cobaltstrike | 6906a1b7df6492bd1fa152ad4df974deff84d042a39d1149f0e30644b348afed

Analysis

max time kernel
136s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30/03/2025, 07:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

5.7MB
MD5

74e6e87b56ab34284c566f77932ac03e
SHA1

bf508f4df68fc013d997aa7b62329efdd55798fe
SHA256

6906a1b7df6492bd1fa152ad4df974deff84d042a39d1149f0e30644b348afed
SHA512

badc80581c2bf621d596e9e2f49e04d72625dc86ed85fd92d73dd3019e35100ea78ec3c96d8bf904c283ae17cbc63ca1ec72c9ecfadc795b6c2ea7074e1f846a
SSDEEP

98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lUc:j+R56utgpPF8u/7c

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d0b-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d13-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d24-20.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d36-29.dat	cobalt_reflective_dll
behavioral1/files/0x0033000000016ca2-34.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d3f-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d47-43.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d9f-50.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d50-47.dat	cobalt_reflective_dll
behavioral1/files/0x001500000001866d-54.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018678-71.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018690-77.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001879b-84.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190cd-85.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190d6-92.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f3-99.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f7-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019218-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019229-117.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924c-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019277-141.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193be-151.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d9-165.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-161.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c4-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019389-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019271-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-121.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1048-0-0x000000013F070000-0x000000013F3BD000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/files/0x0008000000016d0b-10.dat	xmrig
behavioral1/memory/1592-11-0x000000013F4B0000-0x000000013F7FD000-memory.dmp	xmrig
behavioral1/memory/2568-13-0x000000013F4C0000-0x000000013F80D000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d13-9.dat	xmrig
behavioral1/files/0x0008000000016d24-20.dat	xmrig
behavioral1/memory/3064-25-0x000000013F050000-0x000000013F39D000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d36-29.dat	xmrig
behavioral1/memory/2636-31-0x000000013F2D0000-0x000000013F61D000-memory.dmp	xmrig
behavioral1/memory/2784-19-0x000000013F030000-0x000000013F37D000-memory.dmp	xmrig
behavioral1/files/0x0033000000016ca2-34.dat	xmrig
behavioral1/files/0x0007000000016d3f-39.dat	xmrig
behavioral1/files/0x0007000000016d47-43.dat	xmrig
behavioral1/files/0x0008000000016d9f-50.dat	xmrig
behavioral1/files/0x0009000000016d50-47.dat	xmrig
behavioral1/files/0x001500000001866d-54.dat	xmrig
behavioral1/memory/2712-58-0x000000013F910000-0x000000013FC5D000-memory.dmp	xmrig
behavioral1/memory/2860-63-0x000000013F930000-0x000000013FC7D000-memory.dmp	xmrig
behavioral1/memory/2644-61-0x000000013F9F0000-0x000000013FD3D000-memory.dmp	xmrig
behavioral1/memory/2620-62-0x000000013FB40000-0x000000013FE8D000-memory.dmp	xmrig
behavioral1/memory/2524-59-0x000000013F390000-0x000000013F6DD000-memory.dmp	xmrig
behavioral1/memory/2744-57-0x000000013FCC0000-0x000000014000D000-memory.dmp	xmrig
behavioral1/files/0x0009000000018678-71.dat	xmrig
behavioral1/memory/376-73-0x000000013FBD0000-0x000000013FF1D000-memory.dmp	xmrig
behavioral1/files/0x0005000000018690-77.dat	xmrig
behavioral1/files/0x000500000001879b-84.dat	xmrig
behavioral1/files/0x00060000000190cd-85.dat	xmrig
behavioral1/files/0x00060000000190d6-92.dat	xmrig
behavioral1/memory/2044-91-0x000000013F430000-0x000000013F77D000-memory.dmp	xmrig
behavioral1/memory/2796-89-0x000000013F300000-0x000000013F64D000-memory.dmp	xmrig
behavioral1/memory/1728-79-0x000000013FEA0000-0x00000001401ED000-memory.dmp	xmrig
behavioral1/files/0x00050000000191f3-99.dat	xmrig
behavioral1/memory/2248-103-0x000000013F670000-0x000000013F9BD000-memory.dmp	xmrig
behavioral1/files/0x00050000000191f7-105.dat	xmrig
behavioral1/files/0x0005000000019218-114.dat	xmrig
behavioral1/files/0x0005000000019229-117.dat	xmrig
behavioral1/files/0x000500000001924c-125.dat	xmrig
behavioral1/files/0x0005000000019277-141.dat	xmrig
behavioral1/files/0x00050000000193be-151.dat	xmrig
behavioral1/memory/1940-476-0x000000013FE40000-0x000000014018D000-memory.dmp	xmrig
behavioral1/memory/2476-471-0x000000013F820000-0x000000013FB6D000-memory.dmp	xmrig
behavioral1/memory/2080-474-0x000000013FD30000-0x000000014007D000-memory.dmp	xmrig
behavioral1/memory/1400-483-0x000000013FFD0000-0x000000014031D000-memory.dmp	xmrig
behavioral1/memory/1324-485-0x000000013FB30000-0x000000013FE7D000-memory.dmp	xmrig
behavioral1/memory/2848-486-0x000000013F420000-0x000000013F76D000-memory.dmp	xmrig
behavioral1/memory/1892-503-0x000000013F710000-0x000000013FA5D000-memory.dmp	xmrig
behavioral1/memory/2208-513-0x000000013F640000-0x000000013F98D000-memory.dmp	xmrig
behavioral1/memory/1692-517-0x000000013F1F0000-0x000000013F53D000-memory.dmp	xmrig
behavioral1/memory/2776-521-0x000000013FCB0000-0x000000013FFFD000-memory.dmp	xmrig
behavioral1/memory/2436-527-0x000000013F450000-0x000000013F79D000-memory.dmp	xmrig
behavioral1/memory/2132-484-0x000000013F380000-0x000000013F6CD000-memory.dmp	xmrig
behavioral1/memory/1444-469-0x000000013F6E0000-0x000000013FA2D000-memory.dmp	xmrig
behavioral1/files/0x00050000000193d9-165.dat	xmrig
behavioral1/files/0x00050000000193cc-161.dat	xmrig
behavioral1/files/0x00050000000193c4-157.dat	xmrig
behavioral1/files/0x0005000000019389-149.dat	xmrig
behavioral1/files/0x0005000000019382-145.dat	xmrig
behavioral1/files/0x0005000000019273-137.dat	xmrig
behavioral1/files/0x0005000000019271-134.dat	xmrig
behavioral1/files/0x000500000001926b-129.dat	xmrig
behavioral1/files/0x0005000000019234-121.dat	xmrig
behavioral1/memory/1988-109-0x000000013F190000-0x000000013F4DD000-memory.dmp	xmrig
behavioral1/memory/2832-97-0x000000013F980000-0x000000013FCCD000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1592	IXHwkum.exe
2568	ZNOegmQ.exe
2784	DwuGKLi.exe
3064	sPJNwqv.exe
2636	IyBEAGl.exe
2744	IqfoOYJ.exe
2644	dqnujOO.exe
2620	jIeNsIQ.exe
2860	tpwFaQz.exe
2524	ocIdDWx.exe
2712	PyUqatp.exe
376	vZLCxXh.exe
1728	oTnGIMP.exe
2044	UEyBFSc.exe
2796	dXrDZMj.exe
2832	RIIrujy.exe
2248	DERaYNm.exe
1988	qYzWjVa.exe
1400	cmviMsZ.exe
2132	XVTMvgY.exe
2268	qPogSlU.exe
1444	uUAIhxt.exe
1208	TIlTDxs.exe
2476	MESuFnJ.exe
2764	CxveRVo.exe
2080	EZsBkAU.exe
1916	LoeDjxJ.exe
1940	lYYniND.exe
1768	iWfBiXW.exe
2112	HvJEKQa.exe
2384	jEzlIBb.exe
2468	sABVeNm.exe
1104	xyGnMqW.exe
2884	wCCQRfG.exe
660	lGrSEwT.exe
936	ieRPcUv.exe
2180	fmmzZiC.exe
1324	XdOFzRc.exe
1680	qWJYTWG.exe
1556	OyTrvMS.exe
3032	ryHoepf.exe
2192	yeftUON.exe
1188	fZNsHml.exe
944	AhwVbzK.exe
2208	IdcwwXB.exe
1704	IOtchuq.exe
940	dHLEvDN.exe
1520	nhyJBAS.exe
1724	kHkNmZK.exe
1652	OJCKjnH.exe
3044	kFAAycm.exe
1628	yJPWdch.exe
892	uEMqWaL.exe
600	pzvooqc.exe
2204	sGYItHY.exe
836	QKOCbcR.exe
3004	SOQeJPm.exe
2184	mMybyqo.exe
2304	fYljVbR.exe
1564	JsXvwhd.exe
2140	PQHOYru.exe
2856	ffBpUfw.exe
2980	nzrObkc.exe
1752	rSWyoYl.exe

Loads dropped DLL 64 IoCs

pid	Process
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\VHsANIN.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bEnTcXj.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KajxyIb.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JzUDTGp.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EoXWnuW.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BkEyhQe.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dmfFMbU.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\Rykshrg.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VSXUDOP.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ciehHWg.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\beGpGHV.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xOGYdJY.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PzjQcdI.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jJAaWOe.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PHpNEsE.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OWxJeln.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nfbOtEE.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jmGkJfW.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ihqZTOR.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kFaZcRg.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mbBGImG.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LmPmVzP.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fiGxjYY.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kCunUBM.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oEjDZuq.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qSaiQGm.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hHCakJi.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gLwqfgC.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SOHRBbE.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FNCoerK.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\amZElDU.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kFAAycm.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vuXaVmt.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jKyPxHz.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CLZhBkK.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BagGrBp.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PfNMdUB.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WXUIulB.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UfojJWX.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cdOhVtz.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZprqhpB.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DweFnnV.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tRmoWyn.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DolEejp.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hwsOIma.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UvYzjNQ.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZReVWrU.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BcmrxZX.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\njiwYPy.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pnrXFyd.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qbszXNT.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zLELBlk.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VspPChl.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KUCHiOO.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DymPreG.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UnQzSRc.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CYQMcvf.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yQnxGrL.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yKRqcUb.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LRtriso.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dYxgszO.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dfpyvgm.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PWjSxfF.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aRNfxUT.exe	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1048 wrote to memory of 1592	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	29
PID 1048 wrote to memory of 1592	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	29
PID 1048 wrote to memory of 1592	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	29
PID 1048 wrote to memory of 2568	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	30
PID 1048 wrote to memory of 2568	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	30
PID 1048 wrote to memory of 2568	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	30
PID 1048 wrote to memory of 2784	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	31
PID 1048 wrote to memory of 2784	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	31
PID 1048 wrote to memory of 2784	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	31
PID 1048 wrote to memory of 3064	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	32
PID 1048 wrote to memory of 3064	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	32
PID 1048 wrote to memory of 3064	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	32
PID 1048 wrote to memory of 2636	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	33
PID 1048 wrote to memory of 2636	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	33
PID 1048 wrote to memory of 2636	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	33
PID 1048 wrote to memory of 2744	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	34
PID 1048 wrote to memory of 2744	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	34
PID 1048 wrote to memory of 2744	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	34
PID 1048 wrote to memory of 2644	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	35
PID 1048 wrote to memory of 2644	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	35
PID 1048 wrote to memory of 2644	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	35
PID 1048 wrote to memory of 2620	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	36
PID 1048 wrote to memory of 2620	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	36
PID 1048 wrote to memory of 2620	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	36
PID 1048 wrote to memory of 2860	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	37
PID 1048 wrote to memory of 2860	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	37
PID 1048 wrote to memory of 2860	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	37
PID 1048 wrote to memory of 2524	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	38
PID 1048 wrote to memory of 2524	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	38
PID 1048 wrote to memory of 2524	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	38
PID 1048 wrote to memory of 2712	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	39
PID 1048 wrote to memory of 2712	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	39
PID 1048 wrote to memory of 2712	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	39
PID 1048 wrote to memory of 376	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	40
PID 1048 wrote to memory of 376	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	40
PID 1048 wrote to memory of 376	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	40
PID 1048 wrote to memory of 1728	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	41
PID 1048 wrote to memory of 1728	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	41
PID 1048 wrote to memory of 1728	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	41
PID 1048 wrote to memory of 2044	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	42
PID 1048 wrote to memory of 2044	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	42
PID 1048 wrote to memory of 2044	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	42
PID 1048 wrote to memory of 2796	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	43
PID 1048 wrote to memory of 2796	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	43
PID 1048 wrote to memory of 2796	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	43
PID 1048 wrote to memory of 2832	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	44
PID 1048 wrote to memory of 2832	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	44
PID 1048 wrote to memory of 2832	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	44
PID 1048 wrote to memory of 2248	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	45
PID 1048 wrote to memory of 2248	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	45
PID 1048 wrote to memory of 2248	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	45
PID 1048 wrote to memory of 1988	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	46
PID 1048 wrote to memory of 1988	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	46
PID 1048 wrote to memory of 1988	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	46
PID 1048 wrote to memory of 1400	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	47
PID 1048 wrote to memory of 1400	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	47
PID 1048 wrote to memory of 1400	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	47
PID 1048 wrote to memory of 2132	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	48
PID 1048 wrote to memory of 2132	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	48
PID 1048 wrote to memory of 2132	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	48
PID 1048 wrote to memory of 2268	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	49
PID 1048 wrote to memory of 2268	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	49
PID 1048 wrote to memory of 2268	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	49
PID 1048 wrote to memory of 1444	1048	2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	50

C:\Users\Admin\AppData\Local\Temp\2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-30_74e6e87b56ab34284c566f77932ac03e_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1048
- C:\Windows\System\IXHwkum.exe
  C:\Windows\System\IXHwkum.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\ZNOegmQ.exe
  C:\Windows\System\ZNOegmQ.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\DwuGKLi.exe
  C:\Windows\System\DwuGKLi.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\sPJNwqv.exe
  C:\Windows\System\sPJNwqv.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\IyBEAGl.exe
  C:\Windows\System\IyBEAGl.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\IqfoOYJ.exe
  C:\Windows\System\IqfoOYJ.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\dqnujOO.exe
  C:\Windows\System\dqnujOO.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\jIeNsIQ.exe
  C:\Windows\System\jIeNsIQ.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\tpwFaQz.exe
  C:\Windows\System\tpwFaQz.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\ocIdDWx.exe
  C:\Windows\System\ocIdDWx.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\PyUqatp.exe
  C:\Windows\System\PyUqatp.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\vZLCxXh.exe
  C:\Windows\System\vZLCxXh.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\oTnGIMP.exe
  C:\Windows\System\oTnGIMP.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\UEyBFSc.exe
  C:\Windows\System\UEyBFSc.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\dXrDZMj.exe
  C:\Windows\System\dXrDZMj.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\RIIrujy.exe
  C:\Windows\System\RIIrujy.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\DERaYNm.exe
  C:\Windows\System\DERaYNm.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\qYzWjVa.exe
  C:\Windows\System\qYzWjVa.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\cmviMsZ.exe
  C:\Windows\System\cmviMsZ.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\XVTMvgY.exe
  C:\Windows\System\XVTMvgY.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\qPogSlU.exe
  C:\Windows\System\qPogSlU.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\uUAIhxt.exe
  C:\Windows\System\uUAIhxt.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\TIlTDxs.exe
  C:\Windows\System\TIlTDxs.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\MESuFnJ.exe
  C:\Windows\System\MESuFnJ.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\CxveRVo.exe
  C:\Windows\System\CxveRVo.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\EZsBkAU.exe
  C:\Windows\System\EZsBkAU.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\LoeDjxJ.exe
  C:\Windows\System\LoeDjxJ.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\lYYniND.exe
  C:\Windows\System\lYYniND.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\iWfBiXW.exe
  C:\Windows\System\iWfBiXW.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\HvJEKQa.exe
  C:\Windows\System\HvJEKQa.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\jEzlIBb.exe
  C:\Windows\System\jEzlIBb.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\sABVeNm.exe
  C:\Windows\System\sABVeNm.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\xyGnMqW.exe
  C:\Windows\System\xyGnMqW.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\wCCQRfG.exe
  C:\Windows\System\wCCQRfG.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\lGrSEwT.exe
  C:\Windows\System\lGrSEwT.exe
  2⤵
  - Executes dropped EXE
  PID:660
- C:\Windows\System\ieRPcUv.exe
  C:\Windows\System\ieRPcUv.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\fmmzZiC.exe
  C:\Windows\System\fmmzZiC.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\XdOFzRc.exe
  C:\Windows\System\XdOFzRc.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\qWJYTWG.exe
  C:\Windows\System\qWJYTWG.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\OyTrvMS.exe
  C:\Windows\System\OyTrvMS.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\ryHoepf.exe
  C:\Windows\System\ryHoepf.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\yeftUON.exe
  C:\Windows\System\yeftUON.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\fZNsHml.exe
  C:\Windows\System\fZNsHml.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\AhwVbzK.exe
  C:\Windows\System\AhwVbzK.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\IdcwwXB.exe
  C:\Windows\System\IdcwwXB.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\IOtchuq.exe
  C:\Windows\System\IOtchuq.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\dHLEvDN.exe
  C:\Windows\System\dHLEvDN.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\nhyJBAS.exe
  C:\Windows\System\nhyJBAS.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\kHkNmZK.exe
  C:\Windows\System\kHkNmZK.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\OJCKjnH.exe
  C:\Windows\System\OJCKjnH.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\kFAAycm.exe
  C:\Windows\System\kFAAycm.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\yJPWdch.exe
  C:\Windows\System\yJPWdch.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\uEMqWaL.exe
  C:\Windows\System\uEMqWaL.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\pzvooqc.exe
  C:\Windows\System\pzvooqc.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\sGYItHY.exe
  C:\Windows\System\sGYItHY.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\QKOCbcR.exe
  C:\Windows\System\QKOCbcR.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\SOQeJPm.exe
  C:\Windows\System\SOQeJPm.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\mMybyqo.exe
  C:\Windows\System\mMybyqo.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\fYljVbR.exe
  C:\Windows\System\fYljVbR.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\JsXvwhd.exe
  C:\Windows\System\JsXvwhd.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\PQHOYru.exe
  C:\Windows\System\PQHOYru.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\ffBpUfw.exe
  C:\Windows\System\ffBpUfw.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\nzrObkc.exe
  C:\Windows\System\nzrObkc.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\rSWyoYl.exe
  C:\Windows\System\rSWyoYl.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\niivkDb.exe
  C:\Windows\System\niivkDb.exe
  2⤵
  PID:1440
- C:\Windows\System\OsCDYKb.exe
  C:\Windows\System\OsCDYKb.exe
  2⤵
  PID:2928
- C:\Windows\System\ahjWoMy.exe
  C:\Windows\System\ahjWoMy.exe
  2⤵
  PID:2924
- C:\Windows\System\gGipMwD.exe
  C:\Windows\System\gGipMwD.exe
  2⤵
  PID:2276
- C:\Windows\System\dmfFMbU.exe
  C:\Windows\System\dmfFMbU.exe
  2⤵
  PID:1692
- C:\Windows\System\bqbKsnQ.exe
  C:\Windows\System\bqbKsnQ.exe
  2⤵
  PID:2296
- C:\Windows\System\vuXaVmt.exe
  C:\Windows\System\vuXaVmt.exe
  2⤵
  PID:2776
- C:\Windows\System\nMKkrRM.exe
  C:\Windows\System\nMKkrRM.exe
  2⤵
  PID:2212
- C:\Windows\System\LEnxGtg.exe
  C:\Windows\System\LEnxGtg.exe
  2⤵
  PID:2592
- C:\Windows\System\NiMeJyX.exe
  C:\Windows\System\NiMeJyX.exe
  2⤵
  PID:2872
- C:\Windows\System\aBBeNUx.exe
  C:\Windows\System\aBBeNUx.exe
  2⤵
  PID:2848
- C:\Windows\System\dcUAMnp.exe
  C:\Windows\System\dcUAMnp.exe
  2⤵
  PID:2576
- C:\Windows\System\MzUPtZs.exe
  C:\Windows\System\MzUPtZs.exe
  2⤵
  PID:2736
- C:\Windows\System\ZGCvmUq.exe
  C:\Windows\System\ZGCvmUq.exe
  2⤵
  PID:2436
- C:\Windows\System\jZTfupZ.exe
  C:\Windows\System\jZTfupZ.exe
  2⤵
  PID:2944
- C:\Windows\System\GTdFXAm.exe
  C:\Windows\System\GTdFXAm.exe
  2⤵
  PID:2660
- C:\Windows\System\DRCmNYs.exe
  C:\Windows\System\DRCmNYs.exe
  2⤵
  PID:3068
- C:\Windows\System\gRXZfIY.exe
  C:\Windows\System\gRXZfIY.exe
  2⤵
  PID:1892
- C:\Windows\System\yoLVLnP.exe
  C:\Windows\System\yoLVLnP.exe
  2⤵
  PID:2588
- C:\Windows\System\fnnHZTr.exe
  C:\Windows\System\fnnHZTr.exe
  2⤵
  PID:2828
- C:\Windows\System\TghmofB.exe
  C:\Windows\System\TghmofB.exe
  2⤵
  PID:2608
- C:\Windows\System\jpyrcDN.exe
  C:\Windows\System\jpyrcDN.exe
  2⤵
  PID:2560
- C:\Windows\System\Mnlengl.exe
  C:\Windows\System\Mnlengl.exe
  2⤵
  PID:2960
- C:\Windows\System\ouSGzbY.exe
  C:\Windows\System\ouSGzbY.exe
  2⤵
  PID:2272
- C:\Windows\System\eHdNzxT.exe
  C:\Windows\System\eHdNzxT.exe
  2⤵
  PID:2700
- C:\Windows\System\mXSUtpq.exe
  C:\Windows\System\mXSUtpq.exe
  2⤵
  PID:316
- C:\Windows\System\bqhmqog.exe
  C:\Windows\System\bqhmqog.exe
  2⤵
  PID:2748
- C:\Windows\System\eGYcnwg.exe
  C:\Windows\System\eGYcnwg.exe
  2⤵
  PID:1236
- C:\Windows\System\WpoQpDK.exe
  C:\Windows\System\WpoQpDK.exe
  2⤵
  PID:1944
- C:\Windows\System\vEsARCZ.exe
  C:\Windows\System\vEsARCZ.exe
  2⤵
  PID:1996
- C:\Windows\System\svZqNBB.exe
  C:\Windows\System\svZqNBB.exe
  2⤵
  PID:2760
- C:\Windows\System\NJWQOoM.exe
  C:\Windows\System\NJWQOoM.exe
  2⤵
  PID:1932
- C:\Windows\System\izPSUmL.exe
  C:\Windows\System\izPSUmL.exe
  2⤵
  PID:2376
- C:\Windows\System\wziqCrN.exe
  C:\Windows\System\wziqCrN.exe
  2⤵
  PID:740
- C:\Windows\System\nqHPihc.exe
  C:\Windows\System\nqHPihc.exe
  2⤵
  PID:2888
- C:\Windows\System\HCYsbKz.exe
  C:\Windows\System\HCYsbKz.exe
  2⤵
  PID:1488
- C:\Windows\System\FqGHMEw.exe
  C:\Windows\System\FqGHMEw.exe
  2⤵
  PID:1528
- C:\Windows\System\UfojJWX.exe
  C:\Windows\System\UfojJWX.exe
  2⤵
  PID:448
- C:\Windows\System\oleHCam.exe
  C:\Windows\System\oleHCam.exe
  2⤵
  PID:2128
- C:\Windows\System\ppWsOqW.exe
  C:\Windows\System\ppWsOqW.exe
  2⤵
  PID:2716
- C:\Windows\System\sdbfDje.exe
  C:\Windows\System\sdbfDje.exe
  2⤵
  PID:700
- C:\Windows\System\oRVdIFN.exe
  C:\Windows\System\oRVdIFN.exe
  2⤵
  PID:920
- C:\Windows\System\XVHsXKH.exe
  C:\Windows\System\XVHsXKH.exe
  2⤵
  PID:2876
- C:\Windows\System\ewtmUrT.exe
  C:\Windows\System\ewtmUrT.exe
  2⤵
  PID:288
- C:\Windows\System\TrwDkki.exe
  C:\Windows\System\TrwDkki.exe
  2⤵
  PID:788
- C:\Windows\System\RdesXBq.exe
  C:\Windows\System\RdesXBq.exe
  2⤵
  PID:284
- C:\Windows\System\iumQuzO.exe
  C:\Windows\System\iumQuzO.exe
  2⤵
  PID:984
- C:\Windows\System\lFFqRDt.exe
  C:\Windows\System\lFFqRDt.exe
  2⤵
  PID:2072
- C:\Windows\System\OOsJePI.exe
  C:\Windows\System\OOsJePI.exe
  2⤵
  PID:2680
- C:\Windows\System\zxfaKep.exe
  C:\Windows\System\zxfaKep.exe
  2⤵
  PID:2060
- C:\Windows\System\tCvxhmJ.exe
  C:\Windows\System\tCvxhmJ.exe
  2⤵
  PID:880
- C:\Windows\System\sxDpmyv.exe
  C:\Windows\System\sxDpmyv.exe
  2⤵
  PID:2912
- C:\Windows\System\QOLziDz.exe
  C:\Windows\System\QOLziDz.exe
  2⤵
  PID:1584
- C:\Windows\System\MDwUNWz.exe
  C:\Windows\System\MDwUNWz.exe
  2⤵
  PID:2100
- C:\Windows\System\RFghavL.exe
  C:\Windows\System\RFghavL.exe
  2⤵
  PID:2432
- C:\Windows\System\bTqQpsF.exe
  C:\Windows\System\bTqQpsF.exe
  2⤵
  PID:2704
- C:\Windows\System\SgXSYgz.exe
  C:\Windows\System\SgXSYgz.exe
  2⤵
  PID:2752
- C:\Windows\System\pTxVysJ.exe
  C:\Windows\System\pTxVysJ.exe
  2⤵
  PID:2836
- C:\Windows\System\gHdCton.exe
  C:\Windows\System\gHdCton.exe
  2⤵
  PID:2564
- C:\Windows\System\qGDOOCI.exe
  C:\Windows\System\qGDOOCI.exe
  2⤵
  PID:2616
- C:\Windows\System\WRMevfD.exe
  C:\Windows\System\WRMevfD.exe
  2⤵
  PID:1604
- C:\Windows\System\rRsbYFR.exe
  C:\Windows\System\rRsbYFR.exe
  2⤵
  PID:2816
- C:\Windows\System\WETzLLl.exe
  C:\Windows\System\WETzLLl.exe
  2⤵
  PID:2528
- C:\Windows\System\pgEYdse.exe
  C:\Windows\System\pgEYdse.exe
  2⤵
  PID:620
- C:\Windows\System\ZNlGrez.exe
  C:\Windows\System\ZNlGrez.exe
  2⤵
  PID:2000
- C:\Windows\System\RcevFaS.exe
  C:\Windows\System\RcevFaS.exe
  2⤵
  PID:2692
- C:\Windows\System\zsbIuRs.exe
  C:\Windows\System\zsbIuRs.exe
  2⤵
  PID:1612
- C:\Windows\System\ogvKqYi.exe
  C:\Windows\System\ogvKqYi.exe
  2⤵
  PID:1644
- C:\Windows\System\gnUllbN.exe
  C:\Windows\System\gnUllbN.exe
  2⤵
  PID:1484
- C:\Windows\System\iVUYpPi.exe
  C:\Windows\System\iVUYpPi.exe
  2⤵
  PID:332
- C:\Windows\System\JZFUKer.exe
  C:\Windows\System\JZFUKer.exe
  2⤵
  PID:832
- C:\Windows\System\QNsOSyN.exe
  C:\Windows\System\QNsOSyN.exe
  2⤵
  PID:1404
- C:\Windows\System\UzcudDZ.exe
  C:\Windows\System\UzcudDZ.exe
  2⤵
  PID:1092
- C:\Windows\System\oGfxXCO.exe
  C:\Windows\System\oGfxXCO.exe
  2⤵
  PID:1760
- C:\Windows\System\XRtyvee.exe
  C:\Windows\System\XRtyvee.exe
  2⤵
  PID:684
- C:\Windows\System\vjeIWgT.exe
  C:\Windows\System\vjeIWgT.exe
  2⤵
  PID:776
- C:\Windows\System\CVnfdSe.exe
  C:\Windows\System\CVnfdSe.exe
  2⤵
  PID:1780
- C:\Windows\System\qBnSBLD.exe
  C:\Windows\System\qBnSBLD.exe
  2⤵
  PID:1668
- C:\Windows\System\HmXXAEJ.exe
  C:\Windows\System\HmXXAEJ.exe
  2⤵
  PID:2420
- C:\Windows\System\hNGJNYo.exe
  C:\Windows\System\hNGJNYo.exe
  2⤵
  PID:2864
- C:\Windows\System\USAzMtJ.exe
  C:\Windows\System\USAzMtJ.exe
  2⤵
  PID:2612
- C:\Windows\System\rUAiOHK.exe
  C:\Windows\System\rUAiOHK.exe
  2⤵
  PID:2728
- C:\Windows\System\FrazSwW.exe
  C:\Windows\System\FrazSwW.exe
  2⤵
  PID:2812
- C:\Windows\System\nttuxAl.exe
  C:\Windows\System\nttuxAl.exe
  2⤵
  PID:1808
- C:\Windows\System\BnSijxs.exe
  C:\Windows\System\BnSijxs.exe
  2⤵
  PID:1852
- C:\Windows\System\RXFShGg.exe
  C:\Windows\System\RXFShGg.exe
  2⤵
  PID:2720
- C:\Windows\System\JBKKOkF.exe
  C:\Windows\System\JBKKOkF.exe
  2⤵
  PID:1060
- C:\Windows\System\RGqaBHA.exe
  C:\Windows\System\RGqaBHA.exe
  2⤵
  PID:2768
- C:\Windows\System\GUhPfvp.exe
  C:\Windows\System\GUhPfvp.exe
  2⤵
  PID:1540
- C:\Windows\System\nLPOzJt.exe
  C:\Windows\System\nLPOzJt.exe
  2⤵
  PID:1776
- C:\Windows\System\GeqoMzl.exe
  C:\Windows\System\GeqoMzl.exe
  2⤵
  PID:2424
- C:\Windows\System\oIldSpV.exe
  C:\Windows\System\oIldSpV.exe
  2⤵
  PID:1548
- C:\Windows\System\EtpiNvr.exe
  C:\Windows\System\EtpiNvr.exe
  2⤵
  PID:2252
- C:\Windows\System\AJRNuhw.exe
  C:\Windows\System\AJRNuhw.exe
  2⤵
  PID:2756
- C:\Windows\System\lbrgYCa.exe
  C:\Windows\System\lbrgYCa.exe
  2⤵
  PID:2540
- C:\Windows\System\zvyxKqQ.exe
  C:\Windows\System\zvyxKqQ.exe
  2⤵
  PID:2548
- C:\Windows\System\yEteWcD.exe
  C:\Windows\System\yEteWcD.exe
  2⤵
  PID:584
- C:\Windows\System\iOFTqvm.exe
  C:\Windows\System\iOFTqvm.exe
  2⤵
  PID:2364
- C:\Windows\System\DIbWMiD.exe
  C:\Windows\System\DIbWMiD.exe
  2⤵
  PID:2772
- C:\Windows\System\lKQUMZF.exe
  C:\Windows\System\lKQUMZF.exe
  2⤵
  PID:2996
- C:\Windows\System\FIcXbGC.exe
  C:\Windows\System\FIcXbGC.exe
  2⤵
  PID:2088
- C:\Windows\System\ewEqwWo.exe
  C:\Windows\System\ewEqwWo.exe
  2⤵
  PID:2964
- C:\Windows\System\GhIXcHK.exe
  C:\Windows\System\GhIXcHK.exe
  2⤵
  PID:3080
- C:\Windows\System\NFweBaz.exe
  C:\Windows\System\NFweBaz.exe
  2⤵
  PID:3096
- C:\Windows\System\Cfcmjmg.exe
  C:\Windows\System\Cfcmjmg.exe
  2⤵
  PID:3112
- C:\Windows\System\USCrQbL.exe
  C:\Windows\System\USCrQbL.exe
  2⤵
  PID:3128
- C:\Windows\System\FCxXEXS.exe
  C:\Windows\System\FCxXEXS.exe
  2⤵
  PID:3144
- C:\Windows\System\gnowKOb.exe
  C:\Windows\System\gnowKOb.exe
  2⤵
  PID:3160
- C:\Windows\System\IwbsZpF.exe
  C:\Windows\System\IwbsZpF.exe
  2⤵
  PID:3176
- C:\Windows\System\uTTtclc.exe
  C:\Windows\System\uTTtclc.exe
  2⤵
  PID:3192
- C:\Windows\System\LJFhwIt.exe
  C:\Windows\System\LJFhwIt.exe
  2⤵
  PID:3208
- C:\Windows\System\hHTawNl.exe
  C:\Windows\System\hHTawNl.exe
  2⤵
  PID:3224
- C:\Windows\System\JtEmcrp.exe
  C:\Windows\System\JtEmcrp.exe
  2⤵
  PID:3240
- C:\Windows\System\WeWlakE.exe
  C:\Windows\System\WeWlakE.exe
  2⤵
  PID:3256
- C:\Windows\System\IcmYoXQ.exe
  C:\Windows\System\IcmYoXQ.exe
  2⤵
  PID:3272
- C:\Windows\System\SAHqFdw.exe
  C:\Windows\System\SAHqFdw.exe
  2⤵
  PID:3288
- C:\Windows\System\bBdfHaI.exe
  C:\Windows\System\bBdfHaI.exe
  2⤵
  PID:3304
- C:\Windows\System\QGiHZsK.exe
  C:\Windows\System\QGiHZsK.exe
  2⤵
  PID:3320
- C:\Windows\System\DLWjFEU.exe
  C:\Windows\System\DLWjFEU.exe
  2⤵
  PID:3336
- C:\Windows\System\cGxMHAl.exe
  C:\Windows\System\cGxMHAl.exe
  2⤵
  PID:3356
- C:\Windows\System\GFgHxXf.exe
  C:\Windows\System\GFgHxXf.exe
  2⤵
  PID:3376
- C:\Windows\System\vzonCyv.exe
  C:\Windows\System\vzonCyv.exe
  2⤵
  PID:3396
- C:\Windows\System\oDwPGkL.exe
  C:\Windows\System\oDwPGkL.exe
  2⤵
  PID:3444
- C:\Windows\System\rMpGGrC.exe
  C:\Windows\System\rMpGGrC.exe
  2⤵
  PID:3488
- C:\Windows\System\rsvdDHE.exe
  C:\Windows\System\rsvdDHE.exe
  2⤵
  PID:3504
- C:\Windows\System\omtbyFm.exe
  C:\Windows\System\omtbyFm.exe
  2⤵
  PID:3520
- C:\Windows\System\VtpxZzW.exe
  C:\Windows\System\VtpxZzW.exe
  2⤵
  PID:3536
- C:\Windows\System\IHeJzNk.exe
  C:\Windows\System\IHeJzNk.exe
  2⤵
  PID:3552
- C:\Windows\System\gAuSgmP.exe
  C:\Windows\System\gAuSgmP.exe
  2⤵
  PID:3576
- C:\Windows\System\CiEtieb.exe
  C:\Windows\System\CiEtieb.exe
  2⤵
  PID:3592
- C:\Windows\System\icSdQRz.exe
  C:\Windows\System\icSdQRz.exe
  2⤵
  PID:3608
- C:\Windows\System\AJivWqw.exe
  C:\Windows\System\AJivWqw.exe
  2⤵
  PID:3624
- C:\Windows\System\hqccanO.exe
  C:\Windows\System\hqccanO.exe
  2⤵
  PID:3644
- C:\Windows\System\uImzfBv.exe
  C:\Windows\System\uImzfBv.exe
  2⤵
  PID:3672
- C:\Windows\System\UQkZANc.exe
  C:\Windows\System\UQkZANc.exe
  2⤵
  PID:3692
- C:\Windows\System\bZmSJjm.exe
  C:\Windows\System\bZmSJjm.exe
  2⤵
  PID:3712
- C:\Windows\System\lhKLigt.exe
  C:\Windows\System\lhKLigt.exe
  2⤵
  PID:3764
- C:\Windows\System\ZMCzZCW.exe
  C:\Windows\System\ZMCzZCW.exe
  2⤵
  PID:3816
- C:\Windows\System\iTYTCwP.exe
  C:\Windows\System\iTYTCwP.exe
  2⤵
  PID:3868
- C:\Windows\System\VqNopQZ.exe
  C:\Windows\System\VqNopQZ.exe
  2⤵
  PID:3896
- C:\Windows\System\hcGZGWl.exe
  C:\Windows\System\hcGZGWl.exe
  2⤵
  PID:3912
- C:\Windows\System\vWJqfdr.exe
  C:\Windows\System\vWJqfdr.exe
  2⤵
  PID:3928
- C:\Windows\System\SfRxRow.exe
  C:\Windows\System\SfRxRow.exe
  2⤵
  PID:3944
- C:\Windows\System\avZhHpu.exe
  C:\Windows\System\avZhHpu.exe
  2⤵
  PID:3960
- C:\Windows\System\pjHkRUq.exe
  C:\Windows\System\pjHkRUq.exe
  2⤵
  PID:3972
- C:\Windows\System\REDGSSi.exe
  C:\Windows\System\REDGSSi.exe
  2⤵
  PID:3864
- C:\Windows\System\ToITJKv.exe
  C:\Windows\System\ToITJKv.exe
  2⤵
  PID:3780
- C:\Windows\System\vGkPTGZ.exe
  C:\Windows\System\vGkPTGZ.exe
  2⤵
  PID:3812
- C:\Windows\System\CLZlGTb.exe
  C:\Windows\System\CLZlGTb.exe
  2⤵
  PID:3892
- C:\Windows\System\iYmzAmG.exe
  C:\Windows\System\iYmzAmG.exe
  2⤵
  PID:3052
- C:\Windows\System\bDMiWKs.exe
  C:\Windows\System\bDMiWKs.exe
  2⤵
  PID:3996
- C:\Windows\System\xskXvud.exe
  C:\Windows\System\xskXvud.exe
  2⤵
  PID:4000
- C:\Windows\System\jKyPxHz.exe
  C:\Windows\System\jKyPxHz.exe
  2⤵
  PID:1252
- C:\Windows\System\SUofNBq.exe
  C:\Windows\System\SUofNBq.exe
  2⤵
  PID:2628
- C:\Windows\System\eHHUfBP.exe
  C:\Windows\System\eHHUfBP.exe
  2⤵
  PID:4020
- C:\Windows\System\FOQcboY.exe
  C:\Windows\System\FOQcboY.exe
  2⤵
  PID:4040
- C:\Windows\System\EeMmVHq.exe
  C:\Windows\System\EeMmVHq.exe
  2⤵
  PID:4084
- C:\Windows\System\oyCLhNq.exe
  C:\Windows\System\oyCLhNq.exe
  2⤵
  PID:3168
- C:\Windows\System\ClvKZxW.exe
  C:\Windows\System\ClvKZxW.exe
  2⤵
  PID:756
- C:\Windows\System\zrJFlEZ.exe
  C:\Windows\System\zrJFlEZ.exe
  2⤵
  PID:3172
- C:\Windows\System\XodStjK.exe
  C:\Windows\System\XodStjK.exe
  2⤵
  PID:3136
- C:\Windows\System\qnPbLeX.exe
  C:\Windows\System\qnPbLeX.exe
  2⤵
  PID:3184
- C:\Windows\System\Zzewqma.exe
  C:\Windows\System\Zzewqma.exe
  2⤵
  PID:3216
- C:\Windows\System\bJdWzpv.exe
  C:\Windows\System\bJdWzpv.exe
  2⤵
  PID:3312
- C:\Windows\System\oUeIKgW.exe
  C:\Windows\System\oUeIKgW.exe
  2⤵
  PID:1844
- C:\Windows\System\nxtVqHR.exe
  C:\Windows\System\nxtVqHR.exe
  2⤵
  PID:3368
- C:\Windows\System\tEIrnvd.exe
  C:\Windows\System\tEIrnvd.exe
  2⤵
  PID:1204
- C:\Windows\System\njiwYPy.exe
  C:\Windows\System\njiwYPy.exe
  2⤵
  PID:3832
- C:\Windows\System\ThSJtnu.exe
  C:\Windows\System\ThSJtnu.exe
  2⤵
  PID:3788
- C:\Windows\System\uVqAwAh.exe
  C:\Windows\System\uVqAwAh.exe
  2⤵
  PID:2004
- C:\Windows\System\JIxwlHq.exe
  C:\Windows\System\JIxwlHq.exe
  2⤵
  PID:3500
- C:\Windows\System\yJHzeyW.exe
  C:\Windows\System\yJHzeyW.exe
  2⤵
  PID:3976
- C:\Windows\System\WGtkxFE.exe
  C:\Windows\System\WGtkxFE.exe
  2⤵
  PID:3920
- C:\Windows\System\XIWTere.exe
  C:\Windows\System\XIWTere.exe
  2⤵
  PID:3600
- C:\Windows\System\YcVmYco.exe
  C:\Windows\System\YcVmYco.exe
  2⤵
  PID:3632
- C:\Windows\System\PKcZYTL.exe
  C:\Windows\System\PKcZYTL.exe
  2⤵
  PID:1912
- C:\Windows\System\PviUUlN.exe
  C:\Windows\System\PviUUlN.exe
  2⤵
  PID:3684
- C:\Windows\System\mVtSOnd.exe
  C:\Windows\System\mVtSOnd.exe
  2⤵
  PID:2380
- C:\Windows\System\wbLafgh.exe
  C:\Windows\System\wbLafgh.exe
  2⤵
  PID:3756
- C:\Windows\System\oUlirGR.exe
  C:\Windows\System\oUlirGR.exe
  2⤵
  PID:3852
- C:\Windows\System\RfHhsue.exe
  C:\Windows\System\RfHhsue.exe
  2⤵
  PID:3748
- C:\Windows\System\ftVITwT.exe
  C:\Windows\System\ftVITwT.exe
  2⤵
  PID:1952
- C:\Windows\System\IBIJfjI.exe
  C:\Windows\System\IBIJfjI.exe
  2⤵
  PID:3908
- C:\Windows\System\fDjfVnj.exe
  C:\Windows\System\fDjfVnj.exe
  2⤵
  PID:3408
- C:\Windows\System\vSttsbS.exe
  C:\Windows\System\vSttsbS.exe
  2⤵
  PID:3984
- C:\Windows\System\bhGWmMK.exe
  C:\Windows\System\bhGWmMK.exe
  2⤵
  PID:4012
- C:\Windows\System\lZyrfYb.exe
  C:\Windows\System\lZyrfYb.exe
  2⤵
  PID:4016
- C:\Windows\System\AWEKsvX.exe
  C:\Windows\System\AWEKsvX.exe
  2⤵
  PID:4088
- C:\Windows\System\DAOijKb.exe
  C:\Windows\System\DAOijKb.exe
  2⤵
  PID:3936
- C:\Windows\System\gSfeWeF.exe
  C:\Windows\System\gSfeWeF.exe
  2⤵
  PID:3220
- C:\Windows\System\UKvYBoB.exe
  C:\Windows\System\UKvYBoB.exe
  2⤵
  PID:3092
- C:\Windows\System\uAbkhlo.exe
  C:\Windows\System\uAbkhlo.exe
  2⤵
  PID:3968
- C:\Windows\System\zCIjrcd.exe
  C:\Windows\System\zCIjrcd.exe
  2⤵
  PID:552
- C:\Windows\System\iNuGKpB.exe
  C:\Windows\System\iNuGKpB.exe
  2⤵
  PID:4032
- C:\Windows\System\kPhVyRn.exe
  C:\Windows\System\kPhVyRn.exe
  2⤵
  PID:4064
- C:\Windows\System\geeVwuG.exe
  C:\Windows\System\geeVwuG.exe
  2⤵
  PID:3140
- C:\Windows\System\NjfBTOw.exe
  C:\Windows\System\NjfBTOw.exe
  2⤵
  PID:3348
- C:\Windows\System\dPdvcNT.exe
  C:\Windows\System\dPdvcNT.exe
  2⤵
  PID:3392
- C:\Windows\System\CTcgdNA.exe
  C:\Windows\System\CTcgdNA.exe
  2⤵
  PID:3284
- C:\Windows\System\tVvdIjZ.exe
  C:\Windows\System\tVvdIjZ.exe
  2⤵
  PID:3420
- C:\Windows\System\vvpBglL.exe
  C:\Windows\System\vvpBglL.exe
  2⤵
  PID:3296
- C:\Windows\System\UvYzjNQ.exe
  C:\Windows\System\UvYzjNQ.exe
  2⤵
  PID:3484
- C:\Windows\System\zeKoFyy.exe
  C:\Windows\System\zeKoFyy.exe
  2⤵
  PID:3588
- C:\Windows\System\HtuwfwW.exe
  C:\Windows\System\HtuwfwW.exe
  2⤵
  PID:3732
- C:\Windows\System\LhYXvOO.exe
  C:\Windows\System\LhYXvOO.exe
  2⤵
  PID:1936
- C:\Windows\System\dwIamvq.exe
  C:\Windows\System\dwIamvq.exe
  2⤵
  PID:3720
- C:\Windows\System\hwsOIma.exe
  C:\Windows\System\hwsOIma.exe
  2⤵
  PID:3708
- C:\Windows\System\JsrLJpW.exe
  C:\Windows\System\JsrLJpW.exe
  2⤵
  PID:876
- C:\Windows\System\xTkSVQF.exe
  C:\Windows\System\xTkSVQF.exe
  2⤵
  PID:3564
- C:\Windows\System\NphReQH.exe
  C:\Windows\System\NphReQH.exe
  2⤵
  PID:3688
- C:\Windows\System\vmFnAno.exe
  C:\Windows\System\vmFnAno.exe
  2⤵
  PID:3888
- C:\Windows\System\PIdkoKV.exe
  C:\Windows\System\PIdkoKV.exe
  2⤵
  PID:3988
- C:\Windows\System\BNYftMM.exe
  C:\Windows\System\BNYftMM.exe
  2⤵
  PID:2932
- C:\Windows\System\MkzXNMD.exe
  C:\Windows\System\MkzXNMD.exe
  2⤵
  PID:3860
- C:\Windows\System\wZLSwFe.exe
  C:\Windows\System\wZLSwFe.exe
  2⤵
  PID:4048
- C:\Windows\System\nnqEZeH.exe
  C:\Windows\System\nnqEZeH.exe
  2⤵
  PID:536
- C:\Windows\System\radbekb.exe
  C:\Windows\System\radbekb.exe
  2⤵
  PID:3460
- C:\Windows\System\vGDqjYb.exe
  C:\Windows\System\vGDqjYb.exe
  2⤵
  PID:3232
- C:\Windows\System\VCLsiXf.exe
  C:\Windows\System\VCLsiXf.exe
  2⤵
  PID:2604
- C:\Windows\System\eTveGQL.exe
  C:\Windows\System\eTveGQL.exe
  2⤵
  PID:3428
- C:\Windows\System\XarRJqR.exe
  C:\Windows\System\XarRJqR.exe
  2⤵
  PID:3156
- C:\Windows\System\omYtWnf.exe
  C:\Windows\System\omYtWnf.exe
  2⤵
  PID:2664
- C:\Windows\System\AktiJVd.exe
  C:\Windows\System\AktiJVd.exe
  2⤵
  PID:3828
- C:\Windows\System\SBrLFev.exe
  C:\Windows\System\SBrLFev.exe
  2⤵
  PID:3840
- C:\Windows\System\kstnXzM.exe
  C:\Windows\System\kstnXzM.exe
  2⤵
  PID:2264
- C:\Windows\System\xtcRUBd.exe
  C:\Windows\System\xtcRUBd.exe
  2⤵
  PID:3344
- C:\Windows\System\awfhkqn.exe
  C:\Windows\System\awfhkqn.exe
  2⤵
  PID:3332
- C:\Windows\System\JMwIsPc.exe
  C:\Windows\System\JMwIsPc.exe
  2⤵
  PID:3796
- C:\Windows\System\cdOhVtz.exe
  C:\Windows\System\cdOhVtz.exe
  2⤵
  PID:3476
- C:\Windows\System\VKzRlph.exe
  C:\Windows\System\VKzRlph.exe
  2⤵
  PID:3640
- C:\Windows\System\wywcBIP.exe
  C:\Windows\System\wywcBIP.exe
  2⤵
  PID:4028
- C:\Windows\System\cPGEvjh.exe
  C:\Windows\System\cPGEvjh.exe
  2⤵
  PID:3104
- C:\Windows\System\hbyOBei.exe
  C:\Windows\System\hbyOBei.exe
  2⤵
  PID:3728
- C:\Windows\System\rBawUWp.exe
  C:\Windows\System\rBawUWp.exe
  2⤵
  PID:1792
- C:\Windows\System\PBJwyLw.exe
  C:\Windows\System\PBJwyLw.exe
  2⤵
  PID:268
- C:\Windows\System\NcMtVzd.exe
  C:\Windows\System\NcMtVzd.exe
  2⤵
  PID:3904
- C:\Windows\System\XueiSlB.exe
  C:\Windows\System\XueiSlB.exe
  2⤵
  PID:3680
- C:\Windows\System\xVZBLWf.exe
  C:\Windows\System\xVZBLWf.exe
  2⤵
  PID:3848
- C:\Windows\System\ZKidKta.exe
  C:\Windows\System\ZKidKta.exe
  2⤵
  PID:4076
- C:\Windows\System\rvgaMRV.exe
  C:\Windows\System\rvgaMRV.exe
  2⤵
  PID:3776
- C:\Windows\System\qVhKLoL.exe
  C:\Windows\System\qVhKLoL.exe
  2⤵
  PID:3824
- C:\Windows\System\NBfaZVO.exe
  C:\Windows\System\NBfaZVO.exe
  2⤵
  PID:3452
- C:\Windows\System\UJIOSdr.exe
  C:\Windows\System\UJIOSdr.exe
  2⤵
  PID:3572
- C:\Windows\System\yPovfRM.exe
  C:\Windows\System\yPovfRM.exe
  2⤵
  PID:3384
- C:\Windows\System\ZprqhpB.exe
  C:\Windows\System\ZprqhpB.exe
  2⤵
  PID:3664
- C:\Windows\System\PHpNEsE.exe
  C:\Windows\System\PHpNEsE.exe
  2⤵
  PID:3496
- C:\Windows\System\CbgQqbI.exe
  C:\Windows\System\CbgQqbI.exe
  2⤵
  PID:3856
- C:\Windows\System\YxVdzml.exe
  C:\Windows\System\YxVdzml.exe
  2⤵
  PID:3700
- C:\Windows\System\cvAgCVk.exe
  C:\Windows\System\cvAgCVk.exe
  2⤵
  PID:3352
- C:\Windows\System\FYLpKZC.exe
  C:\Windows\System\FYLpKZC.exe
  2⤵
  PID:2808
- C:\Windows\System\ZNUeMAR.exe
  C:\Windows\System\ZNUeMAR.exe
  2⤵
  PID:4112
- C:\Windows\System\SHwfoAX.exe
  C:\Windows\System\SHwfoAX.exe
  2⤵
  PID:4128
- C:\Windows\System\sWZPylY.exe
  C:\Windows\System\sWZPylY.exe
  2⤵
  PID:4144
- C:\Windows\System\YOmDgNw.exe
  C:\Windows\System\YOmDgNw.exe
  2⤵
  PID:4160
- C:\Windows\System\sKDXEMk.exe
  C:\Windows\System\sKDXEMk.exe
  2⤵
  PID:4184
- C:\Windows\System\lOTubAc.exe
  C:\Windows\System\lOTubAc.exe
  2⤵
  PID:4200
- C:\Windows\System\awnYscj.exe
  C:\Windows\System\awnYscj.exe
  2⤵
  PID:4216
- C:\Windows\System\fiGxjYY.exe
  C:\Windows\System\fiGxjYY.exe
  2⤵
  PID:4232
- C:\Windows\System\kCunUBM.exe
  C:\Windows\System\kCunUBM.exe
  2⤵
  PID:4248
- C:\Windows\System\AzTDgrW.exe
  C:\Windows\System\AzTDgrW.exe
  2⤵
  PID:4264
- C:\Windows\System\WlVBUpg.exe
  C:\Windows\System\WlVBUpg.exe
  2⤵
  PID:4280
- C:\Windows\System\pBBnCfi.exe
  C:\Windows\System\pBBnCfi.exe
  2⤵
  PID:4296
- C:\Windows\System\pSdfgjM.exe
  C:\Windows\System\pSdfgjM.exe
  2⤵
  PID:4312
- C:\Windows\System\BEbmnbt.exe
  C:\Windows\System\BEbmnbt.exe
  2⤵
  PID:4328
- C:\Windows\System\MkVztRd.exe
  C:\Windows\System\MkVztRd.exe
  2⤵
  PID:4344
- C:\Windows\System\WQcrlpa.exe
  C:\Windows\System\WQcrlpa.exe
  2⤵
  PID:4360
- C:\Windows\System\GQTXckG.exe
  C:\Windows\System\GQTXckG.exe
  2⤵
  PID:4376
- C:\Windows\System\ybXuijG.exe
  C:\Windows\System\ybXuijG.exe
  2⤵
  PID:4392
- C:\Windows\System\nkcjoWz.exe
  C:\Windows\System\nkcjoWz.exe
  2⤵
  PID:4408
- C:\Windows\System\CtdmIUt.exe
  C:\Windows\System\CtdmIUt.exe
  2⤵
  PID:4424
- C:\Windows\System\lochtiA.exe
  C:\Windows\System\lochtiA.exe
  2⤵
  PID:4456
- C:\Windows\System\GpdLDYn.exe
  C:\Windows\System\GpdLDYn.exe
  2⤵
  PID:4472
- C:\Windows\System\SelIKKk.exe
  C:\Windows\System\SelIKKk.exe
  2⤵
  PID:4488
- C:\Windows\System\LtqeRta.exe
  C:\Windows\System\LtqeRta.exe
  2⤵
  PID:4504
- C:\Windows\System\lOBoHUa.exe
  C:\Windows\System\lOBoHUa.exe
  2⤵
  PID:4520
- C:\Windows\System\DweFnnV.exe
  C:\Windows\System\DweFnnV.exe
  2⤵
  PID:4536
- C:\Windows\System\msmMsFC.exe
  C:\Windows\System\msmMsFC.exe
  2⤵
  PID:4552
- C:\Windows\System\hdGBEUL.exe
  C:\Windows\System\hdGBEUL.exe
  2⤵
  PID:4568
- C:\Windows\System\iKIEFHD.exe
  C:\Windows\System\iKIEFHD.exe
  2⤵
  PID:4584
- C:\Windows\System\oIzPPEK.exe
  C:\Windows\System\oIzPPEK.exe
  2⤵
  PID:4608
- C:\Windows\System\AnMfwDD.exe
  C:\Windows\System\AnMfwDD.exe
  2⤵
  PID:4624
- C:\Windows\System\GLKsVvm.exe
  C:\Windows\System\GLKsVvm.exe
  2⤵
  PID:4640
- C:\Windows\System\pmZuZAb.exe
  C:\Windows\System\pmZuZAb.exe
  2⤵
  PID:4656
- C:\Windows\System\gYYCvqd.exe
  C:\Windows\System\gYYCvqd.exe
  2⤵
  PID:4672
- C:\Windows\System\PXADYQm.exe
  C:\Windows\System\PXADYQm.exe
  2⤵
  PID:4688
- C:\Windows\System\Rykshrg.exe
  C:\Windows\System\Rykshrg.exe
  2⤵
  PID:4704
- C:\Windows\System\pyPlyHH.exe
  C:\Windows\System\pyPlyHH.exe
  2⤵
  PID:4720
- C:\Windows\System\rARclYq.exe
  C:\Windows\System\rARclYq.exe
  2⤵
  PID:4736
- C:\Windows\System\hYLpbGe.exe
  C:\Windows\System\hYLpbGe.exe
  2⤵
  PID:4752
- C:\Windows\System\RIMChAh.exe
  C:\Windows\System\RIMChAh.exe
  2⤵
  PID:4768
- C:\Windows\System\tSldTaY.exe
  C:\Windows\System\tSldTaY.exe
  2⤵
  PID:4784
- C:\Windows\System\UXvbzXI.exe
  C:\Windows\System\UXvbzXI.exe
  2⤵
  PID:4800
- C:\Windows\System\XEmEkid.exe
  C:\Windows\System\XEmEkid.exe
  2⤵
  PID:4816
- C:\Windows\System\DeKKjFc.exe
  C:\Windows\System\DeKKjFc.exe
  2⤵
  PID:4832
- C:\Windows\System\epamlyc.exe
  C:\Windows\System\epamlyc.exe
  2⤵
  PID:4848
- C:\Windows\System\TsqrTKa.exe
  C:\Windows\System\TsqrTKa.exe
  2⤵
  PID:4872
- C:\Windows\System\ycuOXep.exe
  C:\Windows\System\ycuOXep.exe
  2⤵
  PID:4912
- C:\Windows\System\tiIDcSq.exe
  C:\Windows\System\tiIDcSq.exe
  2⤵
  PID:4928
- C:\Windows\System\rvjCfKu.exe
  C:\Windows\System\rvjCfKu.exe
  2⤵
  PID:4944
- C:\Windows\System\jCGFyra.exe
  C:\Windows\System\jCGFyra.exe
  2⤵
  PID:4968
- C:\Windows\System\OPnnTpT.exe
  C:\Windows\System\OPnnTpT.exe
  2⤵
  PID:4984
- C:\Windows\System\KWqgmnD.exe
  C:\Windows\System\KWqgmnD.exe
  2⤵
  PID:5000
- C:\Windows\System\XktfKXs.exe
  C:\Windows\System\XktfKXs.exe
  2⤵
  PID:5016
- C:\Windows\System\tSLGciA.exe
  C:\Windows\System\tSLGciA.exe
  2⤵
  PID:5032
- C:\Windows\System\pHFMPdu.exe
  C:\Windows\System\pHFMPdu.exe
  2⤵
  PID:5048
- C:\Windows\System\mAUcxyl.exe
  C:\Windows\System\mAUcxyl.exe
  2⤵
  PID:5068
- C:\Windows\System\xvwNdCW.exe
  C:\Windows\System\xvwNdCW.exe
  2⤵
  PID:5088
- C:\Windows\System\URXdcdb.exe
  C:\Windows\System\URXdcdb.exe
  2⤵
  PID:5104
- C:\Windows\System\fhbWLsB.exe
  C:\Windows\System\fhbWLsB.exe
  2⤵
  PID:3744
- C:\Windows\System\nZCLOTH.exe
  C:\Windows\System\nZCLOTH.exe
  2⤵
  PID:4136
- C:\Windows\System\YMtkQRX.exe
  C:\Windows\System\YMtkQRX.exe
  2⤵
  PID:4168
- C:\Windows\System\TIVRmhR.exe
  C:\Windows\System\TIVRmhR.exe
  2⤵
  PID:4208
- C:\Windows\System\MzwLlRN.exe
  C:\Windows\System\MzwLlRN.exe
  2⤵
  PID:4224
- C:\Windows\System\lmbmeaP.exe
  C:\Windows\System\lmbmeaP.exe
  2⤵
  PID:4276
- C:\Windows\System\KWMXdXU.exe
  C:\Windows\System\KWMXdXU.exe
  2⤵
  PID:4416
- C:\Windows\System\YUiBGfz.exe
  C:\Windows\System\YUiBGfz.exe
  2⤵
  PID:4356
- C:\Windows\System\YCehnLN.exe
  C:\Windows\System\YCehnLN.exe
  2⤵
  PID:4304
- C:\Windows\System\ZCmQdxO.exe
  C:\Windows\System\ZCmQdxO.exe
  2⤵
  PID:4368
- C:\Windows\System\vWIfwou.exe
  C:\Windows\System\vWIfwou.exe
  2⤵
  PID:4436
- C:\Windows\System\njurxAm.exe
  C:\Windows\System\njurxAm.exe
  2⤵
  PID:4484
- C:\Windows\System\lVDmXRY.exe
  C:\Windows\System\lVDmXRY.exe
  2⤵
  PID:4544
- C:\Windows\System\vQukEqI.exe
  C:\Windows\System\vQukEqI.exe
  2⤵
  PID:4528
- C:\Windows\System\loTTPBH.exe
  C:\Windows\System\loTTPBH.exe
  2⤵
  PID:4496
- C:\Windows\System\IolWCZx.exe
  C:\Windows\System\IolWCZx.exe
  2⤵
  PID:4620
- C:\Windows\System\aguXKAg.exe
  C:\Windows\System\aguXKAg.exe
  2⤵
  PID:4636
- C:\Windows\System\lfvEHSt.exe
  C:\Windows\System\lfvEHSt.exe
  2⤵
  PID:4632
- C:\Windows\System\oEjDZuq.exe
  C:\Windows\System\oEjDZuq.exe
  2⤵
  PID:4716
- C:\Windows\System\qoSOqCK.exe
  C:\Windows\System\qoSOqCK.exe
  2⤵
  PID:4780
- C:\Windows\System\qSaiQGm.exe
  C:\Windows\System\qSaiQGm.exe
  2⤵
  PID:4844
- C:\Windows\System\aTsoXft.exe
  C:\Windows\System\aTsoXft.exe
  2⤵
  PID:4792
- C:\Windows\System\jqzlXZM.exe
  C:\Windows\System\jqzlXZM.exe
  2⤵
  PID:4856
- C:\Windows\System\wAOYMXl.exe
  C:\Windows\System\wAOYMXl.exe
  2⤵
  PID:4696
- C:\Windows\System\VcENhJt.exe
  C:\Windows\System\VcENhJt.exe
  2⤵
  PID:4868
- C:\Windows\System\wSaPgSe.exe
  C:\Windows\System\wSaPgSe.exe
  2⤵
  PID:4892
- C:\Windows\System\IcJUEvp.exe
  C:\Windows\System\IcJUEvp.exe
  2⤵
  PID:4952
- C:\Windows\System\RRiKdXZ.exe
  C:\Windows\System\RRiKdXZ.exe
  2⤵
  PID:5012
- C:\Windows\System\jKsbeOh.exe
  C:\Windows\System\jKsbeOh.exe
  2⤵
  PID:5076
- C:\Windows\System\PSbCRPp.exe
  C:\Windows\System\PSbCRPp.exe
  2⤵
  PID:5024
- C:\Windows\System\eUgJrYW.exe
  C:\Windows\System\eUgJrYW.exe
  2⤵
  PID:5116
- C:\Windows\System\AloUzej.exe
  C:\Windows\System\AloUzej.exe
  2⤵
  PID:4156
- C:\Windows\System\pRMTkxE.exe
  C:\Windows\System\pRMTkxE.exe
  2⤵
  PID:4400
- C:\Windows\System\LBCHtKa.exe
  C:\Windows\System\LBCHtKa.exe
  2⤵
  PID:5056
- C:\Windows\System\AbJCTpL.exe
  C:\Windows\System\AbJCTpL.exe
  2⤵
  PID:4288
- C:\Windows\System\qSrNCHP.exe
  C:\Windows\System\qSrNCHP.exe
  2⤵
  PID:4404
- C:\Windows\System\prkJdEC.exe
  C:\Windows\System\prkJdEC.exe
  2⤵
  PID:4120
- C:\Windows\System\ztUsEhG.exe
  C:\Windows\System\ztUsEhG.exe
  2⤵
  PID:4256
- C:\Windows\System\QorOwhg.exe
  C:\Windows\System\QorOwhg.exe
  2⤵
  PID:4452
- C:\Windows\System\ZVCqeaG.exe
  C:\Windows\System\ZVCqeaG.exe
  2⤵
  PID:4840
- C:\Windows\System\aVZXFKo.exe
  C:\Windows\System\aVZXFKo.exe
  2⤵
  PID:4864
- C:\Windows\System\dqVHLQD.exe
  C:\Windows\System\dqVHLQD.exe
  2⤵
  PID:4576
- C:\Windows\System\LUyZKjl.exe
  C:\Windows\System\LUyZKjl.exe
  2⤵
  PID:4600
- C:\Windows\System\CpxIpZv.exe
  C:\Windows\System\CpxIpZv.exe
  2⤵
  PID:4732
- C:\Windows\System\eHGPiii.exe
  C:\Windows\System\eHGPiii.exe
  2⤵
  PID:4884
- C:\Windows\System\gGgCmKd.exe
  C:\Windows\System\gGgCmKd.exe
  2⤵
  PID:4904
- C:\Windows\System\xCxLtVP.exe
  C:\Windows\System\xCxLtVP.exe
  2⤵
  PID:4992
- C:\Windows\System\CxEaIJf.exe
  C:\Windows\System\CxEaIJf.exe
  2⤵
  PID:4996
- C:\Windows\System\nFlWoKE.exe
  C:\Windows\System\nFlWoKE.exe
  2⤵
  PID:3652
- C:\Windows\System\YSOLTHK.exe
  C:\Windows\System\YSOLTHK.exe
  2⤵
  PID:5060
- C:\Windows\System\BPZQvWE.exe
  C:\Windows\System\BPZQvWE.exe
  2⤵
  PID:4124
- C:\Windows\System\ALEIquj.exe
  C:\Windows\System\ALEIquj.exe
  2⤵
  PID:4448
- C:\Windows\System\kJAQDUQ.exe
  C:\Windows\System\kJAQDUQ.exe
  2⤵
  PID:4824
- C:\Windows\System\amZElDU.exe
  C:\Windows\System\amZElDU.exe
  2⤵
  PID:4336
- C:\Windows\System\RuxPstu.exe
  C:\Windows\System\RuxPstu.exe
  2⤵
  PID:4592
- C:\Windows\System\uDBdhYX.exe
  C:\Windows\System\uDBdhYX.exe
  2⤵
  PID:4908
- C:\Windows\System\sWajEYK.exe
  C:\Windows\System\sWajEYK.exe
  2⤵
  PID:4960
- C:\Windows\System\QTwczKe.exe
  C:\Windows\System\QTwczKe.exe
  2⤵
  PID:4176
- C:\Windows\System\AOhbEDw.exe
  C:\Windows\System\AOhbEDw.exe
  2⤵
  PID:4920
- C:\Windows\System\OCCsMvh.exe
  C:\Windows\System\OCCsMvh.exe
  2⤵
  PID:4616
- C:\Windows\System\EcaEmrv.exe
  C:\Windows\System\EcaEmrv.exe
  2⤵
  PID:5100
- C:\Windows\System\OLceOHl.exe
  C:\Windows\System\OLceOHl.exe
  2⤵
  PID:5044
- C:\Windows\System\UYnLduC.exe
  C:\Windows\System\UYnLduC.exe
  2⤵
  PID:5084
- C:\Windows\System\HjowgfJ.exe
  C:\Windows\System\HjowgfJ.exe
  2⤵
  PID:4320
- C:\Windows\System\PfpFMWD.exe
  C:\Windows\System\PfpFMWD.exe
  2⤵
  PID:5136
- C:\Windows\System\vfVtebu.exe
  C:\Windows\System\vfVtebu.exe
  2⤵
  PID:5176
- C:\Windows\System\WlHIzYN.exe
  C:\Windows\System\WlHIzYN.exe
  2⤵
  PID:5216
- C:\Windows\System\wOhIsjO.exe
  C:\Windows\System\wOhIsjO.exe
  2⤵
  PID:5256
- C:\Windows\System\lnFqfDR.exe
  C:\Windows\System\lnFqfDR.exe
  2⤵
  PID:5272
- C:\Windows\System\XUnOGyB.exe
  C:\Windows\System\XUnOGyB.exe
  2⤵
  PID:5292
- C:\Windows\System\qBADOOw.exe
  C:\Windows\System\qBADOOw.exe
  2⤵
  PID:5312
- C:\Windows\System\tcMYvTp.exe
  C:\Windows\System\tcMYvTp.exe
  2⤵
  PID:5348
- C:\Windows\System\hUGDflT.exe
  C:\Windows\System\hUGDflT.exe
  2⤵
  PID:5368
- C:\Windows\System\alLafUD.exe
  C:\Windows\System\alLafUD.exe
  2⤵
  PID:5404
- C:\Windows\System\zmGknLD.exe
  C:\Windows\System\zmGknLD.exe
  2⤵
  PID:5424
- C:\Windows\System\PgoWvKZ.exe
  C:\Windows\System\PgoWvKZ.exe
  2⤵
  PID:5440
- C:\Windows\System\UqZokwo.exe
  C:\Windows\System\UqZokwo.exe
  2⤵
  PID:5456
- C:\Windows\System\ZVxIFIp.exe
  C:\Windows\System\ZVxIFIp.exe
  2⤵
  PID:5472
- C:\Windows\System\BOafpkO.exe
  C:\Windows\System\BOafpkO.exe
  2⤵
  PID:5636
- C:\Windows\System\RAkKiyY.exe
  C:\Windows\System\RAkKiyY.exe
  2⤵
  PID:5672
- C:\Windows\System\PWLoTSK.exe
  C:\Windows\System\PWLoTSK.exe
  2⤵
  PID:5768
- C:\Windows\System\JFGOCqS.exe
  C:\Windows\System\JFGOCqS.exe
  2⤵
  PID:6008
- C:\Windows\System\bheLsjs.exe
  C:\Windows\System\bheLsjs.exe
  2⤵
  PID:6024
- C:\Windows\System\OWMpSdd.exe
  C:\Windows\System\OWMpSdd.exe
  2⤵
  PID:6044
- C:\Windows\System\oqkSSpm.exe
  C:\Windows\System\oqkSSpm.exe
  2⤵
  PID:6068
- C:\Windows\System\zfzdRiO.exe
  C:\Windows\System\zfzdRiO.exe
  2⤵
  PID:6084
- C:\Windows\System\WHOtCCO.exe
  C:\Windows\System\WHOtCCO.exe
  2⤵
  PID:6100
- C:\Windows\System\vOJastU.exe
  C:\Windows\System\vOJastU.exe
  2⤵
  PID:6116
- C:\Windows\System\tqkamkd.exe
  C:\Windows\System\tqkamkd.exe
  2⤵
  PID:6132
- C:\Windows\System\OWxJeln.exe
  C:\Windows\System\OWxJeln.exe
  2⤵
  PID:4880
- C:\Windows\System\gHDENCt.exe
  C:\Windows\System\gHDENCt.exe
  2⤵
  PID:5132
- C:\Windows\System\HySMnqU.exe
  C:\Windows\System\HySMnqU.exe
  2⤵
  PID:5196
- C:\Windows\System\wNzWszW.exe
  C:\Windows\System\wNzWszW.exe
  2⤵
  PID:5212
- C:\Windows\System\eMXceEa.exe
  C:\Windows\System\eMXceEa.exe
  2⤵
  PID:5172
- C:\Windows\System\EXbgyAX.exe
  C:\Windows\System\EXbgyAX.exe
  2⤵
  PID:4668
- C:\Windows\System\wNsGGXA.exe
  C:\Windows\System\wNsGGXA.exe
  2⤵
  PID:5160
- C:\Windows\System\aIMcrGI.exe
  C:\Windows\System\aIMcrGI.exe
  2⤵
  PID:4444
- C:\Windows\System\RQfmFFY.exe
  C:\Windows\System\RQfmFFY.exe
  2⤵
  PID:5168
- C:\Windows\System\yMwEIin.exe
  C:\Windows\System\yMwEIin.exe
  2⤵
  PID:5252
- C:\Windows\System\mPmhods.exe
  C:\Windows\System\mPmhods.exe
  2⤵
  PID:5288
- C:\Windows\System\WmifgyY.exe
  C:\Windows\System\WmifgyY.exe
  2⤵
  PID:5340
- C:\Windows\System\OAwXmoG.exe
  C:\Windows\System\OAwXmoG.exe
  2⤵
  PID:5332
- C:\Windows\System\xQJxjyn.exe
  C:\Windows\System\xQJxjyn.exe
  2⤵
  PID:5392
- C:\Windows\System\rNtigrq.exe
  C:\Windows\System\rNtigrq.exe
  2⤵
  PID:5436
- C:\Windows\System\CJVmhgX.exe
  C:\Windows\System\CJVmhgX.exe
  2⤵
  PID:5464
- C:\Windows\System\eNzLOfR.exe
  C:\Windows\System\eNzLOfR.exe
  2⤵
  PID:1544
- C:\Windows\System\UZXGUEN.exe
  C:\Windows\System\UZXGUEN.exe
  2⤵
  PID:5492
- C:\Windows\System\ncFbylU.exe
  C:\Windows\System\ncFbylU.exe
  2⤵
  PID:5532
- C:\Windows\System\fyZdmYO.exe
  C:\Windows\System\fyZdmYO.exe
  2⤵
  PID:5528
- C:\Windows\System\dhiovEr.exe
  C:\Windows\System\dhiovEr.exe
  2⤵
  PID:5552
- C:\Windows\System\QwIHYsb.exe
  C:\Windows\System\QwIHYsb.exe
  2⤵
  PID:5568
- C:\Windows\System\dHayEcl.exe
  C:\Windows\System\dHayEcl.exe
  2⤵
  PID:5580
- C:\Windows\System\KfHiPmx.exe
  C:\Windows\System\KfHiPmx.exe
  2⤵
  PID:5604
- C:\Windows\System\OVPBlHD.exe
  C:\Windows\System\OVPBlHD.exe
  2⤵
  PID:5600
- C:\Windows\System\IoJWEYr.exe
  C:\Windows\System\IoJWEYr.exe
  2⤵
  PID:5632
- C:\Windows\System\TMGQGZa.exe
  C:\Windows\System\TMGQGZa.exe
  2⤵
  PID:5652
- C:\Windows\System\SirutIu.exe
  C:\Windows\System\SirutIu.exe
  2⤵
  PID:5656
- C:\Windows\System\JTCrJzv.exe
  C:\Windows\System\JTCrJzv.exe
  2⤵
  PID:5700
- C:\Windows\System\yzOzxXn.exe
  C:\Windows\System\yzOzxXn.exe
  2⤵
  PID:5716
- C:\Windows\System\xglieGj.exe
  C:\Windows\System\xglieGj.exe
  2⤵
  PID:5732
- C:\Windows\System\vHxSmSq.exe
  C:\Windows\System\vHxSmSq.exe
  2⤵
  PID:5748
- C:\Windows\System\CLjwmjx.exe
  C:\Windows\System\CLjwmjx.exe
  2⤵
  PID:5764
- C:\Windows\System\yblbklH.exe
  C:\Windows\System\yblbklH.exe
  2⤵
  PID:5804
- C:\Windows\System\IsLZZUH.exe
  C:\Windows\System\IsLZZUH.exe
  2⤵
  PID:5820
- C:\Windows\System\YYoHTfz.exe
  C:\Windows\System\YYoHTfz.exe
  2⤵
  PID:5832
- C:\Windows\System\bpvRqMS.exe
  C:\Windows\System\bpvRqMS.exe
  2⤵
  PID:5848
- C:\Windows\System\qeFngmj.exe
  C:\Windows\System\qeFngmj.exe
  2⤵
  PID:5840
- C:\Windows\System\ZlXfyWC.exe
  C:\Windows\System\ZlXfyWC.exe
  2⤵
  PID:5872
- C:\Windows\System\ufvuFwZ.exe
  C:\Windows\System\ufvuFwZ.exe
  2⤵
  PID:5892
- C:\Windows\System\vkAkZVo.exe
  C:\Windows\System\vkAkZVo.exe
  2⤵
  PID:5924
- C:\Windows\System\oZWZtZO.exe
  C:\Windows\System\oZWZtZO.exe
  2⤵
  PID:5908
- C:\Windows\System\oVDCvIc.exe
  C:\Windows\System\oVDCvIc.exe
  2⤵
  PID:5936
- C:\Windows\System\mSPmPGF.exe
  C:\Windows\System\mSPmPGF.exe
  2⤵
  PID:5940
- C:\Windows\System\QVNAXSt.exe
  C:\Windows\System\QVNAXSt.exe
  2⤵
  PID:6016
- C:\Windows\System\MqaBUQR.exe
  C:\Windows\System\MqaBUQR.exe
  2⤵
  PID:5964
- C:\Windows\System\DMbLJVT.exe
  C:\Windows\System\DMbLJVT.exe
  2⤵
  PID:5988
- C:\Windows\System\JHSbHTD.exe
  C:\Windows\System\JHSbHTD.exe
  2⤵
  PID:6000
- C:\Windows\System\HMqkknr.exe
  C:\Windows\System\HMqkknr.exe
  2⤵
  PID:6056
- C:\Windows\System\rRhVYbf.exe
  C:\Windows\System\rRhVYbf.exe
  2⤵
  PID:6096
- C:\Windows\System\xIpjVxR.exe
  C:\Windows\System\xIpjVxR.exe
  2⤵
  PID:4812
- C:\Windows\System\vjvvnAH.exe
  C:\Windows\System\vjvvnAH.exe
  2⤵
  PID:4324
- C:\Windows\System\VSXUDOP.exe
  C:\Windows\System\VSXUDOP.exe
  2⤵
  PID:5228
- C:\Windows\System\XTBRkiP.exe
  C:\Windows\System\XTBRkiP.exe
  2⤵
  PID:5304
- C:\Windows\System\RkdyVUu.exe
  C:\Windows\System\RkdyVUu.exe
  2⤵
  PID:5360
- C:\Windows\System\jdqINYZ.exe
  C:\Windows\System\jdqINYZ.exe
  2⤵
  PID:5468
- C:\Windows\System\xGJkTtj.exe
  C:\Windows\System\xGJkTtj.exe
  2⤵
  PID:6108
- C:\Windows\System\yvHdqFN.exe
  C:\Windows\System\yvHdqFN.exe
  2⤵
  PID:4652
- C:\Windows\System\wFqWJcw.exe
  C:\Windows\System\wFqWJcw.exe
  2⤵
  PID:5240
- C:\Windows\System\CTnTdpG.exe
  C:\Windows\System\CTnTdpG.exe
  2⤵
  PID:5724
- C:\Windows\System\nxyAAXI.exe
  C:\Windows\System\nxyAAXI.exe
  2⤵
  PID:5776
- C:\Windows\System\gNtwCWp.exe
  C:\Windows\System\gNtwCWp.exe
  2⤵
  PID:5828
- C:\Windows\System\SyChOEd.exe
  C:\Windows\System\SyChOEd.exe
  2⤵
  PID:5976
- C:\Windows\System\ANeqPDW.exe
  C:\Windows\System\ANeqPDW.exe
  2⤵
  PID:5884
- C:\Windows\System\LSwQeeX.exe
  C:\Windows\System\LSwQeeX.exe
  2⤵
  PID:5896
- C:\Windows\System\giXgwHT.exe
  C:\Windows\System\giXgwHT.exe
  2⤵
  PID:5984
- C:\Windows\System\alRgloo.exe
  C:\Windows\System\alRgloo.exe
  2⤵
  PID:5328
- C:\Windows\System\SDoncCq.exe
  C:\Windows\System\SDoncCq.exe
  2⤵
  PID:5388
- C:\Windows\System\CZGxaIX.exe
  C:\Windows\System\CZGxaIX.exe
  2⤵
  PID:6112
- C:\Windows\System\FABZWLg.exe
  C:\Windows\System\FABZWLg.exe
  2⤵
  PID:5188
- C:\Windows\System\ZcgGjtB.exe
  C:\Windows\System\ZcgGjtB.exe
  2⤵
  PID:5520
- C:\Windows\System\SkbBvZO.exe
  C:\Windows\System\SkbBvZO.exe
  2⤵
  PID:5572
- C:\Windows\System\nrpxuxG.exe
  C:\Windows\System\nrpxuxG.exe
  2⤵
  PID:5644
- C:\Windows\System\ggYgTwR.exe
  C:\Windows\System\ggYgTwR.exe
  2⤵
  PID:5560
- C:\Windows\System\xAIEDiH.exe
  C:\Windows\System\xAIEDiH.exe
  2⤵
  PID:5708
- C:\Windows\System\DCQVJSx.exe
  C:\Windows\System\DCQVJSx.exe
  2⤵
  PID:5844
- C:\Windows\System\olshhxM.exe
  C:\Windows\System\olshhxM.exe
  2⤵
  PID:5904
- C:\Windows\System\smNLDeT.exe
  C:\Windows\System\smNLDeT.exe
  2⤵
  PID:5744
- C:\Windows\System\xJVgTiV.exe
  C:\Windows\System\xJVgTiV.exe
  2⤵
  PID:5860
- C:\Windows\System\ZjsTdmb.exe
  C:\Windows\System\ZjsTdmb.exe
  2⤵
  PID:5980
- C:\Windows\System\PQtgMMH.exe
  C:\Windows\System\PQtgMMH.exe
  2⤵
  PID:5968
- C:\Windows\System\uqEsXvx.exe
  C:\Windows\System\uqEsXvx.exe
  2⤵
  PID:4564
- C:\Windows\System\OAgIWez.exe
  C:\Windows\System\OAgIWez.exe
  2⤵
  PID:5448
- C:\Windows\System\UwmlQnA.exe
  C:\Windows\System\UwmlQnA.exe
  2⤵
  PID:5500
- C:\Windows\System\cJcYcKy.exe
  C:\Windows\System\cJcYcKy.exe
  2⤵
  PID:5668
- C:\Windows\System\pPCnyPk.exe
  C:\Windows\System\pPCnyPk.exe
  2⤵
  PID:6064
- C:\Windows\System\DFdjhVK.exe
  C:\Windows\System\DFdjhVK.exe
  2⤵
  PID:5680
- C:\Windows\System\nTYZbOu.exe
  C:\Windows\System\nTYZbOu.exe
  2⤵
  PID:6160
- C:\Windows\System\JUxjJIL.exe
  C:\Windows\System\JUxjJIL.exe
  2⤵
  PID:6176
- C:\Windows\System\flqemHh.exe
  C:\Windows\System\flqemHh.exe
  2⤵
  PID:6192
- C:\Windows\System\wCrDFfa.exe
  C:\Windows\System\wCrDFfa.exe
  2⤵
  PID:6208
- C:\Windows\System\UuvVyNK.exe
  C:\Windows\System\UuvVyNK.exe
  2⤵
  PID:6224
- C:\Windows\System\qZmKKLb.exe
  C:\Windows\System\qZmKKLb.exe
  2⤵
  PID:6240
- C:\Windows\System\sOeNDNV.exe
  C:\Windows\System\sOeNDNV.exe
  2⤵
  PID:6256
- C:\Windows\System\AtzoJWS.exe
  C:\Windows\System\AtzoJWS.exe
  2⤵
  PID:6272
- C:\Windows\System\MVnvLlA.exe
  C:\Windows\System\MVnvLlA.exe
  2⤵
  PID:6288
- C:\Windows\System\bzURXpa.exe
  C:\Windows\System\bzURXpa.exe
  2⤵
  PID:6304
- C:\Windows\System\wsTwWsu.exe
  C:\Windows\System\wsTwWsu.exe
  2⤵
  PID:6320
- C:\Windows\System\dEYtFUq.exe
  C:\Windows\System\dEYtFUq.exe
  2⤵
  PID:6336
- C:\Windows\System\XJLQOVb.exe
  C:\Windows\System\XJLQOVb.exe
  2⤵
  PID:6352
- C:\Windows\System\TQWgGBE.exe
  C:\Windows\System\TQWgGBE.exe
  2⤵
  PID:6372
- C:\Windows\System\tKqCcFm.exe
  C:\Windows\System\tKqCcFm.exe
  2⤵
  PID:6392
- C:\Windows\System\kCybSXq.exe
  C:\Windows\System\kCybSXq.exe
  2⤵
  PID:6408
- C:\Windows\System\icgtDKZ.exe
  C:\Windows\System\icgtDKZ.exe
  2⤵
  PID:6424
- C:\Windows\System\PJdMixJ.exe
  C:\Windows\System\PJdMixJ.exe
  2⤵
  PID:6440
- C:\Windows\System\Ghnvhoa.exe
  C:\Windows\System\Ghnvhoa.exe
  2⤵
  PID:6460
- C:\Windows\System\athapeg.exe
  C:\Windows\System\athapeg.exe
  2⤵
  PID:6476
- C:\Windows\System\rlinZCr.exe
  C:\Windows\System\rlinZCr.exe
  2⤵
  PID:6492
- C:\Windows\System\yfqxbCR.exe
  C:\Windows\System\yfqxbCR.exe
  2⤵
  PID:6508
- C:\Windows\System\AIkGZCw.exe
  C:\Windows\System\AIkGZCw.exe
  2⤵
  PID:6524
- C:\Windows\System\VgUuqQY.exe
  C:\Windows\System\VgUuqQY.exe
  2⤵
  PID:6540
- C:\Windows\System\jPQGzgn.exe
  C:\Windows\System\jPQGzgn.exe
  2⤵
  PID:6556
- C:\Windows\System\zTRfGhu.exe
  C:\Windows\System\zTRfGhu.exe
  2⤵
  PID:6572
- C:\Windows\System\vwNLjtD.exe
  C:\Windows\System\vwNLjtD.exe
  2⤵
  PID:6588
- C:\Windows\System\JRZAQrW.exe
  C:\Windows\System\JRZAQrW.exe
  2⤵
  PID:6604
- C:\Windows\System\eDnblLF.exe
  C:\Windows\System\eDnblLF.exe
  2⤵
  PID:6620
- C:\Windows\System\LmYCkHz.exe
  C:\Windows\System\LmYCkHz.exe
  2⤵
  PID:6636
- C:\Windows\System\PdHdfBY.exe
  C:\Windows\System\PdHdfBY.exe
  2⤵
  PID:6652
- C:\Windows\System\yjiDmnj.exe
  C:\Windows\System\yjiDmnj.exe
  2⤵
  PID:6668
- C:\Windows\System\ZxVaOFF.exe
  C:\Windows\System\ZxVaOFF.exe
  2⤵
  PID:6684
- C:\Windows\System\pfiPygP.exe
  C:\Windows\System\pfiPygP.exe
  2⤵
  PID:6700
- C:\Windows\System\NohGhqB.exe
  C:\Windows\System\NohGhqB.exe
  2⤵
  PID:6716
- C:\Windows\System\ICemtSd.exe
  C:\Windows\System\ICemtSd.exe
  2⤵
  PID:6732
- C:\Windows\System\YPsoDXc.exe
  C:\Windows\System\YPsoDXc.exe
  2⤵
  PID:6748
- C:\Windows\System\xoPprpr.exe
  C:\Windows\System\xoPprpr.exe
  2⤵
  PID:6764
- C:\Windows\System\nsuudSe.exe
  C:\Windows\System\nsuudSe.exe
  2⤵
  PID:6780
- C:\Windows\System\xzkhKRx.exe
  C:\Windows\System\xzkhKRx.exe
  2⤵
  PID:6808
- C:\Windows\System\IGTcFRM.exe
  C:\Windows\System\IGTcFRM.exe
  2⤵
  PID:6824
- C:\Windows\System\hdlDkdK.exe
  C:\Windows\System\hdlDkdK.exe
  2⤵
  PID:6848
- C:\Windows\System\MBjtCdq.exe
  C:\Windows\System\MBjtCdq.exe
  2⤵
  PID:6864
- C:\Windows\System\IKTDwCW.exe
  C:\Windows\System\IKTDwCW.exe
  2⤵
  PID:6884
- C:\Windows\System\LpaTqbF.exe
  C:\Windows\System\LpaTqbF.exe
  2⤵
  PID:6904
- C:\Windows\System\dmPFuNm.exe
  C:\Windows\System\dmPFuNm.exe
  2⤵
  PID:6924
- C:\Windows\System\zHhCCzz.exe
  C:\Windows\System\zHhCCzz.exe
  2⤵
  PID:6940
- C:\Windows\System\uQimjxh.exe
  C:\Windows\System\uQimjxh.exe
  2⤵
  PID:6964
- C:\Windows\System\XCGUCJs.exe
  C:\Windows\System\XCGUCJs.exe
  2⤵
  PID:6984
- C:\Windows\System\yqwlawW.exe
  C:\Windows\System\yqwlawW.exe
  2⤵
  PID:7000
- C:\Windows\System\ekAXIHf.exe
  C:\Windows\System\ekAXIHf.exe
  2⤵
  PID:7020
- C:\Windows\System\yMRJqvP.exe
  C:\Windows\System\yMRJqvP.exe
  2⤵
  PID:7036
- C:\Windows\System\ghMgULR.exe
  C:\Windows\System\ghMgULR.exe
  2⤵
  PID:7076
- C:\Windows\System\jQbdfXs.exe
  C:\Windows\System\jQbdfXs.exe
  2⤵
  PID:7092
- C:\Windows\System\hBgrqyg.exe
  C:\Windows\System\hBgrqyg.exe
  2⤵
  PID:7108
- C:\Windows\System\HAeSJuv.exe
  C:\Windows\System\HAeSJuv.exe
  2⤵
  PID:7124
- C:\Windows\System\aHyLafk.exe
  C:\Windows\System\aHyLafk.exe
  2⤵
  PID:7144
- C:\Windows\System\ciehHWg.exe
  C:\Windows\System\ciehHWg.exe
  2⤵
  PID:7160
- C:\Windows\System\gWDKlMk.exe
  C:\Windows\System\gWDKlMk.exe
  2⤵
  PID:6200
- C:\Windows\System\DymPreG.exe
  C:\Windows\System\DymPreG.exe
  2⤵
  PID:6232
- C:\Windows\System\CLZhBkK.exe
  C:\Windows\System\CLZhBkK.exe
  2⤵
  PID:6300
- C:\Windows\System\NUAoirC.exe
  C:\Windows\System\NUAoirC.exe
  2⤵
  PID:5900
- C:\Windows\System\lMUVVlm.exe
  C:\Windows\System\lMUVVlm.exe
  2⤵
  PID:6252
- C:\Windows\System\qyJMFPn.exe
  C:\Windows\System\qyJMFPn.exe
  2⤵
  PID:5384
- C:\Windows\System\yQhrjxJ.exe
  C:\Windows\System\yQhrjxJ.exe
  2⤵
  PID:6036
- C:\Windows\System\DLFSPyC.exe
  C:\Windows\System\DLFSPyC.exe
  2⤵
  PID:5616
- C:\Windows\System\TGwWywD.exe
  C:\Windows\System\TGwWywD.exe
  2⤵
  PID:5756
- C:\Windows\System\zebkJhP.exe
  C:\Windows\System\zebkJhP.exe
  2⤵
  PID:5796
- C:\Windows\System\uKQQsgq.exe
  C:\Windows\System\uKQQsgq.exe
  2⤵
  PID:5420
- C:\Windows\System\pNVbymV.exe
  C:\Windows\System\pNVbymV.exe
  2⤵
  PID:6384
- C:\Windows\System\xXhqYbY.exe
  C:\Windows\System\xXhqYbY.exe
  2⤵
  PID:6420
- C:\Windows\System\zVdKOUQ.exe
  C:\Windows\System\zVdKOUQ.exe
  2⤵
  PID:6416
- C:\Windows\System\AdASQfm.exe
  C:\Windows\System\AdASQfm.exe
  2⤵
  PID:6448
- C:\Windows\System\BSZWqoH.exe
  C:\Windows\System\BSZWqoH.exe
  2⤵
  PID:6596
- C:\Windows\System\ekWxnZj.exe
  C:\Windows\System\ekWxnZj.exe
  2⤵
  PID:6452
- C:\Windows\System\QJfbiIJ.exe
  C:\Windows\System\QJfbiIJ.exe
  2⤵
  PID:6484
- C:\Windows\System\axgpzAt.exe
  C:\Windows\System\axgpzAt.exe
  2⤵
  PID:6516
- C:\Windows\System\wkbJLxw.exe
  C:\Windows\System\wkbJLxw.exe
  2⤵
  PID:6612
- C:\Windows\System\XvOckQp.exe
  C:\Windows\System\XvOckQp.exe
  2⤵
  PID:6676
- C:\Windows\System\XHCTheB.exe
  C:\Windows\System\XHCTheB.exe
  2⤵
  PID:6712
- C:\Windows\System\pXsThjG.exe
  C:\Windows\System\pXsThjG.exe
  2⤵
  PID:6776
- C:\Windows\System\zGzoAKR.exe
  C:\Windows\System\zGzoAKR.exe
  2⤵
  PID:6804
- C:\Windows\System\wVkBDVd.exe
  C:\Windows\System\wVkBDVd.exe
  2⤵
  PID:6872
- C:\Windows\System\VgmhojQ.exe
  C:\Windows\System\VgmhojQ.exe
  2⤵
  PID:6916
- C:\Windows\System\hojFhYd.exe
  C:\Windows\System\hojFhYd.exe
  2⤵
  PID:6956
- C:\Windows\System\LeHNERz.exe
  C:\Windows\System\LeHNERz.exe
  2⤵
  PID:6856
- C:\Windows\System\zcRSbsj.exe
  C:\Windows\System\zcRSbsj.exe
  2⤵
  PID:6892
- C:\Windows\System\nDSuVqb.exe
  C:\Windows\System\nDSuVqb.exe
  2⤵
  PID:7012
- C:\Windows\System\nhyPQdN.exe
  C:\Windows\System\nhyPQdN.exe
  2⤵
  PID:7072
- C:\Windows\System\xJKOPEM.exe
  C:\Windows\System\xJKOPEM.exe
  2⤵
  PID:7140
- C:\Windows\System\fWXRkUx.exe
  C:\Windows\System\fWXRkUx.exe
  2⤵
  PID:6168
- C:\Windows\System\HLJzGxs.exe
  C:\Windows\System\HLJzGxs.exe
  2⤵
  PID:5524
- C:\Windows\System\iXYbkqv.exe
  C:\Windows\System\iXYbkqv.exe
  2⤵
  PID:6296
- C:\Windows\System\fHMqGcr.exe
  C:\Windows\System\fHMqGcr.exe
  2⤵
  PID:5816
- C:\Windows\System\lZggBvj.exe
  C:\Windows\System\lZggBvj.exe
  2⤵
  PID:5956
- C:\Windows\System\vuxdMAf.exe
  C:\Windows\System\vuxdMAf.exe
  2⤵
  PID:6328
- C:\Windows\System\FbPXgGK.exe
  C:\Windows\System\FbPXgGK.exe
  2⤵
  PID:6152
- C:\Windows\System\OzAWcyS.exe
  C:\Windows\System\OzAWcyS.exe
  2⤵
  PID:6348
- C:\Windows\System\wYbNTjA.exe
  C:\Windows\System\wYbNTjA.exe
  2⤵
  PID:6564
- C:\Windows\System\bdCRFEq.exe
  C:\Windows\System\bdCRFEq.exe
  2⤵
  PID:5996
- C:\Windows\System\beGpGHV.exe
  C:\Windows\System\beGpGHV.exe
  2⤵
  PID:6216
- C:\Windows\System\BVvJJCy.exe
  C:\Windows\System\BVvJJCy.exe
  2⤵
  PID:6500
- C:\Windows\System\lyXmFOo.exe
  C:\Windows\System\lyXmFOo.exe
  2⤵
  PID:6628
- C:\Windows\System\AnjlwMd.exe
  C:\Windows\System\AnjlwMd.exe
  2⤵
  PID:6580
- C:\Windows\System\DxQlCDv.exe
  C:\Windows\System\DxQlCDv.exe
  2⤵
  PID:6680
- C:\Windows\System\gRPKVeA.exe
  C:\Windows\System\gRPKVeA.exe
  2⤵
  PID:6756
- C:\Windows\System\wzhPtFT.exe
  C:\Windows\System\wzhPtFT.exe
  2⤵
  PID:6912
- C:\Windows\System\wAIpWgI.exe
  C:\Windows\System\wAIpWgI.exe
  2⤵
  PID:6744
- C:\Windows\System\JThFuJf.exe
  C:\Windows\System\JThFuJf.exe
  2⤵
  PID:6816
- C:\Windows\System\liJbzZG.exe
  C:\Windows\System\liJbzZG.exe
  2⤵
  PID:6952
- C:\Windows\System\wbRgORn.exe
  C:\Windows\System\wbRgORn.exe
  2⤵
  PID:6996
- C:\Windows\System\vGZTYPH.exe
  C:\Windows\System\vGZTYPH.exe
  2⤵
  PID:7008
- C:\Windows\System\rCXhecX.exe
  C:\Windows\System\rCXhecX.exe
  2⤵
  PID:7048
- C:\Windows\System\gQgdcbC.exe
  C:\Windows\System\gQgdcbC.exe
  2⤵
  PID:7088
- C:\Windows\System\sgWMLMs.exe
  C:\Windows\System\sgWMLMs.exe
  2⤵
  PID:7104
- C:\Windows\System\JpOSFMM.exe
  C:\Windows\System\JpOSFMM.exe
  2⤵
  PID:7136
- C:\Windows\System\FjhsByY.exe
  C:\Windows\System\FjhsByY.exe
  2⤵
  PID:6268
- C:\Windows\System\lteUags.exe
  C:\Windows\System\lteUags.exe
  2⤵
  PID:6264
- C:\Windows\System\cxjiCdK.exe
  C:\Windows\System\cxjiCdK.exe
  2⤵
  PID:5400
- C:\Windows\System\VHsANIN.exe
  C:\Windows\System\VHsANIN.exe
  2⤵
  PID:6380
- C:\Windows\System\SMjaeQW.exe
  C:\Windows\System\SMjaeQW.exe
  2⤵
  PID:6536
- C:\Windows\System\BQrjJOM.exe
  C:\Windows\System\BQrjJOM.exe
  2⤵
  PID:6436
- C:\Windows\System\mvrNuqO.exe
  C:\Windows\System\mvrNuqO.exe
  2⤵
  PID:6552
- C:\Windows\System\GxHWnRb.exe
  C:\Windows\System\GxHWnRb.exe
  2⤵
  PID:6840
- C:\Windows\System\vUoBDeH.exe
  C:\Windows\System\vUoBDeH.exe
  2⤵
  PID:6796
- C:\Windows\System\kUcGbEb.exe
  C:\Windows\System\kUcGbEb.exe
  2⤵
  PID:6772
- C:\Windows\System\qfhRUey.exe
  C:\Windows\System\qfhRUey.exe
  2⤵
  PID:6860
- C:\Windows\System\NnWuvzm.exe
  C:\Windows\System\NnWuvzm.exe
  2⤵
  PID:7044
- C:\Windows\System\TrYryMw.exe
  C:\Windows\System\TrYryMw.exe
  2⤵
  PID:7100
- C:\Windows\System\dJRyITx.exe
  C:\Windows\System\dJRyITx.exe
  2⤵
  PID:5608
- C:\Windows\System\iyTeVfb.exe
  C:\Windows\System\iyTeVfb.exe
  2⤵
  PID:6312
- C:\Windows\System\AnjYtzh.exe
  C:\Windows\System\AnjYtzh.exe
  2⤵
  PID:5780
- C:\Windows\System\RFOgJMF.exe
  C:\Windows\System\RFOgJMF.exe
  2⤵
  PID:6660
- C:\Windows\System\yXnKLhf.exe
  C:\Windows\System\yXnKLhf.exe
  2⤵
  PID:6880
- C:\Windows\System\QFoaiVw.exe
  C:\Windows\System\QFoaiVw.exe
  2⤵
  PID:6948
- C:\Windows\System\mJFwpcN.exe
  C:\Windows\System\mJFwpcN.exe
  2⤵
  PID:7084
- C:\Windows\System\yaMpGsq.exe
  C:\Windows\System\yaMpGsq.exe
  2⤵
  PID:5548
- C:\Windows\System\QBLYEpy.exe
  C:\Windows\System\QBLYEpy.exe
  2⤵
  PID:6728
- C:\Windows\System\AAfPpYA.exe
  C:\Windows\System\AAfPpYA.exe
  2⤵
  PID:6432
- C:\Windows\System\oMuMqfH.exe
  C:\Windows\System\oMuMqfH.exe
  2⤵
  PID:7152
- C:\Windows\System\CopTOtX.exe
  C:\Windows\System\CopTOtX.exe
  2⤵
  PID:6696
- C:\Windows\System\IPEgToE.exe
  C:\Windows\System\IPEgToE.exe
  2⤵
  PID:7180
- C:\Windows\System\jqGMYnS.exe
  C:\Windows\System\jqGMYnS.exe
  2⤵
  PID:7196
- C:\Windows\System\qMEkNrL.exe
  C:\Windows\System\qMEkNrL.exe
  2⤵
  PID:7212
- C:\Windows\System\NrvwnIc.exe
  C:\Windows\System\NrvwnIc.exe
  2⤵
  PID:7240
- C:\Windows\System\YeJVJwx.exe
  C:\Windows\System\YeJVJwx.exe
  2⤵
  PID:7256
- C:\Windows\System\nsTonXE.exe
  C:\Windows\System\nsTonXE.exe
  2⤵
  PID:7272
- C:\Windows\System\zbyvvcp.exe
  C:\Windows\System\zbyvvcp.exe
  2⤵
  PID:7288
- C:\Windows\System\aCYXzcy.exe
  C:\Windows\System\aCYXzcy.exe
  2⤵
  PID:7312
- C:\Windows\System\qDffVQG.exe
  C:\Windows\System\qDffVQG.exe
  2⤵
  PID:7336
- C:\Windows\System\XhNQcBb.exe
  C:\Windows\System\XhNQcBb.exe
  2⤵
  PID:7368
- C:\Windows\System\hixPiNm.exe
  C:\Windows\System\hixPiNm.exe
  2⤵
  PID:7396
- C:\Windows\System\dpTDVek.exe
  C:\Windows\System\dpTDVek.exe
  2⤵
  PID:7412
- C:\Windows\System\mHkXWZi.exe
  C:\Windows\System\mHkXWZi.exe
  2⤵
  PID:7428
- C:\Windows\System\zMhxXxv.exe
  C:\Windows\System\zMhxXxv.exe
  2⤵
  PID:7444
- C:\Windows\System\IcMoViY.exe
  C:\Windows\System\IcMoViY.exe
  2⤵
  PID:7464
- C:\Windows\System\OaGwKUn.exe
  C:\Windows\System\OaGwKUn.exe
  2⤵
  PID:7500
- C:\Windows\System\BagGrBp.exe
  C:\Windows\System\BagGrBp.exe
  2⤵
  PID:7640
- C:\Windows\System\yKRqcUb.exe
  C:\Windows\System\yKRqcUb.exe
  2⤵
  PID:7668
- C:\Windows\System\ggBzpDq.exe
  C:\Windows\System\ggBzpDq.exe
  2⤵
  PID:7700
- C:\Windows\System\UzAGWvU.exe
  C:\Windows\System\UzAGWvU.exe
  2⤵
  PID:7716
- C:\Windows\System\ewbmjVw.exe
  C:\Windows\System\ewbmjVw.exe
  2⤵
  PID:7736
- C:\Windows\System\MxDbuDq.exe
  C:\Windows\System\MxDbuDq.exe
  2⤵
  PID:7760
- C:\Windows\System\LZNaxmp.exe
  C:\Windows\System\LZNaxmp.exe
  2⤵
  PID:7780
- C:\Windows\System\JasHswO.exe
  C:\Windows\System\JasHswO.exe
  2⤵
  PID:7812
- C:\Windows\System\wMzswjM.exe
  C:\Windows\System\wMzswjM.exe
  2⤵
  PID:7832
- C:\Windows\System\xgfBUtu.exe
  C:\Windows\System\xgfBUtu.exe
  2⤵
  PID:7860
- C:\Windows\System\nfbOtEE.exe
  C:\Windows\System\nfbOtEE.exe
  2⤵
  PID:7876
- C:\Windows\System\wtDZoMv.exe
  C:\Windows\System\wtDZoMv.exe
  2⤵
  PID:7900
- C:\Windows\System\moqzbMJ.exe
  C:\Windows\System\moqzbMJ.exe
  2⤵
  PID:7920
- C:\Windows\System\UBYFPiP.exe
  C:\Windows\System\UBYFPiP.exe
  2⤵
  PID:7936
- C:\Windows\System\aTJVVFg.exe
  C:\Windows\System\aTJVVFg.exe
  2⤵
  PID:7952
- C:\Windows\System\KdRPotg.exe
  C:\Windows\System\KdRPotg.exe
  2⤵
  PID:7968
- C:\Windows\System\QnFgQUf.exe
  C:\Windows\System\QnFgQUf.exe
  2⤵
  PID:7984
- C:\Windows\System\bZUSusB.exe
  C:\Windows\System\bZUSusB.exe
  2⤵
  PID:8008
- C:\Windows\System\oZJIDut.exe
  C:\Windows\System\oZJIDut.exe
  2⤵
  PID:8024
- C:\Windows\System\grMBSXc.exe
  C:\Windows\System\grMBSXc.exe
  2⤵
  PID:8040
- C:\Windows\System\bOOGYZB.exe
  C:\Windows\System\bOOGYZB.exe
  2⤵
  PID:8056
- C:\Windows\System\rTmpYPQ.exe
  C:\Windows\System\rTmpYPQ.exe
  2⤵
  PID:8072
- C:\Windows\System\qPBhsRy.exe
  C:\Windows\System\qPBhsRy.exe
  2⤵
  PID:8096
- C:\Windows\System\XtXdoTK.exe
  C:\Windows\System\XtXdoTK.exe
  2⤵
  PID:8112
- C:\Windows\System\lbzhFFV.exe
  C:\Windows\System\lbzhFFV.exe
  2⤵
  PID:8128
- C:\Windows\System\qUsQGMt.exe
  C:\Windows\System\qUsQGMt.exe
  2⤵
  PID:8148
- C:\Windows\System\vmsbfgF.exe
  C:\Windows\System\vmsbfgF.exe
  2⤵
  PID:8168
- C:\Windows\System\TykrHUy.exe
  C:\Windows\System\TykrHUy.exe
  2⤵
  PID:8184
- C:\Windows\System\KaJlJAD.exe
  C:\Windows\System\KaJlJAD.exe
  2⤵
  PID:7032
- C:\Windows\System\EGAcAeT.exe
  C:\Windows\System\EGAcAeT.exe
  2⤵
  PID:7248
- C:\Windows\System\oqXTkAR.exe
  C:\Windows\System\oqXTkAR.exe
  2⤵
  PID:7296
- C:\Windows\System\hGEngSH.exe
  C:\Windows\System\hGEngSH.exe
  2⤵
  PID:7308
- C:\Windows\System\ZhPGpEV.exe
  C:\Windows\System\ZhPGpEV.exe
  2⤵
  PID:7328
- C:\Windows\System\JHQYjYu.exe
  C:\Windows\System\JHQYjYu.exe
  2⤵
  PID:7384
- C:\Windows\System\ALxJPxd.exe
  C:\Windows\System\ALxJPxd.exe
  2⤵
  PID:7420
- C:\Windows\System\SYvKSTd.exe
  C:\Windows\System\SYvKSTd.exe
  2⤵
  PID:7508
- C:\Windows\System\cvHSKFL.exe
  C:\Windows\System\cvHSKFL.exe
  2⤵
  PID:7360
- C:\Windows\System\NfHYufb.exe
  C:\Windows\System\NfHYufb.exe
  2⤵
  PID:7472
- C:\Windows\System\QyNelgJ.exe
  C:\Windows\System\QyNelgJ.exe
  2⤵
  PID:7480
- C:\Windows\System\XcBkQzQ.exe
  C:\Windows\System\XcBkQzQ.exe
  2⤵
  PID:7532
- C:\Windows\System\Knkoogn.exe
  C:\Windows\System\Knkoogn.exe
  2⤵
  PID:7436
- C:\Windows\System\RgJAkam.exe
  C:\Windows\System\RgJAkam.exe
  2⤵
  PID:7548
- C:\Windows\System\ttmEPZB.exe
  C:\Windows\System\ttmEPZB.exe
  2⤵
  PID:7564
- C:\Windows\System\VJnSoie.exe
  C:\Windows\System\VJnSoie.exe
  2⤵
  PID:7580
- C:\Windows\System\ikzPjgZ.exe
  C:\Windows\System\ikzPjgZ.exe
  2⤵
  PID:7600
- C:\Windows\System\aEYCqgI.exe
  C:\Windows\System\aEYCqgI.exe
  2⤵
  PID:7620
- C:\Windows\System\zZIQzeJ.exe
  C:\Windows\System\zZIQzeJ.exe
  2⤵
  PID:7656
- C:\Windows\System\awMlLcI.exe
  C:\Windows\System\awMlLcI.exe
  2⤵
  PID:7676
- C:\Windows\System\ijPHcES.exe
  C:\Windows\System\ijPHcES.exe
  2⤵
  PID:7684
- C:\Windows\System\ZfIPAlg.exe
  C:\Windows\System\ZfIPAlg.exe
  2⤵
  PID:7768
- C:\Windows\System\JUGqnBZ.exe
  C:\Windows\System\JUGqnBZ.exe
  2⤵
  PID:7824
- C:\Windows\System\wZmgZUT.exe
  C:\Windows\System\wZmgZUT.exe
  2⤵
  PID:7756
- C:\Windows\System\MaVOsZP.exe
  C:\Windows\System\MaVOsZP.exe
  2⤵
  PID:7748
- C:\Windows\System\pnrXFyd.exe
  C:\Windows\System\pnrXFyd.exe
  2⤵
  PID:7796
- C:\Windows\System\LRtriso.exe
  C:\Windows\System\LRtriso.exe
  2⤵
  PID:7852
- C:\Windows\System\XMvZjSm.exe
  C:\Windows\System\XMvZjSm.exe
  2⤵
  PID:7884
- C:\Windows\System\jKGAOym.exe
  C:\Windows\System\jKGAOym.exe
  2⤵
  PID:7948
- C:\Windows\System\lYktOaN.exe
  C:\Windows\System\lYktOaN.exe
  2⤵
  PID:7992
- C:\Windows\System\gMdNBNN.exe
  C:\Windows\System\gMdNBNN.exe
  2⤵
  PID:7932
- C:\Windows\System\WHzqVSs.exe
  C:\Windows\System\WHzqVSs.exe
  2⤵
  PID:8080
- C:\Windows\System\PlHTbXK.exe
  C:\Windows\System\PlHTbXK.exe
  2⤵
  PID:8164
- C:\Windows\System\LOxMIUT.exe
  C:\Windows\System\LOxMIUT.exe
  2⤵
  PID:8000
- C:\Windows\System\KGhMkTA.exe
  C:\Windows\System\KGhMkTA.exe
  2⤵
  PID:6932
- C:\Windows\System\RKItCzv.exe
  C:\Windows\System\RKItCzv.exe
  2⤵
  PID:7388
- C:\Windows\System\xOGYdJY.exe
  C:\Windows\System\xOGYdJY.exe
  2⤵
  PID:7352
- C:\Windows\System\ERYrIRg.exe
  C:\Windows\System\ERYrIRg.exe
  2⤵
  PID:7520
- C:\Windows\System\hnyCQXo.exe
  C:\Windows\System\hnyCQXo.exe
  2⤵
  PID:8180
- C:\Windows\System\MRkocnE.exe
  C:\Windows\System\MRkocnE.exe
  2⤵
  PID:7344
- C:\Windows\System\LjIPVqN.exe
  C:\Windows\System\LjIPVqN.exe
  2⤵
  PID:8032
- C:\Windows\System\XEgHkUD.exe
  C:\Windows\System\XEgHkUD.exe
  2⤵
  PID:8088
- C:\Windows\System\KnbqFPl.exe
  C:\Windows\System\KnbqFPl.exe
  2⤵
  PID:7280
- C:\Windows\System\YwEqwzu.exe
  C:\Windows\System\YwEqwzu.exe
  2⤵
  PID:7176
- C:\Windows\System\AUBuTvC.exe
  C:\Windows\System\AUBuTvC.exe
  2⤵
  PID:7516
- C:\Windows\System\DtSXsYu.exe
  C:\Windows\System\DtSXsYu.exe
  2⤵
  PID:6248
- C:\Windows\System\bCYYzyS.exe
  C:\Windows\System\bCYYzyS.exe
  2⤵
  PID:7204
- C:\Windows\System\zLCnuJA.exe
  C:\Windows\System\zLCnuJA.exe
  2⤵
  PID:7928
- C:\Windows\System\camkIjS.exe
  C:\Windows\System\camkIjS.exe
  2⤵
  PID:8048
- C:\Windows\System\seowDJP.exe
  C:\Windows\System\seowDJP.exe
  2⤵
  PID:7376
- C:\Windows\System\OtoYQOR.exe
  C:\Windows\System\OtoYQOR.exe
  2⤵
  PID:7536
- C:\Windows\System\wKmiMyJ.exe
  C:\Windows\System\wKmiMyJ.exe
  2⤵
  PID:7648
- C:\Windows\System\VSAwsHV.exe
  C:\Windows\System\VSAwsHV.exe
  2⤵
  PID:7732
- C:\Windows\System\ckayGGv.exe
  C:\Windows\System\ckayGGv.exe
  2⤵
  PID:7688
- C:\Windows\System\RnOeVjO.exe
  C:\Windows\System\RnOeVjO.exe
  2⤵
  PID:7772
- C:\Windows\System\UuoISJS.exe
  C:\Windows\System\UuoISJS.exe
  2⤵
  PID:7744
- C:\Windows\System\NgMMSYf.exe
  C:\Windows\System\NgMMSYf.exe
  2⤵
  PID:7908
- C:\Windows\System\FyafbET.exe
  C:\Windows\System\FyafbET.exe
  2⤵
  PID:8156
- C:\Windows\System\xEYijlN.exe
  C:\Windows\System\xEYijlN.exe
  2⤵
  PID:7964
- C:\Windows\System\IPmyVVU.exe
  C:\Windows\System\IPmyVVU.exe
  2⤵
  PID:7188
- C:\Windows\System\PuXJIVM.exe
  C:\Windows\System\PuXJIVM.exe
  2⤵
  PID:7324
- C:\Windows\System\NEZgmXp.exe
  C:\Windows\System\NEZgmXp.exe
  2⤵
  PID:7524
- C:\Windows\System\SwkrzRx.exe
  C:\Windows\System\SwkrzRx.exe
  2⤵
  PID:7588
- C:\Windows\System\yHnTsku.exe
  C:\Windows\System\yHnTsku.exe
  2⤵
  PID:7528
- C:\Windows\System\cnRkvLJ.exe
  C:\Windows\System\cnRkvLJ.exe
  2⤵
  PID:7792
- C:\Windows\System\XuqkUPr.exe
  C:\Windows\System\XuqkUPr.exe
  2⤵
  PID:7776
- C:\Windows\System\rViKxrw.exe
  C:\Windows\System\rViKxrw.exe
  2⤵
  PID:992
- C:\Windows\System\fLKEDwC.exe
  C:\Windows\System\fLKEDwC.exe
  2⤵
  PID:7404
- C:\Windows\System\FsJqTwZ.exe
  C:\Windows\System\FsJqTwZ.exe
  2⤵
  PID:7632
- C:\Windows\System\LlbmaRo.exe
  C:\Windows\System\LlbmaRo.exe
  2⤵
  PID:7440
- C:\Windows\System\vzgMVUX.exe
  C:\Windows\System\vzgMVUX.exe
  2⤵
  PID:7712
- C:\Windows\System\QiQzuVn.exe
  C:\Windows\System\QiQzuVn.exe
  2⤵
  PID:8068
- C:\Windows\System\KdmPXgP.exe
  C:\Windows\System\KdmPXgP.exe
  2⤵
  PID:7848
- C:\Windows\System\JSBKZFG.exe
  C:\Windows\System\JSBKZFG.exe
  2⤵
  PID:7552
- C:\Windows\System\dLmDhBZ.exe
  C:\Windows\System\dLmDhBZ.exe
  2⤵
  PID:7808
- C:\Windows\System\GzRSteh.exe
  C:\Windows\System\GzRSteh.exe
  2⤵
  PID:7916
- C:\Windows\System\LgUJVOA.exe
  C:\Windows\System\LgUJVOA.exe
  2⤵
  PID:8052
- C:\Windows\System\AiytGyg.exe
  C:\Windows\System\AiytGyg.exe
  2⤵
  PID:7636
- C:\Windows\System\EkvkiTR.exe
  C:\Windows\System\EkvkiTR.exe
  2⤵
  PID:8196
- C:\Windows\System\LWNJKfs.exe
  C:\Windows\System\LWNJKfs.exe
  2⤵
  PID:8212
- C:\Windows\System\YWQaRlP.exe
  C:\Windows\System\YWQaRlP.exe
  2⤵
  PID:8228
- C:\Windows\System\NcqBlqL.exe
  C:\Windows\System\NcqBlqL.exe
  2⤵
  PID:8248
- C:\Windows\System\tnRGcxA.exe
  C:\Windows\System\tnRGcxA.exe
  2⤵
  PID:8264
- C:\Windows\System\iHwsfwM.exe
  C:\Windows\System\iHwsfwM.exe
  2⤵
  PID:8280
- C:\Windows\System\GAqQpnk.exe
  C:\Windows\System\GAqQpnk.exe
  2⤵
  PID:8300
- C:\Windows\System\phqcYzq.exe
  C:\Windows\System\phqcYzq.exe
  2⤵
  PID:8316
- C:\Windows\System\YoeQYwB.exe
  C:\Windows\System\YoeQYwB.exe
  2⤵
  PID:8336
- C:\Windows\System\hlPmfEf.exe
  C:\Windows\System\hlPmfEf.exe
  2⤵
  PID:8352
- C:\Windows\System\dhLQGft.exe
  C:\Windows\System\dhLQGft.exe
  2⤵
  PID:8368
- C:\Windows\System\MCvzSYO.exe
  C:\Windows\System\MCvzSYO.exe
  2⤵
  PID:8384
- C:\Windows\System\FsniFYE.exe
  C:\Windows\System\FsniFYE.exe
  2⤵
  PID:8400
- C:\Windows\System\dqytyFl.exe
  C:\Windows\System\dqytyFl.exe
  2⤵
  PID:8420
- C:\Windows\System\qbszXNT.exe
  C:\Windows\System\qbszXNT.exe
  2⤵
  PID:8436
- C:\Windows\System\CFPIkfk.exe
  C:\Windows\System\CFPIkfk.exe
  2⤵
  PID:8456
- C:\Windows\System\eaWvmjK.exe
  C:\Windows\System\eaWvmjK.exe
  2⤵
  PID:8480
- C:\Windows\System\gSeHSCV.exe
  C:\Windows\System\gSeHSCV.exe
  2⤵
  PID:8504
- C:\Windows\System\ISXhmDe.exe
  C:\Windows\System\ISXhmDe.exe
  2⤵
  PID:8520
- C:\Windows\System\IXdNcUX.exe
  C:\Windows\System\IXdNcUX.exe
  2⤵
  PID:8540
- C:\Windows\System\zVizLka.exe
  C:\Windows\System\zVizLka.exe
  2⤵
  PID:8560
- C:\Windows\System\dMFkknO.exe
  C:\Windows\System\dMFkknO.exe
  2⤵
  PID:8580
- C:\Windows\System\YUsEfNc.exe
  C:\Windows\System\YUsEfNc.exe
  2⤵
  PID:8596
- C:\Windows\System\payqPSi.exe
  C:\Windows\System\payqPSi.exe
  2⤵
  PID:8612
- C:\Windows\System\GIMlJla.exe
  C:\Windows\System\GIMlJla.exe
  2⤵
  PID:8632
- C:\Windows\System\SkXBqHs.exe
  C:\Windows\System\SkXBqHs.exe
  2⤵
  PID:8648
- C:\Windows\System\PfNMdUB.exe
  C:\Windows\System\PfNMdUB.exe
  2⤵
  PID:8668
- C:\Windows\System\HkubErA.exe
  C:\Windows\System\HkubErA.exe
  2⤵
  PID:8692
- C:\Windows\System\iGoIZUK.exe
  C:\Windows\System\iGoIZUK.exe
  2⤵
  PID:8708
- C:\Windows\System\CfZGOAp.exe
  C:\Windows\System\CfZGOAp.exe
  2⤵
  PID:8724
- C:\Windows\System\rqHSGnF.exe
  C:\Windows\System\rqHSGnF.exe
  2⤵
  PID:8744
- C:\Windows\System\HfMTsGv.exe
  C:\Windows\System\HfMTsGv.exe
  2⤵
  PID:8760
- C:\Windows\System\KJnWcFf.exe
  C:\Windows\System\KJnWcFf.exe
  2⤵
  PID:8776
- C:\Windows\System\QfoIsaT.exe
  C:\Windows\System\QfoIsaT.exe
  2⤵
  PID:8796
- C:\Windows\System\PAQVCVd.exe
  C:\Windows\System\PAQVCVd.exe
  2⤵
  PID:8812
- C:\Windows\System\pAhsxGR.exe
  C:\Windows\System\pAhsxGR.exe
  2⤵
  PID:8832
- C:\Windows\System\YQPafTf.exe
  C:\Windows\System\YQPafTf.exe
  2⤵
  PID:8852
- C:\Windows\System\uitJPFM.exe
  C:\Windows\System\uitJPFM.exe
  2⤵
  PID:8868
- C:\Windows\System\siKipyY.exe
  C:\Windows\System\siKipyY.exe
  2⤵
  PID:8884
- C:\Windows\System\DZodKcy.exe
  C:\Windows\System\DZodKcy.exe
  2⤵
  PID:8912
- C:\Windows\System\qBdFJVK.exe
  C:\Windows\System\qBdFJVK.exe
  2⤵
  PID:8952
- C:\Windows\System\GPfRXTI.exe
  C:\Windows\System\GPfRXTI.exe
  2⤵
  PID:8968
- C:\Windows\System\cpMDWBg.exe
  C:\Windows\System\cpMDWBg.exe
  2⤵
  PID:8988
- C:\Windows\System\AwjBpSl.exe
  C:\Windows\System\AwjBpSl.exe
  2⤵
  PID:9008
- C:\Windows\System\aaSGSVp.exe
  C:\Windows\System\aaSGSVp.exe
  2⤵
  PID:9024
- C:\Windows\System\mNPXZZN.exe
  C:\Windows\System\mNPXZZN.exe
  2⤵
  PID:9040
- C:\Windows\System\DsXknBT.exe
  C:\Windows\System\DsXknBT.exe
  2⤵
  PID:9064
- C:\Windows\System\DdZfSuq.exe
  C:\Windows\System\DdZfSuq.exe
  2⤵
  PID:9092
- C:\Windows\System\kyeQNEg.exe
  C:\Windows\System\kyeQNEg.exe
  2⤵
  PID:9108
- C:\Windows\System\wJOJtcA.exe
  C:\Windows\System\wJOJtcA.exe
  2⤵
  PID:9124
- C:\Windows\System\dYxgszO.exe
  C:\Windows\System\dYxgszO.exe
  2⤵
  PID:8272
- C:\Windows\System\VVyxveb.exe
  C:\Windows\System\VVyxveb.exe
  2⤵
  PID:8312
- C:\Windows\System\JipcqmZ.exe
  C:\Windows\System\JipcqmZ.exe
  2⤵
  PID:8092
- C:\Windows\System\FvVrMQl.exe
  C:\Windows\System\FvVrMQl.exe
  2⤵
  PID:8296
- C:\Windows\System\DZynpIp.exe
  C:\Windows\System\DZynpIp.exe
  2⤵
  PID:8292
- C:\Windows\System\nZduVlD.exe
  C:\Windows\System\nZduVlD.exe
  2⤵
  PID:8380
- C:\Windows\System\DnpDRlY.exe
  C:\Windows\System\DnpDRlY.exe
  2⤵
  PID:8360
- C:\Windows\System\XmhjLDe.exe
  C:\Windows\System\XmhjLDe.exe
  2⤵
  PID:8444
- C:\Windows\System\JWiRqOr.exe
  C:\Windows\System\JWiRqOr.exe
  2⤵
  PID:8432
- C:\Windows\System\pFosyVk.exe
  C:\Windows\System\pFosyVk.exe
  2⤵
  PID:8492
- C:\Windows\System\FRbntqf.exe
  C:\Windows\System\FRbntqf.exe
  2⤵
  PID:8536
- C:\Windows\System\NFHToUB.exe
  C:\Windows\System\NFHToUB.exe
  2⤵
  PID:8576
- C:\Windows\System\rnbgvQe.exe
  C:\Windows\System\rnbgvQe.exe
  2⤵
  PID:8548
- C:\Windows\System\ZNxZgPg.exe
  C:\Windows\System\ZNxZgPg.exe
  2⤵
  PID:8588
- C:\Windows\System\sPyAIwU.exe
  C:\Windows\System\sPyAIwU.exe
  2⤵
  PID:8624
- C:\Windows\System\bEnTcXj.exe
  C:\Windows\System\bEnTcXj.exe
  2⤵
  PID:8680
- C:\Windows\System\roaidDw.exe
  C:\Windows\System\roaidDw.exe
  2⤵
  PID:8720
- C:\Windows\System\PbedidN.exe
  C:\Windows\System\PbedidN.exe
  2⤵
  PID:8732
- C:\Windows\System\ELFfdPV.exe
  C:\Windows\System\ELFfdPV.exe
  2⤵
  PID:8788
- C:\Windows\System\iVloQiX.exe
  C:\Windows\System\iVloQiX.exe
  2⤵
  PID:8824
- C:\Windows\System\UnQzSRc.exe
  C:\Windows\System\UnQzSRc.exe
  2⤵
  PID:8864
- C:\Windows\System\rJrsgcr.exe
  C:\Windows\System\rJrsgcr.exe
  2⤵
  PID:8840
- C:\Windows\System\vMTzntF.exe
  C:\Windows\System\vMTzntF.exe
  2⤵
  PID:8904
- C:\Windows\System\wmEzloV.exe
  C:\Windows\System\wmEzloV.exe
  2⤵
  PID:8960
- C:\Windows\System\mYtTdWd.exe
  C:\Windows\System\mYtTdWd.exe
  2⤵
  PID:8932
- C:\Windows\System\CQZMwyS.exe
  C:\Windows\System\CQZMwyS.exe
  2⤵
  PID:8980
- C:\Windows\System\qNkrVrF.exe
  C:\Windows\System\qNkrVrF.exe
  2⤵
  PID:8984
- C:\Windows\System\HvTBaiP.exe
  C:\Windows\System\HvTBaiP.exe
  2⤵
  PID:9004
- C:\Windows\System\nJBFgyZ.exe
  C:\Windows\System\nJBFgyZ.exe
  2⤵
  PID:9072
- C:\Windows\System\hjQCOLM.exe
  C:\Windows\System\hjQCOLM.exe
  2⤵
  PID:9056
- C:\Windows\System\VcouxvO.exe
  C:\Windows\System\VcouxvO.exe
  2⤵
  PID:9088
- C:\Windows\System\BXYDnxz.exe
  C:\Windows\System\BXYDnxz.exe
  2⤵
  PID:9104
- C:\Windows\System\mLsjkwJ.exe
  C:\Windows\System\mLsjkwJ.exe
  2⤵
  PID:9140
- C:\Windows\System\sULeNaS.exe
  C:\Windows\System\sULeNaS.exe
  2⤵
  PID:9164
- C:\Windows\System\auGRKgF.exe
  C:\Windows\System\auGRKgF.exe
  2⤵
  PID:9176
- C:\Windows\System\tTaOslf.exe
  C:\Windows\System\tTaOslf.exe
  2⤵
  PID:9196
- C:\Windows\System\pkxDdcd.exe
  C:\Windows\System\pkxDdcd.exe
  2⤵
  PID:9200
- C:\Windows\System\EIsQmOt.exe
  C:\Windows\System\EIsQmOt.exe
  2⤵
  PID:8208
- C:\Windows\System\QqPqtRG.exe
  C:\Windows\System\QqPqtRG.exe
  2⤵
  PID:8308
- C:\Windows\System\btOJwzq.exe
  C:\Windows\System\btOJwzq.exe
  2⤵
  PID:8328
- C:\Windows\System\wqcqmcx.exe
  C:\Windows\System\wqcqmcx.exe
  2⤵
  PID:8500
- C:\Windows\System\rTtUyjP.exe
  C:\Windows\System\rTtUyjP.exe
  2⤵
  PID:8376
- C:\Windows\System\VHsBKwQ.exe
  C:\Windows\System\VHsBKwQ.exe
  2⤵
  PID:8476
- C:\Windows\System\xJvyeun.exe
  C:\Windows\System\xJvyeun.exe
  2⤵
  PID:8448
- C:\Windows\System\baYROPa.exe
  C:\Windows\System\baYROPa.exe
  2⤵
  PID:8628
- C:\Windows\System\dbBKdIq.exe
  C:\Windows\System\dbBKdIq.exe
  2⤵
  PID:8820
- C:\Windows\System\iAexbST.exe
  C:\Windows\System\iAexbST.exe
  2⤵
  PID:8740
- C:\Windows\System\zEJTqOe.exe
  C:\Windows\System\zEJTqOe.exe
  2⤵
  PID:8860
- C:\Windows\System\tOeQDkE.exe
  C:\Windows\System\tOeQDkE.exe
  2⤵
  PID:8920
- C:\Windows\System\RkzsZEL.exe
  C:\Windows\System\RkzsZEL.exe
  2⤵
  PID:9048
- C:\Windows\System\gAhqGny.exe
  C:\Windows\System\gAhqGny.exe
  2⤵
  PID:8876
- C:\Windows\System\cncZbWb.exe
  C:\Windows\System\cncZbWb.exe
  2⤵
  PID:8964
- C:\Windows\System\ZAMvuch.exe
  C:\Windows\System\ZAMvuch.exe
  2⤵
  PID:8976
- C:\Windows\System\EwYePlP.exe
  C:\Windows\System\EwYePlP.exe
  2⤵
  PID:9084
- C:\Windows\System\DeUwyNy.exe
  C:\Windows\System\DeUwyNy.exe
  2⤵
  PID:8236
- C:\Windows\System\KNlyPEo.exe
  C:\Windows\System\KNlyPEo.exe
  2⤵
  PID:8244
- C:\Windows\System\XmlidDE.exe
  C:\Windows\System\XmlidDE.exe
  2⤵
  PID:8348
- C:\Windows\System\nqKcomT.exe
  C:\Windows\System\nqKcomT.exe
  2⤵
  PID:8408
- C:\Windows\System\VFLNRIv.exe
  C:\Windows\System\VFLNRIv.exe
  2⤵
  PID:8644
- C:\Windows\System\cesKOjg.exe
  C:\Windows\System\cesKOjg.exe
  2⤵
  PID:8756
- C:\Windows\System\FzOeftQ.exe
  C:\Windows\System\FzOeftQ.exe
  2⤵
  PID:9016
- C:\Windows\System\bIwEOkt.exe
  C:\Windows\System\bIwEOkt.exe
  2⤵
  PID:8700
- C:\Windows\System\LYphBsG.exe
  C:\Windows\System\LYphBsG.exe
  2⤵
  PID:9192
- C:\Windows\System\XYAKCbf.exe
  C:\Windows\System\XYAKCbf.exe
  2⤵
  PID:8752
- C:\Windows\System\LtrNqyT.exe
  C:\Windows\System\LtrNqyT.exe
  2⤵
  PID:9180
- C:\Windows\System\kAGenDR.exe
  C:\Windows\System\kAGenDR.exe
  2⤵
  PID:8608
- C:\Windows\System\ZASdPku.exe
  C:\Windows\System\ZASdPku.exe
  2⤵
  PID:8512
- C:\Windows\System\TbIuDtG.exe
  C:\Windows\System\TbIuDtG.exe
  2⤵
  PID:8620
- C:\Windows\System\evbsnbv.exe
  C:\Windows\System\evbsnbv.exe
  2⤵
  PID:9148
- C:\Windows\System\EOOtdZW.exe
  C:\Windows\System\EOOtdZW.exe
  2⤵
  PID:8324
- C:\Windows\System\imCowvU.exe
  C:\Windows\System\imCowvU.exe
  2⤵
  PID:8472
- C:\Windows\System\dfpyvgm.exe
  C:\Windows\System\dfpyvgm.exe
  2⤵
  PID:9136
- C:\Windows\System\YjXDDYC.exe
  C:\Windows\System\YjXDDYC.exe
  2⤵
  PID:9188
- C:\Windows\System\JUDnJip.exe
  C:\Windows\System\JUDnJip.exe
  2⤵
  PID:8772
- C:\Windows\System\fNvWaCO.exe
  C:\Windows\System\fNvWaCO.exe
  2⤵
  PID:8848
- C:\Windows\System\UHuiRLd.exe
  C:\Windows\System\UHuiRLd.exe
  2⤵
  PID:8924
- C:\Windows\System\EPKDIBF.exe
  C:\Windows\System\EPKDIBF.exe
  2⤵
  PID:9132
- C:\Windows\System\UlsDKHx.exe
  C:\Windows\System\UlsDKHx.exe
  2⤵
  PID:8676
- C:\Windows\System\cZeKUmd.exe
  C:\Windows\System\cZeKUmd.exe
  2⤵
  PID:9232
- C:\Windows\System\RIXUyXj.exe
  C:\Windows\System\RIXUyXj.exe
  2⤵
  PID:9248
- C:\Windows\System\uxJSqzo.exe
  C:\Windows\System\uxJSqzo.exe
  2⤵
  PID:9264
- C:\Windows\System\OJXZJGG.exe
  C:\Windows\System\OJXZJGG.exe
  2⤵
  PID:9280
- C:\Windows\System\dIxKWFS.exe
  C:\Windows\System\dIxKWFS.exe
  2⤵
  PID:9296
- C:\Windows\System\WHXUcFd.exe
  C:\Windows\System\WHXUcFd.exe
  2⤵
  PID:9312
- C:\Windows\System\QgZhTHh.exe
  C:\Windows\System\QgZhTHh.exe
  2⤵
  PID:9328
- C:\Windows\System\nPbfVRo.exe
  C:\Windows\System\nPbfVRo.exe
  2⤵
  PID:9352
- C:\Windows\System\rjVLYkg.exe
  C:\Windows\System\rjVLYkg.exe
  2⤵
  PID:9372
- C:\Windows\System\ZFvmovf.exe
  C:\Windows\System\ZFvmovf.exe
  2⤵
  PID:9392
- C:\Windows\System\nnkCKYh.exe
  C:\Windows\System\nnkCKYh.exe
  2⤵
  PID:9424
- C:\Windows\System\RCIxdrM.exe
  C:\Windows\System\RCIxdrM.exe
  2⤵
  PID:9448
- C:\Windows\System\sXtDQXb.exe
  C:\Windows\System\sXtDQXb.exe
  2⤵
  PID:9496
- C:\Windows\System\pwxBVst.exe
  C:\Windows\System\pwxBVst.exe
  2⤵
  PID:9528
- C:\Windows\System\yxlmaoM.exe
  C:\Windows\System\yxlmaoM.exe
  2⤵
  PID:9544
- C:\Windows\System\KztLZnZ.exe
  C:\Windows\System\KztLZnZ.exe
  2⤵
  PID:9560
- C:\Windows\System\TiTFCsi.exe
  C:\Windows\System\TiTFCsi.exe
  2⤵
  PID:9592
- C:\Windows\System\XdVxgIy.exe
  C:\Windows\System\XdVxgIy.exe
  2⤵
  PID:9660
- C:\Windows\System\gXCeHkf.exe
  C:\Windows\System\gXCeHkf.exe
  2⤵
  PID:9676
- C:\Windows\System\pAKLFxw.exe
  C:\Windows\System\pAKLFxw.exe
  2⤵
  PID:9692
- C:\Windows\System\PppxlMg.exe
  C:\Windows\System\PppxlMg.exe
  2⤵
  PID:9708
- C:\Windows\System\ixUuapk.exe
  C:\Windows\System\ixUuapk.exe
  2⤵
  PID:9724
- C:\Windows\System\vxFZLIz.exe
  C:\Windows\System\vxFZLIz.exe
  2⤵
  PID:9744
- C:\Windows\System\MohAmWe.exe
  C:\Windows\System\MohAmWe.exe
  2⤵
  PID:9760
- C:\Windows\System\RLXCmOa.exe
  C:\Windows\System\RLXCmOa.exe
  2⤵
  PID:9788
- C:\Windows\System\qvnffic.exe
  C:\Windows\System\qvnffic.exe
  2⤵
  PID:9804
- C:\Windows\System\BIrsOaf.exe
  C:\Windows\System\BIrsOaf.exe
  2⤵
  PID:9820
- C:\Windows\System\jeSJyFi.exe
  C:\Windows\System\jeSJyFi.exe
  2⤵
  PID:9840
- C:\Windows\System\KajxyIb.exe
  C:\Windows\System\KajxyIb.exe
  2⤵
  PID:9856
- C:\Windows\System\EXDfYGk.exe
  C:\Windows\System\EXDfYGk.exe
  2⤵
  PID:9872
- C:\Windows\System\eDkeBSj.exe
  C:\Windows\System\eDkeBSj.exe
  2⤵
  PID:9888
- C:\Windows\System\CEKHFih.exe
  C:\Windows\System\CEKHFih.exe
  2⤵
  PID:9904
- C:\Windows\System\qSvFUdC.exe
  C:\Windows\System\qSvFUdC.exe
  2⤵
  PID:9920
- C:\Windows\System\gThGMKb.exe
  C:\Windows\System\gThGMKb.exe
  2⤵
  PID:9936
- C:\Windows\System\AfWOOcB.exe
  C:\Windows\System\AfWOOcB.exe
  2⤵
  PID:9952
- C:\Windows\System\elqsLcU.exe
  C:\Windows\System\elqsLcU.exe
  2⤵
  PID:9968
- C:\Windows\System\jmGkJfW.exe
  C:\Windows\System\jmGkJfW.exe
  2⤵
  PID:9984
- C:\Windows\System\GfRKSIt.exe
  C:\Windows\System\GfRKSIt.exe
  2⤵
  PID:10004
- C:\Windows\System\hIJWLyW.exe
  C:\Windows\System\hIJWLyW.exe
  2⤵
  PID:10024
- C:\Windows\System\IIgqbmJ.exe
  C:\Windows\System\IIgqbmJ.exe
  2⤵
  PID:10040
- C:\Windows\System\tHFoiXE.exe
  C:\Windows\System\tHFoiXE.exe
  2⤵
  PID:10056
- C:\Windows\System\JQLgPdR.exe
  C:\Windows\System\JQLgPdR.exe
  2⤵
  PID:10072
- C:\Windows\System\enPZlHY.exe
  C:\Windows\System\enPZlHY.exe
  2⤵
  PID:10088
- C:\Windows\System\OItEirD.exe
  C:\Windows\System\OItEirD.exe
  2⤵
  PID:10104
- C:\Windows\System\PWjSxfF.exe
  C:\Windows\System\PWjSxfF.exe
  2⤵
  PID:10120
- C:\Windows\System\KauICGX.exe
  C:\Windows\System\KauICGX.exe
  2⤵
  PID:10136
- C:\Windows\System\FrfCqEm.exe
  C:\Windows\System\FrfCqEm.exe
  2⤵
  PID:10160
- C:\Windows\System\tNigWFM.exe
  C:\Windows\System\tNigWFM.exe
  2⤵
  PID:10176
- C:\Windows\System\mNBGAKr.exe
  C:\Windows\System\mNBGAKr.exe
  2⤵
  PID:10196
- C:\Windows\System\BdtenuP.exe
  C:\Windows\System\BdtenuP.exe
  2⤵
  PID:10224
- C:\Windows\System\htmGDWm.exe
  C:\Windows\System\htmGDWm.exe
  2⤵
  PID:9288
- C:\Windows\System\TOgAWlD.exe
  C:\Windows\System\TOgAWlD.exe
  2⤵
  PID:9480
- C:\Windows\System\PzjQcdI.exe
  C:\Windows\System\PzjQcdI.exe
  2⤵
  PID:9400
- C:\Windows\System\NTZqFLr.exe
  C:\Windows\System\NTZqFLr.exe
  2⤵
  PID:9492
- C:\Windows\System\sPSDVeS.exe
  C:\Windows\System\sPSDVeS.exe
  2⤵
  PID:9520
- C:\Windows\System\kEvrElH.exe
  C:\Windows\System\kEvrElH.exe
  2⤵
  PID:9568
- C:\Windows\System\ZddFwrP.exe
  C:\Windows\System\ZddFwrP.exe
  2⤵
  PID:9576
- C:\Windows\System\tTcvYds.exe
  C:\Windows\System\tTcvYds.exe
  2⤵
  PID:9600
- C:\Windows\System\XrdmKNg.exe
  C:\Windows\System\XrdmKNg.exe
  2⤵
  PID:9624
- C:\Windows\System\JnITakl.exe
  C:\Windows\System\JnITakl.exe
  2⤵
  PID:9640
- C:\Windows\System\fnNjGOB.exe
  C:\Windows\System\fnNjGOB.exe
  2⤵
  PID:9656
- C:\Windows\System\yVSZYHk.exe
  C:\Windows\System\yVSZYHk.exe
  2⤵
  PID:9720
- C:\Windows\System\khjTBqB.exe
  C:\Windows\System\khjTBqB.exe
  2⤵
  PID:9828
- C:\Windows\System\yAmrgqa.exe
  C:\Windows\System\yAmrgqa.exe
  2⤵
  PID:9832
- C:\Windows\System\QzETWNG.exe
  C:\Windows\System\QzETWNG.exe
  2⤵
  PID:9736
- C:\Windows\System\SmbUwPY.exe
  C:\Windows\System\SmbUwPY.exe
  2⤵
  PID:9772
- C:\Windows\System\InxkGQz.exe
  C:\Windows\System\InxkGQz.exe
  2⤵
  PID:9896
- C:\Windows\System\JjEyDBr.exe
  C:\Windows\System\JjEyDBr.exe
  2⤵
  PID:9960
- C:\Windows\System\djTYonR.exe
  C:\Windows\System\djTYonR.exe
  2⤵
  PID:9944
- C:\Windows\System\ixiRKiK.exe
  C:\Windows\System\ixiRKiK.exe
  2⤵
  PID:10032
- C:\Windows\System\aviqAVP.exe
  C:\Windows\System\aviqAVP.exe
  2⤵
  PID:10096
- C:\Windows\System\WKGgZmG.exe
  C:\Windows\System\WKGgZmG.exe
  2⤵
  PID:10020
- C:\Windows\System\eWYjrJK.exe
  C:\Windows\System\eWYjrJK.exe
  2⤵
  PID:10112
- C:\Windows\System\ViWICyT.exe
  C:\Windows\System\ViWICyT.exe
  2⤵
  PID:10144
- C:\Windows\System\kpZCObo.exe
  C:\Windows\System\kpZCObo.exe
  2⤵
  PID:10184
- C:\Windows\System\cjdjYZO.exe
  C:\Windows\System\cjdjYZO.exe
  2⤵
  PID:10192
- C:\Windows\System\FTJuIRO.exe
  C:\Windows\System\FTJuIRO.exe
  2⤵
  PID:10212
- C:\Windows\System\LwwPSQh.exe
  C:\Windows\System\LwwPSQh.exe
  2⤵
  PID:8656
- C:\Windows\System\TyFFLBR.exe
  C:\Windows\System\TyFFLBR.exe
  2⤵
  PID:9224
- C:\Windows\System\slBTrOn.exe
  C:\Windows\System\slBTrOn.exe
  2⤵
  PID:9260
- C:\Windows\System\CbYpmTk.exe
  C:\Windows\System\CbYpmTk.exe
  2⤵
  PID:9292
- C:\Windows\System\opGmanj.exe
  C:\Windows\System\opGmanj.exe
  2⤵
  PID:9388
- C:\Windows\System\qLCJxwI.exe
  C:\Windows\System\qLCJxwI.exe
  2⤵
  PID:9412
- C:\Windows\System\ihqZTOR.exe
  C:\Windows\System\ihqZTOR.exe
  2⤵
  PID:9340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CxveRVo.exe

Filesize
5.7MB

MD5
05b7ad7d5988bbec052b30e8164d59f0

SHA1
49333c5a76e05eb4c8bac6ceaa2a56eacbaabe0f

SHA256
fef54b458ba5d407ab8e7e29940211cf248f16390bf23398aca43cc8899a0f3d

SHA512
7f548d752bf64342e70a838e1d2d418b0a4e4be1a9a3b40ccfb72f0a61192fee0376c42fae5c58b6c08b3b76a3b734ba6422079bf8c7f1daa3361b0409cd761e

Download Submit
C:\Windows\system\DwuGKLi.exe

Filesize
5.7MB

MD5
bc94eaa28e1ba843b56ba5e50e8f5ca7

SHA1
6d2565611efb5421443dfee6259ceabdf05cecb8

SHA256
53456eb8ec0aa74bf5de80dee10e54d17f507fe3bf5903b43edf5d727b7aa5bd

SHA512
76ca0d4da2ad786361db8797b80f9d7c45d9e385e319438252b8b48fee9c68cee64433a16e2b04b951d9b6ced0349a7acb39b1bf2a62fd10b1ed5d5e38c38820

Download Submit
C:\Windows\system\EZsBkAU.exe

Filesize
5.7MB

MD5
968858241b0c4ad9f96d269c011f4eee

SHA1
02313f85ead51d4945eb28f77c42780b8b52fb09

SHA256
1a958c2a3f0d8d670f8895e62270fb3152360b3bc3e8e569db2691ef7949ebff

SHA512
6b758d349b1b280f361cc8c5ad373374dffe96d4a4b3e152b87c4613b90e14c97c3f76ee82a03407d5798df308e2e4575da0b7623a2423d3711170240d55b62e

Download Submit
C:\Windows\system\HvJEKQa.exe

Filesize
5.7MB

MD5
186977689274730efed871eb6a464e3b

SHA1
a53cdd539e086cb81fdf0c6317d02b7192cdf0c4

SHA256
4443ceb32a62d72ddb44a67a268bdce34ec85be6445787619b3af9b53d46d169

SHA512
ec68febca85d5b89c2ef2b8b3857338fd0d517f6ff8465dce680bb3313f128d0785f05833c81868156a10a17f0b1a54cf8f4455415026815807f589c2794ceb6

Download Submit
C:\Windows\system\IqfoOYJ.exe

Filesize
5.7MB

MD5
d34b0db4e239756dfbcd36d7ff745c16

SHA1
09466864bb92f7b38a777ad3c7e37db12684b623

SHA256
fbabc41d05b3a1d19bf27e4543e75b98394452aab7d282a9ab8039500b14dad9

SHA512
d99c17eb07d96b1eb1f8ccdf8e77257830347e4fc5ec0360301974245e787c9d30e5f176e00a29f59ec23d15a77a9c71cbaf491c5056692e32452ed74ecb170e

Download Submit
C:\Windows\system\IyBEAGl.exe

Filesize
5.7MB

MD5
6500414cbf528fca8d49305544579c65

SHA1
bebe38423e5bdf5274de5256bf3ad94f19a91197

SHA256
de9d80432ffcd59aa2643d0fe294f7777e278fd12fea44abacd8192e5c2defbf

SHA512
defc4df39e696d011bb13de3033792ed88470bb058078cdf6b18a1758a0439221725f8cde309b5aab749bc05541dd6d5eedfae86d96ccc1083eeef286cbd43d8

Download Submit
C:\Windows\system\LoeDjxJ.exe

Filesize
5.7MB

MD5
41126ac348f9931a14ae5b0e33482576

SHA1
88c48b678beaa0371afdb4ac240ac536b49f6de4

SHA256
a7dd26967fcd66cf25332154affb88d5d1b3ceaac881fc6fd0cd56a0e582a978

SHA512
f3c9c1c59b1c38bbac93e1a3ffe837809f3fd22f581c2b6c2eed6bade01bb04569d586e8688f962086ac4bd12ac26f8a8bd1894584ce5a38913ffa02ba19d522

Download Submit
C:\Windows\system\MESuFnJ.exe

Filesize
5.7MB

MD5
d6dbcdd9a7548a9458a9072214928fd7

SHA1
04cd9f0b1041e769c3bd43e1d1ac72df213fe577

SHA256
194c01cf9d7502bec14f018212bc0d42fe1022097866fa7d6403cee1823cbd9e

SHA512
07e980d04bc2a8d72c4b630098439828c9d9be14b88ff45ba3da0efb031c823344ff017120fd7291d5a7944795ca9234d3f4d8591a211ab1641f5945731c0d43

Download Submit
C:\Windows\system\PyUqatp.exe

Filesize
5.7MB

MD5
3224cc8f97212540ef52b8928023a157

SHA1
ea6ea5a0b317f3e400ef503d04639dd59fe28236

SHA256
6fce68539f92b47d1f35d5cc1121e9f2ab88ab37828add60de0f8b8e321402c9

SHA512
5712dcd3c13b92babb1c30f99a8a5191a68af4ba3ec93f4f00409cacc179d0d05d6842bb6dbc1a777dfb15bc8cdaa53eff066ae42612687e1c8e479c510f7291

Download Submit
C:\Windows\system\TIlTDxs.exe

Filesize
5.7MB

MD5
8687efc8a8d8426b19e508027b8d95c7

SHA1
1c497ac36257e6ddb54f4d5b2ed71a1e0b40336e

SHA256
91bc2928c94df494ecf7b7a6717e22b3dbbbadbf676306ca433481b7421a5136

SHA512
786efd3e185b0a9fd29877e7bd4bee61829c356a79360aa1f26b9d84327a41e7b5b9f4b3fcaa58c9ab4d2d36990e831afa4058029489b27e08e86c48c534b3bb

Download Submit
C:\Windows\system\UEyBFSc.exe

Filesize
5.7MB

MD5
4dd5288554310cdafa289b5302473a50

SHA1
46d9c5de14094380bd611143e99fd69b3d5fc741

SHA256
c82b220485d408ea12c1b558834d3581c3840a24b7a739e928820096666da5e0

SHA512
1dfa0399bd9d9fc2955e94547bdbb544a7783fa3df677223d6594d4e93e09b002804a8c19c60f67992afdd04e2bd75d8b3f8e8e0a91b9d469c808fe428bfad4b

Download Submit
C:\Windows\system\XVTMvgY.exe

Filesize
5.7MB

MD5
12c9741ebba9da5213cef53a151e1fe1

SHA1
ec8c74077bd6c4d3ec0a528a57d738367fb3c1ec

SHA256
7a0daab2c63ccebf5b28bb640216cf7ede27e9d85b7a3e1403e3925eb3d441ec

SHA512
85830b15a339fa5d93dec825a1929b114a2294b713485d967fa5dc43beba6880b5ffb665bb7ff52464911e3e578122c2769476869b4c2e446b19da8aeaef367a

Download Submit
C:\Windows\system\ZNOegmQ.exe

Filesize
5.7MB

MD5
d702f1029ce0e5ac69635ef5105efc87

SHA1
a08c14029d417849859357361fe63cc956bea9ab

SHA256
86665e63b3f3b198c8fdb126b50e453365ce076a8d2c26868feaddaf09c8abe5

SHA512
166987131d4a1fde0072834a4b5035430e05bac026c4d5bfb34a99c9bcbdbea1a6f8790110da82aada71ffd66ea709d3d7ecf5c6f687d9e299a00e0fb4a09500

Download Submit
C:\Windows\system\cmviMsZ.exe

Filesize
5.7MB

MD5
eda13ffe98e212c0e8243689f8c898d9

SHA1
291e144172442283eb84e5ee1b9fe0fe6c48ec4b

SHA256
c89890211ef93a9bdad6c1cc1c5ef99d7054e6b6ddd37fe98436ed45848355c5

SHA512
62c8b0cf280369e45b56d36feeb81111dbe61360b9d12d63c60e3334b8a98f94f2048d8418978fcba576a9e1c3428608477a201948e8590dda989dc2efc18aaa

Download Submit
C:\Windows\system\dqnujOO.exe

Filesize
5.7MB

MD5
9c64e766e76bc3b78073a63fb256d43f

SHA1
3cbced95a2df9717b3a4996c65d261cb745e236e

SHA256
21b73bc4ede2ca895ac8bc306710452f332b4115017ae2dbd77c417684f55b82

SHA512
f0643ee3f3967db1313a4f9db45c54dbafe684e2859284515356ae1889b24081432f53f28741c7fcc2c8d2c63c8a7221822882be1d3d2100aee463fe7d8a80ab

Download Submit
C:\Windows\system\jEzlIBb.exe

Filesize
5.7MB

MD5
b93f4e87ed822226715bcf45887bf21e

SHA1
814a816507f1e2441287a2537a7e3e5f511f69bd

SHA256
081e5dc0dcc915738708fbe2f07490db4f3f54ee43ec5be6e360e40105864ac2

SHA512
80cf887b9f01c88555c7f77a4b2a595fc6c2422aec2f99b74da85906ebf65afd7538266fbadc361b2505ca729c0c65001f689eed549867c73c37d7ee56d1ec7e

Download Submit
C:\Windows\system\jIeNsIQ.exe

Filesize
5.7MB

MD5
c9ab6af0dc7d3d4ea1243d5061218943

SHA1
abd160bd28c6fe26589befbae660b2c802029825

SHA256
88b9c9ac9a20d991463ee718de6cc062f3ef1a61d939be4c84515514021d20bb

SHA512
ed70b18c4dc2990ebde657cffa4e0dd07491afcf86bd2b40d58284371c4451fb27e58a930365ac18f119da67fc5ebf180366f56801245daf3d150b2a17487c34

Download Submit
C:\Windows\system\lYYniND.exe

Filesize
5.7MB

MD5
00a03523409bcde643239edb1db6f516

SHA1
b1f98a1eea0ad5658da8d2fb81e3d745513eea36

SHA256
80145c9b911a0a2394d9d1d7a35173224305b6ac969844b2bc6ffcc47ab8e2f8

SHA512
02fcb1a3588052033098a79dd6a9d23752145287e17561be563b677be51c4a12a7b6c7b03a16a0e395aa5a8419c334e5543b952764345a4f8f351c3f639fd547

Download Submit
C:\Windows\system\oTnGIMP.exe

Filesize
5.7MB

MD5
d32f2a34e0ab62a47b55ee946269f742

SHA1
2f18cd00f58cac81f9fc7708af0eab054b351844

SHA256
c720bf77ba35db58e00b20571a0c3c1d91a4a6272776b9f8c73cddff686d8e86

SHA512
1c9bddba7066168fa7af7a4c1e1242b93ffb8a5afab836a7540c079ebd4aadbe41255037d9ff448ca2099ce3ca52b2e86ff62cacd49ba8d8f3ea13506113df5b

Download Submit
C:\Windows\system\ocIdDWx.exe

Filesize
5.7MB

MD5
ab46528bf33409cc9e2d952370187081

SHA1
a055f7a30ea3d20368221b16db978d28a4a4cae4

SHA256
28d99ceae82aabe988ed7f97c2142b6edf7d4625e7898537db23fb893b13f5b3

SHA512
7b5a93dc50368c478736b84fb90b3801ac9fd25e80703241bf48ea3197c2f3bd7b5442b870a71d0d026361818452991650ee9bf8e10a52ca8f743678f71f9c05

Download Submit
C:\Windows\system\qPogSlU.exe

Filesize
5.7MB

MD5
64fd13e9bdf3aaa99a1e70c1b8e4ecc8

SHA1
04fa904b8f1ae9dd99bdf3723aaf287f996f9ad7

SHA256
7d92b681ccd4153a19b2d78a68e4cbfc34a00d520c38293301fa62f38e114052

SHA512
8cb3ef022929c618b077cfbde49a2a03599821f85342a6ade3b268bb5d1555b97c80118bd450e9242daa5b09dc06816fc01f03df55e3364ddf5e758700477c39

Download Submit
C:\Windows\system\sABVeNm.exe

Filesize
5.7MB

MD5
ea243cc0ee80adc0e88336dde15ee211

SHA1
8b261a7300c0ff5561f7bd8b184084be2ef87233

SHA256
0c792b99e719629ed249e7c1b63cafe22985075e13eae5915d3e6f787e459bce

SHA512
2038a54a4e708ff33ce1a831c43b128f92a4a0f0771c007594f4808ed447c8f20513641281a4bfc05acdfb8cc876815aa03fce90bd02982a83ad94b8c63c5d87

Download Submit
C:\Windows\system\tpwFaQz.exe

Filesize
5.7MB

MD5
a305c658ecafb1b3d469344e94c883ac

SHA1
316f0ea7b4977c1969e0c838de7d0e8d32ceef9c

SHA256
c886a18421d64f3c4f055a83ed74019aea0af1968c9bbb77b1cee5f11b7ec4c7

SHA512
fb4b279065eacee7897336c5e2f50a59818fbdcf63556d96b4ecf2c1cd24acf58c08d44439b68a248e462ce0f20ee4d7c67b87bcb6bf251a4c936a6d52834106

Download Submit
C:\Windows\system\uUAIhxt.exe

Filesize
5.7MB

MD5
31b825735291b9d8b14d80c00f885d7e

SHA1
3bfeed25aa8dce53c5c308ec40657fd9bb5a3b79

SHA256
f189922cc574847c368a840220548866832298b3e07ab3c4249734954c8b869b

SHA512
fd3722e899d9b199022e1346685573e29e13a121a674909ac60021706aaa7de8a96b410c595451aa8e02e7cb15ab5a6289a5923e2b388af3ab338838085987b2

Download Submit
C:\Windows\system\vZLCxXh.exe

Filesize
5.7MB

MD5
b10522192408c080e194e9bd16668385

SHA1
43f5fd0628ed2956c962ddf9ebc31fac2bb2f75c

SHA256
e55b2d718f8f3a06bd7a3747f8124345add2f860efa448a684bdf896f6668ec5

SHA512
e732431ab2925afe8ca23e5c3c721ec9fe1600d16f18f690f693ccd2654757d46e8e50ace598cc06a9ed4f92667c1d65977fea852111d8a890b18383c5864b8c

Download Submit
\Windows\system\DERaYNm.exe

Filesize
5.7MB

MD5
aecf1b9bc3879eb1b244588782201de4

SHA1
ff19657e581a1556b0b315c87367db55e579ab67

SHA256
1b276314e756ea0da874a649055c8241a0e354a63ae1efbff8d79f268bcd1085

SHA512
a4162f73ca8d366cf90395f1c02aa3dd443b07bcd15639121a266d55dd379aa78b0e041fcef32c22a83b6ea365eea9759888eeb64bd56a1fd133ab726da0b687

Download Submit
\Windows\system\IXHwkum.exe

Filesize
5.7MB

MD5
49453305edf35fc8aed84f5e4c0f7ebf

SHA1
f57eb9e6342c2b3d778bf42c8f053faaccbe98b8

SHA256
5f10ee4dbf475516b76d998e254da02ac3c482617eef196892fd56e7f31a6610

SHA512
c40f1ccefed09abb747dfbef6db0a1c0706866cf964ffeb6e07f0c7bd76fed65b5eec0a544096c78b49ad1c3a6b64fd23f1bbecae57c74a40bf514c23425ed29

Download Submit
\Windows\system\RIIrujy.exe

Filesize
5.7MB

MD5
c54d1c72f975a48c456bd79dc2752ec4

SHA1
8b4945ffe01a0df8552927f4f4c6e8f38744ff6a

SHA256
88a4058553d7560b50d0600d7c5731d41dbd9e4407c0ea24cecea4e8f7162ef1

SHA512
36fe030eabc43339627be887c7f50e142159e4cc731605d6d8010f93b7d148bf55dcad5fb4e82897aba925213a9162b12ad2d71150c38545bbf93884cb5bb3a5

Download Submit
\Windows\system\dXrDZMj.exe

Filesize
5.7MB

MD5
bc3e696c468b0d97f8e242aea4c10e2e

SHA1
f8b9f41983dbc4a9890d5c6df5b2472f73cc0d5a

SHA256
d43ab9aeb75dd96c7da7c5a263294a664952b72651e608243da7f005b7ff4279

SHA512
f9051451a299d0da0c409cff111a3f8965ef76bc05f2884895174976841001a78144850052e8138171acabbaff13f35e7b10653f730df1c60fb0feea5a0a9181

Download Submit
\Windows\system\iWfBiXW.exe

Filesize
5.7MB

MD5
6bd5b8904fdd327f0b5652621c5d5e82

SHA1
2fa106a319129dba8d6df70487c11051fd38ac53

SHA256
94c0c66930ef4284a8a8847a040a43eecc5d3c2503e7d3624b6c7683df5cdc9a

SHA512
a07afe0f869593765cd497757db6866b846740865b33e6706a9c5bfce8c9badfc2a90e5c50dd40c55f5444e43fac1077d9f5d5d769bd61695c5acc3e6b1429c7

Download Submit
\Windows\system\qYzWjVa.exe

Filesize
5.7MB

MD5
d359e799609cd21a424c7b5e47d21739

SHA1
cc93611f891e3d979ce10db39b55241078e6b587

SHA256
7e2f3b37a08ea4cb6ee3ce229baeed74a0111207403bd3923e25314ca708b4e2

SHA512
1795064a75d1d97c3147fd71f9d752a665ead2eaa1311d222b3a7b7de4e0d655d9244a3f14cc3e7d9d22b651a9f8645c30817fbca2db8c3cca4e68aecda72db2

Download Submit
\Windows\system\sPJNwqv.exe

Filesize
5.7MB

MD5
ed3a1ca1ce69571d0651cab2ca36b176

SHA1
82f670d3e87346002feb5128c4f2d55db737c482

SHA256
8ff1a8219aa0507e272c03203028a0f117aa5300066f6a3823c167943a119eff

SHA512
7aae2c72d080d8fa8addbdc9701063f295a56131be93b655c326201289ec26a5ad58774e72eab1ee48da7ea7edc6b0886939ba8b03a9d925247efcdab0b08397

Download Submit
memory/376-73-0x000000013FBD0000-0x000000013FF1D000-memory.dmp

Filesize
3.3MB

Download
memory/1048-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1048-0-0x000000013F070000-0x000000013F3BD000-memory.dmp

Filesize
3.3MB

Download
memory/1324-485-0x000000013FB30000-0x000000013FE7D000-memory.dmp

Filesize
3.3MB

Download
memory/1400-483-0x000000013FFD0000-0x000000014031D000-memory.dmp

Filesize
3.3MB

Download
memory/1444-469-0x000000013F6E0000-0x000000013FA2D000-memory.dmp

Filesize
3.3MB

Download
memory/1592-11-0x000000013F4B0000-0x000000013F7FD000-memory.dmp

Filesize
3.3MB

Download
memory/1692-517-0x000000013F1F0000-0x000000013F53D000-memory.dmp

Filesize
3.3MB

Download
memory/1728-79-0x000000013FEA0000-0x00000001401ED000-memory.dmp

Filesize
3.3MB

Download
memory/1892-503-0x000000013F710000-0x000000013FA5D000-memory.dmp

Filesize
3.3MB

Download
memory/1940-476-0x000000013FE40000-0x000000014018D000-memory.dmp

Filesize
3.3MB

Download
memory/1988-109-0x000000013F190000-0x000000013F4DD000-memory.dmp

Filesize
3.3MB

Download
memory/2044-91-0x000000013F430000-0x000000013F77D000-memory.dmp

Filesize
3.3MB

Download
memory/2080-474-0x000000013FD30000-0x000000014007D000-memory.dmp

Filesize
3.3MB

Download
memory/2132-484-0x000000013F380000-0x000000013F6CD000-memory.dmp

Filesize
3.3MB

Download
memory/2208-513-0x000000013F640000-0x000000013F98D000-memory.dmp

Filesize
3.3MB

Download
memory/2248-103-0x000000013F670000-0x000000013F9BD000-memory.dmp

Filesize
3.3MB

Download
memory/2436-527-0x000000013F450000-0x000000013F79D000-memory.dmp

Filesize
3.3MB

Download
memory/2476-471-0x000000013F820000-0x000000013FB6D000-memory.dmp

Filesize
3.3MB

Download
memory/2524-59-0x000000013F390000-0x000000013F6DD000-memory.dmp

Filesize
3.3MB

Download
memory/2568-13-0x000000013F4C0000-0x000000013F80D000-memory.dmp

Filesize
3.3MB

Download
memory/2620-62-0x000000013FB40000-0x000000013FE8D000-memory.dmp

Filesize
3.3MB

Download
memory/2636-31-0x000000013F2D0000-0x000000013F61D000-memory.dmp

Filesize
3.3MB

Download
memory/2644-61-0x000000013F9F0000-0x000000013FD3D000-memory.dmp

Filesize
3.3MB

Download
memory/2712-58-0x000000013F910000-0x000000013FC5D000-memory.dmp

Filesize
3.3MB

Download
memory/2744-57-0x000000013FCC0000-0x000000014000D000-memory.dmp

Filesize
3.3MB

Download
memory/2776-521-0x000000013FCB0000-0x000000013FFFD000-memory.dmp

Filesize
3.3MB

Download
memory/2784-19-0x000000013F030000-0x000000013F37D000-memory.dmp

Filesize
3.3MB

Download
memory/2796-89-0x000000013F300000-0x000000013F64D000-memory.dmp

Filesize
3.3MB

Download
memory/2832-97-0x000000013F980000-0x000000013FCCD000-memory.dmp

Filesize
3.3MB

Download
memory/2848-486-0x000000013F420000-0x000000013F76D000-memory.dmp

Filesize
3.3MB

Download
memory/2860-63-0x000000013F930000-0x000000013FC7D000-memory.dmp

Filesize
3.3MB

Download
memory/3064-25-0x000000013F050000-0x000000013F39D000-memory.dmp

Filesize
3.3MB

Download