cobaltstrike | 68277757f00f383ce4a3c92a09d2f20b8abf56ddbecf75b14dcff620a0151707

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20250207-en
resource tags

arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
submitted
21/03/2025, 07:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

ff662df4a7258800fb08d34817d93fb1
SHA1

dea656fbe84cf351041604093350ebdf9fed5d82
SHA256

68277757f00f383ce4a3c92a09d2f20b8abf56ddbecf75b14dcff620a0151707
SHA512

d97fae7b5375855e5effb712dde997c9e4d3f370cdce82befd701f74da505c2766301af9e5b01bddec87204615733178e6e5e246198247e3fc2a7edc2875baab
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUv:T+q56utgpPF8u/7v

Score

10^/10

cobaltstrike xmrig 0 backdoor defense_evasion miner privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00070000000120ea-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dbc-13.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016eaf-9.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001704f-25.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000173d5-37.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b0-72.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019616-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019ae1-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c56-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a045-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a03b-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f3f-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f29-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d5d-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c8f-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c58-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3d-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019adf-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019a44-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019794-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961c-109.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019612-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019510-93.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e5-86.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194df-79.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d7b-66.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a9-62.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019456-55.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944e-49.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001901d-43.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173d2-31.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 63 IoCs

miner

resource	yara_rule
behavioral1/memory/2036-0-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/files/0x00070000000120ea-3.dat	xmrig
behavioral1/files/0x0008000000016dbc-13.dat	xmrig
behavioral1/memory/1624-14-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/1660-11-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016eaf-9.dat	xmrig
behavioral1/memory/2580-20-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/files/0x000700000001704f-25.dat	xmrig
behavioral1/memory/2828-26-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/files/0x00090000000173d5-37.dat	xmrig
behavioral1/memory/2736-38-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2732-50-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2468-56-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2784-63-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/files/0x00050000000194b0-72.dat	xmrig
behavioral1/files/0x0005000000019616-101.dat	xmrig
behavioral1/files/0x0005000000019ae1-125.dat	xmrig
behavioral1/files/0x0005000000019c56-133.dat	xmrig
behavioral1/files/0x000500000001a045-161.dat	xmrig
behavioral1/files/0x000500000001a03b-157.dat	xmrig
behavioral1/files/0x0005000000019f3f-153.dat	xmrig
behavioral1/files/0x0005000000019f29-149.dat	xmrig
behavioral1/files/0x0005000000019d5d-145.dat	xmrig
behavioral1/files/0x0005000000019c8f-141.dat	xmrig
behavioral1/files/0x0005000000019c58-137.dat	xmrig
behavioral1/files/0x0005000000019c3d-129.dat	xmrig
behavioral1/files/0x0005000000019adf-121.dat	xmrig
behavioral1/files/0x0005000000019a44-117.dat	xmrig
behavioral1/files/0x0005000000019794-113.dat	xmrig
behavioral1/files/0x000500000001961c-109.dat	xmrig
behavioral1/files/0x000500000001961b-105.dat	xmrig
behavioral1/files/0x0005000000019612-97.dat	xmrig
behavioral1/files/0x0005000000019510-93.dat	xmrig
behavioral1/memory/1912-87-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194e5-86.dat	xmrig
behavioral1/memory/2152-80-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194df-79.dat	xmrig
behavioral1/memory/2656-73-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2608-67-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d7b-66.dat	xmrig
behavioral1/files/0x00050000000194a9-62.dat	xmrig
behavioral1/files/0x0005000000019456-55.dat	xmrig
behavioral1/files/0x000500000001944e-49.dat	xmrig
behavioral1/memory/2856-44-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/files/0x000900000001901d-43.dat	xmrig
behavioral1/memory/2456-33-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2036-32-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/files/0x00070000000173d2-31.dat	xmrig
behavioral1/memory/1660-35-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/1660-3066-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2152-4019-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2732-4025-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2656-4026-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2784-4024-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2828-4023-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2736-4022-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/1624-4021-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/1912-4020-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2608-4018-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/2856-4027-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2468-4028-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2456-4029-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2580-4030-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1660	fZZpChy.exe
1624	hKemmoc.exe
2580	JhNyNOX.exe
2828	qCZuEhu.exe
2456	kCmabCr.exe
2736	vpKllSE.exe
2856	TJtxuXH.exe
2732	fktHWET.exe
2468	dcrkoot.exe
2784	gQsjHur.exe
2608	uzNknjI.exe
2656	vkaCXdO.exe
2152	RGdqIlZ.exe
1912	IrwjvCn.exe
2792	CSowCvM.exe
2500	VXyyKvu.exe
2044	IQSTMAW.exe
1128	oWIMCtw.exe
576	yfmMREH.exe
776	tWygZjd.exe
596	ofgrSFG.exe
2016	KTeWWUz.exe
1852	LWIucVM.exe
1744	nEGMIgR.exe
1780	TBYDtVg.exe
2924	ClQqGmW.exe
2932	QJARzHE.exe
2980	rhAiujD.exe
1764	FaXCcPO.exe
2056	Ymeogxf.exe
3064	lDisZGv.exe
2220	aOMtjqP.exe
1064	jcTLIaC.exe
1704	sxSsxCP.exe
2588	vcHifRG.exe
2436	pewknxI.exe
424	XmSjBvg.exe
1104	KRWdHAa.exe
1612	LZCGIdw.exe
2292	HsvHbxE.exe
764	CoBcKTf.exe
1272	MURyqsM.exe
1800	qWQNHIs.exe
1676	gycjxRF.exe
1472	IoTCgWY.exe
1284	MvcdkkQ.exe
2172	wpbBLcg.exe
1652	RcBkiEm.exe
1452	IKDqrRC.exe
284	EZfbRwI.exe
648	OjhtwJD.exe
2112	wByEXFA.exe
1732	iTWbJeE.exe
708	AaNMZWN.exe
1468	FZQJVMj.exe
1668	YYrMNzy.exe
1580	PGpnSKS.exe
2300	AYZvyPo.exe
2188	WuwAaEN.exe
1412	XtSzmtC.exe
696	lJJSQBR.exe
2164	dSkLwAv.exe
2296	GxNyDbX.exe
2388	JztjQgF.exe

Loads dropped DLL 64 IoCs

pid	Process
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2036-0-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/files/0x00070000000120ea-3.dat	upx
behavioral1/files/0x0008000000016dbc-13.dat	upx
behavioral1/memory/1624-14-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/1660-11-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/files/0x0007000000016eaf-9.dat	upx
behavioral1/memory/2580-20-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/files/0x000700000001704f-25.dat	upx
behavioral1/memory/2828-26-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/files/0x00090000000173d5-37.dat	upx
behavioral1/memory/2736-38-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2732-50-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2468-56-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2784-63-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/files/0x00050000000194b0-72.dat	upx
behavioral1/files/0x0005000000019616-101.dat	upx
behavioral1/files/0x0005000000019ae1-125.dat	upx
behavioral1/files/0x0005000000019c56-133.dat	upx
behavioral1/files/0x000500000001a045-161.dat	upx
behavioral1/files/0x000500000001a03b-157.dat	upx
behavioral1/files/0x0005000000019f3f-153.dat	upx
behavioral1/files/0x0005000000019f29-149.dat	upx
behavioral1/files/0x0005000000019d5d-145.dat	upx
behavioral1/files/0x0005000000019c8f-141.dat	upx
behavioral1/files/0x0005000000019c58-137.dat	upx
behavioral1/files/0x0005000000019c3d-129.dat	upx
behavioral1/files/0x0005000000019adf-121.dat	upx
behavioral1/files/0x0005000000019a44-117.dat	upx
behavioral1/files/0x0005000000019794-113.dat	upx
behavioral1/files/0x000500000001961c-109.dat	upx
behavioral1/files/0x000500000001961b-105.dat	upx
behavioral1/files/0x0005000000019612-97.dat	upx
behavioral1/files/0x0005000000019510-93.dat	upx
behavioral1/memory/1912-87-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/files/0x00050000000194e5-86.dat	upx
behavioral1/memory/2152-80-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/files/0x00050000000194df-79.dat	upx
behavioral1/memory/2656-73-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2608-67-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/files/0x0009000000016d7b-66.dat	upx
behavioral1/files/0x00050000000194a9-62.dat	upx
behavioral1/files/0x0005000000019456-55.dat	upx
behavioral1/files/0x000500000001944e-49.dat	upx
behavioral1/memory/2856-44-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/files/0x000900000001901d-43.dat	upx
behavioral1/memory/2456-33-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2036-32-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/files/0x00070000000173d2-31.dat	upx
behavioral1/memory/1660-35-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/1660-3066-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2152-4019-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2732-4025-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2656-4026-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2784-4024-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2828-4023-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2736-4022-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/1624-4021-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/1912-4020-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2608-4018-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/2856-4027-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2468-4028-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2456-4029-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2580-4030-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\VWyVwVo.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fUSGEMO.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rQaeoKp.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LUpXIgP.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\waXrdZi.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TdzGwXc.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dwQyHSu.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WZUsvfl.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WOyQiaA.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uEvvTwd.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bALSwlP.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WKjXQzc.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XBRiuyl.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mYfGxmK.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pAIXuND.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qcbjTAa.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LtwCEEV.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Dwrttba.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dvEtqAA.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TFVuXKV.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WqnPcRt.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IiCXUjf.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xTFOAFt.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QAtXaXk.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\skXBPuL.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VkLNeHn.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YrsxuOE.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eDmsrOp.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OTIJBqo.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LQnZmPx.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eVwwpzb.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cdRTBVa.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PNtWWNd.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uYxUKqG.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wbvLHdH.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\unpgGHX.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lNutZVx.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EoBtKCW.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vuDQVJY.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cqRarCM.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bsFyomD.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gPVERIA.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iGOPZqk.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\biGqbPJ.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kdiCkbC.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qjaGFqH.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DSyFFqN.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qBMddCF.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wHxNTVj.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KQyuXHz.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hrOsCRo.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hvDNUqa.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BPDJcjp.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wMtUcvI.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JDDyqhy.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aacPwcf.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XKnLinC.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\peTGZtT.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GoUGDIi.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FZQJVMj.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YYrMNzy.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TpNYknW.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VlrSLdr.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ktpXRnR.exe	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe

Access Token Manipulation: Create Process with Token 1 TTPs 1 IoCs

defense_evasion privilege_escalation

Create Process with Token

T1134.002

pid	Process
9596	Runashr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 1660	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2036 wrote to memory of 1660	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2036 wrote to memory of 1660	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2036 wrote to memory of 1624	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2036 wrote to memory of 1624	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2036 wrote to memory of 1624	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2036 wrote to memory of 2580	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2036 wrote to memory of 2580	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2036 wrote to memory of 2580	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2036 wrote to memory of 2828	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2036 wrote to memory of 2828	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2036 wrote to memory of 2828	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2036 wrote to memory of 2456	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2036 wrote to memory of 2456	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2036 wrote to memory of 2456	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2036 wrote to memory of 2736	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2036 wrote to memory of 2736	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2036 wrote to memory of 2736	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2036 wrote to memory of 2856	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2036 wrote to memory of 2856	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2036 wrote to memory of 2856	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2036 wrote to memory of 2732	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2036 wrote to memory of 2732	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2036 wrote to memory of 2732	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2036 wrote to memory of 2468	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2036 wrote to memory of 2468	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2036 wrote to memory of 2468	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2036 wrote to memory of 2784	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2036 wrote to memory of 2784	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2036 wrote to memory of 2784	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2036 wrote to memory of 2608	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2036 wrote to memory of 2608	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2036 wrote to memory of 2608	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2036 wrote to memory of 2656	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2036 wrote to memory of 2656	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2036 wrote to memory of 2656	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2036 wrote to memory of 2152	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2036 wrote to memory of 2152	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2036 wrote to memory of 2152	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2036 wrote to memory of 1912	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2036 wrote to memory of 1912	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2036 wrote to memory of 1912	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2036 wrote to memory of 2792	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2036 wrote to memory of 2792	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2036 wrote to memory of 2792	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2036 wrote to memory of 2500	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2036 wrote to memory of 2500	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2036 wrote to memory of 2500	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2036 wrote to memory of 2044	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2036 wrote to memory of 2044	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2036 wrote to memory of 2044	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2036 wrote to memory of 1128	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2036 wrote to memory of 1128	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2036 wrote to memory of 1128	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2036 wrote to memory of 576	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2036 wrote to memory of 576	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2036 wrote to memory of 576	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2036 wrote to memory of 776	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2036 wrote to memory of 776	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2036 wrote to memory of 776	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2036 wrote to memory of 596	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2036 wrote to memory of 596	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2036 wrote to memory of 596	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2036 wrote to memory of 2016	2036	2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-21_ff662df4a7258800fb08d34817d93fb1_amadey_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Windows\System\fZZpChy.exe
  C:\Windows\System\fZZpChy.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\hKemmoc.exe
  C:\Windows\System\hKemmoc.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\JhNyNOX.exe
  C:\Windows\System\JhNyNOX.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\qCZuEhu.exe
  C:\Windows\System\qCZuEhu.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\kCmabCr.exe
  C:\Windows\System\kCmabCr.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\vpKllSE.exe
  C:\Windows\System\vpKllSE.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\TJtxuXH.exe
  C:\Windows\System\TJtxuXH.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\fktHWET.exe
  C:\Windows\System\fktHWET.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\dcrkoot.exe
  C:\Windows\System\dcrkoot.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\gQsjHur.exe
  C:\Windows\System\gQsjHur.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\uzNknjI.exe
  C:\Windows\System\uzNknjI.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\vkaCXdO.exe
  C:\Windows\System\vkaCXdO.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\RGdqIlZ.exe
  C:\Windows\System\RGdqIlZ.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\IrwjvCn.exe
  C:\Windows\System\IrwjvCn.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\CSowCvM.exe
  C:\Windows\System\CSowCvM.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\VXyyKvu.exe
  C:\Windows\System\VXyyKvu.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\IQSTMAW.exe
  C:\Windows\System\IQSTMAW.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\oWIMCtw.exe
  C:\Windows\System\oWIMCtw.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\yfmMREH.exe
  C:\Windows\System\yfmMREH.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\tWygZjd.exe
  C:\Windows\System\tWygZjd.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\ofgrSFG.exe
  C:\Windows\System\ofgrSFG.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\KTeWWUz.exe
  C:\Windows\System\KTeWWUz.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\LWIucVM.exe
  C:\Windows\System\LWIucVM.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\nEGMIgR.exe
  C:\Windows\System\nEGMIgR.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\TBYDtVg.exe
  C:\Windows\System\TBYDtVg.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\ClQqGmW.exe
  C:\Windows\System\ClQqGmW.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\QJARzHE.exe
  C:\Windows\System\QJARzHE.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\rhAiujD.exe
  C:\Windows\System\rhAiujD.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\FaXCcPO.exe
  C:\Windows\System\FaXCcPO.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\Ymeogxf.exe
  C:\Windows\System\Ymeogxf.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\lDisZGv.exe
  C:\Windows\System\lDisZGv.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\aOMtjqP.exe
  C:\Windows\System\aOMtjqP.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\jcTLIaC.exe
  C:\Windows\System\jcTLIaC.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\sxSsxCP.exe
  C:\Windows\System\sxSsxCP.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\vcHifRG.exe
  C:\Windows\System\vcHifRG.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\pewknxI.exe
  C:\Windows\System\pewknxI.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\XmSjBvg.exe
  C:\Windows\System\XmSjBvg.exe
  2⤵
  - Executes dropped EXE
  PID:424
- C:\Windows\System\KRWdHAa.exe
  C:\Windows\System\KRWdHAa.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\LZCGIdw.exe
  C:\Windows\System\LZCGIdw.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\HsvHbxE.exe
  C:\Windows\System\HsvHbxE.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\CoBcKTf.exe
  C:\Windows\System\CoBcKTf.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\MURyqsM.exe
  C:\Windows\System\MURyqsM.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\qWQNHIs.exe
  C:\Windows\System\qWQNHIs.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\gycjxRF.exe
  C:\Windows\System\gycjxRF.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\IoTCgWY.exe
  C:\Windows\System\IoTCgWY.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\MvcdkkQ.exe
  C:\Windows\System\MvcdkkQ.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\wpbBLcg.exe
  C:\Windows\System\wpbBLcg.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\RcBkiEm.exe
  C:\Windows\System\RcBkiEm.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\IKDqrRC.exe
  C:\Windows\System\IKDqrRC.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\EZfbRwI.exe
  C:\Windows\System\EZfbRwI.exe
  2⤵
  - Executes dropped EXE
  PID:284
- C:\Windows\System\OjhtwJD.exe
  C:\Windows\System\OjhtwJD.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\wByEXFA.exe
  C:\Windows\System\wByEXFA.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\iTWbJeE.exe
  C:\Windows\System\iTWbJeE.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\AaNMZWN.exe
  C:\Windows\System\AaNMZWN.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\FZQJVMj.exe
  C:\Windows\System\FZQJVMj.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\YYrMNzy.exe
  C:\Windows\System\YYrMNzy.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\PGpnSKS.exe
  C:\Windows\System\PGpnSKS.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\AYZvyPo.exe
  C:\Windows\System\AYZvyPo.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\WuwAaEN.exe
  C:\Windows\System\WuwAaEN.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\XtSzmtC.exe
  C:\Windows\System\XtSzmtC.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\lJJSQBR.exe
  C:\Windows\System\lJJSQBR.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\dSkLwAv.exe
  C:\Windows\System\dSkLwAv.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\GxNyDbX.exe
  C:\Windows\System\GxNyDbX.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\JztjQgF.exe
  C:\Windows\System\JztjQgF.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\vXJUBhD.exe
  C:\Windows\System\vXJUBhD.exe
  2⤵
  PID:2124
- C:\Windows\System\PFqsEfw.exe
  C:\Windows\System\PFqsEfw.exe
  2⤵
  PID:2444
- C:\Windows\System\toOXVvq.exe
  C:\Windows\System\toOXVvq.exe
  2⤵
  PID:1636
- C:\Windows\System\IQUouan.exe
  C:\Windows\System\IQUouan.exe
  2⤵
  PID:1484
- C:\Windows\System\dvubelp.exe
  C:\Windows\System\dvubelp.exe
  2⤵
  PID:1616
- C:\Windows\System\TpNYknW.exe
  C:\Windows\System\TpNYknW.exe
  2⤵
  PID:2996
- C:\Windows\System\BPDJcjp.exe
  C:\Windows\System\BPDJcjp.exe
  2⤵
  PID:2812
- C:\Windows\System\tUnSjhZ.exe
  C:\Windows\System\tUnSjhZ.exe
  2⤵
  PID:2800
- C:\Windows\System\HfccuDm.exe
  C:\Windows\System\HfccuDm.exe
  2⤵
  PID:2116
- C:\Windows\System\xqAOntw.exe
  C:\Windows\System\xqAOntw.exe
  2⤵
  PID:2660
- C:\Windows\System\xNziirV.exe
  C:\Windows\System\xNziirV.exe
  2⤵
  PID:2652
- C:\Windows\System\vThdiBg.exe
  C:\Windows\System\vThdiBg.exe
  2⤵
  PID:2060
- C:\Windows\System\iUFDFXX.exe
  C:\Windows\System\iUFDFXX.exe
  2⤵
  PID:2276
- C:\Windows\System\MPtDNxz.exe
  C:\Windows\System\MPtDNxz.exe
  2⤵
  PID:1384
- C:\Windows\System\nAAAaEr.exe
  C:\Windows\System\nAAAaEr.exe
  2⤵
  PID:1756
- C:\Windows\System\SAaQQeY.exe
  C:\Windows\System\SAaQQeY.exe
  2⤵
  PID:1992
- C:\Windows\System\JVcJQKN.exe
  C:\Windows\System\JVcJQKN.exe
  2⤵
  PID:2820
- C:\Windows\System\iHSteoD.exe
  C:\Windows\System\iHSteoD.exe
  2⤵
  PID:2936
- C:\Windows\System\UeTtkTf.exe
  C:\Windows\System\UeTtkTf.exe
  2⤵
  PID:2916
- C:\Windows\System\ZSdcWRy.exe
  C:\Windows\System\ZSdcWRy.exe
  2⤵
  PID:2256
- C:\Windows\System\VhBKZXZ.exe
  C:\Windows\System\VhBKZXZ.exe
  2⤵
  PID:1792
- C:\Windows\System\KCKKSHP.exe
  C:\Windows\System\KCKKSHP.exe
  2⤵
  PID:2708
- C:\Windows\System\iVBnglg.exe
  C:\Windows\System\iVBnglg.exe
  2⤵
  PID:2488
- C:\Windows\System\WqdZWxl.exe
  C:\Windows\System\WqdZWxl.exe
  2⤵
  PID:640
- C:\Windows\System\KtmIdXg.exe
  C:\Windows\System\KtmIdXg.exe
  2⤵
  PID:2072
- C:\Windows\System\UWLsJni.exe
  C:\Windows\System\UWLsJni.exe
  2⤵
  PID:340
- C:\Windows\System\tJlNLZc.exe
  C:\Windows\System\tJlNLZc.exe
  2⤵
  PID:852
- C:\Windows\System\IwSrSqQ.exe
  C:\Windows\System\IwSrSqQ.exe
  2⤵
  PID:580
- C:\Windows\System\LbVFbdX.exe
  C:\Windows\System\LbVFbdX.exe
  2⤵
  PID:1564
- C:\Windows\System\ljVcvHO.exe
  C:\Windows\System\ljVcvHO.exe
  2⤵
  PID:964
- C:\Windows\System\mdMPCtE.exe
  C:\Windows\System\mdMPCtE.exe
  2⤵
  PID:2096
- C:\Windows\System\PYGYAcW.exe
  C:\Windows\System\PYGYAcW.exe
  2⤵
  PID:2224
- C:\Windows\System\LrorStd.exe
  C:\Windows\System\LrorStd.exe
  2⤵
  PID:2120
- C:\Windows\System\ViQlAob.exe
  C:\Windows\System\ViQlAob.exe
  2⤵
  PID:3012
- C:\Windows\System\uReBDdo.exe
  C:\Windows\System\uReBDdo.exe
  2⤵
  PID:2644
- C:\Windows\System\ZpksYpW.exe
  C:\Windows\System\ZpksYpW.exe
  2⤵
  PID:1680
- C:\Windows\System\uveQHzG.exe
  C:\Windows\System\uveQHzG.exe
  2⤵
  PID:1892
- C:\Windows\System\kOxymDa.exe
  C:\Windows\System\kOxymDa.exe
  2⤵
  PID:1516
- C:\Windows\System\ZXcFsxm.exe
  C:\Windows\System\ZXcFsxm.exe
  2⤵
  PID:2248
- C:\Windows\System\pKCZsuJ.exe
  C:\Windows\System\pKCZsuJ.exe
  2⤵
  PID:2700
- C:\Windows\System\QSogNqo.exe
  C:\Windows\System\QSogNqo.exe
  2⤵
  PID:2740
- C:\Windows\System\OZJxBcq.exe
  C:\Windows\System\OZJxBcq.exe
  2⤵
  PID:2620
- C:\Windows\System\bnqboVm.exe
  C:\Windows\System\bnqboVm.exe
  2⤵
  PID:2364
- C:\Windows\System\opHOJNn.exe
  C:\Windows\System\opHOJNn.exe
  2⤵
  PID:588
- C:\Windows\System\YIpFODU.exe
  C:\Windows\System\YIpFODU.exe
  2⤵
  PID:1796
- C:\Windows\System\wvsJGXw.exe
  C:\Windows\System\wvsJGXw.exe
  2⤵
  PID:2696
- C:\Windows\System\jwYbCjh.exe
  C:\Windows\System\jwYbCjh.exe
  2⤵
  PID:1244
- C:\Windows\System\zxOemQU.exe
  C:\Windows\System\zxOemQU.exe
  2⤵
  PID:1488
- C:\Windows\System\fZKOaeP.exe
  C:\Windows\System\fZKOaeP.exe
  2⤵
  PID:2160
- C:\Windows\System\WMXWhae.exe
  C:\Windows\System\WMXWhae.exe
  2⤵
  PID:856
- C:\Windows\System\PMYsXPq.exe
  C:\Windows\System\PMYsXPq.exe
  2⤵
  PID:1280
- C:\Windows\System\vKySmoi.exe
  C:\Windows\System\vKySmoi.exe
  2⤵
  PID:996
- C:\Windows\System\wFyKrKY.exe
  C:\Windows\System\wFyKrKY.exe
  2⤵
  PID:2440
- C:\Windows\System\SfOworD.exe
  C:\Windows\System\SfOworD.exe
  2⤵
  PID:816
- C:\Windows\System\UYIZvno.exe
  C:\Windows\System\UYIZvno.exe
  2⤵
  PID:2180
- C:\Windows\System\vQgvvjB.exe
  C:\Windows\System\vQgvvjB.exe
  2⤵
  PID:3084
- C:\Windows\System\jFbMecd.exe
  C:\Windows\System\jFbMecd.exe
  2⤵
  PID:3100
- C:\Windows\System\kgAOiBx.exe
  C:\Windows\System\kgAOiBx.exe
  2⤵
  PID:3116
- C:\Windows\System\NOVFuTS.exe
  C:\Windows\System\NOVFuTS.exe
  2⤵
  PID:3132
- C:\Windows\System\BDYPLVD.exe
  C:\Windows\System\BDYPLVD.exe
  2⤵
  PID:3148
- C:\Windows\System\mHYgbek.exe
  C:\Windows\System\mHYgbek.exe
  2⤵
  PID:3164
- C:\Windows\System\uJGrAKa.exe
  C:\Windows\System\uJGrAKa.exe
  2⤵
  PID:3180
- C:\Windows\System\qcbjTAa.exe
  C:\Windows\System\qcbjTAa.exe
  2⤵
  PID:3196
- C:\Windows\System\jEKOoLE.exe
  C:\Windows\System\jEKOoLE.exe
  2⤵
  PID:3212
- C:\Windows\System\RToRSOo.exe
  C:\Windows\System\RToRSOo.exe
  2⤵
  PID:3228
- C:\Windows\System\bACMQMK.exe
  C:\Windows\System\bACMQMK.exe
  2⤵
  PID:3244
- C:\Windows\System\innFNeH.exe
  C:\Windows\System\innFNeH.exe
  2⤵
  PID:3264
- C:\Windows\System\KxgiSEb.exe
  C:\Windows\System\KxgiSEb.exe
  2⤵
  PID:3280
- C:\Windows\System\JgeCeqI.exe
  C:\Windows\System\JgeCeqI.exe
  2⤵
  PID:3296
- C:\Windows\System\AeJHWMn.exe
  C:\Windows\System\AeJHWMn.exe
  2⤵
  PID:3312
- C:\Windows\System\jcQAiMy.exe
  C:\Windows\System\jcQAiMy.exe
  2⤵
  PID:3328
- C:\Windows\System\DogSQUR.exe
  C:\Windows\System\DogSQUR.exe
  2⤵
  PID:3344
- C:\Windows\System\VxJQeWT.exe
  C:\Windows\System\VxJQeWT.exe
  2⤵
  PID:3360
- C:\Windows\System\gjIKUrK.exe
  C:\Windows\System\gjIKUrK.exe
  2⤵
  PID:3376
- C:\Windows\System\YGJgVin.exe
  C:\Windows\System\YGJgVin.exe
  2⤵
  PID:3392
- C:\Windows\System\YsngLVR.exe
  C:\Windows\System\YsngLVR.exe
  2⤵
  PID:3408
- C:\Windows\System\CatUPSz.exe
  C:\Windows\System\CatUPSz.exe
  2⤵
  PID:3424
- C:\Windows\System\AhwilIT.exe
  C:\Windows\System\AhwilIT.exe
  2⤵
  PID:3440
- C:\Windows\System\ZtemcVv.exe
  C:\Windows\System\ZtemcVv.exe
  2⤵
  PID:3456
- C:\Windows\System\ZMnWCfT.exe
  C:\Windows\System\ZMnWCfT.exe
  2⤵
  PID:3472
- C:\Windows\System\qxTTWJw.exe
  C:\Windows\System\qxTTWJw.exe
  2⤵
  PID:3488
- C:\Windows\System\vMoSDqI.exe
  C:\Windows\System\vMoSDqI.exe
  2⤵
  PID:3504
- C:\Windows\System\UqMHENA.exe
  C:\Windows\System\UqMHENA.exe
  2⤵
  PID:3520
- C:\Windows\System\KLZgJHa.exe
  C:\Windows\System\KLZgJHa.exe
  2⤵
  PID:3536
- C:\Windows\System\EHlFFki.exe
  C:\Windows\System\EHlFFki.exe
  2⤵
  PID:3552
- C:\Windows\System\DPEwUuS.exe
  C:\Windows\System\DPEwUuS.exe
  2⤵
  PID:3568
- C:\Windows\System\SCwbPYB.exe
  C:\Windows\System\SCwbPYB.exe
  2⤵
  PID:3584
- C:\Windows\System\QkEDItH.exe
  C:\Windows\System\QkEDItH.exe
  2⤵
  PID:3600
- C:\Windows\System\NDmtnlz.exe
  C:\Windows\System\NDmtnlz.exe
  2⤵
  PID:3616
- C:\Windows\System\JjmEDBM.exe
  C:\Windows\System\JjmEDBM.exe
  2⤵
  PID:3632
- C:\Windows\System\JeKPtue.exe
  C:\Windows\System\JeKPtue.exe
  2⤵
  PID:3648
- C:\Windows\System\aSKqRhU.exe
  C:\Windows\System\aSKqRhU.exe
  2⤵
  PID:3664
- C:\Windows\System\PHHJpVF.exe
  C:\Windows\System\PHHJpVF.exe
  2⤵
  PID:3680
- C:\Windows\System\qNuQVlR.exe
  C:\Windows\System\qNuQVlR.exe
  2⤵
  PID:3696
- C:\Windows\System\wJLqJoF.exe
  C:\Windows\System\wJLqJoF.exe
  2⤵
  PID:3712
- C:\Windows\System\ChfErMr.exe
  C:\Windows\System\ChfErMr.exe
  2⤵
  PID:3728
- C:\Windows\System\KkPKPHc.exe
  C:\Windows\System\KkPKPHc.exe
  2⤵
  PID:3744
- C:\Windows\System\wnKDQEs.exe
  C:\Windows\System\wnKDQEs.exe
  2⤵
  PID:3760
- C:\Windows\System\HfIKYnr.exe
  C:\Windows\System\HfIKYnr.exe
  2⤵
  PID:3776
- C:\Windows\System\GKlXQtg.exe
  C:\Windows\System\GKlXQtg.exe
  2⤵
  PID:3792
- C:\Windows\System\HdZvVRe.exe
  C:\Windows\System\HdZvVRe.exe
  2⤵
  PID:3808
- C:\Windows\System\zNCGrjR.exe
  C:\Windows\System\zNCGrjR.exe
  2⤵
  PID:3824
- C:\Windows\System\kzXISOn.exe
  C:\Windows\System\kzXISOn.exe
  2⤵
  PID:3840
- C:\Windows\System\uhdHyYA.exe
  C:\Windows\System\uhdHyYA.exe
  2⤵
  PID:3856
- C:\Windows\System\WXILrpk.exe
  C:\Windows\System\WXILrpk.exe
  2⤵
  PID:3872
- C:\Windows\System\aXEOIqY.exe
  C:\Windows\System\aXEOIqY.exe
  2⤵
  PID:3888
- C:\Windows\System\HVwGONZ.exe
  C:\Windows\System\HVwGONZ.exe
  2⤵
  PID:3904
- C:\Windows\System\lFbMXBU.exe
  C:\Windows\System\lFbMXBU.exe
  2⤵
  PID:3920
- C:\Windows\System\jVGNUhD.exe
  C:\Windows\System\jVGNUhD.exe
  2⤵
  PID:3936
- C:\Windows\System\RUJkUbU.exe
  C:\Windows\System\RUJkUbU.exe
  2⤵
  PID:3952
- C:\Windows\System\jeuHAWX.exe
  C:\Windows\System\jeuHAWX.exe
  2⤵
  PID:3968
- C:\Windows\System\EteBDOQ.exe
  C:\Windows\System\EteBDOQ.exe
  2⤵
  PID:3984
- C:\Windows\System\vWLtXyL.exe
  C:\Windows\System\vWLtXyL.exe
  2⤵
  PID:4000
- C:\Windows\System\SLjKCjx.exe
  C:\Windows\System\SLjKCjx.exe
  2⤵
  PID:4016
- C:\Windows\System\bGSJPEC.exe
  C:\Windows\System\bGSJPEC.exe
  2⤵
  PID:4032
- C:\Windows\System\OhKHFws.exe
  C:\Windows\System\OhKHFws.exe
  2⤵
  PID:4048
- C:\Windows\System\JPuyNDG.exe
  C:\Windows\System\JPuyNDG.exe
  2⤵
  PID:4064
- C:\Windows\System\FxEgGIE.exe
  C:\Windows\System\FxEgGIE.exe
  2⤵
  PID:4080
- C:\Windows\System\wMtUcvI.exe
  C:\Windows\System\wMtUcvI.exe
  2⤵
  PID:2304
- C:\Windows\System\wURgiCW.exe
  C:\Windows\System\wURgiCW.exe
  2⤵
  PID:112
- C:\Windows\System\quRDimV.exe
  C:\Windows\System\quRDimV.exe
  2⤵
  PID:2872
- C:\Windows\System\qRLqMtX.exe
  C:\Windows\System\qRLqMtX.exe
  2⤵
  PID:1084
- C:\Windows\System\mzxPldU.exe
  C:\Windows\System\mzxPldU.exe
  2⤵
  PID:2360
- C:\Windows\System\bguerkL.exe
  C:\Windows\System\bguerkL.exe
  2⤵
  PID:1100
- C:\Windows\System\yOAOqNJ.exe
  C:\Windows\System\yOAOqNJ.exe
  2⤵
  PID:1708
- C:\Windows\System\YPWbrIx.exe
  C:\Windows\System\YPWbrIx.exe
  2⤵
  PID:2144
- C:\Windows\System\VQLnyFR.exe
  C:\Windows\System\VQLnyFR.exe
  2⤵
  PID:1664
- C:\Windows\System\MGfmBsS.exe
  C:\Windows\System\MGfmBsS.exe
  2⤵
  PID:3080
- C:\Windows\System\jVkeWOB.exe
  C:\Windows\System\jVkeWOB.exe
  2⤵
  PID:3112
- C:\Windows\System\dPykQMq.exe
  C:\Windows\System\dPykQMq.exe
  2⤵
  PID:3144
- C:\Windows\System\TzDMOAJ.exe
  C:\Windows\System\TzDMOAJ.exe
  2⤵
  PID:3176
- C:\Windows\System\ZbCftCu.exe
  C:\Windows\System\ZbCftCu.exe
  2⤵
  PID:3224
- C:\Windows\System\wFhZziN.exe
  C:\Windows\System\wFhZziN.exe
  2⤵
  PID:3256
- C:\Windows\System\hSrAvqY.exe
  C:\Windows\System\hSrAvqY.exe
  2⤵
  PID:3276
- C:\Windows\System\LTaSywA.exe
  C:\Windows\System\LTaSywA.exe
  2⤵
  PID:3308
- C:\Windows\System\uYxUKqG.exe
  C:\Windows\System\uYxUKqG.exe
  2⤵
  PID:3352
- C:\Windows\System\sRxatKL.exe
  C:\Windows\System\sRxatKL.exe
  2⤵
  PID:3372
- C:\Windows\System\eNvoRWp.exe
  C:\Windows\System\eNvoRWp.exe
  2⤵
  PID:3420
- C:\Windows\System\BAjQVbb.exe
  C:\Windows\System\BAjQVbb.exe
  2⤵
  PID:3436
- C:\Windows\System\FEqyPBa.exe
  C:\Windows\System\FEqyPBa.exe
  2⤵
  PID:3484
- C:\Windows\System\YEIXRoA.exe
  C:\Windows\System\YEIXRoA.exe
  2⤵
  PID:3512
- C:\Windows\System\lmIFYbn.exe
  C:\Windows\System\lmIFYbn.exe
  2⤵
  PID:3532
- C:\Windows\System\jHZgRGN.exe
  C:\Windows\System\jHZgRGN.exe
  2⤵
  PID:3564
- C:\Windows\System\IRDCtmn.exe
  C:\Windows\System\IRDCtmn.exe
  2⤵
  PID:3608
- C:\Windows\System\lvNrWLW.exe
  C:\Windows\System\lvNrWLW.exe
  2⤵
  PID:3640
- C:\Windows\System\ShNdAqq.exe
  C:\Windows\System\ShNdAqq.exe
  2⤵
  PID:3676
- C:\Windows\System\fpEfQFD.exe
  C:\Windows\System\fpEfQFD.exe
  2⤵
  PID:3708
- C:\Windows\System\nLCyvNd.exe
  C:\Windows\System\nLCyvNd.exe
  2⤵
  PID:3724
- C:\Windows\System\TVhyivs.exe
  C:\Windows\System\TVhyivs.exe
  2⤵
  PID:3772
- C:\Windows\System\cXHZaat.exe
  C:\Windows\System\cXHZaat.exe
  2⤵
  PID:3788
- C:\Windows\System\bVQaVrZ.exe
  C:\Windows\System\bVQaVrZ.exe
  2⤵
  PID:3832
- C:\Windows\System\gyfjXjz.exe
  C:\Windows\System\gyfjXjz.exe
  2⤵
  PID:3868
- C:\Windows\System\JncoHMK.exe
  C:\Windows\System\JncoHMK.exe
  2⤵
  PID:3900
- C:\Windows\System\tgcEniL.exe
  C:\Windows\System\tgcEniL.exe
  2⤵
  PID:3916
- C:\Windows\System\AGrGjgN.exe
  C:\Windows\System\AGrGjgN.exe
  2⤵
  PID:3948
- C:\Windows\System\ASAhSkj.exe
  C:\Windows\System\ASAhSkj.exe
  2⤵
  PID:3980
- C:\Windows\System\CPkudPR.exe
  C:\Windows\System\CPkudPR.exe
  2⤵
  PID:4008
- C:\Windows\System\AyRLJTU.exe
  C:\Windows\System\AyRLJTU.exe
  2⤵
  PID:4044
- C:\Windows\System\WvcDOXG.exe
  C:\Windows\System\WvcDOXG.exe
  2⤵
  PID:4092
- C:\Windows\System\UTIRmrN.exe
  C:\Windows\System\UTIRmrN.exe
  2⤵
  PID:2860
- C:\Windows\System\jcMtuma.exe
  C:\Windows\System\jcMtuma.exe
  2⤵
  PID:2240
- C:\Windows\System\OJbCESO.exe
  C:\Windows\System\OJbCESO.exe
  2⤵
  PID:1020
- C:\Windows\System\SwXEdgQ.exe
  C:\Windows\System\SwXEdgQ.exe
  2⤵
  PID:2108
- C:\Windows\System\wGcJmRt.exe
  C:\Windows\System\wGcJmRt.exe
  2⤵
  PID:3092
- C:\Windows\System\nGAjgFo.exe
  C:\Windows\System\nGAjgFo.exe
  2⤵
  PID:3156
- C:\Windows\System\XqRtveE.exe
  C:\Windows\System\XqRtveE.exe
  2⤵
  PID:3252
- C:\Windows\System\IIsiAuY.exe
  C:\Windows\System\IIsiAuY.exe
  2⤵
  PID:3288
- C:\Windows\System\VfgLkpc.exe
  C:\Windows\System\VfgLkpc.exe
  2⤵
  PID:3340
- C:\Windows\System\qGqBEJE.exe
  C:\Windows\System\qGqBEJE.exe
  2⤵
  PID:3448
- C:\Windows\System\SuwwImB.exe
  C:\Windows\System\SuwwImB.exe
  2⤵
  PID:3464
- C:\Windows\System\NnCOwHN.exe
  C:\Windows\System\NnCOwHN.exe
  2⤵
  PID:3528
- C:\Windows\System\vAJSgJE.exe
  C:\Windows\System\vAJSgJE.exe
  2⤵
  PID:3592
- C:\Windows\System\MpzSOef.exe
  C:\Windows\System\MpzSOef.exe
  2⤵
  PID:3656
- C:\Windows\System\OzhBQyQ.exe
  C:\Windows\System\OzhBQyQ.exe
  2⤵
  PID:4112
- C:\Windows\System\TZnmsJj.exe
  C:\Windows\System\TZnmsJj.exe
  2⤵
  PID:4128
- C:\Windows\System\QWWJkWF.exe
  C:\Windows\System\QWWJkWF.exe
  2⤵
  PID:4144
- C:\Windows\System\AchHPvI.exe
  C:\Windows\System\AchHPvI.exe
  2⤵
  PID:4160
- C:\Windows\System\gqvrEOG.exe
  C:\Windows\System\gqvrEOG.exe
  2⤵
  PID:4176
- C:\Windows\System\pDdjnDj.exe
  C:\Windows\System\pDdjnDj.exe
  2⤵
  PID:4192
- C:\Windows\System\xmVDSYl.exe
  C:\Windows\System\xmVDSYl.exe
  2⤵
  PID:4208
- C:\Windows\System\pJacsXV.exe
  C:\Windows\System\pJacsXV.exe
  2⤵
  PID:4224
- C:\Windows\System\tddTfuB.exe
  C:\Windows\System\tddTfuB.exe
  2⤵
  PID:4244
- C:\Windows\System\lGxjaik.exe
  C:\Windows\System\lGxjaik.exe
  2⤵
  PID:4260
- C:\Windows\System\MxCGVHx.exe
  C:\Windows\System\MxCGVHx.exe
  2⤵
  PID:4276
- C:\Windows\System\XFqKEBQ.exe
  C:\Windows\System\XFqKEBQ.exe
  2⤵
  PID:4292
- C:\Windows\System\PvJbKqr.exe
  C:\Windows\System\PvJbKqr.exe
  2⤵
  PID:4308
- C:\Windows\System\CEirmQg.exe
  C:\Windows\System\CEirmQg.exe
  2⤵
  PID:4324
- C:\Windows\System\mPXkWTm.exe
  C:\Windows\System\mPXkWTm.exe
  2⤵
  PID:4340
- C:\Windows\System\rYPamPM.exe
  C:\Windows\System\rYPamPM.exe
  2⤵
  PID:4356
- C:\Windows\System\rvEmZev.exe
  C:\Windows\System\rvEmZev.exe
  2⤵
  PID:4372
- C:\Windows\System\SrRWTSU.exe
  C:\Windows\System\SrRWTSU.exe
  2⤵
  PID:4388
- C:\Windows\System\Tbwzigg.exe
  C:\Windows\System\Tbwzigg.exe
  2⤵
  PID:4404
- C:\Windows\System\WBhudrx.exe
  C:\Windows\System\WBhudrx.exe
  2⤵
  PID:4420
- C:\Windows\System\nztKBFr.exe
  C:\Windows\System\nztKBFr.exe
  2⤵
  PID:4436
- C:\Windows\System\uuDcMXt.exe
  C:\Windows\System\uuDcMXt.exe
  2⤵
  PID:4452
- C:\Windows\System\xneLPcR.exe
  C:\Windows\System\xneLPcR.exe
  2⤵
  PID:4468
- C:\Windows\System\luLGgjz.exe
  C:\Windows\System\luLGgjz.exe
  2⤵
  PID:4484
- C:\Windows\System\LQnZmPx.exe
  C:\Windows\System\LQnZmPx.exe
  2⤵
  PID:4500
- C:\Windows\System\bQWDsJc.exe
  C:\Windows\System\bQWDsJc.exe
  2⤵
  PID:4516
- C:\Windows\System\BFRmdld.exe
  C:\Windows\System\BFRmdld.exe
  2⤵
  PID:4532
- C:\Windows\System\byiUnBr.exe
  C:\Windows\System\byiUnBr.exe
  2⤵
  PID:4548
- C:\Windows\System\KQyuXHz.exe
  C:\Windows\System\KQyuXHz.exe
  2⤵
  PID:4564
- C:\Windows\System\cdsQSqg.exe
  C:\Windows\System\cdsQSqg.exe
  2⤵
  PID:4580
- C:\Windows\System\HNfDJFm.exe
  C:\Windows\System\HNfDJFm.exe
  2⤵
  PID:4596
- C:\Windows\System\sXLfwsD.exe
  C:\Windows\System\sXLfwsD.exe
  2⤵
  PID:4612
- C:\Windows\System\rQSOljb.exe
  C:\Windows\System\rQSOljb.exe
  2⤵
  PID:4628
- C:\Windows\System\RfPVNEA.exe
  C:\Windows\System\RfPVNEA.exe
  2⤵
  PID:4644
- C:\Windows\System\ddymoXO.exe
  C:\Windows\System\ddymoXO.exe
  2⤵
  PID:4660
- C:\Windows\System\ETbDSSc.exe
  C:\Windows\System\ETbDSSc.exe
  2⤵
  PID:4676
- C:\Windows\System\kzDNawV.exe
  C:\Windows\System\kzDNawV.exe
  2⤵
  PID:4692
- C:\Windows\System\pkwjtnD.exe
  C:\Windows\System\pkwjtnD.exe
  2⤵
  PID:4708
- C:\Windows\System\FFqArvo.exe
  C:\Windows\System\FFqArvo.exe
  2⤵
  PID:4724
- C:\Windows\System\nvJojsY.exe
  C:\Windows\System\nvJojsY.exe
  2⤵
  PID:4744
- C:\Windows\System\GQkKChA.exe
  C:\Windows\System\GQkKChA.exe
  2⤵
  PID:4760
- C:\Windows\System\wPjwlTp.exe
  C:\Windows\System\wPjwlTp.exe
  2⤵
  PID:4776
- C:\Windows\System\bkBnDTE.exe
  C:\Windows\System\bkBnDTE.exe
  2⤵
  PID:4792
- C:\Windows\System\uRXqfeV.exe
  C:\Windows\System\uRXqfeV.exe
  2⤵
  PID:4808
- C:\Windows\System\vleePtf.exe
  C:\Windows\System\vleePtf.exe
  2⤵
  PID:4824
- C:\Windows\System\JDDyqhy.exe
  C:\Windows\System\JDDyqhy.exe
  2⤵
  PID:4840
- C:\Windows\System\jYvPGQP.exe
  C:\Windows\System\jYvPGQP.exe
  2⤵
  PID:4856
- C:\Windows\System\jwggBUa.exe
  C:\Windows\System\jwggBUa.exe
  2⤵
  PID:4872
- C:\Windows\System\HhaCsRm.exe
  C:\Windows\System\HhaCsRm.exe
  2⤵
  PID:4888
- C:\Windows\System\JbjwTfH.exe
  C:\Windows\System\JbjwTfH.exe
  2⤵
  PID:4904
- C:\Windows\System\dcsnGkp.exe
  C:\Windows\System\dcsnGkp.exe
  2⤵
  PID:4920
- C:\Windows\System\chyiUFE.exe
  C:\Windows\System\chyiUFE.exe
  2⤵
  PID:4936
- C:\Windows\System\ziMqhXG.exe
  C:\Windows\System\ziMqhXG.exe
  2⤵
  PID:4952
- C:\Windows\System\NVtzjCj.exe
  C:\Windows\System\NVtzjCj.exe
  2⤵
  PID:4968
- C:\Windows\System\dgpfsxm.exe
  C:\Windows\System\dgpfsxm.exe
  2⤵
  PID:4984
- C:\Windows\System\JnbAjon.exe
  C:\Windows\System\JnbAjon.exe
  2⤵
  PID:5004
- C:\Windows\System\LJVcSGX.exe
  C:\Windows\System\LJVcSGX.exe
  2⤵
  PID:5020
- C:\Windows\System\wYTGcLx.exe
  C:\Windows\System\wYTGcLx.exe
  2⤵
  PID:5036
- C:\Windows\System\WlOMjDB.exe
  C:\Windows\System\WlOMjDB.exe
  2⤵
  PID:5052
- C:\Windows\System\lLCyGsY.exe
  C:\Windows\System\lLCyGsY.exe
  2⤵
  PID:5068
- C:\Windows\System\jACjwlz.exe
  C:\Windows\System\jACjwlz.exe
  2⤵
  PID:5084
- C:\Windows\System\qgvXTro.exe
  C:\Windows\System\qgvXTro.exe
  2⤵
  PID:5100
- C:\Windows\System\BwhuQak.exe
  C:\Windows\System\BwhuQak.exe
  2⤵
  PID:5116
- C:\Windows\System\AagJhxp.exe
  C:\Windows\System\AagJhxp.exe
  2⤵
  PID:3720
- C:\Windows\System\cFGGDdz.exe
  C:\Windows\System\cFGGDdz.exe
  2⤵
  PID:3784
- C:\Windows\System\sWhJPBo.exe
  C:\Windows\System\sWhJPBo.exe
  2⤵
  PID:3848
- C:\Windows\System\ezlGOUU.exe
  C:\Windows\System\ezlGOUU.exe
  2⤵
  PID:3912
- C:\Windows\System\FBNgeco.exe
  C:\Windows\System\FBNgeco.exe
  2⤵
  PID:3976
- C:\Windows\System\miyCqvs.exe
  C:\Windows\System\miyCqvs.exe
  2⤵
  PID:4040
- C:\Windows\System\SRKmscn.exe
  C:\Windows\System\SRKmscn.exe
  2⤵
  PID:1520
- C:\Windows\System\JhZmaxS.exe
  C:\Windows\System\JhZmaxS.exe
  2⤵
  PID:1268
- C:\Windows\System\jAxawxJ.exe
  C:\Windows\System\jAxawxJ.exe
  2⤵
  PID:3076
- C:\Windows\System\BAKlCQC.exe
  C:\Windows\System\BAKlCQC.exe
  2⤵
  PID:3204
- C:\Windows\System\iDadQOE.exe
  C:\Windows\System\iDadQOE.exe
  2⤵
  PID:3304
- C:\Windows\System\ClyVZnJ.exe
  C:\Windows\System\ClyVZnJ.exe
  2⤵
  PID:3432
- C:\Windows\System\sfQEAUq.exe
  C:\Windows\System\sfQEAUq.exe
  2⤵
  PID:3500
- C:\Windows\System\ewbhkSE.exe
  C:\Windows\System\ewbhkSE.exe
  2⤵
  PID:3628
- C:\Windows\System\ZhuvziS.exe
  C:\Windows\System\ZhuvziS.exe
  2⤵
  PID:4124
- C:\Windows\System\JFRprPN.exe
  C:\Windows\System\JFRprPN.exe
  2⤵
  PID:4156
- C:\Windows\System\EbdSKeQ.exe
  C:\Windows\System\EbdSKeQ.exe
  2⤵
  PID:4188
- C:\Windows\System\uRTDixh.exe
  C:\Windows\System\uRTDixh.exe
  2⤵
  PID:4220
- C:\Windows\System\LkVZuMK.exe
  C:\Windows\System\LkVZuMK.exe
  2⤵
  PID:4256
- C:\Windows\System\hBsuYOJ.exe
  C:\Windows\System\hBsuYOJ.exe
  2⤵
  PID:4288
- C:\Windows\System\RwAlCkF.exe
  C:\Windows\System\RwAlCkF.exe
  2⤵
  PID:4320
- C:\Windows\System\zakICkW.exe
  C:\Windows\System\zakICkW.exe
  2⤵
  PID:4352
- C:\Windows\System\TSzeWdb.exe
  C:\Windows\System\TSzeWdb.exe
  2⤵
  PID:4384
- C:\Windows\System\tGAyoyI.exe
  C:\Windows\System\tGAyoyI.exe
  2⤵
  PID:4416
- C:\Windows\System\sMyLlLn.exe
  C:\Windows\System\sMyLlLn.exe
  2⤵
  PID:4448
- C:\Windows\System\OUQpwZd.exe
  C:\Windows\System\OUQpwZd.exe
  2⤵
  PID:4476
- C:\Windows\System\zfzkqlZ.exe
  C:\Windows\System\zfzkqlZ.exe
  2⤵
  PID:4508
- C:\Windows\System\WxlRIPh.exe
  C:\Windows\System\WxlRIPh.exe
  2⤵
  PID:4540
- C:\Windows\System\cSMBzNX.exe
  C:\Windows\System\cSMBzNX.exe
  2⤵
  PID:4572
- C:\Windows\System\NChiWfe.exe
  C:\Windows\System\NChiWfe.exe
  2⤵
  PID:4604
- C:\Windows\System\qbVyHzn.exe
  C:\Windows\System\qbVyHzn.exe
  2⤵
  PID:4624
- C:\Windows\System\tJCbSiC.exe
  C:\Windows\System\tJCbSiC.exe
  2⤵
  PID:4684
- C:\Windows\System\ICxsXmk.exe
  C:\Windows\System\ICxsXmk.exe
  2⤵
  PID:4716
- C:\Windows\System\dBeXRuC.exe
  C:\Windows\System\dBeXRuC.exe
  2⤵
  PID:4752
- C:\Windows\System\xeZpfpq.exe
  C:\Windows\System\xeZpfpq.exe
  2⤵
  PID:4784
- C:\Windows\System\IiqMsCy.exe
  C:\Windows\System\IiqMsCy.exe
  2⤵
  PID:4816
- C:\Windows\System\zJkinBe.exe
  C:\Windows\System\zJkinBe.exe
  2⤵
  PID:4852
- C:\Windows\System\hwzmwwH.exe
  C:\Windows\System\hwzmwwH.exe
  2⤵
  PID:4896
- C:\Windows\System\dAElOTV.exe
  C:\Windows\System\dAElOTV.exe
  2⤵
  PID:4916
- C:\Windows\System\neLNCFz.exe
  C:\Windows\System\neLNCFz.exe
  2⤵
  PID:4948
- C:\Windows\System\fikWVHh.exe
  C:\Windows\System\fikWVHh.exe
  2⤵
  PID:4992
- C:\Windows\System\dATJYpW.exe
  C:\Windows\System\dATJYpW.exe
  2⤵
  PID:5016
- C:\Windows\System\hKGRwfc.exe
  C:\Windows\System\hKGRwfc.exe
  2⤵
  PID:5048
- C:\Windows\System\tbLtsFP.exe
  C:\Windows\System\tbLtsFP.exe
  2⤵
  PID:5080
- C:\Windows\System\oiYgxRs.exe
  C:\Windows\System\oiYgxRs.exe
  2⤵
  PID:3704
- C:\Windows\System\EfbZQSC.exe
  C:\Windows\System\EfbZQSC.exe
  2⤵
  PID:3820
- C:\Windows\System\BMrXdrZ.exe
  C:\Windows\System\BMrXdrZ.exe
  2⤵
  PID:4028
- C:\Windows\System\HkQwxba.exe
  C:\Windows\System\HkQwxba.exe
  2⤵
  PID:2452
- C:\Windows\System\bhhIpiZ.exe
  C:\Windows\System\bhhIpiZ.exe
  2⤵
  PID:3140
- C:\Windows\System\XbcjSEs.exe
  C:\Windows\System\XbcjSEs.exe
  2⤵
  PID:3400
- C:\Windows\System\IxLACCz.exe
  C:\Windows\System\IxLACCz.exe
  2⤵
  PID:3624
- C:\Windows\System\wGYiSGG.exe
  C:\Windows\System\wGYiSGG.exe
  2⤵
  PID:4140
- C:\Windows\System\lpOzIgW.exe
  C:\Windows\System\lpOzIgW.exe
  2⤵
  PID:4236
- C:\Windows\System\WoBQviE.exe
  C:\Windows\System\WoBQviE.exe
  2⤵
  PID:4316
- C:\Windows\System\SvqLWbY.exe
  C:\Windows\System\SvqLWbY.exe
  2⤵
  PID:4348
- C:\Windows\System\wbvLHdH.exe
  C:\Windows\System\wbvLHdH.exe
  2⤵
  PID:4412
- C:\Windows\System\WhByPQE.exe
  C:\Windows\System\WhByPQE.exe
  2⤵
  PID:4492
- C:\Windows\System\cqnlHqJ.exe
  C:\Windows\System\cqnlHqJ.exe
  2⤵
  PID:5128
- C:\Windows\System\BfneyUx.exe
  C:\Windows\System\BfneyUx.exe
  2⤵
  PID:5144
- C:\Windows\System\nIYqbMd.exe
  C:\Windows\System\nIYqbMd.exe
  2⤵
  PID:5160
- C:\Windows\System\aacPwcf.exe
  C:\Windows\System\aacPwcf.exe
  2⤵
  PID:5176
- C:\Windows\System\YKBHNdr.exe
  C:\Windows\System\YKBHNdr.exe
  2⤵
  PID:5196
- C:\Windows\System\GKgpulI.exe
  C:\Windows\System\GKgpulI.exe
  2⤵
  PID:5212
- C:\Windows\System\gbeSWKE.exe
  C:\Windows\System\gbeSWKE.exe
  2⤵
  PID:5232
- C:\Windows\System\bzMcVyM.exe
  C:\Windows\System\bzMcVyM.exe
  2⤵
  PID:5248
- C:\Windows\System\rxciQBm.exe
  C:\Windows\System\rxciQBm.exe
  2⤵
  PID:5264
- C:\Windows\System\OyBuxoo.exe
  C:\Windows\System\OyBuxoo.exe
  2⤵
  PID:5280
- C:\Windows\System\TzAAoQV.exe
  C:\Windows\System\TzAAoQV.exe
  2⤵
  PID:5296
- C:\Windows\System\fUKBzxz.exe
  C:\Windows\System\fUKBzxz.exe
  2⤵
  PID:5312
- C:\Windows\System\WtkdRSB.exe
  C:\Windows\System\WtkdRSB.exe
  2⤵
  PID:5328
- C:\Windows\System\CekHWrr.exe
  C:\Windows\System\CekHWrr.exe
  2⤵
  PID:5344
- C:\Windows\System\afDoIpj.exe
  C:\Windows\System\afDoIpj.exe
  2⤵
  PID:5360
- C:\Windows\System\PqYNIBQ.exe
  C:\Windows\System\PqYNIBQ.exe
  2⤵
  PID:5376
- C:\Windows\System\KROCchS.exe
  C:\Windows\System\KROCchS.exe
  2⤵
  PID:5392
- C:\Windows\System\gpclsiP.exe
  C:\Windows\System\gpclsiP.exe
  2⤵
  PID:5408
- C:\Windows\System\TaGWmEi.exe
  C:\Windows\System\TaGWmEi.exe
  2⤵
  PID:5424
- C:\Windows\System\RqQZoCB.exe
  C:\Windows\System\RqQZoCB.exe
  2⤵
  PID:5440
- C:\Windows\System\sJANHln.exe
  C:\Windows\System\sJANHln.exe
  2⤵
  PID:5456
- C:\Windows\System\CpVdkdS.exe
  C:\Windows\System\CpVdkdS.exe
  2⤵
  PID:5472
- C:\Windows\System\lQFebKo.exe
  C:\Windows\System\lQFebKo.exe
  2⤵
  PID:5488
- C:\Windows\System\nuPkbca.exe
  C:\Windows\System\nuPkbca.exe
  2⤵
  PID:5504
- C:\Windows\System\eVwwpzb.exe
  C:\Windows\System\eVwwpzb.exe
  2⤵
  PID:5524
- C:\Windows\System\FLqmxBg.exe
  C:\Windows\System\FLqmxBg.exe
  2⤵
  PID:5540
- C:\Windows\System\pXASzlr.exe
  C:\Windows\System\pXASzlr.exe
  2⤵
  PID:5556
- C:\Windows\System\hkFbadE.exe
  C:\Windows\System\hkFbadE.exe
  2⤵
  PID:5572
- C:\Windows\System\VKnYsiL.exe
  C:\Windows\System\VKnYsiL.exe
  2⤵
  PID:5588
- C:\Windows\System\gWSYZUC.exe
  C:\Windows\System\gWSYZUC.exe
  2⤵
  PID:5604
- C:\Windows\System\GHrgDZn.exe
  C:\Windows\System\GHrgDZn.exe
  2⤵
  PID:5620
- C:\Windows\System\LtwCEEV.exe
  C:\Windows\System\LtwCEEV.exe
  2⤵
  PID:5636
- C:\Windows\System\dmTopjN.exe
  C:\Windows\System\dmTopjN.exe
  2⤵
  PID:5652
- C:\Windows\System\MkibKmJ.exe
  C:\Windows\System\MkibKmJ.exe
  2⤵
  PID:5668
- C:\Windows\System\RSRSsLj.exe
  C:\Windows\System\RSRSsLj.exe
  2⤵
  PID:5684
- C:\Windows\System\UlkYSxK.exe
  C:\Windows\System\UlkYSxK.exe
  2⤵
  PID:5700
- C:\Windows\System\bIPLxsi.exe
  C:\Windows\System\bIPLxsi.exe
  2⤵
  PID:5716
- C:\Windows\System\PpGxRKs.exe
  C:\Windows\System\PpGxRKs.exe
  2⤵
  PID:5732
- C:\Windows\System\VLibufa.exe
  C:\Windows\System\VLibufa.exe
  2⤵
  PID:5748
- C:\Windows\System\JkMmjOK.exe
  C:\Windows\System\JkMmjOK.exe
  2⤵
  PID:5764
- C:\Windows\System\wUfeEmU.exe
  C:\Windows\System\wUfeEmU.exe
  2⤵
  PID:5780
- C:\Windows\System\JXiIQTo.exe
  C:\Windows\System\JXiIQTo.exe
  2⤵
  PID:5796
- C:\Windows\System\OfJzljn.exe
  C:\Windows\System\OfJzljn.exe
  2⤵
  PID:5812
- C:\Windows\System\XxeEQgL.exe
  C:\Windows\System\XxeEQgL.exe
  2⤵
  PID:5828
- C:\Windows\System\MCksLeK.exe
  C:\Windows\System\MCksLeK.exe
  2⤵
  PID:5844
- C:\Windows\System\EYTgklN.exe
  C:\Windows\System\EYTgklN.exe
  2⤵
  PID:5860
- C:\Windows\System\WUlVcgd.exe
  C:\Windows\System\WUlVcgd.exe
  2⤵
  PID:5876
- C:\Windows\System\JYjyQcU.exe
  C:\Windows\System\JYjyQcU.exe
  2⤵
  PID:5892
- C:\Windows\System\cGfkKVU.exe
  C:\Windows\System\cGfkKVU.exe
  2⤵
  PID:5908
- C:\Windows\System\IAkdZab.exe
  C:\Windows\System\IAkdZab.exe
  2⤵
  PID:5924
- C:\Windows\System\lKBsRWD.exe
  C:\Windows\System\lKBsRWD.exe
  2⤵
  PID:5940
- C:\Windows\System\RpbgxgO.exe
  C:\Windows\System\RpbgxgO.exe
  2⤵
  PID:5956
- C:\Windows\System\TQsVVVC.exe
  C:\Windows\System\TQsVVVC.exe
  2⤵
  PID:5972
- C:\Windows\System\jROdVEJ.exe
  C:\Windows\System\jROdVEJ.exe
  2⤵
  PID:5988
- C:\Windows\System\gHqMerk.exe
  C:\Windows\System\gHqMerk.exe
  2⤵
  PID:6004
- C:\Windows\System\VCJkvHd.exe
  C:\Windows\System\VCJkvHd.exe
  2⤵
  PID:6020
- C:\Windows\System\XKnLinC.exe
  C:\Windows\System\XKnLinC.exe
  2⤵
  PID:6036
- C:\Windows\System\tlhnHOT.exe
  C:\Windows\System\tlhnHOT.exe
  2⤵
  PID:6052
- C:\Windows\System\isAGnTx.exe
  C:\Windows\System\isAGnTx.exe
  2⤵
  PID:6068
- C:\Windows\System\YOYDTPT.exe
  C:\Windows\System\YOYDTPT.exe
  2⤵
  PID:6084
- C:\Windows\System\IZSyBGX.exe
  C:\Windows\System\IZSyBGX.exe
  2⤵
  PID:6100
- C:\Windows\System\tFfkxOO.exe
  C:\Windows\System\tFfkxOO.exe
  2⤵
  PID:6116
- C:\Windows\System\XxHfShv.exe
  C:\Windows\System\XxHfShv.exe
  2⤵
  PID:6132
- C:\Windows\System\mWSqAve.exe
  C:\Windows\System\mWSqAve.exe
  2⤵
  PID:4556
- C:\Windows\System\VlrSLdr.exe
  C:\Windows\System\VlrSLdr.exe
  2⤵
  PID:4620
- C:\Windows\System\anZqEUp.exe
  C:\Windows\System\anZqEUp.exe
  2⤵
  PID:4700
- C:\Windows\System\CDlJvva.exe
  C:\Windows\System\CDlJvva.exe
  2⤵
  PID:4800
- C:\Windows\System\njTuUsa.exe
  C:\Windows\System\njTuUsa.exe
  2⤵
  PID:4848
- C:\Windows\System\HBfIfgo.exe
  C:\Windows\System\HBfIfgo.exe
  2⤵
  PID:4932
- C:\Windows\System\wMgVKSZ.exe
  C:\Windows\System\wMgVKSZ.exe
  2⤵
  PID:4996
- C:\Windows\System\kgJJDvI.exe
  C:\Windows\System\kgJJDvI.exe
  2⤵
  PID:5044
- C:\Windows\System\ELsxuVR.exe
  C:\Windows\System\ELsxuVR.exe
  2⤵
  PID:5112
- C:\Windows\System\mqcaMlt.exe
  C:\Windows\System\mqcaMlt.exe
  2⤵
  PID:3944
- C:\Windows\System\cgKzRYL.exe
  C:\Windows\System\cgKzRYL.exe
  2⤵
  PID:3172
- C:\Windows\System\TcroHbU.exe
  C:\Windows\System\TcroHbU.exe
  2⤵
  PID:4152
- C:\Windows\System\piBcTiG.exe
  C:\Windows\System\piBcTiG.exe
  2⤵
  PID:4272
- C:\Windows\System\kdiCkbC.exe
  C:\Windows\System\kdiCkbC.exe
  2⤵
  PID:4400
- C:\Windows\System\wslkRla.exe
  C:\Windows\System\wslkRla.exe
  2⤵
  PID:4524
- C:\Windows\System\vmGaFNb.exe
  C:\Windows\System\vmGaFNb.exe
  2⤵
  PID:5152
- C:\Windows\System\TdzGwXc.exe
  C:\Windows\System\TdzGwXc.exe
  2⤵
  PID:5168
- C:\Windows\System\gbPjhrp.exe
  C:\Windows\System\gbPjhrp.exe
  2⤵
  PID:5204
- C:\Windows\System\LSNJHxV.exe
  C:\Windows\System\LSNJHxV.exe
  2⤵
  PID:5240
- C:\Windows\System\buRbvny.exe
  C:\Windows\System\buRbvny.exe
  2⤵
  PID:5272
- C:\Windows\System\AAZtFti.exe
  C:\Windows\System\AAZtFti.exe
  2⤵
  PID:5304
- C:\Windows\System\VLhJTxk.exe
  C:\Windows\System\VLhJTxk.exe
  2⤵
  PID:5336
- C:\Windows\System\unpgGHX.exe
  C:\Windows\System\unpgGHX.exe
  2⤵
  PID:5368
- C:\Windows\System\apetWiS.exe
  C:\Windows\System\apetWiS.exe
  2⤵
  PID:1592
- C:\Windows\System\RIhHVgR.exe
  C:\Windows\System\RIhHVgR.exe
  2⤵
  PID:5420
- C:\Windows\System\SkmcWqh.exe
  C:\Windows\System\SkmcWqh.exe
  2⤵
  PID:5452
- C:\Windows\System\PxECizS.exe
  C:\Windows\System\PxECizS.exe
  2⤵
  PID:5484
- C:\Windows\System\tpImOXn.exe
  C:\Windows\System\tpImOXn.exe
  2⤵
  PID:5516
- C:\Windows\System\CfvZQCT.exe
  C:\Windows\System\CfvZQCT.exe
  2⤵
  PID:5552
- C:\Windows\System\bOxRvWJ.exe
  C:\Windows\System\bOxRvWJ.exe
  2⤵
  PID:5568
- C:\Windows\System\eJxUNSH.exe
  C:\Windows\System\eJxUNSH.exe
  2⤵
  PID:5600
- C:\Windows\System\YygJwHt.exe
  C:\Windows\System\YygJwHt.exe
  2⤵
  PID:5632
- C:\Windows\System\cnJWTYg.exe
  C:\Windows\System\cnJWTYg.exe
  2⤵
  PID:5664
- C:\Windows\System\YLjmAVF.exe
  C:\Windows\System\YLjmAVF.exe
  2⤵
  PID:5696
- C:\Windows\System\qXvSAnZ.exe
  C:\Windows\System\qXvSAnZ.exe
  2⤵
  PID:5740
- C:\Windows\System\MHsbRgP.exe
  C:\Windows\System\MHsbRgP.exe
  2⤵
  PID:5760
- C:\Windows\System\GJKjLFN.exe
  C:\Windows\System\GJKjLFN.exe
  2⤵
  PID:5792
- C:\Windows\System\nTFpdIw.exe
  C:\Windows\System\nTFpdIw.exe
  2⤵
  PID:5836
- C:\Windows\System\PjyJrUO.exe
  C:\Windows\System\PjyJrUO.exe
  2⤵
  PID:5856
- C:\Windows\System\xTzJIfB.exe
  C:\Windows\System\xTzJIfB.exe
  2⤵
  PID:5900
- C:\Windows\System\CftpYQm.exe
  C:\Windows\System\CftpYQm.exe
  2⤵
  PID:5920
- C:\Windows\System\shCdZFr.exe
  C:\Windows\System\shCdZFr.exe
  2⤵
  PID:5952
- C:\Windows\System\JFIbEEF.exe
  C:\Windows\System\JFIbEEF.exe
  2⤵
  PID:5984
- C:\Windows\System\HErTKji.exe
  C:\Windows\System\HErTKji.exe
  2⤵
  PID:6016
- C:\Windows\System\gLeRbfk.exe
  C:\Windows\System\gLeRbfk.exe
  2⤵
  PID:6060
- C:\Windows\System\CYITHWW.exe
  C:\Windows\System\CYITHWW.exe
  2⤵
  PID:6092
- C:\Windows\System\qQGgbeq.exe
  C:\Windows\System\qQGgbeq.exe
  2⤵
  PID:6124
- C:\Windows\System\WotcIOP.exe
  C:\Windows\System\WotcIOP.exe
  2⤵
  PID:4588
- C:\Windows\System\lbFALTZ.exe
  C:\Windows\System\lbFALTZ.exe
  2⤵
  PID:4704
- C:\Windows\System\AadyJdm.exe
  C:\Windows\System\AadyJdm.exe
  2⤵
  PID:4832
- C:\Windows\System\SsTpyOK.exe
  C:\Windows\System\SsTpyOK.exe
  2⤵
  PID:5012
- C:\Windows\System\UIeEGQZ.exe
  C:\Windows\System\UIeEGQZ.exe
  2⤵
  PID:5096
- C:\Windows\System\wVLAcHz.exe
  C:\Windows\System\wVLAcHz.exe
  2⤵
  PID:1528
- C:\Windows\System\xmpKMbL.exe
  C:\Windows\System\xmpKMbL.exe
  2⤵
  PID:4284
- C:\Windows\System\lqRVtvL.exe
  C:\Windows\System\lqRVtvL.exe
  2⤵
  PID:4432
- C:\Windows\System\BvfnyrG.exe
  C:\Windows\System\BvfnyrG.exe
  2⤵
  PID:2448
- C:\Windows\System\XmtOtaE.exe
  C:\Windows\System\XmtOtaE.exe
  2⤵
  PID:5220
- C:\Windows\System\wbRjBdz.exe
  C:\Windows\System\wbRjBdz.exe
  2⤵
  PID:2816
- C:\Windows\System\FLMVYdi.exe
  C:\Windows\System\FLMVYdi.exe
  2⤵
  PID:5324
- C:\Windows\System\mSQPAel.exe
  C:\Windows\System\mSQPAel.exe
  2⤵
  PID:5388
- C:\Windows\System\XWDORKk.exe
  C:\Windows\System\XWDORKk.exe
  2⤵
  PID:5436
- C:\Windows\System\dzeqoNY.exe
  C:\Windows\System\dzeqoNY.exe
  2⤵
  PID:5500
- C:\Windows\System\LXQCNGK.exe
  C:\Windows\System\LXQCNGK.exe
  2⤵
  PID:304
- C:\Windows\System\DNdqfev.exe
  C:\Windows\System\DNdqfev.exe
  2⤵
  PID:2712
- C:\Windows\System\AQQGNUX.exe
  C:\Windows\System\AQQGNUX.exe
  2⤵
  PID:5660
- C:\Windows\System\nzgxlts.exe
  C:\Windows\System\nzgxlts.exe
  2⤵
  PID:5712
- C:\Windows\System\MdAMTZw.exe
  C:\Windows\System\MdAMTZw.exe
  2⤵
  PID:5776
- C:\Windows\System\rdupoAs.exe
  C:\Windows\System\rdupoAs.exe
  2⤵
  PID:5820
- C:\Windows\System\lSrdLYd.exe
  C:\Windows\System\lSrdLYd.exe
  2⤵
  PID:5872
- C:\Windows\System\ofZrdhH.exe
  C:\Windows\System\ofZrdhH.exe
  2⤵
  PID:5936
- C:\Windows\System\ViAunco.exe
  C:\Windows\System\ViAunco.exe
  2⤵
  PID:6000
- C:\Windows\System\szdLvkT.exe
  C:\Windows\System\szdLvkT.exe
  2⤵
  PID:6076
- C:\Windows\System\sEYnnvw.exe
  C:\Windows\System\sEYnnvw.exe
  2⤵
  PID:6140
- C:\Windows\System\ammEnMD.exe
  C:\Windows\System\ammEnMD.exe
  2⤵
  PID:4804
- C:\Windows\System\TkZbgAu.exe
  C:\Windows\System\TkZbgAu.exe
  2⤵
  PID:5076
- C:\Windows\System\pFREXzY.exe
  C:\Windows\System\pFREXzY.exe
  2⤵
  PID:6152
- C:\Windows\System\ktpXRnR.exe
  C:\Windows\System\ktpXRnR.exe
  2⤵
  PID:6168
- C:\Windows\System\BFAAcza.exe
  C:\Windows\System\BFAAcza.exe
  2⤵
  PID:6184
- C:\Windows\System\NWJOwMa.exe
  C:\Windows\System\NWJOwMa.exe
  2⤵
  PID:6200
- C:\Windows\System\trnDtiP.exe
  C:\Windows\System\trnDtiP.exe
  2⤵
  PID:6216
- C:\Windows\System\psRAWcZ.exe
  C:\Windows\System\psRAWcZ.exe
  2⤵
  PID:6232
- C:\Windows\System\OIaCwJh.exe
  C:\Windows\System\OIaCwJh.exe
  2⤵
  PID:6248
- C:\Windows\System\qxWUxlI.exe
  C:\Windows\System\qxWUxlI.exe
  2⤵
  PID:6264
- C:\Windows\System\NbMahdv.exe
  C:\Windows\System\NbMahdv.exe
  2⤵
  PID:6284
- C:\Windows\System\ngFVyQI.exe
  C:\Windows\System\ngFVyQI.exe
  2⤵
  PID:6300
- C:\Windows\System\MkJHfvq.exe
  C:\Windows\System\MkJHfvq.exe
  2⤵
  PID:6316
- C:\Windows\System\cwIsBHV.exe
  C:\Windows\System\cwIsBHV.exe
  2⤵
  PID:6332
- C:\Windows\System\rlNUnGw.exe
  C:\Windows\System\rlNUnGw.exe
  2⤵
  PID:6348
- C:\Windows\System\qzTbLtK.exe
  C:\Windows\System\qzTbLtK.exe
  2⤵
  PID:6364
- C:\Windows\System\Pgqvupu.exe
  C:\Windows\System\Pgqvupu.exe
  2⤵
  PID:6380
- C:\Windows\System\mgRmFJv.exe
  C:\Windows\System\mgRmFJv.exe
  2⤵
  PID:6396
- C:\Windows\System\SfbkyDM.exe
  C:\Windows\System\SfbkyDM.exe
  2⤵
  PID:6412
- C:\Windows\System\Dwrttba.exe
  C:\Windows\System\Dwrttba.exe
  2⤵
  PID:6428
- C:\Windows\System\fyrLaUp.exe
  C:\Windows\System\fyrLaUp.exe
  2⤵
  PID:6444
- C:\Windows\System\otYdtGe.exe
  C:\Windows\System\otYdtGe.exe
  2⤵
  PID:6460
- C:\Windows\System\qjaGFqH.exe
  C:\Windows\System\qjaGFqH.exe
  2⤵
  PID:6476
- C:\Windows\System\XhmPWKB.exe
  C:\Windows\System\XhmPWKB.exe
  2⤵
  PID:6492
- C:\Windows\System\ZVqHevs.exe
  C:\Windows\System\ZVqHevs.exe
  2⤵
  PID:6508
- C:\Windows\System\kxBwZkY.exe
  C:\Windows\System\kxBwZkY.exe
  2⤵
  PID:6524
- C:\Windows\System\MXfeKps.exe
  C:\Windows\System\MXfeKps.exe
  2⤵
  PID:6540
- C:\Windows\System\IjSNIxb.exe
  C:\Windows\System\IjSNIxb.exe
  2⤵
  PID:6556
- C:\Windows\System\WOyQiaA.exe
  C:\Windows\System\WOyQiaA.exe
  2⤵
  PID:6572
- C:\Windows\System\FeGyefb.exe
  C:\Windows\System\FeGyefb.exe
  2⤵
  PID:6588
- C:\Windows\System\BBbrJYg.exe
  C:\Windows\System\BBbrJYg.exe
  2⤵
  PID:6604
- C:\Windows\System\peTGZtT.exe
  C:\Windows\System\peTGZtT.exe
  2⤵
  PID:6620
- C:\Windows\System\ILTzZRN.exe
  C:\Windows\System\ILTzZRN.exe
  2⤵
  PID:6636
- C:\Windows\System\SuMQyim.exe
  C:\Windows\System\SuMQyim.exe
  2⤵
  PID:6652
- C:\Windows\System\rhtcssb.exe
  C:\Windows\System\rhtcssb.exe
  2⤵
  PID:6668
- C:\Windows\System\pfzdhvZ.exe
  C:\Windows\System\pfzdhvZ.exe
  2⤵
  PID:6684
- C:\Windows\System\PhkwXBp.exe
  C:\Windows\System\PhkwXBp.exe
  2⤵
  PID:6700
- C:\Windows\System\uMclWYp.exe
  C:\Windows\System\uMclWYp.exe
  2⤵
  PID:6716
- C:\Windows\System\KLfubtJ.exe
  C:\Windows\System\KLfubtJ.exe
  2⤵
  PID:6732
- C:\Windows\System\AKDKKws.exe
  C:\Windows\System\AKDKKws.exe
  2⤵
  PID:6748
- C:\Windows\System\RcNbUZj.exe
  C:\Windows\System\RcNbUZj.exe
  2⤵
  PID:6764
- C:\Windows\System\WKjXQzc.exe
  C:\Windows\System\WKjXQzc.exe
  2⤵
  PID:6780
- C:\Windows\System\BDjNdRh.exe
  C:\Windows\System\BDjNdRh.exe
  2⤵
  PID:6796
- C:\Windows\System\rQlTqmd.exe
  C:\Windows\System\rQlTqmd.exe
  2⤵
  PID:6812
- C:\Windows\System\qbqoCey.exe
  C:\Windows\System\qbqoCey.exe
  2⤵
  PID:6828
- C:\Windows\System\MfktOwq.exe
  C:\Windows\System\MfktOwq.exe
  2⤵
  PID:6844
- C:\Windows\System\SiIJRjE.exe
  C:\Windows\System\SiIJRjE.exe
  2⤵
  PID:6860
- C:\Windows\System\SwQMHXM.exe
  C:\Windows\System\SwQMHXM.exe
  2⤵
  PID:6876
- C:\Windows\System\dvEtqAA.exe
  C:\Windows\System\dvEtqAA.exe
  2⤵
  PID:6892
- C:\Windows\System\DwBaTRV.exe
  C:\Windows\System\DwBaTRV.exe
  2⤵
  PID:6908
- C:\Windows\System\FUrGSTo.exe
  C:\Windows\System\FUrGSTo.exe
  2⤵
  PID:6924
- C:\Windows\System\yUIchKk.exe
  C:\Windows\System\yUIchKk.exe
  2⤵
  PID:6940
- C:\Windows\System\UtluAGz.exe
  C:\Windows\System\UtluAGz.exe
  2⤵
  PID:6960
- C:\Windows\System\YVwVZiT.exe
  C:\Windows\System\YVwVZiT.exe
  2⤵
  PID:6976
- C:\Windows\System\kDYEizv.exe
  C:\Windows\System\kDYEizv.exe
  2⤵
  PID:6992
- C:\Windows\System\FqhQTeU.exe
  C:\Windows\System\FqhQTeU.exe
  2⤵
  PID:7008
- C:\Windows\System\WSXEGWR.exe
  C:\Windows\System\WSXEGWR.exe
  2⤵
  PID:7024
- C:\Windows\System\zmhFKzs.exe
  C:\Windows\System\zmhFKzs.exe
  2⤵
  PID:7040
- C:\Windows\System\nUXnurE.exe
  C:\Windows\System\nUXnurE.exe
  2⤵
  PID:7056
- C:\Windows\System\DopCNcr.exe
  C:\Windows\System\DopCNcr.exe
  2⤵
  PID:7072
- C:\Windows\System\deGeYMI.exe
  C:\Windows\System\deGeYMI.exe
  2⤵
  PID:7088
- C:\Windows\System\AlfbMxF.exe
  C:\Windows\System\AlfbMxF.exe
  2⤵
  PID:7104
- C:\Windows\System\kIzgplO.exe
  C:\Windows\System\kIzgplO.exe
  2⤵
  PID:7120
- C:\Windows\System\KVrOMSk.exe
  C:\Windows\System\KVrOMSk.exe
  2⤵
  PID:7136
- C:\Windows\System\WgdtIgg.exe
  C:\Windows\System\WgdtIgg.exe
  2⤵
  PID:7152
- C:\Windows\System\bSJCKcl.exe
  C:\Windows\System\bSJCKcl.exe
  2⤵
  PID:2412
- C:\Windows\System\xPrmTeZ.exe
  C:\Windows\System\xPrmTeZ.exe
  2⤵
  PID:2804
- C:\Windows\System\MCkZihT.exe
  C:\Windows\System\MCkZihT.exe
  2⤵
  PID:5244
- C:\Windows\System\dJSjpsb.exe
  C:\Windows\System\dJSjpsb.exe
  2⤵
  PID:5320
- C:\Windows\System\MMqanGE.exe
  C:\Windows\System\MMqanGE.exe
  2⤵
  PID:5448
- C:\Windows\System\snmmrvu.exe
  C:\Windows\System\snmmrvu.exe
  2⤵
  PID:5564
- C:\Windows\System\JebSwWc.exe
  C:\Windows\System\JebSwWc.exe
  2⤵
  PID:2904
- C:\Windows\System\FXiFGEE.exe
  C:\Windows\System\FXiFGEE.exe
  2⤵
  PID:2748
- C:\Windows\System\Kaqyxmm.exe
  C:\Windows\System\Kaqyxmm.exe
  2⤵
  PID:5808
- C:\Windows\System\KcfdooN.exe
  C:\Windows\System\KcfdooN.exe
  2⤵
  PID:5916
- C:\Windows\System\eelLtLB.exe
  C:\Windows\System\eelLtLB.exe
  2⤵
  PID:6048
- C:\Windows\System\aiiCMgq.exe
  C:\Windows\System\aiiCMgq.exe
  2⤵
  PID:4672
- C:\Windows\System\lNutZVx.exe
  C:\Windows\System\lNutZVx.exe
  2⤵
  PID:6148
- C:\Windows\System\xedSDqS.exe
  C:\Windows\System\xedSDqS.exe
  2⤵
  PID:6180
- C:\Windows\System\NTsIypd.exe
  C:\Windows\System\NTsIypd.exe
  2⤵
  PID:6212
- C:\Windows\System\NTAZVMK.exe
  C:\Windows\System\NTAZVMK.exe
  2⤵
  PID:6244
- C:\Windows\System\WmfdQfc.exe
  C:\Windows\System\WmfdQfc.exe
  2⤵
  PID:6280
- C:\Windows\System\DNafutD.exe
  C:\Windows\System\DNafutD.exe
  2⤵
  PID:6312
- C:\Windows\System\RnRlBhc.exe
  C:\Windows\System\RnRlBhc.exe
  2⤵
  PID:6328
- C:\Windows\System\ZOYGiou.exe
  C:\Windows\System\ZOYGiou.exe
  2⤵
  PID:6360
- C:\Windows\System\AhKfaAK.exe
  C:\Windows\System\AhKfaAK.exe
  2⤵
  PID:6392
- C:\Windows\System\VWyVwVo.exe
  C:\Windows\System\VWyVwVo.exe
  2⤵
  PID:6436
- C:\Windows\System\ZXXReGc.exe
  C:\Windows\System\ZXXReGc.exe
  2⤵
  PID:6468
- C:\Windows\System\iqZwCZX.exe
  C:\Windows\System\iqZwCZX.exe
  2⤵
  PID:6488
- C:\Windows\System\HwRoZlb.exe
  C:\Windows\System\HwRoZlb.exe
  2⤵
  PID:6532
- C:\Windows\System\oIuOgTf.exe
  C:\Windows\System\oIuOgTf.exe
  2⤵
  PID:6564
- C:\Windows\System\zwDHWBh.exe
  C:\Windows\System\zwDHWBh.exe
  2⤵
  PID:6596
- C:\Windows\System\IYDMfCV.exe
  C:\Windows\System\IYDMfCV.exe
  2⤵
  PID:6628
- C:\Windows\System\CANBadE.exe
  C:\Windows\System\CANBadE.exe
  2⤵
  PID:6660
- C:\Windows\System\qBUPodb.exe
  C:\Windows\System\qBUPodb.exe
  2⤵
  PID:6692
- C:\Windows\System\PagTbHS.exe
  C:\Windows\System\PagTbHS.exe
  2⤵
  PID:6712
- C:\Windows\System\pBBoHVe.exe
  C:\Windows\System\pBBoHVe.exe
  2⤵
  PID:6740
- C:\Windows\System\kRhRbsP.exe
  C:\Windows\System\kRhRbsP.exe
  2⤵
  PID:6772
- C:\Windows\System\JqPmHEy.exe
  C:\Windows\System\JqPmHEy.exe
  2⤵
  PID:6804
- C:\Windows\System\DSyFFqN.exe
  C:\Windows\System\DSyFFqN.exe
  2⤵
  PID:6836
- C:\Windows\System\mkjBwRE.exe
  C:\Windows\System\mkjBwRE.exe
  2⤵
  PID:6868
- C:\Windows\System\JwqPqFG.exe
  C:\Windows\System\JwqPqFG.exe
  2⤵
  PID:2684
- C:\Windows\System\jECbVgm.exe
  C:\Windows\System\jECbVgm.exe
  2⤵
  PID:6920
- C:\Windows\System\KRhBDcA.exe
  C:\Windows\System\KRhBDcA.exe
  2⤵
  PID:6936
- C:\Windows\System\ysqTFZP.exe
  C:\Windows\System\ysqTFZP.exe
  2⤵
  PID:6984
- C:\Windows\System\GWqZyLK.exe
  C:\Windows\System\GWqZyLK.exe
  2⤵
  PID:7004
- C:\Windows\System\mKbXArD.exe
  C:\Windows\System\mKbXArD.exe
  2⤵
  PID:7036
- C:\Windows\System\jJxdfhd.exe
  C:\Windows\System\jJxdfhd.exe
  2⤵
  PID:7068
- C:\Windows\System\FJqEKsX.exe
  C:\Windows\System\FJqEKsX.exe
  2⤵
  PID:604
- C:\Windows\System\bhyHQXH.exe
  C:\Windows\System\bhyHQXH.exe
  2⤵
  PID:7116
- C:\Windows\System\hLQniHO.exe
  C:\Windows\System\hLQniHO.exe
  2⤵
  PID:7144
- C:\Windows\System\tlLQKiN.exe
  C:\Windows\System\tlLQKiN.exe
  2⤵
  PID:7160
- C:\Windows\System\bEAXrbp.exe
  C:\Windows\System\bEAXrbp.exe
  2⤵
  PID:4336
- C:\Windows\System\NGQCIZH.exe
  C:\Windows\System\NGQCIZH.exe
  2⤵
  PID:5292
- C:\Windows\System\TPBVVKY.exe
  C:\Windows\System\TPBVVKY.exe
  2⤵
  PID:5512
- C:\Windows\System\SQuFUJF.exe
  C:\Windows\System\SQuFUJF.exe
  2⤵
  PID:5692
- C:\Windows\System\CvQIAVT.exe
  C:\Windows\System\CvQIAVT.exe
  2⤵
  PID:536
- C:\Windows\System\cDUCifC.exe
  C:\Windows\System\cDUCifC.exe
  2⤵
  PID:6044
- C:\Windows\System\BDVZJvS.exe
  C:\Windows\System\BDVZJvS.exe
  2⤵
  PID:6176
- C:\Windows\System\sglSdLU.exe
  C:\Windows\System\sglSdLU.exe
  2⤵
  PID:6208
- C:\Windows\System\BAICOOu.exe
  C:\Windows\System\BAICOOu.exe
  2⤵
  PID:6276
- C:\Windows\System\GoUGDIi.exe
  C:\Windows\System\GoUGDIi.exe
  2⤵
  PID:2628
- C:\Windows\System\qbzRwIq.exe
  C:\Windows\System\qbzRwIq.exe
  2⤵
  PID:6388
- C:\Windows\System\iTJHhgZ.exe
  C:\Windows\System\iTJHhgZ.exe
  2⤵
  PID:6452
- C:\Windows\System\wtvfPxS.exe
  C:\Windows\System\wtvfPxS.exe
  2⤵
  PID:6516
- C:\Windows\System\WDbeSPI.exe
  C:\Windows\System\WDbeSPI.exe
  2⤵
  PID:6580
- C:\Windows\System\afTMKmE.exe
  C:\Windows\System\afTMKmE.exe
  2⤵
  PID:6644
- C:\Windows\System\DvmmzMW.exe
  C:\Windows\System\DvmmzMW.exe
  2⤵
  PID:6708
- C:\Windows\System\fUSGEMO.exe
  C:\Windows\System\fUSGEMO.exe
  2⤵
  PID:6776
- C:\Windows\System\jizkCwo.exe
  C:\Windows\System\jizkCwo.exe
  2⤵
  PID:6852
- C:\Windows\System\lUNFYPc.exe
  C:\Windows\System\lUNFYPc.exe
  2⤵
  PID:6904
- C:\Windows\System\QicCWCt.exe
  C:\Windows\System\QicCWCt.exe
  2⤵
  PID:6948
- C:\Windows\System\IhrbuIa.exe
  C:\Windows\System\IhrbuIa.exe
  2⤵
  PID:7000
- C:\Windows\System\jKSbLRT.exe
  C:\Windows\System\jKSbLRT.exe
  2⤵
  PID:7084
- C:\Windows\System\TFCdAAZ.exe
  C:\Windows\System\TFCdAAZ.exe
  2⤵
  PID:600
- C:\Windows\System\UNlibXF.exe
  C:\Windows\System\UNlibXF.exe
  2⤵
  PID:7164
- C:\Windows\System\MlsmKea.exe
  C:\Windows\System\MlsmKea.exe
  2⤵
  PID:5416
- C:\Windows\System\WJDQoWM.exe
  C:\Windows\System\WJDQoWM.exe
  2⤵
  PID:5852
- C:\Windows\System\RVpubKZ.exe
  C:\Windows\System\RVpubKZ.exe
  2⤵
  PID:4964
- C:\Windows\System\KCbZjve.exe
  C:\Windows\System\KCbZjve.exe
  2⤵
  PID:6260
- C:\Windows\System\ukKCaag.exe
  C:\Windows\System\ukKCaag.exe
  2⤵
  PID:6376
- C:\Windows\System\NHsLNZj.exe
  C:\Windows\System\NHsLNZj.exe
  2⤵
  PID:7180
- C:\Windows\System\wOvPCCX.exe
  C:\Windows\System\wOvPCCX.exe
  2⤵
  PID:7196
- C:\Windows\System\XeRnpzt.exe
  C:\Windows\System\XeRnpzt.exe
  2⤵
  PID:7212
- C:\Windows\System\PPIfHrb.exe
  C:\Windows\System\PPIfHrb.exe
  2⤵
  PID:7228
- C:\Windows\System\GpyXsxo.exe
  C:\Windows\System\GpyXsxo.exe
  2⤵
  PID:7244
- C:\Windows\System\OAEfPSY.exe
  C:\Windows\System\OAEfPSY.exe
  2⤵
  PID:7260
- C:\Windows\System\PEcsDGq.exe
  C:\Windows\System\PEcsDGq.exe
  2⤵
  PID:7276
- C:\Windows\System\SKNPqea.exe
  C:\Windows\System\SKNPqea.exe
  2⤵
  PID:7292
- C:\Windows\System\PacqrJI.exe
  C:\Windows\System\PacqrJI.exe
  2⤵
  PID:7308
- C:\Windows\System\EzwwlXJ.exe
  C:\Windows\System\EzwwlXJ.exe
  2⤵
  PID:7324
- C:\Windows\System\KRwYPgE.exe
  C:\Windows\System\KRwYPgE.exe
  2⤵
  PID:7340
- C:\Windows\System\PErPNAR.exe
  C:\Windows\System\PErPNAR.exe
  2⤵
  PID:7356
- C:\Windows\System\POqgfSm.exe
  C:\Windows\System\POqgfSm.exe
  2⤵
  PID:7372
- C:\Windows\System\epgzOnk.exe
  C:\Windows\System\epgzOnk.exe
  2⤵
  PID:7388
- C:\Windows\System\yqlfUFX.exe
  C:\Windows\System\yqlfUFX.exe
  2⤵
  PID:7404
- C:\Windows\System\EvspRMg.exe
  C:\Windows\System\EvspRMg.exe
  2⤵
  PID:7420
- C:\Windows\System\xiUcCFr.exe
  C:\Windows\System\xiUcCFr.exe
  2⤵
  PID:7436
- C:\Windows\System\YXyPuSh.exe
  C:\Windows\System\YXyPuSh.exe
  2⤵
  PID:7452
- C:\Windows\System\LtUKesD.exe
  C:\Windows\System\LtUKesD.exe
  2⤵
  PID:7468
- C:\Windows\System\yMJAwFf.exe
  C:\Windows\System\yMJAwFf.exe
  2⤵
  PID:7484
- C:\Windows\System\PjooLWr.exe
  C:\Windows\System\PjooLWr.exe
  2⤵
  PID:7500
- C:\Windows\System\CsoiaKW.exe
  C:\Windows\System\CsoiaKW.exe
  2⤵
  PID:7516
- C:\Windows\System\ievXwGV.exe
  C:\Windows\System\ievXwGV.exe
  2⤵
  PID:7532
- C:\Windows\System\faWMCIy.exe
  C:\Windows\System\faWMCIy.exe
  2⤵
  PID:7548
- C:\Windows\System\isIWDYY.exe
  C:\Windows\System\isIWDYY.exe
  2⤵
  PID:7564
- C:\Windows\System\FLDctGn.exe
  C:\Windows\System\FLDctGn.exe
  2⤵
  PID:7580
- C:\Windows\System\rQaeoKp.exe
  C:\Windows\System\rQaeoKp.exe
  2⤵
  PID:7596
- C:\Windows\System\XeEypys.exe
  C:\Windows\System\XeEypys.exe
  2⤵
  PID:7612
- C:\Windows\System\HIqeezH.exe
  C:\Windows\System\HIqeezH.exe
  2⤵
  PID:7628
- C:\Windows\System\wdLKTMm.exe
  C:\Windows\System\wdLKTMm.exe
  2⤵
  PID:7644
- C:\Windows\System\AQqemka.exe
  C:\Windows\System\AQqemka.exe
  2⤵
  PID:7660
- C:\Windows\System\THFwhjl.exe
  C:\Windows\System\THFwhjl.exe
  2⤵
  PID:7676
- C:\Windows\System\MWcNbsG.exe
  C:\Windows\System\MWcNbsG.exe
  2⤵
  PID:7692
- C:\Windows\System\XJRzqfD.exe
  C:\Windows\System\XJRzqfD.exe
  2⤵
  PID:7712
- C:\Windows\System\SeNdWbk.exe
  C:\Windows\System\SeNdWbk.exe
  2⤵
  PID:7732
- C:\Windows\System\REiIdKt.exe
  C:\Windows\System\REiIdKt.exe
  2⤵
  PID:7772
- C:\Windows\System\znoCEZq.exe
  C:\Windows\System\znoCEZq.exe
  2⤵
  PID:7788
- C:\Windows\System\bJQqAwB.exe
  C:\Windows\System\bJQqAwB.exe
  2⤵
  PID:7804
- C:\Windows\System\bCzdGlw.exe
  C:\Windows\System\bCzdGlw.exe
  2⤵
  PID:7820
- C:\Windows\System\OhDXoGB.exe
  C:\Windows\System\OhDXoGB.exe
  2⤵
  PID:7148
- C:\Windows\System\KFUrYOv.exe
  C:\Windows\System\KFUrYOv.exe
  2⤵
  PID:2796
- C:\Windows\System\uWXxZcp.exe
  C:\Windows\System\uWXxZcp.exe
  2⤵
  PID:2508
- C:\Windows\System\nyGaojp.exe
  C:\Windows\System\nyGaojp.exe
  2⤵
  PID:1740
- C:\Windows\System\FAWHYuy.exe
  C:\Windows\System\FAWHYuy.exe
  2⤵
  PID:1188
- C:\Windows\System\GJUxPxN.exe
  C:\Windows\System\GJUxPxN.exe
  2⤵
  PID:6324
- C:\Windows\System\cbXJGHy.exe
  C:\Windows\System\cbXJGHy.exe
  2⤵
  PID:7204
- C:\Windows\System\aNnrHcC.exe
  C:\Windows\System\aNnrHcC.exe
  2⤵
  PID:7288
- C:\Windows\System\BkHFbYy.exe
  C:\Windows\System\BkHFbYy.exe
  2⤵
  PID:7380
- C:\Windows\System\HCOyxUU.exe
  C:\Windows\System\HCOyxUU.exe
  2⤵
  PID:7428
- C:\Windows\System\wdUwlvW.exe
  C:\Windows\System\wdUwlvW.exe
  2⤵
  PID:7460
- C:\Windows\System\PMkzard.exe
  C:\Windows\System\PMkzard.exe
  2⤵
  PID:7496
- C:\Windows\System\RfFCKsT.exe
  C:\Windows\System\RfFCKsT.exe
  2⤵
  PID:7604
- C:\Windows\System\AcDhNMK.exe
  C:\Windows\System\AcDhNMK.exe
  2⤵
  PID:7624
- C:\Windows\System\XtqhaZN.exe
  C:\Windows\System\XtqhaZN.exe
  2⤵
  PID:2956
- C:\Windows\System\ZjFeIwz.exe
  C:\Windows\System\ZjFeIwz.exe
  2⤵
  PID:2104
- C:\Windows\System\hFwUYiO.exe
  C:\Windows\System\hFwUYiO.exe
  2⤵
  PID:1540
- C:\Windows\System\PBBBkvg.exe
  C:\Windows\System\PBBBkvg.exe
  2⤵
  PID:2912
- C:\Windows\System\bdwDAAY.exe
  C:\Windows\System\bdwDAAY.exe
  2⤵
  PID:7848
- C:\Windows\System\SRyvqVI.exe
  C:\Windows\System\SRyvqVI.exe
  2⤵
  PID:7892
- C:\Windows\System\QYrrlAk.exe
  C:\Windows\System\QYrrlAk.exe
  2⤵
  PID:7908
- C:\Windows\System\jSmgxSl.exe
  C:\Windows\System\jSmgxSl.exe
  2⤵
  PID:7924
- C:\Windows\System\DHTATiz.exe
  C:\Windows\System\DHTATiz.exe
  2⤵
  PID:7940
- C:\Windows\System\LwnCbmy.exe
  C:\Windows\System\LwnCbmy.exe
  2⤵
  PID:7956
- C:\Windows\System\OehrYLf.exe
  C:\Windows\System\OehrYLf.exe
  2⤵
  PID:7968
- C:\Windows\System\TEGOikb.exe
  C:\Windows\System\TEGOikb.exe
  2⤵
  PID:8104
- C:\Windows\System\PALPPmk.exe
  C:\Windows\System\PALPPmk.exe
  2⤵
  PID:8120
- C:\Windows\System\LhxGxgn.exe
  C:\Windows\System\LhxGxgn.exe
  2⤵
  PID:8136
- C:\Windows\System\GKFXziP.exe
  C:\Windows\System\GKFXziP.exe
  2⤵
  PID:8152
- C:\Windows\System\TDTwgHc.exe
  C:\Windows\System\TDTwgHc.exe
  2⤵
  PID:8168
- C:\Windows\System\USfFpYO.exe
  C:\Windows\System\USfFpYO.exe
  2⤵
  PID:6440
- C:\Windows\System\KrlFgYz.exe
  C:\Windows\System\KrlFgYz.exe
  2⤵
  PID:6612
- C:\Windows\System\mSagbGO.exe
  C:\Windows\System\mSagbGO.exe
  2⤵
  PID:1232
- C:\Windows\System\YKhWlrr.exe
  C:\Windows\System\YKhWlrr.exe
  2⤵
  PID:2032
- C:\Windows\System\sDXhxeR.exe
  C:\Windows\System\sDXhxeR.exe
  2⤵
  PID:6972
- C:\Windows\System\mnwopUa.exe
  C:\Windows\System\mnwopUa.exe
  2⤵
  PID:7812
- C:\Windows\System\KJWGHiA.exe
  C:\Windows\System\KJWGHiA.exe
  2⤵
  PID:2680
- C:\Windows\System\vaZYssI.exe
  C:\Windows\System\vaZYssI.exe
  2⤵
  PID:1348
- C:\Windows\System\jLuJxBG.exe
  C:\Windows\System\jLuJxBG.exe
  2⤵
  PID:988
- C:\Windows\System\SDuHwuQ.exe
  C:\Windows\System\SDuHwuQ.exe
  2⤵
  PID:1748
- C:\Windows\System\TGRTDtl.exe
  C:\Windows\System\TGRTDtl.exe
  2⤵
  PID:2236
- C:\Windows\System\rBDtziQ.exe
  C:\Windows\System\rBDtziQ.exe
  2⤵
  PID:1716
- C:\Windows\System\ukuizDH.exe
  C:\Windows\System\ukuizDH.exe
  2⤵
  PID:2100
- C:\Windows\System\KEdFRSp.exe
  C:\Windows\System\KEdFRSp.exe
  2⤵
  PID:7320
- C:\Windows\System\YhqTEKg.exe
  C:\Windows\System\YhqTEKg.exe
  2⤵
  PID:7364
- C:\Windows\System\GCFLdEr.exe
  C:\Windows\System\GCFLdEr.exe
  2⤵
  PID:7448
- C:\Windows\System\JxxSCmX.exe
  C:\Windows\System\JxxSCmX.exe
  2⤵
  PID:7528
- C:\Windows\System\FdlhuhU.exe
  C:\Windows\System\FdlhuhU.exe
  2⤵
  PID:7572
- C:\Windows\System\cEJkMxh.exe
  C:\Windows\System\cEJkMxh.exe
  2⤵
  PID:7640
- C:\Windows\System\ChNPMRY.exe
  C:\Windows\System\ChNPMRY.exe
  2⤵
  PID:4740
- C:\Windows\System\PjmboZj.exe
  C:\Windows\System\PjmboZj.exe
  2⤵
  PID:7220
- C:\Windows\System\ijbXdtE.exe
  C:\Windows\System\ijbXdtE.exe
  2⤵
  PID:7252
- C:\Windows\System\qyxNPyM.exe
  C:\Windows\System\qyxNPyM.exe
  2⤵
  PID:7284
- C:\Windows\System\EkbGVkM.exe
  C:\Windows\System\EkbGVkM.exe
  2⤵
  PID:7416
- C:\Windows\System\qZvHrny.exe
  C:\Windows\System\qZvHrny.exe
  2⤵
  PID:1088
- C:\Windows\System\ByQXrku.exe
  C:\Windows\System\ByQXrku.exe
  2⤵
  PID:7608
- C:\Windows\System\XZZmWdq.exe
  C:\Windows\System\XZZmWdq.exe
  2⤵
  PID:2832
- C:\Windows\System\nAKZWMW.exe
  C:\Windows\System\nAKZWMW.exe
  2⤵
  PID:1568
- C:\Windows\System\Xynzcjn.exe
  C:\Windows\System\Xynzcjn.exe
  2⤵
  PID:7688
- C:\Windows\System\eEPTmWl.exe
  C:\Windows\System\eEPTmWl.exe
  2⤵
  PID:7704
- C:\Windows\System\BeuMbGE.exe
  C:\Windows\System\BeuMbGE.exe
  2⤵
  PID:7760
- C:\Windows\System\KuOMXmf.exe
  C:\Windows\System\KuOMXmf.exe
  2⤵
  PID:7800
- C:\Windows\System\iTtAczA.exe
  C:\Windows\System\iTtAczA.exe
  2⤵
  PID:7900
- C:\Windows\System\lWoliMc.exe
  C:\Windows\System\lWoliMc.exe
  2⤵
  PID:7964
- C:\Windows\System\lguzKmB.exe
  C:\Windows\System\lguzKmB.exe
  2⤵
  PID:7880
- C:\Windows\System\awbiWvt.exe
  C:\Windows\System\awbiWvt.exe
  2⤵
  PID:7952
- C:\Windows\System\ZSDFZpX.exe
  C:\Windows\System\ZSDFZpX.exe
  2⤵
  PID:8112
- C:\Windows\System\LUpXIgP.exe
  C:\Windows\System\LUpXIgP.exe
  2⤵
  PID:8004
- C:\Windows\System\FOGXNPK.exe
  C:\Windows\System\FOGXNPK.exe
  2⤵
  PID:8024
- C:\Windows\System\SEaMpPv.exe
  C:\Windows\System\SEaMpPv.exe
  2⤵
  PID:8040
- C:\Windows\System\kuLFyxD.exe
  C:\Windows\System\kuLFyxD.exe
  2⤵
  PID:8056
- C:\Windows\System\idSudVf.exe
  C:\Windows\System\idSudVf.exe
  2⤵
  PID:8072
- C:\Windows\System\Rfgcsyb.exe
  C:\Windows\System\Rfgcsyb.exe
  2⤵
  PID:8088
- C:\Windows\System\awYbMDZ.exe
  C:\Windows\System\awYbMDZ.exe
  2⤵
  PID:8132
- C:\Windows\System\rIwCfcr.exe
  C:\Windows\System\rIwCfcr.exe
  2⤵
  PID:8160
- C:\Windows\System\laONRha.exe
  C:\Windows\System\laONRha.exe
  2⤵
  PID:6484
- C:\Windows\System\LvFgXpn.exe
  C:\Windows\System\LvFgXpn.exe
  2⤵
  PID:6744
- C:\Windows\System\BAEqaEE.exe
  C:\Windows\System\BAEqaEE.exe
  2⤵
  PID:6820
- C:\Windows\System\wfveguA.exe
  C:\Windows\System\wfveguA.exe
  2⤵
  PID:6884
- C:\Windows\System\XXIBtug.exe
  C:\Windows\System\XXIBtug.exe
  2⤵
  PID:7128
- C:\Windows\System\tKYSbVw.exe
  C:\Windows\System\tKYSbVw.exe
  2⤵
  PID:592
- C:\Windows\System\LTYwGnz.exe
  C:\Windows\System\LTYwGnz.exe
  2⤵
  PID:7780
- C:\Windows\System\YXPUWKm.exe
  C:\Windows\System\YXPUWKm.exe
  2⤵
  PID:1388
- C:\Windows\System\qwvmyaI.exe
  C:\Windows\System\qwvmyaI.exe
  2⤵
  PID:268
- C:\Windows\System\txVLbDe.exe
  C:\Windows\System\txVLbDe.exe
  2⤵
  PID:7192
- C:\Windows\System\ByuDhny.exe
  C:\Windows\System\ByuDhny.exe
  2⤵
  PID:7352
- C:\Windows\System\ssQXQoz.exe
  C:\Windows\System\ssQXQoz.exe
  2⤵
  PID:7592
- C:\Windows\System\EoBtKCW.exe
  C:\Windows\System\EoBtKCW.exe
  2⤵
  PID:7268
- C:\Windows\System\HcAZvOM.exe
  C:\Windows\System\HcAZvOM.exe
  2⤵
  PID:2928
- C:\Windows\System\YWbSPYE.exe
  C:\Windows\System\YWbSPYE.exe
  2⤵
  PID:7668
- C:\Windows\System\boxnWud.exe
  C:\Windows\System\boxnWud.exe
  2⤵
  PID:7740
- C:\Windows\System\GVBrmOu.exe
  C:\Windows\System\GVBrmOu.exe
  2⤵
  PID:7556
- C:\Windows\System\RDDPhJy.exe
  C:\Windows\System\RDDPhJy.exe
  2⤵
  PID:2880
- C:\Windows\System\hrOsCRo.exe
  C:\Windows\System\hrOsCRo.exe
  2⤵
  PID:7412
- C:\Windows\System\YNgnTFC.exe
  C:\Windows\System\YNgnTFC.exe
  2⤵
  PID:1480
- C:\Windows\System\WcwCgWR.exe
  C:\Windows\System\WcwCgWR.exe
  2⤵
  PID:7872
- C:\Windows\System\oaezhtF.exe
  C:\Windows\System\oaezhtF.exe
  2⤵
  PID:7936
- C:\Windows\System\EbeLULk.exe
  C:\Windows\System\EbeLULk.exe
  2⤵
  PID:7912
- C:\Windows\System\JcUOUJO.exe
  C:\Windows\System\JcUOUJO.exe
  2⤵
  PID:8016
- C:\Windows\System\MBjuPaZ.exe
  C:\Windows\System\MBjuPaZ.exe
  2⤵
  PID:8080
- C:\Windows\System\QsuTjpB.exe
  C:\Windows\System\QsuTjpB.exe
  2⤵
  PID:8176
- C:\Windows\System\kEKuURe.exe
  C:\Windows\System\kEKuURe.exe
  2⤵
  PID:8076
- C:\Windows\System\mgTxxWi.exe
  C:\Windows\System\mgTxxWi.exe
  2⤵
  PID:8100
- C:\Windows\System\GqsByat.exe
  C:\Windows\System\GqsByat.exe
  2⤵
  PID:7988
- C:\Windows\System\IxpPmXz.exe
  C:\Windows\System\IxpPmXz.exe
  2⤵
  PID:2976
- C:\Windows\System\bsFyomD.exe
  C:\Windows\System\bsFyomD.exe
  2⤵
  PID:1736
- C:\Windows\System\BiQwmBk.exe
  C:\Windows\System\BiQwmBk.exe
  2⤵
  PID:7172
- C:\Windows\System\UcoOdfl.exe
  C:\Windows\System\UcoOdfl.exe
  2⤵
  PID:8032
- C:\Windows\System\TFVuXKV.exe
  C:\Windows\System\TFVuXKV.exe
  2⤵
  PID:7672
- C:\Windows\System\hPTZlvn.exe
  C:\Windows\System\hPTZlvn.exe
  2⤵
  PID:7240
- C:\Windows\System\vLWcrEP.exe
  C:\Windows\System\vLWcrEP.exe
  2⤵
  PID:7540
- C:\Windows\System\VGNKKBL.exe
  C:\Windows\System\VGNKKBL.exe
  2⤵
  PID:6568
- C:\Windows\System\HyvdjMu.exe
  C:\Windows\System\HyvdjMu.exe
  2⤵
  PID:2676
- C:\Windows\System\JZucWIZ.exe
  C:\Windows\System\JZucWIZ.exe
  2⤵
  PID:6856
- C:\Windows\System\ObaGpBv.exe
  C:\Windows\System\ObaGpBv.exe
  2⤵
  PID:7932
- C:\Windows\System\ASsWLPh.exe
  C:\Windows\System\ASsWLPh.exe
  2⤵
  PID:8148
- C:\Windows\System\FxnGwzM.exe
  C:\Windows\System\FxnGwzM.exe
  2⤵
  PID:6696
- C:\Windows\System\anuNGwR.exe
  C:\Windows\System\anuNGwR.exe
  2⤵
  PID:844
- C:\Windows\System\mgeoMYd.exe
  C:\Windows\System\mgeoMYd.exe
  2⤵
  PID:7316
- C:\Windows\System\udlqcPq.exe
  C:\Windows\System\udlqcPq.exe
  2⤵
  PID:2328
- C:\Windows\System\enfFbZf.exe
  C:\Windows\System\enfFbZf.exe
  2⤵
  PID:4652
- C:\Windows\System\SSrilds.exe
  C:\Windows\System\SSrilds.exe
  2⤵
  PID:8048
- C:\Windows\System\zBjihnU.exe
  C:\Windows\System\zBjihnU.exe
  2⤵
  PID:7492
- C:\Windows\System\URFiQXv.exe
  C:\Windows\System\URFiQXv.exe
  2⤵
  PID:8188
- C:\Windows\System\oKwLvFk.exe
  C:\Windows\System\oKwLvFk.exe
  2⤵
  PID:6548
- C:\Windows\System\ubieIOR.exe
  C:\Windows\System\ubieIOR.exe
  2⤵
  PID:2636
- C:\Windows\System\kCvPhNt.exe
  C:\Windows\System\kCvPhNt.exe
  2⤵
  PID:2720
- C:\Windows\System\fBgHBQv.exe
  C:\Windows\System\fBgHBQv.exe
  2⤵
  PID:7304
- C:\Windows\System\PGgkwHm.exe
  C:\Windows\System\PGgkwHm.exe
  2⤵
  PID:2824
- C:\Windows\System\iySSFDZ.exe
  C:\Windows\System\iySSFDZ.exe
  2⤵
  PID:8144
- C:\Windows\System\ctFrHbh.exe
  C:\Windows\System\ctFrHbh.exe
  2⤵
  PID:8068
- C:\Windows\System\jyNNMHE.exe
  C:\Windows\System\jyNNMHE.exe
  2⤵
  PID:1492
- C:\Windows\System\HyvCxbl.exe
  C:\Windows\System\HyvCxbl.exe
  2⤵
  PID:2728
- C:\Windows\System\IleOmIA.exe
  C:\Windows\System\IleOmIA.exe
  2⤵
  PID:8204
- C:\Windows\System\eBGvmdx.exe
  C:\Windows\System\eBGvmdx.exe
  2⤵
  PID:8224
- C:\Windows\System\vuDQVJY.exe
  C:\Windows\System\vuDQVJY.exe
  2⤵
  PID:8240
- C:\Windows\System\UenUFla.exe
  C:\Windows\System\UenUFla.exe
  2⤵
  PID:8256
- C:\Windows\System\cbqNoIx.exe
  C:\Windows\System\cbqNoIx.exe
  2⤵
  PID:8272
- C:\Windows\System\aacYMit.exe
  C:\Windows\System\aacYMit.exe
  2⤵
  PID:8288
- C:\Windows\System\yTYFxhp.exe
  C:\Windows\System\yTYFxhp.exe
  2⤵
  PID:8304
- C:\Windows\System\GiLuDds.exe
  C:\Windows\System\GiLuDds.exe
  2⤵
  PID:8320
- C:\Windows\System\nffFeQV.exe
  C:\Windows\System\nffFeQV.exe
  2⤵
  PID:8336
- C:\Windows\System\jtrUSBo.exe
  C:\Windows\System\jtrUSBo.exe
  2⤵
  PID:8352
- C:\Windows\System\ZRVrtAl.exe
  C:\Windows\System\ZRVrtAl.exe
  2⤵
  PID:8368
- C:\Windows\System\TWwCarP.exe
  C:\Windows\System\TWwCarP.exe
  2⤵
  PID:8384
- C:\Windows\System\dmfcchD.exe
  C:\Windows\System\dmfcchD.exe
  2⤵
  PID:8400
- C:\Windows\System\JzIpbXo.exe
  C:\Windows\System\JzIpbXo.exe
  2⤵
  PID:8416
- C:\Windows\System\pLbhSNl.exe
  C:\Windows\System\pLbhSNl.exe
  2⤵
  PID:8432
- C:\Windows\System\apHSjiE.exe
  C:\Windows\System\apHSjiE.exe
  2⤵
  PID:8448
- C:\Windows\System\QPEqEnC.exe
  C:\Windows\System\QPEqEnC.exe
  2⤵
  PID:8464
- C:\Windows\System\rNFfdMo.exe
  C:\Windows\System\rNFfdMo.exe
  2⤵
  PID:8480
- C:\Windows\System\KbgUgtm.exe
  C:\Windows\System\KbgUgtm.exe
  2⤵
  PID:8496
- C:\Windows\System\wOjJnDv.exe
  C:\Windows\System\wOjJnDv.exe
  2⤵
  PID:8512
- C:\Windows\System\gQsYZDW.exe
  C:\Windows\System\gQsYZDW.exe
  2⤵
  PID:8528
- C:\Windows\System\fCYNdPV.exe
  C:\Windows\System\fCYNdPV.exe
  2⤵
  PID:8544
- C:\Windows\System\gkBlPib.exe
  C:\Windows\System\gkBlPib.exe
  2⤵
  PID:8568
- C:\Windows\System\SenyvdJ.exe
  C:\Windows\System\SenyvdJ.exe
  2⤵
  PID:8584
- C:\Windows\System\fxWTjcb.exe
  C:\Windows\System\fxWTjcb.exe
  2⤵
  PID:8600
- C:\Windows\System\zoGjObU.exe
  C:\Windows\System\zoGjObU.exe
  2⤵
  PID:8616
- C:\Windows\System\iIAamsN.exe
  C:\Windows\System\iIAamsN.exe
  2⤵
  PID:8632
- C:\Windows\System\lDqvzBJ.exe
  C:\Windows\System\lDqvzBJ.exe
  2⤵
  PID:8648
- C:\Windows\System\rHLajuj.exe
  C:\Windows\System\rHLajuj.exe
  2⤵
  PID:8664
- C:\Windows\System\ycOSWdt.exe
  C:\Windows\System\ycOSWdt.exe
  2⤵
  PID:8680
- C:\Windows\System\wXnAhbS.exe
  C:\Windows\System\wXnAhbS.exe
  2⤵
  PID:8696
- C:\Windows\System\QpAkSbX.exe
  C:\Windows\System\QpAkSbX.exe
  2⤵
  PID:8712
- C:\Windows\System\VQhjujn.exe
  C:\Windows\System\VQhjujn.exe
  2⤵
  PID:8728
- C:\Windows\System\cmEVxJM.exe
  C:\Windows\System\cmEVxJM.exe
  2⤵
  PID:8748
- C:\Windows\System\QfnPMjF.exe
  C:\Windows\System\QfnPMjF.exe
  2⤵
  PID:8768
- C:\Windows\System\YdovycT.exe
  C:\Windows\System\YdovycT.exe
  2⤵
  PID:8788
- C:\Windows\System\fvfFeVH.exe
  C:\Windows\System\fvfFeVH.exe
  2⤵
  PID:8812
- C:\Windows\System\lnwZUGF.exe
  C:\Windows\System\lnwZUGF.exe
  2⤵
  PID:8828
- C:\Windows\System\gnUMmyW.exe
  C:\Windows\System\gnUMmyW.exe
  2⤵
  PID:8856
- C:\Windows\System\GGSrEaN.exe
  C:\Windows\System\GGSrEaN.exe
  2⤵
  PID:8872
- C:\Windows\System\ebLuxRC.exe
  C:\Windows\System\ebLuxRC.exe
  2⤵
  PID:8888
- C:\Windows\System\DcWrAwE.exe
  C:\Windows\System\DcWrAwE.exe
  2⤵
  PID:8904
- C:\Windows\System\KJDiNxO.exe
  C:\Windows\System\KJDiNxO.exe
  2⤵
  PID:8928
- C:\Windows\System\JxdDTVo.exe
  C:\Windows\System\JxdDTVo.exe
  2⤵
  PID:8944
- C:\Windows\System\WqnPcRt.exe
  C:\Windows\System\WqnPcRt.exe
  2⤵
  PID:8964
- C:\Windows\System\RIEEVgT.exe
  C:\Windows\System\RIEEVgT.exe
  2⤵
  PID:8984
- C:\Windows\System\cmMauXM.exe
  C:\Windows\System\cmMauXM.exe
  2⤵
  PID:9016
- C:\Windows\System\IiCXUjf.exe
  C:\Windows\System\IiCXUjf.exe
  2⤵
  PID:9036
- C:\Windows\System\lvXXKtG.exe
  C:\Windows\System\lvXXKtG.exe
  2⤵
  PID:9064
- C:\Windows\System\QAtXaXk.exe
  C:\Windows\System\QAtXaXk.exe
  2⤵
  PID:9092
- C:\Windows\System\xuDMDHl.exe
  C:\Windows\System\xuDMDHl.exe
  2⤵
  PID:9112
- C:\Windows\System\YiGBhTr.exe
  C:\Windows\System\YiGBhTr.exe
  2⤵
  PID:9128
- C:\Windows\System\KMwgStn.exe
  C:\Windows\System\KMwgStn.exe
  2⤵
  PID:9144
- C:\Windows\System\gPVERIA.exe
  C:\Windows\System\gPVERIA.exe
  2⤵
  PID:9160
- C:\Windows\System\ZvXaxbn.exe
  C:\Windows\System\ZvXaxbn.exe
  2⤵
  PID:9176
- C:\Windows\System\ZEHytJL.exe
  C:\Windows\System\ZEHytJL.exe
  2⤵
  PID:9192
- C:\Windows\System\rCHfEeC.exe
  C:\Windows\System\rCHfEeC.exe
  2⤵
  PID:9212
- C:\Windows\System\QtMDWUD.exe
  C:\Windows\System\QtMDWUD.exe
  2⤵
  PID:8220
- C:\Windows\System\BpIZrEN.exe
  C:\Windows\System\BpIZrEN.exe
  2⤵
  PID:8196
- C:\Windows\System\PRumbXp.exe
  C:\Windows\System\PRumbXp.exe
  2⤵
  PID:8280
- C:\Windows\System\cdRTBVa.exe
  C:\Windows\System\cdRTBVa.exe
  2⤵
  PID:8316
- C:\Windows\System\zuYZoYL.exe
  C:\Windows\System\zuYZoYL.exe
  2⤵
  PID:8380
- C:\Windows\System\ZpMYFhe.exe
  C:\Windows\System\ZpMYFhe.exe
  2⤵
  PID:8408
- C:\Windows\System\ggKpXUl.exe
  C:\Windows\System\ggKpXUl.exe
  2⤵
  PID:8612
- C:\Windows\System\VAzXlGe.exe
  C:\Windows\System\VAzXlGe.exe
  2⤵
  PID:8820
- C:\Windows\System\gZRGaGq.exe
  C:\Windows\System\gZRGaGq.exe
  2⤵
  PID:8936
- C:\Windows\System\gWhNTaQ.exe
  C:\Windows\System\gWhNTaQ.exe
  2⤵
  PID:9072
- C:\Windows\System\ZFDdPrf.exe
  C:\Windows\System\ZFDdPrf.exe
  2⤵
  PID:9004
- C:\Windows\System\oCYpgjq.exe
  C:\Windows\System\oCYpgjq.exe
  2⤵
  PID:9156
- C:\Windows\System\mdeUXby.exe
  C:\Windows\System\mdeUXby.exe
  2⤵
  PID:9200
- C:\Windows\System\iptNarN.exe
  C:\Windows\System\iptNarN.exe
  2⤵
  PID:8348
- C:\Windows\System\iGOPZqk.exe
  C:\Windows\System\iGOPZqk.exe
  2⤵
  PID:8264
- C:\Windows\System\WDQwJBq.exe
  C:\Windows\System\WDQwJBq.exe
  2⤵
  PID:8440
- C:\Windows\System\dSXkazO.exe
  C:\Windows\System\dSXkazO.exe
  2⤵
  PID:8992
- C:\Windows\System\MhvRnGO.exe
  C:\Windows\System\MhvRnGO.exe
  2⤵
  PID:9088
- C:\Windows\System\kDUfWgs.exe
  C:\Windows\System\kDUfWgs.exe
  2⤵
  PID:9100
- C:\Windows\System\FlmlvOl.exe
  C:\Windows\System\FlmlvOl.exe
  2⤵
  PID:9140
- C:\Windows\System\eZvEiIF.exe
  C:\Windows\System\eZvEiIF.exe
  2⤵
  PID:9172
- C:\Windows\System\TbTFvKx.exe
  C:\Windows\System\TbTFvKx.exe
  2⤵
  PID:7852
- C:\Windows\System\gbMsKcp.exe
  C:\Windows\System\gbMsKcp.exe
  2⤵
  PID:8200
- C:\Windows\System\WvUYVMP.exe
  C:\Windows\System\WvUYVMP.exe
  2⤵
  PID:8444
- C:\Windows\System\NLSkCCK.exe
  C:\Windows\System\NLSkCCK.exe
  2⤵
  PID:8460
- C:\Windows\System\xTFOAFt.exe
  C:\Windows\System\xTFOAFt.exe
  2⤵
  PID:8504
- C:\Windows\System\zhpBnef.exe
  C:\Windows\System\zhpBnef.exe
  2⤵
  PID:8524
- C:\Windows\System\uiZjbkX.exe
  C:\Windows\System\uiZjbkX.exe
  2⤵
  PID:8580
- C:\Windows\System\YjAuCfY.exe
  C:\Windows\System\YjAuCfY.exe
  2⤵
  PID:8644
- C:\Windows\System\IEIbBFq.exe
  C:\Windows\System\IEIbBFq.exe
  2⤵
  PID:8736
- C:\Windows\System\ekNnXkw.exe
  C:\Windows\System\ekNnXkw.exe
  2⤵
  PID:8656
- C:\Windows\System\OZYyiiW.exe
  C:\Windows\System\OZYyiiW.exe
  2⤵
  PID:8720
- C:\Windows\System\YqubWIn.exe
  C:\Windows\System\YqubWIn.exe
  2⤵
  PID:8784
- C:\Windows\System\Dtiebaq.exe
  C:\Windows\System\Dtiebaq.exe
  2⤵
  PID:8852
- C:\Windows\System\xkOHykK.exe
  C:\Windows\System\xkOHykK.exe
  2⤵
  PID:8880
- C:\Windows\System\EYXprjf.exe
  C:\Windows\System\EYXprjf.exe
  2⤵
  PID:8940
- C:\Windows\System\QqCOeox.exe
  C:\Windows\System\QqCOeox.exe
  2⤵
  PID:8960
- C:\Windows\System\QmFIlRt.exe
  C:\Windows\System\QmFIlRt.exe
  2⤵
  PID:9024
- C:\Windows\System\kFwcAGU.exe
  C:\Windows\System\kFwcAGU.exe
  2⤵
  PID:9048
- C:\Windows\System\YeZMjFQ.exe
  C:\Windows\System\YeZMjFQ.exe
  2⤵
  PID:9136
- C:\Windows\System\VPJrClD.exe
  C:\Windows\System\VPJrClD.exe
  2⤵
  PID:8560
- C:\Windows\System\pmtEsUd.exe
  C:\Windows\System\pmtEsUd.exe
  2⤵
  PID:8376
- C:\Windows\System\rUfpaOt.exe
  C:\Windows\System\rUfpaOt.exe
  2⤵
  PID:8424
- C:\Windows\System\lmFtlJF.exe
  C:\Windows\System\lmFtlJF.exe
  2⤵
  PID:8508
- C:\Windows\System\ZOZlVMi.exe
  C:\Windows\System\ZOZlVMi.exe
  2⤵
  PID:8488
- C:\Windows\System\jbzrbLS.exe
  C:\Windows\System\jbzrbLS.exe
  2⤵
  PID:8556
- C:\Windows\System\iKgArfQ.exe
  C:\Windows\System\iKgArfQ.exe
  2⤵
  PID:8672
- C:\Windows\System\bRMCLkl.exe
  C:\Windows\System\bRMCLkl.exe
  2⤵
  PID:8776
- C:\Windows\System\XmSfFKq.exe
  C:\Windows\System\XmSfFKq.exe
  2⤵
  PID:8848
- C:\Windows\System\vWKNulI.exe
  C:\Windows\System\vWKNulI.exe
  2⤵
  PID:8980
- C:\Windows\System\pYqqfYQ.exe
  C:\Windows\System\pYqqfYQ.exe
  2⤵
  PID:9208
- C:\Windows\System\CWfzTcp.exe
  C:\Windows\System\CWfzTcp.exe
  2⤵
  PID:8456
- C:\Windows\System\VXklUPb.exe
  C:\Windows\System\VXklUPb.exe
  2⤵
  PID:8624
- C:\Windows\System\LdwnydM.exe
  C:\Windows\System\LdwnydM.exe
  2⤵
  PID:8692
- C:\Windows\System\FgMnqQy.exe
  C:\Windows\System\FgMnqQy.exe
  2⤵
  PID:8836
- C:\Windows\System\wqxYICO.exe
  C:\Windows\System\wqxYICO.exe
  2⤵
  PID:8868
- C:\Windows\System\uHcLwRa.exe
  C:\Windows\System\uHcLwRa.exe
  2⤵
  PID:9168
- C:\Windows\System\gGaOwXQ.exe
  C:\Windows\System\gGaOwXQ.exe
  2⤵
  PID:9104
- C:\Windows\System\QIcKPPv.exe
  C:\Windows\System\QIcKPPv.exe
  2⤵
  PID:8360
- C:\Windows\System\GmEPavp.exe
  C:\Windows\System\GmEPavp.exe
  2⤵
  PID:8804
- C:\Windows\System\RChBPxb.exe
  C:\Windows\System\RChBPxb.exe
  2⤵
  PID:8800
- C:\Windows\System\YRUcftp.exe
  C:\Windows\System\YRUcftp.exe
  2⤵
  PID:8300
- C:\Windows\System\uEvvTwd.exe
  C:\Windows\System\uEvvTwd.exe
  2⤵
  PID:9084
- C:\Windows\System\sbWrrTL.exe
  C:\Windows\System\sbWrrTL.exe
  2⤵
  PID:8520
- C:\Windows\System\LspQQOT.exe
  C:\Windows\System\LspQQOT.exe
  2⤵
  PID:8972
- C:\Windows\System\RcrBPgv.exe
  C:\Windows\System\RcrBPgv.exe
  2⤵
  PID:8808
- C:\Windows\System\CQDiaIV.exe
  C:\Windows\System\CQDiaIV.exe
  2⤵
  PID:9232
- C:\Windows\System\QwbRNMB.exe
  C:\Windows\System\QwbRNMB.exe
  2⤵
  PID:9248
- C:\Windows\System\TUpRHRU.exe
  C:\Windows\System\TUpRHRU.exe
  2⤵
  PID:9264
- C:\Windows\System\ZvrlDsl.exe
  C:\Windows\System\ZvrlDsl.exe
  2⤵
  PID:9304
- C:\Windows\System\bALSwlP.exe
  C:\Windows\System\bALSwlP.exe
  2⤵
  PID:9320
- C:\Windows\System\INezgoH.exe
  C:\Windows\System\INezgoH.exe
  2⤵
  PID:9340
- C:\Windows\System\ABXKLKD.exe
  C:\Windows\System\ABXKLKD.exe
  2⤵
  PID:9356
- C:\Windows\System\ihNmpDU.exe
  C:\Windows\System\ihNmpDU.exe
  2⤵
  PID:9372
- C:\Windows\System\BxSPiSp.exe
  C:\Windows\System\BxSPiSp.exe
  2⤵
  PID:9388
- C:\Windows\System\nJpVJVM.exe
  C:\Windows\System\nJpVJVM.exe
  2⤵
  PID:9404
- C:\Windows\System\eHewVVO.exe
  C:\Windows\System\eHewVVO.exe
  2⤵
  PID:9420
- C:\Windows\System\AzGPELD.exe
  C:\Windows\System\AzGPELD.exe
  2⤵
  PID:9436
- C:\Windows\System\StzEyGj.exe
  C:\Windows\System\StzEyGj.exe
  2⤵
  PID:9464
- C:\Windows\System\teOVepP.exe
  C:\Windows\System\teOVepP.exe
  2⤵
  PID:9488
- C:\Windows\System\BozgayV.exe
  C:\Windows\System\BozgayV.exe
  2⤵
  PID:9516
- C:\Windows\System\ffPFfIa.exe
  C:\Windows\System\ffPFfIa.exe
  2⤵
  PID:9536
- C:\Windows\System\DwPUGuP.exe
  C:\Windows\System\DwPUGuP.exe
  2⤵
  PID:9560
- C:\Windows\System\ILgbiQd.exe
  C:\Windows\System\ILgbiQd.exe
  2⤵
  PID:9580
- C:\Windows\System\Runashr.exe
  C:\Windows\System\Runashr.exe
  2⤵
  - Access Token Manipulation: Create Process with Token
  PID:9596
- C:\Windows\System\XavLZJS.exe
  C:\Windows\System\XavLZJS.exe
  2⤵
  PID:9612
- C:\Windows\System\biGqbPJ.exe
  C:\Windows\System\biGqbPJ.exe
  2⤵
  PID:9628
- C:\Windows\System\yllFdVW.exe
  C:\Windows\System\yllFdVW.exe
  2⤵
  PID:9648
- C:\Windows\System\KNPrhDL.exe
  C:\Windows\System\KNPrhDL.exe
  2⤵
  PID:9664
- C:\Windows\System\QqDEDhU.exe
  C:\Windows\System\QqDEDhU.exe
  2⤵
  PID:9684
- C:\Windows\System\cvzzTHV.exe
  C:\Windows\System\cvzzTHV.exe
  2⤵
  PID:9708
- C:\Windows\System\TsBufuB.exe
  C:\Windows\System\TsBufuB.exe
  2⤵
  PID:9728
- C:\Windows\System\SFDXlYo.exe
  C:\Windows\System\SFDXlYo.exe
  2⤵
  PID:9744
- C:\Windows\System\zUjPUOK.exe
  C:\Windows\System\zUjPUOK.exe
  2⤵
  PID:9760
- C:\Windows\System\QjpslUS.exe
  C:\Windows\System\QjpslUS.exe
  2⤵
  PID:9780
- C:\Windows\System\BEcjURU.exe
  C:\Windows\System\BEcjURU.exe
  2⤵
  PID:9796
- C:\Windows\System\ItLxyzU.exe
  C:\Windows\System\ItLxyzU.exe
  2⤵
  PID:9816
- C:\Windows\System\VRpgGwu.exe
  C:\Windows\System\VRpgGwu.exe
  2⤵
  PID:9832
- C:\Windows\System\HEhBGlN.exe
  C:\Windows\System\HEhBGlN.exe
  2⤵
  PID:9876
- C:\Windows\System\EpzCoSd.exe
  C:\Windows\System\EpzCoSd.exe
  2⤵
  PID:9892
- C:\Windows\System\uescszI.exe
  C:\Windows\System\uescszI.exe
  2⤵
  PID:9908
- C:\Windows\System\qBMddCF.exe
  C:\Windows\System\qBMddCF.exe
  2⤵
  PID:9924
- C:\Windows\System\NaGPoRs.exe
  C:\Windows\System\NaGPoRs.exe
  2⤵
  PID:9968
- C:\Windows\System\OqyErDt.exe
  C:\Windows\System\OqyErDt.exe
  2⤵
  PID:9984
- C:\Windows\System\AtddbII.exe
  C:\Windows\System\AtddbII.exe
  2⤵
  PID:10000
- C:\Windows\System\UHvMqlB.exe
  C:\Windows\System\UHvMqlB.exe
  2⤵
  PID:10016
- C:\Windows\System\MkaMrrE.exe
  C:\Windows\System\MkaMrrE.exe
  2⤵
  PID:10032
- C:\Windows\System\xBaGIvk.exe
  C:\Windows\System\xBaGIvk.exe
  2⤵
  PID:10048
- C:\Windows\System\qePtwGC.exe
  C:\Windows\System\qePtwGC.exe
  2⤵
  PID:10064
- C:\Windows\System\tDaItXi.exe
  C:\Windows\System\tDaItXi.exe
  2⤵
  PID:10080
- C:\Windows\System\zowPRgg.exe
  C:\Windows\System\zowPRgg.exe
  2⤵
  PID:10112
- C:\Windows\System\skXBPuL.exe
  C:\Windows\System\skXBPuL.exe
  2⤵
  PID:10132
- C:\Windows\System\okJIEze.exe
  C:\Windows\System\okJIEze.exe
  2⤵
  PID:10152
- C:\Windows\System\xZjTelK.exe
  C:\Windows\System\xZjTelK.exe
  2⤵
  PID:10172
- C:\Windows\System\gnPqLle.exe
  C:\Windows\System\gnPqLle.exe
  2⤵
  PID:10192
- C:\Windows\System\dTbHjhQ.exe
  C:\Windows\System\dTbHjhQ.exe
  2⤵
  PID:10208
- C:\Windows\System\WlxZhjC.exe
  C:\Windows\System\WlxZhjC.exe
  2⤵
  PID:10224
- C:\Windows\System\ZpHlKSK.exe
  C:\Windows\System\ZpHlKSK.exe
  2⤵
  PID:8724
- C:\Windows\System\WpjSPRg.exe
  C:\Windows\System\WpjSPRg.exe
  2⤵
  PID:8476
- C:\Windows\System\QzZliLJ.exe
  C:\Windows\System\QzZliLJ.exe
  2⤵
  PID:8760
- C:\Windows\System\anOMKIN.exe
  C:\Windows\System\anOMKIN.exe
  2⤵
  PID:9284
- C:\Windows\System\PAQPAbj.exe
  C:\Windows\System\PAQPAbj.exe
  2⤵
  PID:9312
- C:\Windows\System\LLSMDqe.exe
  C:\Windows\System\LLSMDqe.exe
  2⤵
  PID:9352
- C:\Windows\System\IwgsYPH.exe
  C:\Windows\System\IwgsYPH.exe
  2⤵
  PID:9400
- C:\Windows\System\XTexUxq.exe
  C:\Windows\System\XTexUxq.exe
  2⤵
  PID:9444
- C:\Windows\System\jPoyeEc.exe
  C:\Windows\System\jPoyeEc.exe
  2⤵
  PID:9412
- C:\Windows\System\cHSrTkz.exe
  C:\Windows\System\cHSrTkz.exe
  2⤵
  PID:9508
- C:\Windows\System\WyfeMsf.exe
  C:\Windows\System\WyfeMsf.exe
  2⤵
  PID:9484
- C:\Windows\System\BbZWDWB.exe
  C:\Windows\System\BbZWDWB.exe
  2⤵
  PID:9548
- C:\Windows\System\UFLpaMt.exe
  C:\Windows\System\UFLpaMt.exe
  2⤵
  PID:9700
- C:\Windows\System\AOgKOQv.exe
  C:\Windows\System\AOgKOQv.exe
  2⤵
  PID:9772
- C:\Windows\System\HHNgKui.exe
  C:\Windows\System\HHNgKui.exe
  2⤵
  PID:9812
- C:\Windows\System\MBEBZXh.exe
  C:\Windows\System\MBEBZXh.exe
  2⤵
  PID:9608
- C:\Windows\System\tydShue.exe
  C:\Windows\System\tydShue.exe
  2⤵
  PID:9680
- C:\Windows\System\iWJTIua.exe
  C:\Windows\System\iWJTIua.exe
  2⤵
  PID:9860
- C:\Windows\System\HlmmJev.exe
  C:\Windows\System\HlmmJev.exe
  2⤵
  PID:9792
- C:\Windows\System\msFTtoj.exe
  C:\Windows\System\msFTtoj.exe
  2⤵
  PID:9724
- C:\Windows\System\RBzVoQA.exe
  C:\Windows\System\RBzVoQA.exe
  2⤵
  PID:9936
- C:\Windows\System\sBVflAh.exe
  C:\Windows\System\sBVflAh.exe
  2⤵
  PID:9952
- C:\Windows\System\dwqrTMY.exe
  C:\Windows\System\dwqrTMY.exe
  2⤵
  PID:9992
- C:\Windows\System\QvYfufu.exe
  C:\Windows\System\QvYfufu.exe
  2⤵
  PID:10056
- C:\Windows\System\NtfieZH.exe
  C:\Windows\System\NtfieZH.exe
  2⤵
  PID:10088
- C:\Windows\System\jSCPivm.exe
  C:\Windows\System\jSCPivm.exe
  2⤵
  PID:10040
- C:\Windows\System\tjCeKqr.exe
  C:\Windows\System\tjCeKqr.exe
  2⤵
  PID:10140
- C:\Windows\System\MGCyvMi.exe
  C:\Windows\System\MGCyvMi.exe
  2⤵
  PID:10148
- C:\Windows\System\zMdJrqK.exe
  C:\Windows\System\zMdJrqK.exe
  2⤵
  PID:10184
- C:\Windows\System\uoevnGM.exe
  C:\Windows\System\uoevnGM.exe
  2⤵
  PID:10164
- C:\Windows\System\eiVPmwG.exe
  C:\Windows\System\eiVPmwG.exe
  2⤵
  PID:10220
- C:\Windows\System\wIlQNzL.exe
  C:\Windows\System\wIlQNzL.exe
  2⤵
  PID:9348
- C:\Windows\System\CCWWwPo.exe
  C:\Windows\System\CCWWwPo.exe
  2⤵
  PID:10232
- C:\Windows\System\OkymTOe.exe
  C:\Windows\System\OkymTOe.exe
  2⤵
  PID:8976
- C:\Windows\System\aRAxLuy.exe
  C:\Windows\System\aRAxLuy.exe
  2⤵
  PID:9300
- C:\Windows\System\pCPSspt.exe
  C:\Windows\System\pCPSspt.exe
  2⤵
  PID:9476
- C:\Windows\System\QLrAwRC.exe
  C:\Windows\System\QLrAwRC.exe
  2⤵
  PID:9588
- C:\Windows\System\lCVZxTQ.exe
  C:\Windows\System\lCVZxTQ.exe
  2⤵
  PID:9624
- C:\Windows\System\qytzTzs.exe
  C:\Windows\System\qytzTzs.exe
  2⤵
  PID:9692
- C:\Windows\System\gtPTgFH.exe
  C:\Windows\System\gtPTgFH.exe
  2⤵
  PID:9768
- C:\Windows\System\AkdYjBQ.exe
  C:\Windows\System\AkdYjBQ.exe
  2⤵
  PID:9808
- C:\Windows\System\awWYzgg.exe
  C:\Windows\System\awWYzgg.exe
  2⤵
  PID:9856
- C:\Windows\System\lcxwkEe.exe
  C:\Windows\System\lcxwkEe.exe
  2⤵
  PID:9788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Access Token Manipulation

T1134

Create Process with Token

T1134.002

Defense Evasion

Access Token Manipulation

T1134

Create Process with Token

T1134.002

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CSowCvM.exe

Filesize
6.0MB

MD5
999c9f9b1016a6b1138d22a16021fea1

SHA1
9506551e3fa6c0dab589fe50ef66cf691fb30b73

SHA256
95f00c5f7d2f8e8b97b57413e7d868865342677afc5a619ce1849b0f47444b73

SHA512
9f07118ad5aba3d2305d7326ca9d109c9b97db3bd3595e23f656c2a976eea2af218b78332ae4db9f27f566c3674d29cb95c4ac7e65e8e3e0781e4e37739be79b

Download Submit
C:\Windows\system\ClQqGmW.exe

Filesize
6.0MB

MD5
1ae71956057f6400135850423a595912

SHA1
b45535c2a858f159858203de8e1ece4c40f0c84c

SHA256
e16605290c4062e66da465b2beb458ad67bff9dfbb24ea336800e92e8c6a8574

SHA512
299df064cf1fb890c60c204be1a6afb4bc8269684f6b4c3a86e70981a6c457535a8bb1c85f999c750e6241525879b893f12b09afef250447fe473a87c1ec295b

Download Submit
C:\Windows\system\FaXCcPO.exe

Filesize
6.0MB

MD5
a2e555f71608b334b800571ba7cbf4b0

SHA1
074a5d6385da686286aedc32559cec3de69a9809

SHA256
e188ae7bd39274223f49a1d00e26556af80ceca0219584671751f694357cd5fc

SHA512
c8efc86483a73737668f5ea7a90799f803edfb2a608f34ecaa44afdcbf53036f3a085823a30b83c4d838b52a2897d4185e5a24f6a9a331c64d17ec2f446680fb

Download Submit
C:\Windows\system\IQSTMAW.exe

Filesize
6.0MB

MD5
51885e5a644e47eb9d1d39d5b3191ae7

SHA1
4e500b943a11c9f6096d3e8c0af41770db9e20cd

SHA256
e1bf495f671f514f3516c50d31b1c8fcea579dfc14c1af2b4d4bc02626679628

SHA512
5dbcac611f22667287be9639f8457995c178c5601c889b01b8a353e711fd033c4f754fe6d5c72a34563de4aa0c4b0537760b350acdc2e71b0210c0f41cdea7c7

Download Submit
C:\Windows\system\IrwjvCn.exe

Filesize
6.0MB

MD5
9c8f188baa20cec0682db6faac3976df

SHA1
582f35b4443deb1eedb66c4242ba0efca4d92f24

SHA256
53d6d5b95741c945fbe1da6b35240d1171c5cfd93ce32b82fc68c73d92faaee7

SHA512
189f9d2624cb67b815219d94e0a658f12066d5a1841a933546199732174242f0640bcfbddd676aca822e3be171de6399fd71978d735feee8aca04e931df9967a

Download Submit
C:\Windows\system\JhNyNOX.exe

Filesize
6.0MB

MD5
2864c0664337c3692abc58179b35e511

SHA1
58053c14f0ecf9fb62abd77894c8ffa9fe30ec6b

SHA256
47961ca2b7923461114ae8470b7dc1a186caef9c6e49587fd1fb3c3e8af36664

SHA512
f73138986dc68f9622924eff2e6f148a0162193513c8d4ee87503f0a18765e51e4865930a8b28fe6655c654e664109fa6ad3483b06552bdc212390cc93eb786f

Download Submit
C:\Windows\system\KTeWWUz.exe

Filesize
6.0MB

MD5
7f0b2830006d6ad05a1ba137536ec353

SHA1
0c8e5afaa94a42c77b8d1dd54508dff493892498

SHA256
bdcd46e1efa01275d2cf0e1cc30312b677f39dd9f4560b3b9e0dab41b8a60e48

SHA512
60f4a496405eaf36587afd1eacb8c238dd69d60b25f01cbac071e8eab437efc52869490170c42a91f34c645fff0c1301e2c2131f0379b48ea197d368812d1ff5

Download Submit
C:\Windows\system\LWIucVM.exe

Filesize
6.0MB

MD5
3d64f76015e648f05f61baca5e099f39

SHA1
a86bd6c3b1cec9a9de27b375716047e64a77b008

SHA256
f453265d1dab487d33088ebbefa15c81c2558505fcfcf11ee88aececf9ca9026

SHA512
f2b165f1693247722185c2c522b47e984090df42d42b665fa83e7da317017bfdc4dad0d32c96a73a7f73814e187ed9fff766341c37915229aa081ecabcd5b1f0

Download Submit
C:\Windows\system\QJARzHE.exe

Filesize
6.0MB

MD5
5234e03ac5915d0852de0633cfc3728d

SHA1
e7da62425bb595888d634ccc9bb531f2a22c80d8

SHA256
bda076c8b001b8fe239062a8a52a44171c5ea9477aa5a2726d05536dd302f832

SHA512
bfd932d3a55d246cd4d2ac10cfa011c857feed4e4dce5bd9629a82ddd241c4968047e1e767c9d73dfa422063af30532ff676fdf373655be69b344681795e7971

Download Submit
C:\Windows\system\RGdqIlZ.exe

Filesize
6.0MB

MD5
530b2983ce5e3c253dbd56c678627f7a

SHA1
2d2c68e2036b64b5c44bb3937d098110fe62e772

SHA256
3d1b9dfb5243005e64842e774b4b0f00f596d5e6a2c8c340b8c17854bdb16ce9

SHA512
729836c1a464fa96f7a8491107211b09f5871bd507b19f80b41b3893b48495b878ae888f9aa1da23c13eba755bbbcafdd7ad135b9b3baf4ef8eb2146279650e0

Download Submit
C:\Windows\system\TBYDtVg.exe

Filesize
6.0MB

MD5
237cea441cd8907efbe939a9a2e02d97

SHA1
904424579bdd01605ae8c5cbfc2f119dbcf9d9de

SHA256
ab369d1e184fa0110bee15496e1c12d50f72f275456ea23b2f5b47c3d29a2511

SHA512
73a80159cab20a50a7e39a832c6da778faddb3cbccc48b1aef68397d970f2536502c2841135e7b8afefc337d6d7a8260be14668496cd9ee868d17609d608d25e

Download Submit
C:\Windows\system\TJtxuXH.exe

Filesize
6.0MB

MD5
d4fde1b065b4b7e0cd79b08aeb629ab7

SHA1
84d216ab77c98ae73b57befab1bac83286f5ee47

SHA256
6984829d55e5ac6a538e85427cd23da23b79b5f4c3d658448f1d970a9480c070

SHA512
2b018cc1c0b79dbd1a8587e2b346de2eb3ef408555c0c33fa901ae1c035e86cd78975237893f081668eeb9380bad2bb6870e4b8783c874977e683bf242284b83

Download Submit
C:\Windows\system\VXyyKvu.exe

Filesize
6.0MB

MD5
f54fd765c9a9bc8bebeb24f7bd26b972

SHA1
03df72e6234ca3fdc9a495769dfd48e838818dfb

SHA256
37efa642e247b64bfbb2c21a5afb8888dd907bed861c767740d2da83bb00574d

SHA512
ceafa97e8e87b96d330d383baf39ef837452cb6dfdb1007786f6e2d67b715d22d505e47a895120d9221cfb52753f29c929cab6d29e9e52767dfc4b44ac9d4a2b

Download Submit
C:\Windows\system\Ymeogxf.exe

Filesize
6.0MB

MD5
dc1bd25afa30419e4eae10834f39d68b

SHA1
645cdad59bfa82c6190b64df02dfd4697082040f

SHA256
5530f2ec682a692d8746472b47049f6f53cd4e9a46179f73f70be2049c5b6a98

SHA512
b30a58a9163b37c88beda2ff60f988adbdd3326993f482e6f5fae78fe497a2553eaf9531e4509ed4c3a32f5e21af76d7d5aa41a532e49a3d712509a9f4d70d32

Download Submit
C:\Windows\system\aOMtjqP.exe

Filesize
6.0MB

MD5
481934f08c211cdf74f0ea9db2480631

SHA1
88b5936136ecbe215ab4ce8fd106cd2759c1d9c1

SHA256
7b487fd9b1c97771604851c7a8918068b3c002c363c56b09646e55809c846b20

SHA512
c1604a76410dcba1f8cc673655810eed8e27738ce70a5d6a44d41daa007fca59d9e7237f19a65833e0345c082d914a65767d5d259fb080b9c2fe8349e6f6b691

Download Submit
C:\Windows\system\dcrkoot.exe

Filesize
6.0MB

MD5
3b552e708f23fe076d2aed11743c469e

SHA1
258357c7c0e203ff8fffe990a22e8b411eee313d

SHA256
722b3364674813826c2458d1cdf821e14f37d0838ea7ae9b494e97dc9ab895de

SHA512
af1a8dc5d158e73650489c689703cd7c00b28c3f307130847873d2d0b5b3bd5987e0439b185c9e5edec78f1085c6d7af26041bd04824b0f5d889420318242973

Download Submit
C:\Windows\system\fktHWET.exe

Filesize
6.0MB

MD5
acd3fc69c7bb33a8dccfca0d6ef63db0

SHA1
ade2f04d9530f6aaf63149d4b3d975916eb3324d

SHA256
03de3e9345e1c862ec5288e2ba78060118ab3555b9e1b17024b814d56b1befa0

SHA512
bfdc050395298e399b67f6619588855d6945ac27ea00b5812ae1e7e1f78718bab3f5af772b417a82a4c3f06eebe93027f219b0e9421abf409d73d1903f5a68ad

Download Submit
C:\Windows\system\gQsjHur.exe

Filesize
6.0MB

MD5
409024bec20126775aa808c5766d51ab

SHA1
3fa99fea747bfef0c1e342345da6de01a86a8a23

SHA256
ef5fdb37dc399487dde77f78b3f2314f03f6580feed3b20e7d838726e64194e2

SHA512
50fc27e20d5f17c635aa128368c2c86fe1ca61d920fbd7c35a1e1c8b469f041e06085ea0e5a63aad2a0ee25faa129b50b452dec7264bd879d8e8533da7602ccc

Download Submit
C:\Windows\system\hKemmoc.exe

Filesize
6.0MB

MD5
20bc00487a4c2a40e0547f37ce565477

SHA1
d419b0ead1efa552fe7cb147e5a4f3b45f931db2

SHA256
7d3e1fb89cb17ae7d19b78e4458cd641ed4584dfffbc79ee5976843e385c6021

SHA512
e60d365326475bc0be07c5c2846c941b3091b5dd0c386238b05bd310a9810fb1296cef4fd63a837f72eacdb50d0565b354ab8dbbaeff7322dcf87350de853b97

Download Submit
C:\Windows\system\kCmabCr.exe

Filesize
6.0MB

MD5
554eb9170197dcc58de1a62df5687116

SHA1
695d35b12e4c82578b57269b897e022075251242

SHA256
e960a636ed4eb60c5f00400ca253302fe81840d37c179ca98819ab0dc46a3d74

SHA512
025b39666d417af47918592b04ef1d482589346d33d0acf9f5ee99314e8991183824df3c50b1c23458cad32812fd45a23a400049be99da21b5f03e26fe9fdbf0

Download Submit
C:\Windows\system\lDisZGv.exe

Filesize
6.0MB

MD5
e1d9b2d4d7710740a82ed7e7a7c4681d

SHA1
3627b1633d8c1316b0b407d2ca52eaceec7bc24d

SHA256
5203015568c679c9f7676b1ec807afbf4e54b02b6da0c3a658eb59ef07c109d5

SHA512
efc4c364702d634d9332fa8f9fd558ad740bad6e0e8c0c2a1db5c4156c52dc16433aed786d348097938043593280f3b5fe113689390e124055f62593d63b5692

Download Submit
C:\Windows\system\nEGMIgR.exe

Filesize
6.0MB

MD5
87e986b5de26d5490cfa64e56ca828d4

SHA1
8aca64b4e925e5f4d8823ec70961efefe964975b

SHA256
32dee8fb865a27d1b5a543687d42ef61b000c37b83d9a6c40196cb52e3a8e1b1

SHA512
3c7cfc289a06132c07006d08f13eba3c082cf0077235323204f87984e2264f98e020030bf18c3cd7624a0852d76e8de803e2eb5ad152b67ca4ecdc15d46c2442

Download Submit
C:\Windows\system\oWIMCtw.exe

Filesize
6.0MB

MD5
9ba33b791bda0ce63544895a8b1a2765

SHA1
4e20d4562061d195d63cd282b7d346f04a2daaf9

SHA256
e2be73384b2b3b34449547cc3477dc8928c685e663000280b87f2501d61d6776

SHA512
69cfe7f10ab5afd441f0831e35aad46270acf285a6d82f78498241becae28c4eac35b07a427e4856c03068090ae26e0d36a5e913c33d2f3c5584c2feb1a89a6f

Download Submit
C:\Windows\system\ofgrSFG.exe

Filesize
6.0MB

MD5
f9ae4a888c36c48b1e04a5695cffcd58

SHA1
00c03cb97812641e5a9114990364f2582abc1666

SHA256
c99e7b3c663fbceaed3774f40aed8a18714a8d9471c581237822558382f23d45

SHA512
7a05190d7513bae2cab090818bbb1b644f6c3b4fc64f8e402cb29628b6fb00368a6cd7080eebaf674bd3a5f2ebc35690ce34f3bf1ce448e99e20bf70c980a2e3

Download Submit
C:\Windows\system\qCZuEhu.exe

Filesize
6.0MB

MD5
b69b7949764c6e9a29e5905d61ef6211

SHA1
74882084b481c6d68853e29da0930d7f71d0ec3e

SHA256
380ea869b3c749f41575bdac58e6c7aee9f98338e7937b084db451d5839b92ea

SHA512
e03bd77f63344245184798eea4a6717b7c3d9dbd4eddab183f2290c58333f4db2b36bc50ec811751bf0e55bdb90d976911c0a8efbdfc5ee9094f57edbde73dce

Download Submit
C:\Windows\system\rhAiujD.exe

Filesize
6.0MB

MD5
0ba4e2cfc2af8fafaf722f2780771110

SHA1
0e629358257d2fd1771281ff388952f8807e80a6

SHA256
d7976151b1d558543638d53de84c293184f873d340fc8f6617f71667bdf6222f

SHA512
3c709b13eb49a540ff536ec399cab930bc502eebd4b7d35fc089f92802348ec9255050c115c401e71dec5d739c19bd549364814535e2ad955b00b211ca514c75

Download Submit
C:\Windows\system\tWygZjd.exe

Filesize
6.0MB

MD5
5d8823f9157ecd4e9bb1a5205c8980c3

SHA1
d5552bfbf33e5aaedc92d25792d0b5858e20d016

SHA256
2cd9c9874b1815684c5183bcbf27dfc4616dcae2403cb79f0c58bd4d3d04a08d

SHA512
3e3c195e548ada1d02c3173f71db8e4f4d5d45f0c6b32a2982f5941028ad817b604a67cf80007c1f374f86b0cc9272fceaec6a93704b79d92dbd5d101f7b59ad

Download Submit
C:\Windows\system\uzNknjI.exe

Filesize
6.0MB

MD5
3e777dfa090319863f38bbdf2be2ab92

SHA1
f9ad15cb7149e66a4f80f09a15fa5e1621506977

SHA256
13fee04dd05c1112f6c7bf0af11a4d9c71b27672836844801a177bbc0ea856d8

SHA512
cb4df24f75fd78fba01afbae9292ce47eb06b37b1b4f0297e5c19b019c9c07dee7315b6b53d5136a1c0e99c7d5e2d3ad58666ff671619fa369bf6b21085c22e7

Download Submit
C:\Windows\system\vkaCXdO.exe

Filesize
6.0MB

MD5
cec4bf46fa38bef8994879f5ecc7631c

SHA1
f09d336a8aa6747971fd467764a89603edcd5fa5

SHA256
25c535127315ccddabaa44cc7309ece68f86c5b742b66c3a11a3a146fd02948e

SHA512
0dc39eee27bb3123e64132fb10c9a47867a69ff6687bed7d59756aa52bf59c63e407cfd40147468998207baa42d874d8101a400f52980e4b8539e7115b90f0e2

Download Submit
C:\Windows\system\vpKllSE.exe

Filesize
6.0MB

MD5
9ffe77d90d92e17df6954798209a1554

SHA1
bb44739508f6344c9810407ab6b12c28778c6f40

SHA256
28e832227f2ba3a78e60008e5f6fa263aec6fd7a1b7183ec63cd0330eda1f525

SHA512
01a1a2af048f2d14554c119187b8d28120fc5ec4886d49ecadd99bedfc08babb7f6fd886b342825d7121f231a37c7d750b45ba7ff6c79e5663a2dcc3a2978508

Download Submit
C:\Windows\system\yfmMREH.exe

Filesize
6.0MB

MD5
1466e01778a9627ea4c6d41e47abeef7

SHA1
4d0c19b5f17b94715df27eb6ff0daaa1dcbdc7f9

SHA256
9c7f32fd8085e6aa703275336898a447f0ad05581b1fdb927998df275ab4150e

SHA512
59e07a34d894aa4ca31bc17ee8ce9d1833eac16ed64c4b4de1f0f34d277824229ff07e6db64a314c27055175cb021dba7a241abb07df6b962067c909ad8eaf17

Download Submit
\Windows\system\fZZpChy.exe

Filesize
6.0MB

MD5
ba1898713e543c81204ccd86f33012b1

SHA1
121e495209053144e703e2146a100e71a3cb591e

SHA256
49c8bca92645c252999398eaf49b251c62161e7047d2e56c35d891f02dacdd06

SHA512
96efd3dfc8fcfd9e98dfc357771e33e28496df932166b64bb42957e1008a711ff3291d2cfba4c25a76ffccb276f0babe7aa0bdb6d6fe3eb84513257cf4af6b6b

Download Submit
memory/1624-14-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/1624-4021-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/1660-11-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/1660-35-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/1660-3066-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/1912-87-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/1912-4020-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-91-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2036-0-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2036-90-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2036-260-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-481-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-84-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-83-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2036-654-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2036-77-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-76-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-16-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2036-28-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-360-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-70-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-12-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-59-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2036-22-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2036-53-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-32-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2036-47-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-41-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2152-80-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2152-4019-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2456-33-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2456-4029-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2468-4028-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2468-56-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-4030-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2580-20-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2608-4018-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-67-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-73-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2656-4026-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2732-4025-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2732-50-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2736-4022-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2736-38-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2784-4024-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2784-63-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2828-4023-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2828-26-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2856-4027-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2856-44-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads