cobaltstrike | 560996fc6ae6b5eb7131dafe4f090a70690a557d877351e5847689eff87797d4

Analysis

max time kernel
102s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
21/03/2025, 10:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
Size

5.9MB
MD5

b2449030553d4418225c3e6fd90853d2
SHA1

90c085d8400d6249225f8a4673e08fe90eed3d7b
SHA256

560996fc6ae6b5eb7131dafe4f090a70690a557d877351e5847689eff87797d4
SHA512

a3331eec2c1b45ead4cde407d532b9d575de6589cd38d6c22b4d107a26ea33668578cc3eef4eda27cecdd21c048957de86fc3638c3181468aaccaec65754d8d1
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUY:T+q56utgpPF8u/7Y

Score

10^/10

cobaltstrike xmrig backdoor miner trojan upx

Malware Config

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1480-0-0x00007FF743740000-0x00007FF743A94000-memory.dmp	xmrig
behavioral2/files/0x000a000000024095-5.dat	xmrig
behavioral2/memory/3832-6-0x00007FF799190000-0x00007FF7994E4000-memory.dmp	xmrig
behavioral2/files/0x0008000000024114-10.dat	xmrig
behavioral2/memory/2808-15-0x00007FF65C070000-0x00007FF65C3C4000-memory.dmp	xmrig
behavioral2/files/0x0008000000024112-19.dat	xmrig
behavioral2/memory/3876-24-0x00007FF68C6C0000-0x00007FF68CA14000-memory.dmp	xmrig
behavioral2/files/0x0007000000024115-22.dat	xmrig
behavioral2/memory/4552-21-0x00007FF752AD0000-0x00007FF752E24000-memory.dmp	xmrig
behavioral2/files/0x0007000000024116-28.dat	xmrig
behavioral2/memory/3908-31-0x00007FF645700000-0x00007FF645A54000-memory.dmp	xmrig
behavioral2/files/0x0007000000024117-35.dat	xmrig
behavioral2/memory/1472-36-0x00007FF769C00000-0x00007FF769F54000-memory.dmp	xmrig
behavioral2/files/0x0007000000024118-41.dat	xmrig
behavioral2/files/0x0007000000024119-45.dat	xmrig
behavioral2/files/0x000700000002411a-51.dat	xmrig
behavioral2/memory/4656-53-0x00007FF693BA0000-0x00007FF693EF4000-memory.dmp	xmrig
behavioral2/memory/1480-52-0x00007FF743740000-0x00007FF743A94000-memory.dmp	xmrig
behavioral2/memory/3700-48-0x00007FF709800000-0x00007FF709B54000-memory.dmp	xmrig
behavioral2/memory/2408-42-0x00007FF6D1400000-0x00007FF6D1754000-memory.dmp	xmrig
behavioral2/memory/3832-60-0x00007FF799190000-0x00007FF7994E4000-memory.dmp	xmrig
behavioral2/files/0x000700000002411b-61.dat	xmrig
behavioral2/memory/2808-64-0x00007FF65C070000-0x00007FF65C3C4000-memory.dmp	xmrig
behavioral2/files/0x000900000002411c-77.dat	xmrig
behavioral2/files/0x0007000000024121-86.dat	xmrig
behavioral2/files/0x0007000000024120-87.dat	xmrig
behavioral2/memory/5064-90-0x00007FF79B230000-0x00007FF79B584000-memory.dmp	xmrig
behavioral2/memory/3908-89-0x00007FF645700000-0x00007FF645A54000-memory.dmp	xmrig
behavioral2/memory/1996-85-0x00007FF6757F0000-0x00007FF675B44000-memory.dmp	xmrig
behavioral2/memory/1164-84-0x00007FF60B880000-0x00007FF60BBD4000-memory.dmp	xmrig
behavioral2/files/0x000800000002411f-79.dat	xmrig
behavioral2/memory/3876-76-0x00007FF68C6C0000-0x00007FF68CA14000-memory.dmp	xmrig
behavioral2/memory/3880-73-0x00007FF651110000-0x00007FF651464000-memory.dmp	xmrig
behavioral2/memory/3240-69-0x00007FF61E7A0000-0x00007FF61EAF4000-memory.dmp	xmrig
behavioral2/memory/4552-68-0x00007FF752AD0000-0x00007FF752E24000-memory.dmp	xmrig
behavioral2/memory/1472-95-0x00007FF769C00000-0x00007FF769F54000-memory.dmp	xmrig
behavioral2/files/0x0007000000024122-100.dat	xmrig
behavioral2/files/0x0008000000024123-99.dat	xmrig
behavioral2/memory/3284-108-0x00007FF7004F0000-0x00007FF700844000-memory.dmp	xmrig
behavioral2/files/0x0007000000024126-113.dat	xmrig
behavioral2/files/0x0008000000024125-115.dat	xmrig
behavioral2/files/0x0007000000024127-120.dat	xmrig
behavioral2/memory/1304-129-0x00007FF682D50000-0x00007FF6830A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000024128-131.dat	xmrig
behavioral2/memory/760-130-0x00007FF60AA60000-0x00007FF60ADB4000-memory.dmp	xmrig
behavioral2/memory/4740-128-0x00007FF65F210000-0x00007FF65F564000-memory.dmp	xmrig
behavioral2/memory/2844-124-0x00007FF754680000-0x00007FF7549D4000-memory.dmp	xmrig
behavioral2/memory/4656-114-0x00007FF693BA0000-0x00007FF693EF4000-memory.dmp	xmrig
behavioral2/memory/3700-109-0x00007FF709800000-0x00007FF709B54000-memory.dmp	xmrig
behavioral2/memory/4300-104-0x00007FF79B5D0000-0x00007FF79B924000-memory.dmp	xmrig
behavioral2/memory/2408-102-0x00007FF6D1400000-0x00007FF6D1754000-memory.dmp	xmrig
behavioral2/memory/3880-135-0x00007FF651110000-0x00007FF651464000-memory.dmp	xmrig
behavioral2/files/0x0007000000024129-136.dat	xmrig
behavioral2/files/0x000700000002412a-142.dat	xmrig
behavioral2/files/0x000700000002412c-153.dat	xmrig
behavioral2/files/0x000700000002412b-162.dat	xmrig
behavioral2/files/0x000700000002412f-167.dat	xmrig
behavioral2/files/0x000700000002412e-174.dat	xmrig
behavioral2/memory/1756-179-0x00007FF6C43E0000-0x00007FF6C4734000-memory.dmp	xmrig
behavioral2/files/0x0007000000024130-180.dat	xmrig
behavioral2/memory/5064-178-0x00007FF79B230000-0x00007FF79B584000-memory.dmp	xmrig
behavioral2/memory/4000-177-0x00007FF68A4F0000-0x00007FF68A844000-memory.dmp	xmrig
behavioral2/files/0x000700000002412d-173.dat	xmrig
behavioral2/memory/1012-172-0x00007FF634750000-0x00007FF634AA4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3832	FWDROBM.exe
2808	HnNQmbY.exe
4552	cadNUee.exe
3876	OljmaYe.exe
3908	lgfhwtG.exe
1472	mkLiTJx.exe
2408	OTFpsAl.exe
3700	NOWamNz.exe
4656	yPmNNsS.exe
3240	OiPyJIO.exe
3880	arutZQV.exe
1164	DzHvZQm.exe
1996	tZZpWKr.exe
5064	PAsTXPW.exe
4300	yMaCgwq.exe
3284	QXYHCzg.exe
2844	YYoIKLT.exe
4740	QBnbzWL.exe
1304	JsYMEJp.exe
760	ollIgBh.exe
4560	XUdthUX.exe
1280	pNGrmzn.exe
2652	wcqaWca.exe
1920	bNojdHv.exe
2032	mQcxbqO.exe
1012	nPjSLdz.exe
4000	dUYiqjl.exe
1756	Vwyhspi.exe
3600	rSfyFpw.exe
3576	JKiZgHk.exe
5060	YmRRSzM.exe
1544	wUbOKHP.exe
3848	oKcttpS.exe
1728	HcRjGBu.exe
4296	NeDHLjr.exe
2324	YpxAHHG.exe
1988	bhSBuZf.exe
1824	zRglUct.exe
8	WbMmEPS.exe
3100	bwORqjH.exe
4368	XesLiGX.exe
2064	LvmpXvx.exe
2284	iqjxglu.exe
1576	dwvyROn.exe
3292	aAKhQAt.exe
4580	rydBmWK.exe
4992	GweSMGQ.exe
4576	XJPEzym.exe
384	mUOAQxs.exe
2592	VUxvydr.exe
2900	JoqZMXh.exe
4780	ikqAPcX.exe
1252	AcrSQwo.exe
3692	WAdLoJi.exe
3944	amOJCvA.exe
868	XvbnAed.exe
3184	rIIEGGr.exe
3172	OajJFDd.exe
4032	kRoikap.exe
2384	jFUcmsz.exe
748	ebXQkgg.exe
2256	PbXCjyR.exe
848	ToCOTEE.exe
4884	NvczfsQ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1480-0-0x00007FF743740000-0x00007FF743A94000-memory.dmp	upx
behavioral2/files/0x000a000000024095-5.dat	upx
behavioral2/memory/3832-6-0x00007FF799190000-0x00007FF7994E4000-memory.dmp	upx
behavioral2/files/0x0008000000024114-10.dat	upx
behavioral2/memory/2808-15-0x00007FF65C070000-0x00007FF65C3C4000-memory.dmp	upx
behavioral2/files/0x0008000000024112-19.dat	upx
behavioral2/memory/3876-24-0x00007FF68C6C0000-0x00007FF68CA14000-memory.dmp	upx
behavioral2/files/0x0007000000024115-22.dat	upx
behavioral2/memory/4552-21-0x00007FF752AD0000-0x00007FF752E24000-memory.dmp	upx
behavioral2/files/0x0007000000024116-28.dat	upx
behavioral2/memory/3908-31-0x00007FF645700000-0x00007FF645A54000-memory.dmp	upx
behavioral2/files/0x0007000000024117-35.dat	upx
behavioral2/memory/1472-36-0x00007FF769C00000-0x00007FF769F54000-memory.dmp	upx
behavioral2/files/0x0007000000024118-41.dat	upx
behavioral2/files/0x0007000000024119-45.dat	upx
behavioral2/files/0x000700000002411a-51.dat	upx
behavioral2/memory/4656-53-0x00007FF693BA0000-0x00007FF693EF4000-memory.dmp	upx
behavioral2/memory/1480-52-0x00007FF743740000-0x00007FF743A94000-memory.dmp	upx
behavioral2/memory/3700-48-0x00007FF709800000-0x00007FF709B54000-memory.dmp	upx
behavioral2/memory/2408-42-0x00007FF6D1400000-0x00007FF6D1754000-memory.dmp	upx
behavioral2/memory/3832-60-0x00007FF799190000-0x00007FF7994E4000-memory.dmp	upx
behavioral2/files/0x000700000002411b-61.dat	upx
behavioral2/memory/2808-64-0x00007FF65C070000-0x00007FF65C3C4000-memory.dmp	upx
behavioral2/files/0x000900000002411c-77.dat	upx
behavioral2/files/0x0007000000024121-86.dat	upx
behavioral2/files/0x0007000000024120-87.dat	upx
behavioral2/memory/5064-90-0x00007FF79B230000-0x00007FF79B584000-memory.dmp	upx
behavioral2/memory/3908-89-0x00007FF645700000-0x00007FF645A54000-memory.dmp	upx
behavioral2/memory/1996-85-0x00007FF6757F0000-0x00007FF675B44000-memory.dmp	upx
behavioral2/memory/1164-84-0x00007FF60B880000-0x00007FF60BBD4000-memory.dmp	upx
behavioral2/files/0x000800000002411f-79.dat	upx
behavioral2/memory/3876-76-0x00007FF68C6C0000-0x00007FF68CA14000-memory.dmp	upx
behavioral2/memory/3880-73-0x00007FF651110000-0x00007FF651464000-memory.dmp	upx
behavioral2/memory/3240-69-0x00007FF61E7A0000-0x00007FF61EAF4000-memory.dmp	upx
behavioral2/memory/4552-68-0x00007FF752AD0000-0x00007FF752E24000-memory.dmp	upx
behavioral2/memory/1472-95-0x00007FF769C00000-0x00007FF769F54000-memory.dmp	upx
behavioral2/files/0x0007000000024122-100.dat	upx
behavioral2/files/0x0008000000024123-99.dat	upx
behavioral2/memory/3284-108-0x00007FF7004F0000-0x00007FF700844000-memory.dmp	upx
behavioral2/files/0x0007000000024126-113.dat	upx
behavioral2/files/0x0008000000024125-115.dat	upx
behavioral2/files/0x0007000000024127-120.dat	upx
behavioral2/memory/1304-129-0x00007FF682D50000-0x00007FF6830A4000-memory.dmp	upx
behavioral2/files/0x0007000000024128-131.dat	upx
behavioral2/memory/760-130-0x00007FF60AA60000-0x00007FF60ADB4000-memory.dmp	upx
behavioral2/memory/4740-128-0x00007FF65F210000-0x00007FF65F564000-memory.dmp	upx
behavioral2/memory/2844-124-0x00007FF754680000-0x00007FF7549D4000-memory.dmp	upx
behavioral2/memory/4656-114-0x00007FF693BA0000-0x00007FF693EF4000-memory.dmp	upx
behavioral2/memory/3700-109-0x00007FF709800000-0x00007FF709B54000-memory.dmp	upx
behavioral2/memory/4300-104-0x00007FF79B5D0000-0x00007FF79B924000-memory.dmp	upx
behavioral2/memory/2408-102-0x00007FF6D1400000-0x00007FF6D1754000-memory.dmp	upx
behavioral2/memory/3880-135-0x00007FF651110000-0x00007FF651464000-memory.dmp	upx
behavioral2/files/0x0007000000024129-136.dat	upx
behavioral2/files/0x000700000002412a-142.dat	upx
behavioral2/files/0x000700000002412c-153.dat	upx
behavioral2/files/0x000700000002412b-162.dat	upx
behavioral2/files/0x000700000002412f-167.dat	upx
behavioral2/files/0x000700000002412e-174.dat	upx
behavioral2/memory/1756-179-0x00007FF6C43E0000-0x00007FF6C4734000-memory.dmp	upx
behavioral2/files/0x0007000000024130-180.dat	upx
behavioral2/memory/5064-178-0x00007FF79B230000-0x00007FF79B584000-memory.dmp	upx
behavioral2/memory/4000-177-0x00007FF68A4F0000-0x00007FF68A844000-memory.dmp	upx
behavioral2/files/0x000700000002412d-173.dat	upx
behavioral2/memory/1012-172-0x00007FF634750000-0x00007FF634AA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\MYlkNrE.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\gOVcuIs.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\SgsBrtA.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\JYIyMTN.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\jKawrcq.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\iqNMgQF.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\jviRVHj.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\OQMjhRg.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\cbPakwE.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\ntlysFL.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\HJomODO.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\KgpJMLY.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\mYfPNnP.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\lSqRjeZ.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\mVtZcVJ.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\FiHfQLm.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\AuwKCta.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\atcwXCe.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\LPKnhKf.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\xvPapzD.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\pNGrmzn.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\LyoXCqm.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\xTquIkm.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\eaACWdX.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\kPMgfyu.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\wvqBmno.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\CYKlExd.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\yQKkwBA.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\AzLCflJ.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\kePOKih.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\axkKiOv.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\FkfBtgT.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\YpxAHHG.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\AxRhfYx.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\nPYqDxm.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\TGEBYcg.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\uKTzxGU.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\ioZUXNb.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\ffMgKUM.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\naSUcOX.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\yscLiqD.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\mVxbNki.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\lHbTnIC.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\bjXVHtH.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\EKDdEIM.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\sTJTWgq.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\UwwfUAi.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\zcHtWuV.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\tLdueLf.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\WbMmEPS.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\jNGQSUB.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\TdbEqha.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\WpiGTZq.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\JfvEAuW.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\fYiQWGQ.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\WkaemTc.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\zMryiET.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\aAKhQAt.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\WAdLoJi.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\zNlhWxz.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\WZMPQBr.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\sMlHRjy.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\KMlyceT.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\oKcttpS.exe	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1480 wrote to memory of 3832	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	87
PID 1480 wrote to memory of 3832	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	87
PID 1480 wrote to memory of 2808	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	89
PID 1480 wrote to memory of 2808	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	89
PID 1480 wrote to memory of 4552	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	90
PID 1480 wrote to memory of 4552	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	90
PID 1480 wrote to memory of 3876	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	91
PID 1480 wrote to memory of 3876	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	91
PID 1480 wrote to memory of 3908	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	92
PID 1480 wrote to memory of 3908	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	92
PID 1480 wrote to memory of 1472	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	95
PID 1480 wrote to memory of 1472	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	95
PID 1480 wrote to memory of 2408	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	96
PID 1480 wrote to memory of 2408	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	96
PID 1480 wrote to memory of 3700	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	97
PID 1480 wrote to memory of 3700	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	97
PID 1480 wrote to memory of 4656	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	98
PID 1480 wrote to memory of 4656	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	98
PID 1480 wrote to memory of 3240	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	99
PID 1480 wrote to memory of 3240	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	99
PID 1480 wrote to memory of 3880	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	100
PID 1480 wrote to memory of 3880	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	100
PID 1480 wrote to memory of 1164	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	101
PID 1480 wrote to memory of 1164	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	101
PID 1480 wrote to memory of 1996	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	102
PID 1480 wrote to memory of 1996	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	102
PID 1480 wrote to memory of 5064	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	103
PID 1480 wrote to memory of 5064	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	103
PID 1480 wrote to memory of 4300	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	104
PID 1480 wrote to memory of 4300	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	104
PID 1480 wrote to memory of 3284	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	105
PID 1480 wrote to memory of 3284	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	105
PID 1480 wrote to memory of 2844	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	106
PID 1480 wrote to memory of 2844	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	106
PID 1480 wrote to memory of 4740	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	107
PID 1480 wrote to memory of 4740	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	107
PID 1480 wrote to memory of 1304	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	108
PID 1480 wrote to memory of 1304	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	108
PID 1480 wrote to memory of 760	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	109
PID 1480 wrote to memory of 760	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	109
PID 1480 wrote to memory of 4560	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	110
PID 1480 wrote to memory of 4560	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	110
PID 1480 wrote to memory of 1280	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	111
PID 1480 wrote to memory of 1280	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	111
PID 1480 wrote to memory of 2652	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	112
PID 1480 wrote to memory of 2652	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	112
PID 1480 wrote to memory of 1920	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	113
PID 1480 wrote to memory of 1920	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	113
PID 1480 wrote to memory of 2032	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	114
PID 1480 wrote to memory of 2032	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	114
PID 1480 wrote to memory of 1012	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	115
PID 1480 wrote to memory of 1012	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	115
PID 1480 wrote to memory of 4000	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	116
PID 1480 wrote to memory of 4000	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	116
PID 1480 wrote to memory of 1756	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	117
PID 1480 wrote to memory of 1756	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	117
PID 1480 wrote to memory of 3600	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	118
PID 1480 wrote to memory of 3600	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	118
PID 1480 wrote to memory of 3576	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	119
PID 1480 wrote to memory of 3576	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	119
PID 1480 wrote to memory of 5060	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	120
PID 1480 wrote to memory of 5060	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	120
PID 1480 wrote to memory of 3848	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	121
PID 1480 wrote to memory of 3848	1480	2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe	121

C:\Users\Admin\AppData\Local\Temp\2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-21_b2449030553d4418225c3e6fd90853d2_amadey_cobalt-strike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1480
- C:\Windows\System\FWDROBM.exe
  C:\Windows\System\FWDROBM.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\HnNQmbY.exe
  C:\Windows\System\HnNQmbY.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\cadNUee.exe
  C:\Windows\System\cadNUee.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\OljmaYe.exe
  C:\Windows\System\OljmaYe.exe
  2⤵
  - Executes dropped EXE
  PID:3876
- C:\Windows\System\lgfhwtG.exe
  C:\Windows\System\lgfhwtG.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\mkLiTJx.exe
  C:\Windows\System\mkLiTJx.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\OTFpsAl.exe
  C:\Windows\System\OTFpsAl.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\NOWamNz.exe
  C:\Windows\System\NOWamNz.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\yPmNNsS.exe
  C:\Windows\System\yPmNNsS.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\OiPyJIO.exe
  C:\Windows\System\OiPyJIO.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\arutZQV.exe
  C:\Windows\System\arutZQV.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System\DzHvZQm.exe
  C:\Windows\System\DzHvZQm.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\tZZpWKr.exe
  C:\Windows\System\tZZpWKr.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\PAsTXPW.exe
  C:\Windows\System\PAsTXPW.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\yMaCgwq.exe
  C:\Windows\System\yMaCgwq.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\QXYHCzg.exe
  C:\Windows\System\QXYHCzg.exe
  2⤵
  - Executes dropped EXE
  PID:3284
- C:\Windows\System\YYoIKLT.exe
  C:\Windows\System\YYoIKLT.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\QBnbzWL.exe
  C:\Windows\System\QBnbzWL.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\JsYMEJp.exe
  C:\Windows\System\JsYMEJp.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\ollIgBh.exe
  C:\Windows\System\ollIgBh.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\XUdthUX.exe
  C:\Windows\System\XUdthUX.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\pNGrmzn.exe
  C:\Windows\System\pNGrmzn.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\wcqaWca.exe
  C:\Windows\System\wcqaWca.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\bNojdHv.exe
  C:\Windows\System\bNojdHv.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\mQcxbqO.exe
  C:\Windows\System\mQcxbqO.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\nPjSLdz.exe
  C:\Windows\System\nPjSLdz.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\dUYiqjl.exe
  C:\Windows\System\dUYiqjl.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System\Vwyhspi.exe
  C:\Windows\System\Vwyhspi.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\rSfyFpw.exe
  C:\Windows\System\rSfyFpw.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System\JKiZgHk.exe
  C:\Windows\System\JKiZgHk.exe
  2⤵
  - Executes dropped EXE
  PID:3576
- C:\Windows\System\YmRRSzM.exe
  C:\Windows\System\YmRRSzM.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\oKcttpS.exe
  C:\Windows\System\oKcttpS.exe
  2⤵
  - Executes dropped EXE
  PID:3848
- C:\Windows\System\wUbOKHP.exe
  C:\Windows\System\wUbOKHP.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\HcRjGBu.exe
  C:\Windows\System\HcRjGBu.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\NeDHLjr.exe
  C:\Windows\System\NeDHLjr.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\YpxAHHG.exe
  C:\Windows\System\YpxAHHG.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\bhSBuZf.exe
  C:\Windows\System\bhSBuZf.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\zRglUct.exe
  C:\Windows\System\zRglUct.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\WbMmEPS.exe
  C:\Windows\System\WbMmEPS.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\bwORqjH.exe
  C:\Windows\System\bwORqjH.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System\XesLiGX.exe
  C:\Windows\System\XesLiGX.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\LvmpXvx.exe
  C:\Windows\System\LvmpXvx.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\iqjxglu.exe
  C:\Windows\System\iqjxglu.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\dwvyROn.exe
  C:\Windows\System\dwvyROn.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\aAKhQAt.exe
  C:\Windows\System\aAKhQAt.exe
  2⤵
  - Executes dropped EXE
  PID:3292
- C:\Windows\System\rydBmWK.exe
  C:\Windows\System\rydBmWK.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\GweSMGQ.exe
  C:\Windows\System\GweSMGQ.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\XJPEzym.exe
  C:\Windows\System\XJPEzym.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\mUOAQxs.exe
  C:\Windows\System\mUOAQxs.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System\VUxvydr.exe
  C:\Windows\System\VUxvydr.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\JoqZMXh.exe
  C:\Windows\System\JoqZMXh.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\ikqAPcX.exe
  C:\Windows\System\ikqAPcX.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\AcrSQwo.exe
  C:\Windows\System\AcrSQwo.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\WAdLoJi.exe
  C:\Windows\System\WAdLoJi.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\amOJCvA.exe
  C:\Windows\System\amOJCvA.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\XvbnAed.exe
  C:\Windows\System\XvbnAed.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\rIIEGGr.exe
  C:\Windows\System\rIIEGGr.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\OajJFDd.exe
  C:\Windows\System\OajJFDd.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\kRoikap.exe
  C:\Windows\System\kRoikap.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\jFUcmsz.exe
  C:\Windows\System\jFUcmsz.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\ebXQkgg.exe
  C:\Windows\System\ebXQkgg.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\PbXCjyR.exe
  C:\Windows\System\PbXCjyR.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\ToCOTEE.exe
  C:\Windows\System\ToCOTEE.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\NvczfsQ.exe
  C:\Windows\System\NvczfsQ.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\rHjtylz.exe
  C:\Windows\System\rHjtylz.exe
  2⤵
  PID:4864
- C:\Windows\System\XcShRlC.exe
  C:\Windows\System\XcShRlC.exe
  2⤵
  PID:2788
- C:\Windows\System\fuvxymG.exe
  C:\Windows\System\fuvxymG.exe
  2⤵
  PID:772
- C:\Windows\System\peISNlz.exe
  C:\Windows\System\peISNlz.exe
  2⤵
  PID:4148
- C:\Windows\System\sMlNEKu.exe
  C:\Windows\System\sMlNEKu.exe
  2⤵
  PID:804
- C:\Windows\System\HwPsQjO.exe
  C:\Windows\System\HwPsQjO.exe
  2⤵
  PID:4328
- C:\Windows\System\hfvmcpr.exe
  C:\Windows\System\hfvmcpr.exe
  2⤵
  PID:2184
- C:\Windows\System\crOKMVv.exe
  C:\Windows\System\crOKMVv.exe
  2⤵
  PID:4284
- C:\Windows\System\VQUoleX.exe
  C:\Windows\System\VQUoleX.exe
  2⤵
  PID:2212
- C:\Windows\System\Nwehyey.exe
  C:\Windows\System\Nwehyey.exe
  2⤵
  PID:1124
- C:\Windows\System\yAsPCuI.exe
  C:\Windows\System\yAsPCuI.exe
  2⤵
  PID:4060
- C:\Windows\System\lNPidKd.exe
  C:\Windows\System\lNPidKd.exe
  2⤵
  PID:3036
- C:\Windows\System\XCBtgZV.exe
  C:\Windows\System\XCBtgZV.exe
  2⤵
  PID:844
- C:\Windows\System\MPkSjBQ.exe
  C:\Windows\System\MPkSjBQ.exe
  2⤵
  PID:1140
- C:\Windows\System\cvJkmFF.exe
  C:\Windows\System\cvJkmFF.exe
  2⤵
  PID:4364
- C:\Windows\System\eclPdsO.exe
  C:\Windows\System\eclPdsO.exe
  2⤵
  PID:2512
- C:\Windows\System\OTCCgIp.exe
  C:\Windows\System\OTCCgIp.exe
  2⤵
  PID:3736
- C:\Windows\System\omihTsE.exe
  C:\Windows\System\omihTsE.exe
  2⤵
  PID:1200
- C:\Windows\System\LyoXCqm.exe
  C:\Windows\System\LyoXCqm.exe
  2⤵
  PID:4492
- C:\Windows\System\meawpUt.exe
  C:\Windows\System\meawpUt.exe
  2⤵
  PID:1572
- C:\Windows\System\qoQMGfw.exe
  C:\Windows\System\qoQMGfw.exe
  2⤵
  PID:3512
- C:\Windows\System\beHqAUr.exe
  C:\Windows\System\beHqAUr.exe
  2⤵
  PID:2628
- C:\Windows\System\tLYyEfs.exe
  C:\Windows\System\tLYyEfs.exe
  2⤵
  PID:2052
- C:\Windows\System\HMjjFii.exe
  C:\Windows\System\HMjjFii.exe
  2⤵
  PID:3432
- C:\Windows\System\SotPZJz.exe
  C:\Windows\System\SotPZJz.exe
  2⤵
  PID:4748
- C:\Windows\System\BnlSDbf.exe
  C:\Windows\System\BnlSDbf.exe
  2⤵
  PID:4040
- C:\Windows\System\XneKpVw.exe
  C:\Windows\System\XneKpVw.exe
  2⤵
  PID:2632
- C:\Windows\System\BMxCqMZ.exe
  C:\Windows\System\BMxCqMZ.exe
  2⤵
  PID:1240
- C:\Windows\System\bvKzpKt.exe
  C:\Windows\System\bvKzpKt.exe
  2⤵
  PID:4004
- C:\Windows\System\EwkERjy.exe
  C:\Windows\System\EwkERjy.exe
  2⤵
  PID:808
- C:\Windows\System\CfxxwgV.exe
  C:\Windows\System\CfxxwgV.exe
  2⤵
  PID:2888
- C:\Windows\System\qHzsNoy.exe
  C:\Windows\System\qHzsNoy.exe
  2⤵
  PID:1972
- C:\Windows\System\VaBgPih.exe
  C:\Windows\System\VaBgPih.exe
  2⤵
  PID:2400
- C:\Windows\System\vXEfOAL.exe
  C:\Windows\System\vXEfOAL.exe
  2⤵
  PID:4336
- C:\Windows\System\AptbZrW.exe
  C:\Windows\System\AptbZrW.exe
  2⤵
  PID:4820
- C:\Windows\System\yYMCymR.exe
  C:\Windows\System\yYMCymR.exe
  2⤵
  PID:3084
- C:\Windows\System\kSYKdUx.exe
  C:\Windows\System\kSYKdUx.exe
  2⤵
  PID:5148
- C:\Windows\System\LnytlBV.exe
  C:\Windows\System\LnytlBV.exe
  2⤵
  PID:5192
- C:\Windows\System\WfGTSGF.exe
  C:\Windows\System\WfGTSGF.exe
  2⤵
  PID:5216
- C:\Windows\System\vFZURrT.exe
  C:\Windows\System\vFZURrT.exe
  2⤵
  PID:5260
- C:\Windows\System\PUimcVJ.exe
  C:\Windows\System\PUimcVJ.exe
  2⤵
  PID:5356
- C:\Windows\System\QqdpWvi.exe
  C:\Windows\System\QqdpWvi.exe
  2⤵
  PID:5400
- C:\Windows\System\odmoExD.exe
  C:\Windows\System\odmoExD.exe
  2⤵
  PID:5428
- C:\Windows\System\gajdvxk.exe
  C:\Windows\System\gajdvxk.exe
  2⤵
  PID:5468
- C:\Windows\System\FMhRQTf.exe
  C:\Windows\System\FMhRQTf.exe
  2⤵
  PID:5496
- C:\Windows\System\mVtZcVJ.exe
  C:\Windows\System\mVtZcVJ.exe
  2⤵
  PID:5516
- C:\Windows\System\btOuxah.exe
  C:\Windows\System\btOuxah.exe
  2⤵
  PID:5556
- C:\Windows\System\nIxFqBy.exe
  C:\Windows\System\nIxFqBy.exe
  2⤵
  PID:5588
- C:\Windows\System\jNGQSUB.exe
  C:\Windows\System\jNGQSUB.exe
  2⤵
  PID:5608
- C:\Windows\System\ikDMAqo.exe
  C:\Windows\System\ikDMAqo.exe
  2⤵
  PID:5636
- C:\Windows\System\jmgcuMu.exe
  C:\Windows\System\jmgcuMu.exe
  2⤵
  PID:5672
- C:\Windows\System\UwBbJKj.exe
  C:\Windows\System\UwBbJKj.exe
  2⤵
  PID:5700
- C:\Windows\System\lJrrUNk.exe
  C:\Windows\System\lJrrUNk.exe
  2⤵
  PID:5728
- C:\Windows\System\nIYdiic.exe
  C:\Windows\System\nIYdiic.exe
  2⤵
  PID:5760
- C:\Windows\System\oGnqKHj.exe
  C:\Windows\System\oGnqKHj.exe
  2⤵
  PID:5780
- C:\Windows\System\rgEnqhw.exe
  C:\Windows\System\rgEnqhw.exe
  2⤵
  PID:5808
- C:\Windows\System\EUleCHc.exe
  C:\Windows\System\EUleCHc.exe
  2⤵
  PID:5836
- C:\Windows\System\GuqXkjO.exe
  C:\Windows\System\GuqXkjO.exe
  2⤵
  PID:5872
- C:\Windows\System\chmHLDD.exe
  C:\Windows\System\chmHLDD.exe
  2⤵
  PID:5900
- C:\Windows\System\oyAGKYP.exe
  C:\Windows\System\oyAGKYP.exe
  2⤵
  PID:5936
- C:\Windows\System\WQUARFV.exe
  C:\Windows\System\WQUARFV.exe
  2⤵
  PID:5964
- C:\Windows\System\LhqhTLH.exe
  C:\Windows\System\LhqhTLH.exe
  2⤵
  PID:6000
- C:\Windows\System\ZDUZJtU.exe
  C:\Windows\System\ZDUZJtU.exe
  2⤵
  PID:6028
- C:\Windows\System\idrQLZt.exe
  C:\Windows\System\idrQLZt.exe
  2⤵
  PID:6052
- C:\Windows\System\THnhfjo.exe
  C:\Windows\System\THnhfjo.exe
  2⤵
  PID:6084
- C:\Windows\System\gaAVfUb.exe
  C:\Windows\System\gaAVfUb.exe
  2⤵
  PID:6120
- C:\Windows\System\isktutV.exe
  C:\Windows\System\isktutV.exe
  2⤵
  PID:4964
- C:\Windows\System\vYlDkzN.exe
  C:\Windows\System\vYlDkzN.exe
  2⤵
  PID:5132
- C:\Windows\System\zrEXffJ.exe
  C:\Windows\System\zrEXffJ.exe
  2⤵
  PID:5204
- C:\Windows\System\znSnBiR.exe
  C:\Windows\System\znSnBiR.exe
  2⤵
  PID:3336
- C:\Windows\System\yXdQoxE.exe
  C:\Windows\System\yXdQoxE.exe
  2⤵
  PID:5408
- C:\Windows\System\cPbZBqH.exe
  C:\Windows\System\cPbZBqH.exe
  2⤵
  PID:5480
- C:\Windows\System\GmhfJZS.exe
  C:\Windows\System\GmhfJZS.exe
  2⤵
  PID:5548
- C:\Windows\System\ZAfTxMu.exe
  C:\Windows\System\ZAfTxMu.exe
  2⤵
  PID:5576
- C:\Windows\System\KUMQNNr.exe
  C:\Windows\System\KUMQNNr.exe
  2⤵
  PID:5656
- C:\Windows\System\azvBAKv.exe
  C:\Windows\System\azvBAKv.exe
  2⤵
  PID:5736
- C:\Windows\System\aZzEQcr.exe
  C:\Windows\System\aZzEQcr.exe
  2⤵
  PID:5776
- C:\Windows\System\gaIvWiM.exe
  C:\Windows\System\gaIvWiM.exe
  2⤵
  PID:5848
- C:\Windows\System\IOqjnpl.exe
  C:\Windows\System\IOqjnpl.exe
  2⤵
  PID:5884
- C:\Windows\System\RMcFjdY.exe
  C:\Windows\System\RMcFjdY.exe
  2⤵
  PID:5924
- C:\Windows\System\aqYZeuo.exe
  C:\Windows\System\aqYZeuo.exe
  2⤵
  PID:6008
- C:\Windows\System\CwfKHFc.exe
  C:\Windows\System\CwfKHFc.exe
  2⤵
  PID:6072
- C:\Windows\System\qzkCeuy.exe
  C:\Windows\System\qzkCeuy.exe
  2⤵
  PID:5176
- C:\Windows\System\HoLtvJA.exe
  C:\Windows\System\HoLtvJA.exe
  2⤵
  PID:5340
- C:\Windows\System\amIStSC.exe
  C:\Windows\System\amIStSC.exe
  2⤵
  PID:5476
- C:\Windows\System\IgMzfNM.exe
  C:\Windows\System\IgMzfNM.exe
  2⤵
  PID:1056
- C:\Windows\System\gOVcuIs.exe
  C:\Windows\System\gOVcuIs.exe
  2⤵
  PID:5708
- C:\Windows\System\UEfLbeZ.exe
  C:\Windows\System\UEfLbeZ.exe
  2⤵
  PID:5952
- C:\Windows\System\plxOPvR.exe
  C:\Windows\System\plxOPvR.exe
  2⤵
  PID:6036
- C:\Windows\System\ntlysFL.exe
  C:\Windows\System\ntlysFL.exe
  2⤵
  PID:1552
- C:\Windows\System\eARJvrY.exe
  C:\Windows\System\eARJvrY.exe
  2⤵
  PID:5600
- C:\Windows\System\HBAIsta.exe
  C:\Windows\System\HBAIsta.exe
  2⤵
  PID:5800
- C:\Windows\System\DGijHIe.exe
  C:\Windows\System\DGijHIe.exe
  2⤵
  PID:4496
- C:\Windows\System\aePgnZF.exe
  C:\Windows\System\aePgnZF.exe
  2⤵
  PID:5944
- C:\Windows\System\csgiXwI.exe
  C:\Windows\System\csgiXwI.exe
  2⤵
  PID:5388
- C:\Windows\System\lGoyYbd.exe
  C:\Windows\System\lGoyYbd.exe
  2⤵
  PID:6176
- C:\Windows\System\AZbjIvs.exe
  C:\Windows\System\AZbjIvs.exe
  2⤵
  PID:6200
- C:\Windows\System\sUaTlWZ.exe
  C:\Windows\System\sUaTlWZ.exe
  2⤵
  PID:6224
- C:\Windows\System\UyUizKK.exe
  C:\Windows\System\UyUizKK.exe
  2⤵
  PID:6260
- C:\Windows\System\gYuhBgi.exe
  C:\Windows\System\gYuhBgi.exe
  2⤵
  PID:6292
- C:\Windows\System\ViMjXnS.exe
  C:\Windows\System\ViMjXnS.exe
  2⤵
  PID:6312
- C:\Windows\System\HIaeyHb.exe
  C:\Windows\System\HIaeyHb.exe
  2⤵
  PID:6340
- C:\Windows\System\dDgyJSr.exe
  C:\Windows\System\dDgyJSr.exe
  2⤵
  PID:6376
- C:\Windows\System\HwhrEUW.exe
  C:\Windows\System\HwhrEUW.exe
  2⤵
  PID:6404
- C:\Windows\System\BaTaziZ.exe
  C:\Windows\System\BaTaziZ.exe
  2⤵
  PID:6432
- C:\Windows\System\OPzFlrQ.exe
  C:\Windows\System\OPzFlrQ.exe
  2⤵
  PID:6452
- C:\Windows\System\rFeTCuA.exe
  C:\Windows\System\rFeTCuA.exe
  2⤵
  PID:6488
- C:\Windows\System\asnRdiS.exe
  C:\Windows\System\asnRdiS.exe
  2⤵
  PID:6516
- C:\Windows\System\gOqcuKt.exe
  C:\Windows\System\gOqcuKt.exe
  2⤵
  PID:6544
- C:\Windows\System\HJomODO.exe
  C:\Windows\System\HJomODO.exe
  2⤵
  PID:6568
- C:\Windows\System\LuuDDpY.exe
  C:\Windows\System\LuuDDpY.exe
  2⤵
  PID:6600
- C:\Windows\System\kIJpHNh.exe
  C:\Windows\System\kIJpHNh.exe
  2⤵
  PID:6628
- C:\Windows\System\vmphQGP.exe
  C:\Windows\System\vmphQGP.exe
  2⤵
  PID:6656
- C:\Windows\System\EKDdEIM.exe
  C:\Windows\System\EKDdEIM.exe
  2⤵
  PID:6688
- C:\Windows\System\eOwdQdq.exe
  C:\Windows\System\eOwdQdq.exe
  2⤵
  PID:6712
- C:\Windows\System\YbsbIKc.exe
  C:\Windows\System\YbsbIKc.exe
  2⤵
  PID:6736
- C:\Windows\System\bkoPHiC.exe
  C:\Windows\System\bkoPHiC.exe
  2⤵
  PID:6768
- C:\Windows\System\DbGphtI.exe
  C:\Windows\System\DbGphtI.exe
  2⤵
  PID:6800
- C:\Windows\System\QBcofZb.exe
  C:\Windows\System\QBcofZb.exe
  2⤵
  PID:6828
- C:\Windows\System\NIjuaJT.exe
  C:\Windows\System\NIjuaJT.exe
  2⤵
  PID:6848
- C:\Windows\System\IBRBXBD.exe
  C:\Windows\System\IBRBXBD.exe
  2⤵
  PID:6884
- C:\Windows\System\GxbEBbU.exe
  C:\Windows\System\GxbEBbU.exe
  2⤵
  PID:6912
- C:\Windows\System\kbyfdHP.exe
  C:\Windows\System\kbyfdHP.exe
  2⤵
  PID:6932
- C:\Windows\System\PXKtyrF.exe
  C:\Windows\System\PXKtyrF.exe
  2⤵
  PID:6972
- C:\Windows\System\yOHMoDO.exe
  C:\Windows\System\yOHMoDO.exe
  2⤵
  PID:6988
- C:\Windows\System\uEgKDun.exe
  C:\Windows\System\uEgKDun.exe
  2⤵
  PID:7016
- C:\Windows\System\WeaFAQF.exe
  C:\Windows\System\WeaFAQF.exe
  2⤵
  PID:7044
- C:\Windows\System\fdxQpbT.exe
  C:\Windows\System\fdxQpbT.exe
  2⤵
  PID:7072
- C:\Windows\System\xInHZbK.exe
  C:\Windows\System\xInHZbK.exe
  2⤵
  PID:7112
- C:\Windows\System\NSUIHnk.exe
  C:\Windows\System\NSUIHnk.exe
  2⤵
  PID:7140
- C:\Windows\System\iQSzVBg.exe
  C:\Windows\System\iQSzVBg.exe
  2⤵
  PID:5680
- C:\Windows\System\AxRhfYx.exe
  C:\Windows\System\AxRhfYx.exe
  2⤵
  PID:6192
- C:\Windows\System\TjFNAAc.exe
  C:\Windows\System\TjFNAAc.exe
  2⤵
  PID:6248
- C:\Windows\System\CLkfbka.exe
  C:\Windows\System\CLkfbka.exe
  2⤵
  PID:6332
- C:\Windows\System\OEXbhmS.exe
  C:\Windows\System\OEXbhmS.exe
  2⤵
  PID:6416
- C:\Windows\System\YWizNKy.exe
  C:\Windows\System\YWizNKy.exe
  2⤵
  PID:6480
- C:\Windows\System\hwLYOcm.exe
  C:\Windows\System\hwLYOcm.exe
  2⤵
  PID:6552
- C:\Windows\System\pTJIXaF.exe
  C:\Windows\System\pTJIXaF.exe
  2⤵
  PID:6612
- C:\Windows\System\DmBtvYu.exe
  C:\Windows\System\DmBtvYu.exe
  2⤵
  PID:6684
- C:\Windows\System\ddTlRIy.exe
  C:\Windows\System\ddTlRIy.exe
  2⤵
  PID:6752
- C:\Windows\System\yyCLvnp.exe
  C:\Windows\System\yyCLvnp.exe
  2⤵
  PID:6812
- C:\Windows\System\TdbEqha.exe
  C:\Windows\System\TdbEqha.exe
  2⤵
  PID:6840
- C:\Windows\System\jFMjeef.exe
  C:\Windows\System\jFMjeef.exe
  2⤵
  PID:6960
- C:\Windows\System\UVhHIHF.exe
  C:\Windows\System\UVhHIHF.exe
  2⤵
  PID:7024
- C:\Windows\System\lJeZEzx.exe
  C:\Windows\System\lJeZEzx.exe
  2⤵
  PID:7060
- C:\Windows\System\QNuNFfw.exe
  C:\Windows\System\QNuNFfw.exe
  2⤵
  PID:7132
- C:\Windows\System\FiHfQLm.exe
  C:\Windows\System\FiHfQLm.exe
  2⤵
  PID:5416
- C:\Windows\System\uacTKAw.exe
  C:\Windows\System\uacTKAw.exe
  2⤵
  PID:7156
- C:\Windows\System\emHUWFO.exe
  C:\Windows\System\emHUWFO.exe
  2⤵
  PID:6240
- C:\Windows\System\vmAaqPb.exe
  C:\Windows\System\vmAaqPb.exe
  2⤵
  PID:6388
- C:\Windows\System\dtFWBjl.exe
  C:\Windows\System\dtFWBjl.exe
  2⤵
  PID:6500
- C:\Windows\System\mXAyNuD.exe
  C:\Windows\System\mXAyNuD.exe
  2⤵
  PID:6636
- C:\Windows\System\ymNpaKt.exe
  C:\Windows\System\ymNpaKt.exe
  2⤵
  PID:2816
- C:\Windows\System\dZWBFXK.exe
  C:\Windows\System\dZWBFXK.exe
  2⤵
  PID:6784
- C:\Windows\System\drybcqK.exe
  C:\Windows\System\drybcqK.exe
  2⤵
  PID:6924
- C:\Windows\System\omrQqtx.exe
  C:\Windows\System\omrQqtx.exe
  2⤵
  PID:7092
- C:\Windows\System\wQAqgem.exe
  C:\Windows\System\wQAqgem.exe
  2⤵
  PID:7152
- C:\Windows\System\ethpVte.exe
  C:\Windows\System\ethpVte.exe
  2⤵
  PID:4644
- C:\Windows\System\vFwomac.exe
  C:\Windows\System\vFwomac.exe
  2⤵
  PID:6700
- C:\Windows\System\ArCwhnp.exe
  C:\Windows\System\ArCwhnp.exe
  2⤵
  PID:6908
- C:\Windows\System\SwMoumx.exe
  C:\Windows\System\SwMoumx.exe
  2⤵
  PID:2312
- C:\Windows\System\dkFZaZG.exe
  C:\Windows\System\dkFZaZG.exe
  2⤵
  PID:6844
- C:\Windows\System\BipcPut.exe
  C:\Windows\System\BipcPut.exe
  2⤵
  PID:6528
- C:\Windows\System\IsVuxHo.exe
  C:\Windows\System\IsVuxHo.exe
  2⤵
  PID:7176
- C:\Windows\System\UjmqMPW.exe
  C:\Windows\System\UjmqMPW.exe
  2⤵
  PID:7204
- C:\Windows\System\wKXotQq.exe
  C:\Windows\System\wKXotQq.exe
  2⤵
  PID:7232
- C:\Windows\System\CYKlExd.exe
  C:\Windows\System\CYKlExd.exe
  2⤵
  PID:7272
- C:\Windows\System\AhHcxZi.exe
  C:\Windows\System\AhHcxZi.exe
  2⤵
  PID:7288
- C:\Windows\System\SjAfaFa.exe
  C:\Windows\System\SjAfaFa.exe
  2⤵
  PID:7316
- C:\Windows\System\BbNYWTJ.exe
  C:\Windows\System\BbNYWTJ.exe
  2⤵
  PID:7344
- C:\Windows\System\mIJdQuB.exe
  C:\Windows\System\mIJdQuB.exe
  2⤵
  PID:7372
- C:\Windows\System\KuLCoNO.exe
  C:\Windows\System\KuLCoNO.exe
  2⤵
  PID:7400
- C:\Windows\System\AuwKCta.exe
  C:\Windows\System\AuwKCta.exe
  2⤵
  PID:7428
- C:\Windows\System\TYbxgPw.exe
  C:\Windows\System\TYbxgPw.exe
  2⤵
  PID:7456
- C:\Windows\System\RbBeilF.exe
  C:\Windows\System\RbBeilF.exe
  2⤵
  PID:7488
- C:\Windows\System\uHTNXMQ.exe
  C:\Windows\System\uHTNXMQ.exe
  2⤵
  PID:7516
- C:\Windows\System\JzBAjBq.exe
  C:\Windows\System\JzBAjBq.exe
  2⤵
  PID:7544
- C:\Windows\System\WqooXSs.exe
  C:\Windows\System\WqooXSs.exe
  2⤵
  PID:7572
- C:\Windows\System\mfZejeG.exe
  C:\Windows\System\mfZejeG.exe
  2⤵
  PID:7600
- C:\Windows\System\eTeTPMb.exe
  C:\Windows\System\eTeTPMb.exe
  2⤵
  PID:7628
- C:\Windows\System\OlsWIrp.exe
  C:\Windows\System\OlsWIrp.exe
  2⤵
  PID:7656
- C:\Windows\System\BfRudWG.exe
  C:\Windows\System\BfRudWG.exe
  2⤵
  PID:7688
- C:\Windows\System\XotzNBy.exe
  C:\Windows\System\XotzNBy.exe
  2⤵
  PID:7712
- C:\Windows\System\jJzxEtV.exe
  C:\Windows\System\jJzxEtV.exe
  2⤵
  PID:7740
- C:\Windows\System\HCBGoaj.exe
  C:\Windows\System\HCBGoaj.exe
  2⤵
  PID:7768
- C:\Windows\System\ruJldwp.exe
  C:\Windows\System\ruJldwp.exe
  2⤵
  PID:7796
- C:\Windows\System\uosDwos.exe
  C:\Windows\System\uosDwos.exe
  2⤵
  PID:7824
- C:\Windows\System\FANRzkU.exe
  C:\Windows\System\FANRzkU.exe
  2⤵
  PID:7852
- C:\Windows\System\cbEvyNm.exe
  C:\Windows\System\cbEvyNm.exe
  2⤵
  PID:7880
- C:\Windows\System\sCCDnfh.exe
  C:\Windows\System\sCCDnfh.exe
  2⤵
  PID:7908
- C:\Windows\System\xlvFUFF.exe
  C:\Windows\System\xlvFUFF.exe
  2⤵
  PID:7936
- C:\Windows\System\VXPLJcv.exe
  C:\Windows\System\VXPLJcv.exe
  2⤵
  PID:7964
- C:\Windows\System\WpiGTZq.exe
  C:\Windows\System\WpiGTZq.exe
  2⤵
  PID:7992
- C:\Windows\System\ytGeiah.exe
  C:\Windows\System\ytGeiah.exe
  2⤵
  PID:8020
- C:\Windows\System\jHVJCRr.exe
  C:\Windows\System\jHVJCRr.exe
  2⤵
  PID:8048
- C:\Windows\System\bvpYMuO.exe
  C:\Windows\System\bvpYMuO.exe
  2⤵
  PID:8076
- C:\Windows\System\oqYerKq.exe
  C:\Windows\System\oqYerKq.exe
  2⤵
  PID:8104
- C:\Windows\System\raSEKUI.exe
  C:\Windows\System\raSEKUI.exe
  2⤵
  PID:8132
- C:\Windows\System\ZARIXKF.exe
  C:\Windows\System\ZARIXKF.exe
  2⤵
  PID:8160
- C:\Windows\System\haPwnDd.exe
  C:\Windows\System\haPwnDd.exe
  2⤵
  PID:8188
- C:\Windows\System\jJoBXUc.exe
  C:\Windows\System\jJoBXUc.exe
  2⤵
  PID:7252
- C:\Windows\System\mDNVHkY.exe
  C:\Windows\System\mDNVHkY.exe
  2⤵
  PID:7280
- C:\Windows\System\VpoEwuJ.exe
  C:\Windows\System\VpoEwuJ.exe
  2⤵
  PID:7340
- C:\Windows\System\TPePCUb.exe
  C:\Windows\System\TPePCUb.exe
  2⤵
  PID:7412
- C:\Windows\System\vRLoZay.exe
  C:\Windows\System\vRLoZay.exe
  2⤵
  PID:7484
- C:\Windows\System\QFyPrNF.exe
  C:\Windows\System\QFyPrNF.exe
  2⤵
  PID:7556
- C:\Windows\System\VsJUROG.exe
  C:\Windows\System\VsJUROG.exe
  2⤵
  PID:7620
- C:\Windows\System\sBjHHwO.exe
  C:\Windows\System\sBjHHwO.exe
  2⤵
  PID:7680
- C:\Windows\System\fEruoJX.exe
  C:\Windows\System\fEruoJX.exe
  2⤵
  PID:7752
- C:\Windows\System\rgmgltz.exe
  C:\Windows\System\rgmgltz.exe
  2⤵
  PID:7816
- C:\Windows\System\dDrPVQm.exe
  C:\Windows\System\dDrPVQm.exe
  2⤵
  PID:7876
- C:\Windows\System\MTEHJhG.exe
  C:\Windows\System\MTEHJhG.exe
  2⤵
  PID:7948
- C:\Windows\System\jkLlrpj.exe
  C:\Windows\System\jkLlrpj.exe
  2⤵
  PID:8012
- C:\Windows\System\FXERtjw.exe
  C:\Windows\System\FXERtjw.exe
  2⤵
  PID:8072
- C:\Windows\System\mJeixsk.exe
  C:\Windows\System\mJeixsk.exe
  2⤵
  PID:8144
- C:\Windows\System\AozXlVV.exe
  C:\Windows\System\AozXlVV.exe
  2⤵
  PID:7188
- C:\Windows\System\WSZaGUa.exe
  C:\Windows\System\WSZaGUa.exe
  2⤵
  PID:4872
- C:\Windows\System\MnNnMRB.exe
  C:\Windows\System\MnNnMRB.exe
  2⤵
  PID:7392
- C:\Windows\System\AVYUvJJ.exe
  C:\Windows\System\AVYUvJJ.exe
  2⤵
  PID:7540
- C:\Windows\System\nDZNBfN.exe
  C:\Windows\System\nDZNBfN.exe
  2⤵
  PID:7780
- C:\Windows\System\OQLhvFm.exe
  C:\Windows\System\OQLhvFm.exe
  2⤵
  PID:7864
- C:\Windows\System\VbrTVcI.exe
  C:\Windows\System\VbrTVcI.exe
  2⤵
  PID:7976
- C:\Windows\System\eyvgmva.exe
  C:\Windows\System\eyvgmva.exe
  2⤵
  PID:8100
- C:\Windows\System\oSFoJyr.exe
  C:\Windows\System\oSFoJyr.exe
  2⤵
  PID:7256
- C:\Windows\System\KgpJMLY.exe
  C:\Windows\System\KgpJMLY.exe
  2⤵
  PID:4672
- C:\Windows\System\jpRvnMG.exe
  C:\Windows\System\jpRvnMG.exe
  2⤵
  PID:7676
- C:\Windows\System\GLzVGWz.exe
  C:\Windows\System\GLzVGWz.exe
  2⤵
  PID:8060
- C:\Windows\System\ynHjGpR.exe
  C:\Windows\System\ynHjGpR.exe
  2⤵
  PID:1784
- C:\Windows\System\HfxFTaP.exe
  C:\Windows\System\HfxFTaP.exe
  2⤵
  PID:8184
- C:\Windows\System\hsnorzP.exe
  C:\Windows\System\hsnorzP.exe
  2⤵
  PID:7424
- C:\Windows\System\SYbqkZa.exe
  C:\Windows\System\SYbqkZa.exe
  2⤵
  PID:8212
- C:\Windows\System\xoHVkth.exe
  C:\Windows\System\xoHVkth.exe
  2⤵
  PID:8240
- C:\Windows\System\eZZSyDF.exe
  C:\Windows\System\eZZSyDF.exe
  2⤵
  PID:8272
- C:\Windows\System\sZquWAy.exe
  C:\Windows\System\sZquWAy.exe
  2⤵
  PID:8296
- C:\Windows\System\yltGwjB.exe
  C:\Windows\System\yltGwjB.exe
  2⤵
  PID:8324
- C:\Windows\System\ZQSIbaI.exe
  C:\Windows\System\ZQSIbaI.exe
  2⤵
  PID:8352
- C:\Windows\System\tIEnpgr.exe
  C:\Windows\System\tIEnpgr.exe
  2⤵
  PID:8384
- C:\Windows\System\yQKkwBA.exe
  C:\Windows\System\yQKkwBA.exe
  2⤵
  PID:8412
- C:\Windows\System\isgOtIT.exe
  C:\Windows\System\isgOtIT.exe
  2⤵
  PID:8440
- C:\Windows\System\AcaXmgX.exe
  C:\Windows\System\AcaXmgX.exe
  2⤵
  PID:8468
- C:\Windows\System\eYgLufY.exe
  C:\Windows\System\eYgLufY.exe
  2⤵
  PID:8508
- C:\Windows\System\qYTTJAz.exe
  C:\Windows\System\qYTTJAz.exe
  2⤵
  PID:8524
- C:\Windows\System\urwOGvp.exe
  C:\Windows\System\urwOGvp.exe
  2⤵
  PID:8552
- C:\Windows\System\LTYhmwo.exe
  C:\Windows\System\LTYhmwo.exe
  2⤵
  PID:8572
- C:\Windows\System\JsQAnRH.exe
  C:\Windows\System\JsQAnRH.exe
  2⤵
  PID:8608
- C:\Windows\System\fLiHJZd.exe
  C:\Windows\System\fLiHJZd.exe
  2⤵
  PID:8636
- C:\Windows\System\twpvjnB.exe
  C:\Windows\System\twpvjnB.exe
  2⤵
  PID:8664
- C:\Windows\System\ppJepAT.exe
  C:\Windows\System\ppJepAT.exe
  2⤵
  PID:8692
- C:\Windows\System\sTJTWgq.exe
  C:\Windows\System\sTJTWgq.exe
  2⤵
  PID:8720
- C:\Windows\System\gyhBfot.exe
  C:\Windows\System\gyhBfot.exe
  2⤵
  PID:8748
- C:\Windows\System\gerFnxE.exe
  C:\Windows\System\gerFnxE.exe
  2⤵
  PID:8776
- C:\Windows\System\idvLxXV.exe
  C:\Windows\System\idvLxXV.exe
  2⤵
  PID:8804
- C:\Windows\System\qiWtTYi.exe
  C:\Windows\System\qiWtTYi.exe
  2⤵
  PID:8832
- C:\Windows\System\kREqBPU.exe
  C:\Windows\System\kREqBPU.exe
  2⤵
  PID:8860
- C:\Windows\System\fUUHJwZ.exe
  C:\Windows\System\fUUHJwZ.exe
  2⤵
  PID:8888
- C:\Windows\System\XIMZRKk.exe
  C:\Windows\System\XIMZRKk.exe
  2⤵
  PID:8924
- C:\Windows\System\qvdOpBk.exe
  C:\Windows\System\qvdOpBk.exe
  2⤵
  PID:8944
- C:\Windows\System\MaSAghZ.exe
  C:\Windows\System\MaSAghZ.exe
  2⤵
  PID:8972
- C:\Windows\System\AzLCflJ.exe
  C:\Windows\System\AzLCflJ.exe
  2⤵
  PID:9008
- C:\Windows\System\pxdIgXB.exe
  C:\Windows\System\pxdIgXB.exe
  2⤵
  PID:9028
- C:\Windows\System\tLAWOnQ.exe
  C:\Windows\System\tLAWOnQ.exe
  2⤵
  PID:9056
- C:\Windows\System\zWYKdKc.exe
  C:\Windows\System\zWYKdKc.exe
  2⤵
  PID:9084
- C:\Windows\System\qQWNxLH.exe
  C:\Windows\System\qQWNxLH.exe
  2⤵
  PID:9112
- C:\Windows\System\Lkywwsk.exe
  C:\Windows\System\Lkywwsk.exe
  2⤵
  PID:9140
- C:\Windows\System\sXEAFSU.exe
  C:\Windows\System\sXEAFSU.exe
  2⤵
  PID:9184
- C:\Windows\System\siicCGm.exe
  C:\Windows\System\siicCGm.exe
  2⤵
  PID:9200
- C:\Windows\System\frZyvdz.exe
  C:\Windows\System\frZyvdz.exe
  2⤵
  PID:8224
- C:\Windows\System\zVlVcHd.exe
  C:\Windows\System\zVlVcHd.exe
  2⤵
  PID:8288
- C:\Windows\System\AXGlKlP.exe
  C:\Windows\System\AXGlKlP.exe
  2⤵
  PID:8348
- C:\Windows\System\ENoDdQS.exe
  C:\Windows\System\ENoDdQS.exe
  2⤵
  PID:8424
- C:\Windows\System\ljGzsMw.exe
  C:\Windows\System\ljGzsMw.exe
  2⤵
  PID:8480
- C:\Windows\System\RTrjBqK.exe
  C:\Windows\System\RTrjBqK.exe
  2⤵
  PID:8536
- C:\Windows\System\gfbcDuj.exe
  C:\Windows\System\gfbcDuj.exe
  2⤵
  PID:8604
- C:\Windows\System\CGsHADf.exe
  C:\Windows\System\CGsHADf.exe
  2⤵
  PID:8660
- C:\Windows\System\alQDltl.exe
  C:\Windows\System\alQDltl.exe
  2⤵
  PID:8732
- C:\Windows\System\khPbldl.exe
  C:\Windows\System\khPbldl.exe
  2⤵
  PID:8796
- C:\Windows\System\QxIACkb.exe
  C:\Windows\System\QxIACkb.exe
  2⤵
  PID:8856
- C:\Windows\System\yFoVyNa.exe
  C:\Windows\System\yFoVyNa.exe
  2⤵
  PID:8932
- C:\Windows\System\tcqKifl.exe
  C:\Windows\System\tcqKifl.exe
  2⤵
  PID:8360
- C:\Windows\System\XuocLJr.exe
  C:\Windows\System\XuocLJr.exe
  2⤵
  PID:9048
- C:\Windows\System\JflJOAd.exe
  C:\Windows\System\JflJOAd.exe
  2⤵
  PID:9108
- C:\Windows\System\EHqpmsX.exe
  C:\Windows\System\EHqpmsX.exe
  2⤵
  PID:9164
- C:\Windows\System\lAYYFcq.exe
  C:\Windows\System\lAYYFcq.exe
  2⤵
  PID:8264
- C:\Windows\System\mYfPNnP.exe
  C:\Windows\System\mYfPNnP.exe
  2⤵
  PID:8408
- C:\Windows\System\YxwexPm.exe
  C:\Windows\System\YxwexPm.exe
  2⤵
  PID:8560
- C:\Windows\System\qCwyEkZ.exe
  C:\Windows\System\qCwyEkZ.exe
  2⤵
  PID:8716
- C:\Windows\System\jzawzBy.exe
  C:\Windows\System\jzawzBy.exe
  2⤵
  PID:8852
- C:\Windows\System\JfvEAuW.exe
  C:\Windows\System\JfvEAuW.exe
  2⤵
  PID:9016
- C:\Windows\System\xzKDnvJ.exe
  C:\Windows\System\xzKDnvJ.exe
  2⤵
  PID:9160
- C:\Windows\System\ShXEZgq.exe
  C:\Windows\System\ShXEZgq.exe
  2⤵
  PID:8404
- C:\Windows\System\rGbmwaB.exe
  C:\Windows\System\rGbmwaB.exe
  2⤵
  PID:8772
- C:\Windows\System\nPYqDxm.exe
  C:\Windows\System\nPYqDxm.exe
  2⤵
  PID:9104
- C:\Windows\System\OVKmQGP.exe
  C:\Windows\System\OVKmQGP.exe
  2⤵
  PID:8688
- C:\Windows\System\QSWVHIW.exe
  C:\Windows\System\QSWVHIW.exe
  2⤵
  PID:8520
- C:\Windows\System\VdwENAU.exe
  C:\Windows\System\VdwENAU.exe
  2⤵
  PID:9232
- C:\Windows\System\TWEBCuH.exe
  C:\Windows\System\TWEBCuH.exe
  2⤵
  PID:9260
- C:\Windows\System\ITVhqWJ.exe
  C:\Windows\System\ITVhqWJ.exe
  2⤵
  PID:9300
- C:\Windows\System\UwwfUAi.exe
  C:\Windows\System\UwwfUAi.exe
  2⤵
  PID:9324
- C:\Windows\System\PcWqSEt.exe
  C:\Windows\System\PcWqSEt.exe
  2⤵
  PID:9352
- C:\Windows\System\nCZHnWn.exe
  C:\Windows\System\nCZHnWn.exe
  2⤵
  PID:9380
- C:\Windows\System\vtFzfUY.exe
  C:\Windows\System\vtFzfUY.exe
  2⤵
  PID:9408
- C:\Windows\System\fMsxbFi.exe
  C:\Windows\System\fMsxbFi.exe
  2⤵
  PID:9436
- C:\Windows\System\SSzfZhH.exe
  C:\Windows\System\SSzfZhH.exe
  2⤵
  PID:9464
- C:\Windows\System\PHDgnrh.exe
  C:\Windows\System\PHDgnrh.exe
  2⤵
  PID:9492
- C:\Windows\System\iSCsDXO.exe
  C:\Windows\System\iSCsDXO.exe
  2⤵
  PID:9520
- C:\Windows\System\FlksCiy.exe
  C:\Windows\System\FlksCiy.exe
  2⤵
  PID:9548
- C:\Windows\System\nhsdjQE.exe
  C:\Windows\System\nhsdjQE.exe
  2⤵
  PID:9576
- C:\Windows\System\PDecbrG.exe
  C:\Windows\System\PDecbrG.exe
  2⤵
  PID:9604
- C:\Windows\System\kePOKih.exe
  C:\Windows\System\kePOKih.exe
  2⤵
  PID:9632
- C:\Windows\System\zXQStzb.exe
  C:\Windows\System\zXQStzb.exe
  2⤵
  PID:9660
- C:\Windows\System\tTwMukT.exe
  C:\Windows\System\tTwMukT.exe
  2⤵
  PID:9688
- C:\Windows\System\cTlzdIt.exe
  C:\Windows\System\cTlzdIt.exe
  2⤵
  PID:9724
- C:\Windows\System\YksiZFR.exe
  C:\Windows\System\YksiZFR.exe
  2⤵
  PID:9748
- C:\Windows\System\TrrTgQV.exe
  C:\Windows\System\TrrTgQV.exe
  2⤵
  PID:9780
- C:\Windows\System\fTIDEOA.exe
  C:\Windows\System\fTIDEOA.exe
  2⤵
  PID:9804
- C:\Windows\System\eyhdTjg.exe
  C:\Windows\System\eyhdTjg.exe
  2⤵
  PID:9824
- C:\Windows\System\sXCuiGJ.exe
  C:\Windows\System\sXCuiGJ.exe
  2⤵
  PID:9856
- C:\Windows\System\jolWjYh.exe
  C:\Windows\System\jolWjYh.exe
  2⤵
  PID:9888
- C:\Windows\System\HDIPmNA.exe
  C:\Windows\System\HDIPmNA.exe
  2⤵
  PID:9928
- C:\Windows\System\qeqSyvg.exe
  C:\Windows\System\qeqSyvg.exe
  2⤵
  PID:9956
- C:\Windows\System\koLLJMP.exe
  C:\Windows\System\koLLJMP.exe
  2⤵
  PID:9984
- C:\Windows\System\LYbkkYJ.exe
  C:\Windows\System\LYbkkYJ.exe
  2⤵
  PID:10012
- C:\Windows\System\eJxKFxX.exe
  C:\Windows\System\eJxKFxX.exe
  2⤵
  PID:10040
- C:\Windows\System\lHQaqWl.exe
  C:\Windows\System\lHQaqWl.exe
  2⤵
  PID:10080
- C:\Windows\System\LlSNHtq.exe
  C:\Windows\System\LlSNHtq.exe
  2⤵
  PID:10096
- C:\Windows\System\lytNdqd.exe
  C:\Windows\System\lytNdqd.exe
  2⤵
  PID:10124
- C:\Windows\System\KZiEAXu.exe
  C:\Windows\System\KZiEAXu.exe
  2⤵
  PID:10152
- C:\Windows\System\eJKvDlm.exe
  C:\Windows\System\eJKvDlm.exe
  2⤵
  PID:10180
- C:\Windows\System\odIwgGp.exe
  C:\Windows\System\odIwgGp.exe
  2⤵
  PID:10208
- C:\Windows\System\artvsVw.exe
  C:\Windows\System\artvsVw.exe
  2⤵
  PID:10236
- C:\Windows\System\KrDghgs.exe
  C:\Windows\System\KrDghgs.exe
  2⤵
  PID:9272
- C:\Windows\System\aLIJibq.exe
  C:\Windows\System\aLIJibq.exe
  2⤵
  PID:9316
- C:\Windows\System\pGaFloL.exe
  C:\Windows\System\pGaFloL.exe
  2⤵
  PID:9376
- C:\Windows\System\LMycbBE.exe
  C:\Windows\System\LMycbBE.exe
  2⤵
  PID:9448
- C:\Windows\System\xTquIkm.exe
  C:\Windows\System\xTquIkm.exe
  2⤵
  PID:9512
- C:\Windows\System\SDkCmsD.exe
  C:\Windows\System\SDkCmsD.exe
  2⤵
  PID:5300
- C:\Windows\System\LDwrkld.exe
  C:\Windows\System\LDwrkld.exe
  2⤵
  PID:9616
- C:\Windows\System\KtXIahR.exe
  C:\Windows\System\KtXIahR.exe
  2⤵
  PID:9680
- C:\Windows\System\fbwqUuM.exe
  C:\Windows\System\fbwqUuM.exe
  2⤵
  PID:9732
- C:\Windows\System\QPfZWSq.exe
  C:\Windows\System\QPfZWSq.exe
  2⤵
  PID:3688
- C:\Windows\System\CnDbPYm.exe
  C:\Windows\System\CnDbPYm.exe
  2⤵
  PID:9832
- C:\Windows\System\RbjTHqa.exe
  C:\Windows\System\RbjTHqa.exe
  2⤵
  PID:3564
- C:\Windows\System\ioZUXNb.exe
  C:\Windows\System\ioZUXNb.exe
  2⤵
  PID:9912
- C:\Windows\System\qPDAIBM.exe
  C:\Windows\System\qPDAIBM.exe
  2⤵
  PID:9976
- C:\Windows\System\atcwXCe.exe
  C:\Windows\System\atcwXCe.exe
  2⤵
  PID:10036
- C:\Windows\System\clYxeuZ.exe
  C:\Windows\System\clYxeuZ.exe
  2⤵
  PID:10116
- C:\Windows\System\yWqjZjA.exe
  C:\Windows\System\yWqjZjA.exe
  2⤵
  PID:10176
- C:\Windows\System\eaACWdX.exe
  C:\Windows\System\eaACWdX.exe
  2⤵
  PID:9228
- C:\Windows\System\PxDvixJ.exe
  C:\Windows\System\PxDvixJ.exe
  2⤵
  PID:9364
- C:\Windows\System\XxByFzy.exe
  C:\Windows\System\XxByFzy.exe
  2⤵
  PID:9504
- C:\Windows\System\PFoyEZb.exe
  C:\Windows\System\PFoyEZb.exe
  2⤵
  PID:9644
- C:\Windows\System\urSfNmM.exe
  C:\Windows\System\urSfNmM.exe
  2⤵
  PID:9744
- C:\Windows\System\XaanPcD.exe
  C:\Windows\System\XaanPcD.exe
  2⤵
  PID:3264
- C:\Windows\System\tXPsbHm.exe
  C:\Windows\System\tXPsbHm.exe
  2⤵
  PID:9968
- C:\Windows\System\ycRpUXL.exe
  C:\Windows\System\ycRpUXL.exe
  2⤵
  PID:10144
- C:\Windows\System\bImupfe.exe
  C:\Windows\System\bImupfe.exe
  2⤵
  PID:9344
- C:\Windows\System\yZFDRJW.exe
  C:\Windows\System\yZFDRJW.exe
  2⤵
  PID:9600
- C:\Windows\System\SYCWLDC.exe
  C:\Windows\System\SYCWLDC.exe
  2⤵
  PID:9284
- C:\Windows\System\KtxHKNc.exe
  C:\Windows\System\KtxHKNc.exe
  2⤵
  PID:10232
- C:\Windows\System\KZnETcu.exe
  C:\Windows\System\KZnETcu.exe
  2⤵
  PID:9864
- C:\Windows\System\tuZhrvb.exe
  C:\Windows\System\tuZhrvb.exe
  2⤵
  PID:10108
- C:\Windows\System\xicjRZi.exe
  C:\Windows\System\xicjRZi.exe
  2⤵
  PID:10268
- C:\Windows\System\sVFZLlZ.exe
  C:\Windows\System\sVFZLlZ.exe
  2⤵
  PID:10300
- C:\Windows\System\MhTPkXw.exe
  C:\Windows\System\MhTPkXw.exe
  2⤵
  PID:10328
- C:\Windows\System\BfsCLbQ.exe
  C:\Windows\System\BfsCLbQ.exe
  2⤵
  PID:10356
- C:\Windows\System\jfemoDd.exe
  C:\Windows\System\jfemoDd.exe
  2⤵
  PID:10416
- C:\Windows\System\tHlJKwx.exe
  C:\Windows\System\tHlJKwx.exe
  2⤵
  PID:10484
- C:\Windows\System\KMhRXTj.exe
  C:\Windows\System\KMhRXTj.exe
  2⤵
  PID:10528
- C:\Windows\System\xDgWbdn.exe
  C:\Windows\System\xDgWbdn.exe
  2⤵
  PID:10556
- C:\Windows\System\qbmZxlt.exe
  C:\Windows\System\qbmZxlt.exe
  2⤵
  PID:10584
- C:\Windows\System\YBOEHZH.exe
  C:\Windows\System\YBOEHZH.exe
  2⤵
  PID:10612
- C:\Windows\System\mLLJELa.exe
  C:\Windows\System\mLLJELa.exe
  2⤵
  PID:10640
- C:\Windows\System\ttjijEG.exe
  C:\Windows\System\ttjijEG.exe
  2⤵
  PID:10672
- C:\Windows\System\xDdmHzF.exe
  C:\Windows\System\xDdmHzF.exe
  2⤵
  PID:10700
- C:\Windows\System\cvUTxmC.exe
  C:\Windows\System\cvUTxmC.exe
  2⤵
  PID:10732
- C:\Windows\System\MriicJi.exe
  C:\Windows\System\MriicJi.exe
  2⤵
  PID:10768
- C:\Windows\System\WZDCwMf.exe
  C:\Windows\System\WZDCwMf.exe
  2⤵
  PID:10796
- C:\Windows\System\xamNopZ.exe
  C:\Windows\System\xamNopZ.exe
  2⤵
  PID:10824
- C:\Windows\System\uVrgsHj.exe
  C:\Windows\System\uVrgsHj.exe
  2⤵
  PID:10852
- C:\Windows\System\wPypmjI.exe
  C:\Windows\System\wPypmjI.exe
  2⤵
  PID:10880
- C:\Windows\System\PqvaMAp.exe
  C:\Windows\System\PqvaMAp.exe
  2⤵
  PID:10908
- C:\Windows\System\xmGLhck.exe
  C:\Windows\System\xmGLhck.exe
  2⤵
  PID:10944
- C:\Windows\System\qXAnvVI.exe
  C:\Windows\System\qXAnvVI.exe
  2⤵
  PID:10976
- C:\Windows\System\yrOiztg.exe
  C:\Windows\System\yrOiztg.exe
  2⤵
  PID:11004
- C:\Windows\System\BpipZUg.exe
  C:\Windows\System\BpipZUg.exe
  2⤵
  PID:11032
- C:\Windows\System\LRJwefl.exe
  C:\Windows\System\LRJwefl.exe
  2⤵
  PID:11060
- C:\Windows\System\lSqRjeZ.exe
  C:\Windows\System\lSqRjeZ.exe
  2⤵
  PID:11092
- C:\Windows\System\lFHMojw.exe
  C:\Windows\System\lFHMojw.exe
  2⤵
  PID:11116
- C:\Windows\System\lKNvqHv.exe
  C:\Windows\System\lKNvqHv.exe
  2⤵
  PID:11144
- C:\Windows\System\CbHRBIY.exe
  C:\Windows\System\CbHRBIY.exe
  2⤵
  PID:11160
- C:\Windows\System\BCjfTtK.exe
  C:\Windows\System\BCjfTtK.exe
  2⤵
  PID:11176
- C:\Windows\System\BDzuaGM.exe
  C:\Windows\System\BDzuaGM.exe
  2⤵
  PID:11200
- C:\Windows\System\SgsBrtA.exe
  C:\Windows\System\SgsBrtA.exe
  2⤵
  PID:11228
- C:\Windows\System\NmdsMfa.exe
  C:\Windows\System\NmdsMfa.exe
  2⤵
  PID:10252
- C:\Windows\System\diThVjy.exe
  C:\Windows\System\diThVjy.exe
  2⤵
  PID:10340
- C:\Windows\System\gqyytqr.exe
  C:\Windows\System\gqyytqr.exe
  2⤵
  PID:10428
- C:\Windows\System\EoYcyQH.exe
  C:\Windows\System\EoYcyQH.exe
  2⤵
  PID:10552
- C:\Windows\System\IsETaEI.exe
  C:\Windows\System\IsETaEI.exe
  2⤵
  PID:10608
- C:\Windows\System\WaWThGL.exe
  C:\Windows\System\WaWThGL.exe
  2⤵
  PID:10636
- C:\Windows\System\QVEgdWi.exe
  C:\Windows\System\QVEgdWi.exe
  2⤵
  PID:10836
- C:\Windows\System\YaEQleE.exe
  C:\Windows\System\YaEQleE.exe
  2⤵
  PID:10892
- C:\Windows\System\ffMgKUM.exe
  C:\Windows\System\ffMgKUM.exe
  2⤵
  PID:10960
- C:\Windows\System\IeJjNIu.exe
  C:\Windows\System\IeJjNIu.exe
  2⤵
  PID:11016
- C:\Windows\System\RWKUDuB.exe
  C:\Windows\System\RWKUDuB.exe
  2⤵
  PID:11076
- C:\Windows\System\JYIyMTN.exe
  C:\Windows\System\JYIyMTN.exe
  2⤵
  PID:11104
- C:\Windows\System\XFitMps.exe
  C:\Windows\System\XFitMps.exe
  2⤵
  PID:11220
- C:\Windows\System\vkYPsYD.exe
  C:\Windows\System\vkYPsYD.exe
  2⤵
  PID:9712
- C:\Windows\System\yrHcISl.exe
  C:\Windows\System\yrHcISl.exe
  2⤵
  PID:10524
- C:\Windows\System\CyrUseQ.exe
  C:\Windows\System\CyrUseQ.exe
  2⤵
  PID:10576
- C:\Windows\System\xeUZNhD.exe
  C:\Windows\System\xeUZNhD.exe
  2⤵
  PID:10764
- C:\Windows\System\DlpKkiB.exe
  C:\Windows\System\DlpKkiB.exe
  2⤵
  PID:10988
- C:\Windows\System\WPFSvlY.exe
  C:\Windows\System\WPFSvlY.exe
  2⤵
  PID:11108
- C:\Windows\System\urzXVMk.exe
  C:\Windows\System\urzXVMk.exe
  2⤵
  PID:10580
- C:\Windows\System\OYugpLq.exe
  C:\Windows\System\OYugpLq.exe
  2⤵
  PID:10964
- C:\Windows\System\xmiFWsy.exe
  C:\Windows\System\xmiFWsy.exe
  2⤵
  PID:2648
- C:\Windows\System\IhGlZed.exe
  C:\Windows\System\IhGlZed.exe
  2⤵
  PID:11268
- C:\Windows\System\jKawrcq.exe
  C:\Windows\System\jKawrcq.exe
  2⤵
  PID:11300
- C:\Windows\System\dvFzfqJ.exe
  C:\Windows\System\dvFzfqJ.exe
  2⤵
  PID:11328
- C:\Windows\System\wUosSzs.exe
  C:\Windows\System\wUosSzs.exe
  2⤵
  PID:11356
- C:\Windows\System\eEebXjf.exe
  C:\Windows\System\eEebXjf.exe
  2⤵
  PID:11384
- C:\Windows\System\XzdrgVt.exe
  C:\Windows\System\XzdrgVt.exe
  2⤵
  PID:11420
- C:\Windows\System\iacpsgI.exe
  C:\Windows\System\iacpsgI.exe
  2⤵
  PID:11448
- C:\Windows\System\iqNMgQF.exe
  C:\Windows\System\iqNMgQF.exe
  2⤵
  PID:11476
- C:\Windows\System\BLTuPNL.exe
  C:\Windows\System\BLTuPNL.exe
  2⤵
  PID:11504
- C:\Windows\System\wIxrpPb.exe
  C:\Windows\System\wIxrpPb.exe
  2⤵
  PID:11532
- C:\Windows\System\iKhGZpx.exe
  C:\Windows\System\iKhGZpx.exe
  2⤵
  PID:11560
- C:\Windows\System\ycSvrCc.exe
  C:\Windows\System\ycSvrCc.exe
  2⤵
  PID:11588
- C:\Windows\System\nTpplHb.exe
  C:\Windows\System\nTpplHb.exe
  2⤵
  PID:11616
- C:\Windows\System\rspVCjw.exe
  C:\Windows\System\rspVCjw.exe
  2⤵
  PID:11644
- C:\Windows\System\mnspdTu.exe
  C:\Windows\System\mnspdTu.exe
  2⤵
  PID:11676
- C:\Windows\System\uByUfBg.exe
  C:\Windows\System\uByUfBg.exe
  2⤵
  PID:11704
- C:\Windows\System\ePZRhLN.exe
  C:\Windows\System\ePZRhLN.exe
  2⤵
  PID:11736
- C:\Windows\System\mBmZJdt.exe
  C:\Windows\System\mBmZJdt.exe
  2⤵
  PID:11768
- C:\Windows\System\rECdiHr.exe
  C:\Windows\System\rECdiHr.exe
  2⤵
  PID:11796
- C:\Windows\System\vgGRVrt.exe
  C:\Windows\System\vgGRVrt.exe
  2⤵
  PID:11828
- C:\Windows\System\TDvmhSv.exe
  C:\Windows\System\TDvmhSv.exe
  2⤵
  PID:11856
- C:\Windows\System\uDQeKGv.exe
  C:\Windows\System\uDQeKGv.exe
  2⤵
  PID:11888
- C:\Windows\System\mDmAYIB.exe
  C:\Windows\System\mDmAYIB.exe
  2⤵
  PID:11916
- C:\Windows\System\CDnedTr.exe
  C:\Windows\System\CDnedTr.exe
  2⤵
  PID:11948
- C:\Windows\System\dFFhxdP.exe
  C:\Windows\System\dFFhxdP.exe
  2⤵
  PID:11976
- C:\Windows\System\bWavwmW.exe
  C:\Windows\System\bWavwmW.exe
  2⤵
  PID:12004
- C:\Windows\System\xgrqCRl.exe
  C:\Windows\System\xgrqCRl.exe
  2⤵
  PID:12032
- C:\Windows\System\CmnAyYG.exe
  C:\Windows\System\CmnAyYG.exe
  2⤵
  PID:12060
- C:\Windows\System\EFjxhsO.exe
  C:\Windows\System\EFjxhsO.exe
  2⤵
  PID:12088
- C:\Windows\System\jviRVHj.exe
  C:\Windows\System\jviRVHj.exe
  2⤵
  PID:12116
- C:\Windows\System\dJqxpxc.exe
  C:\Windows\System\dJqxpxc.exe
  2⤵
  PID:12148
- C:\Windows\System\EfsUimh.exe
  C:\Windows\System\EfsUimh.exe
  2⤵
  PID:12180
- C:\Windows\System\ehXamTL.exe
  C:\Windows\System\ehXamTL.exe
  2⤵
  PID:12212
- C:\Windows\System\BzDkJHm.exe
  C:\Windows\System\BzDkJHm.exe
  2⤵
  PID:12244
- C:\Windows\System\LopWIHk.exe
  C:\Windows\System\LopWIHk.exe
  2⤵
  PID:12272
- C:\Windows\System\kVkTnWm.exe
  C:\Windows\System\kVkTnWm.exe
  2⤵
  PID:11296
- C:\Windows\System\ynikHaM.exe
  C:\Windows\System\ynikHaM.exe
  2⤵
  PID:11368
- C:\Windows\System\MKqlwlY.exe
  C:\Windows\System\MKqlwlY.exe
  2⤵
  PID:11440
- C:\Windows\System\SzDLPct.exe
  C:\Windows\System\SzDLPct.exe
  2⤵
  PID:11496
- C:\Windows\System\WTDsfdk.exe
  C:\Windows\System\WTDsfdk.exe
  2⤵
  PID:1900
- C:\Windows\System\sEbnGnm.exe
  C:\Windows\System\sEbnGnm.exe
  2⤵
  PID:11572
- C:\Windows\System\HGgbTqY.exe
  C:\Windows\System\HGgbTqY.exe
  2⤵
  PID:11636
- C:\Windows\System\szERnez.exe
  C:\Windows\System\szERnez.exe
  2⤵
  PID:11696
- C:\Windows\System\pmBkkiT.exe
  C:\Windows\System\pmBkkiT.exe
  2⤵
  PID:11792
- C:\Windows\System\QsYspjy.exe
  C:\Windows\System\QsYspjy.exe
  2⤵
  PID:11972
- C:\Windows\System\HDrGXTf.exe
  C:\Windows\System\HDrGXTf.exe
  2⤵
  PID:12052
- C:\Windows\System\QEGyBCO.exe
  C:\Windows\System\QEGyBCO.exe
  2⤵
  PID:12100
- C:\Windows\System\uOGYPKF.exe
  C:\Windows\System\uOGYPKF.exe
  2⤵
  PID:12140
- C:\Windows\System\ilYOLoq.exe
  C:\Windows\System\ilYOLoq.exe
  2⤵
  PID:12204
- C:\Windows\System\pyIRXxx.exe
  C:\Windows\System\pyIRXxx.exe
  2⤵
  PID:12284
- C:\Windows\System\sCjcpaO.exe
  C:\Windows\System\sCjcpaO.exe
  2⤵
  PID:11556
- C:\Windows\System\nbLosVo.exe
  C:\Windows\System\nbLosVo.exe
  2⤵
  PID:64
- C:\Windows\System\eAEAVwZ.exe
  C:\Windows\System\eAEAVwZ.exe
  2⤵
  PID:3888
- C:\Windows\System\suXDbPo.exe
  C:\Windows\System\suXDbPo.exe
  2⤵
  PID:12080
- C:\Windows\System\jQJhDtH.exe
  C:\Windows\System\jQJhDtH.exe
  2⤵
  PID:11320
- C:\Windows\System\GAXHDip.exe
  C:\Windows\System\GAXHDip.exe
  2⤵
  PID:1396
- C:\Windows\System\PIIuayi.exe
  C:\Windows\System\PIIuayi.exe
  2⤵
  PID:4840
- C:\Windows\System\szpmuQc.exe
  C:\Windows\System\szpmuQc.exe
  2⤵
  PID:12256
- C:\Windows\System\PMqHPvs.exe
  C:\Windows\System\PMqHPvs.exe
  2⤵
  PID:12024
- C:\Windows\System\BfGzqBG.exe
  C:\Windows\System\BfGzqBG.exe
  2⤵
  PID:11996
- C:\Windows\System\EpSbdrK.exe
  C:\Windows\System\EpSbdrK.exe
  2⤵
  PID:12296
- C:\Windows\System\qIVFvWb.exe
  C:\Windows\System\qIVFvWb.exe
  2⤵
  PID:12328
- C:\Windows\System\fvGvTiH.exe
  C:\Windows\System\fvGvTiH.exe
  2⤵
  PID:12360
- C:\Windows\System\mgnRJhm.exe
  C:\Windows\System\mgnRJhm.exe
  2⤵
  PID:12388
- C:\Windows\System\HowuvqL.exe
  C:\Windows\System\HowuvqL.exe
  2⤵
  PID:12420
- C:\Windows\System\GhSWARM.exe
  C:\Windows\System\GhSWARM.exe
  2⤵
  PID:12472
- C:\Windows\System\FJcNBqU.exe
  C:\Windows\System\FJcNBqU.exe
  2⤵
  PID:12504
- C:\Windows\System\wuRqcvB.exe
  C:\Windows\System\wuRqcvB.exe
  2⤵
  PID:12532
- C:\Windows\System\zoXRqRO.exe
  C:\Windows\System\zoXRqRO.exe
  2⤵
  PID:12568
- C:\Windows\System\hHzKJdM.exe
  C:\Windows\System\hHzKJdM.exe
  2⤵
  PID:12608
- C:\Windows\System\hlbtJjP.exe
  C:\Windows\System\hlbtJjP.exe
  2⤵
  PID:12652
- C:\Windows\System\YPcdStM.exe
  C:\Windows\System\YPcdStM.exe
  2⤵
  PID:12680
- C:\Windows\System\dTSzpeR.exe
  C:\Windows\System\dTSzpeR.exe
  2⤵
  PID:12712
- C:\Windows\System\COcSbVk.exe
  C:\Windows\System\COcSbVk.exe
  2⤵
  PID:12740
- C:\Windows\System\sEARTiY.exe
  C:\Windows\System\sEARTiY.exe
  2⤵
  PID:12768
- C:\Windows\System\oaEIZfa.exe
  C:\Windows\System\oaEIZfa.exe
  2⤵
  PID:12816
- C:\Windows\System\givXjpP.exe
  C:\Windows\System\givXjpP.exe
  2⤵
  PID:12844
- C:\Windows\System\SKruQez.exe
  C:\Windows\System\SKruQez.exe
  2⤵
  PID:12872
- C:\Windows\System\jMlFDRs.exe
  C:\Windows\System\jMlFDRs.exe
  2⤵
  PID:12900
- C:\Windows\System\lCwgNgV.exe
  C:\Windows\System\lCwgNgV.exe
  2⤵
  PID:12940
- C:\Windows\System\rQyPebC.exe
  C:\Windows\System\rQyPebC.exe
  2⤵
  PID:12960
- C:\Windows\System\ZiQFzPt.exe
  C:\Windows\System\ZiQFzPt.exe
  2⤵
  PID:12988
- C:\Windows\System\QGPwbWh.exe
  C:\Windows\System\QGPwbWh.exe
  2⤵
  PID:13016
- C:\Windows\System\lsoWOYr.exe
  C:\Windows\System\lsoWOYr.exe
  2⤵
  PID:13044
- C:\Windows\System\mMoAITS.exe
  C:\Windows\System\mMoAITS.exe
  2⤵
  PID:13084
- C:\Windows\System\TGEBYcg.exe
  C:\Windows\System\TGEBYcg.exe
  2⤵
  PID:13112
- C:\Windows\System\ibiyvMH.exe
  C:\Windows\System\ibiyvMH.exe
  2⤵
  PID:13140
- C:\Windows\System\OvRLaVB.exe
  C:\Windows\System\OvRLaVB.exe
  2⤵
  PID:13168
- C:\Windows\System\eqlzttP.exe
  C:\Windows\System\eqlzttP.exe
  2⤵
  PID:13196
- C:\Windows\System\zswRElf.exe
  C:\Windows\System\zswRElf.exe
  2⤵
  PID:13224
- C:\Windows\System\wopPPOA.exe
  C:\Windows\System\wopPPOA.exe
  2⤵
  PID:13252
- C:\Windows\System\qVETUNp.exe
  C:\Windows\System\qVETUNp.exe
  2⤵
  PID:13284
- C:\Windows\System\wrLPtzt.exe
  C:\Windows\System\wrLPtzt.exe
  2⤵
  PID:12292
- C:\Windows\System\UKDfQqO.exe
  C:\Windows\System\UKDfQqO.exe
  2⤵
  PID:3380
- C:\Windows\System\cxaktla.exe
  C:\Windows\System\cxaktla.exe
  2⤵
  PID:12380
- C:\Windows\System\AqHDhKt.exe
  C:\Windows\System\AqHDhKt.exe
  2⤵
  PID:12456
- C:\Windows\System\naSUcOX.exe
  C:\Windows\System\naSUcOX.exe
  2⤵
  PID:12500
- C:\Windows\System\LtVwnYH.exe
  C:\Windows\System\LtVwnYH.exe
  2⤵
  PID:12596
- C:\Windows\System\EOfcgeq.exe
  C:\Windows\System\EOfcgeq.exe
  2⤵
  PID:12692
- C:\Windows\System\suYwFbv.exe
  C:\Windows\System\suYwFbv.exe
  2⤵
  PID:12764
- C:\Windows\System\rWkYiQh.exe
  C:\Windows\System\rWkYiQh.exe
  2⤵
  PID:12840
- C:\Windows\System\YLlBReB.exe
  C:\Windows\System\YLlBReB.exe
  2⤵
  PID:10792
- C:\Windows\System\QTDlkqb.exe
  C:\Windows\System\QTDlkqb.exe
  2⤵
  PID:10444
- C:\Windows\System\aoWOAYE.exe
  C:\Windows\System\aoWOAYE.exe
  2⤵
  PID:10752
- C:\Windows\System\YDsUChr.exe
  C:\Windows\System\YDsUChr.exe
  2⤵
  PID:10820
- C:\Windows\System\qtLjcoK.exe
  C:\Windows\System\qtLjcoK.exe
  2⤵
  PID:11936
- C:\Windows\System\kagRpBk.exe
  C:\Windows\System\kagRpBk.exe
  2⤵
  PID:12208
- C:\Windows\System\yscLiqD.exe
  C:\Windows\System\yscLiqD.exe
  2⤵
  PID:12956
- C:\Windows\System\LPKnhKf.exe
  C:\Windows\System\LPKnhKf.exe
  2⤵
  PID:13028
- C:\Windows\System\aNgrqfW.exe
  C:\Windows\System\aNgrqfW.exe
  2⤵
  PID:13104
- C:\Windows\System\qZfvNhx.exe
  C:\Windows\System\qZfvNhx.exe
  2⤵
  PID:13164
- C:\Windows\System\VmJvBId.exe
  C:\Windows\System\VmJvBId.exe
  2⤵
  PID:13220
- C:\Windows\System\dIPKXqV.exe
  C:\Windows\System\dIPKXqV.exe
  2⤵
  PID:13264
- C:\Windows\System\jCrIJnw.exe
  C:\Windows\System\jCrIJnw.exe
  2⤵
  PID:12352
- C:\Windows\System\WkPOTVA.exe
  C:\Windows\System\WkPOTVA.exe
  2⤵
  PID:3820
- C:\Windows\System\CPzQDnK.exe
  C:\Windows\System\CPzQDnK.exe
  2⤵
  PID:12564
- C:\Windows\System\xiOUQsP.exe
  C:\Windows\System\xiOUQsP.exe
  2⤵
  PID:12836
- C:\Windows\System\YLDTkjr.exe
  C:\Windows\System\YLDTkjr.exe
  2⤵
  PID:10516
- C:\Windows\System\GWviOQP.exe
  C:\Windows\System\GWviOQP.exe
  2⤵
  PID:5280
- C:\Windows\System\fYiQWGQ.exe
  C:\Windows\System\fYiQWGQ.exe
  2⤵
  PID:12952
- C:\Windows\System\kPMgfyu.exe
  C:\Windows\System\kPMgfyu.exe
  2⤵
  PID:13132
- C:\Windows\System\JpLwFIi.exe
  C:\Windows\System\JpLwFIi.exe
  2⤵
  PID:13248
- C:\Windows\System\ltdxrSZ.exe
  C:\Windows\System\ltdxrSZ.exe
  2⤵
  PID:12496
- C:\Windows\System\IvxIPwn.exe
  C:\Windows\System\IvxIPwn.exe
  2⤵
  PID:12896
- C:\Windows\System\cOvWbQT.exe
  C:\Windows\System\cOvWbQT.exe
  2⤵
  PID:10816
- C:\Windows\System\ryQnQBR.exe
  C:\Windows\System\ryQnQBR.exe
  2⤵
  PID:13216
- C:\Windows\System\rOSOBvy.exe
  C:\Windows\System\rOSOBvy.exe
  2⤵
  PID:12348
- C:\Windows\System\BykyczB.exe
  C:\Windows\System\BykyczB.exe
  2⤵
  PID:12804
- C:\Windows\System\yuMCcSD.exe
  C:\Windows\System\yuMCcSD.exe
  2⤵
  PID:13320
- C:\Windows\System\UVVxlBf.exe
  C:\Windows\System\UVVxlBf.exe
  2⤵
  PID:13348
- C:\Windows\System\aecTntT.exe
  C:\Windows\System\aecTntT.exe
  2⤵
  PID:13376
- C:\Windows\System\weMiYgW.exe
  C:\Windows\System\weMiYgW.exe
  2⤵
  PID:13404
- C:\Windows\System\alnRGKW.exe
  C:\Windows\System\alnRGKW.exe
  2⤵
  PID:13432
- C:\Windows\System\rZDottO.exe
  C:\Windows\System\rZDottO.exe
  2⤵
  PID:13464
- C:\Windows\System\fzJbHpZ.exe
  C:\Windows\System\fzJbHpZ.exe
  2⤵
  PID:13496
- C:\Windows\System\OQMjhRg.exe
  C:\Windows\System\OQMjhRg.exe
  2⤵
  PID:13524
- C:\Windows\System\mVxbNki.exe
  C:\Windows\System\mVxbNki.exe
  2⤵
  PID:13544
- C:\Windows\System\LVHKmVb.exe
  C:\Windows\System\LVHKmVb.exe
  2⤵
  PID:13572
- C:\Windows\System\KhZScvv.exe
  C:\Windows\System\KhZScvv.exe
  2⤵
  PID:13600
- C:\Windows\System\PVYpahx.exe
  C:\Windows\System\PVYpahx.exe
  2⤵
  PID:13616
- C:\Windows\System\Rwwfupd.exe
  C:\Windows\System\Rwwfupd.exe
  2⤵
  PID:13652
- C:\Windows\System\arDzYua.exe
  C:\Windows\System\arDzYua.exe
  2⤵
  PID:13684
- C:\Windows\System\DcSOtaQ.exe
  C:\Windows\System\DcSOtaQ.exe
  2⤵
  PID:13704
- C:\Windows\System\Dwllfhk.exe
  C:\Windows\System\Dwllfhk.exe
  2⤵
  PID:13724
- C:\Windows\System\UQyduIC.exe
  C:\Windows\System\UQyduIC.exe
  2⤵
  PID:13768
- C:\Windows\System\PMpiWwS.exe
  C:\Windows\System\PMpiWwS.exe
  2⤵
  PID:13792
- C:\Windows\System\nneiGQO.exe
  C:\Windows\System\nneiGQO.exe
  2⤵
  PID:13872
- C:\Windows\System\pPqxuup.exe
  C:\Windows\System\pPqxuup.exe
  2⤵
  PID:13904
- C:\Windows\System\RgMoWKf.exe
  C:\Windows\System\RgMoWKf.exe
  2⤵
  PID:13932
- C:\Windows\System\ZwMudWY.exe
  C:\Windows\System\ZwMudWY.exe
  2⤵
  PID:13968
- C:\Windows\System\gMSxiiH.exe
  C:\Windows\System\gMSxiiH.exe
  2⤵
  PID:13996
- C:\Windows\System\FLotXyF.exe
  C:\Windows\System\FLotXyF.exe
  2⤵
  PID:14024
- C:\Windows\System\fskkPKj.exe
  C:\Windows\System\fskkPKj.exe
  2⤵
  PID:14052
- C:\Windows\System\ZpycJel.exe
  C:\Windows\System\ZpycJel.exe
  2⤵
  PID:14080
- C:\Windows\System\RJpeKLb.exe
  C:\Windows\System\RJpeKLb.exe
  2⤵
  PID:14120
- C:\Windows\System\PKYdbaj.exe
  C:\Windows\System\PKYdbaj.exe
  2⤵
  PID:14148
- C:\Windows\System\lsQWyNy.exe
  C:\Windows\System\lsQWyNy.exe
  2⤵
  PID:14188
- C:\Windows\System\JHRhKRw.exe
  C:\Windows\System\JHRhKRw.exe
  2⤵
  PID:14224
- C:\Windows\System\pkeBNLe.exe
  C:\Windows\System\pkeBNLe.exe
  2⤵
  PID:14252
- C:\Windows\System\nGSaQwK.exe
  C:\Windows\System\nGSaQwK.exe
  2⤵
  PID:14300
- C:\Windows\System\EJPOkkN.exe
  C:\Windows\System\EJPOkkN.exe
  2⤵
  PID:13316
- C:\Windows\System\oziCkyE.exe
  C:\Windows\System\oziCkyE.exe
  2⤵
  PID:13396
- C:\Windows\System\hFnpiid.exe
  C:\Windows\System\hFnpiid.exe
  2⤵
  PID:1796
- C:\Windows\System\JZtkLfP.exe
  C:\Windows\System\JZtkLfP.exe
  2⤵
  PID:4212
- C:\Windows\System\WkaemTc.exe
  C:\Windows\System\WkaemTc.exe
  2⤵
  PID:13540
- C:\Windows\System\IapBNpt.exe
  C:\Windows\System\IapBNpt.exe
  2⤵
  PID:13668
- C:\Windows\System\tUTdnLL.exe
  C:\Windows\System\tUTdnLL.exe
  2⤵
  PID:13644
- C:\Windows\System\cFxpFUZ.exe
  C:\Windows\System\cFxpFUZ.exe
  2⤵
  PID:13712
- C:\Windows\System\hcuMweA.exe
  C:\Windows\System\hcuMweA.exe
  2⤵
  PID:13808
- C:\Windows\System\svBTdtO.exe
  C:\Windows\System\svBTdtO.exe
  2⤵
  PID:13624
- C:\Windows\System\VURkdEt.exe
  C:\Windows\System\VURkdEt.exe
  2⤵
  PID:4416
- C:\Windows\System\zNlhWxz.exe
  C:\Windows\System\zNlhWxz.exe
  2⤵
  PID:1832
- C:\Windows\System\piLfiuG.exe
  C:\Windows\System\piLfiuG.exe
  2⤵
  PID:12460
- C:\Windows\System\GdrvXXF.exe
  C:\Windows\System\GdrvXXF.exe
  2⤵
  PID:12624
- C:\Windows\System\fpvkuLe.exe
  C:\Windows\System\fpvkuLe.exe
  2⤵
  PID:13072
- C:\Windows\System\jiYzbom.exe
  C:\Windows\System\jiYzbom.exe
  2⤵
  PID:12800
- C:\Windows\System\NkjNmYr.exe
  C:\Windows\System\NkjNmYr.exe
  2⤵
  PID:13928
- C:\Windows\System\RVmAUqY.exe
  C:\Windows\System\RVmAUqY.exe
  2⤵
  PID:12436
- C:\Windows\System\ZEVEnMl.exe
  C:\Windows\System\ZEVEnMl.exe
  2⤵
  PID:14048
- C:\Windows\System\lURIEJT.exe
  C:\Windows\System\lURIEJT.exe
  2⤵
  PID:14132
- C:\Windows\System\yFsvXOb.exe
  C:\Windows\System\yFsvXOb.exe
  2⤵
  PID:14216
- C:\Windows\System\gGQLcMB.exe
  C:\Windows\System\gGQLcMB.exe
  2⤵
  PID:14296
- C:\Windows\System\IdlcJVi.exe
  C:\Windows\System\IdlcJVi.exe
  2⤵
  PID:13424
- C:\Windows\System\fUgHpsx.exe
  C:\Windows\System\fUgHpsx.exe
  2⤵
  PID:3212
- C:\Windows\System\ShVsbfm.exe
  C:\Windows\System\ShVsbfm.exe
  2⤵
  PID:13632
- C:\Windows\System\BqwIort.exe
  C:\Windows\System\BqwIort.exe
  2⤵
  PID:14280
- C:\Windows\System\wweOWlJ.exe
  C:\Windows\System\wweOWlJ.exe
  2⤵
  PID:13788
- C:\Windows\System\IxZIuUj.exe
  C:\Windows\System\IxZIuUj.exe
  2⤵
  PID:4268
- C:\Windows\System\zcHtWuV.exe
  C:\Windows\System\zcHtWuV.exe
  2⤵
  PID:12948
- C:\Windows\System\MiRIvcq.exe
  C:\Windows\System\MiRIvcq.exe
  2⤵
  PID:12812
- C:\Windows\System\GZuTgGW.exe
  C:\Windows\System\GZuTgGW.exe
  2⤵
  PID:13992
- C:\Windows\System\gMpgkMM.exe
  C:\Windows\System\gMpgkMM.exe
  2⤵
  PID:14112
- C:\Windows\System\WWahMys.exe
  C:\Windows\System\WWahMys.exe
  2⤵
  PID:13244
- C:\Windows\System\ApfJUvf.exe
  C:\Windows\System\ApfJUvf.exe
  2⤵
  PID:12480
- C:\Windows\System\YATjfFB.exe
  C:\Windows\System\YATjfFB.exe
  2⤵
  PID:13592
- C:\Windows\System\NQgGaxO.exe
  C:\Windows\System\NQgGaxO.exe
  2⤵
  PID:12592
- C:\Windows\System\JNbpmoI.exe
  C:\Windows\System\JNbpmoI.exe
  2⤵
  PID:4316
- C:\Windows\System\dOwVgNc.exe
  C:\Windows\System\dOwVgNc.exe
  2⤵
  PID:12600
- C:\Windows\System\vavVOsv.exe
  C:\Windows\System\vavVOsv.exe
  2⤵
  PID:13844
- C:\Windows\System\ddjntOf.exe
  C:\Windows\System\ddjntOf.exe
  2⤵
  PID:11816
- C:\Windows\System\HxDWRNH.exe
  C:\Windows\System\HxDWRNH.exe
  2⤵
  PID:13532
- C:\Windows\System\uQOLdrz.exe
  C:\Windows\System\uQOLdrz.exe
  2⤵
  PID:13564
- C:\Windows\System\lHbTnIC.exe
  C:\Windows\System\lHbTnIC.exe
  2⤵
  PID:14264
- C:\Windows\System\TXWYmGz.exe
  C:\Windows\System\TXWYmGz.exe
  2⤵
  PID:14364
- C:\Windows\System\DzZgxzs.exe
  C:\Windows\System\DzZgxzs.exe
  2⤵
  PID:14396
- C:\Windows\System\LmBDTKF.exe
  C:\Windows\System\LmBDTKF.exe
  2⤵
  PID:14424
- C:\Windows\System\ZsaoAgS.exe
  C:\Windows\System\ZsaoAgS.exe
  2⤵
  PID:14452
- C:\Windows\System\oKKsuFs.exe
  C:\Windows\System\oKKsuFs.exe
  2⤵
  PID:14480
- C:\Windows\System\eVmStMv.exe
  C:\Windows\System\eVmStMv.exe
  2⤵
  PID:14508
- C:\Windows\System\MumFdqJ.exe
  C:\Windows\System\MumFdqJ.exe
  2⤵
  PID:14536
- C:\Windows\System\NCncfnD.exe
  C:\Windows\System\NCncfnD.exe
  2⤵
  PID:14564
- C:\Windows\System\JPjosrW.exe
  C:\Windows\System\JPjosrW.exe
  2⤵
  PID:14592
- C:\Windows\System\eVHhijV.exe
  C:\Windows\System\eVHhijV.exe
  2⤵
  PID:14620
- C:\Windows\System\YIfTpss.exe
  C:\Windows\System\YIfTpss.exe
  2⤵
  PID:14648
- C:\Windows\System\pRamWCU.exe
  C:\Windows\System\pRamWCU.exe
  2⤵
  PID:14676
- C:\Windows\System\GrKDlpb.exe
  C:\Windows\System\GrKDlpb.exe
  2⤵
  PID:14708
- C:\Windows\System\qlPkEuu.exe
  C:\Windows\System\qlPkEuu.exe
  2⤵
  PID:14736
- C:\Windows\System\ufzQnKZ.exe
  C:\Windows\System\ufzQnKZ.exe
  2⤵
  PID:14764
- C:\Windows\System\mdbkhEB.exe
  C:\Windows\System\mdbkhEB.exe
  2⤵
  PID:14792
- C:\Windows\System\VhVzukF.exe
  C:\Windows\System\VhVzukF.exe
  2⤵
  PID:14820
- C:\Windows\System\yqzOfUx.exe
  C:\Windows\System\yqzOfUx.exe
  2⤵
  PID:14848
- C:\Windows\System\efRajUF.exe
  C:\Windows\System\efRajUF.exe
  2⤵
  PID:14888
- C:\Windows\System\tLdueLf.exe
  C:\Windows\System\tLdueLf.exe
  2⤵
  PID:14904
- C:\Windows\System\EeFbMgc.exe
  C:\Windows\System\EeFbMgc.exe
  2⤵
  PID:14932
- C:\Windows\System\OyRbXaY.exe
  C:\Windows\System\OyRbXaY.exe
  2⤵
  PID:14960
- C:\Windows\System\INaVHDs.exe
  C:\Windows\System\INaVHDs.exe
  2⤵
  PID:14988
- C:\Windows\System\fiQxMqX.exe
  C:\Windows\System\fiQxMqX.exe
  2⤵
  PID:15016
- C:\Windows\System\iSYETQz.exe
  C:\Windows\System\iSYETQz.exe
  2⤵
  PID:15044
- C:\Windows\System\jnkJDZl.exe
  C:\Windows\System\jnkJDZl.exe
  2⤵
  PID:15072
- C:\Windows\System\pQTwnHR.exe
  C:\Windows\System\pQTwnHR.exe
  2⤵
  PID:15100
- C:\Windows\System\tobCaJF.exe
  C:\Windows\System\tobCaJF.exe
  2⤵
  PID:15132
- C:\Windows\System\PDTbhEP.exe
  C:\Windows\System\PDTbhEP.exe
  2⤵
  PID:15276
- C:\Windows\System\jKozrvN.exe
  C:\Windows\System\jKozrvN.exe
  2⤵
  PID:14420
- C:\Windows\System\PVUSkVF.exe
  C:\Windows\System\PVUSkVF.exe
  2⤵
  PID:14492
- C:\Windows\System\VTFWyPJ.exe
  C:\Windows\System\VTFWyPJ.exe
  2⤵
  PID:14548
- C:\Windows\System\JXBZAYM.exe
  C:\Windows\System\JXBZAYM.exe
  2⤵
  PID:14584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\DzHvZQm.exe

Filesize
5.9MB

MD5
d863bcb4f6be0d1dc682b5c1e8f96c8d

SHA1
f585c654d4b10fb98e8061a69fb53c3444d4c8e1

SHA256
a6522fa24002701d7fcf051a2a9faab10ccb55a36343d85807927a21945b0fa0

SHA512
07a84b7ffb3fdd3d75aad919f24cd4397e52843373bb064e297567c82cb0b6dbf3123d515916c7f81da8f322964c8c2f39b2e1bca6a5b2fa7a76576af634c11d

Download Submit
C:\Windows\System\FWDROBM.exe

Filesize
5.9MB

MD5
e50a368bd966d83c8a9f9b93ad94be44

SHA1
5b0569c894e3e36d4c71c8a4e3cde73f5031b8ed

SHA256
afb11f00299e1c866977fc803016c79f460c74220598655802deb4c476a4d416

SHA512
f9bc6e44455267216384b8d6031222439fc41daf88476124de15e346fbeac7850e685c6511ae03e3deeb6c4f1c3fa3e1de0041f68598a5e50bcfe26c96e36aa6

Download Submit
C:\Windows\System\HcRjGBu.exe

Filesize
5.9MB

MD5
011d93a31090970871edb4d2f0fe8bb8

SHA1
d2d6570fb9e9d2d2d2b4868ae73fa782efd20fdc

SHA256
17c605a00866f2e36320ae4e0bf9a03b96fcfbac2407ef43649e14470cfd5020

SHA512
cc2555812bb085ac6a6f3ba4de5558018528ff1469394f1c5cbabdd7f5f346d795bf6364ed7b1399f8a0ebc6687b48d6d7b2fbf9d42e7752c938ba71abb97adf

Download Submit
C:\Windows\System\HnNQmbY.exe

Filesize
5.9MB

MD5
5304d6337d5c2eee3ad827b429399334

SHA1
eeda085ce92aac5b1a6b315b18bbb5162e69339d

SHA256
1b5f5d46e9baa5e1da73be54001e248709cd3f58e4ed98cca2b8825acdc58251

SHA512
99255b50db2759b573786b2d4c3e99b637d7f145585cd5bf9b75888c4d981204e6333e1caf8e844afdfd0c1d81461c0bf61bbd3a107da2d8d3a9004ee8cf66cc

Download Submit
C:\Windows\System\JKiZgHk.exe

Filesize
5.9MB

MD5
7b65266e60395a36cd2346fbb73faa3b

SHA1
3626e9e1c7efdc68555e1719a9993fb86d30d8db

SHA256
f8c596268f124f407ed0db85045a3b6e169eb285384c03875d7bfcef1ad01d4c

SHA512
982b94ce9e98576da5cc358376058ca5b8a9d2b2aa804455e03954129cd2777596423aeca8bbcdc813a14c58df4ec92435f750c3de4450683256d7310caf8279

Download Submit
C:\Windows\System\JsYMEJp.exe

Filesize
5.9MB

MD5
154b5d4d127a06e2021c07f42664a838

SHA1
18b8049dfff899674065f5fe0e21202c9b534f60

SHA256
cd1b7db23faebe12c17010e3dd9c898ad69d02274df54bb8c11e604b21eef229

SHA512
ad073b73c150d9ceca62e513f7f6ba6032d47d23dd422501e1c1ff66627dbdfc2b9d05a4424cc4179f21ed9836c688297f3ef12f850063bb10f262052e0704c1

Download Submit
C:\Windows\System\NOWamNz.exe

Filesize
5.9MB

MD5
d18fb7fff0842529a2a4ee7712ba0621

SHA1
a69617994bf1405c1672738944cd5db53222acef

SHA256
9b4eddb9192937ab40de9150bd3178d08e2ec10254c253e3bb3fc326c3908a33

SHA512
81671a631698682e7013f45923e7979d3c8425aedcb93b0fbf8a94abda542b21c63b9f501b2a224b071fcbc3d9e1d398b966d75dc746aac9513af371c2d877c0

Download Submit
C:\Windows\System\OTFpsAl.exe

Filesize
5.9MB

MD5
33ce774ae75da000b3c86f16ee505961

SHA1
7beaa7f4548c230bf2b164691581cde8300850f1

SHA256
262946e1746988d64a3148feb95ec7b588208e21275ee874b43624ee67abc4d8

SHA512
214b00c071d63fb32e2a346fc2860f9220a2b82632267f9760e126ad992f9143858b91363f32f3f7a0a18a8c068176d54aff41208a1519aac9e2bf74a43ecfe3

Download Submit
C:\Windows\System\OiPyJIO.exe

Filesize
5.9MB

MD5
dd75573b9f6c022030f320a18620faa7

SHA1
504b0fbdc11e71aadccda95bf1f79991730dab75

SHA256
7ac46a0e4d65164d5b223226bcf40866116395d03ac014c036b4a950b501ee35

SHA512
3f637e67f6785e6462dcd2c97b78fe341d54c4ce602514a1f61a3661934c0c60bb0ae9b36f979851f79ad1ee9d10fd688b91822074021c504d1a433ea765a17b

Download Submit
C:\Windows\System\OljmaYe.exe

Filesize
5.9MB

MD5
3d8136679d47f16d1a8ead68cf97973a

SHA1
f776f6b90acb1f84ec8ffcd0f2830f8c2ab6f819

SHA256
4e56ad05f308828fc0a7a962553d34dbff2f3192c9a6573adeb86fbd952b905c

SHA512
307f3ab456c3805b2d4d78b216eaa9f495afb98c0c8624077b3e0df2c02dbe0e8b9cbe2733493375a340d9716ce05348ee181632384826848330616a052520e0

Download Submit
C:\Windows\System\PAsTXPW.exe

Filesize
5.9MB

MD5
54858e09a4da7c1a31a356cc746ebd9e

SHA1
fcbc429f032c4373bd2900aa2ce34a0ae6d515e8

SHA256
1ca94e0ca86e555e353a5f488fe8de610b56f11e484eeafb3f7dc908cf1d01ad

SHA512
119dc18d80e198ee87c740a5df3d24c0f522c1eaf5585efe16ccf561a7667f1ff21ca9f3221a95f30ef71e3d8751ee89b43312c69b65632323c025c91cc63f5d

Download Submit
C:\Windows\System\QBnbzWL.exe

Filesize
5.9MB

MD5
d03ddc0310a00df79f9959a0718de165

SHA1
eb5ff1b375ce4fe0dc36d6bbfbc12c7e130035da

SHA256
81f5666ee589be39a5468401d9b2c18321da0c4b17f9f88c850684382e2213e6

SHA512
3ab2e4518a9a6ecac254c6198effad6205933251aeef6bc2ebd09a5d0b557b3a189b5ce51b5a49b0f2bde9ba9bbc795193ae3eeec85738e03a7e730a213f433c

Download Submit
C:\Windows\System\QXYHCzg.exe

Filesize
5.9MB

MD5
4b648856c17e8c1b5f32868194c0e343

SHA1
c28ff4bcb70e22bceb28535316575d468508edf0

SHA256
16b69a2337b1af91862ce0d922e42ec607ecd3c044b8a00af4c451d62b9c0825

SHA512
ea29e2563c360b923b2704bcae0f8e2563e42fd413f54e01dadb33c7f1f98acec53f6e338a465d22490941b83e5331130f874c600f2badbef8d4b2be3b7e9741

Download Submit
C:\Windows\System\Vwyhspi.exe

Filesize
5.9MB

MD5
553fc4f6944cd06cea97c6e7b83455b6

SHA1
456443be0fada33c9f8c550fb9fbd37967389af5

SHA256
7cfc77a940cf995a0902e624a16e093a6723c848b47b89058d94c590bf9b6db9

SHA512
8c1ebebc5c8c361ce2e82cffbe6c65ea2576956dcc0ea0bac301541defea48e0e4b2c17ebd65ffd87dc1f8f71d7b0f5d51edce58c60c31133e9093202fa135df

Download Submit
C:\Windows\System\XUdthUX.exe

Filesize
5.9MB

MD5
86c0b8efceeff5ab8725db770cf695d1

SHA1
33476ba100ee61e3a044333b2055644f7db63c76

SHA256
b0f42689e337f6672c741026f0d6f8f50bf0f5fd5240bdd5b3981a65720ba01b

SHA512
dc8b8b7e89d950871c2a1f0013c73dd23066b0bee660fa44fc91b5f30acf538b55bbfc627cc76793a1fe69f851a7c3947cef8d62cc53762f2dfd42a4e4870a18

Download Submit
C:\Windows\System\YYoIKLT.exe

Filesize
5.9MB

MD5
970467c394a92b23db83f741dd1c4d75

SHA1
ea078cc55fe99f91b0d196b1597d33c3eb08cdeb

SHA256
41e02e58d001319c282ce6ee282510ffc390a0a0fc5df70e84be4fb9be738398

SHA512
405bebec220100645db9ef3ded8ac9fd44f09af839d9ed552810210e793a425ac29f8b1ec9d52aa848573a575496afa6a7d0e254d1ec15ce9de93ac7f85267a5

Download Submit
C:\Windows\System\YmRRSzM.exe

Filesize
5.9MB

MD5
aa7950cce7abe6ab22f8da1a6d1c2620

SHA1
7b6f32d78e6e4365057669513527e842e6483930

SHA256
376120c0c61e019419d72ab225a443ff13a2f739ab278cf3e187ecc8d387162e

SHA512
9d0c4dcfb4ecee1ba5d024be065434da35b3f9edf4a8b07380540041e2d1aee94cb5c640dfa7006237d619ca4d9b01c7cec96b0d5158b21ee115be429de5a9b0

Download Submit
C:\Windows\System\arutZQV.exe

Filesize
5.9MB

MD5
897a2c3ea6038fa25d8d81da5ea8d822

SHA1
69ad63d12b4fe62d97a1db8664bcb959c22049be

SHA256
093ea35228688825a1db815411d39a93ad0099a2cb7cdeb96221591f0e1c210f

SHA512
d9cc404c2bb39ae0554fa8bf226133176e9989a709fa0dfe1444c8a51621e5ebeb436e9cbf947aa760a6e9574b7ee6733357d515526a8cb9d44d0f872d1ed16c

Download Submit
C:\Windows\System\bNojdHv.exe

Filesize
5.9MB

MD5
7fe712f7e22984b2f6c5f53013f2bc98

SHA1
821c708239fc54755f72b3b891837549d6913a26

SHA256
df8485ce1aa8ce1389a25057aa368d77de99c415755c62803a8802edfa77cd67

SHA512
a7476b37f2d35bd4dd45e2a62cc69181aa1c77a35dcb1e66b9c3d4601f01172229f2e5a3a21e6441a46cfc6b54830804ceb470dc0bee934e7ddaf3406b8e3b20

Download Submit
C:\Windows\System\cadNUee.exe

Filesize
5.9MB

MD5
e8b18bc004adbb7d9e65956b2b3f188a

SHA1
50e54c254cd63544405e93fbe2f0422fd3c5a6de

SHA256
9e6045331b5fffb3ab2d9a9ad97cf0cbb3726a1f1cc2b096c93c678a4dac5e89

SHA512
855980a4ff7010819499244b5fe22ccc49ba986c39b213ed5376df5ce5d36af7af9ff546deb24e46f3c119609b478fd0a19f7a78f27f5d5e7fdeec1da4ce95ac

Download Submit
C:\Windows\System\dUYiqjl.exe

Filesize
5.9MB

MD5
baed2ba22b87bc98986d899fa727d309

SHA1
de74145a7793e48c42e9e4f37df76c93094e7d13

SHA256
8b8ebb2e1335475fd110a9870e29e8d28d53a557218c713df5bc3dc54723968d

SHA512
8c4a05d5135419d3b8e4e521e687dbcb0f08a0a87cb5b4cdbff4d985bd2695ed881d7cf069d0358574c5d848f8a4d9e4514884d7370af3bf420d823b1957e20d

Download Submit
C:\Windows\System\lgfhwtG.exe

Filesize
5.9MB

MD5
5e07bf6be0e92c2bbdf742a4b681b85a

SHA1
45427f791c4f3bbc0cc5f31e383574ba5644c2ea

SHA256
aea220a93f37023970c48fd8b0729acf2bf4844465e93f431abf42ff8ab28d78

SHA512
bdbf16cc272fbdfc8ec827d78103731de7821107fbf9c00ea0e8f0d5f9017a9d88844745da379192c2e39cb00ec360a92a3565c06365fcefaf8506f916cc1f18

Download Submit
C:\Windows\System\mQcxbqO.exe

Filesize
5.9MB

MD5
926029dcd43fb4a54ed7b39af02f641c

SHA1
2ce10e89a39a85c72c1bb7fb4d207e1206ca97d7

SHA256
ee0a5c103b368f8c0599f26eca0c6ca07e82f00c58e7d9828aa35314b1ddf940

SHA512
800ced17dc54d5f962edba7c55b01d2a8e80dbde599fa13153c584a48cc4419b9f0c2a163f1b6c6d8efffd866ebbf81b0d4aeca40bac0f9716310836dcd60c96

Download Submit
C:\Windows\System\mkLiTJx.exe

Filesize
5.9MB

MD5
9be5fee9eb51319bce727a89ebbe439e

SHA1
e5e656dc5c8e27b0644bb8ba6802ad6d46263b30

SHA256
ab7d16e72c3b580fb1a46bbc59a8b6aa74d1f0a5816fd853b596f21d02d36006

SHA512
5cec97b40fa04bbca209c2b75e6d8f1b2d5d51d0527261828fdb75837c2b92aba40efab1ffcafec9f63eae3fde07b5cea907e23f97c59c0dfa4cdc6457aa2bdc

Download Submit
C:\Windows\System\nPjSLdz.exe

Filesize
5.9MB

MD5
430783d5e43302e654c1f68fb56d221f

SHA1
1355257229c8d700814f0624393e938806ca5ad5

SHA256
8e5d08e2ff7addb2f6285d20eec03d89a30edd79b30cd3cf6c69fd7dec552fa0

SHA512
3f52735ae3b2ed162f8eea789a3fd1668a8de2dd26dc1b94122d8d5195ad9d7a395de6139b01bd4c808659857bcb9db453b15829aa4b5eb19bae1e0507ad1d4b

Download Submit
C:\Windows\System\oKcttpS.exe

Filesize
5.9MB

MD5
22a175fc73fb1473fc694ee88ca5145c

SHA1
ef9de6de5eefc53aa1652b4ea48e93ac2600b91b

SHA256
b9d25bbe32d9cb5c2b072511ffb2c86f17474d5cf758c61ee0b75f99de1504fc

SHA512
24dde3b604de38e3cdbfcbb48e1c3504282841acfedf4604c3f038b839682c29536af1afcd08025cec472c56975b18c0eb9dd1351be4fe8146d858c9fb213003

Download Submit
C:\Windows\System\ollIgBh.exe

Filesize
5.9MB

MD5
0bb08a632d1e86206de17ce04ddbbfbc

SHA1
3392c384c930cebb220e7d54685e63c8ce18474d

SHA256
5f5319b138417746628662cb7848c97305f24130a976ebe30394778c8eb6e601

SHA512
65abc1767eb746f0993cc766d37ea3d8344523cd51f850c882c2331d5554bba98f2f0ea60b573089b7a8211198dc4996a9f6edb2fdd4782ff2eca79ab196e29f

Download Submit
C:\Windows\System\pNGrmzn.exe

Filesize
5.9MB

MD5
16876b25c53984a7a241be286a964400

SHA1
829928df0ff7535d38e63fb54f953086fbb88097

SHA256
35465412a1ebecf94f277ec33dbae731c31835fb9380e7f031d708403683d4b6

SHA512
43932fe3a48ba7cdb1fca7efb39cb3f3445afd5a6546ae44d932651e451c363519b21de8b6a5b26eb22e29056c35ed8539d410813e71d12b248ac34ca4d23a83

Download Submit
C:\Windows\System\rSfyFpw.exe

Filesize
5.9MB

MD5
56f49695b2fa8e89cb7925f7f1c01047

SHA1
0a5cb19e6478e2c39700a7fe4f1c57a2ec2b1f56

SHA256
eedfb0882fa79c2fa6bf8b46ca89e04a093b2bccc5d932e9c2669b3044b83beb

SHA512
937d5c3a0aa5b9549f108f13f1616a10d44e1eb11eda61b758d0a0d146e51b076d9bb24f5beeac5595e23023d6827fc8f38aaf84f0bb199818bfa73867cab412

Download Submit
C:\Windows\System\tZZpWKr.exe

Filesize
5.9MB

MD5
314e4f90c99b03dd079b37a613c6acce

SHA1
26c827caca0296f7490bfd0affb1cb09aeaa1bfe

SHA256
cee0043a7b6546f1bb084b180a0da52265d5966ed1b301afcec194136dcac5bc

SHA512
0d168c0f38349cefffe62d6025a8439eb788560ebe14ab29388ec715ca1651931b98ae911fdedfcf8b1f196a17ead6dd1b0442b177a6ba0c28df62f228dcc8a3

Download Submit
C:\Windows\System\wUbOKHP.exe

Filesize
5.9MB

MD5
1fe60251bdd98698e334d9b9e343eee2

SHA1
ba452d49bef4e45067c6877c27cfe5a000321c7e

SHA256
ef5551ed8cea0e36c712ead6e1dac2a6cbd746686c629de1c4cec42498fdf8e4

SHA512
1fc3339d4deb9bac336c6230a6b3f34a7c352ccb09247de83ce065030ceb57e4af010acf4368ab6f026a38c0472f231a894ccd66db00153fdc4f9b9685f8ca8f

Download Submit
C:\Windows\System\wcqaWca.exe

Filesize
5.9MB

MD5
0608b40432a53c19130950adeb1b1e09

SHA1
4e35ecb287d257547a71fd821ef9f1d391fff315

SHA256
45a41ede69d003b135d21584d6a147375c455f0ed37165846efcb277a6184c9b

SHA512
cd677c0eb4fc4065e006d135798d4a9c090d61db5e247b83144e79fabb19e17118f65c1e9eaa5eecfd80ff5f1153df63702e26bdcb00d7fd8406e51b5a8bf3c0

Download Submit
C:\Windows\System\yMaCgwq.exe

Filesize
5.9MB

MD5
bc7b305ff75292f33a7fe93ecd3182d1

SHA1
2c0ec2926c034e87c2a990db01861046d1c7d31b

SHA256
4611fb1d5f9cffc304117f3aa774ca76af53b916859f0d1a77e79d24201ff1c8

SHA512
a96a85af594309824ea2ae5f4524274c3f54901189de1e0a9da79206ead5c6ea657b26204517841ecfb426f1f0bed7231001803629b3fafb52c9fcdba43744f3

Download Submit
C:\Windows\System\yPmNNsS.exe

Filesize
5.9MB

MD5
b468b6c0c287286859f5227f2cb9aae5

SHA1
9dc01243ab98514384fc31196f06d1054fc43051

SHA256
424be8f766b6157e8c94c3eea684778e2eb450ce46b78e84b00e65939e25121b

SHA512
1cf4899773da1c1b8b66d027385ad4996962df0b8174a3d5b1b0bfb54df1535d2409db8862f4c95067ef83e89063691c7ce8b60ee6eae997f6d52e08bcf346f3

Download Submit
memory/760-130-0x00007FF60AA60000-0x00007FF60ADB4000-memory.dmp

Filesize
3.3MB

Download
memory/760-1993-0x00007FF60AA60000-0x00007FF60ADB4000-memory.dmp

Filesize
3.3MB

Download
memory/760-339-0x00007FF60AA60000-0x00007FF60ADB4000-memory.dmp

Filesize
3.3MB

Download
memory/1012-172-0x00007FF634750000-0x00007FF634AA4000-memory.dmp

Filesize
3.3MB

Download
memory/1012-536-0x00007FF634750000-0x00007FF634AA4000-memory.dmp

Filesize
3.3MB

Download
memory/1164-1692-0x00007FF60B880000-0x00007FF60BBD4000-memory.dmp

Filesize
3.3MB

Download
memory/1164-146-0x00007FF60B880000-0x00007FF60BBD4000-memory.dmp

Filesize
3.3MB

Download
memory/1164-84-0x00007FF60B880000-0x00007FF60BBD4000-memory.dmp

Filesize
3.3MB

Download
memory/1280-151-0x00007FF71E8F0000-0x00007FF71EC44000-memory.dmp

Filesize
3.3MB

Download
memory/1304-129-0x00007FF682D50000-0x00007FF6830A4000-memory.dmp

Filesize
3.3MB

Download
memory/1304-1988-0x00007FF682D50000-0x00007FF6830A4000-memory.dmp

Filesize
3.3MB

Download
memory/1472-1458-0x00007FF769C00000-0x00007FF769F54000-memory.dmp

Filesize
3.3MB

Download
memory/1472-95-0x00007FF769C00000-0x00007FF769F54000-memory.dmp

Filesize
3.3MB

Download
memory/1472-36-0x00007FF769C00000-0x00007FF769F54000-memory.dmp

Filesize
3.3MB

Download
memory/1480-1-0x0000023463EF0000-0x0000023463F00000-memory.dmp

Filesize
64KB

Download
memory/1480-0-0x00007FF743740000-0x00007FF743A94000-memory.dmp

Filesize
3.3MB

Download
memory/1480-52-0x00007FF743740000-0x00007FF743A94000-memory.dmp

Filesize
3.3MB

Download
memory/1756-179-0x00007FF6C43E0000-0x00007FF6C4734000-memory.dmp

Filesize
3.3MB

Download
memory/1756-665-0x00007FF6C43E0000-0x00007FF6C4734000-memory.dmp

Filesize
3.3MB

Download
memory/1920-161-0x00007FF648F00000-0x00007FF649254000-memory.dmp

Filesize
3.3MB

Download
memory/1996-85-0x00007FF6757F0000-0x00007FF675B44000-memory.dmp

Filesize
3.3MB

Download
memory/1996-156-0x00007FF6757F0000-0x00007FF675B44000-memory.dmp

Filesize
3.3MB

Download
memory/1996-1697-0x00007FF6757F0000-0x00007FF675B44000-memory.dmp

Filesize
3.3MB

Download
memory/2032-466-0x00007FF7F77B0000-0x00007FF7F7B04000-memory.dmp

Filesize
3.3MB

Download
memory/2032-166-0x00007FF7F77B0000-0x00007FF7F7B04000-memory.dmp

Filesize
3.3MB

Download
memory/2408-1473-0x00007FF6D1400000-0x00007FF6D1754000-memory.dmp

Filesize
3.3MB

Download
memory/2408-102-0x00007FF6D1400000-0x00007FF6D1754000-memory.dmp

Filesize
3.3MB

Download
memory/2408-42-0x00007FF6D1400000-0x00007FF6D1754000-memory.dmp

Filesize
3.3MB

Download
memory/2652-533-0x00007FF798060000-0x00007FF7983B4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-171-0x00007FF798060000-0x00007FF7983B4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1242-0x00007FF65C070000-0x00007FF65C3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-15-0x00007FF65C070000-0x00007FF65C3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-64-0x00007FF65C070000-0x00007FF65C3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-1979-0x00007FF754680000-0x00007FF7549D4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-124-0x00007FF754680000-0x00007FF7549D4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-225-0x00007FF754680000-0x00007FF7549D4000-memory.dmp

Filesize
3.3MB

Download
memory/3240-69-0x00007FF61E7A0000-0x00007FF61EAF4000-memory.dmp

Filesize
3.3MB

Download
memory/3240-1681-0x00007FF61E7A0000-0x00007FF61EAF4000-memory.dmp

Filesize
3.3MB

Download
memory/3284-108-0x00007FF7004F0000-0x00007FF700844000-memory.dmp

Filesize
3.3MB

Download
memory/3284-1967-0x00007FF7004F0000-0x00007FF700844000-memory.dmp

Filesize
3.3MB

Download
memory/3600-778-0x00007FF6AA930000-0x00007FF6AAC84000-memory.dmp

Filesize
3.3MB

Download
memory/3600-192-0x00007FF6AA930000-0x00007FF6AAC84000-memory.dmp

Filesize
3.3MB

Download
memory/3700-109-0x00007FF709800000-0x00007FF709B54000-memory.dmp

Filesize
3.3MB

Download
memory/3700-1478-0x00007FF709800000-0x00007FF709B54000-memory.dmp

Filesize
3.3MB

Download
memory/3700-48-0x00007FF709800000-0x00007FF709B54000-memory.dmp

Filesize
3.3MB

Download
memory/3832-60-0x00007FF799190000-0x00007FF7994E4000-memory.dmp

Filesize
3.3MB

Download
memory/3832-6-0x00007FF799190000-0x00007FF7994E4000-memory.dmp

Filesize
3.3MB

Download
memory/3832-1196-0x00007FF799190000-0x00007FF7994E4000-memory.dmp

Filesize
3.3MB

Download
memory/3876-76-0x00007FF68C6C0000-0x00007FF68CA14000-memory.dmp

Filesize
3.3MB

Download
memory/3876-24-0x00007FF68C6C0000-0x00007FF68CA14000-memory.dmp

Filesize
3.3MB

Download
memory/3876-1252-0x00007FF68C6C0000-0x00007FF68CA14000-memory.dmp

Filesize
3.3MB

Download
memory/3880-135-0x00007FF651110000-0x00007FF651464000-memory.dmp

Filesize
3.3MB

Download
memory/3880-1689-0x00007FF651110000-0x00007FF651464000-memory.dmp

Filesize
3.3MB

Download
memory/3880-73-0x00007FF651110000-0x00007FF651464000-memory.dmp

Filesize
3.3MB

Download
memory/3908-31-0x00007FF645700000-0x00007FF645A54000-memory.dmp

Filesize
3.3MB

Download
memory/3908-1398-0x00007FF645700000-0x00007FF645A54000-memory.dmp

Filesize
3.3MB

Download
memory/3908-89-0x00007FF645700000-0x00007FF645A54000-memory.dmp

Filesize
3.3MB

Download
memory/4000-664-0x00007FF68A4F0000-0x00007FF68A844000-memory.dmp

Filesize
3.3MB

Download
memory/4000-177-0x00007FF68A4F0000-0x00007FF68A844000-memory.dmp

Filesize
3.3MB

Download
memory/4300-190-0x00007FF79B5D0000-0x00007FF79B924000-memory.dmp

Filesize
3.3MB

Download
memory/4300-1972-0x00007FF79B5D0000-0x00007FF79B924000-memory.dmp

Filesize
3.3MB

Download
memory/4300-104-0x00007FF79B5D0000-0x00007FF79B924000-memory.dmp

Filesize
3.3MB

Download
memory/4552-68-0x00007FF752AD0000-0x00007FF752E24000-memory.dmp

Filesize
3.3MB

Download
memory/4552-21-0x00007FF752AD0000-0x00007FF752E24000-memory.dmp

Filesize
3.3MB

Download
memory/4552-1249-0x00007FF752AD0000-0x00007FF752E24000-memory.dmp

Filesize
3.3MB

Download
memory/4560-147-0x00007FF70D350000-0x00007FF70D6A4000-memory.dmp

Filesize
3.3MB

Download
memory/4656-1479-0x00007FF693BA0000-0x00007FF693EF4000-memory.dmp

Filesize
3.3MB

Download
memory/4656-53-0x00007FF693BA0000-0x00007FF693EF4000-memory.dmp

Filesize
3.3MB

Download
memory/4656-114-0x00007FF693BA0000-0x00007FF693EF4000-memory.dmp

Filesize
3.3MB

Download
memory/4740-128-0x00007FF65F210000-0x00007FF65F564000-memory.dmp

Filesize
3.3MB

Download
memory/4740-1982-0x00007FF65F210000-0x00007FF65F564000-memory.dmp

Filesize
3.3MB

Download
memory/5064-90-0x00007FF79B230000-0x00007FF79B584000-memory.dmp

Filesize
3.3MB

Download
memory/5064-178-0x00007FF79B230000-0x00007FF79B584000-memory.dmp

Filesize
3.3MB

Download
memory/5064-1700-0x00007FF79B230000-0x00007FF79B584000-memory.dmp

Filesize
3.3MB

Download