cobaltstrike | edc0458afb390283c05fb6b7f0746a4777e80ba130a8a15b80291e7eb5021220

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/03/2025, 08:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.2MB
MD5

014f429c203caf3f6868641ea267f668
SHA1

c920f3f5c87cb8b2861fbf24a426575197ea1e93
SHA256

edc0458afb390283c05fb6b7f0746a4777e80ba130a8a15b80291e7eb5021220
SHA512

279328c316b99f228428090f80d897ad4fda8f739e68a185816ac3a7d1dceba4aac3c9fe6905dd0f682021c0098c1a8084e850223c31d1028ef874a9cc9e9053
SSDEEP

49152:ROdWCCi7/ras56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6lh:RWWBibf56utgpPFotBER/mQ32lUF

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b00000001226a-3.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001612f-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016855-36.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c62-50.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173da-66.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017472-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018792-147.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d4-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001922c-193.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019244-196.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191ff-186.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190ce-172.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e0-177.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f53-162.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001903b-167.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c26-157.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c1a-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018687-142.dat	cobalt_reflective_dll
behavioral1/files/0x000d00000001866e-137.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000018663-132.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017525-127.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a2-122.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017487-117.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015e71-95.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f1-78.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173fc-102.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001706d-63.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f4-86.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016aa9-47.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001662e-34.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000161f6-20.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001658c-25.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 31 IoCs

miner

resource	yara_rule
behavioral1/memory/2200-14-0x000000013F560000-0x000000013F8B1000-memory.dmp	xmrig
behavioral1/memory/1800-38-0x000000013F5B0000-0x000000013F901000-memory.dmp	xmrig
behavioral1/memory/1040-51-0x000000013F670000-0x000000013F9C1000-memory.dmp	xmrig
behavioral1/memory/2660-79-0x000000013FA60000-0x000000013FDB1000-memory.dmp	xmrig
behavioral1/memory/2988-374-0x000000013F0D0000-0x000000013F421000-memory.dmp	xmrig
behavioral1/memory/1928-590-0x00000000023A0000-0x00000000026F1000-memory.dmp	xmrig
behavioral1/memory/860-855-0x000000013FD20000-0x0000000140071000-memory.dmp	xmrig
behavioral1/memory/1400-670-0x000000013FB10000-0x000000013FE61000-memory.dmp	xmrig
behavioral1/memory/1528-503-0x000000013F260000-0x000000013F5B1000-memory.dmp	xmrig
behavioral1/memory/2556-217-0x000000013F420000-0x000000013F771000-memory.dmp	xmrig
behavioral1/memory/2852-96-0x000000013F4F0000-0x000000013F841000-memory.dmp	xmrig
behavioral1/memory/1928-91-0x000000013F4F0000-0x000000013F841000-memory.dmp	xmrig
behavioral1/memory/2648-103-0x000000013F980000-0x000000013FCD1000-memory.dmp	xmrig
behavioral1/memory/2108-64-0x000000013FA20000-0x000000013FD71000-memory.dmp	xmrig
behavioral1/memory/2696-87-0x000000013F530000-0x000000013F881000-memory.dmp	xmrig
behavioral1/memory/2736-70-0x000000013F640000-0x000000013F991000-memory.dmp	xmrig
behavioral1/memory/1928-37-0x000000013F8B0000-0x000000013FC01000-memory.dmp	xmrig
behavioral1/memory/2108-2762-0x000000013FA20000-0x000000013FD71000-memory.dmp	xmrig
behavioral1/memory/1040-2768-0x000000013F670000-0x000000013F9C1000-memory.dmp	xmrig
behavioral1/memory/2200-2764-0x000000013F560000-0x000000013F8B1000-memory.dmp	xmrig
behavioral1/memory/1800-2763-0x000000013F5B0000-0x000000013F901000-memory.dmp	xmrig
behavioral1/memory/2736-2784-0x000000013F640000-0x000000013F991000-memory.dmp	xmrig
behavioral1/memory/2660-2783-0x000000013FA60000-0x000000013FDB1000-memory.dmp	xmrig
behavioral1/memory/2696-2793-0x000000013F530000-0x000000013F881000-memory.dmp	xmrig
behavioral1/memory/1528-2821-0x000000013F260000-0x000000013F5B1000-memory.dmp	xmrig
behavioral1/memory/2556-2805-0x000000013F420000-0x000000013F771000-memory.dmp	xmrig
behavioral1/memory/2852-2802-0x000000013F4F0000-0x000000013F841000-memory.dmp	xmrig
behavioral1/memory/2648-2829-0x000000013F980000-0x000000013FCD1000-memory.dmp	xmrig
behavioral1/memory/860-2828-0x000000013FD20000-0x0000000140071000-memory.dmp	xmrig
behavioral1/memory/2988-2825-0x000000013F0D0000-0x000000013F421000-memory.dmp	xmrig
behavioral1/memory/1400-2850-0x000000013FB10000-0x000000013FE61000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1800	gLAoCrX.exe
2200	XAZzlQy.exe
1040	dVXWqzl.exe
2108	PxVLjAi.exe
2736	ovEMcun.exe
2660	bkMfIxL.exe
2696	oqCuJjX.exe
2852	HPGNAmb.exe
2648	KNhIRwD.exe
2556	pRakBdO.exe
2988	jtFaMyU.exe
1528	kGUJewK.exe
1400	UJwYHff.exe
860	ELLRhVW.exe
1932	gYbTyaI.exe
1320	NqNWvAe.exe
1644	LmAihGP.exe
2868	vHYEqKT.exe
1660	PtfpcRh.exe
2872	fCsEFoV.exe
2856	Rgywadk.exe
1828	gjbykCu.exe
3004	Vdwjlal.exe
2936	KrDJCTp.exe
2404	nmAerPO.exe
2792	YFwceyk.exe
1620	xHrXZPS.exe
1656	KxRudff.exe
1956	MdWsHiM.exe
328	QnitTlW.exe
1032	lzSQjxM.exe
1560	FIPRRUC.exe
1772	vHodcpU.exe
1380	ucmDMqo.exe
1304	TBmFyoP.exe
1580	LNfbBAb.exe
1056	cgUqBdT.exe
3016	ZqDWmeJ.exe
2304	wTuZqYX.exe
2436	dxkwpsd.exe
2256	SDrVvxC.exe
1940	VnXRrSh.exe
1512	rtQaOGt.exe
2356	VKebCGw.exe
1756	yuWRYHH.exe
1608	GqdatGn.exe
1144	RGvVhMB.exe
1920	xNUtGTm.exe
1792	EpANBIj.exe
2244	gdaZmLN.exe
2684	TccNIiR.exe
2820	nUWinQE.exe
2584	tLMwkDy.exe
2348	ySOUQNk.exe
2804	vsPFLPT.exe
2708	PvZCElc.exe
1748	TJNNfJe.exe
2512	KzyvpCM.exe
2840	hotQfxn.exe
1592	ilAZllX.exe
2884	HwYNyPu.exe
2780	YANnNbn.exe
988	RlVSmxB.exe
1228	gRcNzVE.exe

Loads dropped DLL 64 IoCs

pid	Process
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1928-0-0x000000013F8B0000-0x000000013FC01000-memory.dmp	upx
behavioral1/files/0x000b00000001226a-3.dat	upx
behavioral1/files/0x000800000001612f-10.dat	upx
behavioral1/memory/2200-14-0x000000013F560000-0x000000013F8B1000-memory.dmp	upx
behavioral1/memory/1040-24-0x000000013F670000-0x000000013F9C1000-memory.dmp	upx
behavioral1/memory/2108-27-0x000000013FA20000-0x000000013FD71000-memory.dmp	upx
behavioral1/files/0x0007000000016855-36.dat	upx
behavioral1/memory/1800-38-0x000000013F5B0000-0x000000013F901000-memory.dmp	upx
behavioral1/memory/2736-35-0x000000013F640000-0x000000013F991000-memory.dmp	upx
behavioral1/files/0x0008000000016c62-50.dat	upx
behavioral1/memory/1040-51-0x000000013F670000-0x000000013F9C1000-memory.dmp	upx
behavioral1/memory/2852-55-0x000000013F4F0000-0x000000013F841000-memory.dmp	upx
behavioral1/files/0x00060000000173da-66.dat	upx
behavioral1/memory/2556-71-0x000000013F420000-0x000000013F771000-memory.dmp	upx
behavioral1/memory/2696-48-0x000000013F530000-0x000000013F881000-memory.dmp	upx
behavioral1/memory/1528-88-0x000000013F260000-0x000000013F5B1000-memory.dmp	upx
behavioral1/memory/2648-65-0x000000013F980000-0x000000013FCD1000-memory.dmp	upx
behavioral1/memory/2988-80-0x000000013F0D0000-0x000000013F421000-memory.dmp	upx
behavioral1/memory/2660-79-0x000000013FA60000-0x000000013FDB1000-memory.dmp	upx
behavioral1/files/0x0006000000017472-111.dat	upx
behavioral1/files/0x0005000000018792-147.dat	upx
behavioral1/files/0x00050000000191d4-183.dat	upx
behavioral1/memory/2988-374-0x000000013F0D0000-0x000000013F421000-memory.dmp	upx
behavioral1/memory/860-855-0x000000013FD20000-0x0000000140071000-memory.dmp	upx
behavioral1/memory/1400-670-0x000000013FB10000-0x000000013FE61000-memory.dmp	upx
behavioral1/memory/1528-503-0x000000013F260000-0x000000013F5B1000-memory.dmp	upx
behavioral1/memory/2556-217-0x000000013F420000-0x000000013F771000-memory.dmp	upx
behavioral1/files/0x000500000001922c-193.dat	upx
behavioral1/files/0x0005000000019244-196.dat	upx
behavioral1/files/0x00050000000191ff-186.dat	upx
behavioral1/files/0x00060000000190ce-172.dat	upx
behavioral1/files/0x00060000000190e0-177.dat	upx
behavioral1/files/0x0006000000018f53-162.dat	upx
behavioral1/files/0x000600000001903b-167.dat	upx
behavioral1/files/0x0006000000018c26-157.dat	upx
behavioral1/files/0x0006000000018c1a-152.dat	upx
behavioral1/files/0x0005000000018687-142.dat	upx
behavioral1/files/0x000d00000001866e-137.dat	upx
behavioral1/files/0x0014000000018663-132.dat	upx
behavioral1/files/0x0006000000017525-127.dat	upx
behavioral1/files/0x00060000000174a2-122.dat	upx
behavioral1/files/0x0006000000017487-117.dat	upx
behavioral1/memory/1400-97-0x000000013FB10000-0x000000013FE61000-memory.dmp	upx
behavioral1/memory/2852-96-0x000000013F4F0000-0x000000013F841000-memory.dmp	upx
behavioral1/files/0x0009000000015e71-95.dat	upx
behavioral1/files/0x00060000000173f1-78.dat	upx
behavioral1/memory/860-104-0x000000013FD20000-0x0000000140071000-memory.dmp	upx
behavioral1/memory/2648-103-0x000000013F980000-0x000000013FCD1000-memory.dmp	upx
behavioral1/files/0x00060000000173fc-102.dat	upx
behavioral1/memory/2108-64-0x000000013FA20000-0x000000013FD71000-memory.dmp	upx
behavioral1/files/0x000600000001706d-63.dat	upx
behavioral1/memory/2696-87-0x000000013F530000-0x000000013F881000-memory.dmp	upx
behavioral1/files/0x00060000000173f4-86.dat	upx
behavioral1/files/0x0008000000016aa9-47.dat	upx
behavioral1/memory/2736-70-0x000000013F640000-0x000000013F991000-memory.dmp	upx
behavioral1/files/0x000700000001662e-34.dat	upx
behavioral1/memory/2660-41-0x000000013FA60000-0x000000013FDB1000-memory.dmp	upx
behavioral1/memory/1928-37-0x000000013F8B0000-0x000000013FC01000-memory.dmp	upx
behavioral1/files/0x00080000000161f6-20.dat	upx
behavioral1/files/0x000700000001658c-25.dat	upx
behavioral1/memory/1800-11-0x000000013F5B0000-0x000000013F901000-memory.dmp	upx
behavioral1/memory/2108-2762-0x000000013FA20000-0x000000013FD71000-memory.dmp	upx
behavioral1/memory/1040-2768-0x000000013F670000-0x000000013F9C1000-memory.dmp	upx
behavioral1/memory/2200-2764-0x000000013F560000-0x000000013F8B1000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\DSBKQtw.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GnpJSPu.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nQfOvAE.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gYbTyaI.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VKebCGw.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MdLYouK.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MDZhQnQ.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HuyYEpv.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HEKAIxD.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bSvZHHd.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rAJPHYP.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WgbIPQc.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RowucbL.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NYrrSRk.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sTeQKFt.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tsVyLtD.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VmwfgqI.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HYsWlXx.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EdPpaQT.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fxHglVX.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zERERow.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uhPrnTY.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vrxgkSZ.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QIjcMxR.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WZlpGqP.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sWVpvse.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZsmDlTr.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dYnjNQV.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\avQYhWk.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YZcHhBe.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HxdFjMR.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KNhIRwD.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fwuPGVU.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\akQUgmi.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tIlImhK.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IPbJqEw.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iTmSGff.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BNXSJbw.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LNfbBAb.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tJjoThg.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IiqNeAc.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GKJiIhb.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eMDbVAq.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DfeYDTu.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GTThobD.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yBirTEh.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TBQkjkz.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PLxkKgt.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cSODtzU.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WbvxJBN.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\paxPbfY.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KtbIjsd.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ezaAWPt.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nEcIVgE.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jWiWKpX.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cqYTPet.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YpOrGjY.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IowvExv.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xOdIMel.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GkOijHD.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HUxZkTR.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\siZyTrE.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LggZLLn.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BGlhhhS.exe	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 1800	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1928 wrote to memory of 1800	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1928 wrote to memory of 1800	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1928 wrote to memory of 2200	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1928 wrote to memory of 2200	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1928 wrote to memory of 2200	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1928 wrote to memory of 1040	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1928 wrote to memory of 1040	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1928 wrote to memory of 1040	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1928 wrote to memory of 2108	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1928 wrote to memory of 2108	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1928 wrote to memory of 2108	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1928 wrote to memory of 2736	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1928 wrote to memory of 2736	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1928 wrote to memory of 2736	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1928 wrote to memory of 2660	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1928 wrote to memory of 2660	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1928 wrote to memory of 2660	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1928 wrote to memory of 2696	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1928 wrote to memory of 2696	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1928 wrote to memory of 2696	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1928 wrote to memory of 2852	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1928 wrote to memory of 2852	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1928 wrote to memory of 2852	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1928 wrote to memory of 2648	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1928 wrote to memory of 2648	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1928 wrote to memory of 2648	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1928 wrote to memory of 2556	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1928 wrote to memory of 2556	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1928 wrote to memory of 2556	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1928 wrote to memory of 2988	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1928 wrote to memory of 2988	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1928 wrote to memory of 2988	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1928 wrote to memory of 1528	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1928 wrote to memory of 1528	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1928 wrote to memory of 1528	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1928 wrote to memory of 1400	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1928 wrote to memory of 1400	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1928 wrote to memory of 1400	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1928 wrote to memory of 860	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1928 wrote to memory of 860	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1928 wrote to memory of 860	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1928 wrote to memory of 1932	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1928 wrote to memory of 1932	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1928 wrote to memory of 1932	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1928 wrote to memory of 1320	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1928 wrote to memory of 1320	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1928 wrote to memory of 1320	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1928 wrote to memory of 1644	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1928 wrote to memory of 1644	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1928 wrote to memory of 1644	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1928 wrote to memory of 2868	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1928 wrote to memory of 2868	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1928 wrote to memory of 2868	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1928 wrote to memory of 1660	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1928 wrote to memory of 1660	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1928 wrote to memory of 1660	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1928 wrote to memory of 2872	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1928 wrote to memory of 2872	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1928 wrote to memory of 2872	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1928 wrote to memory of 2856	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1928 wrote to memory of 2856	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1928 wrote to memory of 2856	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1928 wrote to memory of 1828	1928	2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-21_014f429c203caf3f6868641ea267f668_amadey_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Windows\System\gLAoCrX.exe
  C:\Windows\System\gLAoCrX.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\XAZzlQy.exe
  C:\Windows\System\XAZzlQy.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\dVXWqzl.exe
  C:\Windows\System\dVXWqzl.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\PxVLjAi.exe
  C:\Windows\System\PxVLjAi.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\ovEMcun.exe
  C:\Windows\System\ovEMcun.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\bkMfIxL.exe
  C:\Windows\System\bkMfIxL.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\oqCuJjX.exe
  C:\Windows\System\oqCuJjX.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\HPGNAmb.exe
  C:\Windows\System\HPGNAmb.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\KNhIRwD.exe
  C:\Windows\System\KNhIRwD.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\pRakBdO.exe
  C:\Windows\System\pRakBdO.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\jtFaMyU.exe
  C:\Windows\System\jtFaMyU.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\kGUJewK.exe
  C:\Windows\System\kGUJewK.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\UJwYHff.exe
  C:\Windows\System\UJwYHff.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\ELLRhVW.exe
  C:\Windows\System\ELLRhVW.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\gYbTyaI.exe
  C:\Windows\System\gYbTyaI.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\NqNWvAe.exe
  C:\Windows\System\NqNWvAe.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\LmAihGP.exe
  C:\Windows\System\LmAihGP.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\vHYEqKT.exe
  C:\Windows\System\vHYEqKT.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\PtfpcRh.exe
  C:\Windows\System\PtfpcRh.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\fCsEFoV.exe
  C:\Windows\System\fCsEFoV.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\Rgywadk.exe
  C:\Windows\System\Rgywadk.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\gjbykCu.exe
  C:\Windows\System\gjbykCu.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\Vdwjlal.exe
  C:\Windows\System\Vdwjlal.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\KrDJCTp.exe
  C:\Windows\System\KrDJCTp.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\nmAerPO.exe
  C:\Windows\System\nmAerPO.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\YFwceyk.exe
  C:\Windows\System\YFwceyk.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\xHrXZPS.exe
  C:\Windows\System\xHrXZPS.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\KxRudff.exe
  C:\Windows\System\KxRudff.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\MdWsHiM.exe
  C:\Windows\System\MdWsHiM.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\QnitTlW.exe
  C:\Windows\System\QnitTlW.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\lzSQjxM.exe
  C:\Windows\System\lzSQjxM.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\FIPRRUC.exe
  C:\Windows\System\FIPRRUC.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\ucmDMqo.exe
  C:\Windows\System\ucmDMqo.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\vHodcpU.exe
  C:\Windows\System\vHodcpU.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\LNfbBAb.exe
  C:\Windows\System\LNfbBAb.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\TBmFyoP.exe
  C:\Windows\System\TBmFyoP.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\cgUqBdT.exe
  C:\Windows\System\cgUqBdT.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\ZqDWmeJ.exe
  C:\Windows\System\ZqDWmeJ.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\wTuZqYX.exe
  C:\Windows\System\wTuZqYX.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\dxkwpsd.exe
  C:\Windows\System\dxkwpsd.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\SDrVvxC.exe
  C:\Windows\System\SDrVvxC.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\VnXRrSh.exe
  C:\Windows\System\VnXRrSh.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\VKebCGw.exe
  C:\Windows\System\VKebCGw.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\rtQaOGt.exe
  C:\Windows\System\rtQaOGt.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\RGvVhMB.exe
  C:\Windows\System\RGvVhMB.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\yuWRYHH.exe
  C:\Windows\System\yuWRYHH.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\EpANBIj.exe
  C:\Windows\System\EpANBIj.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\GqdatGn.exe
  C:\Windows\System\GqdatGn.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\gdaZmLN.exe
  C:\Windows\System\gdaZmLN.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\xNUtGTm.exe
  C:\Windows\System\xNUtGTm.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\TccNIiR.exe
  C:\Windows\System\TccNIiR.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\nUWinQE.exe
  C:\Windows\System\nUWinQE.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\tLMwkDy.exe
  C:\Windows\System\tLMwkDy.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\ySOUQNk.exe
  C:\Windows\System\ySOUQNk.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\vsPFLPT.exe
  C:\Windows\System\vsPFLPT.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\PvZCElc.exe
  C:\Windows\System\PvZCElc.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\TJNNfJe.exe
  C:\Windows\System\TJNNfJe.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\KzyvpCM.exe
  C:\Windows\System\KzyvpCM.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\ilAZllX.exe
  C:\Windows\System\ilAZllX.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\hotQfxn.exe
  C:\Windows\System\hotQfxn.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\YANnNbn.exe
  C:\Windows\System\YANnNbn.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\HwYNyPu.exe
  C:\Windows\System\HwYNyPu.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\gRcNzVE.exe
  C:\Windows\System\gRcNzVE.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\RlVSmxB.exe
  C:\Windows\System\RlVSmxB.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\kBddgLT.exe
  C:\Windows\System\kBddgLT.exe
  2⤵
  PID:1804
- C:\Windows\System\MEGeFvk.exe
  C:\Windows\System\MEGeFvk.exe
  2⤵
  PID:2364
- C:\Windows\System\ZroiVNI.exe
  C:\Windows\System\ZroiVNI.exe
  2⤵
  PID:2028
- C:\Windows\System\uYoPGmP.exe
  C:\Windows\System\uYoPGmP.exe
  2⤵
  PID:2180
- C:\Windows\System\gbyhzDF.exe
  C:\Windows\System\gbyhzDF.exe
  2⤵
  PID:2368
- C:\Windows\System\HIGwtew.exe
  C:\Windows\System\HIGwtew.exe
  2⤵
  PID:932
- C:\Windows\System\GDqGjHX.exe
  C:\Windows\System\GDqGjHX.exe
  2⤵
  PID:1760
- C:\Windows\System\DWleCgM.exe
  C:\Windows\System\DWleCgM.exe
  2⤵
  PID:2120
- C:\Windows\System\HPyyalk.exe
  C:\Windows\System\HPyyalk.exe
  2⤵
  PID:1900
- C:\Windows\System\yvDWrmg.exe
  C:\Windows\System\yvDWrmg.exe
  2⤵
  PID:888
- C:\Windows\System\zQDVFVd.exe
  C:\Windows\System\zQDVFVd.exe
  2⤵
  PID:2960
- C:\Windows\System\CkgJKwi.exe
  C:\Windows\System\CkgJKwi.exe
  2⤵
  PID:2172
- C:\Windows\System\MdLYouK.exe
  C:\Windows\System\MdLYouK.exe
  2⤵
  PID:992
- C:\Windows\System\lyMiYdS.exe
  C:\Windows\System\lyMiYdS.exe
  2⤵
  PID:2720
- C:\Windows\System\qbJZSBi.exe
  C:\Windows\System\qbJZSBi.exe
  2⤵
  PID:1516
- C:\Windows\System\YEAIypY.exe
  C:\Windows\System\YEAIypY.exe
  2⤵
  PID:2728
- C:\Windows\System\nFohhJu.exe
  C:\Windows\System\nFohhJu.exe
  2⤵
  PID:2652
- C:\Windows\System\uCkyRGk.exe
  C:\Windows\System\uCkyRGk.exe
  2⤵
  PID:1732
- C:\Windows\System\uoouaGR.exe
  C:\Windows\System\uoouaGR.exe
  2⤵
  PID:1244
- C:\Windows\System\qHvukbv.exe
  C:\Windows\System\qHvukbv.exe
  2⤵
  PID:2756
- C:\Windows\System\WySvFvt.exe
  C:\Windows\System\WySvFvt.exe
  2⤵
  PID:984
- C:\Windows\System\JTEgDRq.exe
  C:\Windows\System\JTEgDRq.exe
  2⤵
  PID:316
- C:\Windows\System\CnAVSCV.exe
  C:\Windows\System\CnAVSCV.exe
  2⤵
  PID:1340
- C:\Windows\System\kJNJDem.exe
  C:\Windows\System\kJNJDem.exe
  2⤵
  PID:2224
- C:\Windows\System\ymIirom.exe
  C:\Windows\System\ymIirom.exe
  2⤵
  PID:1676
- C:\Windows\System\MmlXnCm.exe
  C:\Windows\System\MmlXnCm.exe
  2⤵
  PID:1540
- C:\Windows\System\kCtOKVf.exe
  C:\Windows\System\kCtOKVf.exe
  2⤵
  PID:2232
- C:\Windows\System\KEgDnKa.exe
  C:\Windows\System\KEgDnKa.exe
  2⤵
  PID:776
- C:\Windows\System\STAeuyD.exe
  C:\Windows\System\STAeuyD.exe
  2⤵
  PID:2924
- C:\Windows\System\ujSLhZO.exe
  C:\Windows\System\ujSLhZO.exe
  2⤵
  PID:1752
- C:\Windows\System\IbmjIPd.exe
  C:\Windows\System\IbmjIPd.exe
  2⤵
  PID:304
- C:\Windows\System\FEklGWG.exe
  C:\Windows\System\FEklGWG.exe
  2⤵
  PID:2140
- C:\Windows\System\SFiQvZs.exe
  C:\Windows\System\SFiQvZs.exe
  2⤵
  PID:3064
- C:\Windows\System\qLqJjxm.exe
  C:\Windows\System\qLqJjxm.exe
  2⤵
  PID:2344
- C:\Windows\System\QzCoWiu.exe
  C:\Windows\System\QzCoWiu.exe
  2⤵
  PID:1060
- C:\Windows\System\KqEYbLZ.exe
  C:\Windows\System\KqEYbLZ.exe
  2⤵
  PID:2332
- C:\Windows\System\YWlCQBd.exe
  C:\Windows\System\YWlCQBd.exe
  2⤵
  PID:2848
- C:\Windows\System\JVvzBvZ.exe
  C:\Windows\System\JVvzBvZ.exe
  2⤵
  PID:700
- C:\Windows\System\MdDbLuk.exe
  C:\Windows\System\MdDbLuk.exe
  2⤵
  PID:836
- C:\Windows\System\fUzZqmM.exe
  C:\Windows\System\fUzZqmM.exe
  2⤵
  PID:1520
- C:\Windows\System\tuQorwc.exe
  C:\Windows\System\tuQorwc.exe
  2⤵
  PID:2504
- C:\Windows\System\JGXOpHe.exe
  C:\Windows\System\JGXOpHe.exe
  2⤵
  PID:3068
- C:\Windows\System\BTGcYMD.exe
  C:\Windows\System\BTGcYMD.exe
  2⤵
  PID:2888
- C:\Windows\System\Dsgqprf.exe
  C:\Windows\System\Dsgqprf.exe
  2⤵
  PID:2580
- C:\Windows\System\zaqxILS.exe
  C:\Windows\System\zaqxILS.exe
  2⤵
  PID:444
- C:\Windows\System\cqYTPet.exe
  C:\Windows\System\cqYTPet.exe
  2⤵
  PID:1820
- C:\Windows\System\ijdDdrd.exe
  C:\Windows\System\ijdDdrd.exe
  2⤵
  PID:2980
- C:\Windows\System\USyWpGE.exe
  C:\Windows\System\USyWpGE.exe
  2⤵
  PID:3080
- C:\Windows\System\laJPmSX.exe
  C:\Windows\System\laJPmSX.exe
  2⤵
  PID:3100
- C:\Windows\System\FgwsuMX.exe
  C:\Windows\System\FgwsuMX.exe
  2⤵
  PID:3116
- C:\Windows\System\fbYvsUW.exe
  C:\Windows\System\fbYvsUW.exe
  2⤵
  PID:3140
- C:\Windows\System\iQsgPTi.exe
  C:\Windows\System\iQsgPTi.exe
  2⤵
  PID:3156
- C:\Windows\System\RTTGAMS.exe
  C:\Windows\System\RTTGAMS.exe
  2⤵
  PID:3176
- C:\Windows\System\DSBKQtw.exe
  C:\Windows\System\DSBKQtw.exe
  2⤵
  PID:3196
- C:\Windows\System\uLvNCEd.exe
  C:\Windows\System\uLvNCEd.exe
  2⤵
  PID:3220
- C:\Windows\System\axbrDIe.exe
  C:\Windows\System\axbrDIe.exe
  2⤵
  PID:3236
- C:\Windows\System\AxTuGsj.exe
  C:\Windows\System\AxTuGsj.exe
  2⤵
  PID:3256
- C:\Windows\System\tKqVmpN.exe
  C:\Windows\System\tKqVmpN.exe
  2⤵
  PID:3276
- C:\Windows\System\cGkSmSi.exe
  C:\Windows\System\cGkSmSi.exe
  2⤵
  PID:3300
- C:\Windows\System\cwWzZOI.exe
  C:\Windows\System\cwWzZOI.exe
  2⤵
  PID:3316
- C:\Windows\System\XbvmGwz.exe
  C:\Windows\System\XbvmGwz.exe
  2⤵
  PID:3344
- C:\Windows\System\wNRFwtr.exe
  C:\Windows\System\wNRFwtr.exe
  2⤵
  PID:3364
- C:\Windows\System\QcHApjY.exe
  C:\Windows\System\QcHApjY.exe
  2⤵
  PID:3384
- C:\Windows\System\dIgNKCY.exe
  C:\Windows\System\dIgNKCY.exe
  2⤵
  PID:3404
- C:\Windows\System\gxIaMmD.exe
  C:\Windows\System\gxIaMmD.exe
  2⤵
  PID:3424
- C:\Windows\System\YkHSeAq.exe
  C:\Windows\System\YkHSeAq.exe
  2⤵
  PID:3444
- C:\Windows\System\rpnwUoE.exe
  C:\Windows\System\rpnwUoE.exe
  2⤵
  PID:3464
- C:\Windows\System\mIIJUJB.exe
  C:\Windows\System\mIIJUJB.exe
  2⤵
  PID:3484
- C:\Windows\System\XzAXiDF.exe
  C:\Windows\System\XzAXiDF.exe
  2⤵
  PID:3508
- C:\Windows\System\QOKNRSp.exe
  C:\Windows\System\QOKNRSp.exe
  2⤵
  PID:3524
- C:\Windows\System\GSsmbuG.exe
  C:\Windows\System\GSsmbuG.exe
  2⤵
  PID:3548
- C:\Windows\System\dqINVrk.exe
  C:\Windows\System\dqINVrk.exe
  2⤵
  PID:3564
- C:\Windows\System\NrtnuaH.exe
  C:\Windows\System\NrtnuaH.exe
  2⤵
  PID:3588
- C:\Windows\System\KoFadZL.exe
  C:\Windows\System\KoFadZL.exe
  2⤵
  PID:3604
- C:\Windows\System\fPVtgTr.exe
  C:\Windows\System\fPVtgTr.exe
  2⤵
  PID:3628
- C:\Windows\System\oHOngzl.exe
  C:\Windows\System\oHOngzl.exe
  2⤵
  PID:3644
- C:\Windows\System\jpCwBaf.exe
  C:\Windows\System\jpCwBaf.exe
  2⤵
  PID:3664
- C:\Windows\System\tbmKiuq.exe
  C:\Windows\System\tbmKiuq.exe
  2⤵
  PID:3684
- C:\Windows\System\QcAPPYL.exe
  C:\Windows\System\QcAPPYL.exe
  2⤵
  PID:3704
- C:\Windows\System\afHLWcb.exe
  C:\Windows\System\afHLWcb.exe
  2⤵
  PID:3724
- C:\Windows\System\NJhKPnw.exe
  C:\Windows\System\NJhKPnw.exe
  2⤵
  PID:3744
- C:\Windows\System\DJgpsZm.exe
  C:\Windows\System\DJgpsZm.exe
  2⤵
  PID:3764
- C:\Windows\System\IrRZGZK.exe
  C:\Windows\System\IrRZGZK.exe
  2⤵
  PID:3784
- C:\Windows\System\MiMItzp.exe
  C:\Windows\System\MiMItzp.exe
  2⤵
  PID:3804
- C:\Windows\System\ikGcFrv.exe
  C:\Windows\System\ikGcFrv.exe
  2⤵
  PID:3828
- C:\Windows\System\DmCeEwx.exe
  C:\Windows\System\DmCeEwx.exe
  2⤵
  PID:3844
- C:\Windows\System\nUlaFKs.exe
  C:\Windows\System\nUlaFKs.exe
  2⤵
  PID:3868
- C:\Windows\System\EzDrUPp.exe
  C:\Windows\System\EzDrUPp.exe
  2⤵
  PID:3884
- C:\Windows\System\CrGAxJi.exe
  C:\Windows\System\CrGAxJi.exe
  2⤵
  PID:3908
- C:\Windows\System\eMDbVAq.exe
  C:\Windows\System\eMDbVAq.exe
  2⤵
  PID:3924
- C:\Windows\System\mdiWgNZ.exe
  C:\Windows\System\mdiWgNZ.exe
  2⤵
  PID:3944
- C:\Windows\System\eNFvRVt.exe
  C:\Windows\System\eNFvRVt.exe
  2⤵
  PID:3964
- C:\Windows\System\rOayGgL.exe
  C:\Windows\System\rOayGgL.exe
  2⤵
  PID:3984
- C:\Windows\System\hGUdGyS.exe
  C:\Windows\System\hGUdGyS.exe
  2⤵
  PID:4004
- C:\Windows\System\IExdTVV.exe
  C:\Windows\System\IExdTVV.exe
  2⤵
  PID:4024
- C:\Windows\System\UoJrLOY.exe
  C:\Windows\System\UoJrLOY.exe
  2⤵
  PID:4044
- C:\Windows\System\SEnYdtH.exe
  C:\Windows\System\SEnYdtH.exe
  2⤵
  PID:4068
- C:\Windows\System\zLTuOvp.exe
  C:\Windows\System\zLTuOvp.exe
  2⤵
  PID:4088
- C:\Windows\System\fRGmbvD.exe
  C:\Windows\System\fRGmbvD.exe
  2⤵
  PID:1532
- C:\Windows\System\WJbaltK.exe
  C:\Windows\System\WJbaltK.exe
  2⤵
  PID:2624
- C:\Windows\System\WlUnzEz.exe
  C:\Windows\System\WlUnzEz.exe
  2⤵
  PID:3088
- C:\Windows\System\iSGDira.exe
  C:\Windows\System\iSGDira.exe
  2⤵
  PID:2972
- C:\Windows\System\addwLct.exe
  C:\Windows\System\addwLct.exe
  2⤵
  PID:668
- C:\Windows\System\PQugTCI.exe
  C:\Windows\System\PQugTCI.exe
  2⤵
  PID:780
- C:\Windows\System\VvcDODt.exe
  C:\Windows\System\VvcDODt.exe
  2⤵
  PID:3212
- C:\Windows\System\UdqNEpM.exe
  C:\Windows\System\UdqNEpM.exe
  2⤵
  PID:3244
- C:\Windows\System\QMhTLtk.exe
  C:\Windows\System\QMhTLtk.exe
  2⤵
  PID:2740
- C:\Windows\System\cVLCfBA.exe
  C:\Windows\System\cVLCfBA.exe
  2⤵
  PID:3284
- C:\Windows\System\XmIKgZT.exe
  C:\Windows\System\XmIKgZT.exe
  2⤵
  PID:3268
- C:\Windows\System\MYHlody.exe
  C:\Windows\System\MYHlody.exe
  2⤵
  PID:3272
- C:\Windows\System\VTXwkme.exe
  C:\Windows\System\VTXwkme.exe
  2⤵
  PID:2788
- C:\Windows\System\hmKgFsa.exe
  C:\Windows\System\hmKgFsa.exe
  2⤵
  PID:3356
- C:\Windows\System\bioMWZh.exe
  C:\Windows\System\bioMWZh.exe
  2⤵
  PID:3360
- C:\Windows\System\kXcsEMK.exe
  C:\Windows\System\kXcsEMK.exe
  2⤵
  PID:3452
- C:\Windows\System\HDBCGtg.exe
  C:\Windows\System\HDBCGtg.exe
  2⤵
  PID:3432
- C:\Windows\System\dOzJurY.exe
  C:\Windows\System\dOzJurY.exe
  2⤵
  PID:3536
- C:\Windows\System\wkAZpzT.exe
  C:\Windows\System\wkAZpzT.exe
  2⤵
  PID:3480
- C:\Windows\System\BrmDPUL.exe
  C:\Windows\System\BrmDPUL.exe
  2⤵
  PID:3612
- C:\Windows\System\uRxchqJ.exe
  C:\Windows\System\uRxchqJ.exe
  2⤵
  PID:3516
- C:\Windows\System\owxVSKm.exe
  C:\Windows\System\owxVSKm.exe
  2⤵
  PID:3600
- C:\Windows\System\WYZWkPR.exe
  C:\Windows\System\WYZWkPR.exe
  2⤵
  PID:3696
- C:\Windows\System\SqxjYSE.exe
  C:\Windows\System\SqxjYSE.exe
  2⤵
  PID:3636
- C:\Windows\System\pMPlwBL.exe
  C:\Windows\System\pMPlwBL.exe
  2⤵
  PID:3672
- C:\Windows\System\fXEQyQR.exe
  C:\Windows\System\fXEQyQR.exe
  2⤵
  PID:3716
- C:\Windows\System\pidSMXA.exe
  C:\Windows\System\pidSMXA.exe
  2⤵
  PID:3860
- C:\Windows\System\BdEgwEh.exe
  C:\Windows\System\BdEgwEh.exe
  2⤵
  PID:3760
- C:\Windows\System\sEcimRY.exe
  C:\Windows\System\sEcimRY.exe
  2⤵
  PID:3900
- C:\Windows\System\OWPxwxV.exe
  C:\Windows\System\OWPxwxV.exe
  2⤵
  PID:3940
- C:\Windows\System\hHkaXKO.exe
  C:\Windows\System\hHkaXKO.exe
  2⤵
  PID:3972
- C:\Windows\System\KhgoHzf.exe
  C:\Windows\System\KhgoHzf.exe
  2⤵
  PID:3916
- C:\Windows\System\cPjmzWB.exe
  C:\Windows\System\cPjmzWB.exe
  2⤵
  PID:3952
- C:\Windows\System\GaizsYK.exe
  C:\Windows\System\GaizsYK.exe
  2⤵
  PID:3992
- C:\Windows\System\wHWzxUz.exe
  C:\Windows\System\wHWzxUz.exe
  2⤵
  PID:4036
- C:\Windows\System\JKzBPqh.exe
  C:\Windows\System\JKzBPqh.exe
  2⤵
  PID:2900
- C:\Windows\System\NLLwyql.exe
  C:\Windows\System\NLLwyql.exe
  2⤵
  PID:3048
- C:\Windows\System\HNnIUtt.exe
  C:\Windows\System\HNnIUtt.exe
  2⤵
  PID:2768
- C:\Windows\System\DJhfIjP.exe
  C:\Windows\System\DJhfIjP.exe
  2⤵
  PID:3204
- C:\Windows\System\cSODtzU.exe
  C:\Windows\System\cSODtzU.exe
  2⤵
  PID:3124
- C:\Windows\System\YSOKfOW.exe
  C:\Windows\System\YSOKfOW.exe
  2⤵
  PID:3248
- C:\Windows\System\vSFUyXX.exe
  C:\Windows\System\vSFUyXX.exe
  2⤵
  PID:3192
- C:\Windows\System\UtEuzdu.exe
  C:\Windows\System\UtEuzdu.exe
  2⤵
  PID:3312
- C:\Windows\System\bGmwjSu.exe
  C:\Windows\System\bGmwjSu.exe
  2⤵
  PID:3412
- C:\Windows\System\QbGQQHA.exe
  C:\Windows\System\QbGQQHA.exe
  2⤵
  PID:2776
- C:\Windows\System\WFVknmk.exe
  C:\Windows\System\WFVknmk.exe
  2⤵
  PID:3352
- C:\Windows\System\PkzvTOm.exe
  C:\Windows\System\PkzvTOm.exe
  2⤵
  PID:3540
- C:\Windows\System\MZsOfhi.exe
  C:\Windows\System\MZsOfhi.exe
  2⤵
  PID:3556
- C:\Windows\System\oelwRmp.exe
  C:\Windows\System\oelwRmp.exe
  2⤵
  PID:3576
- C:\Windows\System\cDOoJzr.exe
  C:\Windows\System\cDOoJzr.exe
  2⤵
  PID:3560
- C:\Windows\System\wKxqGdP.exe
  C:\Windows\System\wKxqGdP.exe
  2⤵
  PID:3772
- C:\Windows\System\NWqycIs.exe
  C:\Windows\System\NWqycIs.exe
  2⤵
  PID:3740
- C:\Windows\System\VOvaKiy.exe
  C:\Windows\System\VOvaKiy.exe
  2⤵
  PID:3792
- C:\Windows\System\vaYGxKR.exe
  C:\Windows\System\vaYGxKR.exe
  2⤵
  PID:3856
- C:\Windows\System\OXBmaKx.exe
  C:\Windows\System\OXBmaKx.exe
  2⤵
  PID:3932
- C:\Windows\System\mlvYQAv.exe
  C:\Windows\System\mlvYQAv.exe
  2⤵
  PID:4000
- C:\Windows\System\SlLAurx.exe
  C:\Windows\System\SlLAurx.exe
  2⤵
  PID:4056
- C:\Windows\System\opEKFBA.exe
  C:\Windows\System\opEKFBA.exe
  2⤵
  PID:4080
- C:\Windows\System\yFjfCgV.exe
  C:\Windows\System\yFjfCgV.exe
  2⤵
  PID:3076
- C:\Windows\System\xewJezJ.exe
  C:\Windows\System\xewJezJ.exe
  2⤵
  PID:3112
- C:\Windows\System\AMQzZrZ.exe
  C:\Windows\System\AMQzZrZ.exe
  2⤵
  PID:3264
- C:\Windows\System\NBhNtEL.exe
  C:\Windows\System\NBhNtEL.exe
  2⤵
  PID:3172
- C:\Windows\System\HBiLNRW.exe
  C:\Windows\System\HBiLNRW.exe
  2⤵
  PID:3456
- C:\Windows\System\OorUaTD.exe
  C:\Windows\System\OorUaTD.exe
  2⤵
  PID:3400
- C:\Windows\System\ZrpUdVO.exe
  C:\Windows\System\ZrpUdVO.exe
  2⤵
  PID:3620
- C:\Windows\System\LzrEvEn.exe
  C:\Windows\System\LzrEvEn.exe
  2⤵
  PID:3372
- C:\Windows\System\SLElDUw.exe
  C:\Windows\System\SLElDUw.exe
  2⤵
  PID:2372
- C:\Windows\System\YaauBku.exe
  C:\Windows\System\YaauBku.exe
  2⤵
  PID:3680
- C:\Windows\System\UTRoVeF.exe
  C:\Windows\System\UTRoVeF.exe
  2⤵
  PID:3896
- C:\Windows\System\trkogBC.exe
  C:\Windows\System\trkogBC.exe
  2⤵
  PID:3876
- C:\Windows\System\WnNIEeH.exe
  C:\Windows\System\WnNIEeH.exe
  2⤵
  PID:3132
- C:\Windows\System\FhoMkWc.exe
  C:\Windows\System\FhoMkWc.exe
  2⤵
  PID:2316
- C:\Windows\System\lSciSbS.exe
  C:\Windows\System\lSciSbS.exe
  2⤵
  PID:3092
- C:\Windows\System\KAHRMas.exe
  C:\Windows\System\KAHRMas.exe
  2⤵
  PID:2576
- C:\Windows\System\myaEYlz.exe
  C:\Windows\System\myaEYlz.exe
  2⤵
  PID:3296
- C:\Windows\System\DsYJwLo.exe
  C:\Windows\System\DsYJwLo.exe
  2⤵
  PID:3544
- C:\Windows\System\kJPxiVm.exe
  C:\Windows\System\kJPxiVm.exe
  2⤵
  PID:3776
- C:\Windows\System\hzfnKpx.exe
  C:\Windows\System\hzfnKpx.exe
  2⤵
  PID:2544
- C:\Windows\System\pwOwDYn.exe
  C:\Windows\System\pwOwDYn.exe
  2⤵
  PID:3824
- C:\Windows\System\eCYJalT.exe
  C:\Windows\System\eCYJalT.exe
  2⤵
  PID:2136
- C:\Windows\System\UepiETI.exe
  C:\Windows\System\UepiETI.exe
  2⤵
  PID:3136
- C:\Windows\System\FmkJHHW.exe
  C:\Windows\System\FmkJHHW.exe
  2⤵
  PID:3500
- C:\Windows\System\FwiuyUi.exe
  C:\Windows\System\FwiuyUi.exe
  2⤵
  PID:2084
- C:\Windows\System\ULdbQYq.exe
  C:\Windows\System\ULdbQYq.exe
  2⤵
  PID:2748
- C:\Windows\System\SYEiJAO.exe
  C:\Windows\System\SYEiJAO.exe
  2⤵
  PID:3208
- C:\Windows\System\MaCgNXP.exe
  C:\Windows\System\MaCgNXP.exe
  2⤵
  PID:1344
- C:\Windows\System\tUmFomG.exe
  C:\Windows\System\tUmFomG.exe
  2⤵
  PID:4108
- C:\Windows\System\mqnfThY.exe
  C:\Windows\System\mqnfThY.exe
  2⤵
  PID:4128
- C:\Windows\System\JtahuOa.exe
  C:\Windows\System\JtahuOa.exe
  2⤵
  PID:4148
- C:\Windows\System\WbvxJBN.exe
  C:\Windows\System\WbvxJBN.exe
  2⤵
  PID:4168
- C:\Windows\System\NpGwjIL.exe
  C:\Windows\System\NpGwjIL.exe
  2⤵
  PID:4188
- C:\Windows\System\fqQOXPe.exe
  C:\Windows\System\fqQOXPe.exe
  2⤵
  PID:4208
- C:\Windows\System\oTCPdTE.exe
  C:\Windows\System\oTCPdTE.exe
  2⤵
  PID:4228
- C:\Windows\System\bkViCiH.exe
  C:\Windows\System\bkViCiH.exe
  2⤵
  PID:4248
- C:\Windows\System\erqJkqc.exe
  C:\Windows\System\erqJkqc.exe
  2⤵
  PID:4268
- C:\Windows\System\TVkGpAl.exe
  C:\Windows\System\TVkGpAl.exe
  2⤵
  PID:4284
- C:\Windows\System\nyyBEep.exe
  C:\Windows\System\nyyBEep.exe
  2⤵
  PID:4308
- C:\Windows\System\DfeYDTu.exe
  C:\Windows\System\DfeYDTu.exe
  2⤵
  PID:4324
- C:\Windows\System\sMnQyoy.exe
  C:\Windows\System\sMnQyoy.exe
  2⤵
  PID:4348
- C:\Windows\System\bgWAYfJ.exe
  C:\Windows\System\bgWAYfJ.exe
  2⤵
  PID:4368
- C:\Windows\System\mmsqHCr.exe
  C:\Windows\System\mmsqHCr.exe
  2⤵
  PID:4388
- C:\Windows\System\vRNoAAb.exe
  C:\Windows\System\vRNoAAb.exe
  2⤵
  PID:4404
- C:\Windows\System\qtPqBce.exe
  C:\Windows\System\qtPqBce.exe
  2⤵
  PID:4428
- C:\Windows\System\YfaFJSj.exe
  C:\Windows\System\YfaFJSj.exe
  2⤵
  PID:4444
- C:\Windows\System\FuHYCov.exe
  C:\Windows\System\FuHYCov.exe
  2⤵
  PID:4468
- C:\Windows\System\nmGFujC.exe
  C:\Windows\System\nmGFujC.exe
  2⤵
  PID:4488
- C:\Windows\System\kxuYyhG.exe
  C:\Windows\System\kxuYyhG.exe
  2⤵
  PID:4508
- C:\Windows\System\RTUKDjV.exe
  C:\Windows\System\RTUKDjV.exe
  2⤵
  PID:4572
- C:\Windows\System\bAsrnLB.exe
  C:\Windows\System\bAsrnLB.exe
  2⤵
  PID:4616
- C:\Windows\System\djTloqC.exe
  C:\Windows\System\djTloqC.exe
  2⤵
  PID:4632
- C:\Windows\System\FxgXWlI.exe
  C:\Windows\System\FxgXWlI.exe
  2⤵
  PID:4656
- C:\Windows\System\WgbIPQc.exe
  C:\Windows\System\WgbIPQc.exe
  2⤵
  PID:4672
- C:\Windows\System\PWBtSKC.exe
  C:\Windows\System\PWBtSKC.exe
  2⤵
  PID:4696
- C:\Windows\System\QuuUQzt.exe
  C:\Windows\System\QuuUQzt.exe
  2⤵
  PID:4712
- C:\Windows\System\UBVJbtx.exe
  C:\Windows\System\UBVJbtx.exe
  2⤵
  PID:4736
- C:\Windows\System\kVHujcn.exe
  C:\Windows\System\kVHujcn.exe
  2⤵
  PID:4752
- C:\Windows\System\MLkeGas.exe
  C:\Windows\System\MLkeGas.exe
  2⤵
  PID:4776
- C:\Windows\System\Fxqdfbv.exe
  C:\Windows\System\Fxqdfbv.exe
  2⤵
  PID:4792
- C:\Windows\System\PdXTaYw.exe
  C:\Windows\System\PdXTaYw.exe
  2⤵
  PID:4816
- C:\Windows\System\yLcSvSG.exe
  C:\Windows\System\yLcSvSG.exe
  2⤵
  PID:4832
- C:\Windows\System\RowucbL.exe
  C:\Windows\System\RowucbL.exe
  2⤵
  PID:4856
- C:\Windows\System\GLNUDNm.exe
  C:\Windows\System\GLNUDNm.exe
  2⤵
  PID:4872
- C:\Windows\System\HNUZmrF.exe
  C:\Windows\System\HNUZmrF.exe
  2⤵
  PID:4896
- C:\Windows\System\dNltcQI.exe
  C:\Windows\System\dNltcQI.exe
  2⤵
  PID:4912
- C:\Windows\System\RuGLeJI.exe
  C:\Windows\System\RuGLeJI.exe
  2⤵
  PID:4936
- C:\Windows\System\UtplzUQ.exe
  C:\Windows\System\UtplzUQ.exe
  2⤵
  PID:4956
- C:\Windows\System\lljyUdJ.exe
  C:\Windows\System\lljyUdJ.exe
  2⤵
  PID:4976
- C:\Windows\System\lAbHSae.exe
  C:\Windows\System\lAbHSae.exe
  2⤵
  PID:4996
- C:\Windows\System\SKkgECa.exe
  C:\Windows\System\SKkgECa.exe
  2⤵
  PID:5016
- C:\Windows\System\krKsPTz.exe
  C:\Windows\System\krKsPTz.exe
  2⤵
  PID:5032
- C:\Windows\System\uFbAMLe.exe
  C:\Windows\System\uFbAMLe.exe
  2⤵
  PID:5056
- C:\Windows\System\WDUpQkR.exe
  C:\Windows\System\WDUpQkR.exe
  2⤵
  PID:5072
- C:\Windows\System\jAHniUV.exe
  C:\Windows\System\jAHniUV.exe
  2⤵
  PID:5096
- C:\Windows\System\XTShHKl.exe
  C:\Windows\System\XTShHKl.exe
  2⤵
  PID:5116
- C:\Windows\System\jcLdwBv.exe
  C:\Windows\System\jcLdwBv.exe
  2⤵
  PID:2288
- C:\Windows\System\pRrgkMR.exe
  C:\Windows\System\pRrgkMR.exe
  2⤵
  PID:3496
- C:\Windows\System\MjGbKEC.exe
  C:\Windows\System\MjGbKEC.exe
  2⤵
  PID:2896
- C:\Windows\System\seJrLoA.exe
  C:\Windows\System\seJrLoA.exe
  2⤵
  PID:1108
- C:\Windows\System\vKkntng.exe
  C:\Windows\System\vKkntng.exe
  2⤵
  PID:4020
- C:\Windows\System\USzVris.exe
  C:\Windows\System\USzVris.exe
  2⤵
  PID:4136
- C:\Windows\System\cBNYyZT.exe
  C:\Windows\System\cBNYyZT.exe
  2⤵
  PID:2476
- C:\Windows\System\LnnHUMr.exe
  C:\Windows\System\LnnHUMr.exe
  2⤵
  PID:2552
- C:\Windows\System\MHNrIvN.exe
  C:\Windows\System\MHNrIvN.exe
  2⤵
  PID:4216
- C:\Windows\System\eubTUdd.exe
  C:\Windows\System\eubTUdd.exe
  2⤵
  PID:4200
- C:\Windows\System\BCRIfLJ.exe
  C:\Windows\System\BCRIfLJ.exe
  2⤵
  PID:4204
- C:\Windows\System\JIjYrDY.exe
  C:\Windows\System\JIjYrDY.exe
  2⤵
  PID:4260
- C:\Windows\System\tcLrHcX.exe
  C:\Windows\System\tcLrHcX.exe
  2⤵
  PID:4296
- C:\Windows\System\fxJuEbE.exe
  C:\Windows\System\fxJuEbE.exe
  2⤵
  PID:4280
- C:\Windows\System\ruenNOq.exe
  C:\Windows\System\ruenNOq.exe
  2⤵
  PID:4316
- C:\Windows\System\XZPFyBJ.exe
  C:\Windows\System\XZPFyBJ.exe
  2⤵
  PID:4344
- C:\Windows\System\YLUArKn.exe
  C:\Windows\System\YLUArKn.exe
  2⤵
  PID:4380
- C:\Windows\System\NplvHSq.exe
  C:\Windows\System\NplvHSq.exe
  2⤵
  PID:4420
- C:\Windows\System\HiwXVOD.exe
  C:\Windows\System\HiwXVOD.exe
  2⤵
  PID:4396
- C:\Windows\System\aCcRXLK.exe
  C:\Windows\System\aCcRXLK.exe
  2⤵
  PID:4460
- C:\Windows\System\IgWamkr.exe
  C:\Windows\System\IgWamkr.exe
  2⤵
  PID:4504
- C:\Windows\System\OOSzVyH.exe
  C:\Windows\System\OOSzVyH.exe
  2⤵
  PID:4480
- C:\Windows\System\WkiPjaT.exe
  C:\Windows\System\WkiPjaT.exe
  2⤵
  PID:4528
- C:\Windows\System\abntpme.exe
  C:\Windows\System\abntpme.exe
  2⤵
  PID:4544
- C:\Windows\System\ACJjYuH.exe
  C:\Windows\System\ACJjYuH.exe
  2⤵
  PID:2004
- C:\Windows\System\vlQiUjF.exe
  C:\Windows\System\vlQiUjF.exe
  2⤵
  PID:4608
- C:\Windows\System\xksydkV.exe
  C:\Windows\System\xksydkV.exe
  2⤵
  PID:3056
- C:\Windows\System\RmvMAuf.exe
  C:\Windows\System\RmvMAuf.exe
  2⤵
  PID:4668
- C:\Windows\System\ToIGqWn.exe
  C:\Windows\System\ToIGqWn.exe
  2⤵
  PID:4720
- C:\Windows\System\tRXFYsM.exe
  C:\Windows\System\tRXFYsM.exe
  2⤵
  PID:4724
- C:\Windows\System\vUTDHTl.exe
  C:\Windows\System\vUTDHTl.exe
  2⤵
  PID:4748
- C:\Windows\System\VBfeYmv.exe
  C:\Windows\System\VBfeYmv.exe
  2⤵
  PID:4788
- C:\Windows\System\ZDuQxZg.exe
  C:\Windows\System\ZDuQxZg.exe
  2⤵
  PID:4848
- C:\Windows\System\vdKjFED.exe
  C:\Windows\System\vdKjFED.exe
  2⤵
  PID:4888
- C:\Windows\System\IJzwaMu.exe
  C:\Windows\System\IJzwaMu.exe
  2⤵
  PID:4920
- C:\Windows\System\TIUsMiY.exe
  C:\Windows\System\TIUsMiY.exe
  2⤵
  PID:4908
- C:\Windows\System\fBwUpsI.exe
  C:\Windows\System\fBwUpsI.exe
  2⤵
  PID:4972
- C:\Windows\System\EeMIFoX.exe
  C:\Windows\System\EeMIFoX.exe
  2⤵
  PID:4948
- C:\Windows\System\kDhipCN.exe
  C:\Windows\System\kDhipCN.exe
  2⤵
  PID:688
- C:\Windows\System\nydECny.exe
  C:\Windows\System\nydECny.exe
  2⤵
  PID:5028
- C:\Windows\System\UQiCAAx.exe
  C:\Windows\System\UQiCAAx.exe
  2⤵
  PID:5064
- C:\Windows\System\QIqnARL.exe
  C:\Windows\System\QIqnARL.exe
  2⤵
  PID:584
- C:\Windows\System\paxPbfY.exe
  C:\Windows\System\paxPbfY.exe
  2⤵
  PID:3584
- C:\Windows\System\xIHvNjy.exe
  C:\Windows\System\xIHvNjy.exe
  2⤵
  PID:1648
- C:\Windows\System\YbfZVkc.exe
  C:\Windows\System\YbfZVkc.exe
  2⤵
  PID:2076
- C:\Windows\System\UqOdErt.exe
  C:\Windows\System\UqOdErt.exe
  2⤵
  PID:4064
- C:\Windows\System\LSOcNuy.exe
  C:\Windows\System\LSOcNuy.exe
  2⤵
  PID:3504
- C:\Windows\System\xcTKKjy.exe
  C:\Windows\System\xcTKKjy.exe
  2⤵
  PID:4180
- C:\Windows\System\IMVjIRq.exe
  C:\Windows\System\IMVjIRq.exe
  2⤵
  PID:4220
- C:\Windows\System\PhYiraf.exe
  C:\Windows\System\PhYiraf.exe
  2⤵
  PID:2892
- C:\Windows\System\zTgOQGe.exe
  C:\Windows\System\zTgOQGe.exe
  2⤵
  PID:4300
- C:\Windows\System\gazGIdA.exe
  C:\Windows\System\gazGIdA.exe
  2⤵
  PID:2876
- C:\Windows\System\QMBEwDC.exe
  C:\Windows\System\QMBEwDC.exe
  2⤵
  PID:948
- C:\Windows\System\eOokxNi.exe
  C:\Windows\System\eOokxNi.exe
  2⤵
  PID:756
- C:\Windows\System\WScLhwj.exe
  C:\Windows\System\WScLhwj.exe
  2⤵
  PID:1972
- C:\Windows\System\vyJGevi.exe
  C:\Windows\System\vyJGevi.exe
  2⤵
  PID:4364
- C:\Windows\System\DaJMqJb.exe
  C:\Windows\System\DaJMqJb.exe
  2⤵
  PID:4496
- C:\Windows\System\GBHXbCq.exe
  C:\Windows\System\GBHXbCq.exe
  2⤵
  PID:4520
- C:\Windows\System\lVrCHVb.exe
  C:\Windows\System\lVrCHVb.exe
  2⤵
  PID:4556
- C:\Windows\System\GFyUqCA.exe
  C:\Windows\System\GFyUqCA.exe
  2⤵
  PID:4500
- C:\Windows\System\AkqVNMO.exe
  C:\Windows\System\AkqVNMO.exe
  2⤵
  PID:2572
- C:\Windows\System\Eqfulhl.exe
  C:\Windows\System\Eqfulhl.exe
  2⤵
  PID:2592
- C:\Windows\System\uSvdFmJ.exe
  C:\Windows\System\uSvdFmJ.exe
  2⤵
  PID:2532
- C:\Windows\System\qnETxpK.exe
  C:\Windows\System\qnETxpK.exe
  2⤵
  PID:468
- C:\Windows\System\EvQtgJM.exe
  C:\Windows\System\EvQtgJM.exe
  2⤵
  PID:4084
- C:\Windows\System\LxlipNM.exe
  C:\Windows\System\LxlipNM.exe
  2⤵
  PID:2880
- C:\Windows\System\fUhdjrA.exe
  C:\Windows\System\fUhdjrA.exe
  2⤵
  PID:2096
- C:\Windows\System\aNIMlaI.exe
  C:\Windows\System\aNIMlaI.exe
  2⤵
  PID:1864
- C:\Windows\System\nHRrKXT.exe
  C:\Windows\System\nHRrKXT.exe
  2⤵
  PID:4692
- C:\Windows\System\FnrrJZV.exe
  C:\Windows\System\FnrrJZV.exe
  2⤵
  PID:4704
- C:\Windows\System\JjIbNEr.exe
  C:\Windows\System\JjIbNEr.exe
  2⤵
  PID:4768
- C:\Windows\System\EwOIyBi.exe
  C:\Windows\System\EwOIyBi.exe
  2⤵
  PID:4804
- C:\Windows\System\bFeWXuq.exe
  C:\Windows\System\bFeWXuq.exe
  2⤵
  PID:1724
- C:\Windows\System\MBNTIDR.exe
  C:\Windows\System\MBNTIDR.exe
  2⤵
  PID:4844
- C:\Windows\System\HZoOKiw.exe
  C:\Windows\System\HZoOKiw.exe
  2⤵
  PID:4884
- C:\Windows\System\aVbXZvM.exe
  C:\Windows\System\aVbXZvM.exe
  2⤵
  PID:4988
- C:\Windows\System\QVDSmJN.exe
  C:\Windows\System\QVDSmJN.exe
  2⤵
  PID:4864
- C:\Windows\System\LReRaHq.exe
  C:\Windows\System\LReRaHq.exe
  2⤵
  PID:5092
- C:\Windows\System\gqgHXhJ.exe
  C:\Windows\System\gqgHXhJ.exe
  2⤵
  PID:5024
- C:\Windows\System\YMQSbFG.exe
  C:\Windows\System\YMQSbFG.exe
  2⤵
  PID:4120
- C:\Windows\System\MYzJFlf.exe
  C:\Windows\System\MYzJFlf.exe
  2⤵
  PID:2128
- C:\Windows\System\ylDhHKl.exe
  C:\Windows\System\ylDhHKl.exe
  2⤵
  PID:4292
- C:\Windows\System\sUipxPx.exe
  C:\Windows\System\sUipxPx.exe
  2⤵
  PID:4304
- C:\Windows\System\LXjojdB.exe
  C:\Windows\System\LXjojdB.exe
  2⤵
  PID:4276
- C:\Windows\System\uMLONpJ.exe
  C:\Windows\System\uMLONpJ.exe
  2⤵
  PID:4424
- C:\Windows\System\BUSIFNf.exe
  C:\Windows\System\BUSIFNf.exe
  2⤵
  PID:4452
- C:\Windows\System\PbkjcYu.exe
  C:\Windows\System\PbkjcYu.exe
  2⤵
  PID:4580
- C:\Windows\System\PeEYMrA.exe
  C:\Windows\System\PeEYMrA.exe
  2⤵
  PID:4536
- C:\Windows\System\jiKojih.exe
  C:\Windows\System\jiKojih.exe
  2⤵
  PID:4640
- C:\Windows\System\FWIGohG.exe
  C:\Windows\System\FWIGohG.exe
  2⤵
  PID:4652
- C:\Windows\System\WnTMiMc.exe
  C:\Windows\System\WnTMiMc.exe
  2⤵
  PID:2392
- C:\Windows\System\jjenIpG.exe
  C:\Windows\System\jjenIpG.exe
  2⤵
  PID:2712
- C:\Windows\System\Itwhwma.exe
  C:\Windows\System\Itwhwma.exe
  2⤵
  PID:4644
- C:\Windows\System\svxDqwT.exe
  C:\Windows\System\svxDqwT.exe
  2⤵
  PID:1140
- C:\Windows\System\pzjjiTq.exe
  C:\Windows\System\pzjjiTq.exe
  2⤵
  PID:4800
- C:\Windows\System\WtRlOKN.exe
  C:\Windows\System\WtRlOKN.exe
  2⤵
  PID:2208
- C:\Windows\System\VInOUbi.exe
  C:\Windows\System\VInOUbi.exe
  2⤵
  PID:4828
- C:\Windows\System\JjyQzMh.exe
  C:\Windows\System\JjyQzMh.exe
  2⤵
  PID:5048
- C:\Windows\System\hdXMTuD.exe
  C:\Windows\System\hdXMTuD.exe
  2⤵
  PID:5108
- C:\Windows\System\swtrZSp.exe
  C:\Windows\System\swtrZSp.exe
  2⤵
  PID:3852
- C:\Windows\System\oqZxdhz.exe
  C:\Windows\System\oqZxdhz.exe
  2⤵
  PID:3800
- C:\Windows\System\HsNAKhN.exe
  C:\Windows\System\HsNAKhN.exe
  2⤵
  PID:1572
- C:\Windows\System\FBDkZWU.exe
  C:\Windows\System\FBDkZWU.exe
  2⤵
  PID:2548
- C:\Windows\System\DlGfAfQ.exe
  C:\Windows\System\DlGfAfQ.exe
  2⤵
  PID:704
- C:\Windows\System\shpMFPe.exe
  C:\Windows\System\shpMFPe.exe
  2⤵
  PID:4336
- C:\Windows\System\XbVXGIo.exe
  C:\Windows\System\XbVXGIo.exe
  2⤵
  PID:4564
- C:\Windows\System\hFkmcLc.exe
  C:\Windows\System\hFkmcLc.exe
  2⤵
  PID:4560
- C:\Windows\System\GTThobD.exe
  C:\Windows\System\GTThobD.exe
  2⤵
  PID:1692
- C:\Windows\System\RiKKUEZ.exe
  C:\Windows\System\RiKKUEZ.exe
  2⤵
  PID:4588
- C:\Windows\System\EhqSsjz.exe
  C:\Windows\System\EhqSsjz.exe
  2⤵
  PID:1248
- C:\Windows\System\zTBaOyM.exe
  C:\Windows\System\zTBaOyM.exe
  2⤵
  PID:3892
- C:\Windows\System\ITbwpks.exe
  C:\Windows\System\ITbwpks.exe
  2⤵
  PID:5068
- C:\Windows\System\HSOmlGA.exe
  C:\Windows\System\HSOmlGA.exe
  2⤵
  PID:4376
- C:\Windows\System\sDgaTtp.exe
  C:\Windows\System\sDgaTtp.exe
  2⤵
  PID:4516
- C:\Windows\System\nXwbcWf.exe
  C:\Windows\System\nXwbcWf.exe
  2⤵
  PID:2772
- C:\Windows\System\XMmqABF.exe
  C:\Windows\System\XMmqABF.exe
  2⤵
  PID:1484
- C:\Windows\System\fHtEOuR.exe
  C:\Windows\System\fHtEOuR.exe
  2⤵
  PID:4964
- C:\Windows\System\ftUSAKg.exe
  C:\Windows\System\ftUSAKg.exe
  2⤵
  PID:5124
- C:\Windows\System\xYVmXfe.exe
  C:\Windows\System\xYVmXfe.exe
  2⤵
  PID:5140
- C:\Windows\System\LnEkCHq.exe
  C:\Windows\System\LnEkCHq.exe
  2⤵
  PID:5160
- C:\Windows\System\ymFMatd.exe
  C:\Windows\System\ymFMatd.exe
  2⤵
  PID:5176
- C:\Windows\System\ltaUlEc.exe
  C:\Windows\System\ltaUlEc.exe
  2⤵
  PID:5192
- C:\Windows\System\bDZErGL.exe
  C:\Windows\System\bDZErGL.exe
  2⤵
  PID:5212
- C:\Windows\System\VNvKHSL.exe
  C:\Windows\System\VNvKHSL.exe
  2⤵
  PID:5232
- C:\Windows\System\wPYyXbz.exe
  C:\Windows\System\wPYyXbz.exe
  2⤵
  PID:5252
- C:\Windows\System\AwsrwyL.exe
  C:\Windows\System\AwsrwyL.exe
  2⤵
  PID:5272
- C:\Windows\System\qDwbzZU.exe
  C:\Windows\System\qDwbzZU.exe
  2⤵
  PID:5296
- C:\Windows\System\lbOLFud.exe
  C:\Windows\System\lbOLFud.exe
  2⤵
  PID:5312
- C:\Windows\System\TVVclcI.exe
  C:\Windows\System\TVVclcI.exe
  2⤵
  PID:5328
- C:\Windows\System\lwWRKgp.exe
  C:\Windows\System\lwWRKgp.exe
  2⤵
  PID:5348
- C:\Windows\System\wGCgEkL.exe
  C:\Windows\System\wGCgEkL.exe
  2⤵
  PID:5364
- C:\Windows\System\SqplZAv.exe
  C:\Windows\System\SqplZAv.exe
  2⤵
  PID:5384
- C:\Windows\System\enuJNJH.exe
  C:\Windows\System\enuJNJH.exe
  2⤵
  PID:5400
- C:\Windows\System\SBddlkV.exe
  C:\Windows\System\SBddlkV.exe
  2⤵
  PID:5416
- C:\Windows\System\eIBwDQO.exe
  C:\Windows\System\eIBwDQO.exe
  2⤵
  PID:5432
- C:\Windows\System\sBdGBQW.exe
  C:\Windows\System\sBdGBQW.exe
  2⤵
  PID:5448
- C:\Windows\System\jZYrRJT.exe
  C:\Windows\System\jZYrRJT.exe
  2⤵
  PID:5464
- C:\Windows\System\FtEPrrj.exe
  C:\Windows\System\FtEPrrj.exe
  2⤵
  PID:5484
- C:\Windows\System\phrBWCN.exe
  C:\Windows\System\phrBWCN.exe
  2⤵
  PID:5500
- C:\Windows\System\oDdgqYR.exe
  C:\Windows\System\oDdgqYR.exe
  2⤵
  PID:5516
- C:\Windows\System\RynaFxF.exe
  C:\Windows\System\RynaFxF.exe
  2⤵
  PID:5536
- C:\Windows\System\DnamQLM.exe
  C:\Windows\System\DnamQLM.exe
  2⤵
  PID:5552
- C:\Windows\System\ycBuYnN.exe
  C:\Windows\System\ycBuYnN.exe
  2⤵
  PID:5628
- C:\Windows\System\obYBlIY.exe
  C:\Windows\System\obYBlIY.exe
  2⤵
  PID:5648
- C:\Windows\System\gXhexBP.exe
  C:\Windows\System\gXhexBP.exe
  2⤵
  PID:5672
- C:\Windows\System\ipFYXXG.exe
  C:\Windows\System\ipFYXXG.exe
  2⤵
  PID:5808
- C:\Windows\System\wdQMxHs.exe
  C:\Windows\System\wdQMxHs.exe
  2⤵
  PID:5836
- C:\Windows\System\hekmrrw.exe
  C:\Windows\System\hekmrrw.exe
  2⤵
  PID:5860
- C:\Windows\System\SzDOaxN.exe
  C:\Windows\System\SzDOaxN.exe
  2⤵
  PID:5876
- C:\Windows\System\hQXXYEj.exe
  C:\Windows\System\hQXXYEj.exe
  2⤵
  PID:5896
- C:\Windows\System\eordTfk.exe
  C:\Windows\System\eordTfk.exe
  2⤵
  PID:5916
- C:\Windows\System\nlxQMbv.exe
  C:\Windows\System\nlxQMbv.exe
  2⤵
  PID:5932
- C:\Windows\System\ClZRlHC.exe
  C:\Windows\System\ClZRlHC.exe
  2⤵
  PID:5948
- C:\Windows\System\mPjkYMV.exe
  C:\Windows\System\mPjkYMV.exe
  2⤵
  PID:5968
- C:\Windows\System\JylmgOE.exe
  C:\Windows\System\JylmgOE.exe
  2⤵
  PID:5984
- C:\Windows\System\yGKZXgm.exe
  C:\Windows\System\yGKZXgm.exe
  2⤵
  PID:6004
- C:\Windows\System\IWAFKwq.exe
  C:\Windows\System\IWAFKwq.exe
  2⤵
  PID:6020
- C:\Windows\System\sMkbzxy.exe
  C:\Windows\System\sMkbzxy.exe
  2⤵
  PID:6036
- C:\Windows\System\PZFOYng.exe
  C:\Windows\System\PZFOYng.exe
  2⤵
  PID:6052
- C:\Windows\System\GxypbUV.exe
  C:\Windows\System\GxypbUV.exe
  2⤵
  PID:6072
- C:\Windows\System\KyCONsw.exe
  C:\Windows\System\KyCONsw.exe
  2⤵
  PID:6140
- C:\Windows\System\mlKxwCU.exe
  C:\Windows\System\mlKxwCU.exe
  2⤵
  PID:4764
- C:\Windows\System\OEnWBml.exe
  C:\Windows\System\OEnWBml.exe
  2⤵
  PID:4592
- C:\Windows\System\mXbVNmS.exe
  C:\Windows\System\mXbVNmS.exe
  2⤵
  PID:5132
- C:\Windows\System\kyiDlgx.exe
  C:\Windows\System\kyiDlgx.exe
  2⤵
  PID:5200
- C:\Windows\System\HLjzRHn.exe
  C:\Windows\System\HLjzRHn.exe
  2⤵
  PID:5240
- C:\Windows\System\edLCsKQ.exe
  C:\Windows\System\edLCsKQ.exe
  2⤵
  PID:2664
- C:\Windows\System\GUTEjZc.exe
  C:\Windows\System\GUTEjZc.exe
  2⤵
  PID:1744
- C:\Windows\System\FIqNQDv.exe
  C:\Windows\System\FIqNQDv.exe
  2⤵
  PID:2212
- C:\Windows\System\SDfQsle.exe
  C:\Windows\System\SDfQsle.exe
  2⤵
  PID:4140
- C:\Windows\System\wBjGHcy.exe
  C:\Windows\System\wBjGHcy.exe
  2⤵
  PID:5156
- C:\Windows\System\kNrujwH.exe
  C:\Windows\System\kNrujwH.exe
  2⤵
  PID:5228
- C:\Windows\System\CpotzLw.exe
  C:\Windows\System\CpotzLw.exe
  2⤵
  PID:5408
- C:\Windows\System\JyUXGfJ.exe
  C:\Windows\System\JyUXGfJ.exe
  2⤵
  PID:5460
- C:\Windows\System\LSnDWbN.exe
  C:\Windows\System\LSnDWbN.exe
  2⤵
  PID:5412
- C:\Windows\System\hKTwNkW.exe
  C:\Windows\System\hKTwNkW.exe
  2⤵
  PID:5476
- C:\Windows\System\BjkRVMa.exe
  C:\Windows\System\BjkRVMa.exe
  2⤵
  PID:5532
- C:\Windows\System\LtTzcZl.exe
  C:\Windows\System\LtTzcZl.exe
  2⤵
  PID:5612
- C:\Windows\System\qjrdgZF.exe
  C:\Windows\System\qjrdgZF.exe
  2⤵
  PID:5668
- C:\Windows\System\TMMSHhK.exe
  C:\Windows\System\TMMSHhK.exe
  2⤵
  PID:5828
- C:\Windows\System\dLUhcqi.exe
  C:\Windows\System\dLUhcqi.exe
  2⤵
  PID:5908
- C:\Windows\System\NiebDbO.exe
  C:\Windows\System\NiebDbO.exe
  2⤵
  PID:5976
- C:\Windows\System\TsXYcxw.exe
  C:\Windows\System\TsXYcxw.exe
  2⤵
  PID:6048
- C:\Windows\System\DIzvWaY.exe
  C:\Windows\System\DIzvWaY.exe
  2⤵
  PID:6096
- C:\Windows\System\CnmMwyu.exe
  C:\Windows\System\CnmMwyu.exe
  2⤵
  PID:5696
- C:\Windows\System\EetCXlw.exe
  C:\Windows\System\EetCXlw.exe
  2⤵
  PID:5764
- C:\Windows\System\zyKXLVs.exe
  C:\Windows\System\zyKXLVs.exe
  2⤵
  PID:5788
- C:\Windows\System\EjbkXFb.exe
  C:\Windows\System\EjbkXFb.exe
  2⤵
  PID:6120
- C:\Windows\System\XeqtRIi.exe
  C:\Windows\System\XeqtRIi.exe
  2⤵
  PID:6136
- C:\Windows\System\UnqrCvW.exe
  C:\Windows\System\UnqrCvW.exe
  2⤵
  PID:5724
- C:\Windows\System\jpyLofP.exe
  C:\Windows\System\jpyLofP.exe
  2⤵
  PID:5740
- C:\Windows\System\unLXVdV.exe
  C:\Windows\System\unLXVdV.exe
  2⤵
  PID:5644
- C:\Windows\System\SYRmhoX.exe
  C:\Windows\System\SYRmhoX.exe
  2⤵
  PID:2864
- C:\Windows\System\cloIIpP.exe
  C:\Windows\System\cloIIpP.exe
  2⤵
  PID:6060
- C:\Windows\System\XoQpePQ.exe
  C:\Windows\System\XoQpePQ.exe
  2⤵
  PID:5136
- C:\Windows\System\WykoZiW.exe
  C:\Windows\System\WykoZiW.exe
  2⤵
  PID:5772
- C:\Windows\System\fgnTPpp.exe
  C:\Windows\System\fgnTPpp.exe
  2⤵
  PID:5280
- C:\Windows\System\FucWskB.exe
  C:\Windows\System\FucWskB.exe
  2⤵
  PID:5856
- C:\Windows\System\krshzTF.exe
  C:\Windows\System\krshzTF.exe
  2⤵
  PID:5960
- C:\Windows\System\ieYFYxg.exe
  C:\Windows\System\ieYFYxg.exe
  2⤵
  PID:6028
- C:\Windows\System\YYcMJcb.exe
  C:\Windows\System\YYcMJcb.exe
  2⤵
  PID:2692
- C:\Windows\System\tFKBUhy.exe
  C:\Windows\System\tFKBUhy.exe
  2⤵
  PID:5152
- C:\Windows\System\NRSOrxv.exe
  C:\Windows\System\NRSOrxv.exe
  2⤵
  PID:5320
- C:\Windows\System\GkJVqUR.exe
  C:\Windows\System\GkJVqUR.exe
  2⤵
  PID:1300
- C:\Windows\System\hDPzceG.exe
  C:\Windows\System\hDPzceG.exe
  2⤵
  PID:5336
- C:\Windows\System\UrnTDTN.exe
  C:\Windows\System\UrnTDTN.exe
  2⤵
  PID:5344
- C:\Windows\System\JgzwXWU.exe
  C:\Windows\System\JgzwXWU.exe
  2⤵
  PID:5428
- C:\Windows\System\nOQRTkT.exe
  C:\Windows\System\nOQRTkT.exe
  2⤵
  PID:5524
- C:\Windows\System\lMwqwcq.exe
  C:\Windows\System\lMwqwcq.exe
  2⤵
  PID:5444
- C:\Windows\System\MleYRnJ.exe
  C:\Windows\System\MleYRnJ.exe
  2⤵
  PID:5620
- C:\Windows\System\KXpNeBG.exe
  C:\Windows\System\KXpNeBG.exe
  2⤵
  PID:5664
- C:\Windows\System\vnCTUdP.exe
  C:\Windows\System\vnCTUdP.exe
  2⤵
  PID:5780
- C:\Windows\System\tzWEmmy.exe
  C:\Windows\System\tzWEmmy.exe
  2⤵
  PID:5284
- C:\Windows\System\ZOautbj.exe
  C:\Windows\System\ZOautbj.exe
  2⤵
  PID:5220
- C:\Windows\System\JTweReC.exe
  C:\Windows\System\JTweReC.exe
  2⤵
  PID:5288
- C:\Windows\System\mAuapsf.exe
  C:\Windows\System\mAuapsf.exe
  2⤵
  PID:6088
- C:\Windows\System\SZlgFDg.exe
  C:\Windows\System\SZlgFDg.exe
  2⤵
  PID:5680
- C:\Windows\System\ywenAmK.exe
  C:\Windows\System\ywenAmK.exe
  2⤵
  PID:5712
- C:\Windows\System\LJmyvuK.exe
  C:\Windows\System\LJmyvuK.exe
  2⤵
  PID:5888
- C:\Windows\System\VHofwsB.exe
  C:\Windows\System\VHofwsB.exe
  2⤵
  PID:5804
- C:\Windows\System\jrQWNwQ.exe
  C:\Windows\System\jrQWNwQ.exe
  2⤵
  PID:5324
- C:\Windows\System\QKCyKuM.exe
  C:\Windows\System\QKCyKuM.exe
  2⤵
  PID:1988
- C:\Windows\System\OYwYDok.exe
  C:\Windows\System\OYwYDok.exe
  2⤵
  PID:5608
- C:\Windows\System\BprKSYa.exe
  C:\Windows\System\BprKSYa.exe
  2⤵
  PID:5392
- C:\Windows\System\vfyaMCe.exe
  C:\Windows\System\vfyaMCe.exe
  2⤵
  PID:5548
- C:\Windows\System\lLBzPaF.exe
  C:\Windows\System\lLBzPaF.exe
  2⤵
  PID:6112
- C:\Windows\System\VsiFrwE.exe
  C:\Windows\System\VsiFrwE.exe
  2⤵
  PID:6132
- C:\Windows\System\AkuWoXz.exe
  C:\Windows\System\AkuWoXz.exe
  2⤵
  PID:5800
- C:\Windows\System\rDquOOv.exe
  C:\Windows\System\rDquOOv.exe
  2⤵
  PID:5248
- C:\Windows\System\ItMiXYt.exe
  C:\Windows\System\ItMiXYt.exe
  2⤵
  PID:5268
- C:\Windows\System\BusqpBL.exe
  C:\Windows\System\BusqpBL.exe
  2⤵
  PID:5824
- C:\Windows\System\YPUuXGx.exe
  C:\Windows\System\YPUuXGx.exe
  2⤵
  PID:6084
- C:\Windows\System\mlJtNqH.exe
  C:\Windows\System\mlJtNqH.exe
  2⤵
  PID:6016
- C:\Windows\System\PrgqrwO.exe
  C:\Windows\System\PrgqrwO.exe
  2⤵
  PID:5760
- C:\Windows\System\lZhfaYd.exe
  C:\Windows\System\lZhfaYd.exe
  2⤵
  PID:5172
- C:\Windows\System\HsSyIAX.exe
  C:\Windows\System\HsSyIAX.exe
  2⤵
  PID:2944
- C:\Windows\System\dclYfAQ.exe
  C:\Windows\System\dclYfAQ.exe
  2⤵
  PID:6108
- C:\Windows\System\eNoArjK.exe
  C:\Windows\System\eNoArjK.exe
  2⤵
  PID:5560
- C:\Windows\System\cXZvdXB.exe
  C:\Windows\System\cXZvdXB.exe
  2⤵
  PID:5208
- C:\Windows\System\upnwmlH.exe
  C:\Windows\System\upnwmlH.exe
  2⤵
  PID:5708
- C:\Windows\System\BlwCjaH.exe
  C:\Windows\System\BlwCjaH.exe
  2⤵
  PID:536
- C:\Windows\System\RLKmica.exe
  C:\Windows\System\RLKmica.exe
  2⤵
  PID:5736
- C:\Windows\System\ImikiOR.exe
  C:\Windows\System\ImikiOR.exe
  2⤵
  PID:5996
- C:\Windows\System\QPGREhT.exe
  C:\Windows\System\QPGREhT.exe
  2⤵
  PID:6000
- C:\Windows\System\VjsQENk.exe
  C:\Windows\System\VjsQENk.exe
  2⤵
  PID:5512
- C:\Windows\System\AhSjXMU.exe
  C:\Windows\System\AhSjXMU.exe
  2⤵
  PID:6012
- C:\Windows\System\TWnxjYi.exe
  C:\Windows\System\TWnxjYi.exe
  2⤵
  PID:5940
- C:\Windows\System\pBxzvSo.exe
  C:\Windows\System\pBxzvSo.exe
  2⤵
  PID:5924
- C:\Windows\System\inpHKyj.exe
  C:\Windows\System\inpHKyj.exe
  2⤵
  PID:6160
- C:\Windows\System\krEeOoW.exe
  C:\Windows\System\krEeOoW.exe
  2⤵
  PID:6176
- C:\Windows\System\vZQEEjO.exe
  C:\Windows\System\vZQEEjO.exe
  2⤵
  PID:6196
- C:\Windows\System\PTHxmVV.exe
  C:\Windows\System\PTHxmVV.exe
  2⤵
  PID:6224
- C:\Windows\System\VlrJAEL.exe
  C:\Windows\System\VlrJAEL.exe
  2⤵
  PID:6244
- C:\Windows\System\oNDFfcU.exe
  C:\Windows\System\oNDFfcU.exe
  2⤵
  PID:6264
- C:\Windows\System\gyKXLWO.exe
  C:\Windows\System\gyKXLWO.exe
  2⤵
  PID:6292
- C:\Windows\System\ijvBqeH.exe
  C:\Windows\System\ijvBqeH.exe
  2⤵
  PID:6308
- C:\Windows\System\tiCfoDP.exe
  C:\Windows\System\tiCfoDP.exe
  2⤵
  PID:6324
- C:\Windows\System\DZdNXlz.exe
  C:\Windows\System\DZdNXlz.exe
  2⤵
  PID:6340
- C:\Windows\System\CJNigZG.exe
  C:\Windows\System\CJNigZG.exe
  2⤵
  PID:6360
- C:\Windows\System\iYszeYV.exe
  C:\Windows\System\iYszeYV.exe
  2⤵
  PID:6376
- C:\Windows\System\nMPrnLI.exe
  C:\Windows\System\nMPrnLI.exe
  2⤵
  PID:6396
- C:\Windows\System\kxKqJvo.exe
  C:\Windows\System\kxKqJvo.exe
  2⤵
  PID:6420
- C:\Windows\System\LXQFGHs.exe
  C:\Windows\System\LXQFGHs.exe
  2⤵
  PID:6436
- C:\Windows\System\LriyIgI.exe
  C:\Windows\System\LriyIgI.exe
  2⤵
  PID:6452
- C:\Windows\System\acpoQQH.exe
  C:\Windows\System\acpoQQH.exe
  2⤵
  PID:6488
- C:\Windows\System\gtzYltv.exe
  C:\Windows\System\gtzYltv.exe
  2⤵
  PID:6504
- C:\Windows\System\EBUggif.exe
  C:\Windows\System\EBUggif.exe
  2⤵
  PID:6524
- C:\Windows\System\BeelwZV.exe
  C:\Windows\System\BeelwZV.exe
  2⤵
  PID:6540
- C:\Windows\System\nUPVFOp.exe
  C:\Windows\System\nUPVFOp.exe
  2⤵
  PID:6556
- C:\Windows\System\KtdWCHK.exe
  C:\Windows\System\KtdWCHK.exe
  2⤵
  PID:6576
- C:\Windows\System\tGOGxoq.exe
  C:\Windows\System\tGOGxoq.exe
  2⤵
  PID:6596
- C:\Windows\System\xGcVCvZ.exe
  C:\Windows\System\xGcVCvZ.exe
  2⤵
  PID:6612
- C:\Windows\System\vIUZaIe.exe
  C:\Windows\System\vIUZaIe.exe
  2⤵
  PID:6632
- C:\Windows\System\JZTpjRF.exe
  C:\Windows\System\JZTpjRF.exe
  2⤵
  PID:6648
- C:\Windows\System\rROiQQV.exe
  C:\Windows\System\rROiQQV.exe
  2⤵
  PID:6668
- C:\Windows\System\SbujVwC.exe
  C:\Windows\System\SbujVwC.exe
  2⤵
  PID:6700
- C:\Windows\System\PPlnASF.exe
  C:\Windows\System\PPlnASF.exe
  2⤵
  PID:6716
- C:\Windows\System\CvbENPO.exe
  C:\Windows\System\CvbENPO.exe
  2⤵
  PID:6732
- C:\Windows\System\NYrrSRk.exe
  C:\Windows\System\NYrrSRk.exe
  2⤵
  PID:6748
- C:\Windows\System\szKVSEF.exe
  C:\Windows\System\szKVSEF.exe
  2⤵
  PID:6764
- C:\Windows\System\HsfjPXF.exe
  C:\Windows\System\HsfjPXF.exe
  2⤵
  PID:6780
- C:\Windows\System\UdATZOg.exe
  C:\Windows\System\UdATZOg.exe
  2⤵
  PID:6796
- C:\Windows\System\bsDfmwh.exe
  C:\Windows\System\bsDfmwh.exe
  2⤵
  PID:6816
- C:\Windows\System\iycbIrk.exe
  C:\Windows\System\iycbIrk.exe
  2⤵
  PID:6836
- C:\Windows\System\cUcsYqT.exe
  C:\Windows\System\cUcsYqT.exe
  2⤵
  PID:6856
- C:\Windows\System\BXlBYge.exe
  C:\Windows\System\BXlBYge.exe
  2⤵
  PID:6872
- C:\Windows\System\RyphGBN.exe
  C:\Windows\System\RyphGBN.exe
  2⤵
  PID:6888
- C:\Windows\System\KaTcpyQ.exe
  C:\Windows\System\KaTcpyQ.exe
  2⤵
  PID:6908
- C:\Windows\System\xeAxmAf.exe
  C:\Windows\System\xeAxmAf.exe
  2⤵
  PID:6948
- C:\Windows\System\PdbDmQg.exe
  C:\Windows\System\PdbDmQg.exe
  2⤵
  PID:6964
- C:\Windows\System\uMFdtNS.exe
  C:\Windows\System\uMFdtNS.exe
  2⤵
  PID:6980
- C:\Windows\System\zCnWVzM.exe
  C:\Windows\System\zCnWVzM.exe
  2⤵
  PID:6996
- C:\Windows\System\UgaaQdA.exe
  C:\Windows\System\UgaaQdA.exe
  2⤵
  PID:7012
- C:\Windows\System\RRGPcha.exe
  C:\Windows\System\RRGPcha.exe
  2⤵
  PID:7028
- C:\Windows\System\wKflutp.exe
  C:\Windows\System\wKflutp.exe
  2⤵
  PID:7052
- C:\Windows\System\ouMRMIf.exe
  C:\Windows\System\ouMRMIf.exe
  2⤵
  PID:7072
- C:\Windows\System\sMVQCan.exe
  C:\Windows\System\sMVQCan.exe
  2⤵
  PID:7088
- C:\Windows\System\nvaZyRc.exe
  C:\Windows\System\nvaZyRc.exe
  2⤵
  PID:7108
- C:\Windows\System\ZlHllOm.exe
  C:\Windows\System\ZlHllOm.exe
  2⤵
  PID:7124
- C:\Windows\System\KCqBvlv.exe
  C:\Windows\System\KCqBvlv.exe
  2⤵
  PID:7144
- C:\Windows\System\rrndcfW.exe
  C:\Windows\System\rrndcfW.exe
  2⤵
  PID:6148
- C:\Windows\System\MKGvrLj.exe
  C:\Windows\System\MKGvrLj.exe
  2⤵
  PID:5304
- C:\Windows\System\SimeGYK.exe
  C:\Windows\System\SimeGYK.exe
  2⤵
  PID:6232
- C:\Windows\System\coiRHNZ.exe
  C:\Windows\System\coiRHNZ.exe
  2⤵
  PID:6116
- C:\Windows\System\VNNbUQs.exe
  C:\Windows\System\VNNbUQs.exe
  2⤵
  PID:6168
- C:\Windows\System\hxhuUBB.exe
  C:\Windows\System\hxhuUBB.exe
  2⤵
  PID:6388
- C:\Windows\System\oqFYAtz.exe
  C:\Windows\System\oqFYAtz.exe
  2⤵
  PID:6460
- C:\Windows\System\pTvPrWE.exe
  C:\Windows\System\pTvPrWE.exe
  2⤵
  PID:6304
- C:\Windows\System\YHHvMWo.exe
  C:\Windows\System\YHHvMWo.exe
  2⤵
  PID:6448
- C:\Windows\System\YTTPDSd.exe
  C:\Windows\System\YTTPDSd.exe
  2⤵
  PID:6336
- C:\Windows\System\XegZNrk.exe
  C:\Windows\System\XegZNrk.exe
  2⤵
  PID:6480
- C:\Windows\System\CyDEBph.exe
  C:\Windows\System\CyDEBph.exe
  2⤵
  PID:6512
- C:\Windows\System\jZSCaDA.exe
  C:\Windows\System\jZSCaDA.exe
  2⤵
  PID:6592
- C:\Windows\System\cECbOcB.exe
  C:\Windows\System\cECbOcB.exe
  2⤵
  PID:6656
- C:\Windows\System\QtBdKui.exe
  C:\Windows\System\QtBdKui.exe
  2⤵
  PID:6532
- C:\Windows\System\MNmJDwE.exe
  C:\Windows\System\MNmJDwE.exe
  2⤵
  PID:6608
- C:\Windows\System\KUZmoJB.exe
  C:\Windows\System\KUZmoJB.exe
  2⤵
  PID:6500
- C:\Windows\System\pVwjCJa.exe
  C:\Windows\System\pVwjCJa.exe
  2⤵
  PID:6708
- C:\Windows\System\CtouZls.exe
  C:\Windows\System\CtouZls.exe
  2⤵
  PID:6744
- C:\Windows\System\kkQfvtm.exe
  C:\Windows\System\kkQfvtm.exe
  2⤵
  PID:6928
- C:\Windows\System\BGhPyXu.exe
  C:\Windows\System\BGhPyXu.exe
  2⤵
  PID:6916
- C:\Windows\System\ENNDHeI.exe
  C:\Windows\System\ENNDHeI.exe
  2⤵
  PID:6760
- C:\Windows\System\ufZVLwP.exe
  C:\Windows\System\ufZVLwP.exe
  2⤵
  PID:6828
- C:\Windows\System\nkGtrbn.exe
  C:\Windows\System\nkGtrbn.exe
  2⤵
  PID:6904
- C:\Windows\System\KtbIjsd.exe
  C:\Windows\System\KtbIjsd.exe
  2⤵
  PID:6976
- C:\Windows\System\visRxrj.exe
  C:\Windows\System\visRxrj.exe
  2⤵
  PID:6188
- C:\Windows\System\uKqsgPv.exe
  C:\Windows\System\uKqsgPv.exe
  2⤵
  PID:6220
- C:\Windows\System\WAgopBG.exe
  C:\Windows\System\WAgopBG.exe
  2⤵
  PID:6992
- C:\Windows\System\IChHmTX.exe
  C:\Windows\System\IChHmTX.exe
  2⤵
  PID:6212
- C:\Windows\System\VhEDnUd.exe
  C:\Windows\System\VhEDnUd.exe
  2⤵
  PID:6404
- C:\Windows\System\VRGbChx.exe
  C:\Windows\System\VRGbChx.exe
  2⤵
  PID:7064
- C:\Windows\System\dzxnFNF.exe
  C:\Windows\System\dzxnFNF.exe
  2⤵
  PID:7104
- C:\Windows\System\YFaohga.exe
  C:\Windows\System\YFaohga.exe
  2⤵
  PID:5692
- C:\Windows\System\NVaFbwz.exe
  C:\Windows\System\NVaFbwz.exe
  2⤵
  PID:6552
- C:\Windows\System\BbcPpTw.exe
  C:\Windows\System\BbcPpTw.exe
  2⤵
  PID:6684
- C:\Windows\System\ZhnTZYU.exe
  C:\Windows\System\ZhnTZYU.exe
  2⤵
  PID:6356
- C:\Windows\System\mpWDyIQ.exe
  C:\Windows\System\mpWDyIQ.exe
  2⤵
  PID:6280
- C:\Windows\System\NebQdMX.exe
  C:\Windows\System\NebQdMX.exe
  2⤵
  PID:6368
- C:\Windows\System\jbbtqKl.exe
  C:\Windows\System\jbbtqKl.exe
  2⤵
  PID:6372
- C:\Windows\System\FsPbIGY.exe
  C:\Windows\System\FsPbIGY.exe
  2⤵
  PID:6620
- C:\Windows\System\jTIbaEa.exe
  C:\Windows\System\jTIbaEa.exe
  2⤵
  PID:6564
- C:\Windows\System\cZJhICB.exe
  C:\Windows\System\cZJhICB.exe
  2⤵
  PID:6848
- C:\Windows\System\dYnjNQV.exe
  C:\Windows\System\dYnjNQV.exe
  2⤵
  PID:6932
- C:\Windows\System\UeShcWZ.exe
  C:\Windows\System\UeShcWZ.exe
  2⤵
  PID:6936
- C:\Windows\System\ENfIRoR.exe
  C:\Windows\System\ENfIRoR.exe
  2⤵
  PID:7036
- C:\Windows\System\tuakfIE.exe
  C:\Windows\System\tuakfIE.exe
  2⤵
  PID:7040
- C:\Windows\System\qvUlWdW.exe
  C:\Windows\System\qvUlWdW.exe
  2⤵
  PID:7116
- C:\Windows\System\yMxzHnW.exe
  C:\Windows\System\yMxzHnW.exe
  2⤵
  PID:7164
- C:\Windows\System\sJbsELk.exe
  C:\Windows\System\sJbsELk.exe
  2⤵
  PID:4416
- C:\Windows\System\WitWtln.exe
  C:\Windows\System\WitWtln.exe
  2⤵
  PID:6640
- C:\Windows\System\KScCzRd.exe
  C:\Windows\System\KScCzRd.exe
  2⤵
  PID:6516
- C:\Windows\System\xOcDlnZ.exe
  C:\Windows\System\xOcDlnZ.exe
  2⤵
  PID:6428
- C:\Windows\System\zrIWDWv.exe
  C:\Windows\System\zrIWDWv.exe
  2⤵
  PID:6584
- C:\Windows\System\fwuPGVU.exe
  C:\Windows\System\fwuPGVU.exe
  2⤵
  PID:6204
- C:\Windows\System\qcTaFXd.exe
  C:\Windows\System\qcTaFXd.exe
  2⤵
  PID:6740
- C:\Windows\System\PDGqAsU.exe
  C:\Windows\System\PDGqAsU.exe
  2⤵
  PID:6468
- C:\Windows\System\QtugWzu.exe
  C:\Windows\System\QtugWzu.exe
  2⤵
  PID:6896
- C:\Windows\System\nbdELjP.exe
  C:\Windows\System\nbdELjP.exe
  2⤵
  PID:6824
- C:\Windows\System\PYwcktQ.exe
  C:\Windows\System\PYwcktQ.exe
  2⤵
  PID:5340
- C:\Windows\System\SJPxBAv.exe
  C:\Windows\System\SJPxBAv.exe
  2⤵
  PID:6960
- C:\Windows\System\qGnTZBe.exe
  C:\Windows\System\qGnTZBe.exe
  2⤵
  PID:7084
- C:\Windows\System\ePXeCFT.exe
  C:\Windows\System\ePXeCFT.exe
  2⤵
  PID:6812
- C:\Windows\System\QCRVJeQ.exe
  C:\Windows\System\QCRVJeQ.exe
  2⤵
  PID:6900
- C:\Windows\System\qWMDyKa.exe
  C:\Windows\System\qWMDyKa.exe
  2⤵
  PID:7060
- C:\Windows\System\POkrpQh.exe
  C:\Windows\System\POkrpQh.exe
  2⤵
  PID:6252
- C:\Windows\System\nKBFtUD.exe
  C:\Windows\System\nKBFtUD.exe
  2⤵
  PID:6920
- C:\Windows\System\wEMUqpu.exe
  C:\Windows\System\wEMUqpu.exe
  2⤵
  PID:6776
- C:\Windows\System\KgtoxLZ.exe
  C:\Windows\System\KgtoxLZ.exe
  2⤵
  PID:6276
- C:\Windows\System\VUkKgBV.exe
  C:\Windows\System\VUkKgBV.exe
  2⤵
  PID:7160
- C:\Windows\System\gkjrfcO.exe
  C:\Windows\System\gkjrfcO.exe
  2⤵
  PID:6884
- C:\Windows\System\bSYxWKj.exe
  C:\Windows\System\bSYxWKj.exe
  2⤵
  PID:7156
- C:\Windows\System\ixdMKCY.exe
  C:\Windows\System\ixdMKCY.exe
  2⤵
  PID:7184
- C:\Windows\System\NbxsEVh.exe
  C:\Windows\System\NbxsEVh.exe
  2⤵
  PID:7200
- C:\Windows\System\YWKVFod.exe
  C:\Windows\System\YWKVFod.exe
  2⤵
  PID:7220
- C:\Windows\System\otrkdGp.exe
  C:\Windows\System\otrkdGp.exe
  2⤵
  PID:7248
- C:\Windows\System\pzJPzeb.exe
  C:\Windows\System\pzJPzeb.exe
  2⤵
  PID:7268
- C:\Windows\System\xpdTUIw.exe
  C:\Windows\System\xpdTUIw.exe
  2⤵
  PID:7304
- C:\Windows\System\qFQoqTt.exe
  C:\Windows\System\qFQoqTt.exe
  2⤵
  PID:7320
- C:\Windows\System\dcRgsUM.exe
  C:\Windows\System\dcRgsUM.exe
  2⤵
  PID:7340
- C:\Windows\System\pSuIbQy.exe
  C:\Windows\System\pSuIbQy.exe
  2⤵
  PID:7356
- C:\Windows\System\lHhAgUx.exe
  C:\Windows\System\lHhAgUx.exe
  2⤵
  PID:7376
- C:\Windows\System\rDkdETT.exe
  C:\Windows\System\rDkdETT.exe
  2⤵
  PID:7392
- C:\Windows\System\gqAMJji.exe
  C:\Windows\System\gqAMJji.exe
  2⤵
  PID:7408
- C:\Windows\System\xcPPVnL.exe
  C:\Windows\System\xcPPVnL.exe
  2⤵
  PID:7448
- C:\Windows\System\WoJbqPQ.exe
  C:\Windows\System\WoJbqPQ.exe
  2⤵
  PID:7464
- C:\Windows\System\oCFGHFf.exe
  C:\Windows\System\oCFGHFf.exe
  2⤵
  PID:7480
- C:\Windows\System\WZmMDiQ.exe
  C:\Windows\System\WZmMDiQ.exe
  2⤵
  PID:7496
- C:\Windows\System\NyyhKph.exe
  C:\Windows\System\NyyhKph.exe
  2⤵
  PID:7520
- C:\Windows\System\fmXWLmw.exe
  C:\Windows\System\fmXWLmw.exe
  2⤵
  PID:7536
- C:\Windows\System\PdZYQaN.exe
  C:\Windows\System\PdZYQaN.exe
  2⤵
  PID:7556
- C:\Windows\System\qftecoR.exe
  C:\Windows\System\qftecoR.exe
  2⤵
  PID:7572
- C:\Windows\System\gJOCydB.exe
  C:\Windows\System\gJOCydB.exe
  2⤵
  PID:7592
- C:\Windows\System\GnpJSPu.exe
  C:\Windows\System\GnpJSPu.exe
  2⤵
  PID:7608
- C:\Windows\System\ZRldxIh.exe
  C:\Windows\System\ZRldxIh.exe
  2⤵
  PID:7624
- C:\Windows\System\ZKzbAaQ.exe
  C:\Windows\System\ZKzbAaQ.exe
  2⤵
  PID:7640
- C:\Windows\System\xCyZVuA.exe
  C:\Windows\System\xCyZVuA.exe
  2⤵
  PID:7660
- C:\Windows\System\wWIFPgY.exe
  C:\Windows\System\wWIFPgY.exe
  2⤵
  PID:7676
- C:\Windows\System\MMfjnAv.exe
  C:\Windows\System\MMfjnAv.exe
  2⤵
  PID:7696
- C:\Windows\System\VpLmNOq.exe
  C:\Windows\System\VpLmNOq.exe
  2⤵
  PID:7712
- C:\Windows\System\LJWTmnY.exe
  C:\Windows\System\LJWTmnY.exe
  2⤵
  PID:7744
- C:\Windows\System\QRSIVoD.exe
  C:\Windows\System\QRSIVoD.exe
  2⤵
  PID:7764
- C:\Windows\System\fmXDYSH.exe
  C:\Windows\System\fmXDYSH.exe
  2⤵
  PID:7780
- C:\Windows\System\VhThEjX.exe
  C:\Windows\System\VhThEjX.exe
  2⤵
  PID:7800
- C:\Windows\System\drSuxZO.exe
  C:\Windows\System\drSuxZO.exe
  2⤵
  PID:7816
- C:\Windows\System\KXnBJok.exe
  C:\Windows\System\KXnBJok.exe
  2⤵
  PID:7836
- C:\Windows\System\OWBxBen.exe
  C:\Windows\System\OWBxBen.exe
  2⤵
  PID:7864
- C:\Windows\System\yNNqzTO.exe
  C:\Windows\System\yNNqzTO.exe
  2⤵
  PID:7884
- C:\Windows\System\LJFuuyr.exe
  C:\Windows\System\LJFuuyr.exe
  2⤵
  PID:7928
- C:\Windows\System\iosFMdB.exe
  C:\Windows\System\iosFMdB.exe
  2⤵
  PID:7948
- C:\Windows\System\UnEPysN.exe
  C:\Windows\System\UnEPysN.exe
  2⤵
  PID:7964
- C:\Windows\System\gPIpfLB.exe
  C:\Windows\System\gPIpfLB.exe
  2⤵
  PID:7980
- C:\Windows\System\IHYGArc.exe
  C:\Windows\System\IHYGArc.exe
  2⤵
  PID:7996
- C:\Windows\System\CiVRduH.exe
  C:\Windows\System\CiVRduH.exe
  2⤵
  PID:8016
- C:\Windows\System\IbknUyB.exe
  C:\Windows\System\IbknUyB.exe
  2⤵
  PID:8032
- C:\Windows\System\GwQpjGg.exe
  C:\Windows\System\GwQpjGg.exe
  2⤵
  PID:8048
- C:\Windows\System\AfbopRa.exe
  C:\Windows\System\AfbopRa.exe
  2⤵
  PID:8068
- C:\Windows\System\SmFHroA.exe
  C:\Windows\System\SmFHroA.exe
  2⤵
  PID:8084
- C:\Windows\System\SekxWTy.exe
  C:\Windows\System\SekxWTy.exe
  2⤵
  PID:8104
- C:\Windows\System\VENIVEV.exe
  C:\Windows\System\VENIVEV.exe
  2⤵
  PID:8124
- C:\Windows\System\zqygnUf.exe
  C:\Windows\System\zqygnUf.exe
  2⤵
  PID:8140
- C:\Windows\System\DCVihaN.exe
  C:\Windows\System\DCVihaN.exe
  2⤵
  PID:8160
- C:\Windows\System\NfbwJhr.exe
  C:\Windows\System\NfbwJhr.exe
  2⤵
  PID:8180
- C:\Windows\System\vwOuyep.exe
  C:\Windows\System\vwOuyep.exe
  2⤵
  PID:6880
- C:\Windows\System\MIvvaTd.exe
  C:\Windows\System\MIvvaTd.exe
  2⤵
  PID:6628
- C:\Windows\System\ZybhWtt.exe
  C:\Windows\System\ZybhWtt.exe
  2⤵
  PID:7236
- C:\Windows\System\vrrbjKA.exe
  C:\Windows\System\vrrbjKA.exe
  2⤵
  PID:7284
- C:\Windows\System\ZOeFigU.exe
  C:\Windows\System\ZOeFigU.exe
  2⤵
  PID:6192
- C:\Windows\System\acrxnKF.exe
  C:\Windows\System\acrxnKF.exe
  2⤵
  PID:7176
- C:\Windows\System\jhASnXa.exe
  C:\Windows\System\jhASnXa.exe
  2⤵
  PID:7208
- C:\Windows\System\CsZPaMr.exe
  C:\Windows\System\CsZPaMr.exe
  2⤵
  PID:7120
- C:\Windows\System\THgpNKp.exe
  C:\Windows\System\THgpNKp.exe
  2⤵
  PID:7388
- C:\Windows\System\yoIgrDm.exe
  C:\Windows\System\yoIgrDm.exe
  2⤵
  PID:7428
- C:\Windows\System\rcYVOoR.exe
  C:\Windows\System\rcYVOoR.exe
  2⤵
  PID:7444
- C:\Windows\System\mqVJGBh.exe
  C:\Windows\System\mqVJGBh.exe
  2⤵
  PID:7492
- C:\Windows\System\weqgtpM.exe
  C:\Windows\System\weqgtpM.exe
  2⤵
  PID:7568
- C:\Windows\System\xepAfnn.exe
  C:\Windows\System\xepAfnn.exe
  2⤵
  PID:7512
- C:\Windows\System\JXgaFGE.exe
  C:\Windows\System\JXgaFGE.exe
  2⤵
  PID:7636
- C:\Windows\System\gAjfFFC.exe
  C:\Windows\System\gAjfFFC.exe
  2⤵
  PID:7760
- C:\Windows\System\VdUjlpe.exe
  C:\Windows\System\VdUjlpe.exe
  2⤵
  PID:7796
- C:\Windows\System\HwGOqxI.exe
  C:\Windows\System\HwGOqxI.exe
  2⤵
  PID:7616
- C:\Windows\System\vnVLBUQ.exe
  C:\Windows\System\vnVLBUQ.exe
  2⤵
  PID:7724
- C:\Windows\System\XParjIk.exe
  C:\Windows\System\XParjIk.exe
  2⤵
  PID:7740
- C:\Windows\System\UTKYrXA.exe
  C:\Windows\System\UTKYrXA.exe
  2⤵
  PID:7584
- C:\Windows\System\uUIzSMI.exe
  C:\Windows\System\uUIzSMI.exe
  2⤵
  PID:7852
- C:\Windows\System\HiuHZCO.exe
  C:\Windows\System\HiuHZCO.exe
  2⤵
  PID:7652
- C:\Windows\System\arVZBQM.exe
  C:\Windows\System\arVZBQM.exe
  2⤵
  PID:7720
- C:\Windows\System\gBdRBeM.exe
  C:\Windows\System\gBdRBeM.exe
  2⤵
  PID:7904
- C:\Windows\System\lBXQUGu.exe
  C:\Windows\System\lBXQUGu.exe
  2⤵
  PID:7912
- C:\Windows\System\goTNpPW.exe
  C:\Windows\System\goTNpPW.exe
  2⤵
  PID:8004
- C:\Windows\System\qedrnXY.exe
  C:\Windows\System\qedrnXY.exe
  2⤵
  PID:8044
- C:\Windows\System\kYGxPVM.exe
  C:\Windows\System\kYGxPVM.exe
  2⤵
  PID:8056
- C:\Windows\System\oizdrEn.exe
  C:\Windows\System\oizdrEn.exe
  2⤵
  PID:8120
- C:\Windows\System\nLyhNzJ.exe
  C:\Windows\System\nLyhNzJ.exe
  2⤵
  PID:7080
- C:\Windows\System\AmPFRKv.exe
  C:\Windows\System\AmPFRKv.exe
  2⤵
  PID:6756
- C:\Windows\System\mWmPmkS.exe
  C:\Windows\System\mWmPmkS.exe
  2⤵
  PID:7332
- C:\Windows\System\RPbWIml.exe
  C:\Windows\System\RPbWIml.exe
  2⤵
  PID:7048
- C:\Windows\System\WyYWNHZ.exe
  C:\Windows\System\WyYWNHZ.exe
  2⤵
  PID:8064
- C:\Windows\System\nCaHojn.exe
  C:\Windows\System\nCaHojn.exe
  2⤵
  PID:7992
- C:\Windows\System\IOtcfhB.exe
  C:\Windows\System\IOtcfhB.exe
  2⤵
  PID:7276
- C:\Windows\System\ujkibnW.exe
  C:\Windows\System\ujkibnW.exe
  2⤵
  PID:7404
- C:\Windows\System\bwbCdXU.exe
  C:\Windows\System\bwbCdXU.exe
  2⤵
  PID:7384
- C:\Windows\System\fxHglVX.exe
  C:\Windows\System\fxHglVX.exe
  2⤵
  PID:7528
- C:\Windows\System\nuvFGxL.exe
  C:\Windows\System\nuvFGxL.exe
  2⤵
  PID:7488
- C:\Windows\System\kIgHWQO.exe
  C:\Windows\System\kIgHWQO.exe
  2⤵
  PID:7756
- C:\Windows\System\ALPhuQh.exe
  C:\Windows\System\ALPhuQh.exe
  2⤵
  PID:7772
- C:\Windows\System\kLvUQqs.exe
  C:\Windows\System\kLvUQqs.exe
  2⤵
  PID:7548
- C:\Windows\System\mvXqAZn.exe
  C:\Windows\System\mvXqAZn.exe
  2⤵
  PID:7604
- C:\Windows\System\yhCHCET.exe
  C:\Windows\System\yhCHCET.exe
  2⤵
  PID:7944
- C:\Windows\System\jjpfcfA.exe
  C:\Windows\System\jjpfcfA.exe
  2⤵
  PID:8080
- C:\Windows\System\RYecpKl.exe
  C:\Windows\System\RYecpKl.exe
  2⤵
  PID:8156
- C:\Windows\System\oBlcvWX.exe
  C:\Windows\System\oBlcvWX.exe
  2⤵
  PID:8008
- C:\Windows\System\MVkQhIa.exe
  C:\Windows\System\MVkQhIa.exe
  2⤵
  PID:7688
- C:\Windows\System\ImvlPGx.exe
  C:\Windows\System\ImvlPGx.exe
  2⤵
  PID:7736
- C:\Windows\System\GghKxmF.exe
  C:\Windows\System\GghKxmF.exe
  2⤵
  PID:7708
- C:\Windows\System\QqopkcF.exe
  C:\Windows\System\QqopkcF.exe
  2⤵
  PID:7300
- C:\Windows\System\lBBYkDK.exe
  C:\Windows\System\lBBYkDK.exe
  2⤵
  PID:8172
- C:\Windows\System\rQHeeWH.exe
  C:\Windows\System\rQHeeWH.exe
  2⤵
  PID:7328
- C:\Windows\System\DTYjiwp.exe
  C:\Windows\System\DTYjiwp.exe
  2⤵
  PID:8096
- C:\Windows\System\kAGMWzY.exe
  C:\Windows\System\kAGMWzY.exe
  2⤵
  PID:6260
- C:\Windows\System\UjLtiGy.exe
  C:\Windows\System\UjLtiGy.exe
  2⤵
  PID:7312
- C:\Windows\System\avQYhWk.exe
  C:\Windows\System\avQYhWk.exe
  2⤵
  PID:7684
- C:\Windows\System\MZxwvQa.exe
  C:\Windows\System\MZxwvQa.exe
  2⤵
  PID:7976
- C:\Windows\System\vQnjdzA.exe
  C:\Windows\System\vQnjdzA.exe
  2⤵
  PID:8040
- C:\Windows\System\YswFUxP.exe
  C:\Windows\System\YswFUxP.exe
  2⤵
  PID:6772
- C:\Windows\System\ILsaZAX.exe
  C:\Windows\System\ILsaZAX.exe
  2⤵
  PID:8024
- C:\Windows\System\odJDCHP.exe
  C:\Windows\System\odJDCHP.exe
  2⤵
  PID:7172
- C:\Windows\System\oCqGiCT.exe
  C:\Windows\System\oCqGiCT.exe
  2⤵
  PID:7876
- C:\Windows\System\osCxZQl.exe
  C:\Windows\System\osCxZQl.exe
  2⤵
  PID:7352
- C:\Windows\System\IPkduFU.exe
  C:\Windows\System\IPkduFU.exe
  2⤵
  PID:7832
- C:\Windows\System\eAwKQWn.exe
  C:\Windows\System\eAwKQWn.exe
  2⤵
  PID:7400
- C:\Windows\System\pTDbLga.exe
  C:\Windows\System\pTDbLga.exe
  2⤵
  PID:7924
- C:\Windows\System\PscSuPQ.exe
  C:\Windows\System\PscSuPQ.exe
  2⤵
  PID:7588
- C:\Windows\System\YFQyBst.exe
  C:\Windows\System\YFQyBst.exe
  2⤵
  PID:7460
- C:\Windows\System\OzkzSNX.exe
  C:\Windows\System\OzkzSNX.exe
  2⤵
  PID:7936
- C:\Windows\System\rlBmSjM.exe
  C:\Windows\System\rlBmSjM.exe
  2⤵
  PID:8208
- C:\Windows\System\sTeQKFt.exe
  C:\Windows\System\sTeQKFt.exe
  2⤵
  PID:8232
- C:\Windows\System\hrLHvut.exe
  C:\Windows\System\hrLHvut.exe
  2⤵
  PID:8248
- C:\Windows\System\GNyMasw.exe
  C:\Windows\System\GNyMasw.exe
  2⤵
  PID:8272
- C:\Windows\System\kfPIFaG.exe
  C:\Windows\System\kfPIFaG.exe
  2⤵
  PID:8296
- C:\Windows\System\EtCzWHe.exe
  C:\Windows\System\EtCzWHe.exe
  2⤵
  PID:8312
- C:\Windows\System\cbNEjhh.exe
  C:\Windows\System\cbNEjhh.exe
  2⤵
  PID:8336
- C:\Windows\System\RnBMATF.exe
  C:\Windows\System\RnBMATF.exe
  2⤵
  PID:8352
- C:\Windows\System\bcmRqla.exe
  C:\Windows\System\bcmRqla.exe
  2⤵
  PID:8376
- C:\Windows\System\AybzhiK.exe
  C:\Windows\System\AybzhiK.exe
  2⤵
  PID:8396
- C:\Windows\System\ZnGvdds.exe
  C:\Windows\System\ZnGvdds.exe
  2⤵
  PID:8412
- C:\Windows\System\SsHDEIo.exe
  C:\Windows\System\SsHDEIo.exe
  2⤵
  PID:8428
- C:\Windows\System\NfVlXZB.exe
  C:\Windows\System\NfVlXZB.exe
  2⤵
  PID:8444
- C:\Windows\System\FFfEjId.exe
  C:\Windows\System\FFfEjId.exe
  2⤵
  PID:8464
- C:\Windows\System\zKCHrmR.exe
  C:\Windows\System\zKCHrmR.exe
  2⤵
  PID:8536
- C:\Windows\System\lRQMoKd.exe
  C:\Windows\System\lRQMoKd.exe
  2⤵
  PID:8560
- C:\Windows\System\bGgpWmB.exe
  C:\Windows\System\bGgpWmB.exe
  2⤵
  PID:8576
- C:\Windows\System\zCmOXAq.exe
  C:\Windows\System\zCmOXAq.exe
  2⤵
  PID:8592
- C:\Windows\System\GvvvyUw.exe
  C:\Windows\System\GvvvyUw.exe
  2⤵
  PID:8608
- C:\Windows\System\vjsYxvT.exe
  C:\Windows\System\vjsYxvT.exe
  2⤵
  PID:8632
- C:\Windows\System\pGJbQzd.exe
  C:\Windows\System\pGJbQzd.exe
  2⤵
  PID:8652
- C:\Windows\System\fwmkrnI.exe
  C:\Windows\System\fwmkrnI.exe
  2⤵
  PID:8668
- C:\Windows\System\NxttjSr.exe
  C:\Windows\System\NxttjSr.exe
  2⤵
  PID:8684
- C:\Windows\System\VRKptuJ.exe
  C:\Windows\System\VRKptuJ.exe
  2⤵
  PID:8700
- C:\Windows\System\wIpIIww.exe
  C:\Windows\System\wIpIIww.exe
  2⤵
  PID:8716
- C:\Windows\System\oMwXnic.exe
  C:\Windows\System\oMwXnic.exe
  2⤵
  PID:8736
- C:\Windows\System\ROAeqHn.exe
  C:\Windows\System\ROAeqHn.exe
  2⤵
  PID:8752
- C:\Windows\System\AeSOsjW.exe
  C:\Windows\System\AeSOsjW.exe
  2⤵
  PID:8772
- C:\Windows\System\pPJSXmX.exe
  C:\Windows\System\pPJSXmX.exe
  2⤵
  PID:8792
- C:\Windows\System\TffvQIN.exe
  C:\Windows\System\TffvQIN.exe
  2⤵
  PID:8808
- C:\Windows\System\IFthADd.exe
  C:\Windows\System\IFthADd.exe
  2⤵
  PID:8824
- C:\Windows\System\DvAASRn.exe
  C:\Windows\System\DvAASRn.exe
  2⤵
  PID:8844
- C:\Windows\System\RVxfDwM.exe
  C:\Windows\System\RVxfDwM.exe
  2⤵
  PID:8872
- C:\Windows\System\MouMMji.exe
  C:\Windows\System\MouMMji.exe
  2⤵
  PID:8888
- C:\Windows\System\cGawOci.exe
  C:\Windows\System\cGawOci.exe
  2⤵
  PID:8904
- C:\Windows\System\kUyNMFn.exe
  C:\Windows\System\kUyNMFn.exe
  2⤵
  PID:8920
- C:\Windows\System\JlOEMlN.exe
  C:\Windows\System\JlOEMlN.exe
  2⤵
  PID:8936
- C:\Windows\System\zthApWU.exe
  C:\Windows\System\zthApWU.exe
  2⤵
  PID:8952
- C:\Windows\System\breOYLC.exe
  C:\Windows\System\breOYLC.exe
  2⤵
  PID:8972
- C:\Windows\System\dxNODGP.exe
  C:\Windows\System\dxNODGP.exe
  2⤵
  PID:8992
- C:\Windows\System\iXKBiGb.exe
  C:\Windows\System\iXKBiGb.exe
  2⤵
  PID:9008
- C:\Windows\System\oIjzFwT.exe
  C:\Windows\System\oIjzFwT.exe
  2⤵
  PID:9028
- C:\Windows\System\rBbkAzE.exe
  C:\Windows\System\rBbkAzE.exe
  2⤵
  PID:9048
- C:\Windows\System\fGCvJuN.exe
  C:\Windows\System\fGCvJuN.exe
  2⤵
  PID:9064
- C:\Windows\System\XCkrCnr.exe
  C:\Windows\System\XCkrCnr.exe
  2⤵
  PID:9116
- C:\Windows\System\MpjtyDD.exe
  C:\Windows\System\MpjtyDD.exe
  2⤵
  PID:9132
- C:\Windows\System\nNZdcJR.exe
  C:\Windows\System\nNZdcJR.exe
  2⤵
  PID:9152
- C:\Windows\System\vIBSTiC.exe
  C:\Windows\System\vIBSTiC.exe
  2⤵
  PID:9168
- C:\Windows\System\uzayTFn.exe
  C:\Windows\System\uzayTFn.exe
  2⤵
  PID:9184
- C:\Windows\System\YAOUgZz.exe
  C:\Windows\System\YAOUgZz.exe
  2⤵
  PID:9200
- C:\Windows\System\TPELmkb.exe
  C:\Windows\System\TPELmkb.exe
  2⤵
  PID:7920
- C:\Windows\System\EUyUULT.exe
  C:\Windows\System\EUyUULT.exe
  2⤵
  PID:8204
- C:\Windows\System\LZgwLzr.exe
  C:\Windows\System\LZgwLzr.exe
  2⤵
  PID:8284
- C:\Windows\System\lnYSrWu.exe
  C:\Windows\System\lnYSrWu.exe
  2⤵
  PID:8328
- C:\Windows\System\jIXXVIJ.exe
  C:\Windows\System\jIXXVIJ.exe
  2⤵
  PID:8364
- C:\Windows\System\sKCttIP.exe
  C:\Windows\System\sKCttIP.exe
  2⤵
  PID:8440
- C:\Windows\System\RzsqRew.exe
  C:\Windows\System\RzsqRew.exe
  2⤵
  PID:7828
- C:\Windows\System\uvhMLCi.exe
  C:\Windows\System\uvhMLCi.exe
  2⤵
  PID:7508
- C:\Windows\System\RPLxxlO.exe
  C:\Windows\System\RPLxxlO.exe
  2⤵
  PID:8484
- C:\Windows\System\JkoiGsL.exe
  C:\Windows\System\JkoiGsL.exe
  2⤵
  PID:7244
- C:\Windows\System\MDTmRfV.exe
  C:\Windows\System\MDTmRfV.exe
  2⤵
  PID:8304
- C:\Windows\System\RfSxgNW.exe
  C:\Windows\System\RfSxgNW.exe
  2⤵
  PID:8492
- C:\Windows\System\twAHgTJ.exe
  C:\Windows\System\twAHgTJ.exe
  2⤵
  PID:8504
- C:\Windows\System\LJQjYWe.exe
  C:\Windows\System\LJQjYWe.exe
  2⤵
  PID:7812
- C:\Windows\System\LBoWmgn.exe
  C:\Windows\System\LBoWmgn.exe
  2⤵
  PID:7892
- C:\Windows\System\NfsiSqx.exe
  C:\Windows\System\NfsiSqx.exe
  2⤵
  PID:8228
- C:\Windows\System\rMmkKAp.exe
  C:\Windows\System\rMmkKAp.exe
  2⤵
  PID:8424
- C:\Windows\System\psrczlG.exe
  C:\Windows\System\psrczlG.exe
  2⤵
  PID:8784
- C:\Windows\System\LDsYdSe.exe
  C:\Windows\System\LDsYdSe.exe
  2⤵
  PID:8760
- C:\Windows\System\HthuMYN.exe
  C:\Windows\System\HthuMYN.exe
  2⤵
  PID:9000
- C:\Windows\System\RDjBJnr.exe
  C:\Windows\System\RDjBJnr.exe
  2⤵
  PID:8332
- C:\Windows\System\vhZwaZN.exe
  C:\Windows\System\vhZwaZN.exe
  2⤵
  PID:8324
- C:\Windows\System\BRuhrwC.exe
  C:\Windows\System\BRuhrwC.exe
  2⤵
  PID:8408
- C:\Windows\System\bgAxVCZ.exe
  C:\Windows\System\bgAxVCZ.exe
  2⤵
  PID:8476
- C:\Windows\System\pOCuEaP.exe
  C:\Windows\System\pOCuEaP.exe
  2⤵
  PID:8512
- C:\Windows\System\IiUsitB.exe
  C:\Windows\System\IiUsitB.exe
  2⤵
  PID:8344
- C:\Windows\System\SzpDjlQ.exe
  C:\Windows\System\SzpDjlQ.exe
  2⤵
  PID:8676
- C:\Windows\System\EosNbIL.exe
  C:\Windows\System\EosNbIL.exe
  2⤵
  PID:8588
- C:\Windows\System\KFOlhoS.exe
  C:\Windows\System\KFOlhoS.exe
  2⤵
  PID:8712
- C:\Windows\System\oOILiIF.exe
  C:\Windows\System\oOILiIF.exe
  2⤵
  PID:8660
- C:\Windows\System\AOclHxx.exe
  C:\Windows\System\AOclHxx.exe
  2⤵
  PID:8836
- C:\Windows\System\cDJdXAM.exe
  C:\Windows\System\cDJdXAM.exe
  2⤵
  PID:8884
- C:\Windows\System\NzcIuMl.exe
  C:\Windows\System\NzcIuMl.exe
  2⤵
  PID:8928
- C:\Windows\System\ekrviMz.exe
  C:\Windows\System\ekrviMz.exe
  2⤵
  PID:9072
- C:\Windows\System\gswaxnH.exe
  C:\Windows\System\gswaxnH.exe
  2⤵
  PID:9088
- C:\Windows\System\HkOzOmZ.exe
  C:\Windows\System\HkOzOmZ.exe
  2⤵
  PID:9112
- C:\Windows\System\iGryxXe.exe
  C:\Windows\System\iGryxXe.exe
  2⤵
  PID:9148
- C:\Windows\System\UTkxzGz.exe
  C:\Windows\System\UTkxzGz.exe
  2⤵
  PID:9164
- C:\Windows\System\JPxTIdx.exe
  C:\Windows\System\JPxTIdx.exe
  2⤵
  PID:9192
- C:\Windows\System\OigViUU.exe
  C:\Windows\System\OigViUU.exe
  2⤵
  PID:7260
- C:\Windows\System\iVRuDnJ.exe
  C:\Windows\System\iVRuDnJ.exe
  2⤵
  PID:8436
- C:\Windows\System\krNGQWz.exe
  C:\Windows\System\krNGQWz.exe
  2⤵
  PID:6320
- C:\Windows\System\ZcSSPiX.exe
  C:\Windows\System\ZcSSPiX.exe
  2⤵
  PID:8912
- C:\Windows\System\tsVyLtD.exe
  C:\Windows\System\tsVyLtD.exe
  2⤵
  PID:8420
- C:\Windows\System\HDSwLRQ.exe
  C:\Windows\System\HDSwLRQ.exe
  2⤵
  PID:8896
- C:\Windows\System\gMHMZWq.exe
  C:\Windows\System\gMHMZWq.exe
  2⤵
  PID:9084
- C:\Windows\System\jSRgmQR.exe
  C:\Windows\System\jSRgmQR.exe
  2⤵
  PID:8780
- C:\Windows\System\zAEPmxD.exe
  C:\Windows\System\zAEPmxD.exe
  2⤵
  PID:8880
- C:\Windows\System\ZUfvdhg.exe
  C:\Windows\System\ZUfvdhg.exe
  2⤵
  PID:9160
- C:\Windows\System\WNxwuNb.exe
  C:\Windows\System\WNxwuNb.exe
  2⤵
  PID:8968
- C:\Windows\System\zERERow.exe
  C:\Windows\System\zERERow.exe
  2⤵
  PID:7672
- C:\Windows\System\pTQAuhl.exe
  C:\Windows\System\pTQAuhl.exe
  2⤵
  PID:9016
- C:\Windows\System\KDMPVZd.exe
  C:\Windows\System\KDMPVZd.exe
  2⤵
  PID:8556
- C:\Windows\System\lMGgZWk.exe
  C:\Windows\System\lMGgZWk.exe
  2⤵
  PID:8220
- C:\Windows\System\pXoRgVr.exe
  C:\Windows\System\pXoRgVr.exe
  2⤵
  PID:8456
- C:\Windows\System\iMJDyvt.exe
  C:\Windows\System\iMJDyvt.exe
  2⤵
  PID:8600
- C:\Windows\System\nqtXMIH.exe
  C:\Windows\System\nqtXMIH.exe
  2⤵
  PID:8664
- C:\Windows\System\aQLEdYU.exe
  C:\Windows\System\aQLEdYU.exe
  2⤵
  PID:8728
- C:\Windows\System\NdjhZcu.exe
  C:\Windows\System\NdjhZcu.exe
  2⤵
  PID:8984
- C:\Windows\System\bXflUrg.exe
  C:\Windows\System\bXflUrg.exe
  2⤵
  PID:8616
- C:\Windows\System\FzzxmWF.exe
  C:\Windows\System\FzzxmWF.exe
  2⤵
  PID:8732
- C:\Windows\System\LXEMyfS.exe
  C:\Windows\System\LXEMyfS.exe
  2⤵
  PID:9036
- C:\Windows\System\pXHuGqJ.exe
  C:\Windows\System\pXHuGqJ.exe
  2⤵
  PID:9128
- C:\Windows\System\KJYvSiu.exe
  C:\Windows\System\KJYvSiu.exe
  2⤵
  PID:8624
- C:\Windows\System\IQqhFji.exe
  C:\Windows\System\IQqhFji.exe
  2⤵
  PID:9040
- C:\Windows\System\PHXtzge.exe
  C:\Windows\System\PHXtzge.exe
  2⤵
  PID:9056
- C:\Windows\System\FFVNomN.exe
  C:\Windows\System\FFVNomN.exe
  2⤵
  PID:8816
- C:\Windows\System\vwNOJrs.exe
  C:\Windows\System\vwNOJrs.exe
  2⤵
  PID:8372
- C:\Windows\System\yyltmie.exe
  C:\Windows\System\yyltmie.exe
  2⤵
  PID:9144
- C:\Windows\System\wEISPji.exe
  C:\Windows\System\wEISPji.exe
  2⤵
  PID:9108
- C:\Windows\System\PpLxqDN.exe
  C:\Windows\System\PpLxqDN.exe
  2⤵
  PID:9208
- C:\Windows\System\gDfVPrh.exe
  C:\Windows\System\gDfVPrh.exe
  2⤵
  PID:8548
- C:\Windows\System\tJjoThg.exe
  C:\Windows\System\tJjoThg.exe
  2⤵
  PID:8244
- C:\Windows\System\atPjVjc.exe
  C:\Windows\System\atPjVjc.exe
  2⤵
  PID:8948
- C:\Windows\System\FEkKwTa.exe
  C:\Windows\System\FEkKwTa.exe
  2⤵
  PID:8744
- C:\Windows\System\TvrQZWQ.exe
  C:\Windows\System\TvrQZWQ.exe
  2⤵
  PID:8856
- C:\Windows\System\zYQVwtD.exe
  C:\Windows\System\zYQVwtD.exe
  2⤵
  PID:8568
- C:\Windows\System\cJRyZGl.exe
  C:\Windows\System\cJRyZGl.exe
  2⤵
  PID:8840
- C:\Windows\System\MrBcQqC.exe
  C:\Windows\System\MrBcQqC.exe
  2⤵
  PID:8640
- C:\Windows\System\pfFFfIk.exe
  C:\Windows\System\pfFFfIk.exe
  2⤵
  PID:8348
- C:\Windows\System\ejYogbo.exe
  C:\Windows\System\ejYogbo.exe
  2⤵
  PID:8528
- C:\Windows\System\vnIlEhJ.exe
  C:\Windows\System\vnIlEhJ.exe
  2⤵
  PID:6412
- C:\Windows\System\sAJamDw.exe
  C:\Windows\System\sAJamDw.exe
  2⤵
  PID:8708
- C:\Windows\System\ToGvtBA.exe
  C:\Windows\System\ToGvtBA.exe
  2⤵
  PID:9236
- C:\Windows\System\hMMuwmH.exe
  C:\Windows\System\hMMuwmH.exe
  2⤵
  PID:9256
- C:\Windows\System\uhPrnTY.exe
  C:\Windows\System\uhPrnTY.exe
  2⤵
  PID:9324
- C:\Windows\System\gcsheMa.exe
  C:\Windows\System\gcsheMa.exe
  2⤵
  PID:9340
- C:\Windows\System\xVooWra.exe
  C:\Windows\System\xVooWra.exe
  2⤵
  PID:9356
- C:\Windows\System\RqGXRcq.exe
  C:\Windows\System\RqGXRcq.exe
  2⤵
  PID:9388
- C:\Windows\System\RPgbJYg.exe
  C:\Windows\System\RPgbJYg.exe
  2⤵
  PID:9404
- C:\Windows\System\pCsKsrQ.exe
  C:\Windows\System\pCsKsrQ.exe
  2⤵
  PID:9424
- C:\Windows\System\Hxfwhcf.exe
  C:\Windows\System\Hxfwhcf.exe
  2⤵
  PID:9440
- C:\Windows\System\DZBrAgM.exe
  C:\Windows\System\DZBrAgM.exe
  2⤵
  PID:9464
- C:\Windows\System\ZUuxfxR.exe
  C:\Windows\System\ZUuxfxR.exe
  2⤵
  PID:9484
- C:\Windows\System\lzKzGIa.exe
  C:\Windows\System\lzKzGIa.exe
  2⤵
  PID:9512
- C:\Windows\System\PcTawqk.exe
  C:\Windows\System\PcTawqk.exe
  2⤵
  PID:9528
- C:\Windows\System\QaXcNZG.exe
  C:\Windows\System\QaXcNZG.exe
  2⤵
  PID:9560
- C:\Windows\System\VReSdko.exe
  C:\Windows\System\VReSdko.exe
  2⤵
  PID:9576
- C:\Windows\System\GTfqYdE.exe
  C:\Windows\System\GTfqYdE.exe
  2⤵
  PID:9600
- C:\Windows\System\PrwQcFN.exe
  C:\Windows\System\PrwQcFN.exe
  2⤵
  PID:9624
- C:\Windows\System\uUNtECE.exe
  C:\Windows\System\uUNtECE.exe
  2⤵
  PID:9652
- C:\Windows\System\GubAEyk.exe
  C:\Windows\System\GubAEyk.exe
  2⤵
  PID:9668
- C:\Windows\System\oxPmatJ.exe
  C:\Windows\System\oxPmatJ.exe
  2⤵
  PID:9688
- C:\Windows\System\rIYcaAt.exe
  C:\Windows\System\rIYcaAt.exe
  2⤵
  PID:9704
- C:\Windows\System\fGpcNUv.exe
  C:\Windows\System\fGpcNUv.exe
  2⤵
  PID:9720
- C:\Windows\System\mLRgRXq.exe
  C:\Windows\System\mLRgRXq.exe
  2⤵
  PID:9736
- C:\Windows\System\QYquorx.exe
  C:\Windows\System\QYquorx.exe
  2⤵
  PID:9752
- C:\Windows\System\IsYJluY.exe
  C:\Windows\System\IsYJluY.exe
  2⤵
  PID:9772
- C:\Windows\System\BsgFbqt.exe
  C:\Windows\System\BsgFbqt.exe
  2⤵
  PID:9872
- C:\Windows\System\qTPOojh.exe
  C:\Windows\System\qTPOojh.exe
  2⤵
  PID:9904
- C:\Windows\System\qFLBojV.exe
  C:\Windows\System\qFLBojV.exe
  2⤵
  PID:9920
- C:\Windows\System\IsJqIIO.exe
  C:\Windows\System\IsJqIIO.exe
  2⤵
  PID:9940
- C:\Windows\System\DcdUCJt.exe
  C:\Windows\System\DcdUCJt.exe
  2⤵
  PID:9960
- C:\Windows\System\DGMsbMJ.exe
  C:\Windows\System\DGMsbMJ.exe
  2⤵
  PID:9984
- C:\Windows\System\UGkMaQU.exe
  C:\Windows\System\UGkMaQU.exe
  2⤵
  PID:10004
- C:\Windows\System\jnOLawl.exe
  C:\Windows\System\jnOLawl.exe
  2⤵
  PID:10020
- C:\Windows\System\jkMhiqx.exe
  C:\Windows\System\jkMhiqx.exe
  2⤵
  PID:10036
- C:\Windows\System\ilUIAeB.exe
  C:\Windows\System\ilUIAeB.exe
  2⤵
  PID:10060
- C:\Windows\System\cZVtwdi.exe
  C:\Windows\System\cZVtwdi.exe
  2⤵
  PID:10080
- C:\Windows\System\IEbZfbh.exe
  C:\Windows\System\IEbZfbh.exe
  2⤵
  PID:10112
- C:\Windows\System\DupIOlu.exe
  C:\Windows\System\DupIOlu.exe
  2⤵
  PID:10128
- C:\Windows\System\UljzeRs.exe
  C:\Windows\System\UljzeRs.exe
  2⤵
  PID:10152
- C:\Windows\System\pBCNYvA.exe
  C:\Windows\System\pBCNYvA.exe
  2⤵
  PID:10172
- C:\Windows\System\LvQUnsQ.exe
  C:\Windows\System\LvQUnsQ.exe
  2⤵
  PID:10196
- C:\Windows\System\uZQaSRa.exe
  C:\Windows\System\uZQaSRa.exe
  2⤵
  PID:10220
- C:\Windows\System\HBhNspt.exe
  C:\Windows\System\HBhNspt.exe
  2⤵
  PID:10236
- C:\Windows\System\cuunVvX.exe
  C:\Windows\System\cuunVvX.exe
  2⤵
  PID:8524
- C:\Windows\System\baOQple.exe
  C:\Windows\System\baOQple.exe
  2⤵
  PID:8988
- C:\Windows\System\VwePXJV.exe
  C:\Windows\System\VwePXJV.exe
  2⤵
  PID:9224
- C:\Windows\System\MejPtHC.exe
  C:\Windows\System\MejPtHC.exe
  2⤵
  PID:9332
- C:\Windows\System\TuesvIw.exe
  C:\Windows\System\TuesvIw.exe
  2⤵
  PID:9284
- C:\Windows\System\asUZeEW.exe
  C:\Windows\System\asUZeEW.exe
  2⤵
  PID:9292
- C:\Windows\System\rDjgACs.exe
  C:\Windows\System\rDjgACs.exe
  2⤵
  PID:9376
- C:\Windows\System\VxkrDld.exe
  C:\Windows\System\VxkrDld.exe
  2⤵
  PID:9420
- C:\Windows\System\GWvkCUF.exe
  C:\Windows\System\GWvkCUF.exe
  2⤵
  PID:9448
- C:\Windows\System\QrZPvOV.exe
  C:\Windows\System\QrZPvOV.exe
  2⤵
  PID:9492
- C:\Windows\System\LpGSbWa.exe
  C:\Windows\System\LpGSbWa.exe
  2⤵
  PID:9352
- C:\Windows\System\xSeNQpE.exe
  C:\Windows\System\xSeNQpE.exe
  2⤵
  PID:9552
- C:\Windows\System\dxnfPmN.exe
  C:\Windows\System\dxnfPmN.exe
  2⤵
  PID:9544
- C:\Windows\System\CusaQPt.exe
  C:\Windows\System\CusaQPt.exe
  2⤵
  PID:9592
- C:\Windows\System\NkDVksf.exe
  C:\Windows\System\NkDVksf.exe
  2⤵
  PID:9644
- C:\Windows\System\KrYYJzc.exe
  C:\Windows\System\KrYYJzc.exe
  2⤵
  PID:9568
- C:\Windows\System\iznGxbg.exe
  C:\Windows\System\iznGxbg.exe
  2⤵
  PID:9616
- C:\Windows\System\YDbFAJn.exe
  C:\Windows\System\YDbFAJn.exe
  2⤵
  PID:9728
- C:\Windows\System\ikPThVT.exe
  C:\Windows\System\ikPThVT.exe
  2⤵
  PID:9768
- C:\Windows\System\HeEcuCe.exe
  C:\Windows\System\HeEcuCe.exe
  2⤵
  PID:9880
- C:\Windows\System\sASpEnM.exe
  C:\Windows\System\sASpEnM.exe
  2⤵
  PID:9800
- C:\Windows\System\YqcYpmm.exe
  C:\Windows\System\YqcYpmm.exe
  2⤵
  PID:9816
- C:\Windows\System\EYREoUA.exe
  C:\Windows\System\EYREoUA.exe
  2⤵
  PID:9860
- C:\Windows\System\FfaBGBn.exe
  C:\Windows\System\FfaBGBn.exe
  2⤵
  PID:9868
- C:\Windows\System\wJfobYt.exe
  C:\Windows\System\wJfobYt.exe
  2⤵
  PID:9892
- C:\Windows\System\KvckzbR.exe
  C:\Windows\System\KvckzbR.exe
  2⤵
  PID:9936
- C:\Windows\System\FVhgJJU.exe
  C:\Windows\System\FVhgJJU.exe
  2⤵
  PID:10000
- C:\Windows\System\YNkuEGZ.exe
  C:\Windows\System\YNkuEGZ.exe
  2⤵
  PID:9972
- C:\Windows\System\uqvWhHm.exe
  C:\Windows\System\uqvWhHm.exe
  2⤵
  PID:10032
- C:\Windows\System\nwDXyNk.exe
  C:\Windows\System\nwDXyNk.exe
  2⤵
  PID:10056
- C:\Windows\System\INkvryA.exe
  C:\Windows\System\INkvryA.exe
  2⤵
  PID:10108
- C:\Windows\System\yZqlObk.exe
  C:\Windows\System\yZqlObk.exe
  2⤵
  PID:10124
- C:\Windows\System\qDyZnIW.exe
  C:\Windows\System\qDyZnIW.exe
  2⤵
  PID:10184
- C:\Windows\System\xxVHJuR.exe
  C:\Windows\System\xxVHJuR.exe
  2⤵
  PID:9312
- C:\Windows\System\MqPzSZj.exe
  C:\Windows\System\MqPzSZj.exe
  2⤵
  PID:9504
- C:\Windows\System\VmwfgqI.exe
  C:\Windows\System\VmwfgqI.exe
  2⤵
  PID:9476
- C:\Windows\System\fqCnKFK.exe
  C:\Windows\System\fqCnKFK.exe
  2⤵
  PID:9548
- C:\Windows\System\MvUQgQl.exe
  C:\Windows\System\MvUQgQl.exe
  2⤵
  PID:9764
- C:\Windows\System\kRXpsXX.exe
  C:\Windows\System\kRXpsXX.exe
  2⤵
  PID:9796
- C:\Windows\System\RMPWomM.exe
  C:\Windows\System\RMPWomM.exe
  2⤵
  PID:9676
- C:\Windows\System\bMfvgmx.exe
  C:\Windows\System\bMfvgmx.exe
  2⤵
  PID:9744
- C:\Windows\System\SKctqOk.exe
  C:\Windows\System\SKctqOk.exe
  2⤵
  PID:9700
- C:\Windows\System\diuqvQg.exe
  C:\Windows\System\diuqvQg.exe
  2⤵
  PID:9812
- C:\Windows\System\HUMrmuu.exe
  C:\Windows\System\HUMrmuu.exe
  2⤵
  PID:10188
- C:\Windows\System\hBZQSvx.exe
  C:\Windows\System\hBZQSvx.exe
  2⤵
  PID:10096
- C:\Windows\System\XBMiKsC.exe
  C:\Windows\System\XBMiKsC.exe
  2⤵
  PID:10208
- C:\Windows\System\CesvIBI.exe
  C:\Windows\System\CesvIBI.exe
  2⤵
  PID:10180
- C:\Windows\System\QJFIkYD.exe
  C:\Windows\System\QJFIkYD.exe
  2⤵
  PID:9956
- C:\Windows\System\yOeEcmh.exe
  C:\Windows\System\yOeEcmh.exe
  2⤵
  PID:9228
- C:\Windows\System\cJyHwOT.exe
  C:\Windows\System\cJyHwOT.exe
  2⤵
  PID:10028
- C:\Windows\System\NfpNaCh.exe
  C:\Windows\System\NfpNaCh.exe
  2⤵
  PID:10072
- C:\Windows\System\GfitBAF.exe
  C:\Windows\System\GfitBAF.exe
  2⤵
  PID:9268
- C:\Windows\System\nhbpQbT.exe
  C:\Windows\System\nhbpQbT.exe
  2⤵
  PID:9280
- C:\Windows\System\eVtuFMB.exe
  C:\Windows\System\eVtuFMB.exe
  2⤵
  PID:9396
- C:\Windows\System\DlJwglw.exe
  C:\Windows\System\DlJwglw.exe
  2⤵
  PID:9636
- C:\Windows\System\jUAAfGK.exe
  C:\Windows\System\jUAAfGK.exe
  2⤵
  PID:9452
- C:\Windows\System\ENrzrBu.exe
  C:\Windows\System\ENrzrBu.exe
  2⤵
  PID:9760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ELLRhVW.exe

Filesize
5.2MB

MD5
7345797ef9faf00d7fdf9b8c739c4aa9

SHA1
a22119aa577f495d4391ac0a61a11ed71d8d58ba

SHA256
819ddb90129b9cdca5f3f346047a1c38fcee1fe42e4ea8169d9ea892615ec2d4

SHA512
0a7922b130fab08927f69607f322f69fc29f55f6eacfa75817966d56ac4acf616b26c27320fd58cb8366d9c9b1337ff028a13a86bb2b6c1f743309d969382cff

Download Submit
C:\Windows\system\FIPRRUC.exe

Filesize
5.2MB

MD5
30f952cb5674cc47a8340d95c7a9097b

SHA1
b215944e2cdce98555c41dc10c282da46ddcf35c

SHA256
ef6567c1a737b1583968987fef38444a99061301f2470038a2f48f56fa748efb

SHA512
1bd47056a7ec6d230f403a899fca98b7689df5a669551a52ddbe3c5a644a5c5fe5ebafdfaed9ccb8ed39b48bdd74026868e03693d696e9b948cd139dddb444b5

Download Submit
C:\Windows\system\KNhIRwD.exe

Filesize
5.2MB

MD5
f8d6e200505e7cf4cfe142e3fb323cfa

SHA1
63878bf9c6139aae4692f186fc239473e462afef

SHA256
ca81f7770823f158c62678a257cbf7f6c386e7c600bb46789c3ec59951306c35

SHA512
c444717bd28b313df82f94777f7212fbc008abf31a2f8c51cdfff698be4401bbab320973dd9eaa5292367fee9bdd8930fb2d1903d921898671a042801458aa18

Download Submit
C:\Windows\system\KrDJCTp.exe

Filesize
5.2MB

MD5
a566f355f70b42284015bc27ba55febb

SHA1
90a94bb8a75507d3691b543466177489687073e5

SHA256
cbb1e4a1a2ce29433c2adf0fed2c0dc9cd39955630493cda5ed7c87a99763d0b

SHA512
f302cc1dcb5489f022fa9c01b50eedf8645f754c61c75ea7f03f03539ee33ff81f2f0057df0b631ff0f0d090d808d0c094c0001f52578e59e538a10efb3be996

Download Submit
C:\Windows\system\KxRudff.exe

Filesize
5.2MB

MD5
d35f05775fe0e6d69587cc418fa6b284

SHA1
aa1aa0f588ba95069a505161e9fa21e3b51d78f8

SHA256
9e816a96c905a3f4bd5c9853394809a6c2932ec18ad0836d7d04df5aa604d154

SHA512
b7f02093e86ea30313258bdc328741e56098d36e8ac66a393a984523146e3f01621fa69aea6c596683b5f16d5b56f98810275f8eaaeb565c15e31b78be97665f

Download Submit
C:\Windows\system\LmAihGP.exe

Filesize
5.2MB

MD5
a5b2b9ee71093cedc684d93470613733

SHA1
89725206843192622611e544eb53941f1e42625b

SHA256
b1a87502d33ee26186fbe1b4cfb809d7bde6829ba8514b43495ec4b396566738

SHA512
a0d633a1e888b7056e126ec9f40262f2b2cf93166efd774d9fb18a0752108495dc9d9c80da70b8f80289b74ef7070647a704951454582c18f13b394a73eaff87

Download Submit
C:\Windows\system\MdWsHiM.exe

Filesize
5.2MB

MD5
1c1e2b534afc3a34973edd368a6cec66

SHA1
e96fba58cbfdfec9a2d6fd860c22d92402379a3f

SHA256
f4f792197301d7fd40c077b58233a9cf85f204bc7ded40530beaf301398f5b5a

SHA512
7bebdcf209c81909a4a7fbcd2017886342ae74d6c1697d13b0d467ac3555012f8184bd6441aecd35239cc6441f571a2311af34f64199cf12fb96fa3370b18ebb

Download Submit
C:\Windows\system\NqNWvAe.exe

Filesize
5.2MB

MD5
e0c83742337e97251d9cf18b9e946e3d

SHA1
bdfc6ff93e64c4bb4591a66371119b5cee689fba

SHA256
7e1059a6ecc5cd78dcc55594b335e3fc4e3a04c00c7a566c80f6e9a4bc7a9ce2

SHA512
388f28fb7c36ad29cfa093e87d5bb28157e5177a49c961df894224f06451c5c9a4c4406996cbd531b0a99e5833acc09c7c7dca43166c5b675d35c5179edcb8b3

Download Submit
C:\Windows\system\PtfpcRh.exe

Filesize
5.2MB

MD5
2857a4e7a8f9d4403f7dc3c1711a0d06

SHA1
2f4af7f1eebdc52614a7769e3a356fa373853d67

SHA256
93982689a59bb27dfcecf1d17d60aa1890c038be0f86a1323bedb46637d8f29c

SHA512
1a9570b1cdf1019fd2d19f6ddcced6a83a2082a6ea386331b09e2409473e8cc4a48d1dcc1a41fcd736058463835b37670e06d2cddd95c74357e85f2e2a969c48

Download Submit
C:\Windows\system\PxVLjAi.exe

Filesize
5.2MB

MD5
028ae04621f4f8094c9b28f78ce81006

SHA1
1311cce9c2ee79034a93e65e4c445ef4bf0f0f7c

SHA256
06056327dfe802384f8763adb03d8d79dae00d3f044e4a3b3d6951276835df09

SHA512
157d48fe2cfe4a543ea3278b7ce7c4f540a1fcded6b6dbc3d41968080a15c8a36341cf8ddd781d6020199cd9516156037fea43f24c3665dbef31caee08f51e0c

Download Submit
C:\Windows\system\QnitTlW.exe

Filesize
5.2MB

MD5
01bb62c95b5a0c3f306515707063b6fe

SHA1
57d4f07df591f7a87e24d5f7501990097424ac15

SHA256
c358b4e9e25a9790db59954fca9edbaf55d5013a093f3dbeb7d1af8c170a28ce

SHA512
f33ef8d0ed7d28c02d563fbc69d4ca73600fd399d8c9f15f58e9fe957ea08bea6c50f6c825ccc02e7c9891037ae40b08492702d93a3c552f1618de3109548252

Download Submit
C:\Windows\system\Rgywadk.exe

Filesize
5.2MB

MD5
20b3c0dc8f5775cffd5a256c02367af6

SHA1
616a6ad613704db29797e97a5163199cd76d55f4

SHA256
8e515e6ad1777f3961b86687bf1e86af0f66d6027b46d560f386711846031ec0

SHA512
45b211adfdcca6ff2ca61232fbee9df6fdc1efd0df1edfb6e9f9891e7307ec96cd6cc6eb84857871078fc55b6392256e46469643ff6f0c9b8a3737a1a6ea3128

Download Submit
C:\Windows\system\UJwYHff.exe

Filesize
5.2MB

MD5
5193860cece72894b1fe22089f0c9216

SHA1
604d679a3bb5b2ab46d404154c2362a4d88ba759

SHA256
1cd3cfa9c053d11ea99514aef3fc1aa7f12ffed25656395de50d7a90ebdd939f

SHA512
5e3c9a764b26bd1b111c83fb020003a9144fe39426f41d8548b4f65356ee8ddcc3d918ddb7aa622d779fceb24cb387907e3d9b3f5b473dd42c5a69c0d0c1dfd0

Download Submit
C:\Windows\system\Vdwjlal.exe

Filesize
5.2MB

MD5
8bddaebebe58633b756298e1a9a3f251

SHA1
16cd94293381349c6e65ab7f16cb1a4b2d012b8d

SHA256
f3facf172ff82a64cb2b200fcccf120ee4cb753cfd4cefffd0ebaf1283722e01

SHA512
b65d76eef6521bbe07b9f18e0e455184a7c58fb571523ef43fa7fa4d2cbbfda542d40e99c5556486c95912fbb053c195fe1292854f46e3f2b334c10289b3f301

Download Submit
C:\Windows\system\XAZzlQy.exe

Filesize
5.2MB

MD5
f5c8c1be9cd47b06f264495596bf1281

SHA1
df8345e0232cfa3683bf81eb7da0df7a0f45f70b

SHA256
49a00937bb3ab2eebf0caafd92f0df7603fdb06534aa38f59391d81f625b1fb5

SHA512
ae9a937650e2cabfe485cd6e6c5e67a7c0382aca5526d7d62e9c5bcb2ae126d7f722863f3c34cfcf41c4d7ae31e364d2f6c75d61d9c4b317c80822005a7792c7

Download Submit
C:\Windows\system\YFwceyk.exe

Filesize
5.2MB

MD5
62b3df000f4d6e1f669bb54aee812cfb

SHA1
3c42d94c019f00256dc3ea68f774cfbd0f96f199

SHA256
e8bc91a854b69b0a80ff40b4054239765348a1a4ad1130b304bf301c7c6e6d73

SHA512
34ff9e684c54ae8b79b6efe89c6d0c7ad1fce6ff476ed1e7b0f06022da8afebf3a16df8e9713e16fd1968c131bc05d189f5f80af21a6ab43843c9b6d09d80ae8

Download Submit
C:\Windows\system\dVXWqzl.exe

Filesize
5.2MB

MD5
14157e7495a9a3772b0cda1f35cf6260

SHA1
d60e9f4f408eda7106673207f3001d9c0a31571a

SHA256
e18d0e52c612358520792cd54f5bf5802cf7eed4ce1827cbcbf00a94cafd12b6

SHA512
4b46cb76016d5e6d427ef670a496183790a38a4928863f14ac3a248ae8567d00844b9a1134b5b9d9230c14494fb86c5ead690dbeb3148e674330faecbe1ead7d

Download Submit
C:\Windows\system\fCsEFoV.exe

Filesize
5.2MB

MD5
6d552f4d30f9136b4e1b899a66548639

SHA1
28ad629a356374c58eb439c7273e81a0d406858d

SHA256
9874cd7d2d354c518a1adae93129f9a28f3b39cb761707999329a3516480fc66

SHA512
95c463613c1589e87c8a16e457f6b8b3c053c71343ca4ca34519131c2c72dd2903edce20958877f2ffb2877e947eb5be6eaa87d2b637af1fc382ec1cd3500191

Download Submit
C:\Windows\system\gYbTyaI.exe

Filesize
5.2MB

MD5
5a3b3cff45fd8668cd512b12afdda137

SHA1
2839ad088261b89539e1299ac29f6d51268fa787

SHA256
2f552111fc608f8fbdaf06a87170f23a7908d196e7ee7b0551c67a5d3524f8a6

SHA512
81d26e07c022cc45eee4ce49e595b318afab8e870011fb1e26f64635da210e3d8de85edc5439ca9190fd628127f22babb711aa99a4615b3a0814efb46523886b

Download Submit
C:\Windows\system\gjbykCu.exe

Filesize
5.2MB

MD5
258636e3d2d0b4d8dea57e6d14e892c1

SHA1
fc29af40e775ff9151f4defbe9c654911325c0e7

SHA256
98af2a51fbb74e3777afb7a907bcd872c3b5c760ef2e9738870eebbb2eec7e33

SHA512
81343521a22993b80591b62f4815f4f99297b2cfd242fb4d17e9e5fa9b91cd3d0be0236b3d88ebdb6b1b60a3bafc396ffffa298133baccdf36bde48d88350db9

Download Submit
C:\Windows\system\jtFaMyU.exe

Filesize
5.2MB

MD5
69e2716a16a0427281d941d443e3ab2e

SHA1
aba6a2f8328b43a829f2df6a3a8d8e972939f0b8

SHA256
c88546dfa6595b8bef46806493a6ea13c36b313d5beb1ac17771df4a0e8d6dd1

SHA512
10ef281329ef2adfa2cb986f26892475871b43373a1d3bc3eb26bd2c8d441e42d466feee0ec25a21c9e809c8704b86c53fd48af0e44864bed15721818abbc977

Download Submit
C:\Windows\system\kGUJewK.exe

Filesize
5.2MB

MD5
8e5faf9979f4e068360910d61cfe5bf0

SHA1
74310417fd89de96a62fe1ad48941a8cf184ad58

SHA256
8ea3d39cbe3da51ea20804e35079a271f77ba11166083e465549e77284469329

SHA512
7707ea44c07262d4b60941946c14d28e470919c23b768414c39895297084fb11a876b87145ba9dc621368dc5c6ed713e0ff9f1d5cc8553df9fd6d49f94348ba5

Download Submit
C:\Windows\system\lzSQjxM.exe

Filesize
5.2MB

MD5
6f63a8614fc157747f0754b3417ba198

SHA1
8588acf12f77376752bc1704afd197e49f6ea89c

SHA256
079e00f9d567a5fbf37e02e1e24c31fb937e102f21dc7782f15cb52a5926a732

SHA512
bbf2280f19b850d1398ffcf121e85523f5c2b760424994fc5a7816d08d9dc2a8c69669ae2f36b7b9e31363d274642b0fb06e3759c3b9a78722cdc614535b8855

Download Submit
C:\Windows\system\nmAerPO.exe

Filesize
5.2MB

MD5
d1f2f3f02e9e254cc01c80e3b8be8e39

SHA1
82377c8021a980709b4986713c7b45a9fbc79a04

SHA256
e117b04632642ba6ca3206cce1a5f1e1cbbd8c2d0994781c302cf1f8b9d11597

SHA512
363696db285c5739526d2790b3ee7019da06e95ddf6a0e84fed643f0d5be4aa9b8172567b54af09266de9cfe5fd61a65ccbfa558d36b6df83340a289fc60da06

Download Submit
C:\Windows\system\oqCuJjX.exe

Filesize
5.2MB

MD5
57e4831faba19a6727f40add2abdd2cd

SHA1
fbf4071cd19d81d295702fedece05988fe533085

SHA256
45a9a0c76d957039256995a8a8038bc3e6cd10e862d4a5b97b7c9e469e609e16

SHA512
42c32a26b53031559ce1fe9563cdd749400f728ee0a9f9ec56882568e0a2ab60517bb46e57b19a6574ace672f60773141e37bb9fb83455a75a793d9bbef490db

Download Submit
C:\Windows\system\ovEMcun.exe

Filesize
5.2MB

MD5
6227cd67db5aae525cbdee82b9b2284e

SHA1
e5b21cb35cdacd522277709f8fda4431c52f9d0a

SHA256
9b970ae8571941c5fe55b9fc6a3f53f8e3513644a231e593b9d9b50836ec4073

SHA512
49de632aa05d4a39e46247a45e870c607a041161283daf5bacdb82bd01a148678a4a4ad8cf0ffe8104efda0d1ecc12bf08fe2dbc5900d14dd2320aacfcc9b96d

Download Submit
C:\Windows\system\vHYEqKT.exe

Filesize
5.2MB

MD5
739c5ff6965b9aba2b0dccdc267dd044

SHA1
65af0be08d15c7a723e7f67d1f219da5eb6c1d47

SHA256
8f5f0e40e4ca1f6a28669f5e320521cf4e6e6342d41eb6e360833448182a0e83

SHA512
f8be447301b55d4a7d03d72d0dc0f596e2119960a8197dd1702b6cf6b6e7db8cfd1c08c9ae3e30bc987e07b5a77f7d1130721a2bccd3303b957971c074356fa3

Download Submit
C:\Windows\system\xHrXZPS.exe

Filesize
5.2MB

MD5
13d1e8c15d8723074386f7f3814b215a

SHA1
52419b55ce804ae6e71685ba01ea105e9147d931

SHA256
7a42844fbb605889bf372b2eaf14c78d425589b03ea1f042e5f9d69400a00a04

SHA512
0e5d7fa78791891a50da16e55ad06e5bd4f78fe736213a5fc47514f0931402ba2dd9350633a84c178292cac57bca1d34b1751f3fac05e6396ea407355e100082

Download Submit
\Windows\system\HPGNAmb.exe

Filesize
5.2MB

MD5
9f7cd51e47292af78e95588b30761563

SHA1
ec9672b08b036f197f3cebb3099d3cca7c1e72c8

SHA256
a7fef676cb24633661aba9c72aa72e555b2d7e045cd64e54b8ef66f578e19c3c

SHA512
b6eecdf231242ec57c10ac010077026f8af8032985430592c106f1a9a2b1abdbc17c783b392c8b193af3b650fb549c6228e4fb13496bf70ab74c96d76aa79708

Download Submit
\Windows\system\bkMfIxL.exe

Filesize
5.2MB

MD5
ab1824aada146107c7533ff290a5722c

SHA1
e4f8270de9a5277fe3760805ee26da1a47685d67

SHA256
121a29d2c593842329d90eb21fac6cf02b03c603cdc3a9bea3fbd34ed2b3d7d3

SHA512
2d8115baf22ab96cc00dc8065369a0d1e1202a788598a1b754391bab93a8165c567761b2b0f99520fc6771e30e42178a2b6a8ae1f5e5ef304571f52f1c702ba3

Download Submit
\Windows\system\gLAoCrX.exe

Filesize
5.2MB

MD5
87c9bd225b886d5ee4446eb1a36529ae

SHA1
fbc60b7f53263ed5be60b8227f827d58e48d0274

SHA256
81a7791d45152918765dd16eb469b22a93616841f0c6150419dcc64bf6a7bdc9

SHA512
da3cd3933c2aa5253f0224c341db8ecbdbb28d411799bb90fd3a161b7f0832b36638789f563881175658a400e8003de8e3958123246ed53f5b60dd0f1ef272e1

Download Submit
\Windows\system\pRakBdO.exe

Filesize
5.2MB

MD5
14493949e74512d98767fe5183a98a8d

SHA1
fd2fdd6f64344b5396ee99cd11022fd5d94b426b

SHA256
ed55cc0503f8df8378dea53612a11e7da2e18754ad0b992a957bbf399b0511dd

SHA512
887a29c83a64015d2101de16899334fab13adfce7e8945ecf16b46ae52f91dd38f3c0afaabf721b725c6ee8529b7e8f0bc33339321c8f8e9ea84baad795f95e2

Download Submit
memory/860-104-0x000000013FD20000-0x0000000140071000-memory.dmp

Filesize
3.3MB

Download
memory/860-855-0x000000013FD20000-0x0000000140071000-memory.dmp

Filesize
3.3MB

Download
memory/860-2828-0x000000013FD20000-0x0000000140071000-memory.dmp

Filesize
3.3MB

Download
memory/1040-51-0x000000013F670000-0x000000013F9C1000-memory.dmp

Filesize
3.3MB

Download
memory/1040-24-0x000000013F670000-0x000000013F9C1000-memory.dmp

Filesize
3.3MB

Download
memory/1040-2768-0x000000013F670000-0x000000013F9C1000-memory.dmp

Filesize
3.3MB

Download
memory/1400-670-0x000000013FB10000-0x000000013FE61000-memory.dmp

Filesize
3.3MB

Download
memory/1400-97-0x000000013FB10000-0x000000013FE61000-memory.dmp

Filesize
3.3MB

Download
memory/1400-2850-0x000000013FB10000-0x000000013FE61000-memory.dmp

Filesize
3.3MB

Download
memory/1528-88-0x000000013F260000-0x000000013F5B1000-memory.dmp

Filesize
3.3MB

Download
memory/1528-503-0x000000013F260000-0x000000013F5B1000-memory.dmp

Filesize
3.3MB

Download
memory/1528-2821-0x000000013F260000-0x000000013F5B1000-memory.dmp

Filesize
3.3MB

Download
memory/1800-2763-0x000000013F5B0000-0x000000013F901000-memory.dmp

Filesize
3.3MB

Download
memory/1800-11-0x000000013F5B0000-0x000000013F901000-memory.dmp

Filesize
3.3MB

Download
memory/1800-38-0x000000013F5B0000-0x000000013F901000-memory.dmp

Filesize
3.3MB

Download
memory/1928-37-0x000000013F8B0000-0x000000013FC01000-memory.dmp

Filesize
3.3MB

Download
memory/1928-590-0x00000000023A0000-0x00000000026F1000-memory.dmp

Filesize
3.3MB

Download
memory/1928-109-0x000000013F060000-0x000000013F3B1000-memory.dmp

Filesize
3.3MB

Download
memory/1928-108-0x000000013F420000-0x000000013F771000-memory.dmp

Filesize
3.3MB

Download
memory/1928-0-0x000000013F8B0000-0x000000013FC01000-memory.dmp

Filesize
3.3MB

Download
memory/1928-26-0x00000000023A0000-0x00000000026F1000-memory.dmp

Filesize
3.3MB

Download
memory/1928-15-0x00000000023A0000-0x00000000026F1000-memory.dmp

Filesize
3.3MB

Download
memory/1928-93-0x00000000023A0000-0x00000000026F1000-memory.dmp

Filesize
3.3MB

Download
memory/1928-91-0x000000013F4F0000-0x000000013F841000-memory.dmp

Filesize
3.3MB

Download
memory/1928-950-0x000000013F060000-0x000000013F3B1000-memory.dmp

Filesize
3.3MB

Download
memory/1928-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1928-19-0x00000000023A0000-0x00000000026F1000-memory.dmp

Filesize
3.3MB

Download
memory/1928-752-0x000000013FD20000-0x0000000140071000-memory.dmp

Filesize
3.3MB

Download
memory/1928-100-0x000000013FD20000-0x0000000140071000-memory.dmp

Filesize
3.3MB

Download
memory/1928-99-0x00000000023A0000-0x00000000026F1000-memory.dmp

Filesize
3.3MB

Download
memory/1928-33-0x00000000023A0000-0x00000000026F1000-memory.dmp

Filesize
3.3MB

Download
memory/1928-424-0x000000013F260000-0x000000013F5B1000-memory.dmp

Filesize
3.3MB

Download
memory/1928-59-0x00000000023A0000-0x00000000026F1000-memory.dmp

Filesize
3.3MB

Download
memory/1928-52-0x000000013F4F0000-0x000000013F841000-memory.dmp

Filesize
3.3MB

Download
memory/1928-83-0x000000013F530000-0x000000013F881000-memory.dmp

Filesize
3.3MB

Download
memory/1928-67-0x000000013F420000-0x000000013F771000-memory.dmp

Filesize
3.3MB

Download
memory/2108-64-0x000000013FA20000-0x000000013FD71000-memory.dmp

Filesize
3.3MB

Download
memory/2108-2762-0x000000013FA20000-0x000000013FD71000-memory.dmp

Filesize
3.3MB

Download
memory/2108-27-0x000000013FA20000-0x000000013FD71000-memory.dmp

Filesize
3.3MB

Download
memory/2200-14-0x000000013F560000-0x000000013F8B1000-memory.dmp

Filesize
3.3MB

Download
memory/2200-2764-0x000000013F560000-0x000000013F8B1000-memory.dmp

Filesize
3.3MB

Download
memory/2556-71-0x000000013F420000-0x000000013F771000-memory.dmp

Filesize
3.3MB

Download
memory/2556-217-0x000000013F420000-0x000000013F771000-memory.dmp

Filesize
3.3MB

Download
memory/2556-2805-0x000000013F420000-0x000000013F771000-memory.dmp

Filesize
3.3MB

Download
memory/2648-65-0x000000013F980000-0x000000013FCD1000-memory.dmp

Filesize
3.3MB

Download
memory/2648-103-0x000000013F980000-0x000000013FCD1000-memory.dmp

Filesize
3.3MB

Download
memory/2648-2829-0x000000013F980000-0x000000013FCD1000-memory.dmp

Filesize
3.3MB

Download
memory/2660-79-0x000000013FA60000-0x000000013FDB1000-memory.dmp

Filesize
3.3MB

Download
memory/2660-41-0x000000013FA60000-0x000000013FDB1000-memory.dmp

Filesize
3.3MB

Download
memory/2660-2783-0x000000013FA60000-0x000000013FDB1000-memory.dmp

Filesize
3.3MB

Download
memory/2696-87-0x000000013F530000-0x000000013F881000-memory.dmp

Filesize
3.3MB

Download
memory/2696-48-0x000000013F530000-0x000000013F881000-memory.dmp

Filesize
3.3MB

Download
memory/2696-2793-0x000000013F530000-0x000000013F881000-memory.dmp

Filesize
3.3MB

Download
memory/2736-70-0x000000013F640000-0x000000013F991000-memory.dmp

Filesize
3.3MB

Download
memory/2736-2784-0x000000013F640000-0x000000013F991000-memory.dmp

Filesize
3.3MB

Download
memory/2736-35-0x000000013F640000-0x000000013F991000-memory.dmp

Filesize
3.3MB

Download
memory/2852-96-0x000000013F4F0000-0x000000013F841000-memory.dmp

Filesize
3.3MB

Download
memory/2852-2802-0x000000013F4F0000-0x000000013F841000-memory.dmp

Filesize
3.3MB

Download
memory/2852-55-0x000000013F4F0000-0x000000013F841000-memory.dmp

Filesize
3.3MB

Download
memory/2988-374-0x000000013F0D0000-0x000000013F421000-memory.dmp

Filesize
3.3MB

Download
memory/2988-2825-0x000000013F0D0000-0x000000013F421000-memory.dmp

Filesize
3.3MB

Download
memory/2988-80-0x000000013F0D0000-0x000000013F421000-memory.dmp

Filesize
3.3MB

Download