cobaltstrike | 8a59c81c7e71139828822e313dbe9c44efe8c6e8c36baf6a5e8444d164e08ecd

Analysis

max time kernel
101s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
21/03/2025, 10:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
Size

5.9MB
MD5

5a7350eb3cd5bb1ad78caf7d1b629c97
SHA1

c63dbef2fc2692132357acdf06e03a107e422892
SHA256

8a59c81c7e71139828822e313dbe9c44efe8c6e8c36baf6a5e8444d164e08ecd
SHA512

00e85d8f48875204c01c9cf5b032e60b6c0cb68f8cd3820578e8f913e1a646336ec4adcf416a52ed451d53ec8ee1782b3e24ac68650704420934ad80d18fffa4
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUr:T+q56utgpPF8u/7r

Score

10^/10

cobaltstrike xmrig backdoor miner trojan upx

Malware Config

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3036-0-0x00007FF6BD770000-0x00007FF6BDAC4000-memory.dmp	xmrig
behavioral2/files/0x0004000000022791-4.dat	xmrig
behavioral2/files/0x0008000000024170-7.dat	xmrig
behavioral2/files/0x0009000000024168-10.dat	xmrig
behavioral2/files/0x0008000000024171-32.dat	xmrig
behavioral2/files/0x000800000002418a-31.dat	xmrig
behavioral2/files/0x000800000002418c-48.dat	xmrig
behavioral2/files/0x000800000002418b-49.dat	xmrig
behavioral2/memory/208-57-0x00007FF6C1D20000-0x00007FF6C2074000-memory.dmp	xmrig
behavioral2/memory/5908-62-0x00007FF61A970000-0x00007FF61ACC4000-memory.dmp	xmrig
behavioral2/files/0x000800000002418e-67.dat	xmrig
behavioral2/files/0x000800000002418f-71.dat	xmrig
behavioral2/files/0x00160000000241a5-76.dat	xmrig
behavioral2/files/0x00080000000241af-86.dat	xmrig
behavioral2/memory/1584-104-0x00007FF63BA30000-0x00007FF63BD84000-memory.dmp	xmrig
behavioral2/memory/3324-113-0x00007FF6E9500000-0x00007FF6E9854000-memory.dmp	xmrig
behavioral2/memory/5832-116-0x00007FF7AC770000-0x00007FF7ACAC4000-memory.dmp	xmrig
behavioral2/memory/1896-115-0x00007FF633A10000-0x00007FF633D64000-memory.dmp	xmrig
behavioral2/memory/1972-114-0x00007FF631390000-0x00007FF6316E4000-memory.dmp	xmrig
behavioral2/memory/4828-112-0x00007FF619CF0000-0x00007FF61A044000-memory.dmp	xmrig
behavioral2/files/0x00080000000241bd-110.dat	xmrig
behavioral2/files/0x00080000000241bc-108.dat	xmrig
behavioral2/memory/4548-107-0x00007FF6ECE10000-0x00007FF6ED164000-memory.dmp	xmrig
behavioral2/files/0x00080000000241bb-105.dat	xmrig
behavioral2/memory/4520-103-0x00007FF6FA720000-0x00007FF6FAA74000-memory.dmp	xmrig
behavioral2/files/0x0009000000024169-97.dat	xmrig
behavioral2/files/0x00080000000241ab-82.dat	xmrig
behavioral2/memory/5636-66-0x00007FF709820000-0x00007FF709B74000-memory.dmp	xmrig
behavioral2/memory/880-65-0x00007FF7B4560000-0x00007FF7B48B4000-memory.dmp	xmrig
behavioral2/files/0x000800000002418d-63.dat	xmrig
behavioral2/memory/5644-58-0x00007FF752220000-0x00007FF752574000-memory.dmp	xmrig
behavioral2/memory/5428-53-0x00007FF7D8830000-0x00007FF7D8B84000-memory.dmp	xmrig
behavioral2/memory/5916-46-0x00007FF64FB10000-0x00007FF64FE64000-memory.dmp	xmrig
behavioral2/files/0x0008000000024184-39.dat	xmrig
behavioral2/memory/2712-38-0x00007FF7BFCB0000-0x00007FF7C0004000-memory.dmp	xmrig
behavioral2/files/0x0008000000024172-37.dat	xmrig
behavioral2/memory/2264-33-0x00007FF78E380000-0x00007FF78E6D4000-memory.dmp	xmrig
behavioral2/memory/5952-20-0x00007FF7F1560000-0x00007FF7F18B4000-memory.dmp	xmrig
behavioral2/memory/1324-9-0x00007FF75BF60000-0x00007FF75C2B4000-memory.dmp	xmrig
behavioral2/files/0x00080000000241c0-126.dat	xmrig
behavioral2/memory/1324-135-0x00007FF75BF60000-0x00007FF75C2B4000-memory.dmp	xmrig
behavioral2/memory/2712-149-0x00007FF7BFCB0000-0x00007FF7C0004000-memory.dmp	xmrig
behavioral2/files/0x00080000000241c4-158.dat	xmrig
behavioral2/memory/1620-157-0x00007FF70C6F0000-0x00007FF70CA44000-memory.dmp	xmrig
behavioral2/files/0x00080000000241c3-155.dat	xmrig
behavioral2/files/0x00070000000241ce-171.dat	xmrig
behavioral2/files/0x00070000000241d1-190.dat	xmrig
behavioral2/files/0x00070000000241d0-188.dat	xmrig
behavioral2/memory/1256-186-0x00007FF60C720000-0x00007FF60CA74000-memory.dmp	xmrig
behavioral2/memory/1772-185-0x00007FF6B4270000-0x00007FF6B45C4000-memory.dmp	xmrig
behavioral2/files/0x00070000000241cf-181.dat	xmrig
behavioral2/memory/5508-179-0x00007FF6B36E0000-0x00007FF6B3A34000-memory.dmp	xmrig
behavioral2/memory/3648-170-0x00007FF705C70000-0x00007FF705FC4000-memory.dmp	xmrig
behavioral2/memory/4520-167-0x00007FF6FA720000-0x00007FF6FAA74000-memory.dmp	xmrig
behavioral2/memory/5636-165-0x00007FF709820000-0x00007FF709B74000-memory.dmp	xmrig
behavioral2/memory/880-164-0x00007FF7B4560000-0x00007FF7B48B4000-memory.dmp	xmrig
behavioral2/files/0x00080000000241c5-163.dat	xmrig
behavioral2/memory/5792-154-0x00007FF7F2C00000-0x00007FF7F2F54000-memory.dmp	xmrig
behavioral2/memory/5908-150-0x00007FF61A970000-0x00007FF61ACC4000-memory.dmp	xmrig
behavioral2/files/0x00070000000241d2-194.dat	xmrig
behavioral2/files/0x00070000000241d4-200.dat	xmrig
behavioral2/files/0x00070000000241d3-198.dat	xmrig
behavioral2/files/0x00080000000241c2-146.dat	xmrig
behavioral2/memory/4984-145-0x00007FF6C1940000-0x00007FF6C1C94000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1324	KSwgeJf.exe
5952	jxQsDIb.exe
2264	BzHHgBO.exe
208	AyemXqO.exe
2712	dYQfcen.exe
5916	imOqPtT.exe
5428	XjRbxbq.exe
5644	vgtlJTF.exe
5908	CsjLVvx.exe
880	QxzRgUg.exe
5636	tkMfQRF.exe
4520	KWWVCuA.exe
5832	MBgPazZ.exe
1584	DmpfnDE.exe
4548	BJfbYCm.exe
4828	LTrfhBz.exe
3324	ZZBWNwK.exe
1972	LKRQTcS.exe
1896	icJjaRj.exe
5836	HAtedYa.exe
4908	SpNpmms.exe
4988	gdJQbed.exe
4984	mjcQfDW.exe
5792	ppTkIQZ.exe
1620	HRAaVaA.exe
3648	JiABKgv.exe
5508	VQkrlti.exe
1772	xSDUfMi.exe
1256	cwYwPTP.exe
4408	GdiSUeS.exe
920	QmwCrmf.exe
4084	MEMDqXP.exe
912	hFLkPsf.exe
3428	VKAxRjI.exe
4288	McaXPRW.exe
5036	YkMeYdt.exe
4036	pLkqjrF.exe
5968	BPHCtRn.exe
4044	zdMeKOf.exe
1288	XOQdjft.exe
1492	FuCvtiT.exe
2800	GmBRlzT.exe
6120	PBqssko.exe
3800	MOafmmK.exe
3552	dkSzwxw.exe
1428	FPbBhdR.exe
3044	XUiHHwA.exe
2152	DujRdaf.exe
4588	diqGcRo.exe
3200	zQfaYNs.exe
3728	AEnaBXi.exe
5044	dJWjdWM.exe
2572	vAnuwWT.exe
2936	wNEQHXG.exe
4336	YhHIHnW.exe
5192	vxxapPK.exe
4168	QtdOWEL.exe
2796	cBfHkPu.exe
1008	kYXPmnG.exe
5132	zgkWbJt.exe
1600	neMhlac.exe
4476	dCHSAAn.exe
4752	yWmiEev.exe
4556	tOJAxUs.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3036-0-0x00007FF6BD770000-0x00007FF6BDAC4000-memory.dmp	upx
behavioral2/files/0x0004000000022791-4.dat	upx
behavioral2/files/0x0008000000024170-7.dat	upx
behavioral2/files/0x0009000000024168-10.dat	upx
behavioral2/files/0x0008000000024171-32.dat	upx
behavioral2/files/0x000800000002418a-31.dat	upx
behavioral2/files/0x000800000002418c-48.dat	upx
behavioral2/files/0x000800000002418b-49.dat	upx
behavioral2/memory/208-57-0x00007FF6C1D20000-0x00007FF6C2074000-memory.dmp	upx
behavioral2/memory/5908-62-0x00007FF61A970000-0x00007FF61ACC4000-memory.dmp	upx
behavioral2/files/0x000800000002418e-67.dat	upx
behavioral2/files/0x000800000002418f-71.dat	upx
behavioral2/files/0x00160000000241a5-76.dat	upx
behavioral2/files/0x00080000000241af-86.dat	upx
behavioral2/memory/1584-104-0x00007FF63BA30000-0x00007FF63BD84000-memory.dmp	upx
behavioral2/memory/3324-113-0x00007FF6E9500000-0x00007FF6E9854000-memory.dmp	upx
behavioral2/memory/5832-116-0x00007FF7AC770000-0x00007FF7ACAC4000-memory.dmp	upx
behavioral2/memory/1896-115-0x00007FF633A10000-0x00007FF633D64000-memory.dmp	upx
behavioral2/memory/1972-114-0x00007FF631390000-0x00007FF6316E4000-memory.dmp	upx
behavioral2/memory/4828-112-0x00007FF619CF0000-0x00007FF61A044000-memory.dmp	upx
behavioral2/files/0x00080000000241bd-110.dat	upx
behavioral2/files/0x00080000000241bc-108.dat	upx
behavioral2/memory/4548-107-0x00007FF6ECE10000-0x00007FF6ED164000-memory.dmp	upx
behavioral2/files/0x00080000000241bb-105.dat	upx
behavioral2/memory/4520-103-0x00007FF6FA720000-0x00007FF6FAA74000-memory.dmp	upx
behavioral2/files/0x0009000000024169-97.dat	upx
behavioral2/files/0x00080000000241ab-82.dat	upx
behavioral2/memory/5636-66-0x00007FF709820000-0x00007FF709B74000-memory.dmp	upx
behavioral2/memory/880-65-0x00007FF7B4560000-0x00007FF7B48B4000-memory.dmp	upx
behavioral2/files/0x000800000002418d-63.dat	upx
behavioral2/memory/5644-58-0x00007FF752220000-0x00007FF752574000-memory.dmp	upx
behavioral2/memory/5428-53-0x00007FF7D8830000-0x00007FF7D8B84000-memory.dmp	upx
behavioral2/memory/5916-46-0x00007FF64FB10000-0x00007FF64FE64000-memory.dmp	upx
behavioral2/files/0x0008000000024184-39.dat	upx
behavioral2/memory/2712-38-0x00007FF7BFCB0000-0x00007FF7C0004000-memory.dmp	upx
behavioral2/files/0x0008000000024172-37.dat	upx
behavioral2/memory/2264-33-0x00007FF78E380000-0x00007FF78E6D4000-memory.dmp	upx
behavioral2/memory/5952-20-0x00007FF7F1560000-0x00007FF7F18B4000-memory.dmp	upx
behavioral2/memory/1324-9-0x00007FF75BF60000-0x00007FF75C2B4000-memory.dmp	upx
behavioral2/files/0x00080000000241c0-126.dat	upx
behavioral2/memory/1324-135-0x00007FF75BF60000-0x00007FF75C2B4000-memory.dmp	upx
behavioral2/memory/2712-149-0x00007FF7BFCB0000-0x00007FF7C0004000-memory.dmp	upx
behavioral2/files/0x00080000000241c4-158.dat	upx
behavioral2/memory/1620-157-0x00007FF70C6F0000-0x00007FF70CA44000-memory.dmp	upx
behavioral2/files/0x00080000000241c3-155.dat	upx
behavioral2/files/0x00070000000241ce-171.dat	upx
behavioral2/files/0x00070000000241d1-190.dat	upx
behavioral2/files/0x00070000000241d0-188.dat	upx
behavioral2/memory/1256-186-0x00007FF60C720000-0x00007FF60CA74000-memory.dmp	upx
behavioral2/memory/1772-185-0x00007FF6B4270000-0x00007FF6B45C4000-memory.dmp	upx
behavioral2/files/0x00070000000241cf-181.dat	upx
behavioral2/memory/5508-179-0x00007FF6B36E0000-0x00007FF6B3A34000-memory.dmp	upx
behavioral2/memory/3648-170-0x00007FF705C70000-0x00007FF705FC4000-memory.dmp	upx
behavioral2/memory/4520-167-0x00007FF6FA720000-0x00007FF6FAA74000-memory.dmp	upx
behavioral2/memory/5636-165-0x00007FF709820000-0x00007FF709B74000-memory.dmp	upx
behavioral2/memory/880-164-0x00007FF7B4560000-0x00007FF7B48B4000-memory.dmp	upx
behavioral2/files/0x00080000000241c5-163.dat	upx
behavioral2/memory/5792-154-0x00007FF7F2C00000-0x00007FF7F2F54000-memory.dmp	upx
behavioral2/memory/5908-150-0x00007FF61A970000-0x00007FF61ACC4000-memory.dmp	upx
behavioral2/files/0x00070000000241d2-194.dat	upx
behavioral2/files/0x00070000000241d4-200.dat	upx
behavioral2/files/0x00070000000241d3-198.dat	upx
behavioral2/files/0x00080000000241c2-146.dat	upx
behavioral2/memory/4984-145-0x00007FF6C1940000-0x00007FF6C1C94000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\oONMpBB.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\lGYKhNI.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\NeAdVYC.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\bskmsgV.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\ppTkIQZ.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\DujRdaf.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\neMhlac.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\mpeJDGx.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\mcKxSyB.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\ZwpBOfa.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\muVIHld.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\cEpjpXg.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\Tnspvir.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\iHtWgDz.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\lrckOWH.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\vdmZzYI.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\MoGVkYy.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\bMSkjta.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\JqBNOiC.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\nIauARk.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\LKRQTcS.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\VfcANuo.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\QGGbBUr.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\tdaxWxD.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\AsPNHFW.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\ADqZmDu.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\GdiSUeS.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\pUfuqDI.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\XYdvdfM.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\cTdLnml.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\drKddSn.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\siQXcYP.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\ypyraIE.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\kxBDWWK.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\SxzpSyN.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\xMZuRUm.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\cyiRgKF.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\xbfPZtE.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\qGoPPWo.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\cMatGjH.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\ZcrtJHM.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\JolBTmY.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\LFeBlfD.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\PocXEIe.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\ZgEfWll.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\PixCXFA.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\hUNmgbh.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\ahbphOU.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\dhYRpuz.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\BgxBRSA.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\rejyXmC.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\lEAkGaM.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\wnADpeO.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\YFbaKBw.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\uoJJxZl.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\CQbLfVE.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\yluEkQj.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\VKAxRjI.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\LPvdjDz.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\WrUObtN.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\wHQrhDO.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\FmRHmcI.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\YWOfGuX.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\aqwWxGf.exe	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 1324	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	88
PID 3036 wrote to memory of 1324	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	88
PID 3036 wrote to memory of 5952	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	89
PID 3036 wrote to memory of 5952	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	89
PID 3036 wrote to memory of 2264	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	90
PID 3036 wrote to memory of 2264	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	90
PID 3036 wrote to memory of 208	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	91
PID 3036 wrote to memory of 208	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	91
PID 3036 wrote to memory of 2712	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	92
PID 3036 wrote to memory of 2712	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	92
PID 3036 wrote to memory of 5916	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	93
PID 3036 wrote to memory of 5916	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	93
PID 3036 wrote to memory of 5428	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	94
PID 3036 wrote to memory of 5428	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	94
PID 3036 wrote to memory of 5644	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	95
PID 3036 wrote to memory of 5644	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	95
PID 3036 wrote to memory of 5908	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	96
PID 3036 wrote to memory of 5908	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	96
PID 3036 wrote to memory of 880	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	97
PID 3036 wrote to memory of 880	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	97
PID 3036 wrote to memory of 5636	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	98
PID 3036 wrote to memory of 5636	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	98
PID 3036 wrote to memory of 4520	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	99
PID 3036 wrote to memory of 4520	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	99
PID 3036 wrote to memory of 5832	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	100
PID 3036 wrote to memory of 5832	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	100
PID 3036 wrote to memory of 1584	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	101
PID 3036 wrote to memory of 1584	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	101
PID 3036 wrote to memory of 4548	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	102
PID 3036 wrote to memory of 4548	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	102
PID 3036 wrote to memory of 4828	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	103
PID 3036 wrote to memory of 4828	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	103
PID 3036 wrote to memory of 3324	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	104
PID 3036 wrote to memory of 3324	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	104
PID 3036 wrote to memory of 1972	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	105
PID 3036 wrote to memory of 1972	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	105
PID 3036 wrote to memory of 1896	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	106
PID 3036 wrote to memory of 1896	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	106
PID 3036 wrote to memory of 5836	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	107
PID 3036 wrote to memory of 5836	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	107
PID 3036 wrote to memory of 4908	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	108
PID 3036 wrote to memory of 4908	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	108
PID 3036 wrote to memory of 4988	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	110
PID 3036 wrote to memory of 4988	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	110
PID 3036 wrote to memory of 4984	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	111
PID 3036 wrote to memory of 4984	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	111
PID 3036 wrote to memory of 5792	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	112
PID 3036 wrote to memory of 5792	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	112
PID 3036 wrote to memory of 1620	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	113
PID 3036 wrote to memory of 1620	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	113
PID 3036 wrote to memory of 3648	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	114
PID 3036 wrote to memory of 3648	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	114
PID 3036 wrote to memory of 5508	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	116
PID 3036 wrote to memory of 5508	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	116
PID 3036 wrote to memory of 1772	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	117
PID 3036 wrote to memory of 1772	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	117
PID 3036 wrote to memory of 1256	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	118
PID 3036 wrote to memory of 1256	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	118
PID 3036 wrote to memory of 4408	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	119
PID 3036 wrote to memory of 4408	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	119
PID 3036 wrote to memory of 920	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	120
PID 3036 wrote to memory of 920	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	120
PID 3036 wrote to memory of 4084	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	122
PID 3036 wrote to memory of 4084	3036	2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe	122

C:\Users\Admin\AppData\Local\Temp\2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-21_5a7350eb3cd5bb1ad78caf7d1b629c97_amadey_cobalt-strike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Windows\System\KSwgeJf.exe
  C:\Windows\System\KSwgeJf.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\jxQsDIb.exe
  C:\Windows\System\jxQsDIb.exe
  2⤵
  - Executes dropped EXE
  PID:5952
- C:\Windows\System\BzHHgBO.exe
  C:\Windows\System\BzHHgBO.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\AyemXqO.exe
  C:\Windows\System\AyemXqO.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\dYQfcen.exe
  C:\Windows\System\dYQfcen.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\imOqPtT.exe
  C:\Windows\System\imOqPtT.exe
  2⤵
  - Executes dropped EXE
  PID:5916
- C:\Windows\System\XjRbxbq.exe
  C:\Windows\System\XjRbxbq.exe
  2⤵
  - Executes dropped EXE
  PID:5428
- C:\Windows\System\vgtlJTF.exe
  C:\Windows\System\vgtlJTF.exe
  2⤵
  - Executes dropped EXE
  PID:5644
- C:\Windows\System\CsjLVvx.exe
  C:\Windows\System\CsjLVvx.exe
  2⤵
  - Executes dropped EXE
  PID:5908
- C:\Windows\System\QxzRgUg.exe
  C:\Windows\System\QxzRgUg.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\tkMfQRF.exe
  C:\Windows\System\tkMfQRF.exe
  2⤵
  - Executes dropped EXE
  PID:5636
- C:\Windows\System\KWWVCuA.exe
  C:\Windows\System\KWWVCuA.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\MBgPazZ.exe
  C:\Windows\System\MBgPazZ.exe
  2⤵
  - Executes dropped EXE
  PID:5832
- C:\Windows\System\DmpfnDE.exe
  C:\Windows\System\DmpfnDE.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\BJfbYCm.exe
  C:\Windows\System\BJfbYCm.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\LTrfhBz.exe
  C:\Windows\System\LTrfhBz.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\ZZBWNwK.exe
  C:\Windows\System\ZZBWNwK.exe
  2⤵
  - Executes dropped EXE
  PID:3324
- C:\Windows\System\LKRQTcS.exe
  C:\Windows\System\LKRQTcS.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\icJjaRj.exe
  C:\Windows\System\icJjaRj.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\HAtedYa.exe
  C:\Windows\System\HAtedYa.exe
  2⤵
  - Executes dropped EXE
  PID:5836
- C:\Windows\System\SpNpmms.exe
  C:\Windows\System\SpNpmms.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\gdJQbed.exe
  C:\Windows\System\gdJQbed.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\mjcQfDW.exe
  C:\Windows\System\mjcQfDW.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\ppTkIQZ.exe
  C:\Windows\System\ppTkIQZ.exe
  2⤵
  - Executes dropped EXE
  PID:5792
- C:\Windows\System\HRAaVaA.exe
  C:\Windows\System\HRAaVaA.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\JiABKgv.exe
  C:\Windows\System\JiABKgv.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\VQkrlti.exe
  C:\Windows\System\VQkrlti.exe
  2⤵
  - Executes dropped EXE
  PID:5508
- C:\Windows\System\xSDUfMi.exe
  C:\Windows\System\xSDUfMi.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\cwYwPTP.exe
  C:\Windows\System\cwYwPTP.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\GdiSUeS.exe
  C:\Windows\System\GdiSUeS.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\QmwCrmf.exe
  C:\Windows\System\QmwCrmf.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\MEMDqXP.exe
  C:\Windows\System\MEMDqXP.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\hFLkPsf.exe
  C:\Windows\System\hFLkPsf.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\VKAxRjI.exe
  C:\Windows\System\VKAxRjI.exe
  2⤵
  - Executes dropped EXE
  PID:3428
- C:\Windows\System\McaXPRW.exe
  C:\Windows\System\McaXPRW.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\YkMeYdt.exe
  C:\Windows\System\YkMeYdt.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\pLkqjrF.exe
  C:\Windows\System\pLkqjrF.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\BPHCtRn.exe
  C:\Windows\System\BPHCtRn.exe
  2⤵
  - Executes dropped EXE
  PID:5968
- C:\Windows\System\zdMeKOf.exe
  C:\Windows\System\zdMeKOf.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\XOQdjft.exe
  C:\Windows\System\XOQdjft.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\FuCvtiT.exe
  C:\Windows\System\FuCvtiT.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\GmBRlzT.exe
  C:\Windows\System\GmBRlzT.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\PBqssko.exe
  C:\Windows\System\PBqssko.exe
  2⤵
  - Executes dropped EXE
  PID:6120
- C:\Windows\System\MOafmmK.exe
  C:\Windows\System\MOafmmK.exe
  2⤵
  - Executes dropped EXE
  PID:3800
- C:\Windows\System\dkSzwxw.exe
  C:\Windows\System\dkSzwxw.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\FPbBhdR.exe
  C:\Windows\System\FPbBhdR.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\XUiHHwA.exe
  C:\Windows\System\XUiHHwA.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\DujRdaf.exe
  C:\Windows\System\DujRdaf.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\diqGcRo.exe
  C:\Windows\System\diqGcRo.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\zQfaYNs.exe
  C:\Windows\System\zQfaYNs.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\AEnaBXi.exe
  C:\Windows\System\AEnaBXi.exe
  2⤵
  - Executes dropped EXE
  PID:3728
- C:\Windows\System\dJWjdWM.exe
  C:\Windows\System\dJWjdWM.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\vAnuwWT.exe
  C:\Windows\System\vAnuwWT.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\wNEQHXG.exe
  C:\Windows\System\wNEQHXG.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\YhHIHnW.exe
  C:\Windows\System\YhHIHnW.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\vxxapPK.exe
  C:\Windows\System\vxxapPK.exe
  2⤵
  - Executes dropped EXE
  PID:5192
- C:\Windows\System\QtdOWEL.exe
  C:\Windows\System\QtdOWEL.exe
  2⤵
  - Executes dropped EXE
  PID:4168
- C:\Windows\System\cBfHkPu.exe
  C:\Windows\System\cBfHkPu.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\kYXPmnG.exe
  C:\Windows\System\kYXPmnG.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\zgkWbJt.exe
  C:\Windows\System\zgkWbJt.exe
  2⤵
  - Executes dropped EXE
  PID:5132
- C:\Windows\System\neMhlac.exe
  C:\Windows\System\neMhlac.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\dCHSAAn.exe
  C:\Windows\System\dCHSAAn.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\yWmiEev.exe
  C:\Windows\System\yWmiEev.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\tOJAxUs.exe
  C:\Windows\System\tOJAxUs.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\rtYMxXT.exe
  C:\Windows\System\rtYMxXT.exe
  2⤵
  PID:4868
- C:\Windows\System\FwASfns.exe
  C:\Windows\System\FwASfns.exe
  2⤵
  PID:1652
- C:\Windows\System\VWSohlC.exe
  C:\Windows\System\VWSohlC.exe
  2⤵
  PID:4656
- C:\Windows\System\vnwaTFZ.exe
  C:\Windows\System\vnwaTFZ.exe
  2⤵
  PID:5524
- C:\Windows\System\khwXwUd.exe
  C:\Windows\System\khwXwUd.exe
  2⤵
  PID:6024
- C:\Windows\System\oZLLMxb.exe
  C:\Windows\System\oZLLMxb.exe
  2⤵
  PID:4976
- C:\Windows\System\xfebARR.exe
  C:\Windows\System\xfebARR.exe
  2⤵
  PID:5676
- C:\Windows\System\DKyrvDS.exe
  C:\Windows\System\DKyrvDS.exe
  2⤵
  PID:2468
- C:\Windows\System\rFKEMDQ.exe
  C:\Windows\System\rFKEMDQ.exe
  2⤵
  PID:4340
- C:\Windows\System\flmpFNX.exe
  C:\Windows\System\flmpFNX.exe
  2⤵
  PID:1804
- C:\Windows\System\yGZdHYy.exe
  C:\Windows\System\yGZdHYy.exe
  2⤵
  PID:5596
- C:\Windows\System\MNTnqdN.exe
  C:\Windows\System\MNTnqdN.exe
  2⤵
  PID:2736
- C:\Windows\System\ypyraIE.exe
  C:\Windows\System\ypyraIE.exe
  2⤵
  PID:2272
- C:\Windows\System\PawEcMJ.exe
  C:\Windows\System\PawEcMJ.exe
  2⤵
  PID:2704
- C:\Windows\System\xQKNGEB.exe
  C:\Windows\System\xQKNGEB.exe
  2⤵
  PID:2904
- C:\Windows\System\pftEiOQ.exe
  C:\Windows\System\pftEiOQ.exe
  2⤵
  PID:5364
- C:\Windows\System\aKQnOVh.exe
  C:\Windows\System\aKQnOVh.exe
  2⤵
  PID:2680
- C:\Windows\System\LmIubOA.exe
  C:\Windows\System\LmIubOA.exe
  2⤵
  PID:3228
- C:\Windows\System\NfQPadG.exe
  C:\Windows\System\NfQPadG.exe
  2⤵
  PID:632
- C:\Windows\System\vAglQfR.exe
  C:\Windows\System\vAglQfR.exe
  2⤵
  PID:1356
- C:\Windows\System\bIfBCBq.exe
  C:\Windows\System\bIfBCBq.exe
  2⤵
  PID:1832
- C:\Windows\System\JqZGeMP.exe
  C:\Windows\System\JqZGeMP.exe
  2⤵
  PID:996
- C:\Windows\System\pVGJJow.exe
  C:\Windows\System\pVGJJow.exe
  2⤵
  PID:4156
- C:\Windows\System\vdrjWKD.exe
  C:\Windows\System\vdrjWKD.exe
  2⤵
  PID:3692
- C:\Windows\System\wIAFjie.exe
  C:\Windows\System\wIAFjie.exe
  2⤵
  PID:2240
- C:\Windows\System\PdCIZtU.exe
  C:\Windows\System\PdCIZtU.exe
  2⤵
  PID:1976
- C:\Windows\System\ENZoJUW.exe
  C:\Windows\System\ENZoJUW.exe
  2⤵
  PID:2504
- C:\Windows\System\UsdIJda.exe
  C:\Windows\System\UsdIJda.exe
  2⤵
  PID:5380
- C:\Windows\System\FWIlQCv.exe
  C:\Windows\System\FWIlQCv.exe
  2⤵
  PID:4360
- C:\Windows\System\mHWJTiD.exe
  C:\Windows\System\mHWJTiD.exe
  2⤵
  PID:5500
- C:\Windows\System\PHXhKWp.exe
  C:\Windows\System\PHXhKWp.exe
  2⤵
  PID:4736
- C:\Windows\System\DcnUTqA.exe
  C:\Windows\System\DcnUTqA.exe
  2⤵
  PID:4452
- C:\Windows\System\zhXEkoO.exe
  C:\Windows\System\zhXEkoO.exe
  2⤵
  PID:4584
- C:\Windows\System\OyGDYps.exe
  C:\Windows\System\OyGDYps.exe
  2⤵
  PID:3216
- C:\Windows\System\apcNzUW.exe
  C:\Windows\System\apcNzUW.exe
  2⤵
  PID:4744
- C:\Windows\System\Mujiiiv.exe
  C:\Windows\System\Mujiiiv.exe
  2⤵
  PID:4212
- C:\Windows\System\YYlIsqd.exe
  C:\Windows\System\YYlIsqd.exe
  2⤵
  PID:3936
- C:\Windows\System\UwdLHXN.exe
  C:\Windows\System\UwdLHXN.exe
  2⤵
  PID:2656
- C:\Windows\System\xMZuRUm.exe
  C:\Windows\System\xMZuRUm.exe
  2⤵
  PID:4496
- C:\Windows\System\VWkXMtB.exe
  C:\Windows\System\VWkXMtB.exe
  2⤵
  PID:3008
- C:\Windows\System\sldCteL.exe
  C:\Windows\System\sldCteL.exe
  2⤵
  PID:1916
- C:\Windows\System\WCFwnWY.exe
  C:\Windows\System\WCFwnWY.exe
  2⤵
  PID:5032
- C:\Windows\System\oDIVsRz.exe
  C:\Windows\System\oDIVsRz.exe
  2⤵
  PID:5308
- C:\Windows\System\pUfuqDI.exe
  C:\Windows\System\pUfuqDI.exe
  2⤵
  PID:5904
- C:\Windows\System\xqnHEcP.exe
  C:\Windows\System\xqnHEcP.exe
  2⤵
  PID:4380
- C:\Windows\System\pGxTltX.exe
  C:\Windows\System\pGxTltX.exe
  2⤵
  PID:3360
- C:\Windows\System\fMeFjbK.exe
  C:\Windows\System\fMeFjbK.exe
  2⤵
  PID:2036
- C:\Windows\System\ZFhoQMp.exe
  C:\Windows\System\ZFhoQMp.exe
  2⤵
  PID:4760
- C:\Windows\System\PIrWvgZ.exe
  C:\Windows\System\PIrWvgZ.exe
  2⤵
  PID:4352
- C:\Windows\System\eHcFvei.exe
  C:\Windows\System\eHcFvei.exe
  2⤵
  PID:5404
- C:\Windows\System\CxlDEGc.exe
  C:\Windows\System\CxlDEGc.exe
  2⤵
  PID:2220
- C:\Windows\System\COTFXXB.exe
  C:\Windows\System\COTFXXB.exe
  2⤵
  PID:4960
- C:\Windows\System\ECVlFTn.exe
  C:\Windows\System\ECVlFTn.exe
  2⤵
  PID:5084
- C:\Windows\System\rrWlwzr.exe
  C:\Windows\System\rrWlwzr.exe
  2⤵
  PID:4472
- C:\Windows\System\yyEiNrJ.exe
  C:\Windows\System\yyEiNrJ.exe
  2⤵
  PID:5444
- C:\Windows\System\LPvdjDz.exe
  C:\Windows\System\LPvdjDz.exe
  2⤵
  PID:4848
- C:\Windows\System\tzNjFrO.exe
  C:\Windows\System\tzNjFrO.exe
  2⤵
  PID:1960
- C:\Windows\System\icOEsYI.exe
  C:\Windows\System\icOEsYI.exe
  2⤵
  PID:4900
- C:\Windows\System\LlElnjH.exe
  C:\Windows\System\LlElnjH.exe
  2⤵
  PID:5884
- C:\Windows\System\kxBDWWK.exe
  C:\Windows\System\kxBDWWK.exe
  2⤵
  PID:4660
- C:\Windows\System\mxYupEz.exe
  C:\Windows\System\mxYupEz.exe
  2⤵
  PID:5844
- C:\Windows\System\BwOaDLs.exe
  C:\Windows\System\BwOaDLs.exe
  2⤵
  PID:1932
- C:\Windows\System\TjKEmPX.exe
  C:\Windows\System\TjKEmPX.exe
  2⤵
  PID:3652
- C:\Windows\System\AqRjXIS.exe
  C:\Windows\System\AqRjXIS.exe
  2⤵
  PID:4852
- C:\Windows\System\GVyQIWR.exe
  C:\Windows\System\GVyQIWR.exe
  2⤵
  PID:2392
- C:\Windows\System\YSxoEYU.exe
  C:\Windows\System\YSxoEYU.exe
  2⤵
  PID:5820
- C:\Windows\System\FRzewPB.exe
  C:\Windows\System\FRzewPB.exe
  2⤵
  PID:5940
- C:\Windows\System\MdddCwZ.exe
  C:\Windows\System\MdddCwZ.exe
  2⤵
  PID:3000
- C:\Windows\System\YCCQOgj.exe
  C:\Windows\System\YCCQOgj.exe
  2⤵
  PID:4912
- C:\Windows\System\QnaOcVM.exe
  C:\Windows\System\QnaOcVM.exe
  2⤵
  PID:868
- C:\Windows\System\eEuBXac.exe
  C:\Windows\System\eEuBXac.exe
  2⤵
  PID:2184
- C:\Windows\System\bsJRXUS.exe
  C:\Windows\System\bsJRXUS.exe
  2⤵
  PID:1684
- C:\Windows\System\BDIhXrM.exe
  C:\Windows\System\BDIhXrM.exe
  2⤵
  PID:5276
- C:\Windows\System\iFeLZYR.exe
  C:\Windows\System\iFeLZYR.exe
  2⤵
  PID:6168
- C:\Windows\System\mcofPBH.exe
  C:\Windows\System\mcofPBH.exe
  2⤵
  PID:6196
- C:\Windows\System\siLoiCb.exe
  C:\Windows\System\siLoiCb.exe
  2⤵
  PID:6220
- C:\Windows\System\xAxTBKe.exe
  C:\Windows\System\xAxTBKe.exe
  2⤵
  PID:6248
- C:\Windows\System\CEqzUos.exe
  C:\Windows\System\CEqzUos.exe
  2⤵
  PID:6272
- C:\Windows\System\btYCnJG.exe
  C:\Windows\System\btYCnJG.exe
  2⤵
  PID:6296
- C:\Windows\System\HSnFaEY.exe
  C:\Windows\System\HSnFaEY.exe
  2⤵
  PID:6336
- C:\Windows\System\tkWzXld.exe
  C:\Windows\System\tkWzXld.exe
  2⤵
  PID:6360
- C:\Windows\System\ImnKtKR.exe
  C:\Windows\System\ImnKtKR.exe
  2⤵
  PID:6400
- C:\Windows\System\BepgzXw.exe
  C:\Windows\System\BepgzXw.exe
  2⤵
  PID:6460
- C:\Windows\System\eGDWoCl.exe
  C:\Windows\System\eGDWoCl.exe
  2⤵
  PID:6500
- C:\Windows\System\rxmeYak.exe
  C:\Windows\System\rxmeYak.exe
  2⤵
  PID:6520
- C:\Windows\System\dNgmgVq.exe
  C:\Windows\System\dNgmgVq.exe
  2⤵
  PID:6560
- C:\Windows\System\GxLgHZD.exe
  C:\Windows\System\GxLgHZD.exe
  2⤵
  PID:6580
- C:\Windows\System\ldcnnSQ.exe
  C:\Windows\System\ldcnnSQ.exe
  2⤵
  PID:6616
- C:\Windows\System\vhHTmNW.exe
  C:\Windows\System\vhHTmNW.exe
  2⤵
  PID:6640
- C:\Windows\System\NTeviUk.exe
  C:\Windows\System\NTeviUk.exe
  2⤵
  PID:6672
- C:\Windows\System\YGyQTJF.exe
  C:\Windows\System\YGyQTJF.exe
  2⤵
  PID:6696
- C:\Windows\System\IjFbspM.exe
  C:\Windows\System\IjFbspM.exe
  2⤵
  PID:6724
- C:\Windows\System\lraGLKy.exe
  C:\Windows\System\lraGLKy.exe
  2⤵
  PID:6756
- C:\Windows\System\WrUObtN.exe
  C:\Windows\System\WrUObtN.exe
  2⤵
  PID:6788
- C:\Windows\System\llEimZo.exe
  C:\Windows\System\llEimZo.exe
  2⤵
  PID:6816
- C:\Windows\System\qInKyeD.exe
  C:\Windows\System\qInKyeD.exe
  2⤵
  PID:6844
- C:\Windows\System\PqjfEIN.exe
  C:\Windows\System\PqjfEIN.exe
  2⤵
  PID:6872
- C:\Windows\System\ymShkho.exe
  C:\Windows\System\ymShkho.exe
  2⤵
  PID:6900
- C:\Windows\System\spzXRkB.exe
  C:\Windows\System\spzXRkB.exe
  2⤵
  PID:6920
- C:\Windows\System\mxyPYCB.exe
  C:\Windows\System\mxyPYCB.exe
  2⤵
  PID:6956
- C:\Windows\System\zgoDrWM.exe
  C:\Windows\System\zgoDrWM.exe
  2⤵
  PID:6988
- C:\Windows\System\dWeeWIw.exe
  C:\Windows\System\dWeeWIw.exe
  2⤵
  PID:7004
- C:\Windows\System\UMNtMZr.exe
  C:\Windows\System\UMNtMZr.exe
  2⤵
  PID:7044
- C:\Windows\System\zFduHBR.exe
  C:\Windows\System\zFduHBR.exe
  2⤵
  PID:7072
- C:\Windows\System\markYyI.exe
  C:\Windows\System\markYyI.exe
  2⤵
  PID:7100
- C:\Windows\System\tKxPnFs.exe
  C:\Windows\System\tKxPnFs.exe
  2⤵
  PID:7128
- C:\Windows\System\sNIqRba.exe
  C:\Windows\System\sNIqRba.exe
  2⤵
  PID:7156
- C:\Windows\System\IgCZytL.exe
  C:\Windows\System\IgCZytL.exe
  2⤵
  PID:6184
- C:\Windows\System\SjhUupB.exe
  C:\Windows\System\SjhUupB.exe
  2⤵
  PID:6260
- C:\Windows\System\jPHUxtn.exe
  C:\Windows\System\jPHUxtn.exe
  2⤵
  PID:6332
- C:\Windows\System\mpeJDGx.exe
  C:\Windows\System\mpeJDGx.exe
  2⤵
  PID:6444
- C:\Windows\System\bcQoVLW.exe
  C:\Windows\System\bcQoVLW.exe
  2⤵
  PID:1992
- C:\Windows\System\PnCliSQ.exe
  C:\Windows\System\PnCliSQ.exe
  2⤵
  PID:6548
- C:\Windows\System\sEmkkIy.exe
  C:\Windows\System\sEmkkIy.exe
  2⤵
  PID:6604
- C:\Windows\System\oREwQvy.exe
  C:\Windows\System\oREwQvy.exe
  2⤵
  PID:6660
- C:\Windows\System\mAYZoTc.exe
  C:\Windows\System\mAYZoTc.exe
  2⤵
  PID:6736
- C:\Windows\System\cHRMvoq.exe
  C:\Windows\System\cHRMvoq.exe
  2⤵
  PID:6796
- C:\Windows\System\cyiRgKF.exe
  C:\Windows\System\cyiRgKF.exe
  2⤵
  PID:6852
- C:\Windows\System\ORVvrYs.exe
  C:\Windows\System\ORVvrYs.exe
  2⤵
  PID:6916
- C:\Windows\System\LESpWqY.exe
  C:\Windows\System\LESpWqY.exe
  2⤵
  PID:5764
- C:\Windows\System\rejyXmC.exe
  C:\Windows\System\rejyXmC.exe
  2⤵
  PID:7032
- C:\Windows\System\FTqeSoC.exe
  C:\Windows\System\FTqeSoC.exe
  2⤵
  PID:7088
- C:\Windows\System\eKvhmFX.exe
  C:\Windows\System\eKvhmFX.exe
  2⤵
  PID:7164
- C:\Windows\System\Ezmzdnc.exe
  C:\Windows\System\Ezmzdnc.exe
  2⤵
  PID:5376
- C:\Windows\System\MIIFbba.exe
  C:\Windows\System\MIIFbba.exe
  2⤵
  PID:6468
- C:\Windows\System\Tnspvir.exe
  C:\Windows\System\Tnspvir.exe
  2⤵
  PID:6612
- C:\Windows\System\xfJtrgd.exe
  C:\Windows\System\xfJtrgd.exe
  2⤵
  PID:6688
- C:\Windows\System\kWdLvQr.exe
  C:\Windows\System\kWdLvQr.exe
  2⤵
  PID:6832
- C:\Windows\System\PoohiAD.exe
  C:\Windows\System\PoohiAD.exe
  2⤵
  PID:6964
- C:\Windows\System\SvEKADn.exe
  C:\Windows\System\SvEKADn.exe
  2⤵
  PID:7080
- C:\Windows\System\VfcANuo.exe
  C:\Windows\System\VfcANuo.exe
  2⤵
  PID:6288
- C:\Windows\System\bptGSCe.exe
  C:\Windows\System\bptGSCe.exe
  2⤵
  PID:6568
- C:\Windows\System\juFuTxc.exe
  C:\Windows\System\juFuTxc.exe
  2⤵
  PID:6776
- C:\Windows\System\mmExBAS.exe
  C:\Windows\System\mmExBAS.exe
  2⤵
  PID:4324
- C:\Windows\System\IjJtqsZ.exe
  C:\Windows\System\IjJtqsZ.exe
  2⤵
  PID:5024
- C:\Windows\System\vZMsFTN.exe
  C:\Windows\System\vZMsFTN.exe
  2⤵
  PID:2540
- C:\Windows\System\avJsvjK.exe
  C:\Windows\System\avJsvjK.exe
  2⤵
  PID:7016
- C:\Windows\System\KQvlrRX.exe
  C:\Windows\System\KQvlrRX.exe
  2⤵
  PID:7176
- C:\Windows\System\ayUjikv.exe
  C:\Windows\System\ayUjikv.exe
  2⤵
  PID:7204
- C:\Windows\System\mtjYiYv.exe
  C:\Windows\System\mtjYiYv.exe
  2⤵
  PID:7232
- C:\Windows\System\vSCxiGT.exe
  C:\Windows\System\vSCxiGT.exe
  2⤵
  PID:7260
- C:\Windows\System\zvLeJQY.exe
  C:\Windows\System\zvLeJQY.exe
  2⤵
  PID:7288
- C:\Windows\System\HQBydyo.exe
  C:\Windows\System\HQBydyo.exe
  2⤵
  PID:7312
- C:\Windows\System\FgTnwda.exe
  C:\Windows\System\FgTnwda.exe
  2⤵
  PID:7344
- C:\Windows\System\ysbxwtO.exe
  C:\Windows\System\ysbxwtO.exe
  2⤵
  PID:7372
- C:\Windows\System\ciEdhTl.exe
  C:\Windows\System\ciEdhTl.exe
  2⤵
  PID:7400
- C:\Windows\System\WEuqPbG.exe
  C:\Windows\System\WEuqPbG.exe
  2⤵
  PID:7432
- C:\Windows\System\uJZKsIv.exe
  C:\Windows\System\uJZKsIv.exe
  2⤵
  PID:7460
- C:\Windows\System\DDKIMpc.exe
  C:\Windows\System\DDKIMpc.exe
  2⤵
  PID:7476
- C:\Windows\System\TKmJzKe.exe
  C:\Windows\System\TKmJzKe.exe
  2⤵
  PID:7516
- C:\Windows\System\xbfPZtE.exe
  C:\Windows\System\xbfPZtE.exe
  2⤵
  PID:7588
- C:\Windows\System\XYdvdfM.exe
  C:\Windows\System\XYdvdfM.exe
  2⤵
  PID:7624
- C:\Windows\System\hPdAZTv.exe
  C:\Windows\System\hPdAZTv.exe
  2⤵
  PID:7640
- C:\Windows\System\QGGbBUr.exe
  C:\Windows\System\QGGbBUr.exe
  2⤵
  PID:7668
- C:\Windows\System\DzqijjO.exe
  C:\Windows\System\DzqijjO.exe
  2⤵
  PID:7724
- C:\Windows\System\TIZBfKi.exe
  C:\Windows\System\TIZBfKi.exe
  2⤵
  PID:7748
- C:\Windows\System\SPtVpAE.exe
  C:\Windows\System\SPtVpAE.exe
  2⤵
  PID:7776
- C:\Windows\System\vZumiEM.exe
  C:\Windows\System\vZumiEM.exe
  2⤵
  PID:7804
- C:\Windows\System\wtNzWcM.exe
  C:\Windows\System\wtNzWcM.exe
  2⤵
  PID:7840
- C:\Windows\System\xHckLzK.exe
  C:\Windows\System\xHckLzK.exe
  2⤵
  PID:7864
- C:\Windows\System\ChjQFkr.exe
  C:\Windows\System\ChjQFkr.exe
  2⤵
  PID:7888
- C:\Windows\System\jyTEjCn.exe
  C:\Windows\System\jyTEjCn.exe
  2⤵
  PID:7916
- C:\Windows\System\yyrSFqf.exe
  C:\Windows\System\yyrSFqf.exe
  2⤵
  PID:7944
- C:\Windows\System\DxbAaWd.exe
  C:\Windows\System\DxbAaWd.exe
  2⤵
  PID:7972
- C:\Windows\System\rBDPNsG.exe
  C:\Windows\System\rBDPNsG.exe
  2⤵
  PID:8004
- C:\Windows\System\dqabFVN.exe
  C:\Windows\System\dqabFVN.exe
  2⤵
  PID:8036
- C:\Windows\System\qGoPPWo.exe
  C:\Windows\System\qGoPPWo.exe
  2⤵
  PID:8056
- C:\Windows\System\ZcrtJHM.exe
  C:\Windows\System\ZcrtJHM.exe
  2⤵
  PID:8084
- C:\Windows\System\KpXIoGe.exe
  C:\Windows\System\KpXIoGe.exe
  2⤵
  PID:8112
- C:\Windows\System\AhjkSXv.exe
  C:\Windows\System\AhjkSXv.exe
  2⤵
  PID:8144
- C:\Windows\System\AqwLdmU.exe
  C:\Windows\System\AqwLdmU.exe
  2⤵
  PID:8168
- C:\Windows\System\KGFuyur.exe
  C:\Windows\System\KGFuyur.exe
  2⤵
  PID:4356
- C:\Windows\System\iPQNewy.exe
  C:\Windows\System\iPQNewy.exe
  2⤵
  PID:7240
- C:\Windows\System\KVzAmxj.exe
  C:\Windows\System\KVzAmxj.exe
  2⤵
  PID:4940
- C:\Windows\System\fxQojla.exe
  C:\Windows\System\fxQojla.exe
  2⤵
  PID:7332
- C:\Windows\System\pmlArUP.exe
  C:\Windows\System\pmlArUP.exe
  2⤵
  PID:7428
- C:\Windows\System\RXFTlXj.exe
  C:\Windows\System\RXFTlXj.exe
  2⤵
  PID:2780
- C:\Windows\System\LyVlLYK.exe
  C:\Windows\System\LyVlLYK.exe
  2⤵
  PID:7572
- C:\Windows\System\uZQGLWf.exe
  C:\Windows\System\uZQGLWf.exe
  2⤵
  PID:7660
- C:\Windows\System\EoLdOvk.exe
  C:\Windows\System\EoLdOvk.exe
  2⤵
  PID:7716
- C:\Windows\System\skSYgIc.exe
  C:\Windows\System\skSYgIc.exe
  2⤵
  PID:7796
- C:\Windows\System\KnSfRJT.exe
  C:\Windows\System\KnSfRJT.exe
  2⤵
  PID:7828
- C:\Windows\System\ohlfdDh.exe
  C:\Windows\System\ohlfdDh.exe
  2⤵
  PID:7884
- C:\Windows\System\zBCBIef.exe
  C:\Windows\System\zBCBIef.exe
  2⤵
  PID:7956
- C:\Windows\System\MTtAGUj.exe
  C:\Windows\System\MTtAGUj.exe
  2⤵
  PID:8012
- C:\Windows\System\blPweJf.exe
  C:\Windows\System\blPweJf.exe
  2⤵
  PID:8076
- C:\Windows\System\iSuMPwe.exe
  C:\Windows\System\iSuMPwe.exe
  2⤵
  PID:8136
- C:\Windows\System\iHtWgDz.exe
  C:\Windows\System\iHtWgDz.exe
  2⤵
  PID:8188
- C:\Windows\System\bihrQMg.exe
  C:\Windows\System\bihrQMg.exe
  2⤵
  PID:7284
- C:\Windows\System\sbauCNS.exe
  C:\Windows\System\sbauCNS.exe
  2⤵
  PID:5964
- C:\Windows\System\qfQIRYE.exe
  C:\Windows\System\qfQIRYE.exe
  2⤵
  PID:7632
- C:\Windows\System\fdTfGnD.exe
  C:\Windows\System\fdTfGnD.exe
  2⤵
  PID:7816
- C:\Windows\System\LwcmVZj.exe
  C:\Windows\System\LwcmVZj.exe
  2⤵
  PID:7880
- C:\Windows\System\BNruGvi.exe
  C:\Windows\System\BNruGvi.exe
  2⤵
  PID:7996
- C:\Windows\System\xxKTcnZ.exe
  C:\Windows\System\xxKTcnZ.exe
  2⤵
  PID:3108
- C:\Windows\System\FacuqLU.exe
  C:\Windows\System\FacuqLU.exe
  2⤵
  PID:5564
- C:\Windows\System\ePxUhkr.exe
  C:\Windows\System\ePxUhkr.exe
  2⤵
  PID:7424
- C:\Windows\System\mLahCTB.exe
  C:\Windows\System\mLahCTB.exe
  2⤵
  PID:7340
- C:\Windows\System\NMkEZwA.exe
  C:\Windows\System\NMkEZwA.exe
  2⤵
  PID:7700
- C:\Windows\System\biZceHA.exe
  C:\Windows\System\biZceHA.exe
  2⤵
  PID:7988
- C:\Windows\System\JolBTmY.exe
  C:\Windows\System\JolBTmY.exe
  2⤵
  PID:8068
- C:\Windows\System\BvRXabn.exe
  C:\Windows\System\BvRXabn.exe
  2⤵
  PID:7600
- C:\Windows\System\OztPqVP.exe
  C:\Windows\System\OztPqVP.exe
  2⤵
  PID:5424
- C:\Windows\System\DOFbiNX.exe
  C:\Windows\System\DOFbiNX.exe
  2⤵
  PID:7876
- C:\Windows\System\atLWdjY.exe
  C:\Windows\System\atLWdjY.exe
  2⤵
  PID:8208
- C:\Windows\System\ZIbPpoJ.exe
  C:\Windows\System\ZIbPpoJ.exe
  2⤵
  PID:8240
- C:\Windows\System\NEJArWT.exe
  C:\Windows\System\NEJArWT.exe
  2⤵
  PID:8264
- C:\Windows\System\sCAqovo.exe
  C:\Windows\System\sCAqovo.exe
  2⤵
  PID:8292
- C:\Windows\System\xtQPZFE.exe
  C:\Windows\System\xtQPZFE.exe
  2⤵
  PID:8320
- C:\Windows\System\ldNmTKc.exe
  C:\Windows\System\ldNmTKc.exe
  2⤵
  PID:8348
- C:\Windows\System\SqlcIoK.exe
  C:\Windows\System\SqlcIoK.exe
  2⤵
  PID:8380
- C:\Windows\System\NOapcxh.exe
  C:\Windows\System\NOapcxh.exe
  2⤵
  PID:8408
- C:\Windows\System\cMAqeRo.exe
  C:\Windows\System\cMAqeRo.exe
  2⤵
  PID:8436
- C:\Windows\System\eIzTSrU.exe
  C:\Windows\System\eIzTSrU.exe
  2⤵
  PID:8464
- C:\Windows\System\OKujoQt.exe
  C:\Windows\System\OKujoQt.exe
  2⤵
  PID:8492
- C:\Windows\System\lrckOWH.exe
  C:\Windows\System\lrckOWH.exe
  2⤵
  PID:8520
- C:\Windows\System\cvOrfKM.exe
  C:\Windows\System\cvOrfKM.exe
  2⤵
  PID:8548
- C:\Windows\System\OsgMSuZ.exe
  C:\Windows\System\OsgMSuZ.exe
  2⤵
  PID:8576
- C:\Windows\System\uHiwRXj.exe
  C:\Windows\System\uHiwRXj.exe
  2⤵
  PID:8608
- C:\Windows\System\AHhtrRG.exe
  C:\Windows\System\AHhtrRG.exe
  2⤵
  PID:8632
- C:\Windows\System\LghAQUd.exe
  C:\Windows\System\LghAQUd.exe
  2⤵
  PID:8660
- C:\Windows\System\SxzpSyN.exe
  C:\Windows\System\SxzpSyN.exe
  2⤵
  PID:8688
- C:\Windows\System\CyhSOaJ.exe
  C:\Windows\System\CyhSOaJ.exe
  2⤵
  PID:8716
- C:\Windows\System\lKSaDLj.exe
  C:\Windows\System\lKSaDLj.exe
  2⤵
  PID:8744
- C:\Windows\System\mGZgWPV.exe
  C:\Windows\System\mGZgWPV.exe
  2⤵
  PID:8780
- C:\Windows\System\cdxAYGZ.exe
  C:\Windows\System\cdxAYGZ.exe
  2⤵
  PID:8800
- C:\Windows\System\cVINbuw.exe
  C:\Windows\System\cVINbuw.exe
  2⤵
  PID:8828
- C:\Windows\System\BkkTfKF.exe
  C:\Windows\System\BkkTfKF.exe
  2⤵
  PID:8856
- C:\Windows\System\eMoTkUz.exe
  C:\Windows\System\eMoTkUz.exe
  2⤵
  PID:8884
- C:\Windows\System\evZjQqC.exe
  C:\Windows\System\evZjQqC.exe
  2⤵
  PID:8924
- C:\Windows\System\hmGAXXz.exe
  C:\Windows\System\hmGAXXz.exe
  2⤵
  PID:8940
- C:\Windows\System\MzeNMmN.exe
  C:\Windows\System\MzeNMmN.exe
  2⤵
  PID:8968
- C:\Windows\System\YlfDwdV.exe
  C:\Windows\System\YlfDwdV.exe
  2⤵
  PID:8996
- C:\Windows\System\YYWIHyF.exe
  C:\Windows\System\YYWIHyF.exe
  2⤵
  PID:9024
- C:\Windows\System\dDdxKDU.exe
  C:\Windows\System\dDdxKDU.exe
  2⤵
  PID:9052
- C:\Windows\System\pVPeCzA.exe
  C:\Windows\System\pVPeCzA.exe
  2⤵
  PID:9080
- C:\Windows\System\TrkUcwu.exe
  C:\Windows\System\TrkUcwu.exe
  2⤵
  PID:9108
- C:\Windows\System\UZDmrER.exe
  C:\Windows\System\UZDmrER.exe
  2⤵
  PID:9136
- C:\Windows\System\buaRHnU.exe
  C:\Windows\System\buaRHnU.exe
  2⤵
  PID:9164
- C:\Windows\System\UEmtwHm.exe
  C:\Windows\System\UEmtwHm.exe
  2⤵
  PID:9192
- C:\Windows\System\pBLgIhv.exe
  C:\Windows\System\pBLgIhv.exe
  2⤵
  PID:8200
- C:\Windows\System\mPhhsOw.exe
  C:\Windows\System\mPhhsOw.exe
  2⤵
  PID:8276
- C:\Windows\System\MdtIUSj.exe
  C:\Windows\System\MdtIUSj.exe
  2⤵
  PID:8340
- C:\Windows\System\IiuHEql.exe
  C:\Windows\System\IiuHEql.exe
  2⤵
  PID:8400
- C:\Windows\System\NVcNQdJ.exe
  C:\Windows\System\NVcNQdJ.exe
  2⤵
  PID:8476
- C:\Windows\System\rqloSrf.exe
  C:\Windows\System\rqloSrf.exe
  2⤵
  PID:8540
- C:\Windows\System\kzExkfj.exe
  C:\Windows\System\kzExkfj.exe
  2⤵
  PID:8616
- C:\Windows\System\AOkLoEa.exe
  C:\Windows\System\AOkLoEa.exe
  2⤵
  PID:8680
- C:\Windows\System\qmpFRbi.exe
  C:\Windows\System\qmpFRbi.exe
  2⤵
  PID:8764
- C:\Windows\System\iDhzVrG.exe
  C:\Windows\System\iDhzVrG.exe
  2⤵
  PID:8840
- C:\Windows\System\dmnZvAl.exe
  C:\Windows\System\dmnZvAl.exe
  2⤵
  PID:8936
- C:\Windows\System\SdwcLyg.exe
  C:\Windows\System\SdwcLyg.exe
  2⤵
  PID:8404
- C:\Windows\System\akPeSLo.exe
  C:\Windows\System\akPeSLo.exe
  2⤵
  PID:9064
- C:\Windows\System\SqGKmnn.exe
  C:\Windows\System\SqGKmnn.exe
  2⤵
  PID:9100
- C:\Windows\System\kCRSARI.exe
  C:\Windows\System\kCRSARI.exe
  2⤵
  PID:9132
- C:\Windows\System\XkmwaXm.exe
  C:\Windows\System\XkmwaXm.exe
  2⤵
  PID:8256
- C:\Windows\System\pNQJkfw.exe
  C:\Windows\System\pNQJkfw.exe
  2⤵
  PID:8396
- C:\Windows\System\AmoehJP.exe
  C:\Windows\System\AmoehJP.exe
  2⤵
  PID:8568
- C:\Windows\System\xHOjBOq.exe
  C:\Windows\System\xHOjBOq.exe
  2⤵
  PID:8788
- C:\Windows\System\ItjcWRU.exe
  C:\Windows\System\ItjcWRU.exe
  2⤵
  PID:8960
- C:\Windows\System\uSvGmRe.exe
  C:\Windows\System\uSvGmRe.exe
  2⤵
  PID:9076
- C:\Windows\System\UFHBPxd.exe
  C:\Windows\System\UFHBPxd.exe
  2⤵
  PID:8316
- C:\Windows\System\oyFCwNz.exe
  C:\Windows\System\oyFCwNz.exe
  2⤵
  PID:8596
- C:\Windows\System\DviocpN.exe
  C:\Windows\System\DviocpN.exe
  2⤵
  PID:8896
- C:\Windows\System\PfFGLFw.exe
  C:\Windows\System\PfFGLFw.exe
  2⤵
  PID:8460
- C:\Windows\System\pilfkLj.exe
  C:\Windows\System\pilfkLj.exe
  2⤵
  PID:8196
- C:\Windows\System\HYOLljh.exe
  C:\Windows\System\HYOLljh.exe
  2⤵
  PID:9092
- C:\Windows\System\BkfcWxV.exe
  C:\Windows\System\BkfcWxV.exe
  2⤵
  PID:9240
- C:\Windows\System\BPihSqD.exe
  C:\Windows\System\BPihSqD.exe
  2⤵
  PID:9268
- C:\Windows\System\CrXCCnz.exe
  C:\Windows\System\CrXCCnz.exe
  2⤵
  PID:9296
- C:\Windows\System\diAMhnn.exe
  C:\Windows\System\diAMhnn.exe
  2⤵
  PID:9324
- C:\Windows\System\mcKxSyB.exe
  C:\Windows\System\mcKxSyB.exe
  2⤵
  PID:9352
- C:\Windows\System\msfWGAP.exe
  C:\Windows\System\msfWGAP.exe
  2⤵
  PID:9380
- C:\Windows\System\WokLnWG.exe
  C:\Windows\System\WokLnWG.exe
  2⤵
  PID:9412
- C:\Windows\System\uvRjMPx.exe
  C:\Windows\System\uvRjMPx.exe
  2⤵
  PID:9440
- C:\Windows\System\WAWGgXB.exe
  C:\Windows\System\WAWGgXB.exe
  2⤵
  PID:9468
- C:\Windows\System\cMatGjH.exe
  C:\Windows\System\cMatGjH.exe
  2⤵
  PID:9496
- C:\Windows\System\wHQrhDO.exe
  C:\Windows\System\wHQrhDO.exe
  2⤵
  PID:9524
- C:\Windows\System\FmRHmcI.exe
  C:\Windows\System\FmRHmcI.exe
  2⤵
  PID:9552
- C:\Windows\System\zNMlBul.exe
  C:\Windows\System\zNMlBul.exe
  2⤵
  PID:9580
- C:\Windows\System\CIGZCLT.exe
  C:\Windows\System\CIGZCLT.exe
  2⤵
  PID:9608
- C:\Windows\System\tdaxWxD.exe
  C:\Windows\System\tdaxWxD.exe
  2⤵
  PID:9640
- C:\Windows\System\WDDPZoL.exe
  C:\Windows\System\WDDPZoL.exe
  2⤵
  PID:9664
- C:\Windows\System\zjHbSVX.exe
  C:\Windows\System\zjHbSVX.exe
  2⤵
  PID:9692
- C:\Windows\System\MrtDGNB.exe
  C:\Windows\System\MrtDGNB.exe
  2⤵
  PID:9720
- C:\Windows\System\ImnuaMK.exe
  C:\Windows\System\ImnuaMK.exe
  2⤵
  PID:9748
- C:\Windows\System\CVcPSsg.exe
  C:\Windows\System\CVcPSsg.exe
  2⤵
  PID:9776
- C:\Windows\System\cJBKwUg.exe
  C:\Windows\System\cJBKwUg.exe
  2⤵
  PID:9804
- C:\Windows\System\dJuakeE.exe
  C:\Windows\System\dJuakeE.exe
  2⤵
  PID:9832
- C:\Windows\System\RUkQXKm.exe
  C:\Windows\System\RUkQXKm.exe
  2⤵
  PID:9860
- C:\Windows\System\vdmZzYI.exe
  C:\Windows\System\vdmZzYI.exe
  2⤵
  PID:9888
- C:\Windows\System\GjwpGpr.exe
  C:\Windows\System\GjwpGpr.exe
  2⤵
  PID:9916
- C:\Windows\System\Wcqkiis.exe
  C:\Windows\System\Wcqkiis.exe
  2⤵
  PID:9944
- C:\Windows\System\dXfWLaV.exe
  C:\Windows\System\dXfWLaV.exe
  2⤵
  PID:9972
- C:\Windows\System\HHPXqTz.exe
  C:\Windows\System\HHPXqTz.exe
  2⤵
  PID:10000
- C:\Windows\System\ClOGyje.exe
  C:\Windows\System\ClOGyje.exe
  2⤵
  PID:10028
- C:\Windows\System\cPCRAMt.exe
  C:\Windows\System\cPCRAMt.exe
  2⤵
  PID:10068
- C:\Windows\System\bqKiCPW.exe
  C:\Windows\System\bqKiCPW.exe
  2⤵
  PID:10084
- C:\Windows\System\lEAkGaM.exe
  C:\Windows\System\lEAkGaM.exe
  2⤵
  PID:10112
- C:\Windows\System\jecASje.exe
  C:\Windows\System\jecASje.exe
  2⤵
  PID:10140
- C:\Windows\System\oDxSQqB.exe
  C:\Windows\System\oDxSQqB.exe
  2⤵
  PID:10168
- C:\Windows\System\gjCTUjD.exe
  C:\Windows\System\gjCTUjD.exe
  2⤵
  PID:10196
- C:\Windows\System\AsPNHFW.exe
  C:\Windows\System\AsPNHFW.exe
  2⤵
  PID:10224
- C:\Windows\System\nmFyjfV.exe
  C:\Windows\System\nmFyjfV.exe
  2⤵
  PID:9252
- C:\Windows\System\PFsnXOB.exe
  C:\Windows\System\PFsnXOB.exe
  2⤵
  PID:9316
- C:\Windows\System\dAXvwli.exe
  C:\Windows\System\dAXvwli.exe
  2⤵
  PID:9392
- C:\Windows\System\HAsoCQa.exe
  C:\Windows\System\HAsoCQa.exe
  2⤵
  PID:9460
- C:\Windows\System\ahjTfmv.exe
  C:\Windows\System\ahjTfmv.exe
  2⤵
  PID:9520
- C:\Windows\System\OWPitUl.exe
  C:\Windows\System\OWPitUl.exe
  2⤵
  PID:9592
- C:\Windows\System\KvDrLGQ.exe
  C:\Windows\System\KvDrLGQ.exe
  2⤵
  PID:9656
- C:\Windows\System\SPthqCC.exe
  C:\Windows\System\SPthqCC.exe
  2⤵
  PID:9716
- C:\Windows\System\sOmweXH.exe
  C:\Windows\System\sOmweXH.exe
  2⤵
  PID:9788
- C:\Windows\System\XeJsMgh.exe
  C:\Windows\System\XeJsMgh.exe
  2⤵
  PID:9852
- C:\Windows\System\owsnFXR.exe
  C:\Windows\System\owsnFXR.exe
  2⤵
  PID:9912
- C:\Windows\System\FhdeoHj.exe
  C:\Windows\System\FhdeoHj.exe
  2⤵
  PID:9984
- C:\Windows\System\EMiYfuR.exe
  C:\Windows\System\EMiYfuR.exe
  2⤵
  PID:10048
- C:\Windows\System\FaPuLfE.exe
  C:\Windows\System\FaPuLfE.exe
  2⤵
  PID:10108
- C:\Windows\System\vGGNWRJ.exe
  C:\Windows\System\vGGNWRJ.exe
  2⤵
  PID:10180
- C:\Windows\System\RCqHawF.exe
  C:\Windows\System\RCqHawF.exe
  2⤵
  PID:10236
- C:\Windows\System\CSyalBp.exe
  C:\Windows\System\CSyalBp.exe
  2⤵
  PID:9436
- C:\Windows\System\scfvQjW.exe
  C:\Windows\System\scfvQjW.exe
  2⤵
  PID:9516
- C:\Windows\System\PixCXFA.exe
  C:\Windows\System\PixCXFA.exe
  2⤵
  PID:9684
- C:\Windows\System\pkjMtiG.exe
  C:\Windows\System\pkjMtiG.exe
  2⤵
  PID:9828
- C:\Windows\System\COolyek.exe
  C:\Windows\System\COolyek.exe
  2⤵
  PID:9968
- C:\Windows\System\iOhNpnQ.exe
  C:\Windows\System\iOhNpnQ.exe
  2⤵
  PID:10132
- C:\Windows\System\BBOvoDL.exe
  C:\Windows\System\BBOvoDL.exe
  2⤵
  PID:9308
- C:\Windows\System\AOWesFv.exe
  C:\Windows\System\AOWesFv.exe
  2⤵
  PID:9628
- C:\Windows\System\sLZJtFh.exe
  C:\Windows\System\sLZJtFh.exe
  2⤵
  PID:9964
- C:\Windows\System\eInIDct.exe
  C:\Windows\System\eInIDct.exe
  2⤵
  PID:4580
- C:\Windows\System\MMdGcha.exe
  C:\Windows\System\MMdGcha.exe
  2⤵
  PID:10220
- C:\Windows\System\IsqkGqO.exe
  C:\Windows\System\IsqkGqO.exe
  2⤵
  PID:9364
- C:\Windows\System\yrLPrZU.exe
  C:\Windows\System\yrLPrZU.exe
  2⤵
  PID:10264
- C:\Windows\System\MUuUKnC.exe
  C:\Windows\System\MUuUKnC.exe
  2⤵
  PID:10292
- C:\Windows\System\pEpIfeS.exe
  C:\Windows\System\pEpIfeS.exe
  2⤵
  PID:10320
- C:\Windows\System\fBKMguh.exe
  C:\Windows\System\fBKMguh.exe
  2⤵
  PID:10348
- C:\Windows\System\ZSqlifN.exe
  C:\Windows\System\ZSqlifN.exe
  2⤵
  PID:10376
- C:\Windows\System\hpyhXOD.exe
  C:\Windows\System\hpyhXOD.exe
  2⤵
  PID:10404
- C:\Windows\System\XaYxOIg.exe
  C:\Windows\System\XaYxOIg.exe
  2⤵
  PID:10432
- C:\Windows\System\mxmWKEc.exe
  C:\Windows\System\mxmWKEc.exe
  2⤵
  PID:10460
- C:\Windows\System\hUNmgbh.exe
  C:\Windows\System\hUNmgbh.exe
  2⤵
  PID:10492
- C:\Windows\System\dZuswDs.exe
  C:\Windows\System\dZuswDs.exe
  2⤵
  PID:10520
- C:\Windows\System\slvCQrq.exe
  C:\Windows\System\slvCQrq.exe
  2⤵
  PID:10548
- C:\Windows\System\LFeBlfD.exe
  C:\Windows\System\LFeBlfD.exe
  2⤵
  PID:10576
- C:\Windows\System\eMpICFO.exe
  C:\Windows\System\eMpICFO.exe
  2⤵
  PID:10604
- C:\Windows\System\Wfqlhtc.exe
  C:\Windows\System\Wfqlhtc.exe
  2⤵
  PID:10632
- C:\Windows\System\snaXvWb.exe
  C:\Windows\System\snaXvWb.exe
  2⤵
  PID:10660
- C:\Windows\System\OuheInb.exe
  C:\Windows\System\OuheInb.exe
  2⤵
  PID:10688
- C:\Windows\System\YWYBxoh.exe
  C:\Windows\System\YWYBxoh.exe
  2⤵
  PID:10716
- C:\Windows\System\RbAcSIB.exe
  C:\Windows\System\RbAcSIB.exe
  2⤵
  PID:10744
- C:\Windows\System\LNuWyOF.exe
  C:\Windows\System\LNuWyOF.exe
  2⤵
  PID:10772
- C:\Windows\System\YWOfGuX.exe
  C:\Windows\System\YWOfGuX.exe
  2⤵
  PID:10800
- C:\Windows\System\EbqyQyQ.exe
  C:\Windows\System\EbqyQyQ.exe
  2⤵
  PID:10828
- C:\Windows\System\mVLzxNR.exe
  C:\Windows\System\mVLzxNR.exe
  2⤵
  PID:10856
- C:\Windows\System\OCQxgFq.exe
  C:\Windows\System\OCQxgFq.exe
  2⤵
  PID:10884
- C:\Windows\System\xEdmibr.exe
  C:\Windows\System\xEdmibr.exe
  2⤵
  PID:10912
- C:\Windows\System\AZThUEu.exe
  C:\Windows\System\AZThUEu.exe
  2⤵
  PID:10940
- C:\Windows\System\iztmWsQ.exe
  C:\Windows\System\iztmWsQ.exe
  2⤵
  PID:10968
- C:\Windows\System\jvEEmqN.exe
  C:\Windows\System\jvEEmqN.exe
  2⤵
  PID:10996
- C:\Windows\System\btXAyHE.exe
  C:\Windows\System\btXAyHE.exe
  2⤵
  PID:11024
- C:\Windows\System\wnADpeO.exe
  C:\Windows\System\wnADpeO.exe
  2⤵
  PID:11052
- C:\Windows\System\LuoRkmm.exe
  C:\Windows\System\LuoRkmm.exe
  2⤵
  PID:11080
- C:\Windows\System\XhfEnNy.exe
  C:\Windows\System\XhfEnNy.exe
  2⤵
  PID:11108
- C:\Windows\System\mswgwzf.exe
  C:\Windows\System\mswgwzf.exe
  2⤵
  PID:11136
- C:\Windows\System\OwwFzfW.exe
  C:\Windows\System\OwwFzfW.exe
  2⤵
  PID:11164
- C:\Windows\System\RCbeyBr.exe
  C:\Windows\System\RCbeyBr.exe
  2⤵
  PID:11228
- C:\Windows\System\aqwWxGf.exe
  C:\Windows\System\aqwWxGf.exe
  2⤵
  PID:11256
- C:\Windows\System\rwXkTmq.exe
  C:\Windows\System\rwXkTmq.exe
  2⤵
  PID:10288
- C:\Windows\System\ZPlYNpi.exe
  C:\Windows\System\ZPlYNpi.exe
  2⤵
  PID:10372
- C:\Windows\System\TbhpSGI.exe
  C:\Windows\System\TbhpSGI.exe
  2⤵
  PID:10488
- C:\Windows\System\cQhldev.exe
  C:\Windows\System\cQhldev.exe
  2⤵
  PID:10560
- C:\Windows\System\hjPXvbE.exe
  C:\Windows\System\hjPXvbE.exe
  2⤵
  PID:10624
- C:\Windows\System\KesCZYT.exe
  C:\Windows\System\KesCZYT.exe
  2⤵
  PID:10684
- C:\Windows\System\yKLrwAE.exe
  C:\Windows\System\yKLrwAE.exe
  2⤵
  PID:10768
- C:\Windows\System\DhctIvn.exe
  C:\Windows\System\DhctIvn.exe
  2⤵
  PID:10840
- C:\Windows\System\PIrZptj.exe
  C:\Windows\System\PIrZptj.exe
  2⤵
  PID:10908
- C:\Windows\System\tymnaAI.exe
  C:\Windows\System\tymnaAI.exe
  2⤵
  PID:10980
- C:\Windows\System\uosBDZi.exe
  C:\Windows\System\uosBDZi.exe
  2⤵
  PID:11044
- C:\Windows\System\bRJDARX.exe
  C:\Windows\System\bRJDARX.exe
  2⤵
  PID:11100
- C:\Windows\System\sQoPYqb.exe
  C:\Windows\System\sQoPYqb.exe
  2⤵
  PID:11156
- C:\Windows\System\YFbaKBw.exe
  C:\Windows\System\YFbaKBw.exe
  2⤵
  PID:4256
- C:\Windows\System\MXUbqJr.exe
  C:\Windows\System\MXUbqJr.exe
  2⤵
  PID:11252
- C:\Windows\System\JrZqGms.exe
  C:\Windows\System\JrZqGms.exe
  2⤵
  PID:10400
- C:\Windows\System\MvVvwQj.exe
  C:\Windows\System\MvVvwQj.exe
  2⤵
  PID:10588
- C:\Windows\System\qwPQJwW.exe
  C:\Windows\System\qwPQJwW.exe
  2⤵
  PID:10756
- C:\Windows\System\CpxHLEh.exe
  C:\Windows\System\CpxHLEh.exe
  2⤵
  PID:5768
- C:\Windows\System\uXALLaw.exe
  C:\Windows\System\uXALLaw.exe
  2⤵
  PID:11008
- C:\Windows\System\SNZBmAF.exe
  C:\Windows\System\SNZBmAF.exe
  2⤵
  PID:11132
- C:\Windows\System\ZwpBOfa.exe
  C:\Windows\System\ZwpBOfa.exe
  2⤵
  PID:11248
- C:\Windows\System\yhBtWTC.exe
  C:\Windows\System\yhBtWTC.exe
  2⤵
  PID:10652
- C:\Windows\System\oONMpBB.exe
  C:\Windows\System\oONMpBB.exe
  2⤵
  PID:10960
- C:\Windows\System\TMqhgwR.exe
  C:\Windows\System\TMqhgwR.exe
  2⤵
  PID:11240
- C:\Windows\System\cTdLnml.exe
  C:\Windows\System\cTdLnml.exe
  2⤵
  PID:11092
- C:\Windows\System\POluHCr.exe
  C:\Windows\System\POluHCr.exe
  2⤵
  PID:11276
- C:\Windows\System\gijXqYL.exe
  C:\Windows\System\gijXqYL.exe
  2⤵
  PID:11304
- C:\Windows\System\skOKBMb.exe
  C:\Windows\System\skOKBMb.exe
  2⤵
  PID:11332
- C:\Windows\System\pwvuzZI.exe
  C:\Windows\System\pwvuzZI.exe
  2⤵
  PID:11360
- C:\Windows\System\zVKEDRQ.exe
  C:\Windows\System\zVKEDRQ.exe
  2⤵
  PID:11388
- C:\Windows\System\zuvVckS.exe
  C:\Windows\System\zuvVckS.exe
  2⤵
  PID:11416
- C:\Windows\System\saQmumv.exe
  C:\Windows\System\saQmumv.exe
  2⤵
  PID:11444
- C:\Windows\System\gHStcOE.exe
  C:\Windows\System\gHStcOE.exe
  2⤵
  PID:11472
- C:\Windows\System\ODwWshM.exe
  C:\Windows\System\ODwWshM.exe
  2⤵
  PID:11516
- C:\Windows\System\QQtPKkE.exe
  C:\Windows\System\QQtPKkE.exe
  2⤵
  PID:11532
- C:\Windows\System\ntYbeui.exe
  C:\Windows\System\ntYbeui.exe
  2⤵
  PID:11560
- C:\Windows\System\DqQgAsH.exe
  C:\Windows\System\DqQgAsH.exe
  2⤵
  PID:11588
- C:\Windows\System\WhDAhYV.exe
  C:\Windows\System\WhDAhYV.exe
  2⤵
  PID:11616
- C:\Windows\System\jUCbEvj.exe
  C:\Windows\System\jUCbEvj.exe
  2⤵
  PID:11644
- C:\Windows\System\CtbZDBg.exe
  C:\Windows\System\CtbZDBg.exe
  2⤵
  PID:11672
- C:\Windows\System\EFAaucC.exe
  C:\Windows\System\EFAaucC.exe
  2⤵
  PID:11700
- C:\Windows\System\YQAgcGR.exe
  C:\Windows\System\YQAgcGR.exe
  2⤵
  PID:11732
- C:\Windows\System\rTbiTFD.exe
  C:\Windows\System\rTbiTFD.exe
  2⤵
  PID:11760
- C:\Windows\System\hFdaUcd.exe
  C:\Windows\System\hFdaUcd.exe
  2⤵
  PID:11788
- C:\Windows\System\oBNNhLF.exe
  C:\Windows\System\oBNNhLF.exe
  2⤵
  PID:11816
- C:\Windows\System\OiXQQpP.exe
  C:\Windows\System\OiXQQpP.exe
  2⤵
  PID:11832
- C:\Windows\System\ltFNmPw.exe
  C:\Windows\System\ltFNmPw.exe
  2⤵
  PID:11852
- C:\Windows\System\kxvSnLg.exe
  C:\Windows\System\kxvSnLg.exe
  2⤵
  PID:11888
- C:\Windows\System\gtMWiSb.exe
  C:\Windows\System\gtMWiSb.exe
  2⤵
  PID:11928
- C:\Windows\System\VaCrybW.exe
  C:\Windows\System\VaCrybW.exe
  2⤵
  PID:11980
- C:\Windows\System\fUtSzJN.exe
  C:\Windows\System\fUtSzJN.exe
  2⤵
  PID:12020
- C:\Windows\System\YDBHqPu.exe
  C:\Windows\System\YDBHqPu.exe
  2⤵
  PID:12056
- C:\Windows\System\JstEeWf.exe
  C:\Windows\System\JstEeWf.exe
  2⤵
  PID:12084
- C:\Windows\System\OelQAdm.exe
  C:\Windows\System\OelQAdm.exe
  2⤵
  PID:12112
- C:\Windows\System\XuhkqJG.exe
  C:\Windows\System\XuhkqJG.exe
  2⤵
  PID:12140
- C:\Windows\System\xuDRhGe.exe
  C:\Windows\System\xuDRhGe.exe
  2⤵
  PID:12168
- C:\Windows\System\ntCpTmJ.exe
  C:\Windows\System\ntCpTmJ.exe
  2⤵
  PID:12196
- C:\Windows\System\PHqwwYF.exe
  C:\Windows\System\PHqwwYF.exe
  2⤵
  PID:12224
- C:\Windows\System\XCdLGJa.exe
  C:\Windows\System\XCdLGJa.exe
  2⤵
  PID:12252
- C:\Windows\System\PYsUEJx.exe
  C:\Windows\System\PYsUEJx.exe
  2⤵
  PID:12280
- C:\Windows\System\AITNvvC.exe
  C:\Windows\System\AITNvvC.exe
  2⤵
  PID:10456
- C:\Windows\System\KJPyXqk.exe
  C:\Windows\System\KJPyXqk.exe
  2⤵
  PID:2544
- C:\Windows\System\CnhFOoM.exe
  C:\Windows\System\CnhFOoM.exe
  2⤵
  PID:11408
- C:\Windows\System\hSmtQcP.exe
  C:\Windows\System\hSmtQcP.exe
  2⤵
  PID:11468
- C:\Windows\System\EUpXIZb.exe
  C:\Windows\System\EUpXIZb.exe
  2⤵
  PID:4692
- C:\Windows\System\KKsZJuI.exe
  C:\Windows\System\KKsZJuI.exe
  2⤵
  PID:11556
- C:\Windows\System\XctHldf.exe
  C:\Windows\System\XctHldf.exe
  2⤵
  PID:11628
- C:\Windows\System\kSUgjJZ.exe
  C:\Windows\System\kSUgjJZ.exe
  2⤵
  PID:11696
- C:\Windows\System\wMYMHzL.exe
  C:\Windows\System\wMYMHzL.exe
  2⤵
  PID:11756
- C:\Windows\System\XZtyGuz.exe
  C:\Windows\System\XZtyGuz.exe
  2⤵
  PID:11808
- C:\Windows\System\zJoeila.exe
  C:\Windows\System\zJoeila.exe
  2⤵
  PID:11880
- C:\Windows\System\tTDzkTM.exe
  C:\Windows\System\tTDzkTM.exe
  2⤵
  PID:11968
- C:\Windows\System\JWrCdaU.exe
  C:\Windows\System\JWrCdaU.exe
  2⤵
  PID:10340
- C:\Windows\System\TzKKqyk.exe
  C:\Windows\System\TzKKqyk.exe
  2⤵
  PID:10736
- C:\Windows\System\iaSYIdx.exe
  C:\Windows\System\iaSYIdx.exe
  2⤵
  PID:12076
- C:\Windows\System\MnwGZcD.exe
  C:\Windows\System\MnwGZcD.exe
  2⤵
  PID:12136
- C:\Windows\System\evrwOrA.exe
  C:\Windows\System\evrwOrA.exe
  2⤵
  PID:12208
- C:\Windows\System\TslELsp.exe
  C:\Windows\System\TslELsp.exe
  2⤵
  PID:12264
- C:\Windows\System\yaDeuzc.exe
  C:\Windows\System\yaDeuzc.exe
  2⤵
  PID:11344
- C:\Windows\System\BaAJDDW.exe
  C:\Windows\System\BaAJDDW.exe
  2⤵
  PID:11464
- C:\Windows\System\GORfEdX.exe
  C:\Windows\System\GORfEdX.exe
  2⤵
  PID:11584
- C:\Windows\System\esmCKgt.exe
  C:\Windows\System\esmCKgt.exe
  2⤵
  PID:11744
- C:\Windows\System\lmgVehO.exe
  C:\Windows\System\lmgVehO.exe
  2⤵
  PID:11876
- C:\Windows\System\vlUmeMD.exe
  C:\Windows\System\vlUmeMD.exe
  2⤵
  PID:11188
- C:\Windows\System\bAgjzTh.exe
  C:\Windows\System\bAgjzTh.exe
  2⤵
  PID:12124
- C:\Windows\System\CLVmRsi.exe
  C:\Windows\System\CLVmRsi.exe
  2⤵
  PID:11512
- C:\Windows\System\UZzTfyd.exe
  C:\Windows\System\UZzTfyd.exe
  2⤵
  PID:11492
- C:\Windows\System\wTJDrgo.exe
  C:\Windows\System\wTJDrgo.exe
  2⤵
  PID:11844
- C:\Windows\System\ByWNodw.exe
  C:\Windows\System\ByWNodw.exe
  2⤵
  PID:12104
- C:\Windows\System\nKyGfAq.exe
  C:\Windows\System\nKyGfAq.exe
  2⤵
  PID:11656
- C:\Windows\System\YoCcWxM.exe
  C:\Windows\System\YoCcWxM.exe
  2⤵
  PID:11436
- C:\Windows\System\FAnpGLn.exe
  C:\Windows\System\FAnpGLn.exe
  2⤵
  PID:12068
- C:\Windows\System\ZPWropR.exe
  C:\Windows\System\ZPWropR.exe
  2⤵
  PID:12316
- C:\Windows\System\muVIHld.exe
  C:\Windows\System\muVIHld.exe
  2⤵
  PID:12344
- C:\Windows\System\ahbphOU.exe
  C:\Windows\System\ahbphOU.exe
  2⤵
  PID:12372
- C:\Windows\System\PpYPtxD.exe
  C:\Windows\System\PpYPtxD.exe
  2⤵
  PID:12400
- C:\Windows\System\LnbOkuT.exe
  C:\Windows\System\LnbOkuT.exe
  2⤵
  PID:12428
- C:\Windows\System\SftaGjr.exe
  C:\Windows\System\SftaGjr.exe
  2⤵
  PID:12456
- C:\Windows\System\lGYKhNI.exe
  C:\Windows\System\lGYKhNI.exe
  2⤵
  PID:12484
- C:\Windows\System\UqfHUeC.exe
  C:\Windows\System\UqfHUeC.exe
  2⤵
  PID:12516
- C:\Windows\System\ulNhZwy.exe
  C:\Windows\System\ulNhZwy.exe
  2⤵
  PID:12544
- C:\Windows\System\XstxrDB.exe
  C:\Windows\System\XstxrDB.exe
  2⤵
  PID:12572
- C:\Windows\System\vUAXzuR.exe
  C:\Windows\System\vUAXzuR.exe
  2⤵
  PID:12600
- C:\Windows\System\gqeQCnu.exe
  C:\Windows\System\gqeQCnu.exe
  2⤵
  PID:12628
- C:\Windows\System\jzbmDGK.exe
  C:\Windows\System\jzbmDGK.exe
  2⤵
  PID:12668
- C:\Windows\System\IGGeYzT.exe
  C:\Windows\System\IGGeYzT.exe
  2⤵
  PID:12684
- C:\Windows\System\uoJJxZl.exe
  C:\Windows\System\uoJJxZl.exe
  2⤵
  PID:12712
- C:\Windows\System\xMJnrCO.exe
  C:\Windows\System\xMJnrCO.exe
  2⤵
  PID:12740
- C:\Windows\System\tmYHllh.exe
  C:\Windows\System\tmYHllh.exe
  2⤵
  PID:12768
- C:\Windows\System\bNfOkXN.exe
  C:\Windows\System\bNfOkXN.exe
  2⤵
  PID:12796
- C:\Windows\System\JrymWcB.exe
  C:\Windows\System\JrymWcB.exe
  2⤵
  PID:12824
- C:\Windows\System\etczHkS.exe
  C:\Windows\System\etczHkS.exe
  2⤵
  PID:12852
- C:\Windows\System\gfKXFgF.exe
  C:\Windows\System\gfKXFgF.exe
  2⤵
  PID:12880
- C:\Windows\System\SttxUBt.exe
  C:\Windows\System\SttxUBt.exe
  2⤵
  PID:12908
- C:\Windows\System\QuAIIDz.exe
  C:\Windows\System\QuAIIDz.exe
  2⤵
  PID:12936
- C:\Windows\System\zBfNFaX.exe
  C:\Windows\System\zBfNFaX.exe
  2⤵
  PID:12964
- C:\Windows\System\AZWGxgg.exe
  C:\Windows\System\AZWGxgg.exe
  2⤵
  PID:12992
- C:\Windows\System\OQuzkXg.exe
  C:\Windows\System\OQuzkXg.exe
  2⤵
  PID:13020
- C:\Windows\System\ZmEOFgs.exe
  C:\Windows\System\ZmEOFgs.exe
  2⤵
  PID:13048
- C:\Windows\System\xUJXhVN.exe
  C:\Windows\System\xUJXhVN.exe
  2⤵
  PID:13076
- C:\Windows\System\CyCbzcM.exe
  C:\Windows\System\CyCbzcM.exe
  2⤵
  PID:13104
- C:\Windows\System\euGFMiV.exe
  C:\Windows\System\euGFMiV.exe
  2⤵
  PID:13132
- C:\Windows\System\TUZaHPA.exe
  C:\Windows\System\TUZaHPA.exe
  2⤵
  PID:13160
- C:\Windows\System\cQmdrtP.exe
  C:\Windows\System\cQmdrtP.exe
  2⤵
  PID:13188
- C:\Windows\System\QSiPEGI.exe
  C:\Windows\System\QSiPEGI.exe
  2⤵
  PID:13228
- C:\Windows\System\cYsGiFh.exe
  C:\Windows\System\cYsGiFh.exe
  2⤵
  PID:13244
- C:\Windows\System\pJxtrmO.exe
  C:\Windows\System\pJxtrmO.exe
  2⤵
  PID:13272
- C:\Windows\System\xmkhUAh.exe
  C:\Windows\System\xmkhUAh.exe
  2⤵
  PID:13304
- C:\Windows\System\bMAyFWD.exe
  C:\Windows\System\bMAyFWD.exe
  2⤵
  PID:12336
- C:\Windows\System\zuHolOt.exe
  C:\Windows\System\zuHolOt.exe
  2⤵
  PID:12396
- C:\Windows\System\CEuyfFu.exe
  C:\Windows\System\CEuyfFu.exe
  2⤵
  PID:12468
- C:\Windows\System\jUiRgfh.exe
  C:\Windows\System\jUiRgfh.exe
  2⤵
  PID:12536
- C:\Windows\System\BEHIGtN.exe
  C:\Windows\System\BEHIGtN.exe
  2⤵
  PID:12596
- C:\Windows\System\YtLxBSB.exe
  C:\Windows\System\YtLxBSB.exe
  2⤵
  PID:12652
- C:\Windows\System\gGAtbGe.exe
  C:\Windows\System\gGAtbGe.exe
  2⤵
  PID:12732
- C:\Windows\System\eLKXWNn.exe
  C:\Windows\System\eLKXWNn.exe
  2⤵
  PID:12792
- C:\Windows\System\GZFWRKX.exe
  C:\Windows\System\GZFWRKX.exe
  2⤵
  PID:12864
- C:\Windows\System\SAntNfz.exe
  C:\Windows\System\SAntNfz.exe
  2⤵
  PID:12928
- C:\Windows\System\tGlqHyh.exe
  C:\Windows\System\tGlqHyh.exe
  2⤵
  PID:12988
- C:\Windows\System\EuVxRry.exe
  C:\Windows\System\EuVxRry.exe
  2⤵
  PID:13060
- C:\Windows\System\PbuoiRB.exe
  C:\Windows\System\PbuoiRB.exe
  2⤵
  PID:13116
- C:\Windows\System\GAwGKtz.exe
  C:\Windows\System\GAwGKtz.exe
  2⤵
  PID:13180
- C:\Windows\System\lvYASMO.exe
  C:\Windows\System\lvYASMO.exe
  2⤵
  PID:13240
- C:\Windows\System\drKddSn.exe
  C:\Windows\System\drKddSn.exe
  2⤵
  PID:12312
- C:\Windows\System\CjsHlgm.exe
  C:\Windows\System\CjsHlgm.exe
  2⤵
  PID:12448
- C:\Windows\System\EQKQikm.exe
  C:\Windows\System\EQKQikm.exe
  2⤵
  PID:12592
- C:\Windows\System\kqtDyKk.exe
  C:\Windows\System\kqtDyKk.exe
  2⤵
  PID:12760
- C:\Windows\System\DlEEsVA.exe
  C:\Windows\System\DlEEsVA.exe
  2⤵
  PID:12904
- C:\Windows\System\vSDEfPE.exe
  C:\Windows\System\vSDEfPE.exe
  2⤵
  PID:13044
- C:\Windows\System\idrjqLB.exe
  C:\Windows\System\idrjqLB.exe
  2⤵
  PID:13208
- C:\Windows\System\rycpgvF.exe
  C:\Windows\System\rycpgvF.exe
  2⤵
  PID:12392
- C:\Windows\System\AIXfbXT.exe
  C:\Windows\System\AIXfbXT.exe
  2⤵
  PID:12724
- C:\Windows\System\qNNMPua.exe
  C:\Windows\System\qNNMPua.exe
  2⤵
  PID:13100
- C:\Windows\System\AsiJbZS.exe
  C:\Windows\System\AsiJbZS.exe
  2⤵
  PID:12664
- C:\Windows\System\oNKyxnR.exe
  C:\Windows\System\oNKyxnR.exe
  2⤵
  PID:12364
- C:\Windows\System\KPmomrV.exe
  C:\Windows\System\KPmomrV.exe
  2⤵
  PID:13300
- C:\Windows\System\cgkGBQb.exe
  C:\Windows\System\cgkGBQb.exe
  2⤵
  PID:13340
- C:\Windows\System\KHoxEKN.exe
  C:\Windows\System\KHoxEKN.exe
  2⤵
  PID:13368
- C:\Windows\System\TSvfvgH.exe
  C:\Windows\System\TSvfvgH.exe
  2⤵
  PID:13396
- C:\Windows\System\XtQSXLX.exe
  C:\Windows\System\XtQSXLX.exe
  2⤵
  PID:13424
- C:\Windows\System\qkOYjUc.exe
  C:\Windows\System\qkOYjUc.exe
  2⤵
  PID:13452
- C:\Windows\System\YkJQHMa.exe
  C:\Windows\System\YkJQHMa.exe
  2⤵
  PID:13484
- C:\Windows\System\igXdqsy.exe
  C:\Windows\System\igXdqsy.exe
  2⤵
  PID:13512
- C:\Windows\System\NeAdVYC.exe
  C:\Windows\System\NeAdVYC.exe
  2⤵
  PID:13540
- C:\Windows\System\AOGdtYW.exe
  C:\Windows\System\AOGdtYW.exe
  2⤵
  PID:13568
- C:\Windows\System\IPwSsnl.exe
  C:\Windows\System\IPwSsnl.exe
  2⤵
  PID:13596
- C:\Windows\System\hypKjFU.exe
  C:\Windows\System\hypKjFU.exe
  2⤵
  PID:13624
- C:\Windows\System\IFNaplx.exe
  C:\Windows\System\IFNaplx.exe
  2⤵
  PID:13652
- C:\Windows\System\Ksryjdg.exe
  C:\Windows\System\Ksryjdg.exe
  2⤵
  PID:13680
- C:\Windows\System\eeinjbf.exe
  C:\Windows\System\eeinjbf.exe
  2⤵
  PID:13708
- C:\Windows\System\lQQRMLz.exe
  C:\Windows\System\lQQRMLz.exe
  2⤵
  PID:13744
- C:\Windows\System\BmPAAyX.exe
  C:\Windows\System\BmPAAyX.exe
  2⤵
  PID:13764
- C:\Windows\System\wRfcBzb.exe
  C:\Windows\System\wRfcBzb.exe
  2⤵
  PID:13804
- C:\Windows\System\cvhwSnK.exe
  C:\Windows\System\cvhwSnK.exe
  2⤵
  PID:13820
- C:\Windows\System\jTzdawH.exe
  C:\Windows\System\jTzdawH.exe
  2⤵
  PID:13848
- C:\Windows\System\OGjXEgp.exe
  C:\Windows\System\OGjXEgp.exe
  2⤵
  PID:13876
- C:\Windows\System\MoGVkYy.exe
  C:\Windows\System\MoGVkYy.exe
  2⤵
  PID:13904
- C:\Windows\System\VqrehXh.exe
  C:\Windows\System\VqrehXh.exe
  2⤵
  PID:13932
- C:\Windows\System\dnbbvaR.exe
  C:\Windows\System\dnbbvaR.exe
  2⤵
  PID:13952
- C:\Windows\System\RvmweBU.exe
  C:\Windows\System\RvmweBU.exe
  2⤵
  PID:13988
- C:\Windows\System\hDvaPiq.exe
  C:\Windows\System\hDvaPiq.exe
  2⤵
  PID:14012
- C:\Windows\System\SqsSKzZ.exe
  C:\Windows\System\SqsSKzZ.exe
  2⤵
  PID:14044
- C:\Windows\System\VbngRrY.exe
  C:\Windows\System\VbngRrY.exe
  2⤵
  PID:14072
- C:\Windows\System\ozvVJoa.exe
  C:\Windows\System\ozvVJoa.exe
  2⤵
  PID:14100
- C:\Windows\System\RfzDpLF.exe
  C:\Windows\System\RfzDpLF.exe
  2⤵
  PID:14120
- C:\Windows\System\XilZFvN.exe
  C:\Windows\System\XilZFvN.exe
  2⤵
  PID:14156
- C:\Windows\System\ThlWfCC.exe
  C:\Windows\System\ThlWfCC.exe
  2⤵
  PID:14184
- C:\Windows\System\xHlijeH.exe
  C:\Windows\System\xHlijeH.exe
  2⤵
  PID:14208
- C:\Windows\System\OxLEJtH.exe
  C:\Windows\System\OxLEJtH.exe
  2⤵
  PID:14224
- C:\Windows\System\BmdYall.exe
  C:\Windows\System\BmdYall.exe
  2⤵
  PID:14264
- C:\Windows\System\ZpxhQDp.exe
  C:\Windows\System\ZpxhQDp.exe
  2⤵
  PID:14292
- C:\Windows\System\yHtwlld.exe
  C:\Windows\System\yHtwlld.exe
  2⤵
  PID:14332
- C:\Windows\System\GlbCpJO.exe
  C:\Windows\System\GlbCpJO.exe
  2⤵
  PID:13380
- C:\Windows\System\dhYRpuz.exe
  C:\Windows\System\dhYRpuz.exe
  2⤵
  PID:13444
- C:\Windows\System\uvDOXmg.exe
  C:\Windows\System\uvDOXmg.exe
  2⤵
  PID:13508
- C:\Windows\System\lyBrbkV.exe
  C:\Windows\System\lyBrbkV.exe
  2⤵
  PID:13580
- C:\Windows\System\HypjIOX.exe
  C:\Windows\System\HypjIOX.exe
  2⤵
  PID:13620
- C:\Windows\System\GcjMHHl.exe
  C:\Windows\System\GcjMHHl.exe
  2⤵
  PID:13676
- C:\Windows\System\HhmHtWw.exe
  C:\Windows\System\HhmHtWw.exe
  2⤵
  PID:13776
- C:\Windows\System\FRAWBjS.exe
  C:\Windows\System\FRAWBjS.exe
  2⤵
  PID:13828
- C:\Windows\System\bskmsgV.exe
  C:\Windows\System\bskmsgV.exe
  2⤵
  PID:13900
- C:\Windows\System\LHnTNPT.exe
  C:\Windows\System\LHnTNPT.exe
  2⤵
  PID:13940
- C:\Windows\System\cWgQQwg.exe
  C:\Windows\System\cWgQQwg.exe
  2⤵
  PID:13996
- C:\Windows\System\VkbEfsg.exe
  C:\Windows\System\VkbEfsg.exe
  2⤵
  PID:14084
- C:\Windows\System\qJkuePX.exe
  C:\Windows\System\qJkuePX.exe
  2⤵
  PID:14152
- C:\Windows\System\qlskjMH.exe
  C:\Windows\System\qlskjMH.exe
  2⤵
  PID:4416
- C:\Windows\System\yWgRjZs.exe
  C:\Windows\System\yWgRjZs.exe
  2⤵
  PID:2864
- C:\Windows\System\SOnoIsY.exe
  C:\Windows\System\SOnoIsY.exe
  2⤵
  PID:14244
- C:\Windows\System\ywJfwwh.exe
  C:\Windows\System\ywJfwwh.exe
  2⤵
  PID:13332
- C:\Windows\System\phmsCnx.exe
  C:\Windows\System\phmsCnx.exe
  2⤵
  PID:13392
- C:\Windows\System\MRbSogR.exe
  C:\Windows\System\MRbSogR.exe
  2⤵
  PID:13608
- C:\Windows\System\oJRnEsQ.exe
  C:\Windows\System\oJRnEsQ.exe
  2⤵
  PID:13752
- C:\Windows\System\JBBMoyl.exe
  C:\Windows\System\JBBMoyl.exe
  2⤵
  PID:13924
- C:\Windows\System\eLCFdow.exe
  C:\Windows\System\eLCFdow.exe
  2⤵
  PID:14060
- C:\Windows\System\olZuKkz.exe
  C:\Windows\System\olZuKkz.exe
  2⤵
  PID:14140
- C:\Windows\System\ViYivxY.exe
  C:\Windows\System\ViYivxY.exe
  2⤵
  PID:14252
- C:\Windows\System\PocXEIe.exe
  C:\Windows\System\PocXEIe.exe
  2⤵
  PID:4892
- C:\Windows\System\wLRqESz.exe
  C:\Windows\System\wLRqESz.exe
  2⤵
  PID:13644
- C:\Windows\System\savoBTg.exe
  C:\Windows\System\savoBTg.exe
  2⤵
  PID:14128
- C:\Windows\System\oOJffpz.exe
  C:\Windows\System\oOJffpz.exe
  2⤵
  PID:4504
- C:\Windows\System\iGBwGqu.exe
  C:\Windows\System\iGBwGqu.exe
  2⤵
  PID:2604
- C:\Windows\System\ZHEigtE.exe
  C:\Windows\System\ZHEigtE.exe
  2⤵
  PID:5716
- C:\Windows\System\HVWjcVW.exe
  C:\Windows\System\HVWjcVW.exe
  2⤵
  PID:4720
- C:\Windows\System\yPnAiFZ.exe
  C:\Windows\System\yPnAiFZ.exe
  2⤵
  PID:13536
- C:\Windows\System\RjOaHYt.exe
  C:\Windows\System\RjOaHYt.exe
  2⤵
  PID:14372
- C:\Windows\System\HDoJVKj.exe
  C:\Windows\System\HDoJVKj.exe
  2⤵
  PID:14400
- C:\Windows\System\wNzBdUg.exe
  C:\Windows\System\wNzBdUg.exe
  2⤵
  PID:14424
- C:\Windows\System\NFpjLLZ.exe
  C:\Windows\System\NFpjLLZ.exe
  2⤵
  PID:14448
- C:\Windows\System\PBeXefk.exe
  C:\Windows\System\PBeXefk.exe
  2⤵
  PID:14480
- C:\Windows\System\VCEYHRT.exe
  C:\Windows\System\VCEYHRT.exe
  2⤵
  PID:14500
- C:\Windows\System\uaJXGzg.exe
  C:\Windows\System\uaJXGzg.exe
  2⤵
  PID:14536
- C:\Windows\System\yKvzQiB.exe
  C:\Windows\System\yKvzQiB.exe
  2⤵
  PID:14556
- C:\Windows\System\hsZuwJK.exe
  C:\Windows\System\hsZuwJK.exe
  2⤵
  PID:14588
- C:\Windows\System\OwuVOLP.exe
  C:\Windows\System\OwuVOLP.exe
  2⤵
  PID:14612
- C:\Windows\System\IYBmCSs.exe
  C:\Windows\System\IYBmCSs.exe
  2⤵
  PID:14640
- C:\Windows\System\KkKafEv.exe
  C:\Windows\System\KkKafEv.exe
  2⤵
  PID:14676
- C:\Windows\System\SaRIdpN.exe
  C:\Windows\System\SaRIdpN.exe
  2⤵
  PID:14696
- C:\Windows\System\qlfvyZK.exe
  C:\Windows\System\qlfvyZK.exe
  2⤵
  PID:14724
- C:\Windows\System\bMSkjta.exe
  C:\Windows\System\bMSkjta.exe
  2⤵
  PID:14764
- C:\Windows\System\sKiudBx.exe
  C:\Windows\System\sKiudBx.exe
  2⤵
  PID:14780
- C:\Windows\System\QdfEURj.exe
  C:\Windows\System\QdfEURj.exe
  2⤵
  PID:14808
- C:\Windows\System\ThwWTYC.exe
  C:\Windows\System\ThwWTYC.exe
  2⤵
  PID:14836
- C:\Windows\System\zQcmpzG.exe
  C:\Windows\System\zQcmpzG.exe
  2⤵
  PID:14880
- C:\Windows\System\cEpjpXg.exe
  C:\Windows\System\cEpjpXg.exe
  2⤵
  PID:14896
- C:\Windows\System\ADqZmDu.exe
  C:\Windows\System\ADqZmDu.exe
  2⤵
  PID:14924
- C:\Windows\System\aAAWThB.exe
  C:\Windows\System\aAAWThB.exe
  2⤵
  PID:14964
- C:\Windows\System\falkohs.exe
  C:\Windows\System\falkohs.exe
  2⤵
  PID:14992
- C:\Windows\System\kxDVZOr.exe
  C:\Windows\System\kxDVZOr.exe
  2⤵
  PID:15008
- C:\Windows\System\AYQKpgW.exe
  C:\Windows\System\AYQKpgW.exe
  2⤵
  PID:15040
- C:\Windows\System\ZEAsBEH.exe
  C:\Windows\System\ZEAsBEH.exe
  2⤵
  PID:15064
- C:\Windows\System\wxnXcTD.exe
  C:\Windows\System\wxnXcTD.exe
  2⤵
  PID:15104
- C:\Windows\System\GSJEiZW.exe
  C:\Windows\System\GSJEiZW.exe
  2⤵
  PID:15120
- C:\Windows\System\CisTioK.exe
  C:\Windows\System\CisTioK.exe
  2⤵
  PID:15160
- C:\Windows\System\iwgZZrv.exe
  C:\Windows\System\iwgZZrv.exe
  2⤵
  PID:15184
- C:\Windows\System\QrfXacC.exe
  C:\Windows\System\QrfXacC.exe
  2⤵
  PID:15216
- C:\Windows\System\uteVaJd.exe
  C:\Windows\System\uteVaJd.exe
  2⤵
  PID:15244
- C:\Windows\System\CQbLfVE.exe
  C:\Windows\System\CQbLfVE.exe
  2⤵
  PID:15260
- C:\Windows\System\CYBmlBC.exe
  C:\Windows\System\CYBmlBC.exe
  2⤵
  PID:15288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AyemXqO.exe

Filesize
5.9MB

MD5
36aec9b36fbf3e3ea22e2b73b0c98744

SHA1
084f70592343c1ac28e830768d42c1227697e234

SHA256
f413bd07e3c54cb7a9f54ddb1189a267da0d06b2fa9bf5db4311129556920da0

SHA512
17bf1f9cb13d34db46d300666dcd1dd059372cf3d8dd1e3b6990405fa9b70f97c9b6ea057b743161a9b89f110bd3e555922a4e26fa38266285b0dac7a8abfbef

Download Submit
C:\Windows\System\BJfbYCm.exe

Filesize
5.9MB

MD5
987a96da37970d477f2e7179de3fef05

SHA1
6c381a673273fc23060eeae423a4f13b518d9cb6

SHA256
82a299f677fb340a6a2e1202311bd7dd997505733713ac742516d3f6c8a2065b

SHA512
099b985ca4baa442059d3b2f926d473a753e82cb9c4dd588e3ef7111f849a51812b76b1f5b5fc7ffd57ca73d09a101bb500cda3c665649d5daa4e113208d0ab1

Download Submit
C:\Windows\System\BzHHgBO.exe

Filesize
5.9MB

MD5
cf5804c16bdc0e2021925fdc88100f79

SHA1
44b43a4559dc3c236c3cff5eec5a354b50209c5c

SHA256
6ea9f6fe4cbc3ff07748dacee6ba15f4d7a839498890e28dcc36a4aeda9bb92c

SHA512
82ded2606d44300133734434e399a6958c285311b9852d9d181cd85511271ae689a45f0a30ccb0483c8e5c44c9209fc32745d3ef10fef77bd8bed3e504b2b189

Download Submit
C:\Windows\System\CsjLVvx.exe

Filesize
5.9MB

MD5
4022149a14032f8e505d9b11b8669f33

SHA1
e950e051cc54337a6542a232430fbedb9c0a599a

SHA256
3c7fda1742f5c6ffd7bf82463f1cda0f2cbe51d6af51d0e4d142f96b84b29c67

SHA512
0d87865196634d583265c9d9a19bff7b6f4f89f790611802b2fafe9b8add5f8ad97b1669fcd8997f6f82af52dc384ae309aae966abee389afd3e85f25edc952c

Download Submit
C:\Windows\System\DmpfnDE.exe

Filesize
5.9MB

MD5
0b3ab0c4701232f397accc8928543227

SHA1
6429d0a730b64f70682f4495a0a0dd5ad120fda9

SHA256
0f47a4f37c0eee379fe88a7ce8588ac8eb3eff64c2c7a7dc72d842f434afb456

SHA512
809069b24bcaf55422c30e096a2f7da357f291748b38758009cae513ac1bec3bdc7a15686800cc38211f4a0c646c467b9192f387375c23dea443b298a2e963dd

Download Submit
C:\Windows\System\GdiSUeS.exe

Filesize
5.9MB

MD5
54860efcfa8b4a86c2d94e787f0b34ba

SHA1
dd6ca7672205d0fada1c84739e57f370a30138a1

SHA256
823f49597487a5f171aab782b37de39f54e22415bf842cfb078c8ff026f7553e

SHA512
7b591f08e8dd47f9552a083f6b9c59965a01058ec6bb17ed0862a6a4233f84da732e358d577b63423b15429e8b6e4711bec04798c09ecfefc5b8d79954f4c6b1

Download Submit
C:\Windows\System\HAtedYa.exe

Filesize
5.9MB

MD5
af2b06089d27cf173e898b606eaacd09

SHA1
ba7c06678f1b9c60e12b17c8594482b1254b01a8

SHA256
94476f8f2b1ddd21bd83d3fec7f4909e993a13286409105d5568ad97a8b03ece

SHA512
a0d4b8cb9b0c4237fbc6486f6eb8075dcea61b2ada91e562f80989d863e9ebbe1a232b0948cdb361acdf78136bb2b3b501e7cf473ec55ae37d20e7b2cfce06ad

Download Submit
C:\Windows\System\HRAaVaA.exe

Filesize
5.9MB

MD5
19b7144281721594404bde16376f7d36

SHA1
3018ea4dce82033a7e098c9af565e15dd36b0185

SHA256
c444bec5c9e913e836a48b3fdf7616132b328ab29b9cb73f1776b3f8d8375474

SHA512
dd3105b8942aeaec27a9448354141e16ec770560a63c43dc6f4b7eb803b127a0847eeab20a5f5681b269d143d81e2eee0c1bcfea136bfe8c31ce24bf4dde77d9

Download Submit
C:\Windows\System\JiABKgv.exe

Filesize
5.9MB

MD5
1d013975422dc84adfcbef4e0022a0cc

SHA1
7cf6fd39a5385658aef1b74d52a468c38309b570

SHA256
2dc0befc48ebeada6900b9b8d4d10f7b44478f41c746384ca0bf4b1456b7d304

SHA512
eb127ba43c398a9c6ea65c69947422f2bc47dabf17ba8fe8e4931ab5de6c1f0b3188d7180d1b3144ae6640de78454244ffc49548c57f64778a74f5ea6f23791f

Download Submit
C:\Windows\System\KSwgeJf.exe

Filesize
5.9MB

MD5
67092bc5954b3c704dc8097ecade1b69

SHA1
8298e2d7e54a64237fed682bd4814bbc0e03afbd

SHA256
a10fa3608717bd87c6095699fcc30420203b577a04a8a13d758223cacf55a3dd

SHA512
f7709320f73f5d1478d1db7458272e66fd02408c2ba4f25f6c1307547d725dc8efd3cc4c26fd8d2bd24e7707b3f38cb0cfec8928e2143fed9ba4c4802183cab5

Download Submit
C:\Windows\System\KWWVCuA.exe

Filesize
5.9MB

MD5
3260a00fec7125542c1bdc86290a1195

SHA1
ccbc16c1119abf726f6d591a3ae8642646ab34df

SHA256
d0eb1c2ce575cda0f9d7ba8fd3731db26691aa9dbab73237d60f44da636733ee

SHA512
2604d5298be7c6fdfe96a84044b0a8cbdcfdd07d5bf3c431121df8c8a366df155e51139ed18d54fee850c36f3178df83c2e1b27e90ab652d69994fe0cab8fa1a

Download Submit
C:\Windows\System\LKRQTcS.exe

Filesize
5.9MB

MD5
ae5f09d60a833a1368e252dd208d5a47

SHA1
51e342bcc2b798965ddac414948935c02582e3d0

SHA256
477a5fd1146df1b2bcc738ba67ea793bf034364ef5acaf2a6c09890715c8051e

SHA512
28945d8f266fe5c3dcb62bc97efd318ac7278a10f8af387dc1e84033c3cc87565255b06d9cbc524f63b41eb7ae4d60bd0980aef24ae69afc34b70478848c6d51

Download Submit
C:\Windows\System\LTrfhBz.exe

Filesize
5.9MB

MD5
95df0d05a2718e4f9f762d47e758d355

SHA1
82e1fb613f99e234f80efb9e5bc03da027080ee8

SHA256
e78864ca7493c95d82e6849555cbeaf9497f840bd4aaf6879d4654eb151a0718

SHA512
9fd1ae3c79e759a1b7778db8ea2eb0ff3a2baa58551c0d9e3530d479a771dc00eaa0bc00c470f8f008bbffdc6ed1722b2f044462494fed84d16262a86ba96ad1

Download Submit
C:\Windows\System\MBgPazZ.exe

Filesize
5.9MB

MD5
c9a0694b0e3518b22e62723ed36a701d

SHA1
657ea12b2d9da7a45bd169a8a9bef1bc766c884d

SHA256
e3fc5f0b984959ffd5e131c8bd8b54eba032e2809734334701c86e7a342c15f4

SHA512
d7edde64ea82ff6600b43207843d8054b8a9e81d43b7786c767eeb0f45ee4265cfa084bb0d8a6c0df688d9f6716cb7fd764f2195ddae4b1be2fb92c463e1707c

Download Submit
C:\Windows\System\MEMDqXP.exe

Filesize
5.9MB

MD5
2c8c039d22ea5354ebb3f08653769410

SHA1
16abbf5e5d7cf3c38a334d2b735630aaa1beb56f

SHA256
343ff0beedd0a55a3cf877dcd7bffd03e15849f18d7dc113a1886d0a8cde54a5

SHA512
a9ae66a611a7cd5127d791848fe284025ed3138c4c76bdccdcfacd3bc86226f33fa688f822b4a891eb8187c6a66ff97a7b1c2ad5e25ccc842a116a96199f20eb

Download Submit
C:\Windows\System\QmwCrmf.exe

Filesize
5.9MB

MD5
93c0af13963d8e0570b040c23ddf3dda

SHA1
21c8de23f5a455592baec114059ee130efd5014c

SHA256
c65e21a18e26e13b7dbcf2b939e4e7d52239833969e11d890c167a134584107a

SHA512
043a37900cacad2d7753f2905923e3840de580f4f5824793931c821e380a8c3b18d8431a7550cadd50931e86f2843620ddeeebe7445a03c48db021c1a419373c

Download Submit
C:\Windows\System\QxzRgUg.exe

Filesize
5.9MB

MD5
ab85ff8a60b1a610ba5d5199382d3c4a

SHA1
325402603c77fbc98aa7742464b2e917acf984fa

SHA256
5b6bef2b5ac268e1f6746540481d4cba3d129d67719d7fff5b618321f8ff7d74

SHA512
f005905f062e2c691b7b60a98eeaaf1b89acfc5a52655a653f0c8e64c06c57ca2d6b6b5eda132e997cc0b37d93e8bd2921779c232d519957acacc40350bdd9c2

Download Submit
C:\Windows\System\SpNpmms.exe

Filesize
5.9MB

MD5
ad587c9ba8687172c57dab41f9d997dc

SHA1
4dc90e30d833a79075dd62449a208881a76d16bd

SHA256
a28fd948de35c7acf21d71bea2951daf9a4045d370ab7d921667f8f2ed93895f

SHA512
59ebd4c578920840656a592466dd338924b5aa1979f469adec13c8075e9856c0d198571dd75af607ec1bf95bed94f57d6a095e8cef7aad681d26d0d9cc6cb053

Download Submit
C:\Windows\System\VQkrlti.exe

Filesize
5.9MB

MD5
6a03648f2075c94fe18be06e6f3331f2

SHA1
076474930ea6cf5c07f8baaab1ff4b5a3a9935f8

SHA256
2b5b6940a21b443b2f215fc4626ccbb3781716c6a1639ffff8f9d02af431b6cd

SHA512
a7661b5b966670ab5a197b2edf4fd847d96cdf49863197ed3da0ac34a77fcea1e78c4b910051c2d07a98d22eed3b2542f4fd8b6e7f55dbe9fb3694e907b94cfd

Download Submit
C:\Windows\System\XjRbxbq.exe

Filesize
5.9MB

MD5
0462a467c2e809905d7582e2e182c7d1

SHA1
2e48cef14212e0d593e793fe3948f7eb9b9f51b3

SHA256
61d1b09ee746d86d90be3083809776cf8d744e96c4a7059880dab737d74823c1

SHA512
f7bd473daeaed49676ddd76b361e798cb2eb2f5b109262ba602e6b27d1c781d6cc90497a97c5a4f19d3a9dfc4c4d9388510596af540242b680c2b2311b7cafda

Download Submit
C:\Windows\System\ZZBWNwK.exe

Filesize
5.9MB

MD5
e16e9cf9530e701a6967017b6e484806

SHA1
bea95f018df2da452f18c9198b9f854232b7904d

SHA256
d3e2dd106fc9c3162d5528fc5a4079943167113ebd227a2cef73abd79f8e3c4e

SHA512
d5ac8d41cd973ebb9178cc67c085315f2c121fada3d0817c80e8f0936cbbd3fcbe45b61937210291815f97275963c3a864c8ff9801dd22c63ef7494232c53841

Download Submit
C:\Windows\System\cwYwPTP.exe

Filesize
5.9MB

MD5
56fd047e837af3f7a4a6c15d29cea888

SHA1
259d8aadf10be250693b306ee064c69206a7a78e

SHA256
faa4ce031824e5a22d7325e03ee668cdfa51873580054ba433bdf7a8cff4a88a

SHA512
57cf12443e898d216ac31ff9d0b34cf12fefa4e0584e97e376970841156d387d7348c22d7ee5abce195fc8e3f1b64bb20271c59fd378f4257cbf2281b745e1cd

Download Submit
C:\Windows\System\dYQfcen.exe

Filesize
5.9MB

MD5
d430c31ccea47c76de1d57dde3543b8c

SHA1
3ea53817dc500fd006a0759040ef8fdd4bba1d68

SHA256
ba334dbe386291b5ed69262f9ea7e42ccf51bb610b328884b60be6b0d69ae5c5

SHA512
bc681e3d742cfeccdc68221c15f344870446ccaf6bcf86a852b8a1fff9e8e5f12b0a61d685e87e0025cd5fea9bc6a9da824dc7c27b600c8bbf813d65c0e44b70

Download Submit
C:\Windows\System\gdJQbed.exe

Filesize
5.9MB

MD5
eb824c95b1ab994c8bbc1940d4ff5838

SHA1
8c3f1588d922d3a3285127056662e6db4f5b34da

SHA256
b382525d9caea8552c9585439af0cb3375c0e4ecd4770977a8d4d1cb7b4873fd

SHA512
30abfcac7f92ee804f14fb8505c0667fc0badc125f978c49018cd9fffad57dedbb4453b5aab82746a0a7e525cecf40e17e8843fc787ecdaf432a3e57621af6f0

Download Submit
C:\Windows\System\hFLkPsf.exe

Filesize
5.9MB

MD5
b26686343272e4cc76e473784c06513d

SHA1
a993137c21af4a7338d56e0965687ffc0c323063

SHA256
e8bda5646f717644e6303009f5f13fd0bce208df4c276b949402bfc0544f5395

SHA512
5bdc819f8c4512670daf734f6d8eba4f00e40675bceff4014034d1e3a3c650124fb645fe1ba1f3e622550fd52a088ec13a316c993cf2a548a102a7990dc8d7b3

Download Submit
C:\Windows\System\icJjaRj.exe

Filesize
5.9MB

MD5
060a6a4db00b5254ad53fe58023da986

SHA1
8bf055e5d604c5536f92da1dcd11cee482a96e50

SHA256
28a9233c86401601228e398ef66a0869c6735de0cb78dfa150ff0f8f506945a0

SHA512
8d9aad25db80f517086d3072e66577aba2e6e3d5594a142d59dba482381e6724e7b07443e2f3f1ed7ee9b579f1ddb7f5fdb2d216419f87467ddf17f184c2dd71

Download Submit
C:\Windows\System\imOqPtT.exe

Filesize
5.9MB

MD5
0dde43ade327e946635859ec790deb81

SHA1
7ff024ada745c780c8bbd9a90570673e2af2acce

SHA256
e88c1a8e13f350889bd151a41b16f5629214ee468ed0d5f179af1420809ebad2

SHA512
ce903df745f7baabcadca4a963fff88dc30ca051f698b46a0396b4d56bfdbacfee09c8530697e3062bdd3f1385de18911cc5f3a24e8a9f4ec2cb01e0930c9d83

Download Submit
C:\Windows\System\jxQsDIb.exe

Filesize
5.9MB

MD5
09eaad7ca8339d6ca76323261f276652

SHA1
081e410b070c7fe6bbb54f8693d2b8fcf3ae8534

SHA256
f25a26be3e3f9ea207c0bea4e772b6a5e3957613c87abadeb60a15c9bbd5b845

SHA512
bbd177c67b63f3ba2604c2f74f83442bb69fe3194cee7e89503df43a5a30ad4a5eb244e7086f5116a233d8ce7de32670757262cb2eb9a630e5729af74a73c07f

Download Submit
C:\Windows\System\mjcQfDW.exe

Filesize
5.9MB

MD5
b68ef74ac52059010f13268edcee2b5c

SHA1
564715182597556faff2b7561e691c500f85744b

SHA256
31a162bb91cb07989ca731e0162a36880c67773954c6c26d91c54567cb21e4a2

SHA512
7869051734d633eb7978ca2e608eda3910b4c750543298d3fbcfbb6c0b47abe2bb2d9cb46f1b2156b06b8d74fc1d6b2c9e8955dc35402c92801dea7f15e366ea

Download Submit
C:\Windows\System\ppTkIQZ.exe

Filesize
5.9MB

MD5
cb0698ba189632f98a51a9b959cd671b

SHA1
fb08486622434906cd819d211a4f71b72052b728

SHA256
5fb6b5e8b90a4ee33378158f0e26ee406fd1dda7b0eecf097a814db41f382ea6

SHA512
026794e2d8c5add16347ca6c28294d1a3bfc54c648a1cba3c283a7bd9adf0e05029518d1f7431de021d19daf9e69cce9f4c17e3d28d15aa52427d9eaf7fd881e

Download Submit
C:\Windows\System\tkMfQRF.exe

Filesize
5.9MB

MD5
aba6ad42a9c6681a9793fb9c467b12c0

SHA1
462bc22b8faee59b7b31f70d08242f44d3850099

SHA256
67a73f995cf71809d2ec067a00d73c8a71e21106d1dd87ce0fb997a1bd4b6e24

SHA512
b29be0b6c44f3f6ea8dfec9d47f777d46c87d5f5ba5d1acfb2c17355e8bd9538f06755377232a68757c1f4bea7f79b522b54a4ccd8758a8d0675b40b70ece0fd

Download Submit
C:\Windows\System\vgtlJTF.exe

Filesize
5.9MB

MD5
317ba8114e0878aa614e68ab75952b28

SHA1
d4bd86918f3ef1bb788fc6906be64fc979b86614

SHA256
a01d66241dd2b3670f0f56e01dfc8bf3158a005e75e0a8508d49cbe64afbeeda

SHA512
dc62730df8870b7710c3da59384756b98ac592b4fb13ee08329b1d0a01c0e36dccfebf90acf2e5c374953ab6cab6b854360d311aae2f52b5a90d3c4257ad359e

Download Submit
C:\Windows\System\xSDUfMi.exe

Filesize
5.9MB

MD5
5aef7e50db989e29dde7acb53ecb5849

SHA1
80e9020adca8eb1fd3b9c81b1b1729c00d847ae1

SHA256
2f6d996ad22557742abffd6aecd37aa46a89f8d0e49bd84d9fe813ec81be19d2

SHA512
74131ea254a156518759b5d35528ada4ea4c199db3ce0a937567cc41c41aba3524d32764b7e0a86a67087339935d96d27489c98fb73eb96ce53a457b14ca153c

Download Submit
memory/208-57-0x00007FF6C1D20000-0x00007FF6C2074000-memory.dmp

Filesize
3.3MB

Download
memory/208-2219-0x00007FF6C1D20000-0x00007FF6C2074000-memory.dmp

Filesize
3.3MB

Download
memory/880-164-0x00007FF7B4560000-0x00007FF7B48B4000-memory.dmp

Filesize
3.3MB

Download
memory/880-2225-0x00007FF7B4560000-0x00007FF7B48B4000-memory.dmp

Filesize
3.3MB

Download
memory/880-65-0x00007FF7B4560000-0x00007FF7B48B4000-memory.dmp

Filesize
3.3MB

Download
memory/1256-186-0x00007FF60C720000-0x00007FF60CA74000-memory.dmp

Filesize
3.3MB

Download
memory/1256-662-0x00007FF60C720000-0x00007FF60CA74000-memory.dmp

Filesize
3.3MB

Download
memory/1256-2244-0x00007FF60C720000-0x00007FF60CA74000-memory.dmp

Filesize
3.3MB

Download
memory/1324-9-0x00007FF75BF60000-0x00007FF75C2B4000-memory.dmp

Filesize
3.3MB

Download
memory/1324-135-0x00007FF75BF60000-0x00007FF75C2B4000-memory.dmp

Filesize
3.3MB

Download
memory/1584-2228-0x00007FF63BA30000-0x00007FF63BD84000-memory.dmp

Filesize
3.3MB

Download
memory/1584-104-0x00007FF63BA30000-0x00007FF63BD84000-memory.dmp

Filesize
3.3MB

Download
memory/1620-472-0x00007FF70C6F0000-0x00007FF70CA44000-memory.dmp

Filesize
3.3MB

Download
memory/1620-2240-0x00007FF70C6F0000-0x00007FF70CA44000-memory.dmp

Filesize
3.3MB

Download
memory/1620-157-0x00007FF70C6F0000-0x00007FF70CA44000-memory.dmp

Filesize
3.3MB

Download
memory/1772-185-0x00007FF6B4270000-0x00007FF6B45C4000-memory.dmp

Filesize
3.3MB

Download
memory/1772-2243-0x00007FF6B4270000-0x00007FF6B45C4000-memory.dmp

Filesize
3.3MB

Download
memory/1896-2233-0x00007FF633A10000-0x00007FF633D64000-memory.dmp

Filesize
3.3MB

Download
memory/1896-115-0x00007FF633A10000-0x00007FF633D64000-memory.dmp

Filesize
3.3MB

Download
memory/1972-2234-0x00007FF631390000-0x00007FF6316E4000-memory.dmp

Filesize
3.3MB

Download
memory/1972-114-0x00007FF631390000-0x00007FF6316E4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-33-0x00007FF78E380000-0x00007FF78E6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-141-0x00007FF78E380000-0x00007FF78E6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-2221-0x00007FF7BFCB0000-0x00007FF7C0004000-memory.dmp

Filesize
3.3MB

Download
memory/2712-38-0x00007FF7BFCB0000-0x00007FF7C0004000-memory.dmp

Filesize
3.3MB

Download
memory/2712-149-0x00007FF7BFCB0000-0x00007FF7C0004000-memory.dmp

Filesize
3.3MB

Download
memory/3036-128-0x00007FF6BD770000-0x00007FF6BDAC4000-memory.dmp

Filesize
3.3MB

Download
memory/3036-0-0x00007FF6BD770000-0x00007FF6BDAC4000-memory.dmp

Filesize
3.3MB

Download
memory/3036-1-0x000001BF76C00000-0x000001BF76C10000-memory.dmp

Filesize
64KB

Download
memory/3324-113-0x00007FF6E9500000-0x00007FF6E9854000-memory.dmp

Filesize
3.3MB

Download
memory/3324-2232-0x00007FF6E9500000-0x00007FF6E9854000-memory.dmp

Filesize
3.3MB

Download
memory/3648-2241-0x00007FF705C70000-0x00007FF705FC4000-memory.dmp

Filesize
3.3MB

Download
memory/3648-170-0x00007FF705C70000-0x00007FF705FC4000-memory.dmp

Filesize
3.3MB

Download
memory/4520-2227-0x00007FF6FA720000-0x00007FF6FAA74000-memory.dmp

Filesize
3.3MB

Download
memory/4520-103-0x00007FF6FA720000-0x00007FF6FAA74000-memory.dmp

Filesize
3.3MB

Download
memory/4520-167-0x00007FF6FA720000-0x00007FF6FAA74000-memory.dmp

Filesize
3.3MB

Download
memory/4548-107-0x00007FF6ECE10000-0x00007FF6ED164000-memory.dmp

Filesize
3.3MB

Download
memory/4548-2230-0x00007FF6ECE10000-0x00007FF6ED164000-memory.dmp

Filesize
3.3MB

Download
memory/4828-2231-0x00007FF619CF0000-0x00007FF61A044000-memory.dmp

Filesize
3.3MB

Download
memory/4828-112-0x00007FF619CF0000-0x00007FF61A044000-memory.dmp

Filesize
3.3MB

Download
memory/4908-2236-0x00007FF6FF800000-0x00007FF6FFB54000-memory.dmp

Filesize
3.3MB

Download
memory/4908-130-0x00007FF6FF800000-0x00007FF6FFB54000-memory.dmp

Filesize
3.3MB

Download
memory/4984-376-0x00007FF6C1940000-0x00007FF6C1C94000-memory.dmp

Filesize
3.3MB

Download
memory/4984-145-0x00007FF6C1940000-0x00007FF6C1C94000-memory.dmp

Filesize
3.3MB

Download
memory/4984-2238-0x00007FF6C1940000-0x00007FF6C1C94000-memory.dmp

Filesize
3.3MB

Download
memory/4988-2237-0x00007FF6B8BE0000-0x00007FF6B8F34000-memory.dmp

Filesize
3.3MB

Download
memory/4988-140-0x00007FF6B8BE0000-0x00007FF6B8F34000-memory.dmp

Filesize
3.3MB

Download
memory/5428-53-0x00007FF7D8830000-0x00007FF7D8B84000-memory.dmp

Filesize
3.3MB

Download
memory/5428-2222-0x00007FF7D8830000-0x00007FF7D8B84000-memory.dmp

Filesize
3.3MB

Download
memory/5508-2242-0x00007FF6B36E0000-0x00007FF6B3A34000-memory.dmp

Filesize
3.3MB

Download
memory/5508-593-0x00007FF6B36E0000-0x00007FF6B3A34000-memory.dmp

Filesize
3.3MB

Download
memory/5508-179-0x00007FF6B36E0000-0x00007FF6B3A34000-memory.dmp

Filesize
3.3MB

Download
memory/5636-66-0x00007FF709820000-0x00007FF709B74000-memory.dmp

Filesize
3.3MB

Download
memory/5636-165-0x00007FF709820000-0x00007FF709B74000-memory.dmp

Filesize
3.3MB

Download
memory/5636-2226-0x00007FF709820000-0x00007FF709B74000-memory.dmp

Filesize
3.3MB

Download
memory/5644-2223-0x00007FF752220000-0x00007FF752574000-memory.dmp

Filesize
3.3MB

Download
memory/5644-58-0x00007FF752220000-0x00007FF752574000-memory.dmp

Filesize
3.3MB

Download
memory/5792-2239-0x00007FF7F2C00000-0x00007FF7F2F54000-memory.dmp

Filesize
3.3MB

Download
memory/5792-417-0x00007FF7F2C00000-0x00007FF7F2F54000-memory.dmp

Filesize
3.3MB

Download
memory/5792-154-0x00007FF7F2C00000-0x00007FF7F2F54000-memory.dmp

Filesize
3.3MB

Download
memory/5832-116-0x00007FF7AC770000-0x00007FF7ACAC4000-memory.dmp

Filesize
3.3MB

Download
memory/5832-2229-0x00007FF7AC770000-0x00007FF7ACAC4000-memory.dmp

Filesize
3.3MB

Download
memory/5836-237-0x00007FF74AE00000-0x00007FF74B154000-memory.dmp

Filesize
3.3MB

Download
memory/5836-2235-0x00007FF74AE00000-0x00007FF74B154000-memory.dmp

Filesize
3.3MB

Download
memory/5836-121-0x00007FF74AE00000-0x00007FF74B154000-memory.dmp

Filesize
3.3MB

Download
memory/5908-150-0x00007FF61A970000-0x00007FF61ACC4000-memory.dmp

Filesize
3.3MB

Download
memory/5908-62-0x00007FF61A970000-0x00007FF61ACC4000-memory.dmp

Filesize
3.3MB

Download
memory/5908-2224-0x00007FF61A970000-0x00007FF61ACC4000-memory.dmp

Filesize
3.3MB

Download
memory/5916-142-0x00007FF64FB10000-0x00007FF64FE64000-memory.dmp

Filesize
3.3MB

Download
memory/5916-46-0x00007FF64FB10000-0x00007FF64FE64000-memory.dmp

Filesize
3.3MB

Download
memory/5916-2220-0x00007FF64FB10000-0x00007FF64FE64000-memory.dmp

Filesize
3.3MB

Download
memory/5952-136-0x00007FF7F1560000-0x00007FF7F18B4000-memory.dmp

Filesize
3.3MB

Download
memory/5952-20-0x00007FF7F1560000-0x00007FF7F18B4000-memory.dmp

Filesize
3.3MB

Download