cobaltstrike | 75fc3b04744b761589bdb66d878c00f0fa9e1d2511b6e4e26e65c45bc00caf0f

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
28/03/2025, 22:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

5.9MB
MD5

f4272142fabfa439b076bbf3f99e4fa0
SHA1

0cb3c6df1e4e3900efca482a33cf39e32a758cbe
SHA256

75fc3b04744b761589bdb66d878c00f0fa9e1d2511b6e4e26e65c45bc00caf0f
SHA512

31c9934593e8d528b511a9a436cccf76f2e7b83f13a6c1bd7641c53a1761f4a84324ef5f22589fc2365aa1310411550fd6b02a658ab2a8d73d8f01639dccc1d7
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUh:T+q56utgpPF8u/7h

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

Attributes

watermark
0

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 53 IoCs

miner

resource	yara_rule
behavioral1/memory/1656-0-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x000c00000001202c-3.dat	xmrig
behavioral1/files/0x00070000000186ed-10.dat	xmrig
behavioral1/files/0x00070000000186f1-14.dat	xmrig
behavioral1/files/0x00060000000186f4-18.dat	xmrig
behavioral1/files/0x0006000000018704-22.dat	xmrig
behavioral1/files/0x0006000000018739-30.dat	xmrig
behavioral1/files/0x00070000000193c4-41.dat	xmrig
behavioral1/files/0x00060000000193df-45.dat	xmrig
behavioral1/files/0x0005000000019451-50.dat	xmrig
behavioral1/files/0x00050000000194b9-60.dat	xmrig
behavioral1/files/0x00050000000194ee-70.dat	xmrig
behavioral1/files/0x0005000000019512-95.dat	xmrig
behavioral1/files/0x00050000000195ab-110.dat	xmrig
behavioral1/files/0x00050000000195f0-115.dat	xmrig
behavioral1/files/0x0005000000019623-125.dat	xmrig
behavioral1/memory/1576-2111-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2380-2155-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/1656-2075-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2400-2074-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001962f-160.dat	xmrig
behavioral1/files/0x000500000001962d-156.dat	xmrig
behavioral1/files/0x000500000001962b-150.dat	xmrig
behavioral1/files/0x0005000000019629-146.dat	xmrig
behavioral1/files/0x0005000000019625-136.dat	xmrig
behavioral1/files/0x0005000000019627-140.dat	xmrig
behavioral1/files/0x0005000000019624-131.dat	xmrig
behavioral1/files/0x0005000000019621-120.dat	xmrig
behavioral1/files/0x000500000001958e-105.dat	xmrig
behavioral1/files/0x000500000001957e-100.dat	xmrig
behavioral1/files/0x000500000001950e-90.dat	xmrig
behavioral1/files/0x0005000000019509-85.dat	xmrig
behavioral1/files/0x0005000000019502-80.dat	xmrig
behavioral1/files/0x00050000000194f1-75.dat	xmrig
behavioral1/files/0x00050000000194c9-65.dat	xmrig
behavioral1/files/0x0005000000019458-55.dat	xmrig
behavioral1/files/0x0006000000018744-36.dat	xmrig
behavioral1/memory/2092-2226-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2552-2270-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2888-2342-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2944-2380-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2640-2428-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/1656-2987-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/1656-3064-0x0000000002280000-0x00000000025D4000-memory.dmp	xmrig
behavioral1/memory/1656-3065-0x0000000002280000-0x00000000025D4000-memory.dmp	xmrig
behavioral1/memory/2552-3340-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2400-3311-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2888-3305-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2092-3300-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2640-3349-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2380-3338-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/1576-3337-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2944-3335-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2640	cQEnRKK.exe
2400	zpFmWpf.exe
1576	vmKKJrJ.exe
2380	CMcaIyf.exe
2092	slvZCnp.exe
2552	bLjEsuS.exe
2888	eNypPhe.exe
2944	AKsOYqh.exe
2204	RSIoRuj.exe
2924	wkAUWJI.exe
2876	JUlAjQo.exe
2720	muoSmky.exe
2736	gXBomQo.exe
2676	EXhQjYc.exe
2740	DkZgUaw.exe
2516	qhuHspf.exe
2260	DYVsxnF.exe
1552	kAOXpJn.exe
1724	dZkAbUe.exe
776	jJcSCcm.exe
2980	qnIZNIg.exe
3012	DJOmMrJ.exe
2384	lbIwdso.exe
2012	SCbzirf.exe
1620	BuQWZKv.exe
1952	VCNOhVj.exe
2332	STbNCzx.exe
2240	ZmFuACq.exe
2320	SwPBiWk.exe
672	mmDpxdH.exe
444	klNoybB.exe
2780	zRdSrJS.exe
804	nnSuPnv.exe
1556	DLyfvgR.exe
2280	rvUFDHQ.exe
1044	hImDlZo.exe
328	rznmBCM.exe
1028	fqEVyDs.exe
2452	uRynsfb.exe
3044	jibXtAt.exe
1488	NbuPbEs.exe
3060	vUwUqDG.exe
1604	CQlelch.exe
2116	DCpRUuZ.exe
2580	qVOIDEH.exe
2268	xaSBYsM.exe
1468	SZoDyou.exe
564	WSAUKYS.exe
1872	RbeuLZy.exe
1480	ctHHZZi.exe
1928	ZeunUSM.exe
888	fGiWozA.exe
2512	kScmidf.exe
2540	eZGqmWb.exe
1532	NWATWXG.exe
1536	saWLVyJ.exe
2368	YAwIdDe.exe
1584	fxIymJY.exe
2788	wuhOEdv.exe
2880	dLIJwHf.exe
2932	jgoAaqt.exe
2900	bwowalc.exe
2920	rpLlkDw.exe
2684	BbDjOri.exe

Loads dropped DLL 64 IoCs

pid	Process
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

UPX packed file 50 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1656-0-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x000c00000001202c-3.dat	upx
behavioral1/files/0x00070000000186ed-10.dat	upx
behavioral1/files/0x00070000000186f1-14.dat	upx
behavioral1/files/0x00060000000186f4-18.dat	upx
behavioral1/files/0x0006000000018704-22.dat	upx
behavioral1/files/0x0006000000018739-30.dat	upx
behavioral1/files/0x00070000000193c4-41.dat	upx
behavioral1/files/0x00060000000193df-45.dat	upx
behavioral1/files/0x0005000000019451-50.dat	upx
behavioral1/files/0x00050000000194b9-60.dat	upx
behavioral1/files/0x00050000000194ee-70.dat	upx
behavioral1/files/0x0005000000019512-95.dat	upx
behavioral1/files/0x00050000000195ab-110.dat	upx
behavioral1/files/0x00050000000195f0-115.dat	upx
behavioral1/files/0x0005000000019623-125.dat	upx
behavioral1/memory/1576-2111-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2380-2155-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2400-2074-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/files/0x000500000001962f-160.dat	upx
behavioral1/files/0x000500000001962d-156.dat	upx
behavioral1/files/0x000500000001962b-150.dat	upx
behavioral1/files/0x0005000000019629-146.dat	upx
behavioral1/files/0x0005000000019625-136.dat	upx
behavioral1/files/0x0005000000019627-140.dat	upx
behavioral1/files/0x0005000000019624-131.dat	upx
behavioral1/files/0x0005000000019621-120.dat	upx
behavioral1/files/0x000500000001958e-105.dat	upx
behavioral1/files/0x000500000001957e-100.dat	upx
behavioral1/files/0x000500000001950e-90.dat	upx
behavioral1/files/0x0005000000019509-85.dat	upx
behavioral1/files/0x0005000000019502-80.dat	upx
behavioral1/files/0x00050000000194f1-75.dat	upx
behavioral1/files/0x00050000000194c9-65.dat	upx
behavioral1/files/0x0005000000019458-55.dat	upx
behavioral1/files/0x0006000000018744-36.dat	upx
behavioral1/memory/2092-2226-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2552-2270-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2888-2342-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2944-2380-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2640-2428-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/1656-2987-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2552-3340-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2400-3311-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2888-3305-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2092-3300-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2640-3349-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2380-3338-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/1576-3337-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2944-3335-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\BMLfvoZ.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LJoEIOf.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QWAJMaL.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UzbuPQw.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qTfVJay.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\iWemzkS.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DMFmnmw.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UykTsCi.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uTieXHU.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZlNtnmL.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TnFZcKK.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wJmNmvO.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\klNoybB.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gOkkYqF.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qpeZUHA.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CVYsReR.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KfbUyiG.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DCGNBka.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JPBpJOI.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SmwtIOZ.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UbvNtYJ.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mjJEZxy.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RdRDYXX.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ViIgLys.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gJWyWAJ.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\knRydYQ.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bAbqiQP.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AycNepS.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SheDXCo.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FZAvzNN.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CpKpKdz.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DfgJHPH.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SCbzirf.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WUwCviK.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HJNMXsD.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RnXiUvm.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bonOyjq.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FcgVQpt.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rvUFDHQ.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XiCXWgy.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gKWBznj.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lHsPTaO.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ycihnum.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wWLPKbx.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EXhQjYc.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\eZGqmWb.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wWZWbdm.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CEngAnL.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\teAvmXE.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QgCADJi.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UFmVEqd.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QPqLLyX.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VPULiUo.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ItGOver.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UKipVkF.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LTUsalX.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BPxlTeX.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BqSoTmH.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cFTWDNu.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wsqLNba.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mAybzPE.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QHjNhmA.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mPQIhNa.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lKojZWo.exe	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1656 wrote to memory of 2640	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	31
PID 1656 wrote to memory of 2640	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	31
PID 1656 wrote to memory of 2640	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	31
PID 1656 wrote to memory of 2400	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	32
PID 1656 wrote to memory of 2400	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	32
PID 1656 wrote to memory of 2400	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	32
PID 1656 wrote to memory of 1576	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	33
PID 1656 wrote to memory of 1576	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	33
PID 1656 wrote to memory of 1576	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	33
PID 1656 wrote to memory of 2380	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	35
PID 1656 wrote to memory of 2380	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	35
PID 1656 wrote to memory of 2380	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	35
PID 1656 wrote to memory of 2092	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	36
PID 1656 wrote to memory of 2092	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	36
PID 1656 wrote to memory of 2092	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	36
PID 1656 wrote to memory of 2552	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	37
PID 1656 wrote to memory of 2552	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	37
PID 1656 wrote to memory of 2552	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	37
PID 1656 wrote to memory of 2888	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	38
PID 1656 wrote to memory of 2888	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	38
PID 1656 wrote to memory of 2888	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	38
PID 1656 wrote to memory of 2944	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	39
PID 1656 wrote to memory of 2944	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	39
PID 1656 wrote to memory of 2944	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	39
PID 1656 wrote to memory of 2204	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	40
PID 1656 wrote to memory of 2204	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	40
PID 1656 wrote to memory of 2204	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	40
PID 1656 wrote to memory of 2924	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	41
PID 1656 wrote to memory of 2924	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	41
PID 1656 wrote to memory of 2924	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	41
PID 1656 wrote to memory of 2876	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	42
PID 1656 wrote to memory of 2876	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	42
PID 1656 wrote to memory of 2876	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	42
PID 1656 wrote to memory of 2720	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	43
PID 1656 wrote to memory of 2720	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	43
PID 1656 wrote to memory of 2720	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	43
PID 1656 wrote to memory of 2736	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	44
PID 1656 wrote to memory of 2736	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	44
PID 1656 wrote to memory of 2736	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	44
PID 1656 wrote to memory of 2676	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	45
PID 1656 wrote to memory of 2676	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	45
PID 1656 wrote to memory of 2676	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	45
PID 1656 wrote to memory of 2740	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	46
PID 1656 wrote to memory of 2740	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	46
PID 1656 wrote to memory of 2740	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	46
PID 1656 wrote to memory of 2516	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	47
PID 1656 wrote to memory of 2516	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	47
PID 1656 wrote to memory of 2516	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	47
PID 1656 wrote to memory of 2260	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	48
PID 1656 wrote to memory of 2260	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	48
PID 1656 wrote to memory of 2260	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	48
PID 1656 wrote to memory of 1552	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	49
PID 1656 wrote to memory of 1552	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	49
PID 1656 wrote to memory of 1552	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	49
PID 1656 wrote to memory of 1724	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	50
PID 1656 wrote to memory of 1724	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	50
PID 1656 wrote to memory of 1724	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	50
PID 1656 wrote to memory of 776	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	51
PID 1656 wrote to memory of 776	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	51
PID 1656 wrote to memory of 776	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	51
PID 1656 wrote to memory of 2980	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	52
PID 1656 wrote to memory of 2980	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	52
PID 1656 wrote to memory of 2980	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	52
PID 1656 wrote to memory of 3012	1656	2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-28_f4272142fabfa439b076bbf3f99e4fa0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1656
- C:\Windows\System\cQEnRKK.exe
  C:\Windows\System\cQEnRKK.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\zpFmWpf.exe
  C:\Windows\System\zpFmWpf.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\vmKKJrJ.exe
  C:\Windows\System\vmKKJrJ.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\CMcaIyf.exe
  C:\Windows\System\CMcaIyf.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\slvZCnp.exe
  C:\Windows\System\slvZCnp.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\bLjEsuS.exe
  C:\Windows\System\bLjEsuS.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\eNypPhe.exe
  C:\Windows\System\eNypPhe.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\AKsOYqh.exe
  C:\Windows\System\AKsOYqh.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\RSIoRuj.exe
  C:\Windows\System\RSIoRuj.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\wkAUWJI.exe
  C:\Windows\System\wkAUWJI.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\JUlAjQo.exe
  C:\Windows\System\JUlAjQo.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\muoSmky.exe
  C:\Windows\System\muoSmky.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\gXBomQo.exe
  C:\Windows\System\gXBomQo.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\EXhQjYc.exe
  C:\Windows\System\EXhQjYc.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\DkZgUaw.exe
  C:\Windows\System\DkZgUaw.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\qhuHspf.exe
  C:\Windows\System\qhuHspf.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\DYVsxnF.exe
  C:\Windows\System\DYVsxnF.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\kAOXpJn.exe
  C:\Windows\System\kAOXpJn.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\dZkAbUe.exe
  C:\Windows\System\dZkAbUe.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\jJcSCcm.exe
  C:\Windows\System\jJcSCcm.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\qnIZNIg.exe
  C:\Windows\System\qnIZNIg.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\DJOmMrJ.exe
  C:\Windows\System\DJOmMrJ.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\lbIwdso.exe
  C:\Windows\System\lbIwdso.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\SCbzirf.exe
  C:\Windows\System\SCbzirf.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\BuQWZKv.exe
  C:\Windows\System\BuQWZKv.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\VCNOhVj.exe
  C:\Windows\System\VCNOhVj.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\STbNCzx.exe
  C:\Windows\System\STbNCzx.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\ZmFuACq.exe
  C:\Windows\System\ZmFuACq.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\SwPBiWk.exe
  C:\Windows\System\SwPBiWk.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\mmDpxdH.exe
  C:\Windows\System\mmDpxdH.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\klNoybB.exe
  C:\Windows\System\klNoybB.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\zRdSrJS.exe
  C:\Windows\System\zRdSrJS.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\nnSuPnv.exe
  C:\Windows\System\nnSuPnv.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\DLyfvgR.exe
  C:\Windows\System\DLyfvgR.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\rvUFDHQ.exe
  C:\Windows\System\rvUFDHQ.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\hImDlZo.exe
  C:\Windows\System\hImDlZo.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\rznmBCM.exe
  C:\Windows\System\rznmBCM.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\fqEVyDs.exe
  C:\Windows\System\fqEVyDs.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\uRynsfb.exe
  C:\Windows\System\uRynsfb.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\jibXtAt.exe
  C:\Windows\System\jibXtAt.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\NbuPbEs.exe
  C:\Windows\System\NbuPbEs.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\vUwUqDG.exe
  C:\Windows\System\vUwUqDG.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\CQlelch.exe
  C:\Windows\System\CQlelch.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\DCpRUuZ.exe
  C:\Windows\System\DCpRUuZ.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\qVOIDEH.exe
  C:\Windows\System\qVOIDEH.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\xaSBYsM.exe
  C:\Windows\System\xaSBYsM.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\SZoDyou.exe
  C:\Windows\System\SZoDyou.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\WSAUKYS.exe
  C:\Windows\System\WSAUKYS.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\RbeuLZy.exe
  C:\Windows\System\RbeuLZy.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\ctHHZZi.exe
  C:\Windows\System\ctHHZZi.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\ZeunUSM.exe
  C:\Windows\System\ZeunUSM.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\fGiWozA.exe
  C:\Windows\System\fGiWozA.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\kScmidf.exe
  C:\Windows\System\kScmidf.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\eZGqmWb.exe
  C:\Windows\System\eZGqmWb.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\NWATWXG.exe
  C:\Windows\System\NWATWXG.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\saWLVyJ.exe
  C:\Windows\System\saWLVyJ.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\YAwIdDe.exe
  C:\Windows\System\YAwIdDe.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\fxIymJY.exe
  C:\Windows\System\fxIymJY.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\wuhOEdv.exe
  C:\Windows\System\wuhOEdv.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\dLIJwHf.exe
  C:\Windows\System\dLIJwHf.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\jgoAaqt.exe
  C:\Windows\System\jgoAaqt.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\bwowalc.exe
  C:\Windows\System\bwowalc.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\rpLlkDw.exe
  C:\Windows\System\rpLlkDw.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\BbDjOri.exe
  C:\Windows\System\BbDjOri.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\nQXVZNe.exe
  C:\Windows\System\nQXVZNe.exe
  2⤵
  PID:2756
- C:\Windows\System\TclYmab.exe
  C:\Windows\System\TclYmab.exe
  2⤵
  PID:2488
- C:\Windows\System\iGHHLSY.exe
  C:\Windows\System\iGHHLSY.exe
  2⤵
  PID:3000
- C:\Windows\System\EmPmDqW.exe
  C:\Windows\System\EmPmDqW.exe
  2⤵
  PID:884
- C:\Windows\System\gOkkYqF.exe
  C:\Windows\System\gOkkYqF.exe
  2⤵
  PID:3024
- C:\Windows\System\fzUZTmP.exe
  C:\Windows\System\fzUZTmP.exe
  2⤵
  PID:3028
- C:\Windows\System\kCRvvjt.exe
  C:\Windows\System\kCRvvjt.exe
  2⤵
  PID:2276
- C:\Windows\System\nfOtyqL.exe
  C:\Windows\System\nfOtyqL.exe
  2⤵
  PID:2136
- C:\Windows\System\sbwFpBH.exe
  C:\Windows\System\sbwFpBH.exe
  2⤵
  PID:1888
- C:\Windows\System\vPXRZFg.exe
  C:\Windows\System\vPXRZFg.exe
  2⤵
  PID:1748
- C:\Windows\System\AWUGrTi.exe
  C:\Windows\System\AWUGrTi.exe
  2⤵
  PID:1784
- C:\Windows\System\NzZqJyY.exe
  C:\Windows\System\NzZqJyY.exe
  2⤵
  PID:1612
- C:\Windows\System\LNIvCOr.exe
  C:\Windows\System\LNIvCOr.exe
  2⤵
  PID:972
- C:\Windows\System\QdvPNbC.exe
  C:\Windows\System\QdvPNbC.exe
  2⤵
  PID:1992
- C:\Windows\System\QhACmXg.exe
  C:\Windows\System\QhACmXg.exe
  2⤵
  PID:1772
- C:\Windows\System\uekheDL.exe
  C:\Windows\System\uekheDL.exe
  2⤵
  PID:2616
- C:\Windows\System\HakJmcE.exe
  C:\Windows\System\HakJmcE.exe
  2⤵
  PID:652
- C:\Windows\System\QWAJMaL.exe
  C:\Windows\System\QWAJMaL.exe
  2⤵
  PID:2656
- C:\Windows\System\KulPNpQ.exe
  C:\Windows\System\KulPNpQ.exe
  2⤵
  PID:1288
- C:\Windows\System\NTpYMFq.exe
  C:\Windows\System\NTpYMFq.exe
  2⤵
  PID:2056
- C:\Windows\System\OLSIWZE.exe
  C:\Windows\System\OLSIWZE.exe
  2⤵
  PID:2460
- C:\Windows\System\NJsnQKh.exe
  C:\Windows\System\NJsnQKh.exe
  2⤵
  PID:1852
- C:\Windows\System\WUwCviK.exe
  C:\Windows\System\WUwCviK.exe
  2⤵
  PID:1440
- C:\Windows\System\RPPqPYq.exe
  C:\Windows\System\RPPqPYq.exe
  2⤵
  PID:2200
- C:\Windows\System\KyirHtK.exe
  C:\Windows\System\KyirHtK.exe
  2⤵
  PID:2096
- C:\Windows\System\SmwtIOZ.exe
  C:\Windows\System\SmwtIOZ.exe
  2⤵
  PID:2128
- C:\Windows\System\uRqsJju.exe
  C:\Windows\System\uRqsJju.exe
  2⤵
  PID:1732
- C:\Windows\System\PmrDIMo.exe
  C:\Windows\System\PmrDIMo.exe
  2⤵
  PID:2836
- C:\Windows\System\dpEkZbU.exe
  C:\Windows\System\dpEkZbU.exe
  2⤵
  PID:2704
- C:\Windows\System\UbvNtYJ.exe
  C:\Windows\System\UbvNtYJ.exe
  2⤵
  PID:2724
- C:\Windows\System\rQgyFmo.exe
  C:\Windows\System\rQgyFmo.exe
  2⤵
  PID:2728
- C:\Windows\System\upFHfKK.exe
  C:\Windows\System\upFHfKK.exe
  2⤵
  PID:1152
- C:\Windows\System\DybOaiv.exe
  C:\Windows\System\DybOaiv.exe
  2⤵
  PID:1964
- C:\Windows\System\laxhnzl.exe
  C:\Windows\System\laxhnzl.exe
  2⤵
  PID:2996
- C:\Windows\System\RXTtgMH.exe
  C:\Windows\System\RXTtgMH.exe
  2⤵
  PID:2252
- C:\Windows\System\pBTdvRG.exe
  C:\Windows\System\pBTdvRG.exe
  2⤵
  PID:2264
- C:\Windows\System\InxmFES.exe
  C:\Windows\System\InxmFES.exe
  2⤵
  PID:1412
- C:\Windows\System\BCbUnbA.exe
  C:\Windows\System\BCbUnbA.exe
  2⤵
  PID:376
- C:\Windows\System\DXtkBDv.exe
  C:\Windows\System\DXtkBDv.exe
  2⤵
  PID:1224
- C:\Windows\System\AMwluOj.exe
  C:\Windows\System\AMwluOj.exe
  2⤵
  PID:740
- C:\Windows\System\shXfnlN.exe
  C:\Windows\System\shXfnlN.exe
  2⤵
  PID:2636
- C:\Windows\System\bZYPnqT.exe
  C:\Windows\System\bZYPnqT.exe
  2⤵
  PID:704
- C:\Windows\System\pYxoCfW.exe
  C:\Windows\System\pYxoCfW.exe
  2⤵
  PID:2288
- C:\Windows\System\qpeZUHA.exe
  C:\Windows\System\qpeZUHA.exe
  2⤵
  PID:2408
- C:\Windows\System\zMoZTbG.exe
  C:\Windows\System\zMoZTbG.exe
  2⤵
  PID:2420
- C:\Windows\System\MxUILNQ.exe
  C:\Windows\System\MxUILNQ.exe
  2⤵
  PID:2532
- C:\Windows\System\ldxbrBt.exe
  C:\Windows\System\ldxbrBt.exe
  2⤵
  PID:1644
- C:\Windows\System\iiHuaOE.exe
  C:\Windows\System\iiHuaOE.exe
  2⤵
  PID:3088
- C:\Windows\System\DMbNqXZ.exe
  C:\Windows\System\DMbNqXZ.exe
  2⤵
  PID:3104
- C:\Windows\System\iToRHHb.exe
  C:\Windows\System\iToRHHb.exe
  2⤵
  PID:3124
- C:\Windows\System\tTKRSEh.exe
  C:\Windows\System\tTKRSEh.exe
  2⤵
  PID:3144
- C:\Windows\System\rcFGIMb.exe
  C:\Windows\System\rcFGIMb.exe
  2⤵
  PID:3168
- C:\Windows\System\UDsyoxS.exe
  C:\Windows\System\UDsyoxS.exe
  2⤵
  PID:3188
- C:\Windows\System\GgGVUJa.exe
  C:\Windows\System\GgGVUJa.exe
  2⤵
  PID:3208
- C:\Windows\System\JIgNEkd.exe
  C:\Windows\System\JIgNEkd.exe
  2⤵
  PID:3228
- C:\Windows\System\NzKVukY.exe
  C:\Windows\System\NzKVukY.exe
  2⤵
  PID:3248
- C:\Windows\System\pWmFLgj.exe
  C:\Windows\System\pWmFLgj.exe
  2⤵
  PID:3268
- C:\Windows\System\UzbuPQw.exe
  C:\Windows\System\UzbuPQw.exe
  2⤵
  PID:3288
- C:\Windows\System\VmtKtpq.exe
  C:\Windows\System\VmtKtpq.exe
  2⤵
  PID:3308
- C:\Windows\System\mxJWIgS.exe
  C:\Windows\System\mxJWIgS.exe
  2⤵
  PID:3328
- C:\Windows\System\puYylFl.exe
  C:\Windows\System\puYylFl.exe
  2⤵
  PID:3348
- C:\Windows\System\ePzUqXb.exe
  C:\Windows\System\ePzUqXb.exe
  2⤵
  PID:3368
- C:\Windows\System\nYsxVrp.exe
  C:\Windows\System\nYsxVrp.exe
  2⤵
  PID:3388
- C:\Windows\System\tdUFAnA.exe
  C:\Windows\System\tdUFAnA.exe
  2⤵
  PID:3408
- C:\Windows\System\gJWyWAJ.exe
  C:\Windows\System\gJWyWAJ.exe
  2⤵
  PID:3428
- C:\Windows\System\DDrVJKq.exe
  C:\Windows\System\DDrVJKq.exe
  2⤵
  PID:3452
- C:\Windows\System\PrNCPgG.exe
  C:\Windows\System\PrNCPgG.exe
  2⤵
  PID:3472
- C:\Windows\System\SGaKvbk.exe
  C:\Windows\System\SGaKvbk.exe
  2⤵
  PID:3488
- C:\Windows\System\mkvhyLm.exe
  C:\Windows\System\mkvhyLm.exe
  2⤵
  PID:3508
- C:\Windows\System\vvyaPaS.exe
  C:\Windows\System\vvyaPaS.exe
  2⤵
  PID:3532
- C:\Windows\System\ihoIBtu.exe
  C:\Windows\System\ihoIBtu.exe
  2⤵
  PID:3552
- C:\Windows\System\ySOqqRl.exe
  C:\Windows\System\ySOqqRl.exe
  2⤵
  PID:3568
- C:\Windows\System\WDNJWll.exe
  C:\Windows\System\WDNJWll.exe
  2⤵
  PID:3588
- C:\Windows\System\wOnMkLA.exe
  C:\Windows\System\wOnMkLA.exe
  2⤵
  PID:3604
- C:\Windows\System\wIitGtp.exe
  C:\Windows\System\wIitGtp.exe
  2⤵
  PID:3628
- C:\Windows\System\vLFaBkN.exe
  C:\Windows\System\vLFaBkN.exe
  2⤵
  PID:3644
- C:\Windows\System\nEBPJmC.exe
  C:\Windows\System\nEBPJmC.exe
  2⤵
  PID:3664
- C:\Windows\System\nFiBlWn.exe
  C:\Windows\System\nFiBlWn.exe
  2⤵
  PID:3692
- C:\Windows\System\AgXkpbS.exe
  C:\Windows\System\AgXkpbS.exe
  2⤵
  PID:3712
- C:\Windows\System\fZBwQAz.exe
  C:\Windows\System\fZBwQAz.exe
  2⤵
  PID:3732
- C:\Windows\System\SvHuvvh.exe
  C:\Windows\System\SvHuvvh.exe
  2⤵
  PID:3752
- C:\Windows\System\FMkuaFs.exe
  C:\Windows\System\FMkuaFs.exe
  2⤵
  PID:3768
- C:\Windows\System\JIwZSEV.exe
  C:\Windows\System\JIwZSEV.exe
  2⤵
  PID:3788
- C:\Windows\System\LAmOafM.exe
  C:\Windows\System\LAmOafM.exe
  2⤵
  PID:3808
- C:\Windows\System\XvnQtJB.exe
  C:\Windows\System\XvnQtJB.exe
  2⤵
  PID:3828
- C:\Windows\System\mjJEZxy.exe
  C:\Windows\System\mjJEZxy.exe
  2⤵
  PID:3848
- C:\Windows\System\aqIIhwD.exe
  C:\Windows\System\aqIIhwD.exe
  2⤵
  PID:3868
- C:\Windows\System\dpSoOyV.exe
  C:\Windows\System\dpSoOyV.exe
  2⤵
  PID:3888
- C:\Windows\System\nSAwZBU.exe
  C:\Windows\System\nSAwZBU.exe
  2⤵
  PID:3912
- C:\Windows\System\gBYlCZr.exe
  C:\Windows\System\gBYlCZr.exe
  2⤵
  PID:3928
- C:\Windows\System\TDmwsia.exe
  C:\Windows\System\TDmwsia.exe
  2⤵
  PID:3948
- C:\Windows\System\ryQkZmD.exe
  C:\Windows\System\ryQkZmD.exe
  2⤵
  PID:3968
- C:\Windows\System\pXgtAnY.exe
  C:\Windows\System\pXgtAnY.exe
  2⤵
  PID:3988
- C:\Windows\System\eraFyfC.exe
  C:\Windows\System\eraFyfC.exe
  2⤵
  PID:4008
- C:\Windows\System\kSTfsWE.exe
  C:\Windows\System\kSTfsWE.exe
  2⤵
  PID:4032
- C:\Windows\System\uxTiSOK.exe
  C:\Windows\System\uxTiSOK.exe
  2⤵
  PID:4048
- C:\Windows\System\qfIBhdN.exe
  C:\Windows\System\qfIBhdN.exe
  2⤵
  PID:4068
- C:\Windows\System\VSaguAo.exe
  C:\Windows\System\VSaguAo.exe
  2⤵
  PID:4088
- C:\Windows\System\Aolbzry.exe
  C:\Windows\System\Aolbzry.exe
  2⤵
  PID:552
- C:\Windows\System\EwQiSOf.exe
  C:\Windows\System\EwQiSOf.exe
  2⤵
  PID:2184
- C:\Windows\System\CfangcN.exe
  C:\Windows\System\CfangcN.exe
  2⤵
  PID:2680
- C:\Windows\System\OZvXKzq.exe
  C:\Windows\System\OZvXKzq.exe
  2⤵
  PID:1956
- C:\Windows\System\cvltHQN.exe
  C:\Windows\System\cvltHQN.exe
  2⤵
  PID:2964
- C:\Windows\System\izgluWe.exe
  C:\Windows\System\izgluWe.exe
  2⤵
  PID:636
- C:\Windows\System\qbYepHX.exe
  C:\Windows\System\qbYepHX.exe
  2⤵
  PID:348
- C:\Windows\System\NPKajQF.exe
  C:\Windows\System\NPKajQF.exe
  2⤵
  PID:2472
- C:\Windows\System\GdTsOUO.exe
  C:\Windows\System\GdTsOUO.exe
  2⤵
  PID:1296
- C:\Windows\System\nayZsDe.exe
  C:\Windows\System\nayZsDe.exe
  2⤵
  PID:2776
- C:\Windows\System\Safhysl.exe
  C:\Windows\System\Safhysl.exe
  2⤵
  PID:1580
- C:\Windows\System\jPHHHbq.exe
  C:\Windows\System\jPHHHbq.exe
  2⤵
  PID:2904
- C:\Windows\System\OHCixKO.exe
  C:\Windows\System\OHCixKO.exe
  2⤵
  PID:3112
- C:\Windows\System\wrBWlqy.exe
  C:\Windows\System\wrBWlqy.exe
  2⤵
  PID:3176
- C:\Windows\System\AYUMJmh.exe
  C:\Windows\System\AYUMJmh.exe
  2⤵
  PID:3224
- C:\Windows\System\ueUgJwY.exe
  C:\Windows\System\ueUgJwY.exe
  2⤵
  PID:3160
- C:\Windows\System\nZxdyNP.exe
  C:\Windows\System\nZxdyNP.exe
  2⤵
  PID:3196
- C:\Windows\System\asEaCaA.exe
  C:\Windows\System\asEaCaA.exe
  2⤵
  PID:3260
- C:\Windows\System\mlBzJZc.exe
  C:\Windows\System\mlBzJZc.exe
  2⤵
  PID:3280
- C:\Windows\System\pFhoPFy.exe
  C:\Windows\System\pFhoPFy.exe
  2⤵
  PID:3324
- C:\Windows\System\VUYLXBX.exe
  C:\Windows\System\VUYLXBX.exe
  2⤵
  PID:3424
- C:\Windows\System\MlghNkP.exe
  C:\Windows\System\MlghNkP.exe
  2⤵
  PID:3396
- C:\Windows\System\KrcNBuB.exe
  C:\Windows\System\KrcNBuB.exe
  2⤵
  PID:3436
- C:\Windows\System\uhxzSXg.exe
  C:\Windows\System\uhxzSXg.exe
  2⤵
  PID:3504
- C:\Windows\System\uvLbdbc.exe
  C:\Windows\System\uvLbdbc.exe
  2⤵
  PID:3528
- C:\Windows\System\qBfiqwD.exe
  C:\Windows\System\qBfiqwD.exe
  2⤵
  PID:3544
- C:\Windows\System\fEviGuB.exe
  C:\Windows\System\fEviGuB.exe
  2⤵
  PID:3612
- C:\Windows\System\LszPXNJ.exe
  C:\Windows\System\LszPXNJ.exe
  2⤵
  PID:3564
- C:\Windows\System\OpVxDTl.exe
  C:\Windows\System\OpVxDTl.exe
  2⤵
  PID:3656
- C:\Windows\System\KHfBtym.exe
  C:\Windows\System\KHfBtym.exe
  2⤵
  PID:3688
- C:\Windows\System\BihnoEa.exe
  C:\Windows\System\BihnoEa.exe
  2⤵
  PID:3684
- C:\Windows\System\dfCuQhq.exe
  C:\Windows\System\dfCuQhq.exe
  2⤵
  PID:3780
- C:\Windows\System\pYeWmlx.exe
  C:\Windows\System\pYeWmlx.exe
  2⤵
  PID:3864
- C:\Windows\System\HgKBoUQ.exe
  C:\Windows\System\HgKBoUQ.exe
  2⤵
  PID:3724
- C:\Windows\System\knBQvrK.exe
  C:\Windows\System\knBQvrK.exe
  2⤵
  PID:3908
- C:\Windows\System\xVTLNbb.exe
  C:\Windows\System\xVTLNbb.exe
  2⤵
  PID:3844
- C:\Windows\System\Cznwvkl.exe
  C:\Windows\System\Cznwvkl.exe
  2⤵
  PID:3976
- C:\Windows\System\vtxdKfc.exe
  C:\Windows\System\vtxdKfc.exe
  2⤵
  PID:4024
- C:\Windows\System\rdqospJ.exe
  C:\Windows\System\rdqospJ.exe
  2⤵
  PID:4060
- C:\Windows\System\ymudxws.exe
  C:\Windows\System\ymudxws.exe
  2⤵
  PID:3884
- C:\Windows\System\pvVOUiD.exe
  C:\Windows\System\pvVOUiD.exe
  2⤵
  PID:3956
- C:\Windows\System\ghiqBXj.exe
  C:\Windows\System\ghiqBXj.exe
  2⤵
  PID:2172
- C:\Windows\System\ATAZcBR.exe
  C:\Windows\System\ATAZcBR.exe
  2⤵
  PID:1908
- C:\Windows\System\JoYIdST.exe
  C:\Windows\System\JoYIdST.exe
  2⤵
  PID:1268
- C:\Windows\System\TaWmthm.exe
  C:\Windows\System\TaWmthm.exe
  2⤵
  PID:880
- C:\Windows\System\tIQpAkP.exe
  C:\Windows\System\tIQpAkP.exe
  2⤵
  PID:2444
- C:\Windows\System\FaSnRWc.exe
  C:\Windows\System\FaSnRWc.exe
  2⤵
  PID:1676
- C:\Windows\System\MrXwrYF.exe
  C:\Windows\System\MrXwrYF.exe
  2⤵
  PID:3080
- C:\Windows\System\FWtHOHL.exe
  C:\Windows\System\FWtHOHL.exe
  2⤵
  PID:3204
- C:\Windows\System\njADmFc.exe
  C:\Windows\System\njADmFc.exe
  2⤵
  PID:3304
- C:\Windows\System\ZfeeIIh.exe
  C:\Windows\System\ZfeeIIh.exe
  2⤵
  PID:3244
- C:\Windows\System\uvXlHFe.exe
  C:\Windows\System\uvXlHFe.exe
  2⤵
  PID:3140
- C:\Windows\System\dYwuBoN.exe
  C:\Windows\System\dYwuBoN.exe
  2⤵
  PID:3416
- C:\Windows\System\GLDeBcJ.exe
  C:\Windows\System\GLDeBcJ.exe
  2⤵
  PID:3336
- C:\Windows\System\kgqRMdb.exe
  C:\Windows\System\kgqRMdb.exe
  2⤵
  PID:3340
- C:\Windows\System\DqWnvDB.exe
  C:\Windows\System\DqWnvDB.exe
  2⤵
  PID:3364
- C:\Windows\System\iqBruTz.exe
  C:\Windows\System\iqBruTz.exe
  2⤵
  PID:3448
- C:\Windows\System\XriRzuB.exe
  C:\Windows\System\XriRzuB.exe
  2⤵
  PID:3540
- C:\Windows\System\rNNUhac.exe
  C:\Windows\System\rNNUhac.exe
  2⤵
  PID:3708
- C:\Windows\System\fepkbLt.exe
  C:\Windows\System\fepkbLt.exe
  2⤵
  PID:3640
- C:\Windows\System\hWyJtnr.exe
  C:\Windows\System\hWyJtnr.exe
  2⤵
  PID:3820
- C:\Windows\System\krQisse.exe
  C:\Windows\System\krQisse.exe
  2⤵
  PID:3784
- C:\Windows\System\IexnKVd.exe
  C:\Windows\System\IexnKVd.exe
  2⤵
  PID:3944
- C:\Windows\System\BaJgIEw.exe
  C:\Windows\System\BaJgIEw.exe
  2⤵
  PID:3796
- C:\Windows\System\QKlqSpF.exe
  C:\Windows\System\QKlqSpF.exe
  2⤵
  PID:3960
- C:\Windows\System\XiCXWgy.exe
  C:\Windows\System\XiCXWgy.exe
  2⤵
  PID:3964
- C:\Windows\System\ZUkXTkL.exe
  C:\Windows\System\ZUkXTkL.exe
  2⤵
  PID:1696
- C:\Windows\System\GKWiLQy.exe
  C:\Windows\System\GKWiLQy.exe
  2⤵
  PID:4004
- C:\Windows\System\ESweGON.exe
  C:\Windows\System\ESweGON.exe
  2⤵
  PID:340
- C:\Windows\System\GnlOSxo.exe
  C:\Windows\System\GnlOSxo.exe
  2⤵
  PID:4084
- C:\Windows\System\TCdOHOk.exe
  C:\Windows\System\TCdOHOk.exe
  2⤵
  PID:1472
- C:\Windows\System\XpicGMI.exe
  C:\Windows\System\XpicGMI.exe
  2⤵
  PID:2188
- C:\Windows\System\TGrWKgn.exe
  C:\Windows\System\TGrWKgn.exe
  2⤵
  PID:896
- C:\Windows\System\sdDUpZB.exe
  C:\Windows\System\sdDUpZB.exe
  2⤵
  PID:3152
- C:\Windows\System\eqxJkRl.exe
  C:\Windows\System\eqxJkRl.exe
  2⤵
  PID:3520
- C:\Windows\System\JnBJAFS.exe
  C:\Windows\System\JnBJAFS.exe
  2⤵
  PID:4108
- C:\Windows\System\aUninMN.exe
  C:\Windows\System\aUninMN.exe
  2⤵
  PID:4128
- C:\Windows\System\PoFozmQ.exe
  C:\Windows\System\PoFozmQ.exe
  2⤵
  PID:4148
- C:\Windows\System\QPqLLyX.exe
  C:\Windows\System\QPqLLyX.exe
  2⤵
  PID:4164
- C:\Windows\System\HlZNZks.exe
  C:\Windows\System\HlZNZks.exe
  2⤵
  PID:4184
- C:\Windows\System\ZExfexl.exe
  C:\Windows\System\ZExfexl.exe
  2⤵
  PID:4200
- C:\Windows\System\gncRMtE.exe
  C:\Windows\System\gncRMtE.exe
  2⤵
  PID:4220
- C:\Windows\System\YABepDD.exe
  C:\Windows\System\YABepDD.exe
  2⤵
  PID:4236
- C:\Windows\System\npperdt.exe
  C:\Windows\System\npperdt.exe
  2⤵
  PID:4256
- C:\Windows\System\bqIYjay.exe
  C:\Windows\System\bqIYjay.exe
  2⤵
  PID:4276
- C:\Windows\System\UvsDzCn.exe
  C:\Windows\System\UvsDzCn.exe
  2⤵
  PID:4292
- C:\Windows\System\pyCqpBR.exe
  C:\Windows\System\pyCqpBR.exe
  2⤵
  PID:4316
- C:\Windows\System\yXsqRMk.exe
  C:\Windows\System\yXsqRMk.exe
  2⤵
  PID:4352
- C:\Windows\System\Nlmipnr.exe
  C:\Windows\System\Nlmipnr.exe
  2⤵
  PID:4368
- C:\Windows\System\Wwtroaa.exe
  C:\Windows\System\Wwtroaa.exe
  2⤵
  PID:4388
- C:\Windows\System\PPbjXSZ.exe
  C:\Windows\System\PPbjXSZ.exe
  2⤵
  PID:4408
- C:\Windows\System\vwaiObx.exe
  C:\Windows\System\vwaiObx.exe
  2⤵
  PID:4432
- C:\Windows\System\ElOAWwa.exe
  C:\Windows\System\ElOAWwa.exe
  2⤵
  PID:4448
- C:\Windows\System\knRydYQ.exe
  C:\Windows\System\knRydYQ.exe
  2⤵
  PID:4468
- C:\Windows\System\tlYjbtB.exe
  C:\Windows\System\tlYjbtB.exe
  2⤵
  PID:4488
- C:\Windows\System\cvwWZGq.exe
  C:\Windows\System\cvwWZGq.exe
  2⤵
  PID:4508
- C:\Windows\System\LaBRUUg.exe
  C:\Windows\System\LaBRUUg.exe
  2⤵
  PID:4528
- C:\Windows\System\PyxwnKm.exe
  C:\Windows\System\PyxwnKm.exe
  2⤵
  PID:4548
- C:\Windows\System\AKgQnOP.exe
  C:\Windows\System\AKgQnOP.exe
  2⤵
  PID:4572
- C:\Windows\System\LtZbQUC.exe
  C:\Windows\System\LtZbQUC.exe
  2⤵
  PID:4588
- C:\Windows\System\dvvpnMi.exe
  C:\Windows\System\dvvpnMi.exe
  2⤵
  PID:4612
- C:\Windows\System\ldJBRrm.exe
  C:\Windows\System\ldJBRrm.exe
  2⤵
  PID:4632
- C:\Windows\System\QmPXrWv.exe
  C:\Windows\System\QmPXrWv.exe
  2⤵
  PID:4652
- C:\Windows\System\pfXbegA.exe
  C:\Windows\System\pfXbegA.exe
  2⤵
  PID:4672
- C:\Windows\System\czWFJFS.exe
  C:\Windows\System\czWFJFS.exe
  2⤵
  PID:4688
- C:\Windows\System\gKWBznj.exe
  C:\Windows\System\gKWBznj.exe
  2⤵
  PID:4708
- C:\Windows\System\SbhhFzR.exe
  C:\Windows\System\SbhhFzR.exe
  2⤵
  PID:4728
- C:\Windows\System\qSKabLc.exe
  C:\Windows\System\qSKabLc.exe
  2⤵
  PID:4752
- C:\Windows\System\FDFjPbg.exe
  C:\Windows\System\FDFjPbg.exe
  2⤵
  PID:4772
- C:\Windows\System\EbtsEzT.exe
  C:\Windows\System\EbtsEzT.exe
  2⤵
  PID:4788
- C:\Windows\System\mfWvltS.exe
  C:\Windows\System\mfWvltS.exe
  2⤵
  PID:4804
- C:\Windows\System\DfLwbJO.exe
  C:\Windows\System\DfLwbJO.exe
  2⤵
  PID:4824
- C:\Windows\System\yescRvR.exe
  C:\Windows\System\yescRvR.exe
  2⤵
  PID:4848
- C:\Windows\System\HJNMXsD.exe
  C:\Windows\System\HJNMXsD.exe
  2⤵
  PID:4864
- C:\Windows\System\oEfKudu.exe
  C:\Windows\System\oEfKudu.exe
  2⤵
  PID:4884
- C:\Windows\System\aDQtquw.exe
  C:\Windows\System\aDQtquw.exe
  2⤵
  PID:4904
- C:\Windows\System\rEtTGAG.exe
  C:\Windows\System\rEtTGAG.exe
  2⤵
  PID:4928
- C:\Windows\System\YiCbfIc.exe
  C:\Windows\System\YiCbfIc.exe
  2⤵
  PID:4948
- C:\Windows\System\nlQRxuE.exe
  C:\Windows\System\nlQRxuE.exe
  2⤵
  PID:4968
- C:\Windows\System\LTzHorT.exe
  C:\Windows\System\LTzHorT.exe
  2⤵
  PID:4984
- C:\Windows\System\dOqKqbI.exe
  C:\Windows\System\dOqKqbI.exe
  2⤵
  PID:5004
- C:\Windows\System\mAUtSlJ.exe
  C:\Windows\System\mAUtSlJ.exe
  2⤵
  PID:5024
- C:\Windows\System\hAkElLZ.exe
  C:\Windows\System\hAkElLZ.exe
  2⤵
  PID:5040
- C:\Windows\System\vXNzKcV.exe
  C:\Windows\System\vXNzKcV.exe
  2⤵
  PID:5060
- C:\Windows\System\dpNGLYb.exe
  C:\Windows\System\dpNGLYb.exe
  2⤵
  PID:5080
- C:\Windows\System\OQiIaZe.exe
  C:\Windows\System\OQiIaZe.exe
  2⤵
  PID:5100
- C:\Windows\System\eJWSYuj.exe
  C:\Windows\System\eJWSYuj.exe
  2⤵
  PID:3596
- C:\Windows\System\vDCCJms.exe
  C:\Windows\System\vDCCJms.exe
  2⤵
  PID:3660
- C:\Windows\System\OIHPwFA.exe
  C:\Windows\System\OIHPwFA.exe
  2⤵
  PID:3704
- C:\Windows\System\MzfwLOX.exe
  C:\Windows\System\MzfwLOX.exe
  2⤵
  PID:3920
- C:\Windows\System\NJBUIyG.exe
  C:\Windows\System\NJBUIyG.exe
  2⤵
  PID:3580
- C:\Windows\System\FueMsaM.exe
  C:\Windows\System\FueMsaM.exe
  2⤵
  PID:3720
- C:\Windows\System\bAbqiQP.exe
  C:\Windows\System\bAbqiQP.exe
  2⤵
  PID:4020
- C:\Windows\System\KDNVhTT.exe
  C:\Windows\System\KDNVhTT.exe
  2⤵
  PID:1948
- C:\Windows\System\zxWZbRr.exe
  C:\Windows\System\zxWZbRr.exe
  2⤵
  PID:3132
- C:\Windows\System\mAsLAri.exe
  C:\Windows\System\mAsLAri.exe
  2⤵
  PID:4044
- C:\Windows\System\icidxrU.exe
  C:\Windows\System\icidxrU.exe
  2⤵
  PID:2248
- C:\Windows\System\IwkvoXW.exe
  C:\Windows\System\IwkvoXW.exe
  2⤵
  PID:2244
- C:\Windows\System\uiNcBMk.exe
  C:\Windows\System\uiNcBMk.exe
  2⤵
  PID:4160
- C:\Windows\System\xaoLmUw.exe
  C:\Windows\System\xaoLmUw.exe
  2⤵
  PID:4196
- C:\Windows\System\aMcAnWi.exe
  C:\Windows\System\aMcAnWi.exe
  2⤵
  PID:4268
- C:\Windows\System\nKbIgrH.exe
  C:\Windows\System\nKbIgrH.exe
  2⤵
  PID:4212
- C:\Windows\System\HEnFVKA.exe
  C:\Windows\System\HEnFVKA.exe
  2⤵
  PID:4136
- C:\Windows\System\MRNMNqV.exe
  C:\Windows\System\MRNMNqV.exe
  2⤵
  PID:4216
- C:\Windows\System\dzzCBnP.exe
  C:\Windows\System\dzzCBnP.exe
  2⤵
  PID:4360
- C:\Windows\System\JUXoPcV.exe
  C:\Windows\System\JUXoPcV.exe
  2⤵
  PID:4324
- C:\Windows\System\YIfOpju.exe
  C:\Windows\System\YIfOpju.exe
  2⤵
  PID:4348
- C:\Windows\System\QQtEtaq.exe
  C:\Windows\System\QQtEtaq.exe
  2⤵
  PID:4384
- C:\Windows\System\hwJVVwM.exe
  C:\Windows\System\hwJVVwM.exe
  2⤵
  PID:4444
- C:\Windows\System\cKuyIUy.exe
  C:\Windows\System\cKuyIUy.exe
  2⤵
  PID:4464
- C:\Windows\System\wwAlyIk.exe
  C:\Windows\System\wwAlyIk.exe
  2⤵
  PID:4568
- C:\Windows\System\jvqirkp.exe
  C:\Windows\System\jvqirkp.exe
  2⤵
  PID:4600
- C:\Windows\System\lHsPTaO.exe
  C:\Windows\System\lHsPTaO.exe
  2⤵
  PID:4536
- C:\Windows\System\kmLLcgb.exe
  C:\Windows\System\kmLLcgb.exe
  2⤵
  PID:4580
- C:\Windows\System\wWZWbdm.exe
  C:\Windows\System\wWZWbdm.exe
  2⤵
  PID:4628
- C:\Windows\System\XnWZxPr.exe
  C:\Windows\System\XnWZxPr.exe
  2⤵
  PID:4716
- C:\Windows\System\SvnenGy.exe
  C:\Windows\System\SvnenGy.exe
  2⤵
  PID:4664
- C:\Windows\System\HDQhQgv.exe
  C:\Windows\System\HDQhQgv.exe
  2⤵
  PID:4740
- C:\Windows\System\UykTsCi.exe
  C:\Windows\System\UykTsCi.exe
  2⤵
  PID:4744
- C:\Windows\System\ExBnKGm.exe
  C:\Windows\System\ExBnKGm.exe
  2⤵
  PID:4872
- C:\Windows\System\LUagaWj.exe
  C:\Windows\System\LUagaWj.exe
  2⤵
  PID:4876
- C:\Windows\System\yOhrnkm.exe
  C:\Windows\System\yOhrnkm.exe
  2⤵
  PID:4812
- C:\Windows\System\JtCeWPM.exe
  C:\Windows\System\JtCeWPM.exe
  2⤵
  PID:4892
- C:\Windows\System\IoLbryc.exe
  C:\Windows\System\IoLbryc.exe
  2⤵
  PID:4940
- C:\Windows\System\oaeZHpd.exe
  C:\Windows\System\oaeZHpd.exe
  2⤵
  PID:5032
- C:\Windows\System\QhMvoSN.exe
  C:\Windows\System\QhMvoSN.exe
  2⤵
  PID:5076
- C:\Windows\System\PGpWrDT.exe
  C:\Windows\System\PGpWrDT.exe
  2⤵
  PID:4980
- C:\Windows\System\tpjPFbo.exe
  C:\Windows\System\tpjPFbo.exe
  2⤵
  PID:5088
- C:\Windows\System\DbWBdXR.exe
  C:\Windows\System\DbWBdXR.exe
  2⤵
  PID:3856
- C:\Windows\System\bmzkavS.exe
  C:\Windows\System\bmzkavS.exe
  2⤵
  PID:3400
- C:\Windows\System\OQAmijg.exe
  C:\Windows\System\OQAmijg.exe
  2⤵
  PID:3980
- C:\Windows\System\vKNLekn.exe
  C:\Windows\System\vKNLekn.exe
  2⤵
  PID:4016
- C:\Windows\System\Sasjxec.exe
  C:\Windows\System\Sasjxec.exe
  2⤵
  PID:3636
- C:\Windows\System\tTAgbsY.exe
  C:\Windows\System\tTAgbsY.exe
  2⤵
  PID:4120
- C:\Windows\System\LkZveaR.exe
  C:\Windows\System\LkZveaR.exe
  2⤵
  PID:3136
- C:\Windows\System\rvKFfcX.exe
  C:\Windows\System\rvKFfcX.exe
  2⤵
  PID:2284
- C:\Windows\System\JViiorT.exe
  C:\Windows\System\JViiorT.exe
  2⤵
  PID:4312
- C:\Windows\System\GerkJUj.exe
  C:\Windows\System\GerkJUj.exe
  2⤵
  PID:4308
- C:\Windows\System\QmubeNj.exe
  C:\Windows\System\QmubeNj.exe
  2⤵
  PID:4176
- C:\Windows\System\UIepaXA.exe
  C:\Windows\System\UIepaXA.exe
  2⤵
  PID:4440
- C:\Windows\System\MqFgwUR.exe
  C:\Windows\System\MqFgwUR.exe
  2⤵
  PID:4404
- C:\Windows\System\AFbpcmA.exe
  C:\Windows\System\AFbpcmA.exe
  2⤵
  PID:4400
- C:\Windows\System\xszQycQ.exe
  C:\Windows\System\xszQycQ.exe
  2⤵
  PID:4504
- C:\Windows\System\tUWYPip.exe
  C:\Windows\System\tUWYPip.exe
  2⤵
  PID:4760
- C:\Windows\System\uLtkOyh.exe
  C:\Windows\System\uLtkOyh.exe
  2⤵
  PID:4596
- C:\Windows\System\sbWAyaT.exe
  C:\Windows\System\sbWAyaT.exe
  2⤵
  PID:4748
- C:\Windows\System\dAmddvd.exe
  C:\Windows\System\dAmddvd.exe
  2⤵
  PID:4684
- C:\Windows\System\ujNBSKg.exe
  C:\Windows\System\ujNBSKg.exe
  2⤵
  PID:4500
- C:\Windows\System\sngeGWq.exe
  C:\Windows\System\sngeGWq.exe
  2⤵
  PID:4820
- C:\Windows\System\KuTkfFW.exe
  C:\Windows\System\KuTkfFW.exe
  2⤵
  PID:4996
- C:\Windows\System\uCszXcL.exe
  C:\Windows\System\uCszXcL.exe
  2⤵
  PID:4836
- C:\Windows\System\tgxiNcU.exe
  C:\Windows\System\tgxiNcU.exe
  2⤵
  PID:4960
- C:\Windows\System\wHDFiQf.exe
  C:\Windows\System\wHDFiQf.exe
  2⤵
  PID:5112
- C:\Windows\System\FGJFhZi.exe
  C:\Windows\System\FGJFhZi.exe
  2⤵
  PID:3584
- C:\Windows\System\bnnihip.exe
  C:\Windows\System\bnnihip.exe
  2⤵
  PID:3516
- C:\Windows\System\DguiywF.exe
  C:\Windows\System\DguiywF.exe
  2⤵
  PID:5012
- C:\Windows\System\lAnuXDk.exe
  C:\Windows\System\lAnuXDk.exe
  2⤵
  PID:3256
- C:\Windows\System\wTCCSfd.exe
  C:\Windows\System\wTCCSfd.exe
  2⤵
  PID:4232
- C:\Windows\System\mCLrYBo.exe
  C:\Windows\System\mCLrYBo.exe
  2⤵
  PID:4180
- C:\Windows\System\PoUQhJE.exe
  C:\Windows\System\PoUQhJE.exe
  2⤵
  PID:4520
- C:\Windows\System\GfWeKwh.exe
  C:\Windows\System\GfWeKwh.exe
  2⤵
  PID:4344
- C:\Windows\System\HcxuPRi.exe
  C:\Windows\System\HcxuPRi.exe
  2⤵
  PID:4424
- C:\Windows\System\sbjEJeI.exe
  C:\Windows\System\sbjEJeI.exe
  2⤵
  PID:4668
- C:\Windows\System\dYGIdUx.exe
  C:\Windows\System\dYGIdUx.exe
  2⤵
  PID:4680
- C:\Windows\System\hrlfBtW.exe
  C:\Windows\System\hrlfBtW.exe
  2⤵
  PID:5128
- C:\Windows\System\UQfxYUt.exe
  C:\Windows\System\UQfxYUt.exe
  2⤵
  PID:5148
- C:\Windows\System\qblCYqy.exe
  C:\Windows\System\qblCYqy.exe
  2⤵
  PID:5164
- C:\Windows\System\TSzAITP.exe
  C:\Windows\System\TSzAITP.exe
  2⤵
  PID:5184
- C:\Windows\System\WvcfTgZ.exe
  C:\Windows\System\WvcfTgZ.exe
  2⤵
  PID:5204
- C:\Windows\System\CwfaYcp.exe
  C:\Windows\System\CwfaYcp.exe
  2⤵
  PID:5224
- C:\Windows\System\BQrgvXI.exe
  C:\Windows\System\BQrgvXI.exe
  2⤵
  PID:5244
- C:\Windows\System\URFicAR.exe
  C:\Windows\System\URFicAR.exe
  2⤵
  PID:5260
- C:\Windows\System\eMJqbLk.exe
  C:\Windows\System\eMJqbLk.exe
  2⤵
  PID:5276
- C:\Windows\System\SmOrpUe.exe
  C:\Windows\System\SmOrpUe.exe
  2⤵
  PID:5296
- C:\Windows\System\uVHNBUR.exe
  C:\Windows\System\uVHNBUR.exe
  2⤵
  PID:5316
- C:\Windows\System\RLCwISF.exe
  C:\Windows\System\RLCwISF.exe
  2⤵
  PID:5332
- C:\Windows\System\niEZtQZ.exe
  C:\Windows\System\niEZtQZ.exe
  2⤵
  PID:5368
- C:\Windows\System\yrZylfW.exe
  C:\Windows\System\yrZylfW.exe
  2⤵
  PID:5392
- C:\Windows\System\iKGemOP.exe
  C:\Windows\System\iKGemOP.exe
  2⤵
  PID:5412
- C:\Windows\System\SoFfGWv.exe
  C:\Windows\System\SoFfGWv.exe
  2⤵
  PID:5428
- C:\Windows\System\KItlksk.exe
  C:\Windows\System\KItlksk.exe
  2⤵
  PID:5448
- C:\Windows\System\DzStqDZ.exe
  C:\Windows\System\DzStqDZ.exe
  2⤵
  PID:5472
- C:\Windows\System\qLTHBgl.exe
  C:\Windows\System\qLTHBgl.exe
  2⤵
  PID:5492
- C:\Windows\System\iWHRVEq.exe
  C:\Windows\System\iWHRVEq.exe
  2⤵
  PID:5512
- C:\Windows\System\hANJLWe.exe
  C:\Windows\System\hANJLWe.exe
  2⤵
  PID:5536
- C:\Windows\System\BIkBrfI.exe
  C:\Windows\System\BIkBrfI.exe
  2⤵
  PID:5552
- C:\Windows\System\LCVZUHh.exe
  C:\Windows\System\LCVZUHh.exe
  2⤵
  PID:5576
- C:\Windows\System\sSBrktz.exe
  C:\Windows\System\sSBrktz.exe
  2⤵
  PID:5596
- C:\Windows\System\hIuEJqj.exe
  C:\Windows\System\hIuEJqj.exe
  2⤵
  PID:5616
- C:\Windows\System\decedkQ.exe
  C:\Windows\System\decedkQ.exe
  2⤵
  PID:5632
- C:\Windows\System\mkGQJpx.exe
  C:\Windows\System\mkGQJpx.exe
  2⤵
  PID:5648
- C:\Windows\System\uLcFQsh.exe
  C:\Windows\System\uLcFQsh.exe
  2⤵
  PID:5668
- C:\Windows\System\DkDicDY.exe
  C:\Windows\System\DkDicDY.exe
  2⤵
  PID:5688
- C:\Windows\System\GogSDcH.exe
  C:\Windows\System\GogSDcH.exe
  2⤵
  PID:5708
- C:\Windows\System\qRJtKek.exe
  C:\Windows\System\qRJtKek.exe
  2⤵
  PID:5728
- C:\Windows\System\WxUBROB.exe
  C:\Windows\System\WxUBROB.exe
  2⤵
  PID:5744
- C:\Windows\System\ufYHpVy.exe
  C:\Windows\System\ufYHpVy.exe
  2⤵
  PID:5764
- C:\Windows\System\WklidDY.exe
  C:\Windows\System\WklidDY.exe
  2⤵
  PID:5788
- C:\Windows\System\nzpTQzv.exe
  C:\Windows\System\nzpTQzv.exe
  2⤵
  PID:5808
- C:\Windows\System\dsHwFuA.exe
  C:\Windows\System\dsHwFuA.exe
  2⤵
  PID:5824
- C:\Windows\System\gZBuZtm.exe
  C:\Windows\System\gZBuZtm.exe
  2⤵
  PID:5844
- C:\Windows\System\YlxgQcm.exe
  C:\Windows\System\YlxgQcm.exe
  2⤵
  PID:5860
- C:\Windows\System\BhvmWQv.exe
  C:\Windows\System\BhvmWQv.exe
  2⤵
  PID:5884
- C:\Windows\System\mFUAjVS.exe
  C:\Windows\System\mFUAjVS.exe
  2⤵
  PID:5904
- C:\Windows\System\pgugPpi.exe
  C:\Windows\System\pgugPpi.exe
  2⤵
  PID:5920
- C:\Windows\System\UlGNQEI.exe
  C:\Windows\System\UlGNQEI.exe
  2⤵
  PID:5940
- C:\Windows\System\XeVLlau.exe
  C:\Windows\System\XeVLlau.exe
  2⤵
  PID:5972
- C:\Windows\System\jmSnywc.exe
  C:\Windows\System\jmSnywc.exe
  2⤵
  PID:5996
- C:\Windows\System\wsqLNba.exe
  C:\Windows\System\wsqLNba.exe
  2⤵
  PID:6012
- C:\Windows\System\xFAoUnj.exe
  C:\Windows\System\xFAoUnj.exe
  2⤵
  PID:6032
- C:\Windows\System\yEehrya.exe
  C:\Windows\System\yEehrya.exe
  2⤵
  PID:6052
- C:\Windows\System\haAgTcB.exe
  C:\Windows\System\haAgTcB.exe
  2⤵
  PID:6068
- C:\Windows\System\uTcmeMb.exe
  C:\Windows\System\uTcmeMb.exe
  2⤵
  PID:6088
- C:\Windows\System\HVmdKzD.exe
  C:\Windows\System\HVmdKzD.exe
  2⤵
  PID:6112
- C:\Windows\System\ORmhrid.exe
  C:\Windows\System\ORmhrid.exe
  2⤵
  PID:6132
- C:\Windows\System\JqCAETA.exe
  C:\Windows\System\JqCAETA.exe
  2⤵
  PID:4880
- C:\Windows\System\EyRpiyW.exe
  C:\Windows\System\EyRpiyW.exe
  2⤵
  PID:4920
- C:\Windows\System\xErlZgj.exe
  C:\Windows\System\xErlZgj.exe
  2⤵
  PID:3624
- C:\Windows\System\exErQBM.exe
  C:\Windows\System\exErQBM.exe
  2⤵
  PID:4620
- C:\Windows\System\tiWjWfL.exe
  C:\Windows\System\tiWjWfL.exe
  2⤵
  PID:3896
- C:\Windows\System\yfbhhuO.exe
  C:\Windows\System\yfbhhuO.exe
  2⤵
  PID:4116
- C:\Windows\System\zAioXys.exe
  C:\Windows\System\zAioXys.exe
  2⤵
  PID:5000
- C:\Windows\System\EaZZChM.exe
  C:\Windows\System\EaZZChM.exe
  2⤵
  PID:5056
- C:\Windows\System\RoKueav.exe
  C:\Windows\System\RoKueav.exe
  2⤵
  PID:4516
- C:\Windows\System\XaFdnYi.exe
  C:\Windows\System\XaFdnYi.exe
  2⤵
  PID:5160
- C:\Windows\System\dYaEokg.exe
  C:\Windows\System\dYaEokg.exe
  2⤵
  PID:4040
- C:\Windows\System\TUMqhWc.exe
  C:\Windows\System\TUMqhWc.exe
  2⤵
  PID:4556
- C:\Windows\System\QgtxCQH.exe
  C:\Windows\System\QgtxCQH.exe
  2⤵
  PID:4560
- C:\Windows\System\fobxnFr.exe
  C:\Windows\System\fobxnFr.exe
  2⤵
  PID:5272
- C:\Windows\System\uvJzAHM.exe
  C:\Windows\System\uvJzAHM.exe
  2⤵
  PID:5172
- C:\Windows\System\HyCYojP.exe
  C:\Windows\System\HyCYojP.exe
  2⤵
  PID:5352
- C:\Windows\System\zHWmymE.exe
  C:\Windows\System\zHWmymE.exe
  2⤵
  PID:5408
- C:\Windows\System\IUqeMrQ.exe
  C:\Windows\System\IUqeMrQ.exe
  2⤵
  PID:5324
- C:\Windows\System\uGrQxBX.exe
  C:\Windows\System\uGrQxBX.exe
  2⤵
  PID:5252
- C:\Windows\System\aZKoBcP.exe
  C:\Windows\System\aZKoBcP.exe
  2⤵
  PID:5384
- C:\Windows\System\TttTfiK.exe
  C:\Windows\System\TttTfiK.exe
  2⤵
  PID:5328
- C:\Windows\System\CKGePbm.exe
  C:\Windows\System\CKGePbm.exe
  2⤵
  PID:5488
- C:\Windows\System\ZvsupOC.exe
  C:\Windows\System\ZvsupOC.exe
  2⤵
  PID:5528
- C:\Windows\System\rolsExr.exe
  C:\Windows\System\rolsExr.exe
  2⤵
  PID:5468
- C:\Windows\System\grsgknu.exe
  C:\Windows\System\grsgknu.exe
  2⤵
  PID:5544
- C:\Windows\System\hxnxBBc.exe
  C:\Windows\System\hxnxBBc.exe
  2⤵
  PID:2584
- C:\Windows\System\TmvBfaD.exe
  C:\Windows\System\TmvBfaD.exe
  2⤵
  PID:2404
- C:\Windows\System\OyNIwiP.exe
  C:\Windows\System\OyNIwiP.exe
  2⤵
  PID:5676
- C:\Windows\System\swZBTrx.exe
  C:\Windows\System\swZBTrx.exe
  2⤵
  PID:5724
- C:\Windows\System\mAybzPE.exe
  C:\Windows\System\mAybzPE.exe
  2⤵
  PID:5760
- C:\Windows\System\NZCPbpE.exe
  C:\Windows\System\NZCPbpE.exe
  2⤵
  PID:5736
- C:\Windows\System\nyzCgeq.exe
  C:\Windows\System\nyzCgeq.exe
  2⤵
  PID:5696
- C:\Windows\System\wlnpMtX.exe
  C:\Windows\System\wlnpMtX.exe
  2⤵
  PID:5800
- C:\Windows\System\jnOobta.exe
  C:\Windows\System\jnOobta.exe
  2⤵
  PID:5872
- C:\Windows\System\GOcbpXg.exe
  C:\Windows\System\GOcbpXg.exe
  2⤵
  PID:5948
- C:\Windows\System\aODmORO.exe
  C:\Windows\System\aODmORO.exe
  2⤵
  PID:5964
- C:\Windows\System\LXnCCwp.exe
  C:\Windows\System\LXnCCwp.exe
  2⤵
  PID:5852
- C:\Windows\System\yYOjEfO.exe
  C:\Windows\System\yYOjEfO.exe
  2⤵
  PID:6048
- C:\Windows\System\CDnTNEb.exe
  C:\Windows\System\CDnTNEb.exe
  2⤵
  PID:5936
- C:\Windows\System\wxvGHkh.exe
  C:\Windows\System\wxvGHkh.exe
  2⤵
  PID:5984
- C:\Windows\System\wZnYqjh.exe
  C:\Windows\System\wZnYqjh.exe
  2⤵
  PID:6020
- C:\Windows\System\NSbWzCb.exe
  C:\Windows\System\NSbWzCb.exe
  2⤵
  PID:6124
- C:\Windows\System\rpWQEeO.exe
  C:\Windows\System\rpWQEeO.exe
  2⤵
  PID:4844
- C:\Windows\System\IGMyZkr.exe
  C:\Windows\System\IGMyZkr.exe
  2⤵
  PID:6096
- C:\Windows\System\lynlOps.exe
  C:\Windows\System\lynlOps.exe
  2⤵
  PID:4272
- C:\Windows\System\aQDXiFD.exe
  C:\Windows\System\aQDXiFD.exe
  2⤵
  PID:4856
- C:\Windows\System\NtIxCOR.exe
  C:\Windows\System\NtIxCOR.exe
  2⤵
  PID:4648
- C:\Windows\System\GcRefAv.exe
  C:\Windows\System\GcRefAv.exe
  2⤵
  PID:5232
- C:\Windows\System\DaiJrTR.exe
  C:\Windows\System\DaiJrTR.exe
  2⤵
  PID:5236
- C:\Windows\System\JabvaGM.exe
  C:\Windows\System\JabvaGM.exe
  2⤵
  PID:2432
- C:\Windows\System\yPekwFz.exe
  C:\Windows\System\yPekwFz.exe
  2⤵
  PID:4380
- C:\Windows\System\ocXqiBM.exe
  C:\Windows\System\ocXqiBM.exe
  2⤵
  PID:5292
- C:\Windows\System\rofPxfW.exe
  C:\Windows\System\rofPxfW.exe
  2⤵
  PID:5180
- C:\Windows\System\YIrMzjd.exe
  C:\Windows\System\YIrMzjd.exe
  2⤵
  PID:5144
- C:\Windows\System\ueQKPzA.exe
  C:\Windows\System\ueQKPzA.exe
  2⤵
  PID:5136
- C:\Windows\System\TLoKdFm.exe
  C:\Windows\System\TLoKdFm.exe
  2⤵
  PID:5440
- C:\Windows\System\bxJgMAG.exe
  C:\Windows\System\bxJgMAG.exe
  2⤵
  PID:5564
- C:\Windows\System\byBUYez.exe
  C:\Windows\System\byBUYez.exe
  2⤵
  PID:5752
- C:\Windows\System\SdmnGhO.exe
  C:\Windows\System\SdmnGhO.exe
  2⤵
  PID:5504
- C:\Windows\System\XJIatHH.exe
  C:\Windows\System\XJIatHH.exe
  2⤵
  PID:5720
- C:\Windows\System\OjIZWvJ.exe
  C:\Windows\System\OjIZWvJ.exe
  2⤵
  PID:5716
- C:\Windows\System\zqQOfXS.exe
  C:\Windows\System\zqQOfXS.exe
  2⤵
  PID:5876
- C:\Windows\System\RxScpAU.exe
  C:\Windows\System\RxScpAU.exe
  2⤵
  PID:5960
- C:\Windows\System\VcsOokR.exe
  C:\Windows\System\VcsOokR.exe
  2⤵
  PID:6008
- C:\Windows\System\GFGTWaZ.exe
  C:\Windows\System\GFGTWaZ.exe
  2⤵
  PID:5784
- C:\Windows\System\lqpbRfC.exe
  C:\Windows\System\lqpbRfC.exe
  2⤵
  PID:5988
- C:\Windows\System\UdNcJAr.exe
  C:\Windows\System\UdNcJAr.exe
  2⤵
  PID:6108
- C:\Windows\System\NBHsjrz.exe
  C:\Windows\System\NBHsjrz.exe
  2⤵
  PID:4964
- C:\Windows\System\Ftqwafc.exe
  C:\Windows\System\Ftqwafc.exe
  2⤵
  PID:4924
- C:\Windows\System\upjwByP.exe
  C:\Windows\System\upjwByP.exe
  2⤵
  PID:6140
- C:\Windows\System\SSwADfH.exe
  C:\Windows\System\SSwADfH.exe
  2⤵
  PID:5156
- C:\Windows\System\awCPhap.exe
  C:\Windows\System\awCPhap.exe
  2⤵
  PID:5348
- C:\Windows\System\odTWtcp.exe
  C:\Windows\System\odTWtcp.exe
  2⤵
  PID:4644
- C:\Windows\System\lKKJvSj.exe
  C:\Windows\System\lKKJvSj.exe
  2⤵
  PID:5312
- C:\Windows\System\CGjaWsk.exe
  C:\Windows\System\CGjaWsk.exe
  2⤵
  PID:5256
- C:\Windows\System\jimtPVz.exe
  C:\Windows\System\jimtPVz.exe
  2⤵
  PID:5588
- C:\Windows\System\bfUKPJk.exe
  C:\Windows\System\bfUKPJk.exe
  2⤵
  PID:5364
- C:\Windows\System\TDJXyJn.exe
  C:\Windows\System\TDJXyJn.exe
  2⤵
  PID:5796
- C:\Windows\System\tzeXPML.exe
  C:\Windows\System\tzeXPML.exe
  2⤵
  PID:5520
- C:\Windows\System\AycNepS.exe
  C:\Windows\System\AycNepS.exe
  2⤵
  PID:6040
- C:\Windows\System\lZsdzsV.exe
  C:\Windows\System\lZsdzsV.exe
  2⤵
  PID:5820
- C:\Windows\System\rxbiQly.exe
  C:\Windows\System\rxbiQly.exe
  2⤵
  PID:5956
- C:\Windows\System\UUfZIWz.exe
  C:\Windows\System\UUfZIWz.exe
  2⤵
  PID:6160
- C:\Windows\System\WmGRllH.exe
  C:\Windows\System\WmGRllH.exe
  2⤵
  PID:6184
- C:\Windows\System\ZPBQkVJ.exe
  C:\Windows\System\ZPBQkVJ.exe
  2⤵
  PID:6200
- C:\Windows\System\RnXiUvm.exe
  C:\Windows\System\RnXiUvm.exe
  2⤵
  PID:6216
- C:\Windows\System\FgBKzjK.exe
  C:\Windows\System\FgBKzjK.exe
  2⤵
  PID:6244
- C:\Windows\System\PiQbYKY.exe
  C:\Windows\System\PiQbYKY.exe
  2⤵
  PID:6264
- C:\Windows\System\wMMyMPy.exe
  C:\Windows\System\wMMyMPy.exe
  2⤵
  PID:6280
- C:\Windows\System\ZtPHJIz.exe
  C:\Windows\System\ZtPHJIz.exe
  2⤵
  PID:6304
- C:\Windows\System\nYtIaWX.exe
  C:\Windows\System\nYtIaWX.exe
  2⤵
  PID:6320
- C:\Windows\System\ecmYCxQ.exe
  C:\Windows\System\ecmYCxQ.exe
  2⤵
  PID:6344
- C:\Windows\System\VLVHqEh.exe
  C:\Windows\System\VLVHqEh.exe
  2⤵
  PID:6360
- C:\Windows\System\JuskKii.exe
  C:\Windows\System\JuskKii.exe
  2⤵
  PID:6380
- C:\Windows\System\nCUrQJb.exe
  C:\Windows\System\nCUrQJb.exe
  2⤵
  PID:6400
- C:\Windows\System\PfXtgJG.exe
  C:\Windows\System\PfXtgJG.exe
  2⤵
  PID:6420
- C:\Windows\System\QUizepv.exe
  C:\Windows\System\QUizepv.exe
  2⤵
  PID:6440
- C:\Windows\System\OcVxZLh.exe
  C:\Windows\System\OcVxZLh.exe
  2⤵
  PID:6464
- C:\Windows\System\jxYNwcq.exe
  C:\Windows\System\jxYNwcq.exe
  2⤵
  PID:6484
- C:\Windows\System\DgjJCKf.exe
  C:\Windows\System\DgjJCKf.exe
  2⤵
  PID:6500
- C:\Windows\System\VGZpSIk.exe
  C:\Windows\System\VGZpSIk.exe
  2⤵
  PID:6520
- C:\Windows\System\arNmkic.exe
  C:\Windows\System\arNmkic.exe
  2⤵
  PID:6540
- C:\Windows\System\oJYuRrS.exe
  C:\Windows\System\oJYuRrS.exe
  2⤵
  PID:6564
- C:\Windows\System\JhtwnXk.exe
  C:\Windows\System\JhtwnXk.exe
  2⤵
  PID:6580
- C:\Windows\System\fFxRPZS.exe
  C:\Windows\System\fFxRPZS.exe
  2⤵
  PID:6600
- C:\Windows\System\EYVnoIW.exe
  C:\Windows\System\EYVnoIW.exe
  2⤵
  PID:6616
- C:\Windows\System\QcTWeMm.exe
  C:\Windows\System\QcTWeMm.exe
  2⤵
  PID:6644
- C:\Windows\System\SpycvMD.exe
  C:\Windows\System\SpycvMD.exe
  2⤵
  PID:6664
- C:\Windows\System\KHmuwUK.exe
  C:\Windows\System\KHmuwUK.exe
  2⤵
  PID:6684
- C:\Windows\System\UDTzUGS.exe
  C:\Windows\System\UDTzUGS.exe
  2⤵
  PID:6700
- C:\Windows\System\FTCGerx.exe
  C:\Windows\System\FTCGerx.exe
  2⤵
  PID:6724
- C:\Windows\System\EMdNTCl.exe
  C:\Windows\System\EMdNTCl.exe
  2⤵
  PID:6744
- C:\Windows\System\PgXPviv.exe
  C:\Windows\System\PgXPviv.exe
  2⤵
  PID:6764
- C:\Windows\System\qsjiiFe.exe
  C:\Windows\System\qsjiiFe.exe
  2⤵
  PID:6784
- C:\Windows\System\KoBkNTO.exe
  C:\Windows\System\KoBkNTO.exe
  2⤵
  PID:6800
- C:\Windows\System\PHocUVG.exe
  C:\Windows\System\PHocUVG.exe
  2⤵
  PID:6820
- C:\Windows\System\XuNmdqU.exe
  C:\Windows\System\XuNmdqU.exe
  2⤵
  PID:6840
- C:\Windows\System\nCDIgOu.exe
  C:\Windows\System\nCDIgOu.exe
  2⤵
  PID:6860
- C:\Windows\System\QHjNhmA.exe
  C:\Windows\System\QHjNhmA.exe
  2⤵
  PID:6880
- C:\Windows\System\PuqFOEs.exe
  C:\Windows\System\PuqFOEs.exe
  2⤵
  PID:6896
- C:\Windows\System\zdHOYfV.exe
  C:\Windows\System\zdHOYfV.exe
  2⤵
  PID:6920
- C:\Windows\System\nYDqhdg.exe
  C:\Windows\System\nYDqhdg.exe
  2⤵
  PID:6940
- C:\Windows\System\dFkNyfm.exe
  C:\Windows\System\dFkNyfm.exe
  2⤵
  PID:6960
- C:\Windows\System\yeMkKfI.exe
  C:\Windows\System\yeMkKfI.exe
  2⤵
  PID:6980
- C:\Windows\System\zfMzZKa.exe
  C:\Windows\System\zfMzZKa.exe
  2⤵
  PID:7004
- C:\Windows\System\PsHSxbn.exe
  C:\Windows\System\PsHSxbn.exe
  2⤵
  PID:7020
- C:\Windows\System\gFddzMB.exe
  C:\Windows\System\gFddzMB.exe
  2⤵
  PID:7040
- C:\Windows\System\PUlPrgY.exe
  C:\Windows\System\PUlPrgY.exe
  2⤵
  PID:7060
- C:\Windows\System\kwwrwjB.exe
  C:\Windows\System\kwwrwjB.exe
  2⤵
  PID:7080
- C:\Windows\System\DbnKgOl.exe
  C:\Windows\System\DbnKgOl.exe
  2⤵
  PID:7100
- C:\Windows\System\uILIjhA.exe
  C:\Windows\System\uILIjhA.exe
  2⤵
  PID:7120
- C:\Windows\System\CdoopUW.exe
  C:\Windows\System\CdoopUW.exe
  2⤵
  PID:7144
- C:\Windows\System\lUnsAnr.exe
  C:\Windows\System\lUnsAnr.exe
  2⤵
  PID:7160
- C:\Windows\System\eRmPSjJ.exe
  C:\Windows\System\eRmPSjJ.exe
  2⤵
  PID:5804
- C:\Windows\System\HJwVGHC.exe
  C:\Windows\System\HJwVGHC.exe
  2⤵
  PID:3880
- C:\Windows\System\OdIAJUt.exe
  C:\Windows\System\OdIAJUt.exe
  2⤵
  PID:4480
- C:\Windows\System\ojdQsOA.exe
  C:\Windows\System\ojdQsOA.exe
  2⤵
  PID:4936
- C:\Windows\System\VPULiUo.exe
  C:\Windows\System\VPULiUo.exe
  2⤵
  PID:5424
- C:\Windows\System\mPQIhNa.exe
  C:\Windows\System\mPQIhNa.exe
  2⤵
  PID:5212
- C:\Windows\System\VxLCZSr.exe
  C:\Windows\System\VxLCZSr.exe
  2⤵
  PID:5572
- C:\Windows\System\wxLSanz.exe
  C:\Windows\System\wxLSanz.exe
  2⤵
  PID:5916
- C:\Windows\System\YKiQjaM.exe
  C:\Windows\System\YKiQjaM.exe
  2⤵
  PID:5868
- C:\Windows\System\tnIFgwR.exe
  C:\Windows\System\tnIFgwR.exe
  2⤵
  PID:6176
- C:\Windows\System\vKylxgf.exe
  C:\Windows\System\vKylxgf.exe
  2⤵
  PID:6156
- C:\Windows\System\TPhKwpj.exe
  C:\Windows\System\TPhKwpj.exe
  2⤵
  PID:6196
- C:\Windows\System\fHarruV.exe
  C:\Windows\System\fHarruV.exe
  2⤵
  PID:6256
- C:\Windows\System\GDXnAkZ.exe
  C:\Windows\System\GDXnAkZ.exe
  2⤵
  PID:6292
- C:\Windows\System\qcFoVgC.exe
  C:\Windows\System\qcFoVgC.exe
  2⤵
  PID:6312
- C:\Windows\System\DolNScz.exe
  C:\Windows\System\DolNScz.exe
  2⤵
  PID:6332
- C:\Windows\System\DLsapMs.exe
  C:\Windows\System\DLsapMs.exe
  2⤵
  PID:6372
- C:\Windows\System\fJPwBna.exe
  C:\Windows\System\fJPwBna.exe
  2⤵
  PID:6416
- C:\Windows\System\XbDhKAT.exe
  C:\Windows\System\XbDhKAT.exe
  2⤵
  PID:6456
- C:\Windows\System\dCyxCRb.exe
  C:\Windows\System\dCyxCRb.exe
  2⤵
  PID:6472
- C:\Windows\System\RORmkqi.exe
  C:\Windows\System\RORmkqi.exe
  2⤵
  PID:6532
- C:\Windows\System\GoXKenw.exe
  C:\Windows\System\GoXKenw.exe
  2⤵
  PID:6552
- C:\Windows\System\EBVFmKB.exe
  C:\Windows\System\EBVFmKB.exe
  2⤵
  PID:6576
- C:\Windows\System\BcdYymb.exe
  C:\Windows\System\BcdYymb.exe
  2⤵
  PID:6624
- C:\Windows\System\nDaGraW.exe
  C:\Windows\System\nDaGraW.exe
  2⤵
  PID:6652
- C:\Windows\System\vxIUPAR.exe
  C:\Windows\System\vxIUPAR.exe
  2⤵
  PID:6696
- C:\Windows\System\DHfnVJv.exe
  C:\Windows\System\DHfnVJv.exe
  2⤵
  PID:6732
- C:\Windows\System\EfvjPTM.exe
  C:\Windows\System\EfvjPTM.exe
  2⤵
  PID:6712
- C:\Windows\System\XBXPwXN.exe
  C:\Windows\System\XBXPwXN.exe
  2⤵
  PID:6816
- C:\Windows\System\SwkqBRL.exe
  C:\Windows\System\SwkqBRL.exe
  2⤵
  PID:6852
- C:\Windows\System\YOVVaeM.exe
  C:\Windows\System\YOVVaeM.exe
  2⤵
  PID:6792
- C:\Windows\System\GLrLaFm.exe
  C:\Windows\System\GLrLaFm.exe
  2⤵
  PID:6892
- C:\Windows\System\ZkOBRhc.exe
  C:\Windows\System\ZkOBRhc.exe
  2⤵
  PID:6872
- C:\Windows\System\wkzeIol.exe
  C:\Windows\System\wkzeIol.exe
  2⤵
  PID:6972
- C:\Windows\System\FHPZIDo.exe
  C:\Windows\System\FHPZIDo.exe
  2⤵
  PID:6948
- C:\Windows\System\gRtTjaP.exe
  C:\Windows\System\gRtTjaP.exe
  2⤵
  PID:6996
- C:\Windows\System\sXhlNZt.exe
  C:\Windows\System\sXhlNZt.exe
  2⤵
  PID:7032
- C:\Windows\System\kqMTmTa.exe
  C:\Windows\System\kqMTmTa.exe
  2⤵
  PID:7088
- C:\Windows\System\OoFXEzb.exe
  C:\Windows\System\OoFXEzb.exe
  2⤵
  PID:7096
- C:\Windows\System\zhFusgu.exe
  C:\Windows\System\zhFusgu.exe
  2⤵
  PID:7108
- C:\Windows\System\GgHGXTe.exe
  C:\Windows\System\GgHGXTe.exe
  2⤵
  PID:4780
- C:\Windows\System\OaBhlGq.exe
  C:\Windows\System\OaBhlGq.exe
  2⤵
  PID:7152
- C:\Windows\System\NLZPAlJ.exe
  C:\Windows\System\NLZPAlJ.exe
  2⤵
  PID:6060
- C:\Windows\System\kzunXwk.exe
  C:\Windows\System\kzunXwk.exe
  2⤵
  PID:4976
- C:\Windows\System\BmpykDN.exe
  C:\Windows\System\BmpykDN.exe
  2⤵
  PID:5644
- C:\Windows\System\ZvDDElT.exe
  C:\Windows\System\ZvDDElT.exe
  2⤵
  PID:5464
- C:\Windows\System\IcMAVTH.exe
  C:\Windows\System\IcMAVTH.exe
  2⤵
  PID:6080
- C:\Windows\System\imTMtOx.exe
  C:\Windows\System\imTMtOx.exe
  2⤵
  PID:6172
- C:\Windows\System\VzRvnJd.exe
  C:\Windows\System\VzRvnJd.exe
  2⤵
  PID:2604
- C:\Windows\System\IFVSfDk.exe
  C:\Windows\System\IFVSfDk.exe
  2⤵
  PID:6232
- C:\Windows\System\KUNrEls.exe
  C:\Windows\System\KUNrEls.exe
  2⤵
  PID:6316
- C:\Windows\System\dxSSghI.exe
  C:\Windows\System\dxSSghI.exe
  2⤵
  PID:6352
- C:\Windows\System\wzKqyyl.exe
  C:\Windows\System\wzKqyyl.exe
  2⤵
  PID:6460
- C:\Windows\System\oWvsPOh.exe
  C:\Windows\System\oWvsPOh.exe
  2⤵
  PID:6436
- C:\Windows\System\jIeEqmF.exe
  C:\Windows\System\jIeEqmF.exe
  2⤵
  PID:6548
- C:\Windows\System\CVYsReR.exe
  C:\Windows\System\CVYsReR.exe
  2⤵
  PID:6588
- C:\Windows\System\fIjRMkT.exe
  C:\Windows\System\fIjRMkT.exe
  2⤵
  PID:6660
- C:\Windows\System\Qmbzwyl.exe
  C:\Windows\System\Qmbzwyl.exe
  2⤵
  PID:6656
- C:\Windows\System\IIsPioN.exe
  C:\Windows\System\IIsPioN.exe
  2⤵
  PID:6808
- C:\Windows\System\zQjmwyK.exe
  C:\Windows\System\zQjmwyK.exe
  2⤵
  PID:6848
- C:\Windows\System\CxsjxTp.exe
  C:\Windows\System\CxsjxTp.exe
  2⤵
  PID:6828
- C:\Windows\System\niVnOWE.exe
  C:\Windows\System\niVnOWE.exe
  2⤵
  PID:6908
- C:\Windows\System\sBjRHDF.exe
  C:\Windows\System\sBjRHDF.exe
  2⤵
  PID:6952
- C:\Windows\System\wZnhzkg.exe
  C:\Windows\System\wZnhzkg.exe
  2⤵
  PID:7048
- C:\Windows\System\UwTVzkG.exe
  C:\Windows\System\UwTVzkG.exe
  2⤵
  PID:7028
- C:\Windows\System\KwSIhaB.exe
  C:\Windows\System\KwSIhaB.exe
  2⤵
  PID:7132
- C:\Windows\System\eYiFfqu.exe
  C:\Windows\System\eYiFfqu.exe
  2⤵
  PID:1616
- C:\Windows\System\BZibSOb.exe
  C:\Windows\System\BZibSOb.exe
  2⤵
  PID:3444
- C:\Windows\System\JUlSpXi.exe
  C:\Windows\System\JUlSpXi.exe
  2⤵
  PID:5344
- C:\Windows\System\NSWhJqW.exe
  C:\Windows\System\NSWhJqW.exe
  2⤵
  PID:5840
- C:\Windows\System\vctUiyv.exe
  C:\Windows\System\vctUiyv.exe
  2⤵
  PID:6212
- C:\Windows\System\hVjumlw.exe
  C:\Windows\System\hVjumlw.exe
  2⤵
  PID:6296
- C:\Windows\System\nacpQsE.exe
  C:\Windows\System\nacpQsE.exe
  2⤵
  PID:6340
- C:\Windows\System\bQptFPI.exe
  C:\Windows\System\bQptFPI.exe
  2⤵
  PID:6476
- C:\Windows\System\eIgeELW.exe
  C:\Windows\System\eIgeELW.exe
  2⤵
  PID:6596
- C:\Windows\System\mKfpHAc.exe
  C:\Windows\System\mKfpHAc.exe
  2⤵
  PID:6636
- C:\Windows\System\ItDTeBP.exe
  C:\Windows\System\ItDTeBP.exe
  2⤵
  PID:6772
- C:\Windows\System\XCbzVCF.exe
  C:\Windows\System\XCbzVCF.exe
  2⤵
  PID:1880
- C:\Windows\System\jDVpcKV.exe
  C:\Windows\System\jDVpcKV.exe
  2⤵
  PID:6832
- C:\Windows\System\DMmFGsq.exe
  C:\Windows\System\DMmFGsq.exe
  2⤵
  PID:6876
- C:\Windows\System\ISdtBFF.exe
  C:\Windows\System\ISdtBFF.exe
  2⤵
  PID:7068
- C:\Windows\System\FswEemi.exe
  C:\Windows\System\FswEemi.exe
  2⤵
  PID:2396
- C:\Windows\System\pWCrFyp.exe
  C:\Windows\System\pWCrFyp.exe
  2⤵
  PID:7156
- C:\Windows\System\TdOJAyI.exe
  C:\Windows\System\TdOJAyI.exe
  2⤵
  PID:5376
- C:\Windows\System\DrOvaSC.exe
  C:\Windows\System\DrOvaSC.exe
  2⤵
  PID:6192
- C:\Windows\System\IHCckwk.exe
  C:\Windows\System\IHCckwk.exe
  2⤵
  PID:6336
- C:\Windows\System\ekqgqOq.exe
  C:\Windows\System\ekqgqOq.exe
  2⤵
  PID:6480
- C:\Windows\System\oYudjMM.exe
  C:\Windows\System\oYudjMM.exe
  2⤵
  PID:7180
- C:\Windows\System\orPXNfl.exe
  C:\Windows\System\orPXNfl.exe
  2⤵
  PID:7200
- C:\Windows\System\EwCruWE.exe
  C:\Windows\System\EwCruWE.exe
  2⤵
  PID:7220
- C:\Windows\System\RKbVjFD.exe
  C:\Windows\System\RKbVjFD.exe
  2⤵
  PID:7240
- C:\Windows\System\WbBEvgI.exe
  C:\Windows\System\WbBEvgI.exe
  2⤵
  PID:7260
- C:\Windows\System\UuGDhut.exe
  C:\Windows\System\UuGDhut.exe
  2⤵
  PID:7280
- C:\Windows\System\dBNCSeC.exe
  C:\Windows\System\dBNCSeC.exe
  2⤵
  PID:7300
- C:\Windows\System\fRpLIlh.exe
  C:\Windows\System\fRpLIlh.exe
  2⤵
  PID:7320
- C:\Windows\System\ycihnum.exe
  C:\Windows\System\ycihnum.exe
  2⤵
  PID:7340
- C:\Windows\System\XAeHQsC.exe
  C:\Windows\System\XAeHQsC.exe
  2⤵
  PID:7360
- C:\Windows\System\tQgIJJg.exe
  C:\Windows\System\tQgIJJg.exe
  2⤵
  PID:7380
- C:\Windows\System\ksdqCIr.exe
  C:\Windows\System\ksdqCIr.exe
  2⤵
  PID:7400
- C:\Windows\System\SheDXCo.exe
  C:\Windows\System\SheDXCo.exe
  2⤵
  PID:7420
- C:\Windows\System\pGXaNod.exe
  C:\Windows\System\pGXaNod.exe
  2⤵
  PID:7440
- C:\Windows\System\PPKYrqL.exe
  C:\Windows\System\PPKYrqL.exe
  2⤵
  PID:7460
- C:\Windows\System\bnHtNoU.exe
  C:\Windows\System\bnHtNoU.exe
  2⤵
  PID:7480
- C:\Windows\System\PbIOsRw.exe
  C:\Windows\System\PbIOsRw.exe
  2⤵
  PID:7500
- C:\Windows\System\HArxHlx.exe
  C:\Windows\System\HArxHlx.exe
  2⤵
  PID:7520
- C:\Windows\System\MpzBMgT.exe
  C:\Windows\System\MpzBMgT.exe
  2⤵
  PID:7540
- C:\Windows\System\GpdtGNv.exe
  C:\Windows\System\GpdtGNv.exe
  2⤵
  PID:7556
- C:\Windows\System\yKXdStq.exe
  C:\Windows\System\yKXdStq.exe
  2⤵
  PID:7572
- C:\Windows\System\NdJBqwI.exe
  C:\Windows\System\NdJBqwI.exe
  2⤵
  PID:7592
- C:\Windows\System\IgRhPUa.exe
  C:\Windows\System\IgRhPUa.exe
  2⤵
  PID:7636
- C:\Windows\System\yZFdmsY.exe
  C:\Windows\System\yZFdmsY.exe
  2⤵
  PID:7652
- C:\Windows\System\ItGOver.exe
  C:\Windows\System\ItGOver.exe
  2⤵
  PID:7668
- C:\Windows\System\iHCCeIT.exe
  C:\Windows\System\iHCCeIT.exe
  2⤵
  PID:7684
- C:\Windows\System\NAxszzU.exe
  C:\Windows\System\NAxszzU.exe
  2⤵
  PID:7700
- C:\Windows\System\gxctnRy.exe
  C:\Windows\System\gxctnRy.exe
  2⤵
  PID:7716
- C:\Windows\System\YRrvIRj.exe
  C:\Windows\System\YRrvIRj.exe
  2⤵
  PID:7732
- C:\Windows\System\uzgsFuX.exe
  C:\Windows\System\uzgsFuX.exe
  2⤵
  PID:7748
- C:\Windows\System\STdtBCe.exe
  C:\Windows\System\STdtBCe.exe
  2⤵
  PID:7764
- C:\Windows\System\gziGhXS.exe
  C:\Windows\System\gziGhXS.exe
  2⤵
  PID:7780
- C:\Windows\System\tTZELrn.exe
  C:\Windows\System\tTZELrn.exe
  2⤵
  PID:7796
- C:\Windows\System\xTLvtxU.exe
  C:\Windows\System\xTLvtxU.exe
  2⤵
  PID:7812
- C:\Windows\System\VTKaELr.exe
  C:\Windows\System\VTKaELr.exe
  2⤵
  PID:7828
- C:\Windows\System\kSOvbkf.exe
  C:\Windows\System\kSOvbkf.exe
  2⤵
  PID:7844
- C:\Windows\System\wlNqsBj.exe
  C:\Windows\System\wlNqsBj.exe
  2⤵
  PID:7860
- C:\Windows\System\aeHumzQ.exe
  C:\Windows\System\aeHumzQ.exe
  2⤵
  PID:7876
- C:\Windows\System\gGPFFQp.exe
  C:\Windows\System\gGPFFQp.exe
  2⤵
  PID:7892
- C:\Windows\System\PakYfwN.exe
  C:\Windows\System\PakYfwN.exe
  2⤵
  PID:7916
- C:\Windows\System\WUIcrOH.exe
  C:\Windows\System\WUIcrOH.exe
  2⤵
  PID:7932
- C:\Windows\System\KRHjiGZ.exe
  C:\Windows\System\KRHjiGZ.exe
  2⤵
  PID:7948
- C:\Windows\System\VIydCUV.exe
  C:\Windows\System\VIydCUV.exe
  2⤵
  PID:7964
- C:\Windows\System\cbAWhBO.exe
  C:\Windows\System\cbAWhBO.exe
  2⤵
  PID:7980
- C:\Windows\System\HMFsfRi.exe
  C:\Windows\System\HMFsfRi.exe
  2⤵
  PID:7996
- C:\Windows\System\POpLmKP.exe
  C:\Windows\System\POpLmKP.exe
  2⤵
  PID:8012
- C:\Windows\System\QsUeGgg.exe
  C:\Windows\System\QsUeGgg.exe
  2⤵
  PID:8028
- C:\Windows\System\LAeJFdE.exe
  C:\Windows\System\LAeJFdE.exe
  2⤵
  PID:8044
- C:\Windows\System\QDeFvkr.exe
  C:\Windows\System\QDeFvkr.exe
  2⤵
  PID:8060
- C:\Windows\System\haCqjOq.exe
  C:\Windows\System\haCqjOq.exe
  2⤵
  PID:8076
- C:\Windows\System\miAylJT.exe
  C:\Windows\System\miAylJT.exe
  2⤵
  PID:8092
- C:\Windows\System\cdelprI.exe
  C:\Windows\System\cdelprI.exe
  2⤵
  PID:8108
- C:\Windows\System\XqTdheC.exe
  C:\Windows\System\XqTdheC.exe
  2⤵
  PID:8128
- C:\Windows\System\PdiMbfi.exe
  C:\Windows\System\PdiMbfi.exe
  2⤵
  PID:8144
- C:\Windows\System\XfMkzZn.exe
  C:\Windows\System\XfMkzZn.exe
  2⤵
  PID:8160
- C:\Windows\System\xSMXSeZ.exe
  C:\Windows\System\xSMXSeZ.exe
  2⤵
  PID:8176
- C:\Windows\System\fSbYORA.exe
  C:\Windows\System\fSbYORA.exe
  2⤵
  PID:6512
- C:\Windows\System\JHKwpLj.exe
  C:\Windows\System\JHKwpLj.exe
  2⤵
  PID:6556
- C:\Windows\System\lqHFyLa.exe
  C:\Windows\System\lqHFyLa.exe
  2⤵
  PID:1660
- C:\Windows\System\vYEMsdc.exe
  C:\Windows\System\vYEMsdc.exe
  2⤵
  PID:6868
- C:\Windows\System\vwdMkNh.exe
  C:\Windows\System\vwdMkNh.exe
  2⤵
  PID:6988
- C:\Windows\System\SphBvBV.exe
  C:\Windows\System\SphBvBV.exe
  2⤵
  PID:3824
- C:\Windows\System\dpEyqqa.exe
  C:\Windows\System\dpEyqqa.exe
  2⤵
  PID:5400
- C:\Windows\System\GfZFQsD.exe
  C:\Windows\System\GfZFQsD.exe
  2⤵
  PID:5592
- C:\Windows\System\eeSRNzu.exe
  C:\Windows\System\eeSRNzu.exe
  2⤵
  PID:6272
- C:\Windows\System\UNRDsgV.exe
  C:\Windows\System\UNRDsgV.exe
  2⤵
  PID:7188
- C:\Windows\System\yASsUyQ.exe
  C:\Windows\System\yASsUyQ.exe
  2⤵
  PID:7192
- C:\Windows\System\nUnXqyt.exe
  C:\Windows\System\nUnXqyt.exe
  2⤵
  PID:7216
- C:\Windows\System\lYmzDMx.exe
  C:\Windows\System\lYmzDMx.exe
  2⤵
  PID:7248
- C:\Windows\System\LBsUJcg.exe
  C:\Windows\System\LBsUJcg.exe
  2⤵
  PID:7268
- C:\Windows\System\LdtLEsX.exe
  C:\Windows\System\LdtLEsX.exe
  2⤵
  PID:1508
- C:\Windows\System\KocraKj.exe
  C:\Windows\System\KocraKj.exe
  2⤵
  PID:7348
- C:\Windows\System\mPRLyYQ.exe
  C:\Windows\System\mPRLyYQ.exe
  2⤵
  PID:7396
- C:\Windows\System\UvKEbkC.exe
  C:\Windows\System\UvKEbkC.exe
  2⤵
  PID:7328
- C:\Windows\System\ucczSfj.exe
  C:\Windows\System\ucczSfj.exe
  2⤵
  PID:7376
- C:\Windows\System\rgzWNRc.exe
  C:\Windows\System\rgzWNRc.exe
  2⤵
  PID:7412
- C:\Windows\System\UKipVkF.exe
  C:\Windows\System\UKipVkF.exe
  2⤵
  PID:7436
- C:\Windows\System\zmjzARg.exe
  C:\Windows\System\zmjzARg.exe
  2⤵
  PID:7516
- C:\Windows\System\NabtMKq.exe
  C:\Windows\System\NabtMKq.exe
  2⤵
  PID:7456
- C:\Windows\System\prjUkAI.exe
  C:\Windows\System\prjUkAI.exe
  2⤵
  PID:7492
- C:\Windows\System\HbgFVew.exe
  C:\Windows\System\HbgFVew.exe
  2⤵
  PID:7548
- C:\Windows\System\WHrTtvG.exe
  C:\Windows\System\WHrTtvG.exe
  2⤵
  PID:7584
- C:\Windows\System\zlHjRJN.exe
  C:\Windows\System\zlHjRJN.exe
  2⤵
  PID:7568
- C:\Windows\System\FJJzqBY.exe
  C:\Windows\System\FJJzqBY.exe
  2⤵
  PID:536
- C:\Windows\System\ZCHIosQ.exe
  C:\Windows\System\ZCHIosQ.exe
  2⤵
  PID:7680
- C:\Windows\System\CEngAnL.exe
  C:\Windows\System\CEngAnL.exe
  2⤵
  PID:7708
- C:\Windows\System\aRjTsbX.exe
  C:\Windows\System\aRjTsbX.exe
  2⤵
  PID:2984
- C:\Windows\System\xydoxUO.exe
  C:\Windows\System\xydoxUO.exe
  2⤵
  PID:7724
- C:\Windows\System\hfUoyzM.exe
  C:\Windows\System\hfUoyzM.exe
  2⤵
  PID:7776
- C:\Windows\System\CtjxXlG.exe
  C:\Windows\System\CtjxXlG.exe
  2⤵
  PID:7760
- C:\Windows\System\vPOYvth.exe
  C:\Windows\System\vPOYvth.exe
  2⤵
  PID:7840
- C:\Windows\System\FMDmozi.exe
  C:\Windows\System\FMDmozi.exe
  2⤵
  PID:7852
- C:\Windows\System\orTyegK.exe
  C:\Windows\System\orTyegK.exe
  2⤵
  PID:7912
- C:\Windows\System\CvEvAMt.exe
  C:\Windows\System\CvEvAMt.exe
  2⤵
  PID:3040
- C:\Windows\System\yecTwOw.exe
  C:\Windows\System\yecTwOw.exe
  2⤵
  PID:7928
- C:\Windows\System\ajENrCH.exe
  C:\Windows\System\ajENrCH.exe
  2⤵
  PID:2548
- C:\Windows\System\TONJSgq.exe
  C:\Windows\System\TONJSgq.exe
  2⤵
  PID:8004
- C:\Windows\System\LAXiaao.exe
  C:\Windows\System\LAXiaao.exe
  2⤵
  PID:8020
- C:\Windows\System\EZvYICo.exe
  C:\Windows\System\EZvYICo.exe
  2⤵
  PID:8068
- C:\Windows\System\PHIKxmU.exe
  C:\Windows\System\PHIKxmU.exe
  2⤵
  PID:1324
- C:\Windows\System\RqhDHNv.exe
  C:\Windows\System\RqhDHNv.exe
  2⤵
  PID:2644
- C:\Windows\System\PJPaKuM.exe
  C:\Windows\System\PJPaKuM.exe
  2⤵
  PID:2156
- C:\Windows\System\PNGvizt.exe
  C:\Windows\System\PNGvizt.exe
  2⤵
  PID:8168
- C:\Windows\System\IwUUCRw.exe
  C:\Windows\System\IwUUCRw.exe
  2⤵
  PID:1160
- C:\Windows\System\DHEgUgI.exe
  C:\Windows\System\DHEgUgI.exe
  2⤵
  PID:8152
- C:\Windows\System\HpHQaou.exe
  C:\Windows\System\HpHQaou.exe
  2⤵
  PID:2960
- C:\Windows\System\RoRbKIY.exe
  C:\Windows\System\RoRbKIY.exe
  2⤵
  PID:6680
- C:\Windows\System\KzKmFAk.exe
  C:\Windows\System\KzKmFAk.exe
  2⤵
  PID:6856
- C:\Windows\System\msiODfJ.exe
  C:\Windows\System\msiODfJ.exe
  2⤵
  PID:2804
- C:\Windows\System\RwSKbDR.exe
  C:\Windows\System\RwSKbDR.exe
  2⤵
  PID:6968
- C:\Windows\System\KhRiVaJ.exe
  C:\Windows\System\KhRiVaJ.exe
  2⤵
  PID:6100
- C:\Windows\System\TxlSAWI.exe
  C:\Windows\System\TxlSAWI.exe
  2⤵
  PID:6276
- C:\Windows\System\rVRJdDM.exe
  C:\Windows\System\rVRJdDM.exe
  2⤵
  PID:7172
- C:\Windows\System\TMQWPFy.exe
  C:\Windows\System\TMQWPFy.exe
  2⤵
  PID:7252
- C:\Windows\System\xQRNMVL.exe
  C:\Windows\System\xQRNMVL.exe
  2⤵
  PID:7272
- C:\Windows\System\tMlprzj.exe
  C:\Windows\System\tMlprzj.exe
  2⤵
  PID:7312
- C:\Windows\System\ZWOjXrQ.exe
  C:\Windows\System\ZWOjXrQ.exe
  2⤵
  PID:7388
- C:\Windows\System\WwkSwHh.exe
  C:\Windows\System\WwkSwHh.exe
  2⤵
  PID:7332
- C:\Windows\System\LTUsalX.exe
  C:\Windows\System\LTUsalX.exe
  2⤵
  PID:7368
- C:\Windows\System\RCVLzhQ.exe
  C:\Windows\System\RCVLzhQ.exe
  2⤵
  PID:7428
- C:\Windows\System\eLLszWj.exe
  C:\Windows\System\eLLszWj.exe
  2⤵
  PID:7448
- C:\Windows\System\oDgGSCE.exe
  C:\Windows\System\oDgGSCE.exe
  2⤵
  PID:7632
- C:\Windows\System\FOsvWSn.exe
  C:\Windows\System\FOsvWSn.exe
  2⤵
  PID:7900
- C:\Windows\System\PYYOJtV.exe
  C:\Windows\System\PYYOJtV.exe
  2⤵
  PID:6916
- C:\Windows\System\fHRAozS.exe
  C:\Windows\System\fHRAozS.exe
  2⤵
  PID:7232
- C:\Windows\System\GcNNfnt.exe
  C:\Windows\System\GcNNfnt.exe
  2⤵
  PID:6448
- C:\Windows\System\eVrPqZS.exe
  C:\Windows\System\eVrPqZS.exe
  2⤵
  PID:2948
- C:\Windows\System\LvrjCBt.exe
  C:\Windows\System\LvrjCBt.exe
  2⤵
  PID:7408
- C:\Windows\System\AXySJzv.exe
  C:\Windows\System\AXySJzv.exe
  2⤵
  PID:1516
- C:\Windows\System\LCYTQCY.exe
  C:\Windows\System\LCYTQCY.exe
  2⤵
  PID:7508
- C:\Windows\System\ZcxCdcT.exe
  C:\Windows\System\ZcxCdcT.exe
  2⤵
  PID:2220
- C:\Windows\System\YwwJunl.exe
  C:\Windows\System\YwwJunl.exe
  2⤵
  PID:7496
- C:\Windows\System\NyZXBeG.exe
  C:\Windows\System\NyZXBeG.exe
  2⤵
  PID:7772
- C:\Windows\System\ngAbBEs.exe
  C:\Windows\System\ngAbBEs.exe
  2⤵
  PID:7644
- C:\Windows\System\kXmvcTh.exe
  C:\Windows\System\kXmvcTh.exe
  2⤵
  PID:7692
- C:\Windows\System\jAIgvtZ.exe
  C:\Windows\System\jAIgvtZ.exe
  2⤵
  PID:7824
- C:\Windows\System\ZUfwyix.exe
  C:\Windows\System\ZUfwyix.exe
  2⤵
  PID:7972
- C:\Windows\System\pYSaUZE.exe
  C:\Windows\System\pYSaUZE.exe
  2⤵
  PID:8036
- C:\Windows\System\NsdFiFv.exe
  C:\Windows\System\NsdFiFv.exe
  2⤵
  PID:8104
- C:\Windows\System\gCRyRjT.exe
  C:\Windows\System\gCRyRjT.exe
  2⤵
  PID:8124
- C:\Windows\System\gsEszpS.exe
  C:\Windows\System\gsEszpS.exe
  2⤵
  PID:6560
- C:\Windows\System\WrJLqxs.exe
  C:\Windows\System\WrJLqxs.exe
  2⤵
  PID:1728
- C:\Windows\System\WoxxzPs.exe
  C:\Windows\System\WoxxzPs.exe
  2⤵
  PID:1904
- C:\Windows\System\dwBwTfc.exe
  C:\Windows\System\dwBwTfc.exe
  2⤵
  PID:2828
- C:\Windows\System\RJLgAbS.exe
  C:\Windows\System\RJLgAbS.exe
  2⤵
  PID:3036
- C:\Windows\System\xVbJzyC.exe
  C:\Windows\System\xVbJzyC.exe
  2⤵
  PID:1596
- C:\Windows\System\IuBXSAe.exe
  C:\Windows\System\IuBXSAe.exe
  2⤵
  PID:7872
- C:\Windows\System\UHhkqtm.exe
  C:\Windows\System\UHhkqtm.exe
  2⤵
  PID:1864
- C:\Windows\System\ebIMOmu.exe
  C:\Windows\System\ebIMOmu.exe
  2⤵
  PID:7908
- C:\Windows\System\gUgqIRG.exe
  C:\Windows\System\gUgqIRG.exe
  2⤵
  PID:7988
- C:\Windows\System\aIWluPP.exe
  C:\Windows\System\aIWluPP.exe
  2⤵
  PID:7528
- C:\Windows\System\NMPFYik.exe
  C:\Windows\System\NMPFYik.exe
  2⤵
  PID:7292
- C:\Windows\System\ezjtShi.exe
  C:\Windows\System\ezjtShi.exe
  2⤵
  PID:8156
- C:\Windows\System\lKojZWo.exe
  C:\Windows\System\lKojZWo.exe
  2⤵
  PID:7352
- C:\Windows\System\jHWCuiF.exe
  C:\Windows\System\jHWCuiF.exe
  2⤵
  PID:2908
- C:\Windows\System\ByOrBpZ.exe
  C:\Windows\System\ByOrBpZ.exe
  2⤵
  PID:7888
- C:\Windows\System\FZAvzNN.exe
  C:\Windows\System\FZAvzNN.exe
  2⤵
  PID:7676
- C:\Windows\System\iMyQyNC.exe
  C:\Windows\System\iMyQyNC.exe
  2⤵
  PID:2124
- C:\Windows\System\CXXIgrJ.exe
  C:\Windows\System\CXXIgrJ.exe
  2⤵
  PID:7976
- C:\Windows\System\GDBuJFd.exe
  C:\Windows\System\GDBuJFd.exe
  2⤵
  PID:2848
- C:\Windows\System\UVCweuU.exe
  C:\Windows\System\UVCweuU.exe
  2⤵
  PID:7176
- C:\Windows\System\oUroJNx.exe
  C:\Windows\System\oUroJNx.exe
  2⤵
  PID:7808
- C:\Windows\System\sMDHmMl.exe
  C:\Windows\System\sMDHmMl.exe
  2⤵
  PID:2856
- C:\Windows\System\Bamesrb.exe
  C:\Windows\System\Bamesrb.exe
  2⤵
  PID:8208
- C:\Windows\System\YYHyZJU.exe
  C:\Windows\System\YYHyZJU.exe
  2⤵
  PID:8224
- C:\Windows\System\CwushsM.exe
  C:\Windows\System\CwushsM.exe
  2⤵
  PID:8240
- C:\Windows\System\yvIlhyv.exe
  C:\Windows\System\yvIlhyv.exe
  2⤵
  PID:8264
- C:\Windows\System\dWxONfU.exe
  C:\Windows\System\dWxONfU.exe
  2⤵
  PID:8280
- C:\Windows\System\PYpjGOT.exe
  C:\Windows\System\PYpjGOT.exe
  2⤵
  PID:8296
- C:\Windows\System\rwglzHS.exe
  C:\Windows\System\rwglzHS.exe
  2⤵
  PID:8312
- C:\Windows\System\nFtHOOE.exe
  C:\Windows\System\nFtHOOE.exe
  2⤵
  PID:8328
- C:\Windows\System\LLkyeVc.exe
  C:\Windows\System\LLkyeVc.exe
  2⤵
  PID:8384
- C:\Windows\System\TUNXeTI.exe
  C:\Windows\System\TUNXeTI.exe
  2⤵
  PID:8400
- C:\Windows\System\BrhWKiL.exe
  C:\Windows\System\BrhWKiL.exe
  2⤵
  PID:8424
- C:\Windows\System\mQDqQZL.exe
  C:\Windows\System\mQDqQZL.exe
  2⤵
  PID:8440
- C:\Windows\System\NiaGDyk.exe
  C:\Windows\System\NiaGDyk.exe
  2⤵
  PID:8456
- C:\Windows\System\hZdDkPL.exe
  C:\Windows\System\hZdDkPL.exe
  2⤵
  PID:8472
- C:\Windows\System\LBKWkcB.exe
  C:\Windows\System\LBKWkcB.exe
  2⤵
  PID:8488
- C:\Windows\System\yDAtLom.exe
  C:\Windows\System\yDAtLom.exe
  2⤵
  PID:8508
- C:\Windows\System\xqfQzkJ.exe
  C:\Windows\System\xqfQzkJ.exe
  2⤵
  PID:8528
- C:\Windows\System\wjSvwSO.exe
  C:\Windows\System\wjSvwSO.exe
  2⤵
  PID:8548
- C:\Windows\System\PFTPcjI.exe
  C:\Windows\System\PFTPcjI.exe
  2⤵
  PID:8568
- C:\Windows\System\FVNMfRi.exe
  C:\Windows\System\FVNMfRi.exe
  2⤵
  PID:8584
- C:\Windows\System\eOwwUzA.exe
  C:\Windows\System\eOwwUzA.exe
  2⤵
  PID:8604
- C:\Windows\System\cDgjKsF.exe
  C:\Windows\System\cDgjKsF.exe
  2⤵
  PID:8624
- C:\Windows\System\PxBYUxH.exe
  C:\Windows\System\PxBYUxH.exe
  2⤵
  PID:8644
- C:\Windows\System\LCzoMtw.exe
  C:\Windows\System\LCzoMtw.exe
  2⤵
  PID:8664
- C:\Windows\System\LgTinVN.exe
  C:\Windows\System\LgTinVN.exe
  2⤵
  PID:8680
- C:\Windows\System\ZEMlnEz.exe
  C:\Windows\System\ZEMlnEz.exe
  2⤵
  PID:8696
- C:\Windows\System\TXobjXp.exe
  C:\Windows\System\TXobjXp.exe
  2⤵
  PID:8720
- C:\Windows\System\lAeMTss.exe
  C:\Windows\System\lAeMTss.exe
  2⤵
  PID:8740
- C:\Windows\System\tzKbDxe.exe
  C:\Windows\System\tzKbDxe.exe
  2⤵
  PID:8756
- C:\Windows\System\ATTRRXS.exe
  C:\Windows\System\ATTRRXS.exe
  2⤵
  PID:8772
- C:\Windows\System\ZNivFFd.exe
  C:\Windows\System\ZNivFFd.exe
  2⤵
  PID:8792
- C:\Windows\System\ZBZuVSC.exe
  C:\Windows\System\ZBZuVSC.exe
  2⤵
  PID:8808
- C:\Windows\System\oCcWQOn.exe
  C:\Windows\System\oCcWQOn.exe
  2⤵
  PID:8824
- C:\Windows\System\aIvhTDL.exe
  C:\Windows\System\aIvhTDL.exe
  2⤵
  PID:8840
- C:\Windows\System\ADuQHbY.exe
  C:\Windows\System\ADuQHbY.exe
  2⤵
  PID:8856
- C:\Windows\System\wgGGdfb.exe
  C:\Windows\System\wgGGdfb.exe
  2⤵
  PID:8876
- C:\Windows\System\ZFvfbPK.exe
  C:\Windows\System\ZFvfbPK.exe
  2⤵
  PID:8892
- C:\Windows\System\CpKpKdz.exe
  C:\Windows\System\CpKpKdz.exe
  2⤵
  PID:8912
- C:\Windows\System\MMbTVGo.exe
  C:\Windows\System\MMbTVGo.exe
  2⤵
  PID:8932
- C:\Windows\System\hOlvKlO.exe
  C:\Windows\System\hOlvKlO.exe
  2⤵
  PID:8956
- C:\Windows\System\hWvuztk.exe
  C:\Windows\System\hWvuztk.exe
  2⤵
  PID:9024
- C:\Windows\System\dnJRXon.exe
  C:\Windows\System\dnJRXon.exe
  2⤵
  PID:9040
- C:\Windows\System\zYeYjoA.exe
  C:\Windows\System\zYeYjoA.exe
  2⤵
  PID:9056
- C:\Windows\System\acnhfQX.exe
  C:\Windows\System\acnhfQX.exe
  2⤵
  PID:9076
- C:\Windows\System\RmRDMcN.exe
  C:\Windows\System\RmRDMcN.exe
  2⤵
  PID:9092
- C:\Windows\System\aPXfsin.exe
  C:\Windows\System\aPXfsin.exe
  2⤵
  PID:9108
- C:\Windows\System\wVLHTKz.exe
  C:\Windows\System\wVLHTKz.exe
  2⤵
  PID:9124
- C:\Windows\System\xjtgSmT.exe
  C:\Windows\System\xjtgSmT.exe
  2⤵
  PID:9140
- C:\Windows\System\NlKJYzr.exe
  C:\Windows\System\NlKJYzr.exe
  2⤵
  PID:9156
- C:\Windows\System\LMgzWeM.exe
  C:\Windows\System\LMgzWeM.exe
  2⤵
  PID:9172
- C:\Windows\System\PNeFfNd.exe
  C:\Windows\System\PNeFfNd.exe
  2⤵
  PID:9204
- C:\Windows\System\CFFjRIJ.exe
  C:\Windows\System\CFFjRIJ.exe
  2⤵
  PID:8216
- C:\Windows\System\yLPzuHV.exe
  C:\Windows\System\yLPzuHV.exe
  2⤵
  PID:8248
- C:\Windows\System\lSGKXPT.exe
  C:\Windows\System\lSGKXPT.exe
  2⤵
  PID:8288
- C:\Windows\System\rSWZYPU.exe
  C:\Windows\System\rSWZYPU.exe
  2⤵
  PID:8308
- C:\Windows\System\TnFZcKK.exe
  C:\Windows\System\TnFZcKK.exe
  2⤵
  PID:8236
- C:\Windows\System\ZWFgsLN.exe
  C:\Windows\System\ZWFgsLN.exe
  2⤵
  PID:8276
- C:\Windows\System\jDAFkJl.exe
  C:\Windows\System\jDAFkJl.exe
  2⤵
  PID:8344
- C:\Windows\System\opaWrcc.exe
  C:\Windows\System\opaWrcc.exe
  2⤵
  PID:8364
- C:\Windows\System\qXyhuIN.exe
  C:\Windows\System\qXyhuIN.exe
  2⤵
  PID:8436
- C:\Windows\System\qTfVJay.exe
  C:\Windows\System\qTfVJay.exe
  2⤵
  PID:8536
- C:\Windows\System\MFWcvlQ.exe
  C:\Windows\System\MFWcvlQ.exe
  2⤵
  PID:8612
- C:\Windows\System\MvAhRvZ.exe
  C:\Windows\System\MvAhRvZ.exe
  2⤵
  PID:8656
- C:\Windows\System\crgfwZq.exe
  C:\Windows\System\crgfwZq.exe
  2⤵
  PID:8556
- C:\Windows\System\HMtAgOU.exe
  C:\Windows\System\HMtAgOU.exe
  2⤵
  PID:8736
- C:\Windows\System\TirbOLS.exe
  C:\Windows\System\TirbOLS.exe
  2⤵
  PID:8804
- C:\Windows\System\BMLfvoZ.exe
  C:\Windows\System\BMLfvoZ.exe
  2⤵
  PID:8676
- C:\Windows\System\fTbzQez.exe
  C:\Windows\System\fTbzQez.exe
  2⤵
  PID:8524
- C:\Windows\System\QlpqmBE.exe
  C:\Windows\System\QlpqmBE.exe
  2⤵
  PID:8900
- C:\Windows\System\uLCmSWR.exe
  C:\Windows\System\uLCmSWR.exe
  2⤵
  PID:8708
- C:\Windows\System\Kpsiunb.exe
  C:\Windows\System\Kpsiunb.exe
  2⤵
  PID:8752
- C:\Windows\System\trsFpwb.exe
  C:\Windows\System\trsFpwb.exe
  2⤵
  PID:8848
- C:\Windows\System\YxeaUhS.exe
  C:\Windows\System\YxeaUhS.exe
  2⤵
  PID:8820
- C:\Windows\System\woesUFI.exe
  C:\Windows\System\woesUFI.exe
  2⤵
  PID:8972
- C:\Windows\System\uHbAVAJ.exe
  C:\Windows\System\uHbAVAJ.exe
  2⤵
  PID:8944
- C:\Windows\System\iSdqplk.exe
  C:\Windows\System\iSdqplk.exe
  2⤵
  PID:8984
- C:\Windows\System\wAJnsFF.exe
  C:\Windows\System\wAJnsFF.exe
  2⤵
  PID:9000
- C:\Windows\System\KHViYYN.exe
  C:\Windows\System\KHViYYN.exe
  2⤵
  PID:9016
- C:\Windows\System\TYpVmgx.exe
  C:\Windows\System\TYpVmgx.exe
  2⤵
  PID:9048
- C:\Windows\System\wSFHUdJ.exe
  C:\Windows\System\wSFHUdJ.exe
  2⤵
  PID:9116
- C:\Windows\System\sDyjreM.exe
  C:\Windows\System\sDyjreM.exe
  2⤵
  PID:9188
- C:\Windows\System\UdJMUIs.exe
  C:\Windows\System\UdJMUIs.exe
  2⤵
  PID:9100
- C:\Windows\System\piVwicz.exe
  C:\Windows\System\piVwicz.exe
  2⤵
  PID:8088
- C:\Windows\System\fGZfcyL.exe
  C:\Windows\System\fGZfcyL.exe
  2⤵
  PID:8320
- C:\Windows\System\LfhjbTI.exe
  C:\Windows\System\LfhjbTI.exe
  2⤵
  PID:8348
- C:\Windows\System\JhZFFKt.exe
  C:\Windows\System\JhZFFKt.exe
  2⤵
  PID:8376
- C:\Windows\System\BGDOYFL.exe
  C:\Windows\System\BGDOYFL.exe
  2⤵
  PID:8396
- C:\Windows\System\eDYaSRc.exe
  C:\Windows\System\eDYaSRc.exe
  2⤵
  PID:8496
- C:\Windows\System\uRuvjCa.exe
  C:\Windows\System\uRuvjCa.exe
  2⤵
  PID:8544
- C:\Windows\System\wsdcBIV.exe
  C:\Windows\System\wsdcBIV.exe
  2⤵
  PID:8420
- C:\Windows\System\xXhaVuB.exe
  C:\Windows\System\xXhaVuB.exe
  2⤵
  PID:8732
- C:\Windows\System\ElNdlYk.exe
  C:\Windows\System\ElNdlYk.exe
  2⤵
  PID:8800
- C:\Windows\System\QEUNbPA.exe
  C:\Windows\System\QEUNbPA.exe
  2⤵
  PID:8636
- C:\Windows\System\odANWED.exe
  C:\Windows\System\odANWED.exe
  2⤵
  PID:8516
- C:\Windows\System\fXcWcwD.exe
  C:\Windows\System\fXcWcwD.exe
  2⤵
  PID:8928
- C:\Windows\System\mvkXkKu.exe
  C:\Windows\System\mvkXkKu.exe
  2⤵
  PID:8788
- C:\Windows\System\jExqqcv.exe
  C:\Windows\System\jExqqcv.exe
  2⤵
  PID:8988
- C:\Windows\System\sXmprCc.exe
  C:\Windows\System\sXmprCc.exe
  2⤵
  PID:8816
- C:\Windows\System\WfiqVMd.exe
  C:\Windows\System\WfiqVMd.exe
  2⤵
  PID:8996
- C:\Windows\System\bonOyjq.exe
  C:\Windows\System\bonOyjq.exe
  2⤵
  PID:9184
- C:\Windows\System\kCzDeEc.exe
  C:\Windows\System\kCzDeEc.exe
  2⤵
  PID:8220
- C:\Windows\System\HnxJYdk.exe
  C:\Windows\System\HnxJYdk.exe
  2⤵
  PID:9068
- C:\Windows\System\zzrbggO.exe
  C:\Windows\System\zzrbggO.exe
  2⤵
  PID:8204
- C:\Windows\System\PYqEgTq.exe
  C:\Windows\System\PYqEgTq.exe
  2⤵
  PID:8468
- C:\Windows\System\kKKVNpz.exe
  C:\Windows\System\kKKVNpz.exe
  2⤵
  PID:8620
- C:\Windows\System\rebMHal.exe
  C:\Windows\System\rebMHal.exe
  2⤵
  PID:8704
- C:\Windows\System\ceYnAyg.exe
  C:\Windows\System\ceYnAyg.exe
  2⤵
  PID:9012
- C:\Windows\System\SoREhqJ.exe
  C:\Windows\System\SoREhqJ.exe
  2⤵
  PID:8448
- C:\Windows\System\yYnPNcp.exe
  C:\Windows\System\yYnPNcp.exe
  2⤵
  PID:8864
- C:\Windows\System\XDyFZhR.exe
  C:\Windows\System\XDyFZhR.exe
  2⤵
  PID:8980
- C:\Windows\System\ljfAzzq.exe
  C:\Windows\System\ljfAzzq.exe
  2⤵
  PID:8940
- C:\Windows\System\AJnzRTx.exe
  C:\Windows\System\AJnzRTx.exe
  2⤵
  PID:8324
- C:\Windows\System\edjdjpB.exe
  C:\Windows\System\edjdjpB.exe
  2⤵
  PID:8272
- C:\Windows\System\iCCnthq.exe
  C:\Windows\System\iCCnthq.exe
  2⤵
  PID:5856
- C:\Windows\System\oOjKSQA.exe
  C:\Windows\System\oOjKSQA.exe
  2⤵
  PID:8412
- C:\Windows\System\yqrQJRI.exe
  C:\Windows\System\yqrQJRI.exe
  2⤵
  PID:8632
- C:\Windows\System\NnODfGX.exe
  C:\Windows\System\NnODfGX.exe
  2⤵
  PID:8336
- C:\Windows\System\kHpmRGa.exe
  C:\Windows\System\kHpmRGa.exe
  2⤵
  PID:8728
- C:\Windows\System\JIoOgpi.exe
  C:\Windows\System\JIoOgpi.exe
  2⤵
  PID:8924
- C:\Windows\System\UFFOVQP.exe
  C:\Windows\System\UFFOVQP.exe
  2⤵
  PID:9148
- C:\Windows\System\jNlokjw.exe
  C:\Windows\System\jNlokjw.exe
  2⤵
  PID:9220
- C:\Windows\System\DbChjsk.exe
  C:\Windows\System\DbChjsk.exe
  2⤵
  PID:9236
- C:\Windows\System\vnsvjvS.exe
  C:\Windows\System\vnsvjvS.exe
  2⤵
  PID:9280
- C:\Windows\System\YudFAmG.exe
  C:\Windows\System\YudFAmG.exe
  2⤵
  PID:9308
- C:\Windows\System\UVAZZls.exe
  C:\Windows\System\UVAZZls.exe
  2⤵
  PID:9336
- C:\Windows\System\wZfjNkK.exe
  C:\Windows\System\wZfjNkK.exe
  2⤵
  PID:9352
- C:\Windows\System\DlYCeLf.exe
  C:\Windows\System\DlYCeLf.exe
  2⤵
  PID:9368
- C:\Windows\System\mbAGBQM.exe
  C:\Windows\System\mbAGBQM.exe
  2⤵
  PID:9384
- C:\Windows\System\bdATBxY.exe
  C:\Windows\System\bdATBxY.exe
  2⤵
  PID:9400
- C:\Windows\System\Epalycz.exe
  C:\Windows\System\Epalycz.exe
  2⤵
  PID:9436
- C:\Windows\System\qBmwwzF.exe
  C:\Windows\System\qBmwwzF.exe
  2⤵
  PID:9452
- C:\Windows\System\oOSAMWm.exe
  C:\Windows\System\oOSAMWm.exe
  2⤵
  PID:9468
- C:\Windows\System\vlOnPBM.exe
  C:\Windows\System\vlOnPBM.exe
  2⤵
  PID:9484
- C:\Windows\System\pBzQGOg.exe
  C:\Windows\System\pBzQGOg.exe
  2⤵
  PID:9500
- C:\Windows\System\QddSVDC.exe
  C:\Windows\System\QddSVDC.exe
  2⤵
  PID:9520
- C:\Windows\System\BJlEDPT.exe
  C:\Windows\System\BJlEDPT.exe
  2⤵
  PID:9540
- C:\Windows\System\XmZBjzu.exe
  C:\Windows\System\XmZBjzu.exe
  2⤵
  PID:9556
- C:\Windows\System\LaSINjj.exe
  C:\Windows\System\LaSINjj.exe
  2⤵
  PID:9572
- C:\Windows\System\UjjMzVv.exe
  C:\Windows\System\UjjMzVv.exe
  2⤵
  PID:9588
- C:\Windows\System\hqXRzFy.exe
  C:\Windows\System\hqXRzFy.exe
  2⤵
  PID:9604
- C:\Windows\System\omiaQyC.exe
  C:\Windows\System\omiaQyC.exe
  2⤵
  PID:9624
- C:\Windows\System\eRMwZtk.exe
  C:\Windows\System\eRMwZtk.exe
  2⤵
  PID:9640
- C:\Windows\System\embsuFX.exe
  C:\Windows\System\embsuFX.exe
  2⤵
  PID:9656
- C:\Windows\System\fmkzJZZ.exe
  C:\Windows\System\fmkzJZZ.exe
  2⤵
  PID:9672
- C:\Windows\System\TCMJcEm.exe
  C:\Windows\System\TCMJcEm.exe
  2⤵
  PID:9688
- C:\Windows\System\tLWPrcm.exe
  C:\Windows\System\tLWPrcm.exe
  2⤵
  PID:9704
- C:\Windows\System\kLEcchr.exe
  C:\Windows\System\kLEcchr.exe
  2⤵
  PID:9772
- C:\Windows\System\fRmyjAd.exe
  C:\Windows\System\fRmyjAd.exe
  2⤵
  PID:9788
- C:\Windows\System\eZwUCSs.exe
  C:\Windows\System\eZwUCSs.exe
  2⤵
  PID:9812
- C:\Windows\System\pCqYOVz.exe
  C:\Windows\System\pCqYOVz.exe
  2⤵
  PID:9836
- C:\Windows\System\uptDJdO.exe
  C:\Windows\System\uptDJdO.exe
  2⤵
  PID:9852
- C:\Windows\System\yonxuFt.exe
  C:\Windows\System\yonxuFt.exe
  2⤵
  PID:9872
- C:\Windows\System\EWGLXoe.exe
  C:\Windows\System\EWGLXoe.exe
  2⤵
  PID:9896
- C:\Windows\System\suTtuiS.exe
  C:\Windows\System\suTtuiS.exe
  2⤵
  PID:9916
- C:\Windows\System\wfEHjbd.exe
  C:\Windows\System\wfEHjbd.exe
  2⤵
  PID:9932
- C:\Windows\System\CRsNUIK.exe
  C:\Windows\System\CRsNUIK.exe
  2⤵
  PID:9948
- C:\Windows\System\FJgwSAu.exe
  C:\Windows\System\FJgwSAu.exe
  2⤵
  PID:9968
- C:\Windows\System\DCtrtxC.exe
  C:\Windows\System\DCtrtxC.exe
  2⤵
  PID:9984
- C:\Windows\System\LEXJrww.exe
  C:\Windows\System\LEXJrww.exe
  2⤵
  PID:10000
- C:\Windows\System\RdFOOAZ.exe
  C:\Windows\System\RdFOOAZ.exe
  2⤵
  PID:10016
- C:\Windows\System\BzKzakJ.exe
  C:\Windows\System\BzKzakJ.exe
  2⤵
  PID:10032
- C:\Windows\System\wabWvYl.exe
  C:\Windows\System\wabWvYl.exe
  2⤵
  PID:10048
- C:\Windows\System\hQEWWop.exe
  C:\Windows\System\hQEWWop.exe
  2⤵
  PID:10064
- C:\Windows\System\WeEEhUT.exe
  C:\Windows\System\WeEEhUT.exe
  2⤵
  PID:10080
- C:\Windows\System\YsippUK.exe
  C:\Windows\System\YsippUK.exe
  2⤵
  PID:10096
- C:\Windows\System\LdQGrVa.exe
  C:\Windows\System\LdQGrVa.exe
  2⤵
  PID:10112
- C:\Windows\System\VMszgnH.exe
  C:\Windows\System\VMszgnH.exe
  2⤵
  PID:10128
- C:\Windows\System\duOqdES.exe
  C:\Windows\System\duOqdES.exe
  2⤵
  PID:10144
- C:\Windows\System\LcAgdkI.exe
  C:\Windows\System\LcAgdkI.exe
  2⤵
  PID:10164
- C:\Windows\System\flDYyHi.exe
  C:\Windows\System\flDYyHi.exe
  2⤵
  PID:10180
- C:\Windows\System\XVNLDyM.exe
  C:\Windows\System\XVNLDyM.exe
  2⤵
  PID:10224
- C:\Windows\System\gpjrXhJ.exe
  C:\Windows\System\gpjrXhJ.exe
  2⤵
  PID:8992
- C:\Windows\System\tvHwxTO.exe
  C:\Windows\System\tvHwxTO.exe
  2⤵
  PID:8976
- C:\Windows\System\SxunfMW.exe
  C:\Windows\System\SxunfMW.exe
  2⤵
  PID:9084
- C:\Windows\System\RVwFZnQ.exe
  C:\Windows\System\RVwFZnQ.exe
  2⤵
  PID:9248
- C:\Windows\System\TbgXLOy.exe
  C:\Windows\System\TbgXLOy.exe
  2⤵
  PID:9268
- C:\Windows\System\KPPyPbe.exe
  C:\Windows\System\KPPyPbe.exe
  2⤵
  PID:9304
- C:\Windows\System\hMOkAHN.exe
  C:\Windows\System\hMOkAHN.exe
  2⤵
  PID:9320
- C:\Windows\System\FMBQXyD.exe
  C:\Windows\System\FMBQXyD.exe
  2⤵
  PID:9376
- C:\Windows\System\wJmNmvO.exe
  C:\Windows\System\wJmNmvO.exe
  2⤵
  PID:9420
- C:\Windows\System\sTmBfkZ.exe
  C:\Windows\System\sTmBfkZ.exe
  2⤵
  PID:9432
- C:\Windows\System\ScYastv.exe
  C:\Windows\System\ScYastv.exe
  2⤵
  PID:9392
- C:\Windows\System\hFhrRgy.exe
  C:\Windows\System\hFhrRgy.exe
  2⤵
  PID:9492
- C:\Windows\System\XGzgxxw.exe
  C:\Windows\System\XGzgxxw.exe
  2⤵
  PID:9536
- C:\Windows\System\djAscCp.exe
  C:\Windows\System\djAscCp.exe
  2⤵
  PID:9396
- C:\Windows\System\TOeDKds.exe
  C:\Windows\System\TOeDKds.exe
  2⤵
  PID:9448
- C:\Windows\System\ayAYyng.exe
  C:\Windows\System\ayAYyng.exe
  2⤵
  PID:9728
- C:\Windows\System\FcgVQpt.exe
  C:\Windows\System\FcgVQpt.exe
  2⤵
  PID:9612
- C:\Windows\System\DGDPYYO.exe
  C:\Windows\System\DGDPYYO.exe
  2⤵
  PID:9712
- C:\Windows\System\ifEKMEa.exe
  C:\Windows\System\ifEKMEa.exe
  2⤵
  PID:9552
- C:\Windows\System\RdRDYXX.exe
  C:\Windows\System\RdRDYXX.exe
  2⤵
  PID:9748
- C:\Windows\System\xIuCMai.exe
  C:\Windows\System\xIuCMai.exe
  2⤵
  PID:9780
- C:\Windows\System\HAOdrVV.exe
  C:\Windows\System\HAOdrVV.exe
  2⤵
  PID:9820
- C:\Windows\System\yVyWePQ.exe
  C:\Windows\System\yVyWePQ.exe
  2⤵
  PID:9912
- C:\Windows\System\gakvhwB.exe
  C:\Windows\System\gakvhwB.exe
  2⤵
  PID:9956
- C:\Windows\System\IjNAOfC.exe
  C:\Windows\System\IjNAOfC.exe
  2⤵
  PID:10024
- C:\Windows\System\AdCmPQI.exe
  C:\Windows\System\AdCmPQI.exe
  2⤵
  PID:10088
- C:\Windows\System\qWIGsiW.exe
  C:\Windows\System\qWIGsiW.exe
  2⤵
  PID:10072
- C:\Windows\System\JQiWGIU.exe
  C:\Windows\System\JQiWGIU.exe
  2⤵
  PID:10124
- C:\Windows\System\WgvdsSf.exe
  C:\Windows\System\WgvdsSf.exe
  2⤵
  PID:10192
- C:\Windows\System\dxPsDpB.exe
  C:\Windows\System\dxPsDpB.exe
  2⤵
  PID:9980
- C:\Windows\System\fYrdKDD.exe
  C:\Windows\System\fYrdKDD.exe
  2⤵
  PID:10232
- C:\Windows\System\jYklYBN.exe
  C:\Windows\System\jYklYBN.exe
  2⤵
  PID:10172
- C:\Windows\System\LVNgJmH.exe
  C:\Windows\System\LVNgJmH.exe
  2⤵
  PID:8188
- C:\Windows\System\VJmOgyf.exe
  C:\Windows\System\VJmOgyf.exe
  2⤵
  PID:8372
- C:\Windows\System\RscVAHG.exe
  C:\Windows\System\RscVAHG.exe
  2⤵
  PID:9276
- C:\Windows\System\wXOTuqs.exe
  C:\Windows\System\wXOTuqs.exe
  2⤵
  PID:9416
- C:\Windows\System\cPlosoV.exe
  C:\Windows\System\cPlosoV.exe
  2⤵
  PID:9496
- C:\Windows\System\UQrrfXG.exe
  C:\Windows\System\UQrrfXG.exe
  2⤵
  PID:9596
- C:\Windows\System\niFfhjp.exe
  C:\Windows\System\niFfhjp.exe
  2⤵
  PID:9232
- C:\Windows\System\kNClGIa.exe
  C:\Windows\System\kNClGIa.exe
  2⤵
  PID:9648
- C:\Windows\System\nvjVHyy.exe
  C:\Windows\System\nvjVHyy.exe
  2⤵
  PID:9764
- C:\Windows\System\uTieXHU.exe
  C:\Windows\System\uTieXHU.exe
  2⤵
  PID:9256
- C:\Windows\System\tlzecFH.exe
  C:\Windows\System\tlzecFH.exe
  2⤵
  PID:9364
- C:\Windows\System\OQqkGaz.exe
  C:\Windows\System\OQqkGaz.exe
  2⤵
  PID:9444
- C:\Windows\System\XKRfSjG.exe
  C:\Windows\System\XKRfSjG.exe
  2⤵
  PID:9732
- C:\Windows\System\JNhrIKw.exe
  C:\Windows\System\JNhrIKw.exe
  2⤵
  PID:9804
- C:\Windows\System\VspjKKQ.exe
  C:\Windows\System\VspjKKQ.exe
  2⤵
  PID:9848
- C:\Windows\System\ZkiGkzB.exe
  C:\Windows\System\ZkiGkzB.exe
  2⤵
  PID:9944
- C:\Windows\System\LoHRgFn.exe
  C:\Windows\System\LoHRgFn.exe
  2⤵
  PID:9992
- C:\Windows\System\OYqoNsI.exe
  C:\Windows\System\OYqoNsI.exe
  2⤵
  PID:10044
- C:\Windows\System\hlumxfv.exe
  C:\Windows\System\hlumxfv.exe
  2⤵
  PID:10160
- C:\Windows\System\jrRwMoI.exe
  C:\Windows\System\jrRwMoI.exe
  2⤵
  PID:10208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AKsOYqh.exe

Filesize
5.9MB

MD5
e23e4a31056ef4ee763ef832ec541d8e

SHA1
81ea4d29c9a8d2e5fff9958be17f61493f2a3eb0

SHA256
2b581e0a61c1c1d3bb839d5a5bb51ed040041b77e42d36d341168ae725883703

SHA512
2c8ea58eab9142a88511f39f4ec51e48569bcf99b3f78911007c8a5dfcbb69e2d91fee1936bb7788b847fc7fdb0eb44f473668fae78a0b9448e1d7b0b2c2ea65

Download Submit
C:\Windows\system\BuQWZKv.exe

Filesize
5.9MB

MD5
d348138152955f550acace82d67566b2

SHA1
38d04bbdcddee3baac959be54cf5fcd59dcd228a

SHA256
5e880e3846310b7f2b0efcf331aa9b5d2ea7bbd451d10b7f2fb2a639a29040fd

SHA512
15981b60cde2bb4c6c61e7467d3dea8252ea41da7a893220681d225ec9f991a3cbaeb59eb734bfa4bd73cb04c0e634e2c0cc46bbe09470cd9eb7157f61f951f1

Download Submit
C:\Windows\system\CMcaIyf.exe

Filesize
5.9MB

MD5
33ec43b547fd5aa6b406750437cc2515

SHA1
bf7433ae171b944e68f8b75efdca7edfa414e472

SHA256
f820062fb4a180d39817ce9a1c816b08eb61504874d0f1e0bb2a7f3f3d9a42da

SHA512
1c31f03cb96c3c526c4b217b787ca0a344712336646bec062a134696a0a35ebd663fb3fb316bd26589a55809bd0ac2a6ba0ed5d2cbdd39303556c6f629097b8e

Download Submit
C:\Windows\system\DJOmMrJ.exe

Filesize
5.9MB

MD5
854c5b8c99393be1b6a71aeae1d6d111

SHA1
2ff5b1c5ff757966d981cac1ede5afb4666157d8

SHA256
224099745e8ef1ed24a82161c3b57c4a124b78a91208fee145ccf03e4cff7259

SHA512
126e2da94169268e82a9ebef12ca043e26ac734424ff777a303a7b5cada4edc38dada8bb871754de070b785d2470330cb07cfcce9f7b72a5f2c4f22be0f01960

Download Submit
C:\Windows\system\DYVsxnF.exe

Filesize
5.9MB

MD5
5538471d0a20e16d7a894c241eb9f1de

SHA1
d01c3f064009317cc2fc044edbe5087b3b54b21b

SHA256
dbec6cde13b93bb86ac4bce4a4625328886aef6ae3fbdeeadc4459e3da16902a

SHA512
968f60f5cb7641f93e9132b7d3ab630175e0e7f07c141f03c3e43dc6c316860bb0179f894832adb6a9e7665a19b1adebbd580855cb2771f97eb08c371b94c43d

Download Submit
C:\Windows\system\DkZgUaw.exe

Filesize
5.9MB

MD5
79a7213f71efe1120f4f02eeca26ac81

SHA1
19e79fba3ced8ec226ce0a0bcea58c5d764aeea0

SHA256
e3f8b2a4231b9af8c167a5e87f57d22450774e1d68993aac95182bf027e891a1

SHA512
247ca226151399326b62d07fecfc53d7218144f7acb7b82707df1f08bca786bcb58de78586f35d214d0cb40f8d2c1774d3a5070802a7bf197dd9998a9ebfbb31

Download Submit
C:\Windows\system\EXhQjYc.exe

Filesize
5.9MB

MD5
15773cce984be754cdfbbb8dab4e7fce

SHA1
fefba73205849741600117a861e70ac9553255ea

SHA256
5690e428fc4547cc5efa2c8dcb81308fc11c53c3af824cb969057e3c3270fe63

SHA512
ca08cf2082e2dad9d438ba87e5a77fecaf60c50ed64f703171ff474370b5a1d7ab0dcfdea424f565f52b9ccadcced88d64ec2edee2db61dde2f328fa2fd4a251

Download Submit
C:\Windows\system\JUlAjQo.exe

Filesize
5.9MB

MD5
8d7434ba07a2ea85a772b7c0cd54b077

SHA1
b3a0b7ab1a6700db71ce9672ca1af3b440d46b55

SHA256
923c711243dd0cd932867aee924999078f190864f2bcd82cf92fbfdf1d59da83

SHA512
62616775df904bafd1df6fa6128d08e672401cc4556e3546f73d31193b837f2359d155bc210af74f307ec0aaae378d6b804b2855db8016cd47e863dc9e1ed73e

Download Submit
C:\Windows\system\RSIoRuj.exe

Filesize
5.9MB

MD5
37b0e943071860d3d68fa3465d5b87c5

SHA1
fbbb3b5d6cc53a0e119dfe8eb1a1c204bfe88001

SHA256
a3cf59f57a3c2517b4375bd4564e04aaa0531a92a85aedaff294b75c3a304fac

SHA512
825bf43dd8c39ceb366457f0b5fa42cabc3d4ee2a894414933d36800dfca99271673ea05350422a3334b85fa87e495a33bb2a0ec1933daba2c049dbc0e112536

Download Submit
C:\Windows\system\SCbzirf.exe

Filesize
5.9MB

MD5
da62046d5a30b5069f058fccc082604b

SHA1
d6131ecf89b342e8312c91c577798056e899f55e

SHA256
bcb401ae0586ed5adfe3f6e45f1f111bc3ddefacda4ace9b4b92f0f31c8e68da

SHA512
eb4c5d70ab04327367f9bf696b093e721dbde20e7c86a8012e5f48c9704b1d48df22a3b3cbcea288dc6b11eb9993b26526f0822fb2ca11aacd3a28e890c4b223

Download Submit
C:\Windows\system\STbNCzx.exe

Filesize
5.9MB

MD5
bfd1a204dd008e5e34dfc9d632c7f883

SHA1
fa4dac7349d628497741acfcc2dea8f6b1fb7f34

SHA256
ff3012e05530127dccf6124edff3007b8643c20def0f79e9940dec15c6af5b5a

SHA512
181174c28e01ce129e1f8e66ad29ff9e28920f612efba537240e2ce42f00089ce00ef6560a0a1070f53361ff89946903fbe8f308c442e381c261835b298949a3

Download Submit
C:\Windows\system\SwPBiWk.exe

Filesize
5.9MB

MD5
ad937d72559d1d2fe7a5b28acbb5e32d

SHA1
bea5a3ad94762f6c98e6ab263fb7659924f085bf

SHA256
ed1a4ea79a19f53c2f7c7743486738804bad2afba6aaa5e9b3ecfb7fa1971003

SHA512
c2f3c1cdd9ca9e22927b95f0f9a5b7d68f1304e566f159e132916ff76eafafcec0a0fc4c6944560dca62dcfd9b0bc38c76692fac08d0744f99793f1fa85d7dce

Download Submit
C:\Windows\system\VCNOhVj.exe

Filesize
5.9MB

MD5
80983c489cd560a23a8c63fdf4163dec

SHA1
6b63c999847dfe6648173fd3132a43fda41cf280

SHA256
c718506b8c36b1ed3d4f5c640d6ed78c67c522ad8443e1cd3b954589864a0f51

SHA512
2ee50bb97fb9ff0617bcf4fc338224604c0a0594e66dd1623fd56aa56307d909cf9fa3c0e27064874c1b83c310f6597e084cfee7302ae042f541bc5363ebf301

Download Submit
C:\Windows\system\ZmFuACq.exe

Filesize
5.9MB

MD5
3ab8bb136c42ccd0aabb867907598702

SHA1
5b24277a9d2da56bd357afc8355928069b81cba0

SHA256
7de054d717f7e94999623cb6aea14da9cd76f7b41d48af09f14e8ee5ebb98aae

SHA512
45399f160d7619e7869ffc697ad83d4381e0b43c47c1d8d6ab7ab3082faf0f2cd1b370abde3a20330e6d0832482c2019c7315efcc4af4e61e7fee0c29bc0c3b7

Download Submit
C:\Windows\system\bLjEsuS.exe

Filesize
5.9MB

MD5
b2270d79c77c5c31e86a255d7d23577f

SHA1
30931de2ef48c986c3dae9e92eb8b7eb45b912b0

SHA256
2a390226cd8b82eedb50cbf317c15a26e0d8dd5402ed6f6b2a11ae0e767748f5

SHA512
4863a0d6115b238746f54c41c4018e08cd0753c41a0d99cf7a68c68436ba045c7e19d70b1bdbabbb358d18ee4ba7cfeb72ef98a916dd837cc09ed57150bb49cf

Download Submit
C:\Windows\system\dZkAbUe.exe

Filesize
5.9MB

MD5
a22ffeb57d14fa16fa40926d1665af47

SHA1
fabf8c70e1ee75bcdac06d3bf14d07aa052fa9a6

SHA256
ae0aa4a2d518d7c680dd853cd9d5c2953e94cd9034a5cc70087ce16cc230611a

SHA512
00cf43f725422ac97b0ac863ec59c57176d0456cb05a5203d4fcc8a9c87ad57c5400133ad09ae69e4ac61759590d9a869244b6cb844e80dddcff80689a7997d8

Download Submit
C:\Windows\system\eNypPhe.exe

Filesize
5.9MB

MD5
453f5b4a1e347979a03ec3db9002f50a

SHA1
c07cb11e9902fce776f16b55e859b0354b3e392d

SHA256
62b11358a466eca5c5a6377a8e1cc457b75640b2cf9e2af2f1e49c110e4459e3

SHA512
67ef6dda4506ddac90d0ffcc7037699e032c7f322046d571a9be2a022e12a7ce70dc55d99dbeeed21cc97ebcc07c3da65bf4a97e01404c571650bea2768f6e23

Download Submit
C:\Windows\system\gXBomQo.exe

Filesize
5.9MB

MD5
034921c61137f8265ddc15dd8fcf0831

SHA1
fddbb39857500f24cb761af6a97e436b9df4b14e

SHA256
e8817e82059615461e9c0e3dacd9dbe776ddfdf86e0ee966454ea6b21e38d19e

SHA512
fe39ac9844a9e3d1b25a571cd069cc6e80658391b053a25f6880fa4e3c1f7be1af47308f04da2ad0e860949c61157ba42d9a7a784fde58df0eb3f972d231fa04

Download Submit
C:\Windows\system\jJcSCcm.exe

Filesize
5.9MB

MD5
a1c94f3e02082c24c8e233c2047117a7

SHA1
a24d3452e17e8cd747603414bbd677de5fa47ac3

SHA256
d4d2e7905ada9509b35b9a64f91cfebca41ed27cf4b9ee61a8e23406a366256b

SHA512
2ac6adee76e4b816748ace8a6b0f56932001c03a88af96f6bd2dbee2b09479ce27f1a2ed67dae1b7d0725ebe9dfe1b88fc3ee28c1ae35c15369ffe10686d67d9

Download Submit
C:\Windows\system\kAOXpJn.exe

Filesize
5.9MB

MD5
a8e60aa8d05f529b2178c66de095341a

SHA1
d5b6c9d17b5be882cd96a8bd361fc968337cbde7

SHA256
209607a0b805530f1feefa63b816e61fd19255cf6e8b0675dc5ea5bd08282447

SHA512
2295bdde29bca89630e94ae69e89e2e3a336eb8d38f4fe32f941071888390a6dfd4aeabfb91fd29b9425728ba7b2c4a2de0f8626989bc8f2d3c5e2018c2548d6

Download Submit
C:\Windows\system\klNoybB.exe

Filesize
5.9MB

MD5
53e5da69dddf73e4fe87e8f86a6cff57

SHA1
e23d2c6093c856b8383d51f74ca784fbb167146d

SHA256
130b996f1982314dacf96eb43e6cd96531657b43171459ba1471b4cca1e4fac8

SHA512
4f8e083116598b23096de299129e12a8d15f955ee42fc5d5b10f1bc8691b6a5087cb4a1e3ef204f1bebda7c63b2a5af0a43eab51a618df8345fb335860d5b279

Download Submit
C:\Windows\system\lbIwdso.exe

Filesize
5.9MB

MD5
3bd6fced1e0a24ff8bbca4baa89c3570

SHA1
98cdb8c5660a76d1d7c3e1e1174191b85aae36e0

SHA256
4f0fe75fbc63daf397c649f6cf88ce321ffb34285a74f1218c8dc487cb224bf8

SHA512
cc6a2fe7f235acdf1de1dc5c4f011527571e19d588ce2b85e51bbce08a8829d73b1a067b1efaa0c1868ca332a460a747646162fcef110c855228f3f71c199280

Download Submit
C:\Windows\system\mmDpxdH.exe

Filesize
5.9MB

MD5
64f2b7dab4f749a03867e5ee617dd776

SHA1
49e5ec3a1fe8484ffd4da7ad7ca41a2f8f2f67f4

SHA256
d1ba69e06efa5a801de30b8a0b8da835625248364c0cfe003d4eb696b571a30f

SHA512
add27a025ff8964f7432dfdd46d32089ddf1b42fd295ba4d7a4fc35bfaccb39913abd8f0dee7abfaeba46d0b29e94dc1b97974e67be49d3b795ca61de76d39c5

Download Submit
C:\Windows\system\muoSmky.exe

Filesize
5.9MB

MD5
5ad5af911e92b4b36ead6fce1aaddc6f

SHA1
1f4fa21a862081de4691b6c1ac3e9e4cf04d22a3

SHA256
5647f48783168c702866e67a52ec8200dd05f7a782bf8229cf1db52f795ffffb

SHA512
895fa1a20de74c16c66402903081d71a189d047daf3928b34ee5a1faecfa31987e739584418a34e22aa7552c96e42cd911e184e3df0de9f34f60954a657dff75

Download Submit
C:\Windows\system\qhuHspf.exe

Filesize
5.9MB

MD5
630874c39b39df2ea6d0c10084ff9131

SHA1
1a31c2b0407272d156f68b036c8b9714b8530eb5

SHA256
04e65a74e85fef70b50753626bbf8dddfeac142ccbeea9aaefd2bdfeb5f0e20b

SHA512
33df0d2153bc716ac1f1ac9fbea6e56efb3aed40e3d67a8e91b8bca5a17a77703185e4a254de63b93fd6b4055032194e38423cb646d0f2b0ba0b6b18998e529a

Download Submit
C:\Windows\system\qnIZNIg.exe

Filesize
5.9MB

MD5
9bf5af120c8fd6a59402502c89d2228f

SHA1
1473567f27064a9b8f1c7213ef3dad8da93c9c6d

SHA256
8542a6739731fe45b75f25d627de90b080a57151c5296b6c2a0f9f0d01170e9c

SHA512
a94c3027510828e13d44926d725f06b11f222352238d6adbaa73a676c1d8aed01b21e02bdc8fc7c192247e33c3132be6a16cde7b71b23a08f29d2b1e9a31ca17

Download Submit
C:\Windows\system\slvZCnp.exe

Filesize
5.9MB

MD5
3219437f55fd17d91a9d7602d60ce1e6

SHA1
820a5dc979591c01db67a7ba8662c73283d95cf7

SHA256
57e7cc364c82d8a3a53cf7c066df05f021caa38a98a6abe4b1cca43902faa952

SHA512
5db146aaebd0c5806b88a797c9aafeebdbdc3e63726060377053cb288f70170fafc7c26e7cab09a8458c2f6497db0f1664bb239b168d72eea2b719965ca550d1

Download Submit
C:\Windows\system\vmKKJrJ.exe

Filesize
5.9MB

MD5
f78d5a71b764cd8a3bd3d75a33569e4e

SHA1
d3932294cf33869bbd4a6b297eaf049bf40e3311

SHA256
80058139232f51028f07bc4305742290125adf8a483237f8bb762733f29ae756

SHA512
72fc618536f71538e9220c73b625e36e7d259d10fe29dad39b7e79904beda8c04050fc220908312bee0cc7384475c75128df129606a113a09e25e73f934549f5

Download Submit
C:\Windows\system\wkAUWJI.exe

Filesize
5.9MB

MD5
87adcf2c2b1c5e8a148ab9ccdeeb6654

SHA1
94b9aa6645f719017179f5f89ecb04298b9e59a6

SHA256
b89b7660c03ed87988df2e2708dac0ae8a7515211d09a6b2765e5c8c873d2023

SHA512
d71c0e385d21a0c9de55fdbd9e04e76288778b8c4dc4ded354ec480417d050ca19c355457a79cd38f79b6d87c002956e8c67bdb61757b64d79d326e9750be33a

Download Submit
C:\Windows\system\zRdSrJS.exe

Filesize
5.9MB

MD5
cad10b2247e2e6e632d5ba1a2e65531c

SHA1
d8ab18be5f98f247258813101dd99ac0dd2892af

SHA256
2b9628e8e4c1549d73b9944bf8ce4a82c639aac2b66c830ffaa02b074ceacc6b

SHA512
b6fb2fb7d521b765107d403854d522b8091090e73acd13b5645468dff3eba2ca110010d41bba71d941d7bc3ef7cf20ae63c0aa3e0519f351a88aa017f406c411

Download Submit
C:\Windows\system\zpFmWpf.exe

Filesize
5.9MB

MD5
70320d75abf5a85132febf7de403c700

SHA1
fa2034f6dbf08458ba24258103459565ed41be00

SHA256
d214d9476143c63cac7cdcc3832f30461dc83c5bd6f8002c7e01843b926ed4bd

SHA512
6fb2271bc8e681f580fbdb5f6b0bacba8e721f70ea912389520a4ebcdcfe17129bf2771198876ea1dd496998b82a0c654c57ecb25438446d27a6211d901351bc

Download Submit
\Windows\system\cQEnRKK.exe

Filesize
5.9MB

MD5
c5848bc07280a131819379f93cefb2be

SHA1
7b2237b6ed50fe34e5d5ddf113309135ee02af35

SHA256
5c5d9d74eb4c1c2579bc9a6d3fdd160a29c15441ce3dc4f5e4de7778b5f7e761

SHA512
8b73b73a3eb93cf50ef5a06275006be33a5b035abe9ce59c429dfb5a3fd3e41207aa30f78d938c7b0ec29717f0b75f58b7233f654decfe9e13d5d71145d70781

Download Submit
memory/1576-3337-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/1576-2111-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/1656-2271-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-2987-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/1656-2038-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-2114-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-2160-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-2075-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/1656-1-0x0000000001B20000-0x0000000001B30000-memory.dmp

Filesize
64KB

Download
memory/1656-3062-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-2229-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-3063-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/1656-3065-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-3066-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-2343-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-3067-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-3064-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-0-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/1656-2988-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-3070-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2092-2226-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2092-3300-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2380-2155-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-3338-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2400-2074-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2400-3311-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2552-2270-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2552-3340-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2640-2428-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2640-3349-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2888-3305-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2888-2342-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2944-2380-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2944-3335-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download