cobaltstrike | cb38c4bd6a44296ac4e8f75181cc9b46e265a04d11461cee1155718735813a26

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/03/2025, 07:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.1MB
MD5

da6d668949fd696361e9c85dd5538140
SHA1

31026c60db356bc2d02cd27983ab88f0289b0861
SHA256

cb38c4bd6a44296ac4e8f75181cc9b46e265a04d11461cee1155718735813a26
SHA512

efa37de6a1e51f93143cea6ba6fa400785ee3b2761fe746219b0df9f911990eae1153a2f553c48db15a7cc24d35fbbe3232e54b91e77767500d51405ed74fd6a
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUt:T+q56utgpPF8u/7t

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a000000016d02-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d0c-16.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000012102-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d1f-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d27-30.dat	cobalt_reflective_dll
behavioral1/files/0x0028000000016ccb-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d30-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d38-47.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019436-65.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194bd-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019537-83.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-102.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960e-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001966c-144.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196ac-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c36-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001997c-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962a-141.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196e8-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019616-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019618-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019612-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019614-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019610-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-101.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960a-95.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d9-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f3-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-70.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941a-60.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001749c-55.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d40-51.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2808-0-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/files/0x000a000000016d02-10.dat	xmrig
behavioral1/files/0x0008000000016d0c-16.dat	xmrig
behavioral1/memory/2804-21-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2812-15-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2248-14-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/files/0x0008000000012102-11.dat	xmrig
behavioral1/files/0x0008000000016d1f-22.dat	xmrig
behavioral1/files/0x0007000000016d27-30.dat	xmrig
behavioral1/memory/2340-32-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2664-33-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/files/0x0028000000016ccb-36.dat	xmrig
behavioral1/files/0x0007000000016d30-39.dat	xmrig
behavioral1/files/0x0007000000016d38-47.dat	xmrig
behavioral1/files/0x0005000000019436-65.dat	xmrig
behavioral1/files/0x00050000000194bd-75.dat	xmrig
behavioral1/files/0x0005000000019537-83.dat	xmrig
behavioral1/files/0x000500000001960d-102.dat	xmrig
behavioral1/files/0x000500000001960e-110.dat	xmrig
behavioral1/files/0x000500000001966c-144.dat	xmrig
behavioral1/files/0x00050000000196ac-148.dat	xmrig
behavioral1/memory/596-164-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c36-171.dat	xmrig
behavioral1/memory/2808-176-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/2248-294-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/812-170-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/files/0x000500000001997c-167.dat	xmrig
behavioral1/memory/2624-182-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2808-181-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/564-179-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2028-177-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/720-175-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2784-162-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2808-161-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2440-160-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2728-159-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/files/0x000500000001962a-141.dat	xmrig
behavioral1/files/0x00050000000196e8-154.dat	xmrig
behavioral1/files/0x0005000000019616-131.dat	xmrig
behavioral1/files/0x0005000000019618-134.dat	xmrig
behavioral1/memory/2804-436-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2728-755-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2440-1012-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019612-120.dat	xmrig
behavioral1/files/0x0005000000019614-126.dat	xmrig
behavioral1/files/0x0005000000019610-116.dat	xmrig
behavioral1/files/0x000500000001960c-101.dat	xmrig
behavioral1/files/0x000500000001960a-95.dat	xmrig
behavioral1/files/0x00050000000195d9-90.dat	xmrig
behavioral1/files/0x00050000000194f3-80.dat	xmrig
behavioral1/files/0x0005000000019441-70.dat	xmrig
behavioral1/files/0x000500000001941a-60.dat	xmrig
behavioral1/files/0x000800000001749c-55.dat	xmrig
behavioral1/files/0x0007000000016d40-51.dat	xmrig
behavioral1/memory/2804-4004-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2340-4005-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2664-4006-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2624-4007-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/596-4008-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2784-4009-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/812-4010-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/720-4011-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2028-4013-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/564-4012-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2248	iQrEzww.exe
2812	bdHlBEr.exe
2804	mirKmru.exe
2340	VUoOEeV.exe
2664	dIEbqik.exe
2624	upgIUnM.exe
2728	vZmZyuL.exe
2440	bNCCAlQ.exe
2784	KLZEPBX.exe
596	qsDkVaG.exe
812	yDQzQhd.exe
720	yxcvtlv.exe
2028	ONWgxFQ.exe
564	fMhxWza.exe
2580	ycXwLQU.exe
2064	esMSfVP.exe
2868	pqWHfzt.exe
2504	DMPZdEo.exe
2520	zxEBgGS.exe
2080	eCBZhDE.exe
2668	FdYfvrE.exe
2876	xdyqKeg.exe
2232	oyYWJbr.exe
2488	EzVhaIf.exe
1820	XToRzmt.exe
2128	JHsbshl.exe
2444	gZSNptG.exe
1984	iPGvCwv.exe
2132	bzjZlFx.exe
2144	uUynqpy.exe
2244	IZngnIk.exe
1952	GdTOsco.exe
2284	tzMuKQW.exe
1928	dGrMNku.exe
1484	ZJgxgYw.exe
2192	zbErhMW.exe
892	LpWILVl.exe
1008	cNWLviL.exe
2112	yDLFQhI.exe
572	oOipgWO.exe
1312	tZaBTEo.exe
2404	MuiVxXP.exe
2564	dXStzUN.exe
1180	WxHfSDy.exe
2012	mIHCIHW.exe
2304	CSTpHuj.exe
2692	gYeeyYe.exe
716	AbWjzlF.exe
1920	KveSONH.exe
1936	EhubYQe.exe
2556	qbRXaze.exe
2820	YxBpZzG.exe
1652	BCYolvF.exe
2852	mNqiSPK.exe
2844	CqEiiKA.exe
2964	gRIjzMT.exe
1224	YwRoInU.exe
2656	APVuIWE.exe
2236	wHBOPYZ.exe
264	cYWeksE.exe
968	KYPtqrA.exe
1816	YsKfWAH.exe
2160	zdMXRPt.exe
2968	wuEJUWB.exe

Loads dropped DLL 64 IoCs

pid	Process
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2808-0-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/files/0x000a000000016d02-10.dat	upx
behavioral1/files/0x0008000000016d0c-16.dat	upx
behavioral1/memory/2804-21-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2812-15-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2248-14-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/files/0x0008000000012102-11.dat	upx
behavioral1/files/0x0008000000016d1f-22.dat	upx
behavioral1/files/0x0007000000016d27-30.dat	upx
behavioral1/memory/2340-32-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2664-33-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/files/0x0028000000016ccb-36.dat	upx
behavioral1/files/0x0007000000016d30-39.dat	upx
behavioral1/files/0x0007000000016d38-47.dat	upx
behavioral1/files/0x0005000000019436-65.dat	upx
behavioral1/files/0x00050000000194bd-75.dat	upx
behavioral1/files/0x0005000000019537-83.dat	upx
behavioral1/files/0x000500000001960d-102.dat	upx
behavioral1/files/0x000500000001960e-110.dat	upx
behavioral1/files/0x000500000001966c-144.dat	upx
behavioral1/files/0x00050000000196ac-148.dat	upx
behavioral1/memory/596-164-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/files/0x0005000000019c36-171.dat	upx
behavioral1/memory/2248-294-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/812-170-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/files/0x000500000001997c-167.dat	upx
behavioral1/memory/2624-182-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2808-181-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/564-179-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2028-177-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/720-175-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2784-162-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2440-160-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2728-159-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x000500000001962a-141.dat	upx
behavioral1/files/0x00050000000196e8-154.dat	upx
behavioral1/files/0x0005000000019616-131.dat	upx
behavioral1/files/0x0005000000019618-134.dat	upx
behavioral1/memory/2804-436-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2728-755-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2440-1012-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/files/0x0005000000019612-120.dat	upx
behavioral1/files/0x0005000000019614-126.dat	upx
behavioral1/files/0x0005000000019610-116.dat	upx
behavioral1/files/0x000500000001960c-101.dat	upx
behavioral1/files/0x000500000001960a-95.dat	upx
behavioral1/files/0x00050000000195d9-90.dat	upx
behavioral1/files/0x00050000000194f3-80.dat	upx
behavioral1/files/0x0005000000019441-70.dat	upx
behavioral1/files/0x000500000001941a-60.dat	upx
behavioral1/files/0x000800000001749c-55.dat	upx
behavioral1/files/0x0007000000016d40-51.dat	upx
behavioral1/memory/2804-4004-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2340-4005-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2664-4006-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2624-4007-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/596-4008-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2784-4009-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/812-4010-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/720-4011-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2028-4013-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/564-4012-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2440-4014-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2728-4015-0x000000013F540000-0x000000013F894000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\qftxclG.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UBJRUtH.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\retdhqd.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JiQTFRN.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ppzUNwx.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xMxPWQA.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yKxoncG.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zaYkeeW.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FPexTUk.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sMxueNS.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jSbenFP.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tzFycKK.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OJNhJbF.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vBLSCHT.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cAcouVN.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wyLUPpX.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DekJGSz.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cXslClL.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dfrhEoS.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uHCQyMp.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VspLUiT.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OrSBTmA.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EjwMOGc.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YrHMnoE.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKdlqMp.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WBHNCcq.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bcVbVAu.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FabxzMH.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ifSdyId.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vdLGdUA.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zwnjXCU.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IttQXji.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qUlfXXw.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OpQLsaB.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ARPGRmm.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tkLStci.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NQdbIUq.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iQrEzww.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AghujND.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mYaRfLa.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GUytaEW.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xgCtBDL.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EGYyEec.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zrEHgBE.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ckKsLdp.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iyPehNg.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kToFifl.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ntUqvYU.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qGyqygU.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aRnqUja.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OIWsjNd.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xnonsaZ.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lgpsvUA.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wecPDyn.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vmfBpyp.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pJgUrlD.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\krcIrOB.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\abAzzLb.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vfNByKJ.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gMRHYIW.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mueOmxE.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QaONMlU.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sXyGMml.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jzPeeFE.exe	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2808 wrote to memory of 2812	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2808 wrote to memory of 2812	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2808 wrote to memory of 2812	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2808 wrote to memory of 2248	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2808 wrote to memory of 2248	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2808 wrote to memory of 2248	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2808 wrote to memory of 2804	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2808 wrote to memory of 2804	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2808 wrote to memory of 2804	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2808 wrote to memory of 2340	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2808 wrote to memory of 2340	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2808 wrote to memory of 2340	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2808 wrote to memory of 2664	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2808 wrote to memory of 2664	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2808 wrote to memory of 2664	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2808 wrote to memory of 2624	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2808 wrote to memory of 2624	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2808 wrote to memory of 2624	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2808 wrote to memory of 2728	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2808 wrote to memory of 2728	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2808 wrote to memory of 2728	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2808 wrote to memory of 2440	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2808 wrote to memory of 2440	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2808 wrote to memory of 2440	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2808 wrote to memory of 2784	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2808 wrote to memory of 2784	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2808 wrote to memory of 2784	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2808 wrote to memory of 596	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2808 wrote to memory of 596	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2808 wrote to memory of 596	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2808 wrote to memory of 812	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2808 wrote to memory of 812	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2808 wrote to memory of 812	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2808 wrote to memory of 720	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2808 wrote to memory of 720	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2808 wrote to memory of 720	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2808 wrote to memory of 2028	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2808 wrote to memory of 2028	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2808 wrote to memory of 2028	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2808 wrote to memory of 564	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2808 wrote to memory of 564	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2808 wrote to memory of 564	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2808 wrote to memory of 2580	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2808 wrote to memory of 2580	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2808 wrote to memory of 2580	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2808 wrote to memory of 2064	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2808 wrote to memory of 2064	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2808 wrote to memory of 2064	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2808 wrote to memory of 2868	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2808 wrote to memory of 2868	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2808 wrote to memory of 2868	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2808 wrote to memory of 2504	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2808 wrote to memory of 2504	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2808 wrote to memory of 2504	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2808 wrote to memory of 2520	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2808 wrote to memory of 2520	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2808 wrote to memory of 2520	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2808 wrote to memory of 2080	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2808 wrote to memory of 2080	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2808 wrote to memory of 2080	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2808 wrote to memory of 2668	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2808 wrote to memory of 2668	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2808 wrote to memory of 2668	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2808 wrote to memory of 2876	2808	2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-21_da6d668949fd696361e9c85dd5538140_amadey_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2808
- C:\Windows\System\bdHlBEr.exe
  C:\Windows\System\bdHlBEr.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\iQrEzww.exe
  C:\Windows\System\iQrEzww.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\mirKmru.exe
  C:\Windows\System\mirKmru.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\VUoOEeV.exe
  C:\Windows\System\VUoOEeV.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\dIEbqik.exe
  C:\Windows\System\dIEbqik.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\upgIUnM.exe
  C:\Windows\System\upgIUnM.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\vZmZyuL.exe
  C:\Windows\System\vZmZyuL.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\bNCCAlQ.exe
  C:\Windows\System\bNCCAlQ.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\KLZEPBX.exe
  C:\Windows\System\KLZEPBX.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\qsDkVaG.exe
  C:\Windows\System\qsDkVaG.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\yDQzQhd.exe
  C:\Windows\System\yDQzQhd.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\yxcvtlv.exe
  C:\Windows\System\yxcvtlv.exe
  2⤵
  - Executes dropped EXE
  PID:720
- C:\Windows\System\ONWgxFQ.exe
  C:\Windows\System\ONWgxFQ.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\fMhxWza.exe
  C:\Windows\System\fMhxWza.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\ycXwLQU.exe
  C:\Windows\System\ycXwLQU.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\esMSfVP.exe
  C:\Windows\System\esMSfVP.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\pqWHfzt.exe
  C:\Windows\System\pqWHfzt.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\DMPZdEo.exe
  C:\Windows\System\DMPZdEo.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\zxEBgGS.exe
  C:\Windows\System\zxEBgGS.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\eCBZhDE.exe
  C:\Windows\System\eCBZhDE.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\FdYfvrE.exe
  C:\Windows\System\FdYfvrE.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\xdyqKeg.exe
  C:\Windows\System\xdyqKeg.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\oyYWJbr.exe
  C:\Windows\System\oyYWJbr.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\EzVhaIf.exe
  C:\Windows\System\EzVhaIf.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\XToRzmt.exe
  C:\Windows\System\XToRzmt.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\JHsbshl.exe
  C:\Windows\System\JHsbshl.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\gZSNptG.exe
  C:\Windows\System\gZSNptG.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\iPGvCwv.exe
  C:\Windows\System\iPGvCwv.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\bzjZlFx.exe
  C:\Windows\System\bzjZlFx.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\uUynqpy.exe
  C:\Windows\System\uUynqpy.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\GdTOsco.exe
  C:\Windows\System\GdTOsco.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\IZngnIk.exe
  C:\Windows\System\IZngnIk.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\tzMuKQW.exe
  C:\Windows\System\tzMuKQW.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\dGrMNku.exe
  C:\Windows\System\dGrMNku.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\ZJgxgYw.exe
  C:\Windows\System\ZJgxgYw.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\zbErhMW.exe
  C:\Windows\System\zbErhMW.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\LpWILVl.exe
  C:\Windows\System\LpWILVl.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\cNWLviL.exe
  C:\Windows\System\cNWLviL.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\yDLFQhI.exe
  C:\Windows\System\yDLFQhI.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\oOipgWO.exe
  C:\Windows\System\oOipgWO.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\tZaBTEo.exe
  C:\Windows\System\tZaBTEo.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\MuiVxXP.exe
  C:\Windows\System\MuiVxXP.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\dXStzUN.exe
  C:\Windows\System\dXStzUN.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\WxHfSDy.exe
  C:\Windows\System\WxHfSDy.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\mIHCIHW.exe
  C:\Windows\System\mIHCIHW.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\CSTpHuj.exe
  C:\Windows\System\CSTpHuj.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\gYeeyYe.exe
  C:\Windows\System\gYeeyYe.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\AbWjzlF.exe
  C:\Windows\System\AbWjzlF.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\KveSONH.exe
  C:\Windows\System\KveSONH.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\EhubYQe.exe
  C:\Windows\System\EhubYQe.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\qbRXaze.exe
  C:\Windows\System\qbRXaze.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\YxBpZzG.exe
  C:\Windows\System\YxBpZzG.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\BCYolvF.exe
  C:\Windows\System\BCYolvF.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\mNqiSPK.exe
  C:\Windows\System\mNqiSPK.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\CqEiiKA.exe
  C:\Windows\System\CqEiiKA.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\gRIjzMT.exe
  C:\Windows\System\gRIjzMT.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\YwRoInU.exe
  C:\Windows\System\YwRoInU.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\APVuIWE.exe
  C:\Windows\System\APVuIWE.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\wHBOPYZ.exe
  C:\Windows\System\wHBOPYZ.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\cYWeksE.exe
  C:\Windows\System\cYWeksE.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\KYPtqrA.exe
  C:\Windows\System\KYPtqrA.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\YsKfWAH.exe
  C:\Windows\System\YsKfWAH.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\zdMXRPt.exe
  C:\Windows\System\zdMXRPt.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\wuEJUWB.exe
  C:\Windows\System\wuEJUWB.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\Cgvwowc.exe
  C:\Windows\System\Cgvwowc.exe
  2⤵
  PID:772
- C:\Windows\System\tFjGDqJ.exe
  C:\Windows\System\tFjGDqJ.exe
  2⤵
  PID:1444
- C:\Windows\System\CkrUTJI.exe
  C:\Windows\System\CkrUTJI.exe
  2⤵
  PID:1740
- C:\Windows\System\QaONMlU.exe
  C:\Windows\System\QaONMlU.exe
  2⤵
  PID:1956
- C:\Windows\System\ZKWyEwM.exe
  C:\Windows\System\ZKWyEwM.exe
  2⤵
  PID:2896
- C:\Windows\System\xVNqjtx.exe
  C:\Windows\System\xVNqjtx.exe
  2⤵
  PID:2448
- C:\Windows\System\CggZGIo.exe
  C:\Windows\System\CggZGIo.exe
  2⤵
  PID:2060
- C:\Windows\System\pZjFiWF.exe
  C:\Windows\System\pZjFiWF.exe
  2⤵
  PID:2436
- C:\Windows\System\UDyNCoa.exe
  C:\Windows\System\UDyNCoa.exe
  2⤵
  PID:1176
- C:\Windows\System\QhBvmiu.exe
  C:\Windows\System\QhBvmiu.exe
  2⤵
  PID:2260
- C:\Windows\System\UuuQzSK.exe
  C:\Windows\System\UuuQzSK.exe
  2⤵
  PID:1712
- C:\Windows\System\rduInIE.exe
  C:\Windows\System\rduInIE.exe
  2⤵
  PID:1112
- C:\Windows\System\Ujsdnle.exe
  C:\Windows\System\Ujsdnle.exe
  2⤵
  PID:924
- C:\Windows\System\MRqHinc.exe
  C:\Windows\System\MRqHinc.exe
  2⤵
  PID:1028
- C:\Windows\System\KKYUQHN.exe
  C:\Windows\System\KKYUQHN.exe
  2⤵
  PID:1892
- C:\Windows\System\QTkOoft.exe
  C:\Windows\System\QTkOoft.exe
  2⤵
  PID:2004
- C:\Windows\System\AisIhQD.exe
  C:\Windows\System\AisIhQD.exe
  2⤵
  PID:2380
- C:\Windows\System\cnAVtwg.exe
  C:\Windows\System\cnAVtwg.exe
  2⤵
  PID:2344
- C:\Windows\System\UOLsowd.exe
  C:\Windows\System\UOLsowd.exe
  2⤵
  PID:2456
- C:\Windows\System\mCvItNa.exe
  C:\Windows\System\mCvItNa.exe
  2⤵
  PID:1844
- C:\Windows\System\bgFXQpC.exe
  C:\Windows\System\bgFXQpC.exe
  2⤵
  PID:1888
- C:\Windows\System\sHeeStu.exe
  C:\Windows\System\sHeeStu.exe
  2⤵
  PID:2400
- C:\Windows\System\XvStMza.exe
  C:\Windows\System\XvStMza.exe
  2⤵
  PID:2652
- C:\Windows\System\BUDPcqE.exe
  C:\Windows\System\BUDPcqE.exe
  2⤵
  PID:2828
- C:\Windows\System\SkXAlIZ.exe
  C:\Windows\System\SkXAlIZ.exe
  2⤵
  PID:2320
- C:\Windows\System\yqUWAkl.exe
  C:\Windows\System\yqUWAkl.exe
  2⤵
  PID:1000
- C:\Windows\System\SCJeGRT.exe
  C:\Windows\System\SCJeGRT.exe
  2⤵
  PID:588
- C:\Windows\System\dZokUqN.exe
  C:\Windows\System\dZokUqN.exe
  2⤵
  PID:2136
- C:\Windows\System\ruJQIvC.exe
  C:\Windows\System\ruJQIvC.exe
  2⤵
  PID:2676
- C:\Windows\System\MaeUGva.exe
  C:\Windows\System\MaeUGva.exe
  2⤵
  PID:2960
- C:\Windows\System\OYOsbFh.exe
  C:\Windows\System\OYOsbFh.exe
  2⤵
  PID:2860
- C:\Windows\System\kzfacHs.exe
  C:\Windows\System\kzfacHs.exe
  2⤵
  PID:2220
- C:\Windows\System\lVqHEkW.exe
  C:\Windows\System\lVqHEkW.exe
  2⤵
  PID:1532
- C:\Windows\System\qImMocW.exe
  C:\Windows\System\qImMocW.exe
  2⤵
  PID:2500
- C:\Windows\System\offuFkF.exe
  C:\Windows\System\offuFkF.exe
  2⤵
  PID:1496
- C:\Windows\System\XsZozrZ.exe
  C:\Windows\System\XsZozrZ.exe
  2⤵
  PID:1260
- C:\Windows\System\wecPDyn.exe
  C:\Windows\System\wecPDyn.exe
  2⤵
  PID:872
- C:\Windows\System\BRiaEgv.exe
  C:\Windows\System\BRiaEgv.exe
  2⤵
  PID:1628
- C:\Windows\System\UYNBdef.exe
  C:\Windows\System\UYNBdef.exe
  2⤵
  PID:2024
- C:\Windows\System\ZORwhEM.exe
  C:\Windows\System\ZORwhEM.exe
  2⤵
  PID:2208
- C:\Windows\System\XGjOGBI.exe
  C:\Windows\System\XGjOGBI.exe
  2⤵
  PID:2576
- C:\Windows\System\WZFNRah.exe
  C:\Windows\System\WZFNRah.exe
  2⤵
  PID:1552
- C:\Windows\System\sUQcHFg.exe
  C:\Windows\System\sUQcHFg.exe
  2⤵
  PID:2916
- C:\Windows\System\TDSplFA.exe
  C:\Windows\System\TDSplFA.exe
  2⤵
  PID:2832
- C:\Windows\System\GaEleEE.exe
  C:\Windows\System\GaEleEE.exe
  2⤵
  PID:2372
- C:\Windows\System\bsMfopy.exe
  C:\Windows\System\bsMfopy.exe
  2⤵
  PID:112
- C:\Windows\System\xSJohEy.exe
  C:\Windows\System\xSJohEy.exe
  2⤵
  PID:2900
- C:\Windows\System\DcrIqqx.exe
  C:\Windows\System\DcrIqqx.exe
  2⤵
  PID:1120
- C:\Windows\System\yCWZTGA.exe
  C:\Windows\System\yCWZTGA.exe
  2⤵
  PID:2792
- C:\Windows\System\sXyGMml.exe
  C:\Windows\System\sXyGMml.exe
  2⤵
  PID:1884
- C:\Windows\System\FQaAhvk.exe
  C:\Windows\System\FQaAhvk.exe
  2⤵
  PID:1692
- C:\Windows\System\mZRCjNn.exe
  C:\Windows\System\mZRCjNn.exe
  2⤵
  PID:876
- C:\Windows\System\DPyUUoi.exe
  C:\Windows\System\DPyUUoi.exe
  2⤵
  PID:1228
- C:\Windows\System\SiEcGuv.exe
  C:\Windows\System\SiEcGuv.exe
  2⤵
  PID:2724
- C:\Windows\System\kspddRg.exe
  C:\Windows\System\kspddRg.exe
  2⤵
  PID:2948
- C:\Windows\System\TClIBQH.exe
  C:\Windows\System\TClIBQH.exe
  2⤵
  PID:444
- C:\Windows\System\vbtMKDF.exe
  C:\Windows\System\vbtMKDF.exe
  2⤵
  PID:1096
- C:\Windows\System\NUWiSIK.exe
  C:\Windows\System\NUWiSIK.exe
  2⤵
  PID:972
- C:\Windows\System\ypVImfI.exe
  C:\Windows\System\ypVImfI.exe
  2⤵
  PID:1492
- C:\Windows\System\mHkbqYH.exe
  C:\Windows\System\mHkbqYH.exe
  2⤵
  PID:1516
- C:\Windows\System\EfIPYJd.exe
  C:\Windows\System\EfIPYJd.exe
  2⤵
  PID:2848
- C:\Windows\System\eXKxalg.exe
  C:\Windows\System\eXKxalg.exe
  2⤵
  PID:1040
- C:\Windows\System\gDNeHsS.exe
  C:\Windows\System\gDNeHsS.exe
  2⤵
  PID:2684
- C:\Windows\System\cDxMHsD.exe
  C:\Windows\System\cDxMHsD.exe
  2⤵
  PID:880
- C:\Windows\System\juzWFYL.exe
  C:\Windows\System\juzWFYL.exe
  2⤵
  PID:528
- C:\Windows\System\JnJsFXl.exe
  C:\Windows\System\JnJsFXl.exe
  2⤵
  PID:3084
- C:\Windows\System\fqFEAeJ.exe
  C:\Windows\System\fqFEAeJ.exe
  2⤵
  PID:3168
- C:\Windows\System\RKsLsdB.exe
  C:\Windows\System\RKsLsdB.exe
  2⤵
  PID:3184
- C:\Windows\System\bhlpQwA.exe
  C:\Windows\System\bhlpQwA.exe
  2⤵
  PID:3200
- C:\Windows\System\ndXHmUh.exe
  C:\Windows\System\ndXHmUh.exe
  2⤵
  PID:3216
- C:\Windows\System\HbTRETk.exe
  C:\Windows\System\HbTRETk.exe
  2⤵
  PID:3236
- C:\Windows\System\glmyWRn.exe
  C:\Windows\System\glmyWRn.exe
  2⤵
  PID:3252
- C:\Windows\System\eaKRBYf.exe
  C:\Windows\System\eaKRBYf.exe
  2⤵
  PID:3268
- C:\Windows\System\fOaQfom.exe
  C:\Windows\System\fOaQfom.exe
  2⤵
  PID:3284
- C:\Windows\System\oBiEaqm.exe
  C:\Windows\System\oBiEaqm.exe
  2⤵
  PID:3300
- C:\Windows\System\sMxueNS.exe
  C:\Windows\System\sMxueNS.exe
  2⤵
  PID:3316
- C:\Windows\System\OaMXljY.exe
  C:\Windows\System\OaMXljY.exe
  2⤵
  PID:3332
- C:\Windows\System\dcbpEEt.exe
  C:\Windows\System\dcbpEEt.exe
  2⤵
  PID:3348
- C:\Windows\System\xARXmch.exe
  C:\Windows\System\xARXmch.exe
  2⤵
  PID:3364
- C:\Windows\System\QmWBonI.exe
  C:\Windows\System\QmWBonI.exe
  2⤵
  PID:3380
- C:\Windows\System\ZkihYSW.exe
  C:\Windows\System\ZkihYSW.exe
  2⤵
  PID:3396
- C:\Windows\System\PWiiNOz.exe
  C:\Windows\System\PWiiNOz.exe
  2⤵
  PID:3412
- C:\Windows\System\SbvEQoA.exe
  C:\Windows\System\SbvEQoA.exe
  2⤵
  PID:3428
- C:\Windows\System\aVKSurO.exe
  C:\Windows\System\aVKSurO.exe
  2⤵
  PID:3444
- C:\Windows\System\RHcUJSo.exe
  C:\Windows\System\RHcUJSo.exe
  2⤵
  PID:3460
- C:\Windows\System\qftxclG.exe
  C:\Windows\System\qftxclG.exe
  2⤵
  PID:3476
- C:\Windows\System\BeTrRIj.exe
  C:\Windows\System\BeTrRIj.exe
  2⤵
  PID:3492
- C:\Windows\System\qdiWynE.exe
  C:\Windows\System\qdiWynE.exe
  2⤵
  PID:3508
- C:\Windows\System\sZnzQiM.exe
  C:\Windows\System\sZnzQiM.exe
  2⤵
  PID:3524
- C:\Windows\System\ctSGCpF.exe
  C:\Windows\System\ctSGCpF.exe
  2⤵
  PID:3540
- C:\Windows\System\xfGZejj.exe
  C:\Windows\System\xfGZejj.exe
  2⤵
  PID:3584
- C:\Windows\System\iqKAekt.exe
  C:\Windows\System\iqKAekt.exe
  2⤵
  PID:3604
- C:\Windows\System\weuZySz.exe
  C:\Windows\System\weuZySz.exe
  2⤵
  PID:3620
- C:\Windows\System\OrSBTmA.exe
  C:\Windows\System\OrSBTmA.exe
  2⤵
  PID:3684
- C:\Windows\System\NWZWAPp.exe
  C:\Windows\System\NWZWAPp.exe
  2⤵
  PID:3704
- C:\Windows\System\wypOQcw.exe
  C:\Windows\System\wypOQcw.exe
  2⤵
  PID:3720
- C:\Windows\System\wqMHrdc.exe
  C:\Windows\System\wqMHrdc.exe
  2⤵
  PID:3752
- C:\Windows\System\VyHqaCr.exe
  C:\Windows\System\VyHqaCr.exe
  2⤵
  PID:3780
- C:\Windows\System\whktdCX.exe
  C:\Windows\System\whktdCX.exe
  2⤵
  PID:3796
- C:\Windows\System\ukNMXed.exe
  C:\Windows\System\ukNMXed.exe
  2⤵
  PID:3812
- C:\Windows\System\yzJoRyC.exe
  C:\Windows\System\yzJoRyC.exe
  2⤵
  PID:3832
- C:\Windows\System\sAVVara.exe
  C:\Windows\System\sAVVara.exe
  2⤵
  PID:3852
- C:\Windows\System\tMIsHnb.exe
  C:\Windows\System\tMIsHnb.exe
  2⤵
  PID:3868
- C:\Windows\System\nWXbxJN.exe
  C:\Windows\System\nWXbxJN.exe
  2⤵
  PID:3888
- C:\Windows\System\smEiuvK.exe
  C:\Windows\System\smEiuvK.exe
  2⤵
  PID:3916
- C:\Windows\System\qQyuPMW.exe
  C:\Windows\System\qQyuPMW.exe
  2⤵
  PID:3936
- C:\Windows\System\RtVUvwy.exe
  C:\Windows\System\RtVUvwy.exe
  2⤵
  PID:3952
- C:\Windows\System\LzsSkHE.exe
  C:\Windows\System\LzsSkHE.exe
  2⤵
  PID:3972
- C:\Windows\System\rlTKzHq.exe
  C:\Windows\System\rlTKzHq.exe
  2⤵
  PID:4000
- C:\Windows\System\DNxVmgE.exe
  C:\Windows\System\DNxVmgE.exe
  2⤵
  PID:4016
- C:\Windows\System\avcputZ.exe
  C:\Windows\System\avcputZ.exe
  2⤵
  PID:4032
- C:\Windows\System\jJCYkGt.exe
  C:\Windows\System\jJCYkGt.exe
  2⤵
  PID:4064
- C:\Windows\System\xzeLkAS.exe
  C:\Windows\System\xzeLkAS.exe
  2⤵
  PID:4080
- C:\Windows\System\dOUqXGR.exe
  C:\Windows\System\dOUqXGR.exe
  2⤵
  PID:2492
- C:\Windows\System\CpOngMX.exe
  C:\Windows\System\CpOngMX.exe
  2⤵
  PID:2036
- C:\Windows\System\bbOeHIi.exe
  C:\Windows\System\bbOeHIi.exe
  2⤵
  PID:2308
- C:\Windows\System\awSqjIW.exe
  C:\Windows\System\awSqjIW.exe
  2⤵
  PID:408
- C:\Windows\System\iVhdCqy.exe
  C:\Windows\System\iVhdCqy.exe
  2⤵
  PID:1744
- C:\Windows\System\WdLAyVG.exe
  C:\Windows\System\WdLAyVG.exe
  2⤵
  PID:580
- C:\Windows\System\jMjemjn.exe
  C:\Windows\System\jMjemjn.exe
  2⤵
  PID:2796
- C:\Windows\System\wJpLyjJ.exe
  C:\Windows\System\wJpLyjJ.exe
  2⤵
  PID:3104
- C:\Windows\System\EScnuRI.exe
  C:\Windows\System\EScnuRI.exe
  2⤵
  PID:3124
- C:\Windows\System\ixnQPdm.exe
  C:\Windows\System\ixnQPdm.exe
  2⤵
  PID:3136
- C:\Windows\System\vxZfdVQ.exe
  C:\Windows\System\vxZfdVQ.exe
  2⤵
  PID:3144
- C:\Windows\System\HEUjyui.exe
  C:\Windows\System\HEUjyui.exe
  2⤵
  PID:2932
- C:\Windows\System\HKKBQHj.exe
  C:\Windows\System\HKKBQHj.exe
  2⤵
  PID:2216
- C:\Windows\System\VtqmyeJ.exe
  C:\Windows\System\VtqmyeJ.exe
  2⤵
  PID:2748
- C:\Windows\System\NlkhgIC.exe
  C:\Windows\System\NlkhgIC.exe
  2⤵
  PID:3164
- C:\Windows\System\MyfNPet.exe
  C:\Windows\System\MyfNPet.exe
  2⤵
  PID:3180
- C:\Windows\System\WFBljTK.exe
  C:\Windows\System\WFBljTK.exe
  2⤵
  PID:3356
- C:\Windows\System\mFCSDCf.exe
  C:\Windows\System\mFCSDCf.exe
  2⤵
  PID:2912
- C:\Windows\System\yxfZSRp.exe
  C:\Windows\System\yxfZSRp.exe
  2⤵
  PID:3376
- C:\Windows\System\ZNjzMnI.exe
  C:\Windows\System\ZNjzMnI.exe
  2⤵
  PID:2924
- C:\Windows\System\QjUsTrC.exe
  C:\Windows\System\QjUsTrC.exe
  2⤵
  PID:2408
- C:\Windows\System\EndkeLu.exe
  C:\Windows\System\EndkeLu.exe
  2⤵
  PID:3488
- C:\Windows\System\AaXcmTg.exe
  C:\Windows\System\AaXcmTg.exe
  2⤵
  PID:3536
- C:\Windows\System\WXHligC.exe
  C:\Windows\System\WXHligC.exe
  2⤵
  PID:3572
- C:\Windows\System\zIgPUWm.exe
  C:\Windows\System\zIgPUWm.exe
  2⤵
  PID:2608
- C:\Windows\System\RgjJjdf.exe
  C:\Windows\System\RgjJjdf.exe
  2⤵
  PID:1436
- C:\Windows\System\QVkvTJD.exe
  C:\Windows\System\QVkvTJD.exe
  2⤵
  PID:3596
- C:\Windows\System\qRqDxEC.exe
  C:\Windows\System\qRqDxEC.exe
  2⤵
  PID:3668
- C:\Windows\System\xSNnGuX.exe
  C:\Windows\System\xSNnGuX.exe
  2⤵
  PID:3680
- C:\Windows\System\PTmaJhv.exe
  C:\Windows\System\PTmaJhv.exe
  2⤵
  PID:3636
- C:\Windows\System\sVrtoGO.exe
  C:\Windows\System\sVrtoGO.exe
  2⤵
  PID:3632
- C:\Windows\System\atoZggM.exe
  C:\Windows\System\atoZggM.exe
  2⤵
  PID:3744
- C:\Windows\System\WlXVHkj.exe
  C:\Windows\System\WlXVHkj.exe
  2⤵
  PID:2648
- C:\Windows\System\hRWCOXv.exe
  C:\Windows\System\hRWCOXv.exe
  2⤵
  PID:3896
- C:\Windows\System\UrkEcSI.exe
  C:\Windows\System\UrkEcSI.exe
  2⤵
  PID:3768
- C:\Windows\System\tmNjZVX.exe
  C:\Windows\System\tmNjZVX.exe
  2⤵
  PID:2360
- C:\Windows\System\ndNwrGo.exe
  C:\Windows\System\ndNwrGo.exe
  2⤵
  PID:776
- C:\Windows\System\vBgyGai.exe
  C:\Windows\System\vBgyGai.exe
  2⤵
  PID:3944
- C:\Windows\System\xfgHbbF.exe
  C:\Windows\System\xfgHbbF.exe
  2⤵
  PID:3948
- C:\Windows\System\KAjWoAl.exe
  C:\Windows\System\KAjWoAl.exe
  2⤵
  PID:3844
- C:\Windows\System\bpGwcpl.exe
  C:\Windows\System\bpGwcpl.exe
  2⤵
  PID:4028
- C:\Windows\System\xcRZlxw.exe
  C:\Windows\System\xcRZlxw.exe
  2⤵
  PID:3968
- C:\Windows\System\rVnQuDc.exe
  C:\Windows\System\rVnQuDc.exe
  2⤵
  PID:4060
- C:\Windows\System\yDQwsRM.exe
  C:\Windows\System\yDQwsRM.exe
  2⤵
  PID:1424
- C:\Windows\System\bvKlpaI.exe
  C:\Windows\System\bvKlpaI.exe
  2⤵
  PID:1092
- C:\Windows\System\jLczllQ.exe
  C:\Windows\System\jLczllQ.exe
  2⤵
  PID:4088
- C:\Windows\System\WeRcLAU.exe
  C:\Windows\System\WeRcLAU.exe
  2⤵
  PID:3100
- C:\Windows\System\TaSbIKI.exe
  C:\Windows\System\TaSbIKI.exe
  2⤵
  PID:1564
- C:\Windows\System\wlftkzE.exe
  C:\Windows\System\wlftkzE.exe
  2⤵
  PID:2672
- C:\Windows\System\lkXZJfh.exe
  C:\Windows\System\lkXZJfh.exe
  2⤵
  PID:3232
- C:\Windows\System\BmOzbvs.exe
  C:\Windows\System\BmOzbvs.exe
  2⤵
  PID:3156
- C:\Windows\System\oVjaOQg.exe
  C:\Windows\System\oVjaOQg.exe
  2⤵
  PID:692
- C:\Windows\System\XtlgFTe.exe
  C:\Windows\System\XtlgFTe.exe
  2⤵
  PID:3140
- C:\Windows\System\NCKMtBi.exe
  C:\Windows\System\NCKMtBi.exe
  2⤵
  PID:3484
- C:\Windows\System\FPjhpcP.exe
  C:\Windows\System\FPjhpcP.exe
  2⤵
  PID:3372
- C:\Windows\System\odtWQqi.exe
  C:\Windows\System\odtWQqi.exe
  2⤵
  PID:3500
- C:\Windows\System\CkSCBRN.exe
  C:\Windows\System\CkSCBRN.exe
  2⤵
  PID:3296
- C:\Windows\System\uPgqWWJ.exe
  C:\Windows\System\uPgqWWJ.exe
  2⤵
  PID:3312
- C:\Windows\System\HaLzdji.exe
  C:\Windows\System\HaLzdji.exe
  2⤵
  PID:3504
- C:\Windows\System\GFZFHJc.exe
  C:\Windows\System\GFZFHJc.exe
  2⤵
  PID:1524
- C:\Windows\System\TcGGdYX.exe
  C:\Windows\System\TcGGdYX.exe
  2⤵
  PID:3564
- C:\Windows\System\uubCAqS.exe
  C:\Windows\System\uubCAqS.exe
  2⤵
  PID:3652
- C:\Windows\System\YLYARky.exe
  C:\Windows\System\YLYARky.exe
  2⤵
  PID:3736
- C:\Windows\System\zveVTXr.exe
  C:\Windows\System\zveVTXr.exe
  2⤵
  PID:3700
- C:\Windows\System\yeosdEd.exe
  C:\Windows\System\yeosdEd.exe
  2⤵
  PID:3820
- C:\Windows\System\nDQcSdW.exe
  C:\Windows\System\nDQcSdW.exe
  2⤵
  PID:2148
- C:\Windows\System\nUWBsbH.exe
  C:\Windows\System\nUWBsbH.exe
  2⤵
  PID:2264
- C:\Windows\System\OuwWwTa.exe
  C:\Windows\System\OuwWwTa.exe
  2⤵
  PID:3772
- C:\Windows\System\oLLmcPb.exe
  C:\Windows\System\oLLmcPb.exe
  2⤵
  PID:3716
- C:\Windows\System\ndEqFBD.exe
  C:\Windows\System\ndEqFBD.exe
  2⤵
  PID:2980
- C:\Windows\System\kaopaDk.exe
  C:\Windows\System\kaopaDk.exe
  2⤵
  PID:1016
- C:\Windows\System\ppRGagr.exe
  C:\Windows\System\ppRGagr.exe
  2⤵
  PID:2596
- C:\Windows\System\EUVqxEi.exe
  C:\Windows\System\EUVqxEi.exe
  2⤵
  PID:3880
- C:\Windows\System\TlIdISl.exe
  C:\Windows\System\TlIdISl.exe
  2⤵
  PID:3960
- C:\Windows\System\LSPzFak.exe
  C:\Windows\System\LSPzFak.exe
  2⤵
  PID:1944
- C:\Windows\System\YcyYXWn.exe
  C:\Windows\System\YcyYXWn.exe
  2⤵
  PID:4052
- C:\Windows\System\jzPeeFE.exe
  C:\Windows\System\jzPeeFE.exe
  2⤵
  PID:1124
- C:\Windows\System\UQfcWQy.exe
  C:\Windows\System\UQfcWQy.exe
  2⤵
  PID:3192
- C:\Windows\System\YPJXlbI.exe
  C:\Windows\System\YPJXlbI.exe
  2⤵
  PID:3224
- C:\Windows\System\gNvuCbM.exe
  C:\Windows\System\gNvuCbM.exe
  2⤵
  PID:3116
- C:\Windows\System\AQwPUNr.exe
  C:\Windows\System\AQwPUNr.exe
  2⤵
  PID:2480
- C:\Windows\System\ywwBmEl.exe
  C:\Windows\System\ywwBmEl.exe
  2⤵
  PID:1976
- C:\Windows\System\iTyXNNa.exe
  C:\Windows\System\iTyXNNa.exe
  2⤵
  PID:3440
- C:\Windows\System\IBzWPIR.exe
  C:\Windows\System\IBzWPIR.exe
  2⤵
  PID:3260
- C:\Windows\System\pbKhxji.exe
  C:\Windows\System\pbKhxji.exe
  2⤵
  PID:1432
- C:\Windows\System\QfjzdHR.exe
  C:\Windows\System\QfjzdHR.exe
  2⤵
  PID:856
- C:\Windows\System\uveMFsa.exe
  C:\Windows\System\uveMFsa.exe
  2⤵
  PID:3696
- C:\Windows\System\aPAIAtD.exe
  C:\Windows\System\aPAIAtD.exe
  2⤵
  PID:3672
- C:\Windows\System\ISIPzxW.exe
  C:\Windows\System\ISIPzxW.exe
  2⤵
  PID:3860
- C:\Windows\System\jsbQPGw.exe
  C:\Windows\System\jsbQPGw.exe
  2⤵
  PID:3712
- C:\Windows\System\bKvgUjr.exe
  C:\Windows\System\bKvgUjr.exe
  2⤵
  PID:2240
- C:\Windows\System\XhPNtTE.exe
  C:\Windows\System\XhPNtTE.exe
  2⤵
  PID:2184
- C:\Windows\System\IHWkmcs.exe
  C:\Windows\System\IHWkmcs.exe
  2⤵
  PID:3788
- C:\Windows\System\xGfpNaq.exe
  C:\Windows\System\xGfpNaq.exe
  2⤵
  PID:1748
- C:\Windows\System\qGyqygU.exe
  C:\Windows\System\qGyqygU.exe
  2⤵
  PID:3848
- C:\Windows\System\pcStZHg.exe
  C:\Windows\System\pcStZHg.exe
  2⤵
  PID:3516
- C:\Windows\System\mNiyBjn.exe
  C:\Windows\System\mNiyBjn.exe
  2⤵
  PID:3292
- C:\Windows\System\BwfGABe.exe
  C:\Windows\System\BwfGABe.exe
  2⤵
  PID:3532
- C:\Windows\System\ybbdzyA.exe
  C:\Windows\System\ybbdzyA.exe
  2⤵
  PID:2928
- C:\Windows\System\iXwXsTZ.exe
  C:\Windows\System\iXwXsTZ.exe
  2⤵
  PID:2888
- C:\Windows\System\vvIaDrk.exe
  C:\Windows\System\vvIaDrk.exe
  2⤵
  PID:3592
- C:\Windows\System\DiWAFMw.exe
  C:\Windows\System\DiWAFMw.exe
  2⤵
  PID:2952
- C:\Windows\System\gyTFCZl.exe
  C:\Windows\System\gyTFCZl.exe
  2⤵
  PID:3328
- C:\Windows\System\GhPVVvv.exe
  C:\Windows\System\GhPVVvv.exe
  2⤵
  PID:3980
- C:\Windows\System\weEopzl.exe
  C:\Windows\System\weEopzl.exe
  2⤵
  PID:3876
- C:\Windows\System\PHHDrxB.exe
  C:\Windows\System\PHHDrxB.exe
  2⤵
  PID:3280
- C:\Windows\System\vDJsCjx.exe
  C:\Windows\System\vDJsCjx.exe
  2⤵
  PID:3984
- C:\Windows\System\dslgAuq.exe
  C:\Windows\System\dslgAuq.exe
  2⤵
  PID:3996
- C:\Windows\System\aRnqUja.exe
  C:\Windows\System\aRnqUja.exe
  2⤵
  PID:3988
- C:\Windows\System\IiwvYgI.exe
  C:\Windows\System\IiwvYgI.exe
  2⤵
  PID:3648
- C:\Windows\System\RDvvqaN.exe
  C:\Windows\System\RDvvqaN.exe
  2⤵
  PID:2288
- C:\Windows\System\kwhPBEf.exe
  C:\Windows\System\kwhPBEf.exe
  2⤵
  PID:2620
- C:\Windows\System\VEUWpzQ.exe
  C:\Windows\System\VEUWpzQ.exe
  2⤵
  PID:3568
- C:\Windows\System\PAJHfqb.exe
  C:\Windows\System\PAJHfqb.exe
  2⤵
  PID:3764
- C:\Windows\System\KbOLwQE.exe
  C:\Windows\System\KbOLwQE.exe
  2⤵
  PID:1540
- C:\Windows\System\YgoufAu.exe
  C:\Windows\System\YgoufAu.exe
  2⤵
  PID:2056
- C:\Windows\System\tREaGLZ.exe
  C:\Windows\System\tREaGLZ.exe
  2⤵
  PID:3616
- C:\Windows\System\IqNnVon.exe
  C:\Windows\System\IqNnVon.exe
  2⤵
  PID:3308
- C:\Windows\System\RZCInyV.exe
  C:\Windows\System\RZCInyV.exe
  2⤵
  PID:4116
- C:\Windows\System\fGWBSNE.exe
  C:\Windows\System\fGWBSNE.exe
  2⤵
  PID:4132
- C:\Windows\System\cxLuuIn.exe
  C:\Windows\System\cxLuuIn.exe
  2⤵
  PID:4148
- C:\Windows\System\tllyUaU.exe
  C:\Windows\System\tllyUaU.exe
  2⤵
  PID:4168
- C:\Windows\System\esegTWW.exe
  C:\Windows\System\esegTWW.exe
  2⤵
  PID:4212
- C:\Windows\System\pisRDWK.exe
  C:\Windows\System\pisRDWK.exe
  2⤵
  PID:4236
- C:\Windows\System\JiQTFRN.exe
  C:\Windows\System\JiQTFRN.exe
  2⤵
  PID:4252
- C:\Windows\System\cjGfOEA.exe
  C:\Windows\System\cjGfOEA.exe
  2⤵
  PID:4268
- C:\Windows\System\mqQzRle.exe
  C:\Windows\System\mqQzRle.exe
  2⤵
  PID:4284
- C:\Windows\System\wWebDmG.exe
  C:\Windows\System\wWebDmG.exe
  2⤵
  PID:4300
- C:\Windows\System\pjWLPVl.exe
  C:\Windows\System\pjWLPVl.exe
  2⤵
  PID:4316
- C:\Windows\System\umQzrct.exe
  C:\Windows\System\umQzrct.exe
  2⤵
  PID:4332
- C:\Windows\System\OsLcpjW.exe
  C:\Windows\System\OsLcpjW.exe
  2⤵
  PID:4348
- C:\Windows\System\LxlTIwH.exe
  C:\Windows\System\LxlTIwH.exe
  2⤵
  PID:4364
- C:\Windows\System\KEJKWYz.exe
  C:\Windows\System\KEJKWYz.exe
  2⤵
  PID:4384
- C:\Windows\System\rHmTIJJ.exe
  C:\Windows\System\rHmTIJJ.exe
  2⤵
  PID:4400
- C:\Windows\System\mBGvCDV.exe
  C:\Windows\System\mBGvCDV.exe
  2⤵
  PID:4416
- C:\Windows\System\VYFAEab.exe
  C:\Windows\System\VYFAEab.exe
  2⤵
  PID:4432
- C:\Windows\System\YfwSwOQ.exe
  C:\Windows\System\YfwSwOQ.exe
  2⤵
  PID:4448
- C:\Windows\System\deWAcpk.exe
  C:\Windows\System\deWAcpk.exe
  2⤵
  PID:4464
- C:\Windows\System\LNFueoW.exe
  C:\Windows\System\LNFueoW.exe
  2⤵
  PID:4480
- C:\Windows\System\aeqnPws.exe
  C:\Windows\System\aeqnPws.exe
  2⤵
  PID:4496
- C:\Windows\System\LzXOWUj.exe
  C:\Windows\System\LzXOWUj.exe
  2⤵
  PID:4512
- C:\Windows\System\vfZnfbd.exe
  C:\Windows\System\vfZnfbd.exe
  2⤵
  PID:4528
- C:\Windows\System\vGwfJhS.exe
  C:\Windows\System\vGwfJhS.exe
  2⤵
  PID:4544
- C:\Windows\System\nOHsKOZ.exe
  C:\Windows\System\nOHsKOZ.exe
  2⤵
  PID:4560
- C:\Windows\System\bMQrdiA.exe
  C:\Windows\System\bMQrdiA.exe
  2⤵
  PID:4576
- C:\Windows\System\CkxCkVL.exe
  C:\Windows\System\CkxCkVL.exe
  2⤵
  PID:4592
- C:\Windows\System\tTcIFaK.exe
  C:\Windows\System\tTcIFaK.exe
  2⤵
  PID:4608
- C:\Windows\System\xaAzmIJ.exe
  C:\Windows\System\xaAzmIJ.exe
  2⤵
  PID:4624
- C:\Windows\System\EHklkXQ.exe
  C:\Windows\System\EHklkXQ.exe
  2⤵
  PID:4640
- C:\Windows\System\WRyCmkD.exe
  C:\Windows\System\WRyCmkD.exe
  2⤵
  PID:4656
- C:\Windows\System\MFvuffP.exe
  C:\Windows\System\MFvuffP.exe
  2⤵
  PID:4672
- C:\Windows\System\IttQXji.exe
  C:\Windows\System\IttQXji.exe
  2⤵
  PID:4688
- C:\Windows\System\uFfldwq.exe
  C:\Windows\System\uFfldwq.exe
  2⤵
  PID:4704
- C:\Windows\System\rBtwbWB.exe
  C:\Windows\System\rBtwbWB.exe
  2⤵
  PID:4720
- C:\Windows\System\qEegStg.exe
  C:\Windows\System\qEegStg.exe
  2⤵
  PID:4736
- C:\Windows\System\liBsYNL.exe
  C:\Windows\System\liBsYNL.exe
  2⤵
  PID:4756
- C:\Windows\System\SCIJHbr.exe
  C:\Windows\System\SCIJHbr.exe
  2⤵
  PID:4772
- C:\Windows\System\tLMbXQc.exe
  C:\Windows\System\tLMbXQc.exe
  2⤵
  PID:4788
- C:\Windows\System\JfCqMwj.exe
  C:\Windows\System\JfCqMwj.exe
  2⤵
  PID:4804
- C:\Windows\System\IOBQPLa.exe
  C:\Windows\System\IOBQPLa.exe
  2⤵
  PID:4820
- C:\Windows\System\IaLAGyv.exe
  C:\Windows\System\IaLAGyv.exe
  2⤵
  PID:4836
- C:\Windows\System\CfGzQit.exe
  C:\Windows\System\CfGzQit.exe
  2⤵
  PID:4852
- C:\Windows\System\fySmDHy.exe
  C:\Windows\System\fySmDHy.exe
  2⤵
  PID:4868
- C:\Windows\System\jguWqEo.exe
  C:\Windows\System\jguWqEo.exe
  2⤵
  PID:4888
- C:\Windows\System\GSoAdcz.exe
  C:\Windows\System\GSoAdcz.exe
  2⤵
  PID:4904
- C:\Windows\System\blvNdbr.exe
  C:\Windows\System\blvNdbr.exe
  2⤵
  PID:4920
- C:\Windows\System\tJtutOO.exe
  C:\Windows\System\tJtutOO.exe
  2⤵
  PID:4936
- C:\Windows\System\lhPjTvg.exe
  C:\Windows\System\lhPjTvg.exe
  2⤵
  PID:4980
- C:\Windows\System\FLcpNwN.exe
  C:\Windows\System\FLcpNwN.exe
  2⤵
  PID:4996
- C:\Windows\System\FOmXVTe.exe
  C:\Windows\System\FOmXVTe.exe
  2⤵
  PID:5016
- C:\Windows\System\WkzzYfb.exe
  C:\Windows\System\WkzzYfb.exe
  2⤵
  PID:5032
- C:\Windows\System\VugdAiH.exe
  C:\Windows\System\VugdAiH.exe
  2⤵
  PID:5048
- C:\Windows\System\lSbJgIS.exe
  C:\Windows\System\lSbJgIS.exe
  2⤵
  PID:5072
- C:\Windows\System\wLDwfzC.exe
  C:\Windows\System\wLDwfzC.exe
  2⤵
  PID:5092
- C:\Windows\System\dYEnTPR.exe
  C:\Windows\System\dYEnTPR.exe
  2⤵
  PID:5108
- C:\Windows\System\FsfqIzT.exe
  C:\Windows\System\FsfqIzT.exe
  2⤵
  PID:3824
- C:\Windows\System\TUkFgZJ.exe
  C:\Windows\System\TUkFgZJ.exe
  2⤵
  PID:2296
- C:\Windows\System\ToYHNQe.exe
  C:\Windows\System\ToYHNQe.exe
  2⤵
  PID:4124
- C:\Windows\System\jSbenFP.exe
  C:\Windows\System\jSbenFP.exe
  2⤵
  PID:4104
- C:\Windows\System\lvjoDDh.exe
  C:\Windows\System\lvjoDDh.exe
  2⤵
  PID:4176
- C:\Windows\System\WIYYLQW.exe
  C:\Windows\System\WIYYLQW.exe
  2⤵
  PID:2228
- C:\Windows\System\TqjtDbe.exe
  C:\Windows\System\TqjtDbe.exe
  2⤵
  PID:3112
- C:\Windows\System\SIKkpva.exe
  C:\Windows\System\SIKkpva.exe
  2⤵
  PID:4196
- C:\Windows\System\lefgKxx.exe
  C:\Windows\System\lefgKxx.exe
  2⤵
  PID:4184
- C:\Windows\System\vmfBpyp.exe
  C:\Windows\System\vmfBpyp.exe
  2⤵
  PID:4248
- C:\Windows\System\hMgnddD.exe
  C:\Windows\System\hMgnddD.exe
  2⤵
  PID:4312
- C:\Windows\System\jcRcCrM.exe
  C:\Windows\System\jcRcCrM.exe
  2⤵
  PID:4376
- C:\Windows\System\ynprtJN.exe
  C:\Windows\System\ynprtJN.exe
  2⤵
  PID:4260
- C:\Windows\System\zzlozyB.exe
  C:\Windows\System\zzlozyB.exe
  2⤵
  PID:4324
- C:\Windows\System\LgyTqLZ.exe
  C:\Windows\System\LgyTqLZ.exe
  2⤵
  PID:4392
- C:\Windows\System\yxiXEtL.exe
  C:\Windows\System\yxiXEtL.exe
  2⤵
  PID:4456
- C:\Windows\System\hQHIbab.exe
  C:\Windows\System\hQHIbab.exe
  2⤵
  PID:4472
- C:\Windows\System\OIWsjNd.exe
  C:\Windows\System\OIWsjNd.exe
  2⤵
  PID:4520
- C:\Windows\System\JWOXgmJ.exe
  C:\Windows\System\JWOXgmJ.exe
  2⤵
  PID:4616
- C:\Windows\System\sWgbccU.exe
  C:\Windows\System\sWgbccU.exe
  2⤵
  PID:4504
- C:\Windows\System\yETyQEM.exe
  C:\Windows\System\yETyQEM.exe
  2⤵
  PID:4568
- C:\Windows\System\HLXqKfw.exe
  C:\Windows\System\HLXqKfw.exe
  2⤵
  PID:4680
- C:\Windows\System\GEbNILp.exe
  C:\Windows\System\GEbNILp.exe
  2⤵
  PID:4600
- C:\Windows\System\hJHqkJK.exe
  C:\Windows\System\hJHqkJK.exe
  2⤵
  PID:4636
- C:\Windows\System\UBJSnUR.exe
  C:\Windows\System\UBJSnUR.exe
  2⤵
  PID:4700
- C:\Windows\System\iuKsWmX.exe
  C:\Windows\System\iuKsWmX.exe
  2⤵
  PID:4752
- C:\Windows\System\UDfJTPD.exe
  C:\Windows\System\UDfJTPD.exe
  2⤵
  PID:4816
- C:\Windows\System\dnwFkLW.exe
  C:\Windows\System\dnwFkLW.exe
  2⤵
  PID:4880
- C:\Windows\System\IgofyZG.exe
  C:\Windows\System\IgofyZG.exe
  2⤵
  PID:4768
- C:\Windows\System\BFEhabs.exe
  C:\Windows\System\BFEhabs.exe
  2⤵
  PID:1900
- C:\Windows\System\xgCtBDL.exe
  C:\Windows\System\xgCtBDL.exe
  2⤵
  PID:4896
- C:\Windows\System\IlaYkdl.exe
  C:\Windows\System\IlaYkdl.exe
  2⤵
  PID:4832
- C:\Windows\System\NCQdPdx.exe
  C:\Windows\System\NCQdPdx.exe
  2⤵
  PID:4952
- C:\Windows\System\IsbQcxd.exe
  C:\Windows\System\IsbQcxd.exe
  2⤵
  PID:4968
- C:\Windows\System\YRzFVcS.exe
  C:\Windows\System\YRzFVcS.exe
  2⤵
  PID:5008
- C:\Windows\System\fSjpGME.exe
  C:\Windows\System\fSjpGME.exe
  2⤵
  PID:4992
- C:\Windows\System\GXBRzru.exe
  C:\Windows\System\GXBRzru.exe
  2⤵
  PID:5064
- C:\Windows\System\HVmpgZE.exe
  C:\Windows\System\HVmpgZE.exe
  2⤵
  PID:5060
- C:\Windows\System\MlREvJz.exe
  C:\Windows\System\MlREvJz.exe
  2⤵
  PID:5068
- C:\Windows\System\sMuagdF.exe
  C:\Windows\System\sMuagdF.exe
  2⤵
  PID:2040
- C:\Windows\System\qSqavFw.exe
  C:\Windows\System\qSqavFw.exe
  2⤵
  PID:1964
- C:\Windows\System\pJgUrlD.exe
  C:\Windows\System\pJgUrlD.exe
  2⤵
  PID:4280
- C:\Windows\System\zrCeCkS.exe
  C:\Windows\System\zrCeCkS.exe
  2⤵
  PID:4356
- C:\Windows\System\PyJwWEL.exe
  C:\Windows\System\PyJwWEL.exe
  2⤵
  PID:4444
- C:\Windows\System\EXyRiyB.exe
  C:\Windows\System\EXyRiyB.exe
  2⤵
  PID:2640
- C:\Windows\System\vIhltDU.exe
  C:\Windows\System\vIhltDU.exe
  2⤵
  PID:4344
- C:\Windows\System\lWShpbo.exe
  C:\Windows\System\lWShpbo.exe
  2⤵
  PID:3344
- C:\Windows\System\RIBnhXy.exe
  C:\Windows\System\RIBnhXy.exe
  2⤵
  PID:4488
- C:\Windows\System\SbfnHXu.exe
  C:\Windows\System\SbfnHXu.exe
  2⤵
  PID:4492
- C:\Windows\System\LgSsafz.exe
  C:\Windows\System\LgSsafz.exe
  2⤵
  PID:4716
- C:\Windows\System\ozgugFs.exe
  C:\Windows\System\ozgugFs.exe
  2⤵
  PID:4652
- C:\Windows\System\LXxXRwn.exe
  C:\Windows\System\LXxXRwn.exe
  2⤵
  PID:4812
- C:\Windows\System\KuhZzrP.exe
  C:\Windows\System\KuhZzrP.exe
  2⤵
  PID:4748
- C:\Windows\System\kRQyfnD.exe
  C:\Windows\System\kRQyfnD.exe
  2⤵
  PID:4912
- C:\Windows\System\CcBKmfI.exe
  C:\Windows\System\CcBKmfI.exe
  2⤵
  PID:4876
- C:\Windows\System\nhdnTdL.exe
  C:\Windows\System\nhdnTdL.exe
  2⤵
  PID:4976
- C:\Windows\System\YsHFiIT.exe
  C:\Windows\System\YsHFiIT.exe
  2⤵
  PID:5040
- C:\Windows\System\kcqvBYd.exe
  C:\Windows\System\kcqvBYd.exe
  2⤵
  PID:5028
- C:\Windows\System\VBEwpoH.exe
  C:\Windows\System\VBEwpoH.exe
  2⤵
  PID:5080
- C:\Windows\System\MjeCfck.exe
  C:\Windows\System\MjeCfck.exe
  2⤵
  PID:3408
- C:\Windows\System\PYFEnoF.exe
  C:\Windows\System\PYFEnoF.exe
  2⤵
  PID:4412
- C:\Windows\System\newJFFJ.exe
  C:\Windows\System\newJFFJ.exe
  2⤵
  PID:4232
- C:\Windows\System\UYbbsvn.exe
  C:\Windows\System\UYbbsvn.exe
  2⤵
  PID:4428
- C:\Windows\System\PiKqszi.exe
  C:\Windows\System\PiKqszi.exe
  2⤵
  PID:4164
- C:\Windows\System\gcmJveS.exe
  C:\Windows\System\gcmJveS.exe
  2⤵
  PID:4620
- C:\Windows\System\OBOdXin.exe
  C:\Windows\System\OBOdXin.exe
  2⤵
  PID:4944
- C:\Windows\System\rpOkddc.exe
  C:\Windows\System\rpOkddc.exe
  2⤵
  PID:5100
- C:\Windows\System\bdYsTgo.exe
  C:\Windows\System\bdYsTgo.exe
  2⤵
  PID:4188
- C:\Windows\System\Yjwzadw.exe
  C:\Windows\System\Yjwzadw.exe
  2⤵
  PID:5004
- C:\Windows\System\yFACmRJ.exe
  C:\Windows\System\yFACmRJ.exe
  2⤵
  PID:4784
- C:\Windows\System\wvyvJLT.exe
  C:\Windows\System\wvyvJLT.exe
  2⤵
  PID:4200
- C:\Windows\System\YjkjKKM.exe
  C:\Windows\System\YjkjKKM.exe
  2⤵
  PID:932
- C:\Windows\System\TEQfiSg.exe
  C:\Windows\System\TEQfiSg.exe
  2⤵
  PID:4424
- C:\Windows\System\WwptFyz.exe
  C:\Windows\System\WwptFyz.exe
  2⤵
  PID:4732
- C:\Windows\System\dgtJdbG.exe
  C:\Windows\System\dgtJdbG.exe
  2⤵
  PID:4204
- C:\Windows\System\IfZoKUZ.exe
  C:\Windows\System\IfZoKUZ.exe
  2⤵
  PID:5056
- C:\Windows\System\XcZHHPH.exe
  C:\Windows\System\XcZHHPH.exe
  2⤵
  PID:4228
- C:\Windows\System\HyzgpMj.exe
  C:\Windows\System\HyzgpMj.exe
  2⤵
  PID:4292
- C:\Windows\System\EnhfsSB.exe
  C:\Windows\System\EnhfsSB.exe
  2⤵
  PID:5136
- C:\Windows\System\yNVRmLE.exe
  C:\Windows\System\yNVRmLE.exe
  2⤵
  PID:5152
- C:\Windows\System\YEDtJSW.exe
  C:\Windows\System\YEDtJSW.exe
  2⤵
  PID:5168
- C:\Windows\System\zKQXjwR.exe
  C:\Windows\System\zKQXjwR.exe
  2⤵
  PID:5184
- C:\Windows\System\aeGUfiI.exe
  C:\Windows\System\aeGUfiI.exe
  2⤵
  PID:5200
- C:\Windows\System\Krtmwln.exe
  C:\Windows\System\Krtmwln.exe
  2⤵
  PID:5216
- C:\Windows\System\BswrSrl.exe
  C:\Windows\System\BswrSrl.exe
  2⤵
  PID:5232
- C:\Windows\System\iZtNXZs.exe
  C:\Windows\System\iZtNXZs.exe
  2⤵
  PID:5248
- C:\Windows\System\NwVaGpQ.exe
  C:\Windows\System\NwVaGpQ.exe
  2⤵
  PID:5264
- C:\Windows\System\elamuuL.exe
  C:\Windows\System\elamuuL.exe
  2⤵
  PID:5280
- C:\Windows\System\aJlbPTd.exe
  C:\Windows\System\aJlbPTd.exe
  2⤵
  PID:5296
- C:\Windows\System\yulbXBN.exe
  C:\Windows\System\yulbXBN.exe
  2⤵
  PID:5312
- C:\Windows\System\EROrpju.exe
  C:\Windows\System\EROrpju.exe
  2⤵
  PID:5328
- C:\Windows\System\rTOgYuc.exe
  C:\Windows\System\rTOgYuc.exe
  2⤵
  PID:5344
- C:\Windows\System\oTItVlc.exe
  C:\Windows\System\oTItVlc.exe
  2⤵
  PID:5360
- C:\Windows\System\DuNwUrM.exe
  C:\Windows\System\DuNwUrM.exe
  2⤵
  PID:5376
- C:\Windows\System\WbgHVLT.exe
  C:\Windows\System\WbgHVLT.exe
  2⤵
  PID:5392
- C:\Windows\System\itVvmYs.exe
  C:\Windows\System\itVvmYs.exe
  2⤵
  PID:5408
- C:\Windows\System\mJAOBUW.exe
  C:\Windows\System\mJAOBUW.exe
  2⤵
  PID:5424
- C:\Windows\System\NlozWTi.exe
  C:\Windows\System\NlozWTi.exe
  2⤵
  PID:5440
- C:\Windows\System\wmIpZmE.exe
  C:\Windows\System\wmIpZmE.exe
  2⤵
  PID:5456
- C:\Windows\System\JzGlNDQ.exe
  C:\Windows\System\JzGlNDQ.exe
  2⤵
  PID:5472
- C:\Windows\System\FabxzMH.exe
  C:\Windows\System\FabxzMH.exe
  2⤵
  PID:5488
- C:\Windows\System\QBEwBqW.exe
  C:\Windows\System\QBEwBqW.exe
  2⤵
  PID:5504
- C:\Windows\System\FoESWsV.exe
  C:\Windows\System\FoESWsV.exe
  2⤵
  PID:5520
- C:\Windows\System\ETYbxJL.exe
  C:\Windows\System\ETYbxJL.exe
  2⤵
  PID:5536
- C:\Windows\System\bSQtIkU.exe
  C:\Windows\System\bSQtIkU.exe
  2⤵
  PID:5552
- C:\Windows\System\eRndbFn.exe
  C:\Windows\System\eRndbFn.exe
  2⤵
  PID:5568
- C:\Windows\System\wNYdvuP.exe
  C:\Windows\System\wNYdvuP.exe
  2⤵
  PID:5584
- C:\Windows\System\riMwPLt.exe
  C:\Windows\System\riMwPLt.exe
  2⤵
  PID:5600
- C:\Windows\System\gJYXPFs.exe
  C:\Windows\System\gJYXPFs.exe
  2⤵
  PID:5616
- C:\Windows\System\nRvlwPT.exe
  C:\Windows\System\nRvlwPT.exe
  2⤵
  PID:5632
- C:\Windows\System\vZsntHe.exe
  C:\Windows\System\vZsntHe.exe
  2⤵
  PID:5652
- C:\Windows\System\WiqttFo.exe
  C:\Windows\System\WiqttFo.exe
  2⤵
  PID:5672
- C:\Windows\System\bWWiDEk.exe
  C:\Windows\System\bWWiDEk.exe
  2⤵
  PID:5688
- C:\Windows\System\OmgtSHX.exe
  C:\Windows\System\OmgtSHX.exe
  2⤵
  PID:5704
- C:\Windows\System\zjjaLaI.exe
  C:\Windows\System\zjjaLaI.exe
  2⤵
  PID:5720
- C:\Windows\System\CocTXVZ.exe
  C:\Windows\System\CocTXVZ.exe
  2⤵
  PID:5736
- C:\Windows\System\KUDPPxl.exe
  C:\Windows\System\KUDPPxl.exe
  2⤵
  PID:5756
- C:\Windows\System\GWkDHqq.exe
  C:\Windows\System\GWkDHqq.exe
  2⤵
  PID:5772
- C:\Windows\System\URbzsHU.exe
  C:\Windows\System\URbzsHU.exe
  2⤵
  PID:5788
- C:\Windows\System\qpDbknU.exe
  C:\Windows\System\qpDbknU.exe
  2⤵
  PID:5804
- C:\Windows\System\OVkKzFp.exe
  C:\Windows\System\OVkKzFp.exe
  2⤵
  PID:5820
- C:\Windows\System\kPacHGe.exe
  C:\Windows\System\kPacHGe.exe
  2⤵
  PID:5836
- C:\Windows\System\GBAXxcM.exe
  C:\Windows\System\GBAXxcM.exe
  2⤵
  PID:5852
- C:\Windows\System\VsAkTRn.exe
  C:\Windows\System\VsAkTRn.exe
  2⤵
  PID:5868
- C:\Windows\System\VIEFghi.exe
  C:\Windows\System\VIEFghi.exe
  2⤵
  PID:5884
- C:\Windows\System\UodwnQB.exe
  C:\Windows\System\UodwnQB.exe
  2⤵
  PID:5900
- C:\Windows\System\SruHKUm.exe
  C:\Windows\System\SruHKUm.exe
  2⤵
  PID:5916
- C:\Windows\System\FYjtEBD.exe
  C:\Windows\System\FYjtEBD.exe
  2⤵
  PID:5932
- C:\Windows\System\HaMLAGf.exe
  C:\Windows\System\HaMLAGf.exe
  2⤵
  PID:5948
- C:\Windows\System\eihHlpU.exe
  C:\Windows\System\eihHlpU.exe
  2⤵
  PID:5964
- C:\Windows\System\JHyjVAS.exe
  C:\Windows\System\JHyjVAS.exe
  2⤵
  PID:5984
- C:\Windows\System\yRRikmL.exe
  C:\Windows\System\yRRikmL.exe
  2⤵
  PID:6000
- C:\Windows\System\TrgQMaT.exe
  C:\Windows\System\TrgQMaT.exe
  2⤵
  PID:6016
- C:\Windows\System\VpUPGoS.exe
  C:\Windows\System\VpUPGoS.exe
  2⤵
  PID:6032
- C:\Windows\System\VEpBATi.exe
  C:\Windows\System\VEpBATi.exe
  2⤵
  PID:6048
- C:\Windows\System\oGxmuwL.exe
  C:\Windows\System\oGxmuwL.exe
  2⤵
  PID:6064
- C:\Windows\System\fdOVgnM.exe
  C:\Windows\System\fdOVgnM.exe
  2⤵
  PID:6080
- C:\Windows\System\TTBHfNG.exe
  C:\Windows\System\TTBHfNG.exe
  2⤵
  PID:6096
- C:\Windows\System\AgBuoYx.exe
  C:\Windows\System\AgBuoYx.exe
  2⤵
  PID:6112
- C:\Windows\System\QYEDnNH.exe
  C:\Windows\System\QYEDnNH.exe
  2⤵
  PID:6132
- C:\Windows\System\uanUHAS.exe
  C:\Windows\System\uanUHAS.exe
  2⤵
  PID:5116
- C:\Windows\System\DIxMpXT.exe
  C:\Windows\System\DIxMpXT.exe
  2⤵
  PID:5176
- C:\Windows\System\QctumeK.exe
  C:\Windows\System\QctumeK.exe
  2⤵
  PID:5244
- C:\Windows\System\ERMYkUo.exe
  C:\Windows\System\ERMYkUo.exe
  2⤵
  PID:5212
- C:\Windows\System\zOYlhjz.exe
  C:\Windows\System\zOYlhjz.exe
  2⤵
  PID:5132
- C:\Windows\System\xghvylN.exe
  C:\Windows\System\xghvylN.exe
  2⤵
  PID:5196
- C:\Windows\System\obRExVs.exe
  C:\Windows\System\obRExVs.exe
  2⤵
  PID:5260
- C:\Windows\System\XmqISDd.exe
  C:\Windows\System\XmqISDd.exe
  2⤵
  PID:5324
- C:\Windows\System\utvJwQR.exe
  C:\Windows\System\utvJwQR.exe
  2⤵
  PID:5416
- C:\Windows\System\ppzUNwx.exe
  C:\Windows\System\ppzUNwx.exe
  2⤵
  PID:5420
- C:\Windows\System\WOjagLh.exe
  C:\Windows\System\WOjagLh.exe
  2⤵
  PID:5484
- C:\Windows\System\vGXdaCo.exe
  C:\Windows\System\vGXdaCo.exe
  2⤵
  PID:5464
- C:\Windows\System\TUiwgWz.exe
  C:\Windows\System\TUiwgWz.exe
  2⤵
  PID:5512
- C:\Windows\System\CjidqjQ.exe
  C:\Windows\System\CjidqjQ.exe
  2⤵
  PID:5532
- C:\Windows\System\dvLaSCZ.exe
  C:\Windows\System\dvLaSCZ.exe
  2⤵
  PID:5624
- C:\Windows\System\EGYyEec.exe
  C:\Windows\System\EGYyEec.exe
  2⤵
  PID:5696
- C:\Windows\System\xayNWvx.exe
  C:\Windows\System\xayNWvx.exe
  2⤵
  PID:5528
- C:\Windows\System\TpxbTcy.exe
  C:\Windows\System\TpxbTcy.exe
  2⤵
  PID:5544
- C:\Windows\System\WymwBcQ.exe
  C:\Windows\System\WymwBcQ.exe
  2⤵
  PID:5612
- C:\Windows\System\ZufEsZb.exe
  C:\Windows\System\ZufEsZb.exe
  2⤵
  PID:5764
- C:\Windows\System\TONuZJO.exe
  C:\Windows\System\TONuZJO.exe
  2⤵
  PID:5864
- C:\Windows\System\oLPcUIE.exe
  C:\Windows\System\oLPcUIE.exe
  2⤵
  PID:5928
- C:\Windows\System\QsriIbn.exe
  C:\Windows\System\QsriIbn.exe
  2⤵
  PID:5648
- C:\Windows\System\VXORcCq.exe
  C:\Windows\System\VXORcCq.exe
  2⤵
  PID:5716
- C:\Windows\System\tsPPnEo.exe
  C:\Windows\System\tsPPnEo.exe
  2⤵
  PID:5784
- C:\Windows\System\ZgCLchK.exe
  C:\Windows\System\ZgCLchK.exe
  2⤵
  PID:5848
- C:\Windows\System\uevECaK.exe
  C:\Windows\System\uevECaK.exe
  2⤵
  PID:6028
- C:\Windows\System\ezfBgRO.exe
  C:\Windows\System\ezfBgRO.exe
  2⤵
  PID:5972
- C:\Windows\System\LxdzqAp.exe
  C:\Windows\System\LxdzqAp.exe
  2⤵
  PID:5980
- C:\Windows\System\HSADHPs.exe
  C:\Windows\System\HSADHPs.exe
  2⤵
  PID:6040
- C:\Windows\System\zrEHgBE.exe
  C:\Windows\System\zrEHgBE.exe
  2⤵
  PID:5996
- C:\Windows\System\HxUbRTQ.exe
  C:\Windows\System\HxUbRTQ.exe
  2⤵
  PID:6024
- C:\Windows\System\ZsRHHTO.exe
  C:\Windows\System\ZsRHHTO.exe
  2⤵
  PID:5208
- C:\Windows\System\DQZVYQc.exe
  C:\Windows\System\DQZVYQc.exe
  2⤵
  PID:6128
- C:\Windows\System\tiJwaXz.exe
  C:\Windows\System\tiJwaXz.exe
  2⤵
  PID:5256
- C:\Windows\System\UBJRUtH.exe
  C:\Windows\System\UBJRUtH.exe
  2⤵
  PID:5452
- C:\Windows\System\PEJslRI.exe
  C:\Windows\System\PEJslRI.exe
  2⤵
  PID:5340
- C:\Windows\System\PkzwIhn.exe
  C:\Windows\System\PkzwIhn.exe
  2⤵
  PID:5404
- C:\Windows\System\UsMhFLP.exe
  C:\Windows\System\UsMhFLP.exe
  2⤵
  PID:5320
- C:\Windows\System\sOnPrIe.exe
  C:\Windows\System\sOnPrIe.exe
  2⤵
  PID:5668
- C:\Windows\System\QrjSSpo.exe
  C:\Windows\System\QrjSSpo.exe
  2⤵
  PID:5700
- C:\Windows\System\GmwITtW.exe
  C:\Windows\System\GmwITtW.exe
  2⤵
  PID:5576
- C:\Windows\System\xwVgnwu.exe
  C:\Windows\System\xwVgnwu.exe
  2⤵
  PID:5828
- C:\Windows\System\GSjoEgp.exe
  C:\Windows\System\GSjoEgp.exe
  2⤵
  PID:5860
- C:\Windows\System\fpMnArU.exe
  C:\Windows\System\fpMnArU.exe
  2⤵
  PID:5976
- C:\Windows\System\oOtehXG.exe
  C:\Windows\System\oOtehXG.exe
  2⤵
  PID:5644
- C:\Windows\System\cuaAsCC.exe
  C:\Windows\System\cuaAsCC.exe
  2⤵
  PID:6012
- C:\Windows\System\aFqKMPo.exe
  C:\Windows\System\aFqKMPo.exe
  2⤵
  PID:5816
- C:\Windows\System\VHqsxsc.exe
  C:\Windows\System\VHqsxsc.exe
  2⤵
  PID:4764
- C:\Windows\System\ANOvHfs.exe
  C:\Windows\System\ANOvHfs.exe
  2⤵
  PID:6124
- C:\Windows\System\QcaixJa.exe
  C:\Windows\System\QcaixJa.exe
  2⤵
  PID:6104
- C:\Windows\System\lrlfOaw.exe
  C:\Windows\System\lrlfOaw.exe
  2⤵
  PID:5192
- C:\Windows\System\tmXiivF.exe
  C:\Windows\System\tmXiivF.exe
  2⤵
  PID:5796
- C:\Windows\System\bkDKeLp.exe
  C:\Windows\System\bkDKeLp.exe
  2⤵
  PID:5664
- C:\Windows\System\EdEHAal.exe
  C:\Windows\System\EdEHAal.exe
  2⤵
  PID:4884
- C:\Windows\System\oxHUaew.exe
  C:\Windows\System\oxHUaew.exe
  2⤵
  PID:5732
- C:\Windows\System\wAhaxBm.exe
  C:\Windows\System\wAhaxBm.exe
  2⤵
  PID:6044
- C:\Windows\System\krcIrOB.exe
  C:\Windows\System\krcIrOB.exe
  2⤵
  PID:5712
- C:\Windows\System\ovsKdof.exe
  C:\Windows\System\ovsKdof.exe
  2⤵
  PID:5128
- C:\Windows\System\MbPEdkt.exe
  C:\Windows\System\MbPEdkt.exe
  2⤵
  PID:5628
- C:\Windows\System\TFDTfND.exe
  C:\Windows\System\TFDTfND.exe
  2⤵
  PID:5940
- C:\Windows\System\amDyEuV.exe
  C:\Windows\System\amDyEuV.exe
  2⤵
  PID:6152
- C:\Windows\System\fBKcPzF.exe
  C:\Windows\System\fBKcPzF.exe
  2⤵
  PID:6168
- C:\Windows\System\cokKCYs.exe
  C:\Windows\System\cokKCYs.exe
  2⤵
  PID:6184
- C:\Windows\System\qtnnrnJ.exe
  C:\Windows\System\qtnnrnJ.exe
  2⤵
  PID:6200
- C:\Windows\System\ulrwSWp.exe
  C:\Windows\System\ulrwSWp.exe
  2⤵
  PID:6216
- C:\Windows\System\LZllpCJ.exe
  C:\Windows\System\LZllpCJ.exe
  2⤵
  PID:6232
- C:\Windows\System\zCAtFvp.exe
  C:\Windows\System\zCAtFvp.exe
  2⤵
  PID:6248
- C:\Windows\System\VvRBxJX.exe
  C:\Windows\System\VvRBxJX.exe
  2⤵
  PID:6264
- C:\Windows\System\dfrhEoS.exe
  C:\Windows\System\dfrhEoS.exe
  2⤵
  PID:6280
- C:\Windows\System\vkdhbTH.exe
  C:\Windows\System\vkdhbTH.exe
  2⤵
  PID:6296
- C:\Windows\System\XoLiQGE.exe
  C:\Windows\System\XoLiQGE.exe
  2⤵
  PID:6312
- C:\Windows\System\gWkVtYf.exe
  C:\Windows\System\gWkVtYf.exe
  2⤵
  PID:6328
- C:\Windows\System\UAdXIgZ.exe
  C:\Windows\System\UAdXIgZ.exe
  2⤵
  PID:6344
- C:\Windows\System\LjBDgmU.exe
  C:\Windows\System\LjBDgmU.exe
  2⤵
  PID:6360
- C:\Windows\System\ifSdyId.exe
  C:\Windows\System\ifSdyId.exe
  2⤵
  PID:6376
- C:\Windows\System\QVqtKOP.exe
  C:\Windows\System\QVqtKOP.exe
  2⤵
  PID:6392
- C:\Windows\System\zUCHCLy.exe
  C:\Windows\System\zUCHCLy.exe
  2⤵
  PID:6408
- C:\Windows\System\saiMqol.exe
  C:\Windows\System\saiMqol.exe
  2⤵
  PID:6424
- C:\Windows\System\sYPwWGy.exe
  C:\Windows\System\sYPwWGy.exe
  2⤵
  PID:6440
- C:\Windows\System\biDaPYD.exe
  C:\Windows\System\biDaPYD.exe
  2⤵
  PID:6456
- C:\Windows\System\bjCiLFd.exe
  C:\Windows\System\bjCiLFd.exe
  2⤵
  PID:6472
- C:\Windows\System\JmPRTCA.exe
  C:\Windows\System\JmPRTCA.exe
  2⤵
  PID:6488
- C:\Windows\System\pPWmQWK.exe
  C:\Windows\System\pPWmQWK.exe
  2⤵
  PID:6504
- C:\Windows\System\mWSmJRk.exe
  C:\Windows\System\mWSmJRk.exe
  2⤵
  PID:6520
- C:\Windows\System\kBoCNLd.exe
  C:\Windows\System\kBoCNLd.exe
  2⤵
  PID:6536
- C:\Windows\System\NWIujix.exe
  C:\Windows\System\NWIujix.exe
  2⤵
  PID:6552
- C:\Windows\System\BKtpFWW.exe
  C:\Windows\System\BKtpFWW.exe
  2⤵
  PID:6568
- C:\Windows\System\aodmBKJ.exe
  C:\Windows\System\aodmBKJ.exe
  2⤵
  PID:6584
- C:\Windows\System\pWQmLkw.exe
  C:\Windows\System\pWQmLkw.exe
  2⤵
  PID:6600
- C:\Windows\System\lTeBTWc.exe
  C:\Windows\System\lTeBTWc.exe
  2⤵
  PID:6616
- C:\Windows\System\twhyHKs.exe
  C:\Windows\System\twhyHKs.exe
  2⤵
  PID:6636
- C:\Windows\System\yJndqQl.exe
  C:\Windows\System\yJndqQl.exe
  2⤵
  PID:6652
- C:\Windows\System\GbjkKEs.exe
  C:\Windows\System\GbjkKEs.exe
  2⤵
  PID:6668
- C:\Windows\System\LPHVcYm.exe
  C:\Windows\System\LPHVcYm.exe
  2⤵
  PID:6684
- C:\Windows\System\CmjuMUi.exe
  C:\Windows\System\CmjuMUi.exe
  2⤵
  PID:6700
- C:\Windows\System\gLgxfAJ.exe
  C:\Windows\System\gLgxfAJ.exe
  2⤵
  PID:6716
- C:\Windows\System\hyflWpL.exe
  C:\Windows\System\hyflWpL.exe
  2⤵
  PID:6732
- C:\Windows\System\GpLhkzx.exe
  C:\Windows\System\GpLhkzx.exe
  2⤵
  PID:6748
- C:\Windows\System\EBfzuIO.exe
  C:\Windows\System\EBfzuIO.exe
  2⤵
  PID:6764
- C:\Windows\System\zcIGsLL.exe
  C:\Windows\System\zcIGsLL.exe
  2⤵
  PID:6780
- C:\Windows\System\xspFKuA.exe
  C:\Windows\System\xspFKuA.exe
  2⤵
  PID:6796
- C:\Windows\System\RqIgbKz.exe
  C:\Windows\System\RqIgbKz.exe
  2⤵
  PID:6812
- C:\Windows\System\mUjTAPt.exe
  C:\Windows\System\mUjTAPt.exe
  2⤵
  PID:6828
- C:\Windows\System\aitDxII.exe
  C:\Windows\System\aitDxII.exe
  2⤵
  PID:6844
- C:\Windows\System\GclZtKd.exe
  C:\Windows\System\GclZtKd.exe
  2⤵
  PID:6860
- C:\Windows\System\dWnMXqu.exe
  C:\Windows\System\dWnMXqu.exe
  2⤵
  PID:6876
- C:\Windows\System\DsVLcAf.exe
  C:\Windows\System\DsVLcAf.exe
  2⤵
  PID:6892
- C:\Windows\System\fwBnfVB.exe
  C:\Windows\System\fwBnfVB.exe
  2⤵
  PID:6912
- C:\Windows\System\elNVBrv.exe
  C:\Windows\System\elNVBrv.exe
  2⤵
  PID:6928
- C:\Windows\System\rMCKJbr.exe
  C:\Windows\System\rMCKJbr.exe
  2⤵
  PID:6944
- C:\Windows\System\VIRsiCw.exe
  C:\Windows\System\VIRsiCw.exe
  2⤵
  PID:6960
- C:\Windows\System\JoBsNfe.exe
  C:\Windows\System\JoBsNfe.exe
  2⤵
  PID:6976
- C:\Windows\System\QhPxwOh.exe
  C:\Windows\System\QhPxwOh.exe
  2⤵
  PID:6992
- C:\Windows\System\loSZCrJ.exe
  C:\Windows\System\loSZCrJ.exe
  2⤵
  PID:7008
- C:\Windows\System\luWesRp.exe
  C:\Windows\System\luWesRp.exe
  2⤵
  PID:7024
- C:\Windows\System\CdGbxUS.exe
  C:\Windows\System\CdGbxUS.exe
  2⤵
  PID:7040
- C:\Windows\System\KqcDPYP.exe
  C:\Windows\System\KqcDPYP.exe
  2⤵
  PID:7056
- C:\Windows\System\gkoqGLQ.exe
  C:\Windows\System\gkoqGLQ.exe
  2⤵
  PID:7072
- C:\Windows\System\dvEOByP.exe
  C:\Windows\System\dvEOByP.exe
  2⤵
  PID:7088
- C:\Windows\System\peMihLZ.exe
  C:\Windows\System\peMihLZ.exe
  2⤵
  PID:7104
- C:\Windows\System\JMxldCe.exe
  C:\Windows\System\JMxldCe.exe
  2⤵
  PID:7120
- C:\Windows\System\TRnPyaL.exe
  C:\Windows\System\TRnPyaL.exe
  2⤵
  PID:7136
- C:\Windows\System\abAzzLb.exe
  C:\Windows\System\abAzzLb.exe
  2⤵
  PID:7152
- C:\Windows\System\dLNAXME.exe
  C:\Windows\System\dLNAXME.exe
  2⤵
  PID:5516
- C:\Windows\System\FOvXsTT.exe
  C:\Windows\System\FOvXsTT.exe
  2⤵
  PID:5896
- C:\Windows\System\fHuotsk.exe
  C:\Windows\System\fHuotsk.exe
  2⤵
  PID:6192
- C:\Windows\System\ifTtZLf.exe
  C:\Windows\System\ifTtZLf.exe
  2⤵
  PID:6212
- C:\Windows\System\bNBsatY.exe
  C:\Windows\System\bNBsatY.exe
  2⤵
  PID:6208
- C:\Windows\System\gkNTYJu.exe
  C:\Windows\System\gkNTYJu.exe
  2⤵
  PID:5336
- C:\Windows\System\WrhAKjD.exe
  C:\Windows\System\WrhAKjD.exe
  2⤵
  PID:6140
- C:\Windows\System\rQCrcKm.exe
  C:\Windows\System\rQCrcKm.exe
  2⤵
  PID:6272
- C:\Windows\System\GXOhWrg.exe
  C:\Windows\System\GXOhWrg.exe
  2⤵
  PID:6288
- C:\Windows\System\drMERru.exe
  C:\Windows\System\drMERru.exe
  2⤵
  PID:6352
- C:\Windows\System\fGMHwPj.exe
  C:\Windows\System\fGMHwPj.exe
  2⤵
  PID:6384
- C:\Windows\System\BlxzDBC.exe
  C:\Windows\System\BlxzDBC.exe
  2⤵
  PID:6368
- C:\Windows\System\awzTZmE.exe
  C:\Windows\System\awzTZmE.exe
  2⤵
  PID:6484
- C:\Windows\System\BWnGlRX.exe
  C:\Windows\System\BWnGlRX.exe
  2⤵
  PID:6436
- C:\Windows\System\OWbLZax.exe
  C:\Windows\System\OWbLZax.exe
  2⤵
  PID:6500
- C:\Windows\System\CNYCtsW.exe
  C:\Windows\System\CNYCtsW.exe
  2⤵
  PID:6576
- C:\Windows\System\nRzKhjW.exe
  C:\Windows\System\nRzKhjW.exe
  2⤵
  PID:6644
- C:\Windows\System\eqoIkut.exe
  C:\Windows\System\eqoIkut.exe
  2⤵
  PID:6680
- C:\Windows\System\XiHjhwY.exe
  C:\Windows\System\XiHjhwY.exe
  2⤵
  PID:6628
- C:\Windows\System\LklitDO.exe
  C:\Windows\System\LklitDO.exe
  2⤵
  PID:6664
- C:\Windows\System\PrFxSAV.exe
  C:\Windows\System\PrFxSAV.exe
  2⤵
  PID:6744
- C:\Windows\System\SUYEsPr.exe
  C:\Windows\System\SUYEsPr.exe
  2⤵
  PID:6808
- C:\Windows\System\jShWioa.exe
  C:\Windows\System\jShWioa.exe
  2⤵
  PID:6868
- C:\Windows\System\qBAiEAZ.exe
  C:\Windows\System\qBAiEAZ.exe
  2⤵
  PID:6852
- C:\Windows\System\tQrSLTA.exe
  C:\Windows\System\tQrSLTA.exe
  2⤵
  PID:6760
- C:\Windows\System\tUbupZT.exe
  C:\Windows\System\tUbupZT.exe
  2⤵
  PID:6824
- C:\Windows\System\YxHzIMg.exe
  C:\Windows\System\YxHzIMg.exe
  2⤵
  PID:6936
- C:\Windows\System\HHIoSKo.exe
  C:\Windows\System\HHIoSKo.exe
  2⤵
  PID:6984
- C:\Windows\System\kkObjTC.exe
  C:\Windows\System\kkObjTC.exe
  2⤵
  PID:7084
- C:\Windows\System\AuqMgkw.exe
  C:\Windows\System\AuqMgkw.exe
  2⤵
  PID:6972
- C:\Windows\System\EClFNOw.exe
  C:\Windows\System\EClFNOw.exe
  2⤵
  PID:7036
- C:\Windows\System\pdtQlXy.exe
  C:\Windows\System\pdtQlXy.exe
  2⤵
  PID:7100
- C:\Windows\System\UpZiWFf.exe
  C:\Windows\System\UpZiWFf.exe
  2⤵
  PID:7052
- C:\Windows\System\aZkFETZ.exe
  C:\Windows\System\aZkFETZ.exe
  2⤵
  PID:5276
- C:\Windows\System\szYKMFb.exe
  C:\Windows\System\szYKMFb.exe
  2⤵
  PID:6148
- C:\Windows\System\EOPUMpK.exe
  C:\Windows\System\EOPUMpK.exe
  2⤵
  PID:6324
- C:\Windows\System\zvpsNvs.exe
  C:\Windows\System\zvpsNvs.exe
  2⤵
  PID:7132
- C:\Windows\System\zeNkcrE.exe
  C:\Windows\System\zeNkcrE.exe
  2⤵
  PID:7160
- C:\Windows\System\anJSLFO.exe
  C:\Windows\System\anJSLFO.exe
  2⤵
  PID:6244
- C:\Windows\System\EJiejJm.exe
  C:\Windows\System\EJiejJm.exe
  2⤵
  PID:6304
- C:\Windows\System\lcPDMCD.exe
  C:\Windows\System\lcPDMCD.exe
  2⤵
  PID:6224
- C:\Windows\System\xchTeqk.exe
  C:\Windows\System\xchTeqk.exe
  2⤵
  PID:6516
- C:\Windows\System\YUyGTXb.exe
  C:\Windows\System\YUyGTXb.exe
  2⤵
  PID:6528
- C:\Windows\System\GEeGuyN.exe
  C:\Windows\System\GEeGuyN.exe
  2⤵
  PID:6532
- C:\Windows\System\NaJVKKD.exe
  C:\Windows\System\NaJVKKD.exe
  2⤵
  PID:6624
- C:\Windows\System\pppdomK.exe
  C:\Windows\System\pppdomK.exe
  2⤵
  PID:6776
- C:\Windows\System\ETiTdUc.exe
  C:\Windows\System\ETiTdUc.exe
  2⤵
  PID:5752
- C:\Windows\System\yfmTyWQ.exe
  C:\Windows\System\yfmTyWQ.exe
  2⤵
  PID:6924
- C:\Windows\System\mJKorUN.exe
  C:\Windows\System\mJKorUN.exe
  2⤵
  PID:6792
- C:\Windows\System\dKkTVJc.exe
  C:\Windows\System\dKkTVJc.exe
  2⤵
  PID:7004
- C:\Windows\System\viMCKvV.exe
  C:\Windows\System\viMCKvV.exe
  2⤵
  PID:6956
- C:\Windows\System\cxMpyhF.exe
  C:\Windows\System\cxMpyhF.exe
  2⤵
  PID:7584
- C:\Windows\System\vdLGdUA.exe
  C:\Windows\System\vdLGdUA.exe
  2⤵
  PID:7640
- C:\Windows\System\WvULVKE.exe
  C:\Windows\System\WvULVKE.exe
  2⤵
  PID:7672
- C:\Windows\System\hPCTjxS.exe
  C:\Windows\System\hPCTjxS.exe
  2⤵
  PID:5308
- C:\Windows\System\jTlDerK.exe
  C:\Windows\System\jTlDerK.exe
  2⤵
  PID:6908
- C:\Windows\System\vfNByKJ.exe
  C:\Windows\System\vfNByKJ.exe
  2⤵
  PID:7016
- C:\Windows\System\lxaqebQ.exe
  C:\Windows\System\lxaqebQ.exe
  2⤵
  PID:6256
- C:\Windows\System\VzSVnOX.exe
  C:\Windows\System\VzSVnOX.exe
  2⤵
  PID:6320
- C:\Windows\System\VUlfdXR.exe
  C:\Windows\System\VUlfdXR.exe
  2⤵
  PID:6400
- C:\Windows\System\Aomgcbw.exe
  C:\Windows\System\Aomgcbw.exe
  2⤵
  PID:5780
- C:\Windows\System\WwFlkWC.exe
  C:\Windows\System\WwFlkWC.exe
  2⤵
  PID:7184
- C:\Windows\System\pJTYtsc.exe
  C:\Windows\System\pJTYtsc.exe
  2⤵
  PID:7204
- C:\Windows\System\MNzUsla.exe
  C:\Windows\System\MNzUsla.exe
  2⤵
  PID:7224
- C:\Windows\System\joXFMTv.exe
  C:\Windows\System\joXFMTv.exe
  2⤵
  PID:7240
- C:\Windows\System\lSNuEmC.exe
  C:\Windows\System\lSNuEmC.exe
  2⤵
  PID:7256
- C:\Windows\System\gVIpBdw.exe
  C:\Windows\System\gVIpBdw.exe
  2⤵
  PID:7272
- C:\Windows\System\LYbXeOs.exe
  C:\Windows\System\LYbXeOs.exe
  2⤵
  PID:7288
- C:\Windows\System\VpdmoOb.exe
  C:\Windows\System\VpdmoOb.exe
  2⤵
  PID:7312
- C:\Windows\System\KGTuXGE.exe
  C:\Windows\System\KGTuXGE.exe
  2⤵
  PID:7336
- C:\Windows\System\QFZujtu.exe
  C:\Windows\System\QFZujtu.exe
  2⤵
  PID:7380
- C:\Windows\System\kuyALaw.exe
  C:\Windows\System\kuyALaw.exe
  2⤵
  PID:7400
- C:\Windows\System\uizpByY.exe
  C:\Windows\System\uizpByY.exe
  2⤵
  PID:7416
- C:\Windows\System\rHfhJcb.exe
  C:\Windows\System\rHfhJcb.exe
  2⤵
  PID:7432
- C:\Windows\System\UghPoGz.exe
  C:\Windows\System\UghPoGz.exe
  2⤵
  PID:7452
- C:\Windows\System\ggeYsde.exe
  C:\Windows\System\ggeYsde.exe
  2⤵
  PID:7468
- C:\Windows\System\jesKIHF.exe
  C:\Windows\System\jesKIHF.exe
  2⤵
  PID:7484
- C:\Windows\System\ZmWYKOr.exe
  C:\Windows\System\ZmWYKOr.exe
  2⤵
  PID:7500
- C:\Windows\System\NgamfPc.exe
  C:\Windows\System\NgamfPc.exe
  2⤵
  PID:7528
- C:\Windows\System\ncjFPYE.exe
  C:\Windows\System\ncjFPYE.exe
  2⤵
  PID:7552
- C:\Windows\System\mckyVEv.exe
  C:\Windows\System\mckyVEv.exe
  2⤵
  PID:7572
- C:\Windows\System\RxnKJoQ.exe
  C:\Windows\System\RxnKJoQ.exe
  2⤵
  PID:6676
- C:\Windows\System\YXikcXk.exe
  C:\Windows\System\YXikcXk.exe
  2⤵
  PID:7612
- C:\Windows\System\xTkrZtt.exe
  C:\Windows\System\xTkrZtt.exe
  2⤵
  PID:7596
- C:\Windows\System\fcyGVyb.exe
  C:\Windows\System\fcyGVyb.exe
  2⤵
  PID:7636
- C:\Windows\System\AghujND.exe
  C:\Windows\System\AghujND.exe
  2⤵
  PID:7684
- C:\Windows\System\FIXGFny.exe
  C:\Windows\System\FIXGFny.exe
  2⤵
  PID:7852
- C:\Windows\System\EjwMOGc.exe
  C:\Windows\System\EjwMOGc.exe
  2⤵
  PID:7704
- C:\Windows\System\naIpaRG.exe
  C:\Windows\System\naIpaRG.exe
  2⤵
  PID:7720
- C:\Windows\System\vTAkgmY.exe
  C:\Windows\System\vTAkgmY.exe
  2⤵
  PID:7736
- C:\Windows\System\zBdhRRX.exe
  C:\Windows\System\zBdhRRX.exe
  2⤵
  PID:7752
- C:\Windows\System\tbojxbd.exe
  C:\Windows\System\tbojxbd.exe
  2⤵
  PID:7784
- C:\Windows\System\cItSIfg.exe
  C:\Windows\System\cItSIfg.exe
  2⤵
  PID:7804
- C:\Windows\System\mNJiFcb.exe
  C:\Windows\System\mNJiFcb.exe
  2⤵
  PID:7820
- C:\Windows\System\djAOFqT.exe
  C:\Windows\System\djAOFqT.exe
  2⤵
  PID:7856
- C:\Windows\System\vbHnJux.exe
  C:\Windows\System\vbHnJux.exe
  2⤵
  PID:7872
- C:\Windows\System\ODuvIOk.exe
  C:\Windows\System\ODuvIOk.exe
  2⤵
  PID:7888
- C:\Windows\System\LUPhFiC.exe
  C:\Windows\System\LUPhFiC.exe
  2⤵
  PID:7908
- C:\Windows\System\uHCQyMp.exe
  C:\Windows\System\uHCQyMp.exe
  2⤵
  PID:7924
- C:\Windows\System\hMPOdLs.exe
  C:\Windows\System\hMPOdLs.exe
  2⤵
  PID:7940
- C:\Windows\System\UfYtbxz.exe
  C:\Windows\System\UfYtbxz.exe
  2⤵
  PID:7956
- C:\Windows\System\ItXOkyM.exe
  C:\Windows\System\ItXOkyM.exe
  2⤵
  PID:8000
- C:\Windows\System\SwbSzzs.exe
  C:\Windows\System\SwbSzzs.exe
  2⤵
  PID:8016
- C:\Windows\System\GlrvApt.exe
  C:\Windows\System\GlrvApt.exe
  2⤵
  PID:8040
- C:\Windows\System\LBmdRFC.exe
  C:\Windows\System\LBmdRFC.exe
  2⤵
  PID:8056
- C:\Windows\System\lYnbSQl.exe
  C:\Windows\System\lYnbSQl.exe
  2⤵
  PID:8072
- C:\Windows\System\wfFZarL.exe
  C:\Windows\System\wfFZarL.exe
  2⤵
  PID:8088
- C:\Windows\System\iqWplGg.exe
  C:\Windows\System\iqWplGg.exe
  2⤵
  PID:8104
- C:\Windows\System\GfbBneu.exe
  C:\Windows\System\GfbBneu.exe
  2⤵
  PID:8116
- C:\Windows\System\HZSRUYl.exe
  C:\Windows\System\HZSRUYl.exe
  2⤵
  PID:8128
- C:\Windows\System\GiwLrns.exe
  C:\Windows\System\GiwLrns.exe
  2⤵
  PID:8156
- C:\Windows\System\ZtYVoii.exe
  C:\Windows\System\ZtYVoii.exe
  2⤵
  PID:8164
- C:\Windows\System\sFysUvn.exe
  C:\Windows\System\sFysUvn.exe
  2⤵
  PID:6560
- C:\Windows\System\yvZiwCh.exe
  C:\Windows\System\yvZiwCh.exe
  2⤵
  PID:6632
- C:\Windows\System\UBQsuNG.exe
  C:\Windows\System\UBQsuNG.exe
  2⤵
  PID:6336
- C:\Windows\System\SWTOWRB.exe
  C:\Windows\System\SWTOWRB.exe
  2⤵
  PID:7196
- C:\Windows\System\aCypDza.exe
  C:\Windows\System\aCypDza.exe
  2⤵
  PID:7264
- C:\Windows\System\kjlUEjF.exe
  C:\Windows\System\kjlUEjF.exe
  2⤵
  PID:7308
- C:\Windows\System\QNCFFwe.exe
  C:\Windows\System\QNCFFwe.exe
  2⤵
  PID:7176
- C:\Windows\System\uPSVycL.exe
  C:\Windows\System\uPSVycL.exe
  2⤵
  PID:7248
- C:\Windows\System\Cwoqvcv.exe
  C:\Windows\System\Cwoqvcv.exe
  2⤵
  PID:7360
- C:\Windows\System\iJWOhNq.exe
  C:\Windows\System\iJWOhNq.exe
  2⤵
  PID:7280
- C:\Windows\System\PvDTHMe.exe
  C:\Windows\System\PvDTHMe.exe
  2⤵
  PID:7332
- C:\Windows\System\YrHMnoE.exe
  C:\Windows\System\YrHMnoE.exe
  2⤵
  PID:7412
- C:\Windows\System\EDSMjyc.exe
  C:\Windows\System\EDSMjyc.exe
  2⤵
  PID:7564
- C:\Windows\System\tOOwEWD.exe
  C:\Windows\System\tOOwEWD.exe
  2⤵
  PID:6592
- C:\Windows\System\HcKEBLU.exe
  C:\Windows\System\HcKEBLU.exe
  2⤵
  PID:7392
- C:\Windows\System\MzISYFo.exe
  C:\Windows\System\MzISYFo.exe
  2⤵
  PID:7548
- C:\Windows\System\gvcqajV.exe
  C:\Windows\System\gvcqajV.exe
  2⤵
  PID:6260
- C:\Windows\System\HTmKbPd.exe
  C:\Windows\System\HTmKbPd.exe
  2⤵
  PID:7616
- C:\Windows\System\TIwEJcj.exe
  C:\Windows\System\TIwEJcj.exe
  2⤵
  PID:7772
- C:\Windows\System\YMfVQSP.exe
  C:\Windows\System\YMfVQSP.exe
  2⤵
  PID:7716
- C:\Windows\System\oCXqhBK.exe
  C:\Windows\System\oCXqhBK.exe
  2⤵
  PID:7792
- C:\Windows\System\aCeAvLN.exe
  C:\Windows\System\aCeAvLN.exe
  2⤵
  PID:7840
- C:\Windows\System\wxZsibk.exe
  C:\Windows\System\wxZsibk.exe
  2⤵
  PID:7780
- C:\Windows\System\uZxddCR.exe
  C:\Windows\System\uZxddCR.exe
  2⤵
  PID:7728
- C:\Windows\System\xnonsaZ.exe
  C:\Windows\System\xnonsaZ.exe
  2⤵
  PID:7884
- C:\Windows\System\CEgYsvI.exe
  C:\Windows\System\CEgYsvI.exe
  2⤵
  PID:7936
- C:\Windows\System\vMotvff.exe
  C:\Windows\System\vMotvff.exe
  2⤵
  PID:7976
- C:\Windows\System\BCUhWSM.exe
  C:\Windows\System\BCUhWSM.exe
  2⤵
  PID:7988
- C:\Windows\System\ENTaKDr.exe
  C:\Windows\System\ENTaKDr.exe
  2⤵
  PID:8024
- C:\Windows\System\BNItVoN.exe
  C:\Windows\System\BNItVoN.exe
  2⤵
  PID:8068
- C:\Windows\System\XdgNWEZ.exe
  C:\Windows\System\XdgNWEZ.exe
  2⤵
  PID:8112
- C:\Windows\System\tzFycKK.exe
  C:\Windows\System\tzFycKK.exe
  2⤵
  PID:8140
- C:\Windows\System\UtdxjCB.exe
  C:\Windows\System\UtdxjCB.exe
  2⤵
  PID:6952
- C:\Windows\System\yMlGewD.exe
  C:\Windows\System\yMlGewD.exe
  2⤵
  PID:7148
- C:\Windows\System\mUbSOVg.exe
  C:\Windows\System\mUbSOVg.exe
  2⤵
  PID:8084
- C:\Windows\System\ydnUart.exe
  C:\Windows\System\ydnUart.exe
  2⤵
  PID:8184
- C:\Windows\System\pelMzfp.exe
  C:\Windows\System\pelMzfp.exe
  2⤵
  PID:7232
- C:\Windows\System\VKGbKgh.exe
  C:\Windows\System\VKGbKgh.exe
  2⤵
  PID:7352
- C:\Windows\System\tZyuXCY.exe
  C:\Windows\System\tZyuXCY.exe
  2⤵
  PID:7328
- C:\Windows\System\czOzAyc.exe
  C:\Windows\System\czOzAyc.exe
  2⤵
  PID:7304
- C:\Windows\System\MlVcqoL.exe
  C:\Windows\System\MlVcqoL.exe
  2⤵
  PID:7376
- C:\Windows\System\WDArWVu.exe
  C:\Windows\System\WDArWVu.exe
  2⤵
  PID:7520
- C:\Windows\System\ghQOdUG.exe
  C:\Windows\System\ghQOdUG.exe
  2⤵
  PID:7492
- C:\Windows\System\CuXphlD.exe
  C:\Windows\System\CuXphlD.exe
  2⤵
  PID:7504
- C:\Windows\System\UNxaAlx.exe
  C:\Windows\System\UNxaAlx.exe
  2⤵
  PID:7372
- C:\Windows\System\bbEYQpo.exe
  C:\Windows\System\bbEYQpo.exe
  2⤵
  PID:7848
- C:\Windows\System\uwcyRgw.exe
  C:\Windows\System\uwcyRgw.exe
  2⤵
  PID:7732
- C:\Windows\System\txXoZvo.exe
  C:\Windows\System\txXoZvo.exe
  2⤵
  PID:7952
- C:\Windows\System\CIYPHMG.exe
  C:\Windows\System\CIYPHMG.exe
  2⤵
  PID:7904
- C:\Windows\System\JTtqxaj.exe
  C:\Windows\System\JTtqxaj.exe
  2⤵
  PID:7776
- C:\Windows\System\JITknSf.exe
  C:\Windows\System\JITknSf.exe
  2⤵
  PID:7916
- C:\Windows\System\NabcXFo.exe
  C:\Windows\System\NabcXFo.exe
  2⤵
  PID:8080
- C:\Windows\System\KUNgTZf.exe
  C:\Windows\System\KUNgTZf.exe
  2⤵
  PID:7068
- C:\Windows\System\MrGMUZO.exe
  C:\Windows\System\MrGMUZO.exe
  2⤵
  PID:7220
- C:\Windows\System\MIOxEhF.exe
  C:\Windows\System\MIOxEhF.exe
  2⤵
  PID:6724
- C:\Windows\System\pXzSAsY.exe
  C:\Windows\System\pXzSAsY.exe
  2⤵
  PID:7448
- C:\Windows\System\nSdpPRL.exe
  C:\Windows\System\nSdpPRL.exe
  2⤵
  PID:7604
- C:\Windows\System\mRjxVlC.exe
  C:\Windows\System\mRjxVlC.exe
  2⤵
  PID:7164
- C:\Windows\System\pOvlRCH.exe
  C:\Windows\System\pOvlRCH.exe
  2⤵
  PID:7580
- C:\Windows\System\oEJbdre.exe
  C:\Windows\System\oEJbdre.exe
  2⤵
  PID:8036
- C:\Windows\System\MJPiPFu.exe
  C:\Windows\System\MJPiPFu.exe
  2⤵
  PID:6544
- C:\Windows\System\gTKAZCm.exe
  C:\Windows\System\gTKAZCm.exe
  2⤵
  PID:7652
- C:\Windows\System\gcHqTSm.exe
  C:\Windows\System\gcHqTSm.exe
  2⤵
  PID:7760
- C:\Windows\System\ixRhBuz.exe
  C:\Windows\System\ixRhBuz.exe
  2⤵
  PID:7516
- C:\Windows\System\NkvHSQn.exe
  C:\Windows\System\NkvHSQn.exe
  2⤵
  PID:7972
- C:\Windows\System\HwEeWBW.exe
  C:\Windows\System\HwEeWBW.exe
  2⤵
  PID:8124
- C:\Windows\System\OwrzGSc.exe
  C:\Windows\System\OwrzGSc.exe
  2⤵
  PID:7180
- C:\Windows\System\DUNnEGG.exe
  C:\Windows\System\DUNnEGG.exe
  2⤵
  PID:8148
- C:\Windows\System\ycwiZdI.exe
  C:\Windows\System\ycwiZdI.exe
  2⤵
  PID:7464
- C:\Windows\System\IbbJspA.exe
  C:\Windows\System\IbbJspA.exe
  2⤵
  PID:7900
- C:\Windows\System\mFSXZED.exe
  C:\Windows\System\mFSXZED.exe
  2⤵
  PID:7828
- C:\Windows\System\OJNhJbF.exe
  C:\Windows\System\OJNhJbF.exe
  2⤵
  PID:6804
- C:\Windows\System\kLDHNzC.exe
  C:\Windows\System\kLDHNzC.exe
  2⤵
  PID:7544
- C:\Windows\System\MlVcqCs.exe
  C:\Windows\System\MlVcqCs.exe
  2⤵
  PID:7216
- C:\Windows\System\SohGSox.exe
  C:\Windows\System\SohGSox.exe
  2⤵
  PID:6888
- C:\Windows\System\LtdcJOe.exe
  C:\Windows\System\LtdcJOe.exe
  2⤵
  PID:7968
- C:\Windows\System\lHEwEoP.exe
  C:\Windows\System\lHEwEoP.exe
  2⤵
  PID:7984
- C:\Windows\System\kvDkKAD.exe
  C:\Windows\System\kvDkKAD.exe
  2⤵
  PID:7560
- C:\Windows\System\vGKkGPm.exe
  C:\Windows\System\vGKkGPm.exe
  2⤵
  PID:7712
- C:\Windows\System\lOfWMMT.exe
  C:\Windows\System\lOfWMMT.exe
  2⤵
  PID:8196
- C:\Windows\System\cWmranI.exe
  C:\Windows\System\cWmranI.exe
  2⤵
  PID:8212
- C:\Windows\System\pNoMwjs.exe
  C:\Windows\System\pNoMwjs.exe
  2⤵
  PID:8228
- C:\Windows\System\TUKcgFL.exe
  C:\Windows\System\TUKcgFL.exe
  2⤵
  PID:8244
- C:\Windows\System\vCznrPE.exe
  C:\Windows\System\vCznrPE.exe
  2⤵
  PID:8260
- C:\Windows\System\VvbndqB.exe
  C:\Windows\System\VvbndqB.exe
  2⤵
  PID:8276
- C:\Windows\System\ytgeoUH.exe
  C:\Windows\System\ytgeoUH.exe
  2⤵
  PID:8292
- C:\Windows\System\YkVuKKA.exe
  C:\Windows\System\YkVuKKA.exe
  2⤵
  PID:8332
- C:\Windows\System\BZOxPIP.exe
  C:\Windows\System\BZOxPIP.exe
  2⤵
  PID:8372
- C:\Windows\System\DPJmVSZ.exe
  C:\Windows\System\DPJmVSZ.exe
  2⤵
  PID:8400
- C:\Windows\System\GBbZHRJ.exe
  C:\Windows\System\GBbZHRJ.exe
  2⤵
  PID:8416
- C:\Windows\System\OftlFcr.exe
  C:\Windows\System\OftlFcr.exe
  2⤵
  PID:8436
- C:\Windows\System\JrqdsDk.exe
  C:\Windows\System\JrqdsDk.exe
  2⤵
  PID:8456
- C:\Windows\System\KxgVkpU.exe
  C:\Windows\System\KxgVkpU.exe
  2⤵
  PID:8472
- C:\Windows\System\PLfyEKh.exe
  C:\Windows\System\PLfyEKh.exe
  2⤵
  PID:8504
- C:\Windows\System\EsPUGig.exe
  C:\Windows\System\EsPUGig.exe
  2⤵
  PID:8520
- C:\Windows\System\gjIJlyz.exe
  C:\Windows\System\gjIJlyz.exe
  2⤵
  PID:8536
- C:\Windows\System\lhqJmwS.exe
  C:\Windows\System\lhqJmwS.exe
  2⤵
  PID:8556
- C:\Windows\System\ocJTBHi.exe
  C:\Windows\System\ocJTBHi.exe
  2⤵
  PID:8576
- C:\Windows\System\VVbaedE.exe
  C:\Windows\System\VVbaedE.exe
  2⤵
  PID:8592
- C:\Windows\System\LFagAKc.exe
  C:\Windows\System\LFagAKc.exe
  2⤵
  PID:8608
- C:\Windows\System\TNBYUyY.exe
  C:\Windows\System\TNBYUyY.exe
  2⤵
  PID:8636
- C:\Windows\System\RCIEnMq.exe
  C:\Windows\System\RCIEnMq.exe
  2⤵
  PID:8652
- C:\Windows\System\FkYppCN.exe
  C:\Windows\System\FkYppCN.exe
  2⤵
  PID:8680
- C:\Windows\System\kqaUpQf.exe
  C:\Windows\System\kqaUpQf.exe
  2⤵
  PID:8696
- C:\Windows\System\QIfGLDl.exe
  C:\Windows\System\QIfGLDl.exe
  2⤵
  PID:8712
- C:\Windows\System\qUlfXXw.exe
  C:\Windows\System\qUlfXXw.exe
  2⤵
  PID:8728
- C:\Windows\System\KWyUABp.exe
  C:\Windows\System\KWyUABp.exe
  2⤵
  PID:8744
- C:\Windows\System\mLbzejk.exe
  C:\Windows\System\mLbzejk.exe
  2⤵
  PID:8760
- C:\Windows\System\unQgbiP.exe
  C:\Windows\System\unQgbiP.exe
  2⤵
  PID:8776
- C:\Windows\System\EfmFUfm.exe
  C:\Windows\System\EfmFUfm.exe
  2⤵
  PID:8816
- C:\Windows\System\GjniPFT.exe
  C:\Windows\System\GjniPFT.exe
  2⤵
  PID:8840
- C:\Windows\System\gMRHYIW.exe
  C:\Windows\System\gMRHYIW.exe
  2⤵
  PID:8856
- C:\Windows\System\CAvEbTq.exe
  C:\Windows\System\CAvEbTq.exe
  2⤵
  PID:8876
- C:\Windows\System\MfUxIGY.exe
  C:\Windows\System\MfUxIGY.exe
  2⤵
  PID:8908
- C:\Windows\System\RyKlsfR.exe
  C:\Windows\System\RyKlsfR.exe
  2⤵
  PID:8924
- C:\Windows\System\shvJrse.exe
  C:\Windows\System\shvJrse.exe
  2⤵
  PID:8944
- C:\Windows\System\BCZQDQS.exe
  C:\Windows\System\BCZQDQS.exe
  2⤵
  PID:8960
- C:\Windows\System\vzkuyFl.exe
  C:\Windows\System\vzkuyFl.exe
  2⤵
  PID:8980
- C:\Windows\System\GagJbAU.exe
  C:\Windows\System\GagJbAU.exe
  2⤵
  PID:9000
- C:\Windows\System\IIdWmNw.exe
  C:\Windows\System\IIdWmNw.exe
  2⤵
  PID:9020
- C:\Windows\System\nNYWeVe.exe
  C:\Windows\System\nNYWeVe.exe
  2⤵
  PID:9040
- C:\Windows\System\dTxUTpP.exe
  C:\Windows\System\dTxUTpP.exe
  2⤵
  PID:9056
- C:\Windows\System\HHnwvgT.exe
  C:\Windows\System\HHnwvgT.exe
  2⤵
  PID:9072
- C:\Windows\System\qMZBLgp.exe
  C:\Windows\System\qMZBLgp.exe
  2⤵
  PID:9092
- C:\Windows\System\yTGOeTx.exe
  C:\Windows\System\yTGOeTx.exe
  2⤵
  PID:9124
- C:\Windows\System\sAPjPFV.exe
  C:\Windows\System\sAPjPFV.exe
  2⤵
  PID:9144
- C:\Windows\System\ZhBAIej.exe
  C:\Windows\System\ZhBAIej.exe
  2⤵
  PID:9160
- C:\Windows\System\clIGpft.exe
  C:\Windows\System\clIGpft.exe
  2⤵
  PID:9180
- C:\Windows\System\iVNKhYh.exe
  C:\Windows\System\iVNKhYh.exe
  2⤵
  PID:9196
- C:\Windows\System\xSlwrDH.exe
  C:\Windows\System\xSlwrDH.exe
  2⤵
  PID:9212
- C:\Windows\System\yEnvEqa.exe
  C:\Windows\System\yEnvEqa.exe
  2⤵
  PID:8268
- C:\Windows\System\HChTuHO.exe
  C:\Windows\System\HChTuHO.exe
  2⤵
  PID:7832
- C:\Windows\System\vvUplGD.exe
  C:\Windows\System\vvUplGD.exe
  2⤵
  PID:8284
- C:\Windows\System\ollOFjJ.exe
  C:\Windows\System\ollOFjJ.exe
  2⤵
  PID:8392
- C:\Windows\System\vrvIGYW.exe
  C:\Windows\System\vrvIGYW.exe
  2⤵
  PID:8432
- C:\Windows\System\HrmvYxe.exe
  C:\Windows\System\HrmvYxe.exe
  2⤵
  PID:8448
- C:\Windows\System\SAvHxTo.exe
  C:\Windows\System\SAvHxTo.exe
  2⤵
  PID:8480
- C:\Windows\System\mSFADdO.exe
  C:\Windows\System\mSFADdO.exe
  2⤵
  PID:8496
- C:\Windows\System\adqDNfo.exe
  C:\Windows\System\adqDNfo.exe
  2⤵
  PID:8552
- C:\Windows\System\xtnsBQO.exe
  C:\Windows\System\xtnsBQO.exe
  2⤵
  PID:8616
- C:\Windows\System\zLsTZkL.exe
  C:\Windows\System\zLsTZkL.exe
  2⤵
  PID:8564
- C:\Windows\System\GLzfoOR.exe
  C:\Windows\System\GLzfoOR.exe
  2⤵
  PID:8632
- C:\Windows\System\iSZrcHi.exe
  C:\Windows\System\iSZrcHi.exe
  2⤵
  PID:8672
- C:\Windows\System\zZpgPaO.exe
  C:\Windows\System\zZpgPaO.exe
  2⤵
  PID:8740
- C:\Windows\System\wKNLyUl.exe
  C:\Windows\System\wKNLyUl.exe
  2⤵
  PID:8752
- C:\Windows\System\VDZgJCs.exe
  C:\Windows\System\VDZgJCs.exe
  2⤵
  PID:8756
- C:\Windows\System\LEiaaNv.exe
  C:\Windows\System\LEiaaNv.exe
  2⤵
  PID:8796
- C:\Windows\System\SbrszMf.exe
  C:\Windows\System\SbrszMf.exe
  2⤵
  PID:8872
- C:\Windows\System\WdmCNbt.exe
  C:\Windows\System\WdmCNbt.exe
  2⤵
  PID:8892
- C:\Windows\System\UbjsXjc.exe
  C:\Windows\System\UbjsXjc.exe
  2⤵
  PID:8500
- C:\Windows\System\DlGHfBm.exe
  C:\Windows\System\DlGHfBm.exe
  2⤵
  PID:8988
- C:\Windows\System\yhwGjIg.exe
  C:\Windows\System\yhwGjIg.exe
  2⤵
  PID:9036
- C:\Windows\System\sFbobLr.exe
  C:\Windows\System\sFbobLr.exe
  2⤵
  PID:9100
- C:\Windows\System\DLgqYSO.exe
  C:\Windows\System\DLgqYSO.exe
  2⤵
  PID:8972
- C:\Windows\System\vYsGGSr.exe
  C:\Windows\System\vYsGGSr.exe
  2⤵
  PID:9048
- C:\Windows\System\oODlEET.exe
  C:\Windows\System\oODlEET.exe
  2⤵
  PID:9116
- C:\Windows\System\tdcxoay.exe
  C:\Windows\System\tdcxoay.exe
  2⤵
  PID:9140
- C:\Windows\System\BfGzZdT.exe
  C:\Windows\System\BfGzZdT.exe
  2⤵
  PID:9172
- C:\Windows\System\ViyOYcK.exe
  C:\Windows\System\ViyOYcK.exe
  2⤵
  PID:7880
- C:\Windows\System\oEqtgFB.exe
  C:\Windows\System\oEqtgFB.exe
  2⤵
  PID:8256
- C:\Windows\System\NPfkVol.exe
  C:\Windows\System\NPfkVol.exe
  2⤵
  PID:8304
- C:\Windows\System\DsYakYq.exe
  C:\Windows\System\DsYakYq.exe
  2⤵
  PID:8408
- C:\Windows\System\xYdnCMM.exe
  C:\Windows\System\xYdnCMM.exe
  2⤵
  PID:8464
- C:\Windows\System\yYZUnKd.exe
  C:\Windows\System\yYZUnKd.exe
  2⤵
  PID:8516
- C:\Windows\System\LwIhkUW.exe
  C:\Windows\System\LwIhkUW.exe
  2⤵
  PID:8704
- C:\Windows\System\RCRkgdk.exe
  C:\Windows\System\RCRkgdk.exe
  2⤵
  PID:8724
- C:\Windows\System\AizAYbX.exe
  C:\Windows\System\AizAYbX.exe
  2⤵
  PID:8548
- C:\Windows\System\SrNXVCf.exe
  C:\Windows\System\SrNXVCf.exe
  2⤵
  PID:8648
- C:\Windows\System\bJwwBbi.exe
  C:\Windows\System\bJwwBbi.exe
  2⤵
  PID:8836
- C:\Windows\System\YFtOPra.exe
  C:\Windows\System\YFtOPra.exe
  2⤵
  PID:8808
- C:\Windows\System\xEBnaCx.exe
  C:\Windows\System\xEBnaCx.exe
  2⤵
  PID:8852
- C:\Windows\System\arvhFqn.exe
  C:\Windows\System\arvhFqn.exe
  2⤵
  PID:8920
- C:\Windows\System\MaFfGmU.exe
  C:\Windows\System\MaFfGmU.exe
  2⤵
  PID:9028
- C:\Windows\System\TahCdZX.exe
  C:\Windows\System\TahCdZX.exe
  2⤵
  PID:9084
- C:\Windows\System\lEjxtcs.exe
  C:\Windows\System\lEjxtcs.exe
  2⤵
  PID:9156
- C:\Windows\System\BIiEnmh.exe
  C:\Windows\System\BIiEnmh.exe
  2⤵
  PID:9108
- C:\Windows\System\lqhrIGx.exe
  C:\Windows\System\lqhrIGx.exe
  2⤵
  PID:7460
- C:\Windows\System\owKFvwi.exe
  C:\Windows\System\owKFvwi.exe
  2⤵
  PID:9204
- C:\Windows\System\yZosjzj.exe
  C:\Windows\System\yZosjzj.exe
  2⤵
  PID:8900
- C:\Windows\System\iYrqXcy.exe
  C:\Windows\System\iYrqXcy.exe
  2⤵
  PID:8452
- C:\Windows\System\NUOCWmq.exe
  C:\Windows\System\NUOCWmq.exe
  2⤵
  PID:8788
- C:\Windows\System\BKLABxr.exe
  C:\Windows\System\BKLABxr.exe
  2⤵
  PID:8668
- C:\Windows\System\iiLIGoR.exe
  C:\Windows\System\iiLIGoR.exe
  2⤵
  PID:8904
- C:\Windows\System\dPdQwRs.exe
  C:\Windows\System\dPdQwRs.exe
  2⤵
  PID:7192
- C:\Windows\System\CzEWDmL.exe
  C:\Windows\System\CzEWDmL.exe
  2⤵
  PID:7836
- C:\Windows\System\pxBFEjc.exe
  C:\Windows\System\pxBFEjc.exe
  2⤵
  PID:8428
- C:\Windows\System\GbeELEo.exe
  C:\Windows\System\GbeELEo.exe
  2⤵
  PID:8848
- C:\Windows\System\vatbNLW.exe
  C:\Windows\System\vatbNLW.exe
  2⤵
  PID:9064
- C:\Windows\System\aJCasnB.exe
  C:\Windows\System\aJCasnB.exe
  2⤵
  PID:8568
- C:\Windows\System\DIwGDIP.exe
  C:\Windows\System\DIwGDIP.exe
  2⤵
  PID:8604
- C:\Windows\System\cAECmHp.exe
  C:\Windows\System\cAECmHp.exe
  2⤵
  PID:8896
- C:\Windows\System\yCYpkob.exe
  C:\Windows\System\yCYpkob.exe
  2⤵
  PID:9012
- C:\Windows\System\lIKFSKJ.exe
  C:\Windows\System\lIKFSKJ.exe
  2⤵
  PID:8956
- C:\Windows\System\dxgcfwp.exe
  C:\Windows\System\dxgcfwp.exe
  2⤵
  PID:9132
- C:\Windows\System\CYOmFMI.exe
  C:\Windows\System\CYOmFMI.exe
  2⤵
  PID:8784
- C:\Windows\System\CScbWlo.exe
  C:\Windows\System\CScbWlo.exe
  2⤵
  PID:8828
- C:\Windows\System\mTKdZNd.exe
  C:\Windows\System\mTKdZNd.exe
  2⤵
  PID:9152
- C:\Windows\System\LZWvMVt.exe
  C:\Windows\System\LZWvMVt.exe
  2⤵
  PID:9192
- C:\Windows\System\IZHNYFc.exe
  C:\Windows\System\IZHNYFc.exe
  2⤵
  PID:8720
- C:\Windows\System\VSWqxio.exe
  C:\Windows\System\VSWqxio.exe
  2⤵
  PID:9220
- C:\Windows\System\nhSrWPH.exe
  C:\Windows\System\nhSrWPH.exe
  2⤵
  PID:9236
- C:\Windows\System\ukwVbnE.exe
  C:\Windows\System\ukwVbnE.exe
  2⤵
  PID:9252
- C:\Windows\System\YXkJixn.exe
  C:\Windows\System\YXkJixn.exe
  2⤵
  PID:9268
- C:\Windows\System\xMxPWQA.exe
  C:\Windows\System\xMxPWQA.exe
  2⤵
  PID:9288
- C:\Windows\System\uEavRfH.exe
  C:\Windows\System\uEavRfH.exe
  2⤵
  PID:9312
- C:\Windows\System\DZgxwcd.exe
  C:\Windows\System\DZgxwcd.exe
  2⤵
  PID:9340
- C:\Windows\System\lxhuXYE.exe
  C:\Windows\System\lxhuXYE.exe
  2⤵
  PID:9356
- C:\Windows\System\OpQLsaB.exe
  C:\Windows\System\OpQLsaB.exe
  2⤵
  PID:9372
- C:\Windows\System\CinGIqV.exe
  C:\Windows\System\CinGIqV.exe
  2⤵
  PID:9396
- C:\Windows\System\uectZbv.exe
  C:\Windows\System\uectZbv.exe
  2⤵
  PID:9416
- C:\Windows\System\xVoeMIn.exe
  C:\Windows\System\xVoeMIn.exe
  2⤵
  PID:9432
- C:\Windows\System\AfThYzs.exe
  C:\Windows\System\AfThYzs.exe
  2⤵
  PID:9448
- C:\Windows\System\hkWzrmw.exe
  C:\Windows\System\hkWzrmw.exe
  2⤵
  PID:9464
- C:\Windows\System\GLFhmhX.exe
  C:\Windows\System\GLFhmhX.exe
  2⤵
  PID:9484
- C:\Windows\System\KZyYtNC.exe
  C:\Windows\System\KZyYtNC.exe
  2⤵
  PID:9508
- C:\Windows\System\PipFGcK.exe
  C:\Windows\System\PipFGcK.exe
  2⤵
  PID:9528
- C:\Windows\System\pakiior.exe
  C:\Windows\System\pakiior.exe
  2⤵
  PID:9548
- C:\Windows\System\dCDOFCf.exe
  C:\Windows\System\dCDOFCf.exe
  2⤵
  PID:9580
- C:\Windows\System\lJVZqck.exe
  C:\Windows\System\lJVZqck.exe
  2⤵
  PID:9596
- C:\Windows\System\nAJwVXn.exe
  C:\Windows\System\nAJwVXn.exe
  2⤵
  PID:9620
- C:\Windows\System\eWtGEeM.exe
  C:\Windows\System\eWtGEeM.exe
  2⤵
  PID:9636
- C:\Windows\System\yaFkPhk.exe
  C:\Windows\System\yaFkPhk.exe
  2⤵
  PID:9676
- C:\Windows\System\MXYcqLp.exe
  C:\Windows\System\MXYcqLp.exe
  2⤵
  PID:9696
- C:\Windows\System\eBaSDPL.exe
  C:\Windows\System\eBaSDPL.exe
  2⤵
  PID:9716
- C:\Windows\System\AwJOmja.exe
  C:\Windows\System\AwJOmja.exe
  2⤵
  PID:9732
- C:\Windows\System\vJAiSUR.exe
  C:\Windows\System\vJAiSUR.exe
  2⤵
  PID:9748
- C:\Windows\System\OXQqtRc.exe
  C:\Windows\System\OXQqtRc.exe
  2⤵
  PID:9764
- C:\Windows\System\txAYcaA.exe
  C:\Windows\System\txAYcaA.exe
  2⤵
  PID:9784
- C:\Windows\System\ckKsLdp.exe
  C:\Windows\System\ckKsLdp.exe
  2⤵
  PID:9804
- C:\Windows\System\DwTtvyA.exe
  C:\Windows\System\DwTtvyA.exe
  2⤵
  PID:9832
- C:\Windows\System\OPVzcso.exe
  C:\Windows\System\OPVzcso.exe
  2⤵
  PID:9856
- C:\Windows\System\VspLUiT.exe
  C:\Windows\System\VspLUiT.exe
  2⤵
  PID:9872
- C:\Windows\System\VsGGsgQ.exe
  C:\Windows\System\VsGGsgQ.exe
  2⤵
  PID:9888
- C:\Windows\System\izPibDs.exe
  C:\Windows\System\izPibDs.exe
  2⤵
  PID:9916
- C:\Windows\System\purEfdY.exe
  C:\Windows\System\purEfdY.exe
  2⤵
  PID:9932
- C:\Windows\System\wiHTQpI.exe
  C:\Windows\System\wiHTQpI.exe
  2⤵
  PID:9948
- C:\Windows\System\wdgkfgS.exe
  C:\Windows\System\wdgkfgS.exe
  2⤵
  PID:9972
- C:\Windows\System\mjoenYO.exe
  C:\Windows\System\mjoenYO.exe
  2⤵
  PID:9996
- C:\Windows\System\rFbsZDf.exe
  C:\Windows\System\rFbsZDf.exe
  2⤵
  PID:10016
- C:\Windows\System\btoqsME.exe
  C:\Windows\System\btoqsME.exe
  2⤵
  PID:10040
- C:\Windows\System\DyvfKaO.exe
  C:\Windows\System\DyvfKaO.exe
  2⤵
  PID:10056
- C:\Windows\System\eBmXZwv.exe
  C:\Windows\System\eBmXZwv.exe
  2⤵
  PID:10080
- C:\Windows\System\xYXhWhp.exe
  C:\Windows\System\xYXhWhp.exe
  2⤵
  PID:10096
- C:\Windows\System\gBDLFId.exe
  C:\Windows\System\gBDLFId.exe
  2⤵
  PID:10112
- C:\Windows\System\CjqhUyR.exe
  C:\Windows\System\CjqhUyR.exe
  2⤵
  PID:10136
- C:\Windows\System\CUmtRHL.exe
  C:\Windows\System\CUmtRHL.exe
  2⤵
  PID:10156
- C:\Windows\System\WWJeTto.exe
  C:\Windows\System\WWJeTto.exe
  2⤵
  PID:10188
- C:\Windows\System\EejQZwP.exe
  C:\Windows\System\EejQZwP.exe
  2⤵
  PID:10204
- C:\Windows\System\InvBsYi.exe
  C:\Windows\System\InvBsYi.exe
  2⤵
  PID:10228
- C:\Windows\System\BJTTojt.exe
  C:\Windows\System\BJTTojt.exe
  2⤵
  PID:9008
- C:\Windows\System\zBaxriA.exe
  C:\Windows\System\zBaxriA.exe
  2⤵
  PID:9068
- C:\Windows\System\LnFYRtC.exe
  C:\Windows\System\LnFYRtC.exe
  2⤵
  PID:9284
- C:\Windows\System\fclVVaB.exe
  C:\Windows\System\fclVVaB.exe
  2⤵
  PID:9228
- C:\Windows\System\yKxoncG.exe
  C:\Windows\System\yKxoncG.exe
  2⤵
  PID:9404
- C:\Windows\System\bqjItEK.exe
  C:\Windows\System\bqjItEK.exe
  2⤵
  PID:9384
- C:\Windows\System\CorhyjB.exe
  C:\Windows\System\CorhyjB.exe
  2⤵
  PID:9264
- C:\Windows\System\IvjPTQv.exe
  C:\Windows\System\IvjPTQv.exe
  2⤵
  PID:9480
- C:\Windows\System\mYaRfLa.exe
  C:\Windows\System\mYaRfLa.exe
  2⤵
  PID:9556
- C:\Windows\System\cGzeKEX.exe
  C:\Windows\System\cGzeKEX.exe
  2⤵
  PID:9564
- C:\Windows\System\UVbzrEs.exe
  C:\Windows\System\UVbzrEs.exe
  2⤵
  PID:9572
- C:\Windows\System\JrqzMXQ.exe
  C:\Windows\System\JrqzMXQ.exe
  2⤵
  PID:9428
- C:\Windows\System\ZIUXjta.exe
  C:\Windows\System\ZIUXjta.exe
  2⤵
  PID:9544
- C:\Windows\System\jtMamvn.exe
  C:\Windows\System\jtMamvn.exe
  2⤵
  PID:9612
- C:\Windows\System\xZnXmdO.exe
  C:\Windows\System\xZnXmdO.exe
  2⤵
  PID:9648
- C:\Windows\System\LkCWIER.exe
  C:\Windows\System\LkCWIER.exe
  2⤵
  PID:9664
- C:\Windows\System\naRQuHm.exe
  C:\Windows\System\naRQuHm.exe
  2⤵
  PID:9704
- C:\Windows\System\fORlLRD.exe
  C:\Windows\System\fORlLRD.exe
  2⤵
  PID:9776
- C:\Windows\System\FyPzjvM.exe
  C:\Windows\System\FyPzjvM.exe
  2⤵
  PID:9816
- C:\Windows\System\mNahYBv.exe
  C:\Windows\System\mNahYBv.exe
  2⤵
  PID:9828
- C:\Windows\System\UiNwBjz.exe
  C:\Windows\System\UiNwBjz.exe
  2⤵
  PID:9844
- C:\Windows\System\iDdxPtI.exe
  C:\Windows\System\iDdxPtI.exe
  2⤵
  PID:9868
- C:\Windows\System\eSisplI.exe
  C:\Windows\System\eSisplI.exe
  2⤵
  PID:9912
- C:\Windows\System\vYJVikP.exe
  C:\Windows\System\vYJVikP.exe
  2⤵
  PID:9928
- C:\Windows\System\kVpYZPD.exe
  C:\Windows\System\kVpYZPD.exe
  2⤵
  PID:9968
- C:\Windows\System\wmQfMpw.exe
  C:\Windows\System\wmQfMpw.exe
  2⤵
  PID:9992
- C:\Windows\System\hhXxGVw.exe
  C:\Windows\System\hhXxGVw.exe
  2⤵
  PID:10024
- C:\Windows\System\cLdZlfw.exe
  C:\Windows\System\cLdZlfw.exe
  2⤵
  PID:10048
- C:\Windows\System\XeAurto.exe
  C:\Windows\System\XeAurto.exe
  2⤵
  PID:10120
- C:\Windows\System\vofkgKo.exe
  C:\Windows\System\vofkgKo.exe
  2⤵
  PID:10132
- C:\Windows\System\uLkhxZk.exe
  C:\Windows\System\uLkhxZk.exe
  2⤵
  PID:10148
- C:\Windows\System\ZVmUSam.exe
  C:\Windows\System\ZVmUSam.exe
  2⤵
  PID:1020
- C:\Windows\System\ddpTNgg.exe
  C:\Windows\System\ddpTNgg.exe
  2⤵
  PID:10212
- C:\Windows\System\sHMFOEQ.exe
  C:\Windows\System\sHMFOEQ.exe
  2⤵
  PID:9280
- C:\Windows\System\BMEHfmq.exe
  C:\Windows\System\BMEHfmq.exe
  2⤵
  PID:9232
- C:\Windows\System\jcNqfou.exe
  C:\Windows\System\jcNqfou.exe
  2⤵
  PID:9456
- C:\Windows\System\WnsUqdT.exe
  C:\Windows\System\WnsUqdT.exe
  2⤵
  PID:8660
- C:\Windows\System\umLCeKX.exe
  C:\Windows\System\umLCeKX.exe
  2⤵
  PID:9536
- C:\Windows\System\YnkVsIx.exe
  C:\Windows\System\YnkVsIx.exe
  2⤵
  PID:9644
- C:\Windows\System\SwaMUge.exe
  C:\Windows\System\SwaMUge.exe
  2⤵
  PID:9472
- C:\Windows\System\VvCFfTl.exe
  C:\Windows\System\VvCFfTl.exe
  2⤵
  PID:9688
- C:\Windows\System\hGaPjto.exe
  C:\Windows\System\hGaPjto.exe
  2⤵
  PID:9588
- C:\Windows\System\TZAXxPV.exe
  C:\Windows\System\TZAXxPV.exe
  2⤵
  PID:9728
- C:\Windows\System\CABtmcP.exe
  C:\Windows\System\CABtmcP.exe
  2⤵
  PID:9760
- C:\Windows\System\dMhBjvz.exe
  C:\Windows\System\dMhBjvz.exe
  2⤵
  PID:9840
- C:\Windows\System\DekJGSz.exe
  C:\Windows\System\DekJGSz.exe
  2⤵
  PID:9900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DMPZdEo.exe

Filesize
6.1MB

MD5
83e16b4d2d41bd67a704ca3ad4feff4f

SHA1
f332af658e0ed1dffb895a1a0e30a50aa0039cff

SHA256
37babd6c6018d30e93eab0995e7046ae4c606c1fcf1e4186b6f6d0751828e512

SHA512
dca70ab739787eee4993e80df81dc60b8ca068a848b5119260b5128ce9fc7fd0a5667f986dd884ef0a2cba0919b9dac38ffae3f07bca94a4e4ca0b3485067e8b

Download Submit
C:\Windows\system\EzVhaIf.exe

Filesize
6.1MB

MD5
2186589346d246fe9c7e80d1fc42cf00

SHA1
cbeda1c42d3f86409c3481074e331100fa394980

SHA256
d27f1a01e348799a08b54aa0fedf0015c0b2f4ae5ab27836c18af1ec329238e9

SHA512
d878694ce29a7eba827e22bfcb5af69117745044cbbfe3e3af7d5728306e1568b5a653f241c894f865ae1a9faf54c6905c65f72109fb2dde330085fbbc9cec61

Download Submit
C:\Windows\system\FdYfvrE.exe

Filesize
6.1MB

MD5
47bed123a0d3f924df87d990bf5eccd4

SHA1
bd9e9bf8107d5113c103adbdb39f0af20b39a3a1

SHA256
03f8ea96f6b06babea3d2c2ed1cc7ec0fd20ee04e44800e213036a7d9d6faa7a

SHA512
673a37d76d3cb472bbb7ee6230e1740ea8501814b9bbcbdf74e49593d1ca1f9ef21a01ff7b47639553f98ce89ec7e9dec2a380e22d7e9e21e56ad857bc5b4509

Download Submit
C:\Windows\system\JHsbshl.exe

Filesize
6.1MB

MD5
bcca1d9d7c71aee7c13bc81d6f82fe9d

SHA1
5a7e5b234a5ea2ec8a106466674ab4874a817cd9

SHA256
d714b91eeaeb516374a00dc59cb291d6486cccfa4b8b6bf4f498cc8350745b88

SHA512
7ca0afa52284d82ee13f2b1da4899f93891584f7a1de2360d78bb9ea090348a9ad08b3a56a5336119a64e5b5f74f4cd01f03e59625afebc13d03e3fcf9dacb3f

Download Submit
C:\Windows\system\KLZEPBX.exe

Filesize
6.1MB

MD5
a867b0bb58b8b145232ab135016fe7be

SHA1
68604e7e94109dd758b76d5ec0dec42b0f6421dd

SHA256
22c0b3631be422dcfb54cee27ea34358078bfb78f4a1ac45af0696426ddd835e

SHA512
9bd91eb678ab8191dd73fea8a12f85c9e56a84299ab6fcf4884ca7a9df55ac1b2efced8546c5c09dba0c280210a353dfd35908bfc8ad78b576c44b8b86e497c0

Download Submit
C:\Windows\system\ONWgxFQ.exe

Filesize
6.1MB

MD5
282c3b77e4652390d83f4dcdb2fb0459

SHA1
738a4292d3a5e124a3139f71efc125600565329d

SHA256
5784a429f9375b0fd2f5db424143c9b81872c790d49e12aace558001dcfa0132

SHA512
dd585a08b48116ecb47c0bcd6dbe29986f53a58fdf4e20798d3ded408b7c9773fb399e5f3e2e31e99fa3235b3a375fbca208fe8e98970aa3076d8d547054447f

Download Submit
C:\Windows\system\XToRzmt.exe

Filesize
6.1MB

MD5
6201c0640b55d3dfaf897a6b60aa2fe7

SHA1
23275387eee6d73bd1fff5f04899fc8be231a0c9

SHA256
99f202d712c4be45861a9200cfdb8b3b636f3fa1c828f787d9bb3418f00ee3af

SHA512
7bb35009aa0f47100d5d904747af826a522ef43c679fb76e48140447f0bb54d958cc66cb88e80ffa1307c351bbb9fe8d04acbbbd7d179b6560db91c10ba130fb

Download Submit
C:\Windows\system\bNCCAlQ.exe

Filesize
6.1MB

MD5
4a6a8105bf7885aec75bc4dda25c5c0c

SHA1
5cb4f87aadb03168e980e2aaa8b5b0493792e255

SHA256
9a4eb0087f06a81ea4684194a531c984872480ec6f4b20f87bc9c0693ff64bd0

SHA512
1179ab4abc9f7de7a6c78ed507bb4fad6168e79002a3f49567549a140f5bcdee76930e071d959c330313f18dc0e2b0c04dc34fea234551f41c03d83f84c190bc

Download Submit
C:\Windows\system\bdHlBEr.exe

Filesize
6.1MB

MD5
c0785c2fb231fd8849dd33fe20d8a21a

SHA1
e6fc9ea05e6ef30094534602dabda7c3db2a7d77

SHA256
0be0c2eb8281e2480428c6a75b26934143a0b56fb890219d217d24e60ec93da4

SHA512
358f895b30effb4e185ae5c021fa91093e2dff2a7f4abdcbdd762c7a5a77acc8f0073b9a9c83a36ad450f5c6ae4fd70294e2d4c2a188190c1de0c508d901129a

Download Submit
C:\Windows\system\dIEbqik.exe

Filesize
6.1MB

MD5
5d4711c998458b049f4656ec06b8799b

SHA1
ea8807a7bbc86f09d9a21b3562285b0b256db174

SHA256
05886edd4edc642030273c41f21a9d416107f7c00d559946989393400c3a6ad1

SHA512
f07de42d46563fccb36bfbab149a89d9c52a830974afff5d3f4157c7cb3447c5a04b3084ce2cbe0eb6a01df13929ef14bb0a585be02c526e27688d8013aa0b0c

Download Submit
C:\Windows\system\fMhxWza.exe

Filesize
6.1MB

MD5
b847510927c58dcf7fa094d98ff6d25d

SHA1
a6680214a74abc4defb7e3f9eb0e87ad88f00b77

SHA256
5c02e08def64dd8a89813bbef002ce386d84745ac0fc73ec3405636fc0baf863

SHA512
4188e2572e86095462f66140d7114f1b64a65792016e286196120501ab89516d80cd178e64d0b14dadbaf8d64584ad7a47c3155072a4e61471e0dd80e431a67d

Download Submit
C:\Windows\system\gZSNptG.exe

Filesize
6.1MB

MD5
0a2ef5b60cabf4cb97bbef5d7bca55d4

SHA1
fdb265dbbf89e12851a3540bc07d89036f6a39f2

SHA256
394132e707a826969265c21c388fd201df78ae10ef32fcbfba7ae429eb88a892

SHA512
923ab5b8276dbdd77e1a60a06899dddffa24265d156b61e76d7ec46cd66dad5e7baae31f80a8c0a55baee8af48ed0b5ea012da95904b2de801a5abe30f2ddf04

Download Submit
C:\Windows\system\iPGvCwv.exe

Filesize
6.1MB

MD5
e511965d6e5a9733d24ab551e51127cc

SHA1
2588576bf31adc10160e91e6336a57d7b341f37e

SHA256
4b5956fad3bc38c1545f89b31c8d5eef8ffec955444f4a394ce7d95ae5abde3e

SHA512
80f331e6b2093146ff93b4ef24c5f02519fbb0a0f59fecf84b9b227bba62a99433698dde54b99b58878dcc449eab08250361e74dc3dc54529a12332b628dc41a

Download Submit
C:\Windows\system\iQrEzww.exe

Filesize
6.1MB

MD5
68679a51c696c1f70e0d35a37acdad70

SHA1
56cda0fa5106d335d21be6288b6e445bc2783e46

SHA256
853903870fb813c3bd26fd8ee8afc81000fd298fb378142643431e017310f756

SHA512
ea7e9a2d827be169ccfa1c5589c8c75ad9d24b8d4f41ccb242f18b6b0c983fc16f397c2cc6c70b686b172d395776b4f527e812b1193408b1f56a1a356c2129b8

Download Submit
C:\Windows\system\oyYWJbr.exe

Filesize
6.1MB

MD5
7c54c373e28d06730cc96a5ad16f2575

SHA1
9f7bf93b9a22785aae598b0dfc091564959aebfd

SHA256
78f7bfe6436eec8c88ab72493a68366cd56fe80e378fdf0a2c7bd1179c5bcb37

SHA512
3295bea45811e9247e09c28540cae673757c99777944daeb31c9439839ba92fcf37034e8e74ce1f15c2d0f209b2687437853ad748acc9cffe2229fb5ed4234e1

Download Submit
C:\Windows\system\pqWHfzt.exe

Filesize
6.1MB

MD5
ce70c96c5a9a875dc06b5dc6f4e9c673

SHA1
bdc5207eeaaf90e3402695774abf9fbc554161b3

SHA256
46dd91295093f841952b3eb3fc0b644ef1dc732e2cad8a802e13a29a1ec4a415

SHA512
c800493ef7ac1aa24d94a989ff4ac15da4b54c4a9b19b270713d4b62116cb1206427c0a1261fda62c530c957ccb54f369f2b712c2e0f2d2670fc61574449ed54

Download Submit
C:\Windows\system\qsDkVaG.exe

Filesize
6.1MB

MD5
5dd18873be867ed4768eaf2a0c1ade58

SHA1
9fcaa3f779a7267a788a5d2cef8b85410c59598d

SHA256
fc6d6ccf28a192a563b99693d1d5980b3cdee9a6116a0ea901c6b041b5353f3e

SHA512
5d787f9e317ab6d7b2004324b2a83eb8cc835d614c9aa4ae1e95aa3d69ef5e7316b57ad61bb91368137402f4f652ccbe7dec576b25c975baff4c8f9f2283b663

Download Submit
C:\Windows\system\uUynqpy.exe

Filesize
6.1MB

MD5
780e44265abe2c242a7bb8b64c235c8c

SHA1
7d8a29cc4b20f3db776c6117d39aa36f3f01edec

SHA256
e121f269005e9ec6e478557d49174655103efbc53e382e375b5831a4d39e0d98

SHA512
32e4b4c25da875874f87da218c912b9c6bc01289df2ec37812b7e834f1ff0e55c82d4b8e3503a742ed0f606b544a4848b1d35ce526638ca9d34b1d2ddd61c60a

Download Submit
C:\Windows\system\upgIUnM.exe

Filesize
6.1MB

MD5
cfd7cc10fd4b70dc2196da1bea48ce07

SHA1
8fc682753ea2fc895ae3bd6fe0b52b7beeb682c5

SHA256
a3dd1abf898dfe263fc799e74a0c14853cafc348223cd589180c71f36863af2e

SHA512
89dea830d6c0ffb97b82a2172050ca7a559d5d88472fb94d4f91b884271f70909b354e5d9361ed8f22082c1e886eb492f2b14aa0e7211b08b4ae961809d173c0

Download Submit
C:\Windows\system\xdyqKeg.exe

Filesize
6.1MB

MD5
b35659a5d2694daec0d1c81e54f76faf

SHA1
4c07462d13aada75fa784f39a540de2efe50b46d

SHA256
66561546c15aaae9e6b0e924597862413a8b56696080ea8969352f6f500d43b8

SHA512
2001deb24e8332819e14bab282db7f9fb2bf6220c34fd9d6f7b4af45f7403a2ee39e017d78a2bb3a1968567cbab110ae7eb601ebf6fb0aadb65ba8d66be2bb67

Download Submit
C:\Windows\system\yDQzQhd.exe

Filesize
6.1MB

MD5
81d9024010578e31e6a8a83c70a65751

SHA1
64402d7ae969cce2002c269a1f1b2dd41734afce

SHA256
32c7619f83169f36a3e08c33b73e0c766867ce0061a9d9f517f78595fe1a7eb3

SHA512
6516dd9eb0b977fd61ef0bc8fa9598f32f704b7f6a49ecaf383e7e8cbf149060af1f7dc924c3b2ce169f04894e01813dc83335ab88e49be3644e37fccb2ef90a

Download Submit
C:\Windows\system\ycXwLQU.exe

Filesize
6.1MB

MD5
dcdb1068191113048d70102cd6466317

SHA1
043fd8b0371e28533dbff64e2bb0edbff7d064a7

SHA256
95f03b7a15df7d6bc17964fa1ac7e9361f85370bd3fd08c21790a57e53659c51

SHA512
b0bc4626ed3fea1ab8aa0a5daca197a8164ca8ad552e1c8a0b4d27899b4c578728b042d69873f8e1ec25ed7e1a1339e7f8f8630c58995bbbb848f97f81ace377

Download Submit
C:\Windows\system\yxcvtlv.exe

Filesize
6.1MB

MD5
a2eb16454e8759600ca61a6767ced63c

SHA1
0692c68d9e8b5e7f4614dc11203ba668d59d1f1c

SHA256
522c6b11dc46f32516f2aca056698bd800e0bb2aaa9e824c11e31fea09c9c2f8

SHA512
d1475092762ad621062e381720d134242c6ac2155e472b987d9b4be5a9d4363a5116f9a4e24d8d992e34afdb7525d32b0dac1fe29e66639a7a0ec4d77a991fbf

Download Submit
C:\Windows\system\zxEBgGS.exe

Filesize
6.1MB

MD5
640b31e69bd70f9e3b4992ef9efd399a

SHA1
286a0439735a1d11fb67774031b5a1b8fc0060ee

SHA256
cb41a5a205b6ab0b58fd5e7f2da4a869f4f9e076242f11b4943ddcf275de828a

SHA512
2ccd40f5437ef11013c6f95c4801859e20170ecb27282ca07c56c81e29052fdc6467e4e77d342fdf52025d05ddcfeffe440729721d13bbeb92edf030900367d9

Download Submit
\Windows\system\GdTOsco.exe

Filesize
6.1MB

MD5
f12bcda41a7168c3814ab1b6199cbd98

SHA1
e30ff4daacf9a7d3be33b2a59871a8ab0a448c73

SHA256
54ab350b459a0aecc1ddbfab32d4658839dc227d5fc78f39f8d6f0fe09864562

SHA512
7ccf483f6b2429d5bccb1207f30aeadff713a4350b1b3a6dd4af9fc3d529cf739d3b2be87f6049fecb4f6af400a6ecdc4987ce3aa70625e3d2b0d752944921bb

Download Submit
\Windows\system\IZngnIk.exe

Filesize
6.1MB

MD5
7817777aee07b04404af97516c0905e7

SHA1
e1b537c89d133f5fa2ef42e9622a53a283e806f4

SHA256
d092f145cf6c13106f5a1618aea35cf1e0b1815396688d8864c1412bc696c72e

SHA512
782e5ab399c5190c78286607c395fd02df2c0b792cd2e1bef958d21aa7b1a5f586c8a803f1b93e0779b0be86bd3fc95f678d834be0128204baab9a793e6f3cd2

Download Submit
\Windows\system\VUoOEeV.exe

Filesize
6.1MB

MD5
ad41379ab9c9ed52a3d77d86ce2fed17

SHA1
c15089cab9f7a4346a17cd8c505441f03dac076a

SHA256
fbf9a8963848f64b80d8d864ef677380e82c10bf865a07bc0964ef89d6308e7c

SHA512
50e8bf58d8f2375d419615c3c8d7b7505a443485ff167d1090b956eaa2cefe09c083e745509cd4256f77d0da217c1acc8c63f04440f0122e7902d561b04b9c81

Download Submit
\Windows\system\bzjZlFx.exe

Filesize
6.1MB

MD5
fe0b8adaf547167905a5f8a93702fbfd

SHA1
016e87fd025e6fc722a0304682e57bfc86cf0c50

SHA256
1adce1187b9bff886f10dda461738477765a130927d715581e39ee2ba2eb1cd0

SHA512
c4fcfb9f305ea209a83f9519f8c86686fbfddbdf19b1d3669290f2fa5dc00c9affdd0ab832bc3f17559c0427c92b2f879d893ec0dab51e495d62438807861e4f

Download Submit
\Windows\system\eCBZhDE.exe

Filesize
6.1MB

MD5
c278bf15e93b6b5f8478b615840d623b

SHA1
7e19403cf1eee199d05c7eedc16339587ad137bc

SHA256
745fc21e32602bc6b427cfb6c5fdfde546761e2a1c18d92850aba2c5a694d1fa

SHA512
f1108953f53b3087450962021cd6ada17953f61da7355e272bd75ca06e63ca83cc9d779d3aceda99c369da2f0fa473d47dc40d54b2fc0077a1caad294531a0b6

Download Submit
\Windows\system\esMSfVP.exe

Filesize
6.1MB

MD5
90c080a18e4c228d182f9f30e652694e

SHA1
a6d6f110189b219e372869273e1cae8d9580ac9f

SHA256
aa1eae54fd57ea2b48cf223fd15d906f2d45c2b2ae177eb6755198a6c44e26ea

SHA512
ac7bd8cfc10760bb82c5f2a8e96ddc9412b072e04e617c77869009bd3f6d68ab9c826f17893b9f6424ef46819b91142450864dd06f2fc0141949db5568e475a0

Download Submit
\Windows\system\mirKmru.exe

Filesize
6.1MB

MD5
27c0abcdeee9723fbeebb033305e3fa0

SHA1
4123d3fa8083c8281d999296ae0f227e5e40fd3a

SHA256
5caea7f8fd47fb0acc3ab2ff4274e251598f2dac5c7b1ce209e7ddd155ced062

SHA512
dd9c0287091ca040285f9e5c8e9f0ed801fb287beb0f879872b0ce5f5297040311411aa80686cb201a714b2072da805ddf0df32a67937d91d9d529459f29ace7

Download Submit
\Windows\system\vZmZyuL.exe

Filesize
6.1MB

MD5
da37a536da495217da2ec6bed06a1fcb

SHA1
6e6f50a9e1fb2571f8374f437911aab634ad01bd

SHA256
340fedcf7b1ac885b69e6cb084fd85d20dd3f200e084eaeaaefb69593741d6da

SHA512
357226b73df941c9ba5f1c24b0b6aabb7cdf422fef76c51d66e40a268e8eeba808b34294ceda8b63c26f6546aadebb1cbf1d750066feaca3e8e2eddd64e325d0

Download Submit
memory/564-179-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/564-4012-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/596-164-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/596-4008-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/720-175-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/720-4011-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/812-170-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/812-4010-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2028-177-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2028-4013-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2248-294-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2248-14-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2340-4005-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2340-32-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2440-1012-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-4014-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-160-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-4007-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2624-182-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2664-4006-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2664-33-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2728-755-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2728-4015-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2728-159-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2784-162-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2784-4009-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2804-4004-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2804-436-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2804-21-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2808-0-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1-0x0000000001B20000-0x0000000001B30000-memory.dmp

Filesize
64KB

Download
memory/2808-1961-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1964-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1962-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-2198-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2808-181-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2808-43-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2808-176-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1960-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-180-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2808-6-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-161-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2808-163-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2808-166-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-174-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-178-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-15-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download