cobaltstrike | b32d6b6a4a3a8f019317eeecc7231d81ada72a4d4159f309c70e6ccf81feea4b

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
21/03/2025, 08:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

f9d0e85ca356b27cd294dd70ffb636d9
SHA1

b05932ffcb7c0859a5795cc1bb4dec85017efbbf
SHA256

b32d6b6a4a3a8f019317eeecc7231d81ada72a4d4159f309c70e6ccf81feea4b
SHA512

a16248dc1697148661814021b16754dfdcd58a1445f7dbb442ccb94908de50b8a239146f1d173c324014de32fe965af404b5f803fae3b83f163dcd6257fd6f66
SSDEEP

98304:BemTLkNdfE0pZrt56utgpPFotBER/mQ32lUZ:Q+856utgpPF8u/7Z

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012280-3.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d41-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d59-15.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d79-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ec4-30.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f25-36.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4b-55.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d54-60.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d67-65.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dea-98.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017497-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018704-160.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f1-150.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f4-154.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ed-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e7-140.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001755b-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018686-133.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ecf-110.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001749c-125.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017049-115.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df3-105.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d18-96.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de8-91.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d9f-85.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d77-80.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6f-75.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6b-70.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001610d-50.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001604c-46.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f7b-41.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d81-26.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral1/memory/800-0-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/files/0x000b000000012280-3.dat	xmrig
behavioral1/files/0x0009000000015d41-11.dat	xmrig
behavioral1/files/0x0008000000015d59-15.dat	xmrig
behavioral1/files/0x0008000000015d79-21.dat	xmrig
behavioral1/files/0x0007000000015ec4-30.dat	xmrig
behavioral1/files/0x0007000000015f25-36.dat	xmrig
behavioral1/files/0x0006000000016d4b-55.dat	xmrig
behavioral1/files/0x0006000000016d54-60.dat	xmrig
behavioral1/files/0x0006000000016d67-65.dat	xmrig
behavioral1/files/0x0006000000016dea-98.dat	xmrig
behavioral1/files/0x0006000000017497-120.dat	xmrig
behavioral1/files/0x0005000000018704-160.dat	xmrig
behavioral1/files/0x00050000000186f1-150.dat	xmrig
behavioral1/files/0x00050000000186f4-154.dat	xmrig
behavioral1/files/0x00050000000186ed-145.dat	xmrig
behavioral1/files/0x00050000000186e7-140.dat	xmrig
behavioral1/files/0x000600000001755b-128.dat	xmrig
behavioral1/files/0x0005000000018686-133.dat	xmrig
behavioral1/files/0x0006000000016ecf-110.dat	xmrig
behavioral1/files/0x000600000001749c-125.dat	xmrig
behavioral1/files/0x0006000000017049-115.dat	xmrig
behavioral1/files/0x0006000000016df3-105.dat	xmrig
behavioral1/files/0x0009000000015d18-96.dat	xmrig
behavioral1/files/0x0006000000016de8-91.dat	xmrig
behavioral1/files/0x0006000000016d9f-85.dat	xmrig
behavioral1/files/0x0006000000016d77-80.dat	xmrig
behavioral1/files/0x0006000000016d6f-75.dat	xmrig
behavioral1/files/0x0006000000016d6b-70.dat	xmrig
behavioral1/files/0x000800000001610d-50.dat	xmrig
behavioral1/files/0x000800000001604c-46.dat	xmrig
behavioral1/files/0x0007000000015f7b-41.dat	xmrig
behavioral1/files/0x0008000000015d81-26.dat	xmrig
behavioral1/memory/2592-2252-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2332-2298-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/800-2335-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2600-2334-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/800-2367-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/2352-2365-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2792-2439-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/800-2440-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/2592-3948-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2792-3967-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/2164-3966-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/2352-3964-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2600-3962-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/800-3961-0x0000000002370000-0x00000000026C4000-memory.dmp	xmrig
behavioral1/memory/2332-3960-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/800-3943-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2592	lKTlQgS.exe
2332	NVmLIDQ.exe
2600	taGfGju.exe
2352	FhrksQA.exe
2164	ZMbdaiy.exe
2524	JewOtsk.exe
2872	FBciTvg.exe
3024	ElPmxhT.exe
2792	gclozkL.exe
1752	qVbVmEd.exe
2848	jLBYHLt.exe
2824	GoTRDmv.exe
2708	IEtNvEA.exe
2656	MeACGSX.exe
1840	weHSegY.exe
1732	lMTOxcF.exe
2144	FYFiKOa.exe
112	YkLhWyU.exe
2016	jnANVVN.exe
2720	JwhTTmC.exe
2120	wVCZcSR.exe
264	PWTYDTp.exe
1568	rOIEIUn.exe
2416	XloubPS.exe
2104	Sfmxpvw.exe
2408	WilQEut.exe
2700	tNhGKHs.exe
1876	ChJZvaj.exe
2156	tCCCvae.exe
1064	qPyvKWb.exe
1192	FyaAkay.exe
2640	AmmEZuV.exe
1476	WhdRaAE.exe
1016	zGkJWwm.exe
1420	rRdLuiY.exe
1996	dqNaNNo.exe
1888	kOUPeDJ.exe
1296	KwGTDMC.exe
1856	PLkbvHA.exe
1884	SckHeoL.exe
1240	ZbYLlyP.exe
2316	BGBaGGa.exe
744	qxwhQjJ.exe
2232	eURzADA.exe
1000	CaldqZW.exe
2424	BqTFfHK.exe
2584	EGOFAoP.exe
2580	IHdqmfR.exe
2380	SUrPLCz.exe
1976	xVzUuta.exe
1640	dCGoxET.exe
680	hotQxzx.exe
880	CPdOxio.exe
1988	ZRifAfc.exe
2044	ynBxvuJ.exe
2092	XontnoY.exe
2208	ZwhyIVd.exe
2088	PYpwZXh.exe
1188	pMGtjqY.exe
2296	wTymGOg.exe
2496	dLRwQIW.exe
2912	zrqKqwV.exe
3020	FjxNsSn.exe
2284	lnyjvws.exe

Loads dropped DLL 64 IoCs

pid	Process
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 45 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/800-0-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/files/0x000b000000012280-3.dat	upx
behavioral1/files/0x0009000000015d41-11.dat	upx
behavioral1/files/0x0008000000015d59-15.dat	upx
behavioral1/files/0x0008000000015d79-21.dat	upx
behavioral1/files/0x0007000000015ec4-30.dat	upx
behavioral1/files/0x0007000000015f25-36.dat	upx
behavioral1/files/0x0006000000016d4b-55.dat	upx
behavioral1/files/0x0006000000016d54-60.dat	upx
behavioral1/files/0x0006000000016d67-65.dat	upx
behavioral1/files/0x0006000000016dea-98.dat	upx
behavioral1/files/0x0006000000017497-120.dat	upx
behavioral1/files/0x0005000000018704-160.dat	upx
behavioral1/files/0x00050000000186f1-150.dat	upx
behavioral1/files/0x00050000000186f4-154.dat	upx
behavioral1/files/0x00050000000186ed-145.dat	upx
behavioral1/files/0x00050000000186e7-140.dat	upx
behavioral1/files/0x000600000001755b-128.dat	upx
behavioral1/files/0x0005000000018686-133.dat	upx
behavioral1/files/0x0006000000016ecf-110.dat	upx
behavioral1/files/0x000600000001749c-125.dat	upx
behavioral1/files/0x0006000000017049-115.dat	upx
behavioral1/files/0x0006000000016df3-105.dat	upx
behavioral1/files/0x0009000000015d18-96.dat	upx
behavioral1/files/0x0006000000016de8-91.dat	upx
behavioral1/files/0x0006000000016d9f-85.dat	upx
behavioral1/files/0x0006000000016d77-80.dat	upx
behavioral1/files/0x0006000000016d6f-75.dat	upx
behavioral1/files/0x0006000000016d6b-70.dat	upx
behavioral1/files/0x000800000001610d-50.dat	upx
behavioral1/files/0x000800000001604c-46.dat	upx
behavioral1/files/0x0007000000015f7b-41.dat	upx
behavioral1/files/0x0008000000015d81-26.dat	upx
behavioral1/memory/2592-2252-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2332-2298-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2600-2334-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2352-2365-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2792-2439-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/2592-3948-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2792-3967-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/2164-3966-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/2352-3964-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2600-3962-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2332-3960-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/800-3943-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\lfSfvaE.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MMIZtDP.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yvoHSlt.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aTITEPi.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EqSMkkx.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yeLJBnr.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ATFyRuN.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ynmTkxf.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jtYNqsn.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YkLhWyU.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZHEpBKn.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jdmbdRw.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AUFUmSO.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cFsDMkE.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aFEumnn.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WdKUTDy.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pJkaPuH.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xClgMir.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xJijuvj.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DBBrDav.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PtIwsrb.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\olUASxE.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FUtMflb.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eEXPgCK.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SyjpSZo.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FxsSkLw.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RMJDrpv.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ibCzgSP.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FAVZCHQ.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FOAJwrx.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\igiyEHk.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LkxOxao.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IUfNZmk.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZOAiWro.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JNRMiyQ.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zMUyGfs.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jnANVVN.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ifcFefZ.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pmtxfbH.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ArmTcUz.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\plHEgcr.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qZTcPnf.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yeguhVV.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZjPQTEY.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VqvdEmO.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eAbLjYR.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SVeotWj.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LJcVEma.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\szyjXNE.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CPhFFeV.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\beJbeNr.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CzgWguy.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kYRQnJp.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rNqYJoD.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CnRyBue.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\idSVEMx.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YDXAopZ.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lsFbnwP.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cioNLFl.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fEpfcHb.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ltYGEgM.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\njQhaQy.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qGtsBFw.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nbtVwrs.exe	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 800 wrote to memory of 2592	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 800 wrote to memory of 2592	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 800 wrote to memory of 2592	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 800 wrote to memory of 2332	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 800 wrote to memory of 2332	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 800 wrote to memory of 2332	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 800 wrote to memory of 2600	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 800 wrote to memory of 2600	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 800 wrote to memory of 2600	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 800 wrote to memory of 2352	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 800 wrote to memory of 2352	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 800 wrote to memory of 2352	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 800 wrote to memory of 2164	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 800 wrote to memory of 2164	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 800 wrote to memory of 2164	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 800 wrote to memory of 2524	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 800 wrote to memory of 2524	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 800 wrote to memory of 2524	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 800 wrote to memory of 2872	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 800 wrote to memory of 2872	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 800 wrote to memory of 2872	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 800 wrote to memory of 3024	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 800 wrote to memory of 3024	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 800 wrote to memory of 3024	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 800 wrote to memory of 2792	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 800 wrote to memory of 2792	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 800 wrote to memory of 2792	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 800 wrote to memory of 1752	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 800 wrote to memory of 1752	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 800 wrote to memory of 1752	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 800 wrote to memory of 2848	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 800 wrote to memory of 2848	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 800 wrote to memory of 2848	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 800 wrote to memory of 2824	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 800 wrote to memory of 2824	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 800 wrote to memory of 2824	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 800 wrote to memory of 2708	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 800 wrote to memory of 2708	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 800 wrote to memory of 2708	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 800 wrote to memory of 2656	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 800 wrote to memory of 2656	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 800 wrote to memory of 2656	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 800 wrote to memory of 1840	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 800 wrote to memory of 1840	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 800 wrote to memory of 1840	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 800 wrote to memory of 1732	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 800 wrote to memory of 1732	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 800 wrote to memory of 1732	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 800 wrote to memory of 2144	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 800 wrote to memory of 2144	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 800 wrote to memory of 2144	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 800 wrote to memory of 112	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 800 wrote to memory of 112	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 800 wrote to memory of 112	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 800 wrote to memory of 2016	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 800 wrote to memory of 2016	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 800 wrote to memory of 2016	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 800 wrote to memory of 2720	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 800 wrote to memory of 2720	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 800 wrote to memory of 2720	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 800 wrote to memory of 2120	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 800 wrote to memory of 2120	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 800 wrote to memory of 2120	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 800 wrote to memory of 264	800	2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-21_f9d0e85ca356b27cd294dd70ffb636d9_amadey_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:800
- C:\Windows\System\lKTlQgS.exe
  C:\Windows\System\lKTlQgS.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\NVmLIDQ.exe
  C:\Windows\System\NVmLIDQ.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\taGfGju.exe
  C:\Windows\System\taGfGju.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\FhrksQA.exe
  C:\Windows\System\FhrksQA.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\ZMbdaiy.exe
  C:\Windows\System\ZMbdaiy.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\JewOtsk.exe
  C:\Windows\System\JewOtsk.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\FBciTvg.exe
  C:\Windows\System\FBciTvg.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\ElPmxhT.exe
  C:\Windows\System\ElPmxhT.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\gclozkL.exe
  C:\Windows\System\gclozkL.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\qVbVmEd.exe
  C:\Windows\System\qVbVmEd.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\jLBYHLt.exe
  C:\Windows\System\jLBYHLt.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\GoTRDmv.exe
  C:\Windows\System\GoTRDmv.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\IEtNvEA.exe
  C:\Windows\System\IEtNvEA.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\MeACGSX.exe
  C:\Windows\System\MeACGSX.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\weHSegY.exe
  C:\Windows\System\weHSegY.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\lMTOxcF.exe
  C:\Windows\System\lMTOxcF.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\FYFiKOa.exe
  C:\Windows\System\FYFiKOa.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\YkLhWyU.exe
  C:\Windows\System\YkLhWyU.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\jnANVVN.exe
  C:\Windows\System\jnANVVN.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\JwhTTmC.exe
  C:\Windows\System\JwhTTmC.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\wVCZcSR.exe
  C:\Windows\System\wVCZcSR.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\PWTYDTp.exe
  C:\Windows\System\PWTYDTp.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\rOIEIUn.exe
  C:\Windows\System\rOIEIUn.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\XloubPS.exe
  C:\Windows\System\XloubPS.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\Sfmxpvw.exe
  C:\Windows\System\Sfmxpvw.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\tNhGKHs.exe
  C:\Windows\System\tNhGKHs.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\WilQEut.exe
  C:\Windows\System\WilQEut.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\ChJZvaj.exe
  C:\Windows\System\ChJZvaj.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\tCCCvae.exe
  C:\Windows\System\tCCCvae.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\qPyvKWb.exe
  C:\Windows\System\qPyvKWb.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\FyaAkay.exe
  C:\Windows\System\FyaAkay.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\AmmEZuV.exe
  C:\Windows\System\AmmEZuV.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\WhdRaAE.exe
  C:\Windows\System\WhdRaAE.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\zGkJWwm.exe
  C:\Windows\System\zGkJWwm.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\rRdLuiY.exe
  C:\Windows\System\rRdLuiY.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\dqNaNNo.exe
  C:\Windows\System\dqNaNNo.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\kOUPeDJ.exe
  C:\Windows\System\kOUPeDJ.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\KwGTDMC.exe
  C:\Windows\System\KwGTDMC.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\PLkbvHA.exe
  C:\Windows\System\PLkbvHA.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\SckHeoL.exe
  C:\Windows\System\SckHeoL.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\ZbYLlyP.exe
  C:\Windows\System\ZbYLlyP.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\qxwhQjJ.exe
  C:\Windows\System\qxwhQjJ.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\BGBaGGa.exe
  C:\Windows\System\BGBaGGa.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\eURzADA.exe
  C:\Windows\System\eURzADA.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\CaldqZW.exe
  C:\Windows\System\CaldqZW.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\BqTFfHK.exe
  C:\Windows\System\BqTFfHK.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\EGOFAoP.exe
  C:\Windows\System\EGOFAoP.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\IHdqmfR.exe
  C:\Windows\System\IHdqmfR.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\SUrPLCz.exe
  C:\Windows\System\SUrPLCz.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\xVzUuta.exe
  C:\Windows\System\xVzUuta.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\dCGoxET.exe
  C:\Windows\System\dCGoxET.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\hotQxzx.exe
  C:\Windows\System\hotQxzx.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\CPdOxio.exe
  C:\Windows\System\CPdOxio.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\ZRifAfc.exe
  C:\Windows\System\ZRifAfc.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\ynBxvuJ.exe
  C:\Windows\System\ynBxvuJ.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\XontnoY.exe
  C:\Windows\System\XontnoY.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\ZwhyIVd.exe
  C:\Windows\System\ZwhyIVd.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\PYpwZXh.exe
  C:\Windows\System\PYpwZXh.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\pMGtjqY.exe
  C:\Windows\System\pMGtjqY.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\wTymGOg.exe
  C:\Windows\System\wTymGOg.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\dLRwQIW.exe
  C:\Windows\System\dLRwQIW.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\zrqKqwV.exe
  C:\Windows\System\zrqKqwV.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\FjxNsSn.exe
  C:\Windows\System\FjxNsSn.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\lnyjvws.exe
  C:\Windows\System\lnyjvws.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\onBoQrL.exe
  C:\Windows\System\onBoQrL.exe
  2⤵
  PID:2828
- C:\Windows\System\fggvpGp.exe
  C:\Windows\System\fggvpGp.exe
  2⤵
  PID:2724
- C:\Windows\System\IDSpUmO.exe
  C:\Windows\System\IDSpUmO.exe
  2⤵
  PID:2140
- C:\Windows\System\pjlZFBE.exe
  C:\Windows\System\pjlZFBE.exe
  2⤵
  PID:1512
- C:\Windows\System\tWKoZrr.exe
  C:\Windows\System\tWKoZrr.exe
  2⤵
  PID:1672
- C:\Windows\System\chMdkxU.exe
  C:\Windows\System\chMdkxU.exe
  2⤵
  PID:1656
- C:\Windows\System\lWlvZSY.exe
  C:\Windows\System\lWlvZSY.exe
  2⤵
  PID:2436
- C:\Windows\System\lUcTwGM.exe
  C:\Windows\System\lUcTwGM.exe
  2⤵
  PID:2916
- C:\Windows\System\fTDYjFO.exe
  C:\Windows\System\fTDYjFO.exe
  2⤵
  PID:1660
- C:\Windows\System\PRSShbQ.exe
  C:\Windows\System\PRSShbQ.exe
  2⤵
  PID:2168
- C:\Windows\System\xnWxYHe.exe
  C:\Windows\System\xnWxYHe.exe
  2⤵
  PID:1740
- C:\Windows\System\xvANjSg.exe
  C:\Windows\System\xvANjSg.exe
  2⤵
  PID:2952
- C:\Windows\System\eMnGjpO.exe
  C:\Windows\System\eMnGjpO.exe
  2⤵
  PID:1084
- C:\Windows\System\Hayyocn.exe
  C:\Windows\System\Hayyocn.exe
  2⤵
  PID:676
- C:\Windows\System\ncdTmyu.exe
  C:\Windows\System\ncdTmyu.exe
  2⤵
  PID:2252
- C:\Windows\System\mcdoQwO.exe
  C:\Windows\System\mcdoQwO.exe
  2⤵
  PID:1312
- C:\Windows\System\dJzehLa.exe
  C:\Windows\System\dJzehLa.exe
  2⤵
  PID:1244
- C:\Windows\System\GIiHVuq.exe
  C:\Windows\System\GIiHVuq.exe
  2⤵
  PID:1880
- C:\Windows\System\vfcXoAj.exe
  C:\Windows\System\vfcXoAj.exe
  2⤵
  PID:2180
- C:\Windows\System\skkvvNW.exe
  C:\Windows\System\skkvvNW.exe
  2⤵
  PID:2432
- C:\Windows\System\XiuJNbf.exe
  C:\Windows\System\XiuJNbf.exe
  2⤵
  PID:2532
- C:\Windows\System\YJqYKZT.exe
  C:\Windows\System\YJqYKZT.exe
  2⤵
  PID:1668
- C:\Windows\System\eAFLjpZ.exe
  C:\Windows\System\eAFLjpZ.exe
  2⤵
  PID:2400
- C:\Windows\System\PSLgBhb.exe
  C:\Windows\System\PSLgBhb.exe
  2⤵
  PID:2324
- C:\Windows\System\kjNLFJC.exe
  C:\Windows\System\kjNLFJC.exe
  2⤵
  PID:2128
- C:\Windows\System\bnGOpco.exe
  C:\Windows\System\bnGOpco.exe
  2⤵
  PID:2160
- C:\Windows\System\RQgAsQn.exe
  C:\Windows\System\RQgAsQn.exe
  2⤵
  PID:1528
- C:\Windows\System\sdivszn.exe
  C:\Windows\System\sdivszn.exe
  2⤵
  PID:1892
- C:\Windows\System\HmqROoE.exe
  C:\Windows\System\HmqROoE.exe
  2⤵
  PID:1532
- C:\Windows\System\YFEpoBK.exe
  C:\Windows\System\YFEpoBK.exe
  2⤵
  PID:2884
- C:\Windows\System\lwjGkNi.exe
  C:\Windows\System\lwjGkNi.exe
  2⤵
  PID:2924
- C:\Windows\System\BCKXiqR.exe
  C:\Windows\System\BCKXiqR.exe
  2⤵
  PID:2664
- C:\Windows\System\qoYQkis.exe
  C:\Windows\System\qoYQkis.exe
  2⤵
  PID:2480
- C:\Windows\System\etMutUm.exe
  C:\Windows\System\etMutUm.exe
  2⤵
  PID:2704
- C:\Windows\System\LGEHXGX.exe
  C:\Windows\System\LGEHXGX.exe
  2⤵
  PID:1552
- C:\Windows\System\COjQIVq.exe
  C:\Windows\System\COjQIVq.exe
  2⤵
  PID:1408
- C:\Windows\System\DVfipHw.exe
  C:\Windows\System\DVfipHw.exe
  2⤵
  PID:108
- C:\Windows\System\DdzjANs.exe
  C:\Windows\System\DdzjANs.exe
  2⤵
  PID:448
- C:\Windows\System\uYAKlcX.exe
  C:\Windows\System\uYAKlcX.exe
  2⤵
  PID:2756
- C:\Windows\System\cvmVUSj.exe
  C:\Windows\System\cvmVUSj.exe
  2⤵
  PID:1352
- C:\Windows\System\DzVXMkS.exe
  C:\Windows\System\DzVXMkS.exe
  2⤵
  PID:944
- C:\Windows\System\MWTaYUF.exe
  C:\Windows\System\MWTaYUF.exe
  2⤵
  PID:2304
- C:\Windows\System\DzyXfso.exe
  C:\Windows\System\DzyXfso.exe
  2⤵
  PID:1692
- C:\Windows\System\EzAiIsU.exe
  C:\Windows\System\EzAiIsU.exe
  2⤵
  PID:1896
- C:\Windows\System\SNNIeiL.exe
  C:\Windows\System\SNNIeiL.exe
  2⤵
  PID:1644
- C:\Windows\System\fjYEgJW.exe
  C:\Windows\System\fjYEgJW.exe
  2⤵
  PID:972
- C:\Windows\System\XbpKyaj.exe
  C:\Windows\System\XbpKyaj.exe
  2⤵
  PID:2624
- C:\Windows\System\tdAfBKC.exe
  C:\Windows\System\tdAfBKC.exe
  2⤵
  PID:1772
- C:\Windows\System\rTeQEht.exe
  C:\Windows\System\rTeQEht.exe
  2⤵
  PID:1808
- C:\Windows\System\QxxAraD.exe
  C:\Windows\System\QxxAraD.exe
  2⤵
  PID:2680
- C:\Windows\System\PJlAayE.exe
  C:\Windows\System\PJlAayE.exe
  2⤵
  PID:3084
- C:\Windows\System\VGRoCKj.exe
  C:\Windows\System\VGRoCKj.exe
  2⤵
  PID:3108
- C:\Windows\System\kGcOGOC.exe
  C:\Windows\System\kGcOGOC.exe
  2⤵
  PID:3124
- C:\Windows\System\SiuEwhd.exe
  C:\Windows\System\SiuEwhd.exe
  2⤵
  PID:3144
- C:\Windows\System\PqZLWoX.exe
  C:\Windows\System\PqZLWoX.exe
  2⤵
  PID:3160
- C:\Windows\System\ZDwpTfR.exe
  C:\Windows\System\ZDwpTfR.exe
  2⤵
  PID:3184
- C:\Windows\System\KRvwsAn.exe
  C:\Windows\System\KRvwsAn.exe
  2⤵
  PID:3204
- C:\Windows\System\RfvIcTe.exe
  C:\Windows\System\RfvIcTe.exe
  2⤵
  PID:3224
- C:\Windows\System\cDtpoWD.exe
  C:\Windows\System\cDtpoWD.exe
  2⤵
  PID:3244
- C:\Windows\System\BjmeXNw.exe
  C:\Windows\System\BjmeXNw.exe
  2⤵
  PID:3264
- C:\Windows\System\lHzhaiM.exe
  C:\Windows\System\lHzhaiM.exe
  2⤵
  PID:3288
- C:\Windows\System\fZMbwEQ.exe
  C:\Windows\System\fZMbwEQ.exe
  2⤵
  PID:3304
- C:\Windows\System\aQEviod.exe
  C:\Windows\System\aQEviod.exe
  2⤵
  PID:3320
- C:\Windows\System\BYFmEzY.exe
  C:\Windows\System\BYFmEzY.exe
  2⤵
  PID:3340
- C:\Windows\System\pYulCFG.exe
  C:\Windows\System\pYulCFG.exe
  2⤵
  PID:3360
- C:\Windows\System\cCiqHmc.exe
  C:\Windows\System\cCiqHmc.exe
  2⤵
  PID:3384
- C:\Windows\System\ibCzgSP.exe
  C:\Windows\System\ibCzgSP.exe
  2⤵
  PID:3404
- C:\Windows\System\yVgDCdl.exe
  C:\Windows\System\yVgDCdl.exe
  2⤵
  PID:3428
- C:\Windows\System\cucriJD.exe
  C:\Windows\System\cucriJD.exe
  2⤵
  PID:3448
- C:\Windows\System\xshVyVE.exe
  C:\Windows\System\xshVyVE.exe
  2⤵
  PID:3468
- C:\Windows\System\ngEdjon.exe
  C:\Windows\System\ngEdjon.exe
  2⤵
  PID:3488
- C:\Windows\System\kTEjHsP.exe
  C:\Windows\System\kTEjHsP.exe
  2⤵
  PID:3504
- C:\Windows\System\sPnyNgh.exe
  C:\Windows\System\sPnyNgh.exe
  2⤵
  PID:3524
- C:\Windows\System\UElnOKl.exe
  C:\Windows\System\UElnOKl.exe
  2⤵
  PID:3548
- C:\Windows\System\mGmCiQt.exe
  C:\Windows\System\mGmCiQt.exe
  2⤵
  PID:3568
- C:\Windows\System\SGneTEY.exe
  C:\Windows\System\SGneTEY.exe
  2⤵
  PID:3588
- C:\Windows\System\kOtfJzz.exe
  C:\Windows\System\kOtfJzz.exe
  2⤵
  PID:3608
- C:\Windows\System\wEqTMnT.exe
  C:\Windows\System\wEqTMnT.exe
  2⤵
  PID:3628
- C:\Windows\System\vXNESjU.exe
  C:\Windows\System\vXNESjU.exe
  2⤵
  PID:3644
- C:\Windows\System\zzUpdQk.exe
  C:\Windows\System\zzUpdQk.exe
  2⤵
  PID:3660
- C:\Windows\System\zeHEIpb.exe
  C:\Windows\System\zeHEIpb.exe
  2⤵
  PID:3688
- C:\Windows\System\TLjgNIV.exe
  C:\Windows\System\TLjgNIV.exe
  2⤵
  PID:3708
- C:\Windows\System\zykAUzX.exe
  C:\Windows\System\zykAUzX.exe
  2⤵
  PID:3724
- C:\Windows\System\YpWNBwL.exe
  C:\Windows\System\YpWNBwL.exe
  2⤵
  PID:3748
- C:\Windows\System\JrFRixS.exe
  C:\Windows\System\JrFRixS.exe
  2⤵
  PID:3768
- C:\Windows\System\GEvWAuV.exe
  C:\Windows\System\GEvWAuV.exe
  2⤵
  PID:3784
- C:\Windows\System\yXZcdcg.exe
  C:\Windows\System\yXZcdcg.exe
  2⤵
  PID:3800
- C:\Windows\System\zlNWnEC.exe
  C:\Windows\System\zlNWnEC.exe
  2⤵
  PID:3828
- C:\Windows\System\DRaccaA.exe
  C:\Windows\System\DRaccaA.exe
  2⤵
  PID:3848
- C:\Windows\System\NzkKJxP.exe
  C:\Windows\System\NzkKJxP.exe
  2⤵
  PID:3864
- C:\Windows\System\PMkEiWQ.exe
  C:\Windows\System\PMkEiWQ.exe
  2⤵
  PID:3884
- C:\Windows\System\HFxjRPK.exe
  C:\Windows\System\HFxjRPK.exe
  2⤵
  PID:3904
- C:\Windows\System\UVWQpjx.exe
  C:\Windows\System\UVWQpjx.exe
  2⤵
  PID:3928
- C:\Windows\System\CrtwprK.exe
  C:\Windows\System\CrtwprK.exe
  2⤵
  PID:3948
- C:\Windows\System\TzfBTOO.exe
  C:\Windows\System\TzfBTOO.exe
  2⤵
  PID:3968
- C:\Windows\System\UhFVDKW.exe
  C:\Windows\System\UhFVDKW.exe
  2⤵
  PID:3988
- C:\Windows\System\DDyykcs.exe
  C:\Windows\System\DDyykcs.exe
  2⤵
  PID:4008
- C:\Windows\System\ZSMbOFV.exe
  C:\Windows\System\ZSMbOFV.exe
  2⤵
  PID:4028
- C:\Windows\System\XpmDtKT.exe
  C:\Windows\System\XpmDtKT.exe
  2⤵
  PID:4048
- C:\Windows\System\nLwPCkY.exe
  C:\Windows\System\nLwPCkY.exe
  2⤵
  PID:4068
- C:\Windows\System\KvCoCOJ.exe
  C:\Windows\System\KvCoCOJ.exe
  2⤵
  PID:4088
- C:\Windows\System\IGaQXUW.exe
  C:\Windows\System\IGaQXUW.exe
  2⤵
  PID:1496
- C:\Windows\System\mTlzfjf.exe
  C:\Windows\System\mTlzfjf.exe
  2⤵
  PID:1104
- C:\Windows\System\NYFfigM.exe
  C:\Windows\System\NYFfigM.exe
  2⤵
  PID:1396
- C:\Windows\System\yvoHSlt.exe
  C:\Windows\System\yvoHSlt.exe
  2⤵
  PID:904
- C:\Windows\System\wrqLWSP.exe
  C:\Windows\System\wrqLWSP.exe
  2⤵
  PID:1984
- C:\Windows\System\InisiPk.exe
  C:\Windows\System\InisiPk.exe
  2⤵
  PID:2476
- C:\Windows\System\wSiOQwt.exe
  C:\Windows\System\wSiOQwt.exe
  2⤵
  PID:2536
- C:\Windows\System\trFvagC.exe
  C:\Windows\System\trFvagC.exe
  2⤵
  PID:1972
- C:\Windows\System\eEXPgCK.exe
  C:\Windows\System\eEXPgCK.exe
  2⤵
  PID:1872
- C:\Windows\System\IceVOGA.exe
  C:\Windows\System\IceVOGA.exe
  2⤵
  PID:2236
- C:\Windows\System\NJvcmUq.exe
  C:\Windows\System\NJvcmUq.exe
  2⤵
  PID:2368
- C:\Windows\System\xmorYXT.exe
  C:\Windows\System\xmorYXT.exe
  2⤵
  PID:3096
- C:\Windows\System\nOnfSwK.exe
  C:\Windows\System\nOnfSwK.exe
  2⤵
  PID:3104
- C:\Windows\System\UPLDAVf.exe
  C:\Windows\System\UPLDAVf.exe
  2⤵
  PID:3172
- C:\Windows\System\ShjXpfJ.exe
  C:\Windows\System\ShjXpfJ.exe
  2⤵
  PID:3120
- C:\Windows\System\KoECwWq.exe
  C:\Windows\System\KoECwWq.exe
  2⤵
  PID:3152
- C:\Windows\System\VrozwsN.exe
  C:\Windows\System\VrozwsN.exe
  2⤵
  PID:3256
- C:\Windows\System\apgakhu.exe
  C:\Windows\System\apgakhu.exe
  2⤵
  PID:3232
- C:\Windows\System\WmMwISv.exe
  C:\Windows\System\WmMwISv.exe
  2⤵
  PID:3332
- C:\Windows\System\raSfjSN.exe
  C:\Windows\System\raSfjSN.exe
  2⤵
  PID:3368
- C:\Windows\System\GJNktbi.exe
  C:\Windows\System\GJNktbi.exe
  2⤵
  PID:3316
- C:\Windows\System\lllMqPR.exe
  C:\Windows\System\lllMqPR.exe
  2⤵
  PID:3420
- C:\Windows\System\DrctLOj.exe
  C:\Windows\System\DrctLOj.exe
  2⤵
  PID:3416
- C:\Windows\System\sJcSkJI.exe
  C:\Windows\System\sJcSkJI.exe
  2⤵
  PID:3460
- C:\Windows\System\MMIZtDP.exe
  C:\Windows\System\MMIZtDP.exe
  2⤵
  PID:3484
- C:\Windows\System\whlnKsn.exe
  C:\Windows\System\whlnKsn.exe
  2⤵
  PID:3520
- C:\Windows\System\RMJDrpv.exe
  C:\Windows\System\RMJDrpv.exe
  2⤵
  PID:3584
- C:\Windows\System\qOZvsCw.exe
  C:\Windows\System\qOZvsCw.exe
  2⤵
  PID:3604
- C:\Windows\System\hCwhmPh.exe
  C:\Windows\System\hCwhmPh.exe
  2⤵
  PID:3620
- C:\Windows\System\PCDYkiO.exe
  C:\Windows\System\PCDYkiO.exe
  2⤵
  PID:3676
- C:\Windows\System\EQKjmjB.exe
  C:\Windows\System\EQKjmjB.exe
  2⤵
  PID:3704
- C:\Windows\System\eCvWTHl.exe
  C:\Windows\System\eCvWTHl.exe
  2⤵
  PID:3720
- C:\Windows\System\LEFbfDd.exe
  C:\Windows\System\LEFbfDd.exe
  2⤵
  PID:3780
- C:\Windows\System\JfZBEMn.exe
  C:\Windows\System\JfZBEMn.exe
  2⤵
  PID:3820
- C:\Windows\System\LkxOxao.exe
  C:\Windows\System\LkxOxao.exe
  2⤵
  PID:3836
- C:\Windows\System\GkNKreY.exe
  C:\Windows\System\GkNKreY.exe
  2⤵
  PID:3840
- C:\Windows\System\oCgIYmh.exe
  C:\Windows\System\oCgIYmh.exe
  2⤵
  PID:3880
- C:\Windows\System\bfTGdJO.exe
  C:\Windows\System\bfTGdJO.exe
  2⤵
  PID:3920
- C:\Windows\System\kRTluBN.exe
  C:\Windows\System\kRTluBN.exe
  2⤵
  PID:3984
- C:\Windows\System\YDXAopZ.exe
  C:\Windows\System\YDXAopZ.exe
  2⤵
  PID:3996
- C:\Windows\System\JZABwSf.exe
  C:\Windows\System\JZABwSf.exe
  2⤵
  PID:4000
- C:\Windows\System\MiAkwSy.exe
  C:\Windows\System\MiAkwSy.exe
  2⤵
  PID:4044
- C:\Windows\System\PcbBmhM.exe
  C:\Windows\System\PcbBmhM.exe
  2⤵
  PID:2260
- C:\Windows\System\CwVwtbz.exe
  C:\Windows\System\CwVwtbz.exe
  2⤵
  PID:948
- C:\Windows\System\DATJaeL.exe
  C:\Windows\System\DATJaeL.exe
  2⤵
  PID:2204
- C:\Windows\System\CPhFFeV.exe
  C:\Windows\System\CPhFFeV.exe
  2⤵
  PID:2320
- C:\Windows\System\SuFgXdj.exe
  C:\Windows\System\SuFgXdj.exe
  2⤵
  PID:988
- C:\Windows\System\Wdpspnf.exe
  C:\Windows\System\Wdpspnf.exe
  2⤵
  PID:1912
- C:\Windows\System\pUmGwJA.exe
  C:\Windows\System\pUmGwJA.exe
  2⤵
  PID:1536
- C:\Windows\System\HXuizia.exe
  C:\Windows\System\HXuizia.exe
  2⤵
  PID:2776
- C:\Windows\System\dKUbSHH.exe
  C:\Windows\System\dKUbSHH.exe
  2⤵
  PID:3076
- C:\Windows\System\bKhuDKa.exe
  C:\Windows\System\bKhuDKa.exe
  2⤵
  PID:3300
- C:\Windows\System\qaSiSLI.exe
  C:\Windows\System\qaSiSLI.exe
  2⤵
  PID:3272
- C:\Windows\System\MzAXQyG.exe
  C:\Windows\System\MzAXQyG.exe
  2⤵
  PID:3284
- C:\Windows\System\XKzYRCm.exe
  C:\Windows\System\XKzYRCm.exe
  2⤵
  PID:3392
- C:\Windows\System\EWumDuM.exe
  C:\Windows\System\EWumDuM.exe
  2⤵
  PID:3396
- C:\Windows\System\SGkpCvF.exe
  C:\Windows\System\SGkpCvF.exe
  2⤵
  PID:3440
- C:\Windows\System\FWJyZiy.exe
  C:\Windows\System\FWJyZiy.exe
  2⤵
  PID:3544
- C:\Windows\System\DyFuWsu.exe
  C:\Windows\System\DyFuWsu.exe
  2⤵
  PID:3536
- C:\Windows\System\NYytosY.exe
  C:\Windows\System\NYytosY.exe
  2⤵
  PID:3580
- C:\Windows\System\DCBsfmF.exe
  C:\Windows\System\DCBsfmF.exe
  2⤵
  PID:3696
- C:\Windows\System\izQmNvV.exe
  C:\Windows\System\izQmNvV.exe
  2⤵
  PID:3744
- C:\Windows\System\KxXbEqn.exe
  C:\Windows\System\KxXbEqn.exe
  2⤵
  PID:3812
- C:\Windows\System\crgfYXz.exe
  C:\Windows\System\crgfYXz.exe
  2⤵
  PID:3872
- C:\Windows\System\GcHfCyR.exe
  C:\Windows\System\GcHfCyR.exe
  2⤵
  PID:3916
- C:\Windows\System\oRJGHlS.exe
  C:\Windows\System\oRJGHlS.exe
  2⤵
  PID:3964
- C:\Windows\System\qNYQeeU.exe
  C:\Windows\System\qNYQeeU.exe
  2⤵
  PID:1524
- C:\Windows\System\LpZKzgc.exe
  C:\Windows\System\LpZKzgc.exe
  2⤵
  PID:4064
- C:\Windows\System\cNdjUcj.exe
  C:\Windows\System\cNdjUcj.exe
  2⤵
  PID:1508
- C:\Windows\System\webgZGC.exe
  C:\Windows\System\webgZGC.exe
  2⤵
  PID:2816
- C:\Windows\System\saicSaO.exe
  C:\Windows\System\saicSaO.exe
  2⤵
  PID:896
- C:\Windows\System\vLRODCf.exe
  C:\Windows\System\vLRODCf.exe
  2⤵
  PID:3140
- C:\Windows\System\RuVtAGi.exe
  C:\Windows\System\RuVtAGi.exe
  2⤵
  PID:3092
- C:\Windows\System\txqpCkA.exe
  C:\Windows\System\txqpCkA.exe
  2⤵
  PID:3280
- C:\Windows\System\BAWNEwn.exe
  C:\Windows\System\BAWNEwn.exe
  2⤵
  PID:3276
- C:\Windows\System\NvnHfAd.exe
  C:\Windows\System\NvnHfAd.exe
  2⤵
  PID:3500
- C:\Windows\System\pzGNOWm.exe
  C:\Windows\System\pzGNOWm.exe
  2⤵
  PID:3560
- C:\Windows\System\tQtegpo.exe
  C:\Windows\System\tQtegpo.exe
  2⤵
  PID:3512
- C:\Windows\System\QRgDQQc.exe
  C:\Windows\System\QRgDQQc.exe
  2⤵
  PID:3680
- C:\Windows\System\TYYNsCg.exe
  C:\Windows\System\TYYNsCg.exe
  2⤵
  PID:3816
- C:\Windows\System\YSVzqnS.exe
  C:\Windows\System\YSVzqnS.exe
  2⤵
  PID:3944
- C:\Windows\System\xJgYBAs.exe
  C:\Windows\System\xJgYBAs.exe
  2⤵
  PID:3956
- C:\Windows\System\beJbeNr.exe
  C:\Windows\System\beJbeNr.exe
  2⤵
  PID:4040
- C:\Windows\System\GpgYFnH.exe
  C:\Windows\System\GpgYFnH.exe
  2⤵
  PID:3000
- C:\Windows\System\bmbbPbA.exe
  C:\Windows\System\bmbbPbA.exe
  2⤵
  PID:1980
- C:\Windows\System\eVBDpJE.exe
  C:\Windows\System\eVBDpJE.exe
  2⤵
  PID:3260
- C:\Windows\System\iIpRmWH.exe
  C:\Windows\System\iIpRmWH.exe
  2⤵
  PID:3220
- C:\Windows\System\aKXGsxK.exe
  C:\Windows\System\aKXGsxK.exe
  2⤵
  PID:4116
- C:\Windows\System\WXeNlRy.exe
  C:\Windows\System\WXeNlRy.exe
  2⤵
  PID:4132
- C:\Windows\System\njQhaQy.exe
  C:\Windows\System\njQhaQy.exe
  2⤵
  PID:4156
- C:\Windows\System\LatdOZQ.exe
  C:\Windows\System\LatdOZQ.exe
  2⤵
  PID:4172
- C:\Windows\System\pMNbJFK.exe
  C:\Windows\System\pMNbJFK.exe
  2⤵
  PID:4196
- C:\Windows\System\gJGwSgg.exe
  C:\Windows\System\gJGwSgg.exe
  2⤵
  PID:4216
- C:\Windows\System\nfbhaTk.exe
  C:\Windows\System\nfbhaTk.exe
  2⤵
  PID:4236
- C:\Windows\System\gsWQEYS.exe
  C:\Windows\System\gsWQEYS.exe
  2⤵
  PID:4256
- C:\Windows\System\UIOcqGJ.exe
  C:\Windows\System\UIOcqGJ.exe
  2⤵
  PID:4272
- C:\Windows\System\GwfXnUV.exe
  C:\Windows\System\GwfXnUV.exe
  2⤵
  PID:4296
- C:\Windows\System\hOkSoXC.exe
  C:\Windows\System\hOkSoXC.exe
  2⤵
  PID:4316
- C:\Windows\System\hfaprFK.exe
  C:\Windows\System\hfaprFK.exe
  2⤵
  PID:4336
- C:\Windows\System\ZphXXur.exe
  C:\Windows\System\ZphXXur.exe
  2⤵
  PID:4352
- C:\Windows\System\rajAODC.exe
  C:\Windows\System\rajAODC.exe
  2⤵
  PID:4376
- C:\Windows\System\CLQqNrx.exe
  C:\Windows\System\CLQqNrx.exe
  2⤵
  PID:4392
- C:\Windows\System\jxuiQtC.exe
  C:\Windows\System\jxuiQtC.exe
  2⤵
  PID:4412
- C:\Windows\System\ATdwgvl.exe
  C:\Windows\System\ATdwgvl.exe
  2⤵
  PID:4436
- C:\Windows\System\LwxmTnH.exe
  C:\Windows\System\LwxmTnH.exe
  2⤵
  PID:4456
- C:\Windows\System\mugRxMJ.exe
  C:\Windows\System\mugRxMJ.exe
  2⤵
  PID:4476
- C:\Windows\System\eEKatnf.exe
  C:\Windows\System\eEKatnf.exe
  2⤵
  PID:4496
- C:\Windows\System\qLdhezf.exe
  C:\Windows\System\qLdhezf.exe
  2⤵
  PID:4516
- C:\Windows\System\XPrZogv.exe
  C:\Windows\System\XPrZogv.exe
  2⤵
  PID:4536
- C:\Windows\System\RzhaTKd.exe
  C:\Windows\System\RzhaTKd.exe
  2⤵
  PID:4556
- C:\Windows\System\IojxPYM.exe
  C:\Windows\System\IojxPYM.exe
  2⤵
  PID:4576
- C:\Windows\System\rjJjVam.exe
  C:\Windows\System\rjJjVam.exe
  2⤵
  PID:4596
- C:\Windows\System\ihobEWy.exe
  C:\Windows\System\ihobEWy.exe
  2⤵
  PID:4616
- C:\Windows\System\VnCSLDN.exe
  C:\Windows\System\VnCSLDN.exe
  2⤵
  PID:4636
- C:\Windows\System\vWXIzvT.exe
  C:\Windows\System\vWXIzvT.exe
  2⤵
  PID:4656
- C:\Windows\System\stVSwkA.exe
  C:\Windows\System\stVSwkA.exe
  2⤵
  PID:4676
- C:\Windows\System\qcMtcCe.exe
  C:\Windows\System\qcMtcCe.exe
  2⤵
  PID:4696
- C:\Windows\System\IMwajWH.exe
  C:\Windows\System\IMwajWH.exe
  2⤵
  PID:4716
- C:\Windows\System\JbGjPnO.exe
  C:\Windows\System\JbGjPnO.exe
  2⤵
  PID:4736
- C:\Windows\System\UeeBRSl.exe
  C:\Windows\System\UeeBRSl.exe
  2⤵
  PID:4756
- C:\Windows\System\qGtsBFw.exe
  C:\Windows\System\qGtsBFw.exe
  2⤵
  PID:4776
- C:\Windows\System\oaBsWly.exe
  C:\Windows\System\oaBsWly.exe
  2⤵
  PID:4796
- C:\Windows\System\RKSjadA.exe
  C:\Windows\System\RKSjadA.exe
  2⤵
  PID:4816
- C:\Windows\System\RQgZOnt.exe
  C:\Windows\System\RQgZOnt.exe
  2⤵
  PID:4836
- C:\Windows\System\oMZMWrT.exe
  C:\Windows\System\oMZMWrT.exe
  2⤵
  PID:4856
- C:\Windows\System\kwbJhoK.exe
  C:\Windows\System\kwbJhoK.exe
  2⤵
  PID:4876
- C:\Windows\System\iTouoCu.exe
  C:\Windows\System\iTouoCu.exe
  2⤵
  PID:4896
- C:\Windows\System\ZjPQTEY.exe
  C:\Windows\System\ZjPQTEY.exe
  2⤵
  PID:4916
- C:\Windows\System\OzuAAmf.exe
  C:\Windows\System\OzuAAmf.exe
  2⤵
  PID:4936
- C:\Windows\System\qxDiOtu.exe
  C:\Windows\System\qxDiOtu.exe
  2⤵
  PID:4956
- C:\Windows\System\BnShDRG.exe
  C:\Windows\System\BnShDRG.exe
  2⤵
  PID:4976
- C:\Windows\System\ZCFSLaz.exe
  C:\Windows\System\ZCFSLaz.exe
  2⤵
  PID:4996
- C:\Windows\System\KPUnPLZ.exe
  C:\Windows\System\KPUnPLZ.exe
  2⤵
  PID:5016
- C:\Windows\System\bfsYCLu.exe
  C:\Windows\System\bfsYCLu.exe
  2⤵
  PID:5036
- C:\Windows\System\aTITEPi.exe
  C:\Windows\System\aTITEPi.exe
  2⤵
  PID:5056
- C:\Windows\System\IOJQyRL.exe
  C:\Windows\System\IOJQyRL.exe
  2⤵
  PID:5076
- C:\Windows\System\mVgMucn.exe
  C:\Windows\System\mVgMucn.exe
  2⤵
  PID:5096
- C:\Windows\System\wIPHhWs.exe
  C:\Windows\System\wIPHhWs.exe
  2⤵
  PID:5116
- C:\Windows\System\AOlNrMP.exe
  C:\Windows\System\AOlNrMP.exe
  2⤵
  PID:3476
- C:\Windows\System\FAVZCHQ.exe
  C:\Windows\System\FAVZCHQ.exe
  2⤵
  PID:3352
- C:\Windows\System\Rekgydt.exe
  C:\Windows\System\Rekgydt.exe
  2⤵
  PID:3860
- C:\Windows\System\ZHEpBKn.exe
  C:\Windows\System\ZHEpBKn.exe
  2⤵
  PID:3808
- C:\Windows\System\HxeNLrf.exe
  C:\Windows\System\HxeNLrf.exe
  2⤵
  PID:3976
- C:\Windows\System\bzcMEIJ.exe
  C:\Windows\System\bzcMEIJ.exe
  2⤵
  PID:1436
- C:\Windows\System\BNfRgQW.exe
  C:\Windows\System\BNfRgQW.exe
  2⤵
  PID:888
- C:\Windows\System\CCjitSr.exe
  C:\Windows\System\CCjitSr.exe
  2⤵
  PID:4112
- C:\Windows\System\CuuGdyy.exe
  C:\Windows\System\CuuGdyy.exe
  2⤵
  PID:4144
- C:\Windows\System\uDwjmzF.exe
  C:\Windows\System\uDwjmzF.exe
  2⤵
  PID:4180
- C:\Windows\System\GJKetIg.exe
  C:\Windows\System\GJKetIg.exe
  2⤵
  PID:4212
- C:\Windows\System\KsRapba.exe
  C:\Windows\System\KsRapba.exe
  2⤵
  PID:4228
- C:\Windows\System\NOPjYFP.exe
  C:\Windows\System\NOPjYFP.exe
  2⤵
  PID:4280
- C:\Windows\System\rtZShtS.exe
  C:\Windows\System\rtZShtS.exe
  2⤵
  PID:4312
- C:\Windows\System\KfmGAVe.exe
  C:\Windows\System\KfmGAVe.exe
  2⤵
  PID:4360
- C:\Windows\System\zBtkBCI.exe
  C:\Windows\System\zBtkBCI.exe
  2⤵
  PID:4372
- C:\Windows\System\MkGSapz.exe
  C:\Windows\System\MkGSapz.exe
  2⤵
  PID:4404
- C:\Windows\System\ZEYkSbd.exe
  C:\Windows\System\ZEYkSbd.exe
  2⤵
  PID:4428
- C:\Windows\System\rjVSPyu.exe
  C:\Windows\System\rjVSPyu.exe
  2⤵
  PID:4492
- C:\Windows\System\nnEhdBY.exe
  C:\Windows\System\nnEhdBY.exe
  2⤵
  PID:4508
- C:\Windows\System\sNEACga.exe
  C:\Windows\System\sNEACga.exe
  2⤵
  PID:4552
- C:\Windows\System\BkZZlCT.exe
  C:\Windows\System\BkZZlCT.exe
  2⤵
  PID:4584
- C:\Windows\System\OxzEXwC.exe
  C:\Windows\System\OxzEXwC.exe
  2⤵
  PID:4608
- C:\Windows\System\eiJSjBi.exe
  C:\Windows\System\eiJSjBi.exe
  2⤵
  PID:4628
- C:\Windows\System\apWYWUk.exe
  C:\Windows\System\apWYWUk.exe
  2⤵
  PID:4692
- C:\Windows\System\VvMWDFC.exe
  C:\Windows\System\VvMWDFC.exe
  2⤵
  PID:4704
- C:\Windows\System\htqMLYV.exe
  C:\Windows\System\htqMLYV.exe
  2⤵
  PID:4752
- C:\Windows\System\dituTdC.exe
  C:\Windows\System\dituTdC.exe
  2⤵
  PID:4784
- C:\Windows\System\kyEMNPH.exe
  C:\Windows\System\kyEMNPH.exe
  2⤵
  PID:4808
- C:\Windows\System\PhzYRXQ.exe
  C:\Windows\System\PhzYRXQ.exe
  2⤵
  PID:4852
- C:\Windows\System\XHHLBro.exe
  C:\Windows\System\XHHLBro.exe
  2⤵
  PID:4864
- C:\Windows\System\lLbTuFf.exe
  C:\Windows\System\lLbTuFf.exe
  2⤵
  PID:4904
- C:\Windows\System\VTZacBX.exe
  C:\Windows\System\VTZacBX.exe
  2⤵
  PID:4952
- C:\Windows\System\rWQgOtU.exe
  C:\Windows\System\rWQgOtU.exe
  2⤵
  PID:4984
- C:\Windows\System\FOAJwrx.exe
  C:\Windows\System\FOAJwrx.exe
  2⤵
  PID:4988
- C:\Windows\System\eJSbqvT.exe
  C:\Windows\System\eJSbqvT.exe
  2⤵
  PID:5052
- C:\Windows\System\ofODXPI.exe
  C:\Windows\System\ofODXPI.exe
  2⤵
  PID:5092
- C:\Windows\System\ivlKSqQ.exe
  C:\Windows\System\ivlKSqQ.exe
  2⤵
  PID:5104
- C:\Windows\System\zezObHt.exe
  C:\Windows\System\zezObHt.exe
  2⤵
  PID:3776
- C:\Windows\System\kwPwnuQ.exe
  C:\Windows\System\kwPwnuQ.exe
  2⤵
  PID:3596
- C:\Windows\System\oVuRoMx.exe
  C:\Windows\System\oVuRoMx.exe
  2⤵
  PID:4024
- C:\Windows\System\jQBLhEe.exe
  C:\Windows\System\jQBLhEe.exe
  2⤵
  PID:2964
- C:\Windows\System\ZAjXrqH.exe
  C:\Windows\System\ZAjXrqH.exe
  2⤵
  PID:2076
- C:\Windows\System\oVYdMil.exe
  C:\Windows\System\oVYdMil.exe
  2⤵
  PID:4188
- C:\Windows\System\zxswVjC.exe
  C:\Windows\System\zxswVjC.exe
  2⤵
  PID:4232
- C:\Windows\System\eJCakSY.exe
  C:\Windows\System\eJCakSY.exe
  2⤵
  PID:4332
- C:\Windows\System\cWcoYTD.exe
  C:\Windows\System\cWcoYTD.exe
  2⤵
  PID:4308
- C:\Windows\System\FLbQman.exe
  C:\Windows\System\FLbQman.exe
  2⤵
  PID:4368
- C:\Windows\System\qUGYjow.exe
  C:\Windows\System\qUGYjow.exe
  2⤵
  PID:4432
- C:\Windows\System\BSUUQUx.exe
  C:\Windows\System\BSUUQUx.exe
  2⤵
  PID:4512
- C:\Windows\System\gFtAaaE.exe
  C:\Windows\System\gFtAaaE.exe
  2⤵
  PID:4588
- C:\Windows\System\ZLurvip.exe
  C:\Windows\System\ZLurvip.exe
  2⤵
  PID:4632
- C:\Windows\System\XuvuQBs.exe
  C:\Windows\System\XuvuQBs.exe
  2⤵
  PID:4672
- C:\Windows\System\uwGKIub.exe
  C:\Windows\System\uwGKIub.exe
  2⤵
  PID:4744
- C:\Windows\System\zLziUle.exe
  C:\Windows\System\zLziUle.exe
  2⤵
  PID:4768
- C:\Windows\System\mRQMdYC.exe
  C:\Windows\System\mRQMdYC.exe
  2⤵
  PID:4828
- C:\Windows\System\MpZypRC.exe
  C:\Windows\System\MpZypRC.exe
  2⤵
  PID:4944
- C:\Windows\System\XFDEjKn.exe
  C:\Windows\System\XFDEjKn.exe
  2⤵
  PID:4924
- C:\Windows\System\QfbvYLO.exe
  C:\Windows\System\QfbvYLO.exe
  2⤵
  PID:5004
- C:\Windows\System\BTFIQDo.exe
  C:\Windows\System\BTFIQDo.exe
  2⤵
  PID:5084
- C:\Windows\System\BkcUEOn.exe
  C:\Windows\System\BkcUEOn.exe
  2⤵
  PID:3372
- C:\Windows\System\ovWpZVU.exe
  C:\Windows\System\ovWpZVU.exe
  2⤵
  PID:3740
- C:\Windows\System\EAyJYdT.exe
  C:\Windows\System\EAyJYdT.exe
  2⤵
  PID:4124
- C:\Windows\System\oPHKoux.exe
  C:\Windows\System\oPHKoux.exe
  2⤵
  PID:4168
- C:\Windows\System\eWEpwgE.exe
  C:\Windows\System\eWEpwgE.exe
  2⤵
  PID:4252
- C:\Windows\System\vRwFrhK.exe
  C:\Windows\System\vRwFrhK.exe
  2⤵
  PID:4284
- C:\Windows\System\lPHVMYK.exe
  C:\Windows\System\lPHVMYK.exe
  2⤵
  PID:4484
- C:\Windows\System\kNrPHjY.exe
  C:\Windows\System\kNrPHjY.exe
  2⤵
  PID:5132
- C:\Windows\System\jGHccsx.exe
  C:\Windows\System\jGHccsx.exe
  2⤵
  PID:5148
- C:\Windows\System\uQIeies.exe
  C:\Windows\System\uQIeies.exe
  2⤵
  PID:5172
- C:\Windows\System\TAUNwzr.exe
  C:\Windows\System\TAUNwzr.exe
  2⤵
  PID:5192
- C:\Windows\System\wbDXRuy.exe
  C:\Windows\System\wbDXRuy.exe
  2⤵
  PID:5212
- C:\Windows\System\McLlNPn.exe
  C:\Windows\System\McLlNPn.exe
  2⤵
  PID:5232
- C:\Windows\System\bfePuFD.exe
  C:\Windows\System\bfePuFD.exe
  2⤵
  PID:5252
- C:\Windows\System\dvAtNee.exe
  C:\Windows\System\dvAtNee.exe
  2⤵
  PID:5272
- C:\Windows\System\lGxNOyC.exe
  C:\Windows\System\lGxNOyC.exe
  2⤵
  PID:5292
- C:\Windows\System\LMAeOyD.exe
  C:\Windows\System\LMAeOyD.exe
  2⤵
  PID:5316
- C:\Windows\System\frvtzyA.exe
  C:\Windows\System\frvtzyA.exe
  2⤵
  PID:5340
- C:\Windows\System\ifcFefZ.exe
  C:\Windows\System\ifcFefZ.exe
  2⤵
  PID:5360
- C:\Windows\System\YMwhjOX.exe
  C:\Windows\System\YMwhjOX.exe
  2⤵
  PID:5384
- C:\Windows\System\drGScmo.exe
  C:\Windows\System\drGScmo.exe
  2⤵
  PID:5404
- C:\Windows\System\hfmjZAb.exe
  C:\Windows\System\hfmjZAb.exe
  2⤵
  PID:5424
- C:\Windows\System\hvvjxll.exe
  C:\Windows\System\hvvjxll.exe
  2⤵
  PID:5444
- C:\Windows\System\mahdZfh.exe
  C:\Windows\System\mahdZfh.exe
  2⤵
  PID:5464
- C:\Windows\System\xClgMir.exe
  C:\Windows\System\xClgMir.exe
  2⤵
  PID:5484
- C:\Windows\System\knMmOiv.exe
  C:\Windows\System\knMmOiv.exe
  2⤵
  PID:5512
- C:\Windows\System\vPBzNqb.exe
  C:\Windows\System\vPBzNqb.exe
  2⤵
  PID:5532
- C:\Windows\System\ESgCRhq.exe
  C:\Windows\System\ESgCRhq.exe
  2⤵
  PID:5552
- C:\Windows\System\CyYGjcf.exe
  C:\Windows\System\CyYGjcf.exe
  2⤵
  PID:5576
- C:\Windows\System\jCxDWvl.exe
  C:\Windows\System\jCxDWvl.exe
  2⤵
  PID:5596
- C:\Windows\System\DqerMWT.exe
  C:\Windows\System\DqerMWT.exe
  2⤵
  PID:5616
- C:\Windows\System\nDihdsR.exe
  C:\Windows\System\nDihdsR.exe
  2⤵
  PID:5636
- C:\Windows\System\xDXsBow.exe
  C:\Windows\System\xDXsBow.exe
  2⤵
  PID:5656
- C:\Windows\System\pVxrLrJ.exe
  C:\Windows\System\pVxrLrJ.exe
  2⤵
  PID:5676
- C:\Windows\System\vyozCBE.exe
  C:\Windows\System\vyozCBE.exe
  2⤵
  PID:5696
- C:\Windows\System\xQgAaAm.exe
  C:\Windows\System\xQgAaAm.exe
  2⤵
  PID:5716
- C:\Windows\System\alpppkK.exe
  C:\Windows\System\alpppkK.exe
  2⤵
  PID:5736
- C:\Windows\System\JKxhNXk.exe
  C:\Windows\System\JKxhNXk.exe
  2⤵
  PID:5756
- C:\Windows\System\vLUxYDF.exe
  C:\Windows\System\vLUxYDF.exe
  2⤵
  PID:5780
- C:\Windows\System\yPrfqon.exe
  C:\Windows\System\yPrfqon.exe
  2⤵
  PID:5800
- C:\Windows\System\tmccWod.exe
  C:\Windows\System\tmccWod.exe
  2⤵
  PID:5824
- C:\Windows\System\ViZMMGc.exe
  C:\Windows\System\ViZMMGc.exe
  2⤵
  PID:5844
- C:\Windows\System\uwhKyBo.exe
  C:\Windows\System\uwhKyBo.exe
  2⤵
  PID:5868
- C:\Windows\System\EePjyoK.exe
  C:\Windows\System\EePjyoK.exe
  2⤵
  PID:5888
- C:\Windows\System\cTVJPNo.exe
  C:\Windows\System\cTVJPNo.exe
  2⤵
  PID:5908
- C:\Windows\System\WIuqQgV.exe
  C:\Windows\System\WIuqQgV.exe
  2⤵
  PID:5928
- C:\Windows\System\DPliMub.exe
  C:\Windows\System\DPliMub.exe
  2⤵
  PID:5948
- C:\Windows\System\qbwrOnm.exe
  C:\Windows\System\qbwrOnm.exe
  2⤵
  PID:5968
- C:\Windows\System\rfkKiiS.exe
  C:\Windows\System\rfkKiiS.exe
  2⤵
  PID:5988
- C:\Windows\System\UfbUZDx.exe
  C:\Windows\System\UfbUZDx.exe
  2⤵
  PID:6008
- C:\Windows\System\LXFuKbz.exe
  C:\Windows\System\LXFuKbz.exe
  2⤵
  PID:6028
- C:\Windows\System\jhDGOKg.exe
  C:\Windows\System\jhDGOKg.exe
  2⤵
  PID:6048
- C:\Windows\System\aJOxdvb.exe
  C:\Windows\System\aJOxdvb.exe
  2⤵
  PID:6068
- C:\Windows\System\ykOPVkm.exe
  C:\Windows\System\ykOPVkm.exe
  2⤵
  PID:6088
- C:\Windows\System\cFecGNa.exe
  C:\Windows\System\cFecGNa.exe
  2⤵
  PID:6108
- C:\Windows\System\hRlNdwu.exe
  C:\Windows\System\hRlNdwu.exe
  2⤵
  PID:6128
- C:\Windows\System\lBEHKzf.exe
  C:\Windows\System\lBEHKzf.exe
  2⤵
  PID:4468
- C:\Windows\System\pldbVoF.exe
  C:\Windows\System\pldbVoF.exe
  2⤵
  PID:4568
- C:\Windows\System\QDumEiF.exe
  C:\Windows\System\QDumEiF.exe
  2⤵
  PID:4804
- C:\Windows\System\aCSwSVu.exe
  C:\Windows\System\aCSwSVu.exe
  2⤵
  PID:4764
- C:\Windows\System\ihVGUlt.exe
  C:\Windows\System\ihVGUlt.exe
  2⤵
  PID:4844
- C:\Windows\System\jXCDNNO.exe
  C:\Windows\System\jXCDNNO.exe
  2⤵
  PID:5008
- C:\Windows\System\hmSiOfB.exe
  C:\Windows\System\hmSiOfB.exe
  2⤵
  PID:5044
- C:\Windows\System\StCvrpV.exe
  C:\Windows\System\StCvrpV.exe
  2⤵
  PID:3912
- C:\Windows\System\cljOkEA.exe
  C:\Windows\System\cljOkEA.exe
  2⤵
  PID:4244
- C:\Windows\System\AfymCNs.exe
  C:\Windows\System\AfymCNs.exe
  2⤵
  PID:4148
- C:\Windows\System\sAqzYBU.exe
  C:\Windows\System\sAqzYBU.exe
  2⤵
  PID:4464
- C:\Windows\System\ZmpndwC.exe
  C:\Windows\System\ZmpndwC.exe
  2⤵
  PID:5156
- C:\Windows\System\mgjshhU.exe
  C:\Windows\System\mgjshhU.exe
  2⤵
  PID:5164
- C:\Windows\System\WcSyEGF.exe
  C:\Windows\System\WcSyEGF.exe
  2⤵
  PID:5184
- C:\Windows\System\gElrMsa.exe
  C:\Windows\System\gElrMsa.exe
  2⤵
  PID:5240
- C:\Windows\System\aeOJNYk.exe
  C:\Windows\System\aeOJNYk.exe
  2⤵
  PID:5280
- C:\Windows\System\QMWJoVQ.exe
  C:\Windows\System\QMWJoVQ.exe
  2⤵
  PID:5312
- C:\Windows\System\gAAEowk.exe
  C:\Windows\System\gAAEowk.exe
  2⤵
  PID:5348
- C:\Windows\System\mNbaURw.exe
  C:\Windows\System\mNbaURw.exe
  2⤵
  PID:5372
- C:\Windows\System\DNmFPGh.exe
  C:\Windows\System\DNmFPGh.exe
  2⤵
  PID:5420
- C:\Windows\System\yVAneoK.exe
  C:\Windows\System\yVAneoK.exe
  2⤵
  PID:5460
- C:\Windows\System\lDjoVZW.exe
  C:\Windows\System\lDjoVZW.exe
  2⤵
  PID:5492
- C:\Windows\System\LjurGNi.exe
  C:\Windows\System\LjurGNi.exe
  2⤵
  PID:5528
- C:\Windows\System\jmJDEyw.exe
  C:\Windows\System\jmJDEyw.exe
  2⤵
  PID:5560
- C:\Windows\System\hXfLOCH.exe
  C:\Windows\System\hXfLOCH.exe
  2⤵
  PID:5588
- C:\Windows\System\GkGBGfI.exe
  C:\Windows\System\GkGBGfI.exe
  2⤵
  PID:5632
- C:\Windows\System\fYkCvJl.exe
  C:\Windows\System\fYkCvJl.exe
  2⤵
  PID:5652
- C:\Windows\System\ygVjkqm.exe
  C:\Windows\System\ygVjkqm.exe
  2⤵
  PID:5688
- C:\Windows\System\dGqLPbk.exe
  C:\Windows\System\dGqLPbk.exe
  2⤵
  PID:5744
- C:\Windows\System\oIpEnLW.exe
  C:\Windows\System\oIpEnLW.exe
  2⤵
  PID:5764
- C:\Windows\System\NqmhNEf.exe
  C:\Windows\System\NqmhNEf.exe
  2⤵
  PID:5808
- C:\Windows\System\HDmVnKF.exe
  C:\Windows\System\HDmVnKF.exe
  2⤵
  PID:5812
- C:\Windows\System\EnDrUDk.exe
  C:\Windows\System\EnDrUDk.exe
  2⤵
  PID:5884
- C:\Windows\System\DVLjESl.exe
  C:\Windows\System\DVLjESl.exe
  2⤵
  PID:5924
- C:\Windows\System\mKJwHXY.exe
  C:\Windows\System\mKJwHXY.exe
  2⤵
  PID:5936
- C:\Windows\System\jDxFWYe.exe
  C:\Windows\System\jDxFWYe.exe
  2⤵
  PID:5984
- C:\Windows\System\iChYsVk.exe
  C:\Windows\System\iChYsVk.exe
  2⤵
  PID:6036
- C:\Windows\System\VNXFIAB.exe
  C:\Windows\System\VNXFIAB.exe
  2⤵
  PID:6020
- C:\Windows\System\feRCONP.exe
  C:\Windows\System\feRCONP.exe
  2⤵
  PID:6060
- C:\Windows\System\IinsFIn.exe
  C:\Windows\System\IinsFIn.exe
  2⤵
  PID:6116
- C:\Windows\System\rKQhdvV.exe
  C:\Windows\System\rKQhdvV.exe
  2⤵
  PID:4664
- C:\Windows\System\aFEumnn.exe
  C:\Windows\System\aFEumnn.exe
  2⤵
  PID:4728
- C:\Windows\System\ZTzISmZ.exe
  C:\Windows\System\ZTzISmZ.exe
  2⤵
  PID:4832
- C:\Windows\System\bquVRGx.exe
  C:\Windows\System\bquVRGx.exe
  2⤵
  PID:4968
- C:\Windows\System\HxkgLgT.exe
  C:\Windows\System\HxkgLgT.exe
  2⤵
  PID:3640
- C:\Windows\System\wXsTTjV.exe
  C:\Windows\System\wXsTTjV.exe
  2⤵
  PID:3136
- C:\Windows\System\LytwSHH.exe
  C:\Windows\System\LytwSHH.exe
  2⤵
  PID:5124
- C:\Windows\System\CzgWguy.exe
  C:\Windows\System\CzgWguy.exe
  2⤵
  PID:5208
- C:\Windows\System\rWQNoPe.exe
  C:\Windows\System\rWQNoPe.exe
  2⤵
  PID:5220
- C:\Windows\System\mHxyXrq.exe
  C:\Windows\System\mHxyXrq.exe
  2⤵
  PID:5260
- C:\Windows\System\NHZYbHr.exe
  C:\Windows\System\NHZYbHr.exe
  2⤵
  PID:5328
- C:\Windows\System\GodwEMK.exe
  C:\Windows\System\GodwEMK.exe
  2⤵
  PID:5412
- C:\Windows\System\bLsRzXy.exe
  C:\Windows\System\bLsRzXy.exe
  2⤵
  PID:5480
- C:\Windows\System\fAdCHqj.exe
  C:\Windows\System\fAdCHqj.exe
  2⤵
  PID:5520
- C:\Windows\System\sJggdbA.exe
  C:\Windows\System\sJggdbA.exe
  2⤵
  PID:5584
- C:\Windows\System\gtopZNZ.exe
  C:\Windows\System\gtopZNZ.exe
  2⤵
  PID:5608
- C:\Windows\System\EzimCzm.exe
  C:\Windows\System\EzimCzm.exe
  2⤵
  PID:5692
- C:\Windows\System\xvTxONp.exe
  C:\Windows\System\xvTxONp.exe
  2⤵
  PID:5708
- C:\Windows\System\bgAtjRr.exe
  C:\Windows\System\bgAtjRr.exe
  2⤵
  PID:5816
- C:\Windows\System\yfGlhdg.exe
  C:\Windows\System\yfGlhdg.exe
  2⤵
  PID:5916
- C:\Windows\System\JtzdUPf.exe
  C:\Windows\System\JtzdUPf.exe
  2⤵
  PID:5920
- C:\Windows\System\hrmBBer.exe
  C:\Windows\System\hrmBBer.exe
  2⤵
  PID:5960
- C:\Windows\System\eDnzIIP.exe
  C:\Windows\System\eDnzIIP.exe
  2⤵
  PID:6024
- C:\Windows\System\sBgmVAB.exe
  C:\Windows\System\sBgmVAB.exe
  2⤵
  PID:6076
- C:\Windows\System\YpIzAPi.exe
  C:\Windows\System\YpIzAPi.exe
  2⤵
  PID:4684
- C:\Windows\System\DoNIvTg.exe
  C:\Windows\System\DoNIvTg.exe
  2⤵
  PID:4908
- C:\Windows\System\XQvvMHE.exe
  C:\Windows\System\XQvvMHE.exe
  2⤵
  PID:4932
- C:\Windows\System\EvCJjVm.exe
  C:\Windows\System\EvCJjVm.exe
  2⤵
  PID:3540
- C:\Windows\System\XkAFcCl.exe
  C:\Windows\System\XkAFcCl.exe
  2⤵
  PID:5168
- C:\Windows\System\UzEkfzi.exe
  C:\Windows\System\UzEkfzi.exe
  2⤵
  PID:5180
- C:\Windows\System\hvuRhgJ.exe
  C:\Windows\System\hvuRhgJ.exe
  2⤵
  PID:5300
- C:\Windows\System\ravSjnL.exe
  C:\Windows\System\ravSjnL.exe
  2⤵
  PID:5436
- C:\Windows\System\eQfXjhy.exe
  C:\Windows\System\eQfXjhy.exe
  2⤵
  PID:5612
- C:\Windows\System\GCXroWG.exe
  C:\Windows\System\GCXroWG.exe
  2⤵
  PID:6152
- C:\Windows\System\EpXzszQ.exe
  C:\Windows\System\EpXzszQ.exe
  2⤵
  PID:6172
- C:\Windows\System\HSxORKn.exe
  C:\Windows\System\HSxORKn.exe
  2⤵
  PID:6192
- C:\Windows\System\OODDELu.exe
  C:\Windows\System\OODDELu.exe
  2⤵
  PID:6212
- C:\Windows\System\ujGNshQ.exe
  C:\Windows\System\ujGNshQ.exe
  2⤵
  PID:6232
- C:\Windows\System\rHsYIFH.exe
  C:\Windows\System\rHsYIFH.exe
  2⤵
  PID:6252
- C:\Windows\System\rNBXGTx.exe
  C:\Windows\System\rNBXGTx.exe
  2⤵
  PID:6272
- C:\Windows\System\nqjgcLz.exe
  C:\Windows\System\nqjgcLz.exe
  2⤵
  PID:6292
- C:\Windows\System\xrYVYbH.exe
  C:\Windows\System\xrYVYbH.exe
  2⤵
  PID:6312
- C:\Windows\System\TOPRTqx.exe
  C:\Windows\System\TOPRTqx.exe
  2⤵
  PID:6332
- C:\Windows\System\vUPYpvg.exe
  C:\Windows\System\vUPYpvg.exe
  2⤵
  PID:6352
- C:\Windows\System\zsNsNuG.exe
  C:\Windows\System\zsNsNuG.exe
  2⤵
  PID:6372
- C:\Windows\System\kYRQnJp.exe
  C:\Windows\System\kYRQnJp.exe
  2⤵
  PID:6392
- C:\Windows\System\PWVJsYc.exe
  C:\Windows\System\PWVJsYc.exe
  2⤵
  PID:6412
- C:\Windows\System\IZhYgaM.exe
  C:\Windows\System\IZhYgaM.exe
  2⤵
  PID:6432
- C:\Windows\System\ceACKgX.exe
  C:\Windows\System\ceACKgX.exe
  2⤵
  PID:6452
- C:\Windows\System\trIvalL.exe
  C:\Windows\System\trIvalL.exe
  2⤵
  PID:6472
- C:\Windows\System\GGmoQNV.exe
  C:\Windows\System\GGmoQNV.exe
  2⤵
  PID:6492
- C:\Windows\System\NUJrQkI.exe
  C:\Windows\System\NUJrQkI.exe
  2⤵
  PID:6512
- C:\Windows\System\UbHnXxd.exe
  C:\Windows\System\UbHnXxd.exe
  2⤵
  PID:6532
- C:\Windows\System\PRiCtRZ.exe
  C:\Windows\System\PRiCtRZ.exe
  2⤵
  PID:6552
- C:\Windows\System\BYhypsX.exe
  C:\Windows\System\BYhypsX.exe
  2⤵
  PID:6572
- C:\Windows\System\UzvptRr.exe
  C:\Windows\System\UzvptRr.exe
  2⤵
  PID:6592
- C:\Windows\System\MCLPrOx.exe
  C:\Windows\System\MCLPrOx.exe
  2⤵
  PID:6612
- C:\Windows\System\JZGkrUW.exe
  C:\Windows\System\JZGkrUW.exe
  2⤵
  PID:6632
- C:\Windows\System\lpAqXqV.exe
  C:\Windows\System\lpAqXqV.exe
  2⤵
  PID:6652
- C:\Windows\System\MVxFeJq.exe
  C:\Windows\System\MVxFeJq.exe
  2⤵
  PID:6672
- C:\Windows\System\wISyvuE.exe
  C:\Windows\System\wISyvuE.exe
  2⤵
  PID:6692
- C:\Windows\System\FZcFtOU.exe
  C:\Windows\System\FZcFtOU.exe
  2⤵
  PID:6712
- C:\Windows\System\TlNVNEd.exe
  C:\Windows\System\TlNVNEd.exe
  2⤵
  PID:6732
- C:\Windows\System\cZcbeYq.exe
  C:\Windows\System\cZcbeYq.exe
  2⤵
  PID:6752
- C:\Windows\System\HwUorpK.exe
  C:\Windows\System\HwUorpK.exe
  2⤵
  PID:6772
- C:\Windows\System\mrypfYk.exe
  C:\Windows\System\mrypfYk.exe
  2⤵
  PID:6792
- C:\Windows\System\QjsLRdS.exe
  C:\Windows\System\QjsLRdS.exe
  2⤵
  PID:6812
- C:\Windows\System\GMDRfbH.exe
  C:\Windows\System\GMDRfbH.exe
  2⤵
  PID:6832
- C:\Windows\System\urQTCYC.exe
  C:\Windows\System\urQTCYC.exe
  2⤵
  PID:6852
- C:\Windows\System\BMQShJm.exe
  C:\Windows\System\BMQShJm.exe
  2⤵
  PID:6872
- C:\Windows\System\jdmbdRw.exe
  C:\Windows\System\jdmbdRw.exe
  2⤵
  PID:6892
- C:\Windows\System\kZVqata.exe
  C:\Windows\System\kZVqata.exe
  2⤵
  PID:6912
- C:\Windows\System\KjSNBlr.exe
  C:\Windows\System\KjSNBlr.exe
  2⤵
  PID:6932
- C:\Windows\System\PzezPJt.exe
  C:\Windows\System\PzezPJt.exe
  2⤵
  PID:6956
- C:\Windows\System\yObobTe.exe
  C:\Windows\System\yObobTe.exe
  2⤵
  PID:6976
- C:\Windows\System\ozpaFvd.exe
  C:\Windows\System\ozpaFvd.exe
  2⤵
  PID:6996
- C:\Windows\System\VqvdEmO.exe
  C:\Windows\System\VqvdEmO.exe
  2⤵
  PID:7016
- C:\Windows\System\RNaBFiO.exe
  C:\Windows\System\RNaBFiO.exe
  2⤵
  PID:7036
- C:\Windows\System\dNCNgoT.exe
  C:\Windows\System\dNCNgoT.exe
  2⤵
  PID:7056
- C:\Windows\System\BZEChEG.exe
  C:\Windows\System\BZEChEG.exe
  2⤵
  PID:7076
- C:\Windows\System\iOyXOWC.exe
  C:\Windows\System\iOyXOWC.exe
  2⤵
  PID:7096
- C:\Windows\System\hVcxVbW.exe
  C:\Windows\System\hVcxVbW.exe
  2⤵
  PID:7116
- C:\Windows\System\oaefzCH.exe
  C:\Windows\System\oaefzCH.exe
  2⤵
  PID:7136
- C:\Windows\System\RlamWOt.exe
  C:\Windows\System\RlamWOt.exe
  2⤵
  PID:7156
- C:\Windows\System\wbvgRHu.exe
  C:\Windows\System\wbvgRHu.exe
  2⤵
  PID:5664
- C:\Windows\System\ZiJoUgw.exe
  C:\Windows\System\ZiJoUgw.exe
  2⤵
  PID:5728
- C:\Windows\System\gkkGLAi.exe
  C:\Windows\System\gkkGLAi.exe
  2⤵
  PID:5836
- C:\Windows\System\bYTsCLa.exe
  C:\Windows\System\bYTsCLa.exe
  2⤵
  PID:5976
- C:\Windows\System\cqtoxap.exe
  C:\Windows\System\cqtoxap.exe
  2⤵
  PID:6000
- C:\Windows\System\RioIHTu.exe
  C:\Windows\System\RioIHTu.exe
  2⤵
  PID:6120
- C:\Windows\System\DZHSWtH.exe
  C:\Windows\System\DZHSWtH.exe
  2⤵
  PID:4792
- C:\Windows\System\TtZoPUW.exe
  C:\Windows\System\TtZoPUW.exe
  2⤵
  PID:4304
- C:\Windows\System\bBjdlgY.exe
  C:\Windows\System\bBjdlgY.exe
  2⤵
  PID:5268
- C:\Windows\System\qzUPszJ.exe
  C:\Windows\System\qzUPszJ.exe
  2⤵
  PID:5264
- C:\Windows\System\cbOPBaU.exe
  C:\Windows\System\cbOPBaU.exe
  2⤵
  PID:6148
- C:\Windows\System\iqNkIJk.exe
  C:\Windows\System\iqNkIJk.exe
  2⤵
  PID:6180
- C:\Windows\System\oPKJBsv.exe
  C:\Windows\System\oPKJBsv.exe
  2⤵
  PID:6200
- C:\Windows\System\gXXUfje.exe
  C:\Windows\System\gXXUfje.exe
  2⤵
  PID:6240
- C:\Windows\System\tCvYzAp.exe
  C:\Windows\System\tCvYzAp.exe
  2⤵
  PID:6264
- C:\Windows\System\eTzCJtP.exe
  C:\Windows\System\eTzCJtP.exe
  2⤵
  PID:6308
- C:\Windows\System\CqTlLaS.exe
  C:\Windows\System\CqTlLaS.exe
  2⤵
  PID:6324
- C:\Windows\System\vOEenvT.exe
  C:\Windows\System\vOEenvT.exe
  2⤵
  PID:6364
- C:\Windows\System\ownRFui.exe
  C:\Windows\System\ownRFui.exe
  2⤵
  PID:6408
- C:\Windows\System\PnIQnyF.exe
  C:\Windows\System\PnIQnyF.exe
  2⤵
  PID:6460
- C:\Windows\System\KBCszxK.exe
  C:\Windows\System\KBCszxK.exe
  2⤵
  PID:6444
- C:\Windows\System\lwxPJLE.exe
  C:\Windows\System\lwxPJLE.exe
  2⤵
  PID:6508
- C:\Windows\System\ETmZVSC.exe
  C:\Windows\System\ETmZVSC.exe
  2⤵
  PID:6540
- C:\Windows\System\kLCuZIL.exe
  C:\Windows\System\kLCuZIL.exe
  2⤵
  PID:6580
- C:\Windows\System\OqTOspW.exe
  C:\Windows\System\OqTOspW.exe
  2⤵
  PID:6600
- C:\Windows\System\lFSNhPb.exe
  C:\Windows\System\lFSNhPb.exe
  2⤵
  PID:6624
- C:\Windows\System\HwcSEDp.exe
  C:\Windows\System\HwcSEDp.exe
  2⤵
  PID:6668
- C:\Windows\System\ZOlyQnq.exe
  C:\Windows\System\ZOlyQnq.exe
  2⤵
  PID:6700
- C:\Windows\System\FzXOtpU.exe
  C:\Windows\System\FzXOtpU.exe
  2⤵
  PID:6748
- C:\Windows\System\qJzybYT.exe
  C:\Windows\System\qJzybYT.exe
  2⤵
  PID:6768
- C:\Windows\System\eMXsAfR.exe
  C:\Windows\System\eMXsAfR.exe
  2⤵
  PID:6800
- C:\Windows\System\etCBrEz.exe
  C:\Windows\System\etCBrEz.exe
  2⤵
  PID:6840
- C:\Windows\System\qyranQx.exe
  C:\Windows\System\qyranQx.exe
  2⤵
  PID:6864
- C:\Windows\System\jSWqpWk.exe
  C:\Windows\System\jSWqpWk.exe
  2⤵
  PID:6884
- C:\Windows\System\ZYYuzNZ.exe
  C:\Windows\System\ZYYuzNZ.exe
  2⤵
  PID:6928
- C:\Windows\System\UpQcYNI.exe
  C:\Windows\System\UpQcYNI.exe
  2⤵
  PID:6972
- C:\Windows\System\xBiVuUy.exe
  C:\Windows\System\xBiVuUy.exe
  2⤵
  PID:1236
- C:\Windows\System\TkCYrSY.exe
  C:\Windows\System\TkCYrSY.exe
  2⤵
  PID:7008
- C:\Windows\System\CIkWvkm.exe
  C:\Windows\System\CIkWvkm.exe
  2⤵
  PID:7072
- C:\Windows\System\tnObyiC.exe
  C:\Windows\System\tnObyiC.exe
  2⤵
  PID:7104
- C:\Windows\System\eAbLjYR.exe
  C:\Windows\System\eAbLjYR.exe
  2⤵
  PID:7144
- C:\Windows\System\tFvWmEk.exe
  C:\Windows\System\tFvWmEk.exe
  2⤵
  PID:7164
- C:\Windows\System\aWxjKER.exe
  C:\Windows\System\aWxjKER.exe
  2⤵
  PID:5752
- C:\Windows\System\TemNzxM.exe
  C:\Windows\System\TemNzxM.exe
  2⤵
  PID:5796
- C:\Windows\System\wjpZBiQ.exe
  C:\Windows\System\wjpZBiQ.exe
  2⤵
  PID:6040
- C:\Windows\System\BfFzUeP.exe
  C:\Windows\System\BfFzUeP.exe
  2⤵
  PID:4712
- C:\Windows\System\sVHPcQz.exe
  C:\Windows\System\sVHPcQz.exe
  2⤵
  PID:5376
- C:\Windows\System\NvnqoCa.exe
  C:\Windows\System\NvnqoCa.exe
  2⤵
  PID:5476
- C:\Windows\System\dBTCnRP.exe
  C:\Windows\System\dBTCnRP.exe
  2⤵
  PID:5544
- C:\Windows\System\COPclWL.exe
  C:\Windows\System\COPclWL.exe
  2⤵
  PID:6220
- C:\Windows\System\WpXBZGy.exe
  C:\Windows\System\WpXBZGy.exe
  2⤵
  PID:6268
- C:\Windows\System\ySapSYd.exe
  C:\Windows\System\ySapSYd.exe
  2⤵
  PID:6320
- C:\Windows\System\SYuCVCY.exe
  C:\Windows\System\SYuCVCY.exe
  2⤵
  PID:6388
- C:\Windows\System\PuiMBPA.exe
  C:\Windows\System\PuiMBPA.exe
  2⤵
  PID:6480
- C:\Windows\System\ciHxnGN.exe
  C:\Windows\System\ciHxnGN.exe
  2⤵
  PID:6484
- C:\Windows\System\UPfWBJQ.exe
  C:\Windows\System\UPfWBJQ.exe
  2⤵
  PID:6524
- C:\Windows\System\vrPMWZg.exe
  C:\Windows\System\vrPMWZg.exe
  2⤵
  PID:6608
- C:\Windows\System\wPOUKqx.exe
  C:\Windows\System\wPOUKqx.exe
  2⤵
  PID:6684
- C:\Windows\System\UYBesuV.exe
  C:\Windows\System\UYBesuV.exe
  2⤵
  PID:6728
- C:\Windows\System\xIFnKXu.exe
  C:\Windows\System\xIFnKXu.exe
  2⤵
  PID:6828
- C:\Windows\System\RfYKApb.exe
  C:\Windows\System\RfYKApb.exe
  2⤵
  PID:6808
- C:\Windows\System\giFRBuS.exe
  C:\Windows\System\giFRBuS.exe
  2⤵
  PID:6844
- C:\Windows\System\WxRVKOj.exe
  C:\Windows\System\WxRVKOj.exe
  2⤵
  PID:6944
- C:\Windows\System\DdRRvyK.exe
  C:\Windows\System\DdRRvyK.exe
  2⤵
  PID:7012
- C:\Windows\System\hEoUWcu.exe
  C:\Windows\System\hEoUWcu.exe
  2⤵
  PID:7044
- C:\Windows\System\iOtxyXp.exe
  C:\Windows\System\iOtxyXp.exe
  2⤵
  PID:7128
- C:\Windows\System\IHJEEtz.exe
  C:\Windows\System\IHJEEtz.exe
  2⤵
  PID:7152
- C:\Windows\System\EqSMkkx.exe
  C:\Windows\System\EqSMkkx.exe
  2⤵
  PID:5840
- C:\Windows\System\hbFedDU.exe
  C:\Windows\System\hbFedDU.exe
  2⤵
  PID:5980
- C:\Windows\System\OmQIkzB.exe
  C:\Windows\System\OmQIkzB.exe
  2⤵
  PID:4472
- C:\Windows\System\FvgnPzy.exe
  C:\Windows\System\FvgnPzy.exe
  2⤵
  PID:6160
- C:\Windows\System\noOtiuK.exe
  C:\Windows\System\noOtiuK.exe
  2⤵
  PID:6348
- C:\Windows\System\uxbMAug.exe
  C:\Windows\System\uxbMAug.exe
  2⤵
  PID:6384
- C:\Windows\System\JEGrfSp.exe
  C:\Windows\System\JEGrfSp.exe
  2⤵
  PID:6328
- C:\Windows\System\fhFVqIt.exe
  C:\Windows\System\fhFVqIt.exe
  2⤵
  PID:6560
- C:\Windows\System\xICqrBu.exe
  C:\Windows\System\xICqrBu.exe
  2⤵
  PID:6604
- C:\Windows\System\zOugumF.exe
  C:\Windows\System\zOugumF.exe
  2⤵
  PID:6720
- C:\Windows\System\pHYIjRY.exe
  C:\Windows\System\pHYIjRY.exe
  2⤵
  PID:6868
- C:\Windows\System\MsePtsG.exe
  C:\Windows\System\MsePtsG.exe
  2⤵
  PID:2096
- C:\Windows\System\zRTcAgp.exe
  C:\Windows\System\zRTcAgp.exe
  2⤵
  PID:7180
- C:\Windows\System\gkyMcJA.exe
  C:\Windows\System\gkyMcJA.exe
  2⤵
  PID:7200
- C:\Windows\System\VCsclnO.exe
  C:\Windows\System\VCsclnO.exe
  2⤵
  PID:7220
- C:\Windows\System\YkOtMQM.exe
  C:\Windows\System\YkOtMQM.exe
  2⤵
  PID:7240
- C:\Windows\System\CTDYhtP.exe
  C:\Windows\System\CTDYhtP.exe
  2⤵
  PID:7260
- C:\Windows\System\vsHqUFW.exe
  C:\Windows\System\vsHqUFW.exe
  2⤵
  PID:7276
- C:\Windows\System\lsFbnwP.exe
  C:\Windows\System\lsFbnwP.exe
  2⤵
  PID:7300
- C:\Windows\System\CdgYSMD.exe
  C:\Windows\System\CdgYSMD.exe
  2⤵
  PID:7320
- C:\Windows\System\yeLJBnr.exe
  C:\Windows\System\yeLJBnr.exe
  2⤵
  PID:7340
- C:\Windows\System\JXATFBf.exe
  C:\Windows\System\JXATFBf.exe
  2⤵
  PID:7360
- C:\Windows\System\inULuPq.exe
  C:\Windows\System\inULuPq.exe
  2⤵
  PID:7380
- C:\Windows\System\egOnoEr.exe
  C:\Windows\System\egOnoEr.exe
  2⤵
  PID:7400
- C:\Windows\System\QKGvScq.exe
  C:\Windows\System\QKGvScq.exe
  2⤵
  PID:7420
- C:\Windows\System\yDcszZc.exe
  C:\Windows\System\yDcszZc.exe
  2⤵
  PID:7440
- C:\Windows\System\HSqwKTC.exe
  C:\Windows\System\HSqwKTC.exe
  2⤵
  PID:7460
- C:\Windows\System\jfyGSMF.exe
  C:\Windows\System\jfyGSMF.exe
  2⤵
  PID:7480
- C:\Windows\System\oHqgWLG.exe
  C:\Windows\System\oHqgWLG.exe
  2⤵
  PID:7500
- C:\Windows\System\jwUpizS.exe
  C:\Windows\System\jwUpizS.exe
  2⤵
  PID:7520
- C:\Windows\System\wZfQFxH.exe
  C:\Windows\System\wZfQFxH.exe
  2⤵
  PID:7540
- C:\Windows\System\rnDnCuN.exe
  C:\Windows\System\rnDnCuN.exe
  2⤵
  PID:7560
- C:\Windows\System\PPVOJui.exe
  C:\Windows\System\PPVOJui.exe
  2⤵
  PID:7580
- C:\Windows\System\Dwfozpg.exe
  C:\Windows\System\Dwfozpg.exe
  2⤵
  PID:7600
- C:\Windows\System\bGZQgEJ.exe
  C:\Windows\System\bGZQgEJ.exe
  2⤵
  PID:7620
- C:\Windows\System\gJncSNv.exe
  C:\Windows\System\gJncSNv.exe
  2⤵
  PID:7640
- C:\Windows\System\EOKiwwS.exe
  C:\Windows\System\EOKiwwS.exe
  2⤵
  PID:7660
- C:\Windows\System\ncVYwrF.exe
  C:\Windows\System\ncVYwrF.exe
  2⤵
  PID:7676
- C:\Windows\System\nHAdJEw.exe
  C:\Windows\System\nHAdJEw.exe
  2⤵
  PID:7700
- C:\Windows\System\kaANIxX.exe
  C:\Windows\System\kaANIxX.exe
  2⤵
  PID:7720
- C:\Windows\System\tKXXmfY.exe
  C:\Windows\System\tKXXmfY.exe
  2⤵
  PID:7740
- C:\Windows\System\qzhTVZR.exe
  C:\Windows\System\qzhTVZR.exe
  2⤵
  PID:7760
- C:\Windows\System\cioNLFl.exe
  C:\Windows\System\cioNLFl.exe
  2⤵
  PID:7776
- C:\Windows\System\JvkVpMM.exe
  C:\Windows\System\JvkVpMM.exe
  2⤵
  PID:7804
- C:\Windows\System\evcNIYC.exe
  C:\Windows\System\evcNIYC.exe
  2⤵
  PID:7824
- C:\Windows\System\fILwcaK.exe
  C:\Windows\System\fILwcaK.exe
  2⤵
  PID:7844
- C:\Windows\System\xkpnRig.exe
  C:\Windows\System\xkpnRig.exe
  2⤵
  PID:7864
- C:\Windows\System\ANELSon.exe
  C:\Windows\System\ANELSon.exe
  2⤵
  PID:7884
- C:\Windows\System\bSTzDQO.exe
  C:\Windows\System\bSTzDQO.exe
  2⤵
  PID:7904
- C:\Windows\System\DVUlJdq.exe
  C:\Windows\System\DVUlJdq.exe
  2⤵
  PID:7924
- C:\Windows\System\CTjxnuo.exe
  C:\Windows\System\CTjxnuo.exe
  2⤵
  PID:7944
- C:\Windows\System\faNkWHA.exe
  C:\Windows\System\faNkWHA.exe
  2⤵
  PID:7960
- C:\Windows\System\dbzchRj.exe
  C:\Windows\System\dbzchRj.exe
  2⤵
  PID:7984
- C:\Windows\System\bLLDNwR.exe
  C:\Windows\System\bLLDNwR.exe
  2⤵
  PID:8000
- C:\Windows\System\UFkmrrT.exe
  C:\Windows\System\UFkmrrT.exe
  2⤵
  PID:8024
- C:\Windows\System\jGATphg.exe
  C:\Windows\System\jGATphg.exe
  2⤵
  PID:8040
- C:\Windows\System\shpkkHz.exe
  C:\Windows\System\shpkkHz.exe
  2⤵
  PID:8060
- C:\Windows\System\BoMjyes.exe
  C:\Windows\System\BoMjyes.exe
  2⤵
  PID:8084
- C:\Windows\System\imypGWT.exe
  C:\Windows\System\imypGWT.exe
  2⤵
  PID:8104
- C:\Windows\System\mIvCsNf.exe
  C:\Windows\System\mIvCsNf.exe
  2⤵
  PID:8124
- C:\Windows\System\xkShfQY.exe
  C:\Windows\System\xkShfQY.exe
  2⤵
  PID:8144
- C:\Windows\System\OkFDtRJ.exe
  C:\Windows\System\OkFDtRJ.exe
  2⤵
  PID:8164
- C:\Windows\System\XbEzbea.exe
  C:\Windows\System\XbEzbea.exe
  2⤵
  PID:8184
- C:\Windows\System\spGaNTq.exe
  C:\Windows\System\spGaNTq.exe
  2⤵
  PID:2116
- C:\Windows\System\dbFRfZO.exe
  C:\Windows\System\dbFRfZO.exe
  2⤵
  PID:6992
- C:\Windows\System\YJPeofw.exe
  C:\Windows\System\YJPeofw.exe
  2⤵
  PID:5672
- C:\Windows\System\ahHresb.exe
  C:\Windows\System\ahHresb.exe
  2⤵
  PID:4644
- C:\Windows\System\HqMZMnF.exe
  C:\Windows\System\HqMZMnF.exe
  2⤵
  PID:5396
- C:\Windows\System\ETMnISj.exe
  C:\Windows\System\ETMnISj.exe
  2⤵
  PID:6224
- C:\Windows\System\YIWjrFv.exe
  C:\Windows\System\YIWjrFv.exe
  2⤵
  PID:6244
- C:\Windows\System\WRKVCXZ.exe
  C:\Windows\System\WRKVCXZ.exe
  2⤵
  PID:6588
- C:\Windows\System\wTZvUTt.exe
  C:\Windows\System\wTZvUTt.exe
  2⤵
  PID:6824
- C:\Windows\System\rpgweIL.exe
  C:\Windows\System\rpgweIL.exe
  2⤵
  PID:6908
- C:\Windows\System\LLdJXri.exe
  C:\Windows\System\LLdJXri.exe
  2⤵
  PID:6788
- C:\Windows\System\FWpMgEI.exe
  C:\Windows\System\FWpMgEI.exe
  2⤵
  PID:7212
- C:\Windows\System\AuKoaur.exe
  C:\Windows\System\AuKoaur.exe
  2⤵
  PID:7256
- C:\Windows\System\Yrxgphq.exe
  C:\Windows\System\Yrxgphq.exe
  2⤵
  PID:7288
- C:\Windows\System\dRWqCRp.exe
  C:\Windows\System\dRWqCRp.exe
  2⤵
  PID:7316
- C:\Windows\System\APiICbN.exe
  C:\Windows\System\APiICbN.exe
  2⤵
  PID:7368
- C:\Windows\System\kfdZLfz.exe
  C:\Windows\System\kfdZLfz.exe
  2⤵
  PID:7408
- C:\Windows\System\JyWlotr.exe
  C:\Windows\System\JyWlotr.exe
  2⤵
  PID:7412
- C:\Windows\System\xUGexEd.exe
  C:\Windows\System\xUGexEd.exe
  2⤵
  PID:7432
- C:\Windows\System\nbmwiFd.exe
  C:\Windows\System\nbmwiFd.exe
  2⤵
  PID:7476
- C:\Windows\System\eQjzqcw.exe
  C:\Windows\System\eQjzqcw.exe
  2⤵
  PID:7536
- C:\Windows\System\drXtIVK.exe
  C:\Windows\System\drXtIVK.exe
  2⤵
  PID:7552
- C:\Windows\System\cGWHHJK.exe
  C:\Windows\System\cGWHHJK.exe
  2⤵
  PID:7572
- C:\Windows\System\paVUJOl.exe
  C:\Windows\System\paVUJOl.exe
  2⤵
  PID:7596
- C:\Windows\System\BHVUaRA.exe
  C:\Windows\System\BHVUaRA.exe
  2⤵
  PID:7656
- C:\Windows\System\vlbXFCc.exe
  C:\Windows\System\vlbXFCc.exe
  2⤵
  PID:2576
- C:\Windows\System\BhcnobB.exe
  C:\Windows\System\BhcnobB.exe
  2⤵
  PID:7668
- C:\Windows\System\alFxdbW.exe
  C:\Windows\System\alFxdbW.exe
  2⤵
  PID:7768
- C:\Windows\System\dXyhEol.exe
  C:\Windows\System\dXyhEol.exe
  2⤵
  PID:7792
- C:\Windows\System\qtotsxm.exe
  C:\Windows\System\qtotsxm.exe
  2⤵
  PID:7812
- C:\Windows\System\vNdMVnK.exe
  C:\Windows\System\vNdMVnK.exe
  2⤵
  PID:7856
- C:\Windows\System\LUzbQna.exe
  C:\Windows\System\LUzbQna.exe
  2⤵
  PID:7836
- C:\Windows\System\coemWkn.exe
  C:\Windows\System\coemWkn.exe
  2⤵
  PID:7896
- C:\Windows\System\yqGUjIu.exe
  C:\Windows\System\yqGUjIu.exe
  2⤵
  PID:7920
- C:\Windows\System\GBmFsRZ.exe
  C:\Windows\System\GBmFsRZ.exe
  2⤵
  PID:7956
- C:\Windows\System\imVzbsk.exe
  C:\Windows\System\imVzbsk.exe
  2⤵
  PID:8020
- C:\Windows\System\SWkfcwo.exe
  C:\Windows\System\SWkfcwo.exe
  2⤵
  PID:2904
- C:\Windows\System\DCIjeCn.exe
  C:\Windows\System\DCIjeCn.exe
  2⤵
  PID:8032
- C:\Windows\System\jSfMKSz.exe
  C:\Windows\System\jSfMKSz.exe
  2⤵
  PID:8076
- C:\Windows\System\mkEiUbo.exe
  C:\Windows\System\mkEiUbo.exe
  2⤵
  PID:2396
- C:\Windows\System\BIsnCaz.exe
  C:\Windows\System\BIsnCaz.exe
  2⤵
  PID:8120
- C:\Windows\System\PkRcfFi.exe
  C:\Windows\System\PkRcfFi.exe
  2⤵
  PID:8160
- C:\Windows\System\lsvXlXr.exe
  C:\Windows\System\lsvXlXr.exe
  2⤵
  PID:6964
- C:\Windows\System\RYXHTEE.exe
  C:\Windows\System\RYXHTEE.exe
  2⤵
  PID:2980
- C:\Windows\System\TavVmQR.exe
  C:\Windows\System\TavVmQR.exe
  2⤵
  PID:7112
- C:\Windows\System\UjrlTgZ.exe
  C:\Windows\System\UjrlTgZ.exe
  2⤵
  PID:5188
- C:\Windows\System\ojPZXck.exe
  C:\Windows\System\ojPZXck.exe
  2⤵
  PID:6424
- C:\Windows\System\BjkbrVZ.exe
  C:\Windows\System\BjkbrVZ.exe
  2⤵
  PID:6584
- C:\Windows\System\tfBFQTm.exe
  C:\Windows\System\tfBFQTm.exe
  2⤵
  PID:6468
- C:\Windows\System\fsFRddV.exe
  C:\Windows\System\fsFRddV.exe
  2⤵
  PID:6780
- C:\Windows\System\lYFdTTb.exe
  C:\Windows\System\lYFdTTb.exe
  2⤵
  PID:7236
- C:\Windows\System\gnXxXJG.exe
  C:\Windows\System\gnXxXJG.exe
  2⤵
  PID:7332
- C:\Windows\System\nbtVwrs.exe
  C:\Windows\System\nbtVwrs.exe
  2⤵
  PID:7416
- C:\Windows\System\bnSbrQH.exe
  C:\Windows\System\bnSbrQH.exe
  2⤵
  PID:2788
- C:\Windows\System\rpKBGlH.exe
  C:\Windows\System\rpKBGlH.exe
  2⤵
  PID:7468
- C:\Windows\System\dAIpysC.exe
  C:\Windows\System\dAIpysC.exe
  2⤵
  PID:7648
- C:\Windows\System\UinArgu.exe
  C:\Windows\System\UinArgu.exe
  2⤵
  PID:7548
- C:\Windows\System\WdKUTDy.exe
  C:\Windows\System\WdKUTDy.exe
  2⤵
  PID:7628
- C:\Windows\System\SyjpSZo.exe
  C:\Windows\System\SyjpSZo.exe
  2⤵
  PID:7696
- C:\Windows\System\oFnBACr.exe
  C:\Windows\System\oFnBACr.exe
  2⤵
  PID:672
- C:\Windows\System\uAfkyGP.exe
  C:\Windows\System\uAfkyGP.exe
  2⤵
  PID:7788
- C:\Windows\System\YdVjKRN.exe
  C:\Windows\System\YdVjKRN.exe
  2⤵
  PID:7800
- C:\Windows\System\OuOZFUG.exe
  C:\Windows\System\OuOZFUG.exe
  2⤵
  PID:7840
- C:\Windows\System\fEpfcHb.exe
  C:\Windows\System\fEpfcHb.exe
  2⤵
  PID:7852
- C:\Windows\System\rCDwrFn.exe
  C:\Windows\System\rCDwrFn.exe
  2⤵
  PID:2688
- C:\Windows\System\ROphDTu.exe
  C:\Windows\System\ROphDTu.exe
  2⤵
  PID:7968
- C:\Windows\System\UPrQimX.exe
  C:\Windows\System\UPrQimX.exe
  2⤵
  PID:8008
- C:\Windows\System\xKHmVyb.exe
  C:\Windows\System\xKHmVyb.exe
  2⤵
  PID:8072
- C:\Windows\System\mZiFvWt.exe
  C:\Windows\System\mZiFvWt.exe
  2⤵
  PID:8136
- C:\Windows\System\SLhmKAj.exe
  C:\Windows\System\SLhmKAj.exe
  2⤵
  PID:8172
- C:\Windows\System\alCNAJk.exe
  C:\Windows\System\alCNAJk.exe
  2⤵
  PID:8180
- C:\Windows\System\XzJoRst.exe
  C:\Windows\System\XzJoRst.exe
  2⤵
  PID:6104
- C:\Windows\System\VOphDCS.exe
  C:\Windows\System\VOphDCS.exe
  2⤵
  PID:5732
- C:\Windows\System\ApmlDNa.exe
  C:\Windows\System\ApmlDNa.exe
  2⤵
  PID:876
- C:\Windows\System\lzSYamU.exe
  C:\Windows\System\lzSYamU.exe
  2⤵
  PID:2504
- C:\Windows\System\MDezHrX.exe
  C:\Windows\System\MDezHrX.exe
  2⤵
  PID:7196
- C:\Windows\System\oxYXaft.exe
  C:\Windows\System\oxYXaft.exe
  2⤵
  PID:2692
- C:\Windows\System\PlWVGpn.exe
  C:\Windows\System\PlWVGpn.exe
  2⤵
  PID:2676
- C:\Windows\System\CZGPBVP.exe
  C:\Windows\System\CZGPBVP.exe
  2⤵
  PID:7396
- C:\Windows\System\AgiJSoQ.exe
  C:\Windows\System\AgiJSoQ.exe
  2⤵
  PID:1392
- C:\Windows\System\LUMosGB.exe
  C:\Windows\System\LUMosGB.exe
  2⤵
  PID:1700
- C:\Windows\System\WcWdFyF.exe
  C:\Windows\System\WcWdFyF.exe
  2⤵
  PID:2992
- C:\Windows\System\EVYrpJh.exe
  C:\Windows\System\EVYrpJh.exe
  2⤵
  PID:824
- C:\Windows\System\JcvEOXo.exe
  C:\Windows\System\JcvEOXo.exe
  2⤵
  PID:7576
- C:\Windows\System\njYVOsG.exe
  C:\Windows\System\njYVOsG.exe
  2⤵
  PID:2896
- C:\Windows\System\iIsjydy.exe
  C:\Windows\System\iIsjydy.exe
  2⤵
  PID:7672
- C:\Windows\System\RwAfSdo.exe
  C:\Windows\System\RwAfSdo.exe
  2⤵
  PID:2192
- C:\Windows\System\ltYGEgM.exe
  C:\Windows\System\ltYGEgM.exe
  2⤵
  PID:7952
- C:\Windows\System\egsgAab.exe
  C:\Windows\System\egsgAab.exe
  2⤵
  PID:7900
- C:\Windows\System\dWLbJpx.exe
  C:\Windows\System\dWLbJpx.exe
  2⤵
  PID:2832
- C:\Windows\System\hLVkogy.exe
  C:\Windows\System\hLVkogy.exe
  2⤵
  PID:8096
- C:\Windows\System\NrgnSMR.exe
  C:\Windows\System\NrgnSMR.exe
  2⤵
  PID:2876
- C:\Windows\System\ATFyRuN.exe
  C:\Windows\System\ATFyRuN.exe
  2⤵
  PID:6968
- C:\Windows\System\KAocAJZ.exe
  C:\Windows\System\KAocAJZ.exe
  2⤵
  PID:2256
- C:\Windows\System\uJSWVwk.exe
  C:\Windows\System\uJSWVwk.exe
  2⤵
  PID:2428
- C:\Windows\System\jbFIyTd.exe
  C:\Windows\System\jbFIyTd.exe
  2⤵
  PID:1412
- C:\Windows\System\hIhCjqP.exe
  C:\Windows\System\hIhCjqP.exe
  2⤵
  PID:7352
- C:\Windows\System\PBcClGx.exe
  C:\Windows\System\PBcClGx.exe
  2⤵
  PID:2556
- C:\Windows\System\aFHvojX.exe
  C:\Windows\System\aFHvojX.exe
  2⤵
  PID:1900
- C:\Windows\System\VVtGWLY.exe
  C:\Windows\System\VVtGWLY.exe
  2⤵
  PID:332
- C:\Windows\System\qXDwxOm.exe
  C:\Windows\System\qXDwxOm.exe
  2⤵
  PID:2200
- C:\Windows\System\EKYlnmw.exe
  C:\Windows\System\EKYlnmw.exe
  2⤵
  PID:544
- C:\Windows\System\ZyAEFSH.exe
  C:\Windows\System\ZyAEFSH.exe
  2⤵
  PID:2820
- C:\Windows\System\iPdoRVU.exe
  C:\Windows\System\iPdoRVU.exe
  2⤵
  PID:7084
- C:\Windows\System\pBscCPt.exe
  C:\Windows\System\pBscCPt.exe
  2⤵
  PID:7632
- C:\Windows\System\fJPFcQC.exe
  C:\Windows\System\fJPFcQC.exe
  2⤵
  PID:8140
- C:\Windows\System\FlTEwsF.exe
  C:\Windows\System\FlTEwsF.exe
  2⤵
  PID:6288
- C:\Windows\System\WJyAMPN.exe
  C:\Windows\System\WJyAMPN.exe
  2⤵
  PID:828
- C:\Windows\System\HFdqqKu.exe
  C:\Windows\System\HFdqqKu.exe
  2⤵
  PID:2084
- C:\Windows\System\wAlHijY.exe
  C:\Windows\System\wAlHijY.exe
  2⤵
  PID:400
- C:\Windows\System\osLrajb.exe
  C:\Windows\System\osLrajb.exe
  2⤵
  PID:980
- C:\Windows\System\uPdqpSP.exe
  C:\Windows\System\uPdqpSP.exe
  2⤵
  PID:7556
- C:\Windows\System\hMzfDzi.exe
  C:\Windows\System\hMzfDzi.exe
  2⤵
  PID:7832
- C:\Windows\System\SZuzUqC.exe
  C:\Windows\System\SZuzUqC.exe
  2⤵
  PID:7428
- C:\Windows\System\FrHPxcp.exe
  C:\Windows\System\FrHPxcp.exe
  2⤵
  PID:7612
- C:\Windows\System\CSIFEhS.exe
  C:\Windows\System\CSIFEhS.exe
  2⤵
  PID:1680
- C:\Windows\System\EhkXUSj.exe
  C:\Windows\System\EhkXUSj.exe
  2⤵
  PID:1148
- C:\Windows\System\SVeotWj.exe
  C:\Windows\System\SVeotWj.exe
  2⤵
  PID:6428
- C:\Windows\System\lfSfvaE.exe
  C:\Windows\System\lfSfvaE.exe
  2⤵
  PID:7972
- C:\Windows\System\QgRmsjS.exe
  C:\Windows\System\QgRmsjS.exe
  2⤵
  PID:7616
- C:\Windows\System\pdaMygK.exe
  C:\Windows\System\pdaMygK.exe
  2⤵
  PID:2376
- C:\Windows\System\vbnQkss.exe
  C:\Windows\System\vbnQkss.exe
  2⤵
  PID:8196
- C:\Windows\System\ogbdekB.exe
  C:\Windows\System\ogbdekB.exe
  2⤵
  PID:8212
- C:\Windows\System\cewQvfl.exe
  C:\Windows\System\cewQvfl.exe
  2⤵
  PID:8228
- C:\Windows\System\gUFfqyz.exe
  C:\Windows\System\gUFfqyz.exe
  2⤵
  PID:8244
- C:\Windows\System\xGCWBlu.exe
  C:\Windows\System\xGCWBlu.exe
  2⤵
  PID:8260
- C:\Windows\System\NXjjGWp.exe
  C:\Windows\System\NXjjGWp.exe
  2⤵
  PID:8276
- C:\Windows\System\LeEBPbx.exe
  C:\Windows\System\LeEBPbx.exe
  2⤵
  PID:8292
- C:\Windows\System\pmtxfbH.exe
  C:\Windows\System\pmtxfbH.exe
  2⤵
  PID:8308
- C:\Windows\System\IDkNhNH.exe
  C:\Windows\System\IDkNhNH.exe
  2⤵
  PID:8324
- C:\Windows\System\wvRHQrH.exe
  C:\Windows\System\wvRHQrH.exe
  2⤵
  PID:8340
- C:\Windows\System\LzfJlUB.exe
  C:\Windows\System\LzfJlUB.exe
  2⤵
  PID:8360
- C:\Windows\System\PtqzSzU.exe
  C:\Windows\System\PtqzSzU.exe
  2⤵
  PID:8380
- C:\Windows\System\BfMkuSg.exe
  C:\Windows\System\BfMkuSg.exe
  2⤵
  PID:8396
- C:\Windows\System\uFyHiVL.exe
  C:\Windows\System\uFyHiVL.exe
  2⤵
  PID:8424
- C:\Windows\System\uCxFGyZ.exe
  C:\Windows\System\uCxFGyZ.exe
  2⤵
  PID:8440
- C:\Windows\System\EZmCcah.exe
  C:\Windows\System\EZmCcah.exe
  2⤵
  PID:8480
- C:\Windows\System\UDYGFCf.exe
  C:\Windows\System\UDYGFCf.exe
  2⤵
  PID:8508
- C:\Windows\System\IRpYgMO.exe
  C:\Windows\System\IRpYgMO.exe
  2⤵
  PID:8528
- C:\Windows\System\aGrOqvL.exe
  C:\Windows\System\aGrOqvL.exe
  2⤵
  PID:8544
- C:\Windows\System\SVNzpCK.exe
  C:\Windows\System\SVNzpCK.exe
  2⤵
  PID:8560
- C:\Windows\System\LREoeHs.exe
  C:\Windows\System\LREoeHs.exe
  2⤵
  PID:8576
- C:\Windows\System\egWIByg.exe
  C:\Windows\System\egWIByg.exe
  2⤵
  PID:8592
- C:\Windows\System\CyVcxpU.exe
  C:\Windows\System\CyVcxpU.exe
  2⤵
  PID:8608
- C:\Windows\System\lUMceaN.exe
  C:\Windows\System\lUMceaN.exe
  2⤵
  PID:8624
- C:\Windows\System\rMqYbYt.exe
  C:\Windows\System\rMqYbYt.exe
  2⤵
  PID:8640
- C:\Windows\System\cmjyZdU.exe
  C:\Windows\System\cmjyZdU.exe
  2⤵
  PID:8656
- C:\Windows\System\iIscEJF.exe
  C:\Windows\System\iIscEJF.exe
  2⤵
  PID:8684
- C:\Windows\System\oPcIwKY.exe
  C:\Windows\System\oPcIwKY.exe
  2⤵
  PID:8708
- C:\Windows\System\zmIHzwZ.exe
  C:\Windows\System\zmIHzwZ.exe
  2⤵
  PID:8724
- C:\Windows\System\xJijuvj.exe
  C:\Windows\System\xJijuvj.exe
  2⤵
  PID:8740
- C:\Windows\System\StRZGBP.exe
  C:\Windows\System\StRZGBP.exe
  2⤵
  PID:8756
- C:\Windows\System\ecsAQIY.exe
  C:\Windows\System\ecsAQIY.exe
  2⤵
  PID:8772
- C:\Windows\System\FqAXmYM.exe
  C:\Windows\System\FqAXmYM.exe
  2⤵
  PID:8788
- C:\Windows\System\KRNfLMn.exe
  C:\Windows\System\KRNfLMn.exe
  2⤵
  PID:8804
- C:\Windows\System\XrrwoJi.exe
  C:\Windows\System\XrrwoJi.exe
  2⤵
  PID:8820
- C:\Windows\System\oYqIlDR.exe
  C:\Windows\System\oYqIlDR.exe
  2⤵
  PID:8836
- C:\Windows\System\TDekYQR.exe
  C:\Windows\System\TDekYQR.exe
  2⤵
  PID:8852
- C:\Windows\System\VPTojBE.exe
  C:\Windows\System\VPTojBE.exe
  2⤵
  PID:8868
- C:\Windows\System\jLFyHyB.exe
  C:\Windows\System\jLFyHyB.exe
  2⤵
  PID:8884
- C:\Windows\System\ADRVZtq.exe
  C:\Windows\System\ADRVZtq.exe
  2⤵
  PID:8900
- C:\Windows\System\oyagFUx.exe
  C:\Windows\System\oyagFUx.exe
  2⤵
  PID:8916
- C:\Windows\System\nDaAXnw.exe
  C:\Windows\System\nDaAXnw.exe
  2⤵
  PID:8932
- C:\Windows\System\mDpNbMD.exe
  C:\Windows\System\mDpNbMD.exe
  2⤵
  PID:8948
- C:\Windows\System\stQqyvU.exe
  C:\Windows\System\stQqyvU.exe
  2⤵
  PID:8968
- C:\Windows\System\ijCqfcw.exe
  C:\Windows\System\ijCqfcw.exe
  2⤵
  PID:8984
- C:\Windows\System\AhGQtyJ.exe
  C:\Windows\System\AhGQtyJ.exe
  2⤵
  PID:9000
- C:\Windows\System\DGNkuBc.exe
  C:\Windows\System\DGNkuBc.exe
  2⤵
  PID:9016
- C:\Windows\System\ktBZbKS.exe
  C:\Windows\System\ktBZbKS.exe
  2⤵
  PID:9032
- C:\Windows\System\zMUyGfs.exe
  C:\Windows\System\zMUyGfs.exe
  2⤵
  PID:9048
- C:\Windows\System\OLtDmnb.exe
  C:\Windows\System\OLtDmnb.exe
  2⤵
  PID:9064
- C:\Windows\System\ushBSwN.exe
  C:\Windows\System\ushBSwN.exe
  2⤵
  PID:9080
- C:\Windows\System\XlohNbo.exe
  C:\Windows\System\XlohNbo.exe
  2⤵
  PID:9096
- C:\Windows\System\cuYPjZk.exe
  C:\Windows\System\cuYPjZk.exe
  2⤵
  PID:9112
- C:\Windows\System\bszYfSB.exe
  C:\Windows\System\bszYfSB.exe
  2⤵
  PID:9132
- C:\Windows\System\kPJtOpM.exe
  C:\Windows\System\kPJtOpM.exe
  2⤵
  PID:9148
- C:\Windows\System\dTEMcjN.exe
  C:\Windows\System\dTEMcjN.exe
  2⤵
  PID:8268
- C:\Windows\System\ZBYtwEl.exe
  C:\Windows\System\ZBYtwEl.exe
  2⤵
  PID:8320
- C:\Windows\System\xSYzhfG.exe
  C:\Windows\System\xSYzhfG.exe
  2⤵
  PID:8332
- C:\Windows\System\KLhsGyN.exe
  C:\Windows\System\KLhsGyN.exe
  2⤵
  PID:8356
- C:\Windows\System\rjYDtvH.exe
  C:\Windows\System\rjYDtvH.exe
  2⤵
  PID:8404
- C:\Windows\System\CbtzWOq.exe
  C:\Windows\System\CbtzWOq.exe
  2⤵
  PID:8388
- C:\Windows\System\vTedKrm.exe
  C:\Windows\System\vTedKrm.exe
  2⤵
  PID:8432
- C:\Windows\System\HIKMutl.exe
  C:\Windows\System\HIKMutl.exe
  2⤵
  PID:8476
- C:\Windows\System\RihYawA.exe
  C:\Windows\System\RihYawA.exe
  2⤵
  PID:8496
- C:\Windows\System\olUASxE.exe
  C:\Windows\System\olUASxE.exe
  2⤵
  PID:8524
- C:\Windows\System\obKqlgu.exe
  C:\Windows\System\obKqlgu.exe
  2⤵
  PID:8556
- C:\Windows\System\sWFOHZd.exe
  C:\Windows\System\sWFOHZd.exe
  2⤵
  PID:8648
- C:\Windows\System\DBJBKYs.exe
  C:\Windows\System\DBJBKYs.exe
  2⤵
  PID:8568
- C:\Windows\System\egBnqPE.exe
  C:\Windows\System\egBnqPE.exe
  2⤵
  PID:8676
- C:\Windows\System\bqUxMqW.exe
  C:\Windows\System\bqUxMqW.exe
  2⤵
  PID:8732
- C:\Windows\System\AgZAypm.exe
  C:\Windows\System\AgZAypm.exe
  2⤵
  PID:8832
- C:\Windows\System\igiyEHk.exe
  C:\Windows\System\igiyEHk.exe
  2⤵
  PID:8896
- C:\Windows\System\ufocrgb.exe
  C:\Windows\System\ufocrgb.exe
  2⤵
  PID:8960
- C:\Windows\System\KOlMInD.exe
  C:\Windows\System\KOlMInD.exe
  2⤵
  PID:8976
- C:\Windows\System\UVDoGvB.exe
  C:\Windows\System\UVDoGvB.exe
  2⤵
  PID:9108
- C:\Windows\System\FxsSkLw.exe
  C:\Windows\System\FxsSkLw.exe
  2⤵
  PID:8996
- C:\Windows\System\SEtXONN.exe
  C:\Windows\System\SEtXONN.exe
  2⤵
  PID:9060
- C:\Windows\System\uAyoVas.exe
  C:\Windows\System\uAyoVas.exe
  2⤵
  PID:8352
- C:\Windows\System\ahEYeIF.exe
  C:\Windows\System\ahEYeIF.exe
  2⤵
  PID:8256
- C:\Windows\System\PWWGBLD.exe
  C:\Windows\System\PWWGBLD.exe
  2⤵
  PID:9176
- C:\Windows\System\XcRioAH.exe
  C:\Windows\System\XcRioAH.exe
  2⤵
  PID:9204
- C:\Windows\System\vDumiFw.exe
  C:\Windows\System\vDumiFw.exe
  2⤵
  PID:8204
- C:\Windows\System\QZcNDAW.exe
  C:\Windows\System\QZcNDAW.exe
  2⤵
  PID:2736
- C:\Windows\System\plHEgcr.exe
  C:\Windows\System\plHEgcr.exe
  2⤵
  PID:8336
- C:\Windows\System\vtNcpcm.exe
  C:\Windows\System\vtNcpcm.exe
  2⤵
  PID:8416
- C:\Windows\System\IFXdLUu.exe
  C:\Windows\System\IFXdLUu.exe
  2⤵
  PID:8464
- C:\Windows\System\wdexAoz.exe
  C:\Windows\System\wdexAoz.exe
  2⤵
  PID:8616
- C:\Windows\System\dnvTFiL.exe
  C:\Windows\System\dnvTFiL.exe
  2⤵
  PID:8488
- C:\Windows\System\nPBsmiH.exe
  C:\Windows\System\nPBsmiH.exe
  2⤵
  PID:8492
- C:\Windows\System\hMNuzIc.exe
  C:\Windows\System\hMNuzIc.exe
  2⤵
  PID:9124
- C:\Windows\System\SvBjyoJ.exe
  C:\Windows\System\SvBjyoJ.exe
  2⤵
  PID:8636
- C:\Windows\System\LEZMKqJ.exe
  C:\Windows\System\LEZMKqJ.exe
  2⤵
  PID:8720
- C:\Windows\System\agFgEhB.exe
  C:\Windows\System\agFgEhB.exe
  2⤵
  PID:8704
- C:\Windows\System\kUgPrFl.exe
  C:\Windows\System\kUgPrFl.exe
  2⤵
  PID:8812
- C:\Windows\System\AZwiTYX.exe
  C:\Windows\System\AZwiTYX.exe
  2⤵
  PID:8864
- C:\Windows\System\GnTnxjj.exe
  C:\Windows\System\GnTnxjj.exe
  2⤵
  PID:8748
- C:\Windows\System\FIxrYQw.exe
  C:\Windows\System\FIxrYQw.exe
  2⤵
  PID:8908
- C:\Windows\System\MBKfCGE.exe
  C:\Windows\System\MBKfCGE.exe
  2⤵
  PID:8848
- C:\Windows\System\FmSEuXK.exe
  C:\Windows\System\FmSEuXK.exe
  2⤵
  PID:9072
- C:\Windows\System\NthIBTG.exe
  C:\Windows\System\NthIBTG.exe
  2⤵
  PID:9156
- C:\Windows\System\tkqqvOU.exe
  C:\Windows\System\tkqqvOU.exe
  2⤵
  PID:9120
- C:\Windows\System\SgZGVOP.exe
  C:\Windows\System\SgZGVOP.exe
  2⤵
  PID:9212
- C:\Windows\System\NcTOEII.exe
  C:\Windows\System\NcTOEII.exe
  2⤵
  PID:9196
- C:\Windows\System\XgIsARK.exe
  C:\Windows\System\XgIsARK.exe
  2⤵
  PID:9184
- C:\Windows\System\DNrFTPw.exe
  C:\Windows\System\DNrFTPw.exe
  2⤵
  PID:8456
- C:\Windows\System\iZfRlSa.exe
  C:\Windows\System\iZfRlSa.exe
  2⤵
  PID:8716
- C:\Windows\System\rHFDlNh.exe
  C:\Windows\System\rHFDlNh.exe
  2⤵
  PID:9232
- C:\Windows\System\mEPeFCt.exe
  C:\Windows\System\mEPeFCt.exe
  2⤵
  PID:9248
- C:\Windows\System\FAyfeNN.exe
  C:\Windows\System\FAyfeNN.exe
  2⤵
  PID:9264
- C:\Windows\System\JzUjrPp.exe
  C:\Windows\System\JzUjrPp.exe
  2⤵
  PID:9280
- C:\Windows\System\hNWdmzd.exe
  C:\Windows\System\hNWdmzd.exe
  2⤵
  PID:9296
- C:\Windows\System\yQhpeVU.exe
  C:\Windows\System\yQhpeVU.exe
  2⤵
  PID:9312
- C:\Windows\System\CyjaGbg.exe
  C:\Windows\System\CyjaGbg.exe
  2⤵
  PID:9344
- C:\Windows\System\clJckVF.exe
  C:\Windows\System\clJckVF.exe
  2⤵
  PID:9360
- C:\Windows\System\VWJZxJe.exe
  C:\Windows\System\VWJZxJe.exe
  2⤵
  PID:9380
- C:\Windows\System\pOGNfGZ.exe
  C:\Windows\System\pOGNfGZ.exe
  2⤵
  PID:9396
- C:\Windows\System\pwGoIBT.exe
  C:\Windows\System\pwGoIBT.exe
  2⤵
  PID:9412
- C:\Windows\System\WuowZOw.exe
  C:\Windows\System\WuowZOw.exe
  2⤵
  PID:9428
- C:\Windows\System\fcvPica.exe
  C:\Windows\System\fcvPica.exe
  2⤵
  PID:9444
- C:\Windows\System\rNqYJoD.exe
  C:\Windows\System\rNqYJoD.exe
  2⤵
  PID:9460
- C:\Windows\System\KTyayaW.exe
  C:\Windows\System\KTyayaW.exe
  2⤵
  PID:9476
- C:\Windows\System\vvvwFdc.exe
  C:\Windows\System\vvvwFdc.exe
  2⤵
  PID:9492
- C:\Windows\System\yXWHFjy.exe
  C:\Windows\System\yXWHFjy.exe
  2⤵
  PID:9508
- C:\Windows\System\GybYMjD.exe
  C:\Windows\System\GybYMjD.exe
  2⤵
  PID:9524
- C:\Windows\System\nJmTqtC.exe
  C:\Windows\System\nJmTqtC.exe
  2⤵
  PID:9540
- C:\Windows\System\AdGOWCr.exe
  C:\Windows\System\AdGOWCr.exe
  2⤵
  PID:9556
- C:\Windows\System\gBcMXBE.exe
  C:\Windows\System\gBcMXBE.exe
  2⤵
  PID:9572
- C:\Windows\System\ROJzMJM.exe
  C:\Windows\System\ROJzMJM.exe
  2⤵
  PID:9588
- C:\Windows\System\zcJfcke.exe
  C:\Windows\System\zcJfcke.exe
  2⤵
  PID:9604
- C:\Windows\System\ZvHSrMD.exe
  C:\Windows\System\ZvHSrMD.exe
  2⤵
  PID:9620
- C:\Windows\System\ywetpXL.exe
  C:\Windows\System\ywetpXL.exe
  2⤵
  PID:9640
- C:\Windows\System\jLPkBdk.exe
  C:\Windows\System\jLPkBdk.exe
  2⤵
  PID:9656
- C:\Windows\System\ZuKKTAt.exe
  C:\Windows\System\ZuKKTAt.exe
  2⤵
  PID:9672
- C:\Windows\System\kchbHKp.exe
  C:\Windows\System\kchbHKp.exe
  2⤵
  PID:9688
- C:\Windows\System\bPoVkqs.exe
  C:\Windows\System\bPoVkqs.exe
  2⤵
  PID:9704
- C:\Windows\System\eEEHqDI.exe
  C:\Windows\System\eEEHqDI.exe
  2⤵
  PID:9720
- C:\Windows\System\LWMHrDR.exe
  C:\Windows\System\LWMHrDR.exe
  2⤵
  PID:9736
- C:\Windows\System\VnzXQaC.exe
  C:\Windows\System\VnzXQaC.exe
  2⤵
  PID:9752
- C:\Windows\System\IrTGkqT.exe
  C:\Windows\System\IrTGkqT.exe
  2⤵
  PID:9780
- C:\Windows\System\XSYHtxU.exe
  C:\Windows\System\XSYHtxU.exe
  2⤵
  PID:9796
- C:\Windows\System\LqNHMoO.exe
  C:\Windows\System\LqNHMoO.exe
  2⤵
  PID:9840
- C:\Windows\System\hhSpFDc.exe
  C:\Windows\System\hhSpFDc.exe
  2⤵
  PID:9860
- C:\Windows\System\fNloOIy.exe
  C:\Windows\System\fNloOIy.exe
  2⤵
  PID:9896
- C:\Windows\System\JeaCIoy.exe
  C:\Windows\System\JeaCIoy.exe
  2⤵
  PID:9912
- C:\Windows\System\CrErceA.exe
  C:\Windows\System\CrErceA.exe
  2⤵
  PID:9948
- C:\Windows\System\EimCHIC.exe
  C:\Windows\System\EimCHIC.exe
  2⤵
  PID:9968
- C:\Windows\System\oaWbJZj.exe
  C:\Windows\System\oaWbJZj.exe
  2⤵
  PID:9988
- C:\Windows\System\yGQIiBl.exe
  C:\Windows\System\yGQIiBl.exe
  2⤵
  PID:10004
- C:\Windows\System\dhYOsgE.exe
  C:\Windows\System\dhYOsgE.exe
  2⤵
  PID:10024
- C:\Windows\System\uALtpGn.exe
  C:\Windows\System\uALtpGn.exe
  2⤵
  PID:10040
- C:\Windows\System\IEEvZdD.exe
  C:\Windows\System\IEEvZdD.exe
  2⤵
  PID:10056
- C:\Windows\System\WojlhMv.exe
  C:\Windows\System\WojlhMv.exe
  2⤵
  PID:10072
- C:\Windows\System\OdhqNVv.exe
  C:\Windows\System\OdhqNVv.exe
  2⤵
  PID:10088
- C:\Windows\System\PnVgstk.exe
  C:\Windows\System\PnVgstk.exe
  2⤵
  PID:10108
- C:\Windows\System\RwKiGLH.exe
  C:\Windows\System\RwKiGLH.exe
  2⤵
  PID:10124
- C:\Windows\System\DBBrDav.exe
  C:\Windows\System\DBBrDav.exe
  2⤵
  PID:10144
- C:\Windows\System\WztTTpl.exe
  C:\Windows\System\WztTTpl.exe
  2⤵
  PID:10164
- C:\Windows\System\LiaitHN.exe
  C:\Windows\System\LiaitHN.exe
  2⤵
  PID:10196
- C:\Windows\System\XilBMdW.exe
  C:\Windows\System\XilBMdW.exe
  2⤵
  PID:10212
- C:\Windows\System\xUOXrXA.exe
  C:\Windows\System\xUOXrXA.exe
  2⤵
  PID:10228
- C:\Windows\System\tpWKHBD.exe
  C:\Windows\System\tpWKHBD.exe
  2⤵
  PID:8448
- C:\Windows\System\zlmdXDl.exe
  C:\Windows\System\zlmdXDl.exe
  2⤵
  PID:9168
- C:\Windows\System\NoKgjZj.exe
  C:\Windows\System\NoKgjZj.exe
  2⤵
  PID:8764
- C:\Windows\System\AbrCXVq.exe
  C:\Windows\System\AbrCXVq.exe
  2⤵
  PID:9288
- C:\Windows\System\xEJipGk.exe
  C:\Windows\System\xEJipGk.exe
  2⤵
  PID:5572
- C:\Windows\System\TTiXJtL.exe
  C:\Windows\System\TTiXJtL.exe
  2⤵
  PID:8552
- C:\Windows\System\wmwozkU.exe
  C:\Windows\System\wmwozkU.exe
  2⤵
  PID:8696
- C:\Windows\System\FAsqMBJ.exe
  C:\Windows\System\FAsqMBJ.exe
  2⤵
  PID:8784
- C:\Windows\System\OLtWlnp.exe
  C:\Windows\System\OLtWlnp.exe
  2⤵
  PID:9104
- C:\Windows\System\dIqZycI.exe
  C:\Windows\System\dIqZycI.exe
  2⤵
  PID:9304
- C:\Windows\System\LaFdcvk.exe
  C:\Windows\System\LaFdcvk.exe
  2⤵
  PID:9388
- C:\Windows\System\xDUETsX.exe
  C:\Windows\System\xDUETsX.exe
  2⤵
  PID:9484
- C:\Windows\System\lGNHgNW.exe
  C:\Windows\System\lGNHgNW.exe
  2⤵
  PID:9328
- C:\Windows\System\hcHyBNY.exe
  C:\Windows\System\hcHyBNY.exe
  2⤵
  PID:9368
- C:\Windows\System\pmmollJ.exe
  C:\Windows\System\pmmollJ.exe
  2⤵
  PID:9472
- C:\Windows\System\MhZZBAB.exe
  C:\Windows\System\MhZZBAB.exe
  2⤵
  PID:9532
- C:\Windows\System\crpOqYj.exe
  C:\Windows\System\crpOqYj.exe
  2⤵
  PID:9564
- C:\Windows\System\MYcCIZD.exe
  C:\Windows\System\MYcCIZD.exe
  2⤵
  PID:9636
- C:\Windows\System\fmMJdGG.exe
  C:\Windows\System\fmMJdGG.exe
  2⤵
  PID:9580
- C:\Windows\System\oPavcIr.exe
  C:\Windows\System\oPavcIr.exe
  2⤵
  PID:9648
- C:\Windows\System\ArmTcUz.exe
  C:\Windows\System\ArmTcUz.exe
  2⤵
  PID:9712
- C:\Windows\System\DfUUkre.exe
  C:\Windows\System\DfUUkre.exe
  2⤵
  PID:9700
- C:\Windows\System\nmCGdQP.exe
  C:\Windows\System\nmCGdQP.exe
  2⤵
  PID:9732
- C:\Windows\System\ZyEtsRC.exe
  C:\Windows\System\ZyEtsRC.exe
  2⤵
  PID:9764
- C:\Windows\System\HssyYpC.exe
  C:\Windows\System\HssyYpC.exe
  2⤵
  PID:9816
- C:\Windows\System\WwDzEuG.exe
  C:\Windows\System\WwDzEuG.exe
  2⤵
  PID:9820
- C:\Windows\System\gtUCpFZ.exe
  C:\Windows\System\gtUCpFZ.exe
  2⤵
  PID:9836
- C:\Windows\System\zKkXOWr.exe
  C:\Windows\System\zKkXOWr.exe
  2⤵
  PID:9884
- C:\Windows\System\GsNBJja.exe
  C:\Windows\System\GsNBJja.exe
  2⤵
  PID:9848
- C:\Windows\System\UmezqNi.exe
  C:\Windows\System\UmezqNi.exe
  2⤵
  PID:9788
- C:\Windows\System\NukleYo.exe
  C:\Windows\System\NukleYo.exe
  2⤵
  PID:9928
- C:\Windows\System\jFUeCbO.exe
  C:\Windows\System\jFUeCbO.exe
  2⤵
  PID:9996
- C:\Windows\System\yDySwjO.exe
  C:\Windows\System\yDySwjO.exe
  2⤵
  PID:10032
- C:\Windows\System\CPVesmc.exe
  C:\Windows\System\CPVesmc.exe
  2⤵
  PID:10096
- C:\Windows\System\INkXrhU.exe
  C:\Windows\System\INkXrhU.exe
  2⤵
  PID:9924
- C:\Windows\System\MiQcrpR.exe
  C:\Windows\System\MiQcrpR.exe
  2⤵
  PID:9944
- C:\Windows\System\ZtNOSAn.exe
  C:\Windows\System\ZtNOSAn.exe
  2⤵
  PID:10048
- C:\Windows\System\YdDYzjr.exe
  C:\Windows\System\YdDYzjr.exe
  2⤵
  PID:10132
- C:\Windows\System\WHZghWG.exe
  C:\Windows\System\WHZghWG.exe
  2⤵
  PID:10188
- C:\Windows\System\OLKjVXu.exe
  C:\Windows\System\OLKjVXu.exe
  2⤵
  PID:10192
- C:\Windows\System\wEQdgDR.exe
  C:\Windows\System\wEQdgDR.exe
  2⤵
  PID:10160
- C:\Windows\System\ZcUzvTe.exe
  C:\Windows\System\ZcUzvTe.exe
  2⤵
  PID:10224
- C:\Windows\System\YnDngSX.exe
  C:\Windows\System\YnDngSX.exe
  2⤵
  PID:8236
- C:\Windows\System\zEfVxzg.exe
  C:\Windows\System\zEfVxzg.exe
  2⤵
  PID:1004
- C:\Windows\System\asyCmxb.exe
  C:\Windows\System\asyCmxb.exe
  2⤵
  PID:8300
- C:\Windows\System\ToOeCtJ.exe
  C:\Windows\System\ToOeCtJ.exe
  2⤵
  PID:8468
- C:\Windows\System\piTSkSS.exe
  C:\Windows\System\piTSkSS.exe
  2⤵
  PID:9012
- C:\Windows\System\aUnSoKQ.exe
  C:\Windows\System\aUnSoKQ.exe
  2⤵
  PID:8844
- C:\Windows\System\DeqqNpY.exe
  C:\Windows\System\DeqqNpY.exe
  2⤵
  PID:9044
- C:\Windows\System\utXjPGE.exe
  C:\Windows\System\utXjPGE.exe
  2⤵
  PID:9240
- C:\Windows\System\IyXJLbd.exe
  C:\Windows\System\IyXJLbd.exe
  2⤵
  PID:9276
- C:\Windows\System\boXduQH.exe
  C:\Windows\System\boXduQH.exe
  2⤵
  PID:9092
- C:\Windows\System\QeJaNCO.exe
  C:\Windows\System\QeJaNCO.exe
  2⤵
  PID:9552
- C:\Windows\System\XrbBpta.exe
  C:\Windows\System\XrbBpta.exe
  2⤵
  PID:9468
- C:\Windows\System\VkpveZr.exe
  C:\Windows\System\VkpveZr.exe
  2⤵
  PID:9728
- C:\Windows\System\NIrvaFi.exe
  C:\Windows\System\NIrvaFi.exe
  2⤵
  PID:9892
- C:\Windows\System\MdBhmka.exe
  C:\Windows\System\MdBhmka.exe
  2⤵
  PID:9336
- C:\Windows\System\rSPchVU.exe
  C:\Windows\System\rSPchVU.exe
  2⤵
  PID:9404
- C:\Windows\System\vDzhXwP.exe
  C:\Windows\System\vDzhXwP.exe
  2⤵
  PID:9600
- C:\Windows\System\hLjmafZ.exe
  C:\Windows\System\hLjmafZ.exe
  2⤵
  PID:10012
- C:\Windows\System\fOPYqsl.exe
  C:\Windows\System\fOPYqsl.exe
  2⤵
  PID:9684
- C:\Windows\System\hWUgxKD.exe
  C:\Windows\System\hWUgxKD.exe
  2⤵
  PID:9812
- C:\Windows\System\jIZxnGq.exe
  C:\Windows\System\jIZxnGq.exe
  2⤵
  PID:9856
- C:\Windows\System\DIKZOjL.exe
  C:\Windows\System\DIKZOjL.exe
  2⤵
  PID:10068
- C:\Windows\System\TdIYEaw.exe
  C:\Windows\System\TdIYEaw.exe
  2⤵
  PID:10080
- C:\Windows\System\LJcVEma.exe
  C:\Windows\System\LJcVEma.exe
  2⤵
  PID:9980
- C:\Windows\System\gchwQIW.exe
  C:\Windows\System\gchwQIW.exe
  2⤵
  PID:10136
- C:\Windows\System\HeaVtqT.exe
  C:\Windows\System\HeaVtqT.exe
  2⤵
  PID:8412
- C:\Windows\System\lutjWZI.exe
  C:\Windows\System\lutjWZI.exe
  2⤵
  PID:8768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AmmEZuV.exe

Filesize
6.0MB

MD5
96888dd204f95b10a7ada258f125706d

SHA1
773e3c5ab4f4ec9b289740cfbff522a86b31ebfd

SHA256
47aebf59a932ff26778e3fa8c865c3382764c9550282b33505e0ab6578e3b7d3

SHA512
3b5e89ef273d83a7e03b4e9c2e76c9922593ba6b562ff556743ce2898e5e9ca71f3280bf9f0a7d9e9c3f9ea6e2bd1cf1f1956d749d28f34d541d6f586b6cce01

Download Submit
C:\Windows\system\ChJZvaj.exe

Filesize
6.0MB

MD5
467f7a27adea7f9c8eba44bb32682f0c

SHA1
011c77a0650f1b6ff4008616dfcd3fe55832d9dd

SHA256
106ad9d43950ac2d17f42a7891a5eaf6e8555f6e5891bf055a2039f9cd0d7417

SHA512
a5977189339f8c3399289bd6a61e1361615a0453203a5b18f9b6486f43a8dbf4cfee8b4b407d459a12d3ebcc380497ca2b68655ccdf6fd42bc5c2dcd0d44c67c

Download Submit
C:\Windows\system\ElPmxhT.exe

Filesize
6.0MB

MD5
e9b7cdad05d2297dc7117a33b2cdbbd2

SHA1
d0112f3fac8d6b978524d93ba20ee32389db7fc2

SHA256
b92afba498c004f3c259cef5cb5dfec91f4b25d7c5fb2acb9688e10625dd644a

SHA512
db8ff5aec488755cbc374269f988c493ace33c44dbe7365e49a845d1064ccbba25eab7c63ea2a5cd044a01e82a2f97c528936346278017e2476015f147ddf82c

Download Submit
C:\Windows\system\FBciTvg.exe

Filesize
6.0MB

MD5
c011cfa5bdc207e8fe43faccf8d78db7

SHA1
0e8218b7cd96aef47d1e3d26947071036a65b5ad

SHA256
cf33b466f0344f854b9ca932c00506c31dbcc38dbb10890cf6ad196706217737

SHA512
34115910889840231b4fcec423fd67c2bf5f02f246284d9aae510c6087992850fcf14a14f581fccffe0ac06c2af59babed4ae28165863689995b7d8689a6cdd7

Download Submit
C:\Windows\system\FYFiKOa.exe

Filesize
6.0MB

MD5
0c5c50609dfe9b767e8329382a54e140

SHA1
304cb7579d90486fd38bbe5f65a45f7e675c7645

SHA256
eb5f2e273572ac4c631ccbb0af44b2d8852ae5702aa522b2f23cebca5c341b1d

SHA512
ff651709a826a34e4fa3a67261dcb41b431dc3e96dc6698a7a9b5dde2dc2cdf6dc378b54dca94e340a8b879aa0eb79b011c641affe9357128dcc1edde2fe2019

Download Submit
C:\Windows\system\FhrksQA.exe

Filesize
6.0MB

MD5
6515bc48a38321eb25632afa760f69a6

SHA1
d785fcf3eeed61e98ae70915168c7599f65c80bb

SHA256
02f36930badb107868e0df0e4910afc70fd183545ac8e51a782dea12f415e3c0

SHA512
18147cab4d82a95cc151b7511254d69e861c73d547bce1f3eaa446fa974688931997fc74cf10d93020b7a621657eba65fcef612aa0d2c426ea7f8100b23a1484

Download Submit
C:\Windows\system\FyaAkay.exe

Filesize
6.0MB

MD5
38cd563268b826031729a938c700d16b

SHA1
b9e313d6e2d5a098c714090195dc21dc7c384103

SHA256
9dd638e1edb7b94f99fedd65d71964b83e96301c419c61431ce0a9f4efe75979

SHA512
dfcdd98176d82809f963fab29e7a9420a7b29e6b2aea47ee55413390a75c4969de8122245706219ac99ff8788fd137a772e98694648d9b319f8ffd8cb303f7b3

Download Submit
C:\Windows\system\GoTRDmv.exe

Filesize
6.0MB

MD5
0dd3460ca7833ad6ebbb0f6898179c40

SHA1
e258af6bca7524f5acff7fbb61706b5ac24a3eaf

SHA256
75cf4547522b591c70d806689b9e3d760dda1f37d00c8bf5347eced13bf7bd9d

SHA512
e7c13aa26c63140d824d1f2057b587ca9a7b98a313faf77ac64bacc26f52b76d42e16f3ca064c7d78b71edf8e4d2a647ad15c0868bbb8868c7b58be8d6844343

Download Submit
C:\Windows\system\IEtNvEA.exe

Filesize
6.0MB

MD5
a96f6169fe541bf0e514b21a45e7cc27

SHA1
1ef9f0fdb015aa5fb386f7e71ba4074205f51ee0

SHA256
add52c5fa6712107daee79297b4c4da39495534304cc0da19585efd276b73727

SHA512
082f1ebee3c22eebb41dab403e7cc1f03aed537331068754fbe193280a2003ac2c0316472eab9e3861e0ec69eecd88cef47c3d012a1680cebc60f9edb94ef5fd

Download Submit
C:\Windows\system\JewOtsk.exe

Filesize
6.0MB

MD5
b59759b94c012aedc1059235b960f866

SHA1
c33f6befe4707a7de4a4e9d3230c6b7cc638310f

SHA256
5492a71fa9aa6d5ddbe833b9198be8ef59f6f161847ae8028f3fb448946c4df7

SHA512
71c35b228d74ac66488e500348b4f25d0a8dd5dbcfcab702c632ae2d49cbc4917f2c9e94f84dedf90878c3d22ddacceaabfcafa87fd339d3dc86fa7f34f5e178

Download Submit
C:\Windows\system\MeACGSX.exe

Filesize
6.0MB

MD5
ac5d829dd7f20569f723a5d43d0eb0c0

SHA1
f91dbdc1026ff13e72fce94653fb69ad2a8312d6

SHA256
010f853eeef804c2605869a4100bb89a18ec19fbcbac4d05e627ccd82f7c4bfa

SHA512
0f034482a5021a41708ae2662d51d0e78ee1bac211729cfb0583db1197a7c720a8377d3237e55e974ec80c206e84a6863ab2c72a5fd2b3b8d5356bdb0f6b649a

Download Submit
C:\Windows\system\NVmLIDQ.exe

Filesize
6.0MB

MD5
0c7b88bc40a751ee11883f23aaf0324f

SHA1
e5d951267e0a12cba9615adf1075594c5b101a41

SHA256
d991166398d7f54b1a8720e1c07ed72c427075068d6c697f8bc4c9ac275ee3cc

SHA512
93f87fcdf0c2eb79866e1bc197d1b4947d26fa15f3a335348b8c3c4100e831d8d060b484e7dc68599c10b2fec443423f9476ead03fb75af148e310fd35d51faa

Download Submit
C:\Windows\system\PWTYDTp.exe

Filesize
6.0MB

MD5
017af29a29c90329c85b99e36f630ab1

SHA1
cf2fc55deee3e393cde134dc0ed6196ade6c3d31

SHA256
d02fc612bd11596cc0b0a2af120aaab7d44340e30a6b91efa78c99833d5d24a0

SHA512
e55d62ef0be99152e352ed6e691817e3909d904b55dad56d34ebf87e1c201636dbef30aee178e22c950c8a86132139efcd880c186616fd41fd080883cbb204df

Download Submit
C:\Windows\system\Sfmxpvw.exe

Filesize
6.0MB

MD5
daec9c0e2340178f24499ef4c635dd2a

SHA1
6cdd3f8bd41179071004b6420276c63e654eece2

SHA256
1b02a158a3b7c4a729aad5efae600d752f5ccaa8ad0a317323c8cd1b8b487e4c

SHA512
85840004db809e57c6af1e89cd4fc3c4b6b040f46eab0a994f41d499a1799fa4b260f16dcfad2c2926a60184f0753553803049624c67b4385001f471486fa76e

Download Submit
C:\Windows\system\WilQEut.exe

Filesize
6.0MB

MD5
5eb2fee6795819ca7827b98fc7ac4666

SHA1
cb84031127999188f3532a0d2f69c8c920363e8f

SHA256
48a0c2185725673b5cfde7869994ca8b80b9fbf0214a9aadef765767ebd55fc9

SHA512
dc09df185876ed20b7dfc2a05d6fe644756aa30acc3a9b2c9342b1fcfe3bc9c96da195a0357ce85cf10503bdda84922048f8b32142bcb0360ec4f89203909802

Download Submit
C:\Windows\system\XloubPS.exe

Filesize
6.0MB

MD5
b271a0c1a14a742007d7094a5310eed3

SHA1
ae695da1c97459368b2dd6a0fc5a5687eade308e

SHA256
f1310a9ac06b83c276708fe5ea50e4f9b531a821d8e1cda068eaa8da52c93f87

SHA512
f2073a9f7bba1b683f23e0355c8f4cf2b140d54165198c9f02b6cecf00def3bc8ad3aa8cec38807e84ea9ef4fe9d84255270cb45666bfbc0de2ea39289493c3b

Download Submit
C:\Windows\system\YkLhWyU.exe

Filesize
6.0MB

MD5
8c01e40ee766d49d4d4189d80c933460

SHA1
1de470a6e83843d9789d58a8d4c983841127970c

SHA256
655eb063f2ad39c47325b6956415f7be2495659fd35fbebd502c342f0f589a98

SHA512
d33f27a24025582ad51a168015a4f352f4f2460fac923e6d7f4b04e13fb4b66c3a8198aca9e9b89aa47792f9be32e39bd28a60955293dc9ab15422364f2eddac

Download Submit
C:\Windows\system\ZMbdaiy.exe

Filesize
6.0MB

MD5
5d449fe0b9b2ee0eedad488d8a115a0c

SHA1
4553d028b6026d880dbcde1dabdda0317586c244

SHA256
4473219c16b969f3940c266c341cfdf778f5a56caa2c7e27c63d484b3dc68704

SHA512
a6ef6d0728e5873ad8bb68939ea5daa7fe42b91a682e2ceb3afce47026e2df6eb8aa2f3957cf5e29ec7f547ee534dbe850329bcd66752be044802c559eead610

Download Submit
C:\Windows\system\gclozkL.exe

Filesize
6.0MB

MD5
04b21f19a310ffda9bbfebf588b7b3e7

SHA1
629d3effc349326788c66a97c7b7b2eee870a598

SHA256
8ee3511bb004fae534b8835e2ba133345bf116083f5c9e078aceff40e3547361

SHA512
f2de4ce375af21618e202d937c2be70cf7cad7beaee181a403399391988758278e3f52b65b287ab9d3f18c823544fd642541a770cbe84d1031ddfe46e1060afe

Download Submit
C:\Windows\system\jLBYHLt.exe

Filesize
6.0MB

MD5
968d978bc59c1312e77eb8e793d8f8e2

SHA1
0f317bda64859468f6a6a4a25862458a567e8cf2

SHA256
7386a36f2e48841abff1028bd928cf9561ee50d5e1d39d1e16897f9733ad9503

SHA512
a5090862869949d16d33f9f21bf4c62f7afec37252fc5ab2f8e745d5ff69f0a17a3321830e353464b32df37edb7fe19a3c5139349efd8777399e959d152b8bb5

Download Submit
C:\Windows\system\jnANVVN.exe

Filesize
6.0MB

MD5
d9778951021a7d5994aac02be467a8e0

SHA1
c27146b448743c083f3bcec755380a82204c0591

SHA256
7a3459e9db209119da3e66264911e466602bb7c59ff14334166b978c92350d42

SHA512
989c8d85d8aff6c311e57e9f4907128133f82d59755e1ddf5c248bf69fb27a5516786edf7ffb2544d9823c591e67d8062c9cb46d91da8e8c00f5a0655c580046

Download Submit
C:\Windows\system\lMTOxcF.exe

Filesize
6.0MB

MD5
eae79960e354cd216b143d23ad7f0edc

SHA1
295c7704d9f701be9789bc2454d28b92ac29c7ee

SHA256
529a5fbe10962b2af57ebfbfd7d5d94cc380c9245c9c11853d59122458cfc7f0

SHA512
c68abb302bb7708e03dbd0f29dae3d7861cff07f07a62afebb3ef559a057ea1fa1b7db19571aa4aa6ecb3d94f915c84b271703f3cf666dbdf6971baa7fd440f0

Download Submit
C:\Windows\system\qPyvKWb.exe

Filesize
6.0MB

MD5
9da13986219bac984f88b85c4f132d88

SHA1
70fd9d5d8640f548e8f77d8f68a64ac567353c10

SHA256
ec0ea8ad3ccc26be8d0c4e45adc9261439250c037cfc7dd9baac72417116510f

SHA512
367c98c264bc2d29ea4282b48fb7130206ff27e06c9e5bced0497e956285b23db6ddc53a494c692bdbe606c8cff38cfe36bb0e7741a13fd617c2a7ce9db2c9ca

Download Submit
C:\Windows\system\qVbVmEd.exe

Filesize
6.0MB

MD5
52e39f9ff6eb300a404bfbb6f1d3f10a

SHA1
dccb4ec21a25d6ca864eb3d93c88cd5fbb27ac71

SHA256
441fc054e93fdae10952f98c2c8fdb3c05ba255762fbc7201fe71137bbe4b363

SHA512
9b9b906ae63abbe0a87511d58cbe7d2fa5e72ff05f3071acb0d8f5f74353202c3bad6ac8cc3eb2a95663de602f419352ba13143eeeeecb498d10b2cceaaf5855

Download Submit
C:\Windows\system\rOIEIUn.exe

Filesize
6.0MB

MD5
4ae58f67967ff49316b4d35f6f1d0217

SHA1
b86611f0af11e9a4b3c755f0638161d4082e9465

SHA256
fc4a68dab77841238d49d539459f5a25b6243496b12b0c75183a307c0238625d

SHA512
6bd804beea8b24d7f59b032be7ecbb12458b2e564bcc530d1cfb9ac4fa4caab69a10088db776fe707f106c7b1131345b02d5d45ad137bae2eb0fc92c31ad4ab8

Download Submit
C:\Windows\system\tCCCvae.exe

Filesize
6.0MB

MD5
05d2a7f1c4134335655228c977a5fcd8

SHA1
1fdf332888da039c4556ba33cc50b1fced4abf50

SHA256
7a964da9ebf32097d814daa119ab3f1d557c8d0b73f60777e980161b465cb349

SHA512
1da576bc10d93b8eb7cc9587500985983266dd0b28a2728eb11b13ac5168a5e8d595d395f24c0a70f51dc4cc6d78948d89457dda434688ec2dbcf6e7f6f443ab

Download Submit
C:\Windows\system\taGfGju.exe

Filesize
6.0MB

MD5
aade9f03df75aabcdcccd8407511c128

SHA1
53193162e1631a2988544983c06345976e3a6058

SHA256
7450e4a265b3f275a16edf5ec4134e41e04cb7d438dd4b0fe9600cc47eb1e045

SHA512
f43bfaae094ab7c206a2c6293130e95bbd77d8e3606144b1a298293c024e2729dc5df8d5d786e54b55203745d3e27a296a8948ef3d0710a0dfdd48ca638508a2

Download Submit
C:\Windows\system\wVCZcSR.exe

Filesize
6.0MB

MD5
c31031357a495cd6a6472e8a51f8b1c1

SHA1
ceeb3bd419b7bad13bb66e8fb17a8ca78301d6d0

SHA256
d0ca617229dd5a71a89f85587df631e62bd8e10f24d2fe3fcd33b3754f2eb247

SHA512
ed24bf6fc5f0026f82db84b1360d65c362243944a5d60bb8d45f81b246d5e315ce49199ffc4078f665ab7be5f02c05fea80e514140695bf1f42236773a98fa5e

Download Submit
C:\Windows\system\weHSegY.exe

Filesize
6.0MB

MD5
191d94bdf73824cbd2e0e18e53b0fed4

SHA1
132180b9bf373ef738d0ab620dd3768bbf276ca0

SHA256
e6e5cbb8f0a02832f3315e092f1dccccdc8383f3a522bee25236a9892e62ddba

SHA512
ec8f30a6dfd50fea8e8f2d784021183fe26461dfe00dff79e088f2bd31ff93eb27b2aa47a97e8c594850b42767fb4581936c267b7eedb5301f255b00cdedf388

Download Submit
\Windows\system\JwhTTmC.exe

Filesize
6.0MB

MD5
0a7f4e42f6308c2ad37c0dd7b50b598b

SHA1
874f6c4894923c8196943b95559b1d19bda927e4

SHA256
ec9cc45885a5ffbc480c9e36247c99ff9fec44347f3c505dc230dfe9641e468d

SHA512
49e66745782dee280a64d70fdba75fe94114ebeae6b9447a4cb07eaaa7a7d36b3852c9ab37a18a97b13c216d1cc4cf655e3f77e6ed86c82683bda908815243b4

Download Submit
\Windows\system\lKTlQgS.exe

Filesize
6.0MB

MD5
b5f64b553726fe574f59852285eaf52b

SHA1
7bcd899279aacdf73c10d3f1b2e1d93c368deaf9

SHA256
fc3b06b82016be64c92f4102a3be571e0bfa7f637e0cee159233bd61af62814e

SHA512
aa4c3965328ef99c0ca8b63b8f73b60848d9378751e08164a60a3e04b47d568deb62e69dcd4f2c47ea599e1ddd2e88a27c505e7b22ed8d64bb33499eda128bdf

Download Submit
\Windows\system\tNhGKHs.exe

Filesize
6.0MB

MD5
dac3bb0c93ceb3fa04cb0b67853c0ea6

SHA1
fa8f5f88450e6d24dbda20118e077d2df8ea804a

SHA256
669fc8fff5b247467e8ba28c5a2207d2bf35688b699fa25120432fd01952a56f

SHA512
b3ec0dab0b5c44612ed0dde74616918dacdbd7a6692f450f9b9b28a398043e176a761fa775eb5f2c3dcbcdd558596464f2f20c1b625b903d7682d16976421cb3

Download Submit
memory/800-3968-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/800-3961-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/800-3943-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/800-3965-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/800-2301-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/800-2335-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/800-3944-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/800-2367-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/800-3963-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/800-0-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/800-2440-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/800-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2164-3966-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2332-3960-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2332-2298-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2352-2365-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-3964-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-3948-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2252-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2600-3962-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2600-2334-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2792-3967-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2792-2439-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download