PID:5212
- C:\Windows\System\gLtvkoB.exe
  C:\Windows\System\gLtvkoB.exe
  2⤵
  PID:5248
- C:\Windows\System\ItXgEhd.exe
  C:\Windows\System\ItXgEhd.exe
  2⤵
  PID:5288
- C:\Windows\System\ejQsmJF.exe
  C:\Windows\System\ejQsmJF.exe
  2⤵
  PID:1632
- C:\Windows\System\AqaaTqF.exe
  C:\Windows\System\AqaaTqF.exe
  2⤵
  PID:2784
- C:\Windows\System\zglxlfb.exe
  C:\Windows\System\zglxlfb.exe
  2⤵
  PID:2664
- C:\Windows\System\XyIRFOe.exe
  C:\Windows\System\XyIRFOe.exe
  2⤵
  PID:5456
- C:\Windows\System\JUvhPnm.exe
  C:\Windows\System\JUvhPnm.exe
  2⤵
  PID:5588
- C:\Windows\System\FXMzjRG.exe
  C:\Windows\System\FXMzjRG.exe
  2⤵
  PID:5532
- C:\Windows\System\HZigmwR.exe
  C:\Windows\System\HZigmwR.exe
  2⤵
  PID:5608
- C:\Windows\System\qCEjfbP.exe
  C:\Windows\System\qCEjfbP.exe
  2⤵
  PID:5612
- C:\Windows\System\NqJpwmX.exe
  C:\Windows\System\NqJpwmX.exe
  2⤵
  PID:5712
- C:\Windows\System\CsCgvpj.exe
  C:\Windows\System\CsCgvpj.exe
  2⤵
  PID:5788
- C:\Windows\System\yGTgWTh.exe
  C:\Windows\System\yGTgWTh.exe
  2⤵
  PID:5816
- C:\Windows\System\EGchtKx.exe
  C:\Windows\System\EGchtKx.exe
  2⤵
  PID:5912
- C:\Windows\System\HBJzreK.exe
  C:\Windows\System\HBJzreK.exe
  2⤵
  PID:5856
- C:\Windows\System\PypgjWO.exe
  C:\Windows\System\PypgjWO.exe
  2⤵
  PID:5960
- C:\Windows\System\VOtnUdL.exe
  C:\Windows\System\VOtnUdL.exe
  2⤵
  PID:6036
- C:\Windows\System\BzwgZbp.exe
  C:\Windows\System\BzwgZbp.exe
  2⤵
  PID:6100
- C:\Windows\System\sTDmesi.exe
  C:\Windows\System\sTDmesi.exe
  2⤵
  PID:6140
- C:\Windows\System\gSLQOCE.exe
  C:\Windows\System\gSLQOCE.exe
  2⤵
  PID:4720
- C:\Windows\System\yZpGkqE.exe
  C:\Windows\System\yZpGkqE.exe
  2⤵
  PID:3104
- C:\Windows\System\fqelloQ.exe
  C:\Windows\System\fqelloQ.exe
  2⤵
  PID:4392
- C:\Windows\System\CAFxYSm.exe
  C:\Windows\System\CAFxYSm.exe
  2⤵
  PID:5156
- C:\Windows\System\eeXjoyv.exe
  C:\Windows\System\eeXjoyv.exe
  2⤵
  PID:5228
- C:\Windows\System\jSXlQWJ.exe
  C:\Windows\System\jSXlQWJ.exe
  2⤵
  PID:5332
- C:\Windows\System\uDGKhEe.exe
  C:\Windows\System\uDGKhEe.exe
  2⤵
  PID:5372
- C:\Windows\System\RHLNQoj.exe
  C:\Windows\System\RHLNQoj.exe
  2⤵
  PID:5432
- C:\Windows\System\KRKPyZu.exe
  C:\Windows\System\KRKPyZu.exe
  2⤵
  PID:5528
- C:\Windows\System\fvaIfrl.exe
  C:\Windows\System\fvaIfrl.exe
  2⤵
  PID:5648
- C:\Windows\System\bOfSgnS.exe
  C:\Windows\System\bOfSgnS.exe
  2⤵
  PID:5704
- C:\Windows\System\BxTTHoK.exe
  C:\Windows\System\BxTTHoK.exe
  2⤵
  PID:5748
- C:\Windows\System\ytEohBR.exe
  C:\Windows\System\ytEohBR.exe
  2⤵
  PID:5776
- C:\Windows\System\ciHUsYV.exe
  C:\Windows\System\ciHUsYV.exe
  2⤵
  PID:5916
- C:\Windows\System\XLeHxXg.exe
  C:\Windows\System\XLeHxXg.exe
  2⤵
  PID:2980
- C:\Windows\System\KvfYtGd.exe
  C:\Windows\System\KvfYtGd.exe
  2⤵
  PID:6092
- C:\Windows\System\UrnjsVT.exe
  C:\Windows\System\UrnjsVT.exe
  2⤵
  PID:6096
- C:\Windows\System\pUKqVmI.exe
  C:\Windows\System\pUKqVmI.exe
  2⤵
  PID:4820
- C:\Windows\System\hfEXTpc.exe
  C:\Windows\System\hfEXTpc.exe
  2⤵
  PID:5152
- C:\Windows\System\WexhxCc.exe
  C:\Windows\System\WexhxCc.exe
  2⤵
  PID:5296
- C:\Windows\System\mAvEyvg.exe
  C:\Windows\System\mAvEyvg.exe
  2⤵
  PID:3828
- C:\Windows\System\kJWcJOc.exe
  C:\Windows\System\kJWcJOc.exe
  2⤵
  PID:5508
- C:\Windows\System\tPIJJiI.exe
  C:\Windows\System\tPIJJiI.exe
  2⤵
  PID:5552
- C:\Windows\System\aPupSGs.exe
  C:\Windows\System\aPupSGs.exe
  2⤵
  PID:2320
- C:\Windows\System\PnQDPuQ.exe
  C:\Windows\System\PnQDPuQ.exe
  2⤵
  PID:5988
- C:\Windows\System\BMjifQn.exe
  C:\Windows\System\BMjifQn.exe
  2⤵
  PID:6020
- C:\Windows\System\Ofkgxbp.exe
  C:\Windows\System\Ofkgxbp.exe
  2⤵
  PID:2376
- C:\Windows\System\ajFGTFs.exe
  C:\Windows\System\ajFGTFs.exe
  2⤵
  PID:3808
- C:\Windows\System\NYrksJM.exe
  C:\Windows\System\NYrksJM.exe
  2⤵
  PID:5188
- C:\Windows\System\DTypHue.exe
  C:\Windows\System\DTypHue.exe
  2⤵
  PID:5352
- C:\Windows\System\VJnTCqt.exe
  C:\Windows\System\VJnTCqt.exe
  2⤵
  PID:2688
- C:\Windows\System\ylgimaK.exe
  C:\Windows\System\ylgimaK.exe
  2⤵
  PID:2756
- C:\Windows\System\nnULeDs.exe
  C:\Windows\System\nnULeDs.exe
  2⤵
  PID:2564
- C:\Windows\System\flIlqGW.exe
  C:\Windows\System\flIlqGW.exe
  2⤵
  PID:2612
- C:\Windows\System\emUWzWC.exe
  C:\Windows\System\emUWzWC.exe
  2⤵
  PID:2120
- C:\Windows\System\KiRcddV.exe
  C:\Windows\System\KiRcddV.exe
  2⤵
  PID:2392
- C:\Windows\System\YlIblxg.exe
  C:\Windows\System\YlIblxg.exe
  2⤵
  PID:756
- C:\Windows\System\YfAJIlH.exe
  C:\Windows\System\YfAJIlH.exe
  2⤵
  PID:2196
- C:\Windows\System\HKqbgIN.exe
  C:\Windows\System\HKqbgIN.exe
  2⤵
  PID:1860
- C:\Windows\System\fFDEccG.exe
  C:\Windows\System\fFDEccG.exe
  2⤵
  PID:1976
- C:\Windows\System\FxQOtPK.exe
  C:\Windows\System\FxQOtPK.exe
  2⤵
  PID:2720
- C:\Windows\System\lrPteBT.exe
  C:\Windows\System\lrPteBT.exe
  2⤵
  PID:2968
- C:\Windows\System\ITzUbWZ.exe
  C:\Windows\System\ITzUbWZ.exe
  2⤵
  PID:5108
- C:\Windows\System\NwQcfgu.exe
  C:\Windows\System\NwQcfgu.exe
  2⤵
  PID:4332
- C:\Windows\System\EZirKIg.exe
  C:\Windows\System\EZirKIg.exe
  2⤵
  PID:5892
- C:\Windows\System\wQHFkoZ.exe
  C:\Windows\System\wQHFkoZ.exe
  2⤵
  PID:2800
- C:\Windows\System\cttOIlw.exe
  C:\Windows\System\cttOIlw.exe
  2⤵
  PID:2840
- C:\Windows\System\RrTinmy.exe
  C:\Windows\System\RrTinmy.exe
  2⤵
  PID:6076
- C:\Windows\System\VnUlSlM.exe
  C:\Windows\System\VnUlSlM.exe
  2⤵
  PID:3044
- C:\Windows\System\EklWBRe.exe
  C:\Windows\System\EklWBRe.exe
  2⤵
  PID:2440
- C:\Windows\System\dMhIqif.exe
  C:\Windows\System\dMhIqif.exe
  2⤵
  PID:1616
- C:\Windows\System\RSxzmJM.exe
  C:\Windows\System\RSxzmJM.exe
  2⤵
  PID:1748
- C:\Windows\System\lvtXRRw.exe
  C:\Windows\System\lvtXRRw.exe
  2⤵
  PID:5176
- C:\Windows\System\EOdfjzO.exe
  C:\Windows\System\EOdfjzO.exe
  2⤵
  PID:5632
- C:\Windows\System\wAGuSnU.exe
  C:\Windows\System\wAGuSnU.exe
  2⤵
  PID:2100
- C:\Windows\System\zTCooLh.exe
  C:\Windows\System\zTCooLh.exe
  2⤵
  PID:2876
- C:\Windows\System\crtFsEt.exe
  C:\Windows\System\crtFsEt.exe
  2⤵
  PID:1992
- C:\Windows\System\XVZCHOU.exe
  C:\Windows\System\XVZCHOU.exe
  2⤵
  PID:2032
- C:\Windows\System\HdxPsnQ.exe
  C:\Windows\System\HdxPsnQ.exe
  2⤵
  PID:2728
- C:\Windows\System\bETjSSE.exe
  C:\Windows\System\bETjSSE.exe
  2⤵
  PID:664
- C:\Windows\System\GNTyYAD.exe
  C:\Windows\System\GNTyYAD.exe
  2⤵
  PID:5840
- C:\Windows\System\yIEELwC.exe
  C:\Windows\System\yIEELwC.exe
  2⤵
  PID:1480
- C:\Windows\System\IHUAosS.exe
  C:\Windows\System\IHUAosS.exe
  2⤵
  PID:6172
- C:\Windows\System\rSVoLSL.exe
  C:\Windows\System\rSVoLSL.exe
  2⤵
  PID:6196
- C:\Windows\System\hqXWFYi.exe
  C:\Windows\System\hqXWFYi.exe
  2⤵
  PID:6240
- C:\Windows\System\FNTkMGl.exe
  C:\Windows\System\FNTkMGl.exe
  2⤵
  PID:6256
- C:\Windows\System\gBsfFsf.exe
  C:\Windows\System\gBsfFsf.exe
  2⤵
  PID:6280
- C:\Windows\System\WclNmGH.exe
  C:\Windows\System\WclNmGH.exe
  2⤵
  PID:6296
- C:\Windows\System\wJmooTH.exe
  C:\Windows\System\wJmooTH.exe
  2⤵
  PID:6316
- C:\Windows\System\tbaZEUq.exe
  C:\Windows\System\tbaZEUq.exe
  2⤵
  PID:6332
- C:\Windows\System\UdvTIUi.exe
  C:\Windows\System\UdvTIUi.exe
  2⤵
  PID:6352
- C:\Windows\System\zDglhiJ.exe
  C:\Windows\System\zDglhiJ.exe
  2⤵
  PID:6368
- C:\Windows\System\yoTnRPO.exe
  C:\Windows\System\yoTnRPO.exe
  2⤵
  PID:6400
- C:\Windows\System\zkxivDm.exe
  C:\Windows\System\zkxivDm.exe
  2⤵
  PID:6416
- C:\Windows\System\xnqfLwM.exe
  C:\Windows\System\xnqfLwM.exe
  2⤵
  PID:6436
- C:\Windows\System\RxhBmPX.exe
  C:\Windows\System\RxhBmPX.exe
  2⤵
  PID:6452
- C:\Windows\System\CVqNrCY.exe
  C:\Windows\System\CVqNrCY.exe
  2⤵
  PID:6468
- C:\Windows\System\qPqGAEJ.exe
  C:\Windows\System\qPqGAEJ.exe
  2⤵
  PID:6488
- C:\Windows\System\XAWiSQp.exe
  C:\Windows\System\XAWiSQp.exe
  2⤵
  PID:6516
- C:\Windows\System\LRNbIqr.exe
  C:\Windows\System\LRNbIqr.exe
  2⤵
  PID:6532
- C:\Windows\System\mOwHZWC.exe
  C:\Windows\System\mOwHZWC.exe
  2⤵
  PID:6552
- C:\Windows\System\etcUOmb.exe
  C:\Windows\System\etcUOmb.exe
  2⤵
  PID:6572
- C:\Windows\System\iVquIyv.exe
  C:\Windows\System\iVquIyv.exe
  2⤵
  PID:6588
- C:\Windows\System\XEmBdCa.exe
  C:\Windows\System\XEmBdCa.exe
  2⤵
  PID:6604
- C:\Windows\System\Eyhfbew.exe
  C:\Windows\System\Eyhfbew.exe
  2⤵
  PID:6620
- C:\Windows\System\KjFJgAF.exe
  C:\Windows\System\KjFJgAF.exe
  2⤵
  PID:6636
- C:\Windows\System\hLqTCOC.exe
  C:\Windows\System\hLqTCOC.exe
  2⤵
  PID:6652
- C:\Windows\System\jIZsBQN.exe
  C:\Windows\System\jIZsBQN.exe
  2⤵
  PID:6676
- C:\Windows\System\ctYnwpU.exe
  C:\Windows\System\ctYnwpU.exe
  2⤵
  PID:6696
- C:\Windows\System\pdNPHTc.exe
  C:\Windows\System\pdNPHTc.exe
  2⤵
  PID:6716
- C:\Windows\System\ioAQpPC.exe
  C:\Windows\System\ioAQpPC.exe
  2⤵
  PID:6732
- C:\Windows\System\ohQxUVC.exe
  C:\Windows\System\ohQxUVC.exe
  2⤵
  PID:6780
- C:\Windows\System\UPMXeYF.exe
  C:\Windows\System\UPMXeYF.exe
  2⤵
  PID:6796
- C:\Windows\System\XoTCVSE.exe
  C:\Windows\System\XoTCVSE.exe
  2⤵
  PID:6812
- C:\Windows\System\ERdYHxC.exe
  C:\Windows\System\ERdYHxC.exe
  2⤵
  PID:6832
- C:\Windows\System\WFSWluU.exe
  C:\Windows\System\WFSWluU.exe
  2⤵
  PID:6848
- C:\Windows\System\lwwwLJe.exe
  C:\Windows\System\lwwwLJe.exe
  2⤵
  PID:6864
- C:\Windows\System\CSoMPDf.exe
  C:\Windows\System\CSoMPDf.exe
  2⤵
  PID:6880
- C:\Windows\System\VRLYnPz.exe
  C:\Windows\System\VRLYnPz.exe
  2⤵
  PID:6900
- C:\Windows\System\ZPYpkLB.exe
  C:\Windows\System\ZPYpkLB.exe
  2⤵
  PID:6916
- C:\Windows\System\EmfrYdu.exe
  C:\Windows\System\EmfrYdu.exe
  2⤵
  PID:6932
- C:\Windows\System\PxvvpIh.exe
  C:\Windows\System\PxvvpIh.exe
  2⤵
  PID:6948
- C:\Windows\System\TqMLiLf.exe
  C:\Windows\System\TqMLiLf.exe
  2⤵
  PID:6968
- C:\Windows\System\McWpADS.exe
  C:\Windows\System\McWpADS.exe
  2⤵
  PID:6984
- C:\Windows\System\MsyqQWY.exe
  C:\Windows\System\MsyqQWY.exe
  2⤵
  PID:7040
- C:\Windows\System\mmredpq.exe
  C:\Windows\System\mmredpq.exe
  2⤵
  PID:7060
- C:\Windows\System\nKSnfuU.exe
  C:\Windows\System\nKSnfuU.exe
  2⤵
  PID:7080
- C:\Windows\System\jnGSdeE.exe
  C:\Windows\System\jnGSdeE.exe
  2⤵
  PID:7100
- C:\Windows\System\QRyiBTu.exe
  C:\Windows\System\QRyiBTu.exe
  2⤵
  PID:7116
- C:\Windows\System\FQgPzxz.exe
  C:\Windows\System\FQgPzxz.exe
  2⤵
  PID:7132
- C:\Windows\System\wSYeSYd.exe
  C:\Windows\System\wSYeSYd.exe
  2⤵
  PID:7152
- C:\Windows\System\DzhkQgl.exe
  C:\Windows\System\DzhkQgl.exe
  2⤵
  PID:1724
- C:\Windows\System\rQYvtoA.exe
  C:\Windows\System\rQYvtoA.exe
  2⤵
  PID:6160
- C:\Windows\System\YCxcjCr.exe
  C:\Windows\System\YCxcjCr.exe
  2⤵
  PID:4352
- C:\Windows\System\VaALDkw.exe
  C:\Windows\System\VaALDkw.exe
  2⤵
  PID:6180
- C:\Windows\System\qcjTbHJ.exe
  C:\Windows\System\qcjTbHJ.exe
  2⤵
  PID:5996
- C:\Windows\System\JtPxoIa.exe
  C:\Windows\System\JtPxoIa.exe
  2⤵
  PID:1936
- C:\Windows\System\eCaCQwm.exe
  C:\Windows\System\eCaCQwm.exe
  2⤵
  PID:2000
- C:\Windows\System\uqBmmjL.exe
  C:\Windows\System\uqBmmjL.exe
  2⤵
  PID:2540
- C:\Windows\System\CLukbVA.exe
  C:\Windows\System\CLukbVA.exe
  2⤵
  PID:2844
- C:\Windows\System\cxOuMsD.exe
  C:\Windows\System\cxOuMsD.exe
  2⤵
  PID:6272
- C:\Windows\System\NYzpyti.exe
  C:\Windows\System\NYzpyti.exe
  2⤵
  PID:6308
- C:\Windows\System\cQdEedN.exe
  C:\Windows\System\cQdEedN.exe
  2⤵
  PID:6380
- C:\Windows\System\LVvdaJs.exe
  C:\Windows\System\LVvdaJs.exe
  2⤵
  PID:6364
- C:\Windows\System\dwaizps.exe
  C:\Windows\System\dwaizps.exe
  2⤵
  PID:6388
- C:\Windows\System\mZrNdFS.exe
  C:\Windows\System\mZrNdFS.exe
  2⤵
  PID:6412
- C:\Windows\System\XfZyaRh.exe
  C:\Windows\System\XfZyaRh.exe
  2⤵
  PID:6476
- C:\Windows\System\IjiBvcw.exe
  C:\Windows\System\IjiBvcw.exe
  2⤵
  PID:6508
- C:\Windows\System\DQHBMMt.exe
  C:\Windows\System\DQHBMMt.exe
  2⤵
  PID:6464
- C:\Windows\System\BKWgJVu.exe
  C:\Windows\System\BKWgJVu.exe
  2⤵
  PID:6548
- C:\Windows\System\CShFZRv.exe
  C:\Windows\System\CShFZRv.exe
  2⤵
  PID:6616
- C:\Windows\System\NeVPyuy.exe
  C:\Windows\System\NeVPyuy.exe
  2⤵
  PID:6688
- C:\Windows\System\tttnizW.exe
  C:\Windows\System\tttnizW.exe
  2⤵
  PID:6596
- C:\Windows\System\droSvOU.exe
  C:\Windows\System\droSvOU.exe
  2⤵
  PID:6724
- C:\Windows\System\CodCRuF.exe
  C:\Windows\System\CodCRuF.exe
  2⤵
  PID:6672
- C:\Windows\System\Lmoupuw.exe
  C:\Windows\System\Lmoupuw.exe
  2⤵
  PID:6564
- C:\Windows\System\UjijRXz.exe
  C:\Windows\System\UjijRXz.exe
  2⤵
  PID:6752
- C:\Windows\System\GeNqIqy.exe
  C:\Windows\System\GeNqIqy.exe
  2⤵
  PID:6768
- C:\Windows\System\NrZsBCA.exe
  C:\Windows\System\NrZsBCA.exe
  2⤵
  PID:6728
- C:\Windows\System\pSPlGZO.exe
  C:\Windows\System\pSPlGZO.exe
  2⤵
  PID:6844
- C:\Windows\System\KKVpPnx.exe
  C:\Windows\System\KKVpPnx.exe
  2⤵
  PID:6912
- C:\Windows\System\iHQEriU.exe
  C:\Windows\System\iHQEriU.exe
  2⤵
  PID:6940
- C:\Windows\System\XCnHUVu.exe
  C:\Windows\System\XCnHUVu.exe
  2⤵
  PID:6860
- C:\Windows\System\xSSPKDx.exe
  C:\Windows\System\xSSPKDx.exe
  2⤵
  PID:6896
- C:\Windows\System\hoAsWMy.exe
  C:\Windows\System\hoAsWMy.exe
  2⤵
  PID:6992
- C:\Windows\System\GXSfdpn.exe
  C:\Windows\System\GXSfdpn.exe
  2⤵
  PID:7020
- C:\Windows\System\hmmahkb.exe
  C:\Windows\System\hmmahkb.exe
  2⤵
  PID:6980
- C:\Windows\System\HLqyfVK.exe
  C:\Windows\System\HLqyfVK.exe
  2⤵
  PID:7052
- C:\Windows\System\VDvBJVa.exe
  C:\Windows\System\VDvBJVa.exe
  2⤵
  PID:7108
- C:\Windows\System\BVJazHy.exe
  C:\Windows\System\BVJazHy.exe
  2⤵
  PID:7128
- C:\Windows\System\RUxPZeT.exe
  C:\Windows\System\RUxPZeT.exe
  2⤵
  PID:6156
- C:\Windows\System\dEKbsXS.exe
  C:\Windows\System\dEKbsXS.exe
  2⤵
  PID:7092
- C:\Windows\System\zqSkYCl.exe
  C:\Windows\System\zqSkYCl.exe
  2⤵
  PID:7160
- C:\Windows\System\groFhND.exe
  C:\Windows\System\groFhND.exe
  2⤵
  PID:6264
- C:\Windows\System\ssjPBju.exe
  C:\Windows\System\ssjPBju.exe
  2⤵
  PID:5936
- C:\Windows\System\JUgCLMA.exe
  C:\Windows\System\JUgCLMA.exe
  2⤵
  PID:5516
- C:\Windows\System\DYVMCag.exe
  C:\Windows\System\DYVMCag.exe
  2⤵
  PID:6304
- C:\Windows\System\ehLzXjy.exe
  C:\Windows\System\ehLzXjy.exe
  2⤵
  PID:6292
- C:\Windows\System\mOUHJEp.exe
  C:\Windows\System\mOUHJEp.exe
  2⤵
  PID:6432
- C:\Windows\System\XUiSDcV.exe
  C:\Windows\System\XUiSDcV.exe
  2⤵
  PID:6512
- C:\Windows\System\jQvkEna.exe
  C:\Windows\System\jQvkEna.exe
  2⤵
  PID:6224
- C:\Windows\System\qvNVhIG.exe
  C:\Windows\System\qvNVhIG.exe
  2⤵
  PID:6544
- C:\Windows\System\yiNKXkF.exe
  C:\Windows\System\yiNKXkF.exe
  2⤵
  PID:6632
- C:\Windows\System\ElevpzQ.exe
  C:\Windows\System\ElevpzQ.exe
  2⤵
  PID:6668
- C:\Windows\System\bweRcsm.exe
  C:\Windows\System\bweRcsm.exe
  2⤵
  PID:6876
- C:\Windows\System\TntyeiX.exe
  C:\Windows\System\TntyeiX.exe
  2⤵
  PID:6828
- C:\Windows\System\GAaxxln.exe
  C:\Windows\System\GAaxxln.exe
  2⤵
  PID:7004
- C:\Windows\System\PjLdoHj.exe
  C:\Windows\System\PjLdoHj.exe
  2⤵
  PID:7028
- C:\Windows\System\xiumrav.exe
  C:\Windows\System\xiumrav.exe
  2⤵
  PID:7048
- C:\Windows\System\zLrRNcz.exe
  C:\Windows\System\zLrRNcz.exe
  2⤵
  PID:1208
- C:\Windows\System\oMbnrHA.exe
  C:\Windows\System\oMbnrHA.exe
  2⤵
  PID:7072
- C:\Windows\System\ADtNBUF.exe
  C:\Windows\System\ADtNBUF.exe
  2⤵
  PID:7096
- C:\Windows\System\wDQeiVD.exe
  C:\Windows\System\wDQeiVD.exe
  2⤵
  PID:6236
- C:\Windows\System\HsfqSUB.exe
  C:\Windows\System\HsfqSUB.exe
  2⤵
  PID:6152
- C:\Windows\System\HgXRlyd.exe
  C:\Windows\System\HgXRlyd.exe
  2⤵
  PID:6232
- C:\Windows\System\RqKOwAg.exe
  C:\Windows\System\RqKOwAg.exe
  2⤵
  PID:6408
- C:\Windows\System\TgQmIJZ.exe
  C:\Windows\System\TgQmIJZ.exe
  2⤵
  PID:6484
- C:\Windows\System\ctOdPrv.exe
  C:\Windows\System\ctOdPrv.exe
  2⤵
  PID:6628
- C:\Windows\System\qCuGUjX.exe
  C:\Windows\System\qCuGUjX.exe
  2⤵
  PID:6528
- C:\Windows\System\WYemBEE.exe
  C:\Windows\System\WYemBEE.exe
  2⤵
  PID:6748
- C:\Windows\System\gzeqJPO.exe
  C:\Windows\System\gzeqJPO.exe
  2⤵
  PID:6792
- C:\Windows\System\zRqJlpA.exe
  C:\Windows\System\zRqJlpA.exe
  2⤵
  PID:6956
- C:\Windows\System\LWAlUOd.exe
  C:\Windows\System\LWAlUOd.exe
  2⤵
  PID:7012
- C:\Windows\System\EHlnmwr.exe
  C:\Windows\System\EHlnmwr.exe
  2⤵
  PID:7008
- C:\Windows\System\NaGLMFj.exe
  C:\Windows\System\NaGLMFj.exe
  2⤵
  PID:6216
- C:\Windows\System\GxPHTrf.exe
  C:\Windows\System\GxPHTrf.exe
  2⤵
  PID:6340
- C:\Windows\System\eZjGfcG.exe
  C:\Windows\System\eZjGfcG.exe
  2⤵
  PID:6188
- C:\Windows\System\uLrdrce.exe
  C:\Windows\System\uLrdrce.exe
  2⤵
  PID:6568
- C:\Windows\System\PBtUzMv.exe
  C:\Windows\System\PBtUzMv.exe
  2⤵
  PID:736
- C:\Windows\System\fZLuzPi.exe
  C:\Windows\System\fZLuzPi.exe
  2⤵
  PID:6540
- C:\Windows\System\pVHOYNA.exe
  C:\Windows\System\pVHOYNA.exe
  2⤵
  PID:6976
- C:\Windows\System\OIZbPgW.exe
  C:\Windows\System\OIZbPgW.exe
  2⤵
  PID:7176
- C:\Windows\System\qpZTzpl.exe
  C:\Windows\System\qpZTzpl.exe
  2⤵
  PID:7200
- C:\Windows\System\YIZakQk.exe
  C:\Windows\System\YIZakQk.exe
  2⤵
  PID:7216
- C:\Windows\System\yLMwdbH.exe
  C:\Windows\System\yLMwdbH.exe
  2⤵
  PID:7232
- C:\Windows\System\UBLvgot.exe
  C:\Windows\System\UBLvgot.exe
  2⤵
  PID:7248
- C:\Windows\System\ylkEZSA.exe
  C:\Windows\System\ylkEZSA.exe
  2⤵
  PID:7264
- C:\Windows\System\WBlPpiH.exe
  C:\Windows\System\WBlPpiH.exe
  2⤵
  PID:7280
- C:\Windows\System\nIjwvse.exe
  C:\Windows\System\nIjwvse.exe
  2⤵
  PID:7296
- C:\Windows\System\ZsyOAHP.exe
  C:\Windows\System\ZsyOAHP.exe
  2⤵
  PID:7312
- C:\Windows\System\wZrTjDB.exe
  C:\Windows\System\wZrTjDB.exe
  2⤵
  PID:7328
- C:\Windows\System\xxlInRU.exe
  C:\Windows\System\xxlInRU.exe
  2⤵
  PID:7344
- C:\Windows\System\beWmutY.exe
  C:\Windows\System\beWmutY.exe
  2⤵
  PID:7364
- C:\Windows\System\csuYIqY.exe
  C:\Windows\System\csuYIqY.exe
  2⤵
  PID:7380
- C:\Windows\System\ZgJCFuM.exe
  C:\Windows\System\ZgJCFuM.exe
  2⤵
  PID:7396
- C:\Windows\System\AykfWxZ.exe
  C:\Windows\System\AykfWxZ.exe
  2⤵
  PID:7412
- C:\Windows\System\GltzFpp.exe
  C:\Windows\System\GltzFpp.exe
  2⤵
  PID:7428
- C:\Windows\System\gfKbEds.exe
  C:\Windows\System\gfKbEds.exe
  2⤵
  PID:7444
- C:\Windows\System\qyrBOrH.exe
  C:\Windows\System\qyrBOrH.exe
  2⤵
  PID:7460
- C:\Windows\System\SndtqrT.exe
  C:\Windows\System\SndtqrT.exe
  2⤵
  PID:7476
- C:\Windows\System\RihlJUn.exe
  C:\Windows\System\RihlJUn.exe
  2⤵
  PID:7492
- C:\Windows\System\HzAmePd.exe
  C:\Windows\System\HzAmePd.exe
  2⤵
  PID:7508
- C:\Windows\System\uUmssKo.exe
  C:\Windows\System\uUmssKo.exe
  2⤵
  PID:7528
- C:\Windows\System\SOdreuY.exe
  C:\Windows\System\SOdreuY.exe
  2⤵
  PID:7548
- C:\Windows\System\VnpNiUy.exe
  C:\Windows\System\VnpNiUy.exe
  2⤵
  PID:7564
- C:\Windows\System\JkWnHXn.exe
  C:\Windows\System\JkWnHXn.exe
  2⤵
  PID:7580
- C:\Windows\System\TXgJLUr.exe
  C:\Windows\System\TXgJLUr.exe
  2⤵
  PID:7596
- C:\Windows\System\KqEuEGl.exe
  C:\Windows\System\KqEuEGl.exe
  2⤵
  PID:7612
- C:\Windows\System\nrBfNpM.exe
  C:\Windows\System\nrBfNpM.exe
  2⤵
  PID:7628
- C:\Windows\System\OBQlXxU.exe
  C:\Windows\System\OBQlXxU.exe
  2⤵
  PID:7644
- C:\Windows\System\RpLcTMj.exe
  C:\Windows\System\RpLcTMj.exe
  2⤵
  PID:7664
- C:\Windows\System\uZdUFNA.exe
  C:\Windows\System\uZdUFNA.exe
  2⤵
  PID:7680
- C:\Windows\System\gwkHERX.exe
  C:\Windows\System\gwkHERX.exe
  2⤵
  PID:7696
- C:\Windows\System\iPkewmA.exe
  C:\Windows\System\iPkewmA.exe
  2⤵
  PID:7712
- C:\Windows\System\UfURAei.exe
  C:\Windows\System\UfURAei.exe
  2⤵
  PID:7732
- C:\Windows\System\ImiQRIQ.exe
  C:\Windows\System\ImiQRIQ.exe
  2⤵
  PID:7748
- C:\Windows\System\FXGlmjk.exe
  C:\Windows\System\FXGlmjk.exe
  2⤵
  PID:7764
- C:\Windows\System\XgKcnft.exe
  C:\Windows\System\XgKcnft.exe
  2⤵
  PID:7780
- C:\Windows\System\SsLKSfB.exe
  C:\Windows\System\SsLKSfB.exe
  2⤵
  PID:7796
- C:\Windows\System\uPJNuQW.exe
  C:\Windows\System\uPJNuQW.exe
  2⤵
  PID:7812
- C:\Windows\System\SmEqyHy.exe
  C:\Windows\System\SmEqyHy.exe
  2⤵
  PID:7828
- C:\Windows\System\EByKrwZ.exe
  C:\Windows\System\EByKrwZ.exe
  2⤵
  PID:7844
- C:\Windows\System\nTZmJqj.exe
  C:\Windows\System\nTZmJqj.exe
  2⤵
  PID:7860
- C:\Windows\System\sIoDvWW.exe
  C:\Windows\System\sIoDvWW.exe
  2⤵
  PID:7884
- C:\Windows\System\OoECXFN.exe
  C:\Windows\System\OoECXFN.exe
  2⤵
  PID:7900
- C:\Windows\System\xrIylMI.exe
  C:\Windows\System\xrIylMI.exe
  2⤵
  PID:7916
- C:\Windows\System\nyyFAyi.exe
  C:\Windows\System\nyyFAyi.exe
  2⤵
  PID:7932
- C:\Windows\System\wOUEJbA.exe
  C:\Windows\System\wOUEJbA.exe
  2⤵
  PID:7948
- C:\Windows\System\ekDZOIz.exe
  C:\Windows\System\ekDZOIz.exe
  2⤵
  PID:7964
- C:\Windows\System\CkRAfFT.exe
  C:\Windows\System\CkRAfFT.exe
  2⤵
  PID:7980
- C:\Windows\System\RuelKny.exe
  C:\Windows\System\RuelKny.exe
  2⤵
  PID:8000
- C:\Windows\System\UtszQuO.exe
  C:\Windows\System\UtszQuO.exe
  2⤵
  PID:8016
- C:\Windows\System\FViqITt.exe
  C:\Windows\System\FViqITt.exe
  2⤵
  PID:8032
- C:\Windows\System\BAuaRPP.exe
  C:\Windows\System\BAuaRPP.exe
  2⤵
  PID:8048
- C:\Windows\System\DXpNDYE.exe
  C:\Windows\System\DXpNDYE.exe
  2⤵
  PID:8064
- C:\Windows\System\kzJgVHi.exe
  C:\Windows\System\kzJgVHi.exe
  2⤵
  PID:8080
- C:\Windows\System\JfYKHAp.exe
  C:\Windows\System\JfYKHAp.exe
  2⤵
  PID:8096
- C:\Windows\System\OGqrQRP.exe
  C:\Windows\System\OGqrQRP.exe
  2⤵
  PID:8116
- C:\Windows\System\AmgwPTC.exe
  C:\Windows\System\AmgwPTC.exe
  2⤵
  PID:8132
- C:\Windows\System\qfTStDS.exe
  C:\Windows\System\qfTStDS.exe
  2⤵
  PID:8152
- C:\Windows\System\SpIrFVk.exe
  C:\Windows\System\SpIrFVk.exe
  2⤵
  PID:8172
- C:\Windows\System\FWzjbtP.exe
  C:\Windows\System\FWzjbtP.exe
  2⤵
  PID:1140
- C:\Windows\System\BIhcpPI.exe
  C:\Windows\System\BIhcpPI.exe
  2⤵
  PID:6360
- C:\Windows\System\GIPwRWP.exe
  C:\Windows\System\GIPwRWP.exe
  2⤵
  PID:6760
- C:\Windows\System\rAdQxMZ.exe
  C:\Windows\System\rAdQxMZ.exe
  2⤵
  PID:6808
- C:\Windows\System\WovNfVh.exe
  C:\Windows\System\WovNfVh.exe
  2⤵
  PID:7172
- C:\Windows\System\oWVmBPl.exe
  C:\Windows\System\oWVmBPl.exe
  2⤵
  PID:7192
- C:\Windows\System\fDsKtVK.exe
  C:\Windows\System\fDsKtVK.exe
  2⤵
  PID:7256
- C:\Windows\System\XgKGgiY.exe
  C:\Windows\System\XgKGgiY.exe
  2⤵
  PID:7356
- C:\Windows\System\SgIRPiZ.exe
  C:\Windows\System\SgIRPiZ.exe
  2⤵
  PID:7424
- C:\Windows\System\fnBnlYQ.exe
  C:\Windows\System\fnBnlYQ.exe
  2⤵
  PID:7488
- C:\Windows\System\qLhAMHa.exe
  C:\Windows\System\qLhAMHa.exe
  2⤵
  PID:7372
- C:\Windows\System\NtSPTZe.exe
  C:\Windows\System\NtSPTZe.exe
  2⤵
  PID:7436
- C:\Windows\System\gyDnwBH.exe
  C:\Windows\System\gyDnwBH.exe
  2⤵
  PID:7500
- C:\Windows\System\pJDnycD.exe
  C:\Windows\System\pJDnycD.exe
  2⤵
  PID:7536
- C:\Windows\System\vJyBwqh.exe
  C:\Windows\System\vJyBwqh.exe
  2⤵
  PID:7576
- C:\Windows\System\Gddssih.exe
  C:\Windows\System\Gddssih.exe
  2⤵
  PID:7592
- C:\Windows\System\fIepcCl.exe
  C:\Windows\System\fIepcCl.exe
  2⤵
  PID:7640
- C:\Windows\System\kUBysZn.exe
  C:\Windows\System\kUBysZn.exe
  2⤵
  PID:7704
- C:\Windows\System\TgvpIiS.exe
  C:\Windows\System\TgvpIiS.exe
  2⤵
  PID:7652
- C:\Windows\System\NFLYaEv.exe
  C:\Windows\System\NFLYaEv.exe
  2⤵
  PID:7724
- C:\Windows\System\ODNrJUA.exe
  C:\Windows\System\ODNrJUA.exe
  2⤵
  PID:7772
- C:\Windows\System\lygBmwE.exe
  C:\Windows\System\lygBmwE.exe
  2⤵
  PID:7820
- C:\Windows\System\CvNhMMV.exe
  C:\Windows\System\CvNhMMV.exe
  2⤵
  PID:7836
- C:\Windows\System\XBHoxYN.exe
  C:\Windows\System\XBHoxYN.exe
  2⤵
  PID:7868
- C:\Windows\System\CEGbORm.exe
  C:\Windows\System\CEGbORm.exe
  2⤵
  PID:7908
- C:\Windows\System\DOCSBrT.exe
  C:\Windows\System\DOCSBrT.exe
  2⤵
  PID:7972
- C:\Windows\System\FpfcAPq.exe
  C:\Windows\System\FpfcAPq.exe
  2⤵
  PID:7924
- C:\Windows\System\kCJtEaP.exe
  C:\Windows\System\kCJtEaP.exe
  2⤵
  PID:8044
- C:\Windows\System\PaFHpwJ.exe
  C:\Windows\System\PaFHpwJ.exe
  2⤵
  PID:8124
- C:\Windows\System\UqbOXGh.exe
  C:\Windows\System\UqbOXGh.exe
  2⤵
  PID:8108
- C:\Windows\System\hXIBlGm.exe
  C:\Windows\System\hXIBlGm.exe
  2⤵
  PID:8168
- C:\Windows\System\QhNfsMe.exe
  C:\Windows\System\QhNfsMe.exe
  2⤵
  PID:8148
- C:\Windows\System\fKxiCWS.exe
  C:\Windows\System\fKxiCWS.exe
  2⤵
  PID:6328
- C:\Windows\System\zsVRJsc.exe
  C:\Windows\System\zsVRJsc.exe
  2⤵
  PID:6744
- C:\Windows\System\joltCwT.exe
  C:\Windows\System\joltCwT.exe
  2⤵
  PID:6148
- C:\Windows\System\mcNreSD.exe
  C:\Windows\System\mcNreSD.exe
  2⤵
  PID:7244
- C:\Windows\System\DMRWylr.exe
  C:\Windows\System\DMRWylr.exe
  2⤵
  PID:7292
- C:\Windows\System\yuouoLi.exe
  C:\Windows\System\yuouoLi.exe
  2⤵
  PID:7276
- C:\Windows\System\PyUFLjh.exe
  C:\Windows\System\PyUFLjh.exe
  2⤵
  PID:7360
- C:\Windows\System\dGFLViD.exe
  C:\Windows\System\dGFLViD.exe
  2⤵
  PID:7420
- C:\Windows\System\JJicLbh.exe
  C:\Windows\System\JJicLbh.exe
  2⤵
  PID:7408
- C:\Windows\System\pQvwukT.exe
  C:\Windows\System\pQvwukT.exe
  2⤵
  PID:7544
- C:\Windows\System\yvkcWLy.exe
  C:\Windows\System\yvkcWLy.exe
  2⤵
  PID:7688
- C:\Windows\System\wicgdff.exe
  C:\Windows\System\wicgdff.exe
  2⤵
  PID:7560
- C:\Windows\System\SiRnGjX.exe
  C:\Windows\System\SiRnGjX.exe
  2⤵
  PID:7720
- C:\Windows\System\wkGakkP.exe
  C:\Windows\System\wkGakkP.exe
  2⤵
  PID:7852
- C:\Windows\System\UzNmGfl.exe
  C:\Windows\System\UzNmGfl.exe
  2⤵
  PID:7892
- C:\Windows\System\HwvCqoO.exe
  C:\Windows\System\HwvCqoO.exe
  2⤵
  PID:7744
- C:\Windows\System\pFkmgIf.exe
  C:\Windows\System\pFkmgIf.exe
  2⤵
  PID:7956
- C:\Windows\System\iqgucmn.exe
  C:\Windows\System\iqgucmn.exe
  2⤵
  PID:7996
- C:\Windows\System\SoFyHgb.exe
  C:\Windows\System\SoFyHgb.exe
  2⤵
  PID:8088
- C:\Windows\System\tAIAJoc.exe
  C:\Windows\System\tAIAJoc.exe
  2⤵
  PID:8008
- C:\Windows\System\gGLqeqb.exe
  C:\Windows\System\gGLqeqb.exe
  2⤵
  PID:8188
- C:\Windows\System\pUiTMeT.exe
  C:\Windows\System\pUiTMeT.exe
  2⤵
  PID:6376
- C:\Windows\System\IyqwXBz.exe
  C:\Windows\System\IyqwXBz.exe
  2⤵
  PID:7240
- C:\Windows\System\eEttUwd.exe
  C:\Windows\System\eEttUwd.exe
  2⤵
  PID:7484
- C:\Windows\System\JmeFamP.exe
  C:\Windows\System\JmeFamP.exe
  2⤵
  PID:8164
- C:\Windows\System\SktJzwF.exe
  C:\Windows\System\SktJzwF.exe
  2⤵
  PID:8144
- C:\Windows\System\AxrXFnJ.exe
  C:\Windows\System\AxrXFnJ.exe
  2⤵
  PID:6560
- C:\Windows\System\KxUJUJI.exe
  C:\Windows\System\KxUJUJI.exe
  2⤵
  PID:7308
- C:\Windows\System\rUuDqPb.exe
  C:\Windows\System\rUuDqPb.exe
  2⤵
  PID:7692
- C:\Windows\System\klJJemP.exe
  C:\Windows\System\klJJemP.exe
  2⤵
  PID:7756
- C:\Windows\System\CubMVjA.exe
  C:\Windows\System\CubMVjA.exe
  2⤵
  PID:7992
- C:\Windows\System\oNLlamq.exe
  C:\Windows\System\oNLlamq.exe
  2⤵
  PID:7880
- C:\Windows\System\LCYPwWn.exe
  C:\Windows\System\LCYPwWn.exe
  2⤵
  PID:7896
- C:\Windows\System\nLueUhh.exe
  C:\Windows\System\nLueUhh.exe
  2⤵
  PID:6924
- C:\Windows\System\iXFpueN.exe
  C:\Windows\System\iXFpueN.exe
  2⤵
  PID:7212
- C:\Windows\System\lMEATfA.exe
  C:\Windows\System\lMEATfA.exe
  2⤵
  PID:7608
- C:\Windows\System\wnvzOzQ.exe
  C:\Windows\System\wnvzOzQ.exe
  2⤵
  PID:7988
- C:\Windows\System\jCAJLWW.exe
  C:\Windows\System\jCAJLWW.exe
  2⤵
  PID:7676
- C:\Windows\System\NPtJzCO.exe
  C:\Windows\System\NPtJzCO.exe
  2⤵
  PID:8204
- C:\Windows\System\SnXxOnu.exe
  C:\Windows\System\SnXxOnu.exe
  2⤵
  PID:8220
- C:\Windows\System\kFztoyh.exe
  C:\Windows\System\kFztoyh.exe
  2⤵
  PID:8236
- C:\Windows\System\AzacARX.exe
  C:\Windows\System\AzacARX.exe
  2⤵
  PID:8252
- C:\Windows\System\GdfKGxi.exe
  C:\Windows\System\GdfKGxi.exe
  2⤵
  PID:8268
- C:\Windows\System\lEWBNJd.exe
  C:\Windows\System\lEWBNJd.exe
  2⤵
  PID:8284
- C:\Windows\System\xbDYekA.exe
  C:\Windows\System\xbDYekA.exe
  2⤵
  PID:8300
- C:\Windows\System\QBivYjp.exe
  C:\Windows\System\QBivYjp.exe
  2⤵
  PID:8316
- C:\Windows\System\VConiTJ.exe
  C:\Windows\System\VConiTJ.exe
  2⤵
  PID:8336
- C:\Windows\System\vKkqhAP.exe
  C:\Windows\System\vKkqhAP.exe
  2⤵
  PID:8352
- C:\Windows\System\pkWPFGh.exe
  C:\Windows\System\pkWPFGh.exe
  2⤵
  PID:8396
- C:\Windows\System\XYqIRTX.exe
  C:\Windows\System\XYqIRTX.exe
  2⤵
  PID:8412
- C:\Windows\System\QuZsCLQ.exe
  C:\Windows\System\QuZsCLQ.exe
  2⤵
  PID:8428
- C:\Windows\System\XOmAqSD.exe
  C:\Windows\System\XOmAqSD.exe
  2⤵
  PID:8444
- C:\Windows\System\hhyPGsR.exe
  C:\Windows\System\hhyPGsR.exe
  2⤵
  PID:8460
- C:\Windows\System\taEmyFS.exe
  C:\Windows\System\taEmyFS.exe
  2⤵
  PID:8480
- C:\Windows\System\BxyqHgy.exe
  C:\Windows\System\BxyqHgy.exe
  2⤵
  PID:8496
- C:\Windows\System\SXnspSq.exe
  C:\Windows\System\SXnspSq.exe
  2⤵
  PID:8512
- C:\Windows\System\ZWgbxlS.exe
  C:\Windows\System\ZWgbxlS.exe
  2⤵
  PID:8528
- C:\Windows\System\vhiyYnW.exe
  C:\Windows\System\vhiyYnW.exe
  2⤵
  PID:8548
- C:\Windows\System\ZIEhSep.exe
  C:\Windows\System\ZIEhSep.exe
  2⤵
  PID:8568
- C:\Windows\System\yvGzAOA.exe
  C:\Windows\System\yvGzAOA.exe
  2⤵
  PID:8584
- C:\Windows\System\WnyDrKw.exe
  C:\Windows\System\WnyDrKw.exe
  2⤵
  PID:8600
- C:\Windows\System\clWUWqU.exe
  C:\Windows\System\clWUWqU.exe
  2⤵
  PID:8616
- C:\Windows\System\bAxxAeV.exe
  C:\Windows\System\bAxxAeV.exe
  2⤵
  PID:8632
- C:\Windows\System\CyYjTgk.exe
  C:\Windows\System\CyYjTgk.exe
  2⤵
  PID:8648
- C:\Windows\System\jhyNVzX.exe
  C:\Windows\System\jhyNVzX.exe
  2⤵
  PID:8664
- C:\Windows\System\RoUsawX.exe
  C:\Windows\System\RoUsawX.exe
  2⤵
  PID:8680
- C:\Windows\System\mKtDvRv.exe
  C:\Windows\System\mKtDvRv.exe
  2⤵
  PID:8696
- C:\Windows\System\vIywtGC.exe
  C:\Windows\System\vIywtGC.exe
  2⤵
  PID:8712
- C:\Windows\System\FNVaHOW.exe
  C:\Windows\System\FNVaHOW.exe
  2⤵
  PID:8728
- C:\Windows\System\qXanwlr.exe
  C:\Windows\System\qXanwlr.exe
  2⤵
  PID:8744
- C:\Windows\System\VnrlSBA.exe
  C:\Windows\System\VnrlSBA.exe
  2⤵
  PID:8760
- C:\Windows\System\HNDqMTX.exe
  C:\Windows\System\HNDqMTX.exe
  2⤵
  PID:8784
- C:\Windows\System\nGPxRRg.exe
  C:\Windows\System\nGPxRRg.exe
  2⤵
  PID:8800
- C:\Windows\System\TihQTtX.exe
  C:\Windows\System\TihQTtX.exe
  2⤵
  PID:8816
- C:\Windows\System\bdRYSni.exe
  C:\Windows\System\bdRYSni.exe
  2⤵
  PID:8836
- C:\Windows\System\nfkZFOL.exe
  C:\Windows\System\nfkZFOL.exe
  2⤵
  PID:8852
- C:\Windows\System\ODJgJWG.exe
  C:\Windows\System\ODJgJWG.exe
  2⤵
  PID:8868
- C:\Windows\System\xTCixkQ.exe
  C:\Windows\System\xTCixkQ.exe
  2⤵
  PID:8884
- C:\Windows\System\wXbjEDq.exe
  C:\Windows\System\wXbjEDq.exe
  2⤵
  PID:8900
- C:\Windows\System\QjAOhon.exe
  C:\Windows\System\QjAOhon.exe
  2⤵
  PID:8916
- C:\Windows\System\GQwAsnz.exe
  C:\Windows\System\GQwAsnz.exe
  2⤵
  PID:8944
- C:\Windows\System\IzXBKuf.exe
  C:\Windows\System\IzXBKuf.exe
  2⤵
  PID:8960
- C:\Windows\System\JVYpFaf.exe
  C:\Windows\System\JVYpFaf.exe
  2⤵
  PID:8988
- C:\Windows\System\zGlMJYE.exe
  C:\Windows\System\zGlMJYE.exe
  2⤵
  PID:9004
- C:\Windows\System\IuPEdRo.exe
  C:\Windows\System\IuPEdRo.exe
  2⤵
  PID:9020
- C:\Windows\System\exxupOC.exe
  C:\Windows\System\exxupOC.exe
  2⤵
  PID:9040
- C:\Windows\System\bMFngHf.exe
  C:\Windows\System\bMFngHf.exe
  2⤵
  PID:9056
- C:\Windows\System\QxixrqR.exe
  C:\Windows\System\QxixrqR.exe
  2⤵
  PID:9084
- C:\Windows\System\MBvlagH.exe
  C:\Windows\System\MBvlagH.exe
  2⤵
  PID:9108
- C:\Windows\System\AydghMt.exe
  C:\Windows\System\AydghMt.exe
  2⤵
  PID:9156
- C:\Windows\System\NRLyxAo.exe
  C:\Windows\System\NRLyxAo.exe
  2⤵
  PID:9180
- C:\Windows\System\yENDnhi.exe
  C:\Windows\System\yENDnhi.exe
  2⤵
  PID:9196
- C:\Windows\System\xlEDbVU.exe
  C:\Windows\System\xlEDbVU.exe
  2⤵
  PID:9212
- C:\Windows\System\SfBONTo.exe
  C:\Windows\System\SfBONTo.exe
  2⤵
  PID:8740
- C:\Windows\System\CWcwOuR.exe
  C:\Windows\System\CWcwOuR.exe
  2⤵
  PID:8808
- C:\Windows\System\rMSLfFR.exe
  C:\Windows\System\rMSLfFR.exe
  2⤵
  PID:8092
- C:\Windows\System\hLqJmdi.exe
  C:\Windows\System\hLqJmdi.exe
  2⤵
  PID:7636
- C:\Windows\System\lnfbFjD.exe
  C:\Windows\System\lnfbFjD.exe
  2⤵
  PID:8244
- C:\Windows\System\cIFHHvn.exe
  C:\Windows\System\cIFHHvn.exe
  2⤵
  PID:8312
- C:\Windows\System\iFbOvIH.exe
  C:\Windows\System\iFbOvIH.exe
  2⤵
  PID:8348
- C:\Windows\System\rBCiVyg.exe
  C:\Windows\System\rBCiVyg.exe
  2⤵
  PID:8392
- C:\Windows\System\LlmUgzT.exe
  C:\Windows\System\LlmUgzT.exe
  2⤵
  PID:8408
- C:\Windows\System\LxehDps.exe
  C:\Windows\System\LxehDps.exe
  2⤵
  PID:8452
- C:\Windows\System\bJWPpsQ.exe
  C:\Windows\System\bJWPpsQ.exe
  2⤵
  PID:8524
- C:\Windows\System\yAWbDiT.exe
  C:\Windows\System\yAWbDiT.exe
  2⤵
  PID:8536
- C:\Windows\System\crgMotU.exe
  C:\Windows\System\crgMotU.exe
  2⤵
  PID:8556
- C:\Windows\System\ZNjbrUi.exe
  C:\Windows\System\ZNjbrUi.exe
  2⤵
  PID:8640
- C:\Windows\System\yvWNgcW.exe
  C:\Windows\System\yvWNgcW.exe
  2⤵
  PID:8676
- C:\Windows\System\kqpJZsN.exe
  C:\Windows\System\kqpJZsN.exe
  2⤵
  PID:8724
- C:\Windows\System\kYvTdXx.exe
  C:\Windows\System\kYvTdXx.exe
  2⤵
  PID:8768
- C:\Windows\System\jZiLivb.exe
  C:\Windows\System\jZiLivb.exe
  2⤵
  PID:8848
- C:\Windows\System\KvYwJzl.exe
  C:\Windows\System\KvYwJzl.exe
  2⤵
  PID:8908
- C:\Windows\System\zOHYEsX.exe
  C:\Windows\System\zOHYEsX.exe
  2⤵
  PID:8592
- C:\Windows\System\JSIIzkX.exe
  C:\Windows\System\JSIIzkX.exe
  2⤵
  PID:8996
- C:\Windows\System\GGNWwRu.exe
  C:\Windows\System\GGNWwRu.exe
  2⤵
  PID:8928
- C:\Windows\System\FQqWzvO.exe
  C:\Windows\System\FQqWzvO.exe
  2⤵
  PID:8972
- C:\Windows\System\tHKfPyO.exe
  C:\Windows\System\tHKfPyO.exe
  2⤵
  PID:9012
- C:\Windows\System\nYOXRcR.exe
  C:\Windows\System\nYOXRcR.exe
  2⤵
  PID:9072
- C:\Windows\System\kArmFwt.exe
  C:\Windows\System\kArmFwt.exe
  2⤵
  PID:9092
- C:\Windows\System\bYukYIJ.exe
  C:\Windows\System\bYukYIJ.exe
  2⤵
  PID:9104
- C:\Windows\System\oivlJtx.exe
  C:\Windows\System\oivlJtx.exe
  2⤵
  PID:9192
- C:\Windows\System\HOTcRmf.exe
  C:\Windows\System\HOTcRmf.exe
  2⤵
  PID:9168
- C:\Windows\System\LmXbjlt.exe
  C:\Windows\System\LmXbjlt.exe
  2⤵
  PID:8264
- C:\Windows\System\JxLveiH.exe
  C:\Windows\System\JxLveiH.exe
  2⤵
  PID:7288
- C:\Windows\System\LYybQZb.exe
  C:\Windows\System\LYybQZb.exe
  2⤵
  PID:8280
- C:\Windows\System\ArHBEjP.exe
  C:\Windows\System\ArHBEjP.exe
  2⤵
  PID:8328
- C:\Windows\System\sruNMAn.exe
  C:\Windows\System\sruNMAn.exe
  2⤵
  PID:8388
- C:\Windows\System\iOhTFND.exe
  C:\Windows\System\iOhTFND.exe
  2⤵
  PID:8560
- C:\Windows\System\fpIzLSb.exe
  C:\Windows\System\fpIzLSb.exe
  2⤵
  PID:8672
- C:\Windows\System\GBwuPOB.exe
  C:\Windows\System\GBwuPOB.exe
  2⤵
  PID:8692
- C:\Windows\System\fnDNYPU.exe
  C:\Windows\System\fnDNYPU.exe
  2⤵
  PID:8596
- C:\Windows\System\EeEPdxL.exe
  C:\Windows\System\EeEPdxL.exe
  2⤵
  PID:8708
- C:\Windows\System\ZAPKDkb.exe
  C:\Windows\System\ZAPKDkb.exe
  2⤵
  PID:8844
- C:\Windows\System\vzTwvsh.exe
  C:\Windows\System\vzTwvsh.exe
  2⤵
  PID:8952
- C:\Windows\System\HxOybSS.exe
  C:\Windows\System\HxOybSS.exe
  2⤵
  PID:9028
- C:\Windows\System\uHoVWNg.exe
  C:\Windows\System\uHoVWNg.exe
  2⤵
  PID:8940
- C:\Windows\System\hNIUkyl.exe
  C:\Windows\System\hNIUkyl.exe
  2⤵
  PID:9100
- C:\Windows\System\thLbSxu.exe
  C:\Windows\System\thLbSxu.exe
  2⤵
  PID:9048
- C:\Windows\System\rXlXpBb.exe
  C:\Windows\System\rXlXpBb.exe
  2⤵
  PID:9172
- C:\Windows\System\JVUEbBW.exe
  C:\Windows\System\JVUEbBW.exe
  2⤵
  PID:9204
- C:\Windows\System\PuZhfTu.exe
  C:\Windows\System\PuZhfTu.exe
  2⤵
  PID:8308
- C:\Windows\System\ZuRyrUe.exe
  C:\Windows\System\ZuRyrUe.exe
  2⤵
  PID:8520
- C:\Windows\System\PQGnyiB.exe
  C:\Windows\System\PQGnyiB.exe
  2⤵
  PID:8384
- C:\Windows\System\IhEyDqq.exe
  C:\Windows\System\IhEyDqq.exe
  2⤵
  PID:8624
- C:\Windows\System\lcWYKZb.exe
  C:\Windows\System\lcWYKZb.exe
  2⤵
  PID:8980
- C:\Windows\System\iJjGVsq.exe
  C:\Windows\System\iJjGVsq.exe
  2⤵
  PID:8736
- C:\Windows\System\qJRDbNQ.exe
  C:\Windows\System\qJRDbNQ.exe
  2⤵
  PID:8892
- C:\Windows\System\RJLrDru.exe
  C:\Windows\System\RJLrDru.exe
  2⤵
  PID:9080
- C:\Windows\System\NVeioBZ.exe
  C:\Windows\System\NVeioBZ.exe
  2⤵
  PID:9208
- C:\Windows\System\hebmijV.exe
  C:\Windows\System\hebmijV.exe
  2⤵
  PID:9068
- C:\Windows\System\VowMWIq.exe
  C:\Windows\System\VowMWIq.exe
  2⤵
  PID:8216
- C:\Windows\System\sKDZzBG.exe
  C:\Windows\System\sKDZzBG.exe
  2⤵
  PID:8896
- C:\Windows\System\eJdkCqB.exe
  C:\Windows\System\eJdkCqB.exe
  2⤵
  PID:8956
- C:\Windows\System\mJTVETU.exe
  C:\Windows\System\mJTVETU.exe
  2⤵
  PID:8296
- C:\Windows\System\zZBqcZM.exe
  C:\Windows\System\zZBqcZM.exe
  2⤵
  PID:8864
- C:\Windows\System\egbiUNe.exe
  C:\Windows\System\egbiUNe.exe
  2⤵
  PID:9064
- C:\Windows\System\hNpftlm.exe
  C:\Windows\System\hNpftlm.exe
  2⤵
  PID:8608
- C:\Windows\System\eMDIzEG.exe
  C:\Windows\System\eMDIzEG.exe
  2⤵
  PID:8324
- C:\Windows\System\GTaCSQA.exe
  C:\Windows\System\GTaCSQA.exe
  2⤵
  PID:8404
- C:\Windows\System\UmSZnoA.exe
  C:\Windows\System\UmSZnoA.exe
  2⤵
  PID:8200
- C:\Windows\System\fOoqLAf.exe
  C:\Windows\System\fOoqLAf.exe
  2⤵
  PID:8688
- C:\Windows\System\eRllgbJ.exe
  C:\Windows\System\eRllgbJ.exe
  2⤵
  PID:8380
- C:\Windows\System\vFJEzpW.exe
  C:\Windows\System\vFJEzpW.exe
  2⤵
  PID:8932
- C:\Windows\System\fXjXoNA.exe
  C:\Windows\System\fXjXoNA.exe
  2⤵
  PID:9224
- C:\Windows\System\AnsYzDZ.exe
  C:\Windows\System\AnsYzDZ.exe
  2⤵
  PID:9248
- C:\Windows\System\tvjLVwp.exe
  C:\Windows\System\tvjLVwp.exe
  2⤵
  PID:9264
- C:\Windows\System\FfLERcS.exe
  C:\Windows\System\FfLERcS.exe
  2⤵
  PID:9280
- C:\Windows\System\dzkGLzD.exe
  C:\Windows\System\dzkGLzD.exe
  2⤵
  PID:9304
- C:\Windows\System\UXKUnxP.exe
  C:\Windows\System\UXKUnxP.exe
  2⤵
  PID:9332
- C:\Windows\System\IUmhSJM.exe
  C:\Windows\System\IUmhSJM.exe
  2⤵
  PID:9352
- C:\Windows\System\NIDUocY.exe
  C:\Windows\System\NIDUocY.exe
  2⤵
  PID:9376
- C:\Windows\System\qMjKhqe.exe
  C:\Windows\System\qMjKhqe.exe
  2⤵
  PID:9396
- C:\Windows\System\INyqLNz.exe
  C:\Windows\System\INyqLNz.exe
  2⤵
  PID:9416
- C:\Windows\System\yjjYeUl.exe
  C:\Windows\System\yjjYeUl.exe
  2⤵
  PID:9440
- C:\Windows\System\JUBaQSM.exe
  C:\Windows\System\JUBaQSM.exe
  2⤵
  PID:9460
- C:\Windows\System\WqQSlen.exe
  C:\Windows\System\WqQSlen.exe
  2⤵
  PID:9476
- C:\Windows\System\lgwbBGg.exe
  C:\Windows\System\lgwbBGg.exe
  2⤵
  PID:9492
- C:\Windows\System\bxuSXMV.exe
  C:\Windows\System\bxuSXMV.exe
  2⤵
  PID:9520
- C:\Windows\System\OycllRJ.exe
  C:\Windows\System\OycllRJ.exe
  2⤵
  PID:9536
- C:\Windows\System\XcyhGTP.exe
  C:\Windows\System\XcyhGTP.exe
  2⤵
  PID:9552
- C:\Windows\System\PcMgzoz.exe
  C:\Windows\System\PcMgzoz.exe
  2⤵
  PID:9568
- C:\Windows\System\XCPpsvM.exe
  C:\Windows\System\XCPpsvM.exe
  2⤵
  PID:9588
- C:\Windows\System\rwJRQur.exe
  C:\Windows\System\rwJRQur.exe
  2⤵
  PID:9612
- C:\Windows\System\OsIgDAw.exe
  C:\Windows\System\OsIgDAw.exe
  2⤵
  PID:9628
- C:\Windows\System\KyPtufO.exe
  C:\Windows\System\KyPtufO.exe
  2⤵
  PID:9644
- C:\Windows\System\HkkYDlb.exe
  C:\Windows\System\HkkYDlb.exe
  2⤵
  PID:9668
- C:\Windows\System\yspkAZV.exe
  C:\Windows\System\yspkAZV.exe
  2⤵
  PID:9684
- C:\Windows\System\yPFKhVM.exe
  C:\Windows\System\yPFKhVM.exe
  2⤵
  PID:9712
- C:\Windows\System\KokLpWH.exe
  C:\Windows\System\KokLpWH.exe
  2⤵
  PID:9728
- C:\Windows\System\HszKOlI.exe
  C:\Windows\System\HszKOlI.exe
  2⤵
  PID:9744
- C:\Windows\System\eLUuaWb.exe
  C:\Windows\System\eLUuaWb.exe
  2⤵
  PID:9760
- C:\Windows\System\QOhnLfv.exe
  C:\Windows\System\QOhnLfv.exe
  2⤵
  PID:9784
- C:\Windows\System\WGraeQp.exe
  C:\Windows\System\WGraeQp.exe
  2⤵
  PID:9804
- C:\Windows\System\jbwFXMC.exe
  C:\Windows\System\jbwFXMC.exe
  2⤵
  PID:9828
- C:\Windows\System\hjnmwOF.exe
  C:\Windows\System\hjnmwOF.exe
  2⤵
  PID:9844
- C:\Windows\System\tceVrbg.exe
  C:\Windows\System\tceVrbg.exe
  2⤵
  PID:9864
- C:\Windows\System\TPcnAbP.exe
  C:\Windows\System\TPcnAbP.exe
  2⤵
  PID:9900
- C:\Windows\System\SvHdOYM.exe
  C:\Windows\System\SvHdOYM.exe
  2⤵
  PID:9928
- C:\Windows\System\gkKSVyb.exe
  C:\Windows\System\gkKSVyb.exe
  2⤵
  PID:9944
- C:\Windows\System\jAjoUUl.exe
  C:\Windows\System\jAjoUUl.exe
  2⤵
  PID:9960
- C:\Windows\System\GxWmRHZ.exe
  C:\Windows\System\GxWmRHZ.exe
  2⤵
  PID:9980
- C:\Windows\System\TJdMvwf.exe
  C:\Windows\System\TJdMvwf.exe
  2⤵
  PID:9996
- C:\Windows\System\TMkrAME.exe
  C:\Windows\System\TMkrAME.exe
  2⤵
  PID:10016
- C:\Windows\System\rUNJbjT.exe
  C:\Windows\System\rUNJbjT.exe
  2⤵
  PID:10032
- C:\Windows\System\GMbyxJq.exe
  C:\Windows\System\GMbyxJq.exe
  2⤵
  PID:10048
- C:\Windows\System\tvmToNA.exe
  C:\Windows\System\tvmToNA.exe
  2⤵
  PID:10084
- C:\Windows\System\XalFXFP.exe
  C:\Windows\System\XalFXFP.exe
  2⤵
  PID:10104
- C:\Windows\System\VivSVgt.exe
  C:\Windows\System\VivSVgt.exe
  2⤵
  PID:10120
- C:\Windows\System\JlHiqWp.exe
  C:\Windows\System\JlHiqWp.exe
  2⤵
  PID:10136
- C:\Windows\System\cFItaeg.exe
  C:\Windows\System\cFItaeg.exe
  2⤵
  PID:10160
- C:\Windows\System\xAOqAVV.exe
  C:\Windows\System\xAOqAVV.exe
  2⤵
  PID:10176
- C:\Windows\System\jlmATRv.exe
  C:\Windows\System\jlmATRv.exe
  2⤵
  PID:10192
- C:\Windows\System\kQwdWqD.exe
  C:\Windows\System\kQwdWqD.exe
  2⤵
  PID:10208
- C:\Windows\System\ZtfhbBg.exe
  C:\Windows\System\ZtfhbBg.exe
  2⤵
  PID:10228
- C:\Windows\System\QIcoeUv.exe
  C:\Windows\System\QIcoeUv.exe
  2⤵
  PID:9296
- C:\Windows\System\WmOZBmb.exe
  C:\Windows\System\WmOZBmb.exe
  2⤵
  PID:9236
- C:\Windows\System\QSPtpyp.exe
  C:\Windows\System\QSPtpyp.exe
  2⤵
  PID:9312
- C:\Windows\System\DJIJlZl.exe
  C:\Windows\System\DJIJlZl.exe
  2⤵
  PID:7404
- C:\Windows\System\kTbNrIJ.exe
  C:\Windows\System\kTbNrIJ.exe
  2⤵
  PID:9368
- C:\Windows\System\ymNvSzd.exe
  C:\Windows\System\ymNvSzd.exe
  2⤵
  PID:9412
- C:\Windows\System\iUtDxeE.exe
  C:\Windows\System\iUtDxeE.exe
  2⤵
  PID:9432
- C:\Windows\System\DVMBFrM.exe
  C:\Windows\System\DVMBFrM.exe
  2⤵
  PID:9472
- C:\Windows\System\dBxPitu.exe
  C:\Windows\System\dBxPitu.exe
  2⤵
  PID:9456
- C:\Windows\System\mbqzTBA.exe
  C:\Windows\System\mbqzTBA.exe
  2⤵
  PID:9576
- C:\Windows\System\sxnUkCz.exe
  C:\Windows\System\sxnUkCz.exe
  2⤵
  PID:9624
- C:\Windows\System\evwqEyV.exe
  C:\Windows\System\evwqEyV.exe
  2⤵
  PID:9692
- C:\Windows\System\tpjyzEV.exe
  C:\Windows\System\tpjyzEV.exe
  2⤵
  PID:9708
- C:\Windows\System\TyYtXkn.exe
  C:\Windows\System\TyYtXkn.exe
  2⤵
  PID:9772
- C:\Windows\System\KXkGFYm.exe
  C:\Windows\System\KXkGFYm.exe
  2⤵
  PID:9820
- C:\Windows\System\JQGXCHw.exe
  C:\Windows\System\JQGXCHw.exe
  2⤵
  PID:9596
- C:\Windows\System\WTKNkmW.exe
  C:\Windows\System\WTKNkmW.exe
  2⤵
  PID:9852
- C:\Windows\System\FkYBUey.exe
  C:\Windows\System\FkYBUey.exe
  2⤵
  PID:9676
- C:\Windows\System\BDWSlbb.exe
  C:\Windows\System\BDWSlbb.exe
  2⤵
  PID:9752
- C:\Windows\System\fnBBBXb.exe
  C:\Windows\System\fnBBBXb.exe
  2⤵
  PID:9840
- C:\Windows\System\ODNSFNB.exe
  C:\Windows\System\ODNSFNB.exe
  2⤵
  PID:9896
- C:\Windows\System\xlwCPft.exe
  C:\Windows\System\xlwCPft.exe
  2⤵
  PID:9924
- C:\Windows\System\OfxgFTW.exe
  C:\Windows\System\OfxgFTW.exe
  2⤵
  PID:10024
- C:\Windows\System\mAqAHmZ.exe
  C:\Windows\System\mAqAHmZ.exe
  2⤵
  PID:10072
- C:\Windows\System\VNJfnIH.exe
  C:\Windows\System\VNJfnIH.exe
  2⤵
  PID:10092
- C:\Windows\System\kRiMxvb.exe
  C:\Windows\System\kRiMxvb.exe
  2⤵
  PID:9972
- C:\Windows\System\aYLczCL.exe
  C:\Windows\System\aYLczCL.exe
  2⤵
  PID:10040
- C:\Windows\System\ZJQStLW.exe
  C:\Windows\System\ZJQStLW.exe
  2⤵
  PID:10184
- C:\Windows\System\kYiMCFY.exe
  C:\Windows\System\kYiMCFY.exe
  2⤵
  PID:9292
- C:\Windows\System\EATkqLo.exe
  C:\Windows\System\EATkqLo.exe
  2⤵
  PID:10096
- C:\Windows\System\fMpgPwy.exe
  C:\Windows\System\fMpgPwy.exe
  2⤵
  PID:9256
- C:\Windows\System\MDTinIY.exe
  C:\Windows\System\MDTinIY.exe
  2⤵
  PID:9260
- C:\Windows\System\NVfVUsP.exe
  C:\Windows\System\NVfVUsP.exe
  2⤵
  PID:9240
- C:\Windows\System\isMgplL.exe
  C:\Windows\System\isMgplL.exe
  2⤵
  PID:9328
- C:\Windows\System\owAXmNW.exe
  C:\Windows\System\owAXmNW.exe
  2⤵
  PID:9392
- C:\Windows\System\OCGDial.exe
  C:\Windows\System\OCGDial.exe
  2⤵
  PID:9448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BzpCrzI.exe

Filesize
6.0MB

MD5
e315e929f95b31152cd0c57b5f6e3b5b

SHA1
950d4df9dfcdc678e4325bdd0af083a34cfe8a28

SHA256
0894638f7bc1eafb2182a10cfd8aa9e65db229ed6d1be87e7aef009cdd63b767

SHA512
800d3689af0be51149b3fd77892e421e1a385d8bcdb0890650237f3afca81e009bae64dde79310379c99cec3ee61cf48453a408b1349cfc0056ed671e989843c

Download Submit
C:\Windows\system\EapWwSa.exe

Filesize
6.0MB

MD5
7e77ca1134a32bcd51c71caaa48effa6

SHA1
86bdba9d08a662230a379adc60ec2e1713f89cb1

SHA256
340609304bdc47d7e487bd7b0ccc9bedc60fdc51feeccaac085dca1c51a9d7bc

SHA512
f3af11b5aacef84c4b0b1e89276fdf2a4edc92a009c4163fc82e8154e3dd9966a67890077acfa61f719266fc576e6de4ba10e651e0e2c67f1d8d15b1de0f6393

Download Submit
C:\Windows\system\FUSVVsN.exe

Filesize
6.0MB

MD5
b9768cdc3a9cc2648853281151d2d432

SHA1
358d468c680dfce2b7d05a34c3e901262b3f4b74

SHA256
9f38f1068900a47b0fe21a1643a5f036d46496ed0b96d66f0f336d64bd87a7c2

SHA512
321fa323ce0802d9a58d9b3c1839f9eb452356563f663e95911f6f33630547e59256d0fd87e8ae63fc54587168a806769770a0900c70f3975801ec8150c1ff64

Download Submit
C:\Windows\system\GWqyneY.exe

Filesize
6.0MB

MD5
fdf8d742398f204b1451cb7f6062d039

SHA1
bc34fa806b6e99efdeda74b77419ce9a6b864fd1

SHA256
10a55f854ca400369b95b14dcc117c85b92fdca13c33c6ef3ba5a4803323eefa

SHA512
ea9b8ed6ff45b962bfeea986cbdc097d839ce20acf2b459dd9e9a1b85c1769faaa602d75d2b3c656f908be2ed38416427c8228e49a9fe3a212b43b72ef0cffbb

Download Submit
C:\Windows\system\HIHEvNR.exe

Filesize
6.0MB

MD5
0a8c28e0d22111b282affa89817e50a0

SHA1
349f2456815f42f64e0509f6c200775e153465d4

SHA256
42f0afea0a19560cbc3aad0443e1411fb80a6b8070ed4f546c95c307ec27dc2c

SHA512
5893aa8155023324221b8c91bd7f3de2528cf2640f40efd1e1626758cbebbdf8ccb5f0ba4573191d9cd04f854fb947e8f5746d9afe10a22168a3e3ae3367cdcb

Download Submit
C:\Windows\system\JAmHNKh.exe

Filesize
6.0MB

MD5
bf037aa785bdd5c2bc0e5db0b956debf

SHA1
2c3ed212ec09e66e72bce150849d92b2dd307345

SHA256
bfc1866a157ac0d136f67f4d685a524fd47eb1593dd10d0eb38dd01e4a8496e4

SHA512
539ee584545adc36ab6cabb2d77af9daf46474290496e7b240b6e8d434d7e1d4a11a2efb6d6c6a6eab3421be82a4f37cf0c14a6cc112c9bf9a93236c022265a7

Download Submit
C:\Windows\system\KPrRNWF.exe

Filesize
6.0MB

MD5
52f8ba46b40bfd7215e9eae32b67fcd4

SHA1
a105676eb061ff1631ae2f7b863252b608e80266

SHA256
49753f2fc9266477729fd116a3ea237035156e2abcf04feb4d895fd4a9c4a163

SHA512
011710c0d3855a3f096779cb8aad1799ea9280a92643182518e30fa69e7ea70602a26d2c5eda2ab50977aac72f6e87246e53ea5f89cf42d872c0e6d0f9e33925

Download Submit
C:\Windows\system\MKYKiMM.exe

Filesize
6.0MB

MD5
b00288af46454845ccc528b937812cdc

SHA1
e224dd3cce5dbe658b82c68449c1fdbf18860528

SHA256
46c418b97750d6bf1be11cfbb40a3e893b0fae61b27024aacf63977e9b530f3e

SHA512
4da5f25dbbf705c79cca167a6076d74c2bac59ed050dc6662b87527d2fa7bf376e97c931e943d65b94b7e0afb32e7f588cabdbd721795470bce592270377aa2a

Download Submit
C:\Windows\system\MpKqAEf.exe

Filesize
6.0MB

MD5
97d16dd8abcbcba8b1019de5991d16ce

SHA1
2766e91e1e7cbfd49d954ce9c8317029600228c1

SHA256
710b2c9bea79377239b071bf470cfcc4422bfa7063aaf52129062ceccfe2363e

SHA512
1cff30fc38b3eaacf0d4fb980dd3510841ddfc126726a401db0d64d88cc0d9e82d9954ef5267bb7732e016d7dfa66547ed3097002b3377ecb50f417dcbe3f298

Download Submit
C:\Windows\system\RLoNDiI.exe

Filesize
6.0MB

MD5
f3befdac26dc2e58c96e39a079fb3fbb

SHA1
341419e87e1201d71a93219a225159a696dc0db4

SHA256
e94b234f477064caedfde7237339625889c6ecb302175d58891a1f5f3641f819

SHA512
2fd23b841279f46357d064e834b709f12c69de17c26c74f5e6ed39060c768a3f07648ca96ec2343bc40fb6e2d4695453d011b8c509b3f95ecd7ce582c7a954e1

Download Submit
C:\Windows\system\RbBlQBU.exe

Filesize
6.0MB

MD5
44ceaca1fd9092923ddea77ae1eda619

SHA1
f30c268a00f72ba05a63e2f9d57a2de5eab3e2f5

SHA256
7f71b21efc061b56dd60191dadd5538c6e6e65b9a17f301f2629f2e1f13870b0

SHA512
80802004c3299bf3c4b59b0b61f63dd5e900bd6b9d2599e2e59f6f920a154fe393f2d475f1603b9a2d6fbfbdaa9d1241e20ebece07c4a79b2a70931791467f06

Download Submit
C:\Windows\system\SEnoOVA.exe

Filesize
6.0MB

MD5
f8fe8e7a31af62e53a4b7fd62310485e

SHA1
02d0f9dbd5a04661ce07b09fedd6b7bc7685b9bf

SHA256
9863bc225f3926f83d053af821b2600d6dc226550dead13b841f6b2a7c7ecd20

SHA512
2d33dd464cb4bd6756783d3067c606ec6b36f39e791dd4f088c288d2d59ecd914c34c13f86ee0eff9e0aea544b0f899bb4e2cb6318f5c01356da9091c72260d2

Download Submit
C:\Windows\system\UdawsKh.exe

Filesize
6.0MB

MD5
83a8dbe431df9e4d3840ac96c41b39bd

SHA1
291d190185b68d44c5be98cac4af8de78e032524

SHA256
a8c07095fafdc80ccf93f690c1b1485250c1d2b5eb867a0dd156bd5eee05f42d

SHA512
2a241a1118e912594c2152fe73a665ec6750236e12dcd56f3f9c163d0d8024217cfdd658b03ff6386df1745374ce19af59b147c2c47bcf738d849fddc0445318

Download Submit
C:\Windows\system\WejIfZa.exe

Filesize
8B

MD5
8419d23b112ec38d9bf8e6356c6c3c96

SHA1
a94df86ffadea666b60168f2f73ebd045f64e424

SHA256
81c3623534757cb82a1f2fb001b62f620677c88411d2e656f542b05b68ab0208

SHA512
152fa875c9ee54d67696fae200bfff2e3e44d04b823a42cde6853f8edc9cb385fb9b083d678a8c2391e47868b4cd90c2bfd49b1514730db3ca67c1b4dd2c9489

Download Submit
C:\Windows\system\XqtqlkC.exe

Filesize
6.0MB

MD5
368a92df9778bd7a21d404cdf392f26e

SHA1
5fe43d7e7e325c7539e5a9d4fdb4ecab4ac0753b

SHA256
86bc0fea8f5eec311dfd3fbe8d95c9ce9c2aa81f78f70984394c1b21c9080b61

SHA512
e2d0bf9018067700a2f8816aebeb6e93a79cb16c08971cc0df9edf529c20be74057c74c83654d2f068e7bfb3ef6d214db0cd9c06d558abd841bd5d003f6b5c98

Download Submit
C:\Windows\system\YKWuxXO.exe

Filesize
6.0MB

MD5
3785244c372259424dd42132d2667ccc

SHA1
4b475c1163d0e3b1851fdac8dfb4a661d145089f

SHA256
96b73c03ed81ce51991310def51ba1eb4a430b08419841929c2957c63757c2eb

SHA512
7db05598286260af15cc492471173d9ee1730feb58eb332f0f39012fe200f8ab97311a6e5f754ccbd8520c3455ab6715cb4164b35e75aa6788240fc2fbab6a18

Download Submit
C:\Windows\system\ePhdRpU.exe

Filesize
6.0MB

MD5
3e1f92eb11b741a52c36562723523cc1

SHA1
2ba9ab9d1fc5e01764c8b313a741e09a6becf541

SHA256
3d328c4ca8e3ea4fac4b045c0859b3339ee5d714e09ba032fa873b97ab370d34

SHA512
fb7d90f160d1d595fcd274a090f528d2f5895c99799a7a6a57cfbac4770c4e7dce05d27f63784dfde8549e3bf6bff81355478e901152b7baf005d8b51965fb72

Download Submit
C:\Windows\system\hfCVApx.exe

Filesize
6.0MB

MD5
89dedbf03e27258ef6f2c785816f064b

SHA1
d69956d16045297cc131c6b080c20540cd6914ac

SHA256
0591777e2eccfce93477dd017f6b732a1da1a8923cb2abbe3a7fb21c54b84ddb

SHA512
4ceb5e75c6612fe7ad45b5f43f4883249e93ca30d8efcf6d98a19e3a44bea88ce1e74aac647c7c972f9e4e077742fb869997ea0cd9fe072731107190799d6716

Download Submit
C:\Windows\system\ieYpHxx.exe

Filesize
6.0MB

MD5
154c918816c23fc06af30b7e938c903f

SHA1
f03caeb4b580b3c907e6c53d50e8c0d368ac4c68

SHA256
34f6f51e6d98a419b9b793dc9e96680a56d1ec95703277be329c9b755973064c

SHA512
6b520da978eddc7bbb6940a8cb0c4d5cc3a05028a06d1f0c8cfa8673293d0f58b459368b4c6c7eeeeeab80886e3d3df574789dbf860a8da0c90316ad87459301

Download Submit
C:\Windows\system\mVqzghe.exe

Filesize
6.0MB

MD5
db53b2cf28c106e2a64eccb848f2a369

SHA1
01debed2b69482ba7d3b2faf6da9f8604ac49ca5

SHA256
73f0bf654a37be495cfda4ef5916c311459412c5dfe91767ecadaf93de721a5a

SHA512
6b4778891861e2f8cf91d90e531806ce635e6b9a0ffe1b26c675a691ea2b19c7e128b3cdd8e72d9236b3358c74e3cd451eb0d1ec3ae7917c01cc0759bb142f82

Download Submit
C:\Windows\system\nTXpBsB.exe

Filesize
6.0MB

MD5
add0606be181b911d225caaeefe4378d

SHA1
70205e8a03e6245e3946170883187109ac15f538

SHA256
da41ce425e9ab67742c424040ef9bc147afa506df0f4c70209663b526ce32d24

SHA512
dac2eba214a8a511653c7bfd5415b5c6585cf40dd75ec47f5f2d7583843d2e0908442a517932066b27dc8f9eeec6936c9b913c8e95b4aba0d3e8ca8ead67c5a7

Download Submit
C:\Windows\system\toMBaPu.exe

Filesize
6.0MB

MD5
8ddb9bbbe17495feb036730af7cea759

SHA1
bffdd0d6dee4bc4406958acdbd6faad224862655

SHA256
9c88c97e4e95807b0533fba91b68597eec8e507c67b710995a34f85fcce83ddf

SHA512
b33aab1734ab5763cee918d4beecea3a70842743621cea684fd7f95449bc08a8b8f7e2d6123ee3fdf56e1e3812043ebc55225697b3fdd9f44180b65cadf92372

Download Submit
C:\Windows\system\uCCpBOY.exe

Filesize
6.0MB

MD5
2c192d420a749d696967289a4f1077ee

SHA1
c3ec0317bd13d7fbcfc7e19de24bea50f28dc073

SHA256
c3d645b1113d325dc2d97a52dfba953d1a3bff2b07d13b55ddc399cea9539643

SHA512
6a4d4788f5ab550d43afe2cdb085f9552725c5feadb0c8464e1901561c696f13e7b1644489638b53f03af2d4dd3fc08b571a938f6479f1fd928abe9862f5c29c

Download Submit
C:\Windows\system\uxqtHrr.exe

Filesize
6.0MB

MD5
a629d820dd776cfc4f4f8ca36683875a

SHA1
c8c5a0cc50400ecf663b7d9dd3f66276622d1f94

SHA256
bc215ca26f5d631ea89d412789910ac73ab8b7d207535545c7d30849508ee6f4

SHA512
27534f38e94a88e2b77441a2cecedd44c6f3819008633a30653d25065c4ec9acf82f7101ff58941730a30932e84c12abfd08f85700c576db8c875810acb26a97

Download Submit
C:\Windows\system\vollMpd.exe

Filesize
6.0MB

MD5
6c6e9ddfdd8dd9ba999777f6857f0aee

SHA1
edeb49982a27364070b8c685612d77090e10f673

SHA256
93f0851ce3e307722f836e1711ba4e48df108679d29de111f9d4a851701e4e7f

SHA512
3ac29cfcda492ea31022bfcaada9ca03657e3fba465773b20ddbc1d2bd1cf87b38b847eeb4e18087c8f41c3888fa99bd8fccceaf23b3643ff9da1b2821b434c0

Download Submit
C:\Windows\system\xeIzdql.exe

Filesize
6.0MB

MD5
efa89cbe1c4d5dd985b8ecdfef8fb805

SHA1
30b735c5ff2a223ab1618c053b45d03d5199b629

SHA256
5bb7a518d0f444b428aa06451168351a4ed8eb0ff56ffba92329ad4ab74d7c8f

SHA512
70f37953f3c475d8f72ddf865472013bad029bb7bf5e9d478d4433c907bfb38c7f1e17eb0841071f7b3b5ef95f30b3027b57c5c5e780f4c5f207eaa601592431

Download Submit
\Windows\system\FKXitwv.exe

Filesize
6.0MB

MD5
d5bd1bc7d1861051173b112f8959a57a

SHA1
49cde5614968b903386e6d0c94e4986d6a562697

SHA256
80423f34f11b77f4954a20461a13de928d89c499a47aee6eeb36e753ec8043bc

SHA512
ebbc5a0a0540449c3da7e61fa8baf8604d0e65d46241e84e6cba8dd90e7882536dc01f8fd57d57411dc831bb126caeafa8093ab35d7f8ee79c5140f7ffb823a2

Download Submit
\Windows\system\KQXGjht.exe

Filesize
6.0MB

MD5
cc9a65053d07b3c78c349dabba1a0edd

SHA1
9416c50f487d08a3fccff1117a2ae3c253563e0e

SHA256
8819389716593cac93a3f8cca05dac41c4a794adac894455ec905fedf1e32e17

SHA512
bf6086853f7ac3e00d21ec5e30e4feb3a4baf0befaaeedb0193f5978ba5ae2ade29dd0348190285263a7b3690d2c90c2bb225d99a7d5c63bdae6d646006b92ce

Download Submit
\Windows\system\TXFksRc.exe

Filesize
6.0MB

MD5
43545a81760004de5e846e4585acb262

SHA1
bd67355b6af1c2e7df58fdef3efef9f4c819a610

SHA256
e1c43bb016855f3ce7bdf6d0ed1739729bd217e24ab9161b81a62db8c8d0aa5c

SHA512
1408a9027b7971241fdc1851235e824bd99e3dd2d0658fdd0fca0e6cb13c9110e7333f48fbedbf8be6554e3f4d27d9e530380cca08637868800dfc37a4043171

Download Submit
\Windows\system\WFZptOs.exe

Filesize
6.0MB

MD5
9a56bc14bb3eebb9d5c05c143bfeb4fc

SHA1
cbbfb1a59604ad0990b315a6713958fc097126b8

SHA256
e25c967c9b60c69c27f7570d204e6295e0669e20d5123e866e75816dd84e8003

SHA512
fd70a16a4e0ef50fa2ce59ea867274b092b9a6283c09451cafdde0b8d774dee6f544e60085e5664da3fa75566ccbd3b61fc9c27dc5cbd3d8f99f5a621f55bbf1

Download Submit
\Windows\system\YmXKrUM.exe

Filesize
6.0MB

MD5
a8b144fcd9a72c043c08d81a34097bad

SHA1
b1083b2f090fb76aa562f866ebbc8b81eca16d2a

SHA256
442905705bb03d7dd626c6526fa8e52426cc8d84a47dd83946f990a916cdc0f5

SHA512
d1601f99f6c3901be4e291882fca3556c273b423773ea5abc885f3b95ada31c372dd587e8365ef89aadc9ebb5387b7ed8608eaf38a6188b11195185f6e845706

Download Submit
\Windows\system\kYGTgVv.exe

Filesize
6.0MB

MD5
5e57a11b047ccc7452ff761b3339c0a8

SHA1
d53c6fe7130d36383f81809bfc41f0b9ffbcdce7

SHA256
2d950fa9f25116d3592b3eae9b0453212f292410171c45bb78accfc491bf37a2

SHA512
6452344753ee8ec0a6128ee243660bdcf83cfe53ab45adc63343ae50c34f670a5b55d4d261c028b90d79d1e7f679b50110d4b05673488eee99a6c5db0e6ff1fe

Download Submit
\Windows\system\kvuptKW.exe

Filesize
6.0MB

MD5
26b3a66e0c67f6677ac16e3b52718c56

SHA1
f47702ab9ab026f6a25b017cf8a4bedf96455ce5

SHA256
964bfacdcbd906a643fb186d77895b713e8528b993da675e5942e600c3a5919f

SHA512
aff81234fa180e2147eff562719c9d683f8ce4e931f85232a4b57e1fa3916781a775f104025d8f64bec18ed2580c75988621c84135565451bdab914b2a428e05

Download Submit
memory/352-65-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/352-3395-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/352-28-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/1144-96-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/1144-3420-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/1144-59-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-903-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/1680-3458-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/1680-106-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/1924-31-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/1924-93-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/1924-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1924-24-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/1924-39-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/1924-674-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/1924-78-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/1924-0-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/1924-16-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/1924-37-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/1924-13-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/1924-111-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/1924-110-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/1924-986-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/1924-854-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/1924-54-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/1924-321-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/1924-9-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/1924-102-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/1924-70-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/1924-92-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/1924-62-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/1924-101-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2040-19-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2040-53-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2040-3354-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2076-400-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2076-3446-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2076-81-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2500-58-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2500-3391-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2500-21-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2568-66-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2568-3439-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2568-105-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2648-231-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2648-3422-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2648-74-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2708-87-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2708-50-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2708-3397-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2732-35-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-3394-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-73-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-88-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-3457-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-593-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-763-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-97-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-3455-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-3417-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2880-45-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2952-3368-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2952-15-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download