cobaltstrike | b74138adfc4b61c6dccf27b2902fe982f6a96625577de724bdad60cf250e678a

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/03/2025, 08:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.2MB
MD5

955c556d2f1477dbbc22f620609fe860
SHA1

4731c85ca7d4190093954b1b9368e53afde141eb
SHA256

b74138adfc4b61c6dccf27b2902fe982f6a96625577de724bdad60cf250e678a
SHA512

dee5d36b9b5481966473d820b11525ce62dc7764ff6a0a95f41bf775c1e62e0228ea39b53c11833b0b0220f4f3a20d80dbda6efea1fe9eb8e783b098556ce357
SSDEEP

49152:ROdWCCi7/ras56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6l2:RWWBibf56utgpPFotBER/mQ32lUq

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000700000001211a-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000161f6-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016307-9.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001658c-18.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016855-22.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173da-37.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f1-41.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f4-45.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173fc-49.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017487-57.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017525-65.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000018663-74.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001903b-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019256-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019244-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001922c-121.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191ff-117.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d4-113.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e0-109.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190ce-105.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f53-97.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c26-93.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c1a-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018792-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018687-81.dat	cobalt_reflective_dll
behavioral1/files/0x000d00000001866e-77.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a2-72.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017472-53.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c84-34.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c62-30.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016aa9-25.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 28 IoCs

miner

resource	yara_rule
behavioral1/memory/2712-596-0x000000013F950000-0x000000013FCA1000-memory.dmp	xmrig
behavioral1/memory/1836-590-0x000000013F0A0000-0x000000013F3F1000-memory.dmp	xmrig
behavioral1/memory/2288-580-0x000000013F680000-0x000000013F9D1000-memory.dmp	xmrig
behavioral1/memory/1728-575-0x000000013FFD0000-0x0000000140321000-memory.dmp	xmrig
behavioral1/memory/2660-573-0x000000013F190000-0x000000013F4E1000-memory.dmp	xmrig
behavioral1/memory/2604-571-0x000000013F560000-0x000000013F8B1000-memory.dmp	xmrig
behavioral1/memory/2648-569-0x000000013F610000-0x000000013F961000-memory.dmp	xmrig
behavioral1/memory/2060-555-0x000000013F9E0000-0x000000013FD31000-memory.dmp	xmrig
behavioral1/memory/2916-538-0x000000013F500000-0x000000013F851000-memory.dmp	xmrig
behavioral1/memory/2796-532-0x000000013F920000-0x000000013FC71000-memory.dmp	xmrig
behavioral1/memory/2976-1250-0x000000013F6B0000-0x000000013FA01000-memory.dmp	xmrig
behavioral1/memory/2608-525-0x000000013FEE0000-0x0000000140231000-memory.dmp	xmrig
behavioral1/memory/2796-3154-0x000000013F920000-0x000000013FC71000-memory.dmp	xmrig
behavioral1/memory/2836-3155-0x000000013F720000-0x000000013FA71000-memory.dmp	xmrig
behavioral1/memory/2060-3156-0x000000013F9E0000-0x000000013FD31000-memory.dmp	xmrig
behavioral1/memory/2728-3157-0x000000013FDF0000-0x0000000140141000-memory.dmp	xmrig
behavioral1/memory/1836-4021-0x000000013F0A0000-0x000000013F3F1000-memory.dmp	xmrig
behavioral1/memory/2864-4280-0x000000013F7B0000-0x000000013FB01000-memory.dmp	xmrig
behavioral1/memory/2712-4281-0x000000013F950000-0x000000013FCA1000-memory.dmp	xmrig
behavioral1/memory/1728-4260-0x000000013FFD0000-0x0000000140321000-memory.dmp	xmrig
behavioral1/memory/2288-4333-0x000000013F680000-0x000000013F9D1000-memory.dmp	xmrig
behavioral1/memory/2608-4332-0x000000013FEE0000-0x0000000140231000-memory.dmp	xmrig
behavioral1/memory/2648-4330-0x000000013F610000-0x000000013F961000-memory.dmp	xmrig
behavioral1/memory/2916-4258-0x000000013F500000-0x000000013F851000-memory.dmp	xmrig
behavioral1/memory/2604-4020-0x000000013F560000-0x000000013F8B1000-memory.dmp	xmrig
behavioral1/memory/2864-1317-0x000000013F7B0000-0x000000013FB01000-memory.dmp	xmrig
behavioral1/memory/2728-521-0x000000013FDF0000-0x0000000140141000-memory.dmp	xmrig
behavioral1/memory/2836-503-0x000000013F720000-0x000000013FA71000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2712	peJdJlM.exe
2836	nPCFsvV.exe
2864	jALocGo.exe
2728	zRqxvWT.exe
2608	ZMGpOkw.exe
2796	xucmOuG.exe
2916	xvWtVPB.exe
2060	SaesAEc.exe
2648	qkkDyAw.exe
2604	VYUJdZk.exe
2660	rkDOszY.exe
1728	YPlZjaJ.exe
2288	NWTnxum.exe
1836	QciYVVM.exe
1744	dtmCsse.exe
2884	LaZaIBU.exe
2468	OXtlSfE.exe
1788	KXrjtbo.exe
2888	VPOLqJn.exe
2504	VJAUaST.exe
1988	tksacbI.exe
1972	fRYIyNk.exe
2896	Sjgjgst.exe
2368	oAFmpOd.exe
2924	axVeHiV.exe
1100	LYacFOh.exe
1328	VUrZieU.exe
1504	KanNWzy.exe
688	NKIloTn.exe
2332	MuZixdk.exe
2324	WhVOier.exe
2268	TlDDJxE.exe
3008	RDotyXF.exe
2176	GktJIkN.exe
2252	tmQtTtn.exe
2172	AuJbbua.exe
1080	lapsJLf.exe
1800	yafuLXh.exe
2260	fQOnbYP.exe
2184	iMLMgEF.exe
1132	FIsQVBD.exe
1624	JEVYHDz.exe
2960	VJLBYyj.exe
1612	XUDHblr.exe
1848	QMXcsvz.exe
1764	PCTbAPg.exe
1544	WYZgBAe.exe
1664	bPbIOaB.exe
1708	aMgnNuh.exe
1652	tMulYAU.exe
1732	dyrcQRO.exe
844	QjxrIIW.exe
2216	tcWpNdF.exe
2212	fKUvkyW.exe
3028	UGgfUEk.exe
1052	SPqvXup.exe
356	EpQLCAm.exe
1044	jZdxYoO.exe
1500	PyxejWQ.exe
2072	oTAbJTW.exe
2500	UUisdJH.exe
804	Hmvolus.exe
876	dPFwEdw.exe
1736	JZTAVBl.exe

Loads dropped DLL 64 IoCs

pid	Process
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2976-0-0x000000013F6B0000-0x000000013FA01000-memory.dmp	upx
behavioral1/files/0x000700000001211a-3.dat	upx
behavioral1/files/0x00080000000161f6-10.dat	upx
behavioral1/files/0x0008000000016307-9.dat	upx
behavioral1/files/0x000800000001658c-18.dat	upx
behavioral1/files/0x0007000000016855-22.dat	upx
behavioral1/files/0x00080000000173da-37.dat	upx
behavioral1/files/0x00060000000173f1-41.dat	upx
behavioral1/files/0x00060000000173f4-45.dat	upx
behavioral1/files/0x00060000000173fc-49.dat	upx
behavioral1/files/0x0006000000017487-57.dat	upx
behavioral1/files/0x0006000000017525-65.dat	upx
behavioral1/files/0x0014000000018663-74.dat	upx
behavioral1/files/0x000600000001903b-101.dat	upx
behavioral1/memory/2976-485-0x0000000002380000-0x00000000026D1000-memory.dmp	upx
behavioral1/memory/2712-596-0x000000013F950000-0x000000013FCA1000-memory.dmp	upx
behavioral1/memory/1836-590-0x000000013F0A0000-0x000000013F3F1000-memory.dmp	upx
behavioral1/memory/2288-580-0x000000013F680000-0x000000013F9D1000-memory.dmp	upx
behavioral1/memory/1728-575-0x000000013FFD0000-0x0000000140321000-memory.dmp	upx
behavioral1/memory/2660-573-0x000000013F190000-0x000000013F4E1000-memory.dmp	upx
behavioral1/memory/2604-571-0x000000013F560000-0x000000013F8B1000-memory.dmp	upx
behavioral1/memory/2648-569-0x000000013F610000-0x000000013F961000-memory.dmp	upx
behavioral1/memory/2060-555-0x000000013F9E0000-0x000000013FD31000-memory.dmp	upx
behavioral1/memory/2916-538-0x000000013F500000-0x000000013F851000-memory.dmp	upx
behavioral1/memory/2796-532-0x000000013F920000-0x000000013FC71000-memory.dmp	upx
behavioral1/memory/2976-1250-0x000000013F6B0000-0x000000013FA01000-memory.dmp	upx
behavioral1/memory/2608-525-0x000000013FEE0000-0x0000000140231000-memory.dmp	upx
behavioral1/memory/2796-3154-0x000000013F920000-0x000000013FC71000-memory.dmp	upx
behavioral1/memory/2836-3155-0x000000013F720000-0x000000013FA71000-memory.dmp	upx
behavioral1/memory/2060-3156-0x000000013F9E0000-0x000000013FD31000-memory.dmp	upx
behavioral1/memory/2728-3157-0x000000013FDF0000-0x0000000140141000-memory.dmp	upx
behavioral1/memory/1836-4021-0x000000013F0A0000-0x000000013F3F1000-memory.dmp	upx
behavioral1/memory/2864-4280-0x000000013F7B0000-0x000000013FB01000-memory.dmp	upx
behavioral1/memory/2712-4281-0x000000013F950000-0x000000013FCA1000-memory.dmp	upx
behavioral1/memory/1728-4260-0x000000013FFD0000-0x0000000140321000-memory.dmp	upx
behavioral1/memory/2288-4333-0x000000013F680000-0x000000013F9D1000-memory.dmp	upx
behavioral1/memory/2608-4332-0x000000013FEE0000-0x0000000140231000-memory.dmp	upx
behavioral1/memory/2648-4330-0x000000013F610000-0x000000013F961000-memory.dmp	upx
behavioral1/memory/2916-4258-0x000000013F500000-0x000000013F851000-memory.dmp	upx
behavioral1/memory/2604-4020-0x000000013F560000-0x000000013F8B1000-memory.dmp	upx
behavioral1/memory/2864-1317-0x000000013F7B0000-0x000000013FB01000-memory.dmp	upx
behavioral1/memory/2728-521-0x000000013FDF0000-0x0000000140141000-memory.dmp	upx
behavioral1/memory/2864-518-0x000000013F7B0000-0x000000013FB01000-memory.dmp	upx
behavioral1/memory/2836-503-0x000000013F720000-0x000000013FA71000-memory.dmp	upx
behavioral1/files/0x0005000000019259-133.dat	upx
behavioral1/files/0x0005000000019256-129.dat	upx
behavioral1/files/0x0005000000019244-125.dat	upx
behavioral1/files/0x000500000001922c-121.dat	upx
behavioral1/files/0x00050000000191ff-117.dat	upx
behavioral1/files/0x00050000000191d4-113.dat	upx
behavioral1/files/0x00060000000190e0-109.dat	upx
behavioral1/files/0x00060000000190ce-105.dat	upx
behavioral1/files/0x0006000000018f53-97.dat	upx
behavioral1/files/0x0006000000018c26-93.dat	upx
behavioral1/files/0x0006000000018c1a-89.dat	upx
behavioral1/files/0x0005000000018792-85.dat	upx
behavioral1/files/0x0005000000018687-81.dat	upx
behavioral1/files/0x000d00000001866e-77.dat	upx
behavioral1/files/0x00060000000174a2-72.dat	upx
behavioral1/files/0x0006000000017472-53.dat	upx
behavioral1/files/0x0008000000016c84-34.dat	upx
behavioral1/files/0x0007000000016c62-30.dat	upx
behavioral1/files/0x0007000000016aa9-25.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\CxYhkvH.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JoahfNq.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WFPEZeg.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TJtPWUs.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LxeViYJ.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aIySAwC.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YXGHtjD.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zewiSaE.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YJudiWF.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\goFltym.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\efzROuv.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OAuRWDF.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zcLqseM.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TGDyQOW.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\keJCMLA.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QDzjtUD.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ulQrtns.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CVXiDcX.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QJCEnhh.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GBEliAa.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZlqqdID.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QDLqwiL.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OHtPjjZ.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UKnNilL.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lxSaNRC.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uZkoMkj.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LpfdqAf.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jjoaUmi.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IVLLcSN.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tZmEgAI.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uFepRPs.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dBZkozT.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZHIEjSC.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WCQPxTE.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ABHxrqT.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iuiFHFH.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\itKQyyt.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Busdgsl.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iKHRWUb.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aPGZXxB.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VlSopzf.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\urpXcyl.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VvlgEnz.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lggZhkw.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FkphKrr.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dIOcLQY.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zlSSpWa.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TJlMDSc.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MDVTmyM.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EofldOm.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TSVvfYd.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SZrmbcN.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rkvYxLD.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OIHYpzn.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KePsPGl.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qOHZxGE.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hxqWeKE.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HFhxSZj.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MYRQJrF.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wrephUN.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RmFakPA.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cksyWVS.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ntNacGd.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JxijuXK.exe	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 2712	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2976 wrote to memory of 2712	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2976 wrote to memory of 2712	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2976 wrote to memory of 2836	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2976 wrote to memory of 2836	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2976 wrote to memory of 2836	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2976 wrote to memory of 2864	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2976 wrote to memory of 2864	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2976 wrote to memory of 2864	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2976 wrote to memory of 2728	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2976 wrote to memory of 2728	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2976 wrote to memory of 2728	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2976 wrote to memory of 2608	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2976 wrote to memory of 2608	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2976 wrote to memory of 2608	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2976 wrote to memory of 2796	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2976 wrote to memory of 2796	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2976 wrote to memory of 2796	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2976 wrote to memory of 2916	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2976 wrote to memory of 2916	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2976 wrote to memory of 2916	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2976 wrote to memory of 2060	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2976 wrote to memory of 2060	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2976 wrote to memory of 2060	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2976 wrote to memory of 2648	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2976 wrote to memory of 2648	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2976 wrote to memory of 2648	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2976 wrote to memory of 2604	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2976 wrote to memory of 2604	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2976 wrote to memory of 2604	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2976 wrote to memory of 2660	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2976 wrote to memory of 2660	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2976 wrote to memory of 2660	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2976 wrote to memory of 1728	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2976 wrote to memory of 1728	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2976 wrote to memory of 1728	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2976 wrote to memory of 2288	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2976 wrote to memory of 2288	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2976 wrote to memory of 2288	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2976 wrote to memory of 1836	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2976 wrote to memory of 1836	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2976 wrote to memory of 1836	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2976 wrote to memory of 2884	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2976 wrote to memory of 2884	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2976 wrote to memory of 2884	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2976 wrote to memory of 1744	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2976 wrote to memory of 1744	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2976 wrote to memory of 1744	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2976 wrote to memory of 2468	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2976 wrote to memory of 2468	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2976 wrote to memory of 2468	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2976 wrote to memory of 1788	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2976 wrote to memory of 1788	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2976 wrote to memory of 1788	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2976 wrote to memory of 2888	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2976 wrote to memory of 2888	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2976 wrote to memory of 2888	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2976 wrote to memory of 2504	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2976 wrote to memory of 2504	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2976 wrote to memory of 2504	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2976 wrote to memory of 1988	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2976 wrote to memory of 1988	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2976 wrote to memory of 1988	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2976 wrote to memory of 1972	2976	2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-21_955c556d2f1477dbbc22f620609fe860_amadey_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Windows\System\peJdJlM.exe
  C:\Windows\System\peJdJlM.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\nPCFsvV.exe
  C:\Windows\System\nPCFsvV.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\jALocGo.exe
  C:\Windows\System\jALocGo.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\zRqxvWT.exe
  C:\Windows\System\zRqxvWT.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\ZMGpOkw.exe
  C:\Windows\System\ZMGpOkw.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\xucmOuG.exe
  C:\Windows\System\xucmOuG.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\xvWtVPB.exe
  C:\Windows\System\xvWtVPB.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\SaesAEc.exe
  C:\Windows\System\SaesAEc.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\qkkDyAw.exe
  C:\Windows\System\qkkDyAw.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\VYUJdZk.exe
  C:\Windows\System\VYUJdZk.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\rkDOszY.exe
  C:\Windows\System\rkDOszY.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\YPlZjaJ.exe
  C:\Windows\System\YPlZjaJ.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\NWTnxum.exe
  C:\Windows\System\NWTnxum.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\QciYVVM.exe
  C:\Windows\System\QciYVVM.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\LaZaIBU.exe
  C:\Windows\System\LaZaIBU.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\dtmCsse.exe
  C:\Windows\System\dtmCsse.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\OXtlSfE.exe
  C:\Windows\System\OXtlSfE.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\KXrjtbo.exe
  C:\Windows\System\KXrjtbo.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\VPOLqJn.exe
  C:\Windows\System\VPOLqJn.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\VJAUaST.exe
  C:\Windows\System\VJAUaST.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\tksacbI.exe
  C:\Windows\System\tksacbI.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\fRYIyNk.exe
  C:\Windows\System\fRYIyNk.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\Sjgjgst.exe
  C:\Windows\System\Sjgjgst.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\oAFmpOd.exe
  C:\Windows\System\oAFmpOd.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\axVeHiV.exe
  C:\Windows\System\axVeHiV.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\LYacFOh.exe
  C:\Windows\System\LYacFOh.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\VUrZieU.exe
  C:\Windows\System\VUrZieU.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\KanNWzy.exe
  C:\Windows\System\KanNWzy.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\NKIloTn.exe
  C:\Windows\System\NKIloTn.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\MuZixdk.exe
  C:\Windows\System\MuZixdk.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\WhVOier.exe
  C:\Windows\System\WhVOier.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\TlDDJxE.exe
  C:\Windows\System\TlDDJxE.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\RDotyXF.exe
  C:\Windows\System\RDotyXF.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\GktJIkN.exe
  C:\Windows\System\GktJIkN.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\tmQtTtn.exe
  C:\Windows\System\tmQtTtn.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\AuJbbua.exe
  C:\Windows\System\AuJbbua.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\lapsJLf.exe
  C:\Windows\System\lapsJLf.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\yafuLXh.exe
  C:\Windows\System\yafuLXh.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\fQOnbYP.exe
  C:\Windows\System\fQOnbYP.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\iMLMgEF.exe
  C:\Windows\System\iMLMgEF.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\FIsQVBD.exe
  C:\Windows\System\FIsQVBD.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\JEVYHDz.exe
  C:\Windows\System\JEVYHDz.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\VJLBYyj.exe
  C:\Windows\System\VJLBYyj.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\XUDHblr.exe
  C:\Windows\System\XUDHblr.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\QMXcsvz.exe
  C:\Windows\System\QMXcsvz.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\PCTbAPg.exe
  C:\Windows\System\PCTbAPg.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\WYZgBAe.exe
  C:\Windows\System\WYZgBAe.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\bPbIOaB.exe
  C:\Windows\System\bPbIOaB.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\aMgnNuh.exe
  C:\Windows\System\aMgnNuh.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\tMulYAU.exe
  C:\Windows\System\tMulYAU.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\dyrcQRO.exe
  C:\Windows\System\dyrcQRO.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\QjxrIIW.exe
  C:\Windows\System\QjxrIIW.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\tcWpNdF.exe
  C:\Windows\System\tcWpNdF.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\fKUvkyW.exe
  C:\Windows\System\fKUvkyW.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\UGgfUEk.exe
  C:\Windows\System\UGgfUEk.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\SPqvXup.exe
  C:\Windows\System\SPqvXup.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\EpQLCAm.exe
  C:\Windows\System\EpQLCAm.exe
  2⤵
  - Executes dropped EXE
  PID:356
- C:\Windows\System\jZdxYoO.exe
  C:\Windows\System\jZdxYoO.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\PyxejWQ.exe
  C:\Windows\System\PyxejWQ.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\oTAbJTW.exe
  C:\Windows\System\oTAbJTW.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\UUisdJH.exe
  C:\Windows\System\UUisdJH.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\Hmvolus.exe
  C:\Windows\System\Hmvolus.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\dPFwEdw.exe
  C:\Windows\System\dPFwEdw.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\JZTAVBl.exe
  C:\Windows\System\JZTAVBl.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\GIoYKun.exe
  C:\Windows\System\GIoYKun.exe
  2⤵
  PID:1520
- C:\Windows\System\silpqyM.exe
  C:\Windows\System\silpqyM.exe
  2⤵
  PID:2240
- C:\Windows\System\CxVEAdI.exe
  C:\Windows\System\CxVEAdI.exe
  2⤵
  PID:3056
- C:\Windows\System\LxeViYJ.exe
  C:\Windows\System\LxeViYJ.exe
  2⤵
  PID:2328
- C:\Windows\System\DUycWnX.exe
  C:\Windows\System\DUycWnX.exe
  2⤵
  PID:1692
- C:\Windows\System\jUgRoCU.exe
  C:\Windows\System\jUgRoCU.exe
  2⤵
  PID:1596
- C:\Windows\System\JZKQset.exe
  C:\Windows\System\JZKQset.exe
  2⤵
  PID:2808
- C:\Windows\System\INPmUrf.exe
  C:\Windows\System\INPmUrf.exe
  2⤵
  PID:2840
- C:\Windows\System\myPmMVj.exe
  C:\Windows\System\myPmMVj.exe
  2⤵
  PID:2636
- C:\Windows\System\OzXJlkK.exe
  C:\Windows\System\OzXJlkK.exe
  2⤵
  PID:2628
- C:\Windows\System\eapclLT.exe
  C:\Windows\System\eapclLT.exe
  2⤵
  PID:2616
- C:\Windows\System\WkKExpT.exe
  C:\Windows\System\WkKExpT.exe
  2⤵
  PID:1956
- C:\Windows\System\yvyqNqX.exe
  C:\Windows\System\yvyqNqX.exe
  2⤵
  PID:296
- C:\Windows\System\PJzIfHl.exe
  C:\Windows\System\PJzIfHl.exe
  2⤵
  PID:2644
- C:\Windows\System\MtAZgGO.exe
  C:\Windows\System\MtAZgGO.exe
  2⤵
  PID:2112
- C:\Windows\System\VclvDXe.exe
  C:\Windows\System\VclvDXe.exe
  2⤵
  PID:1448
- C:\Windows\System\enmQgzI.exe
  C:\Windows\System\enmQgzI.exe
  2⤵
  PID:2508
- C:\Windows\System\XkONzlj.exe
  C:\Windows\System\XkONzlj.exe
  2⤵
  PID:1924
- C:\Windows\System\bEfDzdx.exe
  C:\Windows\System\bEfDzdx.exe
  2⤵
  PID:2000
- C:\Windows\System\CwxETtT.exe
  C:\Windows\System\CwxETtT.exe
  2⤵
  PID:2672
- C:\Windows\System\eyEZClK.exe
  C:\Windows\System\eyEZClK.exe
  2⤵
  PID:2052
- C:\Windows\System\aZHMgTC.exe
  C:\Windows\System\aZHMgTC.exe
  2⤵
  PID:2584
- C:\Windows\System\hkHVgin.exe
  C:\Windows\System\hkHVgin.exe
  2⤵
  PID:2444
- C:\Windows\System\DufhTrc.exe
  C:\Windows\System\DufhTrc.exe
  2⤵
  PID:3012
- C:\Windows\System\FFbkzPy.exe
  C:\Windows\System\FFbkzPy.exe
  2⤵
  PID:748
- C:\Windows\System\GizqpUI.exe
  C:\Windows\System\GizqpUI.exe
  2⤵
  PID:1308
- C:\Windows\System\FyTBHiz.exe
  C:\Windows\System\FyTBHiz.exe
  2⤵
  PID:1964
- C:\Windows\System\gZvidpa.exe
  C:\Windows\System\gZvidpa.exe
  2⤵
  PID:1076
- C:\Windows\System\uFDuKOL.exe
  C:\Windows\System\uFDuKOL.exe
  2⤵
  PID:1348
- C:\Windows\System\CuFsfjq.exe
  C:\Windows\System\CuFsfjq.exe
  2⤵
  PID:1696
- C:\Windows\System\FaqenJW.exe
  C:\Windows\System\FaqenJW.exe
  2⤵
  PID:1784
- C:\Windows\System\iticuej.exe
  C:\Windows\System\iticuej.exe
  2⤵
  PID:2400
- C:\Windows\System\RTinTnM.exe
  C:\Windows\System\RTinTnM.exe
  2⤵
  PID:892
- C:\Windows\System\yOgPKuN.exe
  C:\Windows\System\yOgPKuN.exe
  2⤵
  PID:560
- C:\Windows\System\DRerPDj.exe
  C:\Windows\System\DRerPDj.exe
  2⤵
  PID:692
- C:\Windows\System\focHUrI.exe
  C:\Windows\System\focHUrI.exe
  2⤵
  PID:2548
- C:\Windows\System\ATqTPEQ.exe
  C:\Windows\System\ATqTPEQ.exe
  2⤵
  PID:796
- C:\Windows\System\RmbtEBD.exe
  C:\Windows\System\RmbtEBD.exe
  2⤵
  PID:1632
- C:\Windows\System\feOVTwh.exe
  C:\Windows\System\feOVTwh.exe
  2⤵
  PID:872
- C:\Windows\System\HqguMmR.exe
  C:\Windows\System\HqguMmR.exe
  2⤵
  PID:2512
- C:\Windows\System\RORaTQY.exe
  C:\Windows\System\RORaTQY.exe
  2⤵
  PID:2292
- C:\Windows\System\HsGzhMZ.exe
  C:\Windows\System\HsGzhMZ.exe
  2⤵
  PID:2752
- C:\Windows\System\toiCjxo.exe
  C:\Windows\System\toiCjxo.exe
  2⤵
  PID:2756
- C:\Windows\System\moFVCVe.exe
  C:\Windows\System\moFVCVe.exe
  2⤵
  PID:2564
- C:\Windows\System\bXtEUWk.exe
  C:\Windows\System\bXtEUWk.exe
  2⤵
  PID:2632
- C:\Windows\System\uTsdGuD.exe
  C:\Windows\System\uTsdGuD.exe
  2⤵
  PID:2488
- C:\Windows\System\ltybJQg.exe
  C:\Windows\System\ltybJQg.exe
  2⤵
  PID:1720
- C:\Windows\System\TnUzHWH.exe
  C:\Windows\System\TnUzHWH.exe
  2⤵
  PID:2780
- C:\Windows\System\kVrvidB.exe
  C:\Windows\System\kVrvidB.exe
  2⤵
  PID:1928
- C:\Windows\System\mcBQZlb.exe
  C:\Windows\System\mcBQZlb.exe
  2⤵
  PID:2424
- C:\Windows\System\eOAxpxL.exe
  C:\Windows\System\eOAxpxL.exe
  2⤵
  PID:2104
- C:\Windows\System\nZoOQRy.exe
  C:\Windows\System\nZoOQRy.exe
  2⤵
  PID:1272
- C:\Windows\System\kuPABLR.exe
  C:\Windows\System\kuPABLR.exe
  2⤵
  PID:448
- C:\Windows\System\sASsWrQ.exe
  C:\Windows\System\sASsWrQ.exe
  2⤵
  PID:800
- C:\Windows\System\QnQrVDH.exe
  C:\Windows\System\QnQrVDH.exe
  2⤵
  PID:1756
- C:\Windows\System\TDcACLx.exe
  C:\Windows\System\TDcACLx.exe
  2⤵
  PID:628
- C:\Windows\System\LFLPmiB.exe
  C:\Windows\System\LFLPmiB.exe
  2⤵
  PID:976
- C:\Windows\System\PAsjWRM.exe
  C:\Windows\System\PAsjWRM.exe
  2⤵
  PID:2380
- C:\Windows\System\wcqFxpq.exe
  C:\Windows\System\wcqFxpq.exe
  2⤵
  PID:1724
- C:\Windows\System\CqdyuCm.exe
  C:\Windows\System\CqdyuCm.exe
  2⤵
  PID:1568
- C:\Windows\System\RmFakPA.exe
  C:\Windows\System\RmFakPA.exe
  2⤵
  PID:2876
- C:\Windows\System\FVnYJsE.exe
  C:\Windows\System\FVnYJsE.exe
  2⤵
  PID:2680
- C:\Windows\System\OmVkBfD.exe
  C:\Windows\System\OmVkBfD.exe
  2⤵
  PID:1792
- C:\Windows\System\OWMYXDy.exe
  C:\Windows\System\OWMYXDy.exe
  2⤵
  PID:288
- C:\Windows\System\YSsjemK.exe
  C:\Windows\System\YSsjemK.exe
  2⤵
  PID:2448
- C:\Windows\System\bLXwpAk.exe
  C:\Windows\System\bLXwpAk.exe
  2⤵
  PID:676
- C:\Windows\System\ATvjQAJ.exe
  C:\Windows\System\ATvjQAJ.exe
  2⤵
  PID:2688
- C:\Windows\System\YMIeqAm.exe
  C:\Windows\System\YMIeqAm.exe
  2⤵
  PID:1124
- C:\Windows\System\kSJxSCT.exe
  C:\Windows\System\kSJxSCT.exe
  2⤵
  PID:2152
- C:\Windows\System\oGaVYfB.exe
  C:\Windows\System\oGaVYfB.exe
  2⤵
  PID:2988
- C:\Windows\System\NaiUtaM.exe
  C:\Windows\System\NaiUtaM.exe
  2⤵
  PID:2032
- C:\Windows\System\cWDNnNg.exe
  C:\Windows\System\cWDNnNg.exe
  2⤵
  PID:2464
- C:\Windows\System\XDczrBu.exe
  C:\Windows\System\XDczrBu.exe
  2⤵
  PID:3080
- C:\Windows\System\lTmYMzu.exe
  C:\Windows\System\lTmYMzu.exe
  2⤵
  PID:3096
- C:\Windows\System\DGmwCLr.exe
  C:\Windows\System\DGmwCLr.exe
  2⤵
  PID:3112
- C:\Windows\System\RNYMhmX.exe
  C:\Windows\System\RNYMhmX.exe
  2⤵
  PID:3128
- C:\Windows\System\ghDzMVp.exe
  C:\Windows\System\ghDzMVp.exe
  2⤵
  PID:3144
- C:\Windows\System\qmIsSDx.exe
  C:\Windows\System\qmIsSDx.exe
  2⤵
  PID:3160
- C:\Windows\System\VQcUbtc.exe
  C:\Windows\System\VQcUbtc.exe
  2⤵
  PID:3176
- C:\Windows\System\KInytZU.exe
  C:\Windows\System\KInytZU.exe
  2⤵
  PID:3192
- C:\Windows\System\dKkMBJn.exe
  C:\Windows\System\dKkMBJn.exe
  2⤵
  PID:3208
- C:\Windows\System\WrByMOX.exe
  C:\Windows\System\WrByMOX.exe
  2⤵
  PID:3224
- C:\Windows\System\nnbJgtD.exe
  C:\Windows\System\nnbJgtD.exe
  2⤵
  PID:3240
- C:\Windows\System\fIjEetX.exe
  C:\Windows\System\fIjEetX.exe
  2⤵
  PID:3256
- C:\Windows\System\SVfoExw.exe
  C:\Windows\System\SVfoExw.exe
  2⤵
  PID:3272
- C:\Windows\System\FZHdtGs.exe
  C:\Windows\System\FZHdtGs.exe
  2⤵
  PID:3288
- C:\Windows\System\hkjDTKw.exe
  C:\Windows\System\hkjDTKw.exe
  2⤵
  PID:3304
- C:\Windows\System\zmQLqlU.exe
  C:\Windows\System\zmQLqlU.exe
  2⤵
  PID:3320
- C:\Windows\System\lxXOEWX.exe
  C:\Windows\System\lxXOEWX.exe
  2⤵
  PID:3336
- C:\Windows\System\qOzrsnA.exe
  C:\Windows\System\qOzrsnA.exe
  2⤵
  PID:3352
- C:\Windows\System\sVRzraX.exe
  C:\Windows\System\sVRzraX.exe
  2⤵
  PID:3368
- C:\Windows\System\aVFkzik.exe
  C:\Windows\System\aVFkzik.exe
  2⤵
  PID:3384
- C:\Windows\System\RGZxxUd.exe
  C:\Windows\System\RGZxxUd.exe
  2⤵
  PID:3400
- C:\Windows\System\ghGqEqM.exe
  C:\Windows\System\ghGqEqM.exe
  2⤵
  PID:3416
- C:\Windows\System\MrEeyCQ.exe
  C:\Windows\System\MrEeyCQ.exe
  2⤵
  PID:3432
- C:\Windows\System\PDcUiCK.exe
  C:\Windows\System\PDcUiCK.exe
  2⤵
  PID:3448
- C:\Windows\System\YekydJi.exe
  C:\Windows\System\YekydJi.exe
  2⤵
  PID:3464
- C:\Windows\System\sBRHNcW.exe
  C:\Windows\System\sBRHNcW.exe
  2⤵
  PID:3480
- C:\Windows\System\wHfTHCJ.exe
  C:\Windows\System\wHfTHCJ.exe
  2⤵
  PID:3496
- C:\Windows\System\SdwtYlo.exe
  C:\Windows\System\SdwtYlo.exe
  2⤵
  PID:3512
- C:\Windows\System\xVrDVRH.exe
  C:\Windows\System\xVrDVRH.exe
  2⤵
  PID:3528
- C:\Windows\System\AurBPJj.exe
  C:\Windows\System\AurBPJj.exe
  2⤵
  PID:3544
- C:\Windows\System\XjfTFZC.exe
  C:\Windows\System\XjfTFZC.exe
  2⤵
  PID:3560
- C:\Windows\System\uqsznEW.exe
  C:\Windows\System\uqsznEW.exe
  2⤵
  PID:3576
- C:\Windows\System\KjGkcMc.exe
  C:\Windows\System\KjGkcMc.exe
  2⤵
  PID:3592
- C:\Windows\System\HJmZvAf.exe
  C:\Windows\System\HJmZvAf.exe
  2⤵
  PID:3608
- C:\Windows\System\rlYFurD.exe
  C:\Windows\System\rlYFurD.exe
  2⤵
  PID:3624
- C:\Windows\System\BBPXTzw.exe
  C:\Windows\System\BBPXTzw.exe
  2⤵
  PID:3640
- C:\Windows\System\NxCHTuf.exe
  C:\Windows\System\NxCHTuf.exe
  2⤵
  PID:3656
- C:\Windows\System\pzHHKzg.exe
  C:\Windows\System\pzHHKzg.exe
  2⤵
  PID:3672
- C:\Windows\System\cysXHVN.exe
  C:\Windows\System\cysXHVN.exe
  2⤵
  PID:3688
- C:\Windows\System\iULmvqj.exe
  C:\Windows\System\iULmvqj.exe
  2⤵
  PID:3704
- C:\Windows\System\WvswNJo.exe
  C:\Windows\System\WvswNJo.exe
  2⤵
  PID:3720
- C:\Windows\System\JKjCLqL.exe
  C:\Windows\System\JKjCLqL.exe
  2⤵
  PID:3736
- C:\Windows\System\NLzhaoi.exe
  C:\Windows\System\NLzhaoi.exe
  2⤵
  PID:3752
- C:\Windows\System\eaITGsN.exe
  C:\Windows\System\eaITGsN.exe
  2⤵
  PID:3768
- C:\Windows\System\BmnxlWH.exe
  C:\Windows\System\BmnxlWH.exe
  2⤵
  PID:3784
- C:\Windows\System\SxEJCJR.exe
  C:\Windows\System\SxEJCJR.exe
  2⤵
  PID:3800
- C:\Windows\System\PbNYAMu.exe
  C:\Windows\System\PbNYAMu.exe
  2⤵
  PID:3816
- C:\Windows\System\LdlfhAh.exe
  C:\Windows\System\LdlfhAh.exe
  2⤵
  PID:3832
- C:\Windows\System\jNUUYqP.exe
  C:\Windows\System\jNUUYqP.exe
  2⤵
  PID:3848
- C:\Windows\System\wsWsYRK.exe
  C:\Windows\System\wsWsYRK.exe
  2⤵
  PID:3864
- C:\Windows\System\gQirEns.exe
  C:\Windows\System\gQirEns.exe
  2⤵
  PID:3880
- C:\Windows\System\AJfDBMq.exe
  C:\Windows\System\AJfDBMq.exe
  2⤵
  PID:3896
- C:\Windows\System\DhvbGtC.exe
  C:\Windows\System\DhvbGtC.exe
  2⤵
  PID:3912
- C:\Windows\System\zJBcKAD.exe
  C:\Windows\System\zJBcKAD.exe
  2⤵
  PID:3928
- C:\Windows\System\PAhBDWV.exe
  C:\Windows\System\PAhBDWV.exe
  2⤵
  PID:3944
- C:\Windows\System\sUHvKtw.exe
  C:\Windows\System\sUHvKtw.exe
  2⤵
  PID:3960
- C:\Windows\System\OzpKMvT.exe
  C:\Windows\System\OzpKMvT.exe
  2⤵
  PID:3976
- C:\Windows\System\UxAafKa.exe
  C:\Windows\System\UxAafKa.exe
  2⤵
  PID:3992
- C:\Windows\System\jTTMsuP.exe
  C:\Windows\System\jTTMsuP.exe
  2⤵
  PID:4008
- C:\Windows\System\tviUpBu.exe
  C:\Windows\System\tviUpBu.exe
  2⤵
  PID:4024
- C:\Windows\System\ixXhiJx.exe
  C:\Windows\System\ixXhiJx.exe
  2⤵
  PID:4040
- C:\Windows\System\hHFtmdF.exe
  C:\Windows\System\hHFtmdF.exe
  2⤵
  PID:4056
- C:\Windows\System\yPYtLEO.exe
  C:\Windows\System\yPYtLEO.exe
  2⤵
  PID:4072
- C:\Windows\System\OBrAvfl.exe
  C:\Windows\System\OBrAvfl.exe
  2⤵
  PID:4088
- C:\Windows\System\nsuLBKT.exe
  C:\Windows\System\nsuLBKT.exe
  2⤵
  PID:1532
- C:\Windows\System\GZrdwxX.exe
  C:\Windows\System\GZrdwxX.exe
  2⤵
  PID:2656
- C:\Windows\System\iASSHvw.exe
  C:\Windows\System\iASSHvw.exe
  2⤵
  PID:2024
- C:\Windows\System\gRftcRb.exe
  C:\Windows\System\gRftcRb.exe
  2⤵
  PID:3092
- C:\Windows\System\FFQgIAU.exe
  C:\Windows\System\FFQgIAU.exe
  2⤵
  PID:3136
- C:\Windows\System\xGrUrwk.exe
  C:\Windows\System\xGrUrwk.exe
  2⤵
  PID:3168
- C:\Windows\System\GqwIotM.exe
  C:\Windows\System\GqwIotM.exe
  2⤵
  PID:3200
- C:\Windows\System\CSsbgqW.exe
  C:\Windows\System\CSsbgqW.exe
  2⤵
  PID:3216
- C:\Windows\System\tmTRPYa.exe
  C:\Windows\System\tmTRPYa.exe
  2⤵
  PID:3396
- C:\Windows\System\MkDxaDU.exe
  C:\Windows\System\MkDxaDU.exe
  2⤵
  PID:3428
- C:\Windows\System\FfuLBAG.exe
  C:\Windows\System\FfuLBAG.exe
  2⤵
  PID:3472
- C:\Windows\System\TiqocuO.exe
  C:\Windows\System\TiqocuO.exe
  2⤵
  PID:3588
- C:\Windows\System\widsOlY.exe
  C:\Windows\System\widsOlY.exe
  2⤵
  PID:3632
- C:\Windows\System\hAJLQjo.exe
  C:\Windows\System\hAJLQjo.exe
  2⤵
  PID:3680
- C:\Windows\System\EwomnDs.exe
  C:\Windows\System\EwomnDs.exe
  2⤵
  PID:3712
- C:\Windows\System\aLtLVah.exe
  C:\Windows\System\aLtLVah.exe
  2⤵
  PID:3760
- C:\Windows\System\UhtdfOy.exe
  C:\Windows\System\UhtdfOy.exe
  2⤵
  PID:3808
- C:\Windows\System\pLzvEtO.exe
  C:\Windows\System\pLzvEtO.exe
  2⤵
  PID:3828
- C:\Windows\System\UqDMkSx.exe
  C:\Windows\System\UqDMkSx.exe
  2⤵
  PID:3872
- C:\Windows\System\JkPCDwF.exe
  C:\Windows\System\JkPCDwF.exe
  2⤵
  PID:3904
- C:\Windows\System\WcvPwWf.exe
  C:\Windows\System\WcvPwWf.exe
  2⤵
  PID:3936
- C:\Windows\System\aYUJTLp.exe
  C:\Windows\System\aYUJTLp.exe
  2⤵
  PID:3956
- C:\Windows\System\vbrbDYd.exe
  C:\Windows\System\vbrbDYd.exe
  2⤵
  PID:3988
- C:\Windows\System\TaRyThT.exe
  C:\Windows\System\TaRyThT.exe
  2⤵
  PID:4032
- C:\Windows\System\cZziiNs.exe
  C:\Windows\System\cZziiNs.exe
  2⤵
  PID:4068
- C:\Windows\System\UaaajGM.exe
  C:\Windows\System\UaaajGM.exe
  2⤵
  PID:2956
- C:\Windows\System\CVXiDcX.exe
  C:\Windows\System\CVXiDcX.exe
  2⤵
  PID:3108
- C:\Windows\System\duaniVI.exe
  C:\Windows\System\duaniVI.exe
  2⤵
  PID:3140
- C:\Windows\System\dxuzvRP.exe
  C:\Windows\System\dxuzvRP.exe
  2⤵
  PID:3204
- C:\Windows\System\ftZixOG.exe
  C:\Windows\System\ftZixOG.exe
  2⤵
  PID:3232
- C:\Windows\System\IHqmhIa.exe
  C:\Windows\System\IHqmhIa.exe
  2⤵
  PID:3360
- C:\Windows\System\gXYbzao.exe
  C:\Windows\System\gXYbzao.exe
  2⤵
  PID:3412
- C:\Windows\System\TDgYDGY.exe
  C:\Windows\System\TDgYDGY.exe
  2⤵
  PID:3524
- C:\Windows\System\iUZqMcX.exe
  C:\Windows\System\iUZqMcX.exe
  2⤵
  PID:3492
- C:\Windows\System\TDeXlxO.exe
  C:\Windows\System\TDeXlxO.exe
  2⤵
  PID:3664
- C:\Windows\System\IhTVnvx.exe
  C:\Windows\System\IhTVnvx.exe
  2⤵
  PID:3696
- C:\Windows\System\VLupnlj.exe
  C:\Windows\System\VLupnlj.exe
  2⤵
  PID:3776
- C:\Windows\System\gnSDZpF.exe
  C:\Windows\System\gnSDZpF.exe
  2⤵
  PID:4016
- C:\Windows\System\wmArzcZ.exe
  C:\Windows\System\wmArzcZ.exe
  2⤵
  PID:3088
- C:\Windows\System\XHuLkBF.exe
  C:\Windows\System\XHuLkBF.exe
  2⤵
  PID:3844
- C:\Windows\System\IrWZuvm.exe
  C:\Windows\System\IrWZuvm.exe
  2⤵
  PID:3984
- C:\Windows\System\BlVbsPU.exe
  C:\Windows\System\BlVbsPU.exe
  2⤵
  PID:4064
- C:\Windows\System\eTuXzbK.exe
  C:\Windows\System\eTuXzbK.exe
  2⤵
  PID:3184
- C:\Windows\System\ICuYjgw.exe
  C:\Windows\System\ICuYjgw.exe
  2⤵
  PID:3424
- C:\Windows\System\AsTtBkt.exe
  C:\Windows\System\AsTtBkt.exe
  2⤵
  PID:1668
- C:\Windows\System\DXITzMx.exe
  C:\Windows\System\DXITzMx.exe
  2⤵
  PID:4100
- C:\Windows\System\HKiBOmA.exe
  C:\Windows\System\HKiBOmA.exe
  2⤵
  PID:4116
- C:\Windows\System\dlNgcZG.exe
  C:\Windows\System\dlNgcZG.exe
  2⤵
  PID:4132
- C:\Windows\System\uFepRPs.exe
  C:\Windows\System\uFepRPs.exe
  2⤵
  PID:4148
- C:\Windows\System\oqqfxVa.exe
  C:\Windows\System\oqqfxVa.exe
  2⤵
  PID:4164
- C:\Windows\System\hGVfrwg.exe
  C:\Windows\System\hGVfrwg.exe
  2⤵
  PID:4180
- C:\Windows\System\LslPWKh.exe
  C:\Windows\System\LslPWKh.exe
  2⤵
  PID:4200
- C:\Windows\System\jjkuRTx.exe
  C:\Windows\System\jjkuRTx.exe
  2⤵
  PID:4220
- C:\Windows\System\BMwFuCK.exe
  C:\Windows\System\BMwFuCK.exe
  2⤵
  PID:4256
- C:\Windows\System\hnXaTPh.exe
  C:\Windows\System\hnXaTPh.exe
  2⤵
  PID:4276
- C:\Windows\System\QxGdlaw.exe
  C:\Windows\System\QxGdlaw.exe
  2⤵
  PID:4296
- C:\Windows\System\EEjioxs.exe
  C:\Windows\System\EEjioxs.exe
  2⤵
  PID:4316
- C:\Windows\System\sYUKmQd.exe
  C:\Windows\System\sYUKmQd.exe
  2⤵
  PID:4336
- C:\Windows\System\BReQAgK.exe
  C:\Windows\System\BReQAgK.exe
  2⤵
  PID:4372
- C:\Windows\System\ShWCuvJ.exe
  C:\Windows\System\ShWCuvJ.exe
  2⤵
  PID:4388
- C:\Windows\System\iikYynH.exe
  C:\Windows\System\iikYynH.exe
  2⤵
  PID:4404
- C:\Windows\System\bUyeLNg.exe
  C:\Windows\System\bUyeLNg.exe
  2⤵
  PID:4424
- C:\Windows\System\yYTqgII.exe
  C:\Windows\System\yYTqgII.exe
  2⤵
  PID:4440
- C:\Windows\System\HlOJfVQ.exe
  C:\Windows\System\HlOJfVQ.exe
  2⤵
  PID:4460
- C:\Windows\System\glFxVck.exe
  C:\Windows\System\glFxVck.exe
  2⤵
  PID:4476
- C:\Windows\System\RxoREfZ.exe
  C:\Windows\System\RxoREfZ.exe
  2⤵
  PID:4496
- C:\Windows\System\rbJDoHG.exe
  C:\Windows\System\rbJDoHG.exe
  2⤵
  PID:4512
- C:\Windows\System\IRbiYJy.exe
  C:\Windows\System\IRbiYJy.exe
  2⤵
  PID:4532
- C:\Windows\System\wvELEbo.exe
  C:\Windows\System\wvELEbo.exe
  2⤵
  PID:4576
- C:\Windows\System\IeLeDAK.exe
  C:\Windows\System\IeLeDAK.exe
  2⤵
  PID:4596
- C:\Windows\System\AUKgzGQ.exe
  C:\Windows\System\AUKgzGQ.exe
  2⤵
  PID:4624
- C:\Windows\System\sKpkrwa.exe
  C:\Windows\System\sKpkrwa.exe
  2⤵
  PID:4640
- C:\Windows\System\VwUmrlr.exe
  C:\Windows\System\VwUmrlr.exe
  2⤵
  PID:4656
- C:\Windows\System\cKxvLji.exe
  C:\Windows\System\cKxvLji.exe
  2⤵
  PID:4676
- C:\Windows\System\BVwmqOz.exe
  C:\Windows\System\BVwmqOz.exe
  2⤵
  PID:4692
- C:\Windows\System\UdGCrds.exe
  C:\Windows\System\UdGCrds.exe
  2⤵
  PID:4708
- C:\Windows\System\YpCAohR.exe
  C:\Windows\System\YpCAohR.exe
  2⤵
  PID:4896
- C:\Windows\System\IPDJxJc.exe
  C:\Windows\System\IPDJxJc.exe
  2⤵
  PID:3780
- C:\Windows\System\QnPdRnY.exe
  C:\Windows\System\QnPdRnY.exe
  2⤵
  PID:4716
- C:\Windows\System\vpgKgmX.exe
  C:\Windows\System\vpgKgmX.exe
  2⤵
  PID:4728
- C:\Windows\System\QlHVpYl.exe
  C:\Windows\System\QlHVpYl.exe
  2⤵
  PID:4748
- C:\Windows\System\GepKsPw.exe
  C:\Windows\System\GepKsPw.exe
  2⤵
  PID:4784
- C:\Windows\System\HYEQxZX.exe
  C:\Windows\System\HYEQxZX.exe
  2⤵
  PID:4812
- C:\Windows\System\DXKiVjO.exe
  C:\Windows\System\DXKiVjO.exe
  2⤵
  PID:4828
- C:\Windows\System\uYcLXAz.exe
  C:\Windows\System\uYcLXAz.exe
  2⤵
  PID:4908
- C:\Windows\System\ALwJImt.exe
  C:\Windows\System\ALwJImt.exe
  2⤵
  PID:4996
- C:\Windows\System\vfUdngW.exe
  C:\Windows\System\vfUdngW.exe
  2⤵
  PID:5036
- C:\Windows\System\knpDHcN.exe
  C:\Windows\System\knpDHcN.exe
  2⤵
  PID:5052
- C:\Windows\System\kcwvBTM.exe
  C:\Windows\System\kcwvBTM.exe
  2⤵
  PID:5068
- C:\Windows\System\HkiQuIc.exe
  C:\Windows\System\HkiQuIc.exe
  2⤵
  PID:2820
- C:\Windows\System\LGmfkNP.exe
  C:\Windows\System\LGmfkNP.exe
  2⤵
  PID:5108
- C:\Windows\System\gmURiHu.exe
  C:\Windows\System\gmURiHu.exe
  2⤵
  PID:2744
- C:\Windows\System\aXZpSpc.exe
  C:\Windows\System\aXZpSpc.exe
  2⤵
  PID:3616
- C:\Windows\System\jQIrQNB.exe
  C:\Windows\System\jQIrQNB.exe
  2⤵
  PID:3376
- C:\Windows\System\VMBJDph.exe
  C:\Windows\System\VMBJDph.exe
  2⤵
  PID:4156
- C:\Windows\System\zqGabII.exe
  C:\Windows\System\zqGabII.exe
  2⤵
  PID:4196
- C:\Windows\System\PMMHsBW.exe
  C:\Windows\System\PMMHsBW.exe
  2⤵
  PID:4284
- C:\Windows\System\ukPpuEX.exe
  C:\Windows\System\ukPpuEX.exe
  2⤵
  PID:4288
- C:\Windows\System\BjHHMif.exe
  C:\Windows\System\BjHHMif.exe
  2⤵
  PID:4332
- C:\Windows\System\TMPxAkl.exe
  C:\Windows\System\TMPxAkl.exe
  2⤵
  PID:4368
- C:\Windows\System\fYWRnzs.exe
  C:\Windows\System\fYWRnzs.exe
  2⤵
  PID:3968
- C:\Windows\System\TjbKxxJ.exe
  C:\Windows\System\TjbKxxJ.exe
  2⤵
  PID:4456
- C:\Windows\System\bCkwBoo.exe
  C:\Windows\System\bCkwBoo.exe
  2⤵
  PID:4488
- C:\Windows\System\qMUKFZL.exe
  C:\Windows\System\qMUKFZL.exe
  2⤵
  PID:4548
- C:\Windows\System\mAJCaHf.exe
  C:\Windows\System\mAJCaHf.exe
  2⤵
  PID:4572
- C:\Windows\System\sWOaGTj.exe
  C:\Windows\System\sWOaGTj.exe
  2⤵
  PID:4584
- C:\Windows\System\SAoYFqP.exe
  C:\Windows\System\SAoYFqP.exe
  2⤵
  PID:4688
- C:\Windows\System\UzkuhWt.exe
  C:\Windows\System\UzkuhWt.exe
  2⤵
  PID:4636
- C:\Windows\System\NXVkJCk.exe
  C:\Windows\System\NXVkJCk.exe
  2⤵
  PID:4704
- C:\Windows\System\lztFAyN.exe
  C:\Windows\System\lztFAyN.exe
  2⤵
  PID:4744
- C:\Windows\System\TxJqpSM.exe
  C:\Windows\System\TxJqpSM.exe
  2⤵
  PID:4756
- C:\Windows\System\pnAkLBp.exe
  C:\Windows\System\pnAkLBp.exe
  2⤵
  PID:4772
- C:\Windows\System\mswPbSs.exe
  C:\Windows\System\mswPbSs.exe
  2⤵
  PID:4768
- C:\Windows\System\iuiFHFH.exe
  C:\Windows\System\iuiFHFH.exe
  2⤵
  PID:4844
- C:\Windows\System\RdEzulR.exe
  C:\Windows\System\RdEzulR.exe
  2⤵
  PID:4872
- C:\Windows\System\pDlNBbX.exe
  C:\Windows\System\pDlNBbX.exe
  2⤵
  PID:4904
- C:\Windows\System\iFBkwFd.exe
  C:\Windows\System\iFBkwFd.exe
  2⤵
  PID:2676
- C:\Windows\System\bKkHMBf.exe
  C:\Windows\System\bKkHMBf.exe
  2⤵
  PID:4928
- C:\Windows\System\SMmciOl.exe
  C:\Windows\System\SMmciOl.exe
  2⤵
  PID:4944
- C:\Windows\System\DmXtnbQ.exe
  C:\Windows\System\DmXtnbQ.exe
  2⤵
  PID:4964
- C:\Windows\System\KUWPyxA.exe
  C:\Windows\System\KUWPyxA.exe
  2⤵
  PID:4984
- C:\Windows\System\FSABoRZ.exe
  C:\Windows\System\FSABoRZ.exe
  2⤵
  PID:4632
- C:\Windows\System\FIlHpZe.exe
  C:\Windows\System\FIlHpZe.exe
  2⤵
  PID:2784
- C:\Windows\System\ngnNBgn.exe
  C:\Windows\System\ngnNBgn.exe
  2⤵
  PID:5020
- C:\Windows\System\NVZqecD.exe
  C:\Windows\System\NVZqecD.exe
  2⤵
  PID:5044
- C:\Windows\System\kZnIlTe.exe
  C:\Windows\System\kZnIlTe.exe
  2⤵
  PID:5092
- C:\Windows\System\bIocndY.exe
  C:\Windows\System\bIocndY.exe
  2⤵
  PID:3920
- C:\Windows\System\dPsxXyw.exe
  C:\Windows\System\dPsxXyw.exe
  2⤵
  PID:4108
- C:\Windows\System\BFJvDcc.exe
  C:\Windows\System\BFJvDcc.exe
  2⤵
  PID:3668
- C:\Windows\System\CIHzBiF.exe
  C:\Windows\System\CIHzBiF.exe
  2⤵
  PID:4208
- C:\Windows\System\bUkHvnc.exe
  C:\Windows\System\bUkHvnc.exe
  2⤵
  PID:1576
- C:\Windows\System\xejswBe.exe
  C:\Windows\System\xejswBe.exe
  2⤵
  PID:3556
- C:\Windows\System\AllEoss.exe
  C:\Windows\System\AllEoss.exe
  2⤵
  PID:4128
- C:\Windows\System\BCqeQqm.exe
  C:\Windows\System\BCqeQqm.exe
  2⤵
  PID:4232
- C:\Windows\System\kLUaaUn.exe
  C:\Windows\System\kLUaaUn.exe
  2⤵
  PID:4240
- C:\Windows\System\JbBEiIc.exe
  C:\Windows\System\JbBEiIc.exe
  2⤵
  PID:4252
- C:\Windows\System\iKNcJzR.exe
  C:\Windows\System\iKNcJzR.exe
  2⤵
  PID:4352
- C:\Windows\System\zBxxDhk.exe
  C:\Windows\System\zBxxDhk.exe
  2⤵
  PID:2664
- C:\Windows\System\yHLQlud.exe
  C:\Windows\System\yHLQlud.exe
  2⤵
  PID:1048
- C:\Windows\System\GBmyuFP.exe
  C:\Windows\System\GBmyuFP.exe
  2⤵
  PID:4468
- C:\Windows\System\sWXUIaf.exe
  C:\Windows\System\sWXUIaf.exe
  2⤵
  PID:4448
- C:\Windows\System\AeiJiTG.exe
  C:\Windows\System\AeiJiTG.exe
  2⤵
  PID:1656
- C:\Windows\System\ixnrXqu.exe
  C:\Windows\System\ixnrXqu.exe
  2⤵
  PID:4564
- C:\Windows\System\kwipYsz.exe
  C:\Windows\System\kwipYsz.exe
  2⤵
  PID:4608
- C:\Windows\System\tjirswc.exe
  C:\Windows\System\tjirswc.exe
  2⤵
  PID:4684
- C:\Windows\System\gQIXecu.exe
  C:\Windows\System\gQIXecu.exe
  2⤵
  PID:4780
- C:\Windows\System\RVjNxxu.exe
  C:\Windows\System\RVjNxxu.exe
  2⤵
  PID:4792
- C:\Windows\System\MObfyBc.exe
  C:\Windows\System\MObfyBc.exe
  2⤵
  PID:4860
- C:\Windows\System\fdgdLOo.exe
  C:\Windows\System\fdgdLOo.exe
  2⤵
  PID:1912
- C:\Windows\System\urpXcyl.exe
  C:\Windows\System\urpXcyl.exe
  2⤵
  PID:4884
- C:\Windows\System\cyEqUjU.exe
  C:\Windows\System\cyEqUjU.exe
  2⤵
  PID:4840
- C:\Windows\System\kWGwOyP.exe
  C:\Windows\System\kWGwOyP.exe
  2⤵
  PID:4980
- C:\Windows\System\fcBQtpM.exe
  C:\Windows\System\fcBQtpM.exe
  2⤵
  PID:5016
- C:\Windows\System\qcYDUGU.exe
  C:\Windows\System\qcYDUGU.exe
  2⤵
  PID:4988
- C:\Windows\System\rSfYoCg.exe
  C:\Windows\System\rSfYoCg.exe
  2⤵
  PID:5048
- C:\Windows\System\azTWoIG.exe
  C:\Windows\System\azTWoIG.exe
  2⤵
  PID:4960
- C:\Windows\System\PHztGuv.exe
  C:\Windows\System\PHztGuv.exe
  2⤵
  PID:2880
- C:\Windows\System\OQmRTDD.exe
  C:\Windows\System\OQmRTDD.exe
  2⤵
  PID:5116
- C:\Windows\System\NfDzItg.exe
  C:\Windows\System\NfDzItg.exe
  2⤵
  PID:2708
- C:\Windows\System\EYRwXCI.exe
  C:\Windows\System\EYRwXCI.exe
  2⤵
  PID:2088
- C:\Windows\System\wrIrwnh.exe
  C:\Windows\System\wrIrwnh.exe
  2⤵
  PID:2700
- C:\Windows\System\RRyrTHV.exe
  C:\Windows\System\RRyrTHV.exe
  2⤵
  PID:4192
- C:\Windows\System\jzpNcOJ.exe
  C:\Windows\System\jzpNcOJ.exe
  2⤵
  PID:2236
- C:\Windows\System\XqMYrxO.exe
  C:\Windows\System\XqMYrxO.exe
  2⤵
  PID:4384
- C:\Windows\System\PeVmoaU.exe
  C:\Windows\System\PeVmoaU.exe
  2⤵
  PID:4348
- C:\Windows\System\jmethKu.exe
  C:\Windows\System\jmethKu.exe
  2⤵
  PID:1992
- C:\Windows\System\TKxQKzC.exe
  C:\Windows\System\TKxQKzC.exe
  2⤵
  PID:4360
- C:\Windows\System\YINdgFX.exe
  C:\Windows\System\YINdgFX.exe
  2⤵
  PID:3812
- C:\Windows\System\FdmEsLD.exe
  C:\Windows\System\FdmEsLD.exe
  2⤵
  PID:3952
- C:\Windows\System\PapEGsx.exe
  C:\Windows\System\PapEGsx.exe
  2⤵
  PID:3540
- C:\Windows\System\XiEoyqW.exe
  C:\Windows\System\XiEoyqW.exe
  2⤵
  PID:4452
- C:\Windows\System\gEHtOft.exe
  C:\Windows\System\gEHtOft.exe
  2⤵
  PID:5088
- C:\Windows\System\KUjUqFn.exe
  C:\Windows\System\KUjUqFn.exe
  2⤵
  PID:4972
- C:\Windows\System\jopdfvQ.exe
  C:\Windows\System\jopdfvQ.exe
  2⤵
  PID:4648
- C:\Windows\System\faWHaRd.exe
  C:\Windows\System\faWHaRd.exe
  2⤵
  PID:4880
- C:\Windows\System\SzwGsuI.exe
  C:\Windows\System\SzwGsuI.exe
  2⤵
  PID:3264
- C:\Windows\System\CcphKcJ.exe
  C:\Windows\System\CcphKcJ.exe
  2⤵
  PID:4892
- C:\Windows\System\XKRIOmD.exe
  C:\Windows\System\XKRIOmD.exe
  2⤵
  PID:4976
- C:\Windows\System\rNLDapx.exe
  C:\Windows\System\rNLDapx.exe
  2⤵
  PID:4956
- C:\Windows\System\XWQULOP.exe
  C:\Windows\System\XWQULOP.exe
  2⤵
  PID:2792
- C:\Windows\System\KAJOxKY.exe
  C:\Windows\System\KAJOxKY.exe
  2⤵
  PID:4952
- C:\Windows\System\EqeXrfM.exe
  C:\Windows\System\EqeXrfM.exe
  2⤵
  PID:5060
- C:\Windows\System\PykcyMy.exe
  C:\Windows\System\PykcyMy.exe
  2⤵
  PID:1340
- C:\Windows\System\kMHJinT.exe
  C:\Windows\System\kMHJinT.exe
  2⤵
  PID:2012
- C:\Windows\System\BtXbrCq.exe
  C:\Windows\System\BtXbrCq.exe
  2⤵
  PID:2852
- C:\Windows\System\WFPEZeg.exe
  C:\Windows\System\WFPEZeg.exe
  2⤵
  PID:4248
- C:\Windows\System\kFRAKOl.exe
  C:\Windows\System\kFRAKOl.exe
  2⤵
  PID:2620
- C:\Windows\System\ONMybNM.exe
  C:\Windows\System\ONMybNM.exe
  2⤵
  PID:980
- C:\Windows\System\KJpGiuX.exe
  C:\Windows\System\KJpGiuX.exe
  2⤵
  PID:4308
- C:\Windows\System\UbJONsQ.exe
  C:\Windows\System\UbJONsQ.exe
  2⤵
  PID:2772
- C:\Windows\System\uixXMXh.exe
  C:\Windows\System\uixXMXh.exe
  2⤵
  PID:2732
- C:\Windows\System\ekmaYWP.exe
  C:\Windows\System\ekmaYWP.exe
  2⤵
  PID:4492
- C:\Windows\System\GpaYgtR.exe
  C:\Windows\System\GpaYgtR.exe
  2⤵
  PID:4740
- C:\Windows\System\LysCOBF.exe
  C:\Windows\System\LysCOBF.exe
  2⤵
  PID:4796
- C:\Windows\System\rbDiLuJ.exe
  C:\Windows\System\rbDiLuJ.exe
  2⤵
  PID:4924
- C:\Windows\System\VjRsYTs.exe
  C:\Windows\System\VjRsYTs.exe
  2⤵
  PID:3572
- C:\Windows\System\bYzKYPo.exe
  C:\Windows\System\bYzKYPo.exe
  2⤵
  PID:5100
- C:\Windows\System\nYSbzCM.exe
  C:\Windows\System\nYSbzCM.exe
  2⤵
  PID:4216
- C:\Windows\System\CyHkRRp.exe
  C:\Windows\System\CyHkRRp.exe
  2⤵
  PID:3268
- C:\Windows\System\VtwHHMg.exe
  C:\Windows\System\VtwHHMg.exe
  2⤵
  PID:1748
- C:\Windows\System\uzAjfPt.exe
  C:\Windows\System\uzAjfPt.exe
  2⤵
  PID:3312
- C:\Windows\System\ULOyJnn.exe
  C:\Windows\System\ULOyJnn.exe
  2⤵
  PID:4420
- C:\Windows\System\fdlCIlx.exe
  C:\Windows\System\fdlCIlx.exe
  2⤵
  PID:316
- C:\Windows\System\CKVXFYm.exe
  C:\Windows\System\CKVXFYm.exe
  2⤵
  PID:2768
- C:\Windows\System\UgvblXN.exe
  C:\Windows\System\UgvblXN.exe
  2⤵
  PID:4852
- C:\Windows\System\oRjeBGT.exe
  C:\Windows\System\oRjeBGT.exe
  2⤵
  PID:2824
- C:\Windows\System\TnRXumO.exe
  C:\Windows\System\TnRXumO.exe
  2⤵
  PID:3460
- C:\Windows\System\UmbmmFY.exe
  C:\Windows\System\UmbmmFY.exe
  2⤵
  PID:3824
- C:\Windows\System\udbrMhs.exe
  C:\Windows\System\udbrMhs.exe
  2⤵
  PID:5128
- C:\Windows\System\HSXQQbD.exe
  C:\Windows\System\HSXQQbD.exe
  2⤵
  PID:5144
- C:\Windows\System\IDNGHMI.exe
  C:\Windows\System\IDNGHMI.exe
  2⤵
  PID:5164
- C:\Windows\System\rZaohWe.exe
  C:\Windows\System\rZaohWe.exe
  2⤵
  PID:5184
- C:\Windows\System\RLyNALz.exe
  C:\Windows\System\RLyNALz.exe
  2⤵
  PID:5200
- C:\Windows\System\GCoCEBI.exe
  C:\Windows\System\GCoCEBI.exe
  2⤵
  PID:5220
- C:\Windows\System\qOHZxGE.exe
  C:\Windows\System\qOHZxGE.exe
  2⤵
  PID:5236
- C:\Windows\System\FEZyiuS.exe
  C:\Windows\System\FEZyiuS.exe
  2⤵
  PID:5256
- C:\Windows\System\yuEroNp.exe
  C:\Windows\System\yuEroNp.exe
  2⤵
  PID:5292
- C:\Windows\System\bYdaVjG.exe
  C:\Windows\System\bYdaVjG.exe
  2⤵
  PID:5316
- C:\Windows\System\GSQQUPp.exe
  C:\Windows\System\GSQQUPp.exe
  2⤵
  PID:5336
- C:\Windows\System\MocBenK.exe
  C:\Windows\System\MocBenK.exe
  2⤵
  PID:5352
- C:\Windows\System\ChAcWwQ.exe
  C:\Windows\System\ChAcWwQ.exe
  2⤵
  PID:5368
- C:\Windows\System\vPcexaQ.exe
  C:\Windows\System\vPcexaQ.exe
  2⤵
  PID:5392
- C:\Windows\System\xxIXQdi.exe
  C:\Windows\System\xxIXQdi.exe
  2⤵
  PID:5440
- C:\Windows\System\BHydgJI.exe
  C:\Windows\System\BHydgJI.exe
  2⤵
  PID:5472
- C:\Windows\System\hqZXTSE.exe
  C:\Windows\System\hqZXTSE.exe
  2⤵
  PID:5488
- C:\Windows\System\YcJcyXX.exe
  C:\Windows\System\YcJcyXX.exe
  2⤵
  PID:5516
- C:\Windows\System\yeMVBHD.exe
  C:\Windows\System\yeMVBHD.exe
  2⤵
  PID:5540
- C:\Windows\System\OJCFMfV.exe
  C:\Windows\System\OJCFMfV.exe
  2⤵
  PID:5556
- C:\Windows\System\OBvnlpm.exe
  C:\Windows\System\OBvnlpm.exe
  2⤵
  PID:5584
- C:\Windows\System\qZdfLCw.exe
  C:\Windows\System\qZdfLCw.exe
  2⤵
  PID:5604
- C:\Windows\System\uJeVPCz.exe
  C:\Windows\System\uJeVPCz.exe
  2⤵
  PID:5624
- C:\Windows\System\mIOvIoi.exe
  C:\Windows\System\mIOvIoi.exe
  2⤵
  PID:5640
- C:\Windows\System\MxhUiXo.exe
  C:\Windows\System\MxhUiXo.exe
  2⤵
  PID:5672
- C:\Windows\System\iChScFF.exe
  C:\Windows\System\iChScFF.exe
  2⤵
  PID:5692
- C:\Windows\System\uORLRrJ.exe
  C:\Windows\System\uORLRrJ.exe
  2⤵
  PID:5712
- C:\Windows\System\NnsxiQK.exe
  C:\Windows\System\NnsxiQK.exe
  2⤵
  PID:5732
- C:\Windows\System\ssjoKVJ.exe
  C:\Windows\System\ssjoKVJ.exe
  2⤵
  PID:5748
- C:\Windows\System\TzLEvWD.exe
  C:\Windows\System\TzLEvWD.exe
  2⤵
  PID:5768
- C:\Windows\System\vGUsVla.exe
  C:\Windows\System\vGUsVla.exe
  2⤵
  PID:5784
- C:\Windows\System\WhmxTge.exe
  C:\Windows\System\WhmxTge.exe
  2⤵
  PID:5804
- C:\Windows\System\kXfoUrM.exe
  C:\Windows\System\kXfoUrM.exe
  2⤵
  PID:5820
- C:\Windows\System\TJydxLq.exe
  C:\Windows\System\TJydxLq.exe
  2⤵
  PID:5848
- C:\Windows\System\iPxKZZJ.exe
  C:\Windows\System\iPxKZZJ.exe
  2⤵
  PID:5868
- C:\Windows\System\aUGzLyx.exe
  C:\Windows\System\aUGzLyx.exe
  2⤵
  PID:5884
- C:\Windows\System\EOLZvxc.exe
  C:\Windows\System\EOLZvxc.exe
  2⤵
  PID:5904
- C:\Windows\System\qXjeRtf.exe
  C:\Windows\System\qXjeRtf.exe
  2⤵
  PID:5924
- C:\Windows\System\OTApxgp.exe
  C:\Windows\System\OTApxgp.exe
  2⤵
  PID:5940
- C:\Windows\System\mgMzFTB.exe
  C:\Windows\System\mgMzFTB.exe
  2⤵
  PID:5956
- C:\Windows\System\CNIDeGo.exe
  C:\Windows\System\CNIDeGo.exe
  2⤵
  PID:5976
- C:\Windows\System\ugcMenW.exe
  C:\Windows\System\ugcMenW.exe
  2⤵
  PID:5996
- C:\Windows\System\ubQoJGd.exe
  C:\Windows\System\ubQoJGd.exe
  2⤵
  PID:6028
- C:\Windows\System\NnTEvWV.exe
  C:\Windows\System\NnTEvWV.exe
  2⤵
  PID:6048
- C:\Windows\System\wxVpFbQ.exe
  C:\Windows\System\wxVpFbQ.exe
  2⤵
  PID:6064
- C:\Windows\System\VfgdUdD.exe
  C:\Windows\System\VfgdUdD.exe
  2⤵
  PID:6088
- C:\Windows\System\VvlgEnz.exe
  C:\Windows\System\VvlgEnz.exe
  2⤵
  PID:6104
- C:\Windows\System\zEhVaFS.exe
  C:\Windows\System\zEhVaFS.exe
  2⤵
  PID:6120
- C:\Windows\System\MmUoESe.exe
  C:\Windows\System\MmUoESe.exe
  2⤵
  PID:6136
- C:\Windows\System\fGtrTrf.exe
  C:\Windows\System\fGtrTrf.exe
  2⤵
  PID:1776
- C:\Windows\System\aqmgmTp.exe
  C:\Windows\System\aqmgmTp.exe
  2⤵
  PID:5136
- C:\Windows\System\iBKDZFw.exe
  C:\Windows\System\iBKDZFw.exe
  2⤵
  PID:5208
- C:\Windows\System\TPaiGvI.exe
  C:\Windows\System\TPaiGvI.exe
  2⤵
  PID:5124
- C:\Windows\System\pJTqglF.exe
  C:\Windows\System\pJTqglF.exe
  2⤵
  PID:3300
- C:\Windows\System\bnlEcNQ.exe
  C:\Windows\System\bnlEcNQ.exe
  2⤵
  PID:5212
- C:\Windows\System\ieMeOGb.exe
  C:\Windows\System\ieMeOGb.exe
  2⤵
  PID:5264
- C:\Windows\System\IWDdBre.exe
  C:\Windows\System\IWDdBre.exe
  2⤵
  PID:5244
- C:\Windows\System\eZpxrcz.exe
  C:\Windows\System\eZpxrcz.exe
  2⤵
  PID:5308
- C:\Windows\System\QmgKWhU.exe
  C:\Windows\System\QmgKWhU.exe
  2⤵
  PID:5376
- C:\Windows\System\FiYyLXO.exe
  C:\Windows\System\FiYyLXO.exe
  2⤵
  PID:5360
- C:\Windows\System\sydTYff.exe
  C:\Windows\System\sydTYff.exe
  2⤵
  PID:5288
- C:\Windows\System\MDVTmyM.exe
  C:\Windows\System\MDVTmyM.exe
  2⤵
  PID:5456
- C:\Windows\System\DPSSqxM.exe
  C:\Windows\System\DPSSqxM.exe
  2⤵
  PID:5496
- C:\Windows\System\AtoXOkI.exe
  C:\Windows\System\AtoXOkI.exe
  2⤵
  PID:5504
- C:\Windows\System\tNTtYlS.exe
  C:\Windows\System\tNTtYlS.exe
  2⤵
  PID:5600
- C:\Windows\System\kahjlBh.exe
  C:\Windows\System\kahjlBh.exe
  2⤵
  PID:5528
- C:\Windows\System\SYPDwYS.exe
  C:\Windows\System\SYPDwYS.exe
  2⤵
  PID:5632
- C:\Windows\System\FOQVwvh.exe
  C:\Windows\System\FOQVwvh.exe
  2⤵
  PID:5580
- C:\Windows\System\QtgfEjc.exe
  C:\Windows\System\QtgfEjc.exe
  2⤵
  PID:5656
- C:\Windows\System\SVjyKyZ.exe
  C:\Windows\System\SVjyKyZ.exe
  2⤵
  PID:5684
- C:\Windows\System\BgRxLUm.exe
  C:\Windows\System\BgRxLUm.exe
  2⤵
  PID:5724
- C:\Windows\System\RFpAXVk.exe
  C:\Windows\System\RFpAXVk.exe
  2⤵
  PID:5756
- C:\Windows\System\aSZgTmw.exe
  C:\Windows\System\aSZgTmw.exe
  2⤵
  PID:5800
- C:\Windows\System\adynlMN.exe
  C:\Windows\System\adynlMN.exe
  2⤵
  PID:5932
- C:\Windows\System\itKQyyt.exe
  C:\Windows\System\itKQyyt.exe
  2⤵
  PID:5896
- C:\Windows\System\wjwPdqG.exe
  C:\Windows\System\wjwPdqG.exe
  2⤵
  PID:6044
- C:\Windows\System\qPGrbIc.exe
  C:\Windows\System\qPGrbIc.exe
  2⤵
  PID:6076
- C:\Windows\System\Ayzclkw.exe
  C:\Windows\System\Ayzclkw.exe
  2⤵
  PID:3504
- C:\Windows\System\GRslQBR.exe
  C:\Windows\System\GRslQBR.exe
  2⤵
  PID:6100
- C:\Windows\System\CiNbgNU.exe
  C:\Windows\System\CiNbgNU.exe
  2⤵
  PID:4936
- C:\Windows\System\IEYmtkc.exe
  C:\Windows\System\IEYmtkc.exe
  2⤵
  PID:3020
- C:\Windows\System\AFDxuXL.exe
  C:\Windows\System\AFDxuXL.exe
  2⤵
  PID:5252
- C:\Windows\System\qZAPNFJ.exe
  C:\Windows\System\qZAPNFJ.exe
  2⤵
  PID:5416
- C:\Windows\System\KqPBMwq.exe
  C:\Windows\System\KqPBMwq.exe
  2⤵
  PID:4856
- C:\Windows\System\ijnxcWz.exe
  C:\Windows\System\ijnxcWz.exe
  2⤵
  PID:5284
- C:\Windows\System\KkJynnc.exe
  C:\Windows\System\KkJynnc.exe
  2⤵
  PID:5436
- C:\Windows\System\sTZdswA.exe
  C:\Windows\System\sTZdswA.exe
  2⤵
  PID:5668
- C:\Windows\System\sTEzRkR.exe
  C:\Windows\System\sTEzRkR.exe
  2⤵
  PID:5796
- C:\Windows\System\ZjDEAKN.exe
  C:\Windows\System\ZjDEAKN.exe
  2⤵
  PID:5592
- C:\Windows\System\QUUTNjZ.exe
  C:\Windows\System\QUUTNjZ.exe
  2⤵
  PID:5856
- C:\Windows\System\ZxvOtWY.exe
  C:\Windows\System\ZxvOtWY.exe
  2⤵
  PID:6016
- C:\Windows\System\BnQsHFZ.exe
  C:\Windows\System\BnQsHFZ.exe
  2⤵
  PID:5836
- C:\Windows\System\SQLFkki.exe
  C:\Windows\System\SQLFkki.exe
  2⤵
  PID:5912
- C:\Windows\System\nFtnZLZ.exe
  C:\Windows\System\nFtnZLZ.exe
  2⤵
  PID:5916
- C:\Windows\System\ONIwhoM.exe
  C:\Windows\System\ONIwhoM.exe
  2⤵
  PID:5992
- C:\Windows\System\yEIZMUA.exe
  C:\Windows\System\yEIZMUA.exe
  2⤵
  PID:5972
- C:\Windows\System\sEtaKFJ.exe
  C:\Windows\System\sEtaKFJ.exe
  2⤵
  PID:6116
- C:\Windows\System\hBOEczP.exe
  C:\Windows\System\hBOEczP.exe
  2⤵
  PID:3348
- C:\Windows\System\JMEVTGU.exe
  C:\Windows\System\JMEVTGU.exe
  2⤵
  PID:5424
- C:\Windows\System\zTgtSLR.exe
  C:\Windows\System\zTgtSLR.exe
  2⤵
  PID:6096
- C:\Windows\System\rXWwXtv.exe
  C:\Windows\System\rXWwXtv.exe
  2⤵
  PID:5404
- C:\Windows\System\vYBqmBY.exe
  C:\Windows\System\vYBqmBY.exe
  2⤵
  PID:5344
- C:\Windows\System\DufxBgo.exe
  C:\Windows\System\DufxBgo.exe
  2⤵
  PID:4604
- C:\Windows\System\NXjJZUC.exe
  C:\Windows\System\NXjJZUC.exe
  2⤵
  PID:5468
- C:\Windows\System\izdSdDr.exe
  C:\Windows\System\izdSdDr.exe
  2⤵
  PID:5576
- C:\Windows\System\owYbPLe.exe
  C:\Windows\System\owYbPLe.exe
  2⤵
  PID:5968
- C:\Windows\System\PQMJrTd.exe
  C:\Windows\System\PQMJrTd.exe
  2⤵
  PID:5864
- C:\Windows\System\OvBWwTQ.exe
  C:\Windows\System\OvBWwTQ.exe
  2⤵
  PID:5172
- C:\Windows\System\ixhduqL.exe
  C:\Windows\System\ixhduqL.exe
  2⤵
  PID:5428
- C:\Windows\System\GCjZlLl.exe
  C:\Windows\System\GCjZlLl.exe
  2⤵
  PID:5324
- C:\Windows\System\GmcMYze.exe
  C:\Windows\System\GmcMYze.exe
  2⤵
  PID:5688
- C:\Windows\System\UrAhuCD.exe
  C:\Windows\System\UrAhuCD.exe
  2⤵
  PID:6012
- C:\Windows\System\EUNWFCN.exe
  C:\Windows\System\EUNWFCN.exe
  2⤵
  PID:5280
- C:\Windows\System\IkVGpZd.exe
  C:\Windows\System\IkVGpZd.exe
  2⤵
  PID:5232
- C:\Windows\System\qsTIrqs.exe
  C:\Windows\System\qsTIrqs.exe
  2⤵
  PID:6036
- C:\Windows\System\NFDkVql.exe
  C:\Windows\System\NFDkVql.exe
  2⤵
  PID:5564
- C:\Windows\System\LpfdqAf.exe
  C:\Windows\System\LpfdqAf.exe
  2⤵
  PID:3620
- C:\Windows\System\XlGhMZN.exe
  C:\Windows\System\XlGhMZN.exe
  2⤵
  PID:5764
- C:\Windows\System\tJeXrtw.exe
  C:\Windows\System\tJeXrtw.exe
  2⤵
  PID:5720
- C:\Windows\System\ibxqruF.exe
  C:\Windows\System\ibxqruF.exe
  2⤵
  PID:6008
- C:\Windows\System\cjBlXCV.exe
  C:\Windows\System\cjBlXCV.exe
  2⤵
  PID:5828
- C:\Windows\System\XKYEIdY.exe
  C:\Windows\System\XKYEIdY.exe
  2⤵
  PID:5744
- C:\Windows\System\aXdNaGG.exe
  C:\Windows\System\aXdNaGG.exe
  2⤵
  PID:2284
- C:\Windows\System\NjZIGZH.exe
  C:\Windows\System\NjZIGZH.exe
  2⤵
  PID:5812
- C:\Windows\System\cEwIOoz.exe
  C:\Windows\System\cEwIOoz.exe
  2⤵
  PID:6084
- C:\Windows\System\EVTFAnI.exe
  C:\Windows\System\EVTFAnI.exe
  2⤵
  PID:3316
- C:\Windows\System\scuvBMm.exe
  C:\Windows\System\scuvBMm.exe
  2⤵
  PID:5620
- C:\Windows\System\cCbmkof.exe
  C:\Windows\System\cCbmkof.exe
  2⤵
  PID:4144
- C:\Windows\System\WjVqZCd.exe
  C:\Windows\System\WjVqZCd.exe
  2⤵
  PID:5704
- C:\Windows\System\TPrynnA.exe
  C:\Windows\System\TPrynnA.exe
  2⤵
  PID:6152
- C:\Windows\System\NuLpGGj.exe
  C:\Windows\System\NuLpGGj.exe
  2⤵
  PID:6168
- C:\Windows\System\NEtQkHB.exe
  C:\Windows\System\NEtQkHB.exe
  2⤵
  PID:6192
- C:\Windows\System\buAZRMc.exe
  C:\Windows\System\buAZRMc.exe
  2⤵
  PID:6208
- C:\Windows\System\eEIeeRS.exe
  C:\Windows\System\eEIeeRS.exe
  2⤵
  PID:6228
- C:\Windows\System\rMdlcZo.exe
  C:\Windows\System\rMdlcZo.exe
  2⤵
  PID:6244
- C:\Windows\System\xKibvMA.exe
  C:\Windows\System\xKibvMA.exe
  2⤵
  PID:6260
- C:\Windows\System\BfpsexA.exe
  C:\Windows\System\BfpsexA.exe
  2⤵
  PID:6276
- C:\Windows\System\LopzaAp.exe
  C:\Windows\System\LopzaAp.exe
  2⤵
  PID:6292
- C:\Windows\System\RYwdXiA.exe
  C:\Windows\System\RYwdXiA.exe
  2⤵
  PID:6308
- C:\Windows\System\yrwIgUw.exe
  C:\Windows\System\yrwIgUw.exe
  2⤵
  PID:6324
- C:\Windows\System\icWbYJn.exe
  C:\Windows\System\icWbYJn.exe
  2⤵
  PID:6352
- C:\Windows\System\hVXOsro.exe
  C:\Windows\System\hVXOsro.exe
  2⤵
  PID:6372
- C:\Windows\System\mSzSZhY.exe
  C:\Windows\System\mSzSZhY.exe
  2⤵
  PID:6388
- C:\Windows\System\zBNJBDT.exe
  C:\Windows\System\zBNJBDT.exe
  2⤵
  PID:6416
- C:\Windows\System\pbPMLXl.exe
  C:\Windows\System\pbPMLXl.exe
  2⤵
  PID:6432
- C:\Windows\System\fLYYtvF.exe
  C:\Windows\System\fLYYtvF.exe
  2⤵
  PID:6448
- C:\Windows\System\qPhAnUG.exe
  C:\Windows\System\qPhAnUG.exe
  2⤵
  PID:6468
- C:\Windows\System\lNboYdL.exe
  C:\Windows\System\lNboYdL.exe
  2⤵
  PID:6484
- C:\Windows\System\ipQDxtn.exe
  C:\Windows\System\ipQDxtn.exe
  2⤵
  PID:6504
- C:\Windows\System\muylOOo.exe
  C:\Windows\System\muylOOo.exe
  2⤵
  PID:6520
- C:\Windows\System\raLTJBL.exe
  C:\Windows\System\raLTJBL.exe
  2⤵
  PID:6540
- C:\Windows\System\DGsPaHa.exe
  C:\Windows\System\DGsPaHa.exe
  2⤵
  PID:6556
- C:\Windows\System\NeoNGpA.exe
  C:\Windows\System\NeoNGpA.exe
  2⤵
  PID:6576
- C:\Windows\System\MbKDbci.exe
  C:\Windows\System\MbKDbci.exe
  2⤵
  PID:6592
- C:\Windows\System\pwqbIOO.exe
  C:\Windows\System\pwqbIOO.exe
  2⤵
  PID:6612
- C:\Windows\System\mlTBoRl.exe
  C:\Windows\System\mlTBoRl.exe
  2⤵
  PID:6628
- C:\Windows\System\wblOdLi.exe
  C:\Windows\System\wblOdLi.exe
  2⤵
  PID:6648
- C:\Windows\System\DOMXRiL.exe
  C:\Windows\System\DOMXRiL.exe
  2⤵
  PID:6668
- C:\Windows\System\WpALAPj.exe
  C:\Windows\System\WpALAPj.exe
  2⤵
  PID:6720
- C:\Windows\System\KtLJrhE.exe
  C:\Windows\System\KtLJrhE.exe
  2⤵
  PID:6736
- C:\Windows\System\LalStHi.exe
  C:\Windows\System\LalStHi.exe
  2⤵
  PID:6752
- C:\Windows\System\NfxxQXU.exe
  C:\Windows\System\NfxxQXU.exe
  2⤵
  PID:6768
- C:\Windows\System\EtpFWpb.exe
  C:\Windows\System\EtpFWpb.exe
  2⤵
  PID:6784
- C:\Windows\System\KxlZazG.exe
  C:\Windows\System\KxlZazG.exe
  2⤵
  PID:6800
- C:\Windows\System\OAuRWDF.exe
  C:\Windows\System\OAuRWDF.exe
  2⤵
  PID:6816
- C:\Windows\System\tUoSVqc.exe
  C:\Windows\System\tUoSVqc.exe
  2⤵
  PID:6832
- C:\Windows\System\WeaIoQV.exe
  C:\Windows\System\WeaIoQV.exe
  2⤵
  PID:6848
- C:\Windows\System\LKnxYWi.exe
  C:\Windows\System\LKnxYWi.exe
  2⤵
  PID:6864
- C:\Windows\System\ordPFCr.exe
  C:\Windows\System\ordPFCr.exe
  2⤵
  PID:6880
- C:\Windows\System\lCDsATb.exe
  C:\Windows\System\lCDsATb.exe
  2⤵
  PID:6972
- C:\Windows\System\hxqWeKE.exe
  C:\Windows\System\hxqWeKE.exe
  2⤵
  PID:6988
- C:\Windows\System\tsOtFTM.exe
  C:\Windows\System\tsOtFTM.exe
  2⤵
  PID:7016
- C:\Windows\System\EofldOm.exe
  C:\Windows\System\EofldOm.exe
  2⤵
  PID:7032
- C:\Windows\System\IksttvO.exe
  C:\Windows\System\IksttvO.exe
  2⤵
  PID:7048
- C:\Windows\System\RGPGdjr.exe
  C:\Windows\System\RGPGdjr.exe
  2⤵
  PID:7064
- C:\Windows\System\JFdalhM.exe
  C:\Windows\System\JFdalhM.exe
  2⤵
  PID:7080
- C:\Windows\System\KcBjNGR.exe
  C:\Windows\System\KcBjNGR.exe
  2⤵
  PID:7100
- C:\Windows\System\gLvNjzV.exe
  C:\Windows\System\gLvNjzV.exe
  2⤵
  PID:7116
- C:\Windows\System\maxgKDy.exe
  C:\Windows\System\maxgKDy.exe
  2⤵
  PID:7136
- C:\Windows\System\rbuMmHT.exe
  C:\Windows\System\rbuMmHT.exe
  2⤵
  PID:7152
- C:\Windows\System\WHQCADQ.exe
  C:\Windows\System\WHQCADQ.exe
  2⤵
  PID:5876
- C:\Windows\System\VSlYhDg.exe
  C:\Windows\System\VSlYhDg.exe
  2⤵
  PID:6268
- C:\Windows\System\GJiwOQB.exe
  C:\Windows\System\GJiwOQB.exe
  2⤵
  PID:6336
- C:\Windows\System\HEDGiHS.exe
  C:\Windows\System\HEDGiHS.exe
  2⤵
  PID:6380
- C:\Windows\System\nFJUCkU.exe
  C:\Windows\System\nFJUCkU.exe
  2⤵
  PID:6112
- C:\Windows\System\GsGsqOG.exe
  C:\Windows\System\GsGsqOG.exe
  2⤵
  PID:6460
- C:\Windows\System\zcLqseM.exe
  C:\Windows\System\zcLqseM.exe
  2⤵
  PID:6528
- C:\Windows\System\EJmApLa.exe
  C:\Windows\System\EJmApLa.exe
  2⤵
  PID:6568
- C:\Windows\System\QlsZmKP.exe
  C:\Windows\System\QlsZmKP.exe
  2⤵
  PID:6640
- C:\Windows\System\UWPLaCu.exe
  C:\Windows\System\UWPLaCu.exe
  2⤵
  PID:6676
- C:\Windows\System\oTRnNjG.exe
  C:\Windows\System\oTRnNjG.exe
  2⤵
  PID:6692
- C:\Windows\System\IojMcuR.exe
  C:\Windows\System\IojMcuR.exe
  2⤵
  PID:6708
- C:\Windows\System\KanSRed.exe
  C:\Windows\System\KanSRed.exe
  2⤵
  PID:6320
- C:\Windows\System\MJHvQJg.exe
  C:\Windows\System\MJHvQJg.exe
  2⤵
  PID:6224
- C:\Windows\System\EWMDjen.exe
  C:\Windows\System\EWMDjen.exe
  2⤵
  PID:6368
- C:\Windows\System\LkeBnmi.exe
  C:\Windows\System\LkeBnmi.exe
  2⤵
  PID:6408
- C:\Windows\System\hjVnVyc.exe
  C:\Windows\System\hjVnVyc.exe
  2⤵
  PID:6512
- C:\Windows\System\KeSbsxG.exe
  C:\Windows\System\KeSbsxG.exe
  2⤵
  PID:6584
- C:\Windows\System\HRNzRnQ.exe
  C:\Windows\System\HRNzRnQ.exe
  2⤵
  PID:6656
- C:\Windows\System\GXUzkeg.exe
  C:\Windows\System\GXUzkeg.exe
  2⤵
  PID:6840
- C:\Windows\System\uNRrpxh.exe
  C:\Windows\System\uNRrpxh.exe
  2⤵
  PID:6760
- C:\Windows\System\WRIuTYH.exe
  C:\Windows\System\WRIuTYH.exe
  2⤵
  PID:6824
- C:\Windows\System\lmwXxTT.exe
  C:\Windows\System\lmwXxTT.exe
  2⤵
  PID:6888
- C:\Windows\System\WlGTjaK.exe
  C:\Windows\System\WlGTjaK.exe
  2⤵
  PID:2196
- C:\Windows\System\SdWzWJB.exe
  C:\Windows\System\SdWzWJB.exe
  2⤵
  PID:6928
- C:\Windows\System\ODxwAPW.exe
  C:\Windows\System\ODxwAPW.exe
  2⤵
  PID:6944
- C:\Windows\System\BWtihFB.exe
  C:\Windows\System\BWtihFB.exe
  2⤵
  PID:6984
- C:\Windows\System\hEnMxCl.exe
  C:\Windows\System\hEnMxCl.exe
  2⤵
  PID:7024
- C:\Windows\System\gTYkCMX.exe
  C:\Windows\System\gTYkCMX.exe
  2⤵
  PID:7060
- C:\Windows\System\oLpVVbP.exe
  C:\Windows\System\oLpVVbP.exe
  2⤵
  PID:7160
- C:\Windows\System\aVELHJK.exe
  C:\Windows\System\aVELHJK.exe
  2⤵
  PID:7044
- C:\Windows\System\ZKulNGu.exe
  C:\Windows\System\ZKulNGu.exe
  2⤵
  PID:7112
- C:\Windows\System\ZnviQVO.exe
  C:\Windows\System\ZnviQVO.exe
  2⤵
  PID:5432
- C:\Windows\System\uYEdrvf.exe
  C:\Windows\System\uYEdrvf.exe
  2⤵
  PID:6200
- C:\Windows\System\tidjmWX.exe
  C:\Windows\System\tidjmWX.exe
  2⤵
  PID:6492
- C:\Windows\System\BtdQAKH.exe
  C:\Windows\System\BtdQAKH.exe
  2⤵
  PID:6344
- C:\Windows\System\KPgOdDF.exe
  C:\Windows\System\KPgOdDF.exe
  2⤵
  PID:4416
- C:\Windows\System\dUEJRgJ.exe
  C:\Windows\System\dUEJRgJ.exe
  2⤵
  PID:1620
- C:\Windows\System\dqCnRon.exe
  C:\Windows\System\dqCnRon.exe
  2⤵
  PID:6536
- C:\Windows\System\ysFJJtC.exe
  C:\Windows\System\ysFJJtC.exe
  2⤵
  PID:6288
- C:\Windows\System\myXPUZN.exe
  C:\Windows\System\myXPUZN.exe
  2⤵
  PID:6184
- C:\Windows\System\MwdwzmP.exe
  C:\Windows\System\MwdwzmP.exe
  2⤵
  PID:6360
- C:\Windows\System\RqCUEpP.exe
  C:\Windows\System\RqCUEpP.exe
  2⤵
  PID:6480
- C:\Windows\System\zLojscM.exe
  C:\Windows\System\zLojscM.exe
  2⤵
  PID:6664
- C:\Windows\System\fClBfpB.exe
  C:\Windows\System\fClBfpB.exe
  2⤵
  PID:6732
- C:\Windows\System\TGDyQOW.exe
  C:\Windows\System\TGDyQOW.exe
  2⤵
  PID:6188
- C:\Windows\System\zCaqwip.exe
  C:\Windows\System\zCaqwip.exe
  2⤵
  PID:6860
- C:\Windows\System\zMlARmv.exe
  C:\Windows\System\zMlARmv.exe
  2⤵
  PID:6920
- C:\Windows\System\ZFUynOq.exe
  C:\Windows\System\ZFUynOq.exe
  2⤵
  PID:6812
- C:\Windows\System\AMtoilY.exe
  C:\Windows\System\AMtoilY.exe
  2⤵
  PID:6896
- C:\Windows\System\HYnZDDU.exe
  C:\Windows\System\HYnZDDU.exe
  2⤵
  PID:6940
- C:\Windows\System\OBvJkvS.exe
  C:\Windows\System\OBvJkvS.exe
  2⤵
  PID:5156
- C:\Windows\System\whYXoWJ.exe
  C:\Windows\System\whYXoWJ.exe
  2⤵
  PID:7124
- C:\Windows\System\fBFsdGd.exe
  C:\Windows\System\fBFsdGd.exe
  2⤵
  PID:6160
- C:\Windows\System\CpcEsOu.exe
  C:\Windows\System\CpcEsOu.exe
  2⤵
  PID:5648
- C:\Windows\System\ybGQNje.exe
  C:\Windows\System\ybGQNje.exe
  2⤵
  PID:6148
- C:\Windows\System\mPGCCII.exe
  C:\Windows\System\mPGCCII.exe
  2⤵
  PID:6500
- C:\Windows\System\hPSCXAK.exe
  C:\Windows\System\hPSCXAK.exe
  2⤵
  PID:6604
- C:\Windows\System\eUsjKiA.exe
  C:\Windows\System\eUsjKiA.exe
  2⤵
  PID:6564
- C:\Windows\System\rAHvaxv.exe
  C:\Windows\System\rAHvaxv.exe
  2⤵
  PID:6476
- C:\Windows\System\mRIXSaV.exe
  C:\Windows\System\mRIXSaV.exe
  2⤵
  PID:7108
- C:\Windows\System\eoNaMke.exe
  C:\Windows\System\eoNaMke.exe
  2⤵
  PID:3604
- C:\Windows\System\CHnVDQY.exe
  C:\Windows\System\CHnVDQY.exe
  2⤵
  PID:6364
- C:\Windows\System\fSRbuHS.exe
  C:\Windows\System\fSRbuHS.exe
  2⤵
  PID:6876
- C:\Windows\System\apDLsMd.exe
  C:\Windows\System\apDLsMd.exe
  2⤵
  PID:6456
- C:\Windows\System\POaNRyn.exe
  C:\Windows\System\POaNRyn.exe
  2⤵
  PID:6792
- C:\Windows\System\sqVMyTo.exe
  C:\Windows\System\sqVMyTo.exe
  2⤵
  PID:7000
- C:\Windows\System\LtWjbKG.exe
  C:\Windows\System\LtWjbKG.exe
  2⤵
  PID:6252
- C:\Windows\System\ntNacGd.exe
  C:\Windows\System\ntNacGd.exe
  2⤵
  PID:6968
- C:\Windows\System\LYXIUDZ.exe
  C:\Windows\System\LYXIUDZ.exe
  2⤵
  PID:7128
- C:\Windows\System\lctHYDx.exe
  C:\Windows\System\lctHYDx.exe
  2⤵
  PID:7028
- C:\Windows\System\MeSEoVF.exe
  C:\Windows\System\MeSEoVF.exe
  2⤵
  PID:6728
- C:\Windows\System\EahfHHJ.exe
  C:\Windows\System\EahfHHJ.exe
  2⤵
  PID:6964
- C:\Windows\System\ZXZyhrU.exe
  C:\Windows\System\ZXZyhrU.exe
  2⤵
  PID:6400
- C:\Windows\System\hTfClpL.exe
  C:\Windows\System\hTfClpL.exe
  2⤵
  PID:6808
- C:\Windows\System\dtkkOyu.exe
  C:\Windows\System\dtkkOyu.exe
  2⤵
  PID:4112
- C:\Windows\System\TTMkmdi.exe
  C:\Windows\System\TTMkmdi.exe
  2⤵
  PID:7216
- C:\Windows\System\juXWGah.exe
  C:\Windows\System\juXWGah.exe
  2⤵
  PID:7232
- C:\Windows\System\rrPaFEr.exe
  C:\Windows\System\rrPaFEr.exe
  2⤵
  PID:7252
- C:\Windows\System\wSlKzCt.exe
  C:\Windows\System\wSlKzCt.exe
  2⤵
  PID:7268
- C:\Windows\System\gPzLrTr.exe
  C:\Windows\System\gPzLrTr.exe
  2⤵
  PID:7284
- C:\Windows\System\ywJAQDR.exe
  C:\Windows\System\ywJAQDR.exe
  2⤵
  PID:7300
- C:\Windows\System\mEcrTwJ.exe
  C:\Windows\System\mEcrTwJ.exe
  2⤵
  PID:7316
- C:\Windows\System\DfQfEZD.exe
  C:\Windows\System\DfQfEZD.exe
  2⤵
  PID:7336
- C:\Windows\System\ZVMUBQb.exe
  C:\Windows\System\ZVMUBQb.exe
  2⤵
  PID:7352
- C:\Windows\System\MryzMjB.exe
  C:\Windows\System\MryzMjB.exe
  2⤵
  PID:7368
- C:\Windows\System\VBthWTg.exe
  C:\Windows\System\VBthWTg.exe
  2⤵
  PID:7388
- C:\Windows\System\cFERKAq.exe
  C:\Windows\System\cFERKAq.exe
  2⤵
  PID:7408
- C:\Windows\System\nSssuVP.exe
  C:\Windows\System\nSssuVP.exe
  2⤵
  PID:7428
- C:\Windows\System\olnfHCU.exe
  C:\Windows\System\olnfHCU.exe
  2⤵
  PID:7444
- C:\Windows\System\dumoyUj.exe
  C:\Windows\System\dumoyUj.exe
  2⤵
  PID:7460
- C:\Windows\System\iuJbbnq.exe
  C:\Windows\System\iuJbbnq.exe
  2⤵
  PID:7476
- C:\Windows\System\lxFTleD.exe
  C:\Windows\System\lxFTleD.exe
  2⤵
  PID:7492
- C:\Windows\System\DRQVlCq.exe
  C:\Windows\System\DRQVlCq.exe
  2⤵
  PID:7512
- C:\Windows\System\Kubaqot.exe
  C:\Windows\System\Kubaqot.exe
  2⤵
  PID:7528
- C:\Windows\System\kEgZuGx.exe
  C:\Windows\System\kEgZuGx.exe
  2⤵
  PID:7548
- C:\Windows\System\CpyJNCV.exe
  C:\Windows\System\CpyJNCV.exe
  2⤵
  PID:7568
- C:\Windows\System\vaPytdp.exe
  C:\Windows\System\vaPytdp.exe
  2⤵
  PID:7584
- C:\Windows\System\VdCDUzQ.exe
  C:\Windows\System\VdCDUzQ.exe
  2⤵
  PID:7604
- C:\Windows\System\sjuZkor.exe
  C:\Windows\System\sjuZkor.exe
  2⤵
  PID:7620
- C:\Windows\System\aSsFHBW.exe
  C:\Windows\System\aSsFHBW.exe
  2⤵
  PID:7636
- C:\Windows\System\dToSbph.exe
  C:\Windows\System\dToSbph.exe
  2⤵
  PID:7656
- C:\Windows\System\lggZhkw.exe
  C:\Windows\System\lggZhkw.exe
  2⤵
  PID:7684
- C:\Windows\System\ElnUqsQ.exe
  C:\Windows\System\ElnUqsQ.exe
  2⤵
  PID:7756
- C:\Windows\System\xUnpAob.exe
  C:\Windows\System\xUnpAob.exe
  2⤵
  PID:7820
- C:\Windows\System\MdLJDjH.exe
  C:\Windows\System\MdLJDjH.exe
  2⤵
  PID:7836
- C:\Windows\System\mKcMEjk.exe
  C:\Windows\System\mKcMEjk.exe
  2⤵
  PID:7864
- C:\Windows\System\LgRADwr.exe
  C:\Windows\System\LgRADwr.exe
  2⤵
  PID:7880
- C:\Windows\System\KofnOac.exe
  C:\Windows\System\KofnOac.exe
  2⤵
  PID:7896
- C:\Windows\System\wHEtcVG.exe
  C:\Windows\System\wHEtcVG.exe
  2⤵
  PID:7912
- C:\Windows\System\eGxbHki.exe
  C:\Windows\System\eGxbHki.exe
  2⤵
  PID:7928
- C:\Windows\System\KUMydNO.exe
  C:\Windows\System\KUMydNO.exe
  2⤵
  PID:7944
- C:\Windows\System\UtvntzS.exe
  C:\Windows\System\UtvntzS.exe
  2⤵
  PID:7960
- C:\Windows\System\iUKFSCy.exe
  C:\Windows\System\iUKFSCy.exe
  2⤵
  PID:7976
- C:\Windows\System\zUwlvuP.exe
  C:\Windows\System\zUwlvuP.exe
  2⤵
  PID:7992
- C:\Windows\System\xrRNTJJ.exe
  C:\Windows\System\xrRNTJJ.exe
  2⤵
  PID:8012
- C:\Windows\System\qYzWcVP.exe
  C:\Windows\System\qYzWcVP.exe
  2⤵
  PID:8032
- C:\Windows\System\AeSOGlM.exe
  C:\Windows\System\AeSOGlM.exe
  2⤵
  PID:8052
- C:\Windows\System\Qhkzwkv.exe
  C:\Windows\System\Qhkzwkv.exe
  2⤵
  PID:8096
- C:\Windows\System\ZrZVHSY.exe
  C:\Windows\System\ZrZVHSY.exe
  2⤵
  PID:8112
- C:\Windows\System\EaKbpkh.exe
  C:\Windows\System\EaKbpkh.exe
  2⤵
  PID:8132
- C:\Windows\System\HQtcyXl.exe
  C:\Windows\System\HQtcyXl.exe
  2⤵
  PID:8148
- C:\Windows\System\lQFbbNL.exe
  C:\Windows\System\lQFbbNL.exe
  2⤵
  PID:8164
- C:\Windows\System\EmVxtfC.exe
  C:\Windows\System\EmVxtfC.exe
  2⤵
  PID:8180
- C:\Windows\System\AULhDBP.exe
  C:\Windows\System\AULhDBP.exe
  2⤵
  PID:7172
- C:\Windows\System\ieqRuZU.exe
  C:\Windows\System\ieqRuZU.exe
  2⤵
  PID:5012
- C:\Windows\System\eUjyOEh.exe
  C:\Windows\System\eUjyOEh.exe
  2⤵
  PID:2972
- C:\Windows\System\ZPDwnLb.exe
  C:\Windows\System\ZPDwnLb.exe
  2⤵
  PID:7456
- C:\Windows\System\XeblebJ.exe
  C:\Windows\System\XeblebJ.exe
  2⤵
  PID:7600
- C:\Windows\System\dlwyfXY.exe
  C:\Windows\System\dlwyfXY.exe
  2⤵
  PID:7556
- C:\Windows\System\xxfXNyT.exe
  C:\Windows\System\xxfXNyT.exe
  2⤵
  PID:7664
- C:\Windows\System\YJudiWF.exe
  C:\Windows\System\YJudiWF.exe
  2⤵
  PID:7264
- C:\Windows\System\mmIGuEX.exe
  C:\Windows\System\mmIGuEX.exe
  2⤵
  PID:7696
- C:\Windows\System\qGLaeDN.exe
  C:\Windows\System\qGLaeDN.exe
  2⤵
  PID:7360
- C:\Windows\System\jwFdjBs.exe
  C:\Windows\System\jwFdjBs.exe
  2⤵
  PID:7404
- C:\Windows\System\HTcxfeO.exe
  C:\Windows\System\HTcxfeO.exe
  2⤵
  PID:7472
- C:\Windows\System\gmwaDxf.exe
  C:\Windows\System\gmwaDxf.exe
  2⤵
  PID:7540
- C:\Windows\System\ZwjaaSa.exe
  C:\Windows\System\ZwjaaSa.exe
  2⤵
  PID:7612
- C:\Windows\System\JRFfFPQ.exe
  C:\Windows\System\JRFfFPQ.exe
  2⤵
  PID:7652
- C:\Windows\System\lWScrzb.exe
  C:\Windows\System\lWScrzb.exe
  2⤵
  PID:7716
- C:\Windows\System\bplNjQk.exe
  C:\Windows\System\bplNjQk.exe
  2⤵
  PID:7732
- C:\Windows\System\lUiAAvX.exe
  C:\Windows\System\lUiAAvX.exe
  2⤵
  PID:7752
- C:\Windows\System\ezWJuDZ.exe
  C:\Windows\System\ezWJuDZ.exe
  2⤵
  PID:7776
- C:\Windows\System\WdsxDVM.exe
  C:\Windows\System\WdsxDVM.exe
  2⤵
  PID:7792
- C:\Windows\System\oziTzJd.exe
  C:\Windows\System\oziTzJd.exe
  2⤵
  PID:7844
- C:\Windows\System\DRJKTCj.exe
  C:\Windows\System\DRJKTCj.exe
  2⤵
  PID:7812
- C:\Windows\System\CgynAgW.exe
  C:\Windows\System\CgynAgW.exe
  2⤵
  PID:7892
- C:\Windows\System\vjkoeCC.exe
  C:\Windows\System\vjkoeCC.exe
  2⤵
  PID:7872
- C:\Windows\System\yTmkEfK.exe
  C:\Windows\System\yTmkEfK.exe
  2⤵
  PID:8060
- C:\Windows\System\PbTGhKp.exe
  C:\Windows\System\PbTGhKp.exe
  2⤵
  PID:8028
- C:\Windows\System\FqAIVUx.exe
  C:\Windows\System\FqAIVUx.exe
  2⤵
  PID:8076
- C:\Windows\System\FSwVpZb.exe
  C:\Windows\System\FSwVpZb.exe
  2⤵
  PID:8048
- C:\Windows\System\TmqasMT.exe
  C:\Windows\System\TmqasMT.exe
  2⤵
  PID:8088
- C:\Windows\System\SjjPkyt.exe
  C:\Windows\System\SjjPkyt.exe
  2⤵
  PID:8156
- C:\Windows\System\zpCNPPT.exe
  C:\Windows\System\zpCNPPT.exe
  2⤵
  PID:6332
- C:\Windows\System\cDQUjOz.exe
  C:\Windows\System\cDQUjOz.exe
  2⤵
  PID:8000
- C:\Windows\System\ohhlgTr.exe
  C:\Windows\System\ohhlgTr.exe
  2⤵
  PID:7940
- C:\Windows\System\QMTQRcj.exe
  C:\Windows\System\QMTQRcj.exe
  2⤵
  PID:6404
- C:\Windows\System\yDoWmFP.exe
  C:\Windows\System\yDoWmFP.exe
  2⤵
  PID:7012
- C:\Windows\System\Bkdobyi.exe
  C:\Windows\System\Bkdobyi.exe
  2⤵
  PID:7188
- C:\Windows\System\WqXJgqr.exe
  C:\Windows\System\WqXJgqr.exe
  2⤵
  PID:7276
- C:\Windows\System\HvMPeFW.exe
  C:\Windows\System\HvMPeFW.exe
  2⤵
  PID:7196
- C:\Windows\System\OlOxGAS.exe
  C:\Windows\System\OlOxGAS.exe
  2⤵
  PID:7224
- C:\Windows\System\LZdDqDK.exe
  C:\Windows\System\LZdDqDK.exe
  2⤵
  PID:7244
- C:\Windows\System\gSTeCTI.exe
  C:\Windows\System\gSTeCTI.exe
  2⤵
  PID:7344
- C:\Windows\System\zvMBehC.exe
  C:\Windows\System\zvMBehC.exe
  2⤵
  PID:7524
- C:\Windows\System\cuSHuuf.exe
  C:\Windows\System\cuSHuuf.exe
  2⤵
  PID:7596
- C:\Windows\System\osDVXvr.exe
  C:\Windows\System\osDVXvr.exe
  2⤵
  PID:7644
- C:\Windows\System\XHcQrFQ.exe
  C:\Windows\System\XHcQrFQ.exe
  2⤵
  PID:7800
- C:\Windows\System\hltjuTN.exe
  C:\Windows\System\hltjuTN.exe
  2⤵
  PID:7848
- C:\Windows\System\UuRvkNv.exe
  C:\Windows\System\UuRvkNv.exe
  2⤵
  PID:7904
- C:\Windows\System\gsYnZWx.exe
  C:\Windows\System\gsYnZWx.exe
  2⤵
  PID:7908
- C:\Windows\System\DbdnJHh.exe
  C:\Windows\System\DbdnJHh.exe
  2⤵
  PID:7296
- C:\Windows\System\ymkOATb.exe
  C:\Windows\System\ymkOATb.exe
  2⤵
  PID:7440
- C:\Windows\System\RmNVlsu.exe
  C:\Windows\System\RmNVlsu.exe
  2⤵
  PID:7736
- C:\Windows\System\kSGGBwS.exe
  C:\Windows\System\kSGGBwS.exe
  2⤵
  PID:7772
- C:\Windows\System\rRWBqiK.exe
  C:\Windows\System\rRWBqiK.exe
  2⤵
  PID:7924
- C:\Windows\System\ojZgrUI.exe
  C:\Windows\System\ojZgrUI.exe
  2⤵
  PID:8024
- C:\Windows\System\MpnsfoD.exe
  C:\Windows\System\MpnsfoD.exe
  2⤵
  PID:8128
- C:\Windows\System\jVRmckW.exe
  C:\Windows\System\jVRmckW.exe
  2⤵
  PID:6424
- C:\Windows\System\WkAPnrT.exe
  C:\Windows\System\WkAPnrT.exe
  2⤵
  PID:5180
- C:\Windows\System\ehbfzoI.exe
  C:\Windows\System\ehbfzoI.exe
  2⤵
  PID:7484
- C:\Windows\System\exhOKoD.exe
  C:\Windows\System\exhOKoD.exe
  2⤵
  PID:7628
- C:\Windows\System\bJvxwxA.exe
  C:\Windows\System\bJvxwxA.exe
  2⤵
  PID:7704
- C:\Windows\System\XUHFDxx.exe
  C:\Windows\System\XUHFDxx.exe
  2⤵
  PID:7860
- C:\Windows\System\cCFicAo.exe
  C:\Windows\System\cCFicAo.exe
  2⤵
  PID:7420
- C:\Windows\System\XFZpEMf.exe
  C:\Windows\System\XFZpEMf.exe
  2⤵
  PID:6744
- C:\Windows\System\GzhHCzM.exe
  C:\Windows\System\GzhHCzM.exe
  2⤵
  PID:6924
- C:\Windows\System\wVUKwXj.exe
  C:\Windows\System\wVUKwXj.exe
  2⤵
  PID:7376
- C:\Windows\System\UPKfQFv.exe
  C:\Windows\System\UPKfQFv.exe
  2⤵
  PID:7364
- C:\Windows\System\yNlQIZg.exe
  C:\Windows\System\yNlQIZg.exe
  2⤵
  PID:7536
- C:\Windows\System\xCUwoLY.exe
  C:\Windows\System\xCUwoLY.exe
  2⤵
  PID:7332
- C:\Windows\System\fjkjrvR.exe
  C:\Windows\System\fjkjrvR.exe
  2⤵
  PID:7828
- C:\Windows\System\wgTLzuF.exe
  C:\Windows\System\wgTLzuF.exe
  2⤵
  PID:8140
- C:\Windows\System\UeNkhIA.exe
  C:\Windows\System\UeNkhIA.exe
  2⤵
  PID:7648
- C:\Windows\System\tUrzkgA.exe
  C:\Windows\System\tUrzkgA.exe
  2⤵
  PID:8020
- C:\Windows\System\flTJpGi.exe
  C:\Windows\System\flTJpGi.exe
  2⤵
  PID:7184
- C:\Windows\System\PpWPhSv.exe
  C:\Windows\System\PpWPhSv.exe
  2⤵
  PID:7204
- C:\Windows\System\BzmzzJn.exe
  C:\Windows\System\BzmzzJn.exe
  2⤵
  PID:7180
- C:\Windows\System\InCGifg.exe
  C:\Windows\System\InCGifg.exe
  2⤵
  PID:7240
- C:\Windows\System\hCnVdUA.exe
  C:\Windows\System\hCnVdUA.exe
  2⤵
  PID:7984
- C:\Windows\System\aQiuaGu.exe
  C:\Windows\System\aQiuaGu.exe
  2⤵
  PID:7580
- C:\Windows\System\vZxDRgc.exe
  C:\Windows\System\vZxDRgc.exe
  2⤵
  PID:7708
- C:\Windows\System\KCGVpqX.exe
  C:\Windows\System\KCGVpqX.exe
  2⤵
  PID:7384
- C:\Windows\System\ZxEVQfo.exe
  C:\Windows\System\ZxEVQfo.exe
  2⤵
  PID:4540
- C:\Windows\System\pDcdOfq.exe
  C:\Windows\System\pDcdOfq.exe
  2⤵
  PID:7632
- C:\Windows\System\RTeqdLT.exe
  C:\Windows\System\RTeqdLT.exe
  2⤵
  PID:7576
- C:\Windows\System\DSxibDh.exe
  C:\Windows\System\DSxibDh.exe
  2⤵
  PID:7328
- C:\Windows\System\fbbjRca.exe
  C:\Windows\System\fbbjRca.exe
  2⤵
  PID:8172
- C:\Windows\System\rauBDPp.exe
  C:\Windows\System\rauBDPp.exe
  2⤵
  PID:7208
- C:\Windows\System\lfTNmkp.exe
  C:\Windows\System\lfTNmkp.exe
  2⤵
  PID:8208
- C:\Windows\System\QfWJqEL.exe
  C:\Windows\System\QfWJqEL.exe
  2⤵
  PID:8236
- C:\Windows\System\KLefgNO.exe
  C:\Windows\System\KLefgNO.exe
  2⤵
  PID:8252
- C:\Windows\System\hcnVHMp.exe
  C:\Windows\System\hcnVHMp.exe
  2⤵
  PID:8268
- C:\Windows\System\pETQies.exe
  C:\Windows\System\pETQies.exe
  2⤵
  PID:8284
- C:\Windows\System\rBoMoed.exe
  C:\Windows\System\rBoMoed.exe
  2⤵
  PID:8304
- C:\Windows\System\smGElfz.exe
  C:\Windows\System\smGElfz.exe
  2⤵
  PID:8320
- C:\Windows\System\XMfYDHN.exe
  C:\Windows\System\XMfYDHN.exe
  2⤵
  PID:8336
- C:\Windows\System\EdlcQNH.exe
  C:\Windows\System\EdlcQNH.exe
  2⤵
  PID:8356
- C:\Windows\System\iRZkNKG.exe
  C:\Windows\System\iRZkNKG.exe
  2⤵
  PID:8376
- C:\Windows\System\hXohnLJ.exe
  C:\Windows\System\hXohnLJ.exe
  2⤵
  PID:8392
- C:\Windows\System\zJsOFjw.exe
  C:\Windows\System\zJsOFjw.exe
  2⤵
  PID:8408
- C:\Windows\System\GnmaQvY.exe
  C:\Windows\System\GnmaQvY.exe
  2⤵
  PID:8424
- C:\Windows\System\IxqNIys.exe
  C:\Windows\System\IxqNIys.exe
  2⤵
  PID:8444
- C:\Windows\System\OmcayaI.exe
  C:\Windows\System\OmcayaI.exe
  2⤵
  PID:8460
- C:\Windows\System\goFltym.exe
  C:\Windows\System\goFltym.exe
  2⤵
  PID:8476
- C:\Windows\System\aeRRooR.exe
  C:\Windows\System\aeRRooR.exe
  2⤵
  PID:8496
- C:\Windows\System\mXFWvUA.exe
  C:\Windows\System\mXFWvUA.exe
  2⤵
  PID:8512
- C:\Windows\System\gUAfBEk.exe
  C:\Windows\System\gUAfBEk.exe
  2⤵
  PID:8528
- C:\Windows\System\clzbUko.exe
  C:\Windows\System\clzbUko.exe
  2⤵
  PID:8548
- C:\Windows\System\JTqxKBR.exe
  C:\Windows\System\JTqxKBR.exe
  2⤵
  PID:8568
- C:\Windows\System\GkPxEyb.exe
  C:\Windows\System\GkPxEyb.exe
  2⤵
  PID:8584
- C:\Windows\System\KRuIYXh.exe
  C:\Windows\System\KRuIYXh.exe
  2⤵
  PID:8600
- C:\Windows\System\ZhlqGjr.exe
  C:\Windows\System\ZhlqGjr.exe
  2⤵
  PID:8616
- C:\Windows\System\xFBEsii.exe
  C:\Windows\System\xFBEsii.exe
  2⤵
  PID:8632
- C:\Windows\System\pwceMaz.exe
  C:\Windows\System\pwceMaz.exe
  2⤵
  PID:8648
- C:\Windows\System\yMWWojD.exe
  C:\Windows\System\yMWWojD.exe
  2⤵
  PID:8668
- C:\Windows\System\vOAiIiF.exe
  C:\Windows\System\vOAiIiF.exe
  2⤵
  PID:8684
- C:\Windows\System\QByTpdN.exe
  C:\Windows\System\QByTpdN.exe
  2⤵
  PID:8704
- C:\Windows\System\zKzZxOc.exe
  C:\Windows\System\zKzZxOc.exe
  2⤵
  PID:8720
- C:\Windows\System\LRzkpeU.exe
  C:\Windows\System\LRzkpeU.exe
  2⤵
  PID:8736
- C:\Windows\System\TSVvfYd.exe
  C:\Windows\System\TSVvfYd.exe
  2⤵
  PID:8756
- C:\Windows\System\coqVjiJ.exe
  C:\Windows\System\coqVjiJ.exe
  2⤵
  PID:8772
- C:\Windows\System\uutYbKv.exe
  C:\Windows\System\uutYbKv.exe
  2⤵
  PID:8788
- C:\Windows\System\VzBjHpo.exe
  C:\Windows\System\VzBjHpo.exe
  2⤵
  PID:8804
- C:\Windows\System\blqHUbp.exe
  C:\Windows\System\blqHUbp.exe
  2⤵
  PID:8824
- C:\Windows\System\YEfuiKy.exe
  C:\Windows\System\YEfuiKy.exe
  2⤵
  PID:8844
- C:\Windows\System\aVALBoI.exe
  C:\Windows\System\aVALBoI.exe
  2⤵
  PID:8860
- C:\Windows\System\tauIKAI.exe
  C:\Windows\System\tauIKAI.exe
  2⤵
  PID:8880
- C:\Windows\System\CjaZYeR.exe
  C:\Windows\System\CjaZYeR.exe
  2⤵
  PID:8900
- C:\Windows\System\OIjClSM.exe
  C:\Windows\System\OIjClSM.exe
  2⤵
  PID:8920
- C:\Windows\System\kobTZgF.exe
  C:\Windows\System\kobTZgF.exe
  2⤵
  PID:8936
- C:\Windows\System\fzBWFaf.exe
  C:\Windows\System\fzBWFaf.exe
  2⤵
  PID:9040
- C:\Windows\System\AENQSdL.exe
  C:\Windows\System\AENQSdL.exe
  2⤵
  PID:9060
- C:\Windows\System\uGTjjgP.exe
  C:\Windows\System\uGTjjgP.exe
  2⤵
  PID:9076
- C:\Windows\System\nmkihWW.exe
  C:\Windows\System\nmkihWW.exe
  2⤵
  PID:9092
- C:\Windows\System\fvCedMf.exe
  C:\Windows\System\fvCedMf.exe
  2⤵
  PID:9108
- C:\Windows\System\OvDtlSE.exe
  C:\Windows\System\OvDtlSE.exe
  2⤵
  PID:9124
- C:\Windows\System\JIFAJyO.exe
  C:\Windows\System\JIFAJyO.exe
  2⤵
  PID:9140
- C:\Windows\System\aIySAwC.exe
  C:\Windows\System\aIySAwC.exe
  2⤵
  PID:9156
- C:\Windows\System\OecXori.exe
  C:\Windows\System\OecXori.exe
  2⤵
  PID:9172
- C:\Windows\System\SVpCjyd.exe
  C:\Windows\System\SVpCjyd.exe
  2⤵
  PID:9188
- C:\Windows\System\nGZqmfV.exe
  C:\Windows\System\nGZqmfV.exe
  2⤵
  PID:9204
- C:\Windows\System\TsoFRQi.exe
  C:\Windows\System\TsoFRQi.exe
  2⤵
  PID:8200
- C:\Windows\System\ZWUBxlw.exe
  C:\Windows\System\ZWUBxlw.exe
  2⤵
  PID:8244
- C:\Windows\System\zozHXMB.exe
  C:\Windows\System\zozHXMB.exe
  2⤵
  PID:8228
- C:\Windows\System\TSltxNQ.exe
  C:\Windows\System\TSltxNQ.exe
  2⤵
  PID:8276
- C:\Windows\System\rWGCqTd.exe
  C:\Windows\System\rWGCqTd.exe
  2⤵
  PID:8300
- C:\Windows\System\VLSDdNY.exe
  C:\Windows\System\VLSDdNY.exe
  2⤵
  PID:8344
- C:\Windows\System\KoxNsfn.exe
  C:\Windows\System\KoxNsfn.exe
  2⤵
  PID:8384
- C:\Windows\System\dqECOpv.exe
  C:\Windows\System\dqECOpv.exe
  2⤵
  PID:8404
- C:\Windows\System\lBGWfmj.exe
  C:\Windows\System\lBGWfmj.exe
  2⤵
  PID:8432
- C:\Windows\System\SqMslxu.exe
  C:\Windows\System\SqMslxu.exe
  2⤵
  PID:8484
- C:\Windows\System\UbRYemF.exe
  C:\Windows\System\UbRYemF.exe
  2⤵
  PID:8524
- C:\Windows\System\Busdgsl.exe
  C:\Windows\System\Busdgsl.exe
  2⤵
  PID:8592
- C:\Windows\System\GWpHQYj.exe
  C:\Windows\System\GWpHQYj.exe
  2⤵
  PID:8472
- C:\Windows\System\TEzgcjo.exe
  C:\Windows\System\TEzgcjo.exe
  2⤵
  PID:8536
- C:\Windows\System\VzSSATH.exe
  C:\Windows\System\VzSSATH.exe
  2⤵
  PID:8628
- C:\Windows\System\BFLQlbD.exe
  C:\Windows\System\BFLQlbD.exe
  2⤵
  PID:8660
- C:\Windows\System\kGvafqk.exe
  C:\Windows\System\kGvafqk.exe
  2⤵
  PID:8700
- C:\Windows\System\QmrjvNe.exe
  C:\Windows\System\QmrjvNe.exe
  2⤵
  PID:8644
- C:\Windows\System\xdNxoCk.exe
  C:\Windows\System\xdNxoCk.exe
  2⤵
  PID:8768
- C:\Windows\System\OjoqlrY.exe
  C:\Windows\System\OjoqlrY.exe
  2⤵
  PID:8748
- C:\Windows\System\HCzOBMd.exe
  C:\Windows\System\HCzOBMd.exe
  2⤵
  PID:8812
- C:\Windows\System\pGngWnI.exe
  C:\Windows\System\pGngWnI.exe
  2⤵
  PID:8856
- C:\Windows\System\sslGZRD.exe
  C:\Windows\System\sslGZRD.exe
  2⤵
  PID:8840
- C:\Windows\System\fwsfdSd.exe
  C:\Windows\System\fwsfdSd.exe
  2⤵
  PID:8912
- C:\Windows\System\ZEBVZNf.exe
  C:\Windows\System\ZEBVZNf.exe
  2⤵
  PID:8892
- C:\Windows\System\KSHbuBz.exe
  C:\Windows\System\KSHbuBz.exe
  2⤵
  PID:8948
- C:\Windows\System\QtoYaJt.exe
  C:\Windows\System\QtoYaJt.exe
  2⤵
  PID:8960
- C:\Windows\System\FpbwBMR.exe
  C:\Windows\System\FpbwBMR.exe
  2⤵
  PID:8996
- C:\Windows\System\xwuFumV.exe
  C:\Windows\System\xwuFumV.exe
  2⤵
  PID:8988
- C:\Windows\System\enJqzFN.exe
  C:\Windows\System\enJqzFN.exe
  2⤵
  PID:9008
- C:\Windows\System\KpNYCPf.exe
  C:\Windows\System\KpNYCPf.exe
  2⤵
  PID:9024
- C:\Windows\System\lETRvlj.exe
  C:\Windows\System\lETRvlj.exe
  2⤵
  PID:9072
- C:\Windows\System\SmlLRMt.exe
  C:\Windows\System\SmlLRMt.exe
  2⤵
  PID:9164
- C:\Windows\System\kGRswjg.exe
  C:\Windows\System\kGRswjg.exe
  2⤵
  PID:9052
- C:\Windows\System\yVaBdKI.exe
  C:\Windows\System\yVaBdKI.exe
  2⤵
  PID:9116
- C:\Windows\System\dBZkozT.exe
  C:\Windows\System\dBZkozT.exe
  2⤵
  PID:9180
- C:\Windows\System\FkphKrr.exe
  C:\Windows\System\FkphKrr.exe
  2⤵
  PID:8260
- C:\Windows\System\PWyjrkO.exe
  C:\Windows\System\PWyjrkO.exe
  2⤵
  PID:8400
- C:\Windows\System\WMmZEfc.exe
  C:\Windows\System\WMmZEfc.exe
  2⤵
  PID:8560
- C:\Windows\System\Acwarsn.exe
  C:\Windows\System\Acwarsn.exe
  2⤵
  PID:8580
- C:\Windows\System\hfLutJi.exe
  C:\Windows\System\hfLutJi.exe
  2⤵
  PID:8312
- C:\Windows\System\OkZXPMK.exe
  C:\Windows\System\OkZXPMK.exe
  2⤵
  PID:8420
- C:\Windows\System\GZGSglt.exe
  C:\Windows\System\GZGSglt.exe
  2⤵
  PID:8508
- C:\Windows\System\BNUtjQj.exe
  C:\Windows\System\BNUtjQj.exe
  2⤵
  PID:8608
- C:\Windows\System\uTivxsn.exe
  C:\Windows\System\uTivxsn.exe
  2⤵
  PID:8640
- C:\Windows\System\ZjsajrG.exe
  C:\Windows\System\ZjsajrG.exe
  2⤵
  PID:8692
- C:\Windows\System\GHtBWxs.exe
  C:\Windows\System\GHtBWxs.exe
  2⤵
  PID:8780
- C:\Windows\System\qHKmMZE.exe
  C:\Windows\System\qHKmMZE.exe
  2⤵
  PID:8876
- C:\Windows\System\UiZgiye.exe
  C:\Windows\System\UiZgiye.exe
  2⤵
  PID:8968
- C:\Windows\System\QjZfcgr.exe
  C:\Windows\System\QjZfcgr.exe
  2⤵
  PID:8928
- C:\Windows\System\QYcYfqO.exe
  C:\Windows\System\QYcYfqO.exe
  2⤵
  PID:8984
- C:\Windows\System\gRClqQa.exe
  C:\Windows\System\gRClqQa.exe
  2⤵
  PID:9068
- C:\Windows\System\RlFCWjF.exe
  C:\Windows\System\RlFCWjF.exe
  2⤵
  PID:9148
- C:\Windows\System\bLFwKgk.exe
  C:\Windows\System\bLFwKgk.exe
  2⤵
  PID:9016
- C:\Windows\System\jQkXpRQ.exe
  C:\Windows\System\jQkXpRQ.exe
  2⤵
  PID:9132
- C:\Windows\System\bCaytVp.exe
  C:\Windows\System\bCaytVp.exe
  2⤵
  PID:9084
- C:\Windows\System\TIHcKJC.exe
  C:\Windows\System\TIHcKJC.exe
  2⤵
  PID:8204
- C:\Windows\System\ozaySMx.exe
  C:\Windows\System\ozaySMx.exe
  2⤵
  PID:8352
- C:\Windows\System\NKsUhwb.exe
  C:\Windows\System\NKsUhwb.exe
  2⤵
  PID:8624
- C:\Windows\System\AQdORMQ.exe
  C:\Windows\System\AQdORMQ.exe
  2⤵
  PID:8852
- C:\Windows\System\bDiiVte.exe
  C:\Windows\System\bDiiVte.exe
  2⤵
  PID:8520
- C:\Windows\System\PAoTPwr.exe
  C:\Windows\System\PAoTPwr.exe
  2⤵
  PID:8676
- C:\Windows\System\zUCsCpp.exe
  C:\Windows\System\zUCsCpp.exe
  2⤵
  PID:8944
- C:\Windows\System\tFkWyvH.exe
  C:\Windows\System\tFkWyvH.exe
  2⤵
  PID:8416
- C:\Windows\System\BncjtQC.exe
  C:\Windows\System\BncjtQC.exe
  2⤵
  PID:9196
- C:\Windows\System\qJZFDkn.exe
  C:\Windows\System\qJZFDkn.exe
  2⤵
  PID:9200
- C:\Windows\System\EYIBDvL.exe
  C:\Windows\System\EYIBDvL.exe
  2⤵
  PID:9212
- C:\Windows\System\xFUfdWV.exe
  C:\Windows\System\xFUfdWV.exe
  2⤵
  PID:8492
- C:\Windows\System\UykAtxz.exe
  C:\Windows\System\UykAtxz.exe
  2⤵
  PID:8316
- C:\Windows\System\DmcPivi.exe
  C:\Windows\System\DmcPivi.exe
  2⤵
  PID:8544
- C:\Windows\System\Knpbbbw.exe
  C:\Windows\System\Knpbbbw.exe
  2⤵
  PID:9220
- C:\Windows\System\ENzcVNX.exe
  C:\Windows\System\ENzcVNX.exe
  2⤵
  PID:9248
- C:\Windows\System\eJKNrjC.exe
  C:\Windows\System\eJKNrjC.exe
  2⤵
  PID:9264
- C:\Windows\System\SZrmbcN.exe
  C:\Windows\System\SZrmbcN.exe
  2⤵
  PID:9308
- C:\Windows\System\svoInWt.exe
  C:\Windows\System\svoInWt.exe
  2⤵
  PID:9324
- C:\Windows\System\AELAGEv.exe
  C:\Windows\System\AELAGEv.exe
  2⤵
  PID:9340
- C:\Windows\System\DJRGVyH.exe
  C:\Windows\System\DJRGVyH.exe
  2⤵
  PID:9360
- C:\Windows\System\HfWYEtS.exe
  C:\Windows\System\HfWYEtS.exe
  2⤵
  PID:9392
- C:\Windows\System\acICeBO.exe
  C:\Windows\System\acICeBO.exe
  2⤵
  PID:9408
- C:\Windows\System\plJFuop.exe
  C:\Windows\System\plJFuop.exe
  2⤵
  PID:9428
- C:\Windows\System\rwxeHWl.exe
  C:\Windows\System\rwxeHWl.exe
  2⤵
  PID:9448
- C:\Windows\System\JdtPwIg.exe
  C:\Windows\System\JdtPwIg.exe
  2⤵
  PID:9464
- C:\Windows\System\TqILrXC.exe
  C:\Windows\System\TqILrXC.exe
  2⤵
  PID:9492
- C:\Windows\System\nKxvnVn.exe
  C:\Windows\System\nKxvnVn.exe
  2⤵
  PID:9512
- C:\Windows\System\ViFojou.exe
  C:\Windows\System\ViFojou.exe
  2⤵
  PID:9528
- C:\Windows\System\qrsFNPo.exe
  C:\Windows\System\qrsFNPo.exe
  2⤵
  PID:9544
- C:\Windows\System\Asxlxin.exe
  C:\Windows\System\Asxlxin.exe
  2⤵
  PID:9644
- C:\Windows\System\DIwJEkE.exe
  C:\Windows\System\DIwJEkE.exe
  2⤵
  PID:9660
- C:\Windows\System\kNkTagX.exe
  C:\Windows\System\kNkTagX.exe
  2⤵
  PID:9676
- C:\Windows\System\DWvFbBO.exe
  C:\Windows\System\DWvFbBO.exe
  2⤵
  PID:9692
- C:\Windows\System\JpEbiej.exe
  C:\Windows\System\JpEbiej.exe
  2⤵
  PID:9712
- C:\Windows\System\NGoSXnj.exe
  C:\Windows\System\NGoSXnj.exe
  2⤵
  PID:9728
- C:\Windows\System\AJQVPTd.exe
  C:\Windows\System\AJQVPTd.exe
  2⤵
  PID:9744
- C:\Windows\System\SdxnKWq.exe
  C:\Windows\System\SdxnKWq.exe
  2⤵
  PID:9760
- C:\Windows\System\GKyjNqj.exe
  C:\Windows\System\GKyjNqj.exe
  2⤵
  PID:9784
- C:\Windows\System\htkxrPI.exe
  C:\Windows\System\htkxrPI.exe
  2⤵
  PID:9800
- C:\Windows\System\UuXsDWX.exe
  C:\Windows\System\UuXsDWX.exe
  2⤵
  PID:9816
- C:\Windows\System\brBddZT.exe
  C:\Windows\System\brBddZT.exe
  2⤵
  PID:9840
- C:\Windows\System\nNBdaiQ.exe
  C:\Windows\System\nNBdaiQ.exe
  2⤵
  PID:9856
- C:\Windows\System\aPPCMPZ.exe
  C:\Windows\System\aPPCMPZ.exe
  2⤵
  PID:9872
- C:\Windows\System\KEflSSO.exe
  C:\Windows\System\KEflSSO.exe
  2⤵
  PID:9892
- C:\Windows\System\KmpXmPb.exe
  C:\Windows\System\KmpXmPb.exe
  2⤵
  PID:9912
- C:\Windows\System\zIoCklM.exe
  C:\Windows\System\zIoCklM.exe
  2⤵
  PID:9928
- C:\Windows\System\PvTKcpA.exe
  C:\Windows\System\PvTKcpA.exe
  2⤵
  PID:9948
- C:\Windows\System\JGPytCy.exe
  C:\Windows\System\JGPytCy.exe
  2⤵
  PID:9964
- C:\Windows\System\CHIEOYX.exe
  C:\Windows\System\CHIEOYX.exe
  2⤵
  PID:9980
- C:\Windows\System\wXUGYsc.exe
  C:\Windows\System\wXUGYsc.exe
  2⤵
  PID:9996
- C:\Windows\System\tnBbXFX.exe
  C:\Windows\System\tnBbXFX.exe
  2⤵
  PID:10012
- C:\Windows\System\VodqoZO.exe
  C:\Windows\System\VodqoZO.exe
  2⤵
  PID:10028
- C:\Windows\System\EMfDzld.exe
  C:\Windows\System\EMfDzld.exe
  2⤵
  PID:10044
- C:\Windows\System\fXjevyD.exe
  C:\Windows\System\fXjevyD.exe
  2⤵
  PID:10064
- C:\Windows\System\xliDgpm.exe
  C:\Windows\System\xliDgpm.exe
  2⤵
  PID:10080
- C:\Windows\System\QdYMwQF.exe
  C:\Windows\System\QdYMwQF.exe
  2⤵
  PID:10096
- C:\Windows\System\DISbgWw.exe
  C:\Windows\System\DISbgWw.exe
  2⤵
  PID:10112
- C:\Windows\System\OQQEzIC.exe
  C:\Windows\System\OQQEzIC.exe
  2⤵
  PID:10128
- C:\Windows\System\cvnXvqZ.exe
  C:\Windows\System\cvnXvqZ.exe
  2⤵
  PID:10144
- C:\Windows\System\rNYjdPk.exe
  C:\Windows\System\rNYjdPk.exe
  2⤵
  PID:10160
- C:\Windows\System\mkkIzCz.exe
  C:\Windows\System\mkkIzCz.exe
  2⤵
  PID:10176
- C:\Windows\System\bJxlTon.exe
  C:\Windows\System\bJxlTon.exe
  2⤵
  PID:10192
- C:\Windows\System\UtTuVri.exe
  C:\Windows\System\UtTuVri.exe
  2⤵
  PID:10208
- C:\Windows\System\FLpPQkD.exe
  C:\Windows\System\FLpPQkD.exe
  2⤵
  PID:10224
- C:\Windows\System\IXyGFVd.exe
  C:\Windows\System\IXyGFVd.exe
  2⤵
  PID:9032
- C:\Windows\System\UMDPwch.exe
  C:\Windows\System\UMDPwch.exe
  2⤵
  PID:9232
- C:\Windows\System\OWUIldZ.exe
  C:\Windows\System\OWUIldZ.exe
  2⤵
  PID:8680
- C:\Windows\System\VRqSBcu.exe
  C:\Windows\System\VRqSBcu.exe
  2⤵
  PID:8888
- C:\Windows\System\SYsWacW.exe
  C:\Windows\System\SYsWacW.exe
  2⤵
  PID:9272
- C:\Windows\System\jgrhgTa.exe
  C:\Windows\System\jgrhgTa.exe
  2⤵
  PID:9260
- C:\Windows\System\wTgytwb.exe
  C:\Windows\System\wTgytwb.exe
  2⤵
  PID:9336
- C:\Windows\System\sTjPIUI.exe
  C:\Windows\System\sTjPIUI.exe
  2⤵
  PID:9296
- C:\Windows\System\nAUSspZ.exe
  C:\Windows\System\nAUSspZ.exe
  2⤵
  PID:9316
- C:\Windows\System\BLbDVMl.exe
  C:\Windows\System\BLbDVMl.exe
  2⤵
  PID:9320
- C:\Windows\System\umuWNLr.exe
  C:\Windows\System\umuWNLr.exe
  2⤵
  PID:9420
- C:\Windows\System\tVyymNY.exe
  C:\Windows\System\tVyymNY.exe
  2⤵
  PID:9400
- C:\Windows\System\LPdvjNd.exe
  C:\Windows\System\LPdvjNd.exe
  2⤵
  PID:9500
- C:\Windows\System\IbscpKH.exe
  C:\Windows\System\IbscpKH.exe
  2⤵
  PID:9476
- C:\Windows\System\UPOmjnO.exe
  C:\Windows\System\UPOmjnO.exe
  2⤵
  PID:9536
- C:\Windows\System\FvFyIVu.exe
  C:\Windows\System\FvFyIVu.exe
  2⤵
  PID:9552
- C:\Windows\System\dIOcLQY.exe
  C:\Windows\System\dIOcLQY.exe
  2⤵
  PID:9568
- C:\Windows\System\xfJFhQY.exe
  C:\Windows\System\xfJFhQY.exe
  2⤵
  PID:9584
- C:\Windows\System\xrOekHh.exe
  C:\Windows\System\xrOekHh.exe
  2⤵
  PID:9604
- C:\Windows\System\cDmBXta.exe
  C:\Windows\System\cDmBXta.exe
  2⤵
  PID:9620
- C:\Windows\System\AXciEua.exe
  C:\Windows\System\AXciEua.exe
  2⤵
  PID:9636
- C:\Windows\System\vPtkfuW.exe
  C:\Windows\System\vPtkfuW.exe
  2⤵
  PID:9684
- C:\Windows\System\KmYKesm.exe
  C:\Windows\System\KmYKesm.exe
  2⤵
  PID:9700
- C:\Windows\System\AUuFimC.exe
  C:\Windows\System\AUuFimC.exe
  2⤵
  PID:9736
- C:\Windows\System\SgUrrtZ.exe
  C:\Windows\System\SgUrrtZ.exe
  2⤵
  PID:9768
- C:\Windows\System\RqohdpM.exe
  C:\Windows\System\RqohdpM.exe
  2⤵
  PID:9780
- C:\Windows\System\ijGOwqH.exe
  C:\Windows\System\ijGOwqH.exe
  2⤵
  PID:9824
- C:\Windows\System\QKlDcFP.exe
  C:\Windows\System\QKlDcFP.exe
  2⤵
  PID:9828
- C:\Windows\System\yBMVYXl.exe
  C:\Windows\System\yBMVYXl.exe
  2⤵
  PID:9904
- C:\Windows\System\xeEeefU.exe
  C:\Windows\System\xeEeefU.exe
  2⤵
  PID:9924
- C:\Windows\System\YXGHtjD.exe
  C:\Windows\System\YXGHtjD.exe
  2⤵
  PID:9484
- C:\Windows\System\mPikfGB.exe
  C:\Windows\System\mPikfGB.exe
  2⤵
  PID:9560
- C:\Windows\System\oWYAXvt.exe
  C:\Windows\System\oWYAXvt.exe
  2⤵
  PID:9628
- C:\Windows\System\qJZabJp.exe
  C:\Windows\System\qJZabJp.exe
  2⤵
  PID:9720
- C:\Windows\System\zEMnemV.exe
  C:\Windows\System\zEMnemV.exe
  2⤵
  PID:9576
- C:\Windows\System\YJQqdsx.exe
  C:\Windows\System\YJQqdsx.exe
  2⤵
  PID:9656
- C:\Windows\System\gfQrhqF.exe
  C:\Windows\System\gfQrhqF.exe
  2⤵
  PID:9836
- C:\Windows\System\NNqJscd.exe
  C:\Windows\System\NNqJscd.exe
  2⤵
  PID:9900
- C:\Windows\System\yJvFhPA.exe
  C:\Windows\System\yJvFhPA.exe
  2⤵
  PID:9880
- C:\Windows\System\BjgAVkX.exe
  C:\Windows\System\BjgAVkX.exe
  2⤵
  PID:9936
- C:\Windows\System\WAzKQkx.exe
  C:\Windows\System\WAzKQkx.exe
  2⤵
  PID:10004
- C:\Windows\System\xogWgAT.exe
  C:\Windows\System\xogWgAT.exe
  2⤵
  PID:10076
- C:\Windows\System\NuszBQc.exe
  C:\Windows\System\NuszBQc.exe
  2⤵
  PID:10168
- C:\Windows\System\ALeWEbF.exe
  C:\Windows\System\ALeWEbF.exe
  2⤵
  PID:10204
- C:\Windows\System\bUPSKPA.exe
  C:\Windows\System\bUPSKPA.exe
  2⤵
  PID:8980
- C:\Windows\System\CJJKtup.exe
  C:\Windows\System\CJJKtup.exe
  2⤵
  PID:9668
- C:\Windows\System\LWAPSHJ.exe
  C:\Windows\System\LWAPSHJ.exe
  2⤵
  PID:9772
- C:\Windows\System\bLNRCkG.exe
  C:\Windows\System\bLNRCkG.exe
  2⤵
  PID:9812
- C:\Windows\System\BBVwzVz.exe
  C:\Windows\System\BBVwzVz.exe
  2⤵
  PID:9888
- C:\Windows\System\PQzXetL.exe
  C:\Windows\System\PQzXetL.exe
  2⤵
  PID:10052
- C:\Windows\System\DfdFTmM.exe
  C:\Windows\System\DfdFTmM.exe
  2⤵
  PID:10088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\KXrjtbo.exe

Filesize
5.2MB

MD5
3c83342f334f6baa4229b1045683719d

SHA1
1b8f68ed53a3b30b5072ebb2ff7b8c2c6bfa9483

SHA256
59557dd91a3a77d756abca2cc730d813da1a55e89f5c00a5245787102fad78a9

SHA512
68086e757024ae55a71a00c6e5e9567a786074539326caf6fa96ebcd4f9fd56c6fb0e945e4046efddbf1203f44bff66a6ac67d8123c88cc3dcaf4c6ee57497cf

Download Submit
C:\Windows\system\KanNWzy.exe

Filesize
5.2MB

MD5
7d8d5801f28fdb6f8cb5a9030fb60e4e

SHA1
c0bafbb2b5c50da65bfc4f9de139ddb66b0b72aa

SHA256
b83d6484c3565e6a3f79fa626ccb72b231003b624b934fffa9561b4669c963b5

SHA512
1cc1f0cdf70b3c384bb1a1670c7bbd37f4458d5a56f19db980aac96bc995f3db22d0a63fee35ffb9c929aa0e17e82fa4349d006c7c3aebedb252467f67a0a112

Download Submit
C:\Windows\system\LYacFOh.exe

Filesize
5.2MB

MD5
b7493071293224163e5d87384bab4342

SHA1
647920cf0c23a164e64afc41c6b6c462f9432e70

SHA256
43fa84f71f92e4741f666513b4ded06be92267eb7dffedadb0bcc20496977284

SHA512
7a603691afe6032ee07bb93c1df55307a19c74fa544348af8e765b6d69be8f6eef36d492e057301e0b01cf4685ea3c7ef8d961fbb8f5006e4f9157062aaaf339

Download Submit
C:\Windows\system\LaZaIBU.exe

Filesize
5.2MB

MD5
db08cd8cc4142e632451b7724339acd3

SHA1
90d3621eafb959ac2b307c3200ada60cab18f378

SHA256
e62513d44fd4d10c0a3cde0a5365de060ef3508101e4c2bb319a3a12a54f2f61

SHA512
0c391e40422e6c2a50353e9f06168662f230bcc32add134d132faf1cbdd5f3de7ac93a0cd74752338cefeae49674ea639dc8238b1452a07eed7a06cdb2c6c15d

Download Submit
C:\Windows\system\MuZixdk.exe

Filesize
5.2MB

MD5
b5590100ec9df513f1b23d09138c524f

SHA1
9a017f62b753db8089b1fde43f1a9321f91e13c0

SHA256
0ce88515e5fadc8e9556801b86a55991cd57d9009704357694505fc4c13af3e1

SHA512
832830e3fbf77bb08f0b52b2fbb8610fbed4bb980eb576f702c7e1a0746939643642ffc81753fe5eb25f4415404cdabc102d744b656093f012d37692bc22e659

Download Submit
C:\Windows\system\NKIloTn.exe

Filesize
5.2MB

MD5
0337e6e7f88fea2fc771e45e33a74766

SHA1
cb483341980a183d8983c1c9488da1248a21e338

SHA256
efd92548ab93b0c2f445ac91621d78ae3678d1160ba9a61319f5d2d34db8a395

SHA512
569a0ec1f38f3e87ca619795b08a4437146bfb40e95d2e45b2a6a1026c8ba8068b5be076e068d9bda0d973e306dbfde8e13b429e2e97e5e47739c99f36e102e5

Download Submit
C:\Windows\system\NWTnxum.exe

Filesize
5.2MB

MD5
e4a1efede14ac0882271f5f22faea8c9

SHA1
e4996779fc0f0d7a27124cebd71f543f21e90d69

SHA256
03d5e52959f78a1b8ffd433176116292ae9c4243638e79d0b0c38af59fc318c2

SHA512
cc092fe331650d34baf3f418de56f1af236443d4387f3153ae996bffa3863390e8c2cb020ee8bdfdc1fe9e7309d571989d04ab036e62615a11ddf3cea59fb20d

Download Submit
C:\Windows\system\OXtlSfE.exe

Filesize
5.2MB

MD5
f0f60d4c64725830f2d0b7000d08f579

SHA1
a8b9a671433a4e146e9ec0751bd771563df98e0c

SHA256
de639591a7fef17de97a140736ea4a5803fd403d0a848089e02fdad15f7bb41b

SHA512
48ebae553b3963e847b457b65a2963de9a06a2925f8c149477f274abc8169ba9c71ce3c05793c5fba37dacd7c91e18d0f0f5b1d01f20e82d9e6afb8e0c520307

Download Submit
C:\Windows\system\QciYVVM.exe

Filesize
5.2MB

MD5
be1e354355906d9d954c82128bd67839

SHA1
90fd8e4efac30476a6e947ad93025caf99709640

SHA256
66e5ea7a92967bda75e42e474988301266f2a2ee6d9de1ea260df88777c37b1b

SHA512
fef45348fb9d48f48ba940422d00c03b4f5f473f21db17828e5c8a0a00ee50ff3568f4e7358015181b126e271b810dc13e459cd824b8ff8f4074174b734e891c

Download Submit
C:\Windows\system\SaesAEc.exe

Filesize
5.2MB

MD5
e99c4df08dbb1c1cacbd131616ac1831

SHA1
ffacc1574f062a909078755e5e49a402751968ee

SHA256
ae00648e9898acc8b1b768dd59b6adfbeedf3db0129c0b6f691c583a770d29b6

SHA512
9e330f09e711345fb4c9303e1d87d6be9703bbf18ece35e3cd43aa8fd530bad3ac1e7b32dfe7909149a333b6c89a476e4cc3ad2bf0af400797fe2ff1d00fdae7

Download Submit
C:\Windows\system\Sjgjgst.exe

Filesize
5.2MB

MD5
c5e5cf7a068d11675f0d0b9dd725d773

SHA1
d1bbb39af178872deb333c8d49d2c03b3c2887fd

SHA256
7280a8bf0169153ce54fc658250c30b1a2e300b539c1aae54aaa1b0b6979c50e

SHA512
b54490e9822a91f9c147d7d7e1960da7ac1b35f6c9312c0c7e4a6d7d48721d5135c017223a17c30c2f459ac9fc0f19e00befac5843451e8cc7bde55bb6f2622c

Download Submit
C:\Windows\system\TlDDJxE.exe

Filesize
5.2MB

MD5
7a2914773cd185dcb967339373a901d2

SHA1
75e3b0aa4a539371cd8bfbe2e2ef83afa0661615

SHA256
8fc316540dc8ad2c9ec345ab4d6a9b6cbf2819268e014c90f6d735804bedc936

SHA512
ba00b828b63df097ffad485c9e7c9b22ee50918c4fe8b6de1bdacd433e20175ef8d2edab54f2afbcb8f8144d383915fb2fa7e114d49aeb6fc8deaf92ccf008fa

Download Submit
C:\Windows\system\VJAUaST.exe

Filesize
5.2MB

MD5
81610cd5c5fdb1a08ce182b6bc4261fe

SHA1
0965c666a07a233ae0155883c145de4a1df4e56c

SHA256
b782ca5c4d2210caafb675cd1635858ec310eb315b263241e5bdb234bda4f904

SHA512
44f6015a1cdf454d2b6e1fa6b14589feda1e931c1abec5132cabc449773c632010ad9de7ca299378df1f22da9bd7b8f7cf30b196fb722758c934c75c440b2767

Download Submit
C:\Windows\system\VPOLqJn.exe

Filesize
5.2MB

MD5
35914080cc563ae1f43a16b7aa19a9c8

SHA1
90de76379e992e0a7248c87c2c5ff22da8a9ece6

SHA256
88c19117d7b875755b79819e4bb4eac7642bd8f677d587d80b6c6ae6c213b7cc

SHA512
35bce8b42cdf9ce90b17a23d717c8bf07c8be538ce9bc3786b086320ec0515beef98a891eeb661958cee9356dc841103b08f1be1b1580133a5665cd15c1cc8df

Download Submit
C:\Windows\system\VUrZieU.exe

Filesize
5.2MB

MD5
7ca2536e0f12aedffea79be5f070e7e8

SHA1
23d598abc96b503f168be8a170b78a32bde1417b

SHA256
187fa75e732af51d90eb9931098b049a2b3ce0dccb76ee95815e49e85b4f80cb

SHA512
61e5e2ee8dd0e8deda2ec126c9baf8039c6e005db607673f20b685db017365bb8d81d0fea9061939759d1020431ee1dc7e099b9e130ff9cb0a1118946191b2a6

Download Submit
C:\Windows\system\VYUJdZk.exe

Filesize
5.2MB

MD5
0c013a1ef4a6c921163c31376c99ea24

SHA1
cbfe35bfbc0e69c0474cfc2c94ccfc9fa2dd5513

SHA256
01e687022e9a81c17dac3f15ba721ddae50f306023170ffad029ff577b26e74e

SHA512
a8f269d44f0d7326bb39740ee6c33545053f7707311c65a641b7ab0a8b37541719e175aa9d9e7221f279e11176529267ebcb61a3de33fc550e15fe7b7e47243e

Download Submit
C:\Windows\system\WhVOier.exe

Filesize
5.2MB

MD5
2bc1601aa36c0efcd914228a2a0c940f

SHA1
6b8f6416108d195d47d0df2a3fcc59e9d49a6419

SHA256
1f24cec33121c77d37cf0f722dd7a1c9d1104edec0b4b56cd3d8d3e423a44492

SHA512
4a0ee8de3c97276b4286b81d646327d8d92a63ff326a78ec6fa3beda99b832893a1884c3d783ebbbf0d6a6d92c065ddd8785e01da4483c3b5b28d25b81666eb6

Download Submit
C:\Windows\system\YPlZjaJ.exe

Filesize
5.2MB

MD5
f59ba18ef348bc0f25817028676ebfe4

SHA1
523f3187f5773f6b750ade52a264ecdb17b61270

SHA256
3d1fa913ccdd1c4196e131179170cabe25820633b04eca24459da0238c888cc7

SHA512
f4d9159e8712c59674dfa8990d5ac5413a727b00ddd1b512b26a8a0618a08fb7f8b2793e57fde4c9e6364673680abc3cf38e8b119bced030978b0141adeb6000

Download Submit
C:\Windows\system\ZMGpOkw.exe

Filesize
5.2MB

MD5
886428a78907798aad57780a5ffa9e99

SHA1
7cf6188a33401decadd4773fc90de8dc023a2333

SHA256
4d01e1b93397dcf310431912588163aaa0a5ac52c73c65175ed5a6a0ae07891f

SHA512
ae82ad9e944e04b2c6a4895c713f0dd27c0cafb2cea8d65541dd441fd85e2df37063478bfb389d21060cf951bff5f12b9c91f4f6eb07ad7d7193e6d430760005

Download Submit
C:\Windows\system\axVeHiV.exe

Filesize
5.2MB

MD5
81860ec374ffc10171c70ca86c50a1a8

SHA1
b9e90690bca6cc1038a6434799a91ef4dfac2797

SHA256
62774a481fb2c264571763fcf67fc52bb53dba52c0735e0dae6f70537f88331b

SHA512
4789facb8f86b51e64954bba5dc18c3ca0ff67576d4fb8723bce92148f9f57215e4583aa83c03a920a9ddf929b211ed8b8f91981b935e19703d667029f3a67ff

Download Submit
C:\Windows\system\dtmCsse.exe

Filesize
5.2MB

MD5
b99aa6e92a02d29c04823c65ee51b84d

SHA1
2bf4d519328f8a03cd081bd55dc9d4cd20183947

SHA256
88f7e0b04099350e41f4c99500008d76f008f3846ef26041735f3ea4ab12bdc1

SHA512
9e51a0b9958b34873a02e2503d412382ef928c95690991c6e97ebcc3848446397694538e8ef9f378a8d14f4bda7568258610ed03a5359a55f4146e1c78605abf

Download Submit
C:\Windows\system\fRYIyNk.exe

Filesize
5.2MB

MD5
4ff29df08219d9b47667685bb5e74d8d

SHA1
970d64dce84366d0f38e39885a56b3a13002ee9c

SHA256
c8a155096d7aa81d5d2b509ba71e787ca8b41ccf4180c5ac3f4d66a06cbee13c

SHA512
297e8efb7ddefb4facdf7114ef8c7db76ed968c64be2c49d7d062c9ef4de61839275ad5f81b62e0da69dcc25fcfa0df53506fb559bcf2e486ec8a31df68dafb9

Download Submit
C:\Windows\system\jALocGo.exe

Filesize
5.2MB

MD5
5446945d137cb0b4b77a2627c3775902

SHA1
6aa250ef9e7b2649b8f2f82c7bfb05fc887d1de5

SHA256
d49d21e4468154dcc02a7bbba1ef6c535c8e1a31159a424cc67469ed2e7bc4e6

SHA512
56c29552b3ce81139207c76731787d0e6a5bf24b6f677e11cfac4131605b841e96e22fb62ffe9ecce82aa052898166ff44c76e736d61f0cc491a1d7a13d00221

Download Submit
C:\Windows\system\nPCFsvV.exe

Filesize
5.2MB

MD5
290ba5dfe2a8f635815995d1f1f34c69

SHA1
e3e2afae4b8605ef555c5a986d8dc6eea8a31bca

SHA256
4b6df42b7414717b4d11988031738b0dcacdfeed49d9566e73041a7181169eb2

SHA512
0c6162eb3051686a98fe2228c3f33a40cc11a03bc9ebf4f2d6d472b48d0c636ee2993ac9ee8d929aa62a2dcfb32fd4fecfeec350879250726557340fde455a4a

Download Submit
C:\Windows\system\oAFmpOd.exe

Filesize
5.2MB

MD5
f86d454e72be707a66ba7049ed664d53

SHA1
2ba91c278be2b028a1a600e9653ad2fee3f81a09

SHA256
4a4e71f40d9c6a4f9f9f1b725e5c4f8a6d5ab5c8debe97565b00a0afc8465e54

SHA512
36ec5a58aa0ce21d97c588e5918323ba4b88a7f0826c7fa44257f852e29094bac554e7ef4b4384107c565ea07c5d98dcbbf7fa0435a759a6673b9c25a3415a79

Download Submit
C:\Windows\system\qkkDyAw.exe

Filesize
5.2MB

MD5
61f07d20896e19253742069666cf526b

SHA1
0c9f71e74170aeaf5e9116997b1c839f0453f817

SHA256
cf76cc38eddd1d4a41c3486a46909a4ac9d320a47f9b1615bb8230cafa151b45

SHA512
36ff9ee37568bec69e313f7e43140efc7ac273d7e3d97ed96b13e5548b89cd4a5888f414f5f07dbe949a672a3ebbc09bd619b150daf767fbde282b94ae415d5f

Download Submit
C:\Windows\system\rkDOszY.exe

Filesize
5.2MB

MD5
1d8cefc0e22099101bb4eb0c4410aa16

SHA1
180a6f75ac7fa71657dc851b705ce428a67d60d5

SHA256
84f253afd9c60f479ad39687f348a399cb2899da71a78e47d7a5ea7a11ec6ed8

SHA512
4e02c5fe8476cdc5f108b1eb739e6536aece967d90310c540f132477e501eca9e48a5aacba13d3471987d1c1abeb3b1467ad2b006f7d1c919bffa2be06b8b017

Download Submit
C:\Windows\system\tksacbI.exe

Filesize
5.2MB

MD5
3a82e0b3e4e15009b71eae60dba961cb

SHA1
210dda712cb54d7732c069064967f4ed817565d3

SHA256
9391985b8a02348d31e0f1547560629150370ced348b11b1ad1e7d22f5a2a2c4

SHA512
6536d14a436ec3c31e737f182b0490a6a8a2f03382723ed5e45a1c876b95eb8640b4519cae9250f35ad0328237eb0e3d21ce059d7cd2acaff5eaa110464f1e6b

Download Submit
C:\Windows\system\xucmOuG.exe

Filesize
5.2MB

MD5
d1a1e43cdb56c452a9eeda67b96413ff

SHA1
23ae44a79b9f00f46e5cc22264c1673988277ba2

SHA256
04476097285b5fd804fd58ca82cda8f569acb9fdb7fbc5691b327f361012f543

SHA512
5602c29e833e884f6105ab02daf3370ce08e0c7e62f0ba363f0e5141f1cd413e7989cfa35eafe3c5a977b405578b0350afaaa816fbdd827c0b22c738c00f6585

Download Submit
C:\Windows\system\xvWtVPB.exe

Filesize
5.2MB

MD5
9b072b773bf5ec6f397219923df60342

SHA1
db7e5cb51e92c2a62be2cbceb06fc4937887eb1e

SHA256
6308577d1d5fc15d60d0c1ae9a3a59fb757ce7fa61e84ffb05ce825d0e0654d1

SHA512
9fc550a59a23804789fb05b132c4eca2f5ecd42501be9cb9a05c6abfaf0459d5c48dddb5ead90c4d9b34dc742b73cc66fa9713a7cb8d38518d603851f68808fc

Download Submit
C:\Windows\system\zRqxvWT.exe

Filesize
5.2MB

MD5
3cb3cfe107a5afe51021d064ee0b9d85

SHA1
2e8df1836280e8eae734399b267c411d3d0b2dff

SHA256
b1d5658c604cb1adb7b2b7077c717423f93181bc6332bc942f57583ee70b67ab

SHA512
9b14f927d8b6adf66f518702f57dd92e28d2afd2e75da7c80766978ec0a65da5f1506b5ff8bf925927506b3afb16ec20b5e0002364190f78de08e43836cacad5

Download Submit
\Windows\system\peJdJlM.exe

Filesize
5.2MB

MD5
e9e09a6de6a5a2bb48f3372e5b8a4601

SHA1
271e1b58438488b8bf8babb29b6b6e1b7311c636

SHA256
70c8b9397129e0ea4c02a98689bc1e5d9190510fe801f5cd3a86ce11da04dbb7

SHA512
63a1ea1ef65e86913a18a42fda1272ed661d8b136d2fb1a4a92265e19ab83e494c08950fe0107b20db3227b5c1ce3b71e59531fb00edc90a30dd2d39dfb738e8

Download Submit
memory/1728-575-0x000000013FFD0000-0x0000000140321000-memory.dmp

Filesize
3.3MB

Download
memory/1728-4260-0x000000013FFD0000-0x0000000140321000-memory.dmp

Filesize
3.3MB

Download
memory/1836-4021-0x000000013F0A0000-0x000000013F3F1000-memory.dmp

Filesize
3.3MB

Download
memory/1836-590-0x000000013F0A0000-0x000000013F3F1000-memory.dmp

Filesize
3.3MB

Download
memory/2060-3156-0x000000013F9E0000-0x000000013FD31000-memory.dmp

Filesize
3.3MB

Download
memory/2060-555-0x000000013F9E0000-0x000000013FD31000-memory.dmp

Filesize
3.3MB

Download
memory/2288-4333-0x000000013F680000-0x000000013F9D1000-memory.dmp

Filesize
3.3MB

Download
memory/2288-580-0x000000013F680000-0x000000013F9D1000-memory.dmp

Filesize
3.3MB

Download
memory/2604-571-0x000000013F560000-0x000000013F8B1000-memory.dmp

Filesize
3.3MB

Download
memory/2604-4020-0x000000013F560000-0x000000013F8B1000-memory.dmp

Filesize
3.3MB

Download
memory/2608-525-0x000000013FEE0000-0x0000000140231000-memory.dmp

Filesize
3.3MB

Download
memory/2608-4332-0x000000013FEE0000-0x0000000140231000-memory.dmp

Filesize
3.3MB

Download
memory/2648-569-0x000000013F610000-0x000000013F961000-memory.dmp

Filesize
3.3MB

Download
memory/2648-4330-0x000000013F610000-0x000000013F961000-memory.dmp

Filesize
3.3MB

Download
memory/2660-573-0x000000013F190000-0x000000013F4E1000-memory.dmp

Filesize
3.3MB

Download
memory/2712-596-0x000000013F950000-0x000000013FCA1000-memory.dmp

Filesize
3.3MB

Download
memory/2712-4281-0x000000013F950000-0x000000013FCA1000-memory.dmp

Filesize
3.3MB

Download
memory/2728-3157-0x000000013FDF0000-0x0000000140141000-memory.dmp

Filesize
3.3MB

Download
memory/2728-521-0x000000013FDF0000-0x0000000140141000-memory.dmp

Filesize
3.3MB

Download
memory/2796-532-0x000000013F920000-0x000000013FC71000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3154-0x000000013F920000-0x000000013FC71000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3155-0x000000013F720000-0x000000013FA71000-memory.dmp

Filesize
3.3MB

Download
memory/2836-503-0x000000013F720000-0x000000013FA71000-memory.dmp

Filesize
3.3MB

Download
memory/2864-4280-0x000000013F7B0000-0x000000013FB01000-memory.dmp

Filesize
3.3MB

Download
memory/2864-518-0x000000013F7B0000-0x000000013FB01000-memory.dmp

Filesize
3.3MB

Download
memory/2864-1317-0x000000013F7B0000-0x000000013FB01000-memory.dmp

Filesize
3.3MB

Download
memory/2916-538-0x000000013F500000-0x000000013F851000-memory.dmp

Filesize
3.3MB

Download
memory/2916-4258-0x000000013F500000-0x000000013F851000-memory.dmp

Filesize
3.3MB

Download
memory/2976-522-0x000000013FEE0000-0x0000000140231000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1341-0x000000013F190000-0x000000013F4E1000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1323-0x0000000002380000-0x00000000026D1000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1322-0x000000013FEE0000-0x0000000140231000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1321-0x000000013FDF0000-0x0000000140141000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1331-0x0000000002380000-0x00000000026D1000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1313-0x0000000002380000-0x00000000026D1000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1312-0x0000000002380000-0x00000000026D1000-memory.dmp

Filesize
3.3MB

Download
memory/2976-508-0x0000000002380000-0x00000000026D1000-memory.dmp

Filesize
3.3MB

Download
memory/2976-0-0x000000013F6B0000-0x000000013FA01000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1335-0x0000000002380000-0x00000000026D1000-memory.dmp

Filesize
3.3MB

Download
memory/2976-520-0x000000013FDF0000-0x0000000140141000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1351-0x0000000002380000-0x00000000026D1000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1357-0x000000013F0A0000-0x000000013F3F1000-memory.dmp

Filesize
3.3MB

Download
memory/2976-534-0x0000000002380000-0x00000000026D1000-memory.dmp

Filesize
3.3MB

Download
memory/2976-542-0x0000000002380000-0x00000000026D1000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1361-0x0000000002380000-0x00000000026D1000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1330-0x0000000002380000-0x00000000026D1000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1251-0x0000000002380000-0x00000000026D1000-memory.dmp

Filesize
3.3MB

Download
memory/2976-570-0x0000000002380000-0x00000000026D1000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1328-0x0000000002380000-0x00000000026D1000-memory.dmp

Filesize
3.3MB

Download
memory/2976-572-0x000000013F190000-0x000000013F4E1000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1346-0x000000013FFD0000-0x0000000140321000-memory.dmp

Filesize
3.3MB

Download
memory/2976-574-0x000000013FFD0000-0x0000000140321000-memory.dmp

Filesize
3.3MB

Download
memory/2976-528-0x0000000002380000-0x00000000026D1000-memory.dmp

Filesize
3.3MB

Download
memory/2976-592-0x0000000002380000-0x00000000026D1000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1250-0x000000013F6B0000-0x000000013FA01000-memory.dmp

Filesize
3.3MB

Download
memory/2976-578-0x0000000002380000-0x00000000026D1000-memory.dmp

Filesize
3.3MB

Download
memory/2976-584-0x000000013F0A0000-0x000000013F3F1000-memory.dmp

Filesize
3.3MB

Download
memory/2976-560-0x0000000002380000-0x00000000026D1000-memory.dmp

Filesize
3.3MB

Download
memory/2976-489-0x0000000002380000-0x00000000026D1000-memory.dmp

Filesize
3.3MB

Download
memory/2976-485-0x0000000002380000-0x00000000026D1000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download