cobaltstrike | 94f3e7929154b1ff014691f0dbdd5c776c0793155121fc523f62ec7a4572796d

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
02/02/2025, 21:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

052aeb65625ad6564ac648c95d0d1f57
SHA1

f6f3ad1d0d07055fb373d519b4636a87a14ea591
SHA256

94f3e7929154b1ff014691f0dbdd5c776c0793155121fc523f62ec7a4572796d
SHA512

dbd5e4b0c8b436680fdbfd86aa1af31933cb0de0324f55eee8e01887ffce3dc15f1a5edaf4e13e210f9c3e22d82c77aec04f845cadc6ff9999ebdb8c66ad1a60
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU5:T+q56utgpPF8u/75

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012262-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000162e9-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016458-10.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001658d-28.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000015e9a-33.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001660b-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d2c-55.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000167e3-46.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019326-72.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-64.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932a-77.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019394-86.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b8-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019490-137.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a3-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950f-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019547-169.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-179.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195af-200.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ad-196.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-190.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a9-186.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-164.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-153.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194eb-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001948c-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019480-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019489-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019470-117.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c7-113.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a0-97.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2776-0-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x000c000000012262-3.dat	xmrig
behavioral1/files/0x00080000000162e9-11.dat	xmrig
behavioral1/memory/2864-14-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2736-15-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/files/0x0007000000016458-10.dat	xmrig
behavioral1/memory/2748-21-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2776-27-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x000700000001658d-28.dat	xmrig
behavioral1/memory/2864-30-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2768-32-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/files/0x0014000000015e9a-33.dat	xmrig
behavioral1/files/0x000900000001660b-39.dat	xmrig
behavioral1/memory/2708-43-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2748-44-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2632-38-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2776-36-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d2c-55.dat	xmrig
behavioral1/files/0x00090000000167e3-46.dat	xmrig
behavioral1/memory/2008-51-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/files/0x0005000000019326-72.dat	xmrig
behavioral1/memory/548-74-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/1612-66-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/files/0x0002000000018334-64.dat	xmrig
behavioral1/files/0x000500000001932a-77.dat	xmrig
behavioral1/files/0x0005000000019394-86.dat	xmrig
behavioral1/memory/1928-91-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2196-83-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/files/0x00050000000193b8-100.dat	xmrig
behavioral1/memory/1612-103-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2088-99-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019490-137.dat	xmrig
behavioral1/files/0x00050000000194a3-142.dat	xmrig
behavioral1/files/0x000500000001950f-158.dat	xmrig
behavioral1/files/0x0005000000019547-169.dat	xmrig
behavioral1/files/0x00050000000195a7-179.dat	xmrig
behavioral1/memory/2196-182-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2088-289-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2748-1528-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2736-1493-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2768-1537-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2776-418-0x0000000002520000-0x0000000002874000-memory.dmp	xmrig
behavioral1/memory/1572-371-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/1928-248-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195af-200.dat	xmrig
behavioral1/files/0x00050000000195ad-196.dat	xmrig
behavioral1/files/0x00050000000195ab-190.dat	xmrig
behavioral1/files/0x00050000000195a9-186.dat	xmrig
behavioral1/files/0x000500000001957c-174.dat	xmrig
behavioral1/files/0x0005000000019515-164.dat	xmrig
behavioral1/files/0x00050000000194ef-153.dat	xmrig
behavioral1/files/0x00050000000194eb-148.dat	xmrig
behavioral1/memory/548-145-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/files/0x000500000001948c-133.dat	xmrig
behavioral1/files/0x0005000000019480-122.dat	xmrig
behavioral1/files/0x0005000000019489-127.dat	xmrig
behavioral1/files/0x0005000000019470-117.dat	xmrig
behavioral1/files/0x00050000000193c7-113.dat	xmrig
behavioral1/memory/2776-111-0x0000000002520000-0x0000000002874000-memory.dmp	xmrig
behavioral1/memory/2776-109-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/1072-98-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a0-97.dat	xmrig
behavioral1/memory/1572-104-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2708-82-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2864	IKWyAam.exe
2736	IxXPoiY.exe
2748	ZTVGyMY.exe
2768	GYtEWUR.exe
2632	cddOVpR.exe
2708	oezHAkV.exe
2008	zYkBkPo.exe
1072	eyoncbj.exe
1612	rMYbMKm.exe
548	AFPmPXH.exe
2196	HXahITp.exe
1928	KZvfgXM.exe
2088	yhFdAKZ.exe
1572	mJnTzVO.exe
2988	QUCJeQd.exe
2956	XQdVVgB.exe
2984	UAcquSI.exe
1948	DIUBNtl.exe
1388	NqowRWA.exe
364	XoJiJCr.exe
2100	IDYEOFi.exe
1640	XHHbTSg.exe
2144	whuurNn.exe
1184	mKosadk.exe
2520	WqSOoeu.exe
2468	ALfEEvI.exe
2384	EJohKyx.exe
676	pDyAeMK.exe
2532	SvmZxLR.exe
848	xqVYrxy.exe
936	fnTaogv.exe
2428	hnYkJPX.exe
1536	iuSGIrQ.exe
1756	pzLMtdb.exe
280	vtAXvRk.exe
1376	qKQEkET.exe
788	iBCbfPx.exe
640	IsRmoIY.exe
324	NUOmeuc.exe
564	pZBcCAU.exe
2548	Xpkwyjg.exe
1676	qzNgrLB.exe
1732	gEZtSIc.exe
684	iUOiJCH.exe
1548	ECjTilw.exe
1008	WwYQSUs.exe
1316	CaKaYkV.exe
868	DzQeocF.exe
1744	apuWgZU.exe
2292	FcTtHoL.exe
1596	eAvyUKQ.exe
2860	UMTceRN.exe
2644	qcCwdpb.exe
2200	faDnhoe.exe
2908	QdtMVmp.exe
2912	ovgcAVY.exe
2744	HvSzVfD.exe
1712	ZWzJFsO.exe
2184	orrrMEP.exe
1308	VsQFlog.exe
632	GJrCfCn.exe
3000	EuniuDx.exe
2968	dqmQUqd.exe
2704	MjzAiOs.exe

Loads dropped DLL 64 IoCs

pid	Process
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2776-0-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/files/0x000c000000012262-3.dat	upx
behavioral1/files/0x00080000000162e9-11.dat	upx
behavioral1/memory/2864-14-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2736-15-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/files/0x0007000000016458-10.dat	upx
behavioral1/memory/2748-21-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2776-27-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/files/0x000700000001658d-28.dat	upx
behavioral1/memory/2864-30-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2768-32-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/files/0x0014000000015e9a-33.dat	upx
behavioral1/files/0x000900000001660b-39.dat	upx
behavioral1/memory/2708-43-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2748-44-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2632-38-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/files/0x0007000000016d2c-55.dat	upx
behavioral1/files/0x00090000000167e3-46.dat	upx
behavioral1/memory/2008-51-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/files/0x0005000000019326-72.dat	upx
behavioral1/memory/548-74-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/1612-66-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/files/0x0002000000018334-64.dat	upx
behavioral1/files/0x000500000001932a-77.dat	upx
behavioral1/files/0x0005000000019394-86.dat	upx
behavioral1/memory/1928-91-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2196-83-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/files/0x00050000000193b8-100.dat	upx
behavioral1/memory/1612-103-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2088-99-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/files/0x0005000000019490-137.dat	upx
behavioral1/files/0x00050000000194a3-142.dat	upx
behavioral1/files/0x000500000001950f-158.dat	upx
behavioral1/files/0x0005000000019547-169.dat	upx
behavioral1/files/0x00050000000195a7-179.dat	upx
behavioral1/memory/2196-182-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2088-289-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2748-1528-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2736-1493-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2768-1537-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/1572-371-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/1928-248-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/files/0x00050000000195af-200.dat	upx
behavioral1/files/0x00050000000195ad-196.dat	upx
behavioral1/files/0x00050000000195ab-190.dat	upx
behavioral1/files/0x00050000000195a9-186.dat	upx
behavioral1/files/0x000500000001957c-174.dat	upx
behavioral1/files/0x0005000000019515-164.dat	upx
behavioral1/files/0x00050000000194ef-153.dat	upx
behavioral1/files/0x00050000000194eb-148.dat	upx
behavioral1/memory/548-145-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/files/0x000500000001948c-133.dat	upx
behavioral1/files/0x0005000000019480-122.dat	upx
behavioral1/files/0x0005000000019489-127.dat	upx
behavioral1/files/0x0005000000019470-117.dat	upx
behavioral1/files/0x00050000000193c7-113.dat	upx
behavioral1/memory/1072-98-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/files/0x00050000000193a0-97.dat	upx
behavioral1/memory/1572-104-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2708-82-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2008-90-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2632-73-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/1072-60-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2864-1538-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\uiuEWyI.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tRZTylQ.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qLccpgH.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VwrOceI.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QwOEyNr.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zRzSkIR.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SNJCocZ.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JbasaDf.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AIchCZs.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FMXsYdx.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HaNwVsg.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EchkPfy.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\spkoTwi.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lvYaHiH.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LzFyZdd.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IqFpKip.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LQSwfsm.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\COhIMHP.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kwOAYRH.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EXyDriJ.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MUTzfDm.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\krSDKYw.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MUHwPmQ.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NMqVBdJ.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wIxVIeF.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QepkoiL.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rTysEYI.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BHNykhj.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cxwdpww.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qicHZuR.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EPgpLQi.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EbMEIMW.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IKWyAam.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UBgcsSX.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SWeFiOY.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NucVyyG.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IhhbcTp.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gSnfHHD.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ADXofYb.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tnFXfls.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OPyOQiV.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HwKQbnn.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TcRTSvJ.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KgQrQhu.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FbiylqR.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jVxECLL.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QAWFDtd.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CFaMfJP.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hLvnhoq.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RDaJZHM.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GQyjrzu.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZhrBIhJ.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jRCVaoE.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XuqpeEI.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sSSfgoZ.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XulWslY.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dtIrQzn.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mXYAvEk.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gnDjDuR.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BmtfzoQ.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pbutdLf.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IuCSvLw.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mXKYzjz.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kRKMzTx.exe	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 2864	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2776 wrote to memory of 2864	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2776 wrote to memory of 2864	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2776 wrote to memory of 2736	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2776 wrote to memory of 2736	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2776 wrote to memory of 2736	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2776 wrote to memory of 2748	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2776 wrote to memory of 2748	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2776 wrote to memory of 2748	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2776 wrote to memory of 2768	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2776 wrote to memory of 2768	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2776 wrote to memory of 2768	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2776 wrote to memory of 2632	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2776 wrote to memory of 2632	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2776 wrote to memory of 2632	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2776 wrote to memory of 2708	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2776 wrote to memory of 2708	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2776 wrote to memory of 2708	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2776 wrote to memory of 2008	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2776 wrote to memory of 2008	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2776 wrote to memory of 2008	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2776 wrote to memory of 1072	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2776 wrote to memory of 1072	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2776 wrote to memory of 1072	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2776 wrote to memory of 1612	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2776 wrote to memory of 1612	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2776 wrote to memory of 1612	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2776 wrote to memory of 548	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2776 wrote to memory of 548	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2776 wrote to memory of 548	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2776 wrote to memory of 2196	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2776 wrote to memory of 2196	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2776 wrote to memory of 2196	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2776 wrote to memory of 1928	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2776 wrote to memory of 1928	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2776 wrote to memory of 1928	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2776 wrote to memory of 2088	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2776 wrote to memory of 2088	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2776 wrote to memory of 2088	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2776 wrote to memory of 1572	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2776 wrote to memory of 1572	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2776 wrote to memory of 1572	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2776 wrote to memory of 2988	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2776 wrote to memory of 2988	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2776 wrote to memory of 2988	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2776 wrote to memory of 2956	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2776 wrote to memory of 2956	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2776 wrote to memory of 2956	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2776 wrote to memory of 2984	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2776 wrote to memory of 2984	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2776 wrote to memory of 2984	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2776 wrote to memory of 1948	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2776 wrote to memory of 1948	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2776 wrote to memory of 1948	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2776 wrote to memory of 1388	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2776 wrote to memory of 1388	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2776 wrote to memory of 1388	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2776 wrote to memory of 364	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2776 wrote to memory of 364	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2776 wrote to memory of 364	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2776 wrote to memory of 2100	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2776 wrote to memory of 2100	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2776 wrote to memory of 2100	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2776 wrote to memory of 1640	2776	2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-02_052aeb65625ad6564ac648c95d0d1f57_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Windows\System\IKWyAam.exe
  C:\Windows\System\IKWyAam.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\IxXPoiY.exe
  C:\Windows\System\IxXPoiY.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\ZTVGyMY.exe
  C:\Windows\System\ZTVGyMY.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\GYtEWUR.exe
  C:\Windows\System\GYtEWUR.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\cddOVpR.exe
  C:\Windows\System\cddOVpR.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\oezHAkV.exe
  C:\Windows\System\oezHAkV.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\zYkBkPo.exe
  C:\Windows\System\zYkBkPo.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\eyoncbj.exe
  C:\Windows\System\eyoncbj.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\rMYbMKm.exe
  C:\Windows\System\rMYbMKm.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\AFPmPXH.exe
  C:\Windows\System\AFPmPXH.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\HXahITp.exe
  C:\Windows\System\HXahITp.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\KZvfgXM.exe
  C:\Windows\System\KZvfgXM.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\yhFdAKZ.exe
  C:\Windows\System\yhFdAKZ.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\mJnTzVO.exe
  C:\Windows\System\mJnTzVO.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\QUCJeQd.exe
  C:\Windows\System\QUCJeQd.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\XQdVVgB.exe
  C:\Windows\System\XQdVVgB.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\UAcquSI.exe
  C:\Windows\System\UAcquSI.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\DIUBNtl.exe
  C:\Windows\System\DIUBNtl.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\NqowRWA.exe
  C:\Windows\System\NqowRWA.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\XoJiJCr.exe
  C:\Windows\System\XoJiJCr.exe
  2⤵
  - Executes dropped EXE
  PID:364
- C:\Windows\System\IDYEOFi.exe
  C:\Windows\System\IDYEOFi.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\XHHbTSg.exe
  C:\Windows\System\XHHbTSg.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\whuurNn.exe
  C:\Windows\System\whuurNn.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\mKosadk.exe
  C:\Windows\System\mKosadk.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\WqSOoeu.exe
  C:\Windows\System\WqSOoeu.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\ALfEEvI.exe
  C:\Windows\System\ALfEEvI.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\EJohKyx.exe
  C:\Windows\System\EJohKyx.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\pDyAeMK.exe
  C:\Windows\System\pDyAeMK.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\SvmZxLR.exe
  C:\Windows\System\SvmZxLR.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\xqVYrxy.exe
  C:\Windows\System\xqVYrxy.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\fnTaogv.exe
  C:\Windows\System\fnTaogv.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\hnYkJPX.exe
  C:\Windows\System\hnYkJPX.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\iuSGIrQ.exe
  C:\Windows\System\iuSGIrQ.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\pzLMtdb.exe
  C:\Windows\System\pzLMtdb.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\vtAXvRk.exe
  C:\Windows\System\vtAXvRk.exe
  2⤵
  - Executes dropped EXE
  PID:280
- C:\Windows\System\qKQEkET.exe
  C:\Windows\System\qKQEkET.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\iBCbfPx.exe
  C:\Windows\System\iBCbfPx.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\IsRmoIY.exe
  C:\Windows\System\IsRmoIY.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\NUOmeuc.exe
  C:\Windows\System\NUOmeuc.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\pZBcCAU.exe
  C:\Windows\System\pZBcCAU.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\Xpkwyjg.exe
  C:\Windows\System\Xpkwyjg.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\qzNgrLB.exe
  C:\Windows\System\qzNgrLB.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\gEZtSIc.exe
  C:\Windows\System\gEZtSIc.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\iUOiJCH.exe
  C:\Windows\System\iUOiJCH.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\ECjTilw.exe
  C:\Windows\System\ECjTilw.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\WwYQSUs.exe
  C:\Windows\System\WwYQSUs.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\CaKaYkV.exe
  C:\Windows\System\CaKaYkV.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\DzQeocF.exe
  C:\Windows\System\DzQeocF.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\apuWgZU.exe
  C:\Windows\System\apuWgZU.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\FcTtHoL.exe
  C:\Windows\System\FcTtHoL.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\eAvyUKQ.exe
  C:\Windows\System\eAvyUKQ.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\UMTceRN.exe
  C:\Windows\System\UMTceRN.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\qcCwdpb.exe
  C:\Windows\System\qcCwdpb.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\faDnhoe.exe
  C:\Windows\System\faDnhoe.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\QdtMVmp.exe
  C:\Windows\System\QdtMVmp.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\ovgcAVY.exe
  C:\Windows\System\ovgcAVY.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\HvSzVfD.exe
  C:\Windows\System\HvSzVfD.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\ZWzJFsO.exe
  C:\Windows\System\ZWzJFsO.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\orrrMEP.exe
  C:\Windows\System\orrrMEP.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\VsQFlog.exe
  C:\Windows\System\VsQFlog.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\GJrCfCn.exe
  C:\Windows\System\GJrCfCn.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\EuniuDx.exe
  C:\Windows\System\EuniuDx.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\dqmQUqd.exe
  C:\Windows\System\dqmQUqd.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\MjzAiOs.exe
  C:\Windows\System\MjzAiOs.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\xlkgpVI.exe
  C:\Windows\System\xlkgpVI.exe
  2⤵
  PID:2972
- C:\Windows\System\SbextLi.exe
  C:\Windows\System\SbextLi.exe
  2⤵
  PID:1992
- C:\Windows\System\qldRhRI.exe
  C:\Windows\System\qldRhRI.exe
  2⤵
  PID:2136
- C:\Windows\System\yXoayVn.exe
  C:\Windows\System\yXoayVn.exe
  2⤵
  PID:2148
- C:\Windows\System\QkRTFLj.exe
  C:\Windows\System\QkRTFLj.exe
  2⤵
  PID:2172
- C:\Windows\System\hkVQlhS.exe
  C:\Windows\System\hkVQlhS.exe
  2⤵
  PID:2388
- C:\Windows\System\akhVoXa.exe
  C:\Windows\System\akhVoXa.exe
  2⤵
  PID:2504
- C:\Windows\System\gnDjDuR.exe
  C:\Windows\System\gnDjDuR.exe
  2⤵
  PID:1936
- C:\Windows\System\NucVyyG.exe
  C:\Windows\System\NucVyyG.exe
  2⤵
  PID:1644
- C:\Windows\System\CjRAaCf.exe
  C:\Windows\System\CjRAaCf.exe
  2⤵
  PID:2064
- C:\Windows\System\VVSIMGR.exe
  C:\Windows\System\VVSIMGR.exe
  2⤵
  PID:1812
- C:\Windows\System\xcGKrku.exe
  C:\Windows\System\xcGKrku.exe
  2⤵
  PID:1292
- C:\Windows\System\eEkxyvO.exe
  C:\Windows\System\eEkxyvO.exe
  2⤵
  PID:2320
- C:\Windows\System\AuPxqtV.exe
  C:\Windows\System\AuPxqtV.exe
  2⤵
  PID:1764
- C:\Windows\System\rIqogyR.exe
  C:\Windows\System\rIqogyR.exe
  2⤵
  PID:1516
- C:\Windows\System\gblMila.exe
  C:\Windows\System\gblMila.exe
  2⤵
  PID:928
- C:\Windows\System\WGdrebJ.exe
  C:\Windows\System\WGdrebJ.exe
  2⤵
  PID:2228
- C:\Windows\System\HfXMdra.exe
  C:\Windows\System\HfXMdra.exe
  2⤵
  PID:1628
- C:\Windows\System\iYqfecV.exe
  C:\Windows\System\iYqfecV.exe
  2⤵
  PID:2368
- C:\Windows\System\rgptaDf.exe
  C:\Windows\System\rgptaDf.exe
  2⤵
  PID:1256
- C:\Windows\System\ZzLZndT.exe
  C:\Windows\System\ZzLZndT.exe
  2⤵
  PID:740
- C:\Windows\System\WNwQyFR.exe
  C:\Windows\System\WNwQyFR.exe
  2⤵
  PID:744
- C:\Windows\System\mhiOisP.exe
  C:\Windows\System\mhiOisP.exe
  2⤵
  PID:1684
- C:\Windows\System\uteuXMj.exe
  C:\Windows\System\uteuXMj.exe
  2⤵
  PID:2780
- C:\Windows\System\bUqVVYy.exe
  C:\Windows\System\bUqVVYy.exe
  2⤵
  PID:2672
- C:\Windows\System\hctJffe.exe
  C:\Windows\System\hctJffe.exe
  2⤵
  PID:2792
- C:\Windows\System\iCVzlNm.exe
  C:\Windows\System\iCVzlNm.exe
  2⤵
  PID:820
- C:\Windows\System\DpxWjch.exe
  C:\Windows\System\DpxWjch.exe
  2⤵
  PID:1524
- C:\Windows\System\VvlneBi.exe
  C:\Windows\System\VvlneBi.exe
  2⤵
  PID:1728
- C:\Windows\System\muZyCpS.exe
  C:\Windows\System\muZyCpS.exe
  2⤵
  PID:3020
- C:\Windows\System\cPXEZoO.exe
  C:\Windows\System\cPXEZoO.exe
  2⤵
  PID:2096
- C:\Windows\System\fPzEYnW.exe
  C:\Windows\System\fPzEYnW.exe
  2⤵
  PID:1264
- C:\Windows\System\ENMAAjW.exe
  C:\Windows\System\ENMAAjW.exe
  2⤵
  PID:2432
- C:\Windows\System\BLUXFkT.exe
  C:\Windows\System\BLUXFkT.exe
  2⤵
  PID:1300
- C:\Windows\System\KRhcakK.exe
  C:\Windows\System\KRhcakK.exe
  2⤵
  PID:528
- C:\Windows\System\DyHKXie.exe
  C:\Windows\System\DyHKXie.exe
  2⤵
  PID:2116
- C:\Windows\System\icJMYUb.exe
  C:\Windows\System\icJMYUb.exe
  2⤵
  PID:1340
- C:\Windows\System\jznJrWH.exe
  C:\Windows\System\jznJrWH.exe
  2⤵
  PID:1336
- C:\Windows\System\XNkkqtq.exe
  C:\Windows\System\XNkkqtq.exe
  2⤵
  PID:2408
- C:\Windows\System\ivciMRo.exe
  C:\Windows\System\ivciMRo.exe
  2⤵
  PID:2288
- C:\Windows\System\sJrukaj.exe
  C:\Windows\System\sJrukaj.exe
  2⤵
  PID:2264
- C:\Windows\System\sNxuDSh.exe
  C:\Windows\System\sNxuDSh.exe
  2⤵
  PID:2032
- C:\Windows\System\HddYiec.exe
  C:\Windows\System\HddYiec.exe
  2⤵
  PID:1504
- C:\Windows\System\cwSXQmc.exe
  C:\Windows\System\cwSXQmc.exe
  2⤵
  PID:2876
- C:\Windows\System\XCDtrZj.exe
  C:\Windows\System\XCDtrZj.exe
  2⤵
  PID:2352
- C:\Windows\System\DnNFRUC.exe
  C:\Windows\System\DnNFRUC.exe
  2⤵
  PID:1568
- C:\Windows\System\SLuCcjV.exe
  C:\Windows\System\SLuCcjV.exe
  2⤵
  PID:2764
- C:\Windows\System\Uxnkiqu.exe
  C:\Windows\System\Uxnkiqu.exe
  2⤵
  PID:2684
- C:\Windows\System\ZbTAjbK.exe
  C:\Windows\System\ZbTAjbK.exe
  2⤵
  PID:1272
- C:\Windows\System\fpLSGTb.exe
  C:\Windows\System\fpLSGTb.exe
  2⤵
  PID:1980
- C:\Windows\System\dKFzTov.exe
  C:\Windows\System\dKFzTov.exe
  2⤵
  PID:1088
- C:\Windows\System\RcnjxjV.exe
  C:\Windows\System\RcnjxjV.exe
  2⤵
  PID:2572
- C:\Windows\System\LAvpsKf.exe
  C:\Windows\System\LAvpsKf.exe
  2⤵
  PID:1564
- C:\Windows\System\EIUdGAk.exe
  C:\Windows\System\EIUdGAk.exe
  2⤵
  PID:3084
- C:\Windows\System\ZbTWtrf.exe
  C:\Windows\System\ZbTWtrf.exe
  2⤵
  PID:3104
- C:\Windows\System\CbCdJyI.exe
  C:\Windows\System\CbCdJyI.exe
  2⤵
  PID:3124
- C:\Windows\System\PTcFSYi.exe
  C:\Windows\System\PTcFSYi.exe
  2⤵
  PID:3148
- C:\Windows\System\CagBdIE.exe
  C:\Windows\System\CagBdIE.exe
  2⤵
  PID:3168
- C:\Windows\System\RDaJZHM.exe
  C:\Windows\System\RDaJZHM.exe
  2⤵
  PID:3188
- C:\Windows\System\yhojLyZ.exe
  C:\Windows\System\yhojLyZ.exe
  2⤵
  PID:3208
- C:\Windows\System\bTCqcNO.exe
  C:\Windows\System\bTCqcNO.exe
  2⤵
  PID:3228
- C:\Windows\System\cgjDBys.exe
  C:\Windows\System\cgjDBys.exe
  2⤵
  PID:3248
- C:\Windows\System\zWlKSbF.exe
  C:\Windows\System\zWlKSbF.exe
  2⤵
  PID:3268
- C:\Windows\System\nKIvCPr.exe
  C:\Windows\System\nKIvCPr.exe
  2⤵
  PID:3288
- C:\Windows\System\EMuKYGj.exe
  C:\Windows\System\EMuKYGj.exe
  2⤵
  PID:3308
- C:\Windows\System\dPTGgoX.exe
  C:\Windows\System\dPTGgoX.exe
  2⤵
  PID:3324
- C:\Windows\System\rtjAEuX.exe
  C:\Windows\System\rtjAEuX.exe
  2⤵
  PID:3348
- C:\Windows\System\ZLzksMX.exe
  C:\Windows\System\ZLzksMX.exe
  2⤵
  PID:3368
- C:\Windows\System\JySrLwV.exe
  C:\Windows\System\JySrLwV.exe
  2⤵
  PID:3388
- C:\Windows\System\GDfzHgq.exe
  C:\Windows\System\GDfzHgq.exe
  2⤵
  PID:3408
- C:\Windows\System\QDZZtRn.exe
  C:\Windows\System\QDZZtRn.exe
  2⤵
  PID:3428
- C:\Windows\System\DWmHZYX.exe
  C:\Windows\System\DWmHZYX.exe
  2⤵
  PID:3448
- C:\Windows\System\mkwWIQH.exe
  C:\Windows\System\mkwWIQH.exe
  2⤵
  PID:3472
- C:\Windows\System\IQBlXdD.exe
  C:\Windows\System\IQBlXdD.exe
  2⤵
  PID:3492
- C:\Windows\System\IBwTSQE.exe
  C:\Windows\System\IBwTSQE.exe
  2⤵
  PID:3516
- C:\Windows\System\TeMhxwq.exe
  C:\Windows\System\TeMhxwq.exe
  2⤵
  PID:3536
- C:\Windows\System\wAUZrlL.exe
  C:\Windows\System\wAUZrlL.exe
  2⤵
  PID:3556
- C:\Windows\System\VLdojwq.exe
  C:\Windows\System\VLdojwq.exe
  2⤵
  PID:3576
- C:\Windows\System\kZOwDTi.exe
  C:\Windows\System\kZOwDTi.exe
  2⤵
  PID:3596
- C:\Windows\System\bsraFDy.exe
  C:\Windows\System\bsraFDy.exe
  2⤵
  PID:3616
- C:\Windows\System\HkKVOuL.exe
  C:\Windows\System\HkKVOuL.exe
  2⤵
  PID:3636
- C:\Windows\System\fpTznAw.exe
  C:\Windows\System\fpTznAw.exe
  2⤵
  PID:3656
- C:\Windows\System\fAJCVYm.exe
  C:\Windows\System\fAJCVYm.exe
  2⤵
  PID:3676
- C:\Windows\System\RpVdsmo.exe
  C:\Windows\System\RpVdsmo.exe
  2⤵
  PID:3696
- C:\Windows\System\oFXiTGs.exe
  C:\Windows\System\oFXiTGs.exe
  2⤵
  PID:3716
- C:\Windows\System\wLASJaU.exe
  C:\Windows\System\wLASJaU.exe
  2⤵
  PID:3736
- C:\Windows\System\GIaTyUg.exe
  C:\Windows\System\GIaTyUg.exe
  2⤵
  PID:3756
- C:\Windows\System\HiNMcqo.exe
  C:\Windows\System\HiNMcqo.exe
  2⤵
  PID:3776
- C:\Windows\System\XuqpeEI.exe
  C:\Windows\System\XuqpeEI.exe
  2⤵
  PID:3796
- C:\Windows\System\PHFRIPj.exe
  C:\Windows\System\PHFRIPj.exe
  2⤵
  PID:3816
- C:\Windows\System\ctvhDpK.exe
  C:\Windows\System\ctvhDpK.exe
  2⤵
  PID:3836
- C:\Windows\System\jLLilix.exe
  C:\Windows\System\jLLilix.exe
  2⤵
  PID:3856
- C:\Windows\System\JpgUpbT.exe
  C:\Windows\System\JpgUpbT.exe
  2⤵
  PID:3880
- C:\Windows\System\yLTGxmX.exe
  C:\Windows\System\yLTGxmX.exe
  2⤵
  PID:3900
- C:\Windows\System\PmKTVGe.exe
  C:\Windows\System\PmKTVGe.exe
  2⤵
  PID:3924
- C:\Windows\System\TJDjNIp.exe
  C:\Windows\System\TJDjNIp.exe
  2⤵
  PID:3944
- C:\Windows\System\MkOTRee.exe
  C:\Windows\System\MkOTRee.exe
  2⤵
  PID:3964
- C:\Windows\System\ygVVULv.exe
  C:\Windows\System\ygVVULv.exe
  2⤵
  PID:3984
- C:\Windows\System\aCYIsXb.exe
  C:\Windows\System\aCYIsXb.exe
  2⤵
  PID:4004
- C:\Windows\System\rRqViHm.exe
  C:\Windows\System\rRqViHm.exe
  2⤵
  PID:4024
- C:\Windows\System\EEdDjCY.exe
  C:\Windows\System\EEdDjCY.exe
  2⤵
  PID:4044
- C:\Windows\System\RxBwXzb.exe
  C:\Windows\System\RxBwXzb.exe
  2⤵
  PID:4064
- C:\Windows\System\gPqQESB.exe
  C:\Windows\System\gPqQESB.exe
  2⤵
  PID:4084
- C:\Windows\System\fLlcdlP.exe
  C:\Windows\System\fLlcdlP.exe
  2⤵
  PID:952
- C:\Windows\System\daFYfbD.exe
  C:\Windows\System\daFYfbD.exe
  2⤵
  PID:1784
- C:\Windows\System\fZDLqJN.exe
  C:\Windows\System\fZDLqJN.exe
  2⤵
  PID:2376
- C:\Windows\System\eFdOyon.exe
  C:\Windows\System\eFdOyon.exe
  2⤵
  PID:812
- C:\Windows\System\hFXVroi.exe
  C:\Windows\System\hFXVroi.exe
  2⤵
  PID:1000
- C:\Windows\System\Cbodghm.exe
  C:\Windows\System\Cbodghm.exe
  2⤵
  PID:2724
- C:\Windows\System\AydaCmu.exe
  C:\Windows\System\AydaCmu.exe
  2⤵
  PID:2656
- C:\Windows\System\VvGeFpT.exe
  C:\Windows\System\VvGeFpT.exe
  2⤵
  PID:2000
- C:\Windows\System\rpLyLwO.exe
  C:\Windows\System\rpLyLwO.exe
  2⤵
  PID:672
- C:\Windows\System\PtEKyrJ.exe
  C:\Windows\System\PtEKyrJ.exe
  2⤵
  PID:388
- C:\Windows\System\SAIWPSe.exe
  C:\Windows\System\SAIWPSe.exe
  2⤵
  PID:3096
- C:\Windows\System\JfxrqNe.exe
  C:\Windows\System\JfxrqNe.exe
  2⤵
  PID:3120
- C:\Windows\System\kZPkhHH.exe
  C:\Windows\System\kZPkhHH.exe
  2⤵
  PID:3156
- C:\Windows\System\WxuFpvQ.exe
  C:\Windows\System\WxuFpvQ.exe
  2⤵
  PID:3204
- C:\Windows\System\rOMrUio.exe
  C:\Windows\System\rOMrUio.exe
  2⤵
  PID:3236
- C:\Windows\System\hMQmFvv.exe
  C:\Windows\System\hMQmFvv.exe
  2⤵
  PID:3260
- C:\Windows\System\tVuEAek.exe
  C:\Windows\System\tVuEAek.exe
  2⤵
  PID:3280
- C:\Windows\System\WTKXzAz.exe
  C:\Windows\System\WTKXzAz.exe
  2⤵
  PID:3344
- C:\Windows\System\cMXRwsx.exe
  C:\Windows\System\cMXRwsx.exe
  2⤵
  PID:3376
- C:\Windows\System\QwYPcuw.exe
  C:\Windows\System\QwYPcuw.exe
  2⤵
  PID:3416
- C:\Windows\System\KVdhBjo.exe
  C:\Windows\System\KVdhBjo.exe
  2⤵
  PID:3420
- C:\Windows\System\xGXIDdI.exe
  C:\Windows\System\xGXIDdI.exe
  2⤵
  PID:3464
- C:\Windows\System\HvUZJGM.exe
  C:\Windows\System\HvUZJGM.exe
  2⤵
  PID:3508
- C:\Windows\System\zVUyySu.exe
  C:\Windows\System\zVUyySu.exe
  2⤵
  PID:3528
- C:\Windows\System\bvHqIAG.exe
  C:\Windows\System\bvHqIAG.exe
  2⤵
  PID:3592
- C:\Windows\System\mfnWPSr.exe
  C:\Windows\System\mfnWPSr.exe
  2⤵
  PID:3612
- C:\Windows\System\ERKOqVR.exe
  C:\Windows\System\ERKOqVR.exe
  2⤵
  PID:3672
- C:\Windows\System\xHXGBLi.exe
  C:\Windows\System\xHXGBLi.exe
  2⤵
  PID:3668
- C:\Windows\System\uiuEWyI.exe
  C:\Windows\System\uiuEWyI.exe
  2⤵
  PID:3708
- C:\Windows\System\XuxvEiu.exe
  C:\Windows\System\XuxvEiu.exe
  2⤵
  PID:3748
- C:\Windows\System\RuYftyH.exe
  C:\Windows\System\RuYftyH.exe
  2⤵
  PID:3772
- C:\Windows\System\cXMnORF.exe
  C:\Windows\System\cXMnORF.exe
  2⤵
  PID:3812
- C:\Windows\System\yXgKZjd.exe
  C:\Windows\System\yXgKZjd.exe
  2⤵
  PID:2940
- C:\Windows\System\pWQfjXO.exe
  C:\Windows\System\pWQfjXO.exe
  2⤵
  PID:3868
- C:\Windows\System\PbGmnwH.exe
  C:\Windows\System\PbGmnwH.exe
  2⤵
  PID:3916
- C:\Windows\System\nkAdauD.exe
  C:\Windows\System\nkAdauD.exe
  2⤵
  PID:3960
- C:\Windows\System\bsCyhNc.exe
  C:\Windows\System\bsCyhNc.exe
  2⤵
  PID:4000
- C:\Windows\System\GzCjGXL.exe
  C:\Windows\System\GzCjGXL.exe
  2⤵
  PID:4012
- C:\Windows\System\gYksXBR.exe
  C:\Windows\System\gYksXBR.exe
  2⤵
  PID:4036
- C:\Windows\System\IiaBCKk.exe
  C:\Windows\System\IiaBCKk.exe
  2⤵
  PID:4080
- C:\Windows\System\JYXDzZN.exe
  C:\Windows\System\JYXDzZN.exe
  2⤵
  PID:816
- C:\Windows\System\eaucgOb.exe
  C:\Windows\System\eaucgOb.exe
  2⤵
  PID:1932
- C:\Windows\System\ZRhIzlJ.exe
  C:\Windows\System\ZRhIzlJ.exe
  2⤵
  PID:2212
- C:\Windows\System\xRuHvHj.exe
  C:\Windows\System\xRuHvHj.exe
  2⤵
  PID:1592
- C:\Windows\System\uJIaqqX.exe
  C:\Windows\System\uJIaqqX.exe
  2⤵
  PID:2620
- C:\Windows\System\aqQCmbc.exe
  C:\Windows\System\aqQCmbc.exe
  2⤵
  PID:544
- C:\Windows\System\xQAxCJc.exe
  C:\Windows\System\xQAxCJc.exe
  2⤵
  PID:3100
- C:\Windows\System\lYWpfTm.exe
  C:\Windows\System\lYWpfTm.exe
  2⤵
  PID:3136
- C:\Windows\System\BMGFrti.exe
  C:\Windows\System\BMGFrti.exe
  2⤵
  PID:3244
- C:\Windows\System\ZNObJjj.exe
  C:\Windows\System\ZNObJjj.exe
  2⤵
  PID:3240
- C:\Windows\System\dVuBYng.exe
  C:\Windows\System\dVuBYng.exe
  2⤵
  PID:3304
- C:\Windows\System\euXqXsG.exe
  C:\Windows\System\euXqXsG.exe
  2⤵
  PID:3396
- C:\Windows\System\KuhLnWf.exe
  C:\Windows\System\KuhLnWf.exe
  2⤵
  PID:3380
- C:\Windows\System\FdukrBX.exe
  C:\Windows\System\FdukrBX.exe
  2⤵
  PID:3444
- C:\Windows\System\YweWZKa.exe
  C:\Windows\System\YweWZKa.exe
  2⤵
  PID:3500
- C:\Windows\System\gSUQPSE.exe
  C:\Windows\System\gSUQPSE.exe
  2⤵
  PID:3604
- C:\Windows\System\vNplwVY.exe
  C:\Windows\System\vNplwVY.exe
  2⤵
  PID:3608
- C:\Windows\System\MjjwWmr.exe
  C:\Windows\System\MjjwWmr.exe
  2⤵
  PID:3692
- C:\Windows\System\vPNXNPS.exe
  C:\Windows\System\vPNXNPS.exe
  2⤵
  PID:3784
- C:\Windows\System\ChksgbA.exe
  C:\Windows\System\ChksgbA.exe
  2⤵
  PID:3824
- C:\Windows\System\WdYOXNt.exe
  C:\Windows\System\WdYOXNt.exe
  2⤵
  PID:3920
- C:\Windows\System\eLjiycN.exe
  C:\Windows\System\eLjiycN.exe
  2⤵
  PID:3892
- C:\Windows\System\loCgvpN.exe
  C:\Windows\System\loCgvpN.exe
  2⤵
  PID:3976
- C:\Windows\System\YITExZS.exe
  C:\Windows\System\YITExZS.exe
  2⤵
  PID:4072
- C:\Windows\System\VqbkJer.exe
  C:\Windows\System\VqbkJer.exe
  2⤵
  PID:996
- C:\Windows\System\TKKEOGd.exe
  C:\Windows\System\TKKEOGd.exe
  2⤵
  PID:2304
- C:\Windows\System\uyrTTMB.exe
  C:\Windows\System\uyrTTMB.exe
  2⤵
  PID:2360
- C:\Windows\System\VqowEbu.exe
  C:\Windows\System\VqowEbu.exe
  2⤵
  PID:764
- C:\Windows\System\BhjIfpr.exe
  C:\Windows\System\BhjIfpr.exe
  2⤵
  PID:1844
- C:\Windows\System\urnhqtA.exe
  C:\Windows\System\urnhqtA.exe
  2⤵
  PID:3200
- C:\Windows\System\OdVBHOL.exe
  C:\Windows\System\OdVBHOL.exe
  2⤵
  PID:3336
- C:\Windows\System\CkSkzxS.exe
  C:\Windows\System\CkSkzxS.exe
  2⤵
  PID:3424
- C:\Windows\System\ScdPqyR.exe
  C:\Windows\System\ScdPqyR.exe
  2⤵
  PID:2120
- C:\Windows\System\cDwSVpy.exe
  C:\Windows\System\cDwSVpy.exe
  2⤵
  PID:3480
- C:\Windows\System\KpTVfWp.exe
  C:\Windows\System\KpTVfWp.exe
  2⤵
  PID:3588
- C:\Windows\System\FOTOLCZ.exe
  C:\Windows\System\FOTOLCZ.exe
  2⤵
  PID:3788
- C:\Windows\System\jOSpWtD.exe
  C:\Windows\System\jOSpWtD.exe
  2⤵
  PID:3728
- C:\Windows\System\VgqBFHg.exe
  C:\Windows\System\VgqBFHg.exe
  2⤵
  PID:4120
- C:\Windows\System\ZfEnquB.exe
  C:\Windows\System\ZfEnquB.exe
  2⤵
  PID:4144
- C:\Windows\System\XiSGWtE.exe
  C:\Windows\System\XiSGWtE.exe
  2⤵
  PID:4164
- C:\Windows\System\RdEiTXj.exe
  C:\Windows\System\RdEiTXj.exe
  2⤵
  PID:4184
- C:\Windows\System\rTTPGtl.exe
  C:\Windows\System\rTTPGtl.exe
  2⤵
  PID:4204
- C:\Windows\System\GxLgtcx.exe
  C:\Windows\System\GxLgtcx.exe
  2⤵
  PID:4224
- C:\Windows\System\XEejhGI.exe
  C:\Windows\System\XEejhGI.exe
  2⤵
  PID:4244
- C:\Windows\System\oGRhkad.exe
  C:\Windows\System\oGRhkad.exe
  2⤵
  PID:4264
- C:\Windows\System\rrhmAhP.exe
  C:\Windows\System\rrhmAhP.exe
  2⤵
  PID:4284
- C:\Windows\System\EzkItlB.exe
  C:\Windows\System\EzkItlB.exe
  2⤵
  PID:4304
- C:\Windows\System\yhvLVbx.exe
  C:\Windows\System\yhvLVbx.exe
  2⤵
  PID:4324
- C:\Windows\System\HSgzdNU.exe
  C:\Windows\System\HSgzdNU.exe
  2⤵
  PID:4344
- C:\Windows\System\KOJXfLm.exe
  C:\Windows\System\KOJXfLm.exe
  2⤵
  PID:4364
- C:\Windows\System\LCCEbrp.exe
  C:\Windows\System\LCCEbrp.exe
  2⤵
  PID:4384
- C:\Windows\System\UAsmpRc.exe
  C:\Windows\System\UAsmpRc.exe
  2⤵
  PID:4404
- C:\Windows\System\WiMRpdn.exe
  C:\Windows\System\WiMRpdn.exe
  2⤵
  PID:4424
- C:\Windows\System\dYetMoP.exe
  C:\Windows\System\dYetMoP.exe
  2⤵
  PID:4448
- C:\Windows\System\SVFMXKd.exe
  C:\Windows\System\SVFMXKd.exe
  2⤵
  PID:4468
- C:\Windows\System\HTYyxol.exe
  C:\Windows\System\HTYyxol.exe
  2⤵
  PID:4488
- C:\Windows\System\yHLNACq.exe
  C:\Windows\System\yHLNACq.exe
  2⤵
  PID:4508
- C:\Windows\System\fhvVDdD.exe
  C:\Windows\System\fhvVDdD.exe
  2⤵
  PID:4528
- C:\Windows\System\DUQNWkj.exe
  C:\Windows\System\DUQNWkj.exe
  2⤵
  PID:4552
- C:\Windows\System\ngxGOhK.exe
  C:\Windows\System\ngxGOhK.exe
  2⤵
  PID:4572
- C:\Windows\System\qLccpgH.exe
  C:\Windows\System\qLccpgH.exe
  2⤵
  PID:4592
- C:\Windows\System\kwOAYRH.exe
  C:\Windows\System\kwOAYRH.exe
  2⤵
  PID:4612
- C:\Windows\System\mZGCJQZ.exe
  C:\Windows\System\mZGCJQZ.exe
  2⤵
  PID:4632
- C:\Windows\System\LbOXieg.exe
  C:\Windows\System\LbOXieg.exe
  2⤵
  PID:4652
- C:\Windows\System\dZUUwHl.exe
  C:\Windows\System\dZUUwHl.exe
  2⤵
  PID:4672
- C:\Windows\System\QgasiRF.exe
  C:\Windows\System\QgasiRF.exe
  2⤵
  PID:4692
- C:\Windows\System\GHhhrPW.exe
  C:\Windows\System\GHhhrPW.exe
  2⤵
  PID:4712
- C:\Windows\System\UVNkTKs.exe
  C:\Windows\System\UVNkTKs.exe
  2⤵
  PID:4732
- C:\Windows\System\KunNRVo.exe
  C:\Windows\System\KunNRVo.exe
  2⤵
  PID:4752
- C:\Windows\System\igjBboj.exe
  C:\Windows\System\igjBboj.exe
  2⤵
  PID:4772
- C:\Windows\System\MWMdGia.exe
  C:\Windows\System\MWMdGia.exe
  2⤵
  PID:4792
- C:\Windows\System\HYFYQAK.exe
  C:\Windows\System\HYFYQAK.exe
  2⤵
  PID:4816
- C:\Windows\System\XVYxMcn.exe
  C:\Windows\System\XVYxMcn.exe
  2⤵
  PID:4836
- C:\Windows\System\VPpBzDI.exe
  C:\Windows\System\VPpBzDI.exe
  2⤵
  PID:4856
- C:\Windows\System\TcRTSvJ.exe
  C:\Windows\System\TcRTSvJ.exe
  2⤵
  PID:4876
- C:\Windows\System\BZNiqEy.exe
  C:\Windows\System\BZNiqEy.exe
  2⤵
  PID:4896
- C:\Windows\System\YovFfoW.exe
  C:\Windows\System\YovFfoW.exe
  2⤵
  PID:4916
- C:\Windows\System\ZcBvIbD.exe
  C:\Windows\System\ZcBvIbD.exe
  2⤵
  PID:4936
- C:\Windows\System\JyAUabm.exe
  C:\Windows\System\JyAUabm.exe
  2⤵
  PID:4956
- C:\Windows\System\UmLFVUk.exe
  C:\Windows\System\UmLFVUk.exe
  2⤵
  PID:4976
- C:\Windows\System\vvcWuWi.exe
  C:\Windows\System\vvcWuWi.exe
  2⤵
  PID:5000
- C:\Windows\System\lOMZwsG.exe
  C:\Windows\System\lOMZwsG.exe
  2⤵
  PID:5020
- C:\Windows\System\BxGfdiM.exe
  C:\Windows\System\BxGfdiM.exe
  2⤵
  PID:5040
- C:\Windows\System\vvCKTeI.exe
  C:\Windows\System\vvCKTeI.exe
  2⤵
  PID:5060
- C:\Windows\System\HFaHYNh.exe
  C:\Windows\System\HFaHYNh.exe
  2⤵
  PID:5080
- C:\Windows\System\owOsSSO.exe
  C:\Windows\System\owOsSSO.exe
  2⤵
  PID:5100
- C:\Windows\System\MPCKAyQ.exe
  C:\Windows\System\MPCKAyQ.exe
  2⤵
  PID:3888
- C:\Windows\System\yytZIix.exe
  C:\Windows\System\yytZIix.exe
  2⤵
  PID:3896
- C:\Windows\System\TefInzS.exe
  C:\Windows\System\TefInzS.exe
  2⤵
  PID:3996
- C:\Windows\System\hKfVyDo.exe
  C:\Windows\System\hKfVyDo.exe
  2⤵
  PID:2252
- C:\Windows\System\maNSvnJ.exe
  C:\Windows\System\maNSvnJ.exe
  2⤵
  PID:2004
- C:\Windows\System\OhsscJM.exe
  C:\Windows\System\OhsscJM.exe
  2⤵
  PID:3176
- C:\Windows\System\LqLRvHB.exe
  C:\Windows\System\LqLRvHB.exe
  2⤵
  PID:3180
- C:\Windows\System\TxHkIda.exe
  C:\Windows\System\TxHkIda.exe
  2⤵
  PID:3316
- C:\Windows\System\EwBBxgW.exe
  C:\Windows\System\EwBBxgW.exe
  2⤵
  PID:3532
- C:\Windows\System\eBZLhXX.exe
  C:\Windows\System\eBZLhXX.exe
  2⤵
  PID:3864
- C:\Windows\System\RApbYkQ.exe
  C:\Windows\System\RApbYkQ.exe
  2⤵
  PID:4104
- C:\Windows\System\khsfNFc.exe
  C:\Windows\System\khsfNFc.exe
  2⤵
  PID:4128
- C:\Windows\System\qUPAqNv.exe
  C:\Windows\System\qUPAqNv.exe
  2⤵
  PID:4156
- C:\Windows\System\mXKYzjz.exe
  C:\Windows\System\mXKYzjz.exe
  2⤵
  PID:4200
- C:\Windows\System\AWxwDBI.exe
  C:\Windows\System\AWxwDBI.exe
  2⤵
  PID:2700
- C:\Windows\System\kWIPvQb.exe
  C:\Windows\System\kWIPvQb.exe
  2⤵
  PID:4260
- C:\Windows\System\yxkoVUs.exe
  C:\Windows\System\yxkoVUs.exe
  2⤵
  PID:4292
- C:\Windows\System\UUDoMcz.exe
  C:\Windows\System\UUDoMcz.exe
  2⤵
  PID:4316
- C:\Windows\System\CPfcnwm.exe
  C:\Windows\System\CPfcnwm.exe
  2⤵
  PID:4336
- C:\Windows\System\nYwhFFN.exe
  C:\Windows\System\nYwhFFN.exe
  2⤵
  PID:4376
- C:\Windows\System\JTpqEom.exe
  C:\Windows\System\JTpqEom.exe
  2⤵
  PID:4444
- C:\Windows\System\uyXeuWH.exe
  C:\Windows\System\uyXeuWH.exe
  2⤵
  PID:4476
- C:\Windows\System\lOQNrTX.exe
  C:\Windows\System\lOQNrTX.exe
  2⤵
  PID:4496
- C:\Windows\System\mPNvoaw.exe
  C:\Windows\System\mPNvoaw.exe
  2⤵
  PID:4560
- C:\Windows\System\BmAIGOZ.exe
  C:\Windows\System\BmAIGOZ.exe
  2⤵
  PID:4564
- C:\Windows\System\DalZGqV.exe
  C:\Windows\System\DalZGqV.exe
  2⤵
  PID:4584
- C:\Windows\System\nTyMkuG.exe
  C:\Windows\System\nTyMkuG.exe
  2⤵
  PID:4644
- C:\Windows\System\VxhpPyZ.exe
  C:\Windows\System\VxhpPyZ.exe
  2⤵
  PID:4668
- C:\Windows\System\IoArSlK.exe
  C:\Windows\System\IoArSlK.exe
  2⤵
  PID:4548
- C:\Windows\System\LaPTzGz.exe
  C:\Windows\System\LaPTzGz.exe
  2⤵
  PID:4724
- C:\Windows\System\xaazgro.exe
  C:\Windows\System\xaazgro.exe
  2⤵
  PID:4744
- C:\Windows\System\gUQaWiX.exe
  C:\Windows\System\gUQaWiX.exe
  2⤵
  PID:4784
- C:\Windows\System\KElyKLJ.exe
  C:\Windows\System\KElyKLJ.exe
  2⤵
  PID:4832
- C:\Windows\System\hfqqzoe.exe
  C:\Windows\System\hfqqzoe.exe
  2⤵
  PID:4872
- C:\Windows\System\LIUCJZL.exe
  C:\Windows\System\LIUCJZL.exe
  2⤵
  PID:1320
- C:\Windows\System\onKZDVl.exe
  C:\Windows\System\onKZDVl.exe
  2⤵
  PID:4932
- C:\Windows\System\bvwEfbG.exe
  C:\Windows\System\bvwEfbG.exe
  2⤵
  PID:4972
- C:\Windows\System\cjMqQwR.exe
  C:\Windows\System\cjMqQwR.exe
  2⤵
  PID:4992
- C:\Windows\System\odWLxmo.exe
  C:\Windows\System\odWLxmo.exe
  2⤵
  PID:5048
- C:\Windows\System\vvzdRwb.exe
  C:\Windows\System\vvzdRwb.exe
  2⤵
  PID:5068
- C:\Windows\System\zSggnSy.exe
  C:\Windows\System\zSggnSy.exe
  2⤵
  PID:5072
- C:\Windows\System\wAJSDtO.exe
  C:\Windows\System\wAJSDtO.exe
  2⤵
  PID:4996
- C:\Windows\System\hpqjLdY.exe
  C:\Windows\System\hpqjLdY.exe
  2⤵
  PID:2232
- C:\Windows\System\ZaWZEWg.exe
  C:\Windows\System\ZaWZEWg.exe
  2⤵
  PID:4016
- C:\Windows\System\NPSxNxe.exe
  C:\Windows\System\NPSxNxe.exe
  2⤵
  PID:4092
- C:\Windows\System\QvhUOOo.exe
  C:\Windows\System\QvhUOOo.exe
  2⤵
  PID:3080
- C:\Windows\System\EbGMYbe.exe
  C:\Windows\System\EbGMYbe.exe
  2⤵
  PID:3468
- C:\Windows\System\iRYfzZT.exe
  C:\Windows\System\iRYfzZT.exe
  2⤵
  PID:3644
- C:\Windows\System\KgQrQhu.exe
  C:\Windows\System\KgQrQhu.exe
  2⤵
  PID:4192
- C:\Windows\System\jPnEyLk.exe
  C:\Windows\System\jPnEyLk.exe
  2⤵
  PID:4180
- C:\Windows\System\uNUQwTs.exe
  C:\Windows\System\uNUQwTs.exe
  2⤵
  PID:4212
- C:\Windows\System\RpEpbmX.exe
  C:\Windows\System\RpEpbmX.exe
  2⤵
  PID:4312
- C:\Windows\System\TmuEDQJ.exe
  C:\Windows\System\TmuEDQJ.exe
  2⤵
  PID:4372
- C:\Windows\System\NqYlUbh.exe
  C:\Windows\System\NqYlUbh.exe
  2⤵
  PID:4440
- C:\Windows\System\wHhVuwj.exe
  C:\Windows\System\wHhVuwj.exe
  2⤵
  PID:4504
- C:\Windows\System\XkuBMdT.exe
  C:\Windows\System\XkuBMdT.exe
  2⤵
  PID:4520
- C:\Windows\System\MnxOXfw.exe
  C:\Windows\System\MnxOXfw.exe
  2⤵
  PID:4588
- C:\Windows\System\TvhIstR.exe
  C:\Windows\System\TvhIstR.exe
  2⤵
  PID:4660
- C:\Windows\System\AjReHzE.exe
  C:\Windows\System\AjReHzE.exe
  2⤵
  PID:4704
- C:\Windows\System\mSxgDdz.exe
  C:\Windows\System\mSxgDdz.exe
  2⤵
  PID:4780
- C:\Windows\System\YMozIWj.exe
  C:\Windows\System\YMozIWj.exe
  2⤵
  PID:4852
- C:\Windows\System\BmykRhA.exe
  C:\Windows\System\BmykRhA.exe
  2⤵
  PID:4848
- C:\Windows\System\LlsedoO.exe
  C:\Windows\System\LlsedoO.exe
  2⤵
  PID:4924
- C:\Windows\System\rnoxqge.exe
  C:\Windows\System\rnoxqge.exe
  2⤵
  PID:4984
- C:\Windows\System\JejIeFB.exe
  C:\Windows\System\JejIeFB.exe
  2⤵
  PID:4988
- C:\Windows\System\TQJsHKp.exe
  C:\Windows\System\TQJsHKp.exe
  2⤵
  PID:3932
- C:\Windows\System\SpBzEIg.exe
  C:\Windows\System\SpBzEIg.exe
  2⤵
  PID:3832
- C:\Windows\System\FboHCmV.exe
  C:\Windows\System\FboHCmV.exe
  2⤵
  PID:2980
- C:\Windows\System\aBEMODc.exe
  C:\Windows\System\aBEMODc.exe
  2⤵
  PID:3196
- C:\Windows\System\PTtIEYD.exe
  C:\Windows\System\PTtIEYD.exe
  2⤵
  PID:3436
- C:\Windows\System\MuqaEQI.exe
  C:\Windows\System\MuqaEQI.exe
  2⤵
  PID:3440
- C:\Windows\System\xtxecFD.exe
  C:\Windows\System\xtxecFD.exe
  2⤵
  PID:4136
- C:\Windows\System\oHxKzxC.exe
  C:\Windows\System\oHxKzxC.exe
  2⤵
  PID:4236
- C:\Windows\System\kfAOoHN.exe
  C:\Windows\System\kfAOoHN.exe
  2⤵
  PID:4320
- C:\Windows\System\WTTeQKD.exe
  C:\Windows\System\WTTeQKD.exe
  2⤵
  PID:4392
- C:\Windows\System\yMkMSrI.exe
  C:\Windows\System\yMkMSrI.exe
  2⤵
  PID:4516
- C:\Windows\System\fRxVbta.exe
  C:\Windows\System\fRxVbta.exe
  2⤵
  PID:4648
- C:\Windows\System\gybGpJp.exe
  C:\Windows\System\gybGpJp.exe
  2⤵
  PID:4684
- C:\Windows\System\nDDsVfj.exe
  C:\Windows\System\nDDsVfj.exe
  2⤵
  PID:4708
- C:\Windows\System\NNrZkhi.exe
  C:\Windows\System\NNrZkhi.exe
  2⤵
  PID:4824
- C:\Windows\System\VzDONFA.exe
  C:\Windows\System\VzDONFA.exe
  2⤵
  PID:4868
- C:\Windows\System\AWvXiqA.exe
  C:\Windows\System\AWvXiqA.exe
  2⤵
  PID:5012
- C:\Windows\System\HPQNrBw.exe
  C:\Windows\System\HPQNrBw.exe
  2⤵
  PID:3632
- C:\Windows\System\OwVrQmv.exe
  C:\Windows\System\OwVrQmv.exe
  2⤵
  PID:2816
- C:\Windows\System\coovzxJ.exe
  C:\Windows\System\coovzxJ.exe
  2⤵
  PID:3724
- C:\Windows\System\GyZBQBj.exe
  C:\Windows\System\GyZBQBj.exe
  2⤵
  PID:1492
- C:\Windows\System\hbIzDOX.exe
  C:\Windows\System\hbIzDOX.exe
  2⤵
  PID:5128
- C:\Windows\System\ecrHHGC.exe
  C:\Windows\System\ecrHHGC.exe
  2⤵
  PID:5152
- C:\Windows\System\zRzSkIR.exe
  C:\Windows\System\zRzSkIR.exe
  2⤵
  PID:5168
- C:\Windows\System\TWjYHUH.exe
  C:\Windows\System\TWjYHUH.exe
  2⤵
  PID:5192
- C:\Windows\System\NuSsunM.exe
  C:\Windows\System\NuSsunM.exe
  2⤵
  PID:5212
- C:\Windows\System\foyAwoj.exe
  C:\Windows\System\foyAwoj.exe
  2⤵
  PID:5232
- C:\Windows\System\lBnggbm.exe
  C:\Windows\System\lBnggbm.exe
  2⤵
  PID:5252
- C:\Windows\System\Dvnqwks.exe
  C:\Windows\System\Dvnqwks.exe
  2⤵
  PID:5272
- C:\Windows\System\mCvOMur.exe
  C:\Windows\System\mCvOMur.exe
  2⤵
  PID:5292
- C:\Windows\System\rKUzHEH.exe
  C:\Windows\System\rKUzHEH.exe
  2⤵
  PID:5312
- C:\Windows\System\RPqRabD.exe
  C:\Windows\System\RPqRabD.exe
  2⤵
  PID:5332
- C:\Windows\System\hPlrTnl.exe
  C:\Windows\System\hPlrTnl.exe
  2⤵
  PID:5352
- C:\Windows\System\osOGeUj.exe
  C:\Windows\System\osOGeUj.exe
  2⤵
  PID:5372
- C:\Windows\System\DKBNIIl.exe
  C:\Windows\System\DKBNIIl.exe
  2⤵
  PID:5396
- C:\Windows\System\sUSCHft.exe
  C:\Windows\System\sUSCHft.exe
  2⤵
  PID:5416
- C:\Windows\System\ZPEyknD.exe
  C:\Windows\System\ZPEyknD.exe
  2⤵
  PID:5436
- C:\Windows\System\kYPLrie.exe
  C:\Windows\System\kYPLrie.exe
  2⤵
  PID:5456
- C:\Windows\System\nsepEWi.exe
  C:\Windows\System\nsepEWi.exe
  2⤵
  PID:5476
- C:\Windows\System\GjRcuJu.exe
  C:\Windows\System\GjRcuJu.exe
  2⤵
  PID:5496
- C:\Windows\System\IlrDAWZ.exe
  C:\Windows\System\IlrDAWZ.exe
  2⤵
  PID:5516
- C:\Windows\System\hKTGEnm.exe
  C:\Windows\System\hKTGEnm.exe
  2⤵
  PID:5536
- C:\Windows\System\NFNQfCJ.exe
  C:\Windows\System\NFNQfCJ.exe
  2⤵
  PID:5556
- C:\Windows\System\UZBshDq.exe
  C:\Windows\System\UZBshDq.exe
  2⤵
  PID:5576
- C:\Windows\System\MkTXwdv.exe
  C:\Windows\System\MkTXwdv.exe
  2⤵
  PID:5596
- C:\Windows\System\lQtUEKx.exe
  C:\Windows\System\lQtUEKx.exe
  2⤵
  PID:5616
- C:\Windows\System\uQWJBSO.exe
  C:\Windows\System\uQWJBSO.exe
  2⤵
  PID:5636
- C:\Windows\System\WjTxefT.exe
  C:\Windows\System\WjTxefT.exe
  2⤵
  PID:5656
- C:\Windows\System\GTyJAAX.exe
  C:\Windows\System\GTyJAAX.exe
  2⤵
  PID:5676
- C:\Windows\System\lqyKPuQ.exe
  C:\Windows\System\lqyKPuQ.exe
  2⤵
  PID:5696
- C:\Windows\System\fQLOiKv.exe
  C:\Windows\System\fQLOiKv.exe
  2⤵
  PID:5716
- C:\Windows\System\ONYpHgE.exe
  C:\Windows\System\ONYpHgE.exe
  2⤵
  PID:5736
- C:\Windows\System\hJBTEXI.exe
  C:\Windows\System\hJBTEXI.exe
  2⤵
  PID:5756
- C:\Windows\System\TiGpbiy.exe
  C:\Windows\System\TiGpbiy.exe
  2⤵
  PID:5776
- C:\Windows\System\dnEjGIe.exe
  C:\Windows\System\dnEjGIe.exe
  2⤵
  PID:5800
- C:\Windows\System\GQuuddA.exe
  C:\Windows\System\GQuuddA.exe
  2⤵
  PID:5820
- C:\Windows\System\wDqXnHo.exe
  C:\Windows\System\wDqXnHo.exe
  2⤵
  PID:5840
- C:\Windows\System\ihIdqte.exe
  C:\Windows\System\ihIdqte.exe
  2⤵
  PID:5860
- C:\Windows\System\dhhzKcF.exe
  C:\Windows\System\dhhzKcF.exe
  2⤵
  PID:5880
- C:\Windows\System\DaJeNyI.exe
  C:\Windows\System\DaJeNyI.exe
  2⤵
  PID:5900
- C:\Windows\System\Hsrktto.exe
  C:\Windows\System\Hsrktto.exe
  2⤵
  PID:5920
- C:\Windows\System\BVxpwdx.exe
  C:\Windows\System\BVxpwdx.exe
  2⤵
  PID:5940
- C:\Windows\System\PwSJASK.exe
  C:\Windows\System\PwSJASK.exe
  2⤵
  PID:5960
- C:\Windows\System\hxiMUaE.exe
  C:\Windows\System\hxiMUaE.exe
  2⤵
  PID:5980
- C:\Windows\System\qKRLyTv.exe
  C:\Windows\System\qKRLyTv.exe
  2⤵
  PID:6000
- C:\Windows\System\FCQJfJX.exe
  C:\Windows\System\FCQJfJX.exe
  2⤵
  PID:6020
- C:\Windows\System\jwNSbPU.exe
  C:\Windows\System\jwNSbPU.exe
  2⤵
  PID:6040
- C:\Windows\System\vtQxfWK.exe
  C:\Windows\System\vtQxfWK.exe
  2⤵
  PID:6060
- C:\Windows\System\gjUDdDQ.exe
  C:\Windows\System\gjUDdDQ.exe
  2⤵
  PID:6080
- C:\Windows\System\THVtJLd.exe
  C:\Windows\System\THVtJLd.exe
  2⤵
  PID:6100
- C:\Windows\System\nQZwHmQ.exe
  C:\Windows\System\nQZwHmQ.exe
  2⤵
  PID:6120
- C:\Windows\System\vTkUGvR.exe
  C:\Windows\System\vTkUGvR.exe
  2⤵
  PID:6140
- C:\Windows\System\VgjbLxC.exe
  C:\Windows\System\VgjbLxC.exe
  2⤵
  PID:4216
- C:\Windows\System\nICsHpW.exe
  C:\Windows\System\nICsHpW.exe
  2⤵
  PID:4604
- C:\Windows\System\CijIjjW.exe
  C:\Windows\System\CijIjjW.exe
  2⤵
  PID:4620
- C:\Windows\System\EIZNLBj.exe
  C:\Windows\System\EIZNLBj.exe
  2⤵
  PID:4748
- C:\Windows\System\zsmyWHz.exe
  C:\Windows\System\zsmyWHz.exe
  2⤵
  PID:5032
- C:\Windows\System\RdiJHfc.exe
  C:\Windows\System\RdiJHfc.exe
  2⤵
  PID:5116
- C:\Windows\System\iDpKwDp.exe
  C:\Windows\System\iDpKwDp.exe
  2⤵
  PID:3872
- C:\Windows\System\fOaJKXW.exe
  C:\Windows\System\fOaJKXW.exe
  2⤵
  PID:2024
- C:\Windows\System\WkLvhWi.exe
  C:\Windows\System\WkLvhWi.exe
  2⤵
  PID:5148
- C:\Windows\System\BlzUtGz.exe
  C:\Windows\System\BlzUtGz.exe
  2⤵
  PID:5176
- C:\Windows\System\DttGxGy.exe
  C:\Windows\System\DttGxGy.exe
  2⤵
  PID:5164
- C:\Windows\System\pTdfwCp.exe
  C:\Windows\System\pTdfwCp.exe
  2⤵
  PID:5208
- C:\Windows\System\HhUyeZx.exe
  C:\Windows\System\HhUyeZx.exe
  2⤵
  PID:5244
- C:\Windows\System\XwbGIYp.exe
  C:\Windows\System\XwbGIYp.exe
  2⤵
  PID:5280
- C:\Windows\System\yceqEvL.exe
  C:\Windows\System\yceqEvL.exe
  2⤵
  PID:5320
- C:\Windows\System\RRmkudc.exe
  C:\Windows\System\RRmkudc.exe
  2⤵
  PID:5324
- C:\Windows\System\CmohcYr.exe
  C:\Windows\System\CmohcYr.exe
  2⤵
  PID:5388
- C:\Windows\System\LPEXbUx.exe
  C:\Windows\System\LPEXbUx.exe
  2⤵
  PID:5412
- C:\Windows\System\HQOhCka.exe
  C:\Windows\System\HQOhCka.exe
  2⤵
  PID:5472
- C:\Windows\System\CoEYMkW.exe
  C:\Windows\System\CoEYMkW.exe
  2⤵
  PID:5484
- C:\Windows\System\AuBYgdW.exe
  C:\Windows\System\AuBYgdW.exe
  2⤵
  PID:5508
- C:\Windows\System\GWcXowD.exe
  C:\Windows\System\GWcXowD.exe
  2⤵
  PID:5552
- C:\Windows\System\DGqDuWP.exe
  C:\Windows\System\DGqDuWP.exe
  2⤵
  PID:5568
- C:\Windows\System\eWNRLZH.exe
  C:\Windows\System\eWNRLZH.exe
  2⤵
  PID:5624
- C:\Windows\System\sHTBmPx.exe
  C:\Windows\System\sHTBmPx.exe
  2⤵
  PID:5644
- C:\Windows\System\mmSqUjP.exe
  C:\Windows\System\mmSqUjP.exe
  2⤵
  PID:5684
- C:\Windows\System\lNXDVMn.exe
  C:\Windows\System\lNXDVMn.exe
  2⤵
  PID:5708
- C:\Windows\System\xPmruiT.exe
  C:\Windows\System\xPmruiT.exe
  2⤵
  PID:5744
- C:\Windows\System\jyiwzyw.exe
  C:\Windows\System\jyiwzyw.exe
  2⤵
  PID:5792
- C:\Windows\System\vjgoUwa.exe
  C:\Windows\System\vjgoUwa.exe
  2⤵
  PID:5808
- C:\Windows\System\LkfQiFZ.exe
  C:\Windows\System\LkfQiFZ.exe
  2⤵
  PID:1740
- C:\Windows\System\UResBjf.exe
  C:\Windows\System\UResBjf.exe
  2⤵
  PID:5876
- C:\Windows\System\abeQSuy.exe
  C:\Windows\System\abeQSuy.exe
  2⤵
  PID:5908
- C:\Windows\System\aWFoRGh.exe
  C:\Windows\System\aWFoRGh.exe
  2⤵
  PID:5936
- C:\Windows\System\DjsXbDE.exe
  C:\Windows\System\DjsXbDE.exe
  2⤵
  PID:5976
- C:\Windows\System\ouhiURe.exe
  C:\Windows\System\ouhiURe.exe
  2⤵
  PID:6028
- C:\Windows\System\FCiZIpb.exe
  C:\Windows\System\FCiZIpb.exe
  2⤵
  PID:6032
- C:\Windows\System\sxaaRPD.exe
  C:\Windows\System\sxaaRPD.exe
  2⤵
  PID:6076
- C:\Windows\System\fAylSjd.exe
  C:\Windows\System\fAylSjd.exe
  2⤵
  PID:6108
- C:\Windows\System\RdlZYay.exe
  C:\Windows\System\RdlZYay.exe
  2⤵
  PID:6132
- C:\Windows\System\zwEEHDA.exe
  C:\Windows\System\zwEEHDA.exe
  2⤵
  PID:4412
- C:\Windows\System\RtCrNZs.exe
  C:\Windows\System\RtCrNZs.exe
  2⤵
  PID:2884
- C:\Windows\System\LPFwjNB.exe
  C:\Windows\System\LPFwjNB.exe
  2⤵
  PID:4952
- C:\Windows\System\Pnwxxtg.exe
  C:\Windows\System\Pnwxxtg.exe
  2⤵
  PID:5136
- C:\Windows\System\HKDgTjG.exe
  C:\Windows\System\HKDgTjG.exe
  2⤵
  PID:5432
- C:\Windows\System\cVuaYKP.exe
  C:\Windows\System\cVuaYKP.exe
  2⤵
  PID:5452
- C:\Windows\System\PcMjuqh.exe
  C:\Windows\System\PcMjuqh.exe
  2⤵
  PID:5584
- C:\Windows\System\TmHnXJl.exe
  C:\Windows\System\TmHnXJl.exe
  2⤵
  PID:5528
- C:\Windows\System\kzfgLYg.exe
  C:\Windows\System\kzfgLYg.exe
  2⤵
  PID:5612
- C:\Windows\System\UBgcsSX.exe
  C:\Windows\System\UBgcsSX.exe
  2⤵
  PID:5668
- C:\Windows\System\GJpsSFF.exe
  C:\Windows\System\GJpsSFF.exe
  2⤵
  PID:5748
- C:\Windows\System\bSevVOC.exe
  C:\Windows\System\bSevVOC.exe
  2⤵
  PID:5764
- C:\Windows\System\KwOQEBf.exe
  C:\Windows\System\KwOQEBf.exe
  2⤵
  PID:5836
- C:\Windows\System\GxCmGEi.exe
  C:\Windows\System\GxCmGEi.exe
  2⤵
  PID:5888
- C:\Windows\System\DQLARky.exe
  C:\Windows\System\DQLARky.exe
  2⤵
  PID:5928
- C:\Windows\System\wNqdjNg.exe
  C:\Windows\System\wNqdjNg.exe
  2⤵
  PID:5972
- C:\Windows\System\EchkPfy.exe
  C:\Windows\System\EchkPfy.exe
  2⤵
  PID:6012
- C:\Windows\System\ONtKByB.exe
  C:\Windows\System\ONtKByB.exe
  2⤵
  PID:6092
- C:\Windows\System\wMpftGg.exe
  C:\Windows\System\wMpftGg.exe
  2⤵
  PID:760
- C:\Windows\System\RnXafic.exe
  C:\Windows\System\RnXafic.exe
  2⤵
  PID:2932
- C:\Windows\System\eNBleWG.exe
  C:\Windows\System\eNBleWG.exe
  2⤵
  PID:5036
- C:\Windows\System\OcctgAM.exe
  C:\Windows\System\OcctgAM.exe
  2⤵
  PID:4800
- C:\Windows\System\RMjEgSB.exe
  C:\Windows\System\RMjEgSB.exe
  2⤵
  PID:2872
- C:\Windows\System\cybwWQg.exe
  C:\Windows\System\cybwWQg.exe
  2⤵
  PID:2456
- C:\Windows\System\xlZujRE.exe
  C:\Windows\System\xlZujRE.exe
  2⤵
  PID:2728
- C:\Windows\System\suvFlDA.exe
  C:\Windows\System\suvFlDA.exe
  2⤵
  PID:4680
- C:\Windows\System\aNmAlVh.exe
  C:\Windows\System\aNmAlVh.exe
  2⤵
  PID:2440
- C:\Windows\System\SZWFBhl.exe
  C:\Windows\System\SZWFBhl.exe
  2⤵
  PID:2688
- C:\Windows\System\CbeaNAw.exe
  C:\Windows\System\CbeaNAw.exe
  2⤵
  PID:2624
- C:\Windows\System\eaHremm.exe
  C:\Windows\System\eaHremm.exe
  2⤵
  PID:1916
- C:\Windows\System\XvcyXQI.exe
  C:\Windows\System\XvcyXQI.exe
  2⤵
  PID:2052
- C:\Windows\System\TMQhyIK.exe
  C:\Windows\System\TMQhyIK.exe
  2⤵
  PID:320
- C:\Windows\System\eGHcIdC.exe
  C:\Windows\System\eGHcIdC.exe
  2⤵
  PID:824
- C:\Windows\System\POLbefU.exe
  C:\Windows\System\POLbefU.exe
  2⤵
  PID:1360
- C:\Windows\System\HyRnOsa.exe
  C:\Windows\System\HyRnOsa.exe
  2⤵
  PID:2072
- C:\Windows\System\yQgqHaI.exe
  C:\Windows\System\yQgqHaI.exe
  2⤵
  PID:2460
- C:\Windows\System\EhSTWhQ.exe
  C:\Windows\System\EhSTWhQ.exe
  2⤵
  PID:580
- C:\Windows\System\MxhqqPE.exe
  C:\Windows\System\MxhqqPE.exe
  2⤵
  PID:5404
- C:\Windows\System\XujEQbQ.exe
  C:\Windows\System\XujEQbQ.exe
  2⤵
  PID:5608
- C:\Windows\System\xohcBRk.exe
  C:\Windows\System\xohcBRk.exe
  2⤵
  PID:5712
- C:\Windows\System\rbtGHxs.exe
  C:\Windows\System\rbtGHxs.exe
  2⤵
  PID:5812
- C:\Windows\System\GjvtSSa.exe
  C:\Windows\System\GjvtSSa.exe
  2⤵
  PID:5892
- C:\Windows\System\KjOugWX.exe
  C:\Windows\System\KjOugWX.exe
  2⤵
  PID:6036
- C:\Windows\System\cFjoLSJ.exe
  C:\Windows\System\cFjoLSJ.exe
  2⤵
  PID:5992
- C:\Windows\System\RfFxSXX.exe
  C:\Windows\System\RfFxSXX.exe
  2⤵
  PID:6112
- C:\Windows\System\QulUKwk.exe
  C:\Windows\System\QulUKwk.exe
  2⤵
  PID:2220
- C:\Windows\System\AldOoZP.exe
  C:\Windows\System\AldOoZP.exe
  2⤵
  PID:1288
- C:\Windows\System\WxdXcZI.exe
  C:\Windows\System\WxdXcZI.exe
  2⤵
  PID:2020
- C:\Windows\System\dDJAneI.exe
  C:\Windows\System\dDJAneI.exe
  2⤵
  PID:2680
- C:\Windows\System\pikBqGf.exe
  C:\Windows\System\pikBqGf.exe
  2⤵
  PID:5200
- C:\Windows\System\WHNKbSK.exe
  C:\Windows\System\WHNKbSK.exe
  2⤵
  PID:5340
- C:\Windows\System\rlHvbal.exe
  C:\Windows\System\rlHvbal.exe
  2⤵
  PID:900
- C:\Windows\System\CnCqNRV.exe
  C:\Windows\System\CnCqNRV.exe
  2⤵
  PID:2224
- C:\Windows\System\YewOPsA.exe
  C:\Windows\System\YewOPsA.exe
  2⤵
  PID:2424
- C:\Windows\System\UlBNjjg.exe
  C:\Windows\System\UlBNjjg.exe
  2⤵
  PID:2696
- C:\Windows\System\FbiylqR.exe
  C:\Windows\System\FbiylqR.exe
  2⤵
  PID:1668
- C:\Windows\System\bgsTcbV.exe
  C:\Windows\System\bgsTcbV.exe
  2⤵
  PID:2476
- C:\Windows\System\MAMYMQj.exe
  C:\Windows\System\MAMYMQj.exe
  2⤵
  PID:1672
- C:\Windows\System\PmDYfyI.exe
  C:\Windows\System\PmDYfyI.exe
  2⤵
  PID:536
- C:\Windows\System\Yorvmnl.exe
  C:\Windows\System\Yorvmnl.exe
  2⤵
  PID:5604
- C:\Windows\System\OeLiXxu.exe
  C:\Windows\System\OeLiXxu.exe
  2⤵
  PID:3004
- C:\Windows\System\eqYtSfC.exe
  C:\Windows\System\eqYtSfC.exe
  2⤵
  PID:5832
- C:\Windows\System\FboBaBj.exe
  C:\Windows\System\FboBaBj.exe
  2⤵
  PID:5956
- C:\Windows\System\DTDdQEL.exe
  C:\Windows\System\DTDdQEL.exe
  2⤵
  PID:4540
- C:\Windows\System\voBLbQP.exe
  C:\Windows\System\voBLbQP.exe
  2⤵
  PID:6056
- C:\Windows\System\Cvfwxkg.exe
  C:\Windows\System\Cvfwxkg.exe
  2⤵
  PID:944
- C:\Windows\System\KGXfwyF.exe
  C:\Windows\System\KGXfwyF.exe
  2⤵
  PID:5240
- C:\Windows\System\sPCweyD.exe
  C:\Windows\System\sPCweyD.exe
  2⤵
  PID:2604
- C:\Windows\System\oGvYILN.exe
  C:\Windows\System\oGvYILN.exe
  2⤵
  PID:2964
- C:\Windows\System\JovhZtB.exe
  C:\Windows\System\JovhZtB.exe
  2⤵
  PID:2976
- C:\Windows\System\mfejWxL.exe
  C:\Windows\System\mfejWxL.exe
  2⤵
  PID:520
- C:\Windows\System\eokFDDk.exe
  C:\Windows\System\eokFDDk.exe
  2⤵
  PID:5488
- C:\Windows\System\nksGvXi.exe
  C:\Windows\System\nksGvXi.exe
  2⤵
  PID:5588
- C:\Windows\System\HwqmtMY.exe
  C:\Windows\System\HwqmtMY.exe
  2⤵
  PID:5392
- C:\Windows\System\bMAejgz.exe
  C:\Windows\System\bMAejgz.exe
  2⤵
  PID:6136
- C:\Windows\System\jsGwAar.exe
  C:\Windows\System\jsGwAar.exe
  2⤵
  PID:5304
- C:\Windows\System\ZWSztJO.exe
  C:\Windows\System\ZWSztJO.exe
  2⤵
  PID:5300
- C:\Windows\System\qCagWNZ.exe
  C:\Windows\System\qCagWNZ.exe
  2⤵
  PID:2168
- C:\Windows\System\IhhbcTp.exe
  C:\Windows\System\IhhbcTp.exe
  2⤵
  PID:5648
- C:\Windows\System\xkdnCOC.exe
  C:\Windows\System\xkdnCOC.exe
  2⤵
  PID:5688
- C:\Windows\System\BHNykhj.exe
  C:\Windows\System\BHNykhj.exe
  2⤵
  PID:5732
- C:\Windows\System\bCHCOXC.exe
  C:\Windows\System\bCHCOXC.exe
  2⤵
  PID:4152
- C:\Windows\System\spkoTwi.exe
  C:\Windows\System\spkoTwi.exe
  2⤵
  PID:5344
- C:\Windows\System\HIzWiqa.exe
  C:\Windows\System\HIzWiqa.exe
  2⤵
  PID:2348
- C:\Windows\System\tNIqJRX.exe
  C:\Windows\System\tNIqJRX.exe
  2⤵
  PID:6088
- C:\Windows\System\ytuSCfU.exe
  C:\Windows\System\ytuSCfU.exe
  2⤵
  PID:5848
- C:\Windows\System\ZDmUMvW.exe
  C:\Windows\System\ZDmUMvW.exe
  2⤵
  PID:844
- C:\Windows\System\UKJcuem.exe
  C:\Windows\System\UKJcuem.exe
  2⤵
  PID:5796
- C:\Windows\System\XnulsPr.exe
  C:\Windows\System\XnulsPr.exe
  2⤵
  PID:2920
- C:\Windows\System\aQZelaV.exe
  C:\Windows\System\aQZelaV.exe
  2⤵
  PID:6168
- C:\Windows\System\gLspMWC.exe
  C:\Windows\System\gLspMWC.exe
  2⤵
  PID:6196
- C:\Windows\System\pZFgepu.exe
  C:\Windows\System\pZFgepu.exe
  2⤵
  PID:6212
- C:\Windows\System\lFYNECd.exe
  C:\Windows\System\lFYNECd.exe
  2⤵
  PID:6236
- C:\Windows\System\pXVySyy.exe
  C:\Windows\System\pXVySyy.exe
  2⤵
  PID:6252
- C:\Windows\System\tFExIhO.exe
  C:\Windows\System\tFExIhO.exe
  2⤵
  PID:6268
- C:\Windows\System\anKiIXn.exe
  C:\Windows\System\anKiIXn.exe
  2⤵
  PID:6292
- C:\Windows\System\qNjSAtT.exe
  C:\Windows\System\qNjSAtT.exe
  2⤵
  PID:6316
- C:\Windows\System\GQVxVci.exe
  C:\Windows\System\GQVxVci.exe
  2⤵
  PID:6332
- C:\Windows\System\GPhpLoh.exe
  C:\Windows\System\GPhpLoh.exe
  2⤵
  PID:6352
- C:\Windows\System\nfJldzP.exe
  C:\Windows\System\nfJldzP.exe
  2⤵
  PID:6380
- C:\Windows\System\qYUrRGi.exe
  C:\Windows\System\qYUrRGi.exe
  2⤵
  PID:6400
- C:\Windows\System\riXTsdh.exe
  C:\Windows\System\riXTsdh.exe
  2⤵
  PID:6416
- C:\Windows\System\VCVtXMk.exe
  C:\Windows\System\VCVtXMk.exe
  2⤵
  PID:6432
- C:\Windows\System\rkfgwiO.exe
  C:\Windows\System\rkfgwiO.exe
  2⤵
  PID:6452
- C:\Windows\System\friJxBD.exe
  C:\Windows\System\friJxBD.exe
  2⤵
  PID:6484
- C:\Windows\System\hFvmksD.exe
  C:\Windows\System\hFvmksD.exe
  2⤵
  PID:6500
- C:\Windows\System\wjlBzuB.exe
  C:\Windows\System\wjlBzuB.exe
  2⤵
  PID:6520
- C:\Windows\System\vErylBA.exe
  C:\Windows\System\vErylBA.exe
  2⤵
  PID:6536
- C:\Windows\System\rSWOrps.exe
  C:\Windows\System\rSWOrps.exe
  2⤵
  PID:6564
- C:\Windows\System\NXNDruA.exe
  C:\Windows\System\NXNDruA.exe
  2⤵
  PID:6580
- C:\Windows\System\dtGDNzi.exe
  C:\Windows\System\dtGDNzi.exe
  2⤵
  PID:6596
- C:\Windows\System\FlAOKsf.exe
  C:\Windows\System\FlAOKsf.exe
  2⤵
  PID:6616
- C:\Windows\System\lLuVwHc.exe
  C:\Windows\System\lLuVwHc.exe
  2⤵
  PID:6640
- C:\Windows\System\oIjLqRG.exe
  C:\Windows\System\oIjLqRG.exe
  2⤵
  PID:6664
- C:\Windows\System\BmXSCzb.exe
  C:\Windows\System\BmXSCzb.exe
  2⤵
  PID:6680
- C:\Windows\System\qAmWnan.exe
  C:\Windows\System\qAmWnan.exe
  2⤵
  PID:6700
- C:\Windows\System\ZuvCeom.exe
  C:\Windows\System\ZuvCeom.exe
  2⤵
  PID:6716
- C:\Windows\System\QhIiWqL.exe
  C:\Windows\System\QhIiWqL.exe
  2⤵
  PID:6736
- C:\Windows\System\mtZXaGm.exe
  C:\Windows\System\mtZXaGm.exe
  2⤵
  PID:6760
- C:\Windows\System\QAfBWUC.exe
  C:\Windows\System\QAfBWUC.exe
  2⤵
  PID:6776
- C:\Windows\System\rahfHmB.exe
  C:\Windows\System\rahfHmB.exe
  2⤵
  PID:6796
- C:\Windows\System\bQhQRXI.exe
  C:\Windows\System\bQhQRXI.exe
  2⤵
  PID:6816
- C:\Windows\System\SNJCocZ.exe
  C:\Windows\System\SNJCocZ.exe
  2⤵
  PID:6836
- C:\Windows\System\txPUCxk.exe
  C:\Windows\System\txPUCxk.exe
  2⤵
  PID:6860
- C:\Windows\System\kdOCQBw.exe
  C:\Windows\System\kdOCQBw.exe
  2⤵
  PID:6884
- C:\Windows\System\HYJFMgz.exe
  C:\Windows\System\HYJFMgz.exe
  2⤵
  PID:6900
- C:\Windows\System\MYzwEaN.exe
  C:\Windows\System\MYzwEaN.exe
  2⤵
  PID:6924
- C:\Windows\System\julLAox.exe
  C:\Windows\System\julLAox.exe
  2⤵
  PID:6940
- C:\Windows\System\WwDkbMb.exe
  C:\Windows\System\WwDkbMb.exe
  2⤵
  PID:6960
- C:\Windows\System\jixLDYv.exe
  C:\Windows\System\jixLDYv.exe
  2⤵
  PID:6980
- C:\Windows\System\QFoXWhS.exe
  C:\Windows\System\QFoXWhS.exe
  2⤵
  PID:6996
- C:\Windows\System\OVhyxTp.exe
  C:\Windows\System\OVhyxTp.exe
  2⤵
  PID:7012
- C:\Windows\System\SPdIoky.exe
  C:\Windows\System\SPdIoky.exe
  2⤵
  PID:7036
- C:\Windows\System\vbfFceo.exe
  C:\Windows\System\vbfFceo.exe
  2⤵
  PID:7064
- C:\Windows\System\ygZCbER.exe
  C:\Windows\System\ygZCbER.exe
  2⤵
  PID:7084
- C:\Windows\System\AVcFiEN.exe
  C:\Windows\System\AVcFiEN.exe
  2⤵
  PID:7100
- C:\Windows\System\UlxJhoC.exe
  C:\Windows\System\UlxJhoC.exe
  2⤵
  PID:7116
- C:\Windows\System\TFqOkZs.exe
  C:\Windows\System\TFqOkZs.exe
  2⤵
  PID:7132
- C:\Windows\System\GcjFoFO.exe
  C:\Windows\System\GcjFoFO.exe
  2⤵
  PID:7152
- C:\Windows\System\EEfxxOs.exe
  C:\Windows\System\EEfxxOs.exe
  2⤵
  PID:6180
- C:\Windows\System\ayFFKdY.exe
  C:\Windows\System\ayFFKdY.exe
  2⤵
  PID:5868
- C:\Windows\System\VOaLCgt.exe
  C:\Windows\System\VOaLCgt.exe
  2⤵
  PID:6260
- C:\Windows\System\eJMUqBI.exe
  C:\Windows\System\eJMUqBI.exe
  2⤵
  PID:6152
- C:\Windows\System\VoEmudC.exe
  C:\Windows\System\VoEmudC.exe
  2⤵
  PID:6276
- C:\Windows\System\VFIJZZe.exe
  C:\Windows\System\VFIJZZe.exe
  2⤵
  PID:6244
- C:\Windows\System\MtPCxxb.exe
  C:\Windows\System\MtPCxxb.exe
  2⤵
  PID:6344
- C:\Windows\System\POkqODu.exe
  C:\Windows\System\POkqODu.exe
  2⤵
  PID:6388
- C:\Windows\System\OaUYXWQ.exe
  C:\Windows\System\OaUYXWQ.exe
  2⤵
  PID:6396
- C:\Windows\System\RPUGPlo.exe
  C:\Windows\System\RPUGPlo.exe
  2⤵
  PID:6424
- C:\Windows\System\mywYSsi.exe
  C:\Windows\System\mywYSsi.exe
  2⤵
  PID:6440
- C:\Windows\System\JPaCyQu.exe
  C:\Windows\System\JPaCyQu.exe
  2⤵
  PID:6476
- C:\Windows\System\mSDKPXt.exe
  C:\Windows\System\mSDKPXt.exe
  2⤵
  PID:6532
- C:\Windows\System\cxwdpww.exe
  C:\Windows\System\cxwdpww.exe
  2⤵
  PID:6572
- C:\Windows\System\tfxVUML.exe
  C:\Windows\System\tfxVUML.exe
  2⤵
  PID:6576
- C:\Windows\System\AmWDfJd.exe
  C:\Windows\System\AmWDfJd.exe
  2⤵
  PID:6632
- C:\Windows\System\ITWGear.exe
  C:\Windows\System\ITWGear.exe
  2⤵
  PID:6660
- C:\Windows\System\OYkXooF.exe
  C:\Windows\System\OYkXooF.exe
  2⤵
  PID:6708
- C:\Windows\System\XNiDKNA.exe
  C:\Windows\System\XNiDKNA.exe
  2⤵
  PID:6724
- C:\Windows\System\MdmcjTQ.exe
  C:\Windows\System\MdmcjTQ.exe
  2⤵
  PID:6824
- C:\Windows\System\UZAdaXm.exe
  C:\Windows\System\UZAdaXm.exe
  2⤵
  PID:6732
- C:\Windows\System\AvGBtQW.exe
  C:\Windows\System\AvGBtQW.exe
  2⤵
  PID:6772
- C:\Windows\System\CdwCHKT.exe
  C:\Windows\System\CdwCHKT.exe
  2⤵
  PID:6852
- C:\Windows\System\XUsHliB.exe
  C:\Windows\System\XUsHliB.exe
  2⤵
  PID:6916
- C:\Windows\System\xILyWkp.exe
  C:\Windows\System\xILyWkp.exe
  2⤵
  PID:6936
- C:\Windows\System\JklCCKz.exe
  C:\Windows\System\JklCCKz.exe
  2⤵
  PID:6972
- C:\Windows\System\FDhSGwb.exe
  C:\Windows\System\FDhSGwb.exe
  2⤵
  PID:7020
- C:\Windows\System\HYNSwds.exe
  C:\Windows\System\HYNSwds.exe
  2⤵
  PID:7008
- C:\Windows\System\gElSwtt.exe
  C:\Windows\System\gElSwtt.exe
  2⤵
  PID:7060
- C:\Windows\System\icqsJLj.exe
  C:\Windows\System\icqsJLj.exe
  2⤵
  PID:7108
- C:\Windows\System\tAiWFNv.exe
  C:\Windows\System\tAiWFNv.exe
  2⤵
  PID:7092
- C:\Windows\System\MXEEKgZ.exe
  C:\Windows\System\MXEEKgZ.exe
  2⤵
  PID:7164
- C:\Windows\System\jVxECLL.exe
  C:\Windows\System\jVxECLL.exe
  2⤵
  PID:1544
- C:\Windows\System\xDdquDM.exe
  C:\Windows\System\xDdquDM.exe
  2⤵
  PID:6224
- C:\Windows\System\xPxaGCo.exe
  C:\Windows\System\xPxaGCo.exe
  2⤵
  PID:6208
- C:\Windows\System\LsMJAek.exe
  C:\Windows\System\LsMJAek.exe
  2⤵
  PID:6360
- C:\Windows\System\KpCtoUT.exe
  C:\Windows\System\KpCtoUT.exe
  2⤵
  PID:6364
- C:\Windows\System\oYnemex.exe
  C:\Windows\System\oYnemex.exe
  2⤵
  PID:6468
- C:\Windows\System\XgkzQFZ.exe
  C:\Windows\System\XgkzQFZ.exe
  2⤵
  PID:6516
- C:\Windows\System\GyUrVad.exe
  C:\Windows\System\GyUrVad.exe
  2⤵
  PID:6604
- C:\Windows\System\JmyMqak.exe
  C:\Windows\System\JmyMqak.exe
  2⤵
  PID:6676
- C:\Windows\System\hLSCtTL.exe
  C:\Windows\System\hLSCtTL.exe
  2⤵
  PID:6788
- C:\Windows\System\HpgiuOE.exe
  C:\Windows\System\HpgiuOE.exe
  2⤵
  PID:6652
- C:\Windows\System\wOeTURU.exe
  C:\Windows\System\wOeTURU.exe
  2⤵
  PID:1512
- C:\Windows\System\CqSBLAf.exe
  C:\Windows\System\CqSBLAf.exe
  2⤵
  PID:6812
- C:\Windows\System\hYysfYT.exe
  C:\Windows\System\hYysfYT.exe
  2⤵
  PID:6908
- C:\Windows\System\GfYremN.exe
  C:\Windows\System\GfYremN.exe
  2⤵
  PID:1500
- C:\Windows\System\osjBWYV.exe
  C:\Windows\System\osjBWYV.exe
  2⤵
  PID:6932
- C:\Windows\System\nfojOjC.exe
  C:\Windows\System\nfojOjC.exe
  2⤵
  PID:6480
- C:\Windows\System\GKKmoFa.exe
  C:\Windows\System\GKKmoFa.exe
  2⤵
  PID:6988
- C:\Windows\System\ahaSvAR.exe
  C:\Windows\System\ahaSvAR.exe
  2⤵
  PID:7080
- C:\Windows\System\DQEtdUa.exe
  C:\Windows\System\DQEtdUa.exe
  2⤵
  PID:6220
- C:\Windows\System\KMDScuc.exe
  C:\Windows\System\KMDScuc.exe
  2⤵
  PID:7096
- C:\Windows\System\rREmIJh.exe
  C:\Windows\System\rREmIJh.exe
  2⤵
  PID:6284
- C:\Windows\System\ZQtmVHa.exe
  C:\Windows\System\ZQtmVHa.exe
  2⤵
  PID:6204
- C:\Windows\System\ZIdRYKl.exe
  C:\Windows\System\ZIdRYKl.exe
  2⤵
  PID:6376
- C:\Windows\System\UyKLIor.exe
  C:\Windows\System\UyKLIor.exe
  2⤵
  PID:6556
- C:\Windows\System\hXIGjAs.exe
  C:\Windows\System\hXIGjAs.exe
  2⤵
  PID:6592
- C:\Windows\System\xCayzQt.exe
  C:\Windows\System\xCayzQt.exe
  2⤵
  PID:6752
- C:\Windows\System\yzyUAHP.exe
  C:\Windows\System\yzyUAHP.exe
  2⤵
  PID:6808
- C:\Windows\System\wvrJvOz.exe
  C:\Windows\System\wvrJvOz.exe
  2⤵
  PID:6892
- C:\Windows\System\kpdJurL.exe
  C:\Windows\System\kpdJurL.exe
  2⤵
  PID:1248
- C:\Windows\System\nXfyefA.exe
  C:\Windows\System\nXfyefA.exe
  2⤵
  PID:7028
- C:\Windows\System\DMuilwn.exe
  C:\Windows\System\DMuilwn.exe
  2⤵
  PID:7076
- C:\Windows\System\yCqgQTI.exe
  C:\Windows\System\yCqgQTI.exe
  2⤵
  PID:6188
- C:\Windows\System\qYcDoBq.exe
  C:\Windows\System\qYcDoBq.exe
  2⤵
  PID:6160
- C:\Windows\System\yvmQrFr.exe
  C:\Windows\System\yvmQrFr.exe
  2⤵
  PID:6408
- C:\Windows\System\EHGljUm.exe
  C:\Windows\System\EHGljUm.exe
  2⤵
  PID:6492
- C:\Windows\System\wPymDrH.exe
  C:\Windows\System\wPymDrH.exe
  2⤵
  PID:6624
- C:\Windows\System\ekLhHrC.exe
  C:\Windows\System\ekLhHrC.exe
  2⤵
  PID:6868
- C:\Windows\System\eCdcnSE.exe
  C:\Windows\System\eCdcnSE.exe
  2⤵
  PID:1312
- C:\Windows\System\AAzqyxv.exe
  C:\Windows\System\AAzqyxv.exe
  2⤵
  PID:7112
- C:\Windows\System\qXnqTSd.exe
  C:\Windows\System\qXnqTSd.exe
  2⤵
  PID:7128
- C:\Windows\System\pPhObMo.exe
  C:\Windows\System\pPhObMo.exe
  2⤵
  PID:6444
- C:\Windows\System\UYhDObm.exe
  C:\Windows\System\UYhDObm.exe
  2⤵
  PID:6828
- C:\Windows\System\NKcEsBd.exe
  C:\Windows\System\NKcEsBd.exe
  2⤵
  PID:6348
- C:\Windows\System\QypUJqp.exe
  C:\Windows\System\QypUJqp.exe
  2⤵
  PID:2592
- C:\Windows\System\UDdfLib.exe
  C:\Windows\System\UDdfLib.exe
  2⤵
  PID:6288
- C:\Windows\System\hAXsSfg.exe
  C:\Windows\System\hAXsSfg.exe
  2⤵
  PID:7176
- C:\Windows\System\ntULLtJ.exe
  C:\Windows\System\ntULLtJ.exe
  2⤵
  PID:7204
- C:\Windows\System\cScnRWj.exe
  C:\Windows\System\cScnRWj.exe
  2⤵
  PID:7220
- C:\Windows\System\HaZUACJ.exe
  C:\Windows\System\HaZUACJ.exe
  2⤵
  PID:7248
- C:\Windows\System\gWiMrez.exe
  C:\Windows\System\gWiMrez.exe
  2⤵
  PID:7268
- C:\Windows\System\cgGdeFd.exe
  C:\Windows\System\cgGdeFd.exe
  2⤵
  PID:7288
- C:\Windows\System\gMlUFSf.exe
  C:\Windows\System\gMlUFSf.exe
  2⤵
  PID:7304
- C:\Windows\System\lWAaKQX.exe
  C:\Windows\System\lWAaKQX.exe
  2⤵
  PID:7328
- C:\Windows\System\GEprIgf.exe
  C:\Windows\System\GEprIgf.exe
  2⤵
  PID:7344
- C:\Windows\System\atznQmb.exe
  C:\Windows\System\atznQmb.exe
  2⤵
  PID:7364
- C:\Windows\System\gvqzSuT.exe
  C:\Windows\System\gvqzSuT.exe
  2⤵
  PID:7384
- C:\Windows\System\kXTcWGE.exe
  C:\Windows\System\kXTcWGE.exe
  2⤵
  PID:7408
- C:\Windows\System\SxutNej.exe
  C:\Windows\System\SxutNej.exe
  2⤵
  PID:7424
- C:\Windows\System\hhfFQWL.exe
  C:\Windows\System\hhfFQWL.exe
  2⤵
  PID:7448
- C:\Windows\System\IkfFlHa.exe
  C:\Windows\System\IkfFlHa.exe
  2⤵
  PID:7464
- C:\Windows\System\zRettXq.exe
  C:\Windows\System\zRettXq.exe
  2⤵
  PID:7488
- C:\Windows\System\xaGOYjj.exe
  C:\Windows\System\xaGOYjj.exe
  2⤵
  PID:7504
- C:\Windows\System\DfCBSEP.exe
  C:\Windows\System\DfCBSEP.exe
  2⤵
  PID:7528
- C:\Windows\System\ToRRBVh.exe
  C:\Windows\System\ToRRBVh.exe
  2⤵
  PID:7544
- C:\Windows\System\kyGYMJM.exe
  C:\Windows\System\kyGYMJM.exe
  2⤵
  PID:7568
- C:\Windows\System\TIVLJtv.exe
  C:\Windows\System\TIVLJtv.exe
  2⤵
  PID:7584
- C:\Windows\System\adRdOkv.exe
  C:\Windows\System\adRdOkv.exe
  2⤵
  PID:7604
- C:\Windows\System\awsqPKZ.exe
  C:\Windows\System\awsqPKZ.exe
  2⤵
  PID:7624
- C:\Windows\System\ZkMFNTY.exe
  C:\Windows\System\ZkMFNTY.exe
  2⤵
  PID:7644
- C:\Windows\System\sWCcytA.exe
  C:\Windows\System\sWCcytA.exe
  2⤵
  PID:7660
- C:\Windows\System\TZlJFKt.exe
  C:\Windows\System\TZlJFKt.exe
  2⤵
  PID:7680
- C:\Windows\System\hCsyDKN.exe
  C:\Windows\System\hCsyDKN.exe
  2⤵
  PID:7700
- C:\Windows\System\VvmBmrn.exe
  C:\Windows\System\VvmBmrn.exe
  2⤵
  PID:7724
- C:\Windows\System\EQPUaQa.exe
  C:\Windows\System\EQPUaQa.exe
  2⤵
  PID:7740
- C:\Windows\System\jOdaxou.exe
  C:\Windows\System\jOdaxou.exe
  2⤵
  PID:7764
- C:\Windows\System\DQamFCj.exe
  C:\Windows\System\DQamFCj.exe
  2⤵
  PID:7784
- C:\Windows\System\OezWzzT.exe
  C:\Windows\System\OezWzzT.exe
  2⤵
  PID:7804
- C:\Windows\System\ZDtiNNu.exe
  C:\Windows\System\ZDtiNNu.exe
  2⤵
  PID:7828
- C:\Windows\System\tvxZMiC.exe
  C:\Windows\System\tvxZMiC.exe
  2⤵
  PID:7848
- C:\Windows\System\BIbKHSo.exe
  C:\Windows\System\BIbKHSo.exe
  2⤵
  PID:7868
- C:\Windows\System\SRwcLxU.exe
  C:\Windows\System\SRwcLxU.exe
  2⤵
  PID:7884
- C:\Windows\System\cDroCqF.exe
  C:\Windows\System\cDroCqF.exe
  2⤵
  PID:7904
- C:\Windows\System\LRjWBSI.exe
  C:\Windows\System\LRjWBSI.exe
  2⤵
  PID:7928
- C:\Windows\System\czwCdGe.exe
  C:\Windows\System\czwCdGe.exe
  2⤵
  PID:7948
- C:\Windows\System\LOktSVU.exe
  C:\Windows\System\LOktSVU.exe
  2⤵
  PID:7972
- C:\Windows\System\wQfodTo.exe
  C:\Windows\System\wQfodTo.exe
  2⤵
  PID:7988
- C:\Windows\System\EXyDriJ.exe
  C:\Windows\System\EXyDriJ.exe
  2⤵
  PID:8008
- C:\Windows\System\DwEbolF.exe
  C:\Windows\System\DwEbolF.exe
  2⤵
  PID:8024
- C:\Windows\System\FJNUANB.exe
  C:\Windows\System\FJNUANB.exe
  2⤵
  PID:8040
- C:\Windows\System\BitsSBc.exe
  C:\Windows\System\BitsSBc.exe
  2⤵
  PID:8068
- C:\Windows\System\YhIpPSs.exe
  C:\Windows\System\YhIpPSs.exe
  2⤵
  PID:8092
- C:\Windows\System\QJzroXv.exe
  C:\Windows\System\QJzroXv.exe
  2⤵
  PID:8108
- C:\Windows\System\jOFzJES.exe
  C:\Windows\System\jOFzJES.exe
  2⤵
  PID:8132
- C:\Windows\System\cYChPVo.exe
  C:\Windows\System\cYChPVo.exe
  2⤵
  PID:8152
- C:\Windows\System\TcFzghl.exe
  C:\Windows\System\TcFzghl.exe
  2⤵
  PID:8172
- C:\Windows\System\lnWCDPg.exe
  C:\Windows\System\lnWCDPg.exe
  2⤵
  PID:7072
- C:\Windows\System\YZePGtA.exe
  C:\Windows\System\YZePGtA.exe
  2⤵
  PID:6804
- C:\Windows\System\dTdZoNe.exe
  C:\Windows\System\dTdZoNe.exe
  2⤵
  PID:6548
- C:\Windows\System\HHhJmjx.exe
  C:\Windows\System\HHhJmjx.exe
  2⤵
  PID:7188
- C:\Windows\System\RrwQwym.exe
  C:\Windows\System\RrwQwym.exe
  2⤵
  PID:7216
- C:\Windows\System\DaNyqfQ.exe
  C:\Windows\System\DaNyqfQ.exe
  2⤵
  PID:7256
- C:\Windows\System\lBsuEkA.exe
  C:\Windows\System\lBsuEkA.exe
  2⤵
  PID:7300
- C:\Windows\System\oBdLORu.exe
  C:\Windows\System\oBdLORu.exe
  2⤵
  PID:7352
- C:\Windows\System\qicHZuR.exe
  C:\Windows\System\qicHZuR.exe
  2⤵
  PID:7340
- C:\Windows\System\haFwGfE.exe
  C:\Windows\System\haFwGfE.exe
  2⤵
  PID:7396
- C:\Windows\System\VBejPBH.exe
  C:\Windows\System\VBejPBH.exe
  2⤵
  PID:1416
- C:\Windows\System\SHYdDyp.exe
  C:\Windows\System\SHYdDyp.exe
  2⤵
  PID:7476
- C:\Windows\System\DGGIHHI.exe
  C:\Windows\System\DGGIHHI.exe
  2⤵
  PID:7512
- C:\Windows\System\WFhFCjf.exe
  C:\Windows\System\WFhFCjf.exe
  2⤵
  PID:7556
- C:\Windows\System\dfWBmeo.exe
  C:\Windows\System\dfWBmeo.exe
  2⤵
  PID:7564
- C:\Windows\System\NotYEkn.exe
  C:\Windows\System\NotYEkn.exe
  2⤵
  PID:7632
- C:\Windows\System\dQLniSD.exe
  C:\Windows\System\dQLniSD.exe
  2⤵
  PID:7672
- C:\Windows\System\ECswaJl.exe
  C:\Windows\System\ECswaJl.exe
  2⤵
  PID:7620
- C:\Windows\System\bsHbplf.exe
  C:\Windows\System\bsHbplf.exe
  2⤵
  PID:7696
- C:\Windows\System\scHGKPi.exe
  C:\Windows\System\scHGKPi.exe
  2⤵
  PID:7772
- C:\Windows\System\PreNVLh.exe
  C:\Windows\System\PreNVLh.exe
  2⤵
  PID:7800
- C:\Windows\System\cETLcnt.exe
  C:\Windows\System\cETLcnt.exe
  2⤵
  PID:7836
- C:\Windows\System\TVYKblY.exe
  C:\Windows\System\TVYKblY.exe
  2⤵
  PID:7880
- C:\Windows\System\lyKUrhm.exe
  C:\Windows\System\lyKUrhm.exe
  2⤵
  PID:7892
- C:\Windows\System\jEjnMjJ.exe
  C:\Windows\System\jEjnMjJ.exe
  2⤵
  PID:7916
- C:\Windows\System\MwvaFPp.exe
  C:\Windows\System\MwvaFPp.exe
  2⤵
  PID:7960
- C:\Windows\System\ZOraRuV.exe
  C:\Windows\System\ZOraRuV.exe
  2⤵
  PID:7980
- C:\Windows\System\JbasaDf.exe
  C:\Windows\System\JbasaDf.exe
  2⤵
  PID:8052
- C:\Windows\System\nQItOaZ.exe
  C:\Windows\System\nQItOaZ.exe
  2⤵
  PID:8084
- C:\Windows\System\XGZLuCh.exe
  C:\Windows\System\XGZLuCh.exe
  2⤵
  PID:8100
- C:\Windows\System\LCYgOBP.exe
  C:\Windows\System\LCYgOBP.exe
  2⤵
  PID:6656
- C:\Windows\System\wrdfrje.exe
  C:\Windows\System\wrdfrje.exe
  2⤵
  PID:7172
- C:\Windows\System\viChaon.exe
  C:\Windows\System\viChaon.exe
  2⤵
  PID:6728
- C:\Windows\System\UgIOVcH.exe
  C:\Windows\System\UgIOVcH.exe
  2⤵
  PID:7392
- C:\Windows\System\spYhBFP.exe
  C:\Windows\System\spYhBFP.exe
  2⤵
  PID:2464
- C:\Windows\System\ZouYbrs.exe
  C:\Windows\System\ZouYbrs.exe
  2⤵
  PID:7444
- C:\Windows\System\JIWonLV.exe
  C:\Windows\System\JIWonLV.exe
  2⤵
  PID:2488
- C:\Windows\System\tdUxguZ.exe
  C:\Windows\System\tdUxguZ.exe
  2⤵
  PID:2568
- C:\Windows\System\pjCPmoe.exe
  C:\Windows\System\pjCPmoe.exe
  2⤵
  PID:7520
- C:\Windows\System\yMdMJBD.exe
  C:\Windows\System\yMdMJBD.exe
  2⤵
  PID:7592
- C:\Windows\System\BcsumTC.exe
  C:\Windows\System\BcsumTC.exe
  2⤵
  PID:7612
- C:\Windows\System\GUlXHOb.exe
  C:\Windows\System\GUlXHOb.exe
  2⤵
  PID:7716
- C:\Windows\System\QIGPHpS.exe
  C:\Windows\System\QIGPHpS.exe
  2⤵
  PID:7752
- C:\Windows\System\HAqVkvj.exe
  C:\Windows\System\HAqVkvj.exe
  2⤵
  PID:7796
- C:\Windows\System\KOtNHuA.exe
  C:\Windows\System\KOtNHuA.exe
  2⤵
  PID:7956
- C:\Windows\System\poUxgBU.exe
  C:\Windows\System\poUxgBU.exe
  2⤵
  PID:7864
- C:\Windows\System\CxDzuMy.exe
  C:\Windows\System\CxDzuMy.exe
  2⤵
  PID:8020
- C:\Windows\System\MuuqbiY.exe
  C:\Windows\System\MuuqbiY.exe
  2⤵
  PID:8080
- C:\Windows\System\IfAHoYW.exe
  C:\Windows\System\IfAHoYW.exe
  2⤵
  PID:7824
- C:\Windows\System\GGAKZNW.exe
  C:\Windows\System\GGAKZNW.exe
  2⤵
  PID:6832
- C:\Windows\System\tBnTaai.exe
  C:\Windows\System\tBnTaai.exe
  2⤵
  PID:7500
- C:\Windows\System\bAHLjgs.exe
  C:\Windows\System\bAHLjgs.exe
  2⤵
  PID:7436
- C:\Windows\System\UmtUDEx.exe
  C:\Windows\System\UmtUDEx.exe
  2⤵
  PID:3040
- C:\Windows\System\mmkVMbW.exe
  C:\Windows\System\mmkVMbW.exe
  2⤵
  PID:1968
- C:\Windows\System\HyblDDG.exe
  C:\Windows\System\HyblDDG.exe
  2⤵
  PID:7552
- C:\Windows\System\pnaTXvY.exe
  C:\Windows\System\pnaTXvY.exe
  2⤵
  PID:7496
- C:\Windows\System\XEgygDn.exe
  C:\Windows\System\XEgygDn.exe
  2⤵
  PID:7780
- C:\Windows\System\ZhIBEFm.exe
  C:\Windows\System\ZhIBEFm.exe
  2⤵
  PID:7920
- C:\Windows\System\vVITGUt.exe
  C:\Windows\System\vVITGUt.exe
  2⤵
  PID:7844
- C:\Windows\System\ZEkVxpN.exe
  C:\Windows\System\ZEkVxpN.exe
  2⤵
  PID:8004
- C:\Windows\System\NMqVBdJ.exe
  C:\Windows\System\NMqVBdJ.exe
  2⤵
  PID:8168
- C:\Windows\System\wbotAbX.exe
  C:\Windows\System\wbotAbX.exe
  2⤵
  PID:7276
- C:\Windows\System\BnevqnX.exe
  C:\Windows\System\BnevqnX.exe
  2⤵
  PID:2316
- C:\Windows\System\qYruXRt.exe
  C:\Windows\System\qYruXRt.exe
  2⤵
  PID:7336
- C:\Windows\System\cpwcwgQ.exe
  C:\Windows\System\cpwcwgQ.exe
  2⤵
  PID:7484
- C:\Windows\System\WbxSqVJ.exe
  C:\Windows\System\WbxSqVJ.exe
  2⤵
  PID:7720
- C:\Windows\System\noQMaSn.exe
  C:\Windows\System\noQMaSn.exe
  2⤵
  PID:7876
- C:\Windows\System\XwhTQWm.exe
  C:\Windows\System\XwhTQWm.exe
  2⤵
  PID:8032
- C:\Windows\System\prOeKAu.exe
  C:\Windows\System\prOeKAu.exe
  2⤵
  PID:7296
- C:\Windows\System\KBrdhFf.exe
  C:\Windows\System\KBrdhFf.exe
  2⤵
  PID:7420
- C:\Windows\System\AjBHLeA.exe
  C:\Windows\System\AjBHLeA.exe
  2⤵
  PID:920
- C:\Windows\System\GSoxLnv.exe
  C:\Windows\System\GSoxLnv.exe
  2⤵
  PID:7856
- C:\Windows\System\vbTTKji.exe
  C:\Windows\System\vbTTKji.exe
  2⤵
  PID:7900
- C:\Windows\System\XeiSEzD.exe
  C:\Windows\System\XeiSEzD.exe
  2⤵
  PID:6848
- C:\Windows\System\orjIwwa.exe
  C:\Windows\System\orjIwwa.exe
  2⤵
  PID:7668
- C:\Windows\System\wCCJGPA.exe
  C:\Windows\System\wCCJGPA.exe
  2⤵
  PID:7820
- C:\Windows\System\WebZdOU.exe
  C:\Windows\System\WebZdOU.exe
  2⤵
  PID:7816
- C:\Windows\System\DfuBZKZ.exe
  C:\Windows\System\DfuBZKZ.exe
  2⤵
  PID:3028
- C:\Windows\System\NhPeptB.exe
  C:\Windows\System\NhPeptB.exe
  2⤵
  PID:8220
- C:\Windows\System\BveRZlC.exe
  C:\Windows\System\BveRZlC.exe
  2⤵
  PID:8236
- C:\Windows\System\qEZCxva.exe
  C:\Windows\System\qEZCxva.exe
  2⤵
  PID:8252
- C:\Windows\System\uckHfnA.exe
  C:\Windows\System\uckHfnA.exe
  2⤵
  PID:8272
- C:\Windows\System\tWfLLay.exe
  C:\Windows\System\tWfLLay.exe
  2⤵
  PID:8300
- C:\Windows\System\oaSBCNz.exe
  C:\Windows\System\oaSBCNz.exe
  2⤵
  PID:8320
- C:\Windows\System\cyHzZrB.exe
  C:\Windows\System\cyHzZrB.exe
  2⤵
  PID:8336
- C:\Windows\System\KPVmLcZ.exe
  C:\Windows\System\KPVmLcZ.exe
  2⤵
  PID:8360
- C:\Windows\System\YYcBtzw.exe
  C:\Windows\System\YYcBtzw.exe
  2⤵
  PID:8376
- C:\Windows\System\KAcTnVz.exe
  C:\Windows\System\KAcTnVz.exe
  2⤵
  PID:8392
- C:\Windows\System\vcuOUEu.exe
  C:\Windows\System\vcuOUEu.exe
  2⤵
  PID:8420
- C:\Windows\System\kzEKucm.exe
  C:\Windows\System\kzEKucm.exe
  2⤵
  PID:8436
- C:\Windows\System\nUgveIE.exe
  C:\Windows\System\nUgveIE.exe
  2⤵
  PID:8460
- C:\Windows\System\ZQPKzMR.exe
  C:\Windows\System\ZQPKzMR.exe
  2⤵
  PID:8476
- C:\Windows\System\wYsykop.exe
  C:\Windows\System\wYsykop.exe
  2⤵
  PID:8492
- C:\Windows\System\lvYaHiH.exe
  C:\Windows\System\lvYaHiH.exe
  2⤵
  PID:8512
- C:\Windows\System\UEPaKLO.exe
  C:\Windows\System\UEPaKLO.exe
  2⤵
  PID:8536
- C:\Windows\System\dfCeojX.exe
  C:\Windows\System\dfCeojX.exe
  2⤵
  PID:8556
- C:\Windows\System\dpxALTg.exe
  C:\Windows\System\dpxALTg.exe
  2⤵
  PID:8572
- C:\Windows\System\Arsvwqm.exe
  C:\Windows\System\Arsvwqm.exe
  2⤵
  PID:8588
- C:\Windows\System\HuLcloF.exe
  C:\Windows\System\HuLcloF.exe
  2⤵
  PID:8616
- C:\Windows\System\hFGvmGy.exe
  C:\Windows\System\hFGvmGy.exe
  2⤵
  PID:8636
- C:\Windows\System\GkoLrGO.exe
  C:\Windows\System\GkoLrGO.exe
  2⤵
  PID:8660
- C:\Windows\System\bmcWDMD.exe
  C:\Windows\System\bmcWDMD.exe
  2⤵
  PID:8676
- C:\Windows\System\KegxkQw.exe
  C:\Windows\System\KegxkQw.exe
  2⤵
  PID:8696
- C:\Windows\System\IQRdvGG.exe
  C:\Windows\System\IQRdvGG.exe
  2⤵
  PID:8716
- C:\Windows\System\LAZmpne.exe
  C:\Windows\System\LAZmpne.exe
  2⤵
  PID:8740
- C:\Windows\System\EYgASCy.exe
  C:\Windows\System\EYgASCy.exe
  2⤵
  PID:8760
- C:\Windows\System\fHdzNfI.exe
  C:\Windows\System\fHdzNfI.exe
  2⤵
  PID:8780
- C:\Windows\System\XgYKCKb.exe
  C:\Windows\System\XgYKCKb.exe
  2⤵
  PID:8796
- C:\Windows\System\MtsoKAL.exe
  C:\Windows\System\MtsoKAL.exe
  2⤵
  PID:8820
- C:\Windows\System\DCsZeZT.exe
  C:\Windows\System\DCsZeZT.exe
  2⤵
  PID:8840
- C:\Windows\System\zCGXmHK.exe
  C:\Windows\System\zCGXmHK.exe
  2⤵
  PID:8860
- C:\Windows\System\qBqFewR.exe
  C:\Windows\System\qBqFewR.exe
  2⤵
  PID:8880
- C:\Windows\System\DMOAmDk.exe
  C:\Windows\System\DMOAmDk.exe
  2⤵
  PID:8900
- C:\Windows\System\mBVXpmD.exe
  C:\Windows\System\mBVXpmD.exe
  2⤵
  PID:8920
- C:\Windows\System\cnOHmIi.exe
  C:\Windows\System\cnOHmIi.exe
  2⤵
  PID:8944
- C:\Windows\System\cKJGceN.exe
  C:\Windows\System\cKJGceN.exe
  2⤵
  PID:8960
- C:\Windows\System\LpNiZUu.exe
  C:\Windows\System\LpNiZUu.exe
  2⤵
  PID:8984
- C:\Windows\System\PjUaHCQ.exe
  C:\Windows\System\PjUaHCQ.exe
  2⤵
  PID:9000
- C:\Windows\System\LyoBQzU.exe
  C:\Windows\System\LyoBQzU.exe
  2⤵
  PID:9024
- C:\Windows\System\imygrjP.exe
  C:\Windows\System\imygrjP.exe
  2⤵
  PID:9040
- C:\Windows\System\DLuJOUU.exe
  C:\Windows\System\DLuJOUU.exe
  2⤵
  PID:9064
- C:\Windows\System\yDopneq.exe
  C:\Windows\System\yDopneq.exe
  2⤵
  PID:9080
- C:\Windows\System\tZCHXtz.exe
  C:\Windows\System\tZCHXtz.exe
  2⤵
  PID:9100
- C:\Windows\System\LyqBBEm.exe
  C:\Windows\System\LyqBBEm.exe
  2⤵
  PID:9120
- C:\Windows\System\eekRvuo.exe
  C:\Windows\System\eekRvuo.exe
  2⤵
  PID:9140
- C:\Windows\System\QprRUlZ.exe
  C:\Windows\System\QprRUlZ.exe
  2⤵
  PID:9156
- C:\Windows\System\MoJQcha.exe
  C:\Windows\System\MoJQcha.exe
  2⤵
  PID:9180
- C:\Windows\System\YNQxKiz.exe
  C:\Windows\System\YNQxKiz.exe
  2⤵
  PID:9196
- C:\Windows\System\bykwbhn.exe
  C:\Windows\System\bykwbhn.exe
  2⤵
  PID:9212
- C:\Windows\System\soJpJue.exe
  C:\Windows\System\soJpJue.exe
  2⤵
  PID:8128
- C:\Windows\System\sNzzFyZ.exe
  C:\Windows\System\sNzzFyZ.exe
  2⤵
  PID:8244
- C:\Windows\System\DJHlEtg.exe
  C:\Windows\System\DJHlEtg.exe
  2⤵
  PID:8280
- C:\Windows\System\kPrupok.exe
  C:\Windows\System\kPrupok.exe
  2⤵
  PID:8292
- C:\Windows\System\IYRoRms.exe
  C:\Windows\System\IYRoRms.exe
  2⤵
  PID:8316
- C:\Windows\System\wPEWRII.exe
  C:\Windows\System\wPEWRII.exe
  2⤵
  PID:8400
- C:\Windows\System\XERQMrJ.exe
  C:\Windows\System\XERQMrJ.exe
  2⤵
  PID:8416
- C:\Windows\System\sCbzOfm.exe
  C:\Windows\System\sCbzOfm.exe
  2⤵
  PID:8452
- C:\Windows\System\dtIrQzn.exe
  C:\Windows\System\dtIrQzn.exe
  2⤵
  PID:8504
- C:\Windows\System\uVnvWSH.exe
  C:\Windows\System\uVnvWSH.exe
  2⤵
  PID:8472
- C:\Windows\System\jzJkjYe.exe
  C:\Windows\System\jzJkjYe.exe
  2⤵
  PID:8564
- C:\Windows\System\bunzhYF.exe
  C:\Windows\System\bunzhYF.exe
  2⤵
  PID:8612
- C:\Windows\System\uRymRrt.exe
  C:\Windows\System\uRymRrt.exe
  2⤵
  PID:8580
- C:\Windows\System\OlFSWRw.exe
  C:\Windows\System\OlFSWRw.exe
  2⤵
  PID:8648
- C:\Windows\System\VHXoToL.exe
  C:\Windows\System\VHXoToL.exe
  2⤵
  PID:8684
- C:\Windows\System\EPgpLQi.exe
  C:\Windows\System\EPgpLQi.exe
  2⤵
  PID:8712
- C:\Windows\System\lgCheuz.exe
  C:\Windows\System\lgCheuz.exe
  2⤵
  PID:8748
- C:\Windows\System\isqsdNa.exe
  C:\Windows\System\isqsdNa.exe
  2⤵
  PID:8208
- C:\Windows\System\arPoEPn.exe
  C:\Windows\System\arPoEPn.exe
  2⤵
  PID:8808
- C:\Windows\System\gdvWRsm.exe
  C:\Windows\System\gdvWRsm.exe
  2⤵
  PID:8856
- C:\Windows\System\yyqWOPf.exe
  C:\Windows\System\yyqWOPf.exe
  2⤵
  PID:8872
- C:\Windows\System\aJGKlZH.exe
  C:\Windows\System\aJGKlZH.exe
  2⤵
  PID:8908
- C:\Windows\System\pRZWUUx.exe
  C:\Windows\System\pRZWUUx.exe
  2⤵
  PID:8940
- C:\Windows\System\wWjggmj.exe
  C:\Windows\System\wWjggmj.exe
  2⤵
  PID:8976
- C:\Windows\System\qoXCiIG.exe
  C:\Windows\System\qoXCiIG.exe
  2⤵
  PID:8996
- C:\Windows\System\MxgSbIp.exe
  C:\Windows\System\MxgSbIp.exe
  2⤵
  PID:9052
- C:\Windows\System\VqhbXlI.exe
  C:\Windows\System\VqhbXlI.exe
  2⤵
  PID:9076
- C:\Windows\System\zdJtHwX.exe
  C:\Windows\System\zdJtHwX.exe
  2⤵
  PID:9136
- C:\Windows\System\jkvKJMK.exe
  C:\Windows\System\jkvKJMK.exe
  2⤵
  PID:9164
- C:\Windows\System\HokrJCQ.exe
  C:\Windows\System\HokrJCQ.exe
  2⤵
  PID:9148
- C:\Windows\System\DYUeKKh.exe
  C:\Windows\System\DYUeKKh.exe
  2⤵
  PID:8260
- C:\Windows\System\LzFyZdd.exe
  C:\Windows\System\LzFyZdd.exe
  2⤵
  PID:9192
- C:\Windows\System\VFVACRd.exe
  C:\Windows\System\VFVACRd.exe
  2⤵
  PID:7708
- C:\Windows\System\inNoCgQ.exe
  C:\Windows\System\inNoCgQ.exe
  2⤵
  PID:8308
- C:\Windows\System\pIHwIBf.exe
  C:\Windows\System\pIHwIBf.exe
  2⤵
  PID:8428
- C:\Windows\System\uQdXcHF.exe
  C:\Windows\System\uQdXcHF.exe
  2⤵
  PID:8484
- C:\Windows\System\JXHIYrz.exe
  C:\Windows\System\JXHIYrz.exe
  2⤵
  PID:8596
- C:\Windows\System\VurzZYN.exe
  C:\Windows\System\VurzZYN.exe
  2⤵
  PID:8600
- C:\Windows\System\EXFSwGf.exe
  C:\Windows\System\EXFSwGf.exe
  2⤵
  PID:8692
- C:\Windows\System\kiwdOYS.exe
  C:\Windows\System\kiwdOYS.exe
  2⤵
  PID:8552
- C:\Windows\System\mZqNrCx.exe
  C:\Windows\System\mZqNrCx.exe
  2⤵
  PID:8812
- C:\Windows\System\ADXofYb.exe
  C:\Windows\System\ADXofYb.exe
  2⤵
  PID:8776
- C:\Windows\System\IysHeyk.exe
  C:\Windows\System\IysHeyk.exe
  2⤵
  PID:8832
- C:\Windows\System\MfGJCNX.exe
  C:\Windows\System\MfGJCNX.exe
  2⤵
  PID:8892
- C:\Windows\System\AonPUrn.exe
  C:\Windows\System\AonPUrn.exe
  2⤵
  PID:8932
- C:\Windows\System\gxgzNuO.exe
  C:\Windows\System\gxgzNuO.exe
  2⤵
  PID:9016
- C:\Windows\System\qQPcasf.exe
  C:\Windows\System\qQPcasf.exe
  2⤵
  PID:9008
- C:\Windows\System\vbSgUWh.exe
  C:\Windows\System\vbSgUWh.exe
  2⤵
  PID:9092
- C:\Windows\System\bGsfLbb.exe
  C:\Windows\System\bGsfLbb.exe
  2⤵
  PID:9108
- C:\Windows\System\alqpMgK.exe
  C:\Windows\System\alqpMgK.exe
  2⤵
  PID:9204
- C:\Windows\System\dKgYXQp.exe
  C:\Windows\System\dKgYXQp.exe
  2⤵
  PID:8204
- C:\Windows\System\kkRmNWg.exe
  C:\Windows\System\kkRmNWg.exe
  2⤵
  PID:8348
- C:\Windows\System\vsbMvNl.exe
  C:\Windows\System\vsbMvNl.exe
  2⤵
  PID:8372
- C:\Windows\System\DQboQfJ.exe
  C:\Windows\System\DQboQfJ.exe
  2⤵
  PID:8488
- C:\Windows\System\FCaRsNR.exe
  C:\Windows\System\FCaRsNR.exe
  2⤵
  PID:8624
- C:\Windows\System\QkJruak.exe
  C:\Windows\System\QkJruak.exe
  2⤵
  PID:8728
- C:\Windows\System\jjOsAzS.exe
  C:\Windows\System\jjOsAzS.exe
  2⤵
  PID:8828
- C:\Windows\System\tpxYNJX.exe
  C:\Windows\System\tpxYNJX.exe
  2⤵
  PID:8876
- C:\Windows\System\aRdnsIG.exe
  C:\Windows\System\aRdnsIG.exe
  2⤵
  PID:8972
- C:\Windows\System\xIKWKBk.exe
  C:\Windows\System\xIKWKBk.exe
  2⤵
  PID:9060
- C:\Windows\System\OKBWUMB.exe
  C:\Windows\System\OKBWUMB.exe
  2⤵
  PID:9188
- C:\Windows\System\SkARMgB.exe
  C:\Windows\System\SkARMgB.exe
  2⤵
  PID:8444
- C:\Windows\System\cdBiTya.exe
  C:\Windows\System\cdBiTya.exe
  2⤵
  PID:8432
- C:\Windows\System\fRJQRhm.exe
  C:\Windows\System\fRJQRhm.exe
  2⤵
  PID:9208
- C:\Windows\System\YroDaTj.exe
  C:\Windows\System\YroDaTj.exe
  2⤵
  PID:8532
- C:\Windows\System\sehoYEK.exe
  C:\Windows\System\sehoYEK.exe
  2⤵
  PID:9032
- C:\Windows\System\nPDbHoZ.exe
  C:\Windows\System\nPDbHoZ.exe
  2⤵
  PID:9096
- C:\Windows\System\ZnIHMKE.exe
  C:\Windows\System\ZnIHMKE.exe
  2⤵
  PID:8356
- C:\Windows\System\lvWZKsz.exe
  C:\Windows\System\lvWZKsz.exe
  2⤵
  PID:9112
- C:\Windows\System\hUIlhGf.exe
  C:\Windows\System\hUIlhGf.exe
  2⤵
  PID:8816
- C:\Windows\System\LCvoehV.exe
  C:\Windows\System\LCvoehV.exe
  2⤵
  PID:9020
- C:\Windows\System\GzYRgMN.exe
  C:\Windows\System\GzYRgMN.exe
  2⤵
  PID:8212
- C:\Windows\System\vRdbHrR.exe
  C:\Windows\System\vRdbHrR.exe
  2⤵
  PID:8656
- C:\Windows\System\qmbPxmF.exe
  C:\Windows\System\qmbPxmF.exe
  2⤵
  PID:8644
- C:\Windows\System\iuWqPig.exe
  C:\Windows\System\iuWqPig.exe
  2⤵
  PID:9232
- C:\Windows\System\HXzelPg.exe
  C:\Windows\System\HXzelPg.exe
  2⤵
  PID:9260
- C:\Windows\System\APNYiuW.exe
  C:\Windows\System\APNYiuW.exe
  2⤵
  PID:9276
- C:\Windows\System\keBGaog.exe
  C:\Windows\System\keBGaog.exe
  2⤵
  PID:9296
- C:\Windows\System\iCnkZiO.exe
  C:\Windows\System\iCnkZiO.exe
  2⤵
  PID:9316
- C:\Windows\System\arJKsFk.exe
  C:\Windows\System\arJKsFk.exe
  2⤵
  PID:9340
- C:\Windows\System\sSSfgoZ.exe
  C:\Windows\System\sSSfgoZ.exe
  2⤵
  PID:9360
- C:\Windows\System\huhGpaf.exe
  C:\Windows\System\huhGpaf.exe
  2⤵
  PID:9376
- C:\Windows\System\LKVKlFz.exe
  C:\Windows\System\LKVKlFz.exe
  2⤵
  PID:9396
- C:\Windows\System\LwrCvzi.exe
  C:\Windows\System\LwrCvzi.exe
  2⤵
  PID:9420
- C:\Windows\System\FNremsq.exe
  C:\Windows\System\FNremsq.exe
  2⤵
  PID:9436
- C:\Windows\System\pYuPRLO.exe
  C:\Windows\System\pYuPRLO.exe
  2⤵
  PID:9460
- C:\Windows\System\grnuxRV.exe
  C:\Windows\System\grnuxRV.exe
  2⤵
  PID:9476
- C:\Windows\System\JRpdCjP.exe
  C:\Windows\System\JRpdCjP.exe
  2⤵
  PID:9496
- C:\Windows\System\XwYYVZV.exe
  C:\Windows\System\XwYYVZV.exe
  2⤵
  PID:9516
- C:\Windows\System\LPESRuk.exe
  C:\Windows\System\LPESRuk.exe
  2⤵
  PID:9540
- C:\Windows\System\bDazFHK.exe
  C:\Windows\System\bDazFHK.exe
  2⤵
  PID:9556
- C:\Windows\System\CBVwKSH.exe
  C:\Windows\System\CBVwKSH.exe
  2⤵
  PID:9576
- C:\Windows\System\SWWrYVW.exe
  C:\Windows\System\SWWrYVW.exe
  2⤵
  PID:9600
- C:\Windows\System\efCfrwv.exe
  C:\Windows\System\efCfrwv.exe
  2⤵
  PID:9620
- C:\Windows\System\VcpEJDJ.exe
  C:\Windows\System\VcpEJDJ.exe
  2⤵
  PID:9636
- C:\Windows\System\xvvHLoq.exe
  C:\Windows\System\xvvHLoq.exe
  2⤵
  PID:9656
- C:\Windows\System\XBczrTM.exe
  C:\Windows\System\XBczrTM.exe
  2⤵
  PID:9680
- C:\Windows\System\eoXyjLt.exe
  C:\Windows\System\eoXyjLt.exe
  2⤵
  PID:9700
- C:\Windows\System\KNlFUFE.exe
  C:\Windows\System\KNlFUFE.exe
  2⤵
  PID:9716
- C:\Windows\System\UJalFKd.exe
  C:\Windows\System\UJalFKd.exe
  2⤵
  PID:9736
- C:\Windows\System\EQaLNNR.exe
  C:\Windows\System\EQaLNNR.exe
  2⤵
  PID:9764
- C:\Windows\System\MlMfNMC.exe
  C:\Windows\System\MlMfNMC.exe
  2⤵
  PID:9784
- C:\Windows\System\vfAJfzO.exe
  C:\Windows\System\vfAJfzO.exe
  2⤵
  PID:9800
- C:\Windows\System\DKcjxIl.exe
  C:\Windows\System\DKcjxIl.exe
  2⤵
  PID:9816
- C:\Windows\System\xJRQDKw.exe
  C:\Windows\System\xJRQDKw.exe
  2⤵
  PID:9836
- C:\Windows\System\EPIOGHg.exe
  C:\Windows\System\EPIOGHg.exe
  2⤵
  PID:9852
- C:\Windows\System\lnOLJRA.exe
  C:\Windows\System\lnOLJRA.exe
  2⤵
  PID:9868
- C:\Windows\System\zOofCjB.exe
  C:\Windows\System\zOofCjB.exe
  2⤵
  PID:9884
- C:\Windows\System\PCjJznh.exe
  C:\Windows\System\PCjJznh.exe
  2⤵
  PID:9900
- C:\Windows\System\jmauGyp.exe
  C:\Windows\System\jmauGyp.exe
  2⤵
  PID:9916
- C:\Windows\System\psbFbWq.exe
  C:\Windows\System\psbFbWq.exe
  2⤵
  PID:9932
- C:\Windows\System\IlPDYRx.exe
  C:\Windows\System\IlPDYRx.exe
  2⤵
  PID:9952
- C:\Windows\System\xpIKQLQ.exe
  C:\Windows\System\xpIKQLQ.exe
  2⤵
  PID:9968
- C:\Windows\System\mrFzJyd.exe
  C:\Windows\System\mrFzJyd.exe
  2⤵
  PID:9984
- C:\Windows\System\okhKJeU.exe
  C:\Windows\System\okhKJeU.exe
  2⤵
  PID:10000
- C:\Windows\System\BURKofg.exe
  C:\Windows\System\BURKofg.exe
  2⤵
  PID:10016
- C:\Windows\System\BxGUzlf.exe
  C:\Windows\System\BxGUzlf.exe
  2⤵
  PID:10032
- C:\Windows\System\cBLzTby.exe
  C:\Windows\System\cBLzTby.exe
  2⤵
  PID:10048
- C:\Windows\System\KChgaQo.exe
  C:\Windows\System\KChgaQo.exe
  2⤵
  PID:10064
- C:\Windows\System\uLGHyXB.exe
  C:\Windows\System\uLGHyXB.exe
  2⤵
  PID:10084
- C:\Windows\System\pKVecMB.exe
  C:\Windows\System\pKVecMB.exe
  2⤵
  PID:10100
- C:\Windows\System\fRGjvOY.exe
  C:\Windows\System\fRGjvOY.exe
  2⤵
  PID:10120
- C:\Windows\System\WzyNWXu.exe
  C:\Windows\System\WzyNWXu.exe
  2⤵
  PID:10140
- C:\Windows\System\qHUsyGT.exe
  C:\Windows\System\qHUsyGT.exe
  2⤵
  PID:10172
- C:\Windows\System\TXYcBGu.exe
  C:\Windows\System\TXYcBGu.exe
  2⤵
  PID:10236
- C:\Windows\System\ChaIDST.exe
  C:\Windows\System\ChaIDST.exe
  2⤵
  PID:8928
- C:\Windows\System\uBygAwz.exe
  C:\Windows\System\uBygAwz.exe
  2⤵
  PID:9228
- C:\Windows\System\UtYPqWp.exe
  C:\Windows\System\UtYPqWp.exe
  2⤵
  PID:9272
- C:\Windows\System\DfvAqbD.exe
  C:\Windows\System\DfvAqbD.exe
  2⤵
  PID:9312
- C:\Windows\System\ifLCYvf.exe
  C:\Windows\System\ifLCYvf.exe
  2⤵
  PID:9332
- C:\Windows\System\NnBzZTN.exe
  C:\Windows\System\NnBzZTN.exe
  2⤵
  PID:9368
- C:\Windows\System\wIxVIeF.exe
  C:\Windows\System\wIxVIeF.exe
  2⤵
  PID:9388
- C:\Windows\System\ISvGPhw.exe
  C:\Windows\System\ISvGPhw.exe
  2⤵
  PID:9428
- C:\Windows\System\SIJcxoi.exe
  C:\Windows\System\SIJcxoi.exe
  2⤵
  PID:9488
- C:\Windows\System\VrgZRSO.exe
  C:\Windows\System\VrgZRSO.exe
  2⤵
  PID:9524
- C:\Windows\System\BrwrBNJ.exe
  C:\Windows\System\BrwrBNJ.exe
  2⤵
  PID:9528
- C:\Windows\System\vMCScXs.exe
  C:\Windows\System\vMCScXs.exe
  2⤵
  PID:9552
- C:\Windows\System\OwDborZ.exe
  C:\Windows\System\OwDborZ.exe
  2⤵
  PID:9588
- C:\Windows\System\KMgkVrO.exe
  C:\Windows\System\KMgkVrO.exe
  2⤵
  PID:9628
- C:\Windows\System\xrbiahF.exe
  C:\Windows\System\xrbiahF.exe
  2⤵
  PID:9664
- C:\Windows\System\tKQLnnB.exe
  C:\Windows\System\tKQLnnB.exe
  2⤵
  PID:9676
- C:\Windows\System\HuvElXf.exe
  C:\Windows\System\HuvElXf.exe
  2⤵
  PID:9732
- C:\Windows\System\nuLJUBG.exe
  C:\Windows\System\nuLJUBG.exe
  2⤵
  PID:9760
- C:\Windows\System\VhnbEGr.exe
  C:\Windows\System\VhnbEGr.exe
  2⤵
  PID:9812
- C:\Windows\System\gPHwBPH.exe
  C:\Windows\System\gPHwBPH.exe
  2⤵
  PID:9832
- C:\Windows\System\Wootxdr.exe
  C:\Windows\System\Wootxdr.exe
  2⤵
  PID:9908
- C:\Windows\System\efBfcrq.exe
  C:\Windows\System\efBfcrq.exe
  2⤵
  PID:9944
- C:\Windows\System\VXOXltu.exe
  C:\Windows\System\VXOXltu.exe
  2⤵
  PID:9964
- C:\Windows\System\vlkMafP.exe
  C:\Windows\System\vlkMafP.exe
  2⤵
  PID:9996
- C:\Windows\System\IGTnOyd.exe
  C:\Windows\System\IGTnOyd.exe
  2⤵
  PID:10044
- C:\Windows\System\VVsojUz.exe
  C:\Windows\System\VVsojUz.exe
  2⤵
  PID:10080
- C:\Windows\System\HvRpyRE.exe
  C:\Windows\System\HvRpyRE.exe
  2⤵
  PID:10112
- C:\Windows\System\uJSqqet.exe
  C:\Windows\System\uJSqqet.exe
  2⤵
  PID:10148
- C:\Windows\System\lhzHPHY.exe
  C:\Windows\System\lhzHPHY.exe
  2⤵
  PID:10188
- C:\Windows\System\UefGOMg.exe
  C:\Windows\System\UefGOMg.exe
  2⤵
  PID:10212
- C:\Windows\System\vmlNCyk.exe
  C:\Windows\System\vmlNCyk.exe
  2⤵
  PID:10216
- C:\Windows\System\ZLMabkh.exe
  C:\Windows\System\ZLMabkh.exe
  2⤵
  PID:9220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AFPmPXH.exe

Filesize
6.0MB

MD5
d153c45c79f9bb5f744f2b0d14a6a7a9

SHA1
aef55dd3c3a16267702e14f665481bdec16a231d

SHA256
c9c6c904a21a94e873d87a98d23136da18bc588a7907718be6d2150b59798e75

SHA512
810c57ba7b1fa4fd2b1b74e608cb4f52ca30478e3fa439269effa8d62183d5a213cf7c5c9041f6e694b19edce63d900a1068afd7e09697694bf9ed6278edf524

Download Submit
C:\Windows\system\ALfEEvI.exe

Filesize
6.0MB

MD5
c416a86edf3d3d86953f50113c1a0d4f

SHA1
3db512cc7a55be3cd590742c22430c7a230c1b1f

SHA256
68ad13795966107a18dcd23c981fa215e8a4c67a543941577582caac036c9061

SHA512
84aab89a4c4fa83fd2119816af002748687c7b398a76e1233f6f5247cff99b74f950224255dfd9b0322e796903bfd88e0f23be8523a7b85fd585187ebff10432

Download Submit
C:\Windows\system\DIUBNtl.exe

Filesize
6.0MB

MD5
594e6936b89d7af98c4f7192e1a09af6

SHA1
fc7fc9f7adf087c2d7b1237046013d57f26b68db

SHA256
f0922998ce507812dadc1db1272ea21b4ddc96b79b5fae69446ab090ba74a928

SHA512
60ba2bc26d9fdc1e6af4c19e851663a4beb661bc12d4a8d21b36c0757ccd6806465a0e577544392eac82c5e7e538e927163d4a4fb3d4108c84ffb0d4aaa3823f

Download Submit
C:\Windows\system\EJohKyx.exe

Filesize
6.0MB

MD5
801ede0932e6504730696c657122bee8

SHA1
51b4f713abbb311d84883c58091ddea66f058bb3

SHA256
29d5ba4483c920f3c4779c07d51ae717204c2cb94bfeed04685f5792c95ed44a

SHA512
69aea4e5472e4b86c4d33a16f6ff0b4ab864051e7a40826889a87392bd3ee982c86129b0865b48438d6489225d190ecd6eb4ca87f3d545fb931b58e62d4b0390

Download Submit
C:\Windows\system\GYtEWUR.exe

Filesize
6.0MB

MD5
c08c51daa446bd88d8bc30297e2ff47e

SHA1
f3e96820a4cef4e1fd7bc7593f5c2014510657bf

SHA256
00a3e7807652e597fa0ea46c534a002318d30f03706deb173805c55bb8702fbd

SHA512
fcbdc160bc9db576aec4ed19c3eb9aa49698acf988d15bc307c04eb43055a7dab08978ea826bc43572bdb8068acb90c1fa8b62352d03cae5c52df691a3176394

Download Submit
C:\Windows\system\IDYEOFi.exe

Filesize
6.0MB

MD5
f83262416c88882d2f4d3de0646c31f4

SHA1
813faf3fc813610e52766b36c10c6eccf3dc9c52

SHA256
da4b836a88e63ff23ce8cb46d25d4020ebe0a3f99d8cbbbf7e94bdf6f13e6750

SHA512
ae775c4a6645e2695e86e69aa166125ef206f82b2546f06427a77ac1c806f1d1d0eb8ef0b786ecde1564102b6a7251e0c5d88be940610211bcf25ee4b5b37fcd

Download Submit
C:\Windows\system\IxXPoiY.exe

Filesize
6.0MB

MD5
2627ba19007a50517a4cae5cdb245af5

SHA1
2bb908cdd86a5833e31593e319763455932ef4fd

SHA256
3f9423a149860177b6af99d6708cbf2075f0b3f4c283c8739d5a225751a51cd4

SHA512
f94a4c16f8a16a6c8fa7bfb47a83d6538a1e77ee03694184a8c91b86fac20d4a71392ddfb8e792b8d4d3852b31f0d671c4810666e8899c79ad6450f09ac7dd37

Download Submit
C:\Windows\system\NqowRWA.exe

Filesize
6.0MB

MD5
359c05d522b39e5412b7d74dfb9d6254

SHA1
64ce7ca57a58792af40c88cc1a8d7350488d4a49

SHA256
58170337d3b932b2f1f914e498ad3e296bca42acf736ea6d76a683b3733b5593

SHA512
2135eb689fc07d9dc9cb6dd12876f39bd614c14b71d4b711d0841e1a1b3c73d15faa856d788b97995e8276bf4368b0023fc7f0b0c20e248c03472e05fc7f7179

Download Submit
C:\Windows\system\QUCJeQd.exe

Filesize
6.0MB

MD5
3015319150a401b3ee07536630714930

SHA1
148cc45d599b0937cc826187dba6e51c2ff48061

SHA256
b6bee5bf64e18386579cdd8682a0a8bf16e604bd8ef66d21666e9ea3d112ef23

SHA512
237e83ae798bbb1ec433181472c3f08f98da13bf2f85c0edd967d8b69a7c14496278adad9f14fb1d50da1274679ea9a3f8ada246fe71aebd6fc89b83039cc772

Download Submit
C:\Windows\system\SvmZxLR.exe

Filesize
6.0MB

MD5
843513252cf64e3e695ddacf24dbc62c

SHA1
a56bd6b31502ed52fb6ac0c1a1e3d20d72ef3e0e

SHA256
3df69b72ea12718421c935e03f731823f0fdc29223a89a797417e2712e081f76

SHA512
edc027e6611e9d45bdd86713430e55adbe58fe135b07a26c250df5e00b4e10e44074f6f6351e26eb9c2647ef373c590ce0066338f50819084a855032c145a661

Download Submit
C:\Windows\system\UAcquSI.exe

Filesize
6.0MB

MD5
bdb994b6cb4d34acd3fa04d5251df6e9

SHA1
1211d923e1d38639eb5df364bda0a03f81f4e031

SHA256
de21d8d5388c6ae85053c7e191aae35d1bb25f5df32f5c2638963b6eaf9a792e

SHA512
e572d94a54f58005737266a8a7aeb46120b6be54bd064f2be68864919433196cad40142c8fa72076c010ef75d03d4adef7f6b8d45176fb5bd93ac1722cbc5175

Download Submit
C:\Windows\system\WqSOoeu.exe

Filesize
6.0MB

MD5
27ad8ab4acb2fa29c91831a753d5aea4

SHA1
7e4f73acb878aee8e0a0e1c5738976eb6a788c00

SHA256
3a6077ff3f134dafffc823814c0039ed5407ea385cb3fee27660e2a98d9313e3

SHA512
afe250002b26823af39f458afe6d610b54d31585b7b198eb926277d120a118dbb3ff0845ee49eeac6caafe2df92e96c20f375e311d9d24b50496e0b757b32e01

Download Submit
C:\Windows\system\XHHbTSg.exe

Filesize
6.0MB

MD5
ab3ff81189eb154eebcd0fb8f6fbf23f

SHA1
5e6232eeb6cc11d35097b5991677bde214eb853b

SHA256
2538187952e8badd397b7a9ee8a64ac8030503a7d7ef67684c88ed7d9ab0d154

SHA512
470049534bd1cb48353787f0c210f37fde03321b02b0de9c4cd14855663819c57a445b2757b8734af6491528dea950ec5939296e55a08157a6892fdac0418c95

Download Submit
C:\Windows\system\XQdVVgB.exe

Filesize
6.0MB

MD5
fcdd1a089a5afd2089e01e492391bb8d

SHA1
79e0f51a1c6bc44ec8b765a348670a6892cb16b9

SHA256
d39e263f056c0aab2bae7e99609d5ec7c12a96609b8526090714fecbdb90148f

SHA512
b47aa5f8786a3431e10cba5819e12e1b5dd10f5a70eb708e3d81e40ae63141fdf7d669b9e532898844f54418bc72178ed93bc2139fc2c7e5a3e2f43bb2c9b528

Download Submit
C:\Windows\system\XoJiJCr.exe

Filesize
6.0MB

MD5
fb8dda79d583e9577738faeb7817e84d

SHA1
6422d704f3aed6225e416113a1158ad4206c76bf

SHA256
b186ba50c1877e1b2839c7d2e213ff7f3b6c00eec3c6dbc644542fab4e681a48

SHA512
5e36e54ebe5ec238eb7d5548bfb45dd9764fbe7fbde444579d7997c2b441f90576dc940744c7845ebda16f73bcab4df3d7b6627efb6e8f47a96813469347d874

Download Submit
C:\Windows\system\ZTVGyMY.exe

Filesize
6.0MB

MD5
5dc1b07ba114bad54bbc83a6f6894b3d

SHA1
513a1f8378f768b633c95c21552404b2fde4eb14

SHA256
7468760929ff4b9bff32f246058674e41fffbc63b075f69f79f2b00c30581168

SHA512
af5d6944fac6ab32fa863f04606fdef2b90da4b4cab3a4a3dd19a784dbdba191b486603217b974369a1093fb2ff4a5c706a3fc0ba879682b4f8b5497e89dd0d8

Download Submit
C:\Windows\system\fnTaogv.exe

Filesize
6.0MB

MD5
181b44ce1ee9a938a83c8342cf8b02db

SHA1
b9fbf021152d9b276edb1f71e3d98f2d9aa060fa

SHA256
925572f1b7a2f8bf7bc0ed5c0078851de32781090ff427fa3c14ba6bf829f76b

SHA512
29709359d0dcac4689686d40f07cb03c29cb384a7dc38164c0c41700ffd4c34882af277899de60104c511736904b25a8fe4de185445e5610542c02f14fca878d

Download Submit
C:\Windows\system\hnYkJPX.exe

Filesize
6.0MB

MD5
342d0293eb260ab62cc34899f878f2a5

SHA1
eef6e8e57c162a879fd184ebc5465c2e71e1be63

SHA256
333df64bd72e0e0d57e62eb6373b407b864fc89778ae2aab27ce62e9339c6e0c

SHA512
b72a09026f33b5aca32326121f360d0c2b3d2cdb223d28df4278b607ba2fba834c84c1115de00acc7cf7ce1f4515a8448c54510402b53da71388c3204f3e0139

Download Submit
C:\Windows\system\mKosadk.exe

Filesize
6.0MB

MD5
0f67b5ae7e85c35deeedbfdc4eab7549

SHA1
98920482e1d3a9dc4193b265017c6c52209742ee

SHA256
ed80d2bca9489240085d204befeb6463159b5c7d46c865e34ffd8c7220b11c98

SHA512
dd425e52cec3a76756daabbc8e9ea2eb29e43066fa56f8f1c18013cbf478c71cd4a06c0a97167dcc32c59b2e5a502b5c3e37c0c28dd2a9fe8dccdfbf70e32224

Download Submit
C:\Windows\system\pDyAeMK.exe

Filesize
6.0MB

MD5
5ff3e3b6e9830c1424a0f9e7a1a82621

SHA1
25a62f5c5b80d901a6478ed2e8c4b13d42e63981

SHA256
2543f40a36dc90c4f352c7e520d178fba6711410cafab2cd3cfd00e9c40a095d

SHA512
2ba3b0f628bc71b508dcbb02215fcffda7faa9f7d40d70d09592142f426529813aff09b89179ecad208007491adf17a100d0847b9e14fcabf62a2a7d131713ff

Download Submit
C:\Windows\system\rMYbMKm.exe

Filesize
6.0MB

MD5
55a5d89533e2ccb65e13c7fa0ac9613d

SHA1
3b2abe7e32e58c5f5206f9912be11504b3de6753

SHA256
0e67a65a3a515d843f06542c36b435c51a7dd87e4c6f064b03d79c17d61f0bb7

SHA512
574ef9b3aba9b9ba81be73a9d8dc175a7df8cc0888ae44c1c715886731e4a92e2f9e7941efafaa75dc160d48348a7b6d804d007299083c83b4670ae0f2c3936f

Download Submit
C:\Windows\system\whuurNn.exe

Filesize
6.0MB

MD5
64bc0f9c877978b6918c67d83651fef9

SHA1
043f833f8e50a019d235889a4ef4db663146bdbe

SHA256
7ca5068ee9734c6dde70ad4a0f7a86ffe9ee7457550f6dbb3327dfe578840615

SHA512
a238246fe326b126df3f5385d2cd586779a3cdc452015a2a7d2ad27eeb341831938acbdbc8c1630f47d4fc6414eaec12a46c9e86cf31f58b02df2f3e3a9e111c

Download Submit
C:\Windows\system\xqVYrxy.exe

Filesize
6.0MB

MD5
646f39aff5691c89de8071a2bb956368

SHA1
0727710c380175f7af4a98ebe156055807185c50

SHA256
a24f3fe0d257d5d0dbf6c9da020208cafb023770128c4855fae293a4d97cbcbd

SHA512
b1c1479b761181bbfbfdbf5b0a17f8aa915c9680d0deff6a1df5d6bbd571e9430b8384fdd428b348622dd75e6aabd1be17e99cb3fd9cce93bfe0663aa3f58e8e

Download Submit
C:\Windows\system\yhFdAKZ.exe

Filesize
6.0MB

MD5
fdc699139eb8eafc4ad39688bdea33b1

SHA1
574536d81143a0d586cc56c452554c7030e86fb2

SHA256
5a2eb76b7b8262531622aa4a72642d5fe572560d14d6388fe3eef79d9781726b

SHA512
d650111f2595b017b6def280d1308f8039fb1f4a421746a1a44bf55099af61a4510c0224e9e6e74dfb7935928735bc49eb4a33b87a09e5f6815330a4fb18ff83

Download Submit
\Windows\system\HXahITp.exe

Filesize
6.0MB

MD5
30c1477909f7fcd13453e344720c6e30

SHA1
3e97590b6ec065347b289acc0fb01ad51789ab95

SHA256
1188e703e14edd6766dabf319f299de0de70402608d594172b7e658a21b25e61

SHA512
37fcaf8e05b6d73b41a0767bdc80910d73802b33e18dc7917eff133e71d35007b161d0f0b407a473e12c8cb7649d2491ed77c78e92189640ad76e86908f7751b

Download Submit
\Windows\system\IKWyAam.exe

Filesize
6.0MB

MD5
a24890160fc34279845b45f70a39aa6a

SHA1
96c13f6bfe828be14e2c1f4d4b68c6005f002441

SHA256
d8d9bab0bc800e7b3db8a174284e2004042eb95e264559ad3ba675aae9c38f9f

SHA512
06b1206c6e25eeb50eb3ddcb8b6631959c241b5c4920fe1f11a3e62f78094c7eabcc9c297f59f3323dafae41782597ec513ea0df5ffe50c78a88230dd6f0dd7a

Download Submit
\Windows\system\KZvfgXM.exe

Filesize
6.0MB

MD5
878928d023a14109ba273b5b3f560869

SHA1
5f23ec58e9cba6743f06b7e35c2107af96a1b3f8

SHA256
9373e830eddde61891747544936b683103182bb00a9aa3ec0494d7ff951370b7

SHA512
fa7fabac18dc2e173cad5b59fcdfb5e025d375d91fa40e474772e04f3f383a4b98e243bbda80b773b9ba88c7b1a167373a314cf25afba781f404bf4f11ad2347

Download Submit
\Windows\system\cddOVpR.exe

Filesize
6.0MB

MD5
e42a255ed1237f84c359cd539ce78054

SHA1
a3d884d55c526a846f28622938b509f881c7a2b9

SHA256
3b2c831cc8c8ed01f5d3f70f6cf774517b38d142ce24df91c0abc8fdf74580fc

SHA512
513e7958246299cfcfb9c6a5d283825932618648831b62892bb287d8267938a5cbc77ee1f0b45afe7d5746f9d6188e1ac5336f347aa5b28c957811e232571224

Download Submit
\Windows\system\eyoncbj.exe

Filesize
6.0MB

MD5
6e533d853e3cf85caac8ffd8d748ce52

SHA1
f1c478e215135b75f60291b927bcd1fd7404e077

SHA256
e514e0a56fade8b467f195124cbf3d77a7b08e81049e2ec49cef6fa3040d563b

SHA512
b4a14729f5169529c7c77f432fb3c5d37871858e59c2f786093d5c8f0dd6d9d04de333e9cb34892b40bc90494895513478f103899699cb89240efdb93ae11e9e

Download Submit
\Windows\system\mJnTzVO.exe

Filesize
6.0MB

MD5
ca5adb84e5ee0f0f331a31a994866840

SHA1
60d363e6b59c0eb3aa6de192dbff162da42240c2

SHA256
307e61b8bf27e50da2102a8da24e9b906761ee90b427fb73be08748a745f495e

SHA512
edcd63852ba1c29cee62ab44b97aae326b124f9b597e0739dc0851025ad569edac6e0f12ee2bed017ea92a484e0d50c98810a549ba28cec5c005c1a9e78af57b

Download Submit
\Windows\system\oezHAkV.exe

Filesize
6.0MB

MD5
4975535ffa8ddb7f218dfe205cefba20

SHA1
8c1f2bf5bc45ca8b57728db2b30deb162f4585d1

SHA256
52557169d986cf730fdbbe0627857b9c6ab52e76b9466d7c05374f6ee4073dd2

SHA512
baa748d4301d8e620ffa855a33e5a9ff3d2893b95412162c1f03d81ca22b68d4216e7ec1e560ddeb03fb2dfb7fe18a865a559924f6eea30292a94faafc7e22ab

Download Submit
\Windows\system\zYkBkPo.exe

Filesize
6.0MB

MD5
80c55e7c933d20f449d1dcc801553b32

SHA1
a8a92c16963aa955287ceefb673c10a87b3901cb

SHA256
0e97e05285f64d3d66cf7905755c13a87e1ee6449ab9b8a4c8a787e73f3aaead

SHA512
29386bdbf9b7e847ccd587fa3b54415563831308827098defae34e055d6f8c946079083300ac1a648f1e8c9cef6e2b74c73ed0e79dde0b91731d3a2938b7fe31

Download Submit
memory/548-74-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/548-145-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/548-1544-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/1072-98-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/1072-1542-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/1072-60-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/1572-104-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/1572-1547-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/1572-371-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/1612-1543-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/1612-66-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/1612-103-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/1928-248-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-1546-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-91-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2008-51-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2008-1541-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2008-90-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2088-1548-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-99-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-289-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2196-1545-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2196-83-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2196-182-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2632-73-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-1540-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-38-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-43-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-82-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-1539-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-1493-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2736-15-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2748-1528-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2748-44-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2748-21-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2768-1537-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-32-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-70-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2776-56-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-277-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-161-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2776-47-0x0000000002520000-0x0000000002874000-memory.dmp

Filesize
3.3MB

Download
memory/2776-79-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2776-78-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-36-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-87-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-109-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2776-215-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-69-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-42-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-0-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2776-31-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-111-0x0000000002520000-0x0000000002874000-memory.dmp

Filesize
3.3MB

Download
memory/2776-16-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2776-27-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-18-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2776-418-0x0000000002520000-0x0000000002874000-memory.dmp

Filesize
3.3MB

Download
memory/2776-6-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-30-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-14-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-1538-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download